From: Baptiste Lepers <baptiste.lep...@gmail.com> [ Upstream commit a95d25dd7b94a5ba18246da09b4218f132fed60e ]
The call state may be changed at any time by the data-ready routine in response to received packets, so if the call state is to be read and acted upon several times in a function, READ_ONCE() must be used unless the call state lock is held. As it happens, we used READ_ONCE() to read the state a few lines above the unmarked read in rxrpc_input_data(), so use that value rather than re-reading it. Fixes: a158bdd3247b ("rxrpc: Fix call timeouts") Signed-off-by: Baptiste Lepers <baptiste.lep...@gmail.com> Signed-off-by: David Howells <dhowe...@redhat.com> Link: https://lore.kernel.org/r/161046715522.2450566.488819910256264150.st...@warthog.procyon.org.uk Signed-off-by: Jakub Kicinski <k...@kernel.org> Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> --- net/rxrpc/input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/rxrpc/input.c +++ b/net/rxrpc/input.c @@ -431,7 +431,7 @@ static void rxrpc_input_data(struct rxrp return; } - if (call->state == RXRPC_CALL_SERVER_RECV_REQUEST) { + if (state == RXRPC_CALL_SERVER_RECV_REQUEST) { unsigned long timo = READ_ONCE(call->next_req_timo); unsigned long now, expect_req_by;