[PATCH] af_rxrpc accept race (was: RxRPC: 3 issues found in my example code)

David Howells dhowells at redhat.com
Tue May 13 02:31:54 PDT 2014

Tim Smith <tim at electronghost.co.uk> wrote:

> rxrpc_setup_incoming_call() is static and is called only from 
> rxrpc_accept_incoming_call(), which already contains this check.

But no lock is held that prevents the state from changing in
rxrpc_release_sock().  Further, you may have slept in the course of allocating

You've also taken away the lock (local->services_lock) that prevents the
service from being removed whilst we're trying to give it the new call - which
may mean you add the new call *after* rxrpc_release_calls_on_socket() has run
in the release path because rxrpc_release_sock() doesn't hold rx->call_lock in
and of itself.


More information about the linux-afs mailing list