[bug report] [AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both

[David Howells]

How about the attached patch?

commit f1650311d66d82a328a8783175f32d2e21222b38
Author: David Howells <dhowells at redhat.com>
Date:   Thu Nov 30 13:35:54 2017 +0000

    rxrpc: Use correct netns source in rxrpc_release_sock()
    
    In rxrpc_release_sock() there may be no rx->local value to access, so we
    can't unconditionally follow it to the rxrpc network namespace information
    to poke the connection reapers.
    
    Instead, use the socket's namespace pointer to find the namespace.
    
    This unfixed code causes the following static checker warning:
    
            net/rxrpc/af_rxrpc.c:898 rxrpc_release_sock()
            error: we previously assumed 'rx->local' could be null (see line 887)
    
    Fixes: 3d18cbb7fd0c ("rxrpc: Fix conn expiry timers")
    Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
    Signed-off-by: David Howells <dhowells at redhat.com>

diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 8f7cf4c042be..dcd818fa837e 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -860,6 +860,7 @@ static void rxrpc_sock_destructor(struct sock *sk)
 static int rxrpc_release_sock(struct sock *sk)
 {
 	struct rxrpc_sock *rx = rxrpc_sk(sk);
+	struct rxrpc_net *rxnet = rxrpc_net(sock_net(&rx->sk));
 
 	_enter("%p{%d,%d}", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
 
@@ -895,8 +896,8 @@ static int rxrpc_release_sock(struct sock *sk)
 	rxrpc_release_calls_on_socket(rx);
 	flush_workqueue(rxrpc_workqueue);
 	rxrpc_purge_queue(&sk->sk_receive_queue);
-	rxrpc_queue_work(&rx->local->rxnet->service_conn_reaper);
-	rxrpc_queue_work(&rx->local->rxnet->client_conn_reaper);
+	rxrpc_queue_work(&rxnet->service_conn_reaper);
+	rxrpc_queue_work(&rxnet->client_conn_reaper);
 
 	rxrpc_put_local(rx->local);
 	rx->local = NULL;