[PATCH net] rxrpc: Fix notification call on completion of discarded calls
David Miller
davem at davemloft.net
Sun Jun 21 00:32:40 EDT 2020
From: David Howells <dhowells at redhat.com>
Date: Fri, 19 Jun 2020 23:38:16 +0100
> When preallocated service calls are being discarded, they're passed to
> ->discard_new_call() to have the caller clean up any attached higher-layer
> preallocated pieces before being marked completed. However, the act of
> marking them completed now invokes the call's notification function - which
> causes a problem because that function might assume that the previously
> freed pieces of memory are still there.
>
> Fix this by setting a dummy notification function on the socket after
> calling ->discard_new_call().
>
> This results in the following kasan message when the kafs module is
> removed.
...
> Reported-by: syzbot+d3eccef36ddbd02713e9 at syzkaller.appspotmail.com
> Fixes: 5ac0d62226a0 ("rxrpc: Fix missing notification")
> Signed-off-by: David Howells <dhowells at redhat.com>
Applied, thanks David.
More information about the linux-afs
mailing list