[PATCH] af_rxrpc accept race (was: RxRPC: 3 issues found in my example code)
David Howells
dhowells at redhat.com
Tue May 13 02:31:54 PDT 2014
Tim Smith <tim at electronghost.co.uk> wrote:
> rxrpc_setup_incoming_call() is static and is called only from
> rxrpc_accept_incoming_call(), which already contains this check.
But no lock is held that prevents the state from changing in
rxrpc_release_sock(). Further, you may have slept in the course of allocating
memory.
You've also taken away the lock (local->services_lock) that prevents the
service from being removed whilst we're trying to give it the new call - which
may mean you add the new call *after* rxrpc_release_calls_on_socket() has run
in the release path because rxrpc_release_sock() doesn't hold rx->call_lock in
and of itself.
David
More information about the linux-afs
mailing list