• David Howells's avatar
    rxrpc: Only disconnect calls in the I/O thread · 03fc55ad
    David Howells authored
    Only perform call disconnection in the I/O thread to reduce the locking
    requirement.
    
    This is the first part of a fix for a race that exists between call
    connection and call disconnection whereby the data transmission code adds
    the call to the peer error distribution list after the call has been
    disconnected (say by the rxrpc socket getting closed).
    
    The fix is to complete the process of moving call connection, data
    transmission and call disconnection into the I/O thread and thus forcibly
    serialising them.
    
    Note that the issue may predate the overhaul to an I/O thread model that
    were included in the merge window for v6.2, but the timing is very much
    changed by the change given below.
    
    Fixes: cf37b598 ("rxrpc: Move DATA transmission into call processor work item")
    Reported-by: syzbot+c22650d2844392afdcfd@syzkaller.appspotmail.com
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    cc: Marc Dionne <marc.dionne@auristor.com>
    cc: linux-afs@lists.infradead.org
    03fc55ad
recvmsg.c 16.4 KB