diff options
author | David Howells <dhowells@redhat.com> | 2024-10-01 15:26:59 +0200 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2024-10-04 01:23:21 +0200 |
commit | 7a310f8d7dfe2d92a1f31ddb5357bfdd97eed273 (patch) | |
tree | 3bb430c50acdb9493e56b03eb93a6641648cf20a | |
parent | rxrpc: Fix a race between socket set up and I/O thread creation (diff) | |
download | linux-7a310f8d7dfe2d92a1f31ddb5357bfdd97eed273.tar.xz linux-7a310f8d7dfe2d92a1f31ddb5357bfdd97eed273.zip |
rxrpc: Fix uninitialised variable in rxrpc_send_data()
Fix the uninitialised txb variable in rxrpc_send_data() by moving the code
that loads it above all the jumps to maybe_error, txb being stored back
into call->tx_pending right before the normal return.
Fixes: b0f571ecd794 ("rxrpc: Fix locking in rxrpc's sendmsg")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lists.infradead.org/pipermail/linux-afs/2024-October/008896.html
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://patch.msgid.link/20241001132702.3122709-3-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r-- | net/rxrpc/sendmsg.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c index 894b8fa68e5e..23d18fe5de9f 100644 --- a/net/rxrpc/sendmsg.c +++ b/net/rxrpc/sendmsg.c @@ -303,6 +303,11 @@ static int rxrpc_send_data(struct rxrpc_sock *rx, sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk); reload: + txb = call->tx_pending; + call->tx_pending = NULL; + if (txb) + rxrpc_see_txbuf(txb, rxrpc_txbuf_see_send_more); + ret = -EPIPE; if (sk->sk_shutdown & SEND_SHUTDOWN) goto maybe_error; @@ -329,11 +334,6 @@ reload: goto maybe_error; } - txb = call->tx_pending; - call->tx_pending = NULL; - if (txb) - rxrpc_see_txbuf(txb, rxrpc_txbuf_see_send_more); - do { if (!txb) { size_t remain; |