diff options
author | David Howells <dhowells@redhat.com> | 2016-04-04 15:00:39 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2016-07-06 11:43:51 +0200 |
commit | d1e858c5a392a50c16ce36624203032bdeb3595b (patch) | |
tree | da1a7b0e797d236d28d881c75519fbbf7dfcfd3d /net/rxrpc | |
parent | rxrpc: Move usage count getting into rxrpc_queue_conn() (diff) | |
download | linux-d1e858c5a392a50c16ce36624203032bdeb3595b.tar.xz linux-d1e858c5a392a50c16ce36624203032bdeb3595b.zip |
rxrpc: Fix handling of connection failure in client call creation
If rxrpc_connect_call() fails during the creation of a client connection,
there are two bugs that we can hit that need fixing:
(1) The call state should be moved to RXRPC_CALL_DEAD before the call
cleanup phase is invoked. If not, this can cause an assertion failure
later.
(2) call->link should be reinitialised after being deleted in
rxrpc_new_client_call() - which otherwise leads to a failure later
when the call cleanup attempts to delete the link again.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'net/rxrpc')
-rw-r--r-- | net/rxrpc/call_object.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index ad933daae13b..6223a7ed831f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -425,9 +425,10 @@ error: rxrpc_put_call(call); write_lock_bh(&rxrpc_call_lock); - list_del(&call->link); + list_del_init(&call->link); write_unlock_bh(&rxrpc_call_lock); + call->state = RXRPC_CALL_DEAD; rxrpc_put_call(call); _leave(" = %d", ret); return ERR_PTR(ret); @@ -439,6 +440,7 @@ error: */ found_user_ID_now_present: write_unlock(&rx->call_lock); + call->state = RXRPC_CALL_DEAD; rxrpc_put_call(call); _leave(" = -EEXIST [%p]", call); return ERR_PTR(-EEXIST); |