From af338a9ea60acc6337fe9fcdcf664aec2520e541 Mon Sep 17 00:00:00 2001 From: David Howells Date: Sun, 4 Sep 2016 13:10:10 +0100 Subject: [PATCH] rxrpc: The client call state must be changed before attachment to conn We must set the client call state to RXRPC_CALL_CLIENT_SEND_REQUEST before attaching the call to the connection struct, not after, as it's liable to receive errors and conn aborts as soon as the assignment is made - and these will cause its state to be changed outside of the initiating thread's control. Signed-off-by: David Howells --- net/rxrpc/call_object.c | 2 -- net/rxrpc/conn_client.c | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 57e00fc..6569174 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -197,8 +197,6 @@ static int rxrpc_begin_client_call(struct rxrpc_call *call, if (ret < 0) return ret; - call->state = RXRPC_CALL_CLIENT_SEND_REQUEST; - spin_lock(&call->conn->params.peer->lock); hlist_add_head(&call->error_link, &call->conn->params.peer->error_targets); spin_unlock(&call->conn->params.peer->lock); diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c index 4b213bc0..e19804d 100644 --- a/net/rxrpc/conn_client.c +++ b/net/rxrpc/conn_client.c @@ -537,6 +537,10 @@ static void rxrpc_activate_one_channel(struct rxrpc_connection *conn, struct rxrpc_call, chan_wait_link); u32 call_id = chan->call_counter + 1; + write_lock_bh(&call->state_lock); + call->state = RXRPC_CALL_CLIENT_SEND_REQUEST; + write_unlock_bh(&call->state_lock); + rxrpc_see_call(call); list_del_init(&call->chan_wait_link); conn->active_chans |= 1 << channel; -- 2.7.4