diff options
| author | David Howells <dhowells@redhat.com> | 2026-06-24 17:38:16 +0100 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2026-06-25 10:07:19 -0700 |
| commit | e66f8f32f50116670dbbee5bc9e692cd2cd0c8f8 (patch) | |
| tree | afe44d67ba8e32cccc23a66f282c4b474979b9a5 /net | |
| parent | 67a0332f442ef07713cd2d9c13d59db0f1c23648 (diff) | |
| download | ath-e66f8f32f50116670dbbee5bc9e692cd2cd0c8f8.tar.gz | |
rxrpc: Fix socket notification race
There's a race between rxrpc_recvmsg() and rxrpc_notify_socket(), whereby
the latter's attempt to avoid disabling interrupts and taking the socket's
recvmsg_lock if the call is already queued may happen simultaneously with
the former's discarding of a call that has nothing queued.
Fix this by removing the shortcut. Note that this only affects userspace's
use of AF_RXRPC; the AFS filesystem driver doesn't use the socket queue.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-10-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/rxrpc/recvmsg.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index f382a47c6eb06..9962e135cb73f 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -27,8 +27,6 @@ void rxrpc_notify_socket(struct rxrpc_call *call) _enter("%d", call->debug_id); - if (!list_empty(&call->recvmsg_link)) - return; if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { rxrpc_see_call(call, rxrpc_call_see_notify_released); return; |
