git.samba.org - sfrench/cifs-2.6.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 30 Sep 2020 20:27:18 +0000 (21:27 +0100)
committer	David Howells <dhowells@redhat.com>
	Mon, 5 Oct 2020 15:35:57 +0000 (16:35 +0100)
commit	2d914c1bf079491d1113051a7232250267f3f2e4
tree	13abaf75ff328d1f3248d871985df0e0057a390d	tree
parent	fa1d113a0f96f9ab7e4fe4f8825753ba1e34a9d3	commit \| diff

rxrpc: Fix accept on a connection that need securing

When a new incoming call arrives at an userspace rxrpc socket on a new
connection that has a security class set, the code currently pushes it onto
the accept queue to hold a ref on it for the socket.  This doesn't work,
however, as recvmsg() pops it off, notices that it's in the SERVER_SECURING
state and discards the ref.  This means that the call runs out of refs too
early and the kernel oopses.

By contrast, a kernel rxrpc socket manually pre-charges the incoming call
pool with calls that already have user call IDs assigned, so they are ref'd
by the call tree on the socket.

Change the mode of operation for userspace rxrpc server sockets to work
like this too.  Although this is a UAPI change, server sockets aren't
currently functional.

Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells@redhat.com>

include/uapi/linux/rxrpc.h		diff \| blob \| history
net/rxrpc/ar-internal.h		diff \| blob \| history
net/rxrpc/call_accept.c		diff \| blob \| history
net/rxrpc/call_object.c		diff \| blob \| history
net/rxrpc/conn_event.c		diff \| blob \| history
net/rxrpc/recvmsg.c		diff \| blob \| history
net/rxrpc/sendmsg.c		diff \| blob \| history