rxrpc: The client call state must be changed before attachment to conn

We must set the client call state to RXRPC_CALL_CLIENT_SEND_REQUEST before
attaching the call to the connection struct, not after, as it's liable to
receive errors and conn aborts as soon as the assignment is made - and
these will cause its state to be changed outside of the initiating thread's
control.

Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index 57e00fc9cff20cb61882a756aefef99ba49954a4..65691742199b1a7cbbfdd5df114b2741d2e76882 100644 (file)
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -197,8 +197,6 @@ static int rxrpc_begin_client_call(struct rxrpc_call *call,
        if (ret < 0)
                return ret;
 
-       call->state = RXRPC_CALL_CLIENT_SEND_REQUEST;
-
        spin_lock(&call->conn->params.peer->lock);
        hlist_add_head(&call->error_link, &call->conn->params.peer->error_targets);
        spin_unlock(&call->conn->params.peer->lock);

diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 4b213bc0f55467a71a955a6839b985331debbb7d..e19804dd6c8dedfe28835d5e856c35d3bd136456 100644 (file)
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -537,6 +537,10 @@ static void rxrpc_activate_one_channel(struct rxrpc_connection *conn,
                                             struct rxrpc_call, chan_wait_link);
        u32 call_id = chan->call_counter + 1;
 
+       write_lock_bh(&call->state_lock);
+       call->state = RXRPC_CALL_CLIENT_SEND_REQUEST;
+       write_unlock_bh(&call->state_lock);
+
        rxrpc_see_call(call);
        list_del_init(&call->chan_wait_link);
        conn->active_chans |= 1 << channel;