|
| 1 | +rxrpc: Fix wrong error return in rxrpc_connect_call() |
| 2 | + |
| 3 | +jira LE-1907 |
| 4 | +Rebuild_History Non-Buildable kernel-rt-5.14.0-284.30.1.rt14.315.el9_2 |
| 5 | +commit-author David Howells < [email protected]> |
| 6 | +commit 01644a1f98ff45a4044395ce2bbfd534747e0676 |
| 7 | +Empty-Commit: Cherry-Pick Conflicts during history rebuild. |
| 8 | +Will be included in final tarball splat. Ref for failed cherry-pick at: |
| 9 | +ciq/ciq_backports/kernel-rt-5.14.0-284.30.1.rt14.315.el9_2/01644a1f.failed |
| 10 | + |
| 11 | +Fix rxrpc_connect_call() to return -ENOMEM rather than 0 if it fails to |
| 12 | +look up a peer. |
| 13 | + |
| 14 | +This generated a smatch warning: |
| 15 | + net/rxrpc/call_object.c:303 rxrpc_connect_call() warn: missing error code 'ret' |
| 16 | + |
| 17 | +I think this also fixes a syzbot-found bug: |
| 18 | + |
| 19 | + rxrpc: Assertion failed - 1(0x1) == 11(0xb) is false |
| 20 | + ------------[ cut here ]------------ |
| 21 | + kernel BUG at net/rxrpc/call_object.c:645! |
| 22 | + |
| 23 | +where the call being put is in the wrong state - as would be the case if we |
| 24 | +failed to clear up correctly after the error in rxrpc_connect_call(). |
| 25 | + |
| 26 | +Fixes: 9d35d880e0e4 ("rxrpc: Move client call connection to the I/O thread") |
| 27 | + Reported-by: kernel test robot < [email protected]> |
| 28 | + Reported-by: Dan Carpenter < [email protected]> |
| 29 | +Reported-and-tested-by: [email protected] |
| 30 | + Signed-off-by: David Howells < [email protected]> |
| 31 | +Link: https://lore.kernel.org/r/ [email protected]/ |
| 32 | + Reviewed-by: Alexander Duyck < [email protected]> |
| 33 | +Link: https://lore.kernel.org/r/ [email protected] |
| 34 | + Signed-off-by: Jakub Kicinski < [email protected]> |
| 35 | +(cherry picked from commit 01644a1f98ff45a4044395ce2bbfd534747e0676) |
| 36 | + Signed-off-by: Jonathan Maple < [email protected]> |
| 37 | + |
| 38 | +# Conflicts: |
| 39 | +# net/rxrpc/call_object.c |
| 40 | +diff --cc net/rxrpc/call_object.c |
| 41 | +index ad495d0d21a8,f3c9f0201c15..000000000000 |
| 42 | +--- a/net/rxrpc/call_object.c |
| 43 | ++++ b/net/rxrpc/call_object.c |
| 44 | +@@@ -253,6 -287,39 +253,42 @@@ static void rxrpc_put_call_slot(struct |
| 45 | + } |
| 46 | + |
| 47 | + /* |
| 48 | +++<<<<<<< HEAD |
| 49 | +++======= |
| 50 | ++ * Start the process of connecting a call. We obtain a peer and a connection |
| 51 | ++ * bundle, but the actual association of a call with a connection is offloaded |
| 52 | ++ * to the I/O thread to simplify locking. |
| 53 | ++ */ |
| 54 | ++ static int rxrpc_connect_call(struct rxrpc_call *call, gfp_t gfp) |
| 55 | ++ { |
| 56 | ++ struct rxrpc_local *local = call->local; |
| 57 | ++ int ret = -ENOMEM; |
| 58 | ++ |
| 59 | ++ _enter("{%d,%lx},", call->debug_id, call->user_call_ID); |
| 60 | ++ |
| 61 | ++ call->peer = rxrpc_lookup_peer(local, &call->dest_srx, gfp); |
| 62 | ++ if (!call->peer) |
| 63 | ++ goto error; |
| 64 | ++ |
| 65 | ++ ret = rxrpc_look_up_bundle(call, gfp); |
| 66 | ++ if (ret < 0) |
| 67 | ++ goto error; |
| 68 | ++ |
| 69 | ++ trace_rxrpc_client(NULL, -1, rxrpc_client_queue_new_call); |
| 70 | ++ rxrpc_get_call(call, rxrpc_call_get_io_thread); |
| 71 | ++ spin_lock(&local->client_call_lock); |
| 72 | ++ list_add_tail(&call->wait_link, &local->new_client_calls); |
| 73 | ++ spin_unlock(&local->client_call_lock); |
| 74 | ++ rxrpc_wake_up_io_thread(local); |
| 75 | ++ return 0; |
| 76 | ++ |
| 77 | ++ error: |
| 78 | ++ __set_bit(RXRPC_CALL_DISCONNECTED, &call->flags); |
| 79 | ++ return ret; |
| 80 | ++ } |
| 81 | ++ |
| 82 | ++ /* |
| 83 | +++>>>>>>> 01644a1f98ff (rxrpc: Fix wrong error return in rxrpc_connect_call()) |
| 84 | + * Set up a call for the given parameters. |
| 85 | + * - Called with the socket lock held, which it must release. |
| 86 | + * - If it returns a call, the call's lock will need releasing by the caller. |
| 87 | +* Unmerged path net/rxrpc/call_object.c |
0 commit comments