rxrpc: Don't release call mutex on error pointer

Don't release call mutex at the end of rxrpc_kernel_begin_call() if the call pointer actually holds an error value. Fixes: 540b1c48 ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg") Reported-by: N Marc Dionne <marc.dionne@auristor.com> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

rxrpc: Don't release call mutex on error pointer
Don't release call mutex at the end of rxrpc_kernel_begin_call() if the call pointer actually holds an error value. Fixes: 540b1c48 ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg") Reported-by: N Marc Dionne <marc.dionne@auristor.com> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
6cb3ece9 · David Howells · David S. Miller · 748759d5 · 6cb3ece9
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

net/rxrpc/af_rxrpc.c net/rxrpc/af_rxrpc.c +3 -2

未找到文件。
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -308,10 +308,11 @@ struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock,
 	call = rxrpc_new_client_call(rx, &cp, srx, user_call_ID, tx_total_len,
 				     gfp);
 	/* The socket has been unlocked. */
-	if (!IS_ERR(call))
+	if (!IS_ERR(call)) {
 		call->notify_rx = notify_rx;
+		mutex_unlock(&call->user_mutex);
+	}

-	mutex_unlock(&call->user_mutex);
 	_leave(" = %p", call);
 	return call;
 }