[PATCH 4.17 07/31] rxrpc: Fix user call ID check in rxrpc_service_prealloc_one

From: Greg Kroah-Hartman
Date: Sat Aug 04 2018 - 05:02:51 EST


4.17-stable review patch. If anyone has any objections, please let me know.

------------------

From: YueHaibing <yuehaibing@xxxxxxxxxx>

[ Upstream commit c01f6c9b3207e52fc9973a066a856ddf7a0538d8 ]

There just check the user call ID isn't already in use, hence should
compare user_call_ID with xcall->user_call_ID, which is current
node's user_call_ID.

Fixes: 540b1c48c37a ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg")
Suggested-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: YueHaibing <yuehaibing@xxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/rxrpc/call_accept.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -116,9 +116,9 @@ static int rxrpc_service_prealloc_one(st
while (*pp) {
parent = *pp;
xcall = rb_entry(parent, struct rxrpc_call, sock_node);
- if (user_call_ID < call->user_call_ID)
+ if (user_call_ID < xcall->user_call_ID)
pp = &(*pp)->rb_left;
- else if (user_call_ID > call->user_call_ID)
+ else if (user_call_ID > xcall->user_call_ID)
pp = &(*pp)->rb_right;
else
goto id_in_use;