Skip to content

CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls

CKI Backport Botrequested to merge
redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream/src/kernel/centos-stream-9:backport-RHEL-67999-centos-stream-9-main into main

JIRA: https://issues.redhat.com/browse/RHEL-67999
CVE: CVE-2024-50294

rxrpc: Fix missing locking causing hanging calls

If a call gets aborted (e.g. because kafs saw a signal) between it being
queued for connection and the I/O thread picking up the call, the abort
will be prioritised over the connection and it will be removed from
local->new_client_calls by rxrpc_disconnect_client_call() without a lock
being held.  This may cause other calls on the list to disappear if a race
occurs.

Fix this by taking the client_call_lock when removing a call from whatever
list its ->wait_link happens to be on.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Fixes: 9d35d880e0e4 ("rxrpc: Move client call connection to the I/O thread")
Link: https://patch.msgid.link/726660.1730898202@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit fc9de52de38f656399d2ce40f7349a6b5f86e787)

Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Created 2024-11-19 09:54 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue

Merge request reports