rxrpc: Fix a potential NULL-pointer deref in rxrpc_abort_calls
The call pointer in a channel on a connection will be NULL if there's no active call on that channel. rxrpc_abort_calls() needs to check for this before trying to take the call's state_lock. Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
3201a39ba8
commit
ccbd3dbe85
@ -149,19 +149,23 @@ static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state,
|
||||
call = rcu_dereference_protected(
|
||||
conn->channels[i].call,
|
||||
lockdep_is_held(&conn->channel_lock));
|
||||
write_lock_bh(&call->state_lock);
|
||||
if (call->state <= RXRPC_CALL_COMPLETE) {
|
||||
call->state = state;
|
||||
if (state == RXRPC_CALL_LOCALLY_ABORTED) {
|
||||
call->local_abort = conn->local_abort;
|
||||
set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events);
|
||||
} else {
|
||||
call->remote_abort = conn->remote_abort;
|
||||
set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events);
|
||||
if (call) {
|
||||
write_lock_bh(&call->state_lock);
|
||||
if (call->state <= RXRPC_CALL_COMPLETE) {
|
||||
call->state = state;
|
||||
if (state == RXRPC_CALL_LOCALLY_ABORTED) {
|
||||
call->local_abort = conn->local_abort;
|
||||
set_bit(RXRPC_CALL_EV_CONN_ABORT,
|
||||
&call->events);
|
||||
} else {
|
||||
call->remote_abort = conn->remote_abort;
|
||||
set_bit(RXRPC_CALL_EV_RCVD_ABORT,
|
||||
&call->events);
|
||||
}
|
||||
rxrpc_queue_call(call);
|
||||
}
|
||||
rxrpc_queue_call(call);
|
||||
write_unlock_bh(&call->state_lock);
|
||||
}
|
||||
write_unlock_bh(&call->state_lock);
|
||||
}
|
||||
|
||||
spin_unlock(&conn->channel_lock);
|
||||
|
Loading…
x
Reference in New Issue
Block a user