• David Howells's avatar
    rxrpc: Fix accept on a connection that need securing · 2d914c1b
    David Howells authored
    When a new incoming call arrives at an userspace rxrpc socket on a new
    connection that has a security class set, the code currently pushes it onto
    the accept queue to hold a ref on it for the socket.  This doesn't work,
    however, as recvmsg() pops it off, notices that it's in the SERVER_SECURING
    state and discards the ref.  This means that the call runs out of refs too
    early and the kernel oopses.
    
    By contrast, a kernel rxrpc socket manually pre-charges the incoming call
    pool with calls that already have user call IDs assigned, so they are ref'd
    by the call tree on the socket.
    
    Change the mode of operation for userspace rxrpc server sockets to work
    like this too.  Although this is a UAPI change, server sockets aren't
    currently functional.
    
    Fixes: 248f219c ("rxrpc: Rewrite the data and ack handling code")
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    2d914c1b
call_accept.c 14.1 KB