rxrpc: Fix bundle counting for exclusive connections (f3af4ad1) · Commits · 戴 / test

Fix rxrpc_unbundle_conn() to not drop the bundle usage count when cleaning up an exclusive connection. Based on the suggested fix from Hillf Danton. Fixes: ("rxrpc: Rewrite the client connection manager") Reported-by:

<syzbot+d57aaf84dd8a550e6d91@syzkaller.appspotmail.com> Signed-off-by:

David Howells <dhowells@redhat.com> cc: Hillf Danton <hdanton@sina.com>

net/rxrpc/conn_client.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -901,7 +901,7 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
		struct rxrpc_bundle *bundle = conn->bundle;
		struct rxrpc_local *local = bundle->params.local;
		unsigned int bindex;
		bool need_drop = false;
		bool need_drop = false, need_put = false;
		int i;

		_enter("C=%x", conn->debug_id);
		@@ -928,10 +928,11 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
		if (i == ARRAY_SIZE(bundle->conns) && !bundle->params.exclusive) {
		_debug("erase bundle");
		rb_erase(&bundle->local_node, &local->client_bundles);
		need_put = true;
		}

		spin_unlock(&local->client_bundles_lock);
		if (i == ARRAY_SIZE(bundle->conns))
		if (need_put)
		rxrpc_put_bundle(bundle);
		}

Admin message