rxrpc: Fix conn-based retransmit

If a duplicate packet comes in for a call that has just completed on a
connection's channel then there will be an oops in the data_ready handler
because it tries to examine the connection struct via a call struct (which
we don't have - the pointer is unset).

Since the connection struct pointer is available to us, go direct instead.

Also, the ACK packet to be retransmitted needs three octets of padding
between the soft ack list and the ackinfo.

Fixes: 18bfeba50dfd0c8ee420396f2570f16a0bdbd7de ("rxrpc: Perform terminal call ACK/ABORT retransmission from conn processor")
Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c
index c1c6b7f305d156cb245eeff8a02110db46de4205..6296374df840bdf40269a486b43eb04e935bf470 100644 (file)
--- a/net/rxrpc/conn_event.c
+++ b/net/rxrpc/conn_event.c
@@ -42,6 +42,7 @@ static void rxrpc_conn_retransmit(struct rxrpc_connection *conn,
                        } abort;
                        struct {
                                struct rxrpc_ackpacket ack;
+                               u8 padding[3];
                                struct rxrpc_ackinfo info;
                        };
                };

diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 66cdeb56f44f6f058e670401eb4f35e25e036060..5e683dd21ab9bf5ca13968b43daff03cf4fb8714 100644 (file)
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -732,7 +732,7 @@ void rxrpc_data_ready(struct sock *sk)
                        /* For the previous service call, if completed
                         * successfully, we discard all further packets.
                         */
-                       if (rxrpc_conn_is_service(call->conn) &&
+                       if (rxrpc_conn_is_service(conn) &&
                            (chan->last_type == RXRPC_PACKET_TYPE_ACK ||
                             sp->hdr.type == RXRPC_PACKET_TYPE_ABORT))
                                goto discard_unlock;