rxrpc: Fix user call ID check in rxrpc_service_prealloc_one

[ Upstream commit c01f6c9b3207e52fc9973a066a856ddf7a0538d8 ]

There just check the user call ID isn't already in use, hence should
compare user_call_ID with xcall->user_call_ID, which is current
node's user_call_ID.

Fixes: 540b1c48c37a ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg")
Suggested-by: David Howells <dhowells@redhat.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index 3028298ca56134e86b1ef60c9987b37490e12f19..62b1581d44a5af8c66a5c3cdeef2b7fb631558a1 100644 (file)
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -115,9 +115,9 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx,
                while (*pp) {
                        parent = *pp;
                        xcall = rb_entry(parent, struct rxrpc_call, sock_node);
-                       if (user_call_ID < call->user_call_ID)
+                       if (user_call_ID < xcall->user_call_ID)
                                pp = &(*pp)->rb_left;
-                       else if (user_call_ID > call->user_call_ID)
+                       else if (user_call_ID > xcall->user_call_ID)
                                pp = &(*pp)->rb_right;
                        else
                                goto id_in_use;