[RFC] net: Replace del_timer() with del_timer_sync()

From: Deepak
Date: Thu Aug 07 2014 - 02:18:59 EST

Next message: Dave Young: "Re: [PATCH 1/2] UEFI arm64: add noefi boot param"
Previous message: Thierry Reding: "Re: [PATCH v4 2/2] pwm: rockchip: Added to support for RK3288 SoC"
Next in thread: Eric Dumazet: "Re: [RFC] net: Replace del_timer() with del_timer_sync()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on SMP system, del_timer() might return even if the timer function
is running on other cpu so sk_stop_timer() will execute __sock_put()
while timer is accessing the socket on other cpu causing "use-after-free".

This commit replaces del_timer() with del_timer_sync() in sk_stop_timer().
del_timer_sync() will wait untill the timer function is not running in
any other cpu hence making sk_stop_timer() SMP safe.

Signed-off-by: Deepak Das <deepak_das@xxxxxxxxxx>

diff --git a/net/core/sock.c b/net/core/sock.c
index 026e01f..491a84d 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2304,7 +2304,7 @@ EXPORT_SYMBOL(sk_reset_timer);

void sk_stop_timer(struct sock *sk, struct timer_list* timer)
{
- if (del_timer(timer))
+ if (del_timer_sync(timer))
__sock_put(sk);
}
EXPORT_SYMBOL(sk_stop_timer);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Young: "Re: [PATCH 1/2] UEFI arm64: add noefi boot param"
Previous message: Thierry Reding: "Re: [PATCH v4 2/2] pwm: rockchip: Added to support for RK3288 SoC"
Next in thread: Eric Dumazet: "Re: [RFC] net: Replace del_timer() with del_timer_sync()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]