on SMP system, del_timer() might return even if the timer function
is running on other cpu so sk_stop_timer() will execute __sock_put()
while timer is accessing the socket on other cpu causing
"use-after-free".
This commit replaces del_timer() with del_timer_sync() in
sk_stop_timer().
del_timer_sync() will wait untill the timer function is not running in
any other cpu hence making sk_stop_timer() SMP safe.
Signed-off-by: Deepak Das <deepak_...@mentor.com>
diff --git a/net/core/sock.c b/net/core/sock.c
index 026e01f..491a84d 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2304,7 +2304,7 @@ EXPORT_SYMBOL(sk_reset_timer);
void sk_stop_timer(struct sock *sk, struct timer_list* timer)
{
- if (del_timer(timer))
+ if (del_timer_sync(timer))
__sock_put(sk);
}
EXPORT_SYMBOL(sk_stop_timer);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
