Acked-by: Jon > -----Original Message----- > From: Tung Nguyen <[email protected]> > Sent: 13-Aug-19 06:02 > To: [email protected]; Jon Maloy > <[email protected]>; [email protected]; [email protected] > Subject: [tipc-discussion][net v1 2/3] tipc: fix wrong socket reference > counter > after tipc_sk_timeout() returns > > When tipc_sk_timeout() is executed but user space is grabbing ownership, this > function rearms itself and returns. However, the socket reference counter is > not reduced. This causes potential unexpected behavior. > > This commit fixes it by calling sock_put() before tipc_sk_timeout() returns in > the above-mentioned case. > > Fixes: afe8792fec69 ("tipc: refactor function tipc_sk_timeout()") > Signed-off-by: Tung Nguyen <[email protected]> > --- > net/tipc/socket.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/socket.c b/net/tipc/socket.c index > dcb8b6082757..9fd9a5727786 100644 > --- a/net/tipc/socket.c > +++ b/net/tipc/socket.c > @@ -2683,6 +2683,7 @@ static void tipc_sk_timeout(struct timer_list *t) > if (sock_owned_by_user(sk)) { > sk_reset_timer(sk, &sk->sk_timer, jiffies + HZ / 20); > bh_unlock_sock(sk); > + sock_put(sk); > return; > } > > -- > 2.17.1
_______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
