Menu
▾
▴
Re: [tipc-discussion] [net v1 2/3] tipc: fix wrong socket reference counter after tipc_sk_timeout() returns
|
From: Jon M. <jon...@er...> - 2019-08-14 15:16:12
|
Acked-by: Jon
> -----Original Message-----
> From: Tung Nguyen <tun...@de...>
> Sent: 13-Aug-19 06:02
> To: tip...@li...; Jon Maloy
> <jon...@er...>; ma...@do...; yin...@wi...
> Subject: [tipc-discussion][net v1 2/3] tipc: fix wrong socket reference counter
> after tipc_sk_timeout() returns
>
> When tipc_sk_timeout() is executed but user space is grabbing ownership, this
> function rearms itself and returns. However, the socket reference counter is
> not reduced. This causes potential unexpected behavior.
>
> This commit fixes it by calling sock_put() before tipc_sk_timeout() returns in
> the above-mentioned case.
>
> Fixes: afe8792fec69 ("tipc: refactor function tipc_sk_timeout()")
> Signed-off-by: Tung Nguyen <tun...@de...>
> ---
> net/tipc/socket.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/socket.c b/net/tipc/socket.c index
> dcb8b6082757..9fd9a5727786 100644
> --- a/net/tipc/socket.c
> +++ b/net/tipc/socket.c
> @@ -2683,6 +2683,7 @@ static void tipc_sk_timeout(struct timer_list *t)
> if (sock_owned_by_user(sk)) {
> sk_reset_timer(sk, &sk->sk_timer, jiffies + HZ / 20);
> bh_unlock_sock(sk);
> + sock_put(sk);
> return;
> }
>
> --
> 2.17.1
|
