summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Kerr <jk@codeconstruct.com.au>2023-01-24 10:01:04 +0800
committerDavid S. Miller <davem@davemloft.net>2023-01-25 13:07:37 +0000
commit5f41ae6fca9d40ab3cb9b0507931ef7a9b3ea50b (patch)
treed777040a8d5f80fe385b12bcd360032a52dc6b0a
parentde8a6b15d9654c3e4f672d76da9d9df8ee06331d (diff)
downloadlwn-5f41ae6fca9d40ab3cb9b0507931ef7a9b3ea50b.tar.gz
lwn-5f41ae6fca9d40ab3cb9b0507931ef7a9b3ea50b.zip
net: mctp: move expiry timer delete to unhash
Currently, we delete the key expiry timer (in sk->close) before unhashing the sk. This means that another thread may find the sk through its presence on the key list, and re-queue the timer. This change moves the timer deletion to the unhash, after we have made the key no longer observable, so the timer cannot be re-queued. Fixes: 7b14e15ae6f4 ("mctp: Implement a timeout for tags") Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/mctp/af_mctp.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/net/mctp/af_mctp.c b/net/mctp/af_mctp.c
index fc9e728b6333..fb6ae3110528 100644
--- a/net/mctp/af_mctp.c
+++ b/net/mctp/af_mctp.c
@@ -544,9 +544,6 @@ static int mctp_sk_init(struct sock *sk)
static void mctp_sk_close(struct sock *sk, long timeout)
{
- struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
-
- del_timer_sync(&msk->key_expiry);
sk_common_release(sk);
}
@@ -581,6 +578,12 @@ static void mctp_sk_unhash(struct sock *sk)
__mctp_key_remove(key, net, fl2, MCTP_TRACE_KEY_CLOSED);
}
spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
+
+ /* Since there are no more tag allocations (we have removed all of the
+ * keys), stop any pending expiry events. the timer cannot be re-queued
+ * as the sk is no longer observable
+ */
+ del_timer_sync(&msk->key_expiry);
}
static struct proto mctp_proto = {