Commit 5f41ae6f authored by Jeremy Kerr's avatar Jeremy Kerr Committed by David S. Miller

net: mctp: move expiry timer delete to unhash

Currently, we delete the key expiry timer (in sk->close) before
unhashing the sk. This means that another thread may find the sk through
its presence on the key list, and re-queue the timer.

This change moves the timer deletion to the unhash, after we have made
the key no longer observable, so the timer cannot be re-queued.

Fixes: 7b14e15a ("mctp: Implement a timeout for tags")
Signed-off-by: default avatarJeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent de8a6b15
...@@ -544,9 +544,6 @@ static int mctp_sk_init(struct sock *sk) ...@@ -544,9 +544,6 @@ static int mctp_sk_init(struct sock *sk)
static void mctp_sk_close(struct sock *sk, long timeout) static void mctp_sk_close(struct sock *sk, long timeout)
{ {
struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
del_timer_sync(&msk->key_expiry);
sk_common_release(sk); sk_common_release(sk);
} }
...@@ -581,6 +578,12 @@ static void mctp_sk_unhash(struct sock *sk) ...@@ -581,6 +578,12 @@ static void mctp_sk_unhash(struct sock *sk)
__mctp_key_remove(key, net, fl2, MCTP_TRACE_KEY_CLOSED); __mctp_key_remove(key, net, fl2, MCTP_TRACE_KEY_CLOSED);
} }
spin_unlock_irqrestore(&net->mctp.keys_lock, flags); spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
/* Since there are no more tag allocations (we have removed all of the
* keys), stop any pending expiry events. the timer cannot be re-queued
* as the sk is no longer observable
*/
del_timer_sync(&msk->key_expiry);
} }
static struct proto mctp_proto = { static struct proto mctp_proto = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment