Commit 709e8697 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

tcp: clear xmit timers in tcp_v4_syn_recv_sock()

Simon Kirby reported divides by zero errors in __tcp_select_window()

This happens when inet_csk_route_child_sock() returns a NULL pointer :

We free new socket while we eventually armed keepalive timer in
tcp_create_openreq_child()

Fix this by a call to tcp_clear_xmit_timers()

[ This is a followup to commit 918eb399 (net: add missing
bh_unlock_sock() calls) ]
Reported-by: default avatarSimon Kirby <sim@hostway.ca>
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Tested-by: default avatarSimon Kirby <sim@hostway.ca>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 46993f02
...@@ -1510,6 +1510,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, ...@@ -1510,6 +1510,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
return NULL; return NULL;
put_and_exit: put_and_exit:
tcp_clear_xmit_timers(newsk);
bh_unlock_sock(newsk); bh_unlock_sock(newsk);
sock_put(newsk); sock_put(newsk);
goto exit; goto exit;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment