decnet: proper socket refcounting

Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we dont access already freed/reused memory later. Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

decnet: proper socket refcounting
Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we dont access already freed/reused memory later. Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
8a6e77d5 · Eric Dumazet · David S. Miller · fc0b927d · 8a6e77d5
Commit 8a6e77d5 authored Nov 21, 2011 by Eric Dumazet Committed by David S. Miller Nov 26, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 12 deletions

net/decnet/dn_timer.c net/decnet/dn_timer.c +5 -12

No files found.
--- a/net/decnet/dn_timer.c
+++ b/net/decnet/dn_timer.c
@@ -36,16 +36,13 @@ static void dn_slow_timer(unsigned long arg);
 void dn_start_slow_timer(struct sock *sk)
 {
-	sk->sk_timer.expires	= jiffies + SLOW_INTERVAL;
+	setup_timer(&sk->sk_timer, dn_slow_timer, (unsigned long)sk);
-	sk->sk_timer.function	= dn_slow_timer;
+	sk_reset_timer(sk, &sk->sk_timer, jiffies + SLOW_INTERVAL);
-	sk->sk_timer.data	= (unsigned long)sk;
-	add_timer(&sk->sk_timer);
 }
 void dn_stop_slow_timer(struct sock *sk)
 {
-	del_timer(&sk->sk_timer);
+	sk_stop_timer(sk, &sk->sk_timer);
 }
 static void dn_slow_timer(unsigned long arg)
@@ -53,12 +50,10 @@ static void dn_slow_timer(unsigned long arg)
 	struct sock *sk = (struct sock *)arg;
 	struct dn_scp *scp = DN_SK(sk);
-	sock_hold(sk);
 	bh_lock_sock(sk);
 	if (sock_owned_by_user(sk)) {
-		sk->sk_timer.expires = jiffies + HZ / 10;
+		sk_reset_timer(sk, &sk->sk_timer, jiffies + HZ / 10);
-		add_timer(&sk->sk_timer);
 		goto out;
 	}
@@ -100,9 +95,7 @@ static void dn_slow_timer(unsigned long arg)
 			scp->keepalive_fxn(sk);
 	}
-	sk->sk_timer.expires = jiffies + SLOW_INTERVAL;
+	sk_reset_timer(sk, &sk->sk_timer, jiffies + SLOW_INTERVAL);
-	add_timer(&sk->sk_timer);
 out:
 	bh_unlock_sock(sk);
 	sock_put(sk);