From patchwork Thu Aug 7 06:18:47 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Das X-Patchwork-Id: 377753 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 060DC1400AF for ; Thu, 7 Aug 2014 16:19:15 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757427AbaHGGSz (ORCPT ); Thu, 7 Aug 2014 02:18:55 -0400 Received: from relay1.mentorg.com ([192.94.38.131]:54850 "EHLO relay1.mentorg.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757232AbaHGGSx (ORCPT ); Thu, 7 Aug 2014 02:18:53 -0400 Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58]) by relay1.mentorg.com with esmtp id 1XFH2J-0001NH-Qz from Deepak_Das@mentor.com ; Wed, 06 Aug 2014 23:18:52 -0700 Received: from [137.202.196.170] ([137.202.196.170]) by SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 6 Aug 2014 23:18:50 -0700 Message-ID: <53E31A47.9000407@mentor.com> Date: Thu, 07 Aug 2014 11:48:47 +0530 From: Deepak User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8 MIME-Version: 1.0 To: davem@davemloft.net, netdev@vger.kernel.org CC: linux-kernel@vger.kernel.org Subject: [RFC] net: Replace del_timer() with del_timer_sync() X-OriginalArrivalTime: 07 Aug 2014 06:18:51.0329 (UTC) FILETIME=[74EDCB10:01CFB207] Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org on SMP system, del_timer() might return even if the timer function is running on other cpu so sk_stop_timer() will execute __sock_put() while timer is accessing the socket on other cpu causing "use-after-free". This commit replaces del_timer() with del_timer_sync() in sk_stop_timer(). del_timer_sync() will wait untill the timer function is not running in any other cpu hence making sk_stop_timer() SMP safe. Signed-off-by: Deepak Das --- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/core/sock.c b/net/core/sock.c index 026e01f..491a84d 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2304,7 +2304,7 @@ EXPORT_SYMBOL(sk_reset_timer); void sk_stop_timer(struct sock *sk, struct timer_list* timer) { - if (del_timer(timer)) + if (del_timer_sync(timer)) __sock_put(sk); } EXPORT_SYMBOL(sk_stop_timer);