Thanks for the clarification Eric.
I re-analysed the code and found that sk_stop_timer() is called under
lock_sock(sk)/bh_lock_sock(sk) so we can not replace del_timer() with
del_timer_sync() here and will lead to dead-lock as you suggested .
Thanks,
Deepak Das
On Thursday 07 August 2014 10:1
On Thu, 2014-08-07 at 15:15 +, Das, Deepak wrote:
Please do not top post on netdev, thanks.
> I apologies for not explaining the scenario previously.
>
> sk_stop_timer() is used to stop the tcp timers with expiry callback
> tcp_write_timer(), tcp_delack_timer(), tcp_keepalive_timer(), ...
>
pinics.net/lists/linux-bluetooth/msg51132.html
with warm regards,
Deepak Das
From: Eric Dumazet [eric.duma...@gmail.com]
Sent: Thursday, August 07, 2014 12:25 PM
To: Das, Deepak
Cc: da...@davemloft.net; net...@vger.kernel.org; linux-kernel@vger.kernel.org
On Thu, 2014-08-07 at 11:48 +0530, Deepak wrote:
> on SMP system, del_timer() might return even if the timer function
> is running on other cpu so sk_stop_timer() will execute __sock_put()
> while timer is accessing the socket on other cpu causing
> "use-after-free".
>
> This commi
on SMP system, del_timer() might return even if the timer function
is running on other cpu so sk_stop_timer() will execute __sock_put()
while timer is accessing the socket on other cpu causing
"use-after-free".
This commit replaces del_timer() with del_timer_sync() in
sk_stop_t
5 matches
Mail list logo
