On Sat, Jul 23, 2016 at 10:16:56PM +0800, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
>
> Commit 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of
> set_expect_timeout") just simplify the source codes
> if (!del_timer(&exp->timeout))
> return 0;
> add_timer(&exp->timeout);
> to mod_timer(&exp->timeout, jiffies + info->timeout * HZ);
>
> This is not correct, and introduce a race codition:
> CPU0 CPU1
> - timer expire
> process_rcf expectation_timed_out
> lock(exp_lock) -
> find_exp waiting exp_lock...
> re-activate timer!! waiting exp_lock...
> unlock(exp_lock) lock(exp_lock)
> - unlink expect
> - free(expect)
> - unlock(exp_lock)
> So when the timer expires again, we will access the memory that
> was already freed.
>
> Replace mod_timer with mod_timer_pending here to fix this problem.
>
> Fixes: 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of set_expect_timeout")
Applied, thanks Zhang.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
