On Sat, Jul 23, 2016 at 10:16:56PM +0800, Liping Zhang wrote: > From: Liping Zhang <[email protected]> > > Commit 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of > set_expect_timeout") just simplify the source codes > if (!del_timer(&exp->timeout)) > return 0; > add_timer(&exp->timeout); > to mod_timer(&exp->timeout, jiffies + info->timeout * HZ); > > This is not correct, and introduce a race codition: > CPU0 CPU1 > - timer expire > process_rcf expectation_timed_out > lock(exp_lock) - > find_exp waiting exp_lock... > re-activate timer!! waiting exp_lock... > unlock(exp_lock) lock(exp_lock) > - unlink expect > - free(expect) > - unlock(exp_lock) > So when the timer expires again, we will access the memory that > was already freed. > > Replace mod_timer with mod_timer_pending here to fix this problem. > > Fixes: 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of > set_expect_timeout")
Applied, thanks Zhang. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
