diff options
| author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-07-23 22:16:56 +0800 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-08 09:26:40 +0200 |
| commit | 707e6835f89419ff1c05e828c2d9939fd95a7ad8 (patch) | |
| tree | faaf3c1d830f7ad39dad6effc862aeec0ef49663 /include | |
| parent | c518189567eaf42b2ec50a4d982484c8e38799f8 (diff) | |
netfilter: nf_ct_h323: do not re-activate already expired timer
Commit 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of
set_expect_timeout") just simplify the source codes
if (!del_timer(&exp->timeout))
return 0;
add_timer(&exp->timeout);
to mod_timer(&exp->timeout, jiffies + info->timeout * HZ);
This is not correct, and introduce a race codition:
CPU0 CPU1
- timer expire
process_rcf expectation_timed_out
lock(exp_lock) -
find_exp waiting exp_lock...
re-activate timer!! waiting exp_lock...
unlock(exp_lock) lock(exp_lock)
- unlink expect
- free(expect)
- unlock(exp_lock)
So when the timer expires again, we will access the memory that
was already freed.
Replace mod_timer with mod_timer_pending here to fix this problem.
Fixes: 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of set_expect_timeout")
Cc: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions