From: Andrea Bittau Date: Tue, 21 Mar 2006 01:57:52 +0000 (-0800) Subject: [DCCP] CCID2: Drop sock reference count on timer expiration and reset. X-Git-Tag: v2.6.17-rc1~1175^2~171 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77ff72d528d5b9d30a47f42f364ba34d931f9da3;p=linux-2.6 [DCCP] CCID2: Drop sock reference count on timer expiration and reset. There was a hybrid use of standard timers and sk_timers. This caused the reference count of the sock to be incorrect when resetting the RTO timer. The sock reference count should now be correct, enabling its destruction, and allowing the DCCP module to be unloaded. Signed-off-by: Andrea Bittau Signed-off-by: Arnaldo Carvalho de Melo --- diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c index 4a7b875125..3328d23c4b 100644 --- a/net/dccp/ccids/ccid2.c +++ b/net/dccp/ccids/ccid2.c @@ -234,7 +234,7 @@ static void ccid2_hc_tx_rto_expire(unsigned long data) ccid2_hc_tx_check_sanity(hctx); out: bh_unlock_sock(sk); -/* sock_put(sk); */ + sock_put(sk); } static void ccid2_start_rto_timer(struct sock *sk) @@ -399,10 +399,12 @@ out_invalid_option: return -1; } -static void ccid2_hc_tx_kill_rto_timer(struct ccid2_hc_tx_sock *hctx) +static void ccid2_hc_tx_kill_rto_timer(struct sock *sk) { - if (del_timer(&hctx->ccid2hctx_rtotimer)) - ccid2_pr_debug("deleted RTO timer\n"); + struct ccid2_hc_tx_sock *hctx = ccid2_hc_tx_sk(sk); + + sk_stop_timer(sk, &hctx->ccid2hctx_rtotimer); + ccid2_pr_debug("deleted RTO timer\n"); } static inline void ccid2_new_ack(struct sock *sk, @@ -496,17 +498,19 @@ static inline void ccid2_new_ack(struct sock *sk, } /* we got a new ack, so re-start RTO timer */ - ccid2_hc_tx_kill_rto_timer(hctx); + ccid2_hc_tx_kill_rto_timer(sk); ccid2_start_rto_timer(sk); } -static void ccid2_hc_tx_dec_pipe(struct ccid2_hc_tx_sock *hctx) +static void ccid2_hc_tx_dec_pipe(struct sock *sk) { + struct ccid2_hc_tx_sock *hctx = ccid2_hc_tx_sk(sk); + hctx->ccid2hctx_pipe--; BUG_ON(hctx->ccid2hctx_pipe < 0); if (hctx->ccid2hctx_pipe == 0) - ccid2_hc_tx_kill_rto_timer(hctx); + ccid2_hc_tx_kill_rto_timer(sk); } static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) @@ -627,7 +631,7 @@ static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) seqp->ccid2s_acked = 1; ccid2_pr_debug("Got ack for %llu\n", seqp->ccid2s_seq); - ccid2_hc_tx_dec_pipe(hctx); + ccid2_hc_tx_dec_pipe(sk); } if (seqp == hctx->ccid2hctx_seqt) { done = 1; @@ -674,7 +678,7 @@ static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) while (1) { if (!seqp->ccid2s_acked) { loss = 1; - ccid2_hc_tx_dec_pipe(hctx); + ccid2_hc_tx_dec_pipe(sk); } if (seqp == hctx->ccid2hctx_seqt) break; @@ -760,9 +764,9 @@ static int ccid2_hc_tx_init(struct sock *sk) static void ccid2_hc_tx_exit(struct sock *sk) { struct dccp_sock *dp = dccp_sk(sk); - struct ccid2_hc_tx_sock *hctx = dp->dccps_hc_tx_ccid_private; + struct ccid2_hc_tx_sock *hctx = ccid2_hc_tx_sk(sk); - ccid2_hc_tx_kill_rto_timer(hctx); + ccid2_hc_tx_kill_rto_timer(sk); kfree(hctx->ccid2hctx_seqbuf);