Commit b815f0f3 authored by Nguyen Dinh Phi's avatar Nguyen Dinh Phi Committed by Hui Tang
Browse files

netrom: Decrease sock refcount when sock timers expire 

stable inclusion
from stable-v4.19.199
commit 9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4JQ
CVE: CVE-2021-47294

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950



---------------------------

[ Upstream commit 517a16b1 ]

Commit 63346650 ("netrom: switch to sock timer API") switched to use
sock timer API. It replaces mod_timer() by sk_reset_timer(), and
del_timer() by sk_stop_timer().

Function sk_reset_timer() will increase the refcount of sock if it is
called on an inactive timer, hence, in case the timer expires, we need to
decrease the refcount ourselves in the handler, otherwise, the sock
refcount will be unbalanced and the sock will never be freed.

Signed-off-by: default avatarNguyen Dinh Phi <phind.uet@gmail.com>
Reported-by: default avatar <syzbot+10f1194569953b72f1ae@syzkaller.appspotmail.com>
Fixes: 63346650 ("netrom: switch to sock timer API")
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarHui Tang <tanghui20@huawei.com>
parent 5673bfb2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment