Received: by 10.223.185.116 with SMTP id b49csp6423915wrg; Wed, 28 Feb 2018 09:09:50 -0800 (PST) X-Google-Smtp-Source: AH8x2257fAaobHf5T3kSam53EJ+QXzqD9oMuPD5gphuvAO0jVbSAEKsUvDJcKeVwygtIZ5so18O2 X-Received: by 10.101.92.6 with SMTP id u6mr14790698pgr.440.1519837789955; Wed, 28 Feb 2018 09:09:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519837789; cv=none; d=google.com; s=arc-20160816; b=y41r6hmExbRH25R8QfFq5ZpSywjljOuGMxxOH1rNUq/ZGc/KE32RexBHkGfi7Sdfbh n7EeNAUtVyWWStmHYYHZ7zxEi1JERar8A3kWeYzLzohKA4fZ7Mr3cjXAfcvKMBzEi9Vo Ei0+Zm2yBMVAbnIvIXPitNpIaHEIP3SHw6S178N5gU/x1F3iC4xfGlgZ3EiV8hAGhHsL 0w5Sqk6A84bbeWY1LMpoXyCL2Ly6Co843m66V2tXYNpc1tnApatwUHqUMgH2n9x/WPRd oUldkANKm5NGexkuF5bHJaWLtLkQsHCwDYLdZdMPKcZsB0sw6LvLZAUVo4Js35xW/wWO ZOdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=w59as75eFbcg758CELmHBnWyPqZ6o1CxK6fFl8F/35E=; b=hLIV1HDFWRIXB15cxsfqHh5+Qa32xJLubdH/Nk1OHqZJhG+4h29iVGdQGGFO5Hmym1 vJte4Ax3NaBz+YTbIWtPLKfSJFFViqEtC1Rk3GOOGvHvRMT8emotplFoz2PeNSTxWX3i DM4g5wQFJTyhiB+nXqLl6o48R867gSgg4l8W9yzX1zL+sH4viHgml+4f3RZm8fu89qD0 oO1VLCz1PpzzJR+AKUhQmwC2/Ty10av4bphmlkqPRxcbT08davBt72ptNkkMSKGKh0al 4a6Gd2vpzGSY8ndYsVvW/Z3iLlEj8fzQ9dE3IV459TdK2dEBlrrDMJ+EkhzekF3TNz3R LayA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u16si1244948pgo.695.2018.02.28.09.09.34; Wed, 28 Feb 2018 09:09:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933740AbeB1RI3 (ORCPT + 99 others); Wed, 28 Feb 2018 12:08:29 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:34300 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933632AbeB1PuE (ORCPT ); Wed, 28 Feb 2018 10:50:04 -0500 Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1er3Yn-0006Xh-W0; Wed, 28 Feb 2018 15:22:26 +0000 Received: from ben by deadeye with local (Exim 4.90_1) (envelope-from ) id 1er3Yk-0000IM-Id; Wed, 28 Feb 2018 15:22:22 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Alexey Kodanev" , "David S. Miller" , "Eric Dumazet" Date: Wed, 28 Feb 2018 15:20:18 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 229/254] dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state In-Reply-To: X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.55-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Alexey Kodanev commit dd5684ecae3bd8e44b644f50e2c12c7e57fdfef5 upstream. ccid2_hc_tx_rto_expire() timer callback always restarts the timer again and can run indefinitely (unless it is stopped outside), and after commit 120e9dabaf55 ("dccp: defer ccid_hc_tx_delete() at dismantle time"), which moved ccid_hc_tx_delete() (also includes sk_stop_timer()) from dccp_destroy_sock() to sk_destruct(), this started to happen quite often. The timer prevents releasing the socket, as a result, sk_destruct() won't be called. Found with LTP/dccp_ipsec tests running on the bonding device, which later couldn't be unloaded after the tests were completed: unregister_netdevice: waiting for bond0 to become free. Usage count = 148 Fixes: 2a91aa396739 ("[DCCP] CCID2: Initial CCID2 (TCP-Like) implementation") Signed-off-by: Alexey Kodanev Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings --- net/dccp/ccids/ccid2.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/dccp/ccids/ccid2.c +++ b/net/dccp/ccids/ccid2.c @@ -140,6 +140,9 @@ static void ccid2_hc_tx_rto_expire(unsig ccid2_pr_debug("RTO_EXPIRE\n"); + if (sk->sk_state == DCCP_CLOSED) + goto out; + /* back-off timer */ hc->tx_rto <<= 1; if (hc->tx_rto > DCCP_RTO_MAX)