From: Geliang Tang <geliangtang@gmail.com> stable inclusion from stable-v4.19.312 commit 9c382bc16fa8f7499b0663398437e125cf4f763b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QG5Z CVE: CVE-2024-35910 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... --------------------------- [ Upstream commit 08b81d873126b413cda511b1ea1cbb0e99938bbd ] This patch added a new helper sk_stop_timer_sync, it deactivates a timer like sk_stop_timer, but waits for the handler to finish. Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Geliang Tang <geliangtang@gmail.com> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> Stable-dep-of: 151c9c724d05 ("tcp: properly terminate timers for kernel sockets") Signed-off-by: Sasha Levin <sashal@kernel.org> Conflicts: net/core/sock.c [This is because we backport 584f3742890e.] Signed-off-by: Liu Jian <liujian56@huawei.com> --- include/net/sock.h | 2 ++ net/core/sock.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/include/net/sock.h b/include/net/sock.h index 66e9c1060b13..fdce25c43fb3 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -2241,6 +2241,8 @@ void sk_reset_timer(struct sock *sk, struct timer_list *timer, void sk_stop_timer(struct sock *sk, struct timer_list *timer); +void sk_stop_timer_sync(struct sock *sk, struct timer_list *timer); + int __sk_queue_drop_skb(struct sock *sk, struct sk_buff_head *sk_queue, struct sk_buff *skb, unsigned int flags, void (*destructor)(struct sock *sk, diff --git a/net/core/sock.c b/net/core/sock.c index cc286bf0f1a4..f462fa055b74 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2826,6 +2826,13 @@ void sk_stop_timer(struct sock *sk, struct timer_list* timer) } EXPORT_SYMBOL(sk_stop_timer); +void sk_stop_timer_sync(struct sock *sk, struct timer_list *timer) +{ + if (del_timer_sync(timer)) + __sock_put(sk); +} +EXPORT_SYMBOL(sk_stop_timer_sync); + void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid) { sk_init_common(sk); -- 2.34.1