git: 2a93ba42c49a - stable/13 - sctp: improve stopping of timers
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 Feb 2023 22:45:30 UTC
The branch stable/13 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=2a93ba42c49a130bc56cb3cf2092a8e35a8d2b04
commit 2a93ba42c49a130bc56cb3cf2092a8e35a8d2b04
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-04-19 19:29:41 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-02-01 22:45:08 +0000
sctp: improve stopping of timers
Reported by: syzbot+c9c70062320aaad19de7@syzkaller.appspotmail.com
MFC after: 3 days
(cherry picked from commit 868868f14efcd7e127dae6e87550357c6cdb9c6d)
---
sys/netinet/sctputil.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c
index 45e06ef769e0..5f18e564cf21 100644
--- a/sys/netinet/sctputil.c
+++ b/sys/netinet/sctputil.c
@@ -2869,20 +2869,23 @@ sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
* counts that were incremented in sctp_timer_start().
*/
if (tmr->ep != NULL) {
- SCTP_INP_DECR_REF(inp);
tmr->ep = NULL;
+ SCTP_INP_DECR_REF(inp);
}
if (tmr->tcb != NULL) {
- atomic_subtract_int(&stcb->asoc.refcnt, 1);
tmr->tcb = NULL;
+ atomic_subtract_int(&stcb->asoc.refcnt, 1);
}
if (tmr->net != NULL) {
+ struct sctp_nets *tmr_net;
+
/*
* Can't use net, since it doesn't work for
* SCTP_TIMER_TYPE_ASCONF.
*/
- sctp_free_remote_addr((struct sctp_nets *)tmr->net);
+ tmr_net = tmr->net;
tmr->net = NULL;
+ sctp_free_remote_addr((struct sctp_nets *)tmr_net);
}
} else {
SCTPDBG(SCTP_DEBUG_TIMER2,