diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-11-14 05:56:56 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-11-16 16:57:45 -0500 |
commit | 709e8697af1c86772c1a6fccda6d4b0e2e226547 (patch) | |
tree | 6ff4c6cfc2f9b6274363ae2b0baa828b641af7a7 /net/ipv4/tcp_ipv4.c | |
parent | 46993f02d88ae9fc6dfb4e8625d80a1630e7863b (diff) |
tcp: clear xmit timers in tcp_v4_syn_recv_sock()
Simon Kirby reported divides by zero errors in __tcp_select_window()
This happens when inet_csk_route_child_sock() returns a NULL pointer :
We free new socket while we eventually armed keepalive timer in
tcp_create_openreq_child()
Fix this by a call to tcp_clear_xmit_timers()
[ This is a followup to commit 918eb39962dff (net: add missing
bh_unlock_sock() calls) ]
Reported-by: Simon Kirby <sim@hostway.ca>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Simon Kirby <sim@hostway.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index a7443159c400..a9db4b1a2215 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -1510,6 +1510,7 @@ exit: | |||
1510 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); | 1510 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); |
1511 | return NULL; | 1511 | return NULL; |
1512 | put_and_exit: | 1512 | put_and_exit: |
1513 | tcp_clear_xmit_timers(newsk); | ||
1513 | bh_unlock_sock(newsk); | 1514 | bh_unlock_sock(newsk); |
1514 | sock_put(newsk); | 1515 | sock_put(newsk); |
1515 | goto exit; | 1516 | goto exit; |