mptcp: add data lock for sk timers

mptcp_data_lock() needs to be held when manipulating the msk
retransmit_timer or the sk sk_timer. This patch adds the data
lock for the both timers.

Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index e3db319..ea74122 100644 (file)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1605,8 +1605,10 @@ void __mptcp_push_pending(struct sock *sk, unsigned int flags)
 
 out:
        /* ensure the rtx timer is running */
+       mptcp_data_lock(sk);
        if (!mptcp_timer_pending(sk))
                mptcp_reset_timer(sk);
+       mptcp_data_unlock(sk);
        if (copied)
                __mptcp_check_send_data_fin(sk);
 }
@@ -2491,8 +2493,10 @@ static void __mptcp_retrans(struct sock *sk)
 reset_timer:
        mptcp_check_and_set_pending(sk);
 
+       mptcp_data_lock(sk);
        if (!mptcp_timer_pending(sk))
                mptcp_reset_timer(sk);
+       mptcp_data_unlock(sk);
 }
 
 static void mptcp_worker(struct work_struct *work)
@@ -2651,8 +2655,10 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how)
                } else {
                        pr_debug("Sending DATA_FIN on subflow %p", ssk);
                        tcp_send_ack(ssk);
+                       mptcp_data_lock(sk);
                        if (!mptcp_timer_pending(sk))
                                mptcp_reset_timer(sk);
+                       mptcp_data_unlock(sk);
                }
                break;
        }
@@ -2753,8 +2759,10 @@ static void __mptcp_destroy_sock(struct sock *sk)
        /* join list will be eventually flushed (with rst) at sock lock release time*/
        list_splice_init(&msk->conn_list, &conn_list);
 
+       mptcp_data_lock(sk);
        mptcp_stop_timer(sk);
        sk_stop_timer(sk, &sk->sk_timer);
+       mptcp_data_unlock(sk);
        msk->pm.status = 0;
 
        /* clears msk->subflow, allowing the following loop to close
@@ -2816,7 +2824,9 @@ cleanup:
                __mptcp_destroy_sock(sk);
                do_cancel_work = true;
        } else {
+               mptcp_data_lock(sk);
                sk_reset_timer(sk, &sk->sk_timer, jiffies + TCP_TIMEWAIT_LEN);
+               mptcp_data_unlock(sk);
        }
        release_sock(sk);
        if (do_cancel_work)
@@ -2861,8 +2871,10 @@ static int mptcp_disconnect(struct sock *sk, int flags)
                __mptcp_close_ssk(sk, ssk, subflow, MPTCP_CF_FASTCLOSE);
        }
 
+       mptcp_data_lock(sk);
        mptcp_stop_timer(sk);
        sk_stop_timer(sk, &sk->sk_timer);
+       mptcp_data_unlock(sk);
 
        if (mptcp_sk(sk)->token)
                mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL);