treewide: Convert del_timer*() to timer_shutdown*()

Due to several bugs caused by timers being re-armed after they are shutdown and just before they are freed, a new state of timers was added called "shutdown". After a timer is set to this state, then it can no longer be re-armed. The following script was run to find all the trivial locations where del_timer() or del_timer_sync() is called in the same function that the object holding the timer is freed. It also ignores any locations where the timer->function is modified between the del_timer*() and the free(), as that is not considered a "trivial" case. This was created by using a coccinelle script and the following commands: $ cat timer.cocci @@ expression ptr, slab; identifier timer, rfield; @@ ( - del_timer(&ptr->timer); + timer_shutdown(&ptr->timer); | - del_timer_sync(&ptr->timer); + timer_shutdown_sync(&ptr->timer); ) ... when strict when != ptr->timer ( kfree_rcu(ptr, rfield); | kmem_cache_free(slab, ptr); | kfree(ptr); ) $ spatch timer.cocci . > /tmp/t.patch $ patch -p1 < /tmp/t.patch Link: https://lore.kernel.org/lkml/20221123201306.823305113@linutronix.de/ Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Acked-by: Pavel Machek <pavel@ucw.cz> [ LED ] Acked-by: Kalle Valo <kvalo@kernel.org> [ wireless ] Acked-by: Paolo Abeni <pabeni@redhat.com> [ networking ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Steven Rostedt (Google) <rostedt@goodmis.org> 2022-12-20 13:45:19 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2022-12-25 13:38:09 -0800
commit: 292a089d78d3e2f7944e60bb897c977785a321e3 (patch)
tree: c9bdd3ea73fe57a35b358770998396cbc5813031 /net/tipc
parent: 72a85e2b0a1e1e6fb4ee51ae902730212b2de25c (diff)
download: linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.tar.gz
linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.tar.bz2
linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index e8dcdf267c0c..685389d4b245 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -388,7 +388,7 @@ int tipc_disc_create(struct net *net, struct tipc_bearer *b,
  */
 void tipc_disc_delete(struct tipc_discoverer *d)
 {
-	del_timer_sync(&d->timer);
+	timer_shutdown_sync(&d->timer);
 	kfree_skb(d->skb);
 	kfree(d);
 }
diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
index 9618e4429f0f..77a3d016cade 100644
--- a/net/tipc/monitor.c
+++ b/net/tipc/monitor.c
@@ -700,7 +700,7 @@ void tipc_mon_delete(struct net *net, int bearer_id)
 	}
 	mon->self = NULL;
 	write_unlock_bh(&mon->lock);
-	del_timer_sync(&mon->timer);
+	timer_shutdown_sync(&mon->timer);
 	kfree(self->domain);
 	kfree(self);
 	kfree(mon);
author	Steven Rostedt (Google) <rostedt@goodmis.org>	2022-12-20 13:45:19 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2022-12-25 13:38:09 -0800
commit	292a089d78d3e2f7944e60bb897c977785a321e3 (patch)
tree	c9bdd3ea73fe57a35b358770998396cbc5813031 /net/tipc
parent	72a85e2b0a1e1e6fb4ee51ae902730212b2de25c (diff)
download	linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.tar.gz linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.tar.bz2 linux-stable-292a089d78d3e2f7944e60bb897c977785a321e3.zip