tipc: unconditionally put sock refcnt when sock timer to be deleted is pending

As sock refcnt is taken when sock timer is started in
sk_reset_timer(), the sock refcnt should be put when sock timer
to be deleted is in pending state no matter what "probing_state"
value of tipc sock is.

Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 9370f953e16fc2a05941375439c0e031f6af2cbf..30ea82a9b0f13b44d34767241586a3d9648b906e 100644 (file)
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -410,7 +410,7 @@ static int tipc_release(struct socket *sock)
        struct net *net;
        struct tipc_sock *tsk;
        struct sk_buff *skb;
-       u32 dnode, probing_state;
+       u32 dnode;
 
        /*
         * Exit if socket isn't fully initialized (occurs when a failed accept()
@@ -448,10 +448,7 @@ static int tipc_release(struct socket *sock)
        }
 
        tipc_sk_withdraw(tsk, 0, NULL);
-       probing_state = tsk->probing_state;
-       if (del_timer_sync(&sk->sk_timer) &&
-           probing_state != TIPC_CONN_PROBING)
-               sock_put(sk);
+       sk_stop_timer(sk, &sk->sk_timer);
        tipc_sk_remove(tsk);
        if (tsk->connected) {
                skb = tipc_msg_create(TIPC_CRITICAL_IMPORTANCE,