Xin Long a5d0034533 sctp: avoid running the sctp state machine recursively ... [ Upstream commit fbd019737d ] Ying triggered a call trace when doing an asconf testing: BUG: scheduling while atomic: swapper/12/0/0x10000100 Call Trace: <IRQ> [<ffffffffa4375904>] dump_stack+0x19/0x1b [<ffffffffa436fcaf>] __schedule_bug+0x64/0x72 [<ffffffffa437b93a>] __schedule+0x9ba/0xa00 [<ffffffffa3cd5326>] __cond_resched+0x26/0x30 [<ffffffffa437bc4a>] _cond_resched+0x3a/0x50 [<ffffffffa3e22be8>] kmem_cache_alloc_node+0x38/0x200 [<ffffffffa423512d>] __alloc_skb+0x5d/0x2d0 [<ffffffffc0995320>] sctp_packet_transmit+0x610/0xa20 [sctp] [<ffffffffc098510e>] sctp_outq_flush+0x2ce/0xc00 [sctp] [<ffffffffc098646c>] sctp_outq_uncork+0x1c/0x20 [sctp] [<ffffffffc0977338>] sctp_cmd_interpreter.isra.22+0xc8/0x1460 [sctp] [<ffffffffc0976ad1>] sctp_do_sm+0xe1/0x350 [sctp] [<ffffffffc099443d>] sctp_primitive_ASCONF+0x3d/0x50 [sctp] [<ffffffffc0977384>] sctp_cmd_interpreter.isra.22+0x114/0x1460 [sctp] [<ffffffffc0976ad1>] sctp_do_sm+0xe1/0x350 [sctp] [<ffffffffc097b3a4>] sctp_assoc_bh_rcv+0xf4/0x1b0 [sctp] [<ffffffffc09840f1>] sctp_inq_push+0x51/0x70 [sctp] [<ffffffffc099732b>] sctp_rcv+0xa8b/0xbd0 [sctp] As it shows, the first sctp_do_sm() running under atomic context (NET_RX softirq) invoked sctp_primitive_ASCONF() that uses GFP_KERNEL flag later, and this flag is supposed to be used in non-atomic context only. Besides, sctp_do_sm() was called recursively, which is not expected. Vlad tried to fix this recursive call in Commit c078669340 ("sctp: Fix oops when sending queued ASCONF chunks") by introducing a new command SCTP_CMD_SEND_NEXT_ASCONF. But it didn't work as this command is still used in the first sctp_do_sm() call, and sctp_primitive_ASCONF() will be called in this command again. To avoid calling sctp_do_sm() recursively, we send the next queued ASCONF not by sctp_primitive_ASCONF(), but by sctp_sf_do_prm_asconf() in the 1st sctp_do_sm() directly. Reported-by: Ying Xu <yinxu@redhat.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-05-08 07:20:44 +02:00
..
6lowpan	6lowpan: iphc: reset mac_header after decompress to fix panic	2018-10-03 17:00:47 -07:00
9p	9p: do not trust pdu content for stat item size	2019-04-20 09:15:04 +02:00
802	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
8021q	net: fix use-after-free in GRO with ESP	2018-07-22 14:28:44 +02:00
appletalk	appletalk: Fix use-after-free in atalk_proc_exit	2019-04-20 09:15:07 +02:00
atm	net: atm: Fix potential Spectre v1 vulnerabilities	2019-04-27 09:35:33 +02:00
ax25	ax25: fix possible use-after-free	2019-02-23 09:06:44 +01:00
batman-adv	batman-adv: fix uninit-value in batadv_interface_tx()	2019-02-27 10:08:06 +01:00
bluetooth	Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer	2019-04-03 06:25:07 +02:00
bpf
bridge	netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING	2019-05-04 09:15:18 +02:00
caif	net: caif: Add a missing rcu_read_unlock() in caif_flow_cb	2018-09-05 09:26:27 +02:00
can	can: bcm: check timer values before ktime conversion	2019-01-31 08:13:46 +01:00
ceph	libceph: wait for latest osdmap in ceph_monc_blacklist_add()	2019-03-27 14:13:51 +09:00
core	net: ethtool: not call vzalloc for zero sized memory request	2019-04-17 08:37:50 +02:00
dcb	net: dcb: For wild-card lookups, use priority -1, not 0	2018-09-19 22:43:43 +02:00
dccp	dccp: do not use ipv6 header for ipv4 flow	2019-04-03 06:25:08 +02:00
decnet	dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock	2018-02-25 11:07:52 +01:00
dns_resolver	KEYS: DNS: fix parsing multiple options	2018-07-22 14:28:49 +02:00
dsa	net: dsa: slave: Don't propagate flag changes on down slave interfaces	2019-02-12 19:46:11 +01:00
ethernet
hsr	net/hsr: fix possible crash in add_timer()	2019-03-19 13:13:22 +01:00
ieee802154	ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module	2019-04-27 09:35:40 +02:00
ife	net: sched: ife: check on metadata length	2018-04-29 11:33:13 +02:00
ipv4	ipv4: ip_do_fragment: Preserve skb_iif during fragmentation	2019-05-08 07:20:43 +02:00
ipv6	ipv6: invert flowlabel sharing check in process and user mode	2019-05-08 07:20:44 +02:00
ipx	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
iucv	net/iucv: Free memory obtained by kzalloc	2018-03-31 18:10:41 +02:00
kcm	kcm: switch order of device registration to fix a crash	2019-04-17 08:37:45 +02:00
key	af_key: unconditionally clone on broadcast	2019-03-23 14:35:14 +01:00
l2tp	l2tp: fix infoleak in l2tp_ip6_recvmsg()	2019-03-19 13:13:22 +01:00
l3mdev
lapb
llc	llc: do not use sk_eat_skb()	2018-12-01 09:42:51 +01:00
mac80211	mac80211: do not call driver wake_tx_queue op during reconfig	2019-04-27 09:35:38 +02:00
mac802154	net: mac802154: tx: expand tailroom if necessary	2018-09-09 19:55:52 +02:00
mpls	mpls: Return error for RTA_GATEWAY attribute	2019-03-13 14:03:09 -07:00
ncsi	net/ncsi: Fix length of GVI response packet	2017-10-21 01:56:38 +01:00
netfilter	netfilter: nft_set_rbtree: check for inactive element after flag mismatch	2019-05-04 09:15:18 +02:00
netlabel	netlabel: fix out-of-bounds memory accesses	2019-03-13 14:03:08 -07:00
netlink	genetlink: Fix a memory leak on error path	2019-04-03 06:25:08 +02:00
netrom	netrom: switch to sock timer API	2019-02-06 17:31:32 +01:00
nfc	net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails	2019-03-13 14:03:08 -07:00
nsh	nsh: set mac len based on inner packet	2018-07-22 14:28:49 +02:00
openvswitch	ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module	2019-04-27 09:35:40 +02:00
packet	packets: Always register packet sk in the same order	2019-04-03 06:25:09 +02:00
phonet	phonet: fix building with clang	2019-03-23 14:35:16 +01:00
psample	MAINTAINERS: Update Yotam's E-mail	2017-11-01 12:19:03 +09:00
qrtr	net: qrtr: Broadcast messages only from control port	2018-08-24 13:09:13 +02:00
rds	net: rds: exchange of 8K and 1M pool	2019-05-02 09:40:33 +02:00
rfkill	rfkill: gpio: fix memory leak in probe error path	2018-05-16 10:10:26 +02:00
rose	net/rose: fix unbound loop in rose_loopback_timer()	2019-05-02 09:40:34 +02:00
rxrpc	rxrpc: Fix client call queueing, waiting for channel	2019-03-19 13:13:23 +01:00
sched	net/sched: act_sample: fix divide by zero in the traffic path	2019-04-17 08:37:49 +02:00
sctp	sctp: avoid running the sctp state machine recursively	2019-05-08 07:20:44 +02:00
smc	net/smc: fix TCP fallback socket release	2019-01-09 17:14:46 +01:00
strparser	strparser: Remove early eaten to fix full tcp receive buffer stall	2018-07-22 14:28:47 +02:00
sunrpc	sunrpc: don't mark uninitialised items as VALID.	2019-05-02 09:40:29 +02:00
switchdev
tipc	tipc: check link name with right length in tipc_nl_compat_link_set	2019-05-02 09:40:32 +02:00
tls	net/tls: Fixed return value when tls_complete_pending_work() fails	2018-12-05 19:41:11 +01:00
unix	missing barriers in some of unix_sock ->addr and ->path accesses	2019-03-19 13:13:24 +01:00
vmw_vsock	vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock	2019-05-02 09:40:31 +02:00
wimax	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
wireless	cfg80211: extend range deviation for DMG	2019-03-05 17:58:02 +01:00
x25	net/x25: fix a race in x25_bind()	2019-03-19 13:13:23 +01:00
xfrm	xfrm: refine validation of template and selector families	2019-02-15 08:09:13 +01:00
compat.c	sock: Make sock->sk_stamp thread-safe	2019-01-09 17:14:46 +01:00
Kconfig	net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.	2017-09-04 13:25:20 +02:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
socket.c	net: socket: set sock->sk to NULL after calling proto_ops::release()	2019-03-13 14:03:09 -07:00
sysctl_net.c