mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-24 11:25:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/sctp
History
Xin Long c863850ce2 sctp: not free the new asoc when sctp_wait_for_connect returns err 
When sctp_wait_for_connect is called to wait for connect ready
for sp->strm_interleave in sctp_sendmsg_to_asoc, a panic could
be triggered if cpu is scheduled out and the new asoc is freed
elsewhere, as it will return err and later the asoc gets freed
again in sctp_sendmsg.

[  285.840764] list_del corruption, ffff9f0f7b284078->next is LIST_POISON1 (dead000000000100)
[  285.843590] WARNING: CPU: 1 PID: 8861 at lib/list_debug.c:47 __list_del_entry_valid+0x50/0xa0
[  285.846193] Kernel panic - not syncing: panic_on_warn set ...
[  285.846193]
[  285.848206] CPU: 1 PID: 8861 Comm: sctp_ndata Kdump: loaded Not tainted 4.19.0-rc7.label #584
[  285.850559] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  285.852164] Call Trace:
...
[  285.872210]  ? __list_del_entry_valid+0x50/0xa0
[  285.872894]  sctp_association_free+0x42/0x2d0 [sctp]
[  285.873612]  sctp_sendmsg+0x5a4/0x6b0 [sctp]
[  285.874236]  sock_sendmsg+0x30/0x40
[  285.874741]  ___sys_sendmsg+0x27a/0x290
[  285.875304]  ? __switch_to_asm+0x34/0x70
[  285.875872]  ? __switch_to_asm+0x40/0x70
[  285.876438]  ? ptep_set_access_flags+0x2a/0x30
[  285.877083]  ? do_wp_page+0x151/0x540
[  285.877614]  __sys_sendmsg+0x58/0xa0
[  285.878138]  do_syscall_64+0x55/0x180
[  285.878669]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

This is a similar issue with the one fixed in Commit ca3af4dd28
("sctp: do not free asoc when it is already dead in sctp_sendmsg").
But this one can't be fixed by returning -ESRCH for the dead asoc
in sctp_wait_for_connect, as it will break sctp_connect's return
value to users.

This patch is to simply set err to -ESRCH before it returns to
sctp_sendmsg when any err is returned by sctp_wait_for_connect
for sp->strm_interleave, so that no asoc would be freed due to
this.

When users see this error, they will know the packet hasn't been
sent. And it also makes sense to not free asoc because waiting
connect fails, like the second call for sctp_wait_for_connect in
sctp_sendmsg_to_asoc.

Fixes: 668c9beb90 ("sctp: implement assign_number for sctp_stream_interleave")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-17 22:12:46 -07:00
..
associola.c sctp: use the pmtu from the icmp packet to update transport pathmtu 2018-10-15 22:54:20 -07:00
auth.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
bind_addr.c
chunk.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
debug.c sctp: add SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN conversion in sctp_cname 2018-02-12 11:40:01 -05:00
diag.c sctp: add file comments in diag.c 2018-02-13 13:56:31 -05:00
endpointola.c treewide: Use struct_size() for kmalloc()-family 2018-06-06 11:15:43 -07:00
input.c sctp: use the pmtu from the icmp packet to update transport pathmtu 2018-10-15 22:54:20 -07:00
inqueue.c sctp: fix the issue that the cookie-ack with auth can't get processed 2018-05-02 11:15:33 -04:00
ipv6.c sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst 2018-07-04 11:36:54 +09:00
Kconfig sctp: whitespace fixes 2018-07-24 14:10:42 -07:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
offload.c net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
output.c sctp: use the pmtu from the icmp packet to update transport pathmtu 2018-10-15 22:54:20 -07:00
outqueue.c sctp: fix fall-through annotation 2018-10-03 09:33:13 -07:00
primitive.c
proc.c sctp: remove useless start_fail from sctp_ht_iter in proc 2018-08-27 15:13:17 -07:00
protocol.c sctp: add support for dscp and flowlabel per transport 2018-07-04 11:36:54 +09:00
sm_make_chunk.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-11 20:53:22 -04:00
sm_sideeffect.c sctp: whitespace fixes 2018-07-24 14:10:42 -07:00
sm_statefuns.c sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-07 23:39:10 -04:00
sm_statetable.c sctp: implement validate_ftsn for sctp_stream_interleave 2017-12-15 13:52:22 -05:00
socket.c sctp: not free the new asoc when sctp_wait_for_connect returns err 2018-10-17 22:12:46 -07:00
stream.c net/sctp: Replace in/out stream arrays with flex_array 2018-08-11 12:25:15 -07:00
stream_interleave.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched_prio.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched_rr.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
sysctl.c sctp: support sysctl to allow users to use stream interleave 2017-12-15 13:52:22 -05:00
transport.c sctp: update dst pmtu with the correct daddr 2018-09-20 11:29:30 -07:00
tsnmap.c
ulpevent.c sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 2018-05-10 17:48:36 -04:00
ulpqueue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-22 11:16:31 -05:00