From patchwork Thu Sep 18 21:31:04 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vlad Yasevich X-Patchwork-Id: 553 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id E7157DDFE7 for ; Fri, 19 Sep 2008 07:31:19 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755788AbYIRVbO (ORCPT ); Thu, 18 Sep 2008 17:31:14 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755688AbYIRVbO (ORCPT ); Thu, 18 Sep 2008 17:31:14 -0400 Received: from g1t0026.austin.hp.com ([15.216.28.33]:14434 "EHLO g1t0026.austin.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754741AbYIRVbK (ORCPT ); Thu, 18 Sep 2008 17:31:10 -0400 Received: from smtp1.fc.hp.com (smtp.fc.hp.com [15.15.136.127]) by g1t0026.austin.hp.com (Postfix) with ESMTP id 02581D034; Thu, 18 Sep 2008 21:31:08 +0000 (UTC) Received: from localhost.localdomain (squirrel.fc.hp.com [15.11.146.57]) by smtp1.fc.hp.com (Postfix) with ESMTP id 12F0B203427; Thu, 18 Sep 2008 21:16:43 +0000 (UTC) From: Vlad Yasevich To: davem@davemloft.net Cc: linux-sctp@vger.kernel.org, lksctp-developers@lists.sourceforge.net, netdev@vger.kernel.org, Vlad Yasevich Subject: [PATCH 2/2] sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH Date: Thu, 18 Sep 2008 17:31:04 -0400 Message-Id: <1221773464-28845-2-git-send-email-vladislav.yasevich@hp.com> X-Mailer: git-send-email 1.5.3.5 In-Reply-To: <1221773464-28845-1-git-send-email-vladislav.yasevich@hp.com> References: <1221773464-28845-1-git-send-email-vladislav.yasevich@hp.com> X-Brightmail-Tracker: AAAAAQAAAAI= X-Whitelist: TRUE Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If INIT-ACK is received with SupportedExtensions parameter which indicates that the peer does not support AUTH, the packet will be silently ignore, and sctp_process_init() do cleanup all of the transports in the association. When T1-Init timer is expires, OOPS happen while we try to choose a different init transport. The solution is to only clean up the non-active transports, i.e the ones that the peer added. However, that introduces a problem with sctp_connectx(), because we don't mark the proper state for the transports provided by the user. So, we'll simply mark user-provided transports as ACTIVE. That will allow INIT retransmissions to work properly in the sctp_connectx() context and prevent the crash. Signed-off-by: Vlad Yasevich diff --git a/net/sctp/associola.c b/net/sctp/associola.c index 8472b8b..abd51ce 100644 --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -599,11 +599,12 @@ struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc, /* Check to see if this is a duplicate. */ peer = sctp_assoc_lookup_paddr(asoc, addr); if (peer) { + /* An UNKNOWN state is only set on transports added by + * user in sctp_connectx() call. Such transports should be + * considered CONFIRMED per RFC 4960, Section 5.4. + */ if (peer->state == SCTP_UNKNOWN) { - if (peer_state == SCTP_ACTIVE) - peer->state = SCTP_ACTIVE; - if (peer_state == SCTP_UNCONFIRMED) - peer->state = SCTP_UNCONFIRMED; + peer->state = SCTP_ACTIVE; } return peer; } diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index fe94f42..b599cbb 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2321,12 +2321,10 @@ clean_up: /* Release the transport structures. */ list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { transport = list_entry(pos, struct sctp_transport, transports); - list_del_init(pos); - sctp_transport_free(transport); + if (transport->state != SCTP_ACTIVE) + sctp_assoc_rm_peer(asoc, transport); } - asoc->peer.transport_count = 0; - nomem: return 0; }