From patchwork Fri Feb 15 21:36:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 1043204 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="S5+4u0cr"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 441RRX1nmQz9s5c for ; Sat, 16 Feb 2019 08:36:56 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392312AbfBOVgy (ORCPT ); Fri, 15 Feb 2019 16:36:54 -0500 Received: from mail-yb1-f202.google.com ([209.85.219.202]:55420 "EHLO mail-yb1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728755AbfBOVgy (ORCPT ); Fri, 15 Feb 2019 16:36:54 -0500 Received: by mail-yb1-f202.google.com with SMTP id x132so6575014ybx.22 for ; Fri, 15 Feb 2019 13:36:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=RIlBgm0R0GwDrDQjcSBkCSNd4fNmu49DlzMpSv4jdgw=; b=S5+4u0crlfXTOjb3IK4u8UQwthEijdtcsr6j3MW+6pB0DM2nyrEgdrqg+GHSdG5/SJ dsoIoi3wAlFitDIQ+svpWAYruCOTDKxRFh8pLf/YFLyOiKaHp0+WIfs+1CrYAJosiPuG 6iH/ZjfZfL7+A2NIZYLCsZOrExfuj+97CrJjLwZWjXi4cibKRXnCvG5WNviQiOM6M3p1 lWtV4IPBbDTiBomPDsjEQsycuVv/gLhFLVjD6obbkUc6GV9EjkJbvQnAPNHVZ6ci5RKs sC5Lf927e9T20addztjySylu1ReVznnuvZcTlYNNG9g10sv/2J0ij7+lPjkJDkYKru2f 4W9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=RIlBgm0R0GwDrDQjcSBkCSNd4fNmu49DlzMpSv4jdgw=; b=g+VZXVmmAmuwKaE2HjgcmmxX62Llbf/HdnkVzkuP7WAQdPczH08B/dguxrC/2Bvcn+ KMT/4skbBOatFtex6yeDtMbgMpUxkfBpX3Cvj9kgnlpkLUgu9KtiYLRXR+a7GFpYkK+D TReRSAEBaaWyT7d+juqYCaTKjJyFq5qRcmCdmRInhxtHsN7OcapczHgLvyBPNru7ByDG aodxA1ougB+0juqwqWbjf/SUEpKfxBEdxeppmyaNiO9R7k6nMt41+bmagqTOuZ3TJMLX KyWu1jb4oMU1+FLH9fGHSiMqYrLVy7FbilqN57pbsy3jMYPbBR8TMGPu9TJMURJKRVhn x49w== X-Gm-Message-State: AHQUAuZvEG75OrA6HJdKw/teO5gN9uCa26sSgMDIZ9suVgFVDkFMHwYE tRTZps744Di43iqAzeRL5ck3yUjczCe4Iw== X-Google-Smtp-Source: AHgI3IaVdrHF0AyTrOsGvzGiE9lUrBaYBqffv8NOS+qJYmlOvP6rGIv9kD8iqdrdvdDf6tjNZn9Sn4xaaC4qKg== X-Received: by 2002:a25:8e0a:: with SMTP id p10mr4687302ybl.83.1550266613689; Fri, 15 Feb 2019 13:36:53 -0800 (PST) Date: Fri, 15 Feb 2019 13:36:21 -0800 In-Reply-To: <20190215213621.183537-1-edumazet@google.com> Message-Id: <20190215213621.183537-3-edumazet@google.com> Mime-Version: 1.0 References: <20190215213621.183537-1-edumazet@google.com> X-Mailer: git-send-email 2.21.0.rc0.258.g878e2cd30e-goog Subject: [PATCH net 2/2] tcp: tcp_v4_err() should be more careful From: Eric Dumazet To: "David S . Miller" Cc: netdev , Eric Dumazet , Eric Dumazet , Neal Cardwell , Yuchung Cheng , soukjin bae Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org ICMP handlers are not very often stressed, we should make them more resilient to bugs that might surface in the future. If there is no packet in retransmit queue, we should avoid a NULL deref. Signed-off-by: Eric Dumazet Reported-by: soukjin bae Acked-by: Neal Cardwell Acked-by: Soheil Hassas Yeganeh --- net/ipv4/tcp_ipv4.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index efc6fef692ffdca4dcdd3f4b87a837656dd66c8c..ec3cea9d68288244d8e03b655d06f91640c36ee7 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -536,12 +536,15 @@ int tcp_v4_err(struct sk_buff *icmp_skb, u32 info) if (sock_owned_by_user(sk)) break; + skb = tcp_rtx_queue_head(sk); + if (WARN_ON_ONCE(!skb)) + break; + icsk->icsk_backoff--; icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) : TCP_TIMEOUT_INIT; icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX); - skb = tcp_rtx_queue_head(sk); tcp_mstamp_refresh(tp); delta_us = (u32)(tp->tcp_mstamp - tcp_skb_timestamp_us(skb));