From patchwork Mon Feb 6 20:10:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcelo Ricardo Leitner X-Patchwork-Id: 724667 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vHJWT646Yz9s1y for ; Tue, 7 Feb 2017 07:11:01 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="jMe9fFsG"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752504AbdBFUK6 (ORCPT ); Mon, 6 Feb 2017 15:10:58 -0500 Received: from mail-qk0-f196.google.com ([209.85.220.196]:36061 "EHLO mail-qk0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752042AbdBFUK4 (ORCPT ); Mon, 6 Feb 2017 15:10:56 -0500 Received: by mail-qk0-f196.google.com with SMTP id i34so10162181qkh.3; Mon, 06 Feb 2017 12:10:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=sii3rAEhcppngl/J3YGvmuMcZivh3oe3Qy+S3Kae2iY=; b=jMe9fFsGVwz6qMuZKuxeRi13dNd/6O+dcKEauIXt0jXQWkioki2lBICH+MhZmgTzwO pwKZOcagHbPbSERoxnhwNG0ZkT6IAjgcdYuiiRswOPhIha6lvqsC+mywhxWyuY70Boc0 oAYo4Z2+7xnSWVRccAXvpKuS6T/DB0X7UVIGEkssBAD3QQrseV/LACnZAhaopklk4sxz FQ7QZzamN4UBGHY2UIw6bh+cd3XhTOv676HMJirv2cruNZMVRnao5b3lJ6dqCEMPCPPG 9KWWuD9Z3pZXkw11icaQsfX+em188932pJyXJBu17KJibYjzs4jtPA1bpbwObazRiv2/ iv8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=sii3rAEhcppngl/J3YGvmuMcZivh3oe3Qy+S3Kae2iY=; b=TTLNiprdCdbUWtwkKDBRPUN+QsR9pln+iODcL8qBoy34WLqjMtxNYnEdDm1e1Ol2wQ 2NM1KCJCyLUofo8rk44JcDz3kD3tnqdZcm99stjYAGJZLz2pL5KhOpQ2yM1fRKj7MxlO NBHoc6Tv2II/vIbFz/GsNoqQWEd7AfroWbXTq+yfvBE/VsOSyYy/tJvMFYjsThtHLhaE nHfFlrCHozgyowpkdQiETD/pcytPyAKbNa113xV9IVOS6+rkuvHQyK2EuZzaSJfnYv13 3uHqNTOnMv2wCHCuU+i1P8FKmRkhZe4/39RZzI5KD3a0jdpb0zdv/YWBmSEa3siU0P6G iigg== X-Gm-Message-State: AMke39kvZW7vPmOT6jpdMD10oRsWYY+rXojanAi1r87R6gG60qp9QOly2YCp0JpqBVPoFg== X-Received: by 10.55.163.80 with SMTP id m77mr12615000qke.157.1486411855643; Mon, 06 Feb 2017 12:10:55 -0800 (PST) Received: from localhost.localdomain.com ([168.181.48.165]) by smtp.gmail.com with ESMTPSA id r30sm1399376qtc.15.2017.02.06.12.10.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Feb 2017 12:10:55 -0800 (PST) From: Marcelo Ricardo Leitner To: netdev@vger.kernel.org Cc: linux-sctp@vger.kernel.org, Vlad Yasevich , Neil Horman , Alexander Popov Subject: [PATCH net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf Date: Mon, 6 Feb 2017 18:10:31 -0200 Message-Id: <90df61dca0e882ccc175bcec200b341b171b7406.1486411622.git.marcelo.leitner@gmail.com> X-Mailer: git-send-email 2.9.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Alexander Popov reported that an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data and meanwhile another thread peels off the association being used by the first thread. This patch replaces the BUG_ON call with a proper error handling. It will return -EPIPE to the original sendmsg call, similarly to what would have been done if the association wasn't found in the first place. Acked-by: Alexander Popov Signed-off-by: Marcelo Ricardo Leitner Reviewed-by: Xin Long --- Please consider this to -stable. Thanks net/sctp/socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 37eeab7899fc235a56bd2f4ccdb3e6c338a8d48e..e214d2e7e9a30c02847daf354668c42eeaffd0d6 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -7426,7 +7426,8 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, */ release_sock(sk); current_timeo = schedule_timeout(current_timeo); - BUG_ON(sk != asoc->base.sk); + if (sk != asoc->base.sk) + goto do_error; lock_sock(sk); *timeo_p = current_timeo;