{"id":553,"url":"http://patchwork.ozlabs.org/api/1.0/patches/553/?format=json","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.0/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<1221773464-28845-2-git-send-email-vladislav.yasevich@hp.com>","date":"2008-09-18T21:31:04","name":"[2/2] sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"e5e3285f8ffec75e9e8921df8bdf8d25a27742a1","submitter":{"id":279,"url":"http://patchwork.ozlabs.org/api/1.0/people/279/?format=json","name":"Vlad Yasevich","email":"vladislav.yasevich@hp.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1221773464-28845-2-git-send-email-vladislav.yasevich@hp.com/mbox/","series":[],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/553/checks/","tags":{},"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Received":["from vger.kernel.org (vger.kernel.org [209.132.176.167])\n\tby ozlabs.org (Postfix) with ESMTP id E7157DDFE7\n\tfor <patchwork-incoming@ozlabs.org>;\n\tFri, 19 Sep 2008 07:31:19 +1000 (EST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1755788AbYIRVbO (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tThu, 18 Sep 2008 17:31:14 -0400","(majordomo@vger.kernel.org) by vger.kernel.org id S1755688AbYIRVbO\n\t(ORCPT <rfc822; netdev-outgoing>); Thu, 18 Sep 2008 17:31:14 -0400","from g1t0026.austin.hp.com ([15.216.28.33]:14434 \"EHLO\n\tg1t0026.austin.hp.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1754741AbYIRVbK (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Thu, 18 Sep 2008 17:31:10 -0400","from smtp1.fc.hp.com (smtp.fc.hp.com [15.15.136.127])\n\tby g1t0026.austin.hp.com (Postfix) with ESMTP id 02581D034;\n\tThu, 18 Sep 2008 21:31:08 +0000 (UTC)","from localhost.localdomain (squirrel.fc.hp.com [15.11.146.57])\n\tby smtp1.fc.hp.com (Postfix) with ESMTP id 12F0B203427;\n\tThu, 18 Sep 2008 21:16:43 +0000 (UTC)"],"From":"Vlad Yasevich <vladislav.yasevich@hp.com>","To":"davem@davemloft.net","Cc":"linux-sctp@vger.kernel.org,\n\tlksctp-developers@lists.sourceforge.net, netdev@vger.kernel.org,\n\tVlad Yasevich <vladislav.yasevich@hp.com>","Subject":"[PATCH 2/2] sctp: Fix oops when INIT-ACK indicates that peer\n\tdoesn't support AUTH","Date":"Thu, 18 Sep 2008 17:31:04 -0400","Message-Id":"<1221773464-28845-2-git-send-email-vladislav.yasevich@hp.com>","X-Mailer":"git-send-email 1.5.3.5","In-Reply-To":"<1221773464-28845-1-git-send-email-vladislav.yasevich@hp.com>","References":"<1221773464-28845-1-git-send-email-vladislav.yasevich@hp.com>","X-Brightmail-Tracker":"AAAAAQAAAAI=","X-Whitelist":"TRUE","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"If INIT-ACK is received with SupportedExtensions parameter which\nindicates that the peer does not support AUTH, the packet will be\nsilently ignore, and sctp_process_init() do cleanup all of the\ntransports in the association.\nWhen T1-Init timer is expires, OOPS happen while we try to choose\na different init transport.\n\nThe solution is to only clean up the non-active transports, i.e\nthe ones that the peer added.  However, that introduces a problem\nwith sctp_connectx(), because we don't mark the proper state for\nthe transports provided by the user.  So, we'll simply mark\nuser-provided transports as ACTIVE.  That will allow INIT\nretransmissions to work properly in the sctp_connectx() context\nand prevent the crash.\n\nSigned-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>","diff":"diff --git a/net/sctp/associola.c b/net/sctp/associola.c\nindex 8472b8b..abd51ce 100644\n--- a/net/sctp/associola.c\n+++ b/net/sctp/associola.c\n@@ -599,11 +599,12 @@ struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc,\n \t/* Check to see if this is a duplicate. */\n \tpeer = sctp_assoc_lookup_paddr(asoc, addr);\n \tif (peer) {\n+\t\t/* An UNKNOWN state is only set on transports added by\n+\t\t * user in sctp_connectx() call.  Such transports should be\n+\t\t * considered CONFIRMED per RFC 4960, Section 5.4.\n+\t\t */\n \t\tif (peer->state == SCTP_UNKNOWN) {\n-\t\t\tif (peer_state == SCTP_ACTIVE)\n-\t\t\t\tpeer->state = SCTP_ACTIVE;\n-\t\t\tif (peer_state == SCTP_UNCONFIRMED)\n-\t\t\t\tpeer->state = SCTP_UNCONFIRMED;\n+\t\t\tpeer->state = SCTP_ACTIVE;\n \t\t}\n \t\treturn peer;\n \t}\ndiff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c\nindex fe94f42..b599cbb 100644\n--- a/net/sctp/sm_make_chunk.c\n+++ b/net/sctp/sm_make_chunk.c\n@@ -2321,12 +2321,10 @@ clean_up:\n \t/* Release the transport structures. */\n \tlist_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {\n \t\ttransport = list_entry(pos, struct sctp_transport, transports);\n-\t\tlist_del_init(pos);\n-\t\tsctp_transport_free(transport);\n+\t\tif (transport->state != SCTP_ACTIVE)\n+\t\t\tsctp_assoc_rm_peer(asoc, transport);\n \t}\n \n-\tasoc->peer.transport_count = 0;\n-\n nomem:\n \treturn 0;\n }\n","prefixes":["2/2"]}