[PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen

linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
@ 2024-10-07 16:25 Xin Long
  2024-10-07 16:45 ` Marcelo Ricardo Leitner
  2024-10-09 12:40 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Xin Long @ 2024-10-07 16:25 UTC (permalink / raw)
  To: network dev, linux-sctp
  Cc: davem, kuba, Eric Dumazet, Paolo Abeni, Marcelo Ricardo Leitner

If hashing fails in sctp_listen_start(), the socket remains in the
LISTENING state, even though it was not added to the hash table.
This can lead to a scenario where a socket appears to be listening
without actually being accessible.

This patch ensures that if the hashing operation fails, the sk_state
is set back to CLOSED before returning an error.

Note that there is no need to undo the autobind operation if hashing
fails, as the bind port can still be used for next listen() call on
the same socket.

Fixes: 76c6d988aeb3 ("sctp: add sock_reuseport for the sock in __sctp_hash_endpoint")
Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/sctp/socket.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 078bcb3858c7..36ee34f483d7 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -8531,6 +8531,7 @@ static int sctp_listen_start(struct sock *sk, int backlog)
 	struct sctp_endpoint *ep = sp->ep;
 	struct crypto_shash *tfm = NULL;
 	char alg[32];
+	int err;
 
 	/* Allocate HMAC for generating cookie. */
 	if (!sp->hmac && sp->sctp_hmac_alg) {
@@ -8558,18 +8559,25 @@ static int sctp_listen_start(struct sock *sk, int backlog)
 	inet_sk_set_state(sk, SCTP_SS_LISTENING);
 	if (!ep->base.bind_addr.port) {
 		if (sctp_autobind(sk)) {
-			inet_sk_set_state(sk, SCTP_SS_CLOSED);
-			return -EAGAIN;
+			err = -EAGAIN;
+			goto err;
 		}
 	} else {
 		if (sctp_get_port(sk, inet_sk(sk)->inet_num)) {
-			inet_sk_set_state(sk, SCTP_SS_CLOSED);
-			return -EADDRINUSE;
+			err = -EADDRINUSE;
+			goto err;
 		}
 	}
 
 	WRITE_ONCE(sk->sk_max_ack_backlog, backlog);
-	return sctp_hash_endpoint(ep);
+	err = sctp_hash_endpoint(ep);
+	if (err)
+		goto err;
+
+	return 0;
+err:
+	inet_sk_set_state(sk, SCTP_SS_CLOSED);
+	return err;
 }
 
 /*
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
  2024-10-07 16:25 [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Xin Long
@ 2024-10-07 16:45 ` Marcelo Ricardo Leitner
  2024-10-09 12:40 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Marcelo Ricardo Leitner @ 2024-10-07 16:45 UTC (permalink / raw)
  To: Xin Long; +Cc: network dev, linux-sctp, davem, kuba, Eric Dumazet, Paolo Abeni

On Mon, Oct 07, 2024 at 12:25:11PM -0400, Xin Long wrote:
> If hashing fails in sctp_listen_start(), the socket remains in the
> LISTENING state, even though it was not added to the hash table.
> This can lead to a scenario where a socket appears to be listening
> without actually being accessible.
> 
> This patch ensures that if the hashing operation fails, the sk_state
> is set back to CLOSED before returning an error.
> 
> Note that there is no need to undo the autobind operation if hashing
> fails, as the bind port can still be used for next listen() call on
> the same socket.
> 
> Fixes: 76c6d988aeb3 ("sctp: add sock_reuseport for the sock in __sctp_hash_endpoint")
> Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
  2024-10-07 16:25 [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Xin Long
  2024-10-07 16:45 ` Marcelo Ricardo Leitner
@ 2024-10-09 12:40 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-10-09 12:40 UTC (permalink / raw)
  To: Xin Long; +Cc: netdev, linux-sctp, davem, kuba, edumazet, pabeni,
	marcelo.leitner

Hello:

This patch was applied to netdev/net.git (main)
by David S. Miller <davem@davemloft.net>:

On Mon,  7 Oct 2024 12:25:11 -0400 you wrote:
> If hashing fails in sctp_listen_start(), the socket remains in the
> LISTENING state, even though it was not added to the hash table.
> This can lead to a scenario where a socket appears to be listening
> without actually being accessible.
> 
> This patch ensures that if the hashing operation fails, the sk_state
> is set back to CLOSED before returning an error.
> 
> [...]

Here is the summary with links:
  - [net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
    https://git.kernel.org/netdev/net/c/4d5c70e6155d

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-10-09 12:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-07 16:25 [PATCH net] sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Xin Long
2024-10-07 16:45 ` Marcelo Ricardo Leitner
2024-10-09 12:40 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).