From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Karl Heiss <kheiss@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>,
Vlad Yasevich <vyasevich@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 09/98] sctp: Use correct sideffect command in duplicate cookie handling
Date: Tue, 26 Mar 2013 15:41:58 -0700 [thread overview]
Message-ID: <20130326224243.410107448@linuxfoundation.org> (raw)
In-Reply-To: <20130326224242.449070940@linuxfoundation.org>
3.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Yasevich <vyasevich@gmail.com>
[ Upstream commit f2815633504b442ca0b0605c16bf3d88a3a0fcea ]
When SCTP is done processing a duplicate cookie chunk, it tries
to delete a newly created association. For that, it has to set
the right association for the side-effect processing to work.
However, when it uses the SCTP_CMD_NEW_ASOC command, that performs
more work then really needed (like hashing the associationa and
assigning it an id) and there is no point to do that only to
delete the association as a next step. In fact, it also creates
an impossible condition where an association may be found by
the getsockopt() call, and that association is empty. This
causes a crash in some sctp getsockopts.
The solution is rather simple. We simply use SCTP_CMD_SET_ASOC
command that doesn't have all the overhead and does exactly
what we need.
Reported-by: Karl Heiss <kheiss@gmail.com>
Tested-by: Karl Heiss <kheiss@gmail.com>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/sm_statefuns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2082,7 +2082,7 @@ sctp_disposition_t sctp_sf_do_5_2_4_dupc
}
/* Delete the tempory new association. */
- sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
+ sctp_add_cmd_sf(commands, SCTP_CMD_SET_ASOC, SCTP_ASOC(new_asoc));
sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
/* Restore association pointer to provide SCTP command interpeter
next prev parent reply other threads:[~2013-03-26 22:41 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-26 22:41 [ 00/98] 3.8.5-stable review Greg Kroah-Hartman
2013-03-26 22:41 ` [ 01/98] USB: EHCI: work around silicon bug in Intels EHCI controllers Greg Kroah-Hartman
2013-03-26 22:41 ` [ 02/98] sunsu: Fix panic in case of nonexistent port at "console=ttySY" cmdline option Greg Kroah-Hartman
2013-03-26 22:41 ` [ 03/98] net/ipv4: Ensure that location of timestamp option is stored Greg Kroah-Hartman
2013-03-26 22:41 ` [ 04/98] bridge: reserve space for IFLA_BRPORT_FAST_LEAVE Greg Kroah-Hartman
2013-03-26 22:41 ` [ 05/98] netconsole: dont call __netpoll_cleanup() while atomic Greg Kroah-Hartman
2013-03-26 22:41 ` [ 06/98] batman-adv: verify tt len does not exceed packet len Greg Kroah-Hartman
2013-03-26 22:41 ` [ 07/98] bonding: dont call update_speed_duplex() under spinlocks Greg Kroah-Hartman
2013-03-26 22:41 ` [ 08/98] tg3: 5715 does not link up when autoneg off Greg Kroah-Hartman
2013-03-26 22:41 ` Greg Kroah-Hartman [this message]
2013-03-26 22:41 ` [ 10/98] sctp: dont break the loop while meeting the active_path so as to find the matched transport Greg Kroah-Hartman
2013-03-26 22:42 ` [ 11/98] ipv4: fix definition of FIB_TABLE_HASHSZ Greg Kroah-Hartman
2013-03-26 22:42 ` [ 12/98] net: qmi_wwan: set correct altsetting for Gobi 1K devices Greg Kroah-Hartman
2013-03-26 22:42 ` [ 13/98] tcp: fix skb_availroom() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 14/98] skb: Propagate pfmemalloc on skb from head page only Greg Kroah-Hartman
2013-03-26 22:42 ` [ 15/98] Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally" Greg Kroah-Hartman
2013-03-26 22:42 ` [ 16/98] rtnetlink: Mask the rta_type when range checking Greg Kroah-Hartman
2013-03-26 22:42 ` [ 17/98] net: cdc_ncm, cdc_mbim: allow user to prefer NCM for backwards compatibility Greg Kroah-Hartman
2013-03-26 22:42 ` [ 18/98] bnx2x: add missing napi deletion in error path Greg Kroah-Hartman
2013-03-26 22:42 ` [ 19/98] vhost/net: fix heads usage of ubuf_info Greg Kroah-Hartman
2013-03-26 22:42 ` [ 20/98] bnx2x: fix occasional statistics off-by-4GB error Greg Kroah-Hartman
2013-03-26 22:42 ` [ 21/98] tcp: dont handle MTU reduction on LISTEN socket Greg Kroah-Hartman
2013-03-26 22:42 ` [ 22/98] inet: limit length of fragment queue hash table bucket lists Greg Kroah-Hartman
2013-03-26 22:42 ` [ 23/98] drivers/net/ethernet/sfc/ptp.c: adjust duplicate test Greg Kroah-Hartman
2013-03-26 22:42 ` [ 24/98] sfc: Properly sync RX DMA buffer when it is not the last in the page Greg Kroah-Hartman
2013-03-26 22:42 ` [ 25/98] sfc: Fix efx_rx_buf_offset() in the presence of swiotlb Greg Kroah-Hartman
2013-03-26 22:42 ` [ 26/98] sfc: Detach net device when stopping queues for reconfiguration Greg Kroah-Hartman
2013-03-26 22:42 ` [ 27/98] sfc: Disable soft interrupt handling during efx_device_detach_sync() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 28/98] sfc: Only use TX push if a single descriptor is to be written Greg Kroah-Hartman
2013-03-26 22:42 ` [ 29/98] ALSA: hda/cirrus - Fix the digital beep registration Greg Kroah-Hartman
2013-03-26 22:42 ` [ 30/98] ALSA: hda - Fix typo in checking IEC958 emphasis bit Greg Kroah-Hartman
2013-03-26 22:42 ` [ 31/98] ALSA: usb: Parse UAC2 extension unit like for UAC1 Greg Kroah-Hartman
2013-03-26 22:42 ` [ 32/98] ALSA: snd-usb: mixer: propagate errors up the call chain Greg Kroah-Hartman
2013-03-26 22:42 ` [ 33/98] ALSA: snd-usb: mixer: ignore -EINVAL in snd_usb_mixer_controls() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 34/98] saner proc_get_inode() calling conventions Greg Kroah-Hartman
2013-03-26 22:42 ` [ 35/98] vfs,proc: guarantee unique inodes in /proc Greg Kroah-Hartman
2013-03-26 22:42 ` [ 36/98] Revert "drm/i915: try to train DP even harder" Greg Kroah-Hartman
2013-03-26 22:42 ` [ 37/98] drm/i915: restrict kernel address leak in debugfs Greg Kroah-Hartman
2013-03-26 22:42 ` [ 38/98] tracing: Fix race in snapshot swapping Greg Kroah-Hartman
2013-03-26 22:42 ` [ 39/98] tracing: Fix free of probe entry by calling call_rcu_sched() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 40/98] tracing: Protect tracer flags with trace_types_lock Greg Kroah-Hartman
2013-03-26 22:42 ` [ 41/98] tracing: Keep overwrite in sync between regular and snapshot buffers Greg Kroah-Hartman
2013-03-26 22:42 ` [ 42/98] rtlwifi: rtl8192cu: Fix schedule while atomic bug splat Greg Kroah-Hartman
2013-03-26 22:42 ` [ 43/98] rtlwifi: rtl8192cu: Fix problem that prevents reassociation Greg Kroah-Hartman
2013-03-26 22:42 ` [ 44/98] mwifiex: fix potential out-of-boundary access to ibss rate table Greg Kroah-Hartman
2013-03-26 22:42 ` [ 45/98] drm/i915: bounds check execbuffer relocation count Greg Kroah-Hartman
2013-03-26 22:42 ` [ 46/98] Revert "drm/i915: write backlight harder" Greg Kroah-Hartman
2013-03-26 22:42 ` [ 47/98] i2c: tegra: check the clk_prepare_enable() return value Greg Kroah-Hartman
2013-03-26 22:42 ` [ 48/98] KMS: fix EDID detailed timing vsync parsing Greg Kroah-Hartman
2013-03-26 22:42 ` [ 49/98] KMS: fix EDID detailed timing frame rate Greg Kroah-Hartman
2013-03-26 22:42 ` [ 50/98] drivers/rtc/rtc-at91rm9200.c: use a variable for storing IMR Greg Kroah-Hartman
2013-03-26 22:42 ` [ 51/98] mm/hugetlb: fix total hugetlbfs pages count when using memory overcommit accouting Greg Kroah-Hartman
2013-03-26 22:42 ` [ 52/98] drivers/video/ep93xx-fb.c: include <linux/io.h> for devm_ioremap() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 53/98] mqueue: sys_mq_open: do not call mnt_drop_write() if read-only Greg Kroah-Hartman
2013-03-26 22:42 ` [ 54/98] target/iscsi: Fix mutual CHAP auth on big-endian arches Greg Kroah-Hartman
2013-03-26 22:42 ` [ 55/98] target/file: Bump FD_MAX_SECTORS to 2048 to handle 1M sized I/Os Greg Kroah-Hartman
2013-03-26 22:42 ` [ 56/98] ARM: tegra: fix register address of slink controller Greg Kroah-Hartman
2013-03-26 22:42 ` [ 57/98] dm thin: fix discard corruption Greg Kroah-Hartman
2013-03-26 22:42 ` [ 58/98] dm verity: avoid deadlock Greg Kroah-Hartman
2013-03-26 22:42 ` [ 59/98] drm/mgag200: Bug fix: Modified pll algorithm for EH project Greg Kroah-Hartman
2013-03-26 22:42 ` [ 60/98] drm/radeon: add Richland pci ids Greg Kroah-Hartman
2013-03-26 22:42 ` [ 61/98] drm/radeon: add support for Richland APUs Greg Kroah-Hartman
2013-03-26 22:42 ` [ 62/98] drm/radeon: fix S/R on VM systems (cayman/TN/SI) Greg Kroah-Hartman
2013-03-26 22:42 ` [ 63/98] drm/radeon: fix backend map setup on 1 RB trinity boards Greg Kroah-Hartman
2013-03-26 22:42 ` [ 64/98] drm/radeon/benchmark: make sure bo blit copy exists before using it Greg Kroah-Hartman
2013-03-26 22:42 ` [ 65/98] cifs: delay super block destruction until all cifsFileInfo objects are gone Greg Kroah-Hartman
2013-03-26 22:42 ` [ 66/98] cifs: ignore everything in SPNEGO blob after mechTypes Greg Kroah-Hartman
2013-03-26 22:42 ` [ 67/98] jbd2: fix use after free in jbd2_journal_dirty_metadata() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 68/98] ext4: fix the wrong number of the allocated blocks in ext4_split_extent() Greg Kroah-Hartman
2013-03-26 22:42 ` [ 69/98] usb-storage: add unusual_devs entry for Samsung YP-Z3 mp3 player Greg Kroah-Hartman
2013-03-26 22:42 ` [ 70/98] ext4: use atomic64_t for the per-flexbg free_clusters count Greg Kroah-Hartman
2013-03-26 22:43 ` [ 71/98] ext4: use s_extent_max_zeroout_kb value as number of kb Greg Kroah-Hartman
2013-03-26 22:43 ` [ 72/98] ext4: fix data=journal fast mount/umount hang Greg Kroah-Hartman
2013-03-26 22:43 ` [ 73/98] IPoIB: Fix send lockup due to missed TX completion Greg Kroah-Hartman
2013-03-26 22:43 ` [ 74/98] watchdog: sp5100_tco: Set the AcpiMmioSel bitmask value to 1 instead of 2 Greg Kroah-Hartman
2013-03-26 22:43 ` [ 75/98] watchdog: sp5100_tco: Remove code that may cause a boot failure Greg Kroah-Hartman
2013-03-26 22:43 ` [ 76/98] md/raid5: schedule_construction should abort if nothing to do Greg Kroah-Hartman
2013-03-26 22:43 ` [ 77/98] MD RAID5: Avoid accessing gendisk or queue structs when not available Greg Kroah-Hartman
2013-03-26 22:43 ` [ 78/98] md/raid5: ensure sync and DISCARD dont happen at the same time Greg Kroah-Hartman
2013-03-26 22:43 ` [ 79/98] nfsd: fix bad offset use Greg Kroah-Hartman
2013-03-26 22:43 ` [ 80/98] clockevents: Dont allow dummy broadcast timers Greg Kroah-Hartman
2013-03-26 22:43 ` [ 81/98] x86-64: Fix the failure case in copy_user_handle_tail() Greg Kroah-Hartman
2013-03-26 22:43 ` [ 82/98] USB: xhci - fix bit definitions for IMAN register Greg Kroah-Hartman
2013-03-26 22:43 ` [ 83/98] USB: xhci: correctly enable interrupts Greg Kroah-Hartman
2013-03-26 22:43 ` [ 84/98] USB: cdc-acm: fix device unregistration Greg Kroah-Hartman
2013-03-26 22:43 ` [ 85/98] USB: EHCI: fix regression during bus resume Greg Kroah-Hartman
2013-03-26 22:43 ` [ 86/98] USB: EHCI: fix regression in QH unlinking Greg Kroah-Hartman
2013-03-26 22:43 ` [ 87/98] usb: gadget: ffs: fix enable multiple instances Greg Kroah-Hartman
2013-03-26 22:43 ` [ 88/98] USB: serial: fix interface refcounting Greg Kroah-Hartman
2013-03-26 22:43 ` [ 89/98] efivars: Allow disabling use as a pstore backend Greg Kroah-Hartman
2013-03-26 22:43 ` [ 90/98] efivars: Add module parameter to disable " Greg Kroah-Hartman
2013-03-26 22:43 ` [ 91/98] efivars: Fix check for CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE Greg Kroah-Hartman
2013-03-26 22:43 ` [ 92/98] ACPI: Rework acpi_get_child() to be more efficient Greg Kroah-Hartman
2013-03-26 22:43 ` [ 93/98] udf: Fix bitmap overflow on large filesystems with small block size Greg Kroah-Hartman
2013-03-26 22:43 ` [ 94/98] USB: garmin_gps: fix memory leak on disconnect Greg Kroah-Hartman
2013-03-26 22:43 ` [ 95/98] USB: io_ti: fix get_icount for two port adapters Greg Kroah-Hartman
2013-03-26 22:43 ` [ 96/98] usb: musb: da8xx: Fix build breakage due to typo Greg Kroah-Hartman
2013-03-26 22:43 ` [ 97/98] ARM: DMA-mapping: add missing GFP_DMA flag for atomic buffer allocation Greg Kroah-Hartman
2013-03-26 22:43 ` [ 98/98] rt2x00: error in configurations with mesh support disabled Greg Kroah-Hartman
2013-03-27 18:34 ` [ 00/98] 3.8.5-stable review Shuah Khan
2013-03-27 18:40 ` Greg Kroah-Hartman
2013-03-28 14:12 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130326224243.410107448@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=kheiss@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=stable@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).