[PATCH 3.11 02/25] net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Mark Thomas <Mark.Thomas@metaswitch.com>,
	Vlad Yasevich <vyasevich@gmail.com>,
	Daniel Borkmann <dborkman@redhat.com>,
	Neil Horman <nhorman@tuxdriver.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.11 02/25] net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb
Date: Mon, 18 Nov 2013 10:40:31 -0800	[thread overview]
Message-ID: <20131118184032.865440440@linuxfoundation.org> (raw)
In-Reply-To: <20131118184032.248465920@linuxfoundation.org>

3.11-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <dborkman@redhat.com>

[ Upstream commit 7926c1d5be0b7cbe5b8d5c788d7d39237e7b212c ]

Introduced in f9e42b853523 ("net: sctp: sideeffect: throw BUG if
primary_path is NULL"), we intended to find a buggy assoc that's
part of the assoc hash table with a primary_path that is NULL.
However, we better remove the BUG_ON for now and find a more
suitable place to assert for these things as Mark reports that
this also triggers the bug when duplication cookie processing
happens, and the assoc is not part of the hash table (so all
good in this case). Such a situation can for example easily be
reproduced by:

  tc qdisc add dev eth0 root handle 1: prio bands 2 priomap 1 1 1 1 1 1
  tc qdisc add dev eth0 parent 1:2 handle 20: netem loss 20%
  tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match ip \
            protocol 132 0xff match u8 0x0b 0xff at 32 flowid 1:2

This drops 20% of COOKIE-ACK packets. After some follow-up
discussion with Vlad we came to the conclusion that for now we
should still better remove this BUG_ON() assertion, and come up
with two follow-ups later on, that is, i) find a more suitable
place for this assertion, and possibly ii) have a special
allocator/initializer for such kind of temporary assocs.

Reported-by: Mark Thomas <Mark.Thomas@metaswitch.com>
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/sm_sideeffect.c |    1 -
 1 file changed, 1 deletion(-)

--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -866,7 +866,6 @@ static void sctp_cmd_delete_tcb(sctp_cmd
 	    (!asoc->temp) && (sk->sk_shutdown != SHUTDOWN_MASK))
 		return;

-	BUG_ON(asoc->peer.primary_path == NULL);
 	sctp_unhash_established(asoc);
 	sctp_association_free(asoc);
 }

next prev parent reply	other threads:[~2013-11-18 18:40 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-18 18:40 [PATCH 3.11 00/25] 3.11.9-stable review Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 01/25] net/mlx4_core: Fix call to __mlx4_unregister_mac Greg Kroah-Hartman
2013-11-18 18:40 ` Greg Kroah-Hartman [this message]
2013-11-18 18:40 ` [PATCH 3.11 03/25] net: flow_dissector: fail on evil iph->ihl Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 04/25] virtio-net: correctly handle cpu hotplug notifier during resuming Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 05/25] xen-netback: use jiffies_64 value to calculate credit timeout Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 06/25] cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 07/25] tcp: gso: fix truesize tracking Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 08/25] ipv6: ip6_dst_check needs to check for expired dst_entries Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 09/25] ipv6: reset dst.expires value when clearing expire flag Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 10/25] xen-netback: Handle backend state transitions in a more robust way Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 11/25] xen-netback: transition to CLOSED when removing a VIF Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 12/25] Thermal: x86_pkg_temp: change spin lock Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 13/25] hyperv-fb: add pci stub Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 14/25] USB: add new zte 3g-dongles pid to option.c Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 15/25] ALSA: hda - hdmi: Fix reported channel map on common default layouts Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 16/25] tracing: Fix potential out-of-bounds in trace_get_user() Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 17/25] drm/i915/dp: workaround BIOS eDP bpp clamping issue Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 18/25] perf: Fix perf ring buffer memory ordering Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 19/25] iwlwifi: pcie: add new SKUs for 7000 & 3160 NIC series Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 20/25] misc: atmel_pwm: add deferred-probing support Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 21/25] backlight: atmel-pwm-bl: fix deferred probe from __init Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 22/25] usb: fix cleanup after failure in hub_configure() Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 23/25] usb: fail on usb_hub_create_port_device() errors Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 24/25] usbcore: set lpm_capable field for LPM capable root hubs Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 25/25] media: sh_vou: almost forever loop in sh_vou_try_fmt_vid_out() Greg Kroah-Hartman
2013-11-19  3:09 ` [PATCH 3.11 00/25] 3.11.9-stable review Guenter Roeck
2013-11-20 11:06 ` Satoru Takeuchi
2013-11-20 15:26 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131118184032.865440440@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=Mark.Thomas@metaswitch.com \
    --cc=davem@davemloft.net \
    --cc=dborkman@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=stable@vger.kernel.org \
    --cc=vyasevich@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).