提交 6345b199 编写于 作者: W Wei Yongjun 提交者: Vlad Yasevich

sctp: fix panic when T2-shutdown timer expire on removed transport

If T2-shutdown timer is expired on a removed transport, kernel
panic will occur when we do failure management on that transport.
You can reproduce this use the following sequence:

  Endpoint A                           Endpoint B
  (ESTABLISHED)                        (ESTABLISHED)

                <-----------------      SHUTDOWN
                                        (SRC=X)
  ASCONF        ----------------->
  (Delete IP Address = X)
                <-----------------      ASCONF-ACK
                                        (Success Indication)
                <-----------------      SHUTDOWN
                                        (T2-shutdown timer expire)
This patch fixed the problem.
Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
上级 a2c39584
...@@ -567,6 +567,14 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc, ...@@ -567,6 +567,14 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
if (asoc->init_last_sent_to == peer) if (asoc->init_last_sent_to == peer)
asoc->init_last_sent_to = NULL; asoc->init_last_sent_to = NULL;
/* If we remove the transport an SHUTDOWN was last sent to, set it
* to NULL. Combined with the update of the retran path above, this
* will cause the next SHUTDOWN to be sent to the next available
* transport, maintaining the cycle.
*/
if (asoc->shutdown_last_sent_to == peer)
asoc->shutdown_last_sent_to = NULL;
asoc->peer.transport_count--; asoc->peer.transport_count--;
sctp_transport_free(peer); sctp_transport_free(peer);
......
...@@ -5432,9 +5432,13 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep, ...@@ -5432,9 +5432,13 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
if (!reply) if (!reply)
goto nomem; goto nomem;
/* Do some failure management (Section 8.2). */ /* Do some failure management (Section 8.2).
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, * If we remove the transport an SHUTDOWN was last sent to, don't
SCTP_TRANSPORT(asoc->shutdown_last_sent_to)); * do failure management.
*/
if (asoc->shutdown_last_sent_to)
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
/* Set the transport for the SHUTDOWN/ACK chunk and the timeout for /* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
* the T2-shutdown timer. * the T2-shutdown timer.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册