Skip to content

Commit

Permalink
sctp: fix panic when T2-shutdown timer expire on removed transport
Browse files Browse the repository at this point in the history 
If T2-shutdown timer is expired on a removed transport, kernel
panic will occur when we do failure management on that transport.
You can reproduce this use the following sequence:

  Endpoint A                           Endpoint B
  (ESTABLISHED)                        (ESTABLISHED)

                <-----------------      SHUTDOWN
                                        (SRC=X)
  ASCONF        ----------------->
  (Delete IP Address = X)
                <-----------------      ASCONF-ACK
                                        (Success Indication)
                <-----------------      SHUTDOWN
                                        (T2-shutdown timer expire)
This patch fixed the problem.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
  • Loading branch information
Wei Yongjun authored and Vlad Yasevich committed Jun 3, 2009
1 parent a2c3958 commit 6345b19
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
8 changes: 8 additions & 0 deletions net/sctp/associola.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -567,6 +567,14 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
if (asoc->init_last_sent_to == peer)
asoc->init_last_sent_to = NULL;

/* If we remove the transport an SHUTDOWN was last sent to, set it
* to NULL. Combined with the update of the retran path above, this
* will cause the next SHUTDOWN to be sent to the next available
* transport, maintaining the cycle.
*/
if (asoc->shutdown_last_sent_to == peer)
asoc->shutdown_last_sent_to = NULL;

asoc->peer.transport_count--;

sctp_transport_free(peer);
Expand Down
10 changes: 7 additions & 3 deletions net/sctp/sm_statefuns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5432,9 +5432,13 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
if (!reply)
goto nomem;

/* Do some failure management (Section 8.2). */
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
/* Do some failure management (Section 8.2).
* If we remove the transport an SHUTDOWN was last sent to, don't
* do failure management.
*/
if (asoc->shutdown_last_sent_to)
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
SCTP_TRANSPORT(asoc->shutdown_last_sent_to));

/* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
* the T2-shutdown timer.
Expand Down

0 comments on commit 6345b19

Please sign in to comment.