Commit 6345b199 authored by Wei Yongjun's avatar Wei Yongjun Committed by Vlad Yasevich

sctp: fix panic when T2-shutdown timer expire on removed transport

If T2-shutdown timer is expired on a removed transport, kernel
panic will occur when we do failure management on that transport.
You can reproduce this use the following sequence:

  Endpoint A                           Endpoint B
  (ESTABLISHED)                        (ESTABLISHED)

                <-----------------      SHUTDOWN
                                        (SRC=X)
  ASCONF        ----------------->
  (Delete IP Address = X)
                <-----------------      ASCONF-ACK
                                        (Success Indication)
                <-----------------      SHUTDOWN
                                        (T2-shutdown timer expire)
This patch fixed the problem.
Signed-off-by: default avatarWei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
parent a2c39584
...@@ -567,6 +567,14 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc, ...@@ -567,6 +567,14 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
if (asoc->init_last_sent_to == peer) if (asoc->init_last_sent_to == peer)
asoc->init_last_sent_to = NULL; asoc->init_last_sent_to = NULL;
/* If we remove the transport an SHUTDOWN was last sent to, set it
* to NULL. Combined with the update of the retran path above, this
* will cause the next SHUTDOWN to be sent to the next available
* transport, maintaining the cycle.
*/
if (asoc->shutdown_last_sent_to == peer)
asoc->shutdown_last_sent_to = NULL;
asoc->peer.transport_count--; asoc->peer.transport_count--;
sctp_transport_free(peer); sctp_transport_free(peer);
......
...@@ -5432,7 +5432,11 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep, ...@@ -5432,7 +5432,11 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
if (!reply) if (!reply)
goto nomem; goto nomem;
/* Do some failure management (Section 8.2). */ /* Do some failure management (Section 8.2).
* If we remove the transport an SHUTDOWN was last sent to, don't
* do failure management.
*/
if (asoc->shutdown_last_sent_to)
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
SCTP_TRANSPORT(asoc->shutdown_last_sent_to)); SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment