* RE: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
@ 2020-08-19 12:45 David Laight
2020-08-19 14:40 ` David Laight
0 siblings, 1 reply; 5+ messages in thread
From: David Laight @ 2020-08-19 12:45 UTC (permalink / raw)
To: 'netdev@vger.kernel.org', 'linux-sctp@vger.kernel.org'
Cc: 'Marcelo Ricardo Leitner'
The number of output and input streams was never being reduced, eg when
processing received INIT or INIT_ACK chunks.
The effect is that DATA chunks can be sent with invalid stream ids
and then discarded by the remote system.
Fixes: 2075e50caf5ea ("sctp: convert to genradix")
Signed-off-by: David Laight <david.laight@aculab.com>
---
net/sctp/stream.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
This needs backporting to 5.1 and all later kernels.
Changes since v1:
- Fix 'Fixes' tag.
- Improve description.
diff --git a/net/sctp/stream.c b/net/sctp/stream.c
index bda2536dd740..6dc95dcc0ff4 100644
--- a/net/sctp/stream.c
+++ b/net/sctp/stream.c
@@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
int ret;
if (outcnt <= stream->outcnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->out, outcnt, gfp);
if (ret)
return ret;
+out:
stream->outcnt = outcnt;
return 0;
}
@@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
int ret;
if (incnt <= stream->incnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->in, incnt, gfp);
if (ret)
return ret;
+out:
stream->incnt = incnt;
return 0;
}
--
2.25.1
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 12:45 [PATCH v2] net: sctp: Fix negotiation of the number of data streams David Laight
@ 2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
0 siblings, 2 replies; 5+ messages in thread
From: David Laight @ 2020-08-19 14:40 UTC (permalink / raw)
To: David Laight, 'netdev@vger.kernel.org',
'linux-sctp@vger.kernel.org'
Cc: 'Marcelo Ricardo Leitner'
DQpUaGUgbnVtYmVyIG9mIG91dHB1dCBhbmQgaW5wdXQgc3RyZWFtcyB3YXMgbmV2ZXIgYmVpbmcg
cmVkdWNlZCwgZWcgd2hlbg0KcHJvY2Vzc2luZyByZWNlaXZlZCBJTklUIG9yIElOSVRfQUNLIGNo
dW5rcy4NClRoZSBlZmZlY3QgaXMgdGhhdCBEQVRBIGNodW5rcyBjYW4gYmUgc2VudCB3aXRoIGlu
dmFsaWQgc3RyZWFtIGlkcw0KYW5kIHRoZW4gZGlzY2FyZGVkIGJ5IHRoZSByZW1vdGUgc3lzdGVt
Lg0KDQpGaXhlczogMjA3NWU1MGNhZjVlYSAoInNjdHA6IGNvbnZlcnQgdG8gZ2VucmFkaXgiKQ0K
U2lnbmVkLW9mZi1ieTogRGF2aWQgTGFpZ2h0IDxkYXZpZC5sYWlnaHRAYWN1bGFiLmNvbT4NCi0t
LQ0KIG5ldC9zY3RwL3N0cmVhbS5jIHwgNiArKysrLS0NCiAxIGZpbGUgY2hhbmdlZCwgNCBpbnNl
cnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQ0KDQpUaGlzIG5lZWRzIGJhY2twb3J0aW5nIHRvIDUu
MSBhbmQgYWxsIGxhdGVyIGtlcm5lbHMuDQoNCihSZXNlbmQgd2l0aG91dCB0aGUgUkU6KQ0KDQpD
aGFuZ2VzIHNpbmNlIHYxOg0KLSBGaXggJ0ZpeGVzJyB0YWcuDQotIEltcHJvdmUgZGVzY3JpcHRp
b24uDQoNCmRpZmYgLS1naXQgYS9uZXQvc2N0cC9zdHJlYW0uYyBiL25ldC9zY3RwL3N0cmVhbS5j
DQppbmRleCBiZGEyNTM2ZGQ3NDAuLjZkYzk1ZGNjMGZmNCAxMDA2NDQNCi0tLSBhL25ldC9zY3Rw
L3N0cmVhbS5jDQorKysgYi9uZXQvc2N0cC9zdHJlYW0uYw0KQEAgLTg4LDEyICs4OCwxMyBAQCBz
dGF0aWMgaW50IHNjdHBfc3RyZWFtX2FsbG9jX291dChzdHJ1Y3Qgc2N0cF9zdHJlYW0gKnN0cmVh
bSwgX191MTYgb3V0Y250LA0KIAlpbnQgcmV0Ow0KIA0KIAlpZiAob3V0Y250IDw9IHN0cmVhbS0+
b3V0Y250KQ0KLQkJcmV0dXJuIDA7DQorCQlnb3RvIG91dDsNCiANCiAJcmV0ID0gZ2VucmFkaXhf
cHJlYWxsb2MoJnN0cmVhbS0+b3V0LCBvdXRjbnQsIGdmcCk7DQogCWlmIChyZXQpDQogCQlyZXR1
cm4gcmV0Ow0KIA0KK291dDoNCiAJc3RyZWFtLT5vdXRjbnQgPSBvdXRjbnQ7DQogCXJldHVybiAw
Ow0KIH0NCkBAIC0xMDQsMTIgKzEwNSwxMyBAQCBzdGF0aWMgaW50IHNjdHBfc3RyZWFtX2FsbG9j
X2luKHN0cnVjdCBzY3RwX3N0cmVhbSAqc3RyZWFtLCBfX3UxNiBpbmNudCwNCiAJaW50IHJldDsN
CiANCiAJaWYgKGluY250IDw9IHN0cmVhbS0+aW5jbnQpDQotCQlyZXR1cm4gMDsNCisJCWdvdG8g
b3V0Ow0KIA0KIAlyZXQgPSBnZW5yYWRpeF9wcmVhbGxvYygmc3RyZWFtLT5pbiwgaW5jbnQsIGdm
cCk7DQogCWlmIChyZXQpDQogCQlyZXR1cm4gcmV0Ow0KIA0KK291dDoNCiAJc3RyZWFtLT5pbmNu
dCA9IGluY250Ow0KIAlyZXR1cm4gMDsNCiB9DQotLSANCjIuMjUuMQ0KDQotDQpSZWdpc3RlcmVk
IEFkZHJlc3MgTGFrZXNpZGUsIEJyYW1sZXkgUm9hZCwgTW91bnQgRmFybSwgTWlsdG9uIEtleW5l
cywgTUsxIDFQVCwgVUsNClJlZ2lzdHJhdGlvbiBObzogMTM5NzM4NiAoV2FsZXMpDQo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 14:40 ` David Laight
@ 2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
1 sibling, 0 replies; 5+ messages in thread
From: 'Marcelo Ricardo Leitner' @ 2020-08-20 13:29 UTC (permalink / raw)
To: David Laight
Cc: 'netdev@vger.kernel.org', 'linux-sctp@vger.kernel.org'
On Wed, Aug 19, 2020 at 02:40:52PM +0000, David Laight wrote:
>
> The number of output and input streams was never being reduced, eg when
> processing received INIT or INIT_ACK chunks.
> The effect is that DATA chunks can be sent with invalid stream ids
> and then discarded by the remote system.
>
> Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> Signed-off-by: David Laight <david.laight@aculab.com>
> ---
> net/sctp/stream.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> This needs backporting to 5.1 and all later kernels.
>
> (Resend without the RE:)
>
> Changes since v1:
> - Fix 'Fixes' tag.
> - Improve description.
>
"[PATCH net v2] ..."
^^^-- the tree tag I had mentioned :-)
Anyhow, the rest looks fine.
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Thanks David.
> diff --git a/net/sctp/stream.c b/net/sctp/stream.c
> index bda2536dd740..6dc95dcc0ff4 100644
> --- a/net/sctp/stream.c
> +++ b/net/sctp/stream.c
> @@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
> int ret;
>
> if (outcnt <= stream->outcnt)
> - return 0;
> + goto out;
>
> ret = genradix_prealloc(&stream->out, outcnt, gfp);
> if (ret)
> return ret;
>
> +out:
> stream->outcnt = outcnt;
> return 0;
> }
> @@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
> int ret;
>
> if (incnt <= stream->incnt)
> - return 0;
> + goto out;
>
> ret = genradix_prealloc(&stream->in, incnt, gfp);
> if (ret)
> return ret;
>
> +out:
> stream->incnt = incnt;
> return 0;
> }
> --
> 2.25.1
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
@ 2020-08-20 23:38 ` David Miller
2020-08-21 7:41 ` David Laight
1 sibling, 1 reply; 5+ messages in thread
From: David Miller @ 2020-08-20 23:38 UTC (permalink / raw)
To: David.Laight; +Cc: netdev, linux-sctp, marcelo.leitner
From: David Laight <David.Laight@ACULAB.COM>
Date: Wed, 19 Aug 2020 14:40:52 +0000
>
> The number of output and input streams was never being reduced, eg when
> processing received INIT or INIT_ACK chunks.
> The effect is that DATA chunks can be sent with invalid stream ids
> and then discarded by the remote system.
>
> Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> Signed-off-by: David Laight <david.laight@aculab.com>
Applied and queued up for -stable, thanks David.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-20 23:38 ` David Miller
@ 2020-08-21 7:41 ` David Laight
0 siblings, 0 replies; 5+ messages in thread
From: David Laight @ 2020-08-21 7:41 UTC (permalink / raw)
To: 'David Miller'; +Cc: netdev, linux-sctp, marcelo.leitner
From: David Miller
> Sent: 21 August 2020 00:39
>
> >
> > The number of output and input streams was never being reduced, eg when
> > processing received INIT or INIT_ACK chunks.
> > The effect is that DATA chunks can be sent with invalid stream ids
> > and then discarded by the remote system.
> >
> > Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> > Signed-off-by: David Laight <david.laight@aculab.com>
>
> Applied and queued up for -stable, thanks David.
Thank you.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-08-21 7:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-19 12:45 [PATCH v2] net: sctp: Fix negotiation of the number of data streams David Laight
2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
2020-08-21 7:41 ` David Laight
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).