From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E614C43381 for ; Fri, 15 Feb 2019 21:36:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 25D87222D7 for ; Fri, 15 Feb 2019 21:36:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="S5+4u0cr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392312AbfBOVgy (ORCPT ); Fri, 15 Feb 2019 16:36:54 -0500 Received: from mail-yb1-f202.google.com ([209.85.219.202]:55420 "EHLO mail-yb1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728755AbfBOVgy (ORCPT ); Fri, 15 Feb 2019 16:36:54 -0500 Received: by mail-yb1-f202.google.com with SMTP id x132so6575014ybx.22 for ; Fri, 15 Feb 2019 13:36:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=RIlBgm0R0GwDrDQjcSBkCSNd4fNmu49DlzMpSv4jdgw=; b=S5+4u0crlfXTOjb3IK4u8UQwthEijdtcsr6j3MW+6pB0DM2nyrEgdrqg+GHSdG5/SJ dsoIoi3wAlFitDIQ+svpWAYruCOTDKxRFh8pLf/YFLyOiKaHp0+WIfs+1CrYAJosiPuG 6iH/ZjfZfL7+A2NIZYLCsZOrExfuj+97CrJjLwZWjXi4cibKRXnCvG5WNviQiOM6M3p1 lWtV4IPBbDTiBomPDsjEQsycuVv/gLhFLVjD6obbkUc6GV9EjkJbvQnAPNHVZ6ci5RKs sC5Lf927e9T20addztjySylu1ReVznnuvZcTlYNNG9g10sv/2J0ij7+lPjkJDkYKru2f 4W9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=RIlBgm0R0GwDrDQjcSBkCSNd4fNmu49DlzMpSv4jdgw=; b=g+VZXVmmAmuwKaE2HjgcmmxX62Llbf/HdnkVzkuP7WAQdPczH08B/dguxrC/2Bvcn+ KMT/4skbBOatFtex6yeDtMbgMpUxkfBpX3Cvj9kgnlpkLUgu9KtiYLRXR+a7GFpYkK+D TReRSAEBaaWyT7d+juqYCaTKjJyFq5qRcmCdmRInhxtHsN7OcapczHgLvyBPNru7ByDG aodxA1ougB+0juqwqWbjf/SUEpKfxBEdxeppmyaNiO9R7k6nMt41+bmagqTOuZ3TJMLX KyWu1jb4oMU1+FLH9fGHSiMqYrLVy7FbilqN57pbsy3jMYPbBR8TMGPu9TJMURJKRVhn x49w== X-Gm-Message-State: AHQUAuZvEG75OrA6HJdKw/teO5gN9uCa26sSgMDIZ9suVgFVDkFMHwYE tRTZps744Di43iqAzeRL5ck3yUjczCe4Iw== X-Google-Smtp-Source: AHgI3IaVdrHF0AyTrOsGvzGiE9lUrBaYBqffv8NOS+qJYmlOvP6rGIv9kD8iqdrdvdDf6tjNZn9Sn4xaaC4qKg== X-Received: by 2002:a25:8e0a:: with SMTP id p10mr4687302ybl.83.1550266613689; Fri, 15 Feb 2019 13:36:53 -0800 (PST) Date: Fri, 15 Feb 2019 13:36:21 -0800 In-Reply-To: <20190215213621.183537-1-edumazet@google.com> Message-Id: <20190215213621.183537-3-edumazet@google.com> Mime-Version: 1.0 References: <20190215213621.183537-1-edumazet@google.com> X-Mailer: git-send-email 2.21.0.rc0.258.g878e2cd30e-goog Subject: [PATCH net 2/2] tcp: tcp_v4_err() should be more careful From: Eric Dumazet To: "David S . Miller" Cc: netdev , Eric Dumazet , Eric Dumazet , Neal Cardwell , Yuchung Cheng , soukjin bae Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org ICMP handlers are not very often stressed, we should make them more resilient to bugs that might surface in the future. If there is no packet in retransmit queue, we should avoid a NULL deref. Signed-off-by: Eric Dumazet Reported-by: soukjin bae --- net/ipv4/tcp_ipv4.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index efc6fef692ffdca4dcdd3f4b87a837656dd66c8c..ec3cea9d68288244d8e03b655d06f91640c36ee7 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -536,12 +536,15 @@ int tcp_v4_err(struct sk_buff *icmp_skb, u32 info) if (sock_owned_by_user(sk)) break; + skb = tcp_rtx_queue_head(sk); + if (WARN_ON_ONCE(!skb)) + break; + icsk->icsk_backoff--; icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) : TCP_TIMEOUT_INIT; icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX); - skb = tcp_rtx_queue_head(sk); tcp_mstamp_refresh(tp); delta_us = (u32)(tp->tcp_mstamp - tcp_skb_timestamp_us(skb)); -- 2.21.0.rc0.258.g878e2cd30e-goog