Message ID | 1f2ffcb1180e4080aab114683b06efab@AcuMS.aculab.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [v2] net: sctp: Fix negotiation of the number of data streams. | expand |
On Wed, Aug 19, 2020 at 02:40:52PM +0000, David Laight wrote: > > The number of output and input streams was never being reduced, eg when > processing received INIT or INIT_ACK chunks. > The effect is that DATA chunks can be sent with invalid stream ids > and then discarded by the remote system. > > Fixes: 2075e50caf5ea ("sctp: convert to genradix") > Signed-off-by: David Laight <david.laight@aculab.com> > --- > net/sctp/stream.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > This needs backporting to 5.1 and all later kernels. > > (Resend without the RE:) > > Changes since v1: > - Fix 'Fixes' tag. > - Improve description. > "[PATCH net v2] ..." ^^^-- the tree tag I had mentioned :-) Anyhow, the rest looks fine. Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Thanks David. > diff --git a/net/sctp/stream.c b/net/sctp/stream.c > index bda2536dd740..6dc95dcc0ff4 100644 > --- a/net/sctp/stream.c > +++ b/net/sctp/stream.c > @@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt, > int ret; > > if (outcnt <= stream->outcnt) > - return 0; > + goto out; > > ret = genradix_prealloc(&stream->out, outcnt, gfp); > if (ret) > return ret; > > +out: > stream->outcnt = outcnt; > return 0; > } > @@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt, > int ret; > > if (incnt <= stream->incnt) > - return 0; > + goto out; > > ret = genradix_prealloc(&stream->in, incnt, gfp); > if (ret) > return ret; > > +out: > stream->incnt = incnt; > return 0; > } > -- > 2.25.1 > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales)
From: David Laight <David.Laight@ACULAB.COM> Date: Wed, 19 Aug 2020 14:40:52 +0000 > > The number of output and input streams was never being reduced, eg when > processing received INIT or INIT_ACK chunks. > The effect is that DATA chunks can be sent with invalid stream ids > and then discarded by the remote system. > > Fixes: 2075e50caf5ea ("sctp: convert to genradix") > Signed-off-by: David Laight <david.laight@aculab.com> Applied and queued up for -stable, thanks David.
From: David Miller > Sent: 21 August 2020 00:39 > > > > > The number of output and input streams was never being reduced, eg when > > processing received INIT or INIT_ACK chunks. > > The effect is that DATA chunks can be sent with invalid stream ids > > and then discarded by the remote system. > > > > Fixes: 2075e50caf5ea ("sctp: convert to genradix") > > Signed-off-by: David Laight <david.laight@aculab.com> > > Applied and queued up for -stable, thanks David. Thank you. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/net/sctp/stream.c b/net/sctp/stream.c index bda2536dd740..6dc95dcc0ff4 100644 --- a/net/sctp/stream.c +++ b/net/sctp/stream.c @@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt, int ret; if (outcnt <= stream->outcnt) - return 0; + goto out; ret = genradix_prealloc(&stream->out, outcnt, gfp); if (ret) return ret; +out: stream->outcnt = outcnt; return 0; } @@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt, int ret; if (incnt <= stream->incnt) - return 0; + goto out; ret = genradix_prealloc(&stream->in, incnt, gfp); if (ret) return ret; +out: stream->incnt = incnt; return 0; }
The number of output and input streams was never being reduced, eg when processing received INIT or INIT_ACK chunks. The effect is that DATA chunks can be sent with invalid stream ids and then discarded by the remote system. Fixes: 2075e50caf5ea ("sctp: convert to genradix") Signed-off-by: David Laight <david.laight@aculab.com> --- net/sctp/stream.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) This needs backporting to 5.1 and all later kernels. (Resend without the RE:) Changes since v1: - Fix 'Fixes' tag. - Improve description.