Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
* RE: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
@ 2020-08-19 12:45 David Laight
2020-08-19 14:40 ` David Laight
0 siblings, 1 reply; 5+ messages in thread
From: David Laight @ 2020-08-19 12:45 UTC (permalink / raw)
To: 'netdev@vger.kernel.org', 'linux-sctp@vger.kernel.org'
Cc: 'Marcelo Ricardo Leitner'
The number of output and input streams was never being reduced, eg when
processing received INIT or INIT_ACK chunks.
The effect is that DATA chunks can be sent with invalid stream ids
and then discarded by the remote system.
Fixes: 2075e50caf5ea ("sctp: convert to genradix")
Signed-off-by: David Laight <david.laight@aculab.com>
---
net/sctp/stream.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
This needs backporting to 5.1 and all later kernels.
Changes since v1:
- Fix 'Fixes' tag.
- Improve description.
diff --git a/net/sctp/stream.c b/net/sctp/stream.c
index bda2536dd740..6dc95dcc0ff4 100644
--- a/net/sctp/stream.c
+++ b/net/sctp/stream.c
@@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
int ret;
if (outcnt <= stream->outcnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->out, outcnt, gfp);
if (ret)
return ret;
+out:
stream->outcnt = outcnt;
return 0;
}
@@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
int ret;
if (incnt <= stream->incnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->in, incnt, gfp);
if (ret)
return ret;
+out:
stream->incnt = incnt;
return 0;
}
--
2.25.1
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 12:45 [PATCH v2] net: sctp: Fix negotiation of the number of data streams David Laight
@ 2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
0 siblings, 2 replies; 5+ messages in thread
From: David Laight @ 2020-08-19 14:40 UTC (permalink / raw)
To: David Laight, 'netdev@vger.kernel.org',
'linux-sctp@vger.kernel.org'
Cc: 'Marcelo Ricardo Leitner'
The number of output and input streams was never being reduced, eg when
processing received INIT or INIT_ACK chunks.
The effect is that DATA chunks can be sent with invalid stream ids
and then discarded by the remote system.
Fixes: 2075e50caf5ea ("sctp: convert to genradix")
Signed-off-by: David Laight <david.laight@aculab.com>
---
net/sctp/stream.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
This needs backporting to 5.1 and all later kernels.
(Resend without the RE:)
Changes since v1:
- Fix 'Fixes' tag.
- Improve description.
diff --git a/net/sctp/stream.c b/net/sctp/stream.c
index bda2536dd740..6dc95dcc0ff4 100644
--- a/net/sctp/stream.c
+++ b/net/sctp/stream.c
@@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
int ret;
if (outcnt <= stream->outcnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->out, outcnt, gfp);
if (ret)
return ret;
+out:
stream->outcnt = outcnt;
return 0;
}
@@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
int ret;
if (incnt <= stream->incnt)
- return 0;
+ goto out;
ret = genradix_prealloc(&stream->in, incnt, gfp);
if (ret)
return ret;
+out:
stream->incnt = incnt;
return 0;
}
--
2.25.1
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 14:40 ` David Laight
@ 2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
1 sibling, 0 replies; 5+ messages in thread
From: 'Marcelo Ricardo Leitner' @ 2020-08-20 13:29 UTC (permalink / raw)
To: David Laight
Cc: 'netdev@vger.kernel.org', 'linux-sctp@vger.kernel.org'
On Wed, Aug 19, 2020 at 02:40:52PM +0000, David Laight wrote:
>
> The number of output and input streams was never being reduced, eg when
> processing received INIT or INIT_ACK chunks.
> The effect is that DATA chunks can be sent with invalid stream ids
> and then discarded by the remote system.
>
> Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> Signed-off-by: David Laight <david.laight@aculab.com>
> ---
> net/sctp/stream.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> This needs backporting to 5.1 and all later kernels.
>
> (Resend without the RE:)
>
> Changes since v1:
> - Fix 'Fixes' tag.
> - Improve description.
>
"[PATCH net v2] ..."
^^^-- the tree tag I had mentioned :-)
Anyhow, the rest looks fine.
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Thanks David.
> diff --git a/net/sctp/stream.c b/net/sctp/stream.c
> index bda2536dd740..6dc95dcc0ff4 100644
> --- a/net/sctp/stream.c
> +++ b/net/sctp/stream.c
> @@ -88,12 +88,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
> int ret;
>
> if (outcnt <= stream->outcnt)
> - return 0;
> + goto out;
>
> ret = genradix_prealloc(&stream->out, outcnt, gfp);
> if (ret)
> return ret;
>
> +out:
> stream->outcnt = outcnt;
> return 0;
> }
> @@ -104,12 +105,13 @@ static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
> int ret;
>
> if (incnt <= stream->incnt)
> - return 0;
> + goto out;
>
> ret = genradix_prealloc(&stream->in, incnt, gfp);
> if (ret)
> return ret;
>
> +out:
> stream->incnt = incnt;
> return 0;
> }
> --
> 2.25.1
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
@ 2020-08-20 23:38 ` David Miller
2020-08-21 7:41 ` David Laight
1 sibling, 1 reply; 5+ messages in thread
From: David Miller @ 2020-08-20 23:38 UTC (permalink / raw)
To: David.Laight; +Cc: netdev, linux-sctp, marcelo.leitner
From: David Laight <David.Laight@ACULAB.COM>
Date: Wed, 19 Aug 2020 14:40:52 +0000
>
> The number of output and input streams was never being reduced, eg when
> processing received INIT or INIT_ACK chunks.
> The effect is that DATA chunks can be sent with invalid stream ids
> and then discarded by the remote system.
>
> Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> Signed-off-by: David Laight <david.laight@aculab.com>
Applied and queued up for -stable, thanks David.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH v2] net: sctp: Fix negotiation of the number of data streams.
2020-08-20 23:38 ` David Miller
@ 2020-08-21 7:41 ` David Laight
0 siblings, 0 replies; 5+ messages in thread
From: David Laight @ 2020-08-21 7:41 UTC (permalink / raw)
To: 'David Miller'; +Cc: netdev, linux-sctp, marcelo.leitner
From: David Miller
> Sent: 21 August 2020 00:39
>
> >
> > The number of output and input streams was never being reduced, eg when
> > processing received INIT or INIT_ACK chunks.
> > The effect is that DATA chunks can be sent with invalid stream ids
> > and then discarded by the remote system.
> >
> > Fixes: 2075e50caf5ea ("sctp: convert to genradix")
> > Signed-off-by: David Laight <david.laight@aculab.com>
>
> Applied and queued up for -stable, thanks David.
Thank you.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-08-21 7:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-19 12:45 [PATCH v2] net: sctp: Fix negotiation of the number of data streams David Laight
2020-08-19 14:40 ` David Laight
2020-08-20 13:29 ` 'Marcelo Ricardo Leitner'
2020-08-20 23:38 ` David Miller
2020-08-21 7:41 ` David Laight
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).