sctp: fix panic when T4-rto timer expire on removed transport
If T4-rto timer is expired on a removed transport, kernel panic will occur when we do failure management on that transport. You can reproduce this use the following sequence: Endpoint A Endpoint B (ESTABLISHED) (ESTABLISHED) <----------------- ASCONF (SRC=X) ASCONF -----------------> (Delete IP Address = X) <----------------- ASCONF-ACK (Success Indication) <----------------- ASCONF (T4-rto timer expire) This patch fixed the problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
This commit is contained in:
parent
6345b19985
commit
10a43cea7d
|
@ -575,6 +575,13 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
|
|||
if (asoc->shutdown_last_sent_to == peer)
|
||||
asoc->shutdown_last_sent_to = NULL;
|
||||
|
||||
/* If we remove the transport an ASCONF was last sent to, set it to
|
||||
* NULL.
|
||||
*/
|
||||
if (asoc->addip_last_asconf &&
|
||||
asoc->addip_last_asconf->transport == peer)
|
||||
asoc->addip_last_asconf->transport = NULL;
|
||||
|
||||
asoc->peer.transport_count--;
|
||||
|
||||
sctp_transport_free(peer);
|
||||
|
|
|
@ -5475,7 +5475,9 @@ sctp_disposition_t sctp_sf_t4_timer_expire(
|
|||
* detection on the appropriate destination address as defined in
|
||||
* RFC2960 [5] section 8.1 and 8.2.
|
||||
*/
|
||||
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
|
||||
if (transport)
|
||||
sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
|
||||
SCTP_TRANSPORT(transport));
|
||||
|
||||
/* Reconfig T4 timer and transport. */
|
||||
sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
|
||||
|
|
Loading…
Reference in New Issue