| From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> |
| Date: Mon, 6 Feb 2017 18:10:31 -0200 |
| Subject: sctp: avoid BUG_ON on sctp_wait_for_sndbuf |
| |
| commit 2dcab598484185dea7ec22219c76dcdd59e3cb90 upstream. |
| |
| Alexander Popov reported that an application may trigger a BUG_ON in |
| sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is |
| waiting on it to queue more data and meanwhile another thread peels off |
| the association being used by the first thread. |
| |
| This patch replaces the BUG_ON call with a proper error handling. It |
| will return -EPIPE to the original sendmsg call, similarly to what would |
| have been done if the association wasn't found in the first place. |
| |
| Acked-by: Alexander Popov <alex.popov@linux.com> |
| Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> |
| Reviewed-by: Xin Long <lucien.xin@gmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| [bwh: Backported to 3.2: adjust context] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| net/sctp/socket.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/net/sctp/socket.c |
| +++ b/net/sctp/socket.c |
| @@ -6492,7 +6492,8 @@ static int sctp_wait_for_sndbuf(struct s |
| */ |
| sctp_release_sock(sk); |
| current_timeo = schedule_timeout(current_timeo); |
| - BUG_ON(sk != asoc->base.sk); |
| + if (sk != asoc->base.sk) |
| + goto do_error; |
| sctp_lock_sock(sk); |
| |
| *timeo_p = current_timeo; |
