Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1907065imm; Thu, 24 May 2018 02:43:03 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoHWxZ/6vLJOseh9/EXZmiXWe8KwWNythdYG3B8CDFADDzFAHp5zwO5ERohSer6SH+cyaFJ X-Received: by 2002:a17:902:b60a:: with SMTP id b10-v6mr6460155pls.221.1527154983813; Thu, 24 May 2018 02:43:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527154983; cv=none; d=google.com; s=arc-20160816; b=XHZJmt4PmtZeKcvuY8X0l8XRnhfczKnuyYeD2ocw+RO9kujLxcGWj3pTuGnJUlIcmw nL7hymPfM031YTbLGScSe2i4TqTZIMyADy6ztGSNVgW6haggTtg8YvHoF9YT/P5962+e N7KUyCJsg7j1nH/vdVXq6vsrVkQRHPrvyMW1NKtQbmHUu336gqdqeh34KGQvF9bWIi53 4ceJS6UVsRJJbOuoXkBEr8kt3FILSNSv87t0UDnIGQKiTpH3j0KwAIdXoVImODnSmDTj wMlFeb8mbGJKz1+ClWfMMJ6rkJvCsJq/Aup+o5M0ryzkMxY6136/OWNlxjzuP/6gg9Nm OhDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=ZB5d1X5TZmWa93JoxpxHCkqCx2KeDvrf7LP23u2EV8k=; b=byK5zBYHalI0fQ+c1rFIluVursTN7eyJjlL+AyrET9YevWvZ/gujKoWDu3WqaJXH/3 3ch/T/HrdzmBqt8ENZws5TrChO7rvCAPQ0UFgNbfakAfHC2P5bNjJH9s4ug2KxPUSgEE AOQGqG0LYPWK43rgyXgjAQM+XAKFrj/NKQFyM8nWi5klfs7pEBN2iFFMPm9wSYnfjBMP gGiOOh1ykX47qtiR3BV1FUyJIlUTctfxaTNZFOtfUJTCctKfDQ7QZOHPYWRnKbe9r7Mf sg2AwAXidr3y3bElKoiWBdgb0eKSMyEW0lN4ewpyk+NDfakoZPoTcv4H1Bw4hM3RXEyk W2rg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ORs1SiDE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m15-v6si10481336pgr.9.2018.05.24.02.42.49; Thu, 24 May 2018 02:43:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ORs1SiDE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966151AbeEXJlI (ORCPT + 99 others); Thu, 24 May 2018 05:41:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:53038 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965759AbeEXJlD (ORCPT ); Thu, 24 May 2018 05:41:03 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 628FC2087E; Thu, 24 May 2018 09:41:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527154862; bh=x18SUHyw8JJZ7pld7eiRROE1n7oeLsQaH2XTnRTfSYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ORs1SiDEy6sUHpl9X2hJZFs5Nswp13dFPRd5df/7WeAXDwl0TP3qMzNltkC7afWpZ Rz4Ah+GUw27rpF1Vx4O3BU64AoWcCnTTirfZPoADka6Ngiym7dTmc5iiVIY6N5wXG5 WVRMlhUllKQqQOWqxFuAQO3iF2gaeiTsaUS6mSBQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Neil Horman , Marcelo Ricardo Leitner , "David S. Miller" Subject: [PATCH 3.18 15/45] sctp: fix the issue that the cookie-ack with auth cant get processed Date: Thu, 24 May 2018 11:38:23 +0200 Message-Id: <20180524093122.388660006@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093120.599252450@linuxfoundation.org> References: <20180524093120.599252450@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Xin Long [ Upstream commit ce402f044e4e432c296f90eaabb8dbe8f3624391 ] When auth is enabled for cookie-ack chunk, in sctp_inq_pop, sctp processes auth chunk first, then continues to the next chunk in this packet if chunk_end + chunk_hdr size < skb_tail_pointer(). Otherwise, it will go to the next packet or discard this chunk. However, it missed the fact that cookie-ack chunk's size is equal to chunk_hdr size, which couldn't match that check, and thus this chunk would not get processed. This patch fixes it by changing the check to chunk_end + chunk_hdr size <= skb_tail_pointer(). Fixes: 26b87c788100 ("net: sctp: fix remote memory pressure from excessive queueing") Signed-off-by: Xin Long Acked-by: Neil Horman Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sctp/inqueue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/sctp/inqueue.c +++ b/net/sctp/inqueue.c @@ -178,7 +178,7 @@ struct sctp_chunk *sctp_inq_pop(struct s skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); chunk->subh.v = NULL; /* Subheader is no longer valid. */ - if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < + if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) <= skb_tail_pointer(chunk->skb)) { /* This is not a singleton */ chunk->singleton = 0;