Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp3134990ima; Sun, 3 Feb 2019 14:28:12 -0800 (PST) X-Google-Smtp-Source: ALg8bN5eixxtmlKUz8aVuo6j7YQJ85KFV13ENcd8+cbt2H/csOVgffOrMdO6i06WaImI1/9Mo7H2 X-Received: by 2002:a63:b30f:: with SMTP id i15mr44295674pgf.240.1549232891967; Sun, 03 Feb 2019 14:28:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549232891; cv=none; d=google.com; s=arc-20160816; b=ZUPiDTyFBuAk8RrjzVEY0lRmtvpqErjglYOO6bazyMWaVk30ojXZAi7G1iIU1jAWul XGc7+tU8cSLUVhUaYTJ/vSopMVVvxnh/WWw9mVP0WC4SeG73tOir95lcbpz2+3+4IeYi Pc3MdkVUcvBoJMAXiyPPOYdoGZk/aUsdiCR8APb6dt9pdx3HbckFTD4l/ui8PqZVMB2Z UX45l+b5mqeTbhrPUasCaTVlpDQyX4vj+nEBeGSUnMq19WoV7hQsV45mU3Aq9/uRXDQi F2xQVaG+OODlSPVma4/44FI8Y66WhSstfaSkZwJmz0VG2CHxCt9/UY9FJHTkLrJs3JPR ieNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=fqL3cEZ5j+jbA1/OtusOj79wCzs9Ub2K8gNH85hIupw=; b=eACQkHbASJ8ERwhQRai8vGxuLfc8/5Q0qkLZezwRVXQMnWxQPG+jeMAU0AiRFKiaWx bpfl4Yzz87/MRAhgUNFD0iIcU9offSBVDSLH5C6eq2KaXRMJiOVKmOC2Bv928mPRzJJb vxngRmFKIHzD9NPXcMZZB9xoNpU01hCrVtEHnjeM6BDoFsJ7Tr5wgUYrAoH2ofmRinnX CDHF3Vd+/Io2N5Of3rtXVTP27GIDOV/pyfm+LIeW6puoui5lgpb9jL1uCIy+/HKph71N OATOLj/n499BI/SvE24iuOsr+tNLAk0Btz6eAtkaFqSXhXVxFeoPLiBMpdW2AlokVhmz hoHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c81si14011971pfc.82.2019.02.03.14.27.56; Sun, 03 Feb 2019 14:28:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728089AbfBCWQt (ORCPT + 99 others); Sun, 3 Feb 2019 17:16:49 -0500 Received: from charlotte.tuxdriver.com ([70.61.120.58]:52958 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726673AbfBCWQt (ORCPT ); Sun, 3 Feb 2019 17:16:49 -0500 Received: from cpe-2606-a000-111b-405a-215-ff-fecc-4872.dyn6.twc.com ([2606:a000:111b:405a:215:ff:fecc:4872] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1gqQ49-00063o-Ls; Sun, 03 Feb 2019 17:16:45 -0500 Date: Sun, 3 Feb 2019 17:16:12 -0500 From: Neil Horman To: Xin Long Cc: linux-kernel@vger.kernel.org, network dev , linux-sctp@vger.kernel.org, davem@davemloft.net, Marcelo Ricardo Leitner Subject: Re: [PATCHv3 net] sctp: check and update stream->out_curr when allocating stream_out Message-ID: <20190203221612.GA23273@neilslaptop.think-freely.org> References: <91ab89c95836cfcacbe823f4bc0ecd2568bad113.1549222078.git.lucien.xin@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <91ab89c95836cfcacbe823f4bc0ecd2568bad113.1549222078.git.lucien.xin@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -2.9 (--) X-Spam-Status: No Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 04, 2019 at 03:27:58AM +0800, Xin Long wrote: > Now when using stream reconfig to add out streams, stream->out > will get re-allocated, and all old streams' information will > be copied to the new ones and the old ones will be freed. > > So without stream->out_curr updated, next time when trying to > send from stream->out_curr stream, a panic would be caused. > > This patch is to check and update stream->out_curr when > allocating stream_out. > > v1->v2: > - define fa_index() to get elem index from stream->out_curr. > v2->v3: > - repost with no change. > > Fixes: 5bbbbe32a431 ("sctp: introduce stream scheduler foundations") > Reported-by: Ying Xu > Reported-by: syzbot+e33a3a138267ca119c7d@syzkaller.appspotmail.com > Signed-off-by: Xin Long > --- > net/sctp/stream.c | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/net/sctp/stream.c b/net/sctp/stream.c > index 80e0ae5..f246331 100644 > --- a/net/sctp/stream.c > +++ b/net/sctp/stream.c > @@ -84,6 +84,19 @@ static void fa_zero(struct flex_array *fa, size_t index, size_t count) > } > } > > +static size_t fa_index(struct flex_array *fa, void *elem, size_t count) > +{ > + size_t index = 0; > + > + while (count--) { > + if (elem == flex_array_get(fa, index)) > + break; > + index++; > + } > + > + return index; > +} > + > /* Migrates chunks from stream queues to new stream queues if needed, > * but not across associations. Also, removes those chunks to streams > * higher than the new max. > @@ -147,6 +160,13 @@ static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt, > > if (stream->out) { > fa_copy(out, stream->out, 0, min(outcnt, stream->outcnt)); > + if (stream->out_curr) { > + size_t index = fa_index(stream->out, stream->out_curr, > + stream->outcnt); > + > + BUG_ON(index == stream->outcnt); > + stream->out_curr = flex_array_get(out, index); > + } > fa_free(stream->out); > } > > -- > 2.1.0 > > Acked-by: Neil Horman