Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp549033imp; Thu, 21 Feb 2019 06:39:32 -0800 (PST) X-Google-Smtp-Source: AHgI3IYozMuX9SYlm/oQe6gj82m73vQsaqgKkBmpa6beg9stYz0QjiPWA50yW1OmlUWnBiO5zVzb X-Received: by 2002:a63:4384:: with SMTP id q126mr34506968pga.160.1550759972414; Thu, 21 Feb 2019 06:39:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550759972; cv=none; d=google.com; s=arc-20160816; b=DLP3HDxlq4nlWmhP1g5OTwkJ0DKGZYXqb5Ptkg/yeZurk+DwNDHB2hIO1OKL0NR/9V 5oQwi6mcezwI07Gm8ZFbpoBahTT1/y8LIyAtJnwgTt88JaKDzs8N6hfl0PkBEVbyZUhe pHN2M2xee2yHhmUTT4CoPnRWU9luHYap8TeYdNKsWOGRhdpE63sTv0JJ70C3KiET2+6H z7zFj4oZ07t6boCi43ybB5x3xypGRmyJnnuWdEQmQuuPAfO04VQTG3nGVt84tFjS88P8 Z9Ap56soEMZY5TwO/FhMnwZZUZa56aZzNJ1vRhkqySIcqyWBQOtnrQr1D86m/azrA/C1 iP/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gmBM9vyqiuAX+sNe1d/gzIqz+Q7YtdlwB0EN4PuMxeo=; b=i7FaImO+LakUqZoT9FIh2lpZWgyc7h3nWyI7Xr12QyjJmanfsfpbbRqFDpZooGftcq AQzn4dGis+ACDYaAo6sJpUD+e8Abkz2LW7OSV8vioerjx8BtjlMY1pEJZ9psWAFM2NOX MOIQDzhGKLTfdr9fVcrtkM2aPw3V3Wje81BH+iR6WdCJeS56Cw8ruobsTosCLan6MGTD vUoQGR8ksfHGwaEgqq5u5APcswp8ap3OtKCPJnJpouMOvNY8PFyMKwuZAss5MjIHQxdM a/2/5jFAesa5/ey9+w1GTcbIv1aA8ApNbYBm/JVhejGTvazDXHbHpS3UKV/NxASLDr9w 861w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QpjIPFx5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j5si7868057plk.387.2019.02.21.06.39.16; Thu, 21 Feb 2019 06:39:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QpjIPFx5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728628AbfBUOiP (ORCPT + 99 others); Thu, 21 Feb 2019 09:38:15 -0500 Received: from mail.kernel.org ([198.145.29.99]:59834 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727939AbfBUOiM (ORCPT ); Thu, 21 Feb 2019 09:38:12 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4DE4020838; Thu, 21 Feb 2019 14:38:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550759891; bh=82SAn6VBjC8wyR9JZFYWZj8T5FJGWys/l3TaH3bYBqI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QpjIPFx5QLPPYKIVSLeUo6P8JjLl+l7vDpTSmIGbB7NuBEmuLgwaDYRuqIUdBf/qX UPkqsDjR4WYmvR+XhljDXdNDBvVBXudwm8h5MY9MPO6s537223K0NJZQCs2sBQiHRL /Oh8nZQxpnHIftRja7qnBzdNTA5asNBAR/zCZnQ0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , soukjin bae , Neal Cardwell , Soheil Hassas Yeganeh , "David S. Miller" Subject: [PATCH 4.4 07/20] tcp: tcp_v4_err() should be more careful Date: Thu, 21 Feb 2019 15:35:37 +0100 Message-Id: <20190221141946.984750657@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221141946.772985220@linuxfoundation.org> References: <20190221141946.772985220@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Dumazet [ Upstream commit 2c4cc9712364c051b1de2d175d5fbea6be948ebf ] ICMP handlers are not very often stressed, we should make them more resilient to bugs that might surface in the future. If there is no packet in retransmit queue, we should avoid a NULL deref. Signed-off-by: Eric Dumazet Reported-by: soukjin bae Acked-by: Neal Cardwell Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp_ipv4.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -466,14 +466,15 @@ void tcp_v4_err(struct sk_buff *icmp_skb if (sock_owned_by_user(sk)) break; + skb = tcp_write_queue_head(sk); + if (WARN_ON_ONCE(!skb)) + break; + icsk->icsk_backoff--; icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) : TCP_TIMEOUT_INIT; icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX); - skb = tcp_write_queue_head(sk); - BUG_ON(!skb); - remaining = icsk->icsk_rto - min(icsk->icsk_rto, tcp_time_stamp - tcp_skb_timestamp(skb));