Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp549411imp; Thu, 21 Feb 2019 06:39:53 -0800 (PST) X-Google-Smtp-Source: AHgI3IadxW9naIrAaLyJ8fcBEAZAjOOD4c378hZj6mUwKZJsDdWFkDSMHJev1k84TbhveBH7Nblu X-Received: by 2002:a63:e03:: with SMTP id d3mr7791542pgl.245.1550759992945; Thu, 21 Feb 2019 06:39:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550759992; cv=none; d=google.com; s=arc-20160816; b=wxZ3KF3nNcNQApovbsVDH+SNtdttT2T00Z/O2FhgbOwb3i/gbGNteJsxACRkBlwf7L WbOrwfthntTVTyEne9P64eBxZMFRPnJ0tvgZQxxCy7+UD6+7yy+ultSUF8K3TcTwFUoq 5q6GhIaLRzU1kFLVCdMMap3o2kphlMF53Cac67QkSjflPlmpPeTuLdkC/SxdhBhUAXjD IKCBFjh87FQCJY11uv+CnQ/iAdCLvw2VWJ5uUlxgKL5GtY3rmq0l/OnynqIvc7X2LBID PsugKJZ3hEgIcsIniJ9sH1CJUljC1jwANfValV4ap0XgZxdJyxgzWQb4ExqRacSV/MO8 K+5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=x0p8tyIRCtJDSrPfG9+PDu0RVRM+1ZL1DObeKwMoQrI=; b=zDqoS7LgfVLSu/+AVjVm4jtONDuB91FmoBlXzPFNa8DxtppAHMaEUUHMrFJuazcqJV tUnpjD2ulbzp16ksgF4vo/R8aXDZZhdC1EOjMhmqfyQWCEayX49JWWqbbN7KO/7zUgXf 6BpydjOsy8XvLqG86hNuNiSXi0xhFLErOKhMRRTrWHRepsOJ+yh+QGDrfbaQJsAUI96a /jQHzncnDDMpCXZ7/TjP2lFzt2j/4fW8/XEaijlWTNCcEEkj1xNAh+3rAwTfsCaaBipF Vl3ypTOxXWpWRocD6QoYAYP1wDzmabyk+bsNoIirlNIARf3bkkC+7iCCOd08kXbEDnIk DY+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hYbiyauc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si20108769pgp.449.2019.02.21.06.39.38; Thu, 21 Feb 2019 06:39:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hYbiyauc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728695AbfBUOid (ORCPT + 99 others); Thu, 21 Feb 2019 09:38:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:60296 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728017AbfBUOib (ORCPT ); Thu, 21 Feb 2019 09:38:31 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EED6F20838; Thu, 21 Feb 2019 14:38:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550759910; bh=u94E0b/Ew+On4fxau3+yrutc87ENd8vnIHw9pn5h8t8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hYbiyaucQyzkRFeGfXbd6qdzfy668jXDKhuHWWiAn5ttOCeJwi/5/8I+5XVgcLNuD Jb9delbG6aSt3SPscxRBw3kLz8zH9BMdxiKIIJONw9HykEyk33aNpZtJ8dPDSzE778 sSZ1sCWqcOviiQ+MGsQWmCS2/BUnjcBwA7A/LN4A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , soukjin bae , Neal Cardwell , Soheil Hassas Yeganeh , "David S. Miller" Subject: [PATCH 4.9 11/20] tcp: tcp_v4_err() should be more careful Date: Thu, 21 Feb 2019 15:35:49 +0100 Message-Id: <20190221125243.503417436@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221125242.153179182@linuxfoundation.org> References: <20190221125242.153179182@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Dumazet [ Upstream commit 2c4cc9712364c051b1de2d175d5fbea6be948ebf ] ICMP handlers are not very often stressed, we should make them more resilient to bugs that might surface in the future. If there is no packet in retransmit queue, we should avoid a NULL deref. Signed-off-by: Eric Dumazet Reported-by: soukjin bae Acked-by: Neal Cardwell Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp_ipv4.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -464,14 +464,15 @@ void tcp_v4_err(struct sk_buff *icmp_skb if (sock_owned_by_user(sk)) break; + skb = tcp_write_queue_head(sk); + if (WARN_ON_ONCE(!skb)) + break; + icsk->icsk_backoff--; icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) : TCP_TIMEOUT_INIT; icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX); - skb = tcp_write_queue_head(sk); - BUG_ON(!skb); - remaining = icsk->icsk_rto - min(icsk->icsk_rto, tcp_time_stamp - tcp_skb_timestamp(skb));