Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2014640ybb; Thu, 26 Mar 2020 19:37:14 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuq/LFWRkbaZrJgFB1olm25OZcmlymYpXVXb0GFH/mk+ltIud8cynI6wrN0ESxXBAqCjK3F X-Received: by 2002:aca:aa81:: with SMTP id t123mr2541096oie.117.1585276634340; Thu, 26 Mar 2020 19:37:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585276634; cv=none; d=google.com; s=arc-20160816; b=pCRf0fYZIIeKysvrG9rBnLWMkdZPjFjCcUiaOVudjctkqCpOA+snjcGbMZjIl2i1ix ex2wKVx2SzG/06mW6yllRPMXe/QOVVQQ9uVlXyiVHxfr7WdRc4DIZiBhbhWUQjb4Uzgc BG4yE1TzQy6zLXhtC5GNsObO8fqWfBqPNx25fgNl/0ELzLIX5cVupaV8PTIsNjJDtwqm 7VALbtWMD1w7cWM70aH8HLwKJh0Sb+FLtEPZXPzhxfj7dAA7LE6qPqTJwJhZG2Cwoxpb f2x3aqg59SkvKC54Ga7b//4Rw+1WA8IVtX4cQZlL7XnBI/T7XPSvh24GEbYwhk50yuiC Ijmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=G7Sr1gwaHsCrajdueVmnHwr6RalDOGPbbpo1vRReyaA=; b=jpM0M+EAGiHnyjzbrBXPq3A1yFesEwqadQkbpAIBazoiR9BumTl00qnd2HeOmzn0cz ZQ1zI9ITzlCkn9vPDDyRxhaCMo5MfL6EFYgJCWZayFfUVw2hsVD5RltBT7I2kZ/mQ+jS Lpyl76qp+/kaqKagStPZJfzl3ReTG7pRNAM0+Z1Zq5W7NstwnJgoCqtGXPj0I98E156L oAHzHNBrdIh4v2CIv9pG9/rJ5aDi0XDXKyGBsrjjcOdXeEYBTIRdQjC6uLM87NopgFdH plwd/bnH3BYyWmfHUwWhGLmTb6fmQPVL07RGC+hNGbU7gn8bCTjyWhjO3iv0bBFVEH1w NR8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jvd0Kqyd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 96si1949493otn.253.2020.03.26.19.37.00; Thu, 26 Mar 2020 19:37:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jvd0Kqyd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727754AbgC0Cfk (ORCPT + 99 others); Thu, 26 Mar 2020 22:35:40 -0400 Received: from mail-qv1-f65.google.com ([209.85.219.65]:44414 "EHLO mail-qv1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727685AbgC0Cfj (ORCPT ); Thu, 26 Mar 2020 22:35:39 -0400 Received: by mail-qv1-f65.google.com with SMTP id ef12so2181419qvb.11; Thu, 26 Mar 2020 19:35:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=G7Sr1gwaHsCrajdueVmnHwr6RalDOGPbbpo1vRReyaA=; b=jvd0KqydU/86zFkzJPupX1YgNwI4hF0SBGrHftrDKBVzZ+qVPUdyUuYZfeYlYaRsUC JXy3yJJ10kED8Z0zdlLGCt2tLY3DNEzHfg0CfH7alZRzKU7xf6E8Iutcb1kAWAC4Ueuv 7koooStyMq2diJfAAqjUfyOtfor4CYXnPlNaqTSEHjh3DL5B5/lXwV7hyI7Sxbwxpx7p 6ZM2rQmbeYVAw1R8hPN927SmLR8JwR+PQKRLf0X+zkVYBgqJgEm7CkBIWoIs3Qa8WFfT LdJj2uofomcHmZ1uCZBWHUgj0cbtXuoM2Y6GmTE+fVZzj7F/o66KcRQGEZpuLaVx3eA5 W/Ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=G7Sr1gwaHsCrajdueVmnHwr6RalDOGPbbpo1vRReyaA=; b=IkuUIfoVT+sOK5YXw+S0YVKEItbqWBCbVoGKrOjYmYfH1TgK85i8nvXFipMrX9MO/W sPikYr43i6k0ctGJ7aWa4kKnLlBG/ScAt2uOcanHDwCdWIMqcDxlaW8FOiCvLy+WdnH8 7+7LDM+8uPzU5UFJovZOV9lgaWonmU7s567Tx+hoCMVBM/qJzXUo9NzEm6SzY3vPnnwN vkYOAIJzUmKQeufP79CSisyMxj4Zjrgdmcjnxm5AQcAzrfgobyiZ2ar8L+tQdzpzL5yV eDvWAcpwlXCX/TUePLdNeTgPpcj2Tlbbb7z63ruc5hDm39KNU23FgvX4CTIOLZlA+a6l TWMQ== X-Gm-Message-State: ANhLgQ1CMCZnkw9J6uQscXx3+A7jJn2Dl5HpmfblFLr6jHn3GOZ2WNvz 3jldijZ2uULer0RJCZ8Hrrs= X-Received: by 2002:a0c:a8e9:: with SMTP id h41mr11909678qvc.235.1585276538114; Thu, 26 Mar 2020 19:35:38 -0700 (PDT) Received: from localhost.localdomain ([168.181.48.248]) by smtp.gmail.com with ESMTPSA id l13sm2843115qtu.66.2020.03.26.19.35.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Mar 2020 19:35:37 -0700 (PDT) Received: by localhost.localdomain (Postfix, from userid 1000) id CC91CC5CE4; Thu, 26 Mar 2020 23:35:34 -0300 (-03) Date: Thu, 26 Mar 2020 23:35:34 -0300 From: Marcelo Ricardo Leitner To: Qiujun Huang Cc: davem@davemloft.net, vyasevich@gmail.com, nhorman@tuxdriver.com, kuba@kernel.org, linux-sctp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, anenbupt@gmail.com Subject: Re: [PATCH v5 RESEND] sctp: fix refcount bug in sctp_wfree Message-ID: <20200327023534.GJ3756@localhost.localdomain> References: <20200327012832.19193-1-hqjagain@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200327012832.19193-1-hqjagain@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 27, 2020 at 09:28:32AM +0800, Qiujun Huang wrote: > We should iterate over the datamsgs to modify Just two small things now. s/modify/move/ , it's more accurate. But mainly because... ... > > Reported-and-tested-by:syzbot+cea71eec5d6de256d54d@syzkaller.appspotmail.com checkpatch.pl is warning that there should be an empty space after the ':' here. Otherwise, looks very good. Btw, I learned a lot about syzbot new features with your tests, thanks :-) > Signed-off-by: Qiujun Huang > --- > net/sctp/socket.c | 31 +++++++++++++++++++++++-------- > 1 file changed, 23 insertions(+), 8 deletions(-) > > diff --git a/net/sctp/socket.c b/net/sctp/socket.c > index 1b56fc440606..f68076713162 100644 > --- a/net/sctp/socket.c > +++ b/net/sctp/socket.c > @@ -147,29 +147,44 @@ static void sctp_clear_owner_w(struct sctp_chunk *chunk) > skb_orphan(chunk->skb); > } > > +#define traverse_and_process() \ > +do { \ > + msg = chunk->msg; \ > + if (msg == prev_msg) \ > + continue; \ > + list_for_each_entry(c, &msg->chunks, frag_list) { \ > + if ((clear && asoc->base.sk == c->skb->sk) || \ > + (!clear && asoc->base.sk != c->skb->sk)) \ > + cb(c); \ > + } \ > + prev_msg = msg; \ > +} while (0) > + > static void sctp_for_each_tx_datachunk(struct sctp_association *asoc, > + bool clear, > void (*cb)(struct sctp_chunk *)) > > { > + struct sctp_datamsg *msg, *prev_msg = NULL; > struct sctp_outq *q = &asoc->outqueue; > + struct sctp_chunk *chunk, *c; > struct sctp_transport *t; > - struct sctp_chunk *chunk; > > list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) > list_for_each_entry(chunk, &t->transmitted, transmitted_list) > - cb(chunk); > + traverse_and_process(); > > list_for_each_entry(chunk, &q->retransmit, transmitted_list) > - cb(chunk); > + traverse_and_process(); > > list_for_each_entry(chunk, &q->sacked, transmitted_list) > - cb(chunk); > + traverse_and_process(); > > list_for_each_entry(chunk, &q->abandoned, transmitted_list) > - cb(chunk); > + traverse_and_process(); > > list_for_each_entry(chunk, &q->out_chunk_list, list) > - cb(chunk); > + traverse_and_process(); > } > > static void sctp_for_each_rx_skb(struct sctp_association *asoc, struct sock *sk, > @@ -9574,9 +9589,9 @@ static int sctp_sock_migrate(struct sock *oldsk, struct sock *newsk, > * paths won't try to lock it and then oldsk. > */ > lock_sock_nested(newsk, SINGLE_DEPTH_NESTING); > - sctp_for_each_tx_datachunk(assoc, sctp_clear_owner_w); > + sctp_for_each_tx_datachunk(assoc, true, sctp_clear_owner_w); > sctp_assoc_migrate(assoc, newsk); > - sctp_for_each_tx_datachunk(assoc, sctp_set_owner_w); > + sctp_for_each_tx_datachunk(assoc, false, sctp_set_owner_w); > > /* If the association on the newsk is already closed before accept() > * is called, set RCV_SHUTDOWN flag. > -- > 2.17.1 >