Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1773706ybb;
        Sat, 11 Apr 2020 11:29:28 -0700 (PDT)
X-Google-Smtp-Source: APiQypKUZ0KRTyKrxCiQIhUuOT5PQNvycRs2lq+pVPt2SDO42VqZ/yqbiqVi/FA/jvhDpuhH9mYN
X-Received: by 2002:a37:a5c2:: with SMTP id o185mr9356679qke.219.1586629768241;
        Sat, 11 Apr 2020 11:29:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586629768; cv=none;
        d=google.com; s=arc-20160816;
        b=olt2FNZxTUoeOk+GutbbCO8yp09YOWfvEfkWgt54/xSzesNTN7WpsYLbwqCXzkgCfi
         DmizOk/eaDYg4j6gUSEnsHQnNMaDysBg+MPNQPL8q+ElpnDZWAtdzReiV3pPODZo0VrB
         hH7xcfXb46Lc+75j6FYffb36tEp/0L1CLybj5qaZg/5XSzRXMO4Pb2W+ELscF2AnKrR5
         oBqrg/X22IzL9jzIk5YBDhce/vzFzbYlON8WUfsuu3lC3rJSnXZa4SAqmiFpPiOmZ+hN
         b5dB8+s6Phkzt+rwycLwa3w6mnOPySzze/mcsit0DRS80ijCT9COfJxInedxWKx7Ymc9
         vZdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=4R42MJ0sH/pdBwuvMlnyiXbYjPBtooYf/vAqR1J3SBk=;
        b=QDk+sjMbW0xaTi5mgzLcxn7D7U+HNBb1PfwVpn8LvGS/QkVuZ1mYua3XZabVEV7Nt+
         eSpC1AvgvhW4Sa6z7NJk9leCwk4pjgZI9RObKnOLhJGoAkQBwTeVOEU/+lWgLzGr0gOi
         wDHDB9yYq3JHUnGZPXX7xBv20LACJlZphEutji3xvpES6UN9EHze+6HamXbozEbP/2im
         /5AHhlcBjku2wKSk7ePLiPS2GK/MqY/vfWbtbGovqq7wJ+cEsWxZ2nZI8DtXCgMpGYxV
         x/kXaMfffclB2Vkqe0d9wiIPB9t25hl3XX93b/8KJ+1xEhOBbcQbrSPpUoi1qTWDK7Wb
         LBZg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a4si3095838qvb.180.2020.04.11.11.29.12;
        Sat, 11 Apr 2020 11:29:28 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726565AbgDKS2P (ORCPT <rfc822;rmelvin.vger@gmail.com>
        + 99 others); Sat, 11 Apr 2020 14:28:15 -0400
Received: from jabberwock.ucw.cz ([46.255.230.98]:55420 "EHLO
        jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726155AbgDKS2P (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 11 Apr 2020 14:28:15 -0400
Received: by jabberwock.ucw.cz (Postfix, from userid 1017)
        id 15EB81C6385; Sat, 11 Apr 2020 20:28:14 +0200 (CEST)
Date:   Sat, 11 Apr 2020 20:28:13 +0200
From:   Pavel Machek <pavel@denx.de>
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        Qiujun Huang <hqjagain@gmail.com>,
        Marcelo Ricardo Leitner <mleitner@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        syzbot+cea71eec5d6de256d54d@syzkaller.appspotmail.com
Subject: Re: [PATCH 4.19 03/54] sctp: fix refcount bug in sctp_wfree
Message-ID: <20200411182813.GA18221@duo.ucw.cz>
References: <20200411115508.284500414@linuxfoundation.org>
 <20200411115508.593027768@linuxfoundation.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh"
Content-Disposition: inline
In-Reply-To: <20200411115508.593027768@linuxfoundation.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

> The following case cause the bug:
> for the trouble SKB, it was in outq->transmitted list

Ok... but this is one hell of "interesting" code.

> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -165,29 +165,44 @@ static void sctp_clear_owner_w(struct sc
>  	skb_orphan(chunk->skb);
>  }
> =20
> +#define traverse_and_process()	\
> +do {				\
> +	msg =3D chunk->msg;	\
> +	if (msg =3D=3D prev_msg)	\
> +		continue;	\
> +	list_for_each_entry(c, &msg->chunks, frag_list) {	\
> +		if ((clear && asoc->base.sk =3D=3D c->skb->sk) ||	\
> +		    (!clear && asoc->base.sk !=3D c->skb->sk))	\
> +			cb(c);	\
> +	}			\
> +	prev_msg =3D msg;		\
> +} while (0)

Should this be function?

Do you see how it does "continue"? But the do {} while(0) wrapper eats
the continue. "break" would be more clear here, but they are really
equivalent due to way this macro is used.

It is just very, very confusing.

Best regards,
								Pavel


--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCXpIMPQAKCRAw5/Bqldv6
8nGRAJ9i+7V6V7ICNl35CSsTotQAtMT4QACeP2kjyhviB509AsRsg+Jcj713Q1A=
=8Hn4
-----END PGP SIGNATURE-----

--NzB8fVQJ5HfG6fxh--