Home Home > GIT Browse > SLE12-SP5-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Kirjanov <dkirjanov@suse.com>2019-12-05 19:36:10 +0300
committerDenis Kirjanov <dkirjanov@suse.com>2019-12-05 19:36:10 +0300
commit4cf61c0a64bfc42905d626685a1c8c72d6f2417e (patch)
tree162b583cdffa515f54b8451b158aa9d93f49a2a2
parent77572d011718942208a4deed466067969be2298e (diff)
-rw-r--r--patches.suse/sctp-change-sctp_prot-.no_autobind-with-true.patch86
-rw-r--r--series.conf1
2 files changed, 87 insertions, 0 deletions
diff --git a/patches.suse/sctp-change-sctp_prot-.no_autobind-with-true.patch b/patches.suse/sctp-change-sctp_prot-.no_autobind-with-true.patch
new file mode 100644
index 0000000000..b1932da973
--- /dev/null
+++ b/patches.suse/sctp-change-sctp_prot-.no_autobind-with-true.patch
@@ -0,0 +1,86 @@
+From: Xin Long <lucien.xin@gmail.com>
+Subject: sctp: change sctp_prot .no_autobind with true
+Patch-mainline: v5.4-rc4
+Git-commit: 63dfb7938b13fa2c2fbcb45f34d065769eb09414
+References: networking-stable-19_10_24 bsc#1158082
+
+syzbot reported a memory leak:
+
+ BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
+ backtrace:
+
+ [...] slab_alloc mm/slab.c:3319 [inline]
+ [...] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
+ [...] sctp_bucket_create net/sctp/socket.c:8523 [inline]
+ [...] sctp_get_port_local+0x189/0x5a0 net/sctp/socket.c:8270
+ [...] sctp_do_bind+0xcc/0x200 net/sctp/socket.c:402
+ [...] sctp_bindx_add+0x4b/0xd0 net/sctp/socket.c:497
+ [...] sctp_setsockopt_bindx+0x156/0x1b0 net/sctp/socket.c:1022
+ [...] sctp_setsockopt net/sctp/socket.c:4641 [inline]
+ [...] sctp_setsockopt+0xaea/0x2dc0 net/sctp/socket.c:4611
+ [...] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3147
+ [...] __sys_setsockopt+0x10f/0x220 net/socket.c:2084
+ [...] __do_sys_setsockopt net/socket.c:2100 [inline]
+
+It was caused by when sending msgs without binding a port, in the path:
+inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
+.get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
+not. Later when binding another port by sctp_setsockopt_bindx(), a new
+bucket will be created as bp->port is not set.
+
+sctp's autobind is supposed to call sctp_autobind() where it does all
+things including setting bp->port. Since sctp_autobind() is called in
+sctp_sendmsg() if the sk is not yet bound, it should have skipped the
+auto bind.
+
+THis patch is to avoid calling inet_autobind() in inet_send_prepare()
+by changing sctp_prot .no_autobind with true, also remove the unused
+.get_port.
+
+Reported-by: syzbot+d44f7bbebdea49dbc84a@syzkaller.appspotmail.com
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+
+SLE15: we need to check no_autobind socket flag in inet_dgram_connect() as,
+unlike in mainline, SCTP still uses this function.
+
+---
+ net/ipv4/af_inet.c | 3 ++-
+ net/sctp/socket.c | 4 ++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/net/ipv4/af_inet.c
++++ b/net/ipv4/af_inet.c
+@@ -535,7 +535,8 @@ int inet_dgram_connect(struct socket *sock, struct sockaddr *uaddr,
+ return err;
+ }
+
+- if (!inet_sk(sk)->inet_num && inet_autobind(sk))
++ if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind &&
++ inet_autobind(sk))
+ return -EAGAIN;
+ return sk->sk_prot->connect(sk, uaddr, addr_len);
+ }
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -8240,7 +8240,7 @@ struct proto sctp_prot = {
+ .backlog_rcv = sctp_backlog_rcv,
+ .hash = sctp_hash,
+ .unhash = sctp_unhash,
+- .get_port = sctp_get_port,
++ .no_autobind = true,
+ .obj_size = sizeof(struct sctp_sock),
+ .sysctl_mem = sysctl_sctp_mem,
+ .sysctl_rmem = sysctl_sctp_rmem,
+@@ -8279,7 +8279,7 @@ struct proto sctpv6_prot = {
+ .backlog_rcv = sctp_backlog_rcv,
+ .hash = sctp_hash,
+ .unhash = sctp_unhash,
+- .get_port = sctp_get_port,
++ .no_autobind = true,
+ .obj_size = sizeof(struct sctp6_sock),
+ .sysctl_mem = sysctl_sctp_mem,
+ .sysctl_rmem = sysctl_sctp_rmem,
diff --git a/series.conf b/series.conf
index b58cb55423..a80688823d 100644
--- a/series.conf
+++ b/series.conf
@@ -50949,6 +50949,7 @@
patches.suse/iwlwifi-pcie-fix-rb_allocator-workqueue-allocation.patch
patches.suse/iwlwifi-dbg_ini-fix-memory-leak-in-alloc_sgtable.patch
patches.suse/iwlwifi-pcie-fix-memory-leaks-in-iwl_pcie_ctxt_info_.patch
+ patches.suse/sctp-change-sctp_prot-.no_autobind-with-true.patch
patches.suse/net-phy-bcm7xxx-define-soft_reset-for-40nm-EPHY.patch
patches.suse/0001-xen-netback-fix-error-path-of-xenvif_connect_data.patch
patches.suse/x86-boot-64-Make-level2_kernel_pgt-pages-invalid-out.patch