From patchwork Fri Apr 30 20:02:58 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xin Long <lucien.xin@gmail.com>
X-Patchwork-Id: 12234221
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04F50C433B4
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id C4BFA613F8
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232941AbhD3UFa (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Fri, 30 Apr 2021 16:05:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36628 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235398AbhD3UEH (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 30 Apr 2021 16:04:07 -0400
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com
 [IPv6:2607:f8b0:4864:20::1033])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC81CC06174A;
        Fri, 30 Apr 2021 13:03:17 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id
 f2-20020a17090a4a82b02900c67bf8dc69so2333432pjh.1;
        Fri, 30 Apr 2021 13:03:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :in-reply-to:references;
        bh=6b7BJcbm6D1aqgi/VtytZ9fDai8Xsd4OeDiV8zlCTyo=;
        b=nOBNtyeOp2fuLuMM9GK8LbncYm3z2091EopGUaIWJmwSzienTXA9jELM4wO6YshoeI
         F6jm/8UjadFSA4wY05P32hUL2pepBDb3Tlsxnp6uShYgtCg3ovGMxpmsRCfz1J08LpKT
         Exvw+dyQdKm6F/KEr/xAfWe0/Y4LpzQWTAk+ASK/FpW2bzz1TauR1Las7NQapkwL3AFS
         p88UEd97hK+ev8NICoIDGlvA6/dVMQcm+7LLCM+tZQSm40wD1pFZ2ep7D/bFJFJUvWP7
         8mWyt+kCcbmZf+hckTrVVm3wL5fr9S0/vOLjT5mhl+Hf4VNYAhocszc55EvEshklbv4P
         LU3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:in-reply-to:references;
        bh=6b7BJcbm6D1aqgi/VtytZ9fDai8Xsd4OeDiV8zlCTyo=;
        b=KdlQkzTv0loFFBLeFnkfX7vXughl7ZLmDcY1qjbbMfxPTeCJ5tXMm7GwNlzjvLfSTj
         lhFCCwF9zUViHH5pq+gyD96vN6KZTMdgB95B/lPP9jgA/ZBQ0Wq9yN1k+k12xl67Mz10
         nYtnVob0GXbO4ci6PpD7KJTRRGZvWVtk7E9UeOL0F0Pu86fb0khaDFItcc+tnavQBXiA
         cA6ABHWE9RWYZfIApR9DcX2rWp2sj7ov5hNUoasYw6riVqmvXQhJnSv40JaYc5Dia/cJ
         dZWK91oAQPuh52G/ebgtimZrbIIwY2rb7iLMCWDdSV6RLrUCp7TFmxBbBqZ1hdN68mmX
         4r8g==
X-Gm-Message-State: AOAM532quCI6qZVcRpCIWSPVMuULmumIGIxmVIL7K/xQ6q8xdXNOMbLA
        ibyeL1kNZhrxZdbgM2NUsuRRuT5obqWTNRtD
X-Google-Smtp-Source: 
 ABdhPJyLUYzf4I9o77xashEdRLjt1T6w7/d5E4ClO3Adr3bKwyLsiRQLD8kr6qTi7Tb7+UwzPMxXrw==
X-Received: by 2002:a17:90a:cf8a:: with SMTP id
 i10mr7025466pju.188.1619812996993;
        Fri, 30 Apr 2021 13:03:16 -0700 (PDT)
Received: from localhost ([209.132.188.80])
        by smtp.gmail.com with ESMTPSA id
 ml19sm15040003pjb.2.2021.04.30.13.03.15
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 30 Apr 2021 13:03:16 -0700 (PDT)
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
        Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
        jere.leppanen@nokia.com,
        Alexander Sverdlin <alexander.sverdlin@nokia.com>
Subject: [PATCHv2 net 1/3] sctp: do asoc update earlier in
 sctp_sf_do_dupcook_a
Date: Sat,  1 May 2021 04:02:58 +0800
Message-Id: 
 <1a42d5e9ae45c01dbf0378fca0cb8cfd85ee454b.1619812899.git.lucien.xin@gmail.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: <cover.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
In-Reply-To: <cover.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

There's a panic that occurs in a few of envs, the call trace is as below:

  [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI
  [] RIP: 0010:sctp_ulpevent_notify_peer_addr_change+0x4b/0x1fa [sctp]
  []  sctp_assoc_control_transport+0x1b9/0x210 [sctp]
  []  sctp_do_8_2_transport_strike.isra.16+0x15c/0x220 [sctp]
  []  sctp_cmd_interpreter.isra.21+0x1231/0x1a10 [sctp]
  []  sctp_do_sm+0xc3/0x2a0 [sctp]
  []  sctp_generate_timeout_event+0x81/0xf0 [sctp]

This is caused by a transport use-after-free issue. When processing a
duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), both COOKIE-ACK
and SHUTDOWN chunks are allocated with the transort from the new asoc.
However, later in the sideeffect machine, the old asoc is used to send
them out and old asoc's shutdown_last_sent_to is set to the transport
that SHUTDOWN chunk attached to in sctp_cmd_setup_t2(), which actually
belongs to the new asoc. After the new_asoc is freed and the old asoc
T2 timeout, the old asoc's shutdown_last_sent_to that is already freed
would be accessed in sctp_sf_t2_timer_expire().

Thanks Alexander and Jere for helping dig into this issue.

To fix it, this patch is to do the asoc update first, then allocate
the COOKIE-ACK and SHUTDOWN chunks with the 'updated' old asoc. This
would make more sense, as a chunk from an asoc shouldn't be sent out
with another asoc. We had fixed quite a few issues caused by this.

Fixes: 145cb2f7177d ("sctp: Fix bundling of SHUTDOWN with COOKIE-ACK")
Reported-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Reported-by: syzbot+bbe538efd1046586f587@syzkaller.appspotmail.com
Reported-by: Michal Tesar <mtesar@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
 net/sctp/sm_statefuns.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 7632714..30cb946 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1852,20 +1852,35 @@ static enum sctp_disposition sctp_sf_do_dupcook_a(
 			SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
 	sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_ASCONF_QUEUE, SCTP_NULL());
 
-	repl = sctp_make_cookie_ack(new_asoc, chunk);
+	/* Update the content of current association. */
+	if (sctp_assoc_update((struct sctp_association *)asoc, new_asoc)) {
+		struct sctp_chunk *abort;
+
+		abort = sctp_make_abort(asoc, NULL, sizeof(struct sctp_errhdr));
+		if (abort) {
+			sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
+			sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+		}
+		sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED));
+		sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
+				SCTP_PERR(SCTP_ERROR_RSRC_LOW));
+		SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS);
+		SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB);
+		goto nomem;
+	}
+
+	repl = sctp_make_cookie_ack(asoc, chunk);
 	if (!repl)
 		goto nomem;
 
 	/* Report association restart to upper layer. */
 	ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
-					     new_asoc->c.sinit_num_ostreams,
-					     new_asoc->c.sinit_max_instreams,
+					     asoc->c.sinit_num_ostreams,
+					     asoc->c.sinit_max_instreams,
 					     NULL, GFP_ATOMIC);
 	if (!ev)
 		goto nomem_ev;
 
-	/* Update the content of current association. */
-	sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
 	sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
 	if ((sctp_state(asoc, SHUTDOWN_PENDING) ||
 	     sctp_state(asoc, SHUTDOWN_SENT)) &&

From patchwork Fri Apr 30 20:02:59 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xin Long <lucien.xin@gmail.com>
X-Patchwork-Id: 12234223
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8BC8C43462
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:44 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id A4EB36144B
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:44 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233034AbhD3UFc (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Fri, 30 Apr 2021 16:05:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36658 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235488AbhD3UEO (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 30 Apr 2021 16:04:14 -0400
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com
 [IPv6:2607:f8b0:4864:20::435])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14984C06174A;
        Fri, 30 Apr 2021 13:03:26 -0700 (PDT)
Received: by mail-pf1-x435.google.com with SMTP id m11so6057639pfc.11;
        Fri, 30 Apr 2021 13:03:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :in-reply-to:references;
        bh=ranfrW4Ke5FCKLRLAOIZRlwFGXqBmDaAIWDLfXK3aC0=;
        b=hrg1RADg0C8nbuj9x2k/f3mCUKzQIx5T5lVzDvYiNdCMeuyY1KH7rbxOoVNwNetE4a
         OQVU2vUp51CUcvdGx21VoeStwQU0jeaadGD6tQoqh22HXr8R8yGbFeV+ldOpc/WZAuU2
         5UO6p9+LnEug0MIPNIshi9xGy1KOHQHC/IHMRE5qW0P4oaOgAuiI/BHE9XunwF7ygp6z
         7INkfE0pr09IY2FOIIWSrH9e97NbooBzEXO1I/XrgLzu1lj2GCuPoqYStNbLB/Fe546A
         gDBVL+sBYK3WJwtFXh/IzBfXG6d2p758vZ1smip4QAGCE2BGdPnwJTUjzSCcYAGmIP8H
         2SfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:in-reply-to:references;
        bh=ranfrW4Ke5FCKLRLAOIZRlwFGXqBmDaAIWDLfXK3aC0=;
        b=eLfzwSuewk6mF3todhjLq8O7SI/OwpsTwHyNZbZuJUmk+3EMtMIRmhKTioN/sUQL1r
         BC0Yn9og+rg/8ehZ0PFnqaRyDVGMqu6SYt1PPut1IJxgkvD6F5KccLnvR7AVEWWsLVeQ
         EoxV+u5kSz+zidg68jMUAi011z2x4jUzOx6j7yXe6Uy30gnoax/nn6MK5AVsav7VCf54
         WN1llverx+hd+qJEx1lksnr9ELWXaWPlNCQUNzu+GCS/yZ3TdAlDguNCbwUnj1B5XEC1
         mzAdiiFG0itYj1gBxB5JBid3PzIwBlVAFXNzcOgN9/VJS4kigTT1IuaEWYMy0i+qgZCB
         LrAA==
X-Gm-Message-State: AOAM533h9wFDjFx0ZSTVgDtrP2juKHKYtpFdfyZ47GV6CXLvD8ZOG2h0
        G2WqEZqnjNfGG7EpnwEejaVDQj/zU9mOMb25
X-Google-Smtp-Source: 
 ABdhPJxXPwNJeO3ABihUSK3qgiuGbk7ZVglqEffWNn75B8eGSfHRlg3cDq4FYeqfJZkH86SDtBHq/w==
X-Received: by 2002:a62:29c2:0:b029:28c:d5f5:5ba3 with SMTP id
 p185-20020a6229c20000b029028cd5f55ba3mr4150917pfp.14.1619813005400;
        Fri, 30 Apr 2021 13:03:25 -0700 (PDT)
Received: from localhost ([209.132.188.80])
        by smtp.gmail.com with ESMTPSA id
 n18sm2587890pgj.71.2021.04.30.13.03.24
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 30 Apr 2021 13:03:24 -0700 (PDT)
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
        Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
        jere.leppanen@nokia.com,
        Alexander Sverdlin <alexander.sverdlin@nokia.com>
Subject: [PATCHv2 net 2/3] Revert "sctp: Fix bundling of SHUTDOWN with
 COOKIE-ACK"
Date: Sat,  1 May 2021 04:02:59 +0800
Message-Id: 
 <a9f65034deb5ffa57ea704f99102fcefb9bff539.1619812899.git.lucien.xin@gmail.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: 
 <1a42d5e9ae45c01dbf0378fca0cb8cfd85ee454b.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
 <1a42d5e9ae45c01dbf0378fca0cb8cfd85ee454b.1619812899.git.lucien.xin@gmail.com>
In-Reply-To: <cover.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

This can be reverted as shutdown and cookie_ack chunk are using the
same asoc since the last patch.

This reverts commit 145cb2f7177d94bc54563ed26027e952ee0ae03c.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
 net/sctp/sm_statefuns.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 30cb946..e8ccc4e 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1892,7 +1892,7 @@ static enum sctp_disposition sctp_sf_do_dupcook_a(
 		 */
 		sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
 		return sctp_sf_do_9_2_start_shutdown(net, ep, asoc,
-						     SCTP_ST_CHUNK(0), repl,
+						     SCTP_ST_CHUNK(0), NULL,
 						     commands);
 	} else {
 		sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
@@ -5536,7 +5536,7 @@ enum sctp_disposition sctp_sf_do_9_2_start_shutdown(
 	 * in the Cumulative TSN Ack field the last sequential TSN it
 	 * has received from the peer.
 	 */
-	reply = sctp_make_shutdown(asoc, arg);
+	reply = sctp_make_shutdown(asoc, NULL);
 	if (!reply)
 		goto nomem;
 
@@ -6134,7 +6134,7 @@ enum sctp_disposition sctp_sf_autoclose_timer_expire(
 	disposition = SCTP_DISPOSITION_CONSUME;
 	if (sctp_outq_is_empty(&asoc->outqueue)) {
 		disposition = sctp_sf_do_9_2_start_shutdown(net, ep, asoc, type,
-							    NULL, commands);
+							    arg, commands);
 	}
 
 	return disposition;

From patchwork Fri Apr 30 20:03:00 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xin Long <lucien.xin@gmail.com>
X-Patchwork-Id: 12234225
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B737AC433B4
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:47 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 8A48C6143D
	for <netdev@archiver.kernel.org>; Fri, 30 Apr 2021 20:04:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235378AbhD3UFe (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Fri, 30 Apr 2021 16:05:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36688 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235650AbhD3UEX (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 30 Apr 2021 16:04:23 -0400
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com
 [IPv6:2607:f8b0:4864:20::62e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6D7CC06174A;
        Fri, 30 Apr 2021 13:03:34 -0700 (PDT)
Received: by mail-pl1-x62e.google.com with SMTP id a11so6316124plh.3;
        Fri, 30 Apr 2021 13:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :in-reply-to:references;
        bh=NmbIxLEGHLoCgfVZwidcwUpoR40Q5FVw10EI41xuPb0=;
        b=GkiS1QzX54g08/yRcNhnlXwHK+T2B0F0ZnKy8uTWttpXBwmxy1HkMGA9s3zrvQc+dJ
         2Zj611qxzPcZEsZcLWY/wFgAheBJL+ddIRp5qjThrQ3PuPLBvnB7ThTaV2dTupPAwdgo
         xbNdtVVy7x9dWOHVt4ozkrwuBTIPTnEkLScg1oh2hF6TlybgO/ZOBr4IF3PeE57RSSZK
         fivckc6oa5Sj9kjZGMiArOfScIyzXsyNv5ofiZKeUOaUcaCIA0wt/+XoPCiwlzudSzod
         70w6gQ/XcnkWtBsvLqC1gDFapH9v808LHLxAFrX9xBi5gQiK2AR6u04jqqSlAlnnB9U8
         KNBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:in-reply-to:references;
        bh=NmbIxLEGHLoCgfVZwidcwUpoR40Q5FVw10EI41xuPb0=;
        b=L4Cw0L0OMRYO50S57pbTXC0ojwX7xkK3a9Z0GKc/1kDmSd41ry7cLxErfnKBRZ2jcL
         2mEM1AEb0XY3oonCsdmeMYQX9eSKliCCKzab6V7myKQWHmw8grenI0OdK9lGOwLymaGu
         DBWGNaURzfF/s2DNrj3iQCOO4AI3ah4XenG7CfN377ywEZQeRsSxeV3YQIxgUyca0TSA
         6fiJURZlQoLKP789/4nDFAbR8UmBdGdbZPQIwCwzhd85ttPBvBUPPeq+ZD0kLitrYj5a
         Na9iSKQSQ9r2449R8wHMDFTwseIzU+B/wAdlMVVT+UWe79loNq5fClKffHszQE+T0+ux
         3uiQ==
X-Gm-Message-State: AOAM532NKoOW3m9UGRYXFXtQ6rg763zaC4RcJz+e0wyVXJFvFGHaTCkz
        M2LN8lmGJPK+oVwrpuf23nmNETf36m5BGwlg
X-Google-Smtp-Source: 
 ABdhPJzeN6m4dUCSi+untEHGPX+QoEIXoOf7G57xKKyLWEwRHyMkiR10veCAfGM4AFBBZKhwRQLlnA==
X-Received: by 2002:a17:90a:5907:: with SMTP id
 k7mr17573981pji.197.1619813013977;
        Fri, 30 Apr 2021 13:03:33 -0700 (PDT)
Received: from localhost ([209.132.188.80])
        by smtp.gmail.com with ESMTPSA id
 c129sm3040101pfb.141.2021.04.30.13.03.32
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 30 Apr 2021 13:03:33 -0700 (PDT)
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
        Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
        jere.leppanen@nokia.com,
        Alexander Sverdlin <alexander.sverdlin@nokia.com>
Subject: [PATCHv2 net 3/3] sctp: do asoc update earlier in
 sctp_sf_do_dupcook_b
Date: Sat,  1 May 2021 04:03:00 +0800
Message-Id: 
 <371d885e4d50b379aff56babe77517f6ccc32651.1619812899.git.lucien.xin@gmail.com>
X-Mailer: git-send-email 2.1.0
In-Reply-To: 
 <a9f65034deb5ffa57ea704f99102fcefb9bff539.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
 <1a42d5e9ae45c01dbf0378fca0cb8cfd85ee454b.1619812899.git.lucien.xin@gmail.com>
 <a9f65034deb5ffa57ea704f99102fcefb9bff539.1619812899.git.lucien.xin@gmail.com>
In-Reply-To: <cover.1619812899.git.lucien.xin@gmail.com>
References: <cover.1619812899.git.lucien.xin@gmail.com>
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

The same thing should be done for sctp_sf_do_dupcook_b().
Meanwhile, SCTP_CMD_UPDATE_ASSOC cmd can be removed.

v1->v2:
  - Fix the return value in sctp_sf_do_assoc_update().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
 include/net/sctp/command.h |  1 -
 net/sctp/sm_sideeffect.c   | 26 -------------------------
 net/sctp/sm_statefuns.c    | 47 +++++++++++++++++++++++++++++-----------------
 3 files changed, 30 insertions(+), 44 deletions(-)

diff --git a/include/net/sctp/command.h b/include/net/sctp/command.h
index e8df72e..5e84888 100644
--- a/include/net/sctp/command.h
+++ b/include/net/sctp/command.h
@@ -68,7 +68,6 @@ enum sctp_verb {
 	SCTP_CMD_ASSOC_FAILED,	 /* Handle association failure. */
 	SCTP_CMD_DISCARD_PACKET, /* Discard the whole packet. */
 	SCTP_CMD_GEN_SHUTDOWN,   /* Generate a SHUTDOWN chunk. */
-	SCTP_CMD_UPDATE_ASSOC,   /* Update association information. */
 	SCTP_CMD_PURGE_OUTQUEUE, /* Purge all data waiting to be sent. */
 	SCTP_CMD_SETUP_T2,       /* Hi-level, setup T2-shutdown parms.  */
 	SCTP_CMD_RTO_PENDING,	 /* Set transport's rto_pending. */
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 0948f14..ce15d59 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -826,28 +826,6 @@ static void sctp_cmd_setup_t2(struct sctp_cmd_seq *cmds,
 	asoc->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] = t->rto;
 }
 
-static void sctp_cmd_assoc_update(struct sctp_cmd_seq *cmds,
-				  struct sctp_association *asoc,
-				  struct sctp_association *new)
-{
-	struct net *net = asoc->base.net;
-	struct sctp_chunk *abort;
-
-	if (!sctp_assoc_update(asoc, new))
-		return;
-
-	abort = sctp_make_abort(asoc, NULL, sizeof(struct sctp_errhdr));
-	if (abort) {
-		sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
-		sctp_add_cmd_sf(cmds, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
-	}
-	sctp_add_cmd_sf(cmds, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED));
-	sctp_add_cmd_sf(cmds, SCTP_CMD_ASSOC_FAILED,
-			SCTP_PERR(SCTP_ERROR_RSRC_LOW));
-	SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS);
-	SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB);
-}
-
 /* Helper function to change the state of an association. */
 static void sctp_cmd_new_state(struct sctp_cmd_seq *cmds,
 			       struct sctp_association *asoc,
@@ -1301,10 +1279,6 @@ static int sctp_cmd_interpreter(enum sctp_event_type event_type,
 			sctp_endpoint_add_asoc(ep, asoc);
 			break;
 
-		case SCTP_CMD_UPDATE_ASSOC:
-		       sctp_cmd_assoc_update(commands, asoc, cmd->obj.asoc);
-		       break;
-
 		case SCTP_CMD_PURGE_OUTQUEUE:
 		       sctp_outq_teardown(&asoc->outqueue);
 		       break;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index e8ccc4e..a428449 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1773,6 +1773,30 @@ enum sctp_disposition sctp_sf_do_5_2_3_initack(
 		return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
 }
 
+static int sctp_sf_do_assoc_update(struct sctp_association *asoc,
+				   struct sctp_association *new,
+				   struct sctp_cmd_seq *cmds)
+{
+	struct net *net = asoc->base.net;
+	struct sctp_chunk *abort;
+
+	if (!sctp_assoc_update(asoc, new))
+		return 0;
+
+	abort = sctp_make_abort(asoc, NULL, sizeof(struct sctp_errhdr));
+	if (abort) {
+		sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
+		sctp_add_cmd_sf(cmds, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+	}
+	sctp_add_cmd_sf(cmds, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED));
+	sctp_add_cmd_sf(cmds, SCTP_CMD_ASSOC_FAILED,
+			SCTP_PERR(SCTP_ERROR_RSRC_LOW));
+	SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS);
+	SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB);
+
+	return -ENOMEM;
+}
+
 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
  *
  * Section 5.2.4
@@ -1853,21 +1877,8 @@ static enum sctp_disposition sctp_sf_do_dupcook_a(
 	sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_ASCONF_QUEUE, SCTP_NULL());
 
 	/* Update the content of current association. */
-	if (sctp_assoc_update((struct sctp_association *)asoc, new_asoc)) {
-		struct sctp_chunk *abort;
-
-		abort = sctp_make_abort(asoc, NULL, sizeof(struct sctp_errhdr));
-		if (abort) {
-			sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
-			sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
-		}
-		sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED));
-		sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-				SCTP_PERR(SCTP_ERROR_RSRC_LOW));
-		SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS);
-		SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB);
+	if (sctp_sf_do_assoc_update((struct sctp_association *)asoc, new_asoc, commands))
 		goto nomem;
-	}
 
 	repl = sctp_make_cookie_ack(asoc, chunk);
 	if (!repl)
@@ -1940,14 +1951,16 @@ static enum sctp_disposition sctp_sf_do_dupcook_b(
 	if (!sctp_auth_chunk_verify(net, chunk, new_asoc))
 		return SCTP_DISPOSITION_DISCARD;
 
-	/* Update the content of current association.  */
-	sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
 	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
 			SCTP_STATE(SCTP_STATE_ESTABLISHED));
 	SCTP_INC_STATS(net, SCTP_MIB_CURRESTAB);
 	sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
 
-	repl = sctp_make_cookie_ack(new_asoc, chunk);
+	/* Update the content of current association.  */
+	if (sctp_sf_do_assoc_update((struct sctp_association *)asoc, new_asoc, commands))
+		goto nomem;
+
+	repl = sctp_make_cookie_ack(asoc, chunk);
 	if (!repl)
 		goto nomem;