From nobody Sat May 28 16:34:39 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B49661B66440; Sat, 28 May 2022 16:34:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L9S1q4jP2z3nTM; Sat, 28 May 2022 16:34:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653755679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BRDcGsVAiFVrRiXxV748tH/wOJkXDPz0Fwp50EjIRHI=; b=Ouhgm33QpDb5cUMKE+j1F5Q1UFhn46QE/iFzH2qt4EUepULcxa+EsDYOn361wPLwU/tE9g FENDSO8nAA+j2sI851pHD4h2AHH0ztUeKYDHXfrwIZrWa5TtoFB7QeYo7AjUKPVfmgQVrv RRcoaoLmoEeDXCfhJLZuiVmJGGlw+n1Jqr7Z/J3DkIdY0diNpwQqkGTxu9zT/XYqNYbs51 DWscL1RxP32235jMxg+0OHNRBhxD7+7HBlx5vwWahSovBLvLiCa+TOxPTGmlSMooHTBow6 851yp0+kilvjJbjv4K1eoQEef5CsYa0DXYTAovdvW1O1UnYG/9H4Wxey/6TgmA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8183B127B4; Sat, 28 May 2022 16:34:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24SGYd66049915; Sat, 28 May 2022 16:34:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24SGYd8T049914; Sat, 28 May 2022 16:34:39 GMT (envelope-from git) Date: Sat, 28 May 2022 16:34:39 GMT Message-Id: <202205281634.24SGYd8T049914@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: 64b297e803bd - main - sctp: improve handling of send() when association is shutdown List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 64b297e803bd8123bfef3fecaa1f8ceae9eea0e6 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653755679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BRDcGsVAiFVrRiXxV748tH/wOJkXDPz0Fwp50EjIRHI=; b=MQIUlle2PhGtgYVE/niRWOdw7BEHAECOTTjUlq8gZ/ykIHG4V/ciD4F8BawEPbkJyYVQZc 47j59DZ8wO1Cnzboq6tAmg4wtbej7mnAxVSvddP8wt90yUV0yHPMMD5MnNO7yxbzro3iKD cF2r88aJV7fA6R11RTUMo72Dh4e+l4ECHD+XxGZ3IfweiV4JPv6sP/zm2p9IVO2Qc8p/cP W8kxwSZ2jJVknyrU/Hf+3/3ZtD8mNYY1CUW8n9r0LAGGmQ1or1aZmhkIZ7nDtl/slnqrqF DkUb2KLKq+Ct9GfITznorjmLmE30IbJQXgmXK3fJ/wTwCS1d6wJoWeIhUUabTw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653755679; a=rsa-sha256; cv=none; b=VU6HMlWjnRTR6SPmQgg4PK5sXg82NCniGbu326WooBPkVnr8IiV6MipF8J0mrji/T2a+l8 blHFJSJ+gbvzScSKewHiey1i+/h9fUFRi5cw644gbzde6EYBKmiXv/0UnCQanLbqfkIibO ksH1Ch8+w9kX1CGMm4lzA/A2y8mTwUzUc3bcT0HF+XIFKJFFzyzwd1UVFHJbn8aO55wt0E ou0AbXMxL3lQpSw+lREt1O/QBN9Cjg8SFDtmIe3cW3tQzJcQirq4DK7AudYluWaopE1pLv 1A1pD5F8fGUUPbTsxEOkW8eO0fn86kWTK5jpQCfaGy54szs8R++/ZVfUEWwk0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=64b297e803bd8123bfef3fecaa1f8ceae9eea0e6 commit 64b297e803bd8123bfef3fecaa1f8ceae9eea0e6 Author: Michael Tuexen AuthorDate: 2022-05-28 15:40:17 +0000 Commit: Michael Tuexen CommitDate: 2022-05-28 15:40:17 +0000 sctp: improve handling of send() when association is shutdown Accept send() calls only when the association is not being shut down or the expicit message EOR mode is used and the application provides follow-up data. Reported by: syzbot+341e9ebd9d24ca7dc62a@syzkaller.appspotmail.com MFC after: 3 days --- sys/netinet/sctp_output.c | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index b8844fdc0295..3b674ba22666 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -6348,8 +6348,8 @@ sctp_msg_append(struct sctp_tcb *stcb, (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { /* got data while shutting down */ - SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); - error = ECONNRESET; + SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EPIPE); + error = EPIPE; goto out_now; } sctp_alloc_a_strmoq(stcb, sp); @@ -12293,20 +12293,10 @@ sctp_copy_it_in(struct sctp_tcb *stcb, * sb is locked however. When data is copied the protocol processing * should be enabled since this is a slower operation... */ - struct sctp_stream_queue_pending *sp = NULL; + struct sctp_stream_queue_pending *sp; int resv_in_first; *error = 0; - /* Now can we send this? */ - if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || - (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { - /* got data while shutting down */ - SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); - *error = ECONNRESET; - goto out_now; - } sctp_alloc_a_strmoq(stcb, sp); if (sp == NULL) { SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); @@ -12925,13 +12915,6 @@ sctp_lower_sosend(struct socket *so, KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0, ("Association was aborted")); - if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || - (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { - error = EPIPE; - goto out_unlocked; - } /* Ok, we will attempt a msgsnd :> */ if (p != NULL) { p->td_ru.ru_msgsnd++; @@ -13086,6 +13069,28 @@ skip_preblock: if (error != 0) { goto out; } + /* + * Reject the sending of a new user message, if the + * association is about to be shut down. + */ + if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || + (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || + (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || + (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { + if (sp->data != 0) { + sctp_m_freem(sp->data); + sp->data = NULL; + sp->tail_mbuf = NULL; + sp->length = 0; + } + if (sp->net != NULL) { + sctp_free_remote_addr(sp->net); + sp->net = NULL; + } + sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); + error = EPIPE; + goto out_unlocked; + } /* The out streams might be reallocated. */ strm = &asoc->strmout[srcv->sinfo_stream]; if (sp->msg_is_complete) {