From nobody Wed Feb 01 22:59:46 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6cnG54jMz3cGjy; Wed, 1 Feb 2023 22:59:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6cnG4XPqz3FFB; Wed, 1 Feb 2023 22:59:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675292386; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8F29H/BRFgpscLhs0lNPgvmiSDd35ayU7Yb8+75fBM=; b=vrNjEHG4Yky6JC2DQKgA8jseMrGFiybjKLYxne7xAiBOzO+uxx71ffQ6Q5v6SdQ3f69TNr XMM+TFjyI7cR13V6F/owlu6sFwS5F6wgpX4aCW6Q67UDnpT84M6evDephRlhX4j/FxC8zy xc4nwBqwYuAuWLP6o/g2aHDUBOQDHTfVtDXswXM7/ziqr40naptr0Q9p/mcw5+fUAMsZ0/ 0zeyGKtfWhdx0cpwdp18hB4ef9yDI/Fx93pUU7pcuP4tGoCQ2v+sr65uRygv2G2VuuaHeG FvZc7fxc14p9+NGMpd/t/8QFLmdRTry+gtm2QQNzJdfThaiXc+F7tOyLHDiqhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675292386; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8F29H/BRFgpscLhs0lNPgvmiSDd35ayU7Yb8+75fBM=; b=vo5YlqenB06FhulNbt2seQBUsOj1kl427JByf9sDCqziLOitHeyYbdEXDY/SGa+IH1g9o1 OfnUHLeg1p0PK0VkfO9R0DD4vf9Hpc4xKyP/+J+Gy+/tTLM9ZLH8E5ZF5nQcs3w6dKq6uA 1kIv8PVgggV3A6qtt96uxBU5WLvBRVP3mZk62t/WruMHW5hnpKitS/Q0qNALhaqp5G2jvu 5lhLrAkMhy3RXOeNybTN7SCcea0e537+n/Qi1exoMiUFlIf42pOJZGnHBFGD9Qp63/68Ll NesTkX00ySKW4R+r+suPYzJ7teVTKp2/IX+F3/aU/7GIN/WPkSYDvBz67q3ckA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675292386; a=rsa-sha256; cv=none; b=i64FR4hkX9/i07xu/pCcBraAyu7S+Zx+VllE29c1bKwDn1ZhzwnY+Y3+h+ctFUPZxf1NTp 6YDwVLqkR9z6OnELez3AA2w0dDZExJYDIc/U9gnv9DVoARFGfuin/042Hc/HygogW04L7P EZCqP0Bnlo81D8YV9c6HfkFsK9aRCTPBvuzLvfYpUghkxTNqIxJkhfPsaTJZnodO+sn/bx s1tHTgv1bZ+7R8Xv34okuUhnea7f3taSoLO+wvdFXmjreGk/Ey3SEKTodpg38dltqVHjn8 +uxxBYB4LYOp4NAb8CHbYwf8iQmOb9bhBs2ERgA3lQn+H+keC/kjC4ZIeyILYQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P6cnG3ZvCzWTs; Wed, 1 Feb 2023 22:59:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 311MxkSe018247; Wed, 1 Feb 2023 22:59:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 311MxkvS018246; Wed, 1 Feb 2023 22:59:46 GMT (envelope-from git) Date: Wed, 1 Feb 2023 22:59:46 GMT Message-Id: <202302012259.311MxkvS018246@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: f25aa6dc17d7 - stable/13 - sctp: improve handling of send() when association is shutdown List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f25aa6dc17d761c4cf2727e630f5aee128f10403 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=f25aa6dc17d761c4cf2727e630f5aee128f10403 commit f25aa6dc17d761c4cf2727e630f5aee128f10403 Author: Michael Tuexen AuthorDate: 2022-05-28 15:40:17 +0000 Commit: Michael Tuexen CommitDate: 2023-02-01 22:59:22 +0000 sctp: improve handling of send() when association is shutdown Accept send() calls only when the association is not being shut down or the expicit message EOR mode is used and the application provides follow-up data. Reported by: syzbot+341e9ebd9d24ca7dc62a@syzkaller.appspotmail.com (cherry picked from commit 64b297e803bd8123bfef3fecaa1f8ceae9eea0e6) --- sys/netinet/sctp_output.c | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 45a27e5d2e1d..dfad4e5dfa08 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -6348,8 +6348,8 @@ sctp_msg_append(struct sctp_tcb *stcb, (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { /* got data while shutting down */ - SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); - error = ECONNRESET; + SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EPIPE); + error = EPIPE; goto out_now; } sctp_alloc_a_strmoq(stcb, sp); @@ -12291,20 +12291,10 @@ sctp_copy_it_in(struct sctp_tcb *stcb, * sb is locked however. When data is copied the protocol processing * should be enabled since this is a slower operation... */ - struct sctp_stream_queue_pending *sp = NULL; + struct sctp_stream_queue_pending *sp; int resv_in_first; *error = 0; - /* Now can we send this? */ - if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || - (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { - /* got data while shutting down */ - SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); - *error = ECONNRESET; - goto out_now; - } sctp_alloc_a_strmoq(stcb, sp); if (sp == NULL) { SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); @@ -12923,13 +12913,6 @@ sctp_lower_sosend(struct socket *so, KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0, ("Association was aborted")); - if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || - (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || - (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { - error = EPIPE; - goto out_unlocked; - } /* Ok, we will attempt a msgsnd :> */ if (p != NULL) { p->td_ru.ru_msgsnd++; @@ -13084,6 +13067,28 @@ skip_preblock: if (error != 0) { goto out; } + /* + * Reject the sending of a new user message, if the + * association is about to be shut down. + */ + if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) || + (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) || + (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || + (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { + if (sp->data != 0) { + sctp_m_freem(sp->data); + sp->data = NULL; + sp->tail_mbuf = NULL; + sp->length = 0; + } + if (sp->net != NULL) { + sctp_free_remote_addr(sp->net); + sp->net = NULL; + } + sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); + error = EPIPE; + goto out_unlocked; + } /* The out streams might be reallocated. */ strm = &asoc->strmout[srcv->sinfo_stream]; if (sp->msg_is_complete) {