On Sat, Nov 02, 2019 at 01:58:33AM +0800, Xin Long wrote:
On Thu, Oct 31, 2019 at 8:10 PM Sasha Levin sashal@kernel.org wrote:
On Thu, Oct 31, 2019 at 05:14:15PM +0800, Xin Long wrote:
On Thu, Oct 31, 2019 at 3:54 PM Rantala, Tommi T. (Nokia - FI/Espoo) tommi.t.rantala@nokia.com wrote:
On Sun, 2019-10-27 at 22:00 +0100, Greg Kroah-Hartman wrote:
From: Xin Long lucien.xin@gmail.com
[ Upstream commit 63dfb7938b13fa2c2fbcb45f34d065769eb09414 ]
syzbot reported a memory leak:
BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64): backtrace:
[...] slab_alloc mm/slab.c:3319 [inline] [...] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483 [...] sctp_bucket_create net/sctp/socket.c:8523 [inline] [...] sctp_get_port_local+0x189/0x5a0 net/sctp/socket.c:8270 [...] sctp_do_bind+0xcc/0x200 net/sctp/socket.c:402 [...] sctp_bindx_add+0x4b/0xd0 net/sctp/socket.c:497 [...] sctp_setsockopt_bindx+0x156/0x1b0 net/sctp/socket.c:1022 [...] sctp_setsockopt net/sctp/socket.c:4641 [inline] [...] sctp_setsockopt+0xaea/0x2dc0 net/sctp/socket.c:4611 [...] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3147 [...] __sys_setsockopt+0x10f/0x220 net/socket.c:2084 [...] __do_sys_setsockopt net/socket.c:2100 [inline]
It was caused by when sending msgs without binding a port, in the path: inet_sendmsg() -> inet_send_prepare() -> inet_autobind() -> .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is not. Later when binding another port by sctp_setsockopt_bindx(), a new bucket will be created as bp->port is not set.
sctp's autobind is supposed to call sctp_autobind() where it does all things including setting bp->port. Since sctp_autobind() is called in sctp_sendmsg() if the sk is not yet bound, it should have skipped the auto bind.
THis patch is to avoid calling inet_autobind() in inet_send_prepare() by changing sctp_prot .no_autobind with true, also remove the unused .get_port.
Hi,
I'm seeing SCTP oops in 4.14.151, reproducible easily with iperf:
# iperf3 -s -1 & # iperf3 -c localhost --sctp
This patch was also included in 4.19.81, but there it seems to be working fine.
Any ideas if this patch is valid for 4.14, or what's missing in 4.14 to make this work?
pls get this commit into 4.14, which has been in 4.19:
commit 644fbdeacf1d3edd366e44b8ba214de9d1dd66a9 Author: Xin Long lucien.xin@gmail.com Date: Sun May 20 16:39:10 2018 +0800
sctp: fix the issue that flags are ignored when using kernel_connect
Care to send a backport?
Sure, I haven't yet sent a backport for 4.14.y After I do the cherry-pick, what's the next step? Post it upstream with CCing someone ?
Just make sure stable@vger.kernel.org is Cc'ed.