sctp: fix panic when T4-rto timer expire on removed transport

If T4-rto timer is expired on a removed transport, kernel panic will occur when we do failure management on that transport. You can reproduce this use the following sequence: Endpoint A Endpoint B (ESTABLISHED) (ESTABLISHED) <----------------- ASCONF (SRC=X) ASCONF -----------------> (Delete IP Address = X) <----------------- ASCONF-ACK (Success Indication) <----------------- ASCONF (T4-rto timer expire) This patch fixed the problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
author: Wei Yongjun <yjwei@cn.fujitsu.com> 2009-04-26 23:14:42 +0800
committer: Vlad Yasevich <vladislav.yasevich@hp.com> 2009-06-03 09:14:46 -0400
commit: 10a43cea7da841cf85a778a1a4d367fb2de7cbce (patch)
tree: 9a2accb2150d3bfa7f2efc1a824b43ca654fb7ba /net/sctp/associola.c
parent: 6345b19985e9f3ec31b61720de01806e3ef680fe (diff)
download: linux-10a43cea7da841cf85a778a1a4d367fb2de7cbce.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 3be28fed5915..8d3aef9d0615 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -575,6 +575,13 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
 	if (asoc->shutdown_last_sent_to == peer)
 		asoc->shutdown_last_sent_to = NULL;
 
+	/* If we remove the transport an ASCONF was last sent to, set it to
+	 * NULL.
+	 */
+	if (asoc->addip_last_asconf &&
+	    asoc->addip_last_asconf->transport == peer)
+		asoc->addip_last_asconf->transport = NULL;
+
 	asoc->peer.transport_count--;
 
 	sctp_transport_free(peer);
author	Wei Yongjun <yjwei@cn.fujitsu.com>	2009-04-26 23:14:42 +0800
committer	Vlad Yasevich <vladislav.yasevich@hp.com>	2009-06-03 09:14:46 -0400
commit	10a43cea7da841cf85a778a1a4d367fb2de7cbce (patch)
tree	9a2accb2150d3bfa7f2efc1a824b43ca654fb7ba /net/sctp/associola.c
parent	6345b19985e9f3ec31b61720de01806e3ef680fe (diff)
download	linux-10a43cea7da841cf85a778a1a4d367fb2de7cbce.tar.gz