linux/net/sctp
Xin Long 63dfb7938b sctp: change sctp_prot .no_autobind with true
syzbot reported a memory leak:

  BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
  backtrace:

    [...] slab_alloc mm/slab.c:3319 [inline]
    [...] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
    [...] sctp_bucket_create net/sctp/socket.c:8523 [inline]
    [...] sctp_get_port_local+0x189/0x5a0 net/sctp/socket.c:8270
    [...] sctp_do_bind+0xcc/0x200 net/sctp/socket.c:402
    [...] sctp_bindx_add+0x4b/0xd0 net/sctp/socket.c:497
    [...] sctp_setsockopt_bindx+0x156/0x1b0 net/sctp/socket.c:1022
    [...] sctp_setsockopt net/sctp/socket.c:4641 [inline]
    [...] sctp_setsockopt+0xaea/0x2dc0 net/sctp/socket.c:4611
    [...] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3147
    [...] __sys_setsockopt+0x10f/0x220 net/socket.c:2084
    [...] __do_sys_setsockopt net/socket.c:2100 [inline]

It was caused by when sending msgs without binding a port, in the path:
inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
.get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
not. Later when binding another port by sctp_setsockopt_bindx(), a new
bucket will be created as bp->port is not set.

sctp's autobind is supposed to call sctp_autobind() where it does all
things including setting bp->port. Since sctp_autobind() is called in
sctp_sendmsg() if the sk is not yet bound, it should have skipped the
auto bind.

THis patch is to avoid calling inet_autobind() in inet_send_prepare()
by changing sctp_prot .no_autobind with true, also remove the unused
.get_port.

Reported-by: syzbot+d44f7bbebdea49dbc84a@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-15 20:37:51 -07:00
..
associola.c sctp: not set peer.asconf_capable in sctp_association_init 2019-08-19 18:27:28 -07:00
auth.c sctp: add sctp_auth_init and sctp_auth_free 2019-08-19 18:27:29 -07:00
bind_addr.c sctp: remove rcu_read_lock from sctp_bind_addr_state 2019-07-08 20:18:11 -07:00
chunk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
debug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
diag.c net: silence KCSAN warnings about sk->sk_backlog.len reads 2019-10-09 21:43:00 -07:00
endpointola.c sctp: make ecn flag per netns and endpoint 2019-08-27 20:54:14 -07:00
input.c net: silence KCSAN warnings around sk_add_backlog() calls 2019-10-09 21:42:59 -07:00
inqueue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
ipv6.c ipv6: add priority parameter to ip6_xmit() 2019-09-27 12:05:02 +02:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
output.c sctp: count data bundling sack chunk for outctrlchunks 2019-07-03 11:41:24 -07:00
outqueue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
primitive.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
protocol.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-15 14:17:27 +02:00
sm_make_chunk.c sctp: make ecn flag per netns and endpoint 2019-08-27 20:54:14 -07:00
sm_sideeffect.c sctp: use transport pf_retrans in sctp_do_8_2_transport_strike 2019-09-05 00:29:21 +02:00
sm_statefuns.c sctp: check asoc peer.asconf_capable before processing asconf 2019-08-19 18:27:28 -07:00
sm_statetable.c sctp: remove net sctp.x_enable working as a global switch 2019-08-19 18:27:29 -07:00
socket.c sctp: change sctp_prot .no_autobind with true 2019-10-15 20:37:51 -07:00
stream_interleave.c sctp: rename asoc intl_enable to asoc peer.intl_capable 2019-07-08 20:16:25 -07:00
stream_sched_prio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
stream_sched_rr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
stream_sched.c sctp: rename asoc intl_enable to asoc peer.intl_capable 2019-07-08 20:16:25 -07:00
stream.c sctp: fix memleak in sctp_send_reset_streams 2019-08-13 20:45:01 -07:00
sysctl.c sctp: allow users to set netns ecn flag with sysctl 2019-08-27 20:54:14 -07:00
transport.c sctp: only copy the available addr data in sctp_transport_init 2019-07-30 14:18:14 -07:00
tsnmap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
ulpevent.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
ulpqueue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00