 c078669340
			
		
	
	
	c078669340
	
	
	
		
			
			When we finish processing ASCONF_ACK chunk, we try to send the next queued ASCONF. This action runs the sctp state machine recursively and it's not prepared to do so. kernel BUG at kernel/timer.c:790! invalid opcode: 0000 [#1] SMP last sysfs file: /sys/module/ipv6/initstate Modules linked in: sha256_generic sctp libcrc32c ipv6 dm_multipath uinput 8139too i2c_piix4 8139cp mii i2c_core pcspkr virtio_net joydev floppy virtio_blk virtio_pci [last unloaded: scsi_wait_scan] Pid: 0, comm: swapper Not tainted 2.6.34-rc4 #15 /Bochs EIP: 0060:[<c044a2ef>] EFLAGS: 00010286 CPU: 0 EIP is at add_timer+0xd/0x1b EAX: cecbab14 EBX: 000000f0 ECX: c0957b1c EDX: 03595cf4 ESI: cecba800 EDI: cf276f00 EBP: c0957aa0 ESP: c0957aa0 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process swapper (pid: 0, ti=c0956000 task=c0988ba0 task.ti=c0956000) Stack: c0957ae0 d1851214 c0ab62e4 c0ab5f26 0500ffff 00000004 00000005 00000004 <0> 00000000 d18694fd 00000004 1666b892 cecba800 cecba800 c0957b14 00000004 <0> c0957b94 d1851b11 ceda8b00 cecba800 cf276f00 00000001 c0957b14 000000d0 Call Trace: [<d1851214>] ? sctp_side_effects+0x607/0xdfc [sctp] [<d1851b11>] ? sctp_do_sm+0x108/0x159 [sctp] [<d1863386>] ? sctp_pname+0x0/0x1d [sctp] [<d1861a56>] ? sctp_primitive_ASCONF+0x36/0x3b [sctp] [<d185657c>] ? sctp_process_asconf_ack+0x2a4/0x2d3 [sctp] [<d184e35c>] ? sctp_sf_do_asconf_ack+0x1dd/0x2b4 [sctp] [<d1851ac1>] ? sctp_do_sm+0xb8/0x159 [sctp] [<d1863334>] ? sctp_cname+0x0/0x52 [sctp] [<d1854377>] ? sctp_assoc_bh_rcv+0xac/0xe1 [sctp] [<d1858f0f>] ? sctp_inq_push+0x2d/0x30 [sctp] [<d186329d>] ? sctp_rcv+0x797/0x82e [sctp] Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Yuansong Qiao <ysqiao@research.ait.ie> Signed-off-by: Shuaijun Zhang <szhang@research.ait.ie> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
		
			
				
	
	
		
			226 lines
		
	
	
	
		
			8.8 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			226 lines
		
	
	
	
		
			8.8 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
| /* SCTP kernel Implementation
 | |
|  * (C) Copyright IBM Corp. 2001, 2004
 | |
|  * Copyright (C) 1999-2001 Cisco, Motorola
 | |
|  *
 | |
|  * This file is part of the SCTP kernel implementation
 | |
|  *
 | |
|  * These are the definitions needed for the command object.
 | |
|  *
 | |
|  * This SCTP implementation  is free software;
 | |
|  * you can redistribute it and/or modify it under the terms of
 | |
|  * the GNU General Public License as published by
 | |
|  * the Free Software Foundation; either version 2, or (at your option)
 | |
|  * any later version.
 | |
|  *
 | |
|  * This SCTP implementation  is distributed in the hope that it
 | |
|  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
 | |
|  *                 ************************
 | |
|  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 | |
|  * See the GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with GNU CC; see the file COPYING.  If not, write to
 | |
|  * the Free Software Foundation, 59 Temple Place - Suite 330,
 | |
|  * Boston, MA 02111-1307, USA.
 | |
|  *
 | |
|  * Please send any bug reports or fixes you make to one of the
 | |
|  * following email addresses:
 | |
|  *
 | |
|  * La Monte H.P. Yarroll <piggy@acm.org>
 | |
|  * Karl Knutson <karl@athena.chicago.il.us>
 | |
|  * Ardelle Fan <ardelle.fan@intel.com>
 | |
|  * Sridhar Samudrala <sri@us.ibm.com>
 | |
|  *
 | |
|  * Any bugs reported given to us we will try to fix... any fixes shared will
 | |
|  * be incorporated into the next SCTP release.
 | |
|  */
 | |
| 
 | |
| 
 | |
| #ifndef __net_sctp_command_h__
 | |
| #define __net_sctp_command_h__
 | |
| 
 | |
| #include <net/sctp/constants.h>
 | |
| #include <net/sctp/structs.h>
 | |
| 
 | |
| 
 | |
| typedef enum {
 | |
| 	SCTP_CMD_NOP = 0,	/* Do nothing. */
 | |
| 	SCTP_CMD_NEW_ASOC,	/* Register a new association.  */
 | |
| 	SCTP_CMD_DELETE_TCB,	/* Delete the current association. */
 | |
| 	SCTP_CMD_NEW_STATE,	/* Enter a new state.  */
 | |
| 	SCTP_CMD_REPORT_TSN,	/* Record the arrival of a TSN.  */
 | |
| 	SCTP_CMD_GEN_SACK,	/* Send a Selective ACK (maybe).  */
 | |
| 	SCTP_CMD_PROCESS_SACK,	/* Process an inbound SACK.  */
 | |
| 	SCTP_CMD_GEN_INIT_ACK,	/* Generate an INIT ACK chunk.  */
 | |
| 	SCTP_CMD_PEER_INIT,	/* Process a INIT from the peer.  */
 | |
| 	SCTP_CMD_GEN_COOKIE_ECHO, /* Generate a COOKIE ECHO chunk. */
 | |
| 	SCTP_CMD_CHUNK_ULP,	/* Send a chunk to the sockets layer.  */
 | |
| 	SCTP_CMD_EVENT_ULP,	/* Send a notification to the sockets layer. */
 | |
| 	SCTP_CMD_REPLY,		/* Send a chunk to our peer.  */
 | |
| 	SCTP_CMD_SEND_PKT,	/* Send a full packet to our peer.  */
 | |
| 	SCTP_CMD_RETRAN,	/* Mark a transport for retransmission.  */
 | |
| 	SCTP_CMD_ECN_CE,        /* Do delayed CE processing.   */
 | |
| 	SCTP_CMD_ECN_ECNE,	/* Do delayed ECNE processing. */
 | |
| 	SCTP_CMD_ECN_CWR,	/* Do delayed CWR processing.  */
 | |
| 	SCTP_CMD_TIMER_START,	/* Start a timer.  */
 | |
| 	SCTP_CMD_TIMER_RESTART,	/* Restart a timer. */
 | |
| 	SCTP_CMD_TIMER_STOP,	/* Stop a timer. */
 | |
| 	SCTP_CMD_INIT_CHOOSE_TRANSPORT, /* Choose transport for an INIT. */
 | |
| 	SCTP_CMD_INIT_COUNTER_RESET, /* Reset init counter. */
 | |
| 	SCTP_CMD_INIT_COUNTER_INC,   /* Increment init counter. */
 | |
| 	SCTP_CMD_INIT_RESTART,  /* High level, do init timer work. */
 | |
| 	SCTP_CMD_COOKIEECHO_RESTART,  /* High level, do cookie-echo timer work. */
 | |
| 	SCTP_CMD_INIT_FAILED,   /* High level, do init failure work. */
 | |
| 	SCTP_CMD_REPORT_DUP,	/* Report a duplicate TSN.  */
 | |
| 	SCTP_CMD_STRIKE,	/* Mark a strike against a transport.  */
 | |
| 	SCTP_CMD_TRANSMIT,      /* Transmit the outqueue. */
 | |
| 	SCTP_CMD_HB_TIMERS_START,    /* Start the heartbeat timers. */
 | |
| 	SCTP_CMD_HB_TIMER_UPDATE,    /* Update a heartbeat timers.  */
 | |
| 	SCTP_CMD_HB_TIMERS_STOP,     /* Stop the heartbeat timers.  */
 | |
| 	SCTP_CMD_TRANSPORT_HB_SENT,  /* Reset the status of a transport. */
 | |
| 	SCTP_CMD_TRANSPORT_IDLE,     /* Do manipulations on idle transport */
 | |
| 	SCTP_CMD_TRANSPORT_ON,       /* Mark the transport as active. */
 | |
| 	SCTP_CMD_REPORT_ERROR,   /* Pass this error back out of the sm. */
 | |
| 	SCTP_CMD_REPORT_BAD_TAG, /* Verification tags didn't match. */
 | |
| 	SCTP_CMD_PROCESS_CTSN,   /* Sideeffect from shutdown. */
 | |
| 	SCTP_CMD_ASSOC_FAILED,	 /* Handle association failure. */
 | |
| 	SCTP_CMD_DISCARD_PACKET, /* Discard the whole packet. */
 | |
| 	SCTP_CMD_GEN_SHUTDOWN,   /* Generate a SHUTDOWN chunk. */
 | |
| 	SCTP_CMD_UPDATE_ASSOC,   /* Update association information. */
 | |
| 	SCTP_CMD_PURGE_OUTQUEUE, /* Purge all data waiting to be sent. */
 | |
| 	SCTP_CMD_SETUP_T2,       /* Hi-level, setup T2-shutdown parms.  */
 | |
| 	SCTP_CMD_RTO_PENDING,	 /* Set transport's rto_pending. */
 | |
| 	SCTP_CMD_PART_DELIVER,	 /* Partial data delivery considerations. */
 | |
| 	SCTP_CMD_RENEGE,         /* Renege data on an association. */
 | |
| 	SCTP_CMD_SETUP_T4,	 /* ADDIP, setup T4 RTO timer parms. */
 | |
| 	SCTP_CMD_PROCESS_OPERR,  /* Process an ERROR chunk. */
 | |
| 	SCTP_CMD_REPORT_FWDTSN,	 /* Report new cumulative TSN Ack. */
 | |
| 	SCTP_CMD_PROCESS_FWDTSN, /* Skips were reported, so process further. */
 | |
| 	SCTP_CMD_CLEAR_INIT_TAG, /* Clears association peer's inittag. */
 | |
| 	SCTP_CMD_DEL_NON_PRIMARY, /* Removes non-primary peer transports. */
 | |
| 	SCTP_CMD_T3_RTX_TIMERS_STOP, /* Stops T3-rtx pending timers */
 | |
| 	SCTP_CMD_FORCE_PRIM_RETRAN,  /* Forces retrans. over primary path. */
 | |
| 	SCTP_CMD_SET_SK_ERR,	 /* Set sk_err */
 | |
| 	SCTP_CMD_ASSOC_CHANGE,	 /* generate and send assoc_change event */
 | |
| 	SCTP_CMD_ADAPTATION_IND, /* generate and send adaptation event */
 | |
| 	SCTP_CMD_ASSOC_SHKEY,    /* generate the association shared keys */
 | |
| 	SCTP_CMD_T1_RETRAN,	 /* Mark for retransmission after T1 timeout  */
 | |
| 	SCTP_CMD_UPDATE_INITTAG, /* Update peer inittag */
 | |
| 	SCTP_CMD_SEND_MSG,	 /* Send the whole use message */
 | |
| 	SCTP_CMD_SEND_NEXT_ASCONF, /* Send the next ASCONF after ACK */
 | |
| 	SCTP_CMD_LAST
 | |
| } sctp_verb_t;
 | |
| 
 | |
| #define SCTP_CMD_MAX		(SCTP_CMD_LAST - 1)
 | |
| #define SCTP_CMD_NUM_VERBS	(SCTP_CMD_MAX + 1)
 | |
| 
 | |
| /* How many commands can you put in an sctp_cmd_seq_t?
 | |
|  * This is a rather arbitrary number, ideally derived from a careful
 | |
|  * analysis of the state functions, but in reality just taken from
 | |
|  * thin air in the hopes othat we don't trigger a kernel panic.
 | |
|  */
 | |
| #define SCTP_MAX_NUM_COMMANDS 14
 | |
| 
 | |
| typedef union {
 | |
| 	__s32 i32;
 | |
| 	__u32 u32;
 | |
| 	__be32 be32;
 | |
| 	__u16 u16;
 | |
| 	__u8 u8;
 | |
| 	int error;
 | |
| 	__be16 err;
 | |
| 	sctp_state_t state;
 | |
| 	sctp_event_timeout_t to;
 | |
| 	unsigned long zero;
 | |
| 	void *ptr;
 | |
| 	struct sctp_chunk *chunk;
 | |
| 	struct sctp_association *asoc;
 | |
| 	struct sctp_transport *transport;
 | |
| 	struct sctp_bind_addr *bp;
 | |
| 	sctp_init_chunk_t *init;
 | |
| 	struct sctp_ulpevent *ulpevent;
 | |
| 	struct sctp_packet *packet;
 | |
| 	sctp_sackhdr_t *sackh;
 | |
| 	struct sctp_datamsg *msg;
 | |
| } sctp_arg_t;
 | |
| 
 | |
| /* We are simulating ML type constructors here.
 | |
|  *
 | |
|  * SCTP_ARG_CONSTRUCTOR(NAME, TYPE, ELT) builds a function called
 | |
|  * SCTP_NAME() which takes an argument of type TYPE and returns an
 | |
|  * sctp_arg_t.  It does this by inserting the sole argument into the
 | |
|  * ELT union element of a local sctp_arg_t.
 | |
|  *
 | |
|  * E.g., SCTP_ARG_CONSTRUCTOR(I32, __s32, i32) builds SCTP_I32(arg),
 | |
|  * which takes an __s32 and returns a sctp_arg_t containing the
 | |
|  * __s32.  So, after foo = SCTP_I32(arg), foo.i32 == arg.
 | |
|  */
 | |
| static inline sctp_arg_t SCTP_NULL(void)
 | |
| {
 | |
| 	sctp_arg_t retval; retval.ptr = NULL; return retval;
 | |
| }
 | |
| static inline sctp_arg_t SCTP_NOFORCE(void)
 | |
| {
 | |
| 	sctp_arg_t retval = {.zero = 0UL}; retval.i32 = 0; return retval;
 | |
| }
 | |
| static inline sctp_arg_t SCTP_FORCE(void)
 | |
| {
 | |
| 	sctp_arg_t retval = {.zero = 0UL}; retval.i32 = 1; return retval;
 | |
| }
 | |
| 
 | |
| #define SCTP_ARG_CONSTRUCTOR(name, type, elt) \
 | |
| static inline sctp_arg_t	\
 | |
| SCTP_## name (type arg)		\
 | |
| { sctp_arg_t retval = {.zero = 0UL}; retval.elt = arg; return retval; }
 | |
| 
 | |
| SCTP_ARG_CONSTRUCTOR(I32,	__s32, i32)
 | |
| SCTP_ARG_CONSTRUCTOR(U32,	__u32, u32)
 | |
| SCTP_ARG_CONSTRUCTOR(BE32,	__be32, be32)
 | |
| SCTP_ARG_CONSTRUCTOR(U16,	__u16, u16)
 | |
| SCTP_ARG_CONSTRUCTOR(U8,	__u8, u8)
 | |
| SCTP_ARG_CONSTRUCTOR(ERROR,     int, error)
 | |
| SCTP_ARG_CONSTRUCTOR(PERR,      __be16, err)	/* protocol error */
 | |
| SCTP_ARG_CONSTRUCTOR(STATE,	sctp_state_t, state)
 | |
| SCTP_ARG_CONSTRUCTOR(TO,	sctp_event_timeout_t, to)
 | |
| SCTP_ARG_CONSTRUCTOR(PTR,	void *, ptr)
 | |
| SCTP_ARG_CONSTRUCTOR(CHUNK,	struct sctp_chunk *, chunk)
 | |
| SCTP_ARG_CONSTRUCTOR(ASOC,	struct sctp_association *, asoc)
 | |
| SCTP_ARG_CONSTRUCTOR(TRANSPORT,	struct sctp_transport *, transport)
 | |
| SCTP_ARG_CONSTRUCTOR(BA,	struct sctp_bind_addr *, bp)
 | |
| SCTP_ARG_CONSTRUCTOR(PEER_INIT,	sctp_init_chunk_t *, init)
 | |
| SCTP_ARG_CONSTRUCTOR(ULPEVENT,  struct sctp_ulpevent *, ulpevent)
 | |
| SCTP_ARG_CONSTRUCTOR(PACKET,	struct sctp_packet *, packet)
 | |
| SCTP_ARG_CONSTRUCTOR(SACKH,	sctp_sackhdr_t *, sackh)
 | |
| SCTP_ARG_CONSTRUCTOR(DATAMSG,	struct sctp_datamsg *, msg)
 | |
| 
 | |
| typedef struct {
 | |
| 	sctp_arg_t obj;
 | |
| 	sctp_verb_t verb;
 | |
| } sctp_cmd_t;
 | |
| 
 | |
| typedef struct {
 | |
| 	sctp_cmd_t cmds[SCTP_MAX_NUM_COMMANDS];
 | |
| 	__u8 next_free_slot;
 | |
| 	__u8 next_cmd;
 | |
| } sctp_cmd_seq_t;
 | |
| 
 | |
| 
 | |
| /* Initialize a block of memory as a command sequence.
 | |
|  * Return 0 if the initialization fails.
 | |
|  */
 | |
| int sctp_init_cmd_seq(sctp_cmd_seq_t *seq);
 | |
| 
 | |
| /* Add a command to an sctp_cmd_seq_t.
 | |
|  *
 | |
|  * Use the SCTP_* constructors defined by SCTP_ARG_CONSTRUCTOR() above
 | |
|  * to wrap data which goes in the obj argument.
 | |
|  */
 | |
| void sctp_add_cmd_sf(sctp_cmd_seq_t *seq, sctp_verb_t verb, sctp_arg_t obj);
 | |
| 
 | |
| /* Return the next command structure in an sctp_cmd_seq.
 | |
|  * Return NULL at the end of the sequence.
 | |
|  */
 | |
| sctp_cmd_t *sctp_next_cmd(sctp_cmd_seq_t *seq);
 | |
| 
 | |
| #endif /* __net_sctp_command_h__ */
 | |
| 
 |