tcp: tcp_v4_err() should be more careful

ICMP handlers are not very often stressed, we should make them more resilient to bugs that might surface in the future. If there is no packet in retransmit queue, we should avoid a NULL deref. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: soukjin bae <soukjin.bae@samsung.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Soheil Hassas Yeganeh <soheil@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2019-02-15 16:36:21 -0500
committer: David S. Miller <davem@davemloft.net> 2019-02-17 18:46:58 -0500
commit: 2c4cc9712364c051b1de2d175d5fbea6be948ebf (patch)
tree: 26a96c9f5c6762780a5941fddcb326eb8a555449 /net/ipv4/tcp_ipv4.c
parent: 04c03114be82194d4a4858d41dba8e286ad1787c (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index efc6fef692ff..ec3cea9d6828 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -536,12 +536,15 @@ int tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
                if (sock_owned_by_user(sk))
                        break;
+                skb = tcp_rtx_queue_head(sk);
+                if (WARN_ON_ONCE(!skb))
+                        break;
                icsk->icsk_backoff--;
                icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) :
                                               TCP_TIMEOUT_INIT;
                icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX);
-                skb = tcp_rtx_queue_head(sk);
                tcp_mstamp_refresh(tp);
                delta_us = (u32)(tp->tcp_mstamp - tcp_skb_timestamp_us(skb));
author	Eric Dumazet <edumazet@google.com>	2019-02-15 16:36:21 -0500
committer	David S. Miller <davem@davemloft.net>	2019-02-17 18:46:58 -0500
commit	2c4cc9712364c051b1de2d175d5fbea6be948ebf (patch)
tree	26a96c9f5c6762780a5941fddcb326eb8a555449 /net/ipv4/tcp_ipv4.c
parent	04c03114be82194d4a4858d41dba8e286ad1787c (diff)