Commit 45e77d31 authored by Ilpo Järvinen's avatar Ilpo Järvinen Committed by David S. Miller

tcp: fix crash in tcp_xmit_retransmit_queue

It can happen that there are no packets in queue while calling
tcp_xmit_retransmit_queue(). tcp_write_queue_head() then returns
NULL and that gets deref'ed to get sacked into a local var.

There is no work to do if no packets are outstanding so we just
exit early.

This oops was introduced by 08ebd172 (tcp: remove tp->lost_out
guard to make joining diff nicer).
Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
Reported-by: default avatarLennart Schulte <lennart.schulte@nets.rwth-aachen.de>
Tested-by: default avatarLennart Schulte <lennart.schulte@nets.rwth-aachen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b508998f
...@@ -2208,6 +2208,9 @@ void tcp_xmit_retransmit_queue(struct sock *sk) ...@@ -2208,6 +2208,9 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
int mib_idx; int mib_idx;
int fwd_rexmitting = 0; int fwd_rexmitting = 0;
if (!tp->packets_out)
return;
if (!tp->lost_out) if (!tp->lost_out)
tp->retransmit_high = tp->snd_una; tp->retransmit_high = tp->snd_una;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment