From: Henry Ptasinski <[email protected]>
Date: Sat, 19 Sep 2020 00:12:11 +0000
> When calculating ancestor_size with IPv6 enabled, simply using
> sizeof(struct ipv6_pinfo) doesn't account for extra bytes needed for
> alignment in the struct sctp6_sock. On x86, there aren't any extra
> bytes, but on ARM the ipv6_pinfo structure is aligned on an 8-byte
> boundary so there were 4 pad bytes that were omitted from the
> ancestor_size calculation. This would lead to corruption of the
> pd_lobby pointers, causing an oops when trying to free the sctp
> structure on socket close.
>
> Fixes: 636d25d557d1 ("sctp: not copy sctp_sock pd_lobby in
> sctp_copy_descendant")
> Signed-off-by: Henry Ptasinski <[email protected]>
Applied and queued up for -stable, thank you.
