From nobody Thu Sep 18 12:38:13 2025 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:a689:0:0:0:0:0 with SMTP id j9csp228997jam; Thu, 23 Sep 2021 03:08:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyjroWfAKtAss5et+KaNOukdXtDQd0on2NHdT7f1T/o3rSQlNBWpSyL0BJ6EUKjvaRVaDG0 X-Received: by 2002:a62:77c3:0:b0:44b:4085:86e0 with SMTP id s186-20020a6277c3000000b0044b408586e0mr1827646pfc.42.1632391736120; Thu, 23 Sep 2021 03:08:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632391736; cv=none; d=google.com; s=arc-20160816; b=rPLezGakkbDKyD6H5qnWU/CdR4iZMIQguVuVWP0VCsuhbhx5y+/Rq5SVRaGFbKI/5w qZO6MzrAz4a0aoqr7mdsObaEtjteJ5+Ou50uM/xSooR3PhkNAILbFX48xiUZDe6s0AvJ pX9QasYC1sB1pfyIVNVY+0eQtHX4rb4Bp38epWA+V73upliubZaTZ9EZJMBqbwSexIJW kJ+rQp0DO8Ef7ZYg21OXYuKpFcKEUz08Yb8KxPzuApawQwchA9NOiYzHwJC/kzqghHks vjTyDcffY8Yu+bzkbU4HQvpsLbb18cH/WcILH2nX15wD3DQh8cRdOHGd5OIhJYhHvxSf zHuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=7gHemA35fkUVsjKJxC3BJ8N5NBN8o8z0rO3dZwxUvY0=; b=dukX58FhaIZIdxUKfQfW4LLbh7XVvfUEK6F5TL+hQ5iw9bOnqn4k732C/e4uP8xS/r p9yj5jnln8mYUg8d9/OcS0jcASuRKCNzfDOTBaCCVNDz75OI3LxYSh4gV8IxZ2jScRgO Nvzo/bd37OuwoXmHC//Zj462fYIQ9XVW/ibMMG5UtMC0SfI4/gCQQvOYBRvCtnuGnQ6A pSqgHCVLI84gTkTi54Gm1b+kEhpLU+Ax8rvKknKRGWa3Ed9XAxes87V/y4uWkFaOZgoh 0AHAUYn8XFyO7DijFcx8K9lAgaPLZosCmJFVsTIk7RF2cU40DKCc7HMdfIvn4DFmrnoX EkPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hD4ITq5n; spf=pass (google.com: domain of mptcp+bounces-2029-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) smtp.mailfrom="mptcp+bounces-2029-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [147.75.69.165]) by mx.google.com with ESMTPS id m1si6498199pfh.352.2021.09.23.03.08.55 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Sep 2021 03:08:56 -0700 (PDT) Received-SPF: pass (google.com: domain of mptcp+bounces-2029-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) client-ip=147.75.69.165; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hD4ITq5n; spf=pass (google.com: domain of mptcp+bounces-2029-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) smtp.mailfrom="mptcp+bounces-2029-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id 939663E0F97 for ; Thu, 23 Sep 2021 10:08:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A50BC2FAE; Thu, 23 Sep 2021 10:08:54 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18F4B29CA for ; Thu, 23 Sep 2021 10:08:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632391732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7gHemA35fkUVsjKJxC3BJ8N5NBN8o8z0rO3dZwxUvY0=; b=hD4ITq5nKA+NG+cxilkzlOpOdKl6UtE8ECzeWzm2GGx7re08Uc48yOgdAAPaB7TkNIOOAZ Z7ZZUuUJskb+jgyDGD5zAnPR9t2KsTsaDGr9bKqGGftQA/BNiSMoynf0aMIvRAI3obTeWS kz3nqZrKXNDGUsAiVRI2KqYpl7OU7Vc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-95-oieLsKPzNnihcbhz3y-_fw-1; Thu, 23 Sep 2021 06:08:50 -0400 X-MC-Unique: oieLsKPzNnihcbhz3y-_fw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C0B3810144E3 for ; Thu, 23 Sep 2021 10:08:49 +0000 (UTC) Received: from gerbillo.redhat.com (unknown [10.39.195.157]) by smtp.corp.redhat.com (Postfix) with ESMTP id 392BB5D9CA for ; Thu, 23 Sep 2021 10:08:49 +0000 (UTC) From: Paolo Abeni To: mptcp@lists.linux.dev Subject: [PATCH mptcp-net] mptcp: fix possible stall on recvmsg() Date: Thu, 23 Sep 2021 12:08:43 +0200 Message-Id: <0a9c1bd78a8f0c5a57a19cf5ce58df4e507e1d7e.1632391713.git.pabeni@redhat.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pabeni@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request and no more data is received by the peer. When the above happens, mptcp_wait_data() will always return with no wait, as the MPTCP_DATA_READY flag checked by such function is set and never cleared in such code path. Before releasing the mptcp socket lock, we must explicitly update such bit status. The code is already there at recvmsg() completion, factor out an helper and use it both at recvmsg() completion and before calling mptcp_wait_data(). Fixes: 7a6a6cbc3e59 ("mptcp: recvmsg() can drain data from multiple subflow= ") Signed-off-by: Paolo Abeni --- Note: - for net-next we could possibly consider removing the DATA_READY flag and switch to checking directly sk_receive_queue instead --- net/mptcp/protocol.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index dbcebf56798f..6b334f9b6242 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1759,11 +1759,32 @@ static int mptcp_sendmsg(struct sock *sk, struct ms= ghdr *msg, size_t len) return copied ? : ret; } =20 +static bool __mptcp_move_skbs(struct mptcp_sock *msk); + +static void mptcp_update_ready_flag(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + + if (skb_queue_empty_lockless(&sk->sk_receive_queue) && + skb_queue_empty(&msk->receive_queue)) { + /* entire backlog drained, clear DATA_READY. */ + clear_bit(MPTCP_DATA_READY, &msk->flags); + + /* .. race-breaker: ssk might have gotten new data + * after last __mptcp_move_skbs() returned false. + */ + if (unlikely(__mptcp_move_skbs(msk))) + set_bit(MPTCP_DATA_READY, &msk->flags); + } +} + static void mptcp_wait_data(struct sock *sk, long *timeo) { DEFINE_WAIT_FUNC(wait, woken_wake_function); struct mptcp_sock *msk =3D mptcp_sk(sk); =20 + mptcp_update_ready_flag(sk); + add_wait_queue(sk_sleep(sk), &wait); sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); =20 @@ -2080,17 +2101,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msg= hdr *msg, size_t len, mptcp_wait_data(sk, &timeo); } =20 - if (skb_queue_empty_lockless(&sk->sk_receive_queue) && - skb_queue_empty(&msk->receive_queue)) { - /* entire backlog drained, clear DATA_READY. */ - clear_bit(MPTCP_DATA_READY, &msk->flags); - - /* .. race-breaker: ssk might have gotten new data - * after last __mptcp_move_skbs() returned false. - */ - if (unlikely(__mptcp_move_skbs(msk))) - set_bit(MPTCP_DATA_READY, &msk->flags); - } + mptcp_update_ready_flag(sk); =20 out_err: if (cmsg_flags && copied >=3D 0) { --=20 2.26.3