From nobody Fri May 3 14:06:02 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp3448687jap; Sun, 5 Dec 2021 11:27:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJy7HMzmkJZdcp4YgQWjz/A6Pbiuo6waBoUVM7J5fI4OzGDtUjYTUOk+YiL3KQxocpgbnVSg X-Received: by 2002:a17:90a:ba13:: with SMTP id s19mr31328136pjr.62.1638732470467; Sun, 05 Dec 2021 11:27:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638732470; cv=none; d=google.com; s=arc-20160816; b=O8O/mGlUTXU/tPDTBQUFKhImzZB8LqFfD3Wyt1zrDOTc+90ZAKiNiH9CWueOy0UGGZ TCpk6fG8PgxMUOonEvR8Zg/DuBApwJy3bBIoRkNl37IXQhY4owo7xiOOxPR5QsKWkiEf QWdM1JQK/SnANYXMoYlREHAF3ek0NNgR8MIVi7+n4dAHl/zxm+m9vKbMO3+qrQxHw4lX /pGj53xi72TTiQjUAZNoxKNhOmLgdv+Lq0rTfUvg+hk6H/W1UIqOfpqlDCOYsumIU2cU VsLL1EIpcVaJi35xYovQ8zLy0wsDwslXt0uWYMdODQSKVAY7jxz0ylwErqoLkQ8U95Po Wabw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=xg1n3C6s2Uvq9LBGJY/Bx3bIB51CmblIQEKwrmTdAoQ=; b=zdhZOzVwlDNNIeAoWEKpDeyA4EmYs/fdJVM/mc70lH0piki8cLd4RtDCS3cg14ZKNG nM3AE7kjRd7jTGheAk9y6mNPv2QU7lf2/AIK/LhuctnzVXYxQTrD+aOyRiucoOhb4lbt k4GzW/xNbnwFyjF6a1/yuPWv7L/124tMuhtQhU1ksuQLhwpCmmxm3LLjI70B3hjK5hLc iazjy3E372kWFWdLpZR7KAIJxP2eqO5kfM1RgOFw1j5Wf1e7UHT9QKu3xa59+Tz4+of9 xNZjqR/OrXs0MDk90GI020XeBVLpJ3XcyoO0Y6L+iAzLWwh/OdFBJ2tnMrSDq1X+dZPz 0Faw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2639-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2639-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [2604:1380:1000:8100::1]) by mx.google.com with ESMTPS id b14si11919251plh.277.2021.12.05.11.27.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Dec 2021 11:27:50 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2639-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) client-ip=2604:1380:1000:8100::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2639-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2639-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id 958483E046D for ; Sun, 5 Dec 2021 19:27:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9733329CA; Sun, 5 Dec 2021 19:27:48 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CCD02C9D for ; Sun, 5 Dec 2021 19:27:47 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1mtxAg-0004BD-L7; Sun, 05 Dec 2021 20:27:38 +0100 From: Florian Westphal To: Cc: syzkaller-bugs@googlegroups.com, , linux-kernel@vger.kernel.org, Florian Westphal , syzbot+1fd9b69cde42967d1add@syzkaller.appspotmail.com Subject: [PATCH mptcp] mptcp: remove tcp ulp setsockopt support Date: Sun, 5 Dec 2021 20:27:00 +0100 Message-Id: <20211205192700.25396-1-fw@strlen.de> X-Mailer: git-send-email 2.32.0 In-Reply-To: <00000000000040972505d24e88e3@google.com> References: <00000000000040972505d24e88e3@google.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that are in fallback mode: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 1 PID: 1083 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0 RIP: 0010:tls_build_proto net/tls/tls_main.c:776 [inline] [..] __tcp_set_ulp net/ipv4/tcp_ulp.c:139 [inline] tcp_set_ulp+0x428/0x4c0 net/ipv4/tcp_ulp.c:160 do_tcp_setsockopt+0x455/0x37c0 net/ipv4/tcp.c:3391 mptcp_setsockopt+0x1b47/0x2400 net/mptcp/sockopt.c:638 Remove support for TCP_ULP setsockopt. Reported-by: syzbot+1fd9b69cde42967d1add@syzkaller.appspotmail.com Signed-off-by: Florian Westphal Reviewed-by: Mat Martineau --- diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 3c3db22fd36a..aa3fcd86dbe2 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -543,7 +543,6 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_NODELAY: case TCP_THIN_LINEAR_TIMEOUTS: case TCP_CONGESTION: - case TCP_ULP: case TCP_CORK: case TCP_KEEPIDLE: case TCP_KEEPINTVL: --=20 2.32.0