From nobody Thu Apr 25 05:50:32 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp7776744jap; Tue, 14 Dec 2021 15:16:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJy8Q2R9KYanlD6gD/4aJiOdjYRt7R5P9SKDWcHDoKmeXEYPWOUoPt7qyngg93EARzlJPZE3 X-Received: by 2002:a05:6e02:15c4:: with SMTP id q4mr5383592ilu.133.1639523775591; Tue, 14 Dec 2021 15:16:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1639523775; cv=none; d=google.com; s=arc-20160816; b=rD4UIuvQj1VgK5u4Pbe1n5SjILc59D+kdjySL+fe8Ym1Ie0gRAyAlhXXD90vSxokmk 1xWgYNBRp9FUhcDtD49l5WneK7WdcOlNWypuMNQ1ura7b8aus7x2oRm62C5Px7O9laQ3 H4ZwWqYSFe+lZv5BELa03jXAUtBwANjwEtQvnmTHOhF9eGF/3T5p4L/HoaHJ5UbTMvNY PX4kvuG+cimIMMQRTsjD7g0Lknj1peajL1Nzc0Vzli5Pe15fSq1KoJ4fsWUcrKGHmE7D 9tp3UJLOZDW+YQDPIJvfTyL7aaPVftecChvGCjp4FhrxUd2KOBlzUMhDwvsGU4XYwJOq 0NdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=YADHPM2bxX3USVwniWVVzjbLY/0jZLCQ83AMP//M2FU=; b=bk8fAEdv9Mncfy+FAv5Ap4oqP2uEyIYeJ2dxVyKXl5wEdGriqutt+bqOTuMvpLbTWu SbG7X184LrAx6a5XTkgHXvF1P1XEk9uuFV4YAyRYbxPmy4EYkA1/AO2nIf3SkkEFj8oL 63i3W3R/8rOiBHs6Cw5Oi28nyU2HCK13Dw81sKHUlo5Tl5zkktMoaY29xugZHLWJShIz nOzADyh6iRcOcUWJ5dyu0+9YiOlfQuAOMyWDbm1kxDsVJWgOZH3iEXU61xM4JAicWMlY uTMcE2w6oV/eWrdOFaZedlSXGA7Hs35sjhTm17YpHbaccnzoiawREzZBRk7Nxrvyd5zw 1caw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2755-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2755-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [2604:1380:1000:8100::1]) by mx.google.com with ESMTPS id c14si64730jap.390.2021.12.14.15.16.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Dec 2021 15:16:15 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2755-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) client-ip=2604:1380:1000:8100::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2755-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2755-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id CF79F3E09E8 for ; Tue, 14 Dec 2021 23:16:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4521E2CBC; Tue, 14 Dec 2021 23:16:14 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E8EA2CA4 for ; Tue, 14 Dec 2021 23:16:12 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6200,9189,10197"; a="219119105" X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="219119105" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:10 -0800 X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="518491435" Received: from mjmartin-desk2.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.180.223]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:09 -0800 From: Mat Martineau To: netdev@vger.kernel.org Cc: Florian Westphal , davem@davemloft.net, kuba@kernel.org, matthieu.baerts@tessares.net, mptcp@lists.linux.dev, pabeni@redhat.com, syzbot+1fd9b69cde42967d1add@syzkaller.appspotmail.com, Mat Martineau Subject: [PATCH net 1/4] mptcp: remove tcp ulp setsockopt support Date: Tue, 14 Dec 2021 15:16:01 -0800 Message-Id: <20211214231604.211016-2-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> References: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Florian Westphal TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that are in fallback mode: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 1 PID: 1083 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0 RIP: 0010:tls_build_proto net/tls/tls_main.c:776 [inline] [..] __tcp_set_ulp net/ipv4/tcp_ulp.c:139 [inline] tcp_set_ulp+0x428/0x4c0 net/ipv4/tcp_ulp.c:160 do_tcp_setsockopt+0x455/0x37c0 net/ipv4/tcp.c:3391 mptcp_setsockopt+0x1b47/0x2400 net/mptcp/sockopt.c:638 Remove support for TCP_ULP setsockopt. Fixes: d9e4c1291810 ("mptcp: only admit explicitly supported sockopt") Reported-by: syzbot+1fd9b69cde42967d1add@syzkaller.appspotmail.com Signed-off-by: Florian Westphal Signed-off-by: Mat Martineau --- net/mptcp/sockopt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 0f1e661c2032..f8efd478ac97 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -525,7 +525,6 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_NODELAY: case TCP_THIN_LINEAR_TIMEOUTS: case TCP_CONGESTION: - case TCP_ULP: case TCP_CORK: case TCP_KEEPIDLE: case TCP_KEEPINTVL: --=20 2.34.1 From nobody Thu Apr 25 05:50:32 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp7776758jap; Tue, 14 Dec 2021 15:16:16 -0800 (PST) X-Google-Smtp-Source: ABdhPJzDfmR4yFOxfwJO8biG/TycDliP2LCvm8rtx5T9VNOntbPLd9SAadPHXfH/9Y4kCX4enIx6 X-Received: by 2002:ac8:5c07:: with SMTP id i7mr9203206qti.589.1639523776804; Tue, 14 Dec 2021 15:16:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1639523776; cv=none; d=google.com; s=arc-20160816; b=F+4/LgGbV2Mfo5QoizURrduvZe58GHlwhPnJjvRrBmTx+xrr5Kv4BP0ZnyXIp/iqOt f2uNXCPjc7jj2z2syQmDec7B65XfRm09+P4o+z7sqwGccs8E8I0vgr1Iubn/sg65VlK1 fe1zUKqtIjR3dExdfwtR8Od/qAOHajzw7BYaUgwMO684E7JCtlwnYRRtWvuueSc4we3j /RctJgpbJReOVfjhtqMNzWf+dx9XemMZ0BxsQaGZd4dByNlLte/6de+xXxzyDVOUVZiQ Pq3XnX4YW5347nOQGWW3G+oV3rHFBDP4BTxhyQWvDTt7g1rEJybYTerNa056X0dzKazR h2lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=Y6hF3SyVL1ZfBJeo+lttZh7/Qv1nm3N/l1a/Bqj0ZPY=; b=AyC6PPbAbn+OqA/N3RYclv8GKIfjdSylXKlgIgDWIA+1ppzWF+HJEk1GBXkuMZIZuh otGxW7RqU4/Y0Ti5NunfEJns9Lb2y54gVcBEg6Hn15Uy6aHzc9vBaqaPBy8uK3Qf1h8K A86UORJ0XuHXotB3LaN/n4U2pBWb2x4owXYrxHndHqRP6S+HZ4Up90s0Yiy00GVAm7dp RDAHX04drdPYQWfMay7dzM4bYkY4QkThdmQxNMOkqZryOqCPzSLbze3AKQKyQ6Wcql9x l3gIfAgm1j9fY4ULrJIagoJcTu5IscD45lQ+9FPKi3lq8JB5CG76PKtWmnJA/cCvWrhp v/iA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2756-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2756-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195]) by mx.google.com with ESMTPS id g16si142405qtb.736.2021.12.14.15.16.16 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Dec 2021 15:16:16 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2756-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) client-ip=147.75.197.195; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2756-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2756-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id 669701C0BB1 for ; Tue, 14 Dec 2021 23:16:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4CAC82CBE; Tue, 14 Dec 2021 23:16:14 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C33832CB2 for ; Tue, 14 Dec 2021 23:16:12 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6200,9189,10197"; a="219119106" X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="219119106" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:10 -0800 X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="518491437" Received: from mjmartin-desk2.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.180.223]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:09 -0800 From: Mat Martineau To: netdev@vger.kernel.org Cc: Florian Westphal , davem@davemloft.net, kuba@kernel.org, matthieu.baerts@tessares.net, mptcp@lists.linux.dev, Mat Martineau Subject: [PATCH net 2/4] mptcp: clear 'kern' flag from fallback sockets Date: Tue, 14 Dec 2021 15:16:02 -0800 Message-Id: <20211214231604.211016-3-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> References: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Florian Westphal The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp sockets (any userspace-exposed socket). But in case of fallback, accept() can return a plain tcp sk. In such case, sk is still tagged as 'kernel' and setsockopt will work. This will crash the kernel, The subflow extension has a NULL ctx->conn mptcp socket: BUG: KASAN: null-ptr-deref in subflow_data_ready+0x181/0x2b0 Call Trace: tcp_data_ready+0xf8/0x370 [..] Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections= ") Signed-off-by: Florian Westphal Signed-off-by: Mat Martineau --- Note: The original author of cf7da0d66cc1 is not cc'd because the email address is no longer valid. --- net/mptcp/protocol.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index c82a76d2d0bf..6dc1ff07994c 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2879,7 +2879,7 @@ static struct sock *mptcp_accept(struct sock *sk, int= flags, int *err, */ if (WARN_ON_ONCE(!new_mptcp_sock)) { tcp_sk(newsk)->is_mptcp =3D 0; - return newsk; + goto out; } =20 /* acquire the 2nd reference for the owning socket */ @@ -2891,6 +2891,8 @@ static struct sock *mptcp_accept(struct sock *sk, int= flags, int *err, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); } =20 +out: + newsk->sk_kern_sock =3D kern; return newsk; } =20 --=20 2.34.1 From nobody Thu Apr 25 05:50:32 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp7776799jap; Tue, 14 Dec 2021 15:16:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJy93n+0zg4Mu2HqpPZ6bvtfKxrXCq29TeGBgxtQF6ib2w9tFhWkA+LQWW23KvqXtNUPW+uR X-Received: by 2002:ac8:58d0:: with SMTP id u16mr9436051qta.150.1639523779164; Tue, 14 Dec 2021 15:16:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1639523779; cv=none; d=google.com; s=arc-20160816; b=YTtFzNStpqVKzzojT/T+nBTJmRzBOD2/SQtBJU+xRFlAdENFxLuTKkWXFv2122YlB5 r2ua/7Y/rqpCLABnFS/savVgKqdeqYKUK8XKppKSGhHiRqbJmqqrIHDNZC2vZWHhnqPC MCXLj+72HDLahIpwNfQCp6DZEcuzZ2g4yN2Wq76I27K1MAUVhkcQYozvbw8iXePzbdOb 5K4Dz2cOVIuI+Clt6Zm5Cg901DobnUywpto4GELIxEz211/T0DAo9amfRhArOsSoUHJk eyvzm6iSFi1aQTSZ3CCiGFEiaQdQLq/ez6WboWO1bOda13JXa+jKCZlEGakc6JlL7IYl c/8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=qve7J6E4xJyaIAqC5mfLblCFU1nXsNS2ShksRyv6WSo=; b=BYIcCXvQkLAJX9Xio9L6/WGwHsZm4hpF5r2H0yn5vVRSoG3yXDaahRw+2KcC1N6dla dwzBPDq3TtrIQT/dRs1gGhqQo4jaeluEVtZvXJ+0nsABdomZ5qsFXE2+G4Xy6/06Gt7P IROFh3AWSV3ELDzEJnYDht28Hr5ldAqzaeSZgN19bkZmVmI8yqbxlLbWz/H8XVJV9tn4 EC3wdlOpafWRbuKkrI/AU4cMo8mqipBmqm++e4EmeCP/kQd6gXfiL+Yma5CONbrJ5By5 S29XsLOTFDS/HVgGvB/wBIAxnotlG0kf2LRkfAO3OvxmGY/MOIOnAtOPSyPmk9uhKB60 LKMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2758-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2758-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195]) by mx.google.com with ESMTPS id z3si149875qtj.557.2021.12.14.15.16.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Dec 2021 15:16:19 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2758-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) client-ip=147.75.197.195; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2758-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2758-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id CA64B1C0C62 for ; Tue, 14 Dec 2021 23:16:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4D6EA2CA4; Tue, 14 Dec 2021 23:16:16 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 827822CB2 for ; Tue, 14 Dec 2021 23:16:14 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6200,9189,10197"; a="219119108" X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="219119108" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:10 -0800 X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="518491439" Received: from mjmartin-desk2.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.180.223]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:09 -0800 From: Mat Martineau To: netdev@vger.kernel.org Cc: Maxim Galaganov , davem@davemloft.net, kuba@kernel.org, matthieu.baerts@tessares.net, mptcp@lists.linux.dev, fw@strlen.de, Mat Martineau Subject: [PATCH net 3/4] mptcp: fix deadlock in __mptcp_push_pending() Date: Tue, 14 Dec 2021 15:16:03 -0800 Message-Id: <20211214231604.211016-4-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> References: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Maxim Galaganov __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_sync() could try to lock the subflow socket for itself, causing a deadlock. sysrq: Show Blocked State task:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x0000= 0000 Call Trace: __schedule+0x2d6/0x10c0 ? __mod_memcg_state+0x4d/0x70 ? csum_partial+0xd/0x20 ? _raw_spin_lock_irqsave+0x26/0x50 schedule+0x4e/0xc0 __lock_sock+0x69/0x90 ? do_wait_intr_irq+0xa0/0xa0 __lock_sock_fast+0x35/0x50 mptcp_sockopt_sync_all+0x38/0xc0 __mptcp_push_pending+0x105/0x200 mptcp_sendmsg+0x466/0x490 sock_sendmsg+0x57/0x60 __sys_sendto+0xf0/0x160 ? do_wait_intr_irq+0xa0/0xa0 ? fpregs_restore_userregs+0x12/0xd0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9ba546c2d0 RSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0 RDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234 RBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060 R13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8 Fix the issue by using __mptcp_flush_join_list() instead of plain mptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by Florian. The sockopt sync will be deferred to the workqueue. Fixes: 1b3e7ede1365 ("mptcp: setsockopt: handle SO_KEEPALIVE and SO_PRIORIT= Y") Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/244 Suggested-by: Florian Westphal Reviewed-by: Florian Westphal Signed-off-by: Maxim Galaganov Signed-off-by: Mat Martineau --- net/mptcp/protocol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 6dc1ff07994c..54613f5b7521 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1524,7 +1524,7 @@ void __mptcp_push_pending(struct sock *sk, unsigned i= nt flags) int ret =3D 0; =20 prev_ssk =3D ssk; - mptcp_flush_join_list(msk); + __mptcp_flush_join_list(msk); ssk =3D mptcp_subflow_get_send(msk); =20 /* First check. If the ssk has changed since --=20 2.34.1 From nobody Thu Apr 25 05:50:32 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp7776772jap; Tue, 14 Dec 2021 15:16:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJyhRWmaHr/kc2Dl22VBqol6B3+v272SQco/6B/worJf4o6KFRcXPIZwniHOHk7DRpD1RzQu X-Received: by 2002:a05:6e02:c2c:: with SMTP id q12mr3057680ilg.28.1639523777789; Tue, 14 Dec 2021 15:16:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1639523777; cv=none; d=google.com; s=arc-20160816; b=gm7OuksTunwD/ruNhp3t7E6oMqNpcHHkXLbRhnFXzFchoEKTG24qCmgSnwYoouy7Y0 HAK4hm7GnpSIoQwGUJSsyFXIJJ8t5Tdr55vMgr7DRzdPL28ihqaia0Ve/v8i9jIDqf27 p4p0DDyA3kGpMZPU6S6frTbyxkYaOWWx9nTH2SWXIRD1TDpOYK9YUbETja3DzmECnUY8 IwJ+nnvRoldgQb8sOlQDTW4708b3G0I5ZKqktCPhlJdDL6htBkJ8+6coINTz8gjgnXz+ 6E8uB6lafeYrqx+l/HvLemeScjn6wuNp/HlbH26dU0gBhgqtytcjIb2rNc6Ice3vJQhd Bmug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=YwnWNEQfEX4MXusmLG36tIANQdXKZyiLYMlaPEXeBsU=; b=i2ew+bSurHH7TuUcaihpdirFXufL2eUFXe3jY8DC4SIL8IhTrh6j3hm4jRd4QMzSR5 mD6rct65534DRPBxvY4ueujErU+d5SPGqfFzNW/HDFD+xdhWYF4EKC4oM4yNcS//rA4Z htBCeh7TZsOi3FSnlfhaK03H6/lG91+3P4ap+gU4ODXLZl5jQh4X9f0E/ENUQxZ0W+th PqVNCLqM/qNUC0m2WaB2viW4TGqN57MjQptOUF2nHKlW35wh8yqPjV1XbkSzk1FRtQNP O+xXgfUcpoog4uezQ9hdefdxjUGMZwAOlu4C3cexU/vr399nN3uNxu9AqJx2IlBPGlfB ov0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2757-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2757-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [2604:1380:1000:8100::1]) by mx.google.com with ESMTPS id k41si104034jav.139.2021.12.14.15.16.17 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Dec 2021 15:16:17 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2757-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) client-ip=2604:1380:1000:8100::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2757-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1000:8100::1 as permitted sender) smtp.mailfrom="mptcp+bounces-2757-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id 58A113E0E9F for ; Tue, 14 Dec 2021 23:16:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BEFBE2CA5; Tue, 14 Dec 2021 23:16:15 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 825D42CA4 for ; Tue, 14 Dec 2021 23:16:14 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6200,9189,10197"; a="219119109" X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="219119109" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:10 -0800 X-IronPort-AV: E=Sophos;i="5.88,206,1635231600"; d="scan'208";a="518491441" Received: from mjmartin-desk2.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.180.223]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2021 15:16:10 -0800 From: Mat Martineau To: netdev@vger.kernel.org Cc: Matthieu Baerts , davem@davemloft.net, kuba@kernel.org, mptcp@lists.linux.dev, fw@strlen.de, Mat Martineau Subject: [PATCH net 4/4] mptcp: add missing documented NL params Date: Tue, 14 Dec 2021 15:16:04 -0800 Message-Id: <20211214231604.211016-5-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> References: <20211214231604.211016-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Matthieu Baerts 'loc_id' and 'rem_id' are set in all events linked to subflows but those were missing in the events description in the comments. Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Signed-off-by: Matthieu Baerts Signed-off-by: Mat Martineau --- include/uapi/linux/mptcp.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/include/uapi/linux/mptcp.h b/include/uapi/linux/mptcp.h index c8cc46f80a16..f106a3941cdf 100644 --- a/include/uapi/linux/mptcp.h +++ b/include/uapi/linux/mptcp.h @@ -136,19 +136,21 @@ struct mptcp_info { * MPTCP_EVENT_REMOVED: token, rem_id * An address has been lost by the peer. * - * MPTCP_EVENT_SUB_ESTABLISHED: token, family, saddr4 | saddr6, - * daddr4 | daddr6, sport, dport, backup, - * if_idx [, error] + * MPTCP_EVENT_SUB_ESTABLISHED: token, family, loc_id, rem_id, + * saddr4 | saddr6, daddr4 | daddr6, sport, + * dport, backup, if_idx [, error] * A new subflow has been established. 'error' should not be set. * - * MPTCP_EVENT_SUB_CLOSED: token, family, saddr4 | saddr6, daddr4 | daddr6, - * sport, dport, backup, if_idx [, error] + * MPTCP_EVENT_SUB_CLOSED: token, family, loc_id, rem_id, saddr4 | saddr6, + * daddr4 | daddr6, sport, dport, backup, if_idx + * [, error] * A subflow has been closed. An error (copy of sk_err) could be set if an * error has been detected for this subflow. * - * MPTCP_EVENT_SUB_PRIORITY: token, family, saddr4 | saddr6, daddr4 | dadd= r6, - * sport, dport, backup, if_idx [, error] - * The priority of a subflow has changed. 'error' should not be set. + * MPTCP_EVENT_SUB_PRIORITY: token, family, loc_id, rem_id, saddr4 | saddr= 6, + * daddr4 | daddr6, sport, dport, backup, if_idx + * [, error] + * The priority of a subflow has changed. 'error' should not be set. */ enum mptcp_event_type { MPTCP_EVENT_UNSPEC =3D 0, --=20 2.34.1