From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2B68EB64D7 for ; Tue, 20 Jun 2023 16:25:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229975AbjFTQZK (ORCPT ); Tue, 20 Jun 2023 12:25:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231386AbjFTQY5 (ORCPT ); Tue, 20 Jun 2023 12:24:57 -0400 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9B36109 for ; Tue, 20 Jun 2023 09:24:55 -0700 (PDT) Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-3f8fcaa31c7so52765375e9.3 for ; Tue, 20 Jun 2023 09:24:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278294; x=1689870294; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ZvRhWfjGWijJY7sMUNegX5KJAcsspmzp2LrXYV55wcM=; b=MqfBxYwoNRo9z3rwWOhLJzKGA/MTPdB9WcqMI/eXo3AJ0N3zssdzha33djxkMdiH81 mzDozRI0sYIV+n4sJvP4R4PxOR2sjdrpoE0hzn1URYrZnCufh4vZ+jTgKt8qne4XJlCN Y31NEGK644D6o7trb2QSjyK5wpNaoIBwET1IBnW3bAPkfx/FN0yahmYx73HXgxBznbob 9GCG+9WFq/W4pEGAs+UyNPlOUkWCiXrpXaQAJwUCYArX2lEpnf8PLZ4GA6GVVAxTDzM1 P7YJYB69vcjTZ4sPnSWixsZxheRmGi1kACgiKQ/UtQ19+uwZRamILsZ5g4S4ZVCn8q0x jWpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278294; x=1689870294; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZvRhWfjGWijJY7sMUNegX5KJAcsspmzp2LrXYV55wcM=; b=O/YujxI71lkAeqrS5ISX7KjR7KYyTcPCDFWUPy/D5o5UAWdi+DfqwT3KjBO85rEqZ2 AncZ/D7nm+HsEomzvHLq4gf2z0b/rjboXkUlGhSjMbBYhrDHXRUuB0RHLieMVUWtdHmx Kn+bucO0QljYAg+I0XM77k3VgXZSPPRjv8viHeFN3jfjo2K2dZJQhSiyBOz/WtSgLCXk ni647bJlyzG7QNarXX1p2sbrNng7GsGzInMNA+IFf/jJJUI8GdzFg6XY5ys6s6SMKkrb H+k7HKxNzplTtMLEWloixtorVXp0klY2VUL5k0KFZBgi6a08bO2Z6E15BjifFXfVnVKb 7vbw== X-Gm-Message-State: AC+VfDyLFaPi1Ja2qt0TU8TOol+9EYvXI0mLokSD29MpJRmhDeNfdMlx hoFxCAf7HTofDgzKofHYs717QQ== X-Google-Smtp-Source: ACHHUZ6JUhdxUZI+KfLnH6b3dYHiv9qi5f0P6CsV6QoRDSnZN0a8iowlc6lPvNU/ZfCRF3vh5QlNmg== X-Received: by 2002:a05:600c:2113:b0:3f9:b345:d4a3 with SMTP id u19-20020a05600c211300b003f9b345d4a3mr4373434wml.14.1687278294175; Tue, 20 Jun 2023 09:24:54 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:53 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:18 +0200 Subject: [PATCH net 1/6] mptcp: handle correctly disconnect() failures MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-1-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org, Christoph Paasch X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2867; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=Prhhf4fFguSy1+KxJcHFfLoLbT8zaG1uIQ7YWZ/gXmY=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLTBELYBTn8FzTSZGyQa0VRa6kUfsOLMAWbn xe7xQ+KQKGJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS0wAKCRD2t4JPQmmg c7U0D/4x7EfPKNtzI8F433H9Lr6FHrJ+T6wYMokxHsZcWQWGx3/pAJguLYDi0QDkwySr9eWWy4n TPEl3WNlGwBerB+Nn5EeYNM09pjKqQ1K5vt87O76T7l3TKIRgrBDi8wyHuTjECCi9FvJBaO0F5D TJLHqcNYs20dAzVlyp4dUVgcYEYSyU85xrVFmAUnvf6Y59OasKIuFR7qZzXrTT7Gp2ykH6Q24kQ 5+PHAO20NLCYU3bWIVckc+8Eb7eNfK4tOVxbV8DeAtSeKGlmcuGvyRGd9CARus/cIw01+DKa0Ed vcMc9sZaTzWaQT+dVGV651fsYaN6ed3Ff4iZ7dMTIZNJYAINY5298vk98HpjH2k5G0VwlJ10Gf4 ohfWCpmGRdm7HfG7b8jPPXrOUUifC0Ei9WYoi3zcz9hSBeHihx9k/s8G2FN7WQm/uZnmB51Q3Vd RtfFByVT/EUcdeCVpfTpWA7JtfzAc3o5uD+xTyBpySG0SV1HEIbuXKBrR6gmvUYplUiMdjTQ7lH K6XD0BgKNQ8d49tO7IZm0qvJz6lUcuvrbM2j7c+Et1uCADN1yjzm1ouMijODnnbmJRShhRFqA/m /gr+SBiW2NPBDd2rYm6IjmtITlqclttq+G4sj1r/XJHI/lCieHtDSsa0CqEg4odgPCLZub4ZnCe /LFNgRld0O0CbOQ== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni Currently the mptcp code has assumes that disconnect() can fail only at mptcp_sendmsg_fastopen() time - to avoid a deadlock scenario - and don't even bother returning an error code. Soon mptcp_disconnect() will handle more error conditions: let's track them explicitly. As a bonus, explicitly annotate TCP-level disconnect as not failing: the mptcp code never blocks for event on the subflows. Fixes: 7d803344fdc3 ("mptcp: fix deadlock in fastopen error path") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Tested-by: Christoph Paasch Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 67311e7d5b21..86f8a7621aff 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1727,7 +1727,13 @@ static int mptcp_sendmsg_fastopen(struct sock *sk, s= truct msghdr *msg, if (ret && ret !=3D -EINPROGRESS && ret !=3D -ERESTARTSYS && ret !=3D -E= INTR) *copied_syn =3D 0; } else if (ret && ret !=3D -EINPROGRESS) { - mptcp_disconnect(sk, 0); + /* The disconnect() op called by tcp_sendmsg_fastopen()/ + * __inet_stream_connect() can fail, due to looking check, + * see mptcp_disconnect(). + * Attempt it again outside the problematic scope. + */ + if (!mptcp_disconnect(sk, 0)) + sk->sk_socket->state =3D SS_UNCONNECTED; } inet_sk(sk)->defer_connect =3D 0; =20 @@ -2389,7 +2395,10 @@ static void __mptcp_close_ssk(struct sock *sk, struc= t sock *ssk, =20 need_push =3D (flags & MPTCP_CF_PUSH) && __mptcp_retransmit_pending_data(= sk); if (!dispose_it) { - tcp_disconnect(ssk, 0); + /* The MPTCP code never wait on the subflow sockets, TCP-level + * disconnect should never fail + */ + WARN_ON_ONCE(tcp_disconnect(ssk, 0)); msk->subflow->state =3D SS_UNCONNECTED; mptcp_subflow_ctx_reset(subflow); release_sock(ssk); @@ -2812,7 +2821,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct s= ock *ssk, int how) break; fallthrough; case TCP_SYN_SENT: - tcp_disconnect(ssk, O_NONBLOCK); + WARN_ON_ONCE(tcp_disconnect(ssk, O_NONBLOCK)); break; default: if (__mptcp_check_fallback(mptcp_sk(sk))) { @@ -3075,11 +3084,10 @@ static int mptcp_disconnect(struct sock *sk, int fl= ags) =20 /* We are on the fastopen error path. We can't call straight into the * subflows cleanup code due to lock nesting (we are already under - * msk->firstsocket lock). Do nothing and leave the cleanup to the - * caller. + * msk->firstsocket lock). */ if (msk->fastopening) - return 0; + return -EBUSY; =20 mptcp_listen_inuse_dec(sk); inet_sk_state_store(sk, TCP_CLOSE); --=20 2.40.1 From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1850C001B3 for ; Tue, 20 Jun 2023 16:25:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230494AbjFTQZE (ORCPT ); Tue, 20 Jun 2023 12:25:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231544AbjFTQY6 (ORCPT ); Tue, 20 Jun 2023 12:24:58 -0400 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95EBCE2 for ; Tue, 20 Jun 2023 09:24:56 -0700 (PDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-3f8ff5fe50aso30504765e9.0 for ; Tue, 20 Jun 2023 09:24:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278295; x=1689870295; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=hA3RnC1YrQnjyOpyQESOVWrplFY8MJ/sBMjrQnH7QIE=; b=WjSm3b/Az0wfDz0jrwLWFY5qRtSeJuViWVvV9AQbFz0JMMYuS5PXqYnoBAqCgZVk0p z+uAstrLNiWrTXLPDCwmiNZWftiqP2EhVSiYXs44Fd/rLUHeUXUTvthdyVSDPaaNrzp9 j38zN5XnguARCr4JyjYrLZDYI8KAtFo3MfBAX62EmIkoOtNBpWtcmQhMbcuSrBGmMofn Eyx3TGuO9Wp9LOLGWnUK1/5f1HSWUQ6sbGSin8MovuiTd93uKshiZzztPGatzoXSmy/L vvOrCIiGY3FVbncxaltI7m12zJn7UOhkezlphok8EG+asHjDs/bKz/mLh6gXs0bPaD+J f8eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278295; x=1689870295; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hA3RnC1YrQnjyOpyQESOVWrplFY8MJ/sBMjrQnH7QIE=; b=dh8PQFbpQWea0wChh2Rvpe0Cyl5rEKjrOzNspGOJydRrabVrjtayJi8Pv1rfn4etua tylPp4R9pu01o6MuBazPHOyyRsKCiP/aDRTHw+i19tXrNfjo/cSbv2/w3mwEfDYoYSTm fIBca8FTmoqv3V0q9IT4NoP3pTjX/0uiaJEaAmI8Ay+fEZosQUusun6frxqp5LWUuf2u 0Ul27IOx+5QHTaZZdglOCGr5YEEM3m+xsAuN7Wy9jMjyF3VEhQ+Munm6PORQ6c2LZwg9 8d19w5io13VvJcxXfF03vwFMZxyHF7yTtT8BdCh0K+/mZiMwxIr7CaQMfj9ND7huQKo2 oCyw== X-Gm-Message-State: AC+VfDyVQS9GS9bLcWMHOBPUDJ807X0elfP9Aclk0uUJNoc+n4eAWh+f S+tTj+yBtHy8fbrFcYgZWc4eFQ== X-Google-Smtp-Source: ACHHUZ6ZOY4949XEePqmejwhQuU/+GkM9lf9Kw9b1kwgpzzTRLArB4c3EDmY+99EAttggfiYN39mGA== X-Received: by 2002:a05:600c:10d1:b0:3f7:a20a:561d with SMTP id l17-20020a05600c10d100b003f7a20a561dmr11868460wmd.8.1687278295177; Tue, 20 Jun 2023 09:24:55 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:54 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:19 +0200 Subject: [PATCH net 2/6] mptcp: fix possible divide by zero in recvmsg() MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-2-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org, Christoph Paasch X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4187; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=gwVsKOeSZ1Q+DNvnQCcm5V3d+d0+4Ts5y6w6X+1gntE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLTLFp+cfdlLpcmh0BNgwoPXpEKhr2Gxlwzb qh7VwYaeBuJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS0wAKCRD2t4JPQmmg c9Y/EADqzILQvimS78/K+siLruTeM2fmt1t16tCRlEuNtGvfRb+ZERBnYKRVm46K8Uk92XTzbGZ V3FUtCpbNrZH3lOLvCyz3sI52Y6WHpKBTTDV7dvanNgx7Illq31BPeeKg2PKQtN4mHUg4wst8gh 3dxHdTaQ/q60K4XsK1huacMnizrIJjHJ5K5gFWTcOdYndCOwLkh68EK9Bf2dC7L998rqqHnl2yP qwqHkRhcmfjHf5MpD5wRaOk+oWS9bOCY+g2C0ApynfSihI/ckE7+pdMfy8P9dT5m/NgdVr/UIfS 9499MsI36fPRw3G7B9330xo+1QE0/y7yUB9FTi0s+1lGJQ7OxslHgEUaREA07kHFwWARTfOI808 oZTTCTLyVF6ITUK+eAPv7tuja8FADHI59ncdMHUTUk2tpPGqxsSg0b3WcXML4c5WTIhOHBVqa+I c1ymhyNdvrdZJfnccGeAZPqpPBzum67i71LrW000toLGu7ZRDpixcC2UZXbHllJXtVFkpDiQg+M ukJiQc+I4aqDs2ClmqQYE3cnPIpLzEhxFXzo8bMuepxnHbhfYlVq1iqvbPiJ/kFtbtcUJcNDyyC K/TXJI5c4DNC4lsDkPhjeynPzPOls20yuTI+fnoPpLt76syz6lWkhVrl/wMW640xLZdus/0I+CX 4aPcklDYq7C3poA== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni Christoph reported a divide by zero bug in mptcp_recvmsg(): divide error: 0000 [#1] PREEMPT SMP CPU: 1 PID: 19978 Comm: syz-executor.6 Not tainted 6.4.0-rc2-gffcc7899081b = #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04= /01/2014 RIP: 0010:__tcp_select_window+0x30e/0x420 net/ipv4/tcp_output.c:3018 Code: 11 ff 0f b7 cd c1 e9 0c b8 ff ff ff ff d3 e0 89 c1 f7 d1 01 cb 21 c3 = eb 17 e8 2e 83 11 ff 31 db eb 0e e8 25 83 11 ff 89 d8 99 7c 24 04 29 d= 3 65 48 8b 04 25 28 00 00 00 48 3b 44 24 10 75 60 RSP: 0018:ffffc90000a07a18 EFLAGS: 00010246 RAX: 000000000000ffd7 RBX: 000000000000ffd7 RCX: 0000000000040000 RDX: 0000000000000000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: 000000000000ffd7 R08: ffffffff820cf297 R09: 0000000000000001 R10: 0000000000000000 R11: ffffffff8103d1a0 R12: 0000000000003f00 R13: 0000000000300000 R14: ffff888101cf3540 R15: 0000000000180000 FS: 00007f9af4c09640(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33824000 CR3: 000000012f241001 CR4: 0000000000170ee0 Call Trace: __tcp_cleanup_rbuf+0x138/0x1d0 net/ipv4/tcp.c:1611 mptcp_recvmsg+0xcb8/0xdd0 net/mptcp/protocol.c:2034 inet_recvmsg+0x127/0x1f0 net/ipv4/af_inet.c:861 ____sys_recvmsg+0x269/0x2b0 net/socket.c:1019 ___sys_recvmsg+0xe6/0x260 net/socket.c:2764 do_recvmmsg+0x1a5/0x470 net/socket.c:2858 __do_sys_recvmmsg net/socket.c:2937 [inline] __se_sys_recvmmsg net/socket.c:2953 [inline] __x64_sys_recvmmsg+0xa6/0x130 net/socket.c:2953 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x47/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f9af58fc6a9 Code: 5c c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 = 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff f= f 73 01 c3 48 8b 0d 4f 37 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007f9af4c08cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00000000006bc050 RCX: 00007f9af58fc6a9 RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000f00 R11: 0000000000000246 R12: 00000000006bc05c R13: fffffffffffffea8 R14: 00000000006bc050 R15: 000000000001fe40 mptcp_recvmsg is allowed to release the msk socket lock when blocking, and before re-acquiring it another thread could have switched the sock to TCP_LISTEN status - with a prior connect(AF_UNSPEC) - also clearing icsk_ack.rcv_mss. Address the issue preventing the disconnect if some other process is concurrently performing a blocking syscall on the same socket, alike commit 4faeee0cf8a5 ("tcp: deny tcp_disconnect() when threads are waiting"). Fixes: a6b118febbab ("mptcp: add receive buffer auto-tuning") Cc: stable@vger.kernel.org Reported-by: Christoph Paasch Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/404 Signed-off-by: Paolo Abeni Tested-by: Christoph Paasch Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 86f8a7621aff..ee357700b27b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3082,6 +3082,12 @@ static int mptcp_disconnect(struct sock *sk, int fla= gs) { struct mptcp_sock *msk =3D mptcp_sk(sk); =20 + /* Deny disconnect if other threads are blocked in sk_wait_event() + * or inet_wait_for_connect(). + */ + if (sk->sk_wait_pending) + return -EBUSY; + /* We are on the fastopen error path. We can't call straight into the * subflows cleanup code due to lock nesting (we are already under * msk->firstsocket lock). @@ -3148,6 +3154,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *s= k, inet_sk(nsk)->pinet6 =3D mptcp_inet6_sk(nsk); #endif =20 + nsk->sk_wait_pending =3D 0; __mptcp_init_sock(nsk); =20 msk =3D mptcp_sk(nsk); --=20 2.40.1 From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 048FAEB64D7 for ; Tue, 20 Jun 2023 16:25:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230191AbjFTQZN (ORCPT ); Tue, 20 Jun 2023 12:25:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229694AbjFTQY7 (ORCPT ); Tue, 20 Jun 2023 12:24:59 -0400 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA420109 for ; Tue, 20 Jun 2023 09:24:57 -0700 (PDT) Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-4f871c93a5fso3302697e87.2 for ; Tue, 20 Jun 2023 09:24:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278296; x=1689870296; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Z3a0+HPdXBokM88wtbe02geibk8kOEolLxUIWRz8mL0=; b=Sy4vUS7Z/Aqo2IuZdtlW7MxkfOU7ZkGZYKKfkrwXjRFz3ZY4nXHLxaYsTVju6b2NRf uSDcqKf3zvlW34g21b1Gnfxwnf+K+PO15NEGT3gSRhO9NV5BqbhwsCVelaXpFu1HlQCN n4lUwT6mOZ70Qlp7MtLsVEQhHqzXvZd6htEaHHS0xFWo86UHuzklTr7Fm3GbHZjgExS7 YLQPGZ73cPTQ8SveKiDcAZ7ae0/r5EE3Q41guJjJgE1BFGsEQoZmt/qjI44XqJzgH5tS +kTzqzY7oOjTD0Y+xoL33yU2mgZdZYtshd9N0UYguC+7N60jckmZr+n9W5RaK2wiSGPs kItA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278296; x=1689870296; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Z3a0+HPdXBokM88wtbe02geibk8kOEolLxUIWRz8mL0=; b=DMreyuqYy/KG81JrX1Mnsn7QrpYR+fnmIBAFaN6wgVMV3r8xO0BL8P/YGUY/1lYfZh GsdsvyxKIXMtoENavX7yBjnive1m9/bFh6MOAk740p0cPGuvUtBvM1+eXvMPkFqxWF/Y zq8nWoNZfnoKR+83eFaKjw8VZLdUqX24OpSZR2SatOQ01pdBIgeg8AEFRFUoacxjEzxB nCYxLCkjhVhEwry5VTaNLJl8OJdhLTK9e/8Y9FgGFYMAYz4sdgJQkJcGrnYJ8Pa89XlA aRHpZ70PpLw5MflxlmkfPQiCkavZFtdvqtOCLCCN4mu+nB6jQa3iHMe1b7wgVtBItfAj MlCA== X-Gm-Message-State: AC+VfDy3KdpXEpoP6AqfPn+q1rGssTV/2g8zbFq0flqXG/L4YTQsYRZV pD8dWVl9ykbdynYOdCLi2MD4ihHz9hfdf3kWDJt0hA== X-Google-Smtp-Source: ACHHUZ4dlmoO/fvoHNyPLLlgLGv/fyp1+OB9CAxaUNenQ+qZOPbh7Gc8XZsn2k7KeuatyWL0ABCCUg== X-Received: by 2002:ac2:5041:0:b0:4f8:45aa:f848 with SMTP id a1-20020ac25041000000b004f845aaf848mr7921486lfm.25.1687278296047; Tue, 20 Jun 2023 09:24:56 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:55 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:20 +0200 Subject: [PATCH net 3/6] mptcp: fix possible list corruption on passive MPJ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-3-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2537; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=F1v/IAl8pf9wJXckMVZE8kEUbcCuPEXAOGNwGHK55p0=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLUMiBdtNeCwtyqqS1KCTT1CYhzIQcRKEaNR i8iolq5kK6JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS1AAKCRD2t4JPQmmg c31gD/4yKyrmDx/4ZXjeFIDFZpVBLmZ/yrKZRGGII9nc1aaA2m8eXbMEuhEKwwEKCFTT2/3wwMw T9AlXiQ7EcRrxAo7+qlfmH8Bj209+H8ga1WZ69akqveR/qW6A3XRJPgTNXCu/1a8eiy+otmHwlx NvKttCmv0SGhD5hyoVigTXpfNzSlT2SyoIemcnK/oz05j5/dQZHUegYbbH7UTDIvevTXdRcjOMt tEkIPb7WLeve/PwRrehJlysklcHfR1v9RXXiGbZa8070cH4K2PingDnLyEad4x4xHNQEvefK8th xtZ+hfLWJHf4cZtW59OqmapxQo7yHD6lno/t0wWxIOaoVzR36BuSSnUSKupj+e9nYUBStWWy8g8 e18zqfKKbErCugDPA2A1Bt07qLfUXWGIy7+fWNdrZ/IJEOfckJoDcfpp8luuwCq9h3eMyhnlYR1 7CSG2a5y3P3N4w3qN04WQR+Ki2otZaSVxofTP6KuRJaYPqXKwkmI26GipznMQyUDjwFFtFWSaAs LrTUx+ge6KEprAWNkxx0zrZhPLg192g7jsjz5ko/c37r34Y/bJiZVqp4bAmuAFb7wVehb12JEJc BzEfdvEmQuzeMKSG+KI2nrhfKy8Hj5ztPggkhVI87ENmY+iYUoK9HAKK8hoQ5OjL/1/kpy+9R7F WwqHaVm44Geo3Qg== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni At passive MPJ time, if the msk socket lock is held by the user, the new subflow is appended to the msk->join_list under the msk data lock. In mptcp_release_cb()/__mptcp_flush_join_list(), the subflows in that list are moved from the join_list into the conn_list under the msk socket lock. Append and removal could race, possibly corrupting such list. Address the issue splicing the join list into a temporary one while still under the msk data lock. Found by code inspection, the race itself should be almost impossible to trigger in practice. Fixes: 3e5014909b56 ("mptcp: cleanup MPJ subflow list handling") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index ee357700b27b..9a40dae31cec 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -850,12 +850,12 @@ static bool __mptcp_finish_join(struct mptcp_sock *ms= k, struct sock *ssk) return true; } =20 -static void __mptcp_flush_join_list(struct sock *sk) +static void __mptcp_flush_join_list(struct sock *sk, struct list_head *joi= n_list) { struct mptcp_subflow_context *tmp, *subflow; struct mptcp_sock *msk =3D mptcp_sk(sk); =20 - list_for_each_entry_safe(subflow, tmp, &msk->join_list, node) { + list_for_each_entry_safe(subflow, tmp, join_list, node) { struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); bool slow =3D lock_sock_fast(ssk); =20 @@ -3342,9 +3342,14 @@ static void mptcp_release_cb(struct sock *sk) for (;;) { unsigned long flags =3D (msk->cb_flags & MPTCP_FLAGS_PROCESS_CTX_NEED) | msk->push_pending; + struct list_head join_list; + if (!flags) break; =20 + INIT_LIST_HEAD(&join_list); + list_splice_init(&msk->join_list, &join_list); + /* the following actions acquire the subflow socket lock * * 1) can't be invoked in atomic scope @@ -3355,8 +3360,9 @@ static void mptcp_release_cb(struct sock *sk) msk->push_pending =3D 0; msk->cb_flags &=3D ~flags; spin_unlock_bh(&sk->sk_lock.slock); + if (flags & BIT(MPTCP_FLUSH_JOIN_LIST)) - __mptcp_flush_join_list(sk); + __mptcp_flush_join_list(sk, &join_list); if (flags & BIT(MPTCP_PUSH_PENDING)) __mptcp_push_pending(sk, 0); if (flags & BIT(MPTCP_RETRANSMIT)) --=20 2.40.1 From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9861FEB64D8 for ; Tue, 20 Jun 2023 16:25:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231418AbjFTQZU (ORCPT ); Tue, 20 Jun 2023 12:25:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229637AbjFTQZA (ORCPT ); Tue, 20 Jun 2023 12:25:00 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D3D5100 for ; Tue, 20 Jun 2023 09:24:58 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-3f97e08b012so29870535e9.3 for ; Tue, 20 Jun 2023 09:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278297; x=1689870297; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=hkKFIXP3nMZMGbz/H4LzCpiIvuj0i5ReDDgyO4dldUo=; b=18coibiYCs7GzrJghsUH9DUBCsPyEVkNrkbpk0vDqcJIh9zUM0bufg9NlHs6Z9fO6r dMz2aY0NbwA4Nju/jfcX5KmcHhTFIfioomhCT1Pmo8qBm0DIBYntGie+3IxqZ5YImTA6 IUR7dDB2dlVEGsKWe2TAT8JYTUYNw3hGpnyCmMQNfYGyED7i5AcZNCds8u69SX5XLtA1 YLEzztzsZxQRzbYaJjyMeBMq9ZRS9AcBoMYcTGt6wZSkgUQ2SuKuVq1RhHxwKiqIj8+k WJbjRc7aOGvjn5tOZzEMSMb9F0tK8R1oJRTlTT0rdJLmrxVVx/UjxuysMsqYkxQc5wEu tpsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278297; x=1689870297; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hkKFIXP3nMZMGbz/H4LzCpiIvuj0i5ReDDgyO4dldUo=; b=Ii3DCqZM6tHT6Z0zjuRyfGtPR3q67jQ3DSmp9kS5jKYSBH96ZuzdU+Q4vRsGGhLs/i qJ4DJMNVJ9gXP41QV4g+vQK91Wu/ss85R0LfVGxvAqyPTloEX9iYfh7Wk8oDHAaXJ+uQ dlMjchQ62rETs8GZgoXrARmMELpk/r2N0YR+o76GGjHpNVBFKAt0rqidAQll786/Qghu UxOPc8xlpywS4Mm3JefqyLQLgZLpIyUZRkTEDuHyYvf9jGjZLRAPMc+QqaVcGUS2ogQy 5D77yTRfgIJsOIpRZPG08smd3tr0GrhYfsoc1WKC6PjuhiGUnHXh3Wy/uWWEjfQ9BMD3 H1Yg== X-Gm-Message-State: AC+VfDxwUV7Cj2K3Bf7aP+OdrlnW3EZxF8KPgpp/lQH2iobnkGCTYXrP Tv4ym9Fzgn4HKarKY0g1LJa5Xw== X-Google-Smtp-Source: ACHHUZ6D19ITO6vbLFwWP79kFcfvZdTYB/bmrCekR6gfLOy/7xPv/K6rlbzkrkXfngO+mYPk+ZgHMg== X-Received: by 2002:a05:600c:2113:b0:3f9:b4b5:e000 with SMTP id u19-20020a05600c211300b003f9b4b5e000mr2986300wml.23.1687278297174; Tue, 20 Jun 2023 09:24:57 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:56 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:21 +0200 Subject: [PATCH net 4/6] mptcp: consolidate fallback and non fallback state machine MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-4-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7143; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=X1x+zUK0l1HOVh79Cqgvoe802mLCyclxUoTN2kDb43w=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLUGDPzc0YG99qg/FkfAMjjoHdDODJEgDLik +lu8E1fYb6JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS1AAKCRD2t4JPQmmg cw3/D/sGZxhaONGAkakyjkx7pamXXh3GIk/nU00UH7+2PNeMHP/RXfZc578fPEnP0A4bi/lJl9d cjQBnprmJzemTZZzaDozprqlkU7Tn16Tm+KYy1t6kGHQ7OkNSePiub6QBztKo3RmYfeqAAm3EPT 5ZAOZZGXXQb9U/X1GRQvIKw2ulHbi6gYGuvp0SAkboHVbSqPbjL5Qm2reZkxlXt5a+K291QjDzs qmnm2A1JE46P0BF8FHvDsBze1+MR1vy5o38Dzd3MiUFZSYH+ggwP60XZpObx2dAbqJUadr0Mxr9 CUJJZYvd7shDEopIO8iVg1ItI/0Jytrdi/AEw58OHqwgGMIET4eDsm79nS4YPCxgFHuEJFtFoPZ z6bC1/ScFHYLKrWVWzGhPy+Vs3dchT9BeKeX39iHlnqEPh75L9XRM+K3J+vvTBy9KiRoqrwjtmt 8kFGRvjRhV0rOTDau5ajNlniSpo+MBSMSUeRiloS6V1fJmtkrCFknaoEaa6SEg0aMmdC4SE2R0x QvTbavnPL1TOht6DYdaea9kKUudBEWXLABbWnrSnNdVLMg7FskN9eOkqGablXcRNVMDapi8CP74 73+EQWw2ofTbGE7DnfYOY+ZA3zU221RyP75SvTSFqB2BGWVOK7iGo98lbz2bTScBRXfIBfzO5Dj IqOjdklVmePA4GQ== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni An orphaned msk releases the used resources via the worker, when the latter first see the msk in CLOSED status. If the msk status transitions to TCP_CLOSE in the release callback invoked by the worker's final release_sock(), such instance of the workqueue will not take any action. Additionally the MPTCP code prevents scheduling the worker once the socket reaches the CLOSE status: such msk resources will be leaked. The only code path that can trigger the above scenario is the __mptcp_check_send_data_fin() in fallback mode. Address the issue removing the special handling of fallback socket in __mptcp_check_send_data_fin(), consolidating the state machine for fallback and non fallback socket. Since non-fallback sockets do not send and do not receive data_fin, the mptcp code can update the msk internal status to match the next step in the SM every time data fin (ack) should be generated or received. As a consequence we can remove a bunch of checks for fallback from the fastpath. Fixes: 6e628cd3a8f7 ("mptcp: use mptcp release_cb for delayed tasks") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 41 +++++++++++++++-------------------------- net/mptcp/subflow.c | 17 ++++++++++------- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 9a40dae31cec..27d206f7af62 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -44,7 +44,7 @@ enum { static struct percpu_counter mptcp_sockets_allocated ____cacheline_aligned= _in_smp; =20 static void __mptcp_destroy_sock(struct sock *sk); -static void __mptcp_check_send_data_fin(struct sock *sk); +static void mptcp_check_send_data_fin(struct sock *sk); =20 DEFINE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions); static struct net_device mptcp_napi_dev; @@ -424,8 +424,7 @@ static bool mptcp_pending_data_fin_ack(struct sock *sk) { struct mptcp_sock *msk =3D mptcp_sk(sk); =20 - return !__mptcp_check_fallback(msk) && - ((1 << sk->sk_state) & + return ((1 << sk->sk_state) & (TCPF_FIN_WAIT1 | TCPF_CLOSING | TCPF_LAST_ACK)) && msk->write_seq =3D=3D READ_ONCE(msk->snd_una); } @@ -583,9 +582,6 @@ static bool mptcp_check_data_fin(struct sock *sk) u64 rcv_data_fin_seq; bool ret =3D false; =20 - if (__mptcp_check_fallback(msk)) - return ret; - /* Need to ack a DATA_FIN received from a peer while this side * of the connection is in ESTABLISHED, FIN_WAIT1, or FIN_WAIT2. * msk->rcv_data_fin was set when parsing the incoming options @@ -623,7 +619,8 @@ static bool mptcp_check_data_fin(struct sock *sk) } =20 ret =3D true; - mptcp_send_ack(msk); + if (!__mptcp_check_fallback(msk)) + mptcp_send_ack(msk); mptcp_close_wake_up(sk); } return ret; @@ -1609,7 +1606,7 @@ void __mptcp_push_pending(struct sock *sk, unsigned i= nt flags) if (!mptcp_timer_pending(sk)) mptcp_reset_timer(sk); if (do_check_data_fin) - __mptcp_check_send_data_fin(sk); + mptcp_check_send_data_fin(sk); } =20 static void __mptcp_subflow_push_pending(struct sock *sk, struct sock *ssk= , bool first) @@ -2680,8 +2677,6 @@ static void mptcp_worker(struct work_struct *work) if (unlikely((1 << state) & (TCPF_CLOSE | TCPF_LISTEN))) goto unlock; =20 - mptcp_check_data_fin_ack(sk); - mptcp_check_fastclose(msk); =20 mptcp_pm_nl_work(msk); @@ -2689,7 +2684,8 @@ static void mptcp_worker(struct work_struct *work) if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) mptcp_check_for_eof(msk); =20 - __mptcp_check_send_data_fin(sk); + mptcp_check_send_data_fin(sk); + mptcp_check_data_fin_ack(sk); mptcp_check_data_fin(sk); =20 if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags)) @@ -2828,6 +2824,12 @@ void mptcp_subflow_shutdown(struct sock *sk, struct = sock *ssk, int how) pr_debug("Fallback"); ssk->sk_shutdown |=3D how; tcp_shutdown(ssk, how); + + /* simulate the data_fin ack reception to let the state + * machine move forward + */ + WRITE_ONCE(mptcp_sk(sk)->snd_una, mptcp_sk(sk)->snd_nxt); + mptcp_schedule_work(sk); } else { pr_debug("Sending DATA_FIN on subflow %p", ssk); tcp_send_ack(ssk); @@ -2867,7 +2869,7 @@ static int mptcp_close_state(struct sock *sk) return next & TCP_ACTION_FIN; } =20 -static void __mptcp_check_send_data_fin(struct sock *sk) +static void mptcp_check_send_data_fin(struct sock *sk) { struct mptcp_subflow_context *subflow; struct mptcp_sock *msk =3D mptcp_sk(sk); @@ -2885,19 +2887,6 @@ static void __mptcp_check_send_data_fin(struct sock = *sk) =20 WRITE_ONCE(msk->snd_nxt, msk->write_seq); =20 - /* fallback socket will not get data_fin/ack, can move to the next - * state now - */ - if (__mptcp_check_fallback(msk)) { - WRITE_ONCE(msk->snd_una, msk->write_seq); - if ((1 << sk->sk_state) & (TCPF_CLOSING | TCPF_LAST_ACK)) { - inet_sk_state_store(sk, TCP_CLOSE); - mptcp_close_wake_up(sk); - } else if (sk->sk_state =3D=3D TCP_FIN_WAIT1) { - inet_sk_state_store(sk, TCP_FIN_WAIT2); - } - } - mptcp_for_each_subflow(msk, subflow) { struct sock *tcp_sk =3D mptcp_subflow_tcp_sock(subflow); =20 @@ -2917,7 +2906,7 @@ static void __mptcp_wr_shutdown(struct sock *sk) WRITE_ONCE(msk->write_seq, msk->write_seq + 1); WRITE_ONCE(msk->snd_data_fin_enable, 1); =20 - __mptcp_check_send_data_fin(sk); + mptcp_check_send_data_fin(sk); } =20 static void __mptcp_destroy_sock(struct sock *sk) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 4688daa6b38b..d9c8b21c6076 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1749,14 +1749,16 @@ static void subflow_state_change(struct sock *sk) { struct mptcp_subflow_context *subflow =3D mptcp_subflow_ctx(sk); struct sock *parent =3D subflow->conn; + struct mptcp_sock *msk; =20 __subflow_state_change(sk); =20 + msk =3D mptcp_sk(parent); if (subflow_simultaneous_connect(sk)) { mptcp_propagate_sndbuf(parent, sk); mptcp_do_fallback(sk); - mptcp_rcv_space_init(mptcp_sk(parent), sk); - pr_fallback(mptcp_sk(parent)); + mptcp_rcv_space_init(msk, sk); + pr_fallback(msk); subflow->conn_finished =3D 1; mptcp_set_connected(parent); } @@ -1772,11 +1774,12 @@ static void subflow_state_change(struct sock *sk) =20 subflow_sched_work_if_closed(mptcp_sk(parent), sk); =20 - if (__mptcp_check_fallback(mptcp_sk(parent)) && - !subflow->rx_eof && subflow_is_done(sk)) { - subflow->rx_eof =3D 1; - mptcp_subflow_eof(parent); - } + /* when the fallback subflow closes the rx side, trigger a 'dummy' + * ingress data fin, so that the msk state will follow along + */ + if (__mptcp_check_fallback(msk) && subflow_is_done(sk) && msk->first =3D= =3D sk && + mptcp_update_rcv_data_fin(msk, READ_ONCE(msk->ack_seq), true)) + mptcp_schedule_work(parent); } =20 void mptcp_subflow_queue_clean(struct sock *listener_sk, struct sock *list= ener_ssk) --=20 2.40.1 From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A27F1EB64D8 for ; Tue, 20 Jun 2023 16:25:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231181AbjFTQZZ (ORCPT ); Tue, 20 Jun 2023 12:25:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230145AbjFTQZB (ORCPT ); Tue, 20 Jun 2023 12:25:01 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A4D5170D for ; Tue, 20 Jun 2023 09:24:59 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-3f907f311ccso39805785e9.1 for ; Tue, 20 Jun 2023 09:24:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278298; x=1689870298; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B8LhkZXq3u26NycQr6cEqr1qtfjnbuarKmiwKf4xMtU=; b=cWyjdTqs3sK+thPlhmgkNr9Sd0WrvKg9XdYbu3OWjknzHYL+A96uIxD8LX9G1D59An HteKISTUi0icPjK+HTMEnuveZ1z9lDiViC9NW8iF0ew0qOl0pNAj/lh6tOht6buz4ssD CpHmSxdgvwlJOObfGIUNCQIFCh8spfUAz41Zvig3AwcjzV/pWG+H7PXFwP8HxrMv3VNf vWpYT/zAPaH+CoL7baA44xVvx4B0IPF5OZ2iePnA6ppBdW+i24Vf19Lq3TrKUB0zsu0d FDiV/R5AuVMvbcXX2Ou6VIWSWgIQSD+7nmUd8UAxLRrQCxjZ0Zk+eiojLCj8rPyTnVYS CdgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278298; x=1689870298; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=B8LhkZXq3u26NycQr6cEqr1qtfjnbuarKmiwKf4xMtU=; b=QYlpVqdDzgpmP3xz0aE0KYx8UZyKmryMADThQC6cZxcm8LPWFUbtZ+nMkbT4f1mtov OzO+HLcaZtj6L8JPdTWEcYtwttfbe/cAWsPTm3ShmvRbz36Yq5ihWa/Mh97zf421ZVjH CvkljdySQ7yryGokbhpAAGvXpgwbU73sF+/u0MWtwILe17ghhq6lucUAageTrLQveIgi u82D6A6MNzPguN1V5QTxdPEmP1wyoooKlVwCR7+9R09UFIMUybVWlcn/BndPSS5Bymv4 cYRBR3kdrq4rDVNL3bSXL4tNTsTv2/tccVWjnWzUrBHMHRihMJAfk4qmN1iJvElQhogH AYsQ== X-Gm-Message-State: AC+VfDwoJSd/9uv1UdIIq9k3//suaO+smCmpVL/AR0nGG/sGRUgrZ73W tfx1teD8zxOMMapsus0TRwdHDQ== X-Google-Smtp-Source: ACHHUZ5XgFZeyJRVkTsTsbyc9wiCo1YuIcE90gi/XpAy+/zN3lF3toPTz4LdRl+1DWPSsa0KBFrctg== X-Received: by 2002:a05:600c:2245:b0:3f8:f4f3:82ec with SMTP id a5-20020a05600c224500b003f8f4f382ecmr11020611wmm.8.1687278298034; Tue, 20 Jun 2023 09:24:58 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:57 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:22 +0200 Subject: [PATCH net 5/6] mptcp: drop legacy code around RX EOF MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-5-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4049; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=NUftswvvgXNJ7K5F9GELkECEB8VMD4z5k7YKE05yO4Y=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLU7oSKTlwi+3yscjfycqKb9AgTwioYdcTwq sHM4YV425OJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS1AAKCRD2t4JPQmmg c0Q/EACUSyGYQmjVMKLnXMWTvXbiizXKX3gzm5uDsKDRUwJx8rLAGgOX+Vx6UXYGm5ul9WEKOx8 kThgZaQZLwFYeOw11ORTNLRd6qVm3FGAAsCUBABnX/9UwW/EqmE+dW0chPrtIo0JP4Ajwx0ZTO0 SUMeW7oQhmPyqN4zxmNAGL4Msi8E9E5qTD8hObBV/Ml69gLCAgCq+gy690TVjbjBFfOCokl7NLU 7SGISI4x9b1z2ZoNRwpI6qXOO5zyRlSbTT0OsCpO6lw7sM1kpwbswm14wNutQT51fdLyjzrI5PI 1BOzvxxRU3BKNo1QQplLfTmzoER8pKfxwBE3TXjrU/TdcTfZiKZH4aAslwFjOCLdxmjCMKxMlHG x8NJxNVbkyacxBloPQ90fTAKGtzA00+IrXlISxaYJTvkOGqKMRLLf6hT4WoSbt4uT2DbJMrg6n3 dcbhlSVL4RFFrvBofiwsJ5rDU0i7h7mJa5vwXdbUPm9ZW8Xwr52X6IEqAxxB9+50HVeSZVuh69P 17isgW5rIW+prI0gKDjFxQFvAQn7YM4a0LJAF8r5achpE9F2CbnbtCzGtIoPMKtbds/7Rw96vnR ihFzpkkhPr4uuaMliMQ3mQ41i4SVIYQZrl6LHHspZy5kyqMfFci4HZFHPZQ92FpwfGXkl/xzf+S 1H7BP/dsduq1kuw== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni Thanks to the previous patch -- "mptcp: consolidate fallback and non fallback state machine" -- we can finally drop the "temporary hack" used to detect rx eof. Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 49 ------------------------------------------------- net/mptcp/protocol.h | 5 +---- 2 files changed, 1 insertion(+), 53 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 27d206f7af62..a66ec341485e 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -894,49 +894,6 @@ bool mptcp_schedule_work(struct sock *sk) return false; } =20 -void mptcp_subflow_eof(struct sock *sk) -{ - if (!test_and_set_bit(MPTCP_WORK_EOF, &mptcp_sk(sk)->flags)) - mptcp_schedule_work(sk); -} - -static void mptcp_check_for_eof(struct mptcp_sock *msk) -{ - struct mptcp_subflow_context *subflow; - struct sock *sk =3D (struct sock *)msk; - int receivers =3D 0; - - mptcp_for_each_subflow(msk, subflow) - receivers +=3D !subflow->rx_eof; - if (receivers) - return; - - if (!(sk->sk_shutdown & RCV_SHUTDOWN)) { - /* hopefully temporary hack: propagate shutdown status - * to msk, when all subflows agree on it - */ - WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | RCV_SHUTDOWN); - - smp_mb__before_atomic(); /* SHUTDOWN must be visible first */ - sk->sk_data_ready(sk); - } - - switch (sk->sk_state) { - case TCP_ESTABLISHED: - inet_sk_state_store(sk, TCP_CLOSE_WAIT); - break; - case TCP_FIN_WAIT1: - inet_sk_state_store(sk, TCP_CLOSING); - break; - case TCP_FIN_WAIT2: - inet_sk_state_store(sk, TCP_CLOSE); - break; - default: - return; - } - mptcp_close_wake_up(sk); -} - static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) { struct mptcp_subflow_context *subflow; @@ -2161,9 +2118,6 @@ static int mptcp_recvmsg(struct sock *sk, struct msgh= dr *msg, size_t len, break; } =20 - if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) - mptcp_check_for_eof(msk); - if (sk->sk_shutdown & RCV_SHUTDOWN) { /* race breaker: the shutdown could be after the * previous receive queue check @@ -2681,9 +2635,6 @@ static void mptcp_worker(struct work_struct *work) =20 mptcp_pm_nl_work(msk); =20 - if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) - mptcp_check_for_eof(msk); - mptcp_check_send_data_fin(sk); mptcp_check_data_fin_ack(sk); mptcp_check_data_fin(sk); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 70c957bc56a8..d3783a7056e1 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -113,7 +113,6 @@ /* MPTCP socket atomic flags */ #define MPTCP_NOSPACE 1 #define MPTCP_WORK_RTX 2 -#define MPTCP_WORK_EOF 3 #define MPTCP_FALLBACK_DONE 4 #define MPTCP_WORK_CLOSE_SUBFLOW 5 =20 @@ -476,14 +475,13 @@ struct mptcp_subflow_context { send_mp_fail : 1, send_fastclose : 1, send_infinite_map : 1, - rx_eof : 1, remote_key_valid : 1, /* received the peer key from */ disposable : 1, /* ctx can be free at ulp release time */ stale : 1, /* unable to snd/rcv data, do not use for xmit */ local_id_valid : 1, /* local_id is correctly initialized */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 8; + __unused : 9; enum mptcp_data_avail data_avail; u32 remote_nonce; u64 thmac; @@ -720,7 +718,6 @@ static inline u64 mptcp_expand_seq(u64 old_seq, u64 cur= _seq, bool use_64bit) void __mptcp_check_push(struct sock *sk, struct sock *ssk); void __mptcp_data_acked(struct sock *sk); void __mptcp_error_report(struct sock *sk); -void mptcp_subflow_eof(struct sock *sk); bool mptcp_update_rcv_data_fin(struct mptcp_sock *msk, u64 data_fin_seq, b= ool use_64bit); static inline bool mptcp_data_fin_enabled(const struct mptcp_sock *msk) { --=20 2.40.1 From nobody Tue May 21 11:50:49 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0276EB64D7 for ; Tue, 20 Jun 2023 16:25:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231708AbjFTQZa (ORCPT ); Tue, 20 Jun 2023 12:25:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229707AbjFTQZB (ORCPT ); Tue, 20 Jun 2023 12:25:01 -0400 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D04810A for ; Tue, 20 Jun 2023 09:25:00 -0700 (PDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-3f90bff0f27so25412325e9.1 for ; Tue, 20 Jun 2023 09:25:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; t=1687278299; x=1689870299; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Znjz9mhWIkZAzM3bIGR89qxXvHDPKMA75QcoPc3MXbs=; b=fjHkYLbe0be2lmDc2DbzliG3daRP8Cwy06e4lWbBzihbpEvjrLDc4IpnCrklJPm9y/ TrVPeC4nxdDD+X9nVbCkLnjfNhQCO4ETgtXMWa7UoMTJy9HgEkfxkjDwQ1CdJeUtsoYS JGzvkldrixNbVNxPNAvFOwqaF/XGy3paO6imJBQZgW9Vora7xJ49Yl3Qa3ii6TZjnbA0 um/RD4koPftR93T6D1qFbrFLliTFjM6MUBdRZ2fROywwJ5Ri5/evXYEEpBPGKVaJwNnX CTw2OAEDgYCEaXnQV3KXDzD05oQVevUDcQzXLC5ZCtnrMKkf7hjqc32i88cFWHarU3GN OLiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687278299; x=1689870299; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Znjz9mhWIkZAzM3bIGR89qxXvHDPKMA75QcoPc3MXbs=; b=ZXdVGa+pz24sNQ+PA/ya2QQQgIxns18VaRZGdzZm38WyIpC0zmdDdJBfLNPArKTZzl i5GJUdZduhn4/lJbWxxdgUzvN3d2v4CfsZAWk1ytRKJpxJGnGtO78rLtJB9BJBl2Kr/4 0ISd9qePwlEHcb7ctXkDvExVZSEGjp4aL8MHPXVg/8cE/6fY0fs//o3DpsNL3Jb6gJyD wbTbfdtz0hGJex2BXkCF5NlcMqfGSBdhw4LRBXfg/32PS6Osvb195y67u4yZth3FHDAH OU0Hk1phtpJD5NatrrQdb5Uj4WBxExudXATv5412tG7BxXbF1i/LW2Hf0HZmoo3tcFWA s/mA== X-Gm-Message-State: AC+VfDyibcUUF6DXLtAoYRN38t1pzxBUaFFyaymgLogv7089boV6npif D4Ulzk0chGDVbXgrY8H1wLJFVQ== X-Google-Smtp-Source: ACHHUZ4wiLUY+Cf2Yma1uofHbvwI5tQcGLbRTlxlEi+dJ/ojWLtPbmVMni/kTCWN4E5uhAJojkAVZg== X-Received: by 2002:a1c:6a07:0:b0:3f9:b13b:a1cd with SMTP id f7-20020a1c6a07000000b003f9b13ba1cdmr3960518wmc.16.1687278298940; Tue, 20 Jun 2023 09:24:58 -0700 (PDT) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id o19-20020a05600c511300b003f8fe1933e4sm15753056wms.3.2023.06.20.09.24.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jun 2023 09:24:58 -0700 (PDT) From: Matthieu Baerts Date: Tue, 20 Jun 2023 18:24:23 +0200 Subject: [PATCH net 6/6] mptcp: ensure listener is unhashed before updating the sk status MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-6-f36aa5eae8b9@tessares.net> References: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> In-Reply-To: <20230620-upstream-net-20230620-misc-fixes-for-v6-4-v1-0-f36aa5eae8b9@tessares.net> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Matthieu Baerts , Christoph Paasch , stable@vger.kernel.org X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3462; i=matthieu.baerts@tessares.net; h=from:subject:message-id; bh=XrTodyZuRWl4/4OQC7pAwj7PljaPvC+0axsjgRjlweQ=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBkkdLU59rYoS7PISGtstSFpyCDz13h50kwKhhsz UQhglzkRciJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZJHS1AAKCRD2t4JPQmmg c85lEADP17RDWFFhZabVkHlxq7xu4jsB18M64f5ecSn1Q1W0UimQtRHq5TqzSexe/LTDZwijN4R usgqHa6AAfyU4TzLIu819mQKV0A2apCfVhzOAcMr2JDvez8Jl+UMG6xHBzabivfIECOKeK1Ja8l CLqYFWlhghut3N4SU0ue0wTLO6OxkDBr85cz271+DRv3jpGZRbOgQu/g8T9cGEuO8shFUp5OvUI Yu3Qjzv/zUM5WGOajxnQc6b5GL2Aj3SZLETNtB+Lj2RVjuDgIp6lT+ftKzUUV4H1LAXZlU5pTuC HtprYVd7qZzUcO4xJvkj03Neu42M4AEFL02lu9bM7hRiByklUb5M7hP5HVBqZGGbqdDpSwRnywo wp4FyQI/9R0otMK4HyKzc10oOB8rOpOm2vjC9XEJGBEjb7L+SxvgLrzWPE8dRKCJWsD7Dn4sO1U n7pGJrs1qPJcBcuBbH98/jBlkrJUCvcGC9901bxlpFgBeVUl+AlBvbgfjSFy7WDx9CVHpk0bEMt Wun0sKe5W4/vblO3i8br8uiS7/0wtOlCNft7zQZR1LY2BlTCvfXZqyoDdg8Usg6S9kB8TUZMz7G jbRUwOylPsIe2dEyhNjpMUECCsaRE5MRr2yE0xn4V81S1IrPZ9tp2IcP2flYl6fYAaTJQbVKgyq PIn8PYetOam3Txg== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni The MPTCP protocol access the listener subflow in a lockless manner in a couple of places (poll, diag). That works only if the msk itself leaves the listener status only after that the subflow itself has been closed/disconnected. Otherwise we risk deadlock in diag, as reported by Christoph. Address the issue ensuring that the first subflow (the listener one) is always disconnected before updating the msk socket status. Reported-by: Christoph Paasch Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/407 Fixes: b29fcfb54cd7 ("mptcp: full disconnect implementation") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- net/mptcp/pm_netlink.c | 1 + net/mptcp/protocol.c | 31 +++++++++++++++++++------------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 59f8f3124855..1224dfca5bf3 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1047,6 +1047,7 @@ static int mptcp_pm_nl_create_listen_socket(struct so= ck *sk, if (err) return err; =20 + inet_sk_state_store(newsk, TCP_LISTEN); err =3D kernel_listen(ssock, backlog); if (err) return err; diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a66ec341485e..a6c7f2d24909 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2368,13 +2368,6 @@ static void __mptcp_close_ssk(struct sock *sk, struc= t sock *ssk, kfree_rcu(subflow, rcu); } else { /* otherwise tcp will dispose of the ssk and subflow ctx */ - if (ssk->sk_state =3D=3D TCP_LISTEN) { - tcp_set_state(ssk, TCP_CLOSE); - mptcp_subflow_queue_clean(sk, ssk); - inet_csk_listen_stop(ssk); - mptcp_event_pm_listener(ssk, MPTCP_EVENT_LISTENER_CLOSED); - } - __tcp_close(ssk, 0); =20 /* close acquired an extra ref */ @@ -2902,10 +2895,24 @@ static __poll_t mptcp_check_readable(struct mptcp_s= ock *msk) return EPOLLIN | EPOLLRDNORM; } =20 -static void mptcp_listen_inuse_dec(struct sock *sk) +static void mptcp_check_listen_stop(struct sock *sk) { - if (inet_sk_state_load(sk) =3D=3D TCP_LISTEN) - sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); + struct sock *ssk; + + if (inet_sk_state_load(sk) !=3D TCP_LISTEN) + return; + + sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); + ssk =3D mptcp_sk(sk)->first; + if (WARN_ON_ONCE(!ssk || inet_sk_state_load(ssk) !=3D TCP_LISTEN)) + return; + + lock_sock_nested(ssk, SINGLE_DEPTH_NESTING); + mptcp_subflow_queue_clean(sk, ssk); + inet_csk_listen_stop(ssk); + mptcp_event_pm_listener(ssk, MPTCP_EVENT_LISTENER_CLOSED); + tcp_set_state(ssk, TCP_CLOSE); + release_sock(ssk); } =20 bool __mptcp_close(struct sock *sk, long timeout) @@ -2918,7 +2925,7 @@ bool __mptcp_close(struct sock *sk, long timeout) WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); =20 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) { - mptcp_listen_inuse_dec(sk); + mptcp_check_listen_stop(sk); inet_sk_state_store(sk, TCP_CLOSE); goto cleanup; } @@ -3035,7 +3042,7 @@ static int mptcp_disconnect(struct sock *sk, int flag= s) if (msk->fastopening) return -EBUSY; =20 - mptcp_listen_inuse_dec(sk); + mptcp_check_listen_stop(sk); inet_sk_state_store(sk, TCP_CLOSE); =20 mptcp_stop_timer(sk); --=20 2.40.1