From nobody Sat May 18 10:30:05 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4016920B28; Mon, 13 Nov 2023 23:16:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EU1QFw4K" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B272C433CC; Mon, 13 Nov 2023 23:16:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699917410; bh=2jeX2uvYGdFERiAmTgYhq8ls/6kWqVz41YErONEFjxA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EU1QFw4KDclNNHXck3iTW41k2dh+DB5cw5HltIeq4TTToD+f+BrQztDX3ne40h0jf YhfX4EPqNps7vr9CI/Rsigh+rWOPiPpOXP4rZ0S+zx0vEAcL9MIN4z5wF9254S1kDO 4vS8VDeuLlEo0KgxUI3YXnMxCcx0xn8dGrtEruFgG9QyBlViDmhCGYWScCxt3EL1o5 P5wI/oxRgxeGhnjMjZ8fQ3Dni+RCdF/mvN8MDboAepOohxJvgH4PusjhCZLuh1fzg2 i/13MzjaMOxa/Xl7s8tLPPIJe0xSIaoxBo2RWvDwoRcVGgszkOUnRvGnaqiMxSWnfB kW4lEqXbVWGqg== From: Matthieu Baerts Date: Tue, 14 Nov 2023 00:16:13 +0100 Subject: [PATCH net 1/5] mptcp: deal with large GSO size Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-1-7b9cd6a7b7f4@kernel.org> References: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> In-Reply-To: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Duyck , Geliang Tang , Poorva Sonparote , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matthieu Baerts , Christoph Paasch , stable@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3784; i=matttbe@kernel.org; h=from:subject:message-id; bh=YRXLhzfEC4lljdr2nwDn01AzU3o8e037p4jOnZPvtQ8=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlUq5ZN7yapXbpxTVvBFqQLDB2/j7LcjDPRBREL 4h0/bVwJuqJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZVKuWQAKCRD2t4JPQmmg c3BAEACJ9JFVbmEJnFeRFDQXWb9QDX9FFEmBlM7VYvOTtAULytMT1YNhF7utw3w4K/Quc/fwUvn 7EPQ8UXAn6+E3gKH02ctd3gLeZBO4VGlPrxtUYHZO8G1eFGyuMX9wg7FEvIskNOyMfURebFRkNN zoua91vpIVxa3iulECuRq9+x5mHc8a+2HvgUJl8Q8RSATL6Q7cWTdXelYG5+5rbTfwHKpiyR8fA t56v5SpJvuT+b9qdV0RK9w4M4xlyHgM5BrvJD5f3cTFgXPJndSa/apaXkUI8VdK0wTdO2BHL/Ek IJhQzkiqLGJAHCc/+a7N+ZbURM7kQTbrdyGSnS/AHc55Fjl0zxMWh8BRkTJkxELztE+uLphfo+6 Xe2Pp3jyLVWlHgTvF9G6gBmZgiboMSNSGoQqBBV0Y5CTZvWSa3dzXnvhmN6J3jlKNieeNGKJ37I U6VGdy0t45iLfcSA5orEIdKrTYeZd3Dej6YpUn77OTHWKSW3s7hnV9MvjCYvZRT4QHhwwPklIKT wXngC1q2RUNkFMO0k88Not4rJKyKinzjAjt1T9M/A3decd7VOto3R/uSJk5Zzo6qwaFoOOMQuR0 eLf5SW3UwFYWqwD4U42vq/qKyMxeOVvHah8AOsOtYgo+DQbC2p1QsCo0zdTMqs7b6R/vtMwEX7N 1rbogMixW46MM6A== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni After the blamed commit below, the TCP sockets (and the MPTCP subflows) can build egress packets larger than 64K. That exceeds the maximum DSS data size, the length being misrepresent on the wire and the stream being corrupted, as later observed on the receiver: WARNING: CPU: 0 PID: 9696 at net/mptcp/protocol.c:705 __mptcp_move_skbs_f= rom_subflow+0x2604/0x26e0 CPU: 0 PID: 9696 Comm: syz-executor.7 Not tainted 6.6.0-rc5-gcd8bdf563d46= #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 = 04/01/2014 netlink: 8 bytes leftover after parsing attributes in process `syz-execut= or.4'. RIP: 0010:__mptcp_move_skbs_from_subflow+0x2604/0x26e0 net/mptcp/protocol= .c:705 RSP: 0018:ffffc90000006e80 EFLAGS: 00010246 RAX: ffffffff83e9f674 RBX: ffff88802f45d870 RCX: ffff888102ad0000 netlink: 8 bytes leftover after parsing attributes in process `syz-execut= or.4'. RDX: 0000000080000303 RSI: 0000000000013908 RDI: 0000000000003908 RBP: ffffc90000007110 R08: ffffffff83e9e078 R09: 1ffff1100e548c8a R10: dffffc0000000000 R11: ffffed100e548c8b R12: 0000000000013908 R13: dffffc0000000000 R14: 0000000000003908 R15: 000000000031cf29 FS: 00007f239c47e700(0000) GS:ffff88811b200000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f239c45cd78 CR3: 000000006a66c006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Call Trace: mptcp_data_ready+0x263/0xac0 net/mptcp/protocol.c:819 subflow_data_ready+0x268/0x6d0 net/mptcp/subflow.c:1409 tcp_data_queue+0x21a1/0x7a60 net/ipv4/tcp_input.c:5151 tcp_rcv_established+0x950/0x1d90 net/ipv4/tcp_input.c:6098 tcp_v6_do_rcv+0x554/0x12f0 net/ipv6/tcp_ipv6.c:1483 tcp_v6_rcv+0x2e26/0x3810 net/ipv6/tcp_ipv6.c:1749 ip6_protocol_deliver_rcu+0xd6b/0x1ae0 net/ipv6/ip6_input.c:438 ip6_input+0x1c5/0x470 net/ipv6/ip6_input.c:483 ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:304 __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5532 process_backlog+0x353/0x660 net/core/dev.c:5974 __napi_poll+0xc6/0x5a0 net/core/dev.c:6536 net_rx_action+0x6a0/0xfd0 net/core/dev.c:6603 __do_softirq+0x184/0x524 kernel/softirq.c:553 do_softirq+0xdd/0x130 kernel/softirq.c:454 Address the issue explicitly bounding the maximum GSO size to what MPTCP actually allows. Reported-by: Christoph Paasch Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/450 Fixes: 7c4e983c4f3c ("net: allow gso_max_size to exceed 65536") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a0b8356cd8c5..66e947054945 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1230,6 +1230,8 @@ static void mptcp_update_infinite_map(struct mptcp_so= ck *msk, mptcp_do_fallback(ssk); } =20 +#define MPTCP_MAX_GSO_SIZE (GSO_LEGACY_MAX_SIZE - (MAX_TCP_HEADER + 1)) + static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, struct mptcp_data_frag *dfrag, struct mptcp_sendmsg_info *info) @@ -1256,6 +1258,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct= sock *ssk, return -EAGAIN; =20 /* compute send limit */ + if (unlikely(ssk->sk_gso_max_size > MPTCP_MAX_GSO_SIZE)) + ssk->sk_gso_max_size =3D MPTCP_MAX_GSO_SIZE; info->mss_now =3D tcp_send_mss(ssk, &info->size_goal, info->flags); copy =3D info->size_goal; =20 --=20 2.40.1 From nobody Sat May 18 10:30:05 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 142CD20B28; Mon, 13 Nov 2023 23:16:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hI1lAhXt" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4AC0FC433BB; Mon, 13 Nov 2023 23:16:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699917414; bh=dPVoMDdmT5O1esgQWn70/S96MaB0QJhFZeyDdB51SV4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hI1lAhXtQRQbllmzOAC535px+CS/59GlFEZ4lC79yB3rdRgJ+kL07ZMIxvwco0l9T zxMDew8xOTlCcPa2jFI2Sme5tZGGfDsLMbxlXJU49JY48lCe4CE475FUEBgSYkEuB2 hdWwI94GGojwWMjlzeyKliPLpDXcq5uPxJMsAjkF2t4suKToCe/kipFxuWyaw819Yr e60yuioQ/tN+7D3cPteCJ/ofeqS5m4sKvxmlhzmk7BncTn27NpWTkGzI82z4KSXBko BDNcsydUcSeyxqitahiSSS+lNU4pxwlFSsoPw2UNXtAY99cXhFpcbAV4ANPIrBnKCn SiiGrPQydjUHQ== From: Matthieu Baerts Date: Tue, 14 Nov 2023 00:16:14 +0100 Subject: [PATCH net 2/5] mptcp: fix possible NULL pointer dereference on close Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-2-7b9cd6a7b7f4@kernel.org> References: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> In-Reply-To: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Duyck , Geliang Tang , Poorva Sonparote , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org, syzbot+9dfbaedb6e6baca57a32@syzkaller.appspotmail.com X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=5094; i=matttbe@kernel.org; h=from:subject:message-id; bh=WP+ZlYiFDCyBXD0py15W3W5RddJq4LOh+TwUP0e8fpE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlUq5ZoA45/dNQjJQWX3BOf8JTPbTiAR5XJbvrB nQRVRTKsSqJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZVKuWQAKCRD2t4JPQmmg c0JhEADL0kxbBRg9/fZeQdpxXLlue7l4rOoaoYPtDlTz+Feye6GMkf1zv7pTXJ2EHw6GskMB4J7 lxbi8KQevrB6pj2SNUlvP+gZ0qgq48MLx1+FnUlIeebceO6RQpi0gVqebECJ2SYG7pFe7pffHHb KJFbAiu1qRSg4NF95Z6Z9CwcUhH12jQy/X3qOnHh2vr69SzFHPkVZu6dF8Edpr6nti9sKfe0rVO RvCeTFljmvf1qrh7ZneFu6R0eev19O1VCvExUcQIIRWcFVWu13fyt1z50ApgeFtjo6dEYtjs2mf suPxQ1DW5ZY2VRNGm9f4vc4g5zDCE62GuNXDOOAcCIBmpyHwYKyw4jozEw0eOX2nsaX1P581IWH RpiIskRzKpwz+VFyfN5DCEYUP1TZbTiqqoJlYZseOK6y6GG475cr4G7W8wtSPQ0TagPR4E+5prG yAVH9TvT4O80iocQdeMZUMUrVoXO3J+u/81PmqrLS7uK7iUZk5g1P+ODGFueqGuPKXMhEtDvKcB 4pqAIVm0YCp7HC72bZTKJ3luTIHBlygeZ4b129CLhstza0VAjmCIf/jbAbAkTW32Y99Wzzz19CX D2x+Uks+uVY3ZSOAAXRbWkBJq+fYwx67rTAm+NLrYeKRnqBKEHCraqTJbO724ftISkGh25KPLuE JkYSUYBg0W2Stqg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni After the blamed commit below, the MPTCP release callback can dereference the first subflow pointer via __mptcp_set_connected() and send buffer auto-tuning. Such pointer is always expected to be valid, except at socket destruction time, when the first subflow is deleted and the pointer zeroed. If the connect event is handled by the release callback while the msk socket is finally released, MPTCP hits the following splat: general protection fault, probably for non-canonical address 0xdffffc0000= 0000f2: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000790-0x0000000000000797] CPU: 1 PID: 26719 Comm: syz-executor.2 Not tainted 6.6.0-syzkaller-10102-= gff269e2cd5ad #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 10/09/2023 RIP: 0010:mptcp_subflow_ctx net/mptcp/protocol.h:542 [inline] RIP: 0010:__mptcp_propagate_sndbuf net/mptcp/protocol.h:813 [inline] RIP: 0010:__mptcp_set_connected+0x57/0x3e0 net/mptcp/subflow.c:424 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8a62323c RDX: 00000000000000f2 RSI: ffffffff8a630116 RDI: 0000000000000790 RBP: ffff88803334b100 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000034 R12: ffff88803334b198 R13: ffff888054f0b018 R14: 0000000000000000 R15: ffff88803334b100 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbcb4f75198 CR3: 000000006afb5000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mptcp_release_cb+0xa2c/0xc40 net/mptcp/protocol.c:3405 release_sock+0xba/0x1f0 net/core/sock.c:3537 mptcp_close+0x32/0xf0 net/mptcp/protocol.c:3084 inet_release+0x132/0x270 net/ipv4/af_inet.c:433 inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:485 __sock_release+0xae/0x260 net/socket.c:659 sock_close+0x1c/0x20 net/socket.c:1419 __fput+0x270/0xbb0 fs/file_table.c:394 task_work_run+0x14d/0x240 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa92/0x2a20 kernel/exit.c:876 do_group_exit+0xd4/0x2a0 kernel/exit.c:1026 get_signal+0x23ba/0x2790 kernel/signal.c:2900 arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296 do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:88 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fb515e7cae9 Code: Unable to access opcode bytes at 0x7fb515e7cabf. RSP: 002b:00007fb516c560c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: 000000000000003c RBX: 00007fb515f9c120 RCX: 00007fb515e7cae9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000006 RBP: 00007fb515ec847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007fb515f9c120 R15: 00007ffc631eb968 To avoid sparkling unneeded conditionals, address the issue explicitly checking msk->first only in the critical place. Fixes: 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") Cc: stable@vger.kernel.org Reported-by: Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/454 Reported-by: Eric Dumazet Closes: https://lore.kernel.org/netdev/CANn89iLZUA6S2a=3DK8GObnS62KK6Jt4B7P= sAs7meMFooM8xaTgw@mail.gmail.com/ Signed-off-by: Paolo Abeni Reviewed-by: Eric Dumazet Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 66e947054945..bc81ea53a049 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3402,10 +3402,11 @@ static void mptcp_release_cb(struct sock *sk) if (__test_and_clear_bit(MPTCP_CLEAN_UNA, &msk->cb_flags)) __mptcp_clean_una_wakeup(sk); if (unlikely(msk->cb_flags)) { - /* be sure to set the current sk state before tacking actions - * depending on sk_state, that is processing MPTCP_ERROR_REPORT + /* be sure to set the current sk state before taking actions + * depending on sk_state (MPTCP_ERROR_REPORT) + * On sk release avoid actions depending on the first subflow */ - if (__test_and_clear_bit(MPTCP_CONNECTED, &msk->cb_flags)) + if (__test_and_clear_bit(MPTCP_CONNECTED, &msk->cb_flags) && msk->first) __mptcp_set_connected(sk); if (__test_and_clear_bit(MPTCP_ERROR_REPORT, &msk->cb_flags)) __mptcp_error_report(sk); --=20 2.40.1 From nobody Sat May 18 10:30:05 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEF4B3D3B9; Mon, 13 Nov 2023 23:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HC7HNDCc" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6682EC433AB; Mon, 13 Nov 2023 23:16:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699917418; bh=6NjuMMfupABGOprM2E0ZdnQVNhlyr/LPmz4PlYvGCTc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HC7HNDCcy5FHfuZzRQGhnvg1b7giJxLSyvVUv6vL/nLouZlkcd2kcIUiWw5sEHcW2 c3SZpked9FZlIJByQH7LiT5VqRKstbTuVa0q99QJjOL2acUcLGw3EnhPWxnE0k6vzN c7mNnRRdDvDpMwySXdYbVnb5fCzXnZ9ZtESY6Z3HzTZkXcWSWKlvuzJKaTkzIywdyQ yypjOiuqOw9Ov0FZBnlFVYStT6CltQ0KpbNpKZBSOV+C2x2n5voyaaB6XO4gm6ISfL N7Z5DRbK0jDYpZmatXq1fsD5fLF7KL74o4tCcMnv1wzLSjfJ899G+b9fxprt4VEvnC objWKes5MwC6Q== From: Matthieu Baerts Date: Tue, 14 Nov 2023 00:16:15 +0100 Subject: [PATCH net 3/5] mptcp: add validity check for sending RM_ADDR Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-3-7b9cd6a7b7f4@kernel.org> References: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> In-Reply-To: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Duyck , Geliang Tang , Poorva Sonparote , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; i=matttbe@kernel.org; h=from:subject:message-id; bh=De6XueuAtSX4KlkXPDBKo4EbKmfgtMyfgEamAykmwTo=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlUq5aj1GKYa5rYyWGNMRIArHYv1uqvRXCYxJ8m bGU4Tz4AXeJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZVKuWgAKCRD2t4JPQmmg c9A1D/9BunX1yiZIGndUkzDF+IhU6xLrvv3v1GoZFnmZpv463cDEqV+c42hHDi8CHBsXCq/pbc/ OpKxNAGhp9DOGyAHZIsE9gH9SYDvsgoDtBtiKdQpNZVaJ4XDzAQ4Gt+r2CKHWRN80wgJSnNRUae Ucgds34h46cZMmg8VyaRNAtQud1sWnNRLPrdUpfoSN39aQgPXSmkuYSNoY1VY9krPIHwf3Pry6B 8tg6HG4gIQCx/WHhUI3gxc0ramKniKa+NuSlAcuYpdcOYqMSP7mujp0Y28wcZf12UCOfFR/wGq+ MaEfOfOvRi5oGy2Cqc4tcMMZ4mOF5bRecyNU7WplDRHec6z2oL9I0Sx/MP8fUk0pz9STCpu5mAw LZaUBDtDz37p49hmfLdLGbNtKKIswWOCZe//hvW4pXXUU5AASNm5SFSNA2UZYryUNMFjispNAdB IMfYM/0Z4wPyCl5hKsL28SvRFBxwaR9zSFtRLpgPGPFanuvPGpZAWa9Ecj4pU80RXZ4TH6Prnon QnbipvsqtnbUWY5MtlprzzSZjwEDlQbf2I5U5vCZbarEoelVh8ZhzKi2ftmUR+/1NciWYJfZlB7 aiz4YSvCVA7QT3xXiQ/DzVntFiXuyKjykMYH6W5Ve7h9dNH3D+FjmMKWf+azVEe1TyP7QCxbBpe p+3kIxCkw3RMt4A== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Geliang Tang This patch adds the validity check for sending RM_ADDRs for userspace PM in mptcp_pm_remove_addrs(), only send a RM_ADDR when the address is in the anno_list or conn_list. Fixes: 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") Cc: stable@vger.kernel.org Signed-off-by: Geliang Tang Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/pm_netlink.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 1529ec358815..bf4d96f6f99a 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1515,8 +1515,9 @@ void mptcp_pm_remove_addrs(struct mptcp_sock *msk, st= ruct list_head *rm_list) struct mptcp_pm_addr_entry *entry; =20 list_for_each_entry(entry, rm_list, list) { - remove_anno_list_by_saddr(msk, &entry->addr); - if (alist.nr < MPTCP_RM_IDS_MAX) + if ((remove_anno_list_by_saddr(msk, &entry->addr) || + lookup_subflow_by_saddr(&msk->conn_list, &entry->addr)) && + alist.nr < MPTCP_RM_IDS_MAX) alist.ids[alist.nr++] =3D entry->addr.id; } =20 --=20 2.40.1 From nobody Sat May 18 10:30:05 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD2D320B28; Mon, 13 Nov 2023 23:17:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nb/M7yWV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 523BFC433C9; Mon, 13 Nov 2023 23:16:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699917422; bh=W0b3gyn44KcNCBO6UUaZ6j/sKJtPmQfYULhtG6WJYqo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nb/M7yWVUm1sNmkoRbJKG/C+OzPukvvt+bk50xwnwG3hAxNEPIX3qHpd//mulyEEC 2pschryKCij7vGHecHbFBxMR4akdqQrO+muyh0ldD0Qxn+sO4GfGa9dOoJxOthMV9Z znRGqDrWBe0NZuFBWxZN4oVmyY87T3BvZ7sI5I6beW4f3d6ijxbQK1rzv/EoUkQtyz eOZ+X22Z2GCYoIJ0RTM6jjKqIv3okl2yw0JE7K5DJXTh7bjjGtCSbJ12xoF/dLgyFv B5snkAKLsuWpVgQDu+SKPRVbxToyB9eVd3BWlRssZgBMyHWxxikTMYuksoy4on83sU D757dO9dyhlhw== From: Matthieu Baerts Date: Tue, 14 Nov 2023 00:16:16 +0100 Subject: [PATCH net 4/5] mptcp: fix setsockopt(IP_TOS) subflow locking Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-4-7b9cd6a7b7f4@kernel.org> References: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> In-Reply-To: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Duyck , Geliang Tang , Poorva Sonparote , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1141; i=matttbe@kernel.org; h=from:subject:message-id; bh=pGUcGEjXJfFkLWEJhM/HAjyXejyxjQ+RM/5QKnxNKLo=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlUq5aSKHTJBWyN67lqxuWcs30vPDduo09h2qxF iS1s9AGWJOJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZVKuWgAKCRD2t4JPQmmg c0n6D/9EtGTPQOu6+y+C+gD0tZW1tXp+SwlDwByKowUFh9faPZJKImn6tNpf1WF7mBHFNkmskoi nfHH6DzgCev+0xD/Dgytfz/b0nOSoLc46Bg59GySj9YBU3cuMshs8X3YQsWN8WoMEwZrMMHZSL5 rX50bjvbZUHsfJpniwbS419CtzHwO1fSz4i9JuSQObSuRRe6zmYXWgrWGFVbVx7Zw+2h5hK1cTy GAL1fqI5E1oFmGfymAtW6zU4XOolSMUbxNOKGv27bLhKMB8Ifb5v4mhcBG6PbszA7Ju+bcpQ/v4 tBPwvptoSPQTC0+s0LgfeXkexwQPMxUnWXVPVIhbc3QyFKZBi4ELBJVcg1SMn3AwG+ZvEhJiRxQ UOXd3+r0Hbyq5cILSrtJDdFnwJkkn7suxvYt0zSI0JUntO31po3qof9HO7LCsWlIgxk8Ywz7Itz CS5sYwemEcT3fVxirExCrHsMRf+hCj+9FB7qimQqy8ACYawckRLxOcd6E31s2d/3QS4ZcVrk+pj QwK+QcSIz1jNrjj4jcCrXpBXY46qs771Qob/jz5tGkVn0w5rtQM0LzVR9h8sLvOZObnK51PNVt9 LI3FQH8SAf8waY/hTWnoy4AZBfZAOOtFtMpc0s4/nffEaeSSdyjHdYxFH5ttfjCZafxRyxpIQCi zs6yIRsZaIbJd/Q== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni The MPTCP implementation of the IP_TOS socket option uses the lockless variant of the TOS manipulation helper and does not hold such lock at the helper invocation time. Add the required locking. Fixes: ffcacff87cd6 ("mptcp: Support for IP_TOS for MPTCP setsockopt()") Cc: stable@vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/457 Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/sockopt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 77f5e8932abf..353680733700 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -738,8 +738,11 @@ static int mptcp_setsockopt_v4_set_tos(struct mptcp_so= ck *msk, int optname, val =3D READ_ONCE(inet_sk(sk)->tos); mptcp_for_each_subflow(msk, subflow) { struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; =20 + slow =3D lock_sock_fast(ssk); __ip_sock_set_tos(ssk, val); + unlock_sock_fast(ssk, slow); } release_sock(sk); =20 --=20 2.40.1 From nobody Sat May 18 10:30:05 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4797A20B28; Mon, 13 Nov 2023 23:17:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LI7K/IS2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3AA07C433C7; Mon, 13 Nov 2023 23:17:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699917426; bh=d/7LlCiNVS1nIuW7H/Teg2UKQha/cVG2+PsK03xJFXQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LI7K/IS22AZ09mbMBkVdw/sA0B/A7+IzXl2u1mNAY54FjC66ikj7Hh/c8tEwMvx9Z h9e/KpoYtyU8BYiFj8q7p+xT1+YmtYZN4A/b3abX4Xo5m/6FwSBnrS421VecXBCkNe 6E7g645bvZXQZwYgBeVCFM8md+pEt93AIvWsOsbTK5mkVddxk8h92+kS55itkzKasf kNiogk5nJ/fndt7N222fY+tAmWFjlhTstb5U68JjI1UsWUvdCLAnwGJFEOnopOtuVC cNMDau92c6PcWP75OHgciCsnOlB441uCoO+fNmdFT9AfeJ5QK/wL+UotPB7WTO+3O0 O1KOAnb4NAsbg== From: Matthieu Baerts Date: Tue, 14 Nov 2023 00:16:17 +0100 Subject: [PATCH net 5/5] selftests: mptcp: fix fastclose with csum failure Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-5-7b9cd6a7b7f4@kernel.org> References: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> In-Reply-To: <20231114-upstream-net-20231113-mptcp-misc-fixes-6-7-rc2-v1-0-7b9cd6a7b7f4@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Duyck , Geliang Tang , Poorva Sonparote , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matthieu Baerts , Xiumei Mu , stable@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1642; i=matttbe@kernel.org; h=from:subject:message-id; bh=1VtnS1TKj7lyzMRKX91SxQBtSgw2M4w3HXFlGeZDrN4=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlUq5aMuCFwbwzlyq4ysRgP3pqKahOxzRgxFnnw l+BNxMHQauJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZVKuWgAKCRD2t4JPQmmg c7BoD/0SIPywq8PWF0/z161pvvpt0tmrXqnaBOoOkASD4y6f02LxkUk05rMrTNWgC7zilJlNX3J zFwGVBtcm5oy9rMgshSRH2n93HKzFliMOFwPtNoLH7YJEfbPJ3tSS+lLrHsiLnstgRkxVtHF3x1 cRvJYr17YuqBxLz1ZfZ8nshn7zRox0YV+SU2K9hivi0iOH2eQ+rZOaOwwZRV7x0zSQcA/x7saWW GuDMNfS1JWJYT6tyA4jKMGeVIPcRwFkODGbY+R7FizSjZPU8tlebHweL27O8gO7Uu/7tzB/bloV 25RnyYerFDFP0e1nuaZuPNUwTQq+CF8Y9FAeLZKU54drxQFWwcNuU1ROPDO497+glcAeydvY6h5 dEsFpdquMy7zepnqf0KL4Iz2SzsbbBdN9jg7JCEB1k4Iq1F9LSAaokA2FNmJUv1vF32BhHTfo3v uJJQzk/a/kC2l4PlJqFdJWa9RokLJ5Ep2mnUm/dv3VwMkpsKc00nAPJ4YC/9BHtbgjUPlaSmfq2 4mVzD5d32cIlossWdbJJOM6cVtyJJJqvmIZiaFC0yOy99wsEy/6STe0x3Rq0y2AjHcXDO1+s2KV gA+A/USQQ5tp0sQZCwQt/DpF5WBT3hN4808EpysM1+5xVwd8/GqMhDfhhgwT+8T0nUkpsQjQ/vX Zfwyy5OVpsCugUQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni Running the mp_join selftest manually with the following command line: ./mptcp_join.sh -z -C leads to some failures: 002 fastclose server test # ... rtx [fail] got 1 MP_RST[s] TX expected 0 # ... rstrx [fail] got 1 MP_RST[s] RX expected 0 The problem is really in the wrong expectations for the RST checks implied by the csum validation. Note that the same check is repeated explicitly in the same test-case, with the correct expectation and pass successfully. Address the issue explicitly setting the correct expectation for the failing checks. Reported-by: Xiumei Mu Fixes: 6bf41020b72b ("selftests: mptcp: update and extend fastclose test-ca= ses") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- tools/testing/selftests/net/mptcp/mptcp_join.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin= g/selftests/net/mptcp/mptcp_join.sh index 75a2438efdf3..3c94f2f194d6 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3240,7 +3240,7 @@ fastclose_tests() if reset_check_counter "fastclose server test" "MPTcpExtMPFastcloseRx"; t= hen test_linkfail=3D1024 fastclose=3Dserver \ run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 0 0 0 + chk_join_nr 0 0 0 0 0 0 1 chk_fclose_nr 1 1 invert chk_rst_nr 1 1 fi --=20 2.40.1