From nobody Thu Nov 21 21:11:32 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26E6F1E3DCD; Mon, 21 Oct 2024 09:51:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729504273; cv=none; b=EfRyPAsQaiiGGF7LCe1NkguPmWmKJSui3npayRwmMsOSKpaJtrSdTjzfWxCFouD6pPrw/Gti8SFsCOW8I4AiZ33BPYqDZ+liogevMzA9LNO4NdTZPKKJbLKK1YaZxGTJ5wHHhlR/3ED8Cwix0nWfIU9jJMzo9+DbXO1SznXZkFY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729504273; c=relaxed/simple; bh=Xg+xi/uRwm7bvOdrakHhjn7mtuyHIMY5zonwugoyJP4=; h=Subject:To:Cc:From:Date:In-Reply-To:Message-ID:MIME-Version: Content-Type; b=MOaB0WRDS+rCMwF4OSz4+KJHXRkr8Z5yX3/drDXERW4UMxeVyOHVPOAVX6ZX3qD5991mz2xs+2REb9vX8dFpoVkliM6wPmeNDozLhQUUZRLIlXcu3fG2a8doqFLJpVbdyUhKq5sniaEDUUvT8xV4VrRuhK6J8AnnYSFXODEaWQE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=UZzLNzTI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="UZzLNzTI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97689C4CEC3; Mon, 21 Oct 2024 09:51:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1729504273; bh=Xg+xi/uRwm7bvOdrakHhjn7mtuyHIMY5zonwugoyJP4=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=UZzLNzTIojWKO5FICQPOOpjcDeiS2qFbBziXz8z1w51oU3zcvcbyPf4Y6EjDmviOA ho6b6WHX71IK8AOVphyewJn8F6ucyNngUBZDM85Xqri/C8Yq0PGgcHfKfD6YiA8wu6 06634mKa4yfK3CjxmxDWdQVU8RKzKo5/B//OAj/I= Subject: Patch "mptcp: fallback when MPTCP opts are dropped after 1st data" has been added to the 5.15-stable tree To: cpaasch@apple.com,gregkh@linuxfoundation.org,kuba@kernel.org,matttbe@kernel.org,mptcp@lists.linux.dev,pabeni@redhat.com,sashal@kernel.org Cc: From: Date: Mon, 21 Oct 2024 11:50:57 +0200 In-Reply-To: <20241019093045.3181989-12-matttbe@kernel.org> Message-ID: <2024102157-crisped-blah-5272@gregkh> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-stable: commit X-Patchwork-Hint: ignore Content-Type: text/plain; charset="utf-8" This is a note to let you know that I've just added the patch titled mptcp: fallback when MPTCP opts are dropped after 1st data to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=3Dlinux/kernel/git/stable/stable-queue.git= ;a=3Dsummary The filename of the patch is: mptcp-fallback-when-mptcp-opts-are-dropped-after-1st-data.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. From stable+bounces-86904-greg=3Dkroah.com@vger.kernel.org Sat Oct 19 11:31= :12 2024 From: "Matthieu Baerts (NGI0)" Date: Sat, 19 Oct 2024 11:30:50 +0200 Subject: mptcp: fallback when MPTCP opts are dropped after 1st data To: mptcp@lists.linux.dev, stable@vger.kernel.org, gregkh@linuxfoundation.o= rg Cc: "Matthieu Baerts (NGI0)" , sashal@kernel.org, Chris= toph Paasch , Paolo Abeni , Jakub Kic= inski Message-ID: <20241019093045.3181989-12-matttbe@kernel.org> From: "Matthieu Baerts (NGI0)" commit 119d51e225febc8152476340a880f5415a01e99e upstream. As reported by Christoph [1], before this patch, an MPTCP connection was wrongly reset when a host received a first data packet with MPTCP options after the 3wHS, but got the next ones without. According to the MPTCP v1 specs [2], a fallback should happen in this case, because the host didn't receive a DATA_ACK from the other peer, nor receive data for more than the initial window which implies a DATA_ACK being received by the other peer. The patch here re-uses the same logic as the one used in other places: by looking at allow_infinite_fallback, which is disabled at the creation of an additional subflow. It's not looking at the first DATA_ACK (or implying one received from the other side) as suggested by the RFC, but it is in continuation with what was already done, which is safer, and it fixes the reported issue. The next step, looking at this first DATA_ACK, is tracked in [4]. This patch has been validated using the following Packetdrill script: 0 socket(..., SOCK_STREAM, IPPROTO_MPTCP) =3D 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) =3D 0 +0 bind(3, ..., ...) =3D 0 +0 listen(3, 1) =3D 0 // 3WHS is OK +0.0 < S 0:0(0) win 65535 +0.0 > S. 0:0(0) ack 1 +0.1 < . 1:1(0) ack 1 win 2048 = +0 accept(3, ..., ...) =3D 4 // Data from the client with valid MPTCP options (no DATA_ACK: normal) +0.1 < P. 1:501(500) ack 1 win 2048 // From here, the MPTCP options will be dropped by a middlebox +0.0 > . 1:1(0) ack 501 +0.1 read(4, ..., 500) =3D 500 +0 write(4, ..., 100) =3D 100 // The server replies with data, still thinking MPTCP is being used +0.0 > P. 1:101(100) ack 501 // But the client already did a fallback to TCP, because the two previous= packets have been received without MPTCP options +0.1 < . 501:501(0) ack 101 win 2048 +0.0 < P. 501:601(100) ack 101 win 2048 // The server should fallback to TCP, not reset: it didn't get a DATA_ACK= , nor data for more than the initial window +0.0 > . 101:101(0) ack 601 Note that this script requires Packetdrill with MPTCP support, see [3]. Fixes: dea2b1ea9c70 ("mptcp: do not reset MP_CAPABLE subflow on mapping err= ors") Cc: stable@vger.kernel.org Reported-by: Christoph Paasch Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/518 [1] Link: https://datatracker.ietf.org/doc/html/rfc8684#name-fallback [2] Link: https://github.com/multipath-tcp/packetdrill [3] Link: https://github.com/multipath-tcp/mptcp_net-next/issues/519 [4] Reviewed-by: Paolo Abeni Signed-off-by: Matthieu Baerts (NGI0) Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-3-c6fb8= e93e551@kernel.org Signed-off-by: Jakub Kicinski Signed-off-by: Matthieu Baerts (NGI0) Signed-off-by: Greg Kroah-Hartman --- net/mptcp/subflow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1152,7 +1152,7 @@ static bool subflow_can_fallback(struct else if (READ_ONCE(msk->csum_enabled)) return !subflow->valid_csum_seen; else - return !subflow->fully_established; + return READ_ONCE(msk->allow_infinite_fallback); } =20 static bool subflow_check_data_avail(struct sock *ssk) Patches currently in stable-queue which might be from matttbe@kernel.org are queue-5.15/mptcp-track-and-update-contiguous-data-status.patch queue-5.15/mptcp-fallback-when-mptcp-opts-are-dropped-after-1st-data.patch queue-5.15/mptcp-handle-consistently-dss-corruption.patch queue-5.15/tcp-fix-mptcp-dss-corruption-due-to-large-pmtu-xmit.patch queue-5.15/mptcp-pm-fix-uaf-read-in-mptcp_pm_nl_rm_addr_or_subflow.patch queue-5.15/mptcp-prevent-mpc-handshake-on-port-based-signal-endpoints.patch