Series comparison

-[PATCH mptcp-net 0/3] mptcp: reset when MPTCP opts are dropped after MPJ
+[PATCH mptcp-net v2 0/2] mptcp: reset when MPTCP opts are dropped after MPJ
-This series fixes the issue #544 where a middlebox drops MPTCP options
+- Patch 1: fix issue #544 where a middlebox drops MPTCP options after a
-after a 3WHS on the additional subflow.
+WHS on the additional subflow.
-Two additional patches have been added:
+- Patch 2: a safety check is added when asking to do a fallback to do so
+  only when allowed. If not, a new warning will be emitted.
 - Patch 2: for an issue seen when debugging the previous one: there
   should be a fallback after the reception of an infinite mapping, only
   if allowed.
 - Patch 3: to avoid the issues fixed by the two patches above, a safety
   check is added when asking to do a fallback if it is not possible to
   do so. A warning will be emitted in this case.
 Note that two new packetdrill tests have been added in a PR to cover
 this case:
   https://github.com/multipath-tcp/packetdrill/pull/160
 Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
 ---
-Matthieu Baerts (NGI0) (3):
+Changes in v2:
 - Squashed previous patches 1 and 2 (Paolo).
 - Patch 1: no more special cases for csum (handled before) and inf map
   (Paolo).
 - Link to v1: https://lore.kernel.org/r/20250217-mptcp-dss-drop-mpj-v1-0-d671d6b9a153@kernel.org
 ---
 Matthieu Baerts (NGI0) (2):
       mptcp: reset when MPTCP opts are dropped after join
-      mptcp: only fallback due to inf mapping if allowed
       mptcp: safety check before fallback
  net/mptcp/protocol.h |  2 ++
- net/mptcp/subflow.c  | 23 ++++++++++++++---------
+ net/mptcp/subflow.c  | 15 +--------------
-files changed, 16 insertions(+), 9 deletions(-)
+files changed, 3 insertions(+), 14 deletions(-)
 ---
 base-commit: 3a7786db65e8f361a8fc8abcd3cfbe17411b8b7f
 change-id: 20250205-mptcp-dss-drop-mpj-ec227f4ed942
 Best regards,
 --
 Matthieu Baerts (NGI0) <matttbe@kernel.org>

-[PATCH mptcp-net 1/3] mptcp: reset when MPTCP opts are dropped after join
+[PATCH mptcp-net v2 1/2] mptcp: reset when MPTCP opts are dropped after join
 ...
 invalid mapping, map_data_len was not set to the data len, and then the
 subflow was not reset as it should have been, leaving the MPTCP
 connection in a wrong fallback mode.
 This map_data_len condition has been introduced to handle the reception
-of the infinite mapping. So instead, a new dedicated mapping error is
+of the infinite mapping. Instead, a new dedicated mapping error could
-now returned (infinite), and this special case is properly handled: the
+have been returned and treated as a special case. However, the commit
-exception is only applied to this case now, and not other ones by
+bf11de146c ("mptcp: introduce MAPPING_BAD_CSUM") has been introduced
-mistake.
+by Paolo Abeni soon after, and backported later on to stable. It better
 handle the csum case, and it means the exception for valid_csum_seen in
 subflow_can_fallback(), plus this one for the infinite mapping in
 subflow_check_data_avail(), are no longer needed.
-While at it, no need to set map_data_len to 0 as it will be set to
+In other words, the code can be simplified there: a fallback should only
-skb->len just after, at the end of subflow_check_data_avail().
+be done if msk->allow_infinite_fallback is set. This boolean is set to
 false once MPTCP-specific operations acting on the whole MPTCP
 connection vs the initial path have been done, e.g. a second path has
 been created, or an MPTCP re-injection -- yes, possible even with a
 single subflow. The subflow_can_fallback() helper can then be dropped,
 and replaced by this single condition.
 This also makes the code clearer: a fallback should only be done if it
 is possible to do so.
 While at it, no need to set map_data_len to 0 in get_mapping_status()
 for the infinite mapping case: it will be set to skb->len just after, at
 the end of subflow_check_data_avail(), and not read in between.
 Fixes: f8d4bcacff3b ("mptcp: infinite mapping receiving")
 Reported-by: Chester A. Unal <chester.a.unal@xpedite-tech.com>
 Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/544
 Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
 ---
- net/mptcp/subflow.c | 9 +++++----
+Notes:
-file changed, 5 insertions(+), 4 deletions(-)
+ - v2:
    - Squash previous patches 1 and 2, and drop csum case from
      subflow_can_fallback (Paolo).
    - v2 is quite different, Chester's Tested-by tag has not been added.
 ---
  net/mptcp/subflow.c | 15 +--------------
 file changed, 1 insertion(+), 14 deletions(-)
 diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
 index XXXXXXX..XXXXXXX 100644
 --- a/net/mptcp/subflow.c
 +++ b/net/mptcp/subflow.c
-@@ -XXX,XX +XXX,XX @@ enum mapping_status {
-     MAPPING_DATA_FIN,
-     MAPPING_DUMMY,
-     MAPPING_BAD_CSUM,
-+    MAPPING_INFINITE,
-     MAPPING_NODSS
- };
 @@ -XXX,XX +XXX,XX @@ static enum mapping_status get_mapping_status(struct sock *ssk,
      if (data_len == 0) {
          pr_debug("infinite mapping received\n");
          MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX);
 -        subflow->map_data_len = 0;
--        return MAPPING_INVALID;
+         return MAPPING_INVALID;
 +        return MAPPING_INFINITE;
      }
-     if (mpext->data_fin == 1) {
+@@ -XXX,XX +XXX,XX @@ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ss
-@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
+         mptcp_schedule_work(sk);
-         status = get_mapping_status(ssk, msk);
+ }
-         trace_subflow_check_data_avail(status, skb_peek(&ssk->sk_receive_queue));
-         if (unlikely(status == MAPPING_INVALID || status == MAPPING_DUMMY ||
+-static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
--                 status == MAPPING_BAD_CSUM || status == MAPPING_NODSS))
+-{
-+                 status == MAPPING_BAD_CSUM || status == MAPPING_INFINITE ||
+-    struct mptcp_sock *msk = mptcp_sk(subflow->conn);
-+                 status == MAPPING_NODSS))
+-
-             goto fallback;
+-    if (subflow->mp_join)
+-        return false;
-         if (status != MAPPING_OK)
+-    else if (READ_ONCE(msk->csum_enabled))
 -        return !subflow->valid_csum_seen;
 -    else
 -        return READ_ONCE(msk->allow_infinite_fallback);
 -}
 -
  static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)
  {
      struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
 @@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
              return true;
          }
 -        if (!subflow_can_fallback(subflow) && subflow->map_data_len) {
-+        if (!subflow_can_fallback(subflow) && status != MAPPING_INFINITE) {
++        if (!READ_ONCE(msk->allow_infinite_fallback)) {
              /* fatal protocol error, close the socket.
               * subflow_error_report() will introduce the appropriate barriers
               */
 --
 .47.1

-[PATCH mptcp-net 2/3] mptcp: only fallback due to inf mapping if allowed
+Deleted patch
-Any fallback should happen only if allowed, so only if this variable is
-set: msk->allow_infinite_fallback. This boolean will be set to false
-once MPTCP-specific operations acting on the whole MPTCP connection vs
-the initial path have been done, e.g. a second path has been created, or
-an MPTCP re-injection -- yes, possible even with a single subflow.
-In other words, the !msk->allow_infinite_fallback condition should be
-placed first. If it is no longer possible to do a fallback, there should
-not be any bypass, e.g. when receiving an infinite mapping.
-Now, regarding the conditions to do a fallback, the RFC mentions [1]
-that if the checksum is used, a fallback is only possible when "it is
-known that all unacknowledged data in flight is contiguous (which will
-usually be the case with a single subflow)". In other words, if the
-checksum is used, a fallback is possible when the other peer sent an
-infinite mapping indicating the flow has been altered.
-Note that the issue is present since a merge commit, where both
-subflow_can_fallback() and the previous extra condition with
-'subflow->map_data_len' got introduced.
-Fixes: d7e6f5836038 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
-Link: https://datatracker.ietf.org/doc/html/rfc8684#section-3.7-11 [1]
-Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
----
- net/mptcp/subflow.c | 16 ++++++++++------
-file changed, 10 insertions(+), 6 deletions(-)
-diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
-index XXXXXXX..XXXXXXX 100644
---- a/net/mptcp/subflow.c
-+++ b/net/mptcp/subflow.c
-@@ -XXX,XX +XXX,XX @@ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ss
-         mptcp_schedule_work(sk);
- }
--static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
-+static bool subflow_can_fallback(struct mptcp_subflow_context *subflow,
-+                 enum mapping_status status)
- {
-     struct mptcp_sock *msk = mptcp_sk(subflow->conn);
--    if (subflow->mp_join)
-+    /* If not allowed (additional paths, MPTCP reinjections): no fallback */
-+    if (!READ_ONCE(msk->allow_infinite_fallback))
-         return false;
--    else if (READ_ONCE(msk->csum_enabled))
-+
-+    /* More strict with csum: fallback in 2 cases: inf map or never valid */
-+    if (status != MAPPING_INFINITE && READ_ONCE(msk->csum_enabled))
-         return !subflow->valid_csum_seen;
--    else
--        return READ_ONCE(msk->allow_infinite_fallback);
-+
-+    return true;
- }
- static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)
-@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
-             return true;
-         }
--        if (!subflow_can_fallback(subflow) && status != MAPPING_INFINITE) {
-+        if (!subflow_can_fallback(subflow, status)) {
-             /* fatal protocol error, close the socket.
-              * subflow_error_report() will introduce the appropriate barriers
-              */
---
-.47.1

-[PATCH mptcp-net 3/3] mptcp: safety check before fallback
+[PATCH mptcp-net v2 2/2] mptcp: safety check before fallback
 Recently, some fallback have been initiated, while the connection was
 not supposed to fallback.
 Add a safety check with a warning to detect when an wrong attempt to
 fallback is being done. This should help detecting any future issues
 quicker.
 Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
 ---
 Notes:
  - I guess this patch could be sent to -net as well.
  - We could also squash this in one of the previous commit, but because
    the two are needed to avoid the warning, maybe better with a
    dedicated commit?
 ---
  net/mptcp/protocol.h | 2 ++
 file changed, 2 insertions(+)
 diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
 index XXXXXXX..XXXXXXX 100644
 --- a/net/mptcp/protocol.h
 +++ b/net/mptcp/protocol.h
 @@ -XXX,XX +XXX,XX @@ static inline void __mptcp_do_fallback(struct mptcp_sock *msk)
          pr_debug("TCP fallback already done (msk=%p)\n", msk);
          return;
      }
 +    if (WARN_ON_ONCE(!READ_ONCE(msk->allow_infinite_fallback)))
 +        return;
      set_bit(MPTCP_FALLBACK_DONE, &msk->flags);
  }
 --
 .47.1

This series fixes the issue #544 where a middlebox drops MPTCP options
after a 3WHS on the additional subflow.

Two additional patches have been added:

- Patch 2: for an issue seen when debugging the previous one: there
  should be a fallback after the reception of an infinite mapping, only
  if allowed.

- Patch 3: to avoid the issues fixed by the two patches above, a safety
  check is added when asking to do a fallback if it is not possible to
  do so. A warning will be emitted in this case.

Note that two new packetdrill tests have been added in a PR to cover
this case:

https://github.com/multipath-tcp/packetdrill/pull/160

Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Matthieu Baerts (NGI0) (3):
      mptcp: reset when MPTCP opts are dropped after join
      mptcp: only fallback due to inf mapping if allowed
      mptcp: safety check before fallback

net/mptcp/protocol.h |  2 ++
 net/mptcp/subflow.c  | 23 ++++++++++++++---------
 2 files changed, 16 insertions(+), 9 deletions(-)
---
base-commit: 3a7786db65e8f361a8fc8abcd3cfbe17411b8b7f
change-id: 20250205-mptcp-dss-drop-mpj-ec227f4ed942

Best regards,
-- 
Matthieu Baerts (NGI0) <matttbe@kernel.org>

Before this patch, if the checksum was not used, the subflow was only
reset if map_data_len was != 0. If there were no MPTCP options or an
invalid mapping, map_data_len was not set to the data len, and then the
subflow was not reset as it should have been, leaving the MPTCP
connection in a wrong fallback mode.

This map_data_len condition has been introduced to handle the reception
of the infinite mapping. So instead, a new dedicated mapping error is
now returned (infinite), and this special case is properly handled: the
exception is only applied to this case now, and not other ones by
mistake.

While at it, no need to set map_data_len to 0 as it will be set to
skb->len just after, at the end of subflow_check_data_avail().

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index XXXXXXX..XXXXXXX 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -XXX,XX +XXX,XX @@ enum mapping_status {
 	MAPPING_DATA_FIN,
 	MAPPING_DUMMY,
 	MAPPING_BAD_CSUM,
+	MAPPING_INFINITE,
 	MAPPING_NODSS
 };
 
@@ -XXX,XX +XXX,XX @@ static enum mapping_status get_mapping_status(struct sock *ssk,
 	if (data_len == 0) {
 		pr_debug("infinite mapping received\n");
 		MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX);
-		subflow->map_data_len = 0;
-		return MAPPING_INVALID;
+		return MAPPING_INFINITE;
 	}
 
 	if (mpext->data_fin == 1) {
@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
 		status = get_mapping_status(ssk, msk);
 		trace_subflow_check_data_avail(status, skb_peek(&ssk->sk_receive_queue));
 		if (unlikely(status == MAPPING_INVALID || status == MAPPING_DUMMY ||
-			     status == MAPPING_BAD_CSUM || status == MAPPING_NODSS))
+			     status == MAPPING_BAD_CSUM || status == MAPPING_INFINITE ||
+			     status == MAPPING_NODSS))
 			goto fallback;
 
 		if (status != MAPPING_OK)
@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
 			return true;
 		}
 
-		if (!subflow_can_fallback(subflow) && subflow->map_data_len) {
+		if (!subflow_can_fallback(subflow) && status != MAPPING_INFINITE) {
 			/* fatal protocol error, close the socket.
 			 * subflow_error_report() will introduce the appropriate barriers
 			 */

-- 
2.47.1

Any fallback should happen only if allowed, so only if this variable is
set: msk->allow_infinite_fallback. This boolean will be set to false
once MPTCP-specific operations acting on the whole MPTCP connection vs
the initial path have been done, e.g. a second path has been created, or
an MPTCP re-injection -- yes, possible even with a single subflow.

In other words, the !msk->allow_infinite_fallback condition should be
placed first. If it is no longer possible to do a fallback, there should
not be any bypass, e.g. when receiving an infinite mapping.

Now, regarding the conditions to do a fallback, the RFC mentions [1]
that if the checksum is used, a fallback is only possible when "it is
known that all unacknowledged data in flight is contiguous (which will
usually be the case with a single subflow)". In other words, if the
checksum is used, a fallback is possible when the other peer sent an
infinite mapping indicating the flow has been altered.

Note that the issue is present since a merge commit, where both
subflow_can_fallback() and the previous extra condition with
'subflow->map_data_len' got introduced.

Fixes: d7e6f5836038 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
Link: https://datatracker.ietf.org/doc/html/rfc8684#section-3.7-11 [1]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
 net/mptcp/subflow.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index XXXXXXX..XXXXXXX 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -XXX,XX +XXX,XX @@ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ss
 		mptcp_schedule_work(sk);
 }
 
-static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
+static bool subflow_can_fallback(struct mptcp_subflow_context *subflow,
+				 enum mapping_status status)
 {
 	struct mptcp_sock *msk = mptcp_sk(subflow->conn);
 
-	if (subflow->mp_join)
+	/* If not allowed (additional paths, MPTCP reinjections): no fallback */
+	if (!READ_ONCE(msk->allow_infinite_fallback))
 		return false;
-	else if (READ_ONCE(msk->csum_enabled))
+
+	/* More strict with csum: fallback in 2 cases: inf map or never valid */
+	if (status != MAPPING_INFINITE && READ_ONCE(msk->csum_enabled))
 		return !subflow->valid_csum_seen;
-	else
-		return READ_ONCE(msk->allow_infinite_fallback);
+
+	return true;
 }
 
 static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)
@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
 			return true;
 		}
 
-		if (!subflow_can_fallback(subflow) && status != MAPPING_INFINITE) {
+		if (!subflow_can_fallback(subflow, status)) {
 			/* fatal protocol error, close the socket.
 			 * subflow_error_report() will introduce the appropriate barriers
 			 */

-- 
2.47.1

Recently, some fallback have been initiated, while the connection was
not supposed to fallback.

Add a safety check with a warning to detect when an wrong attempt to
fallback is being done. This should help detecting any future issues
quicker.

Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Notes:
 - I guess this patch could be sent to -net as well.
 - We could also squash this in one of the previous commit, but because
   the two are needed to avoid the warning, maybe better with a
   dedicated commit?
---
 net/mptcp/protocol.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index XXXXXXX..XXXXXXX 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -XXX,XX +XXX,XX @@ static inline void __mptcp_do_fallback(struct mptcp_sock *msk)
 		pr_debug("TCP fallback already done (msk=%p)\n", msk);
 		return;
 	}
+	if (WARN_ON_ONCE(!READ_ONCE(msk->allow_infinite_fallback)))
+		return;
 	set_bit(MPTCP_FALLBACK_DONE, &msk->flags);
 }

-- 
2.47.1

- Patch 1: fix issue #544 where a middlebox drops MPTCP options after a
  3WHS on the additional subflow.

- Patch 2: a safety check is added when asking to do a fallback to do so
  only when allowed. If not, a new warning will be emitted.

Note that two new packetdrill tests have been added in a PR to cover
this case:

https://github.com/multipath-tcp/packetdrill/pull/160

Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Changes in v2:
- Squashed previous patches 1 and 2 (Paolo).
- Patch 1: no more special cases for csum (handled before) and inf map
  (Paolo).
- Link to v1: https://lore.kernel.org/r/20250217-mptcp-dss-drop-mpj-v1-0-d671d6b9a153@kernel.org

---
Matthieu Baerts (NGI0) (2):
      mptcp: reset when MPTCP opts are dropped after join
      mptcp: safety check before fallback

net/mptcp/protocol.h |  2 ++
 net/mptcp/subflow.c  | 15 +--------------
 2 files changed, 3 insertions(+), 14 deletions(-)
---
base-commit: 3a7786db65e8f361a8fc8abcd3cfbe17411b8b7f
change-id: 20250205-mptcp-dss-drop-mpj-ec227f4ed942

Best regards,
-- 
Matthieu Baerts (NGI0) <matttbe@kernel.org>

This map_data_len condition has been introduced to handle the reception
of the infinite mapping. Instead, a new dedicated mapping error could
have been returned and treated as a special case. However, the commit
31bf11de146c ("mptcp: introduce MAPPING_BAD_CSUM") has been introduced
by Paolo Abeni soon after, and backported later on to stable. It better
handle the csum case, and it means the exception for valid_csum_seen in
subflow_can_fallback(), plus this one for the infinite mapping in
subflow_check_data_avail(), are no longer needed.

In other words, the code can be simplified there: a fallback should only
be done if msk->allow_infinite_fallback is set. This boolean is set to
false once MPTCP-specific operations acting on the whole MPTCP
connection vs the initial path have been done, e.g. a second path has
been created, or an MPTCP re-injection -- yes, possible even with a
single subflow. The subflow_can_fallback() helper can then be dropped,
and replaced by this single condition.

This also makes the code clearer: a fallback should only be done if it
is possible to do so.

While at it, no need to set map_data_len to 0 in get_mapping_status()
for the infinite mapping case: it will be set to skb->len just after, at
the end of subflow_check_data_avail(), and not read in between.

Fixes: f8d4bcacff3b ("mptcp: infinite mapping receiving")
Reported-by: Chester A. Unal <chester.a.unal@xpedite-tech.com>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/544
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Notes:
 - v2:
   - Squash previous patches 1 and 2, and drop csum case from
     subflow_can_fallback (Paolo).
   - v2 is quite different, Chester's Tested-by tag has not been added.
---
 net/mptcp/subflow.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index XXXXXXX..XXXXXXX 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -XXX,XX +XXX,XX @@ static enum mapping_status get_mapping_status(struct sock *ssk,
 	if (data_len == 0) {
 		pr_debug("infinite mapping received\n");
 		MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX);
-		subflow->map_data_len = 0;
 		return MAPPING_INVALID;
 	}
 
@@ -XXX,XX +XXX,XX @@ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ss
 		mptcp_schedule_work(sk);
 }
 
-static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
-{
-	struct mptcp_sock *msk = mptcp_sk(subflow->conn);
-
-	if (subflow->mp_join)
-		return false;
-	else if (READ_ONCE(msk->csum_enabled))
-		return !subflow->valid_csum_seen;
-	else
-		return READ_ONCE(msk->allow_infinite_fallback);
-}
-
 static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)
 {
 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
@@ -XXX,XX +XXX,XX @@ static bool subflow_check_data_avail(struct sock *ssk)
 			return true;
 		}
 
-		if (!subflow_can_fallback(subflow) && subflow->map_data_len) {
+		if (!READ_ONCE(msk->allow_infinite_fallback)) {
 			/* fatal protocol error, close the socket.
 			 * subflow_error_report() will introduce the appropriate barriers
 			 */

-- 
2.47.1

Recently, some fallback have been initiated, while the connection was
not supposed to fallback.

Add a safety check with a warning to detect when an wrong attempt to
fallback is being done. This should help detecting any future issues
quicker.

-- 
2.47.1