mptcp: fix bogus socket state update

[PATCH mptcp-net] mptcp: fix bogus socket state update

Paolo Abeni posted 1 patch 10 months, 1 week ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/multipath-tcp/mptcp_net-next tags/patchew/4e3c5d0b8d30cd8aa36ba591be38e5ca8958edf9.1687886219.git.pabeni@redhat.com

Maintainers: Matthieu Baerts <matthieu.baerts@tessares.net>, Mat Martineau <martineau@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>

net/mptcp/protocol.c | 1 -
1 file changed, 1 deletion(-)

Expand all Fold all

[PATCH mptcp-net] mptcp: fix bogus socket state update

Posted by Paolo Abeni 10 months, 1 week ago

Since the blamed commit, closing the first subflow can unexpectedly
change the msk socket state. In case of incoming fastclose, that
allows a listen() call to successfully race with a blocking recvmsg()
potentially causing the latter to hit a divide by zero bug in
cleanup_rbuf/__tcp_select_window().

Address the issue simply dropping the bogus state change.

Fixes: b29fcfb54cd7 ("mptcp: full disconnect implementation")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
should close issues/414
---
 net/mptcp/protocol.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index a50eaa01ba8a..7fa9a2ce21ee 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2377,7 +2377,6 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
 		 * disconnect should never fail
 		 */
 		WARN_ON_ONCE(tcp_disconnect(ssk, 0));
-		msk->subflow->state = SS_UNCONNECTED;
 		mptcp_subflow_ctx_reset(subflow);
 		release_sock(ssk);
 
-- 
2.40.1