1. Patchew
  2. MPTCP
  3. [PATCH mptcp-net v2 0/2] mptcp: fix warn on bad status
  4. View patch

[PATCH mptcp-net v2 2/2] mptcp: ensure context reset on disconnect()

Paolo Abeni posted 2 patches 1 week, 3 days ago
There is a newer version of this series
[PATCH mptcp-net v2 2/2] mptcp: ensure context reset on disconnect()
Posted by Paolo Abeni 1 week, 3 days ago 
After the blamed commit below, if the MPC subflow is already in TCP_CLOSE
status at mptcp_disconnect() time, mptcp_do_fastclose() skips setting
the `send_fastclose flag` and the later __mptcp_close_ssk() does not
reset anymore the related subflow context.

Any later connection will be created with both the `request_mptcp` flag
and the msk-level fallback status off, leading to a warning in
subflow_data_ready():

 WARNING: CPU: 26 PID: 8996 at net/mptcp/subflow.c:1519 subflow_data_ready (net/mptcp/subflow.c:1519 (discriminator 13))
 Modules linked in:
 CPU: 26 UID: 0 PID: 8996 Comm: syz.22.39 Not tainted 6.18.0-rc7-05427-g11fc074f6c36 #1 PREEMPT(voluntary)
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
 RIP: 0010:subflow_data_ready (net/mptcp/subflow.c:1519 (discriminator 13))
 Code: 90 0f 0b 90 90 e9 04 fe ff ff e8 b7 1e f5 fe 89 ee bf 07 00 00 00 e8 db 19 f5 fe 83 fd 07 0f 84 35 ff ff ff e8 9d 1e f5 fe 90 <0f> 0b 90 e9 27 ff ff ff e8 8f 1e f5 fe 4c 89 e7 48 89 de e8 14 09
 RSP: 0018:ffffc9002646fb30 EFLAGS: 00010293
 RAX: 0000000000000000 RBX: ffff88813b218000 RCX: ffffffff825c8435
 RDX: ffff8881300b3580 RSI: ffffffff825c8443 RDI: 0000000000000005
 RBP: 000000000000000b R08: ffffffff825c8435 R09: 000000000000000b
 R10: 0000000000000005 R11: 0000000000000007 R12: ffff888131ac0000
 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 FS:  00007f88330af6c0(0000) GS:ffff888a93dd2000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007f88330aefe8 CR3: 000000010ff59000 CR4: 0000000000350ef0
 Call Trace:
  <TASK>
  tcp_data_ready (net/ipv4/tcp_input.c:5356)
  tcp_data_queue (net/ipv4/tcp_input.c:5445)
  tcp_rcv_state_process (net/ipv4/tcp_input.c:7165)
  tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1955)
  __release_sock (include/net/sock.h:1158 (discriminator 6) net/core/sock.c:3180 (discriminator 6))
  release_sock (net/core/sock.c:3737)
  mptcp_sendmsg (net/mptcp/protocol.c:1763 net/mptcp/protocol.c:1857)
  inet_sendmsg (net/ipv4/af_inet.c:853 (discriminator 7))
  __sys_sendto (net/socket.c:727 (discriminator 15) net/socket.c:742 (discriminator 15) net/socket.c:2244 (discriminator 15))
  __x64_sys_sendto (net/socket.c:2247)
  do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
 RIP: 0033:0x7f883326702d

Address the issue ensuring `send_fastclose` is always set for all
subflows after mptcp_do_fastclose().

Fixes: ae155060247b ("mptcp: fix duplicate reset on fastclose")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/mptcp/protocol.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index e484c6391b48..cd5a19ab3ba1 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2891,12 +2891,15 @@ static void mptcp_do_fastclose(struct sock *sk)
 
 		lock_sock(ssk);
 
+		/* Ensure that the MPC subflow will be fully disconnected/reset
+		 * by the later mptcp_destroy_common()/__mptcp_close_ssk().
+		 */
+		subflow->send_fastclose = 1;
+
 		/* Some subflow socket states don't allow/need a reset.*/
 		if ((1 << ssk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
 			goto unlock;
 
-		subflow->send_fastclose = 1;
-
 		/* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
 		 * issue in __tcp_select_window(), see tcp_disconnect().
 		 */
-- 
2.52.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.