Fixes for TLS and ULP

[PATCH mptcp-next 0/5] Fixes for TLS and ULP

Posted by Geliang Tang 1 week, 2 days ago

From: Geliang Tang <tanggeliang@kylinos.cn>

This series fixes several pre-existing issues in the TLS/TOE and
TCP ULP layers, found during MPTCP KTLS development.

Patches summary:

tls: add clone callback - prevent NULL pointer crash when listening
socket carries TLS ULP.

tls: init mixed SW/TOE proto - avoid NULL function pointers on TOE
fallback.

tls: fix concurrency in TOE device list iteration - safe two-pass
snapshot to eliminate list poisoning crash.

tcp: add socket lock to TCP_ULP getsockopt - fix use-after-free in
getsockopt(TCP_ULP).

tcp: fix ULP diag race by RCU - protect diag reads with RCU, paired
with release barrier.

All fixes are independent of MPTCP and can be merged separately.

Geliang Tang (5):
  tls: add clone callback to prevent NULL crash case
  tls: init mixed SW/TOE proto to prevent NULL call
  tls: fix concurrency in TOE device list iterations
  tcp: add socket lock to TCP_ULP getsockopt safely
  tcp: fix ULP diag race by RCU read locks properly

 net/ipv4/tcp.c      | 44 ++++++++++++++++++++-----------
 net/ipv4/tcp_diag.c | 15 ++++++-----
 net/ipv4/tcp_ulp.c  | 14 +++++-----
 net/tls/tls_main.c  | 16 ++++++++++++
 net/tls/tls_toe.c   | 63 ++++++++++++++++++++++++++++++++++++++-------
 5 files changed, 114 insertions(+), 38 deletions(-)

-- 
2.53.0

Re: [PATCH mptcp-next 0/5] Fixes for TLS and ULP

Posted by Matthieu Baerts 1 week ago

Hi Geliang,

On 30/05/2026 17:50, Geliang Tang wrote:
> All fixes are independent of MPTCP and can be merged separately.

Then, feel free to send them directly to netdev, for net directly. Don't
forget the Fixes tag (and fix the issues reported by the CI and AI tools).

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Re: [PATCH mptcp-next 0/5] Fixes for TLS and ULP

Posted by MPTCP CI 1 week, 1 day ago

Hi Geliang,

Thank you for your modifications, that's great!

Our CI did some validations and here is its report:

- KVM Validation: normal (except selftest_mptcp_join): Success! ✅
- KVM Validation: normal (only selftest_mptcp_join): Success! ✅
- KVM Validation: debug (except selftest_mptcp_join): Critical: 1 Call Trace(s) ❌
- KVM Validation: debug (only selftest_mptcp_join): Critical: 19 Call Trace(s) ❌
- KVM Validation: btf-normal (only bpftest_all): Success! ✅
- KVM Validation: btf-debug (only bpftest_all): Critical: 18 Call Trace(s) ❌
- Task: https://github.com/multipath-tcp/mptcp_net-next/actions/runs/26678939084

Initiator: Patchew Applier
Commits: https://github.com/multipath-tcp/mptcp_net-next/commits/fea5f9852187
Patchwork: https://patchwork.kernel.org/project/mptcp/list/?series=1103235


If there are some issues, you can reproduce them using the same environment as
the one used by the CI thanks to a docker image, e.g.:

    $ cd [kernel source code]
    $ docker run -v "${PWD}:${PWD}:rw" -w "${PWD}" --privileged --rm -it \
        --pull always mptcp/mptcp-upstream-virtme-docker:latest \
        auto-normal

For more details:

    https://github.com/multipath-tcp/mptcp-upstream-virtme-docker


Please note that despite all the efforts that have been already done to have a
stable tests suite when executed on a public CI like here, it is possible some
reported issues are not due to your modifications. Still, do not hesitate to
help us improve that ;-)

Cheers,
MPTCP GH Action bot
Bot operated by Matthieu Baerts (NGI0 Core)