From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
To: mptcp@lists.linux.dev, stable@vger.kernel.org,
gregkh@linuxfoundation.org
Cc: Paolo Abeni <pabeni@redhat.com>,
sashal@kernel.org, Matthieu Baerts <matttbe@kernel.org>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 6.1.y 1/7] mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
Date: Tue, 19 Nov 2024 09:35:49 +0100 [thread overview]
Message-ID: <20241119083547.3234013-10-matttbe@kernel.org> (raw)
In-Reply-To: <20241119083547.3234013-9-matttbe@kernel.org>
From: Paolo Abeni <pabeni@redhat.com>
commit ce7356ae35943cc6494cc692e62d51a734062b7d upstream.
Additional active subflows - i.e. created by the in kernel path
manager - are included into the subflow list before starting the
3whs.
A racing recvmsg() spooling data received on an already established
subflow would unconditionally call tcp_cleanup_rbuf() on all the
current subflows, potentially hitting a divide by zero error on
the newly created ones.
Explicitly check that the subflow is in a suitable state before
invoking tcp_cleanup_rbuf().
Fixes: c76c6956566f ("mptcp: call tcp_cleanup_rbuf on subflows")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/02374660836e1b52afc91966b7535c8c5f7bafb0.1731060874.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ Conflicts in protocol.c, because commit f410cbea9f3d ("tcp: annotate
data-races around tp->window_clamp") has not been backported to this
version. The conflict is easy to resolve, because only the context is
different, but not the line to modify. ]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
net/mptcp/protocol.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 78ac5c538e13..1acd4e37a0ea 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2057,7 +2057,8 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
slow = lock_sock_fast(ssk);
WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf);
tcp_sk(ssk)->window_clamp = window_clamp;
- tcp_cleanup_rbuf(ssk, 1);
+ if (tcp_can_send_ack(ssk))
+ tcp_cleanup_rbuf(ssk, 1);
unlock_sock_fast(ssk, slow);
}
}
--
2.45.2
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 6.1.y 1/7] mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
Date: Tue, 19 Nov 2024 09:46:47 -0500 [thread overview]
Message-ID: <20241119083547.3234013-10-matttbe@kernel.org> (raw)
Message-ID: <20241119144647.DHnFA4H7vtUqNXtS5mM-01OPS4uNJqHnZMFswg9Y-EQ@z> (raw)
In-Reply-To: <20241119083547.3234013-10-matttbe@kernel.org>
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: ce7356ae35943cc6494cc692e62d51a734062b7d
WARNING: Author mismatch between patch and upstream commit:
Backport author: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
Commit author: Paolo Abeni <pabeni@redhat.com>
Status in newer kernel trees:
6.11.y | Present (different SHA1: 8cccaf4eb99b)
6.6.y | Present (different SHA1: 4e86acecbba9)
6.1.y | Not found
Note: The patch differs from the upstream commit:
---
--- - 2024-11-19 08:38:07.302555583 -0500
+++ /tmp/tmp.UE8LSqsrXJ 2024-11-19 08:38:07.300507479 -0500
@@ -1,3 +1,5 @@
+commit ce7356ae35943cc6494cc692e62d51a734062b7d upstream.
+
Additional active subflows - i.e. created by the in kernel path
manager - are included into the subflow list before starting the
3whs.
@@ -15,21 +17,29 @@
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/02374660836e1b52afc91966b7535c8c5f7bafb0.1731060874.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+[ Conflicts in protocol.c, because commit f410cbea9f3d ("tcp: annotate
+ data-races around tp->window_clamp") has not been backported to this
+ version. The conflict is easy to resolve, because only the context is
+ different, but not the line to modify. ]
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
net/mptcp/protocol.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
-index 95a5a3da39447..48d480982b787 100644
+index 78ac5c538e13..1acd4e37a0ea 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
-@@ -2082,7 +2082,8 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
+@@ -2057,7 +2057,8 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
slow = lock_sock_fast(ssk);
WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf);
- WRITE_ONCE(tcp_sk(ssk)->window_clamp, window_clamp);
+ tcp_sk(ssk)->window_clamp = window_clamp;
- tcp_cleanup_rbuf(ssk, 1);
+ if (tcp_can_send_ack(ssk))
+ tcp_cleanup_rbuf(ssk, 1);
unlock_sock_fast(ssk, slow);
}
}
+--
+2.45.2
+
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
next prev parent reply other threads:[~2024-11-19 8:35 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-19 8:35 [PATCH 6.1.y 0/7] mptcp: fix recent failed backports Matthieu Baerts (NGI0)
2024-11-19 8:35 ` Matthieu Baerts (NGI0) [this message]
2024-11-19 14:46 ` [PATCH 6.1.y 1/7] mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: cope racing subflow creation in mptcp_rcv_space_adjust" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 2/7] mptcp: define more local variables sk Matthieu Baerts (NGI0)
2024-11-19 14:46 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: define more local variables sk" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 3/7] mptcp: add userspace_pm_lookup_addr_by_id helper Matthieu Baerts (NGI0)
2024-11-19 14:46 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: add userspace_pm_lookup_addr_by_id helper" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 4/7] mptcp: update local address flags when setting it Matthieu Baerts (NGI0)
2024-11-19 14:46 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: update local address flags when setting it" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 5/7] mptcp: hold pm lock when deleting entry Matthieu Baerts (NGI0)
2024-11-19 14:46 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: hold pm lock when deleting entry" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 6/7] mptcp: drop lookup_by_id in lookup_addr Matthieu Baerts (NGI0)
2024-11-19 14:46 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: drop lookup_by_id in lookup_addr" has been added to the 6.1-stable tree gregkh
2024-11-19 8:35 ` [PATCH 6.1.y 7/7] mptcp: pm: use _rcu variant under rcu_read_lock Matthieu Baerts (NGI0)
2024-11-19 14:47 ` Sasha Levin
2024-11-19 13:12 ` Patch "mptcp: pm: use _rcu variant under rcu_read_lock" has been added to the 6.1-stable tree gregkh
2024-11-19 13:05 ` [PATCH 6.1.y 0/7] mptcp: fix recent failed backports Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241119083547.3234013-10-matttbe@kernel.org \
--to=matttbe@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=mptcp@lists.linux.dev \
--cc=pabeni@redhat.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.