From: Matthieu Baerts <matttbe@kernel.org>
To: Mat Martineau <martineau@kernel.org>
Cc: MPTCP Upstream <mptcp@lists.linux.dev>,
syzbot+f56f7d56e2c6e11a01b6@syzkaller.appspotmail.com
Subject: Re: [PATCH mptcp-net 1/2] mptcp: pm: in-kernel: always set as unavail when removing addr
Date: Mon, 26 Jan 2026 19:34:24 +0100 [thread overview]
Message-ID: <c27f82ac-dcf6-4ea2-8163-cd2615f9a096@kernel.org> (raw)
In-Reply-To: <2059f374-0447-30ff-92ff-b090fd91504d@kernel.org>
Hi Mat,
Thank you for the review!
On 15/01/2026 05:56, Mat Martineau wrote:
> On Mon, 15 Dec 2025, Matthieu Baerts (NGI0) wrote:
>
>> Syzkaller managed to find a combination of actions that was generating
>> this warning:
(...)
>> diff --git a/net/mptcp/pm_kernel.c b/net/mptcp/pm_kernel.c
>> index f59d21e7579c..51bcfcec882d 100644
>> --- a/net/mptcp/pm_kernel.c
>> +++ b/net/mptcp/pm_kernel.c
>> @@ -1057,10 +1057,8 @@ static bool mptcp_pm_remove_anno_addr(struct
>> mptcp_sock *msk,
>> ret = mptcp_remove_anno_list_by_saddr(msk, addr);
>> if (ret || force) {
>> spin_lock_bh(&msk->pm.lock);
>> - if (ret) {
>> - __set_bit(addr->id, msk->pm.id_avail_bitmap);
>> + if (ret)
>> msk->pm.add_addr_signaled--;
>> - }
>> mptcp_pm_remove_addr(msk, &list);
>> spin_unlock_bh(&msk->pm.lock);
>> }
>> @@ -1098,17 +1096,14 @@ static int
>> mptcp_nl_remove_subflow_and_signal_addr(struct net *net,
>> !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT));
>>
>> list.ids[0] = mptcp_endp_get_local_id(msk, addr);
>> - if (remove_subflow) {
>> - spin_lock_bh(&msk->pm.lock);
>> - mptcp_pm_rm_subflow(msk, &list);
>> - spin_unlock_bh(&msk->pm.lock);
>> - }
>>
>> - if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) {
>> - spin_lock_bh(&msk->pm.lock);
>> + spin_lock_bh(&msk->pm.lock);
>> + if (remove_subflow)
>> + mptcp_pm_rm_subflow(msk, &list);
>> + if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW)
>> __mark_subflow_endp_available(msk, list.ids[0]);
>> - spin_unlock_bh(&msk->pm.lock);
>> - }
>> + __set_bit(addr->id, msk->pm.id_avail_bitmap);
>
> There's not any harm in setting this bit a second time if it was also
> set in __mark_subflow_endp_available().
>
> However, __mark_subflow_endp_available() has some logic around ID 0 and
> mpc_endpoint_id. Is that relevant in this code path or is the new
> __set_bit() doing the correct thing by always clearing based on addr->id?
Good point. Even if there is no harm, no need to set the bit for ID 0. I
will look at that!
Cheers,
Matt
--
Sponsored by the NGI0 Core fund.
next prev parent reply other threads:[~2026-01-26 18:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-15 17:30 [PATCH mptcp-net 0/2] mptcp: pm: in-kernel: fix issue 606 Matthieu Baerts (NGI0)
2025-12-15 17:30 ` [PATCH mptcp-net 1/2] mptcp: pm: in-kernel: always set as unavail when removing addr Matthieu Baerts (NGI0)
2026-01-15 4:56 ` Mat Martineau
2026-01-26 18:34 ` Matthieu Baerts [this message]
2026-01-30 11:24 ` Matthieu Baerts
2025-12-15 17:30 ` [PATCH mptcp-net 2/2] mptcp: pm: in-kernel: clarify mptcp_pm_remove_anno_addr() Matthieu Baerts (NGI0)
2025-12-15 18:50 ` [PATCH mptcp-net 0/2] mptcp: pm: in-kernel: fix issue 606 MPTCP CI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c27f82ac-dcf6-4ea2-8163-cd2615f9a096@kernel.org \
--to=matttbe@kernel.org \
--cc=martineau@kernel.org \
--cc=mptcp@lists.linux.dev \
--cc=syzbot+f56f7d56e2c6e11a01b6@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox