From patchwork Tue Dec 26 12:10:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Matthieu Baerts (NGI0)" X-Patchwork-Id: 183312 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:6f82:b0:100:9c79:88ff with SMTP id tb2csp823999dyb; Tue, 26 Dec 2023 04:11:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IGhlHWyuqDl4fDGawiY/sMGglWtwQHr/NYl/Ab4oMJEC8AZCTDUqPOp+YjSwZyrSdpZ38wf X-Received: by 2002:a17:902:7b8f:b0:1d4:133e:3a4d with SMTP id w15-20020a1709027b8f00b001d4133e3a4dmr6266242pll.50.1703592707601; Tue, 26 Dec 2023 04:11:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703592707; cv=none; d=google.com; s=arc-20160816; b=N58UjbG51NA79Swg4hGJHZnePURLYCS2/IojrtQIofLmBPheGSMqsyGb5qXoKbi1OO Nj9LGc6Wg07Ofd5nAH7msH4IWKvVJ0/+r1uRpvQCzfwXOz/g4g038G/71MV7lHuRw9SY G6TmPn11AtLOOqgjgeHMvnR9vsO2NaXDrZz+UYSSOTZg6f3RVwwCDa7MDEy6lYEUWBdb fFv1soeelUFprx5/hxKs504hxiLdNPzhhsOyxPrRlm5FHxRrBsSgswIo6OYQB/4jbM5R 1EEhRRmGprxEdRME8hhOZfJlew7O6cZxzUalvAHPOW/RfqkZ3t0yfI1tvXXc/1xq79U4 yACw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=TFqMgVljwAz/KCQnA4IkBbozfikKAAag+/zEmxdX+Xo=; fh=t9Lu86GCZAwPoHereOtkp3+bmmZUqk6r2nwUahvJO1M=; b=j/BYkgY0N1XC3FcHYRfrIFgydy/nvJNETjW7qROG3YOYEwmD0jTONj0u0V8waVy1e8 sdN/tVOkWbKj6LvQHe4AK+71KDF29nl9KdeQOwuitSftGA0c/l/FwnL4itnek6/JdnMG MVXOowjcUcO6YoHUSQE411zlYay3tQfgyR2pn1R7buyxBUZoXI8KM9G8nYJX4ljqnLJZ 6mz7KpgVUXXRJo72jM+C9KUJg645WxM4eH4L2DlJh27i/mwqXnLZWctYoC4kXgWLFgrl XpkLhVX6y/lT850p0q1iYQjdroFTmKGEtyxP0uFFgsRRafo/eVJlpycbugMmeHajpIXC OYPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nQuLPQYQ; spf=pass (google.com: domain of linux-kernel+bounces-11497-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-11497-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q14-20020a17090aa00e00b00286ef2fc253si12589988pjp.97.2023.12.26.04.11.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Dec 2023 04:11:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-11497-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nQuLPQYQ; spf=pass (google.com: domain of linux-kernel+bounces-11497-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-11497-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 608B428307C for ; Tue, 26 Dec 2023 12:11:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 65C7F4F201; Tue, 26 Dec 2023 12:11:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nQuLPQYQ" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA85C4EB4C; Tue, 26 Dec 2023 12:10:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3A2BC433C8; Tue, 26 Dec 2023 12:10:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1703592657; bh=9K3RAxwtnbgt4T42ampHD1OD/JlH35Ygy2iCSPJlHoE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nQuLPQYQj0rJddca9UNwEtVFa9Gfe3ZywepzqjizFZ9yBP8IN9wvcebRcVwB/OItz R6BLs3SKYwlhuqWP3ADKRy+rWNnUlLtezLThB0d3BWtpB5Kk8UP4DEHzII8yvdwgah KnJhjCJ8rK3YSxyyDOEm+Cx+H5GX8gRM28VyygQh8XdJPY343/+dHGimqMqH+kkv7w e9D3ZL7s1O49Ft3+xtyLQSLosGkD4BRgJ8SU+hMbggrgSYPOb0U5rEkWHrsrmLKKHe DgVmezxBKjstYXDeOJt+MAPIQ4zvHN/nf2lwci/6UeQd22e0uhvJ1ybXw2ivd0U+l2 ITEQEVdSvvd8g== From: Matthieu Baerts Date: Tue, 26 Dec 2023 13:10:18 +0100 Subject: [PATCH net 2/2] mptcp: prevent tcp diag from closing listener subflows Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20231226-upstream-net-20231226-mptcp-prevent-warn-v1-2-1404dcc431ea@kernel.org> References: <20231226-upstream-net-20231226-mptcp-prevent-warn-v1-0-1404dcc431ea@kernel.org> In-Reply-To: <20231226-upstream-net-20231226-mptcp-prevent-warn-v1-0-1404dcc431ea@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Matthieu Baerts , stable@vger.kernel.org, syzbot+5a01c3a666e726bc8752@syzkaller.appspotmail.com X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=2384; i=matttbe@kernel.org; h=from:subject:message-id; bh=HDp1Le2S0oz86KqWx/YgeMDwAfEXRM0g+e1uupHk7kU=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlisLJiW/jUMiX4knlvoEDr/Uu+rv4Yuf4zi62F gnxOCaCU0aJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZYrCyQAKCRD2t4JPQmmg cyKzD/9qtiKMJx5LbFlpxD6kdM8LYanxi9aYr7uyauIbafSh7dLy8U0aVLOAPMe1CKRp6hmD+HN B3xIhkOuFu0vqvNpir8m+GaxyQKXYRNNns3atZriKmGeBnZDPQj9UYNtDvMbrEopK9rpo5DpsNr voq4n45obKfYjkdeCyi0DIZbR2EIp5FgAscRZW0iXltYkE5NTVjzw1WfJ02wd9528MUEn+OsKIC OQf2QVLsUx0HpV8beQY9CgGnYmpKYh66Pkb6yfqpaWuygfmnVEZWYgn5dIX7hE5SlcsSK2jyThO XS0ydvNJEYTW9Ss5oCMRyzp3G5HkmL1oS9JZnKjeLKfMmWd4efecGRk0VO5aAAC62MDCjNK38pH vRmuFFDhsWu8sBZA+GTCzEDHhbt5vnntHIS1f48m6pZ/4QVsSrnawH0cMXAaoSmc7K7C8tgeln1 lG8q5hXMD7Y95VT082MLzSWR297qqC3c1dd6t2mXLsGuxg/+GeKYGKP+sIh8T86FHTS+THOsf4Y gQshxwrO4hzkWof8yjXfO1eNUCHVWe8TjK3QGnhrr5y58WvAgOk6ScCVWAp5yjsZsrojhS9LTpr kIw3l2BKrB1DIqX6L9rbj6LXQt1cw9wAtnKjvuc0RnngRx03+P1nV8lvzQ8tpfeflnUdvbrXwkO mHsycIOs+16SUrQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1786346427000152201 X-GMAIL-MSGID: 1786346427000152201 From: Paolo Abeni The MPTCP protocol does not expect that any other entity could change the first subflow status when such socket is listening. Unfortunately the TCP diag interface allows aborting any TCP socket, including MPTCP listeners subflows. As reported by syzbot, that trigger a WARN() and could lead to later bigger trouble. The MPTCP protocol needs to do some MPTCP-level cleanup actions to properly shutdown the listener. To keep the fix simple, prevent entirely the diag interface from stopping such listeners. We could refine the diag callback in a later, larger patch targeting net-next. Fixes: 57fc0f1ceaa4 ("mptcp: ensure listener is unhashed before updating the sk status") Cc: stable@vger.kernel.org Reported-by: Closes: https://lore.kernel.org/netdev/0000000000004f4579060c68431b@google.com/ Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts --- net/mptcp/subflow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 6d7684c35e93..852b3f4af000 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1982,6 +1982,17 @@ static void tcp_release_cb_override(struct sock *ssk) tcp_release_cb(ssk); } +static int tcp_abort_override(struct sock *ssk, int err) +{ + /* closing a listener subflow requires a great deal of care. + * keep it simple and just prevent such operation + */ + if (inet_sk_state_load(ssk) == TCP_LISTEN) + return -EINVAL; + + return tcp_abort(ssk, err); +} + static struct tcp_ulp_ops subflow_ulp_ops __read_mostly = { .name = "mptcp", .owner = THIS_MODULE, @@ -2026,6 +2037,7 @@ void __init mptcp_subflow_init(void) tcp_prot_override = tcp_prot; tcp_prot_override.release_cb = tcp_release_cb_override; + tcp_prot_override.diag_destroy = tcp_abort_override; #if IS_ENABLED(CONFIG_MPTCP_IPV6) /* In struct mptcp_subflow_request_sock, we assume the TCP request sock @@ -2061,6 +2073,7 @@ void __init mptcp_subflow_init(void) tcpv6_prot_override = tcpv6_prot; tcpv6_prot_override.release_cb = tcp_release_cb_override; + tcpv6_prot_override.diag_destroy = tcp_abort_override; #endif mptcp_diag_subflow_init(&subflow_ulp_ops);