Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1581931pxb; Tue, 8 Feb 2022 23:04:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFGw3Yq8EpsMPsUhHb4L7BkNkFuOHbu9nR9VcGyg73B45zwD3QMPs6CqI/2wd5V4gUj0T9 X-Received: by 2002:a17:903:124a:: with SMTP id u10mr799058plh.63.1644390247499; Tue, 08 Feb 2022 23:04:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644390247; cv=none; d=google.com; s=arc-20160816; b=j+vcpq3mNTBXQ7OV4T4lmLnaXuNyVbkuwY/suELIz0gCVaZfwpUwcmsLEJ8cCppW2r JQHL9TYXhtuvcZMK/uVpMvLTz9KXhDSOvxUS3AElVNUemoV5RASQWoI+xcsw0Mip3qV2 myKMIl+uORZt/Dnwd4h3Y4BWCUrBqZ16SHcA6kZWBG1duX6dsljbMhIIUnv1h/UN75Ri LvxyptkB4Y18U8KeRAOltJbJ9WVt21ZntiTezpcNKZyzinWjzw9H6UuJfoHBksZpNIyp bXQZrf+myEEoP0eJ0XnY/64r3geJa5KEb5w15h2vd5bfq65V4ADPIrqcHLBK6E9ptnxe WLSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PeZTqxTZyBRZnEdjWuPp9sgdX9y06JypOl2h/fOxnR4=; b=Dy8jZ65QiYXpwbTXpzfJYgmW+MuVEl/TDGLeDmxR0zhlooTQ/DNeY0F6eV7le7JXCZ hctk5toAq+GsnmAo09O0dWPB6wE9gelA28jAwwFulH9FGVV2PjdzDuaS2eBp3oC1uO9I Dy4X2Av3/PRh6sjNSUxYfp6/3lYt/XNqaVoUpgsBJHgUwfV8IyYt3OAoybleemsvqted KjjPI7dHWOdP6xPBcMtuKfVgPq7kudhMIuDBBJUAxCmktNo6lEv4tx7H4XRL8JfvLqXF ieYcNMdkcjJktNfXYuxkVa/P4cVQhr6pEUiF5mPjvmvFoi36c0RzXVW2+y+cgMg44CAI xDDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=K0ufMjgF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y5si2711737pgy.290.2022.02.08.23.04.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 23:04:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=K0ufMjgF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B3476E03018A; Tue, 8 Feb 2022 22:31:39 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1388403AbiBGLnk (ORCPT + 99 others); Mon, 7 Feb 2022 06:43:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44578 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385725AbiBGLcS (ORCPT ); Mon, 7 Feb 2022 06:32:18 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E7D1C043188; Mon, 7 Feb 2022 03:32:17 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id F2F87B80EBD; Mon, 7 Feb 2022 11:32:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47B2AC004E1; Mon, 7 Feb 2022 11:32:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1644233534; bh=gnZ42VB8luOBpe47zX/EhN1MWbO2bGrsu/FWoeueKY0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K0ufMjgF8OXHfxvMxouB/e/S7DXY0A+ZlU3BLnyuRSwH+z1njXJ85+wtA1ln7yU// FVgZkFqTMLFIk03kK98hS/EVr7GbPpG+Vi5qswjjG2vamzrh02jdoMml7H6wHnQTGv Pc+6bv62sHMn2qU3j4jnJV/kCo5nvtIvvAIPIB3s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Paolo Abeni , Mat Martineau , Jakub Kicinski Subject: [PATCH 5.16 042/126] mptcp: fix msk traversal in mptcp_nl_cmd_set_flags() Date: Mon, 7 Feb 2022 12:06:13 +0100 Message-Id: <20220207103805.578390861@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220207103804.053675072@linuxfoundation.org> References: <20220207103804.053675072@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Abeni commit 8e9eacad7ec7a9cbf262649ebf1fa6e6f6cc7d82 upstream. The MPTCP endpoint list is under RCU protection, guarded by the pernet spinlock. mptcp_nl_cmd_set_flags() traverses the list without acquiring the spin-lock nor under the RCU critical section. This change addresses the issue performing the lookup and the endpoint update under the pernet spinlock. [The upstream commit had to handle a lookup_by_id variable that is only present in 5.17. This version of the patch removes that variable, so the __lookup_addr() function only handles the lookup as it is implemented in 5.15 and 5.16. It also removes one 'const' keyword to prevent a warning due to differing const-ness in the 5.17 version of addresses_equal().] Fixes: 0f9f696a502e ("mptcp: add set_flags command in PM netlink") Signed-off-by: Paolo Abeni Signed-off-by: Mat Martineau Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- net/mptcp/pm_netlink.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -459,6 +459,18 @@ static unsigned int fill_remote_addresse return i; } +static struct mptcp_pm_addr_entry * +__lookup_addr(struct pm_nl_pernet *pernet, struct mptcp_addr_info *info) +{ + struct mptcp_pm_addr_entry *entry; + + list_for_each_entry(entry, &pernet->local_addr_list, list) { + if (addresses_equal(&entry->addr, info, true)) + return entry; + } + return NULL; +} + static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) { struct sock *sk = (struct sock *)msk; @@ -1725,17 +1737,21 @@ static int mptcp_nl_cmd_set_flags(struct if (addr.flags & MPTCP_PM_ADDR_FLAG_BACKUP) bkup = 1; - list_for_each_entry(entry, &pernet->local_addr_list, list) { - if (addresses_equal(&entry->addr, &addr.addr, true)) { - mptcp_nl_addr_backup(net, &entry->addr, bkup); - - if (bkup) - entry->flags |= MPTCP_PM_ADDR_FLAG_BACKUP; - else - entry->flags &= ~MPTCP_PM_ADDR_FLAG_BACKUP; - } + spin_lock_bh(&pernet->lock); + entry = __lookup_addr(pernet, &addr.addr); + if (!entry) { + spin_unlock_bh(&pernet->lock); + return -EINVAL; } + if (bkup) + entry->flags |= MPTCP_PM_ADDR_FLAG_BACKUP; + else + entry->flags &= ~MPTCP_PM_ADDR_FLAG_BACKUP; + addr = *entry; + spin_unlock_bh(&pernet->lock); + + mptcp_nl_addr_backup(net, &addr.addr, bkup); return 0; }