Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1934118rdb; Wed, 31 Jan 2024 13:51:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IFWfDATY0+FsXG0fSOiuSlHKTtNWHwOkd7Mjiiz/vpNHzV439N22XNDalVTr/wRmwKQcOR0 X-Received: by 2002:a05:6358:ee95:b0:178:ac0d:7190 with SMTP id il21-20020a056358ee9500b00178ac0d7190mr716673rwb.13.1706737864061; Wed, 31 Jan 2024 13:51:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706737864; cv=pass; d=google.com; s=arc-20160816; b=ptje/uNUPC4kglDbn9EgzHy5xVz+S9gNcaXRuWNX5xrdYg+hIllT6WvJ5wci/Azz/K CUw8SYn8wz83FaKPhe7LtDxZRpP8iwJ95y3EHv1fC0mT3NFWxlGoCrQYxk3M7AOTwKeL OHi+BDGLC9KMh89QjlejnXh4fsOmY1/wcRfq/gZ/jJbkt73iH/7qpRNUUlQQ241UhAuU zeQZsN7q/8dJm792pBJIbmSsESalVE6ZaZyS+M97aBE8dwY+M2HT7bfI43bDOLXDfRfK 4AKA6igD62aRYn9umZ5x0lZXqSIOc2ETYlv1mC7sHmKSrNY3OJoVIsZ0zhB2lFPciF1P 6/gQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=CxZnALtv7pkwitrMAZkCFuYrZWg+xd3xQcGGEIlI/3Q=; fh=02asUsNGVG3gGCp0i6vCekFEOJg5Za+HxzS1Oh9go6w=; b=QivPz9/VDpHZ5DxOBxUuicLZPzeFixeab+fKmknggbBSMjzlVAiqxkDB97pk8PFZ6+ cganLblHfnU6J6WgyVe0IOqUfpa9tyXOAEvTORKl96P3MIZsRhTyr14g2MtUBZ2fBJLu jJT/47vOaWH3a8c6MHdsbzJo5VFt//cSx8sok6mGcGHCRpLSam9xNCO5ZQBG10Fr7L5N wwL2hgQt73YuJCUbP0SuzE78pdra4rSpIUDHyYvqMfozAYzLJKqgg2aSpgwyVFXHTEbm chy31EbetB3xLZHHcdkyln7P137ErNkcPlfCZZBR3fUvgSk7L0np2z7ryTTgzZC3eWEx +lxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="sFgY/iXR"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-47197-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47197-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=1; AJvYcCWjkNQaHRfPqVAy9Ou6SpR8HAMgGHSWOE1mtO3t+lsuyCd6qYizs1hAVQ/PUakRCVvTM1tT3i33ojCwlRUL5DarWJzc4Yi3BAE2OjvB6A== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id k11-20020aa788cb000000b006de3a09c6b7si5361584pff.383.2024.01.31.13.51.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 13:51:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47197-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="sFgY/iXR"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-47197-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47197-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B074628469D for ; Wed, 31 Jan 2024 21:51:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7150B39FFC; Wed, 31 Jan 2024 21:50:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sFgY/iXR" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88F7939FCF; Wed, 31 Jan 2024 21:50:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706737831; cv=none; b=ubXU98XliG1DN4ejbjJ1m3fGwx4ji3060+adf8rLctoimwUnVmrmigeAcaLJabTq02mFvSO+IZcxcqP7bGjQX52zBJhm+i6Be7mjirrLCnUXfpPJQVAjJEWcjBtyobpxZ8HwizRFYLLi10Yqbqe0FOERvkTQKpofF6ys+MSGHpU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706737831; c=relaxed/simple; bh=XXiWwUEZmp5fjWh5iKtz9h44NEjaTGRyKTaVQI0W7EE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RupbRr1gPsymN+x1i6oJfvOb4kas/vgasBXmSFHx0N7iW+B7pTSdvYohe9oW+zY3PvarBqaeU5Rbet075mssk4DWGfN8t9UnPGJskNIJ/rfCwCvV619WLWBohANXdy4AFU8CNKTqSCjLRwTF3vuxTH87ohDvgwrJTISMltTkd4U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sFgY/iXR; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id CC91AC433C7; Wed, 31 Jan 2024 21:50:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1706737830; bh=XXiWwUEZmp5fjWh5iKtz9h44NEjaTGRyKTaVQI0W7EE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sFgY/iXRgbSOFmpZ6z10TkYjISw4HnH3YbXBZrWixCt1KrGI2Zqt2ocCPELJjgyty IR519rsTjb7bnHkOxHISRDgVjv1j+LvQ+5NLp/k0SApAqdKRyHgaCCX10I1wIZ5bYE HM1G0M0O65QJieNRmnNs8Bz4vV73ZS8xKr5IcMvhK+mHIJNEw2ssO20NJtLFolXgML vVobITLTki5kkwaqUlfOamRNE6JKPFYT4mLuUhQ4GSlABtLcvNSgN0d3v9/UcWKueI 0XIJw3tg6DhhkXvOi7uIe2yzIMP7tOc6smCcdiBj03XRA0Eb3HHX+nH9dCxwfPlksx gmANgXKdTH+Pw== From: "Matthieu Baerts (NGI0)" Date: Wed, 31 Jan 2024 22:49:46 +0100 Subject: [PATCH net 1/9] mptcp: fix data re-injection from stale subflow Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240131-upstream-net-20240131-mptcp-ci-issues-v1-1-4c1c11e571ff@kernel.org> References: <20240131-upstream-net-20240131-mptcp-ci-issues-v1-0-4c1c11e571ff@kernel.org> In-Reply-To: <20240131-upstream-net-20240131-mptcp-ci-issues-v1-0-4c1c11e571ff@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1863; i=matttbe@kernel.org; h=from:subject:message-id; bh=9dynpHdX9Ik8LmCQAbnOxMKWOpT+IehcxBDh9DIP2U4=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBlusCfymu+KeBVySFiiH6iony4SrKMhe8Ag5Umy F6hj4BkVeyJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZbrAnwAKCRD2t4JPQmmg cxvPD/9FQKFrrd+Cjx/3AcNt3A5KkvBCM8chxULaBnM213+Wgrrxn4cyHELI9dLkhFNmhJxbiEL S8n4NxN2sOaATxTxNQ+rkBGCNsFOx8tPhPWJelhvTZUjmsZ4+vi0L0b78tFmXlkDqM55qTbF+Ca O5qlmSvcPFwdmx419Evx1jF1TqctbR0GlMKu8DKfNhmRobmEJl7kUAOiyC0DiK83ygx3bEFwK8o q8EmBcZlG6EX+zVp/6pY8EkJGm4Ev22xshhLO99koDXgJ1ldsKaGxYV6cSVTYn3g+6oBIME6+tJ NJNYTvhHNn5GL8vN7ppNEUOYdLIcQZL+xovUIMA5vUgrRkUUOBFBjvReQkgcptrPnBhW2IR/mUr +YH2ItVKo1uMk4CXXYXkYH6iQSCfQN3DZRnDX2SGgSy5vrtXVLdbOPQtwmJQCVkwPmTlg0tDY1K f6l5Nldy+OL5dM7B7gSi3P82pM2uoQYmPRYLim20jHRQqo2DykB6SJMcDvVH8+qHUq7OfFRL6AV WiZSw8pWORKgPTxqOEz/EYSAPaxGYtqvFzQpTcnfi1M7CSBOp/nuiXETL2xvqJ9fm5jun2KWxgk e5a96VfxpYjEuz+jDCUB4OsIraP2gRI3b868+nzb4tOC45q5SFvsHWtgMbAlh0NA3yyVBe3BnT0 7O6hRJyfR737+8Q== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni When the MPTCP PM detects that a subflow is stale, all the packet scheduler must re-inject all the mptcp-level unacked data. To avoid acquiring unneeded locks, it first try to check if any unacked data is present at all in the RTX queue, but such check is currently broken, as it uses TCP-specific helper on an MPTCP socket. Funnily enough fuzzers and static checkers are happy, as the accessed memory still belongs to the mptcp_sock struct, and even from a functional perspective the recovery completed successfully, as the short-cut test always failed. A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize tcp_sock fast path variables") - exposed the issue, as the tcp field reorganization makes the mptcp code always skip the re-inection. Fix the issue dropping the bogus call: we are on a slow path, the early optimization proved once again to be evil. Fixes: 1e1d9d6f119c ("mptcp: handle pending data on closed subflow") Cc: stable@vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/468 Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/protocol.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3ed4709a7509..028e8b473626 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2314,9 +2314,6 @@ bool __mptcp_retransmit_pending_data(struct sock *sk) if (__mptcp_check_fallback(msk)) return false; - if (tcp_rtx_and_write_queues_empty(sk)) - return false; - /* the closing socket has some data untransmitted and/or unacked: * some data in the mptcp rtx queue has not really xmitted yet. * keep it simple and re-inject the whole mptcp level rtx queue -- 2.43.0