Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp1108702lqt; Fri, 7 Jun 2024 08:13:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVdfSsBA4lH4bvmkGp7fFiV+vTIkcrl3DrHUvYvsA9uE/9eogwh+21fTy2m5T9iREgt54oxXEcBXPTYlc1h90Jiby1jBnywB2Kea4l9ow== X-Google-Smtp-Source: AGHT+IFcMLBxrdX+t7Jo3JL55OV9reXKS4gRfrV0Evsrh9/uk/zg94YyUbggMDGSDdSvX4+DaAKm X-Received: by 2002:a17:903:2306:b0:1f6:78d5:f42f with SMTP id d9443c01a7336-1f6d0398d5fmr31984485ad.52.1717773189530; Fri, 07 Jun 2024 08:13:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717773189; cv=pass; d=google.com; s=arc-20160816; b=OPQLNvkgD6pv+ro05Bx65OEnMUWKbb56EKuHawil689PcMB/DxdNyrHo3mrH59SZEx SgFRGjTTcUm8j9KQzJrG3F9fcR0iEW30U9vMOW7YWgGVNXoqzKp/k7tuQIQMDGXhoSdC 9w8T6hRLC0pupfeT7uZN5C1P/zS1V3B+3fzEU1G+PSUSc/FYh9eqMDOIQGnleCiM+Gdr mjtvAGc9RGr/h0liCM0CeZfEwv7Z71Rk/kycpGTsPl2Nwm7Kq/qYhQ1N//SJmlyUrMy3 7nJ5Xi5hoaFZwEiEyI88wZueNlAzQQec6I4JdfFywQuzbWt1FMzb6ID4sQsauPko4Fzu Bqew== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=e/IPkOx0Jhq1pU+kobMTDHm/6rPGpyP8hDgJDa8RXTQ=; fh=lyrsxoU320hMwnjv7cYCHThBr5ZmREZMEUuu5qPK+yc=; b=RpEFOkhR7qreevU3er9H3m1PcKrFJfU9Ov3wZv/G6rRAOocaqagCvH5HiwtwH51LOQ O1np62XVbGI+HQ3yLst/UPkpnVWzU8r9rOHAi93X8o9+6TacYncjaARewmP34fqljpy2 NrHG9/+jgLHXsMivlmAsxktoQHb6UExRkoGvS48Q4jXaRHx/a7oZ3Hgq8jjGndSJi0Aa krmKCRpU32V3V2LJ0AhhMREyRPp/jsSpi1PzLHZZJFlDH7v0GuZc0e4VlvSFAgIMh9Ol Yzq4kkULwKY2A/6r0Q69R+VBoceKw+/gAQWoe2y+hjusmll0mae3F/A411oYZ29Q3Ph2 JIAg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M3dtdi9m; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206340-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206340-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f6bd75fa35si29400345ad.8.2024.06.07.08.13.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 08:13:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-206340-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M3dtdi9m; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206340-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206340-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id F290D28BB14 for ; Fri, 7 Jun 2024 15:04:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id ACFF2199EAC; Fri, 7 Jun 2024 15:02:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M3dtdi9m" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B48301993AF; Fri, 7 Jun 2024 15:02:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717772537; cv=none; b=MkvJm62eppR6USTU7/8z/u063sYdVqng9imPOhCAsf8WDqNZFZF3HpHyT09QWoO0nmzanYtTN+XLt10Y8HRxUVOals7fH5HKXM34l/jMoOH6vL6KykKTd0INqlCGCdSw1mENbjf47S8337ly9SVOawIqCcBSespRZQT/4qy38ag= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717772537; c=relaxed/simple; bh=pYJNoB2u1ZqMObb+gIcRRwqEKrEEAYdKPGc5UfseMP0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZnuoIr7HlHZyZOQUd0OMHqU3YzOi4wGQm1WN7Q81fxCKqVNi2ro5zv5W0tOEj9J3THt9BB+qxsumJk9FoyibTdNRkjNbtmuNecwagHTTytGTWkTHL7vHJPkw4JPLrip4F3usLYs8lmUBI3//W4S55Z01wLvrqhJyHP9M9fUxY0U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M3dtdi9m; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56597C3277B; Fri, 7 Jun 2024 15:02:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717772537; bh=pYJNoB2u1ZqMObb+gIcRRwqEKrEEAYdKPGc5UfseMP0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=M3dtdi9mUjtm8N+238H1NcPMhSbL/RJ4OT/Mtk4Bf40zaC2jIx+defBoaMm2w+w3F +2ttwNmWnkzd/fgyV1jru7JDsEtQISv0Q5lpDLP488zB1C2/V1q6Q6TbSgS2/z41+j fDMGDwTEDk4J1ggdSTLyaHbh5A+ndfu6L2xgXle4Fo3+Rk3ZrKwxq53DO1jWFojqCv ig02H9ipxPHI8z38s6DWekIciYu3Mx+X3+GRBnjPHnPbR7OSZkrCnMWCkME/xEzrpy C6yDcSrYje4AabCNg8eLbQf3x9P8nz9G+3feVyqasqgPbvfp3nyaR/Mmd934NyTDa1 GHYm1ww6tsaWA== From: "Matthieu Baerts (NGI0)" Date: Fri, 07 Jun 2024 17:01:48 +0200 Subject: [PATCH net 1/4] mptcp: ensure snd_una is properly initialized on connect Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240607-upstream-net-20240607-misc-fixes-v1-1-1ab9ddfa3d00@kernel.org> References: <20240607-upstream-net-20240607-misc-fixes-v1-0-1ab9ddfa3d00@kernel.org> In-Reply-To: <20240607-upstream-net-20240607-misc-fixes-v1-0-1ab9ddfa3d00@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Davide Caratti , Shuah Khan Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org, Christoph Paasch X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1392; i=matttbe@kernel.org; h=from:subject:message-id; bh=PfdPd1CZLVPmAQl+1xZ78iEyztMBE+4I5rQY3Km+0kE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBmYyDy6NeVsQvpbGo14NOqTZi/PfttbvDw/or7B hL5j/ruY1GJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZmMg8gAKCRD2t4JPQmmg c1dcEADORAJ4oXPVG4UPn9w/yCDwvL5Fyd1gVVSuLXaU6bLYhCcxscq7nRW/KKAjR3D7NGTLSCV HDGYFThEosOr3CzqqcDSco5denpV3jews85JNm1q8/bYhpCKRRSGXqf4gWVs49NzRnBaGAWDJ3W k3iEOzWfcPkjKILeb0mkIawct8pfi6QoYraMFy3Dsd7S51K/egDbNIU6f/9qTBDJahbU0u89Kz5 Z5TJvPVMI7ge88KQTDO2tk5wt9b71JeB0ltY89pqc+nftvC8qDnVgfeIr5BtktmjsSj5s41Wmpq cCDKxW2uZQqtBvvYs/NtWmFpP8RtiY0pv8cFS7lUK2KYHVW5SkoYbJomEZU/Bu1Dw3giQxdSkkT 6RPDWSNucwJ56LbnxELJojvW8djN1Jm+ugL5RKzvP6h4FHn0fJ7KGp5FeaZ1YXpdkxw4X1HoEiv G6IdV3l1lbAd69Fk9X0431biHR2HAHiX5V9jJlBxd/a++c1CeDUdEPBKQglvpz7KoMS1z5yYv8V DaVrPtbpNMcDdr1OOc0Ot8cFKuijXfvblPCghooMmxZP/0ZWy/rJOYgE4pp4zcxLD1Ckn6RfYsC oCPULTeG8HbENfANDylqni4MOTCHVe5dEjSxMjrgmThqqVK1dw/qBPvig20nMOXA0DbbEDogXfP jscIz7Ifr2RS1/Q== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 From: Paolo Abeni This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized. Address the issue explicitly initializing snd_una together with snd_nxt and write_seq. Suggested-by: Mat Martineau Fixes: 8fd738049ac3 ("mptcp: fallback in case of simultaneous connect") Cc: stable@vger.kernel.org Reported-by: Christoph Paasch Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/485 Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/protocol.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 96b113854bd3..bb7dca8aa2d9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3740,6 +3740,7 @@ static int mptcp_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) WRITE_ONCE(msk->write_seq, subflow->idsn); WRITE_ONCE(msk->snd_nxt, subflow->idsn); + WRITE_ONCE(msk->snd_una, subflow->idsn); if (likely(!__mptcp_check_fallback(msk))) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVE); -- 2.43.0