mptcp: fix race in incoming ADD_ADDR option processing
authorPaolo Abeni <pabeni@redhat.com>
Fri, 18 Feb 2022 21:35:41 +0000 (13:35 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 2 Mar 2022 10:47:52 +0000 (11:47 +0100)
commit150d1e06c4f144110625de10919e4fc6e7ca91cf
tree037992aff1e079d6c606aa704c6caa603b1f54fe
parent40bbab9d4ed7c948407cfcb3c16891d635c39da6
mptcp: fix race in incoming ADD_ADDR option processing

commit 837cf45df163a3780bc04b555700231e95b31dc9 upstream.

If an MPTCP endpoint received multiple consecutive incoming
ADD_ADDR options, mptcp_pm_add_addr_received() can overwrite
the current remote address value after the PM lock is released
in mptcp_pm_nl_add_addr_received() and before such address
is echoed.

Fix the issue caching the remote address value a little earlier
and always using the cached value after releasing the PM lock.

Fixes: f7efc7771eac ("mptcp: drop argument port from mptcp_pm_announce_addr")
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/mptcp/pm_netlink.c