review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Tue, 20 Jun 2023 16:24:20 +0000 (18:24 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 22 Jun 2023 05:44:54 +0000 (22:44 -0700)
commit	56a666c48b038e91b76471289e2cf60c79d326b9
tree	0ce708d167fdafeb743ee5ea658072a3389ec6a0	tree \| snapshot
parent	0ad529d9fd2bfa3fc619552a8d2fb2f2ef0bce2e	commit \| diff

mptcp: fix possible list corruption on passive MPJ

At passive MPJ time, if the msk socket lock is held by the user,
the new subflow is appended to the msk->join_list under the msk
data lock.

In mptcp_release_cb()/__mptcp_flush_join_list(), the subflows in
that list are moved from the join_list into the conn_list under the
msk socket lock.

Append and removal could race, possibly corrupting such list.
Address the issue splicing the join list into a temporary one while
still under the msk data lock.

Found by code inspection, the race itself should be almost impossible
to trigger in practice.

Fixes: 3e5014909b56 ("mptcp: cleanup MPJ subflow list handling")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>