review.tizen.org Git - sdk/emulator/emulator-kernel.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Wed, 18 Oct 2023 18:23:53 +0000 (11:23 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 25 Oct 2023 10:03:04 +0000 (12:03 +0200)
commit	80990979a94655582ccf6f8608d478a47cb620c1
tree	d09b8f03497d86c9da13acbb6d534c53cb9382c5	tree \| snapshot
parent	f7e65c03d5bff682b9266b37345b861a808024cb	commit \| diff

tcp: check mptcp-level constraints for backlog coalescing

commit 6db8a37dfc541e059851652cfd4f0bb13b8ff6af upstream.

The MPTCP protocol can acquire the subflow-level socket lock and
cause the tcp backlog usage. When inserting new skbs into the
backlog, the stack will try to coalesce them.

Currently, we have no check in place to ensure that such coalescing
will respect the MPTCP-level DSS, and that may cause data stream
corruption, as reported by Christoph.

Address the issue by adding the relevant admission check for coalescing
in tcp_add_backlog().

Note the issue is not easy to reproduce, as the MPTCP protocol tries
hard to avoid acquiring the subflow-level socket lock.

Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Cc: stable@vger.kernel.org
Reported-by: Christoph Paasch <cpaasch@apple.com>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/420
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <martineau@kernel.org>
Link: https://lore.kernel.org/r/20231018-send-net-20231018-v1-2-17ecb002e41d@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>