git.ipfire.org Git - people/arne

author	Paolo Abeni <pabeni@redhat.com>
	Wed, 1 Sep 2021 17:15:36 +0000 (10:15 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 22 Sep 2021 10:39:31 +0000 (12:39 +0200)
commit	e35820fb56415be6924bf552ec223ed5f347b4be
tree	0d6fab143716aec9d6f35d74597065d03fbf87a0	tree \| snapshot
parent	122a20d062e83fa494f8327081746b725dc60d80	commit \| diff

mptcp: fix possible divide by zero

[ Upstream commit 1094c6fe7280e17e0e87934add5ad2585e990def ]

Florian noted that if mptcp_alloc_tx_skb() allocation fails
in __mptcp_push_pending(), we can end-up invoking
mptcp_push_release()/tcp_push() with a zero mss, causing
a divide by 0 error.

This change addresses the issue refactoring the skb allocation
code checking if skb collapsing will happen for sure and doing
the skb allocation only after such check. Skb allocation will
now happen only after the call to tcp_send_mss() which
correctly initializes mss_now.

As side bonuses we now fill the skb tx cache only when needed,
and this also clean-up a bit the output path.

v1 -> v2:
- use lockdep_assert_held_once() - Jakub
- fix indentation - Jakub

Reported-by: Florian Westphal <fw@strlen.de>
Fixes: 724cfd2ee8aa ("mptcp: allocate TX skbs in msk context")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>