6.1-stable patches

added patches:
	mptcp-fix-lockless-access-in-subflow-ulp-diag.patch

diff --git a/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch b/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch
new file mode 100644 (file)
index 0000000..59f8fd2
--- /dev/null
+++ b/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch
@@ -0,0 +1,88 @@
+From b8adb69a7d29c2d33eb327bca66476fb6066516b Mon Sep 17 00:00:00 2001
+From: Paolo Abeni <pabeni@redhat.com>
+Date: Thu, 15 Feb 2024 19:25:30 +0100
+Subject: mptcp: fix lockless access in subflow ULP diag
+
+From: Paolo Abeni <pabeni@redhat.com>
+
+commit b8adb69a7d29c2d33eb327bca66476fb6066516b upstream.
+
+Since the introduction of the subflow ULP diag interface, the
+dump callback accessed all the subflow data with lockless.
+
+We need either to annotate all the read and write operation accordingly,
+or acquire the subflow socket lock. Let's do latter, even if slower, to
+avoid a diffstat havoc.
+
+Fixes: 5147dfb50832 ("mptcp: allow dumping subflow context to userspace")
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Reviewed-by: Mat Martineau <martineau@kernel.org>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/tcp.h  |    2 +-
+ net/mptcp/diag.c   |    6 +++++-
+ net/tls/tls_main.c |    2 +-
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -2290,7 +2290,7 @@ struct tcp_ulp_ops {
+       /* cleanup ulp */
+       void (*release)(struct sock *sk);
+       /* diagnostic */
+-      int (*get_info)(const struct sock *sk, struct sk_buff *skb);
++      int (*get_info)(struct sock *sk, struct sk_buff *skb);
+       size_t (*get_info_size)(const struct sock *sk);
+       /* clone ulp */
+       void (*clone)(const struct request_sock *req, struct sock *newsk,
+--- a/net/mptcp/diag.c
++++ b/net/mptcp/diag.c
+@@ -13,17 +13,19 @@
+ #include <uapi/linux/mptcp.h>
+ #include "protocol.h"
+ 
+-static int subflow_get_info(const struct sock *sk, struct sk_buff *skb)
++static int subflow_get_info(struct sock *sk, struct sk_buff *skb)
+ {
+       struct mptcp_subflow_context *sf;
+       struct nlattr *start;
+       u32 flags = 0;
++      bool slow;
+       int err;
+ 
+       start = nla_nest_start_noflag(skb, INET_ULP_INFO_MPTCP);
+       if (!start)
+               return -EMSGSIZE;
+ 
++      slow = lock_sock_fast(sk);
+       rcu_read_lock();
+       sf = rcu_dereference(inet_csk(sk)->icsk_ulp_data);
+       if (!sf) {
+@@ -69,11 +71,13 @@ static int subflow_get_info(const struct
+       }
+ 
+       rcu_read_unlock();
++      unlock_sock_fast(sk, slow);
+       nla_nest_end(skb, start);
+       return 0;
+ 
+ nla_failure:
+       rcu_read_unlock();
++      unlock_sock_fast(sk, slow);
+       nla_nest_cancel(skb, start);
+       return err;
+ }
+--- a/net/tls/tls_main.c
++++ b/net/tls/tls_main.c
+@@ -1098,7 +1098,7 @@ static u16 tls_user_config(struct tls_co
+       return 0;
+ }
+ 
+-static int tls_get_info(const struct sock *sk, struct sk_buff *skb)
++static int tls_get_info(struct sock *sk, struct sk_buff *skb)
+ {
+       u16 version, cipher_type;
+       struct tls_context *ctx;

diff --git a/queue-6.1/series b/queue-6.1/series
index afdca47c09da4bed0b02da8376f091d1a6a52776..5f2dcd4ea5d6c44986d967ee9c0f1972c189c070 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -125,3 +125,4 @@ usb-roles-fix-null-pointer-issue-when-put-module-s-reference.patch
 usb-roles-don-t-get-set_role-when-usb_role_switch-is-unregistered.patch
 mptcp-make-userspace_pm_append_new_local_addr-static.patch
 mptcp-add-needs_id-for-userspace-appending-addr.patch
+mptcp-fix-lockless-access-in-subflow-ulp-diag.patch