+++ /dev/null
-From b3cc8605c6bacaef72b8f38f2bd2cfe82b9d2c85 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 4 Mar 2021 13:32:09 -0800
-Subject: mptcp: put subflow sock on connect error
-
-From: Florian Westphal <fw@strlen.de>
-
-[ Upstream commit f07157792c633b528de5fc1dbe2e4ea54f8e09d4 ]
-
-mptcp_add_pending_subflow() performs a sock_hold() on the subflow,
-then adds the subflow to the join list.
-
-Without a sock_put the subflow sk won't be freed in case connect() fails.
-
-unreferenced object 0xffff88810c03b100 (size 3000):
-[..]
- sk_prot_alloc.isra.0+0x2f/0x110
- sk_alloc+0x5d/0xc20
- inet6_create+0x2b7/0xd30
- __sock_create+0x17f/0x410
- mptcp_subflow_create_socket+0xff/0x9c0
- __mptcp_subflow_connect+0x1da/0xaf0
- mptcp_pm_nl_work+0x6e0/0x1120
- mptcp_worker+0x508/0x9a0
-
-Fixes: 5b950ff4331ddda ("mptcp: link MPC subflow into msk only after accept")
-Signed-off-by: Florian Westphal <fw@strlen.de>
-Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/mptcp/subflow.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
-index 16adba172fb9..591546d0953f 100644
---- a/net/mptcp/subflow.c
-+++ b/net/mptcp/subflow.c
-@@ -1133,6 +1133,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc,
- spin_lock_bh(&msk->join_list_lock);
- list_add_tail(&subflow->node, &msk->join_list);
- spin_unlock_bh(&msk->join_list_lock);
-+ sock_put(mptcp_subflow_tcp_sock(subflow));
-
- return err;
-
---
-2.30.1
-
+++ /dev/null
-From 325a0840329a4b04c35fe3ebf13d977cbd33dd91 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 16 Nov 2020 10:48:06 +0100
-Subject: mptcp: reduce the arguments of mptcp_sendmsg_frag
-
-From: Paolo Abeni <pabeni@redhat.com>
-
-[ Upstream commit caf971df01b86f33f151bcfa61b4385cf5e43822 ]
-
-The current argument list is pretty long and quite unreadable,
-move many of them into a specific struct. Later patches
-will add more stuff to such struct.
-
-Additionally drop the 'timeo' argument, now unused.
-
-Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/mptcp/protocol.c | 53 ++++++++++++++++++++++++--------------------
- 1 file changed, 29 insertions(+), 24 deletions(-)
-
-diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
-index 0504a5f13c2a..888eb6a86dad 100644
---- a/net/mptcp/protocol.c
-+++ b/net/mptcp/protocol.c
-@@ -886,12 +886,16 @@ mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag,
- return dfrag;
- }
-
-+struct mptcp_sendmsg_info {
-+ int mss_now;
-+ int size_goal;
-+};
-+
- static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
- struct msghdr *msg, struct mptcp_data_frag *dfrag,
-- long *timeo, int *pmss_now,
-- int *ps_goal)
-+ struct mptcp_sendmsg_info *info)
- {
-- int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0;
-+ int avail_size, offset, ret, frag_truesize = 0;
- bool dfrag_collapsed, can_collapse = false;
- struct mptcp_sock *msk = mptcp_sk(sk);
- struct mptcp_ext *mpext = NULL;
-@@ -917,10 +921,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
- }
-
- /* compute copy limit */
-- mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags);
-- *pmss_now = mss_now;
-- *ps_goal = size_goal;
-- avail_size = size_goal;
-+ info->mss_now = tcp_send_mss(ssk, &info->size_goal, msg->msg_flags);
-+ avail_size = info->size_goal;
- skb = tcp_write_queue_tail(ssk);
- if (skb) {
- mpext = skb_ext_find(skb, SKB_EXT_MPTCP);
-@@ -931,12 +933,12 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
- * queue management operation, to avoid breaking the ext <->
- * SSN association set here
- */
-- can_collapse = (size_goal - skb->len > 0) &&
-+ can_collapse = (info->size_goal - skb->len > 0) &&
- mptcp_skb_can_collapse_to(*write_seq, skb, mpext);
- if (!can_collapse)
- TCP_SKB_CB(skb)->eor = 1;
- else
-- avail_size = size_goal - skb->len;
-+ avail_size = info->size_goal - skb->len;
- }
-
- if (!retransmission) {
-@@ -1168,11 +1170,15 @@ static void ssk_check_wmem(struct mptcp_sock *msk)
-
- static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
- {
-- int mss_now = 0, size_goal = 0, ret = 0;
- struct mptcp_sock *msk = mptcp_sk(sk);
-+ struct mptcp_sendmsg_info info = {
-+ .mss_now = 0,
-+ .size_goal = 0,
-+ };
- struct page_frag *pfrag;
- size_t copied = 0;
- struct sock *ssk;
-+ int ret = 0;
- u32 sndbuf;
- bool tx_ok;
- long timeo;
-@@ -1241,8 +1247,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
- lock_sock(ssk);
- tx_ok = msg_data_left(msg);
- while (tx_ok) {
-- ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now,
-- &size_goal);
-+ ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &info);
- if (ret < 0) {
- if (ret == -EAGAIN && timeo > 0) {
- mptcp_set_timeout(sk, ssk);
-@@ -1265,8 +1270,8 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
- if (!sk_stream_memory_free(ssk) ||
- !mptcp_page_frag_refill(ssk, pfrag) ||
- !mptcp_ext_cache_refill(msk)) {
-- tcp_push(ssk, msg->msg_flags, mss_now,
-- tcp_sk(ssk)->nonagle, size_goal);
-+ tcp_push(ssk, msg->msg_flags, info.mss_now,
-+ tcp_sk(ssk)->nonagle, info.size_goal);
- mptcp_set_timeout(sk, ssk);
- release_sock(ssk);
- goto restart;
-@@ -1286,8 +1291,8 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
- * limits before we send more data.
- */
- if (unlikely(!sk_stream_memory_free(sk))) {
-- tcp_push(ssk, msg->msg_flags, mss_now,
-- tcp_sk(ssk)->nonagle, size_goal);
-+ tcp_push(ssk, msg->msg_flags, info.mss_now,
-+ tcp_sk(ssk)->nonagle, info.size_goal);
- mptcp_clean_una(sk);
- if (!sk_stream_memory_free(sk)) {
- /* can't send more for now, need to wait for
-@@ -1304,8 +1309,8 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
-
- mptcp_set_timeout(sk, ssk);
- if (copied) {
-- tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle,
-- size_goal);
-+ tcp_push(ssk, msg->msg_flags, info.mss_now,
-+ tcp_sk(ssk)->nonagle, info.size_goal);
-
- /* start the timer, if it's not pending */
- if (!mptcp_timer_pending(sk))
-@@ -1747,14 +1752,15 @@ static void mptcp_worker(struct work_struct *work)
- {
- struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work);
- struct sock *ssk, *sk = &msk->sk.icsk_inet.sk;
-- int orig_len, orig_offset, mss_now = 0, size_goal = 0;
-+ struct mptcp_sendmsg_info info = {};
- struct mptcp_data_frag *dfrag;
-+ int orig_len, orig_offset;
- u64 orig_write_seq;
- size_t copied = 0;
- struct msghdr msg = {
- .msg_flags = MSG_DONTWAIT,
- };
-- long timeo = 0;
-+ int ret;
-
- lock_sock(sk);
- mptcp_clean_una_wakeup(sk);
-@@ -1793,8 +1799,7 @@ static void mptcp_worker(struct work_struct *work)
- orig_offset = dfrag->offset;
- orig_write_seq = dfrag->data_seq;
- while (dfrag->data_len > 0) {
-- int ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo,
-- &mss_now, &size_goal);
-+ ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &info);
- if (ret < 0)
- break;
-
-@@ -1807,8 +1812,8 @@ static void mptcp_worker(struct work_struct *work)
- break;
- }
- if (copied)
-- tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle,
-- size_goal);
-+ tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle,
-+ info.size_goal);
-
- dfrag->data_seq = orig_write_seq;
- dfrag->offset = orig_offset;
---
-2.30.1
-
+++ /dev/null
-From 83cc045e23160c921284e98fe71b19ca08ebbe2a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 3 Nov 2020 11:05:06 -0800
-Subject: mptcp: split mptcp_clean_una function
-
-From: Florian Westphal <fw@strlen.de>
-
-[ Upstream commit 95ed690ebc72ad6c89068f08197b51fe4d3c3b48 ]
-
-mptcp_clean_una() will wake writers in case memory could be reclaimed.
-When called from mptcp_sendmsg the wakeup code isn't needed.
-
-Move the wakeup to a new helper and then use that from the mptcp worker.
-
-Signed-off-by: Florian Westphal <fw@strlen.de>
-Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/mptcp/protocol.c | 28 +++++++++++++++++-----------
- 1 file changed, 17 insertions(+), 11 deletions(-)
-
-diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
-index f56b2e331bb6..0504a5f13c2a 100644
---- a/net/mptcp/protocol.c
-+++ b/net/mptcp/protocol.c
-@@ -833,19 +833,25 @@ static void mptcp_clean_una(struct sock *sk)
- }
-
- out:
-- if (cleaned) {
-+ if (cleaned)
- sk_mem_reclaim_partial(sk);
-+}
-
-- /* Only wake up writers if a subflow is ready */
-- if (mptcp_is_writeable(msk)) {
-- set_bit(MPTCP_SEND_SPACE, &mptcp_sk(sk)->flags);
-- smp_mb__after_atomic();
-+static void mptcp_clean_una_wakeup(struct sock *sk)
-+{
-+ struct mptcp_sock *msk = mptcp_sk(sk);
-
-- /* set SEND_SPACE before sk_stream_write_space clears
-- * NOSPACE
-- */
-- sk_stream_write_space(sk);
-- }
-+ mptcp_clean_una(sk);
-+
-+ /* Only wake up writers if a subflow is ready */
-+ if (mptcp_is_writeable(msk)) {
-+ set_bit(MPTCP_SEND_SPACE, &msk->flags);
-+ smp_mb__after_atomic();
-+
-+ /* set SEND_SPACE before sk_stream_write_space clears
-+ * NOSPACE
-+ */
-+ sk_stream_write_space(sk);
- }
- }
-
-@@ -1751,7 +1757,7 @@ static void mptcp_worker(struct work_struct *work)
- long timeo = 0;
-
- lock_sock(sk);
-- mptcp_clean_una(sk);
-+ mptcp_clean_una_wakeup(sk);
- mptcp_check_data_fin_ack(sk);
- __mptcp_flush_join_list(msk);
- if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags))
---
-2.30.1
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
