From: Greg Kroah-Hartman Date: Mon, 26 Feb 2024 13:22:11 +0000 (+0100) Subject: 6.1-stable patches X-Git-Tag: v4.19.308~47 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=373d5d1b80a91f03735c9fd11c6d4decb66c7fd2;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: mptcp-fix-lockless-access-in-subflow-ulp-diag.patch --- diff --git a/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch b/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch new file mode 100644 index 00000000000..59f8fd2e2f4 --- /dev/null +++ b/queue-6.1/mptcp-fix-lockless-access-in-subflow-ulp-diag.patch @@ -0,0 +1,88 @@ +From b8adb69a7d29c2d33eb327bca66476fb6066516b Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 15 Feb 2024 19:25:30 +0100 +Subject: mptcp: fix lockless access in subflow ULP diag + +From: Paolo Abeni + +commit b8adb69a7d29c2d33eb327bca66476fb6066516b upstream. + +Since the introduction of the subflow ULP diag interface, the +dump callback accessed all the subflow data with lockless. + +We need either to annotate all the read and write operation accordingly, +or acquire the subflow socket lock. Let's do latter, even if slower, to +avoid a diffstat havoc. + +Fixes: 5147dfb50832 ("mptcp: allow dumping subflow context to userspace") +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + include/net/tcp.h | 2 +- + net/mptcp/diag.c | 6 +++++- + net/tls/tls_main.c | 2 +- + 3 files changed, 7 insertions(+), 3 deletions(-) + +--- a/include/net/tcp.h ++++ b/include/net/tcp.h +@@ -2290,7 +2290,7 @@ struct tcp_ulp_ops { + /* cleanup ulp */ + void (*release)(struct sock *sk); + /* diagnostic */ +- int (*get_info)(const struct sock *sk, struct sk_buff *skb); ++ int (*get_info)(struct sock *sk, struct sk_buff *skb); + size_t (*get_info_size)(const struct sock *sk); + /* clone ulp */ + void (*clone)(const struct request_sock *req, struct sock *newsk, +--- a/net/mptcp/diag.c ++++ b/net/mptcp/diag.c +@@ -13,17 +13,19 @@ + #include + #include "protocol.h" + +-static int subflow_get_info(const struct sock *sk, struct sk_buff *skb) ++static int subflow_get_info(struct sock *sk, struct sk_buff *skb) + { + struct mptcp_subflow_context *sf; + struct nlattr *start; + u32 flags = 0; ++ bool slow; + int err; + + start = nla_nest_start_noflag(skb, INET_ULP_INFO_MPTCP); + if (!start) + return -EMSGSIZE; + ++ slow = lock_sock_fast(sk); + rcu_read_lock(); + sf = rcu_dereference(inet_csk(sk)->icsk_ulp_data); + if (!sf) { +@@ -69,11 +71,13 @@ static int subflow_get_info(const struct + } + + rcu_read_unlock(); ++ unlock_sock_fast(sk, slow); + nla_nest_end(skb, start); + return 0; + + nla_failure: + rcu_read_unlock(); ++ unlock_sock_fast(sk, slow); + nla_nest_cancel(skb, start); + return err; + } +--- a/net/tls/tls_main.c ++++ b/net/tls/tls_main.c +@@ -1098,7 +1098,7 @@ static u16 tls_user_config(struct tls_co + return 0; + } + +-static int tls_get_info(const struct sock *sk, struct sk_buff *skb) ++static int tls_get_info(struct sock *sk, struct sk_buff *skb) + { + u16 version, cipher_type; + struct tls_context *ctx; diff --git a/queue-6.1/series b/queue-6.1/series index afdca47c09d..5f2dcd4ea5d 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -125,3 +125,4 @@ usb-roles-fix-null-pointer-issue-when-put-module-s-reference.patch usb-roles-don-t-get-set_role-when-usb_role_switch-is-unregistered.patch mptcp-make-userspace_pm_append_new_local_addr-static.patch mptcp-add-needs_id-for-userspace-appending-addr.patch +mptcp-fix-lockless-access-in-subflow-ulp-diag.patch