From: Paolo Abeni Date: Mon, 14 Jul 2025 16:41:46 +0000 (+0200) Subject: mptcp: reset fallback status gracefully at disconnect() time X-Git-Tag: v6.16-rc7~37^2~19^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da9b2fc7b73d147d88abe1922de5ab72d72d7756;p=thirdparty%2Fkernel%2Flinux.git mptcp: reset fallback status gracefully at disconnect() time mptcp_disconnect() clears the fallback bit unconditionally, without touching the associated flags. The bit clear is safe, as no fallback operation can race with that -- all subflow are already in TCP_CLOSE status thanks to the previous FASTCLOSE -- but we need to consistently reset all the fallback related status. Also acquire the relevant lock, to avoid fouling static analyzers. Fixes: b29fcfb54cd7 ("mptcp: full disconnect implementation") Cc: stable@vger.kernel.org Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts (NGI0) Signed-off-by: Matthieu Baerts (NGI0) Link: https://patch.msgid.link/20250714-net-mptcp-fallback-races-v1-3-391aff963322@kernel.org Signed-off-by: Jakub Kicinski --- diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index bf92cee9b5cee..6a817a13b1549 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3142,7 +3142,16 @@ static int mptcp_disconnect(struct sock *sk, int flags) * subflow */ mptcp_destroy_common(msk, MPTCP_CF_FASTCLOSE); + + /* The first subflow is already in TCP_CLOSE status, the following + * can't overlap with a fallback anymore + */ + spin_lock_bh(&msk->fallback_lock); + msk->allow_subflows = true; + msk->allow_infinite_fallback = true; WRITE_ONCE(msk->flags, 0); + spin_unlock_bh(&msk->fallback_lock); + msk->cb_flags = 0; msk->recovery = false; WRITE_ONCE(msk->can_ack, false);