git.ipfire.org Git - thirdparty/linux.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Tue, 2 Jun 2026 12:14:10 +0000 (22:14 +1000)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 4 Jun 2026 02:04:25 +0000 (19:04 -0700)
commit	8ab24fdebc369c0dfb90f82c1650b1e66662bb45
tree	9ced6f920f4b79e73519968054ae4a68886c3670	tree \| snapshot
parent	d1918b36edcaed0ec4ef6888b2358c6b1ddcff47	commit \| diff

mptcp: close TOCTOU race while computing rcv_wnd

The MPTCP output path access locklessly the MPTCP-level ack_seq
in multiple times, using possibly different values for the data_ack
in the DSS option and to compute the announced rcv wnd for the same
packet.

Refactor the cote to avoid inconsistencies which may confuse the
peer. Also ensure that the MPTCP level rcv wnd is updated only when
the egress packet actually contains a DSS ack.

Fixes: fa3fe2b15031 ("mptcp: track window announced to peer")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20260602-net-mptcp-misc-fixes-7-1-rc7-v2-3-856831229976@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>