git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Tue, 26 Dec 2023 12:10:18 +0000 (13:10 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Jan 2024 16:10:20 +0000 (17:10 +0100)
commit	af9a5307656d150d6704b38d8155c4ada2a128b1
tree	ad4a789a20b215e2c2e15ff65ddc23d8929b94eb	tree
parent	105063f7f44192c794f1a1fef223a3ee9dd18678	commit \| diff

mptcp: prevent tcp diag from closing listener subflows

commit 4c0288299fd09ee7c6fbe2f57421f314d8c981db upstream.

The MPTCP protocol does not expect that any other entity could change
the first subflow status when such socket is listening.
Unfortunately the TCP diag interface allows aborting any TCP socket,
including MPTCP listeners subflows. As reported by syzbot, that trigger
a WARN() and could lead to later bigger trouble.

The MPTCP protocol needs to do some MPTCP-level cleanup actions to
properly shutdown the listener. To keep the fix simple, prevent
entirely the diag interface from stopping such listeners.

We could refine the diag callback in a later, larger patch targeting
net-next.

Fixes: 57fc0f1ceaa4 ("mptcp: ensure listener is unhashed before updating the sk status")
Cc: stable@vger.kernel.org
Reported-by: <syzbot+5a01c3a666e726bc8752@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/netdev/0000000000004f4579060c68431b@google.com/
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20231226-upstream-net-20231226-mptcp-prevent-warn-v1-2-1404dcc431ea@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>