Patch "tcp: check mptcp-level constraints for backlog coalescing" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    tcp: check mptcp-level constraints for backlog coalescing

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tcp-check-mptcp-level-constraints-for-backlog-coalescing.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 6db8a37dfc541e059851652cfd4f0bb13b8ff6af Mon Sep 17 00:00:00 2001
From: Paolo Abeni <pabeni@xxxxxxxxxx>
Date: Wed, 18 Oct 2023 11:23:53 -0700
Subject: tcp: check mptcp-level constraints for backlog coalescing

From: Paolo Abeni <pabeni@xxxxxxxxxx>

commit 6db8a37dfc541e059851652cfd4f0bb13b8ff6af upstream.

The MPTCP protocol can acquire the subflow-level socket lock and
cause the tcp backlog usage. When inserting new skbs into the
backlog, the stack will try to coalesce them.

Currently, we have no check in place to ensure that such coalescing
will respect the MPTCP-level DSS, and that may cause data stream
corruption, as reported by Christoph.

Address the issue by adding the relevant admission check for coalescing
in tcp_add_backlog().

Note the issue is not easy to reproduce, as the MPTCP protocol tries
hard to avoid acquiring the subflow-level socket lock.

Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Christoph Paasch <cpaasch@xxxxxxxxx>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/420
Reviewed-by: Mat Martineau <martineau@xxxxxxxxxx>
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Signed-off-by: Mat Martineau <martineau@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20231018-send-net-20231018-v1-2-17ecb002e41d@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/ipv4/tcp_ipv4.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1832,6 +1832,7 @@ bool tcp_add_backlog(struct sock *sk, st
 #ifdef CONFIG_TLS_DEVICE
 	    tail->decrypted != skb->decrypted ||
 #endif
+	    !mptcp_skb_can_collapse(tail, skb) ||
 	    thtail->doff != th->doff ||
 	    memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th)))
 		goto no_coalesce;


Patches currently in stable-queue which might be from pabeni@xxxxxxxxxx are

queue-5.10/net-macsec-indicate-next-pn-update-when-offloading.patch
queue-5.10/tcp-check-mptcp-level-constraints-for-backlog-coalescing.patch
queue-5.10/ixgbe-fix-crash-with-empty-vf-macvlan-list.patch
queue-5.10/nfc-nci-assert-requested-protocol-is-valid.patch
queue-5.10/net-phy-mscc-macsec-reject-pn-update-requests.patch



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux