From: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> commit 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb upstream. The limits might have changed in between, it is best to check them before accepting new ADD_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable@xxxxxxxxxxxxxxx Reviewed-by: Mat Martineau <martineau@xxxxxxxxxx> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-10-38035d40de5b@xxxxxxxxxx Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/mptcp/pm_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -856,8 +856,8 @@ static void mptcp_pm_nl_rm_addr_or_subfl /* Note: if the subflow has been closed before, this * add_addr_accepted counter will not be decremented. */ - msk->pm.add_addr_accepted--; - WRITE_ONCE(msk->pm.accept_addr, true); + if (--msk->pm.add_addr_accepted < mptcp_pm_get_add_addr_accept_max(msk)) + WRITE_ONCE(msk->pm.accept_addr, true); } } } Patches currently in stable-queue which might be from matttbe@xxxxxxxxxx are queue-6.6/mptcp-pm-avoid-possible-uaf-when-selecting-endp.patch queue-6.6/mptcp-pm-only-decrement-add_addr_accepted-for-mpj-req.patch queue-6.6/mptcp-pm-only-in-kernel-cannot-have-entries-with-id-0.patch queue-6.6/mptcp-pm-fullmesh-select-the-right-id-later.patch queue-6.6/selftests-net-lib-kill-pids-before-del-netns.patch queue-6.6/mptcp-pm-re-using-id-of-unused-flushed-subflows.patch queue-6.6/selftests-mptcp-join-validate-fullmesh-endp-on-1st-sf.patch queue-6.6/mptcp-pm-only-mark-subflow-endp-as-available.patch queue-6.6/selftests-net-lib-ignore-possible-errors.patch queue-6.6/selftests-mptcp-join-check-re-using-id-of-closed-subflow.patch queue-6.6/mptcp-pm-re-using-id-of-unused-removed-add_addr.patch queue-6.6/mptcp-pm-check-add_addr_accept_max-before-accepting-new-add_addr.patch queue-6.6/mptcp-pm-re-using-id-of-unused-removed-subflows.patch queue-6.6/mptcp-correct-mptcp_subflow_attr_ssn_offset-reserved.patch queue-6.6/mptcp-pm-remove-mptcp_pm_remove_subflow.patch