mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR

["Matthieu Baerts (NGI0)" <matttbe@xxxxxxxxxx>]

From: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx>

commit 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb upstream.

The limits might have changed in between, it is best to check them
before accepting new ADD_ADDR.

Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Mat Martineau <martineau@xxxxxxxxxx>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx>
Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-10-38035d40de5b@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/mptcp/pm_netlink.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -856,8 +856,8 @@ static void mptcp_pm_nl_rm_addr_or_subfl
 			/* Note: if the subflow has been closed before, this
 			 * add_addr_accepted counter will not be decremented.
 			 */
-			msk->pm.add_addr_accepted--;
-			WRITE_ONCE(msk->pm.accept_addr, true);
+			if (--msk->pm.add_addr_accepted < mptcp_pm_get_add_addr_accept_max(msk))
+				WRITE_ONCE(msk->pm.accept_addr, true);
 		}
 	}
 }


Patches currently in stable-queue which might be from matttbe@xxxxxxxxxx are

queue-6.6/mptcp-pm-avoid-possible-uaf-when-selecting-endp.patch
queue-6.6/mptcp-pm-only-decrement-add_addr_accepted-for-mpj-req.patch
queue-6.6/mptcp-pm-only-in-kernel-cannot-have-entries-with-id-0.patch
queue-6.6/mptcp-pm-fullmesh-select-the-right-id-later.patch
queue-6.6/selftests-net-lib-kill-pids-before-del-netns.patch
queue-6.6/mptcp-pm-re-using-id-of-unused-flushed-subflows.patch
queue-6.6/selftests-mptcp-join-validate-fullmesh-endp-on-1st-sf.patch
queue-6.6/mptcp-pm-only-mark-subflow-endp-as-available.patch
queue-6.6/selftests-net-lib-ignore-possible-errors.patch
queue-6.6/selftests-mptcp-join-check-re-using-id-of-closed-subflow.patch
queue-6.6/mptcp-pm-re-using-id-of-unused-removed-add_addr.patch
queue-6.6/mptcp-pm-check-add_addr_accept_max-before-accepting-new-add_addr.patch
queue-6.6/mptcp-pm-re-using-id-of-unused-removed-subflows.patch
queue-6.6/mptcp-correct-mptcp_subflow_attr_ssn_offset-reserved.patch
queue-6.6/mptcp-pm-remove-mptcp_pm_remove_subflow.patch