From: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> commit 65fb58afa341ad68e71e5c4d816b407e6a683a66 upstream. This test extends "delete and re-add" to validate the previous commit. A new 'subflow' endpoint is added, but the subflow request will be rejected. The result is that no subflow will be established from this address. Later, the endpoint is removed and re-added after having cleared the firewall rule. Before the previous commit, the client would not have been able to create this new subflow. While at it, extra checks have been added to validate the expected numbers of MPJ and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable@xxxxxxxxxxxxxxx Reviewed-by: Mat Martineau <martineau@xxxxxxxxxx> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-4-38035d40de5b@xxxxxxxxxx Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- tools/testing/selftests/net/mptcp/mptcp_join.sh | 27 +++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -481,9 +481,10 @@ reset_with_tcp_filter() local ns="${!1}" local src="${2}" local target="${3}" + local chain="${4:-INPUT}" if ! ip netns exec "${ns}" ${iptables} \ - -A INPUT \ + -A "${chain}" \ -s "${src}" \ -p tcp \ -j "${target}"; then @@ -3575,10 +3576,10 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid fi - if reset "delete and re-add" && + if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & @@ -3595,11 +3596,27 @@ endpoint_tests() chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns2 10.0.2.2 dev ns2eth2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow wait_mpj $ns2 chk_subflow_nr "after re-add" 2 chk_mptcp_info subflows 1 subflows 1 + + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_attempt_fail $ns2 + chk_subflow_nr "after new reject" 2 + chk_mptcp_info subflows 1 subflows 1 + + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_del_endpoint $ns2 3 10.0.3.2 + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after no reject" 3 + chk_mptcp_info subflows 2 subflows 2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_rm_nr 1 1 fi } Patches currently in stable-queue which might be from matttbe@xxxxxxxxxx are queue-6.6/mptcp-pm-avoid-possible-uaf-when-selecting-endp.patch queue-6.6/mptcp-pm-only-decrement-add_addr_accepted-for-mpj-req.patch queue-6.6/mptcp-pm-only-in-kernel-cannot-have-entries-with-id-0.patch queue-6.6/mptcp-pm-fullmesh-select-the-right-id-later.patch queue-6.6/selftests-net-lib-kill-pids-before-del-netns.patch queue-6.6/mptcp-pm-re-using-id-of-unused-flushed-subflows.patch queue-6.6/selftests-mptcp-join-validate-fullmesh-endp-on-1st-sf.patch queue-6.6/mptcp-pm-only-mark-subflow-endp-as-available.patch queue-6.6/selftests-net-lib-ignore-possible-errors.patch queue-6.6/selftests-mptcp-join-check-re-using-id-of-closed-subflow.patch queue-6.6/mptcp-pm-re-using-id-of-unused-removed-add_addr.patch queue-6.6/mptcp-pm-check-add_addr_accept_max-before-accepting-new-add_addr.patch queue-6.6/mptcp-pm-re-using-id-of-unused-removed-subflows.patch queue-6.6/mptcp-correct-mptcp_subflow_attr_ssn_offset-reserved.patch queue-6.6/mptcp-pm-remove-mptcp_pm_remove_subflow.patch