On Tue, Jun 18, 2024 at 02:24:45PM +0200, Matthieu Baerts (NGI0) wrote:
> From: Paolo Abeni <pabeni@xxxxxxxxxx>
>
> commit 8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 upstream.
>
> This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt
> is properly initialized on connect"). It turns out that syzkaller can
> trigger the retransmit after fallback and before processing any other
> incoming packet - so that snd_una is still left uninitialized.
>
> Address the issue explicitly initializing snd_una together with snd_nxt
> and write_seq.
>
> Suggested-by: Mat Martineau <martineau@xxxxxxxxxx>
> Fixes: 8fd738049ac3 ("mptcp: fallback in case of simultaneous connect")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Christoph Paasch <cpaasch@xxxxxxxxx>
> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/485
> Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
> Reviewed-by: Mat Martineau <martineau@xxxxxxxxxx>
> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx>
> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-1-1ab9ddfa3d00@xxxxxxxxxx
> Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> [ Conflicts in protocol.c, similar to the ones from commit 99951b62bf20
> ("mptcp: ensure snd_nxt is properly initialized on connect"), with the
> same resolution. Note that in this version, 'snd_una' is an atomic64
> type, so use atomic64_set() instead, as it is done everywhere else. ]
> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx>
> ---
> net/mptcp/protocol.c | 1 +
> 1 file changed, 1 insertion(+)
All backports now queued up, thanks.
greg k-h
