This repository has been archived by the owner on Apr 18, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
------------[ cut here ]------------ WARNING: CPU: 1 PID: 16 at net/mptcp/mptcp_ctrl.c:3604 mptcp_check_lock net/mptcp/mptcp_ctrl.c:3604 [inline] WARNING: CPU: 1 PID: 16 at net/mptcp/mptcp_ctrl.c:3604 mptcp_check_lock+0x97/0xa0 net/mptcp/mptcp_ctrl.c:3599 Modules linked in: CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.211 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:mptcp_check_lock net/mptcp/mptcp_ctrl.c:3604 [inline] RIP: 0010:mptcp_check_lock+0x97/0xa0 net/mptcp/mptcp_ctrl.c:3599 Code: 31 ff 89 de e8 7a 10 6b ff 85 db 75 9a e8 01 0f 6b ff 8b 9d 8c 00 00 00 31 ff 89 de e8 62 10 6b ff 85 db 75 82 e8 e9 0e 6b ff <0f> 0b e9 76 ff ff ff 66 90 41 57 41 56 41 55 41 54 55 48 89 fd 53 RSP: 0018:ffffc9000008bb20 EFLAGS: 00010206 RAX: ffff88813b115e80 RBX: 0000000000000000 RCX: ffffffff81aafbae RDX: 0000000000000100 RSI: ffffffff81aafbb7 RDI: 0000000000000005 RBP: ffff88813984bf00 R08: ffff88813b115e80 R09: ffffc9000008bb18 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88813984bf00 R13: ffff888116e27680 R14: ffff888138845a00 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88813bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33523000 CR3: 0000000118624003 CR4: 0000000000160ee0 Call Trace: lock_sock_check_mptcp include/net/sock.h:1553 [inline] inet_csk_complete_hashdance+0x156/0x180 net/ipv4/inet_connection_sock.c:1010 tcp_check_req+0x4e7/0xcd0 net/ipv4/tcp_minisocks.c:857 tcp_v4_rcv+0xeaa/0x15a0 net/ipv4/tcp_ipv4.c:1958 ip_protocol_deliver_rcu+0x1d/0x140 net/ipv4/ip_input.c:204 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline] NF_HOOK include/linux/netfilter.h:400 [inline] ip_local_deliver+0xd1/0xf0 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:450 [inline] ip_rcv_finish net/ipv4/ip_input.c:413 [inline] ip_rcv_finish net/ipv4/ip_input.c:399 [inline] NF_HOOK include/linux/netfilter.h:400 [inline] ip_rcv+0x6e/0xa0 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core+0xd4/0x100 net/core/dev.c:4952 __netif_receive_skb+0x27/0xa0 net/core/dev.c:5066 process_backlog+0xc4/0x180 net/core/dev.c:5901 napi_poll net/core/dev.c:6347 [inline] net_rx_action+0x190/0x510 net/core/dev.c:6415 __do_softirq+0xdb/0x2d8 kernel/softirq.c:292 run_ksoftirqd kernel/softirq.c:603 [inline] run_ksoftirqd+0x15/0x20 kernel/softirq.c:595 smpboot_thread_fn+0x16a/0x250 kernel/smpboot.c:165 kthread+0x122/0x170 kernel/kthread.c:288 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:352 ---[ end trace a4701875b5df21d2 ]--- The problem is that we set tp->mpc to 1 by inheriting from the meta-socket. What is wrong with that approach is that at that point we haven't yet confirmed that this socket will really be fully attached to the meta. Setting mpc to 1 should be left to mptcp_add_sock() where all the pointers,.. are initialized. Fixes: Zero-day bug Signed-off-by: Christoph Paasch <[email protected]> Signed-off-by: Matthieu Baerts <[email protected]> (cherry picked from commit 7863d8c) Signed-off-by: Matthieu Baerts <[email protected]> (cherry picked from commit 7664e52) Signed-off-by: Matthieu Baerts <[email protected]> (cherry picked from commit df83322) Signed-off-by: Matthieu Baerts <[email protected]> (cherry picked from commit 1c6edd5) Signed-off-by: Matthieu Baerts <[email protected]>
- Loading branch information
