mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-02 23:27:06 +00:00
tcp: check mptcp-level constraints for backlog coalescing
commit6db8a37dfcupstream. The MPTCP protocol can acquire the subflow-level socket lock and cause the tcp backlog usage. When inserting new skbs into the backlog, the stack will try to coalesce them. Currently, we have no check in place to ensure that such coalescing will respect the MPTCP-level DSS, and that may cause data stream corruption, as reported by Christoph. Address the issue by adding the relevant admission check for coalescing in tcp_add_backlog(). Note the issue is not easy to reproduce, as the MPTCP protocol tries hard to avoid acquiring the subflow-level socket lock. Fixes:648ef4b886("mptcp: Implement MPTCP receive path") Cc: stable@vger.kernel.org Reported-by: Christoph Paasch <cpaasch@apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/420 Reviewed-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Mat Martineau <martineau@kernel.org> Link: https://lore.kernel.org/r/20231018-send-net-20231018-v1-2-17ecb002e41d@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Paolo Abeni
Greg Kroah-Hartman
parent
6550cbe25d
commit
fe37e56ed4
1 changed files with 1 additions and 0 deletions
|
|
@ -1832,6 +1832,7 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb)
|
|||
#ifdef CONFIG_TLS_DEVICE
|
||||
tail->decrypted != skb->decrypted ||
|
||||
#endif
|
||||
!mptcp_skb_can_collapse(tail, skb) ||
|
||||
thtail->doff != th->doff ||
|
||||
memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th)))
|
||||
goto no_coalesce;
|
||||
|
|
|
|||
Loading…
Reference in a new issue