lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 15 Jul 2020 22:27:05 +0200
From:   Davide Caratti <>
To:     Mat Martineau <>,
        Matthieu Baerts <>
Cc:     "David S. Miller" <>,,
Subject: [PATCH net-next] mptcp: silence warning in subflow_data_ready()

since commit d47a72152097 ("mptcp: fix race in subflow_data_ready()"), it
is possible to observe a regression in MP_JOIN kselftests. For sockets in
TCP_CLOSE state, it's not sufficient to just wake up the main socket: we
also need to ensure that received data are made available to the reader.
Silence the WARN_ON_ONCE() in these cases: it preserves the syzkaller fix
and restores kselftests	when they are ran as follows:

  # while true; do
  > make KBUILD_OUTPUT=/tmp/kselftest TARGETS=net/mptcp kselftest
  > done

Reported-by: Florian Westphal <>
Fixes: d47a72152097 ("mptcp: fix race in subflow_data_ready()")
Signed-off-by: Davide Caratti <>
 net/mptcp/subflow.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 9f7f3772c13c..519122e66f17 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -869,18 +869,19 @@ void mptcp_space(const struct sock *ssk, int *space, int *full_space)
 static void subflow_data_ready(struct sock *sk)
 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
+	u16 state = 1 << inet_sk_state_load(sk);
 	struct sock *parent = subflow->conn;
 	struct mptcp_sock *msk;
 	msk = mptcp_sk(parent);
-	if ((1 << inet_sk_state_load(sk)) & (TCPF_LISTEN | TCPF_CLOSE)) {
+	if (state & TCPF_LISTEN) {
 		set_bit(MPTCP_DATA_READY, &msk->flags);
 	WARN_ON_ONCE(!__mptcp_check_fallback(msk) && !subflow->mp_capable &&
-		     !subflow->mp_join);
+		     !subflow->mp_join && !(state & TCPF_CLOSE));
 	if (mptcp_subflow_data_available(sk))
 		mptcp_data_ready(parent, sk);

Powered by blists - more mailing lists