Commit 5ccecaec authored by Paolo Abeni's avatar Paolo Abeni Committed by David S. Miller

mptcp: fix locking in mptcp_nl_cmd_sf_destroy()

The user-space PM subflow removal path uses a couple of helpers
that must be called under the msk socket lock and the current
code lacks such requirement.

Change the existing lock scope so that the relevant code is under
its protection.

Fixes: 702c2f64 ("mptcp: netlink: allow userspace-driven subflow establishment")
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/287Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 44d632d5
...@@ -306,15 +306,11 @@ static struct sock *mptcp_nl_find_ssk(struct mptcp_sock *msk, ...@@ -306,15 +306,11 @@ static struct sock *mptcp_nl_find_ssk(struct mptcp_sock *msk,
const struct mptcp_addr_info *local, const struct mptcp_addr_info *local,
const struct mptcp_addr_info *remote) const struct mptcp_addr_info *remote)
{ {
struct sock *sk = &msk->sk.icsk_inet.sk;
struct mptcp_subflow_context *subflow; struct mptcp_subflow_context *subflow;
struct sock *found = NULL;
if (local->family != remote->family) if (local->family != remote->family)
return NULL; return NULL;
lock_sock(sk);
mptcp_for_each_subflow(msk, subflow) { mptcp_for_each_subflow(msk, subflow) {
const struct inet_sock *issk; const struct inet_sock *issk;
struct sock *ssk; struct sock *ssk;
...@@ -347,16 +343,11 @@ static struct sock *mptcp_nl_find_ssk(struct mptcp_sock *msk, ...@@ -347,16 +343,11 @@ static struct sock *mptcp_nl_find_ssk(struct mptcp_sock *msk,
} }
if (issk->inet_sport == local->port && if (issk->inet_sport == local->port &&
issk->inet_dport == remote->port) { issk->inet_dport == remote->port)
found = ssk; return ssk;
goto found;
}
} }
found: return NULL;
release_sock(sk);
return found;
} }
int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info) int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info)
...@@ -412,6 +403,7 @@ int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info) ...@@ -412,6 +403,7 @@ int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info)
} }
sk = &msk->sk.icsk_inet.sk; sk = &msk->sk.icsk_inet.sk;
lock_sock(sk);
ssk = mptcp_nl_find_ssk(msk, &addr_l, &addr_r); ssk = mptcp_nl_find_ssk(msk, &addr_l, &addr_r);
if (ssk) { if (ssk) {
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
...@@ -422,8 +414,9 @@ int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info) ...@@ -422,8 +414,9 @@ int mptcp_nl_cmd_sf_destroy(struct sk_buff *skb, struct genl_info *info)
} else { } else {
err = -ESRCH; err = -ESRCH;
} }
release_sock(sk);
destroy_err: destroy_err:
sock_put((struct sock *)msk); sock_put((struct sock *)msk);
return err; return err;
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment