mptcp: Protect subflow socket options before connection completes

Userspace should not be able to directly manipulate subflow socket options before a connection is established since it is not yet known if it will be an MPTCP subflow or a TCP fallback subflow. TCP fallback subflows can be more directly controlled by userspace because they are regular TCP connections, while MPTCP subflow sockets need to be configured for the specific needs of MPTCP. Use the same logic as sendmsg/recvmsg to ensure that socket option calls are only passed through to known TCP fallback subflows. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>

mptcp: Protect subflow socket options before connection completes
Userspace should not be able to directly manipulate subflow socket options before a connection is established since it is not yet known if it will be an MPTCP subflow or a TCP fallback subflow. TCP fallback subflows can be more directly controlled by userspace because they are regular TCP connections, while MPTCP subflow sockets need to be configured for the specific needs of MPTCP. Use the same logic as sendmsg/recvmsg to ensure that socket option calls are only passed through to known TCP fallback subflows. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
b6e4a1ae · Mat Martineau · David S. Miller · 6f08e98d · b6e4a1ae
Commit b6e4a1ae authored Feb 14, 2020 by Mat Martineau Committed by David S. Miller Feb 16, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 29 deletions

net/mptcp/protocol.c net/mptcp/protocol.c +19 -29

No files found.
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -755,60 +755,50 @@ static int mptcp_setsockopt(struct sock *sk, int level, int optname,
 			    char __user *optval, unsigned int optlen)
 {
 	struct mptcp_sock *msk = mptcp_sk(sk);
-	int ret = -EOPNOTSUPP;
 	struct socket *ssock;
-	struct sock *ssk;
 	pr_debug("msk=%p", msk);
 	/* @@ the meaning of setsockopt() when the socket is connected and
-	 * there are multiple subflows is not defined.
+	 * there are multiple subflows is not yet defined. It is up to the
+	 * MPTCP-level socket to configure the subflows until the subflow
+	 * is in TCP fallback, when TCP socket options are passed through
+	 * to the one remaining subflow.
 	 */
 	lock_sock(sk);
-	ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE);
+	ssock = __mptcp_tcp_fallback(msk);
-	if (IS_ERR(ssock)) {
+	if (ssock)
-		release_sock(sk);
+		return tcp_setsockopt(ssock->sk, level, optname, optval,
-		return ret;
+				      optlen);
-	}
-	ssk = ssock->sk;
-	sock_hold(ssk);
 	release_sock(sk);
-	ret = tcp_setsockopt(ssk, level, optname, optval, optlen);
+	return -EOPNOTSUPP;
-	sock_put(ssk);
-	return ret;
 }
 static int mptcp_getsockopt(struct sock *sk, int level, int optname,
 			    char __user *optval, int __user *option)
 {
 	struct mptcp_sock *msk = mptcp_sk(sk);
-	int ret = -EOPNOTSUPP;
 	struct socket *ssock;
-	struct sock *ssk;
 	pr_debug("msk=%p", msk);
-	/* @@ the meaning of getsockopt() when the socket is connected and
+	/* @@ the meaning of setsockopt() when the socket is connected and
-	 * there are multiple subflows is not defined.
+	 * there are multiple subflows is not yet defined. It is up to the
+	 * MPTCP-level socket to configure the subflows until the subflow
+	 * is in TCP fallback, when socket options are passed through
+	 * to the one remaining subflow.
 	 */
 	lock_sock(sk);
-	ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE);
+	ssock = __mptcp_tcp_fallback(msk);
-	if (IS_ERR(ssock)) {
+	if (ssock)
-		release_sock(sk);
+		return tcp_getsockopt(ssock->sk, level, optname, optval,
-		return ret;
+				      option);
-	}
-	ssk = ssock->sk;
-	sock_hold(ssk);
 	release_sock(sk);
-	ret = tcp_getsockopt(ssk, level, optname, optval, option);
+	return -EOPNOTSUPP;
-	sock_put(ssk);
-	return ret;
 }
 static int mptcp_get_port(struct sock *sk, unsigned short snum)