summaryrefslogtreecommitdiff
path: root/net/mptcp/subflow.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2020-01-29 17:45:20 +0100
committerDavid S. Miller <davem@davemloft.net>2020-01-29 17:46:46 +0100
commitd55c6ab4b368633f39f8fe059f3b877f978cfb4c (patch)
tree50fc4f81068aa6bb1298d0db0d974571b85a9295 /net/mptcp/subflow.c
parent44efc78d0e464ce70b45b165c005f8bedc17952e (diff)
parentae2dd7164943e03644293af92802550d052632e6 (diff)
Merge branch 'mptcp-fix-sockopt-crash-and-lockdep-splats'
Florian Westphal says: ==================== mptcp: fix sockopt crash and lockdep splats Christoph Paasch reported a few bugs and lockdep splats triggered by syzkaller. One patch fixes a crash in set/getsockopt. Two patches fix lockdep splats related to the order in which RTNL and socket lock are taken. Last patch fixes out-of-bounds access when TCP syncookies are used. Change since last iteration on mptcp-list: - add needed refcount in patch 2 - call tcp_get/setsockopt directly in patch 2 Other patches unchanged except minor amends to commit messages. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mptcp/subflow.c')
-rw-r--r--net/mptcp/subflow.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 205dca1c30b7..c90c0e6ffb82 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -186,6 +186,9 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn);
+ if (tcp_rsk(req)->is_mptcp == 0)
+ goto create_child;
+
/* if the sk is MP_CAPABLE, we try to fetch the client key */
subflow_req = mptcp_subflow_rsk(req);
if (subflow_req->mp_capable) {
@@ -769,7 +772,7 @@ static void subflow_ulp_clone(const struct request_sock *req,
struct mptcp_subflow_context *old_ctx = mptcp_subflow_ctx(newsk);
struct mptcp_subflow_context *new_ctx;
- if (!subflow_req->mp_capable) {
+ if (!tcp_rsk(req)->is_mptcp || !subflow_req->mp_capable) {
subflow_ulp_fallback(newsk, old_ctx);
return;
}