linux/net
Paolo Abeni 56a666c48b mptcp: fix possible list corruption on passive MPJ
At passive MPJ time, if the msk socket lock is held by the user,
the new subflow is appended to the msk->join_list under the msk
data lock.

In mptcp_release_cb()/__mptcp_flush_join_list(), the subflows in
that list are moved from the join_list into the conn_list under the
msk socket lock.

Append and removal could race, possibly corrupting such list.
Address the issue splicing the join list into a temporary one while
still under the msk data lock.

Found by code inspection, the race itself should be almost impossible
to trigger in practice.

Fixes: 3e5014909b ("mptcp: cleanup MPJ subflow list handling")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-06-21 22:44:54 -07:00
..
6lowpan 6lowpan: Remove redundant initialisation. 2023-03-29 08:22:52 +01:00
9p Including fixes from netfilter. 2023-05-05 19:12:01 -07:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() 2023-05-17 12:55:39 +01:00
appletalk
atm atm: hide unused procfs functions 2023-05-17 21:27:30 -07:00
ax25
batman-adv batman-adv: Broken sync while rescheduling delayed work 2023-05-26 23:14:49 +02:00
bluetooth Bluetooth: L2CAP: Add missing checks for invalid DCID 2023-06-05 17:24:14 -07:00
bpf bpf: add test_run support for netfilter program type 2023-04-21 11:34:50 -07:00
bpfilter
bridge bridge: always declare tunnel functions 2023-05-17 21:28:58 -07:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-02 22:22:07 -08:00
can can: j1939: avoid possible use-after-free when j1939_can_rx_register fails 2023-06-05 08:26:40 +02:00
ceph Networking changes for 6.3. 2023-02-21 18:24:12 -08:00
core bpf-for-netdev 2023-06-07 21:47:11 -07:00
dcb net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
dccp dccp: Print deprecation notice. 2023-06-15 15:08:59 -07:00
devlink devlink: Fix crash with CONFIG_NET_NS=n 2023-05-16 19:57:52 -07:00
dns_resolver
dsa net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 2023-06-20 09:40:26 +01:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool ethtool: Fix uninitialized number of lanes 2023-05-03 09:13:20 +01:00
handshake net/handshake: remove fput() that causes use-after-free 2023-06-14 22:26:37 -07:00
hsr hsr: ratelimit only when errors are printed 2023-03-16 21:11:03 -07:00
ieee802154 ieee802154: Replace strlcpy with strscpy 2023-06-16 22:14:24 +02:00
ife
ipv4 ipsec-2023-06-20 2023-06-20 13:33:50 +01:00
ipv6 ipsec-2023-06-20 2023-06-20 13:33:50 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-16 17:34:40 -07:00
kcm net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
key af_key: Reject optional tunnel/BEET mode templates in outbound policies 2023-05-10 07:04:51 +02:00
l2tp l2tp: generate correct module alias strings 2023-03-31 09:25:12 +01:00
l3mdev
lapb
llc net: deal with most data-races in sk_wait_event() 2023-05-10 10:03:32 +01:00
mac80211 wifi: mac80211: fragment per STA profile correctly 2023-06-12 09:52:52 +02:00
mac802154 Merge tag 'ieee802154-for-net-2023-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/wpan/wpan 2023-06-20 09:32:33 +01:00
mctp mctp: remove MODULE_LICENSE in non-modules 2023-03-09 23:06:21 -08:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-15 10:26:37 +00:00
mptcp mptcp: fix possible list corruption on passive MPJ 2023-06-21 22:44:54 -07:00
ncsi net/ncsi: clear Tx enable mode when handling a Config required AEN 2023-04-28 09:35:33 +01:00
netfilter net/sched: act_ct: Fix promotion of offloaded unreplied tuple 2023-06-14 09:56:50 +02:00
netlabel netlabel: fix shift wrapping bug in netlbl_catmap_setlong() 2023-06-10 19:54:06 +01:00
netlink net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report 2023-05-31 00:02:24 -07:00
netrom netrom: fix info-leak in nr_write_internal() 2023-05-25 21:02:29 -07:00
nfc nfc: change order inside nfc_se_io error path 2023-03-07 13:37:05 -08:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-15 08:40:27 +01:00
openvswitch net: openvswitch: fix upcall counter access before allocation 2023-06-07 12:25:05 +01:00
packet af_packet: do not use READ_ONCE() in packet_bind() 2023-05-29 22:03:48 -07:00
phonet net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
psample
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-04-13 09:35:30 +02:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-02-13 09:33:39 +00:00
rfkill net: rfkill-gpio: Add explicit include for of.h 2023-04-06 20:36:27 +02:00
rose net/rose: Fix to not accept on connected socket 2023-01-28 00:19:57 -08:00
rxrpc rxrpc: Truncate UTS_RELEASE for rxrpc version 2023-05-30 10:01:06 +02:00
sched net/sched: cls_api: Fix lockup on flushing explicitly created chain 2023-06-14 23:03:16 -07:00
sctp sctp: fix an error code in sctp_sf_eat_auth() 2023-06-12 09:36:27 +01:00
smc net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT 2023-06-03 20:51:04 +01:00
strparser
sunrpc nfsd-6.4 fixes: 2023-06-02 13:38:55 -04:00
switchdev
tipc net: tipc: resize nlattr array to correct size 2023-06-15 14:59:17 -07:00
tls tls: improve lockless access safety of tls_err_abort() 2023-05-26 10:35:58 +01:00
unix bpf, sockmap: Pass skb ownership through read_skb 2023-05-23 16:09:47 +02:00
vmw_vsock bpf, sockmap: Pass skb ownership through read_skb 2023-05-23 16:09:47 +02:00
wireless wifi: cfg80211: remove links only on AP 2023-06-09 13:30:53 +02:00
x25 net/x25: Fix to not accept on connected socket 2023-01-25 09:51:04 +00:00
xdp bpf-next-for-netdev 2023-04-13 16:43:38 -07:00
xfrm xfrm: Use xfrm_state selector for BEET input 2023-06-12 10:36:48 +02:00
compat.c net/compat: Update msg_control_is_user when setting a kernel pointer 2023-04-14 11:09:27 +01:00
devres.c
Kconfig net/handshake: Add Kunit tests for the handshake consumer API 2023-04-19 18:48:48 -07:00
Kconfig.debug
Makefile net/handshake: Create a NETLINK service for handling handshake requests 2023-04-19 18:48:48 -07:00
socket.c net: annotate sk->sk_err write from do_recvmmsg() 2023-05-10 09:58:29 +01:00
sysctl_net.c