iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Paolo Abeni adf7341064 mptcp: be careful on subflow creation 
Nicolas reported the following oops:

[ 1521.392541] BUG: kernel NULL pointer dereference, address: 00000000000000c0
[ 1521.394189] #PF: supervisor read access in kernel mode
[ 1521.395376] #PF: error_code(0x0000) - not-present page
[ 1521.396607] PGD 0 P4D 0
[ 1521.397156] Oops: 0000 [#1] SMP PTI
[ 1521.398020] CPU: 0 PID: 22986 Comm: kworker/0:2 Not tainted 5.8.0-rc4+ #109
[ 1521.399618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 1521.401728] Workqueue: events mptcp_worker
[ 1521.402651] RIP: 0010:mptcp_subflow_create_socket+0xf1/0x1c0
[ 1521.403954] Code: 24 08 89 44 24 04 48 8b 7a 18 e8 2a 48 d4 ff 8b 44 24 04 85 c0 75 7a 48 8b 8b 78 02 00 00 48 8b 54 24 08 48 8d bb 80 00 00 00 <48> 8b 89 c0 00 00 00 48 89 8a c0 00 00 00 48 8b 8b 78 02 00 00 8b
[ 1521.408201] RSP: 0000:ffffabc4002d3c60 EFLAGS: 00010246
[ 1521.409433] RAX: 0000000000000000 RBX: ffffa0b9ad8c9a00 RCX: 0000000000000000
[ 1521.411096] RDX: ffffa0b9ae78a300 RSI: 00000000fffffe01 RDI: ffffa0b9ad8c9a80
[ 1521.412734] RBP: ffffa0b9adff2e80 R08: ffffa0b9af02d640 R09: ffffa0b9ad923a00
[ 1521.414333] R10: ffffabc4007139f8 R11: fefefefefefefeff R12: ffffabc4002d3cb0
[ 1521.415918] R13: ffffa0b9ad91fa58 R14: ffffa0b9ad8c9f9c R15: 0000000000000000
[ 1521.417592] FS:  0000000000000000(0000) GS:ffffa0b9af000000(0000) knlGS:0000000000000000
[ 1521.419490] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1521.420839] CR2: 00000000000000c0 CR3: 000000002951e006 CR4: 0000000000160ef0
[ 1521.422511] Call Trace:
[ 1521.423103]  __mptcp_subflow_connect+0x94/0x1f0
[ 1521.425376]  mptcp_pm_create_subflow_or_signal_addr+0x200/0x2a0
[ 1521.426736]  mptcp_worker+0x31b/0x390
[ 1521.431324]  process_one_work+0x1fc/0x3f0
[ 1521.432268]  worker_thread+0x2d/0x3b0
[ 1521.434197]  kthread+0x117/0x130
[ 1521.435783]  ret_from_fork+0x22/0x30

on some unconventional configuration.

The MPTCP protocol is trying to create a subflow for an
unaccepted server socket. That is allowed by the RFC, even
if subflow creation will likely fail.
Unaccepted sockets have still a NULL sk_socket field,
avoid the issue by failing earlier.

Reported-and-tested-by: Nicolas Rybowski <nicolas.rybowski@tessares.net>
Fixes: 7d14b0d2b9b3 ("mptcp: set correct vfs info for subflows")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-08-05 12:24:20 -07:00
..
6lowpan
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
9p
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
802
8021q
net: get rid of lockdep_set_class_and_subclass()
2020-06-28 21:37:23 -07:00
appletalk
appletalk: Fix atalk_proc_init() return path
2020-08-03 15:48:32 -07:00
atm
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
ax25
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
batman-adv
batman-adv: Introduce a configurable per interface hop penalty
2020-06-26 10:37:11 +02:00
bluetooth
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
bpf
bpf: Allow to specify ifindex for skb in bpf_prog_test_run_skb
2020-08-03 23:32:23 +02:00
bpfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
bridge
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2020-08-03 16:03:18 -07:00
caif
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
can
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
ceph
libceph: don't omit used_replica in target_copy()
2020-06-16 16:02:08 +02:00
core
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2020-08-03 18:27:40 -07:00
dcb
dcb_doit: remove redundant skb check
2020-06-23 20:27:09 -07:00
dccp
net: remove sockptr_advance
2020-07-28 13:43:40 -07:00
decnet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2020-08-03 16:03:18 -07:00
dns_resolver
docs: networking: convert dns_resolver.txt to ReST
2020-04-28 14:39:46 -07:00
dsa
net: dsa: stop overriding master's ndo_get_phys_port_name
2020-07-23 15:14:58 -07:00
ethernet
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
ethtool
mlx5-updates-2020-08-03
2020-08-03 18:24:30 -07:00
hsr
hsr: Use %pM format specifier for MAC addresses
2020-07-31 16:46:26 -07:00
ieee802154
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
ife
ipv4
tunnels: PMTU discovery support for directly bridged IP packets
2020-08-04 13:01:45 -07:00
ipv6
ipv6: add ipv6_dev_find()
2020-08-05 12:19:52 -07:00
iucv
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
kcm
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
l2tp
l2tp: improve API documentation in l2tp_core.h
2020-07-30 16:45:31 -07:00
l3mdev
l3mdev: add infrastructure for table to VRF mapping
2020-06-20 17:22:22 -07:00
lapb
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
llc
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
mac80211
mac80211: Do not report beacon loss if beacon filtering enabled
2020-08-03 13:02:06 +02:00
mac802154
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
mpls
net: Removed the device type check to add mpls support for devices
2020-07-27 11:40:47 -07:00
mptcp
mptcp: be careful on subflow creation
2020-08-05 12:24:20 -07:00
ncsi
net/ncsi: use eth_zero_addr() to clear mac address
2020-07-23 11:49:41 -07:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2020-08-04 13:32:39 -07:00
netlabel
net: netlabel: kerneldoc fixes
2020-07-13 17:20:40 -07:00
netlink
bpf: Refactor bpf_iter_reg to have separate seq_info member
2020-07-25 20:16:32 -07:00
netrom
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
nfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
nsh
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
openvswitch
net: openvswitch: silence suspicious RCU usage warning
2020-08-05 12:11:46 -07:00
packet
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
phonet
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
psample
net: psample: fix build error when CONFIG_INET is not enabled
2020-05-23 16:36:05 -07:00
qrtr
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
rds
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
rfkill
rose
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
sched
net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct
2020-08-03 15:04:48 -07:00
sctp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
smc
net/smc: unique reason code for exceeded max dmb count
2020-07-27 10:30:01 -07:00
strparser
sunrpc
xprtrdma: fix incorrect header size calculations
2020-07-15 13:01:01 -04:00
switchdev
net: switchdev: kerneldoc fixes
2020-07-13 17:20:40 -07:00
tipc
tipc: set ub->ifindex for local ipv6 address
2020-08-05 12:19:52 -07:00
tls
net: remove sockptr_advance
2020-07-28 13:43:40 -07:00
unix
net: make ->{get,set}sockopt in proto_ops optional
2020-07-19 18:16:41 -07:00
vmw_vsock
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
wimax
wireless
nl80211: use eth_zero_addr() to clear mac address
2020-08-03 10:56:22 +02:00
x25
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
xdp
xdp: Prevent kernel-infoleak in xsk_getsockopt()
2020-07-28 12:50:15 +02:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
compat.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
devres.c
net: devres: rename the release callback of devm_register_netdev()
2020-06-30 15:57:34 -07:00
Kconfig
net: ethtool: Remove PHYLIB direct dependency
2020-07-07 15:41:05 -07:00
Makefile
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
socket.c
net: improve the user pointer check in init_user_sockptr
2020-07-28 13:43:40 -07:00
sysctl_net.c