Merge branch 'mptcp-locking-fixes'

	set_bit(MPTCP_NOSPACE, &mptcp_sk(sk)->flags);

}

static int mptcp_disconnect(struct sock *sk, int flags);

static int mptcp_sendmsg_fastopen(struct sock *sk, struct sock *ssk, struct msghdr *msg,

				  size_t len, int *copied_syn)

{

	lock_sock(ssk);

	msg->msg_flags |= MSG_DONTWAIT;

	msk->connect_flags = O_NONBLOCK;

	msk->is_sendmsg = 1;

	msk->fastopening = 1;

	ret = tcp_sendmsg_fastopen(ssk, msg, copied_syn, len, NULL);

	msk->is_sendmsg = 0;

	msk->fastopening = 0;

	msg->msg_flags = saved_flags;

	release_sock(ssk);

		 */

		if (ret && ret != -EINPROGRESS && ret != -ERESTARTSYS && ret != -EINTR)

			*copied_syn = 0;

	} else if (ret && ret != -EINPROGRESS) {

		mptcp_disconnect(sk, 0);

	}

	return ret;

		/* otherwise tcp will dispose of the ssk and subflow ctx */

		if (ssk->sk_state == TCP_LISTEN) {

			tcp_set_state(ssk, TCP_CLOSE);

			mptcp_subflow_queue_clean(ssk);

			mptcp_subflow_queue_clean(sk, ssk);

			inet_csk_listen_stop(ssk);

			mptcp_event_pm_listener(ssk, MPTCP_EVENT_LISTENER_CLOSED);

		}

{

	struct mptcp_sock *msk = mptcp_sk(sk);

	/* We are on the fastopen error path. We can't call straight into the

	 * subflows cleanup code due to lock nesting (we are already under

	 * msk->firstsocket lock). Do nothing and leave the cleanup to the

	 * caller.

	 */

	if (msk->fastopening)

		return 0;

	inet_sk_state_store(sk, TCP_CLOSE);

	mptcp_stop_timer(sk);

	/* if reaching here via the fastopen/sendmsg path, the caller already

	 * acquired the subflow socket lock, too.

	 */

	if (msk->is_sendmsg)

	if (msk->fastopening)

		err = __inet_stream_connect(ssock, uaddr, addr_len, msk->connect_flags, 1);

	else

		err = inet_stream_connect(ssock, uaddr, addr_len, msk->connect_flags);

	u8		recvmsg_inq:1,

			cork:1,

			nodelay:1,

			is_sendmsg:1;

			fastopening:1;

	int		connect_flags;

	struct work_struct work;

	struct sk_buff  *ooo_last_skb;

		     struct mptcp_subflow_context *subflow);

void __mptcp_subflow_send_ack(struct sock *ssk);

void mptcp_subflow_reset(struct sock *ssk);

void mptcp_subflow_queue_clean(struct sock *ssk);

void mptcp_subflow_queue_clean(struct sock *sk, struct sock *ssk);

void mptcp_sock_graft(struct sock *sk, struct socket *parent);

struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk);

bool __mptcp_close(struct sock *sk, long timeout);

	}

}

void mptcp_subflow_queue_clean(struct sock *listener_ssk)

void mptcp_subflow_queue_clean(struct sock *listener_sk, struct sock *listener_ssk)

{

	struct request_sock_queue *queue = &inet_csk(listener_ssk)->icsk_accept_queue;

	struct mptcp_sock *msk, *next, *head = NULL;

		do_cancel_work = __mptcp_close(sk, 0);

		release_sock(sk);

		if (do_cancel_work)

		if (do_cancel_work) {

			/* lockdep will report a false positive ABBA deadlock

			 * between cancel_work_sync and the listener socket.

			 * The involved locks belong to different sockets WRT

			 * the existing AB chain.

			 * Using a per socket key is problematic as key

			 * deregistration requires process context and must be

			 * performed at socket disposal time, in atomic

			 * context.

			 * Just tell lockdep to consider the listener socket

			 * released here.

			 */

			mutex_release(&listener_sk->sk_lock.dep_map, _RET_IP_);

			mptcp_cancel_work(sk);

			mutex_acquire(&listener_sk->sk_lock.dep_map,

				      SINGLE_DEPTH_NESTING, 0, _RET_IP_);

		}

		sock_put(sk);

	}