Commit b260b645 authored Nov 18, 2024 by Geliang Tang Committed by Wen Zhiwei Jan 15, 2025

mptcp: hold pm lock when deleting entry

stable inclusion
from stable-v6.6.63
commit 416001b0412f7fb1ace54457f55b95f080376cbe
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBI1RP

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=416001b0412f7fb1ace54457f55b95f080376cbe



--------------------------------

commit f642c5c4d528d11bd78b6c6f84f541cd3c0bea86 upstream.

When traversing userspace_pm_local_addr_list and deleting an entry from
it in mptcp_pm_nl_remove_doit(), msk->pm.lock should be held.

This patch holds this lock before mptcp_userspace_pm_lookup_addr_by_id()
and releases it after list_move() in mptcp_pm_nl_remove_doit().

Fixes: d9a4594e ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE")
Cc: stable@vger.kernel.org
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20241112-net-mptcp-misc-6-12-pm-v1-2-b835580cefa8@kernel.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Wen Zhiwei <wenzhiwei@kylinos.cn>

parent d009117f

net/mptcp/pm_userspace.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -306,14 +306,17 @@ int mptcp_pm_nl_remove_doit(struct sk_buff skb, struct genl_info info)

		lock_sock(sk);

		spin_lock_bh(&msk->pm.lock);
		match = mptcp_userspace_pm_lookup_addr_by_id(msk, id_val);
		if (!match) {
		GENL_SET_ERR_MSG(info, "address with specified id not found");
		spin_unlock_bh(&msk->pm.lock);
		release_sock(sk);
		goto out;
		}

		list_move(&match->list, &free_list);
		spin_unlock_bh(&msk->pm.lock);

		mptcp_pm_remove_addrs(msk, &free_list);