diff options
| author | Paolo Abeni <[email protected]> | 2023-06-20 18:24:20 +0200 |
|---|---|---|
| committer | Jakub Kicinski <[email protected]> | 2023-06-21 22:44:54 -0700 |
| commit | 56a666c48b038e91b76471289e2cf60c79d326b9 (patch) | |
| tree | 0ce708d167fdafeb743ee5ea658072a3389ec6a0 /scripts/bpf_doc.py | |
| parent | 0ad529d9fd2bfa3fc619552a8d2fb2f2ef0bce2e (diff) | |
mptcp: fix possible list corruption on passive MPJ
At passive MPJ time, if the msk socket lock is held by the user,
the new subflow is appended to the msk->join_list under the msk
data lock.
In mptcp_release_cb()/__mptcp_flush_join_list(), the subflows in
that list are moved from the join_list into the conn_list under the
msk socket lock.
Append and removal could race, possibly corrupting such list.
Address the issue splicing the join list into a temporary one while
still under the msk data lock.
Found by code inspection, the race itself should be almost impossible
to trigger in practice.
Fixes: 3e5014909b56 ("mptcp: cleanup MPJ subflow list handling")
Cc: [email protected]
Signed-off-by: Paolo Abeni <[email protected]>
Reviewed-by: Matthieu Baerts <[email protected]>
Signed-off-by: Matthieu Baerts <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat (limited to 'scripts/bpf_doc.py')
0 files changed, 0 insertions, 0 deletions