* [MPTCP] [PATCH net] mptcp: fix DSS map generation on fin retransmission
@ 2020-07-03 16:06 ` Paolo Abeni
0 siblings, 0 replies; 5+ messages in thread
From: Paolo Abeni @ 2020-07-03 16:06 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1919 bytes --]
The RFC 8684 mandates that no-data DATA FIN packets should carry
a DSS with 0 sequence number and data len equal to 1. Currently,
on FIN retransmission we re-use the existing mapping; if the previous
fin transmission was part of a partially acked data packet, we could
end-up writing in the egress packet a non-compliant DSS.
The above will be detected by a "Bad mapping" warning on the receiver
side.
This change addresses the issue explicitly checking for 0 len packet
when adding the DATA_FIN option.
Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets")
Reported-by: syzbot+42a07faa5923cfaeb9c9(a)syzkaller.appspotmail.com
Tested-by: Christoph Paasch <cpaasch(a)apple.com>
Reviewed-by: Christoph Paasch <cpaasch(a)apple.com>
Reviewed-by: Mat Martineau <mathew.j.martineau(a)linux.intel.com>
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
---
net/mptcp/options.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/mptcp/options.c b/net/mptcp/options.c
index df9a51425c6f..8f940be42f98 100644
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -449,9 +449,9 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
}
static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
- struct mptcp_ext *ext)
+ struct sk_buff *skb, struct mptcp_ext *ext)
{
- if (!ext->use_map) {
+ if (!ext->use_map || !skb->len) {
/* RFC6824 requires a DSS mapping with specific values
* if DATA_FIN is set but no data payload is mapped
*/
@@ -503,7 +503,7 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
opts->ext_copy = *mpext;
if (skb && tcp_fin && subflow->data_fin_tx_enable)
- mptcp_write_data_fin(subflow, &opts->ext_copy);
+ mptcp_write_data_fin(subflow, skb, &opts->ext_copy);
ret = true;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net] mptcp: fix DSS map generation on fin retransmission
@ 2020-07-03 16:06 ` Paolo Abeni
0 siblings, 0 replies; 5+ messages in thread
From: Paolo Abeni @ 2020-07-03 16:06 UTC (permalink / raw)
To: netdev; +Cc: David S. Miller, mptcp
The RFC 8684 mandates that no-data DATA FIN packets should carry
a DSS with 0 sequence number and data len equal to 1. Currently,
on FIN retransmission we re-use the existing mapping; if the previous
fin transmission was part of a partially acked data packet, we could
end-up writing in the egress packet a non-compliant DSS.
The above will be detected by a "Bad mapping" warning on the receiver
side.
This change addresses the issue explicitly checking for 0 len packet
when adding the DATA_FIN option.
Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets")
Reported-by: syzbot+42a07faa5923cfaeb9c9@syzkaller.appspotmail.com
Tested-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/mptcp/options.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/mptcp/options.c b/net/mptcp/options.c
index df9a51425c6f..8f940be42f98 100644
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -449,9 +449,9 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
}
static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
- struct mptcp_ext *ext)
+ struct sk_buff *skb, struct mptcp_ext *ext)
{
- if (!ext->use_map) {
+ if (!ext->use_map || !skb->len) {
/* RFC6824 requires a DSS mapping with specific values
* if DATA_FIN is set but no data payload is mapped
*/
@@ -503,7 +503,7 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
opts->ext_copy = *mpext;
if (skb && tcp_fin && subflow->data_fin_tx_enable)
- mptcp_write_data_fin(subflow, &opts->ext_copy);
+ mptcp_write_data_fin(subflow, skb, &opts->ext_copy);
ret = true;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [MPTCP] Re: [PATCH net] mptcp: fix DSS map generation on fin retransmission
2020-07-03 16:06 ` Paolo Abeni
@ 2020-07-07 22:28 ` David Miller
-1 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2020-07-07 22:28 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1056 bytes --]
From: Paolo Abeni <pabeni(a)redhat.com>
Date: Fri, 3 Jul 2020 18:06:04 +0200
> The RFC 8684 mandates that no-data DATA FIN packets should carry
> a DSS with 0 sequence number and data len equal to 1. Currently,
> on FIN retransmission we re-use the existing mapping; if the previous
> fin transmission was part of a partially acked data packet, we could
> end-up writing in the egress packet a non-compliant DSS.
>
> The above will be detected by a "Bad mapping" warning on the receiver
> side.
>
> This change addresses the issue explicitly checking for 0 len packet
> when adding the DATA_FIN option.
>
> Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets")
> Reported-by: syzbot+42a07faa5923cfaeb9c9(a)syzkaller.appspotmail.com
> Tested-by: Christoph Paasch <cpaasch(a)apple.com>
> Reviewed-by: Christoph Paasch <cpaasch(a)apple.com>
> Reviewed-by: Mat Martineau <mathew.j.martineau(a)linux.intel.com>
> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
Applied and queued up for -stable, thank you.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] mptcp: fix DSS map generation on fin retransmission
@ 2020-07-07 22:28 ` David Miller
0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2020-07-07 22:28 UTC (permalink / raw)
To: pabeni; +Cc: netdev, mptcp
From: Paolo Abeni <pabeni@redhat.com>
Date: Fri, 3 Jul 2020 18:06:04 +0200
> The RFC 8684 mandates that no-data DATA FIN packets should carry
> a DSS with 0 sequence number and data len equal to 1. Currently,
> on FIN retransmission we re-use the existing mapping; if the previous
> fin transmission was part of a partially acked data packet, we could
> end-up writing in the egress packet a non-compliant DSS.
>
> The above will be detected by a "Bad mapping" warning on the receiver
> side.
>
> This change addresses the issue explicitly checking for 0 len packet
> when adding the DATA_FIN option.
>
> Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets")
> Reported-by: syzbot+42a07faa5923cfaeb9c9@syzkaller.appspotmail.com
> Tested-by: Christoph Paasch <cpaasch@apple.com>
> Reviewed-by: Christoph Paasch <cpaasch@apple.com>
> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Applied and queued up for -stable, thank you.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [MPTCP] [PATCH net] mptcp: fix DSS map generation on fin retransmission
@ 2020-06-26 9:10 Paolo Abeni
0 siblings, 0 replies; 5+ messages in thread
From: Paolo Abeni @ 2020-06-26 9:10 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1810 bytes --]
The RFC 8684 mandates that no-data DATA FIN packets should carry
a DSS with 0 sequence number and data len equal to 1. Currently,
on FIN retransmission we re-use the existing mapping; if the previous
fin transmission was part of a partially acked data packet, we could
end-up writing in the egress packet a non-compliant DSS.
The above will be detected by a "Bad mapping" warning on the receiver
side.
This change addresses the issue explicitly checking for 0 len packet
when adding the DATA_FIN option.
Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets")
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
---
net/mptcp/options.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
---
this should go on "top" of export branch, just before the "DO NOT MERGE"
changes.
Hopefully should not conflict with others
diff --git a/net/mptcp/options.c b/net/mptcp/options.c
index f464f8669dfc..46470194b8ca 100644
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -451,9 +451,9 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
}
static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
- struct mptcp_ext *ext)
+ struct sk_buff *skb, struct mptcp_ext *ext)
{
- if (!ext->use_map) {
+ if (!ext->use_map || !skb->len) {
/* RFC6824 requires a DSS mapping with specific values
* if DATA_FIN is set but no data payload is mapped
*/
@@ -505,7 +505,7 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
opts->ext_copy = *mpext;
if (skb && tcp_fin && subflow->data_fin_tx_enable)
- mptcp_write_data_fin(subflow, &opts->ext_copy);
+ mptcp_write_data_fin(subflow, skb, &opts->ext_copy);
ret = true;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-07-07 22:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-03 16:06 [MPTCP] [PATCH net] mptcp: fix DSS map generation on fin retransmission Paolo Abeni
2020-07-03 16:06 ` Paolo Abeni
-- strict thread matches above, loose matches on Subject: below --
2020-07-07 22:28 [MPTCP] " David Miller
2020-07-07 22:28 ` David Miller
2020-06-26 9:10 [MPTCP] " Paolo Abeni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.