From patchwork Thu Mar 13 16:26:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arthur Mongodin X-Patchwork-Id: 14015412 X-Patchwork-Delegate: kuba@kernel.org Received: from PA5P264CU001.outbound.protection.outlook.com (mail-francecentralazon11020108.outbound.protection.outlook.com [52.101.167.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94E84269D1F for ; Thu, 13 Mar 2025 16:27:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.167.108 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741883225; cv=fail; b=YD376KLIHbLn8RLTTQPftRZPhIZLupnKfL1IYJHUDUPfoPeAkIm60jh6cnyilr3jETxdFUjN+iq0XC+co5KydQMqPd7L3WuQoML18OwMVtPKyk09S51Ni78AN7nn5XhGIv6AG95PYldTsmE+h7Tauu6ST2ptPCFjhI/KC44IobQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741883225; c=relaxed/simple; bh=MMgw5rbFRaDUCD8Xlkp4wmFButFay+eJUjA88B8Z5xs=; h=Message-ID:Date:To:Cc:From:Subject:Content-Type:MIME-Version; b=C+tSyBAOXS1PZ89jATWQO3ZqqddvnqLGRZGJv3SvfXrttD2X40slkA04PI5UMBOnGGEhOKbdFzmW7UWQBkRFqyQm5XUUqYw7hJLvRUHeWhyQlEOMDviw0SUqqFud5jYR2rTWukuWoC/Vhi3d4F6AyxTi3BCj47P5oY08VnH0Tt0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=randorisec.fr; spf=pass smtp.mailfrom=randorisec.fr; arc=fail smtp.client-ip=52.101.167.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=randorisec.fr Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=randorisec.fr ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=K2a4e7Pc5jhFUcA/aft2oK10sQcHAYh1q3sm+H63ZbDuU52cH0hw1UU5t+Q42cqfhtHqXMF8z14qPWQKPZ/2q2A27CkTRnPmLqw8ag0heqy7pAna5em6ndI1exsJ0WWIwqp5psxTHFS6FqcXGcjXAEcuGIZZ3xDUfYKBwwQyo/Pz9hWzmlSG+ABouwrkIBywJy0SqYLBcK5xfVmLg9e8cOZakg52skvXJgCVe+HRl93Vac0o2qRBlWQPeV5lFojOJsdX/C0ge7WEXIQMO2z2PIi6DUN/hlxL0ikLsRyoBvM3/8kVMbN3AfLjLKLX7K06606gXCksWrmxDaM2Dm4FaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VzirWgqPWGPdUkD99vIpXN+HpjxcoLgpV9gIYpRiHXk=; b=fDBqpR6+n4B3BRvxWp4fXKUaOhx70LuEU8g4PdAjL1siaiwIsf6/THxxDFBOE3bdQOD48KoEoObHzhcJ+TvGeLWFj0fgjNpg3KjvCUjqDcuKm2kupzPat57hdA4+UzpgIlt7O3s4CdOG7QEq/lBTTsbWEV5j2wDGe6n5zemc3lDHSKx+Dqhf1RYYcR4A88gEpdwKLNw5ekaTbyfbc9GdMf2DKVfVBBx/fc2qqx8/M6QxMzjz5Joh/Q+e3GsyCBiIIm9ihjP2qADrF3VKG/L6z4FxnB6M8t8vq5x0B7KZh6nCjqcIyBQMY3LemYT/G3GO8jyfiAUahnWDuqGsd0LcpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=randorisec.fr; dmarc=pass action=none header.from=randorisec.fr; dkim=pass header.d=randorisec.fr; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=randorisec.fr; Received: from MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:16::23) by PARP264MB6297.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:4a5::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.28; Thu, 13 Mar 2025 16:26:59 +0000 Received: from MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM ([fe80::d6fd:76c4:7058:d7a2]) by MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM ([fe80::d6fd:76c4:7058:d7a2%4]) with mapi id 15.20.8511.026; Thu, 13 Mar 2025 16:26:59 +0000 Message-ID: <81b2a80e-2a25-4a5f-b235-07a68662aa98@randorisec.fr> Date: Thu, 13 Mar 2025 17:26:57 +0100 User-Agent: Mozilla Thunderbird Content-Language: en-US To: netdev@vger.kernel.org Cc: Matthieu Baerts , martineau@kernel.org, geliang@kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, Paolo Abeni , horms@kernel.org, mptcp@lists.linux.dev, hanguelkov@randorisec.fr, Davy Douhine From: Arthur Mongodin Subject: [PATCH net] mptcp: Fix data stream corruption in the address announcement X-ClientProxiedBy: PR0P264CA0231.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1e::27) To MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:16::23) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MRXP264MB0246:EE_|PARP264MB6297:EE_ X-MS-Office365-Filtering-Correlation-Id: 0d5cc5b8-c5fb-4c01-fb94-08dd624be0cb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?utf-8?q?5dVxRr86Vmuby4qDRJpQlCHd1GRsonb?= =?utf-8?q?ectWkXQN3CvAWrRGQeDfIb2l+cEpYB31rsgnIHgcc2Ifbs9hC9f/8m4e0mICwGf+7?= =?utf-8?q?wCn1Owm80DPaNfieZBJn+mJ5ZyTiSIF5CCubFolz6r1JR3KWH0/KMyB+FeRaXDf75?= =?utf-8?q?bshRGRZ9t6VHX1Wo+rMxZ0sziSkGXhEmVROgyPb1xs+RiDiWfrUFBdlasAamO8XSl?= =?utf-8?q?af9XkECr5vkkxmCdcpxx1BaB0JrmSInRC0sHmBdaOvbRqRGgEphNLwX3LKl8RjQOH?= =?utf-8?q?BIyw6a9fvegSnNcmWKUC9u7B/z3VffbXDP2XfrwiwKLfI1rcQpQbHU1vkTCTnm1Et?= =?utf-8?q?dzUOqYLQg/EMRZUKKEnE3VLMwQyEO51jHcl1hGEJggTATvf8R8ADOpl27T/XI82wQ?= =?utf-8?q?j3NjoEudbZ7db7RUayEhxlFYoq0UN55eOSO+y7XcC6uVq2NBirRshAfHOyvdnjLWW?= =?utf-8?q?meV41zXCvdRhctOHbEfIqFa3YZUtTGUwA3i/ExibuwFINiaWuTqAe6A/z9F6nHKQb?= =?utf-8?q?sxR6IL0U/7USISLFsCGxzzytGjQeZMzynO7Lamw6/fE/8gvVcGp3iKAuD3p5SWDDJ?= =?utf-8?q?mvkufpWWjoaictlit+tHB/boyoa/XCL0gpXkhHe5KqkPzF/xbm5ybFJJU4V8MQdji?= =?utf-8?q?xnmmTl4sZzyM2Elw2Al3KPW6rU2hMrrU/YPlOSwhfBmfFXKinpA++D0U5MfbqcPLR?= =?utf-8?q?+r5eJ6+98pPz9wl2/lMj9s45ojTlnsM1qYdVyIOGuMFMI7R2X+GV+kb7OcAWNZ+a4?= =?utf-8?q?rf24kH8ltdQjRQSFxZIcQcynT9M8bGgqhelmgUAGK0fXLKGBupoa7t8wvawLCQMMX?= =?utf-8?q?XkhisS23ZdeKWBdjUiRBDX3m/pu8s6f1Ps0TApCsjhxGIhtOYTGF97ZuxmDr3zyTm?= =?utf-8?q?c1rFurX8nXIhPj8OMgZ3BY2nLo0YDBVMBzdMYzoQ83N6MEz0rvMt2OLadp0qVBc/Y?= =?utf-8?q?VCs4533Ccd+0z/BzlrZ5r0KD5mWyXeNMkIRE3T/c6deCWnAMAyUCFTOFzodfj3Ywm?= =?utf-8?q?NrDiqYNS6nFa+XxAYvw1B0laXB1MdskcO4Z5Ww/DAo4LS9Xqg6NARA4QrbTiIQ1/V?= =?utf-8?q?frvR+d9erlogKDBGdmiux/KvJ1nqI1BOWITUZoC46WKMY6LRiWVslFvwqBu3+Ey/t?= =?utf-8?q?gSX8JfilylC2GueVmFMb31FhXBzi1mg/zIIRimNyVmR5hYK1FKB0nVvkL3fswokC2?= =?utf-8?q?KrO1Sy9UWYuWy2sYP4+Q6GC/fBovHZ2xEPak7OKnhT3uOm5qY6tZjKoUmCMFlZm7/?= =?utf-8?q?IQtAD5LY38BxReydtXVQDjHr+QzGDdl4rt4Dg9LYngMptcrj7NbCFGJUG1/atMcJB?= =?utf-8?q?fwMa5cBIeQKb?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(366016)(376014)(1800799024);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?uabnBQdXtJctao3t8Xtci8GSy7kd?= =?utf-8?q?0AmkpzYVRN6dKkl+fKXy7XFcnD/f8bqIKiDe7biuOEkFeJlyijOC2uVB0ETDnil8K?= =?utf-8?q?7A6K9IAbQfK6IkrdS8tXj5QtLFTZ/klthSU7scAh4yNOCk/zZ6FV0Niv81LDlLzSt?= =?utf-8?q?OVXechM7K1YQ2x9FRezk96hFKmrd1+01zoll0ZPVMC8z8ZsEI4JrPDdVdLnv9di3y?= =?utf-8?q?8Yq2o2AsBMNj6HMy2OcOnSKPIzP6Fd1xD+970e5W1i6YrOQEEYP3fyvNnqwk0KDIF?= =?utf-8?q?kfMrCG/JHslgcRQ8QJgeemTVMjZC1e9nEMiAc2VH0ACbNzK1dZa2dtyx4/tNNFHUb?= =?utf-8?q?X6LwJ+TYjyTvHG0ZOnum6v7zb6QgdQENWQoEZ02clIA//bH12+x4ar0FbNIaIwmAq?= =?utf-8?q?UwImaAApV+rvBQ1Gd4ri2fRTmfWx72NsX+R3ZGojalQMYdJpi1rrc96k0Jp8H7Jyr?= =?utf-8?q?3CEaUsi+eWxxK7CRcOtQbH9L/2o/8x++IK3GjUGjAqAbhW/v4VhTt4ZX2VJ25ViNz?= =?utf-8?q?5ZMjw2MI5GJgGXjEATnWv2jJ/HOaLYSud6X0MkIoKyuoU8OTxqr/Uv2szKNWqaKh4?= =?utf-8?q?kI/iLDZvGcLVlMwECJXLDSrEtlJsWjijSzo/2quBeu7ufxFQ7k/wcFaE9iNXdypdO?= =?utf-8?q?hqk9uuaTbA2h3boYe7Phzq/rPbpi8wMJs6qMR0rmG9CY9wwBpvXO/3Nxj9vB7gkeN?= =?utf-8?q?Yyhzx5m91GViVHXV5i496ixYzHVhWibYVNVDsAMI13eLzwU6JYXDgQDTkRn3qdiB1?= =?utf-8?q?FvlaHFx9/0A+RBbML5HpwResLEwmCaXDTdX8P54MMLodqdT/AKk6qC0smaXRkdbgC?= =?utf-8?q?Ig/QsNUgGyEr+GXnqLgyZiArDirs0cvkt9WyKIq57ElL92hO1LlPW+ksfNyPd55Zr?= =?utf-8?q?zRuoacUYGGyHA8noaTpN2cP/7ILV+P3PBZTKDoQZ1IjHSksUYvk2oqT8xvDCAgob+?= =?utf-8?q?Z8q8R+D+O+PHegxXa5KyFdmfsHc0IicIFatgUZz6Sc/zZBNzmgrWxlF8CY7t0Gg1u?= =?utf-8?q?jNU9cQ6p/+37VAv/B82mftKIxx2BmZk3dkHHaZBWFoEZtdsEgjTpgdPKwqpqtGL1K?= =?utf-8?q?bDx+HiwMUqcZTEqNM8gfGyZLsQlRU4pUztLEsbg30D7/OTN0izI7afiDGH1XTSFRz?= =?utf-8?q?aK3iIiQfF0icN2UgFUpWg99CdkUoWXhWcMqBj4Q2LdgbutiWJQsQ9lsMyw9955LKV?= =?utf-8?q?wRjOKYqdosHbOt6HLQuF2BN1P++FhRzTCA6FYzNOHevv8ikuLi6SHeJSpQGh/wxfJ?= =?utf-8?q?geq/i2lh4eG+aDUSnr2QIs6bJ9bdVmeERMZt2KhEEE33BFqe0s+W8JfXlWxf93LO+?= =?utf-8?q?7p/PpN7hQEjkAfRHLexlg+kc73jTt2sEjVFlZELi1jCMpB10EUTN41GHeucAotqgZ?= =?utf-8?q?2DYFQ4PspjdMYJak9YmIwY8GttPf6fJzAlW4/u2kimwWbubQLcvFRME0u9zQ80f+v?= =?utf-8?q?/THeVHZ4zcHqef4DrMp1BoAojc8NtVua0N/axsCKy/MnWZ8sn4NBmTdfOOWMD/3UC?= =?utf-8?q?bF4hr0ylIRty?= X-OriginatorOrg: randorisec.fr X-MS-Exchange-CrossTenant-Network-Message-Id: 0d5cc5b8-c5fb-4c01-fb94-08dd624be0cb X-MS-Exchange-CrossTenant-AuthSource: MRXP264MB0246.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2025 16:26:59.0983 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: c1031ca0-4b69-4e1b-9ecb-9b3dcf99bc61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NJ3L2C4wfpHQ0+SoXzxRSpDsH5sx0EHZqQ2pBqk8Jbz1q64XMqK3rF0KgC8dINBA31bvYNaAmSn74TXCnVZP6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PARP264MB6297 X-Patchwork-Delegate: kuba@kernel.org The DSS and ADD_ADDR options should be exclusive and not send together. The call to the mptcp_pm_add_addr_signal() function in the mptcp_established_options_add_addr() function could modify opts->addr, thus also opts->ext_copy as they belong to distinguish entries of the same union field in mptcp_out_options. If the DSS option should not be dropped, the check if the DSS option has been previously established and thus if we should not establish the ADD_ADDR option is done after opts->addr (thus opts->ext_copy) has been modified. This corruption may modify stream information send in the next packet with invalid data. Using an intermediate variable, prevents from corrupting previously established DSS option. The assignment of the ADD_ADDR option parameters in done once we are sure that the DSS option has been dropped or it has not been established previously. Suggested-by: Paolo Abeni Fixes: 1bff1e43a30e ("mptcp: optimize out option generation") Signed-off-by: Arthur Mongodin Reviewed-by: Matthieu Baerts (NGI0) --- net/mptcp/options.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) @@ -659,7 +660,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * */ if (!mptcp_pm_should_add_signal(msk) || (opts->suboptions & (OPTION_MPTCP_MPJ_ACK | OPTION_MPTCP_MPC_ACK)) || - !mptcp_pm_add_addr_signal(msk, skb, opt_size, remaining, &opts->addr, + !mptcp_pm_add_addr_signal(msk, skb, opt_size, remaining, &addr, &echo, &drop_other_suboptions)) return false; @@ -672,7 +673,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * else if (opts->suboptions & OPTION_MPTCP_DSS) return false; - len = mptcp_add_addr_len(opts->addr.family, echo, !!opts->addr.port); + len = mptcp_add_addr_len(addr.family, echo, !!addr.port); if (remaining < len) return false; @@ -689,6 +690,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * opts->ahmac = 0; *size -= opt_size; } + opts->addr = addr; opts->suboptions |= OPTION_MPTCP_ADD_ADDR; if (!echo) { MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ADDADDRTX); diff --git a/net/mptcp/options.c b/net/mptcp/options.c index fd2de185bc93..23949ae2a3a8 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -651,6 +651,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * struct mptcp_sock *msk = mptcp_sk(subflow->conn); bool drop_other_suboptions = false; unsigned int opt_size = *size; + struct mptcp_addr_info addr; bool echo; int len;