Merge branch 'mptcp-fix-races-on-accept'

}

#endif

struct sock *mptcp_sk_clone(const struct sock *sk, struct request_sock *req)

struct sock *mptcp_sk_clone(const struct sock *sk,

			    const struct tcp_options_received *opt_rx,

			    struct request_sock *req)

{

	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);

	struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC);

	msk->write_seq = subflow_req->idsn + 1;

	atomic64_set(&msk->snd_una, msk->write_seq);

	if (subflow_req->remote_key_valid) {

	if (opt_rx->mptcp.mp_capable) {

		msk->can_ack = true;

		msk->remote_key = subflow_req->remote_key;

		msk->remote_key = opt_rx->mptcp.sndr_key;

		mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq);

		ack_seq++;

		msk->ack_seq = ack_seq;

	}

	sock_reset_flag(nsk, SOCK_RCU_FREE);

	/* will be fully established after successful MPC subflow creation */

	inet_sk_state_store(nsk, TCP_SYN_RECV);

	bh_unlock_sock(nsk);

		goto unlock;

	}

	sock_set_flag(sock->sk, SOCK_RCU_FREE);

	err = ssock->ops->listen(ssock, backlog);

	inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));

	if (!err)

	struct	tcp_request_sock sk;

	u16	mp_capable : 1,

		mp_join : 1,

		backup : 1,

		remote_key_valid : 1;

		backup : 1;

	u8	local_id;

	u8	remote_id;

	u64	local_key;

	u64	remote_key;

	u64	idsn;

	u32	token;

	u32	ssn_offset;

int mptcp_proto_v6_init(void);

#endif

struct sock *mptcp_sk_clone(const struct sock *sk, struct request_sock *req);

struct sock *mptcp_sk_clone(const struct sock *sk,

			    const struct tcp_options_received *opt_rx,

			    struct request_sock *req);

void mptcp_get_options(const struct sk_buff *skb,

		       struct tcp_options_received *opt_rx);

	subflow_req->mp_capable = 0;

	subflow_req->mp_join = 0;

	subflow_req->remote_key_valid = 0;

#ifdef CONFIG_TCP_MD5SIG

	/* no MPTCP if MD5SIG is enabled on this socket or we may run out of

	sk_common_release(sk);

}

static void subflow_ulp_fallback(struct sock *sk,

				 struct mptcp_subflow_context *old_ctx)

{

	struct inet_connection_sock *icsk = inet_csk(sk);

	mptcp_subflow_tcp_fallback(sk, old_ctx);

	icsk->icsk_ulp_ops = NULL;

	rcu_assign_pointer(icsk->icsk_ulp_data, NULL);

	tcp_sk(sk)->is_mptcp = 0;

}

static struct sock *subflow_syn_recv_sock(const struct sock *sk,

					  struct sk_buff *skb,

					  struct request_sock *req,

	struct tcp_options_received opt_rx;

	bool fallback_is_fatal = false;

	struct sock *new_msk = NULL;

	bool fallback = false;

	struct sock *child;

	pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn);

	opt_rx.mptcp.mp_capable = 0;

	if (tcp_rsk(req)->is_mptcp == 0)

		goto create_child;

			goto create_msk;

		}

		opt_rx.mptcp.mp_capable = 0;

		mptcp_get_options(skb, &opt_rx);

		if (opt_rx.mptcp.mp_capable) {

			subflow_req->remote_key = opt_rx.mptcp.sndr_key;

			subflow_req->remote_key_valid = 1;

		} else {

			subflow_req->mp_capable = 0;

		if (!opt_rx.mptcp.mp_capable) {

			fallback = true;

			goto create_child;

		}

create_msk:

		new_msk = mptcp_sk_clone(listener->conn, req);

		new_msk = mptcp_sk_clone(listener->conn, &opt_rx, req);

		if (!new_msk)

			subflow_req->mp_capable = 0;

			fallback = true;

	} else if (subflow_req->mp_join) {

		fallback_is_fatal = true;

		opt_rx.mptcp.mp_join = 0;

	if (child && *own_req) {

		struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(child);

		/* we have null ctx on TCP fallback, which is fatal on

		 * MPJ handshake

		/* we need to fallback on ctx allocation failure and on pre-reqs

		 * checking above. In the latter scenario we additionally need

		 * to reset the context to non MPTCP status.

		 */

		if (!ctx) {

		if (!ctx || fallback) {

			if (fallback_is_fatal)

				goto close_child;

			if (ctx) {

				subflow_ulp_fallback(child, ctx);

				kfree_rcu(ctx, rcu);

			}

			goto out;

		}

			mptcp_pm_new_connection(mptcp_sk(new_msk), 1);

			ctx->conn = new_msk;

			new_msk = NULL;

			/* with OoO packets we can reach here without ingress

			 * mpc option

			 */

			ctx->remote_key = opt_rx.mptcp.sndr_key;

			ctx->fully_established = opt_rx.mptcp.mp_capable;

			ctx->can_ack = opt_rx.mptcp.mp_capable;

		} else if (ctx->mp_join) {

			struct mptcp_sock *owner;

	/* dispose of the left over mptcp master, if any */

	if (unlikely(new_msk))

		mptcp_force_close(new_msk);

	/* check for expected invariant - should never trigger, just help

	 * catching eariler subtle bugs

	 */

	WARN_ON_ONCE(*own_req && child && tcp_sk(child)->is_mptcp &&

		     (!mptcp_subflow_ctx(child) ||

		      !mptcp_subflow_ctx(child)->conn));

	return child;

close_child:

	kfree_rcu(ctx, rcu);

}

static void subflow_ulp_fallback(struct sock *sk,

				 struct mptcp_subflow_context *old_ctx)

{

	struct inet_connection_sock *icsk = inet_csk(sk);

	mptcp_subflow_tcp_fallback(sk, old_ctx);

	icsk->icsk_ulp_ops = NULL;

	rcu_assign_pointer(icsk->icsk_ulp_data, NULL);

	tcp_sk(sk)->is_mptcp = 0;

}

static void subflow_ulp_clone(const struct request_sock *req,

			      struct sock *newsk,

			      const gfp_t priority)

		 * is fully established only after we receive the remote key

		 */

		new_ctx->mp_capable = 1;

		new_ctx->fully_established = subflow_req->remote_key_valid;

		new_ctx->can_ack = subflow_req->remote_key_valid;

		new_ctx->remote_key = subflow_req->remote_key;

		new_ctx->local_key = subflow_req->local_key;

		new_ctx->token = subflow_req->token;

		new_ctx->ssn_offset = subflow_req->ssn_offset;