Commit d6085fe1 authored by Paolo Abeni's avatar Paolo Abeni Committed by David S. Miller
Browse files

mptcp: avoid a WARN on bad input. 



Syzcaller has found a way to trigger the WARN_ON_ONCE condition
in check_fully_established().

The root cause is a legit fallback to TCP scenario, so replace
the WARN with a plain message on a more strict condition.

Fixes: f296234c ("mptcp: Add handling of incoming MP_JOIN requests")
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cfde141e

net/mptcp/options.c

+2 −2
Original line number Diff line number Diff line
@@ -703,8 +703,6 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *sk, 
		goto fully_established;

	}



	WARN_ON_ONCE(subflow->can_ack);



	/* If the first established packet does not contain MP_CAPABLE + data

	 * then fallback to TCP

	 */
@@ -714,6 +712,8 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *sk, 
		return false;

	}



	if (unlikely(!READ_ONCE(msk->pm.server_side)))

		pr_warn_once("bogus mpc option on established client sk");

	subflow->fully_established = 1;

	subflow->remote_key = mp_opt->sndr_key;

	subflow->can_ack = 1;

CRA Git | Maintained and supported by SUSTech CRA and CCSE