Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mptcp: Handle incoming ADD_ADDR on non-established sockets
If a server sends us an ADD_ADDR (with valid ACK-number) instead of the SYN/ACK, we will parse this ADD_ADDR and access tp->mpcb. However, at this stage tp->mpcb is not yet set and thus we will panic: [ 31.845802] BUG: unable to handle kernel NULL pointer dereference at 000000000000033d [ 31.846784] IP: [<ffffffff815a86c1>] mptcp_parse_options+0x2e1/0x540 [ 31.846784] PGD 3d72d067 PUD 3dbcd067 PMD 0 [ 31.846784] Oops: 0000 [#1] SMP [ 31.846784] Modules linked in: [ 31.846784] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.4.0.mptcp #3 [ 31.846784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 31.846784] task: ffff88003f87ee00 ti: ffff88003f8c4000 task.ti: ffff88003f8c4000 [ 31.846784] RIP: 0010:[<ffffffff815a86c1>] [<ffffffff815a86c1>] mptcp_parse_options+0x2e1/0x540 [ 31.846784] RSP: 0018:ffff88003fd039a8 EFLAGS: 00010286 [ 31.846784] RAX: 0000000000000000 RBX: 0000000000000010 RCX: ffff88003d469500 [ 31.846784] RDX: ffff88003fd03a70 RSI: 0000000000000008 RDI: ffff88003c521482 [ 31.846784] RBP: ffff88003fd039a8 R08: ffff88003d8d8000 R09: ffff88003c521484 [ 31.846784] R10: ffff88003d8d85a8 R11: ffff88003fd03a3e R12: ffff88003c521462 [ 31.846784] R13: 0000000000000008 R14: 0000000000000008 R15: ffff88003d469500 [ 31.846784] FS: 0000000000000000(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000 [ 31.846784] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 31.846784] CR2: 000000000000033d CR3: 000000003c608000 CR4: 00000000000006e0 [ 31.846784] Stack: [ 31.846784] ffff88003fd03a20 ffffffff81504c1f ffff88003fd039c8 ffff88003fd03a3e [ 31.846784] ffff88003d8d85a8 ffff88003c521484 ffff88003fd03a3f ffff88003d8d8000 [ 31.846784] 000000006967fb40 ffff88003fd03a70 ffff88003d8d8000 ffff88003d8d8000 [ 31.846784] Call Trace: [ 31.846784] <IRQ> [ 31.846784] [<ffffffff81504c1f>] tcp_parse_options+0x25f/0x420 [ 31.846784] [<ffffffff8150be35>] tcp_rcv_synsent_state_process+0x95/0x990 [ 31.846784] [<ffffffff8154680a>] ? ipt_do_table+0x2da/0x3a0 [ 31.846784] [<ffffffff8150c7d9>] tcp_rcv_state_process+0xa9/0x7e0 [ 31.846784] [<ffffffff81515d5a>] tcp_v4_do_rcv+0x16a/0x280 [ 31.846784] [<ffffffff8151714e>] tcp_v4_rcv+0xa6e/0xaf0 [ 31.846784] [<ffffffff814daf90>] ? ip_vs_local_request4+0x30/0x40 [ 31.846784] [<ffffffff814dafa9>] ? ip_vs_remote_request4+0x9/0x10 [ 31.846784] [<ffffffff814f1a2e>] ip_local_deliver_finish+0x4e/0x170 [ 31.846784] [<ffffffff814f1d58>] ip_local_deliver+0xb8/0xd0 [ 31.846784] [<ffffffff814f19e0>] ? ip_rcv_finish+0x2a0/0x2a0 [ 31.846784] [<ffffffff814f17bb>] ip_rcv_finish+0x7b/0x2a0 [ 31.846784] [<ffffffff814f2021>] ip_rcv+0x2b1/0x360 [ 31.846784] [<ffffffff814f1740>] ? inet_del_offload+0x40/0x40 [ 31.846784] [<ffffffff8149da12>] __netif_receive_skb_core+0x2d2/0x9b0 [ 31.846784] [<ffffffff8151c078>] ? tcp4_gro_receive+0x128/0x1d0 [ 31.846784] [<ffffffff8152ae7a>] ? inet_gro_receive+0x18a/0x200 [ 31.846784] [<ffffffff8149e108>] __netif_receive_skb+0x18/0x60 [ 31.846784] [<ffffffff8149e178>] netif_receive_skb_internal+0x28/0x90 [ 31.846784] [<ffffffff8149ebdb>] napi_gro_receive+0x6b/0x90 [ 31.846784] [<ffffffff813d2c00>] virtnet_receive+0x430/0x790 [ 31.846784] [<ffffffff813d2f78>] virtnet_poll+0x18/0x80 [ 31.846784] [<ffffffff8149e581>] net_rx_action+0x1b1/0x2f0 [ 31.846784] [<ffffffff81055402>] __do_softirq+0xf2/0x210 [ 31.846784] [<ffffffff8105569e>] irq_exit+0xae/0xb0 [ 31.846784] [<ffffffff8100508f>] do_IRQ+0x4f/0xd0 [ 31.846784] [<ffffffff815c15c2>] common_interrupt+0x82/0x82 Fixes: de09a83 (mptcp: Add ADD_ADDR2 option) Signed-off-by: Christoph Paasch <[email protected]> Signed-off-by: Matthieu Baerts <[email protected]> (cherry picked from commit 3fc787d) Signed-off-by: Matthieu Baerts <[email protected]>
- Loading branch information
