[PATCH net 1/2] mptcp: don't orphan ssk in mptcp_close()

From: Matthieu Baerts
Date: Mon Nov 28 2022 - 10:43:43 EST

Next message: Matthieu Baerts: "[PATCH net 2/2] mptcp: fix sleep in atomic at close time"
Previous message: Matthieu Baerts: "[PATCH net 0/2] mptcp: More fixes for 6.1"
In reply to: Matthieu Baerts: "[PATCH net 0/2] mptcp: More fixes for 6.1"
Next in thread: Matthieu Baerts: "[PATCH net 2/2] mptcp: fix sleep in atomic at close time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Menglong Dong <imagedong@xxxxxxxxxxx>

All of the subflows of a msk will be orphaned in mptcp_close(), which
means the subflows are in DEAD state. After then, DATA_FIN will be sent,
and the other side will response with a DATA_ACK for this DATA_FIN.

However, if the other side still has pending data, the data that received
on these subflows will not be passed to the msk, as they are DEAD and
subflow_data_ready() will not be called in tcp_data_ready(). Therefore,
these data can't be acked, and they will be retransmitted again and again,
until timeout.

Fix this by setting ssk->sk_socket and ssk->sk_wq to 'NULL', instead of
orphaning the subflows in __mptcp_close(), as Paolo suggested.

Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close")
Reviewed-by: Biao Jiang <benbjiang@xxxxxxxxxxx>
Reviewed-by: Mengen Sun <mengensun@xxxxxxxxxxx>
Signed-off-by: Menglong Dong <imagedong@xxxxxxxxxxx>
Reviewed-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Signed-off-by: Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx>
---
net/mptcp/protocol.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index b6dc6e260334..1dbc62537259 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2354,12 +2354,7 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
goto out;
}

- /* if we are invoked by the msk cleanup code, the subflow is
- * already orphaned
- */
- if (ssk->sk_socket)
- sock_orphan(ssk);
-
+ sock_orphan(ssk);
subflow->disposable = 1;

/* if ssk hit tcp_done(), tcp_cleanup_ulp() cleared the related ops
@@ -2940,7 +2935,11 @@ bool __mptcp_close(struct sock *sk, long timeout)
if (ssk == msk->first)
subflow->fail_tout = 0;

- sock_orphan(ssk);
+ /* detach from the parent socket, but allow data_ready to
+ * push incoming data into the mptcp stack, to properly ack it
+ */
+ ssk->sk_socket = NULL;
+ ssk->sk_wq = NULL;
unlock_sock_fast(ssk, slow);
}
sock_orphan(sk);
--
2.37.2

Next message: Matthieu Baerts: "[PATCH net 2/2] mptcp: fix sleep in atomic at close time"
Previous message: Matthieu Baerts: "[PATCH net 0/2] mptcp: More fixes for 6.1"
In reply to: Matthieu Baerts: "[PATCH net 0/2] mptcp: More fixes for 6.1"
Next in thread: Matthieu Baerts: "[PATCH net 2/2] mptcp: fix sleep in atomic at close time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]