forked from Minki/linux
mptcp: more strict state checking for acks
Syzkaller found a way to trigger division by zero in mptcp_subflow_cleanup_rbuf(). The current checks implemented into tcp_can_send_ack() are too week, let's be more accurate. Reported-by: Christoph Paasch <cpaasch@apple.com> Fixes:ea4ca586b1
("mptcp: refine MPTCP-level ack scheduling") Fixes:fd8976790a
("mptcp: be careful on MPTCP-level ack.") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
ece9ab2a78
commit
20bc80b6f5
@ -427,7 +427,7 @@ static bool mptcp_subflow_active(struct mptcp_subflow_context *subflow)
|
||||
static bool tcp_can_send_ack(const struct sock *ssk)
|
||||
{
|
||||
return !((1 << inet_sk_state_load(ssk)) &
|
||||
(TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_TIME_WAIT | TCPF_CLOSE));
|
||||
(TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_TIME_WAIT | TCPF_CLOSE | TCPF_LISTEN));
|
||||
}
|
||||
|
||||
static void mptcp_send_ack(struct mptcp_sock *msk)
|
||||
|
Loading…
Reference in New Issue
Block a user