mptcp: fix races between shutdown and recvmsg

The msk sk_shutdown flag is set by a workqueue, possibly
introducing some delay in user-space notification. If the last
subflow carries some data with the fin packet, the user space
can wake-up before RCV_SHUTDOWN is set. If it executes unblocking
recvmsg(), it may return with an error instead of eof.

Address the issue explicitly checking for eof in recvmsg(), when
no data is found.

Fixes: 59832e246515 ("mptcp: subflow: check parent mptcp socket on subflow state change")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 14b253d10ccfed2d81925e07c49d5d166573933e..3980fbb6f31ea154e12ef41f896916892eb015b2 100644 (file)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -374,6 +374,27 @@ void mptcp_subflow_eof(struct sock *sk)
                sock_hold(sk);
 }
 
+static void mptcp_check_for_eof(struct mptcp_sock *msk)
+{
+       struct mptcp_subflow_context *subflow;
+       struct sock *sk = (struct sock *)msk;
+       int receivers = 0;
+
+       mptcp_for_each_subflow(msk, subflow)
+               receivers += !subflow->rx_eof;
+
+       if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
+               /* hopefully temporary hack: propagate shutdown status
+                * to msk, when all subflows agree on it
+                */
+               sk->sk_shutdown |= RCV_SHUTDOWN;
+
+               smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
+               set_bit(MPTCP_DATA_READY, &msk->flags);
+               sk->sk_data_ready(sk);
+       }
+}
+
 static void mptcp_stop_timer(struct sock *sk)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
@@ -1011,6 +1032,9 @@ fallback:
                                break;
                        }
 
+                       if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
+                               mptcp_check_for_eof(msk);
+
                        if (sk->sk_shutdown & RCV_SHUTDOWN)
                                break;
 
@@ -1148,27 +1172,6 @@ static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu)
        return 0;
 }
 
-static void mptcp_check_for_eof(struct mptcp_sock *msk)
-{
-       struct mptcp_subflow_context *subflow;
-       struct sock *sk = (struct sock *)msk;
-       int receivers = 0;
-
-       mptcp_for_each_subflow(msk, subflow)
-               receivers += !subflow->rx_eof;
-
-       if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
-               /* hopefully temporary hack: propagate shutdown status
-                * to msk, when all subflows agree on it
-                */
-               sk->sk_shutdown |= RCV_SHUTDOWN;
-
-               smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
-               set_bit(MPTCP_DATA_READY, &msk->flags);
-               sk->sk_data_ready(sk);
-       }
-}
-
 static void mptcp_worker(struct work_struct *work)
 {
        struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work);