mptcp: don't always assume copied data in mptcp_cleanup_rbuf()

Paolo Abeni · intel-lab-lkp · commit 7955fc7df85c · 2024-12-06T20:14:19.000+08:00
Under some corner cases the MPTCP protocol can end-up invoking mptcp_cleanup_rbuf() when no data has been copied, but such helper assumes the opposite condition. Explicitly drop such assumption and performs the costly call only when strictly needed - before releasing the msk socket lock. Fixes: fd89767 ("mptcp: be careful on MPTCP-level ack.") Signed-off-by: Paolo Abeni <pabeni@redhat.com>
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
@@ -529,13 +529,13 @@ static void mptcp_send_ack(struct mptcp_sock *msk)
 		mptcp_subflow_send_ack(mptcp_subflow_tcp_sock(subflow));
 }
 
-static void mptcp_subflow_cleanup_rbuf(struct sock *ssk)
+static void mptcp_subflow_cleanup_rbuf(struct sock *ssk, int copied)
 {
 	bool slow;
 
 	slow = lock_sock_fast(ssk);
 	if (tcp_can_send_ack(ssk))
-		tcp_cleanup_rbuf(ssk, 1);
+		tcp_cleanup_rbuf(ssk, copied);
 	unlock_sock_fast(ssk, slow);
 }
 
@@ -552,22 +552,22 @@ static bool mptcp_subflow_could_cleanup(const struct sock *ssk, bool rx_empty)
 			      (ICSK_ACK_PUSHED2 | ICSK_ACK_PUSHED)));
 }
 
-static void mptcp_cleanup_rbuf(struct mptcp_sock *msk)
+static void mptcp_cleanup_rbuf(struct mptcp_sock *msk, int copied)
 {
 	int old_space = READ_ONCE(msk->old_wspace);
 	struct mptcp_subflow_context *subflow;
 	struct sock *sk = (struct sock *)msk;
 	int space =  __mptcp_space(sk);
 	bool cleanup, rx_empty;
 
-	cleanup = (space > 0) && (space >= (old_space << 1));
-	rx_empty = !__mptcp_rmem(sk);
+	cleanup = (space > 0) && (space >= (old_space << 1)) && copied;
+	rx_empty = !__mptcp_rmem(sk) && copied;
 
 	mptcp_for_each_subflow(msk, subflow) {
 		struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
 
 		if (cleanup || mptcp_subflow_could_cleanup(ssk, rx_empty))
-			mptcp_subflow_cleanup_rbuf(ssk);
+			mptcp_subflow_cleanup_rbuf(ssk, copied);
 	}
 }
 
@@ -2221,9 +2221,6 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 
 		copied += bytes_read;
 
-		/* be sure to advertise window change */
-		mptcp_cleanup_rbuf(msk);
-
 		if (skb_queue_empty(&msk->receive_queue) && __mptcp_move_skbs(msk))
 			continue;
 
@@ -2272,13 +2269,16 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 		}
 
 		pr_debug("block timeout %ld\n", timeo);
+		mptcp_cleanup_rbuf(msk, copied);
 		err = sk_wait_data(sk, &timeo, NULL);
 		if (err < 0) {
 			err = copied ? : err;
 			goto out_err;
 		}
 	}
 
+	mptcp_cleanup_rbuf(msk, copied);
+
 out_err:
 	if (cmsg_flags && copied >= 0) {
 		if (cmsg_flags & MPTCP_CMSG_TS)

Original file line number	Diff line number	Diff line change
`@@ -529,13 +529,13 @@ static void mptcp_send_ack(struct mptcp_sock *msk)`
`529`	`529`	`mptcp_subflow_send_ack(mptcp_subflow_tcp_sock(subflow));`
`530`	`530`	`}`
`531`	`531`
`532`		`-static void mptcp_subflow_cleanup_rbuf(struct sock *ssk)`
	`532`	`+static void mptcp_subflow_cleanup_rbuf(struct sock *ssk, int copied)`
`533`	`533`	`{`
`534`	`534`	`bool slow;`
`535`	`535`
`536`	`536`	`slow = lock_sock_fast(ssk);`
`537`	`537`	`if (tcp_can_send_ack(ssk))`
`538`		`- tcp_cleanup_rbuf(ssk, 1);`
	`538`	`+ tcp_cleanup_rbuf(ssk, copied);`
`539`	`539`	`unlock_sock_fast(ssk, slow);`
`540`	`540`	`}`
`541`	`541`
`@@ -552,22 +552,22 @@ static bool mptcp_subflow_could_cleanup(const struct sock *ssk, bool rx_empty)`
`552`	`552`	`(ICSK_ACK_PUSHED2 \| ICSK_ACK_PUSHED)));`
`553`	`553`	`}`
`554`	`554`
`555`		`-static void mptcp_cleanup_rbuf(struct mptcp_sock *msk)`
	`555`	`+static void mptcp_cleanup_rbuf(struct mptcp_sock *msk, int copied)`
`556`	`556`	`{`
`557`	`557`	`int old_space = READ_ONCE(msk->old_wspace);`
`558`	`558`	`struct mptcp_subflow_context *subflow;`
`559`	`559`	`struct sock sk = (struct sock )msk;`
`560`	`560`	`int space = __mptcp_space(sk);`
`561`	`561`	`bool cleanup, rx_empty;`
`562`	`562`
`563`		`- cleanup = (space > 0) && (space >= (old_space << 1));`
`564`		`- rx_empty = !__mptcp_rmem(sk);`
	`563`	`+ cleanup = (space > 0) && (space >= (old_space << 1)) && copied;`
	`564`	`+ rx_empty = !__mptcp_rmem(sk) && copied;`
`565`	`565`
`566`	`566`	`mptcp_for_each_subflow(msk, subflow) {`
`567`	`567`	`struct sock *ssk = mptcp_subflow_tcp_sock(subflow);`
`568`	`568`
`569`	`569`	`if (cleanup \|\| mptcp_subflow_could_cleanup(ssk, rx_empty))`
`570`		`- mptcp_subflow_cleanup_rbuf(ssk);`
	`570`	`+ mptcp_subflow_cleanup_rbuf(ssk, copied);`
`571`	`571`	`}`
`572`	`572`	`}`
`573`	`573`
`@@ -2221,9 +2221,6 @@ static int mptcp_recvmsg(struct sock sk, struct msghdr msg, size_t len,`
`2221`	`2221`
`2222`	`2222`	`copied += bytes_read;`
`2223`	`2223`
`2224`		`- /* be sure to advertise window change */`
`2225`		`- mptcp_cleanup_rbuf(msk);`
`2226`		`-`
`2227`	`2224`	`if (skb_queue_empty(&msk->receive_queue) && __mptcp_move_skbs(msk))`
`2228`	`2225`	`continue;`
`2229`	`2226`
`@@ -2272,13 +2269,16 @@ static int mptcp_recvmsg(struct sock sk, struct msghdr msg, size_t len,`
`2272`	`2269`	`}`
`2273`	`2270`
`2274`	`2271`	`pr_debug("block timeout %ld\n", timeo);`
	`2272`	`+ mptcp_cleanup_rbuf(msk, copied);`
`2275`	`2273`	`err = sk_wait_data(sk, &timeo, NULL);`
`2276`	`2274`	`if (err < 0) {`
`2277`	`2275`	`err = copied ? : err;`
`2278`	`2276`	`goto out_err;`
`2279`	`2277`	`}`
`2280`	`2278`	`}`
`2281`	`2279`
	`2280`	`+ mptcp_cleanup_rbuf(msk, copied);`
	`2281`	`+`
`2282`	`2282`	`out_err:`
`2283`	`2283`	`if (cmsg_flags && copied >= 0) {`
`2284`	`2284`	`if (cmsg_flags & MPTCP_CMSG_TS)`