mptcp: fix race in msk status update
authorPaolo Abeni <pabeni@redhat.com>
Fri, 24 Apr 2020 11:15:21 +0000 (13:15 +0200)
committerDavid S. Miller <davem@davemloft.net>
Sun, 26 Apr 2020 03:38:54 +0000 (20:38 -0700)
commit1200832c6e850a17f36631f6492f953a1b39e6b8
treeac7289c7ae0723ae43b97911c830be0efcac2cab
parentb2768df24ec400dd4f7fa79542f797e904812053
mptcp: fix race in msk status update

Currently subflow_finish_connect() changes unconditionally
any msk socket status other than TCP_ESTABLISHED.

If an unblocking connect() races with close(), we can end-up
triggering:

IPv4: Attempt to release TCP socket in state 1 00000000e32b8b7e

when the msk socket is disposed.

Be sure to enter the established status only from SYN_SENT.

Fixes: c3c123d16c0e ("net: mptcp: don't hang in mptcp_sendmsg() after TCP fallback")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/mptcp/subflow.c