From: Florian Westphal <f...@strlen.de>
Can't use tcp_poll directly:
BUG: KASAN: slab-out-of-bounds in tcp_poll+0x17f/0x540
Read of size 4 at addr ffff88806ac5e50c by task mptcp_connect/2085
Call Trace:
tcp_poll+0x17f/0x540
sock_poll+0x152/0x180
Signed-off-by: Florian Westphal <f...@strlen.de>
---
net/mptcp/protocol.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 95c302c59d2e..07508d060b3d 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -257,6 +257,36 @@ static int mptcp_stream_connect(struct socket *sock,
struct sockaddr *uaddr,
return inet_stream_connect(msk->subflow, uaddr, addr_len, flags);
}
+static __poll_t mptcp_poll(struct file *file, struct socket *sock,
+ struct poll_table_struct *wait)
+{
+ struct mptcp_subflow_context *subflow;
+ const struct mptcp_sock *msk;
+ struct sock *sk = sock->sk;
+ struct socket *ssock;
+ __poll_t ret = 0;
+
+ msk = mptcp_sk(sk);
+ lock_sock(sk);
+ ssock = __mptcp_fallback_get_ref(msk);
+ if (ssock) {
+ release_sock(sk);
+ ret = tcp_poll(file, ssock, wait);
+ sock_put(ssock->sk);
+ return ret;
+ }
+
+ mptcp_for_each_subflow(msk, subflow) {
+ struct socket *tcp_sock;
+
+ tcp_sock = mptcp_subflow_tcp_socket(subflow);
+ ret |= tcp_poll(file, tcp_sock, wait);
+ }
+ release_sock(sk);
+
+ return ret;
+}
+
static struct proto_ops mptcp_stream_ops;
static struct inet_protosw mptcp_protosw = {
@@ -273,6 +303,7 @@ void __init mptcp_init(void)
mptcp_stream_ops = inet_stream_ops;
mptcp_stream_ops.bind = mptcp_bind;
mptcp_stream_ops.connect = mptcp_stream_connect;
+ mptcp_stream_ops.poll = mptcp_poll;
mptcp_subflow_init();
--
2.23.0
