From: Florian Westphal <f...@strlen.de>
Can't use tcp_poll directly:
BUG: KASAN: slab-out-of-bounds in tcp_poll+0x17f/0x540
Read of size 4 at addr ffff88806ac5e50c by task mptcp_connect/2085
Call Trace:
tcp_poll+0x17f/0x540
sock_poll+0x152/0x180
Signed-off-by: Florian Westphal <f...@strlen.de>
---
net/mptcp/protocol.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 56637e4474da..3d9cd52e3e1e 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -181,6 +181,19 @@ static int mptcp_stream_connect(struct socket *sock,
struct sockaddr *uaddr,
return inet_stream_connect(msk->subflow, uaddr, addr_len, flags);
}
+static __poll_t mptcp_poll(struct file *file, struct socket *sock,
+ struct poll_table_struct *wait)
+{
+ const struct mptcp_sock *msk;
+ struct sock *sk = sock->sk;
+
+ msk = mptcp_sk(sk);
+ if (msk->subflow)
+ return tcp_poll(file, msk->subflow, wait);
+
+ return tcp_poll(file, msk->connection_list, wait);
+}
+
static struct proto_ops mptcp_stream_ops;
static struct inet_protosw mptcp_protosw = {
@@ -197,6 +210,7 @@ void __init mptcp_init(void)
mptcp_stream_ops = inet_stream_ops;
mptcp_stream_ops.bind = mptcp_bind;
mptcp_stream_ops.connect = mptcp_stream_connect;
+ mptcp_stream_ops.poll = mptcp_poll;
subflow_init();
--
2.22.0
