Re: [PATCH net v2 2/3] bpf,sockmap: disallow MPTCP sockets from sockmap updates

Tue, 21 Oct 2025 05:19:03 -0700 

October 21, 2025 at 18:49, "Jakub Sitnicki" <[email protected] 
mailto:[email protected]?to=%22Jakub%20Sitnicki%22%20%3Cjakub%40cloudflare.com%3E
 > wrote:

> 
> On Mon, Oct 20, 2025 at 02:04 PM +08, Jiayuan Chen wrote:
> 
> > 
> > MPTCP creates subflows for data transmission, and these sockets should not
> >  be added to sockmap because MPTCP sets specialized data_ready handlers
> >  that would be overridden by sockmap.
> > 
> >  Additionally, for the parent socket of MPTCP subflows (plain TCP socket),
> >  MPTCP sk requires specific protocol handling that conflicts with sockmap's
> >  operation(mptcp_prot).
> > 
> >  This patch adds proper checks to reject MPTCP subflows and their parent
> >  sockets from being added to sockmap, while preserving compatibility with
> >  reuseport functionality for listening MPTCP sockets.
> > 
> >  Fixes: 0b4f33def7bb ("mptcp: fix tcp fallback crash")
> >  Signed-off-by: Jiayuan Chen <[email protected]>
> >  ---
> >  net/core/sock_map.c | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> > 
> >  diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> >  index 5947b38e4f8b..da21deb970b3 100644
> >  --- a/net/core/sock_map.c
> >  +++ b/net/core/sock_map.c
> >  @@ -535,6 +535,15 @@ static bool sock_map_redirect_allowed(const struct 
> > sock *sk)
> >  
> >  static bool sock_map_sk_is_suitable(const struct sock *sk)
> >  {
> >  + if ((sk_is_tcp(sk) && sk_is_mptcp(sk)) /* subflow */ ||
> >  + (sk->sk_protocol == IPPROTO_MPTCP && sk->sk_state != TCP_LISTEN)) {
> >  + /* Disallow MPTCP subflows and their parent socket.
> >  + * However, a TCP_LISTEN MPTCP socket is permitted because
> >  + * sockmap can also serve for reuseport socket selection.
> >  + */
> >  + pr_err_once("sockmap: MPTCP sockets are not supported\n");
> >  + return false;
> >  + }
> >  return !!sk->sk_prot->psock_update_sk_prot;
> >  }
> > 
> You're checking sk_state without sk_lock held. That doesn't seem right.
> Take a look how we always call sock_map_sk_state_allowed() after
> grabbing the lock.
> Same might apply to sk_is_mptcp(). Please double check.
>

Thank you for the suggestion. It seems more appropriate to place this logic
inside sock_map_sk_state_allowed().

Reply via email to