From 8f2a2ad65e633a082a0bc40c51ab61721136cdad Mon Sep 17 00:00:00 2001
From: Paolo Abeni <pabeni@redhat.com>
Date: Thu, 1 Feb 2024 18:54:43 +0100
Subject: [PATCH] DO-NOT-MERGE: mptcp: improve code coverage for CI

mptcp: use kmalloc on kasan build

  Helps detection UaF, which apparently kasan misses with kmem_cache
  allocator.

  We also need to always set the SOCK_RCU_FREE flag, to preserved the
  current code leveraging SLAB_TYPESAFE_BY_RCU. This latter change will
  make unreachable some existing errors path, but I don't see other
  options.

tcp: warn if tcp_done() is called on a closed socket

  This is an extra check mainly for the CIs: to make sure we don't call
  tcp_done() on an already closed socket as it happened in the past. If
  we do such call, better to catch the error earlier.

Co-developed-by: Matthieu Baerts <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/ipv4/tcp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 7e2481b9eae1b..3cd95a7d0d1e2 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4495,6 +4495,8 @@ void tcp_done(struct sock *sk)
 	 */
 	req = rcu_dereference_protected(tcp_sk(sk)->fastopen_rsk, 1);
 
+	WARN_ON_ONCE(sk->sk_state == TCP_CLOSE);
+
 	if (sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
 		TCP_INC_STATS(sock_net(sk), TCP_MIB_ATTEMPTFAILS);