Message ID | 1501740646.25002.31.camel@edumazet-glaptop3.roam.corp.google.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Wed, 02 Aug 2017 23:10:46 -0700 > From: Eric Dumazet <edumazet@google.com> > > syzkaller was able to trigger a divide by 0 in TCP stack [1] > > Issue here is that keepalive timer needs to be updated to not attempt > to send a probe if the connection setup was deferred using > TCP_FASTOPEN_CONNECT socket option added in linux-4.11 ... > Fixes: 19f6d3f3c842 ("net/tcp-fastopen: Add new API support") > Signed-off-by: Eric Dumazet <edumazet@google.com> > Reported-by: Dmitry Vyukov <dvyukov@google.com> Applied and queued up for -stable, thanks!
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c index c0feeeef962a..e906014890b6 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -652,7 +652,8 @@ static void tcp_keepalive_timer (unsigned long data) goto death; } - if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE) + if (!sock_flag(sk, SOCK_KEEPOPEN) || + ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_SYN_SENT))) goto out; elapsed = keepalive_time_when(tp);