| Message ID | 20180425183308.70232-1-ycheng@google.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] tcp: ignore Fast Open on repair mode | expand |
From: Yuchung Cheng <ycheng@google.com> Date: Wed, 25 Apr 2018 11:33:08 -0700 > The TCP repair sequence of operation is to first set the socket in > repair mode, then inject the TCP stats into the socket with repair > socket options, then call connect() to re-activate the socket. The > connect syscall simply returns and set state to ESTABLISHED > mode. As a result Fast Open is meaningless for TCP repair. > > However allowing sendto() system call with MSG_FASTOPEN flag half-way > during the repair operation could unexpectedly cause data to be > sent, before the operation finishes changing the internal TCP stats > (e.g. MSS). This in turn triggers TCP warnings on inconsistent > packet accounting. > > The fix is to simply disallow Fast Open operation once the socket > is in the repair mode. > > Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Yuchung Cheng <ycheng@google.com> > Reviewed-by: Neal Cardwell <ncardwell@google.com> > Reviewed-by: Eric Dumazet <edumazet@google.com> Applied and queued up for -stable, thanks Yuchung.
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 9ce1c726185e..4b18ad41d4df 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1204,7 +1204,8 @@ int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size) uarg->zerocopy = 0; } - if (unlikely(flags & MSG_FASTOPEN || inet_sk(sk)->defer_connect)) { + if (unlikely(flags & MSG_FASTOPEN || inet_sk(sk)->defer_connect) && + !tp->repair) { err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size); if (err == -EINPROGRESS && copied_syn > 0) goto out;