Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2057350imm; Thu, 24 May 2018 05:11:58 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqrEaMWKAEY4DcN7qnwIDAf8T32R631LIWQCw/09MAzcDa6iWf+9KAzVvkSWBxQEglMmzlr X-Received: by 2002:a62:2417:: with SMTP id r23-v6mr7024160pfj.108.1527163918022; Thu, 24 May 2018 05:11:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527163917; cv=none; d=google.com; s=arc-20160816; b=XBqG86vu+lE+MLxrUbdGWuWaM8RiyB8mPKu8DWC4OqH6zLqeAjuFuht/pv/feQTSfZ c0qf4qJlWb68pkKhc7bh6wKVtIxugELdEuaMzyoO/e2rsPO46Q6wupYZI6fBmRTmwzIl xC6zMr/JvnzgXeeiKx96uxBOQ5f1HT3WPt6WjFntePXp1aU+KI/VDb6Lx90hys+yQ8LK 1QPL2EWNa/KsASvziYZCfMNa45+dmmEIIWF2cN4x5tQ40Dx8QU5UXhjBBzeO8c8+iiKq IvdxcwcvBdJVqx2VQ1mohdnGtpnBqcfy2FkzYA0A6SSH60vr/T6jm+3P1UWKArLKKCWL YxRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=53xBQJNV5rL66GQnQGMxDf49pPExt0DxcBeEyl/c0ro=; b=wuRdEDxOnxclMK3XNYy6H/sVYuu94dfDKJqihaOOT5NIoq5Xl7qMYJ94Dqg6ZIxxWy jjO0wbaxI8kA01yBfZzeTVLWp1O8h7gFgBFTFGOVO+Q5WvXhLkRHL8w2zaWoILl4bSEF LqbkIBBXqDwaNCPadL6zCNpp8RhqvIWSmSxX2WQJpM2PbqyGI9wzfCNcC0rQ55KyTyJl JSPMQPzisNAQO6MbkWOwzPJp/T4nlAMmvlzn6rpZPvspdKNRxWnjnYg3blyU3QW1GgQr TBEo4q2/KTzkhnx78ozX8dOh8sC12+iliWiY0WMeG/7mkmV3VHIemx0xrKajhjKn0E/Y W6aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bv+GnpAO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 89-v6si21187556pfs.362.2018.05.24.05.11.42; Thu, 24 May 2018 05:11:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bv+GnpAO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966506AbeEXMK6 (ORCPT + 99 others); Thu, 24 May 2018 08:10:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:54736 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965925AbeEXJnP (ORCPT ); Thu, 24 May 2018 05:43:15 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 461AC2089C; Thu, 24 May 2018 09:43:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527154994; bh=b07qz1Q5aN5t4pC4RafSGSSgHSp0cX6snZKuBdfvE6U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bv+GnpAOvTsWIcxuuzy7uCHuByvS9D7Jc+HQWEyfJw3eamKIUR64UdjaoauGBXTlf w1YM5iZuMcYe8W5qeVRen+CI8T7wAKgsUZt7bj/V4xxGKN9n1OUk4LakpoSVpA94jH 7NWu2xfY1nbxVKK48/k0dZcWlZhh5PahqTT9F0r4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot , Yuchung Cheng , Neal Cardwell , Eric Dumazet , "David S. Miller" Subject: [PATCH 4.4 17/92] tcp: ignore Fast Open on repair mode Date: Thu, 24 May 2018 11:37:54 +0200 Message-Id: <20180524093200.749702545@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093159.286472249@linuxfoundation.org> References: <20180524093159.286472249@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Yuchung Cheng [ Upstream commit 16ae6aa1705299789f71fdea59bfb119c1fbd9c0 ] The TCP repair sequence of operation is to first set the socket in repair mode, then inject the TCP stats into the socket with repair socket options, then call connect() to re-activate the socket. The connect syscall simply returns and set state to ESTABLISHED mode. As a result Fast Open is meaningless for TCP repair. However allowing sendto() system call with MSG_FASTOPEN flag half-way during the repair operation could unexpectedly cause data to be sent, before the operation finishes changing the internal TCP stats (e.g. MSS). This in turn triggers TCP warnings on inconsistent packet accounting. The fix is to simply disallow Fast Open operation once the socket is in the repair mode. Reported-by: syzbot Signed-off-by: Yuchung Cheng Reviewed-by: Neal Cardwell Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1108,7 +1108,7 @@ int tcp_sendmsg(struct sock *sk, struct lock_sock(sk); flags = msg->msg_flags; - if (flags & MSG_FASTOPEN) { + if ((flags & MSG_FASTOPEN) && !tp->repair) { err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size); if (err == -EINPROGRESS && copied_syn > 0) goto out;