Skip to content

Commit d7995c2

Browse files
kuba-mookuba-moo
committed
Merge branch 'tcp-clear-tcp_sk-sk-fastopen_rsk-in-tcp_disconnect'
Kuniyuki Iwashima says: ==================== tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported a warning in tcp_retransmit_timer() for TCP Fast Open socket. Patch 1 fixes the issue and Patch 2 adds a test for the scenario. ==================== Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2 parents a72175c + 1fd0362 commit d7995c2

File tree

2 files changed

+31
-0
lines changed

2 files changed

+31
-0
lines changed

net/ipv4/tcp.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3327,6 +3327,7 @@ int tcp_disconnect(struct sock *sk, int flags)
33273327
struct inet_connection_sock *icsk = inet_csk(sk);
33283328
struct tcp_sock *tp = tcp_sk(sk);
33293329
int old_state = sk->sk_state;
3330+
struct request_sock *req;
33303331
u32 seq;
33313332

33323333
if (old_state != TCP_CLOSE)
@@ -3442,6 +3443,10 @@ int tcp_disconnect(struct sock *sk, int flags)
34423443

34433444

34443445
/* Clean up fastopen related fields */
3446+
req = rcu_dereference_protected(tp->fastopen_rsk,
3447+
lockdep_sock_is_held(sk));
3448+
if (req)
3449+
reqsk_fastopen_remove(sk, req, false);
34453450
tcp_free_fastopen_req(tp);
34463451
inet_clear_bit(DEFER_CONNECT, sk);
34473452
tp->fastopen_client_fail = 0;

tools/testing/selftests/net/packetdrill/tcp_fastopen_server_reset-after-disconnect.pkt

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
// SPDX-License-Identifier: GPL-2.0
2+
`./defaults.sh
3+
./set_sysctls.py /proc/sys/net/ipv4/tcp_fastopen=0x602 /proc/sys/net/ipv4/tcp_timestamps=0`
4+
5+
0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3
6+
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
7+
+0 bind(3, ..., ...) = 0
8+
+0 listen(3, 1) = 0
9+
10+
+0 < S 0:10(10) win 32792 <mss 1460,nop,nop,sackOK>
11+
+0 > S. 0:0(0) ack 11 win 65535 <mss 1460,nop,nop,sackOK>
12+
13+
// sk->sk_state is TCP_SYN_RECV
14+
+.1 accept(3, ..., ...) = 4
15+
16+
// tcp_disconnect() sets sk->sk_state to TCP_CLOSE
17+
+0 connect(4, AF_UNSPEC, ...) = 0
18+
+0 > R. 1:1(0) ack 11 win 65535
19+
20+
// connect() sets sk->sk_state to TCP_SYN_SENT
21+
+0 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
22+
+0 connect(4, ..., ...) = -1 EINPROGRESS (Operation is now in progress)
23+
+0 > S 0:0(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 8>
24+
25+
// tp->fastopen_rsk must be NULL
26+
+1 > S 0:0(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 8>

0 commit comments

Comments
 (0)