net: tcp: Close the connection unconditionally on forced close

rlubos · cfriedt · commit ba6387fcd6be · 2025-11-12T19:00:20.000-05:00
The current approach was buggy, for example the TCP context could be
unrefed twice in case of forced close. Or in case of a race, when the
application closed the socket first, the TCP context wouldn't be
dereferenced at all.

Calling the tcp_conn_close() unconditionally in case of forced close
solves all those issues.

Signed-off-by: Robert Lubos &lt;robert.lubos@nordicsemi.no&gt;
diff --git a/subsys/net/ip/tcp.c b/subsys/net/ip/tcp.c
@@ -3705,6 +3705,17 @@ int net_tcp_put(struct net_context *context, bool force_close)
 		({ const char *state = net_context_state(context);
 					state ? state : "<unknown>"; }));
 
+	if (force_close) {
+		k_work_cancel_delayable(&conn->send_data_timer);
+		keep_alive_timer_stop(conn);
+
+		k_mutex_unlock(&conn->lock);
+
+		tcp_conn_close(conn, -ENETRESET);
+
+		return 0;
+	}
+
 	if (conn->state == TCP_ESTABLISHED ||
 	    conn->state == TCP_SYN_RECEIVED) {
 		/* Send all remaining data if possible. */
@@ -3713,43 +3724,26 @@ int net_tcp_put(struct net_context *context, bool force_close)
 				conn->send_data_total);
 			conn->in_close = true;
 
-			if (force_close) {
-				k_work_cancel_delayable(&conn->send_data_timer);
-
-				keep_alive_timer_stop(conn);
-				tcp_conn_close(conn, -ENETRESET);
-			} else {
-				/* How long to wait until all the data has been sent?
-				 */
-				k_work_reschedule_for_queue(&tcp_work_q,
-							    &conn->send_data_timer,
-							    K_MSEC(TCP_RTO_MS));
-			}
+			/* How long to wait until all the data has been sent? */
+			k_work_reschedule_for_queue(&tcp_work_q,
+						    &conn->send_data_timer,
+						    K_MSEC(TCP_RTO_MS));
 
 		} else {
-			if (force_close) {
-				NET_DBG("[%p] TCP connection in %s close, "
-					"disposing immediately",
-					conn, "forced");
-
-				keep_alive_timer_stop(conn);
-				tcp_conn_close(conn, -ENETRESET);
-			} else {
-				NET_DBG("[%p] TCP connection in %s close, "
-					"not disposing yet (waiting %dms)",
-					conn, "active", tcp_max_timeout_ms);
-				k_work_reschedule_for_queue(&tcp_work_q,
-							    &conn->fin_timer,
-							    FIN_TIMEOUT);
+			NET_ERR("[%p] TCP connection in %s close, "
+				"not disposing yet (waiting %dms)",
+				conn, "active", tcp_max_timeout_ms);
+			k_work_reschedule_for_queue(&tcp_work_q,
+							&conn->fin_timer,
+							FIN_TIMEOUT);
 
-				tcp_out(conn, FIN | ACK);
-				conn_seq(conn, + 1);
-				tcp_setup_retransmission(conn);
+			tcp_out(conn, FIN | ACK);
+			conn_seq(conn, + 1);
+			tcp_setup_retransmission(conn);
 
-				conn_state(conn, TCP_FIN_WAIT_1);
+			conn_state(conn, TCP_FIN_WAIT_1);
 
-				keep_alive_timer_stop(conn);
-			}
+			keep_alive_timer_stop(conn);
 		}
 	} else if (conn->in_connect) {
 		conn->in_connect = false;
