From: Yuchung Cheng <[email protected]> Date: Wed, 25 Apr 2018 11:33:08 -0700
> The TCP repair sequence of operation is to first set the socket in > repair mode, then inject the TCP stats into the socket with repair > socket options, then call connect() to re-activate the socket. The > connect syscall simply returns and set state to ESTABLISHED > mode. As a result Fast Open is meaningless for TCP repair. > > However allowing sendto() system call with MSG_FASTOPEN flag half-way > during the repair operation could unexpectedly cause data to be > sent, before the operation finishes changing the internal TCP stats > (e.g. MSS). This in turn triggers TCP warnings on inconsistent > packet accounting. > > The fix is to simply disallow Fast Open operation once the socket > is in the repair mode. > > Reported-by: syzbot <[email protected]> > Signed-off-by: Yuchung Cheng <[email protected]> > Reviewed-by: Neal Cardwell <[email protected]> > Reviewed-by: Eric Dumazet <[email protected]> Applied and queued up for -stable, thanks Yuchung.
