From: Yuchung Cheng <ych...@google.com> Date: Wed, 25 Apr 2018 11:33:08 -0700
> The TCP repair sequence of operation is to first set the socket in > repair mode, then inject the TCP stats into the socket with repair > socket options, then call connect() to re-activate the socket. The > connect syscall simply returns and set state to ESTABLISHED > mode. As a result Fast Open is meaningless for TCP repair. > > However allowing sendto() system call with MSG_FASTOPEN flag half-way > during the repair operation could unexpectedly cause data to be > sent, before the operation finishes changing the internal TCP stats > (e.g. MSS). This in turn triggers TCP warnings on inconsistent > packet accounting. > > The fix is to simply disallow Fast Open operation once the socket > is in the repair mode. > > Reported-by: syzbot <syzkal...@googlegroups.com> > Signed-off-by: Yuchung Cheng <ych...@google.com> > Reviewed-by: Neal Cardwell <ncardw...@google.com> > Reviewed-by: Eric Dumazet <eduma...@google.com> Applied and queued up for -stable, thanks Yuchung.
