Commit 475b9905 authored Nov 02, 2017 by Eric Dumazet Committed by Greg Kroah-Hartman Nov 24, 2017

tcp: do not mangle skb->cb[] in tcp_make_synack()




[ Upstream commit 3b11775033dc87c3d161996c54507b15ba26414a ]

Christoph Paasch sent a patch to address the following issue :

tcp_make_synack() is leaving some TCP private info in skb->cb[],
then send the packet by other means than tcp_transmit_skb()

tcp_transmit_skb() makes sure to clear skb->cb[] to not confuse
IPv4/IPV6 stacks, but we have no such cleanup for SYNACK.

tcp_make_synack() should not use tcp_init_nondata_skb() :

tcp_init_nondata_skb() really should be limited to skbs put in write/rtx
queues (the ones that are only sent via tcp_transmit_skb())

This patch fixes the issue and should even save few cpu cycles ;)

Fixes: 971f10ec ("tcp: better TCP_SKB_CB layout to reduce cache line misses")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent b4b4a3b6

net/ipv4/tcp_output.c

+2 −7

Original line number	Original line	Diff line number	Diff line
	@@ -2911,13 +2911,8 @@ struct sk_buff tcp_make_synack(struct sock sk, struct dst_entry *dst,
	tcp_ecn_make_synack(req, th, sk);		tcp_ecn_make_synack(req, th, sk);
	th->source = htons(ireq->ir_num);		th->source = htons(ireq->ir_num);
	th->dest = ireq->ir_rmt_port;		th->dest = ireq->ir_rmt_port;
	/* Setting of flags are superfluous here for callers (and ECE is		skb->ip_summed = CHECKSUM_PARTIAL;
	* not even correctly set)		th->seq = htonl(tcp_rsk(req)->snt_isn);
	*/
	tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn,
	TCPHDR_SYN \| TCPHDR_ACK);

	th->seq = htonl(TCP_SKB_CB(skb)->seq);
	/* XXX data is queued and acked as is. No buffer/window check */		/* XXX data is queued and acked as is. No buffer/window check */
	th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);		th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);