Page MenuHomeFreeBSD
Differential D51425

tcp: fix the test that a duplicate ACK has no data
ClosedPublic
Actions

Authored by tuexen on Sat, Jul 19, 2:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Aug 8, 1:06 PM
Unknown Object (File)
Mon, Jul 28, 10:17 PM
Unknown Object (File)
Mon, Jul 28, 8:46 PM
Unknown Object (File)
Mon, Jul 28, 8:40 PM
Unknown Object (File)
Mon, Jul 28, 8:28 PM
Unknown Object (File)
Mon, Jul 28, 6:42 PM
Unknown Object (File)
Mon, Jul 28, 5:33 PM
Unknown Object (File)
Mon, Jul 28, 5:27 PM
View All 19 Files
Subscribers
glebius
imp
melifaro

Details

Reviewers
rscheff
cc
peter.lei_ieee.org
rrs
lstewart
Group Reviewers
transport
Commits
rGe46c15a0f848: tcp: fix the test that a duplicate ACK has no data
Summary

When processing a TCP segment, data is removed from the head or the tail. The test whether a segment has no data on it, should depend on the status of the TCP before the removal. Without this, received segments might be used to trigger a fast retransmit when they should not.

This will fix another instance of the sent too much panic experienced by syzkaller. Based on the ddb output a packetdrill reproducer was constructed.

Reported by: syzbot+fc97a2b5a0f7ea161161@syzkaller.appspotmail.com

Test Plan
--ip_version=ipv4
--mtu=1460

 0.000 `sysctl -w net.inet.tcp.hostcache.purgenow=1`
+0.000 `sysctl kern.timecounter.alloweddeviation=0`

+0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0.000 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
+0.000 setsockopt(3, IPPROTO_TCP, TCP_LOG, [TCP_LOG_STATE_CONTINUAL], 4) = 0
+0.000 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0.000 bind(3, ..., ...) = 0
+0.000 connect(3, ..., ...) = -1 EINPROGRESS (Operation now in progress)
+0.000 > S      0:0(0)                  win 65535 <mss 1460,nop,wscale 6,sackOK,TS val 1000 ecr 0>
+0.050 < S.     0:0(0)        ack     1 win 65535 <mss 1420,nop,wscale 6,sackOK,TS val 5000 ecr 1000>
+0.000 >  .     1:1(0)        ack     1 win  1043 <nop,nop,TS val 1050 ecr 5000>
+0.100 send(3, ..., 56, 0) = 56
+0.000 > P.     1:57(56)      ack     1 win  1043 <nop,nop,TS val 1150 ecr 5000>
+0.040 < P.     1:57(56)      ack     1 win  1043 <nop,nop,TS val 5140 ecr 1150>
// Delayed ack timer runs off
+0.040 >  .    57:57(0)       ack    57 win  1043 <nop,nop,TS val 1230 ecr 5140>
// Retransmission timer runs off
+0.270 > P.     1:57(56)      ack    57 win  1043 <nop,nop,TS val 1500 ecr 5140>
+0.003 send(3, ..., 1800, 0) = 1800
+0.045 < P.     1:57(56)      ack     1 win  1043 <nop,nop,TS val 5497 ecr 1150>
+0.000 >  .    57:1409(1352)  ack    57 win  1043 <nop,nop,TS val 1548 ecr 5497, nop,nop,sack 1:57>
+0.050 <  .    57:57(0)       ack  1409 win  1043 <nop,nop,TS val 5547 ecr 1548>
+0.000 > P.  1409:1857(448)   ack    57 win  1043 <nop,nop,TS val 1598 ecr 5547>
+0.050 <  .    57:57(0)       ack  1857 win  1043 <nop,nop,TS val 5597 ecr 1598>
+1.000 close(3) = 0
+0.000 > F.  1857:1857(0)     ack    57 win  1043 <nop,nop,TS val 1598 ecr 5547>
+0.050 < F.    57:57(0)       ack  1858 win  1043 <nop,nop,TS val 5647 ecr 1598>
+0.000 >  .  1858:1858(0)     ack    58 win  1043 <nop,nop,TS val 1648 ecr 5647>

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
netinet/
9 lines

Diff 158786

View Options

sys/netinet/tcp_input.c

Loading...