| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <lsq.1479082460.449854365@decadent.org.uk>
Date: Mon, 14 Nov 2016 00:14:20 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, "David S. Miller" <davem@...emloft.net>,
"Neal Cardwell" <ncardwell@...gle.com>,
"Eric Dumazet" <edumazet@...gle.com>,
"Yuchung Cheng" <ycheng@...gle.com>,
"Soheil Hassas Yeganeh" <soheil@...gle.com>
Subject: [PATCH 3.16 239/346] tcp: fastopen: fix rcv_wup initialization
for TFO server on SYN/data
3.16.39-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Neal Cardwell <ncardwell@...gle.com>
commit 28b346cbc0715ae45b2814d857f1d8a7e6817ed8 upstream.
Yuchung noticed that on the first TFO server data packet sent after
the (TFO) handshake, the server echoed the TCP timestamp value in the
SYN/data instead of the timestamp value in the final ACK of the
handshake. This problem did not happen on regular opens.
The tcp_replace_ts_recent() logic that decides whether to remember an
incoming TS value needs tp->rcv_wup to hold the latest receive
sequence number that we have ACKed (latest tp->rcv_nxt we have
ACKed). This commit fixes this issue by ensuring that a TFO server
properly updates tp->rcv_wup to match tp->rcv_nxt at the time it sends
a SYN/ACK for the SYN/data.
Reported-by: Yuchung Cheng <ycheng@...gle.com>
Signed-off-by: Neal Cardwell <ncardwell@...gle.com>
Signed-off-by: Yuchung Cheng <ycheng@...gle.com>
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@...gle.com>
Fixes: 168a8f58059a ("tcp: TCP Fast Open Server - main code path")
Signed-off-by: David S. Miller <davem@...emloft.net>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
net/ipv4/tcp_fastopen.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -213,6 +213,7 @@ static bool tcp_fastopen_create_child(st
}
}
tcp_rsk(req)->rcv_nxt = tp->rcv_nxt = end_seq;
+ tp->rcv_wup = tp->rcv_nxt;
sk->sk_data_ready(sk);
bh_unlock_sock(child);
sock_put(child);
Powered by blists - more mailing lists