lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <046a1b5d6087a4af6aa0e734dcf8312a4bab4a66.1749640237.git.jgh@exim.org>
Date: Wed, 11 Jun 2025 12:14:57 +0100
From: Jeremy Harris <jgh@...m.org>
To: netdev@...r.kernel.org
Cc: edumazet@...gle.com,
	ncardwell@...gle.com,
	Jeremy Harris <jgh@...m.org>
Subject: [PATCH net-next] tcp: fix TCP_DEFER_ACCEPT for Fast Open

The TCP_DEFER_ACCEPT socket option defers sending the 3rd-ack segment
for a connection until a data write (or timeout).  The existing
implementation works for traditional connections but not for Fast Open,
where the syn moves us to ESTABLISHED and data in the SYN then causes an
ACK to be sent.

Fix by adding checks in those ACK paths for the state set by the
setsockopt, and clear down that state when we send data.

Signed-off-by: Jeremy Harris <jgh@...m.org>
---
 net/ipv4/tcp.c        | 4 ++++
 net/ipv4/tcp_input.c  | 4 ++++
 net/ipv4/tcp_output.c | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f64f8276a73c..54096cc94fcd 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1499,6 +1499,10 @@ void __tcp_cleanup_rbuf(struct sock *sk, int copied)
 	struct tcp_sock *tp = tcp_sk(sk);
 	bool time_to_ack = false;
 
+	/* Avoid sending ACK if waiting for user data. */
+	if (READ_ONCE(inet_csk(sk)->icsk_accept_queue.rskq_defer_accept))
+		return;
+
 	if (inet_csk_ack_scheduled(sk)) {
 		const struct inet_connection_sock *icsk = inet_csk(sk);
 
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8ec92dec321a..8ebf15cffde9 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5776,6 +5776,10 @@ static void __tcp_ack_snd_check(struct sock *sk, int ofo_possible)
 	struct tcp_sock *tp = tcp_sk(sk);
 	unsigned long rtt, delay;
 
+	/* Avoid sending ACK if waiting for user data */
+	if (READ_ONCE(inet_csk(sk)->icsk_accept_queue.rskq_defer_accept))
+		return;
+
 	    /* More than one full frame received... */
 	if (((tp->rcv_nxt - tp->rcv_wup) > inet_csk(sk)->icsk_ack.rcv_mss &&
 	     /* ... and right edge of window advances far enough.
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 3ac8d2d17e1f..89f8068d32c5 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2752,6 +2752,8 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
 	int result;
 	bool is_cwnd_limited = false, is_rwnd_limited = false;
 
+	WRITE_ONCE(inet_csk(sk)->icsk_accept_queue.rskq_defer_accept, 0);
+
 	sent_pkts = 0;
 
 	tcp_mstamp_refresh(tp);

base-commit: 0097c4195b1d0ca57d15979626c769c74747b5a0
-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ