tcp: avoid too many retransmit packets

PlaidCat · PlaidCat · commit c8a9eb772016 · 2025-06-06T13:30:52.000-04:00
jira LE-3201 cve CVE-2024-41007 Rebuild_History Non-Buildable kernel-rt-4.18.0-553.22.1.rt7.363.el8_10 commit-author Eric Dumazet <edumazet@google.com> commit 97a9063 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/97a90635.failed If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Fixes: b701a99 ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Reviewed-by: Jason Xing <kerneljasonxing@gmail.com> Reviewed-by: Jon Maxwell <jmaxwell37@gmail.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://patch.msgid.link/20240710001402.2758273-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 97a9063) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # net/ipv4/tcp_timer.c
diff --git a/ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/97a90635.failed b/ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/97a90635.failed
@@ -0,0 +1,83 @@
+tcp: avoid too many retransmit packets
+
+jira LE-3201
+cve CVE-2024-41007
+Rebuild_History Non-Buildable kernel-rt-4.18.0-553.22.1.rt7.363.el8_10
+commit-author Eric Dumazet <edumazet@google.com>
+commit 97a9063518f198ec0adb2ecb89789de342bb8283
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-rt-4.18.0-553.22.1.rt7.363.el8_10/97a90635.failed
+
+If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
+retracted its window to zero, tcp_retransmit_timer() can
+retransmit a packet every two jiffies (2 ms for HZ=1000),
+for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
+
+The fix is to make sure tcp_rtx_probe0_timed_out() takes
+icsk->icsk_user_timeout into account.
+
+Before blamed commit, the socket would not timeout after
+icsk->icsk_user_timeout, but would use standard exponential
+backoff for the retransmits.
+
+Also worth noting that before commit e89688e3e978 ("net: tcp:
+fix unexcepted socket die when snd_wnd is 0"), the issue
+would last 2 minutes instead of 4.
+
+Fixes: b701a99e431d ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy")
+	Signed-off-by: Eric Dumazet <edumazet@google.com>
+	Cc: Neal Cardwell <ncardwell@google.com>
+	Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
+	Reviewed-by: Jon Maxwell <jmaxwell37@gmail.com>
+	Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
+Link: https://patch.msgid.link/20240710001402.2758273-1-edumazet@google.com
+	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+(cherry picked from commit 97a9063518f198ec0adb2ecb89789de342bb8283)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	net/ipv4/tcp_timer.c
+diff --cc net/ipv4/tcp_timer.c
+index c8ceb32ca8de,892c86657fbc..000000000000
+--- a/net/ipv4/tcp_timer.c
++++ b/net/ipv4/tcp_timer.c
+@@@ -420,13 -480,29 +420,35 @@@ static void tcp_fastopen_synack_timer(s
+  }
+  
+  static bool tcp_rtx_probe0_timed_out(const struct sock *sk,
+ -				     const struct sk_buff *skb,
+ -				     u32 rtx_delta)
+ +				     const struct sk_buff *skb)
+  {
++ 	const struct inet_connection_sock *icsk = inet_csk(sk);
++ 	u32 user_timeout = READ_ONCE(icsk->icsk_user_timeout);
+  	const struct tcp_sock *tp = tcp_sk(sk);
+++<<<<<<< HEAD
+ +	const int timeout = TCP_RTO_MAX * 2;
+ +	u32 rcv_delta, rtx_delta;
+ +
+ +	rcv_delta = inet_csk(sk)->icsk_timeout - tp->rcv_tstamp;
+++=======
++ 	int timeout = TCP_RTO_MAX * 2;
++ 	s32 rcv_delta;
++ 
++ 	if (user_timeout) {
++ 		/* If user application specified a TCP_USER_TIMEOUT,
++ 		 * it does not want win 0 packets to 'reset the timer'
++ 		 * while retransmits are not making progress.
++ 		 */
++ 		if (rtx_delta > user_timeout)
++ 			return true;
++ 		timeout = min_t(u32, timeout, msecs_to_jiffies(user_timeout));
++ 	}
++ 	/* Note: timer interrupt might have been delayed by at least one jiffy,
++ 	 * and tp->rcv_tstamp might very well have been written recently.
++ 	 * rcv_delta can thus be negative.
++ 	 */
++ 	rcv_delta = icsk->icsk_timeout - tp->rcv_tstamp;
+++>>>>>>> 97a9063518f1 (tcp: avoid too many retransmit packets)
+  	if (rcv_delta <= timeout)
+  		return false;
+  
+* Unmerged path net/ipv4/tcp_timer.c
