From patchwork Thu Nov 28 03:10:05 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tung Quang Nguyen <tung.q.nguyen@dektech.com.au>
X-Patchwork-Id: 1201874
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=dektech.com.au
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=dektech.com.au header.i=@dektech.com.au
	header.b="UIs2qGcY"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 47Njjp3nFDz9sPc
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 28 Nov 2019 14:26:54 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727259AbfK1DYR (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 27 Nov 2019 22:24:17 -0500
Received: from f0-dek.dektech.com.au ([210.10.221.142]:32772 "EHLO
	mail.dektech.com.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1727149AbfK1DYO (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 27 Nov 2019 22:24:14 -0500
Received: from localhost (localhost [127.0.0.1])
	by mail.dektech.com.au (Postfix) with ESMTP id 788D94B9CD;
	Thu, 28 Nov 2019 14:10:11 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dektech.com.au;
	h=references:in-reply-to:x-mailer:message-id:date:date:subject
	:subject:from:from:received:received:received; s=mail_dkim; t=
	1574910611; bh=Cl/wowvmXOEHZUNtC64yXbBRXOZxkt+do4ooV8eAWLo=; b=U
	Is2qGcY5P1Ly0OG8G/op+be7RGaQy6r+ZaT4sDnK7JWDRC8pIvz+Yyvz4XzdNQMd
	9aRcKJVIzEd5J21AMvCSCJVnr5up0S8Z4WZtyQGkc3NQZ27Q31jQ4dDLvVMqTZsI
	zKmBLDOyMqCDV25Xpkus4UNCoS4nr7uSh8zld/OIm8=
X-Virus-Scanned: amavisd-new at dektech.com.au
Received: from mail.dektech.com.au ([127.0.0.1])
	by localhost (mail2.dektech.com.au [127.0.0.1]) (amavisd-new,
	port 10026)
	with ESMTP id RMQ2jDgjxGz1; Thu, 28 Nov 2019 14:10:11 +1100 (AEDT)
Received: from mail.dektech.com.au (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPS id 5DFD34B9CE;
	Thu, 28 Nov 2019 14:10:11 +1100 (AEDT)
Received: from ubuntu.dek-tpc.internal (unknown [14.161.14.188])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPSA id CDBF94B9CD;
	Thu, 28 Nov 2019 14:10:10 +1100 (AEDT)
From: Tung Nguyen <tung.q.nguyen@dektech.com.au>
To: davem@davemloft.net, netdev@vger.kernel.org,
	tipc-discussion@lists.sourceforge.net
Subject: [tipc-discussion] [net v1 1/4] tipc: fix potential memory leak in
	__tipc_sendmsg()
Date: Thu, 28 Nov 2019 10:10:05 +0700
Message-Id: <20191128031008.2045-2-tung.q.nguyen@dektech.com.au>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
References: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

When initiating a connection message to a server side, the connection
message is cloned and added to the socket write queue. However, if the
cloning is failed, only the socket write queue is purged. It causes
memory leak because the original connection message is not freed.

This commit fixes it by purging the list of connection message when
it cannot be cloned.

Fixes: 6787927475e5 ("tipc: buffer overflow handling in listener socket")
Reported-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
---
 net/tipc/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index a1c8d722ca20..7baed2c2c93d 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1447,8 +1447,10 @@ static int __tipc_sendmsg(struct socket *sock, struct msghdr *m, size_t dlen)
 	rc = tipc_msg_build(hdr, m, 0, dlen, mtu, &pkts);
 	if (unlikely(rc != dlen))
 		return rc;
-	if (unlikely(syn && !tipc_msg_skb_clone(&pkts, &sk->sk_write_queue)))
+	if (unlikely(syn && !tipc_msg_skb_clone(&pkts, &sk->sk_write_queue))) {
+		__skb_queue_purge(&pkts);
 		return -ENOMEM;
+	}
 
 	trace_tipc_sk_sendmsg(sk, skb_peek(&pkts), TIPC_DUMP_SK_SNDQ, " ");
 	rc = tipc_node_xmit(net, &pkts, dnode, tsk->portid);

From patchwork Thu Nov 28 03:10:06 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tung Quang Nguyen <tung.q.nguyen@dektech.com.au>
X-Patchwork-Id: 1201872
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=dektech.com.au
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=dektech.com.au header.i=@dektech.com.au
	header.b="Igr72pBA"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 47Njjn2TF2z9sPn
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 28 Nov 2019 14:26:53 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727198AbfK1DYO (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 27 Nov 2019 22:24:14 -0500
Received: from f0-dek.dektech.com.au ([210.10.221.142]:32835 "EHLO
	mail.dektech.com.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1727158AbfK1DYO (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 27 Nov 2019 22:24:14 -0500
Received: from localhost (localhost [127.0.0.1])
	by mail.dektech.com.au (Postfix) with ESMTP id 554E74B9CE;
	Thu, 28 Nov 2019 14:10:12 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dektech.com.au;
	h=references:in-reply-to:x-mailer:message-id:date:date:subject
	:subject:from:from:received:received:received; s=mail_dkim; t=
	1574910612; bh=Sw2Vgr5NV1VBdyDW0t95lQSFCjtXjdlYSHiNMpVWzk0=; b=I
	gr72pBAgwGDTXiPoBK3zHBoGJrlFTfVB4LY96Jnunw53jMh6waKJIa6ZQOsRkytk
	fPB5uo/vL7jwiCkU2cO9pzTVkto6v1tR9ailFqp74ldLEQTD/6NG/1OZ/kPsEYk8
	RcFSoBMUv/vX8/5F827+uhuD0nSb73TYZP0vm22xZY=
X-Virus-Scanned: amavisd-new at dektech.com.au
Received: from mail.dektech.com.au ([127.0.0.1])
	by localhost (mail2.dektech.com.au [127.0.0.1]) (amavisd-new,
	port 10026)
	with ESMTP id vPV-rGFSNMdk; Thu, 28 Nov 2019 14:10:12 +1100 (AEDT)
Received: from mail.dektech.com.au (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPS id 38F6A4B9CF;
	Thu, 28 Nov 2019 14:10:12 +1100 (AEDT)
Received: from ubuntu.dek-tpc.internal (unknown [14.161.14.188])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPSA id 9CEB34B9CE;
	Thu, 28 Nov 2019 14:10:11 +1100 (AEDT)
From: Tung Nguyen <tung.q.nguyen@dektech.com.au>
To: davem@davemloft.net, netdev@vger.kernel.org,
	tipc-discussion@lists.sourceforge.net
Subject: [tipc-discussion] [net v1 2/4] tipc: fix wrong socket reference
	counter after tipc_sk_timeout() returns
Date: Thu, 28 Nov 2019 10:10:06 +0700
Message-Id: <20191128031008.2045-3-tung.q.nguyen@dektech.com.au>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
References: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

When tipc_sk_timeout() is executed but user space is grabbing
ownership, this function rearms itself and returns. However, the
socket reference counter is not reduced. This causes potential
unexpected behavior.

This commit fixes it by calling sock_put() before tipc_sk_timeout()
returns in the above-mentioned case.

Fixes: afe8792fec69 ("tipc: refactor function tipc_sk_timeout()")
Signed-off-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
---
 net/tipc/socket.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 7baed2c2c93d..fb5595081a05 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2759,6 +2759,7 @@ static void tipc_sk_timeout(struct timer_list *t)
 	if (sock_owned_by_user(sk)) {
 		sk_reset_timer(sk, &sk->sk_timer, jiffies + HZ / 20);
 		bh_unlock_sock(sk);
+		sock_put(sk);
 		return;
 	}
 

From patchwork Thu Nov 28 03:10:07 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tung Quang Nguyen <tung.q.nguyen@dektech.com.au>
X-Patchwork-Id: 1201875
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=dektech.com.au
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=dektech.com.au header.i=@dektech.com.au
	header.b="MPimndOP"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 47Njjp757nz9sPn
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 28 Nov 2019 14:26:54 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727287AbfK1DYT (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 27 Nov 2019 22:24:19 -0500
Received: from f0-dek.dektech.com.au ([210.10.221.142]:32783 "EHLO
	mail.dektech.com.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1727141AbfK1DYO (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 27 Nov 2019 22:24:14 -0500
X-Greylist: delayed 838 seconds by postgrey-1.27 at vger.kernel.org;
	Wed, 27 Nov 2019 22:24:13 EST
Received: from localhost (localhost [127.0.0.1])
	by mail.dektech.com.au (Postfix) with ESMTP id 205BB4B9CF;
	Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dektech.com.au;
	h=references:in-reply-to:x-mailer:message-id:date:date:subject
	:subject:from:from:received:received:received; s=mail_dkim; t=
	1574910613; bh=0fURPnsR9s3KVuwTUtvs/nX0SoQMyI2PmBYvhfsBQRw=; b=M
	PimndOPKkCpdz3JpBplUp54qvx2P8/hB6gP1MURXAfsuU3ypcuA7N9bYDs5b5+P/
	lEF6Evwx+xs6BSSovkwGX7YET5XZX9hf65LOfLPZB68yb1Z7ddl6uSCABxGa/dEc
	uhIrarpF9jJU9ZcyQBuDiOdO89xySIi6FZNGFDz4QM=
X-Virus-Scanned: amavisd-new at dektech.com.au
Received: from mail.dektech.com.au ([127.0.0.1])
	by localhost (mail2.dektech.com.au [127.0.0.1]) (amavisd-new,
	port 10026)
	with ESMTP id K4wFSEkMsjKL; Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
Received: from mail.dektech.com.au (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPS id 0587C4B9D0;
	Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
Received: from ubuntu.dek-tpc.internal (unknown [14.161.14.188])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPSA id 6C9314B9CF;
	Thu, 28 Nov 2019 14:10:12 +1100 (AEDT)
From: Tung Nguyen <tung.q.nguyen@dektech.com.au>
To: davem@davemloft.net, netdev@vger.kernel.org,
	tipc-discussion@lists.sourceforge.net
Subject: [tipc-discussion] [net v1 3/4] tipc: fix wrong timeout input for
	tipc_wait_for_cond()
Date: Thu, 28 Nov 2019 10:10:07 +0700
Message-Id: <20191128031008.2045-4-tung.q.nguyen@dektech.com.au>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
References: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

In function __tipc_shutdown(), the timeout value passed to
tipc_wait_for_cond() is not jiffies.

This commit fixes it by converting that value from milliseconds
to jiffies.

Fixes: 365ad353c256 ("tipc: reduce risk of user starvation during link congestion")
Signed-off-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
---
 net/tipc/socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index fb5595081a05..da5fb84852a6 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -532,7 +532,7 @@ static void __tipc_shutdown(struct socket *sock, int error)
 	struct sock *sk = sock->sk;
 	struct tipc_sock *tsk = tipc_sk(sk);
 	struct net *net = sock_net(sk);
-	long timeout = CONN_TIMEOUT_DEFAULT;
+	long timeout = msecs_to_jiffies(CONN_TIMEOUT_DEFAULT);
 	u32 dnode = tsk_peer_node(tsk);
 	struct sk_buff *skb;
 

From patchwork Thu Nov 28 03:10:08 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tung Quang Nguyen <tung.q.nguyen@dektech.com.au>
X-Patchwork-Id: 1201873
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=dektech.com.au
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=dektech.com.au header.i=@dektech.com.au
	header.b="Y0Yrd+9C"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 47Njjn6yslz9sPZ
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 28 Nov 2019 14:26:53 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727234AbfK1DYP (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 27 Nov 2019 22:24:15 -0500
Received: from f0-dek.dektech.com.au ([210.10.221.142]:32832 "EHLO
	mail.dektech.com.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1727146AbfK1DYP (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 27 Nov 2019 22:24:15 -0500
Received: from localhost (localhost [127.0.0.1])
	by mail.dektech.com.au (Postfix) with ESMTP id F27414B9D0;
	Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dektech.com.au;
	h=references:in-reply-to:x-mailer:message-id:date:date:subject
	:subject:from:from:received:received:received; s=mail_dkim; t=
	1574910613; bh=ucB/mpLQr+FlKPjIb3X0L0kJML9o22R6k+C578E75g4=; b=Y
	0Yrd+9CVuPfFp7vdidRAVuz8NaFGe+cE8WZ18TrF+zJql7342lsT3BJBxQ7K1pzq
	Q3KW8PlwyQbFqgkHxEr/t02n9HbBVWxFMuQ3PS4yiBREGX7FDMQWFH99ew/YIgYU
	Z9CK4ajMhXBEAJ5aeK/JSeR61dh4cz76qfjG7taZqg=
X-Virus-Scanned: amavisd-new at dektech.com.au
Received: from mail.dektech.com.au ([127.0.0.1])
	by localhost (mail2.dektech.com.au [127.0.0.1]) (amavisd-new,
	port 10026)
	with ESMTP id h6vQfWFuOPIY; Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
Received: from mail.dektech.com.au (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPS id CB35D4B9D1;
	Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
Received: from ubuntu.dek-tpc.internal (unknown [14.161.14.188])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.dektech.com.au (Postfix) with ESMTPSA id 3A84C4B9D0;
	Thu, 28 Nov 2019 14:10:13 +1100 (AEDT)
From: Tung Nguyen <tung.q.nguyen@dektech.com.au>
To: davem@davemloft.net, netdev@vger.kernel.org,
	tipc-discussion@lists.sourceforge.net
Subject: [tipc-discussion] [net v1 4/4] tipc: fix duplicate SYN messages
	under link congestion
Date: Thu, 28 Nov 2019 10:10:08 +0700
Message-Id: <20191128031008.2045-5-tung.q.nguyen@dektech.com.au>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
References: <20191128031008.2045-1-tung.q.nguyen@dektech.com.au>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Scenario:
1. A client socket initiates a SYN message to a listening socket.
2. The send link is congested, the SYN message is put in the
send link and a wakeup message is put in wakeup queue.
3. The congestion situation is abated, the wakeup message is
pulled out of the wakeup queue. Function tipc_sk_push_backlog()
is called to send out delayed messages by Nagle. However,
the client socket is still in CONNECTING state. So, it sends
the SYN message in the socket write queue to the listening socket
again.
4. The listening socket receives the first SYN message and creates
first server socket. The client socket receives ACK- and establishes
a connection to the first server socket. The client socket closes
its connection with the first server socket.
5. The listening socket receives the second SYN message and creates
second server socket. The second server socket sends ACK- to the
client socket, but it has been closed. It results in connection
reset error when reading from the server socket in user space.

Solution: return from function tipc_sk_push_backlog() immediately
if there is pending SYN message in the socket write queue.

Fixes: c0bceb97db9e ("tipc: add smart nagle feature")
Signed-off-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
---
 net/tipc/socket.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index da5fb84852a6..41688da233ab 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -540,12 +540,10 @@ static void __tipc_shutdown(struct socket *sock, int error)
 	tipc_wait_for_cond(sock, &timeout, (!tsk->cong_link_cnt &&
 					    !tsk_conn_cong(tsk)));
 
-	/* Push out unsent messages or remove if pending SYN */
-	skb = skb_peek(&sk->sk_write_queue);
-	if (skb && !msg_is_syn(buf_msg(skb)))
-		tipc_sk_push_backlog(tsk);
-	else
-		__skb_queue_purge(&sk->sk_write_queue);
+	/* Push out delayed messages if in Nagle mode */
+	tipc_sk_push_backlog(tsk);
+	/* Remove pending SYN */
+	__skb_queue_purge(&sk->sk_write_queue);
 
 	/* Reject all unreceived messages, except on an active connection
 	 * (which disconnects locally & sends a 'FIN+' to peer).
@@ -1248,9 +1246,14 @@ static void tipc_sk_push_backlog(struct tipc_sock *tsk)
 	struct sk_buff_head *txq = &tsk->sk.sk_write_queue;
 	struct net *net = sock_net(&tsk->sk);
 	u32 dnode = tsk_peer_node(tsk);
+	struct sk_buff *skb = skb_peek(txq);
 	int rc;
 
-	if (skb_queue_empty(txq) || tsk->cong_link_cnt)
+	if (!skb || tsk->cong_link_cnt)
+		return;
+
+	/* Do not send SYN again after congestion */
+	if (msg_is_syn(buf_msg(skb)))
 		return;
 
 	tsk->snt_unacked += tsk->snd_backlog;