[PATCH net] tcp: make probe0 timer handle expired user timeout

Next message: Yihan Ding: "[PATCH bpf] bpf: allow UTF-8 literals in bpf_bprintf_prepare()"
Previous message: WANG Rui: "[PATCH] MAINTAINERS: Add loongarch mailing list for perf tooling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Altan Hacigumus

Date: Mon Apr 13 2026 - 21:37:15 EST

tcp_clamp_probe0_to_user_timeout() computes remaining time in jiffies
using subtraction with an unsigned lvalue. If elapsed probing time
already exceeds the configured TCP_USER_TIMEOUT, the subtraction
underflows and yields a large value.

Handle this expiration case similarly to tcp_clamp_rto_to_user_timeout().

Fixes: 344db93ae3ee ("tcp: make TCP_USER_TIMEOUT accurate for zero window probes")
Signed-off-by: Altan Hacigumus <ahacigu.linux@xxxxxxxxx>
---
net/ipv4/tcp_timer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 5a14a53a3c9e..4a43356a4e06 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -50,7 +50,8 @@ static u32 tcp_clamp_rto_to_user_timeout(const struct sock *sk)
u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when)
{
const struct inet_connection_sock *icsk = inet_csk(sk);
- u32 remaining, user_timeout;
+ u32 user_timeout;
+ s32 remaining;
s32 elapsed;

user_timeout = READ_ONCE(icsk->icsk_user_timeout);
@@ -61,6 +62,8 @@ u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when)
if (unlikely(elapsed < 0))
elapsed = 0;
remaining = msecs_to_jiffies(user_timeout) - elapsed;
+ if (remaining <= 0)
+ return 1;
remaining = max_t(u32, remaining, TCP_TIMEOUT_MIN);

return min_t(u32, remaining, when);
--
2.43.0