[PATCH net v2 0/2] Fix race condition between TCP_REPAIR dump and data receive
From: Stefano Brivio
Date: Mon May 18 2026 - 14:38:03 EST
If we receive data on a socket that's in repair mode, the sequence and
contents of the receive queue we dump depend on the timing. We need to
freeze the input queue, otherwise the connection parameters restored
later might not match the actual state of the connection.
Patch 1/2 has the full details and the fix, patch 2/2 introduces
selftests to illustrate the problem and verify the solution.
v2: Don't touch the fast path in 1/2 (concern raised by Kuniyuki Iwashima
and Eric Dumazet). Further details in the message for 1/2 itself.
Stefano Brivio (2):
tcp: Don't accept data when socket is in repair mode
selftests: Add data path tests for TCP_REPAIR mode
include/net/dropreason-core.h | 3 +
include/net/tcp.h | 3 +-
net/ipv4/tcp.c | 9 +
net/ipv4/tcp_input.c | 15 +-
tools/testing/selftests/Makefile | 1 +
.../selftests/net/tcp_repair/.gitignore | 3 +
.../testing/selftests/net/tcp_repair/Makefile | 23 ++
.../testing/selftests/net/tcp_repair/client.c | 273 ++++++++++++++++++
.../testing/selftests/net/tcp_repair/inner.sh | 32 ++
.../testing/selftests/net/tcp_repair/outer.sh | 44 +++
tools/testing/selftests/net/tcp_repair/run.sh | 12 +
.../testing/selftests/net/tcp_repair/server.c | 155 ++++++++++
tools/testing/selftests/net/tcp_repair/talk.h | 26 ++
13 files changed, 596 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/net/tcp_repair/.gitignore
create mode 100644 tools/testing/selftests/net/tcp_repair/Makefile
create mode 100644 tools/testing/selftests/net/tcp_repair/client.c
create mode 100755 tools/testing/selftests/net/tcp_repair/inner.sh
create mode 100755 tools/testing/selftests/net/tcp_repair/outer.sh
create mode 100755 tools/testing/selftests/net/tcp_repair/run.sh
create mode 100644 tools/testing/selftests/net/tcp_repair/server.c
create mode 100644 tools/testing/selftests/net/tcp_repair/talk.h
--
2.43.0