git: 68e623c3f0af - main - tcp: Rewind erraneous RTO only while performing RTO retransmissions

From: Richard Scheffenegger <rscheff_at_FreeBSD.org>
Date: Thu, 27 Jan 2022 18:19:10 UTC 
The branch main has been updated by rscheff:

URL: https://cgit.FreeBSD.org/src/commit/?id=68e623c3f0afb4c9b338046fd1d4476befd82324

commit 68e623c3f0afb4c9b338046fd1d4476befd82324
Author:     Richard Scheffenegger <rscheff@FreeBSD.org>
AuthorDate: 2022-01-27 17:35:47 +0000
Commit:     Richard Scheffenegger <rscheff@FreeBSD.org>
CommitDate: 2022-01-27 17:49:42 +0000

    tcp: Rewind erraneous RTO only while performing RTO retransmissions
    
    Under rare circumstances, a spurious retranmission is
    incorrectly detected and rewound, messing up various tcpcb values,
    which can lead to a panic when SACK is in use.
    
    Reviewed By: tuexen, chengc_netapp.com, #transport
    MFC after:   3 days
    Sponsored by:        NetApp, Inc.
    Differential Revision: https://reviews.freebsd.org/D33979
---
 sys/netinet/tcp_input.c | 1 +
 sys/netinet/tcp_var.h   | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 110cb99df7bb..d6d193d18213 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1649,6 +1649,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so,
 		if (TSTMP_GT(to.to_tsecr, tcp_ts_getticks()))
 			to.to_tsecr = 0;
 		else if (tp->t_flags & TF_PREVVALID &&
+			 tp->t_rxtshift == 1 &&
 			 tp->t_badrxtwin != 0 && SEQ_LT(to.to_tsecr, tp->t_badrxtwin))
 			cc_cong_signal(tp, th, CC_RTO_ERR);
 	}
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index e9d021fb4684..07788ada3985 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -506,7 +506,11 @@ tcp_unlock_or_drop(struct tcpcb *tp, int tcp_output_retval)
 #define	TF_NEEDSYN	0x00000400	/* send SYN (implicit state) */
 #define	TF_NEEDFIN	0x00000800	/* send FIN (implicit state) */
 #define	TF_NOPUSH	0x00001000	/* don't push */
-#define	TF_PREVVALID	0x00002000	/* saved values for bad rxmit valid */
+#define	TF_PREVVALID	0x00002000	/* saved values for bad rxmit valid
+					 * Note: accessing and restoring from
+					 * these may only be done in the 1st
+					 * RTO recovery round (t_rxtshift == 1)
+					 */
 #define	TF_WAKESOR	0x00004000	/* wake up receive socket */
 #define	TF_GPUTINPROG	0x00008000	/* Goodput measurement in progress */
 #define	TF_MORETOCOME	0x00010000	/* More data to be appended to sock */