git: 2bae602e8dad - stable/14 - tcp: prevent spurious empty segments and fix uncommon panic

From: Richard Scheffenegger <rscheff_at_FreeBSD.org>
Date: Mon, 15 Jan 2024 08:17:49 UTC
The branch stable/14 has been updated by rscheff:

URL: https://cgit.FreeBSD.org/src/commit/?id=2bae602e8dad32b9ae7140a5c2fd6ce794aa15b4

commit 2bae602e8dad32b9ae7140a5c2fd6ce794aa15b4
Author:     Richard Scheffenegger <rscheff@FreeBSD.org>
AuthorDate: 2024-01-08 08:25:39 +0000
Commit:     Richard Scheffenegger <rscheff@FreeBSD.org>
CommitDate: 2024-01-15 05:23:58 +0000

    tcp: prevent spurious empty segments and fix uncommon panic
    
    Only try sending more data on pure ACKs when there is
    more data available in the send buffer.
    
    In the case of a retransmitted SYN not being sent due to
    an internal error, the snd_una/snd_nxt accounting could
    be off, leading to a panic. Pulling snd_nxt up to snd_una
    prevents this from happening.
    
    Reported by:           fengdreamer@126.com
    Reviewed by:           cc, tuexen, #transport
    MFC after:             1 week
    Sponsored by:          NetApp, Inc.
    Differential Revision: https://reviews.freebsd.org/D43343
    
    (cherry picked from commit f4574e2dc5a4719379496338257526aba484751b)
---
 sys/netinet/tcp_input.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 9eefef3ea81e..38498370ceb2 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1871,7 +1871,13 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 					tcp_timer_activate(tp, TT_REXMT,
 					    TP_RXTCUR(tp));
 				sowwakeup(so);
-				if (sbavail(&so->so_snd))
+				/*
+				 * Only call tcp_output when there
+				 * is new data available to be sent
+				 * or we need to send an ACK.
+				 */
+				if (SEQ_GT(tp->snd_una + sbavail(&so->so_snd),
+				    tp->snd_max) || tp->t_flags & TF_ACKNOW)
 					(void) tcp_output(tp);
 				goto check_delack;
 			}
@@ -2038,6 +2044,8 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 			tp->rcv_adv += min(tp->rcv_wnd,
 			    TCP_MAXWIN << tp->rcv_scale);
 			tp->snd_una++;		/* SYN is acked */
+			if (SEQ_LT(tp->snd_nxt, tp->snd_una))
+				tp->snd_nxt = tp->snd_una;
 			/*
 			 * If not all the data that was sent in the TFO SYN
 			 * has been acked, resend the remainder right away.