From nobody Sat Jun 13 18:08:49 2026 Received: from mail-dl1-f45.google.com (mail-dl1-f45.google.com [74.125.82.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 19A77285050 for ; Wed, 6 May 2026 05:14:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778044443; cv=none; b=FLaY6qMKXMD5rbZKLxJyBqSHAbaa/owrGG5HNx9XFgUVYSiJ1giVOkyYZM0bYhoQmhhlUKBGY8AthbX2D36XjaCTJ8PayfHDxfure4+gGdHXExNXVdI+viJNfZYTd5Es6NoAlnJIjULsiMXZwZNJ8smhcIOvVzhaFEIn9yvrpiE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778044443; c=relaxed/simple; bh=3mPDjpz9UoYLq//zME7f0LLK/FYBp27tbNuZ0h5zQJs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=NkDlHCW3jUmQKy2CM7xHncH891prqWUmdQUjy1vxCH7NVgDvyP31fitOJuiJR3s3Xu4RuRsQ622arL7VNEZ+wCmFOQx8/ZBz5EJyfgOwlmmHlVJwJ1dufWXmjB58vcRU2t/nXHDpXpF6bv2K5sb/bEjx5n5xO7a1Vc8NaTSqr8M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hruDdlSH; arc=none smtp.client-ip=74.125.82.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hruDdlSH" Received: by mail-dl1-f45.google.com with SMTP id a92af1059eb24-130c653cce4so3316544c88.1 for ; Tue, 05 May 2026 22:14:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778044441; x=1778649241; darn=vger.kernel.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=Ne6d3NPP/xf4CWREwfa7zTxmf8SmALy0wsZD1GHfx/w=; b=hruDdlSHHK/zBbWb8HtnaCSF5yAXUC3YmU7AckgiyHTkCOxCnmkn2PyrFQ9QBYivgw zi1zbk6YvxPLBk6gAdW3N6L0eOAhracP+6Yn0ySETPKmeDIo1ZWq+yaiDdtEzJLisQcT ijdPMpdUiyh+JtQHiQndtKZFslyd5ey9K34oy5PyKk7NwsEWTb41WHcBLjUJaVPasdGm Sl6kV4z4ht4qCPrJlPtml2tXpB0fiVNZ2kYBi0IUBab2hhFIs/qE03RWR1MUTgcAPxRa izgb5xzBGnz88M7ZHCIGSgYxrcnB2v8GJhv5kHBWgGzLoIVBNqrpyNKZtxCSWz5NZi/a tH/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778044441; x=1778649241; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Ne6d3NPP/xf4CWREwfa7zTxmf8SmALy0wsZD1GHfx/w=; b=nKTMmSM1os95xz63vbzgp9bsg8vBwsD+z4jAbT68xdYvTbHih4fUXnx3kndSfzG4Te oUxNVou+dELVhp1fxjZzFRGMqpP7VnKqOlSiw9fpJVtclb1uPGBk1wlOA3eqpQYudloC WkFZBSJAU1CkaGpS+aduF3KXbN7wd2acur5W/wHGc3unga2HNu5/rXh8+pblsS2NO0BW 2SfVcakgrQHwq8b1ve0sB+qKmwqvPC/Bq9UIlqE5qED0J8Tn1zHPfdXHlYVDg/4wcsLn 3oZ6PXonbAWprXpaPPepNMY0TW4qzGlGA4Or2B6MDopbm9VT7vocXChw5PYf2CLF5eqX qBeQ== X-Forwarded-Encrypted: i=1; AFNElJ91HWvB73RVs/zkkfkZDPIsy75+b/8FPR7FGsDUouQOzQvbZUx9SVJvjC5wRXt8lkEjunZ9NgLhhPeBpMo=@vger.kernel.org X-Gm-Message-State: AOJu0YysW6JmqVie0lleQ9NJENWRHLxWaTmT5oZVVK7nPcBheZsoLC8i Na6t7/4jVm1Id9AVxQgi+eP7OEsU64RcjtJDtO2JDMloc36W92ABl+3I X-Gm-Gg: AeBDiesn3QNqqNjNoKodWhE2V6m28QqPYXFRKUO8xpoQXOnlW+jNwO/XfFPNCp43ON1 i0YD8ZA8cOGtIZKF/tjh+QtEg/euoR55YtoVUqQNm8vzJCeWKTSs5dApHUdEtLX1lY1BccI6mGU 60tISgj0xCvlCpSnvEKmxG17tmnp+cte61zEmsUxZA6qNCPv1JB7/9bmBXTOsNiO1b40WB89JgJ 3T2dhVJdBO2eYqHIWNfA3PZuDUwlRDku7cuOt2sIzTeaYRgRRWVSGqU8ue5SOhJXUiVbZnBuEJ3 v660U/aH/SSawwzcOwO0BDdtEy8mPWswAv2YVXyl01FrT2bEG0TtnKcpcvbMPLUPFFbs1Ox6BvU eIzqu4L6Tiyic5w7S1sJCvt/IVjjl1F+1HV4OPTrdtZ+A4LhrC0lDC5bxF67HL5NZjE76/Mthjx nkKGMuPYSCjfqAXXXcwVGPiFWRDHtAA4P4yIujbtLhZshzVSKrHj18NICGvAhin5XUQt3zofWjU Jia7aRtUOi5V/ecm+TnU8U= X-Received: by 2002:a05:7300:ec11:b0:2e5:5bf4:8869 with SMTP id 5a478bee46e88-2f54c87cd18mr1071089eec.21.1778044441041; Tue, 05 May 2026 22:14:01 -0700 (PDT) Received: from [192.168.1.18] (177-4-161-87.user3p.v-tal.net.br. [177.4.161.87]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f56fd8fa8csm1701041eec.21.2026.05.05.22.13.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 22:14:00 -0700 (PDT) From: =?utf-8?q?C=C3=A1ssio_Gabriel?= Date: Wed, 06 May 2026 02:13:45 -0300 Subject: [PATCH net] tipc: avoid sending zero-length stream messages Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260506-tipc-zero-length-stream-stall-v1-1-5d75f202227b@gmail.com> X-B4-Tracking: v=1; b=H4sIAAAAAAAC/yXMwQ6CMBCE4Vche3aTUkSjr2I8lGWENbWQthoD4 d2tepr8c/hWSoiKROdqpYiXJp1CiXpXkYwuDGDtS5M19mBa03LWWXhBnNgjDHnklCPco4zznq0 0x33dw8qpoWLMETd9//wLBWS6/s/07O6Q/JVp2z7BsX93hgAAAA== X-Change-ID: 20260505-tipc-zero-length-stream-stall-2c3741de2c93 To: Jon Maloy , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Ying Xue , Parthasarathy Bhuvaragan Cc: Jon Paul Maloy , netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org, stable@vger.kernel.org, syzbot+aa7d098bd6fa788fae8e@syzkaller.appspotmail.com, =?utf-8?q?C=C3=A1ssio_Gabriel?= X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1829; i=cassiogabrielcontato@gmail.com; h=from:subject:message-id; bh=3mPDjpz9UoYLq//zME7f0LLK/FYBp27tbNuZ0h5zQJs=; b=owGbwMvMwCV2IdZeKur/u2bG02pJDJm/zolsfyX8tXyhaf4/2exTZgqV4edNkotv/wkqaytYe Mq/5k5JRykLgxgXg6yYIsvqpEWWe7oeXK2PW+EBM4eVCWQIAxenAEzklTQjw9RT2lZRq45cOtos WXo1zHf3z9ub/y48vXSK3KWZJYs/LJzB8D8wLT1C+7bQ2qvlEgITgnesffT0hvbaBe6KbQHBYX7 mz7kA X-Developer-Key: i=cassiogabrielcontato@gmail.com; a=openpgp; fpr=AB62A239BC8AE0D57F5EA848D05D3F1A5AFFEE83 TIPC stream send currently enters the transmit loop even when the user payload length is zero. This can build and transmit a header-only connection message. For local TIPC sockets, such messages are delivered synchronously through the loopback receive path. When this happens while socket backlog processing is being flushed, reply transmission can re-enter TIPC receive processing repeatedly and trigger an RCU stall. Make zero-length sends on connected SOCK_STREAM TIPC sockets a no-op after the existing connection/congestion wait has succeeded. Leave implicit connection setup and SOCK_SEQPACKET behavior unchanged. Fixes: 365ad353c256 ("tipc: reduce risk of user starvation during link cong= estion") Cc: stable@vger.kernel.org Reported-by: syzbot+aa7d098bd6fa788fae8e@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000cedbc405ae81531f@google.com/ Closes: https://syzkaller.appspot.com/bug?extid=3Daa7d098bd6fa788fae8e Signed-off-by: C=C3=A1ssio Gabriel --- net/tipc/socket.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 9329919fb07f..3c7838713d74 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -1585,6 +1585,8 @@ static int __tipc_sendstream(struct socket *sock, str= uct msghdr *m, size_t dlen) tipc_sk_connected(sk))); if (unlikely(rc)) break; + if (unlikely(!dlen && sk->sk_type =3D=3D SOCK_STREAM)) + break; send =3D min_t(size_t, dlen - sent, TIPC_MAX_USER_MSG_SIZE); blocks =3D tsk->snd_backlog; if (tsk->oneway++ >=3D tsk->nagle_start && maxnagle && --- base-commit: 95084f1883a760e0d4290698346759d58e2b944a change-id: 20260505-tipc-zero-length-stream-stall-2c3741de2c93 Best regards, -- =20 C=C3=A1ssio Gabriel