From 143bc3fd73794eabee428b7b371f5686fdd840e4 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 15 Jul 2024 10:40:56 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
---
 queue-5.10/series                             |  1 +
 ...ithmetic-in-tcp_rtx_probe0_timed_out.patch | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 queue-5.10/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch

diff --git a/queue-5.10/series b/queue-5.10/series
index 4e5fdf8e628..d762dd2ced0 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -70,3 +70,4 @@ net-sched-fix-uaf-when-resolving-a-clash.patch
 s390-mark-psw-in-__load_psw_mask-as-__unitialized.patch
 arm-davinci-convert-comma-to-semicolon.patch
 octeontx2-af-fix-detection-of-ip-layer.patch
+tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
diff --git a/queue-5.10/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch b/queue-5.10/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
new file mode 100644
index 00000000000..d49e41669a8
--- /dev/null
+++ b/queue-5.10/tcp-use-signed-arithmetic-in-tcp_rtx_probe0_timed_out.patch
@@ -0,0 +1,51 @@
+From 36534d3c54537bf098224a32dc31397793d4594d Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Fri, 7 Jun 2024 12:56:52 +0000
+Subject: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 36534d3c54537bf098224a32dc31397793d4594d upstream.
+
+Due to timer wheel implementation, a timer will usually fire
+after its schedule.
+
+For instance, for HZ=1000, a timeout between 512ms and 4s
+has a granularity of 64ms.
+For this range of values, the extra delay could be up to 63ms.
+
+For TCP, this means that tp->rcv_tstamp may be after
+inet_csk(sk)->icsk_timeout whenever the timer interrupt
+finally triggers, if one packet came during the extra delay.
+
+We need to make sure tcp_rtx_probe0_timed_out() handles this case.
+
+Fixes: e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Menglong Dong <imagedong@tencent.com>
+Acked-by: Neal Cardwell <ncardwell@google.com>
+Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
+Link: https://lore.kernel.org/r/20240607125652.1472540-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_timer.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/tcp_timer.c
++++ b/net/ipv4/tcp_timer.c
+@@ -459,8 +459,13 @@ static bool tcp_rtx_probe0_timed_out(con
+ {
+ 	const struct tcp_sock *tp = tcp_sk(sk);
+ 	const int timeout = TCP_RTO_MAX * 2;
+-	u32 rcv_delta, rtx_delta;
++	u32 rtx_delta;
++	s32 rcv_delta;
+ 
++	/* Note: timer interrupt might have been delayed by at least one jiffy,
++	 * and tp->rcv_tstamp might very well have been written recently.
++	 * rcv_delta can thus be negative.
++	 */
+ 	rcv_delta = inet_csk(sk)->icsk_timeout - tp->rcv_tstamp;
+ 	if (rcv_delta <= timeout)
+ 		return false;
-- 
2.47.3