Re: [PATCH net] tcp: cleanup copied_seq and urg_data in tcp_disconnect

From: Eric Dumazet Date: Sat, 7 Jul 2018 23:00:01 -0700 > tcp_zerocopy_receive() relies on tcp_inq() to limit number of bytes > requested by user. > > syzbot found that after tcp_disconnect(), tcp_inq() was returning > a stale value (number of bytes in queue before the disconnect). > > Note

[PATCH net] tcp: cleanup copied_seq and urg_data in tcp_disconnect

tcp_zerocopy_receive() relies on tcp_inq() to limit number of bytes requested by user. syzbot found that after tcp_disconnect(), tcp_inq() was returning a stale value (number of bytes in queue before the disconnect). Note that after this patch, ioctl(fd, SIOCINQ, ) is also fixed and returns 0,