lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 11 Dec 2007 13:43:24 +0200 (EET)
From:	"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>
To:	David Miller <davem@...emloft.net>
cc:	Netdev <netdev@...r.kernel.org>,
	Reuben Farrelly <reuben-linuxkernel@...b.net>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: [TCP]: fack_counts more fixes (the previous ones were incomplete)

Noticed later on that the things are still somewhat broken. Here's yet 
another fix to that same function. In addition, I'll do later on a patch 
to remove the __-version altogether.

-- 
 i.

--
[PATCH] [TCP]: fack_counts more fixes (the previous ones were incomplete)

1) Prev NULL check should also dereference

2) The loop reorganization did make things only slightly better,
   just changing the same not-updated problem to occur in
   another scenario. And I also noticed that in worst case it
   would be an infinite loop (could do that also before the
   change), but it required losses in the same window when TCP
   runs out new data. Now check really against the list heads
   rather than a valid skb which should still be processed.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
---
 include/net/tcp.h |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/net/tcp.h b/include/net/tcp.h
index 11a7e3e..2d9949e 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1474,7 +1474,7 @@ static inline struct sk_buff *__tcp_reset_fack_counts(struct sock *sk,
 {
 	unsigned int fc = 0;
 
-	if (prev != NULL)
+	if (*prev != NULL)
 		fc = TCP_SKB_CB(*prev)->fack_count + tcp_skb_pcount(*prev);
 
 	BUG_ON((*prev != NULL) && !tcp_skb_adjacent(sk, *prev, skb));
@@ -1531,7 +1531,7 @@ static inline void tcp_reset_fack_counts(struct sock *sk, struct sk_buff *inskb)
 		skb[otherq] = prev->next;
 	}
 
-	do {
+	while (skb[queue] != (struct sk_buff *)__tcp_list_select(sk, queue)) {
 		/* Lazy find for the other queue */
 		if (skb[queue] == NULL) {
 			skb[queue] = tcp_write_queue_find(sk, TCP_SKB_CB(prev)->seq,
@@ -1545,7 +1545,7 @@ static inline void tcp_reset_fack_counts(struct sock *sk, struct sk_buff *inskb)
 			break;
 
 		queue ^= TCP_WQ_SACKED;
-	} while (skb[queue] != __tcp_write_queue_tail(sk, queue));
+	}
 }
 
 static inline void __tcp_insert_write_queue_after(struct sk_buff *skb,
-- 
1.5.0.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ