| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Jun 2008 16:35:18 -0700 (PDT) From: David Miller <davem@...emloft.net> To: ilpo.jarvinen@...sinki.fi Cc: brian.vowell@...il.com, akpm@...ux-foundation.org, netdev@...r.kernel.org, bugme-daemon@...zilla.kernel.org Subject: Re: [Bugme-new] [Bug 10767] New: Seg Fault Instead of Swapping From: "Ilpo_Järvinen" <ilpo.jarvinen@...sinki.fi> Date: Mon, 26 May 2008 14:24:33 +0300 (EEST) Ilpo, do you want me to apply this to net-2.6? > [PATCH] [TCP]: Fix inconsistency source (CA_Open only when !tcp_left_out(tp)) > > It is possible that this skip path causes TCP to end up into an > invalid state where ca_state was left to CA_Open while some > segments already came into sacked_out. If next valid ACK doesn't > contain new SACK information TCP fails to enter into > tcp_fastretrans_alert(). Thus at least high_seq is set > incorrectly to a too high seqno because some new data segments > could be sent in between (and also, limited transmit is not > being correctly invoked there). Reordering in both directions > can easily cause this situation to occur. > > I guess we would want to use tcp_moderate_cwnd(tp) there as well > as it may be possible to use this to trigger oversized burst to > network by sending an old ACK with huge amount of SACK info, but > I'm a bit unsure about its effects (mainly to FlightSize), so to > be on the safe side I just currently fixed it minimally to keep > TCP's state consistent (obviously, such nasty ACKs have been > possible this far). Though it seems that FlightSize is already > underestimated by some amount, so probably on the long term we > might want to trigger recovery there too, if appropriate, to make > FlightSize calculation to resemble reality at the time when the > losses where discovered (but such change scares me too much now > and requires some more thinking anyway how to do that as it > likely involves some code shuffling). > > This bug was found by Brian Vowell while running my TCP debug > patch to find cause of another TCP issue (fackets_out > miscount). > > Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists