lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 01 May 2017 18:04:47 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net] tcp: fix wraparound issue in tcp_lp

On Mon, 2017-05-01 at 16:56 -0700, Stephen Hemminger wrote:
> On Mon, 01 May 2017 15:29:48 -0700
> Eric Dumazet <eric.dumazet@...il.com> wrote:
> 
> > From: Eric Dumazet <edumazet@...gle.com>
> > 
> > Be careful when comparing tcp_time_stamp to some u32 quantity,
> > otherwise result can be surprising.
> > 
> > Fixes: 7c106d7e782b ("[TCP]: TCP Low Priority congestion control")
> > Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> > ---
> >  net/ipv4/tcp_lp.c |    6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/net/ipv4/tcp_lp.c b/net/ipv4/tcp_lp.c
> > index 046fd3910873306d74207615d6997e1c847ea361..d6fb6c067af4641f232b94e7c590c212648e8173 100644
> > --- a/net/ipv4/tcp_lp.c
> > +++ b/net/ipv4/tcp_lp.c
> > @@ -264,13 +264,15 @@ static void tcp_lp_pkts_acked(struct sock *sk, const struct ack_sample *sample)
> >  {
> >  	struct tcp_sock *tp = tcp_sk(sk);
> >  	struct lp *lp = inet_csk_ca(sk);
> > +	u32 delta;
> >  
> >  	if (sample->rtt_us > 0)
> >  		tcp_lp_rtt_sample(sk, sample->rtt_us);
> >  
> >  	/* calc inference */
> > -	if (tcp_time_stamp > tp->rx_opt.rcv_tsecr)
> > -		lp->inference = 3 * (tcp_time_stamp - tp->rx_opt.rcv_tsecr);
> > +	delta = tcp_time_stamp - tp->rx_opt.rcv_tsecr;
> > +	if ((s32)delta > 0)
> > +		lp->inference = 3 * delta;
> 
> Agreed time wraparound would cause problems.
> But why not use existing time_after() macro here?
> 

Simply to not perform (tcp_time_stamp - tp->rx_opt.rcv_tsecr) twice.

jiffies being volatile, this can not be optimized by the compiler.

I have a patch series (for linux-4.13) that will switch TCP stack to 1ms
TS options, regardless of CONFIG_HZ value, and when cooking it I found
this bug.




Powered by blists - more mailing lists