lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 May 2007 13:22:57 -0700 From: Stephen Hemminger <shemminger@...ux-foundation.org> To: "Lior Dotan" <liodot@...il.com> Cc: netdev@...r.kernel.org Subject: Re: [PATCH-2.4] Fix divide by 0 in vegas_cong_avoid() On Tue, 29 May 2007 12:18:19 +0300 "Lior Dotan" <liodot@...il.com> wrote: > Hi, > > I had a divide by zero on kernel 2.4.33 running with Vegas enabled. > The KDB back trace is: > kdb> bt > Stack traceback for pid 0 > 0x403a6000 0 0 1 0 R 0x403a6370 *swapper > EBP EIP Function (args) > 0x403a7d48 0x4026ae51 vegas_cong_avoid+0x111 (0x5f3bb638, 0x73c92cbb, 0xffffffff > , 0x73c92cbb, 0xf28d0275) > kernel .text 0x40100000 0x4026ad40 0x4026aef0 > 0x403a7d8c 0x4026bb67 tcp_ack+0x307 (0x5f3bb560, 0x581985c0, 0x18e, 0x4023e765, > 0x5c369044) > kernel .text 0x40100000 0x4026b860 0x4026be20 > 0x403a7ddc 0x4026e771 tcp_rcv_established+0x461 (0x5f3bb560, 0x581985c0, 0x5c369 > 044, 0x2c, 0x5f3bb638) > kernel .text 0x40100000 0x4026e310 0x4026ed80 > 0x403a7e00 0x40277c2f tcp_v4_do_rcv+0x14f (0x5f3bb560, 0x581985c0, 0x0, 0x403a7e > 50, 0x4024bb42) > kernel .text 0x40100000 0x40277ae0 0x40277c40 > <Rest was cut for readability> > What happens is that vegas_rtt_calc() gets rtt as -1, so when it adds > 1 the rtt is set to zero. > It seems that the -1 came from tcp_clean_rtx_queue() so I made this > small patch to fix the problem. I think it is also relevant to 2.6. > > > Don't perform congestion avoidance on packets that we didn't calculate > there RTT, as this may result in a divide by zero later on. > > Signed-off-by: Lior Dotan <liodot@...il.com> > --- > > diff -up net/ipv4/tcp_input.c.orig net/ipv4/tcp_input.c > --- net/ipv4/tcp_input.c.orig 2007-05-29 11:43:37.000000000 +0300 > +++ net/ipv4/tcp_input.c 2007-05-29 11:20:21.000000000 +0300 > @@ -2425,6 +2424,7 @@ static int tcp_clean_rtx_queue(struct so > tp->retrans_out--; > acked |= FLAG_RETRANS_DATA_ACKED; > seq_rtt = -1; > + acked &= ~FLAG_DATA_ACKED; > } else if (seq_rtt < 0) > seq_rtt = now - scb->when; > if(sacked & TCPCB_SACKED_ACKED) > - The proposed fix for TSO and packets acked callback will fix this as well. Your fix makes sense for kernels < 2.6.22, but with 2.6.22 this would fix it: http://article.gmane.org/gmane.linux.network/63101 -- Stephen Hemminger <shemminger@...ux-foundation.org> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists