| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Mar 2008 12:20:53 +0200 (EET) From: "Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi> To: Thomas Gleixner <tglx@...utronix.de>, David Miller <davem@...emloft.net> cc: LKML <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: Treason uncloaked spams syslog with latest git On Mon, 10 Mar 2008, Thomas Gleixner wrote: > On Fri, 7 Mar 2008, Thomas Gleixner wrote: > > On Fri, 7 Mar 2008, Ilpo Järvinen wrote: > > > On Thu, 6 Mar 2008, Andrew Morton wrote: > > > > > > > On Thu, 6 Mar 2008 11:47:12 +0100 (CET) > > > > Thomas Gleixner <tglx@...utronix.de> wrote: > > > > > > > > > Since I updated one of my compile boxen to latest git I get the syslog > > > > > flooded with: > > > > > > > > > > TCP: Treason uncloaked! Peer 192.168.0.1:10245/56637 shrinks window > > > > > 2748077551:2748080447. Repaired. > > > > > TCP: Treason uncloaked! Peer 192.168.0.68:10245/39915 shrinks window > > > > > 2890195332:2890201124. Repaired. > > > > > TCP: Treason uncloaked! Peer 192.168.0.65:10245/46058 shrinks window > > > > > 2880740873:2880745217. Repaired. > > > > > > > > > > This happens _always_ when I compile kernels with distcc or icecc. All > > > > > systems involved run Linux with kernels >= 2.6.23 and are on the same > > > > > network; no routers, firewalls or other fancy stuff. > > > > > > > > > > Any idea what's going on here ? > > > > > > > > > > > Could you tcpdump it? > > > > Will do. > > http://www.tglx.de/~tglx/treason.cap > > That's on -rc5 Thanks, I think I found the reason. Does the patch below fix it... -- i. -- [PATCH net-2.6] [TCP]: Prevent sending past receiver window with TSO (at last skb) With TSO it was possible to send past the receiver window when the skb to be sent was the last in the write queue while the receiver window is the limiting factor. One can notice that there's a loophole in the tcp_mss_split_point that lacked a receiver window check for the tcp_write_queue_tail() if also cwnd was smaller than the full skb. Noticed by Thomas Gleixner <tglx@...utronix.de> in form of "Treason uncloaked! Peer ... shrinks window .... Repaired." messages (the peer didn't actually shrink its window as the message suggests, we had just sent something past it without a permission to do so). Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi> --- net/ipv4/tcp_output.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index cbfef8b..67f84f5 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1035,6 +1035,13 @@ static void tcp_cwnd_validate(struct sock *sk) * introducing MSS oddities to segment boundaries. In rare cases where * mss_now != mss_cache, we will request caller to create a small skb * per input skb which could be mostly avoided here (if desired). + * + * We explicitly want to create a request for splitting write queue tail + * to a small skb for Nagle purposes while avoiding unnecessary modulos, + * thus all the complexity (cwnd_len is always MSS multiple which we + * return whenever allowed by the other factors). Basically we need the + * modulo only when the receiver window alone is the limiting factor or + * when we would be allowed to send the split-due-to-Nagle skb fully. */ static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb, unsigned int mss_now, unsigned int cwnd) @@ -1048,10 +1055,11 @@ static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb, if (likely(cwnd_len <= window && skb != tcp_write_queue_tail(sk))) return cwnd_len; - if (skb == tcp_write_queue_tail(sk) && cwnd_len <= skb->len) + needed = min(skb->len, window); + + if (skb == tcp_write_queue_tail(sk) && cwnd_len <= needed) return cwnd_len; - needed = min(skb->len, window); return needed - needed % mss_now; } -- 1.5.2.2
Powered by blists - more mailing lists