lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090227212234.GB25573@bx9.net>
Date:	Fri, 27 Feb 2009 13:22:34 -0800
From:	Greg Lindahl <greg@...kko.com>
To:	Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
Cc:	Herbert Xu <herbert@...dor.apana.org.au>,
	Netdev <netdev@...r.kernel.org>
Subject: Re: Treason uncloaked / Broken peer again

On Thu, Feb 26, 2009 at 11:30:58AM +0200, Ilpo Järvinen wrote:

> Right, it's rather crude to have buggy kernel which sends past the 
> receiver's advertized window, and then when it cannot cope the results of 
> its own bug (and prints that message), put a blame on others who behave in 
> a compliant way.

Well, perhaps we shouldn't have the message be "Broken peer" when the
problem is often on the node printing the message? Maybe "Something's
broken, might be me"?

One of the people who complained to me is running 2.4.26, so the bug
in TSO that you fixed in 2.6.25 is not the last bug at issue. I was
also able to turn off TSO on all my 2.6.18+redhat systems and quickly
got Treason, so this bug is not the only one. But still, I can't cause
the bug often enough to get a tcpdump of it in action.

-- greg

Fixed in 2.6.25:

commit 5ea3a7480606cef06321cd85bc5113c72d2c7c68
Author: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
Date:   Tue Mar 11 17:55:27 2008 -0700

    [TCP]: Prevent sending past receiver window with TSO (at last skb)

    With TSO it was possible to send past the receiver window when the skb
    to be sent was the last in the write queue while the receiver window
    is the limiting factor. One can notice that there's a loophole in the
    tcp_mss_split_point that lacked a receiver window check for the
    tcp_write_queue_tail() if also cwnd was smaller than the full skb.

    Noticed by Thomas Gleixner <tglx@...utronix.de> in form of "Treason
    uncloaked! Peer ... shrinks window .... Repaired."  messages (the peer
    didn't actually shrink its window as the message suggests, we had just
    sent something past it without a permission to do so).

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ