lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Apr 2014 10:40:15 +0800 From: Liu Yu <allanliuyu@...il.com> To: "David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Stephen Hemminger <shemminger@...tta.com> CC: netdev@...r.kernel.org Subject: [PATCH] tcp_cubic: fix divide error when SYN flood From: Liu Yu <allanyuliu@...cent.com> commit b9f47a3aaeab (tcp_cubic: limit delayed_ack ratio to prevent divide error) try to prevent divide error, but it still has a little chance that delayed_ack can reach zero. In case machine sufferring continuous SYN flood, the argument cnt could be big, and so that ratio+cnt could get overflow and may happen to be zero. If so, min(ratio, ACK_RATIO_LIMIT) will calculate to be zero. The crash log may like this: .. <6>[27536.083145] possible SYN flooding on port 8080. Sending cookies. <6>[27596.092124] possible SYN flooding on port 8080. Sending cookies. <6>[27656.109832] possible SYN flooding on port 8080. Sending cookies. <0>[27676.940730] divide error: 0000 [#1] SMP <0>[27676.987890] last sysfs file: /sys/class/scsi_host/host0/proc_name .. CC: Stephen Hemminger <shemminger@...tta.com> Signed-off-by: Liu Yu <allanyuliu@...cent.com> --- net/ipv4/tcp_cubic.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c index 8bf2245..9d332b9 100644 --- a/net/ipv4/tcp_cubic.c +++ b/net/ipv4/tcp_cubic.c @@ -404,12 +404,12 @@ static void bictcp_acked(struct sock *sk, u32 cnt, s32 rtt_us) u32 delay; if (icsk->icsk_ca_state == TCP_CA_Open) { - u32 ratio = ca->delayed_ack; + u64 ratio = ca->delayed_ack; ratio -= ca->delayed_ack >> ACK_RATIO_SHIFT; ratio += cnt; - ca->delayed_ack = min(ratio, ACK_RATIO_LIMIT); + ca->delayed_ack = min_t(u64, ratio, ACK_RATIO_LIMIT); } /* Some calls are for duplicates without timetamps */ -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists