| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170516.124619.1486699276109754253.davem@davemloft.net>
Date: Tue, 16 May 2017 12:46:19 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: soheil.kdev@...il.com
Cc: netdev@...r.kernel.org, ilpo.jarvinen@...sinki.fi,
soheil@...gle.com, ncardwell@...gle.com, ycheng@...gle.com,
edumazet@...gle.com
Subject: Re: [PATCH net] tcp: eliminate negative reordering in
tcp_clean_rtx_queue
From: Soheil Hassas Yeganeh <soheil.kdev@...il.com>
Date: Mon, 15 May 2017 17:05:47 -0400
> From: Soheil Hassas Yeganeh <soheil@...gle.com>
>
> tcp_ack() can call tcp_fragment() which may dededuct the
> value tp->fackets_out when MSS changes. When prior_fackets
> is larger than tp->fackets_out, tcp_clean_rtx_queue() can
> invoke tcp_update_reordering() with negative values. This
> results in absurd tp->reodering values higher than
> sysctl_tcp_max_reordering.
>
> Note that tcp_update_reordering indeeds sets tp->reordering
> to min(sysctl_tcp_max_reordering, metric), but because
> the comparison is signed, a negative metric always wins.
>
> Fixes: c7caf8d3ed7a ("[TCP]: Fix reord detection due to snd_una covered holes")
> Reported-by: Rebecca Isaacs <risaacs@...gle.com>
> Signed-off-by: Soheil Hassas Yeganeh <soheil@...gle.com>
> Signed-off-by: Neal Cardwell <ncardwell@...gle.com>
> Signed-off-by: Yuchung Cheng <ycheng@...gle.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists