Re: [PATCH net] dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Alexey Kodanev <alexey.kodanev@xxxxxxxxxx>
Date: Thu,  2 Aug 2018 19:22:05 +0300

> Make sure that the value of "(now - hc->tx_lsndtime) / hc->tx_rto" is
> properly limited when shifting 'u32 cwnd' with it, otherwise we can get:
 ...
> Fixes: 113ced1f52e5 ("dccp ccid-2: Perform congestion-window validation")
> Signed-off-by: Alexey Kodanev <alexey.kodanev@xxxxxxxxxx>
 ...
> @@ -234,7 +234,7 @@ static void ccid2_cwnd_restart(struct sock *sk, const u32 now)
>  
>  	/* don't reduce cwnd below the initial window (IW) */
>  	restart_cwnd = min(cwnd, iwnd);
> -	cwnd >>= (now - hc->tx_lsndtime) / hc->tx_rto;
> +	cwnd >>= min((now - hc->tx_lsndtime) / hc->tx_rto, 31U);
>  	hc->tx_cwnd = max(cwnd, restart_cwnd);
>  
>  	hc->tx_cwnd_stamp = now;

Better to mimick the TCP cwnd validation code, something like:

	s32 delta = now - hc->tx_lsndtime;
	while ((delta -= hc->tx_rto) > 0 && cwnd > restart_cwnd)
		cwnd >>= 1;

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [IETF DCCP]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux