This is a note to let you know that I've just added the patch titled
tcp: fix an infinite loop in tcp_slow_start()
to the 3.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tcp-fix-an-infinite-loop-in-tcp_slow_start.patch
and it can be found in the queue-3.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 8bee456022dadde41b6fe3c551f7e46af777df10 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <[email protected]>
Date: Sat, 2 Feb 2013 05:23:16 +0000
Subject: tcp: fix an infinite loop in tcp_slow_start()
From: Eric Dumazet <[email protected]>
[ Upstream commit 973ec449bb4f2b8c514bacbcb4d9506fc31c8ce3 ]
Since commit 9dc274151a548 (tcp: fix ABC in tcp_slow_start()),
a nul snd_cwnd triggers an infinite loop in tcp_slow_start()
Avoid this infinite loop and log a one time error for further
analysis. FRTO code is suspected to cause this bug.
Reported-by: Pasi Kärkkäinen <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Neal Cardwell <[email protected]>
Cc: Yuchung Cheng <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp_cong.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -309,6 +309,12 @@ void tcp_slow_start(struct tcp_sock *tp)
{
int cnt; /* increase in packets */
unsigned int delta = 0;
+ u32 snd_cwnd = tp->snd_cwnd;
+
+ if (unlikely(!snd_cwnd)) {
+ pr_err_once("snd_cwnd is nul, please report this bug.\n");
+ snd_cwnd = 1U;
+ }
/* RFC3465: ABC Slow start
* Increase only after a full MSS of bytes is acked
@@ -323,7 +329,7 @@ void tcp_slow_start(struct tcp_sock *tp)
if (sysctl_tcp_max_ssthresh > 0 && tp->snd_cwnd >
sysctl_tcp_max_ssthresh)
cnt = sysctl_tcp_max_ssthresh >> 1; /* limited slow start */
else
- cnt = tp->snd_cwnd; /* exponential increase
*/
+ cnt = snd_cwnd; /* exponential increase
*/
/* RFC3465: ABC
* We MAY increase by 2 if discovered delayed ack
@@ -333,11 +339,11 @@ void tcp_slow_start(struct tcp_sock *tp)
tp->bytes_acked = 0;
tp->snd_cwnd_cnt += cnt;
- while (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
- tp->snd_cwnd_cnt -= tp->snd_cwnd;
+ while (tp->snd_cwnd_cnt >= snd_cwnd) {
+ tp->snd_cwnd_cnt -= snd_cwnd;
delta++;
}
- tp->snd_cwnd = min(tp->snd_cwnd + delta, tp->snd_cwnd_clamp);
+ tp->snd_cwnd = min(snd_cwnd + delta, tp->snd_cwnd_clamp);
}
EXPORT_SYMBOL_GPL(tcp_slow_start);
Patches currently in stable-queue which might be from [email protected] are
queue-3.7/tcp-frto-should-not-set-snd_cwnd-to-0.patch
queue-3.7/net-splice-avoid-high-order-page-splitting.patch
queue-3.7/ipv6-ip6_gre-fix-error-case-handling-in-ip6gre_tunnel_xmit.patch
queue-3.7/tcp-fix-a-panic-on-up-machines-in-reqsk_fastopen_remove.patch
queue-3.7/ip_gre-fix-kernel-panic-in-ip_gre-with-gre-csum.patch
queue-3.7/tcp-fix-for-zero-packets_in_flight-was-too-broad.patch
queue-3.7/tcp-fix-splice-and-tcp-collapsing-interaction.patch
queue-3.7/net-prevent-setting-ttl-0-via-ip_ttl.patch
queue-3.7/tcp-don-t-abort-splice-after-small-transfers.patch
queue-3.7/macvlan-fix-macvlan_get_size.patch
queue-3.7/net-splice-fix-__splice_segment.patch
queue-3.7/net-wireless-overwrite-default_ethtool_ops.patch
queue-3.7/netxen-fix-off-by-one-bug-in-netxen_release_tx_buffer.patch
queue-3.7/net-loopback-fix-a-dst-refcounting-issue.patch
queue-3.7/tcp-fix-incorrect-lockdroppedicmps-counter.patch
queue-3.7/tcp-splice-fix-an-infinite-loop-in-tcp_read_sock.patch
queue-3.7/tcp-fix-an-infinite-loop-in-tcp_slow_start.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
