aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIlpo Järvinen <ilpo.jarvinen@helsinki.fi>2008-03-11 20:55:27 -0400
committerDavid S. Miller <davem@davemloft.net>2008-03-11 20:55:27 -0400
commit5ea3a7480606cef06321cd85bc5113c72d2c7c68 (patch)
tree202d758d85e60b2a38cd7dd57b41a47d97ebbce8
parent445815d7ea4f59baf103f28b45f7dd45f21ff75d (diff)
[TCP]: Prevent sending past receiver window with TSO (at last skb)
With TSO it was possible to send past the receiver window when the skb to be sent was the last in the write queue while the receiver window is the limiting factor. One can notice that there's a loophole in the tcp_mss_split_point that lacked a receiver window check for the tcp_write_queue_tail() if also cwnd was smaller than the full skb. Noticed by Thomas Gleixner <tglx@linutronix.de> in form of "Treason uncloaked! Peer ... shrinks window .... Repaired." messages (the peer didn't actually shrink its window as the message suggests, we had just sent something past it without a permission to do so). Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Tested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/tcp_output.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index ed750f9ceb07..01578f544ad6 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1035,6 +1035,13 @@ static void tcp_cwnd_validate(struct sock *sk)
1035 * introducing MSS oddities to segment boundaries. In rare cases where 1035 * introducing MSS oddities to segment boundaries. In rare cases where
1036 * mss_now != mss_cache, we will request caller to create a small skb 1036 * mss_now != mss_cache, we will request caller to create a small skb
1037 * per input skb which could be mostly avoided here (if desired). 1037 * per input skb which could be mostly avoided here (if desired).
1038 *
1039 * We explicitly want to create a request for splitting write queue tail
1040 * to a small skb for Nagle purposes while avoiding unnecessary modulos,
1041 * thus all the complexity (cwnd_len is always MSS multiple which we
1042 * return whenever allowed by the other factors). Basically we need the
1043 * modulo only when the receiver window alone is the limiting factor or
1044 * when we would be allowed to send the split-due-to-Nagle skb fully.
1038 */ 1045 */
1039static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb, 1046static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb,
1040 unsigned int mss_now, unsigned int cwnd) 1047 unsigned int mss_now, unsigned int cwnd)
@@ -1048,10 +1055,11 @@ static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb,
1048 if (likely(cwnd_len <= window && skb != tcp_write_queue_tail(sk))) 1055 if (likely(cwnd_len <= window && skb != tcp_write_queue_tail(sk)))
1049 return cwnd_len; 1056 return cwnd_len;
1050 1057
1051 if (skb == tcp_write_queue_tail(sk) && cwnd_len <= skb->len) 1058 needed = min(skb->len, window);
1059
1060 if (skb == tcp_write_queue_tail(sk) && cwnd_len <= needed)
1052 return cwnd_len; 1061 return cwnd_len;
1053 1062
1054 needed = min(skb->len, window);
1055 return needed - needed % mss_now; 1063 return needed - needed % mss_now;
1056} 1064}
1057 1065