linux/net/ipv4
Ilpo Järvinen a6604471db tcp: fix skb vs fack_count out-of-sync condition
This bug is able to corrupt fackets_out in very rare cases.
In order for this to cause corruption:
  1) DSACK in the middle of previous SACK block must be generated.
  2) In order to take that particular branch, part or all of the
     DSACKed segment must already be SACKed so that we have that
     in cache in the first place.
  3) The new info must be top enough so that fackets_out will be
     updated on this iteration.
...then fack_count is updated while skb wasn't, then we walk again
that particular segment thus updating fack_count twice for
a single skb and finally that value is assigned to fackets_out
by tcp_sacktag_one.

It is safe to call tcp_sacktag_one just once for a segment (at
DSACK), no need to call again for plain SACK.

Potential problem of the miscount are limited to premature entry
to recovery and to inflated reordering metric (which could even
cancel each other out in the most the luckiest scenarios :-)).
Both are quite insignificant in worst case too and there exists
also code to reset them (fackets_out once sacked_out becomes zero
and reordering metric on RTO).

This has been reported by a number of people, because it occurred
quite rarely, it has been very evasive. Andy Furniss was able to
get it to occur couple of times so that a bit more info was
collected about the problem using a debug patch, though it still
required lot of checking around. Thanks also to others who have
tried to help here.

This is listed as Bugzilla #10346. The bug was introduced by
me in commit 68f8353b48 ([TCP]: Rewrite SACK block processing & 
sack_recv_cache use), I probably thought back then that there's
need to scan that entry twice or didn't dare to make it go
through it just once there. Going through twice would have
required restoring fack_count after the walk but as noted above,
I chose to drop the additional walk step altogether here.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04 12:07:44 -07:00
..
ipvs ipvs: fix oops in backup for fwmark conn templates 2008-04-29 03:21:23 -07:00
netfilter netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 02:45:42 -07:00
af_inet.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c net/ipv4/arp.c: Use common hex_asc helpers 2008-05-21 17:34:32 -07:00
cipso_ipv4.c cipso: Relax too much careful cipso hash function. 2008-05-13 23:23:55 -07:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c route: Remove unused ifa_anycast field 2008-06-03 16:37:33 -07:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c route: Mark unused routing attributes as such 2008-06-03 16:36:27 -07:00
fib_hash.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
fib_semantics.c [NETNS]: Add netns refcnt debug into fib_info. 2008-04-16 02:00:50 -07:00
fib_trie.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
icmp.c ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() 2008-04-29 03:32:25 -07:00
igmp.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
inet_connection_sock.c [SOCK]: Add some notes about per-bind-bucket sock lookup. 2008-04-14 02:42:27 -07:00
inet_diag.c [NETNS]: Tcp-v6 sockets per-net lookup. 2008-01-31 19:28:20 -08:00
inet_fragment.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
inet_hashtables.c [INET]: Uninline the __inet_inherit_port call. 2008-04-17 23:18:15 -07:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [NETNS]: Add netns refcnt debug for timewait buckets. 2008-04-16 02:00:28 -07:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
ip_fragment.c [IPV4]: Use NIPQUAD_FMT to format ipv4 addresses. 2008-04-14 04:09:00 -07:00
ip_gre.c net: The world is not perfect patch. 2008-05-21 17:47:54 -07:00
ip_input.c net/ipv4: correct RFC 1122 section reference in comment 2008-05-08 01:11:04 -07:00
ip_options.c [IPV4]: Convert do_gettimeofday() to getnstimeofday(). 2008-04-21 02:34:08 -07:00
ip_output.c [IPv4] UFO: prevent generation of chained skb destined to UFO device 2008-04-29 22:36:30 -07:00
ip_sockglue.c net: Add compat support for getsockopt (MCAST_MSFILTER) 2008-04-29 03:23:22 -07:00
ipcomp.c net: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:15:50 -04:00
ipconfig.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
ipip.c net: The world is not perfect patch. 2008-05-21 17:47:54 -07:00
ipmr.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
Kconfig Documentation: move nfsroot.txt to filesystems/ 2008-04-11 13:18:01 -06:00
Makefile [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
netfilter.c [NETFILTER]: Add partial checksum validation helper 2008-04-14 11:15:49 +02:00
proc.c [IPV4][NETNS]: Display per-net info in sockstat file. 2008-03-31 19:43:18 -07:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
route.c route: Mark unused route cache flags as such. 2008-06-03 16:36:01 -07:00
syncookies.c [Syncookies]: Add support for TCP options via timestamps. 2008-04-10 03:12:40 -07:00
sysctl_net_ipv4.c [NETNS][ICMP]: Make ctl tables for ICMP sysctls per-net. 2008-03-26 01:56:24 -07:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c tcp: Limit cwnd growth when deferring for GSO 2008-04-29 03:13:52 -07:00
tcp_cubic.c rename div64_64 to div64_u64 2008-05-01 08:03:58 -07:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c tcp: fix skb vs fack_count out-of-sync condition 2008-06-04 12:07:44 -07:00
tcp_ipv4.c ipv4: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:10:08 -07:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c [TCP]: TCP_DEFER_ACCEPT updates - process as established 2008-03-21 16:33:01 -07:00
tcp_output.c tcp: TCP connection times out if ICMP frag needed is delayed 2008-05-21 16:42:20 -07:00
tcp_probe.c tcp: tcp_probe buffer overflow and incorrect return value 2008-04-24 21:11:58 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c [TCP]: Format addresses appropriately in debug messages. 2008-04-14 04:09:36 -07:00
tcp_vegas.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp.c tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.c 2008-04-21 02:27:58 -07:00
tunnel4.c [SIT]: Allow for IPPROTO_IPV6 protocol in namespaces. 2008-04-16 01:17:39 -07:00
udp_impl.h [UDP]: Make full use of proto.h.udp_hash innovation. 2008-03-22 16:51:21 -07:00
udp.c ipv4: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:10:08 -07:00
udplite.c [UDP]: Remove owner from udp_seq_afinfo. 2008-03-28 18:25:53 -07:00
xfrm4_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00