From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Gao Feng <fgao@ikuai8.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 3.18 19/68] tcp: sysctl: Fix a race to avoid unexpected 0 window from space
Date: Mon, 19 Mar 2018 19:05:57 +0100 [thread overview]
Message-ID: <20180319171830.571358571@linuxfoundation.org> (raw)
In-Reply-To: <20180319171827.899658615@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gao Feng <fgao@ikuai8.com>
[ Upstream commit c48367427a39ea0b85c7cf018fe4256627abfd9e ]
Because sysctl_tcp_adv_win_scale could be changed any time, so there
is one race in tcp_win_from_space.
For example,
1.sysctl_tcp_adv_win_scale<=0 (sysctl_tcp_adv_win_scale is negative now)
2.space>>(-sysctl_tcp_adv_win_scale) (sysctl_tcp_adv_win_scale is postive now)
As a result, tcp_win_from_space returns 0. It is unexpected.
Certainly if the compiler put the sysctl_tcp_adv_win_scale into one
register firstly, then use the register directly, it would be ok.
But we could not depend on the compiler behavior.
Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/tcp.h | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1099,9 +1099,11 @@ void tcp_select_initial_window(int __spa
static inline int tcp_win_from_space(int space)
{
- return sysctl_tcp_adv_win_scale<=0 ?
- (space>>(-sysctl_tcp_adv_win_scale)) :
- space - (space>>sysctl_tcp_adv_win_scale);
+ int tcp_adv_win_scale = sysctl_tcp_adv_win_scale;
+
+ return tcp_adv_win_scale <= 0 ?
+ (space>>(-tcp_adv_win_scale)) :
+ space - (space>>tcp_adv_win_scale);
}
/* Note: caller must be prepared to deal with negative returns */
next prev parent reply other threads:[~2018-03-19 18:05 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-19 18:05 [PATCH 3.18 00/68] 3.18.101-stable review Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 01/68] Input: tsc2007 - check for presence and power down tsc2007 during probe Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 02/68] HID: reject input outside logical range only if null state is set Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 03/68] net: mvpp2: set dma mask and coherent dma mask on PPv2.2 Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 04/68] PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 05/68] selinux: check for address length in selinux_socket_bind() Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 06/68] perf tools: Make perf_event__synthesize_mmap_events() scale Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 07/68] drivers: net: xgene: Fix hardware checksum setting Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 08/68] drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 09/68] ath10k: disallow DFS simulation if DFS channel is not enabled Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 10/68] HID: clamp input to logical range if no null state Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 11/68] ARM: dts: Adjust moxart IRQ controller and flags Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 12/68] batman-adv: handle race condition for claims between gateways Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 13/68] of: fix of_device_get_modalias returned length when truncating buffers Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 14/68] scsi: ipr: Fix missed EH wakeup Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 15/68] [media] media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 16/68] timers, sched_clock: Update timeout for clock wrap Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 17/68] sched: act_csum: dont mangle TCP and UDP GSO packets Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 18/68] spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Greg Kroah-Hartman
2018-03-19 18:05 ` Greg Kroah-Hartman [this message]
2018-03-19 18:05 ` [PATCH 3.18 20/68] mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Greg Kroah-Hartman
2018-03-19 18:05 ` [PATCH 3.18 21/68] blk-throttle: make sure expire time isnt too big Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 22/68] ARM: DRA7: hwmod_data: Prevent wait_target_disable error for usb_otg_ss Greg Kroah-Hartman
2018-03-21 10:37 ` Roger Quadros
2018-03-21 11:02 ` Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 23/68] braille-console: Fix value returned by _braille_console_setup Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 24/68] ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 25/68] ARM: dts: r8a7791: " Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 26/68] powerpc: Avoid taking a data miss on every userspace instruction miss Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 27/68] net/faraday: Add missing include of of.h Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 28/68] reiserfs: Make cancel_old_flush() reliable Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 29/68] fm10k: correctly check if interface is removed Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 30/68] apparmor: Make path_max parameter readonly Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 31/68] iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 32/68] video: ARM CLCD: fix dma allocation size Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 33/68] drm/radeon: Fail fb creation from imported dma-bufs Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 34/68] MIPS: BPF: Quit clobbering callee saved registers in JIT code Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 35/68] regulator: isl9305: fix array size Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 36/68] usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 37/68] perf inject: Copy events when reordering events in pipe mode Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 38/68] perf session: Dont rely on evlist " Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 39/68] scsi: sg: check for valid direction before starting the request Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 40/68] scsi: sg: close race condition in sg_remove_sfp_usercontext() Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 41/68] kprobes/x86: Fix kprobe-booster not to boost far call instructions Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 42/68] kprobes/x86: Set kprobes pages read-only Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 43/68] wil6210: fix memory access violation in wil_memcpy_from/toio_32 Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 44/68] HID: elo: clear BTN_LEFT mapping Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 45/68] sched: Stop resched_cpu() from sending IPIs to offline CPUs Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 46/68] net: xfrm: allow clearing socket xfrm policies Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 47/68] mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 48/68] ARM: dts: am335x-pepper: Fix the audio CODECs reset pin Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 49/68] ARM: dts: omap3-n900: " Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 50/68] mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 51/68] tools/usbip: fixes build with musl libc toolchain Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 52/68] spi: sun6i: disable/unprepare clocks on remove Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 53/68] scsi: devinfo: apply to HP XP the same flags as Hitachi VSP Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 54/68] media: cpia2: Fix a couple off by one bugs Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 55/68] veth: set peer GSO values Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 56/68] mac80211: remove BUG() when interface type is invalid Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 57/68] ASoC: nuc900: Fix a loop timeout test Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 58/68] rcutorture/configinit: Fix build directory error message Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 59/68] ima: relax requiring a file signature for new files with zero length Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 60/68] ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 61/68] ALSA: seq: Fix possible UAF in snd_seq_check_queue() Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 62/68] ALSA: seq: Clear client entry before deleting else at closing Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 63/68] lock_parent() needs to recheck if dentry got __dentry_killed under it Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 64/68] fs/aio: Add explicit RCU grace period when freeing kioctx Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 65/68] fs/aio: Use RCU accessors for kioctx_table->table[] Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 66/68] scsi: sg: fix SG_DXFER_FROM_DEV transfers Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 67/68] scsi: sg: fix static checker warning in sg_is_valid_dxfer Greg Kroah-Hartman
2018-03-19 18:06 ` [PATCH 3.18 68/68] scsi: sg: only check for dxfer_len greater than 256M Greg Kroah-Hartman
2018-03-19 22:00 ` [PATCH 3.18 00/68] 3.18.101-stable review kernelci.org bot
2018-03-20 14:47 ` Guenter Roeck
2018-03-21 11:03 ` Greg Kroah-Hartman
2018-03-20 17:34 ` Shuah Khan
2018-03-20 17:50 ` Harsh Shandilya
2018-03-21 10:05 ` Greg Kroah-Hartman
2018-03-21 11:04 ` Greg Kroah-Hartman
2018-03-21 17:47 ` Guenter Roeck
2018-03-22 8:21 ` Greg Kroah-Hartman
2018-03-22 16:39 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180319171830.571358571@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=davem@davemloft.net \
--cc=fgao@ikuai8.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).