linux/Documentation
Alexey Dobriyan 0147fc058d tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)
tcp_win_from_space() does the following:

      if (sysctl_tcp_adv_win_scale <= 0)
              return space >> (-sysctl_tcp_adv_win_scale);
      else
              return space - (space >> sysctl_tcp_adv_win_scale);

"space" is int.

As per C99 6.5.7 (3) shifting int for 32 or more bits is
undefined behaviour.

Indeed, if sysctl_tcp_adv_win_scale is exactly 32,
space >> 32 equals space and function returns 0.

Which means we busyloop in tcp_fixup_rcvbuf().

Restrict net.ipv4.tcp_adv_win_scale to [-31, 31].

Fix https://bugzilla.kernel.org/show_bug.cgi?id=20312

Steps to reproduce:

      echo 32 >/proc/sys/net/ipv4/tcp_adv_win_scale
      wget www.kernel.org
      [softlockup]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-28 10:39:45 -08:00
..
2010-02-24 13:51:32 +01:00
2008-10-16 11:21:30 -07:00
2010-08-30 15:25:18 +02:00
2010-07-11 22:17:45 +02:00
2009-06-18 13:04:04 -07:00
2010-10-26 16:52:08 -07:00
2010-04-08 11:34:34 +02:00
2008-12-03 16:09:53 -07:00
2008-07-25 10:53:30 -07:00
2010-10-28 00:32:23 +02:00
2009-10-15 07:25:20 -06:00
2010-09-09 18:57:24 -07:00
2009-07-01 22:36:22 +02:00
2009-04-27 12:00:27 -07:00
2009-04-27 12:00:27 -07:00
2008-11-12 17:17:17 -08:00
2010-03-10 17:09:33 -05:00
2010-07-19 10:56:54 +02:00
2010-03-16 11:47:56 +01:00
2010-08-02 15:35:10 +10:00