git.ipfire.org Git - people/ms/linux.git/commit

author	Eric Dumazet <edumazet@google.com>
	Tue, 6 Aug 2013 00:10:15 +0000 (17:10 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 14 Sep 2013 12:50:47 +0000 (05:50 -0700)
commit	28e9a84cdf505686ac00ead1adcbc75f26b48487
tree	9253925b2adfd349b4bb2c74cadc601499e67bb6	tree \| snapshot
parent	45ff4d68f223419b7d77bc64cb4bbc0bc86c54d4	commit \| diff

tcp: cubic: fix overflow error in bictcp_update()

[ Upstream commit 2ed0edf9090bf4afa2c6fc4f38575a85a80d4b20 ]

commit 17a6e9f1aa9 ("tcp_cubic: fix clock dependency") added an
overflow error in bictcp_update() in following code :

/* change the unit from HZ to bictcp_HZ */
t = ((tcp_time_stamp + msecs_to_jiffies(ca->delay_min>>3) -
ca->epoch_start) << BICTCP_HZ) / HZ;

Because msecs_to_jiffies() being unsigned long, compiler does
implicit type promotion.

We really want to constrain (tcp_time_stamp - ca->epoch_start)
to a signed 32bit value, or else 't' has unexpected high values.

This bugs triggers an increase of retransmit rates ~24 days after
boot [1], as the high order bit of tcp_time_stamp flips.

[1] for hosts with HZ=1000

Big thanks to Van Jacobson for spotting this problem.

Diagnosed-by: Van Jacobson <vanj@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>