tcp: consider recv buf for the initial window scale

commit f626300a3e776ccc9671b0dd94698fb3aa315966 upstream.

tcp_select_initial_window() intends to advertise a window
scaling for the maximum possible window size. To do so,
it considers the maximum of net.ipv4.tcp_rmem[2] and
net.core.rmem_max as the only possible upper-bounds.
However, users with CAP_NET_ADMIN can use SO_RCVBUFFORCE
to set the socket's receive buffer size to values
larger than net.ipv4.tcp_rmem[2] and net.core.rmem_max.
Thus, SO_RCVBUFFORCE is effectively ignored by
tcp_select_initial_window().

To fix this, consider the maximum of net.ipv4.tcp_rmem[2],
net.core.rmem_max and socket's initial buffer space.

Fixes: b0573dea1fb3 ("[NET]: Introduce SO_{SND,RCV}BUFFORCE socket options")
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Suggested-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 76c80b59e80fd1d007f8b83e88db87455e625d51..276b28301a6b47c97d12e36106a35a6f4850700f 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -222,7 +222,8 @@ void tcp_select_initial_window(int __space, __u32 mss,
                /* Set window scaling on max possible window
                 * See RFC1323 for an explanation of the limit to 14
                 */
-               space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max);
+               space = max_t(u32, space, sysctl_tcp_rmem[2]);
+               space = max_t(u32, space, sysctl_rmem_max);
                space = min_t(u32, space, *window_clamp);
                while (space > 65535 && (*rcv_wscale) < 14) {
                        space >>= 1;