From: Alexey Kodanev <[email protected]>
Date: Thu, 2 Aug 2018 19:22:05 +0300
> Make sure that the value of "(now - hc->tx_lsndtime) / hc->tx_rto" is
> properly limited when shifting 'u32 cwnd' with it, otherwise we can get:
...
> Fixes: 113ced1f52e5 ("dccp ccid-2: Perform congestion-window validation")
> Signed-off-by: Alexey Kodanev <[email protected]>
...
> @@ -234,7 +234,7 @@ static void ccid2_cwnd_restart(struct sock *sk, const u32
> now)
>
> /* don't reduce cwnd below the initial window (IW) */
> restart_cwnd = min(cwnd, iwnd);
> - cwnd >>= (now - hc->tx_lsndtime) / hc->tx_rto;
> + cwnd >>= min((now - hc->tx_lsndtime) / hc->tx_rto, 31U);
> hc->tx_cwnd = max(cwnd, restart_cwnd);
>
> hc->tx_cwnd_stamp = now;
Better to mimick the TCP cwnd validation code, something like:
s32 delta = now - hc->tx_lsndtime;
while ((delta -= hc->tx_rto) > 0 && cwnd > restart_cwnd)
cwnd >>= 1;
Thanks.
