misc/177456: An error of calculating TCP sequence number will resault in the machine to restart

Sepherosa Ziehau sepherosa at gmail.com
Sat Apr 6 10:04:27 UTC 2013 

On Wed, Apr 3, 2013 at 11:30 PM, Gleb Smirnoff <glebius at freebsd.org> wrote:
> The following reply was made to PR kern/177456; it has been noted by GNATS.
>
> From: Gleb Smirnoff <glebius at FreeBSD.org>
> To: ?????? <lglion718 at 163.com>
> Cc: bug-followup at FreeBSD.org
> Subject: Re: misc/177456: An error of calculating TCP sequence number will
>  resault in the machine to restart
> Date: Wed, 3 Apr 2013 19:21:12 +0400
>
>    Hi!
>
>  On Wed, Apr 03, 2013 at 07:52:42AM +0800, ?????? wrote:
>  ?> I mean there is a bug in FreeBSD's tcp code.  I'm trying to describe it by pictuer. Pelease see the attachments??
>
>  I am trying to model what you are describing in the picture by
>  special crafted code.
>
>  I intentionally model memory allocation failure on first two
>  packets for a connection that has special socket option.
>
>  I'm modelling allocation failure at tcp_output.c near line 900:
>
>  Index: tcp_output.c
>  ===================================================================
>  --- tcp_output.c        (revision 249051)
>  +++ tcp_output.c        (working copy)
>  @@ -898,6 +898,13 @@ send:
>                  else
>                          TCPSTAT_INC(tcps_sndwinup);
>
>  +               /* Fail allocating first 2 packets. */
>  +               if (tp->t_flags & TF_ZHOPA && tp->t_zhopa < 2) {
>  +                       tp->t_zhopa++;
>  +                       m = NULL;
>  +                       error = ENOBUFS;
>  +                       goto out;
>  +               } else
>                  m = m_gethdr(M_NOWAIT, MT_DATA);
>                  if (m == NULL) {
>                          error = ENOBUFS;
>
>
>  I have no success in reproducing your problems. With above code,
>  first 2 packets are failing to allocate, but third retransmission
>  succeeds and connection is established with no problems.
>
>  May be I incorrectly understand your description :( Please don't
>  give up and try to explain again.
>
>  A modelling code that demonstrates problem would be appreciated.

Hope the following analysis helps; IMHO, the reporter probably had hit
the same bug:
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/1ff9b7d322dc5a26f7173aa8c38ecb79da80e419

Best Regards,
sephe

--
Tomorrow Will Never Die

On Wed, Apr 3, 2013 at 11:30 PM, Gleb Smirnoff <glebius at freebsd.org> wrote:
> The following reply was made to PR kern/177456; it has been noted by GNATS.
>
> From: Gleb Smirnoff <glebius at FreeBSD.org>
> To: ?????? <lglion718 at 163.com>
> Cc: bug-followup at FreeBSD.org
> Subject: Re: misc/177456: An error of calculating TCP sequence number will
>  resault in the machine to restart
> Date: Wed, 3 Apr 2013 19:21:12 +0400
>
>    Hi!
>
>  On Wed, Apr 03, 2013 at 07:52:42AM +0800, ?????? wrote:
>  ?> I mean there is a bug in FreeBSD's tcp code.  I'm trying to describe it by pictuer. Pelease see the attachments??
>
>  I am trying to model what you are describing in the picture by
>  special crafted code.
>
>  I intentionally model memory allocation failure on first two
>  packets for a connection that has special socket option.
>
>  I'm modelling allocation failure at tcp_output.c near line 900:
>
>  Index: tcp_output.c
>  ===================================================================
>  --- tcp_output.c        (revision 249051)
>  +++ tcp_output.c        (working copy)
>  @@ -898,6 +898,13 @@ send:
>                  else
>                          TCPSTAT_INC(tcps_sndwinup);
>
>  +               /* Fail allocating first 2 packets. */
>  +               if (tp->t_flags & TF_ZHOPA && tp->t_zhopa < 2) {
>  +                       tp->t_zhopa++;
>  +                       m = NULL;
>  +                       error = ENOBUFS;
>  +                       goto out;
>  +               } else
>                  m = m_gethdr(M_NOWAIT, MT_DATA);
>                  if (m == NULL) {
>                          error = ENOBUFS;
>
>
>  I have no success in reproducing your problems. With above code,
>  first 2 packets are failing to allocate, but third retransmission
>  succeeds and connection is established with no problems.
>
>  May be I incorrectly understand your description :( Please don't
>  give up and try to explain again.
>
>  A modelling code that demonstrates problem would be appreciated.
>
>  --
>  Totus tuus, Glebius.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"



-- 
Tomorrow Will Never Die

More information about the freebsd-net mailing list