[Bug 276674] [panic] [htcp] sysctl net.inet.tcp.cc.algorithm=htcp produces kernel panic
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 Feb 2024 17:38:14 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276674
--- Comment #9 from Richard Scheffenegger <rscheff@freebsd.org> ---
Looking at the code in question, a div/0 could happen when cwnd < t_maxseg.
While it's not clear why and how that may happen, addressing the div/0 should
be easy by max(maxseg, cwnd)/maxseg so that this term will be at least 1, and a
div/0 is avoided.
HTCP is not actively maintained, so tracking why cwnd could end up smaller than
maxseg would be more involved (running with active BBLog and extracting the
relevant data once another crash happens; running BBlog continously will
probably cost some performance.
diff --git a/sys/netinet/cc/cc_htcp.c b/sys/netinet/cc/cc_htcp.c
index d31720d0099f..a858558d7aa5 100644
--- a/sys/netinet/cc/cc_htcp.c
+++ b/sys/netinet/cc/cc_htcp.c
@@ -229,9 +229,9 @@ htcp_ack_received(struct cc_var *ccv, uint16_t type)
* per RTT.
*/
CCV(ccv, snd_cwnd) += (((htcp_data->alpha <<
- HTCP_SHIFT) / (CCV(ccv, snd_cwnd) /
- CCV(ccv, t_maxseg))) * CCV(ccv, t_maxseg))
- >> HTCP_SHIFT;
+ HTCP_SHIFT) / (max(CCV(ccv, t_maxseg),
+ CCV(ccv, snd_cwnd)) / CCV(ccv, t_maxseg)))
*
+ CCV(ccv, t_maxseg)) >> HTCP_SHIFT;
}
}
}
--
You are receiving this mail because:
You are the assignee for the bug.