Date: Thu, 08 Feb 2024 17:38:14 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276674] [panic] [htcp] sysctl net.inet.tcp.cc.algorithm=htcp produces kernel panic Message-ID: <bug-276674-7501-ZsS8BVuqhZ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-276674-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-276674-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276674 --- Comment #9 from Richard Scheffenegger <rscheff@freebsd.org> --- Looking at the code in question, a div/0 could happen when cwnd < t_maxseg.= =20 While it's not clear why and how that may happen, addressing the div/0 shou= ld be easy by max(maxseg, cwnd)/maxseg so that this term will be at least 1, a= nd a div/0 is avoided. HTCP is not actively maintained, so tracking why cwnd could end up smaller = than maxseg would be more involved (running with active BBLog and extracting the relevant data once another crash happens; running BBlog continously will probably cost some performance. diff --git a/sys/netinet/cc/cc_htcp.c b/sys/netinet/cc/cc_htcp.c index d31720d0099f..a858558d7aa5 100644 --- a/sys/netinet/cc/cc_htcp.c +++ b/sys/netinet/cc/cc_htcp.c @@ -229,9 +229,9 @@ htcp_ack_received(struct cc_var *ccv, uint16_t type) * per RTT. */ CCV(ccv, snd_cwnd) +=3D (((htcp_data->alpha= << - HTCP_SHIFT) / (CCV(ccv, snd_cwnd) / - CCV(ccv, t_maxseg))) * CCV(ccv, t_maxse= g)) - >> HTCP_SHIFT; + HTCP_SHIFT) / (max(CCV(ccv, t_maxseg), + CCV(ccv, snd_cwnd)) / CCV(ccv, t_maxseg= ))) * + CCV(ccv, t_maxseg)) >> HTCP_SHIFT; } } } --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276674-7501-ZsS8BVuqhZ>