Date: Thu, 08 Feb 2024 17:38:14 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276674] [panic] [htcp] sysctl net.inet.tcp.cc.algorithm=htcp produces kernel panic Message-ID: <bug-276674-7501-ZsS8BVuqhZ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-276674-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-276674-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276674 --- Comment #9 from Richard Scheffenegger <rscheff@freebsd.org> --- Looking at the code in question, a div/0 could happen when cwnd < t_maxseg. While it's not clear why and how that may happen, addressing the div/0 should be easy by max(maxseg, cwnd)/maxseg so that this term will be at least 1, and a div/0 is avoided. HTCP is not actively maintained, so tracking why cwnd could end up smaller than maxseg would be more involved (running with active BBLog and extracting the relevant data once another crash happens; running BBlog continously will probably cost some performance. diff --git a/sys/netinet/cc/cc_htcp.c b/sys/netinet/cc/cc_htcp.c index d31720d0099f..a858558d7aa5 100644 --- a/sys/netinet/cc/cc_htcp.c +++ b/sys/netinet/cc/cc_htcp.c @@ -229,9 +229,9 @@ htcp_ack_received(struct cc_var *ccv, uint16_t type) * per RTT. */ CCV(ccv, snd_cwnd) += (((htcp_data->alpha << - HTCP_SHIFT) / (CCV(ccv, snd_cwnd) / - CCV(ccv, t_maxseg))) * CCV(ccv, t_maxseg)) - >> HTCP_SHIFT; + HTCP_SHIFT) / (max(CCV(ccv, t_maxseg), + CCV(ccv, snd_cwnd)) / CCV(ccv, t_maxseg))) * + CCV(ccv, t_maxseg)) >> HTCP_SHIFT; } } } -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276674-7501-ZsS8BVuqhZ>