From: Fu Siyuan Date: Wed, 3 May 2017 07:21:23 +0000 (+0800) Subject: MdeModulePkg: Add wnd scale check before shrinking window. X-Git-Tag: edk2-stable201903~4063 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=207b3d2b0b7db33bd65e1943a66d7ee9b7132697 MdeModulePkg: Add wnd scale check before shrinking window. Moving Right window edge to the left on sender side without additional check can lead to the TCP deadlock, when receiver ACKs proper segment, while sender discards it for future ACK. To prevent this add check if usable window (or shrink amount in this case) is bigger then receiver's window scale factor. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Andrey Tepin Reviewed-by: Fu Siyuan --- diff --git a/MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Input.c b/MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Input.c index 1000538f87..72955c6c5e 100644 --- a/MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Input.c +++ b/MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Input.c @@ -1,7 +1,7 @@ /** @file TCP input process routines. -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -703,7 +703,8 @@ TcpInput ( TCP_SEG *Seg; TCP_SEQNO Right; TCP_SEQNO Urg; - + INT32 Usable; + NET_CHECK_SIGNATURE (Nbuf, NET_BUF_SIGNATURE); Parent = NULL; @@ -1187,9 +1188,27 @@ TcpInput ( } if (TCP_SEQ_LT (Right, Tcb->SndNxt)) { - - Tcb->SndNxt = Right; - + // + // Check for Window Retraction in RFC7923 section 2.4. + // The lower n bits of the peer's actual receive window is wiped out if TCP + // window scale is enabled, it will look like the peer is shrinking the window. + // Check whether the SndNxt is out of the advertised receive window by more than + // 2^Rcv.Wind.Shift before moving the SndNxt to the left. + // + DEBUG ( + (EFI_D_WARN, + "TcpInput: peer advise negative useable window for connected TCB %p\n", + Tcb) + ); + Usable = TCP_SUB_SEQ (Tcb->SndNxt, Right); + if ((Usable >> Tcb->SndWndScale) > 0) { + DEBUG ( + (EFI_D_WARN, + "TcpInput: SndNxt is out of window by more than window scale for TCB %p\n", + Tcb) + ); + Tcb->SndNxt = Right; + } if (Right == Tcb->SndUna) { TcpClearTimer (Tcb, TCP_TIMER_REXMIT);