BUG/MINOR: quic: SIGFPE in quic_cubic_update() As reported by @Tristan971 in GH #2116, the congestion control window could be zero due to an inversion in the code about the reduction factor to be applied. On a new loss event, it must be applied to the slow start threshold and the window should never be below ->min_cwnd (2*max_udp_payload_sz). Same issue in both newReno and cubic algorithm. Furthermore in newReno, only the threshold was decremented. Must be backported to 2.6 and 2.7.

commit: 595251f22eb7b6bfa8b797e32c3326f5ad9ef07a [log] [tgz]
author: Frédéric Lécaille <flecaille@haproxy.com> Thu Apr 13 10:46:42 2023 +0200
committer: Frédéric Lécaille <flecaille@haproxy.com> Thu Apr 13 19:20:08 2023 +0200
tree: 5bf7e14f49ae5331bcd4c96223dd59a5509c79ff
parent: 9d68c6aaf696c7080ee32beb3e1b07a4c1aa2378 [diff] [blame]
diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c
index d22897b..fd7fef5 100644
--- a/src/quic_cc_cubic.c
+++ b/src/quic_cc_cubic.c

@@ -197,8 +197,8 @@
 	else {
 		c->last_w_max = path->cwnd;
 	}
-	path->cwnd = (CUBIC_BETA * path->cwnd) >> CUBIC_BETA_SCALE_SHIFT;
-	c->ssthresh =  QUIC_MAX(path->cwnd, path->min_cwnd);
+	c->ssthresh = (CUBIC_BETA * path->cwnd) >> CUBIC_BETA_SCALE_SHIFT;
+	path->cwnd =  QUIC_MAX(c->ssthresh, (uint32_t)path->min_cwnd);
 	c->state = QUIC_CC_ST_RP;
 	TRACE_LEAVE(QUIC_EV_CONN_CC, cc->qc, NULL, cc);
 }
commit	595251f22eb7b6bfa8b797e32c3326f5ad9ef07a	[log] [tgz]
author	Frédéric Lécaille <flecaille@haproxy.com>	Thu Apr 13 10:46:42 2023 +0200
committer	Frédéric Lécaille <flecaille@haproxy.com>	Thu Apr 13 19:20:08 2023 +0200
tree	5bf7e14f49ae5331bcd4c96223dd59a5509c79ff
parent	9d68c6aaf696c7080ee32beb3e1b07a4c1aa2378 [diff] [blame]