From: Greg KH <gregkh@linux-foundation.org>
To: Mao Wenan <maowenan@huawei.com>
Cc: dwmw2@infradead.org, netdev@vger.kernel.org,
eric.dumazet@gmail.com, edumazet@google.com, davem@davemloft.net,
ycheng@google.com, jdw@amazon.de
Subject: Re: [PATCH stable 4.4 5/9] tcp: free batches of packets in tcp_prune_ofo_queue()
Date: Wed, 15 Aug 2018 15:25:09 +0200 [thread overview]
Message-ID: <20180815132509.GH31330@kroah.com> (raw)
In-Reply-To: <1534339268-111834-6-git-send-email-maowenan@huawei.com>
On Wed, Aug 15, 2018 at 09:21:04PM +0800, Mao Wenan wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> Juha-Matti Tilli reported that malicious peers could inject tiny
> packets in out_of_order_queue, forcing very expensive calls
> to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
> every incoming packet. out_of_order_queue rb-tree can contain
> thousands of nodes, iterating over all of them is not nice.
>
> Before linux-4.9, we would have pruned all packets in ofo_queue
> in one go, every XXXX packets. XXXX depends on sk_rcvbuf and skbs
> truesize, but is about 7000 packets with tcp_rmem[2] default of 6 MB.
>
> Since we plan to increase tcp_rmem[2] in the future to cope with
> modern BDP, can not revert to the old behavior, without great pain.
>
> Strategy taken in this patch is to purge ~12.5 % of the queue capacity.
>
> Fixes: 36a6503fedda ("tcp: refine tcp_prune_ofo_queue() to not drop all packets")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Juha-Matti Tilli <juha-matti.tilli@iki.fi>
> Acked-by: Yuchung Cheng <ycheng@google.com>
> Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: root <root@localhost.localdomain>
root?
And commit id?
thanks,
greg k-h
next prev parent reply other threads:[~2018-08-15 16:17 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 13:20 [PATCH stable 4.4 0/9] fix SegmentSmack (CVE-2018-5390) Mao Wenan
2018-08-15 13:21 ` [PATCH stable 4.4 1/9] Revert "tcp: detect malicious patterns in tcp_collapse_ofo_queue()" Mao Wenan
2018-08-15 13:18 ` Greg KH
2018-08-16 1:55 ` maowenan
2018-08-16 6:04 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 2/9] Revert "tcp: avoid collapses in tcp_prune_queue() if possible" Mao Wenan
2018-08-15 13:18 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 3/9] tcp: increment sk_drops for dropped rx packets Mao Wenan
2018-08-15 13:21 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 4/9] tcp: use an RB tree for ooo receive queue Mao Wenan
2018-08-15 13:25 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 5/9] tcp: free batches of packets in tcp_prune_ofo_queue() Mao Wenan
2018-08-15 13:25 ` Greg KH [this message]
2018-08-15 13:21 ` [PATCH stable 4.4 6/9] tcp: avoid collapses in tcp_prune_queue() if possible Mao Wenan
2018-08-15 13:25 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 7/9] tcp: detect malicious patterns in tcp_collapse_ofo_queue() Mao Wenan
2018-08-15 13:19 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 8/9] tcp: call tcp_drop() from tcp_data_queue_ofo() Mao Wenan
2018-08-15 13:24 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 9/9] tcp: add tcp_ooo_try_coalesce() helper Mao Wenan
2018-08-15 13:24 ` Greg KH
2018-08-15 13:24 ` [PATCH stable 4.4 0/9] fix SegmentSmack (CVE-2018-5390) Greg KH
2018-08-15 15:41 ` Greg KH
2018-08-16 1:20 ` maowenan
-- strict thread matches above, loose matches on Subject: below --
2018-08-16 2:50 [PATCH stable 4.4 0/9] fix SegmentSmack in stable branch (CVE-2018-5390) Mao Wenan
2018-08-16 2:50 ` [PATCH stable 4.4 5/9] tcp: free batches of packets in tcp_prune_ofo_queue() Mao Wenan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180815132509.GH31330@kroah.com \
--to=gregkh@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dwmw2@infradead.org \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=jdw@amazon.de \
--cc=maowenan@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.