From: Jakub Kicinski <kuba@kernel.org>
To: Neal Cardwell <ncardwell@google.com>, stable@kernel.org
Cc: patchwork-bot+netdevbpf@kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, Yuchung Cheng <ycheng@google.com>,
Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
Date: Fri, 12 Aug 2022 12:17:19 -0700 [thread overview]
Message-ID: <20220812121719.0aff4cba@kernel.org> (raw)
In-Reply-To: <CADVnQykD5NRcjmrbP9bgNaVuhpOaSiC1dxCOF03bL5nTo2HP7g@mail.gmail.com>
On Fri, 12 Aug 2022 09:34:14 -0400 Neal Cardwell wrote:
> This first commit is an important bug fix for a serious bug that causes
> TCP connection hangs for users of TCP fast open and nf_conntrack:
>
> c7aab4f17021b netfilter: nf_conntrack_tcp: re-init for syn packets only
>
> We are continuing to get reports about the bug that this commit fixes.
>
> It seems this fix was only backported to v5.17 stable release, and not further,
> due to a cherry-pick conflict, because this fix implicitly depends on a
> slightly earlier v5.17 fix in the same spot:
>
> 82b72cb94666 netfilter: conntrack: re-init state for retransmitted syn-ack
>
> I manually verified that the fix c7aab4f17021b can be cleanly cherry-picked
> into the oldest (v4.9.325) and newest (v5.15.60) longterm release kernels as
> long as we first cherry-pick that related fix that it implicitly depends on:
>
> 82b72cb94666b3dbd7152bb9f441b068af7a921b
> netfilter: conntrack: re-init state for retransmitted syn-ack
>
> c7aab4f17021b636a0ee75bcf28e06fb7c94ab48
> netfilter: nf_conntrack_tcp: re-init for syn packets only
>
> So would it be possible to backport both of those fixes with the following
> cherry-picks, to all LTS stable releases?
>
> git cherry-pick 82b72cb94666b3dbd7152bb9f441b068af7a921b
> git cherry-pick c7aab4f17021b636a0ee75bcf28e06fb7c94ab48
Thanks a lot Neal! FWIW we have recently changed our process and no
longer handle stable submissions ourselves, so in the future feel free
to talk directly to stable@ (and add CC: stable@ tags to patches).
I'm adding stable@, let's see if Greg & team can pick things up based
on your instructions :)
next prev parent reply other threads:[~2022-08-12 19:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 14:21 [PATCH net 0/3] Netfilter fixes for net Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Pablo Neira Ayuso
2022-04-28 17:00 ` patchwork-bot+netdevbpf
2022-08-12 13:34 ` Neal Cardwell
2022-08-12 19:17 ` Jakub Kicinski [this message]
2022-04-28 14:21 ` [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2022-08-13 1:26 [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Thomas Backlund
2022-09-01 12:46 ` Neal Cardwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220812121719.0aff4cba@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=patchwork-bot+netdevbpf@kernel.org \
--cc=stable@kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.