From mboxrd@z Thu Jan 1 00:00:00 1970 From: maowenan Subject: Re: [PATCH 4.9-stable] tcp: add tcp_ooo_try_coalesce() helper Date: Fri, 10 Aug 2018 10:02:32 +0800 Message-ID: <5994000f-ec56-55be-193a-c0632a910902@huawei.com> References: <1533373442.16128.123.camel@infradead.org> <1533373800-22712-1-git-send-email-dwmw@amazon.co.uk> <20180807132256.GH1904@kroah.com> <20e03726-c053-67a3-505a-7110be0f5d34@huawei.com> <20180809124726.GA9500@kroah.com> <1533819122.5775.12.camel@infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Cc: , , , , , , , To: David Woodhouse , Greg KH Return-path: Received: from szxga06-in.huawei.com ([45.249.212.32]:59924 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725724AbeHJEbc (ORCPT ); Fri, 10 Aug 2018 00:31:32 -0400 In-Reply-To: <1533819122.5775.12.camel@infradead.org> Sender: netdev-owner@vger.kernel.org List-ID: On 2018/8/9 20:52, David Woodhouse wrote: > On Thu, 2018-08-09 at 14:47 +0200, Greg KH wrote: >> On Thu, Aug 09, 2018 at 08:37:13PM +0800, maowenan wrote: >>> There are two patches in stable branch linux-4.4, but I have tested with below patches, and found that the cpu usage was very high. >>> dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() >>> 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible >>> >>> test results: >>> with fix patch: 78.2% ksoftirqd >>> no fix patch: 90% ksoftirqd >>> >>> there is %0 when no attack packets. >>> >>> so please help verify that fixed patches are enough in linux-stable 4.4. >>> >> >> I do not know, I am not a network developer. Please try to reproduce >> the same thing on a newer kernel release and see if the result is the >> same or not. If you can find a change that I missed, please let me know >> and I will be glad to apply it. > > maowenan, there were five patches in the original upstream set to > address SegmentSmack: > > tcp: free batches of packets in tcp_prune_ofo_queue() > tcp: avoid collapses in tcp_prune_queue() if possible > tcp: detect malicious patterns in tcp_collapse_ofo_queue() > t > cp: call tcp_drop() from tcp_data_queue_ofo() > tcp: add > tcp_ooo_try_coalesce() helper > > I believe that the first one, "free batches of packets..." is not > needed in 4.4 because we only have a simple queue of packets there > anyway, so we're dropping everything each time and don't need the > heuristics for how many to drop. > > That leaves two more which have so far not been backported to 4.4; can > you try applying them and see if it resolves the problem for you? ok, i will try. > > Thanks. >