From: Jakub Kicinski <kuba@kernel.org>
To: Neal Cardwell <ncardwell@google.com>, stable@kernel.org
Cc: patchwork-bot+netdevbpf@kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, Yuchung Cheng <ycheng@google.com>,
Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
Date: Fri, 12 Aug 2022 12:17:19 -0700 [thread overview]
Message-ID: <20220812121719.0aff4cba@kernel.org> (raw)
In-Reply-To: <CADVnQykD5NRcjmrbP9bgNaVuhpOaSiC1dxCOF03bL5nTo2HP7g@mail.gmail.com>
On Fri, 12 Aug 2022 09:34:14 -0400 Neal Cardwell wrote:
> This first commit is an important bug fix for a serious bug that causes
> TCP connection hangs for users of TCP fast open and nf_conntrack:
>
> c7aab4f17021b netfilter: nf_conntrack_tcp: re-init for syn packets only
>
> We are continuing to get reports about the bug that this commit fixes.
>
> It seems this fix was only backported to v5.17 stable release, and not further,
> due to a cherry-pick conflict, because this fix implicitly depends on a
> slightly earlier v5.17 fix in the same spot:
>
> 82b72cb94666 netfilter: conntrack: re-init state for retransmitted syn-ack
>
> I manually verified that the fix c7aab4f17021b can be cleanly cherry-picked
> into the oldest (v4.9.325) and newest (v5.15.60) longterm release kernels as
> long as we first cherry-pick that related fix that it implicitly depends on:
>
> 82b72cb94666b3dbd7152bb9f441b068af7a921b
> netfilter: conntrack: re-init state for retransmitted syn-ack
>
> c7aab4f17021b636a0ee75bcf28e06fb7c94ab48
> netfilter: nf_conntrack_tcp: re-init for syn packets only
>
> So would it be possible to backport both of those fixes with the following
> cherry-picks, to all LTS stable releases?
>
> git cherry-pick 82b72cb94666b3dbd7152bb9f441b068af7a921b
> git cherry-pick c7aab4f17021b636a0ee75bcf28e06fb7c94ab48
Thanks a lot Neal! FWIW we have recently changed our process and no
longer handle stable submissions ourselves, so in the future feel free
to talk directly to stable@ (and add CC: stable@ tags to patches).
I'm adding stable@, let's see if Greg & team can pick things up based
on your instructions :)
next prev parent reply other threads:[~2022-08-12 19:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 14:21 [PATCH net 0/3] Netfilter fixes for net Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Pablo Neira Ayuso
2022-04-28 17:00 ` patchwork-bot+netdevbpf
2022-08-12 13:34 ` Neal Cardwell
2022-08-12 19:17 ` Jakub Kicinski [this message]
2022-04-28 14:21 ` [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2022-08-13 1:26 [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Thomas Backlund
2022-09-01 12:46 ` Neal Cardwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220812121719.0aff4cba@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=patchwork-bot+netdevbpf@kernel.org \
--cc=stable@kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).