lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20e03726-c053-67a3-505a-7110be0f5d34@huawei.com>
Date:   Thu, 9 Aug 2018 20:37:13 +0800
From:   maowenan <maowenan@...wei.com>
To:     Greg KH <gregkh@...ux-foundation.org>,
        David Woodhouse <dwmw@...zon.co.uk>
CC:     <davem@...emloft.net>, <edumazet@...gle.com>,
        <juha-matti.tilli@....fi>, <ycheng@...gle.com>,
        <soheil@...gle.com>, <netdev@...r.kernel.org>,
        <eric.dumazet@...il.com>, <dwmw2@...radead.org>, <jdw@...zon.de>
Subject: Re: [PATCH 4.9-stable] tcp: add tcp_ooo_try_coalesce() helper



On 2018/8/7 21:22, Greg KH wrote:
> On Sat, Aug 04, 2018 at 10:10:00AM +0100, David Woodhouse wrote:
>> From: Eric Dumazet <edumazet@...gle.com>
>>
>> commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c upstream.
>>
>> In case skb in out_or_order_queue is the result of
>> multiple skbs coalescing, we would like to get a proper gso_segs
>> counter tracking, so that future tcp_drop() can report an accurate
>> number.
>>
>> I chose to not implement this tracking for skbs in receive queue,
>> since they are not dropped, unless socket is disconnected.
>>
>> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
>> Acked-by: Soheil Hassas Yeganeh <soheil@...gle.com>
>> Acked-by: Yuchung Cheng <ycheng@...gle.com>
>> Signed-off-by: David S. Miller <davem@...emloft.net>
>> Signed-off-by: David Woodhouse <dwmw@...zon.co.uk>
>> ---
>>  net/ipv4/tcp_input.c | 23 +++++++++++++++++++++--
>>  1 file changed, 21 insertions(+), 2 deletions(-)
> 
> Now applied, thanks,
> 
> greg k-h
> 
> .
> 

Hello,

There are two patches in stable branch linux-4.4, but I have tested with below patches, and found that the cpu usage was very high.
dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible

test results:
with fix patch: 78.2%   ksoftirqd
no fix patch:   90%     ksoftirqd

there is %0 when no attack packets.

so please help verify that fixed patches are enough in linux-stable 4.4.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ