lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Aug 2018 09:56:06 +0800
From:   maowenan <maowenan@...wei.com>
To:     Greg KH <gregkh@...ux-foundation.org>
CC:     David Woodhouse <dwmw@...zon.co.uk>, <davem@...emloft.net>,
        <edumazet@...gle.com>, <juha-matti.tilli@....fi>,
        <ycheng@...gle.com>, <soheil@...gle.com>, <netdev@...r.kernel.org>,
        <eric.dumazet@...il.com>, <dwmw2@...radead.org>, <jdw@...zon.de>
Subject: Re: [PATCH 4.9-stable] tcp: add tcp_ooo_try_coalesce() helper



On 2018/8/9 20:47, Greg KH wrote:
> On Thu, Aug 09, 2018 at 08:37:13PM +0800, maowenan wrote:
>>
>>
>> On 2018/8/7 21:22, Greg KH wrote:
>>> On Sat, Aug 04, 2018 at 10:10:00AM +0100, David Woodhouse wrote:
>>>> From: Eric Dumazet <edumazet@...gle.com>
>>>>
>>>> commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c upstream.
>>>>
>>>> In case skb in out_or_order_queue is the result of
>>>> multiple skbs coalescing, we would like to get a proper gso_segs
>>>> counter tracking, so that future tcp_drop() can report an accurate
>>>> number.
>>>>
>>>> I chose to not implement this tracking for skbs in receive queue,
>>>> since they are not dropped, unless socket is disconnected.
>>>>
>>>> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
>>>> Acked-by: Soheil Hassas Yeganeh <soheil@...gle.com>
>>>> Acked-by: Yuchung Cheng <ycheng@...gle.com>
>>>> Signed-off-by: David S. Miller <davem@...emloft.net>
>>>> Signed-off-by: David Woodhouse <dwmw@...zon.co.uk>
>>>> ---
>>>>  net/ipv4/tcp_input.c | 23 +++++++++++++++++++++--
>>>>  1 file changed, 21 insertions(+), 2 deletions(-)
>>>
>>> Now applied, thanks,
>>>
>>> greg k-h
>>>
>>> .
>>>
>>
>> Hello,
>>
>> There are two patches in stable branch linux-4.4, but I have tested with below patches, and found that the cpu usage was very high.
>> dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
>> 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible
>>
>> test results:
>> with fix patch: 78.2%   ksoftirqd
>> no fix patch:   90%     ksoftirqd
>>
>> there is %0 when no attack packets.
>>
>> so please help verify that fixed patches are enough in linux-stable 4.4.
>>
> 
> I do not know, I am not a network developer.  Please try to reproduce
> the same thing on a newer kernel release and see if the result is the
> same or not.  If you can find a change that I missed, please let me know
> and I will be glad to apply it.

I have verified that in linux 4.18-rc3(no fixed patches), and 4.18 rc7(with 5 fixed patches),
it works well and cpu usage drops from 95% to 27%.

> 
> thnaks,
> 
> greg k-h
> 
> .
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ