[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <83856420-af5a-e469-5b5b-e24634fc290f@huawei.com>
Date: Tue, 25 Sep 2018 22:10:15 +0800
From: maowenan <maowenan@...wei.com>
To: <netdev@...r.kernel.org>, <gregkh@...ux-foundation.org>,
<dwmw2@...radead.org>, <eric.dumazet@...il.com>,
<davem@...emloft.net>, <stable@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch
(CVE-2018-5390)
Hi Greg:
can you review this patch set?
thanks a lot.
On 2018/9/14 16:24, Mao Wenan wrote:
> There are five patches to fix CVE-2018-5390 in latest mainline
> branch, but only two patches exist in stable 4.4 and 3.18:
> dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
> 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible
> I have tested with stable 4.4 kernel, and found the cpu usage was very high.
> So I think only two patches can't fix the CVE-2018-5390.
> test results:
> with fix patch: 78.2% ksoftirqd
> withoutfix patch: 90% ksoftirqd
>
> Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue())
> to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue
> instead of RB tree. The result is not very well.
>
> After analysing the codes of stable 4.4, and debuging the
> system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles.
>
> So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree
> instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline,
> good news is that ksoftirqd is turn to about 20%, which is the same with mainline now.
>
> Stable 4.4 have already back port two patches,
> f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible)
> 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue())
> If we want to change simple queue to RB tree to finally resolve, we should apply previous
> patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many
> conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in
> mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly,
> then apply 9f5afeae, and reapply five patches from Eric.
>
> V1->V2:
> 1) Don't revert 3d4bf93a and f4a3313d firstly, all of 6 patches based on 4.4.155.
> 2) Add one bug fix patch for RB tree:76f0dcbb5ae1a7c3dbeec13dd98233b8e6b0b32a tcp: fix a stale ooo_last_skb
>
> Eric Dumazet (5):
> tcp: increment sk_drops for dropped rx packets
> tcp: fix a stale ooo_last_skb after a replace
> tcp: free batches of packets in tcp_prune_ofo_queue()
> tcp: call tcp_drop() from tcp_data_queue_ofo()
> tcp: add tcp_ooo_try_coalesce() helper
>
> Yaogong Wang (1):
> tcp: use an RB tree for ooo receive queue
>
> include/linux/skbuff.h | 8 +
> include/linux/tcp.h | 7 +-
> include/net/sock.h | 7 +
> include/net/tcp.h | 2 +-
> net/core/skbuff.c | 19 +++
> net/ipv4/tcp.c | 4 +-
> net/ipv4/tcp_input.c | 417 +++++++++++++++++++++++++++++------------------
> net/ipv4/tcp_ipv4.c | 3 +-
> net/ipv4/tcp_minisocks.c | 1 -
> net/ipv6/tcp_ipv6.c | 1 +
> 10 files changed, 297 insertions(+), 172 deletions(-)
>
Powered by blists - more mailing lists