On 2018/8/7 21:22, Greg KH wrote:
> On Sat, Aug 04, 2018 at 10:10:00AM +0100, David Woodhouse wrote:
>> From: Eric Dumazet <eduma...@google.com>
>>
>> commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c upstream.
>>
>> In case skb in out_or_order_queue is the result of
>> multiple skbs coalescing, we would like to get a proper gso_segs
>> counter tracking, so that future tcp_drop() can report an accurate
>> number.
>>
>> I chose to not implement this tracking for skbs in receive queue,
>> since they are not dropped, unless socket is disconnected.
>>
>> Signed-off-by: Eric Dumazet <eduma...@google.com>
>> Acked-by: Soheil Hassas Yeganeh <soh...@google.com>
>> Acked-by: Yuchung Cheng <ych...@google.com>
>> Signed-off-by: David S. Miller <da...@davemloft.net>
>> Signed-off-by: David Woodhouse <d...@amazon.co.uk>
>> ---
>>  net/ipv4/tcp_input.c | 23 +++++++++++++++++++++--
>>  1 file changed, 21 insertions(+), 2 deletions(-)
> 
> Now applied, thanks,
> 
> greg k-h
> 
> .
> 

Hello,

There are two patches in stable branch linux-4.4, but I have tested with below 
patches, and found that the cpu usage was very high.
dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible

test results:
with fix patch: 78.2%   ksoftirqd
no fix patch:   90%     ksoftirqd

there is %0 when no attack packets.

so please help verify that fixed patches are enough in linux-stable 4.4.

Reply via email to