On 2018/8/7 21:22, Greg KH wrote:
> On Sat, Aug 04, 2018 at 10:10:00AM +0100, David Woodhouse wrote:
>> From: Eric Dumazet <eduma...@google.com>
>>
>> commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c upstream.
>>
>> In case skb in out_or_order_queue is the result of
>> multiple skbs coalescing, we would like to get a proper gso_segs
>> counter tracking, so that future tcp_drop() can report an accurate
>> number.
>>
>> I chose to not implement this tracking for skbs in receive queue,
>> since they are not dropped, unless socket is disconnected.
>>
>> Signed-off-by: Eric Dumazet <eduma...@google.com>
>> Acked-by: Soheil Hassas Yeganeh <soh...@google.com>
>> Acked-by: Yuchung Cheng <ych...@google.com>
>> Signed-off-by: David S. Miller <da...@davemloft.net>
>> Signed-off-by: David Woodhouse <d...@amazon.co.uk>
>> ---
>> net/ipv4/tcp_input.c | 23 +++++++++++++++++++++--
>> 1 file changed, 21 insertions(+), 2 deletions(-)
>
> Now applied, thanks,
>
> greg k-h
>
> .
>
Hello,
There are two patches in stable branch linux-4.4, but I have tested with below
patches, and found that the cpu usage was very high.
dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible
test results:
with fix patch: 78.2% ksoftirqd
no fix patch: 90% ksoftirqd
there is %0 when no attack packets.
so please help verify that fixed patches are enough in linux-stable 4.4.