On Thu, Aug 09, 2018 at 08:37:13PM +0800, maowenan wrote: > > > On 2018/8/7 21:22, Greg KH wrote: > > On Sat, Aug 04, 2018 at 10:10:00AM +0100, David Woodhouse wrote: > >> From: Eric Dumazet <eduma...@google.com> > >> > >> commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c upstream. > >> > >> In case skb in out_or_order_queue is the result of > >> multiple skbs coalescing, we would like to get a proper gso_segs > >> counter tracking, so that future tcp_drop() can report an accurate > >> number. > >> > >> I chose to not implement this tracking for skbs in receive queue, > >> since they are not dropped, unless socket is disconnected. > >> > >> Signed-off-by: Eric Dumazet <eduma...@google.com> > >> Acked-by: Soheil Hassas Yeganeh <soh...@google.com> > >> Acked-by: Yuchung Cheng <ych...@google.com> > >> Signed-off-by: David S. Miller <da...@davemloft.net> > >> Signed-off-by: David Woodhouse <d...@amazon.co.uk> > >> --- > >> net/ipv4/tcp_input.c | 23 +++++++++++++++++++++-- > >> 1 file changed, 21 insertions(+), 2 deletions(-) > > > > Now applied, thanks, > > > > greg k-h > > > > . > > > > Hello, > > There are two patches in stable branch linux-4.4, but I have tested with > below patches, and found that the cpu usage was very high. > dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() > 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible > > test results: > with fix patch: 78.2% ksoftirqd > no fix patch: 90% ksoftirqd > > there is %0 when no attack packets. > > so please help verify that fixed patches are enough in linux-stable 4.4. >
I do not know, I am not a network developer. Please try to reproduce the same thing on a newer kernel release and see if the result is the same or not. If you can find a change that I missed, please let me know and I will be glad to apply it. thnaks, greg k-h