From: Greg KH <gregkh@linux-foundation•org>
To: Mao Wenan <maowenan@huawei•com>
Cc: dwmw2@infradead•org, netdev@vger•kernel.org,
eric.dumazet@gmail•com, edumazet@google•com, davem@davemloft•net,
ycheng@google•com, jdw@amazon•de
Subject: Re: [PATCH stable 4.4 0/9] fix SegmentSmack (CVE-2018-5390)
Date: Wed, 15 Aug 2018 15:24:32 +0200 [thread overview]
Message-ID: <20180815132432.GE31330@kroah.com> (raw)
In-Reply-To: <1534339268-111834-1-git-send-email-maowenan@huawei.com>
On Wed, Aug 15, 2018 at 09:20:59PM +0800, Mao Wenan wrote:
> There are five patches to fix CVE-2018-5390 in latest mainline
> branch, but only two patches exist in stable 4.4 and 3.18:
> dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue()
> 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible
> but I have tested with these patches, and found the cpu usage was very high.
> test results:
> with fix patch: 78.2% ksoftirqd
> no fix patch: 90% ksoftirqd
>
> After analysing the codes of stable 4.4, and debuging the
> system, the search of ofo_queue(tcp ofo using a simple queue) cost more cycles.
> So I think only two patches can't fix the CVE-2018-5390.
> So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree
> instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline,
> good news is that ksoftirqd is turn to about 20%, which is the same with mainline now.
Thanks for doing this work, I had some questions on the individual
patches. Can you address them and resend?
thanks,
greg k-h
next prev parent reply other threads:[~2018-08-15 16:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 13:20 [PATCH stable 4.4 0/9] fix SegmentSmack (CVE-2018-5390) Mao Wenan
2018-08-15 13:21 ` [PATCH stable 4.4 1/9] Revert "tcp: detect malicious patterns in tcp_collapse_ofo_queue()" Mao Wenan
2018-08-15 13:18 ` Greg KH
2018-08-16 1:55 ` maowenan
2018-08-16 6:04 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 2/9] Revert "tcp: avoid collapses in tcp_prune_queue() if possible" Mao Wenan
2018-08-15 13:18 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 3/9] tcp: increment sk_drops for dropped rx packets Mao Wenan
2018-08-15 13:21 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 4/9] tcp: use an RB tree for ooo receive queue Mao Wenan
2018-08-15 13:25 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 5/9] tcp: free batches of packets in tcp_prune_ofo_queue() Mao Wenan
2018-08-15 13:25 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 6/9] tcp: avoid collapses in tcp_prune_queue() if possible Mao Wenan
2018-08-15 13:25 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 7/9] tcp: detect malicious patterns in tcp_collapse_ofo_queue() Mao Wenan
2018-08-15 13:19 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 8/9] tcp: call tcp_drop() from tcp_data_queue_ofo() Mao Wenan
2018-08-15 13:24 ` Greg KH
2018-08-15 13:21 ` [PATCH stable 4.4 9/9] tcp: add tcp_ooo_try_coalesce() helper Mao Wenan
2018-08-15 13:24 ` Greg KH
2018-08-15 13:24 ` Greg KH [this message]
2018-08-15 15:41 ` [PATCH stable 4.4 0/9] fix SegmentSmack (CVE-2018-5390) Greg KH
2018-08-16 1:20 ` maowenan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180815132432.GE31330@kroah.com \
--to=gregkh@linux-foundation$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=dwmw2@infradead$(echo .)org \
--cc=edumazet@google$(echo .)com \
--cc=eric.dumazet@gmail$(echo .)com \
--cc=jdw@amazon$(echo .)de \
--cc=maowenan@huawei$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=ycheng@google$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox