[net-next] tcp: fastopen: limit max_qlen

Message ID	1445372260.22974.38.camel@edumazet-glaptop2.roam.corp.google.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <1445372260.22974.38.camel@edumazet-glaptop2.roam.corp.google.com> Subject: [PATCH net-next] tcp: fastopen: limit max_qlen From: Eric Dumazet <eric.dumazet@gmail.com> To: David Miller <davem@davemloft.net> Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com> Date: Tue, 20 Oct 2015 13:17:40 -0700 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1445372260.22974.38.camel@edumazet-glaptop2.roam.corp.google.com

State

Accepted, archived

Delegated to:

David Miller

Headers

Message-ID: <1445372260.22974.38.camel@edumazet-glaptop2.roam.corp.google.com>
Subject: [PATCH net-next] tcp: fastopen: limit max_qlen
From: Eric Dumazet <eric.dumazet@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com>
Date: Tue, 20 Oct 2015 13:17:40 -0700
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eric Dumazet Oct. 20, 2015, 8:17 p.m. UTC

From: Eric Dumazet <edumazet@google.com>

Allowing an application to set whatever limit for
the list of recently RST fastopen sessions [1] is not wise,
as it open ways to deplete kernel memory.

Cap the user provided limit by somaxconn sysctl,
like listen() backlog.

[1] https://tools.ietf.org/html/rfc7413#section-5.1

Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 include/linux/tcp.h |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller Oct. 22, 2015, 1:22 p.m. UTC | #1

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, 20 Oct 2015 13:17:40 -0700

> From: Eric Dumazet <edumazet@google.com>
> 
> Allowing an application to set whatever limit for
> the list of recently RST fastopen sessions [1] is not wise,
> as it open ways to deplete kernel memory.
> 
> Cap the user provided limit by somaxconn sysctl,
> like listen() backlog.
> 
> [1] https://tools.ietf.org/html/rfc7413#section-5.1
> 
> Signed-off-by: Eric Dumazet <edumazet@google.com>

Applied, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 86a7edaa6797..80ba0f7c0518 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -385,8 +385,9 @@  static inline bool tcp_passive_fastopen(const struct sock *sk)
 static inline void fastopen_queue_tune(struct sock *sk, int backlog)
 {
 	struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
+	int somaxconn = READ_ONCE(sock_net(sk)->core.sysctl_somaxconn);
 
-	queue->fastopenq.max_qlen = backlog;
+	queue->fastopenq.max_qlen = min_t(unsigned int, backlog, somaxconn);
 }
 
 static inline void tcp_saved_syn_free(struct tcp_sock *tp)

[net-next] tcp: fastopen: limit max_qlen

Commit Message

Comments

Patch