From patchwork Thu Aug 29 00:49:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1154946 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46JkXq3yNSz9sMr; Thu, 29 Aug 2019 10:50:03 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i38dR-0002Im-Qq; Thu, 29 Aug 2019 00:49:57 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1i38dQ-0002IW-S7 for kernel-team@lists.ubuntu.com; Thu, 29 Aug 2019 00:49:56 +0000 Received: from 2.general.tyhicks.us.vpn ([10.172.64.53] helo=sec.work.tihix.com) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1i38dQ-0001tV-AY; Thu, 29 Aug 2019 00:49:56 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 0/4][SRU][X] Multiple TCP Fixups Date: Thu, 29 Aug 2019 00:49:44 +0000 Message-Id: <20190829004948.1573-1-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" This series reverts my backport of a fixup for the CVE-2019-11478 fix and applies the version of the fixup that the TCP maintainer provided for the 4.4 linux-stable tree. It also includes another fixup, from upstream, which addresses some performance issues that were reported to me. Details can be found here: https://databricks.com/blog/2019/08/01/network-performance-regressions-from-tcp-sack-vulnerability-fixes.html The fix for CVE-2019-15239 is sandwiched in the middle of the series. It made cherry-picking of the entire series from linux-stable possible but, more importantly, it fixes a flaw that was caused by a bad backport in the linux-stable tree. https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-11478 https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-15239 Note that the Ubuntu CVE Tracker entry for CVE-2019-15239 is not fully updated with breaks-fix commit info as I'm still trying to decide how best to do that for this somewhat unique CVE that affects linux-stable but not linux. I believe that I was able to reproduce the some of the nondeterministic performance regression that Databricks was seeing using netperf while running the 4.4.0-159.187-generic. I didn't see this behavior while testing the 4.4.0-150.176-generic kernel, which is the last published kernel before CVE-2019-11478 was fixed. I also don't see the behavior once these patches are applied to the 4.4.0-159.187-generic kernel. Tyler Eric Dumazet (2): tcp: refine memory limit test in tcp_fragment() tcp: be more careful in tcp_fragment() Soheil Hassas Yeganeh (1): tcp: reset sk_send_head in tcp_write_queue_purge Tyler Hicks (1): UBUNTU: SAUCE: Revert "tcp: refine memory limit test in tcp_fragment()" include/net/tcp.h | 22 ++++++++++++++++++++-- net/ipv4/tcp_output.c | 12 ++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) Acked-by: Thadeu Lima de Souza Cascardo