From patchwork Tue May 3 21:54:18 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Wu X-Patchwork-Id: 618164 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3qzwzB1DJzz9t5T for ; Wed, 4 May 2016 08:37:26 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lekensteyn.nl header.i=@lekensteyn.nl header.b=HrecNIVR; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756773AbcECWhY (ORCPT ); Tue, 3 May 2016 18:37:24 -0400 Received: from lekensteyn.nl ([178.21.112.251]:53933 "EHLO lekensteyn.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756436AbcECWhX (ORCPT ); Tue, 3 May 2016 18:37:23 -0400 X-Greylist: delayed 2497 seconds by postgrey-1.27 at vger.kernel.org; Tue, 03 May 2016 18:37:23 EDT DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lekensteyn.nl; s=s2048-2015-q1; h=Message-Id:Date:Subject:Cc:To:From; bh=FB7w4PRFjpmU5HbGi0OlasWPUJ3CQ/HgEe2NEx3R36k=; b=HrecNIVRNB1JefnoMo6V+PQ3kkNOIOyyio3Am6URUyvksAwzADqBZwN0JcnKLC+a10wVvSgduR/JUeTjQmVOezRECEhUNa33jysdKkWn1vwTKJ8WhDknWIMX9N8nqO1D4o7P6D7aU2BHVABNXoWRDQcFpWTcpqiay1CKvzh8PsJvgnXMWVE5atllhuCmgcC3rmyBTJYThNfQLGnBfUZh/zhIck02j/4ZrVdNSVkLuCsBCpmV5cePu5SXMYhWxBqBgY11k1IqTlAAqpwxiSleTpaNFGn1eksg6vEZjR27vGyNUY14Bldi1jP8Rfin1slOXwwp0G36ofbS5qEiAxpkjg==; Received: by lekensteyn.nl with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_CBC_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1axiI7-00084B-Lj; Tue, 03 May 2016 23:55:40 +0200 From: Peter Wu To: "David S . Miller" Cc: netdev@vger.kernel.org, Eric Dumazet , Kui Zhang Subject: [PATCH] tcp: ensure non-empty connection request queue Date: Tue, 3 May 2016 23:54:18 +0200 Message-Id: <1462312458-2077-1-git-send-email-peter@lekensteyn.nl> X-Mailer: git-send-email 2.8.0 X-Spam-Score: -0.0 (/) X-Spam-Status: No, hits=-0.0 required=5.0 tests=NO_RELAYS=-0.001 autolearn=no autolearn_force=no Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When applications use listen() with a backlog of 0, the kernel would set the maximum connection request queue to zero. This causes false reports of SYN flooding (if tcp_syncookies is enabled) or packet drops otherwise. Prior kernels enforce a minimum size of 8, so do that now as well. Fixes: ef547f2ac16b ("tcp: remove max_qlen_log") Signed-off-by: Peter Wu --- Hi, This patch fixes a regression from Linux 4.4. Use of "qemu-arm -g 1234" would trigger the following warning in dmesg: TCP: request_sock_TCP: Possible SYN flooding on port 1234. Sending cookies. Check SNMP counters. For some users the "tcp: remove max_qlen_log" change already broke applications[1]. While listen(3p) says that a backlog argument of 0 sets the length to an "implementation-defined minimum value", I doubt that "0" should be considered a valid value (as demonstrated in the above two real-world applications that worked fine before). It is a hint anyway. This patch was tested on top of Linux v4.5 and removes the warning which would otherwise be present (due to the inet_csk_reqsk_queue_is_full() check in tcp_conn_request). I also looked at modifying the backlog value in inet_listen, but that might have other unintended effects: - If TFO is enabled and tcp_fastopen==0x400, listen(fd, 0) currently disables TFO (also possible via setsockopt). Forcing a minimum breaks this path (unlikely to be a problem though since TFO users likely set a much higher backlog). - sk->sk_max_ack_backlog is also reported via tcp statistics and seems really to be the hint rather than the actual interpreted value. Kind regards, Peter [1]: https://lkml.kernel.org/r/CANn89i+OKfw896-N5KsNDEikzUidR8yX1JC089hJnGGfDQ0mzw@mail.gmail.com --- include/net/inet_connection_sock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h index 49dcad4..ca0fdbc 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h @@ -296,7 +296,7 @@ static inline int inet_csk_reqsk_queue_young(const struct sock *sk) static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk) { - return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog; + return inet_csk_reqsk_queue_len(sk) >= max(8U, sk->sk_max_ack_backlog); } void inet_csk_reqsk_queue_drop(struct sock *sk, struct request_sock *req);