[PATCH 0/4][SRU][X] Multiple TCP Fixups

[Tyler Hicks]

This series reverts my backport of a fixup for the CVE-2019-11478 fix
and applies the version of the fixup that the TCP maintainer provided
for the 4.4 linux-stable tree. It also includes another fixup, from
upstream, which addresses some performance issues that were reported to
me. Details can be found here:

 https://databricks.com/blog/2019/08/01/network-performance-regressions-from-tcp-sack-vulnerability-fixes.html

The fix for CVE-2019-15239 is sandwiched in the middle of the series. It
made cherry-picking of the entire series from linux-stable possible but,
more importantly, it fixes a flaw that was caused by a bad backport in
the linux-stable tree.

 https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-11478
 https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-15239

Note that the Ubuntu CVE Tracker entry for CVE-2019-15239 is not fully
updated with breaks-fix commit info as I'm still trying to decide how
best to do that for this somewhat unique CVE that affects linux-stable
but not linux.

I believe that I was able to reproduce the some of the nondeterministic
performance regression that Databricks was seeing using netperf while
running the 4.4.0-159.187-generic. I didn't see this behavior while
testing the 4.4.0-150.176-generic kernel, which is the last published
kernel before CVE-2019-11478 was fixed. I also don't see the behavior
once these patches are applied to the 4.4.0-159.187-generic kernel.

Tyler

Eric Dumazet (2):
  tcp: refine memory limit test in tcp_fragment()
  tcp: be more careful in tcp_fragment()

Soheil Hassas Yeganeh (1):
  tcp: reset sk_send_head in tcp_write_queue_purge

Tyler Hicks (1):
  UBUNTU: SAUCE: Revert "tcp: refine memory limit test in
    tcp_fragment()"

 include/net/tcp.h     | 22 ++++++++++++++++++++--
 net/ipv4/tcp_output.c | 12 ++++++++++--
 2 files changed, 30 insertions(+), 4 deletions(-)

-- 
2.17.1