ACK+cmnt: [PATCH 0/4][SRU][X] Multiple TCP Fixups
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Aug 30 11:43:17 UTC 2019
On Thu, Aug 29, 2019 at 12:49:44AM +0000, Tyler Hicks wrote:
> This series reverts my backport of a fixup for the CVE-2019-11478 fix
> and applies the version of the fixup that the TCP maintainer provided
> for the 4.4 linux-stable tree. It also includes another fixup, from
> upstream, which addresses some performance issues that were reported to
> me. Details can be found here:
>
> https://databricks.com/blog/2019/08/01/network-performance-regressions-from-tcp-sack-vulnerability-fixes.html
>
> The fix for CVE-2019-15239 is sandwiched in the middle of the series. It
> made cherry-picking of the entire series from linux-stable possible but,
> more importantly, it fixes a flaw that was caused by a bad backport in
> the linux-stable tree.
>
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-11478
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-15239
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
I'm all for making our code more in line with linux-stable. Thanks!
Also, the NULL pointer dereference, which seems to be the point of the
patchset. Yay! \o/
Cheking for the limits using truesize and allowing head and tail to be split
seem safer from the point of view of performance regression, or even possible
regressions with small send buffers. Which was the point of the backport in the
first place, but who knows what other usecases are out there.
Which takes me to the point of the comment. Was this patchset tested with the
example regression we had? The packetdrill test that set the small send buffer
and got stuck on a write? And was it tested against the PoCs for the SACK
attacks?
Thanks.
Cascardo.
>
> Note that the Ubuntu CVE Tracker entry for CVE-2019-15239 is not fully
> updated with breaks-fix commit info as I'm still trying to decide how
> best to do that for this somewhat unique CVE that affects linux-stable
> but not linux.
>
> I believe that I was able to reproduce the some of the nondeterministic
> performance regression that Databricks was seeing using netperf while
> running the 4.4.0-159.187-generic. I didn't see this behavior while
> testing the 4.4.0-150.176-generic kernel, which is the last published
> kernel before CVE-2019-11478 was fixed. I also don't see the behavior
> once these patches are applied to the 4.4.0-159.187-generic kernel.
>
> Tyler
>
> Eric Dumazet (2):
> tcp: refine memory limit test in tcp_fragment()
> tcp: be more careful in tcp_fragment()
>
> Soheil Hassas Yeganeh (1):
> tcp: reset sk_send_head in tcp_write_queue_purge
>
> Tyler Hicks (1):
> UBUNTU: SAUCE: Revert "tcp: refine memory limit test in
> tcp_fragment()"
>
> include/net/tcp.h | 22 ++++++++++++++++++++--
> net/ipv4/tcp_output.c | 12 ++++++++++--
> 2 files changed, 30 insertions(+), 4 deletions(-)
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list