--- /dev/null
+From e4dd0d3a2f64b8bd8029ec70f52bdbebd0644408 Mon Sep 17 00:00:00 2001
+From: Jason Xing <kernelxing@tencent.com>
+Date: Fri, 11 Aug 2023 10:37:47 +0800
+Subject: net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
+
+From: Jason Xing <kernelxing@tencent.com>
+
+commit e4dd0d3a2f64b8bd8029ec70f52bdbebd0644408 upstream.
+
+In the real workload, I encountered an issue which could cause the RTO
+timer to retransmit the skb per 1ms with linear option enabled. The amount
+of lost-retransmitted skbs can go up to 1000+ instantly.
+
+The root cause is that if the icsk_rto happens to be zero in the 6th round
+(which is the TCP_THIN_LINEAR_RETRIES value), then it will always be zero
+due to the changed calculation method in tcp_retransmit_timer() as follows:
+
+icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX);
+
+Above line could be converted to
+icsk->icsk_rto = min(0 << 1, TCP_RTO_MAX) = 0
+
+Therefore, the timer expires so quickly without any doubt.
+
+I read through the RFC 6298 and found that the RTO value can be rounded
+up to a certain value, in Linux, say TCP_RTO_MIN as default, which is
+regarded as the lower bound in this patch as suggested by Eric.
+
+Fixes: 36e31b0af587 ("net: TCP thin linear timeouts")
+Suggested-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: Jason Xing <kernelxing@tencent.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_timer.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/tcp_timer.c
++++ b/net/ipv4/tcp_timer.c
+@@ -573,7 +573,9 @@ out_reset_timer:
+ tcp_stream_is_thin(tp) &&
+ icsk->icsk_retransmits <= TCP_THIN_LINEAR_RETRIES) {
+ icsk->icsk_backoff = 0;
+- icsk->icsk_rto = min(__tcp_set_rto(tp), TCP_RTO_MAX);
++ icsk->icsk_rto = clamp(__tcp_set_rto(tp),
++ tcp_rto_min(sk),
++ TCP_RTO_MAX);
+ } else {
+ /* Use normal (exponential) backoff */
+ icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX);
--- /dev/null
+From d1e0e61d617ba17aa516db707aa871387566bbf7 Mon Sep 17 00:00:00 2001
+From: Lin Ma <linma@zju.edu.cn>
+Date: Fri, 30 Jun 2023 16:19:11 +0800
+Subject: net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
+
+From: Lin Ma <linma@zju.edu.cn>
+
+commit d1e0e61d617ba17aa516db707aa871387566bbf7 upstream.
+
+According to all consumers code of attrs[XFRMA_SEC_CTX], like
+
+* verify_sec_ctx_len(), convert to xfrm_user_sec_ctx*
+* xfrm_state_construct(), call security_xfrm_state_alloc whose prototype
+is int security_xfrm_state_alloc(.., struct xfrm_user_sec_ctx *sec_ctx);
+* copy_from_user_sec_ctx(), convert to xfrm_user_sec_ctx *
+...
+
+It seems that the expected parsing result for XFRMA_SEC_CTX should be
+structure xfrm_user_sec_ctx, and the current xfrm_sec_ctx is confusing
+and misleading (Luckily, they happen to have same size 8 bytes).
+
+This commit amend the policy structure to xfrm_user_sec_ctx to avoid
+ambiguity.
+
+Fixes: cf5cb79f6946 ("[XFRM] netlink: Establish an attribute policy")
+Signed-off-by: Lin Ma <linma@zju.edu.cn>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/xfrm/xfrm_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -2583,7 +2583,7 @@ static const struct nla_policy xfrma_pol
+ [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) },
+ [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) },
+ [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) },
+- [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) },
++ [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_user_sec_ctx) },
+ [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) },
+ [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) },
+ [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
mmc-block-fix-in_flight-value-error.patch
netfilter-set-default-timeout-to-3-secs-for-sctp-shutdown-send-and-recv-state.patch
af_unix-fix-null-ptr-deref-in-unix_stream_sendpage.patch
+virtio-net-set-queues-after-driver_ok.patch
+net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch
+net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch
--- /dev/null
+From 51b813176f098ff61bd2833f627f5319ead098a5 Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 9 Aug 2023 23:12:56 -0400
+Subject: virtio-net: set queues after driver_ok
+
+From: Jason Wang <jasowang@redhat.com>
+
+commit 51b813176f098ff61bd2833f627f5319ead098a5 upstream.
+
+Commit 25266128fe16 ("virtio-net: fix race between set queues and
+probe") tries to fix the race between set queues and probe by calling
+_virtnet_set_queues() before DRIVER_OK is set. This violates virtio
+spec. Fixing this by setting queues after virtio_device_ready().
+
+Note that rtnl needs to be held for userspace requests to change the
+number of queues. So we are serialized in this way.
+
+Fixes: 25266128fe16 ("virtio-net: fix race between set queues and probe")
+Reported-by: Dragos Tatulea <dtatulea@nvidia.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/virtio_net.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/virtio_net.c
++++ b/drivers/net/virtio_net.c
+@@ -3265,8 +3265,6 @@ static int virtnet_probe(struct virtio_d
+ }
+ }
+
+- _virtnet_set_queues(vi, vi->curr_queue_pairs);
+-
+ /* serialize netdev register + virtio_device_ready() with ndo_open() */
+ rtnl_lock();
+
+@@ -3279,6 +3277,8 @@ static int virtnet_probe(struct virtio_d
+
+ virtio_device_ready(vdev);
+
++ _virtnet_set_queues(vi, vi->curr_queue_pairs);
++
+ rtnl_unlock();
+
+ err = virtnet_cpu_notif_add(vi);
projects / thirdparty / kernel / stable-queue.git / commitdiff
