From cced968850fb982486500726617943eb5bfdda08 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 21 Aug 2023 20:56:27 +0200 Subject: [PATCH] 4.14-stable patches added patches: net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch --- ...very-1ms-if-linear-option-is-enabled.patch | 51 +++++++++++++++++++ ...d-xfrma_sec_ctx-nla_policy-structure.patch | 43 ++++++++++++++++ queue-4.14/series | 2 + 3 files changed, 96 insertions(+) create mode 100644 queue-4.14/net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch create mode 100644 queue-4.14/net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch diff --git a/queue-4.14/net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch b/queue-4.14/net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch new file mode 100644 index 00000000000..018b0d15a6d --- /dev/null +++ b/queue-4.14/net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch @@ -0,0 +1,51 @@ +From e4dd0d3a2f64b8bd8029ec70f52bdbebd0644408 Mon Sep 17 00:00:00 2001 +From: Jason Xing +Date: Fri, 11 Aug 2023 10:37:47 +0800 +Subject: net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled + +From: Jason Xing + +commit e4dd0d3a2f64b8bd8029ec70f52bdbebd0644408 upstream. + +In the real workload, I encountered an issue which could cause the RTO +timer to retransmit the skb per 1ms with linear option enabled. The amount +of lost-retransmitted skbs can go up to 1000+ instantly. + +The root cause is that if the icsk_rto happens to be zero in the 6th round +(which is the TCP_THIN_LINEAR_RETRIES value), then it will always be zero +due to the changed calculation method in tcp_retransmit_timer() as follows: + +icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX); + +Above line could be converted to +icsk->icsk_rto = min(0 << 1, TCP_RTO_MAX) = 0 + +Therefore, the timer expires so quickly without any doubt. + +I read through the RFC 6298 and found that the RTO value can be rounded +up to a certain value, in Linux, say TCP_RTO_MIN as default, which is +regarded as the lower bound in this patch as suggested by Eric. + +Fixes: 36e31b0af587 ("net: TCP thin linear timeouts") +Suggested-by: Eric Dumazet +Signed-off-by: Jason Xing +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/tcp_timer.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/ipv4/tcp_timer.c ++++ b/net/ipv4/tcp_timer.c +@@ -540,7 +540,9 @@ out_reset_timer: + tcp_stream_is_thin(tp) && + icsk->icsk_retransmits <= TCP_THIN_LINEAR_RETRIES) { + icsk->icsk_backoff = 0; +- icsk->icsk_rto = min(__tcp_set_rto(tp), TCP_RTO_MAX); ++ icsk->icsk_rto = clamp(__tcp_set_rto(tp), ++ tcp_rto_min(sk), ++ TCP_RTO_MAX); + } else { + /* Use normal (exponential) backoff */ + icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX); diff --git a/queue-4.14/net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch b/queue-4.14/net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch new file mode 100644 index 00000000000..9c5e042db80 --- /dev/null +++ b/queue-4.14/net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch @@ -0,0 +1,43 @@ +From d1e0e61d617ba17aa516db707aa871387566bbf7 Mon Sep 17 00:00:00 2001 +From: Lin Ma +Date: Fri, 30 Jun 2023 16:19:11 +0800 +Subject: net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure + +From: Lin Ma + +commit d1e0e61d617ba17aa516db707aa871387566bbf7 upstream. + +According to all consumers code of attrs[XFRMA_SEC_CTX], like + +* verify_sec_ctx_len(), convert to xfrm_user_sec_ctx* +* xfrm_state_construct(), call security_xfrm_state_alloc whose prototype +is int security_xfrm_state_alloc(.., struct xfrm_user_sec_ctx *sec_ctx); +* copy_from_user_sec_ctx(), convert to xfrm_user_sec_ctx * +... + +It seems that the expected parsing result for XFRMA_SEC_CTX should be +structure xfrm_user_sec_ctx, and the current xfrm_sec_ctx is confusing +and misleading (Luckily, they happen to have same size 8 bytes). + +This commit amend the policy structure to xfrm_user_sec_ctx to avoid +ambiguity. + +Fixes: cf5cb79f6946 ("[XFRM] netlink: Establish an attribute policy") +Signed-off-by: Lin Ma +Signed-off-by: Steffen Klassert +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_user.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/xfrm/xfrm_user.c ++++ b/net/xfrm/xfrm_user.c +@@ -2514,7 +2514,7 @@ static const struct nla_policy xfrma_pol + [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, + [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, + [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, +- [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, ++ [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_user_sec_ctx) }, + [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, + [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, + [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, diff --git a/queue-4.14/series b/queue-4.14/series index d4f50dad5f2..886f3bb901d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -35,3 +35,5 @@ test_firmware-prevent-race-conditions-by-a-correct-implementation-of-locking.pat netfilter-set-default-timeout-to-3-secs-for-sctp-shutdown-send-and-recv-state.patch asoc-rt5665-add-missed-regulator_bulk_disable.patch af_unix-fix-null-ptr-deref-in-unix_stream_sendpage.patch +net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch +net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch -- 2.47.3