From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Rebecca Isaacs <risaacs@google.com>,
Soheil Hassas Yeganeh <soheil@google.com>,
Neal Cardwell <ncardwell@google.com>,
Yuchung Cheng <ycheng@google.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.11 018/115] tcp: eliminate negative reordering in tcp_clean_rtx_queue
Date: Mon, 5 Jun 2017 18:16:51 +0200 [thread overview]
Message-ID: <20170605153057.535610778@linuxfoundation.org> (raw)
In-Reply-To: <20170605153056.650217313@linuxfoundation.org>
4.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Soheil Hassas Yeganeh <soheil@google.com>
[ Upstream commit bafbb9c73241760023d8981191ddd30bb1c6dbac ]
tcp_ack() can call tcp_fragment() which may dededuct the
value tp->fackets_out when MSS changes. When prior_fackets
is larger than tp->fackets_out, tcp_clean_rtx_queue() can
invoke tcp_update_reordering() with negative values. This
results in absurd tp->reodering values higher than
sysctl_tcp_max_reordering.
Note that tcp_update_reordering indeeds sets tp->reordering
to min(sysctl_tcp_max_reordering, metric), but because
the comparison is signed, a negative metric always wins.
Fixes: c7caf8d3ed7a ("[TCP]: Fix reord detection due to snd_una covered holes")
Reported-by: Rebecca Isaacs <risaacs@google.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3189,7 +3189,7 @@ static int tcp_clean_rtx_queue(struct so
int delta;
/* Non-retransmitted hole got filled? That's reordering */
- if (reord < prior_fackets)
+ if (reord < prior_fackets && reord <= tp->fackets_out)
tcp_update_reordering(sk, tp->fackets_out - reord, 0);
delta = tcp_is_fack(tp) ? pkts_acked :
next prev parent reply other threads:[~2017-06-05 16:52 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 16:16 [PATCH 4.11 000/115] 4.11.4-stable review Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 001/115] dccp/tcp: do not inherit mc_list from parent Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 002/115] driver: vrf: Fix one possible use-after-free issue Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 003/115] ipv6/dccp: do not inherit ipv6_mc_list from parent Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 004/115] s390/qeth: handle sysfs error during initialization Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 005/115] s390/qeth: unbreak OSM and OSN support Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 006/115] s390/qeth: avoid null pointer dereference on OSN Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 007/115] s390/qeth: add missing hash table initializations Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 008/115] bpf, arm64: fix faulty emission of map access in tail calls Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 009/115] netem: fix skb_orphan_partial() Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 011/115] tcp: avoid fragmenting peculiar skbs in SACK Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 012/115] tipc: make macro tipc_wait_for_cond() smp safe Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 013/115] sctp: fix src address selection if using secondary addresses for ipv6 Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 014/115] sctp: do not inherit ipv6_{mc|ac|fl}_list from parent Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 015/115] net/packet: fix missing net_device reference release Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 016/115] net/mlx5e: Use the correct pause values for ethtool advertising Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 017/115] net/mlx5e: Fix ethtool pause support and advertise reporting Greg Kroah-Hartman
2017-06-05 16:16 ` Greg Kroah-Hartman [this message]
2017-06-05 16:16 ` [PATCH 4.11 019/115] smc: switch to usage of IB_PD_UNSAFE_GLOBAL_RKEY Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 020/115] net/smc: Add warning about remote memory exposure Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 021/115] net: Improve handling of failures on link and route dumps Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 022/115] ipv6: Prevent overrun when parsing v6 header options Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 023/115] ipv6: Check ip6_find_1stfragopt() return value properly Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 024/115] bridge: netlink: check vlan_default_pvid range Greg Kroah-Hartman
2017-06-05 16:16 ` [PATCH 4.11 026/115] bridge: start hello_timer when enabling KERNEL_STP in br_stp_start Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 027/115] ipv6: fix out of bound writes in __ip6_append_data() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 028/115] bonding: fix accounting of active ports in 3ad Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 029/115] net/mlx5: Avoid using pending command interface slots Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 030/115] net: phy: marvell: Limit errata to 88m1101 Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 031/115] vlan: Fix tcp checksum offloads in Q-in-Q vlans Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 032/115] be2net: Fix offload features for Q-in-Q packets Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 033/115] virtio-net: enable TSO/checksum offloads for Q-in-Q vlans Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 034/115] geneve: fix fill_info when using collect_metadata Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 035/115] tcp: avoid fastopen API to be used on AF_UNSPEC Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 036/115] sctp: fix ICMP processing if skb is non-linear Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 037/115] ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated packets Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 038/115] ipv4: add reference counting to metrics Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 039/115] bpf: add bpf_clone_redirect to bpf_helper_changes_pkt_data Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 040/115] bpf: fix wrong exposure of map_flags into fdinfo for lpm Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 041/115] bpf: adjust verifier heuristics Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 042/115] sparc64: Fix mapping of 64k pages with MAP_FIXED Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 043/115] sparc: Fix -Wstringop-overflow warning Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 044/115] sparc/ftrace: Fix ftrace graph time measurement Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 045/115] fs/ufs: Set UFS default maximum bytes per file Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 046/115] powerpc: Fix booting P9 hash with CONFIG_PPC_RADIX_MMU=N Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 047/115] powerpc/spufs: Fix hash faults for kernel regions Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 048/115] Revert "tty_port: register tty ports with serdev bus" Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 049/115] serdev: fix tty-port client deregistration Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 050/115] drivers/tty: 8250: only call fintek_8250_probe when doing port I/O Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 051/115] i2c: i2c-tiny-usb: fix buffer not being DMA capable Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 052/115] crypto: skcipher - Add missing API setkey checks Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 053/115] Revert "ACPI / button: Remove lid_init_state=method mode" Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 054/115] x86/MCE: Export memory_error() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 055/115] acpi, nfit: Fix the memory error check in nfit_handle_mce() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 056/115] ACPI / sysfs: fix acpi_get_table() leak / acpi-sysfs denial of service Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 057/115] ACPICA: Tables: Fix regression introduced by a too early mechanism enabling Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 058/115] Revert "ACPI / button: Change default behavior to lid_init_state=open" Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 059/115] mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 060/115] scsi: zero per-cmd private driver data for each MQ I/O Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 061/115] iscsi-target: Always wait for kthread_should_stop() before kthread exit Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 062/115] iscsi-target: Fix initial login PDU asynchronous socket close OOPs Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 063/115] scsi: scsi_dh_rdac: Use ctlr directly in rdac_failover_get() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 064/115] ibmvscsis: Clear left-over abort_cmd pointers Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 065/115] ibmvscsis: Fix the incorrect req_lim_delta Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 066/115] HID: wacom: Have wacom_tpc_irq guard against possible NULL dereference Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 067/115] nvme-rdma: support devices with queue size < 32 Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 068/115] nvme: use blk_mq_start_hw_queues() in nvme_kill_queues() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 069/115] nvme: avoid to use blk_mq_abort_requeue_list() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 074/115] pcmcia: remove left-over %Z format Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 075/115] ALSA: hda - No loopback on ALC299 codec Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 076/115] ALSA: hda - apply STAC_9200_DELL_M22 quirk for Dell Latitude D430 Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 077/115] Revert "ALSA: usb-audio: purge needless variable length array" Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 078/115] ALSA: usb: Fix a typo in Tascam US-16x08 mixer element Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 079/115] mm/page_alloc.c: make sure OOM victim can try allocations with no watermarks once Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 080/115] mm: avoid spurious bad pmd warning messages Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 081/115] dax: fix race between colliding PMD & PTE entries Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 082/115] mm/migrate: fix refcount handling when !hugepage_migration_supported() Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 083/115] mlock: fix mlock count can not decrease in race condition Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 084/115] mm/hugetlb: report -EHWPOISON not -EFAULT when FOLL_HWPOISON is specified Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 085/115] mm: consider memblock reservations for deferred memory initialization sizing Greg Kroah-Hartman
2017-06-05 16:17 ` [PATCH 4.11 086/115] RDMA/srp: Fix NULL deref at srp_destroy_qp() Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 087/115] RDMA/qib,hfi1: Fix MR reference count leak on write with immediate Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 088/115] PCI/PM: Add needs_resume flag to avoid suspend complete optimization Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 089/115] x86/boot: Use CROSS_COMPILE prefix for readelf Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 090/115] ksm: prevent crash after write_protect_page fails Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 091/115] slub/memcg: cure the brainless abuse of sysfs attributes Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 092/115] drm/gma500/psb: Actually use VBT mode when it is found Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 093/115] xfs: Fix missed holes in SEEK_HOLE implementation Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 094/115] xfs: use ->b_state to fix buffer I/O accounting release race Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 095/115] xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 096/115] xfs: use dedicated log worker wq to avoid deadlock with cil wq Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 097/115] xfs: fix over-copying of getbmap parameters from userspace Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 098/115] xfs: actually report xattr extents via iomap Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 099/115] xfs: drop iolock from reclaim context to appease lockdep Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 100/115] xfs: fix integer truncation in xfs_bmap_remap_alloc Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 101/115] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 102/115] xfs: prevent multi-fsb dir readahead from reading random blocks Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 103/115] xfs: fix up quotacheck buffer list error handling Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 104/115] xfs: support ability to wait on new inodes Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 105/115] xfs: update ag iterator to support " Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 106/115] xfs: wait on new inodes during quotaoff dquot release Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 107/115] xfs: reserve enough blocks to handle btree splits when remapping Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 108/115] xfs: fix use-after-free in xfs_finish_page_writeback Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 109/115] xfs: fix indlen accounting error on partial delalloc conversion Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 110/115] xfs: BMAPX shouldnt barf on inline-format directories Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 111/115] xfs: bad assertion for delalloc an extent that start at i_size Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 112/115] xfs: xfs_trans_alloc_empty Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 113/115] xfs: avoid mount-time deadlock in CoW extent recovery Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 114/115] xfs: fix unaligned access in xfs_btree_visit_blocks Greg Kroah-Hartman
2017-06-05 16:18 ` [PATCH 4.11 115/115] xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() Greg Kroah-Hartman
2017-06-05 20:33 ` [PATCH 4.11 000/115] 4.11.4-stable review Shuah Khan
2017-06-06 7:20 ` Greg Kroah-Hartman
2017-06-05 22:26 ` Guenter Roeck
2017-06-06 7:20 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170605153057.535610778@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ncardwell@google.com \
--cc=risaacs@google.com \
--cc=soheil@google.com \
--cc=stable@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.