On Wed, Aug 15, 2018 at 09:21:06PM +0800, Mao Wenan wrote: > From: Eric Dumazet <eduma...@google.com> > > [ Upstream commit 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf ] > > In case an attacker feeds tiny packets completely out of order, > tcp_collapse_ofo_queue() might scan the whole rb-tree, performing > expensive copies, but not changing socket memory usage at all. > > 1) Do not attempt to collapse tiny skbs. > 2) Add logic to exit early when too many tiny skbs are detected. > > We prefer not doing aggressive collapsing (which copies packets) > for pathological flows, and revert to tcp_prune_ofo_queue() which > will be less expensive. > > In the future, we might add the possibility of terminating flows > that are proven to be malicious. > > Signed-off-by: Eric Dumazet <eduma...@google.com> > Acked-by: Soheil Hassas Yeganeh <soh...@google.com> > Signed-off-by: David S. Miller <da...@davemloft.net> > Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> > Signed-off-by: root <root@localhost.localdomain>
signed off by from "root"? :) And why are you adding the patch back after removing it? thanks, greg k-h
