On Fri, Jul 26, 2019 at 02:38:14PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
>
> The patch below does not apply to the 4.14-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> >From b617158dc096709d8600c53b6052144d12b89fab Mon Sep 17 00:00:00 2001
> From: Eric Dumazet <edumazet@xxxxxxxxxx>
> Date: Fri, 19 Jul 2019 11:52:33 -0700
> Subject: [PATCH] tcp: be more careful in tcp_fragment()
>
> Some applications set tiny SO_SNDBUF values and expect
> TCP to just work. Recent patches to address CVE-2019-11478
> broke them in case of losses, since retransmits might
> be prevented.
>
> We should allow these flows to make progress.
>
> This patch allows the first and last skb in retransmit queue
> to be split even if memory limits are hit.
>
> It also adds the some room due to the fact that tcp_sendmsg()
> and tcp_sendpage() might overshoot sk_wmem_queued by about one full
> TSO skb (64KB size). Note this allowance was already present
> in stable backports for kernels < 4.15
>
> Note for < 4.15 backports :
> tcp_rtx_queue_tail() will probably look like :
>
> static inline struct sk_buff *tcp_rtx_queue_tail(const struct sock *sk)
> {
> struct sk_buff *skb = tcp_send_head(sk);
>
> return skb ? tcp_write_queue_prev(sk, skb) : tcp_write_queue_tail(sk);
> }
Note, I tried the above, but still ran into problems a 4.14 does not
have tcp_rtx_queue_head() and while I could guess as to what it would be
(tcp_sent_head()?), I figured it would be safer to ask for a backport :)
thanks,
greg k-h
