This reverts commit dc6ae4dffd656811dee7151b19545e4cd839d378.
We need change simple queue to RB tree to finally fix CVE-2018-5390, So revert this patch firstly because of many conflicts when we want to apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue), after this we will reapply patch series from Eric.
Signed-off-by: Mao Wenan maowenan@huawei.com --- net/ipv4/tcp_input.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 4a261e0..995b2bc 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4791,7 +4791,6 @@ restart: static void tcp_collapse_ofo_queue(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk); - u32 range_truesize, sum_tiny = 0; struct sk_buff *skb = skb_peek(&tp->out_of_order_queue); struct sk_buff *head; u32 start, end; @@ -4801,7 +4800,6 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
start = TCP_SKB_CB(skb)->seq; end = TCP_SKB_CB(skb)->end_seq; - range_truesize = skb->truesize; head = skb;
for (;;) { @@ -4816,24 +4814,14 @@ static void tcp_collapse_ofo_queue(struct sock *sk) if (!skb || after(TCP_SKB_CB(skb)->seq, end) || before(TCP_SKB_CB(skb)->end_seq, start)) { - /* Do not attempt collapsing tiny skbs */ - if (range_truesize != head->truesize || - end - start >= SKB_WITH_OVERHEAD(SK_MEM_QUANTUM)) { - tcp_collapse(sk, &tp->out_of_order_queue, - head, skb, start, end); - } else { - sum_tiny += range_truesize; - if (sum_tiny > sk->sk_rcvbuf >> 3) - return; - } - + tcp_collapse(sk, &tp->out_of_order_queue, + head, skb, start, end); head = skb; if (!skb) break; /* Start new segment */ start = TCP_SKB_CB(skb)->seq; end = TCP_SKB_CB(skb)->end_seq; - range_truesize = skb->truesize; } else { if (before(TCP_SKB_CB(skb)->seq, start)) start = TCP_SKB_CB(skb)->seq;