View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0016599||CentOS-7||[All Projects] general||public||2019-10-15 21:33||2019-10-21 00:42|
|Target Version||Fixed in Version|
|Summary||0016599: TCP performance issues and stalls|
|Description||We use a tool named Application Performance Management from vendor Broadcom. Tool is made of cluster named Management of Modules and Collectors. Recent Red Hat Patch resulted in cluster slowness, connection issues and TCP connections stall or time out. It overwhelms the tcp connection and drops the connections.|
Please refer to article on redhat:https://access.redhat.com/errata/RHSA-2019:1481.
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments.
We noticed the issue on Linux after redhat security patch, We believe it has been resolved (ref:please refer to article on redhat https://access.redhat.com/solutions/4302501)
But lately we are seeing similar issue on centos as well. Please refer to articles and if you need more information I can provide it.
|Steps To Reproduce||We can reproduce with the application onboard. Please refer to article on vendor Broadcom for logs https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=135344|
TCP+performance+issues+and+stalls+when+using+kernel-3.10.0-957.21.3.el7+or+any+kernel+with+TCP+SACK+PANIC+CVE+fixes.pdf (156,456 bytes)
Redhat-Error.PNG (371,602 bytes)
|And what is your current kernel version as reported by `uname -r`?|
That is the last public kernel that Redhat made available for 7.6 therefore CentOS cannot rebuild the later 7.6 kernels in the 3.10.0-957.* series as there is no source available. It is for this reason that CentOS only supports the current point release - 7.7 at the moment - which uses kernel series 3.10.0-1062.* and is one of those listed in the Redhat KB article that you pointed to that says is fixed.
You need to `yum update` to get current. Only the latest CentOS point release is supported.
|2019-10-15 21:33||veereshdandur||New Issue|
|2019-10-15 21:33||veereshdandur||File Added: TCP+performance+issues+and+stalls+when+using+kernel-3.10.0-957.21.3.el7+or+any+kernel+with+TCP+SACK+PANIC+CVE+fixes.pdf|
|2019-10-15 21:33||veereshdandur||File Added: Redhat-Error.PNG|
|2019-10-15 21:33||veereshdandur||Tag Attached: slowness|
|2019-10-15 22:10||TrevorH||Note Added: 0035493|
|2019-10-15 22:11||veereshdandur||Note Added: 0035494|
|2019-10-15 22:16||TrevorH||Note Added: 0035495|