From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752702AbcGSIkO (ORCPT ); Tue, 19 Jul 2016 04:40:14 -0400 Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:52839 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752358AbcGSIkL (ORCPT ); Tue, 19 Jul 2016 04:40:11 -0400 Date: Tue, 19 Jul 2016 10:40:04 +0200 From: Florian Westphal To: Michal Kubecek Cc: Jiri Slaby , stable@vger.kernel.org, linux-kernel@vger.kernel.org, Florian Westphal , Pablo Neira Ayuso Subject: Re: [PATCH 3.12 42/88] netfilter: x_tables: do compat validation via translate_table Message-ID: <20160719084004.GB29897@breakpoint.cc> References: <8db11e84f44e4aa9434e39b33afef530abd6af58.1468483951.git.jslaby@suse.cz> <20160719071326.GA17120@unicorn.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160719071326.GA17120@unicorn.suse.cz> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Michal Kubecek wrote: > > - /* And one copy for every other CPU */ > > - for_each_possible_cpu(i) > > - if (newinfo->entries[i] && newinfo->entries[i] != entry1) > > - memcpy(newinfo->entries[i], entry1, newinfo->size); > > These four lines should be preserved, IMHO, as 3.12 doesn't have commit > 482cfc318559 ("netfilter: xtables: avoid percpu ruleset duplication") > (introduced in 4.2) which removed the need for per-cpu copies. > > The same applies to the other two instances of translate_compat_table() > in net/ipv4/netfilter/ip_tables.c and net/ipv6/netfilter/ip6_tables.c > > Florian, do you agree? Sorry, I have to look at this in more detail. The patches change the compat translation version into a preprocessing step rather than a 1:1 replacement of translate_table. >>From first glance the removal is thus ok. I will review this later today. Also, please be aware of this bug: http://patchwork.ozlabs.org/patch/648446/ If possible this patchset should not be pushed to all -stable kernels yet.