From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753154AbcGSJNV (ORCPT <rfc822;w@1wt.eu>);
	Tue, 19 Jul 2016 05:13:21 -0400
Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:52884 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1752574AbcGSJNT (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 19 Jul 2016 05:13:19 -0400
Date: Tue, 19 Jul 2016 11:13:12 +0200
From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: Michal Kubecek <mkubecek@suse.cz>, Jiri Slaby <jslaby@suse.cz>,
        stable@vger.kernel.org, linux-kernel@vger.kernel.org,
        Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 3.12 42/88] netfilter: x_tables: do compat validation via
 translate_table
Message-ID: <20160719091312.GC29897@breakpoint.cc>
References: <cover.1468483950.git.jslaby@suse.cz>
 <8db11e84f44e4aa9434e39b33afef530abd6af58.1468483951.git.jslaby@suse.cz>
 <20160719071326.GA17120@unicorn.suse.cz>
 <20160719084004.GB29897@breakpoint.cc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160719084004.GB29897@breakpoint.cc>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Florian Westphal <fw@strlen.de> wrote:
> Michal Kubecek <mkubecek@suse.cz> wrote:
> > > -	/* And one copy for every other CPU */
> > > -	for_each_possible_cpu(i)
> > > -		if (newinfo->entries[i] && newinfo->entries[i] != entry1)
> > > -			memcpy(newinfo->entries[i], entry1, newinfo->size);
> > 
> > These four lines should be preserved, IMHO, as 3.12 doesn't have commit
> > 482cfc318559 ("netfilter: xtables: avoid percpu ruleset duplication")
> > (introduced in 4.2) which removed the need for per-cpu copies.
> > 
> > The same applies to the other two instances of translate_compat_table()
> > in net/ipv4/netfilter/ip_tables.c and net/ipv6/netfilter/ip6_tables.c
> > 
> > Florian, do you agree?
> 
> Sorry, I have to look at this in more detail.
> The patches change the compat translation version into a preprocessing
> step rather than a 1:1 replacement of translate_table.
> 
> From first glance the removal is thus ok.

Removal is correct, the expanded ruleset is passed to
translate_table() which will do the percpu duplication as last step.

[ I looked at 3.14.y tree which also dropped these lines in the backport ]