From: Jiri Slaby <jslaby@suse.cz>
To: Greg KH <greg@kroah.com>, Jiri Slaby <jirislaby@gmail.com>
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 3.12 28/88] netfilter: x_tables: validate targets of jumps
Date: Thu, 21 Jul 2016 21:00:33 +0200 [thread overview]
Message-ID: <769ca2fb-b99c-a6a4-2559-5c12887d5e8a@suse.cz> (raw)
In-Reply-To: <20160721185633.GA24661@kroah.com>
On 07/21/2016, 08:56 PM, Greg KH wrote:
> On Thu, Jul 21, 2016 at 08:36:18AM +0200, Jiri Slaby wrote:
>> On 07/14/2016, 10:15 AM, Jiri Slaby wrote:
>>> From: Florian Westphal <fw@strlen.de>
>>>
>>> 3.12-stable review patch. If anyone has any objections, please let me know.
>>>
>>> ===============
>>>
>>> commit 36472341017529e2b12573093cc0f68719300997 upstream.
>>
>> I am now dropping this one. 3.12.62 will be released without that patch.
>> After the performance issue is resolved, it will be requeued.
>
> Personally, I think the bug fixes were more important than the
> performance issues at this point in time, but it's your call to make :)
Ok, but to quote [1]:
iptables-restore will take forever (gave up after 10 minutes)
I would say it proved itself not to be a performance issue, but rather a
functional issue :). Both Pablo and Florian suggested to postpone the patch.
[1]
http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/64099
thanks,
--
js
suse labs
next prev parent reply other threads:[~2016-07-21 19:00 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-14 8:16 [PATCH 3.12 00/88] 3.12.62-stable review Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 01/88] PCI/AER: Clear error status registers during enumeration and restore Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 02/88] MIPS: Fix 64k page support for 32 bit kernels Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 03/88] powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 04/88] sparc: Fix system call tracing register handling Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 05/88] sparc64: Fix bootup regressions on some Kconfig combinations Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 06/88] sparc64: Fix sparc64_set_context stack handling Jiri Slaby
2016-07-14 8:14 ` [PATCH 3.12 07/88] sparc/PCI: Fix for panic while enabling SR-IOV Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 08/88] sparc64: Take ctx_alloc_lock properly in hugetlb_setup() Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 09/88] sparc: Harden signal return frame checks Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 10/88] sparc64: Fix return from trap window fill crashes Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 11/88] perf/x86: Honor the architectural performance monitoring version Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 12/88] perf/x86: Fix undefined shift on 32-bit kernels Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 13/88] netlink: Fix dump skb leak/double free Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 14/88] udp: prevent skbs lingering in tunnel socket queues Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 15/88] tcp: record TLP and ER timer stats in v6 stats Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 16/88] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 17/88] macintosh/therm_windtunnel: Export I2C module alias information Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 18/88] drivers: macintosh: rack-meter: limit idle ticks to total ticks Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 19/88] KVM: x86: fix OOPS after invalid KVM_SET_DEBUGREGS Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 20/88] ARM: fix PTRACE_SETVFPREGS on SMP systems Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 21/88] powerpc: Fix definition of SIAR and SDAR registers Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 22/88] powerpc: Use privileged SPR number for MMCR2 Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 23/88] parisc: Fix pagefault crash in unaligned __get_user() call Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 24/88] ecryptfs: forbid opening files without mmap handler Jiri Slaby
[not found] ` <20160716192134.72132405@desktop.jensen.local>
2016-07-18 11:55 ` Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 25/88] wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 26/88] fix d_walk()/non-delayed __d_free() race Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 27/88] netfilter: x_tables: don't move to non-existent next rule Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 28/88] netfilter: x_tables: validate targets of jumps Jiri Slaby
2016-07-21 6:36 ` Jiri Slaby
2016-07-21 18:56 ` Greg KH
2016-07-21 19:00 ` Jiri Slaby [this message]
2016-07-25 5:45 ` Michal Kubecek
2016-07-25 6:41 ` Florian Westphal
2016-07-25 6:51 ` Michal Kubecek
2016-07-25 7:27 ` Florian Westphal
2016-07-14 8:15 ` [PATCH 3.12 29/88] netfilter: x_tables: add and use xt_check_entry_offsets Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 30/88] netfilter: x_tables: kill check_entry helper Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 31/88] netfilter: x_tables: assert minimum target size Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 32/88] netfilter: x_tables: add compat version of xt_check_entry_offsets Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 33/88] netfilter: x_tables: check standard target size too Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 34/88] netfilter: x_tables: check for bogus target offset Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 35/88] netfilter: x_tables: validate all offsets and sizes in a rule Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 36/88] netfilter: x_tables: don't reject valid target size on some architectures Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 37/88] netfilter: arp_tables: simplify translate_compat_table args Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 38/88] netfilter: ip_tables: " Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 39/88] netfilter: ip6_tables: " Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 40/88] netfilter: x_tables: xt_compat_match_from_user doesn't need a retval Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 41/88] netfilter: ensure number of counters is >0 in do_replace() Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 42/88] netfilter: x_tables: do compat validation via translate_table Jiri Slaby
2016-07-19 7:13 ` Michal Kubecek
2016-07-19 8:40 ` Florian Westphal
2016-07-19 9:13 ` Florian Westphal
2016-07-19 9:45 ` Michal Kubecek
2016-07-14 8:15 ` [PATCH 3.12 43/88] Revert "netfilter: ensure number of counters is >0 in do_replace()" Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 44/88] netfilter: x_tables: introduce and use xt_copy_counters_from_user Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 45/88] crypto: ux500 - memmove the right size Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 46/88] sit: correct IP protocol used in ipip6_err Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 47/88] ipmr/ip6mr: Initialize the last assert time of mfc entries Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 48/88] net: alx: Work around the DMA RX overflow issue Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 49/88] usb: quirks: Add no-lpm quirk for Acer C120 LED Projector Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 50/88] usb: musb: Stop bulk endpoint while queue is rotated Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 51/88] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 52/88] mac80211: mesh: flush mesh paths unconditionally Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 53/88] mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 54/88] IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 55/88] powerpc/iommu: Remove the dependency on EEH struct in DDW mechanism Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 56/88] powerpc/pseries: Fix PCI config address for DDW Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 57/88] USB: EHCI: declare hostpc register as zero-length array Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 58/88] x86, build: copy ldlinux.c32 to image.iso Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 59/88] kprobes/x86: Clear TF bit in fault on single-stepping Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 60/88] x86/amd_nb: Fix boot crash on non-AMD systems Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 61/88] make nfs_atomic_open() call d_drop() on all ->open_context() errors Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 62/88] NFS: Fix another OPEN_DOWNGRADE bug Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 63/88] ARM: 8578/1: mm: ensure pmd_present only checks the valid bit Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 64/88] mm: Export migrate_page_move_mapping and migrate_page_copy Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 65/88] UBIFS: Implement ->migratepage() Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 66/88] scsi: remove scsi_end_request Jiri Slaby
2016-07-14 8:15 ` [PATCH 3.12 67/88] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 68/88] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 69/88] USB: usbfs: fix potential infoleak in devio Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 70/88] ktime: export ktime_divns Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 71/88] ALSA: hrtimer: Handle start/stop more properly Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 72/88] ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 73/88] ALSA: timer: Fix leak in events via snd_timer_user_ccallback Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 74/88] ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 75/88] net/qlge: Avoids recursive EEH error Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 76/88] rds: fix an infoleak in rds_inc_info_copy Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 77/88] EDAC: Remove arbitrary limit on number of channels Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 78/88] SCSI: Increase REPORT_LUNS timeout Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 79/88] KEYS: potential uninitialized variable Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 80/88] base: make module_create_drivers_dir race-free Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 81/88] KVM: x86: expose invariant tsc cpuid bit (v2) Jiri Slaby
2016-07-14 8:40 ` Paolo Bonzini
2016-07-14 9:22 ` Jiri Slaby
2016-07-14 9:41 ` Paolo Bonzini
2016-07-14 8:16 ` [PATCH 3.12 82/88] mm/swap.c: flush lru pvecs on compound page arrival Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 83/88] HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 84/88] ALSA: compress: fix an integer overflow check Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 85/88] HID: elo: kill not flush the work Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 86/88] cdc_ncm: workaround for EM7455 "silent" data interface Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 87/88] MIPS: KVM: Fix modular KVM under QEMU Jiri Slaby
2016-07-14 8:16 ` [PATCH 3.12 88/88] signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo Jiri Slaby
2016-07-14 20:20 ` [PATCH 3.12 00/88] 3.12.62-stable review Guenter Roeck
2016-07-15 7:31 ` Jiri Slaby
2016-07-14 21:45 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=769ca2fb-b99c-a6a4-2559-5c12887d5e8a@suse.cz \
--to=jslaby@suse.cz \
--cc=fw@strlen.de \
--cc=greg@kroah.com \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).