ACK/cmt: [SRU][Xenial][PATCH 0/2] Fixes for LP:1793753
Joseph Salisbury
joseph.salisbury at canonical.com
Thu Sep 27 18:10:49 UTC 2018
On 09/27/2018 02:06 PM, Colin Ian King wrote:
> On 27/09/18 19:01, Joseph Salisbury wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1793753
>>
>> == SRU Justification ==
>> A regression was introduced in Xenial, even prior to v4.4 Final. I did
>> not test prior to this kernel once I found the bug was fixed in
>> mainline. The bug reporter experienced crashes on machines running
>> iptables using ipsets. He could get a trace from the console on one of
>> them which is attached to the bug report.
>>
>> On these machines, some ipset commands are automatically run to update the
>> sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
>>
>> I was able to reproduce this bug as was cking. This bug was found to be
>> fixed by mainline commits 596cf3fe5854 and e5173418ac59.
>>
>>
>> == Fixes ==
>> 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete")
>> e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
>>
>> == Regression Potential ==
>> Low. This fixes a regression and is limited to netfilter.
>>
>> == Test Case ==
>> A test kernel was built with these patches and tested by myself and cking.
>>
>>
>> Ross Lagerwall (1):
>> netfilter: ipset: Fix race between dump and swap
>>
>> Vishwanath Pai (1):
>> netfilter: ipset: fix race condition in ipset save, swap and delete
>>
>> include/linux/netfilter/ipset/ip_set.h | 4 ++++
>> net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +-
>> net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------
>> net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
>> net/netfilter/ipset/ip_set_list_set.c | 2 +-
>> 5 files changed, 39 insertions(+), 9 deletions(-)
>>
> Clean upstream cherry picks. I can vouch that these commits fix the
> issue when I soak tested these.
>
> BTW, Do we need these fixes for other releases?
We don't need them for Bionic or newer. I'll have to test for Trusty
and Precise.
>
> Acked-by: Colin Ian King <colin.king at canonical.com>
>
>
More information about the kernel-team
mailing list