From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932235AbcHNNLo (ORCPT <rfc822;w@1wt.eu>);
	Sun, 14 Aug 2016 09:11:44 -0400
Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:35158 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1752575AbcHNNLm (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 14 Aug 2016 09:11:42 -0400
Date: Sat, 13 Aug 2016 22:35:45 +0200
From: Florian Westphal <fw@strlen.de>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: Florian Westphal <fw@strlen.de>, linux-kernel@vger.kernel.org,
        stable@vger.kernel.org, akpm@linux-foundation.org,
        Pablo Neira Ayuso <pablo@netfilter.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 3.16 289/305] netfilter: x_tables: validate targets of
 jumps
Message-ID: <20160813203545.GB17154@breakpoint.cc>
References: <lsq.1471110169.907390585@decadent.org.uk>
 <lsq.1471110171.157444531@decadent.org.uk>
 <20160813183048.GA17154@breakpoint.cc>
 <1471114295.13300.22.camel@decadent.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1471114295.13300.22.camel@decadent.org.uk>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Ben Hutchings <ben@decadent.org.uk> wrote:
> On Sat, 2016-08-13 at 20:30 +0200, Florian Westphal wrote:
> > > Ben Hutchings <ben@decadent.org.uk> wrote:
> > > 
> > > 3.16.37-rc1 review patch.  If anyone has any objections, please let me know.
> > > 
> > > ------------------
> > > 
> > > > > From: Florian Westphal <fw@strlen.de>
> > > 
> > > commit 36472341017529e2b12573093cc0f68719300997 upstream.
> > 
> > [..]
> > 
> > > 
> > > The extra overhead is negible, even with absurd cases.
> > 
> > Not true, the overhead is huge and increases restore time for
> > large rulesets from mere seconds to minutes, see
> > 
> > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f4dc77713f8016d2e8a3295e1c9c53a21f296def
> 
> So do you think I should add that to this update or defer the netfilter
> changes to the next update?

Depends on what your focus is for 3.16.

If your focus is to better not break anything I would just drop
this patch and apply it for the next round with the fix
(f4dc77713f8016d2e8a3295e1c9c53a21f296def) on top once it had more
soak time.