From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:34532 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1753430AbcHNLLm (ORCPT
	<rfc822;stable@vger.kernel.org>); Sun, 14 Aug 2016 07:11:42 -0400
Date: Sat, 13 Aug 2016 20:30:48 +0200
From: Florian Westphal <fw@strlen.de>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	akpm@linux-foundation.org, Florian Westphal <fw@strlen.de>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 3.16 289/305] netfilter: x_tables: validate targets of
 jumps
Message-ID: <20160813183048.GA17154@breakpoint.cc>
References: <lsq.1471110169.907390585@decadent.org.uk>
 <lsq.1471110171.157444531@decadent.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <lsq.1471110171.157444531@decadent.org.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

Ben Hutchings <ben@decadent.org.uk> wrote:
> 3.16.37-rc1 review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Florian Westphal <fw@strlen.de>
> 
> commit 36472341017529e2b12573093cc0f68719300997 upstream.

[..]

> The extra overhead is negible, even with absurd cases.

Not true, the overhead is huge and increases restore time for
large rulesets from mere seconds to minutes, see

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f4dc77713f8016d2e8a3295e1c9c53a21f296def