Re: [PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion

From: Sasha Levin
Date: Mon Apr 13 2020 - 12:39:05 EST

Next message: kbuild test robot: "[tip:x86/cleanups] BUILD SUCCESS 2fa9a3cf3055db07a4835eb7bd48c648cb17ac26"
Previous message: Pavel Shilovsky: "Re: [PATCH] cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+"
Next in thread: Stefano Brivio: "Re: [PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 07, 2020 at 02:18:48AM +0200, Stefano Brivio wrote:

Hi Sasha,

On Mon, 6 Apr 2020 20:00:49 -0400
Sasha Levin <sashal@xxxxxxxxxx> wrote:

From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

[ Upstream commit 8c2d45b2b65ca1f215244be1c600236e83f9815f ]

This patch, together with 28/35 and 29/35 in this series, and all the
equivalent patches for 5.4 and 4.19, that is:
[PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
[PATCH AUTOSEL 5.5 28/35] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
[PATCH AUTOSEL 5.5 29/35] netfilter: nft_set_rbtree: Detect partial overlaps on insertion
[PATCH AUTOSEL 5.4 24/32] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
[PATCH AUTOSEL 5.4 25/32] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
[PATCH AUTOSEL 5.4 26/32] netfilter: nft_set_rbtree: Detect partial overlaps on insertion
[PATCH AUTOSEL 4.19 08/13] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
[PATCH AUTOSEL 4.19 09/13] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
[PATCH AUTOSEL 4.19 10/13] netfilter: nft_set_rbtree: Detect partial overlaps on insertion

should only be backported together with nf.git commit
72239f2795fa ("netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion")

as they would otherwise introduce a regression. In general, those changes
are not really relevant before 5.6, as nft_set_pipapo wasn't there and the
main purpose here is to make the nft_set_rbtree back-end consistent with it:
they also prevent a malfunction in nft_set_rbtree itself, but nothing that
would be triggered using 'nft' alone, and no memory badnesses or critical
issues whatsoever. So it's also safe to drop them, in my opinion.

Also patches for 4.14 and 4.9:
[PATCH AUTOSEL 4.14 6/9] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
[PATCH AUTOSEL 4.9 3/5] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion

can safely be dropped, because there are no set back-ends there, without
the following patches, that use this way of reporting a partial overlap.

I've just dropped them all as 72239f2795fa ("netfilter: nft_set_rbtree:
Drop spurious condition for overlap detection on insertion") didn't make
it into Linus's tree yet.

I'm used to not Cc: stable on networking patches (Dave's net.git),
but I guess I should instead if they go through nf.git (Pablo's tree),
right?

Yup, this confusion has caused for quite a few netfilter fixes to not
land in -stable. If it goes through Pablo's tree (and unless he intructs
otherwise), you should Cc stable.

--
Thanks,
Sasha

Next message: kbuild test robot: "[tip:x86/cleanups] BUILD SUCCESS 2fa9a3cf3055db07a4835eb7bd48c648cb17ac26"
Previous message: Pavel Shilovsky: "Re: [PATCH] cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+"
Next in thread: Stefano Brivio: "Re: [PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]