What | Removed | Added |
---|---|---|
Priority | P5 - None | P3 - Medium |
Status | NEW | IN_PROGRESS |
So far I haven't been able to reproduce a hang (soft lockup?). I'm testing 4.1.28-2.gae3ccbc-default but that should only differ in the ecryptfs fix. However, I still can see some problems: SuSEfirewall does create only small part of netfilter rules compared to a 3.12.61 kernel and when I dump the rules with iptables-save on 3.12.61 and try to pass them to iptables-restore on 4.1.28-2, I get an error (on "COMMIT" line). I checked the source and it seems that current openSUSE-42.1 differs from my original backport of bsc#986362 fixes in a few details. Apparently 4.1.28 also adds a backport of commit d7591f0c41 which I didn't include. But a more important difference is IMHO that the stable-4.1 backport ignores the fact that 4.1 doesn't have the simplification done in 482cfc318559 netfilter: xtables: avoid percpu ruleset duplication so that 4.1.28 is missing this part of check_compat_entry_size_and_hooks(): /* And one copy for every other CPU */ for_each_possible_cpu(i) if (newinfo->entries[i] && newinfo->entries[i] != entry1) memcpy(newinfo->entries[i], entry1, newinfo->size); This might explain why the rule set is incomplete. Worse, the 4.1.28 backport doesn't handle entries being a per-cpu array in find_jump_target(), neither in the way I did nor in the way it was done in other stable backports. I'll try to fix these two problems on top of current openSUSE-42.1 so that we can check if this is the cause.