http://bugzilla.suse.com/show_bug.cgi?id=989176
http://bugzilla.suse.com/show_bug.cgi?id=989176#c9
Michal Kubeček changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P3 - Medium
Status|NEW |IN_PROGRESS
--- Comment #9 from Michal Kubeček ---
So far I haven't been able to reproduce a hang (soft lockup?). I'm testing
4.1.28-2.gae3ccbc-default but that should only differ in the ecryptfs fix.
However, I still can see some problems: SuSEfirewall does create only small
part of netfilter rules compared to a 3.12.61 kernel and when I dump the
rules with iptables-save on 3.12.61 and try to pass them to iptables-restore
on 4.1.28-2, I get an error (on "COMMIT" line).
I checked the source and it seems that current openSUSE-42.1 differs from my
original backport of bsc#986362 fixes in a few details. Apparently 4.1.28
also adds a backport of commit d7591f0c41 which I didn't include. But a more
important difference is IMHO that the stable-4.1 backport ignores the fact
that 4.1 doesn't have the simplification done in
482cfc318559 netfilter: xtables: avoid percpu ruleset duplication
so that 4.1.28 is missing this part of check_compat_entry_size_and_hooks():
/* And one copy for every other CPU */
for_each_possible_cpu(i)
if (newinfo->entries[i] && newinfo->entries[i] != entry1)
memcpy(newinfo->entries[i], entry1, newinfo->size);
This might explain why the rule set is incomplete. Worse, the 4.1.28 backport
doesn't handle entries being a per-cpu array in find_jump_target(), neither
in the way I did nor in the way it was done in other stable backports. I'll
try to fix these two problems on top of current openSUSE-42.1 so that we can
check if this is the cause.
--
You are receiving this mail because:
You are on the CC list for the bug.