On Thu, 22 Oct 2015 12:53:57 -0700 Ani Sinha <ani@xxxxxxxxxx> wrote: > On Thu, Oct 22, 2015 at 12:42 AM, Neal P. Murphy > <neal.p.murphy@xxxxxxxxxxxx> wrote: > > On Wed, 21 Oct 2015 14:26:35 -0700 > > Ani Sinha <ani@xxxxxxxxxx> wrote: > > > >> On Wed, Oct 21, 2015 at 2:19 PM, Florian Westphal <fw@xxxxxxxxx> wrote: > >> > Ani Sinha <ani@xxxxxxxxxx> wrote: > >> >> >> > commit c6825c0976fa7893692e0e43b09740b419b23c09 > >> >> >> > Author: Andrey Vagin <avagin@xxxxxxxxxx> > >> >> >> > Date: Wed Jan 29 19:34:14 2014 +0100 > >> >> >> > netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get > >> >> >> > > >> >> >> > and a followup patch : > >> >> >> > > >> >> >> > commit e53376bef2cd97d3e3f61fdc677fb8da7d03d0da > >> >> >> > Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > >> >> >> > Date: Mon Feb 3 20:01:53 2014 +0100 > >> >> >> > netfilter: nf_conntrack: don't release a conntrack with non-zero refcnt > >> >> >> > > >> >> > > >> >> > These for instance fix such bugs. > >> >> > >> >> So since both these patches were not backported to 3.4 series and > >> >> since now we have evidence of a crash that points to issues which the > >> >> patches fix, should we consider backporting the above patches to 3.4? > >> > > >> > Yes. > >> > >> Ok cool. I will send out backport patches for 3.4 corresponding to > >> both the above patches. > > > > As an FYI, Zefan Li just released 3.4.110; I didn't see the fix in the list. No surprise, of course; it does take more than 12 hours to get patches right, as I am painfully aware. > > > > I just bumped Smoothwall Express to 3.4.109 in Update4, and 3.4.110 contains fixes that relate to Smoothwall. May I safely assume that these patches will apply easily to 3.4.110? The obvious answer is, "Yes," but I'd like a bit of reassurance (<pat> <pat> "There, there; it'll be fine. The patches will be OK.") before I prepare and release the next update. > > The patches won't apply as is. There will be some work involved. For > example, one of the patches involves modification in synproxy module. > This isn't available in 3.4 train. So don't hold your breath. I will > work on this as soon as I can. Agreed and accepted. The patches will be ready when they're ready and not a moment sooner. I'm not trying to rush the process, and certainly not trying to brace you while asking questions you cannot possibly answer (yet). Just for planning purposes, might you expect the changes to be confined to modules? That is, would I be able to rebuild the kernel and distribute just a few updated modules? Or might I have to release a complete kernel? At this point, "could go either way" is a good answer, too. Considering Greg K-H's recent releases, I expect a 3.4.111 release in the next couple months. Thanks, Neal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
