On Sun, Apr 18, 2021 at 10:47:04AM -0400, Jonathon Reinhart wrote: > On Sun, Apr 18, 2021 at 8:46 AM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > This is a note to let you know that I've just added the patch titled > > > > net: Make tcp_allowed_congestion_control readonly in non-init netns > > > > to the 5.10-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > > > The filename of the patch is: > > net-make-tcp_allowed_congestion_control-readonly-in-non-init-netns.patch > > and it can be found in the queue-5.10 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable tree, > > please let <stable@xxxxxxxxxxxxxxx> know about it. > > > > > > From 97684f0970f6e112926de631fdd98d9693c7e5c1 Mon Sep 17 00:00:00 2001 > > From: Jonathon Reinhart <jonathon.reinhart@xxxxxxxxx> > > Date: Tue, 13 Apr 2021 03:08:48 -0400 > > Subject: net: Make tcp_allowed_congestion_control readonly in non-init netns > > > > From: Jonathon Reinhart <jonathon.reinhart@xxxxxxxxx> > > > > commit 97684f0970f6e112926de631fdd98d9693c7e5c1 upstream. > > Hi Greg, > > Thanks for picking this into the stable trees. > > There's an earlier, somewhat related fix, which is only on net-next: > > 2671fa4dc010 ("netfilter: conntrack: Make global sysctls readonly in > non-init netns") > > That probably could have been on "net", but it followed this other > commit which was not strictly a bug-fix. It's additional logic to > detect bugs like the former: > > 31c4d2f160eb ("net: Ensure net namespace isolation of sysctls") > > Here's the series on Patchwork: > https://patchwork.kernel.org/project/netdevbpf/cover/20210412042453.32168-1-Jonathon.Reinhart@xxxxxxxxx/ > > I'm not yet sure where the threshold is for inclusion into "net" or > "stable". Could you please take a look and see if the first (or both) > of these should be included into the stable trees? If so, please feel > free to pick them yourself, or let me know which patches I should send > to "stable". I have to wait until a patch is in Linus's tree before we can add it to the stable queue, unless there is some big reason why this is not the case. For something like this, how about just waiting until it hits Linus's tree and then email stable@xxxxxxxxxxxxxxx saying, "please apply git commit <SHA1> to the stable trees." and we can do so then. thanks, greg k-h
