← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1640786] Re: netfilter regression introducing a performance slowdown in binary arp/ip/ip6tables

 

This bug was fixed in the package linux - 4.9.0-15.16

---------------
linux (4.9.0-15.16) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1658101

  * Zesty update to v4.9.5 stable release (LP: #1658099)
    - Input: xpad - use correct product id for x360w controllers
    - Input: i8042 - add Pegatron touchpad to noloop table
    - pinctrl: imx: fix imx_pinctrl_desc initialization
    - pinctrl: sh-pfc: r8a7795: Use lookup function for bias data
    - pinctrl: sh-pfc: Add helper to handle bias lookup table
    - regulator: tps65086: Fix 25mV ranges for BUCK regulators
    - regulator: axp20x: Fix axp809 ldo_io registration error on cold boot
    - drm/tegra: dpaux: Fix error handling
    - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
    - drm/savage: dereferencing an error pointer
    - selftests: do not require bash to run netsocktests testcase
    - selftests: do not require bash for the generated test
    - zram: revalidate disk under init_lock
    - zram: support BDI_CAP_STABLE_WRITES
    - dax: fix deadlock with DAX 4k holes
    - mm: pmd dirty emulation in page fault handler
    - mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
    - ocfs2: fix crash caused by stale lvb with fsdlm plugin
    - mm, memcg: fix the active list aging for lowmem requests when memcg is enabled
    - mm: support anonymous stable page
    - mm/slab.c: fix SLAB freelist randomization duplicate entries
    - mm/hugetlb.c: fix reservation race when freeing surplus pages
    - KVM: x86: fix emulation of "MOV SS, null selector"
    - KVM: eventfd: fix NULL deref irqbypass consumer
    - jump_labels: API for flushing deferred jump label updates
    - KVM: x86: flush pending lapic jump label updates on module unload
    - KVM: x86: fix NULL deref in vcpu_scan_ioapic
    - KVM: x86: add Align16 instruction flag
    - KVM: x86: add asm_safe wrapper
    - KVM: x86: emulate FXSAVE and FXRSTOR
    - KVM: x86: Introduce segmented_write_std
    - efi/libstub/arm*: Pass latest memory map to the kernel
    - efi/x86: Prune invalid memory map entries and fix boot regression
    - x86/efi: Don't allocate memmap through memblock after mm_init()
    - nl80211: fix sched scan netlink socket owner destruction
    - gpio: Move freeing of GPIO hogs before numbing of the device
    - xfs: Timely free truncated dirty pages
    - bridge: netfilter: Fix dropping packets that moving through bridge interface
    - x86/cpu/AMD: Clean up cpu_llc_id assignment per topology feature
    - x86/bugs: Separate AMD E400 erratum and C1E bug
    - x86/CPU/AMD: Fix Bulldozer topology
    - wusbcore: Fix one more crypto-on-the-stack bug
    - usb: musb: fix runtime PM in debugfs
    - USB: serial: kl5kusb105: fix line-state error handling
    - USB: serial: ch341: fix initial modem-control state
    - USB: serial: ch341: fix resume after reset
    - USB: serial: ch341: fix open error handling
    - USB: serial: ch341: fix control-message error handling
    - USB: serial: ch341: fix open and resume after B0
    - Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data
    - i2c: print correct device invalid address
    - i2c: fix kernel memory disclosure in dev interface
    - fix a fencepost error in pipe_advance()
    - xhci: fix deadlock at host remove by running watchdog correctly
    - btrfs: fix crash when tracepoint arguments are freed by wq callbacks
    - ASoC: hdmi-codec: use unsigned type to structure members with bit-field
    - Revert "tty: serial: 8250: add CON_CONSDEV to flags"
    - vme: Fix wrong pointer utilization in ca91cx42_slave_get
    - pid: fix lockdep deadlock warning due to ucount_lock
    - mnt: Protect the mountpoint hashtable with mount_lock
    - drivers: char: mem: Fix thinkos in kmem address checks
    - dmaengine: omap-dma: Fix dynamic lch_map allocation
    - virtio_blk: avoid DMA to stack for the sense buffer
    - tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
    - tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx
    - orinoco: Use shash instead of ahash for MIC calculations
    - sysrq: attach sysrq handler correctly for 32-bit kernel
    - extcon: return error code on failure
    - Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break
    - sysctl: Drop reference added by grab_header in proc_sys_readdir
    - net/af_iucv: don't use paged skbs for TX on HiperSockets
    - drm/i915/gen9: Fix PCODE polling timeout in stable backport
    - drm: Clean up planes in atomic commit helper failure path
    - drm/radeon: update smc firmware selection for SI
    - drm/radeon: drop verde dpm quirks
    - drm/amdgpu: update si kicker smc firmware
    - drm/amdgpu: drop verde dpm quirks
    - USB: serial: ch341: fix modem-control and B0 handling
    - net/mlx5: Only cancel recovery work when cleaning up device
    - i2c: piix4: Avoid race conditions with IMC
    - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
    - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too
    - btrfs: fix locking when we put back a delayed ref that's too new
    - btrfs: fix error handling when run_delayed_extent_op fails
    - pinctrl: meson: fix gpio request disabling other modes
    - NFS: fix typo in parameter description
    - pNFS: Fix race in pnfs_wait_on_layoutreturn
    - NFS: Fix a performance regression in readdir
    - NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
    - i2c: mux: pca954x: fix i2c mux selection caching
    - drm/i915/gen9: Fix PCODE polling during SAGV disabling
    - drm: avoid uninitialized timestamp use in wait_vblank
    - drm/panel: simple: Check against num_timings when setting preferred for timing
    - drm/i915: Move the min_pixclk[] handling to the end of readout
    - drm: Initialise drm_mm.head_node.allocated
    - remoteproc: qcom_wcnss: Fix circular module dependency
    - remoteproc: st: Fix error return code in st_rproc_probe()
    - powerpc/64: Simplify adaptation to new ISA v3.00 HPTE format
    - cpufreq: powernv: Disable preemption while checking CPU throttling state
    - regulators: helpers: Fix handling of bypass_val_on in get_bypass_regmap
    - ACPI / CPPC: set an error code on probe error path
    - block: Change extern inline to static inline
    - block: cfq_cpd_alloc() should use @gfp
    - ACPI / APEI: Fix NMI notification handling
    - powercap/intel_rapl: fix and tidy up error handling
    - iw_cxgb4: Fix error return code in c4iw_rdev_open()
    - bq24190_charger: Fix PM runtime use for bq24190_battery_set_property
    - power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520
    - blk-mq: Always schedule hctx->next_cpu
    - bus: vexpress-config: fix device reference leak
    - powerpc/mm: Correct process and partition table max size
    - powerpc/ibmebus: Fix further device reference leaks
    - powerpc/ibmebus: Fix device reference leaks in sysfs interface
    - powerpc/powernv: Don't warn on PE init if unfreeze is unsupported
    - arm64: hugetlb: fix the wrong address for several functions
    - arm64: hugetlb: remove the wrong pmd check in find_num_contig()
    - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags
    - pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
    - Linux 4.9.5

  * KVM module handling different per Architecture - ppc64el (LP: #1657734)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * ENA network driver moved to -extra (LP: #1657767)
    - [Config] Move Amazon ENA network driver to the main kernel package

  * [Hyper-V] netvsc: add rcu_read locked to netvsc callback (LP: #1657540)
    - netvsc: add rcu_read locking to netvsc callback

  * Backport 3 patches to fix bugs with AIX clients using IBMVSCSI Target Driver (LP: #1657194)
    - SAUCE: ibmvscsis: Fix max transfer length
    - SAUCE: ibmvscsis: fix sleeping in interrupt context
    - SAUCE: ibmvscsis: Fix srp_transfer_data fail return code

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Tue, 17 Jan 2017 11:27:33
-0700

** Changed in: linux (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1640786

Title:
  netfilter regression introducing a performance slowdown in binary
  arp/ip/ip6tables

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Yakkety:
  Fix Committed

Bug description:
  [SRU JUSTIFICATION]

  [Impact]

  It has been brought to my attention that Ubuntu kernel 4.4 has a
  severe netfilter regression affecting the performance of
  "/sbin/iptables" command, especially when adding large number of
  policies. My source have documented everything here[2].

  Note that the situation can also be reproduce with latest and greatest
  upstream kernel v4.9-rc4.

  I was able to reproduce the situation on my side, and a kernel bisect
  identified the same offending commit[1] as my source found for this
  bug.

  Running the commit right before the offending one have proven to have
  expected performance :

  # commit [71ae0dff] <== Offending commit
  real 0m33.314s
  user 0m1.520s
  sys 0m26.192s

  # commit [d7b59742] <== Right before offending commit
  real 0m5.952s
  user 0m0.124s
  sys 0m0.220s

  [Test Case]

  * Reproducer #1
  $ iptables -F
  $ time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s)

  * Reproducer #2
  $ iptables -F
  $ time for f in `seq 1 3000` ; do iptables -A FORWARD ; done

  "list-addrs" script can be found here[3]

  [Regression Potential]

   * none expected, the patches have been proven to work on mainline
  kernel, and was reviewed by a few netfilters maintainer + tested by
  myself.

  Reference:
  https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/

  Patches:
  https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/2394ae21e8b652aff0db1c02e946243c1e2f5edb
  https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/722d6785e3b29a3b9f95c4d77542a1416094786a
  https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/18b61e8161cc308cbfd06d2e2c6c0758dfd925ef

  [Other Info]

  * "iptables-restore" doesn't suffer of that netfilter regression, and
  I'm also aware that "iptables-restore" is the favourite approach since
  it is way more efficient than iptables that is executed over and over,
  once for each policy one want to set, but since "binary
  arp/ip/ip6tables" takes vastly longer to perform with that commit, I
  think this need to be address anyway.

  [Related Documents]

  [1] - https://github.com/torvalds/linux/commit/71ae0dff02d756e4d2ca710b79f2ff5390029a5f
  [2] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c
  [3] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c#file-list-addrs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1640786/+subscriptions