group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #10671
[Bug 1640786] Re: netfilter regression introducing a performance slowdown in binary arp/ip/ip6tables
This bug was fixed in the package linux - 4.9.0-15.16
---------------
linux (4.9.0-15.16) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1658101
* Zesty update to v4.9.5 stable release (LP: #1658099)
- Input: xpad - use correct product id for x360w controllers
- Input: i8042 - add Pegatron touchpad to noloop table
- pinctrl: imx: fix imx_pinctrl_desc initialization
- pinctrl: sh-pfc: r8a7795: Use lookup function for bias data
- pinctrl: sh-pfc: Add helper to handle bias lookup table
- regulator: tps65086: Fix 25mV ranges for BUCK regulators
- regulator: axp20x: Fix axp809 ldo_io registration error on cold boot
- drm/tegra: dpaux: Fix error handling
- drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
- drm/savage: dereferencing an error pointer
- selftests: do not require bash to run netsocktests testcase
- selftests: do not require bash for the generated test
- zram: revalidate disk under init_lock
- zram: support BDI_CAP_STABLE_WRITES
- dax: fix deadlock with DAX 4k holes
- mm: pmd dirty emulation in page fault handler
- mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
- ocfs2: fix crash caused by stale lvb with fsdlm plugin
- mm, memcg: fix the active list aging for lowmem requests when memcg is enabled
- mm: support anonymous stable page
- mm/slab.c: fix SLAB freelist randomization duplicate entries
- mm/hugetlb.c: fix reservation race when freeing surplus pages
- KVM: x86: fix emulation of "MOV SS, null selector"
- KVM: eventfd: fix NULL deref irqbypass consumer
- jump_labels: API for flushing deferred jump label updates
- KVM: x86: flush pending lapic jump label updates on module unload
- KVM: x86: fix NULL deref in vcpu_scan_ioapic
- KVM: x86: add Align16 instruction flag
- KVM: x86: add asm_safe wrapper
- KVM: x86: emulate FXSAVE and FXRSTOR
- KVM: x86: Introduce segmented_write_std
- efi/libstub/arm*: Pass latest memory map to the kernel
- efi/x86: Prune invalid memory map entries and fix boot regression
- x86/efi: Don't allocate memmap through memblock after mm_init()
- nl80211: fix sched scan netlink socket owner destruction
- gpio: Move freeing of GPIO hogs before numbing of the device
- xfs: Timely free truncated dirty pages
- bridge: netfilter: Fix dropping packets that moving through bridge interface
- x86/cpu/AMD: Clean up cpu_llc_id assignment per topology feature
- x86/bugs: Separate AMD E400 erratum and C1E bug
- x86/CPU/AMD: Fix Bulldozer topology
- wusbcore: Fix one more crypto-on-the-stack bug
- usb: musb: fix runtime PM in debugfs
- USB: serial: kl5kusb105: fix line-state error handling
- USB: serial: ch341: fix initial modem-control state
- USB: serial: ch341: fix resume after reset
- USB: serial: ch341: fix open error handling
- USB: serial: ch341: fix control-message error handling
- USB: serial: ch341: fix open and resume after B0
- Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data
- i2c: print correct device invalid address
- i2c: fix kernel memory disclosure in dev interface
- fix a fencepost error in pipe_advance()
- xhci: fix deadlock at host remove by running watchdog correctly
- btrfs: fix crash when tracepoint arguments are freed by wq callbacks
- ASoC: hdmi-codec: use unsigned type to structure members with bit-field
- Revert "tty: serial: 8250: add CON_CONSDEV to flags"
- vme: Fix wrong pointer utilization in ca91cx42_slave_get
- pid: fix lockdep deadlock warning due to ucount_lock
- mnt: Protect the mountpoint hashtable with mount_lock
- drivers: char: mem: Fix thinkos in kmem address checks
- dmaengine: omap-dma: Fix dynamic lch_map allocation
- virtio_blk: avoid DMA to stack for the sense buffer
- tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
- tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx
- orinoco: Use shash instead of ahash for MIC calculations
- sysrq: attach sysrq handler correctly for 32-bit kernel
- extcon: return error code on failure
- Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break
- sysctl: Drop reference added by grab_header in proc_sys_readdir
- net/af_iucv: don't use paged skbs for TX on HiperSockets
- drm/i915/gen9: Fix PCODE polling timeout in stable backport
- drm: Clean up planes in atomic commit helper failure path
- drm/radeon: update smc firmware selection for SI
- drm/radeon: drop verde dpm quirks
- drm/amdgpu: update si kicker smc firmware
- drm/amdgpu: drop verde dpm quirks
- USB: serial: ch341: fix modem-control and B0 handling
- net/mlx5: Only cancel recovery work when cleaning up device
- i2c: piix4: Avoid race conditions with IMC
- x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too
- btrfs: fix locking when we put back a delayed ref that's too new
- btrfs: fix error handling when run_delayed_extent_op fails
- pinctrl: meson: fix gpio request disabling other modes
- NFS: fix typo in parameter description
- pNFS: Fix race in pnfs_wait_on_layoutreturn
- NFS: Fix a performance regression in readdir
- NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
- i2c: mux: pca954x: fix i2c mux selection caching
- drm/i915/gen9: Fix PCODE polling during SAGV disabling
- drm: avoid uninitialized timestamp use in wait_vblank
- drm/panel: simple: Check against num_timings when setting preferred for timing
- drm/i915: Move the min_pixclk[] handling to the end of readout
- drm: Initialise drm_mm.head_node.allocated
- remoteproc: qcom_wcnss: Fix circular module dependency
- remoteproc: st: Fix error return code in st_rproc_probe()
- powerpc/64: Simplify adaptation to new ISA v3.00 HPTE format
- cpufreq: powernv: Disable preemption while checking CPU throttling state
- regulators: helpers: Fix handling of bypass_val_on in get_bypass_regmap
- ACPI / CPPC: set an error code on probe error path
- block: Change extern inline to static inline
- block: cfq_cpd_alloc() should use @gfp
- ACPI / APEI: Fix NMI notification handling
- powercap/intel_rapl: fix and tidy up error handling
- iw_cxgb4: Fix error return code in c4iw_rdev_open()
- bq24190_charger: Fix PM runtime use for bq24190_battery_set_property
- power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520
- blk-mq: Always schedule hctx->next_cpu
- bus: vexpress-config: fix device reference leak
- powerpc/mm: Correct process and partition table max size
- powerpc/ibmebus: Fix further device reference leaks
- powerpc/ibmebus: Fix device reference leaks in sysfs interface
- powerpc/powernv: Don't warn on PE init if unfreeze is unsupported
- arm64: hugetlb: fix the wrong address for several functions
- arm64: hugetlb: remove the wrong pmd check in find_num_contig()
- arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags
- pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
- Linux 4.9.5
* KVM module handling different per Architecture - ppc64el (LP: #1657734)
- [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list
* ENA network driver moved to -extra (LP: #1657767)
- [Config] Move Amazon ENA network driver to the main kernel package
* [Hyper-V] netvsc: add rcu_read locked to netvsc callback (LP: #1657540)
- netvsc: add rcu_read locking to netvsc callback
* Backport 3 patches to fix bugs with AIX clients using IBMVSCSI Target Driver (LP: #1657194)
- SAUCE: ibmvscsis: Fix max transfer length
- SAUCE: ibmvscsis: fix sleeping in interrupt context
- SAUCE: ibmvscsis: Fix srp_transfer_data fail return code
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Tue, 17 Jan 2017 11:27:33
-0700
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1640786
Title:
netfilter regression introducing a performance slowdown in binary
arp/ip/ip6tables
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
[SRU JUSTIFICATION]
[Impact]
It has been brought to my attention that Ubuntu kernel 4.4 has a
severe netfilter regression affecting the performance of
"/sbin/iptables" command, especially when adding large number of
policies. My source have documented everything here[2].
Note that the situation can also be reproduce with latest and greatest
upstream kernel v4.9-rc4.
I was able to reproduce the situation on my side, and a kernel bisect
identified the same offending commit[1] as my source found for this
bug.
Running the commit right before the offending one have proven to have
expected performance :
# commit [71ae0dff] <== Offending commit
real 0m33.314s
user 0m1.520s
sys 0m26.192s
# commit [d7b59742] <== Right before offending commit
real 0m5.952s
user 0m0.124s
sys 0m0.220s
[Test Case]
* Reproducer #1
$ iptables -F
$ time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s)
* Reproducer #2
$ iptables -F
$ time for f in `seq 1 3000` ; do iptables -A FORWARD ; done
"list-addrs" script can be found here[3]
[Regression Potential]
* none expected, the patches have been proven to work on mainline
kernel, and was reviewed by a few netfilters maintainer + tested by
myself.
Reference:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/
Patches:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/2394ae21e8b652aff0db1c02e946243c1e2f5edb
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/722d6785e3b29a3b9f95c4d77542a1416094786a
https://kernel.googlesource.com/pub/scm/linux/kernel/git/pablo/nf-next/+/18b61e8161cc308cbfd06d2e2c6c0758dfd925ef
[Other Info]
* "iptables-restore" doesn't suffer of that netfilter regression, and
I'm also aware that "iptables-restore" is the favourite approach since
it is way more efficient than iptables that is executed over and over,
once for each policy one want to set, but since "binary
arp/ip/ip6tables" takes vastly longer to perform with that commit, I
think this need to be address anyway.
[Related Documents]
[1] - https://github.com/torvalds/linux/commit/71ae0dff02d756e4d2ca710b79f2ff5390029a5f
[2] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c
[3] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c#file-list-addrs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1640786/+subscriptions
