Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv4/netfilter
History
Florian Westphal 3bd229976f netfilter: arptables: use percpu jumpstack 
commit 482cfc3185 ("netfilter: xtables: avoid percpu ruleset duplication")

Unlike ip and ip6tables, arp tables were never converted to use the percpu
jump stack.

It still uses the rule blob to store return address, which isn't safe
anymore since we now share this blob among all processors.

Because there is no TEE support for arptables, we don't need to cope
with reentrancy, so we can use loocal variable to hold stack offset.

Fixes: 482cfc3185 ("netfilter: xtables: avoid percpu ruleset duplication")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2015-07-02 17:58:59 +02:00
..
Kconfig netfilter: Kconfig: get rid of parens around depends on 2015-06-15 17:26:37 +02:00
Makefile
arp_tables.c netfilter: arptables: use percpu jumpstack 2015-07-02 17:58:59 +02:00
arpt_mangle.c
arptable_filter.c
ip_tables.c netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference. 2015-06-15 20:19:20 +02:00
ipt_CLUSTERIP.c
ipt_ECN.c
ipt_MASQUERADE.c
ipt_REJECT.c
ipt_SYNPROXY.c
ipt_ah.c
ipt_rpfilter.c net: ipv4 sysctl option to ignore routes when nexthop link is down 2015-06-24 02:15:54 -07:00
iptable_filter.c
iptable_mangle.c
iptable_nat.c
iptable_raw.c
iptable_security.c
nf_conntrack_l3proto_ipv4.c
nf_conntrack_l3proto_ipv4_compat.c
nf_conntrack_proto_icmp.c
nf_defrag_ipv4.c
nf_log_arp.c
nf_log_ipv4.c
nf_nat_h323.c
nf_nat_l3proto_ipv4.c
nf_nat_masquerade_ipv4.c
nf_nat_pptp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_snmp_basic.c
nf_reject_ipv4.c
nf_tables_arp.c
nf_tables_ipv4.c
nft_chain_nat_ipv4.c
nft_chain_route_ipv4.c
nft_masq_ipv4.c
nft_redir_ipv4.c
nft_reject_ipv4.c