Florian Westphal 4a02426787 netfilter: tproxy: fix deadlock due to missing BH disable ... The xtables packet traverser performs an unconditional local_bh_disable(), but the nf_tables evaluation loop does not. Functions that are called from either xtables or nftables must assume that they can be called in process context. inet_twsk_deschedule_put() assumes that no softirq interrupt can occur. If tproxy is used from nf_tables its possible that we'll deadlock trying to aquire a lock already held in process context. Add a small helper that takes care of this and use it. Link: https://lore.kernel.org/netfilter-devel/401bd6ed-314a-a196-1cdc-e13c720cc8f2@balasys.hu/ Fixes: 4ed8eb6570 ("netfilter: nf_tables: Add native tproxy support") Reported-and-tested-by: Major Dávid <major.david@balasys.hu> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2023-03-06 12:09:48 +01:00
..
ip6_tables.c	netfilter: x_tables: fix percpu counter block leak on error path when creating new netns	2023-02-22 10:11:27 +01:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_mh.c
ip6t_NPT.c
ip6t_REJECT.c
ip6t_rpfilter.c	netfilter: ip6t_rpfilter: Fix regression with VRF interfaces	2023-02-22 00:22:20 +01:00
ip6t_rt.c
ip6t_srh.c
ip6t_SYNPROXY.c
ip6table_filter.c
ip6table_mangle.c
ip6table_nat.c
ip6table_raw.c
ip6table_security.c
Kconfig
Makefile
nf_conntrack_reasm.c	net: dropreason: add SKB_DROP_REASON_DUP_FRAG	2022-10-31 20:14:26 -07:00
nf_defrag_ipv6_hooks.c
nf_dup_ipv6.c
nf_reject_ipv6.c	netfilter: let reset rules clean out conntrack entries	2023-02-17 13:04:56 +01:00
nf_socket_ipv6.c
nf_tproxy_ipv6.c	netfilter: tproxy: fix deadlock due to missing BH disable	2023-03-06 12:09:48 +01:00
nft_dup_ipv6.c	netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters	2022-11-15 10:46:34 +01:00
nft_fib_ipv6.c	netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.	2022-10-19 08:46:48 +02:00
nft_reject_ipv6.c