Florian Westphal 2662c5b1f0 netfilter: tproxy: fix deadlock due to missing BH disable ... [ Upstream commit 4a02426787 ] The xtables packet traverser performs an unconditional local_bh_disable(), but the nf_tables evaluation loop does not. Functions that are called from either xtables or nftables must assume that they can be called in process context. inet_twsk_deschedule_put() assumes that no softirq interrupt can occur. If tproxy is used from nf_tables its possible that we'll deadlock trying to aquire a lock already held in process context. Add a small helper that takes care of this and use it. Link: https://lore.kernel.org/netfilter-devel/401bd6ed-314a-a196-1cdc-e13c720cc8f2@balasys.hu/ Fixes: 4ed8eb6570 ("netfilter: nf_tables: Add native tproxy support") Reported-and-tested-by: Major Dávid <major.david@balasys.hu> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-03-17 08:48:55 +01:00
..
Kconfig	netfilter: nf_log_arp: merge with nf_log_syslog	2021-03-31 00:37:27 +02:00
Makefile	netfilter: nf_log_arp: merge with nf_log_syslog	2021-03-31 00:37:27 +02:00
arp_tables.c	netfilter: x_tables: fix percpu counter block leak on error path when creating new netns	2023-03-11 13:57:28 +01:00
arpt_mangle.c	netfilter: ipv4: prefer skb_ensure_writable	2019-05-31 18:02:46 +02:00
arptable_filter.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
ip_tables.c	netfilter: x_tables: fix percpu counter block leak on error path when creating new netns	2023-03-11 13:57:28 +01:00
ipt_CLUSTERIP.c	netfilter: conntrack: Fix data-races around ct mark	2022-12-02 17:41:04 +01:00
ipt_ECN.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2019-06-22 08:59:24 -04:00
ipt_REJECT.c	netfilter: use actual socket sk for REJECT action	2020-12-01 14:33:55 +01:00
ipt_SYNPROXY.c	netfilter: Add MODULE_DESCRIPTION entries to kernel modules	2020-06-25 00:50:31 +02:00
ipt_ah.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
ipt_rpfilter.c	netfilter: rpfilter: mask ecn bits before fib lookup	2021-01-19 13:54:30 -08:00
iptable_filter.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
iptable_mangle.c	netfilter: x_tables: handle xt_register_template() returning an error value	2021-08-25 13:06:48 +02:00
iptable_nat.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
iptable_raw.c	netfilter: iptable_raw: drop bogus net_init annotation	2021-09-21 03:46:56 +02:00
iptable_security.c	netfilter: x_tables: never register tables by default	2021-08-09 10:22:01 +02:00
nf_defrag_ipv4.c	netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1	2021-09-28 13:04:55 +02:00
nf_dup_ipv4.c	netfilter: drop bridge nf reset from nf_reset	2019-10-01 18:42:15 +02:00
nf_flow_table_ipv4.c	netfilter: Add MODULE_DESCRIPTION entries to kernel modules	2020-06-25 00:50:31 +02:00
nf_nat_h323.c	netfilter: nf_conntrack_sip: fix expectation clash	2019-07-16 13:16:59 +02:00
nf_nat_pptp.c	netfilter: delete repeated words	2020-08-28 20:11:38 +02:00
nf_nat_snmp_basic.asn1	netfilter: nf_nat_snmp_basic: use asn1 decoder library	2018-01-19 13:59:07 +01:00
nf_nat_snmp_basic_main.c	netfilter: ipv4: prefer skb_ensure_writable	2019-05-31 18:02:46 +02:00
nf_reject_ipv4.c	ip: Fix data-races around sysctl_ip_default_ttl.	2022-07-29 17:25:09 +02:00
nf_socket_ipv4.c	treewide: Remove uninitialized_var() usage	2020-07-16 12:35:15 -07:00
nf_tproxy_ipv4.c	netfilter: tproxy: fix deadlock due to missing BH disable	2023-03-17 08:48:55 +01:00
nft_dup_ipv4.c	netfilter: nftables: add nft_parse_register_load() and use it	2021-01-27 22:53:29 +01:00
nft_fib_ipv4.c	netfilter: nft_fib: Fix for rpath check with VRF devices	2022-10-26 12:34:47 +02:00
nft_reject_ipv4.c	netfilter: nf_tables: add and use nft_sk helper	2021-05-29 01:04:53 +02:00