diff options
| author | jollaman999 <admin@jollaman999.com> | 2017-01-19 14:14:15 +0900 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-04-11 11:00:04 +0200 |
| commit | ba491ca86c5d2fed9d52e1f7b1887f54bbb66255 (patch) | |
| tree | f20498cfff4a5ecd84bffacd5708ab55a21138a9 | |
| parent | ad0c433e8065aaf25b6da70b6bdff1583e51de08 (diff) | |
Revert "netfilter: use jump_label for nf_hooks"
This breaks tethering and some apps that use filtering
when CONFIG_JUMP_LABEL is enabled.
This reverts commit a2d7ec58ac09f30ab726f216827f7c7095b2a98f.
| -rw-r--r-- | include/linux/netfilter.h | 26 | ||||
| -rw-r--r-- | net/netfilter/core.c | 13 |
2 files changed, 6 insertions, 33 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 0060fde31..caaf0f088 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -97,24 +97,6 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg); extern struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; -#if defined(CONFIG_JUMP_LABEL) -#include <linux/static_key.h> -extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; -static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook) -{ - if (__builtin_constant_p(pf) && - __builtin_constant_p(hook)) - return static_key_false(&nf_hooks_needed[pf][hook]); - - return !list_empty(&nf_hooks[pf][hook]); -} -#else -static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook) -{ - return !list_empty(&nf_hooks[pf][hook]); -} -#endif - int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb, struct net_device *indev, struct net_device *outdev, int (*okfn)(struct sk_buff *), int thresh); @@ -132,9 +114,11 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, struct net_device *outdev, int (*okfn)(struct sk_buff *), int thresh) { - if (nf_hooks_active(pf, hook)) - return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh); - return 1; +#ifndef CONFIG_NETFILTER_DEBUG + if (list_empty(&nf_hooks[pf][hook])) + return 1; +#endif + return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh); } static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 8592201b6..8bd710630 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -57,12 +57,6 @@ EXPORT_SYMBOL_GPL(nf_unregister_afinfo); struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly; EXPORT_SYMBOL(nf_hooks); - -#if defined(CONFIG_JUMP_LABEL) -struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; -EXPORT_SYMBOL(nf_hooks_needed); -#endif - static DEFINE_MUTEX(nf_hook_mutex); int nf_register_hook(struct nf_hook_ops *reg) @@ -79,9 +73,6 @@ int nf_register_hook(struct nf_hook_ops *reg) } list_add_rcu(®->list, elem->list.prev); mutex_unlock(&nf_hook_mutex); -#if defined(CONFIG_JUMP_LABEL) - static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); -#endif return 0; } EXPORT_SYMBOL(nf_register_hook); @@ -91,9 +82,7 @@ void nf_unregister_hook(struct nf_hook_ops *reg) mutex_lock(&nf_hook_mutex); list_del_rcu(®->list); mutex_unlock(&nf_hook_mutex); -#if defined(CONFIG_JUMP_LABEL) - static_key_slow_dec(&nf_hooks_needed[reg->pf][reg->hooknum]); -#endif + synchronize_net(); } EXPORT_SYMBOL(nf_unregister_hook); |