netfilter: arptables: use percpu jumpstack
authorFlorian Westphal <fw@strlen.de>
Tue, 30 Jun 2015 20:21:00 +0000 (22:21 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 2 Jul 2015 15:58:59 +0000 (17:58 +0200)
commit3bd229976f64bea64c60803f9fc8d9f0059ba2f2
tree57b3146b9fc76fa2ee7dbc9dab6a594fcdf99b35
parenta1bc1b356a9d21bf29bc7c873718b5cacdf119b4
netfilter: arptables: use percpu jumpstack

commit 482cfc318559 ("netfilter: xtables: avoid percpu ruleset duplication")

Unlike ip and ip6tables, arp tables were never converted to use the percpu
jump stack.

It still uses the rule blob to store return address, which isn't safe
anymore since we now share this blob among all processors.

Because there is no TEE support for arptables, we don't need to cope
with reentrancy, so we can use loocal variable to hold stack offset.

Fixes: 482cfc318559 ("netfilter: xtables: avoid percpu ruleset duplication")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/arp_tables.c