On Wed, 2015-07-08 at 23:15 +0200, Florian Westphal wrote: > + > + /* Switch to alternate jumpstack if we're being invoked via TEE. > + * The problem is that TEE issues XT_CONTINUE verdict on original > + * skb so we must not clobber the jumpstack. > + * > + * For recursion via REJECT or SYNPROXY the stack will be clobbered > + * but its no problem since absolute verdict is issued by these. > + */ > + jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); This could eventually be garded by #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TEE) Or even better, a jump label that would be enabled when TEE module is loaded. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
