Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > > + /* Switch to alternate jumpstack if we're being invoked via TEE. > > + * The problem is that TEE issues XT_CONTINUE verdict on original > > + * skb so we must not clobber the jumpstack. > > + * > > + * For recursion via REJECT or SYNPROXY the stack will be clobbered > > + * but its no problem since absolute verdict is issued by these. > > + */ > > + jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); > > This could eventually be garded by > > #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TEE) > > Or even better, a jump label that would be enabled when TEE module is > loaded. I can add a static key, sure. Thanks for the suggestion Eric. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
