We cannot block/sleep on nf_iterate because netfilter runs under rcu read lock these days, where blocking is well-known to be illegal. So let's remove these old comments. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/core.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 7b723bcd2522..b193bd46ac30 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -308,18 +308,11 @@ unsigned int nf_iterate(struct sk_buff *skb, { unsigned int verdict; - /* - * The caller must not block between calls to this - * function because of risk of continuing from deleted element. - */ while (*entryp) { if (state->thresh > (*entryp)->ops.priority) { *entryp = rcu_dereference((*entryp)->next); continue; } - - /* Optimization: we don't need to hold module - reference here, since function can't sleep. --RR */ repeat: verdict = (*entryp)->ops.hook((*entryp)->ops.priv, skb, state); if (verdict != NF_ACCEPT) { -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html