From d2be66f6858d6243395763cb643de55bad96d33d Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 3 Nov 2016 10:56:05 +0100 Subject: [PATCH] netfilter: remove comments that predate rcu days We cannot block/sleep on nf_iterate because netfilter runs under rcu read lock these days, where blocking is well-known to be illegal. So let's remove these old comments. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/core.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 3d4aa96cb219..76014ad72ec5 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -308,18 +308,11 @@ unsigned int nf_iterate(struct sk_buff *skb, { unsigned int verdict; - /* - * The caller must not block between calls to this - * function because of risk of continuing from deleted element. - */ while (*entryp) { if (state->thresh > (*entryp)->ops.priority) { *entryp = rcu_dereference((*entryp)->next); continue; } - - /* Optimization: we don't need to hold module - reference here, since function can't sleep. --RR */ repeat: verdict = (*entryp)->ops.hook((*entryp)->ops.priv, skb, state); if (verdict != NF_ACCEPT) { -- 2.11.0