netfilter: nf_tables: fix scheduling-while-atomic splat

commit 2024439bd5ceb145eeeb428b2a59e9b905153ac3 upstream.

nf_tables_check_loops() can be called from rhashtable list
walk so cond_resched() cannot be used here.

Fixes: 81ea01066741 ("netfilter: nf_tables: add rescheduling points during loop detection walks")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 1a7bfd4be61d5a8e5bbfc8439ee3720edea97647..25af33caceda76c00e51d9493c4f161f51d84e7e 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -10044,13 +10044,9 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
                                break;
                        }
                }
-
-               cond_resched();
        }
 
        list_for_each_entry(set, &ctx->table->sets, list) {
-               cond_resched();
-
                if (!nft_is_active_next(ctx->net, set))
                        continue;
                if (!(set->flags & NFT_SET_MAP) ||