[PATCH nf-next,v2 1/5] netfilter: nf_tables: remove rcu read-size lock

[PATCH nf-next,v2 1/5] netfilter: nf_tables: remove rcu read-size lock

[Pablo Neira Ayuso]

Chain stats are updated from the Netfilter hook path which already run
under rcu read-size lock section.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: no changes

 net/netfilter/nf_tables_core.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index adc348056076..41c7509955e6 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -110,7 +110,6 @@ static noinline void nft_update_chain_stats(const struct nft_chain *chain,
 
 	base_chain = nft_base_chain(chain);
 
-	rcu_read_lock();
 	pstats = READ_ONCE(base_chain->stats);
 	if (pstats) {
 		local_bh_disable();
@@ -121,7 +120,6 @@ static noinline void nft_update_chain_stats(const struct nft_chain *chain,
 		u64_stats_update_end(&stats->syncp);
 		local_bh_enable();
 	}
-	rcu_read_unlock();
 }
 
 struct nft_jumpstack {
-- 
2.30.2

[PATCH nf-next,v2 2/5] netfilter: nft_payload: WARN_ON_ONCE instead of BUG

[Pablo Neira Ayuso]

BUG() is too harsh for unknown payload base, use WARN_ON_ONCE() instead.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: no changes.

 net/netfilter/nft_payload.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index bd689938a2e0..f2e65df32a06 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -157,7 +157,8 @@ void nft_payload_eval(const struct nft_expr *expr,
 			goto err;
 		break;
 	default:
-		BUG();
+		WARN_ON_ONCE(1);
+		goto err;
 	}
 	offset += priv->offset;
 
@@ -664,7 +665,8 @@ static void nft_payload_set_eval(const struct nft_expr *expr,
 			goto err;
 		break;
 	default:
-		BUG();
+		WARN_ON_ONCE(1);
+		goto err;
 	}
 
 	csum_offset = offset + priv->csum_offset;
-- 
2.30.2

[PATCH nf-next,v2 3/5] netfilter: nf_tables: consolidate rule verdict trace call

[Pablo Neira Ayuso]

Add function to consolidate verdict tracing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: no changes

 net/netfilter/nf_tables_core.c | 39 ++++++++++++++++++++++++++++------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 41c7509955e6..d026890a9842 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -67,6 +67,36 @@ static void nft_cmp_fast_eval(const struct nft_expr *expr,
 	regs->verdict.code = NFT_BREAK;
 }
 
+static noinline void __nft_trace_verdict(struct nft_traceinfo *info,
+					 const struct nft_chain *chain,
+					 const struct nft_regs *regs)
+{
+	enum nft_trace_types type;
+
+	switch (regs->verdict.code) {
+	case NFT_CONTINUE:
+	case NFT_RETURN:
+		type = NFT_TRACETYPE_RETURN;
+		break;
+	default:
+		type = NFT_TRACETYPE_RULE;
+		break;
+	}
+
+	__nft_trace_packet(info, chain, type);
+}
+
+static inline void nft_trace_verdict(struct nft_traceinfo *info,
+				     const struct nft_chain *chain,
+				     const struct nft_rule *rule,
+				     const struct nft_regs *regs)
+{
+	if (static_branch_unlikely(&nft_trace_enabled)) {
+		info->rule = rule;
+		__nft_trace_verdict(info, chain, regs);
+	}
+}
+
 static bool nft_payload_fast_eval(const struct nft_expr *expr,
 				  struct nft_regs *regs,
 				  const struct nft_pktinfo *pkt)
@@ -205,13 +235,13 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 		break;
 	}
 
+	nft_trace_verdict(&info, chain, rule, &regs);
+
 	switch (regs.verdict.code & NF_VERDICT_MASK) {
 	case NF_ACCEPT:
 	case NF_DROP:
 	case NF_QUEUE:
 	case NF_STOLEN:
-		nft_trace_packet(&info, chain, rule,
-				 NFT_TRACETYPE_RULE);
 		return regs.verdict.code;
 	}
 
@@ -224,15 +254,10 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 		stackptr++;
 		fallthrough;
 	case NFT_GOTO:
-		nft_trace_packet(&info, chain, rule,
-				 NFT_TRACETYPE_RULE);
-
 		chain = regs.verdict.chain;
 		goto do_chain;
 	case NFT_CONTINUE:
 	case NFT_RETURN:
-		nft_trace_packet(&info, chain, rule,
-				 NFT_TRACETYPE_RETURN);
 		break;
 	default:
 		WARN_ON(1);
-- 
2.30.2

[PATCH nf-next,v2 4/5] netfilter: nf_tables: replace WARN_ON by WARN_ON_ONCE for unknown verdicts

[Pablo Neira Ayuso]

Bug might trigger warning for each packet, call WARN_ON_ONCE instead.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: no changes

 net/netfilter/nf_tables_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index d026890a9842..d2ada666d889 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -260,7 +260,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 	case NFT_RETURN:
 		break;
 	default:
-		WARN_ON(1);
+		WARN_ON_ONCE(1);
 	}
 
 	if (stackptr > 0) {
-- 
2.30.2

[PATCH nf-next,v2 5/5] netfilter: nf_tables: make counter support built-in

[Pablo Neira Ayuso]

Make counter support built-in to allow for direct call in case of
CONFIG_RETPOLINE.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: add nft_counter_init_seqcount() and call it from core.

 include/net/netfilter/nf_tables_core.h |  6 +++
 net/netfilter/Kconfig                  |  6 ---
 net/netfilter/Makefile                 |  3 +-
 net/netfilter/nf_tables_core.c         |  5 +++
 net/netfilter/nft_counter.c            | 57 +++++++-------------------
 5 files changed, 26 insertions(+), 51 deletions(-)

diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index 0fa5a6d98a00..b6fb1fdff9b2 100644
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -7,6 +7,7 @@
 
 extern struct nft_expr_type nft_imm_type;
 extern struct nft_expr_type nft_cmp_type;
+extern struct nft_expr_type nft_counter_type;
 extern struct nft_expr_type nft_lookup_type;
 extern struct nft_expr_type nft_bitwise_type;
 extern struct nft_expr_type nft_byteorder_type;
@@ -21,6 +22,7 @@ extern struct nft_expr_type nft_last_type;
 #ifdef CONFIG_NETWORK_SECMARK
 extern struct nft_object_type nft_secmark_obj_type;
 #endif
+extern struct nft_object_type nft_counter_obj_type;
 
 int nf_tables_core_module_init(void);
 void nf_tables_core_module_exit(void);
@@ -120,6 +122,8 @@ bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
 bool nft_pipapo_avx2_lookup(const struct net *net, const struct nft_set *set,
 			    const u32 *key, const struct nft_set_ext **ext);
 
+void nft_counter_init_seqcount(void);
+
 struct nft_expr;
 struct nft_regs;
 struct nft_pktinfo;
@@ -143,4 +147,6 @@ void nft_dynset_eval(const struct nft_expr *expr,
 		     struct nft_regs *regs, const struct nft_pktinfo *pkt);
 void nft_rt_get_eval(const struct nft_expr *expr,
 		     struct nft_regs *regs, const struct nft_pktinfo *pkt);
+void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
+                      const struct nft_pktinfo *pkt);
 #endif /* _NET_NF_TABLES_CORE_H */
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 3646fc195e7d..ddc54b6d18ee 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -515,12 +515,6 @@ config NFT_FLOW_OFFLOAD
 	  This option adds the "flow_offload" expression that you can use to
 	  choose what flows are placed into the hardware.
 
-config NFT_COUNTER
-	tristate "Netfilter nf_tables counter module"
-	help
-	  This option adds the "counter" expression that you can use to
-	  include packet and byte counters in a rule.
-
 config NFT_CONNLIMIT
 	tristate "Netfilter nf_tables connlimit module"
 	depends on NF_CONNTRACK
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index aab20e575ecd..a135b1a46014 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -75,7 +75,7 @@ nf_tables-objs := nf_tables_core.o nf_tables_api.o nft_chain_filter.o \
 		  nf_tables_trace.o nft_immediate.o nft_cmp.o nft_range.o \
 		  nft_bitwise.o nft_byteorder.o nft_payload.o nft_lookup.o \
 		  nft_dynset.o nft_meta.o nft_rt.o nft_exthdr.o nft_last.o \
-		  nft_chain_route.o nf_tables_offload.o \
+		  nft_counter.o nft_chain_route.o nf_tables_offload.o \
 		  nft_set_hash.o nft_set_bitmap.o nft_set_rbtree.o \
 		  nft_set_pipapo.o
 
@@ -100,7 +100,6 @@ obj-$(CONFIG_NFT_REJECT) 	+= nft_reject.o
 obj-$(CONFIG_NFT_REJECT_INET)	+= nft_reject_inet.o
 obj-$(CONFIG_NFT_REJECT_NETDEV)	+= nft_reject_netdev.o
 obj-$(CONFIG_NFT_TUNNEL)	+= nft_tunnel.o
-obj-$(CONFIG_NFT_COUNTER)	+= nft_counter.o
 obj-$(CONFIG_NFT_LOG)		+= nft_log.o
 obj-$(CONFIG_NFT_MASQ)		+= nft_masq.o
 obj-$(CONFIG_NFT_REDIR)		+= nft_redir.o
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index d2ada666d889..df5eda7c7554 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -169,6 +169,7 @@ static void expr_call_ops_eval(const struct nft_expr *expr,
 
 	X(e, nft_payload_eval);
 	X(e, nft_cmp_eval);
+	X(e, nft_counter_eval);
 	X(e, nft_meta_get_eval);
 	X(e, nft_lookup_eval);
 	X(e, nft_range_eval);
@@ -292,18 +293,22 @@ static struct nft_expr_type *nft_basic_types[] = {
 	&nft_rt_type,
 	&nft_exthdr_type,
 	&nft_last_type,
+	&nft_counter_type,
 };
 
 static struct nft_object_type *nft_basic_objects[] = {
 #ifdef CONFIG_NETWORK_SECMARK
 	&nft_secmark_obj_type,
 #endif
+	&nft_counter_obj_type,
 };
 
 int __init nf_tables_core_module_init(void)
 {
 	int err, i, j = 0;
 
+	nft_counter_init_seqcount();
+
 	for (i = 0; i < ARRAY_SIZE(nft_basic_objects); i++) {
 		err = nft_register_obj(nft_basic_objects[i]);
 		if (err)
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index 8edd3b3c173d..83f1c7bd4bb3 100644
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -174,7 +174,7 @@ static const struct nla_policy nft_counter_policy[NFTA_COUNTER_MAX + 1] = {
 	[NFTA_COUNTER_BYTES]	= { .type = NLA_U64 },
 };
 
-static struct nft_object_type nft_counter_obj_type;
+struct nft_object_type nft_counter_obj_type;
 static const struct nft_object_ops nft_counter_obj_ops = {
 	.type		= &nft_counter_obj_type,
 	.size		= sizeof(struct nft_counter_percpu_priv),
@@ -184,7 +184,7 @@ static const struct nft_object_ops nft_counter_obj_ops = {
 	.dump		= nft_counter_obj_dump,
 };
 
-static struct nft_object_type nft_counter_obj_type __read_mostly = {
+struct nft_object_type nft_counter_obj_type __read_mostly = {
 	.type		= NFT_OBJECT_COUNTER,
 	.ops		= &nft_counter_obj_ops,
 	.maxattr	= NFTA_COUNTER_MAX,
@@ -192,9 +192,8 @@ static struct nft_object_type nft_counter_obj_type __read_mostly = {
 	.owner		= THIS_MODULE,
 };
 
-static void nft_counter_eval(const struct nft_expr *expr,
-			     struct nft_regs *regs,
-			     const struct nft_pktinfo *pkt)
+void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
+		      const struct nft_pktinfo *pkt)
 {
 	struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
 
@@ -275,7 +274,15 @@ static void nft_counter_offload_stats(struct nft_expr *expr,
 	preempt_enable();
 }
 
-static struct nft_expr_type nft_counter_type;
+void nft_counter_init_seqcount(void)
+{
+	int cpu;
+
+	for_each_possible_cpu(cpu)
+		seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
+}
+
+struct nft_expr_type nft_counter_type;
 static const struct nft_expr_ops nft_counter_ops = {
 	.type		= &nft_counter_type,
 	.size		= NFT_EXPR_SIZE(sizeof(struct nft_counter_percpu_priv)),
@@ -289,7 +296,7 @@ static const struct nft_expr_ops nft_counter_ops = {
 	.offload_stats	= nft_counter_offload_stats,
 };
 
-static struct nft_expr_type nft_counter_type __read_mostly = {
+struct nft_expr_type nft_counter_type __read_mostly = {
 	.name		= "counter",
 	.ops		= &nft_counter_ops,
 	.policy		= nft_counter_policy,
@@ -297,39 +304,3 @@ static struct nft_expr_type nft_counter_type __read_mostly = {
 	.flags		= NFT_EXPR_STATEFUL,
 	.owner		= THIS_MODULE,
 };
-
-static int __init nft_counter_module_init(void)
-{
-	int cpu, err;
-
-	for_each_possible_cpu(cpu)
-		seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
-
-	err = nft_register_obj(&nft_counter_obj_type);
-	if (err < 0)
-		return err;
-
-	err = nft_register_expr(&nft_counter_type);
-	if (err < 0)
-		goto err1;
-
-	return 0;
-err1:
-	nft_unregister_obj(&nft_counter_obj_type);
-	return err;
-}
-
-static void __exit nft_counter_module_exit(void)
-{
-	nft_unregister_expr(&nft_counter_type);
-	nft_unregister_obj(&nft_counter_obj_type);
-}
-
-module_init(nft_counter_module_init);
-module_exit(nft_counter_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
-MODULE_ALIAS_NFT_EXPR("counter");
-MODULE_ALIAS_NFT_OBJ(NFT_OBJECT_COUNTER);
-MODULE_DESCRIPTION("nftables counter rule support");
-- 
2.30.2

Re: [PATCH nf-next,v2 5/5] netfilter: nf_tables: make counter support built-in

[kernel test robot]

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf/master]
[also build test WARNING on nf-next/master horms-ipvs/master v5.16-rc5 next-20211217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: sh-allmodconfig (https://download.01.org/0day-ci/archive/20211218/202112180342.ufUrUKkP-lkp@intel.com/config)
compiler: sh4-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/390ad4295aa6445c311abd677b653a510f621131
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
        git checkout 390ad4295aa6445c311abd677b653a510f621131
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=sh SHELL=/bin/bash net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> net/netfilter/nft_counter.c:195:6: warning: no previous prototype for 'nft_counter_eval' [-Wmissing-prototypes]
     195 | void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
         |      ^~~~~~~~~~~~~~~~
>> net/netfilter/nft_counter.c:277:6: warning: no previous prototype for 'nft_counter_init_seqcount' [-Wmissing-prototypes]
     277 | void nft_counter_init_seqcount(void)
         |      ^~~~~~~~~~~~~~~~~~~~~~~~~


vim +/nft_counter_eval +195 net/netfilter/nft_counter.c

   194	
 > 195	void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   196			      const struct nft_pktinfo *pkt)
   197	{
   198		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   199	
   200		nft_counter_do_eval(priv, regs, pkt);
   201	}
   202	
   203	static int nft_counter_dump(struct sk_buff *skb, const struct nft_expr *expr)
   204	{
   205		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   206	
   207		return nft_counter_do_dump(skb, priv, false);
   208	}
   209	
   210	static int nft_counter_init(const struct nft_ctx *ctx,
   211				    const struct nft_expr *expr,
   212				    const struct nlattr * const tb[])
   213	{
   214		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   215	
   216		return nft_counter_do_init(tb, priv);
   217	}
   218	
   219	static void nft_counter_destroy(const struct nft_ctx *ctx,
   220					const struct nft_expr *expr)
   221	{
   222		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   223	
   224		nft_counter_do_destroy(priv);
   225	}
   226	
   227	static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
   228	{
   229		struct nft_counter_percpu_priv *priv = nft_expr_priv(src);
   230		struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst);
   231		struct nft_counter __percpu *cpu_stats;
   232		struct nft_counter *this_cpu;
   233		struct nft_counter total;
   234	
   235		nft_counter_fetch(priv, &total);
   236	
   237		cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_ATOMIC);
   238		if (cpu_stats == NULL)
   239			return -ENOMEM;
   240	
   241		preempt_disable();
   242		this_cpu = this_cpu_ptr(cpu_stats);
   243		this_cpu->packets = total.packets;
   244		this_cpu->bytes = total.bytes;
   245		preempt_enable();
   246	
   247		priv_clone->counter = cpu_stats;
   248		return 0;
   249	}
   250	
   251	static int nft_counter_offload(struct nft_offload_ctx *ctx,
   252				       struct nft_flow_rule *flow,
   253				       const struct nft_expr *expr)
   254	{
   255		/* No specific offload action is needed, but report success. */
   256		return 0;
   257	}
   258	
   259	static void nft_counter_offload_stats(struct nft_expr *expr,
   260					      const struct flow_stats *stats)
   261	{
   262		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   263		struct nft_counter *this_cpu;
   264		seqcount_t *myseq;
   265	
   266		preempt_disable();
   267		this_cpu = this_cpu_ptr(priv->counter);
   268		myseq = this_cpu_ptr(&nft_counter_seq);
   269	
   270		write_seqcount_begin(myseq);
   271		this_cpu->packets += stats->pkts;
   272		this_cpu->bytes += stats->bytes;
   273		write_seqcount_end(myseq);
   274		preempt_enable();
   275	}
   276	
 > 277	void nft_counter_init_seqcount(void)
   278	{
   279		int cpu;
   280	
   281		for_each_possible_cpu(cpu)
   282			seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
   283	}
   284	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Re: [PATCH nf-next, v2 5/5] netfilter: nf_tables: make counter support built-in

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 5296 bytes --]

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf/master]
[also build test WARNING on nf-next/master horms-ipvs/master v5.16-rc5 next-20211217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: sh-allmodconfig (https://download.01.org/0day-ci/archive/20211218/202112180342.ufUrUKkP-lkp(a)intel.com/config)
compiler: sh4-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/390ad4295aa6445c311abd677b653a510f621131
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
        git checkout 390ad4295aa6445c311abd677b653a510f621131
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=sh SHELL=/bin/bash net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> net/netfilter/nft_counter.c:195:6: warning: no previous prototype for 'nft_counter_eval' [-Wmissing-prototypes]
     195 | void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
         |      ^~~~~~~~~~~~~~~~
>> net/netfilter/nft_counter.c:277:6: warning: no previous prototype for 'nft_counter_init_seqcount' [-Wmissing-prototypes]
     277 | void nft_counter_init_seqcount(void)
         |      ^~~~~~~~~~~~~~~~~~~~~~~~~


vim +/nft_counter_eval +195 net/netfilter/nft_counter.c

   194	
 > 195	void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   196			      const struct nft_pktinfo *pkt)
   197	{
   198		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   199	
   200		nft_counter_do_eval(priv, regs, pkt);
   201	}
   202	
   203	static int nft_counter_dump(struct sk_buff *skb, const struct nft_expr *expr)
   204	{
   205		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   206	
   207		return nft_counter_do_dump(skb, priv, false);
   208	}
   209	
   210	static int nft_counter_init(const struct nft_ctx *ctx,
   211				    const struct nft_expr *expr,
   212				    const struct nlattr * const tb[])
   213	{
   214		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   215	
   216		return nft_counter_do_init(tb, priv);
   217	}
   218	
   219	static void nft_counter_destroy(const struct nft_ctx *ctx,
   220					const struct nft_expr *expr)
   221	{
   222		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   223	
   224		nft_counter_do_destroy(priv);
   225	}
   226	
   227	static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
   228	{
   229		struct nft_counter_percpu_priv *priv = nft_expr_priv(src);
   230		struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst);
   231		struct nft_counter __percpu *cpu_stats;
   232		struct nft_counter *this_cpu;
   233		struct nft_counter total;
   234	
   235		nft_counter_fetch(priv, &total);
   236	
   237		cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_ATOMIC);
   238		if (cpu_stats == NULL)
   239			return -ENOMEM;
   240	
   241		preempt_disable();
   242		this_cpu = this_cpu_ptr(cpu_stats);
   243		this_cpu->packets = total.packets;
   244		this_cpu->bytes = total.bytes;
   245		preempt_enable();
   246	
   247		priv_clone->counter = cpu_stats;
   248		return 0;
   249	}
   250	
   251	static int nft_counter_offload(struct nft_offload_ctx *ctx,
   252				       struct nft_flow_rule *flow,
   253				       const struct nft_expr *expr)
   254	{
   255		/* No specific offload action is needed, but report success. */
   256		return 0;
   257	}
   258	
   259	static void nft_counter_offload_stats(struct nft_expr *expr,
   260					      const struct flow_stats *stats)
   261	{
   262		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   263		struct nft_counter *this_cpu;
   264		seqcount_t *myseq;
   265	
   266		preempt_disable();
   267		this_cpu = this_cpu_ptr(priv->counter);
   268		myseq = this_cpu_ptr(&nft_counter_seq);
   269	
   270		write_seqcount_begin(myseq);
   271		this_cpu->packets += stats->pkts;
   272		this_cpu->bytes += stats->bytes;
   273		write_seqcount_end(myseq);
   274		preempt_enable();
   275	}
   276	
 > 277	void nft_counter_init_seqcount(void)
   278	{
   279		int cpu;
   280	
   281		for_each_possible_cpu(cpu)
   282			seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
   283	}
   284	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

Re: [PATCH nf-next,v2 5/5] netfilter: nf_tables: make counter support built-in

[kernel test robot]

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf/master]
[also build test WARNING on nf-next/master horms-ipvs/master v5.16-rc5 next-20211217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-randconfig-a001-20211217 (https://download.01.org/0day-ci/archive/20211218/202112180458.kdTRRudP-lkp@intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 9043c3d65b11b442226015acfbf8167684586cfa)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/390ad4295aa6445c311abd677b653a510f621131
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
        git checkout 390ad4295aa6445c311abd677b653a510f621131
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> net/netfilter/nft_counter.c:195:6: warning: no previous prototype for function 'nft_counter_eval' [-Wmissing-prototypes]
   void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
        ^
   net/netfilter/nft_counter.c:195:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
   void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   ^
   static 
>> net/netfilter/nft_counter.c:277:6: warning: no previous prototype for function 'nft_counter_init_seqcount' [-Wmissing-prototypes]
   void nft_counter_init_seqcount(void)
        ^
   net/netfilter/nft_counter.c:277:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
   void nft_counter_init_seqcount(void)
   ^
   static 
   2 warnings generated.


vim +/nft_counter_eval +195 net/netfilter/nft_counter.c

   194	
 > 195	void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   196			      const struct nft_pktinfo *pkt)
   197	{
   198		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   199	
   200		nft_counter_do_eval(priv, regs, pkt);
   201	}
   202	
   203	static int nft_counter_dump(struct sk_buff *skb, const struct nft_expr *expr)
   204	{
   205		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   206	
   207		return nft_counter_do_dump(skb, priv, false);
   208	}
   209	
   210	static int nft_counter_init(const struct nft_ctx *ctx,
   211				    const struct nft_expr *expr,
   212				    const struct nlattr * const tb[])
   213	{
   214		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   215	
   216		return nft_counter_do_init(tb, priv);
   217	}
   218	
   219	static void nft_counter_destroy(const struct nft_ctx *ctx,
   220					const struct nft_expr *expr)
   221	{
   222		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   223	
   224		nft_counter_do_destroy(priv);
   225	}
   226	
   227	static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
   228	{
   229		struct nft_counter_percpu_priv *priv = nft_expr_priv(src);
   230		struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst);
   231		struct nft_counter __percpu *cpu_stats;
   232		struct nft_counter *this_cpu;
   233		struct nft_counter total;
   234	
   235		nft_counter_fetch(priv, &total);
   236	
   237		cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_ATOMIC);
   238		if (cpu_stats == NULL)
   239			return -ENOMEM;
   240	
   241		preempt_disable();
   242		this_cpu = this_cpu_ptr(cpu_stats);
   243		this_cpu->packets = total.packets;
   244		this_cpu->bytes = total.bytes;
   245		preempt_enable();
   246	
   247		priv_clone->counter = cpu_stats;
   248		return 0;
   249	}
   250	
   251	static int nft_counter_offload(struct nft_offload_ctx *ctx,
   252				       struct nft_flow_rule *flow,
   253				       const struct nft_expr *expr)
   254	{
   255		/* No specific offload action is needed, but report success. */
   256		return 0;
   257	}
   258	
   259	static void nft_counter_offload_stats(struct nft_expr *expr,
   260					      const struct flow_stats *stats)
   261	{
   262		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   263		struct nft_counter *this_cpu;
   264		seqcount_t *myseq;
   265	
   266		preempt_disable();
   267		this_cpu = this_cpu_ptr(priv->counter);
   268		myseq = this_cpu_ptr(&nft_counter_seq);
   269	
   270		write_seqcount_begin(myseq);
   271		this_cpu->packets += stats->pkts;
   272		this_cpu->bytes += stats->bytes;
   273		write_seqcount_end(myseq);
   274		preempt_enable();
   275	}
   276	
 > 277	void nft_counter_init_seqcount(void)
   278	{
   279		int cpu;
   280	
   281		for_each_possible_cpu(cpu)
   282			seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
   283	}
   284	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Re: [PATCH nf-next, v2 5/5] netfilter: nf_tables: make counter support built-in

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 5793 bytes --]

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf/master]
[also build test WARNING on nf-next/master horms-ipvs/master v5.16-rc5 next-20211217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-randconfig-a001-20211217 (https://download.01.org/0day-ci/archive/20211218/202112180458.kdTRRudP-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 9043c3d65b11b442226015acfbf8167684586cfa)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/390ad4295aa6445c311abd677b653a510f621131
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nf_tables-remove-rcu-read-size-lock/20211217-194033
        git checkout 390ad4295aa6445c311abd677b653a510f621131
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> net/netfilter/nft_counter.c:195:6: warning: no previous prototype for function 'nft_counter_eval' [-Wmissing-prototypes]
   void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
        ^
   net/netfilter/nft_counter.c:195:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
   void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   ^
   static 
>> net/netfilter/nft_counter.c:277:6: warning: no previous prototype for function 'nft_counter_init_seqcount' [-Wmissing-prototypes]
   void nft_counter_init_seqcount(void)
        ^
   net/netfilter/nft_counter.c:277:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
   void nft_counter_init_seqcount(void)
   ^
   static 
   2 warnings generated.


vim +/nft_counter_eval +195 net/netfilter/nft_counter.c

   194	
 > 195	void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
   196			      const struct nft_pktinfo *pkt)
   197	{
   198		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   199	
   200		nft_counter_do_eval(priv, regs, pkt);
   201	}
   202	
   203	static int nft_counter_dump(struct sk_buff *skb, const struct nft_expr *expr)
   204	{
   205		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   206	
   207		return nft_counter_do_dump(skb, priv, false);
   208	}
   209	
   210	static int nft_counter_init(const struct nft_ctx *ctx,
   211				    const struct nft_expr *expr,
   212				    const struct nlattr * const tb[])
   213	{
   214		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   215	
   216		return nft_counter_do_init(tb, priv);
   217	}
   218	
   219	static void nft_counter_destroy(const struct nft_ctx *ctx,
   220					const struct nft_expr *expr)
   221	{
   222		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   223	
   224		nft_counter_do_destroy(priv);
   225	}
   226	
   227	static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
   228	{
   229		struct nft_counter_percpu_priv *priv = nft_expr_priv(src);
   230		struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst);
   231		struct nft_counter __percpu *cpu_stats;
   232		struct nft_counter *this_cpu;
   233		struct nft_counter total;
   234	
   235		nft_counter_fetch(priv, &total);
   236	
   237		cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_ATOMIC);
   238		if (cpu_stats == NULL)
   239			return -ENOMEM;
   240	
   241		preempt_disable();
   242		this_cpu = this_cpu_ptr(cpu_stats);
   243		this_cpu->packets = total.packets;
   244		this_cpu->bytes = total.bytes;
   245		preempt_enable();
   246	
   247		priv_clone->counter = cpu_stats;
   248		return 0;
   249	}
   250	
   251	static int nft_counter_offload(struct nft_offload_ctx *ctx,
   252				       struct nft_flow_rule *flow,
   253				       const struct nft_expr *expr)
   254	{
   255		/* No specific offload action is needed, but report success. */
   256		return 0;
   257	}
   258	
   259	static void nft_counter_offload_stats(struct nft_expr *expr,
   260					      const struct flow_stats *stats)
   261	{
   262		struct nft_counter_percpu_priv *priv = nft_expr_priv(expr);
   263		struct nft_counter *this_cpu;
   264		seqcount_t *myseq;
   265	
   266		preempt_disable();
   267		this_cpu = this_cpu_ptr(priv->counter);
   268		myseq = this_cpu_ptr(&nft_counter_seq);
   269	
   270		write_seqcount_begin(myseq);
   271		this_cpu->packets += stats->pkts;
   272		this_cpu->bytes += stats->bytes;
   273		write_seqcount_end(myseq);
   274		preempt_enable();
   275	}
   276	
 > 277	void nft_counter_init_seqcount(void)
   278	{
   279		int cpu;
   280	
   281		for_each_possible_cpu(cpu)
   282			seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu));
   283	}
   284	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org