* [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
@ 2019-11-02 14:28 Pablo Neira Ayuso
2019-11-03 4:58 ` kbuild test robot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2019-11-02 14:28 UTC (permalink / raw)
To: netfilter-devel
Otherwise this leads to a stack corruption.
Fixes: c5d275276ff4 ("netfilter: nf_tables_offload: add nft_flow_cls_offload_setup()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_offload.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 4e0625cce647..e61696615cd5 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -159,9 +159,9 @@ static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
const struct nft_base_chain *basechain,
const struct nft_rule *rule,
const struct nft_flow_rule *flow,
+ struct netlink_ext_ack *extack,
enum flow_cls_command command)
{
- struct netlink_ext_ack extack;
__be16 proto = ETH_P_ALL;
memset(cls_flow, 0, sizeof(*cls_flow));
@@ -170,7 +170,7 @@ static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
proto = flow->proto;
nft_flow_offload_common_init(&cls_flow->common, proto,
- basechain->ops.priority, &extack);
+ basechain->ops.priority, extack);
cls_flow->command = command;
cls_flow->cookie = (unsigned long) rule;
if (flow)
@@ -182,6 +182,7 @@ static int nft_flow_offload_rule(struct nft_chain *chain,
struct nft_flow_rule *flow,
enum flow_cls_command command)
{
+ struct netlink_ext_ack extack = {};
struct flow_cls_offload cls_flow;
struct nft_base_chain *basechain;
@@ -189,7 +190,8 @@ static int nft_flow_offload_rule(struct nft_chain *chain,
return -EOPNOTSUPP;
basechain = nft_base_chain(chain);
- nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, command);
+ nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, &extack,
+ command);
return nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow,
&basechain->flow_block.cb_list);
@@ -207,13 +209,15 @@ static int nft_flow_offload_unbind(struct flow_block_offload *bo,
{
struct flow_block_cb *block_cb, *next;
struct flow_cls_offload cls_flow;
+ struct netlink_ext_ack extack;
struct nft_chain *chain;
struct nft_rule *rule;
chain = &basechain->chain;
list_for_each_entry(rule, &chain->rules, list) {
+ memset(extack, 0, sizeof(extack));
nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
- FLOW_CLS_DESTROY);
+ &extack, FLOW_CLS_DESTROY);
nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
}
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
@ 2019-11-03 4:58 ` kbuild test robot
2019-11-03 4:58 ` kbuild test robot
2019-11-04 12:27 ` kbuild test robot
2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-03 4:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 3160 bytes --]
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: m68k-allyesconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 7.4.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.4.0 make.cross ARCH=m68k
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/string.h:20:0,
from include/linux/bitmap.h:9,
from include/linux/nodemask.h:95,
from include/linux/mmzone.h:17,
from include/linux/gfp.h:6,
from include/linux/umh.h:4,
from include/linux/kmod.h:9,
from include/linux/module.h:13,
from net//netfilter/nf_tables_offload.c:3:
net//netfilter/nf_tables_offload.c: In function 'nft_flow_offload_unbind':
>> net//netfilter/nf_tables_offload.c:218:10: error: incompatible type for argument 1 of '__builtin_memset'
memset(extack, 0, sizeof(extack));
^
arch/m68k/include/asm/string.h:68:42: note: in definition of macro 'memset'
#define memset(d, c, n) __builtin_memset(d, c, n)
^
net//netfilter/nf_tables_offload.c:218:10: note: expected 'void *' but argument is of type 'struct netlink_ext_ack'
memset(extack, 0, sizeof(extack));
^
arch/m68k/include/asm/string.h:68:42: note: in definition of macro 'memset'
#define memset(d, c, n) __builtin_memset(d, c, n)
^
vim +/__builtin_memset +218 net//netfilter/nf_tables_offload.c
206
207 static int nft_flow_offload_unbind(struct flow_block_offload *bo,
208 struct nft_base_chain *basechain)
209 {
210 struct flow_block_cb *block_cb, *next;
211 struct flow_cls_offload cls_flow;
212 struct netlink_ext_ack extack;
213 struct nft_chain *chain;
214 struct nft_rule *rule;
215
216 chain = &basechain->chain;
217 list_for_each_entry(rule, &chain->rules, list) {
> 218 memset(extack, 0, sizeof(extack));
219 nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
220 &extack, FLOW_CLS_DESTROY);
221 nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
222 }
223
224 list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
225 list_del(&block_cb->list);
226 flow_block_cb_free(block_cb);
227 }
228
229 return 0;
230 }
231
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51626 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
2019-11-03 4:58 ` kbuild test robot
@ 2019-11-03 4:58 ` kbuild test robot
2019-11-04 12:27 ` kbuild test robot
2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-03 4:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.4.0-14) 7.4.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
net/netfilter/nf_tables_offload.c: In function 'nft_flow_offload_unbind':
>> net/netfilter/nf_tables_offload.c:218:10: error: incompatible type for argument 1 of 'memset'
memset(extack, 0, sizeof(extack));
^~~~~~
In file included from arch/x86/include/asm/string.h:5:0,
from include/linux/string.h:20,
from include/linux/bitmap.h:9,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:21,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:38,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:51,
from include/linux/seqlock.h:36,
from include/linux/time.h:6,
from include/linux/stat.h:19,
from include/linux/module.h:10,
from net/netfilter/nf_tables_offload.c:3:
arch/x86/include/asm/string_64.h:18:7: note: expected 'void *' but argument is of type 'struct netlink_ext_ack'
void *memset(void *s, int c, size_t n);
^~~~~~
vim +/memset +218 net/netfilter/nf_tables_offload.c
206
207 static int nft_flow_offload_unbind(struct flow_block_offload *bo,
208 struct nft_base_chain *basechain)
209 {
210 struct flow_block_cb *block_cb, *next;
211 struct flow_cls_offload cls_flow;
212 struct netlink_ext_ack extack;
213 struct nft_chain *chain;
214 struct nft_rule *rule;
215
216 chain = &basechain->chain;
217 list_for_each_entry(rule, &chain->rules, list) {
> 218 memset(extack, 0, sizeof(extack));
219 nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
220 &extack, FLOW_CLS_DESTROY);
221 nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
222 }
223
224 list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
225 list_del(&block_cb->list);
226 flow_block_cb_free(block_cb);
227 }
228
229 return 0;
230 }
231
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 43767 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
2019-11-03 4:58 ` kbuild test robot
2019-11-03 4:58 ` kbuild test robot
@ 2019-11-04 12:27 ` kbuild test robot
2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-04 12:27 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
# sparse version: v0.6.1-6-g57f8611-dirty
make ARCH=x86_64 allmodconfig
make C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__'
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
net/netfilter/nf_tables_offload.c:165:24: sparse: sparse: incorrect type in initializer (different base types) @@ expected restricted __be16 [usertype] proto @@ got e] proto @@
net/netfilter/nf_tables_offload.c:165:24: sparse: expected restricted __be16 [usertype] proto
net/netfilter/nf_tables_offload.c:165:24: sparse: got int
>> net/netfilter/nf_tables_offload.c:218:17: sparse: sparse: incorrect type in argument 1 (different base types) @@ expected void *s @@ got struct netlink_exvoid *s @@
>> net/netfilter/nf_tables_offload.c:218:17: sparse: expected void *s
>> net/netfilter/nf_tables_offload.c:218:17: sparse: got struct netlink_ext_ack extack
vim +218 net/netfilter/nf_tables_offload.c
157
158 static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
159 const struct nft_base_chain *basechain,
160 const struct nft_rule *rule,
161 const struct nft_flow_rule *flow,
162 struct netlink_ext_ack *extack,
163 enum flow_cls_command command)
164 {
> 165 __be16 proto = ETH_P_ALL;
166
167 memset(cls_flow, 0, sizeof(*cls_flow));
168
169 if (flow)
170 proto = flow->proto;
171
172 nft_flow_offload_common_init(&cls_flow->common, proto,
173 basechain->ops.priority, extack);
174 cls_flow->command = command;
175 cls_flow->cookie = (unsigned long) rule;
176 if (flow)
177 cls_flow->rule = flow->rule;
178 }
179
180 static int nft_flow_offload_rule(struct nft_chain *chain,
181 struct nft_rule *rule,
182 struct nft_flow_rule *flow,
183 enum flow_cls_command command)
184 {
185 struct netlink_ext_ack extack = {};
186 struct flow_cls_offload cls_flow;
187 struct nft_base_chain *basechain;
188
189 if (!nft_is_base_chain(chain))
190 return -EOPNOTSUPP;
191
192 basechain = nft_base_chain(chain);
193 nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, &extack,
194 command);
195
196 return nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow,
197 &basechain->flow_block.cb_list);
198 }
199
200 static int nft_flow_offload_bind(struct flow_block_offload *bo,
201 struct nft_base_chain *basechain)
202 {
203 list_splice(&bo->cb_list, &basechain->flow_block.cb_list);
204 return 0;
205 }
206
207 static int nft_flow_offload_unbind(struct flow_block_offload *bo,
208 struct nft_base_chain *basechain)
209 {
210 struct flow_block_cb *block_cb, *next;
211 struct flow_cls_offload cls_flow;
212 struct netlink_ext_ack extack;
213 struct nft_chain *chain;
214 struct nft_rule *rule;
215
216 chain = &basechain->chain;
217 list_for_each_entry(rule, &chain->rules, list) {
> 218 memset(extack, 0, sizeof(extack));
219 nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
220 &extack, FLOW_CLS_DESTROY);
221 nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
222 }
223
224 list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
225 list_del(&block_cb->list);
226 flow_block_cb_free(block_cb);
227 }
228
229 return 0;
230 }
231
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-04 12:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
2019-11-03 4:58 ` kbuild test robot
2019-11-03 4:58 ` kbuild test robot
2019-11-04 12:27 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).