Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
@ 2019-11-02 14:28 Pablo Neira Ayuso
  2019-11-03  4:58 ` kbuild test robot
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2019-11-02 14:28 UTC (permalink / raw)
  To: netfilter-devel

Otherwise this leads to a stack corruption.

Fixes: c5d275276ff4 ("netfilter: nf_tables_offload: add nft_flow_cls_offload_setup()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_tables_offload.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 4e0625cce647..e61696615cd5 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -159,9 +159,9 @@ static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
 				       const struct nft_base_chain *basechain,
 				       const struct nft_rule *rule,
 				       const struct nft_flow_rule *flow,
+				       struct netlink_ext_ack *extack,
 				       enum flow_cls_command command)
 {
-	struct netlink_ext_ack extack;
 	__be16 proto = ETH_P_ALL;
 
 	memset(cls_flow, 0, sizeof(*cls_flow));
@@ -170,7 +170,7 @@ static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
 		proto = flow->proto;
 
 	nft_flow_offload_common_init(&cls_flow->common, proto,
-				     basechain->ops.priority, &extack);
+				     basechain->ops.priority, extack);
 	cls_flow->command = command;
 	cls_flow->cookie = (unsigned long) rule;
 	if (flow)
@@ -182,6 +182,7 @@ static int nft_flow_offload_rule(struct nft_chain *chain,
 				 struct nft_flow_rule *flow,
 				 enum flow_cls_command command)
 {
+	struct netlink_ext_ack extack = {};
 	struct flow_cls_offload cls_flow;
 	struct nft_base_chain *basechain;
 
@@ -189,7 +190,8 @@ static int nft_flow_offload_rule(struct nft_chain *chain,
 		return -EOPNOTSUPP;
 
 	basechain = nft_base_chain(chain);
-	nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, command);
+	nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, &extack,
+				   command);
 
 	return nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow,
 				 &basechain->flow_block.cb_list);
@@ -207,13 +209,15 @@ static int nft_flow_offload_unbind(struct flow_block_offload *bo,
 {
 	struct flow_block_cb *block_cb, *next;
 	struct flow_cls_offload cls_flow;
+	struct netlink_ext_ack extack;
 	struct nft_chain *chain;
 	struct nft_rule *rule;
 
 	chain = &basechain->chain;
 	list_for_each_entry(rule, &chain->rules, list) {
+		memset(extack, 0, sizeof(extack));
 		nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
-					   FLOW_CLS_DESTROY);
+					   &extack, FLOW_CLS_DESTROY);
 		nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
 	}
 
-- 
2.11.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
  2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
@ 2019-11-03  4:58 ` kbuild test robot
  2019-11-03  4:58 ` kbuild test robot
  2019-11-04 12:27 ` kbuild test robot
  2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-03  4:58 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 3160 bytes --]

Hi Pablo,

I love your patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: m68k-allyesconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 7.4.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=7.4.0 make.cross ARCH=m68k 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from include/linux/string.h:20:0,
                    from include/linux/bitmap.h:9,
                    from include/linux/nodemask.h:95,
                    from include/linux/mmzone.h:17,
                    from include/linux/gfp.h:6,
                    from include/linux/umh.h:4,
                    from include/linux/kmod.h:9,
                    from include/linux/module.h:13,
                    from net//netfilter/nf_tables_offload.c:3:
   net//netfilter/nf_tables_offload.c: In function 'nft_flow_offload_unbind':
>> net//netfilter/nf_tables_offload.c:218:10: error: incompatible type for argument 1 of '__builtin_memset'
      memset(extack, 0, sizeof(extack));
             ^
   arch/m68k/include/asm/string.h:68:42: note: in definition of macro 'memset'
    #define memset(d, c, n) __builtin_memset(d, c, n)
                                             ^
   net//netfilter/nf_tables_offload.c:218:10: note: expected 'void *' but argument is of type 'struct netlink_ext_ack'
      memset(extack, 0, sizeof(extack));
             ^
   arch/m68k/include/asm/string.h:68:42: note: in definition of macro 'memset'
    #define memset(d, c, n) __builtin_memset(d, c, n)
                                             ^

vim +/__builtin_memset +218 net//netfilter/nf_tables_offload.c

   206	
   207	static int nft_flow_offload_unbind(struct flow_block_offload *bo,
   208					   struct nft_base_chain *basechain)
   209	{
   210		struct flow_block_cb *block_cb, *next;
   211		struct flow_cls_offload cls_flow;
   212		struct netlink_ext_ack extack;
   213		struct nft_chain *chain;
   214		struct nft_rule *rule;
   215	
   216		chain = &basechain->chain;
   217		list_for_each_entry(rule, &chain->rules, list) {
 > 218			memset(extack, 0, sizeof(extack));
   219			nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
   220						   &extack, FLOW_CLS_DESTROY);
   221			nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
   222		}
   223	
   224		list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
   225			list_del(&block_cb->list);
   226			flow_block_cb_free(block_cb);
   227		}
   228	
   229		return 0;
   230	}
   231	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51626 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
  2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
  2019-11-03  4:58 ` kbuild test robot
@ 2019-11-03  4:58 ` kbuild test robot
  2019-11-04 12:27 ` kbuild test robot
  2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-03  4:58 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]

Hi Pablo,

I love your patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.4.0-14) 7.4.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   net/netfilter/nf_tables_offload.c: In function 'nft_flow_offload_unbind':
>> net/netfilter/nf_tables_offload.c:218:10: error: incompatible type for argument 1 of 'memset'
      memset(extack, 0, sizeof(extack));
             ^~~~~~
   In file included from arch/x86/include/asm/string.h:5:0,
                    from include/linux/string.h:20,
                    from include/linux/bitmap.h:9,
                    from include/linux/cpumask.h:12,
                    from arch/x86/include/asm/cpumask.h:5,
                    from arch/x86/include/asm/msr.h:11,
                    from arch/x86/include/asm/processor.h:21,
                    from arch/x86/include/asm/cpufeature.h:5,
                    from arch/x86/include/asm/thread_info.h:53,
                    from include/linux/thread_info.h:38,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/seqlock.h:36,
                    from include/linux/time.h:6,
                    from include/linux/stat.h:19,
                    from include/linux/module.h:10,
                    from net/netfilter/nf_tables_offload.c:3:
   arch/x86/include/asm/string_64.h:18:7: note: expected 'void *' but argument is of type 'struct netlink_ext_ack'
    void *memset(void *s, int c, size_t n);
          ^~~~~~

vim +/memset +218 net/netfilter/nf_tables_offload.c

   206	
   207	static int nft_flow_offload_unbind(struct flow_block_offload *bo,
   208					   struct nft_base_chain *basechain)
   209	{
   210		struct flow_block_cb *block_cb, *next;
   211		struct flow_cls_offload cls_flow;
   212		struct netlink_ext_ack extack;
   213		struct nft_chain *chain;
   214		struct nft_rule *rule;
   215	
   216		chain = &basechain->chain;
   217		list_for_each_entry(rule, &chain->rules, list) {
 > 218			memset(extack, 0, sizeof(extack));
   219			nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
   220						   &extack, FLOW_CLS_DESTROY);
   221			nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
   222		}
   223	
   224		list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
   225			list_del(&block_cb->list);
   226			flow_block_cb_free(block_cb);
   227		}
   228	
   229		return 0;
   230	}
   231	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 43767 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
  2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
  2019-11-03  4:58 ` kbuild test robot
  2019-11-03  4:58 ` kbuild test robot
@ 2019-11-04 12:27 ` kbuild test robot
  2 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-11-04 12:27 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables_offload-pass-extack-to-nft_flow_cls_offload_setup/20191103-115127
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.1-6-g57f8611-dirty
        make ARCH=x86_64 allmodconfig
        make C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__'

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>


sparse warnings: (new ones prefixed by >>)

   net/netfilter/nf_tables_offload.c:165:24: sparse: sparse: incorrect type in initializer (different base types) @@    expected restricted __be16 [usertype] proto @@    got e] proto @@
   net/netfilter/nf_tables_offload.c:165:24: sparse:    expected restricted __be16 [usertype] proto
   net/netfilter/nf_tables_offload.c:165:24: sparse:    got int
>> net/netfilter/nf_tables_offload.c:218:17: sparse: sparse: incorrect type in argument 1 (different base types) @@    expected void *s @@    got struct netlink_exvoid *s @@
>> net/netfilter/nf_tables_offload.c:218:17: sparse:    expected void *s
>> net/netfilter/nf_tables_offload.c:218:17: sparse:    got struct netlink_ext_ack extack

vim +218 net/netfilter/nf_tables_offload.c

   157	
   158	static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
   159					       const struct nft_base_chain *basechain,
   160					       const struct nft_rule *rule,
   161					       const struct nft_flow_rule *flow,
   162					       struct netlink_ext_ack *extack,
   163					       enum flow_cls_command command)
   164	{
 > 165		__be16 proto = ETH_P_ALL;
   166	
   167		memset(cls_flow, 0, sizeof(*cls_flow));
   168	
   169		if (flow)
   170			proto = flow->proto;
   171	
   172		nft_flow_offload_common_init(&cls_flow->common, proto,
   173					     basechain->ops.priority, extack);
   174		cls_flow->command = command;
   175		cls_flow->cookie = (unsigned long) rule;
   176		if (flow)
   177			cls_flow->rule = flow->rule;
   178	}
   179	
   180	static int nft_flow_offload_rule(struct nft_chain *chain,
   181					 struct nft_rule *rule,
   182					 struct nft_flow_rule *flow,
   183					 enum flow_cls_command command)
   184	{
   185		struct netlink_ext_ack extack = {};
   186		struct flow_cls_offload cls_flow;
   187		struct nft_base_chain *basechain;
   188	
   189		if (!nft_is_base_chain(chain))
   190			return -EOPNOTSUPP;
   191	
   192		basechain = nft_base_chain(chain);
   193		nft_flow_cls_offload_setup(&cls_flow, basechain, rule, flow, &extack,
   194					   command);
   195	
   196		return nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow,
   197					 &basechain->flow_block.cb_list);
   198	}
   199	
   200	static int nft_flow_offload_bind(struct flow_block_offload *bo,
   201					 struct nft_base_chain *basechain)
   202	{
   203		list_splice(&bo->cb_list, &basechain->flow_block.cb_list);
   204		return 0;
   205	}
   206	
   207	static int nft_flow_offload_unbind(struct flow_block_offload *bo,
   208					   struct nft_base_chain *basechain)
   209	{
   210		struct flow_block_cb *block_cb, *next;
   211		struct flow_cls_offload cls_flow;
   212		struct netlink_ext_ack extack;
   213		struct nft_chain *chain;
   214		struct nft_rule *rule;
   215	
   216		chain = &basechain->chain;
   217		list_for_each_entry(rule, &chain->rules, list) {
 > 218			memset(extack, 0, sizeof(extack));
   219			nft_flow_cls_offload_setup(&cls_flow, basechain, rule, NULL,
   220						   &extack, FLOW_CLS_DESTROY);
   221			nft_setup_cb_call(TC_SETUP_CLSFLOWER, &cls_flow, &bo->cb_list);
   222		}
   223	
   224		list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
   225			list_del(&block_cb->list);
   226			flow_block_cb_free(block_cb);
   227		}
   228	
   229		return 0;
   230	}
   231	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-02 14:28 [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
2019-11-03  4:58 ` kbuild test robot
2019-11-03  4:58 ` kbuild test robot
2019-11-04 12:27 ` kbuild test robot

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git