* [PATCH nf] netfilter: nftables: fix incorrect element timeout
@ 2020-12-08 17:37 Pablo Neira Ayuso
2020-12-08 17:42 ` Pablo Neira Ayuso
2020-12-09 4:30 ` kernel test robot
0 siblings, 2 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-12-08 17:37 UTC (permalink / raw)
To: netfilter-devel
Use nf_msecs_to_jiffies64 and nf_jiffies64_to_msecs as provided by
8e1102d5a159 ("netfilter: nf_tables: support timeouts larger than 23
days"), otherwise ruleset listing breaks.
Fixes: a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_tables.h | 4 ++++
net/netfilter/nf_tables_api.c | 4 ++--
net/netfilter/nft_dynset.c | 5 ++---
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 55b4cadf290a..c1c0a4ff92ae 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1524,4 +1524,8 @@ void __init nft_chain_route_init(void);
void nft_chain_route_fini(void);
void nf_tables_trans_destroy_flush_work(void);
+
+int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result);
+__be64 nf_jiffies64_to_msecs(u64 input);
+
#endif /* _NET_NF_TABLES_H */
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 23abf1578594..c2f59879a48d 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3719,7 +3719,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
return 0;
}
-static int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
+int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
{
u64 ms = be64_to_cpu(nla_get_be64(nla));
u64 max = (u64)(~((u64)0));
@@ -3733,7 +3733,7 @@ static int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
return 0;
}
-static __be64 nf_jiffies64_to_msecs(u64 input)
+__be64 nf_jiffies64_to_msecs(u64 input)
{
return cpu_to_be64(jiffies64_to_msecs(input));
}
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 64ca13a1885b..ca6cfbb27051 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -157,8 +157,7 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
if (!(set->flags & NFT_SET_TIMEOUT))
return -EINVAL;
- timeout = msecs_to_jiffies(be64_to_cpu(nla_get_be64(
- tb[NFTA_DYNSET_TIMEOUT])));
+ timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT])));
}
priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
@@ -267,7 +266,7 @@ static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr)
if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name))
goto nla_put_failure;
if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT,
- cpu_to_be64(jiffies_to_msecs(priv->timeout)),
+ cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)),
NFTA_DYNSET_PAD))
goto nla_put_failure;
if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr))
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH nf] netfilter: nftables: fix incorrect element timeout 2020-12-08 17:37 [PATCH nf] netfilter: nftables: fix incorrect element timeout Pablo Neira Ayuso @ 2020-12-08 17:42 ` Pablo Neira Ayuso 2020-12-09 4:30 ` kernel test robot 1 sibling, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2020-12-08 17:42 UTC (permalink / raw) To: netfilter-devel On Tue, Dec 08, 2020 at 06:37:16PM +0100, Pablo Neira Ayuso wrote: > Use nf_msecs_to_jiffies64 and nf_jiffies64_to_msecs as provided by > 8e1102d5a159 ("netfilter: nf_tables: support timeouts larger than 23 > days"), otherwise ruleset listing breaks. Please, discard this patch. This has been replaced by: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20201208173810.14018-1-pablo@netfilter.org/ Sorry for the noise. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf] netfilter: nftables: fix incorrect element timeout 2020-12-08 17:37 [PATCH nf] netfilter: nftables: fix incorrect element timeout Pablo Neira Ayuso @ 2020-12-09 4:30 ` kernel test robot 2020-12-09 4:30 ` kernel test robot 1 sibling, 0 replies; 4+ messages in thread From: kernel test robot @ 2020-12-09 4:30 UTC (permalink / raw) To: Pablo Neira Ayuso, netfilter-devel; +Cc: kbuild-all [-- Attachment #1: Type: text/plain, Size: 9780 bytes --] Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nftables-fix-incorrect-element-timeout/20201209-014124 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: m68k-allmodconfig (attached as .config) compiler: m68k-linux-gcc (GCC) 9.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/4eebbc7da20071b9076b837dbc264c3eed1daea1 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nftables-fix-incorrect-element-timeout/20201209-014124 git checkout 4eebbc7da20071b9076b837dbc264c3eed1daea1 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All errors (new ones prefixed by >>): In file included from include/linux/kernel.h:11, from net/netfilter/nft_dynset.c:6: include/linux/scatterlist.h: In function 'sg_set_buf': arch/m68k/include/asm/page_mm.h:169:49: warning: ordered comparison of pointer with null pointer [-Wextra] 169 | #define virt_addr_valid(kaddr) ((void *)(kaddr) >= (void *)PAGE_OFFSET && (void *)(kaddr) < high_memory) | ^~ include/linux/compiler.h:78:42: note: in definition of macro 'unlikely' 78 | # define unlikely(x) __builtin_expect(!!(x), 0) | ^ include/linux/scatterlist.h:143:2: note: in expansion of macro 'BUG_ON' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~ include/linux/scatterlist.h:143:10: note: in expansion of macro 'virt_addr_valid' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~~~~~~~~~~ net/netfilter/nft_dynset.c: In function 'nft_dynset_init': >> net/netfilter/nft_dynset.c:160:13: error: implicit declaration of function 'nf_msecs_to_jiffies'; did you mean 'nf_msecs_to_jiffies64'? [-Werror=implicit-function-declaration] 160 | timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT]))); | ^~~~~~~~~~~~~~~~~~~ | nf_msecs_to_jiffies64 In file included from include/linux/byteorder/big_endian.h:5, from arch/m68k/include/uapi/asm/byteorder.h:5, from include/asm-generic/bitops/le.h:6, from arch/m68k/include/asm/bitops.h:528, from include/linux/bitops.h:29, from include/linux/kernel.h:12, from net/netfilter/nft_dynset.c:6: net/netfilter/nft_dynset.c: In function 'nft_dynset_dump': >> net/netfilter/nft_dynset.c:269:17: error: implicit declaration of function 'nf_jiffies_to_msecs'; did you mean 'nf_jiffies64_to_msecs'? [-Werror=implicit-function-declaration] 269 | cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), | ^~~~~~~~~~~~~~~~~~~ include/uapi/linux/byteorder/big_endian.h:37:51: note: in definition of macro '__cpu_to_be64' 37 | #define __cpu_to_be64(x) ((__force __be64)(__u64)(x)) | ^ net/netfilter/nft_dynset.c:269:5: note: in expansion of macro 'cpu_to_be64' 269 | cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), | ^~~~~~~~~~~ cc1: some warnings being treated as errors vim +160 net/netfilter/nft_dynset.c 104 105 static int nft_dynset_init(const struct nft_ctx *ctx, 106 const struct nft_expr *expr, 107 const struct nlattr * const tb[]) 108 { 109 struct nft_dynset *priv = nft_expr_priv(expr); 110 u8 genmask = nft_genmask_next(ctx->net); 111 struct nft_set *set; 112 u64 timeout; 113 int err; 114 115 lockdep_assert_held(&ctx->net->nft.commit_mutex); 116 117 if (tb[NFTA_DYNSET_SET_NAME] == NULL || 118 tb[NFTA_DYNSET_OP] == NULL || 119 tb[NFTA_DYNSET_SREG_KEY] == NULL) 120 return -EINVAL; 121 122 if (tb[NFTA_DYNSET_FLAGS]) { 123 u32 flags = ntohl(nla_get_be32(tb[NFTA_DYNSET_FLAGS])); 124 125 if (flags & ~NFT_DYNSET_F_INV) 126 return -EINVAL; 127 if (flags & NFT_DYNSET_F_INV) 128 priv->invert = true; 129 } 130 131 set = nft_set_lookup_global(ctx->net, ctx->table, 132 tb[NFTA_DYNSET_SET_NAME], 133 tb[NFTA_DYNSET_SET_ID], genmask); 134 if (IS_ERR(set)) 135 return PTR_ERR(set); 136 137 if (set->ops->update == NULL) 138 return -EOPNOTSUPP; 139 140 if (set->flags & NFT_SET_CONSTANT) 141 return -EBUSY; 142 143 priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP])); 144 switch (priv->op) { 145 case NFT_DYNSET_OP_ADD: 146 case NFT_DYNSET_OP_DELETE: 147 break; 148 case NFT_DYNSET_OP_UPDATE: 149 if (!(set->flags & NFT_SET_TIMEOUT)) 150 return -EOPNOTSUPP; 151 break; 152 default: 153 return -EOPNOTSUPP; 154 } 155 156 timeout = 0; 157 if (tb[NFTA_DYNSET_TIMEOUT] != NULL) { 158 if (!(set->flags & NFT_SET_TIMEOUT)) 159 return -EINVAL; > 160 timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT]))); 161 } 162 163 priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]); 164 err = nft_validate_register_load(priv->sreg_key, set->klen); 165 if (err < 0) 166 return err; 167 168 if (tb[NFTA_DYNSET_SREG_DATA] != NULL) { 169 if (!(set->flags & NFT_SET_MAP)) 170 return -EINVAL; 171 if (set->dtype == NFT_DATA_VERDICT) 172 return -EOPNOTSUPP; 173 174 priv->sreg_data = nft_parse_register(tb[NFTA_DYNSET_SREG_DATA]); 175 err = nft_validate_register_load(priv->sreg_data, set->dlen); 176 if (err < 0) 177 return err; 178 } else if (set->flags & NFT_SET_MAP) 179 return -EINVAL; 180 181 if (tb[NFTA_DYNSET_EXPR] != NULL) { 182 if (!(set->flags & NFT_SET_EVAL)) 183 return -EINVAL; 184 185 priv->expr = nft_set_elem_expr_alloc(ctx, set, 186 tb[NFTA_DYNSET_EXPR]); 187 if (IS_ERR(priv->expr)) 188 return PTR_ERR(priv->expr); 189 190 if (set->expr && set->expr->ops != priv->expr->ops) { 191 err = -EOPNOTSUPP; 192 goto err_expr_free; 193 } 194 } 195 196 nft_set_ext_prepare(&priv->tmpl); 197 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_KEY, set->klen); 198 if (set->flags & NFT_SET_MAP) 199 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_DATA, set->dlen); 200 if (priv->expr != NULL) 201 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_EXPR, 202 priv->expr->ops->size); 203 if (set->flags & NFT_SET_TIMEOUT) { 204 if (timeout || set->timeout) 205 nft_set_ext_add(&priv->tmpl, NFT_SET_EXT_EXPIRATION); 206 } 207 208 priv->timeout = timeout; 209 210 err = nf_tables_bind_set(ctx, set, &priv->binding); 211 if (err < 0) 212 goto err_expr_free; 213 214 if (set->size == 0) 215 set->size = 0xffff; 216 217 priv->set = set; 218 return 0; 219 220 err_expr_free: 221 if (priv->expr != NULL) 222 nft_expr_destroy(ctx, priv->expr); 223 return err; 224 } 225 226 static void nft_dynset_deactivate(const struct nft_ctx *ctx, 227 const struct nft_expr *expr, 228 enum nft_trans_phase phase) 229 { 230 struct nft_dynset *priv = nft_expr_priv(expr); 231 232 nf_tables_deactivate_set(ctx, priv->set, &priv->binding, phase); 233 } 234 235 static void nft_dynset_activate(const struct nft_ctx *ctx, 236 const struct nft_expr *expr) 237 { 238 struct nft_dynset *priv = nft_expr_priv(expr); 239 240 priv->set->use++; 241 } 242 243 static void nft_dynset_destroy(const struct nft_ctx *ctx, 244 const struct nft_expr *expr) 245 { 246 struct nft_dynset *priv = nft_expr_priv(expr); 247 248 if (priv->expr != NULL) 249 nft_expr_destroy(ctx, priv->expr); 250 251 nf_tables_destroy_set(ctx, priv->set); 252 } 253 254 static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr) 255 { 256 const struct nft_dynset *priv = nft_expr_priv(expr); 257 u32 flags = priv->invert ? NFT_DYNSET_F_INV : 0; 258 259 if (nft_dump_register(skb, NFTA_DYNSET_SREG_KEY, priv->sreg_key)) 260 goto nla_put_failure; 261 if (priv->set->flags & NFT_SET_MAP && 262 nft_dump_register(skb, NFTA_DYNSET_SREG_DATA, priv->sreg_data)) 263 goto nla_put_failure; 264 if (nla_put_be32(skb, NFTA_DYNSET_OP, htonl(priv->op))) 265 goto nla_put_failure; 266 if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name)) 267 goto nla_put_failure; 268 if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT, > 269 cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), 270 NFTA_DYNSET_PAD)) 271 goto nla_put_failure; 272 if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr)) 273 goto nla_put_failure; 274 if (nla_put_be32(skb, NFTA_DYNSET_FLAGS, htonl(flags))) 275 goto nla_put_failure; 276 return 0; 277 278 nla_put_failure: 279 return -1; 280 } 281 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org [-- Attachment #2: .config.gz --] [-- Type: application/gzip, Size: 58931 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf] netfilter: nftables: fix incorrect element timeout @ 2020-12-09 4:30 ` kernel test robot 0 siblings, 0 replies; 4+ messages in thread From: kernel test robot @ 2020-12-09 4:30 UTC (permalink / raw) To: kbuild-all [-- Attachment #1: Type: text/plain, Size: 10030 bytes --] Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nftables-fix-incorrect-element-timeout/20201209-014124 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: m68k-allmodconfig (attached as .config) compiler: m68k-linux-gcc (GCC) 9.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/4eebbc7da20071b9076b837dbc264c3eed1daea1 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nftables-fix-incorrect-element-timeout/20201209-014124 git checkout 4eebbc7da20071b9076b837dbc264c3eed1daea1 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All errors (new ones prefixed by >>): In file included from include/linux/kernel.h:11, from net/netfilter/nft_dynset.c:6: include/linux/scatterlist.h: In function 'sg_set_buf': arch/m68k/include/asm/page_mm.h:169:49: warning: ordered comparison of pointer with null pointer [-Wextra] 169 | #define virt_addr_valid(kaddr) ((void *)(kaddr) >= (void *)PAGE_OFFSET && (void *)(kaddr) < high_memory) | ^~ include/linux/compiler.h:78:42: note: in definition of macro 'unlikely' 78 | # define unlikely(x) __builtin_expect(!!(x), 0) | ^ include/linux/scatterlist.h:143:2: note: in expansion of macro 'BUG_ON' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~ include/linux/scatterlist.h:143:10: note: in expansion of macro 'virt_addr_valid' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~~~~~~~~~~ net/netfilter/nft_dynset.c: In function 'nft_dynset_init': >> net/netfilter/nft_dynset.c:160:13: error: implicit declaration of function 'nf_msecs_to_jiffies'; did you mean 'nf_msecs_to_jiffies64'? [-Werror=implicit-function-declaration] 160 | timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT]))); | ^~~~~~~~~~~~~~~~~~~ | nf_msecs_to_jiffies64 In file included from include/linux/byteorder/big_endian.h:5, from arch/m68k/include/uapi/asm/byteorder.h:5, from include/asm-generic/bitops/le.h:6, from arch/m68k/include/asm/bitops.h:528, from include/linux/bitops.h:29, from include/linux/kernel.h:12, from net/netfilter/nft_dynset.c:6: net/netfilter/nft_dynset.c: In function 'nft_dynset_dump': >> net/netfilter/nft_dynset.c:269:17: error: implicit declaration of function 'nf_jiffies_to_msecs'; did you mean 'nf_jiffies64_to_msecs'? [-Werror=implicit-function-declaration] 269 | cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), | ^~~~~~~~~~~~~~~~~~~ include/uapi/linux/byteorder/big_endian.h:37:51: note: in definition of macro '__cpu_to_be64' 37 | #define __cpu_to_be64(x) ((__force __be64)(__u64)(x)) | ^ net/netfilter/nft_dynset.c:269:5: note: in expansion of macro 'cpu_to_be64' 269 | cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), | ^~~~~~~~~~~ cc1: some warnings being treated as errors vim +160 net/netfilter/nft_dynset.c 104 105 static int nft_dynset_init(const struct nft_ctx *ctx, 106 const struct nft_expr *expr, 107 const struct nlattr * const tb[]) 108 { 109 struct nft_dynset *priv = nft_expr_priv(expr); 110 u8 genmask = nft_genmask_next(ctx->net); 111 struct nft_set *set; 112 u64 timeout; 113 int err; 114 115 lockdep_assert_held(&ctx->net->nft.commit_mutex); 116 117 if (tb[NFTA_DYNSET_SET_NAME] == NULL || 118 tb[NFTA_DYNSET_OP] == NULL || 119 tb[NFTA_DYNSET_SREG_KEY] == NULL) 120 return -EINVAL; 121 122 if (tb[NFTA_DYNSET_FLAGS]) { 123 u32 flags = ntohl(nla_get_be32(tb[NFTA_DYNSET_FLAGS])); 124 125 if (flags & ~NFT_DYNSET_F_INV) 126 return -EINVAL; 127 if (flags & NFT_DYNSET_F_INV) 128 priv->invert = true; 129 } 130 131 set = nft_set_lookup_global(ctx->net, ctx->table, 132 tb[NFTA_DYNSET_SET_NAME], 133 tb[NFTA_DYNSET_SET_ID], genmask); 134 if (IS_ERR(set)) 135 return PTR_ERR(set); 136 137 if (set->ops->update == NULL) 138 return -EOPNOTSUPP; 139 140 if (set->flags & NFT_SET_CONSTANT) 141 return -EBUSY; 142 143 priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP])); 144 switch (priv->op) { 145 case NFT_DYNSET_OP_ADD: 146 case NFT_DYNSET_OP_DELETE: 147 break; 148 case NFT_DYNSET_OP_UPDATE: 149 if (!(set->flags & NFT_SET_TIMEOUT)) 150 return -EOPNOTSUPP; 151 break; 152 default: 153 return -EOPNOTSUPP; 154 } 155 156 timeout = 0; 157 if (tb[NFTA_DYNSET_TIMEOUT] != NULL) { 158 if (!(set->flags & NFT_SET_TIMEOUT)) 159 return -EINVAL; > 160 timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT]))); 161 } 162 163 priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]); 164 err = nft_validate_register_load(priv->sreg_key, set->klen); 165 if (err < 0) 166 return err; 167 168 if (tb[NFTA_DYNSET_SREG_DATA] != NULL) { 169 if (!(set->flags & NFT_SET_MAP)) 170 return -EINVAL; 171 if (set->dtype == NFT_DATA_VERDICT) 172 return -EOPNOTSUPP; 173 174 priv->sreg_data = nft_parse_register(tb[NFTA_DYNSET_SREG_DATA]); 175 err = nft_validate_register_load(priv->sreg_data, set->dlen); 176 if (err < 0) 177 return err; 178 } else if (set->flags & NFT_SET_MAP) 179 return -EINVAL; 180 181 if (tb[NFTA_DYNSET_EXPR] != NULL) { 182 if (!(set->flags & NFT_SET_EVAL)) 183 return -EINVAL; 184 185 priv->expr = nft_set_elem_expr_alloc(ctx, set, 186 tb[NFTA_DYNSET_EXPR]); 187 if (IS_ERR(priv->expr)) 188 return PTR_ERR(priv->expr); 189 190 if (set->expr && set->expr->ops != priv->expr->ops) { 191 err = -EOPNOTSUPP; 192 goto err_expr_free; 193 } 194 } 195 196 nft_set_ext_prepare(&priv->tmpl); 197 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_KEY, set->klen); 198 if (set->flags & NFT_SET_MAP) 199 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_DATA, set->dlen); 200 if (priv->expr != NULL) 201 nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_EXPR, 202 priv->expr->ops->size); 203 if (set->flags & NFT_SET_TIMEOUT) { 204 if (timeout || set->timeout) 205 nft_set_ext_add(&priv->tmpl, NFT_SET_EXT_EXPIRATION); 206 } 207 208 priv->timeout = timeout; 209 210 err = nf_tables_bind_set(ctx, set, &priv->binding); 211 if (err < 0) 212 goto err_expr_free; 213 214 if (set->size == 0) 215 set->size = 0xffff; 216 217 priv->set = set; 218 return 0; 219 220 err_expr_free: 221 if (priv->expr != NULL) 222 nft_expr_destroy(ctx, priv->expr); 223 return err; 224 } 225 226 static void nft_dynset_deactivate(const struct nft_ctx *ctx, 227 const struct nft_expr *expr, 228 enum nft_trans_phase phase) 229 { 230 struct nft_dynset *priv = nft_expr_priv(expr); 231 232 nf_tables_deactivate_set(ctx, priv->set, &priv->binding, phase); 233 } 234 235 static void nft_dynset_activate(const struct nft_ctx *ctx, 236 const struct nft_expr *expr) 237 { 238 struct nft_dynset *priv = nft_expr_priv(expr); 239 240 priv->set->use++; 241 } 242 243 static void nft_dynset_destroy(const struct nft_ctx *ctx, 244 const struct nft_expr *expr) 245 { 246 struct nft_dynset *priv = nft_expr_priv(expr); 247 248 if (priv->expr != NULL) 249 nft_expr_destroy(ctx, priv->expr); 250 251 nf_tables_destroy_set(ctx, priv->set); 252 } 253 254 static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr) 255 { 256 const struct nft_dynset *priv = nft_expr_priv(expr); 257 u32 flags = priv->invert ? NFT_DYNSET_F_INV : 0; 258 259 if (nft_dump_register(skb, NFTA_DYNSET_SREG_KEY, priv->sreg_key)) 260 goto nla_put_failure; 261 if (priv->set->flags & NFT_SET_MAP && 262 nft_dump_register(skb, NFTA_DYNSET_SREG_DATA, priv->sreg_data)) 263 goto nla_put_failure; 264 if (nla_put_be32(skb, NFTA_DYNSET_OP, htonl(priv->op))) 265 goto nla_put_failure; 266 if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name)) 267 goto nla_put_failure; 268 if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT, > 269 cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)), 270 NFTA_DYNSET_PAD)) 271 goto nla_put_failure; 272 if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr)) 273 goto nla_put_failure; 274 if (nla_put_be32(skb, NFTA_DYNSET_FLAGS, htonl(flags))) 275 goto nla_put_failure; 276 return 0; 277 278 nla_put_failure: 279 return -1; 280 } 281 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org [-- Attachment #2: config.gz --] [-- Type: application/gzip, Size: 58931 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-12-09 4:31 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-12-08 17:37 [PATCH nf] netfilter: nftables: fix incorrect element timeout Pablo Neira Ayuso 2020-12-08 17:42 ` Pablo Neira Ayuso 2020-12-09 4:30 ` kernel test robot 2020-12-09 4:30 ` kernel test robot
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.