From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH 3/3] netfilter: xt_CT: remove a compile warning
Date: Tue, 3 Apr 2012 12:31:28 +0200 [thread overview]
Message-ID: <20120403103128.GA20671@1984> (raw)
In-Reply-To: <201204031927.AIJ09351.FQFMJOOVFSOtHL@I-love.SAKURA.ne.jp>
On Tue, Apr 03, 2012 at 07:27:50PM +0900, Tetsuo Handa wrote:
> pablo@netfilter.org:
> > From: Pablo Neira Ayuso <pablo@netfilter.org>
> >
> > If CONFIG_NF_CONNTRACK_TIMEOUT=n we have following warning :
> >
> > CC [M] net/netfilter/xt_CT.o
> > net/netfilter/xt_CT.c: In function ‘xt_ct_tg_check_v1’:
> > net/netfilter/xt_CT.c:284: warning: label ‘err4’ defined but not used
> >
> > Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > ---
> > net/netfilter/xt_CT.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
> > diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
> > index 0c8e438..138b75e 100644
> > --- a/net/netfilter/xt_CT.c
> > +++ b/net/netfilter/xt_CT.c
> > @@ -281,8 +281,10 @@ out:
> > info->ct = ct;
> > return 0;
> >
> > +#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
> > err4:
> > rcu_read_unlock();
> > +#endif
> > err3:
> > nf_conntrack_free(ct);
> > err2:
> > --
> > 1.7.2.5
>
> Looking at that function:
>
> 216 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
> 217 if (info->timeout) {
> 218 typeof(nf_ct_timeout_find_get_hook) timeout_find_get;
> 219 struct ctnl_timeout *timeout;
> 220 struct nf_conn_timeout *timeout_ext;
> 221
> 222 rcu_read_lock();
> 223 timeout_find_get =
> 224 rcu_dereference(nf_ct_timeout_find_get_hook);
> 225
> 226 if (timeout_find_get) {
> 227 const struct ipt_entry *e = par->entryinfo;
> 228 struct nf_conntrack_l4proto *l4proto;
> 229
> 230 if (e->ip.invflags & IPT_INV_PROTO) {
> 231 ret = -EINVAL;
> 232 pr_info("You cannot use inversion on "
> 233 "L4 protocol\n");
> 234 goto err4;
> 235 }
> 236 timeout = timeout_find_get(info->timeout);
> 237 if (timeout == NULL) {
> 238 ret = -ENOENT;
> 239 pr_info("No such timeout policy \"%s\"\n",
> 240 info->timeout);
> 241 goto err4;
> 242 }
> 243 if (timeout->l3num != par->family) {
> 244 ret = -EINVAL;
> 245 pr_info("Timeout policy `%s' can only be "
> 246 "used by L3 protocol number %d\n",
> 247 info->timeout, timeout->l3num);
> 248 goto err4;
> 249 }
> 250 /* Make sure the timeout policy matches any existing
> 251 * protocol tracker, otherwise default to generic.
> 252 */
> 253 l4proto = __nf_ct_l4proto_find(par->family,
> 254 e->ip.proto);
> 255 if (timeout->l4proto->l4proto != l4proto->l4proto) {
> 256 ret = -EINVAL;
> 257 pr_info("Timeout policy `%s' can only be "
> 258 "used by L4 protocol number %d\n",
> 259 info->timeout,
> 260 timeout->l4proto->l4proto);
> 261 goto err4;
> 262 }
> 263 timeout_ext = nf_ct_timeout_ext_add(ct, timeout,
> 264 GFP_KERNEL);
> We are under rcu_read_lock() here.
Good catch, that needs to be GFP_ATOMIC. I'll send a follow-up patch
for this.
Thanks.
next prev parent reply other threads:[~2012-04-03 10:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-03 10:13 [PATCH 0/3] netfilter fixes for 3.4-rc1 pablo
2012-04-03 10:13 ` [PATCH 1/3] netfilter: xt_LOG: don't use xchg() for simple assignment pablo
2012-04-03 10:13 ` [PATCH 2/3] netfilter: ipset: avoid use of kernel-only types pablo
2012-04-03 10:13 ` [PATCH 3/3] netfilter: xt_CT: remove a compile warning pablo
2012-04-03 10:27 ` Tetsuo Handa
2012-04-03 10:31 ` Pablo Neira Ayuso [this message]
2012-04-03 10:39 ` Pablo Neira Ayuso
2012-04-03 23:17 ` David Miller
2012-04-03 11:48 ` Tetsuo Handa
2012-04-03 12:09 ` Pablo Neira Ayuso
2012-04-03 12:28 ` Tetsuo Handa
2012-04-03 12:57 ` Pablo Neira Ayuso
2012-04-03 13:06 ` Pablo Neira Ayuso
2012-04-03 14:28 ` Tetsuo Handa
2012-04-03 14:52 ` Pablo Neira Ayuso
2012-04-03 23:21 ` David Miller
2012-04-03 23:20 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120403103128.GA20671@1984 \
--to=pablo@netfilter.org \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).