* Re: WARNING in zd_mac_clear
From: Kalle Valo @ 2019-08-07 14:24 UTC (permalink / raw)
To: Oliver Neukum
Cc: Andrey Konovalov, syzbot, USB list, David S. Miller,
Ulrich Kunitz, Daniel Drake, syzkaller-bugs, Alan Stern, LKML,
linux-wireless, netdev
In-Reply-To: <1565187539.15973.6.camel@suse.com>
Oliver Neukum <oneukum@suse.com> writes:
> Am Mittwoch, den 07.08.2019, 16:07 +0200 schrieb Andrey Konovalov:
>> On Fri, Apr 12, 2019 at 1:46 PM syzbot
>> <syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com> wrote:
>> >
>> > Hello,
>> >
>> > syzbot found the following crash on:
>> >
>> > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
>> > git tree: https://github.com/google/kasan/tree/usb-fuzzer
>> > console output: https://syzkaller.appspot.com/x/log.txt?x=101a06dd200000
>> > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
>> > dashboard link: https://syzkaller.appspot.com/bug?extid=74c65761783d66a9c97c
>> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
>> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1170c22d200000
>> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1496adbb200000
>> >
>> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> > Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
>> >
>> > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
>> > usb 1-1: config 0 descriptor??
>> > usb 1-1: reset low-speed USB device number 2 using dummy_hcd
>> > usb 1-1: read over firmware interface failed: -71
>> > usb 1-1: reset low-speed USB device number 2 using dummy_hcd
>> > WARNING: CPU: 1 PID: 21 at drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
>> > zd_mac_clear+0xb0/0xe0 drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
>> > Kernel panic - not syncing: panic_on_warn set ...
>> > CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
>> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> > Google 01/01/2011
>> > Workqueue: usb_hub_wq hub_event
>> > Call Trace:
>> > __dump_stack lib/dump_stack.c:77 [inline]
>> > dump_stack+0xe8/0x16e lib/dump_stack.c:113
>> > panic+0x29d/0x5f2 kernel/panic.c:214
>> > __warn.cold+0x20/0x48 kernel/panic.c:571
>> > report_bug+0x262/0x2a0 lib/bug.c:186
>> > fixup_bug arch/x86/kernel/traps.c:179 [inline]
>> > fixup_bug arch/x86/kernel/traps.c:174 [inline]
>> > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272
>> > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291
>> > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
>> > RIP: 0010:zd_mac_clear+0xb0/0xe0
>> > drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
>> > Code: e8 85 d0 60 f8 48 8d bb f8 2b 00 00 be ff ff ff ff e8 54 5a 46 f8 31
>> > ff 89 c3 89 c6 e8 d9 d1 60 f8 85 db 75 d4 e8 60 d0 60 f8 <0f> 0b 5b 5d e9
>> > 57 d0 60 f8 48 c7 c7 58 05 cb 93 e8 fb e0 97 f8 eb
>> > RSP: 0018:ffff8880a85c7310 EFLAGS: 00010293
>> > RAX: ffff8880a84de200 RBX: 0000000000000000 RCX: ffffffff8910f507
>> > RDX: 0000000000000000 RSI: ffffffff8910f510 RDI: 0000000000000005
>> > RBP: 0000000000000001 R08: ffff8880a84de200 R09: ffffed1012f83a0b
>> > R10: ffffed1012f83a0a R11: ffff888097c1d057 R12: 00000000ffffffb9
>> > R13: ffff888097c18b20 R14: ffff888099456630 R15: ffffffff8f979398
>> > probe+0x259/0x590 drivers/net/wireless/zydas/zd1211rw/zd_usb.c:1421
>> > usb_probe_interface+0x31d/0x820 drivers/usb/core/driver.c:361
>> > really_probe+0x2da/0xb10 drivers/base/dd.c:509
>> > driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
>> > __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
>> > bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
>> > __device_attach+0x223/0x3a0 drivers/base/dd.c:844
>> > bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
>> > device_add+0xad2/0x16e0 drivers/base/core.c:2106
>> > usb_set_configuration+0xdf7/0x1740 drivers/usb/core/message.c:2021
>> > generic_probe+0xa2/0xda drivers/usb/core/generic.c:210
>> > usb_probe_device+0xc0/0x150 drivers/usb/core/driver.c:266
>> > really_probe+0x2da/0xb10 drivers/base/dd.c:509
>> > driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
>> > __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
>> > bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
>> > __device_attach+0x223/0x3a0 drivers/base/dd.c:844
>> > bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
>> > device_add+0xad2/0x16e0 drivers/base/core.c:2106
>> > usb_new_device.cold+0x537/0xccf drivers/usb/core/hub.c:2534
>> > hub_port_connect drivers/usb/core/hub.c:5089 [inline]
>> > hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
>> > port_event drivers/usb/core/hub.c:5350 [inline]
>> > hub_event+0x138e/0x3b00 drivers/usb/core/hub.c:5432
>> > process_one_work+0x90f/0x1580 kernel/workqueue.c:2269
>> > worker_thread+0x9b/0xe20 kernel/workqueue.c:2415
>> > kthread+0x313/0x420 kernel/kthread.c:253
>> > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
>> > Kernel Offset: disabled
>> > Rebooting in 86400 seconds..
>>
>> This USB bug is the second most frequently triggered one with over 10k
>> kernel crashes.
>
> As far as I can tell this is a false positive. Didn't I submit this
> upstream?
>
> #syz test: https://github.com/google/kasan.git 9a33b369
>
> From ae999d5a437850b65497df7dcca3ffc10f75e697 Mon Sep 17 00:00:00 2001
> From: Oliver Neukum <oneukum@suse.com>
> Date: Tue, 30 Jul 2019 15:59:03 +0200
> Subject: [PATCH] zdnet: remove false assertion from zd_mac_clear()
>
> The function is called before the lock which is asserted was ever used.
> Just remove it.
>
> Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
> Signed-off-by: Oliver Neukum <oneukum@suse.com>
Neither google nor patchwork[1] can find the patch. If you think the
patch should be applied, please resubmit it to linux-wireless so
patchwork sees it. Also the title prefix should be "zd1211rw:", not
"zdnet:".
[1] https://patchwork.kernel.org/project/linux-wireless/list/
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: WARNING in zd_mac_clear
From: Oliver Neukum @ 2019-08-07 14:18 UTC (permalink / raw)
To: Andrey Konovalov, syzbot, USB list
Cc: Kalle Valo, David S. Miller, Ulrich Kunitz, Daniel Drake,
syzkaller-bugs, Alan Stern, LKML, linux-wireless, netdev
In-Reply-To: <CAAeHK+zW61WK67wcwhXVCuU0dx_PicpiXmbDCPtJzX-viQ2R0A@mail.gmail.com>
Am Mittwoch, den 07.08.2019, 16:07 +0200 schrieb Andrey Konovalov:
> On Fri, Apr 12, 2019 at 1:46 PM syzbot
> <syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan/tree/usb-fuzzer
> > console output: https://syzkaller.appspot.com/x/log.txt?x=101a06dd200000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
> > dashboard link: https://syzkaller.appspot.com/bug?extid=74c65761783d66a9c97c
> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1170c22d200000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1496adbb200000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
> >
> > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
> > usb 1-1: config 0 descriptor??
> > usb 1-1: reset low-speed USB device number 2 using dummy_hcd
> > usb 1-1: read over firmware interface failed: -71
> > usb 1-1: reset low-speed USB device number 2 using dummy_hcd
> > WARNING: CPU: 1 PID: 21 at drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> > zd_mac_clear+0xb0/0xe0 drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> > Kernel panic - not syncing: panic_on_warn set ...
> > CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > Workqueue: usb_hub_wq hub_event
> > Call Trace:
> > __dump_stack lib/dump_stack.c:77 [inline]
> > dump_stack+0xe8/0x16e lib/dump_stack.c:113
> > panic+0x29d/0x5f2 kernel/panic.c:214
> > __warn.cold+0x20/0x48 kernel/panic.c:571
> > report_bug+0x262/0x2a0 lib/bug.c:186
> > fixup_bug arch/x86/kernel/traps.c:179 [inline]
> > fixup_bug arch/x86/kernel/traps.c:174 [inline]
> > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272
> > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291
> > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
> > RIP: 0010:zd_mac_clear+0xb0/0xe0
> > drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> > Code: e8 85 d0 60 f8 48 8d bb f8 2b 00 00 be ff ff ff ff e8 54 5a 46 f8 31
> > ff 89 c3 89 c6 e8 d9 d1 60 f8 85 db 75 d4 e8 60 d0 60 f8 <0f> 0b 5b 5d e9
> > 57 d0 60 f8 48 c7 c7 58 05 cb 93 e8 fb e0 97 f8 eb
> > RSP: 0018:ffff8880a85c7310 EFLAGS: 00010293
> > RAX: ffff8880a84de200 RBX: 0000000000000000 RCX: ffffffff8910f507
> > RDX: 0000000000000000 RSI: ffffffff8910f510 RDI: 0000000000000005
> > RBP: 0000000000000001 R08: ffff8880a84de200 R09: ffffed1012f83a0b
> > R10: ffffed1012f83a0a R11: ffff888097c1d057 R12: 00000000ffffffb9
> > R13: ffff888097c18b20 R14: ffff888099456630 R15: ffffffff8f979398
> > probe+0x259/0x590 drivers/net/wireless/zydas/zd1211rw/zd_usb.c:1421
> > usb_probe_interface+0x31d/0x820 drivers/usb/core/driver.c:361
> > really_probe+0x2da/0xb10 drivers/base/dd.c:509
> > driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
> > __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
> > bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
> > __device_attach+0x223/0x3a0 drivers/base/dd.c:844
> > bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
> > device_add+0xad2/0x16e0 drivers/base/core.c:2106
> > usb_set_configuration+0xdf7/0x1740 drivers/usb/core/message.c:2021
> > generic_probe+0xa2/0xda drivers/usb/core/generic.c:210
> > usb_probe_device+0xc0/0x150 drivers/usb/core/driver.c:266
> > really_probe+0x2da/0xb10 drivers/base/dd.c:509
> > driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
> > __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
> > bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
> > __device_attach+0x223/0x3a0 drivers/base/dd.c:844
> > bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
> > device_add+0xad2/0x16e0 drivers/base/core.c:2106
> > usb_new_device.cold+0x537/0xccf drivers/usb/core/hub.c:2534
> > hub_port_connect drivers/usb/core/hub.c:5089 [inline]
> > hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
> > port_event drivers/usb/core/hub.c:5350 [inline]
> > hub_event+0x138e/0x3b00 drivers/usb/core/hub.c:5432
> > process_one_work+0x90f/0x1580 kernel/workqueue.c:2269
> > worker_thread+0x9b/0xe20 kernel/workqueue.c:2415
> > kthread+0x313/0x420 kernel/kthread.c:253
> > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
>
> This USB bug is the second most frequently triggered one with over 10k
> kernel crashes.
As far as I can tell this is a false positive. Didn't I submit this
upstream?
#syz test: https://github.com/google/kasan.git 9a33b369
From ae999d5a437850b65497df7dcca3ffc10f75e697 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Tue, 30 Jul 2019 15:59:03 +0200
Subject: [PATCH] zdnet: remove false assertion from zd_mac_clear()
The function is called before the lock which is asserted was ever used.
Just remove it.
Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
index da7e63fca9f5..a9999d10ae81 100644
--- a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+++ b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
@@ -223,7 +223,6 @@ void zd_mac_clear(struct zd_mac *mac)
{
flush_workqueue(zd_workqueue);
zd_chip_clear(&mac->chip);
- lockdep_assert_held(&mac->lock);
ZD_MEMCLEAR(mac, sizeof(struct zd_mac));
}
--
2.16.4
^ permalink raw reply related
* [PATCH net-next v1 6/8] netfilter: added missing IS_ENABLED(CONFIG_NETFILTER) checks to some header-files.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
linux/netfilter.h defines a number of struct and inline function
definitions which are only available is CONFIG_NETFILTER is enabled.
These structs and functions are used in declarations and definitions in
other header-files. Added preprocessor checks to make sure these
headers will compile if CONFIG_NETFILTER is disabled.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/linux/netfilter/x_tables.h | 6 ++++++
include/linux/netfilter_arp/arp_tables.h | 2 ++
include/linux/netfilter_bridge/ebtables.h | 2 ++
include/linux/netfilter_ipv4/ip_tables.h | 4 ++++
include/linux/netfilter_ipv6/ip6_tables.h | 2 ++
include/net/netfilter/br_netfilter.h | 2 ++
include/net/netfilter/nf_conntrack_bridge.h | 2 ++
include/net/netfilter/nf_conntrack_core.h | 3 +++
include/net/netfilter/nf_conntrack_l4proto.h | 2 ++
include/net/netfilter/nf_conntrack_tuple.h | 2 ++
include/net/netfilter/nf_flow_table.h | 4 ++++
include/net/netfilter/nf_nat.h | 4 ++++
include/net/netfilter/nf_queue.h | 5 +++++
include/net/netfilter/nf_synproxy.h | 4 ++++
include/net/netfilter/nf_tables.h | 8 ++++++++
15 files changed, 52 insertions(+)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 1f852ef7b098..ae62bf1c6824 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -35,12 +35,15 @@ struct xt_action_param {
union {
const void *matchinfo, *targinfo;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
const struct nf_hook_state *state;
+#endif
int fragoff;
unsigned int thoff;
bool hotdrop;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
static inline struct net *xt_net(const struct xt_action_param *par)
{
return par->state->net;
@@ -75,6 +78,7 @@ static inline u_int8_t xt_family(const struct xt_action_param *par)
{
return par->state->pf;
}
+#endif
/**
* struct xt_mtchk_param - parameters for match extensions'
@@ -446,7 +450,9 @@ xt_get_per_cpu_counter(struct xt_counters *cnt, unsigned int cpu)
return cnt;
}
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *);
+#endif
#ifdef CONFIG_COMPAT
#include <net/compat.h>
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index e98028f00e47..1b7b35bb9c27 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -49,6 +49,7 @@ struct arpt_error {
}
extern void *arpt_alloc_initial_table(const struct xt_table *);
+#if IS_ENABLED(CONFIG_NETFILTER)
int arpt_register_table(struct net *net, const struct xt_table *table,
const struct arpt_replace *repl,
const struct nf_hook_ops *ops, struct xt_table **res);
@@ -57,6 +58,7 @@ void arpt_unregister_table(struct net *net, struct xt_table *table,
extern unsigned int arpt_do_table(struct sk_buff *skb,
const struct nf_hook_state *state,
struct xt_table *table);
+#endif
#ifdef CONFIG_COMPAT
#include <net/compat.h>
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index c6935be7c6ca..b5b2d371f0ef 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -105,6 +105,7 @@ struct ebt_table {
#define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
~(__alignof__(struct _xt_align)-1))
+#if IS_ENABLED(CONFIG_NETFILTER)
extern int ebt_register_table(struct net *net,
const struct ebt_table *table,
const struct nf_hook_ops *ops,
@@ -114,6 +115,7 @@ extern void ebt_unregister_table(struct net *net, struct ebt_table *table,
extern unsigned int ebt_do_table(struct sk_buff *skb,
const struct nf_hook_state *state,
struct ebt_table *table);
+#endif
/* True if the hook mask denotes that the rule is in a base chain,
* used in the check() functions */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d026e63a5aa4..f40a65481df4 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -25,11 +25,13 @@
extern void ipt_init(void) __init;
+#if IS_ENABLED(CONFIG_NETFILTER)
int ipt_register_table(struct net *net, const struct xt_table *table,
const struct ipt_replace *repl,
const struct nf_hook_ops *ops, struct xt_table **res);
void ipt_unregister_table(struct net *net, struct xt_table *table,
const struct nf_hook_ops *ops);
+#endif
/* Standard entry. */
struct ipt_standard {
@@ -65,9 +67,11 @@ struct ipt_error {
}
extern void *ipt_alloc_initial_table(const struct xt_table *);
+#if IS_ENABLED(CONFIG_NETFILTER)
extern unsigned int ipt_do_table(struct sk_buff *skb,
const struct nf_hook_state *state,
struct xt_table *table);
+#endif
#ifdef CONFIG_COMPAT
#include <net/compat.h>
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 99cbfd3add40..53b7309613bf 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -26,6 +26,7 @@
extern void ip6t_init(void) __init;
extern void *ip6t_alloc_initial_table(const struct xt_table *);
+#if IS_ENABLED(CONFIG_NETFILTER)
int ip6t_register_table(struct net *net, const struct xt_table *table,
const struct ip6t_replace *repl,
const struct nf_hook_ops *ops, struct xt_table **res);
@@ -34,6 +35,7 @@ void ip6t_unregister_table(struct net *net, struct xt_table *table,
extern unsigned int ip6t_do_table(struct sk_buff *skb,
const struct nf_hook_state *state,
struct xt_table *table);
+#endif
/* Check for an extension */
static inline int
diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h
index 33533ea852a1..2a613c84d49f 100644
--- a/include/net/netfilter/br_netfilter.h
+++ b/include/net/netfilter/br_netfilter.h
@@ -55,6 +55,7 @@ static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
struct net_device *setup_pre_routing(struct sk_buff *skb,
const struct net *net);
+#if IS_ENABLED(CONFIG_NETFILTER)
#if IS_ENABLED(CONFIG_IPV6)
int br_validate_ipv6(struct net *net, struct sk_buff *skb);
unsigned int br_nf_pre_routing_ipv6(void *priv,
@@ -73,5 +74,6 @@ br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
return NF_ACCEPT;
}
#endif
+#endif
#endif /* _BR_NETFILTER_H_ */
diff --git a/include/net/netfilter/nf_conntrack_bridge.h b/include/net/netfilter/nf_conntrack_bridge.h
index 8f2e5b2ab523..34c28f248b18 100644
--- a/include/net/netfilter/nf_conntrack_bridge.h
+++ b/include/net/netfilter/nf_conntrack_bridge.h
@@ -6,7 +6,9 @@
#include <uapi/linux/if_ether.h>
struct nf_ct_bridge_info {
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops *ops;
+#endif
unsigned int ops_size;
struct module *me;
};
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index de10faf2ce91..71a2d9cb64ea 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -20,7 +20,10 @@
/* This header is used to share core functionality between the
standalone connection tracking module, and the compatibility layer's use
of connection tracking. */
+
+#if IS_ENABLED(CONFIG_NETFILTER)
unsigned int nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state);
+#endif
int nf_conntrack_init_net(struct net *net);
void nf_conntrack_cleanup_net(struct net *net);
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index 1990d54bf8f2..c200b95d27ae 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -75,6 +75,7 @@ bool nf_conntrack_invert_icmp_tuple(struct nf_conntrack_tuple *tuple,
bool nf_conntrack_invert_icmpv6_tuple(struct nf_conntrack_tuple *tuple,
const struct nf_conntrack_tuple *orig);
+#if IS_ENABLED(CONFIG_NETFILTER)
int nf_conntrack_inet_error(struct nf_conn *tmpl, struct sk_buff *skb,
unsigned int dataoff,
const struct nf_hook_state *state,
@@ -131,6 +132,7 @@ int nf_conntrack_gre_packet(struct nf_conn *ct,
unsigned int dataoff,
enum ip_conntrack_info ctinfo,
const struct nf_hook_state *state);
+#endif
void nf_conntrack_generic_init_net(struct net *net);
void nf_conntrack_tcp_init_net(struct net *net);
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index bf0444e111a6..480c87b44a96 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -121,6 +121,7 @@ struct nf_conntrack_tuple_hash {
struct nf_conntrack_tuple tuple;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
const struct nf_conntrack_tuple *t2)
{
@@ -183,5 +184,6 @@ nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
__nf_ct_tuple_dst_equal(t, tuple);
}
+#endif
#endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 7249e331bd0b..609df33b1209 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -17,7 +17,9 @@ struct nf_flowtable_type {
int family;
int (*init)(struct nf_flowtable *ft);
void (*free)(struct nf_flowtable *ft);
+#if IS_ENABLED(CONFIG_NETFILTER)
nf_hookfn *hook;
+#endif
struct module *owner;
};
@@ -115,10 +117,12 @@ struct flow_ports {
__be16 source, dest;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state);
unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state);
+#endif
#define MODULE_ALIAS_NF_FLOWTABLE(family) \
MODULE_ALIAS("nf-flowtable-" __stringify(family))
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 423cda2c6542..eec208fb9c23 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -69,10 +69,12 @@ static inline bool nf_nat_oif_changed(unsigned int hooknum,
#endif
}
+#if IS_ENABLED(CONFIG_NETFILTER)
int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
const struct nf_hook_ops *nat_ops, unsigned int ops_count);
void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
unsigned int ops_count);
+#endif
unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int hooknum, struct sk_buff *skb);
@@ -92,6 +94,7 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned int hooknum, unsigned int hdrlen);
+#if IS_ENABLED(CONFIG_NETFILTER)
int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops);
void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
@@ -104,6 +107,7 @@ void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
unsigned int
nf_nat_inet_fn(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state);
+#endif
int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family);
diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
index 359b80b43169..80edb46a1bbc 100644
--- a/include/net/netfilter/nf_queue.h
+++ b/include/net/netfilter/nf_queue.h
@@ -15,7 +15,9 @@ struct nf_queue_entry {
unsigned int id;
unsigned int hook_index; /* index in hook_entries->hook[] */
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_state state;
+#endif
u16 size; /* sizeof(entry) + saved route keys */
/* extra space to store route keys */
@@ -121,6 +123,9 @@ nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family,
return queue;
}
+#if IS_ENABLED(CONFIG_NETFILTER)
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,
unsigned int index, unsigned int verdict);
+#endif
+
#endif /* _NF_QUEUE_H */
diff --git a/include/net/netfilter/nf_synproxy.h b/include/net/netfilter/nf_synproxy.h
index 87d73fb5279d..dc420b47e3aa 100644
--- a/include/net/netfilter/nf_synproxy.h
+++ b/include/net/netfilter/nf_synproxy.h
@@ -20,8 +20,10 @@ bool synproxy_recv_client_ack(struct net *net,
const struct tcphdr *th,
struct synproxy_options *opts, u32 recv_seq);
+#if IS_ENABLED(CONFIG_NETFILTER)
unsigned int ipv4_synproxy_hook(void *priv, struct sk_buff *skb,
const struct nf_hook_state *nhs);
+#endif
int nf_synproxy_ipv4_init(struct synproxy_net *snet, struct net *net);
void nf_synproxy_ipv4_fini(struct synproxy_net *snet, struct net *net);
@@ -35,8 +37,10 @@ bool synproxy_recv_client_ack_ipv6(struct net *net, const struct sk_buff *skb,
const struct tcphdr *th,
struct synproxy_options *opts, u32 recv_seq);
+#if IS_ENABLED(CONFIG_NETFILTER)
unsigned int ipv6_synproxy_hook(void *priv, struct sk_buff *skb,
const struct nf_hook_state *nhs);
+#endif
int nf_synproxy_ipv6_init(struct synproxy_net *snet, struct net *net);
void nf_synproxy_ipv6_fini(struct synproxy_net *snet, struct net *net);
#else
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 66edf76301d3..dc301e3d6739 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -25,6 +25,7 @@ struct nft_pktinfo {
struct xt_action_param xt;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
static inline struct net *nft_net(const struct nft_pktinfo *pkt)
{
return pkt->xt.state->net;
@@ -57,6 +58,7 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
pkt->skb = skb;
pkt->xt.state = state;
}
+#endif
static inline void nft_set_pktinfo_unspec(struct nft_pktinfo *pkt,
struct sk_buff *skb)
@@ -927,9 +929,11 @@ struct nft_chain_type {
int family;
struct module *owner;
unsigned int hook_mask;
+#if IS_ENABLED(CONFIG_NETFILTER)
nf_hookfn *hooks[NF_MAX_HOOKS];
int (*ops_register)(struct net *net, const struct nf_hook_ops *ops);
void (*ops_unregister)(struct net *net, const struct nf_hook_ops *ops);
+#endif
};
int nft_chain_validate_dependency(const struct nft_chain *chain,
@@ -955,7 +959,9 @@ struct nft_stats {
* @flow_block: flow block (for hardware offload)
*/
struct nft_base_chain {
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops ops;
+#endif
const struct nft_chain_type *type;
u8 policy;
u8 flags;
@@ -1152,7 +1158,9 @@ struct nft_flowtable {
use:30;
u64 handle;
/* runtime data below here */
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops *ops ____cacheline_aligned;
+#endif
struct nf_flowtable data;
};
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 7/8] netfilter: removed "#ifdef __KERNEL__" guards from some headers.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
A number of non-UAPI Netfilter header-files contained superfluous
"#ifdef __KERNEL__" guards. Removed them.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/linux/netfilter/nf_conntrack_dccp.h | 3 ---
include/linux/netfilter/nf_conntrack_h323.h | 4 ----
include/linux/netfilter/nf_conntrack_irc.h | 3 ---
include/linux/netfilter/nf_conntrack_pptp.h | 3 ---
include/linux/netfilter/nf_conntrack_proto_gre.h | 2 --
include/linux/netfilter/nf_conntrack_sane.h | 4 ----
include/linux/netfilter/nf_conntrack_sip.h | 2 --
7 files changed, 21 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_dccp.h b/include/linux/netfilter/nf_conntrack_dccp.h
index ace0f952d50f..c509ed76e714 100644
--- a/include/linux/netfilter/nf_conntrack_dccp.h
+++ b/include/linux/netfilter/nf_conntrack_dccp.h
@@ -25,7 +25,6 @@ enum ct_dccp_roles {
};
#define CT_DCCP_ROLE_MAX (__CT_DCCP_ROLE_MAX - 1)
-#ifdef __KERNEL__
#include <linux/netfilter/nf_conntrack_tuple_common.h>
struct nf_ct_dccp {
@@ -36,6 +35,4 @@ struct nf_ct_dccp {
u_int64_t handshake_seq;
};
-#endif /* __KERNEL__ */
-
#endif /* _NF_CONNTRACK_DCCP_H */
diff --git a/include/linux/netfilter/nf_conntrack_h323.h b/include/linux/netfilter/nf_conntrack_h323.h
index 96dfa886f8c0..4561ec0fcea4 100644
--- a/include/linux/netfilter/nf_conntrack_h323.h
+++ b/include/linux/netfilter/nf_conntrack_h323.h
@@ -2,8 +2,6 @@
#ifndef _NF_CONNTRACK_H323_H
#define _NF_CONNTRACK_H323_H
-#ifdef __KERNEL__
-
#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <linux/types.h>
@@ -97,5 +95,3 @@ extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct,
struct nf_conntrack_expect *exp);
#endif
-
-#endif
diff --git a/include/linux/netfilter/nf_conntrack_irc.h b/include/linux/netfilter/nf_conntrack_irc.h
index f75e005db969..d02255f721e1 100644
--- a/include/linux/netfilter/nf_conntrack_irc.h
+++ b/include/linux/netfilter/nf_conntrack_irc.h
@@ -2,8 +2,6 @@
#ifndef _NF_CONNTRACK_IRC_H
#define _NF_CONNTRACK_IRC_H
-#ifdef __KERNEL__
-
#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <net/netfilter/nf_conntrack_expect.h>
@@ -17,5 +15,4 @@ extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
unsigned int matchlen,
struct nf_conntrack_expect *exp);
-#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_IRC_H */
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h
index 3f10e806f0dc..fcc409de31a4 100644
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -50,8 +50,6 @@ struct nf_nat_pptp {
__be16 pac_call_id; /* NAT'ed PAC call id */
};
-#ifdef __KERNEL__
-
#define PPTP_CONTROL_PORT 1723
#define PPTP_PACKET_CONTROL 1
@@ -324,5 +322,4 @@ extern void
(*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,
struct nf_conntrack_expect *exp);
-#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_proto_gre.h b/include/linux/netfilter/nf_conntrack_proto_gre.h
index 25f9a770fb84..f33aa6021364 100644
--- a/include/linux/netfilter/nf_conntrack_proto_gre.h
+++ b/include/linux/netfilter/nf_conntrack_proto_gre.h
@@ -10,7 +10,6 @@ struct nf_ct_gre {
unsigned int timeout;
};
-#ifdef __KERNEL__
#include <net/netfilter/nf_conntrack_tuple.h>
struct nf_conn;
@@ -32,5 +31,4 @@ void nf_ct_gre_keymap_destroy(struct nf_conn *ct);
bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
struct net *net, struct nf_conntrack_tuple *tuple);
-#endif /* __KERNEL__ */
#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/linux/netfilter/nf_conntrack_sane.h b/include/linux/netfilter/nf_conntrack_sane.h
index 7d2de44edce3..46c7acd1b4a7 100644
--- a/include/linux/netfilter/nf_conntrack_sane.h
+++ b/include/linux/netfilter/nf_conntrack_sane.h
@@ -3,8 +3,6 @@
#define _NF_CONNTRACK_SANE_H
/* SANE tracking. */
-#ifdef __KERNEL__
-
#define SANE_PORT 6566
enum sane_state {
@@ -17,6 +15,4 @@ struct nf_ct_sane_master {
enum sane_state state;
};
-#endif /* __KERNEL__ */
-
#endif /* _NF_CONNTRACK_SANE_H */
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index f6437f7841af..c620521c42bc 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -1,7 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __NF_CONNTRACK_SIP_H__
#define __NF_CONNTRACK_SIP_H__
-#ifdef __KERNEL__
#include <linux/skbuff.h>
#include <linux/types.h>
@@ -196,5 +195,4 @@ int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
enum sdp_header_types term,
unsigned int *matchoff, unsigned int *matchlen);
-#endif /* __KERNEL__ */
#endif /* __NF_CONNTRACK_SIP_H__ */
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 8/8] kbuild: removed all netfilter headers from header-test blacklist.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
All the blacklisted NF headers can now be compiled stand-alone, so
removed them from the blacklist.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/Kbuild | 74 --------------------------------------------------
1 file changed, 74 deletions(-)
diff --git a/include/Kbuild b/include/Kbuild
index c38f0d46b267..af498acb7cd2 100644
--- a/include/Kbuild
+++ b/include/Kbuild
@@ -386,31 +386,6 @@ header-test- += linux/mvebu-pmsu.h
header-test- += linux/mxm-wmi.h
header-test- += linux/n_r3964.h
header-test- += linux/ndctl.h
-header-test- += linux/netfilter/ipset/ip_set.h
-header-test- += linux/netfilter/ipset/ip_set_bitmap.h
-header-test- += linux/netfilter/ipset/ip_set_comment.h
-header-test- += linux/netfilter/ipset/ip_set_counter.h
-header-test- += linux/netfilter/ipset/ip_set_getport.h
-header-test- += linux/netfilter/ipset/ip_set_hash.h
-header-test- += linux/netfilter/ipset/ip_set_list.h
-header-test- += linux/netfilter/ipset/ip_set_skbinfo.h
-header-test- += linux/netfilter/ipset/ip_set_timeout.h
-header-test- += linux/netfilter/nf_conntrack_amanda.h
-header-test- += linux/netfilter/nf_conntrack_ftp.h
-header-test- += linux/netfilter/nf_conntrack_h323.h
-header-test- += linux/netfilter/nf_conntrack_h323_asn1.h
-header-test- += linux/netfilter/nf_conntrack_irc.h
-header-test- += linux/netfilter/nf_conntrack_pptp.h
-header-test- += linux/netfilter/nf_conntrack_proto_gre.h
-header-test- += linux/netfilter/nf_conntrack_sip.h
-header-test- += linux/netfilter/nf_conntrack_snmp.h
-header-test- += linux/netfilter/nf_conntrack_tftp.h
-header-test- += linux/netfilter/x_tables.h
-header-test- += linux/netfilter_arp/arp_tables.h
-header-test- += linux/netfilter_bridge/ebtables.h
-header-test- += linux/netfilter_ipv4/ip4_tables.h
-header-test- += linux/netfilter_ipv4/ip_tables.h
-header-test- += linux/netfilter_ipv6/ip6_tables.h
header-test- += linux/nfs.h
header-test- += linux/nfs_fs_i.h
header-test- += linux/nfs_fs_sb.h
@@ -874,43 +849,6 @@ header-test- += net/mpls_iptunnel.h
header-test- += net/mrp.h
header-test- += net/ncsi.h
header-test- += net/netevent.h
-header-test- += net/netfilter/br_netfilter.h
-header-test- += net/netfilter/ipv4/nf_dup_ipv4.h
-header-test- += net/netfilter/ipv6/nf_defrag_ipv6.h
-header-test- += net/netfilter/ipv6/nf_dup_ipv6.h
-header-test- += net/netfilter/nf_conntrack.h
-header-test- += net/netfilter/nf_conntrack_acct.h
-header-test- += net/netfilter/nf_conntrack_bridge.h
-header-test- += net/netfilter/nf_conntrack_core.h
-header-test- += net/netfilter/nf_conntrack_count.h
-header-test- += net/netfilter/nf_conntrack_ecache.h
-header-test- += net/netfilter/nf_conntrack_expect.h
-header-test- += net/netfilter/nf_conntrack_extend.h
-header-test- += net/netfilter/nf_conntrack_helper.h
-header-test- += net/netfilter/nf_conntrack_l4proto.h
-header-test- += net/netfilter/nf_conntrack_labels.h
-header-test- += net/netfilter/nf_conntrack_seqadj.h
-header-test- += net/netfilter/nf_conntrack_synproxy.h
-header-test- += net/netfilter/nf_conntrack_timeout.h
-header-test- += net/netfilter/nf_conntrack_timestamp.h
-header-test- += net/netfilter/nf_conntrack_tuple.h
-header-test- += net/netfilter/nf_dup_netdev.h
-header-test- += net/netfilter/nf_flow_table.h
-header-test- += net/netfilter/nf_nat.h
-header-test- += net/netfilter/nf_nat_helper.h
-header-test- += net/netfilter/nf_nat_masquerade.h
-header-test- += net/netfilter/nf_nat_redirect.h
-header-test- += net/netfilter/nf_queue.h
-header-test- += net/netfilter/nf_reject.h
-header-test- += net/netfilter/nf_synproxy.h
-header-test-$(CONFIG_NF_TABLES) += net/netfilter/nf_tables.h
-header-test-$(CONFIG_NF_TABLES) += net/netfilter/nf_tables_core.h
-header-test-$(CONFIG_NF_TABLES) += net/netfilter/nf_tables_ipv4.h
-header-test- += net/netfilter/nf_tables_ipv6.h
-header-test-$(CONFIG_NF_TABLES) += net/netfilter/nf_tables_offload.h
-header-test- += net/netfilter/nft_fib.h
-header-test- += net/netfilter/nft_meta.h
-header-test- += net/netfilter/nft_reject.h
header-test- += net/netns/can.h
header-test- += net/netns/generic.h
header-test- += net/netns/ieee802154_6lowpan.h
@@ -1140,18 +1078,6 @@ header-test- += uapi/linux/kvm_para.h
header-test- += uapi/linux/lightnvm.h
header-test- += uapi/linux/mic_common.h
header-test- += uapi/linux/mman.h
-header-test- += uapi/linux/netfilter/ipset/ip_set_bitmap.h
-header-test- += uapi/linux/netfilter/ipset/ip_set_hash.h
-header-test- += uapi/linux/netfilter/ipset/ip_set_list.h
-header-test- += uapi/linux/netfilter/nf_synproxy.h
-header-test- += uapi/linux/netfilter/xt_policy.h
-header-test- += uapi/linux/netfilter/xt_set.h
-header-test- += uapi/linux/netfilter_arp/arp_tables.h
-header-test- += uapi/linux/netfilter_arp/arpt_mangle.h
-header-test- += uapi/linux/netfilter_ipv4/ip_tables.h
-header-test- += uapi/linux/netfilter_ipv4/ipt_LOG.h
-header-test- += uapi/linux/netfilter_ipv6/ip6_tables.h
-header-test- += uapi/linux/netfilter_ipv6/ip6t_LOG.h
header-test- += uapi/linux/nilfs2_ondisk.h
header-test- += uapi/linux/patchkey.h
header-test- += uapi/linux/ptrace.h
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 2/8] netfilter: added missing includes to a number of header-files.
From: Jeremy Sowden @ 2019-08-07 14:16 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
A number of netfilter header-files used declarations and definitions
from other headers without including them. Added include directives to
make those declarations and definitions available.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/linux/netfilter/ipset/ip_set_getport.h | 4 ++++
include/linux/netfilter/nf_conntrack_amanda.h | 4 ++++
include/linux/netfilter/nf_conntrack_ftp.h | 8 +++++---
include/linux/netfilter/nf_conntrack_h323.h | 7 +++++--
include/linux/netfilter/nf_conntrack_h323_asn1.h | 2 ++
include/linux/netfilter/nf_conntrack_irc.h | 4 ++++
include/linux/netfilter/nf_conntrack_pptp.h | 9 +++++----
include/linux/netfilter/nf_conntrack_sip.h | 4 ++--
include/linux/netfilter/nf_conntrack_snmp.h | 3 +++
include/linux/netfilter/nf_conntrack_tftp.h | 5 +++++
include/net/netfilter/br_netfilter.h | 2 ++
include/net/netfilter/ipv4/nf_dup_ipv4.h | 3 +++
include/net/netfilter/ipv6/nf_defrag_ipv6.h | 4 +++-
include/net/netfilter/ipv6/nf_dup_ipv6.h | 2 ++
include/net/netfilter/nf_conntrack_bridge.h | 4 ++++
include/net/netfilter/nf_conntrack_count.h | 3 +++
include/net/netfilter/nf_dup_netdev.h | 2 ++
include/net/netfilter/nf_flow_table.h | 1 +
include/net/netfilter/nf_nat_helper.h | 4 ++--
include/net/netfilter/nf_nat_redirect.h | 3 +++
include/net/netfilter/nf_queue.h | 2 ++
include/net/netfilter/nf_reject.h | 3 +++
include/net/netfilter/nf_tables_ipv6.h | 1 +
include/net/netfilter/nft_fib.h | 2 ++
include/net/netfilter/nft_meta.h | 2 ++
include/net/netfilter/nft_reject.h | 5 +++++
include/uapi/linux/netfilter/xt_policy.h | 1 +
27 files changed, 80 insertions(+), 14 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set_getport.h b/include/linux/netfilter/ipset/ip_set_getport.h
index ac6a11d38a19..a906df06948b 100644
--- a/include/linux/netfilter/ipset/ip_set_getport.h
+++ b/include/linux/netfilter/ipset/ip_set_getport.h
@@ -2,6 +2,10 @@
#ifndef _IP_SET_GETPORT_H
#define _IP_SET_GETPORT_H
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include <uapi/linux/in.h>
+
extern bool ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto);
diff --git a/include/linux/netfilter/nf_conntrack_amanda.h b/include/linux/netfilter/nf_conntrack_amanda.h
index 34345e543ba2..6f0ac896fcc9 100644
--- a/include/linux/netfilter/nf_conntrack_amanda.h
+++ b/include/linux/netfilter/nf_conntrack_amanda.h
@@ -3,6 +3,10 @@
#define _NF_CONNTRACK_AMANDA_H
/* AMANDA tracking. */
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+
extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo,
unsigned int protoff,
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 73a296dfd019..0e38302820b9 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -2,8 +2,12 @@
#ifndef _NF_CONNTRACK_FTP_H
#define _NF_CONNTRACK_FTP_H
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include <net/netfilter/nf_conntrack_expect.h>
#include <uapi/linux/netfilter/nf_conntrack_ftp.h>
-
+#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
#define FTP_PORT 21
@@ -20,8 +24,6 @@ struct nf_ct_ftp_master {
u_int16_t flags[IP_CT_DIR_MAX];
};
-struct nf_conntrack_expect;
-
/* For NAT to hook in when we find a packet which describes what other
* connection we should expect. */
extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
diff --git a/include/linux/netfilter/nf_conntrack_h323.h b/include/linux/netfilter/nf_conntrack_h323.h
index f76ed373a2a5..96dfa886f8c0 100644
--- a/include/linux/netfilter/nf_conntrack_h323.h
+++ b/include/linux/netfilter/nf_conntrack_h323.h
@@ -4,7 +4,12 @@
#ifdef __KERNEL__
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_h323_asn1.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
#define RAS_PORT 1719
#define Q931_PORT 1720
@@ -28,8 +33,6 @@ struct nf_ct_h323_master {
};
};
-struct nf_conn;
-
int get_h225_addr(struct nf_conn *ct, unsigned char *data,
TransportAddress *taddr, union nf_inet_addr *addr,
__be16 *port);
diff --git a/include/linux/netfilter/nf_conntrack_h323_asn1.h b/include/linux/netfilter/nf_conntrack_h323_asn1.h
index 19df78341fb3..bd6797f823b2 100644
--- a/include/linux/netfilter/nf_conntrack_h323_asn1.h
+++ b/include/linux/netfilter/nf_conntrack_h323_asn1.h
@@ -37,6 +37,8 @@
/*****************************************************************************
* H.323 Types
****************************************************************************/
+
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_h323_types.h>
typedef struct {
diff --git a/include/linux/netfilter/nf_conntrack_irc.h b/include/linux/netfilter/nf_conntrack_irc.h
index 00c2b74206e1..f75e005db969 100644
--- a/include/linux/netfilter/nf_conntrack_irc.h
+++ b/include/linux/netfilter/nf_conntrack_irc.h
@@ -4,6 +4,10 @@
#ifdef __KERNEL__
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+
#define IRC_PORT 6667
extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h
index 833a5b2255ea..3f10e806f0dc 100644
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -3,7 +3,12 @@
#ifndef _NF_CONNTRACK_PPTP_H
#define _NF_CONNTRACK_PPTP_H
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_common.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
extern const char *const pptp_msg_name[];
@@ -297,10 +302,6 @@ union pptp_ctrl_union {
struct PptpSetLinkInfo setlink;
};
-/* crap needed for nf_conntrack_compat.h */
-struct nf_conn;
-struct nf_conntrack_expect;
-
extern int
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index c7fc38807a33..f6437f7841af 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -3,9 +3,9 @@
#define __NF_CONNTRACK_SIP_H__
#ifdef __KERNEL__
-#include <net/netfilter/nf_conntrack_expect.h>
-
+#include <linux/skbuff.h>
#include <linux/types.h>
+#include <net/netfilter/nf_conntrack_expect.h>
#define SIP_PORT 5060
#define SIP_TIMEOUT 3600
diff --git a/include/linux/netfilter/nf_conntrack_snmp.h b/include/linux/netfilter/nf_conntrack_snmp.h
index 818088c47475..87e4f33eb55f 100644
--- a/include/linux/netfilter/nf_conntrack_snmp.h
+++ b/include/linux/netfilter/nf_conntrack_snmp.h
@@ -2,6 +2,9 @@
#ifndef _NF_CONNTRACK_SNMP_H
#define _NF_CONNTRACK_SNMP_H
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+
extern int (*nf_nat_snmp_hook)(struct sk_buff *skb,
unsigned int protoff,
struct nf_conn *ct,
diff --git a/include/linux/netfilter/nf_conntrack_tftp.h b/include/linux/netfilter/nf_conntrack_tftp.h
index 5769e12dd0a2..dc4c1b9beac0 100644
--- a/include/linux/netfilter/nf_conntrack_tftp.h
+++ b/include/linux/netfilter/nf_conntrack_tftp.h
@@ -4,6 +4,11 @@
#define TFTP_PORT 69
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include <linux/types.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+
struct tftphdr {
__be16 opcode;
};
diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h
index 302fcd3aade2..ca121ed906df 100644
--- a/include/net/netfilter/br_netfilter.h
+++ b/include/net/netfilter/br_netfilter.h
@@ -2,6 +2,8 @@
#ifndef _BR_NETFILTER_H_
#define _BR_NETFILTER_H_
+#include <linux/netfilter.h>
+
#include "../../../net/bridge/br_private.h"
static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
diff --git a/include/net/netfilter/ipv4/nf_dup_ipv4.h b/include/net/netfilter/ipv4/nf_dup_ipv4.h
index c962e0be3549..a2bc16cdbcd3 100644
--- a/include/net/netfilter/ipv4/nf_dup_ipv4.h
+++ b/include/net/netfilter/ipv4/nf_dup_ipv4.h
@@ -2,6 +2,9 @@
#ifndef _NF_DUP_IPV4_H_
#define _NF_DUP_IPV4_H_
+#include <linux/skbuff.h>
+#include <uapi/linux/in.h>
+
void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
const struct in_addr *gw, int oif);
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
index 9d7e28736da9..6d31cd041143 100644
--- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
@@ -2,7 +2,9 @@
#ifndef _NF_DEFRAG_IPV6_H
#define _NF_DEFRAG_IPV6_H
-struct net;
+#include <linux/skbuff.h>
+#include <linux/types.h>
+
int nf_defrag_ipv6_enable(struct net *);
int nf_ct_frag6_init(void);
diff --git a/include/net/netfilter/ipv6/nf_dup_ipv6.h b/include/net/netfilter/ipv6/nf_dup_ipv6.h
index caf0c2dd8ee7..f6312bb04a13 100644
--- a/include/net/netfilter/ipv6/nf_dup_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_dup_ipv6.h
@@ -2,6 +2,8 @@
#ifndef _NF_DUP_IPV6_H_
#define _NF_DUP_IPV6_H_
+#include <linux/skbuff.h>
+
void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
const struct in6_addr *gw, int oif);
diff --git a/include/net/netfilter/nf_conntrack_bridge.h b/include/net/netfilter/nf_conntrack_bridge.h
index 9a5514d5bc51..8f2e5b2ab523 100644
--- a/include/net/netfilter/nf_conntrack_bridge.h
+++ b/include/net/netfilter/nf_conntrack_bridge.h
@@ -1,6 +1,10 @@
#ifndef NF_CONNTRACK_BRIDGE_
#define NF_CONNTRACK_BRIDGE_
+#include <linux/module.h>
+#include <linux/types.h>
+#include <uapi/linux/if_ether.h>
+
struct nf_ct_bridge_info {
struct nf_hook_ops *ops;
unsigned int ops_size;
diff --git a/include/net/netfilter/nf_conntrack_count.h b/include/net/netfilter/nf_conntrack_count.h
index f32fc8289473..9645b47fa7e4 100644
--- a/include/net/netfilter/nf_conntrack_count.h
+++ b/include/net/netfilter/nf_conntrack_count.h
@@ -2,6 +2,9 @@
#define _NF_CONNTRACK_COUNT_H
#include <linux/list.h>
+#include <linux/spinlock.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_conntrack_zones.h>
struct nf_conncount_data;
diff --git a/include/net/netfilter/nf_dup_netdev.h b/include/net/netfilter/nf_dup_netdev.h
index 2a6f6dcad3d9..181672672160 100644
--- a/include/net/netfilter/nf_dup_netdev.h
+++ b/include/net/netfilter/nf_dup_netdev.h
@@ -2,6 +2,8 @@
#ifndef _NF_DUP_NETDEV_H_
#define _NF_DUP_NETDEV_H_
+#include <net/netfilter/nf_tables.h>
+
void nf_dup_netdev_egress(const struct nft_pktinfo *pkt, int oif);
void nf_fwd_netdev_egress(const struct nft_pktinfo *pkt, int oif);
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index d8c187936bec..7249e331bd0b 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -6,6 +6,7 @@
#include <linux/netdevice.h>
#include <linux/rhashtable-types.h>
#include <linux/rcupdate.h>
+#include <linux/netfilter.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#include <net/dst.h>
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 97d7033e93a4..efae84646353 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -3,9 +3,9 @@
#define _NF_NAT_HELPER_H
/* NAT protocol helper routines. */
+#include <linux/skbuff.h>
#include <net/netfilter/nf_conntrack.h>
-
-struct sk_buff;
+#include <net/netfilter/nf_conntrack_expect.h>
/* These return true or false. */
bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct,
diff --git a/include/net/netfilter/nf_nat_redirect.h b/include/net/netfilter/nf_nat_redirect.h
index c129aacc8ae8..2418653a66db 100644
--- a/include/net/netfilter/nf_nat_redirect.h
+++ b/include/net/netfilter/nf_nat_redirect.h
@@ -2,6 +2,9 @@
#ifndef _NF_NAT_REDIRECT_H_
#define _NF_NAT_REDIRECT_H_
+#include <linux/skbuff.h>
+#include <uapi/linux/netfilter/nf_nat.h>
+
unsigned int
nf_nat_redirect_ipv4(struct sk_buff *skb,
const struct nf_nat_ipv4_multi_range_compat *mr,
diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
index 3cb6dcf53a4e..359b80b43169 100644
--- a/include/net/netfilter/nf_queue.h
+++ b/include/net/netfilter/nf_queue.h
@@ -5,6 +5,8 @@
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/jhash.h>
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
/* Each queued (to userspace) skbuff has one of these. */
struct nf_queue_entry {
diff --git a/include/net/netfilter/nf_reject.h b/include/net/netfilter/nf_reject.h
index 221f877f29d1..9051c3a0c8e7 100644
--- a/include/net/netfilter/nf_reject.h
+++ b/include/net/netfilter/nf_reject.h
@@ -2,6 +2,9 @@
#ifndef _NF_REJECT_H
#define _NF_REJECT_H
+#include <linux/types.h>
+#include <uapi/linux/in.h>
+
static inline bool nf_reject_verify_csum(__u8 proto)
{
/* Skip protocols that don't use 16-bit one's complement checksum
diff --git a/include/net/netfilter/nf_tables_ipv6.h b/include/net/netfilter/nf_tables_ipv6.h
index dabe6fdb553a..d0f1c537b017 100644
--- a/include/net/netfilter/nf_tables_ipv6.h
+++ b/include/net/netfilter/nf_tables_ipv6.h
@@ -4,6 +4,7 @@
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ipv6.h>
+#include <net/netfilter/nf_tables.h>
static inline void nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
struct sk_buff *skb)
diff --git a/include/net/netfilter/nft_fib.h b/include/net/netfilter/nft_fib.h
index e4c4d8eaca8c..628b6fa579cd 100644
--- a/include/net/netfilter/nft_fib.h
+++ b/include/net/netfilter/nft_fib.h
@@ -2,6 +2,8 @@
#ifndef _NFT_FIB_H_
#define _NFT_FIB_H_
+#include <net/netfilter/nf_tables.h>
+
struct nft_fib {
enum nft_registers dreg:8;
u8 result;
diff --git a/include/net/netfilter/nft_meta.h b/include/net/netfilter/nft_meta.h
index 5c69e9b09388..07e2fd507963 100644
--- a/include/net/netfilter/nft_meta.h
+++ b/include/net/netfilter/nft_meta.h
@@ -2,6 +2,8 @@
#ifndef _NFT_META_H_
#define _NFT_META_H_
+#include <net/netfilter/nf_tables.h>
+
struct nft_meta {
enum nft_meta_keys key:8;
union {
diff --git a/include/net/netfilter/nft_reject.h b/include/net/netfilter/nft_reject.h
index de80c50761f0..56b123a42220 100644
--- a/include/net/netfilter/nft_reject.h
+++ b/include/net/netfilter/nft_reject.h
@@ -2,6 +2,11 @@
#ifndef _NFT_REJECT_H_
#define _NFT_REJECT_H_
+#include <linux/types.h>
+#include <net/netlink.h>
+#include <net/netfilter/nf_tables.h>
+#include <uapi/linux/netfilter/nf_tables.h>
+
struct nft_reject {
enum nft_reject_types type:8;
u8 icmp_code;
diff --git a/include/uapi/linux/netfilter/xt_policy.h b/include/uapi/linux/netfilter/xt_policy.h
index 323bfa3074c5..4cf2ce2a8a44 100644
--- a/include/uapi/linux/netfilter/xt_policy.h
+++ b/include/uapi/linux/netfilter/xt_policy.h
@@ -2,6 +2,7 @@
#ifndef _XT_POLICY_H
#define _XT_POLICY_H
+#include <linux/netfilter.h>
#include <linux/types.h>
#include <linux/in.h>
#include <linux/in6.h>
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 5/8] netfilter: added missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
struct nf_conn contains a "struct nf_conntrack ct_general" member and
struct net contains a "struct netns_ct ct" member which are both only
defined in CONFIG_NF_CONNTRACK is enabled. These members are used in a
number of inline functions defined in other header-files. Added
preprocessor checks to make sure the headers will compile if
CONFIG_NF_CONNTRACK is disabled.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/net/netfilter/nf_conntrack.h | 10 ++++++++++
include/net/netfilter/nf_conntrack_acct.h | 13 +++++++++++++
include/net/netfilter/nf_conntrack_l4proto.h | 2 ++
include/net/netfilter/nf_conntrack_timestamp.h | 6 ++++++
4 files changed, 31 insertions(+)
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index c86657d99630..2cc304efe7f9 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -59,6 +59,7 @@ struct nf_conntrack_net {
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
struct nf_conn {
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
/* Usage count in here is 1 for hash table, 1 per skb,
* plus 1 for any connection(s) we are `master' for
*
@@ -68,6 +69,7 @@ struct nf_conn {
* beware nf_ct_get() is different and don't inc refcnt.
*/
struct nf_conntrack ct_general;
+#endif
spinlock_t lock;
/* jiffies32 when this ct is considered dead */
@@ -148,6 +150,8 @@ void nf_conntrack_alter_reply(struct nf_conn *ct,
int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
const struct nf_conn *ignored_conntrack);
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+
#define NFCT_INFOMASK 7UL
#define NFCT_PTRMASK ~(NFCT_INFOMASK)
@@ -167,6 +171,8 @@ static inline void nf_ct_put(struct nf_conn *ct)
nf_conntrack_put(&ct->ct_general);
}
+#endif
+
/* Protocol module loading */
int nf_ct_l3proto_try_module_get(unsigned short l3proto);
void nf_ct_l3proto_module_put(unsigned short l3proto);
@@ -318,12 +324,16 @@ void nf_ct_tmpl_free(struct nf_conn *tmpl);
u32 nf_ct_get_id(const struct nf_conn *ct);
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+
static inline void
nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
{
skb->_nfct = (unsigned long)ct | info;
}
+#endif
+
#define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v))
diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h
index 1fee733c18a7..ad9f2172dee1 100644
--- a/include/net/netfilter/nf_conntrack_acct.h
+++ b/include/net/netfilter/nf_conntrack_acct.h
@@ -29,6 +29,7 @@ struct nf_conn_acct *nf_conn_acct_find(const struct nf_conn *ct)
static inline
struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
{
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
struct net *net = nf_ct_net(ct);
struct nf_conn_acct *acct;
@@ -41,22 +42,34 @@ struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
return acct;
+#else
+ return NULL;
+#endif
};
/* Check if connection tracking accounting is enabled */
static inline bool nf_ct_acct_enabled(struct net *net)
{
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
return net->ct.sysctl_acct != 0;
+#else
+ return false;
+#endif
}
/* Enable/disable connection tracking accounting */
static inline void nf_ct_set_acct(struct net *net, bool enable)
{
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
net->ct.sysctl_acct = enable;
+#endif
}
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
void nf_conntrack_acct_pernet_init(struct net *net);
int nf_conntrack_acct_init(void);
void nf_conntrack_acct_fini(void);
+#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK) */
+
#endif /* _NF_CONNTRACK_ACCT_H */
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index a49edfdf47e8..1990d54bf8f2 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -176,6 +176,7 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb,
const char *fmt, ...) { }
#endif /* CONFIG_SYSCTL */
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
static inline struct nf_generic_net *nf_generic_pernet(struct net *net)
{
return &net->ct.nf_ct_proto.generic;
@@ -200,6 +201,7 @@ static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net)
{
return &net->ct.nf_ct_proto.icmpv6;
}
+#endif
#ifdef CONFIG_NF_CT_PROTO_DCCP
static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)
diff --git a/include/net/netfilter/nf_conntrack_timestamp.h b/include/net/netfilter/nf_conntrack_timestamp.h
index 0ed617bf0a3d..2b8aeba649aa 100644
--- a/include/net/netfilter/nf_conntrack_timestamp.h
+++ b/include/net/netfilter/nf_conntrack_timestamp.h
@@ -40,12 +40,18 @@ struct nf_conn_tstamp *nf_ct_tstamp_ext_add(struct nf_conn *ct, gfp_t gfp)
static inline bool nf_ct_tstamp_enabled(struct net *net)
{
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
return net->ct.sysctl_tstamp != 0;
+#else
+ return false;
+#endif
}
static inline void nf_ct_set_tstamp(struct net *net, bool enable)
{
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
net->ct.sysctl_tstamp = enable;
+#endif
}
#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 3/8] netfilter: added missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to header-file.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
br_netfilter.h defines inline functions that use an enum constant and
struct member that are only defined if CONFIG_BRIDGE_NETFILTER is
enabled. Added preprocessor checks to ensure br_netfilter.h will
compile if CONFIG_BRIDGE_NETFILTER is disabled.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/net/netfilter/br_netfilter.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h
index ca121ed906df..33533ea852a1 100644
--- a/include/net/netfilter/br_netfilter.h
+++ b/include/net/netfilter/br_netfilter.h
@@ -8,12 +8,16 @@
static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
{
+#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
if (b)
memset(b, 0, sizeof(*b));
return b;
+#else
+ return NULL;
+#endif
}
void nf_bridge_update_protocol(struct sk_buff *skb);
@@ -38,10 +42,14 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_
static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
{
+#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct net_bridge_port *port;
port = br_port_get_rcu(dev);
return port ? &port->br->fake_rtable : NULL;
+#else
+ return NULL;
+#endif
}
struct net_device *setup_pre_routing(struct sk_buff *skb,
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 1/8] netfilter: inlined four headers files into another one.
From: Jeremy Sowden @ 2019-08-07 14:16 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
linux/netfilter/ipset/ip_set.h included four other header files:
include/linux/netfilter/ipset/ip_set_comment.h
include/linux/netfilter/ipset/ip_set_counter.h
include/linux/netfilter/ipset/ip_set_skbinfo.h
include/linux/netfilter/ipset/ip_set_timeout.h
Of these the first three were not included anywhere else. The last,
ip_set_timeout.h, was included in a couple of other places, but defined
inline functions which call other inline functions defined in ip_set.h,
so ip_set.h had to be included before it.
Inlined all four into ip_set.h, and updated the other files that
included ip_set_timeout.h.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/linux/netfilter/ipset/ip_set.h | 238 +++++++++++++++++-
| 73 ------
.../linux/netfilter/ipset/ip_set_counter.h | 84 -------
.../linux/netfilter/ipset/ip_set_skbinfo.h | 42 ----
.../linux/netfilter/ipset/ip_set_timeout.h | 77 ------
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
net/netfilter/xt_set.c | 1 -
7 files changed, 235 insertions(+), 282 deletions(-)
delete mode 100644 include/linux/netfilter/ipset/ip_set_comment.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_counter.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_skbinfo.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_timeout.h
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 12ad9b1853b4..9bc255a8461b 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -452,10 +452,240 @@ bitmap_bytes(u32 a, u32 b)
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
-#include <linux/netfilter/ipset/ip_set_timeout.h>
-#include <linux/netfilter/ipset/ip_set_comment.h>
-#include <linux/netfilter/ipset/ip_set_counter.h>
-#include <linux/netfilter/ipset/ip_set_skbinfo.h>
+/* How often should the gc be run by default */
+#define IPSET_GC_TIME (3 * 60)
+
+/* Timeout period depending on the timeout value of the given set */
+#define IPSET_GC_PERIOD(timeout) \
+ ((timeout/3) ? min_t(u32, (timeout)/3, IPSET_GC_TIME) : 1)
+
+/* Entry is set with no timeout value */
+#define IPSET_ELEM_PERMANENT 0
+
+/* Set is defined with timeout support: timeout value may be 0 */
+#define IPSET_NO_TIMEOUT UINT_MAX
+
+/* Max timeout value, see msecs_to_jiffies() in jiffies.h */
+#define IPSET_MAX_TIMEOUT (UINT_MAX >> 1)/MSEC_PER_SEC
+
+#define ip_set_adt_opt_timeout(opt, set) \
+((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout)
+
+static inline unsigned int
+ip_set_timeout_uget(struct nlattr *tb)
+{
+ unsigned int timeout = ip_set_get_h32(tb);
+
+ /* Normalize to fit into jiffies */
+ if (timeout > IPSET_MAX_TIMEOUT)
+ timeout = IPSET_MAX_TIMEOUT;
+
+ return timeout;
+}
+
+static inline bool
+ip_set_timeout_expired(const unsigned long *t)
+{
+ return *t != IPSET_ELEM_PERMANENT && time_is_before_jiffies(*t);
+}
+
+static inline void
+ip_set_timeout_set(unsigned long *timeout, u32 value)
+{
+ unsigned long t;
+
+ if (!value) {
+ *timeout = IPSET_ELEM_PERMANENT;
+ return;
+ }
+
+ t = msecs_to_jiffies(value * MSEC_PER_SEC) + jiffies;
+ if (t == IPSET_ELEM_PERMANENT)
+ /* Bingo! :-) */
+ t--;
+ *timeout = t;
+}
+
+static inline u32
+ip_set_timeout_get(const unsigned long *timeout)
+{
+ u32 t;
+
+ if (*timeout == IPSET_ELEM_PERMANENT)
+ return 0;
+
+ t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+ /* Zero value in userspace means no timeout */
+ return t == 0 ? 1 : t;
+}
+
+static inline char*
+ip_set_comment_uget(struct nlattr *tb)
+{
+ return nla_data(tb);
+}
+
+/* Called from uadd only, protected by the set spinlock.
+ * The kadt functions don't use the comment extensions in any way.
+ */
+static inline void
+ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
+ const struct ip_set_ext *ext)
+{
+ struct ip_set_comment_rcu *c = rcu_dereference_protected(comment->c, 1);
+ size_t len = ext->comment ? strlen(ext->comment) : 0;
+
+ if (unlikely(c)) {
+ set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
+ kfree_rcu(c, rcu);
+ rcu_assign_pointer(comment->c, NULL);
+ }
+ if (!len)
+ return;
+ if (unlikely(len > IPSET_MAX_COMMENT_SIZE))
+ len = IPSET_MAX_COMMENT_SIZE;
+ c = kmalloc(sizeof(*c) + len + 1, GFP_ATOMIC);
+ if (unlikely(!c))
+ return;
+ strlcpy(c->str, ext->comment, len + 1);
+ set->ext_size += sizeof(*c) + strlen(c->str) + 1;
+ rcu_assign_pointer(comment->c, c);
+}
+
+/* Used only when dumping a set, protected by rcu_read_lock() */
+static inline int
+ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)
+{
+ struct ip_set_comment_rcu *c = rcu_dereference(comment->c);
+
+ if (!c)
+ return 0;
+ return nla_put_string(skb, IPSET_ATTR_COMMENT, c->str);
+}
+
+/* Called from uadd/udel, flush or the garbage collectors protected
+ * by the set spinlock.
+ * Called when the set is destroyed and when there can't be any user
+ * of the set data anymore.
+ */
+static inline void
+ip_set_comment_free(struct ip_set *set, struct ip_set_comment *comment)
+{
+ struct ip_set_comment_rcu *c;
+
+ c = rcu_dereference_protected(comment->c, 1);
+ if (unlikely(!c))
+ return;
+ set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
+ kfree_rcu(c, rcu);
+ rcu_assign_pointer(comment->c, NULL);
+}
+
+static inline void
+ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
+{
+ atomic64_add((long long)bytes, &(counter)->bytes);
+}
+
+static inline void
+ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
+{
+ atomic64_add((long long)packets, &(counter)->packets);
+}
+
+static inline u64
+ip_set_get_bytes(const struct ip_set_counter *counter)
+{
+ return (u64)atomic64_read(&(counter)->bytes);
+}
+
+static inline u64
+ip_set_get_packets(const struct ip_set_counter *counter)
+{
+ return (u64)atomic64_read(&(counter)->packets);
+}
+
+static inline bool
+ip_set_match_counter(u64 counter, u64 match, u8 op)
+{
+ switch (op) {
+ case IPSET_COUNTER_NONE:
+ return true;
+ case IPSET_COUNTER_EQ:
+ return counter == match;
+ case IPSET_COUNTER_NE:
+ return counter != match;
+ case IPSET_COUNTER_LT:
+ return counter < match;
+ case IPSET_COUNTER_GT:
+ return counter > match;
+ }
+ return false;
+}
+
+static inline void
+ip_set_update_counter(struct ip_set_counter *counter,
+ const struct ip_set_ext *ext, u32 flags)
+{
+ if (ext->packets != ULLONG_MAX &&
+ !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
+ ip_set_add_bytes(ext->bytes, counter);
+ ip_set_add_packets(ext->packets, counter);
+ }
+}
+
+static inline bool
+ip_set_put_counter(struct sk_buff *skb, const struct ip_set_counter *counter)
+{
+ return nla_put_net64(skb, IPSET_ATTR_BYTES,
+ cpu_to_be64(ip_set_get_bytes(counter)),
+ IPSET_ATTR_PAD) ||
+ nla_put_net64(skb, IPSET_ATTR_PACKETS,
+ cpu_to_be64(ip_set_get_packets(counter)),
+ IPSET_ATTR_PAD);
+}
+
+static inline void
+ip_set_init_counter(struct ip_set_counter *counter,
+ const struct ip_set_ext *ext)
+{
+ if (ext->bytes != ULLONG_MAX)
+ atomic64_set(&(counter)->bytes, (long long)(ext->bytes));
+ if (ext->packets != ULLONG_MAX)
+ atomic64_set(&(counter)->packets, (long long)(ext->packets));
+}
+
+static inline void
+ip_set_get_skbinfo(struct ip_set_skbinfo *skbinfo,
+ const struct ip_set_ext *ext,
+ struct ip_set_ext *mext, u32 flags)
+{
+ mext->skbinfo = *skbinfo;
+}
+
+static inline bool
+ip_set_put_skbinfo(struct sk_buff *skb, const struct ip_set_skbinfo *skbinfo)
+{
+ /* Send nonzero parameters only */
+ return ((skbinfo->skbmark || skbinfo->skbmarkmask) &&
+ nla_put_net64(skb, IPSET_ATTR_SKBMARK,
+ cpu_to_be64((u64)skbinfo->skbmark << 32 |
+ skbinfo->skbmarkmask),
+ IPSET_ATTR_PAD)) ||
+ (skbinfo->skbprio &&
+ nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
+ cpu_to_be32(skbinfo->skbprio))) ||
+ (skbinfo->skbqueue &&
+ nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
+ cpu_to_be16(skbinfo->skbqueue)));
+}
+
+static inline void
+ip_set_init_skbinfo(struct ip_set_skbinfo *skbinfo,
+ const struct ip_set_ext *ext)
+{
+ *skbinfo = ext->skbinfo;
+}
#define IP_SET_INIT_KEXT(skb, opt, set) \
{ .bytes = (skb)->len, .packets = 1, \
diff --git a/include/linux/netfilter/ipset/ip_set_comment.h b/include/linux/netfilter/ipset/ip_set_comment.h
deleted file mode 100644
index 0b894d81bbf2..000000000000
--- a/include/linux/netfilter/ipset/ip_set_comment.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-#ifndef _IP_SET_COMMENT_H
-#define _IP_SET_COMMENT_H
-
-/* Copyright (C) 2013 Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
- */
-
-#ifdef __KERNEL__
-
-static inline char*
-ip_set_comment_uget(struct nlattr *tb)
-{
- return nla_data(tb);
-}
-
-/* Called from uadd only, protected by the set spinlock.
- * The kadt functions don't use the comment extensions in any way.
- */
-static inline void
-ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
- const struct ip_set_ext *ext)
-{
- struct ip_set_comment_rcu *c = rcu_dereference_protected(comment->c, 1);
- size_t len = ext->comment ? strlen(ext->comment) : 0;
-
- if (unlikely(c)) {
- set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
- kfree_rcu(c, rcu);
- rcu_assign_pointer(comment->c, NULL);
- }
- if (!len)
- return;
- if (unlikely(len > IPSET_MAX_COMMENT_SIZE))
- len = IPSET_MAX_COMMENT_SIZE;
- c = kmalloc(sizeof(*c) + len + 1, GFP_ATOMIC);
- if (unlikely(!c))
- return;
- strlcpy(c->str, ext->comment, len + 1);
- set->ext_size += sizeof(*c) + strlen(c->str) + 1;
- rcu_assign_pointer(comment->c, c);
-}
-
-/* Used only when dumping a set, protected by rcu_read_lock() */
-static inline int
-ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)
-{
- struct ip_set_comment_rcu *c = rcu_dereference(comment->c);
-
- if (!c)
- return 0;
- return nla_put_string(skb, IPSET_ATTR_COMMENT, c->str);
-}
-
-/* Called from uadd/udel, flush or the garbage collectors protected
- * by the set spinlock.
- * Called when the set is destroyed and when there can't be any user
- * of the set data anymore.
- */
-static inline void
-ip_set_comment_free(struct ip_set *set, struct ip_set_comment *comment)
-{
- struct ip_set_comment_rcu *c;
-
- c = rcu_dereference_protected(comment->c, 1);
- if (unlikely(!c))
- return;
- set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
- kfree_rcu(c, rcu);
- rcu_assign_pointer(comment->c, NULL);
-}
-
-#endif
-#endif
diff --git a/include/linux/netfilter/ipset/ip_set_counter.h b/include/linux/netfilter/ipset/ip_set_counter.h
deleted file mode 100644
index 3400958c07be..000000000000
--- a/include/linux/netfilter/ipset/ip_set_counter.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-#ifndef _IP_SET_COUNTER_H
-#define _IP_SET_COUNTER_H
-
-/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org> */
-
-#ifdef __KERNEL__
-
-static inline void
-ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
-{
- atomic64_add((long long)bytes, &(counter)->bytes);
-}
-
-static inline void
-ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
-{
- atomic64_add((long long)packets, &(counter)->packets);
-}
-
-static inline u64
-ip_set_get_bytes(const struct ip_set_counter *counter)
-{
- return (u64)atomic64_read(&(counter)->bytes);
-}
-
-static inline u64
-ip_set_get_packets(const struct ip_set_counter *counter)
-{
- return (u64)atomic64_read(&(counter)->packets);
-}
-
-static inline bool
-ip_set_match_counter(u64 counter, u64 match, u8 op)
-{
- switch (op) {
- case IPSET_COUNTER_NONE:
- return true;
- case IPSET_COUNTER_EQ:
- return counter == match;
- case IPSET_COUNTER_NE:
- return counter != match;
- case IPSET_COUNTER_LT:
- return counter < match;
- case IPSET_COUNTER_GT:
- return counter > match;
- }
- return false;
-}
-
-static inline void
-ip_set_update_counter(struct ip_set_counter *counter,
- const struct ip_set_ext *ext, u32 flags)
-{
- if (ext->packets != ULLONG_MAX &&
- !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
- ip_set_add_bytes(ext->bytes, counter);
- ip_set_add_packets(ext->packets, counter);
- }
-}
-
-static inline bool
-ip_set_put_counter(struct sk_buff *skb, const struct ip_set_counter *counter)
-{
- return nla_put_net64(skb, IPSET_ATTR_BYTES,
- cpu_to_be64(ip_set_get_bytes(counter)),
- IPSET_ATTR_PAD) ||
- nla_put_net64(skb, IPSET_ATTR_PACKETS,
- cpu_to_be64(ip_set_get_packets(counter)),
- IPSET_ATTR_PAD);
-}
-
-static inline void
-ip_set_init_counter(struct ip_set_counter *counter,
- const struct ip_set_ext *ext)
-{
- if (ext->bytes != ULLONG_MAX)
- atomic64_set(&(counter)->bytes, (long long)(ext->bytes));
- if (ext->packets != ULLONG_MAX)
- atomic64_set(&(counter)->packets, (long long)(ext->packets));
-}
-
-#endif /* __KERNEL__ */
-#endif /* _IP_SET_COUNTER_H */
diff --git a/include/linux/netfilter/ipset/ip_set_skbinfo.h b/include/linux/netfilter/ipset/ip_set_skbinfo.h
deleted file mode 100644
index 3a2df02dbd55..000000000000
--- a/include/linux/netfilter/ipset/ip_set_skbinfo.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-#ifndef _IP_SET_SKBINFO_H
-#define _IP_SET_SKBINFO_H
-
-/* Copyright (C) 2015 Jozsef Kadlecsik <kadlec@netfilter.org> */
-
-#ifdef __KERNEL__
-
-static inline void
-ip_set_get_skbinfo(struct ip_set_skbinfo *skbinfo,
- const struct ip_set_ext *ext,
- struct ip_set_ext *mext, u32 flags)
-{
- mext->skbinfo = *skbinfo;
-}
-
-static inline bool
-ip_set_put_skbinfo(struct sk_buff *skb, const struct ip_set_skbinfo *skbinfo)
-{
- /* Send nonzero parameters only */
- return ((skbinfo->skbmark || skbinfo->skbmarkmask) &&
- nla_put_net64(skb, IPSET_ATTR_SKBMARK,
- cpu_to_be64((u64)skbinfo->skbmark << 32 |
- skbinfo->skbmarkmask),
- IPSET_ATTR_PAD)) ||
- (skbinfo->skbprio &&
- nla_put_net32(skb, IPSET_ATTR_SKBPRIO,
- cpu_to_be32(skbinfo->skbprio))) ||
- (skbinfo->skbqueue &&
- nla_put_net16(skb, IPSET_ATTR_SKBQUEUE,
- cpu_to_be16(skbinfo->skbqueue)));
-}
-
-static inline void
-ip_set_init_skbinfo(struct ip_set_skbinfo *skbinfo,
- const struct ip_set_ext *ext)
-{
- *skbinfo = ext->skbinfo;
-}
-
-#endif /* __KERNEL__ */
-#endif /* _IP_SET_SKBINFO_H */
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
deleted file mode 100644
index 2be60e379ecf..000000000000
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-#ifndef _IP_SET_TIMEOUT_H
-#define _IP_SET_TIMEOUT_H
-
-/* Copyright (C) 2003-2013 Jozsef Kadlecsik <kadlec@netfilter.org> */
-
-#ifdef __KERNEL__
-
-/* How often should the gc be run by default */
-#define IPSET_GC_TIME (3 * 60)
-
-/* Timeout period depending on the timeout value of the given set */
-#define IPSET_GC_PERIOD(timeout) \
- ((timeout/3) ? min_t(u32, (timeout)/3, IPSET_GC_TIME) : 1)
-
-/* Entry is set with no timeout value */
-#define IPSET_ELEM_PERMANENT 0
-
-/* Set is defined with timeout support: timeout value may be 0 */
-#define IPSET_NO_TIMEOUT UINT_MAX
-
-/* Max timeout value, see msecs_to_jiffies() in jiffies.h */
-#define IPSET_MAX_TIMEOUT (UINT_MAX >> 1)/MSEC_PER_SEC
-
-#define ip_set_adt_opt_timeout(opt, set) \
-((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout)
-
-static inline unsigned int
-ip_set_timeout_uget(struct nlattr *tb)
-{
- unsigned int timeout = ip_set_get_h32(tb);
-
- /* Normalize to fit into jiffies */
- if (timeout > IPSET_MAX_TIMEOUT)
- timeout = IPSET_MAX_TIMEOUT;
-
- return timeout;
-}
-
-static inline bool
-ip_set_timeout_expired(const unsigned long *t)
-{
- return *t != IPSET_ELEM_PERMANENT && time_is_before_jiffies(*t);
-}
-
-static inline void
-ip_set_timeout_set(unsigned long *timeout, u32 value)
-{
- unsigned long t;
-
- if (!value) {
- *timeout = IPSET_ELEM_PERMANENT;
- return;
- }
-
- t = msecs_to_jiffies(value * MSEC_PER_SEC) + jiffies;
- if (t == IPSET_ELEM_PERMANENT)
- /* Bingo! :-) */
- t--;
- *timeout = t;
-}
-
-static inline u32
-ip_set_timeout_get(const unsigned long *timeout)
-{
- u32 t;
-
- if (*timeout == IPSET_ELEM_PERMANENT)
- return 0;
-
- t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
- /* Zero value in userspace means no timeout */
- return t == 0 ? 1 : t;
-}
-
-#endif /* __KERNEL__ */
-#endif /* _IP_SET_TIMEOUT_H */
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 0feb77fa9edc..2e541cb3b37d 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -7,7 +7,7 @@
#include <linux/rcupdate.h>
#include <linux/jhash.h>
#include <linux/types.h>
-#include <linux/netfilter/ipset/ip_set_timeout.h>
+#include <linux/netfilter/ipset/ip_set.h>
#define __ipset_dereference_protected(p, c) rcu_dereference_protected(p, c)
#define ipset_dereference_protected(p, set) \
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
index ecbfa291fb70..731bc2cafae4 100644
--- a/net/netfilter/xt_set.c
+++ b/net/netfilter/xt_set.c
@@ -14,7 +14,6 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/ipset/ip_set.h>
-#include <linux/netfilter/ipset/ip_set_timeout.h>
#include <uapi/linux/netfilter/xt_set.h>
MODULE_LICENSE("GPL");
--
2.20.1
^ permalink raw reply related
* [PATCH net-next v1 0/8] netfilter: header compilation fixes
From: Jeremy Sowden @ 2019-08-07 14:16 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190722201615.GE23346@azazel.net>
A number of netfilter header files are on the header-test blacklist
becuse they cannot be compiled stand-alone. There are two main reasons
for this: missing inclusions of other headers, and missing conditionals
checking for CONFIG_* symbols.
The first six of these patches rectify these omissions, the seventh
removes some unnecessary "#ifdef __KERNEL__" checks, and the last
removes all the NF headers from the blacklist.
I've cc'ed Masahiro Yamada because the last patch removes 74 lines from
include/Kbuild and may conflict with his kbuild tree.
Jeremy Sowden (8):
netfilter: inlined four headers files into another one.
netfilter: added missing includes to a number of header-files.
netfilter: added missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to
header-file.
netfilter: added missing IS_ENABLED(CONFIG_NF_TABLES) check to
header-file.
netfilter: added missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to
some header-files.
netfilter: added missing IS_ENABLED(CONFIG_NETFILTER) checks to some
header-files.
netfilter: removed "#ifdef __KERNEL__" guards from some headers.
kbuild: removed all netfilter headers from header-test blacklist.
include/Kbuild | 74 ------
include/linux/netfilter/ipset/ip_set.h | 238 +++++++++++++++++-
.../linux/netfilter/ipset/ip_set_comment.h | 73 ------
.../linux/netfilter/ipset/ip_set_counter.h | 84 -------
.../linux/netfilter/ipset/ip_set_getport.h | 4 +
.../linux/netfilter/ipset/ip_set_skbinfo.h | 42 ----
.../linux/netfilter/ipset/ip_set_timeout.h | 77 ------
include/linux/netfilter/nf_conntrack_amanda.h | 4 +
include/linux/netfilter/nf_conntrack_dccp.h | 3 -
include/linux/netfilter/nf_conntrack_ftp.h | 8 +-
include/linux/netfilter/nf_conntrack_h323.h | 11 +-
.../linux/netfilter/nf_conntrack_h323_asn1.h | 2 +
include/linux/netfilter/nf_conntrack_irc.h | 5 +-
include/linux/netfilter/nf_conntrack_pptp.h | 12 +-
.../linux/netfilter/nf_conntrack_proto_gre.h | 2 -
include/linux/netfilter/nf_conntrack_sane.h | 4 -
include/linux/netfilter/nf_conntrack_sip.h | 6 +-
include/linux/netfilter/nf_conntrack_snmp.h | 3 +
include/linux/netfilter/nf_conntrack_tftp.h | 5 +
include/linux/netfilter/x_tables.h | 6 +
include/linux/netfilter_arp/arp_tables.h | 2 +
include/linux/netfilter_bridge/ebtables.h | 2 +
include/linux/netfilter_ipv4/ip_tables.h | 4 +
include/linux/netfilter_ipv6/ip6_tables.h | 2 +
include/net/netfilter/br_netfilter.h | 12 +
include/net/netfilter/ipv4/nf_dup_ipv4.h | 3 +
include/net/netfilter/ipv6/nf_defrag_ipv6.h | 4 +-
include/net/netfilter/ipv6/nf_dup_ipv6.h | 2 +
include/net/netfilter/nf_conntrack.h | 10 +
include/net/netfilter/nf_conntrack_acct.h | 13 +
include/net/netfilter/nf_conntrack_bridge.h | 6 +
include/net/netfilter/nf_conntrack_core.h | 3 +
include/net/netfilter/nf_conntrack_count.h | 3 +
include/net/netfilter/nf_conntrack_l4proto.h | 4 +
.../net/netfilter/nf_conntrack_timestamp.h | 6 +
include/net/netfilter/nf_conntrack_tuple.h | 2 +
include/net/netfilter/nf_dup_netdev.h | 2 +
include/net/netfilter/nf_flow_table.h | 5 +
include/net/netfilter/nf_nat.h | 4 +
include/net/netfilter/nf_nat_helper.h | 4 +-
include/net/netfilter/nf_nat_redirect.h | 3 +
include/net/netfilter/nf_queue.h | 7 +
include/net/netfilter/nf_reject.h | 3 +
include/net/netfilter/nf_synproxy.h | 4 +
include/net/netfilter/nf_tables.h | 12 +
include/net/netfilter/nf_tables_ipv6.h | 1 +
include/net/netfilter/nft_fib.h | 2 +
include/net/netfilter/nft_meta.h | 2 +
include/net/netfilter/nft_reject.h | 5 +
include/uapi/linux/netfilter/xt_policy.h | 1 +
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
net/netfilter/xt_set.c | 1 -
52 files changed, 409 insertions(+), 390 deletions(-)
delete mode 100644 include/linux/netfilter/ipset/ip_set_comment.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_counter.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_skbinfo.h
delete mode 100644 include/linux/netfilter/ipset/ip_set_timeout.h
--
2.20.1
^ permalink raw reply
* [PATCH net-next v1 4/8] netfilter: added missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
From: Jeremy Sowden @ 2019-08-07 14:17 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Netfilter Devel, Net Dev, Masahiro Yamada
In-Reply-To: <20190807141705.4864-1-jeremy@azazel.net>
nf_tables.h defines an API comprising several inline functions and
macros that depend on the nft member of struct net. However, this is
only defined is CONFIG_NF_TABLES is enabled. Added preprocessor checks
to ensure that nf_tables.h will compile if CONFIG_NF_TABLES is disabled.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/net/netfilter/nf_tables.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 9b624566b82d..66edf76301d3 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1207,6 +1207,8 @@ void nft_trace_notify(struct nft_traceinfo *info);
#define MODULE_ALIAS_NFT_OBJ(type) \
MODULE_ALIAS("nft-obj-" __stringify(type))
+#if IS_ENABLED(CONFIG_NF_TABLES)
+
/*
* The gencursor defines two generations, the currently active and the
* next one. Objects contain a bitmask of 2 bits specifying the generations
@@ -1280,6 +1282,8 @@ static inline void nft_set_elem_change_active(const struct net *net,
ext->genmask ^= nft_genmask_next(net);
}
+#endif /* IS_ENABLED(CONFIG_NF_TABLES) */
+
/*
* We use a free bit in the genmask field to indicate the element
* is busy, meaning it is currently being processed either by
--
2.20.1
^ permalink raw reply related
* Re: [PATCH net-next] net: dsa: sja1105: remove set but not used variables 'tx_vid' and 'rx_vid'
From: Vivien Didelot @ 2019-08-07 14:15 UTC (permalink / raw)
To: YueHaibing
Cc: davem, olteanv, andrew, f.fainelli, linux-kernel, netdev,
YueHaibing
In-Reply-To: <20190807130856.60792-1-yuehaibing@huawei.com>
On Wed, 7 Aug 2019 21:08:56 +0800, YueHaibing <yuehaibing@huawei.com> wrote:
> Fixes gcc '-Wunused-but-set-variable' warning:
>
> drivers/net/dsa/sja1105/sja1105_main.c: In function sja1105_fdb_dump:
> drivers/net/dsa/sja1105/sja1105_main.c:1226:14: warning:
> variable tx_vid set but not used [-Wunused-but-set-variable]
> drivers/net/dsa/sja1105/sja1105_main.c:1226:6: warning:
> variable rx_vid set but not used [-Wunused-but-set-variable]
>
> They are not used since commit 6d7c7d948a2e ("net: dsa:
> sja1105: Fix broken learning with vlan_filtering disabled")
>
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
^ permalink raw reply
* Re: WARNING in zd_mac_clear
From: Andrey Konovalov @ 2019-08-07 14:07 UTC (permalink / raw)
To: syzbot, USB list
Cc: David S. Miller, Daniel Drake, Ulrich Kunitz, Kalle Valo, LKML,
linux-wireless, netdev, syzkaller-bugs, Alan Stern, Oliver Neukum
In-Reply-To: <00000000000075a7a6058653d977@google.com>
On Fri, Apr 12, 2019 at 1:46 PM syzbot
<syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan/tree/usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=101a06dd200000
> kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
> dashboard link: https://syzkaller.appspot.com/bug?extid=74c65761783d66a9c97c
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1170c22d200000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1496adbb200000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
>
> usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
> usb 1-1: config 0 descriptor??
> usb 1-1: reset low-speed USB device number 2 using dummy_hcd
> usb 1-1: read over firmware interface failed: -71
> usb 1-1: reset low-speed USB device number 2 using dummy_hcd
> WARNING: CPU: 1 PID: 21 at drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> zd_mac_clear+0xb0/0xe0 drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> Kernel panic - not syncing: panic_on_warn set ...
> CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Workqueue: usb_hub_wq hub_event
> Call Trace:
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0xe8/0x16e lib/dump_stack.c:113
> panic+0x29d/0x5f2 kernel/panic.c:214
> __warn.cold+0x20/0x48 kernel/panic.c:571
> report_bug+0x262/0x2a0 lib/bug.c:186
> fixup_bug arch/x86/kernel/traps.c:179 [inline]
> fixup_bug arch/x86/kernel/traps.c:174 [inline]
> do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272
> do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291
> invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
> RIP: 0010:zd_mac_clear+0xb0/0xe0
> drivers/net/wireless/zydas/zd1211rw/zd_mac.c:238
> Code: e8 85 d0 60 f8 48 8d bb f8 2b 00 00 be ff ff ff ff e8 54 5a 46 f8 31
> ff 89 c3 89 c6 e8 d9 d1 60 f8 85 db 75 d4 e8 60 d0 60 f8 <0f> 0b 5b 5d e9
> 57 d0 60 f8 48 c7 c7 58 05 cb 93 e8 fb e0 97 f8 eb
> RSP: 0018:ffff8880a85c7310 EFLAGS: 00010293
> RAX: ffff8880a84de200 RBX: 0000000000000000 RCX: ffffffff8910f507
> RDX: 0000000000000000 RSI: ffffffff8910f510 RDI: 0000000000000005
> RBP: 0000000000000001 R08: ffff8880a84de200 R09: ffffed1012f83a0b
> R10: ffffed1012f83a0a R11: ffff888097c1d057 R12: 00000000ffffffb9
> R13: ffff888097c18b20 R14: ffff888099456630 R15: ffffffff8f979398
> probe+0x259/0x590 drivers/net/wireless/zydas/zd1211rw/zd_usb.c:1421
> usb_probe_interface+0x31d/0x820 drivers/usb/core/driver.c:361
> really_probe+0x2da/0xb10 drivers/base/dd.c:509
> driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
> __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
> bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
> __device_attach+0x223/0x3a0 drivers/base/dd.c:844
> bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
> device_add+0xad2/0x16e0 drivers/base/core.c:2106
> usb_set_configuration+0xdf7/0x1740 drivers/usb/core/message.c:2021
> generic_probe+0xa2/0xda drivers/usb/core/generic.c:210
> usb_probe_device+0xc0/0x150 drivers/usb/core/driver.c:266
> really_probe+0x2da/0xb10 drivers/base/dd.c:509
> driver_probe_device+0x21d/0x350 drivers/base/dd.c:671
> __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778
> bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454
> __device_attach+0x223/0x3a0 drivers/base/dd.c:844
> bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514
> device_add+0xad2/0x16e0 drivers/base/core.c:2106
> usb_new_device.cold+0x537/0xccf drivers/usb/core/hub.c:2534
> hub_port_connect drivers/usb/core/hub.c:5089 [inline]
> hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
> port_event drivers/usb/core/hub.c:5350 [inline]
> hub_event+0x138e/0x3b00 drivers/usb/core/hub.c:5432
> process_one_work+0x90f/0x1580 kernel/workqueue.c:2269
> worker_thread+0x9b/0xe20 kernel/workqueue.c:2415
> kthread+0x313/0x420 kernel/kthread.c:253
> ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
This USB bug is the second most frequently triggered one with over 10k
kernel crashes.
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply
* Re: WARNING in rollback_registered_many (2)
From: Andrey Konovalov @ 2019-08-07 14:03 UTC (permalink / raw)
To: syzbot, USB list
Cc: Larry Finger, avagin, David S. Miller, devel, Eric W . Biederman,
Eric Dumazet, florian.c.schilhabel, Greg Kroah-Hartman,
Kai Heng Feng, ktkhai, LKML, netdev, straube.linux,
syzkaller-bugs, tyhicks, Matthew Wilcox, Oliver Neukum,
Alan Stern
In-Reply-To: <CAAeHK+zUHJswwHfVUCV0qTgvFVFZpT0hJqioLyYgbA0yQC0H8Q@mail.gmail.com>
On Fri, Apr 12, 2019 at 1:32 PM Andrey Konovalov <andreyknvl@google.com> wrote:
>
> On Fri, Apr 12, 2019 at 1:29 AM syzbot
> <syzbot+40918e4d826fb2ff9b96@syzkaller.appspotmail.com> wrote:
> >
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan/tree/usb-fuzzer
> > console output: https://syzkaller.appspot.com/x/log.txt?x=10d552b7200000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
> > dashboard link: https://syzkaller.appspot.com/bug?extid=40918e4d826fb2ff9b96
> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a4c1af200000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=121b274b200000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+40918e4d826fb2ff9b96@syzkaller.appspotmail.com
> >
> > usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
> > usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
> > usb 1-1: USB disconnect, device number 2
> > usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2
> > usb 1-1: r8712u: Firmware request failed
> > WARNING: CPU: 0 PID: 575 at net/core/dev.c:8152
> > rollback_registered_many+0x1f3/0xe70 net/core/dev.c:8152
> > Kernel panic - not syncing: panic_on_warn set ...
> > CPU: 0 PID: 575 Comm: kworker/0:4 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > Workqueue: usb_hub_wq hub_event
> > Call Trace:
> > __dump_stack lib/dump_stack.c:77 [inline]
> > dump_stack+0xe8/0x16e lib/dump_stack.c:113
> > panic+0x29d/0x5f2 kernel/panic.c:214
> > __warn.cold+0x20/0x48 kernel/panic.c:571
> > report_bug+0x262/0x2a0 lib/bug.c:186
> > fixup_bug arch/x86/kernel/traps.c:179 [inline]
> > fixup_bug arch/x86/kernel/traps.c:174 [inline]
> > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272
> > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291
> > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
> > RIP: 0010:rollback_registered_many+0x1f3/0xe70 net/core/dev.c:8152
> > Code: 05 00 00 31 ff 44 89 fe e8 5a 15 f3 f4 45 84 ff 0f 85 49 ff ff ff e8
> > 1c 14 f3 f4 0f 1f 44 00 00 e8 12 14 f3 f4 e8 0d 14 f3 f4 <0f> 0b 4c 89 e7
> > e8 33 72 f2 f6 31 ff 41 89 c4 89 c6 e8 27 15 f3 f4
> > RSP: 0018:ffff88809d087698 EFLAGS: 00010293
> > RAX: ffff88809d058000 RBX: ffff888096240000 RCX: ffffffff8c7eb146
> > RDX: 0000000000000000 RSI: ffffffff8c7eb163 RDI: 0000000000000001
> > RBP: ffff88809d0877c8 R08: ffff88809d058000 R09: fffffbfff2708111
> > R10: fffffbfff2708110 R11: ffffffff93840887 R12: ffff888096240070
> > R13: dffffc0000000000 R14: ffff88809d087758 R15: 0000000000000000
> > rollback_registered+0xf7/0x1c0 net/core/dev.c:8228
> > unregister_netdevice_queue net/core/dev.c:9275 [inline]
> > unregister_netdevice_queue+0x1dc/0x2b0 net/core/dev.c:9268
> > unregister_netdevice include/linux/netdevice.h:2655 [inline]
> > unregister_netdev+0x1d/0x30 net/core/dev.c:9316
> > r871xu_dev_remove+0xe7/0x223 drivers/staging/rtl8712/usb_intf.c:604
> > usb_unbind_interface+0x1c9/0x980 drivers/usb/core/driver.c:423
> > __device_release_driver drivers/base/dd.c:1082 [inline]
> > device_release_driver_internal+0x436/0x4f0 drivers/base/dd.c:1113
> > bus_remove_device+0x302/0x5c0 drivers/base/bus.c:556
> > device_del+0x467/0xb90 drivers/base/core.c:2269
> > usb_disable_device+0x242/0x790 drivers/usb/core/message.c:1235
> > usb_disconnect+0x298/0x870 drivers/usb/core/hub.c:2197
> > hub_port_connect drivers/usb/core/hub.c:4940 [inline]
> > hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
> > port_event drivers/usb/core/hub.c:5350 [inline]
> > hub_event+0xcd2/0x3b00 drivers/usb/core/hub.c:5432
> > process_one_work+0x90f/0x1580 kernel/workqueue.c:2269
> > process_scheduled_works kernel/workqueue.c:2331 [inline]
> > worker_thread+0x7b0/0xe20 kernel/workqueue.c:2417
> > kthread+0x313/0x420 kernel/kthread.c:253
> > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
> >
>
> +linux-usb mailing list
This USB bug is the most frequently triggered one right now with over
27k kernel crashes.
^ permalink raw reply
* Re: [PATCH V4 7/9] vhost: do not use RCU to synchronize MMU notifier with worker
From: Jason Wang @ 2019-08-07 14:02 UTC (permalink / raw)
To: Jason Gunthorpe; +Cc: mst, kvm, virtualization, netdev, linux-kernel, linux-mm
In-Reply-To: <20190807120738.GB1557@ziepe.ca>
On 2019/8/7 下午8:07, Jason Gunthorpe wrote:
> On Wed, Aug 07, 2019 at 03:06:15AM -0400, Jason Wang wrote:
>> We used to use RCU to synchronize MMU notifier with worker. This leads
>> calling synchronize_rcu() in invalidate_range_start(). But on a busy
>> system, there would be many factors that may slow down the
>> synchronize_rcu() which makes it unsuitable to be called in MMU
>> notifier.
>>
>> So this patch switches use seqlock counter to track whether or not the
>> map was used. The counter was increased when vq try to start or finish
>> uses the map. This means, when it was even, we're sure there's no
>> readers and MMU notifier is synchronized. When it was odd, it means
>> there's a reader we need to wait it to be even again then we are
>> synchronized. Consider the read critical section is pretty small the
>> synchronization should be done very fast.
>>
>> Reported-by: Michael S. Tsirkin <mst@redhat.com>
>> Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> drivers/vhost/vhost.c | 141 ++++++++++++++++++++++++++----------------
>> drivers/vhost/vhost.h | 7 ++-
>> 2 files changed, 90 insertions(+), 58 deletions(-)
>>
>> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
>> index cfc11f9ed9c9..57bfbb60d960 100644
>> +++ b/drivers/vhost/vhost.c
>> @@ -324,17 +324,16 @@ static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)
>>
>> spin_lock(&vq->mmu_lock);
>> for (i = 0; i < VHOST_NUM_ADDRS; i++) {
>> - map[i] = rcu_dereference_protected(vq->maps[i],
>> - lockdep_is_held(&vq->mmu_lock));
>> + map[i] = vq->maps[i];
>> if (map[i]) {
>> vhost_set_map_dirty(vq, map[i], i);
>> - rcu_assign_pointer(vq->maps[i], NULL);
>> + vq->maps[i] = NULL;
>> }
>> }
>> spin_unlock(&vq->mmu_lock);
>>
>> - /* No need for synchronize_rcu() or kfree_rcu() since we are
>> - * serialized with memory accessors (e.g vq mutex held).
>> + /* No need for synchronization since we are serialized with
>> + * memory accessors (e.g vq mutex held).
>> */
>>
>> for (i = 0; i < VHOST_NUM_ADDRS; i++)
>> @@ -362,6 +361,40 @@ static bool vhost_map_range_overlap(struct vhost_uaddr *uaddr,
>> return !(end < uaddr->uaddr || start > uaddr->uaddr - 1 + uaddr->size);
>> }
>>
>> +static void inline vhost_vq_access_map_begin(struct vhost_virtqueue *vq)
>> +{
>> + write_seqcount_begin(&vq->seq);
>> +}
>> +
>> +static void inline vhost_vq_access_map_end(struct vhost_virtqueue *vq)
>> +{
>> + write_seqcount_end(&vq->seq);
>> +}
> The write side of a seqlock only provides write barriers. Access to
>
> map = vq->maps[VHOST_ADDR_USED];
>
> Still needs a read side barrier, and then I think this will be no
> better than a normal spinlock.
>
> It also doesn't seem like this algorithm even needs a seqlock, as this
> is just a one bit flag
Right, so then I tend to use spinlock first for correctness.
>
> atomic_set_bit(using map)
> smp_mb__after_atomic()
> .. maps [...]
> atomic_clear_bit(using map)
>
>
> map = NULL;
> smp_mb__before_atomic();
> while (atomic_read_bit(using map))
> relax()
>
> Again, not clear this could be faster than a spinlock when the
> barriers are correct...
Yes, for next release we may want to use the idea from Michael like to
mitigate the impact of mb.
https://lwn.net/Articles/775871/
Thanks
>
> Jason
^ permalink raw reply
* Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Andy Lutomirski @ 2019-08-07 13:52 UTC (permalink / raw)
To: Lorenz Bauer
Cc: Andy Lutomirski, Alexei Starovoitov, Song Liu, Kees Cook,
Networking, bpf, Alexei Starovoitov, Daniel Borkmann, Kernel Team,
Jann Horn, Greg KH, Linux API, LSM List
In-Reply-To: <CACAyw9_fVZFW_x4uyTAiRfeH6oq1KHv0uB2wO84u5JZyD+Unaw@mail.gmail.com>
> On Aug 7, 2019, at 2:03 AM, Lorenz Bauer <lmb@cloudflare.com> wrote:
>
>> On Wed, 7 Aug 2019 at 06:24, Andy Lutomirski <luto@kernel.org> wrote:
>> a) Those that, by design, control privileged operations. This
>> includes most attach calls, but it also includes allow_ptr_leaks,
>> bpf_probe_read(), and quite a few other things. It also includes all
>> of the by_id calls, I think, unless some clever modification to the
>> way they worked would isolate different users' objects. I think that
>> persistent objects can do pretty much everything that by_id users
>> would need, so this isn't a big deal.
>
> Slightly OT, since this is an implementation question: GET_MAP_FD_BY_ID
> is useful to iterate a nested map. This isn't covered by rights to
> persistent objects,
> so it would need some thought.
>
>
A call to get an fd to a map referenced by a map to which you already have an fd seems reasonable to me. The new fd would inherit the old fd’s access mode.
^ permalink raw reply
* Re: [PATCH] net: fec: Allow the driver to be built for ARM64 SoCs such as i.MX8
From: Schrempf Frieder @ 2019-08-07 13:25 UTC (permalink / raw)
To: Fabio Estevam
Cc: David S. Miller, Ioana Radulescu, Claudiu Manoil, Thomas Gleixner,
Yangbo Lu, netdev@vger.kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: <CAOMZO5C61NjX5=7FJj7WpQW=cSvBRi4ADKonUp3CRXtUkSqwCQ@mail.gmail.com>
On 07.08.19 14:20, Fabio Estevam wrote:
> Hi Frieder,
>
> On Wed, Aug 7, 2019 at 9:04 AM Schrempf Frieder
> <frieder.schrempf@kontron.de> wrote:
>>
>> From: Frieder Schrempf <frieder.schrempf@kontron.de>
>>
>> The FEC ethernet controller is used in some ARM64 SoCs such as i.MX8.
>> To make use of it, append ARM64 to the list of dependencies.
>
> ARCH_MXC is also used by i.MX8, so there is no need for such change.
You're right of course. I somehow managed to mess up my defconfig. I
started over with a clean config from arch/arm64/configs/defconfig and
everything seems fine now. Sorry for the noise.
>
> By the way: arch/arm64/configs/defconfig has CONFIG_FEC=y by default.
>
^ permalink raw reply
* Re: [PATCH net-next] net: dsa: sja1105: remove set but not used variables 'tx_vid' and 'rx_vid'
From: Vladimir Oltean @ 2019-08-07 13:20 UTC (permalink / raw)
To: YueHaibing
Cc: David S. Miller, Andrew Lunn, Vivien Didelot, Florian Fainelli,
lkml, netdev
In-Reply-To: <CA+h21hrrWGrw4kiTfjowWvQ-B6sNPLAcgTaaadA02ZAmYw1SjQ@mail.gmail.com>
On Wed, 7 Aug 2019 at 16:19, Vladimir Oltean <olteanv@gmail.com> wrote:
>
> On Wed, 7 Aug 2019 at 16:09, YueHaibing <yuehaibing@huawei.com> wrote:
> >
> > Fixes gcc '-Wunused-but-set-variable' warning:
> >
> > drivers/net/dsa/sja1105/sja1105_main.c: In function sja1105_fdb_dump:
> > drivers/net/dsa/sja1105/sja1105_main.c:1226:14: warning:
> > variable tx_vid set but not used [-Wunused-but-set-variable]
> > drivers/net/dsa/sja1105/sja1105_main.c:1226:6: warning:
> > variable rx_vid set but not used [-Wunused-but-set-variable]
> >
> > They are not used since commit 6d7c7d948a2e ("net: dsa:
> > sja1105: Fix broken learning with vlan_filtering disabled")
> >
> > Reported-by: Hulk Robot <hulkci@huawei.com>
> > Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> > ---
>
> Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
This patch should also go to the "net" tree.
>
> > drivers/net/dsa/sja1105/sja1105_main.c | 4 ----
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/drivers/net/dsa/sja1105/sja1105_main.c b/drivers/net/dsa/sja1105/sja1105_main.c
> > index d073baf..df976b25 100644
> > --- a/drivers/net/dsa/sja1105/sja1105_main.c
> > +++ b/drivers/net/dsa/sja1105/sja1105_main.c
> > @@ -1223,12 +1223,8 @@ static int sja1105_fdb_dump(struct dsa_switch *ds, int port,
> > {
> > struct sja1105_private *priv = ds->priv;
> > struct device *dev = ds->dev;
> > - u16 rx_vid, tx_vid;
> > int i;
> >
> > - rx_vid = dsa_8021q_rx_vid(ds, port);
> > - tx_vid = dsa_8021q_tx_vid(ds, port);
> > -
> > for (i = 0; i < SJA1105_MAX_L2_LOOKUP_COUNT; i++) {
> > struct sja1105_l2_lookup_entry l2_lookup = {0};
> > u8 macaddr[ETH_ALEN];
> > --
> > 2.7.4
> >
> >
^ permalink raw reply
* Re: [PATCH 06/16] net: phy: adin: support PHY mode converters
From: Andrew Lunn @ 2019-08-07 13:20 UTC (permalink / raw)
To: Ardelean, Alexandru
Cc: davem@davemloft.net, hkallweit1@gmail.com, mark.rutland@arm.com,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, f.fainelli@gmail.com, robh+dt@kernel.org
In-Reply-To: <7747cb845a9122004b9565f444b4719170f74b35.camel@analog.com>
> Is it ok if we defer the solution for this drivers/patchset?
Yes, not a problem if phy-mode means phy-mode.
Andrew
^ permalink raw reply
* Re: [PATCH net-next] net: dsa: sja1105: remove set but not used variables 'tx_vid' and 'rx_vid'
From: Vladimir Oltean @ 2019-08-07 13:19 UTC (permalink / raw)
To: YueHaibing
Cc: David S. Miller, Andrew Lunn, Vivien Didelot, Florian Fainelli,
lkml, netdev
In-Reply-To: <20190807130856.60792-1-yuehaibing@huawei.com>
On Wed, 7 Aug 2019 at 16:09, YueHaibing <yuehaibing@huawei.com> wrote:
>
> Fixes gcc '-Wunused-but-set-variable' warning:
>
> drivers/net/dsa/sja1105/sja1105_main.c: In function sja1105_fdb_dump:
> drivers/net/dsa/sja1105/sja1105_main.c:1226:14: warning:
> variable tx_vid set but not used [-Wunused-but-set-variable]
> drivers/net/dsa/sja1105/sja1105_main.c:1226:6: warning:
> variable rx_vid set but not used [-Wunused-but-set-variable]
>
> They are not used since commit 6d7c7d948a2e ("net: dsa:
> sja1105: Fix broken learning with vlan_filtering disabled")
>
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
> drivers/net/dsa/sja1105/sja1105_main.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/net/dsa/sja1105/sja1105_main.c b/drivers/net/dsa/sja1105/sja1105_main.c
> index d073baf..df976b25 100644
> --- a/drivers/net/dsa/sja1105/sja1105_main.c
> +++ b/drivers/net/dsa/sja1105/sja1105_main.c
> @@ -1223,12 +1223,8 @@ static int sja1105_fdb_dump(struct dsa_switch *ds, int port,
> {
> struct sja1105_private *priv = ds->priv;
> struct device *dev = ds->dev;
> - u16 rx_vid, tx_vid;
> int i;
>
> - rx_vid = dsa_8021q_rx_vid(ds, port);
> - tx_vid = dsa_8021q_tx_vid(ds, port);
> -
> for (i = 0; i < SJA1105_MAX_L2_LOOKUP_COUNT; i++) {
> struct sja1105_l2_lookup_entry l2_lookup = {0};
> u8 macaddr[ETH_ALEN];
> --
> 2.7.4
>
>
^ permalink raw reply
* [PATCH net] net: phy: rtl8211f: do a double read to get real time link status
From: Yonglong Liu @ 2019-08-07 13:16 UTC (permalink / raw)
To: davem, andrew, hkallweit1
Cc: netdev, linux-kernel, linuxarm, salil.mehta, yisen.zhuang,
shiju.jose
[ 27.232781] hns3 0000:bd:00.3 eth7: net open
[ 27.237303] 8021q: adding VLAN 0 to HW filter on device eth7
[ 27.242972] IPv6: ADDRCONF(NETDEV_CHANGE): eth7: link becomes ready
[ 27.244449] hns3 0000:bd:00.3: invalid speed (-1)
[ 27.253904] hns3 0000:bd:00.3 eth7: failed to adjust link.
[ 27.259379] RTL8211F Gigabit Ethernet mii-0000:bd:00.3:07: PHY state change UP -> RUNNING
[ 27.924903] hns3 0000:bd:00.3 eth7: link up
[ 28.280479] RTL8211F Gigabit Ethernet mii-0000:bd:00.3:07: PHY state change RUNNING -> NOLINK
[ 29.208452] hns3 0000:bd:00.3 eth7: link down
[ 32.376745] RTL8211F Gigabit Ethernet mii-0000:bd:00.3:07: PHY state change NOLINK -> RUNNING
[ 33.208448] hns3 0000:bd:00.3 eth7: link up
[ 35.253821] hns3 0000:bd:00.3 eth7: net stop
[ 35.258270] hns3 0000:bd:00.3 eth7: link down
When using rtl8211f in polling mode, may get a invalid speed,
because of reading a fake link up and autoneg complete status
immediately after starting autoneg:
ifconfig-1176 [007] .... 27.232763: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x00 val:0x1040
kworker/u257:1-670 [015] .... 27.232805: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x04 val:0x01e1
kworker/u257:1-670 [015] .... 27.232815: mdio_access: mii-0000:bd:00.3 write phy:0x07 reg:0x04 val:0x05e1
kworker/u257:1-670 [015] .... 27.232869: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x01 val:0x79ad
kworker/u257:1-670 [015] .... 27.232904: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x09 val:0x0200
kworker/u257:1-670 [015] .... 27.232940: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x00 val:0x1040
kworker/u257:1-670 [015] .... 27.232949: mdio_access: mii-0000:bd:00.3 write phy:0x07 reg:0x00 val:0x1240
kworker/u257:1-670 [015] .... 27.233003: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x01 val:0x79ad
kworker/u257:1-670 [015] .... 27.233039: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x0a val:0x3002
kworker/u257:1-670 [015] .... 27.233074: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x09 val:0x0200
kworker/u257:1-670 [015] .... 27.233110: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x05 val:0x0000
kworker/u257:1-670 [000] .... 28.280475: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x01 val:0x7989
kworker/u257:1-670 [000] .... 29.304471: mdio_access: mii-0000:bd:00.3 read phy:0x07 reg:0x01 val:0x7989
According to the datasheet of rtl8211f, to get the real time
link status, need to read MII_BMSR twice.
This patch add a read_status hook for rtl8211f, and do a fake
phy_read before genphy_read_status(), so that can get real link
status in genphy_read_status().
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
---
drivers/net/phy/realtek.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/phy/realtek.c b/drivers/net/phy/realtek.c
index a669945..92e27d5 100644
--- a/drivers/net/phy/realtek.c
+++ b/drivers/net/phy/realtek.c
@@ -256,6 +256,18 @@ static int rtl8366rb_config_init(struct phy_device *phydev)
return ret;
}
+static int rtl8211f_read_status(struct phy_device *phydev)
+{
+ int status;
+
+ /* do a fake read */
+ status = phy_read(phydev, MII_BMSR);
+ if (status < 0)
+ return status;
+
+ return genphy_read_status(phydev);
+}
+
static struct phy_driver realtek_drvs[] = {
{
PHY_ID_MATCH_EXACT(0x00008201),
@@ -325,6 +337,7 @@ static struct phy_driver realtek_drvs[] = {
.resume = genphy_resume,
.read_page = rtl821x_read_page,
.write_page = rtl821x_write_page,
+ .read_status = rtl8211f_read_status,
}, {
PHY_ID_MATCH_EXACT(0x001cc800),
.name = "Generic Realtek PHY",
--
2.8.1
^ permalink raw reply related
* [PATCH net-next] fq_codel: remove set but not used variables 'prev_ecn_mark' and 'prev_drop_count'
From: YueHaibing @ 2019-08-07 13:10 UTC (permalink / raw)
To: davem, jhs, xiyou.wangcong, jiri, dave.taht
Cc: linux-kernel, netdev, YueHaibing
Fixes gcc '-Wunused-but-set-variable' warning:
net/sched/sch_fq_codel.c: In function fq_codel_dequeue:
net/sched/sch_fq_codel.c:288:23: warning: variable prev_ecn_mark set but not used [-Wunused-but-set-variable]
net/sched/sch_fq_codel.c:288:6: warning: variable prev_drop_count set but not used [-Wunused-but-set-variable]
They are not used since commit 77ddaff218fc ("fq_codel: Kill
useless per-flow dropped statistic")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
net/sched/sch_fq_codel.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c
index 9edd0f4..c261c0a 100644
--- a/net/sched/sch_fq_codel.c
+++ b/net/sched/sch_fq_codel.c
@@ -285,7 +285,6 @@ static struct sk_buff *fq_codel_dequeue(struct Qdisc *sch)
struct sk_buff *skb;
struct fq_codel_flow *flow;
struct list_head *head;
- u32 prev_drop_count, prev_ecn_mark;
begin:
head = &q->new_flows;
@@ -302,9 +301,6 @@ static struct sk_buff *fq_codel_dequeue(struct Qdisc *sch)
goto begin;
}
- prev_drop_count = q->cstats.drop_count;
- prev_ecn_mark = q->cstats.ecn_mark;
-
skb = codel_dequeue(sch, &sch->qstats.backlog, &q->cparams,
&flow->cvars, &q->cstats, qdisc_pkt_len,
codel_get_enqueue_time, drop_func, dequeue_func);
--
2.7.4
^ permalink raw reply related
* [PATCH net-next] net: dsa: sja1105: remove set but not used variables 'tx_vid' and 'rx_vid'
From: YueHaibing @ 2019-08-07 13:08 UTC (permalink / raw)
To: davem, olteanv, andrew, vivien.didelot, f.fainelli
Cc: linux-kernel, netdev, YueHaibing
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/net/dsa/sja1105/sja1105_main.c: In function sja1105_fdb_dump:
drivers/net/dsa/sja1105/sja1105_main.c:1226:14: warning:
variable tx_vid set but not used [-Wunused-but-set-variable]
drivers/net/dsa/sja1105/sja1105_main.c:1226:6: warning:
variable rx_vid set but not used [-Wunused-but-set-variable]
They are not used since commit 6d7c7d948a2e ("net: dsa:
sja1105: Fix broken learning with vlan_filtering disabled")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
drivers/net/dsa/sja1105/sja1105_main.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/net/dsa/sja1105/sja1105_main.c b/drivers/net/dsa/sja1105/sja1105_main.c
index d073baf..df976b25 100644
--- a/drivers/net/dsa/sja1105/sja1105_main.c
+++ b/drivers/net/dsa/sja1105/sja1105_main.c
@@ -1223,12 +1223,8 @@ static int sja1105_fdb_dump(struct dsa_switch *ds, int port,
{
struct sja1105_private *priv = ds->priv;
struct device *dev = ds->dev;
- u16 rx_vid, tx_vid;
int i;
- rx_vid = dsa_8021q_rx_vid(ds, port);
- tx_vid = dsa_8021q_tx_vid(ds, port);
-
for (i = 0; i < SJA1105_MAX_L2_LOOKUP_COUNT; i++) {
struct sja1105_l2_lookup_entry l2_lookup = {0};
u8 macaddr[ETH_ALEN];
--
2.7.4
^ permalink raw reply related
* Re: [PATCH net] netdevsim: Restore per-network namespace accounting for fib entries
From: Jiri Pirko @ 2019-08-07 13:07 UTC (permalink / raw)
To: David Ahern; +Cc: Jakub Kicinski, David Ahern, davem, netdev
In-Reply-To: <dd568650-d5e7-62ee-4fde-db7b68b8962d@gmail.com>
Wed, Aug 07, 2019 at 02:39:56PM CEST, dsahern@gmail.com wrote:
>On 8/7/19 12:27 AM, Jiri Pirko wrote:
>> Wed, Aug 07, 2019 at 12:32:14AM CEST, jakub.kicinski@netronome.com wrote:
>>> On Tue, 6 Aug 2019 12:15:17 -0700, David Ahern wrote:
>>>> From: David Ahern <dsahern@gmail.com>
>>>>
>>>> Prior to the commit in the fixes tag, the resource controller in netdevsim
>>>> tracked fib entries and rules per network namespace. Restore that behavior.
>>>>
>>>> Fixes: 5fc494225c1e ("netdevsim: create devlink instance per netdevsim instance")
>>>> Signed-off-by: David Ahern <dsahern@gmail.com>
>>>
>>> Thanks.
>>>
>>> Let's see what Jiri says, but to me this patch seems to indeed restore
>>> the original per-namespace accounting when the more natural way forward
>>> may perhaps be to make nsim only count the fib entries where
>>
>> I think that:
>> 1) netdevsim is a glorified dummy device for testing kernel api, not for
>> configuring per-namespace resource limitation.
>> 2) If the conclusion os to use devlink instead of cgroups for resourse
>> limitations, it should be done in a separate code, not in netdevsim.
>>
>> I would definitelly want to wait what is the result of discussion around 2)
>> first. But one way or another netdevsim code should not do this, I would
>> like to cutout the fib limitations from it instead, just to expose the
>> setup resource limits through debugfs like the rest of the configuration
>> of netdevsim.
>>
>>
>
>This is the most incredulous response. You break code you don't
>understand and argue that it should be left broken in older releases and
>ripped out in later ones rather than fixed back to its intent.
Yeah. I believe it was a mistake to add it in the first place. Abuses
netdevsim for something it is not. I'm fine to use devlink the way you
want to after we conclude 2), but outside netdevsim.
Again, netdevsim is there for config api testing purposes. If things
got broken, it is not that bit deal. I broke the way it is
instantiated significantly for example (iplink->sysfs).
>
>Again, the devlink resource controller was added by me specifically to
>test the ability to fail in-kernel fib notifiers. When I add the nexthop
>in-kernel notifier, netdevsim again provides a simple means of testing it.
>
>It satisfies all of the conditions and intents of netdevsim - test
>kernel APIs without hardware.
Well, what you want to do is limit kernel sw resources per-namespace.
^ permalink raw reply
* Re: [PATCH net-next 5/5] r8152: change rx_frag_head_sz and rx_max_agg_num dynamically
From: Maciej Fijalkowski @ 2019-08-07 12:43 UTC (permalink / raw)
To: Hayes Wang
Cc: Jakub Kicinski, netdev@vger.kernel.org, nic_swsd,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
In-Reply-To: <0835B3720019904CB8F7AA43166CEEB2F18D06C5@RTITMBSVM03.realtek.com.tw>
On Wed, 7 Aug 2019 07:12:32 +0000
Hayes Wang <hayeswang@realtek.com> wrote:
> Jakub Kicinski [mailto:jakub.kicinski@netronome.com]
> > Sent: Wednesday, August 07, 2019 6:10 AM
> [...]
> > Please don't expose those via sysfs. Ethtool's copybreak and descriptor
> > count should be applicable here, I think.
>
> Excuse me.
> I find struct ethtool_tunable for ETHTOOL_RX_COPYBREAK.
> How about the descriptor count?
Look how drivers implement ethtool's set_ringparam ops.
Thanks,
Maciej
>
>
> Best Regards,
> Hayes
>
>
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox