* [PATCH nf-next 1/2] netfilter: nf_tables: restore check for NFTA_SET_ELEM_LIST_ELEMENTS
@ 2016-12-06 13:45 Pablo Neira Ayuso
2016-12-06 13:45 ` [PATCH nf-next 2/2] netfilter: nft_counter: move counter reset into separated function Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-06 13:45 UTC (permalink / raw)
To: netfilter-devel
It seems git rebase and branch rmerge resulted patching the wrong spot,
restore check when adding elements, remove it from the deletion path so
flushing sets still works. The original patch applying this chunk in the
right spot: http://patchwork.ozlabs.org/patch/702919/.
Fixes: 34d360415a92 ("netfilter: nf_tables: support for set flushing")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 9ead6a7514c3..a019a87e58ee 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3767,6 +3767,9 @@ static int nf_tables_newsetelem(struct net *net, struct sock *nlsk,
struct nft_ctx ctx;
int rem, err = 0;
+ if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL)
+ return -EINVAL;
+
err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, genmask);
if (err < 0)
return err;
@@ -3917,9 +3920,6 @@ static int nf_tables_delsetelem(struct net *net, struct sock *nlsk,
struct nft_ctx ctx;
int rem, err = 0;
- if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL)
- return -EINVAL;
-
err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, genmask);
if (err < 0)
return err;
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nf-next 2/2] netfilter: nft_counter: move counter reset into separated function
2016-12-06 13:45 [PATCH nf-next 1/2] netfilter: nf_tables: restore check for NFTA_SET_ELEM_LIST_ELEMENTS Pablo Neira Ayuso
@ 2016-12-06 13:45 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-06 13:45 UTC (permalink / raw)
To: netfilter-devel
This patch moves the reset path from nft_counter_fetch() to
nft_counter_reset(), this patch aims to solve gcc compilation warning:
net/netfilter/nft_counter.c: In function 'nft_counter_fetch':
>> net/netfilter/nft_counter.c:128:18: warning: 'packets' may be used
>> uninitialized in this function [-Wmaybe-uninitialized]
total->packets += packets;
^~
>> net/netfilter/nft_counter.c:129:16: warning: 'bytes' may be used
>> uninitialized in this function [-Wmaybe-uninitialized]
total->bytes += bytes;
^~
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_counter.c | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index 90e42140ee7b..3d2ff23be8d6 100644
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -101,7 +101,7 @@ static void nft_counter_obj_destroy(struct nft_object *obj)
}
static void nft_counter_fetch(struct nft_counter_percpu __percpu *counter,
- struct nft_counter *total, bool reset)
+ struct nft_counter *total)
{
struct nft_counter_percpu *cpu_stats;
u64 bytes, packets;
@@ -110,19 +110,35 @@ static void nft_counter_fetch(struct nft_counter_percpu __percpu *counter,
memset(total, 0, sizeof(*total));
for_each_possible_cpu(cpu) {
- if (reset)
- bytes = packets = 0;
+ cpu_stats = per_cpu_ptr(counter, cpu);
+ do {
+ seq = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
+ bytes = cpu_stats->counter.bytes;
+ packets = cpu_stats->counter.packets;
+ } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, seq));
+
+ total->packets += packets;
+ total->bytes += bytes;
+ }
+}
+
+static void nft_counter_reset(struct nft_counter_percpu __percpu *counter,
+ struct nft_counter *total)
+{
+ struct nft_counter_percpu *cpu_stats;
+ u64 bytes, packets;
+ unsigned int seq;
+ int cpu;
+
+ memset(total, 0, sizeof(*total));
+ for_each_possible_cpu(cpu) {
+ bytes = packets = 0;
cpu_stats = per_cpu_ptr(counter, cpu);
do {
seq = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
- if (reset) {
- packets += xchg(&cpu_stats->counter.packets, 0);
- bytes += xchg(&cpu_stats->counter.bytes, 0);
- } else {
- bytes = cpu_stats->counter.bytes;
- packets = cpu_stats->counter.packets;
- }
+ packets += xchg(&cpu_stats->counter.packets, 0);
+ bytes += xchg(&cpu_stats->counter.bytes, 0);
} while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, seq));
total->packets += packets;
@@ -136,7 +152,10 @@ static int nft_counter_do_dump(struct sk_buff *skb,
{
struct nft_counter total;
- nft_counter_fetch(priv->counter, &total, reset);
+ if (reset)
+ nft_counter_reset(priv->counter, &total);
+ else
+ nft_counter_fetch(priv->counter, &total);
if (nla_put_be64(skb, NFTA_COUNTER_BYTES, cpu_to_be64(total.bytes),
NFTA_COUNTER_PAD) ||
@@ -215,7 +234,7 @@ static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
struct nft_counter_percpu *this_cpu;
struct nft_counter total;
- nft_counter_fetch(priv->counter, &total, false);
+ nft_counter_fetch(priv->counter, &total);
cpu_stats = __netdev_alloc_pcpu_stats(struct nft_counter_percpu,
GFP_ATOMIC);
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-06 13:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-06 13:45 [PATCH nf-next 1/2] netfilter: nf_tables: restore check for NFTA_SET_ELEM_LIST_ELEMENTS Pablo Neira Ayuso
2016-12-06 13:45 ` [PATCH nf-next 2/2] netfilter: nft_counter: move counter reset into separated function Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).