* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-14 19:41 [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks Florian Westphal
@ 2019-10-14 20:52 ` kbuild test robot
2019-10-15 2:58 ` kbuild test robot
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: kbuild test robot @ 2019-10-14 20:52 UTC (permalink / raw)
To: Florian Westphal; +Cc: kbuild-all, netfilter-devel, Florian Westphal
[-- Attachment #1: Type: text/plain, Size: 3532 bytes --]
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ctnetlink-don-t-dump-ct-extensions-of-unconfirmed-conntracks/20191015-040005
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-defconfig (attached as .config)
compiler: gcc-7 (Debian 7.4.0-13) 7.4.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_dump_extinfo':
>> net/netfilter/nf_conntrack_netlink.c:520:37: warning: passing argument 2 of 'ctnetlink_dump_ct_seq_adj' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:438:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_conntrack_netlink.c:521:38: warning: passing argument 2 of 'ctnetlink_dump_ct_synproxy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_synproxy(skb, ct) < 0)
^~
net/netfilter/nf_conntrack_netlink.c:462:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_synproxy(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_dump_info':
>> net/netfilter/nf_conntrack_netlink.c:542:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
vim +520 net/netfilter/nf_conntrack_netlink.c
508
509 /* all these functions access ct->ext. Caller must either hold a reference
510 * on ct or prevent its deletion by holding either the bucket spinlock or
511 * pcpu dying list lock.
512 */
513 static int ctnetlink_dump_extinfo(struct sk_buff *skb,
514 const struct nf_conn *ct, u32 type)
515 {
516 if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
517 ctnetlink_dump_timestamp(skb, ct) < 0 ||
518 ctnetlink_dump_helpinfo(skb, ct) < 0 ||
519 ctnetlink_dump_labels(skb, ct) < 0 ||
> 520 ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
> 521 ctnetlink_dump_ct_synproxy(skb, ct) < 0)
522 return -1;
523
524 return 0;
525 }
526
527 static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
528 {
529 if (ctnetlink_dump_status(skb, ct) < 0 ||
530 ctnetlink_dump_mark(skb, ct) < 0 ||
531 ctnetlink_dump_secctx(skb, ct) < 0 ||
532 ctnetlink_dump_id(skb, ct) < 0 ||
533 ctnetlink_dump_use(skb, ct) < 0 ||
534 ctnetlink_dump_master(skb, ct) < 0)
535 return -1;
536
537 if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
538 (ctnetlink_dump_timeout(skb, ct) < 0 ||
539 ctnetlink_dump_protoinfo(skb, ct) < 0))
540
541 return 0;
> 542 }
543
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 28153 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-14 19:41 [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks Florian Westphal
2019-10-14 20:52 ` kbuild test robot
@ 2019-10-15 2:58 ` kbuild test robot
2019-10-15 3:14 ` kbuild test robot
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: kbuild test robot @ 2019-10-15 2:58 UTC (permalink / raw)
To: Florian Westphal; +Cc: kbuild-all, netfilter-devel, Florian Westphal
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ctnetlink-don-t-dump-ct-extensions-of-unconfirmed-conntracks/20191015-040005
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
# sparse version: v0.6.1-rc1-43-g0ccb3b4-dirty
make ARCH=x86_64 allmodconfig
make C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__'
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nf_conntrack_netlink.c:520:44: sparse: sparse: incorrect type in argument 2 (different modifiers) @@ expected struct nf_conn *ct @@ got structstruct nf_conn *ct @@
>> net/netfilter/nf_conntrack_netlink.c:520:44: sparse: expected struct nf_conn *ct
>> net/netfilter/nf_conntrack_netlink.c:520:44: sparse: got struct nf_conn const *ct
net/netfilter/nf_conntrack_netlink.c:521:45: sparse: sparse: incorrect type in argument 2 (different modifiers) @@ expected struct nf_conn *ct @@ got structstruct nf_conn *ct @@
net/netfilter/nf_conntrack_netlink.c:521:45: sparse: expected struct nf_conn *ct
net/netfilter/nf_conntrack_netlink.c:521:45: sparse: got struct nf_conn const *ct
net/netfilter/nf_conntrack_netlink.c:1694:34: sparse: sparse: incompatible types in comparison expression (different address spaces):
net/netfilter/nf_conntrack_netlink.c:1694:34: sparse: struct nf_conntrack_helper [noderef] <asn:4> *
net/netfilter/nf_conntrack_netlink.c:1694:34: sparse: struct nf_conntrack_helper *
net/netfilter/nf_conntrack_netlink.c:3146:29: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected char const * @@ got char [noderechar const * @@
net/netfilter/nf_conntrack_netlink.c:3146:29: sparse: expected char const *
net/netfilter/nf_conntrack_netlink.c:3146:29: sparse: got char [noderef] <asn:4> *
net/netfilter/nf_conntrack_netlink.c:951:36: sparse: sparse: context imbalance in 'ctnetlink_dump_table' - unexpected unlock
include/linux/rcupdate.h:651:9: sparse: sparse: context imbalance in 'ctnetlink_parse_nat_setup' - unexpected unlock
vim +520 net/netfilter/nf_conntrack_netlink.c
508
509 /* all these functions access ct->ext. Caller must either hold a reference
510 * on ct or prevent its deletion by holding either the bucket spinlock or
511 * pcpu dying list lock.
512 */
513 static int ctnetlink_dump_extinfo(struct sk_buff *skb,
514 const struct nf_conn *ct, u32 type)
515 {
516 if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
517 ctnetlink_dump_timestamp(skb, ct) < 0 ||
518 ctnetlink_dump_helpinfo(skb, ct) < 0 ||
519 ctnetlink_dump_labels(skb, ct) < 0 ||
> 520 ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
521 ctnetlink_dump_ct_synproxy(skb, ct) < 0)
522 return -1;
523
524 return 0;
525 }
526
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-14 19:41 [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks Florian Westphal
2019-10-14 20:52 ` kbuild test robot
2019-10-15 2:58 ` kbuild test robot
@ 2019-10-15 3:14 ` kbuild test robot
2019-10-15 9:23 ` Dan Carpenter
2019-10-15 21:06 ` Jeremy Sowden
4 siblings, 0 replies; 8+ messages in thread
From: kbuild test robot @ 2019-10-15 3:14 UTC (permalink / raw)
To: Florian Westphal; +Cc: kbuild-all, netfilter-devel, Florian Westphal
[-- Attachment #1: Type: text/plain, Size: 14967 bytes --]
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ctnetlink-don-t-dump-ct-extensions-of-unconfirmed-conntracks/20191015-040005
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-g004-201941 (attached as .config)
compiler: gcc-7 (Debian 7.4.0-13) 7.4.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_dump_extinfo':
net/netfilter/nf_conntrack_netlink.c:520:37: warning: passing argument 2 of 'ctnetlink_dump_ct_seq_adj' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
^
include/linux/compiler.h:58:52: note: in definition of macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:438:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c:521:38: warning: passing argument 2 of 'ctnetlink_dump_ct_synproxy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_synproxy(skb, ct) < 0)
^
include/linux/compiler.h:58:52: note: in definition of macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:462:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_synproxy(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c:520:37: warning: passing argument 2 of 'ctnetlink_dump_ct_seq_adj' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
^
include/linux/compiler.h:58:61: note: in definition of macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:438:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c:521:38: warning: passing argument 2 of 'ctnetlink_dump_ct_synproxy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_synproxy(skb, ct) < 0)
^
include/linux/compiler.h:58:61: note: in definition of macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:462:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_synproxy(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c:520:37: warning: passing argument 2 of 'ctnetlink_dump_ct_seq_adj' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
^
include/linux/compiler.h:69:3: note: in definition of macro '__trace_if_value'
(cond) ? \
^~~~
include/linux/compiler.h:56:28: note: in expansion of macro '__trace_if_var'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~~~~~~~~~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:438:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/init.h:5:0,
from net/netfilter/nf_conntrack_netlink.c:18:
net/netfilter/nf_conntrack_netlink.c:521:38: warning: passing argument 2 of 'ctnetlink_dump_ct_synproxy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ctnetlink_dump_ct_synproxy(skb, ct) < 0)
^
include/linux/compiler.h:69:3: note: in definition of macro '__trace_if_value'
(cond) ? \
^~~~
include/linux/compiler.h:56:28: note: in expansion of macro '__trace_if_var'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~~~~~~~~~~~
>> net/netfilter/nf_conntrack_netlink.c:516:2: note: in expansion of macro 'if'
if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
^~
net/netfilter/nf_conntrack_netlink.c:462:12: note: expected 'struct nf_conn *' but argument is of type 'const struct nf_conn *'
static int ctnetlink_dump_ct_synproxy(struct sk_buff *skb, struct nf_conn *ct)
^~~~~~~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_dump_info':
net/netfilter/nf_conntrack_netlink.c:542:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
Cyclomatic Complexity 5 include/linux/compiler.h:__read_once_size
Cyclomatic Complexity 5 include/linux/compiler.h:__write_once_size
Cyclomatic Complexity 1 include/linux/kasan-checks.h:kasan_check_read
Cyclomatic Complexity 1 include/linux/kasan-checks.h:kasan_check_write
Cyclomatic Complexity 4 arch/x86/include/asm/bitops.h:arch_set_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:arch___set_bit
Cyclomatic Complexity 4 arch/x86/include/asm/bitops.h:arch_clear_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:constant_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:variable_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:fls
Cyclomatic Complexity 1 include/asm-generic/bitops-instrumented.h:set_bit
Cyclomatic Complexity 1 include/asm-generic/bitops-instrumented.h:__set_bit
Cyclomatic Complexity 1 include/asm-generic/bitops-instrumented.h:clear_bit
Cyclomatic Complexity 1 include/uapi/linux/byteorder/little_endian.h:__le32_to_cpup
Cyclomatic Complexity 1 include/linux/log2.h:__ilog2_u32
Cyclomatic Complexity 2 arch/x86/include/asm/jump_label.h:arch_static_branch_jump
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:arch_atomic_read
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:arch_atomic_inc
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:arch_atomic_dec_and_test
Cyclomatic Complexity 3 arch/x86/include/asm/atomic.h:arch_atomic_try_cmpxchg
Cyclomatic Complexity 1 arch/x86/include/asm/atomic64_32.h:arch_atomic64_xchg
Cyclomatic Complexity 1 arch/x86/include/asm/atomic64_32.h:arch_atomic64_read
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic_read
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic_inc
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic_try_cmpxchg
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic_dec_and_test
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic64_read
Cyclomatic Complexity 1 include/asm-generic/atomic-instrumented.h:atomic64_xchg
Cyclomatic Complexity 1 include/linux/err.h:ERR_PTR
Cyclomatic Complexity 1 include/linux/err.h:PTR_ERR
Cyclomatic Complexity 9 arch/x86/include/asm/preempt.h:__preempt_count_add
Cyclomatic Complexity 9 arch/x86/include/asm/preempt.h:__preempt_count_sub
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_lock_bh
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_unlock
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_unlock_bh
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_lock
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_unlock
Cyclomatic Complexity 5 include/linux/rcupdate.h:rcu_read_lock
Cyclomatic Complexity 1 include/linux/ktime.h:ktime_to_ns
Cyclomatic Complexity 1 include/linux/list_nulls.h:is_a_nulls
Cyclomatic Complexity 4 include/linux/slab.h:kmalloc_type
Cyclomatic Complexity 84 include/linux/slab.h:kmalloc_index
Cyclomatic Complexity 1 include/linux/slab.h:kmalloc_large
Cyclomatic Complexity 10 include/linux/slab.h:kmalloc
Cyclomatic Complexity 1 include/linux/slab.h:kzalloc
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_is_nonlinear
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_tail_pointer
Cyclomatic Complexity 2 include/linux/skbuff.h:skb_tailroom
Cyclomatic Complexity 1 include/net/net_namespace.h:net_eq
Cyclomatic Complexity 1 include/net/net_namespace.h:read_pnet
Cyclomatic Complexity 5 include/linux/netfilter.h:nf_inet_addr_cmp
Cyclomatic Complexity 1 include/net/netlink.h:nlmsg_msg_size
Cyclomatic Complexity 1 include/net/netlink.h:nlmsg_total_size
Cyclomatic Complexity 1 include/net/netlink.h:nlmsg_data
Cyclomatic Complexity 1 include/net/netlink.h:nlmsg_report
Cyclomatic Complexity 1 include/net/netlink.h:nlmsg_end
Cyclomatic Complexity 1 include/net/netlink.h:nla_data
Cyclomatic Complexity 1 include/net/netlink.h:nla_len
Cyclomatic Complexity 1 include/net/netlink.h:nla_get_be32
Cyclomatic Complexity 1 include/net/netlink.h:nla_get_u8
Cyclomatic Complexity 1 include/net/netlink.h:nla_get_in_addr
Cyclomatic Complexity 1 include/net/netlink.h:nla_nest_end
Cyclomatic Complexity 1 include/net/sock.h:sock_net
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_tuplehash_to_ctrack
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_l3num
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_protonum
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_net
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_expires
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack.h:nf_ct_is_expired
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_zones.h:nf_ct_zone
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_zones.h:nf_ct_zone_init
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_extend.h:__nf_ct_ext_exist
Cyclomatic Complexity 3 include/net/netfilter/nf_conntrack_extend.h:nf_ct_ext_exist
Cyclomatic Complexity 3 include/net/netfilter/nf_conntrack_extend.h:__nf_ct_ext_find
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_ecache.h:nf_ct_ecache_ext_add
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_ecache.h:nf_conntrack_eventmask_report
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_helper.h:nfct_help
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_seqadj.h:nfct_seqadj
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_acct.h:nf_conn_acct_find
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_timestamp.h:nf_conn_tstamp_find
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_timestamp.h:nf_ct_tstamp_ext_add
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_labels.h:nf_ct_labels_ext_add
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_synproxy.h:nfct_synproxy
Cyclomatic Complexity 1 include/net/netfilter/nf_conntrack_synproxy.h:nfct_synproxy_ext_add
Cyclomatic Complexity 1 include/linux/netfilter/nfnetlink.h:nfnl_msg_type
Cyclomatic Complexity 1 net/netfilter/nf_conntrack_netlink.c:ctnetlink_attach_labels
Cyclomatic Complexity 1 net/netfilter/nf_conntrack_netlink.c:expect_iter_all
Cyclomatic Complexity 1 net/netfilter/nf_conntrack_netlink.c:ctnetlink_net_init
Cyclomatic Complexity 1 net/netfilter/nf_conntrack_netlink.c:ctnetlink_net_exit
Cyclomatic Complexity 2 net/netfilter/nf_conntrack_netlink.c:ctnetlink_net_exit_batch
Cyclomatic Complexity 2 include/asm-generic/bitops-instrumented.h:test_bit
vim +/if +516 net/netfilter/nf_conntrack_netlink.c
508
509 /* all these functions access ct->ext. Caller must either hold a reference
510 * on ct or prevent its deletion by holding either the bucket spinlock or
511 * pcpu dying list lock.
512 */
513 static int ctnetlink_dump_extinfo(struct sk_buff *skb,
514 const struct nf_conn *ct, u32 type)
515 {
> 516 if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
517 ctnetlink_dump_timestamp(skb, ct) < 0 ||
518 ctnetlink_dump_helpinfo(skb, ct) < 0 ||
519 ctnetlink_dump_labels(skb, ct) < 0 ||
520 ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
521 ctnetlink_dump_ct_synproxy(skb, ct) < 0)
522 return -1;
523
524 return 0;
525 }
526
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 36004 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-14 19:41 [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks Florian Westphal
` (2 preceding siblings ...)
2019-10-15 3:14 ` kbuild test robot
@ 2019-10-15 9:23 ` Dan Carpenter
2019-10-15 21:06 ` Jeremy Sowden
4 siblings, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2019-10-15 9:23 UTC (permalink / raw)
To: kbuild, Florian Westphal; +Cc: kbuild-all, netfilter-devel, Florian Westphal
Hi Florian,
I love your patch! Perhaps something to improve:
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ctnetlink-don-t-dump-ct-extensions-of-unconfirmed-conntracks/20191015-040005
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
net/netfilter/nf_conntrack_netlink.c:537 ctnetlink_dump_info() warn: if statement not indented
# https://github.com/0day-ci/linux/commit/c8040548c0416425c95ae3b7008ef5d829168d3b
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout c8040548c0416425c95ae3b7008ef5d829168d3b
vim +537 net/netfilter/nf_conntrack_netlink.c
c8040548c04164 Florian Westphal 2019-10-14 527 static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
c8040548c04164 Florian Westphal 2019-10-14 528 {
c8040548c04164 Florian Westphal 2019-10-14 529 if (ctnetlink_dump_status(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 530 ctnetlink_dump_mark(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 531 ctnetlink_dump_secctx(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 532 ctnetlink_dump_id(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 533 ctnetlink_dump_use(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 534 ctnetlink_dump_master(skb, ct) < 0)
c8040548c04164 Florian Westphal 2019-10-14 535 return -1;
c8040548c04164 Florian Westphal 2019-10-14 536
c8040548c04164 Florian Westphal 2019-10-14 @537 if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
c8040548c04164 Florian Westphal 2019-10-14 538 (ctnetlink_dump_timeout(skb, ct) < 0 ||
c8040548c04164 Florian Westphal 2019-10-14 539 ctnetlink_dump_protoinfo(skb, ct) < 0))
Part of the "return -EINVAL;" commit must be missing. This should
generate a compile warning about reaching the end of a non-void
function.
c8040548c04164 Florian Westphal 2019-10-14 540
c8040548c04164 Florian Westphal 2019-10-14 541 return 0;
c8040548c04164 Florian Westphal 2019-10-14 542 }
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-14 19:41 [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks Florian Westphal
` (3 preceding siblings ...)
2019-10-15 9:23 ` Dan Carpenter
@ 2019-10-15 21:06 ` Jeremy Sowden
2019-10-15 21:22 ` Florian Westphal
4 siblings, 1 reply; 8+ messages in thread
From: Jeremy Sowden @ 2019-10-15 21:06 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 5414 bytes --]
On 2019-10-14, at 21:41:41 +0200, Florian Westphal wrote:
> When dumping the unconfirmed lists, the cpu that is processing the ct
> entry can realloc ct->ext at any time.
>
> Accessing extensions from another CPU is ok provided rcu read lock is
> held.
>
> Once extension space will be reallocated with plain krealloc this
> isn't used anymore.
>
> Dumping the extension area for confirmed or dying conntracks is fine:
> no reallocations are allowed and list iteration holds appropriate
> locks that prevent ct (and thus ct->ext) from getting free'd.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> net/netfilter/nf_conntrack_netlink.c | 77 ++++++++++++++++++----------
> 1 file changed, 51 insertions(+), 26 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index e2d13cd18875..db04e1bfb04d 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -506,9 +506,44 @@ static int ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct)
> return -1;
> }
>
> +/* all these functions access ct->ext. Caller must either hold a reference
> + * on ct or prevent its deletion by holding either the bucket spinlock or
> + * pcpu dying list lock.
> + */
> +static int ctnetlink_dump_extinfo(struct sk_buff *skb,
> + const struct nf_conn *ct, u32 type)
> +{
> + if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
> + ctnetlink_dump_timestamp(skb, ct) < 0 ||
> + ctnetlink_dump_helpinfo(skb, ct) < 0 ||
> + ctnetlink_dump_labels(skb, ct) < 0 ||
> + ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
> + ctnetlink_dump_ct_synproxy(skb, ct) < 0)
> + return -1;
> +
> + return 0;
> +}
> +
> +static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
> +{
> + if (ctnetlink_dump_status(skb, ct) < 0 ||
> + ctnetlink_dump_mark(skb, ct) < 0 ||
> + ctnetlink_dump_secctx(skb, ct) < 0 ||
> + ctnetlink_dump_id(skb, ct) < 0 ||
> + ctnetlink_dump_use(skb, ct) < 0 ||
> + ctnetlink_dump_master(skb, ct) < 0)
> + return -1;
> +
> + if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
> + (ctnetlink_dump_timeout(skb, ct) < 0 ||
> + ctnetlink_dump_protoinfo(skb, ct) < 0))
> +
> + return 0;
> +}
> +
> static int
> ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> - struct nf_conn *ct)
> + struct nf_conn *ct, bool extinfo)
> {
> const struct nf_conntrack_zone *zone;
> struct nlmsghdr *nlh;
> @@ -552,23 +587,9 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> NF_CT_DEFAULT_ZONE_DIR) < 0)
> goto nla_put_failure;
>
> - if (ctnetlink_dump_status(skb, ct) < 0 ||
> - ctnetlink_dump_acct(skb, ct, type) < 0 ||
> - ctnetlink_dump_timestamp(skb, ct) < 0 ||
> - ctnetlink_dump_helpinfo(skb, ct) < 0 ||
> - ctnetlink_dump_mark(skb, ct) < 0 ||
> - ctnetlink_dump_secctx(skb, ct) < 0 ||
> - ctnetlink_dump_labels(skb, ct) < 0 ||
> - ctnetlink_dump_id(skb, ct) < 0 ||
> - ctnetlink_dump_use(skb, ct) < 0 ||
> - ctnetlink_dump_master(skb, ct) < 0 ||
> - ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
> - ctnetlink_dump_ct_synproxy(skb, ct) < 0)
> + if (ctnetlink_dump_info(skb, ct) < 0)
> goto nla_put_failure;
> -
> - if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
> - (ctnetlink_dump_timeout(skb, ct) < 0 ||
> - ctnetlink_dump_protoinfo(skb, ct) < 0))
> + if (extinfo && ctnetlink_dump_extinfo(skb, ct, type) < 0)
> goto nla_put_failure;
>
> nlmsg_end(skb, nlh);
> @@ -953,13 +974,11 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
> if (!ctnetlink_filter_match(ct, cb->data))
> continue;
>
> - rcu_read_lock();
> res =
> ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
> cb->nlh->nlmsg_seq,
> NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
> - ct);
> - rcu_read_unlock();
> + ct, true);
> if (res < 0) {
> nf_conntrack_get(&ct->ct_general);
> cb->args[1] = (unsigned long)ct;
> @@ -1364,10 +1383,8 @@ static int ctnetlink_get_conntrack(struct net *net, struct sock *ctnl,
> return -ENOMEM;
> }
>
> - rcu_read_lock();
> err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq,
> - NFNL_MSG_TYPE(nlh->nlmsg_type), ct);
> - rcu_read_unlock();
> + NFNL_MSG_TYPE(nlh->nlmsg_type), ct, true);
> nf_ct_put(ct);
> if (err <= 0)
> goto free;
> @@ -1429,12 +1446,20 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying
> continue;
> cb->args[1] = 0;
> }
> - rcu_read_lock();
> +
> + /* We can't dump extension info for the unconfirmed
> + * list because unconfirmed conntracks can have ct->ext
> + * reallocated (and thus freed).
> + *
> + * In the dying list case ct->ext can't be altered during
> + * list walk anymore, and free can only occur after ct
> + * has been unlinked from the dying list (which can't
> + * happen until after we drop pcpu->lock).
> + */
> res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
> cb->nlh->nlmsg_seq,
> NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
> - ct);
> - rcu_read_unlock();
> + ct, dying ? true : false);
s/dying ? true : false/dying/
> if (res < 0) {
> if (!atomic_inc_not_zero(&ct->ct_general.use))
> continue;
> --
> 2.21.0
>
>
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-15 21:06 ` Jeremy Sowden
@ 2019-10-15 21:22 ` Florian Westphal
2019-10-15 21:29 ` Jeremy Sowden
0 siblings, 1 reply; 8+ messages in thread
From: Florian Westphal @ 2019-10-15 21:22 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Florian Westphal, netfilter-devel
Jeremy Sowden <jeremy@azazel.net> wrote:
> On 2019-10-14, at 21:41:41 +0200, Florian Westphal wrote:
> > When dumping the unconfirmed lists, the cpu that is processing the ct
> > entry can realloc ct->ext at any time.
> >
> > Accessing extensions from another CPU is ok provided rcu read lock is
> > held.
> >
> > Once extension space will be reallocated with plain krealloc this
> > isn't used anymore.
> >
> > Dumping the extension area for confirmed or dying conntracks is fine:
> > no reallocations are allowed and list iteration holds appropriate
> > locks that prevent ct (and thus ct->ext) from getting free'd.
> >
> > Signed-off-by: Florian Westphal <fw@strlen.de>
> > ---
> > net/netfilter/nf_conntrack_netlink.c | 77 ++++++++++++++++++----------
> > 1 file changed, 51 insertions(+), 26 deletions(-)
> >
> > diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> > index e2d13cd18875..db04e1bfb04d 100644
> > --- a/net/netfilter/nf_conntrack_netlink.c
> > +++ b/net/netfilter/nf_conntrack_netlink.c
> > @@ -506,9 +506,44 @@ static int ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct)
> > return -1;
> > }
> >
> > +/* all these functions access ct->ext. Caller must either hold a reference
> > + * on ct or prevent its deletion by holding either the bucket spinlock or
> > + * pcpu dying list lock.
> > + */
> > +static int ctnetlink_dump_extinfo(struct sk_buff *skb,
> > + const struct nf_conn *ct, u32 type)
> > +{
> > + if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
> > + ctnetlink_dump_timestamp(skb, ct) < 0 ||
> > + ctnetlink_dump_helpinfo(skb, ct) < 0 ||
> > + ctnetlink_dump_labels(skb, ct) < 0 ||
> > + ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
> > + ctnetlink_dump_ct_synproxy(skb, ct) < 0)
> > + return -1;
> > +
> > + return 0;
> > +}
> > +
> > +static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
> > +{
> > + if (ctnetlink_dump_status(skb, ct) < 0 ||
> > + ctnetlink_dump_mark(skb, ct) < 0 ||
> > + ctnetlink_dump_secctx(skb, ct) < 0 ||
> > + ctnetlink_dump_id(skb, ct) < 0 ||
> > + ctnetlink_dump_use(skb, ct) < 0 ||
> > + ctnetlink_dump_master(skb, ct) < 0)
> > + return -1;
> > +
> > + if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
> > + (ctnetlink_dump_timeout(skb, ct) < 0 ||
> > + ctnetlink_dump_protoinfo(skb, ct) < 0))
> > +
> > + return 0;
> > +}
> > +
> > static int
> > ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> > - struct nf_conn *ct)
> > + struct nf_conn *ct, bool extinfo)
[..]
> > +
> > + /* We can't dump extension info for the unconfirmed
> > + * list because unconfirmed conntracks can have ct->ext
> > + * reallocated (and thus freed).
> > + *
> > + * In the dying list case ct->ext can't be altered during
> > + * list walk anymore, and free can only occur after ct
> > + * has been unlinked from the dying list (which can't
> > + * happen until after we drop pcpu->lock).
> > + */
> > res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
> > cb->nlh->nlmsg_seq,
> > NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
> > - ct);
> > - rcu_read_unlock();
> > + ct, dying ? true : false);
>
> s/dying ? true : false/dying/
Yes, but it found it misleading since the last argument isn't about
'dying' or not, it tells that we can safely access ct->ext.
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH nf-next] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
2019-10-15 21:22 ` Florian Westphal
@ 2019-10-15 21:29 ` Jeremy Sowden
0 siblings, 0 replies; 8+ messages in thread
From: Jeremy Sowden @ 2019-10-15 21:29 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 3731 bytes --]
On 2019-10-15, at 23:22:04 +0200, Florian Westphal wrote:
> Jeremy Sowden wrote:
> > On 2019-10-14, at 21:41:41 +0200, Florian Westphal wrote:
> > > When dumping the unconfirmed lists, the cpu that is processing the
> > > ct entry can realloc ct->ext at any time.
> > >
> > > Accessing extensions from another CPU is ok provided rcu read lock
> > > is held.
> > >
> > > Once extension space will be reallocated with plain krealloc this
> > > isn't used anymore.
> > >
> > > Dumping the extension area for confirmed or dying conntracks is
> > > fine: no reallocations are allowed and list iteration holds
> > > appropriate locks that prevent ct (and thus ct->ext) from getting
> > > free'd.
> > >
> > > Signed-off-by: Florian Westphal <fw@strlen.de>
> > > ---
> > > net/netfilter/nf_conntrack_netlink.c | 77 ++++++++++++++++++----------
> > > 1 file changed, 51 insertions(+), 26 deletions(-)
> > >
> > > diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> > > index e2d13cd18875..db04e1bfb04d 100644
> > > --- a/net/netfilter/nf_conntrack_netlink.c
> > > +++ b/net/netfilter/nf_conntrack_netlink.c
> > > @@ -506,9 +506,44 @@ static int ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct)
> > > return -1;
> > > }
> > >
> > > +/* all these functions access ct->ext. Caller must either hold a reference
> > > + * on ct or prevent its deletion by holding either the bucket spinlock or
> > > + * pcpu dying list lock.
> > > + */
> > > +static int ctnetlink_dump_extinfo(struct sk_buff *skb,
> > > + const struct nf_conn *ct, u32 type)
> > > +{
> > > + if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
> > > + ctnetlink_dump_timestamp(skb, ct) < 0 ||
> > > + ctnetlink_dump_helpinfo(skb, ct) < 0 ||
> > > + ctnetlink_dump_labels(skb, ct) < 0 ||
> > > + ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
> > > + ctnetlink_dump_ct_synproxy(skb, ct) < 0)
> > > + return -1;
> > > +
> > > + return 0;
> > > +}
> > > +
> > > +static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
> > > +{
> > > + if (ctnetlink_dump_status(skb, ct) < 0 ||
> > > + ctnetlink_dump_mark(skb, ct) < 0 ||
> > > + ctnetlink_dump_secctx(skb, ct) < 0 ||
> > > + ctnetlink_dump_id(skb, ct) < 0 ||
> > > + ctnetlink_dump_use(skb, ct) < 0 ||
> > > + ctnetlink_dump_master(skb, ct) < 0)
> > > + return -1;
> > > +
> > > + if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
> > > + (ctnetlink_dump_timeout(skb, ct) < 0 ||
> > > + ctnetlink_dump_protoinfo(skb, ct) < 0))
> > > +
> > > + return 0;
> > > +}
> > > +
> > > static int
> > > ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> > > - struct nf_conn *ct)
> > > + struct nf_conn *ct, bool extinfo)
>
> [..]
>
> > > +
> > > + /* We can't dump extension info for the unconfirmed
> > > + * list because unconfirmed conntracks can have ct->ext
> > > + * reallocated (and thus freed).
> > > + *
> > > + * In the dying list case ct->ext can't be altered during
> > > + * list walk anymore, and free can only occur after ct
> > > + * has been unlinked from the dying list (which can't
> > > + * happen until after we drop pcpu->lock).
> > > + */
> > > res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
> > > cb->nlh->nlmsg_seq,
> > > NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
> > > - ct);
> > > - rcu_read_unlock();
> > > + ct, dying ? true : false);
> >
> > s/dying ? true : false/dying/
>
> Yes, but it found it misleading since the last argument isn't about
> 'dying' or not, it tells that we can safely access ct->ext.
Fair enough. Read in the context of a patch, it just looks
tautological.
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread