From: kernel test robot <lkp@intel.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Cc: kbuild-all@lists.01.org
Subject: Re: [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle
Date: Tue, 22 Jun 2021 21:37:30 +0800 [thread overview]
Message-ID: <202106222156.Mb53rZJw-lkp@intel.com> (raw)
In-Reply-To: <20210622101342.33758-2-pablo@netfilter.org>
[-- Attachment #1: Type: text/plain, Size: 31008 bytes --]
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf/master]
url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-skip-netlink-portID-validation-if-zero/20210622-181539
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-randconfig-a011-20210622 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/cdd859ce5abc8381eeb7ea8088fb4c273cb7c2cb
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nf_tables-skip-netlink-portID-validation-if-zero/20210622-181539
git checkout cdd859ce5abc8381eeb7ea8088fb4c273cb7c2cb
# save the attached .config to linux build tree
make W=1 ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All error/warnings (new ones prefixed by >>):
net/netfilter/nf_tables_api.c: In function 'nft_table_lookup_byhandle':
>> net/netfilter/nf_tables_api.c:605:19: error: invalid storage class for function 'nf_tables_alloc_handle'
605 | static inline u64 nf_tables_alloc_handle(struct nft_table *table)
| ^~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:605:1: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
605 | static inline u64 nf_tables_alloc_handle(struct nft_table *table)
| ^~~~~~
>> net/netfilter/nf_tables_api.c:613:1: error: invalid storage class for function '__nft_chain_type_get'
613 | __nft_chain_type_get(u8 family, enum nft_chain_types type)
| ^~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:623:1: error: invalid storage class for function '__nf_tables_chain_type_lookup'
623 | __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/linkage.h:7,
from include/linux/kernel.h:8,
from include/linux/list.h:9,
from include/linux/module.h:12,
from net/netfilter/nf_tables_api.c:8:
>> net/netfilter/nf_tables_api.c:681:19: error: non-static declaration of 'nft_request_module' follows static declaration
681 | EXPORT_SYMBOL_GPL(nft_request_module);
| ^~~~~~~~~~~~~~~~~~
include/linux/export.h:98:21: note: in definition of macro '___EXPORT_SYMBOL'
98 | extern typeof(sym) sym; \
| ^~~
include/linux/export.h:155:34: note: in expansion of macro '__EXPORT_SYMBOL'
155 | #define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
| ^~~~~~~~~~~~~~~
include/linux/export.h:159:33: note: in expansion of macro '_EXPORT_SYMBOL'
159 | #define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl")
| ^~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:681:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL'
681 | EXPORT_SYMBOL_GPL(nft_request_module);
| ^~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:645:20: note: previous definition of 'nft_request_module' was here
645 | __printf(2, 3) int nft_request_module(struct net *net, const char *fmt,
| ^~~~~~~~~~~~~~~~~~
In file included from include/linux/export.h:43,
from include/linux/linkage.h:7,
from include/linux/kernel.h:8,
from include/linux/list.h:9,
from include/linux/module.h:12,
from net/netfilter/nf_tables_api.c:8:
>> include/linux/compiler.h:225:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
225 | static void * __section(".discard.addressable") __used \
| ^~~~~~
include/linux/export.h:51:2: note: in expansion of macro '__ADDRESSABLE'
51 | __ADDRESSABLE(sym) \
| ^~~~~~~~~~~~~
include/linux/export.h:108:2: note: in expansion of macro '__KSYMTAB_ENTRY'
108 | __KSYMTAB_ENTRY(sym, sec)
| ^~~~~~~~~~~~~~~
include/linux/export.h:147:39: note: in expansion of macro '___EXPORT_SYMBOL'
147 | #define __EXPORT_SYMBOL(sym, sec, ns) ___EXPORT_SYMBOL(sym, sec, ns)
| ^~~~~~~~~~~~~~~~
include/linux/export.h:155:34: note: in expansion of macro '__EXPORT_SYMBOL'
155 | #define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
| ^~~~~~~~~~~~~~~
include/linux/export.h:159:33: note: in expansion of macro '_EXPORT_SYMBOL'
159 | #define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl")
| ^~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:681:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL'
681 | EXPORT_SYMBOL_GPL(nft_request_module);
| ^~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:684:13: error: invalid storage class for function 'lockdep_nfnl_nft_mutex_not_held'
684 | static void lockdep_nfnl_nft_mutex_not_held(void)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:684:1: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
684 | static void lockdep_nfnl_nft_mutex_not_held(void)
| ^~~~~~
>> net/netfilter/nf_tables_api.c:693:1: error: invalid storage class for function 'nf_tables_chain_type_lookup'
693 | nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:714:15: error: invalid storage class for function 'nft_base_seq'
714 | static __be16 nft_base_seq(const struct net *net)
| ^~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:730:12: error: invalid storage class for function 'nf_tables_fill_table_info'
730 | static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:771:13: error: invalid storage class for function 'nft_notify_enqueue'
771 | static void nft_notify_enqueue(struct sk_buff *skb, bool report,
| ^~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:778:13: error: invalid storage class for function 'nf_tables_table_notify'
778 | static void nf_tables_table_notify(const struct nft_ctx *ctx, int event)
| ^~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:806:12: error: invalid storage class for function 'nf_tables_dump_tables'
806 | static int nf_tables_dump_tables(struct sk_buff *skb,
| ^~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:848:12: error: invalid storage class for function 'nft_netlink_dump_start_rcu'
848 | static int nft_netlink_dump_start_rcu(struct sock *nlsk, struct sk_buff *skb,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:866:12: error: invalid storage class for function 'nf_tables_gettable'
866 | static int nf_tables_gettable(struct sk_buff *skb, const struct nfnl_info *info,
| ^~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:910:13: error: invalid storage class for function 'nft_table_disable'
910 | static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
| ^~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:928:12: error: invalid storage class for function 'nf_tables_table_enable'
928 | static int nf_tables_table_enable(struct net *net, struct nft_table *table)
| ^~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:953:13: error: invalid storage class for function 'nf_tables_table_disable'
953 | static void nf_tables_table_disable(struct net *net, struct nft_table *table)
| ^~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:966:12: error: invalid storage class for function 'nf_tables_updtable'
966 | static int nf_tables_updtable(struct nft_ctx *ctx)
| ^~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:1020:12: error: invalid storage class for function 'nft_chain_hash'
1020 | static u32 nft_chain_hash(const void *data, u32 len, u32 seed)
| ^~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1027:12: error: invalid storage class for function 'nft_chain_hash_obj'
1027 | static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed)
| ^~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1034:12: error: invalid storage class for function 'nft_chain_hash_cmp'
1034 | static int nft_chain_hash_cmp(struct rhashtable_compare_arg *arg,
| ^~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1043:12: error: invalid storage class for function 'nft_objname_hash'
1043 | static u32 nft_objname_hash(const void *data, u32 len, u32 seed)
| ^~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1052:12: error: invalid storage class for function 'nft_objname_hash_obj'
1052 | static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed)
| ^~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1059:12: error: invalid storage class for function 'nft_objname_hash_cmp'
1059 | static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg,
| ^~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1071:12: error: invalid storage class for function 'nf_tables_newtable'
1071 | static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
| ^~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1162:12: error: invalid storage class for function 'nft_flush_table'
1162 | static int nft_flush_table(struct nft_ctx *ctx)
| ^~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1234:12: error: invalid storage class for function 'nft_flush'
1234 | static int nft_flush(struct nft_ctx *ctx, int family)
| ^~~~~~~~~
net/netfilter/nf_tables_api.c:1267:12: error: invalid storage class for function 'nf_tables_deltable'
1267 | static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info,
| ^~~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1309:13: error: invalid storage class for function 'nf_tables_table_destroy'
1309 | static void nf_tables_table_destroy(struct nft_ctx *ctx)
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/linkage.h:7,
from include/linux/kernel.h:8,
from include/linux/list.h:9,
from include/linux/module.h:12,
from net/netfilter/nf_tables_api.c:8:
net/netfilter/nf_tables_api.c:1330:19: error: non-static declaration of 'nft_register_chain_type' follows static declaration
1330 | EXPORT_SYMBOL_GPL(nft_register_chain_type);
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/export.h:98:21: note: in definition of macro '___EXPORT_SYMBOL'
98 | extern typeof(sym) sym; \
| ^~~
include/linux/export.h:155:34: note: in expansion of macro '__EXPORT_SYMBOL'
155 | #define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
| ^~~~~~~~~~~~~~~
include/linux/export.h:159:33: note: in expansion of macro '_EXPORT_SYMBOL'
159 | #define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl")
| ^~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1330:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL'
1330 | EXPORT_SYMBOL_GPL(nft_register_chain_type);
| ^~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1320:6: note: previous definition of 'nft_register_chain_type' was here
1320 | void nft_register_chain_type(const struct nft_chain_type *ctype)
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/export.h:43,
from include/linux/linkage.h:7,
from include/linux/kernel.h:8,
from include/linux/list.h:9,
from include/linux/module.h:12,
from net/netfilter/nf_tables_api.c:8:
include/linux/compiler.h:225:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
225 | static void * __section(".discard.addressable") __used \
| ^~~~~~
include/linux/export.h:51:2: note: in expansion of macro '__ADDRESSABLE'
51 | __ADDRESSABLE(sym) \
| ^~~~~~~~~~~~~
include/linux/export.h:108:2: note: in expansion of macro '__KSYMTAB_ENTRY'
108 | __KSYMTAB_ENTRY(sym, sec)
| ^~~~~~~~~~~~~~~
include/linux/export.h:147:39: note: in expansion of macro '___EXPORT_SYMBOL'
147 | #define __EXPORT_SYMBOL(sym, sec, ns) ___EXPORT_SYMBOL(sym, sec, ns)
| ^~~~~~~~~~~~~~~~
include/linux/export.h:155:34: note: in expansion of macro '__EXPORT_SYMBOL'
155 | #define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
| ^~~~~~~~~~~~~~~
include/linux/export.h:159:33: note: in expansion of macro '_EXPORT_SYMBOL'
159 | #define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl")
| ^~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1330:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL'
1330 | EXPORT_SYMBOL_GPL(nft_register_chain_type);
| ^~~~~~~~~~~~~~~~~
net/netfilter/nf_tables_api.c:1332:1: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
1332 | void nft_unregister_chain_type(const struct nft_chain_type *ctype)
| ^~~~
In file included from include/linux/linkage.h:7,
from include/linux/kernel.h:8,
from include/linux/list.h:9,
from include/linux/module.h:12,
from net/netfilter/nf_tables_api.c:8:
net/netfilter/nf_tables_api.c:1338:19: error: non-static declaration of 'nft_unregister_chain_type' follows static declaration
1338 | EXPORT_SYMBOL_GPL(nft_unregister_chain_type);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/export.h:98:21: note: in definition of macro '___EXPORT_SYMBOL'
98 | extern typeof(sym) sym; \
| ^~~
include/linux/export.h:155:34: note: in expansion of macro '__EXPORT_SYMBOL'
155 | #define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
| ^~~~~~~~~~~~~~~
include/linux/export.h:159:33: note: in expansion of macro '_EXPORT_SYMBOL'
vim +/nf_tables_alloc_handle +605 net/netfilter/nf_tables_api.c
3ecbfd65f50e5f Harsha Sharma 2017-12-27 604
96518518cc417b Patrick McHardy 2013-10-14 @605 static inline u64 nf_tables_alloc_handle(struct nft_table *table)
96518518cc417b Patrick McHardy 2013-10-14 606 {
96518518cc417b Patrick McHardy 2013-10-14 607 return ++table->hgenerator;
96518518cc417b Patrick McHardy 2013-10-14 608 }
96518518cc417b Patrick McHardy 2013-10-14 609
32537e91847a56 Pablo Neira Ayuso 2018-03-27 610 static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
9370761c56b66a Pablo Neira Ayuso 2013-10-10 611
826035498ec14b Pablo Neira Ayuso 2020-01-21 612 static const struct nft_chain_type *
826035498ec14b Pablo Neira Ayuso 2020-01-21 @613 __nft_chain_type_get(u8 family, enum nft_chain_types type)
826035498ec14b Pablo Neira Ayuso 2020-01-21 614 {
826035498ec14b Pablo Neira Ayuso 2020-01-21 615 if (family >= NFPROTO_NUMPROTO ||
826035498ec14b Pablo Neira Ayuso 2020-01-21 616 type >= NFT_CHAIN_T_MAX)
826035498ec14b Pablo Neira Ayuso 2020-01-21 617 return NULL;
826035498ec14b Pablo Neira Ayuso 2020-01-21 618
826035498ec14b Pablo Neira Ayuso 2020-01-21 619 return chain_type[family][type];
826035498ec14b Pablo Neira Ayuso 2020-01-21 620 }
826035498ec14b Pablo Neira Ayuso 2020-01-21 621
32537e91847a56 Pablo Neira Ayuso 2018-03-27 622 static const struct nft_chain_type *
1ea26cca52e46c Pablo Neira Ayuso 2017-12-19 @623 __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family)
9370761c56b66a Pablo Neira Ayuso 2013-10-10 624 {
826035498ec14b Pablo Neira Ayuso 2020-01-21 625 const struct nft_chain_type *type;
9370761c56b66a Pablo Neira Ayuso 2013-10-10 626 int i;
9370761c56b66a Pablo Neira Ayuso 2013-10-10 627
9370761c56b66a Pablo Neira Ayuso 2013-10-10 628 for (i = 0; i < NFT_CHAIN_T_MAX; i++) {
826035498ec14b Pablo Neira Ayuso 2020-01-21 629 type = __nft_chain_type_get(family, i);
826035498ec14b Pablo Neira Ayuso 2020-01-21 630 if (!type)
826035498ec14b Pablo Neira Ayuso 2020-01-21 631 continue;
826035498ec14b Pablo Neira Ayuso 2020-01-21 632 if (!nla_strcmp(nla, type->name))
826035498ec14b Pablo Neira Ayuso 2020-01-21 633 return type;
9370761c56b66a Pablo Neira Ayuso 2013-10-10 634 }
baae3e62f31618 Patrick McHardy 2014-01-09 635 return NULL;
9370761c56b66a Pablo Neira Ayuso 2013-10-10 636 }
9370761c56b66a Pablo Neira Ayuso 2013-10-10 637
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 638 struct nft_module_request {
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 639 struct list_head list;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 640 char module[MODULE_NAME_LEN];
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 641 bool done;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 642 };
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 643
452238e8d5ffd8 Florian Westphal 2018-07-11 644 #ifdef CONFIG_MODULES
cefa31a9d46112 Florian Westphal 2021-03-25 645 __printf(2, 3) int nft_request_module(struct net *net, const char *fmt,
35b7ee34abdb72 Andrew Lunn 2020-10-31 646 ...)
452238e8d5ffd8 Florian Westphal 2018-07-11 647 {
452238e8d5ffd8 Florian Westphal 2018-07-11 648 char module_name[MODULE_NAME_LEN];
0854db2aaef3fc Florian Westphal 2021-04-01 649 struct nftables_pernet *nft_net;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 650 struct nft_module_request *req;
452238e8d5ffd8 Florian Westphal 2018-07-11 651 va_list args;
452238e8d5ffd8 Florian Westphal 2018-07-11 652 int ret;
452238e8d5ffd8 Florian Westphal 2018-07-11 653
452238e8d5ffd8 Florian Westphal 2018-07-11 654 va_start(args, fmt);
452238e8d5ffd8 Florian Westphal 2018-07-11 655 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
452238e8d5ffd8 Florian Westphal 2018-07-11 656 va_end(args);
9332d27d791818 Florian Westphal 2020-01-16 657 if (ret >= MODULE_NAME_LEN)
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 658 return 0;
452238e8d5ffd8 Florian Westphal 2018-07-11 659
d59d2f82f984df Pablo Neira Ayuso 2021-04-23 660 nft_net = nft_pernet(net);
0854db2aaef3fc Florian Westphal 2021-04-01 661 list_for_each_entry(req, &nft_net->module_list, list) {
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 662 if (!strcmp(req->module, module_name)) {
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 663 if (req->done)
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 664 return 0;
ec7470b834fe7b Pablo Neira Ayuso 2020-01-13 665
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 666 /* A request to load this module already exists. */
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 667 return -EAGAIN;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 668 }
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 669 }
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 670
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 671 req = kmalloc(sizeof(*req), GFP_KERNEL);
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 672 if (!req)
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 673 return -ENOMEM;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 674
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 675 req->done = false;
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 676 strlcpy(req->module, module_name, MODULE_NAME_LEN);
0854db2aaef3fc Florian Westphal 2021-04-01 677 list_add_tail(&req->list, &nft_net->module_list);
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 678
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 679 return -EAGAIN;
452238e8d5ffd8 Florian Westphal 2018-07-11 680 }
cefa31a9d46112 Florian Westphal 2021-03-25 @681 EXPORT_SYMBOL_GPL(nft_request_module);
452238e8d5ffd8 Florian Westphal 2018-07-11 682 #endif
452238e8d5ffd8 Florian Westphal 2018-07-11 683
f102d66b335a41 Florian Westphal 2018-07-11 @684 static void lockdep_nfnl_nft_mutex_not_held(void)
f102d66b335a41 Florian Westphal 2018-07-11 685 {
f102d66b335a41 Florian Westphal 2018-07-11 686 #ifdef CONFIG_PROVE_LOCKING
c0700dfa2cae44 Florian Westphal 2020-11-19 687 if (debug_locks)
f102d66b335a41 Florian Westphal 2018-07-11 688 WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
f102d66b335a41 Florian Westphal 2018-07-11 689 #endif
f102d66b335a41 Florian Westphal 2018-07-11 690 }
f102d66b335a41 Florian Westphal 2018-07-11 691
32537e91847a56 Pablo Neira Ayuso 2018-03-27 692 static const struct nft_chain_type *
452238e8d5ffd8 Florian Westphal 2018-07-11 @693 nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
452238e8d5ffd8 Florian Westphal 2018-07-11 694 u8 family, bool autoload)
9370761c56b66a Pablo Neira Ayuso 2013-10-10 695 {
32537e91847a56 Pablo Neira Ayuso 2018-03-27 696 const struct nft_chain_type *type;
9370761c56b66a Pablo Neira Ayuso 2013-10-10 697
1ea26cca52e46c Pablo Neira Ayuso 2017-12-19 698 type = __nf_tables_chain_type_lookup(nla, family);
93b0806f006b8b Patrick McHardy 2014-01-09 699 if (type != NULL)
93b0806f006b8b Patrick McHardy 2014-01-09 700 return type;
f102d66b335a41 Florian Westphal 2018-07-11 701
f102d66b335a41 Florian Westphal 2018-07-11 702 lockdep_nfnl_nft_mutex_not_held();
9370761c56b66a Pablo Neira Ayuso 2013-10-10 703 #ifdef CONFIG_MODULES
93b0806f006b8b Patrick McHardy 2014-01-09 704 if (autoload) {
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 705 if (nft_request_module(net, "nft-chain-%u-%.*s", family,
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 706 nla_len(nla),
eb014de4fd418d Pablo Neira Ayuso 2020-01-21 707 (const char *)nla_data(nla)) == -EAGAIN)
93b0806f006b8b Patrick McHardy 2014-01-09 708 return ERR_PTR(-EAGAIN);
9370761c56b66a Pablo Neira Ayuso 2013-10-10 709 }
9370761c56b66a Pablo Neira Ayuso 2013-10-10 710 #endif
93b0806f006b8b Patrick McHardy 2014-01-09 711 return ERR_PTR(-ENOENT);
9370761c56b66a Pablo Neira Ayuso 2013-10-10 712 }
9370761c56b66a Pablo Neira Ayuso 2013-10-10 713
802b805162a1b7 Pablo Neira Ayuso 2021-03-31 @714 static __be16 nft_base_seq(const struct net *net)
802b805162a1b7 Pablo Neira Ayuso 2021-03-31 715 {
d59d2f82f984df Pablo Neira Ayuso 2021-04-23 716 struct nftables_pernet *nft_net = nft_pernet(net);
0854db2aaef3fc Florian Westphal 2021-04-01 717
0854db2aaef3fc Florian Westphal 2021-04-01 718 return htons(nft_net->base_seq & 0xffff);
802b805162a1b7 Pablo Neira Ayuso 2021-03-31 719 }
802b805162a1b7 Pablo Neira Ayuso 2021-03-31 720
96518518cc417b Patrick McHardy 2013-10-14 721 static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
1cae565e8b746f Pablo Neira Ayuso 2015-03-05 722 [NFTA_TABLE_NAME] = { .type = NLA_STRING,
1cae565e8b746f Pablo Neira Ayuso 2015-03-05 723 .len = NFT_TABLE_MAXNAMELEN - 1 },
9ddf63235749a9 Pablo Neira Ayuso 2013-10-10 724 [NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
3ecbfd65f50e5f Harsha Sharma 2017-12-27 725 [NFTA_TABLE_HANDLE] = { .type = NLA_U64 },
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 726 [NFTA_TABLE_USERDATA] = { .type = NLA_BINARY,
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 727 .len = NFT_USERDATA_MAXLEN }
96518518cc417b Patrick McHardy 2013-10-14 728 };
96518518cc417b Patrick McHardy 2013-10-14 729
84d7fce6938848 Pablo Neira Ayuso 2014-09-04 @730 static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
84d7fce6938848 Pablo Neira Ayuso 2014-09-04 731 u32 portid, u32 seq, int event, u32 flags,
84d7fce6938848 Pablo Neira Ayuso 2014-09-04 732 int family, const struct nft_table *table)
96518518cc417b Patrick McHardy 2013-10-14 733 {
96518518cc417b Patrick McHardy 2013-10-14 734 struct nlmsghdr *nlh;
96518518cc417b Patrick McHardy 2013-10-14 735
dedb67c4b4e5fa Pablo Neira Ayuso 2017-03-28 736 event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
19c28b1374fb10 Pablo Neira Ayuso 2021-03-30 737 nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
19c28b1374fb10 Pablo Neira Ayuso 2021-03-30 738 NFNETLINK_V0, nft_base_seq(net));
19c28b1374fb10 Pablo Neira Ayuso 2021-03-30 739 if (!nlh)
96518518cc417b Patrick McHardy 2013-10-14 740 goto nla_put_failure;
96518518cc417b Patrick McHardy 2013-10-14 741
9ddf63235749a9 Pablo Neira Ayuso 2013-10-10 742 if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
179d9ba5559a75 Pablo Neira Ayuso 2021-05-24 743 nla_put_be32(skb, NFTA_TABLE_FLAGS,
179d9ba5559a75 Pablo Neira Ayuso 2021-05-24 744 htonl(table->flags & NFT_TABLE_F_MASK)) ||
3ecbfd65f50e5f Harsha Sharma 2017-12-27 745 nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)) ||
3ecbfd65f50e5f Harsha Sharma 2017-12-27 746 nla_put_be64(skb, NFTA_TABLE_HANDLE, cpu_to_be64(table->handle),
3ecbfd65f50e5f Harsha Sharma 2017-12-27 747 NFTA_TABLE_PAD))
96518518cc417b Patrick McHardy 2013-10-14 748 goto nla_put_failure;
6001a930ce0378 Pablo Neira Ayuso 2021-02-15 749 if (nft_table_has_owner(table) &&
6001a930ce0378 Pablo Neira Ayuso 2021-02-15 750 nla_put_be32(skb, NFTA_TABLE_OWNER, htonl(table->nlpid)))
6001a930ce0378 Pablo Neira Ayuso 2021-02-15 751 goto nla_put_failure;
96518518cc417b Patrick McHardy 2013-10-14 752
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 753 if (table->udata) {
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 754 if (nla_put(skb, NFTA_TABLE_USERDATA, table->udlen, table->udata))
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 755 goto nla_put_failure;
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 756 }
7a81575b806e5d Jose M. Guisado Gomez 2020-08-20 757
053c095a82cf77 Johannes Berg 2015-01-16 758 nlmsg_end(skb, nlh);
053c095a82cf77 Johannes Berg 2015-01-16 759 return 0;
96518518cc417b Patrick McHardy 2013-10-14 760
96518518cc417b Patrick McHardy 2013-10-14 761 nla_put_failure:
96518518cc417b Patrick McHardy 2013-10-14 762 nlmsg_trim(skb, nlh);
96518518cc417b Patrick McHardy 2013-10-14 763 return -1;
96518518cc417b Patrick McHardy 2013-10-14 764 }
96518518cc417b Patrick McHardy 2013-10-14 765
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 766 struct nftnl_skb_parms {
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 767 bool report;
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 768 };
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 769 #define NFT_CB(skb) (*(struct nftnl_skb_parms*)&((skb)->cb))
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 770
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 @771 static void nft_notify_enqueue(struct sk_buff *skb, bool report,
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 772 struct list_head *notify_list)
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 773 {
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 774 NFT_CB(skb).report = report;
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 775 list_add_tail(&skb->list, notify_list);
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 776 }
67cc570edaa020 Pablo Neira Ayuso 2020-08-27 777
25e94a997b324b Pablo Neira Ayuso 2017-03-01 @778 static void nf_tables_table_notify(const struct nft_ctx *ctx, int event)
96518518cc417b Patrick McHardy 2013-10-14 779 {
0854db2aaef3fc Florian Westphal 2021-04-01 780 struct nftables_pernet *nft_net;
96518518cc417b Patrick McHardy 2013-10-14 781 struct sk_buff *skb;
96518518cc417b Patrick McHardy 2013-10-14 782 int err;
96518518cc417b Patrick McHardy 2013-10-14 783
128ad3322ba5de Pablo Neira Ayuso 2014-05-09 784 if (!ctx->report &&
128ad3322ba5de Pablo Neira Ayuso 2014-05-09 785 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
25e94a997b324b Pablo Neira Ayuso 2017-03-01 786 return;
96518518cc417b Patrick McHardy 2013-10-14 787
96518518cc417b Patrick McHardy 2013-10-14 788 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
96518518cc417b Patrick McHardy 2013-10-14 789 if (skb == NULL)
96518518cc417b Patrick McHardy 2013-10-14 790 goto err;
96518518cc417b Patrick McHardy 2013-10-14 791
84d7fce6938848 Pablo Neira Ayuso 2014-09-04 792 err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
36596dadf54a92 Pablo Neira Ayuso 2018-01-09 793 event, 0, ctx->family, ctx->table);
96518518cc417b Patrick McHardy 2013-10-14 794 if (err < 0) {
96518518cc417b Patrick McHardy 2013-10-14 795 kfree_skb(skb);
96518518cc417b Patrick McHardy 2013-10-14 796 goto err;
96518518cc417b Patrick McHardy 2013-10-14 797 }
96518518cc417b Patrick McHardy 2013-10-14 798
d59d2f82f984df Pablo Neira Ayuso 2021-04-23 799 nft_net = nft_pernet(ctx->net);
0854db2aaef3fc Florian Westphal 2021-04-01 800 nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
25e94a997b324b Pablo Neira Ayuso 2017-03-01 801 return;
96518518cc417b Patrick McHardy 2013-10-14 802 err:
25e94a997b324b Pablo Neira Ayuso 2017-03-01 803 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
96518518cc417b Patrick McHardy 2013-10-14 804 }
96518518cc417b Patrick McHardy 2013-10-14 805
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 47812 bytes --]
next prev parent reply other threads:[~2021-06-22 13:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 10:13 [PATCH nf 1/2] netfilter: nf_tables: skip netlink portID validation if zero Pablo Neira Ayuso
2021-06-22 10:13 ` [PATCH nf 2/2] netfilter: nf_tables: do not allow to delete table with owner by handle Pablo Neira Ayuso
2021-06-22 13:37 ` kernel test robot [this message]
2021-06-22 14:35 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202106222156.Mb53rZJw-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).