* [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space
@ 2022-05-11 16:54 Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 1/2] netfilter: nf_tables: Introduce expression flags Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
0 siblings, 2 replies; 6+ messages in thread
From: Phil Sutter @ 2022-05-11 16:54 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
While transforming rules into binary blob, code checks if certain
expressions may be omitted. Any bugs in this code might lead to very
subtle breakage of firewall rulesets, so a way of asserting optimizer
correctness is highly necessary.
This series achieves this in the most minimal way by annotating omitted
expressions with a flag. Integrated into libnftnl print output,
testsuites in user space may verify optimizer effect and assert
correctness.
First patch introduces an expression flags attribute, second patch
implements the annotation itself.
Phil Sutter (2):
netfilter: nf_tables: Introduce expression flags
netfilter: nf_tables: Annotate reduced expressions
include/net/netfilter/nf_tables.h | 3 ++-
include/uapi/linux/netfilter/nf_tables.h | 8 ++++++++
net/netfilter/nf_tables_api.c | 7 ++++++-
3 files changed, 16 insertions(+), 2 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [nf-next PATCH 1/2] netfilter: nf_tables: Introduce expression flags
2022-05-11 16:54 [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space Phil Sutter
@ 2022-05-11 16:54 ` Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
1 sibling, 0 replies; 6+ messages in thread
From: Phil Sutter @ 2022-05-11 16:54 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Allow dumping some info bits about expressions to user space.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/net/netfilter/nf_tables.h | 1 +
include/uapi/linux/netfilter/nf_tables.h | 1 +
net/netfilter/nf_tables_api.c | 4 ++++
3 files changed, 6 insertions(+)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 20af9d3557b9d..78db54737de00 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -346,6 +346,7 @@ struct nft_set_estimate {
*/
struct nft_expr {
const struct nft_expr_ops *ops;
+ u32 flags;
unsigned char data[]
__attribute__((aligned(__alignof__(u64))));
};
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 466fd3f4447c2..36bf019322a44 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -518,6 +518,7 @@ enum nft_expr_attributes {
NFTA_EXPR_UNSPEC,
NFTA_EXPR_NAME,
NFTA_EXPR_DATA,
+ NFTA_EXPR_FLAGS,
__NFTA_EXPR_MAX
};
#define NFTA_EXPR_MAX (__NFTA_EXPR_MAX - 1)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f3ad02a399f8a..fddc557983119 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2731,6 +2731,7 @@ static const struct nft_expr_type *nft_expr_type_get(struct net *net,
static const struct nla_policy nft_expr_policy[NFTA_EXPR_MAX + 1] = {
[NFTA_EXPR_NAME] = { .type = NLA_STRING,
.len = NFT_MODULE_AUTOLOAD_LIMIT },
+ [NFTA_EXPR_FLAGS] = { .type = NLA_U32 },
[NFTA_EXPR_DATA] = { .type = NLA_NESTED },
};
@@ -2740,6 +2741,9 @@ static int nf_tables_fill_expr_info(struct sk_buff *skb,
if (nla_put_string(skb, NFTA_EXPR_NAME, expr->ops->type->name))
goto nla_put_failure;
+ if (nla_put_u32(skb, NFTA_EXPR_FLAGS, expr->flags))
+ goto nla_put_failure;
+
if (expr->ops->dump) {
struct nlattr *data = nla_nest_start_noflag(skb,
NFTA_EXPR_DATA);
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
2022-05-11 16:54 [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 1/2] netfilter: nf_tables: Introduce expression flags Phil Sutter
@ 2022-05-11 16:54 ` Phil Sutter
2022-05-11 23:37 ` kernel test robot
` (2 more replies)
1 sibling, 3 replies; 6+ messages in thread
From: Phil Sutter @ 2022-05-11 16:54 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Introduce NFTA_EXPR_FLAG_REDUCED and set it for expressions which were
omitted from the rule blob due to being redundant. This allows user
space to verify the rule optimizer's results.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/net/netfilter/nf_tables.h | 2 +-
include/uapi/linux/netfilter/nf_tables.h | 7 +++++++
net/netfilter/nf_tables_api.c | 3 ++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 78db54737de00..031477edaa885 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -129,7 +129,7 @@ struct nft_regs_track {
u8 num_reg;
} regs[NFT_REG32_NUM];
- const struct nft_expr *cur;
+ struct nft_expr *cur;
const struct nft_expr *last;
};
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 36bf019322a44..1da84ebc3f27a 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -523,6 +523,13 @@ enum nft_expr_attributes {
};
#define NFTA_EXPR_MAX (__NFTA_EXPR_MAX - 1)
+/**
+ * NFTA_EXPR_FLAGS values
+ *
+ * @NFTA_EXPR_FLAG_REDUCED: redundant expression omitted from blob
+ */
+#define NFTA_EXPR_FLAG_REDUCED (1 << 0)
+
/**
* enum nft_immediate_attributes - nf_tables immediate expression netlink attributes
*
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index fddc557983119..eb4fceae80385 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8360,8 +8360,8 @@ static bool nft_expr_reduce(struct nft_regs_track *track,
static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain)
{
- const struct nft_expr *expr, *last;
struct nft_regs_track track = {};
+ struct nft_expr *expr, *last;
unsigned int size, data_size;
void *data, *data_boundary;
struct nft_rule_dp *prule;
@@ -8404,6 +8404,7 @@ static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *cha
track.cur = expr;
if (nft_expr_reduce(&track, expr)) {
+ expr->flags |= NFTA_EXPR_FLAG_REDUCED;
expr = track.cur;
continue;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
@ 2022-05-11 23:37 ` kernel test robot
2022-05-12 1:39 ` kernel test robot
2022-05-12 3:01 ` kernel test robot
2 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-05-11 23:37 UTC (permalink / raw)
To: Phil Sutter, Pablo Neira Ayuso; +Cc: llvm, kbuild-all, netfilter-devel
Hi Phil,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-a013 (https://download.01.org/0day-ci/archive/20220512/202205120725.1P767GEv-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 18dd123c56754edf62c7042dcf23185c3727610f)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
git checkout 831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash net/netfilter/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> net/netfilter/nft_bitwise.c:306:14: error: assigning to 'struct nft_expr *' from 'const struct nft_expr *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
track->cur = expr;
^ ~~~~
net/netfilter/nft_bitwise.c:454:14: error: assigning to 'struct nft_expr *' from 'const struct nft_expr *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
track->cur = expr;
^ ~~~~
2 errors generated.
vim +306 net/netfilter/nft_bitwise.c
bd8699e9e29287 Pablo Neira Ayuso 2019-07-30 281
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 282 static bool nft_bitwise_reduce(struct nft_regs_track *track,
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 283 const struct nft_expr *expr)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 284 {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 285 const struct nft_bitwise *priv = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 286 const struct nft_bitwise *bitwise;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 287 unsigned int regcount;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 288 u8 dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 289 int i;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 290
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 291 if (!track->regs[priv->sreg].selector)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 292 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 293
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 294 bitwise = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 295 if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 296 track->regs[priv->sreg].num_reg == 0 &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 297 track->regs[priv->dreg].bitwise &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 298 track->regs[priv->dreg].bitwise->ops == expr->ops &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 299 priv->sreg == bitwise->sreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 300 priv->dreg == bitwise->dreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 301 priv->op == bitwise->op &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 302 priv->len == bitwise->len &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 303 !memcmp(&priv->mask, &bitwise->mask, sizeof(priv->mask)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 304 !memcmp(&priv->xor, &bitwise->xor, sizeof(priv->xor)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 305 !memcmp(&priv->data, &bitwise->data, sizeof(priv->data))) {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 @306 track->cur = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 307 return true;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 308 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 309
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 310 if (track->regs[priv->sreg].bitwise ||
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 311 track->regs[priv->sreg].num_reg != 0) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 312 nft_reg_track_cancel(track, priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 313 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 314 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 315
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 316 if (priv->sreg != priv->dreg) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 317 nft_reg_track_update(track, track->regs[priv->sreg].selector,
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 318 priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 319 }
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 320
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 321 dreg = priv->dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 322 regcount = DIV_ROUND_UP(priv->len, NFT_REG32_SIZE);
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 323 for (i = 0; i < regcount; i++, dreg++)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 324 track->regs[priv->dreg].bitwise = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 325
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 326 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 327 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 328
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
2022-05-11 23:37 ` kernel test robot
@ 2022-05-12 1:39 ` kernel test robot
2022-05-12 3:01 ` kernel test robot
2 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-05-12 1:39 UTC (permalink / raw)
To: Phil Sutter, Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel
Hi Phil,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20220512/202205120906.nNquMTSm-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
git checkout 831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=m68k SHELL=/bin/bash net/netfilter/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
net/netfilter/nft_bitwise.c: In function 'nft_bitwise_reduce':
>> net/netfilter/nft_bitwise.c:306:28: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
306 | track->cur = expr;
| ^
net/netfilter/nft_bitwise.c: In function 'nft_bitwise_fast_reduce':
net/netfilter/nft_bitwise.c:454:28: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
454 | track->cur = expr;
| ^
vim +/const +306 net/netfilter/nft_bitwise.c
bd8699e9e29287 Pablo Neira Ayuso 2019-07-30 281
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 282 static bool nft_bitwise_reduce(struct nft_regs_track *track,
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 283 const struct nft_expr *expr)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 284 {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 285 const struct nft_bitwise *priv = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 286 const struct nft_bitwise *bitwise;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 287 unsigned int regcount;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 288 u8 dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 289 int i;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 290
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 291 if (!track->regs[priv->sreg].selector)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 292 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 293
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 294 bitwise = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 295 if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 296 track->regs[priv->sreg].num_reg == 0 &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 297 track->regs[priv->dreg].bitwise &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 298 track->regs[priv->dreg].bitwise->ops == expr->ops &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 299 priv->sreg == bitwise->sreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 300 priv->dreg == bitwise->dreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 301 priv->op == bitwise->op &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 302 priv->len == bitwise->len &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 303 !memcmp(&priv->mask, &bitwise->mask, sizeof(priv->mask)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 304 !memcmp(&priv->xor, &bitwise->xor, sizeof(priv->xor)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 305 !memcmp(&priv->data, &bitwise->data, sizeof(priv->data))) {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 @306 track->cur = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 307 return true;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 308 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 309
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 310 if (track->regs[priv->sreg].bitwise ||
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 311 track->regs[priv->sreg].num_reg != 0) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 312 nft_reg_track_cancel(track, priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 313 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 314 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 315
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 316 if (priv->sreg != priv->dreg) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 317 nft_reg_track_update(track, track->regs[priv->sreg].selector,
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 318 priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 319 }
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 320
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 321 dreg = priv->dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 322 regcount = DIV_ROUND_UP(priv->len, NFT_REG32_SIZE);
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 323 for (i = 0; i < regcount; i++, dreg++)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 324 track->regs[priv->dreg].bitwise = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 325
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 326 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 327 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 328
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
2022-05-11 23:37 ` kernel test robot
2022-05-12 1:39 ` kernel test robot
@ 2022-05-12 3:01 ` kernel test robot
2 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-05-12 3:01 UTC (permalink / raw)
To: Phil Sutter, Pablo Neira Ayuso; +Cc: kbuild-all, netfilter-devel
Hi Phil,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-s021-20220509 (https://download.01.org/0day-ci/archive/20220512/202205121018.gtq8d3pp-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.2.0-20) 11.2.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/intel-lab-lkp/linux/commit/831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Phil-Sutter/nf_tables-Export-rule-optimizer-results-to-user-space/20220512-005642
git checkout 831b99f09285d0cc3a4fb0fcb6fd7c74aaea988a
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nft_bitwise.c:306:28: sparse: sparse: incorrect type in assignment (different modifiers) @@ expected struct nft_expr *cur @@ got struct nft_expr const *expr @@
net/netfilter/nft_bitwise.c:306:28: sparse: expected struct nft_expr *cur
net/netfilter/nft_bitwise.c:306:28: sparse: got struct nft_expr const *expr
net/netfilter/nft_bitwise.c:454:28: sparse: sparse: incorrect type in assignment (different modifiers) @@ expected struct nft_expr *cur @@ got struct nft_expr const *expr @@
net/netfilter/nft_bitwise.c:454:28: sparse: expected struct nft_expr *cur
net/netfilter/nft_bitwise.c:454:28: sparse: got struct nft_expr const *expr
vim +306 net/netfilter/nft_bitwise.c
bd8699e9e29287 Pablo Neira Ayuso 2019-07-30 281
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 282 static bool nft_bitwise_reduce(struct nft_regs_track *track,
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 283 const struct nft_expr *expr)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 284 {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 285 const struct nft_bitwise *priv = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 286 const struct nft_bitwise *bitwise;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 287 unsigned int regcount;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 288 u8 dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 289 int i;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 290
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 291 if (!track->regs[priv->sreg].selector)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 292 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 293
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 294 bitwise = nft_expr_priv(expr);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 295 if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 296 track->regs[priv->sreg].num_reg == 0 &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 297 track->regs[priv->dreg].bitwise &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 298 track->regs[priv->dreg].bitwise->ops == expr->ops &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 299 priv->sreg == bitwise->sreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 300 priv->dreg == bitwise->dreg &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 301 priv->op == bitwise->op &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 302 priv->len == bitwise->len &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 303 !memcmp(&priv->mask, &bitwise->mask, sizeof(priv->mask)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 304 !memcmp(&priv->xor, &bitwise->xor, sizeof(priv->xor)) &&
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 305 !memcmp(&priv->data, &bitwise->data, sizeof(priv->data))) {
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 @306 track->cur = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 307 return true;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 308 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 309
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 310 if (track->regs[priv->sreg].bitwise ||
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 311 track->regs[priv->sreg].num_reg != 0) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 312 nft_reg_track_cancel(track, priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 313 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 314 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 315
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 316 if (priv->sreg != priv->dreg) {
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 317 nft_reg_track_update(track, track->regs[priv->sreg].selector,
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 318 priv->dreg, priv->len);
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 319 }
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 320
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 321 dreg = priv->dreg;
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 322 regcount = DIV_ROUND_UP(priv->len, NFT_REG32_SIZE);
34cc9e52884a16 Pablo Neira Ayuso 2022-03-14 323 for (i = 0; i < regcount; i++, dreg++)
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 324 track->regs[priv->dreg].bitwise = expr;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 325
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 326 return false;
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 327 }
be5650f8f47e8c Pablo Neira Ayuso 2022-01-09 328
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-05-12 3:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-11 16:54 [nf-next PATCH 0/2] nf_tables: Export rule optimizer results to user space Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 1/2] netfilter: nf_tables: Introduce expression flags Phil Sutter
2022-05-11 16:54 ` [nf-next PATCH 2/2] netfilter: nf_tables: Annotate reduced expressions Phil Sutter
2022-05-11 23:37 ` kernel test robot
2022-05-12 1:39 ` kernel test robot
2022-05-12 3:01 ` kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).