[PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE
@ 2025-03-19 14:01 WangYuli
  2025-03-19 15:04 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: WangYuli @ 2025-03-19 14:01 UTC (permalink / raw)
  To: pablo, kadlec, davem, edumazet, kuba, pabeni, horms
  Cc: netfilter-devel, coreteam, netdev, linux-kernel, eric.dumazet, fw,
	zhanjun, niecheng1, WangYuli, Wentao Guan

1. MITIGATION_RETPOLINE is x86-only (defined in arch/x86/Kconfig),
so no need to AND with CONFIG_X86 when checking if enabled.

2. Remove unused declaration of nf_skip_indirect_calls() when
MITIGATION_RETPOLINE is disabled to avoid warnings.

3. Declare nf_skip_indirect_calls() and nf_skip_indirect_calls_enable()
as inline when MITIGATION_RETPOLINE is enabled, as they are called
only once and have simple logic.

Fix follow error with clang-21 when W=1e:
  net/netfilter/nf_tables_core.c:39:20: error: unused function 'nf_skip_indirect_calls' [-Werror,-Wunused-function]
     39 | static inline bool nf_skip_indirect_calls(void) { return false; }
        |                    ^~~~~~~~~~~~~~~~~~~~~~
  1 error generated.
  make[4]: *** [scripts/Makefile.build:207: net/netfilter/nf_tables_core.o] Error 1
  make[3]: *** [scripts/Makefile.build:465: net/netfilter] Error 2
  make[3]: *** Waiting for unfinished jobs....

Fixes: d8d760627855 ("netfilter: nf_tables: add static key to skip retpoline workarounds")
Co-developed-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: WangYuli <wangyuli@uniontech.com>
---
Changelog:
 *v1->v2: Avoid the extra CONFIG_MITIGATION_RETPOLINE.
---
 net/netfilter/nf_tables_core.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 75598520b0fa..6557a4018c09 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -21,25 +21,22 @@
 #include <net/netfilter/nf_log.h>
 #include <net/netfilter/nft_meta.h>
 
-#if defined(CONFIG_MITIGATION_RETPOLINE) && defined(CONFIG_X86)
-
+#ifdef CONFIG_MITIGATION_RETPOLINE
 static struct static_key_false nf_tables_skip_direct_calls;
 
-static bool nf_skip_indirect_calls(void)
+static inline bool nf_skip_indirect_calls(void)
 {
 	return static_branch_likely(&nf_tables_skip_direct_calls);
 }
 
-static void __init nf_skip_indirect_calls_enable(void)
+static inline void __init nf_skip_indirect_calls_enable(void)
 {
 	if (!cpu_feature_enabled(X86_FEATURE_RETPOLINE))
 		static_branch_enable(&nf_tables_skip_direct_calls);
 }
 #else
-static inline bool nf_skip_indirect_calls(void) { return false; }
-
 static inline void nf_skip_indirect_calls_enable(void) { }
-#endif
+#endif /* CONFIG_MITIGATION_RETPOLINE */
 
 static noinline void __nft_trace_packet(const struct nft_pktinfo *pkt,
 					const struct nft_verdict *verdict,
-- 
2.49.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE
  2025-03-19 14:01 [PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE WangYuli
@ 2025-03-19 15:04 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2025-03-19 15:04 UTC (permalink / raw)
  To: WangYuli
  Cc: pablo, kadlec, davem, edumazet, kuba, pabeni, horms,
	netfilter-devel, coreteam, netdev, linux-kernel, eric.dumazet, fw,
	zhanjun, niecheng1, Wentao Guan

WangYuli <wangyuli@uniontech.com> wrote:
> 1. MITIGATION_RETPOLINE is x86-only (defined in arch/x86/Kconfig),
> so no need to AND with CONFIG_X86 when checking if enabled.
> 
> 2. Remove unused declaration of nf_skip_indirect_calls() when
> MITIGATION_RETPOLINE is disabled to avoid warnings.
> 
> 3. Declare nf_skip_indirect_calls() and nf_skip_indirect_calls_enable()
> as inline when MITIGATION_RETPOLINE is enabled, as they are called
> only once and have simple logic.
> 
> Fix follow error with clang-21 when W=1e:
>   net/netfilter/nf_tables_core.c:39:20: error: unused function 'nf_skip_indirect_calls' [-Werror,-Wunused-function]
>      39 | static inline bool nf_skip_indirect_calls(void) { return false; }
>         |                    ^~~~~~~~~~~~~~~~~~~~~~
>   1 error generated.
>   make[4]: *** [scripts/Makefile.build:207: net/netfilter/nf_tables_core.o] Error 1
>   make[3]: *** [scripts/Makefile.build:465: net/netfilter] Error 2
>   make[3]: *** Waiting for unfinished jobs....
> 
> Fixes: d8d760627855 ("netfilter: nf_tables: add static key to skip retpoline workarounds")
> Co-developed-by: Wentao Guan <guanwentao@uniontech.com>
> Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
> Signed-off-by: WangYuli <wangyuli@uniontech.com>

Acked-by: Florian Westphal <fw@strlen.de>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-03-19 15:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-19 14:01 [PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE WangYuli
2025-03-19 15:04 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).