diff mbox series

[nf] netfilter: nft_dynset: fix timeouts layer than 23 days

Message ID 20201208173810.14018-1-pablo@netfilter.org
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series [nf] netfilter: nft_dynset: fix timeouts layer than 23 days | expand

Commit Message

Pablo Neira Ayuso Dec. 8, 2020, 5:38 p.m. UTC 
Use nf_msecs_to_jiffies64 and nf_jiffies64_to_msecs as provided by
8e1102d5a159 ("netfilter: nf_tables: support timeouts larger than 23
days"), otherwise ruleset listing breaks.

Fixes: a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/net/netfilter/nf_tables.h | 4 ++++
 net/netfilter/nf_tables_api.c     | 4 ++--
 net/netfilter/nft_dynset.c        | 5 ++---
 3 files changed, 8 insertions(+), 5 deletions(-)

Comments

kernel test robot Dec. 10, 2020, 11:16 a.m. UTC | #1 
Hi Pablo,

I love your patch! Yet something to improve:

[auto build test ERROR on nf/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nft_dynset-fix-timeouts-layer-than-23-days/20201209-014206
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/cecc29f4c0cd9cf5b095647a11c29b228de7939b
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Pablo-Neira-Ayuso/netfilter-nft_dynset-fix-timeouts-layer-than-23-days/20201209-014206
        git checkout cecc29f4c0cd9cf5b095647a11c29b228de7939b
        # save the attached .config to linux build tree
        make W=1 ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   net/netfilter/nft_dynset.c: In function 'nft_dynset_init':
>> net/netfilter/nft_dynset.c:160:13: error: implicit declaration of function 'nf_msecs_to_jiffies'; did you mean 'nf_msecs_to_jiffies64'? [-Werror=implicit-function-declaration]
     160 |   timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT])));
         |             ^~~~~~~~~~~~~~~~~~~
         |             nf_msecs_to_jiffies64
   In file included from include/linux/swab.h:5,
                    from include/uapi/linux/byteorder/little_endian.h:13,
                    from include/linux/byteorder/little_endian.h:5,
                    from arch/x86/include/uapi/asm/byteorder.h:5,
                    from include/asm-generic/bitops/le.h:6,
                    from arch/x86/include/asm/bitops.h:395,
                    from include/linux/bitops.h:29,
                    from include/linux/kernel.h:12,
                    from net/netfilter/nft_dynset.c:6:
   net/netfilter/nft_dynset.c: In function 'nft_dynset_dump':
>> net/netfilter/nft_dynset.c:269:17: error: implicit declaration of function 'nf_jiffies_to_msecs'; did you mean 'nf_jiffies64_to_msecs'? [-Werror=implicit-function-declaration]
     269 |     cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)),
         |                 ^~~~~~~~~~~~~~~~~~~
   include/uapi/linux/swab.h:128:54: note: in definition of macro '__swab64'
     128 | #define __swab64(x) (__u64)__builtin_bswap64((__u64)(x))
         |                                                      ^
   include/linux/byteorder/generic.h:92:21: note: in expansion of macro '__cpu_to_be64'
      92 | #define cpu_to_be64 __cpu_to_be64
         |                     ^~~~~~~~~~~~~
   net/netfilter/nft_dynset.c:269:5: note: in expansion of macro 'cpu_to_be64'
     269 |     cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)),
         |     ^~~~~~~~~~~
   cc1: some warnings being treated as errors

vim +160 net/netfilter/nft_dynset.c

   104	
   105	static int nft_dynset_init(const struct nft_ctx *ctx,
   106				   const struct nft_expr *expr,
   107				   const struct nlattr * const tb[])
   108	{
   109		struct nft_dynset *priv = nft_expr_priv(expr);
   110		u8 genmask = nft_genmask_next(ctx->net);
   111		struct nft_set *set;
   112		u64 timeout;
   113		int err;
   114	
   115		lockdep_assert_held(&ctx->net->nft.commit_mutex);
   116	
   117		if (tb[NFTA_DYNSET_SET_NAME] == NULL ||
   118		    tb[NFTA_DYNSET_OP] == NULL ||
   119		    tb[NFTA_DYNSET_SREG_KEY] == NULL)
   120			return -EINVAL;
   121	
   122		if (tb[NFTA_DYNSET_FLAGS]) {
   123			u32 flags = ntohl(nla_get_be32(tb[NFTA_DYNSET_FLAGS]));
   124	
   125			if (flags & ~NFT_DYNSET_F_INV)
   126				return -EINVAL;
   127			if (flags & NFT_DYNSET_F_INV)
   128				priv->invert = true;
   129		}
   130	
   131		set = nft_set_lookup_global(ctx->net, ctx->table,
   132					    tb[NFTA_DYNSET_SET_NAME],
   133					    tb[NFTA_DYNSET_SET_ID], genmask);
   134		if (IS_ERR(set))
   135			return PTR_ERR(set);
   136	
   137		if (set->ops->update == NULL)
   138			return -EOPNOTSUPP;
   139	
   140		if (set->flags & NFT_SET_CONSTANT)
   141			return -EBUSY;
   142	
   143		priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
   144		switch (priv->op) {
   145		case NFT_DYNSET_OP_ADD:
   146		case NFT_DYNSET_OP_DELETE:
   147			break;
   148		case NFT_DYNSET_OP_UPDATE:
   149			if (!(set->flags & NFT_SET_TIMEOUT))
   150				return -EOPNOTSUPP;
   151			break;
   152		default:
   153			return -EOPNOTSUPP;
   154		}
   155	
   156		timeout = 0;
   157		if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
   158			if (!(set->flags & NFT_SET_TIMEOUT))
   159				return -EINVAL;
 > 160			timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT])));
   161		}
   162	
   163		priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
   164		err = nft_validate_register_load(priv->sreg_key, set->klen);
   165		if (err < 0)
   166			return err;
   167	
   168		if (tb[NFTA_DYNSET_SREG_DATA] != NULL) {
   169			if (!(set->flags & NFT_SET_MAP))
   170				return -EINVAL;
   171			if (set->dtype == NFT_DATA_VERDICT)
   172				return -EOPNOTSUPP;
   173	
   174			priv->sreg_data = nft_parse_register(tb[NFTA_DYNSET_SREG_DATA]);
   175			err = nft_validate_register_load(priv->sreg_data, set->dlen);
   176			if (err < 0)
   177				return err;
   178		} else if (set->flags & NFT_SET_MAP)
   179			return -EINVAL;
   180	
   181		if (tb[NFTA_DYNSET_EXPR] != NULL) {
   182			if (!(set->flags & NFT_SET_EVAL))
   183				return -EINVAL;
   184	
   185			priv->expr = nft_set_elem_expr_alloc(ctx, set,
   186							     tb[NFTA_DYNSET_EXPR]);
   187			if (IS_ERR(priv->expr))
   188				return PTR_ERR(priv->expr);
   189	
   190			if (set->expr && set->expr->ops != priv->expr->ops) {
   191				err = -EOPNOTSUPP;
   192				goto err_expr_free;
   193			}
   194		}
   195	
   196		nft_set_ext_prepare(&priv->tmpl);
   197		nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_KEY, set->klen);
   198		if (set->flags & NFT_SET_MAP)
   199			nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_DATA, set->dlen);
   200		if (priv->expr != NULL)
   201			nft_set_ext_add_length(&priv->tmpl, NFT_SET_EXT_EXPR,
   202					       priv->expr->ops->size);
   203		if (set->flags & NFT_SET_TIMEOUT) {
   204			if (timeout || set->timeout)
   205				nft_set_ext_add(&priv->tmpl, NFT_SET_EXT_EXPIRATION);
   206		}
   207	
   208		priv->timeout = timeout;
   209	
   210		err = nf_tables_bind_set(ctx, set, &priv->binding);
   211		if (err < 0)
   212			goto err_expr_free;
   213	
   214		if (set->size == 0)
   215			set->size = 0xffff;
   216	
   217		priv->set = set;
   218		return 0;
   219	
   220	err_expr_free:
   221		if (priv->expr != NULL)
   222			nft_expr_destroy(ctx, priv->expr);
   223		return err;
   224	}
   225	
   226	static void nft_dynset_deactivate(const struct nft_ctx *ctx,
   227					  const struct nft_expr *expr,
   228					  enum nft_trans_phase phase)
   229	{
   230		struct nft_dynset *priv = nft_expr_priv(expr);
   231	
   232		nf_tables_deactivate_set(ctx, priv->set, &priv->binding, phase);
   233	}
   234	
   235	static void nft_dynset_activate(const struct nft_ctx *ctx,
   236					const struct nft_expr *expr)
   237	{
   238		struct nft_dynset *priv = nft_expr_priv(expr);
   239	
   240		priv->set->use++;
   241	}
   242	
   243	static void nft_dynset_destroy(const struct nft_ctx *ctx,
   244				       const struct nft_expr *expr)
   245	{
   246		struct nft_dynset *priv = nft_expr_priv(expr);
   247	
   248		if (priv->expr != NULL)
   249			nft_expr_destroy(ctx, priv->expr);
   250	
   251		nf_tables_destroy_set(ctx, priv->set);
   252	}
   253	
   254	static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr)
   255	{
   256		const struct nft_dynset *priv = nft_expr_priv(expr);
   257		u32 flags = priv->invert ? NFT_DYNSET_F_INV : 0;
   258	
   259		if (nft_dump_register(skb, NFTA_DYNSET_SREG_KEY, priv->sreg_key))
   260			goto nla_put_failure;
   261		if (priv->set->flags & NFT_SET_MAP &&
   262		    nft_dump_register(skb, NFTA_DYNSET_SREG_DATA, priv->sreg_data))
   263			goto nla_put_failure;
   264		if (nla_put_be32(skb, NFTA_DYNSET_OP, htonl(priv->op)))
   265			goto nla_put_failure;
   266		if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name))
   267			goto nla_put_failure;
   268		if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT,
 > 269				 cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)),
   270				 NFTA_DYNSET_PAD))
   271			goto nla_put_failure;
   272		if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr))
   273			goto nla_put_failure;
   274		if (nla_put_be32(skb, NFTA_DYNSET_FLAGS, htonl(flags)))
   275			goto nla_put_failure;
   276		return 0;
   277	
   278	nla_put_failure:
   279		return -1;
   280	}
   281	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff mbox series

Patch

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 55b4cadf290a..c1c0a4ff92ae 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1524,4 +1524,8 @@  void __init nft_chain_route_init(void);
 void nft_chain_route_fini(void);
 
 void nf_tables_trans_destroy_flush_work(void);
+
+int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result);
+__be64 nf_jiffies64_to_msecs(u64 input);
+
 #endif /* _NET_NF_TABLES_H */
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 23abf1578594..c2f59879a48d 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3719,7 +3719,7 @@  static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
 	return 0;
 }
 
-static int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
+int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
 {
 	u64 ms = be64_to_cpu(nla_get_be64(nla));
 	u64 max = (u64)(~((u64)0));
@@ -3733,7 +3733,7 @@  static int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
 	return 0;
 }
 
-static __be64 nf_jiffies64_to_msecs(u64 input)
+__be64 nf_jiffies64_to_msecs(u64 input)
 {
 	return cpu_to_be64(jiffies64_to_msecs(input));
 }
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 64ca13a1885b..ca6cfbb27051 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -157,8 +157,7 @@  static int nft_dynset_init(const struct nft_ctx *ctx,
 	if (tb[NFTA_DYNSET_TIMEOUT] != NULL) {
 		if (!(set->flags & NFT_SET_TIMEOUT))
 			return -EINVAL;
-		timeout = msecs_to_jiffies(be64_to_cpu(nla_get_be64(
-						tb[NFTA_DYNSET_TIMEOUT])));
+		timeout = nf_msecs_to_jiffies(be64_to_cpu(nla_get_be64(tb[NFTA_DYNSET_TIMEOUT])));
 	}
 
 	priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
@@ -267,7 +266,7 @@  static int nft_dynset_dump(struct sk_buff *skb, const struct nft_expr *expr)
 	if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name))
 		goto nla_put_failure;
 	if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT,
-			 cpu_to_be64(jiffies_to_msecs(priv->timeout)),
+			 cpu_to_be64(nf_jiffies_to_msecs(priv->timeout)),
 			 NFTA_DYNSET_PAD))
 		goto nla_put_failure;
 	if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr))