Re: [PATCH 1/2] netfilter: ipvs: avoid unused variable warnings

On Thursday 28 January 2016 08:39:53 Simon Horman wrote: > On Wed, Jan 27, 2016 at 10:01:42PM +0200, Julian Anastasov wrote: > > > > Hello, > > > > On Wed, 27 Jan 2016, Arnd Bergmann wrote: > > > > > The proc_create() and remo

Re: [PATCH 0/7] fix IS_ERR_VALUE usage

On Monday 15 February 2016 15:35:18 Andrzej Hajda wrote: > > Andrzej Hajda (7): > netfilter: fix IS_ERR_VALUE usage > MIPS: module: fix incorrect IS_ERR_VALUE macro usages > drivers: char: mem: fix IS_ERROR_VALUE usage > atmel-isi: fix IS_ERR_VALUE usage > serial: clps711x: fix

Re: [PATCH] netfilter: conntrack: remove uninitialized shadow variable

On Monday 09 May 2016 22:01:17 Pablo Neira Ayuso wrote: > On Mon, May 09, 2016 at 09:47:23PM +0200, Arnd Bergmann wrote: > > A recent commit introduced an unconditional use of an uninitialized > > variable, as reported in this gcc warning: > > > > net/netfilter/nf_co

[PATCH] netfilter: ctnetlink: add more #ifdef around unused code

with that, so this patch adds even more #ifdef conditionals to avoid the remaining warnings. Another option would be to put '__maybe_unused' annotations in place of the previous 'inline' keyword. Signed-off-by: Arnd Bergmann <a...@arndb.de> Fixes: 4054ff45454a ("netfilter: ctnetlink: remove

Re: [PATCH 3/3] netfilter: xt_hashlimit: uses div_u64 for division

On Friday 30 September 2016, Eric Dumazet wrote: > On Fri, 2016-09-30 at 18:05 +0200, Arnd Bergmann wrote: > > net/netfilter/xt_hashlimit.c | 17 ++--- > > 1 file changed, 10 insertions(+), 7 deletions(-) > > > > diff --git a/net/netfilter/xt_

[PATCH 1/3] netfilter: nf_tables: avoid uninitialized variable warning

/nft_range.c:45:5: error: 'mismatch' may be used uninitialized in this function [-Werror=maybe-uninitialized] This can be trivially avoided by added a 'default:' clause. Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression") Signed-off-by: Arnd Bergmann <a...@arndb

[PATCH 3/3] netfilter: xt_hashlimit: uses div_u64 for division

, and reverts back to 32-bit arguments for the version 1 data to restore the original faster 32-bit division. With both changes combined, we no longer get a link error. Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to support higher pps rates") Signed-off-by: Arn

[PATCH 2/3] netfilter: hide reference to nf_hooks_ingress

' has no member named 'nf_hooks_ingress' This avoids the build error by simply enclosing the assignment in an #ifdef, which may or may not be the correct fix. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Arnd Bergmann <a...@arndb.de> --

Re: [PATCH] [rfc, netfilter-next] netfilter: nf_tables: fib warnings

On Friday, October 28, 2016 5:50:31 PM CEST Florian Westphal wrote: > Arnd Bergmann <a...@arndb.de> wrote: > > The newly added nft fib code produces two warnings: > > > > net/ipv4/netfilter/nft_fib_ipv4.c: In function 'nft_fib4_eval': > > net/ipv4/netfilter/n

[PATCH] [rfc, netfilter-next] netfilter: nf_tables: fib warnings

nor NFTA_FIB_F_IIF are set. I have no idea how that should be handled, this patch just returns without doing anything, which may or may not be the right thing to do. Fixes: 84f5eedb983e ("netfilter: nf_tables: add fib expression") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- ne

[PATCH] [v2 netfilter-next] netfilter: nf_tables: fib warnings

solves both warnings, but as I don't fully understand Florian's change, I can't tell if it's correct. Suggested-by: Florian Westphal <f...@strlen.de> Fixes: 84f5eedb983e ("netfilter: nf_tables: add fib expression") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- v2: integrat

Re: [PATCH] [rfc, netfilter-next] netfilter: nf_tables: fib warnings

On Friday, October 28, 2016 6:21:49 PM CEST Florian Westphal wrote: > Good point. In case oif is NULL we don't have to search the result > list for a match anyway, so we could do this (not even build tested): > It didn't apply cleanly, but I've integrated it with the change to initialize oif to

[PATCH 1/2] [net-next] udp: provide udp{4,6}_lib_lookup for nf_socket_ipv{4,6}

OCKET_IPV4 or CONFIG_NF_SOCKET_IPV6, respectively are set. Fixes: 8db4c5be88f6 ("netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- The build failure came from the netfilter tree but is now present in ne

[PATCH 2/2] [nf-next] netfilter: fix NF_REPEAT handling

ame behavior as today but avoids the warning by making that case impossible to enter. Fixes: 08733a0cb7de ("netfilter: handle NF_REPEAT from nf_conntrack_in()") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- The patch causing this is currently only in nf-next, and not yet in

[PATCH 01/28] [v2] netfilter: nf_tables: avoid uninitialized variable warning

approach, and is nicer than using the 'uninitialized_var' macro. Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression") Link: http://patchwork.ozlabs.org/patch/677114/ Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/nft_range.c | 10 -- 1 file chang

[PATCH] netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning

data, so I kept the two changes together. Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/ipvs/ip_vs_sync.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index 1b07578bedf3..935053

Re: [PATCH] netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning

On Monday, October 24, 2016 10:47:54 PM CEST Julian Anastasov wrote: > > diff --git a/net/netfilter/ipvs/ip_vs_sync.c > > b/net/netfilter/ipvs/ip_vs_sync.c > > index 1b07578bedf3..9350530c16c1 100644 > > --- a/net/netfilter/ipvs/ip_vs_sync.c > > +++ b/net/netfilter/ipvs/ip_vs_sync.c > > @@ -283,6

[PATCH 00/28] Reenable maybe-uninitialized warnings

Arnd Bergmann (28): [v2] netfilter: nf_tables: avoid uninitialized variable warning [v2] mtd: mtk: avoid warning in mtk_ecc_encode [v2] infiniband: shut up a maybe-uninitialized warning f2fs: replace a build-time warning with runtime WARN_ON ext2: avoid bogus -Wmaybe-uninitialized warning

[PATCH 28/28] Kbuild: bring back -Wmaybe-uninitialized warning

send them for inclusion in v4.10. Link: https://rusty.ozlabs.org/?p=232 [1] Link: https://gcc.gnu.org/wiki/Better_Uninitialized_Warnings [2] Signed-off-by: Arnd Bergmann <a...@arndb.de> --- Makefile | 10 ++ arch/arc/Makefile | 4 +++- scripts/Makefile.ubsan |

[PATCH] ARM: add cmpxchg64 helper for ARMv7-M

); u64_stats_fetch_retry_irq == false In this example, the data returned by __nft_counter_reset() is zero as we overwrite the per-cpu counter value during the retries. Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects") Signed-off-by: Arnd Bergmann <

Re: [PATCH net-next] netfilter: nft_counter: rework atomic dump and reset

On Sunday, December 11, 2016 11:43:59 AM CET Pablo Neira Ayuso wrote: > Dump and reset doesn't work unless cmpxchg64() is used both from packet > and control plane paths. This approach is going to be slow though. > Instead, use a percpu seqcount to fetch counters consistently, then > subtract

[PATCH] netfilter: ipt_CLUSTERIP: fix build error without procfs

xes: 6c5d5cfbe3c5 ("netfilter: ipt_CLUSTERIP: check duplicate config when initializing") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/ipv4/netfilter/ipt_CLUSTERIP.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b

Re: [PATCH] uapi: use wildcards to list files

On Tuesday, January 3, 2017 3:35:44 PM CET Nicolas Dichtel wrote: > Regularly, when a new header is created in include/uapi/, the developer > forgets to add it in the corresponding Kbuild file. This error is usually > detected after the release is out. > > In fact, all headers under include/uapi/

Re: [PATCH v2 1/7] arm: put types.h in uapi

On Friday, January 6, 2017 10:43:53 AM CET Nicolas Dichtel wrote: > > diff --git a/arch/arm/include/asm/types.h b/arch/arm/include/asm/types.h > index a53cdb8f068c..c48fee3d7b3b 100644 > --- a/arch/arm/include/asm/types.h > +++ b/arch/arm/include/asm/types.h > @@ -1,40 +1,6 @@ > #ifndef

Re: [PATCH v2 3/7] nios2: put setup.h in uapi

On Friday, January 6, 2017 10:43:55 AM CET Nicolas Dichtel wrote: > diff --git a/arch/nios2/include/uapi/asm/setup.h > b/arch/nios2/include/uapi/asm/setup.h > new file mode 100644 > index ..8d8285997ba8 > --- /dev/null > +++ b/arch/nios2/include/uapi/asm/setup.h > @@ -0,0 +1,6 @@ >

Re: [PATCH v2 0/7] uapi: export all headers under uapi directories

On Friday, January 6, 2017 10:43:52 AM CET Nicolas Dichtel wrote: > Here is the v2 of this series. The first 5 patches are just cleanup: some > exported headers were still under a non-uapi directory. Since this is meant as a cleanup, I commented on this to point out a cleaner way to do the same.

[PATCH] [netfilter-next] netfilter: remove unused refcount variable

: b54ab92b84b6 ("netfilter: refcounter conversions") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/nfnetlink_acct.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index f44cbd35357f..c86da174a5fc 100644 ---

[PATCH] netfilter: fix stringop-overflow warning with UBSAN

nge the ?: operator into an if()/else() construct. Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/ipset/ip_set_core.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index e495b5e4

Re: [PATCH RFC 03/26] sched: Replace spin_unlock_wait() with lock/unlock pair

On Fri, Jun 30, 2017 at 2:01 AM, Paul E. McKenney wrote: > There is no agreed-upon definition of spin_unlock_wait()'s semantics, > and it appears that all callers could do just as well with a lock/unlock > pair. This commit therefore replaces the spin_unlock_wait()

Re: [PATCH] netfilter: conntrack: Force inlining of build check to prevent build failure

extension sizes > again") > Signed-off-by: Geert Uytterhoeven <ge...@linux-m68k.org> I saw this as well when I tried building with "gcc-7 -Og", and came to the same conclusion. Acked-by: Arnd Bergmann <a...@arndb.de> With -Og, there were a couple of other instance

Re: [PATCH] netfilter: conntrack: Force inlining of build check to prevent build failure

On Wed, May 3, 2017 at 2:47 PM, Geert Uytterhoeven <ge...@linux-m68k.org> wrote: > Hi Arnd, > > On Wed, May 3, 2017 at 2:32 PM, Arnd Bergmann <a...@arndb.de> wrote: >> On Wed, May 3, 2017 at 2:18 PM, Geert Uytterhoeven <ge...@linux-m68k.org> >> wrote: >&g

Re: [PATCH] netfilter: xt_hashlimit: avoid 64-bit division

On Thu, Sep 7, 2017 at 12:19 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Wed, Sep 06, 2017 at 10:48:22PM +0200, Arnd Bergmann wrote: >> On Wed, Sep 6, 2017 at 10:22 PM, Vishwanath Pai <v...@akamai.com> wrote: >> > On 09/06/2017 03:57 PM, Arnd Bergman

Re: [PATCH] netfilter: xt_hashlimit: avoid 64-bit division

On Wed, Sep 6, 2017 at 10:22 PM, Vishwanath Pai <v...@akamai.com> wrote: > On 09/06/2017 03:57 PM, Arnd Bergmann wrote: >> 64-bit division is expensive on 32-bit architectures, and >> requires a special function call to avoid a link error like: >> >> net/netf

[PATCH] netfilter: xt_hashlimit: avoid 64-bit division

don't actually need a 64-bit operation, we can simply rewrite the function slightly to make that clear to the compiler. Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/xt_hashlimit.c | 5 - 1

[PATCH] [net-next] netfilter: add ifdef around ctnetlink_proto_size

the definition. I'm picking the third approach here since that seems to be what the rest of the file has. Fixes: 5caaed151a68 ("netfilter: conntrack: don't cache nlattr_tuple_size result in nla_size") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/nf_conntrack_netlink.

[PATCH] netfilter: fix clusterip_net_exit build regression

to make it available to the WARN_ON_ONCE(). Fixes: 613d0776d3fe ("netfilter: exit_net cleanup check added") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/ipt_CL

[PATCH net-next] netfilter: improve flow table Kconfig dependencies

dependencies between the four new modules are met. Fixes: 7c23b629a808 ("netfilter: flow table support for the mixed IPv4/IPv6 family") Fixes: 0995210753a2 ("netfilter: flow table support for IPv6") Fixes: 97add9f0d66d ("netfilter: flow table support for IPv4"

[PATCH net-next 2/2] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef

s.c: In function 'ipv6_defrag': net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct' Both functions already have an #ifdef for this, so let's move the check in there. Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set") Signed

[PATCH net-next 1/2] netfilter: nf_defrag: mark xt_table structures 'const' again

. Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- This might not be the best fix for the issue, please have a look if you can come up with something nicer, or just apply this version. --- net/ipv4/netfilter/ipt

[PATCH] netfilter: nf_tables: flow_offload depends on flow_table

reference to `flow_offload_add' nft_flow_offload.c:(.text+0xc94): undefined reference to `flow_offload_free' This adds a Kconfig dependency for it. Fixes: a3c90f7a2323 ("netfilter: nf_tables: flow offload expression") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/K

[PATCH] netfilter: add nf_queue_entry forward declaration

] Adding a forward declaration for the type avoids the warnings. Fixes: 9faa679ee7ec ("netfilter: move reroute indirection to struct nf_ipv6_ops") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- include/linux/netfilter_ipv4.h | 2 ++ include/linux/netfilter_ipv6.h | 2 ++ 2

Re: [PATCH 1/4] treewide: convert ISO_8859-1 text comments to utf-8

24 Jul 2018 13:13:25 +0200 Arnd Bergmann wrote: >> > > Almost all files in the kernel are either plain text or UTF-8 >> > > encoded. A couple however are ISO_8859-1, usually just a few >> > > characters in a C comments, for historic reasons. >> > >

Re: [PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

On Mon, Apr 9, 2018 at 4:37 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > Hi Arnd, > > On Mon, Apr 09, 2018 at 12:53:12PM +0200, Arnd Bergmann wrote: >> We get a new link error with CONFIG_NFT_REJECT_INET=y and >> CONFIG_NF_REJECT_IPV6=m > > I think

Re: [PATCH 40/47] netfilter: nf_tables: build-in filter chain type

On Fri, Mar 30, 2018 at 1:46 PM, Pablo Neira Ayuso wrote: > One module per supported filter chain family type takes too much memory > for very little code - too much modularization - place all chain filter > definitions in one single file. > > Signed-off-by: Pablo Neira Ayuso

[PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

is to express the above as a Kconfig dependency, forcing NFT_REJECT itself to be 'm' in that particular configuration. Fixes: 02c7b25e5f54 ("netfilter: nf_tables: build-in filter chain type") Signed-off-by: Arnd Bergmann <a...@arndb.de> --- net/netfilter/Kconfig | 1 + 1 file changed, 1 in

Re: [PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

On Fri, Apr 13, 2018 at 3:15 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Mon, Apr 09, 2018 at 04:43:40PM +0200, Arnd Bergmann wrote: >> On Mon, Apr 9, 2018 at 4:37 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > Hi Arnd, >> >