lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180718092426.mxdti3jes5jsssta@salvia>
Date:   Wed, 18 Jul 2018 11:24:26 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Matthew Wilcox <willy@...radead.org>,
        NetFilter <netfilter-devel@...r.kernel.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Varsha Rao <rvarsha016@...il.com>
Subject: Re: linux-next: build failure after merge of the ida tree

Hi Matthew, Stephen,

On Wed, Jul 18, 2018 at 04:54:06PM +1000, Stephen Rothwell wrote:
> Hi Matthew,
> 
> After merging the ida tree, today's linux-next build (x86_64 allmodconfig)
> failed like this:
> 
> net/netfilter/nf_tables_api.c: In function 'nf_tables_set_alloc_name':
> net/netfilter/nf_tables_api.c:3014:8: error: implicit declaration of function 'ida_get_new_above'; did you mean 'idr_get_next_ul'? [-Werror=implicit-function-declaration]
>     n = ida_get_new_above(&inuse, tmp, &id);
>         ^~~~~~~~~~~~~~~~~
>         idr_get_next_ul
> 
> Caused by commit
> 
>   3f2668c1e101 ("ida: Remove old API")

I see, we have no more lockless API for IDA anymore :-(. In our case,
we were already protected by the the nfnl_lock mutex, which it was
sufficient to ensure non-concurrent access to IDA structures.

Unless I'm missing anything, the new API forces use to the spinlock
call with disabled irq for each time we update something from the
netfilter netlink interface, so that's a no-go for us.

> interacting with commit
> 
>   9679150a0bd5 ("netfilter: nf_tables: Use id allocation")
> 
> from the netfilter-next tree.

@Varsha, I'm very sorry, but I guess I have to toss your patch, I
would prefer avoid dependencies with the IDA API by now.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ