lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210521014058.5c84301d@elisabeth>
Date:   Fri, 21 May 2021 01:40:58 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Pablo Neira Ayuso <pablo@...filter.org>,
        NetFilter <netfilter-devel@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>,
        Florian Westphal <fw@...len.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: Re: linux-next: manual merge of the netfilter-next tree with the
 net tree

Hi,

On Fri, 21 May 2021 09:12:22 +1000
Stephen Rothwell <sfr@...b.auug.org.au> wrote:

> Hi all,
> 
> On Wed, 19 May 2021 14:05:32 +1000 Stephen Rothwell <sfr@...b.auug.org.au> wrote:
> >
> > On Wed, 19 May 2021 09:56:27 +1000 Stephen Rothwell <sfr@...b.auug.org.au> wrote:  
> > >
> > > Today's linux-next merge of the netfilter-next tree got a conflict in:
> > > 
> > >   net/netfilter/nft_set_pipapo.c
> > > 
> > > between commit:
> > > 
> > >   f0b3d338064e ("netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version")
> > > 
> > > from the net tree and commit:
> > > 
> > >   b1bc08f6474f ("netfilter: nf_tables: prefer direct calls for set lookups")
> > > 
> > > from the netfilter-next tree.
> > > 
> > > I fixed it up (I just used the latter) and can carry the fix as necessary. This
> > > is now fixed as far as linux-next is concerned, but any non trivial
> > > conflicts should be mentioned to your upstream maintainer when your tree
> > > is submitted for merging.  You may also want to consider cooperating
> > > with the maintainer of the conflicting tree to minimise any particularly
> > > complex conflicts.    
> > 
> > This merge also needs the following merge resolution patch:
> > 
> > From: Stephen Rothwell <sfr@...b.auug.org.au>
> > Date: Wed, 19 May 2021 13:48:22 +1000
> > Subject: [PATCH] fix up for merge involving nft_pipapo_lookup()
> > 
> > Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
> > ---
> >  net/netfilter/nft_set_pipapo.h | 2 --
> >  1 file changed, 2 deletions(-)
> > 
> > diff --git a/net/netfilter/nft_set_pipapo.h b/net/netfilter/nft_set_pipapo.h
> > index d84afb8fa79a..25a75591583e 100644
> > --- a/net/netfilter/nft_set_pipapo.h
> > +++ b/net/netfilter/nft_set_pipapo.h
> > @@ -178,8 +178,6 @@ struct nft_pipapo_elem {
> >  
> >  int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
> >  		  union nft_pipapo_map_bucket *mt, bool match_only);
> > -bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
> > -		       const u32 *key, const struct nft_set_ext **ext);
> >  
> >  /**
> >   * pipapo_and_field_buckets_4bit() - Intersect 4-bit buckets
> > -- 
> > 2.30.2  
> 
> Actually it appears to also need this:

Thanks for the fix, and sorry for the mess. To retain the effect of
b1bc08f6474f ("netfilter: nf_tables: prefer direct calls for set lookups")
from nf-next, though,

> diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
> index 789e9eadd76d..8652b2514e57 100644
> --- a/include/net/netfilter/nf_tables_core.h
> +++ b/include/net/netfilter/nf_tables_core.h
> @@ -89,6 +89,8 @@ extern const struct nft_set_type nft_set_bitmap_type;
>  extern const struct nft_set_type nft_set_pipapo_type;
>  extern const struct nft_set_type nft_set_pipapo_avx2_type;
>  
> +bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
> +			    const u32 *key, const struct nft_set_ext **ext);

while this looks correct to me (b1bc08f6474f adds the prototype
conditionally for CONFIG_RETPOLINE, f0b3d338064e adds it
unconditionally),

>  #ifdef CONFIG_RETPOLINE
>  bool nft_rhash_lookup(const struct net *net, const struct nft_set *set,
>  		      const u32 *key, const struct nft_set_ext **ext);
> @@ -101,8 +103,6 @@ bool nft_hash_lookup_fast(const struct net *net,
>  			  const u32 *key, const struct nft_set_ext **ext);
>  bool nft_hash_lookup(const struct net *net, const struct nft_set *set,
>  		     const u32 *key, const struct nft_set_ext **ext);
> -bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
> -			    const u32 *key, const struct nft_set_ext **ext);
>  bool nft_set_do_lookup(const struct net *net, const struct nft_set *set,
>  		       const u32 *key, const struct nft_set_ext **ext);
>  #else
> diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
> index 9addc0b447f7..dce866d93fee 100644
> --- a/net/netfilter/nft_set_pipapo.c
> +++ b/net/netfilter/nft_set_pipapo.c
> @@ -408,7 +408,6 @@ int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
>   *
>   * Return: true on match, false otherwise.
>   */
> -INDIRECT_CALLABLE_SCOPE

this shouldn't be removed.

>  bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
>  		       const u32 *key, const struct nft_set_ext **ext)
>  {
> 
> 

Let me know if I should rather send a patch for linux-next (but it
might take me a bit).

-- 
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ