lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 28 Nov 2022 08:57:17 -0800
From:   Ivan Babrou <ivan@...n.computer>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     Daniel Xu <dxu@...uu.xyz>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: Unused variable 'mark' in v6.1-rc7

On Mon, Nov 28, 2022 at 2:00 AM Pablo Neira Ayuso <pablo@...filter.org> wrote:
>
> Hi,
>
> On Sun, Nov 27, 2022 at 05:30:47PM -0800, Ivan Babrou wrote:
> > There's 52d1aa8b8249 in v6.1-rc7:
> >
> > * netfilter: conntrack: Fix data-races around ct mark
> >
> > It triggers an error:
> >
> > #19 355.8 /build/linux-source/net/netfilter/nf_conntrack_netlink.c: In
> > function '__ctnetlink_glue_build':
> > #19 355.8 /build/linux-source/net/netfilter/nf_conntrack_netlink.c:2674:13:
> > error: unused variable 'mark' [-Werror=unused-variable]
> > #19 355.8  2674 |         u32 mark;
> > #19 355.8       |             ^~~~
> > #19 355.8 cc1: all warnings being treated as errors
> >
> > If CONFIG_NF_CONNTRACK_MARK is not enabled, as mark is declared
> > unconditionally, but used under ifdef:
> >
> >  #ifdef CONFIG_NF_CONNTRACK_MARK
> > -       if ((events & (1 << IPCT_MARK) || ct->mark)
> > -           && ctnetlink_dump_mark(skb, ct) < 0)
> > +       mark = READ_ONCE(ct->mark);
> > +       if ((events & (1 << IPCT_MARK) || mark) &&
> > +           ctnetlink_dump_mark(skb, mark) < 0)
> >                 goto nla_put_failure;
> >  #endif
> >
> > To have NF_CONNTRACK_MARK one needs NETFILTER_ADVANCED:
> >
> > config NF_CONNTRACK_MARK
> >         bool  'Connection mark tracking support'
> >         depends on NETFILTER_ADVANCED
> >
> > It's supposed to be enabled by default:
> >
> > config NETFILTER_ADVANCED
> >         bool "Advanced netfilter configuration"
> >         depends on NETFILTER
> >         default y
> >
> > But it's not in defconfig (it's missing from arm64 completely):
> >
> > $ rg NETFILTER_ADVANCED arch/x86/configs/x86_64_defconfig
> > 93:# CONFIG_NETFILTER_ADVANCED is not set
> >
> > I think the solution is to enclose mark definition into ifdef as well
> > and I'm happy to send a patch if you agree and would like me to.
>
> Thanks for reporting and offering a patch:
>
> Could you give a try to this one? I'll be glad to get a Tested-by:
> tag if this is correct to you.
>
> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20221128095853.10589-1-pablo@netfilter.org/
>
> Thanks.

LGTM, it builds. Tested-by: Ivan Babrou <ivan@...n.computer>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ