tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 16ac8a76bb641919747e8dd64d29890464df5c58 commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables: check standard verdicts in core config: alpha-defconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 # save the attached .config to linux build tree make.cross ARCH=alpha
All errors (new ones prefixed by >>):
net/netfilter/x_tables.c: In function 'xt_check_entry_offsets':
>> net/netfilter/x_tables.c:797:8: error: implicit declaration of function
>> 'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration]
if (!verdict_ok(st->verdict))
^~~~~~~~~~
vprintk
cc1: some warnings being treated as errors
vim +797 net/netfilter/x_tables.c
724
725 /**
726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry
727 *
728 * @base: pointer to arp/ip/ip6t_entry
729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
730 * @target_offset: the arp/ip/ip6_t->target_offset
731 * @next_offset: the arp/ip/ip6_t->next_offset
732 *
733 * validates that target_offset and next_offset are sane and that all
734 * match sizes (if any) align with the target offset.
735 *
736 * This function does not validate the targets or matches themselves, it
737 * only tests that all the offsets and sizes are correct, that all
738 * match structures are aligned, and that the last structure ends where
739 * the target structure begins.
740 *
741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
742 *
743 * The arp/ip/ip6t_entry structure @base must have passed following
tests:
744 * - it must point to a valid memory location
745 * - base to base + next_offset must be accessible, i.e. not exceed
allocated
746 * length.
747 *
748 * A well-formed entry looks like this:
749 *
750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata]
ip(6)t_entry
751 * e->elems[]-----' | |
752 * matchsize | |
753 * matchsize | |
754 * | |
755 * target_offset---------------------------------' |
756 * next_offset---------------------------------------------------'
757 *
758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
759 * This is where matches (if any) and the target reside.
760 * target_offset: beginning of target.
761 * next_offset: start of the next rule; also: size of this rule.
762 * Since targets have a minimum size, target_offset + minlen <=
next_offset.
763 *
764 * Every match stores its size, sum of sizes must not exceed
target_offset.
765 *
766 * Return: 0 on success, negative errno on failure.
767 */
768 int xt_check_entry_offsets(const void *base,
769 const char *elems,
770 unsigned int target_offset,
771 unsigned int next_offset)
772 {
773 long size_of_base_struct = elems - (const char *)base;
774 const struct xt_entry_target *t;
775 const char *e = base;
776
777 /* target start is within the ip/ip6/arpt_entry struct */
778 if (target_offset < size_of_base_struct)
779 return -EINVAL;
780
781 if (target_offset + sizeof(*t) > next_offset)
782 return -EINVAL;
783
784 t = (void *)(e + target_offset);
785 if (t->u.target_size < sizeof(*t))
786 return -EINVAL;
787
788 if (target_offset + t->u.target_size > next_offset)
789 return -EINVAL;
790
791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
792 const struct xt_standard_target *st = (const void *)t;
793
794 if (XT_ALIGN(target_offset + sizeof(*st)) !=
next_offset)
795 return -EINVAL;
796
> 797 if (!verdict_ok(st->verdict))
798 return -EINVAL;
799 }
800
801 return xt_check_entry_match(elems, base + target_offset,
802 __alignof__(struct xt_entry_match));
803 }
804 EXPORT_SYMBOL(xt_check_entry_offsets);
805
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
