From patchwork Fri Oct 28 20:17:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101577 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp1358203qge; Fri, 28 Oct 2016 13:18:48 -0700 (PDT) X-Received: by 10.98.12.208 with SMTP id 77mr27788671pfm.14.1477685928832; Fri, 28 Oct 2016 13:18:48 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 66si8730794pfj.108.2016.10.28.13.18.48; Fri, 28 Oct 2016 13:18:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761764AbcJ1USr (ORCPT + 4 others); Fri, 28 Oct 2016 16:18:47 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:56818 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754833AbcJ1USo (ORCPT ); Fri, 28 Oct 2016 16:18:44 -0400 Received: from wuerfel.lan. ([78.43.20.153]) by mrelayeu.kundenserver.de (mreue003) with ESMTPA (Nemesis) id 0Lb6pZ-1cjygj1c0P-00kh4V; Fri, 28 Oct 2016 22:18:16 +0200 From: Arnd Bergmann To: Pablo Neira Ayuso Cc: Arnd Bergmann , Patrick McHardy , Jozsef Kadlecsik , "David S. Miller" , Alexey Kuznetsov , James Morris , Hideaki YOSHIFUJI , Florian Westphal , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] [v2 netfilter-next] netfilter: nf_tables: fib warnings Date: Fri, 28 Oct 2016 22:17:54 +0200 Message-Id: <20161028201810.1076559-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 MIME-Version: 1.0 X-Provags-ID: V03:K0:+4J/sJuqF+V3hxF6RuJGZL/Pcw2+aFDqimmYtBxbdTYCo+HtkY0 vIvxvHk085wMFENpEjB92AQkVKo0+1HvV9++TjNsCFrUfzb0GY4JjGoA5x4BGkqDYTxXQeJ 3YWSAi7Zu0+us+XpcjjZzjqWr8Q+OJQE+sgrFP+qqyjYa7sKUJEW1DS2w623hgW4Mb6fPza bXExw4Iee6YmAA35wMRvQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:AQqReMCFx4E=:7tcDT4suuFC1imKvGeD/X0 nggcnHfNHxEBptBzVvFf+JER+xqLmv2pI9siLIWdmXUY4W2BE4zy39qriQUC2qEwKfXCUOpwd Rcfwy08lV22hpTa7nO2JwDQjaN6IQaDRZUVrbJhXCeCHP7RrSZwzilbfKhdyIN3aVvnwwRp2q 2TltQsb0X2f8jKrmo7l5SGaQIpkTw6tbcWXz9BLKamjceHYCvS3VRVs0sccn4cK/wKcwT97X+ Tsmb6xyWAHgZTlGQJ21JnrTOjk4C1KatAcYioLF0L1uDrnS1i3zzKlSG3v7ef6MywUXOe7mNP 6TOqIUxV5bcXl3Hi2tC4tLYNtniv1WmExaTPcrijm+7FbD7OgRy2rwA4KJ6o5HCnmcNplz6vK 29HaCzFVeUuiOCI6jUBUIwTPCUfAMgQTxI0ZWdzWD8EnCJHPS74EK3rVlMGmJRIU3fXjMYr9X 6pRDXXX9DyCkjuqD/fI19Ntp20hksc08vjiBiCupleeLh1+CncKcUULTRoDW8BcLxgN51Z8zN wwQZI7vLzO7FV2VSFUnqZJHEDkbWAGhLSiyR9DvU1/mqWn5t6RZv/yMyhBWC3Shup7njBc/5/ gXM2242e8RwZMg27va2M2TJnLE6hAa1M6NHzCzVw5wMkrSnHiPxvvpW4Kp5fmUPIA73Uhn9IF 354pIKymN47yk7G9L58BjgSypnhNt0z5K2iyAS4sjojzp5/v1jorWe/kkQ5FX4aoRVMXGSOrd JJ+hMNLDd2ZCIOW+ Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The newly added nft fib code produces two warnings: net/ipv4/netfilter/nft_fib_ipv4.c: In function 'nft_fib4_eval': net/ipv4/netfilter/nft_fib_ipv4.c:80:6: error: unused variable 'i' [-Werror=unused-variable] net/ipv4/netfilter/nft_fib_ipv4.c: In function ‘nft_fib4_eval’: net/ipv4/netfilter/nft_fib_ipv4.c:137:6: error: ‘oif’ may be used uninitialized in this function [-Werror=maybe-uninitialized] The first one is obvious as the only user of that variable is inside of an #ifdef The second one is a bit trickier. It's clear that oif is in fact uninitialized when it gets used when neither NFTA_FIB_F_IIF nor NFTA_FIB_F_OIF are set, and just setting it to NULL won't work as it may later get dereferenced. However, there is no need to search the result list if it is NULL, as Florian pointed out. This integrates his (untested) change to do so. I have confirmed that the combined patch solves both warnings, but as I don't fully understand Florian's change, I can't tell if it's correct. Suggested-by: Florian Westphal Fixes: 84f5eedb983e ("netfilter: nf_tables: add fib expression") Signed-off-by: Arnd Bergmann --- v2: integrate changes that Florian suggested --- net/ipv4/netfilter/nft_fib_ipv4.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) -- 2.9.0 diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c index 6787c563cfc9..db91fd42db67 100644 --- a/net/ipv4/netfilter/nft_fib_ipv4.c +++ b/net/ipv4/netfilter/nft_fib_ipv4.c @@ -77,7 +77,9 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, }; const struct net_device *oif; struct net_device *found; +#ifdef CONFIG_IP_ROUTE_MULTIPATH int i; +#endif /* * Do not set flowi4_oif, it restricts results (for example, asking @@ -90,6 +92,8 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, oif = pkt->out; else if (priv->flags & NFTA_FIB_F_IIF) oif = pkt->in; + else + oif = NULL; if (pkt->hook == NF_INET_PRE_ROUTING && fib4_is_local(pkt->skb)) { nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX); @@ -130,6 +134,11 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, break; } + if (!oif) { + found = FIB_RES_DEV(res); + goto ok; + } + #ifdef CONFIG_IP_ROUTE_MULTIPATH for (i = 0; i < res.fi->fib_nhs; i++) { struct fib_nh *nh = &res.fi->fib_nh[i]; @@ -139,16 +148,12 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, goto ok; } } -#endif - if (priv->flags & NFTA_FIB_F_OIF) { - found = FIB_RES_DEV(res); - if (found == oif) - goto ok; - return; - } - - *dest = FIB_RES_DEV(res)->ifindex; return; +#else + found = FIB_RES_DEV(res); + if (found != oif) + return; +#endif ok: switch (priv->result) { case NFT_FIB_RESULT_OIF: