tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 16ac8a76bb641919747e8dd64d29890464df5c58 commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables: check standard verdicts in core config: alpha-defconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 # save the attached .config to linux build tree make.cross ARCH=alpha All errors (new ones prefixed by >>): net/netfilter/x_tables.c: In function 'xt_check_entry_offsets': >> net/netfilter/x_tables.c:797:8: error: implicit declaration of function 'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration] if (!verdict_ok(st->verdict)) ^~~~~~~~~~ vprintk cc1: some warnings being treated as errors vim +797 net/netfilter/x_tables.c 724 725 /** 726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry 727 * 728 * @base: pointer to arp/ip/ip6t_entry 729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems 730 * @target_offset: the arp/ip/ip6_t->target_offset 731 * @next_offset: the arp/ip/ip6_t->next_offset 732 * 733 * validates that target_offset and next_offset are sane and that all 734 * match sizes (if any) align with the target offset. 735 * 736 * This function does not validate the targets or matches themselves, it 737 * only tests that all the offsets and sizes are correct, that all 738 * match structures are aligned, and that the last structure ends where 739 * the target structure begins. 740 * 741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. 742 * 743 * The arp/ip/ip6t_entry structure @base must have passed following tests: 744 * - it must point to a valid memory location 745 * - base to base + next_offset must be accessible, i.e. not exceed allocated 746 * length. 747 * 748 * A well-formed entry looks like this: 749 * 750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata] ip(6)t_entry 751 * e->elems[]-----' | | 752 * matchsize | | 753 * matchsize | | 754 * | | 755 * target_offset---------------------------------' | 756 * next_offset---------------------------------------------------' 757 * 758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct. 759 * This is where matches (if any) and the target reside. 760 * target_offset: beginning of target. 761 * next_offset: start of the next rule; also: size of this rule. 762 * Since targets have a minimum size, target_offset + minlen <= next_offset. 763 * 764 * Every match stores its size, sum of sizes must not exceed target_offset. 765 * 766 * Return: 0 on success, negative errno on failure. 767 */ 768 int xt_check_entry_offsets(const void *base, 769 const char *elems, 770 unsigned int target_offset, 771 unsigned int next_offset) 772 { 773 long size_of_base_struct = elems - (const char *)base; 774 const struct xt_entry_target *t; 775 const char *e = base; 776 777 /* target start is within the ip/ip6/arpt_entry struct */ 778 if (target_offset < size_of_base_struct) 779 return -EINVAL; 780 781 if (target_offset + sizeof(*t) > next_offset) 782 return -EINVAL; 783 784 t = (void *)(e + target_offset); 785 if (t->u.target_size < sizeof(*t)) 786 return -EINVAL; 787 788 if (target_offset + t->u.target_size > next_offset) 789 return -EINVAL; 790 791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) { 792 const struct xt_standard_target *st = (const void *)t; 793 794 if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset) 795 return -EINVAL; 796 > 797 if (!verdict_ok(st->verdict)) 798 return -EINVAL; 799 } 800 801 return xt_check_entry_match(elems, base + target_offset, 802 __alignof__(struct xt_entry_match)); 803 } 804 EXPORT_SYMBOL(xt_check_entry_offsets); 805 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
