On 02/09/2024 17:02, Joshua Lant wrote:
This is v2 of the previous patchset found here:
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org/...
I have added the new __nf_kptr_t type and modified all the patches accordingly, as well as fixing up all (hopefully) of the nits found in the previous patches.
Many thanks Kevin for your input on everything. I hope that this is now in a decent state.
Thank you for taking the time to rework this series!
Overall this is looking good to me, there are a few issues here and there (see inline replies) but I expect the next version will be in good shape to merge. Something I'd like to check before that is how you are testing these changes? I am a little concerned that patch 5 and 8 introduce clear functional regressions that presumably went unnoticed. These regressions should occur regardless of the ABI, so even netfilter tests built in the standard arm64 ABI should expose them. I see that a few netfilter kselftests exist, that may be a good start - building them for standard arm64 shouldn't be an issue (purecap is another story but this is less essential).
Kevin
Cheers.
Joshua Lant (17): netfilter: Create new type for kernel pointers. x_tables.h: remove kernel pointer from uapi xt_entry_match struct x_tables.h: remove kernel pointer from uapi xt_entry_target struct xt_CT: remove pointer from uapi struct xt_IDLETIMER: remove pointer from uapi struct xt_RATEEST: remove pointer from uapi struct xt_TEE: remove pointer from uapi struct xt_bpf: remove pointer from uapi struct xt_connlimit: remove pointer from uapi struct xt_hashlimit: remove pointer from uapi struct xt_limit: remove pointer from uapi struct xt_nfacct: remove pointer from uapi struct xt_quota: remove pointer from uapi struct xt_rateest: remove pointer from uapi struct xt_statistic: remove pointer from uapi struct ebtables: remove pointer from uapi struct xtables: move include to headers
include/linux/netfilter.h | 6 + include/uapi/linux/netfilter.h | 8 + include/uapi/linux/netfilter/x_tables.h | 12 +- include/uapi/linux/netfilter/xt_CT.h | 4 +- include/uapi/linux/netfilter/xt_IDLETIMER.h | 6 +- include/uapi/linux/netfilter/xt_RATEEST.h | 3 +- include/uapi/linux/netfilter/xt_TEE.h | 3 +- include/uapi/linux/netfilter/xt_bpf.h | 7 +- include/uapi/linux/netfilter/xt_connlimit.h | 3 +- include/uapi/linux/netfilter/xt_hashlimit.h | 17 ++- include/uapi/linux/netfilter/xt_limit.h | 3 +- include/uapi/linux/netfilter/xt_nfacct.h | 6 +- include/uapi/linux/netfilter/xt_quota.h | 3 +- include/uapi/linux/netfilter/xt_rateest.h | 5 +- include/uapi/linux/netfilter/xt_statistic.h | 4 +- .../uapi/linux/netfilter_bridge/ebtables.h | 15 +- net/bridge/netfilter/ebtable_broute.c | 2 +- net/bridge/netfilter/ebtable_filter.c | 6 +- net/bridge/netfilter/ebtable_nat.c | 6 +- net/bridge/netfilter/ebtables.c | 64 ++++---- net/ipv4/netfilter/arp_tables.c | 22 +-- net/ipv4/netfilter/ip_tables.c | 44 +++--- net/ipv6/netfilter/ip6_tables.c | 44 +++--- net/netfilter/x_tables.c | 20 +-- net/netfilter/xt_CT.c | 10 +- net/netfilter/xt_IDLETIMER.c | 139 +++++++++--------- net/netfilter/xt_RATEEST.c | 12 +- net/netfilter/xt_TCPMSS.c | 2 +- net/netfilter/xt_TEE.c | 12 +- net/netfilter/xt_bpf.c | 19 +-- net/netfilter/xt_connlimit.c | 8 +- net/netfilter/xt_hashlimit.c | 24 +-- net/netfilter/xt_limit.c | 6 +- net/netfilter/xt_nfacct.c | 8 +- net/netfilter/xt_quota.c | 12 +- net/netfilter/xt_rateest.c | 12 +- net/netfilter/xt_statistic.c | 13 +- 37 files changed, 323 insertions(+), 267 deletions(-)