[PATCH v4] audit: log nftables configuration change events once per table
kernel test robot
lkp at intel.com
Thu Mar 25 05:13:42 UTC 2021
Hi Richard,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf/master]
[also build test WARNING on nf-next/master pcmoore-audit/next v5.12-rc4 next-20210324]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-log-nftables-configuration-change-events-once-per-table/20210325-115438
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: arc-allyesconfig (attached as .config)
compiler: arceb-elf-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/e2632994acb2553a22a739b3a876a091d04f446c
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Richard-Guy-Briggs/audit-log-nftables-configuration-change-events-once-per-table/20210325-115438
git checkout e2632994acb2553a22a739b3a876a091d04f446c
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>
All warnings (new ones prefixed by >>):
>> net/netfilter/nf_tables_api.c:7993:5: warning: no previous prototype for 'nf_tables_commit_audit_alloc' [-Wmissing-prototypes]
7993 | int nf_tables_commit_audit_alloc(struct list_head *adl,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:8011:6: warning: no previous prototype for 'nf_tables_commit_audit_collect' [-Wmissing-prototypes]
8011 | void nf_tables_commit_audit_collect(struct list_head *adl,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/netfilter/nf_tables_api.c:8030:6: warning: no previous prototype for 'nf_tables_commit_audit_log' [-Wmissing-prototypes]
8030 | void nf_tables_commit_audit_log(struct list_head *adl, u32 generation)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/nf_tables_commit_audit_alloc +7993 net/netfilter/nf_tables_api.c
7992
> 7993 int nf_tables_commit_audit_alloc(struct list_head *adl,
7994 struct nft_table *table)
7995 {
7996 struct nft_audit_data *adp;
7997
7998 list_for_each_entry(adp, adl, list) {
7999 if (adp->table == table)
8000 return 0;
8001 }
8002 adp = kzalloc(sizeof(*adp), GFP_KERNEL);
8003 if (!adp)
8004 return -ENOMEM;
8005 adp->table = table;
8006 INIT_LIST_HEAD(&adp->list);
8007 list_add(&adp->list, adl);
8008 return 0;
8009 }
8010
> 8011 void nf_tables_commit_audit_collect(struct list_head *adl,
8012 struct nft_table *table, u32 op)
8013 {
8014 struct nft_audit_data *adp;
8015
8016 list_for_each_entry(adp, adl, list) {
8017 if (adp->table == table)
8018 goto found;
8019 }
8020 WARN_ONCE("table=%s not expected in commit list", table->name);
8021 return;
8022 found:
8023 adp->entries++;
8024 if (!adp->op || adp->op > op)
8025 adp->op = op;
8026 }
8027
8028 #define AUNFTABLENAMELEN (NFT_TABLE_MAXNAMELEN + 22)
8029
> 8030 void nf_tables_commit_audit_log(struct list_head *adl, u32 generation)
8031 {
8032 struct nft_audit_data *adp, *adn;
8033 char aubuf[AUNFTABLENAMELEN];
8034
8035 list_for_each_entry_safe(adp, adn, adl, list) {
8036 snprintf(aubuf, AUNFTABLENAMELEN, "%s:%u", adp->table->name,
8037 generation);
8038 audit_log_nfcfg(aubuf, adp->table->family, adp->entries,
8039 nft2audit_op[adp->op], GFP_KERNEL);
8040 list_del(&adp->list);
8041 kfree(adp);
8042 }
8043 }
8044
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.gz
Type: application/gzip
Size: 67493 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20210325/ce3ec447/attachment.gz>
More information about the Linux-audit
mailing list