Commit e3a4182e authored by WangYuli's avatar WangYuli Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE 



1. MITIGATION_RETPOLINE is x86-only (defined in arch/x86/Kconfig),
so no need to AND with CONFIG_X86 when checking if enabled.

2. Remove unused declaration of nf_skip_indirect_calls() when
MITIGATION_RETPOLINE is disabled to avoid warnings.

3. Declare nf_skip_indirect_calls() and nf_skip_indirect_calls_enable()
as inline when MITIGATION_RETPOLINE is enabled, as they are called
only once and have simple logic.

Fix follow error with clang-21 when W=1e:
  net/netfilter/nf_tables_core.c:39:20: error: unused function 'nf_skip_indirect_calls' [-Werror,-Wunused-function]
     39 | static inline bool nf_skip_indirect_calls(void) { return false; }
        |                    ^~~~~~~~~~~~~~~~~~~~~~
  1 error generated.
  make[4]: *** [scripts/Makefile.build:207: net/netfilter/nf_tables_core.o] Error 1
  make[3]: *** [scripts/Makefile.build:465: net/netfilter] Error 2
  make[3]: *** Waiting for unfinished jobs....

Fixes: d8d76062 ("netfilter: nf_tables: add static key to skip retpoline workarounds")
Co-developed-by: default avatarWentao Guan <guanwentao@uniontech.com>
Signed-off-by: default avatarWentao Guan <guanwentao@uniontech.com>
Signed-off-by: default avatarWangYuli <wangyuli@uniontech.com>
Acked-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 932b32ff

net/netfilter/nf_tables_core.c

+4 −7
Original line number Diff line number Diff line
@@ -21,25 +21,22 @@ 
#include <net/netfilter/nf_log.h>

#include <net/netfilter/nft_meta.h>



#if defined(CONFIG_MITIGATION_RETPOLINE) && defined(CONFIG_X86)



#ifdef CONFIG_MITIGATION_RETPOLINE

static struct static_key_false nf_tables_skip_direct_calls;



static bool nf_skip_indirect_calls(void)

static inline bool nf_skip_indirect_calls(void)

{

	return static_branch_likely(&nf_tables_skip_direct_calls);

}



static void __init nf_skip_indirect_calls_enable(void)

static inline void __init nf_skip_indirect_calls_enable(void)

{

	if (!cpu_feature_enabled(X86_FEATURE_RETPOLINE))

		static_branch_enable(&nf_tables_skip_direct_calls);

}

#else

static inline bool nf_skip_indirect_calls(void) { return false; }



static inline void nf_skip_indirect_calls_enable(void) { }

#endif

#endif /* CONFIG_MITIGATION_RETPOLINE */



static noinline void __nft_trace_packet(const struct nft_pktinfo *pkt,

					const struct nft_verdict *verdict,