Hi Shaun, kernel test robot noticed the following build errors: [auto build test ERROR on netfilter-nf/main] [also build test ERROR on linus/master v6.15-rc5 next-20250508] [cannot apply to nf-next/master] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Shaun-Brady/netfilter-nf_tables-Implement-jump-limit-for-nft_table_validate/20250506-150258 base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main patch link: https://lore.kernel.org/r/20250506024900.1568391-1-brady.1345%40gmail.com patch subject: [PATCH v2] netfilter: nf_tables: Implement jump limit for nft_table_validate config: arm-randconfig-001-20250509 (https://download.01.org/0day-ci/archive/20250509/202505091702.01RMXhZx-lkp@xxxxxxxxx/config) compiler: arm-linux-gnueabi-gcc (GCC) 7.5.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250509/202505091702.01RMXhZx-lkp@xxxxxxxxx/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202505091702.01RMXhZx-lkp@xxxxxxxxx/ All errors (new ones prefixed by >>): net/netfilter/nf_tables_api.c: In function 'nft_chain_validate': >> net/netfilter/nf_tables_api.c:4022:29: error: 'struct netns_nf' has no member named 'nf_max_table_jumps_netns' jump_check = ctx->net->nf.nf_max_table_jumps_netns; ^ vim +4022 net/netfilter/nf_tables_api.c 4003 4004 /** nft_chain_validate - loop detection and hook validation 4005 * 4006 * @ctx: context containing call depth and base chain 4007 * @chain: chain to validate 4008 * 4009 * Walk through the rules of the given chain and chase all jumps/gotos 4010 * and set lookups until either the jump limit is hit or all reachable 4011 * chains have been validated. 4012 */ 4013 int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain) 4014 { 4015 struct nft_expr *expr, *last; 4016 struct nft_rule *rule; 4017 int err; 4018 u32 jump_check = nf_max_table_jumps_netns; 4019 4020 if (IS_ENABLED(CONFIG_SYSCTL)) { 4021 if (!net_eq(ctx->net, &init_net)) > 4022 jump_check = ctx->net->nf.nf_max_table_jumps_netns; 4023 } 4024 4025 if (ctx->level == NFT_JUMP_STACK_SIZE || 4026 (!net_eq(ctx->net, &init_net) && 4027 ctx->total_jump_count >= jump_check)) 4028 return -EMLINK; 4029 4030 list_for_each_entry(rule, &chain->rules, list) { 4031 if (fatal_signal_pending(current)) 4032 return -EINTR; 4033 4034 if (!nft_is_active_next(ctx->net, rule)) 4035 continue; 4036 4037 nft_rule_for_each_expr(expr, last, rule) { 4038 if (!expr->ops->validate) 4039 continue; 4040 4041 /* This may call nft_chain_validate() recursively, 4042 * callers that do so must increment ctx->level. 4043 */ 4044 err = expr->ops->validate(ctx, expr); 4045 if (err < 0) 4046 return err; 4047 } 4048 } 4049 4050 return 0; 4051 } 4052 EXPORT_SYMBOL_GPL(nft_chain_validate); 4053 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
