Re: [PATCH net v2] netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE
From: Florian Westphal
Date: Wed Mar 19 2025 - 11:18:00 EST
WangYuli <wangyuli@xxxxxxxxxxxxx> wrote:
> 1. MITIGATION_RETPOLINE is x86-only (defined in arch/x86/Kconfig),
> so no need to AND with CONFIG_X86 when checking if enabled.
>
> 2. Remove unused declaration of nf_skip_indirect_calls() when
> MITIGATION_RETPOLINE is disabled to avoid warnings.
>
> 3. Declare nf_skip_indirect_calls() and nf_skip_indirect_calls_enable()
> as inline when MITIGATION_RETPOLINE is enabled, as they are called
> only once and have simple logic.
>
> Fix follow error with clang-21 when W=1e:
> net/netfilter/nf_tables_core.c:39:20: error: unused function 'nf_skip_indirect_calls' [-Werror,-Wunused-function]
> 39 | static inline bool nf_skip_indirect_calls(void) { return false; }
> | ^~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
> make[4]: *** [scripts/Makefile.build:207: net/netfilter/nf_tables_core.o] Error 1
> make[3]: *** [scripts/Makefile.build:465: net/netfilter] Error 2
> make[3]: *** Waiting for unfinished jobs....
>
> Fixes: d8d760627855 ("netfilter: nf_tables: add static key to skip retpoline workarounds")
> Co-developed-by: Wentao Guan <guanwentao@xxxxxxxxxxxxx>
> Signed-off-by: Wentao Guan <guanwentao@xxxxxxxxxxxxx>
> Signed-off-by: WangYuli <wangyuli@xxxxxxxxxxxxx>
Acked-by: Florian Westphal <fw@xxxxxxxxx>