netfilter: nf_conntrack: make nf_ct_zone_dflt built-in
authorDaniel Borkmann <daniel@iogearbox.net>
Wed, 2 Sep 2015 23:26:07 +0000 (01:26 +0200)
committerDavid S. Miller <davem@davemloft.net>
Wed, 2 Sep 2015 23:32:56 +0000 (16:32 -0700)
commit62da98656b62a5ca57f22263705175af8ded5aa1
treea935f068ce7d2c6e20e0fce136e4b0ff7a8ef9bc
parenta82b0e63917f597c546cd479acc938e08ac54f2d
netfilter: nf_conntrack: make nf_ct_zone_dflt built-in

Fengguang reported, that some randconfig generated the following linker
issue with nf_ct_zone_dflt object involved:

  [...]
  CC      init/version.o
  LD      init/built-in.o
  net/built-in.o: In function `ipv4_conntrack_defrag':
  nf_defrag_ipv4.c:(.text+0x93e95): undefined reference to `nf_ct_zone_dflt'
  net/built-in.o: In function `ipv6_defrag':
  nf_defrag_ipv6_hooks.c:(.text+0xe3ffe): undefined reference to `nf_ct_zone_dflt'
  make: *** [vmlinux] Error 1

Given that configurations exist where we have a built-in part, which is
accessing nf_ct_zone_dflt such as the two handlers nf_ct_defrag_user()
and nf_ct6_defrag_user(), and a part that configures nf_conntrack as a
module, we must move nf_ct_zone_dflt into a fixed, guaranteed built-in
area when netfilter is configured in general.

Therefore, split the more generic parts into a common header under
include/linux/netfilter/ and move nf_ct_zone_dflt into the built-in
section that already holds parts related to CONFIG_NF_CONNTRACK in the
netfilter core. This fixes the issue on my side.

Fixes: 308ac9143ee2 ("netfilter: nf_conntrack: push zone object into functions")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter.h
include/linux/netfilter/nf_conntrack_zones_common.h [new file with mode: 0644]
include/net/netfilter/nf_conntrack_zones.h
net/netfilter/core.c
net/netfilter/nf_conntrack_core.c