1From 7297a8ef3cab3b0faf1426622ee902a2144e2e89 Mon Sep 17 00:00:00 2001 2From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> 3Date: Wed, 24 Mar 2021 11:27:14 +0100 4Subject: [PATCH] ebtables.h: restore KERNEL_64_USERSPACE_32 checks 5 6Commit e6359eedfbf497e52d52451072aea4713ed80a88 replaced the file ebtables.h 7but removed the usage of KERNEL_64_USERSPACE_32. This breaks boards where 8such flag is relevant, with following messages: 9 10[ 6364.971346] kernel msg: ebtables bug: please report to author: Standard target size too big 11 12Unable to update the kernel. Two possible causes: 131. Multiple ebtables programs were executing simultaneously. The ebtables 14 userspace tool doesn't by default support multiple ebtables programs running 15 concurrently. The ebtables option --concurrent or a tool like flock can be 16 used to support concurrent scripts that update the ebtables kernel tables. 172. The kernel doesn't support a certain ebtables extension, consider 18 recompiling your kernel or insmod the extension. 19 20Analysis shows that the structure 'ebt_replace' passed from userspace 21ebtables to the kernel, is too small, i.e 80 bytes instead of 120 in case of 2264-bit kernel. 23 24Note that the ebtables build system seems to assume that 'sparc64' is the 25only case where KERNEL_64_USERSPACE_32 is relevant, but this is not true. 26This situation can happen on many architectures, especially in embedded 27systems. For example, an Aarch64 processor with kernel in 64-bit but 28userland build for 32-bit Arm. Or a 64-bit MIPS Octeon III processor, with 29userland running in the 'n32' ABI. 30 31Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> 32Upstream-Status: http://patchwork.ozlabs.org/project/netfilter-devel/patch/20210518181730.13436-1-patrickdepinguin@gmail.com/ 33--- 34 include/linux/netfilter_bridge/ebtables.h | 21 +++++++++++++++++++++ 35 1 file changed, 21 insertions(+) 36 37diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h 38index 5be75f2..3c2b61e 100644 39--- a/include/linux/netfilter_bridge/ebtables.h 40+++ b/include/linux/netfilter_bridge/ebtables.h 41@@ -49,12 +49,21 @@ struct ebt_replace { 42 /* total size of the entries */ 43 unsigned int entries_size; 44 /* start of the chains */ 45+#ifdef KERNEL_64_USERSPACE_32 46+ uint64_t hook_entry[NF_BR_NUMHOOKS]; 47+#else 48 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; 49+#endif 50 /* nr of counters userspace expects back */ 51 unsigned int num_counters; 52 /* where the kernel will put the old counters */ 53+#ifdef KERNEL_64_USERSPACE_32 54+ uint64_t counters; 55+ uint64_t entries; 56+#else 57 struct ebt_counter *counters; 58 char *entries; 59+#endif 60 }; 61 62 struct ebt_replace_kernel { 63@@ -129,6 +138,9 @@ struct ebt_entry_match { 64 } u; 65 /* size of data */ 66 unsigned int match_size; 67+#ifdef KERNEL_64_USERSPACE_32 68+ unsigned int pad; 69+#endif 70 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); 71 }; 72 73@@ -142,6 +154,9 @@ struct ebt_entry_watcher { 74 } u; 75 /* size of data */ 76 unsigned int watcher_size; 77+#ifdef KERNEL_64_USERSPACE_32 78+ unsigned int pad; 79+#endif 80 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); 81 }; 82 83@@ -155,6 +170,9 @@ struct ebt_entry_target { 84 } u; 85 /* size of data */ 86 unsigned int target_size; 87+#ifdef KERNEL_64_USERSPACE_32 88+ unsigned int pad; 89+#endif 90 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); 91 }; 92 93@@ -162,6 +180,9 @@ struct ebt_entry_target { 94 struct ebt_standard_target { 95 struct ebt_entry_target target; 96 int verdict; 97+#ifdef KERNEL_64_USERSPACE_32 98+ unsigned int pad; 99+#endif 100 }; 101 102 /* one entry */ 103-- 1042.26.2 105 106