package/ebtables: fix runtime in case of BR2_KERNEL_64_USERLAND_32
ebtables 2.0.11 no longer works correctly when userland is 32-bit and the kernel is 64-bit. This used to work correctly in version 2.0.10-4. Problem is twofold: - ebtables itself was broken and needs to be patched - buildroot needs to pass the correct flag again to indicate when we are in this situation Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit is contained in:
Thomas De Schampheleire
Arnout Vandecappelle (Essensium/Mind)
parent
8c7222ad03
commit
4b5743e523
@ -0,0 +1,105 @@
|
||||
From 7297a8ef3cab3b0faf1426622ee902a2144e2e89 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
|
||||
Date: Wed, 24 Mar 2021 11:27:14 +0100
|
||||
Subject: [PATCH] ebtables.h: restore KERNEL_64_USERSPACE_32 checks
|
||||
|
||||
Commit e6359eedfbf497e52d52451072aea4713ed80a88 replaced the file ebtables.h
|
||||
but removed the usage of KERNEL_64_USERSPACE_32. This breaks boards where
|
||||
such flag is relevant, with following messages:
|
||||
|
||||
[ 6364.971346] kernel msg: ebtables bug: please report to author: Standard target size too big
|
||||
|
||||
Unable to update the kernel. Two possible causes:
|
||||
1. Multiple ebtables programs were executing simultaneously. The ebtables
|
||||
userspace tool doesn't by default support multiple ebtables programs running
|
||||
concurrently. The ebtables option --concurrent or a tool like flock can be
|
||||
used to support concurrent scripts that update the ebtables kernel tables.
|
||||
2. The kernel doesn't support a certain ebtables extension, consider
|
||||
recompiling your kernel or insmod the extension.
|
||||
|
||||
Analysis shows that the structure 'ebt_replace' passed from userspace
|
||||
ebtables to the kernel, is too small, i.e 80 bytes instead of 120 in case of
|
||||
64-bit kernel.
|
||||
|
||||
Note that the ebtables build system seems to assume that 'sparc64' is the
|
||||
only case where KERNEL_64_USERSPACE_32 is relevant, but this is not true.
|
||||
This situation can happen on many architectures, especially in embedded
|
||||
systems. For example, an Aarch64 processor with kernel in 64-bit but
|
||||
userland build for 32-bit Arm. Or a 64-bit MIPS Octeon III processor, with
|
||||
userland running in the 'n32' ABI.
|
||||
|
||||
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
|
||||
Upstream-Status: http://patchwork.ozlabs.org/project/netfilter-devel/patch/20210518181730.13436-1-patrickdepinguin@gmail.com/
|
||||
---
|
||||
include/linux/netfilter_bridge/ebtables.h | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
|
||||
index 5be75f2..3c2b61e 100644
|
||||
--- a/include/linux/netfilter_bridge/ebtables.h
|
||||
+++ b/include/linux/netfilter_bridge/ebtables.h
|
||||
@@ -49,12 +49,21 @@ struct ebt_replace {
|
||||
/* total size of the entries */
|
||||
unsigned int entries_size;
|
||||
/* start of the chains */
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ uint64_t hook_entry[NF_BR_NUMHOOKS];
|
||||
+#else
|
||||
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
|
||||
+#endif
|
||||
/* nr of counters userspace expects back */
|
||||
unsigned int num_counters;
|
||||
/* where the kernel will put the old counters */
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ uint64_t counters;
|
||||
+ uint64_t entries;
|
||||
+#else
|
||||
struct ebt_counter *counters;
|
||||
char *entries;
|
||||
+#endif
|
||||
};
|
||||
|
||||
struct ebt_replace_kernel {
|
||||
@@ -129,6 +138,9 @@ struct ebt_entry_match {
|
||||
} u;
|
||||
/* size of data */
|
||||
unsigned int match_size;
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ unsigned int pad;
|
||||
+#endif
|
||||
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
|
||||
};
|
||||
|
||||
@@ -142,6 +154,9 @@ struct ebt_entry_watcher {
|
||||
} u;
|
||||
/* size of data */
|
||||
unsigned int watcher_size;
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ unsigned int pad;
|
||||
+#endif
|
||||
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
|
||||
};
|
||||
|
||||
@@ -155,6 +170,9 @@ struct ebt_entry_target {
|
||||
} u;
|
||||
/* size of data */
|
||||
unsigned int target_size;
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ unsigned int pad;
|
||||
+#endif
|
||||
unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
|
||||
};
|
||||
|
||||
@@ -162,6 +180,9 @@ struct ebt_entry_target {
|
||||
struct ebt_standard_target {
|
||||
struct ebt_entry_target target;
|
||||
int verdict;
|
||||
+#ifdef KERNEL_64_USERSPACE_32
|
||||
+ unsigned int pad;
|
||||
+#endif
|
||||
};
|
||||
|
||||
/* one entry */
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@ -0,0 +1,51 @@
|
||||
From ebf0236270b977a62c522bc32810bc9f8edc72d1 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
|
||||
Date: Wed, 24 Mar 2021 13:40:14 +0100
|
||||
Subject: [PATCH] configure.ac: add option --enable-kernel-64-userland-32
|
||||
|
||||
The ebtables build system seems to assume that 'sparc64' is the
|
||||
only case where KERNEL_64_USERSPACE_32 is relevant, but this is not true.
|
||||
This situation can happen on many architectures, especially in embedded
|
||||
systems. For example, an Aarch64 processor with kernel in 64-bit but
|
||||
userland build for 32-bit Arm. Or a 64-bit MIPS Octeon III processor, with
|
||||
userland running in the 'n32' ABI.
|
||||
|
||||
While it is possible to set CFLAGS in the environment when calling the
|
||||
configure script, the caller would need to know to not only specify
|
||||
KERNEL_64_USERSPACE_32 but also the EBT_MIN_ALIGN value.
|
||||
|
||||
Instead, add a configure option. All internal details can then be handled by
|
||||
the configure script.
|
||||
|
||||
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
|
||||
Upstream-Status: http://patchwork.ozlabs.org/project/netfilter-devel/patch/20210518181730.13436-2-patrickdepinguin@gmail.com/
|
||||
---
|
||||
configure.ac | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index c24ede3..3e89c0c 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -15,10 +15,17 @@ AS_IF([test "x$LOCKFILE" = x], [LOCKFILE="/var/lib/ebtables/lock"])
|
||||
|
||||
regular_CFLAGS="-Wall -Wunused"
|
||||
regular_CPPFLAGS=""
|
||||
+
|
||||
case "$host" in
|
||||
sparc64-*)
|
||||
- regular_CPPFLAGS="$regular_CPPFLAGS -DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32";;
|
||||
+ enable_kernel_64_userland_32=yes ;;
|
||||
esac
|
||||
+AC_ARG_ENABLE([kernel-64-userland-32],
|
||||
+ AC_HELP_STRING([--enable-kernel-64-userland-32], [indicate that ebtables will be built as a 32-bit application but run under a 64-bit kernel])
|
||||
+)
|
||||
+AS_IF([test "x$enable_kernel_64_userland_32" = xyes],
|
||||
+ [regular_CPPFLAGS="$regular_CPPFLAGS -DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32"]
|
||||
+)
|
||||
|
||||
AC_SUBST([regular_CFLAGS])
|
||||
AC_SUBST([regular_CPPFLAGS])
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@ -11,6 +11,12 @@ EBTABLES_LICENSE_FILES = COPYING
|
||||
EBTABLES_CPE_ID_VENDOR = netfilter
|
||||
EBTABLES_SELINUX_MODULES = iptables
|
||||
|
||||
# for 0003-configure.ac-add-option-enable-kernel-64-userland-32.patch
|
||||
EBTABLES_AUTORECONF = YES
|
||||
ifeq ($(BR2_KERNEL_64_USERLAND_32),y)
|
||||
EBTABLES_CONF_OPTS += --enable-kernel-64-userland-32
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_EBTABLES_UTILS_SAVE),y)
|
||||
define EBTABLES_INSTALL_TARGET_UTILS_SAVE
|
||||
$(INSTALL) -m 0755 -D $(@D)/ebtables-save.sh $(TARGET_DIR)/usr/sbin/ebtables-legacy-save
|
||||
|
||||
Loading…
Reference in New Issue
Block a user