From: Sasha Levin <sashal@kernel•org>
To: linux-kernel@vger•kernel.org, stable@vger•kernel.org
Cc: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net•com>,
Florian Westphal <fw@strlen•de>,
Pablo Neira Ayuso <pablo@netfilter•org>,
Sasha Levin <sashal@kernel•org>,
netfilter-devel@vger•kernel.org, coreteam@netfilter•org,
netdev@vger•kernel.org
Subject: [PATCH AUTOSEL 4.14 08/36] netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
Date: Wed, 4 Sep 2019 12:00:54 -0400 [thread overview]
Message-ID: <20190904160122.4179-8-sashal@kernel.org> (raw)
In-Reply-To: <20190904160122.4179-1-sashal@kernel.org>
From: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net•com>
[ Upstream commit 89a26cd4b501e9511d3cd3d22327fc76a75a38b3 ]
When running a 64-bit kernel with a 32-bit iptables binary, the size of
the xt_nfacct_match_info struct diverges.
kernel: sizeof(struct xt_nfacct_match_info) : 40
iptables: sizeof(struct xt_nfacct_match_info)) : 36
Trying to append nfacct related rules results in an unhelpful message.
Although it is suggested to look for more information in dmesg, nothing
can be found there.
# iptables -A <chain> -m nfacct --nfacct-name <acct-object>
iptables: Invalid argument. Run `dmesg' for more information.
This patch fixes the memory misalignment by enforcing 8-byte alignment
within the struct's first revision. This solution is often used in many
other uapi netfilter headers.
Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net•com>
Acked-by: Florian Westphal <fw@strlen•de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter•org>
Signed-off-by: Sasha Levin <sashal@kernel•org>
---
include/uapi/linux/netfilter/xt_nfacct.h | 5 ++++
net/netfilter/xt_nfacct.c | 36 ++++++++++++++++--------
2 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/include/uapi/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h
index 5c8a4d760ee34..b5123ab8d54a8 100644
--- a/include/uapi/linux/netfilter/xt_nfacct.h
+++ b/include/uapi/linux/netfilter/xt_nfacct.h
@@ -11,4 +11,9 @@ struct xt_nfacct_match_info {
struct nf_acct *nfacct;
};
+struct xt_nfacct_match_info_v1 {
+ char name[NFACCT_NAME_MAX];
+ struct nf_acct *nfacct __attribute__((aligned(8)));
+};
+
#endif /* _XT_NFACCT_MATCH_H */
diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c
index 6f92d25590a85..ea447b437f122 100644
--- a/net/netfilter/xt_nfacct.c
+++ b/net/netfilter/xt_nfacct.c
@@ -55,25 +55,39 @@ nfacct_mt_destroy(const struct xt_mtdtor_param *par)
nfnl_acct_put(info->nfacct);
}
-static struct xt_match nfacct_mt_reg __read_mostly = {
- .name = "nfacct",
- .family = NFPROTO_UNSPEC,
- .checkentry = nfacct_mt_checkentry,
- .match = nfacct_mt,
- .destroy = nfacct_mt_destroy,
- .matchsize = sizeof(struct xt_nfacct_match_info),
- .usersize = offsetof(struct xt_nfacct_match_info, nfacct),
- .me = THIS_MODULE,
+static struct xt_match nfacct_mt_reg[] __read_mostly = {
+ {
+ .name = "nfacct",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = nfacct_mt_checkentry,
+ .match = nfacct_mt,
+ .destroy = nfacct_mt_destroy,
+ .matchsize = sizeof(struct xt_nfacct_match_info),
+ .usersize = offsetof(struct xt_nfacct_match_info, nfacct),
+ .me = THIS_MODULE,
+ },
+ {
+ .name = "nfacct",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = nfacct_mt_checkentry,
+ .match = nfacct_mt,
+ .destroy = nfacct_mt_destroy,
+ .matchsize = sizeof(struct xt_nfacct_match_info_v1),
+ .usersize = offsetof(struct xt_nfacct_match_info_v1, nfacct),
+ .me = THIS_MODULE,
+ },
};
static int __init nfacct_mt_init(void)
{
- return xt_register_match(&nfacct_mt_reg);
+ return xt_register_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg));
}
static void __exit nfacct_mt_exit(void)
{
- xt_unregister_match(&nfacct_mt_reg);
+ xt_unregister_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg));
}
module_init(nfacct_mt_init);
--
2.20.1
next prev parent reply other threads:[~2019-09-04 16:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190904160122.4179-1-sashal@kernel.org>
2019-09-04 16:00 ` [PATCH AUTOSEL 4.14 02/36] s390/bpf: fix lcgr instruction encoding Sasha Levin
2019-09-04 16:00 ` [PATCH AUTOSEL 4.14 05/36] s390/bpf: use 32-bit index for tail calls Sasha Levin
2019-09-04 16:00 ` [PATCH AUTOSEL 4.14 06/36] batman-adv: fix uninit-value in batadv_netlink_get_ifindex() Sasha Levin
2019-09-04 16:00 ` Sasha Levin [this message]
2019-09-04 16:00 ` [PATCH AUTOSEL 4.14 12/36] Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 Sasha Levin
2019-09-04 16:00 ` [PATCH AUTOSEL 4.14 13/36] qed: Add cleanup in qed_slowpath_start() Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 15/36] batman-adv: Only read OGM tvlv_len after buffer len check Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 16/36] batman-adv: Only read OGM2 " Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 17/36] r8152: Set memory to all 0xFFs on failed reg reads Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 19/36] netfilter: nf_conntrack_ftp: Fix debug output Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 27/36] sky2: Disable MSI on yet another ASUS boards (P6Xxxx) Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 31/36] amd-xgbe: Fix error path in xgbe_mod_init() Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 32/36] net: stmmac: dwmac-rk: Don't fail if phy regulator is absent Sasha Levin
2019-09-04 16:01 ` [PATCH AUTOSEL 4.14 36/36] net: seeq: Fix the function used to release some memory in an error handling path Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190904160122.4179-8-sashal@kernel.org \
--to=sashal@kernel$(echo .)org \
--cc=coreteam@netfilter$(echo .)org \
--cc=fw@strlen$(echo .)de \
--cc=juliana.rodrigueiro@intra2net$(echo .)com \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=netdev@vger$(echo .)kernel.org \
--cc=netfilter-devel@vger$(echo .)kernel.org \
--cc=pablo@netfilter$(echo .)org \
--cc=stable@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox