git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From 17a49cd549d9dc8707dc9262210166455c612dde Mon Sep 17 00:00:00 2001
   2 From: Hongxu Jia <hongxu.jia@windriver.com>
   3 Date: Tue, 29 Nov 2016 21:56:26 -0500
   4 Subject: netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
   5
   6 From: Hongxu Jia <hongxu.jia@windriver.com>
   7
   8 commit 17a49cd549d9dc8707dc9262210166455c612dde upstream.
   9
  10 Since 09d9686047db ("netfilter: x_tables: do compat validation via
  11 translate_table"), it used compatr structure to assign newinfo
  12 structure.  In translate_compat_table of ip_tables.c and ip6_tables.c,
  13 it used compatr->hook_entry to replace info->hook_entry and
  14 compatr->underflow to replace info->underflow, but not do the same
  15 replacement in arp_tables.c.
  16
  17 It caused invoking 32-bit "arptbale -P INPUT ACCEPT" failed in 64bit
  18 kernel.
  19 --------------------------------------
  20 root@qemux86-64:~# arptables -P INPUT ACCEPT
  21 root@qemux86-64:~# arptables -P INPUT ACCEPT
  22 ERROR: Policy for `INPUT' offset 448 != underflow 0
  23 arptables: Incompatible with this kernel
  24 --------------------------------------
  25
  26 Fixes: 09d9686047db ("netfilter: x_tables: do compat validation via translate_table")
  27 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
  28 Acked-by: Florian Westphal <fw@strlen.de>
  29 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  30 Acked-by: Michal Kubecek <mkubecek@suse.cz>
  31 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  32
  33 ---
  34  net/ipv4/netfilter/arp_tables.c |    4 ++--
  35  1 file changed, 2 insertions(+), 2 deletions(-)
  36
  37 --- a/net/ipv4/netfilter/arp_tables.c
  38 +++ b/net/ipv4/netfilter/arp_tables.c
  39 @@ -1339,8 +1339,8 @@ static int translate_compat_table(struct
  40
  41         newinfo->number = compatr->num_entries;
  42         for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
  43 -               newinfo->hook_entry[i] = info->hook_entry[i];
  44 -               newinfo->underflow[i] = info->underflow[i];
  45 +               newinfo->hook_entry[i] = compatr->hook_entry[i];
  46 +               newinfo->underflow[i] = compatr->underflow[i];
  47         }
  48         entry1 = newinfo->entries;
  49         pos = entry1;