--- /dev/null
+From 7297a8ef3cab3b0faf1426622ee902a2144e2e89 Mon Sep 17 00:00:00 2001
+From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Date: Wed, 24 Mar 2021 11:27:14 +0100
+Subject: [PATCH] ebtables.h: restore KERNEL_64_USERSPACE_32 checks
+
+Commit e6359eedfbf497e52d52451072aea4713ed80a88 replaced the file ebtables.h
+but removed the usage of KERNEL_64_USERSPACE_32. This breaks boards where
+such flag is relevant, with following messages:
+
+[ 6364.971346] kernel msg: ebtables bug: please report to author: Standard target size too big
+
+Unable to update the kernel. Two possible causes:
+1. Multiple ebtables programs were executing simultaneously. The ebtables
+ userspace tool doesn't by default support multiple ebtables programs running
+ concurrently. The ebtables option --concurrent or a tool like flock can be
+ used to support concurrent scripts that update the ebtables kernel tables.
+2. The kernel doesn't support a certain ebtables extension, consider
+ recompiling your kernel or insmod the extension.
+
+Analysis shows that the structure 'ebt_replace' passed from userspace
+ebtables to the kernel, is too small, i.e 80 bytes instead of 120 in case of
+64-bit kernel.
+
+Note that the ebtables build system seems to assume that 'sparc64' is the
+only case where KERNEL_64_USERSPACE_32 is relevant, but this is not true.
+This situation can happen on many architectures, especially in embedded
+systems. For example, an Aarch64 processor with kernel in 64-bit but
+userland build for 32-bit Arm. Or a 64-bit MIPS Octeon III processor, with
+userland running in the 'n32' ABI.
+
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-Status: http://patchwork.ozlabs.org/project/netfilter-devel/patch/20210518181730.13436-1-patrickdepinguin@gmail.com/
+---
+ include/linux/netfilter_bridge/ebtables.h | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
+index 5be75f2..3c2b61e 100644
+--- a/include/linux/netfilter_bridge/ebtables.h
++++ b/include/linux/netfilter_bridge/ebtables.h
+@@ -49,12 +49,21 @@ struct ebt_replace {
+ /* total size of the entries */
+ unsigned int entries_size;
+ /* start of the chains */
++#ifdef KERNEL_64_USERSPACE_32
++ uint64_t hook_entry[NF_BR_NUMHOOKS];
++#else
+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
++#endif
+ /* nr of counters userspace expects back */
+ unsigned int num_counters;
+ /* where the kernel will put the old counters */
++#ifdef KERNEL_64_USERSPACE_32
++ uint64_t counters;
++ uint64_t entries;
++#else
+ struct ebt_counter *counters;
+ char *entries;
++#endif
+ };
+
+ struct ebt_replace_kernel {
+@@ -129,6 +138,9 @@ struct ebt_entry_match {
+ } u;
+ /* size of data */
+ unsigned int match_size;
++#ifdef KERNEL_64_USERSPACE_32
++ unsigned int pad;
++#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+ };
+
+@@ -142,6 +154,9 @@ struct ebt_entry_watcher {
+ } u;
+ /* size of data */
+ unsigned int watcher_size;
++#ifdef KERNEL_64_USERSPACE_32
++ unsigned int pad;
++#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+ };
+
+@@ -155,6 +170,9 @@ struct ebt_entry_target {
+ } u;
+ /* size of data */
+ unsigned int target_size;
++#ifdef KERNEL_64_USERSPACE_32
++ unsigned int pad;
++#endif
+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+ };
+
+@@ -162,6 +180,9 @@ struct ebt_entry_target {
+ struct ebt_standard_target {
+ struct ebt_entry_target target;
+ int verdict;
++#ifdef KERNEL_64_USERSPACE_32
++ unsigned int pad;
++#endif
+ };
+
+ /* one entry */
+--
+2.26.2
+
--- /dev/null
+From ebf0236270b977a62c522bc32810bc9f8edc72d1 Mon Sep 17 00:00:00 2001
+From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Date: Wed, 24 Mar 2021 13:40:14 +0100
+Subject: [PATCH] configure.ac: add option --enable-kernel-64-userland-32
+
+The ebtables build system seems to assume that 'sparc64' is the
+only case where KERNEL_64_USERSPACE_32 is relevant, but this is not true.
+This situation can happen on many architectures, especially in embedded
+systems. For example, an Aarch64 processor with kernel in 64-bit but
+userland build for 32-bit Arm. Or a 64-bit MIPS Octeon III processor, with
+userland running in the 'n32' ABI.
+
+While it is possible to set CFLAGS in the environment when calling the
+configure script, the caller would need to know to not only specify
+KERNEL_64_USERSPACE_32 but also the EBT_MIN_ALIGN value.
+
+Instead, add a configure option. All internal details can then be handled by
+the configure script.
+
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-Status: http://patchwork.ozlabs.org/project/netfilter-devel/patch/20210518181730.13436-2-patrickdepinguin@gmail.com/
+---
+ configure.ac | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index c24ede3..3e89c0c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -15,10 +15,17 @@ AS_IF([test "x$LOCKFILE" = x], [LOCKFILE="/var/lib/ebtables/lock"])
+
+ regular_CFLAGS="-Wall -Wunused"
+ regular_CPPFLAGS=""
++
+ case "$host" in
+ sparc64-*)
+- regular_CPPFLAGS="$regular_CPPFLAGS -DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32";;
++ enable_kernel_64_userland_32=yes ;;
+ esac
++AC_ARG_ENABLE([kernel-64-userland-32],
++ AC_HELP_STRING([--enable-kernel-64-userland-32], [indicate that ebtables will be built as a 32-bit application but run under a 64-bit kernel])
++)
++AS_IF([test "x$enable_kernel_64_userland_32" = xyes],
++ [regular_CPPFLAGS="$regular_CPPFLAGS -DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32"]
++)
+
+ AC_SUBST([regular_CFLAGS])
+ AC_SUBST([regular_CPPFLAGS])
+--
+2.26.2
+
projects / buildroot.git / commitdiff