[PATCH] netfilter: nfacct: Fix alignment mismatch in xt_nfacct_match

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] netfilter: nfacct: Fix alignment mismatch in xt_nfacct_match_info
@ 2019-07-29  8:37 Juliana Rodrigueiro
  2019-07-29 10:33 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: Juliana Rodrigueiro @ 2019-07-29  8:37 UTC (permalink / raw)
  To: pablo, netfilter-devel

When running a 64-bit kernel with a 32-bit iptables binary, the size of
the xt_nfacct_match_info struct diverges.

    kernel: sizeof(struct xt_nfacct_match_info) : 40
    iptables: sizeof(struct xt_nfacct_match_info)) : 36

Trying to append nfacct related rules results in an unhelpful message.
Although it is suggested to look for more information in dmesg, nothing
can be found there.

    # iptables -A <chain> -m nfacct --nfacct-name <acct-object>
    iptables: Invalid argument. Run `dmesg' for more information.

This patch fixes the memory misalignment by enforcing 8-byte alignment
within the struct. This solution is often used in many other uapi
netfilter headers.

Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
---
 include/uapi/linux/netfilter/xt_nfacct.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/uapi/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h
index 5c8a4d760ee3..576948f9bb6f 100644
--- a/include/uapi/linux/netfilter/xt_nfacct.h
+++ b/include/uapi/linux/netfilter/xt_nfacct.h
@@ -8,7 +8,7 @@ struct nf_acct;
 
 struct xt_nfacct_match_info {
 	char		name[NFACCT_NAME_MAX];
-	struct nf_acct	*nfacct;
+	struct nf_acct	*nfacct __attribute__((aligned(8)));
 };
 
 #endif /* _XT_NFACCT_MATCH_H */
-- 
2.20.1





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] netfilter: nfacct: Fix alignment mismatch in xt_nfacct_match_info
  2019-07-29  8:37 [PATCH] netfilter: nfacct: Fix alignment mismatch in xt_nfacct_match_info Juliana Rodrigueiro
@ 2019-07-29 10:33 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2019-07-29 10:33 UTC (permalink / raw)
  To: Juliana Rodrigueiro; +Cc: pablo, netfilter-devel

Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com> wrote:
> When running a 64-bit kernel with a 32-bit iptables binary, the size of
> the xt_nfacct_match_info struct diverges.
> 
>     kernel: sizeof(struct xt_nfacct_match_info) : 40
>     iptables: sizeof(struct xt_nfacct_match_info)) : 36
> 
> Trying to append nfacct related rules results in an unhelpful message.
> Although it is suggested to look for more information in dmesg, nothing
> can be found there.
> 
>     # iptables -A <chain> -m nfacct --nfacct-name <acct-object>
>     iptables: Invalid argument. Run `dmesg' for more information.
> 
> This patch fixes the memory misalignment by enforcing 8-byte alignment
> within the struct. This solution is often used in many other uapi
> netfilter headers.

Yes, but this breaks the 32bit abi.

Its best to add a 'v1' match revision to fix this.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-07-29 10:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-29  8:37 [PATCH] netfilter: nfacct: Fix alignment mismatch in xt_nfacct_match_info Juliana Rodrigueiro
2019-07-29 10:33 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).