Received: by 10.223.176.5 with SMTP id f5csp3403228wra; Mon, 29 Jan 2018 12:40:38 -0800 (PST) X-Google-Smtp-Source: AH8x22631TaHizky3KdWVcdGakBdXbGpoLDFrzhpxKOZnp5q0C10wECTOwTupEy/heRY9MRpg0g/ X-Received: by 10.98.108.130 with SMTP id h124mr28002914pfc.33.1517258438191; Mon, 29 Jan 2018 12:40:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517258438; cv=none; d=google.com; s=arc-20160816; b=SmEbl56OkIgnDisrwtNXFLWG28vDvkFWNSCIOsPRQQ4MTG59MYo5JSGgUbgcopf2Es j1FcPk8RpJE+chmeISg8LNAOayoTipplBgNM+gD/aTeXXguc2TTOP/0PARCjZqrSygIa bkoDDeH8YMfv9noRuAkWuIvqkMpk9x96dex06hJ8uC7Zy7nnLAFSZ1DpA4QtmfmT3Jk7 tGjqHcf/5sbMRWKZqSV8jc4WopVJ7AzUU7FNJ6WYIQ5kAKTag3u/m9qHJ5ATZ2sUAuj+ 6PafMsrG0YftVVF1QMiLJoqGOjk2GmxDoFFA/NbfIRkReXPuVDOFR7LrppRMm5pte2Yx CCzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=WrOpDxCh6jbATnNCttN81I3mnG65BuimB5AlOqz6HtQ=; b=C5O4TutCM2INkvj/8qAY9kx+spjP04uBjwR6ToSjSa9HqRe+GSQTZtp3Yrm/z3o8GN SDOUQuZ9rQ2mZHw56O//GNoZW1+TE4rXNjNEHMJwrV8V8anYoMFyGVje+BJ+romYuhHQ 0jWuFq8qM9jY/TC0HWH8Udm61b8pUQ1lvVJPrPCh+tIDppi7gmseMH3xJgc6h0PMs4J8 MqxFifTj5DFNFkiZ3hoAt/Eu+9iD1EZ17SJX95IYe4Kta7gHMCE2EvH+hTM9fzlN2BtK 2CVHz9f+nrPTwjuz32xVP1M8tmA52N+Nkeu+AVK14GfyEoKd8t2ApyaRgvU3fgFmCnwe vbwg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l8si7930632pgq.35.2018.01.29.12.40.23; Mon, 29 Jan 2018 12:40:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754099AbeA2UNW (ORCPT + 99 others); Mon, 29 Jan 2018 15:13:22 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:37348 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753405AbeA2UNU (ORCPT ); Mon, 29 Jan 2018 15:13:20 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 249452EFB; Mon, 29 Jan 2018 13:01:43 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongxu Jia , Florian Westphal , Pablo Neira Ayuso , Michal Kubecek Subject: [PATCH 4.4 31/74] netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel Date: Mon, 29 Jan 2018 13:56:36 +0100 Message-Id: <20180129123849.005587090@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180129123847.507563674@linuxfoundation.org> References: <20180129123847.507563674@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hongxu Jia commit 17a49cd549d9dc8707dc9262210166455c612dde upstream. Since 09d9686047db ("netfilter: x_tables: do compat validation via translate_table"), it used compatr structure to assign newinfo structure. In translate_compat_table of ip_tables.c and ip6_tables.c, it used compatr->hook_entry to replace info->hook_entry and compatr->underflow to replace info->underflow, but not do the same replacement in arp_tables.c. It caused invoking 32-bit "arptbale -P INPUT ACCEPT" failed in 64bit kernel. -------------------------------------- root@qemux86-64:~# arptables -P INPUT ACCEPT root@qemux86-64:~# arptables -P INPUT ACCEPT ERROR: Policy for `INPUT' offset 448 != underflow 0 arptables: Incompatible with this kernel -------------------------------------- Fixes: 09d9686047db ("netfilter: x_tables: do compat validation via translate_table") Signed-off-by: Hongxu Jia Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Acked-by: Michal Kubecek Signed-off-by: Greg Kroah-Hartman --- net/ipv4/netfilter/arp_tables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1339,8 +1339,8 @@ static int translate_compat_table(struct newinfo->number = compatr->num_entries; for (i = 0; i < NF_ARP_NUMHOOKS; i++) { - newinfo->hook_entry[i] = info->hook_entry[i]; - newinfo->underflow[i] = info->underflow[i]; + newinfo->hook_entry[i] = compatr->hook_entry[i]; + newinfo->underflow[i] = compatr->underflow[i]; } entry1 = newinfo->entries; pos = entry1;