From: Felix Fietkau Date: Sun, 28 Mar 2010 19:05:59 +0000 (+0000) Subject: netfilter: fix ABI breakage caused by the netfilter match optimization (fixes #5628) X-Git-Tag: reboot~20405 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=5f89a1f0965739c67e238f707e4c258e4bb13713;p=openwrt%2Fstaging%2Fblogic.git netfilter: fix ABI breakage caused by the netfilter match optimization (fixes #5628) SVN-Revision: 20552 --- diff --git a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch index 950a432959e3..926966ced01c 100644 --- a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch @@ -119,3 +119,26 @@ /* For return from builtin chain */ back = get_entry(table_base, private->underflow[hook]); +@@ -976,6 +1015,7 @@ copy_entries_to_user(unsigned int total_ + unsigned int i; + const struct ipt_entry_match *m; + const struct ipt_entry_target *t; ++ u8 flags; + + e = (struct ipt_entry *)(loc_cpu_entry + off); + if (copy_to_user(userptr + off +@@ -986,6 +1026,14 @@ copy_entries_to_user(unsigned int total_ + goto free_counters; + } + ++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH; ++ if (copy_to_user(userptr + off ++ + offsetof(struct ipt_entry, ip.flags), ++ &flags, sizeof(flags)) != 0) { ++ ret = -EFAULT; ++ goto free_counters; ++ } ++ + for (i = sizeof(struct ipt_entry); + i < e->target_offset; + i += m->u.match_size) { diff --git a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch index 3dd114522ac1..d6c113aa3e10 100644 --- a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch @@ -119,3 +119,26 @@ /* For return from builtin chain */ back = get_entry(table_base, private->underflow[hook]); +@@ -978,6 +1017,7 @@ copy_entries_to_user(unsigned int total_ + unsigned int i; + const struct ipt_entry_match *m; + const struct ipt_entry_target *t; ++ u8 flags; + + e = (struct ipt_entry *)(loc_cpu_entry + off); + if (copy_to_user(userptr + off +@@ -988,6 +1028,14 @@ copy_entries_to_user(unsigned int total_ + goto free_counters; + } + ++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH; ++ if (copy_to_user(userptr + off ++ + offsetof(struct ipt_entry, ip.flags), ++ &flags, sizeof(flags)) != 0) { ++ ret = -EFAULT; ++ goto free_counters; ++ } ++ + for (i = sizeof(struct ipt_entry); + i < e->target_offset; + i += m->u.match_size) { diff --git a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch index 2f4c7a292284..a9eb1089f5f2 100644 --- a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch @@ -119,3 +119,26 @@ /* For return from builtin chain */ back = get_entry(table_base, private->underflow[hook]); +@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_ + unsigned int i; + const struct ipt_entry_match *m; + const struct ipt_entry_target *t; ++ u8 flags; + + e = (struct ipt_entry *)(loc_cpu_entry + off); + if (copy_to_user(userptr + off +@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_ + goto free_counters; + } + ++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH; ++ if (copy_to_user(userptr + off ++ + offsetof(struct ipt_entry, ip.flags), ++ &flags, sizeof(flags)) != 0) { ++ ret = -EFAULT; ++ goto free_counters; ++ } ++ + for (i = sizeof(struct ipt_entry); + i < e->target_offset; + i += m->u.match_size) { diff --git a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch index 69344a91fa5c..e99c6db4d1b5 100644 --- a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch @@ -119,3 +119,26 @@ /* For return from builtin chain */ back = get_entry(table_base, private->underflow[hook]); +@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_ + unsigned int i; + const struct ipt_entry_match *m; + const struct ipt_entry_target *t; ++ u8 flags; + + e = (struct ipt_entry *)(loc_cpu_entry + off); + if (copy_to_user(userptr + off +@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_ + goto free_counters; + } + ++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH; ++ if (copy_to_user(userptr + off ++ + offsetof(struct ipt_entry, ip.flags), ++ &flags, sizeof(flags)) != 0) { ++ ret = -EFAULT; ++ goto free_counters; ++ } ++ + for (i = sizeof(struct ipt_entry); + i < e->target_offset; + i += m->u.match_size) { diff --git a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch index 69344a91fa5c..e99c6db4d1b5 100644 --- a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch @@ -119,3 +119,26 @@ /* For return from builtin chain */ back = get_entry(table_base, private->underflow[hook]); +@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_ + unsigned int i; + const struct ipt_entry_match *m; + const struct ipt_entry_target *t; ++ u8 flags; + + e = (struct ipt_entry *)(loc_cpu_entry + off); + if (copy_to_user(userptr + off +@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_ + goto free_counters; + } + ++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH; ++ if (copy_to_user(userptr + off ++ + offsetof(struct ipt_entry, ip.flags), ++ &flags, sizeof(flags)) != 0) { ++ ret = -EFAULT; ++ goto free_counters; ++ } ++ + for (i = sizeof(struct ipt_entry); + i < e->target_offset; + i += m->u.match_size) {