pending-4.9: 610-netfilter_match_bypass_default_check: fix 32bit compat layer

Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>

diff --git a/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch
index de17074019e42dd0b1404f4e87c812b61d850cf4..6e653ef881963ee73ea9b7ddad215ceea34b95a8 100644 (file)
--- a/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch
+++ b/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch
@@ -76,11 +76,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
        counters = alloc_counters(table);
        if (IS_ERR(counters))
-@@ -850,6 +879,14 @@ copy_entries_to_user(unsigned int total_
-                       ret = -EFAULT;
+@@ -851,6 +880,14 @@ copy_entries_to_user(unsigned int total_
                        goto free_counters;
                }
-+
+ 
 +              flags = e->ip.flags & IPT_F_MASK;
 +              if (copy_to_user(userptr + off
 +                               + offsetof(struct ipt_entry, ip.flags),
@@ -88,6 +87,24 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +                      ret = -EFAULT;
 +                      goto free_counters;
 +              }
- 
++
                for (i = sizeof(struct ipt_entry);
                     i < e->target_offset;
+                    i += m->u.match_size) {
+@@ -1240,12 +1277,15 @@ compat_copy_entry_to_user(struct ipt_ent
+       compat_uint_t origsize;
+       const struct xt_entry_match *ematch;
+       int ret = 0;
++      u8 flags = e->ip.flags & IPT_F_MASK;
+ 
+       origsize = *size;
+       ce = (struct compat_ipt_entry __user *)*dstptr;
+       if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
+           copy_to_user(&ce->counters, &counters[i],
+-          sizeof(counters[i])) != 0)
++          sizeof(counters[i])) != 0 ||
++          copy_to_user(&ce->ip.flags, &flags,
++          sizeof(flags)) != 0)
+               return -EFAULT;
+ 
+       *dstptr += sizeof(struct compat_ipt_entry);