linux-morello June 2024

linux-morello@op-lists.linaro.org

2 participants
2 discussions

[PATCH] ebtables: Add ifdefs for PCuABI.

by Joshua Lant

Check for PCuABI and modify function declarations accordingly, changing user** into * __capability * __capability. Signed-off-by: Joshua Lant joshualant(a)gmail.com --- net/bridge/netfilter/ebtables.c | 39 +++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 99d82676f780..b9f9301f2699 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1633,8 +1633,14 @@ static int ebt_compat_match_offset(const struct xt_match *match, return xt_compat_match_offset(match); } -static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr, +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_match_to_user(struct ebt_entry_match *m, + void *__capability *__capability dstptr, unsigned int *size) +#else +static int compat_match_to_user(struct ebt_entry_match *m, void __user *__user *dstptr, + unsigned int *size) +#endif { const struct xt_match *match = m->u.match; struct compat_ebt_entry_mwt __user *cm = *dstptr; @@ -1664,9 +1670,15 @@ static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr, return 0; } +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_target_to_user(struct ebt_entry_target *t, + void *__capability *__capability dstptr, + unsigned int *size) +#else static int compat_target_to_user(struct ebt_entry_target *t, - void __user **dstptr, - unsigned int *size) + void __user *__user *dstptr, + unsigned int *size) +#endif { const struct xt_target *target = t->u.target; struct compat_ebt_entry_mwt __user *cm = *dstptr; @@ -1696,16 +1708,29 @@ static int compat_target_to_user(struct ebt_entry_target *t, return 0; } + +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_watcher_to_user(struct ebt_entry_watcher *w, + void *__capability *__capability dstptr, + unsigned int *size) +#else static int compat_watcher_to_user(struct ebt_entry_watcher *w, - void __user **dstptr, - unsigned int *size) + void __user *__user *dstptr, + unsigned int *size) +#endif { return compat_target_to_user((struct ebt_entry_target *)w, dstptr, size); } -static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr, - unsigned int *size) +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_copy_entry_to_user(struct ebt_entry *e, + void *__capability *__capability dstptr, + unsigned int *size) +#else +static int compat_copy_entry_to_user(struct ebt_entry *e, void __user *__user *dstptr, + unsigned int *size) +#endif { struct ebt_entry_target *t; struct ebt_entry __user *ce; -- 2.25.1

3 weeks, 4 days

[linux-morello][PATCH 0/2] morello: enable wireguard

by Joshua Lant

Hi, This series of patches enables the use of the Wireguard VPN and all assocaited tools required for running wireguard-tools' test script. Wireguard's test script (netns.sh) runs to completion using purecap compiled: wireguard-tools, iproute2, iputils (ping/ping6), iptables, nftables, libnftnl, libmnl, libelf, argp-standalone, musl-obstack, fts, libjansson. Packages used in netns.sh currently not tested in purecap: ncat, iperf3. The bulk of the changes required are additions to the kernel config, with a fix for a bug found in iptables. There is an alignment issue at the user/kernel boundary in xtables with capabilities, encountered in the macro XT_ALIGN, used in the function xt_check_target (with the resulting message indicating size of (kernel) and (user) not matching). This bug occurs when running certain iptables commands in the test script. e.g. iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1 This is my first patch to the kernel so please forgive me if anything is drastically wrong. I have tried to follow the format of others on here... Cheers, Joshua Lant Joshua Lant (2): morello: enable wireguard kernel config xtables: fix alignment issue .../morello_transitional_pcuabi_defconfig | 23 +++++++++++++++++++ include/uapi/linux/netfilter/x_tables.h | 1 + 2 files changed, 24 insertions(+) -- 2.25.1

2 months, 2 weeks

2024

2023

2022

linux-morello June 2024