On 2014年02月20日 17:59, Steffen Klassert wrote:

quoted

For now I think we should just refuse to do anything if someone tries
to configure ipsec with 32 bit tools on a 64 bit machine.

I'm fine with your point, and it would be a good choice to inform user about
this behavior other than just creating non-working SA and SP for user.


 From 873812ec0fe8738f476de58a217e58ec47665180 Mon Sep 17 00:00:00 2001
From: Fan Du <redacted>
Date: Tue, 25 Feb 2014 14:34:41 +0800
Subject: [PATCH net-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on
  64bits host

structure like xfrm_usersa_info or xfrm_userpolicy_info has different sizeof
when compiled as 32bits and 64bits due to not appending pack attribute in
their definition. This will result in broken SA and SP information when user
trying to configure them through netlink interface.

Before forging a compatibility layer like we have it for system calls to map
this correct. Inform user land about this situation instead of keeping silent,
then the upper test scripts could behave accordingly.

Signed-off-by: Fan Du <redacted>
---
  net/xfrm/xfrm_user.c |    4 ++++
  1 file changed, 4 insertions(+)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1ae3ec7..0249712 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c

@@ -2347,6 +2347,10 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
  	const struct xfrm_link *link;
  	int type, err;

+#ifdef CONFIG_COMPAT
+	if (is_compat_task())
+		return -EPERM;