On Wed, Feb 14, 2018 at 5:54 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > IPSEC doesn't work with a 64bit kernel and 32bit userspace right now. > > > > > > Back in 2015 someone started to work on that, and properly marked that > > > the kernel could not handle this with commit 74005991b78a ("xfrm: Do not > > > parse 32bits compiled xfrm netlink msg on 64bits host") > > > > > > This is starting to be hit by some Android systems that are moving > > > (yeah, slowly) to 4.4 :( > > > > Does anybody have test-programs/harnesses for this? > > Lorenzo (now on the To: line), is the one that I think is looking into > this, and should have some sort of test for it. Lorenzo? Sorry for the late reply here. The issue is that the xfrm uapi structs don't specify padding at the end, so they're a different size on 32-bit and 64-bit archs. This by itself would be fine, as the kernel could just ignore the (lack of) padding. But some of these structs contain others (e.g., xfrm_userspi_info contains xfrm_usersa_info), and in that case the whole layout after the contained struct is different. On another thread Florian pointed out that he once wrote a patch to fix this - https://patchwork.ozlabs.org/patch/45855/ . Florian, think you could revive that? -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>