On Wednesday 2024-08-07 16:36, josh lant wrote: > >I am trying to build for the Morello architecture, which uses >hardware-based capabilities for memory safety, effectively extending >pointer size to 128b, with 64b address and then added bounds/type >information etc in the upper 64b. > >TL;DR- The uapi structures used in iptables which hold kernel pointers >are not compatible with the ABI of Linux on the Morello architecture, >since currently kernel pointers are 64b, but in userspace a * declares >a capability of size 128b. This causes a discrepancy between what the >kernel expects and what is provided inside some of the netlink >messages I would think something like that would fall under the CONFIG_COMPAT umbrella. net/netfilter/xt_limit.c: .compatsize = sizeof(struct compat_xt_rateinfo), net/netfilter/xt_limit.c: .compat_from_user = limit_mt_compat_from_user, net/netfilter/xt_limit.c: .compat_to_user = limit_mt_compat_to_user, >I suppose I am generally confused about why iptables uses its own >bespoke versions of kernel headers in its source Because it is not guaranteed that the .h files exist anywhere else in the system. The kernel may even have removed extensions, but there is the concept that modern iptables ought to be able to run on old kernels with those long-removed extensions.
