From patchwork Tue Feb 23 21:45:51 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Fietkau X-Patchwork-Id: 46100 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CC70EB7CE4 for ; Wed, 24 Feb 2010 08:46:12 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754103Ab0BWVqH (ORCPT ); Tue, 23 Feb 2010 16:46:07 -0500 Received: from nbd.name ([88.198.39.176]:43343 "EHLO ds10.nbd.name" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754023Ab0BWVqG (ORCPT ); Tue, 23 Feb 2010 16:46:06 -0500 Message-ID: <4B844C8F.2060908@openwrt.org> Date: Tue, 23 Feb 2010 22:45:51 +0100 From: Felix Fietkau User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: David Miller CC: ddaney@caviumnetworks.com, eric.dumazet@gmail.com, netdev@vger.kernel.org, buytenh@wantstofly.org Subject: [PATCH v3] skbuff: align sk_buff::cb to 64 bit and close some potential holes References: <1264835220.2919.10.camel@edumazet-laptop> <4B671CEB.5080505@caviumnetworks.com> <4B671F79.8090808@openwrt.org> <20100212.121306.225788982.davem@davemloft.net> In-Reply-To: <20100212.121306.225788982.davem@davemloft.net> X-Enigmail-Version: 1.0.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The alignment requirement for 64-bit load/store instructions on ARM is implementation defined. Some CPUs (such as Marvell Feroceon) do not generate an exception, if such an instruction is executed with an address that is not 64 bit aligned. In such a case, the Feroceon corrupts adjacent memory, which showed up in my tests as a crash in the rx path of ath9k that only occured with CONFIG_XFRM set. This crash happened, because the first field of the mac80211 rx status info in the cb is an u64, and changing it corrupted the skb->sp field. This patch also closes some potential pre-existing holes in the sk_buff struct surrounding the cb[] area. Signed-off-by: Felix Fietkau Cc: stable@kernel.org --- sorry that it took so long for me to post this, i completely forgot about it, as I had other things to take care of ;) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -315,22 +315,23 @@ struct sk_buff { struct sk_buff *next; struct sk_buff *prev; - struct sock *sk; ktime_t tstamp; + + struct sock *sk; struct net_device *dev; - unsigned long _skb_dst; -#ifdef CONFIG_XFRM - struct sec_path *sp; -#endif /* * This is the control buffer. It is free to use for every * layer. Please put your private variables there. If you * want to keep them across layers you have to do a skb_clone() * first. This is owned by whoever has the skb queued ATM. */ - char cb[48]; + char cb[48] __aligned(8); + unsigned long _skb_dst; +#ifdef CONFIG_XFRM + struct sec_path *sp; +#endif unsigned int len, data_len; __u16 mac_len,