diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2010-02-23 06:45:51 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-03-15 12:06:34 -0400 |
| commit | 7992f7313286abb36c49b65ad90a8b0c824e3a66 (patch) | |
| tree | 6b703b89e55207acb89e3c83c59f9f762f13782e /include | |
| parent | 709a1e560b23235706a504323aafc9f1a9a05eb6 (diff) | |
skbuff: align sk_buff::cb to 64 bit and close some potential holes
commit da3f5cf1f8ebb0fab5c5fd09adb189166594ad6c upstream.
The alignment requirement for 64-bit load/store instructions on ARM is
implementation defined. Some CPUs (such as Marvell Feroceon) do not
generate an exception, if such an instruction is executed with an
address that is not 64 bit aligned. In such a case, the Feroceon
corrupts adjacent memory, which showed up in my tests as a crash in the
rx path of ath9k that only occured with CONFIG_XFRM set.
This crash happened, because the first field of the mac80211 rx status
info in the cb is an u64, and changing it corrupted the skb->sp field.
This patch also closes some potential pre-existing holes in the sk_buff
struct surrounding the cb[] area.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/skbuff.h | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index ae836fded530..ec226a2156a6 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -315,22 +315,23 @@ struct sk_buff { | |||
| 315 | struct sk_buff *next; | 315 | struct sk_buff *next; |
| 316 | struct sk_buff *prev; | 316 | struct sk_buff *prev; |
| 317 | 317 | ||
| 318 | struct sock *sk; | ||
| 319 | ktime_t tstamp; | 318 | ktime_t tstamp; |
| 319 | |||
| 320 | struct sock *sk; | ||
| 320 | struct net_device *dev; | 321 | struct net_device *dev; |
| 321 | 322 | ||
| 322 | unsigned long _skb_dst; | ||
| 323 | #ifdef CONFIG_XFRM | ||
| 324 | struct sec_path *sp; | ||
| 325 | #endif | ||
| 326 | /* | 323 | /* |
| 327 | * This is the control buffer. It is free to use for every | 324 | * This is the control buffer. It is free to use for every |
| 328 | * layer. Please put your private variables there. If you | 325 | * layer. Please put your private variables there. If you |
| 329 | * want to keep them across layers you have to do a skb_clone() | 326 | * want to keep them across layers you have to do a skb_clone() |
| 330 | * first. This is owned by whoever has the skb queued ATM. | 327 | * first. This is owned by whoever has the skb queued ATM. |
| 331 | */ | 328 | */ |
| 332 | char cb[48]; | 329 | char cb[48] __aligned(8); |
| 333 | 330 | ||
| 331 | unsigned long _skb_dst; | ||
| 332 | #ifdef CONFIG_XFRM | ||
| 333 | struct sec_path *sp; | ||
| 334 | #endif | ||
| 334 | unsigned int len, | 335 | unsigned int len, |
| 335 | data_len; | 336 | data_len; |
| 336 | __u16 mac_len, | 337 | __u16 mac_len, |