[net] tuntap: properly align skb->head before building skb
diff mbox series

Message ID 1509020155-3830-1-git-send-email-jasowang@redhat.com
State New, archived
Headers show
Series
  • [net] tuntap: properly align skb->head before building skb
Related show

Commit Message

Jason Wang Oct. 26, 2017, 12:15 p.m. UTC
An unaligned alloc_frag->offset caused by previous allocation will
result an unaligned skb->head. This will lead unaligned
skb_shared_info and then unaligned dataref which requires to be
aligned for accessing on some architecture. Fix this by aligning
alloc_frag->offset before the frag refilling.

Fixes: 0bbd7dad34f8 ("tun: make tun_build_skb() thread safe")
Cc: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Wei Wei <dotweiba@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Reported-by: Wei Wei <dotweiba@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
- The patch is needed for -stable.
- Wei, can you try this patch to see if it solves your issue?
---
 drivers/net/tun.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Eric Dumazet Oct. 26, 2017, 2:11 p.m. UTC | #1
On Thu, Oct 26, 2017 at 5:15 AM, Jason Wang <jasowang@redhat.com> wrote:
> An unaligned alloc_frag->offset caused by previous allocation will
> result an unaligned skb->head. This will lead unaligned
> skb_shared_info and then unaligned dataref which requires to be
> aligned for accessing on some architecture. Fix this by aligning
> alloc_frag->offset before the frag refilling.
>
> Fixes: 0bbd7dad34f8 ("tun: make tun_build_skb() thread safe")
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
> Cc: Wei Wei <dotweiba@gmail.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Reported-by: Wei Wei <dotweiba@gmail.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> - The patch is needed for -stable.
> - Wei, can you try this patch to see if it solves your issue?
> ---
>  drivers/net/tun.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index b9973fb..60e44f2 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -1286,6 +1286,7 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
>         buflen += SKB_DATA_ALIGN(len + pad);
>         rcu_read_unlock();
>
> +       alloc_frag->offset = ALIGN((u64)alloc_frag->offset, TUN_RX_PAD);

You have to align to one cache line (SMP_CACHE_BYTES), or SKB_DATA_ALIGN(1)

Then eventually use skb_reserve() for NET_IP_ALIGN, but I guess it is
already done.
Jason Wang Oct. 27, 2017, 3:03 a.m. UTC | #2
On 2017年10月26日 22:11, Eric Dumazet wrote:
> On Thu, Oct 26, 2017 at 5:15 AM, Jason Wang <jasowang@redhat.com> wrote:
>> An unaligned alloc_frag->offset caused by previous allocation will
>> result an unaligned skb->head. This will lead unaligned
>> skb_shared_info and then unaligned dataref which requires to be
>> aligned for accessing on some architecture. Fix this by aligning
>> alloc_frag->offset before the frag refilling.
>>
>> Fixes: 0bbd7dad34f8 ("tun: make tun_build_skb() thread safe")
>> Cc: Eric Dumazet <edumazet@google.com>
>> Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
>> Cc: Wei Wei <dotweiba@gmail.com>
>> Cc: Dmitry Vyukov <dvyukov@google.com>
>> Cc: Mark Rutland <mark.rutland@arm.com>
>> Reported-by: Wei Wei <dotweiba@gmail.com>
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>> - The patch is needed for -stable.
>> - Wei, can you try this patch to see if it solves your issue?
>> ---
>>   drivers/net/tun.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
>> index b9973fb..60e44f2 100644
>> --- a/drivers/net/tun.c
>> +++ b/drivers/net/tun.c
>> @@ -1286,6 +1286,7 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
>>          buflen += SKB_DATA_ALIGN(len + pad);
>>          rcu_read_unlock();
>>
>> +       alloc_frag->offset = ALIGN((u64)alloc_frag->offset, TUN_RX_PAD);
> You have to align to one cache line (SMP_CACHE_BYTES), or SKB_DATA_ALIGN(1)

Oh right.

> Then eventually use skb_reserve() for NET_IP_ALIGN, but I guess it is
> already done.

Yes.

Thanks

Patch
diff mbox series

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index b9973fb..60e44f2 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1286,6 +1286,7 @@  static struct sk_buff *tun_build_skb(struct tun_struct *tun,
 	buflen += SKB_DATA_ALIGN(len + pad);
 	rcu_read_unlock();
 
+	alloc_frag->offset = ALIGN((u64)alloc_frag->offset, TUN_RX_PAD);
 	if (unlikely(!skb_page_frag_refill(buflen, alloc_frag, GFP_KERNEL)))
 		return ERR_PTR(-ENOMEM);