[patch 01/45] netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack
From: Chris Wright
Date: Tue Mar 31 2009 - 19:22:09 EST
-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Mark H. Weaver <mhw@xxxxxxxxxx>
[ Upstream commit 534f81a5068799799e264fd162e9488a129f98d4 ]
This patch fixes an unaligned memory access in tcp_sack while reading
sequence numbers from TCP selective acknowledgement options. Prior to
applying this patch, upstream linux-2.6.27.20 was occasionally
generating messages like this on my sparc64 system:
[54678.532071] Kernel unaligned access at TPC[6b17d4] tcp_packet+0xcd4/0xd00
Acked-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
net/netfilter/nf_conntrack_proto_tcp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -15,6 +15,7 @@
#include <linux/skbuff.h>
#include <linux/ipv6.h>
#include <net/ip6_checksum.h>
+#include <asm/unaligned.h>
#include <net/tcp.h>
@@ -466,7 +467,7 @@ static void tcp_sack(const struct sk_buf
for (i = 0;
i < (opsize - TCPOLEN_SACK_BASE);
i += TCPOLEN_SACK_PERBLOCK) {
- tmp = ntohl(*((__be32 *)(ptr+i)+1));
+ tmp = get_unaligned_be32((__be32 *)(ptr+i)+1);
if (after(tmp, *sack))
*sack = tmp;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/