Re: [PATCH] netfilter: Force fake conntrack entry to be at least 8 bytes aligned

From: Pablo Neira Ayuso
Date: Mon Mar 13 2017 - 08:34:11 EST

Next message: Russell King - ARM Linux: "Re: [PATCH v4 14/36] [media] v4l2-mc: add a function to inherit controls from a pipeline"
Previous message: SIMRAN SINGHAL: "Re: [PATCH] staging: iio: ade7753: replace mlock with driver private lock"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Force fake conntrack entry to be at least 8 bytes aligned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Mar 11, 2017 at 10:12:22AM +0100, Florian Westphal wrote:
> Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx> wrote:
> > Since the nfct and nfctinfo have been combined, the nf_conn structure
> > must be at least 8 bytes aligned, as the 3 LSB bits are used for the
> > nfctinfo. But there's a fake nf_conn structure to denote untracked
> > connections, which is created by a PER_CPU construct. This does not
> > guarantee that it will be 8 bytes aligned and can break the logic in
> > determining the correct nfctinfo.
> >
> > I triggered this on a 32bit machine with the following error:
> [..]
>
> Ugh. Originally I had planned to also submit followup changes
> to get rid of the untracked objects but that part got delayed.
>
> > By using DEFINE/DECLARE_PER_CPU_ALIGNED we can enforce at least 8 byte
> > alignment as all cache line sizes are at least 8 bytes or more.
>
> Thanks for fixing this!
>
> Acked-by: Florian Westphal <fw@xxxxxxxxx>

Applied, thanks.

Next message: Russell King - ARM Linux: "Re: [PATCH v4 14/36] [media] v4l2-mc: add a function to inherit controls from a pipeline"
Previous message: SIMRAN SINGHAL: "Re: [PATCH] staging: iio: ade7753: replace mlock with driver private lock"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Force fake conntrack entry to be at least 8 bytes aligned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]