[PATCH] lan78xx: fix ip header misalignment

["Yuriy M. Kaminskiy" <yumkam@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1315 bytes --]

lan78xx.c:rx_submit() allocates space for frame-to-be-received with 
netdev_alloc_skb_ip_align(), which misalign start of buffer by 2 bytes 
in expectation that frame will start from 14-byte ethernet header, then 
ip header; if start of buffer misaligned by 2 bytes, ip header will be 
16-byte aligned.

Unfortunately, usb frame that is sent by lan78xx starts with another 
10-byte header (lan78xx_rx(): rx_cmd_a/rx_cmd_b/rx_cmd_c), *then* 
follows ethernet header, and *then* ip header (which ends up being 
misaligned).

This issue was observed on arm platform (where misaligned 32-bit word 
access triggers exception and leaves traces in /proc/cpu/alignment, see
https://github.com/raspberrypi/linux/issues/2599 ; for me, about any 
ipv6 traffic that hits machine - `ping -I eth0 ip6-allnodes`, tcp/udp 
packets, etc triggered increase in this counter, with 
ip6_datagram_recv_common_ctl, icmpv6_echo_reply, etc as culprit).

If we just allocate skb data without any misalignment tricks, ip header 
will end up and at offset 24 (8-byte aligned).

Patch attached; runtime-tested with raspbian fork of stable/4.14.y 
[4.14.92] on Raspberry pi 3B+ (it is slightly different from mainline, 
but patch should not have any conflicts, all affected code is pretty same).

P.S. I'm not subscribed, please CC me on reply.

[-- Attachment #2: 0001-lan78xx-fix-ip-header-misalignment.patch --]
[-- Type: text/x-patch, Size: 991 bytes --]

From 2bd6b0a11e222be2df97da948924c71bf13d7192 Mon Sep 17 00:00:00 2001
From: "Yuriy M. Kaminskiy" <yumkam@gmail.com>
Date: Mon, 21 Jan 2019 02:51:24 +0300
Subject: [PATCH] lan78xx: fix ip header misalignment

As lan78xx prepends 10-byte header before ether_hdr, skb->data
misalignment trick by netdev_alloc_skb_ip_align() made things
worse (ip_hdr becomes always misaligned).

See https://github.com/raspberrypi/linux/issues/2599
---
 drivers/net/usb/lan78xx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
index 9b782cdf8..d64b0d3b8 100644
--- a/drivers/net/usb/lan78xx.c
+++ b/drivers/net/usb/lan78xx.c
@@ -3143,7 +3143,7 @@ static int rx_submit(struct lan78xx_net *dev, struct urb *urb, gfp_t flags)
 	size_t size = dev->rx_urb_size;
 	int ret = 0;
 
-	skb = netdev_alloc_skb_ip_align(dev->net, size);
+	skb = netdev_alloc_skb(dev->net, size);
 	if (!skb) {
 		usb_free_urb(urb);
 		return -ENOMEM;
-- 
2.11.0