From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail177-1.suw61.mandrillapp.com ([198.2.177.1]:6203 "EHLO mail177-1.suw61.mandrillapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751072AbcB2Wpc (ORCPT ); Mon, 29 Feb 2016 17:45:32 -0500 Received: from pmta06.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail177-1.suw61.mandrillapp.com id hqj50o22rtkn for ; Mon, 29 Feb 2016 22:45:14 +0000 (envelope-from ) From: Subject: Patch "tcp: beware of alignments in tcp_get_info()" has been added to the 4.4-stable tree To: , , Cc: , Message-Id: <145678591120882@kroah.com> Date: Mon, 29 Feb 2016 22:45:13 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled tcp: beware of alignments in tcp_get_info() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: tcp-beware-of-alignments-in-tcp_get_info.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From foo@baz Mon Feb 29 14:33:50 PST 2016 From: Eric Dumazet Date: Wed, 27 Jan 2016 10:52:43 -0800 Subject: tcp: beware of alignments in tcp_get_info() From: Eric Dumazet [ Upstream commit ff5d749772018602c47509bdc0093ff72acd82ec ] With some combinations of user provided flags in netlink command, it is possible to call tcp_get_info() with a buffer that is not 8-bytes aligned. It does matter on some arches, so we need to use put_unaligned() to store the u64 fields. Current iproute2 package does not trigger this particular issue. Fixes: 0df48c26d841 ("tcp: add tcpi_bytes_acked to tcp_info") Fixes: 977cb0ecf82e ("tcp: add pacing_rate information into tcp_info") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -279,6 +279,7 @@ #include #include +#include #include int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT; @@ -2637,6 +2638,7 @@ void tcp_get_info(struct sock *sk, struc const struct inet_connection_sock *icsk = inet_csk(sk); u32 now = tcp_time_stamp; unsigned int start; + u64 rate64; u32 rate; memset(info, 0, sizeof(*info)); @@ -2702,15 +2704,17 @@ void tcp_get_info(struct sock *sk, struc info->tcpi_total_retrans = tp->total_retrans; rate = READ_ONCE(sk->sk_pacing_rate); - info->tcpi_pacing_rate = rate != ~0U ? rate : ~0ULL; + rate64 = rate != ~0U ? rate : ~0ULL; + put_unaligned(rate64, &info->tcpi_pacing_rate); rate = READ_ONCE(sk->sk_max_pacing_rate); - info->tcpi_max_pacing_rate = rate != ~0U ? rate : ~0ULL; + rate64 = rate != ~0U ? rate : ~0ULL; + put_unaligned(rate64, &info->tcpi_max_pacing_rate); do { start = u64_stats_fetch_begin_irq(&tp->syncp); - info->tcpi_bytes_acked = tp->bytes_acked; - info->tcpi_bytes_received = tp->bytes_received; + put_unaligned(tp->bytes_acked, &info->tcpi_bytes_acked); + put_unaligned(tp->bytes_received, &info->tcpi_bytes_received); } while (u64_stats_fetch_retry_irq(&tp->syncp, start)); info->tcpi_segs_out = tp->segs_out; info->tcpi_segs_in = tp->segs_in; Patches currently in stable-queue which might be from edumazet@google.com are queue-4.4/ipv4-fix-memory-leaks-in-ip_cmsg_send-callers.patch queue-4.4/tcp-dccp-fix-another-race-at-listener-dismantle.patch queue-4.4/ipv6-fix-a-lockdep-splat.patch queue-4.4/ipv6-addrconf-fix-recursive-spin-lock-call.patch queue-4.4/tcp-do-not-drop-syn_recv-on-all-icmp-reports.patch queue-4.4/tcp-beware-of-alignments-in-tcp_get_info.patch queue-4.4/tcp-md5-release-request-socket-instead-of-listener.patch queue-4.4/gro-make-gro-aware-of-lightweight-tunnels.patch queue-4.4/tcp-fix-null-deref-in-tcp_v4_send_ack.patch queue-4.4/af_unix-fix-struct-pid-memory-leak.patch queue-4.4/net-add-sysctl_max_skb_frags.patch