Received: by 10.223.185.116 with SMTP id b49csp2297350wrg; Thu, 15 Feb 2018 09:26:08 -0800 (PST) X-Google-Smtp-Source: AH8x225wtjta0wPdtVmHXwjcV73tGrf/XM06Jj+KbjbqT5t1syAMoHd9TS1V3VKyekxR7egi3yEO X-Received: by 10.99.126.19 with SMTP id z19mr2764524pgc.108.1518715568868; Thu, 15 Feb 2018 09:26:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518715568; cv=none; d=google.com; s=arc-20160816; b=oQP4FzokbZjqLG/qqjKlSiZpRgJB2mSn82pidfG17EDdP0sDru+6Ceu/XGSSFp1c6o wHC4NJui/qZ6JEzMdhRhfRkR5VtrR3G8AEzlOHPDz2O566oYXDsCRUd+K/FmUuVyMUng KygRFsorm3bnm8JAAYH1yz6UWpNDcJ64EBxRvGRVE5WocIKwc00IZ7aIFksIWBrcv2l2 T9jpiTutwsWONXtLMo3gTmlt03R783HBnFDYFBAxtlkRCoq52psJh36DQP/mef3nBY5r 6PIKT84jEY1hmEQK4q78R2pSJmSnVE/gn4LD+FmT63ZwO8txhD/gFSSdIU8yOFfs+mX1 LYZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=XHsWDNZ5qgNJ/+5EXR/BZZRGlG43orfkCjY4EjuvOXs=; b=NyTMUZDfP4hk1vkhlWdk5gcU9eb8MZG0uJU6sc0mFiydfGqCXhPyhqqSMq/aMbDnsu 1vSlehkXjdDhr24f3u6IfunjHJw6j4werZziLrWyrRM/9bmNwpX6v9o37P+z0GlZ5Vjt qrUuA3hTUBGwWM3irBNODGpNZs469YltiUJBuuakwiojw1T9ZZvVTTuR+0t9Byd+0dkf jpW8lJQ/2N1I8Jki8ORBImObJgrkoxWI+qEcHKPnkwROsDomyQFRhUE1jNYv12R5B0Fo ZFE/tY4yETQaPBgMhxFDeaU0X2lAelRrq11hyFt9+dQtLPf/ntOhQbLmbAsHNdVticSh 13dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dKVEEIfB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si1085304pll.717.2018.02.15.09.25.53; Thu, 15 Feb 2018 09:26:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dKVEEIfB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1427300AbeBORYm (ORCPT + 99 others); Thu, 15 Feb 2018 12:24:42 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:54018 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1427286AbeBORYj (ORCPT ); Thu, 15 Feb 2018 12:24:39 -0500 Received: by mail-wm0-f67.google.com with SMTP id t74so2248836wme.3 for ; Thu, 15 Feb 2018 09:24:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XHsWDNZ5qgNJ/+5EXR/BZZRGlG43orfkCjY4EjuvOXs=; b=dKVEEIfBO2JdxS88N+aPT3fZXdihCCUl35NT0hMG5YgCZi6NEgQMZs1clBV7u7mb5j JfG1+NRBpu0Vw5Qr+MvDl5ObyNAY8njJaZD/wwpMV1M1QP2P+jS3iFAwvOEy47gMUfdx VriG1QMHZVZrRk9jhXjVPZ6qqWeuVZPjVTWszLozkWCzdWR6j5tRK8gM0LPguYGVdtvK 5gMfbjvVI1vExN/ZgFghO6Zy7D6SK0YR3ks8ibhDhrWxnDAgZvNLuydKlWeuA3yjOooQ GpOCJG1nnN38vlnh4dTQDfWKZJ0Pq7k8zdHAn+kEgG07UBjRBJ2IpfXv3yYuZLDAYG2U /LsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XHsWDNZ5qgNJ/+5EXR/BZZRGlG43orfkCjY4EjuvOXs=; b=MxnBdB83Keniiqy4nqwv5deLQG3q1BePII/Xz5/6VUxKhtMEaHMVqW5yebL9dSnOco 5JEQI5foslIxL4tNBo7P9PPSV0JggLaMWcywew7WT6vGx4QaePsAuzvaUlrSit5BeeNl bwy6h9eYriWmaE8mY/DecjYbg9l3kYD2RWkHGIqXowigZKnGj6XUG9Q9Xn01nE/wArLl +FjLTeLN5JXZeSCAcjJl/Ql4r8YNgv2F0LQmr7V1O30oGMepkCYd88EQQXSY6jRgq4l9 mmtE2bPAlpbQ/GAVgSIocgaL/0Gyzw7Ih8UsRxqXZrTRy4NzOGOnwAVXqWFBX01XtmSd 3oEA== X-Gm-Message-State: APf1xPDX8m+e5/8SSpEKyyGrV5ItUJZL8G0WecbD4vR5a3UmFDOVJXrs uagRGrdZQPLJZ5P+aLrkGX3nXBm9RyyPbcn8aLn3K9MGVL4= X-Received: by 10.28.154.67 with SMTP id c64mr2896091wme.125.1518715477428; Thu, 15 Feb 2018 09:24:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.147.15 with HTTP; Thu, 15 Feb 2018 09:24:36 -0800 (PST) In-Reply-To: References: <20180215170432.e4wue4osyv3vmdla@lakrids.cambridge.arm.com> From: Eric Dumazet Date: Thu, 15 Feb 2018 09:24:36 -0800 Message-ID: Subject: Re: v4.16-rc1 misaligned atomics in skb__clone / __napi_alloc_skb To: Mark Rutland Cc: netdev , LKML , David Miller , Willem de Bruijn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 15, 2018 at 9:20 AM, Eric Dumazet wrote: > > Yes, it seems tun.c breaks the assumptions. > > If it really wants to provide arbitrary fragments and alignments, it > should use a separate Sorry, I have sent the message to soon. tun.c should use a private 'struct page_frag_cache' to deliver arbitrary frags/alignments, so that syzkaller might catch interesting bugs in the stack. > > Please try : > > diff --git a/drivers/net/tun.c b/drivers/net/tun.c > index 81e6cc951e7fc7c983919365c34842c34bcaedcf..92c6b6d02f7c18b63c42ffe1d9cb7286975e1263 > 100644 > --- a/drivers/net/tun.c > +++ b/drivers/net/tun.c > @@ -1500,7 +1500,7 @@ static struct sk_buff > *tun_napi_alloc_frags(struct tun_file *tfile, > } > > local_bh_disable(); > - data = napi_alloc_frag(fragsz); > + data = napi_alloc_frag(SKB_DATA_ALIGN(fragsz)); > local_bh_enable(); > if (!data) { > err = -ENOMEM; This patch should solve your immediate problem, but would lower fuzzer abilities to find bugs. I will send something more suited to original intent of these commits : 90e33d45940793def6f773b2d528e9f3c84ffdc7 tun: enable napi_gro_frags() for TUN/TAP driver 943170998b200190f99d3fe7e771437e2c51f319 tun: enable NAPI for TUN/TAP driver