Date: Wed, 31 May 2023 22:36:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-arm@FreeBSD.org Subject: [Bug 271759] [panic] [usb] [if_ure] unaligned access Message-ID: <bug-271759-7@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271759 Bug ID: 271759 Summary: [panic] [usb] [if_ure] unaligned access Product: Base System Version: 13.2-STABLE Hardware: arm OS: Any Status: New Severity: Affects Some People Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: freebsd@darkain.com https://github.com/freebsd/freebsd-src/blob/main/sys/dev/usb/net/if_ure.c#L= L616C1-L617C24 ure_makembuf() has the following code: /* uether_newbuf does this. */ m_adj(m, ETHER_ALIGN); based on that comment, it looks like someone copied m_adj() over because the base usb ethernet driver has it, without really testing it or setting up the mbuf correctly. when m_adj is called here, m->m_len is 0 at this point so the call to m_adj= () does nothing. because of this, the data is never shifted by 2 bytes, causing an unaligned access to the IP headers when byte swapping later in the stack when convert= ing from network-order to host-order, causing a panic on 32-bit ARM systems. NOTE: virtio-net has a similar unaligned access issue, however that driver isn't calling m_adj() at all it looks like. This is referenced over in: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271288 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271759-7>