[Bug 271759] [panic] [usb] [if_ure] unaligned access
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 31 May 2023 22:36:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271759 Bug ID: 271759 Summary: [panic] [usb] [if_ure] unaligned access Product: Base System Version: 13.2-STABLE Hardware: arm OS: Any Status: New Severity: Affects Some People Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: freebsd@darkain.com https://github.com/freebsd/freebsd-src/blob/main/sys/dev/usb/net/if_ure.c#LL616C1-L617C24 ure_makembuf() has the following code: /* uether_newbuf does this. */ m_adj(m, ETHER_ALIGN); based on that comment, it looks like someone copied m_adj() over because the base usb ethernet driver has it, without really testing it or setting up the mbuf correctly. when m_adj is called here, m->m_len is 0 at this point so the call to m_adj() does nothing. because of this, the data is never shifted by 2 bytes, causing an unaligned access to the IP headers when byte swapping later in the stack when converting from network-order to host-order, causing a panic on 32-bit ARM systems. NOTE: virtio-net has a similar unaligned access issue, however that driver isn't calling m_adj() at all it looks like. This is referenced over in: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271288 -- You are receiving this mail because: You are the assignee for the bug.