if_tap unaligned access problem

Mon May 2 09:39:18 PDT 2005

Hello,

>>>>>>i think we have few options here:
>>>>>>
>>>>>>1) revert back original tapwrite function that was changed in v. 
>>>>>>1.48 and set offset to 2 bytes in top mbuf
>>>>>>
>>>>>>2) change current version of tapwrite so it would m_prepend and 
>>>>>>m_pullup mbuf after m_uiotombuf
>>>>>>
>>>>>>3) change m_uiotombuf to accept one more parameter - mbuf offset at 
>>>>>>which data should be copied. there are not that many users of 
>>>>>>m_uiotombuf
>>
>>please find and review the attached patch (untested) that implements 
>>option (3) above.

any objections to the attached (revised) patch? can i commit it?

thanks,
max
-------------- next part --------------
Index: sys/kern/uipc_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v
retrieving revision 1.147
diff -u -r1.147 uipc_mbuf.c

--- sys/kern/uipc_mbuf.c	17 Mar 2005 19:34:57 -0000	1.147
+++ sys/kern/uipc_mbuf.c	2 May 2005 16:33:41 -0000
@@ -1333,7 +1333,7 @@
 #endif
 
 struct mbuf *
-m_uiotombuf(struct uio *uio, int how, int len)
+m_uiotombuf(struct uio *uio, int how, int len, int align)
 {
 	struct mbuf *m_new = NULL, *m_final = NULL;
 	int progress = 0, error = 0, length, total;
@@ -1342,12 +1342,15 @@
 		total = min(uio->uio_resid, len);
 	else
 		total = uio->uio_resid;
-	if (total > MHLEN)
+	if (align >= MHLEN)
+		goto nospace;
+	if (total + align > MHLEN)
 		m_final = m_getcl(how, MT_DATA, M_PKTHDR);
 	else
 		m_final = m_gethdr(how, MT_DATA);
 	if (m_final == NULL)
 		goto nospace;
+	m_final->m_data += align;
 	m_new = m_final;
 	while (progress < total) {
 		length = total - progress;
Index: sys/kern/uipc_syscalls.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.219
diff -u -r1.219 uipc_syscalls.c
--- sys/kern/uipc_syscalls.c	16 Apr 2005 18:46:28 -0000	1.219
+++ sys/kern/uipc_syscalls.c	2 May 2005 16:33:41 -0000
@@ -1796,7 +1796,7 @@
 			hdr_uio->uio_td = td;
 			hdr_uio->uio_rw = UIO_WRITE;
 			if (hdr_uio->uio_resid > 0) {
-				m_header = m_uiotombuf(hdr_uio, M_DONTWAIT, 0);
+				m_header = m_uiotombuf(hdr_uio, M_DONTWAIT, 0, 0);
 				if (m_header == NULL)
 					goto done;
 				headersize = m_header->m_pkthdr.len;
Index: sys/net/if_tap.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_tap.c,v
retrieving revision 1.52
diff -u -r1.52 if_tap.c
--- sys/net/if_tap.c	13 Apr 2005 00:30:19 -0000	1.52
+++ sys/net/if_tap.c	2 May 2005 16:33:41 -0000
@@ -827,7 +827,7 @@
 		return (EIO);
 	}
 
-	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL) {
+	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, ETHER_ALIGN)) == NULL) {
 		ifp->if_ierrors ++;
 		return (error);
 	}
Index: sys/net/if_tun.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_tun.c,v
retrieving revision 1.149
diff -u -r1.149 if_tun.c
--- sys/net/if_tun.c	31 Mar 2005 12:19:44 -0000	1.149
+++ sys/net/if_tun.c	2 May 2005 16:33:41 -0000
@@ -761,7 +761,7 @@
 		return (EIO);
 	}
 
-	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL) {
+	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, 0)) == NULL) {
 		ifp->if_ierrors++;
 		return (error);
 	}
Index: sys/netgraph/ng_device.c
===================================================================
RCS file: /home/ncvs/src/sys/netgraph/ng_device.c,v
retrieving revision 1.20
diff -u -r1.20 ng_device.c
--- sys/netgraph/ng_device.c	14 Mar 2005 16:02:53 -0000	1.20
+++ sys/netgraph/ng_device.c	2 May 2005 16:33:41 -0000
@@ -466,7 +466,7 @@
 	if (uio->uio_resid < 0 || uio->uio_resid > IP_MAXPACKET)
 		return (EIO);
 
-	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL)
+	if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, 0)) == NULL)
 		return (ENOBUFS);
 
 	NG_SEND_DATA_ONLY(error, priv->hook, m);
Index: sys/sys/mbuf.h
===================================================================
RCS file: /home/ncvs/src/sys/sys/mbuf.h,v
retrieving revision 1.169
diff -u -r1.169 mbuf.h
--- sys/sys/mbuf.h	17 Mar 2005 19:34:57 -0000	1.169
+++ sys/sys/mbuf.h	2 May 2005 16:33:41 -0000
@@ -582,7 +582,7 @@
 struct	mbuf	*m_pulldown(struct mbuf *, int, int, int *);
 struct	mbuf	*m_pullup(struct mbuf *, int);
 struct	mbuf	*m_split(struct mbuf *, int, int);
-struct	mbuf	*m_uiotombuf(struct uio *, int, int);
+struct	mbuf	*m_uiotombuf(struct uio *, int, int, int);
 
 /*-
  * Network packets may have annotations attached by affixing a list
