[PATCH] USB gadget rndis: fix bug skb_push function may return anunaligned pointer bug
From: Wu, Bryan
Date: Wed Apr 04 2007 - 02:29:05 EST
USB gadget rndis: skb_push function may return a pointer which is not
aligned as required by struct rndis_packet_msg_type.
Signed-off-by: Bryan Wu <bryan.wu@xxxxxxxxxx>
---
drivers/usb/gadget/rndis.c | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/gadget/rndis.c b/drivers/usb/gadget/rndis.c
index 6ec8cf1..48335bb 100644
--- a/drivers/usb/gadget/rndis.c
+++ b/drivers/usb/gadget/rndis.c
@@ -1211,18 +1211,23 @@ int rndis_set_param_medium (u8 configNr, u32 medium, u32 speed)
return 0;
}
+/* The pointer of header is not aligned, it will cause alignment exception.
+ * Use a temporary variable to avoid it.
+ */
void rndis_add_hdr (struct sk_buff *skb)
{
- struct rndis_packet_msg_type *header;
+ void *buf;
+ struct rndis_packet_msg_type *header;
if (!skb)
return;
- header = (void *) skb_push (skb, sizeof *header);
- memset (header, 0, sizeof *header);
- header->MessageType = __constant_cpu_to_le32(REMOTE_NDIS_PACKET_MSG);
- header->MessageLength = cpu_to_le32(skb->len);
- header->DataOffset = __constant_cpu_to_le32 (36);
- header->DataLength = cpu_to_le32(skb->len - sizeof *header);
+ buf = (void *) skb_push (skb, sizeof *header);
+ memset (buf, 0, sizeof *header);
+ header = (struct rndis_packet_msg_type *)buf;
+ put_unaligned(__constant_cpu_to_le32(REMOTE_NDIS_PACKET_MSG), &header->MessageType);
+ put_unaligned(cpu_to_le32(skb->len), &header->MessageLength);
+ put_unaligned(__constant_cpu_to_le32(36), &header->DataOffset);
+ put_unaligned(cpu_to_le32(skb->len - sizeof *header), &header->DataLength);
}
void rndis_free_response (int configNr, u8 *buf)
--
1.5.0.5
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/