From: Felix Fietkau Date: Mon, 8 Dec 2014 10:48:28 +0000 (+0000) Subject: ar71xx: fix invalid pointer accesses caused by unaligned access hacks (#18455) X-Git-Tag: reboot~5071 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=6327386aff53e15882188556a18550d2e386e145;p=openwrt%2Fstaging%2Fnoltari.git ar71xx: fix invalid pointer accesses caused by unaligned access hacks (#18455) Signed-off-by: Felix Fietkau SVN-Revision: 43560 --- diff --git a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch index 7c1e6b0576..86fe6c0369 100644 --- a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch @@ -319,32 +319,26 @@ ptr--; } if (tunnel->parms.o_flags&GRE_KEY) { -@@ -841,9 +841,9 @@ static inline int ip6gre_xmit_ipv6(struc +@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK; if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) -- fl6.flowlabel |= ip6_flowlabel(ipv6h); -+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h)); + fl6.flowlabel |= ip6_flowlabel(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) - fl6.flowi6_mark = skb->mark; - --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -1288,9 +1288,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1285,7 +1285,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK; if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) -- fl6.flowlabel |= ip6_flowlabel(ipv6h); -+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h)); + fl6.flowlabel |= ip6_flowlabel(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) - fl6.flowi6_mark = skb->mark; - --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -573,7 +573,7 @@ static bool ipv6_hop_jumbo(struct sk_buf @@ -741,7 +735,7 @@ if (xb) return i * 32 + 31 - __fls(ntohl(xb)); } -@@ -668,12 +672,13 @@ int ip6_dst_hoplimit(struct dst_entry *d +@@ -670,17 +674,18 @@ int ip6_dst_hoplimit(struct dst_entry *d static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass, __be32 flowlabel) { @@ -757,6 +751,12 @@ } static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr) + { +- return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK; ++ return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK; + } + + static inline u8 ip6_tclass(__be32 flowinfo) --- a/include/net/secure_seq.h +++ b/include/net/secure_seq.h @@ -2,6 +2,7 @@ @@ -873,7 +873,7 @@ --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3631,14 +3631,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3629,14 +3629,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1);