diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2014-12-08 10:48:28 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2014-12-08 10:48:28 +0000 |
| commit | 6327386aff53e15882188556a18550d2e386e145 (patch) | |
| tree | b7ed85dd682a2ecf6eadf4b59dd790ac098b4723 | |
| parent | 0f07e7c9a8c38a625a8ac646a94d1fa2f075eef8 (diff) | |
| download | master-31e0f0ae-6327386aff53e15882188556a18550d2e386e145.tar.gz master-31e0f0ae-6327386aff53e15882188556a18550d2e386e145.tar.bz2 master-31e0f0ae-6327386aff53e15882188556a18550d2e386e145.zip | |
ar71xx: fix invalid pointer accesses caused by unaligned access hacks (#18455)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43560
| -rw-r--r-- | target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch index 7c1e6b0576..86fe6c0369 100644 --- a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch @@ -319,32 +319,26 @@ ptr--; } if (tunnel->parms.o_flags&GRE_KEY) { -@@ -841,9 +841,9 @@ static inline int ip6gre_xmit_ipv6(struc +@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK; if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) -- fl6.flowlabel |= ip6_flowlabel(ipv6h); -+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h)); + fl6.flowlabel |= ip6_flowlabel(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) - fl6.flowi6_mark = skb->mark; - --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -1288,9 +1288,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1285,7 +1285,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK; if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) -- fl6.flowlabel |= ip6_flowlabel(ipv6h); -+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h)); + fl6.flowlabel |= ip6_flowlabel(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) - fl6.flowi6_mark = skb->mark; - --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -573,7 +573,7 @@ static bool ipv6_hop_jumbo(struct sk_buf @@ -741,7 +735,7 @@ if (xb) return i * 32 + 31 - __fls(ntohl(xb)); } -@@ -668,12 +672,13 @@ int ip6_dst_hoplimit(struct dst_entry *d +@@ -670,17 +674,18 @@ int ip6_dst_hoplimit(struct dst_entry *d static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass, __be32 flowlabel) { @@ -757,6 +751,12 @@ } static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr) + { +- return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK; ++ return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK; + } + + static inline u8 ip6_tclass(__be32 flowinfo) --- a/include/net/secure_seq.h +++ b/include/net/secure_seq.h @@ -2,6 +2,7 @@ @@ -873,7 +873,7 @@ --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3631,14 +3631,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3629,14 +3629,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); |