diff options
author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-02-20 15:42:17 +0100 |
---|---|---|
committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-02-25 10:23:44 +0100 |
commit | e9cb40caa4456cefc1b4bef0c9ab26a7b8d3a653 (patch) | |
tree | 742d206a12049477e65ddfa2993e5cb80471ee29 /target/linux | |
parent | d32bbd747733de5daeb63a8f2c1307f612422f87 (diff) | |
download | upstream-e9cb40caa4456cefc1b4bef0c9ab26a7b8d3a653.tar.gz upstream-e9cb40caa4456cefc1b4bef0c9ab26a7b8d3a653.tar.bz2 upstream-e9cb40caa4456cefc1b4bef0c9ab26a7b8d3a653.zip |
kernel: bump 4.9 to 4.9.159
Refreshed all patches.
Remove upstreamed:
- 023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 050-usb-dwc2-Remove-unnecessary-kfree.patch
- 092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch
- 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Fixes:
- CVE-2018-1000026
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'target/linux')
9 files changed, 7 insertions, 530 deletions
diff --git a/target/linux/brcm2708/patches-4.9/950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch b/target/linux/brcm2708/patches-4.9/950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch index c1e5858bce..4494e2a34a 100644 --- a/target/linux/brcm2708/patches-4.9/950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch +++ b/target/linux/brcm2708/patches-4.9/950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch @@ -57,7 +57,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org> #define memset(p,v,n) \ --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h -@@ -489,6 +489,9 @@ do { \ +@@ -526,6 +526,9 @@ do { \ extern unsigned long __must_check arm_copy_from_user(void *to, const void __user *from, unsigned long n); @@ -272,7 +272,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org> #ifdef CONFIG_CPU_SPECTRE get_thread_info r3 ldr r3, [r3, #TI_ADDR_LIMIT] -@@ -102,7 +103,7 @@ ENTRY(arm_copy_from_user) +@@ -98,7 +99,7 @@ ENTRY(arm_copy_from_user) #include "copy_template.S" @@ -1502,7 +1502,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org> unsigned long ua_flags = uaccess_save_and_enable(); n = __copy_to_user_std(to, from, n); uaccess_restore(ua_flags); -@@ -156,6 +252,26 @@ arm_copy_to_user(void __user *to, const +@@ -157,6 +253,26 @@ arm_copy_to_user(void __user *to, const } return n; } diff --git a/target/linux/brcm2708/patches-4.9/950-0149-Update-vfpmodule.c.patch b/target/linux/brcm2708/patches-4.9/950-0149-Update-vfpmodule.c.patch index 78606ed61b..f9b3977e04 100644 --- a/target/linux/brcm2708/patches-4.9/950-0149-Update-vfpmodule.c.patch +++ b/target/linux/brcm2708/patches-4.9/950-0149-Update-vfpmodule.c.patch @@ -102,7 +102,7 @@ Signed-off-by: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net> vfp_save_state(&thread->vfpstate, fpexc | FPEXC_EN); fmxr(FPEXC, fpexc); } -@@ -602,6 +609,7 @@ int vfp_restore_user_hwstate(struct user +@@ -598,6 +605,7 @@ int vfp_restore_user_hwstate(struct user struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; @@ -110,7 +110,7 @@ Signed-off-by: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net> /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); -@@ -624,8 +632,12 @@ int vfp_restore_user_hwstate(struct user +@@ -620,8 +628,12 @@ int vfp_restore_user_hwstate(struct user /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -125,7 +125,7 @@ Signed-off-by: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net> hwstate->fpexc = fpexc; hwstate->fpinst = ufp_exc->fpinst; -@@ -695,7 +707,8 @@ void kernel_neon_begin(void) +@@ -691,7 +703,8 @@ void kernel_neon_begin(void) cpu = get_cpu(); fpexc = fmrx(FPEXC) | FPEXC_EN; diff --git a/target/linux/generic/backport-4.9/023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch b/target/linux/generic/backport-4.9/023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch deleted file mode 100644 index 9fbdfe4a04..0000000000 --- a/target/linux/generic/backport-4.9/023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e9156cd26a495a18706e796f02a81fee41ec14f4 Mon Sep 17 00:00:00 2001 -From: James Hughes <james.hughes@raspberrypi.org> -Date: Wed, 19 Apr 2017 11:13:40 +0100 -Subject: [PATCH] smsc95xx: Use skb_cow_head to deal with cloned skbs - -The driver was failing to check that the SKB wasn't cloned -before adding checksum data. -Replace existing handling to extend/copy the header buffer -with skb_cow_head. - -Signed-off-by: James Hughes <james.hughes@raspberrypi.org> -Acked-by: Eric Dumazet <edumazet@google.com> -Acked-by: Woojung Huh <Woojung.Huh@microchip.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/usb/smsc95xx.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - ---- a/drivers/net/usb/smsc95xx.c -+++ b/drivers/net/usb/smsc95xx.c -@@ -2011,13 +2011,13 @@ static struct sk_buff *smsc95xx_tx_fixup - /* We do not advertise SG, so skbs should be already linearized */ - BUG_ON(skb_shinfo(skb)->nr_frags); - -- if (skb_headroom(skb) < overhead) { -- struct sk_buff *skb2 = skb_copy_expand(skb, -- overhead, 0, flags); -+ /* Make writable and expand header space by overhead if required */ -+ if (skb_cow_head(skb, overhead)) { -+ /* Must deallocate here as returning NULL to indicate error -+ * means the skb won't be deallocated in the caller. -+ */ - dev_kfree_skb_any(skb); -- skb = skb2; -- if (!skb) -- return NULL; -+ return NULL; - } - - if (csum) { diff --git a/target/linux/generic/backport-4.9/023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch b/target/linux/generic/backport-4.9/023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch deleted file mode 100644 index 83de38bf8a..0000000000 --- a/target/linux/generic/backport-4.9/023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6bc6895bdd6744e0136eaa4a11fbdb20a7db4e40 Mon Sep 17 00:00:00 2001 -From: Eric Dumazet <edumazet@google.com> -Date: Wed, 19 Apr 2017 09:59:25 -0700 -Subject: [PATCH] ch9200: use skb_cow_head() to deal with cloned skbs - -We need to ensure there is enough headroom to push extra header, -but we also need to check if we are allowed to change headers. - -skb_cow_head() is the proper helper to deal with this. - -Fixes: 4a476bd6d1d9 ("usbnet: New driver for QinHeng CH9200 devices") -Signed-off-by: Eric Dumazet <edumazet@google.com> -Cc: James Hughes <james.hughes@raspberrypi.org> -Cc: Matthew Garrett <mjg59@srcf.ucam.org> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/usb/ch9200.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - ---- a/drivers/net/usb/ch9200.c -+++ b/drivers/net/usb/ch9200.c -@@ -254,14 +254,9 @@ static struct sk_buff *ch9200_tx_fixup(s - tx_overhead = 0x40; - - len = skb->len; -- if (skb_headroom(skb) < tx_overhead) { -- struct sk_buff *skb2; -- -- skb2 = skb_copy_expand(skb, tx_overhead, 0, flags); -+ if (skb_cow_head(skb, tx_overhead)) { - dev_kfree_skb_any(skb); -- skb = skb2; -- if (!skb) -- return NULL; -+ return NULL; - } - - __skb_push(skb, tx_overhead); diff --git a/target/linux/generic/backport-4.9/023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch b/target/linux/generic/backport-4.9/023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch deleted file mode 100644 index 597f25b21d..0000000000 --- a/target/linux/generic/backport-4.9/023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 39fba7835aacda65284a86e611774cbba71dac20 Mon Sep 17 00:00:00 2001 -From: Eric Dumazet <edumazet@google.com> -Date: Wed, 19 Apr 2017 09:59:26 -0700 -Subject: [PATCH] kaweth: use skb_cow_head() to deal with cloned skbs - -We can use skb_cow_head() to properly deal with clones, -especially the ones coming from TCP stack that allow their head being -modified. This avoids a copy. - -Signed-off-by: Eric Dumazet <edumazet@google.com> -Cc: James Hughes <james.hughes@raspberrypi.org> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/usb/kaweth.c | 18 ++++++------------ - 1 file changed, 6 insertions(+), 12 deletions(-) - ---- a/drivers/net/usb/kaweth.c -+++ b/drivers/net/usb/kaweth.c -@@ -803,18 +803,12 @@ static netdev_tx_t kaweth_start_xmit(str - } - - /* We now decide whether we can put our special header into the sk_buff */ -- if (skb_cloned(skb) || skb_headroom(skb) < 2) { -- /* no such luck - we make our own */ -- struct sk_buff *copied_skb; -- copied_skb = skb_copy_expand(skb, 2, 0, GFP_ATOMIC); -- dev_kfree_skb_irq(skb); -- skb = copied_skb; -- if (!copied_skb) { -- kaweth->stats.tx_errors++; -- netif_start_queue(net); -- spin_unlock_irq(&kaweth->device_lock); -- return NETDEV_TX_OK; -- } -+ if (skb_cow_head(skb, 2)) { -+ kaweth->stats.tx_errors++; -+ netif_start_queue(net); -+ spin_unlock_irq(&kaweth->device_lock); -+ dev_kfree_skb_any(skb); -+ return NETDEV_TX_OK; - } - - private_header = (__le16 *)__skb_push(skb, 2); diff --git a/target/linux/generic/backport-4.9/050-usb-dwc2-Remove-unnecessary-kfree.patch b/target/linux/generic/backport-4.9/050-usb-dwc2-Remove-unnecessary-kfree.patch deleted file mode 100644 index 346eba9221..0000000000 --- a/target/linux/generic/backport-4.9/050-usb-dwc2-Remove-unnecessary-kfree.patch +++ /dev/null @@ -1,24 +0,0 @@ -From cd4b1e34655d46950c065d9284b596cd8d7b28cd Mon Sep 17 00:00:00 2001 -From: John Youn <johnyoun@synopsys.com> -Date: Thu, 3 Nov 2016 17:55:45 -0700 -Subject: [PATCH] usb: dwc2: Remove unnecessary kfree - -This shouldn't be freed by the HCD as it is owned by the core and -allocated with devm_kzalloc. - -Signed-off-by: John Youn <johnyoun@synopsys.com> -Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com> ---- - drivers/usb/dwc2/hcd.c | 1 - - 1 file changed, 1 deletion(-) - ---- a/drivers/usb/dwc2/hcd.c -+++ b/drivers/usb/dwc2/hcd.c -@@ -5202,7 +5202,6 @@ error3: - error2: - usb_put_hcd(hcd); - error1: -- kfree(hsotg->core_params); - - #ifdef CONFIG_USB_DWC2_TRACK_MISSED_SOFS - kfree(hsotg->last_frame_num_array); diff --git a/target/linux/generic/backport-4.9/092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch b/target/linux/generic/backport-4.9/092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch deleted file mode 100644 index 024983142c..0000000000 --- a/target/linux/generic/backport-4.9/092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch +++ /dev/null @@ -1,323 +0,0 @@ -From 0bc01df3df7a88258148518eb9ce7f88c16a6106 Mon Sep 17 00:00:00 2001 -From: Liping Zhang <zlpnobody@gmail.com> -Date: Wed, 8 Mar 2017 22:54:18 +0800 -Subject: netfilter: nf_tables: fix mismatch in big-endian system - -Currently, there are two different methods to store an u16 integer to -the u32 data register. For example: - u32 *dest = ®s->data[priv->dreg]; - 1. *dest = 0; *(u16 *) dest = val_u16; - 2. *dest = val_u16; - -For method 1, the u16 value will be stored like this, either in -big-endian or little-endian system: - 0 15 31 - +-+-+-+-+-+-+-+-+-+-+-+-+ - | Value | 0 | - +-+-+-+-+-+-+-+-+-+-+-+-+ - -For method 2, in little-endian system, the u16 value will be the same -as listed above. But in big-endian system, the u16 value will be stored -like this: - 0 15 31 - +-+-+-+-+-+-+-+-+-+-+-+-+ - | 0 | Value | - +-+-+-+-+-+-+-+-+-+-+-+-+ - -So later we use "memcmp(®s->data[priv->sreg], data, 2);" to do -compare in nft_cmp, nft_lookup expr ..., method 2 will get the wrong -result in big-endian system, as 0~15 bits will always be zero. - -For the similar reason, when loading an u16 value from the u32 data -register, we should use "*(u16 *) sreg;" instead of "(u16)*sreg;", -the 2nd method will get the wrong value in the big-endian system. - -So introduce some wrapper functions to store/load an u8 or u16 -integer to/from the u32 data register, and use them in the right -place. - -Signed-off-by: Liping Zhang <zlpnobody@gmail.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - include/net/netfilter/nf_tables.h | 29 +++++++++++++++++++++++++ - net/ipv4/netfilter/nft_masq_ipv4.c | 8 +++---- - net/ipv4/netfilter/nft_redir_ipv4.c | 8 +++---- - net/ipv6/netfilter/nft_masq_ipv6.c | 8 +++---- - net/ipv6/netfilter/nft_redir_ipv6.c | 8 +++---- - net/netfilter/nft_ct.c | 10 ++++----- - net/netfilter/nft_meta.c | 42 +++++++++++++++++++------------------ - net/netfilter/nft_nat.c | 8 +++---- - 8 files changed, 76 insertions(+), 45 deletions(-) - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -87,6 +87,35 @@ struct nft_regs { - }; - }; - -+/* Store/load an u16 or u8 integer to/from the u32 data register. -+ * -+ * Note, when using concatenations, register allocation happens at 32-bit -+ * level. So for store instruction, pad the rest part with zero to avoid -+ * garbage values. -+ */ -+ -+static inline void nft_reg_store16(u32 *dreg, u16 val) -+{ -+ *dreg = 0; -+ *(u16 *)dreg = val; -+} -+ -+static inline void nft_reg_store8(u32 *dreg, u8 val) -+{ -+ *dreg = 0; -+ *(u8 *)dreg = val; -+} -+ -+static inline u16 nft_reg_load16(u32 *sreg) -+{ -+ return *(u16 *)sreg; -+} -+ -+static inline u8 nft_reg_load8(u32 *sreg) -+{ -+ return *(u8 *)sreg; -+} -+ - static inline void nft_data_copy(u32 *dst, const struct nft_data *src, - unsigned int len) - { ---- a/net/ipv4/netfilter/nft_masq_ipv4.c -+++ b/net/ipv4/netfilter/nft_masq_ipv4.c -@@ -26,10 +26,10 @@ static void nft_masq_ipv4_eval(const str - memset(&range, 0, sizeof(range)); - range.flags = priv->flags; - if (priv->sreg_proto_min) { -- range.min_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_min]; -- range.max_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_max]; -+ range.min_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_min]); -+ range.max_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_max]); - } - regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->hook, - &range, pkt->out); ---- a/net/ipv4/netfilter/nft_redir_ipv4.c -+++ b/net/ipv4/netfilter/nft_redir_ipv4.c -@@ -26,10 +26,10 @@ static void nft_redir_ipv4_eval(const st - - memset(&mr, 0, sizeof(mr)); - if (priv->sreg_proto_min) { -- mr.range[0].min.all = -- *(__be16 *)®s->data[priv->sreg_proto_min]; -- mr.range[0].max.all = -- *(__be16 *)®s->data[priv->sreg_proto_max]; -+ mr.range[0].min.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_min]); -+ mr.range[0].max.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_max]); - mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; - } - ---- a/net/ipv6/netfilter/nft_masq_ipv6.c -+++ b/net/ipv6/netfilter/nft_masq_ipv6.c -@@ -27,10 +27,10 @@ static void nft_masq_ipv6_eval(const str - memset(&range, 0, sizeof(range)); - range.flags = priv->flags; - if (priv->sreg_proto_min) { -- range.min_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_min]; -- range.max_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_max]; -+ range.min_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_min]); -+ range.max_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_max]); - } - regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out); - } ---- a/net/ipv6/netfilter/nft_redir_ipv6.c -+++ b/net/ipv6/netfilter/nft_redir_ipv6.c -@@ -26,10 +26,10 @@ static void nft_redir_ipv6_eval(const st - - memset(&range, 0, sizeof(range)); - if (priv->sreg_proto_min) { -- range.min_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_min], -- range.max_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_max], -+ range.min_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_min]); -+ range.max_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_max]); - range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; - } - ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -77,7 +77,7 @@ static void nft_ct_get_eval(const struct - - switch (priv->key) { - case NFT_CT_DIRECTION: -- *dest = CTINFO2DIR(ctinfo); -+ nft_reg_store8(dest, CTINFO2DIR(ctinfo)); - return; - case NFT_CT_STATUS: - *dest = ct->status; -@@ -129,10 +129,10 @@ static void nft_ct_get_eval(const struct - return; - } - case NFT_CT_L3PROTOCOL: -- *dest = nf_ct_l3num(ct); -+ nft_reg_store8(dest, nf_ct_l3num(ct)); - return; - case NFT_CT_PROTOCOL: -- *dest = nf_ct_protonum(ct); -+ nft_reg_store8(dest, nf_ct_protonum(ct)); - return; - default: - break; -@@ -149,10 +149,10 @@ static void nft_ct_get_eval(const struct - nf_ct_l3num(ct) == NFPROTO_IPV4 ? 4 : 16); - return; - case NFT_CT_PROTO_SRC: -- *dest = (__force __u16)tuple->src.u.all; -+ nft_reg_store16(dest, (__force u16)tuple->src.u.all); - return; - case NFT_CT_PROTO_DST: -- *dest = (__force __u16)tuple->dst.u.all; -+ nft_reg_store16(dest, (__force u16)tuple->dst.u.all); - return; - default: - break; ---- a/net/netfilter/nft_meta.c -+++ b/net/netfilter/nft_meta.c -@@ -45,16 +45,15 @@ void nft_meta_get_eval(const struct nft_ - *dest = skb->len; - break; - case NFT_META_PROTOCOL: -- *dest = 0; -- *(__be16 *)dest = skb->protocol; -+ nft_reg_store16(dest, (__force u16)skb->protocol); - break; - case NFT_META_NFPROTO: -- *dest = pkt->pf; -+ nft_reg_store8(dest, pkt->pf); - break; - case NFT_META_L4PROTO: - if (!pkt->tprot_set) - goto err; -- *dest = pkt->tprot; -+ nft_reg_store8(dest, pkt->tprot); - break; - case NFT_META_PRIORITY: - *dest = skb->priority; -@@ -85,14 +84,12 @@ void nft_meta_get_eval(const struct nft_ - case NFT_META_IIFTYPE: - if (in == NULL) - goto err; -- *dest = 0; -- *(u16 *)dest = in->type; -+ nft_reg_store16(dest, in->type); - break; - case NFT_META_OIFTYPE: - if (out == NULL) - goto err; -- *dest = 0; -- *(u16 *)dest = out->type; -+ nft_reg_store16(dest, out->type); - break; - case NFT_META_SKUID: - sk = skb_to_full_sk(skb); -@@ -142,22 +139,22 @@ void nft_meta_get_eval(const struct nft_ - #endif - case NFT_META_PKTTYPE: - if (skb->pkt_type != PACKET_LOOPBACK) { -- *dest = skb->pkt_type; -+ nft_reg_store8(dest, skb->pkt_type); - break; - } - - switch (pkt->pf) { - case NFPROTO_IPV4: - if (ipv4_is_multicast(ip_hdr(skb)->daddr)) -- *dest = PACKET_MULTICAST; -+ nft_reg_store8(dest, PACKET_MULTICAST); - else -- *dest = PACKET_BROADCAST; -+ nft_reg_store8(dest, PACKET_BROADCAST); - break; - case NFPROTO_IPV6: - if (ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) -- *dest = PACKET_MULTICAST; -+ nft_reg_store8(dest, PACKET_MULTICAST); - else -- *dest = PACKET_BROADCAST; -+ nft_reg_store8(dest, PACKET_BROADCAST); - break; - case NFPROTO_NETDEV: - switch (skb->protocol) { -@@ -171,14 +168,14 @@ void nft_meta_get_eval(const struct nft_ - goto err; - - if (ipv4_is_multicast(iph->daddr)) -- *dest = PACKET_MULTICAST; -+ nft_reg_store8(dest, PACKET_MULTICAST); - else -- *dest = PACKET_BROADCAST; -+ nft_reg_store8(dest, PACKET_BROADCAST); - - break; - } - case htons(ETH_P_IPV6): -- *dest = PACKET_MULTICAST; -+ nft_reg_store8(dest, PACKET_MULTICAST); - break; - default: - WARN_ON_ONCE(1); -@@ -233,7 +230,9 @@ void nft_meta_set_eval(const struct nft_ - { - const struct nft_meta *meta = nft_expr_priv(expr); - struct sk_buff *skb = pkt->skb; -- u32 value = regs->data[meta->sreg]; -+ u32 *sreg = ®s->data[meta->sreg]; -+ u32 value = *sreg; -+ u8 pkt_type; - - switch (meta->key) { - case NFT_META_MARK: -@@ -243,9 +242,12 @@ void nft_meta_set_eval(const struct nft_ - skb->priority = value; - break; - case NFT_META_PKTTYPE: -- if (skb->pkt_type != value && -- skb_pkt_type_ok(value) && skb_pkt_type_ok(skb->pkt_type)) -- skb->pkt_type = value; -+ pkt_type = nft_reg_load8(sreg); -+ -+ if (skb->pkt_type != pkt_type && -+ skb_pkt_type_ok(pkt_type) && -+ skb_pkt_type_ok(skb->pkt_type)) -+ skb->pkt_type = pkt_type; - break; - case NFT_META_NFTRACE: - skb->nf_trace = !!value; ---- a/net/netfilter/nft_nat.c -+++ b/net/netfilter/nft_nat.c -@@ -65,10 +65,10 @@ static void nft_nat_eval(const struct nf - } - - if (priv->sreg_proto_min) { -- range.min_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_min]; -- range.max_proto.all = -- *(__be16 *)®s->data[priv->sreg_proto_max]; -+ range.min_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_min]); -+ range.max_proto.all = (__force __be16)nft_reg_load16( -+ ®s->data[priv->sreg_proto_max]); - range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; - } - diff --git a/target/linux/generic/backport-4.9/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch b/target/linux/generic/backport-4.9/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch deleted file mode 100644 index f20984955f..0000000000 --- a/target/linux/generic/backport-4.9/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 649affd04813c43e0a72886517fcfccd63230981 Mon Sep 17 00:00:00 2001 -From: Hauke Mehrtens <hauke@hauke-m.de> -Date: Mon, 29 Jun 2015 16:53:03 +0200 -Subject: uapi/if_ether.h: prevent redefinition of struct ethhdr - -Musl provides its own ethhdr struct definition. Add a guard to prevent -its definition of the appropriate musl header has already been included. - -glibc does not implement this header, but when glibc will implement this -they can just define __UAPI_DEF_ETHHDR 0 to make it work with the -kernel. - -Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> ---- - include/uapi/linux/if_ether.h | 3 +++ - include/uapi/linux/libc-compat.h | 6 ++++++ - 2 files changed, 9 insertions(+) - ---- a/include/uapi/linux/if_ether.h -+++ b/include/uapi/linux/if_ether.h -@@ -22,6 +22,7 @@ - #define _UAPI_LINUX_IF_ETHER_H - - #include <linux/types.h> -+#include <linux/libc-compat.h> - - /* - * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble -@@ -139,11 +140,13 @@ - * This is an Ethernet frame header. - */ - -+#if __UAPI_DEF_ETHHDR - struct ethhdr { - unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ - unsigned char h_source[ETH_ALEN]; /* source ether addr */ - __be16 h_proto; /* packet type ID field */ - } __attribute__((packed)); -+#endif - - - #endif /* _UAPI_LINUX_IF_ETHER_H */ ---- a/include/uapi/linux/libc-compat.h -+++ b/include/uapi/linux/libc-compat.h -@@ -263,4 +263,10 @@ - - #endif /* __GLIBC__ */ - -+/* Definitions for if_ether.h */ -+/* allow libcs like musl to deactivate this, glibc does not implement this. */ -+#ifndef __UAPI_DEF_ETHHDR -+#define __UAPI_DEF_ETHHDR 1 -+#endif -+ - #endif /* _UAPI_LIBC_COMPAT_H */ diff --git a/target/linux/layerscape/patches-4.9/202-core-linux-support-layerscape.patch b/target/linux/layerscape/patches-4.9/202-core-linux-support-layerscape.patch index e93ff29f6b..cc66e7f3e1 100644 --- a/target/linux/layerscape/patches-4.9/202-core-linux-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.9/202-core-linux-support-layerscape.patch @@ -411,7 +411,7 @@ Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> #endif /* __SOC_BUS_H */ --- a/include/uapi/linux/if_ether.h +++ b/include/uapi/linux/if_ether.h -@@ -36,6 +36,7 @@ +@@ -35,6 +35,7 @@ #define ETH_DATA_LEN 1500 /* Max. octets in payload */ #define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */ #define ETH_FCS_LEN 4 /* Octets in the FCS */ |