From: Felix Fietkau Subject: [PATCH] ar71xx: fix unaligned access in a few more places SVN-Revision: 35130 --- arch/mips/include/asm/checksum.h | 83 +++--------------- include/uapi/linux/ip.h | 2 +- include/uapi/linux/ipv6.h | 2 +- include/uapi/linux/tcp.h | 4 ++-- include/uapi/linux/udp.h | 2 +- net/netfilter/nf_conntrack_core.c | 4 ++-- include/uapi/linux/icmp.h | 2 +- include/uapi/linux/in6.h | 2 +- net/ipv6/tcp_ipv6.c | 9 +++-- net/ipv6/datagram.c | 6 ++-- net/ipv6/exthdrs.c | 2 +- include/linux/types.h | 5 +++ net/ipv4/af_inet.c | 4 ++-- net/ipv4/tcp_output.c | 69 +++++++++-------- include/uapi/linux/igmp.h | 8 +++--- net/core/flow_dissector.c | 2 +- include/uapi/linux/icmpv6.h | 2 +- include/net/ndisc.h | 10 ++++---- net/sched/cls_u32.c | 6 +++--- net/ipv6/ip6_offload.c | 2 +- include/net/addrconf.h | 2 +- include/net/inet_ecn.h | 4 ++-- include/net/ipv6.h | 23 +++++---- include/net/secure_seq.h | 1 + include/uapi/linux/in.h | 2 +- net/ipv6/ip6_fib.h | 2 +- net/netfilter/nf_conntrack_proto_tcp.c | 2 +- net/xfrm/xfrm_input.c | 4 ++-- net/ipv4/tcp_input.c | 12 ++++--- include/uapi/linux/if_pppox.h | 1 + net/ipv6/netfilter/nf_log_ipv6.c | 4 ++-- include/net/neighbour.h | 6 +++-- include/uapi/linux/netfilter_arp/arp_tables.h | 2 +- net/core/utils.c | 10 +++++-- include/linux/etherdevice.h | 11 ++++--- net/ipv4/tcp_offload.c | 6 +++--- net/ipv6/netfilter/ip6table_mangle.c | 4 ++-- 37 file changed, 171 insertions(+), 141 deletions(-) --- a/arch/mips/include/asm/checksum.h +++ b/arch/mips/include/asm/checksum.h @@ -100,26 +100,30 @@ static inline __sum16 ip_fast_csum(const const unsigned int *stop = word + ihl; unsigned int csum; int carry; + unsigned int w; - csum = word[0]; - csum += word[1]; - carry = (csum < word[1]); + csum = net_hdr_word(word++); + + w = net_hdr_word(word++); + csum += w; + carry = (csum < w); csum += carry; - csum += word[2]; - carry = (csum < word[2]); + w = net_hdr_word(word++); + csum += w; + carry = (csum < w); csum += carry; - csum += word[3]; - carry = (csum < word[3]); + w = net_hdr_word(word++); + csum += w; + carry = (csum < w); csum += carry; - word += 4; do { - csum += *word; - carry = (csum < *word); + w = net_hdr_word(word++); + csum += w; + carry = (csum < w); csum += carry; - word++; } while (word != stop); return csum_fold(csum); @@ -180,73 +184,6 @@ static inline __sum16 ip_compute_csum(co return csum_fold(csum_partial(buff, len, 0)); } -#define _HAVE_ARCH_IPV6_CSUM -static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr, - const struct in6_addr *daddr, - __u32 len, __u8 proto, - __wsum sum) -{ - __wsum tmp; - - __asm__( - " .set push # csum_ipv6_magic\n" - " .set noreorder \n" - " .set noat \n" - " addu %0, %5 # proto (long in network byte order)\n" - " sltu $1, %0, %5 \n" - " addu %0, $1 \n" - - " addu %0, %6 # csum\n" - " sltu $1, %0, %6 \n" - " lw %1, 0(%2) # four words source address\n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 4(%2) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 8(%2) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 12(%2) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 0(%3) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 4(%3) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 8(%3) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " lw %1, 12(%3) \n" - " addu %0, $1 \n" - " addu %0, %1 \n" - " sltu $1, %0, %1 \n" - - " addu %0, $1 # Add final carry\n" - " .set pop" - : "=&r" (sum), "=&r" (tmp) - : "r" (saddr), "r" (daddr), - "0" (htonl(len)), "r" (htonl(proto)), "r" (sum)); - - return csum_fold(sum); -} - #include #endif /* CONFIG_GENERIC_CSUM */ --- a/include/uapi/linux/ip.h +++ b/include/uapi/linux/ip.h @@ -106,7 +106,7 @@ struct iphdr { __be32 daddr; ); /*The options start here. */ -}; +} __attribute__((packed, aligned(2))); struct ip_auth_hdr { --- a/include/uapi/linux/ipv6.h +++ b/include/uapi/linux/ipv6.h @@ -135,7 +135,7 @@ struct ipv6hdr { struct in6_addr saddr; struct in6_addr daddr; ); -}; +} __attribute__((packed, aligned(2))); /* index values for the variables in ipv6_devconf */ --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -55,7 +55,7 @@ struct tcphdr { __be16 window; __sum16 check; __be16 urg_ptr; -}; +} __attribute__((packed, aligned(2))); /* * The union cast uses a gcc extension to avoid aliasing problems @@ -65,7 +65,7 @@ struct tcphdr { union tcp_word_hdr { struct tcphdr hdr; __be32 words[5]; -}; +} __attribute__((packed, aligned(2))); #define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words [3]) --- a/include/uapi/linux/udp.h +++ b/include/uapi/linux/udp.h @@ -25,7 +25,7 @@ struct udphdr { __be16 dest; __be16 len; __sum16 check; -}; +} __attribute__((packed, aligned(2))); /* UDP socket options */ #define UDP_CORK 1 /* Never send partially complete segments */ --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -271,8 +271,8 @@ nf_ct_get_tuple(const struct sk_buff *sk switch (l3num) { case NFPROTO_IPV4: - tuple->src.u3.ip = ap[0]; - tuple->dst.u3.ip = ap[1]; + tuple->src.u3.ip = net_hdr_word(ap++); + tuple->dst.u3.ip = net_hdr_word(ap); break; case NFPROTO_IPV6: memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6)); --- a/include/uapi/linux/icmp.h +++ b/include/uapi/linux/icmp.h @@ -83,7 +83,7 @@ struct icmphdr { } frag; __u8 reserved[4]; } un; -}; +} __attribute__((packed, aligned(2))); /* --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h @@ -43,7 +43,7 @@ struct in6_addr { #define s6_addr16 in6_u.u6_addr16 #define s6_addr32 in6_u.u6_addr32 #endif -}; +} __attribute__((packed, aligned(2))); #endif /* __UAPI_DEF_IN6_ADDR */ #if __UAPI_DEF_SOCKADDR_IN6 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -927,10 +928,10 @@ static void tcp_v6_send_response(const s topt = (__be32 *)(t1 + 1); if (tsecr) { - *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | - (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); - *topt++ = htonl(tsval); - *topt++ = htonl(tsecr); + put_unaligned_be32((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | + (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP, topt++); + put_unaligned_be32(tsval, topt++); + put_unaligned_be32(tsecr, topt++); } #ifdef CONFIG_TCP_MD5SIG --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -492,7 +492,7 @@ int ipv6_recv_error(struct sock *sk, str ipv6_iface_scope_id(&sin->sin6_addr, IP6CB(skb)->iif); } else { - ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset), + ipv6_addr_set_v4mapped(net_hdr_word(nh + serr->addr_offset), &sin->sin6_addr); sin->sin6_scope_id = 0; } @@ -846,12 +846,12 @@ int ip6_datagram_send_ctl(struct net *ne } if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { - if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) { + if ((fl6->flowlabel^net_hdr_word(CMSG_DATA(cmsg)))&~IPV6_FLOWINFO_MASK) { err = -EINVAL; goto exit_f; } } - fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg); + fl6->flowlabel = IPV6_FLOWINFO_MASK & net_hdr_word(CMSG_DATA(cmsg)); break; case IPV6_2292HOPOPTS: --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -948,7 +948,7 @@ static bool ipv6_hop_jumbo(struct sk_buf goto drop; } - pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); + pkt_len = ntohl(net_hdr_word(nh + optoff + 2)); if (pkt_len <= IPV6_MAXPLEN) { __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2); --- a/include/linux/types.h +++ b/include/linux/types.h @@ -227,5 +227,11 @@ typedef void (*swap_func_t)(void *a, voi typedef int (*cmp_r_func_t)(const void *a, const void *b, const void *priv); typedef int (*cmp_func_t)(const void *a, const void *b); +struct net_hdr_word { + u32 words[1]; +} __attribute__((packed, aligned(2))); + +#define net_hdr_word(_p) (((struct net_hdr_word *) (_p))->words[0]) + #endif /* __ASSEMBLY__ */ #endif /* _LINUX_TYPES_H */ --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1469,8 +1469,8 @@ struct sk_buff *inet_gro_receive(struct if (unlikely(ip_fast_csum((u8 *)iph, 5))) goto out_unlock; - id = ntohl(*(__be32 *)&iph->id); - flush = (u16)((ntohl(*(__be32 *)iph) ^ skb_gro_len(skb)) | (id & ~IP_DF)); + id = ntohl(net_hdr_word(&iph->id)); + flush = (u16)((ntohl(net_hdr_word(iph)) ^ skb_gro_len(skb)) | (id & ~IP_DF)); id >>= 16; list_for_each_entry(p, head, list) { --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -609,48 +609,53 @@ static void tcp_options_write(__be32 *pt u16 options = opts->options; /* mungable copy */ if (unlikely(OPTION_MD5 & options)) { - *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | - (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); + net_hdr_word(ptr++) = + htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | + (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); /* overload cookie hash location */ opts->hash_location = (__u8 *)ptr; ptr += 4; } if (unlikely(opts->mss)) { - *ptr++ = htonl((TCPOPT_MSS << 24) | - (TCPOLEN_MSS << 16) | - opts->mss); + net_hdr_word(ptr++) = + htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | + opts->mss); } if (likely(OPTION_TS & options)) { if (unlikely(OPTION_SACK_ADVERTISE & options)) { - *ptr++ = htonl((TCPOPT_SACK_PERM << 24) | - (TCPOLEN_SACK_PERM << 16) | - (TCPOPT_TIMESTAMP << 8) | - TCPOLEN_TIMESTAMP); + net_hdr_word(ptr++) = + htonl((TCPOPT_SACK_PERM << 24) | + (TCPOLEN_SACK_PERM << 16) | + (TCPOPT_TIMESTAMP << 8) | + TCPOLEN_TIMESTAMP); options &= ~OPTION_SACK_ADVERTISE; } else { - *ptr++ = htonl((TCPOPT_NOP << 24) | - (TCPOPT_NOP << 16) | - (TCPOPT_TIMESTAMP << 8) | - TCPOLEN_TIMESTAMP); + net_hdr_word(ptr++) = + htonl((TCPOPT_NOP << 24) | + (TCPOPT_NOP << 16) | + (TCPOPT_TIMESTAMP << 8) | + TCPOLEN_TIMESTAMP); } - *ptr++ = htonl(opts->tsval); - *ptr++ = htonl(opts->tsecr); + net_hdr_word(ptr++) = htonl(opts->tsval); + net_hdr_word(ptr++) = htonl(opts->tsecr); } if (unlikely(OPTION_SACK_ADVERTISE & options)) { - *ptr++ = htonl((TCPOPT_NOP << 24) | - (TCPOPT_NOP << 16) | - (TCPOPT_SACK_PERM << 8) | - TCPOLEN_SACK_PERM); + net_hdr_word(ptr++) = + htonl((TCPOPT_NOP << 24) | + (TCPOPT_NOP << 16) | + (TCPOPT_SACK_PERM << 8) | + TCPOLEN_SACK_PERM); } if (unlikely(OPTION_WSCALE & options)) { - *ptr++ = htonl((TCPOPT_NOP << 24) | - (TCPOPT_WINDOW << 16) | - (TCPOLEN_WINDOW << 8) | - opts->ws); + net_hdr_word(ptr++) = + htonl((TCPOPT_NOP << 24) | + (TCPOPT_WINDOW << 16) | + (TCPOLEN_WINDOW << 8) | + opts->ws); } if (unlikely(opts->num_sack_blocks)) { @@ -658,16 +663,17 @@ static void tcp_options_write(__be32 *pt tp->duplicate_sack : tp->selective_acks; int this_sack; - *ptr++ = htonl((TCPOPT_NOP << 24) | - (TCPOPT_NOP << 16) | - (TCPOPT_SACK << 8) | - (TCPOLEN_SACK_BASE + (opts->num_sack_blocks * + net_hdr_word(ptr++) = + htonl((TCPOPT_NOP << 24) | + (TCPOPT_NOP << 16) | + (TCPOPT_SACK << 8) | + (TCPOLEN_SACK_BASE + (opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK))); for (this_sack = 0; this_sack < opts->num_sack_blocks; ++this_sack) { - *ptr++ = htonl(sp[this_sack].start_seq); - *ptr++ = htonl(sp[this_sack].end_seq); + net_hdr_word(ptr++) = htonl(sp[this_sack].start_seq); + net_hdr_word(ptr++) = htonl(sp[this_sack].end_seq); } tp->rx_opt.dsack = 0; @@ -680,13 +686,14 @@ static void tcp_options_write(__be32 *pt if (foc->exp) { len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; - *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) | + net_hdr_word(ptr) = + htonl((TCPOPT_EXP << 24) | (len << 16) | TCPOPT_FASTOPEN_MAGIC); p += TCPOLEN_EXP_FASTOPEN_BASE; } else { len = TCPOLEN_FASTOPEN_BASE + foc->len; - *p++ = TCPOPT_FASTOPEN; - *p++ = len; + net_hdr_word(p++) = TCPOPT_FASTOPEN; + net_hdr_word(p++) = len; } memcpy(p, foc->val, foc->len); --- a/include/uapi/linux/igmp.h +++ b/include/uapi/linux/igmp.h @@ -33,7 +33,7 @@ struct igmphdr { __u8 code; /* For newer IGMP */ __sum16 csum; __be32 group; -}; +} __attribute__((packed, aligned(2))); /* V3 group record types [grec_type] */ #define IGMPV3_MODE_IS_INCLUDE 1 @@ -49,7 +49,7 @@ struct igmpv3_grec { __be16 grec_nsrcs; __be32 grec_mca; __be32 grec_src[0]; -}; +} __attribute__((packed, aligned(2))); struct igmpv3_report { __u8 type; @@ -58,7 +58,7 @@ struct igmpv3_report { __be16 resv2; __be16 ngrec; struct igmpv3_grec grec[0]; -}; +} __attribute__((packed, aligned(2))); struct igmpv3_query { __u8 type; @@ -79,7 +79,7 @@ struct igmpv3_query { __u8 qqic; __be16 nsrcs; __be32 srcs[0]; -}; +} __attribute__((packed, aligned(2))); #define IGMP_HOST_MEMBERSHIP_QUERY 0x11 /* From RFC1112 */ #define IGMP_HOST_MEMBERSHIP_REPORT 0x12 /* Ditto */ --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -128,7 +128,7 @@ __be32 __skb_flow_get_ports(const struct ports = __skb_header_pointer(skb, thoff + poff, sizeof(_ports), data, hlen, &_ports); if (ports) - return *ports; + return (__be32)net_hdr_word(ports); } return 0; --- a/include/uapi/linux/icmpv6.h +++ b/include/uapi/linux/icmpv6.h @@ -78,7 +78,7 @@ struct icmp6hdr { #define icmp6_addrconf_other icmp6_dataun.u_nd_ra.other #define icmp6_rt_lifetime icmp6_dataun.u_nd_ra.rt_lifetime #define icmp6_router_pref icmp6_dataun.u_nd_ra.router_pref -}; +} __attribute__((packed, aligned(2))); #define ICMPV6_ROUTER_PREF_LOW 0x3 --- a/include/net/ndisc.h +++ b/include/net/ndisc.h @@ -93,7 +93,7 @@ struct ra_msg { struct icmp6hdr icmph; __be32 reachable_time; __be32 retrans_timer; -}; +} __attribute__((packed, aligned(2))); struct rd_msg { struct icmp6hdr icmph; @@ -372,10 +372,10 @@ static inline u32 ndisc_hashfn(const voi { const u32 *p32 = pkey; - return (((p32[0] ^ hash32_ptr(dev)) * hash_rnd[0]) + - (p32[1] * hash_rnd[1]) + - (p32[2] * hash_rnd[2]) + - (p32[3] * hash_rnd[3])); + return (((net_hdr_word(&p32[0]) ^ hash32_ptr(dev)) * hash_rnd[0]) + + (net_hdr_word(&p32[1]) * hash_rnd[1]) + + (net_hdr_word(&p32[2]) * hash_rnd[2]) + + (net_hdr_word(&p32[3]) * hash_rnd[3])); } static inline struct neighbour *__ipv6_neigh_lookup_noref(struct net_device *dev, const void *pkey) --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -155,7 +155,7 @@ next_knode: data = skb_header_pointer(skb, toff, 4, &hdata); if (!data) goto out; - if ((*data ^ key->val) & key->mask) { + if ((net_hdr_word(data) ^ key->val) & key->mask) { n = rcu_dereference_bh(n->next); goto next_knode; } @@ -206,8 +206,8 @@ check_terminal: &hdata); if (!data) goto out; - sel = ht->divisor & u32_hash_fold(*data, &n->sel, - n->fshift); + sel = ht->divisor & u32_hash_fold(net_hdr_word(data), + &n->sel, n->fshift); } if (!(n->sel.flags & (TC_U32_VAROFFSET | TC_U32_OFFSET | TC_U32_EAT))) goto next_ht; --- a/net/ipv6/ip6_offload.c +++ b/net/ipv6/ip6_offload.c @@ -240,7 +240,7 @@ INDIRECT_CALLABLE_SCOPE struct sk_buff * continue; iph2 = (struct ipv6hdr *)(p->data + off); - first_word = *(__be32 *)iph ^ *(__be32 *)iph2; + first_word = net_hdr_word(iph) ^ net_hdr_word(iph2); /* All fields must match except length and Traffic Class. * XXX skbs on the gro_list have all been parsed and pulled --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -47,7 +47,7 @@ struct prefix_info { __be32 reserved2; struct in6_addr prefix; -}; +} __attribute__((packed, aligned(2))); #include #include --- a/include/net/inet_ecn.h +++ b/include/net/inet_ecn.h @@ -140,9 +140,9 @@ static inline int IP6_ECN_set_ce(struct if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph))) return 0; - from = *(__be32 *)iph; + from = net_hdr_word(iph); to = from | htonl(INET_ECN_CE << 20); - *(__be32 *)iph = to; + net_hdr_word(iph) = to; if (skb->ip_summed == CHECKSUM_COMPLETE) skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from), (__force __wsum)to); --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -146,7 +146,7 @@ struct frag_hdr { __u8 reserved; __be16 frag_off; __be32 identification; -}; +} __attribute__((packed, aligned(2))); #define IP6_MF 0x0001 #define IP6_OFFSET 0xFFF8 @@ -560,8 +560,8 @@ static inline void __ipv6_addr_set_half( } #endif #endif - addr[0] = wh; - addr[1] = wl; + net_hdr_word(&addr[0]) = wh; + net_hdr_word(&addr[1]) = wl; } static inline void ipv6_addr_set(struct in6_addr *addr, @@ -620,6 +620,8 @@ static inline bool ipv6_prefix_equal(con const __be32 *a1 = addr1->s6_addr32; const __be32 *a2 = addr2->s6_addr32; unsigned int pdw, pbi; + /* Used for last <32-bit fraction of prefix */ + u32 pbia1, pbia2; /* check complete u32 in prefix */ pdw = prefixlen >> 5; @@ -628,7 +630,9 @@ static inline bool ipv6_prefix_equal(con /* check incomplete u32 in prefix */ pbi = prefixlen & 0x1f; - if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi)))) + pbia1 = net_hdr_word(&a1[pdw]); + pbia2 = net_hdr_word(&a2[pdw]); + if (pbi && ((pbia1 ^ pbia2) & htonl((0xffffffff) << (32 - pbi)))) return false; return true; @@ -749,13 +753,13 @@ static inline void ipv6_addr_set_v4mappe */ static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen) { - const __be32 *a1 = token1, *a2 = token2; + const struct in6_addr *a1 = token1, *a2 = token2; int i; addrlen >>= 2; for (i = 0; i < addrlen; i++) { - __be32 xb = a1[i] ^ a2[i]; + __be32 xb = a1->s6_addr32[i] ^ a2->s6_addr32[i]; if (xb) return i * 32 + 31 - __fls(ntohl(xb)); } @@ -941,17 +945,18 @@ static inline int ip6_multipath_hash_pol static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass, __be32 flowlabel) { - *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel; + net_hdr_word((__be32 *)hdr) = + htonl(0x60000000 | (tclass << 20)) | flowlabel; } static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr) { - return *(__be32 *)hdr & IPV6_FLOWINFO_MASK; + return net_hdr_word((__be32 *)hdr) & IPV6_FLOWINFO_MASK; } static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr) { - return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK; + return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK; } static inline u8 ip6_tclass(__be32 flowinfo) --- a/include/net/secure_seq.h +++ b/include/net/secure_seq.h @@ -3,6 +3,7 @@ #define _NET_SECURE_SEQ #include +#include u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, --- a/include/uapi/linux/in.h +++ b/include/uapi/linux/in.h @@ -88,7 +88,7 @@ enum { /* Internet address. */ struct in_addr { __be32 s_addr; -}; +} __attribute__((packed, aligned(2))); #endif #define IP_TOS 1 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -140,7 +140,7 @@ static __be32 addr_bit_set(const void *t * See include/asm-generic/bitops/le.h. */ return (__force __be32)(1 << ((~fn_bit ^ BITOP_BE32_SWIZZLE) & 0x1f)) & - addr[fn_bit >> 5]; + net_hdr_word(&addr[fn_bit >> 5]); } struct fib6_info *fib6_info_alloc(gfp_t gfp_flags, bool with_fib6_nh) --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -415,7 +415,7 @@ static void tcp_sack(const struct sk_buf /* Fast path for timestamp-only option */ if (length == TCPOLEN_TSTAMP_ALIGNED - && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24) + && net_hdr_word(ptr) == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -165,8 +165,8 @@ int xfrm_parse_spi(struct sk_buff *skb, if (!pskb_may_pull(skb, hlen)) return -EINVAL; - *spi = *(__be32 *)(skb_transport_header(skb) + offset); - *seq = *(__be32 *)(skb_transport_header(skb) + offset_seq); + *spi = net_hdr_word(skb_transport_header(skb) + offset); + *seq = net_hdr_word(skb_transport_header(skb) + offset_seq); return 0; } EXPORT_SYMBOL(xfrm_parse_spi); --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4128,14 +4128,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); - if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) - | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) { + if (net_hdr_word(ptr) == + htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | + (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) { tp->rx_opt.saw_tstamp = 1; ++ptr; - tp->rx_opt.rcv_tsval = ntohl(*ptr); + tp->rx_opt.rcv_tsval = get_unaligned_be32(ptr); ++ptr; - if (*ptr) - tp->rx_opt.rcv_tsecr = ntohl(*ptr) - tp->tsoffset; + if (net_hdr_word(ptr)) + tp->rx_opt.rcv_tsecr = get_unaligned_be32(ptr) - + tp->tsoffset; else tp->rx_opt.rcv_tsecr = 0; return true; --- a/include/uapi/linux/if_pppox.h +++ b/include/uapi/linux/if_pppox.h @@ -51,6 +51,7 @@ struct pppoe_addr { */ struct pptp_addr { __u16 call_id; + __u16 pad; struct in_addr sin_addr; }; --- a/net/ipv6/netfilter/nf_log_ipv6.c +++ b/net/ipv6/netfilter/nf_log_ipv6.c @@ -63,9 +63,9 @@ static void dump_ipv6_packet(struct net /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */ nf_log_buf_add(m, "LEN=%zu TC=%u HOPLIMIT=%u FLOWLBL=%u ", ntohs(ih->payload_len) + sizeof(struct ipv6hdr), - (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20, + (ntohl(net_hdr_word(ih)) & 0x0ff00000) >> 20, ih->hop_limit, - (ntohl(*(__be32 *)ih) & 0x000fffff)); + (ntohl(net_hdr_word(ih)) & 0x000fffff)); fragment = 0; ptr = ip6hoff + sizeof(struct ipv6hdr); --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -275,8 +275,10 @@ static inline bool neigh_key_eq128(const const u32 *n32 = (const u32 *)n->primary_key; const u32 *p32 = pkey; - return ((n32[0] ^ p32[0]) | (n32[1] ^ p32[1]) | - (n32[2] ^ p32[2]) | (n32[3] ^ p32[3])) == 0; + return ((n32[0] ^ net_hdr_word(&p32[0])) | + (n32[1] ^ net_hdr_word(&p32[1])) | + (n32[2] ^ net_hdr_word(&p32[2])) | + (n32[3] ^ net_hdr_word(&p32[3]))) == 0; } static inline struct neighbour *___neigh_lookup_noref( --- a/include/uapi/linux/netfilter_arp/arp_tables.h +++ b/include/uapi/linux/netfilter_arp/arp_tables.h @@ -70,7 +70,7 @@ struct arpt_arp { __u8 flags; /* Inverse flags */ __u16 invflags; -}; +} __attribute__((aligned(4))); /* Values for "flag" field in struct arpt_ip (general arp structure). * No flags defined yet. --- a/net/core/utils.c +++ b/net/core/utils.c @@ -460,8 +460,14 @@ void inet_proto_csum_replace16(__sum16 * bool pseudohdr) { __be32 diff[] = { - ~from[0], ~from[1], ~from[2], ~from[3], - to[0], to[1], to[2], to[3], + ~net_hdr_word(&from[0]), + ~net_hdr_word(&from[1]), + ~net_hdr_word(&from[2]), + ~net_hdr_word(&from[3]), + net_hdr_word(&to[0]), + net_hdr_word(&to[1]), + net_hdr_word(&to[2]), + net_hdr_word(&to[3]), }; if (skb->ip_summed != CHECKSUM_PARTIAL) { *sum = csum_fold(csum_partial(diff, sizeof(diff), --- a/include/linux/etherdevice.h +++ b/include/linux/etherdevice.h @@ -499,7 +499,7 @@ static inline bool is_etherdev_addr(cons * @b: Pointer to Ethernet header * * Compare two Ethernet headers, returns 0 if equal. - * This assumes that the network header (i.e., IP header) is 4-byte + * This assumes that the network header (i.e., IP header) is 2-byte * aligned OR the platform can handle unaligned access. This is the * case for all packets coming into netif_receive_skb or similar * entry points. @@ -522,11 +522,12 @@ static inline unsigned long compare_ethe fold |= *(unsigned long *)(a + 6) ^ *(unsigned long *)(b + 6); return fold; #else - u32 *a32 = (u32 *)((u8 *)a + 2); - u32 *b32 = (u32 *)((u8 *)b + 2); + const u16 *a16 = a; + const u16 *b16 = b; - return (*(u16 *)a ^ *(u16 *)b) | (a32[0] ^ b32[0]) | - (a32[1] ^ b32[1]) | (a32[2] ^ b32[2]); + return (a16[0] ^ b16[0]) | (a16[1] ^ b16[1]) | (a16[2] ^ b16[2]) | + (a16[3] ^ b16[3]) | (a16[4] ^ b16[4]) | (a16[5] ^ b16[5]) | + (a16[6] ^ b16[6]); #endif } --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -223,7 +223,7 @@ struct sk_buff *tcp_gro_receive(struct l th2 = tcp_hdr(p); - if (*(u32 *)&th->source ^ *(u32 *)&th2->source) { + if (net_hdr_word(&th->source) ^ net_hdr_word(&th2->source)) { NAPI_GRO_CB(p)->same_flow = 0; continue; } @@ -241,8 +241,8 @@ found: ~(TCP_FLAG_CWR | TCP_FLAG_FIN | TCP_FLAG_PSH)); flush |= (__force int)(th->ack_seq ^ th2->ack_seq); for (i = sizeof(*th); i < thlen; i += 4) - flush |= *(u32 *)((u8 *)th + i) ^ - *(u32 *)((u8 *)th2 + i); + flush |= net_hdr_word((u8 *)th + i) ^ + net_hdr_word((u8 *)th2 + i); /* When we receive our second frame we can made a decision on if we * continue this flow as an atomic flow with a fixed ID or if we use --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c @@ -47,7 +47,7 @@ ip6t_mangle_out(struct sk_buff *skb, con hop_limit = ipv6_hdr(skb)->hop_limit; /* flowlabel and prio (includes version, which shouldn't change either */ - flowlabel = *((u_int32_t *)ipv6_hdr(skb)); + flowlabel = net_hdr_word(ipv6_hdr(skb)); ret = ip6t_do_table(skb, state, state->net->ipv6.ip6table_mangle); @@ -56,7 +56,7 @@ ip6t_mangle_out(struct sk_buff *skb, con !ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) || skb->mark != mark || ipv6_hdr(skb)->hop_limit != hop_limit || - flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) { + flowlabel != net_hdr_word(ipv6_hdr(skb)))) { err = ip6_route_me_harder(state->net, state->sk, skb); if (err < 0) ret = NF_DROP_ERR(err);