openwrt/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch
Petr Štetiar f9ef0c5705 kernel: bump 4.14 to 4.14.178
Refreshed all patches and removed upstreamed:

 oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Fixes: CVE-2020-12114 and CVE-2020-11669

Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-04 21:05:21 +02:00

901 lines
26 KiB
Diff

--- a/arch/mips/include/asm/checksum.h
+++ b/arch/mips/include/asm/checksum.h
@@ -134,26 +134,30 @@ static inline __sum16 ip_fast_csum(const
const unsigned int *stop = word + ihl;
unsigned int csum;
int carry;
+ unsigned int w;
- csum = word[0];
- csum += word[1];
- carry = (csum < word[1]);
+ csum = net_hdr_word(word++);
+
+ w = net_hdr_word(word++);
+ csum += w;
+ carry = (csum < w);
csum += carry;
- csum += word[2];
- carry = (csum < word[2]);
+ w = net_hdr_word(word++);
+ csum += w;
+ carry = (csum < w);
csum += carry;
- csum += word[3];
- carry = (csum < word[3]);
+ w = net_hdr_word(word++);
+ csum += w;
+ carry = (csum < w);
csum += carry;
- word += 4;
do {
- csum += *word;
- carry = (csum < *word);
+ w = net_hdr_word(word++);
+ csum += w;
+ carry = (csum < w);
csum += carry;
- word++;
} while (word != stop);
return csum_fold(csum);
@@ -214,73 +218,6 @@ static inline __sum16 ip_compute_csum(co
return csum_fold(csum_partial(buff, len, 0));
}
-#define _HAVE_ARCH_IPV6_CSUM
-static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
- const struct in6_addr *daddr,
- __u32 len, __u8 proto,
- __wsum sum)
-{
- __wsum tmp;
-
- __asm__(
- " .set push # csum_ipv6_magic\n"
- " .set noreorder \n"
- " .set noat \n"
- " addu %0, %5 # proto (long in network byte order)\n"
- " sltu $1, %0, %5 \n"
- " addu %0, $1 \n"
-
- " addu %0, %6 # csum\n"
- " sltu $1, %0, %6 \n"
- " lw %1, 0(%2) # four words source address\n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 4(%2) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 8(%2) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 12(%2) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 0(%3) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 4(%3) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 8(%3) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " lw %1, 12(%3) \n"
- " addu %0, $1 \n"
- " addu %0, %1 \n"
- " sltu $1, %0, %1 \n"
-
- " addu %0, $1 # Add final carry\n"
- " .set pop"
- : "=&r" (sum), "=&r" (tmp)
- : "r" (saddr), "r" (daddr),
- "0" (htonl(len)), "r" (htonl(proto)), "r" (sum));
-
- return csum_fold(sum);
-}
-
#include <asm-generic/checksum.h>
#endif /* CONFIG_GENERIC_CSUM */
--- a/include/uapi/linux/ip.h
+++ b/include/uapi/linux/ip.h
@@ -103,7 +103,7 @@ struct iphdr {
__be32 saddr;
__be32 daddr;
/*The options start here. */
-};
+} __attribute__((packed, aligned(2)));
struct ip_auth_hdr {
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -131,7 +131,7 @@ struct ipv6hdr {
struct in6_addr saddr;
struct in6_addr daddr;
-};
+} __attribute__((packed, aligned(2)));
/* index values for the variables in ipv6_devconf */
--- a/include/uapi/linux/tcp.h
+++ b/include/uapi/linux/tcp.h
@@ -55,7 +55,7 @@ struct tcphdr {
__be16 window;
__sum16 check;
__be16 urg_ptr;
-};
+} __attribute__((packed, aligned(2)));
/*
* The union cast uses a gcc extension to avoid aliasing problems
@@ -65,7 +65,7 @@ struct tcphdr {
union tcp_word_hdr {
struct tcphdr hdr;
__be32 words[5];
-};
+} __attribute__((packed, aligned(2)));
#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words [3])
--- a/include/uapi/linux/udp.h
+++ b/include/uapi/linux/udp.h
@@ -25,7 +25,7 @@ struct udphdr {
__be16 dest;
__be16 len;
__sum16 check;
-};
+} __attribute__((packed, aligned(2)));
/* UDP socket options */
#define UDP_CORK 1 /* Never send partially complete segments */
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -48,8 +48,8 @@ static bool ipv4_pkt_to_tuple(const stru
if (ap == NULL)
return false;
- tuple->src.u3.ip = ap[0];
- tuple->dst.u3.ip = ap[1];
+ tuple->src.u3.ip = net_hdr_word(ap++);
+ tuple->dst.u3.ip = net_hdr_word(ap);
return true;
}
--- a/include/uapi/linux/icmp.h
+++ b/include/uapi/linux/icmp.h
@@ -82,7 +82,7 @@ struct icmphdr {
} frag;
__u8 reserved[4];
} un;
-};
+} __attribute__((packed, aligned(2)));
/*
--- a/include/uapi/linux/in6.h
+++ b/include/uapi/linux/in6.h
@@ -43,7 +43,7 @@ struct in6_addr {
#define s6_addr16 in6_u.u6_addr16
#define s6_addr32 in6_u.u6_addr32
#endif
-};
+} __attribute__((packed, aligned(2)));
#endif /* __UAPI_DEF_IN6_ADDR */
#if __UAPI_DEF_SOCKADDR_IN6
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -39,6 +39,7 @@
#include <linux/ipsec.h>
#include <linux/times.h>
#include <linux/slab.h>
+#include <asm/unaligned.h>
#include <linux/uaccess.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
@@ -819,10 +820,10 @@ static void tcp_v6_send_response(const s
topt = (__be32 *)(t1 + 1);
if (tsecr) {
- *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
- (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
- *topt++ = htonl(tsval);
- *topt++ = htonl(tsecr);
+ put_unaligned_be32((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
+ (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP, topt++);
+ put_unaligned_be32(tsval, topt++);
+ put_unaligned_be32(tsecr, topt++);
}
#ifdef CONFIG_TCP_MD5SIG
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -6,6 +6,7 @@
#define ipv6_optlen(p) (((p)->hdrlen+1) << 3)
#define ipv6_authlen(p) (((p)->hdrlen+2) << 2)
+
/*
* This structure contains configuration options per IPv6 link.
*/
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -486,7 +486,7 @@ int ipv6_recv_error(struct sock *sk, str
ipv6_iface_scope_id(&sin->sin6_addr,
IP6CB(skb)->iif);
} else {
- ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
+ ipv6_addr_set_v4mapped(net_hdr_word(nh + serr->addr_offset),
&sin->sin6_addr);
sin->sin6_scope_id = 0;
}
@@ -835,12 +835,12 @@ int ip6_datagram_send_ctl(struct net *ne
}
if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
- if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
+ if ((fl6->flowlabel^net_hdr_word(CMSG_DATA(cmsg)))&~IPV6_FLOWINFO_MASK) {
err = -EINVAL;
goto exit_f;
}
}
- fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
+ fl6->flowlabel = IPV6_FLOWINFO_MASK & net_hdr_word(CMSG_DATA(cmsg));
break;
case IPV6_2292HOPOPTS:
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -397,7 +397,7 @@ static void ip6gre_err(struct sk_buff *s
return;
ipv6h = (const struct ipv6hdr *)skb->data;
greh = (const struct gre_base_hdr *)(skb->data + offset);
- key = key_off ? *(__be32 *)(skb->data + key_off) : 0;
+ key = key_off ? net_hdr_word((__be32 *)(skb->data + key_off)) : 0;
t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
key, greh->protocol);
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -733,7 +733,7 @@ static bool ipv6_hop_jumbo(struct sk_buf
goto drop;
}
- pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
+ pkt_len = ntohl(net_hdr_word(nh + optoff + 2));
if (pkt_len <= IPV6_MAXPLEN) {
__IP6_INC_STATS(net, ipv6_skb_idev(skb),
IPSTATS_MIB_INHDRERRORS);
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -229,5 +229,11 @@ struct callback_head {
typedef void (*rcu_callback_t)(struct rcu_head *head);
typedef void (*call_rcu_func_t)(struct rcu_head *head, rcu_callback_t func);
+struct net_hdr_word {
+ u32 words[1];
+} __attribute__((packed, aligned(2)));
+
+#define net_hdr_word(_p) (((struct net_hdr_word *) (_p))->words[0])
+
#endif /* __ASSEMBLY__ */
#endif /* _LINUX_TYPES_H */
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1352,8 +1352,8 @@ struct sk_buff **inet_gro_receive(struct
if (unlikely(ip_fast_csum((u8 *)iph, 5)))
goto out_unlock;
- id = ntohl(*(__be32 *)&iph->id);
- flush = (u16)((ntohl(*(__be32 *)iph) ^ skb_gro_len(skb)) | (id & ~IP_DF));
+ id = ntohl(net_hdr_word(&iph->id));
+ flush = (u16)((ntohl(net_hdr_word(iph)) ^ skb_gro_len(skb)) | (id & ~IP_DF));
id >>= 16;
for (p = *head; p; p = p->next) {
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -464,7 +464,7 @@ static struct neighbour *ipv4_neigh_look
else if (skb)
pkey = &ip_hdr(skb)->daddr;
- n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
+ n = __ipv4_neigh_lookup(dev, net_hdr_word(pkey));
if (n)
return n;
return neigh_create(&arp_tbl, pkey, dev);
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -454,48 +454,53 @@ static void tcp_options_write(__be32 *pt
u16 options = opts->options; /* mungable copy */
if (unlikely(OPTION_MD5 & options)) {
- *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
- (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
+ (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
/* overload cookie hash location */
opts->hash_location = (__u8 *)ptr;
ptr += 4;
}
if (unlikely(opts->mss)) {
- *ptr++ = htonl((TCPOPT_MSS << 24) |
- (TCPOLEN_MSS << 16) |
- opts->mss);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) |
+ opts->mss);
}
if (likely(OPTION_TS & options)) {
if (unlikely(OPTION_SACK_ADVERTISE & options)) {
- *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
- (TCPOLEN_SACK_PERM << 16) |
- (TCPOPT_TIMESTAMP << 8) |
- TCPOLEN_TIMESTAMP);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_SACK_PERM << 24) |
+ (TCPOLEN_SACK_PERM << 16) |
+ (TCPOPT_TIMESTAMP << 8) |
+ TCPOLEN_TIMESTAMP);
options &= ~OPTION_SACK_ADVERTISE;
} else {
- *ptr++ = htonl((TCPOPT_NOP << 24) |
- (TCPOPT_NOP << 16) |
- (TCPOPT_TIMESTAMP << 8) |
- TCPOLEN_TIMESTAMP);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_NOP << 24) |
+ (TCPOPT_NOP << 16) |
+ (TCPOPT_TIMESTAMP << 8) |
+ TCPOLEN_TIMESTAMP);
}
- *ptr++ = htonl(opts->tsval);
- *ptr++ = htonl(opts->tsecr);
+ net_hdr_word(ptr++) = htonl(opts->tsval);
+ net_hdr_word(ptr++) = htonl(opts->tsecr);
}
if (unlikely(OPTION_SACK_ADVERTISE & options)) {
- *ptr++ = htonl((TCPOPT_NOP << 24) |
- (TCPOPT_NOP << 16) |
- (TCPOPT_SACK_PERM << 8) |
- TCPOLEN_SACK_PERM);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_NOP << 24) |
+ (TCPOPT_NOP << 16) |
+ (TCPOPT_SACK_PERM << 8) |
+ TCPOLEN_SACK_PERM);
}
if (unlikely(OPTION_WSCALE & options)) {
- *ptr++ = htonl((TCPOPT_NOP << 24) |
- (TCPOPT_WINDOW << 16) |
- (TCPOLEN_WINDOW << 8) |
- opts->ws);
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_NOP << 24) |
+ (TCPOPT_WINDOW << 16) |
+ (TCPOLEN_WINDOW << 8) |
+ opts->ws);
}
if (unlikely(opts->num_sack_blocks)) {
@@ -503,16 +508,17 @@ static void tcp_options_write(__be32 *pt
tp->duplicate_sack : tp->selective_acks;
int this_sack;
- *ptr++ = htonl((TCPOPT_NOP << 24) |
- (TCPOPT_NOP << 16) |
- (TCPOPT_SACK << 8) |
- (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
+ net_hdr_word(ptr++) =
+ htonl((TCPOPT_NOP << 24) |
+ (TCPOPT_NOP << 16) |
+ (TCPOPT_SACK << 8) |
+ (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
TCPOLEN_SACK_PERBLOCK)));
for (this_sack = 0; this_sack < opts->num_sack_blocks;
++this_sack) {
- *ptr++ = htonl(sp[this_sack].start_seq);
- *ptr++ = htonl(sp[this_sack].end_seq);
+ net_hdr_word(ptr++) = htonl(sp[this_sack].start_seq);
+ net_hdr_word(ptr++) = htonl(sp[this_sack].end_seq);
}
tp->rx_opt.dsack = 0;
@@ -525,13 +531,14 @@ static void tcp_options_write(__be32 *pt
if (foc->exp) {
len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
- *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) |
+ net_hdr_word(ptr) =
+ htonl((TCPOPT_EXP << 24) | (len << 16) |
TCPOPT_FASTOPEN_MAGIC);
p += TCPOLEN_EXP_FASTOPEN_BASE;
} else {
len = TCPOLEN_FASTOPEN_BASE + foc->len;
- *p++ = TCPOPT_FASTOPEN;
- *p++ = len;
+ net_hdr_word(p++) = TCPOPT_FASTOPEN;
+ net_hdr_word(p++) = len;
}
memcpy(p, foc->val, foc->len);
--- a/include/uapi/linux/igmp.h
+++ b/include/uapi/linux/igmp.h
@@ -33,7 +33,7 @@ struct igmphdr {
__u8 code; /* For newer IGMP */
__sum16 csum;
__be32 group;
-};
+} __attribute__((packed, aligned(2)));
/* V3 group record types [grec_type] */
#define IGMPV3_MODE_IS_INCLUDE 1
@@ -49,7 +49,7 @@ struct igmpv3_grec {
__be16 grec_nsrcs;
__be32 grec_mca;
__be32 grec_src[0];
-};
+} __attribute__((packed, aligned(2)));
struct igmpv3_report {
__u8 type;
@@ -58,7 +58,7 @@ struct igmpv3_report {
__be16 resv2;
__be16 ngrec;
struct igmpv3_grec grec[0];
-};
+} __attribute__((packed, aligned(2)));
struct igmpv3_query {
__u8 type;
@@ -79,7 +79,7 @@ struct igmpv3_query {
__u8 qqic;
__be16 nsrcs;
__be32 srcs[0];
-};
+} __attribute__((packed, aligned(2)));
#define IGMP_HOST_MEMBERSHIP_QUERY 0x11 /* From RFC1112 */
#define IGMP_HOST_MEMBERSHIP_REPORT 0x12 /* Ditto */
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -109,7 +109,7 @@ __be32 __skb_flow_get_ports(const struct
ports = __skb_header_pointer(skb, thoff + poff,
sizeof(_ports), data, hlen, &_ports);
if (ports)
- return *ports;
+ return (__be32)net_hdr_word(ports);
}
return 0;
--- a/include/uapi/linux/icmpv6.h
+++ b/include/uapi/linux/icmpv6.h
@@ -77,7 +77,7 @@ struct icmp6hdr {
#define icmp6_addrconf_other icmp6_dataun.u_nd_ra.other
#define icmp6_rt_lifetime icmp6_dataun.u_nd_ra.rt_lifetime
#define icmp6_router_pref icmp6_dataun.u_nd_ra.router_pref
-};
+} __attribute__((packed, aligned(2)));
#define ICMPV6_ROUTER_PREF_LOW 0x3
--- a/include/net/ndisc.h
+++ b/include/net/ndisc.h
@@ -89,7 +89,7 @@ struct ra_msg {
struct icmp6hdr icmph;
__be32 reachable_time;
__be32 retrans_timer;
-};
+} __attribute__((packed, aligned(2)));
struct rd_msg {
struct icmp6hdr icmph;
@@ -368,10 +368,10 @@ static inline u32 ndisc_hashfn(const voi
{
const u32 *p32 = pkey;
- return (((p32[0] ^ hash32_ptr(dev)) * hash_rnd[0]) +
- (p32[1] * hash_rnd[1]) +
- (p32[2] * hash_rnd[2]) +
- (p32[3] * hash_rnd[3]));
+ return (((net_hdr_word(&p32[0]) ^ hash32_ptr(dev)) * hash_rnd[0]) +
+ (net_hdr_word(&p32[1]) * hash_rnd[1]) +
+ (net_hdr_word(&p32[2]) * hash_rnd[2]) +
+ (net_hdr_word(&p32[3]) * hash_rnd[3]));
}
static inline struct neighbour *__ipv6_neigh_lookup_noref(struct net_device *dev, const void *pkey)
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -165,7 +165,7 @@ next_knode:
data = skb_header_pointer(skb, toff, 4, &hdata);
if (!data)
goto out;
- if ((*data ^ key->val) & key->mask) {
+ if ((net_hdr_word(data) ^ key->val) & key->mask) {
n = rcu_dereference_bh(n->next);
goto next_knode;
}
@@ -218,8 +218,8 @@ check_terminal:
&hdata);
if (!data)
goto out;
- sel = ht->divisor & u32_hash_fold(*data, &n->sel,
- n->fshift);
+ sel = ht->divisor & u32_hash_fold(net_hdr_word(data),
+ &n->sel, n->fshift);
}
if (!(n->sel.flags & (TC_U32_VAROFFSET | TC_U32_OFFSET | TC_U32_EAT)))
goto next_ht;
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -221,7 +221,7 @@ static struct sk_buff **ipv6_gro_receive
continue;
iph2 = (struct ipv6hdr *)(p->data + off);
- first_word = *(__be32 *)iph ^ *(__be32 *)iph2;
+ first_word = net_hdr_word(iph) ^ net_hdr_word(iph2);
/* All fields must match except length and Traffic Class.
* XXX skbs on the gro_list have all been parsed and pulled
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -47,7 +47,7 @@ struct prefix_info {
__be32 reserved2;
struct in6_addr prefix;
-};
+} __attribute__((packed, aligned(2)));
#include <linux/netdevice.h>
#include <net/if_inet6.h>
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -125,9 +125,9 @@ static inline int IP6_ECN_set_ce(struct
if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph)))
return 0;
- from = *(__be32 *)iph;
+ from = net_hdr_word(iph);
to = from | htonl(INET_ECN_CE << 20);
- *(__be32 *)iph = to;
+ net_hdr_word(iph) = to;
if (skb->ip_summed == CHECKSUM_COMPLETE)
skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from),
(__force __wsum)to);
@@ -136,7 +136,7 @@ static inline int IP6_ECN_set_ce(struct
static inline void IP6_ECN_clear(struct ipv6hdr *iph)
{
- *(__be32*)iph &= ~htonl(INET_ECN_MASK << 20);
+ net_hdr_word(iph) &= ~htonl(INET_ECN_MASK << 20);
}
static inline void ipv6_copy_dscp(unsigned int dscp, struct ipv6hdr *inner)
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -108,7 +108,7 @@ struct frag_hdr {
__u8 reserved;
__be16 frag_off;
__be32 identification;
-};
+} __attribute__((packed, aligned(2)));
#define IP6_MF 0x0001
#define IP6_OFFSET 0xFFF8
@@ -437,8 +437,8 @@ static inline void __ipv6_addr_set_half(
}
#endif
#endif
- addr[0] = wh;
- addr[1] = wl;
+ net_hdr_word(&addr[0]) = wh;
+ net_hdr_word(&addr[1]) = wl;
}
static inline void ipv6_addr_set(struct in6_addr *addr,
@@ -497,6 +497,8 @@ static inline bool ipv6_prefix_equal(con
const __be32 *a1 = addr1->s6_addr32;
const __be32 *a2 = addr2->s6_addr32;
unsigned int pdw, pbi;
+ /* Used for last <32-bit fraction of prefix */
+ u32 pbia1, pbia2;
/* check complete u32 in prefix */
pdw = prefixlen >> 5;
@@ -505,7 +507,9 @@ static inline bool ipv6_prefix_equal(con
/* check incomplete u32 in prefix */
pbi = prefixlen & 0x1f;
- if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi))))
+ pbia1 = net_hdr_word(&a1[pdw]);
+ pbia2 = net_hdr_word(&a2[pdw]);
+ if (pbi && ((pbia1 ^ pbia2) & htonl((0xffffffff) << (32 - pbi))))
return false;
return true;
@@ -605,13 +609,13 @@ static inline void ipv6_addr_set_v4mappe
*/
static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
{
- const __be32 *a1 = token1, *a2 = token2;
+ const struct in6_addr *a1 = token1, *a2 = token2;
int i;
addrlen >>= 2;
for (i = 0; i < addrlen; i++) {
- __be32 xb = a1[i] ^ a2[i];
+ __be32 xb = a1->s6_addr32[i] ^ a2->s6_addr32[i];
if (xb)
return i * 32 + 31 - __fls(ntohl(xb));
}
@@ -780,17 +784,18 @@ static inline int ip6_default_np_autolab
static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
__be32 flowlabel)
{
- *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel;
+ net_hdr_word((__be32 *)hdr) =
+ htonl(0x60000000 | (tclass << 20)) | flowlabel;
}
static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr)
{
- return *(__be32 *)hdr & IPV6_FLOWINFO_MASK;
+ return net_hdr_word((__be32 *)hdr) & IPV6_FLOWINFO_MASK;
}
static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
{
- return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
+ return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK;
}
static inline u8 ip6_tclass(__be32 flowinfo)
--- a/include/net/secure_seq.h
+++ b/include/net/secure_seq.h
@@ -3,6 +3,7 @@
#define _NET_SECURE_SEQ
#include <linux/types.h>
+#include <linux/in6.h>
u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
--- a/include/uapi/linux/in.h
+++ b/include/uapi/linux/in.h
@@ -84,7 +84,7 @@ enum {
/* Internet address. */
struct in_addr {
__be32 s_addr;
-};
+} __attribute__((packed, aligned(2)));
#endif
#define IP_TOS 1
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -137,7 +137,7 @@ static __be32 addr_bit_set(const void *t
* See include/asm-generic/bitops/le.h.
*/
return (__force __be32)(1 << ((~fn_bit ^ BITOP_BE32_SWIZZLE) & 0x1f)) &
- addr[fn_bit >> 5];
+ net_hdr_word(&addr[fn_bit >> 5]);
}
static struct fib6_node *node_alloc(void)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -447,7 +447,7 @@ static void tcp_sack(const struct sk_buf
/* Fast path for timestamp-only option */
if (length == TCPOLEN_TSTAMP_ALIGNED
- && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24)
+ && net_hdr_word(ptr) == htonl((TCPOPT_NOP << 24)
| (TCPOPT_NOP << 16)
| (TCPOPT_TIMESTAMP << 8)
| TCPOLEN_TIMESTAMP))
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -193,8 +193,8 @@ int xfrm_parse_spi(struct sk_buff *skb,
if (!pskb_may_pull(skb, hlen))
return -EINVAL;
- *spi = *(__be32 *)(skb_transport_header(skb) + offset);
- *seq = *(__be32 *)(skb_transport_header(skb) + offset_seq);
+ *spi = net_hdr_word(skb_transport_header(skb) + offset);
+ *seq = net_hdr_word(skb_transport_header(skb) + offset_seq);
return 0;
}
EXPORT_SYMBOL(xfrm_parse_spi);
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3878,14 +3878,16 @@ static bool tcp_parse_aligned_timestamp(
{
const __be32 *ptr = (const __be32 *)(th + 1);
- if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16)
- | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) {
+ if (net_hdr_word(ptr) ==
+ htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
+ (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) {
tp->rx_opt.saw_tstamp = 1;
++ptr;
- tp->rx_opt.rcv_tsval = ntohl(*ptr);
+ tp->rx_opt.rcv_tsval = get_unaligned_be32(ptr);
++ptr;
- if (*ptr)
- tp->rx_opt.rcv_tsecr = ntohl(*ptr) - tp->tsoffset;
+ if (net_hdr_word(ptr))
+ tp->rx_opt.rcv_tsecr = get_unaligned_be32(ptr) -
+ tp->tsoffset;
else
tp->rx_opt.rcv_tsecr = 0;
return true;
--- a/include/uapi/linux/if_pppox.h
+++ b/include/uapi/linux/if_pppox.h
@@ -51,6 +51,7 @@ struct pppoe_addr {
*/
struct pptp_addr {
__u16 call_id;
+ __u16 pad;
struct in_addr sin_addr;
};
--- a/net/ipv6/netfilter/nf_log_ipv6.c
+++ b/net/ipv6/netfilter/nf_log_ipv6.c
@@ -66,9 +66,9 @@ static void dump_ipv6_packet(struct nf_l
/* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
nf_log_buf_add(m, "LEN=%zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
- (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
+ (ntohl(net_hdr_word(ih)) & 0x0ff00000) >> 20,
ih->hop_limit,
- (ntohl(*(__be32 *)ih) & 0x000fffff));
+ (ntohl(net_hdr_word(ih)) & 0x000fffff));
fragment = 0;
ptr = ip6hoff + sizeof(struct ipv6hdr);
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -265,8 +265,10 @@ static inline bool neigh_key_eq128(const
const u32 *n32 = (const u32 *)n->primary_key;
const u32 *p32 = pkey;
- return ((n32[0] ^ p32[0]) | (n32[1] ^ p32[1]) |
- (n32[2] ^ p32[2]) | (n32[3] ^ p32[3])) == 0;
+ return ((n32[0] ^ net_hdr_word(&p32[0])) |
+ (n32[1] ^ net_hdr_word(&p32[1])) |
+ (n32[2] ^ net_hdr_word(&p32[2])) |
+ (n32[3] ^ net_hdr_word(&p32[3]))) == 0;
}
static inline struct neighbour *___neigh_lookup_noref(
--- a/include/uapi/linux/netfilter_arp/arp_tables.h
+++ b/include/uapi/linux/netfilter_arp/arp_tables.h
@@ -70,7 +70,7 @@ struct arpt_arp {
__u8 flags;
/* Inverse flags */
__u16 invflags;
-};
+} __attribute__((aligned(4)));
/* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet.
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -441,8 +441,14 @@ void inet_proto_csum_replace16(__sum16 *
bool pseudohdr)
{
__be32 diff[] = {
- ~from[0], ~from[1], ~from[2], ~from[3],
- to[0], to[1], to[2], to[3],
+ ~net_hdr_word(&from[0]),
+ ~net_hdr_word(&from[1]),
+ ~net_hdr_word(&from[2]),
+ ~net_hdr_word(&from[3]),
+ net_hdr_word(&to[0]),
+ net_hdr_word(&to[1]),
+ net_hdr_word(&to[2]),
+ net_hdr_word(&to[3]),
};
if (skb->ip_summed != CHECKSUM_PARTIAL) {
*sum = csum_fold(csum_partial(diff, sizeof(diff),
--- a/include/linux/etherdevice.h
+++ b/include/linux/etherdevice.h
@@ -480,7 +480,7 @@ static inline bool is_etherdev_addr(cons
* @b: Pointer to Ethernet header
*
* Compare two Ethernet headers, returns 0 if equal.
- * This assumes that the network header (i.e., IP header) is 4-byte
+ * This assumes that the network header (i.e., IP header) is 2-byte
* aligned OR the platform can handle unaligned access. This is the
* case for all packets coming into netif_receive_skb or similar
* entry points.
@@ -503,11 +503,12 @@ static inline unsigned long compare_ethe
fold |= *(unsigned long *)(a + 6) ^ *(unsigned long *)(b + 6);
return fold;
#else
- u32 *a32 = (u32 *)((u8 *)a + 2);
- u32 *b32 = (u32 *)((u8 *)b + 2);
+ const u16 *a16 = a;
+ const u16 *b16 = b;
- return (*(u16 *)a ^ *(u16 *)b) | (a32[0] ^ b32[0]) |
- (a32[1] ^ b32[1]) | (a32[2] ^ b32[2]);
+ return (a16[0] ^ b16[0]) | (a16[1] ^ b16[1]) | (a16[2] ^ b16[2]) |
+ (a16[3] ^ b16[3]) | (a16[4] ^ b16[4]) | (a16[5] ^ b16[5]) |
+ (a16[6] ^ b16[6]);
#endif
}
--- a/net/ipv4/tcp_offload.c
+++ b/net/ipv4/tcp_offload.c
@@ -226,7 +226,7 @@ struct sk_buff **tcp_gro_receive(struct
th2 = tcp_hdr(p);
- if (*(u32 *)&th->source ^ *(u32 *)&th2->source) {
+ if (net_hdr_word(&th->source) ^ net_hdr_word(&th2->source)) {
NAPI_GRO_CB(p)->same_flow = 0;
continue;
}
@@ -244,8 +244,8 @@ found:
~(TCP_FLAG_CWR | TCP_FLAG_FIN | TCP_FLAG_PSH));
flush |= (__force int)(th->ack_seq ^ th2->ack_seq);
for (i = sizeof(*th); i < thlen; i += 4)
- flush |= *(u32 *)((u8 *)th + i) ^
- *(u32 *)((u8 *)th2 + i);
+ flush |= net_hdr_word((u8 *)th + i) ^
+ net_hdr_word((u8 *)th2 + i);
/* When we receive our second frame we can made a decision on if we
* continue this flow as an atomic flow with a fixed ID or if we use
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -50,7 +50,7 @@ ip6t_mangle_out(struct sk_buff *skb, con
hop_limit = ipv6_hdr(skb)->hop_limit;
/* flowlabel and prio (includes version, which shouldn't change either */
- flowlabel = *((u_int32_t *)ipv6_hdr(skb));
+ flowlabel = net_hdr_word(ipv6_hdr(skb));
ret = ip6t_do_table(skb, state, state->net->ipv6.ip6table_mangle);
@@ -59,7 +59,7 @@ ip6t_mangle_out(struct sk_buff *skb, con
!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) ||
skb->mark != mark ||
ipv6_hdr(skb)->hop_limit != hop_limit ||
- flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) {
+ flowlabel != net_hdr_word(ipv6_hdr(skb)))) {
err = ip6_route_me_harder(state->net, skb);
if (err < 0)
ret = NF_DROP_ERR(err);