ar71xx: fix invalid pointer accesses caused by unaligned access hacks (#18455)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43560

diff --git a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
index 7c1e6b0576c3be984aa52519b975c4c944bd2cd6..86fe6c036975ff0e8f9fa7d9b00e697660d492f2 100644 (file)
--- a/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
+++ b/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
@@ -319,32 +319,26 @@
                        ptr--;
                }
                if (tunnel->parms.o_flags&GRE_KEY) {
-@@ -841,9 +841,9 @@ static inline int ip6gre_xmit_ipv6(struc
+@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc
  
        dsfield = ipv6_get_dsfield(ipv6h);
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
 -              fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
 +              fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
--              fl6.flowlabel |= ip6_flowlabel(ipv6h);
-+              fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h));
+               fl6.flowlabel |= ip6_flowlabel(ipv6h);
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
-               fl6.flowi6_mark = skb->mark;
- 
 --- a/net/ipv6/ip6_tunnel.c
 +++ b/net/ipv6/ip6_tunnel.c
-@@ -1288,9 +1288,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
+@@ -1285,7 +1285,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
  
        dsfield = ipv6_get_dsfield(ipv6h);
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
 -              fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
 +              fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
--              fl6.flowlabel |= ip6_flowlabel(ipv6h);
-+              fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr *)net_hdr_word(ipv6h));
+               fl6.flowlabel |= ip6_flowlabel(ipv6h);
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
-               fl6.flowi6_mark = skb->mark;
- 
 --- a/net/ipv6/exthdrs.c
 +++ b/net/ipv6/exthdrs.c
 @@ -573,7 +573,7 @@ static bool ipv6_hop_jumbo(struct sk_buf
@@ -741,7 +735,7 @@
                if (xb)
                        return i * 32 + 31 - __fls(ntohl(xb));
        }
-@@ -668,12 +672,13 @@ int ip6_dst_hoplimit(struct dst_entry *d
+@@ -670,17 +674,18 @@ int ip6_dst_hoplimit(struct dst_entry *d
  static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
                                __be32 flowlabel)
  {
@@ -757,6 +751,12 @@
  }
  
  static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
+ {
+-      return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
++      return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK;
+ }
+ 
+ static inline u8 ip6_tclass(__be32 flowinfo)
 --- a/include/net/secure_seq.h
 +++ b/include/net/secure_seq.h
 @@ -2,6 +2,7 @@
@@ -873,7 +873,7 @@
  
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -3631,14 +3631,16 @@ static bool tcp_parse_aligned_timestamp(
+@@ -3629,14 +3629,16 @@ static bool tcp_parse_aligned_timestamp(
  {
        const __be32 *ptr = (const __be32 *)(th + 1);