projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ar71xx: fix invalid pointer accesses caused by unaligned access hacks (#18455)
[openwrt/svn-archive/archive.git] / target / linux / ar71xx / patches-3.14 / 902-unaligned_access_hacks.patch
1 --- a/arch/mips/include/asm/checksum.h
2 +++ b/arch/mips/include/asm/checksum.h
3 @@ -104,26 +104,30 @@ static inline __sum16 ip_fast_csum(const
4 const unsigned int *stop = word + ihl;
5 unsigned int csum;
6 int carry;
7 + unsigned int w;
8
9 - csum = word[0];
10 - csum += word[1];
11 - carry = (csum < word[1]);
12 + csum = net_hdr_word(word++);
13 +
14 + w = net_hdr_word(word++);
15 + csum += w;
16 + carry = (csum < w);
17 csum += carry;
18
19 - csum += word[2];
20 - carry = (csum < word[2]);
21 + w = net_hdr_word(word++);
22 + csum += w;
23 + carry = (csum < w);
24 csum += carry;
25
26 - csum += word[3];
27 - carry = (csum < word[3]);
28 + w = net_hdr_word(word++);
29 + csum += w;
30 + carry = (csum < w);
31 csum += carry;
32
33 - word += 4;
34 do {
35 - csum += *word;
36 - carry = (csum < *word);
37 + w = net_hdr_word(word++);
38 + csum += w;
39 + carry = (csum < w);
40 csum += carry;
41 - word++;
42 } while (word != stop);
43
44 return csum_fold(csum);
45 @@ -192,69 +196,4 @@ static inline __sum16 ip_compute_csum(co
46 return csum_fold(csum_partial(buff, len, 0));
47 }
48
49 -#define _HAVE_ARCH_IPV6_CSUM
50 -static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
51 - const struct in6_addr *daddr,
52 - __u32 len, unsigned short proto,
53 - __wsum sum)
54 -{
55 - __asm__(
56 - " .set push # csum_ipv6_magic\n"
57 - " .set noreorder \n"
58 - " .set noat \n"
59 - " addu %0, %5 # proto (long in network byte order)\n"
60 - " sltu $1, %0, %5 \n"
61 - " addu %0, $1 \n"
62 -
63 - " addu %0, %6 # csum\n"
64 - " sltu $1, %0, %6 \n"
65 - " lw %1, 0(%2) # four words source address\n"
66 - " addu %0, $1 \n"
67 - " addu %0, %1 \n"
68 - " sltu $1, %0, %1 \n"
69 -
70 - " lw %1, 4(%2) \n"
71 - " addu %0, $1 \n"
72 - " addu %0, %1 \n"
73 - " sltu $1, %0, %1 \n"
74 -
75 - " lw %1, 8(%2) \n"
76 - " addu %0, $1 \n"
77 - " addu %0, %1 \n"
78 - " sltu $1, %0, %1 \n"
79 -
80 - " lw %1, 12(%2) \n"
81 - " addu %0, $1 \n"
82 - " addu %0, %1 \n"
83 - " sltu $1, %0, %1 \n"
84 -
85 - " lw %1, 0(%3) \n"
86 - " addu %0, $1 \n"
87 - " addu %0, %1 \n"
88 - " sltu $1, %0, %1 \n"
89 -
90 - " lw %1, 4(%3) \n"
91 - " addu %0, $1 \n"
92 - " addu %0, %1 \n"
93 - " sltu $1, %0, %1 \n"
94 -
95 - " lw %1, 8(%3) \n"
96 - " addu %0, $1 \n"
97 - " addu %0, %1 \n"
98 - " sltu $1, %0, %1 \n"
99 -
100 - " lw %1, 12(%3) \n"
101 - " addu %0, $1 \n"
102 - " addu %0, %1 \n"
103 - " sltu $1, %0, %1 \n"
104 -
105 - " addu %0, $1 # Add final carry\n"
106 - " .set pop"
107 - : "=r" (sum), "=r" (proto)
108 - : "r" (saddr), "r" (daddr),
109 - "0" (htonl(len)), "1" (htonl(proto)), "r" (sum));
110 -
111 - return csum_fold(sum);
112 -}
113 -
114 #endif /* _ASM_CHECKSUM_H */
115 --- a/include/uapi/linux/ip.h
116 +++ b/include/uapi/linux/ip.h
117 @@ -102,7 +102,7 @@ struct iphdr {
118 __be32 saddr;
119 __be32 daddr;
120 /*The options start here. */
121 -};
122 +} __attribute__((packed, aligned(2)));
123
124
125 struct ip_auth_hdr {
126 --- a/include/uapi/linux/ipv6.h
127 +++ b/include/uapi/linux/ipv6.h
128 @@ -125,7 +125,7 @@ struct ipv6hdr {
129
130 struct in6_addr saddr;
131 struct in6_addr daddr;
132 -};
133 +} __attribute__((packed, aligned(2)));
134
135
136 /* index values for the variables in ipv6_devconf */
137 --- a/include/uapi/linux/tcp.h
138 +++ b/include/uapi/linux/tcp.h
139 @@ -54,7 +54,7 @@ struct tcphdr {
140 __be16 window;
141 __sum16 check;
142 __be16 urg_ptr;
143 -};
144 +} __attribute__((packed, aligned(2)));
145
146 /*
147 * The union cast uses a gcc extension to avoid aliasing problems
148 @@ -64,7 +64,7 @@ struct tcphdr {
149 union tcp_word_hdr {
150 struct tcphdr hdr;
151 __be32 words[5];
152 -};
153 +} __attribute__((packed, aligned(2)));
154
155 #define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words [3])
156
157 --- a/include/uapi/linux/udp.h
158 +++ b/include/uapi/linux/udp.h
159 @@ -24,7 +24,7 @@ struct udphdr {
160 __be16 dest;
161 __be16 len;
162 __sum16 check;
163 -};
164 +} __attribute__((packed, aligned(2)));
165
166 /* UDP socket options */
167 #define UDP_CORK 1 /* Never send partially complete segments */
168 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
169 +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
170 @@ -41,8 +41,8 @@ static bool ipv4_pkt_to_tuple(const stru
171 if (ap == NULL)
172 return false;
173
174 - tuple->src.u3.ip = ap[0];
175 - tuple->dst.u3.ip = ap[1];
176 + tuple->src.u3.ip = net_hdr_word(ap++);
177 + tuple->dst.u3.ip = net_hdr_word(ap);
178
179 return true;
180 }
181 --- a/include/uapi/linux/icmp.h
182 +++ b/include/uapi/linux/icmp.h
183 @@ -80,7 +80,7 @@ struct icmphdr {
184 __be16 mtu;
185 } frag;
186 } un;
187 -};
188 +} __attribute__((packed, aligned(2)));
189
190
191 /*
192 --- a/include/uapi/linux/in6.h
193 +++ b/include/uapi/linux/in6.h
194 @@ -42,7 +42,7 @@ struct in6_addr {
195 #define s6_addr16 in6_u.u6_addr16
196 #define s6_addr32 in6_u.u6_addr32
197 #endif
198 -};
199 +} __attribute__((packed, aligned(2)));
200 #endif /* __UAPI_DEF_IN6_ADDR */
201
202 #if __UAPI_DEF_SOCKADDR_IN6
203 --- a/net/ipv6/af_inet6.c
204 +++ b/net/ipv6/af_inet6.c
205 @@ -62,6 +62,7 @@
206 #endif
207
208 #include <asm/uaccess.h>
209 +#include <asm/unaligned.h>
210 #include <linux/mroute6.h>
211
212 MODULE_AUTHOR("Cast of dozens");
213 @@ -679,11 +680,12 @@ bool ipv6_opt_accepted(const struct sock
214 {
215 const struct ipv6_pinfo *np = inet6_sk(sk);
216 const struct inet6_skb_parm *opt = IP6CB(skb);
217 + unsigned char *header = skb_network_header(skb);
218
219 if (np->rxopt.all) {
220 if ((opt->hop && (np->rxopt.bits.hopopts ||
221 np->rxopt.bits.ohopopts)) ||
222 - (ip6_flowinfo((struct ipv6hdr *) skb_network_header(skb)) &&
223 + (ip6_flowinfo((struct ipv6hdr *)net_hdr_word(header)) &&
224 np->rxopt.bits.rxflow) ||
225 (opt->srcrt && (np->rxopt.bits.srcrt ||
226 np->rxopt.bits.osrcrt)) ||
227 --- a/net/ipv6/tcp_ipv6.c
228 +++ b/net/ipv6/tcp_ipv6.c
229 @@ -65,6 +65,7 @@
230 #include <net/tcp_memcontrol.h>
231 #include <net/busy_poll.h>
232
233 +#include <asm/unaligned.h>
234 #include <asm/uaccess.h>
235
236 #include <linux/proc_fs.h>
237 @@ -771,10 +772,10 @@ static void tcp_v6_send_response(struct
238 topt = (__be32 *)(t1 + 1);
239
240 if (tsecr) {
241 - *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
242 - (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
243 - *topt++ = htonl(tsval);
244 - *topt++ = htonl(tsecr);
245 + put_unaligned_be32((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
246 + (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP, topt++);
247 + put_unaligned_be32(tsval, topt++);
248 + put_unaligned_be32(tsecr, topt++);
249 }
250
251 #ifdef CONFIG_TCP_MD5SIG
252 --- a/include/linux/ipv6.h
253 +++ b/include/linux/ipv6.h
254 @@ -5,6 +5,7 @@
255
256 #define ipv6_optlen(p) (((p)->hdrlen+1) << 3)
257 #define ipv6_authlen(p) (((p)->hdrlen+2) << 2)
258 +
259 /*
260 * This structure contains configuration options per IPv6 link.
261 */
262 --- a/net/ipv6/datagram.c
263 +++ b/net/ipv6/datagram.c
264 @@ -373,7 +373,7 @@ int ipv6_recv_error(struct sock *sk, str
265 ipv6_iface_scope_id(&sin->sin6_addr,
266 IP6CB(skb)->iif);
267 } else {
268 - ipv6_addr_set_v4mapped(*(__be32 *)(nh + serr->addr_offset),
269 + ipv6_addr_set_v4mapped(net_hdr_word(nh + serr->addr_offset),
270 &sin->sin6_addr);
271 sin->sin6_scope_id = 0;
272 }
273 @@ -722,12 +722,12 @@ int ip6_datagram_send_ctl(struct net *ne
274 }
275
276 if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
277 - if ((fl6->flowlabel^*(__be32 *)CMSG_DATA(cmsg))&~IPV6_FLOWINFO_MASK) {
278 + if ((fl6->flowlabel^net_hdr_word(CMSG_DATA(cmsg)))&~IPV6_FLOWINFO_MASK) {
279 err = -EINVAL;
280 goto exit_f;
281 }
282 }
283 - fl6->flowlabel = IPV6_FLOWINFO_MASK & *(__be32 *)CMSG_DATA(cmsg);
284 + fl6->flowlabel = IPV6_FLOWINFO_MASK & net_hdr_word(CMSG_DATA(cmsg));
285 break;
286
287 case IPV6_2292HOPOPTS:
288 --- a/net/ipv6/ip6_gre.c
289 +++ b/net/ipv6/ip6_gre.c
290 @@ -389,7 +389,7 @@ static void ip6gre_err(struct sk_buff *s
291
292 t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
293 flags & GRE_KEY ?
294 - *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
295 + net_hdr_word(((__be32 *)p) + (grehlen / 4) - 1) : 0,
296 p[1]);
297 if (t == NULL)
298 return;
299 @@ -481,11 +481,11 @@ static int ip6gre_rcv(struct sk_buff *sk
300 offset += 4;
301 }
302 if (flags&GRE_KEY) {
303 - key = *(__be32 *)(h + offset);
304 + key = net_hdr_word(h + offset);
305 offset += 4;
306 }
307 if (flags&GRE_SEQ) {
308 - seqno = ntohl(*(__be32 *)(h + offset));
309 + seqno = ntohl(net_hdr_word(h + offset));
310 offset += 4;
311 }
312 }
313 @@ -747,7 +747,7 @@ static netdev_tx_t ip6gre_xmit2(struct s
314
315 if (tunnel->parms.o_flags&GRE_SEQ) {
316 ++tunnel->o_seqno;
317 - *ptr = htonl(tunnel->o_seqno);
318 + net_hdr_word(ptr) = htonl(tunnel->o_seqno);
319 ptr--;
320 }
321 if (tunnel->parms.o_flags&GRE_KEY) {
322 @@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc
323
324 dsfield = ipv6_get_dsfield(ipv6h);
325 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
326 - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
327 + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
328 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
329 fl6.flowlabel |= ip6_flowlabel(ipv6h);
330 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
331 --- a/net/ipv6/ip6_tunnel.c
332 +++ b/net/ipv6/ip6_tunnel.c
333 @@ -1285,7 +1285,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
334
335 dsfield = ipv6_get_dsfield(ipv6h);
336 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
337 - fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
338 + fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
339 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
340 fl6.flowlabel |= ip6_flowlabel(ipv6h);
341 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
342 --- a/net/ipv6/exthdrs.c
343 +++ b/net/ipv6/exthdrs.c
344 @@ -573,7 +573,7 @@ static bool ipv6_hop_jumbo(struct sk_buf
345 goto drop;
346 }
347
348 - pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
349 + pkt_len = ntohl(net_hdr_word(nh + optoff + 2));
350 if (pkt_len <= IPV6_MAXPLEN) {
351 IP6_INC_STATS_BH(net, ipv6_skb_idev(skb),
352 IPSTATS_MIB_INHDRERRORS);
353 --- a/include/linux/types.h
354 +++ b/include/linux/types.h
355 @@ -212,5 +212,11 @@ struct callback_head {
356 };
357 #define rcu_head callback_head
358
359 +struct net_hdr_word {
360 + u32 words[1];
361 +} __attribute__((packed, aligned(2)));
362 +
363 +#define net_hdr_word(_p) (((struct net_hdr_word *) (_p))->words[0])
364 +
365 #endif /* __ASSEMBLY__ */
366 #endif /* _LINUX_TYPES_H */
367 --- a/net/ipv4/af_inet.c
368 +++ b/net/ipv4/af_inet.c
369 @@ -1367,8 +1367,8 @@ static struct sk_buff **inet_gro_receive
370 if (unlikely(ip_fast_csum((u8 *)iph, 5)))
371 goto out_unlock;
372
373 - id = ntohl(*(__be32 *)&iph->id);
374 - flush = (u16)((ntohl(*(__be32 *)iph) ^ skb_gro_len(skb)) | (id & ~IP_DF));
375 + id = ntohl(net_hdr_word(&iph->id));
376 + flush = (u16)((ntohl(net_hdr_word(iph)) ^ skb_gro_len(skb)) | (id & ~IP_DF));
377 id >>= 16;
378
379 for (p = *head; p; p = p->next) {
380 --- a/net/ipv4/route.c
381 +++ b/net/ipv4/route.c
382 @@ -460,7 +460,7 @@ static struct neighbour *ipv4_neigh_look
383 else if (skb)
384 pkey = &ip_hdr(skb)->daddr;
385
386 - n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey);
387 + n = __ipv4_neigh_lookup(dev, net_hdr_word(pkey));
388 if (n)
389 return n;
390 return neigh_create(&arp_tbl, pkey, dev);
391 --- a/net/ipv4/tcp_output.c
392 +++ b/net/ipv4/tcp_output.c
393 @@ -422,48 +422,53 @@ static void tcp_options_write(__be32 *pt
394 u16 options = opts->options; /* mungable copy */
395
396 if (unlikely(OPTION_MD5 & options)) {
397 - *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
398 - (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
399 + net_hdr_word(ptr++) =
400 + htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
401 + (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
402 /* overload cookie hash location */
403 opts->hash_location = (__u8 *)ptr;
404 ptr += 4;
405 }
406
407 if (unlikely(opts->mss)) {
408 - *ptr++ = htonl((TCPOPT_MSS << 24) |
409 - (TCPOLEN_MSS << 16) |
410 - opts->mss);
411 + net_hdr_word(ptr++) =
412 + htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) |
413 + opts->mss);
414 }
415
416 if (likely(OPTION_TS & options)) {
417 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
418 - *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
419 - (TCPOLEN_SACK_PERM << 16) |
420 - (TCPOPT_TIMESTAMP << 8) |
421 - TCPOLEN_TIMESTAMP);
422 + net_hdr_word(ptr++) =
423 + htonl((TCPOPT_SACK_PERM << 24) |
424 + (TCPOLEN_SACK_PERM << 16) |
425 + (TCPOPT_TIMESTAMP << 8) |
426 + TCPOLEN_TIMESTAMP);
427 options &= ~OPTION_SACK_ADVERTISE;
428 } else {
429 - *ptr++ = htonl((TCPOPT_NOP << 24) |
430 - (TCPOPT_NOP << 16) |
431 - (TCPOPT_TIMESTAMP << 8) |
432 - TCPOLEN_TIMESTAMP);
433 + net_hdr_word(ptr++) =
434 + htonl((TCPOPT_NOP << 24) |
435 + (TCPOPT_NOP << 16) |
436 + (TCPOPT_TIMESTAMP << 8) |
437 + TCPOLEN_TIMESTAMP);
438 }
439 - *ptr++ = htonl(opts->tsval);
440 - *ptr++ = htonl(opts->tsecr);
441 + net_hdr_word(ptr++) = htonl(opts->tsval);
442 + net_hdr_word(ptr++) = htonl(opts->tsecr);
443 }
444
445 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
446 - *ptr++ = htonl((TCPOPT_NOP << 24) |
447 - (TCPOPT_NOP << 16) |
448 - (TCPOPT_SACK_PERM << 8) |
449 - TCPOLEN_SACK_PERM);
450 + net_hdr_word(ptr++) =
451 + htonl((TCPOPT_NOP << 24) |
452 + (TCPOPT_NOP << 16) |
453 + (TCPOPT_SACK_PERM << 8) |
454 + TCPOLEN_SACK_PERM);
455 }
456
457 if (unlikely(OPTION_WSCALE & options)) {
458 - *ptr++ = htonl((TCPOPT_NOP << 24) |
459 - (TCPOPT_WINDOW << 16) |
460 - (TCPOLEN_WINDOW << 8) |
461 - opts->ws);
462 + net_hdr_word(ptr++) =
463 + htonl((TCPOPT_NOP << 24) |
464 + (TCPOPT_WINDOW << 16) |
465 + (TCPOLEN_WINDOW << 8) |
466 + opts->ws);
467 }
468
469 if (unlikely(opts->num_sack_blocks)) {
470 @@ -471,16 +476,17 @@ static void tcp_options_write(__be32 *pt
471 tp->duplicate_sack : tp->selective_acks;
472 int this_sack;
473
474 - *ptr++ = htonl((TCPOPT_NOP << 24) |
475 - (TCPOPT_NOP << 16) |
476 - (TCPOPT_SACK << 8) |
477 - (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
478 + net_hdr_word(ptr++) =
479 + htonl((TCPOPT_NOP << 24) |
480 + (TCPOPT_NOP << 16) |
481 + (TCPOPT_SACK << 8) |
482 + (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
483 TCPOLEN_SACK_PERBLOCK)));
484
485 for (this_sack = 0; this_sack < opts->num_sack_blocks;
486 ++this_sack) {
487 - *ptr++ = htonl(sp[this_sack].start_seq);
488 - *ptr++ = htonl(sp[this_sack].end_seq);
489 + net_hdr_word(ptr++) = htonl(sp[this_sack].start_seq);
490 + net_hdr_word(ptr++) = htonl(sp[this_sack].end_seq);
491 }
492
493 tp->rx_opt.dsack = 0;
494 @@ -489,9 +495,10 @@ static void tcp_options_write(__be32 *pt
495 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) {
496 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie;
497
498 - *ptr++ = htonl((TCPOPT_EXP << 24) |
499 - ((TCPOLEN_EXP_FASTOPEN_BASE + foc->len) << 16) |
500 - TCPOPT_FASTOPEN_MAGIC);
501 + net_hdr_word(ptr++) =
502 + htonl((TCPOPT_EXP << 24) |
503 + ((TCPOLEN_EXP_FASTOPEN_BASE + foc->len) << 16) |
504 + TCPOPT_FASTOPEN_MAGIC);
505
506 memcpy(ptr, foc->val, foc->len);
507 if ((foc->len & 3) == 2) {
508 --- a/net/ipv4/igmp.c
509 +++ b/net/ipv4/igmp.c
510 @@ -496,7 +496,7 @@ static struct sk_buff *add_grec(struct s
511 if (!skb)
512 return NULL;
513 psrc = (__be32 *)skb_put(skb, sizeof(__be32));
514 - *psrc = psf->sf_inaddr;
515 + net_hdr_word(psrc) = psf->sf_inaddr;
516 scount++; stotal++;
517 if ((type == IGMPV3_ALLOW_NEW_SOURCES ||
518 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) {
519 --- a/include/uapi/linux/igmp.h
520 +++ b/include/uapi/linux/igmp.h
521 @@ -32,7 +32,7 @@ struct igmphdr {
522 __u8 code; /* For newer IGMP */
523 __sum16 csum;
524 __be32 group;
525 -};
526 +} __attribute__((packed, aligned(2)));
527
528 /* V3 group record types [grec_type] */
529 #define IGMPV3_MODE_IS_INCLUDE 1
530 @@ -48,7 +48,7 @@ struct igmpv3_grec {
531 __be16 grec_nsrcs;
532 __be32 grec_mca;
533 __be32 grec_src[0];
534 -};
535 +} __attribute__((packed, aligned(2)));
536
537 struct igmpv3_report {
538 __u8 type;
539 @@ -57,7 +57,7 @@ struct igmpv3_report {
540 __be16 resv2;
541 __be16 ngrec;
542 struct igmpv3_grec grec[0];
543 -};
544 +} __attribute__((packed, aligned(2)));
545
546 struct igmpv3_query {
547 __u8 type;
548 @@ -78,7 +78,7 @@ struct igmpv3_query {
549 __u8 qqic;
550 __be16 nsrcs;
551 __be32 srcs[0];
552 -};
553 +} __attribute__((packed, aligned(2)));
554
555 #define IGMP_HOST_MEMBERSHIP_QUERY 0x11 /* From RFC1112 */
556 #define IGMP_HOST_MEMBERSHIP_REPORT 0x12 /* Ditto */
557 --- a/net/core/flow_dissector.c
558 +++ b/net/core/flow_dissector.c
559 @@ -44,7 +44,7 @@ __be32 skb_flow_get_ports(const struct s
560 ports = skb_header_pointer(skb, thoff + poff,
561 sizeof(_ports), &_ports);
562 if (ports)
563 - return *ports;
564 + return (__be32)net_hdr_word(ports);
565 }
566
567 return 0;
568 --- a/include/uapi/linux/icmpv6.h
569 +++ b/include/uapi/linux/icmpv6.h
570 @@ -76,7 +76,7 @@ struct icmp6hdr {
571 #define icmp6_addrconf_other icmp6_dataun.u_nd_ra.other
572 #define icmp6_rt_lifetime icmp6_dataun.u_nd_ra.rt_lifetime
573 #define icmp6_router_pref icmp6_dataun.u_nd_ra.router_pref
574 -};
575 +} __attribute__((packed, aligned(2)));
576
577
578 #define ICMPV6_ROUTER_PREF_LOW 0x3
579 --- a/include/net/ndisc.h
580 +++ b/include/net/ndisc.h
581 @@ -76,7 +76,7 @@ struct ra_msg {
582 struct icmp6hdr icmph;
583 __be32 reachable_time;
584 __be32 retrans_timer;
585 -};
586 +} __attribute__((packed, aligned(2)));
587
588 struct rd_msg {
589 struct icmp6hdr icmph;
590 @@ -148,10 +148,10 @@ static inline u32 ndisc_hashfn(const voi
591 {
592 const u32 *p32 = pkey;
593
594 - return (((p32[0] ^ hash32_ptr(dev)) * hash_rnd[0]) +
595 - (p32[1] * hash_rnd[1]) +
596 - (p32[2] * hash_rnd[2]) +
597 - (p32[3] * hash_rnd[3]));
598 + return (((net_hdr_word(&p32[0]) ^ hash32_ptr(dev)) * hash_rnd[0]) +
599 + (net_hdr_word(&p32[1]) * hash_rnd[1]) +
600 + (net_hdr_word(&p32[2]) * hash_rnd[2]) +
601 + (net_hdr_word(&p32[3]) * hash_rnd[3]));
602 }
603
604 static inline struct neighbour *__ipv6_neigh_lookup_noref(struct net_device *dev, const void *pkey)
605 @@ -168,8 +168,10 @@ static inline struct neighbour *__ipv6_n
606 n = rcu_dereference_bh(n->next)) {
607 u32 *n32 = (u32 *) n->primary_key;
608 if (n->dev == dev &&
609 - ((n32[0] ^ p32[0]) | (n32[1] ^ p32[1]) |
610 - (n32[2] ^ p32[2]) | (n32[3] ^ p32[3])) == 0)
611 + ((n32[0] ^ net_hdr_word(&p32[0])) |
612 + (n32[1] ^ net_hdr_word(&p32[1])) |
613 + (n32[2] ^ net_hdr_word(&p32[2])) |
614 + (n32[3] ^ net_hdr_word(&p32[3]))) == 0)
615 return n;
616 }
617
618 --- a/net/sched/cls_u32.c
619 +++ b/net/sched/cls_u32.c
620 @@ -137,7 +137,7 @@ next_knode:
621 data = skb_header_pointer(skb, toff, 4, &hdata);
622 if (!data)
623 goto out;
624 - if ((*data ^ key->val) & key->mask) {
625 + if ((net_hdr_word(data) ^ key->val) & key->mask) {
626 n = n->next;
627 goto next_knode;
628 }
629 @@ -188,8 +188,8 @@ check_terminal:
630 &hdata);
631 if (!data)
632 goto out;
633 - sel = ht->divisor & u32_hash_fold(*data, &n->sel,
634 - n->fshift);
635 + sel = ht->divisor & u32_hash_fold(net_hdr_word(data),
636 + &n->sel, n->fshift);
637 }
638 if (!(n->sel.flags & (TC_U32_VAROFFSET | TC_U32_OFFSET | TC_U32_EAT)))
639 goto next_ht;
640 --- a/net/ipv6/ip6_offload.c
641 +++ b/net/ipv6/ip6_offload.c
642 @@ -242,7 +242,7 @@ static struct sk_buff **ipv6_gro_receive
643 continue;
644
645 iph2 = (struct ipv6hdr *)(p->data + off);
646 - first_word = *(__be32 *)iph ^ *(__be32 *)iph2 ;
647 + first_word = net_hdr_word(iph) ^ net_hdr_word(iph2);
648
649 /* All fields must match except length and Traffic Class.
650 * XXX skbs on the gro_list have all been parsed and pulled
651 --- a/include/net/addrconf.h
652 +++ b/include/net/addrconf.h
653 @@ -43,7 +43,7 @@ struct prefix_info {
654 __be32 reserved2;
655
656 struct in6_addr prefix;
657 -};
658 +} __attribute__((packed, aligned(2)));
659
660
661 #include <linux/netdevice.h>
662 --- a/include/net/inet_ecn.h
663 +++ b/include/net/inet_ecn.h
664 @@ -115,13 +115,13 @@ static inline int IP6_ECN_set_ce(struct
665 {
666 if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph)))
667 return 0;
668 - *(__be32*)iph |= htonl(INET_ECN_CE << 20);
669 + net_hdr_word(iph) |= htonl(INET_ECN_CE << 20);
670 return 1;
671 }
672
673 static inline void IP6_ECN_clear(struct ipv6hdr *iph)
674 {
675 - *(__be32*)iph &= ~htonl(INET_ECN_MASK << 20);
676 + net_hdr_word(iph) &= ~htonl(INET_ECN_MASK << 20);
677 }
678
679 static inline void ipv6_copy_dscp(unsigned int dscp, struct ipv6hdr *inner)
680 --- a/include/net/ipv6.h
681 +++ b/include/net/ipv6.h
682 @@ -108,7 +108,7 @@ struct frag_hdr {
683 __u8 reserved;
684 __be16 frag_off;
685 __be32 identification;
686 -};
687 +} __attribute__((packed, aligned(2)));
688
689 #define IP6_MF 0x0001
690 #define IP6_OFFSET 0xFFF8
691 @@ -397,8 +397,8 @@ static inline void __ipv6_addr_set_half(
692 }
693 #endif
694 #endif
695 - addr[0] = wh;
696 - addr[1] = wl;
697 + net_hdr_word(&addr[0]) = wh;
698 + net_hdr_word(&addr[1]) = wl;
699 }
700
701 static inline void ipv6_addr_set(struct in6_addr *addr,
702 @@ -457,6 +457,8 @@ static inline bool ipv6_prefix_equal(con
703 const __be32 *a1 = addr1->s6_addr32;
704 const __be32 *a2 = addr2->s6_addr32;
705 unsigned int pdw, pbi;
706 + /* Used for last <32-bit fraction of prefix */
707 + u32 pbia1, pbia2;
708
709 /* check complete u32 in prefix */
710 pdw = prefixlen >> 5;
711 @@ -465,7 +467,9 @@ static inline bool ipv6_prefix_equal(con
712
713 /* check incomplete u32 in prefix */
714 pbi = prefixlen & 0x1f;
715 - if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi))))
716 + pbia1 = net_hdr_word(&a1[pdw]);
717 + pbia2 = net_hdr_word(&a2[pdw]);
718 + if (pbi && ((pbia1 ^ pbia2) & htonl((0xffffffff) << (32 - pbi))))
719 return false;
720
721 return true;
722 @@ -598,13 +602,13 @@ static inline void ipv6_addr_set_v4mappe
723 */
724 static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
725 {
726 - const __be32 *a1 = token1, *a2 = token2;
727 + const struct in6_addr *a1 = token1, *a2 = token2;
728 int i;
729
730 addrlen >>= 2;
731
732 for (i = 0; i < addrlen; i++) {
733 - __be32 xb = a1[i] ^ a2[i];
734 + __be32 xb = a1->s6_addr32[i] ^ a2->s6_addr32[i];
735 if (xb)
736 return i * 32 + 31 - __fls(ntohl(xb));
737 }
738 @@ -670,17 +674,18 @@ int ip6_dst_hoplimit(struct dst_entry *d
739 static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
740 __be32 flowlabel)
741 {
742 - *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel;
743 + net_hdr_word((__be32 *)hdr) =
744 + htonl(0x60000000 | (tclass << 20)) | flowlabel;
745 }
746
747 static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr)
748 {
749 - return *(__be32 *)hdr & IPV6_FLOWINFO_MASK;
750 + return net_hdr_word((__be32 *)hdr) & IPV6_FLOWINFO_MASK;
751 }
752
753 static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
754 {
755 - return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
756 + return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK;
757 }
758
759 static inline u8 ip6_tclass(__be32 flowinfo)
760 --- a/include/net/secure_seq.h
761 +++ b/include/net/secure_seq.h
762 @@ -2,6 +2,7 @@
763 #define _NET_SECURE_SEQ
764
765 #include <linux/types.h>
766 +#include <linux/in6.h>
767
768 u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
769 u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
770 --- a/include/uapi/linux/in.h
771 +++ b/include/uapi/linux/in.h
772 @@ -78,7 +78,7 @@ enum {
773 /* Internet address. */
774 struct in_addr {
775 __be32 s_addr;
776 -};
777 +} __attribute__((packed, aligned(2)));
778
779 #define IP_TOS 1
780 #define IP_TTL 2
781 --- a/net/core/secure_seq.c
782 +++ b/net/core/secure_seq.c
783 @@ -46,11 +46,12 @@ __u32 secure_tcpv6_sequence_number(const
784 u32 secret[MD5_MESSAGE_BYTES / 4];
785 u32 hash[MD5_DIGEST_WORDS];
786 u32 i;
787 + const struct in6_addr *daddr6 = (struct in6_addr *) daddr;
788
789 net_secret_init();
790 memcpy(hash, saddr, 16);
791 for (i = 0; i < 4; i++)
792 - secret[i] = net_secret[i] + (__force u32)daddr[i];
793 + secret[i] = net_secret[i] + (__force u32)daddr6->s6_addr32[i];
794 secret[4] = net_secret[4] +
795 (((__force u16)sport << 16) + (__force u16)dport);
796 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
797 @@ -68,11 +69,12 @@ u32 secure_ipv6_port_ephemeral(const __b
798 u32 secret[MD5_MESSAGE_BYTES / 4];
799 u32 hash[MD5_DIGEST_WORDS];
800 u32 i;
801 + const struct in6_addr *daddr6 = (struct in6_addr *) daddr;
802
803 net_secret_init();
804 memcpy(hash, saddr, 16);
805 for (i = 0; i < 4; i++)
806 - secret[i] = net_secret[i] + (__force u32) daddr[i];
807 + secret[i] = net_secret[i] + (__force u32) daddr6->s6_addr32[i];
808 secret[4] = net_secret[4] + (__force u32)dport;
809 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
810 secret[i] = net_secret[i];
811 @@ -150,11 +152,12 @@ u64 secure_dccpv6_sequence_number(__be32
812 u32 hash[MD5_DIGEST_WORDS];
813 u64 seq;
814 u32 i;
815 + const struct in6_addr *daddr6 = (struct in6_addr *) daddr;
816
817 net_secret_init();
818 memcpy(hash, saddr, 16);
819 for (i = 0; i < 4; i++)
820 - secret[i] = net_secret[i] + daddr[i];
821 + secret[i] = net_secret[i] + daddr6->s6_addr32[i];
822 secret[4] = net_secret[4] +
823 (((__force u16)sport << 16) + (__force u16)dport);
824 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
825 --- a/net/ipv6/ip6_fib.c
826 +++ b/net/ipv6/ip6_fib.c
827 @@ -144,7 +144,7 @@ static __inline__ __be32 addr_bit_set(co
828 * See include/asm-generic/bitops/le.h.
829 */
830 return (__force __be32)(1 << ((~fn_bit ^ BITOP_BE32_SWIZZLE) & 0x1f)) &
831 - addr[fn_bit >> 5];
832 + net_hdr_word(&addr[fn_bit >> 5]);
833 }
834
835 static __inline__ struct fib6_node * node_alloc(void)
836 --- a/net/netfilter/nf_conntrack_proto_tcp.c
837 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
838 @@ -456,7 +456,7 @@ static void tcp_sack(const struct sk_buf
839
840 /* Fast path for timestamp-only option */
841 if (length == TCPOLEN_TSTAMP_ALIGNED
842 - && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24)
843 + && net_hdr_word(ptr) == htonl((TCPOPT_NOP << 24)
844 | (TCPOPT_NOP << 16)
845 | (TCPOPT_TIMESTAMP << 8)
846 | TCPOLEN_TIMESTAMP))
847 --- a/net/netfilter/xt_LOG.c
848 +++ b/net/netfilter/xt_LOG.c
849 @@ -528,9 +528,9 @@ static void dump_ipv6_packet(struct sbuf
850 /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
851 sb_add(m, "LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
852 ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
853 - (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
854 + (ntohl(net_hdr_word(ih)) & 0x0ff00000) >> 20,
855 ih->hop_limit,
856 - (ntohl(*(__be32 *)ih) & 0x000fffff));
857 + (ntohl(net_hdr_word(ih)) & 0x000fffff));
858
859 fragment = 0;
860 ptr = ip6hoff + sizeof(struct ipv6hdr);
861 --- a/net/xfrm/xfrm_input.c
862 +++ b/net/xfrm/xfrm_input.c
863 @@ -77,8 +77,8 @@ int xfrm_parse_spi(struct sk_buff *skb,
864 if (!pskb_may_pull(skb, hlen))
865 return -EINVAL;
866
867 - *spi = *(__be32 *)(skb_transport_header(skb) + offset);
868 - *seq = *(__be32 *)(skb_transport_header(skb) + offset_seq);
869 + *spi = net_hdr_word(skb_transport_header(skb) + offset);
870 + *seq = net_hdr_word(skb_transport_header(skb) + offset_seq);
871 return 0;
872 }
873
874 --- a/net/ipv4/tcp_input.c
875 +++ b/net/ipv4/tcp_input.c
876 @@ -3629,14 +3629,16 @@ static bool tcp_parse_aligned_timestamp(
877 {
878 const __be32 *ptr = (const __be32 *)(th + 1);
879
880 - if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16)
881 - | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) {
882 + if (net_hdr_word(ptr) ==
883 + htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
884 + (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) {
885 tp->rx_opt.saw_tstamp = 1;
886 ++ptr;
887 - tp->rx_opt.rcv_tsval = ntohl(*ptr);
888 + tp->rx_opt.rcv_tsval = get_unaligned_be32(ptr);
889 ++ptr;
890 - if (*ptr)
891 - tp->rx_opt.rcv_tsecr = ntohl(*ptr) - tp->tsoffset;
892 + if (net_hdr_word(ptr))
893 + tp->rx_opt.rcv_tsecr = get_unaligned_be32(ptr) -
894 + tp->tsoffset;
895 else
896 tp->rx_opt.rcv_tsecr = 0;
897 return true;
898 --- a/include/uapi/linux/if_pppox.h
899 +++ b/include/uapi/linux/if_pppox.h
900 @@ -47,6 +47,7 @@ struct pppoe_addr {
901 */
902 struct pptp_addr {
903 __u16 call_id;
904 + __u16 pad;
905 struct in_addr sin_addr;
906 };
907
OpenWrt SVN history