Hi,
there were a pile of random crashes that people reported on on ar71xx.
the unaligned patch that we carry with us had a null pointer deref. the
attached commit fixes this bug.
If you have recently seen such crashes please update to r43560 and see
if the crashes are gone now.
John
-------- Original Message --------
Subject: [OpenWrt-Commits] r43560 - trunk/target/linux/ar71xx/patches-3.14
Date: Mon, 8 Dec 2014 11:48:28 +0100
From: openwrt-comm...@openwrt.org
Reply-To: OpenWrt SVN Commits <openwrt-comm...@lists.openwrt.org>
To: openwrt-comm...@lists.openwrt.org
Author: nbd
Date: 2014-12-08 11:48:28 +0100 (Mon, 08 Dec 2014)
New Revision: 43560
Modified:
trunk/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
Log:
ar71xx: fix invalid pointer accesses caused by unaligned access hacks
(#18455)
Signed-off-by: Felix Fietkau <n...@openwrt.org>
Modified:
trunk/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
===================================================================
---
trunk/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
2014-12-08 10:04:50 UTC (rev 43559)
+++
trunk/target/linux/ar71xx/patches-3.14/902-unaligned_access_hacks.patch
2014-12-08 10:48:28 UTC (rev 43560)
@@ -319,32 +319,26 @@
ptr--;
}
if (tunnel->parms.o_flags&GRE_KEY) {
-@@ -841,9 +841,9 @@ static inline int ip6gre_xmit_ipv6(struc
+@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc
dsfield = ipv6_get_dsfield(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
- fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
+ fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
-- fl6.flowlabel |= ip6_flowlabel(ipv6h);
-+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr
*)net_hdr_word(ipv6h));
+ fl6.flowlabel |= ip6_flowlabel(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
- fl6.flowi6_mark = skb->mark;
-
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
-@@ -1288,9 +1288,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
+@@ -1285,7 +1285,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
dsfield = ipv6_get_dsfield(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
- fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
+ fl6.flowlabel |= net_hdr_word(ipv6h) & IPV6_TCLASS_MASK;
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
-- fl6.flowlabel |= ip6_flowlabel(ipv6h);
-+ fl6.flowlabel |= ip6_flowlabel((const struct ipv6hdr
*)net_hdr_word(ipv6h));
+ fl6.flowlabel |= ip6_flowlabel(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
- fl6.flowi6_mark = skb->mark;
-
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -573,7 +573,7 @@ static bool ipv6_hop_jumbo(struct sk_buf
@@ -741,7 +735,7 @@
if (xb)
return i * 32 + 31 - __fls(ntohl(xb));
}
-@@ -668,12 +672,13 @@ int ip6_dst_hoplimit(struct dst_entry *d
+@@ -670,17 +674,18 @@ int ip6_dst_hoplimit(struct dst_entry *d
static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
__be32 flowlabel)
{
@@ -757,6 +751,12 @@
}
static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
+ {
+- return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
++ return net_hdr_word((__be32 *)hdr) & IPV6_FLOWLABEL_MASK;
+ }
+
+ static inline u8 ip6_tclass(__be32 flowinfo)
--- a/include/net/secure_seq.h
+++ b/include/net/secure_seq.h
@@ -2,6 +2,7 @@
@@ -873,7 +873,7 @@
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -3631,14 +3631,16 @@ static bool tcp_parse_aligned_timestamp(
+@@ -3629,14 +3629,16 @@ static bool tcp_parse_aligned_timestamp(
{
const __be32 *ptr = (const __be32 *)(th + 1);
_______________________________________________
openwrt-commits mailing list
openwrt-comm...@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-commits
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
