From: Mark H. Weaver Date: Mon, 23 Mar 2009 12:46:12 +0000 (+0100) Subject: netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack X-Git-Tag: firefly_0821_release~15237^2~1^2~1^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=534f81a5068799799e264fd162e9488a129f98d4;p=firefly-linux-kernel-4.4.55.git netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack This patch fixes an unaligned memory access in tcp_sack while reading sequence numbers from TCP selective acknowledgement options. Prior to applying this patch, upstream linux-2.6.27.20 was occasionally generating messages like this on my sparc64 system: [54678.532071] Kernel unaligned access at TPC[6b17d4] tcp_packet+0xcd4/0xd00 Acked-by: David S. Miller Signed-off-by: Patrick McHardy --- diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index f3fd154d1ddd..56ac4ee77a1d 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -15,6 +15,7 @@ #include #include #include +#include #include @@ -466,7 +467,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, for (i = 0; i < (opsize - TCPOLEN_SACK_BASE); i += TCPOLEN_SACK_PERBLOCK) { - tmp = ntohl(*((__be32 *)(ptr+i)+1)); + tmp = get_unaligned_be32((__be32 *)(ptr+i)+1); if (after(tmp, *sack)) *sack = tmp;