git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Guenter Roeck <linux@roeck-us.net>
	Tue, 13 Feb 2024 23:46:31 +0000 (15:46 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 3 Apr 2024 13:28:22 +0000 (15:28 +0200)
commit	d4b71ff9c9187afd8d29ef41a93ee6e5b8b54b25
tree	bd9d33e06ab9d94990deddc4e3bd22692d4411cf	tree
parent	cabe3343acce04ba614e7a0aa40622f23ba13614	commit \| diff

parisc: Fix csum_ipv6_magic on 64-bit systems

[ Upstream commit 4b75b12d70506e31fc02356bbca60f8d5ca012d0 ]

hppa 64-bit systems calculates the IPv6 checksum using 64-bit add
operations. The last add folds protocol and length fields into the 64-bit
result. While unlikely, this operation can overflow. The overflow can be
triggered with a code sequence such as the following.

/* try to trigger massive overflows */
memset(tmp_buf, 0xff, sizeof(struct in6_addr));
csum_result = csum_ipv6_magic((struct in6_addr *)tmp_buf,
(struct in6_addr *)tmp_buf,
0xffff, 0xff, 0xffffffff);

Fix the problem by adding any overflows from the final add operation into
the calculated checksum. Fortunately, we can do this without additional
cost by replacing the add operation used to fold the checksum into 32 bit
with "add,dc" to add in the missing carry.

Cc: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>