From 09c2ceb7a5b279634e0295c11709d78b8177bbfd Mon Sep 17 00:00:00 2001 From: Shiji Yang Date: Fri, 30 May 2025 20:24:32 +0800 Subject: [PATCH] ramips: a workaround for system halt issue on 6.12 kernel Fix potential invalid memory address access on ip_fast_csum(). Signed-off-by: Shiji Yang Link: https://github.com/openwrt/openwrt/pull/18654 Signed-off-by: Hauke Mehrtens --- ...eck-if-data-length-is-zero-in-ip_fas.patch | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 target/linux/ramips/patches-6.12/325-MIPS-checksum-check-if-data-length-is-zero-in-ip_fas.patch diff --git a/target/linux/ramips/patches-6.12/325-MIPS-checksum-check-if-data-length-is-zero-in-ip_fas.patch b/target/linux/ramips/patches-6.12/325-MIPS-checksum-check-if-data-length-is-zero-in-ip_fas.patch new file mode 100644 index 00000000000..6e78dd7199f --- /dev/null +++ b/target/linux/ramips/patches-6.12/325-MIPS-checksum-check-if-data-length-is-zero-in-ip_fas.patch @@ -0,0 +1,28 @@ +From e34037bd3df9d80c96eda35d346a9220c71a3459 Mon Sep 17 00:00:00 2001 +From: Shiji Yang +Date: Fri, 30 May 2025 19:56:16 +0800 +Subject: [PATCH] MIPS: checksum: check if data length is zero in + ip_fast_csum() + +If ihl equals 0, the nonsensical infinite do while loop will +eventually access an invalid memory address, which will cause +the system to halt. + +Signed-off-by: Shiji Yang +--- + arch/mips/include/asm/checksum.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/mips/include/asm/checksum.h ++++ b/arch/mips/include/asm/checksum.h +@@ -101,6 +101,10 @@ static inline __sum16 ip_fast_csum(const + unsigned int csum; + int carry; + ++ /* ihl should never be zero */ ++ if (unlikely(ihl == 0)) ++ return 0; ++ + csum = word[0]; + csum += word[1]; + carry = (csum < word[1]); -- 2.47.2