msm-5.4: CPE crash during SIP call

- Reset skb->len and skb->tail before skb_split. - Use skb_nfct() helper instead of skb->_nfct. Change-Id: I62f2ade5ebb4ecd197325e520223df4d6f6eff78 Signed-off-by: Dheeraj Kumar <quic_dhekum@quicinc.com>
2022-04-07 14:31:58 +05:30 · 2022-04-07 14:31:58 +05:30 · 9f2ad37e93
commit 9f2ad37e93
parent b48d25e6ca
1 changed files with 5 additions and 2 deletions
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@ -293,7 +293,7 @@ static void recalc_header(struct sk_buff *skb, unsigned int skblen,
 	struct tcphdr *tcph;

 	/* here we recalculate ip and tcp headers */
-	if (nf_ct_l3num((struct nf_conn *)skb->_nfct) == NFPROTO_IPV4) {
+	if (nf_ct_l3num((struct nf_conn *)skb_nfct(skb)) == NFPROTO_IPV4) {
 		/* fix IP hdr checksum information */
 		ip_hdr(skb)->tot_len = htons(skblen);
 		ip_send_check(ip_hdr(skb));
@ -303,7 +303,7 @@ static void recalc_header(struct sk_buff *skb, unsigned int skblen,
 	}
 	datalen = skb->len - protoff;
 	tcph = (struct tcphdr *)((void *)skb->data + protoff);
-	nf_nat_csum_recalc(skb, nf_ct_l3num((struct nf_conn *)skb->_nfct),
+	nf_nat_csum_recalc(skb, nf_ct_l3num((struct nf_conn *)skb_nfct(skb)),
 			   IPPROTO_TCP, tcph, &tcph->check, datalen, oldlen);
 }

@ -1913,6 +1913,9 @@ static void sip_tcp_skb_combined_processing(bool skb_is_combined, struct sk_buff
 		splitlen = (dir == IP_CT_DIR_ORIGINAL) ?
 				ct->segment.skb_len[0] : ct->segment.skb_len[1];
 		oldlen = combined_skb->len - protoff;
+		/* Reset skb->len and skb->tail params before skb split. */
+		skb->len = 0;
+		skb->tail = skb->data;
 		skb_split(combined_skb, skb, splitlen);
 		/* Headers need to be recalculated since during SIP processing
 		 * headers are calculated based on the change in length of the