From eadb061617b55f7dc96f572a6c2f424dca927486 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 15 Nov 2022 13:09:17 +0000 Subject: [PATCH] ANDROID: properly copy the scm_io_uring field in struct sk_buff When moving the scm_io_uring field in struct sk_buff to preserve the kernel ABI, the variable also needs to be properly copied to a new sk_buff in the __copy_skb_header() function. Same thing needs to happen in wg_reset_packet() as the sk_buff is initialized there too. Bug: 259233216 Fixes: ee97a71cacb8 ("ANDROID: fix up struct sk_buf ABI breakage") Reported-by: Will Deacon Signed-off-by: Greg Kroah-Hartman Change-Id: I474ad43cc7de844281154d680c0557e769c10b22 --- drivers/net/wireguard/queueing.h | 11 +++++++++++ include/linux/skbuff.h | 4 ++++ net/core/skbuff.c | 10 +++++++++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index e2388107f7fd..1a7aaa268041 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -82,6 +82,17 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) memset(&skb->headers_start, 0, offsetof(struct sk_buff, headers_end) - offsetof(struct sk_buff, headers_start)); + + /* ANDROID: + * Due to attempts to keep the ABI stable for struct sk_buff, the new + * fields were incorrectly added _AFTER_ the headers_end field, which + * requires that we manually copy the fields here from the old to the + * new one. + * Be sure to add any new field that is added in the + * ANDROID_KABI_REPLACE() macros below here as well. + */ + skb->scm_io_uring = 0; + if (encapsulating) { skb->l4_hash = l4_hash; skb->sw_hash = sw_hash; diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 59a6bf66421f..365c416e0f53 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -921,6 +921,10 @@ struct sk_buff { * scm_io_uring is from 04df9719df18 ("io_uring/af_unix: defer * registered files gc to io_uring release") */ + /* NOTE: due to these fields ending up after headers_end, we have to + * manually copy them in the __copy_skb_header() call in skbuf.c. Be + * very aware of that if you change these fields. + */ _ANDROID_KABI_REPLACE(_ANDROID_KABI_RESERVE(1), struct { __u8 scm_io_uring:1; diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 85fee4308cb0..f00b266aa6eb 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -982,7 +982,15 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) #ifdef CONFIG_NET_SCHED CHECK_SKB_FIELD(tc_index); #endif - + /* ANDROID: + * Due to attempts to keep the ABI stable for struct sk_buff, the new + * fields were incorrectly added _AFTER_ the headers_end field, which + * requires that we manually copy the fields here from the old to the + * new one. + * Be sure to add any new field that is added in the + * ANDROID_KABI_REPLACE() macros below here as well. + */ + new->scm_io_uring = old->scm_io_uring; } /*