From 9f2ad37e938d2e959e227660e33894261bc40a08 Mon Sep 17 00:00:00 2001 From: Dheeraj Kumar Date: Thu, 7 Apr 2022 14:31:58 +0530 Subject: [PATCH] msm-5.4: CPE crash during SIP call - Reset skb->len and skb->tail before skb_split. - Use skb_nfct() helper instead of skb->_nfct. Change-Id: I62f2ade5ebb4ecd197325e520223df4d6f6eff78 Signed-off-by: Dheeraj Kumar --- net/netfilter/nf_conntrack_sip.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index ba9574694f98..97c57665b7e7 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -293,7 +293,7 @@ static void recalc_header(struct sk_buff *skb, unsigned int skblen, struct tcphdr *tcph; /* here we recalculate ip and tcp headers */ - if (nf_ct_l3num((struct nf_conn *)skb->_nfct) == NFPROTO_IPV4) { + if (nf_ct_l3num((struct nf_conn *)skb_nfct(skb)) == NFPROTO_IPV4) { /* fix IP hdr checksum information */ ip_hdr(skb)->tot_len = htons(skblen); ip_send_check(ip_hdr(skb)); @@ -303,7 +303,7 @@ static void recalc_header(struct sk_buff *skb, unsigned int skblen, } datalen = skb->len - protoff; tcph = (struct tcphdr *)((void *)skb->data + protoff); - nf_nat_csum_recalc(skb, nf_ct_l3num((struct nf_conn *)skb->_nfct), + nf_nat_csum_recalc(skb, nf_ct_l3num((struct nf_conn *)skb_nfct(skb)), IPPROTO_TCP, tcph, &tcph->check, datalen, oldlen); } @@ -1913,6 +1913,9 @@ static void sip_tcp_skb_combined_processing(bool skb_is_combined, struct sk_buff splitlen = (dir == IP_CT_DIR_ORIGINAL) ? ct->segment.skb_len[0] : ct->segment.skb_len[1]; oldlen = combined_skb->len - protoff; + /* Reset skb->len and skb->tail params before skb split. */ + skb->len = 0; + skb->tail = skb->data; skb_split(combined_skb, skb, splitlen); /* Headers need to be recalculated since during SIP processing * headers are calculated based on the change in length of the