Patch "amt: do not use overwrapped cb area" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 22 Jan 2024 18:01:10 -0500

This is a note to let you know that I've just added the patch titled

    amt: do not use overwrapped cb area

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     amt-do-not-use-overwrapped-cb-area.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit ab062631f53592e4c553fd322c8f9ff07560a644
Author: Taehee Yoo <ap420073@xxxxxxxxx>
Date:   Sun Jan 7 14:42:41 2024 +0000

    amt: do not use overwrapped cb area
    
    [ Upstream commit bec161add35b478a7746bf58bcdea6faa19129ef ]
    
    amt driver uses skb->cb for storing tunnel information.
    This job is worked before TC layer and then amt driver load tunnel info
    from skb->cb after TC layer.
    So, its cb area should not be overwrapped with CB area used by TC.
    In order to not use cb area used by TC, it skips the biggest cb
    structure used by TC, which was qdisc_skb_cb.
    But it's not anymore.
    Currently, biggest structure of TC's CB is tc_skb_cb.
    So, it should skip size of tc_skb_cb instead of qdisc_skb_cb.
    
    Fixes: ec624fe740b4 ("net/sched: Extend qdisc control block with tc control block")
    Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
    Acked-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Reviewed-by: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240107144241.4169520-1-ap420073@xxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 53415e83821c..68e79b1272f6 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -11,7 +11,7 @@
 #include <linux/net.h>
 #include <linux/igmp.h>
 #include <linux/workqueue.h>
-#include <net/sch_generic.h>
+#include <net/pkt_sched.h>
 #include <net/net_namespace.h>
 #include <net/ip.h>
 #include <net/udp.h>
@@ -80,11 +80,11 @@ static struct mld2_grec mldv2_zero_grec;
 
 static struct amt_skb_cb *amt_skb_cb(struct sk_buff *skb)
 {
-	BUILD_BUG_ON(sizeof(struct amt_skb_cb) + sizeof(struct qdisc_skb_cb) >
+	BUILD_BUG_ON(sizeof(struct amt_skb_cb) + sizeof(struct tc_skb_cb) >
 		     sizeof_field(struct sk_buff, cb));
 
 	return (struct amt_skb_cb *)((void *)skb->cb +
-		sizeof(struct qdisc_skb_cb));
+		sizeof(struct tc_skb_cb));
 }
 
 static void __amt_source_gc_work(void)







