vsock/virtio: fix length and offset in tap skb for split packets

virtio_transport_build_skb() builds a new skb to be delivered to the
vsockmon tap device. To build the new skb, it uses the original skb
data length as payload length, but as the comment notes, the original
packet stored in the skb may have been split in multiple packets, so we
need to use the length in the header, which is correctly updated before
the packet is delivered to the tap, and the offset for the data.

This was also similar to what we did before commit 71dc9ec9ac7d
("virtio/vsock: replace virtio_vsock_pkt with sk_buff") where we probably
missed something during the skb conversion.

Also update the comment above, which was left stale by the skb
conversion and still mentioned a buffer pointer that no longer exists.

Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Bobby Eshleman <bobbyeshleman@meta.com>
Reviewed-by: Arseniy Krasnov <avkrasnov@rulkc.org>
Link: https://patch.msgid.link/20260508164411.261440-2-sgarzare@redhat.com
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index 9b8014516f4fb1130ae184635fbba4dfee58bd64..a678d5d7570466c08ba239801319556bcbb7c36a 100644 (file)
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -166,12 +166,12 @@ static struct sk_buff *virtio_transport_build_skb(void *opaque)
        struct sk_buff *skb;
        size_t payload_len;
 
-       /* A packet could be split to fit the RX buffer, so we can retrieve
-        * the payload length from the header and the buffer pointer taking
-        * care of the offset in the original packet.
+       /* A packet could be split to fit the RX buffer, so we use
+        * the payload length from the header, which has been updated
+        * by the sender to reflect the fragment size.
         */
        pkt_hdr = virtio_vsock_hdr(pkt);
-       payload_len = pkt->len;
+       payload_len = le32_to_cpu(pkt_hdr->len);
 
        skb = alloc_skb(sizeof(*hdr) + sizeof(*pkt_hdr) + payload_len,
                        GFP_ATOMIC);
@@ -219,7 +219,8 @@ static struct sk_buff *virtio_transport_build_skb(void *opaque)
 
                        virtio_transport_copy_nonlinear_skb(pkt, data, payload_len);
                } else {
-                       skb_put_data(skb, pkt->data, payload_len);
+                       skb_put_data(skb, pkt->data + VIRTIO_VSOCK_SKB_CB(pkt)->offset,
+                                    payload_len);
                }
        }