The net packet structure contains pointers to link-layer source and
destination addresses. Usually, these structures do not point to
separately allocated memory but directly into the packet's data buffer.
In case of a deep package clone (which includes copying the buffer) the
copy of the ll addresses continued to point into the old package
(contrary to a rather misleading inline comment). This was proven by an
additional failing unit test assertion.
As the original package may be unreferenced while the cloned package is
still being accessed, the ll address pointers of the cloned package may
become invalid.
The fix consists of two parts:
* First it is determined whether a given ll address actually points into
the buffer and if so at which logical cursor offset it is located.
* If the address points into the package buffer then the cursor API is
used to determine the corresponding physical memory location in the
cloned package. The ll address of the cloned package is then patched
to point to the cloned buffer.
Additional assertions were introduced to the existing unit test to ensure
that the newly generated address points to the correct content of the
cloned package.
The solution is implemented in a generic way so that the previously
redundant implementations were consolidated into a single one. The code
includes a check that ensures that the ll address check and manipulation
will be skipped in case of shallow package copies.
The change also addresses problems related to the "overwrite" flag of the
package:
* Package cloning assumes the overwrite flag to be set. Otherwise it
will not work correctly. This was not ensured inside the clone method.
* Package cloning manipulates the overwrite flag of the cloned package
but does not reset it to represent the same state as the original
package.
The change introduces a fix and unit test assertions for both problems.
Fixes: #51265
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
389bd57753