iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

linux-can-fixes-for-6.3-20230327

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEEDs2BvajyNKlf9TJQvlAcSiqKBOgFAmQhjxcTHG1rbEBwZW5n
 dXRyb25peC5kZQAKCRC+UBxKKooE6NMvB/4lJJXkoCMK6QVL3iJnEvgZKYtkDRC/
 j5fktgLM4X6vbZTIpk+hlMGWLXVGgCa5JzuiOmchSwT2JlCBkD0MBQA7EZgQI4M4
 JKLv93rIuI6t/AZMAmIMotB6Z/QqGH8NJl7UVdOFGv7Z/qzhjvQ9w7lP66KRtm4S
 xgaPlgKk0MZbTH+rrmbCrUFlQPBvcak8EyNxpahjjfVplaR8U+AKSIeOghBlvwZZ
 ohc52wWq2vRMr9Fzc4yAtYf7vJTD+1u5OlmJkpiB/yshCN/BTGJv12m8RlfvIliH
 cNAJyfetLjtRjXGwilPw0wAJvldjpwy49JK9E5Z5jYOrtWaH5ade20l1
 =p3JT
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-6.3-20230327' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2023-03-27

Oleksij Rempel and Hillf Danton contribute a patch for the CAN J1939
protocol that prevents a potential deadlock in j1939_sk_errqueue().

Ivan Orlov fixes an uninit-value in the CAN BCM protocol in the
bcm_tx_setup() function.

* tag 'linux-can-fixes-for-6.3-20230327' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can:
  can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
  can: j1939: prevent deadlock by moving j1939_sk_errqueue()
====================

Link: https://lore.kernel.org/r/20230327124807.1157134-1-mkl@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jakub Kicinski 2023-03-27 19:47:42 -07:00
commit ebd3b82634
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
net/can/bcm.c
View File

@ -941,6 +941,8 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
cf = op->frames + op->cfsiz * i; cf = op->frames + op->cfsiz * i;
err = memcpy_from_msg((u8 *)cf, msg, op->cfsiz); err = memcpy_from_msg((u8 *)cf, msg, op->cfsiz);
if (err < 0)
goto free_op;
if (op->flags & CAN_FD_FRAME) { if (op->flags & CAN_FD_FRAME) {
if (cf->len > 64) if (cf->len > 64)
@ -950,12 +952,8 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
err = -EINVAL; err = -EINVAL;
} }
if (err < 0) { if (err < 0)
if (op->frames != &op->sframe) goto free_op;
kfree(op->frames);
kfree(op);
return err;
}
if (msg_head->flags & TX_CP_CAN_ID) { if (msg_head->flags & TX_CP_CAN_ID) {
/* copy can_id into frame */ /* copy can_id into frame */
@ -1026,6 +1024,12 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
bcm_tx_start_timer(op); bcm_tx_start_timer(op);
return msg_head->nframes * op->cfsiz + MHSIZ; return msg_head->nframes * op->cfsiz + MHSIZ;
free_op:
if (op->frames != &op->sframe)
kfree(op->frames);
kfree(op);
return err;
} }
/* /*

8
net/can/j1939/transport.c
View File

@ -1124,8 +1124,6 @@ static void __j1939_session_cancel(struct j1939_session *session,
if (session->sk) if (session->sk)
j1939_sk_send_loop_abort(session->sk, session->err); j1939_sk_send_loop_abort(session->sk, session->err);
else
j1939_sk_errqueue(session, J1939_ERRQUEUE_RX_ABORT);
} }
static void j1939_session_cancel(struct j1939_session *session, static void j1939_session_cancel(struct j1939_session *session,
@ -1140,6 +1138,9 @@ static void j1939_session_cancel(struct j1939_session *session,
} }
j1939_session_list_unlock(session->priv); j1939_session_list_unlock(session->priv);
if (!session->sk)
j1939_sk_errqueue(session, J1939_ERRQUEUE_RX_ABORT);
} }
static enum hrtimer_restart j1939_tp_txtimer(struct hrtimer *hrtimer) static enum hrtimer_restart j1939_tp_txtimer(struct hrtimer *hrtimer)
@ -1253,6 +1254,9 @@ static enum hrtimer_restart j1939_tp_rxtimer(struct hrtimer *hrtimer)
__j1939_session_cancel(session, J1939_XTP_ABORT_TIMEOUT); __j1939_session_cancel(session, J1939_XTP_ABORT_TIMEOUT);
} }
j1939_session_list_unlock(session->priv); j1939_session_list_unlock(session->priv);
if (!session->sk)
j1939_sk_errqueue(session, J1939_ERRQUEUE_RX_ABORT);
} }
j1939_session_put(session); j1939_session_put(session);