diff options
| author | Oliver Hartkopp <[email protected]> | 2022-11-02 10:54:31 +0100 |
|---|---|---|
| committer | Marc Kleine-Budde <[email protected]> | 2022-11-07 14:00:27 +0100 |
| commit | ae64438be1923e3c1102d90fd41db7afcfaf54cc (patch) | |
| tree | 4653f59a5d91825bee51259007370416134a0663 /drivers/net/can/dev | |
| parent | 3eb3d283e8579a22b81dd2ac3987b77465b2a22f (diff) | |
can: dev: fix skb drop check
In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only
mode") the priv->ctrlmode element is read even on virtual CAN
interfaces that do not create the struct can_priv at startup. This
out-of-bounds read may lead to CAN frame drops for virtual CAN
interfaces like vcan and vxcan.
This patch mainly reverts the original commit and adds a new helper
for CAN interface drivers that provide the required information in
struct can_priv.
Fixes: a6d190f8c767 ("can: skb: drop tx skb if in listen only mode")
Reported-by: Dariusz Stojaczyk <[email protected]>
Cc: Vincent Mailhol <[email protected]>
Cc: Max Staudt <[email protected]>
Signed-off-by: Oliver Hartkopp <[email protected]>
Acked-by: Vincent Mailhol <[email protected]>
Link: https://lore.kernel.org/all/[email protected]
Cc: [email protected] # 6.0.x
[mkl: patch pch_can, too]
Signed-off-by: Marc Kleine-Budde <[email protected]>
Diffstat (limited to 'drivers/net/can/dev')
| -rw-r--r-- | drivers/net/can/dev/skb.c | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/drivers/net/can/dev/skb.c b/drivers/net/can/dev/skb.c index 791a51e2f5d6..241ec636e91f 100644 --- a/drivers/net/can/dev/skb.c +++ b/drivers/net/can/dev/skb.c @@ -5,7 +5,6 @@ */ #include <linux/can/dev.h> -#include <linux/can/netlink.h> #include <linux/module.h> #define MOD_DESC "CAN device driver interface" @@ -337,8 +336,6 @@ static bool can_skb_headroom_valid(struct net_device *dev, struct sk_buff *skb) /* Drop a given socketbuffer if it does not contain a valid CAN frame. */ bool can_dropped_invalid_skb(struct net_device *dev, struct sk_buff *skb) { - struct can_priv *priv = netdev_priv(dev); - switch (ntohs(skb->protocol)) { case ETH_P_CAN: if (!can_is_can_skb(skb)) @@ -359,13 +356,8 @@ bool can_dropped_invalid_skb(struct net_device *dev, struct sk_buff *skb) goto inval_skb; } - if (!can_skb_headroom_valid(dev, skb)) { + if (!can_skb_headroom_valid(dev, skb)) goto inval_skb; - } else if (priv->ctrlmode & CAN_CTRLMODE_LISTENONLY) { - netdev_info_once(dev, - "interface in listen only mode, dropping skb\n"); - goto inval_skb; - } return false; |