mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include/linux/can
History
Oleksij Rempel 1a5751d58b net: introduce CAN specific pointer in the struct net_device 
[ Upstream commit 4e096a1886 ]

Since 20dd3850bc ("can: Speed up CAN frame receiption by using
ml_priv") the CAN framework uses per device specific data in the AF_CAN
protocol. For this purpose the struct net_device->ml_priv is used. Later
the ml_priv usage in CAN was extended for other users, one of them being
CAN_J1939.

Later in the kernel ml_priv was converted to an union, used by other
drivers. E.g. the tun driver started storing it's stats pointer.

Since tun devices can claim to be a CAN device, CAN specific protocols
will wrongly interpret this pointer, which will cause system crashes.
Mostly this issue is visible in the CAN_J1939 stack.

To fix this issue, we request a dedicated CAN pointer within the
net_device struct.

Reported-by: syzbot+5138c4dd15a0401bec7b@syzkaller.appspotmail.com
Fixes: 20dd3850bc ("can: Speed up CAN frame receiption by using ml_priv")
Fixes: ffd956eef6 ("can: introduce CAN midlayer private and allocate it automatically")
Fixes: 9d71dd0c70 ("can: add support of SAE J1939 protocol")
Fixes: 497a5757ce ("tun: switch to net core provided statistics counters")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20210223070127.4538-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-04-07 15:00:07 +02:00
..
dev can: dev: peak_canfd.h: Replace zero-length array with flexible-array member 2020-04-18 15:44:54 -05:00
platform can: mcp251x: get rid of legacy platform data 2019-11-11 21:57:28 +01:00
can-ml.h net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
core.h can: remove obsolete version strings 2020-10-12 10:06:39 +02:00
dev.h can: dev: add a helper function to calculate the duration of one bit 2020-10-07 23:17:45 +02:00
led.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
rx-offload.h can: rx-offload: can_rx_offload_add_manual(): add new initialization function 2020-09-21 10:13:19 +02:00
skb.h can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership 2021-03-17 17:06:11 +01:00