Oliver Hartkopp 40ebaf7365 can: isotp: stop timeout monitoring when no first frame was sent ... [ Upstream commit d734970817 ] The first attempt to fix a the 'impossible' WARN_ON_ONCE(1) in isotp_tx_timer_handler() focussed on the identical CAN IDs created by the syzbot reproducer and lead to upstream fix/commit 3ea566422c ("can: isotp: sanitize CAN ID checks in isotp_bind()"). But this did not catch the root cause of the wrong tx.state in the tx_timer handler. In the isotp 'first frame' case a timeout monitoring needs to be started before the 'first frame' is send. But when this sending failed the timeout monitoring for this specific frame has to be disabled too. Otherwise the tx_timer is fired with the 'warn me' tx.state of ISOTP_IDLE. Fixes: e057dd3fc2 ("can: add ISO 15765-2:2016 transport protocol") Link: https://lore.kernel.org/all/20220405175112.2682-1-socketcan@hartkopp.net Reported-by: syzbot+2339c27f5c66c652843e@syzkaller.appspotmail.com Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-04-27 14:38:54 +02:00
..
j1939	net-timestamp: convert sk->sk_tskey to atomic_t	2022-03-02 11:48:01 +01:00
af_can.c	net: introduce CAN specific pointer in the struct net_device	2021-02-24 14:32:15 -08:00
af_can.h	can: introduce CAN midlayer private and allocate it automatically	2019-09-04 13:29:14 +02:00
bcm.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2021-06-29 15:45:27 -07:00
gw.c	can: gw: synchronize rcu operations before removing gw job entry	2021-06-19 23:53:43 +02:00
isotp.c	can: isotp: stop timeout monitoring when no first frame was sent	2022-04-27 14:38:54 +02:00
Kconfig	net: remove redundant 'depends on NET'	2021-01-27 17:04:12 -08:00
Makefile	can: add ISO 15765-2:2016 transport protocol	2020-10-07 23:18:33 +02:00
proc.c	can: proc: remove unnecessary variables	2021-05-27 09:42:21 +02:00
raw.c	net: Remove redundant if statements	2021-08-05 13:27:50 +01:00