| Message ID | 20221110061437.411525-1-william.xuanziyang@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp753461wru;
Wed, 9 Nov 2022 22:19:29 -0800 (PST)
X-Google-Smtp-Source:
AMsMyM6LNn0vhpq3yJrjHCJGVj+e2itkMag0rCAAwff3DOvhLUiJRB0YY+OV+U8gxGtmzorNfUOT
X-Received: by 2002:a05:6402:34cd:b0:462:5382:c3a9 with SMTP id
w13-20020a05640234cd00b004625382c3a9mr61887088edc.298.1668061169427;
Wed, 09 Nov 2022 22:19:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668061169; cv=none;
d=google.com; s=arc-20160816;
b=AxSggNiau4tuXX7E69OP+fbY+XClWs0wKnWF9pr/Y6Q+ktkAZJvA9BbPeLjaeDQL95
f4k9nsT82n/cJJZd6EdWK8fVrgFzgAi3QH4xC7n/SEBBspfBz/mYGgIhqrvvF28E4gvE
nvYXiS/amykcnNKjAqUD5WOk6jN4fjiq61CatNouNEOXUCLSrKkcF2hfUpBejWt7LdwC
ddnunTSfUtZOIQNgIjbHHI7U8kIJR3sGui9+D1Bpp47oNONUd02Kbfx5KUPTOzKda8lk
m7+/eNUwwawSpc/9Mk138IRThP81Q/OsFa8PVT8V/0Wotc0ULYJdo31nQ5fCdu5/5mVN
m/EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=c0QiLogYFaQPpiHrEqod0RPB7kYCg4w92qhCQR9CDPw=;
b=HRFV6i1E4wQVCK8DbKIVqpgP0h5eBY38R7nSllGcp5Wn54r8rGSi+jChcXl4olZqB1
JDNN9s4hkFfmgEMfUA0C108I6D6N8SL8kVyeDwSdbFIJ2rl3bMGOn+ozxcxI/HQ9rL2W
fUzpZFDa/ky1R/e3JsLQeDc/1GbYmgRTWkXC2V2hurTppXUJXj8LojpGX+bwKi9+otLY
EpilpZSWmcf5EV7KWytBuYAFjVHOobiTKvsAbdt3f2p+rxna9Y0D8yme+y4VfMprY/hZ
StJvrkEyl11fX5LV+Kx6QueQdOKrFe1cEbdrMgV9zL60PandiS0h4S8UCwTbCfZE9446
rvPw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
qx8-20020a170906fcc800b0078e1206d934si13272408ejb.162.2022.11.09.22.19.05;
Wed, 09 Nov 2022 22:19:29 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232273AbiKJGOw (ORCPT <rfc822;dexuan.linux@gmail.com>
+ 99 others); Thu, 10 Nov 2022 01:14:52 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37664 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229449AbiKJGOs (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 10 Nov 2022 01:14:48 -0500
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5224D275FC;
Wed, 9 Nov 2022 22:14:44 -0800 (PST)
Received: from canpemm500006.china.huawei.com (unknown [172.30.72.57])
by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4N7BPN3MsFzHvdV;
Thu, 10 Nov 2022 14:14:16 +0800 (CST)
Received: from localhost.localdomain (10.175.104.82) by
canpemm500006.china.huawei.com (7.192.105.130) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Thu, 10 Nov 2022 14:14:41 +0800
From: Ziyang Xuan <william.xuanziyang@huawei.com>
To: <max@enpas.org>, <wg@grandegger.com>, <mkl@pengutronix.de>,
<davem@davemloft.net>, <edumazet@google.com>, <kuba@kernel.org>,
<pabeni@redhat.com>, <linux-can@vger.kernel.org>,
<netdev@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>
Subject: [PATCH] can: can327: fix potential skb leak when netdev is down
Date: Thu, 10 Nov 2022 14:14:37 +0800
Message-ID: <20221110061437.411525-1-william.xuanziyang@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.175.104.82]
X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To
canpemm500006.china.huawei.com (7.192.105.130)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749088908998281375?=
X-GMAIL-MSGID: =?utf-8?q?1749088908998281375?=
|
| Series |
can: can327: fix potential skb leak when netdev is down
|
|
Commit Message
Ziyang Xuan
Nov. 10, 2022, 6:14 a.m. UTC
In can327_feed_frame_to_netdev(), it did not free the skb when netdev
is down, and all callers of can327_feed_frame_to_netdev() did not free
allocated skb too. That would trigger skb leak.
Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev
is down. Not tested, just compiled.
Fixes: 43da2f07622f ("can: can327: CAN/ldisc driver for ELM327 based OBD-II adapters")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
---
drivers/net/can/can327.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Comments
(CC Vincent, he may be interested) On Thu, 10 Nov 2022 14:14:37 +0800 Ziyang Xuan <william.xuanziyang@huawei.com> wrote: > Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev > is down. Not tested, just compiled. Looks correct to me, so: Reviewed-by: Max Staudt <max@enpas.org> Thank you very much for finding and fixing this! Max
Hello, Gently ask. Is there any other problem? And can it be applied? Thanks. > (CC Vincent, he may be interested) > > > On Thu, 10 Nov 2022 14:14:37 +0800 > Ziyang Xuan <william.xuanziyang@huawei.com> wrote: > >> Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev >> is down. Not tested, just compiled. > > Looks correct to me, so: > > Reviewed-by: Max Staudt <max@enpas.org> > > > Thank you very much for finding and fixing this! > > Max > > . >
Marc, Wolfgang, Could you please include William's patch to can327, provided that you see no issue with it? Thanks :) Max On Tue, 22 Nov 2022 10:10:50 +0800 "Ziyang Xuan (William)" <william.xuanziyang@huawei.com> wrote: > Hello, > > Gently ask. > > Is there any other problem? And can it be applied? > > Thanks. > > > (CC Vincent, he may be interested) > > > > > > On Thu, 10 Nov 2022 14:14:37 +0800 > > Ziyang Xuan <william.xuanziyang@huawei.com> wrote: > > > >> Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev > >> is down. Not tested, just compiled. > > > > Looks correct to me, so: > > > > Reviewed-by: Max Staudt <max@enpas.org> > > > > > > Thank you very much for finding and fixing this! > > > > Max > > > > . > >
diff --git a/drivers/net/can/can327.c b/drivers/net/can/can327.c index 0aa1af31d0fe..17bca63f3dd3 100644 --- a/drivers/net/can/can327.c +++ b/drivers/net/can/can327.c @@ -263,8 +263,10 @@ static void can327_feed_frame_to_netdev(struct can327 *elm, struct sk_buff *skb) { lockdep_assert_held(&elm->lock); - if (!netif_running(elm->dev)) + if (!netif_running(elm->dev)) { + kfree_skb(skb); return; + } /* Queue for NAPI pickup. * rx-offload will update stats and LEDs for us.