From: Oleksij Rempel <o.rempel@pengutronix.de>
To: dev.kurt@vandijck-laurijssen.be, mkl@pengutronix.de, wg@grandegger.com
Cc: Oleksij Rempel <o.rempel@pengutronix.de>,
syzbot+f03d384f3455d28833eb@syzkaller.appspotmail.com,
linux-stable <stable@vger.kernel.org>,
kernel@pengutronix.de, linux-can@vger.kernel.org,
netdev@vger.kernel.org, David Jander <david@protonic.nl>
Subject: [PATCH v1 3/5] can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
Date: Fri, 7 Aug 2020 12:51:58 +0200 [thread overview]
Message-ID: <20200807105200.26441-4-o.rempel@pengutronix.de> (raw)
In-Reply-To: <20200807105200.26441-1-o.rempel@pengutronix.de>
This patch adds check to ensure that the struct net_device::ml_priv is
allocated, as it is used later by the j1939 stack.
The allocation is done by all mainline CAN network drivers, but when using
bond or team devices this is not the case.
Bail out if no ml_priv is allocated.
Reported-by: syzbot+f03d384f3455d28833eb@syzkaller.appspotmail.com
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
net/can/j1939/socket.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index b9a17c2ee16f..27542de233c7 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -467,6 +467,14 @@ static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
goto out_release_sock;
}
+ if (!ndev->ml_priv) {
+ netdev_warn_once(ndev,
+ "No CAN mid layer private allocated, please fix your driver and use alloc_candev()!\n");
+ dev_put(ndev);
+ ret = -ENODEV;
+ goto out_release_sock;
+ }
+
priv = j1939_netdev_start(ndev);
dev_put(ndev);
if (IS_ERR(priv)) {
--
2.28.0
next prev parent reply other threads:[~2020-08-07 10:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-07 10:51 [PATCH v1 0/5] j1939 fixes Oleksij Rempel
2020-08-07 10:51 ` [PATCH v1 1/5] can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack Oleksij Rempel
2020-08-07 10:51 ` [PATCH v1 2/5] can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer() Oleksij Rempel
2020-08-07 10:51 ` Oleksij Rempel [this message]
2020-08-07 10:51 ` [PATCH v1 4/5] can: j1939: transport: add j1939_session_skb_find_by_offset() function Oleksij Rempel
2020-08-07 10:52 ` [PATCH v1 5/5] can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions Oleksij Rempel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200807105200.26441-4-o.rempel@pengutronix.de \
--to=o.rempel@pengutronix.de \
--cc=david@protonic.nl \
--cc=dev.kurt@vandijck-laurijssen.be \
--cc=kernel@pengutronix.de \
--cc=linux-can@vger.kernel.org \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+f03d384f3455d28833eb@syzkaller.appspotmail.com \
--cc=wg@grandegger.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.