From: Marc Kleine-Budde <mkl@pengutronix.de>
To: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Cc: linux-kernel@vger.kernel.org,
Amarula patchwork <linux-amarula@amarulasolutions.com>,
michael@amarulasolutions.com,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jakub Kicinski <kuba@kernel.org>,
Jiri Slaby <jirislaby@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Vincent Mailhol <mailhol.vincent@wanadoo.fr>,
Wolfgang Grandegger <wg@grandegger.com>,
linux-can@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [RFC PATCH 12/13] can: slcan: extend the protocol with error info
Date: Tue, 7 Jun 2022 12:56:37 +0200 [thread overview]
Message-ID: <20220607105637.4vnqtv4vbnczva73@pengutronix.de> (raw)
In-Reply-To: <20220607094752.1029295-13-dario.binacchi@amarulasolutions.com>
[-- Attachment #1: Type: text/plain, Size: 3403 bytes --]
On 07.06.2022 11:47:51, Dario Binacchi wrote:
> It extends the protocol to receive the adapter CAN communication errors
> and forward them to the netdev upper levels.
>
> Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
> ---
>
> drivers/net/can/slcan/slcan-core.c | 104 ++++++++++++++++++++++++++++-
> 1 file changed, 103 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/can/slcan/slcan-core.c b/drivers/net/can/slcan/slcan-core.c
> index b813a59534a3..02e7c14de45c 100644
> --- a/drivers/net/can/slcan/slcan-core.c
> +++ b/drivers/net/can/slcan/slcan-core.c
> @@ -182,8 +182,92 @@ int slcan_enable_err_rst_on_open(struct net_device *ndev, bool on)
> * STANDARD SLCAN DECAPSULATION *
> ************************************************************************/
>
> +static void slc_bump_err(struct slcan *sl)
> +{
> + struct net_device *dev = sl->dev;
> + struct sk_buff *skb;
> + struct can_frame *cf;
> + char *cmd = sl->rbuff;
> + bool rx_errors = false, tx_errors = false;
> + int i, len;
> +
> + if (*cmd != 'e')
> + return;
> +
> + cmd += SLC_CMD_LEN;
> + /* get len from sanitized ASCII value */
What happens is a malicious device sends a wrong len value, that's
longer than the RX'ed data?
> + len = *cmd++;
> + if (len >= '0' && len < '9')
> + len -= '0';
> + else
> + return;
> +
> + skb = alloc_can_err_skb(dev, &cf);
Please continue error handling, even if no skb can be allocated.
> + if (unlikely(!skb))
> + return;
> +
> + cf->can_id |= CAN_ERR_PROT | CAN_ERR_BUSERROR;
> + for (i = 0; i < len; i++, cmd++) {
> + switch (*cmd) {
> + case 'a':
> + netdev_dbg(dev, "ACK error\n");
> + cf->can_id |= CAN_ERR_ACK;
> + cf->data[3] = CAN_ERR_PROT_LOC_ACK;
> + tx_errors = true;
> + break;
> + case 'b':
> + netdev_dbg(dev, "Bit0 error\n");
> + cf->data[2] |= CAN_ERR_PROT_BIT0;
> + tx_errors = true;
> + break;
> + case 'B':
> + netdev_dbg(dev, "Bit1 error\n");
> + cf->data[2] |= CAN_ERR_PROT_BIT1;
> + tx_errors = true;
> + break;
> + case 'c':
> + netdev_dbg(dev, "CRC error\n");
> + cf->data[2] |= CAN_ERR_PROT_BIT;
> + cf->data[3] = CAN_ERR_PROT_LOC_CRC_SEQ;
> + rx_errors = true;
> + break;
> + case 'f':
> + netdev_dbg(dev, "Form Error\n");
> + cf->data[2] |= CAN_ERR_PROT_FORM;
> + rx_errors = true;
> + break;
> + case 'o':
> + netdev_dbg(dev, "Rx overrun error\n");
> + cf->can_id |= CAN_ERR_CRTL;
> + cf->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
> + dev->stats.rx_over_errors++;
> + dev->stats.rx_errors++;
> + break;
> + case 'O':
> + netdev_dbg(dev, "Tx overrun error\n");
> + cf->can_id |= CAN_ERR_CRTL;
> + cf->data[1] = CAN_ERR_CRTL_TX_OVERFLOW;
> + dev->stats.tx_errors++;
> + break;
> + case 's':
> + netdev_dbg(dev, "Stuff error\n");
> + cf->data[2] |= CAN_ERR_PROT_STUFF;
> + rx_errors = true;
> + break;
> + }
> + }
> +
> + if (rx_errors)
> + dev->stats.rx_errors++;
> +
> + if (tx_errors)
> + dev->stats.tx_errors++;
> +
> + netif_rx(skb);
> +}
> +
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2022-06-07 11:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 9:47 [RFC PATCH 00/13] can: slcan: extend supported features Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 01/13] can: slcan: use the BIT() helper Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 02/13] can: slcan: use netdev helpers to print out messages Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 03/13] can: slcan: use the alloc_can_skb() helper Dario Binacchi
2022-06-07 10:15 ` Marc Kleine-Budde
2022-06-07 9:47 ` [RFC PATCH 04/13] can: slcan: use CAN network device driver API Dario Binacchi
2022-06-07 11:13 ` Marc Kleine-Budde
2022-06-08 16:42 ` Dario Binacchi
2022-06-09 7:07 ` Marc Kleine-Budde
2022-06-12 21:24 ` Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 05/13] can: slcan: simplify the device de-allocation Dario Binacchi
2022-06-07 20:45 ` Oliver Hartkopp
2022-06-07 9:47 ` [RFC PATCH 06/13] can: slcan: allow to send commands to the adapter Dario Binacchi
2022-06-09 7:16 ` Marc Kleine-Budde
2022-06-11 21:43 ` Dario Binacchi
2022-06-12 10:39 ` Marc Kleine-Budde
2022-06-07 9:47 ` [RFC PATCH 07/13] can: slcan: set bitrate by CAN device driver API Dario Binacchi
2022-06-07 10:09 ` Marc Kleine-Budde
2022-06-07 9:47 ` [RFC PATCH 08/13] can: slcan: send the open command to the adapter Dario Binacchi
2022-06-07 11:00 ` Marc Kleine-Budde
2022-06-07 9:47 ` [RFC PATCH 09/13] can: slcan: send the close " Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 10/13] can: slcan: move driver into separate sub directory Dario Binacchi
2022-06-07 9:47 ` [RFC PATCH 11/13] can: slcan: add ethtool support to reset adapter errors Dario Binacchi
2022-06-07 10:52 ` Marc Kleine-Budde
2022-06-08 16:33 ` Dario Binacchi
2022-06-09 6:38 ` Marc Kleine-Budde
2022-06-09 7:24 ` Dario Binacchi
2022-06-09 8:01 ` Marc Kleine-Budde
2022-06-09 8:52 ` Dario Binacchi
2022-06-10 10:51 ` Marc Kleine-Budde
2022-06-07 9:47 ` [RFC PATCH 12/13] can: slcan: extend the protocol with error info Dario Binacchi
2022-06-07 10:56 ` Marc Kleine-Budde [this message]
2022-06-07 9:47 ` [RFC PATCH 13/13] can: slcan: extend the protocol with CAN state info Dario Binacchi
2022-06-07 10:13 ` Marc Kleine-Budde
2022-06-07 10:27 ` [RFC PATCH 00/13] can: slcan: extend supported features Vincent MAILHOL
2022-06-07 10:39 ` Marc Kleine-Budde
2022-06-07 12:20 ` Vincent MAILHOL
2022-06-07 12:19 ` Vincent MAILHOL
2022-06-07 23:55 ` Max Staudt
2022-06-08 0:15 ` Max Staudt
2022-06-08 7:19 ` Marc Kleine-Budde
2022-06-08 12:55 ` Max Staudt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220607105637.4vnqtv4vbnczva73@pengutronix.de \
--to=mkl@pengutronix.de \
--cc=bigeasy@linutronix.de \
--cc=dario.binacchi@amarulasolutions.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-amarula@amarulasolutions.com \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mailhol.vincent@wanadoo.fr \
--cc=michael@amarulasolutions.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wg@grandegger.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).