| Message ID | 4A852641.80305@hartkopp.net |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Oliver Hartkopp <oliver@hartkopp.net> Date: Fri, 14 Aug 2009 10:54:25 +0200 > To ensure a proper handling of CAN frames transported in skbuffs some checks > need to be performed at receive time. > > As stated by Michael Olbrich and Luotao Fu BUG_ON() might be to restrictive. > This is right as we can just drop the non conform skbuff and the Kernel can > continue working. > > This patch replaces the BUG_ON() with a WARN_ONCE() so that the system remains > healthy but we made the problem visible (once). > > Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> > Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/can/af_can.c b/net/can/af_can.c index e733725..f9c027b 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c @@ -651,12 +651,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, struct can_frame *cf = (struct can_frame *)skb->data; int matches; - if (dev->type != ARPHRD_CAN || !net_eq(dev_net(dev), &init_net)) { - kfree_skb(skb); - return 0; - } + if (!net_eq(dev_net(dev), &init_net)) + goto drop; - BUG_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8); + if (WARN_ONCE(dev->type != ARPHRD_CAN || + skb->len != sizeof(struct can_frame) || + cf->can_dlc > 8, + "PF_CAN: dropped non conform skbuf: " + "dev type %d, len %d, can_dlc %d\n", + dev->type, skb->len, cf->can_dlc)) + goto drop; /* update statistics */ can_stats.rx_frames++; @@ -683,6 +687,10 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, } return 0; + +drop: + kfree_skb(skb); + return 0; } /*