]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commitdiff
projects / mirror_ubuntu-jammy-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7119d78)
can: dev: can_free_echo_skb(): don't crash the kernel if can_priv::echo_skb is access...
authorMarc Kleine-Budde <mkl@pengutronix.de>
Fri, 19 Mar 2021 14:08:13 +0000 (15:08 +0100)
committerMarc Kleine-Budde <mkl@pengutronix.de>
Tue, 30 Mar 2021 09:14:11 +0000 (11:14 +0200)
A out of bounds access to "struct can_priv::echo_skb" leads to a
kernel crash. Better print a sensible warning message instead and try
to recover.

This patch is similar to:

e7a6994d043a ("can: dev: __can_get_echo_skb(): Don't crash the kernel
|               if can_priv::echo_skb is accessed out of bounds")

Link: https://lore.kernel.org/r/20210319142700.305648-2-mkl@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
drivers/net/can/dev/skb.c patch | blob | blame | history

diff --git a/drivers/net/can/dev/skb.c b/drivers/net/can/dev/skb.c
index 22b0472a5fad185c36bf0c28eb85552f3cf76b8b..2256391ddbb3e19a069f3657d7dadee8c7047873 100644 (file)
--- a/drivers/net/can/dev/skb.c
+++ b/drivers/net/can/dev/skb.c
@@ -157,7 +157,11 @@ void can_free_echo_skb(struct net_device *dev, unsigned int idx)
 {
        struct can_priv *priv = netdev_priv(dev);
 
-       BUG_ON(idx >= priv->echo_skb_max);
+       if (idx >= priv->echo_skb_max) {
+               netdev_err(dev, "%s: BUG! Trying to access can_priv::echo_skb out of bounds (%u/max %u)\n",
+                          __func__, idx, priv->echo_skb_max);
+               return;
+       }
 
        if (priv->echo_skb[idx]) {
                dev_kfree_skb_any(priv->echo_skb[idx]);
Ubuntu Jammy Linux kernel mirror