git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Oliver Hartkopp <socketcan@hartkopp.net>
	Sat, 7 Dec 2019 18:34:18 +0000 (19:34 +0100)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Fri, 14 Feb 2020 05:29:37 +0000 (00:29 -0500)
commit	3c406959cc7a2fceb43c9c92e92dc90639628244
tree	f139044c94b53f8910ea3ac35cc70ada14217993	tree
parent	ab65fd14a8741772b2a7a9a8aed6a11b84f26d1c	commit \| diff

can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs

BugLink: https://bugs.launchpad.net/bugs/1861934
commit e7153bf70c3496bac00e7e4f395bb8d8394ac0ea upstream.

KMSAN sysbot detected a read access to an untinitialized value in the
headroom of an outgoing CAN related sk_buff. When using CAN sockets this
area is filled appropriately - but when using a packet socket this
initialization is missing.

The problematic read access occurs in the CAN receive path which can
only be triggered when the sk_buff is sent through a (virtual) CAN
interface. So we check in the sending path whether we need to perform
the missing initializations.

Fixes: d3b58c47d330d ("can: replace timestamp as unique skb attribute")
Reported-by: syzbot+b02ff0707a97e4e79ebb@syzkaller.appspotmail.com
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= v4.1
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>