linux-can-fixes-for-6.16-20250529

-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEEn/sM2K9nqF/8FWzzDHRl3/mQkZwFAmg4EQYTHG1rbEBwZW5n
 dXRyb25peC5kZQAKCRAMdGXf+ZCRnH+1B/9pz2ikt785grwkWb0edC/avyQDDcYN
 oY6FqYUUbQhQeoLWNWIAjyCzgoUx7fM+rpjsqQrZQeyfX3tPDepWMNS5MxuUPJHD
 14uY5p0Ii6KrJkDYQ8Ft6hr5DVhcqHoJPqc1YJX3MZm8fBIsJ8kzkUbjtL0x91Ty
 dfqaT9ai1MrOVgjS5OED2G+93sBGMdw/AIe8ftfnxGx0ax4CWB/jhk8waQuwfJwm
 yldsbbh337/Vt6/0ZusAdEExupJaP/RHEcSQIg6zAmTH/v3bLmXNYvXPg3rY/4tL
 B7oE/w1RDWPdYkaJZeM2NBsE3VONCGCi1qxlilzBH8xHZ8kHojrl6nBI
 =ArZE
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-6.16-20250529' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2025-05-29

this is a pull request of 1 patch for net/main.

The patch is by Fedor Pchelkin and fixes a slab-out-of-bounds access
in the kvaser_pciefd driver.

linux-can-fixes-for-6.16-20250529

* tag 'linux-can-fixes-for-6.16-20250529' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can:
  can: kvaser_pciefd: refine error prone echo_skb_max handling logic
====================

Link: https://patch.msgid.link/20250529075313.1101820-1-mkl@pengutronix.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

drivers/net/can/kvaser_pciefd.c

@@ -966,7 +966,7 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie)
 		u32 status, tx_nr_packets_max;
 
 		netdev = alloc_candev(sizeof(struct kvaser_pciefd_can),
-				      KVASER_PCIEFD_CAN_TX_MAX_COUNT);
+				      roundup_pow_of_two(KVASER_PCIEFD_CAN_TX_MAX_COUNT));
 		if (!netdev)
 			return -ENOMEM;
 
@@ -995,7 +995,6 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie)
 		can->tx_max_count = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1);
 
 		can->can.clock.freq = pcie->freq;
-		can->can.echo_skb_max = roundup_pow_of_two(can->tx_max_count);
 		spin_lock_init(&can->lock);
 
 		can->can.bittiming_const = &kvaser_pciefd_bittiming_const;