github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
9f29f6f8da
linux/net/can
History
Oliver Hartkopp 50aac44273 can: isotp: stop timeout monitoring when no first frame was sent 
commit d734970817 upstream.

The first attempt to fix a the 'impossible' WARN_ON_ONCE(1) in
isotp_tx_timer_handler() focussed on the identical CAN IDs created by
the syzbot reproducer and lead to upstream fix/commit 3ea566422c
("can: isotp: sanitize CAN ID checks in isotp_bind()"). But this did
not catch the root cause of the wrong tx.state in the tx_timer handler.

In the isotp 'first frame' case a timeout monitoring needs to be started
before the 'first frame' is send. But when this sending failed the timeout
monitoring for this specific frame has to be disabled too.

Otherwise the tx_timer is fired with the 'warn me' tx.state of ISOTP_IDLE.

Fixes: e057dd3fc2 ("can: add ISO 15765-2:2016 transport protocol")
Link: https://lore.kernel.org/all/20220405175112.2682-1-socketcan@hartkopp.net
Reported-by: syzbot+2339c27f5c66c652843e@syzkaller.appspotmail.com
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-27 13:53:57 +02:00
..
j1939 can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM 2021-12-08 09:03:17 +01:00
af_can.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
af_can.h can: introduce CAN midlayer private and allocate it automatically 2019-09-04 13:29:14 +02:00
bcm.c can: bcm: delay release of struct bcm_op after synchronize_rcu() 2021-07-14 16:55:41 +02:00
gw.c can: gw: synchronize rcu operations before removing gw job entry 2021-07-14 16:55:41 +02:00
isotp.c can: isotp: stop timeout monitoring when no first frame was sent 2022-04-27 13:53:57 +02:00
Kconfig can: isotp: Explain PDU in CAN_ISOTP help text 2020-11-03 22:30:31 +01:00
Makefile can: add ISO 15765-2:2016 transport protocol 2020-10-07 23:18:33 +02:00
proc.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
raw.c can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF 2021-08-04 12:46:40 +02:00