When a netdev down event occurs after a successful call to
j1939_sk_bind(), j1939_netdev_notify() can handle it correctly.
But if the netdev already in down state before calling j1939_sk_bind(),
j1939_sk_release() will stay in wait_event_interruptible() blocked
forever. Because in this case, j1939_netdev_notify() won't be called and
j1939_tp_txtimer() won't call j1939_session_cancel() or other function
to clear session for ENETDOWN error, this lead to mismatch of
j1939_session_get/put() and jsk->skb_pending will never decrease to
zero.
To reproduce it use following commands:
1. ip link add dev vcan0 type vcan
2. j1939acd -r 100,80-120 1122334455667788 vcan0
3. presses ctrl-c and thread will be blocked forever
This patch adds check for ndev->flags in j1939_sk_bind() to avoid this
kind of situation and return with -ENETDOWN.
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Zhang Changzhong <[email protected]>
---
net/can/j1939/socket.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index 1be4c89..f239665 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -475,6 +475,12 @@ static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
goto out_release_sock;
}
+ if (!(ndev->flags & IFF_UP)) {
+ dev_put(ndev);
+ ret = -ENETDOWN;
+ goto out_release_sock;
+ }
+
priv = j1939_netdev_start(ndev);
dev_put(ndev);
if (IS_ERR(priv)) {
--
2.9.5
On Mon, Sep 07, 2020 at 02:31:48PM +0800, Zhang Changzhong wrote:
> When a netdev down event occurs after a successful call to
> j1939_sk_bind(), j1939_netdev_notify() can handle it correctly.
>
> But if the netdev already in down state before calling j1939_sk_bind(),
> j1939_sk_release() will stay in wait_event_interruptible() blocked
> forever. Because in this case, j1939_netdev_notify() won't be called and
> j1939_tp_txtimer() won't call j1939_session_cancel() or other function
> to clear session for ENETDOWN error, this lead to mismatch of
> j1939_session_get/put() and jsk->skb_pending will never decrease to
> zero.
>
> To reproduce it use following commands:
> 1. ip link add dev vcan0 type vcan
> 2. j1939acd -r 100,80-120 1122334455667788 vcan0
> 3. presses ctrl-c and thread will be blocked forever
>
> This patch adds check for ndev->flags in j1939_sk_bind() to avoid this
> kind of situation and return with -ENETDOWN.
>
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Signed-off-by: Zhang Changzhong <[email protected]>
Acked-by: Oleksij Rempel <[email protected]>
Thank you!
> ---
> net/can/j1939/socket.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
> index 1be4c89..f239665 100644
> --- a/net/can/j1939/socket.c
> +++ b/net/can/j1939/socket.c
> @@ -475,6 +475,12 @@ static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
> goto out_release_sock;
> }
>
> + if (!(ndev->flags & IFF_UP)) {
> + dev_put(ndev);
> + ret = -ENETDOWN;
> + goto out_release_sock;
> + }
> +
> priv = j1939_netdev_start(ndev);
> dev_put(ndev);
> if (IS_ERR(priv)) {
> --
> 2.9.5
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |