Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1759948AbcLBRHS (ORCPT <rfc822;w@1wt.eu>);
        Fri, 2 Dec 2016 12:07:18 -0500
Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.219]:36003 "EHLO
        mo4-p00-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752618AbcLBRGg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Dec 2016 12:06:36 -0500
X-RZG-AUTH: :P2MHfkW8eP4Mre39l357AZT/I7AY/7nT2yrT1q0ngWNsKR9DbcDvsfbZ70J0gsMN8lwh8Q==
X-RZG-CLASS-ID: mo00
Subject: Re: net/can: warning in raw_setsockopt/__alloc_pages_slowpath
To: Marc Kleine-Budde <mkl@pengutronix.de>,
        Andrey Konovalov <andreyknvl@google.com>,
        "David S. Miller" <davem@davemloft.net>, linux-can@vger.kernel.org,
        netdev <netdev@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>
References: <CAAeHK+x3vqjzzXPtp-xCshWnvTcVrZqGmJR7rbooRFxBJanv8g@mail.gmail.com>
 <c47865a1-4aae-5eae-f9e0-7b4f7f7e9897@pengutronix.de>
 <73b78023-bc11-25c0-33e3-3a748dbc81cd@hartkopp.net>
 <74e2aed8-ba38-ee91-59a3-49131ea18d60@pengutronix.de>
Cc: Dmitry Vyukov <dvyukov@google.com>, Kostya Serebryany <kcc@google.com>,
        syzkaller <syzkaller@googlegroups.com>
From: Oliver Hartkopp <socketcan@hartkopp.net>
Message-ID: <6fe05efd-eb2c-a5e2-9d45-48f2c3098abb@hartkopp.net>
Date: Fri, 2 Dec 2016 18:05:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Icedove/45.4.0
MIME-Version: 1.0
In-Reply-To: <74e2aed8-ba38-ee91-59a3-49131ea18d60@pengutronix.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1418
Lines: 58



On 12/02/2016 04:42 PM, Marc Kleine-Budde wrote:
> On 12/02/2016 04:11 PM, Oliver Hartkopp wrote:
>>
>>
>> On 12/02/2016 02:24 PM, Marc Kleine-Budde wrote:
>>> On 12/02/2016 01:43 PM, Andrey Konovalov wrote:
>>
>>
>>>>  [<ffffffff8369e0de>] raw_setsockopt+0x1be/0x9f0 net/can/raw.c:506
>>>
>>> We should add a check for a sensible optlen....
>>>
>>>> static int raw_setsockopt(struct socket *sock, int level, int optname,
>>>> 			  char __user *optval, unsigned int optlen)
>>>> {
>>>> 	struct sock *sk = sock->sk;
>>>> 	struct raw_sock *ro = raw_sk(sk);
>>>> 	struct can_filter *filter = NULL;  /* dyn. alloc'ed filters */
>>>> 	struct can_filter sfilter;         /* single filter */
>>>> 	struct net_device *dev = NULL;
>>>> 	can_err_mask_t err_mask = 0;
>>>> 	int count = 0;
>>>> 	int err = 0;
>>>>
>>>> 	if (level != SOL_CAN_RAW)
>>>> 		return -EINVAL;
>>>>
>>>> 	switch (optname) {
>>>>
>>>> 	case CAN_RAW_FILTER:
>>>> 		if (optlen % sizeof(struct can_filter) != 0)
>>>> 			return -EINVAL;
>>>
>>> here...
>>>
>>> 		if (optlen > 64 * sizeof(struct can_filter))
>>> 			return -EINVAL;
>>>
>>
>> Agreed.
>>
>> But what is sensible here?
>> 64 filters is way to small IMO.
>>
>> When thinking about picking a bunch of single CAN IDs I would tend to
>> something like 512 filters.
>
> Ok - 64 was just an arbitrary chosen value for demonstration purposes :)
>

:-)

Would you like to send a patch?

Regards,
Oliver