Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp848695pxb; Tue, 3 Nov 2020 14:19:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJw0reyvxizsB5qSLe37YsK6699DQtH2kxr9hCaEFsgPDucdLwcRm0nnSfQSwUObsxyJHlar X-Received: by 2002:a50:e3ca:: with SMTP id c10mr2958029edm.222.1604441984746; Tue, 03 Nov 2020 14:19:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604441984; cv=none; d=google.com; s=arc-20160816; b=oDUqywuSFToOyrqcMecNZjS+Fylx5PLKRuK5x530vJGFLzoDpXQhpiZbIf4APQI/aa qk/Mi77aIBUHeSzscBn8dtsofqEEL5JwTTuKrh+2eONP2jQa0k4Zd8V9XSvcJet1XbAy gjIKjDqKJc7ERcZzRA8iu1xw1d0wKb768El1enEhAGuEYdzjbEWfHLvzpz/tgJuTd934 P2ffQRDixRDgwXzJMeUy/cA+To7Ju8HC2Y5l53YdDg6E8KMKI3LPerK/nzfPgf6NmnXH fufSZml3Z3KVZGhM/smYhSNO86FrKr1/hw1Sztcih3gLFsLxUHD+t0PkYDAezxoWmeNr 0lKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject; bh=WJhTkwchk64Tq2RkoySwUcMWRi7VvYlRuo2GaSvb+Zo=; b=jjZVQF3HOi79da6cKzqVlkpK2Uv7uByG5IHkwb6Ou5MxnyLFsaUumu1kfCOPj3Zcah ui9d3+s909GNuoGufK6HRqZVxqNF3z9IfR7hHc479pzPiz/D8r8D3LPWfcGNtXhnaQEP EqZqqHAAtEiK8VKMz0I+1o8e/Un0QfQHP3sHQh7addZnSowclhhs89MPi8RNph269ThX ySrHJ4apJX70+GSqgnEkUnEbgr064Az/IIVzZV9d5arBakXY7CM21lu4D7Frdv5ZFYF+ cppxs6rGF/ovzBUDPZ2W4T0ytSMbeGsf4EeC/Hg8xuE+tWBtutCe6awA5XA+0NTGUzbT rBoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h19si134573ejg.9.2020.11.03.14.19.21; Tue, 03 Nov 2020 14:19:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729906AbgKCWRx (ORCPT + 99 others); Tue, 3 Nov 2020 17:17:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729085AbgKCWRv (ORCPT ); Tue, 3 Nov 2020 17:17:51 -0500 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E05EAC0613D1 for ; Tue, 3 Nov 2020 14:17:50 -0800 (PST) Received: from gallifrey.ext.pengutronix.de ([2001:67c:670:201:5054:ff:fe8d:eefb] helo=bjornoya.blackshift.org) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ka4cc-0000kh-3Q; Tue, 03 Nov 2020 23:17:46 +0100 Received: from [IPv6:2a03:f580:87bc:d400:a118:5f1:5158:c960] (unknown [IPv6:2a03:f580:87bc:d400:a118:5f1:5158:c960]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mkl@blackshift.org", Issuer "StartCom Class 1 Client CA" (not verified)) (Authenticated sender: mkl@blackshift.org) by smtp.blackshift.org (Postfix) with ESMTPSA id 79219589BD4; Tue, 3 Nov 2020 22:17:44 +0000 (UTC) Subject: Re: [PATCH 0/2] prevent potential access of uninitialized members in can_rcv() and canfd_rcv() To: Anant Thazhemadam , socketcan@hartkopp.net, davem@davemloft.net, kuba@kernel.org Cc: linux-can@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <20201103213906.24219-1-anant.thazhemadam@gmail.com> From: Marc Kleine-Budde Autocrypt: addr=mkl@pengutronix.de; prefer-encrypt=mutual; keydata= mQINBFFVq30BEACtnSvtXHoeHJxG6nRULcvlkW6RuNwHKmrqoksispp43X8+nwqIFYgb8UaX zu8T6kZP2wEIpM9RjEL3jdBjZNCsjSS6x1qzpc2+2ivjdiJsqeaagIgvy2JWy7vUa4/PyGfx QyUeXOxdj59DvLwAx8I6hOgeHx2X/ntKAMUxwawYfPZpP3gwTNKc27dJWSomOLgp+gbmOmgc 6U5KwhAxPTEb3CsT5RicsC+uQQFumdl5I6XS+pbeXZndXwnj5t84M+HEj7RN6bUfV2WZO/AB Xt5+qFkC/AVUcj/dcHvZwQJlGeZxoi4veCoOT2MYqfR0ax1MmN+LVRvKm29oSyD4Ts/97cbs XsZDRxnEG3z/7Winiv0ZanclA7v7CQwrzsbpCv+oj+zokGuKasofzKdpywkjAfSE1zTyF+8K nxBAmzwEqeQ3iKqBc3AcCseqSPX53mPqmwvNVS2GqBpnOfY7Mxr1AEmxdEcRYbhG6Xdn+ACq Dq0Db3A++3PhMSaOu125uIAIwMXRJIzCXYSqXo8NIeo9tobk0C/9w3fUfMTrBDtSviLHqlp8 eQEP8+TDSmRP/CwmFHv36jd+XGmBHzW5I7qw0OORRwNFYBeEuiOIgxAfjjbLGHh9SRwEqXAL kw+WVTwh0MN1k7I9/CDVlGvc3yIKS0sA+wudYiselXzgLuP5cQARAQABtCZNYXJjIEtsZWlu ZS1CdWRkZSA8bWtsQHBlbmd1dHJvbml4LmRlPokCVAQTAQoAPgIbAwIeAQIXgAULCQgHAwUV CgkICwUWAgMBABYhBMFAC6CzmJ5vvH1bXCte4hHFiupUBQJfEWX4BQkQo2czAAoJECte4hHF iupUvfMP/iNtiysSr5yU4tbMBzRkGov1/FjurfH1kPweLVHDwiQJOGBz9HgM5+n8boduRv36 0lU32g3PehN0UHZdHWhygUd6J09YUi2mJo1l2Fz1fQ8elUGUOXpT/xoxNQjslZjJGItCjza8 +D1DO+0cNFgElcNPa7DFBnglatOCZRiMjo4Wx0i8njEVRU+4ySRU7rCI36KPts+uVmZAMD7V 3qiR1buYklJaPCJsnXURXYsilBIE9mZRmQjTDVqjLWAit++flqUVmDjaD/pj2AQe2Jcmd2gm sYW5P1moz7ACA1GzMjLDmeFtpJOIB7lnDX0F/vvsG3V713/701aOzrXqBcEZ0E4aWeZJzaXw n1zVIrl/F3RKrWDhMKTkjYy7HA8hQ9SJApFXsgP334Vo0ea82H3dOU755P89+Eoj0y44MbQX 7xUy4UTRAFydPl4pJskveHfg4dO6Yf0PGIvVWOY1K04T1C5dpnHAEMvVNBrfTA8qcahRN82V /iIGB+KSC2xR79q1kv1oYn0GOnWkvZmMhqGLhxIqHYitwH4Jn5uRfanKYWBk12LicsjRiTyW Z9cJf2RgAtQgvMPvmaOL8vB3U4ava48qsRdgxhXMagU618EszVdYRNxGLCqsKVYIDySTrVzu ZGs2ibcRhN4TiSZjztWBAe1MaaGk05Ce4h5IdDLbOOxhuQENBF8SDLABCADohJLQ5yffd8Sq 8Lo9ymzgaLcWboyZ46pY4CCCcAFDRh++QNOJ8l4mEJMNdEa/yrW4lDQDhBWV75VdBuapYoal LFrSzDzrqlHGG4Rt4/XOqMo6eSeSLipYBu4Xhg59S9wZOWbHVT/6vZNmiTa3d40+gBg68dQ8 iqWSU5NhBJCJeLYdG6xxeUEtsq/25N1erxmhs/9TD0sIeX36rFgWldMwKmZPe8pgZEv39Sdd B+ykOlRuHag+ySJxwovfdVoWT0o0LrGlHzAYo6/ZSi/Iraa9R/7A1isWOBhw087BMNkRYx36 B77E4KbyBPx9h3wVyD/R6T0Q3ZNPu6SQLnsWojMzABEBAAGJAjwEGAEKACYWIQTBQAugs5ie b7x9W1wrXuIRxYrqVAUCXxIMsAIbDAUJAucGAAAKCRArXuIRxYrqVOu0D/48xSLyVZ5NN2Bb yqo3zxdv/PMGJSzM3JqSv7hnMZPQGy9XJaTc5Iz/hyXaNRwpH5X0UNKqhQhlztChuAKZ7iu+ 2VKzq4JJe9qmydRUwylluc4HmGwlIrDNvE0N66pRvC3h8tOVIsippAQlt5ciH74bJYXr0PYw Aksw1jugRxMbNRzgGECg4O6EBNaHwDzsVPX1tDj0d9t/7ClzJUy20gg8r9Wm/I/0rcNkQOpV RJLDtSbGSusKxor2XYmVtHGauag4YO6Vdq+2RjArB3oNLgSOGlYVpeqlut+YYHjWpaX/cTf8 /BHtIQuSAEu/WnycpM3Z9aaLocYhbp5lQKL6/bcWQ3udd0RfFR/Gv7eR7rn3evfqNTtQdo4/ YNmd7P8TS7ALQV/5bNRe+ROLquoAZvhaaa6SOvArcmFccnPeyluX8+o9K3BCdXPwONhsrxGO wrPI+7XKMlwWI3O076NqNshh6mm8NIC0mDUr7zBUITa67P3Q2VoPoiPkCL9RtsXdQx5BI9iI h/6QlzDxcBdw2TVWyGkVTCdeCBpuRndOMVmfjSWdCXXJCLXO6sYeculJyPkuNvumxgwUiK/H AqqdUfy1HqtzP2FVhG5Ce0TeMJepagR2CHPXNg88Xw3PDjzdo+zNpqPHOZVKpLUkCvRv1p1q m1qwQVWtAwMML/cuPga78rkBDQRfEXGWAQgAt0Cq8SRiLhWyTqkf16Zv/GLkUgN95RO5ntYM fnc2Tr3UlRq2Cqt+TAvB928lN3WHBZx6DkuxRM/Y/iSyMuhzL5FfhsICuyiBs5f3QG70eZx+ Bdj4I7LpnIAzmBdNWxMHpt0m7UnkNVofA0yH6rcpCsPrdPRJNOLFI6ZqXDQk9VF+AB4HVAJY BDU3NAHoyVGdMlcxev0+gEXfBQswEcysAyvzcPVTAqmrDsupnIB2f0SDMROQCLO6F+/cLG4L Stbz+S6YFjESyXblhLckTiPURvDLTywyTOxJ7Mafz6ZCene9uEOqyd/h81nZOvRd1HrXjiTE 1CBw+Dbvbch1ZwGOTQARAQABiQNyBBgBCgAmFiEEwUALoLOYnm+8fVtcK17iEcWK6lQFAl8R cZYCGwIFCQLnoRoBQAkQK17iEcWK6lTAdCAEGQEKAB0WIQQreQhYm33JNgw/d6GpyVqK+u3v qQUCXxFxlgAKCRCpyVqK+u3vqatQCAC3QIk2Y0g/07xNLJwhWcD7JhIqfe7Qc5Vz9kf8ZpWr +6w4xwRfjUSmrXz3s6e/vrQsfdxjVMDFOkyG8c6DWJo0TVm6Ucrf9G06fsjjE/6cbE/gpBkk /hOVz/a7UIELT+HUf0zxhhu+C9hTSl8Nb0bwtm6JuoY5AW0LP2KoQ6LHXF9KNeiJZrSzG6WE h7nf3KRFS8cPKe+trbujXZRb36iIYUfXKiUqv5xamhohy1hw+7Sy8nLmw8rZPa40bDxX0/Gi 98eVyT4/vi+nUy1gF1jXgNBSkbTpbVwNuldBsGJsMEa8lXnYuLzn9frLdtufUjjCymdcV/iT sFKziU9AX7TLZ5AP/i1QMP9OlShRqERH34ufA8zTukNSBPIBfmSGUe6G2KEWjzzNPPgcPSZx Do4jfQ/m/CiiibM6YCa51Io72oq43vMeBwG9/vLdyev47bhSfMLTpxdlDJ7oXU9e8J61iAF7 vBwerBZL94I3QuPLAHptgG8zPGVzNKoAzxjlaxI1MfqAD9XUM80MYBVjunIQlkU/AubdvmMY X7hY1oMkTkC5hZNHLgIsDvWUG0g3sACfqF6gtMHY2lhQ0RxgxAEx+ULrk/svF6XGDe6iveyc z5Mg5SUggw3rMotqgjMHHRtB3nct6XqgPXVDGYR7nAkXitG+nyG5zWhbhRDglVZ0mLlW9hij z3Emwa94FaDhN2+1VqLFNZXhLwrNC5mlA6LUjCwOL+zb9a07HyjekLyVAdA6bZJ5BkSXJ1CO 5YeYolFjr4YU7GXcSVfUR6fpxrb8N+yH+kJhY3LmS9vb2IXxneE/ESkXM6a2YAZWfW8sgwTm 0yCEJ41rW/p3UpTV9wwE2VbGD1XjzVKl8SuAUfjjcGGys3yk5XQ5cccWTCwsVdo2uAcY1MVM HhN6YJjnMqbFoHQq0H+2YenTlTBn2Wsp8TIytE1GL6EbaPWbMh3VLRcihlMj28OUWGSERxat xlygDG5cBiY3snN3xJyBroh5xk/sHRgOdHpmujnFyu77y4RTZ2W8 Message-ID: <794cd63d-b0cb-2cc9-199c-d18724852db6@pengutronix.de> Date: Tue, 3 Nov 2020 23:17:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <20201103213906.24219-1-anant.thazhemadam@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DdWBTypegOL3k6T7g0dsn17XNTI1gRNTT" X-SA-Exim-Connect-IP: 2001:67c:670:201:5054:ff:fe8d:eefb X-SA-Exim-Mail-From: mkl@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DdWBTypegOL3k6T7g0dsn17XNTI1gRNTT Content-Type: multipart/mixed; boundary="9XYUBXvVXEpFimu1vm1NDXcF0m5tGs2P8"; protected-headers="v1" From: Marc Kleine-Budde To: Anant Thazhemadam , socketcan@hartkopp.net, davem@davemloft.net, kuba@kernel.org Cc: linux-can@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <794cd63d-b0cb-2cc9-199c-d18724852db6@pengutronix.de> Subject: Re: [PATCH 0/2] prevent potential access of uninitialized members in can_rcv() and canfd_rcv() References: <20201103213906.24219-1-anant.thazhemadam@gmail.com> In-Reply-To: <20201103213906.24219-1-anant.thazhemadam@gmail.com> --9XYUBXvVXEpFimu1vm1NDXcF0m5tGs2P8 Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: quoted-printable On 11/3/20 10:39 PM, Anant Thazhemadam wrote: > In both can_rcv(), and canfd_rcv(), when skb->len =3D 0, cfd->len=20 > (which is uninitialized) is accessed by pr_warn_once(). >=20 > Performing the validation check for cfd->len separately, after the=20 > validation check for skb->len is done, resolves this issue in both=20 > instances, without compromising the degree of detail provided in the > log messages. >=20 > Anant Thazhemadam (2): > can: af_can: prevent potential access of uninitialized member in > can_rcv() > can: af_can: prevent potential access of uninitialized member in > canfd_rcv() >=20 > net/can/af_can.c | 38 ++++++++++++++++++++++++++++---------- > 1 file changed, 28 insertions(+), 10 deletions(-) >=20 Applied both to linux-can/testing Tnx, Marc --=20 Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | --9XYUBXvVXEpFimu1vm1NDXcF0m5tGs2P8-- --DdWBTypegOL3k6T7g0dsn17XNTI1gRNTT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEK3kIWJt9yTYMP3ehqclaivrt76kFAl+h1wQACgkQqclaivrt 76mpdggAo4UGijeisHQfM7pg7txwKuoqCvThXIrUBWjX1QE2LEChJiP5oMYKlLcs PrN7a34d+Li+mdMd/dasGDz7ddVdPvPNiJVve/zP5Fvw4TGPkPeYIk2UKJqmtGCw wFyDjxsLLUrvk/9fxKTaqTNMVV+1YmirFkgOkbMLgj9ZgZZgcPxJfjiPlE//djml zMFt+kX/O3ifQL60CNH5lzIxXmne9eVzyZlIjtIkOscCrpxoOUkdHGT6mhcEtZo2 eClqh8Fg9l10XEaH5DLta6bP603WFRDL1pi6ffuroaDiIRCIatWUfiP8U7v9ILk4 5MnYlM63eTbTdz9eJWcsnswVrU6hVw== =OjB/ -----END PGP SIGNATURE----- --DdWBTypegOL3k6T7g0dsn17XNTI1gRNTT--