Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp66968pxb; Thu, 30 Sep 2021 00:59:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwCFdRvSMS6sBl6BlVQWHCt1Ms9IbMgQnegizXd5gt/hTov6/U0EP4p2A2fPZui69XWtkeG X-Received: by 2002:a17:906:700f:: with SMTP id n15mr4961155ejj.319.1632988748208; Thu, 30 Sep 2021 00:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632988748; cv=none; d=google.com; s=arc-20160816; b=OK6iB4xQa1bq9woHj5as9FCftctbkxjGfBYcVtravEYJToba+XMjHYBe9//xPcLkLW xe3nFqHngmO+gaxRKOBnAsFyhSQNR8SJ/GNms6xcKSnzJIg6BIDB5b5/tNhSqDXW5oky lLER7o4oil+W/zbpk6p6MJmfKl8uQRd8AE3PMDqCnidsm0ierELsvYFjQDijh1vgonv4 BqPUQOs/pmNM8+aAyhY1Aw1FRWBlJe9Ynq3l6ToJG5+Z2P9gssmH6FblZcHxwu1pUCfS 2i4Bgk7eMLGc8pkdC9UVCA6gEdImu6Ix+ywIHdy2IG6+VEclWi1nYILx/U+1cJVr7pVS XI3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:mail-followup-to:message-id:subject:cc:to :from:date; bh=FQ5f5zk3eX1j8INx39k/i2Ksnu9d+CFN2pkL51rYtGc=; b=x261X4+9qujSSfCJLAJ8EoTX/H1hFwlySbEDkncdWIIC6uZhAQ3WEYdnDOQij7xopO Lfy9l1lRJNrNeY6T4+ZVvF7+I46VtRJvihdJvaQat8oUkjdpwxpdGisAW3Eze6f1NO+/ IFhcYlSpbLwEAtUYKzBTqoZKm6m7Dluru19TEmepgSHrFl0AcbkFV7BU76mO7OlLakTx duzGNcfgLNLW13tp+qXFcug4ntPvmiDUeBiIwZKeI4a5MW80on/tfrnkICCq6QjbVFs0 baExHmvmHN4QHN5PJCWAySj7+9en3+GrBRhClZCg4RAuNorrYZnSgYgS2CA1qOv0FeK3 j7Sw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u10si2733449edp.443.2021.09.30.00.58.44; Thu, 30 Sep 2021 00:59:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348871AbhI3H5v (ORCPT + 99 others); Thu, 30 Sep 2021 03:57:51 -0400 Received: from relay-b01.edpnet.be ([212.71.1.221]:36606 "EHLO relay-b01.edpnet.be" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348806AbhI3H5u (ORCPT ); Thu, 30 Sep 2021 03:57:50 -0400 X-Greylist: delayed 837 seconds by postgrey-1.27 at vger.kernel.org; Thu, 30 Sep 2021 03:57:49 EDT X-ASG-Debug-ID: 1632987728-15c4341a85b81220001-xx1T2L Received: from zotac.vandijck-laurijssen.be (94.105.120.149.dyn.edpnet.net [94.105.120.149]) by relay-b01.edpnet.be with ESMTP id gocwNBg9nSrzGfSh; Thu, 30 Sep 2021 09:42:08 +0200 (CEST) X-Barracuda-Envelope-From: dev.kurt@vandijck-laurijssen.be X-Barracuda-Effective-Source-IP: 94.105.120.149.dyn.edpnet.net[94.105.120.149] X-Barracuda-Apparent-Source-IP: 94.105.120.149 Received: from x1.vandijck-laurijssen.be (x1.vandijck-laurijssen.be [IPv6:fd01::1a1d:eaff:fe02:d339]) by zotac.vandijck-laurijssen.be (Postfix) with ESMTPSA id D797D168301A; Thu, 30 Sep 2021 09:42:07 +0200 (CEST) Date: Thu, 30 Sep 2021 09:42:06 +0200 From: Kurt Van Dijck To: Zhang Changzhong Cc: Robin van der Gracht , Oleksij Rempel , kernel@pengutronix.de, Oliver Hartkopp , Marc Kleine-Budde , "David S. Miller" , Jakub Kicinski , Maxime Jayat , linux-can@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net] can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length Message-ID: <20210930074206.GB7502@x1.vandijck-laurijssen.be> X-ASG-Orig-Subj: Re: [PATCH net] can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length Mail-Followup-To: Zhang Changzhong , Robin van der Gracht , Oleksij Rempel , kernel@pengutronix.de, Oliver Hartkopp , Marc Kleine-Budde , "David S. Miller" , Jakub Kicinski , Maxime Jayat , linux-can@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1632972800-45091-1-git-send-email-zhangchangzhong@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1632972800-45091-1-git-send-email-zhangchangzhong@huawei.com> User-Agent: Mutt/1.5.22 (2013-10-16) X-Barracuda-Connect: 94.105.120.149.dyn.edpnet.net[94.105.120.149] X-Barracuda-Start-Time: 1632987728 X-Barracuda-URL: https://212.71.1.221:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at edpnet.be X-Barracuda-Scan-Msg-Size: 2144 X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.50 X-Barracuda-Spam-Status: No, SCORE=0.50 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=7.0 tests=BSF_RULE7568M X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.92948 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.50 BSF_RULE7568M Custom Rule 7568M Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 30 Sep 2021 11:33:20 +0800, Zhang Changzhong wrote: > According to SAE-J1939-21, the data length of TP.DT must be 8 bytes, so > cancel session when receive unexpected TP.DT message. SAE-j1939-21 indeed says that all TP.DT must be 8 bytes. However, the last TP.DT may contain up to 6 stuff bytes, which have no meaning. If I remember well, they are even not 'reserved'. > > Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") > Signed-off-by: Zhang Changzhong > --- > net/can/j1939/transport.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c > index bb5c4b8..eedaeaf 100644 > --- a/net/can/j1939/transport.c > +++ b/net/can/j1939/transport.c > @@ -1789,6 +1789,7 @@ static void j1939_xtp_rx_dpo(struct j1939_priv *priv, struct sk_buff *skb, > static void j1939_xtp_rx_dat_one(struct j1939_session *session, > struct sk_buff *skb) > { > + enum j1939_xtp_abort abort = J1939_XTP_ABORT_FAULT; > struct j1939_priv *priv = session->priv; > struct j1939_sk_buff_cb *skcb, *se_skcb; > struct sk_buff *se_skb = NULL; > @@ -1803,9 +1804,11 @@ static void j1939_xtp_rx_dat_one(struct j1939_session *session, > > skcb = j1939_skb_to_cb(skb); > dat = skb->data; > - if (skb->len <= 1) > + if (skb->len != 8) { > /* makes no sense */ > + abort = J1939_XTP_ABORT_UNEXPECTED_DATA; > goto out_session_cancel; I think this is a situation of "be strict on what you send, be tolerant on what you receive". Did you find a technical reason to abort a session because the last frame didn't bring overhead that you don't use? Kind regards, Kurt > + } > > switch (session->last_cmd) { > case 0xff: > @@ -1904,7 +1907,7 @@ static void j1939_xtp_rx_dat_one(struct j1939_session *session, > out_session_cancel: > kfree_skb(se_skb); > j1939_session_timers_cancel(session); > - j1939_session_cancel(session, J1939_XTP_ABORT_FAULT); > + j1939_session_cancel(session, abort); > j1939_session_put(session); > } > > -- > 2.9.5 >