Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5940531pxb; Mon, 14 Feb 2022 11:13:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJyJKfUrK2n++spnNOkEy9WVJjGlYOrf+FaPEWUpz6er7TjKXk5GSNSRF9+NNJvasKNZSUVk X-Received: by 2002:a17:90b:4aca:b0:1b9:ed62:b917 with SMTP id mh10-20020a17090b4aca00b001b9ed62b917mr19936pjb.237.1644866006949; Mon, 14 Feb 2022 11:13:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644866006; cv=none; d=google.com; s=arc-20160816; b=dolj4FzVnByW6opWB1D8DyJUB4786oVPHnL7ebJysf1gLTW4wEqjBJhSEyxaA5ksCt wtDNWk3wCqdos8nhwHXFD9dJyGqpILIai8iMwfd39nyz0H37T5hTRxJ1Czkp2ZDez3tx at76aS7FFGj9wF0kYjVQvOQoBOdaVLmZcMT4Ms6K7/PcQK4N3V6ByQuSXxm9YJ0Pw02X XsjeyPDN2nspBA+Hog1chf1oCCbG5nulpWxl6ahsxkh5/wjKOc2pvi1RyioKa0+mYjn9 +Ym31dj9Sa3SA8Bk6dMuY51B5YrK5dmdpskIVz9UO3fO4o74WhxkFOnP7bB3PCQzq3xs PffQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wBEOOARnI64JNNPzAasCYzGKnjqAAecS3Zu2Wn/rrFA=; b=gTYJhqkHjdrA3YSdJB+XaBMoUJrfTELM1iY1fjQ4WM1TkQK7nrVWs4QVLf2lHZHH53 gxvnHCdgq4A63FM+9cqdKRtNbwgQKcIC64RWuw9lnlLrWZsotViumtlswr6+QDSFaF17 BELMeLnHF3aKmkgpIYATp9Q81d4U8JUhzcsXGIImvQ5+oP/0ohWDqeUN4IVB9N9pBEnu BsKFkXpsy4LRRsS00M8gJrcilWKrvNJrsA/G7bQrEqkehYljupVDlWecjkviod29hqzz Q12EhvstY5hnh+b0t9cuZqSVGYvH5k0FJZ74RAMamX2npVblYaRivWBy4P6ppOLa62w1 s03g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dqwRk5xa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id j15si35405367pfj.338.2022.02.14.11.13.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Feb 2022 11:13:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dqwRk5xa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B3ACFFD; Mon, 14 Feb 2022 11:07:18 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345744AbiBNKBy (ORCPT + 99 others); Mon, 14 Feb 2022 05:01:54 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:43510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344419AbiBNJ4L (ORCPT ); Mon, 14 Feb 2022 04:56:11 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA8CD6CA67; Mon, 14 Feb 2022 01:44:34 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8E867B80DBF; Mon, 14 Feb 2022 09:44:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8920C340E9; Mon, 14 Feb 2022 09:44:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1644831872; bh=QsNESD3ovvJn16NRwkN3uzf4k3ZPt6v4eLTA/pYShbc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dqwRk5xa49rTjcJsJ2upCQBcWbUphUy2lQ1koNwZeF65zvcX833rh7ACHDYcVa4AB 2o00FbQ80+ADGPjTfQzb8cMmMYJvznnKESER4sfRuoI/fl1d1lJpFDCzFP7YLADcON JTOJEJwTx/EKgT8eeXRKHeKtqxZqij+LTLD7ecd0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ziyang Xuan , Oliver Hartkopp , Marc Kleine-Budde Subject: [PATCH 5.10 111/116] can: isotp: fix error path in isotp_sendmsg() to unlock wait queue Date: Mon, 14 Feb 2022 10:26:50 +0100 Message-Id: <20220214092502.627756264@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220214092458.668376521@linuxfoundation.org> References: <20220214092458.668376521@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Oliver Hartkopp commit 8375dfac4f683e1b2c5956d919d36aeedad46699 upstream. Commit 43a08c3bdac4 ("can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()") introduced a new locking scheme that may render the userspace application in a locking state when an error is detected. This issue shows up under high load on simultaneously running isotp channels with identical configuration which is against the ISO specification and therefore breaks any reasonable PDU communication anyway. Fixes: 43a08c3bdac4 ("can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()") Link: https://lore.kernel.org/all/20220209073601.25728-1-socketcan@hartkopp.net Cc: stable@vger.kernel.org Cc: Ziyang Xuan Signed-off-by: Oliver Hartkopp Signed-off-by: Marc Kleine-Budde Signed-off-by: Greg Kroah-Hartman --- net/can/isotp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/can/isotp.c +++ b/net/can/isotp.c @@ -885,24 +885,24 @@ static int isotp_sendmsg(struct socket * if (!size || size > MAX_MSG_LENGTH) { err = -EINVAL; - goto err_out; + goto err_out_drop; } err = memcpy_from_msg(so->tx.buf, msg, size); if (err < 0) - goto err_out; + goto err_out_drop; dev = dev_get_by_index(sock_net(sk), so->ifindex); if (!dev) { err = -ENXIO; - goto err_out; + goto err_out_drop; } skb = sock_alloc_send_skb(sk, so->ll.mtu + sizeof(struct can_skb_priv), msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) { dev_put(dev); - goto err_out; + goto err_out_drop; } can_skb_reserve(skb); @@ -967,7 +967,7 @@ static int isotp_sendmsg(struct socket * if (err) { pr_notice_once("can-isotp: %s: can_send_ret %d\n", __func__, err); - goto err_out; + goto err_out_drop; } if (wait_tx_done) { @@ -980,6 +980,9 @@ static int isotp_sendmsg(struct socket * return size; +err_out_drop: + /* drop this PDU and unlock a potential wait queue */ + old_state = ISOTP_IDLE; err_out: so->tx.state = old_state; if (so->tx.state == ISOTP_IDLE)