From: Oliver Hartkopp <oliver@hartkopp.net>
To: Luotao Fu <l.fu@pengutronix.de>
Cc: socketcan-users@lists.berlios.de,
Michael Olbrich <m.olbrich@pengutronix.de>,
linux-kernel@vger.kernel.org
Subject: Re: [Socketcan-users] [PATCH] CAN: make checking in can_rcv less restrictive
Date: Thu, 06 Aug 2009 18:48:23 +0200 [thread overview]
Message-ID: <4A7B0957.5020808@hartkopp.net> (raw)
In-Reply-To: <1249572295-7801-1-git-send-email-l.fu@pengutronix.de>
Luotao Fu wrote:
> From: Michael Olbrich <m.olbrich@pengutronix.de>
>
> Checking for can frame format in can_rcv() is too restrictive. BUG_ON is way too
> heavy for the case that the can interface probably received a can frame with
> malicious format. Further it can be used for DDOS attack since BUG_ON can lead
> to kernel panic. Hence we turn this to WARN_ON instead.
>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> Signed-off-by: Luotao Fu <l.fu@pengutronix.de>
> ---
> net/can/af_can.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/can/af_can.c b/net/can/af_can.c
> index e733725..e6dcf4b 100644
> --- a/net/can/af_can.c
> +++ b/net/can/af_can.c
> @@ -656,7 +656,7 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
> return 0;
> }
>
> - BUG_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8);
> + WARN_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8);
>
> /* update statistics */
> can_stats.rx_frames++;
NAK.
The CAN applications can rely on getting proper CAN frames with this check. It
was introduced some time ago together with several other sanity checks - even
on the TX path.
The CAN core *only* consumes skbuffs originated from a CAN netdevice
(ARPHRD_CAN).
When this BUG() triggers, someone provided a definitely broken *CAN* network
driver, and this needs to be fixed on that level. It is really not that
problematic to ensure proper CAN frames on driver level ... this sanity check
should not be needed to be performed by every single application.
Btw. the SocketCAN core ML and probably the netdev ML are the better places to
post CAN specific stuff the first time.
Regards,
Oliver
ps. If you have a use-case to make a DDOS via CAN bus - please let me know.
I'm always interested doing strange things on CAN ;-)
next prev parent reply other threads:[~2009-08-06 16:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-06 15:24 [PATCH] CAN: make checking in can_rcv less restrictive Luotao Fu
2009-08-06 16:48 ` Oliver Hartkopp [this message]
2009-08-06 20:17 ` [Socketcan-users] " Luotao Fu
2009-08-06 20:58 ` Oliver Hartkopp
2009-08-06 21:02 ` Luotao Fu
2009-08-07 4:08 ` Oliver Hartkopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A7B0957.5020808@hartkopp.net \
--to=oliver@hartkopp.net \
--cc=l.fu@pengutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=m.olbrich@pengutronix.de \
--cc=socketcan-users@lists.berlios.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox