diff options
| author | Oliver Hartkopp <socketcan@hartkopp.net> | 2019-12-07 19:34:18 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-14 20:03:03 +0100 |
| commit | a69b03e5b50b42f1842f5af71c63057d93cc7573 (patch) | |
| tree | 26d84714f189736bcd173f2f0c769cc3cb22cf14 /drivers/staging | |
| parent | 177aa4d14d912a33a4490644987ac499e8bb9e11 (diff) | |
| download | linux-stable-a69b03e5b50b42f1842f5af71c63057d93cc7573.tar.gz linux-stable-a69b03e5b50b42f1842f5af71c63057d93cc7573.tar.bz2 linux-stable-a69b03e5b50b42f1842f5af71c63057d93cc7573.zip | |
can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
commit e7153bf70c3496bac00e7e4f395bb8d8394ac0ea upstream.
KMSAN sysbot detected a read access to an untinitialized value in the
headroom of an outgoing CAN related sk_buff. When using CAN sockets this
area is filled appropriately - but when using a packet socket this
initialization is missing.
The problematic read access occurs in the CAN receive path which can
only be triggered when the sk_buff is sent through a (virtual) CAN
interface. So we check in the sending path whether we need to perform
the missing initializations.
Fixes: d3b58c47d330d ("can: replace timestamp as unique skb attribute")
Reported-by: syzbot+b02ff0707a97e4e79ebb@syzkaller.appspotmail.com
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= v4.1
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging')
0 files changed, 0 insertions, 0 deletions