[INFO] BCM and ISOTP crashes Linux 3.11 - 3.13 when running on REAL HW CAN interfaces

Sun Feb 2 18:00:18 UTC 2014

On Sat, Feb 01, 2014 at 07:14:43PM +0100, Oliver Hartkopp wrote:
> Hello all,
> 
> at 2013-08-01 Eric Dumazet created this patch to make sure some
> networking rules are enforced in the Linux Kernel in Linux 3.11:
> http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=376c7311bdb6efea3322310333576a04d73fbe4c
> 
> This affects CAN BCM and CAN ISOTP and leads to a KERNEL CRASH
> when you are *sending* with the BCM or ISOTP on REAL(!) CAN interfaces.
> 
> AFAIK there are not so many use cases. That's why it lasted 6 months to detect it :-(
> Virtual CAN and SLCAN interfaces do not have this problem (no echo skbs).
> 
> Do I have to care about this issue?
> 
> Usually the embedded systems do not have such a recent kernel.
> Regarding desktop distributions Redhat 7 runs a 3.10 kernel which is safe.
> 
> But e.g. OpenSuse 13.1 and Ubuntu 13.10 / Linux Mint Petra are based on
> Linux 3.11 and Debian Jessie (current Debian testing) is on Linux 3.12.
> 
> The latter have the described problem with BCM / ISOTP until this patch 
> 
> http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=0ae89beb283a0db5980d1d4781c7d7be2f2810d6
> 
> is applied by the stable kernel maintainers and distribution maintainers.
> The patch is already upstream for Linux 3.14 but it will take some time
> until it gets into the stable kernels 3.11 - 3.13 and the distributions.
> 
> As Linux 3.11 is already end-of-life [EOL] I'll address the Ubuntu and
> OpenSuse maintainers directly so that this patch for 3.11 does not get lost.
> David Miller already queued this patch up for -stable
> Original post: http://marc.info/?l=linux-netdev&m=139107310226665&w=2
> 
> Take care,
> Oliver

Hi Oliver,

Thanks a lot for the heads-up on this issue.

I've just checked David Miller's net -stable queue[1] and it looks like he
has in fact already queued it.  We usually pick his stable patches when he
sends them to the stable mailing list, so I guess we'll just wait for this
to happen.

[1] http://patchwork.ozlabs.org/bundle/davem/stable/?state=*

Cheers,
--
Luis

> 
> 
> -------- Original Message --------
> Subject: Re: [PATCH stable 3.9+] can: add destructor for self generated skbs
> Date: Thu, 30 Jan 2014 16:27:23 -0800 (PST)
> From: David Miller <davem at davemloft.net>
> To: socketcan at hartkopp.net
> CC: eric.dumazet at gmail.com, nautsch2 at gmail.com, netdev at vger.kernel.org, linux-can at vger.kernel.org
> 
> From: Oliver Hartkopp <socketcan at hartkopp.net>
> Date: Thu, 30 Jan 2014 10:11:28 +0100
> 
> > Self generated skbuffs in net/can/bcm.c are setting a skb->sk reference but
> > no explicit destructor which is enforced since Linux 3.11 with commit
> > 376c7311bdb6 (net: add a temporary sanity check in skb_orphan()).
> > 
> > This patch adds some helper functions to make sure that a destructor is
> > properly defined when a sock reference is assigned to a CAN related skb.
> > To create an unshared skb owned by the original sock a common helper function
> > has been introduced to replace open coded functions to create CAN echo skbs.
> > 
> > Signed-off-by: Oliver Hartkopp <socketcan at hartkopp.net>
> > Tested-by: Andre Naujoks <nautsch2 at gmail.com>
> 
> Applied and queued up for -stable, thanks.
> 
> 