[INFO] BCM and ISOTP crashes Linux 3.11 - 3.13 when running on REAL HW CAN interfaces
Oliver Hartkopp
socketcan at hartkopp.net
Sat Feb 1 18:14:43 UTC 2014
Hello all,
at 2013-08-01 Eric Dumazet created this patch to make sure some
networking rules are enforced in the Linux Kernel in Linux 3.11:
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=376c7311bdb6efea3322310333576a04d73fbe4c
This affects CAN BCM and CAN ISOTP and leads to a KERNEL CRASH
when you are *sending* with the BCM or ISOTP on REAL(!) CAN interfaces.
AFAIK there are not so many use cases. That's why it lasted 6 months to detect it :-(
Virtual CAN and SLCAN interfaces do not have this problem (no echo skbs).
Do I have to care about this issue?
Usually the embedded systems do not have such a recent kernel.
Regarding desktop distributions Redhat 7 runs a 3.10 kernel which is safe.
But e.g. OpenSuse 13.1 and Ubuntu 13.10 / Linux Mint Petra are based on
Linux 3.11 and Debian Jessie (current Debian testing) is on Linux 3.12.
The latter have the described problem with BCM / ISOTP until this patch
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=0ae89beb283a0db5980d1d4781c7d7be2f2810d6
is applied by the stable kernel maintainers and distribution maintainers.
The patch is already upstream for Linux 3.14 but it will take some time
until it gets into the stable kernels 3.11 - 3.13 and the distributions.
As Linux 3.11 is already end-of-life [EOL] I'll address the Ubuntu and
OpenSuse maintainers directly so that this patch for 3.11 does not get lost.
David Miller already queued this patch up for -stable
Original post: http://marc.info/?l=linux-netdev&m=139107310226665&w=2
Take care,
Oliver
-------- Original Message --------
Subject: Re: [PATCH stable 3.9+] can: add destructor for self generated skbs
Date: Thu, 30 Jan 2014 16:27:23 -0800 (PST)
From: David Miller <davem at davemloft.net>
To: socketcan at hartkopp.net
CC: eric.dumazet at gmail.com, nautsch2 at gmail.com, netdev at vger.kernel.org, linux-can at vger.kernel.org
From: Oliver Hartkopp <socketcan at hartkopp.net>
Date: Thu, 30 Jan 2014 10:11:28 +0100
> Self generated skbuffs in net/can/bcm.c are setting a skb->sk reference but
> no explicit destructor which is enforced since Linux 3.11 with commit
> 376c7311bdb6 (net: add a temporary sanity check in skb_orphan()).
>
> This patch adds some helper functions to make sure that a destructor is
> properly defined when a sock reference is assigned to a CAN related skb.
> To create an unshared skb owned by the original sock a common helper function
> has been introduced to replace open coded functions to create CAN echo skbs.
>
> Signed-off-by: Oliver Hartkopp <socketcan at hartkopp.net>
> Tested-by: Andre Naujoks <nautsch2 at gmail.com>
Applied and queued up for -stable, thanks.
More information about the kernel-team
mailing list