| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Dec 2009 19:06:20 +0100 From: Wolfgang Grandegger <wg@...ndegger.com> To: Oliver Hartkopp <oliver@...tkopp.net> CC: David Miller <davem@...emloft.net>, Linux Netdev List <netdev@...r.kernel.org>, Barry Song <21cnbao@...il.com> Subject: Re: [PATCH net-2.6] can: Fix data length code handling in rx path Oliver Hartkopp wrote: > Wolfgang Grandegger wrote: >> Hi Oliver, >> >> Oliver Hartkopp wrote: >>> A valid CAN dataframe can have a data length code (DLC) of 0 .. 8 data bytes. >>> >>> When reading the CAN controllers register the 4-bit value may contain values >>> from 0 .. 15 which may exceed the reserved space in the socket buffer! >>> >>> The ISO 11898-1 Chapter 8.4.2.3 (DLC field) says that register values > 8 >>> should be reduced to 8 without any error reporting or frame drop. >>> >>> This patch introduces a new helper macro to cast a given 4-bit data length >>> code (dlc) to __u8 and ensure the DLC value to be max. 8 bytes. >>> >>> The different handlings in the rx path of the CAN netdevice drivers are fixed. >>> >>> Signed-off-by: Oliver Hartkopp <oliver@...tkopp.net> >> Please send you patches inline next time please. For the bfin_can and >> the ems_usb driver your patch now masks the dlc with 0xf. Are you sure >> this is needed or even correct? > > Yes. Both needed to be fixed. > > The bfin_can has an u16 value which is not reduced to 4-bits before. The relevant bits are hardware specific. > The ems_usb driver gets a u8 value via USB urb, which comes from a SJA1000 and > needs the same handling as in the sja1000 driver. There's no guarantee that > the USB adapter handles the values correctly - so masking is appropriate here. > >> Also, s/__u8/u8/, please. > > can_frame.can_dlc is the target and it is defined as '__u8' in > include/linux/can.h. OK. > As discussed on SocketCAN-ML we agreed the at91_can.c to be the 'correct' > implementation - and that's what i posted here on your request ... :-) The spoke about how to handle "dlc > 8". The additional masking is hardware specific and you need to check the manual to understand if it's really required. > IMO the patch remains 100% correct. I just checked the bfin manual. The DLC value uses a 4 bit field and there is also written: "Any DLC value greater than 8 is treated the same as a value of 8." That's exactly what this patch fixes. I didn't figure out though, if the masking is really required or if the higher bits are undefined (or "0"). At least it does not harm. Wolfgang. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists