lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20230529-escalate-petticoat-976947c5ff2c-mkl@pengutronix.de>
Date:   Mon, 29 May 2023 12:15:08 +0200
From:   Marc Kleine-Budde <mkl@...gutronix.de>
To:     Oleksij Rempel <o.rempel@...gutronix.de>
Cc:     Robin van der Gracht <robin@...tonic.nl>,
        Oliver Hartkopp <socketcan@...tkopp.net>,
        David Jander <david@...tonic.nl>, kernel@...gutronix.de,
        linux-can@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] can: j1939: j1939_sk_send_loop_abort(): improved
 error queue handling in J1939 Socket

On 26.05.2023 10:19:46, Oleksij Rempel wrote:
> This patch addresses an issue within the j1939_sk_send_loop_abort()
> function in the j1939/socket.c file, specifically in the context of
> Transport Protocol (TP) sessions.
> 
> Without this patch, when a TP session is initiated and a Clear To Send
> (CTS) frame is received from the remote side requesting one data packet,
> the kernel dispatches the first Data Transport (DT) frame and then waits
> for the next CTS. If the remote side doesn't respond with another CTS,
> the kernel aborts due to a timeout. This leads to the user-space
> receiving an EPOLLERR on the socket, and the socket becomes active.
> 
> However, when trying to read the error queue from the socket with
> sock.recvmsg(, , socket.MSG_ERRQUEUE), it returns -EAGAIN,
> given that the socket is non-blocking. This situation results in an
> infinite loop: the user-space repeatedly calls epoll(), epoll() returns
> the socket file descriptor with EPOLLERR, but the socket then blocks on
> the recv() of ERRQUEUE.
> 
> This patch introduces an additional check for the J1939_SOCK_ERRQUEUE
> flag within the j1939_sk_send_loop_abort() function. If the flag is set,
> it indicates that the application has subscribed to receive error queue
> messages. In such cases, the kernel can communicate the current transfer
> state via the error queue. This allows for the function to return early,
> preventing the unnecessary setting of the socket into an error state,
> and breaking the infinite loop. It is crucial to note that a socket
> error is only needed if the application isn't using the error queue, as,
> without it, the application wouldn't be aware of transfer issues.
> 
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Reported-by: David Jander <david@...tonic.nl>
> Tested-by: David Jander <david@...tonic.nl>
> Signed-off-by: Oleksij Rempel <o.rempel@...gutronix.de>

Applied to linux-can, added stable on Cc.

Thanks,
Marc

-- 
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung Nürnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ