[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211011063507.GI29653@pengutronix.de>
Date: Mon, 11 Oct 2021 08:35:07 +0200
From: Oleksij Rempel <o.rempel@...gutronix.de>
To: Zhang Changzhong <zhangchangzhong@...wei.com>
Cc: Maxime Jayat <maxime.jayat@...ile-devices.fr>,
Robin van der Gracht <robin@...tonic.nl>,
linux-kernel@...r.kernel.org,
Oleksij Rempel <linux@...pel-privat.de>,
netdev@...r.kernel.org, Marc Kleine-Budde <mkl@...gutronix.de>,
kernel@...gutronix.de, Oliver Hartkopp <socketcan@...tkopp.net>,
Jakub Kicinski <kuba@...nel.org>, linux-can@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH net] can: j1939: j1939_xtp_rx_dat_one(): cancel session
if receive TP.DT with error length
On Sat, Oct 09, 2021 at 04:43:56PM +0800, Zhang Changzhong wrote:
> On 2021/10/8 19:00, Oleksij Rempel wrote:
> > On Fri, Oct 08, 2021 at 05:22:12PM +0800, Zhang Changzhong wrote:
> >> Hi Kurt,
> >> Sorry for the late reply.
> >>
> >> On 2021/9/30 15:42, Kurt Van Dijck wrote:
> >>> On Thu, 30 Sep 2021 11:33:20 +0800, Zhang Changzhong wrote:
> >>>> According to SAE-J1939-21, the data length of TP.DT must be 8 bytes, so
> >>>> cancel session when receive unexpected TP.DT message.
> >>>
> >>> SAE-j1939-21 indeed says that all TP.DT must be 8 bytes.
> >>> However, the last TP.DT may contain up to 6 stuff bytes, which have no meaning.
> >>> If I remember well, they are even not 'reserved'.
> >>
> >> Agree, these bytes are meaningless for last TP.DT.
> >>
> >>>
> >>>>
> >>>> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> >>>> Signed-off-by: Zhang Changzhong <zhangchangzhong@...wei.com>
> >>>> ---
> >>>> net/can/j1939/transport.c | 7 +++++--
> >>>> 1 file changed, 5 insertions(+), 2 deletions(-)
> >>>>
> >>>> diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c
> >>>> index bb5c4b8..eedaeaf 100644
> >>>> --- a/net/can/j1939/transport.c
> >>>> +++ b/net/can/j1939/transport.c
> >>>> @@ -1789,6 +1789,7 @@ static void j1939_xtp_rx_dpo(struct j1939_priv *priv, struct sk_buff *skb,
> >>>> static void j1939_xtp_rx_dat_one(struct j1939_session *session,
> >>>> struct sk_buff *skb)
> >>>> {
> >>>> + enum j1939_xtp_abort abort = J1939_XTP_ABORT_FAULT;
> >>>> struct j1939_priv *priv = session->priv;
> >>>> struct j1939_sk_buff_cb *skcb, *se_skcb;
> >>>> struct sk_buff *se_skb = NULL;
> >>>> @@ -1803,9 +1804,11 @@ static void j1939_xtp_rx_dat_one(struct j1939_session *session,
> >>>>
> >>>> skcb = j1939_skb_to_cb(skb);
> >>>> dat = skb->data;
> >>>> - if (skb->len <= 1)
> >>>> + if (skb->len != 8) {
> >>>> /* makes no sense */
> >>>> + abort = J1939_XTP_ABORT_UNEXPECTED_DATA;
> >>>> goto out_session_cancel;
> >>>
> >>> I think this is a situation of
> >>> "be strict on what you send, be tolerant on what you receive".
> >>>
> >>> Did you find a technical reason to abort a session because the last frame didn't
> >>> bring overhead that you don't use?
> >>
> >> No technical reason. The only reason is that SAE-J1939-82 requires responder
> >> to abort session if any TP.DT less than 8 bytes (section A.3.4, Row 7).
> >
> > Do you mean: "BAM Transport: Ensure DUT discards BAM transport when
> > TP.DT data packets are not correct size" ... "Verify DUT discards the
> > BAM transport if any TP.DT data packet has less than 8 bytes"?
>
> Yes.
OK, then I have some problems to understand this part:
- 5.10.2.4 Connection Closure
The “connection abort” message is not allowed to be used by responders in the
case of a global destination (i.e. BAM).
My assumption would be: In case of broadcast transfer, multiple MCU are
receivers. If one of MCU was not able to get complete TP.DT, it should
not abort BAM for all.
So, "DUT discards the BAM transport" sounds for me as local action.
Complete TP would be dropped locally.
Regards
Oleksij
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists