lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 Jul 2022 14:06:45 +0300
From:   Fedor Pchelkin <pchelkin@...ras.ru>
To:     Robin van der Gracht <robin@...tonic.nl>,
        Oleksij Rempel <linux@...pel-privat.de>
Cc:     Fedor Pchelkin <pchelkin@...ras.ru>,
        Pengutronix Kernel Team <kernel@...gutronix.de>,
        Oliver Hartkopp <socketcan@...tkopp.net>,
        Marc Kleine-Budde <mkl@...gutronix.de>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Elenita Hinds <ecathinds@...il.com>,
        Kurt Van Dijck <dev.kurt@...dijck-laurijssen.be>,
        linux-can@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Alexey Khoroshilov <khoroshilov@...ras.ru>
Subject: [PATCH] can: j1939: Remove unnecessary WARN_ON_ONCE in j1939_sk_queue_activate_next_locked()

The purpose of WARN_ON_ONCE if the session with the same parameters
has already been activated and is currently in active_session_list is
not very clear. Is this warning implemented to indicate that userspace
is doing something wrong?

As far as I can see, there are two lists: active_session_list (which
is for the whole device) and sk_session_queue (which is unique for
each j1939_sock), and the situation when we have two sessions with
the same type, addresses and destinations in two different
sk_session_queues (owned by two different sockets) is actually highly
probable - one is active and the other is willing to become active
but the j1939_session_activate() does not let that happen. It is
correct behaviour as I assume.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Fedor Pchelkin <pchelkin@...ras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@...ras.ru>
---
 net/can/j1939/socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index f5ecfdcf57b2..be4b73afa16c 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -178,7 +178,7 @@ static void j1939_sk_queue_activate_next_locked(struct j1939_session *session)
 	if (!first)
 		return;
 
-	if (WARN_ON_ONCE(j1939_session_activate(first))) {
+	if (j1939_session_activate(first)) {
 		first->err = -EBUSY;
 		goto activate_next;
 	} else {
-- 
2.25.1

Powered by blists - more mailing lists