WSL2-Linux-Kernel/net/can
Oliver Hartkopp 9015169f00 can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
From: Lukas Magel <lukas.magel@posteo.net>

[ Upstream commit d9c2ba65e6 ]

With patch [1], isotp_poll was updated to also queue the poller in the
so->wait queue, which is used for send state changes. Since the queue
now also contains polling tasks that are not interested in sending, the
queue fill state can no longer be used as an indication of send
readiness. As a consequence, nonblocking writes can lead to a race and
lock-up of the socket if there is a second task polling the socket in
parallel.

With this patch, isotp_sendmsg does not consult wq_has_sleepers but
instead tries to atomically set so->tx.state and waits on so->wait if it
is unable to do so. This behavior is in alignment with isotp_poll, which
also checks so->tx.state to determine send readiness.

V2:
- Revert direct exit to goto err_event_drop

[1] https://lore.kernel.org/all/20230331125511.372783-1-michal.sojka@cvut.cz

Reported-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Closes: https://lore.kernel.org/linux-can/11328958-453f-447f-9af8-3b5824dfb041@munic.io/
Signed-off-by: Lukas Magel <lukas.magel@posteo.net>
Reviewed-by: Oliver Hartkopp <socketcan@hartkopp.net>
Fixes: 79e19fa79c ("can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events")
Link: https://github.com/pylessard/python-udsoncan/issues/178#issuecomment-1743786590
Link: https://lore.kernel.org/all/20230827092205.7908-1-lukas.magel@posteo.net
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-08 17:26:49 +01:00
..
j1939 can: j1939: avoid possible use-after-free when j1939_can_rx_register fails 2023-06-14 11:13:06 +02:00
Kconfig net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
Makefile can: add ISO 15765-2:2016 transport protocol 2020-10-07 23:18:33 +02:00
af_can.c can: af_can: fix NULL pointer dereference in can_rcv_filter 2022-12-14 11:37:22 +01:00
af_can.h can: introduce CAN midlayer private and allocate it automatically 2019-09-04 13:29:14 +02:00
bcm.c can: bcm: Fix UAF in bcm_proc_show() 2023-07-27 08:46:55 +02:00
gw.c can: gw: synchronize rcu operations before removing gw job entry 2021-06-19 23:53:43 +02:00
isotp.c can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-11-08 17:26:49 +01:00
proc.c can: proc: remove unnecessary variables 2021-05-27 09:42:21 +02:00
raw.c can: raw: add missing refcount for memory leak fix 2023-08-30 16:18:20 +02:00