Patch "can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt" has been added to the 5.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 17 Oct 2020 12:47:39 +0200

This is a note to let you know that I've just added the patch titled

    can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     can-j1935-j1939_tp_tx_dat_new-fix-missing-initialization-of-skbcnt.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Sat Oct 17 11:01:11 AM CEST 2020
From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Date: Wed, 7 Oct 2020 23:18:21 -0700
Subject: can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt

From: Cong Wang <xiyou.wangcong@xxxxxxxxx>

[ Upstream commit e009f95b1543e26606dca2f7e6e9f0f9174538e5 ]

This fixes an uninit-value warning:
BUG: KMSAN: uninit-value in can_receive+0x26b/0x630 net/can/af_can.c:650

Reported-and-tested-by: syzbot+3f3837e61a48d32b495f@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: Robin van der Gracht <robin@xxxxxxxxxxx>
Cc: Oleksij Rempel <linux@xxxxxxxxxxxxxxxx>
Cc: Pengutronix Kernel Team <kernel@xxxxxxxxxxxxxx>
Cc: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
Cc: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Link: https://lore.kernel.org/r/20201008061821.24663-1-xiyou.wangcong@xxxxxxxxx
Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/can/j1939/transport.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -580,6 +580,7 @@ sk_buff *j1939_tp_tx_dat_new(struct j193
 	skb->dev = priv->ndev;
 	can_skb_reserve(skb);
 	can_skb_prv(skb)->ifindex = priv->ndev->ifindex;
+	can_skb_prv(skb)->skbcnt = 0;
 	/* reserve CAN header */
 	skb_reserve(skb, offsetof(struct can_frame, data));
 


Patches currently in stable-queue which might be from xiyou.wangcong@xxxxxxxxx are

queue-5.4/tipc-fix-the-skb_unshare-in-tipc_buf_append.patch
queue-5.4/net_sched-remove-a-redundant-goto-chain-check.patch
queue-5.4/can-j1935-j1939_tp_tx_dat_new-fix-missing-initialization-of-skbcnt.patch






