can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is acces...

commit e7a6994d043a1e31d5b17706a22ce33d2a3e4cdc upstream.

If the "struct can_priv::echo_skb" is accessed out of bounds would lead
to a kernel crash. Better print a sensible warning message instead and
try to recover.

Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
index 7900d5a39989471087ac0ce7d63c2352d9a34360..7d61d8801220e6c443a58ad8821c6097394300e7 100644 (file)
--- a/drivers/net/can/dev.c
+++ b/drivers/net/can/dev.c
@@ -480,7 +480,11 @@ struct sk_buff *__can_get_echo_skb(struct net_device *dev, unsigned int idx, u8
 {
        struct can_priv *priv = netdev_priv(dev);
 
-       BUG_ON(idx >= priv->echo_skb_max);
+       if (idx >= priv->echo_skb_max) {
+               netdev_err(dev, "%s: BUG! Trying to access can_priv::echo_skb out of bounds (%u/max %u)\n",
+                          __func__, idx, priv->echo_skb_max);
+               return NULL;
+       }
 
        if (priv->echo_skb[idx]) {
                /* Using "struct canfd_frame::len" for the frame