Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.19.11 2026-01-15T08:52:04+00:00 2026-01-15T08:52:04+00:00 Oliver Hartkopp socketcan@hartkopp.net 2026-01-09T14:41:35+00:00 urn:sha1:faba5860fcf9a0ae49d2e484397bce44293367ff For real CAN interfaces the CAN_CTRLMODE_FD and CAN_CTRLMODE_XL control modes indicate whether an interface can handle those CAN FD/XL frames. In the case a CAN XL interface is configured in CANXL-only mode with disabled error-signalling neither CAN CC nor CAN FD frames can be sent. The checks are now performed on CAN_RAW sockets to give an instant feedback to the user when writing unsupported CAN frames to the interface or when the CAN interface is in read-only mode. Fixes: 1a620a723853 ("can: raw: instantly reject unsupported CAN frames") Cc: Marc Kleine-Budde <mkl@pengutronix.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Vincent Mailhol <mailhol@kernel.org> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Link: https://patch.msgid.link/20260109144135.8495-4-socketcan@hartkopp.net [mkl: fix dev reference leak] Link: https://lore.kernel.org/all/0636c732-2e71-4633-8005-dfa85e1da445@hartkopp.net Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2026-01-15T08:52:04+00:00 Oliver Hartkopp socketcan@hartkopp.net 2026-01-09T14:41:33+00:00 urn:sha1:4650ff58a1b9ee68b2d3a207047998dd42e939b2 This reverts commit 1a620a723853a0f49703c317d52dc6b9602cbaa8 and its follow-up fixes for the introduced dependency issues. commit 1a620a723853 ("can: raw: instantly reject unsupported CAN frames") commit cb2dc6d2869a ("can: Kconfig: select CAN driver infrastructure by default") commit 6abd4577bccc ("can: fix build dependency") commit 5a5aff6338c0 ("can: fix build dependency") The entire problem was caused by the requirement that a new network layer feature needed to know about the protocol capabilities of the CAN devices. Instead of accessing CAN device internal data structures which caused the dependency problems a better approach has been developed which makes use of CAN specific ml_priv data which is accessible from both sides. Cc: Marc Kleine-Budde <mkl@pengutronix.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Vincent Mailhol <mailhol@kernel.org> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Link: https://patch.msgid.link/20260109144135.8495-2-socketcan@hartkopp.net Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-11-26T10:20:44+00:00 Oliver Hartkopp socketcan@hartkopp.net 2025-11-26T10:16:17+00:00 urn:sha1:1a620a723853a0f49703c317d52dc6b9602cbaa8 For real CAN interfaces the CAN_CTRLMODE_FD and CAN_CTRLMODE_XL control modes indicate whether an interface can handle those CAN FD/XL frames. In the case a CAN XL interface is configured in CANXL-only mode with disabled error-signalling neither CAN CC nor CAN FD frames can be sent. The checks are performed on CAN_RAW sockets to give an instant feedback to the user when writing unsupported CAN frames to the interface. Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Link: https://patch.msgid.link/20251126-canxl-v8-16-e7e3eb74f889@pengutronix.de Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-11-05T03:10:32+00:00 Kees Cook kees@kernel.org 2025-11-04T00:26:10+00:00 urn:sha1:0e50474fa514822e9d990874e554bf8043a201d7 Update all struct proto_ops bind() callback function prototypes from "struct sockaddr *" to "struct sockaddr_unsized *" to avoid lying to the compiler about object sizes. Calls into struct proto handlers gain casts that will be removed in the struct proto conversion patch. No binary changes expected. Signed-off-by: Kees Cook <kees@kernel.org> Link: https://patch.msgid.link/20251104002617.2752303-2-kees@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-09-23T08:04:58+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-23T06:37:08+00:00 urn:sha1:c67732d067860850b767c81736b49f88a946bffb As hinted in commit 501a90c94510 ("inet: protect against too small mtu values."), net_device->mtu is vulnerable to race conditions if it is written and read without holding the RTNL. At the moment, all the writes are done while the interface is down, either in the devices' probe() function or in can_changelink(). So there are no such issues yet. But upcoming changes will allow to modify the MTU while the CAN XL devices are up. In preparation to the introduction of CAN XL, annotate all the net_device->mtu accesses which are not yet guarded by the RTNL with a READ_ONCE(). Note that all the write accesses are already either guarded by the RTNL or are already annotated and thus need no changes. Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250923-can-fix-mtu-v3-1-581bde113f52@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:35+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:26+00:00 urn:sha1:a146cfaaa0dd8a3e2cf3447cd2965a3c4d046e8f struct raw_sock has several holes. Reorder the fields to save 8 bytes. Statistics before: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int ifindex; /* 776 4 */ /* XXX 4 bytes hole, try to pack */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ unsigned int bound:1; /* 808: 0 4 */ unsigned int loopback:1; /* 808: 1 4 */ unsigned int recv_own_msgs:1; /* 808: 2 4 */ unsigned int fd_frames:1; /* 808: 3 4 */ unsigned int xl_frames:1; /* 808: 4 4 */ unsigned int join_filters:1; /* 808: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 809 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_shifted; /* 820 4 */ canid_t rx_vcid_mask_shifted; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ can_err_mask_t err_mask; /* 848 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 856 8 */ /* size: 864, cachelines: 14, members: 20 */ /* sum members: 852, holes: 3, sum holes: 11 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 32 bytes */ } __attribute__((__aligned__(8))); ...and after: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ struct net_device * dev; /* 776 8 */ netdevice_tracker dev_tracker; /* 784 0 */ struct list_head notifier; /* 784 16 */ int ifindex; /* 800 4 */ unsigned int bound:1; /* 804: 0 4 */ unsigned int loopback:1; /* 804: 1 4 */ unsigned int recv_own_msgs:1; /* 804: 2 4 */ unsigned int fd_frames:1; /* 804: 3 4 */ unsigned int xl_frames:1; /* 804: 4 4 */ unsigned int join_filters:1; /* 804: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 805 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 812 4 */ canid_t rx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_mask_shifted; /* 820 4 */ can_err_mask_t err_mask; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ struct uniqframe * uniq; /* 848 8 */ /* size: 856, cachelines: 14, members: 20 */ /* sum members: 852, holes: 1, sum holes: 3 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 24 bytes */ } __attribute__((__aligned__(8))); Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-3-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:34+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:25+00:00 urn:sha1:890e5198a6e5b238627c245fafea1a92670a86cd The bound, loopback, recv_own_msgs, fd_frames, xl_frames and join_filters fields of struct raw_sock just need to store one bit of information. Declare all those members as a bitfields of type unsigned int and width one bit. Add a temporary variable to raw_setsockopt() and raw_getsockopt() to make the conversion between the stored bits and the socket interface. This reduces the size of struct raw_sock by sixteen bytes. Statistics before: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int bound; /* 776 4 */ int ifindex; /* 780 4 */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ int loopback; /* 808 4 */ int recv_own_msgs; /* 812 4 */ int fd_frames; /* 816 4 */ int xl_frames; /* 820 4 */ struct can_raw_vcid_options raw_vcid_opts; /* 824 4 */ canid_t tx_vcid_shifted; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ canid_t rx_vcid_shifted; /* 832 4 */ canid_t rx_vcid_mask_shifted; /* 836 4 */ int join_filters; /* 840 4 */ int count; /* 844 4 */ struct can_filter dfilter; /* 848 8 */ struct can_filter * filter; /* 856 8 */ can_err_mask_t err_mask; /* 864 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 872 8 */ /* size: 880, cachelines: 14, members: 20 */ /* sum members: 876, holes: 1, sum holes: 4 */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 48 bytes */ } __attribute__((__aligned__(8))); ...and after: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int ifindex; /* 776 4 */ /* XXX 4 bytes hole, try to pack */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ unsigned int bound:1; /* 808: 0 4 */ unsigned int loopback:1; /* 808: 1 4 */ unsigned int recv_own_msgs:1; /* 808: 2 4 */ unsigned int fd_frames:1; /* 808: 3 4 */ unsigned int xl_frames:1; /* 808: 4 4 */ unsigned int join_filters:1; /* 808: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 809 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_shifted; /* 820 4 */ canid_t rx_vcid_mask_shifted; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ can_err_mask_t err_mask; /* 848 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 856 8 */ /* size: 864, cachelines: 14, members: 20 */ /* sum members: 852, holes: 3, sum holes: 11 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 32 bytes */ } __attribute__((__aligned__(8))); Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-2-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:34+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:24+00:00 urn:sha1:fc8418eca43d5872e3976636d7c4924094bd07fd struct uniqframe has one hole. Reorder the fields to save 8 bytes. Statistics before: $ pahole --class_name=uniqframe net/can/raw.o struct uniqframe { int skbcnt; /* 0 4 */ /* XXX 4 bytes hole, try to pack */ const struct sk_buff * skb; /* 8 8 */ unsigned int join_rx_count; /* 16 4 */ /* size: 24, cachelines: 1, members: 3 */ /* sum members: 16, holes: 1, sum holes: 4 */ /* padding: 4 */ /* last cacheline: 24 bytes */ }; ...and after: $ pahole --class_name=uniqframe net/can/raw.o struct uniqframe { const struct sk_buff * skb; /* 0 8 */ int skbcnt; /* 8 4 */ unsigned int join_rx_count; /* 12 4 */ /* size: 16, cachelines: 1, members: 3 */ /* last cacheline: 16 bytes */ }; Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-1-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-06-10T08:23:56+00:00 Davide Caratti dcaratti@redhat.com 2025-06-04T16:06:05+00:00 urn:sha1:81807451c2a6af59bbc58adfd0da69870c30d4ab sock_queue_rcv_skb() can fail because of lack of memory resources: use drop reasons and pass the receiving socket to the tracepoint, so that it's possible to better locate/debug such events. Tested with: | # modprobe vcan echo=1 | # ip link add name vcan2 type vcan | # ip link set dev vcan2 up | # ./netlayer/tst-proc 1 & | # bg | # while true ; do perf record -e skb:kfree_skb -aR -- \ | > ./raw/tst-raw-sendto vcan2 ; perf script ; done | [...] | tst-raw-sendto 10942 [000] 506428.431856: skb:kfree_skb: skbaddr=0xffff97cec38b4200 rx_sk=0xffff97cf0f75a800 protocol=12 location=raw_rcv+0x20e reason: SOCKET_RCVBUF Signed-off-by: Davide Caratti <dcaratti@redhat.com> Link: https://patch.msgid.link/20250604160605.1005704-3-dcaratti@redhat.com Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-03-14T12:27:33+00:00 Davide Caratti dcaratti@redhat.com 2025-03-14T11:39:49+00:00 urn:sha1:6bffe88452dbe284747442f10a7ac8249d6495d7 The third column in the output of the following command: | # grep CAN /proc/net/protocols is systematically '0': use sock_prot_inuse_add() to account for the number of sockets for each protocol on top of AF_CAN family. Signed-off-by: Davide Caratti <dcaratti@redhat.com> Link: https://patch.msgid.link/9db5d0e6c11b232ad895885616f1258882a32f61.1741952160.git.dcaratti@redhat.com Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>