Re: Feedback provided on question about KMSAN: uninit-value in can_receive

Next message: Akinobu Mita: "Re: fault injection: query if a fault has been injected?"
Previous message: Swaraj Gaikwad: "[PATCH RFC] mm/memblock: Fix reserve_mem allocation overlapping KHO scratch regions"
In reply to: Oliver Hartkopp: "Re: Question about to KMSAN: uninit-value in can_receive"
Next in thread: Oliver Hartkopp: "Re: Question about to KMSAN: uninit-value in can_receive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Prithvi Tambewagh

Date: Sun Nov 30 2025 - 07:04:51 EST

Hello Oliver,

Thanks for the feedback! I now understand how struct can_skb_priv is
reserved in the headroom, more clearly, given that I am relatively new
to kernel development. I agree on your patch.

I tested it locally using the reproducer program for this bug provided by
syzbot and it didn't crash the kernel. Also, I checked the patch here

https://lore.kernel.org/linux-can/20191207183418.28868-1-socketcan@xxxxxxxxxxxx/

looking at it, I think your patch will work fine with the above patch as
well, since data will be accessed at

skb->data - sizeof(struct can_skb_priv)

which is the intended place for it, according to te action of
can_skb_reserve() which increases headroom by length
sizeof(struct can_skb_priv), reserving the space just before skb->data.

I think it solves this specific KMSAN bug. Kindly correct me if I am wrong.

Would you like to fix this bug by sending your patch upstream? Or else
shall I send this patch upstream and mention your name in Suggested-by tag?

Thank you,
Prithvi Tambewagh