Re: [PATCH net] can: j1939: fix lockless local-destination check

Next message: Dmitry Baryshkov: "Re: [PATCH v3 2/2] drm/bridge: This patch add new DRM bridge driver for LT9611C(EX/UXD) chip"
Previous message: Jonathan Cameron: "Re: [PATCH] iio: dac: Fix passing uninitialized vref1_uV for no Vref1 case"
In reply to: Shuhao Fu: "Re: [PATCH net] can: j1939: fix lockless local-destination check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleksij Rempel

Date: Mon Apr 20 2026 - 08:21:00 EST

Hi,

On Sun, Apr 19, 2026 at 10:06:14PM +0800, Shuhao Fu wrote:
> j1939_priv.ents[].nusers is documented as protected by priv->lock, and
> its updates already happen under that lock. j1939_can_recv() also reads
> it under read_lock_bh(). However, j1939_session_skb_queue() and
> j1939_tp_send() still read priv->ents[da].nusers without taking the
> lock.
>
> Those transport-side checks decide whether to set J1939_ECU_LOCAL_DST, so
> they can race with j1939_local_ecu_get() and j1939_local_ecu_put() while
> userspace is binding or releasing sockets concurrently with TP traffic.
> This can misclassify TP/ETP sessions as local or remote and take the wrong
> transport path.
>
> Fix both transport paths by routing the destination-locality check through
> a helper that reads ents[].nusers under read_lock_bh(&priv->lock).
>
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Signed-off-by: Shuhao Fu <sfual@xxxxxxxxxx>

Thank you for your work. LGTM.
Tested-by: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>
Acked-by: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>

--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |