can: Use WARN_ONCE() instead of BUG_ON() for sanity check in receive path

To ensure a proper handling of CAN frames transported in skbuffs some checks
need to be performed at receive time.

As stated by Michael Olbrich and Luotao Fu BUG_ON() might be to restrictive.
This is right as we can just drop the non conform skbuff and the Kernel can
continue working.

This patch replaces the BUG_ON() with a WARN_ONCE() so that the system remains
healthy but we made the problem visible (once).
Signed-off-by: default avatarOliver Hartkopp <>
Signed-off-by: default avatarUrs Thuermann <>
CC: Michael Olbrich <>
CC: Luotao Fu <>
Signed-off-by: default avatarDavid S. Miller <>
......@@ -651,12 +651,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
struct can_frame *cf = (struct can_frame *)skb->data;
int matches;
if (dev->type != ARPHRD_CAN || !net_eq(dev_net(dev), &init_net)) {
return 0;
if (!net_eq(dev_net(dev), &init_net))
goto drop;
BUG_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8);
if (WARN_ONCE(dev->type != ARPHRD_CAN ||
skb->len != sizeof(struct can_frame) ||
cf->can_dlc > 8,
"PF_CAN: dropped non conform skbuf: "
"dev type %d, len %d, can_dlc %d\n",
dev->type, skb->len, cf->can_dlc))
goto drop;
/* update statistics */
......@@ -683,6 +687,10 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
return 0;
return 0;
