net: introduce CAN specific pointer in the struct net_device

stable inclusion
from stable-5.10.28
commit 1a5751d58b14195f763b8c1d9ef33fb8a93e95e7
bugzilla: 51779

--------------------------------

[ Upstream commit 4e096a18 ]

Since 20dd3850 ("can: Speed up CAN frame receiption by using
ml_priv") the CAN framework uses per device specific data in the AF_CAN
protocol. For this purpose the struct net_device->ml_priv is used. Later
the ml_priv usage in CAN was extended for other users, one of them being
CAN_J1939.

Later in the kernel ml_priv was converted to an union, used by other
drivers. E.g. the tun driver started storing it's stats pointer.

Since tun devices can claim to be a CAN device, CAN specific protocols
will wrongly interpret this pointer, which will cause system crashes.
Mostly this issue is visible in the CAN_J1939 stack.

To fix this issue, we request a dedicated CAN pointer within the
net_device struct.

Reported-by:  <syzbot+5138c4dd15a0401bec7b@syzkaller.appspotmail.com>
Fixes: 20dd3850 ("can: Speed up CAN frame receiption by using ml_priv")
Fixes: ffd956ee ("can: introduce CAN midlayer private and allocate it automatically")
Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
Fixes: 497a5757 ("tun: switch to net core provided statistics counters")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20210223070127.4538-1-o.rempel@pengutronix.de


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Acked-by:   Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>