~hc/RK356X_SDK_RELEASE.git

..	..	@@ -600,7 +600,10 @@
600	600	/* reserve CAN header */
601	601	skb_reserve(skb, offsetof(struct can_frame, data));
602	602
603		- memcpy(skb->cb, re_skcb, sizeof(skb->cb));
	603	+ /* skb->cb must be large enough to hold a j1939_sk_buff_cb structure */
	604	+ BUILD_BUG_ON(sizeof(skb->cb) < sizeof(*re_skcb));
	605	+
	606	+ memcpy(skb->cb, re_skcb, sizeof(*re_skcb));
604	607	skcb = j1939_skb_to_cb(skb);
605	608	if (swap_src_dst)
606	609	j1939_skbcb_swap(skcb);
..	..	@@ -1087,10 +1090,6 @@
1087	1090	bool active;
1088	1091
1089	1092	j1939_session_list_lock(priv);
1090		- /* This function should be called with a session ref-count of at
1091		- * least 2.
1092		- */
1093		- WARN_ON_ONCE(kref_read(&session->kref) < 2);
1094	1093	active = j1939_session_deactivate_locked(session);
1095	1094	j1939_session_list_unlock(priv);
1096	1095