Re: [PATCH v2] can: etas_es58x: fix error handling

From: Johan Hovold
Date: Mon Nov 15 2021 - 03:13:11 EST

Next message: Kaiwan N Billimoria: "Re: [PATCH v2 0/2] Introduce the pkill_on_warn parameter"
Previous message: Yang Li: "[PATCH -next] drm/amd/display: check top_pipe_to_program pointer"
In reply to: Pavel Skripkin: "[PATCH v2] can: etas_es58x: fix error handling"
Next in thread: Pavel Skripkin: "Re: [PATCH v2] can: etas_es58x: fix error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 15, 2021 at 10:51:24AM +0300, Pavel Skripkin wrote:
> When register_candev() fails there are 2 possible device states:
> NETREG_UNINITIALIZED and NETREG_UNREGISTERED. None of them are suitable
> for calling unregister_candev(), because of following checks in
> unregister_netdevice_many():
>
> if (dev->reg_state == NETREG_UNINITIALIZED)
> WARN_ON(1);
> ...
> BUG_ON(dev->reg_state != NETREG_REGISTERED);
>
> To avoid possible BUG_ON or WARN_ON let's free current netdev before
> returning from es58x_init_netdev() and leave others (registered)
> net devices for es58x_free_netdevs().
>
> Fixes: 8537257874e9 ("can: etas_es58x: add core support for ETAS ES58X CAN USB interfaces")
> Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
> ---
>
> Changes in v2:
> - Fixed Fixes: tag
> - Moved es58x_dev->netdev[channel_idx] initialization at the end
> of the function
>
> ---
> drivers/net/can/usb/etas_es58x/es58x_core.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
> index 96a13c770e4a..b3af8f2e32ac 100644
> --- a/drivers/net/can/usb/etas_es58x/es58x_core.c
> +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
> @@ -2091,19 +2091,22 @@ static int es58x_init_netdev(struct es58x_device *es58x_dev, int channel_idx)
> return -ENOMEM;
> }
> SET_NETDEV_DEV(netdev, dev);
> - es58x_dev->netdev[channel_idx] = netdev;
> es58x_init_priv(es58x_dev, es58x_priv(netdev), channel_idx);
>
> netdev->netdev_ops = &es58x_netdev_ops;
> netdev->flags |= IFF_ECHO; /* We support local echo */
>
> ret = register_candev(netdev);
> - if (ret)
> + if (ret) {
> + free_candev(netdev);
> return ret;
> + }
>
> netdev_queue_set_dql_min_limit(netdev_get_tx_queue(netdev, 0),
> es58x_dev->param->dql_min_limit);
>
> + es58x_dev->netdev[channel_idx] = netdev;
> +

Just a drive-by comment:

Are you sure about this move of the netdev[channel_idx] initialisation?
What happens if the registered can device is opened before you
initialise the pointer? NULL-deref in es58x_send_msg()?

You generally want the driver data fully initialised before you register
the device so this looks broken.

And either way it is arguably an unrelated change that should go in a
separate patch explaining why it is needed and safe.

> return ret;
> }

Johan

Next message: Kaiwan N Billimoria: "Re: [PATCH v2 0/2] Introduce the pkill_on_warn parameter"
Previous message: Yang Li: "[PATCH -next] drm/amd/display: check top_pipe_to_program pointer"
In reply to: Pavel Skripkin: "[PATCH v2] can: etas_es58x: fix error handling"
Next in thread: Pavel Skripkin: "Re: [PATCH v2] can: etas_es58x: fix error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]