Re: [PATCH v2] can: etas_es58x: fix error handling
From: Johan Hovold <johan@kernel.org>
Date: 2021-11-15 08:13:12
Also in:
linux-can, lkml
On Mon, Nov 15, 2021 at 10:51:24AM +0300, Pavel Skripkin wrote:
quoted hunk ↗ jump to hunk
When register_candev() fails there are 2 possible device states: NETREG_UNINITIALIZED and NETREG_UNREGISTERED. None of them are suitable for calling unregister_candev(), because of following checks in unregister_netdevice_many(): if (dev->reg_state == NETREG_UNINITIALIZED) WARN_ON(1); ... BUG_ON(dev->reg_state != NETREG_REGISTERED); To avoid possible BUG_ON or WARN_ON let's free current netdev before returning from es58x_init_netdev() and leave others (registered) net devices for es58x_free_netdevs(). Fixes: 8537257874e9 ("can: etas_es58x: add core support for ETAS ES58X CAN USB interfaces") Signed-off-by: Pavel Skripkin <redacted> --- Changes in v2: - Fixed Fixes: tag - Moved es58x_dev->netdev[channel_idx] initialization at the end of the function --- drivers/net/can/usb/etas_es58x/es58x_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c index 96a13c770e4a..b3af8f2e32ac 100644 --- a/drivers/net/can/usb/etas_es58x/es58x_core.c +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c@@ -2091,19 +2091,22 @@ static int es58x_init_netdev(struct es58x_device *es58x_dev, int channel_idx) return -ENOMEM; } SET_NETDEV_DEV(netdev, dev); - es58x_dev->netdev[channel_idx] = netdev; es58x_init_priv(es58x_dev, es58x_priv(netdev), channel_idx); netdev->netdev_ops = &es58x_netdev_ops; netdev->flags |= IFF_ECHO; /* We support local echo */ ret = register_candev(netdev); - if (ret) + if (ret) { + free_candev(netdev); return ret; + } netdev_queue_set_dql_min_limit(netdev_get_tx_queue(netdev, 0), es58x_dev->param->dql_min_limit); + es58x_dev->netdev[channel_idx] = netdev; +
Just a drive-by comment: Are you sure about this move of the netdev[channel_idx] initialisation? What happens if the registered can device is opened before you initialise the pointer? NULL-deref in es58x_send_msg()? You generally want the driver data fully initialised before you register the device so this looks broken. And either way it is arguably an unrelated change that should go in a separate patch explaining why it is needed and safe.
return ret; }
Johan