Message ID | 20241029182712.318271-1-keisuke.nishimura@inria.fr (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
Series | ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() | expand |
+ Marcel On Tue, Oct 29, 2024 at 07:27:12PM +0100, Keisuke Nishimura wrote: > ca8210_test_interface_init() returns the result of kfifo_alloc(), > which can be non-zero in case of an error. The caller, ca8210_probe(), > should check the return value and do error-handling if it fails. > > Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr> > --- > drivers/net/ieee802154/ca8210.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c > index e685a7f946f0..753215ebc67c 100644 > --- a/drivers/net/ieee802154/ca8210.c > +++ b/drivers/net/ieee802154/ca8210.c > @@ -3072,7 +3072,11 @@ static int ca8210_probe(struct spi_device *spi_device) > spi_set_drvdata(priv->spi, priv); > if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { > cascoda_api_upstream = ca8210_test_int_driver_write; > - ca8210_test_interface_init(priv); > + ret = ca8210_test_interface_init(priv); > + if (ret) { > + dev_crit(&spi_device->dev, "ca8210_test_interface_init failed\n"); > + goto error; Hi Nishimura-san, I see that this will conditionally call kfifo_free(). Is that safe here? And in branches to error above this point? > + } > } else { > cascoda_api_upstream = NULL; > } > -- > 2.34.1 > >
On 04/11/2024 13:12, Simon Horman wrote: > + Marcel > > On Tue, Oct 29, 2024 at 07:27:12PM +0100, Keisuke Nishimura wrote: >> ca8210_test_interface_init() returns the result of kfifo_alloc(), >> which can be non-zero in case of an error. The caller, ca8210_probe(), >> should check the return value and do error-handling if it fails. >> >> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") >> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr> >> --- >> drivers/net/ieee802154/ca8210.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c >> index e685a7f946f0..753215ebc67c 100644 >> --- a/drivers/net/ieee802154/ca8210.c >> +++ b/drivers/net/ieee802154/ca8210.c >> @@ -3072,7 +3072,11 @@ static int ca8210_probe(struct spi_device *spi_device) >> spi_set_drvdata(priv->spi, priv); >> if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { >> cascoda_api_upstream = ca8210_test_int_driver_write; >> - ca8210_test_interface_init(priv); >> + ret = ca8210_test_interface_init(priv); >> + if (ret) { >> + dev_crit(&spi_device->dev, "ca8210_test_interface_init failed\n"); >> + goto error; > > Hi Nishimura-san, > > I see that this will conditionally call kfifo_free(). > Is that safe here? And in branches to error above this point? > Hi Horman-san, Thank you for taking a look at this patch. > Is that safe here? Yes, it is safe. The failure of kfifo_alloc(&test->up_fifo, CA8210_TEST_INT_FIFO_SIZE, GFP_KERNEL) sets test->up_fifo.data to NULL, and kfifo_free() will then do kfree(test->up_fifo.data) with some minor clean-up. > And in branches to error above this point? Are you referring to the error handling for ieee802154_alloc_hw()? To my understanding, since spi_get_drvdata() in ca8210_remove() returns NULL if there's an error, we shouldn’t need to call ca8210_test_interface_clear(). However, I’m not familiar with this code, so please correct me if I'm mistaken. best, Keisuke >> + } >> } else { >> cascoda_api_upstream = NULL; >> } >> -- >> 2.34.1 >> >>
On Mon, Nov 04, 2024 at 11:24:42PM +0100, Keisuke Nishimura wrote: > > > On 04/11/2024 13:12, Simon Horman wrote: > > + Marcel > > > > On Tue, Oct 29, 2024 at 07:27:12PM +0100, Keisuke Nishimura wrote: > >> ca8210_test_interface_init() returns the result of kfifo_alloc(), > >> which can be non-zero in case of an error. The caller, ca8210_probe(), > >> should check the return value and do error-handling if it fails. > >> > >> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > >> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr> > >> --- > >> drivers/net/ieee802154/ca8210.c | 6 +++++- > >> 1 file changed, 5 insertions(+), 1 deletion(-) > >> > >> diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c > >> index e685a7f946f0..753215ebc67c 100644 > >> --- a/drivers/net/ieee802154/ca8210.c > >> +++ b/drivers/net/ieee802154/ca8210.c > >> @@ -3072,7 +3072,11 @@ static int ca8210_probe(struct spi_device *spi_device) > >> spi_set_drvdata(priv->spi, priv); > >> if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { > >> cascoda_api_upstream = ca8210_test_int_driver_write; > >> - ca8210_test_interface_init(priv); > >> + ret = ca8210_test_interface_init(priv); > >> + if (ret) { > >> + dev_crit(&spi_device->dev, "ca8210_test_interface_init failed\n"); > >> + goto error; > > > > Hi Nishimura-san, > > > > I see that this will conditionally call kfifo_free(). > > Is that safe here? And in branches to error above this point? > > > > Hi Horman-san, > > Thank you for taking a look at this patch. > > > Is that safe here? > > Yes, it is safe. The failure of kfifo_alloc(&test->up_fifo, > CA8210_TEST_INT_FIFO_SIZE, GFP_KERNEL) sets test->up_fifo.data to NULL, > and kfifo_free() will then do kfree(test->up_fifo.data) with some minor > clean-up. Thanks, sounds good. > > And in branches to error above this point? > > Are you referring to the error handling for ieee802154_alloc_hw()? Yes. > To my > understanding, since spi_get_drvdata() in ca8210_remove() returns NULL > if there's an error, we shouldn’t need to call > ca8210_test_interface_clear(). However, I’m not familiar with this code, > so please correct me if I'm mistaken. That makes two of us. But I don't think your patch changes this situation. And it does improve things wrt to the problem described in your commit message. So, while I think it would be worth looking into the error handling for ieee802154_alloc_hw() I don't think it needs to block progress of this patch. Reviewed-by: Simon Horman <horms@kernel.org>
Hello, >> > On Tue, Oct 29, 2024 at 07:27:12PM +0100, Keisuke Nishimura wrote: >> >> ca8210_test_interface_init() returns the result of kfifo_alloc(), >> >> which can be non-zero in case of an error. The caller, ca8210_probe(), >> >> should check the return value and do error-handling if it fails. >> >> >> >> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Stable tag missing. With this fixed, Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Thanks, Miquèl
Hello Keisuke Nishimura. On Tue, 29 Oct 2024 19:27:12 +0100, Keisuke Nishimura wrote: > ca8210_test_interface_init() returns the result of kfifo_alloc(), > which can be non-zero in case of an error. The caller, ca8210_probe(), > should check the return value and do error-handling if it fails. > > Applied to wpan/wpan.git, thanks! [1/1] ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() https://git.kernel.org/wpan/wpan/c/2c87309ea741 regards, Stefan Schmidt
diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c index e685a7f946f0..753215ebc67c 100644 --- a/drivers/net/ieee802154/ca8210.c +++ b/drivers/net/ieee802154/ca8210.c @@ -3072,7 +3072,11 @@ static int ca8210_probe(struct spi_device *spi_device) spi_set_drvdata(priv->spi, priv); if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { cascoda_api_upstream = ca8210_test_int_driver_write; - ca8210_test_interface_init(priv); + ret = ca8210_test_interface_init(priv); + if (ret) { + dev_crit(&spi_device->dev, "ca8210_test_interface_init failed\n"); + goto error; + } } else { cascoda_api_upstream = NULL; }
ca8210_test_interface_init() returns the result of kfifo_alloc(), which can be non-zero in case of an error. The caller, ca8210_probe(), should check the return value and do error-handling if it fails. Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr> --- drivers/net/ieee802154/ca8210.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)