From: Pavel Skripkin <paskripkin@gmail.com>
To: "Dongliang Mu" <dzm91@hust.edu.cn>,
"Wolfgang Grandegger" <wg@grandegger.com>,
"Marc Kleine-Budde" <mkl@pengutronix.de>,
"David S. Miller" <davem@davemloft.net>,
"Jakub Kicinski" <kuba@kernel.org>,
"Stephane Grosjean" <s.grosjean@peak-system.com>,
"Stefan Mätje" <stefan.maetje@esd.eu>,
"Vincent Mailhol" <mailhol.vincent@wanadoo.fr>
Cc: Dongliang Mu <mudongliangabcd@gmail.com>,
linux-can@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drivers: net: remove a dangling pointer in peak_usb_create_dev
Date: Thu, 20 Jan 2022 17:27:51 +0300 [thread overview]
Message-ID: <b5cb1132-2f6b-e2da-78c7-1828b3617bc3@gmail.com> (raw)
In-Reply-To: <20220120130605.55741-1-dzm91@hust.edu.cn>
Hi Dongliang,
On 1/20/22 16:05, Dongliang Mu wrote:
> From: Dongliang Mu <mudongliangabcd@gmail.com>
>
> The error handling code of peak_usb_create_dev forgets to reset the
> next_siblings of previous entry.
>
> Fix this by nullifying the (dev->prev_siblings)->next_siblings in the
> error handling code.
>
> Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> ---
> drivers/net/can/usb/peak_usb/pcan_usb_core.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
> index b850ff8fe4bd..f858810221b6 100644
> --- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c
> +++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
> @@ -894,6 +894,9 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter,
> dev->adapter->dev_free(dev);
>
> lbl_unregister_candev:
> + /* remove the dangling pointer in next_siblings */
> + if (dev->prev_siblings)
> + (dev->prev_siblings)->next_siblings = NULL;
> unregister_candev(netdev);
>
> lbl_restore_intf_data:
Is this pointer used somewhere? I see, that couple of
struct peak_usb_adapter::dev_free() functions use it, but
peak_usb_disconnect() sets dev->next_siblings to NULL before calling
->dev_free().
Do you have a calltrace or oops log?
With regards,
Pavel Skripkin
next prev parent reply other threads:[~2022-01-20 14:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 13:05 [PATCH] drivers: net: remove a dangling pointer in peak_usb_create_dev Dongliang Mu
2022-01-20 14:27 ` Pavel Skripkin [this message]
2022-01-21 0:09 ` Dongliang Mu
2022-01-21 3:36 ` Dongliang Mu
2022-01-21 5:58 ` Dongliang Mu
2022-01-21 19:36 ` Pavel Skripkin
2022-01-22 6:45 ` Dongliang Mu
2022-01-23 13:48 ` Pavel Skripkin
2022-01-24 6:04 ` Dongliang Mu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b5cb1132-2f6b-e2da-78c7-1828b3617bc3@gmail.com \
--to=paskripkin@gmail.com \
--cc=davem@davemloft.net \
--cc=dzm91@hust.edu.cn \
--cc=kuba@kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mailhol.vincent@wanadoo.fr \
--cc=mkl@pengutronix.de \
--cc=mudongliangabcd@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=s.grosjean@peak-system.com \
--cc=stefan.maetje@esd.eu \
--cc=wg@grandegger.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.