On Fri. 29 Oct 2021 at 20:34, Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx> wrote: > On 27.10.2021 03:09:09, Vincent Mailhol wrote: > > In m_can_read_fifo(), if the second call to m_can_fifo_read() fails, > > the function jump to the out_fail label and returns without calling > > m_can_receive_skb(). This means that the skb previously allocated by > > alloc_can_skb() is not freed. In other terms, this is a memory leak. > > > > This patch adds a new goto statement: out_receive_skb and do some > > small code refactoring to fix the issue. > > This means we pass a skb to the user space, which contains wrong data. > Probably 0x0, but if the CAN frame doesn't contain 0x0, it's wrong. That > doesn't look like a good idea. If the CAN frame broke due to a CRC issue > on the wire it is not received. IMHO it's best to discard the skb and > return the error. Arg... Guess I made the right choice to tag the patch as RFC... Just one question, what is the correct function to discard the skb? The driver uses the napi polling system (which I am not entirely familiar with). Does it mean that the rx is not done in IRQ context and that we can simply use kfree_skb() instead of dev_kfree_skb_irq()? Yours sincerely, Vincent Mailhol
