Re: Re: [PATCH] staging: rtl8712: check register_netdev() return value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

> 
> This function should not be calling register_netdev().  What does that
> have to do with firmware?  It should also not free_netdev() because
> that will just lead to a use after free in the caller.
>

--&gt; check code history author<larry.finger@xxxxxxxxxxxx> changed synchronous firmware loading to asynchronous firmware loading
    before this change, register_netdev() was not calling in firmware related function.
    For asynchronous loading, maybe register_netdev() be calling in rtl871x_load_fw_cb() is to ensure the netdev be registered after firmware loading completed

--&gt; for potential use after free issue
    Could I only call "free_irq(adapter-&gt;pnetdev-&gt;irq, adapter-&gt;pnetdev)" when register_netdev() failed ?
    If no need to change drivers/staging/rtl8712/hal_init.c file, I could give up my patch, thank you !

&gt; -----原始邮件-----
&gt; 发件人: "Dan Carpenter" <dan.carpenter@xxxxxxxxxx>
&gt; 发送时间: 2020-12-10 01:46:15 (星期四)
&gt; 收件人: shaojie.dong@xxxxxxxxxxxxxxxx
&gt; 抄送: Larry.Finger@xxxxxxxxxxxx, florian.c.schilhabel@xxxxxxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, devel@xxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
&gt; 主题: Re: [PATCH] staging: rtl8712: check register_netdev() return value
&gt; 
&gt; On Wed, Dec 09, 2020 at 11:01:24PM +0800, shaojie.dong@xxxxxxxxxxxxxxxx wrote:
&gt; &gt; From: "shaojie.dong" <shaojie.dong@xxxxxxxxxxxxxxxx>
&gt; &gt; 
&gt; &gt; Function register_netdev() can fail, so we should check it's return value
&gt; &gt; 
&gt; &gt; Signed-off-by: shaojie.dong <shaojie.dong@xxxxxxxxxxxxxxxx>
&gt; &gt; ---
&gt; &gt;  drivers/staging/rtl8712/hal_init.c | 5 ++++-
&gt; &gt;  1 file changed, 4 insertions(+), 1 deletion(-)
&gt; &gt; 
&gt; &gt; diff --git a/drivers/staging/rtl8712/hal_init.c b/drivers/staging/rtl8712/hal_init.c
&gt; &gt; index 715f1fe8b..38a3e3d44 100644
&gt; &gt; --- a/drivers/staging/rtl8712/hal_init.c
&gt; &gt; +++ b/drivers/staging/rtl8712/hal_init.c
&gt; &gt; @@ -45,7 +45,10 @@ static void rtl871x_load_fw_cb(const struct firmware *firmware, void *context)
&gt; &gt;  	}
&gt; &gt;  	adapter-&gt;fw = firmware;
&gt; &gt;  	/* firmware available - start netdev */
&gt; &gt; -	register_netdev(adapter-&gt;pnetdev);
&gt; &gt; +	if (register_netdev(adapter-&gt;pnetdev) != 0) {
&gt; &gt; +		netdev_err(adapter-&gt;pnetdev, "register_netdev() failed\n");
&gt; &gt; +		free_netdev(adapter-&gt;pnetdev);
&gt; &gt; +	}
&gt; 
&gt; This function should not be calling register_netdev().  What does that
&gt; have to do with firmware?  It should also not free_netdev() because
&gt; that will just lead to a use after free in the caller.
&gt; 
&gt; regards,
&gt; dan carpenter
&gt; 
&gt; &gt;  	complete(&amp;adapter-&gt;rtl8712_fw_ready);
&gt; &gt;  }
&gt; &gt;  
&gt; &gt; -- 
&gt; &gt; 2.17.1
&gt; &gt; 
&gt; &gt; _______________________________________________
&gt; &gt; devel mailing list
&gt; &gt; devel@xxxxxxxxxxxxxxxxxxxxxx
&gt; &gt; http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
</shaojie.dong@xxxxxxxxxxxxxxxx></shaojie.dong@xxxxxxxxxxxxxxxx></dan.carpenter@xxxxxxxxxx></larry.finger@xxxxxxxxxxxx>
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux