From: Alan Stern <stern@rowland.harvard.edu>
To: Vincent MAILHOL <mailhol.vincent@wanadoo.fr>
Cc: "Oliver Neukum" <oneukum@suse.com>,
"Marc Kleine-Budde" <mkl@pengutronix.de>,
linux-can@vger.kernel.org,
"Wolfgang Grandegger" <wg@grandegger.com>,
"David S . Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Frank Jungclaus" <frank.jungclaus@esd.eu>,
socketcan@esd.eu, "Yasushi SHOJI" <yashi@spacecubics.com>,
"Stefan Mätje" <stefan.maetje@esd.eu>,
"Hangyu Hua" <hbh25y@gmail.com>,
"Oliver Hartkopp" <socketcan@hartkopp.net>,
"Peter Fink" <pfink@christ-es.de>,
"Jeroen Hofstee" <jhofstee@victronenergy.com>,
"Christoph Möhring" <cmoehring@christ-es.de>,
"John Whittington" <git@jbrengineering.co.uk>,
"Vasanth Sadhasivan" <vasanth.sadhasivan@samsara.com>,
"Jimmy Assarsson" <extja@kvaser.com>,
"Anssi Hannula" <anssi.hannula@bitwise.fi>,
"Pavel Skripkin" <paskripkin@gmail.com>,
"Stephane Grosjean" <s.grosjean@peak-system.com>,
"Wolfram Sang" <wsa+renesas@sang-engineering.com>,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
"Julia Lawall" <Julia.Lawall@inria.fr>,
"Dongliang Mu" <dzm91@hust.edu.cn>,
"Sebastian Haas" <haas@ems-wuensche.com>,
"Maximilian Schneider" <max@schneidersoft.net>,
"Daniel Berglund" <db@kvaser.com>,
"Olivier Sobrie" <olivier@sobrie.be>,
"Remigiusz Kołłątaj" <remigiusz.kollataj@mobica.com>,
"Jakob Unterwurzacher"
<jakob.unterwurzacher@theobroma-systems.com>,
"Martin Elshuber" <martin.elshuber@theobroma-systems.com>,
"Bernd Krumboeck" <b.krumboeck@gmail.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-usb@vger.kernel.org
Subject: Re: [PATCH 0/8] can: usb: remove all usb_set_intfdata(intf, NULL) in drivers' disconnect()
Date: Thu, 8 Dec 2022 11:28:24 -0500 [thread overview]
Message-ID: <Y5IQqExJN9C9xQbF@rowland.harvard.edu> (raw)
In-Reply-To: <CAMZ6RqL9eKco+fAMZoQ6X9PNE7dDK3KnFZoMCXrjgvx_ZU8=Ew@mail.gmail.com>
On Fri, Dec 09, 2022 at 12:44:51AM +0900, Vincent MAILHOL wrote:
> On Thu. 8 Dec. 2022 at 20:04, Oliver Neukum <oneukum@suse.com> wrote:
> > >> which is likely, then please also remove checks like this:
> > >>
> > >> struct ems_usb *dev = usb_get_intfdata(intf);
> > >>
> > >> usb_set_intfdata(intf, NULL);
> > >>
> > >> if (dev) {
> >
> > Here. If you have a driver that uses usb_claim_interface().
> > You need this check or you unregister an already unregistered
> > netdev.
>
> Sorry, but with all my best intentions, I still do not get it. During
> the second iteration, inft is NULL and:
No, intf is never NULL. Rather, the driver-specific pointer stored in
intfdata may be NULL.
You seem to be confusing intf with intfdata(intf).
> /* equivalent to dev = intf->dev.data. Because intf is NULL,
> * this is a NULL pointer dereference */
> struct ems_usb *dev = usb_get_intfdata(intf);
So here dev will be NULL when the second interface's disconnect routine
runs, because the first time through the routine sets the intfdata to
NULL for both interfaces:
USB core calls ->disconnect(intf1)
disconnect routine sets intfdata(intf1) and
intfdata(intf2) both to NULL and handles the
disconnection
USB core calls ->disconnect(intf2)
disconnect routine sees that intfdata(intf2) is
already NULL, so it knows that it doesn't need
to do anything more.
As you can see in this scenario, neither intf1 nor intf2 is ever NULL.
> /* OK, intf is already NULL */
> usb_set_intfdata(intf, NULL);
>
> /* follows a NULL pointer dereference so this is undefined
> * behaviour */
> if (dev) {
>
> How is this a valid check that you entered the function for the second
> time? If intf is the flag, you should check intf, not dev? Something
> like this:
intf is not a flag; it is the argument to the function and is never
NULL. The flag is the intfdata.
> struct ems_usb *dev;
>
> if (!intf)
> return;
>
> dev = usb_get_intfdata(intf);
> /* ... */
>
> I just can not see the connection between intf being NULL and the if
> (dev) check. All I see is some undefined behaviour, sorry.
Once you get it straightened out in your head, you will understand.
Alan Stern
next prev parent reply other threads:[~2022-12-08 16:28 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-03 13:31 [PATCH 0/8] can: usb: remove all usb_set_intfdata(intf, NULL) in drivers' disconnect() Vincent Mailhol
2022-12-03 13:31 ` [PATCH 1/8] can: ems_usb: ems_usb_disconnect(): fix NULL pointer dereference Vincent Mailhol
2022-12-03 13:31 ` [PATCH 2/8] can: esd_usb: esd_usb_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 3/8] can: gs_usb: gs_usb_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 4/8] can: kvaser_usb: kvaser_usb_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 5/8] can: mcba_usb: mcba_usb_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 6/8] can: ucan: ucan_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 7/8] can: usb_8dev: usb_8dev_disconnect(): " Vincent Mailhol
2022-12-03 13:31 ` [PATCH 8/8] can: etas_es58x and peak_usb: remove useless call to usb_set_intfdata() Vincent Mailhol
2022-12-05 8:35 ` [PATCH 0/8] can: usb: remove all usb_set_intfdata(intf, NULL) in drivers' disconnect() Oliver Neukum
2022-12-08 9:00 ` Vincent MAILHOL
2022-12-08 10:55 ` Oliver Neukum
2022-12-08 15:44 ` Vincent MAILHOL
2022-12-08 16:28 ` Alan Stern [this message]
2022-12-08 16:51 ` Oliver Neukum
2022-12-10 9:02 ` Vincent MAILHOL
2022-12-10 9:01 ` [PATCH v2 0/9] " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 1/9] can: ems_usb: ems_usb_disconnect(): fix NULL pointer dereference Vincent Mailhol
2022-12-10 10:59 ` Johan Hovold
2022-12-11 11:24 ` Vincent MAILHOL
2022-12-10 9:01 ` [PATCH v2 2/9] can: esd_usb: esd_usb_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 3/9] can: gs_usb: gs_usb_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 4/9] can: kvaser_usb: kvaser_usb_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 5/9] can: mcba_usb: mcba_usb_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 6/9] can: ucan: ucan_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 7/9] can: usb_8dev: usb_8dev_disconnect(): " Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 8/9] can: usb: remove useless check on driver data Vincent Mailhol
2022-12-10 9:01 ` [PATCH v2 9/9] can: etas_es58x and peak_usb: remove useless call to usb_set_intfdata() Vincent Mailhol
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5IQqExJN9C9xQbF@rowland.harvard.edu \
--to=stern@rowland.harvard.edu \
--cc=Julia.Lawall@inria.fr \
--cc=anssi.hannula@bitwise.fi \
--cc=b.krumboeck@gmail.com \
--cc=cmoehring@christ-es.de \
--cc=davem@davemloft.net \
--cc=db@kvaser.com \
--cc=dzm91@hust.edu.cn \
--cc=edumazet@google.com \
--cc=extja@kvaser.com \
--cc=frank.jungclaus@esd.eu \
--cc=git@jbrengineering.co.uk \
--cc=gustavoars@kernel.org \
--cc=haas@ems-wuensche.com \
--cc=hbh25y@gmail.com \
--cc=jakob.unterwurzacher@theobroma-systems.com \
--cc=jhofstee@victronenergy.com \
--cc=kuba@kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mailhol.vincent@wanadoo.fr \
--cc=martin.elshuber@theobroma-systems.com \
--cc=max@schneidersoft.net \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
--cc=olivier@sobrie.be \
--cc=oneukum@suse.com \
--cc=pabeni@redhat.com \
--cc=paskripkin@gmail.com \
--cc=pfink@christ-es.de \
--cc=remigiusz.kollataj@mobica.com \
--cc=s.grosjean@peak-system.com \
--cc=socketcan@esd.eu \
--cc=socketcan@hartkopp.net \
--cc=stefan.maetje@esd.eu \
--cc=vasanth.sadhasivan@samsara.com \
--cc=wg@grandegger.com \
--cc=wsa+renesas@sang-engineering.com \
--cc=yashi@spacecubics.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox