2022-10-31 04:50:58

by Chen Zhongjin

[permalink] [raw]
Subject: [PATCH] can: canxl: Fix unremoved canxl_packet in can_exit()

In can_init(), dev_add_pack(&canxl_packet) is added but not removed in
can_exit(). It break the packet handler list and can make kernel panic
when can_init() for the second time.

> modprobe can && rmmod can
> rmmod xxx && modprobe can

BUG: unable to handle page fault for address: fffffbfff807d7f4
RIP: 0010:dev_add_pack+0x133/0x1f0
Call Trace:
<TASK>
can_init+0xaa/0x1000 [can]
do_one_initcall+0xd3/0x4e0
...

Fixes: fb08cba12b52 ("can: canxl: update CAN infrastructure for CAN XL frames")
Signed-off-by: Chen Zhongjin <[email protected]>
---
net/can/af_can.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/net/can/af_can.c b/net/can/af_can.c
index 9503ab10f9b8..5e9e3e1e9825 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -902,6 +902,7 @@ static __init int can_init(void)
static __exit void can_exit(void)
{
/* protocol unregister */
+ dev_remove_pack(&canxl_packet);
dev_remove_pack(&canfd_packet);
dev_remove_pack(&can_packet);
sock_unregister(PF_CAN);
--
2.17.1



2022-10-31 10:35:57

by Oliver Hartkopp

[permalink] [raw]
Subject: Re: [PATCH] can: canxl: Fix unremoved canxl_packet in can_exit()



On 31.10.22 04:30, Chen Zhongjin wrote:
> In can_init(), dev_add_pack(&canxl_packet) is added but not removed in
> can_exit(). It break the packet handler list and can make kernel panic
> when can_init() for the second time.
>
>> modprobe can && rmmod can
>> rmmod xxx && modprobe can
>
> BUG: unable to handle page fault for address: fffffbfff807d7f4
> RIP: 0010:dev_add_pack+0x133/0x1f0
> Call Trace:
> <TASK>
> can_init+0xaa/0x1000 [can]
> do_one_initcall+0xd3/0x4e0
> ...
>
> Fixes: fb08cba12b52 ("can: canxl: update CAN infrastructure for CAN XL frames")
> Signed-off-by: Chen Zhongjin <[email protected]>

Acked-by: Oliver Hartkopp <[email protected]>

Thanks for the finding!

Best regards,
Oliver

> ---
> net/can/af_can.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/can/af_can.c b/net/can/af_can.c
> index 9503ab10f9b8..5e9e3e1e9825 100644
> --- a/net/can/af_can.c
> +++ b/net/can/af_can.c
> @@ -902,6 +902,7 @@ static __init int can_init(void)
> static __exit void can_exit(void)
> {
> /* protocol unregister */
> + dev_remove_pack(&canxl_packet);
> dev_remove_pack(&canfd_packet);
> dev_remove_pack(&can_packet);
> sock_unregister(PF_CAN);