[v2] There are some cleanup for hns3 driver

[PATCH V2 net-next 5/8] net: hns3: set the freed pointers to NULL when lifetime is not end

Posted by Jijie Shao 3 months, 3 weeks ago

From: Jian Shen <shenjian15@huawei.com>

There are several pointers are freed but not set to NULL,
and their lifetime is not end immediately. To avoid misusing
there wild pointers, set them to NULL.

Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
---
 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c        | 1 +
 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c   | 4 ++++
 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
index 6a244ba5e051..0d6db46db5ed 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
@@ -276,6 +276,7 @@ static int hns3_lp_run_test(struct net_device *ndev, enum hnae3_loop mode)
 			good_cnt++;
 		} else {
 			kfree_skb(skb);
+			skb = NULL;
 			netdev_err(ndev, "hns3_lb_run_test xmit failed: %d\n",
 				   tx_ret);
 		}
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index e0a2ca21ee46..9d7c9523c9e1 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -5208,6 +5208,7 @@ static void hclge_fd_free_node(struct hclge_dev *hdev,
 {
 	hlist_del(&rule->rule_node);
 	kfree(rule);
+	rule = NULL;
 	hclge_sync_fd_state(hdev);
 }
 
@@ -5232,6 +5233,7 @@ static void hclge_update_fd_rule_node(struct hclge_dev *hdev,
 		new_rule->rule_node.pprev = old_rule->rule_node.pprev;
 		memcpy(old_rule, new_rule, sizeof(*old_rule));
 		kfree(new_rule);
+		new_rule = NULL;
 		break;
 	case HCLGE_FD_DELETED:
 		hclge_fd_dec_rule_cnt(hdev, old_rule->location);
@@ -8521,6 +8523,7 @@ static void hclge_update_mac_node(struct hclge_mac_node *mac_node,
 		if (mac_node->state == HCLGE_MAC_TO_ADD) {
 			list_del(&mac_node->node);
 			kfree(mac_node);
+			mac_node = NULL;
 		} else {
 			mac_node->state = HCLGE_MAC_TO_DEL;
 		}
@@ -9151,6 +9154,7 @@ static void hclge_uninit_vport_mac_list(struct hclge_vport *vport,
 		case HCLGE_MAC_TO_ADD:
 			list_del(&mac_node->node);
 			kfree(mac_node);
+			mac_node = NULL;
 			break;
 		}
 	}
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
index e3f86638540b..3ffd47b30ad3 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c
@@ -933,6 +933,7 @@ static void hclgevf_update_mac_node(struct hclgevf_mac_addr_node *mac_node,
 		if (mac_node->state == HCLGEVF_MAC_TO_ADD) {
 			list_del(&mac_node->node);
 			kfree(mac_node);
+			mac_node = NULL;
 		} else {
 			mac_node->state = HCLGEVF_MAC_TO_DEL;
 		}
@@ -2395,6 +2396,7 @@ static int hclgevf_init_msi(struct hclgevf_dev *hdev)
 					sizeof(int), GFP_KERNEL);
 	if (!hdev->vector_irq) {
 		devm_kfree(&pdev->dev, hdev->vector_status);
+		hdev->vector_status = NULL;
 		pci_free_irq_vectors(pdev);
 		return -ENOMEM;
 	}
@@ -2408,6 +2410,8 @@ static void hclgevf_uninit_msi(struct hclgevf_dev *hdev)
 
 	devm_kfree(&pdev->dev, hdev->vector_status);
 	devm_kfree(&pdev->dev, hdev->vector_irq);
+	hdev->vector_status = NULL;
+	hdev->vector_irq = NULL;
 	pci_free_irq_vectors(pdev);
 }
 
-- 
2.33.0

Re: [PATCH V2 net-next 5/8] net: hns3: set the freed pointers to NULL when lifetime is not end

Posted by Simon Horman 3 months, 3 weeks ago

On Tue, Jun 17, 2025 at 09:02:52AM +0800, Jijie Shao wrote:
> From: Jian Shen <shenjian15@huawei.com>
> 
> There are several pointers are freed but not set to NULL,
> and their lifetime is not end immediately. To avoid misusing
> there wild pointers, set them to NULL.
> 
> Signed-off-by: Jian Shen <shenjian15@huawei.com>
> Signed-off-by: Jijie Shao <shaojijie@huawei.com>
> ---
>  drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c        | 1 +
>  drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c   | 4 ++++
>  drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 ++++
>  3 files changed, 9 insertions(+)
> 
> diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
> index 6a244ba5e051..0d6db46db5ed 100644
> --- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
> +++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
> @@ -276,6 +276,7 @@ static int hns3_lp_run_test(struct net_device *ndev, enum hnae3_loop mode)
>  			good_cnt++;
>  		} else {
>  			kfree_skb(skb);
> +			skb = NULL;

I am sceptical about the merit of setting local variables to NULL like this.
In general defensive coding is not the preferred approach in the Kernel.

And in this case, won't this result in a NULL dereference when
skb_get(skb) is called if the loop this code resides in iterates again?

>  			netdev_err(ndev, "hns3_lb_run_test xmit failed: %d\n",
>  				   tx_ret);
>  		}

...

Re: [PATCH V2 net-next 5/8] net: hns3: set the freed pointers to NULL when lifetime is not end

Posted by Jijie Shao 3 months, 3 weeks ago

on 2025/6/18 19:12, Simon Horman wrote:
> On Tue, Jun 17, 2025 at 09:02:52AM +0800, Jijie Shao wrote:
>> From: Jian Shen <shenjian15@huawei.com>
>>
>> There are several pointers are freed but not set to NULL,
>> and their lifetime is not end immediately. To avoid misusing
>> there wild pointers, set them to NULL.
>>
>> Signed-off-by: Jian Shen <shenjian15@huawei.com>
>> Signed-off-by: Jijie Shao <shaojijie@huawei.com>
>> ---
>>   drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c        | 1 +
>>   drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c   | 4 ++++
>>   drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 ++++
>>   3 files changed, 9 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
>> index 6a244ba5e051..0d6db46db5ed 100644
>> --- a/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
>> +++ b/drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c
>> @@ -276,6 +276,7 @@ static int hns3_lp_run_test(struct net_device *ndev, enum hnae3_loop mode)
>>   			good_cnt++;
>>   		} else {
>>   			kfree_skb(skb);
>> +			skb = NULL;
> I am sceptical about the merit of setting local variables to NULL like this.
> In general defensive coding is not the preferred approach in the Kernel.
>
> And in this case, won't this result in a NULL dereference when
> skb_get(skb) is called if the loop this code resides in iterates again?

Since HNS3_NIC_LB_TEST_PKT_NUM is 1, the loop will only iterate once,
so the current change will not cause any issues.
However, upon reviewing the code, this change is indeed unnecessary and may cause confusion,
so I will drop this change in the v3.

But I hope this patch can still be retained, and the other changes should be appropriate.

Thansk,
Jijie Shao

>
>>   			netdev_err(ndev, "hns3_lb_run_test xmit failed: %d\n",
>>   				   tx_ret);
>>   		}
> ...
>