[net] hsr: Handle failures in module init

Message ID	0b718dd6cc28d09fd2478d8debdfc0a6755a8895.1710410183.git.fmaurer@redhat.com (mailing list archive)
State	Superseded
Delegated to:	Netdev Maintainers
Headers	show Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F09D6DCE3 for <netdev@vger.kernel.org>; Thu, 14 Mar 2024 10:11:12 +0000 (UTC) From: Felix Maurer <fmaurer@redhat.com> To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, leitao@debian.org Subject: [PATCH net] hsr: Handle failures in module init Date: Thu, 14 Mar 2024 11:10:52 +0100 Message-ID: <0b718dd6cc28d09fd2478d8debdfc0a6755a8895.1710410183.git.fmaurer@redhat.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[net] hsr: Handle failures in module init \| expand [net] hsr: Handle failures in module init

Context	Check	Description
netdev/series_format	success	Single patches do not need cover letters
netdev/tree_selection	success	Clearly marked for net
netdev/ynl	success	Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present	fail	Series targets non-next tree, but doesn't contain any Fixes tags
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 939 this patch: 939
netdev/build_tools	success	No tools touched, skip
netdev/cc_maintainers	success	CCed 6 of 6 maintainers
netdev/build_clang	success	Errors and warnings before: 956 this patch: 956
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 956 this patch: 956
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 28 lines checked
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0
netdev/contest	success	net-next-2024-03-14--12-00 (tests: 908)

Felix Maurer March 14, 2024, 10:10 a.m. UTC

A failure during registration of the netdev notifier was not handled at
all. A failure during netlink initialization did not unregister the netdev
notifier.

Handle failures of netdev notifier registration and netlink initialization.
Both functions should only return negative values on failure and thereby
lead to the hsr module not being loaded.

Signed-off-by: Felix Maurer <fmaurer@redhat.com>
---
 net/hsr/hsr_main.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

Denis Kirjanov March 14, 2024, 10:50 a.m. UTC | #1

On 3/14/24 13:10, Felix Maurer wrote:
> A failure during registration of the netdev notifier was not handled at
> all. A failure during netlink initialization did not unregister the netdev
> notifier.
> 
> Handle failures of netdev notifier registration and netlink initialization.
> Both functions should only return negative values on failure and thereby
> lead to the hsr module not being loaded.
> 
Fixes: f421436a591d3 ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
> Signed-off-by: Felix Maurer <fmaurer@redhat.com>
> ---
>  net/hsr/hsr_main.c | 18 ++++++++++++++----
>  1 file changed, 14 insertions(+), 4 deletions(-)
> 
> diff --git a/net/hsr/hsr_main.c b/net/hsr/hsr_main.c
> index cb83c8feb746..1c4a5b678688 100644
> --- a/net/hsr/hsr_main.c
> +++ b/net/hsr/hsr_main.c
> @@ -148,14 +148,24 @@ static struct notifier_block hsr_nb = {
>  
>  static int __init hsr_init(void)
>  {
> -	int res;
> +	int err;
>  
>  	BUILD_BUG_ON(sizeof(struct hsr_tag) != HSR_HLEN);
>  
> -	register_netdevice_notifier(&hsr_nb);
> -	res = hsr_netlink_init();
> +	err = register_netdevice_notifier(&hsr_nb);
> +	if (err)
> +		goto out;
> +
> +	err = hsr_netlink_init();
> +	if (err)
> +		goto cleanup;
>  
> -	return res;
> +	return 0;
> +
> +cleanup:
> +	unregister_netdevice_notifier(&hsr_nb);
> +out:
> +	return err;
>  }
>  
>  static void __exit hsr_exit(void)

Breno Leitao March 14, 2024, 12:59 p.m. UTC | #2

On Thu, Mar 14, 2024 at 11:10:52AM +0100, Felix Maurer wrote:
> A failure during registration of the netdev notifier was not handled at
> all. A failure during netlink initialization did not unregister the netdev
> notifier.
> 
> Handle failures of netdev notifier registration and netlink initialization.
> Both functions should only return negative values on failure and thereby
> lead to the hsr module not being loaded.
> 
> Signed-off-by: Felix Maurer <fmaurer@redhat.com>
> ---
>  net/hsr/hsr_main.c | 18 ++++++++++++++----
>  1 file changed, 14 insertions(+), 4 deletions(-)
> 
> diff --git a/net/hsr/hsr_main.c b/net/hsr/hsr_main.c
> index cb83c8feb746..1c4a5b678688 100644
> --- a/net/hsr/hsr_main.c
> +++ b/net/hsr/hsr_main.c
> @@ -148,14 +148,24 @@ static struct notifier_block hsr_nb = {
>  
>  static int __init hsr_init(void)
>  {
> -	int res;
> +	int err;
>  
>  	BUILD_BUG_ON(sizeof(struct hsr_tag) != HSR_HLEN);
>  
> -	register_netdevice_notifier(&hsr_nb);
> -	res = hsr_netlink_init();
> +	err = register_netdevice_notifier(&hsr_nb);
> +	if (err)
> +		goto out;

Can't you just 'return err' here? And avoid the `out` label below?

> +
> +	err = hsr_netlink_init();
> +	if (err)
> +		goto cleanup;

Same here, you can do something like the following and remove the
all the labels below, making the function a bit clearer.

	if (err) {
		unregister_netdevice_notifier(&hsr_nb);
		return err;
	}

Felix Maurer March 14, 2024, 3:56 p.m. UTC | #3

On 14.03.24 13:59, Breno Leitao wrote:
> On Thu, Mar 14, 2024 at 11:10:52AM +0100, Felix Maurer wrote:
>> A failure during registration of the netdev notifier was not handled at
>> all. A failure during netlink initialization did not unregister the netdev
>> notifier.
>>
>> Handle failures of netdev notifier registration and netlink initialization.
>> Both functions should only return negative values on failure and thereby
>> lead to the hsr module not being loaded.
>>
>> Signed-off-by: Felix Maurer <fmaurer@redhat.com>
>> ---
>>  net/hsr/hsr_main.c | 18 ++++++++++++++----
>>  1 file changed, 14 insertions(+), 4 deletions(-)
>>
>> diff --git a/net/hsr/hsr_main.c b/net/hsr/hsr_main.c
>> index cb83c8feb746..1c4a5b678688 100644
>> --- a/net/hsr/hsr_main.c
>> +++ b/net/hsr/hsr_main.c
>> @@ -148,14 +148,24 @@ static struct notifier_block hsr_nb = {
>>  
>>  static int __init hsr_init(void)
>>  {
>> -	int res;
>> +	int err;
>>  
>>  	BUILD_BUG_ON(sizeof(struct hsr_tag) != HSR_HLEN);
>>  
>> -	register_netdevice_notifier(&hsr_nb);
>> -	res = hsr_netlink_init();
>> +	err = register_netdevice_notifier(&hsr_nb);
>> +	if (err)
>> +		goto out;
> 
> Can't you just 'return err' here? And avoid the `out` label below?
> 
>> +
>> +	err = hsr_netlink_init();
>> +	if (err)
>> +		goto cleanup;
> 
> Same here, you can do something like the following and remove the
> all the labels below, making the function a bit clearer.
> 
> 	if (err) {
> 		unregister_netdevice_notifier(&hsr_nb);
> 		return err;
> 	}

I usually follow the pattern with labels to make sure the cleanup is not
forgotten later when extending the function. But there is likely not
much change in the module init, I'll remove the labels in the next
iteration.

Thanks,
   Felix

Simon Horman March 18, 2024, 1:01 p.m. UTC | #4

On Thu, Mar 14, 2024 at 04:56:35PM +0100, Felix Maurer wrote:
> On 14.03.24 13:59, Breno Leitao wrote:
> > On Thu, Mar 14, 2024 at 11:10:52AM +0100, Felix Maurer wrote:
> >> A failure during registration of the netdev notifier was not handled at
> >> all. A failure during netlink initialization did not unregister the netdev
> >> notifier.
> >>
> >> Handle failures of netdev notifier registration and netlink initialization.
> >> Both functions should only return negative values on failure and thereby
> >> lead to the hsr module not being loaded.
> >>
> >> Signed-off-by: Felix Maurer <fmaurer@redhat.com>
> >> ---
> >>  net/hsr/hsr_main.c | 18 ++++++++++++++----
> >>  1 file changed, 14 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/net/hsr/hsr_main.c b/net/hsr/hsr_main.c
> >> index cb83c8feb746..1c4a5b678688 100644
> >> --- a/net/hsr/hsr_main.c
> >> +++ b/net/hsr/hsr_main.c
> >> @@ -148,14 +148,24 @@ static struct notifier_block hsr_nb = {
> >>  
> >>  static int __init hsr_init(void)
> >>  {
> >> -	int res;
> >> +	int err;
> >>  
> >>  	BUILD_BUG_ON(sizeof(struct hsr_tag) != HSR_HLEN);
> >>  
> >> -	register_netdevice_notifier(&hsr_nb);
> >> -	res = hsr_netlink_init();
> >> +	err = register_netdevice_notifier(&hsr_nb);
> >> +	if (err)
> >> +		goto out;
> > 
> > Can't you just 'return err' here? And avoid the `out` label below?
> > 
> >> +
> >> +	err = hsr_netlink_init();
> >> +	if (err)
> >> +		goto cleanup;
> > 
> > Same here, you can do something like the following and remove the
> > all the labels below, making the function a bit clearer.
> > 
> > 	if (err) {
> > 		unregister_netdevice_notifier(&hsr_nb);
> > 		return err;
> > 	}
> 
> I usually follow the pattern with labels to make sure the cleanup is not
> forgotten later when extending the function. But there is likely not
> much change in the module init, I'll remove the labels in the next
> iteration.

FWIIW, I think the use of labels is the right way to go: it is the
idomatic approach preferred in Networking code.

That said, dropping the out label would be fine by me,
as as simple return nice IMHO.

[net] hsr: Handle failures in module init

Checks

Commit Message

Comments

Patch