Re: [PATCH] extcon: fix extcon_get_extcon_dev() error handling

From: Dan Carpenter
Date: Thu Nov 18 2021 - 09:52:36 EST

On Thu, Nov 18, 2021 at 06:22:58AM -0800, Guenter Roeck wrote:
> On 11/18/21 3:32 AM, Dan Carpenter wrote:
> > The extcon_get_extcon_dev() function returns error pointers on error
> > and NULL when it's a -EPROBE_DEFER defer situation. There are eight
> > callers and only two of them handled this correctly. In the other
> > callers an error pointer return would lead to a crash.
> >
> > What prevents crashes is that errors can only happen in the case of
> > a bug in the caller or if CONFIG_EXTCON is disabled. Six out of
> > eight callers use the Kconfig to either depend on or select
> > CONFIG_EXTCON. Thus the real life impact of these bugs is tiny.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > ---
> > The two callers where the drivers can be built without CONFIG_EXTCON
> > are TYPEC_FUSB302 and CHARGER_MAX8997.
> >
> [ ... ]
> > diff --git a/drivers/usb/typec/tcpm/fusb302.c b/drivers/usb/typec/tcpm/fusb302.c
> > index 7a2a17866a82..8594b59bd527 100644
> > --- a/drivers/usb/typec/tcpm/fusb302.c
> > +++ b/drivers/usb/typec/tcpm/fusb302.c
> > @@ -1706,8 +1706,8 @@ static int fusb302_probe(struct i2c_client *client,
> > */
> > if (device_property_read_string(dev, "linux,extcon-name", &name) == 0) {
> > chip->extcon = extcon_get_extcon_dev(name);
> > - if (!chip->extcon)
> > - return -EPROBE_DEFER;
> > + if (IS_ERR(chip->extcon))
> > + return PTR_ERR(chip->extcon);
> Why does the code not need to return -EPROBE_DEFER ? The description states
> that NULL is returned in that situation. Doesn't that mean that defer situations
> are no longer handled with this patch in place ?

I'm not sure I understand what you are saying here. In the original
code, extcon_get_extcon_dev() would return NULL and relied on the
callers to change NULL into a -EPROBE_DEFER. If extcon_get_extcon_dev()
returned ERR_PTR(-EINVAL) (which is impossible as mentioned) the it
would lead to a crash.

In the new code, the extcon_get_extcon_dev() function returns
-EPROBE_DEFER directly so the caller code is much simpler.

> Also, with this patch in place, the code will no longer work if extcon is disabled,
> because extcon_get_extcon_dev() will return -ENODEV and the above code will bail out.
> The behavior of the code wasn't optimal in that case (it would wait until timeout
> in tcpm_get_current_limit() before returning), but at least it didn't fail.

Huh. You are right. Initialy I thought that tcpm_get_current_limit()
would crash. This is one of the two drivers which I mentioned that can
be built without CONFIG_EXTCON.

I will modify the version of extcon_get_extcon_dev() where CONFIG_EXTCON
is disabled to return NULL. That is the standard/correct way to write
these. That will turn tcpm_get_current_limit() into a no-op.

A belt and suspenders approach might be to modify the Kconfig so this
driver selects CONFIG_EXTCON.

dan carpenter