fix(can): Resolve potential race condition in message transmission

wdfk-prog · Rbb666 · commit 44cf90a4ef25 · 2025-11-08T11:52:25.000+08:00
Setting the send status flag `sndchange` after calling the can-&gt;ops-&gt;sendmsg function
could lead to a race condition if a transmission timeout occurs, resulting in incorrect state handling.
This patch moves the operation of setting the `sndchange` flag to before the call to can-&gt;ops-&gt;sendmsg.
This ensures that the mailbox's status is correctly marked as "sending" before the hardware begins transmission,
making the driver's state management more robust and reliable, especially in handling exceptions like timeouts.

Additionally, new macros for CAN filter modes have been added in dev_can.h.
diff --git a/components/drivers/can/dev_can.c b/components/drivers/can/dev_can.c
@@ -186,6 +186,7 @@ rt_inline int _can_int_tx(struct rt_can_device *can, const struct rt_can_msg *da
         no = ((rt_ubase_t)tx_tosnd - (rt_ubase_t)tx_fifo->buffer) / sizeof(struct rt_can_sndbxinx_list);
         tx_tosnd->result = RT_CAN_SND_RESULT_WAIT;
         rt_completion_init(&tx_tosnd->completion);
+        can->status.sndchange |= 1<<no;
         if (can->ops->sendmsg(can, data, no) != RT_EOK)
         {
             /* send failed. */
@@ -196,7 +197,6 @@ rt_inline int _can_int_tx(struct rt_can_device *can, const struct rt_can_msg *da
             goto err_ret;
         }
 
-        can->status.sndchange |= 1<<no;
         if (rt_completion_wait(&(tx_tosnd->completion), RT_CANSND_MSG_TIMEOUT) != RT_EOK)
         {
             level = rt_hw_local_irq_disable();
@@ -286,11 +286,12 @@ rt_inline int _can_int_tx_priv(struct rt_can_device *can, const struct rt_can_ms
         tx_fifo->buffer[no].result = RT_CAN_SND_RESULT_WAIT;
         rt_hw_local_irq_enable(level);
 
+        can->status.sndchange |= 1<<no;
         if (can->ops->sendmsg(can, data, no) != RT_EOK)
         {
             continue;
         }
-        can->status.sndchange |= 1<<no;
+
         if (rt_completion_wait(&(tx_fifo->buffer[no].completion), RT_CANSND_MSG_TIMEOUT) != RT_EOK)
         {
             can->status.sndchange &= ~ (1<<no);
diff --git a/components/drivers/include/drivers/dev_can.h b/components/drivers/include/drivers/dev_can.h
@@ -68,6 +68,9 @@ enum CANBAUD
 #define RT_CAN_MODE_PRIV                0x01
 #define RT_CAN_MODE_NOPRIV              0x00
 
+#define RT_CAN_MODE_MASK                0x00
+#define RT_CAN_MODE_LIST                0x01
+
 /**
  * @defgroup    group_drivers_can CAN Driver
  * @brief       CAN driver api

Original file line number	Diff line number	Diff line change
`@@ -186,6 +186,7 @@ rt_inline int _can_int_tx(struct rt_can_device can, const struct rt_can_msg da`
`186`	`186`	`no = ((rt_ubase_t)tx_tosnd - (rt_ubase_t)tx_fifo->buffer) / sizeof(struct rt_can_sndbxinx_list);`
`187`	`187`	`tx_tosnd->result = RT_CAN_SND_RESULT_WAIT;`
`188`	`188`	`rt_completion_init(&tx_tosnd->completion);`
	`189`	`+ can->status.sndchange \|= 1<<no;`
`189`	`190`	`if (can->ops->sendmsg(can, data, no) != RT_EOK)`
`190`	`191`	`{`
`191`	`192`	`/* send failed. */`
`@@ -196,7 +197,6 @@ rt_inline int _can_int_tx(struct rt_can_device can, const struct rt_can_msg da`
`196`	`197`	`goto err_ret;`
`197`	`198`	`}`
`198`	`199`
`199`		`- can->status.sndchange \|= 1<<no;`
`200`	`200`	`if (rt_completion_wait(&(tx_tosnd->completion), RT_CANSND_MSG_TIMEOUT) != RT_EOK)`
`201`	`201`	`{`
`202`	`202`	`level = rt_hw_local_irq_disable();`
`@@ -286,11 +286,12 @@ rt_inline int _can_int_tx_priv(struct rt_can_device *can, const struct rt_can_ms`
`286`	`286`	`tx_fifo->buffer[no].result = RT_CAN_SND_RESULT_WAIT;`
`287`	`287`	`rt_hw_local_irq_enable(level);`
`288`	`288`
	`289`	`+ can->status.sndchange \|= 1<<no;`
`289`	`290`	`if (can->ops->sendmsg(can, data, no) != RT_EOK)`
`290`	`291`	`{`
`291`	`292`	`continue;`
`292`	`293`	`}`
`293`		`- can->status.sndchange \|= 1<<no;`
	`294`	`+`
`294`	`295`	`if (rt_completion_wait(&(tx_fifo->buffer[no].completion), RT_CANSND_MSG_TIMEOUT) != RT_EOK)`
`295`	`296`	`{`
`296`	`297`	`can->status.sndchange &= ~ (1<<no);`