drivers/can: Fix close drain, write-only reader lifecycle, and STM32 RX header

[shizacat]

Summary

This PR hardens the generic CAN character driver (drivers/can/can.c) and the STM32 bxCAN backend (arch/arm/src/stm32/stm32_can.c) for write-only use, safe shutdown, and consistent RX headers.

• Per-file context on every open: init_can_reader() runs for all successful opens so write-only fds get msgalign and ioctl-related state. Readers are still only queued on cd_readers when O_RDOK is set.
• can_close: frees that per-file context when the fd was write-only (never on cd_readers), fixing a leak.
• Last close / TX drain: leaves the critical section before waiting so TX-complete ISRs can run; bounds SW-queue and H/W drain waits (20 × 500 ms per stage) so close() cannot hang forever when the controller retries without ACK or dev_txempty() never clears.
• STM32 RX path: zeroes the full can_hdr before filling it so padding/reserved fields are not stack garbage—avoids false memcmp mismatches vs TX (e.g. examples/can with CONFIG_CAN_LOOPBACK).
• Debug: stm32can_vputreg() log uses value, not an undefined val.

Impact

• Loopback / full-header compare: Without clearing the RX header, apps that compare the whole header (loopback tests) could see spurious failures; this change makes RX headers deterministic.

• close(): Unbounded waits on TX drain could freeze the app on a silent bus or endless retries; timeouts avoid infinite blocking while still calling dev_shutdown afterward.

• Write-only open: Previously f_priv could stay NULL, breaking can_write (msgalign) and some ioctls—risk of fault/panic; allocating can_reader_s for every open fixes that.

Testing

Manual testing on stm32f103-minimum with a custom config (CAN loopback / Example CAN / app scenario as applicable).

[acassis]

@shizacat could you please verify if stm32f7, h7, and others using the same stm32_can.c driver need this fix too?

[shizacat]

I can’t reproduce this anymore with the fully modified code, so the issue might not be easily observable...
Do you think we should explicitly initialize the entire struct can_hdr_s (e.g., with memset), or rely on all fields being set individually before use?

---

Looking at the code

CAN, need fix every place that builds a struct can_hdr_s: stm32can_sceinterrupt and stm32can_rxinterrupt:

• stm32f7/stm32_can.c — yes
• stm32l4/stm32l4_can.c — yes

For FDCAN, the same idea applies to functions: fdcan_receive and fdcan_error:

• stm32h5/stm32_fdcan.c - yes
• stm32f0l0g0/stm32_fdcan.c - yes

[raiden00pl]

I think that only the timestamp is not set and can be garbage. If the problem is only with the timestamp, it may be better to zero its fields directly rather than using memset. I guess we'll save a few CPU cycles.

This problem can occur for other chips, not only stm32. The PR that added timestamp support for CAN character driver should reset this data filed for all lower CAN drivers.

[shizacat]

Ok

[xiaoxiang781216]

why change? the behavour is same before/after modfication

[shizacat]

Rewritten this place as was

[xiaoxiang781216]

move n declaration to the beginning, and
for (n = 0; !TX_EMPTY(&dev->cd_sender) && n < CAN_CLOSE_DRAIN_LOOPS; n++)

[shizacat]

done

[xiaoxiang781216]

ditto

[shizacat]

done

[xiaoxiang781216]

but new client may open device again after leaving critical section, how to handle this case

[shizacat]

... yep, you're right. I returned it as it was