[PATCH v4 5/6] net/netvsc: fix resource leaks in MTU change path

Tue, 03 Mar 2026 12:55:02 -0800 

hn_dev_mtu_set() has several resource management bugs:

1. Calls rte_free(hv->channels[0]) without rte_vmbus_chan_close()
   first, skipping the VMBus close protocol.

2. Does not free hv->primary->rxbuf_info before hn_detach(), causing
   hn_nvs_conn_rxbuf() in hn_reinit() to leak the old allocation.

3. Does not call hn_chim_uninit()/hn_chim_init() around the
   detach/reinit sequence, leaving a stale chimney bitmap that may
   not match the new chim_cnt.

Fix all three issues.

Fixes: 45c83603087e ("net/netvsc: support MTU set")
Cc: [email protected]
Signed-off-by: Long Li <[email protected]>
---
v4: NULL out closed subchannel pointers and reset num_queues after
    closing secondary channels. Reassign hv->primary->chan after
    reopening channel.
v3: New patch (split from reconfig patch).
---
 drivers/net/netvsc/hn_ethdev.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/drivers/net/netvsc/hn_ethdev.c b/drivers/net/netvsc/hn_ethdev.c
index 5e954b8812..23114a7c22 100644
--- a/drivers/net/netvsc/hn_ethdev.c
+++ b/drivers/net/netvsc/hn_ethdev.c
@@ -1214,14 +1214,23 @@ hn_dev_mtu_set(struct rte_eth_dev *dev, uint16_t mtu)
        if (ret)
                return ret;
 
+       /* Free chimney bitmap and rxbuf_info before NVS detach */
+       hn_chim_uninit(dev);
+       rte_free(hv->primary->rxbuf_info);
+       hv->primary->rxbuf_info = NULL;
+
        /* Release channel resources */
        hn_detach(hv);
 
        /* Close any secondary vmbus channels */
-       for (i = 1; i < hv->num_queues; i++)
+       for (i = 1; i < hv->num_queues; i++) {
                rte_vmbus_chan_close(hv->channels[i]);
+               hv->channels[i] = NULL;
+       }
+       hv->num_queues = 1;
 
        /* Close primary vmbus channel */
+       rte_vmbus_chan_close(hv->channels[0]);
        rte_free(hv->channels[0]);
 
        /* Unmap and re-map vmbus device */
@@ -1245,16 +1254,21 @@ hn_dev_mtu_set(struct rte_eth_dev *dev, uint16_t mtu)
                return ret;
        }
 
+       hv->primary->chan = hv->channels[0];
        rte_vmbus_set_latency(hv->vmbus, hv->channels[0], hv->latency);
 
        ret = hn_reinit(dev, mtu);
-       if (!ret)
+       if (!ret) {
+               hn_chim_init(dev);
                goto out;
+       }
 
        /* In case of error, attempt to restore original MTU */
        ret = hn_reinit(dev, orig_mtu);
        if (ret)
                PMD_DRV_LOG(ERR, "Restoring original MTU failed for netvsc");
+       else
+               hn_chim_init(dev);
 
        ret = hn_vf_mtu_set(dev, orig_mtu);
        if (ret)
-- 
2.43.0

Reply via email to