On 5/28/26 01:49, Loktionov, Aleksandr wrote:
-----Original Message----- From: Intel-wired-lan <[email protected]> On Behalf Of Dawei Feng Sent: Wednesday, May 27, 2026 1:02 PM To: Nguyen, Anthony L <[email protected]> Cc: Kitszel, Przemyslaw <[email protected]>; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; Dawei Feng <[email protected]>; [email protected]; Zilin Guan <[email protected]> Subject: [Intel-wired-lan] [PATCH net] i40e: fix netdev leak in i40e_vsi_setup() error paths i40e_config_netdev() allocates vsi->netdev for main and VMDQ VSIs. If i40e_netif_set_realnum_tx_rx_queues(), i40e_devlink_create_port(), or register_netdev() fails, i40e_vsi_setup() goes to err_netdev without releasing the netdev. The existing cleanup only frees the netdev after a successful register_netdev(), so these error paths leak the allocation. Reorder the error paths at err_netdev to ensure proper cleanup of the allocated device. The bug was first flagged by an experimental analysis tool we are developing for kernel memory-management bugs while analyzing v6.13- rc1. The tool is still under development and is not yet publicly available. Manual inspection confirms that the bug is still present in v7.1-rc5. An x86_64 allyesconfig build showed no new warnings. As we do not have an Intel Ethernet Controller XL710 family adapter to test with, no runtime testing was able to be performed. Fixes: 41c445ff0f48 ("i40e: main driver core") Cc: [email protected] Signed-off-by: Zilin Guan <[email protected]> Signed-off-by: Dawei Feng <[email protected]> --- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 6d4f9218dc68..1ced01b0cc09 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -14491,13 +14491,15 @@ struct i40e_vsi *i40e_vsi_setup(struct i40e_pf *pf, u8 type, if (vsi->netdev_registered) { vsi->netdev_registered = false; unregister_netdev(vsi->netdev); - free_netdev(vsi->netdev); - vsi->netdev = NULL; } err_dl_port: if (vsi->type == I40E_VSI_MAIN) i40e_devlink_destroy_port(pf); err_netdev: + if (vsi->netdev) { + free_netdev(vsi->netdev); + vsi->netdev = NULL; + } i40e_aq_delete_element(&pf->hw, vsi->seid, NULL);
Would it make sense to put these 4 lines into i40e_vsi_clear()? Then you can also clean up i40e_vsi_release() and i40e_vsi_reinit_setup() in a similar way.
sln
err_vsi: i40e_vsi_clear(vsi); -- 2.34.1Reviewed-by: Aleksandr Loktionov <[email protected]>
