Re: [Intel-wired-lan] [PATCH net] i40e: fix netdev leak in i40e_vsi_setup() error paths

Mon, 01 Jun 2026 02:19:28 -0700 


On 27/05/2026 13:02, Dawei Feng wrote:
> i40e_config_netdev() allocates vsi->netdev for main and VMDQ VSIs. If
> i40e_netif_set_realnum_tx_rx_queues(), i40e_devlink_create_port(), or
> register_netdev() fails, i40e_vsi_setup() goes to err_netdev without
> releasing the netdev. The existing cleanup only frees the netdev after a
> successful register_netdev(), so these error paths leak the allocation.
> 
> Reorder the error paths at err_netdev to ensure proper cleanup of the
> allocated device.
> 
> The bug was first flagged by an experimental analysis tool we are
> developing for kernel memory-management bugs while analyzing
> v6.13-rc1. The tool is still under development and is not yet publicly
> available. Manual inspection confirms that the bug is still
> present in v7.1-rc5.
> 
> An x86_64 allyesconfig build showed no new warnings. As we do not have an
> Intel Ethernet Controller XL710 family adapter to test with, no runtime
> testing was able to be performed.
> 
> Fixes: 41c445ff0f48 ("i40e: main driver core")
> Cc: [email protected]
> 
> Signed-off-by: Zilin Guan <[email protected]>
> Signed-off-by: Dawei Feng <[email protected]>

We could introduce additional goto label for i40e_config_netdev() instead of
if condition, but the latter is probably safer in this case (without splitting
the different VSI types setup to functions).

Reviewed-by: Marcin Szycik <[email protected]>

> ---
>  drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c 
> b/drivers/net/ethernet/intel/i40e/i40e_main.c
> index 6d4f9218dc68..1ced01b0cc09 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_main.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
> @@ -14491,13 +14491,15 @@ struct i40e_vsi *i40e_vsi_setup(struct i40e_pf *pf, 
> u8 type,
>       if (vsi->netdev_registered) {
>               vsi->netdev_registered = false;
>               unregister_netdev(vsi->netdev);
> -             free_netdev(vsi->netdev);
> -             vsi->netdev = NULL;
>       }
>  err_dl_port:
>       if (vsi->type == I40E_VSI_MAIN)
>               i40e_devlink_destroy_port(pf);
>  err_netdev:
> +     if (vsi->netdev) {
> +             free_netdev(vsi->netdev);
> +             vsi->netdev = NULL;
> +     }
>       i40e_aq_delete_element(&pf->hw, vsi->seid, NULL);
>  err_vsi:
>       i40e_vsi_clear(vsi);























					Reply via email to