Re: [PATCH net v1] net/mlx5: Fix flow steering alloc unwind
From: Mark Bloch
Date: Sun May 03 2026 - 13:38:51 EST
On 02/05/2026 2:20, Prathamesh Deshpande wrote:
> mlx5_fs_core_alloc() uses mlx5_fs_core_free() for its common error path,
> but mlx5_fs_core_free() dereferences dev->priv.steering.
>
> If mlx5_ft_pool_init() fails, or if allocating the steering object fails,
> dev->priv.steering has not been assigned yet. The error path can then
> dereference NULL while unwinding the original failure.
>
> Split the unwind paths so only resources that were successfully
> initialized are released.
>
> Fixes: b33886971dbc ("net/mlx5: Initialize flow steering during driver probe")
> Signed-off-by: Prathamesh Deshpande <prathameshdeshpande7@xxxxxxxxx>
> ---
> .../net/ethernet/mellanox/mlx5/core/fs_core.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
> index 61a6ba1e49dd..e1662dcedbf4 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
> @@ -3984,12 +3984,12 @@ int mlx5_fs_core_alloc(struct mlx5_core_dev *dev)
>
> err = mlx5_ft_pool_init(dev);
> if (err)
> - goto err;
> + goto err_fc_stats;
>
> steering = kzalloc_obj(*steering);
> if (!steering) {
> err = -ENOMEM;
> - goto err;
> + goto err_ft_pool;
> }
>
> steering->dev = dev;
> @@ -4011,13 +4011,19 @@ int mlx5_fs_core_alloc(struct mlx5_core_dev *dev)
> 0, NULL);
> if (!steering->ftes_cache || !steering->fgs_cache) {
> err = -ENOMEM;
> - goto err;
> + goto err_fs_core;
> }
>
> return 0;
>
> -err:
> - mlx5_fs_core_free(dev);
> +err_fs_core:
> + kmem_cache_destroy(steering->ftes_cache);
> + kmem_cache_destroy(steering->fgs_cache);
> + kfree(steering);
> +err_ft_pool:
> + mlx5_ft_pool_destroy(dev);
> +err_fc_stats:
> + mlx5_cleanup_fc_stats(dev);
> return err;
> }
>
Reviewed-by: Mark Bloch <mbloch@xxxxxxxxxx>
Thanks for the fix.