Re: [PATCH net] eth: fbnic: fix double-free of PCS on phylink creation failure

Next message: Jonathan Cavitt: "[PATCH] drm/auth: Only drm_drop_master if it exists"
Previous message: Luka Gejak: "Re: [PATCH v2 2/2] staging: rtl8723bs: reduce nesting"
In reply to: Bobby Eshleman: "[PATCH net] eth: fbnic: fix double-free of PCS on phylink creation failure"
Next in thread: Bobby Eshleman: "Re: [PATCH net] eth: fbnic: fix double-free of PCS on phylink creation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Lunn

Date: Thu Apr 16 2026 - 17:00:34 EST

On Thu, Apr 16, 2026 at 12:31:39PM -0700, Bobby Eshleman wrote:
> From: Bobby Eshleman <bobbyeshleman@xxxxxxxx>
>
> fbnic_phylink_create() stores the newly allocated PCS in fbn->pcs before
> calling phylink_create(). When phylink_create() fails the error path
> calls xpcs_destroy_pcs(pcs) to release the PCS, but neglects to clear
> fbn->pcs.
>
> The caller, fbnic_netdev_alloc(), responds to the failure by calling
> fbnic_netdev_free() which in turn calls fbnic_phylink_destroy().

Isn't the real problem here? fbnic_phylink_create() failed, and it
correctly did its cleanup. Because it failed, you should not be
calling fbnic_phylink_destroy(). You only call the _destroy() if the
previous _create() was successful.

Andrew

---
pw-bot: cr