On Thu, May 10, 2018 at 04:38:08PM +0300, Yuval Shaia wrote: > On Thu, May 10, 2018 at 09:02:26AM +0200, Christophe JAILLET wrote: > > If an error occurs, 'mlx4_en_destroy_netdev()' is called. > > It then calls 'mlx4_en_free_resources()' which does the needed resources > > cleanup. > > > > So, doing some explicit kfree in the error handling path would lead to > > some double kfree. > > Patch make sense but what's bothering me is that mlx4_en_free_resources > loops on the entire array, assuming !priv->tx_ring[t] means entry is > allocated but the existing code does not assume that, see [1]. So i looked > to see where tx_ring array is zeroed and didn't find it. > > Am i missing something here. > It's zeroed twice. alloc_etherdev_mqs() allocates zeroed memory and then we do a memset(priv, 0, sizeof(struct mlx4_en_priv)); regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html