drivers/net/ethernet/faraday/ftgmac100.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-)
From: Yufan Chen <ericterminal@gmail.com>
ftgmac100_alloc_rings() allocated rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages but returned directly on any intermediate allocation failure. This left previously allocated objects unreleased and could accumulate leaks across repeated ifup retries under memory pressure.
Switch ftgmac100_alloc_rings() to a centralized goto-based unwind path that calls ftgmac100_free_rings() on failure so partially allocated ring resources are always released before returning -ENOMEM.
Also clear rx_skbs, tx_skbs, and rx_scratch pointers in ftgmac100_free_rings() after freeing. This prevents stale pointers from being reused during later retry failures and keeps ring teardown idempotent.
Signed-off-by: Yufan Chen <ericterminal@gmail.com>
---
drivers/net/ethernet/faraday/ftgmac100.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
index 1e91e79c8..147300e60 100644
--- a/drivers/net/ethernet/faraday/ftgmac100.c
+++ b/drivers/net/ethernet/faraday/ftgmac100.c
@@ -946,7 +946,9 @@ static void ftgmac100_free_rings(struct ftgmac100 *priv)
{
/* Free skb arrays */
kfree(priv->rx_skbs);
+ priv->rx_skbs = NULL;
kfree(priv->tx_skbs);
+ priv->tx_skbs = NULL;
/* Free descriptors */
if (priv->rxdes)
@@ -965,31 +967,34 @@ static void ftgmac100_free_rings(struct ftgmac100 *priv)
if (priv->rx_scratch)
dma_free_coherent(priv->dev, RX_BUF_SIZE,
priv->rx_scratch, priv->rx_scratch_dma);
+ priv->rx_scratch = NULL;
}
static int ftgmac100_alloc_rings(struct ftgmac100 *priv)
{
+ int err = -ENOMEM;
+
/* Allocate skb arrays */
priv->rx_skbs = kcalloc(MAX_RX_QUEUE_ENTRIES, sizeof(void *),
GFP_KERNEL);
if (!priv->rx_skbs)
- return -ENOMEM;
+ goto out;
priv->tx_skbs = kcalloc(MAX_TX_QUEUE_ENTRIES, sizeof(void *),
GFP_KERNEL);
if (!priv->tx_skbs)
- return -ENOMEM;
+ goto out;
/* Allocate descriptors */
priv->rxdes = dma_alloc_coherent(priv->dev,
MAX_RX_QUEUE_ENTRIES * sizeof(struct ftgmac100_rxdes),
&priv->rxdes_dma, GFP_KERNEL);
if (!priv->rxdes)
- return -ENOMEM;
+ goto out;
priv->txdes = dma_alloc_coherent(priv->dev,
MAX_TX_QUEUE_ENTRIES * sizeof(struct ftgmac100_txdes),
&priv->txdes_dma, GFP_KERNEL);
if (!priv->txdes)
- return -ENOMEM;
+ goto out;
/* Allocate scratch packet buffer */
priv->rx_scratch = dma_alloc_coherent(priv->dev,
@@ -997,9 +1002,13 @@ static int ftgmac100_alloc_rings(struct ftgmac100 *priv)
&priv->rx_scratch_dma,
GFP_KERNEL);
if (!priv->rx_scratch)
- return -ENOMEM;
+ goto out;
return 0;
+
+out:
+ ftgmac100_free_rings(priv);
+ return err;
}
static void ftgmac100_init_rings(struct ftgmac100 *priv)
--
2.47.3On Sat, Mar 28, 2026 at 05:24:28PM +0800, Yufan Chen wrote:
> From: Yufan Chen <ericterminal@gmail.com>
>
> ftgmac100_alloc_rings() allocated rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages but returned directly on any intermediate allocation failure. This left previously allocated objects unreleased and could accumulate leaks across repeated ifup retries under memory pressure.
Please take a read of
https://docs.kernel.org/process/submitting-patches.html
and
https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html
You have a number of process issues.
> static int ftgmac100_alloc_rings(struct ftgmac100 *priv)
> {
> + int err = -ENOMEM;
> +
> /* Allocate skb arrays */
> priv->rx_skbs = kcalloc(MAX_RX_QUEUE_ENTRIES, sizeof(void *),
> GFP_KERNEL);
> if (!priv->rx_skbs)
> - return -ENOMEM;
> + goto out;
> priv->tx_skbs = kcalloc(MAX_TX_QUEUE_ENTRIES, sizeof(void *),
> GFP_KERNEL);
> if (!priv->tx_skbs)
> - return -ENOMEM;
> + goto out;
>
> /* Allocate descriptors */
> priv->rxdes = dma_alloc_coherent(priv->dev,
> MAX_RX_QUEUE_ENTRIES * sizeof(struct ftgmac100_rxdes),
> &priv->rxdes_dma, GFP_KERNEL);
> if (!priv->rxdes)
> - return -ENOMEM;
> + goto out;
> priv->txdes = dma_alloc_coherent(priv->dev,
> MAX_TX_QUEUE_ENTRIES * sizeof(struct ftgmac100_txdes),
> &priv->txdes_dma, GFP_KERNEL);
> if (!priv->txdes)
> - return -ENOMEM;
> + goto out;
>
> /* Allocate scratch packet buffer */
> priv->rx_scratch = dma_alloc_coherent(priv->dev,
> @@ -997,9 +1002,13 @@ static int ftgmac100_alloc_rings(struct ftgmac100 *priv)
> &priv->rx_scratch_dma,
> GFP_KERNEL);
> if (!priv->rx_scratch)
> - return -ENOMEM;
> + goto out;
>
> return 0;
> +
> +out:
> + ftgmac100_free_rings(priv);
> + return err;
If you look at other drivers, you will notice that functions that do
allocations pretty much always do their own cleanup, rather than
calling a helper. You generally see multiple labels, one per
allocation, and gotos jumping to the needed code.
Andrew
---
pw-bot: cr
© 2016 - 2026 Red Hat, Inc.