[PATCH] nvme-rdma: Always signal fabrics private commands
Christoph Hellwig
hch at lst.de
Tue Jun 28 01:41:05 PDT 2016
On Sun, Jun 26, 2016 at 07:41:39PM +0300, Sagi Grimberg wrote:
> Our error path is freeing the tagset before we free the queue (draining
> the qp) so we get to a use-after-free condition (->done() is a freed
> tag memory).
>
> Note that we must allocate the qp before we allocate the tagset because
> we need the device when init_request callouts come. So we allocated
> before, we free after. An alternative fix was to free the queue before
> the tagset even though we allocated it before (as Steve suggested).
Would draining, but not freeing the qp before freeing the tagset work?
That seems like the most sensible option here.
More information about the Linux-nvme
mailing list