[PATCH] nvme-tcp: fix memory leak when freeing a queue
John Meneghini
jmeneghi at redhat.com
Tue Nov 9 07:37:37 PST 2021
Looks good to me.
Reviewed-by: John Meneghini <jmeneghi at redhat.com>
On 11/9/21 03:13, Christoph Hellwig wrote:
> On Wed, Nov 03, 2021 at 12:03:10PM +0100, Maurizio Lombardi wrote:
>>>>
>>>> Thanks Maurizio,
>>>>
>>>> Why do we need to the pf_cache.va protection? nvme_tcp_free_queue
>>>> is already protected against re-entry with the NVME_TCP_Q_ALLOCATED
>>>> bit.
>>>>
>>>
>>> It's not the re-entry what worried me, I thought that nvme_tcp_free_queue()
>>> might be called before page_frag_alloc() had the chance to initialize the pf_cache, triggering
>>> a NULL pointer dereference. I am doing some tests right now and it seems not to be
>>> possible so maybe we can drop the "if".
>>
>> Oh wait, if nvme_tcp_setup_ctrl() fails it could call nvme_tcp_destroy_io_queues() and
>> iI guess that in that case the pf_cache is not initialized, so the if(pf_cache.va) protection
>> is necessary.
>
> Sagi, does this look good to you now?
>
More information about the Linux-nvme
mailing list