[PATCH V4] nvme-tcp: teardown circular lockng fixes
Keith Busch
kbusch at kernel.org
Mon Apr 20 09:29:53 PDT 2026
On Mon, Apr 13, 2026 at 10:16:28AM -0700, Chaitanya Kulkarni wrote:
> When a controller reset is triggered via sysfs (by writing to
> /sys/class/nvme/<nvmedev>/reset_controller), the reset work tears down
> and re-establishes all queues. The socket release using fput() defers
> the actual cleanup to task_work delayed_fput workqueue. This deferred
> cleanup can race with the subsequent queue re-allocation during reset,
> potentially leading to use-after-free or resource conflicts.
>
> Replace fput() with __fput_sync() to ensure synchronous socket release,
> guaranteeing that all socket resources are fully cleaned up before the
> function returns. This prevents races during controller reset where
> new queue setup may begin before the old socket is fully released.
Thanks, applied to nvme-7.1.
More information about the Linux-nvme
mailing list