[PATCH] nvme-tcp: fix memory leak when freeing a queue
Maurizio Lombardi
mlombard at redhat.com
Wed Nov 3 04:03:10 PDT 2021
> >
> > Thanks Maurizio,
> >
> > Why do we need to the pf_cache.va protection? nvme_tcp_free_queue
> > is already protected against re-entry with the NVME_TCP_Q_ALLOCATED
> > bit.
> >
>
> It's not the re-entry what worried me, I thought that nvme_tcp_free_queue()
> might be called before page_frag_alloc() had the chance to initialize the pf_cache, triggering
> a NULL pointer dereference. I am doing some tests right now and it seems not to be
> possible so maybe we can drop the "if".
Oh wait, if nvme_tcp_setup_ctrl() fails it could call nvme_tcp_destroy_io_queues() and
iI guess that in that case the pf_cache is not initialized, so the if(pf_cache.va) protection
is necessary.
Maurizio
More information about the Linux-nvme
mailing list