[PATCH] nvme-tcp: fix memory leak when freeing a queue
Christoph Hellwig
hch at lst.de
Tue Nov 9 00:13:03 PST 2021
On Wed, Nov 03, 2021 at 12:03:10PM +0100, Maurizio Lombardi wrote:
> > >
> > > Thanks Maurizio,
> > >
> > > Why do we need to the pf_cache.va protection? nvme_tcp_free_queue
> > > is already protected against re-entry with the NVME_TCP_Q_ALLOCATED
> > > bit.
> > >
> >
> > It's not the re-entry what worried me, I thought that nvme_tcp_free_queue()
> > might be called before page_frag_alloc() had the chance to initialize the pf_cache, triggering
> > a NULL pointer dereference. I am doing some tests right now and it seems not to be
> > possible so maybe we can drop the "if".
>
> Oh wait, if nvme_tcp_setup_ctrl() fails it could call nvme_tcp_destroy_io_queues() and
> iI guess that in that case the pf_cache is not initialized, so the if(pf_cache.va) protection
> is necessary.
Sagi, does this look good to you now?
More information about the Linux-nvme
mailing list