[PATCH] nvme-tcp: fix memory leak when freeing a queue

Sagi Grimberg sagi at grimberg.me
Tue Nov 9 07:54:40 PST 2021


>>>> Thanks Maurizio,
>>>>
>>>> Why do we need to the pf_cache.va protection? nvme_tcp_free_queue
>>>> is already protected against re-entry with the NVME_TCP_Q_ALLOCATED
>>>> bit.
>>>>
>>>
>>> It's not the re-entry what worried me, I thought that nvme_tcp_free_queue()
>>> might be called before page_frag_alloc() had the chance to initialize the pf_cache, triggering
>>> a NULL pointer dereference. I am doing some tests right now and it seems not to be
>>> possible so maybe we can drop the "if".
>>
>> Oh wait, if nvme_tcp_setup_ctrl() fails it could call nvme_tcp_destroy_io_queues() and
>> iI guess that in that case the pf_cache is not initialized, so the if(pf_cache.va) protection
>> is necessary.
> 
> Sagi, does this look good to you now?

Yes,

Reviewed-by: Sagi Grimberg <sagi at grimberg.me>



More information about the Linux-nvme mailing list