[PATCH V3 0/3] Fix a race condition when performing a controller reset
Maurizio Lombardi
mlombard at redhat.com
Tue Nov 16 07:49:17 PST 2021
Memory leaks and kernel panics involving the nvmet driver
have been observed when an initiator executes a reset_controller
operation while doing I/O.
The problem is due to a race condition between io_work
and release_queue, the latter may end up destroying the
commands while io_work is still running, causing use-after-free
and memory leaks.
V3:
- rename nvmet_tcp_free_iovec() to nvmet_tcp_free_cmd_buffers()
V2:
- Use "queue->rcv_state" to prevent the race condition, as suggested
by Sagi Grimberg.
- Dropped the changes to nvmet_tcp_queue_response() because they are
no longer necessary.
- Fix the memory leaks in a separate patch (PATCH 3/3).
Maurizio Lombardi (3):
nvmet-tcp: fix a race condition between release_queue and io_work
nvmet-tcp: add an helper to free the cmd buffers
nvmet-tcp: fix memory leak when performing a controller reset
drivers/nvme/target/tcp.c | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
--
2.27.0
More information about the Linux-nvme
mailing list