Patch "nvmet-tcp: fix possible memory leak when tearing down a controller" has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    nvmet-tcp: fix possible memory leak when tearing down a controller

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nvmet-tcp-fix-possible-memory-leak-when-tearing-down.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6e78062453eea76eeed55d82c4fdbd5030845dab
Author: Sagi Grimberg <sagi@xxxxxxxxxxx>
Date:   Sun Apr 28 11:49:49 2024 +0300

    nvmet-tcp: fix possible memory leak when tearing down a controller
    
    [ Upstream commit 6825bdde44340c5a9121f6d6fa25cc885bd9e821 ]
    
    When we teardown the controller, we wait for pending I/Os to complete
    (sq->ref on all queues to drop to zero) and then we go over the commands,
    and free their command buffers in case they are still fetching data from
    the host (e.g. processing nvme writes) and have yet to take a reference
    on the sq.
    
    However, we may miss the case where commands have failed before executing
    and are queued for sending a response, but will never occur because the
    queue socket is already down. In this case we may miss deallocating command
    buffers.
    
    Solve this by freeing all commands buffers as nvmet_tcp_free_cmd_buffers is
    idempotent anyways.
    
    Reported-by: Yi Zhang <yi.zhang@xxxxxxxxxx>
    Tested-by: Yi Zhang <yi.zhang@xxxxxxxxxx>
    Signed-off-by: Sagi Grimberg <sagi@xxxxxxxxxxx>
    Reviewed-by: Christoph Hellwig <hch@xxxxxx>
    Signed-off-by: Keith Busch <kbusch@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index c8655fc5aa5b8..8d4531a1606d1 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -348,6 +348,7 @@ static int nvmet_tcp_check_ddgst(struct nvmet_tcp_queue *queue, void *pdu)
 	return 0;
 }
 
+/* If cmd buffers are NULL, no operation is performed */
 static void nvmet_tcp_free_cmd_buffers(struct nvmet_tcp_cmd *cmd)
 {
 	kfree(cmd->iov);
@@ -1580,13 +1581,9 @@ static void nvmet_tcp_free_cmd_data_in_buffers(struct nvmet_tcp_queue *queue)
 	struct nvmet_tcp_cmd *cmd = queue->cmds;
 	int i;
 
-	for (i = 0; i < queue->nr_cmds; i++, cmd++) {
-		if (nvmet_tcp_need_data_in(cmd))
-			nvmet_tcp_free_cmd_buffers(cmd);
-	}
-
-	if (!queue->nr_cmds && nvmet_tcp_need_data_in(&queue->connect))
-		nvmet_tcp_free_cmd_buffers(&queue->connect);
+	for (i = 0; i < queue->nr_cmds; i++, cmd++)
+		nvmet_tcp_free_cmd_buffers(cmd);
+	nvmet_tcp_free_cmd_buffers(&queue->connect);
 }
 
 static void nvmet_tcp_release_queue_work(struct work_struct *w)




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux