Patch "nvmet: fix a memory leak in controller identify" has been added to the 6.13-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 9 Feb 2025 23:00:35 -0500

This is a note to let you know that I've just added the patch titled

    nvmet: fix a memory leak in controller identify

to the 6.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nvmet-fix-a-memory-leak-in-controller-identify.patch
and it can be found in the queue-6.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f6a5a86c27a43a3ec15bfc099130c0d6c281f5d6
Author: Sagi Grimberg <sagi@xxxxxxxxxxx>
Date:   Fri Jan 24 13:00:33 2025 +0200

    nvmet: fix a memory leak in controller identify
    
    [ Upstream commit 58f5c8d5ca07a2f9fa93fb073f5b1646ec482ff2 ]
    
    Simply free an allocated buffer once we copied its content
    to the request sgl.
    
    kmemleak complaint:
    unreferenced object 0xffff8cd40c388000 (size 4096):
      comm "kworker/2:2H", pid 14739, jiffies 4401313113
      hex dump (first 32 bytes):
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace (crc 0):
        [<ffffffff9e01087a>] kmemleak_alloc+0x4a/0x90
        [<ffffffff9d30324a>] __kmalloc_cache_noprof+0x35a/0x420
        [<ffffffffc180b0e2>] nvmet_execute_identify+0x912/0x9f0 [nvmet]
        [<ffffffffc181a72c>] nvmet_tcp_try_recv_pdu+0x84c/0xc90 [nvmet_tcp]
        [<ffffffffc181ac02>] nvmet_tcp_io_work+0x82/0x8b0 [nvmet_tcp]
        [<ffffffff9cfa7158>] process_one_work+0x178/0x3e0
        [<ffffffff9cfa8e9c>] worker_thread+0x2ec/0x420
        [<ffffffff9cfb2140>] kthread+0xf0/0x120
        [<ffffffff9cee36a4>] ret_from_fork+0x44/0x70
        [<ffffffff9ce7fdda>] ret_from_fork_asm+0x1a/0x30
    
    Fixes: 84909f7decbd ("nvmet: use kzalloc instead of ZERO_PAGE in nvme_execute_identify_ns_nvm()")
    Signed-off-by: Sagi Grimberg <sagi@xxxxxxxxxxx>
    Reviewed-by: Nilay Shroff <nilay@xxxxxxxxxxxxx>
    Signed-off-by: Keith Busch <kbusch@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index fa89b0549c36c..7b70635373fd8 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -915,6 +915,7 @@ static void nvme_execute_identify_ns_nvm(struct nvmet_req *req)
 		goto out;
 	}
 	status = nvmet_copy_to_sgl(req, 0, id, sizeof(*id));
+	kfree(id);
 out:
 	nvmet_req_complete(req, status);
 }







