Commit 1a667bc3 authored Oct 15, 2021 by Maurizio Lombardi Committed by Greg Kroah-Hartman Nov 17, 2021

nvmet-tcp: fix a memory leak when releasing a queue



[ Upstream commit 926245c7d22271307606c88b1fbb2539a8550e94 ]

page_frag_free() won't completely release the memory
allocated for the commands, the cache page must be explicitly
freed by calling __page_frag_cache_drain().

This bug can be easily reproduced by repeatedly
executing the following command on the initiator:

$echo 1 > /sys/devices/virtual/nvme-fabrics/ctl/nvme0/reset_controller

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 2f3860ba

drivers/nvme/target/tcp.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1343,6 +1343,7 @@ static void nvmet_tcp_uninit_data_in_cmds(struct nvmet_tcp_queue *queue)

		static void nvmet_tcp_release_queue_work(struct work_struct *w)
		{
		struct page *page;
		struct nvmet_tcp_queue *queue =
		container_of(w, struct nvmet_tcp_queue, release_work);

		@@ -1362,6 +1363,8 @@ static void nvmet_tcp_release_queue_work(struct work_struct *w)
		nvmet_tcp_free_crypto(queue);
		ida_simple_remove(&nvmet_tcp_queue_ida, queue->idx);

		page = virt_to_head_page(queue->pf_cache.va);
		__page_frag_cache_drain(page, queue->pf_cache.pagecnt_bias);
		kfree(queue);
		}