d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When we have errors resetting the device before we allocate the

Browse Source 
queues, don't try to tear them down in the ctrlr_destroy
path. Otherwise, we dereference queue structures that are NULL and we
trap.

This fix is incomplete: we leak IRQ and MSI resources when this
happens. That's preferable to a crash but still should be fixed.
This commit is contained in:
Warner Losh 2019-08-22 21:56:11 +00:00
parent da8147c3c5
commit 8e61280bd9
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/dev/nvme/nvme_ctrlr.c
View File

@ -1211,12 +1211,14 @@ nvme_ctrlr_destruct(struct nvme_controller *ctrlr, device_t dev)
if (ctrlr->cdev)
destroy_dev(ctrlr->cdev);
if (!gone)
nvme_ctrlr_destroy_qpairs(ctrlr);
for (i = 0; i < ctrlr->num_io_queues; i++)
nvme_io_qpair_destroy(&ctrlr->ioq[i]);
free(ctrlr->ioq, M_NVME);
nvme_admin_qpair_destroy(&ctrlr->adminq);
if (ctrlr->is_initialized) {
if (!gone)
nvme_ctrlr_destroy_qpairs(ctrlr);
for (i = 0; i < ctrlr->num_io_queues; i++)
nvme_io_qpair_destroy(&ctrlr->ioq[i]);
free(ctrlr->ioq, M_NVME);
nvme_admin_qpair_destroy(&ctrlr->adminq);
}
/*
* Notify the controller of a shutdown, even though this is due to