d/numam-spdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bdev/nvme: Remove ctrlr_ch from group's list in error case

Browse Source 
If qpair creation failed, ctrlr_ch remains in group->ctrlr_ch_list
but memory for ctrlr_ch is freed. Next attempt to get ctrlr's io
channel will modify data in already freed memory and may corrupt
another allocation.

Signed-off-by: Alexey Marchuk <alexeymar@mellanox.com>
Change-Id: I85002f2e6ac86a0ffda6dabfa57e79b59074fb5a
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/10840
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Shuhei Matsumoto <shuheimatsumoto@gmail.com>
Reviewed-by: Tomasz Zawadzki <tomasz.zawadzki@intel.com>
This commit is contained in:
Alexey Marchuk 2021-12-23 15:59:05 +03:00 committed by Tomasz Zawadzki
parent 17e9f58f1f
commit 833a5c9d2b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
module/bdev/nvme/bdev_nvme.c
View File

@ -1909,6 +1909,7 @@ bdev_nvme_create_ctrlr_channel_cb(void *io_device, void *ctx_buf)
return 0;
err_qpair:
TAILQ_REMOVE(&ctrlr_ch->group->ctrlr_ch_list, ctrlr_ch, tailq);
spdk_put_io_channel(pg_ch);
return rc;