Commit 958d4e0e authored Jan 05, 2023 by Fengnan Chang Committed by Jim Harris Jan 05, 2023

nvme: fix memleak when submit request failed



Some memory alloc in nvme_allocate_request_user_copy, and submit
through nvme_qpair_submit_request, if nvme ctrlr is failed or
qpair state not meet the requirements, submit will return -ENXIO,
and call nvme_free_request(), but it will not free
req->payload.contig_or_cb_arg, those memory only gets freed when the
request is actually completed, through nvme_user_copy_cmd_complete().
Let's fix this by add check when submit failed.

Fixes issue #2832
Change-Id: I54f0fc60dbb53ced9f52da7d89017be13db2eee1
Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/15985


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Xiaodong Liu <xiaodong.liu@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>

parent 02ecb2dc

lib/nvme/nvme_ctrlr.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -3362,7 +3362,9 @@ nvme_ctrlr_cleanup_process(struct spdk_nvme_ctrlr_process *proc)
		STAILQ_REMOVE(&proc->active_reqs, req, nvme_request, stailq);

		assert(req->pid == proc->pid);

		if (req->user_buffer && req->payload_size) {
		spdk_free(req->payload.contig_or_cb_arg);
		}
		nvme_free_request(req);
		}

lib/nvme/nvme_pcie_common.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -291,7 +291,9 @@ nvme_pcie_qpair_insert_pending_admin_request(struct spdk_nvme_qpair *qpair,
		} else {
		SPDK_ERRLOG("The owning process (pid %d) is not found. Dropping the request.\n",
		active_req->pid);

		if (active_req->user_buffer && active_req->payload_size) {
		spdk_free(active_req->payload.contig_or_cb_arg);
		}
		nvme_free_request(active_req);
		}
		}

lib/nvme/nvme_qpair.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -1049,6 +1049,10 @@ error:
		return rc;
		}

		if (req->user_buffer && req->payload_size) {
		spdk_free(req->payload.contig_or_cb_arg);
		}

		nvme_free_request(req);

		return rc;