Date: Thu, 22 Aug 2019 21:56:11 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r351411 - head/sys/dev/nvme Message-ID: <201908222156.x7MLuBZH047343@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: imp Date: Thu Aug 22 21:56:11 2019 New Revision: 351411 URL: https://svnweb.freebsd.org/changeset/base/351411 Log: When we have errors resetting the device before we allocate the queues, don't try to tear them down in the ctrlr_destroy path. Otherwise, we dereference queue structures that are NULL and we trap. This fix is incomplete: we leak IRQ and MSI resources when this happens. That's preferable to a crash but still should be fixed. Modified: head/sys/dev/nvme/nvme_ctrlr.c Modified: head/sys/dev/nvme/nvme_ctrlr.c ============================================================================== --- head/sys/dev/nvme/nvme_ctrlr.c Thu Aug 22 21:49:13 2019 (r351410) +++ head/sys/dev/nvme/nvme_ctrlr.c Thu Aug 22 21:56:11 2019 (r351411) @@ -1211,12 +1211,14 @@ nvme_ctrlr_destruct(struct nvme_controller *ctrlr, dev if (ctrlr->cdev) destroy_dev(ctrlr->cdev); - if (!gone) - nvme_ctrlr_destroy_qpairs(ctrlr); - for (i = 0; i < ctrlr->num_io_queues; i++) - nvme_io_qpair_destroy(&ctrlr->ioq[i]); - free(ctrlr->ioq, M_NVME); - nvme_admin_qpair_destroy(&ctrlr->adminq); + if (ctrlr->is_initialized) { + if (!gone) + nvme_ctrlr_destroy_qpairs(ctrlr); + for (i = 0; i < ctrlr->num_io_queues; i++) + nvme_io_qpair_destroy(&ctrlr->ioq[i]); + free(ctrlr->ioq, M_NVME); + nvme_admin_qpair_destroy(&ctrlr->adminq); + } /* * Notify the controller of a shutdown, even though this is due to
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908222156.x7MLuBZH047343>