• Sagi Grimberg's avatar
    nvmet: fix memory leak when removing namespaces and controllers concurrently · 64f5e9cd
    Sagi Grimberg authored
    When removing a namespace, we add an NS_CHANGE async event, however if
    the controller admin queue is removed after the event was added but not
    yet processed, we won't free the aens, resulting in the below memory
    leak [1].
    
    Fix that by moving nvmet_async_event_free to the final controller
    release after it is detached from subsys->ctrls ensuring no async
    events are added, and modify it to simply remove all pending aens.
    
    --
    $ cat /sys/kernel/debug/kmemleak
    unreferenced object 0xffff888c1af2c000 (size 32):
      comm "nvmetcli", pid 5164, jiffies 4295220864 (age 6829.924s)
      hex dump (first 32 bytes):
        28 01 82 3b 8b 88 ff ff 28 01 82 3b 8b 88 ff ff  (..;....(..;....
        02 00 04 65 76 65 6e 74 5f 66 69 6c 65 00 00 00  ...event_file...
      backtrace:
        [<00000000217ae580>] nvmet_add_async_event+0x57/0x290 [nvmet]
        [<0000000012aa2ea9>] nvmet_ns_changed+0x206/0x300 [nvmet]
        [<00000000bb3fd52e>] nvmet_ns_disable+0x367/0x4f0 [nvmet]
        [<00000000e91ca9ec>] nvmet_ns_free+0x15/0x180 [nvmet]
        [<00000000a15deb52>] config_item_release+0xf1/0x1c0
        [<000000007e148432>] configfs_rmdir+0x555/0x7c0
        [<00000000f4506ea6>] vfs_rmdir+0x142/0x3c0
        [<0000000000acaaf0>] do_rmdir+0x2b2/0x340
        [<0000000034d1aa52>] do_syscall_64+0xa5/0x4d0
        [<00000000211f13bc>] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
    
    Fixes: a07b4970 ("nvmet: add a generic NVMe target")
    Reported-by: default avatarDavid Milburn <dmilburn@redhat.com>
    Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
    Tested-by: default avatarDavid Milburn <dmilburn@redhat.com>
    Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
    64f5e9cd
core.c 37.3 KB