]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 001e575)
nvme: target: rdma: fix ndev refcount leak on queue connect
authorWentao Liang <vulab@iscas.ac.cn>
Wed, 27 May 2026 08:45:44 +0000 (08:45 +0000)
committerKeith Busch <kbusch@kernel.org>
Wed, 27 May 2026 15:40:35 +0000 (08:40 -0700)
nvmet_rdma_queue_connect() calls nvmet_rdma_find_get_device() which
acquires a reference on the returned ndev via kref_get(). On the path
where the host queue backlog is exceeded and the function returns
NVME_SC_CONNECT_CTRL_BUSY, reference of ndev is not released, leaking
the kref.

Fix this by adding a goto to the existing put_device label before the
early return.

Fixes: 31deaeb11ba7 ("nvmet-rdma: avoid circular locking dependency on install_queue()")
Cc: stable@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Signed-off-by: Keith Busch <kbusch@kernel.org>
drivers/nvme/target/rdma.c patch | blob | blame | history

diff --git a/drivers/nvme/target/rdma.c b/drivers/nvme/target/rdma.c
index e6e2c3f9afdf57d431f10d5a0b93497e40cc910c..ac26f4f774c4de62e163ded12bded70edbab68f7 100644 (file)
--- a/drivers/nvme/target/rdma.c
+++ b/drivers/nvme/target/rdma.c
@@ -1598,8 +1598,10 @@ static int nvmet_rdma_queue_connect(struct rdma_cm_id *cm_id,
                                pending++;
                }
                mutex_unlock(&nvmet_rdma_queue_mutex);
-               if (pending > NVMET_RDMA_BACKLOG)
-                       return NVME_SC_CONNECT_CTRL_BUSY;
+               if (pending > NVMET_RDMA_BACKLOG) {
+                       ret = NVME_SC_CONNECT_CTRL_BUSY;
+                       goto put_device;
+               }
        }
 
        ret = nvmet_rdma_cm_accept(cm_id, queue, &event->param.conn);
A mirror of Linus' kernel repository