git: 11ab396fc995 - releng/14.0 - nvme: Fix memory leak in pt ioctl commands
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 09 Oct 2023 18:13:23 UTC
The branch releng/14.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=11ab396fc995b72d9d5f5d54d0bc93840a7fbf76 commit 11ab396fc995b72d9d5f5d54d0bc93840a7fbf76 Author: David Sloan <david.sloan@eideticom.com> AuthorDate: 2023-09-07 16:22:21 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2023-10-09 18:05:36 +0000 nvme: Fix memory leak in pt ioctl commands When running nvme passthrough commands through the ioctl interface memory is mapped with vmapbuf() but not unmapped. This results in leaked memory whenever a process executes an nvme passthrough command with a data buffer. This can be replicated with a simple c function (error checks skipped for brevity): void leak_memory(int nvme_ns_fd, uint16_t nblocks) { struct nvme_pt_command pt = { .cmd = { .opc = NVME_OPC_READ, .cdw12 = nblocks - 1, }, .len = nblocks * 512, // Assumes devices with 512 byte lba .is_read = 1, // Reads and writes should both trigger leak } void *buf; posix_memalign(&buf, nblocks * 512); pt.buf = buf; ioctl(nvme_ns_fd, NVME_PASSTHROUGH_COMMAND, &pt); free(buf); } Signed-off-by: David Sloan <david.sloan@eideticom.com> Approved by: re (gjb) PR: 273626 Reviewed by: imp, markj MFC after: 1 week (cherry picked from commit 7ea866eb14f8ec869a525442c03228b6701e1dab) (cherry picked from commit 510404f2f49e0797bbef0034b3c13831bed78b35) --- sys/dev/nvme/nvme_ctrlr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/nvme/nvme_ctrlr.c b/sys/dev/nvme/nvme_ctrlr.c index 30a5ee81b2a4..ef4d7daa6efa 100644 --- a/sys/dev/nvme/nvme_ctrlr.c +++ b/sys/dev/nvme/nvme_ctrlr.c @@ -1334,8 +1334,9 @@ nvme_ctrlr_passthrough_cmd(struct nvme_controller *ctrlr, mtx_sleep(pt, mtx, PRIBIO, "nvme_pt", 0); mtx_unlock(mtx); -err: if (buf != NULL) { + vunmapbuf(buf); +err: uma_zfree(pbuf_zone, buf); PRELE(curproc); }