[PATCH 0/4] nvme: fix several bugs in nvme-fabric

[Taehee Yoo <ap420073@gmail.com>]

There are several race conditions in the nvme-fabric scenario.
It fixes these bugs as well as a memory leak.

The first patch fixes kernel panic in delete controller logic because 
of dereference of an uninitialized controller.
Currently, controllers can be deleted with the sysfs.
It should be disallowed before controller initialization.
But it is allowed always.
So, the delete controller logic possibly accesses uninitialized 
controller resources, which results in kernel panic.

The second patch fixes kernel panic in reset controller logic because 
of dereference of an uninitialized controller.
This issue is very similar to the first issue.
The solution is very similar too.
It prevents resetting controllers before the initialization of the nvme 
controller.

The third patch fixes a race condition between nvmet_ns_disable() 
and nvmet_ns_enable()
nvmet_ns_enable() and nvmet_ns_disable() should not be worked concurrently.
But, it is possible.
So, hang occurs in the nvmet_ns_disable() due to a race condition.

The last patch fixes a memory leak when a tcp target is released.
When a host sends a reset command to the target, a target calls 
nvmet_tcp_free_cmd_data_in_buffers() to free resources in the CMD.
It internally possibly skips freeing resources due to some condition.
At this point, a memory leak would occur.

Taehee Yoo (4):
  nvme: fix delete uninitialized controller
  nvme: fix reset uninitialized controller
  nvmet: fix hang in nvmet_ns_disable()
  nvmet-tcp: fix memory leak in nvmet_tcp_free_cmd_data_in_buffers()

 drivers/nvme/host/core.c       | 31 +++++++++++++++++++++----------
 drivers/nvme/target/configfs.c | 14 +++++++-------
 drivers/nvme/target/core.c     | 10 ++++++----
 drivers/nvme/target/nvmet.h    |  8 +++++++-
 drivers/nvme/target/tcp.c      |  9 +++------
 5 files changed, 44 insertions(+), 28 deletions(-)

-- 
2.34.1