From e398dcdadbddf725c9f3d88b2b1b194d1a7abe03 Mon Sep 17 00:00:00 2001 From: Thanos Makatos Date: Wed, 9 Nov 2022 10:08:40 +0000 Subject: [PATCH] nvmf/vfio-user: don't use uninitialized refcount for admin CQ Signed-off-by: Thanos Makatos Change-Id: I16d511ac10b8ba4dfb2f7a7e5c144e2f2fe1bad5 Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/15386 Tested-by: SPDK CI Jenkins Reviewed-by: Ben Walker Reviewed-by: Jim Harris Reviewed-by: Changpeng Liu Reviewed-by: John Levon --- lib/nvmf/vfio_user.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/nvmf/vfio_user.c b/lib/nvmf/vfio_user.c index 61b1846dc..c39219e81 100644 --- a/lib/nvmf/vfio_user.c +++ b/lib/nvmf/vfio_user.c @@ -329,7 +329,7 @@ struct nvmf_vfio_user_sq { struct nvmf_vfio_user_cq { struct spdk_nvmf_transport_poll_group *group; struct spdk_thread *thread; - uint32_t cq_ref; + int cq_ref; uint32_t qid; /* Number of entries in queue. */ @@ -1763,10 +1763,8 @@ delete_sq_done(struct nvmf_vfio_user_ctrlr *vu_ctrlr, struct nvmf_vfio_user_sq * SPDK_DEBUGLOG(nvmf_vfio, "%s: try to delete cqid:%u=%p\n", ctrlr_id(vu_ctrlr), cq->qid, cq); - if (cq->cq_ref) { - cq->cq_ref--; - } - if (cq->cq_ref == 0) { + assert(cq->cq_ref > 0); + if (--cq->cq_ref == 0) { unmap_q(vu_ctrlr, &cq->mapping); cq->size = 0; cq->cq_state = VFIO_USER_CQ_DELETED; @@ -4978,6 +4976,11 @@ handle_queue_connect_rsp(struct nvmf_vfio_user_req *req, void *cb_arg) pthread_mutex_lock(&endpoint->lock); if (nvmf_qpair_is_admin_queue(&sq->qpair)) { admin_cq->thread = spdk_get_thread(); + /* + * The admin queue is special as SQ0 and CQ0 are created + * together. + */ + admin_cq->cq_ref = 1; start_ctrlr(vu_ctrlr, sq->qpair.ctrlr); } else { /* For I/O queues this command was generated in response to an