8818ace2f4
A pointer to a stack variable is passed as an argument to nvme_completion_poll_cb function, later this variable is used to track completion in the spdk_nvme_wait_for_completion() function. If normal scenario a request submitted to the admin queue will be completed within the function which submitted the request. spdk_nvme_wait_for_completion() calls nvme_transport_qpair_process_completions which may return an error to the caller, the caller may exit from the function which submitted the request and the pointer to the stack variable will no longer be valid. Thereby the request may not be completed at that time and completed later (e.g. when the controller/qpair are destroyed) and that will lead to call to nvme_completion_poll_cb with the pointer to invalid stack variable. Fix - Dynamically allocate status structure to track the completion; Add a new field to nvme_completion_poll_status structure to track status objects that need to be freed in a completion callback Fixes #1125 Change-Id: Ie0cd8316e1284d42a67439b056c48ab89f23e0d0 Signed-off-by: Alexey Marchuk <alexeymar@mellanox.com> Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/481530 Community-CI: Broadcom SPDK FC-NVMe CI <spdk-ci.pdl@broadcom.com> Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Makefile | ||
| nvme_ut.c | ||