Re: [PATCH] fix: nvmet: nvmet_sq_create: fix ctrl reference leak on nvmet_check_sqid failure
From: WenTao Liang
Date: Sun Jun 28 2026 - 00:04:01 EST
> 2026年6月26日 23:40,WenTao Liang <vulab@xxxxxxxxxxx> 写道:
>
> After kref_get_unless_zero successfully acquires a ctrl reference, the
> nvmet_check_sqid failure path returns the status directly without calling
> nvmet_ctrl_put, leaving the ctrl reference permanently leaked.
>
> Add nvmet_ctrl_put before returning on the nvmet_check_sqid error path to
> properly release the acquired reference.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: a07b4970f464 ("nvmet: add a generic NVMe target")
> Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
> ---
> drivers/nvme/target/core.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
> index 62dd59b9aa4f..52fc2dade4ea 100644
> --- a/drivers/nvme/target/core.c
> +++ b/drivers/nvme/target/core.c
> @@ -943,8 +943,10 @@ u16 nvmet_sq_create(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq,
> return NVME_SC_INTERNAL | NVME_STATUS_DNR;
>
> status = nvmet_check_sqid(ctrl, sqid, true);
> - if (status != NVME_SC_SUCCESS)
> + if (status != NVME_SC_SUCCESS) {
> + nvmet_ctrl_put(ctrl);
> return status;
> + }
>
> ret = nvmet_sq_init(sq, cq);
> if (ret) {
> --
> 2.39.5 (Apple Git-154)
Please ignore this patch. I will resend a proper version after
learning the kernel submission process.
Apologies for the noise.
Best regards,
WenTao Liang