[lvc-project] [PATCH] lib: free pagelist on error in iov_iter_extract_pages()
Fedor Pchelkin
pchelkin at ispras.ru
Thu Jun 4 16:46:00 MSK 2026
On Fri, 08. May 14:48, Andrew Morton wrote:
> On Fri, 8 May 2026 14:13:29 +0300 Dmitry Antipov <dmantipov at yandex.ru> wrote:
>
> > Since 'iov_iter_extract_pages()' may allocate new pagelist if the passed
> > one isn't large enough, the worst-case scenario may be:
> >
> > ...
> > struct page *stack_pages[SMALL];
> > struct page **pages = stack_pages;
> > ...
> > if (iov_iter_extract_pages(i..., &pages, ...) <= 0) {
> > /* Even in case of error, new pagelist may be allocated */
> > if (pages != stack_pages)
> > kvfree(pages); [1]
> > /* The rest of error handling and return */
> > }
> > /* Regular flow */
> > ...
> > if (pages != stack_pages)
> > kvfree(pages);
> > ...
> > return 0;
> >
> > If you're unlucky so SMALL amount of pages wasn't enough and new
> > pagelist was allocated, missing [1] causes the memory leak similar
> > to one I've recently observed and fixed for 6.12 in [2]. So adjust
> > 'iov_iter_extract_pages()' to make such a cleanup itself rather than
> > rely on caller's handling on error paths, thus making [1] not needed.
>
> AI review said things:
> https://sashiko.dev/#/patchset/20260508111329.329943-1-dmantipov@yandex.ru
The current v1 patch is in mm-nonmm-unstable branch of your repo [1].
Please drop it.
Apart from AI, there were comments from Caleb Sander Mateos in this
thread. v2 then appeared [2], but it had some issues, too. Eventually it
seems a direct patch into block subsystem [3] has found some positive
feedback. (Though it's still not applied but that question is left for
block subsystem maintainers)
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-nonmm-unstable&id=3ba07338fe5aae5f0f6b09d9029e1ccb4434b867
[2]: https://lore.kernel.org/all/20260512170525.357573-1-dmantipov@yandex.ru/
[3]: https://lore.kernel.org/all/20260513070515.528861-1-dmantipov@yandex.ru/
More information about the lvc-project
mailing list