[lvc-project] [PATCH] lib: free pagelist on error in iov_iter_extract_pages()
Andrew Morton
akpm at linux-foundation.org
Sat May 9 00:48:23 MSK 2026
On Fri, 8 May 2026 14:13:29 +0300 Dmitry Antipov <dmantipov at yandex.ru> wrote:
> Since 'iov_iter_extract_pages()' may allocate new pagelist if the passed
> one isn't large enough, the worst-case scenario may be:
>
> ...
> struct page *stack_pages[SMALL];
> struct page **pages = stack_pages;
> ...
> if (iov_iter_extract_pages(i..., &pages, ...) <= 0) {
> /* Even in case of error, new pagelist may be allocated */
> if (pages != stack_pages)
> kvfree(pages); [1]
> /* The rest of error handling and return */
> }
> /* Regular flow */
> ...
> if (pages != stack_pages)
> kvfree(pages);
> ...
> return 0;
>
> If you're unlucky so SMALL amount of pages wasn't enough and new
> pagelist was allocated, missing [1] causes the memory leak similar
> to one I've recently observed and fixed for 6.12 in [2]. So adjust
> 'iov_iter_extract_pages()' to make such a cleanup itself rather than
> rely on caller's handling on error paths, thus making [1] not needed.
AI review said things:
https://sashiko.dev/#/patchset/20260508111329.329943-1-dmantipov@yandex.ru
More information about the lvc-project
mailing list