Re: [PATCH] nvmet-tcp: fix page fragment cache leak in error path

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@lst.de>
To: Geliang Tang <geliang@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Sagi Grimberg <sagi@grimberg.me>,
	Chaitanya Kulkarni <kch@nvidia.com>,
	Roy Shterman <roys@lightbitslabs.com>,
	Solganik Alexander <sashas@lightbitslabs.com>,
	Hannes Reinecke <hare@suse.de>,
	Geliang Tang <tanggeliang@kylinos.cn>,
	linux-nvme@lists.infradead.org
Subject: Re: [PATCH] nvmet-tcp: fix page fragment cache leak in error path
Date: Tue, 26 May 2026 09:12:01 +0200	[thread overview]
Message-ID: <20260526071201.GA25581@lst.de> (raw)
In-Reply-To: <39d57858464bb3933160d6f7583640db086fbb80.1779702494.git.tanggeliang@kylinos.cn>

On Mon, May 25, 2026 at 05:50:19PM +0800, Geliang Tang wrote:
> From: Geliang Tang <tanggeliang@kylinos.cn>
> 
> In nvmet_tcp_alloc_queue(), when a connection is closed during the
> allocation process (e.g., nvmet_tcp_set_queue_sock() returns -ENOTCONN),
> the error handling jumps to out_free_queue without draining the page
> fragment cache.

nvmet_tcp_set_queue_sock jumps to out_destroy_sq.

> Although nvmet_tcp_free_cmd() is called in some error paths to release
> individual page fragments, the underlying page cache reference held by
> queue->pf_cache is never released. This results in a page leak each time
> a connection fails during allocation, which could lead to memory
> exhaustion over time if connections are repeatedly opened and closed.
> 
> Fix this by calling page_frag_cache_drain() before freeing the queue
> structure in the out_free_queue label.

The first allocation using pf_cache is the call to nvmet_tcp_alloc_cmd
after ida_alloc.  So afaik this drain should at the out_ida_remove
label.  And given how obscure this is, maybe a comment would not
hurt either?

Otherwise this looks good.

     prev parent reply	other threads:[~2026-05-26  7:12 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-25  9:50 [PATCH] nvmet-tcp: fix page fragment cache leak in error path Geliang Tang
2026-05-26  7:12 ` Christoph Hellwig [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260526071201.GA25581@lst.de \
    --to=hch@lst.de \
    --cc=geliang@kernel.org \
    --cc=hare@suse.de \
    --cc=kch@nvidia.com \
    --cc=linux-nvme@lists.infradead.org \
    --cc=roys@lightbitslabs.com \
    --cc=sagi@grimberg.me \
    --cc=sashas@lightbitslabs.com \
    --cc=tanggeliang@kylinos.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.