Linux RDMA and InfiniBand development
 help / color / mirror / Atom feed
* [PATCH net v1] net/rds: reset op_nents when zerocopy page pin fails
@ 2026-05-05 23:43 Allison Henderson
  2026-05-09 10:59 ` Simon Horman
  0 siblings, 1 reply; 2+ messages in thread
From: Allison Henderson @ 2026-05-05 23:43 UTC (permalink / raw)
  To: netdev, pabeni, edumazet, kuba, horms, linux-rdma, achender

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinned pages are released with put_page(), and
rm->data.op_mmp_znotifier is cleared.  But we fail to properly
clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the
cleanup loop iterates over the incorrectly non zero number of
op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in
rds_message_zcopy_from_user().

Fixes: 0cebaccef3ac ("rds: zerocopy Tx support.")
Signed-off-by: Allison Henderson <achender@kernel.org>
---
 net/rds/message.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/rds/message.c b/net/rds/message.c
index 25fedcb3cd00..7feb0eb6537d 100644
--- a/net/rds/message.c
+++ b/net/rds/message.c
@@ -448,6 +448,7 @@ static int rds_message_zcopy_from_user(struct rds_message *rm, struct iov_iter *
 
 			for (i = 0; i < rm->data.op_nents; i++)
 				put_page(sg_page(&rm->data.op_sg[i]));
+			rm->data.op_nents = 0;
 			mmp = &rm->data.op_mmp_znotifier->z_mmp;
 			mm_unaccount_pinned_pages(mmp);
 			ret = -EFAULT;
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-09 10:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-05 23:43 [PATCH net v1] net/rds: reset op_nents when zerocopy page pin fails Allison Henderson
2026-05-09 10:59 ` Simon Horman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox