Re: [RESEND] [PATCH] nvme-tcp: fix usage of page_frag_cache

From: Hannes Reinecke
Date: Tue Nov 04 2025 - 05:40:43 EST

Next message: Punit Agrawal: "Re: [PATCH] arm64: kprobes: check the return value of set_memory_rox()"
Previous message: Marco Crivellari: "[PATCH] soc/xilinx: replace use of system_unbound_wq with system_dfl_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/27/25 17:36, Dmitry Bogdanov wrote:

nvme uses page_frag_cache to preallocate PDU for each preallocated request
of block device. Block devices are created in parallel threads,
consequently page_frag_cache is used in not thread-safe manner.
That leads to incorrect refcounting of backstore pages and premature free.

That can be catched by !sendpage_ok inside network stack:

WARNING: CPU: 7 PID: 467 at ../net/core/skbuff.c:6931 skb_splice_from_iter+0xfa/0x310.
tcp_sendmsg_locked+0x782/0xce0
tcp_sendmsg+0x27/0x40
sock_sendmsg+0x8b/0xa0
nvme_tcp_try_send_cmd_pdu+0x149/0x2a0
Then random panic may occur.

Fix that by serializing the usage of page_frag_cache.

Cc: stable@xxxxxxxxxxxxxxx # 6.12
Fixes: 4e893ca81170 ("nvme_core: scan namespaces asynchronously")
Signed-off-by: Dmitry Bogdanov <d.bogdanov@xxxxxxxxx>
---
drivers/nvme/host/tcp.c | 8 ++++++++
1 file changed, 8 insertions(+)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Next message: Punit Agrawal: "Re: [PATCH] arm64: kprobes: check the return value of set_memory_rox()"
Previous message: Marco Crivellari: "[PATCH] soc/xilinx: replace use of system_unbound_wq with system_dfl_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]