Re: [PATCH net v2] RDS: Fix memory leak in rds_rdma_extra_size()

Next message: ZhengYuan Huang: "[PATCH] ocfs2: validate dx entry list counts on read"
Previous message: Tejun Heo: "[PATCH 4/4] sched_ext: scx_qmap: replace FIFO queue maps with arena-backed lists"
Next in thread: Allison Henderson: "Re: [PATCH net v2] RDS: Fix memory leak in rds_rdma_extra_size()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Abeni

Date: Thu Apr 16 2026 - 04:23:30 EST

On 4/13/26 9:00 AM, Xiaobo Liu wrote:
> @@ -595,11 +600,20 @@ int rds_rdma_extra_size(struct rds_rdma_args *args,
> * nr_pages for one entry is limited to (UINT_MAX>>PAGE_SHIFT)+1,
> * so tot_pages cannot overflow without first going negative.
> */
> - if (tot_pages < 0)
> - return -EINVAL;
> + if (tot_pages < 0) {
> + ret = -EINVAL;
> + goto out;
> + }
> }
>
> - return tot_pages * sizeof(struct scatterlist);
> + ret = tot_pages * sizeof(struct scatterlist);
> +
> +out:
> + if (ret < 0) {
> + kfree(iov->iov);
> + iov->iov = NULL;

Is this really needed?!? AFAICS rds_rdma_extra_size() is invoked only
via: rds_sendmsg() -> rds_rm_size() -> rds_rdma_extra_size(), and the
rds_sendmsg() error path already frees any non NULL iov.

/P