[Bug 2153962] [NEW] net/rds: reset op_nents when zerocopy page pin fails

Thu, 21 May 2026 18:10:43 -0700 

Public bug reported:

From
https://lore.kernel.org/netdev/[email protected]/

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinned pages are released with put_page(), and
rm->data.op_mmp_znotifier is cleared.  But we fail to properly
clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the
cleanup loop iterates over the incorrectly non zero number of
op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in
rds_message_zcopy_from_user().

Fixes: 0cebaccef3ac ("rds: zerocopy Tx support.")
Signed-off-by: Allison Henderson <[email protected]>
---
 net/rds/message.c | 1 +
 1 file changed, 1 insertion(+)

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Benjamin Wheeler (benjaminwheeler)
         Status: In Progress

** Affects: linux (Ubuntu Focal)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Jammy)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Noble)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Questing)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Resolute)
     Importance: Undecided
         Status: In Progress

** Also affects: linux (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Questing)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Resolute)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu)
       Status: New => In Progress

** Changed in: linux (Ubuntu Focal)
       Status: New => In Progress

** Changed in: linux (Ubuntu Noble)
       Status: New => In Progress

** Changed in: linux (Ubuntu Resolute)
       Status: New => In Progress

** Changed in: linux (Ubuntu Questing)
       Status: New => In Progress

** Changed in: linux (Ubuntu Jammy)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2153962

Title:
  net/rds: reset op_nents when zerocopy page pin fails

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2153962/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to