Patch "SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sunrpc-fix-a-slow-server-side-memory-leak-with-rpc-o.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit dfe879bfb9542154b6d758925c8c513eb46a6d67
Author: Chuck Lever <chuck.lever@xxxxxxxxxx>
Date:   Wed Apr 3 10:36:25 2024 -0400

    SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP
    
    [ Upstream commit 05258a0a69b3c5d2c003f818702c0a52b6fea861 ]
    
    Jan Schunk reports that his small NFS servers suffer from memory
    exhaustion after just a few days. A bisect shows that commit
    e18e157bb5c8 ("SUNRPC: Send RPC message on TCP with a single
    sock_sendmsg() call") is the first bad commit.
    
    That commit assumed that sock_sendmsg() releases all the pages in
    the underlying bio_vec array, but the reality is that it doesn't.
    svc_xprt_release() releases the rqst's response pages, but the
    record marker page fragment isn't one of those, so it is never
    released.
    
    This is a narrow fix that can be applied to stable kernels. A
    more extensive fix is in the works.
    
    Reported-by: Jan Schunk <scpcom@xxxxxx>
    Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218671
    Fixes: e18e157bb5c8 ("SUNRPC: Send RPC message on TCP with a single sock_sendmsg() call")
    Cc: Alexander Duyck <alexander.duyck@xxxxxxxxx>
    Cc: Jakub Kacinski <kuba@xxxxxxxxxx>
    Cc: David Howells <dhowells@xxxxxxxxxx>
    Reviewed-by: David Howells <dhowells@xxxxxxxxxx>
    Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index e0ce4276274be..933e12e3a55c7 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1216,15 +1216,6 @@ static int svc_tcp_recvfrom(struct svc_rqst *rqstp)
  * MSG_SPLICE_PAGES is used exclusively to reduce the number of
  * copy operations in this path. Therefore the caller must ensure
  * that the pages backing @xdr are unchanging.
- *
- * Note that the send is non-blocking. The caller has incremented
- * the reference count on each page backing the RPC message, and
- * the network layer will "put" these pages when transmission is
- * complete.
- *
- * This is safe for our RPC services because the memory backing
- * the head and tail components is never kmalloc'd. These always
- * come from pages in the svc_rqst::rq_pages array.
  */
 static int svc_tcp_sendmsg(struct svc_sock *svsk, struct svc_rqst *rqstp,
 			   rpc_fraghdr marker, unsigned int *sentp)
@@ -1254,6 +1245,7 @@ static int svc_tcp_sendmsg(struct svc_sock *svsk, struct svc_rqst *rqstp,
 	iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, rqstp->rq_bvec,
 		      1 + count, sizeof(marker) + rqstp->rq_res.len);
 	ret = sock_sendmsg(svsk->sk_sock, &msg);
+	page_frag_free(buf);
 	if (ret < 0)
 		return ret;
 	*sentp += ret;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux