[PATCH] nvme: unmap the data buffer when metadata mapping fails
Joel Granados
joel.granados at kernel.org
Wed Jun 17 07:09:57 PDT 2026
On Fri, Jun 12, 2026 at 11:45:26AM +0200, Maurizio Lombardi wrote:
> On Fri Jun 12, 2026 at 11:40 AM CEST, Joel Granados wrote:
> > Commit d0d1d522316e ("blk-map: provide the bdev to bio if one exists")
> > dropped the "bio = req->bio" assignment in nvme_map_user_request(), but
> > left the local bio variable initialized to NULL and still used it in the
> > out_unmap error path. The "if (bio)" test is therefore always false, so
> > a failure of blk_rq_integrity_map_user() no longer unmaps the already
> > mapped data buffer. The callers only call blk_mq_free_request(), which
> > does not unmap user pages, leaking the bio and its pinned user pages.
> >
> > Use req->bio directly to unmap the data buffer on the error path, and
> > drop the now unused local variable.
> >
> > Fixes: d0d1d522316e ("blk-map: provide the bdev to bio if one exists")
> >
> > Signed-off-by: Joel Granados <joel.granados at kernel.org>
> > ---
> > Did we forget to unmap?
> > ---
>
> Isn't this already fixed in mainline tree?
That is indeed the case. I must have been looking at an outdated state.
Sorry for the noise.
Best
>
> 2279cd9c61a330e5 ("nvme: fix bio leak on mapping failure")
>
> Maurizio
>
--
Joel Granados
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20260617/1eb55a9b/attachment.sig>
More information about the Linux-nvme
mailing list