[PATCH v2] nvmet-tcp: fix page fragment cache leak in error path
Keith Busch
kbusch at kernel.org
Wed May 27 07:17:46 PDT 2026
On Tue, May 26, 2026 at 05:22:22PM +0800, Geliang Tang wrote:
> From: Geliang Tang <tanggeliang at kylinos.cn>
>
> In nvmet_tcp_alloc_queue(), when a connection is closed during the
> allocation process (e.g., nvmet_tcp_set_queue_sock() returns -ENOTCONN),
> the error handling jumps to out_destroy_sq and then to out_ida_remove
> without draining the page fragment cache.
>
> Although nvmet_tcp_free_cmd() is called in some error paths to release
> individual page fragments, the underlying page cache reference held by
> queue->pf_cache is never released. The first allocation using pf_cache
> is the call to nvmet_tcp_alloc_cmd() for queue->connect, which happens
> after ida_alloc() returns successfully. This results in a page leak each
> time a connection fails during allocation, which could lead to memory
> exhaustion over time if connections are repeatedly opened and closed.
>
> Fix this by calling page_frag_cache_drain() before freeing the queue
> structure in the out_ida_remove label.
Thanks, applied to nvme-7.2 with the fixed up comment style suggestion.
More information about the Linux-nvme
mailing list