in function rds_cmsg_rdma_args() at net/rds/rdma.c:L546, the variable "iovstack" is an array and the pointer variable *iovs is equal to iovstack (at Line 554). As the the return value of sock_kmalloc() (called at line 578),when "iovs" is NULL, function sock_kfree_s() will be called(at line 697) and function sock_kfree_s() will free "iovs". The related code snippets in function rds_cmsg_rdma_args() are as followings. rds_cmsg_rdma_args() at net/rds/rdma.c:L546 546 int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, 547 struct cmsghdr *cmsg) 548 { 549 struct rds_rdma_args *args; 550 struct rm_rdma_op *op = &rm->rdma; 551 int nr_pages; 552 unsigned int nr_bytes; 553 struct page **pages = NULL; 554 struct rds_iovec iovstack[UIO_FASTIOV], *iovs = iovstack; ... 576 iov_size = args->nr_local * sizeof(struct rds_iovec); 577 if (args->nr_local > UIO_FASTIOV) { 578 iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); 579 if (!iovs) { 580 ret = -ENOMEM; 581 goto out; 582 } 583 } ... 695 out: 696 if (iovs != iovstack) 697 sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); 698 kfree(pages); 699 if (ret) 700 rds_rdma_free_op(op); 701 else 702 rds_stats_inc(s_send_rdma); 703 704 return ret; 705 } Thak you! RUC_Soft_Sec, supported by China.X.Orion
It's best to cc copies of network reports like this to netdev@vger.kernel.org Thanks