|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] xen/page_alloc: verify buddy alignment in reserve_offlined_page()
commit 71c6a623176638f32cac816522864bed3cf28000
Author: Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx>
AuthorDate: Fri Jun 5 10:08:22 2026 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Jun 5 10:08:22 2026 +0200
xen/page_alloc: verify buddy alignment in reserve_offlined_page()
reserve_offlined_page() fails to verify alignment when growing
buddies around offlined pages. Consequently, misaligned buddies
may be constructed from non-offlined page ranges and returned to
the free lists.
After a particular sequence of allocations and frees, pages
from such a misaligned buddy may be allocated more than once,
eventually triggering a Xen BUG() in alloc_heap_pages().
Fixes: e4865c2315 ('Page offline support in Xen side')
Signed-off-by: Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
---
xen/common/page_alloc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 2c4ff2c34c..2767376a71 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -1202,6 +1202,11 @@ static int reserve_offlined_page(struct page_info *head)
if ( (cur_head + (1 << next_order)) >= (head + ( 1 << head_order))
)
goto merge;
+ /* Do not grow to next_order if cur_head is not aligned to it. */
+ if ( mfn_x(page_to_mfn(cur_head)) & (1UL << cur_order) )
+ goto merge;
+
+ /* Check for offlined pages in upper half of next_order range. */
for ( i = (1 << cur_order), pg = cur_head + (1 << cur_order );
i < (1 << next_order);
i++, pg++ )
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |