Xen project Mailing List

[PATCH 2/6] xen/dt-overlay: fix rangeset leak and dead code in domctl path

From: Michal Orzel <michal.orzel@xxxxxxx>

Date: Wed, 15 Apr 2026 13:36:56 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EZfueW+bKtEtsepdRhebqYHJ0nLM0ZVvpZlJIzZj62s=; b=lEaXK0HisMtgZXPLUUFLrynEtYWUmG0WKOV0n4wsrI0XfBw6r1suvNRQ+RQZtofWWwswN6BTa56+qRHveSwRVcG4EbprDDVOffiblIp6qIHbLstJMGvfE73Qi/ppIZTD2gG8loUFpwmtCz1XCGZi+l4k5AmJgZm0kpSVTXdkANs9SlnrBfRN6lq88ePzXr3CbIA7Vf2+Pe/mrxrE99Vv+wQXccvB4QEaPXnIDjEC+G0wtsOSh9PCJn/gnNv9C3JLOEDBppgQ6Y1d5baMzTQG0QxRtBpTh9k+BP2YaDQynbO5C3FN6NhO7HtrGHvIfhuE+6/vm1lDYI2wg9UVwW3J9A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eIOVP1pq34duUHo5i2GxCl23UlwJTbMy5nxJphsYdCuqdn5dVU0JNcV4098vB59WAHcF0iABR4g3n7QKCNCECPG9bm5wLfoHjeazfJsI5uCqzps8ZgcTHqObFu5hzsp1oxYu2OUce7vJ7sKTVmHkCQ668T7OH2r6ZaTVy5tRpjTl3R0nGQe5YXZLHv4Pk3yKqsWkHHoDfxD5suCJ8qHGtFRseG4JTMaRqIpzYwvl+4svGX8zscAUG0Df5KBkl7Z0Pan37Z5Sg+BacybO4YUG62XbUC1gZeoWOHiUYHmIkK7Jq8mXt3ZhMrfvSLdN+muHzS4AwraLp6XQI2GKoakALQ==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Cc: Michal Orzel <michal.orzel@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Wed, 15 Apr 2026 11:37:31 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

handle_attach_overlay_nodes() unconditionally creates new rangesets without checking whether they already exist from a prior attach. A repeated attach for the same overlay leaks the original pair. Reject the operation with -EEXIST if rangesets are already present. Also, dt_overlay_domctl() early-returns -EOPNOTSUPP for any operation other than ATTACH, making the if/else at the bottom unreachable. Remove the dead branch. Fixes: 4c733873b5c2 ("xen/arm: Add XEN_DOMCTL_dt_overlay and device attachment to domains") Reported-by: Jan Beulich <jbeulich@xxxxxxxx> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx> --- xen/common/device-tree/dt-overlay.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/common/device-tree/dt-overlay.c b/xen/common/device-tree/dt-overlay.c index 6fa07dbf42a5..3853e6e347fe 100644 --- a/xen/common/device-tree/dt-overlay.c +++ b/xen/common/device-tree/dt-overlay.c @@ -861,6 +861,13 @@ static long handle_attach_overlay_nodes(struct domain *d, goto out; } + if ( entry->irq_ranges || entry->iomem_ranges ) + { + printk(XENLOG_ERR "Overlay is already attached\n"); + spin_unlock(&overlay_lock); + return -EEXIST; + } + entry->irq_ranges = rangeset_new(d, "Overlays: Interrupts", 0); if (entry->irq_ranges == NULL) { @@ -991,10 +998,7 @@ long dt_overlay_domctl(struct domain *d, struct xen_domctl_dt_overlay *op) return -EFAULT; } - if ( op->overlay_op == XEN_DOMCTL_DT_OVERLAY_ATTACH ) - ret = handle_attach_overlay_nodes(d, overlay_fdt, op->overlay_fdt_size); - else - ret = -EOPNOTSUPP; + ret = handle_attach_overlay_nodes(d, overlay_fdt, op->overlay_fdt_size); xfree(overlay_fdt); -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.