From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8C431CD6E68 for ; Thu, 4 Jun 2026 09:43:47 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.1327563.1592396 (Exim 4.92) (envelope-from ) id 1wV4bg-0004KE-Bo; Thu, 04 Jun 2026 09:43:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1327563.1592396; Thu, 04 Jun 2026 09:43:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wV4bg-0004K6-66; Thu, 04 Jun 2026 09:43:20 +0000 Received: by outflank-mailman (input) for mailman id 1327563; Thu, 04 Jun 2026 09:43:19 +0000 Received: from mx.expurgate.net ([194.145.224.20]) by lists.xenproject.org with esmtp (Exim 4.92) id 1wV4bf-0004K0-Dn for xen-devel@lists.xenproject.org; Thu, 04 Jun 2026 09:43:19 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wV4be-009jD4-N3 for xen-devel@lists.xenproject.org; Thu, 04 Jun 2026 11:43:18 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a2148b2-5cb7-0a2a0a5109dd-0a2a4505a642-10 for ; Thu, 04 Jun 2026 11:43:18 +0200 Received: from [209.85.128.52] (helo=mail-wm1-f52.google.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a2148b6-aaa8-0a2a45050019-d1558034d0c7-3 for ; Thu, 04 Jun 2026 11:43:18 +0200 Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4903d730b1fso5321885e9.2 for ; Thu, 04 Jun 2026 02:43:18 -0700 (PDT) Received: from [192.168.1.6] (user-109-243-148-111.play-internet.pl. [109.243.148.111]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f3529e0sm14937855f8f.28.2026.06.04.02.43.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Jun 2026 02:43:16 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:In-Reply-To:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780566198; x=1781170998; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=RbOAcJp2nqPFni4qEom1A6eLui9QB8SNcMm42yDoNEU=; b=ron1bsGrLcNR7OTHqs8mED9fu5ALQH+5EMdnBhIy2FjczP/cdTIQp1k/Yq9hfJ/gDn xlWlDwjEJU68qoZNzq0lAh7cSlC6t/QUjlzVrGqDcONhuoUinVu/fOiOSnw+82dV7U7D 2zGiAw9LS6lzzNQbM4SCcqWQPZyfRwczO9LLr3n3cWINvqY9VzJ0U+BO4rw/c62ZO3c3 86YAzmsTV7qK1/aq3ZN/I072zIuSlAKRbOaO8iGEsd1TNXHcNFiUJhm5jDJNuOScSaql qUydICnOt8w9mSV9qzpi0SawLl6jl5qnyPzHJlntcBbWwb4bLUfg77ajQHiIdW4exXEP vtUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780566198; x=1781170998; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RbOAcJp2nqPFni4qEom1A6eLui9QB8SNcMm42yDoNEU=; b=M0AIHfwjgZpe0MVvmtP270jAb237FsBbN4efhSOZi5106/Ap1sY1Jpb3YjA218ilLX bK2BWQEchRCQOHxaj9MoXGH56gmQnD11aYHgWQteMseYako1sXVVTZ1AQAG3CP1i1JAl 3ebO7Xp0v3cBgfISxyXZhqM6iJGNPZDjQ9ZfiPyEcYNP/soDF1OvPLg0tCdWszQBs0zh mWwvRIoylB1s5eIuQJOGIj7LfWQSD9/raL+VVc31LoxOdEiMt/RsBahjDQpICIWT6YoS egKzDKoQNLD1LsYq9r58PKmjeDvTE65dIrx/cJ2CLtAaeO8lPO0ihYX/0Kzg5xOQGxrf M8HA== X-Forwarded-Encrypted: i=1; AFNElJ8AZwoeygzzlZXPKkPoyVM3lKShq6A9gfJ51tcalieGz8eZmqpdzO2Mk3wfd1+pzrexeAMHdiW67zs=@lists.xenproject.org X-Gm-Message-State: AOJu0YxSLtCFy8ciuTufCGrJuO3UOncW6G77ezu9gO/PSrhlWrorV1+7 e1GuUIeIO4byUKB1P+QGQ0RCdwYrCxKVsYTl97uVf4vuyI3W+L32znSv X-Gm-Gg: Acq92OFRYNOZDIwMM6+jxQ2su26LaHsCYrU4kIHQkV00MRZ4UW80j5E12mzSmErZBFh 6g1/IBRvL4YH5b8RM1kC+vGxmo7MwZRK4l50JMUoOarusJCWhEnFTxD5oUMtcX469nI67HSKMh7 DyiPCK9v3ahhnxuJpsnbtNkS3ZbtpfIk3M6LkgD9/1mYV0CPP9Y/Ks/eW+HG3Rxg8jKZBCFwC3a JJmB+9Kp3dW18E0CJN+s9ac6/vZEq9zw59kG1WUvP8vIh6KYanlbEJ9HJ1623SUZmGczh+XnXZV inL4g+bdFlD4zRn7vwv5V11LTDKVbhH0opjike8ZUpXhUhFyF0OE7USK22RuC5physp1F1meFUw lbxeOQytey9ULupFqnvIjiqoh7AzaYiPBqp7iDKv6X0XgKQjpG3gAHP3MzCS3SeKbE88IBMITYl zLljndcykyf7jpBf23nUvhyFpfqiWw13K7LI+ke9Mnm6HUiUprDpbhKIehKg7zhC2EqS5/RQWDC uUeyhJSw66urtLP X-Received: by 2002:a05:600c:3490:b0:48a:7a10:4f17 with SMTP id 5b1f17b1804b1-490b5e732f4mr109464735e9.6.1780566197719; Thu, 04 Jun 2026 02:43:17 -0700 (PDT) Message-ID: Date: Thu, 4 Jun 2026 11:43:15 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 1/2] xen/page_alloc: verify buddy alignment in reserve_offlined_page() To: Jan Beulich Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Julien Grall , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= , Stefano Stabellini , xen-devel@lists.xenproject.org, Bernhard Kaindl References: <6eaed95df4e5cb369a91281051ca9b5a2be564f9.1780495548.git.bernhard.kaindl@citrix.com> Content-Language: en-US From: Oleksii Kurochko In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-purgate-ID: tlsNG-c201ff/1780566198-DB36C443-0979016E/10/73395122804 X-purgate-type: spam X-purgate-size: 2457 On 6/3/26 4:30 PM, Jan Beulich wrote: > On 03.06.2026 16:17, Bernhard Kaindl wrote: >> reserve_offlined_page() fails to verify alignment when growing >> buddies around offlined pages. Consequently, misaligned buddies >> may be constructed from non-offlined page ranges and returned to >> the free lists. >> >> After a particular sequence of allocations and frees, pages >> from such a misaligned buddy may be allocated more than once, >> eventually triggering a Xen BUG() in alloc_heap_pages(). >> >> Fixes: e4865c2315 ('Page offline support in Xen side') >> Signed-off-by: Bernhard Kaindl >> Reviewed-by: Jan Beulich > > Oleksii, thoughts towards 4.22? I've waited for v2 of this patch series to R-Ack, I see patches separately but they aren't grouped into one patch series for some reason. Release-Acked-by: Oleksii Kurochko ~ Oleksii > > Jan > >> --- >> v2: >> - Updated the title for clarity. >> - Bugfix isolated from the test case for backporting. >> - Removed excess parentheses from the alignment check if() expression. >> - Simplified the alignment check to use '& (1UL << cur_order)'. Because >> the covering buddy head is size-aligned, cur_head is also aligned to >> cur_order, making this reduction safe (verified against extended tests). >> - Updated the inline code comment to accurately state that only the upper >> half of the next_order range is checked for offlined pages. >> --- >> xen/common/page_alloc.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c >> index 2c4ff2c34c70..2767376a710b 100644 >> --- a/xen/common/page_alloc.c >> +++ b/xen/common/page_alloc.c >> @@ -1202,6 +1202,11 @@ static int reserve_offlined_page(struct page_info *head) >> if ( (cur_head + (1 << next_order)) >= (head + ( 1 << head_order)) ) >> goto merge; >> >> + /* Do not grow to next_order if cur_head is not aligned to it. */ >> + if ( mfn_x(page_to_mfn(cur_head)) & (1UL << cur_order) ) >> + goto merge; >> + >> + /* Check for offlined pages in upper half of next_order range. */ >> for ( i = (1 << cur_order), pg = cur_head + (1 << cur_order ); >> i < (1 << next_order); >> i++, pg++ ) >