[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 1/3] x86/ioreq: Add missing put_page_alloc_ref(page)

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: "Julian Vetter" <julian.vetter@xxxxxxxxxx>
Date: Mon, 16 Feb 2026 13:43:57 +0000
Cc: "Jan Beulich" <jbeulich@xxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Roger Pau Monné" <roger.pau@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, "Michal Orzel" <michal.orzel@xxxxxxx>, "Julien Grall" <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, "Julian Vetter" <julian.vetter@xxxxxxxxxx>
Delivery-date: Mon, 16 Feb 2026 13:44:07 +0000
Feedback-id: 30504962:30504962.20260216:md
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The page was allocated with MEMF_no_refcount. The MEMF_no_refcount flag
means the page is allocated without a regular reference, but it still
has the allocation reference. If get_page_and_type() fails, we still
need to release the allocation reference. Otherwise the page would leak.
domain_crash() doesn't free individual pages; it just marks the domain
for destruction. The domain teardown will eventually free domain heap
pages, but only those it can find. A page with a dangling alloc ref
would prevent the page from being fully freed during domain cleanup.

Signed-off-by: Julian Vetter <julian.vetter@xxxxxxxxxx>
---
Changes in v2:
- New patch
---
 xen/common/ioreq.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c
index f5fd30ce12..5d722c8d4e 100644
--- a/xen/common/ioreq.c
+++ b/xen/common/ioreq.c
@@ -287,6 +287,7 @@ static int ioreq_server_alloc_mfn(struct ioreq_server *s, 
bool buf)
          * The domain can't possibly know about this page yet, so failure
          * here is a clear indication of something fishy going on.
          */
+        put_page_alloc_ref(page);
         domain_crash(s->emulator);
         return -ENODATA;
     }
-- 
2.51.0



--
Julian Vetter | Vates Hypervisor & Kernel Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

Follow-Ups:
- Re: [PATCH v2 1/3] x86/ioreq: Add missing put_page_alloc_ref(page)
  - From: Jan Beulich

References:
- [PATCH v2 0/3] x86/ioreq: Extend ioreq server to support multiple ioreq pages
  - From: Julian Vetter

Prev by Date: Re: [PATCH v3 2/2] x86/svm: Use the virtual NMI when available
Next by Date: [PATCH v2 2/3] x86/ioreq: Prepare spacing for upcoming patch
Previous by thread: [PATCH v2 0/3] x86/ioreq: Extend ioreq server to support multiple ioreq pages
Next by thread: Re: [PATCH v2 1/3] x86/ioreq: Add missing put_page_alloc_ref(page)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.