From: Penny Zheng Date: Tue, 16 Aug 2022 02:36:52 +0000 (+0800) Subject: xen: do not merge reserved pages in free_heap_pages() X-Git-Tag: archive/raspbian/4.17.0-1+rpi1^2~33^2~264 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=7d3f8a2a26f2fd9c4d830820b8ad68af4e91f409;p=xen.git xen: do not merge reserved pages in free_heap_pages() The code in free_heap_pages() will try to merge pages with the successor/predecessor if pages are suitably aligned. So if the pages reserved are right next to the pages given to the heap allocator, free_heap_pages() will merge them, and give the reserved pages to heap allocator accidentally as a result. So in order to avoid the above scenario, this commit updates free_heap_pages() to check whether the predecessor and/or successor has PGC_static set, when trying to merge the about-to-be-freed chunk with the predecessor and/or successor. Suggested-by: Julien Grall Signed-off-by: Penny Zheng Reviewed-by: Jan Beulich Reviewed-by: Julien Grall --- diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 00fa24e330..bfd4150be7 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1483,6 +1483,7 @@ static void free_heap_pages( /* Merge with predecessor block? */ if ( !mfn_valid(page_to_mfn(predecessor)) || !page_state_is(predecessor, free) || + (predecessor->count_info & PGC_static) || (PFN_ORDER(predecessor) != order) || (phys_to_nid(page_to_maddr(predecessor)) != node) ) break; @@ -1506,6 +1507,7 @@ static void free_heap_pages( /* Merge with successor block? */ if ( !mfn_valid(page_to_mfn(successor)) || !page_state_is(successor, free) || + (successor->count_info & PGC_static) || (PFN_ORDER(successor) != order) || (phys_to_nid(page_to_maddr(successor)) != node) ) break;