1. Patchew
  2. linux
  3. View series

[PATCH] kho: free already restored pages when kho_restore_vmalloc() fails

Pratyush Yadav posted 1 patch 1 week, 6 days ago 
kernel/liveupdate/kexec_handover.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
[PATCH] kho: free already restored pages when kho_restore_vmalloc() fails
Posted by Pratyush Yadav 1 week, 6 days ago 
When kho_restore_vmalloc() fails, it frees up the pages array, but not
the pages it contains. These are the pages that were successfully
restored using kho_restore_pages(). If the failure happens when
restoring the pages, the ones successfully restored are leaked. If the
failure happens when allocating the vm_area or when mapping the pages,
all the pages of the preserved vmalloc buffer are leaked.

Free all of the successfully restored pages before returning error.

Fixes: a667300bd53f2 ("kho: add support for preserving vmalloc allocations")
Signed-off-by: Pratyush Yadav <pratyush@kernel.org>
---
 kernel/liveupdate/kexec_handover.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
index 224bdf5becb68..515339fa526e0 100644
--- a/kernel/liveupdate/kexec_handover.c
+++ b/kernel/liveupdate/kexec_handover.c
@@ -1088,11 +1088,11 @@ void *kho_restore_vmalloc(const struct kho_vmalloc *preservation)
 			phys_addr_t phys = chunk->phys[i];
 
 			if (idx + contig_pages > total_pages)
-				goto err_free_pages_array;
+				goto err_free_pages;
 
 			page = kho_restore_pages(phys, contig_pages);
 			if (!page)
-				goto err_free_pages_array;
+				goto err_free_pages;
 
 			for (int j = 0; j < contig_pages; j++)
 				pages[idx++] = page;
@@ -1102,20 +1102,20 @@ void *kho_restore_vmalloc(const struct kho_vmalloc *preservation)
 
 		page = kho_restore_pages(virt_to_phys(chunk), 1);
 		if (!page)
-			goto err_free_pages_array;
+			goto err_free_pages;
 		chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
 		__free_page(page);
 	}
 
 	if (idx != total_pages)
-		goto err_free_pages_array;
+		goto err_free_pages;
 
 	area = __get_vm_area_node(total_pages * PAGE_SIZE, align, shift,
 				  vm_flags, VMALLOC_START, VMALLOC_END,
 				  NUMA_NO_NODE, GFP_KERNEL,
 				  __builtin_return_address(0));
 	if (!area)
-		goto err_free_pages_array;
+		goto err_free_pages;
 
 	addr = (unsigned long)area->addr;
 	size = get_vm_area_size(area);
@@ -1130,7 +1130,10 @@ void *kho_restore_vmalloc(const struct kho_vmalloc *preservation)
 
 err_free_vm_area:
 	free_vm_area(area);
-err_free_pages_array:
+err_free_pages:
+	for (int i = 0; i < idx; i++)
+		__free_page(pages[i]);
+
 	kvfree(pages);
 	return NULL;
 }

base-commit: f0bfdc2b69f5c600b88ee484c01b213712c63d94
prerequisite-patch-id: f54df1de9bdcb4fe396940cdcc578f5adcc9397c
-- 
2.47.3
Re: [PATCH] kho: free already restored pages when kho_restore_vmalloc() fails
Posted by Pasha Tatashin 1 week, 6 days ago 
> When kho_restore_vmalloc() fails, it frees up the pages array, but not
> the pages it contains. These are the pages that were successfully
> restored using kho_restore_pages(). If the failure happens when
> restoring the pages, the ones successfully restored are leaked. If the
> failure happens when allocating the vm_area or when mapping the pages,
> all the pages of the preserved vmalloc buffer are leaked.

Hm, I am not sure if KHO should be responsible for freeing the
restored pages. We don't know the content of those pages, and what
they are used for. They could be used by a hypervisor or a device.
Therefore, it may be better to keep them leaked, and let the caller
decide what to do next: i.e., boot into a maintenance mode, crash the
kernel, or allow the leak until the next reboot.

Pasha
Re: [PATCH] kho: free already restored pages when kho_restore_vmalloc() fails
Posted by Pratyush Yadav 1 week, 4 days ago 
On Tue, Nov 18 2025, Pasha Tatashin wrote:

>> When kho_restore_vmalloc() fails, it frees up the pages array, but not
>> the pages it contains. These are the pages that were successfully
>> restored using kho_restore_pages(). If the failure happens when
>> restoring the pages, the ones successfully restored are leaked. If the
>> failure happens when allocating the vm_area or when mapping the pages,
>> all the pages of the preserved vmalloc buffer are leaked.
>
> Hm, I am not sure if KHO should be responsible for freeing the
> restored pages. We don't know the content of those pages, and what
> they are used for. They could be used by a hypervisor or a device.
> Therefore, it may be better to keep them leaked, and let the caller
> decide what to do next: i.e., boot into a maintenance mode, crash the
> kernel, or allow the leak until the next reboot.

Hmm, fair point. This patch can be ignored then.

-- 
Regards,
Pratyush Yadav

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.