x86/xen: fix balloon target initialization for PVH dom0

commit 87af633689ce16ddb166c80f32b120e50b1295de upstream.

PVH dom0 re-uses logic from PV dom0, in which RAM ranges not assigned to
dom0 are re-used as scratch memory to map foreign and grant pages.  Such
logic relies on reporting those unpopulated ranges as RAM to Linux, and
mark them as reserved.  This way Linux creates the underlying page
structures required for metadata management.

Such approach works fine on PV because the initial balloon target is
calculated using specific Xen data, that doesn't take into account the
memory type changes described above.  However on HVM and PVH the initial
balloon target is calculated using get_num_physpages(), and that function
does take into account the unpopulated RAM regions used as scratch space
for remote domain mappings.

This leads to PVH dom0 having an incorrect initial balloon target, which
causes malfunction (excessive memory freeing) of the balloon driver if the
dom0 memory target is later adjusted from the toolstack.

Fix this by using xen_released_pages to account for any pages that are part
of the memory map, but are already unpopulated when the balloon driver is
initialized.  This accounts for any regions used for scratch remote
mappings.  Note on x86 xen_released_pages definition is moved to
enlighten.c so it's uniformly available for all Xen-enabled builds.

Take the opportunity to unify PV with PVH/HVM guests regarding the usage of
get_num_physpages(), as that avoids having to add different logic for PV vs
PVH in both balloon_add_regions() and arch_xen_unpopulated_init().

Much like a6aa4eb994ee, the code in this changeset should have been part of
38620fc4e893.

Fixes: a6aa4eb994ee ('xen/x86: add extra pages to unpopulated-alloc if available')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Message-ID: <20250407082838.65495-1-roger.pau@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 0219f1c90202df22668933942d8c45d5639decd8..638de313fc4ed53fed1f0297c4727dfbf814565b 100644 (file)
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -75,6 +75,9 @@ EXPORT_SYMBOL(xen_start_flags);
  */
 struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info;
 
+/* Number of pages released from the initial allocation. */
+unsigned long xen_released_pages;
+
 static __ref void xen_get_vendor(void)
 {
        init_cpu_devs();
@@ -471,6 +474,13 @@ int __init arch_xen_unpopulated_init(struct resource **res)
                        xen_free_unpopulated_pages(1, &pg);
                }
 
+               /*
+                * Account for the region being in the physmap but unpopulated.
+                * The value in xen_released_pages is used by the balloon
+                * driver to know how much of the physmap is unpopulated and
+                * set an accurate initial memory target.
+                */
+               xen_released_pages += xen_extra_mem[i].n_pfns;
                /* Zero so region is not also added to the balloon driver. */
                xen_extra_mem[i].n_pfns = 0;
        }

diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index dc822124cacb9c8bef31971fb1de796f9556f4e9..ec3ffb94807d3a51d8d2ebc1190a917d5d48e27e 100644 (file)
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -38,9 +38,6 @@
 
 #define GB(x) ((uint64_t)(x) * 1024 * 1024 * 1024)
 
-/* Number of pages released from the initial allocation. */
-unsigned long xen_released_pages;
-
 /* Memory map would allow PCI passthrough. */
 bool xen_pv_pci_possible;
 

diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
index db61bcb3aab1765cbec3a0be768b83299c544ac0..b0b52fa8fba6da25b4c14e4550a1ec622e319701 100644 (file)
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -671,7 +671,7 @@ void xen_free_ballooned_pages(unsigned int nr_pages, struct page **pages)
 }
 EXPORT_SYMBOL(xen_free_ballooned_pages);
 
-static void __init balloon_add_regions(void)
+static int __init balloon_add_regions(void)
 {
        unsigned long start_pfn, pages;
        unsigned long pfn, extra_pfn_end;
@@ -694,26 +694,38 @@ static void __init balloon_add_regions(void)
                for (pfn = start_pfn; pfn < extra_pfn_end; pfn++)
                        balloon_append(pfn_to_page(pfn));
 
-               balloon_stats.total_pages += extra_pfn_end - start_pfn;
+               /*
+                * Extra regions are accounted for in the physmap, but need
+                * decreasing from current_pages to balloon down the initial
+                * allocation, because they are already accounted for in
+                * total_pages.
+                */
+               if (extra_pfn_end - start_pfn >= balloon_stats.current_pages) {
+                       WARN(1, "Extra pages underflow current target");
+                       return -ERANGE;
+               }
+               balloon_stats.current_pages -= extra_pfn_end - start_pfn;
        }
+
+       return 0;
 }
 
 static int __init balloon_init(void)
 {
        struct task_struct *task;
+       int rc;
 
        if (!xen_domain())
                return -ENODEV;
 
        pr_info("Initialising balloon driver\n");
 
-#ifdef CONFIG_XEN_PV
-       balloon_stats.current_pages = xen_pv_domain()
-               ? min(xen_start_info->nr_pages - xen_released_pages, max_pfn)
-               : get_num_physpages();
-#else
-       balloon_stats.current_pages = get_num_physpages();
-#endif
+       if (xen_released_pages >= get_num_physpages()) {
+               WARN(1, "Released pages underflow current target");
+               return -ERANGE;
+       }
+
+       balloon_stats.current_pages = get_num_physpages() - xen_released_pages;
        balloon_stats.target_pages  = balloon_stats.current_pages;
        balloon_stats.balloon_low   = 0;
        balloon_stats.balloon_high  = 0;
@@ -730,7 +742,9 @@ static int __init balloon_init(void)
        register_sysctl_init("xen/balloon", balloon_table);
 #endif
 
-       balloon_add_regions();
+       rc = balloon_add_regions();
+       if (rc)
+               return rc;
 
        task = kthread_run(balloon_thread, NULL, "xen-balloon");
        if (IS_ERR(task)) {