Re: [PATCH v2 03/31] x86/virt/tdx: Add tdx_page_array helpers for new TDX Module objects

Next message: Pedro Falcato: "Re: [PATCH v2] tools/testing/selftests: add merge test for partial msealed range"
Previous message: Muhammad Usama Anjum: "Re: [PATCH v4 1/3] mm/page_alloc: Optimize free_contig_range()"
In reply to: Nikolay Borisov: "Re: [PATCH v2 03/31] x86/virt/tdx: Add tdx_page_array helpers for new TDX Module objects"
Next in thread: Xu Yilun: "[PATCH v2 04/31] x86/virt/tdx: Support allocating contiguous pages for tdx_page_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yilun

Date: Tue Mar 31 2026 - 10:01:00 EST

On Mon, Mar 30, 2026 at 04:31:43PM +0300, Nikolay Borisov wrote:
>
>
> On 27.03.26 г. 18:01 ч., Xu Yilun wrote:
> <snip>
>
> > +/**
> > + * tdx_page_array_ctrl_leak() - Leak data pages and free the container
> > + * @array: The tdx_page_array to be leaked.
> > + *
> > + * Call this function when failed to reclaim the control pages. Free the root
> > + * page and the holding structures, but orphan the data pages, to prevent the
> > + * host from re-allocating and accessing memory that the hardware may still
> > + * consider private.
> > + */
> > +void tdx_page_array_ctrl_leak(struct tdx_page_array *array)
> > +{
> > + if (!array)
> > + return;
> > +
> > + kfree(array->pages);
> > + kfree(array->root);
> > + kfree(array);
> > +}
> > +EXPORT_SYMBOL_GPL(tdx_page_array_ctrl_leak);
>
> This instantly raises a red flag if by design an API has the ability to

OK. With the discussion in this thread, I tend to remove this leak API.

> simply leak memory. Under what conditions this might be required, can't we
> do something to gracefully handle the case when pages cannot be freed
> instantly, i.e queued freeing or some such ? Simply leaking them is a big
> NO.

It was intended to be called when failing to reclaim pages from secure
firmware, maybe because of firmware bug. In this case kernel has no idea
what to do. Leaking is a last resort here, don't expect things still work.