Re: [PATCH] mm/page_alloc: free allocated PFNs if the range does not match
From: Andrew Morton
Date: Mon Jun 29 2026 - 22:06:32 EST
On Mon, 29 Jun 2026 21:35:33 -0400 Zi Yan <ziy@xxxxxxxxxx> wrote:
> When using __GFP_COMP in alloc_contig_frozen_range(), if the allocated
> range does not match the requested one, the code errors out with EINVAL
> without freeing the allocated PFNs and causes free page leaks. Fix it by
> calling release_free_list() in the error path.
>
> The issue is reported by Sashiko[1].
>
> --- a/mm/compaction.c
> +++ b/mm/compaction.c
> @@ -88,7 +88,7 @@ static struct page *mark_allocated_noprof(struct page *page, unsigned int order,
> }
> #define mark_allocated(...) alloc_hooks(mark_allocated_noprof(__VA_ARGS__))
>
> -static unsigned long release_free_list(struct list_head *freepages)
> +unsigned long release_free_list(struct list_head *freepages)
> {
> int order;
> unsigned long high_pfn = 0;
>
> ...
>
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -7235,9 +7235,11 @@ int alloc_contig_frozen_range_noprof(unsigned long start, unsigned long end,
> check_new_pages(head, order);
> prep_new_page(head, order, gfp_mask, 0);
> } else {
> + release_free_list(cc.freepages);
I wonder if there's a Kconfig combination which results in this being
undefined.
I couldn't immediately find such a combination. No doubt we'll be told
if there is one ;)