Re: [PATCH splitout] virtio_balloon: disable indirect descriptors

Mon, 15 Jun 2026 09:20:01 -0700 

On 6/9/26 18:33, Michael S. Tsirkin wrote:
> The page reporting callback submits an sg list to the reporting
> virtqueue.  With VIRTIO_RING_F_INDIRECT_DESC negotiated and
> total_sg > 1 (which it typically is), virtqueue_add reports it to the
> host by allocating an indirect descriptor via kmalloc(GFP_KERNEL).
> 
> This is not pretty: the reporting worker isolates potentially hundreds
> of MB of free pages from the buddy allocator (reported pages are at
> least pageblock_order, and the sg can contain up to
> PAGE_REPORTING_CAPACITY entries of varying orders).  As the result, at
> least in theory, the kmalloc might trigger OOM when we have in fact a
> ton of free memory.

Very theoretical, given that we isolate large pageblocks and the kmalloc would
just need likely a single page. But yeah, avodiing to allocate memory where
possible on these paths makes sense I guess.

> 
> Clear VIRTIO_RING_F_INDIRECT_DESC, to avoid using indirect descriptors.
> 
> Fixes: b0c504f15471 ("virtio-balloon: add support for providing free page 
> reports to host")
> Signed-off-by: Michael S. Tsirkin <[email protected]>
> Assisted-by: Claude:claude-opus-4-6
> ---
>  drivers/virtio/virtio_balloon.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
> index 53b4a3984e7d..6698edb61474 100644
> --- a/drivers/virtio/virtio_balloon.c
> +++ b/drivers/virtio/virtio_balloon.c
> @@ -7,6 +7,7 @@
>   */
>  
>  #include <linux/virtio.h>
> +#include <uapi/linux/virtio_ring.h>
>  #include <linux/virtio_balloon.h>
>  #include <linux/swap.h>
>  #include <linux/workqueue.h>
> @@ -1175,6 +1176,11 @@ static int virtballoon_validate(struct virtio_device 
> *vdev)
>       else if (!virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON))
>               __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_REPORTING);
>  
> +     /*
> +      * Disable indirect descriptors to avoid memory allocation in
> +      * virtqueue_add during page reporting.
> +      */
> +     __virtio_clear_bit(vdev, VIRTIO_RING_F_INDIRECT_DESC);


Acked-by: David Hildenbrand (Arm) <[email protected]>


-- 
Cheers,

David

Reply via email to