On Tue, Feb 24, 2026 at 09:32:01AM +0100, Jiri Pirko wrote:

...

Should there be some global list of leaked decrypted pages such that the mm subsystem could try again later to recover these?

swiotlb does the same non-recovery leakage. I belive is it not worth implementing this at this time,

Yeah, I agree

Looking at the callers the purpose of the return code is to trigger the memory leak because there is no way to recover from this. We have no idea when in future the hypervisor might permit the operation and we have no way to keep track of the memory until it does.

It is not a great API design at all, it only makes sense from the hypervisor perspective where it can run out of memory trying to do these changes..

Jason