On Tue, Oct 26, 2021 at 05:38:14PM +0000, Pasha Tatashin wrote:
It is hard to root cause _refcount problems, because they usually manifest after the damage has occurred. Yet, they can lead to catastrophic failures such memory corruptions. Improve debugability by adding more checks that ensure that page->_refcount never turns negative (i.e. double free does not happen, or free after freeze etc). - Check for overflow and underflow right from the functions that modify _refcount - Remove set_page_count(), so we do not unconditionally overwrite _refcount with an unrestrained value - Trace return values in all functions that modify _refcount
I think this is overkill. Won't we get exactly the same protection by simply testing that page->_refcount == 0 in set_page_count()? Anything which triggers that BUG_ON would already be buggy because it can race with speculative gets.
