On Wed, Aug 4, 2021 at 8:22 AM Kirill A. Shutemov <kirill@xxxxxxxxxxxxx> wrote:
>
> On Sat, Jul 31, 2021 at 12:39:37AM -0600, Yu Zhao wrote:
> > @@ -2506,6 +2508,25 @@ static void __split_huge_page(struct page *page, struct list_head *list,
> > continue;
> > unlock_page(subpage);
> >
> > + /*
> > + * If a tail page has only two references left, one inherited
> > + * from the isolation of its head and the other from
> > + * lru_add_page_tail() which we are about to drop, it means this
> > + * tail page was concurrently zapped. Then we can safely free it
> > + * and save page reclaim or migration the trouble of trying it.
> > + */
> > + if (list && page_ref_freeze(subpage, 2)) {
> > + VM_BUG_ON_PAGE(PageLRU(subpage), subpage);
> > + VM_BUG_ON_PAGE(PageCompound(subpage), subpage);
> > + VM_BUG_ON_PAGE(page_mapped(subpage), subpage);
> > +
> > + ClearPageActive(subpage);
> > + ClearPageUnevictable(subpage);
>
> Why touch PG_Active/PG_Unevictable?
Subpages may inherit these flags from their isolated head. Page
reclaim doesn't isolate active or unevictable. But migration does. If
we don't clear them here, we'll hit bad_page() later because both
flags are included in PAGE_FLAGS_CHECK_AT_FREE. Does it make sense?
Thanks.
