On Tue, Oct 26, 2021 at 05:38:14PM +0000, Pasha Tatashin wrote: > It is hard to root cause _refcount problems, because they usually > manifest after the damage has occurred. Yet, they can lead to > catastrophic failures such memory corruptions. > > Improve debugability by adding more checks that ensure that > page->_refcount never turns negative (i.e. double free does not > happen, or free after freeze etc). > > - Check for overflow and underflow right from the functions that > modify _refcount > - Remove set_page_count(), so we do not unconditionally overwrite > _refcount with an unrestrained value > - Trace return values in all functions that modify _refcount I think this is overkill. Won't we get exactly the same protection by simply testing that page->_refcount == 0 in set_page_count()? Anything which triggers that BUG_ON would already be buggy because it can race with speculative gets.
