On Tue, Mar 12, 2024 at 02:17:01PM +0100, David Hildenbrand wrote:
> On 12.03.24 04:50, Matthew Wilcox (Oracle) wrote:
> > +++ b/mm/page_alloc.c
> > @@ -1006,10 +1006,11 @@ static int free_tail_page_prepare(struct page *head_page, struct page *page)
> > }
> > break;
> > case 2:
> > - /*
> > - * the second tail page: ->mapping is
> > - * deferred_list.next -- ignore value.
> > - */
> > + /* the second tail page: deferred_list overlaps ->mapping */
> > + if (unlikely(!list_empty(&folio->_deferred_list))) {
> > + bad_page(page, "on deferred list");
> > + goto out;
> > + }
>
> IIRC, hugetlb might overwrite this with _hugetlb_subpool? Isn't that a
> problem we have to handle?
Ah yes, you're right. I think this should do the trick?
+++ b/mm/hugetlb.c
@@ -1796,6 +1796,7 @@ static void __update_and_free_hugetlb_folio(struct hstate *h,
destroy_compound_gigantic_folio(folio, huge_page_order(h));
free_gigantic_folio(folio, huge_page_order(h));
} else {
+ INIT_LIST_HEAD(&folio->_deferred_list);
__free_pages(&folio->page, huge_page_order(h));
}
}
(that should also be a folio_put(), IMO)
