From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B2798C6369B
	for <linux-mm@archiver.kernel.org>; Wed, 26 Jan 2022 18:34:42 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 4A63E6B0078; Wed, 26 Jan 2022 13:34:38 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3E5BF6B007E; Wed, 26 Jan 2022 13:34:38 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 05D776B007B; Wed, 26 Jan 2022 13:34:37 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0096.hostedemail.com [216.40.44.96])
	by kanga.kvack.org (Postfix) with ESMTP id E1B116B0078
	for <linux-mm@kvack.org>; Wed, 26 Jan 2022 13:34:37 -0500 (EST)
Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 98CD1181B0495
	for <linux-mm@kvack.org>; Wed, 26 Jan 2022 18:34:37 +0000 (UTC)
X-FDA: 79073288994.14.6CC2410
Received: from mail-qv1-f44.google.com (mail-qv1-f44.google.com [209.85.219.44])
	by imf11.hostedemail.com (Postfix) with ESMTP id 328544002C
	for <linux-mm@kvack.org>; Wed, 26 Jan 2022 18:34:37 +0000 (UTC)
Received: by mail-qv1-f44.google.com with SMTP id d8so644449qvv.2
        for <linux-mm@kvack.org>; Wed, 26 Jan 2022 10:34:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=soleen.com; s=google;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Ie3wyi01fH7CgmQYiqIN+tfxdxDxn1n1+kzHm4Q9RTE=;
        b=Bh400EnOT890ni7sht/44ozXW/6kzxp07ZHx7PHxWuPEpO5UWUblrE8yWYYEvyOZpy
         MEeDREPxYzJitlr3ychWp4Zzd53yjtbV1lTT6U4sXKY5QOs8eT0Ao/oZIAnwcHjyATZz
         tvRrEJaOpgFl+PLRLGNYDmv7E1xAUepdJHaTNhjB3fefVxY+fVJFRhn6o2dRH5BjqRJo
         syBZkBNB2cBomk/aVeT/u9aFQAkG7UcRC0tnPO4eZmPSZcT6zo03CZ/wyTukDnwagYtN
         RZjniCisA268LqO5pXzQ5ABPwHsfQoiYEfCJwAa8+UqYzT3ImXNuyo7FY6tV1pzS48q6
         1hxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Ie3wyi01fH7CgmQYiqIN+tfxdxDxn1n1+kzHm4Q9RTE=;
        b=2vDWN5oaXbW2Gtr/H2Y9K1nHOYGaMMR88kvBF6OtDQzUstq/cILJOtk+rng2E9f+DW
         mktaVWZSKPjuwRElE5b1u2WGQM8ZcwoYE+gzxwBgvCLVwl75lsiCRAvSR7zJ3LIXHIV8
         VbukKsP6zyEKQ7Nibofx5LOSZexXuwefS3B6/QzLXAm5j0VhKl4j9tXrK2elmwAYvO/s
         7mciKck5VxT7KaIWT72em7uOKJxvLB9HNoR9rg8zsZcSBdmwJc75rW9cD2NhQ+8HH0X9
         hDNA7ptPmFzftFUYLwcqwdiDjh1yqTbuBm8D/IioNa/jt3w8nDP/nvxkha/oQ6S8tA5D
         3YEQ==
X-Gm-Message-State: AOAM533SGSDENO2/T4DMYeTLl0F204CEVztPlOVzNZBfbiiLrXM4pXet
	wlHwC3ngVaDivc16jhh9AyFG/A==
X-Google-Smtp-Source: ABdhPJzoIdGrjBW0d47PH4jGXBlBszWnfJdkQI7JvZmOWO27z83YtLTGz3Vk6XtP2izWkdLA7bnMTg==
X-Received: by 2002:a05:6214:21c4:: with SMTP id d4mr22950102qvh.90.1643222076515;
        Wed, 26 Jan 2022 10:34:36 -0800 (PST)
Received: from soleen.c.googlers.com.com (189.216.85.34.bc.googleusercontent.com. [34.85.216.189])
        by smtp.gmail.com with ESMTPSA id u17sm35886qki.12.2022.01.26.10.34.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 26 Jan 2022 10:34:35 -0800 (PST)
From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: pasha.tatashin@soleen.com,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-m68k@lists.linux-m68k.org,
	anshuman.khandual@arm.com,
	willy@infradead.org,
	akpm@linux-foundation.org,
	william.kucharski@oracle.com,
	mike.kravetz@oracle.com,
	vbabka@suse.cz,
	geert@linux-m68k.org,
	schmitzmic@gmail.com,
	rostedt@goodmis.org,
	mingo@redhat.com,
	hannes@cmpxchg.org,
	guro@fb.com,
	songmuchun@bytedance.com,
	weixugc@google.com,
	gthelen@google.com,
	rientjes@google.com,
	pjt@google.com,
	hughd@google.com
Subject: [PATCH v3 4/9] mm: avoid using set_page_count() when pages are freed into allocator
Date: Wed, 26 Jan 2022 18:34:24 +0000
Message-Id: <20220126183429.1840447-5-pasha.tatashin@soleen.com>
X-Mailer: git-send-email 2.35.0.rc0.227.g00780c9af4-goog
In-Reply-To: <20220126183429.1840447-1-pasha.tatashin@soleen.com>
References: <20220126183429.1840447-1-pasha.tatashin@soleen.com>
MIME-Version: 1.0
X-Rspamd-Server: rspam11
X-Rspamd-Queue-Id: 328544002C
X-Stat-Signature: whhp5tr73r3qr8us99szyiunh99yq1po
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=soleen.com header.s=google header.b=Bh400EnO;
	dmarc=none;
	spf=pass (imf11.hostedemail.com: domain of pasha.tatashin@soleen.com designates 209.85.219.44 as permitted sender) smtp.mailfrom=pasha.tatashin@soleen.com
X-Rspam-User: nil
X-HE-Tag: 1643222077-111624
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When struct pages are first initialized the page->_refcount field is
set 1. However, later when pages are freed into allocator we set
_refcount to 0 via set_page_count(). Unconditionally resetting
_refcount is dangerous.

Instead use page_ref_dec_return(), and verify that the _refcount is
what is expected.

Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
---
 mm/page_alloc.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 5a9167bda279..0fa100152a2a 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1668,6 +1668,7 @@ void __free_pages_core(struct page *page, unsigned =
int order)
 	unsigned int nr_pages =3D 1 << order;
 	struct page *p =3D page;
 	unsigned int loop;
+	int refcnt;
=20
 	/*
 	 * When initializing the memmap, __init_single_page() sets the refcount
@@ -1678,10 +1679,12 @@ void __free_pages_core(struct page *page, unsigne=
d int order)
 	for (loop =3D 0; loop < (nr_pages - 1); loop++, p++) {
 		prefetchw(p + 1);
 		__ClearPageReserved(p);
-		set_page_count(p, 0);
+		refcnt =3D page_ref_dec_return(p);
+		VM_BUG_ON_PAGE(refcnt, p);
 	}
 	__ClearPageReserved(p);
-	set_page_count(p, 0);
+	refcnt =3D page_ref_dec_return(p);
+	VM_BUG_ON_PAGE(refcnt, p);
=20
 	atomic_long_add(nr_pages, &page_zone(page)->managed_pages);
=20
@@ -2253,10 +2256,12 @@ void __init init_cma_reserved_pageblock(struct pa=
ge *page)
 {
 	unsigned i =3D pageblock_nr_pages;
 	struct page *p =3D page;
+	int refcnt;
=20
 	do {
 		__ClearPageReserved(p);
-		set_page_count(p, 0);
+		refcnt =3D page_ref_dec_return(p);
+		VM_BUG_ON_PAGE(refcnt, p);
 	} while (++p, --i);
=20
 	set_pageblock_migratetype(page, MIGRATE_CMA);
--=20
2.35.0.rc0.227.g00780c9af4-goog