Re: [PATCH] mm/huge_memory: update file PMD counter before folio_put()
From: Yin Tirui
Date: Tue May 26 2026 - 07:20:48 EST
On 5/26/2026 7:05 PM, Lorenzo Stoakes wrote:
On Tue, May 26, 2026 at 06:13:37PM +0800, Yin Tirui wrote:Yes, agreed.
__split_huge_pmd_locked() updates the file/shmem RSS counter afterThat's an old commit :) I mean I suspect we're probably not actually ever
dropping the PMD mapping's folio reference. If folio_put() drops the
last reference, mm_counter_file() can later read freed folio state via
folio_test_swapbacked().
Move the counter update before folio_put().
Fixes: fadae2953072 ("thp: use mm_file_counter to determine update which rss counter")
dropping the folio ref to 0 here since we never had a report since ~2018.
The page cache keeping a reference I guess?
But doesn't mean we shouldn't fix this on principal/there being some way
this could happen.
Thanks!
Cc: <stable@xxxxxxxxxxxxxxx>LGTM, so:
Signed-off-by: Yin Tirui <yintirui@xxxxxxxxxx>
Reviewed-by: Lorenzo Stoakes <ljs@xxxxxxxxxx>
Yes, that was my intention as well: keep this patch minimal for backport.---Hmm, sucks to duplicate like this, but for purposes of backport and getting
mm/huge_memory.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 0135c29a4372..a5f4a48b7b77 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3145,7 +3145,9 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
if (!folio_test_referenced(folio) && pmd_young(old_pmd))
folio_set_referenced(folio);
folio_remove_rmap_pmd(folio, page, vma);
+ add_mm_counter(mm, mm_counter_file(folio), -HPAGE_PMD_NR);
folio_put(folio);
+ return;
this resolved fine, we can clean it up later.
I will post the related refactoring patch soon.
--}Cheers, Lorenzo
add_mm_counter(mm, mm_counter_file(folio), -HPAGE_PMD_NR);
return;
--
2.43.0
Yin Tirui