Re: [PATCH] mm/huge_memory: update file PMD counter before folio_put()

Next message: David Hildenbrand (Arm): "Re: [PATCH v4 1/2] mm: shmem: refactor thpsize_shmem_enabled_store() with sysfs_match_string()"
Previous message: Nicolas Frattaroli: " Re: [PATCH v3 4/4] drm/scdc-helper: Implement parsing and printing HDMI 2.1 fields"
In reply to: Yin Tirui: "Re: [PATCH] mm/huge_memory: update file PMD counter before folio_put()"
Next in thread: Lorenzo Stoakes: "Re: [PATCH] mm/huge_memory: update file PMD counter before folio_put()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Tue May 26 2026 - 08:26:48 EST

On 5/26/26 13:05, Lorenzo Stoakes wrote:
> On Tue, May 26, 2026 at 06:13:37PM +0800, Yin Tirui wrote:
>> __split_huge_pmd_locked() updates the file/shmem RSS counter after
>> dropping the PMD mapping's folio reference. If folio_put() drops the
>> last reference, mm_counter_file() can later read freed folio state via
>> folio_test_swapbacked().
>>
>> Move the counter update before folio_put().
>>
>> Fixes: fadae2953072 ("thp: use mm_file_counter to determine update which rss counter")
>
> That's an old commit :) I mean I suspect we're probably not actually ever
> dropping the folio ref to 0 here since we never had a report since ~2018.
>
> The page cache keeping a reference I guess?

I assume we could be racing with truncation.

Truncation would have to trigger unmap itself before we do the
folio_remove_rmap_pmd().

While the race could happen in theory I think, I do assume this would be rather
hard to trigger.

>
> But doesn't mean we shouldn't fix this on principal/there being some way
> this could happen.
>
>> Cc: <stable@xxxxxxxxxxxxxxx>
>> Signed-off-by: Yin Tirui <yintirui@xxxxxxxxxx>
>
> LGTM, so:
>
> Reviewed-by: Lorenzo Stoakes <ljs@xxxxxxxxxx>

Acked-by: David Hildenbrand (arm) <david@xxxxxxxxxx>

--
Cheers,

David