Re: [RFC PATCH] mm/page_alloc: fix use-after-free in swap due to stale page data after split_page()

[Matthew Wilcox]

On Fri, Jan 30, 2026 at 06:49:00PM +0500, Mikhail Gavrilov wrote:
> +       /*
> +        * Split pages may contain stale data from previous use. Initialize
> +        * page->private and page->lru which may have LIST_POISON values.
> +        */
> +       INIT_LIST_HEAD(&page->lru);
> +       for (i = 1; i < (1 << order); i++) {
> +               set_page_private(page + i, 0);
> +               INIT_LIST_HEAD(&page[i].lru);
> +       }
> +
>         for (i = 1; i < (1 << order); i++)
>                 set_page_refcounted(page + i);
>         split_page_owner(page, order, 0);

Why add a second loop instead of using the existing one?