[PATCH 0/4] Keep subpage private zero at free and folio split time

From: Zi Yan

Date: Sun Jun 28 2026 - 22:57:15 EST


Hi all,

This patchset makes sure subpage->private is zero before compound or
high-order pages are returned to the allocator. It also checks subpages
that become new folio heads during large folio split, before their private
fields are used by new folios.

It is based on v7.2-rc1.

Motivation ===

page->private is zeroed at page free time since commit ac1ea219590c0
("mm/page_alloc: clear page->private in free_pages_prepare()"), since we
concluded that it might be too much to ask every page user to free a page
with ->private zeroed. The holder of the last page reference might not know
whether ->private needs to be cleared.

For compound and high-order pages, subpage->private can also leak to later
users if it is left uncleared. The page allocation path does not zero every
subpage->private field, so they can be seen by new users and cause
unexpected issues[1].

Check subpage->private at page free time, and check tail pages that become
new folio heads during large folio split. With those checks in place,
prep_compound_tail() no longer needs to clear subpage->private when
preparing compound page metadata.

Overview ===
1. Patch 1 removes setting page->private in compaction code when a free
page is taken out of the buddy allocator. cc->freepages is indexed by
page order, so storing the free page order in page->private is
redundant.
2. Patch 2 adds back the page->private check for tail pages promoted to new
folio heads in __split_folio_to_order().
3. Patch 3 adds a subpage->private check in the page free path.
4. Patch 4 removes subpage->private zeroing from prep_compound_tail().

Link: https://lore.kernel.org/all/20260206174017.128673-1-mikhail.v.gavrilov@xxxxxxxxx/ [1]

Signed-off-by: Zi Yan <ziy@xxxxxxxxxx>
---
Zi Yan (4):
mm/compaction: stop recording free page order in page->private
mm/huge_memory: add page->private check back in __split_folio_to_order()
mm/page_alloc: make sure subpage->private is zero at page free time
mm/page_alloc: remove set_page_private() in prep_compound_tail()

mm/compaction.c | 3 ---
mm/huge_memory.c | 10 ++++++++++
mm/internal.h | 1 -
mm/page_alloc.c | 12 +++++++++---
4 files changed, 19 insertions(+), 7 deletions(-)
---
base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
change-id: 20260603-keep-subpage-private-zero-at-free-a1e1435025dc

Best regards,
--
Yan, Zi