Re: [PATCH 3/4] mm/page_alloc: make sure subpage->private is zero at page free time
From: Vlastimil Babka (SUSE)
Date: Mon Jun 29 2026 - 11:01:03 EST
On 6/29/26 04:56, Zi Yan wrote:
> Any code using subpage->private of a folio, a compound page or a high-order
> page is supposed to reset it after use, otherwise ->private data can leak
> to new page user and cause unexpected issues. Add a bad_page() check at
> page free path for it.
>
> Assisted-by: Codex:gpt-5 # add the missing "return false" after bad_page()
> Signed-off-by: Zi Yan <ziy@xxxxxxxxxx>
I noticed the word 'subpage' is now frowned upon ;)
See https://lore.kernel.org/all/20260623125723.2503832-1-dev.jain@xxxxxxx/
since this is about tail pages, just call them as such?
> ---
> mm/page_alloc.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index ee902a468c2f..13c2655e24fb 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1374,15 +1374,21 @@ static __always_inline bool __free_pages_prepare(struct page *page,
> #endif
> }
> for (i = 1; i < (1 << order); i++) {
i starts at 1
> + struct page *subpage = page + i;
so "tail_page" is accurate?
> +
> if (compound)
> - bad += free_tail_page_prepare(page, page + i);
> + bad += free_tail_page_prepare(page, subpage);
> if (is_check_pages_enabled()) {
> - if (free_page_is_bad(page + i)) {
> + if (free_page_is_bad(subpage)) {
> bad++;
> continue;
> }
> }
> - (page + i)->flags.f &= ~PAGE_FLAGS_CHECK_AT_PREP;
> + subpage->flags.f &= ~PAGE_FLAGS_CHECK_AT_PREP;
> + if (subpage->private) {
> + bad_page(subpage, "nonzero private");
> + return false;
> + }
Also why not put this check into the is_check_pages_enabled() block and
handle it the same way?
> }
> }
> if (folio_test_anon(folio)) {
>