Re: [PATCH 3/4] mm/page_alloc: make sure subpage->private is zero at page free time

From: Zi Yan

Date: Mon Jun 29 2026 - 11:29:45 EST


On 29 Jun 2026, at 10:53, Vlastimil Babka (SUSE) wrote:

> On 6/29/26 04:56, Zi Yan wrote:
>> Any code using subpage->private of a folio, a compound page or a high-order
>> page is supposed to reset it after use, otherwise ->private data can leak
>> to new page user and cause unexpected issues. Add a bad_page() check at
>> page free path for it.
>>
>> Assisted-by: Codex:gpt-5 # add the missing "return false" after bad_page()
>> Signed-off-by: Zi Yan <ziy@xxxxxxxxxx>
>
> I noticed the word 'subpage' is now frowned upon ;)
> See https://lore.kernel.org/all/20260623125723.2503832-1-dev.jain@xxxxxxx/
>
> since this is about tail pages, just call them as such?

I will change to tail pages.

>
>> ---
>> mm/page_alloc.c | 12 +++++++++---
>> 1 file changed, 9 insertions(+), 3 deletions(-)
>>
>> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>> index ee902a468c2f..13c2655e24fb 100644
>> --- a/mm/page_alloc.c
>> +++ b/mm/page_alloc.c
>> @@ -1374,15 +1374,21 @@ static __always_inline bool __free_pages_prepare(struct page *page,
>> #endif
>> }
>> for (i = 1; i < (1 << order); i++) {
>
> i starts at 1
>
>> + struct page *subpage = page + i;
>
> so "tail_page" is accurate?

Right. Will rename it.

>
>> +
>> if (compound)
>> - bad += free_tail_page_prepare(page, page + i);
>> + bad += free_tail_page_prepare(page, subpage);
>> if (is_check_pages_enabled()) {
>> - if (free_page_is_bad(page + i)) {
>> + if (free_page_is_bad(subpage)) {
>> bad++;
>> continue;
>> }
>> }
>> - (page + i)->flags.f &= ~PAGE_FLAGS_CHECK_AT_PREP;
>> + subpage->flags.f &= ~PAGE_FLAGS_CHECK_AT_PREP;
>> + if (subpage->private) {
>> + bad_page(subpage, "nonzero private");
>> + return false;
>> + }
>
> Also why not put this check into the is_check_pages_enabled() block and
> handle it the same way?
>

Will do. And Sashiko also pointed this out.

>> }
>> }
>> if (folio_test_anon(folio)) {
>>


Best Regards,
Yan, Zi