Re: [PATCH v6 2/4] mm/zsmalloc: drop pool->lock from zs_free on 64-bit systems
From: Andrew Morton
Date: Mon Jun 29 2026 - 22:54:41 EST
On Fri, 26 Jun 2026 09:50:01 +0800 Wenchao Hao <haowenchao22@xxxxxxxxx> wrote:
> With class_idx encoded in obj, zs_free() can locate the size_class
> without holding pool->lock on 64-bit systems. Page migration also
> takes class->lock and only rewrites the PFN field of obj, so:
>
> 1. read obj locklessly,
> 2. lock the size_class derived from obj's class_idx,
> 3. re-read obj under class->lock to get a stable PFN.
>
> This eliminates the rwlock read-side cacheline bouncing between
> zs_free() and migration/compaction on multi-core systems.
>
> Annotate handle_to_obj()/record_obj() with READ_ONCE()/WRITE_ONCE() to
> prevent load/store tearing on the lockless read path and silence KCSAN
> data race reports.
>
> When ZS_OBJ_CLASS_BITS == 0 (32-bit, or 64-bit with obj too narrow to
> hold class_idx), zs_free() keeps pool->lock.
This thing is still causing problems. How about this?
From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Subject: mm-zsmalloc-drop-pool-lock-from-zs_free-on-64-bit-systems-fix
Date: Mon Jun 29 07:48:04 PM PDT 2026
build fix
mm/zsmalloc.c: In function 'obj_class_get_and_lock':
mm/zsmalloc.c:1481:36: error: implicit declaration of function 'obj_to_class_idx' [-Wimplicit-function-declaration]
1481 | *classp = pool->size_class[obj_to_class_idx(obj)];
| ^~~~~~~~~~~~~~~~
Cc: Barry Song <baohua@xxxxxxxxxx>
Cc: Joshua Hahn <joshua.hahnjy@xxxxxxxxx>
Cc: Minchan Kim <minchan@xxxxxxxxxx>
Cc: Nhat Pham <nphamcs@xxxxxxxxx>
Cc: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx>
Cc: Wenchao Hao <haowenchao@xxxxxxxxxx>
Cc: Xueyuan Chen <xueyuan.chen21@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/zsmalloc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/mm/zsmalloc.c~mm-zsmalloc-drop-pool-lock-from-zs_free-on-64-bit-systems-fix
+++ a/mm/zsmalloc.c
@@ -1457,6 +1457,12 @@ static void obj_free(int class_size, uns
mod_zspage_inuse(zspage, -1);
}
+/* Folds to 0 when ZS_OBJ_CLASS_BITS == 0; no ifdef needed at callers. */
+static unsigned int obj_to_class_idx(unsigned long obj)
+{
+ return (obj >> ZS_OBJ_IDX_BITS) & ZS_OBJ_CLASS_MASK;
+}
+
/*
* Resolve @handle to its zspage / size_class and acquire class->lock.
*
@@ -1759,12 +1765,6 @@ static void lock_zspage(struct zspage *z
zspage_read_unlock(zspage);
}
-/* Folds to 0 when ZS_OBJ_CLASS_BITS == 0; no ifdef needed at callers. */
-static unsigned int obj_to_class_idx(unsigned long obj)
-{
- return (obj >> ZS_OBJ_IDX_BITS) & ZS_OBJ_CLASS_MASK;
-}
-
static void replace_sub_page(struct size_class *class, struct zspage *zspage,
struct zpdesc *newzpdesc, struct zpdesc *oldzpdesc)
{
_