Re: [PATCH mm-unstable v1] mm: add a total mapcount for large folios

[David Hildenbrand]

On 11.08.23 17:18, Peter Xu wrote:
> On Fri, Aug 11, 2023 at 12:27:13AM +0200, David Hildenbrand wrote:
> > On 10.08.23 23:48, Matthew Wilcox wrote:
> > > On Thu, Aug 10, 2023 at 04:57:11PM -0400, Peter Xu wrote:
> > > > AFAICS if that patch was all correct (while I'm not yet sure..), you can
> > > > actually fit your new total mapcount field into page 1 so even avoid the
> > > > extra cacheline access.  You can have a look: the trick is refcount for
> > > > tail page 1 is still seems to be free on 32 bits (if that was your worry
> > > > before).  Then it'll be very nice if to keep Hugh's counter all in tail 1.
> > >
> > > No, refcount must be 0 on all tail pages.  We rely on this in many places
> > > in the MM.
> >
> > Very right.
>
> Obviously I could have missed this in the past.. can I ask for an example
> explaining why refcount will be referenced before knowing it's a head?

I think the issue is, when coming from a PFN walker (or GUP-fast), you 
might see "oh, this is a folio, let's lookup the head page". And you do 
that.

Then, you try taking a reference on that head page. (see try_get_folio()).

But as you didn't hold a reference on the folio yet, it can happily get 
freed + repurposed in the meantime, so maybe it's not a head page anymore.

So if the field would get reused for something else, grabbing a 
reference would corrupt whatever is now stored in there.

--
Cheers,

David / dhildenb