On Tue, Apr 08, 2025 at 08:22:47AM -0700, Dave Hansen wrote:
> Are there any tests for folio_test_pgtable() at free_page() time? If we
> had that, it would make it less likely that another free_page() user
> could sneak in without calling the destructor.
It's hidden, but yes:
static inline bool page_expected_state(struct page *page,
unsigned long check_flags)
{
if (unlikely(atomic_read(&page->_mapcount) != -1))
return false;
PageTable uses page_type which aliases with mapcount, so this check
covers "PageTable is still set when the last refcount to it is put".
I don't think we really use the page refcount when allocating/freeing
page tables. Anyone want to try switching it over to using
alloc_frozen_pages() / free_frozen_pages()? Might need to move that API
out of mm/internal.h ...
