From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [95.215.58.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6FAD33B6F8 for ; Thu, 4 Jun 2026 10:16:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.186 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780568163; cv=none; b=MiLmjjv7YAYXkxJ1f+Sp+xl0qSMk/PqMGrzPYRikwN0ISg3mZ2b/dtXJ9a9nQqpzr8SH1maQGFDwHUfDDicBaiZSIeyMa/J/1fuyLh8wFzak6LqF4pF4g9SOjhYkwq0TMGFPrQKuX4l2+66OfpzbPRlheZ2tfnqGh+0gOlsAhPI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780568163; c=relaxed/simple; bh=siuAzUXcLQBUINSgZzKqOl96sv/vstahT0IzRhmAKtw=; h=MIME-Version:Date:Content-Type:From:Message-ID:Subject:To:Cc: In-Reply-To:References; b=WjZCgw5h+azLxXpWzb5n1kOLKK8TtkBvPfRYZIiMsNFNF7q3bmlk8V/zOJGlWhmWYt1FmyJ3HO4GccrWkpWLyUNMHuQAdTdJwdBe7UpT7apa9jJZGSAGUWbZOBcLP4L5zJjHuquZYWB0BPp0qLuvPtxSL7XTqQBdBSh/INld0Zo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=UyD3Flju; arc=none smtp.client-ip=95.215.58.186 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="UyD3Flju" Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1780568159; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0qNmtiXuwb0Ppur00DNdkJYZlOVI0uDXAYEOqp9/VNI=; b=UyD3Flju98zCYaKYt0PMZvHaHTND8cObc7KPKeG04gx7OvuAlpb1obDbKZcDnfGQtQNkSW APR8ElbuCra1w33GDt14lKRvgoVruHwlHm3OBxG5BP0Vfd8zVEnoMa3mdbkyLL2cKMwSfU Qsow44k1KDyZEt181NxxZiRFBpagmbE= Date: Thu, 04 Jun 2026 10:15:55 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: ilya.gladyshev@linux.dev Message-ID: <9c0605c782299a2bb3ab6a8e73da26bafddea52f@linux.dev> TLS-Required: No Subject: [PATCH v3 2/2] mm: implement page refcount locking via dedicated bit To: ilya.gladyshev@linux.dev Cc: ivgorbunov@me.com, Liam.Howlett@oracle.com, akpm@linux-foundation.org, apopple@nvidia.com, artem.kuzin@huawei.com, baolin.wang@linux.alibaba.com, david@kernel.org, foxido@foxido.dev, harry.yoo@oracle.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, mhocko@suse.com, muchun.song@linux.dev, rppt@kernel.org, surenb@google.com, torvalds@linuxfoundation.org, vbabka@suse.cz, willy@infradead.org, yuzhao@google.com, ziy@nvidia.com, pfalcato@suse.de, kirill@shutemov.name In-Reply-To: <5dabf3a748fee0c7b142c74367e7586f5db1ed1e@linux.dev> References: <5dabf3a748fee0c7b142c74367e7586f5db1ed1e@linux.dev> X-Migadu-Flow: FLOW_OUT The current atomic-based page refcount implementation treats zero counter as dead and requires a compare-and-swap loop in folio_try_get() to prevent incrementing a dead refcount. This CAS loop acts as a serialization point and can become a significant bottleneck during high-frequency file read operations. This patch introduces PAGEREF_FROZEN_BIT to distinguish between a (temporary) zero refcount and a locked (dead/frozen) state. Because now incrementing counter doesn't affect it's locked/unlocked state, it is possible to use an optimistic atomic_add_return() in page_ref_add_unless_zero() that operates independently of the locked bit. The locked state is handled after the increment attempt, eliminating the need for the CAS loop. If locked state is detected after atomic_add(), pageref counter will be reset with CAS loop, eliminating theoretical possibility of overflow. Reviewed-by: Artem Kuzin Co-developed-by: Gorbunov Ivan Signed-off-by: Gorbunov Ivan Signed-off-by: Gladyshev Ilya Acked-by: Linus Torvalds --- include/linux/page-flags.h | 13 +++++++++++++ include/linux/page_ref.h | 28 ++++++++++++++++++++++++---- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 7223f6f4e2b4..ea9904a67334 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -196,6 +196,19 @@ enum pageflags { =20 =20#define PAGEFLAGS_MASK ((1UL << NR_PAGEFLAGS) - 1) =20 +/*=20Most significant bit in page refcount */ +#define PAGEREF_FROZEN_BIT BIT(31) + +/* Page reference counter can be in 4 logical states, + * which are described below with their value representation + * state | value + * (1) safe with owners | 1...INT_MAX + * (2) safe with no owners | 0 + * (3) frozen | INT_MIN....-1 + * + * State (2) can be only temporally inside dec_and_test. + */ + #ifndef __GENERATING_BOUNDS_H =20 =20/* diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index 24b09c8fbb68..b041894b6659 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -64,12 +64,17 @@ static inline void __page_ref_unfreeze(struct page *p= age, int v) =20 =20static inline bool __page_count_is_frozen(int count) { - return count =3D=3D 0; + return count & PAGEREF_FROZEN_BIT; } =20 =20static inline int page_ref_count(const struct page *page) { - return atomic_read(&page->_refcount); + int val =3D atomic_read(&page->_refcount); + + if (unlikely(val & PAGEREF_FROZEN_BIT)) + return 0; + + return val; } =20 =20/** @@ -191,6 +196,9 @@ static inline int page_ref_sub_and_test(struct page *= page, int nr) { int ret =3D atomic_sub_and_test(nr, &page->_refcount); =20 +=09if (ret) + ret =3D !atomic_cmpxchg_relaxed(&page->_refcount, 0, PAGEREF_FROZEN_BI= T); + if (page_ref_tracepoint_active(page_ref_mod_and_test)) __page_ref_mod_and_test(page, -nr, ret); return ret; @@ -220,6 +228,9 @@ static inline int page_ref_dec_and_test(struct page *= page) { int ret =3D atomic_dec_and_test(&page->_refcount); =20 +=09if (ret) + ret =3D !atomic_cmpxchg_relaxed(&page->_refcount, 0, PAGEREF_FROZEN_BI= T); + if (page_ref_tracepoint_active(page_ref_mod_and_test)) __page_ref_mod_and_test(page, -1, ret); return ret; @@ -245,9 +256,18 @@ static inline int folio_ref_dec_return(struct folio = *folio) return page_ref_dec_return(&folio->page); } =20 +#define=20_PAGEREF_FROZEN_LIMIT ((1 << 30) | PAGEREF_FROZEN_BIT) + static inline bool page_ref_add_unless_frozen(struct page *page, int nr) { - bool ret =3D atomic_add_unless(&page->_refcount, nr, 0); + bool ret =3D false; + int val =3D atomic_add_return(nr, &page->_refcount); + // See PAGEREF_FROZEN_BIT declaration in page-flags.h for details + ret =3D !(val & PAGEREF_FROZEN_BIT); + + /* Undo atomic_add() if counter is locked and scary big */ + while (unlikely((unsigned int)val >=3D _PAGEREF_FROZEN_LIMIT)) + val =3D atomic_cmpxchg_relaxed(&page->_refcount, val, PAGEREF_FROZEN_B= IT); =20 =20 if (page_ref_tracepoint_active(page_ref_mod_unless)) __page_ref_mod_unless(page, nr, ret); @@ -282,7 +302,7 @@ static inline bool folio_ref_try_add(struct folio *fo= lio, int count) =20 =20static inline int page_ref_freeze(struct page *page, int count) { - int ret =3D likely(atomic_cmpxchg(&page->_refcount, count, 0) =3D=3D co= unt); + int ret =3D likely(atomic_cmpxchg(&page->_refcount, count, PAGEREF_FROZ= EN_BIT) =3D=3D count); =20 =20 if (page_ref_tracepoint_active(page_ref_freeze)) __page_ref_freeze(page, count, ret); --=20 2.43.0