| xj | b04a402 | 2021-11-25 15:01:52 +0800 | [diff] [blame] | 1 | /* | 
|  | 2 | *  Copyright (C) 2009  Red Hat, Inc. | 
|  | 3 | * | 
|  | 4 | *  This work is licensed under the terms of the GNU GPL, version 2. See | 
|  | 5 | *  the COPYING file in the top-level directory. | 
|  | 6 | */ | 
|  | 7 |  | 
|  | 8 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | 
|  | 9 |  | 
|  | 10 | #include <linux/mm.h> | 
|  | 11 | #include <linux/sched.h> | 
|  | 12 | #include <linux/sched/coredump.h> | 
|  | 13 | #include <linux/sched/numa_balancing.h> | 
|  | 14 | #include <linux/highmem.h> | 
|  | 15 | #include <linux/hugetlb.h> | 
|  | 16 | #include <linux/mmu_notifier.h> | 
|  | 17 | #include <linux/rmap.h> | 
|  | 18 | #include <linux/swap.h> | 
|  | 19 | #include <linux/shrinker.h> | 
|  | 20 | #include <linux/mm_inline.h> | 
|  | 21 | #include <linux/swapops.h> | 
|  | 22 | #include <linux/dax.h> | 
|  | 23 | #include <linux/khugepaged.h> | 
|  | 24 | #include <linux/freezer.h> | 
|  | 25 | #include <linux/pfn_t.h> | 
|  | 26 | #include <linux/mman.h> | 
|  | 27 | #include <linux/memremap.h> | 
|  | 28 | #include <linux/pagemap.h> | 
|  | 29 | #include <linux/debugfs.h> | 
|  | 30 | #include <linux/migrate.h> | 
|  | 31 | #include <linux/hashtable.h> | 
|  | 32 | #include <linux/userfaultfd_k.h> | 
|  | 33 | #include <linux/page_idle.h> | 
|  | 34 | #include <linux/shmem_fs.h> | 
|  | 35 | #include <linux/oom.h> | 
|  | 36 | #include <linux/page_owner.h> | 
|  | 37 |  | 
|  | 38 | #include <asm/tlb.h> | 
|  | 39 | #include <asm/pgalloc.h> | 
|  | 40 | #include "internal.h" | 
|  | 41 |  | 
|  | 42 | /* | 
|  | 43 | * By default, transparent hugepage support is disabled in order to avoid | 
|  | 44 | * risking an increased memory footprint for applications that are not | 
|  | 45 | * guaranteed to benefit from it. When transparent hugepage support is | 
|  | 46 | * enabled, it is for all mappings, and khugepaged scans all mappings. | 
|  | 47 | * Defrag is invoked by khugepaged hugepage allocations and by page faults | 
|  | 48 | * for all hugepage allocations. | 
|  | 49 | */ | 
|  | 50 | unsigned long transparent_hugepage_flags __read_mostly = | 
|  | 51 | #ifdef CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS | 
|  | 52 | (1<<TRANSPARENT_HUGEPAGE_FLAG)| | 
|  | 53 | #endif | 
|  | 54 | #ifdef CONFIG_TRANSPARENT_HUGEPAGE_MADVISE | 
|  | 55 | (1<<TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG)| | 
|  | 56 | #endif | 
|  | 57 | (1<<TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG)| | 
|  | 58 | (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG)| | 
|  | 59 | (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG); | 
|  | 60 |  | 
|  | 61 | static struct shrinker deferred_split_shrinker; | 
|  | 62 |  | 
|  | 63 | static atomic_t huge_zero_refcount; | 
|  | 64 | struct page *huge_zero_page __read_mostly; | 
|  | 65 |  | 
|  | 66 | bool transparent_hugepage_enabled(struct vm_area_struct *vma) | 
|  | 67 | { | 
|  | 68 | if (vma_is_anonymous(vma)) | 
|  | 69 | return __transparent_hugepage_enabled(vma); | 
|  | 70 | if (vma_is_shmem(vma) && shmem_huge_enabled(vma)) | 
|  | 71 | return __transparent_hugepage_enabled(vma); | 
|  | 72 |  | 
|  | 73 | return false; | 
|  | 74 | } | 
|  | 75 |  | 
|  | 76 | static struct page *get_huge_zero_page(void) | 
|  | 77 | { | 
|  | 78 | struct page *zero_page; | 
|  | 79 | retry: | 
|  | 80 | if (likely(atomic_inc_not_zero(&huge_zero_refcount))) | 
|  | 81 | return READ_ONCE(huge_zero_page); | 
|  | 82 |  | 
|  | 83 | zero_page = alloc_pages((GFP_TRANSHUGE | __GFP_ZERO) & ~__GFP_MOVABLE, | 
|  | 84 | HPAGE_PMD_ORDER); | 
|  | 85 | if (!zero_page) { | 
|  | 86 | count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED); | 
|  | 87 | return NULL; | 
|  | 88 | } | 
|  | 89 | count_vm_event(THP_ZERO_PAGE_ALLOC); | 
|  | 90 | preempt_disable(); | 
|  | 91 | if (cmpxchg(&huge_zero_page, NULL, zero_page)) { | 
|  | 92 | preempt_enable(); | 
|  | 93 | __free_pages(zero_page, compound_order(zero_page)); | 
|  | 94 | goto retry; | 
|  | 95 | } | 
|  | 96 |  | 
|  | 97 | /* We take additional reference here. It will be put back by shrinker */ | 
|  | 98 | atomic_set(&huge_zero_refcount, 2); | 
|  | 99 | preempt_enable(); | 
|  | 100 | return READ_ONCE(huge_zero_page); | 
|  | 101 | } | 
|  | 102 |  | 
|  | 103 | static void put_huge_zero_page(void) | 
|  | 104 | { | 
|  | 105 | /* | 
|  | 106 | * Counter should never go to zero here. Only shrinker can put | 
|  | 107 | * last reference. | 
|  | 108 | */ | 
|  | 109 | BUG_ON(atomic_dec_and_test(&huge_zero_refcount)); | 
|  | 110 | } | 
|  | 111 |  | 
|  | 112 | struct page *mm_get_huge_zero_page(struct mm_struct *mm) | 
|  | 113 | { | 
|  | 114 | if (test_bit(MMF_HUGE_ZERO_PAGE, &mm->flags)) | 
|  | 115 | return READ_ONCE(huge_zero_page); | 
|  | 116 |  | 
|  | 117 | if (!get_huge_zero_page()) | 
|  | 118 | return NULL; | 
|  | 119 |  | 
|  | 120 | if (test_and_set_bit(MMF_HUGE_ZERO_PAGE, &mm->flags)) | 
|  | 121 | put_huge_zero_page(); | 
|  | 122 |  | 
|  | 123 | return READ_ONCE(huge_zero_page); | 
|  | 124 | } | 
|  | 125 |  | 
|  | 126 | void mm_put_huge_zero_page(struct mm_struct *mm) | 
|  | 127 | { | 
|  | 128 | if (test_bit(MMF_HUGE_ZERO_PAGE, &mm->flags)) | 
|  | 129 | put_huge_zero_page(); | 
|  | 130 | } | 
|  | 131 |  | 
|  | 132 | static unsigned long shrink_huge_zero_page_count(struct shrinker *shrink, | 
|  | 133 | struct shrink_control *sc) | 
|  | 134 | { | 
|  | 135 | /* we can free zero page only if last reference remains */ | 
|  | 136 | return atomic_read(&huge_zero_refcount) == 1 ? HPAGE_PMD_NR : 0; | 
|  | 137 | } | 
|  | 138 |  | 
|  | 139 | static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink, | 
|  | 140 | struct shrink_control *sc) | 
|  | 141 | { | 
|  | 142 | if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) { | 
|  | 143 | struct page *zero_page = xchg(&huge_zero_page, NULL); | 
|  | 144 | BUG_ON(zero_page == NULL); | 
|  | 145 | __free_pages(zero_page, compound_order(zero_page)); | 
|  | 146 | return HPAGE_PMD_NR; | 
|  | 147 | } | 
|  | 148 |  | 
|  | 149 | return 0; | 
|  | 150 | } | 
|  | 151 |  | 
|  | 152 | static struct shrinker huge_zero_page_shrinker = { | 
|  | 153 | .count_objects = shrink_huge_zero_page_count, | 
|  | 154 | .scan_objects = shrink_huge_zero_page_scan, | 
|  | 155 | .seeks = DEFAULT_SEEKS, | 
|  | 156 | }; | 
|  | 157 |  | 
|  | 158 | #ifdef CONFIG_SYSFS | 
|  | 159 | static ssize_t enabled_show(struct kobject *kobj, | 
|  | 160 | struct kobj_attribute *attr, char *buf) | 
|  | 161 | { | 
|  | 162 | if (test_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags)) | 
|  | 163 | return sprintf(buf, "[always] madvise never\n"); | 
|  | 164 | else if (test_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags)) | 
|  | 165 | return sprintf(buf, "always [madvise] never\n"); | 
|  | 166 | else | 
|  | 167 | return sprintf(buf, "always madvise [never]\n"); | 
|  | 168 | } | 
|  | 169 |  | 
|  | 170 | static ssize_t enabled_store(struct kobject *kobj, | 
|  | 171 | struct kobj_attribute *attr, | 
|  | 172 | const char *buf, size_t count) | 
|  | 173 | { | 
|  | 174 | ssize_t ret = count; | 
|  | 175 |  | 
|  | 176 | if (!memcmp("always", buf, | 
|  | 177 | min(sizeof("always")-1, count))) { | 
|  | 178 | clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 179 | set_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags); | 
|  | 180 | } else if (!memcmp("madvise", buf, | 
|  | 181 | min(sizeof("madvise")-1, count))) { | 
|  | 182 | clear_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags); | 
|  | 183 | set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 184 | } else if (!memcmp("never", buf, | 
|  | 185 | min(sizeof("never")-1, count))) { | 
|  | 186 | clear_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags); | 
|  | 187 | clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 188 | } else | 
|  | 189 | ret = -EINVAL; | 
|  | 190 |  | 
|  | 191 | if (ret > 0) { | 
|  | 192 | int err = start_stop_khugepaged(); | 
|  | 193 | if (err) | 
|  | 194 | ret = err; | 
|  | 195 | } | 
|  | 196 | return ret; | 
|  | 197 | } | 
|  | 198 | static struct kobj_attribute enabled_attr = | 
|  | 199 | __ATTR(enabled, 0644, enabled_show, enabled_store); | 
|  | 200 |  | 
|  | 201 | ssize_t single_hugepage_flag_show(struct kobject *kobj, | 
|  | 202 | struct kobj_attribute *attr, char *buf, | 
|  | 203 | enum transparent_hugepage_flag flag) | 
|  | 204 | { | 
|  | 205 | return sprintf(buf, "%d\n", | 
|  | 206 | !!test_bit(flag, &transparent_hugepage_flags)); | 
|  | 207 | } | 
|  | 208 |  | 
|  | 209 | ssize_t single_hugepage_flag_store(struct kobject *kobj, | 
|  | 210 | struct kobj_attribute *attr, | 
|  | 211 | const char *buf, size_t count, | 
|  | 212 | enum transparent_hugepage_flag flag) | 
|  | 213 | { | 
|  | 214 | unsigned long value; | 
|  | 215 | int ret; | 
|  | 216 |  | 
|  | 217 | ret = kstrtoul(buf, 10, &value); | 
|  | 218 | if (ret < 0) | 
|  | 219 | return ret; | 
|  | 220 | if (value > 1) | 
|  | 221 | return -EINVAL; | 
|  | 222 |  | 
|  | 223 | if (value) | 
|  | 224 | set_bit(flag, &transparent_hugepage_flags); | 
|  | 225 | else | 
|  | 226 | clear_bit(flag, &transparent_hugepage_flags); | 
|  | 227 |  | 
|  | 228 | return count; | 
|  | 229 | } | 
|  | 230 |  | 
|  | 231 | static ssize_t defrag_show(struct kobject *kobj, | 
|  | 232 | struct kobj_attribute *attr, char *buf) | 
|  | 233 | { | 
|  | 234 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags)) | 
|  | 235 | return sprintf(buf, "[always] defer defer+madvise madvise never\n"); | 
|  | 236 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags)) | 
|  | 237 | return sprintf(buf, "always [defer] defer+madvise madvise never\n"); | 
|  | 238 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags)) | 
|  | 239 | return sprintf(buf, "always defer [defer+madvise] madvise never\n"); | 
|  | 240 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags)) | 
|  | 241 | return sprintf(buf, "always defer defer+madvise [madvise] never\n"); | 
|  | 242 | return sprintf(buf, "always defer defer+madvise madvise [never]\n"); | 
|  | 243 | } | 
|  | 244 |  | 
|  | 245 | static ssize_t defrag_store(struct kobject *kobj, | 
|  | 246 | struct kobj_attribute *attr, | 
|  | 247 | const char *buf, size_t count) | 
|  | 248 | { | 
|  | 249 | if (!memcmp("always", buf, | 
|  | 250 | min(sizeof("always")-1, count))) { | 
|  | 251 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); | 
|  | 252 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 253 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 254 | set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); | 
|  | 255 | } else if (!memcmp("defer+madvise", buf, | 
|  | 256 | min(sizeof("defer+madvise")-1, count))) { | 
|  | 257 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); | 
|  | 258 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); | 
|  | 259 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 260 | set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 261 | } else if (!memcmp("defer", buf, | 
|  | 262 | min(sizeof("defer")-1, count))) { | 
|  | 263 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); | 
|  | 264 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 265 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 266 | set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); | 
|  | 267 | } else if (!memcmp("madvise", buf, | 
|  | 268 | min(sizeof("madvise")-1, count))) { | 
|  | 269 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); | 
|  | 270 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); | 
|  | 271 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 272 | set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 273 | } else if (!memcmp("never", buf, | 
|  | 274 | min(sizeof("never")-1, count))) { | 
|  | 275 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); | 
|  | 276 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); | 
|  | 277 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 278 | clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); | 
|  | 279 | } else | 
|  | 280 | return -EINVAL; | 
|  | 281 |  | 
|  | 282 | return count; | 
|  | 283 | } | 
|  | 284 | static struct kobj_attribute defrag_attr = | 
|  | 285 | __ATTR(defrag, 0644, defrag_show, defrag_store); | 
|  | 286 |  | 
|  | 287 | static ssize_t use_zero_page_show(struct kobject *kobj, | 
|  | 288 | struct kobj_attribute *attr, char *buf) | 
|  | 289 | { | 
|  | 290 | return single_hugepage_flag_show(kobj, attr, buf, | 
|  | 291 | TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG); | 
|  | 292 | } | 
|  | 293 | static ssize_t use_zero_page_store(struct kobject *kobj, | 
|  | 294 | struct kobj_attribute *attr, const char *buf, size_t count) | 
|  | 295 | { | 
|  | 296 | return single_hugepage_flag_store(kobj, attr, buf, count, | 
|  | 297 | TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG); | 
|  | 298 | } | 
|  | 299 | static struct kobj_attribute use_zero_page_attr = | 
|  | 300 | __ATTR(use_zero_page, 0644, use_zero_page_show, use_zero_page_store); | 
|  | 301 |  | 
|  | 302 | static ssize_t hpage_pmd_size_show(struct kobject *kobj, | 
|  | 303 | struct kobj_attribute *attr, char *buf) | 
|  | 304 | { | 
|  | 305 | return sprintf(buf, "%lu\n", HPAGE_PMD_SIZE); | 
|  | 306 | } | 
|  | 307 | static struct kobj_attribute hpage_pmd_size_attr = | 
|  | 308 | __ATTR_RO(hpage_pmd_size); | 
|  | 309 |  | 
|  | 310 | #ifdef CONFIG_DEBUG_VM | 
|  | 311 | static ssize_t debug_cow_show(struct kobject *kobj, | 
|  | 312 | struct kobj_attribute *attr, char *buf) | 
|  | 313 | { | 
|  | 314 | return single_hugepage_flag_show(kobj, attr, buf, | 
|  | 315 | TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG); | 
|  | 316 | } | 
|  | 317 | static ssize_t debug_cow_store(struct kobject *kobj, | 
|  | 318 | struct kobj_attribute *attr, | 
|  | 319 | const char *buf, size_t count) | 
|  | 320 | { | 
|  | 321 | return single_hugepage_flag_store(kobj, attr, buf, count, | 
|  | 322 | TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG); | 
|  | 323 | } | 
|  | 324 | static struct kobj_attribute debug_cow_attr = | 
|  | 325 | __ATTR(debug_cow, 0644, debug_cow_show, debug_cow_store); | 
|  | 326 | #endif /* CONFIG_DEBUG_VM */ | 
|  | 327 |  | 
|  | 328 | static struct attribute *hugepage_attr[] = { | 
|  | 329 | &enabled_attr.attr, | 
|  | 330 | &defrag_attr.attr, | 
|  | 331 | &use_zero_page_attr.attr, | 
|  | 332 | &hpage_pmd_size_attr.attr, | 
|  | 333 | #if defined(CONFIG_SHMEM) && defined(CONFIG_TRANSPARENT_HUGE_PAGECACHE) | 
|  | 334 | &shmem_enabled_attr.attr, | 
|  | 335 | #endif | 
|  | 336 | #ifdef CONFIG_DEBUG_VM | 
|  | 337 | &debug_cow_attr.attr, | 
|  | 338 | #endif | 
|  | 339 | NULL, | 
|  | 340 | }; | 
|  | 341 |  | 
|  | 342 | static const struct attribute_group hugepage_attr_group = { | 
|  | 343 | .attrs = hugepage_attr, | 
|  | 344 | }; | 
|  | 345 |  | 
|  | 346 | static int __init hugepage_init_sysfs(struct kobject **hugepage_kobj) | 
|  | 347 | { | 
|  | 348 | int err; | 
|  | 349 |  | 
|  | 350 | *hugepage_kobj = kobject_create_and_add("transparent_hugepage", mm_kobj); | 
|  | 351 | if (unlikely(!*hugepage_kobj)) { | 
|  | 352 | pr_err("failed to create transparent hugepage kobject\n"); | 
|  | 353 | return -ENOMEM; | 
|  | 354 | } | 
|  | 355 |  | 
|  | 356 | err = sysfs_create_group(*hugepage_kobj, &hugepage_attr_group); | 
|  | 357 | if (err) { | 
|  | 358 | pr_err("failed to register transparent hugepage group\n"); | 
|  | 359 | goto delete_obj; | 
|  | 360 | } | 
|  | 361 |  | 
|  | 362 | err = sysfs_create_group(*hugepage_kobj, &khugepaged_attr_group); | 
|  | 363 | if (err) { | 
|  | 364 | pr_err("failed to register transparent hugepage group\n"); | 
|  | 365 | goto remove_hp_group; | 
|  | 366 | } | 
|  | 367 |  | 
|  | 368 | return 0; | 
|  | 369 |  | 
|  | 370 | remove_hp_group: | 
|  | 371 | sysfs_remove_group(*hugepage_kobj, &hugepage_attr_group); | 
|  | 372 | delete_obj: | 
|  | 373 | kobject_put(*hugepage_kobj); | 
|  | 374 | return err; | 
|  | 375 | } | 
|  | 376 |  | 
|  | 377 | static void __init hugepage_exit_sysfs(struct kobject *hugepage_kobj) | 
|  | 378 | { | 
|  | 379 | sysfs_remove_group(hugepage_kobj, &khugepaged_attr_group); | 
|  | 380 | sysfs_remove_group(hugepage_kobj, &hugepage_attr_group); | 
|  | 381 | kobject_put(hugepage_kobj); | 
|  | 382 | } | 
|  | 383 | #else | 
|  | 384 | static inline int hugepage_init_sysfs(struct kobject **hugepage_kobj) | 
|  | 385 | { | 
|  | 386 | return 0; | 
|  | 387 | } | 
|  | 388 |  | 
|  | 389 | static inline void hugepage_exit_sysfs(struct kobject *hugepage_kobj) | 
|  | 390 | { | 
|  | 391 | } | 
|  | 392 | #endif /* CONFIG_SYSFS */ | 
|  | 393 |  | 
|  | 394 | static int __init hugepage_init(void) | 
|  | 395 | { | 
|  | 396 | int err; | 
|  | 397 | struct kobject *hugepage_kobj; | 
|  | 398 |  | 
|  | 399 | if (!has_transparent_hugepage()) { | 
|  | 400 | transparent_hugepage_flags = 0; | 
|  | 401 | return -EINVAL; | 
|  | 402 | } | 
|  | 403 |  | 
|  | 404 | /* | 
|  | 405 | * hugepages can't be allocated by the buddy allocator | 
|  | 406 | */ | 
|  | 407 | MAYBE_BUILD_BUG_ON(HPAGE_PMD_ORDER >= MAX_ORDER); | 
|  | 408 | /* | 
|  | 409 | * we use page->mapping and page->index in second tail page | 
|  | 410 | * as list_head: assuming THP order >= 2 | 
|  | 411 | */ | 
|  | 412 | MAYBE_BUILD_BUG_ON(HPAGE_PMD_ORDER < 2); | 
|  | 413 |  | 
|  | 414 | err = hugepage_init_sysfs(&hugepage_kobj); | 
|  | 415 | if (err) | 
|  | 416 | goto err_sysfs; | 
|  | 417 |  | 
|  | 418 | err = khugepaged_init(); | 
|  | 419 | if (err) | 
|  | 420 | goto err_slab; | 
|  | 421 |  | 
|  | 422 | err = register_shrinker(&huge_zero_page_shrinker); | 
|  | 423 | if (err) | 
|  | 424 | goto err_hzp_shrinker; | 
|  | 425 | err = register_shrinker(&deferred_split_shrinker); | 
|  | 426 | if (err) | 
|  | 427 | goto err_split_shrinker; | 
|  | 428 |  | 
|  | 429 | /* | 
|  | 430 | * By default disable transparent hugepages on smaller systems, | 
|  | 431 | * where the extra memory used could hurt more than TLB overhead | 
|  | 432 | * is likely to save.  The admin can still enable it through /sys. | 
|  | 433 | */ | 
|  | 434 | if (totalram_pages < (512 << (20 - PAGE_SHIFT))) { | 
|  | 435 | transparent_hugepage_flags = 0; | 
|  | 436 | return 0; | 
|  | 437 | } | 
|  | 438 |  | 
|  | 439 | err = start_stop_khugepaged(); | 
|  | 440 | if (err) | 
|  | 441 | goto err_khugepaged; | 
|  | 442 |  | 
|  | 443 | return 0; | 
|  | 444 | err_khugepaged: | 
|  | 445 | unregister_shrinker(&deferred_split_shrinker); | 
|  | 446 | err_split_shrinker: | 
|  | 447 | unregister_shrinker(&huge_zero_page_shrinker); | 
|  | 448 | err_hzp_shrinker: | 
|  | 449 | khugepaged_destroy(); | 
|  | 450 | err_slab: | 
|  | 451 | hugepage_exit_sysfs(hugepage_kobj); | 
|  | 452 | err_sysfs: | 
|  | 453 | return err; | 
|  | 454 | } | 
|  | 455 | subsys_initcall(hugepage_init); | 
|  | 456 |  | 
|  | 457 | static int __init setup_transparent_hugepage(char *str) | 
|  | 458 | { | 
|  | 459 | int ret = 0; | 
|  | 460 | if (!str) | 
|  | 461 | goto out; | 
|  | 462 | if (!strcmp(str, "always")) { | 
|  | 463 | set_bit(TRANSPARENT_HUGEPAGE_FLAG, | 
|  | 464 | &transparent_hugepage_flags); | 
|  | 465 | clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, | 
|  | 466 | &transparent_hugepage_flags); | 
|  | 467 | ret = 1; | 
|  | 468 | } else if (!strcmp(str, "madvise")) { | 
|  | 469 | clear_bit(TRANSPARENT_HUGEPAGE_FLAG, | 
|  | 470 | &transparent_hugepage_flags); | 
|  | 471 | set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, | 
|  | 472 | &transparent_hugepage_flags); | 
|  | 473 | ret = 1; | 
|  | 474 | } else if (!strcmp(str, "never")) { | 
|  | 475 | clear_bit(TRANSPARENT_HUGEPAGE_FLAG, | 
|  | 476 | &transparent_hugepage_flags); | 
|  | 477 | clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, | 
|  | 478 | &transparent_hugepage_flags); | 
|  | 479 | ret = 1; | 
|  | 480 | } | 
|  | 481 | out: | 
|  | 482 | if (!ret) | 
|  | 483 | pr_warn("transparent_hugepage= cannot parse, ignored\n"); | 
|  | 484 | return ret; | 
|  | 485 | } | 
|  | 486 | __setup("transparent_hugepage=", setup_transparent_hugepage); | 
|  | 487 |  | 
|  | 488 | pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma) | 
|  | 489 | { | 
|  | 490 | if (likely(vma->vm_flags & VM_WRITE)) | 
|  | 491 | pmd = pmd_mkwrite(pmd); | 
|  | 492 | return pmd; | 
|  | 493 | } | 
|  | 494 |  | 
|  | 495 | static inline struct list_head *page_deferred_list(struct page *page) | 
|  | 496 | { | 
|  | 497 | /* ->lru in the tail pages is occupied by compound_head. */ | 
|  | 498 | return &page[2].deferred_list; | 
|  | 499 | } | 
|  | 500 |  | 
|  | 501 | void prep_transhuge_page(struct page *page) | 
|  | 502 | { | 
|  | 503 | /* | 
|  | 504 | * we use page->mapping and page->indexlru in second tail page | 
|  | 505 | * as list_head: assuming THP order >= 2 | 
|  | 506 | */ | 
|  | 507 |  | 
|  | 508 | INIT_LIST_HEAD(page_deferred_list(page)); | 
|  | 509 | set_compound_page_dtor(page, TRANSHUGE_PAGE_DTOR); | 
|  | 510 | } | 
|  | 511 |  | 
|  | 512 | static unsigned long __thp_get_unmapped_area(struct file *filp, | 
|  | 513 | unsigned long addr, unsigned long len, | 
|  | 514 | loff_t off, unsigned long flags, unsigned long size) | 
|  | 515 | { | 
|  | 516 | loff_t off_end = off + len; | 
|  | 517 | loff_t off_align = round_up(off, size); | 
|  | 518 | unsigned long len_pad, ret; | 
|  | 519 |  | 
|  | 520 | if (off_end <= off_align || (off_end - off_align) < size) | 
|  | 521 | return 0; | 
|  | 522 |  | 
|  | 523 | len_pad = len + size; | 
|  | 524 | if (len_pad < len || (off + len_pad) < off) | 
|  | 525 | return 0; | 
|  | 526 |  | 
|  | 527 | ret = current->mm->get_unmapped_area(filp, addr, len_pad, | 
|  | 528 | off >> PAGE_SHIFT, flags); | 
|  | 529 |  | 
|  | 530 | /* | 
|  | 531 | * The failure might be due to length padding. The caller will retry | 
|  | 532 | * without the padding. | 
|  | 533 | */ | 
|  | 534 | if (IS_ERR_VALUE(ret)) | 
|  | 535 | return 0; | 
|  | 536 |  | 
|  | 537 | /* | 
|  | 538 | * Do not try to align to THP boundary if allocation at the address | 
|  | 539 | * hint succeeds. | 
|  | 540 | */ | 
|  | 541 | if (ret == addr) | 
|  | 542 | return addr; | 
|  | 543 |  | 
|  | 544 | ret += (off - ret) & (size - 1); | 
|  | 545 | return ret; | 
|  | 546 | } | 
|  | 547 |  | 
|  | 548 | unsigned long thp_get_unmapped_area(struct file *filp, unsigned long addr, | 
|  | 549 | unsigned long len, unsigned long pgoff, unsigned long flags) | 
|  | 550 | { | 
|  | 551 | unsigned long ret; | 
|  | 552 | loff_t off = (loff_t)pgoff << PAGE_SHIFT; | 
|  | 553 |  | 
|  | 554 | if (!IS_DAX(filp->f_mapping->host) || !IS_ENABLED(CONFIG_FS_DAX_PMD)) | 
|  | 555 | goto out; | 
|  | 556 |  | 
|  | 557 | ret = __thp_get_unmapped_area(filp, addr, len, off, flags, PMD_SIZE); | 
|  | 558 | if (ret) | 
|  | 559 | return ret; | 
|  | 560 | out: | 
|  | 561 | return current->mm->get_unmapped_area(filp, addr, len, pgoff, flags); | 
|  | 562 | } | 
|  | 563 | EXPORT_SYMBOL_GPL(thp_get_unmapped_area); | 
|  | 564 |  | 
|  | 565 | static vm_fault_t __do_huge_pmd_anonymous_page(struct vm_fault *vmf, | 
|  | 566 | struct page *page, gfp_t gfp) | 
|  | 567 | { | 
|  | 568 | struct vm_area_struct *vma = vmf->vma; | 
|  | 569 | struct mem_cgroup *memcg; | 
|  | 570 | pgtable_t pgtable; | 
|  | 571 | unsigned long haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 572 | vm_fault_t ret = 0; | 
|  | 573 |  | 
|  | 574 | VM_BUG_ON_PAGE(!PageCompound(page), page); | 
|  | 575 |  | 
|  | 576 | if (mem_cgroup_try_charge_delay(page, vma->vm_mm, gfp, &memcg, true)) { | 
|  | 577 | put_page(page); | 
|  | 578 | count_vm_event(THP_FAULT_FALLBACK); | 
|  | 579 | return VM_FAULT_FALLBACK; | 
|  | 580 | } | 
|  | 581 |  | 
|  | 582 | pgtable = pte_alloc_one(vma->vm_mm, haddr); | 
|  | 583 | if (unlikely(!pgtable)) { | 
|  | 584 | ret = VM_FAULT_OOM; | 
|  | 585 | goto release; | 
|  | 586 | } | 
|  | 587 |  | 
|  | 588 | clear_huge_page(page, vmf->address, HPAGE_PMD_NR); | 
|  | 589 | /* | 
|  | 590 | * The memory barrier inside __SetPageUptodate makes sure that | 
|  | 591 | * clear_huge_page writes become visible before the set_pmd_at() | 
|  | 592 | * write. | 
|  | 593 | */ | 
|  | 594 | __SetPageUptodate(page); | 
|  | 595 |  | 
|  | 596 | vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); | 
|  | 597 | if (unlikely(!pmd_none(*vmf->pmd))) { | 
|  | 598 | goto unlock_release; | 
|  | 599 | } else { | 
|  | 600 | pmd_t entry; | 
|  | 601 |  | 
|  | 602 | ret = check_stable_address_space(vma->vm_mm); | 
|  | 603 | if (ret) | 
|  | 604 | goto unlock_release; | 
|  | 605 |  | 
|  | 606 | /* Deliver the page fault to userland */ | 
|  | 607 | if (userfaultfd_missing(vma)) { | 
|  | 608 | vm_fault_t ret2; | 
|  | 609 |  | 
|  | 610 | spin_unlock(vmf->ptl); | 
|  | 611 | mem_cgroup_cancel_charge(page, memcg, true); | 
|  | 612 | put_page(page); | 
|  | 613 | pte_free(vma->vm_mm, pgtable); | 
|  | 614 | ret2 = handle_userfault(vmf, VM_UFFD_MISSING); | 
|  | 615 | VM_BUG_ON(ret2 & VM_FAULT_FALLBACK); | 
|  | 616 | return ret2; | 
|  | 617 | } | 
|  | 618 |  | 
|  | 619 | entry = mk_huge_pmd(page, vma->vm_page_prot); | 
|  | 620 | entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma); | 
|  | 621 | page_add_new_anon_rmap(page, vma, haddr, true); | 
|  | 622 | mem_cgroup_commit_charge(page, memcg, false, true); | 
|  | 623 | lru_cache_add_active_or_unevictable(page, vma); | 
|  | 624 | pgtable_trans_huge_deposit(vma->vm_mm, vmf->pmd, pgtable); | 
|  | 625 | set_pmd_at(vma->vm_mm, haddr, vmf->pmd, entry); | 
|  | 626 | add_mm_counter(vma->vm_mm, MM_ANONPAGES, HPAGE_PMD_NR); | 
|  | 627 | mm_inc_nr_ptes(vma->vm_mm); | 
|  | 628 | spin_unlock(vmf->ptl); | 
|  | 629 | count_vm_event(THP_FAULT_ALLOC); | 
|  | 630 | } | 
|  | 631 |  | 
|  | 632 | return 0; | 
|  | 633 | unlock_release: | 
|  | 634 | spin_unlock(vmf->ptl); | 
|  | 635 | release: | 
|  | 636 | if (pgtable) | 
|  | 637 | pte_free(vma->vm_mm, pgtable); | 
|  | 638 | mem_cgroup_cancel_charge(page, memcg, true); | 
|  | 639 | put_page(page); | 
|  | 640 | return ret; | 
|  | 641 |  | 
|  | 642 | } | 
|  | 643 |  | 
|  | 644 | /* | 
|  | 645 | * always: directly stall for all thp allocations | 
|  | 646 | * defer: wake kswapd and fail if not immediately available | 
|  | 647 | * defer+madvise: wake kswapd and directly stall for MADV_HUGEPAGE, otherwise | 
|  | 648 | *		  fail if not immediately available | 
|  | 649 | * madvise: directly stall for MADV_HUGEPAGE, otherwise fail if not immediately | 
|  | 650 | *	    available | 
|  | 651 | * never: never stall for any thp allocation | 
|  | 652 | */ | 
|  | 653 | static inline gfp_t alloc_hugepage_direct_gfpmask(struct vm_area_struct *vma) | 
|  | 654 | { | 
|  | 655 | const bool vma_madvised = !!(vma->vm_flags & VM_HUGEPAGE); | 
|  | 656 |  | 
|  | 657 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags)) | 
|  | 658 | return GFP_TRANSHUGE | (vma_madvised ? 0 : __GFP_NORETRY); | 
|  | 659 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags)) | 
|  | 660 | return GFP_TRANSHUGE_LIGHT | __GFP_KSWAPD_RECLAIM; | 
|  | 661 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags)) | 
|  | 662 | return GFP_TRANSHUGE_LIGHT | (vma_madvised ? __GFP_DIRECT_RECLAIM : | 
|  | 663 | __GFP_KSWAPD_RECLAIM); | 
|  | 664 | if (test_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags)) | 
|  | 665 | return GFP_TRANSHUGE_LIGHT | (vma_madvised ? __GFP_DIRECT_RECLAIM : | 
|  | 666 | 0); | 
|  | 667 | return GFP_TRANSHUGE_LIGHT; | 
|  | 668 | } | 
|  | 669 |  | 
|  | 670 | /* Caller must hold page table lock. */ | 
|  | 671 | static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm, | 
|  | 672 | struct vm_area_struct *vma, unsigned long haddr, pmd_t *pmd, | 
|  | 673 | struct page *zero_page) | 
|  | 674 | { | 
|  | 675 | pmd_t entry; | 
|  | 676 | if (!pmd_none(*pmd)) | 
|  | 677 | return false; | 
|  | 678 | entry = mk_pmd(zero_page, vma->vm_page_prot); | 
|  | 679 | entry = pmd_mkhuge(entry); | 
|  | 680 | if (pgtable) | 
|  | 681 | pgtable_trans_huge_deposit(mm, pmd, pgtable); | 
|  | 682 | set_pmd_at(mm, haddr, pmd, entry); | 
|  | 683 | mm_inc_nr_ptes(mm); | 
|  | 684 | return true; | 
|  | 685 | } | 
|  | 686 |  | 
|  | 687 | vm_fault_t do_huge_pmd_anonymous_page(struct vm_fault *vmf) | 
|  | 688 | { | 
|  | 689 | struct vm_area_struct *vma = vmf->vma; | 
|  | 690 | gfp_t gfp; | 
|  | 691 | struct page *page; | 
|  | 692 | unsigned long haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 693 |  | 
|  | 694 | if (haddr < vma->vm_start || haddr + HPAGE_PMD_SIZE > vma->vm_end) | 
|  | 695 | return VM_FAULT_FALLBACK; | 
|  | 696 | if (unlikely(anon_vma_prepare(vma))) | 
|  | 697 | return VM_FAULT_OOM; | 
|  | 698 | if (unlikely(khugepaged_enter(vma, vma->vm_flags))) | 
|  | 699 | return VM_FAULT_OOM; | 
|  | 700 | if (!(vmf->flags & FAULT_FLAG_WRITE) && | 
|  | 701 | !mm_forbids_zeropage(vma->vm_mm) && | 
|  | 702 | transparent_hugepage_use_zero_page()) { | 
|  | 703 | pgtable_t pgtable; | 
|  | 704 | struct page *zero_page; | 
|  | 705 | bool set; | 
|  | 706 | vm_fault_t ret; | 
|  | 707 | pgtable = pte_alloc_one(vma->vm_mm, haddr); | 
|  | 708 | if (unlikely(!pgtable)) | 
|  | 709 | return VM_FAULT_OOM; | 
|  | 710 | zero_page = mm_get_huge_zero_page(vma->vm_mm); | 
|  | 711 | if (unlikely(!zero_page)) { | 
|  | 712 | pte_free(vma->vm_mm, pgtable); | 
|  | 713 | count_vm_event(THP_FAULT_FALLBACK); | 
|  | 714 | return VM_FAULT_FALLBACK; | 
|  | 715 | } | 
|  | 716 | vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); | 
|  | 717 | ret = 0; | 
|  | 718 | set = false; | 
|  | 719 | if (pmd_none(*vmf->pmd)) { | 
|  | 720 | ret = check_stable_address_space(vma->vm_mm); | 
|  | 721 | if (ret) { | 
|  | 722 | spin_unlock(vmf->ptl); | 
|  | 723 | } else if (userfaultfd_missing(vma)) { | 
|  | 724 | spin_unlock(vmf->ptl); | 
|  | 725 | ret = handle_userfault(vmf, VM_UFFD_MISSING); | 
|  | 726 | VM_BUG_ON(ret & VM_FAULT_FALLBACK); | 
|  | 727 | } else { | 
|  | 728 | set_huge_zero_page(pgtable, vma->vm_mm, vma, | 
|  | 729 | haddr, vmf->pmd, zero_page); | 
|  | 730 | spin_unlock(vmf->ptl); | 
|  | 731 | set = true; | 
|  | 732 | } | 
|  | 733 | } else | 
|  | 734 | spin_unlock(vmf->ptl); | 
|  | 735 | if (!set) | 
|  | 736 | pte_free(vma->vm_mm, pgtable); | 
|  | 737 | return ret; | 
|  | 738 | } | 
|  | 739 | gfp = alloc_hugepage_direct_gfpmask(vma); | 
|  | 740 | page = alloc_hugepage_vma(gfp, vma, haddr, HPAGE_PMD_ORDER); | 
|  | 741 | if (unlikely(!page)) { | 
|  | 742 | count_vm_event(THP_FAULT_FALLBACK); | 
|  | 743 | return VM_FAULT_FALLBACK; | 
|  | 744 | } | 
|  | 745 | prep_transhuge_page(page); | 
|  | 746 | return __do_huge_pmd_anonymous_page(vmf, page, gfp); | 
|  | 747 | } | 
|  | 748 |  | 
|  | 749 | static void insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr, | 
|  | 750 | pmd_t *pmd, pfn_t pfn, pgprot_t prot, bool write, | 
|  | 751 | pgtable_t pgtable) | 
|  | 752 | { | 
|  | 753 | struct mm_struct *mm = vma->vm_mm; | 
|  | 754 | pmd_t entry; | 
|  | 755 | spinlock_t *ptl; | 
|  | 756 |  | 
|  | 757 | ptl = pmd_lock(mm, pmd); | 
|  | 758 | if (!pmd_none(*pmd)) { | 
|  | 759 | if (write) { | 
|  | 760 | if (pmd_pfn(*pmd) != pfn_t_to_pfn(pfn)) { | 
|  | 761 | WARN_ON_ONCE(!is_huge_zero_pmd(*pmd)); | 
|  | 762 | goto out_unlock; | 
|  | 763 | } | 
|  | 764 | entry = pmd_mkyoung(*pmd); | 
|  | 765 | entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma); | 
|  | 766 | if (pmdp_set_access_flags(vma, addr, pmd, entry, 1)) | 
|  | 767 | update_mmu_cache_pmd(vma, addr, pmd); | 
|  | 768 | } | 
|  | 769 |  | 
|  | 770 | goto out_unlock; | 
|  | 771 | } | 
|  | 772 |  | 
|  | 773 | entry = pmd_mkhuge(pfn_t_pmd(pfn, prot)); | 
|  | 774 | if (pfn_t_devmap(pfn)) | 
|  | 775 | entry = pmd_mkdevmap(entry); | 
|  | 776 | if (write) { | 
|  | 777 | entry = pmd_mkyoung(pmd_mkdirty(entry)); | 
|  | 778 | entry = maybe_pmd_mkwrite(entry, vma); | 
|  | 779 | } | 
|  | 780 |  | 
|  | 781 | if (pgtable) { | 
|  | 782 | pgtable_trans_huge_deposit(mm, pmd, pgtable); | 
|  | 783 | mm_inc_nr_ptes(mm); | 
|  | 784 | pgtable = NULL; | 
|  | 785 | } | 
|  | 786 |  | 
|  | 787 | set_pmd_at(mm, addr, pmd, entry); | 
|  | 788 | update_mmu_cache_pmd(vma, addr, pmd); | 
|  | 789 |  | 
|  | 790 | out_unlock: | 
|  | 791 | spin_unlock(ptl); | 
|  | 792 | if (pgtable) | 
|  | 793 | pte_free(mm, pgtable); | 
|  | 794 | } | 
|  | 795 |  | 
|  | 796 | vm_fault_t vmf_insert_pfn_pmd(struct vm_fault *vmf, pfn_t pfn, bool write) | 
|  | 797 | { | 
|  | 798 | unsigned long addr = vmf->address & PMD_MASK; | 
|  | 799 | struct vm_area_struct *vma = vmf->vma; | 
|  | 800 | pgprot_t pgprot = vma->vm_page_prot; | 
|  | 801 | pgtable_t pgtable = NULL; | 
|  | 802 |  | 
|  | 803 | /* | 
|  | 804 | * If we had pmd_special, we could avoid all these restrictions, | 
|  | 805 | * but we need to be consistent with PTEs and architectures that | 
|  | 806 | * can't support a 'special' bit. | 
|  | 807 | */ | 
|  | 808 | BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) && | 
|  | 809 | !pfn_t_devmap(pfn)); | 
|  | 810 | BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) == | 
|  | 811 | (VM_PFNMAP|VM_MIXEDMAP)); | 
|  | 812 | BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); | 
|  | 813 |  | 
|  | 814 | if (addr < vma->vm_start || addr >= vma->vm_end) | 
|  | 815 | return VM_FAULT_SIGBUS; | 
|  | 816 |  | 
|  | 817 | if (arch_needs_pgtable_deposit()) { | 
|  | 818 | pgtable = pte_alloc_one(vma->vm_mm, addr); | 
|  | 819 | if (!pgtable) | 
|  | 820 | return VM_FAULT_OOM; | 
|  | 821 | } | 
|  | 822 |  | 
|  | 823 | track_pfn_insert(vma, &pgprot, pfn); | 
|  | 824 |  | 
|  | 825 | insert_pfn_pmd(vma, addr, vmf->pmd, pfn, pgprot, write, pgtable); | 
|  | 826 | return VM_FAULT_NOPAGE; | 
|  | 827 | } | 
|  | 828 | EXPORT_SYMBOL_GPL(vmf_insert_pfn_pmd); | 
|  | 829 |  | 
|  | 830 | #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD | 
|  | 831 | static pud_t maybe_pud_mkwrite(pud_t pud, struct vm_area_struct *vma) | 
|  | 832 | { | 
|  | 833 | if (likely(vma->vm_flags & VM_WRITE)) | 
|  | 834 | pud = pud_mkwrite(pud); | 
|  | 835 | return pud; | 
|  | 836 | } | 
|  | 837 |  | 
|  | 838 | static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, | 
|  | 839 | pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) | 
|  | 840 | { | 
|  | 841 | struct mm_struct *mm = vma->vm_mm; | 
|  | 842 | pud_t entry; | 
|  | 843 | spinlock_t *ptl; | 
|  | 844 |  | 
|  | 845 | ptl = pud_lock(mm, pud); | 
|  | 846 | if (!pud_none(*pud)) { | 
|  | 847 | if (write) { | 
|  | 848 | if (pud_pfn(*pud) != pfn_t_to_pfn(pfn)) { | 
|  | 849 | WARN_ON_ONCE(!is_huge_zero_pud(*pud)); | 
|  | 850 | goto out_unlock; | 
|  | 851 | } | 
|  | 852 | entry = pud_mkyoung(*pud); | 
|  | 853 | entry = maybe_pud_mkwrite(pud_mkdirty(entry), vma); | 
|  | 854 | if (pudp_set_access_flags(vma, addr, pud, entry, 1)) | 
|  | 855 | update_mmu_cache_pud(vma, addr, pud); | 
|  | 856 | } | 
|  | 857 | goto out_unlock; | 
|  | 858 | } | 
|  | 859 |  | 
|  | 860 | entry = pud_mkhuge(pfn_t_pud(pfn, prot)); | 
|  | 861 | if (pfn_t_devmap(pfn)) | 
|  | 862 | entry = pud_mkdevmap(entry); | 
|  | 863 | if (write) { | 
|  | 864 | entry = pud_mkyoung(pud_mkdirty(entry)); | 
|  | 865 | entry = maybe_pud_mkwrite(entry, vma); | 
|  | 866 | } | 
|  | 867 | set_pud_at(mm, addr, pud, entry); | 
|  | 868 | update_mmu_cache_pud(vma, addr, pud); | 
|  | 869 |  | 
|  | 870 | out_unlock: | 
|  | 871 | spin_unlock(ptl); | 
|  | 872 | } | 
|  | 873 |  | 
|  | 874 | vm_fault_t vmf_insert_pfn_pud(struct vm_fault *vmf, pfn_t pfn, bool write) | 
|  | 875 | { | 
|  | 876 | unsigned long addr = vmf->address & PUD_MASK; | 
|  | 877 | struct vm_area_struct *vma = vmf->vma; | 
|  | 878 | pgprot_t pgprot = vma->vm_page_prot; | 
|  | 879 |  | 
|  | 880 | /* | 
|  | 881 | * If we had pud_special, we could avoid all these restrictions, | 
|  | 882 | * but we need to be consistent with PTEs and architectures that | 
|  | 883 | * can't support a 'special' bit. | 
|  | 884 | */ | 
|  | 885 | BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) && | 
|  | 886 | !pfn_t_devmap(pfn)); | 
|  | 887 | BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) == | 
|  | 888 | (VM_PFNMAP|VM_MIXEDMAP)); | 
|  | 889 | BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); | 
|  | 890 |  | 
|  | 891 | if (addr < vma->vm_start || addr >= vma->vm_end) | 
|  | 892 | return VM_FAULT_SIGBUS; | 
|  | 893 |  | 
|  | 894 | track_pfn_insert(vma, &pgprot, pfn); | 
|  | 895 |  | 
|  | 896 | insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); | 
|  | 897 | return VM_FAULT_NOPAGE; | 
|  | 898 | } | 
|  | 899 | EXPORT_SYMBOL_GPL(vmf_insert_pfn_pud); | 
|  | 900 | #endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */ | 
|  | 901 |  | 
|  | 902 | static void touch_pmd(struct vm_area_struct *vma, unsigned long addr, | 
|  | 903 | pmd_t *pmd, int flags) | 
|  | 904 | { | 
|  | 905 | pmd_t _pmd; | 
|  | 906 |  | 
|  | 907 | _pmd = pmd_mkyoung(*pmd); | 
|  | 908 | if (flags & FOLL_WRITE) | 
|  | 909 | _pmd = pmd_mkdirty(_pmd); | 
|  | 910 | if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK, | 
|  | 911 | pmd, _pmd, flags & FOLL_WRITE)) | 
|  | 912 | update_mmu_cache_pmd(vma, addr, pmd); | 
|  | 913 | } | 
|  | 914 |  | 
|  | 915 | struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr, | 
|  | 916 | pmd_t *pmd, int flags) | 
|  | 917 | { | 
|  | 918 | unsigned long pfn = pmd_pfn(*pmd); | 
|  | 919 | struct mm_struct *mm = vma->vm_mm; | 
|  | 920 | struct dev_pagemap *pgmap; | 
|  | 921 | struct page *page; | 
|  | 922 |  | 
|  | 923 | assert_spin_locked(pmd_lockptr(mm, pmd)); | 
|  | 924 |  | 
|  | 925 | /* | 
|  | 926 | * When we COW a devmap PMD entry, we split it into PTEs, so we should | 
|  | 927 | * not be in this function with `flags & FOLL_COW` set. | 
|  | 928 | */ | 
|  | 929 | WARN_ONCE(flags & FOLL_COW, "mm: In follow_devmap_pmd with FOLL_COW set"); | 
|  | 930 |  | 
|  | 931 | if (flags & FOLL_WRITE && !pmd_write(*pmd)) | 
|  | 932 | return NULL; | 
|  | 933 |  | 
|  | 934 | if (pmd_present(*pmd) && pmd_devmap(*pmd)) | 
|  | 935 | /* pass */; | 
|  | 936 | else | 
|  | 937 | return NULL; | 
|  | 938 |  | 
|  | 939 | if (flags & FOLL_TOUCH) | 
|  | 940 | touch_pmd(vma, addr, pmd, flags); | 
|  | 941 |  | 
|  | 942 | /* | 
|  | 943 | * device mapped pages can only be returned if the | 
|  | 944 | * caller will manage the page reference count. | 
|  | 945 | */ | 
|  | 946 | if (!(flags & FOLL_GET)) | 
|  | 947 | return ERR_PTR(-EEXIST); | 
|  | 948 |  | 
|  | 949 | pfn += (addr & ~PMD_MASK) >> PAGE_SHIFT; | 
|  | 950 | pgmap = get_dev_pagemap(pfn, NULL); | 
|  | 951 | if (!pgmap) | 
|  | 952 | return ERR_PTR(-EFAULT); | 
|  | 953 | page = pfn_to_page(pfn); | 
|  | 954 | get_page(page); | 
|  | 955 | put_dev_pagemap(pgmap); | 
|  | 956 |  | 
|  | 957 | return page; | 
|  | 958 | } | 
|  | 959 |  | 
|  | 960 | int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm, | 
|  | 961 | pmd_t *dst_pmd, pmd_t *src_pmd, unsigned long addr, | 
|  | 962 | struct vm_area_struct *vma) | 
|  | 963 | { | 
|  | 964 | spinlock_t *dst_ptl, *src_ptl; | 
|  | 965 | struct page *src_page; | 
|  | 966 | pmd_t pmd; | 
|  | 967 | pgtable_t pgtable = NULL; | 
|  | 968 | int ret = -ENOMEM; | 
|  | 969 |  | 
|  | 970 | /* Skip if can be re-fill on fault */ | 
|  | 971 | if (!vma_is_anonymous(vma)) | 
|  | 972 | return 0; | 
|  | 973 |  | 
|  | 974 | pgtable = pte_alloc_one(dst_mm, addr); | 
|  | 975 | if (unlikely(!pgtable)) | 
|  | 976 | goto out; | 
|  | 977 |  | 
|  | 978 | dst_ptl = pmd_lock(dst_mm, dst_pmd); | 
|  | 979 | src_ptl = pmd_lockptr(src_mm, src_pmd); | 
|  | 980 | spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); | 
|  | 981 |  | 
|  | 982 | ret = -EAGAIN; | 
|  | 983 | pmd = *src_pmd; | 
|  | 984 |  | 
|  | 985 | #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION | 
|  | 986 | if (unlikely(is_swap_pmd(pmd))) { | 
|  | 987 | swp_entry_t entry = pmd_to_swp_entry(pmd); | 
|  | 988 |  | 
|  | 989 | VM_BUG_ON(!is_pmd_migration_entry(pmd)); | 
|  | 990 | if (is_write_migration_entry(entry)) { | 
|  | 991 | make_migration_entry_read(&entry); | 
|  | 992 | pmd = swp_entry_to_pmd(entry); | 
|  | 993 | if (pmd_swp_soft_dirty(*src_pmd)) | 
|  | 994 | pmd = pmd_swp_mksoft_dirty(pmd); | 
|  | 995 | set_pmd_at(src_mm, addr, src_pmd, pmd); | 
|  | 996 | } | 
|  | 997 | add_mm_counter(dst_mm, MM_ANONPAGES, HPAGE_PMD_NR); | 
|  | 998 | mm_inc_nr_ptes(dst_mm); | 
|  | 999 | pgtable_trans_huge_deposit(dst_mm, dst_pmd, pgtable); | 
|  | 1000 | set_pmd_at(dst_mm, addr, dst_pmd, pmd); | 
|  | 1001 | ret = 0; | 
|  | 1002 | goto out_unlock; | 
|  | 1003 | } | 
|  | 1004 | #endif | 
|  | 1005 |  | 
|  | 1006 | if (unlikely(!pmd_trans_huge(pmd))) { | 
|  | 1007 | pte_free(dst_mm, pgtable); | 
|  | 1008 | goto out_unlock; | 
|  | 1009 | } | 
|  | 1010 | /* | 
|  | 1011 | * When page table lock is held, the huge zero pmd should not be | 
|  | 1012 | * under splitting since we don't split the page itself, only pmd to | 
|  | 1013 | * a page table. | 
|  | 1014 | */ | 
|  | 1015 | if (is_huge_zero_pmd(pmd)) { | 
|  | 1016 | struct page *zero_page; | 
|  | 1017 | /* | 
|  | 1018 | * get_huge_zero_page() will never allocate a new page here, | 
|  | 1019 | * since we already have a zero page to copy. It just takes a | 
|  | 1020 | * reference. | 
|  | 1021 | */ | 
|  | 1022 | zero_page = mm_get_huge_zero_page(dst_mm); | 
|  | 1023 | set_huge_zero_page(pgtable, dst_mm, vma, addr, dst_pmd, | 
|  | 1024 | zero_page); | 
|  | 1025 | ret = 0; | 
|  | 1026 | goto out_unlock; | 
|  | 1027 | } | 
|  | 1028 |  | 
|  | 1029 | src_page = pmd_page(pmd); | 
|  | 1030 | VM_BUG_ON_PAGE(!PageHead(src_page), src_page); | 
|  | 1031 | get_page(src_page); | 
|  | 1032 | page_dup_rmap(src_page, true); | 
|  | 1033 | add_mm_counter(dst_mm, MM_ANONPAGES, HPAGE_PMD_NR); | 
|  | 1034 | mm_inc_nr_ptes(dst_mm); | 
|  | 1035 | pgtable_trans_huge_deposit(dst_mm, dst_pmd, pgtable); | 
|  | 1036 |  | 
|  | 1037 | pmdp_set_wrprotect(src_mm, addr, src_pmd); | 
|  | 1038 | pmd = pmd_mkold(pmd_wrprotect(pmd)); | 
|  | 1039 | set_pmd_at(dst_mm, addr, dst_pmd, pmd); | 
|  | 1040 |  | 
|  | 1041 | ret = 0; | 
|  | 1042 | out_unlock: | 
|  | 1043 | spin_unlock(src_ptl); | 
|  | 1044 | spin_unlock(dst_ptl); | 
|  | 1045 | out: | 
|  | 1046 | return ret; | 
|  | 1047 | } | 
|  | 1048 |  | 
|  | 1049 | #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD | 
|  | 1050 | static void touch_pud(struct vm_area_struct *vma, unsigned long addr, | 
|  | 1051 | pud_t *pud, int flags) | 
|  | 1052 | { | 
|  | 1053 | pud_t _pud; | 
|  | 1054 |  | 
|  | 1055 | _pud = pud_mkyoung(*pud); | 
|  | 1056 | if (flags & FOLL_WRITE) | 
|  | 1057 | _pud = pud_mkdirty(_pud); | 
|  | 1058 | if (pudp_set_access_flags(vma, addr & HPAGE_PUD_MASK, | 
|  | 1059 | pud, _pud, flags & FOLL_WRITE)) | 
|  | 1060 | update_mmu_cache_pud(vma, addr, pud); | 
|  | 1061 | } | 
|  | 1062 |  | 
|  | 1063 | struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr, | 
|  | 1064 | pud_t *pud, int flags) | 
|  | 1065 | { | 
|  | 1066 | unsigned long pfn = pud_pfn(*pud); | 
|  | 1067 | struct mm_struct *mm = vma->vm_mm; | 
|  | 1068 | struct dev_pagemap *pgmap; | 
|  | 1069 | struct page *page; | 
|  | 1070 |  | 
|  | 1071 | assert_spin_locked(pud_lockptr(mm, pud)); | 
|  | 1072 |  | 
|  | 1073 | if (flags & FOLL_WRITE && !pud_write(*pud)) | 
|  | 1074 | return NULL; | 
|  | 1075 |  | 
|  | 1076 | if (pud_present(*pud) && pud_devmap(*pud)) | 
|  | 1077 | /* pass */; | 
|  | 1078 | else | 
|  | 1079 | return NULL; | 
|  | 1080 |  | 
|  | 1081 | if (flags & FOLL_TOUCH) | 
|  | 1082 | touch_pud(vma, addr, pud, flags); | 
|  | 1083 |  | 
|  | 1084 | /* | 
|  | 1085 | * device mapped pages can only be returned if the | 
|  | 1086 | * caller will manage the page reference count. | 
|  | 1087 | */ | 
|  | 1088 | if (!(flags & FOLL_GET)) | 
|  | 1089 | return ERR_PTR(-EEXIST); | 
|  | 1090 |  | 
|  | 1091 | pfn += (addr & ~PUD_MASK) >> PAGE_SHIFT; | 
|  | 1092 | pgmap = get_dev_pagemap(pfn, NULL); | 
|  | 1093 | if (!pgmap) | 
|  | 1094 | return ERR_PTR(-EFAULT); | 
|  | 1095 | page = pfn_to_page(pfn); | 
|  | 1096 | get_page(page); | 
|  | 1097 | put_dev_pagemap(pgmap); | 
|  | 1098 |  | 
|  | 1099 | return page; | 
|  | 1100 | } | 
|  | 1101 |  | 
|  | 1102 | int copy_huge_pud(struct mm_struct *dst_mm, struct mm_struct *src_mm, | 
|  | 1103 | pud_t *dst_pud, pud_t *src_pud, unsigned long addr, | 
|  | 1104 | struct vm_area_struct *vma) | 
|  | 1105 | { | 
|  | 1106 | spinlock_t *dst_ptl, *src_ptl; | 
|  | 1107 | pud_t pud; | 
|  | 1108 | int ret; | 
|  | 1109 |  | 
|  | 1110 | dst_ptl = pud_lock(dst_mm, dst_pud); | 
|  | 1111 | src_ptl = pud_lockptr(src_mm, src_pud); | 
|  | 1112 | spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); | 
|  | 1113 |  | 
|  | 1114 | ret = -EAGAIN; | 
|  | 1115 | pud = *src_pud; | 
|  | 1116 | if (unlikely(!pud_trans_huge(pud) && !pud_devmap(pud))) | 
|  | 1117 | goto out_unlock; | 
|  | 1118 |  | 
|  | 1119 | /* | 
|  | 1120 | * When page table lock is held, the huge zero pud should not be | 
|  | 1121 | * under splitting since we don't split the page itself, only pud to | 
|  | 1122 | * a page table. | 
|  | 1123 | */ | 
|  | 1124 | if (is_huge_zero_pud(pud)) { | 
|  | 1125 | /* No huge zero pud yet */ | 
|  | 1126 | } | 
|  | 1127 |  | 
|  | 1128 | pudp_set_wrprotect(src_mm, addr, src_pud); | 
|  | 1129 | pud = pud_mkold(pud_wrprotect(pud)); | 
|  | 1130 | set_pud_at(dst_mm, addr, dst_pud, pud); | 
|  | 1131 |  | 
|  | 1132 | ret = 0; | 
|  | 1133 | out_unlock: | 
|  | 1134 | spin_unlock(src_ptl); | 
|  | 1135 | spin_unlock(dst_ptl); | 
|  | 1136 | return ret; | 
|  | 1137 | } | 
|  | 1138 |  | 
|  | 1139 | void huge_pud_set_accessed(struct vm_fault *vmf, pud_t orig_pud) | 
|  | 1140 | { | 
|  | 1141 | pud_t entry; | 
|  | 1142 | unsigned long haddr; | 
|  | 1143 | bool write = vmf->flags & FAULT_FLAG_WRITE; | 
|  | 1144 |  | 
|  | 1145 | vmf->ptl = pud_lock(vmf->vma->vm_mm, vmf->pud); | 
|  | 1146 | if (unlikely(!pud_same(*vmf->pud, orig_pud))) | 
|  | 1147 | goto unlock; | 
|  | 1148 |  | 
|  | 1149 | entry = pud_mkyoung(orig_pud); | 
|  | 1150 | if (write) | 
|  | 1151 | entry = pud_mkdirty(entry); | 
|  | 1152 | haddr = vmf->address & HPAGE_PUD_MASK; | 
|  | 1153 | if (pudp_set_access_flags(vmf->vma, haddr, vmf->pud, entry, write)) | 
|  | 1154 | update_mmu_cache_pud(vmf->vma, vmf->address, vmf->pud); | 
|  | 1155 |  | 
|  | 1156 | unlock: | 
|  | 1157 | spin_unlock(vmf->ptl); | 
|  | 1158 | } | 
|  | 1159 | #endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */ | 
|  | 1160 |  | 
|  | 1161 | void huge_pmd_set_accessed(struct vm_fault *vmf, pmd_t orig_pmd) | 
|  | 1162 | { | 
|  | 1163 | pmd_t entry; | 
|  | 1164 | unsigned long haddr; | 
|  | 1165 | bool write = vmf->flags & FAULT_FLAG_WRITE; | 
|  | 1166 |  | 
|  | 1167 | vmf->ptl = pmd_lock(vmf->vma->vm_mm, vmf->pmd); | 
|  | 1168 | if (unlikely(!pmd_same(*vmf->pmd, orig_pmd))) | 
|  | 1169 | goto unlock; | 
|  | 1170 |  | 
|  | 1171 | entry = pmd_mkyoung(orig_pmd); | 
|  | 1172 | if (write) | 
|  | 1173 | entry = pmd_mkdirty(entry); | 
|  | 1174 | haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 1175 | if (pmdp_set_access_flags(vmf->vma, haddr, vmf->pmd, entry, write)) | 
|  | 1176 | update_mmu_cache_pmd(vmf->vma, vmf->address, vmf->pmd); | 
|  | 1177 |  | 
|  | 1178 | unlock: | 
|  | 1179 | spin_unlock(vmf->ptl); | 
|  | 1180 | } | 
|  | 1181 |  | 
|  | 1182 | static vm_fault_t do_huge_pmd_wp_page_fallback(struct vm_fault *vmf, | 
|  | 1183 | pmd_t orig_pmd, struct page *page) | 
|  | 1184 | { | 
|  | 1185 | struct vm_area_struct *vma = vmf->vma; | 
|  | 1186 | unsigned long haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 1187 | struct mem_cgroup *memcg; | 
|  | 1188 | pgtable_t pgtable; | 
|  | 1189 | pmd_t _pmd; | 
|  | 1190 | int i; | 
|  | 1191 | vm_fault_t ret = 0; | 
|  | 1192 | struct page **pages; | 
|  | 1193 | unsigned long mmun_start;	/* For mmu_notifiers */ | 
|  | 1194 | unsigned long mmun_end;		/* For mmu_notifiers */ | 
|  | 1195 |  | 
|  | 1196 | pages = kmalloc_array(HPAGE_PMD_NR, sizeof(struct page *), | 
|  | 1197 | GFP_KERNEL); | 
|  | 1198 | if (unlikely(!pages)) { | 
|  | 1199 | ret |= VM_FAULT_OOM; | 
|  | 1200 | goto out; | 
|  | 1201 | } | 
|  | 1202 |  | 
|  | 1203 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 1204 | pages[i] = alloc_page_vma_node(GFP_HIGHUSER_MOVABLE, vma, | 
|  | 1205 | vmf->address, page_to_nid(page)); | 
|  | 1206 | if (unlikely(!pages[i] || | 
|  | 1207 | mem_cgroup_try_charge_delay(pages[i], vma->vm_mm, | 
|  | 1208 | GFP_KERNEL, &memcg, false))) { | 
|  | 1209 | if (pages[i]) | 
|  | 1210 | put_page(pages[i]); | 
|  | 1211 | while (--i >= 0) { | 
|  | 1212 | memcg = (void *)page_private(pages[i]); | 
|  | 1213 | set_page_private(pages[i], 0); | 
|  | 1214 | mem_cgroup_cancel_charge(pages[i], memcg, | 
|  | 1215 | false); | 
|  | 1216 | put_page(pages[i]); | 
|  | 1217 | } | 
|  | 1218 | kfree(pages); | 
|  | 1219 | ret |= VM_FAULT_OOM; | 
|  | 1220 | goto out; | 
|  | 1221 | } | 
|  | 1222 | set_page_private(pages[i], (unsigned long)memcg); | 
|  | 1223 | } | 
|  | 1224 |  | 
|  | 1225 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 1226 | copy_user_highpage(pages[i], page + i, | 
|  | 1227 | haddr + PAGE_SIZE * i, vma); | 
|  | 1228 | __SetPageUptodate(pages[i]); | 
|  | 1229 | cond_resched(); | 
|  | 1230 | } | 
|  | 1231 |  | 
|  | 1232 | mmun_start = haddr; | 
|  | 1233 | mmun_end   = haddr + HPAGE_PMD_SIZE; | 
|  | 1234 | mmu_notifier_invalidate_range_start(vma->vm_mm, mmun_start, mmun_end); | 
|  | 1235 |  | 
|  | 1236 | vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); | 
|  | 1237 | if (unlikely(!pmd_same(*vmf->pmd, orig_pmd))) | 
|  | 1238 | goto out_free_pages; | 
|  | 1239 | VM_BUG_ON_PAGE(!PageHead(page), page); | 
|  | 1240 |  | 
|  | 1241 | /* | 
|  | 1242 | * Leave pmd empty until pte is filled note we must notify here as | 
|  | 1243 | * concurrent CPU thread might write to new page before the call to | 
|  | 1244 | * mmu_notifier_invalidate_range_end() happens which can lead to a | 
|  | 1245 | * device seeing memory write in different order than CPU. | 
|  | 1246 | * | 
|  | 1247 | * See Documentation/vm/mmu_notifier.rst | 
|  | 1248 | */ | 
|  | 1249 | pmdp_huge_clear_flush_notify(vma, haddr, vmf->pmd); | 
|  | 1250 |  | 
|  | 1251 | pgtable = pgtable_trans_huge_withdraw(vma->vm_mm, vmf->pmd); | 
|  | 1252 | pmd_populate(vma->vm_mm, &_pmd, pgtable); | 
|  | 1253 |  | 
|  | 1254 | for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { | 
|  | 1255 | pte_t entry; | 
|  | 1256 | entry = mk_pte(pages[i], vma->vm_page_prot); | 
|  | 1257 | entry = maybe_mkwrite(pte_mkdirty(entry), vma); | 
|  | 1258 | memcg = (void *)page_private(pages[i]); | 
|  | 1259 | set_page_private(pages[i], 0); | 
|  | 1260 | page_add_new_anon_rmap(pages[i], vmf->vma, haddr, false); | 
|  | 1261 | mem_cgroup_commit_charge(pages[i], memcg, false, false); | 
|  | 1262 | lru_cache_add_active_or_unevictable(pages[i], vma); | 
|  | 1263 | vmf->pte = pte_offset_map(&_pmd, haddr); | 
|  | 1264 | VM_BUG_ON(!pte_none(*vmf->pte)); | 
|  | 1265 | set_pte_at(vma->vm_mm, haddr, vmf->pte, entry); | 
|  | 1266 | pte_unmap(vmf->pte); | 
|  | 1267 | } | 
|  | 1268 | kfree(pages); | 
|  | 1269 |  | 
|  | 1270 | smp_wmb(); /* make pte visible before pmd */ | 
|  | 1271 | pmd_populate(vma->vm_mm, vmf->pmd, pgtable); | 
|  | 1272 | page_remove_rmap(page, true); | 
|  | 1273 | spin_unlock(vmf->ptl); | 
|  | 1274 |  | 
|  | 1275 | /* | 
|  | 1276 | * No need to double call mmu_notifier->invalidate_range() callback as | 
|  | 1277 | * the above pmdp_huge_clear_flush_notify() did already call it. | 
|  | 1278 | */ | 
|  | 1279 | mmu_notifier_invalidate_range_only_end(vma->vm_mm, mmun_start, | 
|  | 1280 | mmun_end); | 
|  | 1281 |  | 
|  | 1282 | ret |= VM_FAULT_WRITE; | 
|  | 1283 | put_page(page); | 
|  | 1284 |  | 
|  | 1285 | out: | 
|  | 1286 | return ret; | 
|  | 1287 |  | 
|  | 1288 | out_free_pages: | 
|  | 1289 | spin_unlock(vmf->ptl); | 
|  | 1290 | mmu_notifier_invalidate_range_end(vma->vm_mm, mmun_start, mmun_end); | 
|  | 1291 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 1292 | memcg = (void *)page_private(pages[i]); | 
|  | 1293 | set_page_private(pages[i], 0); | 
|  | 1294 | mem_cgroup_cancel_charge(pages[i], memcg, false); | 
|  | 1295 | put_page(pages[i]); | 
|  | 1296 | } | 
|  | 1297 | kfree(pages); | 
|  | 1298 | goto out; | 
|  | 1299 | } | 
|  | 1300 |  | 
|  | 1301 | vm_fault_t do_huge_pmd_wp_page(struct vm_fault *vmf, pmd_t orig_pmd) | 
|  | 1302 | { | 
|  | 1303 | struct vm_area_struct *vma = vmf->vma; | 
|  | 1304 | struct page *page = NULL, *new_page; | 
|  | 1305 | struct mem_cgroup *memcg; | 
|  | 1306 | unsigned long haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 1307 | unsigned long mmun_start;	/* For mmu_notifiers */ | 
|  | 1308 | unsigned long mmun_end;		/* For mmu_notifiers */ | 
|  | 1309 | gfp_t huge_gfp;			/* for allocation and charge */ | 
|  | 1310 | vm_fault_t ret = 0; | 
|  | 1311 |  | 
|  | 1312 | vmf->ptl = pmd_lockptr(vma->vm_mm, vmf->pmd); | 
|  | 1313 | VM_BUG_ON_VMA(!vma->anon_vma, vma); | 
|  | 1314 | if (is_huge_zero_pmd(orig_pmd)) | 
|  | 1315 | goto alloc; | 
|  | 1316 | spin_lock(vmf->ptl); | 
|  | 1317 | if (unlikely(!pmd_same(*vmf->pmd, orig_pmd))) | 
|  | 1318 | goto out_unlock; | 
|  | 1319 |  | 
|  | 1320 | page = pmd_page(orig_pmd); | 
|  | 1321 | VM_BUG_ON_PAGE(!PageCompound(page) || !PageHead(page), page); | 
|  | 1322 | /* | 
|  | 1323 | * We can only reuse the page if nobody else maps the huge page or it's | 
|  | 1324 | * part. | 
|  | 1325 | */ | 
|  | 1326 | if (!trylock_page(page)) { | 
|  | 1327 | get_page(page); | 
|  | 1328 | spin_unlock(vmf->ptl); | 
|  | 1329 | lock_page(page); | 
|  | 1330 | spin_lock(vmf->ptl); | 
|  | 1331 | if (unlikely(!pmd_same(*vmf->pmd, orig_pmd))) { | 
|  | 1332 | unlock_page(page); | 
|  | 1333 | put_page(page); | 
|  | 1334 | goto out_unlock; | 
|  | 1335 | } | 
|  | 1336 | put_page(page); | 
|  | 1337 | } | 
|  | 1338 | if (reuse_swap_page(page, NULL)) { | 
|  | 1339 | pmd_t entry; | 
|  | 1340 | entry = pmd_mkyoung(orig_pmd); | 
|  | 1341 | entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma); | 
|  | 1342 | if (pmdp_set_access_flags(vma, haddr, vmf->pmd, entry,  1)) | 
|  | 1343 | update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); | 
|  | 1344 | ret |= VM_FAULT_WRITE; | 
|  | 1345 | unlock_page(page); | 
|  | 1346 | goto out_unlock; | 
|  | 1347 | } | 
|  | 1348 | unlock_page(page); | 
|  | 1349 | get_page(page); | 
|  | 1350 | spin_unlock(vmf->ptl); | 
|  | 1351 | alloc: | 
|  | 1352 | if (__transparent_hugepage_enabled(vma) && | 
|  | 1353 | !transparent_hugepage_debug_cow()) { | 
|  | 1354 | huge_gfp = alloc_hugepage_direct_gfpmask(vma); | 
|  | 1355 | new_page = alloc_hugepage_vma(huge_gfp, vma, haddr, HPAGE_PMD_ORDER); | 
|  | 1356 | } else | 
|  | 1357 | new_page = NULL; | 
|  | 1358 |  | 
|  | 1359 | if (likely(new_page)) { | 
|  | 1360 | prep_transhuge_page(new_page); | 
|  | 1361 | } else { | 
|  | 1362 | if (!page) { | 
|  | 1363 | split_huge_pmd(vma, vmf->pmd, vmf->address); | 
|  | 1364 | ret |= VM_FAULT_FALLBACK; | 
|  | 1365 | } else { | 
|  | 1366 | ret = do_huge_pmd_wp_page_fallback(vmf, orig_pmd, page); | 
|  | 1367 | if (ret & VM_FAULT_OOM) { | 
|  | 1368 | split_huge_pmd(vma, vmf->pmd, vmf->address); | 
|  | 1369 | ret |= VM_FAULT_FALLBACK; | 
|  | 1370 | } | 
|  | 1371 | put_page(page); | 
|  | 1372 | } | 
|  | 1373 | count_vm_event(THP_FAULT_FALLBACK); | 
|  | 1374 | goto out; | 
|  | 1375 | } | 
|  | 1376 |  | 
|  | 1377 | if (unlikely(mem_cgroup_try_charge_delay(new_page, vma->vm_mm, | 
|  | 1378 | huge_gfp, &memcg, true))) { | 
|  | 1379 | put_page(new_page); | 
|  | 1380 | split_huge_pmd(vma, vmf->pmd, vmf->address); | 
|  | 1381 | if (page) | 
|  | 1382 | put_page(page); | 
|  | 1383 | ret |= VM_FAULT_FALLBACK; | 
|  | 1384 | count_vm_event(THP_FAULT_FALLBACK); | 
|  | 1385 | goto out; | 
|  | 1386 | } | 
|  | 1387 |  | 
|  | 1388 | count_vm_event(THP_FAULT_ALLOC); | 
|  | 1389 |  | 
|  | 1390 | if (!page) | 
|  | 1391 | clear_huge_page(new_page, vmf->address, HPAGE_PMD_NR); | 
|  | 1392 | else | 
|  | 1393 | copy_user_huge_page(new_page, page, vmf->address, | 
|  | 1394 | vma, HPAGE_PMD_NR); | 
|  | 1395 | __SetPageUptodate(new_page); | 
|  | 1396 |  | 
|  | 1397 | mmun_start = haddr; | 
|  | 1398 | mmun_end   = haddr + HPAGE_PMD_SIZE; | 
|  | 1399 | mmu_notifier_invalidate_range_start(vma->vm_mm, mmun_start, mmun_end); | 
|  | 1400 |  | 
|  | 1401 | spin_lock(vmf->ptl); | 
|  | 1402 | if (page) | 
|  | 1403 | put_page(page); | 
|  | 1404 | if (unlikely(!pmd_same(*vmf->pmd, orig_pmd))) { | 
|  | 1405 | spin_unlock(vmf->ptl); | 
|  | 1406 | mem_cgroup_cancel_charge(new_page, memcg, true); | 
|  | 1407 | put_page(new_page); | 
|  | 1408 | goto out_mn; | 
|  | 1409 | } else { | 
|  | 1410 | pmd_t entry; | 
|  | 1411 | entry = mk_huge_pmd(new_page, vma->vm_page_prot); | 
|  | 1412 | entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma); | 
|  | 1413 | pmdp_huge_clear_flush_notify(vma, haddr, vmf->pmd); | 
|  | 1414 | page_add_new_anon_rmap(new_page, vma, haddr, true); | 
|  | 1415 | mem_cgroup_commit_charge(new_page, memcg, false, true); | 
|  | 1416 | lru_cache_add_active_or_unevictable(new_page, vma); | 
|  | 1417 | set_pmd_at(vma->vm_mm, haddr, vmf->pmd, entry); | 
|  | 1418 | update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); | 
|  | 1419 | if (!page) { | 
|  | 1420 | add_mm_counter(vma->vm_mm, MM_ANONPAGES, HPAGE_PMD_NR); | 
|  | 1421 | } else { | 
|  | 1422 | VM_BUG_ON_PAGE(!PageHead(page), page); | 
|  | 1423 | page_remove_rmap(page, true); | 
|  | 1424 | put_page(page); | 
|  | 1425 | } | 
|  | 1426 | ret |= VM_FAULT_WRITE; | 
|  | 1427 | } | 
|  | 1428 | spin_unlock(vmf->ptl); | 
|  | 1429 | out_mn: | 
|  | 1430 | /* | 
|  | 1431 | * No need to double call mmu_notifier->invalidate_range() callback as | 
|  | 1432 | * the above pmdp_huge_clear_flush_notify() did already call it. | 
|  | 1433 | */ | 
|  | 1434 | mmu_notifier_invalidate_range_only_end(vma->vm_mm, mmun_start, | 
|  | 1435 | mmun_end); | 
|  | 1436 | out: | 
|  | 1437 | return ret; | 
|  | 1438 | out_unlock: | 
|  | 1439 | spin_unlock(vmf->ptl); | 
|  | 1440 | return ret; | 
|  | 1441 | } | 
|  | 1442 |  | 
|  | 1443 | /* | 
|  | 1444 | * FOLL_FORCE can write to even unwritable pmd's, but only | 
|  | 1445 | * after we've gone through a COW cycle and they are dirty. | 
|  | 1446 | */ | 
|  | 1447 | static inline bool can_follow_write_pmd(pmd_t pmd, unsigned int flags) | 
|  | 1448 | { | 
|  | 1449 | return pmd_write(pmd) || | 
|  | 1450 | ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pmd_dirty(pmd)); | 
|  | 1451 | } | 
|  | 1452 |  | 
|  | 1453 | struct page *follow_trans_huge_pmd(struct vm_area_struct *vma, | 
|  | 1454 | unsigned long addr, | 
|  | 1455 | pmd_t *pmd, | 
|  | 1456 | unsigned int flags) | 
|  | 1457 | { | 
|  | 1458 | struct mm_struct *mm = vma->vm_mm; | 
|  | 1459 | struct page *page = NULL; | 
|  | 1460 |  | 
|  | 1461 | assert_spin_locked(pmd_lockptr(mm, pmd)); | 
|  | 1462 |  | 
|  | 1463 | if (flags & FOLL_WRITE && !can_follow_write_pmd(*pmd, flags)) | 
|  | 1464 | goto out; | 
|  | 1465 |  | 
|  | 1466 | /* Avoid dumping huge zero page */ | 
|  | 1467 | if ((flags & FOLL_DUMP) && is_huge_zero_pmd(*pmd)) | 
|  | 1468 | return ERR_PTR(-EFAULT); | 
|  | 1469 |  | 
|  | 1470 | /* Full NUMA hinting faults to serialise migration in fault paths */ | 
|  | 1471 | if ((flags & FOLL_NUMA) && pmd_protnone(*pmd)) | 
|  | 1472 | goto out; | 
|  | 1473 |  | 
|  | 1474 | page = pmd_page(*pmd); | 
|  | 1475 | VM_BUG_ON_PAGE(!PageHead(page) && !is_zone_device_page(page), page); | 
|  | 1476 | if (flags & FOLL_TOUCH) | 
|  | 1477 | touch_pmd(vma, addr, pmd, flags); | 
|  | 1478 | if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) { | 
|  | 1479 | /* | 
|  | 1480 | * We don't mlock() pte-mapped THPs. This way we can avoid | 
|  | 1481 | * leaking mlocked pages into non-VM_LOCKED VMAs. | 
|  | 1482 | * | 
|  | 1483 | * For anon THP: | 
|  | 1484 | * | 
|  | 1485 | * In most cases the pmd is the only mapping of the page as we | 
|  | 1486 | * break COW for the mlock() -- see gup_flags |= FOLL_WRITE for | 
|  | 1487 | * writable private mappings in populate_vma_page_range(). | 
|  | 1488 | * | 
|  | 1489 | * The only scenario when we have the page shared here is if we | 
|  | 1490 | * mlocking read-only mapping shared over fork(). We skip | 
|  | 1491 | * mlocking such pages. | 
|  | 1492 | * | 
|  | 1493 | * For file THP: | 
|  | 1494 | * | 
|  | 1495 | * We can expect PageDoubleMap() to be stable under page lock: | 
|  | 1496 | * for file pages we set it in page_add_file_rmap(), which | 
|  | 1497 | * requires page to be locked. | 
|  | 1498 | */ | 
|  | 1499 |  | 
|  | 1500 | if (PageAnon(page) && compound_mapcount(page) != 1) | 
|  | 1501 | goto skip_mlock; | 
|  | 1502 | if (PageDoubleMap(page) || !page->mapping) | 
|  | 1503 | goto skip_mlock; | 
|  | 1504 | if (!trylock_page(page)) | 
|  | 1505 | goto skip_mlock; | 
|  | 1506 | lru_add_drain(); | 
|  | 1507 | if (page->mapping && !PageDoubleMap(page)) | 
|  | 1508 | mlock_vma_page(page); | 
|  | 1509 | unlock_page(page); | 
|  | 1510 | } | 
|  | 1511 | skip_mlock: | 
|  | 1512 | page += (addr & ~HPAGE_PMD_MASK) >> PAGE_SHIFT; | 
|  | 1513 | VM_BUG_ON_PAGE(!PageCompound(page) && !is_zone_device_page(page), page); | 
|  | 1514 | if (flags & FOLL_GET) | 
|  | 1515 | get_page(page); | 
|  | 1516 |  | 
|  | 1517 | out: | 
|  | 1518 | return page; | 
|  | 1519 | } | 
|  | 1520 |  | 
|  | 1521 | /* NUMA hinting page fault entry point for trans huge pmds */ | 
|  | 1522 | vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf, pmd_t pmd) | 
|  | 1523 | { | 
|  | 1524 | struct vm_area_struct *vma = vmf->vma; | 
|  | 1525 | struct anon_vma *anon_vma = NULL; | 
|  | 1526 | struct page *page; | 
|  | 1527 | unsigned long haddr = vmf->address & HPAGE_PMD_MASK; | 
|  | 1528 | int page_nid = -1, this_nid = numa_node_id(); | 
|  | 1529 | int target_nid, last_cpupid = -1; | 
|  | 1530 | bool page_locked; | 
|  | 1531 | bool migrated = false; | 
|  | 1532 | bool was_writable; | 
|  | 1533 | int flags = 0; | 
|  | 1534 |  | 
|  | 1535 | vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); | 
|  | 1536 | if (unlikely(!pmd_same(pmd, *vmf->pmd))) | 
|  | 1537 | goto out_unlock; | 
|  | 1538 |  | 
|  | 1539 | /* | 
|  | 1540 | * If there are potential migrations, wait for completion and retry | 
|  | 1541 | * without disrupting NUMA hinting information. Do not relock and | 
|  | 1542 | * check_same as the page may no longer be mapped. | 
|  | 1543 | */ | 
|  | 1544 | if (unlikely(pmd_trans_migrating(*vmf->pmd))) { | 
|  | 1545 | page = pmd_page(*vmf->pmd); | 
|  | 1546 | if (!get_page_unless_zero(page)) | 
|  | 1547 | goto out_unlock; | 
|  | 1548 | spin_unlock(vmf->ptl); | 
|  | 1549 | wait_on_page_locked(page); | 
|  | 1550 | put_page(page); | 
|  | 1551 | goto out; | 
|  | 1552 | } | 
|  | 1553 |  | 
|  | 1554 | page = pmd_page(pmd); | 
|  | 1555 | BUG_ON(is_huge_zero_page(page)); | 
|  | 1556 | page_nid = page_to_nid(page); | 
|  | 1557 | last_cpupid = page_cpupid_last(page); | 
|  | 1558 | count_vm_numa_event(NUMA_HINT_FAULTS); | 
|  | 1559 | if (page_nid == this_nid) { | 
|  | 1560 | count_vm_numa_event(NUMA_HINT_FAULTS_LOCAL); | 
|  | 1561 | flags |= TNF_FAULT_LOCAL; | 
|  | 1562 | } | 
|  | 1563 |  | 
|  | 1564 | /* See similar comment in do_numa_page for explanation */ | 
|  | 1565 | if (!pmd_savedwrite(pmd)) | 
|  | 1566 | flags |= TNF_NO_GROUP; | 
|  | 1567 |  | 
|  | 1568 | /* | 
|  | 1569 | * Acquire the page lock to serialise THP migrations but avoid dropping | 
|  | 1570 | * page_table_lock if at all possible | 
|  | 1571 | */ | 
|  | 1572 | page_locked = trylock_page(page); | 
|  | 1573 | target_nid = mpol_misplaced(page, vma, haddr); | 
|  | 1574 | if (target_nid == -1) { | 
|  | 1575 | /* If the page was locked, there are no parallel migrations */ | 
|  | 1576 | if (page_locked) | 
|  | 1577 | goto clear_pmdnuma; | 
|  | 1578 | } | 
|  | 1579 |  | 
|  | 1580 | /* Migration could have started since the pmd_trans_migrating check */ | 
|  | 1581 | if (!page_locked) { | 
|  | 1582 | page_nid = -1; | 
|  | 1583 | if (!get_page_unless_zero(page)) | 
|  | 1584 | goto out_unlock; | 
|  | 1585 | spin_unlock(vmf->ptl); | 
|  | 1586 | wait_on_page_locked(page); | 
|  | 1587 | put_page(page); | 
|  | 1588 | goto out; | 
|  | 1589 | } | 
|  | 1590 |  | 
|  | 1591 | /* | 
|  | 1592 | * Page is misplaced. Page lock serialises migrations. Acquire anon_vma | 
|  | 1593 | * to serialises splits | 
|  | 1594 | */ | 
|  | 1595 | get_page(page); | 
|  | 1596 | spin_unlock(vmf->ptl); | 
|  | 1597 | anon_vma = page_lock_anon_vma_read(page); | 
|  | 1598 |  | 
|  | 1599 | /* Confirm the PMD did not change while page_table_lock was released */ | 
|  | 1600 | spin_lock(vmf->ptl); | 
|  | 1601 | if (unlikely(!pmd_same(pmd, *vmf->pmd))) { | 
|  | 1602 | unlock_page(page); | 
|  | 1603 | put_page(page); | 
|  | 1604 | page_nid = -1; | 
|  | 1605 | goto out_unlock; | 
|  | 1606 | } | 
|  | 1607 |  | 
|  | 1608 | /* Bail if we fail to protect against THP splits for any reason */ | 
|  | 1609 | if (unlikely(!anon_vma)) { | 
|  | 1610 | put_page(page); | 
|  | 1611 | page_nid = -1; | 
|  | 1612 | goto clear_pmdnuma; | 
|  | 1613 | } | 
|  | 1614 |  | 
|  | 1615 | /* | 
|  | 1616 | * Since we took the NUMA fault, we must have observed the !accessible | 
|  | 1617 | * bit. Make sure all other CPUs agree with that, to avoid them | 
|  | 1618 | * modifying the page we're about to migrate. | 
|  | 1619 | * | 
|  | 1620 | * Must be done under PTL such that we'll observe the relevant | 
|  | 1621 | * inc_tlb_flush_pending(). | 
|  | 1622 | * | 
|  | 1623 | * We are not sure a pending tlb flush here is for a huge page | 
|  | 1624 | * mapping or not. Hence use the tlb range variant | 
|  | 1625 | */ | 
|  | 1626 | if (mm_tlb_flush_pending(vma->vm_mm)) | 
|  | 1627 | flush_tlb_range(vma, haddr, haddr + HPAGE_PMD_SIZE); | 
|  | 1628 |  | 
|  | 1629 | /* | 
|  | 1630 | * Migrate the THP to the requested node, returns with page unlocked | 
|  | 1631 | * and access rights restored. | 
|  | 1632 | */ | 
|  | 1633 | spin_unlock(vmf->ptl); | 
|  | 1634 |  | 
|  | 1635 | migrated = migrate_misplaced_transhuge_page(vma->vm_mm, vma, | 
|  | 1636 | vmf->pmd, pmd, vmf->address, page, target_nid); | 
|  | 1637 | if (migrated) { | 
|  | 1638 | flags |= TNF_MIGRATED; | 
|  | 1639 | page_nid = target_nid; | 
|  | 1640 | } else | 
|  | 1641 | flags |= TNF_MIGRATE_FAIL; | 
|  | 1642 |  | 
|  | 1643 | goto out; | 
|  | 1644 | clear_pmdnuma: | 
|  | 1645 | BUG_ON(!PageLocked(page)); | 
|  | 1646 | was_writable = pmd_savedwrite(pmd); | 
|  | 1647 | pmd = pmd_modify(pmd, vma->vm_page_prot); | 
|  | 1648 | pmd = pmd_mkyoung(pmd); | 
|  | 1649 | if (was_writable) | 
|  | 1650 | pmd = pmd_mkwrite(pmd); | 
|  | 1651 | set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); | 
|  | 1652 | update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); | 
|  | 1653 | unlock_page(page); | 
|  | 1654 | out_unlock: | 
|  | 1655 | spin_unlock(vmf->ptl); | 
|  | 1656 |  | 
|  | 1657 | out: | 
|  | 1658 | if (anon_vma) | 
|  | 1659 | page_unlock_anon_vma_read(anon_vma); | 
|  | 1660 |  | 
|  | 1661 | if (page_nid != -1) | 
|  | 1662 | task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, | 
|  | 1663 | flags); | 
|  | 1664 |  | 
|  | 1665 | return 0; | 
|  | 1666 | } | 
|  | 1667 |  | 
|  | 1668 | /* | 
|  | 1669 | * Return true if we do MADV_FREE successfully on entire pmd page. | 
|  | 1670 | * Otherwise, return false. | 
|  | 1671 | */ | 
|  | 1672 | bool madvise_free_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma, | 
|  | 1673 | pmd_t *pmd, unsigned long addr, unsigned long next) | 
|  | 1674 | { | 
|  | 1675 | spinlock_t *ptl; | 
|  | 1676 | pmd_t orig_pmd; | 
|  | 1677 | struct page *page; | 
|  | 1678 | struct mm_struct *mm = tlb->mm; | 
|  | 1679 | bool ret = false; | 
|  | 1680 |  | 
|  | 1681 | tlb_remove_check_page_size_change(tlb, HPAGE_PMD_SIZE); | 
|  | 1682 |  | 
|  | 1683 | ptl = pmd_trans_huge_lock(pmd, vma); | 
|  | 1684 | if (!ptl) | 
|  | 1685 | goto out_unlocked; | 
|  | 1686 |  | 
|  | 1687 | orig_pmd = *pmd; | 
|  | 1688 | if (is_huge_zero_pmd(orig_pmd)) | 
|  | 1689 | goto out; | 
|  | 1690 |  | 
|  | 1691 | if (unlikely(!pmd_present(orig_pmd))) { | 
|  | 1692 | VM_BUG_ON(thp_migration_supported() && | 
|  | 1693 | !is_pmd_migration_entry(orig_pmd)); | 
|  | 1694 | goto out; | 
|  | 1695 | } | 
|  | 1696 |  | 
|  | 1697 | page = pmd_page(orig_pmd); | 
|  | 1698 | /* | 
|  | 1699 | * If other processes are mapping this page, we couldn't discard | 
|  | 1700 | * the page unless they all do MADV_FREE so let's skip the page. | 
|  | 1701 | */ | 
|  | 1702 | if (page_mapcount(page) != 1) | 
|  | 1703 | goto out; | 
|  | 1704 |  | 
|  | 1705 | if (!trylock_page(page)) | 
|  | 1706 | goto out; | 
|  | 1707 |  | 
|  | 1708 | /* | 
|  | 1709 | * If user want to discard part-pages of THP, split it so MADV_FREE | 
|  | 1710 | * will deactivate only them. | 
|  | 1711 | */ | 
|  | 1712 | if (next - addr != HPAGE_PMD_SIZE) { | 
|  | 1713 | get_page(page); | 
|  | 1714 | spin_unlock(ptl); | 
|  | 1715 | split_huge_page(page); | 
|  | 1716 | unlock_page(page); | 
|  | 1717 | put_page(page); | 
|  | 1718 | goto out_unlocked; | 
|  | 1719 | } | 
|  | 1720 |  | 
|  | 1721 | if (PageDirty(page)) | 
|  | 1722 | ClearPageDirty(page); | 
|  | 1723 | unlock_page(page); | 
|  | 1724 |  | 
|  | 1725 | if (pmd_young(orig_pmd) || pmd_dirty(orig_pmd)) { | 
|  | 1726 | pmdp_invalidate(vma, addr, pmd); | 
|  | 1727 | orig_pmd = pmd_mkold(orig_pmd); | 
|  | 1728 | orig_pmd = pmd_mkclean(orig_pmd); | 
|  | 1729 |  | 
|  | 1730 | set_pmd_at(mm, addr, pmd, orig_pmd); | 
|  | 1731 | tlb_remove_pmd_tlb_entry(tlb, pmd, addr); | 
|  | 1732 | } | 
|  | 1733 |  | 
|  | 1734 | mark_page_lazyfree(page); | 
|  | 1735 | ret = true; | 
|  | 1736 | out: | 
|  | 1737 | spin_unlock(ptl); | 
|  | 1738 | out_unlocked: | 
|  | 1739 | return ret; | 
|  | 1740 | } | 
|  | 1741 |  | 
|  | 1742 | static inline void zap_deposited_table(struct mm_struct *mm, pmd_t *pmd) | 
|  | 1743 | { | 
|  | 1744 | pgtable_t pgtable; | 
|  | 1745 |  | 
|  | 1746 | pgtable = pgtable_trans_huge_withdraw(mm, pmd); | 
|  | 1747 | pte_free(mm, pgtable); | 
|  | 1748 | mm_dec_nr_ptes(mm); | 
|  | 1749 | } | 
|  | 1750 |  | 
|  | 1751 | int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma, | 
|  | 1752 | pmd_t *pmd, unsigned long addr) | 
|  | 1753 | { | 
|  | 1754 | pmd_t orig_pmd; | 
|  | 1755 | spinlock_t *ptl; | 
|  | 1756 |  | 
|  | 1757 | tlb_remove_check_page_size_change(tlb, HPAGE_PMD_SIZE); | 
|  | 1758 |  | 
|  | 1759 | ptl = __pmd_trans_huge_lock(pmd, vma); | 
|  | 1760 | if (!ptl) | 
|  | 1761 | return 0; | 
|  | 1762 | /* | 
|  | 1763 | * For architectures like ppc64 we look at deposited pgtable | 
|  | 1764 | * when calling pmdp_huge_get_and_clear. So do the | 
|  | 1765 | * pgtable_trans_huge_withdraw after finishing pmdp related | 
|  | 1766 | * operations. | 
|  | 1767 | */ | 
|  | 1768 | orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd, | 
|  | 1769 | tlb->fullmm); | 
|  | 1770 | tlb_remove_pmd_tlb_entry(tlb, pmd, addr); | 
|  | 1771 | if (vma_is_dax(vma)) { | 
|  | 1772 | if (arch_needs_pgtable_deposit()) | 
|  | 1773 | zap_deposited_table(tlb->mm, pmd); | 
|  | 1774 | spin_unlock(ptl); | 
|  | 1775 | if (is_huge_zero_pmd(orig_pmd)) | 
|  | 1776 | tlb_remove_page_size(tlb, pmd_page(orig_pmd), HPAGE_PMD_SIZE); | 
|  | 1777 | } else if (is_huge_zero_pmd(orig_pmd)) { | 
|  | 1778 | zap_deposited_table(tlb->mm, pmd); | 
|  | 1779 | spin_unlock(ptl); | 
|  | 1780 | tlb_remove_page_size(tlb, pmd_page(orig_pmd), HPAGE_PMD_SIZE); | 
|  | 1781 | } else { | 
|  | 1782 | struct page *page = NULL; | 
|  | 1783 | int flush_needed = 1; | 
|  | 1784 |  | 
|  | 1785 | if (pmd_present(orig_pmd)) { | 
|  | 1786 | page = pmd_page(orig_pmd); | 
|  | 1787 | page_remove_rmap(page, true); | 
|  | 1788 | VM_BUG_ON_PAGE(page_mapcount(page) < 0, page); | 
|  | 1789 | VM_BUG_ON_PAGE(!PageHead(page), page); | 
|  | 1790 | } else if (thp_migration_supported()) { | 
|  | 1791 | swp_entry_t entry; | 
|  | 1792 |  | 
|  | 1793 | VM_BUG_ON(!is_pmd_migration_entry(orig_pmd)); | 
|  | 1794 | entry = pmd_to_swp_entry(orig_pmd); | 
|  | 1795 | page = pfn_to_page(swp_offset(entry)); | 
|  | 1796 | flush_needed = 0; | 
|  | 1797 | } else | 
|  | 1798 | WARN_ONCE(1, "Non present huge pmd without pmd migration enabled!"); | 
|  | 1799 |  | 
|  | 1800 | if (PageAnon(page)) { | 
|  | 1801 | zap_deposited_table(tlb->mm, pmd); | 
|  | 1802 | add_mm_counter(tlb->mm, MM_ANONPAGES, -HPAGE_PMD_NR); | 
|  | 1803 | } else { | 
|  | 1804 | if (arch_needs_pgtable_deposit()) | 
|  | 1805 | zap_deposited_table(tlb->mm, pmd); | 
|  | 1806 | add_mm_counter(tlb->mm, mm_counter_file(page), -HPAGE_PMD_NR); | 
|  | 1807 | } | 
|  | 1808 |  | 
|  | 1809 | spin_unlock(ptl); | 
|  | 1810 | if (flush_needed) | 
|  | 1811 | tlb_remove_page_size(tlb, page, HPAGE_PMD_SIZE); | 
|  | 1812 | } | 
|  | 1813 | return 1; | 
|  | 1814 | } | 
|  | 1815 |  | 
|  | 1816 | #ifndef pmd_move_must_withdraw | 
|  | 1817 | static inline int pmd_move_must_withdraw(spinlock_t *new_pmd_ptl, | 
|  | 1818 | spinlock_t *old_pmd_ptl, | 
|  | 1819 | struct vm_area_struct *vma) | 
|  | 1820 | { | 
|  | 1821 | /* | 
|  | 1822 | * With split pmd lock we also need to move preallocated | 
|  | 1823 | * PTE page table if new_pmd is on different PMD page table. | 
|  | 1824 | * | 
|  | 1825 | * We also don't deposit and withdraw tables for file pages. | 
|  | 1826 | */ | 
|  | 1827 | return (new_pmd_ptl != old_pmd_ptl) && vma_is_anonymous(vma); | 
|  | 1828 | } | 
|  | 1829 | #endif | 
|  | 1830 |  | 
|  | 1831 | static pmd_t move_soft_dirty_pmd(pmd_t pmd) | 
|  | 1832 | { | 
|  | 1833 | #ifdef CONFIG_MEM_SOFT_DIRTY | 
|  | 1834 | if (unlikely(is_pmd_migration_entry(pmd))) | 
|  | 1835 | pmd = pmd_swp_mksoft_dirty(pmd); | 
|  | 1836 | else if (pmd_present(pmd)) | 
|  | 1837 | pmd = pmd_mksoft_dirty(pmd); | 
|  | 1838 | #endif | 
|  | 1839 | return pmd; | 
|  | 1840 | } | 
|  | 1841 |  | 
|  | 1842 | bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, | 
|  | 1843 | unsigned long new_addr, unsigned long old_end, | 
|  | 1844 | pmd_t *old_pmd, pmd_t *new_pmd) | 
|  | 1845 | { | 
|  | 1846 | spinlock_t *old_ptl, *new_ptl; | 
|  | 1847 | pmd_t pmd; | 
|  | 1848 | struct mm_struct *mm = vma->vm_mm; | 
|  | 1849 | bool force_flush = false; | 
|  | 1850 |  | 
|  | 1851 | if ((old_addr & ~HPAGE_PMD_MASK) || | 
|  | 1852 | (new_addr & ~HPAGE_PMD_MASK) || | 
|  | 1853 | old_end - old_addr < HPAGE_PMD_SIZE) | 
|  | 1854 | return false; | 
|  | 1855 |  | 
|  | 1856 | /* | 
|  | 1857 | * The destination pmd shouldn't be established, free_pgtables() | 
|  | 1858 | * should have release it. | 
|  | 1859 | */ | 
|  | 1860 | if (WARN_ON(!pmd_none(*new_pmd))) { | 
|  | 1861 | VM_BUG_ON(pmd_trans_huge(*new_pmd)); | 
|  | 1862 | return false; | 
|  | 1863 | } | 
|  | 1864 |  | 
|  | 1865 | /* | 
|  | 1866 | * We don't have to worry about the ordering of src and dst | 
|  | 1867 | * ptlocks because exclusive mmap_sem prevents deadlock. | 
|  | 1868 | */ | 
|  | 1869 | old_ptl = __pmd_trans_huge_lock(old_pmd, vma); | 
|  | 1870 | if (old_ptl) { | 
|  | 1871 | new_ptl = pmd_lockptr(mm, new_pmd); | 
|  | 1872 | if (new_ptl != old_ptl) | 
|  | 1873 | spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); | 
|  | 1874 | pmd = pmdp_huge_get_and_clear(mm, old_addr, old_pmd); | 
|  | 1875 | if (pmd_present(pmd)) | 
|  | 1876 | force_flush = true; | 
|  | 1877 | VM_BUG_ON(!pmd_none(*new_pmd)); | 
|  | 1878 |  | 
|  | 1879 | if (pmd_move_must_withdraw(new_ptl, old_ptl, vma)) { | 
|  | 1880 | pgtable_t pgtable; | 
|  | 1881 | pgtable = pgtable_trans_huge_withdraw(mm, old_pmd); | 
|  | 1882 | pgtable_trans_huge_deposit(mm, new_pmd, pgtable); | 
|  | 1883 | } | 
|  | 1884 | pmd = move_soft_dirty_pmd(pmd); | 
|  | 1885 | set_pmd_at(mm, new_addr, new_pmd, pmd); | 
|  | 1886 | if (force_flush) | 
|  | 1887 | flush_tlb_range(vma, old_addr, old_addr + PMD_SIZE); | 
|  | 1888 | if (new_ptl != old_ptl) | 
|  | 1889 | spin_unlock(new_ptl); | 
|  | 1890 | spin_unlock(old_ptl); | 
|  | 1891 | return true; | 
|  | 1892 | } | 
|  | 1893 | return false; | 
|  | 1894 | } | 
|  | 1895 |  | 
|  | 1896 | /* | 
|  | 1897 | * Returns | 
|  | 1898 | *  - 0 if PMD could not be locked | 
|  | 1899 | *  - 1 if PMD was locked but protections unchange and TLB flush unnecessary | 
|  | 1900 | *  - HPAGE_PMD_NR is protections changed and TLB flush necessary | 
|  | 1901 | */ | 
|  | 1902 | int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, | 
|  | 1903 | unsigned long addr, pgprot_t newprot, int prot_numa) | 
|  | 1904 | { | 
|  | 1905 | struct mm_struct *mm = vma->vm_mm; | 
|  | 1906 | spinlock_t *ptl; | 
|  | 1907 | pmd_t entry; | 
|  | 1908 | bool preserve_write; | 
|  | 1909 | int ret; | 
|  | 1910 |  | 
|  | 1911 | ptl = __pmd_trans_huge_lock(pmd, vma); | 
|  | 1912 | if (!ptl) | 
|  | 1913 | return 0; | 
|  | 1914 |  | 
|  | 1915 | preserve_write = prot_numa && pmd_write(*pmd); | 
|  | 1916 | ret = 1; | 
|  | 1917 |  | 
|  | 1918 | #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION | 
|  | 1919 | if (is_swap_pmd(*pmd)) { | 
|  | 1920 | swp_entry_t entry = pmd_to_swp_entry(*pmd); | 
|  | 1921 |  | 
|  | 1922 | VM_BUG_ON(!is_pmd_migration_entry(*pmd)); | 
|  | 1923 | if (is_write_migration_entry(entry)) { | 
|  | 1924 | pmd_t newpmd; | 
|  | 1925 | /* | 
|  | 1926 | * A protection check is difficult so | 
|  | 1927 | * just be safe and disable write | 
|  | 1928 | */ | 
|  | 1929 | make_migration_entry_read(&entry); | 
|  | 1930 | newpmd = swp_entry_to_pmd(entry); | 
|  | 1931 | if (pmd_swp_soft_dirty(*pmd)) | 
|  | 1932 | newpmd = pmd_swp_mksoft_dirty(newpmd); | 
|  | 1933 | set_pmd_at(mm, addr, pmd, newpmd); | 
|  | 1934 | } | 
|  | 1935 | goto unlock; | 
|  | 1936 | } | 
|  | 1937 | #endif | 
|  | 1938 |  | 
|  | 1939 | /* | 
|  | 1940 | * Avoid trapping faults against the zero page. The read-only | 
|  | 1941 | * data is likely to be read-cached on the local CPU and | 
|  | 1942 | * local/remote hits to the zero page are not interesting. | 
|  | 1943 | */ | 
|  | 1944 | if (prot_numa && is_huge_zero_pmd(*pmd)) | 
|  | 1945 | goto unlock; | 
|  | 1946 |  | 
|  | 1947 | if (prot_numa && pmd_protnone(*pmd)) | 
|  | 1948 | goto unlock; | 
|  | 1949 |  | 
|  | 1950 | /* | 
|  | 1951 | * In case prot_numa, we are under down_read(mmap_sem). It's critical | 
|  | 1952 | * to not clear pmd intermittently to avoid race with MADV_DONTNEED | 
|  | 1953 | * which is also under down_read(mmap_sem): | 
|  | 1954 | * | 
|  | 1955 | *	CPU0:				CPU1: | 
|  | 1956 | *				change_huge_pmd(prot_numa=1) | 
|  | 1957 | *				 pmdp_huge_get_and_clear_notify() | 
|  | 1958 | * madvise_dontneed() | 
|  | 1959 | *  zap_pmd_range() | 
|  | 1960 | *   pmd_trans_huge(*pmd) == 0 (without ptl) | 
|  | 1961 | *   // skip the pmd | 
|  | 1962 | *				 set_pmd_at(); | 
|  | 1963 | *				 // pmd is re-established | 
|  | 1964 | * | 
|  | 1965 | * The race makes MADV_DONTNEED miss the huge pmd and don't clear it | 
|  | 1966 | * which may break userspace. | 
|  | 1967 | * | 
|  | 1968 | * pmdp_invalidate() is required to make sure we don't miss | 
|  | 1969 | * dirty/young flags set by hardware. | 
|  | 1970 | */ | 
|  | 1971 | entry = pmdp_invalidate(vma, addr, pmd); | 
|  | 1972 |  | 
|  | 1973 | entry = pmd_modify(entry, newprot); | 
|  | 1974 | if (preserve_write) | 
|  | 1975 | entry = pmd_mk_savedwrite(entry); | 
|  | 1976 | ret = HPAGE_PMD_NR; | 
|  | 1977 | set_pmd_at(mm, addr, pmd, entry); | 
|  | 1978 | BUG_ON(vma_is_anonymous(vma) && !preserve_write && pmd_write(entry)); | 
|  | 1979 | unlock: | 
|  | 1980 | spin_unlock(ptl); | 
|  | 1981 | return ret; | 
|  | 1982 | } | 
|  | 1983 |  | 
|  | 1984 | /* | 
|  | 1985 | * Returns page table lock pointer if a given pmd maps a thp, NULL otherwise. | 
|  | 1986 | * | 
|  | 1987 | * Note that if it returns page table lock pointer, this routine returns without | 
|  | 1988 | * unlocking page table lock. So callers must unlock it. | 
|  | 1989 | */ | 
|  | 1990 | spinlock_t *__pmd_trans_huge_lock(pmd_t *pmd, struct vm_area_struct *vma) | 
|  | 1991 | { | 
|  | 1992 | spinlock_t *ptl; | 
|  | 1993 | ptl = pmd_lock(vma->vm_mm, pmd); | 
|  | 1994 | if (likely(is_swap_pmd(*pmd) || pmd_trans_huge(*pmd) || | 
|  | 1995 | pmd_devmap(*pmd))) | 
|  | 1996 | return ptl; | 
|  | 1997 | spin_unlock(ptl); | 
|  | 1998 | return NULL; | 
|  | 1999 | } | 
|  | 2000 |  | 
|  | 2001 | /* | 
|  | 2002 | * Returns true if a given pud maps a thp, false otherwise. | 
|  | 2003 | * | 
|  | 2004 | * Note that if it returns true, this routine returns without unlocking page | 
|  | 2005 | * table lock. So callers must unlock it. | 
|  | 2006 | */ | 
|  | 2007 | spinlock_t *__pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma) | 
|  | 2008 | { | 
|  | 2009 | spinlock_t *ptl; | 
|  | 2010 |  | 
|  | 2011 | ptl = pud_lock(vma->vm_mm, pud); | 
|  | 2012 | if (likely(pud_trans_huge(*pud) || pud_devmap(*pud))) | 
|  | 2013 | return ptl; | 
|  | 2014 | spin_unlock(ptl); | 
|  | 2015 | return NULL; | 
|  | 2016 | } | 
|  | 2017 |  | 
|  | 2018 | #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD | 
|  | 2019 | int zap_huge_pud(struct mmu_gather *tlb, struct vm_area_struct *vma, | 
|  | 2020 | pud_t *pud, unsigned long addr) | 
|  | 2021 | { | 
|  | 2022 | pud_t orig_pud; | 
|  | 2023 | spinlock_t *ptl; | 
|  | 2024 |  | 
|  | 2025 | ptl = __pud_trans_huge_lock(pud, vma); | 
|  | 2026 | if (!ptl) | 
|  | 2027 | return 0; | 
|  | 2028 | /* | 
|  | 2029 | * For architectures like ppc64 we look at deposited pgtable | 
|  | 2030 | * when calling pudp_huge_get_and_clear. So do the | 
|  | 2031 | * pgtable_trans_huge_withdraw after finishing pudp related | 
|  | 2032 | * operations. | 
|  | 2033 | */ | 
|  | 2034 | orig_pud = pudp_huge_get_and_clear_full(tlb->mm, addr, pud, | 
|  | 2035 | tlb->fullmm); | 
|  | 2036 | tlb_remove_pud_tlb_entry(tlb, pud, addr); | 
|  | 2037 | if (vma_is_dax(vma)) { | 
|  | 2038 | spin_unlock(ptl); | 
|  | 2039 | /* No zero page support yet */ | 
|  | 2040 | } else { | 
|  | 2041 | /* No support for anonymous PUD pages yet */ | 
|  | 2042 | BUG(); | 
|  | 2043 | } | 
|  | 2044 | return 1; | 
|  | 2045 | } | 
|  | 2046 |  | 
|  | 2047 | static void __split_huge_pud_locked(struct vm_area_struct *vma, pud_t *pud, | 
|  | 2048 | unsigned long haddr) | 
|  | 2049 | { | 
|  | 2050 | VM_BUG_ON(haddr & ~HPAGE_PUD_MASK); | 
|  | 2051 | VM_BUG_ON_VMA(vma->vm_start > haddr, vma); | 
|  | 2052 | VM_BUG_ON_VMA(vma->vm_end < haddr + HPAGE_PUD_SIZE, vma); | 
|  | 2053 | VM_BUG_ON(!pud_trans_huge(*pud) && !pud_devmap(*pud)); | 
|  | 2054 |  | 
|  | 2055 | count_vm_event(THP_SPLIT_PUD); | 
|  | 2056 |  | 
|  | 2057 | pudp_huge_clear_flush_notify(vma, haddr, pud); | 
|  | 2058 | } | 
|  | 2059 |  | 
|  | 2060 | void __split_huge_pud(struct vm_area_struct *vma, pud_t *pud, | 
|  | 2061 | unsigned long address) | 
|  | 2062 | { | 
|  | 2063 | spinlock_t *ptl; | 
|  | 2064 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2065 | unsigned long haddr = address & HPAGE_PUD_MASK; | 
|  | 2066 |  | 
|  | 2067 | mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PUD_SIZE); | 
|  | 2068 | ptl = pud_lock(mm, pud); | 
|  | 2069 | if (unlikely(!pud_trans_huge(*pud) && !pud_devmap(*pud))) | 
|  | 2070 | goto out; | 
|  | 2071 | __split_huge_pud_locked(vma, pud, haddr); | 
|  | 2072 |  | 
|  | 2073 | out: | 
|  | 2074 | spin_unlock(ptl); | 
|  | 2075 | /* | 
|  | 2076 | * No need to double call mmu_notifier->invalidate_range() callback as | 
|  | 2077 | * the above pudp_huge_clear_flush_notify() did already call it. | 
|  | 2078 | */ | 
|  | 2079 | mmu_notifier_invalidate_range_only_end(mm, haddr, haddr + | 
|  | 2080 | HPAGE_PUD_SIZE); | 
|  | 2081 | } | 
|  | 2082 | #endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */ | 
|  | 2083 |  | 
|  | 2084 | static void __split_huge_zero_page_pmd(struct vm_area_struct *vma, | 
|  | 2085 | unsigned long haddr, pmd_t *pmd) | 
|  | 2086 | { | 
|  | 2087 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2088 | pgtable_t pgtable; | 
|  | 2089 | pmd_t _pmd; | 
|  | 2090 | int i; | 
|  | 2091 |  | 
|  | 2092 | /* | 
|  | 2093 | * Leave pmd empty until pte is filled note that it is fine to delay | 
|  | 2094 | * notification until mmu_notifier_invalidate_range_end() as we are | 
|  | 2095 | * replacing a zero pmd write protected page with a zero pte write | 
|  | 2096 | * protected page. | 
|  | 2097 | * | 
|  | 2098 | * See Documentation/vm/mmu_notifier.rst | 
|  | 2099 | */ | 
|  | 2100 | pmdp_huge_clear_flush(vma, haddr, pmd); | 
|  | 2101 |  | 
|  | 2102 | pgtable = pgtable_trans_huge_withdraw(mm, pmd); | 
|  | 2103 | pmd_populate(mm, &_pmd, pgtable); | 
|  | 2104 |  | 
|  | 2105 | for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { | 
|  | 2106 | pte_t *pte, entry; | 
|  | 2107 | entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot); | 
|  | 2108 | entry = pte_mkspecial(entry); | 
|  | 2109 | pte = pte_offset_map(&_pmd, haddr); | 
|  | 2110 | VM_BUG_ON(!pte_none(*pte)); | 
|  | 2111 | set_pte_at(mm, haddr, pte, entry); | 
|  | 2112 | pte_unmap(pte); | 
|  | 2113 | } | 
|  | 2114 | smp_wmb(); /* make pte visible before pmd */ | 
|  | 2115 | pmd_populate(mm, pmd, pgtable); | 
|  | 2116 | } | 
|  | 2117 |  | 
|  | 2118 | static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, | 
|  | 2119 | unsigned long haddr, bool freeze) | 
|  | 2120 | { | 
|  | 2121 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2122 | struct page *page; | 
|  | 2123 | pgtable_t pgtable; | 
|  | 2124 | pmd_t old_pmd, _pmd; | 
|  | 2125 | bool young, write, soft_dirty, pmd_migration = false; | 
|  | 2126 | unsigned long addr; | 
|  | 2127 | int i; | 
|  | 2128 |  | 
|  | 2129 | VM_BUG_ON(haddr & ~HPAGE_PMD_MASK); | 
|  | 2130 | VM_BUG_ON_VMA(vma->vm_start > haddr, vma); | 
|  | 2131 | VM_BUG_ON_VMA(vma->vm_end < haddr + HPAGE_PMD_SIZE, vma); | 
|  | 2132 | VM_BUG_ON(!is_pmd_migration_entry(*pmd) && !pmd_trans_huge(*pmd) | 
|  | 2133 | && !pmd_devmap(*pmd)); | 
|  | 2134 |  | 
|  | 2135 | count_vm_event(THP_SPLIT_PMD); | 
|  | 2136 |  | 
|  | 2137 | if (!vma_is_anonymous(vma)) { | 
|  | 2138 | _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd); | 
|  | 2139 | /* | 
|  | 2140 | * We are going to unmap this huge page. So | 
|  | 2141 | * just go ahead and zap it | 
|  | 2142 | */ | 
|  | 2143 | if (arch_needs_pgtable_deposit()) | 
|  | 2144 | zap_deposited_table(mm, pmd); | 
|  | 2145 | if (vma_is_dax(vma)) | 
|  | 2146 | return; | 
|  | 2147 | page = pmd_page(_pmd); | 
|  | 2148 | if (!PageDirty(page) && pmd_dirty(_pmd)) | 
|  | 2149 | set_page_dirty(page); | 
|  | 2150 | if (!PageReferenced(page) && pmd_young(_pmd)) | 
|  | 2151 | SetPageReferenced(page); | 
|  | 2152 | page_remove_rmap(page, true); | 
|  | 2153 | put_page(page); | 
|  | 2154 | add_mm_counter(mm, mm_counter_file(page), -HPAGE_PMD_NR); | 
|  | 2155 | return; | 
|  | 2156 | } else if (is_huge_zero_pmd(*pmd)) { | 
|  | 2157 | /* | 
|  | 2158 | * FIXME: Do we want to invalidate secondary mmu by calling | 
|  | 2159 | * mmu_notifier_invalidate_range() see comments below inside | 
|  | 2160 | * __split_huge_pmd() ? | 
|  | 2161 | * | 
|  | 2162 | * We are going from a zero huge page write protected to zero | 
|  | 2163 | * small page also write protected so it does not seems useful | 
|  | 2164 | * to invalidate secondary mmu at this time. | 
|  | 2165 | */ | 
|  | 2166 | return __split_huge_zero_page_pmd(vma, haddr, pmd); | 
|  | 2167 | } | 
|  | 2168 |  | 
|  | 2169 | /* | 
|  | 2170 | * Up to this point the pmd is present and huge and userland has the | 
|  | 2171 | * whole access to the hugepage during the split (which happens in | 
|  | 2172 | * place). If we overwrite the pmd with the not-huge version pointing | 
|  | 2173 | * to the pte here (which of course we could if all CPUs were bug | 
|  | 2174 | * free), userland could trigger a small page size TLB miss on the | 
|  | 2175 | * small sized TLB while the hugepage TLB entry is still established in | 
|  | 2176 | * the huge TLB. Some CPU doesn't like that. | 
|  | 2177 | * See http://support.amd.com/us/Processor_TechDocs/41322.pdf, Erratum | 
|  | 2178 | * 383 on page 93. Intel should be safe but is also warns that it's | 
|  | 2179 | * only safe if the permission and cache attributes of the two entries | 
|  | 2180 | * loaded in the two TLB is identical (which should be the case here). | 
|  | 2181 | * But it is generally safer to never allow small and huge TLB entries | 
|  | 2182 | * for the same virtual address to be loaded simultaneously. So instead | 
|  | 2183 | * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the | 
|  | 2184 | * current pmd notpresent (atomically because here the pmd_trans_huge | 
|  | 2185 | * must remain set at all times on the pmd until the split is complete | 
|  | 2186 | * for this pmd), then we flush the SMP TLB and finally we write the | 
|  | 2187 | * non-huge version of the pmd entry with pmd_populate. | 
|  | 2188 | */ | 
|  | 2189 | old_pmd = pmdp_invalidate(vma, haddr, pmd); | 
|  | 2190 |  | 
|  | 2191 | pmd_migration = is_pmd_migration_entry(old_pmd); | 
|  | 2192 | if (unlikely(pmd_migration)) { | 
|  | 2193 | swp_entry_t entry; | 
|  | 2194 |  | 
|  | 2195 | entry = pmd_to_swp_entry(old_pmd); | 
|  | 2196 | page = pfn_to_page(swp_offset(entry)); | 
|  | 2197 | write = is_write_migration_entry(entry); | 
|  | 2198 | young = false; | 
|  | 2199 | soft_dirty = pmd_swp_soft_dirty(old_pmd); | 
|  | 2200 | } else { | 
|  | 2201 | page = pmd_page(old_pmd); | 
|  | 2202 | if (pmd_dirty(old_pmd)) | 
|  | 2203 | SetPageDirty(page); | 
|  | 2204 | write = pmd_write(old_pmd); | 
|  | 2205 | young = pmd_young(old_pmd); | 
|  | 2206 | soft_dirty = pmd_soft_dirty(old_pmd); | 
|  | 2207 | } | 
|  | 2208 | VM_BUG_ON_PAGE(!page_count(page), page); | 
|  | 2209 | page_ref_add(page, HPAGE_PMD_NR - 1); | 
|  | 2210 |  | 
|  | 2211 | /* | 
|  | 2212 | * Withdraw the table only after we mark the pmd entry invalid. | 
|  | 2213 | * This's critical for some architectures (Power). | 
|  | 2214 | */ | 
|  | 2215 | pgtable = pgtable_trans_huge_withdraw(mm, pmd); | 
|  | 2216 | pmd_populate(mm, &_pmd, pgtable); | 
|  | 2217 |  | 
|  | 2218 | for (i = 0, addr = haddr; i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE) { | 
|  | 2219 | pte_t entry, *pte; | 
|  | 2220 | /* | 
|  | 2221 | * Note that NUMA hinting access restrictions are not | 
|  | 2222 | * transferred to avoid any possibility of altering | 
|  | 2223 | * permissions across VMAs. | 
|  | 2224 | */ | 
|  | 2225 | if (freeze || pmd_migration) { | 
|  | 2226 | swp_entry_t swp_entry; | 
|  | 2227 | swp_entry = make_migration_entry(page + i, write); | 
|  | 2228 | entry = swp_entry_to_pte(swp_entry); | 
|  | 2229 | if (soft_dirty) | 
|  | 2230 | entry = pte_swp_mksoft_dirty(entry); | 
|  | 2231 | } else { | 
|  | 2232 | entry = mk_pte(page + i, READ_ONCE(vma->vm_page_prot)); | 
|  | 2233 | entry = maybe_mkwrite(entry, vma); | 
|  | 2234 | if (!write) | 
|  | 2235 | entry = pte_wrprotect(entry); | 
|  | 2236 | if (!young) | 
|  | 2237 | entry = pte_mkold(entry); | 
|  | 2238 | if (soft_dirty) | 
|  | 2239 | entry = pte_mksoft_dirty(entry); | 
|  | 2240 | } | 
|  | 2241 | pte = pte_offset_map(&_pmd, addr); | 
|  | 2242 | BUG_ON(!pte_none(*pte)); | 
|  | 2243 | set_pte_at(mm, addr, pte, entry); | 
|  | 2244 | atomic_inc(&page[i]._mapcount); | 
|  | 2245 | pte_unmap(pte); | 
|  | 2246 | } | 
|  | 2247 |  | 
|  | 2248 | /* | 
|  | 2249 | * Set PG_double_map before dropping compound_mapcount to avoid | 
|  | 2250 | * false-negative page_mapped(). | 
|  | 2251 | */ | 
|  | 2252 | if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) { | 
|  | 2253 | for (i = 0; i < HPAGE_PMD_NR; i++) | 
|  | 2254 | atomic_inc(&page[i]._mapcount); | 
|  | 2255 | } | 
|  | 2256 |  | 
|  | 2257 | if (atomic_add_negative(-1, compound_mapcount_ptr(page))) { | 
|  | 2258 | /* Last compound_mapcount is gone. */ | 
|  | 2259 | __dec_node_page_state(page, NR_ANON_THPS); | 
|  | 2260 | if (TestClearPageDoubleMap(page)) { | 
|  | 2261 | /* No need in mapcount reference anymore */ | 
|  | 2262 | for (i = 0; i < HPAGE_PMD_NR; i++) | 
|  | 2263 | atomic_dec(&page[i]._mapcount); | 
|  | 2264 | } | 
|  | 2265 | } | 
|  | 2266 |  | 
|  | 2267 | smp_wmb(); /* make pte visible before pmd */ | 
|  | 2268 | pmd_populate(mm, pmd, pgtable); | 
|  | 2269 |  | 
|  | 2270 | if (freeze) { | 
|  | 2271 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 2272 | page_remove_rmap(page + i, false); | 
|  | 2273 | put_page(page + i); | 
|  | 2274 | } | 
|  | 2275 | } | 
|  | 2276 | } | 
|  | 2277 |  | 
|  | 2278 | void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, | 
|  | 2279 | unsigned long address, bool freeze, struct page *page) | 
|  | 2280 | { | 
|  | 2281 | spinlock_t *ptl; | 
|  | 2282 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2283 | unsigned long haddr = address & HPAGE_PMD_MASK; | 
|  | 2284 |  | 
|  | 2285 | mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE); | 
|  | 2286 | ptl = pmd_lock(mm, pmd); | 
|  | 2287 |  | 
|  | 2288 | /* | 
|  | 2289 | * If caller asks to setup a migration entries, we need a page to check | 
|  | 2290 | * pmd against. Otherwise we can end up replacing wrong page. | 
|  | 2291 | */ | 
|  | 2292 | VM_BUG_ON(freeze && !page); | 
|  | 2293 | if (page && page != pmd_page(*pmd)) | 
|  | 2294 | goto out; | 
|  | 2295 |  | 
|  | 2296 | if (pmd_trans_huge(*pmd)) { | 
|  | 2297 | page = pmd_page(*pmd); | 
|  | 2298 | if (PageMlocked(page)) | 
|  | 2299 | clear_page_mlock(page); | 
|  | 2300 | } else if (!(pmd_devmap(*pmd) || is_pmd_migration_entry(*pmd))) | 
|  | 2301 | goto out; | 
|  | 2302 | __split_huge_pmd_locked(vma, pmd, haddr, freeze); | 
|  | 2303 | out: | 
|  | 2304 | spin_unlock(ptl); | 
|  | 2305 | /* | 
|  | 2306 | * No need to double call mmu_notifier->invalidate_range() callback. | 
|  | 2307 | * They are 3 cases to consider inside __split_huge_pmd_locked(): | 
|  | 2308 | *  1) pmdp_huge_clear_flush_notify() call invalidate_range() obvious | 
|  | 2309 | *  2) __split_huge_zero_page_pmd() read only zero page and any write | 
|  | 2310 | *    fault will trigger a flush_notify before pointing to a new page | 
|  | 2311 | *    (it is fine if the secondary mmu keeps pointing to the old zero | 
|  | 2312 | *    page in the meantime) | 
|  | 2313 | *  3) Split a huge pmd into pte pointing to the same page. No need | 
|  | 2314 | *     to invalidate secondary tlb entry they are all still valid. | 
|  | 2315 | *     any further changes to individual pte will notify. So no need | 
|  | 2316 | *     to call mmu_notifier->invalidate_range() | 
|  | 2317 | */ | 
|  | 2318 | mmu_notifier_invalidate_range_only_end(mm, haddr, haddr + | 
|  | 2319 | HPAGE_PMD_SIZE); | 
|  | 2320 | } | 
|  | 2321 |  | 
|  | 2322 | void split_huge_pmd_address(struct vm_area_struct *vma, unsigned long address, | 
|  | 2323 | bool freeze, struct page *page) | 
|  | 2324 | { | 
|  | 2325 | pgd_t *pgd; | 
|  | 2326 | p4d_t *p4d; | 
|  | 2327 | pud_t *pud; | 
|  | 2328 | pmd_t *pmd; | 
|  | 2329 |  | 
|  | 2330 | pgd = pgd_offset(vma->vm_mm, address); | 
|  | 2331 | if (!pgd_present(*pgd)) | 
|  | 2332 | return; | 
|  | 2333 |  | 
|  | 2334 | p4d = p4d_offset(pgd, address); | 
|  | 2335 | if (!p4d_present(*p4d)) | 
|  | 2336 | return; | 
|  | 2337 |  | 
|  | 2338 | pud = pud_offset(p4d, address); | 
|  | 2339 | if (!pud_present(*pud)) | 
|  | 2340 | return; | 
|  | 2341 |  | 
|  | 2342 | pmd = pmd_offset(pud, address); | 
|  | 2343 |  | 
|  | 2344 | __split_huge_pmd(vma, pmd, address, freeze, page); | 
|  | 2345 | } | 
|  | 2346 |  | 
|  | 2347 | void vma_adjust_trans_huge(struct vm_area_struct *vma, | 
|  | 2348 | unsigned long start, | 
|  | 2349 | unsigned long end, | 
|  | 2350 | long adjust_next) | 
|  | 2351 | { | 
|  | 2352 | /* | 
|  | 2353 | * If the new start address isn't hpage aligned and it could | 
|  | 2354 | * previously contain an hugepage: check if we need to split | 
|  | 2355 | * an huge pmd. | 
|  | 2356 | */ | 
|  | 2357 | if (start & ~HPAGE_PMD_MASK && | 
|  | 2358 | (start & HPAGE_PMD_MASK) >= vma->vm_start && | 
|  | 2359 | (start & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end) | 
|  | 2360 | split_huge_pmd_address(vma, start, false, NULL); | 
|  | 2361 |  | 
|  | 2362 | /* | 
|  | 2363 | * If the new end address isn't hpage aligned and it could | 
|  | 2364 | * previously contain an hugepage: check if we need to split | 
|  | 2365 | * an huge pmd. | 
|  | 2366 | */ | 
|  | 2367 | if (end & ~HPAGE_PMD_MASK && | 
|  | 2368 | (end & HPAGE_PMD_MASK) >= vma->vm_start && | 
|  | 2369 | (end & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end) | 
|  | 2370 | split_huge_pmd_address(vma, end, false, NULL); | 
|  | 2371 |  | 
|  | 2372 | /* | 
|  | 2373 | * If we're also updating the vma->vm_next->vm_start, if the new | 
|  | 2374 | * vm_next->vm_start isn't page aligned and it could previously | 
|  | 2375 | * contain an hugepage: check if we need to split an huge pmd. | 
|  | 2376 | */ | 
|  | 2377 | if (adjust_next > 0) { | 
|  | 2378 | struct vm_area_struct *next = vma->vm_next; | 
|  | 2379 | unsigned long nstart = next->vm_start; | 
|  | 2380 | nstart += adjust_next << PAGE_SHIFT; | 
|  | 2381 | if (nstart & ~HPAGE_PMD_MASK && | 
|  | 2382 | (nstart & HPAGE_PMD_MASK) >= next->vm_start && | 
|  | 2383 | (nstart & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= next->vm_end) | 
|  | 2384 | split_huge_pmd_address(next, nstart, false, NULL); | 
|  | 2385 | } | 
|  | 2386 | } | 
|  | 2387 |  | 
|  | 2388 | static void unmap_page(struct page *page) | 
|  | 2389 | { | 
|  | 2390 | enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS | | 
|  | 2391 | TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD; | 
|  | 2392 | bool unmap_success; | 
|  | 2393 |  | 
|  | 2394 | VM_BUG_ON_PAGE(!PageHead(page), page); | 
|  | 2395 |  | 
|  | 2396 | if (PageAnon(page)) | 
|  | 2397 | ttu_flags |= TTU_SPLIT_FREEZE; | 
|  | 2398 |  | 
|  | 2399 | unmap_success = try_to_unmap(page, ttu_flags); | 
|  | 2400 | VM_BUG_ON_PAGE(!unmap_success, page); | 
|  | 2401 | } | 
|  | 2402 |  | 
|  | 2403 | static void remap_page(struct page *page) | 
|  | 2404 | { | 
|  | 2405 | int i; | 
|  | 2406 | if (PageTransHuge(page)) { | 
|  | 2407 | remove_migration_ptes(page, page, true); | 
|  | 2408 | } else { | 
|  | 2409 | for (i = 0; i < HPAGE_PMD_NR; i++) | 
|  | 2410 | remove_migration_ptes(page + i, page + i, true); | 
|  | 2411 | } | 
|  | 2412 | } | 
|  | 2413 |  | 
|  | 2414 | static void __split_huge_page_tail(struct page *head, int tail, | 
|  | 2415 | struct lruvec *lruvec, struct list_head *list) | 
|  | 2416 | { | 
|  | 2417 | struct page *page_tail = head + tail; | 
|  | 2418 |  | 
|  | 2419 | VM_BUG_ON_PAGE(atomic_read(&page_tail->_mapcount) != -1, page_tail); | 
|  | 2420 |  | 
|  | 2421 | /* | 
|  | 2422 | * Clone page flags before unfreezing refcount. | 
|  | 2423 | * | 
|  | 2424 | * After successful get_page_unless_zero() might follow flags change, | 
|  | 2425 | * for exmaple lock_page() which set PG_waiters. | 
|  | 2426 | */ | 
|  | 2427 | page_tail->flags &= ~PAGE_FLAGS_CHECK_AT_PREP; | 
|  | 2428 | page_tail->flags |= (head->flags & | 
|  | 2429 | ((1L << PG_referenced) | | 
|  | 2430 | (1L << PG_swapbacked) | | 
|  | 2431 | (1L << PG_swapcache) | | 
|  | 2432 | (1L << PG_mlocked) | | 
|  | 2433 | (1L << PG_uptodate) | | 
|  | 2434 | (1L << PG_active) | | 
|  | 2435 | (1L << PG_workingset) | | 
|  | 2436 | (1L << PG_locked) | | 
|  | 2437 | (1L << PG_unevictable) | | 
|  | 2438 | (1L << PG_dirty))); | 
|  | 2439 |  | 
|  | 2440 | /* ->mapping in first tail page is compound_mapcount */ | 
|  | 2441 | VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, | 
|  | 2442 | page_tail); | 
|  | 2443 | page_tail->mapping = head->mapping; | 
|  | 2444 | page_tail->index = head->index + tail; | 
|  | 2445 |  | 
|  | 2446 | /* Page flags must be visible before we make the page non-compound. */ | 
|  | 2447 | smp_wmb(); | 
|  | 2448 |  | 
|  | 2449 | /* | 
|  | 2450 | * Clear PageTail before unfreezing page refcount. | 
|  | 2451 | * | 
|  | 2452 | * After successful get_page_unless_zero() might follow put_page() | 
|  | 2453 | * which needs correct compound_head(). | 
|  | 2454 | */ | 
|  | 2455 | clear_compound_head(page_tail); | 
|  | 2456 |  | 
|  | 2457 | /* Finally unfreeze refcount. Additional reference from page cache. */ | 
|  | 2458 | page_ref_unfreeze(page_tail, 1 + (!PageAnon(head) || | 
|  | 2459 | PageSwapCache(head))); | 
|  | 2460 |  | 
|  | 2461 | if (page_is_young(head)) | 
|  | 2462 | set_page_young(page_tail); | 
|  | 2463 | if (page_is_idle(head)) | 
|  | 2464 | set_page_idle(page_tail); | 
|  | 2465 |  | 
|  | 2466 | page_cpupid_xchg_last(page_tail, page_cpupid_last(head)); | 
|  | 2467 |  | 
|  | 2468 | /* | 
|  | 2469 | * always add to the tail because some iterators expect new | 
|  | 2470 | * pages to show after the currently processed elements - e.g. | 
|  | 2471 | * migrate_pages | 
|  | 2472 | */ | 
|  | 2473 | lru_add_page_tail(head, page_tail, lruvec, list); | 
|  | 2474 | } | 
|  | 2475 |  | 
|  | 2476 | static void __split_huge_page(struct page *page, struct list_head *list, | 
|  | 2477 | pgoff_t end, unsigned long flags) | 
|  | 2478 | { | 
|  | 2479 | struct page *head = compound_head(page); | 
|  | 2480 | struct zone *zone = page_zone(head); | 
|  | 2481 | struct lruvec *lruvec; | 
|  | 2482 | int i; | 
|  | 2483 |  | 
|  | 2484 | lruvec = mem_cgroup_page_lruvec(head, zone->zone_pgdat); | 
|  | 2485 |  | 
|  | 2486 | /* complete memcg works before add pages to LRU */ | 
|  | 2487 | mem_cgroup_split_huge_fixup(head); | 
|  | 2488 |  | 
|  | 2489 | for (i = HPAGE_PMD_NR - 1; i >= 1; i--) { | 
|  | 2490 | __split_huge_page_tail(head, i, lruvec, list); | 
|  | 2491 | /* Some pages can be beyond i_size: drop them from page cache */ | 
|  | 2492 | if (head[i].index >= end) { | 
|  | 2493 | ClearPageDirty(head + i); | 
|  | 2494 | __delete_from_page_cache(head + i, NULL); | 
|  | 2495 | if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head)) | 
|  | 2496 | shmem_uncharge(head->mapping->host, 1); | 
|  | 2497 | put_page(head + i); | 
|  | 2498 | } | 
|  | 2499 | } | 
|  | 2500 |  | 
|  | 2501 | ClearPageCompound(head); | 
|  | 2502 |  | 
|  | 2503 | split_page_owner(head, HPAGE_PMD_ORDER); | 
|  | 2504 |  | 
|  | 2505 | /* See comment in __split_huge_page_tail() */ | 
|  | 2506 | if (PageAnon(head)) { | 
|  | 2507 | /* Additional pin to radix tree of swap cache */ | 
|  | 2508 | if (PageSwapCache(head)) | 
|  | 2509 | page_ref_add(head, 2); | 
|  | 2510 | else | 
|  | 2511 | page_ref_inc(head); | 
|  | 2512 | } else { | 
|  | 2513 | /* Additional pin to radix tree */ | 
|  | 2514 | page_ref_add(head, 2); | 
|  | 2515 | xa_unlock(&head->mapping->i_pages); | 
|  | 2516 | } | 
|  | 2517 |  | 
|  | 2518 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); | 
|  | 2519 |  | 
|  | 2520 | remap_page(head); | 
|  | 2521 |  | 
|  | 2522 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 2523 | struct page *subpage = head + i; | 
|  | 2524 | if (subpage == page) | 
|  | 2525 | continue; | 
|  | 2526 | unlock_page(subpage); | 
|  | 2527 |  | 
|  | 2528 | /* | 
|  | 2529 | * Subpages may be freed if there wasn't any mapping | 
|  | 2530 | * like if add_to_swap() is running on a lru page that | 
|  | 2531 | * had its mapping zapped. And freeing these pages | 
|  | 2532 | * requires taking the lru_lock so we do the put_page | 
|  | 2533 | * of the tail pages after the split is complete. | 
|  | 2534 | */ | 
|  | 2535 | put_page(subpage); | 
|  | 2536 | } | 
|  | 2537 | } | 
|  | 2538 |  | 
|  | 2539 | int total_mapcount(struct page *page) | 
|  | 2540 | { | 
|  | 2541 | int i, compound, ret; | 
|  | 2542 |  | 
|  | 2543 | VM_BUG_ON_PAGE(PageTail(page), page); | 
|  | 2544 |  | 
|  | 2545 | if (likely(!PageCompound(page))) | 
|  | 2546 | return atomic_read(&page->_mapcount) + 1; | 
|  | 2547 |  | 
|  | 2548 | compound = compound_mapcount(page); | 
|  | 2549 | if (PageHuge(page)) | 
|  | 2550 | return compound; | 
|  | 2551 | ret = compound; | 
|  | 2552 | for (i = 0; i < HPAGE_PMD_NR; i++) | 
|  | 2553 | ret += atomic_read(&page[i]._mapcount) + 1; | 
|  | 2554 | /* File pages has compound_mapcount included in _mapcount */ | 
|  | 2555 | if (!PageAnon(page)) | 
|  | 2556 | return ret - compound * HPAGE_PMD_NR; | 
|  | 2557 | if (PageDoubleMap(page)) | 
|  | 2558 | ret -= HPAGE_PMD_NR; | 
|  | 2559 | return ret; | 
|  | 2560 | } | 
|  | 2561 |  | 
|  | 2562 | /* | 
|  | 2563 | * This calculates accurately how many mappings a transparent hugepage | 
|  | 2564 | * has (unlike page_mapcount() which isn't fully accurate). This full | 
|  | 2565 | * accuracy is primarily needed to know if copy-on-write faults can | 
|  | 2566 | * reuse the page and change the mapping to read-write instead of | 
|  | 2567 | * copying them. At the same time this returns the total_mapcount too. | 
|  | 2568 | * | 
|  | 2569 | * The function returns the highest mapcount any one of the subpages | 
|  | 2570 | * has. If the return value is one, even if different processes are | 
|  | 2571 | * mapping different subpages of the transparent hugepage, they can | 
|  | 2572 | * all reuse it, because each process is reusing a different subpage. | 
|  | 2573 | * | 
|  | 2574 | * The total_mapcount is instead counting all virtual mappings of the | 
|  | 2575 | * subpages. If the total_mapcount is equal to "one", it tells the | 
|  | 2576 | * caller all mappings belong to the same "mm" and in turn the | 
|  | 2577 | * anon_vma of the transparent hugepage can become the vma->anon_vma | 
|  | 2578 | * local one as no other process may be mapping any of the subpages. | 
|  | 2579 | * | 
|  | 2580 | * It would be more accurate to replace page_mapcount() with | 
|  | 2581 | * page_trans_huge_mapcount(), however we only use | 
|  | 2582 | * page_trans_huge_mapcount() in the copy-on-write faults where we | 
|  | 2583 | * need full accuracy to avoid breaking page pinning, because | 
|  | 2584 | * page_trans_huge_mapcount() is slower than page_mapcount(). | 
|  | 2585 | */ | 
|  | 2586 | int page_trans_huge_mapcount(struct page *page, int *total_mapcount) | 
|  | 2587 | { | 
|  | 2588 | int i, ret, _total_mapcount, mapcount; | 
|  | 2589 |  | 
|  | 2590 | /* hugetlbfs shouldn't call it */ | 
|  | 2591 | VM_BUG_ON_PAGE(PageHuge(page), page); | 
|  | 2592 |  | 
|  | 2593 | if (likely(!PageTransCompound(page))) { | 
|  | 2594 | mapcount = atomic_read(&page->_mapcount) + 1; | 
|  | 2595 | if (total_mapcount) | 
|  | 2596 | *total_mapcount = mapcount; | 
|  | 2597 | return mapcount; | 
|  | 2598 | } | 
|  | 2599 |  | 
|  | 2600 | page = compound_head(page); | 
|  | 2601 |  | 
|  | 2602 | _total_mapcount = ret = 0; | 
|  | 2603 | for (i = 0; i < HPAGE_PMD_NR; i++) { | 
|  | 2604 | mapcount = atomic_read(&page[i]._mapcount) + 1; | 
|  | 2605 | ret = max(ret, mapcount); | 
|  | 2606 | _total_mapcount += mapcount; | 
|  | 2607 | } | 
|  | 2608 | if (PageDoubleMap(page)) { | 
|  | 2609 | ret -= 1; | 
|  | 2610 | _total_mapcount -= HPAGE_PMD_NR; | 
|  | 2611 | } | 
|  | 2612 | mapcount = compound_mapcount(page); | 
|  | 2613 | ret += mapcount; | 
|  | 2614 | _total_mapcount += mapcount; | 
|  | 2615 | if (total_mapcount) | 
|  | 2616 | *total_mapcount = _total_mapcount; | 
|  | 2617 | return ret; | 
|  | 2618 | } | 
|  | 2619 |  | 
|  | 2620 | /* Racy check whether the huge page can be split */ | 
|  | 2621 | bool can_split_huge_page(struct page *page, int *pextra_pins) | 
|  | 2622 | { | 
|  | 2623 | int extra_pins; | 
|  | 2624 |  | 
|  | 2625 | /* Additional pins from radix tree */ | 
|  | 2626 | if (PageAnon(page)) | 
|  | 2627 | extra_pins = PageSwapCache(page) ? HPAGE_PMD_NR : 0; | 
|  | 2628 | else | 
|  | 2629 | extra_pins = HPAGE_PMD_NR; | 
|  | 2630 | if (pextra_pins) | 
|  | 2631 | *pextra_pins = extra_pins; | 
|  | 2632 | return total_mapcount(page) == page_count(page) - extra_pins - 1; | 
|  | 2633 | } | 
|  | 2634 |  | 
|  | 2635 | /* | 
|  | 2636 | * This function splits huge page into normal pages. @page can point to any | 
|  | 2637 | * subpage of huge page to split. Split doesn't change the position of @page. | 
|  | 2638 | * | 
|  | 2639 | * Only caller must hold pin on the @page, otherwise split fails with -EBUSY. | 
|  | 2640 | * The huge page must be locked. | 
|  | 2641 | * | 
|  | 2642 | * If @list is null, tail pages will be added to LRU list, otherwise, to @list. | 
|  | 2643 | * | 
|  | 2644 | * Both head page and tail pages will inherit mapping, flags, and so on from | 
|  | 2645 | * the hugepage. | 
|  | 2646 | * | 
|  | 2647 | * GUP pin and PG_locked transferred to @page. Rest subpages can be freed if | 
|  | 2648 | * they are not mapped. | 
|  | 2649 | * | 
|  | 2650 | * Returns 0 if the hugepage is split successfully. | 
|  | 2651 | * Returns -EBUSY if the page is pinned or if anon_vma disappeared from under | 
|  | 2652 | * us. | 
|  | 2653 | */ | 
|  | 2654 | int split_huge_page_to_list(struct page *page, struct list_head *list) | 
|  | 2655 | { | 
|  | 2656 | struct page *head = compound_head(page); | 
|  | 2657 | struct pglist_data *pgdata = NODE_DATA(page_to_nid(head)); | 
|  | 2658 | struct anon_vma *anon_vma = NULL; | 
|  | 2659 | struct address_space *mapping = NULL; | 
|  | 2660 | int count, mapcount, extra_pins, ret; | 
|  | 2661 | bool mlocked; | 
|  | 2662 | unsigned long flags; | 
|  | 2663 | pgoff_t end; | 
|  | 2664 |  | 
|  | 2665 | VM_BUG_ON_PAGE(is_huge_zero_page(page), page); | 
|  | 2666 | VM_BUG_ON_PAGE(!PageLocked(page), page); | 
|  | 2667 | VM_BUG_ON_PAGE(!PageCompound(page), page); | 
|  | 2668 |  | 
|  | 2669 | if (PageWriteback(page)) | 
|  | 2670 | return -EBUSY; | 
|  | 2671 |  | 
|  | 2672 | if (PageAnon(head)) { | 
|  | 2673 | /* | 
|  | 2674 | * The caller does not necessarily hold an mmap_sem that would | 
|  | 2675 | * prevent the anon_vma disappearing so we first we take a | 
|  | 2676 | * reference to it and then lock the anon_vma for write. This | 
|  | 2677 | * is similar to page_lock_anon_vma_read except the write lock | 
|  | 2678 | * is taken to serialise against parallel split or collapse | 
|  | 2679 | * operations. | 
|  | 2680 | */ | 
|  | 2681 | anon_vma = page_get_anon_vma(head); | 
|  | 2682 | if (!anon_vma) { | 
|  | 2683 | ret = -EBUSY; | 
|  | 2684 | goto out; | 
|  | 2685 | } | 
|  | 2686 | end = -1; | 
|  | 2687 | mapping = NULL; | 
|  | 2688 | anon_vma_lock_write(anon_vma); | 
|  | 2689 | } else { | 
|  | 2690 | mapping = head->mapping; | 
|  | 2691 |  | 
|  | 2692 | /* Truncated ? */ | 
|  | 2693 | if (!mapping) { | 
|  | 2694 | ret = -EBUSY; | 
|  | 2695 | goto out; | 
|  | 2696 | } | 
|  | 2697 |  | 
|  | 2698 | anon_vma = NULL; | 
|  | 2699 | i_mmap_lock_read(mapping); | 
|  | 2700 |  | 
|  | 2701 | /* | 
|  | 2702 | *__split_huge_page() may need to trim off pages beyond EOF: | 
|  | 2703 | * but on 32-bit, i_size_read() takes an irq-unsafe seqlock, | 
|  | 2704 | * which cannot be nested inside the page tree lock. So note | 
|  | 2705 | * end now: i_size itself may be changed at any moment, but | 
|  | 2706 | * head page lock is good enough to serialize the trimming. | 
|  | 2707 | */ | 
|  | 2708 | end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); | 
|  | 2709 | } | 
|  | 2710 |  | 
|  | 2711 | /* | 
|  | 2712 | * Racy check if we can split the page, before unmap_page() will | 
|  | 2713 | * split PMDs | 
|  | 2714 | */ | 
|  | 2715 | if (!can_split_huge_page(head, &extra_pins)) { | 
|  | 2716 | ret = -EBUSY; | 
|  | 2717 | goto out_unlock; | 
|  | 2718 | } | 
|  | 2719 |  | 
|  | 2720 | mlocked = PageMlocked(page); | 
|  | 2721 | unmap_page(head); | 
|  | 2722 | VM_BUG_ON_PAGE(compound_mapcount(head), head); | 
|  | 2723 |  | 
|  | 2724 | /* Make sure the page is not on per-CPU pagevec as it takes pin */ | 
|  | 2725 | if (mlocked) | 
|  | 2726 | lru_add_drain(); | 
|  | 2727 |  | 
|  | 2728 | /* prevent PageLRU to go away from under us, and freeze lru stats */ | 
|  | 2729 | spin_lock_irqsave(zone_lru_lock(page_zone(head)), flags); | 
|  | 2730 |  | 
|  | 2731 | if (mapping) { | 
|  | 2732 | void **pslot; | 
|  | 2733 |  | 
|  | 2734 | xa_lock(&mapping->i_pages); | 
|  | 2735 | pslot = radix_tree_lookup_slot(&mapping->i_pages, | 
|  | 2736 | page_index(head)); | 
|  | 2737 | /* | 
|  | 2738 | * Check if the head page is present in radix tree. | 
|  | 2739 | * We assume all tail are present too, if head is there. | 
|  | 2740 | */ | 
|  | 2741 | if (radix_tree_deref_slot_protected(pslot, | 
|  | 2742 | &mapping->i_pages.xa_lock) != head) | 
|  | 2743 | goto fail; | 
|  | 2744 | } | 
|  | 2745 |  | 
|  | 2746 | /* Prevent deferred_split_scan() touching ->_refcount */ | 
|  | 2747 | spin_lock(&pgdata->split_queue_lock); | 
|  | 2748 | count = page_count(head); | 
|  | 2749 | mapcount = total_mapcount(head); | 
|  | 2750 | if (!mapcount && page_ref_freeze(head, 1 + extra_pins)) { | 
|  | 2751 | if (!list_empty(page_deferred_list(head))) { | 
|  | 2752 | pgdata->split_queue_len--; | 
|  | 2753 | list_del(page_deferred_list(head)); | 
|  | 2754 | } | 
|  | 2755 | if (mapping) | 
|  | 2756 | __dec_node_page_state(page, NR_SHMEM_THPS); | 
|  | 2757 | spin_unlock(&pgdata->split_queue_lock); | 
|  | 2758 | __split_huge_page(page, list, end, flags); | 
|  | 2759 | if (PageSwapCache(head)) { | 
|  | 2760 | swp_entry_t entry = { .val = page_private(head) }; | 
|  | 2761 |  | 
|  | 2762 | ret = split_swap_cluster(entry); | 
|  | 2763 | } else | 
|  | 2764 | ret = 0; | 
|  | 2765 | } else { | 
|  | 2766 | if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount) { | 
|  | 2767 | pr_alert("total_mapcount: %u, page_count(): %u\n", | 
|  | 2768 | mapcount, count); | 
|  | 2769 | if (PageTail(page)) | 
|  | 2770 | dump_page(head, NULL); | 
|  | 2771 | dump_page(page, "total_mapcount(head) > 0"); | 
|  | 2772 | BUG(); | 
|  | 2773 | } | 
|  | 2774 | spin_unlock(&pgdata->split_queue_lock); | 
|  | 2775 | fail:		if (mapping) | 
|  | 2776 | xa_unlock(&mapping->i_pages); | 
|  | 2777 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); | 
|  | 2778 | remap_page(head); | 
|  | 2779 | ret = -EBUSY; | 
|  | 2780 | } | 
|  | 2781 |  | 
|  | 2782 | out_unlock: | 
|  | 2783 | if (anon_vma) { | 
|  | 2784 | anon_vma_unlock_write(anon_vma); | 
|  | 2785 | put_anon_vma(anon_vma); | 
|  | 2786 | } | 
|  | 2787 | if (mapping) | 
|  | 2788 | i_mmap_unlock_read(mapping); | 
|  | 2789 | out: | 
|  | 2790 | count_vm_event(!ret ? THP_SPLIT_PAGE : THP_SPLIT_PAGE_FAILED); | 
|  | 2791 | return ret; | 
|  | 2792 | } | 
|  | 2793 |  | 
|  | 2794 | void free_transhuge_page(struct page *page) | 
|  | 2795 | { | 
|  | 2796 | struct pglist_data *pgdata = NODE_DATA(page_to_nid(page)); | 
|  | 2797 | unsigned long flags; | 
|  | 2798 |  | 
|  | 2799 | spin_lock_irqsave(&pgdata->split_queue_lock, flags); | 
|  | 2800 | if (!list_empty(page_deferred_list(page))) { | 
|  | 2801 | pgdata->split_queue_len--; | 
|  | 2802 | list_del(page_deferred_list(page)); | 
|  | 2803 | } | 
|  | 2804 | spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); | 
|  | 2805 | free_compound_page(page); | 
|  | 2806 | } | 
|  | 2807 |  | 
|  | 2808 | void deferred_split_huge_page(struct page *page) | 
|  | 2809 | { | 
|  | 2810 | struct pglist_data *pgdata = NODE_DATA(page_to_nid(page)); | 
|  | 2811 | unsigned long flags; | 
|  | 2812 |  | 
|  | 2813 | VM_BUG_ON_PAGE(!PageTransHuge(page), page); | 
|  | 2814 |  | 
|  | 2815 | spin_lock_irqsave(&pgdata->split_queue_lock, flags); | 
|  | 2816 | if (list_empty(page_deferred_list(page))) { | 
|  | 2817 | count_vm_event(THP_DEFERRED_SPLIT_PAGE); | 
|  | 2818 | list_add_tail(page_deferred_list(page), &pgdata->split_queue); | 
|  | 2819 | pgdata->split_queue_len++; | 
|  | 2820 | } | 
|  | 2821 | spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); | 
|  | 2822 | } | 
|  | 2823 |  | 
|  | 2824 | static unsigned long deferred_split_count(struct shrinker *shrink, | 
|  | 2825 | struct shrink_control *sc) | 
|  | 2826 | { | 
|  | 2827 | struct pglist_data *pgdata = NODE_DATA(sc->nid); | 
|  | 2828 | return READ_ONCE(pgdata->split_queue_len); | 
|  | 2829 | } | 
|  | 2830 |  | 
|  | 2831 | static unsigned long deferred_split_scan(struct shrinker *shrink, | 
|  | 2832 | struct shrink_control *sc) | 
|  | 2833 | { | 
|  | 2834 | struct pglist_data *pgdata = NODE_DATA(sc->nid); | 
|  | 2835 | unsigned long flags; | 
|  | 2836 | LIST_HEAD(list), *pos, *next; | 
|  | 2837 | struct page *page; | 
|  | 2838 | int split = 0; | 
|  | 2839 |  | 
|  | 2840 | spin_lock_irqsave(&pgdata->split_queue_lock, flags); | 
|  | 2841 | /* Take pin on all head pages to avoid freeing them under us */ | 
|  | 2842 | list_for_each_safe(pos, next, &pgdata->split_queue) { | 
|  | 2843 | page = list_entry((void *)pos, struct page, mapping); | 
|  | 2844 | page = compound_head(page); | 
|  | 2845 | if (get_page_unless_zero(page)) { | 
|  | 2846 | list_move(page_deferred_list(page), &list); | 
|  | 2847 | } else { | 
|  | 2848 | /* We lost race with put_compound_page() */ | 
|  | 2849 | list_del_init(page_deferred_list(page)); | 
|  | 2850 | pgdata->split_queue_len--; | 
|  | 2851 | } | 
|  | 2852 | if (!--sc->nr_to_scan) | 
|  | 2853 | break; | 
|  | 2854 | } | 
|  | 2855 | spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); | 
|  | 2856 |  | 
|  | 2857 | list_for_each_safe(pos, next, &list) { | 
|  | 2858 | page = list_entry((void *)pos, struct page, mapping); | 
|  | 2859 | if (!trylock_page(page)) | 
|  | 2860 | goto next; | 
|  | 2861 | /* split_huge_page() removes page from list on success */ | 
|  | 2862 | if (!split_huge_page(page)) | 
|  | 2863 | split++; | 
|  | 2864 | unlock_page(page); | 
|  | 2865 | next: | 
|  | 2866 | put_page(page); | 
|  | 2867 | } | 
|  | 2868 |  | 
|  | 2869 | spin_lock_irqsave(&pgdata->split_queue_lock, flags); | 
|  | 2870 | list_splice_tail(&list, &pgdata->split_queue); | 
|  | 2871 | spin_unlock_irqrestore(&pgdata->split_queue_lock, flags); | 
|  | 2872 |  | 
|  | 2873 | /* | 
|  | 2874 | * Stop shrinker if we didn't split any page, but the queue is empty. | 
|  | 2875 | * This can happen if pages were freed under us. | 
|  | 2876 | */ | 
|  | 2877 | if (!split && list_empty(&pgdata->split_queue)) | 
|  | 2878 | return SHRINK_STOP; | 
|  | 2879 | return split; | 
|  | 2880 | } | 
|  | 2881 |  | 
|  | 2882 | static struct shrinker deferred_split_shrinker = { | 
|  | 2883 | .count_objects = deferred_split_count, | 
|  | 2884 | .scan_objects = deferred_split_scan, | 
|  | 2885 | .seeks = DEFAULT_SEEKS, | 
|  | 2886 | .flags = SHRINKER_NUMA_AWARE, | 
|  | 2887 | }; | 
|  | 2888 |  | 
|  | 2889 | #ifdef CONFIG_DEBUG_FS | 
|  | 2890 | static int split_huge_pages_set(void *data, u64 val) | 
|  | 2891 | { | 
|  | 2892 | struct zone *zone; | 
|  | 2893 | struct page *page; | 
|  | 2894 | unsigned long pfn, max_zone_pfn; | 
|  | 2895 | unsigned long total = 0, split = 0; | 
|  | 2896 |  | 
|  | 2897 | if (val != 1) | 
|  | 2898 | return -EINVAL; | 
|  | 2899 |  | 
|  | 2900 | for_each_populated_zone(zone) { | 
|  | 2901 | max_zone_pfn = zone_end_pfn(zone); | 
|  | 2902 | for (pfn = zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) { | 
|  | 2903 | if (!pfn_valid(pfn)) | 
|  | 2904 | continue; | 
|  | 2905 |  | 
|  | 2906 | page = pfn_to_page(pfn); | 
|  | 2907 | if (!get_page_unless_zero(page)) | 
|  | 2908 | continue; | 
|  | 2909 |  | 
|  | 2910 | if (zone != page_zone(page)) | 
|  | 2911 | goto next; | 
|  | 2912 |  | 
|  | 2913 | if (!PageHead(page) || PageHuge(page) || !PageLRU(page)) | 
|  | 2914 | goto next; | 
|  | 2915 |  | 
|  | 2916 | total++; | 
|  | 2917 | lock_page(page); | 
|  | 2918 | if (!split_huge_page(page)) | 
|  | 2919 | split++; | 
|  | 2920 | unlock_page(page); | 
|  | 2921 | next: | 
|  | 2922 | put_page(page); | 
|  | 2923 | } | 
|  | 2924 | } | 
|  | 2925 |  | 
|  | 2926 | pr_info("%lu of %lu THP split\n", split, total); | 
|  | 2927 |  | 
|  | 2928 | return 0; | 
|  | 2929 | } | 
|  | 2930 | DEFINE_SIMPLE_ATTRIBUTE(split_huge_pages_fops, NULL, split_huge_pages_set, | 
|  | 2931 | "%llu\n"); | 
|  | 2932 |  | 
|  | 2933 | static int __init split_huge_pages_debugfs(void) | 
|  | 2934 | { | 
|  | 2935 | void *ret; | 
|  | 2936 |  | 
|  | 2937 | ret = debugfs_create_file("split_huge_pages", 0200, NULL, NULL, | 
|  | 2938 | &split_huge_pages_fops); | 
|  | 2939 | if (!ret) | 
|  | 2940 | pr_warn("Failed to create split_huge_pages in debugfs"); | 
|  | 2941 | return 0; | 
|  | 2942 | } | 
|  | 2943 | late_initcall(split_huge_pages_debugfs); | 
|  | 2944 | #endif | 
|  | 2945 |  | 
|  | 2946 | #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION | 
|  | 2947 | void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, | 
|  | 2948 | struct page *page) | 
|  | 2949 | { | 
|  | 2950 | struct vm_area_struct *vma = pvmw->vma; | 
|  | 2951 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2952 | unsigned long address = pvmw->address; | 
|  | 2953 | pmd_t pmdval; | 
|  | 2954 | swp_entry_t entry; | 
|  | 2955 | pmd_t pmdswp; | 
|  | 2956 |  | 
|  | 2957 | if (!(pvmw->pmd && !pvmw->pte)) | 
|  | 2958 | return; | 
|  | 2959 |  | 
|  | 2960 | flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); | 
|  | 2961 | pmdval = *pvmw->pmd; | 
|  | 2962 | pmdp_invalidate(vma, address, pvmw->pmd); | 
|  | 2963 | if (pmd_dirty(pmdval)) | 
|  | 2964 | set_page_dirty(page); | 
|  | 2965 | entry = make_migration_entry(page, pmd_write(pmdval)); | 
|  | 2966 | pmdswp = swp_entry_to_pmd(entry); | 
|  | 2967 | if (pmd_soft_dirty(pmdval)) | 
|  | 2968 | pmdswp = pmd_swp_mksoft_dirty(pmdswp); | 
|  | 2969 | set_pmd_at(mm, address, pvmw->pmd, pmdswp); | 
|  | 2970 | page_remove_rmap(page, true); | 
|  | 2971 | put_page(page); | 
|  | 2972 | } | 
|  | 2973 |  | 
|  | 2974 | void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) | 
|  | 2975 | { | 
|  | 2976 | struct vm_area_struct *vma = pvmw->vma; | 
|  | 2977 | struct mm_struct *mm = vma->vm_mm; | 
|  | 2978 | unsigned long address = pvmw->address; | 
|  | 2979 | unsigned long mmun_start = address & HPAGE_PMD_MASK; | 
|  | 2980 | pmd_t pmde; | 
|  | 2981 | swp_entry_t entry; | 
|  | 2982 |  | 
|  | 2983 | if (!(pvmw->pmd && !pvmw->pte)) | 
|  | 2984 | return; | 
|  | 2985 |  | 
|  | 2986 | entry = pmd_to_swp_entry(*pvmw->pmd); | 
|  | 2987 | get_page(new); | 
|  | 2988 | pmde = pmd_mkold(mk_huge_pmd(new, vma->vm_page_prot)); | 
|  | 2989 | if (pmd_swp_soft_dirty(*pvmw->pmd)) | 
|  | 2990 | pmde = pmd_mksoft_dirty(pmde); | 
|  | 2991 | if (is_write_migration_entry(entry)) | 
|  | 2992 | pmde = maybe_pmd_mkwrite(pmde, vma); | 
|  | 2993 |  | 
|  | 2994 | flush_cache_range(vma, mmun_start, mmun_start + HPAGE_PMD_SIZE); | 
|  | 2995 | if (PageAnon(new)) | 
|  | 2996 | page_add_anon_rmap(new, vma, mmun_start, true); | 
|  | 2997 | else | 
|  | 2998 | page_add_file_rmap(new, true); | 
|  | 2999 | set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); | 
|  | 3000 | if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) | 
|  | 3001 | mlock_vma_page(new); | 
|  | 3002 | update_mmu_cache_pmd(vma, address, pvmw->pmd); | 
|  | 3003 | } | 
|  | 3004 | #endif |