1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Generic hugetlb support. 4 * (C) Nadia Yvette Chambers, April 2004 5 */ 6 #include <linux/list.h> 7 #include <linux/init.h> 8 #include <linux/mm.h> 9 #include <linux/seq_file.h> 10 #include <linux/sysctl.h> 11 #include <linux/highmem.h> 12 #include <linux/mmu_notifier.h> 13 #include <linux/nodemask.h> 14 #include <linux/pagemap.h> 15 #include <linux/mempolicy.h> 16 #include <linux/compiler.h> 17 #include <linux/cpuset.h> 18 #include <linux/mutex.h> 19 #include <linux/memblock.h> 20 #include <linux/sysfs.h> 21 #include <linux/slab.h> 22 #include <linux/sched/mm.h> 23 #include <linux/mmdebug.h> 24 #include <linux/sched/signal.h> 25 #include <linux/rmap.h> 26 #include <linux/string_helpers.h> 27 #include <linux/swap.h> 28 #include <linux/swapops.h> 29 #include <linux/jhash.h> 30 #include <linux/numa.h> 31 #include <linux/llist.h> 32 #include <linux/cma.h> 33 34 #include <asm/page.h> 35 #include <asm/pgalloc.h> 36 #include <asm/tlb.h> 37 38 #include <linux/io.h> 39 #include <linux/hugetlb.h> 40 #include <linux/hugetlb_cgroup.h> 41 #include <linux/node.h> 42 #include <linux/page_owner.h> 43 #include "internal.h" 44 #include "hugetlb_vmemmap.h" 45 46 int hugetlb_max_hstate __read_mostly; 47 unsigned int default_hstate_idx; 48 struct hstate hstates[HUGE_MAX_HSTATE]; 49 50 #ifdef CONFIG_CMA 51 static struct cma *hugetlb_cma[MAX_NUMNODES]; 52 #endif 53 static unsigned long hugetlb_cma_size __initdata; 54 55 /* 56 * Minimum page order among possible hugepage sizes, set to a proper value 57 * at boot time. 58 */ 59 static unsigned int minimum_order __read_mostly = UINT_MAX; 60 61 __initdata LIST_HEAD(huge_boot_pages); 62 63 /* for command line parsing */ 64 static struct hstate * __initdata parsed_hstate; 65 static unsigned long __initdata default_hstate_max_huge_pages; 66 static bool __initdata parsed_valid_hugepagesz = true; 67 static bool __initdata parsed_default_hugepagesz; 68 69 /* 70 * Protects updates to hugepage_freelists, hugepage_activelist, nr_huge_pages, 71 * free_huge_pages, and surplus_huge_pages. 72 */ 73 DEFINE_SPINLOCK(hugetlb_lock); 74 75 /* 76 * Serializes faults on the same logical page. This is used to 77 * prevent spurious OOMs when the hugepage pool is fully utilized. 78 */ 79 static int num_fault_mutexes; 80 struct mutex *hugetlb_fault_mutex_table ____cacheline_aligned_in_smp; 81 82 /* Forward declaration */ 83 static int hugetlb_acct_memory(struct hstate *h, long delta); 84 85 static inline bool subpool_is_free(struct hugepage_subpool *spool) 86 { 87 if (spool->count) 88 return false; 89 if (spool->max_hpages != -1) 90 return spool->used_hpages == 0; 91 if (spool->min_hpages != -1) 92 return spool->rsv_hpages == spool->min_hpages; 93 94 return true; 95 } 96 97 static inline void unlock_or_release_subpool(struct hugepage_subpool *spool, 98 unsigned long irq_flags) 99 { 100 spin_unlock_irqrestore(&spool->lock, irq_flags); 101 102 /* If no pages are used, and no other handles to the subpool 103 * remain, give up any reservations based on minimum size and 104 * free the subpool */ 105 if (subpool_is_free(spool)) { 106 if (spool->min_hpages != -1) 107 hugetlb_acct_memory(spool->hstate, 108 -spool->min_hpages); 109 kfree(spool); 110 } 111 } 112 113 struct hugepage_subpool *hugepage_new_subpool(struct hstate *h, long max_hpages, 114 long min_hpages) 115 { 116 struct hugepage_subpool *spool; 117 118 spool = kzalloc(sizeof(*spool), GFP_KERNEL); 119 if (!spool) 120 return NULL; 121 122 spin_lock_init(&spool->lock); 123 spool->count = 1; 124 spool->max_hpages = max_hpages; 125 spool->hstate = h; 126 spool->min_hpages = min_hpages; 127 128 if (min_hpages != -1 && hugetlb_acct_memory(h, min_hpages)) { 129 kfree(spool); 130 return NULL; 131 } 132 spool->rsv_hpages = min_hpages; 133 134 return spool; 135 } 136 137 void hugepage_put_subpool(struct hugepage_subpool *spool) 138 { 139 unsigned long flags; 140 141 spin_lock_irqsave(&spool->lock, flags); 142 BUG_ON(!spool->count); 143 spool->count--; 144 unlock_or_release_subpool(spool, flags); 145 } 146 147 /* 148 * Subpool accounting for allocating and reserving pages. 149 * Return -ENOMEM if there are not enough resources to satisfy the 150 * request. Otherwise, return the number of pages by which the 151 * global pools must be adjusted (upward). The returned value may 152 * only be different than the passed value (delta) in the case where 153 * a subpool minimum size must be maintained. 154 */ 155 static long hugepage_subpool_get_pages(struct hugepage_subpool *spool, 156 long delta) 157 { 158 long ret = delta; 159 160 if (!spool) 161 return ret; 162 163 spin_lock_irq(&spool->lock); 164 165 if (spool->max_hpages != -1) { /* maximum size accounting */ 166 if ((spool->used_hpages + delta) <= spool->max_hpages) 167 spool->used_hpages += delta; 168 else { 169 ret = -ENOMEM; 170 goto unlock_ret; 171 } 172 } 173 174 /* minimum size accounting */ 175 if (spool->min_hpages != -1 && spool->rsv_hpages) { 176 if (delta > spool->rsv_hpages) { 177 /* 178 * Asking for more reserves than those already taken on 179 * behalf of subpool. Return difference. 180 */ 181 ret = delta - spool->rsv_hpages; 182 spool->rsv_hpages = 0; 183 } else { 184 ret = 0; /* reserves already accounted for */ 185 spool->rsv_hpages -= delta; 186 } 187 } 188 189 unlock_ret: 190 spin_unlock_irq(&spool->lock); 191 return ret; 192 } 193 194 /* 195 * Subpool accounting for freeing and unreserving pages. 196 * Return the number of global page reservations that must be dropped. 197 * The return value may only be different than the passed value (delta) 198 * in the case where a subpool minimum size must be maintained. 199 */ 200 static long hugepage_subpool_put_pages(struct hugepage_subpool *spool, 201 long delta) 202 { 203 long ret = delta; 204 unsigned long flags; 205 206 if (!spool) 207 return delta; 208 209 spin_lock_irqsave(&spool->lock, flags); 210 211 if (spool->max_hpages != -1) /* maximum size accounting */ 212 spool->used_hpages -= delta; 213 214 /* minimum size accounting */ 215 if (spool->min_hpages != -1 && spool->used_hpages < spool->min_hpages) { 216 if (spool->rsv_hpages + delta <= spool->min_hpages) 217 ret = 0; 218 else 219 ret = spool->rsv_hpages + delta - spool->min_hpages; 220 221 spool->rsv_hpages += delta; 222 if (spool->rsv_hpages > spool->min_hpages) 223 spool->rsv_hpages = spool->min_hpages; 224 } 225 226 /* 227 * If hugetlbfs_put_super couldn't free spool due to an outstanding 228 * quota reference, free it now. 229 */ 230 unlock_or_release_subpool(spool, flags); 231 232 return ret; 233 } 234 235 static inline struct hugepage_subpool *subpool_inode(struct inode *inode) 236 { 237 return HUGETLBFS_SB(inode->i_sb)->spool; 238 } 239 240 static inline struct hugepage_subpool *subpool_vma(struct vm_area_struct *vma) 241 { 242 return subpool_inode(file_inode(vma->vm_file)); 243 } 244 245 /* Helper that removes a struct file_region from the resv_map cache and returns 246 * it for use. 247 */ 248 static struct file_region * 249 get_file_region_entry_from_cache(struct resv_map *resv, long from, long to) 250 { 251 struct file_region *nrg = NULL; 252 253 VM_BUG_ON(resv->region_cache_count <= 0); 254 255 resv->region_cache_count--; 256 nrg = list_first_entry(&resv->region_cache, struct file_region, link); 257 list_del(&nrg->link); 258 259 nrg->from = from; 260 nrg->to = to; 261 262 return nrg; 263 } 264 265 static void copy_hugetlb_cgroup_uncharge_info(struct file_region *nrg, 266 struct file_region *rg) 267 { 268 #ifdef CONFIG_CGROUP_HUGETLB 269 nrg->reservation_counter = rg->reservation_counter; 270 nrg->css = rg->css; 271 if (rg->css) 272 css_get(rg->css); 273 #endif 274 } 275 276 /* Helper that records hugetlb_cgroup uncharge info. */ 277 static void record_hugetlb_cgroup_uncharge_info(struct hugetlb_cgroup *h_cg, 278 struct hstate *h, 279 struct resv_map *resv, 280 struct file_region *nrg) 281 { 282 #ifdef CONFIG_CGROUP_HUGETLB 283 if (h_cg) { 284 nrg->reservation_counter = 285 &h_cg->rsvd_hugepage[hstate_index(h)]; 286 nrg->css = &h_cg->css; 287 /* 288 * The caller will hold exactly one h_cg->css reference for the 289 * whole contiguous reservation region. But this area might be 290 * scattered when there are already some file_regions reside in 291 * it. As a result, many file_regions may share only one css 292 * reference. In order to ensure that one file_region must hold 293 * exactly one h_cg->css reference, we should do css_get for 294 * each file_region and leave the reference held by caller 295 * untouched. 296 */ 297 css_get(&h_cg->css); 298 if (!resv->pages_per_hpage) 299 resv->pages_per_hpage = pages_per_huge_page(h); 300 /* pages_per_hpage should be the same for all entries in 301 * a resv_map. 302 */ 303 VM_BUG_ON(resv->pages_per_hpage != pages_per_huge_page(h)); 304 } else { 305 nrg->reservation_counter = NULL; 306 nrg->css = NULL; 307 } 308 #endif 309 } 310 311 static void put_uncharge_info(struct file_region *rg) 312 { 313 #ifdef CONFIG_CGROUP_HUGETLB 314 if (rg->css) 315 css_put(rg->css); 316 #endif 317 } 318 319 static bool has_same_uncharge_info(struct file_region *rg, 320 struct file_region *org) 321 { 322 #ifdef CONFIG_CGROUP_HUGETLB 323 return rg && org && 324 rg->reservation_counter == org->reservation_counter && 325 rg->css == org->css; 326 327 #else 328 return true; 329 #endif 330 } 331 332 static void coalesce_file_region(struct resv_map *resv, struct file_region *rg) 333 { 334 struct file_region *nrg = NULL, *prg = NULL; 335 336 prg = list_prev_entry(rg, link); 337 if (&prg->link != &resv->regions && prg->to == rg->from && 338 has_same_uncharge_info(prg, rg)) { 339 prg->to = rg->to; 340 341 list_del(&rg->link); 342 put_uncharge_info(rg); 343 kfree(rg); 344 345 rg = prg; 346 } 347 348 nrg = list_next_entry(rg, link); 349 if (&nrg->link != &resv->regions && nrg->from == rg->to && 350 has_same_uncharge_info(nrg, rg)) { 351 nrg->from = rg->from; 352 353 list_del(&rg->link); 354 put_uncharge_info(rg); 355 kfree(rg); 356 } 357 } 358 359 static inline long 360 hugetlb_resv_map_add(struct resv_map *map, struct file_region *rg, long from, 361 long to, struct hstate *h, struct hugetlb_cgroup *cg, 362 long *regions_needed) 363 { 364 struct file_region *nrg; 365 366 if (!regions_needed) { 367 nrg = get_file_region_entry_from_cache(map, from, to); 368 record_hugetlb_cgroup_uncharge_info(cg, h, map, nrg); 369 list_add(&nrg->link, rg->link.prev); 370 coalesce_file_region(map, nrg); 371 } else 372 *regions_needed += 1; 373 374 return to - from; 375 } 376 377 /* 378 * Must be called with resv->lock held. 379 * 380 * Calling this with regions_needed != NULL will count the number of pages 381 * to be added but will not modify the linked list. And regions_needed will 382 * indicate the number of file_regions needed in the cache to carry out to add 383 * the regions for this range. 384 */ 385 static long add_reservation_in_range(struct resv_map *resv, long f, long t, 386 struct hugetlb_cgroup *h_cg, 387 struct hstate *h, long *regions_needed) 388 { 389 long add = 0; 390 struct list_head *head = &resv->regions; 391 long last_accounted_offset = f; 392 struct file_region *rg = NULL, *trg = NULL; 393 394 if (regions_needed) 395 *regions_needed = 0; 396 397 /* In this loop, we essentially handle an entry for the range 398 * [last_accounted_offset, rg->from), at every iteration, with some 399 * bounds checking. 400 */ 401 list_for_each_entry_safe(rg, trg, head, link) { 402 /* Skip irrelevant regions that start before our range. */ 403 if (rg->from < f) { 404 /* If this region ends after the last accounted offset, 405 * then we need to update last_accounted_offset. 406 */ 407 if (rg->to > last_accounted_offset) 408 last_accounted_offset = rg->to; 409 continue; 410 } 411 412 /* When we find a region that starts beyond our range, we've 413 * finished. 414 */ 415 if (rg->from >= t) 416 break; 417 418 /* Add an entry for last_accounted_offset -> rg->from, and 419 * update last_accounted_offset. 420 */ 421 if (rg->from > last_accounted_offset) 422 add += hugetlb_resv_map_add(resv, rg, 423 last_accounted_offset, 424 rg->from, h, h_cg, 425 regions_needed); 426 427 last_accounted_offset = rg->to; 428 } 429 430 /* Handle the case where our range extends beyond 431 * last_accounted_offset. 432 */ 433 if (last_accounted_offset < t) 434 add += hugetlb_resv_map_add(resv, rg, last_accounted_offset, 435 t, h, h_cg, regions_needed); 436 437 VM_BUG_ON(add < 0); 438 return add; 439 } 440 441 /* Must be called with resv->lock acquired. Will drop lock to allocate entries. 442 */ 443 static int allocate_file_region_entries(struct resv_map *resv, 444 int regions_needed) 445 __must_hold(&resv->lock) 446 { 447 struct list_head allocated_regions; 448 int to_allocate = 0, i = 0; 449 struct file_region *trg = NULL, *rg = NULL; 450 451 VM_BUG_ON(regions_needed < 0); 452 453 INIT_LIST_HEAD(&allocated_regions); 454 455 /* 456 * Check for sufficient descriptors in the cache to accommodate 457 * the number of in progress add operations plus regions_needed. 458 * 459 * This is a while loop because when we drop the lock, some other call 460 * to region_add or region_del may have consumed some region_entries, 461 * so we keep looping here until we finally have enough entries for 462 * (adds_in_progress + regions_needed). 463 */ 464 while (resv->region_cache_count < 465 (resv->adds_in_progress + regions_needed)) { 466 to_allocate = resv->adds_in_progress + regions_needed - 467 resv->region_cache_count; 468 469 /* At this point, we should have enough entries in the cache 470 * for all the existing adds_in_progress. We should only be 471 * needing to allocate for regions_needed. 472 */ 473 VM_BUG_ON(resv->region_cache_count < resv->adds_in_progress); 474 475 spin_unlock(&resv->lock); 476 for (i = 0; i < to_allocate; i++) { 477 trg = kmalloc(sizeof(*trg), GFP_KERNEL); 478 if (!trg) 479 goto out_of_memory; 480 list_add(&trg->link, &allocated_regions); 481 } 482 483 spin_lock(&resv->lock); 484 485 list_splice(&allocated_regions, &resv->region_cache); 486 resv->region_cache_count += to_allocate; 487 } 488 489 return 0; 490 491 out_of_memory: 492 list_for_each_entry_safe(rg, trg, &allocated_regions, link) { 493 list_del(&rg->link); 494 kfree(rg); 495 } 496 return -ENOMEM; 497 } 498 499 /* 500 * Add the huge page range represented by [f, t) to the reserve 501 * map. Regions will be taken from the cache to fill in this range. 502 * Sufficient regions should exist in the cache due to the previous 503 * call to region_chg with the same range, but in some cases the cache will not 504 * have sufficient entries due to races with other code doing region_add or 505 * region_del. The extra needed entries will be allocated. 506 * 507 * regions_needed is the out value provided by a previous call to region_chg. 508 * 509 * Return the number of new huge pages added to the map. This number is greater 510 * than or equal to zero. If file_region entries needed to be allocated for 511 * this operation and we were not able to allocate, it returns -ENOMEM. 512 * region_add of regions of length 1 never allocate file_regions and cannot 513 * fail; region_chg will always allocate at least 1 entry and a region_add for 514 * 1 page will only require at most 1 entry. 515 */ 516 static long region_add(struct resv_map *resv, long f, long t, 517 long in_regions_needed, struct hstate *h, 518 struct hugetlb_cgroup *h_cg) 519 { 520 long add = 0, actual_regions_needed = 0; 521 522 spin_lock(&resv->lock); 523 retry: 524 525 /* Count how many regions are actually needed to execute this add. */ 526 add_reservation_in_range(resv, f, t, NULL, NULL, 527 &actual_regions_needed); 528 529 /* 530 * Check for sufficient descriptors in the cache to accommodate 531 * this add operation. Note that actual_regions_needed may be greater 532 * than in_regions_needed, as the resv_map may have been modified since 533 * the region_chg call. In this case, we need to make sure that we 534 * allocate extra entries, such that we have enough for all the 535 * existing adds_in_progress, plus the excess needed for this 536 * operation. 537 */ 538 if (actual_regions_needed > in_regions_needed && 539 resv->region_cache_count < 540 resv->adds_in_progress + 541 (actual_regions_needed - in_regions_needed)) { 542 /* region_add operation of range 1 should never need to 543 * allocate file_region entries. 544 */ 545 VM_BUG_ON(t - f <= 1); 546 547 if (allocate_file_region_entries( 548 resv, actual_regions_needed - in_regions_needed)) { 549 return -ENOMEM; 550 } 551 552 goto retry; 553 } 554 555 add = add_reservation_in_range(resv, f, t, h_cg, h, NULL); 556 557 resv->adds_in_progress -= in_regions_needed; 558 559 spin_unlock(&resv->lock); 560 return add; 561 } 562 563 /* 564 * Examine the existing reserve map and determine how many 565 * huge pages in the specified range [f, t) are NOT currently 566 * represented. This routine is called before a subsequent 567 * call to region_add that will actually modify the reserve 568 * map to add the specified range [f, t). region_chg does 569 * not change the number of huge pages represented by the 570 * map. A number of new file_region structures is added to the cache as a 571 * placeholder, for the subsequent region_add call to use. At least 1 572 * file_region structure is added. 573 * 574 * out_regions_needed is the number of regions added to the 575 * resv->adds_in_progress. This value needs to be provided to a follow up call 576 * to region_add or region_abort for proper accounting. 577 * 578 * Returns the number of huge pages that need to be added to the existing 579 * reservation map for the range [f, t). This number is greater or equal to 580 * zero. -ENOMEM is returned if a new file_region structure or cache entry 581 * is needed and can not be allocated. 582 */ 583 static long region_chg(struct resv_map *resv, long f, long t, 584 long *out_regions_needed) 585 { 586 long chg = 0; 587 588 spin_lock(&resv->lock); 589 590 /* Count how many hugepages in this range are NOT represented. */ 591 chg = add_reservation_in_range(resv, f, t, NULL, NULL, 592 out_regions_needed); 593 594 if (*out_regions_needed == 0) 595 *out_regions_needed = 1; 596 597 if (allocate_file_region_entries(resv, *out_regions_needed)) 598 return -ENOMEM; 599 600 resv->adds_in_progress += *out_regions_needed; 601 602 spin_unlock(&resv->lock); 603 return chg; 604 } 605 606 /* 607 * Abort the in progress add operation. The adds_in_progress field 608 * of the resv_map keeps track of the operations in progress between 609 * calls to region_chg and region_add. Operations are sometimes 610 * aborted after the call to region_chg. In such cases, region_abort 611 * is called to decrement the adds_in_progress counter. regions_needed 612 * is the value returned by the region_chg call, it is used to decrement 613 * the adds_in_progress counter. 614 * 615 * NOTE: The range arguments [f, t) are not needed or used in this 616 * routine. They are kept to make reading the calling code easier as 617 * arguments will match the associated region_chg call. 618 */ 619 static void region_abort(struct resv_map *resv, long f, long t, 620 long regions_needed) 621 { 622 spin_lock(&resv->lock); 623 VM_BUG_ON(!resv->region_cache_count); 624 resv->adds_in_progress -= regions_needed; 625 spin_unlock(&resv->lock); 626 } 627 628 /* 629 * Delete the specified range [f, t) from the reserve map. If the 630 * t parameter is LONG_MAX, this indicates that ALL regions after f 631 * should be deleted. Locate the regions which intersect [f, t) 632 * and either trim, delete or split the existing regions. 633 * 634 * Returns the number of huge pages deleted from the reserve map. 635 * In the normal case, the return value is zero or more. In the 636 * case where a region must be split, a new region descriptor must 637 * be allocated. If the allocation fails, -ENOMEM will be returned. 638 * NOTE: If the parameter t == LONG_MAX, then we will never split 639 * a region and possibly return -ENOMEM. Callers specifying 640 * t == LONG_MAX do not need to check for -ENOMEM error. 641 */ 642 static long region_del(struct resv_map *resv, long f, long t) 643 { 644 struct list_head *head = &resv->regions; 645 struct file_region *rg, *trg; 646 struct file_region *nrg = NULL; 647 long del = 0; 648 649 retry: 650 spin_lock(&resv->lock); 651 list_for_each_entry_safe(rg, trg, head, link) { 652 /* 653 * Skip regions before the range to be deleted. file_region 654 * ranges are normally of the form [from, to). However, there 655 * may be a "placeholder" entry in the map which is of the form 656 * (from, to) with from == to. Check for placeholder entries 657 * at the beginning of the range to be deleted. 658 */ 659 if (rg->to <= f && (rg->to != rg->from || rg->to != f)) 660 continue; 661 662 if (rg->from >= t) 663 break; 664 665 if (f > rg->from && t < rg->to) { /* Must split region */ 666 /* 667 * Check for an entry in the cache before dropping 668 * lock and attempting allocation. 669 */ 670 if (!nrg && 671 resv->region_cache_count > resv->adds_in_progress) { 672 nrg = list_first_entry(&resv->region_cache, 673 struct file_region, 674 link); 675 list_del(&nrg->link); 676 resv->region_cache_count--; 677 } 678 679 if (!nrg) { 680 spin_unlock(&resv->lock); 681 nrg = kmalloc(sizeof(*nrg), GFP_KERNEL); 682 if (!nrg) 683 return -ENOMEM; 684 goto retry; 685 } 686 687 del += t - f; 688 hugetlb_cgroup_uncharge_file_region( 689 resv, rg, t - f, false); 690 691 /* New entry for end of split region */ 692 nrg->from = t; 693 nrg->to = rg->to; 694 695 copy_hugetlb_cgroup_uncharge_info(nrg, rg); 696 697 INIT_LIST_HEAD(&nrg->link); 698 699 /* Original entry is trimmed */ 700 rg->to = f; 701 702 list_add(&nrg->link, &rg->link); 703 nrg = NULL; 704 break; 705 } 706 707 if (f <= rg->from && t >= rg->to) { /* Remove entire region */ 708 del += rg->to - rg->from; 709 hugetlb_cgroup_uncharge_file_region(resv, rg, 710 rg->to - rg->from, true); 711 list_del(&rg->link); 712 kfree(rg); 713 continue; 714 } 715 716 if (f <= rg->from) { /* Trim beginning of region */ 717 hugetlb_cgroup_uncharge_file_region(resv, rg, 718 t - rg->from, false); 719 720 del += t - rg->from; 721 rg->from = t; 722 } else { /* Trim end of region */ 723 hugetlb_cgroup_uncharge_file_region(resv, rg, 724 rg->to - f, false); 725 726 del += rg->to - f; 727 rg->to = f; 728 } 729 } 730 731 spin_unlock(&resv->lock); 732 kfree(nrg); 733 return del; 734 } 735 736 /* 737 * A rare out of memory error was encountered which prevented removal of 738 * the reserve map region for a page. The huge page itself was free'ed 739 * and removed from the page cache. This routine will adjust the subpool 740 * usage count, and the global reserve count if needed. By incrementing 741 * these counts, the reserve map entry which could not be deleted will 742 * appear as a "reserved" entry instead of simply dangling with incorrect 743 * counts. 744 */ 745 void hugetlb_fix_reserve_counts(struct inode *inode) 746 { 747 struct hugepage_subpool *spool = subpool_inode(inode); 748 long rsv_adjust; 749 bool reserved = false; 750 751 rsv_adjust = hugepage_subpool_get_pages(spool, 1); 752 if (rsv_adjust > 0) { 753 struct hstate *h = hstate_inode(inode); 754 755 if (!hugetlb_acct_memory(h, 1)) 756 reserved = true; 757 } else if (!rsv_adjust) { 758 reserved = true; 759 } 760 761 if (!reserved) 762 pr_warn("hugetlb: Huge Page Reserved count may go negative.\n"); 763 } 764 765 /* 766 * Count and return the number of huge pages in the reserve map 767 * that intersect with the range [f, t). 768 */ 769 static long region_count(struct resv_map *resv, long f, long t) 770 { 771 struct list_head *head = &resv->regions; 772 struct file_region *rg; 773 long chg = 0; 774 775 spin_lock(&resv->lock); 776 /* Locate each segment we overlap with, and count that overlap. */ 777 list_for_each_entry(rg, head, link) { 778 long seg_from; 779 long seg_to; 780 781 if (rg->to <= f) 782 continue; 783 if (rg->from >= t) 784 break; 785 786 seg_from = max(rg->from, f); 787 seg_to = min(rg->to, t); 788 789 chg += seg_to - seg_from; 790 } 791 spin_unlock(&resv->lock); 792 793 return chg; 794 } 795 796 /* 797 * Convert the address within this vma to the page offset within 798 * the mapping, in pagecache page units; huge pages here. 799 */ 800 static pgoff_t vma_hugecache_offset(struct hstate *h, 801 struct vm_area_struct *vma, unsigned long address) 802 { 803 return ((address - vma->vm_start) >> huge_page_shift(h)) + 804 (vma->vm_pgoff >> huge_page_order(h)); 805 } 806 807 pgoff_t linear_hugepage_index(struct vm_area_struct *vma, 808 unsigned long address) 809 { 810 return vma_hugecache_offset(hstate_vma(vma), vma, address); 811 } 812 EXPORT_SYMBOL_GPL(linear_hugepage_index); 813 814 /* 815 * Return the size of the pages allocated when backing a VMA. In the majority 816 * cases this will be same size as used by the page table entries. 817 */ 818 unsigned long vma_kernel_pagesize(struct vm_area_struct *vma) 819 { 820 if (vma->vm_ops && vma->vm_ops->pagesize) 821 return vma->vm_ops->pagesize(vma); 822 return PAGE_SIZE; 823 } 824 EXPORT_SYMBOL_GPL(vma_kernel_pagesize); 825 826 /* 827 * Return the page size being used by the MMU to back a VMA. In the majority 828 * of cases, the page size used by the kernel matches the MMU size. On 829 * architectures where it differs, an architecture-specific 'strong' 830 * version of this symbol is required. 831 */ 832 __weak unsigned long vma_mmu_pagesize(struct vm_area_struct *vma) 833 { 834 return vma_kernel_pagesize(vma); 835 } 836 837 /* 838 * Flags for MAP_PRIVATE reservations. These are stored in the bottom 839 * bits of the reservation map pointer, which are always clear due to 840 * alignment. 841 */ 842 #define HPAGE_RESV_OWNER (1UL << 0) 843 #define HPAGE_RESV_UNMAPPED (1UL << 1) 844 #define HPAGE_RESV_MASK (HPAGE_RESV_OWNER | HPAGE_RESV_UNMAPPED) 845 846 /* 847 * These helpers are used to track how many pages are reserved for 848 * faults in a MAP_PRIVATE mapping. Only the process that called mmap() 849 * is guaranteed to have their future faults succeed. 850 * 851 * With the exception of reset_vma_resv_huge_pages() which is called at fork(), 852 * the reserve counters are updated with the hugetlb_lock held. It is safe 853 * to reset the VMA at fork() time as it is not in use yet and there is no 854 * chance of the global counters getting corrupted as a result of the values. 855 * 856 * The private mapping reservation is represented in a subtly different 857 * manner to a shared mapping. A shared mapping has a region map associated 858 * with the underlying file, this region map represents the backing file 859 * pages which have ever had a reservation assigned which this persists even 860 * after the page is instantiated. A private mapping has a region map 861 * associated with the original mmap which is attached to all VMAs which 862 * reference it, this region map represents those offsets which have consumed 863 * reservation ie. where pages have been instantiated. 864 */ 865 static unsigned long get_vma_private_data(struct vm_area_struct *vma) 866 { 867 return (unsigned long)vma->vm_private_data; 868 } 869 870 static void set_vma_private_data(struct vm_area_struct *vma, 871 unsigned long value) 872 { 873 vma->vm_private_data = (void *)value; 874 } 875 876 static void 877 resv_map_set_hugetlb_cgroup_uncharge_info(struct resv_map *resv_map, 878 struct hugetlb_cgroup *h_cg, 879 struct hstate *h) 880 { 881 #ifdef CONFIG_CGROUP_HUGETLB 882 if (!h_cg || !h) { 883 resv_map->reservation_counter = NULL; 884 resv_map->pages_per_hpage = 0; 885 resv_map->css = NULL; 886 } else { 887 resv_map->reservation_counter = 888 &h_cg->rsvd_hugepage[hstate_index(h)]; 889 resv_map->pages_per_hpage = pages_per_huge_page(h); 890 resv_map->css = &h_cg->css; 891 } 892 #endif 893 } 894 895 struct resv_map *resv_map_alloc(void) 896 { 897 struct resv_map *resv_map = kmalloc(sizeof(*resv_map), GFP_KERNEL); 898 struct file_region *rg = kmalloc(sizeof(*rg), GFP_KERNEL); 899 900 if (!resv_map || !rg) { 901 kfree(resv_map); 902 kfree(rg); 903 return NULL; 904 } 905 906 kref_init(&resv_map->refs); 907 spin_lock_init(&resv_map->lock); 908 INIT_LIST_HEAD(&resv_map->regions); 909 910 resv_map->adds_in_progress = 0; 911 /* 912 * Initialize these to 0. On shared mappings, 0's here indicate these 913 * fields don't do cgroup accounting. On private mappings, these will be 914 * re-initialized to the proper values, to indicate that hugetlb cgroup 915 * reservations are to be un-charged from here. 916 */ 917 resv_map_set_hugetlb_cgroup_uncharge_info(resv_map, NULL, NULL); 918 919 INIT_LIST_HEAD(&resv_map->region_cache); 920 list_add(&rg->link, &resv_map->region_cache); 921 resv_map->region_cache_count = 1; 922 923 return resv_map; 924 } 925 926 void resv_map_release(struct kref *ref) 927 { 928 struct resv_map *resv_map = container_of(ref, struct resv_map, refs); 929 struct list_head *head = &resv_map->region_cache; 930 struct file_region *rg, *trg; 931 932 /* Clear out any active regions before we release the map. */ 933 region_del(resv_map, 0, LONG_MAX); 934 935 /* ... and any entries left in the cache */ 936 list_for_each_entry_safe(rg, trg, head, link) { 937 list_del(&rg->link); 938 kfree(rg); 939 } 940 941 VM_BUG_ON(resv_map->adds_in_progress); 942 943 kfree(resv_map); 944 } 945 946 static inline struct resv_map *inode_resv_map(struct inode *inode) 947 { 948 /* 949 * At inode evict time, i_mapping may not point to the original 950 * address space within the inode. This original address space 951 * contains the pointer to the resv_map. So, always use the 952 * address space embedded within the inode. 953 * The VERY common case is inode->mapping == &inode->i_data but, 954 * this may not be true for device special inodes. 955 */ 956 return (struct resv_map *)(&inode->i_data)->private_data; 957 } 958 959 static struct resv_map *vma_resv_map(struct vm_area_struct *vma) 960 { 961 VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); 962 if (vma->vm_flags & VM_MAYSHARE) { 963 struct address_space *mapping = vma->vm_file->f_mapping; 964 struct inode *inode = mapping->host; 965 966 return inode_resv_map(inode); 967 968 } else { 969 return (struct resv_map *)(get_vma_private_data(vma) & 970 ~HPAGE_RESV_MASK); 971 } 972 } 973 974 static void set_vma_resv_map(struct vm_area_struct *vma, struct resv_map *map) 975 { 976 VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); 977 VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma); 978 979 set_vma_private_data(vma, (get_vma_private_data(vma) & 980 HPAGE_RESV_MASK) | (unsigned long)map); 981 } 982 983 static void set_vma_resv_flags(struct vm_area_struct *vma, unsigned long flags) 984 { 985 VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); 986 VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma); 987 988 set_vma_private_data(vma, get_vma_private_data(vma) | flags); 989 } 990 991 static int is_vma_resv_set(struct vm_area_struct *vma, unsigned long flag) 992 { 993 VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); 994 995 return (get_vma_private_data(vma) & flag) != 0; 996 } 997 998 /* Reset counters to 0 and clear all HPAGE_RESV_* flags */ 999 void reset_vma_resv_huge_pages(struct vm_area_struct *vma) 1000 { 1001 VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); 1002 if (!(vma->vm_flags & VM_MAYSHARE)) 1003 vma->vm_private_data = (void *)0; 1004 } 1005 1006 /* Returns true if the VMA has associated reserve pages */ 1007 static bool vma_has_reserves(struct vm_area_struct *vma, long chg) 1008 { 1009 if (vma->vm_flags & VM_NORESERVE) { 1010 /* 1011 * This address is already reserved by other process(chg == 0), 1012 * so, we should decrement reserved count. Without decrementing, 1013 * reserve count remains after releasing inode, because this 1014 * allocated page will go into page cache and is regarded as 1015 * coming from reserved pool in releasing step. Currently, we 1016 * don't have any other solution to deal with this situation 1017 * properly, so add work-around here. 1018 */ 1019 if (vma->vm_flags & VM_MAYSHARE && chg == 0) 1020 return true; 1021 else 1022 return false; 1023 } 1024 1025 /* Shared mappings always use reserves */ 1026 if (vma->vm_flags & VM_MAYSHARE) { 1027 /* 1028 * We know VM_NORESERVE is not set. Therefore, there SHOULD 1029 * be a region map for all pages. The only situation where 1030 * there is no region map is if a hole was punched via 1031 * fallocate. In this case, there really are no reserves to 1032 * use. This situation is indicated if chg != 0. 1033 */ 1034 if (chg) 1035 return false; 1036 else 1037 return true; 1038 } 1039 1040 /* 1041 * Only the process that called mmap() has reserves for 1042 * private mappings. 1043 */ 1044 if (is_vma_resv_set(vma, HPAGE_RESV_OWNER)) { 1045 /* 1046 * Like the shared case above, a hole punch or truncate 1047 * could have been performed on the private mapping. 1048 * Examine the value of chg to determine if reserves 1049 * actually exist or were previously consumed. 1050 * Very Subtle - The value of chg comes from a previous 1051 * call to vma_needs_reserves(). The reserve map for 1052 * private mappings has different (opposite) semantics 1053 * than that of shared mappings. vma_needs_reserves() 1054 * has already taken this difference in semantics into 1055 * account. Therefore, the meaning of chg is the same 1056 * as in the shared case above. Code could easily be 1057 * combined, but keeping it separate draws attention to 1058 * subtle differences. 1059 */ 1060 if (chg) 1061 return false; 1062 else 1063 return true; 1064 } 1065 1066 return false; 1067 } 1068 1069 static void enqueue_huge_page(struct hstate *h, struct page *page) 1070 { 1071 int nid = page_to_nid(page); 1072 1073 lockdep_assert_held(&hugetlb_lock); 1074 list_move(&page->lru, &h->hugepage_freelists[nid]); 1075 h->free_huge_pages++; 1076 h->free_huge_pages_node[nid]++; 1077 SetHPageFreed(page); 1078 } 1079 1080 static struct page *dequeue_huge_page_node_exact(struct hstate *h, int nid) 1081 { 1082 struct page *page; 1083 bool pin = !!(current->flags & PF_MEMALLOC_PIN); 1084 1085 lockdep_assert_held(&hugetlb_lock); 1086 list_for_each_entry(page, &h->hugepage_freelists[nid], lru) { 1087 if (pin && !is_pinnable_page(page)) 1088 continue; 1089 1090 if (PageHWPoison(page)) 1091 continue; 1092 1093 list_move(&page->lru, &h->hugepage_activelist); 1094 set_page_refcounted(page); 1095 ClearHPageFreed(page); 1096 h->free_huge_pages--; 1097 h->free_huge_pages_node[nid]--; 1098 return page; 1099 } 1100 1101 return NULL; 1102 } 1103 1104 static struct page *dequeue_huge_page_nodemask(struct hstate *h, gfp_t gfp_mask, int nid, 1105 nodemask_t *nmask) 1106 { 1107 unsigned int cpuset_mems_cookie; 1108 struct zonelist *zonelist; 1109 struct zone *zone; 1110 struct zoneref *z; 1111 int node = NUMA_NO_NODE; 1112 1113 zonelist = node_zonelist(nid, gfp_mask); 1114 1115 retry_cpuset: 1116 cpuset_mems_cookie = read_mems_allowed_begin(); 1117 for_each_zone_zonelist_nodemask(zone, z, zonelist, gfp_zone(gfp_mask), nmask) { 1118 struct page *page; 1119 1120 if (!cpuset_zone_allowed(zone, gfp_mask)) 1121 continue; 1122 /* 1123 * no need to ask again on the same node. Pool is node rather than 1124 * zone aware 1125 */ 1126 if (zone_to_nid(zone) == node) 1127 continue; 1128 node = zone_to_nid(zone); 1129 1130 page = dequeue_huge_page_node_exact(h, node); 1131 if (page) 1132 return page; 1133 } 1134 if (unlikely(read_mems_allowed_retry(cpuset_mems_cookie))) 1135 goto retry_cpuset; 1136 1137 return NULL; 1138 } 1139 1140 static struct page *dequeue_huge_page_vma(struct hstate *h, 1141 struct vm_area_struct *vma, 1142 unsigned long address, int avoid_reserve, 1143 long chg) 1144 { 1145 struct page *page; 1146 struct mempolicy *mpol; 1147 gfp_t gfp_mask; 1148 nodemask_t *nodemask; 1149 int nid; 1150 1151 /* 1152 * A child process with MAP_PRIVATE mappings created by their parent 1153 * have no page reserves. This check ensures that reservations are 1154 * not "stolen". The child may still get SIGKILLed 1155 */ 1156 if (!vma_has_reserves(vma, chg) && 1157 h->free_huge_pages - h->resv_huge_pages == 0) 1158 goto err; 1159 1160 /* If reserves cannot be used, ensure enough pages are in the pool */ 1161 if (avoid_reserve && h->free_huge_pages - h->resv_huge_pages == 0) 1162 goto err; 1163 1164 gfp_mask = htlb_alloc_mask(h); 1165 nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); 1166 page = dequeue_huge_page_nodemask(h, gfp_mask, nid, nodemask); 1167 if (page && !avoid_reserve && vma_has_reserves(vma, chg)) { 1168 SetHPageRestoreReserve(page); 1169 h->resv_huge_pages--; 1170 } 1171 1172 mpol_cond_put(mpol); 1173 return page; 1174 1175 err: 1176 return NULL; 1177 } 1178 1179 /* 1180 * common helper functions for hstate_next_node_to_{alloc|free}. 1181 * We may have allocated or freed a huge page based on a different 1182 * nodes_allowed previously, so h->next_node_to_{alloc|free} might 1183 * be outside of *nodes_allowed. Ensure that we use an allowed 1184 * node for alloc or free. 1185 */ 1186 static int next_node_allowed(int nid, nodemask_t *nodes_allowed) 1187 { 1188 nid = next_node_in(nid, *nodes_allowed); 1189 VM_BUG_ON(nid >= MAX_NUMNODES); 1190 1191 return nid; 1192 } 1193 1194 static int get_valid_node_allowed(int nid, nodemask_t *nodes_allowed) 1195 { 1196 if (!node_isset(nid, *nodes_allowed)) 1197 nid = next_node_allowed(nid, nodes_allowed); 1198 return nid; 1199 } 1200 1201 /* 1202 * returns the previously saved node ["this node"] from which to 1203 * allocate a persistent huge page for the pool and advance the 1204 * next node from which to allocate, handling wrap at end of node 1205 * mask. 1206 */ 1207 static int hstate_next_node_to_alloc(struct hstate *h, 1208 nodemask_t *nodes_allowed) 1209 { 1210 int nid; 1211 1212 VM_BUG_ON(!nodes_allowed); 1213 1214 nid = get_valid_node_allowed(h->next_nid_to_alloc, nodes_allowed); 1215 h->next_nid_to_alloc = next_node_allowed(nid, nodes_allowed); 1216 1217 return nid; 1218 } 1219 1220 /* 1221 * helper for remove_pool_huge_page() - return the previously saved 1222 * node ["this node"] from which to free a huge page. Advance the 1223 * next node id whether or not we find a free huge page to free so 1224 * that the next attempt to free addresses the next node. 1225 */ 1226 static int hstate_next_node_to_free(struct hstate *h, nodemask_t *nodes_allowed) 1227 { 1228 int nid; 1229 1230 VM_BUG_ON(!nodes_allowed); 1231 1232 nid = get_valid_node_allowed(h->next_nid_to_free, nodes_allowed); 1233 h->next_nid_to_free = next_node_allowed(nid, nodes_allowed); 1234 1235 return nid; 1236 } 1237 1238 #define for_each_node_mask_to_alloc(hs, nr_nodes, node, mask) \ 1239 for (nr_nodes = nodes_weight(*mask); \ 1240 nr_nodes > 0 && \ 1241 ((node = hstate_next_node_to_alloc(hs, mask)) || 1); \ 1242 nr_nodes--) 1243 1244 #define for_each_node_mask_to_free(hs, nr_nodes, node, mask) \ 1245 for (nr_nodes = nodes_weight(*mask); \ 1246 nr_nodes > 0 && \ 1247 ((node = hstate_next_node_to_free(hs, mask)) || 1); \ 1248 nr_nodes--) 1249 1250 #ifdef CONFIG_ARCH_HAS_GIGANTIC_PAGE 1251 static void destroy_compound_gigantic_page(struct page *page, 1252 unsigned int order) 1253 { 1254 int i; 1255 int nr_pages = 1 << order; 1256 struct page *p = page + 1; 1257 1258 atomic_set(compound_mapcount_ptr(page), 0); 1259 atomic_set(compound_pincount_ptr(page), 0); 1260 1261 for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) { 1262 clear_compound_head(p); 1263 set_page_refcounted(p); 1264 } 1265 1266 set_compound_order(page, 0); 1267 page[1].compound_nr = 0; 1268 __ClearPageHead(page); 1269 } 1270 1271 static void free_gigantic_page(struct page *page, unsigned int order) 1272 { 1273 /* 1274 * If the page isn't allocated using the cma allocator, 1275 * cma_release() returns false. 1276 */ 1277 #ifdef CONFIG_CMA 1278 if (cma_release(hugetlb_cma[page_to_nid(page)], page, 1 << order)) 1279 return; 1280 #endif 1281 1282 free_contig_range(page_to_pfn(page), 1 << order); 1283 } 1284 1285 #ifdef CONFIG_CONTIG_ALLOC 1286 static struct page *alloc_gigantic_page(struct hstate *h, gfp_t gfp_mask, 1287 int nid, nodemask_t *nodemask) 1288 { 1289 unsigned long nr_pages = pages_per_huge_page(h); 1290 if (nid == NUMA_NO_NODE) 1291 nid = numa_mem_id(); 1292 1293 #ifdef CONFIG_CMA 1294 { 1295 struct page *page; 1296 int node; 1297 1298 if (hugetlb_cma[nid]) { 1299 page = cma_alloc(hugetlb_cma[nid], nr_pages, 1300 huge_page_order(h), true); 1301 if (page) 1302 return page; 1303 } 1304 1305 if (!(gfp_mask & __GFP_THISNODE)) { 1306 for_each_node_mask(node, *nodemask) { 1307 if (node == nid || !hugetlb_cma[node]) 1308 continue; 1309 1310 page = cma_alloc(hugetlb_cma[node], nr_pages, 1311 huge_page_order(h), true); 1312 if (page) 1313 return page; 1314 } 1315 } 1316 } 1317 #endif 1318 1319 return alloc_contig_pages(nr_pages, gfp_mask, nid, nodemask); 1320 } 1321 1322 static void prep_new_huge_page(struct hstate *h, struct page *page, int nid); 1323 static void prep_compound_gigantic_page(struct page *page, unsigned int order); 1324 #else /* !CONFIG_CONTIG_ALLOC */ 1325 static struct page *alloc_gigantic_page(struct hstate *h, gfp_t gfp_mask, 1326 int nid, nodemask_t *nodemask) 1327 { 1328 return NULL; 1329 } 1330 #endif /* CONFIG_CONTIG_ALLOC */ 1331 1332 #else /* !CONFIG_ARCH_HAS_GIGANTIC_PAGE */ 1333 static struct page *alloc_gigantic_page(struct hstate *h, gfp_t gfp_mask, 1334 int nid, nodemask_t *nodemask) 1335 { 1336 return NULL; 1337 } 1338 static inline void free_gigantic_page(struct page *page, unsigned int order) { } 1339 static inline void destroy_compound_gigantic_page(struct page *page, 1340 unsigned int order) { } 1341 #endif 1342 1343 /* 1344 * Remove hugetlb page from lists, and update dtor so that page appears 1345 * as just a compound page. A reference is held on the page. 1346 * 1347 * Must be called with hugetlb lock held. 1348 */ 1349 static void remove_hugetlb_page(struct hstate *h, struct page *page, 1350 bool adjust_surplus) 1351 { 1352 int nid = page_to_nid(page); 1353 1354 VM_BUG_ON_PAGE(hugetlb_cgroup_from_page(page), page); 1355 VM_BUG_ON_PAGE(hugetlb_cgroup_from_page_rsvd(page), page); 1356 1357 lockdep_assert_held(&hugetlb_lock); 1358 if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported()) 1359 return; 1360 1361 list_del(&page->lru); 1362 1363 if (HPageFreed(page)) { 1364 h->free_huge_pages--; 1365 h->free_huge_pages_node[nid]--; 1366 } 1367 if (adjust_surplus) { 1368 h->surplus_huge_pages--; 1369 h->surplus_huge_pages_node[nid]--; 1370 } 1371 1372 set_page_refcounted(page); 1373 set_compound_page_dtor(page, NULL_COMPOUND_DTOR); 1374 1375 h->nr_huge_pages--; 1376 h->nr_huge_pages_node[nid]--; 1377 } 1378 1379 static void add_hugetlb_page(struct hstate *h, struct page *page, 1380 bool adjust_surplus) 1381 { 1382 int zeroed; 1383 int nid = page_to_nid(page); 1384 1385 VM_BUG_ON_PAGE(!HPageVmemmapOptimized(page), page); 1386 1387 lockdep_assert_held(&hugetlb_lock); 1388 1389 INIT_LIST_HEAD(&page->lru); 1390 h->nr_huge_pages++; 1391 h->nr_huge_pages_node[nid]++; 1392 1393 if (adjust_surplus) { 1394 h->surplus_huge_pages++; 1395 h->surplus_huge_pages_node[nid]++; 1396 } 1397 1398 set_compound_page_dtor(page, HUGETLB_PAGE_DTOR); 1399 set_page_private(page, 0); 1400 SetHPageVmemmapOptimized(page); 1401 1402 /* 1403 * This page is now managed by the hugetlb allocator and has 1404 * no users -- drop the last reference. 1405 */ 1406 zeroed = put_page_testzero(page); 1407 VM_BUG_ON_PAGE(!zeroed, page); 1408 arch_clear_hugepage_flags(page); 1409 enqueue_huge_page(h, page); 1410 } 1411 1412 static void __update_and_free_page(struct hstate *h, struct page *page) 1413 { 1414 int i; 1415 struct page *subpage = page; 1416 1417 if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported()) 1418 return; 1419 1420 if (alloc_huge_page_vmemmap(h, page)) { 1421 spin_lock_irq(&hugetlb_lock); 1422 /* 1423 * If we cannot allocate vmemmap pages, just refuse to free the 1424 * page and put the page back on the hugetlb free list and treat 1425 * as a surplus page. 1426 */ 1427 add_hugetlb_page(h, page, true); 1428 spin_unlock_irq(&hugetlb_lock); 1429 return; 1430 } 1431 1432 for (i = 0; i < pages_per_huge_page(h); 1433 i++, subpage = mem_map_next(subpage, page, i)) { 1434 subpage->flags &= ~(1 << PG_locked | 1 << PG_error | 1435 1 << PG_referenced | 1 << PG_dirty | 1436 1 << PG_active | 1 << PG_private | 1437 1 << PG_writeback); 1438 } 1439 if (hstate_is_gigantic(h)) { 1440 destroy_compound_gigantic_page(page, huge_page_order(h)); 1441 free_gigantic_page(page, huge_page_order(h)); 1442 } else { 1443 __free_pages(page, huge_page_order(h)); 1444 } 1445 } 1446 1447 /* 1448 * As update_and_free_page() can be called under any context, so we cannot 1449 * use GFP_KERNEL to allocate vmemmap pages. However, we can defer the 1450 * actual freeing in a workqueue to prevent from using GFP_ATOMIC to allocate 1451 * the vmemmap pages. 1452 * 1453 * free_hpage_workfn() locklessly retrieves the linked list of pages to be 1454 * freed and frees them one-by-one. As the page->mapping pointer is going 1455 * to be cleared in free_hpage_workfn() anyway, it is reused as the llist_node 1456 * structure of a lockless linked list of huge pages to be freed. 1457 */ 1458 static LLIST_HEAD(hpage_freelist); 1459 1460 static void free_hpage_workfn(struct work_struct *work) 1461 { 1462 struct llist_node *node; 1463 1464 node = llist_del_all(&hpage_freelist); 1465 1466 while (node) { 1467 struct page *page; 1468 struct hstate *h; 1469 1470 page = container_of((struct address_space **)node, 1471 struct page, mapping); 1472 node = node->next; 1473 page->mapping = NULL; 1474 /* 1475 * The VM_BUG_ON_PAGE(!PageHuge(page), page) in page_hstate() 1476 * is going to trigger because a previous call to 1477 * remove_hugetlb_page() will set_compound_page_dtor(page, 1478 * NULL_COMPOUND_DTOR), so do not use page_hstate() directly. 1479 */ 1480 h = size_to_hstate(page_size(page)); 1481 1482 __update_and_free_page(h, page); 1483 1484 cond_resched(); 1485 } 1486 } 1487 static DECLARE_WORK(free_hpage_work, free_hpage_workfn); 1488 1489 static inline void flush_free_hpage_work(struct hstate *h) 1490 { 1491 if (free_vmemmap_pages_per_hpage(h)) 1492 flush_work(&free_hpage_work); 1493 } 1494 1495 static void update_and_free_page(struct hstate *h, struct page *page, 1496 bool atomic) 1497 { 1498 if (!HPageVmemmapOptimized(page) || !atomic) { 1499 __update_and_free_page(h, page); 1500 return; 1501 } 1502 1503 /* 1504 * Defer freeing to avoid using GFP_ATOMIC to allocate vmemmap pages. 1505 * 1506 * Only call schedule_work() if hpage_freelist is previously 1507 * empty. Otherwise, schedule_work() had been called but the workfn 1508 * hasn't retrieved the list yet. 1509 */ 1510 if (llist_add((struct llist_node *)&page->mapping, &hpage_freelist)) 1511 schedule_work(&free_hpage_work); 1512 } 1513 1514 static void update_and_free_pages_bulk(struct hstate *h, struct list_head *list) 1515 { 1516 struct page *page, *t_page; 1517 1518 list_for_each_entry_safe(page, t_page, list, lru) { 1519 update_and_free_page(h, page, false); 1520 cond_resched(); 1521 } 1522 } 1523 1524 struct hstate *size_to_hstate(unsigned long size) 1525 { 1526 struct hstate *h; 1527 1528 for_each_hstate(h) { 1529 if (huge_page_size(h) == size) 1530 return h; 1531 } 1532 return NULL; 1533 } 1534 1535 void free_huge_page(struct page *page) 1536 { 1537 /* 1538 * Can't pass hstate in here because it is called from the 1539 * compound page destructor. 1540 */ 1541 struct hstate *h = page_hstate(page); 1542 int nid = page_to_nid(page); 1543 struct hugepage_subpool *spool = hugetlb_page_subpool(page); 1544 bool restore_reserve; 1545 unsigned long flags; 1546 1547 VM_BUG_ON_PAGE(page_count(page), page); 1548 VM_BUG_ON_PAGE(page_mapcount(page), page); 1549 1550 hugetlb_set_page_subpool(page, NULL); 1551 page->mapping = NULL; 1552 restore_reserve = HPageRestoreReserve(page); 1553 ClearHPageRestoreReserve(page); 1554 1555 /* 1556 * If HPageRestoreReserve was set on page, page allocation consumed a 1557 * reservation. If the page was associated with a subpool, there 1558 * would have been a page reserved in the subpool before allocation 1559 * via hugepage_subpool_get_pages(). Since we are 'restoring' the 1560 * reservation, do not call hugepage_subpool_put_pages() as this will 1561 * remove the reserved page from the subpool. 1562 */ 1563 if (!restore_reserve) { 1564 /* 1565 * A return code of zero implies that the subpool will be 1566 * under its minimum size if the reservation is not restored 1567 * after page is free. Therefore, force restore_reserve 1568 * operation. 1569 */ 1570 if (hugepage_subpool_put_pages(spool, 1) == 0) 1571 restore_reserve = true; 1572 } 1573 1574 spin_lock_irqsave(&hugetlb_lock, flags); 1575 ClearHPageMigratable(page); 1576 hugetlb_cgroup_uncharge_page(hstate_index(h), 1577 pages_per_huge_page(h), page); 1578 hugetlb_cgroup_uncharge_page_rsvd(hstate_index(h), 1579 pages_per_huge_page(h), page); 1580 if (restore_reserve) 1581 h->resv_huge_pages++; 1582 1583 if (HPageTemporary(page)) { 1584 remove_hugetlb_page(h, page, false); 1585 spin_unlock_irqrestore(&hugetlb_lock, flags); 1586 update_and_free_page(h, page, true); 1587 } else if (h->surplus_huge_pages_node[nid]) { 1588 /* remove the page from active list */ 1589 remove_hugetlb_page(h, page, true); 1590 spin_unlock_irqrestore(&hugetlb_lock, flags); 1591 update_and_free_page(h, page, true); 1592 } else { 1593 arch_clear_hugepage_flags(page); 1594 enqueue_huge_page(h, page); 1595 spin_unlock_irqrestore(&hugetlb_lock, flags); 1596 } 1597 } 1598 1599 /* 1600 * Must be called with the hugetlb lock held 1601 */ 1602 static void __prep_account_new_huge_page(struct hstate *h, int nid) 1603 { 1604 lockdep_assert_held(&hugetlb_lock); 1605 h->nr_huge_pages++; 1606 h->nr_huge_pages_node[nid]++; 1607 } 1608 1609 static void __prep_new_huge_page(struct hstate *h, struct page *page) 1610 { 1611 free_huge_page_vmemmap(h, page); 1612 INIT_LIST_HEAD(&page->lru); 1613 set_compound_page_dtor(page, HUGETLB_PAGE_DTOR); 1614 hugetlb_set_page_subpool(page, NULL); 1615 set_hugetlb_cgroup(page, NULL); 1616 set_hugetlb_cgroup_rsvd(page, NULL); 1617 } 1618 1619 static void prep_new_huge_page(struct hstate *h, struct page *page, int nid) 1620 { 1621 __prep_new_huge_page(h, page); 1622 spin_lock_irq(&hugetlb_lock); 1623 __prep_account_new_huge_page(h, nid); 1624 spin_unlock_irq(&hugetlb_lock); 1625 } 1626 1627 static void prep_compound_gigantic_page(struct page *page, unsigned int order) 1628 { 1629 int i; 1630 int nr_pages = 1 << order; 1631 struct page *p = page + 1; 1632 1633 /* we rely on prep_new_huge_page to set the destructor */ 1634 set_compound_order(page, order); 1635 __ClearPageReserved(page); 1636 __SetPageHead(page); 1637 for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) { 1638 /* 1639 * For gigantic hugepages allocated through bootmem at 1640 * boot, it's safer to be consistent with the not-gigantic 1641 * hugepages and clear the PG_reserved bit from all tail pages 1642 * too. Otherwise drivers using get_user_pages() to access tail 1643 * pages may get the reference counting wrong if they see 1644 * PG_reserved set on a tail page (despite the head page not 1645 * having PG_reserved set). Enforcing this consistency between 1646 * head and tail pages allows drivers to optimize away a check 1647 * on the head page when they need know if put_page() is needed 1648 * after get_user_pages(). 1649 */ 1650 __ClearPageReserved(p); 1651 set_page_count(p, 0); 1652 set_compound_head(p, page); 1653 } 1654 atomic_set(compound_mapcount_ptr(page), -1); 1655 atomic_set(compound_pincount_ptr(page), 0); 1656 } 1657 1658 /* 1659 * PageHuge() only returns true for hugetlbfs pages, but not for normal or 1660 * transparent huge pages. See the PageTransHuge() documentation for more 1661 * details. 1662 */ 1663 int PageHuge(struct page *page) 1664 { 1665 if (!PageCompound(page)) 1666 return 0; 1667 1668 page = compound_head(page); 1669 return page[1].compound_dtor == HUGETLB_PAGE_DTOR; 1670 } 1671 EXPORT_SYMBOL_GPL(PageHuge); 1672 1673 /* 1674 * PageHeadHuge() only returns true for hugetlbfs head page, but not for 1675 * normal or transparent huge pages. 1676 */ 1677 int PageHeadHuge(struct page *page_head) 1678 { 1679 if (!PageHead(page_head)) 1680 return 0; 1681 1682 return page_head[1].compound_dtor == HUGETLB_PAGE_DTOR; 1683 } 1684 1685 /* 1686 * Find and lock address space (mapping) in write mode. 1687 * 1688 * Upon entry, the page is locked which means that page_mapping() is 1689 * stable. Due to locking order, we can only trylock_write. If we can 1690 * not get the lock, simply return NULL to caller. 1691 */ 1692 struct address_space *hugetlb_page_mapping_lock_write(struct page *hpage) 1693 { 1694 struct address_space *mapping = page_mapping(hpage); 1695 1696 if (!mapping) 1697 return mapping; 1698 1699 if (i_mmap_trylock_write(mapping)) 1700 return mapping; 1701 1702 return NULL; 1703 } 1704 1705 pgoff_t hugetlb_basepage_index(struct page *page) 1706 { 1707 struct page *page_head = compound_head(page); 1708 pgoff_t index = page_index(page_head); 1709 unsigned long compound_idx; 1710 1711 if (compound_order(page_head) >= MAX_ORDER) 1712 compound_idx = page_to_pfn(page) - page_to_pfn(page_head); 1713 else 1714 compound_idx = page - page_head; 1715 1716 return (index << compound_order(page_head)) + compound_idx; 1717 } 1718 1719 static struct page *alloc_buddy_huge_page(struct hstate *h, 1720 gfp_t gfp_mask, int nid, nodemask_t *nmask, 1721 nodemask_t *node_alloc_noretry) 1722 { 1723 int order = huge_page_order(h); 1724 struct page *page; 1725 bool alloc_try_hard = true; 1726 1727 /* 1728 * By default we always try hard to allocate the page with 1729 * __GFP_RETRY_MAYFAIL flag. However, if we are allocating pages in 1730 * a loop (to adjust global huge page counts) and previous allocation 1731 * failed, do not continue to try hard on the same node. Use the 1732 * node_alloc_noretry bitmap to manage this state information. 1733 */ 1734 if (node_alloc_noretry && node_isset(nid, *node_alloc_noretry)) 1735 alloc_try_hard = false; 1736 gfp_mask |= __GFP_COMP|__GFP_NOWARN; 1737 if (alloc_try_hard) 1738 gfp_mask |= __GFP_RETRY_MAYFAIL; 1739 if (nid == NUMA_NO_NODE) 1740 nid = numa_mem_id(); 1741 page = __alloc_pages(gfp_mask, order, nid, nmask); 1742 if (page) 1743 __count_vm_event(HTLB_BUDDY_PGALLOC); 1744 else 1745 __count_vm_event(HTLB_BUDDY_PGALLOC_FAIL); 1746 1747 /* 1748 * If we did not specify __GFP_RETRY_MAYFAIL, but still got a page this 1749 * indicates an overall state change. Clear bit so that we resume 1750 * normal 'try hard' allocations. 1751 */ 1752 if (node_alloc_noretry && page && !alloc_try_hard) 1753 node_clear(nid, *node_alloc_noretry); 1754 1755 /* 1756 * If we tried hard to get a page but failed, set bit so that 1757 * subsequent attempts will not try as hard until there is an 1758 * overall state change. 1759 */ 1760 if (node_alloc_noretry && !page && alloc_try_hard) 1761 node_set(nid, *node_alloc_noretry); 1762 1763 return page; 1764 } 1765 1766 /* 1767 * Common helper to allocate a fresh hugetlb page. All specific allocators 1768 * should use this function to get new hugetlb pages 1769 */ 1770 static struct page *alloc_fresh_huge_page(struct hstate *h, 1771 gfp_t gfp_mask, int nid, nodemask_t *nmask, 1772 nodemask_t *node_alloc_noretry) 1773 { 1774 struct page *page; 1775 1776 if (hstate_is_gigantic(h)) 1777 page = alloc_gigantic_page(h, gfp_mask, nid, nmask); 1778 else 1779 page = alloc_buddy_huge_page(h, gfp_mask, 1780 nid, nmask, node_alloc_noretry); 1781 if (!page) 1782 return NULL; 1783 1784 if (hstate_is_gigantic(h)) 1785 prep_compound_gigantic_page(page, huge_page_order(h)); 1786 prep_new_huge_page(h, page, page_to_nid(page)); 1787 1788 return page; 1789 } 1790 1791 /* 1792 * Allocates a fresh page to the hugetlb allocator pool in the node interleaved 1793 * manner. 1794 */ 1795 static int alloc_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed, 1796 nodemask_t *node_alloc_noretry) 1797 { 1798 struct page *page; 1799 int nr_nodes, node; 1800 gfp_t gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; 1801 1802 for_each_node_mask_to_alloc(h, nr_nodes, node, nodes_allowed) { 1803 page = alloc_fresh_huge_page(h, gfp_mask, node, nodes_allowed, 1804 node_alloc_noretry); 1805 if (page) 1806 break; 1807 } 1808 1809 if (!page) 1810 return 0; 1811 1812 put_page(page); /* free it into the hugepage allocator */ 1813 1814 return 1; 1815 } 1816 1817 /* 1818 * Remove huge page from pool from next node to free. Attempt to keep 1819 * persistent huge pages more or less balanced over allowed nodes. 1820 * This routine only 'removes' the hugetlb page. The caller must make 1821 * an additional call to free the page to low level allocators. 1822 * Called with hugetlb_lock locked. 1823 */ 1824 static struct page *remove_pool_huge_page(struct hstate *h, 1825 nodemask_t *nodes_allowed, 1826 bool acct_surplus) 1827 { 1828 int nr_nodes, node; 1829 struct page *page = NULL; 1830 1831 lockdep_assert_held(&hugetlb_lock); 1832 for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) { 1833 /* 1834 * If we're returning unused surplus pages, only examine 1835 * nodes with surplus pages. 1836 */ 1837 if ((!acct_surplus || h->surplus_huge_pages_node[node]) && 1838 !list_empty(&h->hugepage_freelists[node])) { 1839 page = list_entry(h->hugepage_freelists[node].next, 1840 struct page, lru); 1841 remove_hugetlb_page(h, page, acct_surplus); 1842 break; 1843 } 1844 } 1845 1846 return page; 1847 } 1848 1849 /* 1850 * Dissolve a given free hugepage into free buddy pages. This function does 1851 * nothing for in-use hugepages and non-hugepages. 1852 * This function returns values like below: 1853 * 1854 * -ENOMEM: failed to allocate vmemmap pages to free the freed hugepages 1855 * when the system is under memory pressure and the feature of 1856 * freeing unused vmemmap pages associated with each hugetlb page 1857 * is enabled. 1858 * -EBUSY: failed to dissolved free hugepages or the hugepage is in-use 1859 * (allocated or reserved.) 1860 * 0: successfully dissolved free hugepages or the page is not a 1861 * hugepage (considered as already dissolved) 1862 */ 1863 int dissolve_free_huge_page(struct page *page) 1864 { 1865 int rc = -EBUSY; 1866 1867 retry: 1868 /* Not to disrupt normal path by vainly holding hugetlb_lock */ 1869 if (!PageHuge(page)) 1870 return 0; 1871 1872 spin_lock_irq(&hugetlb_lock); 1873 if (!PageHuge(page)) { 1874 rc = 0; 1875 goto out; 1876 } 1877 1878 if (!page_count(page)) { 1879 struct page *head = compound_head(page); 1880 struct hstate *h = page_hstate(head); 1881 if (h->free_huge_pages - h->resv_huge_pages == 0) 1882 goto out; 1883 1884 /* 1885 * We should make sure that the page is already on the free list 1886 * when it is dissolved. 1887 */ 1888 if (unlikely(!HPageFreed(head))) { 1889 spin_unlock_irq(&hugetlb_lock); 1890 cond_resched(); 1891 1892 /* 1893 * Theoretically, we should return -EBUSY when we 1894 * encounter this race. In fact, we have a chance 1895 * to successfully dissolve the page if we do a 1896 * retry. Because the race window is quite small. 1897 * If we seize this opportunity, it is an optimization 1898 * for increasing the success rate of dissolving page. 1899 */ 1900 goto retry; 1901 } 1902 1903 remove_hugetlb_page(h, head, false); 1904 h->max_huge_pages--; 1905 spin_unlock_irq(&hugetlb_lock); 1906 1907 /* 1908 * Normally update_and_free_page will allocate required vmemmmap 1909 * before freeing the page. update_and_free_page will fail to 1910 * free the page if it can not allocate required vmemmap. We 1911 * need to adjust max_huge_pages if the page is not freed. 1912 * Attempt to allocate vmemmmap here so that we can take 1913 * appropriate action on failure. 1914 */ 1915 rc = alloc_huge_page_vmemmap(h, head); 1916 if (!rc) { 1917 /* 1918 * Move PageHWPoison flag from head page to the raw 1919 * error page, which makes any subpages rather than 1920 * the error page reusable. 1921 */ 1922 if (PageHWPoison(head) && page != head) { 1923 SetPageHWPoison(page); 1924 ClearPageHWPoison(head); 1925 } 1926 update_and_free_page(h, head, false); 1927 } else { 1928 spin_lock_irq(&hugetlb_lock); 1929 add_hugetlb_page(h, head, false); 1930 h->max_huge_pages++; 1931 spin_unlock_irq(&hugetlb_lock); 1932 } 1933 1934 return rc; 1935 } 1936 out: 1937 spin_unlock_irq(&hugetlb_lock); 1938 return rc; 1939 } 1940 1941 /* 1942 * Dissolve free hugepages in a given pfn range. Used by memory hotplug to 1943 * make specified memory blocks removable from the system. 1944 * Note that this will dissolve a free gigantic hugepage completely, if any 1945 * part of it lies within the given range. 1946 * Also note that if dissolve_free_huge_page() returns with an error, all 1947 * free hugepages that were dissolved before that error are lost. 1948 */ 1949 int dissolve_free_huge_pages(unsigned long start_pfn, unsigned long end_pfn) 1950 { 1951 unsigned long pfn; 1952 struct page *page; 1953 int rc = 0; 1954 1955 if (!hugepages_supported()) 1956 return rc; 1957 1958 for (pfn = start_pfn; pfn < end_pfn; pfn += 1 << minimum_order) { 1959 page = pfn_to_page(pfn); 1960 rc = dissolve_free_huge_page(page); 1961 if (rc) 1962 break; 1963 } 1964 1965 return rc; 1966 } 1967 1968 /* 1969 * Allocates a fresh surplus page from the page allocator. 1970 */ 1971 static struct page *alloc_surplus_huge_page(struct hstate *h, gfp_t gfp_mask, 1972 int nid, nodemask_t *nmask) 1973 { 1974 struct page *page = NULL; 1975 1976 if (hstate_is_gigantic(h)) 1977 return NULL; 1978 1979 spin_lock_irq(&hugetlb_lock); 1980 if (h->surplus_huge_pages >= h->nr_overcommit_huge_pages) 1981 goto out_unlock; 1982 spin_unlock_irq(&hugetlb_lock); 1983 1984 page = alloc_fresh_huge_page(h, gfp_mask, nid, nmask, NULL); 1985 if (!page) 1986 return NULL; 1987 1988 spin_lock_irq(&hugetlb_lock); 1989 /* 1990 * We could have raced with the pool size change. 1991 * Double check that and simply deallocate the new page 1992 * if we would end up overcommiting the surpluses. Abuse 1993 * temporary page to workaround the nasty free_huge_page 1994 * codeflow 1995 */ 1996 if (h->surplus_huge_pages >= h->nr_overcommit_huge_pages) { 1997 SetHPageTemporary(page); 1998 spin_unlock_irq(&hugetlb_lock); 1999 put_page(page); 2000 return NULL; 2001 } else { 2002 h->surplus_huge_pages++; 2003 h->surplus_huge_pages_node[page_to_nid(page)]++; 2004 } 2005 2006 out_unlock: 2007 spin_unlock_irq(&hugetlb_lock); 2008 2009 return page; 2010 } 2011 2012 static struct page *alloc_migrate_huge_page(struct hstate *h, gfp_t gfp_mask, 2013 int nid, nodemask_t *nmask) 2014 { 2015 struct page *page; 2016 2017 if (hstate_is_gigantic(h)) 2018 return NULL; 2019 2020 page = alloc_fresh_huge_page(h, gfp_mask, nid, nmask, NULL); 2021 if (!page) 2022 return NULL; 2023 2024 /* 2025 * We do not account these pages as surplus because they are only 2026 * temporary and will be released properly on the last reference 2027 */ 2028 SetHPageTemporary(page); 2029 2030 return page; 2031 } 2032 2033 /* 2034 * Use the VMA's mpolicy to allocate a huge page from the buddy. 2035 */ 2036 static 2037 struct page *alloc_buddy_huge_page_with_mpol(struct hstate *h, 2038 struct vm_area_struct *vma, unsigned long addr) 2039 { 2040 struct page *page; 2041 struct mempolicy *mpol; 2042 gfp_t gfp_mask = htlb_alloc_mask(h); 2043 int nid; 2044 nodemask_t *nodemask; 2045 2046 nid = huge_node(vma, addr, gfp_mask, &mpol, &nodemask); 2047 page = alloc_surplus_huge_page(h, gfp_mask, nid, nodemask); 2048 mpol_cond_put(mpol); 2049 2050 return page; 2051 } 2052 2053 /* page migration callback function */ 2054 struct page *alloc_huge_page_nodemask(struct hstate *h, int preferred_nid, 2055 nodemask_t *nmask, gfp_t gfp_mask) 2056 { 2057 spin_lock_irq(&hugetlb_lock); 2058 if (h->free_huge_pages - h->resv_huge_pages > 0) { 2059 struct page *page; 2060 2061 page = dequeue_huge_page_nodemask(h, gfp_mask, preferred_nid, nmask); 2062 if (page) { 2063 spin_unlock_irq(&hugetlb_lock); 2064 return page; 2065 } 2066 } 2067 spin_unlock_irq(&hugetlb_lock); 2068 2069 return alloc_migrate_huge_page(h, gfp_mask, preferred_nid, nmask); 2070 } 2071 2072 /* mempolicy aware migration callback */ 2073 struct page *alloc_huge_page_vma(struct hstate *h, struct vm_area_struct *vma, 2074 unsigned long address) 2075 { 2076 struct mempolicy *mpol; 2077 nodemask_t *nodemask; 2078 struct page *page; 2079 gfp_t gfp_mask; 2080 int node; 2081 2082 gfp_mask = htlb_alloc_mask(h); 2083 node = huge_node(vma, address, gfp_mask, &mpol, &nodemask); 2084 page = alloc_huge_page_nodemask(h, node, nodemask, gfp_mask); 2085 mpol_cond_put(mpol); 2086 2087 return page; 2088 } 2089 2090 /* 2091 * Increase the hugetlb pool such that it can accommodate a reservation 2092 * of size 'delta'. 2093 */ 2094 static int gather_surplus_pages(struct hstate *h, long delta) 2095 __must_hold(&hugetlb_lock) 2096 { 2097 struct list_head surplus_list; 2098 struct page *page, *tmp; 2099 int ret; 2100 long i; 2101 long needed, allocated; 2102 bool alloc_ok = true; 2103 2104 lockdep_assert_held(&hugetlb_lock); 2105 needed = (h->resv_huge_pages + delta) - h->free_huge_pages; 2106 if (needed <= 0) { 2107 h->resv_huge_pages += delta; 2108 return 0; 2109 } 2110 2111 allocated = 0; 2112 INIT_LIST_HEAD(&surplus_list); 2113 2114 ret = -ENOMEM; 2115 retry: 2116 spin_unlock_irq(&hugetlb_lock); 2117 for (i = 0; i < needed; i++) { 2118 page = alloc_surplus_huge_page(h, htlb_alloc_mask(h), 2119 NUMA_NO_NODE, NULL); 2120 if (!page) { 2121 alloc_ok = false; 2122 break; 2123 } 2124 list_add(&page->lru, &surplus_list); 2125 cond_resched(); 2126 } 2127 allocated += i; 2128 2129 /* 2130 * After retaking hugetlb_lock, we need to recalculate 'needed' 2131 * because either resv_huge_pages or free_huge_pages may have changed. 2132 */ 2133 spin_lock_irq(&hugetlb_lock); 2134 needed = (h->resv_huge_pages + delta) - 2135 (h->free_huge_pages + allocated); 2136 if (needed > 0) { 2137 if (alloc_ok) 2138 goto retry; 2139 /* 2140 * We were not able to allocate enough pages to 2141 * satisfy the entire reservation so we free what 2142 * we've allocated so far. 2143 */ 2144 goto free; 2145 } 2146 /* 2147 * The surplus_list now contains _at_least_ the number of extra pages 2148 * needed to accommodate the reservation. Add the appropriate number 2149 * of pages to the hugetlb pool and free the extras back to the buddy 2150 * allocator. Commit the entire reservation here to prevent another 2151 * process from stealing the pages as they are added to the pool but 2152 * before they are reserved. 2153 */ 2154 needed += allocated; 2155 h->resv_huge_pages += delta; 2156 ret = 0; 2157 2158 /* Free the needed pages to the hugetlb pool */ 2159 list_for_each_entry_safe(page, tmp, &surplus_list, lru) { 2160 int zeroed; 2161 2162 if ((--needed) < 0) 2163 break; 2164 /* 2165 * This page is now managed by the hugetlb allocator and has 2166 * no users -- drop the buddy allocator's reference. 2167 */ 2168 zeroed = put_page_testzero(page); 2169 VM_BUG_ON_PAGE(!zeroed, page); 2170 enqueue_huge_page(h, page); 2171 } 2172 free: 2173 spin_unlock_irq(&hugetlb_lock); 2174 2175 /* Free unnecessary surplus pages to the buddy allocator */ 2176 list_for_each_entry_safe(page, tmp, &surplus_list, lru) 2177 put_page(page); 2178 spin_lock_irq(&hugetlb_lock); 2179 2180 return ret; 2181 } 2182 2183 /* 2184 * This routine has two main purposes: 2185 * 1) Decrement the reservation count (resv_huge_pages) by the value passed 2186 * in unused_resv_pages. This corresponds to the prior adjustments made 2187 * to the associated reservation map. 2188 * 2) Free any unused surplus pages that may have been allocated to satisfy 2189 * the reservation. As many as unused_resv_pages may be freed. 2190 */ 2191 static void return_unused_surplus_pages(struct hstate *h, 2192 unsigned long unused_resv_pages) 2193 { 2194 unsigned long nr_pages; 2195 struct page *page; 2196 LIST_HEAD(page_list); 2197 2198 lockdep_assert_held(&hugetlb_lock); 2199 /* Uncommit the reservation */ 2200 h->resv_huge_pages -= unused_resv_pages; 2201 2202 /* Cannot return gigantic pages currently */ 2203 if (hstate_is_gigantic(h)) 2204 goto out; 2205 2206 /* 2207 * Part (or even all) of the reservation could have been backed 2208 * by pre-allocated pages. Only free surplus pages. 2209 */ 2210 nr_pages = min(unused_resv_pages, h->surplus_huge_pages); 2211 2212 /* 2213 * We want to release as many surplus pages as possible, spread 2214 * evenly across all nodes with memory. Iterate across these nodes 2215 * until we can no longer free unreserved surplus pages. This occurs 2216 * when the nodes with surplus pages have no free pages. 2217 * remove_pool_huge_page() will balance the freed pages across the 2218 * on-line nodes with memory and will handle the hstate accounting. 2219 */ 2220 while (nr_pages--) { 2221 page = remove_pool_huge_page(h, &node_states[N_MEMORY], 1); 2222 if (!page) 2223 goto out; 2224 2225 list_add(&page->lru, &page_list); 2226 } 2227 2228 out: 2229 spin_unlock_irq(&hugetlb_lock); 2230 update_and_free_pages_bulk(h, &page_list); 2231 spin_lock_irq(&hugetlb_lock); 2232 } 2233 2234 2235 /* 2236 * vma_needs_reservation, vma_commit_reservation and vma_end_reservation 2237 * are used by the huge page allocation routines to manage reservations. 2238 * 2239 * vma_needs_reservation is called to determine if the huge page at addr 2240 * within the vma has an associated reservation. If a reservation is 2241 * needed, the value 1 is returned. The caller is then responsible for 2242 * managing the global reservation and subpool usage counts. After 2243 * the huge page has been allocated, vma_commit_reservation is called 2244 * to add the page to the reservation map. If the page allocation fails, 2245 * the reservation must be ended instead of committed. vma_end_reservation 2246 * is called in such cases. 2247 * 2248 * In the normal case, vma_commit_reservation returns the same value 2249 * as the preceding vma_needs_reservation call. The only time this 2250 * is not the case is if a reserve map was changed between calls. It 2251 * is the responsibility of the caller to notice the difference and 2252 * take appropriate action. 2253 * 2254 * vma_add_reservation is used in error paths where a reservation must 2255 * be restored when a newly allocated huge page must be freed. It is 2256 * to be called after calling vma_needs_reservation to determine if a 2257 * reservation exists. 2258 * 2259 * vma_del_reservation is used in error paths where an entry in the reserve 2260 * map was created during huge page allocation and must be removed. It is to 2261 * be called after calling vma_needs_reservation to determine if a reservation 2262 * exists. 2263 */ 2264 enum vma_resv_mode { 2265 VMA_NEEDS_RESV, 2266 VMA_COMMIT_RESV, 2267 VMA_END_RESV, 2268 VMA_ADD_RESV, 2269 VMA_DEL_RESV, 2270 }; 2271 static long __vma_reservation_common(struct hstate *h, 2272 struct vm_area_struct *vma, unsigned long addr, 2273 enum vma_resv_mode mode) 2274 { 2275 struct resv_map *resv; 2276 pgoff_t idx; 2277 long ret; 2278 long dummy_out_regions_needed; 2279 2280 resv = vma_resv_map(vma); 2281 if (!resv) 2282 return 1; 2283 2284 idx = vma_hugecache_offset(h, vma, addr); 2285 switch (mode) { 2286 case VMA_NEEDS_RESV: 2287 ret = region_chg(resv, idx, idx + 1, &dummy_out_regions_needed); 2288 /* We assume that vma_reservation_* routines always operate on 2289 * 1 page, and that adding to resv map a 1 page entry can only 2290 * ever require 1 region. 2291 */ 2292 VM_BUG_ON(dummy_out_regions_needed != 1); 2293 break; 2294 case VMA_COMMIT_RESV: 2295 ret = region_add(resv, idx, idx + 1, 1, NULL, NULL); 2296 /* region_add calls of range 1 should never fail. */ 2297 VM_BUG_ON(ret < 0); 2298 break; 2299 case VMA_END_RESV: 2300 region_abort(resv, idx, idx + 1, 1); 2301 ret = 0; 2302 break; 2303 case VMA_ADD_RESV: 2304 if (vma->vm_flags & VM_MAYSHARE) { 2305 ret = region_add(resv, idx, idx + 1, 1, NULL, NULL); 2306 /* region_add calls of range 1 should never fail. */ 2307 VM_BUG_ON(ret < 0); 2308 } else { 2309 region_abort(resv, idx, idx + 1, 1); 2310 ret = region_del(resv, idx, idx + 1); 2311 } 2312 break; 2313 case VMA_DEL_RESV: 2314 if (vma->vm_flags & VM_MAYSHARE) { 2315 region_abort(resv, idx, idx + 1, 1); 2316 ret = region_del(resv, idx, idx + 1); 2317 } else { 2318 ret = region_add(resv, idx, idx + 1, 1, NULL, NULL); 2319 /* region_add calls of range 1 should never fail. */ 2320 VM_BUG_ON(ret < 0); 2321 } 2322 break; 2323 default: 2324 BUG(); 2325 } 2326 2327 if (vma->vm_flags & VM_MAYSHARE || mode == VMA_DEL_RESV) 2328 return ret; 2329 /* 2330 * We know private mapping must have HPAGE_RESV_OWNER set. 2331 * 2332 * In most cases, reserves always exist for private mappings. 2333 * However, a file associated with mapping could have been 2334 * hole punched or truncated after reserves were consumed. 2335 * As subsequent fault on such a range will not use reserves. 2336 * Subtle - The reserve map for private mappings has the 2337 * opposite meaning than that of shared mappings. If NO 2338 * entry is in the reserve map, it means a reservation exists. 2339 * If an entry exists in the reserve map, it means the 2340 * reservation has already been consumed. As a result, the 2341 * return value of this routine is the opposite of the 2342 * value returned from reserve map manipulation routines above. 2343 */ 2344 if (ret > 0) 2345 return 0; 2346 if (ret == 0) 2347 return 1; 2348 return ret; 2349 } 2350 2351 static long vma_needs_reservation(struct hstate *h, 2352 struct vm_area_struct *vma, unsigned long addr) 2353 { 2354 return __vma_reservation_common(h, vma, addr, VMA_NEEDS_RESV); 2355 } 2356 2357 static long vma_commit_reservation(struct hstate *h, 2358 struct vm_area_struct *vma, unsigned long addr) 2359 { 2360 return __vma_reservation_common(h, vma, addr, VMA_COMMIT_RESV); 2361 } 2362 2363 static void vma_end_reservation(struct hstate *h, 2364 struct vm_area_struct *vma, unsigned long addr) 2365 { 2366 (void)__vma_reservation_common(h, vma, addr, VMA_END_RESV); 2367 } 2368 2369 static long vma_add_reservation(struct hstate *h, 2370 struct vm_area_struct *vma, unsigned long addr) 2371 { 2372 return __vma_reservation_common(h, vma, addr, VMA_ADD_RESV); 2373 } 2374 2375 static long vma_del_reservation(struct hstate *h, 2376 struct vm_area_struct *vma, unsigned long addr) 2377 { 2378 return __vma_reservation_common(h, vma, addr, VMA_DEL_RESV); 2379 } 2380 2381 /* 2382 * This routine is called to restore reservation information on error paths. 2383 * It should ONLY be called for pages allocated via alloc_huge_page(), and 2384 * the hugetlb mutex should remain held when calling this routine. 2385 * 2386 * It handles two specific cases: 2387 * 1) A reservation was in place and the page consumed the reservation. 2388 * HPageRestoreReserve is set in the page. 2389 * 2) No reservation was in place for the page, so HPageRestoreReserve is 2390 * not set. However, alloc_huge_page always updates the reserve map. 2391 * 2392 * In case 1, free_huge_page later in the error path will increment the 2393 * global reserve count. But, free_huge_page does not have enough context 2394 * to adjust the reservation map. This case deals primarily with private 2395 * mappings. Adjust the reserve map here to be consistent with global 2396 * reserve count adjustments to be made by free_huge_page. Make sure the 2397 * reserve map indicates there is a reservation present. 2398 * 2399 * In case 2, simply undo reserve map modifications done by alloc_huge_page. 2400 */ 2401 void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma, 2402 unsigned long address, struct page *page) 2403 { 2404 long rc = vma_needs_reservation(h, vma, address); 2405 2406 if (HPageRestoreReserve(page)) { 2407 if (unlikely(rc < 0)) 2408 /* 2409 * Rare out of memory condition in reserve map 2410 * manipulation. Clear HPageRestoreReserve so that 2411 * global reserve count will not be incremented 2412 * by free_huge_page. This will make it appear 2413 * as though the reservation for this page was 2414 * consumed. This may prevent the task from 2415 * faulting in the page at a later time. This 2416 * is better than inconsistent global huge page 2417 * accounting of reserve counts. 2418 */ 2419 ClearHPageRestoreReserve(page); 2420 else if (rc) 2421 (void)vma_add_reservation(h, vma, address); 2422 else 2423 vma_end_reservation(h, vma, address); 2424 } else { 2425 if (!rc) { 2426 /* 2427 * This indicates there is an entry in the reserve map 2428 * added by alloc_huge_page. We know it was added 2429 * before the alloc_huge_page call, otherwise 2430 * HPageRestoreReserve would be set on the page. 2431 * Remove the entry so that a subsequent allocation 2432 * does not consume a reservation. 2433 */ 2434 rc = vma_del_reservation(h, vma, address); 2435 if (rc < 0) 2436 /* 2437 * VERY rare out of memory condition. Since 2438 * we can not delete the entry, set 2439 * HPageRestoreReserve so that the reserve 2440 * count will be incremented when the page 2441 * is freed. This reserve will be consumed 2442 * on a subsequent allocation. 2443 */ 2444 SetHPageRestoreReserve(page); 2445 } else if (rc < 0) { 2446 /* 2447 * Rare out of memory condition from 2448 * vma_needs_reservation call. Memory allocation is 2449 * only attempted if a new entry is needed. Therefore, 2450 * this implies there is not an entry in the 2451 * reserve map. 2452 * 2453 * For shared mappings, no entry in the map indicates 2454 * no reservation. We are done. 2455 */ 2456 if (!(vma->vm_flags & VM_MAYSHARE)) 2457 /* 2458 * For private mappings, no entry indicates 2459 * a reservation is present. Since we can 2460 * not add an entry, set SetHPageRestoreReserve 2461 * on the page so reserve count will be 2462 * incremented when freed. This reserve will 2463 * be consumed on a subsequent allocation. 2464 */ 2465 SetHPageRestoreReserve(page); 2466 } else 2467 /* 2468 * No reservation present, do nothing 2469 */ 2470 vma_end_reservation(h, vma, address); 2471 } 2472 } 2473 2474 /* 2475 * alloc_and_dissolve_huge_page - Allocate a new page and dissolve the old one 2476 * @h: struct hstate old page belongs to 2477 * @old_page: Old page to dissolve 2478 * @list: List to isolate the page in case we need to 2479 * Returns 0 on success, otherwise negated error. 2480 */ 2481 static int alloc_and_dissolve_huge_page(struct hstate *h, struct page *old_page, 2482 struct list_head *list) 2483 { 2484 gfp_t gfp_mask = htlb_alloc_mask(h) | __GFP_THISNODE; 2485 int nid = page_to_nid(old_page); 2486 struct page *new_page; 2487 int ret = 0; 2488 2489 /* 2490 * Before dissolving the page, we need to allocate a new one for the 2491 * pool to remain stable. Here, we allocate the page and 'prep' it 2492 * by doing everything but actually updating counters and adding to 2493 * the pool. This simplifies and let us do most of the processing 2494 * under the lock. 2495 */ 2496 new_page = alloc_buddy_huge_page(h, gfp_mask, nid, NULL, NULL); 2497 if (!new_page) 2498 return -ENOMEM; 2499 __prep_new_huge_page(h, new_page); 2500 2501 retry: 2502 spin_lock_irq(&hugetlb_lock); 2503 if (!PageHuge(old_page)) { 2504 /* 2505 * Freed from under us. Drop new_page too. 2506 */ 2507 goto free_new; 2508 } else if (page_count(old_page)) { 2509 /* 2510 * Someone has grabbed the page, try to isolate it here. 2511 * Fail with -EBUSY if not possible. 2512 */ 2513 spin_unlock_irq(&hugetlb_lock); 2514 if (!isolate_huge_page(old_page, list)) 2515 ret = -EBUSY; 2516 spin_lock_irq(&hugetlb_lock); 2517 goto free_new; 2518 } else if (!HPageFreed(old_page)) { 2519 /* 2520 * Page's refcount is 0 but it has not been enqueued in the 2521 * freelist yet. Race window is small, so we can succeed here if 2522 * we retry. 2523 */ 2524 spin_unlock_irq(&hugetlb_lock); 2525 cond_resched(); 2526 goto retry; 2527 } else { 2528 /* 2529 * Ok, old_page is still a genuine free hugepage. Remove it from 2530 * the freelist and decrease the counters. These will be 2531 * incremented again when calling __prep_account_new_huge_page() 2532 * and enqueue_huge_page() for new_page. The counters will remain 2533 * stable since this happens under the lock. 2534 */ 2535 remove_hugetlb_page(h, old_page, false); 2536 2537 /* 2538 * Reference count trick is needed because allocator gives us 2539 * referenced page but the pool requires pages with 0 refcount. 2540 */ 2541 __prep_account_new_huge_page(h, nid); 2542 page_ref_dec(new_page); 2543 enqueue_huge_page(h, new_page); 2544 2545 /* 2546 * Pages have been replaced, we can safely free the old one. 2547 */ 2548 spin_unlock_irq(&hugetlb_lock); 2549 update_and_free_page(h, old_page, false); 2550 } 2551 2552 return ret; 2553 2554 free_new: 2555 spin_unlock_irq(&hugetlb_lock); 2556 update_and_free_page(h, new_page, false); 2557 2558 return ret; 2559 } 2560 2561 int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list) 2562 { 2563 struct hstate *h; 2564 struct page *head; 2565 int ret = -EBUSY; 2566 2567 /* 2568 * The page might have been dissolved from under our feet, so make sure 2569 * to carefully check the state under the lock. 2570 * Return success when racing as if we dissolved the page ourselves. 2571 */ 2572 spin_lock_irq(&hugetlb_lock); 2573 if (PageHuge(page)) { 2574 head = compound_head(page); 2575 h = page_hstate(head); 2576 } else { 2577 spin_unlock_irq(&hugetlb_lock); 2578 return 0; 2579 } 2580 spin_unlock_irq(&hugetlb_lock); 2581 2582 /* 2583 * Fence off gigantic pages as there is a cyclic dependency between 2584 * alloc_contig_range and them. Return -ENOMEM as this has the effect 2585 * of bailing out right away without further retrying. 2586 */ 2587 if (hstate_is_gigantic(h)) 2588 return -ENOMEM; 2589 2590 if (page_count(head) && isolate_huge_page(head, list)) 2591 ret = 0; 2592 else if (!page_count(head)) 2593 ret = alloc_and_dissolve_huge_page(h, head, list); 2594 2595 return ret; 2596 } 2597 2598 struct page *alloc_huge_page(struct vm_area_struct *vma, 2599 unsigned long addr, int avoid_reserve) 2600 { 2601 struct hugepage_subpool *spool = subpool_vma(vma); 2602 struct hstate *h = hstate_vma(vma); 2603 struct page *page; 2604 long map_chg, map_commit; 2605 long gbl_chg; 2606 int ret, idx; 2607 struct hugetlb_cgroup *h_cg; 2608 bool deferred_reserve; 2609 2610 idx = hstate_index(h); 2611 /* 2612 * Examine the region/reserve map to determine if the process 2613 * has a reservation for the page to be allocated. A return 2614 * code of zero indicates a reservation exists (no change). 2615 */ 2616 map_chg = gbl_chg = vma_needs_reservation(h, vma, addr); 2617 if (map_chg < 0) 2618 return ERR_PTR(-ENOMEM); 2619 2620 /* 2621 * Processes that did not create the mapping will have no 2622 * reserves as indicated by the region/reserve map. Check 2623 * that the allocation will not exceed the subpool limit. 2624 * Allocations for MAP_NORESERVE mappings also need to be 2625 * checked against any subpool limit. 2626 */ 2627 if (map_chg || avoid_reserve) { 2628 gbl_chg = hugepage_subpool_get_pages(spool, 1); 2629 if (gbl_chg < 0) { 2630 vma_end_reservation(h, vma, addr); 2631 return ERR_PTR(-ENOSPC); 2632 } 2633 2634 /* 2635 * Even though there was no reservation in the region/reserve 2636 * map, there could be reservations associated with the 2637 * subpool that can be used. This would be indicated if the 2638 * return value of hugepage_subpool_get_pages() is zero. 2639 * However, if avoid_reserve is specified we still avoid even 2640 * the subpool reservations. 2641 */ 2642 if (avoid_reserve) 2643 gbl_chg = 1; 2644 } 2645 2646 /* If this allocation is not consuming a reservation, charge it now. 2647 */ 2648 deferred_reserve = map_chg || avoid_reserve; 2649 if (deferred_reserve) { 2650 ret = hugetlb_cgroup_charge_cgroup_rsvd( 2651 idx, pages_per_huge_page(h), &h_cg); 2652 if (ret) 2653 goto out_subpool_put; 2654 } 2655 2656 ret = hugetlb_cgroup_charge_cgroup(idx, pages_per_huge_page(h), &h_cg); 2657 if (ret) 2658 goto out_uncharge_cgroup_reservation; 2659 2660 spin_lock_irq(&hugetlb_lock); 2661 /* 2662 * glb_chg is passed to indicate whether or not a page must be taken 2663 * from the global free pool (global change). gbl_chg == 0 indicates 2664 * a reservation exists for the allocation. 2665 */ 2666 page = dequeue_huge_page_vma(h, vma, addr, avoid_reserve, gbl_chg); 2667 if (!page) { 2668 spin_unlock_irq(&hugetlb_lock); 2669 page = alloc_buddy_huge_page_with_mpol(h, vma, addr); 2670 if (!page) 2671 goto out_uncharge_cgroup; 2672 if (!avoid_reserve && vma_has_reserves(vma, gbl_chg)) { 2673 SetHPageRestoreReserve(page); 2674 h->resv_huge_pages--; 2675 } 2676 spin_lock_irq(&hugetlb_lock); 2677 list_add(&page->lru, &h->hugepage_activelist); 2678 /* Fall through */ 2679 } 2680 hugetlb_cgroup_commit_charge(idx, pages_per_huge_page(h), h_cg, page); 2681 /* If allocation is not consuming a reservation, also store the 2682 * hugetlb_cgroup pointer on the page. 2683 */ 2684 if (deferred_reserve) { 2685 hugetlb_cgroup_commit_charge_rsvd(idx, pages_per_huge_page(h), 2686 h_cg, page); 2687 } 2688 2689 spin_unlock_irq(&hugetlb_lock); 2690 2691 hugetlb_set_page_subpool(page, spool); 2692 2693 map_commit = vma_commit_reservation(h, vma, addr); 2694 if (unlikely(map_chg > map_commit)) { 2695 /* 2696 * The page was added to the reservation map between 2697 * vma_needs_reservation and vma_commit_reservation. 2698 * This indicates a race with hugetlb_reserve_pages. 2699 * Adjust for the subpool count incremented above AND 2700 * in hugetlb_reserve_pages for the same page. Also, 2701 * the reservation count added in hugetlb_reserve_pages 2702 * no longer applies. 2703 */ 2704 long rsv_adjust; 2705 2706 rsv_adjust = hugepage_subpool_put_pages(spool, 1); 2707 hugetlb_acct_memory(h, -rsv_adjust); 2708 if (deferred_reserve) 2709 hugetlb_cgroup_uncharge_page_rsvd(hstate_index(h), 2710 pages_per_huge_page(h), page); 2711 } 2712 return page; 2713 2714 out_uncharge_cgroup: 2715 hugetlb_cgroup_uncharge_cgroup(idx, pages_per_huge_page(h), h_cg); 2716 out_uncharge_cgroup_reservation: 2717 if (deferred_reserve) 2718 hugetlb_cgroup_uncharge_cgroup_rsvd(idx, pages_per_huge_page(h), 2719 h_cg); 2720 out_subpool_put: 2721 if (map_chg || avoid_reserve) 2722 hugepage_subpool_put_pages(spool, 1); 2723 vma_end_reservation(h, vma, addr); 2724 return ERR_PTR(-ENOSPC); 2725 } 2726 2727 int alloc_bootmem_huge_page(struct hstate *h) 2728 __attribute__ ((weak, alias("__alloc_bootmem_huge_page"))); 2729 int __alloc_bootmem_huge_page(struct hstate *h) 2730 { 2731 struct huge_bootmem_page *m; 2732 int nr_nodes, node; 2733 2734 for_each_node_mask_to_alloc(h, nr_nodes, node, &node_states[N_MEMORY]) { 2735 void *addr; 2736 2737 addr = memblock_alloc_try_nid_raw( 2738 huge_page_size(h), huge_page_size(h), 2739 0, MEMBLOCK_ALLOC_ACCESSIBLE, node); 2740 if (addr) { 2741 /* 2742 * Use the beginning of the huge page to store the 2743 * huge_bootmem_page struct (until gather_bootmem 2744 * puts them into the mem_map). 2745 */ 2746 m = addr; 2747 goto found; 2748 } 2749 } 2750 return 0; 2751 2752 found: 2753 BUG_ON(!IS_ALIGNED(virt_to_phys(m), huge_page_size(h))); 2754 /* Put them into a private list first because mem_map is not up yet */ 2755 INIT_LIST_HEAD(&m->list); 2756 list_add(&m->list, &huge_boot_pages); 2757 m->hstate = h; 2758 return 1; 2759 } 2760 2761 static void __init prep_compound_huge_page(struct page *page, 2762 unsigned int order) 2763 { 2764 if (unlikely(order > (MAX_ORDER - 1))) 2765 prep_compound_gigantic_page(page, order); 2766 else 2767 prep_compound_page(page, order); 2768 } 2769 2770 /* Put bootmem huge pages into the standard lists after mem_map is up */ 2771 static void __init gather_bootmem_prealloc(void) 2772 { 2773 struct huge_bootmem_page *m; 2774 2775 list_for_each_entry(m, &huge_boot_pages, list) { 2776 struct page *page = virt_to_page(m); 2777 struct hstate *h = m->hstate; 2778 2779 WARN_ON(page_count(page) != 1); 2780 prep_compound_huge_page(page, huge_page_order(h)); 2781 WARN_ON(PageReserved(page)); 2782 prep_new_huge_page(h, page, page_to_nid(page)); 2783 put_page(page); /* free it into the hugepage allocator */ 2784 2785 /* 2786 * If we had gigantic hugepages allocated at boot time, we need 2787 * to restore the 'stolen' pages to totalram_pages in order to 2788 * fix confusing memory reports from free(1) and another 2789 * side-effects, like CommitLimit going negative. 2790 */ 2791 if (hstate_is_gigantic(h)) 2792 adjust_managed_page_count(page, pages_per_huge_page(h)); 2793 cond_resched(); 2794 } 2795 } 2796 2797 static void __init hugetlb_hstate_alloc_pages(struct hstate *h) 2798 { 2799 unsigned long i; 2800 nodemask_t *node_alloc_noretry; 2801 2802 if (!hstate_is_gigantic(h)) { 2803 /* 2804 * Bit mask controlling how hard we retry per-node allocations. 2805 * Ignore errors as lower level routines can deal with 2806 * node_alloc_noretry == NULL. If this kmalloc fails at boot 2807 * time, we are likely in bigger trouble. 2808 */ 2809 node_alloc_noretry = kmalloc(sizeof(*node_alloc_noretry), 2810 GFP_KERNEL); 2811 } else { 2812 /* allocations done at boot time */ 2813 node_alloc_noretry = NULL; 2814 } 2815 2816 /* bit mask controlling how hard we retry per-node allocations */ 2817 if (node_alloc_noretry) 2818 nodes_clear(*node_alloc_noretry); 2819 2820 for (i = 0; i < h->max_huge_pages; ++i) { 2821 if (hstate_is_gigantic(h)) { 2822 if (hugetlb_cma_size) { 2823 pr_warn_once("HugeTLB: hugetlb_cma is enabled, skip boot time allocation\n"); 2824 goto free; 2825 } 2826 if (!alloc_bootmem_huge_page(h)) 2827 break; 2828 } else if (!alloc_pool_huge_page(h, 2829 &node_states[N_MEMORY], 2830 node_alloc_noretry)) 2831 break; 2832 cond_resched(); 2833 } 2834 if (i < h->max_huge_pages) { 2835 char buf[32]; 2836 2837 string_get_size(huge_page_size(h), 1, STRING_UNITS_2, buf, 32); 2838 pr_warn("HugeTLB: allocating %lu of page size %s failed. Only allocated %lu hugepages.\n", 2839 h->max_huge_pages, buf, i); 2840 h->max_huge_pages = i; 2841 } 2842 free: 2843 kfree(node_alloc_noretry); 2844 } 2845 2846 static void __init hugetlb_init_hstates(void) 2847 { 2848 struct hstate *h; 2849 2850 for_each_hstate(h) { 2851 if (minimum_order > huge_page_order(h)) 2852 minimum_order = huge_page_order(h); 2853 2854 /* oversize hugepages were init'ed in early boot */ 2855 if (!hstate_is_gigantic(h)) 2856 hugetlb_hstate_alloc_pages(h); 2857 } 2858 VM_BUG_ON(minimum_order == UINT_MAX); 2859 } 2860 2861 static void __init report_hugepages(void) 2862 { 2863 struct hstate *h; 2864 2865 for_each_hstate(h) { 2866 char buf[32]; 2867 2868 string_get_size(huge_page_size(h), 1, STRING_UNITS_2, buf, 32); 2869 pr_info("HugeTLB registered %s page size, pre-allocated %ld pages\n", 2870 buf, h->free_huge_pages); 2871 } 2872 } 2873 2874 #ifdef CONFIG_HIGHMEM 2875 static void try_to_free_low(struct hstate *h, unsigned long count, 2876 nodemask_t *nodes_allowed) 2877 { 2878 int i; 2879 LIST_HEAD(page_list); 2880 2881 lockdep_assert_held(&hugetlb_lock); 2882 if (hstate_is_gigantic(h)) 2883 return; 2884 2885 /* 2886 * Collect pages to be freed on a list, and free after dropping lock 2887 */ 2888 for_each_node_mask(i, *nodes_allowed) { 2889 struct page *page, *next; 2890 struct list_head *freel = &h->hugepage_freelists[i]; 2891 list_for_each_entry_safe(page, next, freel, lru) { 2892 if (count >= h->nr_huge_pages) 2893 goto out; 2894 if (PageHighMem(page)) 2895 continue; 2896 remove_hugetlb_page(h, page, false); 2897 list_add(&page->lru, &page_list); 2898 } 2899 } 2900 2901 out: 2902 spin_unlock_irq(&hugetlb_lock); 2903 update_and_free_pages_bulk(h, &page_list); 2904 spin_lock_irq(&hugetlb_lock); 2905 } 2906 #else 2907 static inline void try_to_free_low(struct hstate *h, unsigned long count, 2908 nodemask_t *nodes_allowed) 2909 { 2910 } 2911 #endif 2912 2913 /* 2914 * Increment or decrement surplus_huge_pages. Keep node-specific counters 2915 * balanced by operating on them in a round-robin fashion. 2916 * Returns 1 if an adjustment was made. 2917 */ 2918 static int adjust_pool_surplus(struct hstate *h, nodemask_t *nodes_allowed, 2919 int delta) 2920 { 2921 int nr_nodes, node; 2922 2923 lockdep_assert_held(&hugetlb_lock); 2924 VM_BUG_ON(delta != -1 && delta != 1); 2925 2926 if (delta < 0) { 2927 for_each_node_mask_to_alloc(h, nr_nodes, node, nodes_allowed) { 2928 if (h->surplus_huge_pages_node[node]) 2929 goto found; 2930 } 2931 } else { 2932 for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) { 2933 if (h->surplus_huge_pages_node[node] < 2934 h->nr_huge_pages_node[node]) 2935 goto found; 2936 } 2937 } 2938 return 0; 2939 2940 found: 2941 h->surplus_huge_pages += delta; 2942 h->surplus_huge_pages_node[node] += delta; 2943 return 1; 2944 } 2945 2946 #define persistent_huge_pages(h) (h->nr_huge_pages - h->surplus_huge_pages) 2947 static int set_max_huge_pages(struct hstate *h, unsigned long count, int nid, 2948 nodemask_t *nodes_allowed) 2949 { 2950 unsigned long min_count, ret; 2951 struct page *page; 2952 LIST_HEAD(page_list); 2953 NODEMASK_ALLOC(nodemask_t, node_alloc_noretry, GFP_KERNEL); 2954 2955 /* 2956 * Bit mask controlling how hard we retry per-node allocations. 2957 * If we can not allocate the bit mask, do not attempt to allocate 2958 * the requested huge pages. 2959 */ 2960 if (node_alloc_noretry) 2961 nodes_clear(*node_alloc_noretry); 2962 else 2963 return -ENOMEM; 2964 2965 /* 2966 * resize_lock mutex prevents concurrent adjustments to number of 2967 * pages in hstate via the proc/sysfs interfaces. 2968 */ 2969 mutex_lock(&h->resize_lock); 2970 flush_free_hpage_work(h); 2971 spin_lock_irq(&hugetlb_lock); 2972 2973 /* 2974 * Check for a node specific request. 2975 * Changing node specific huge page count may require a corresponding 2976 * change to the global count. In any case, the passed node mask 2977 * (nodes_allowed) will restrict alloc/free to the specified node. 2978 */ 2979 if (nid != NUMA_NO_NODE) { 2980 unsigned long old_count = count; 2981 2982 count += h->nr_huge_pages - h->nr_huge_pages_node[nid]; 2983 /* 2984 * User may have specified a large count value which caused the 2985 * above calculation to overflow. In this case, they wanted 2986 * to allocate as many huge pages as possible. Set count to 2987 * largest possible value to align with their intention. 2988 */ 2989 if (count < old_count) 2990 count = ULONG_MAX; 2991 } 2992 2993 /* 2994 * Gigantic pages runtime allocation depend on the capability for large 2995 * page range allocation. 2996 * If the system does not provide this feature, return an error when 2997 * the user tries to allocate gigantic pages but let the user free the 2998 * boottime allocated gigantic pages. 2999 */ 3000 if (hstate_is_gigantic(h) && !IS_ENABLED(CONFIG_CONTIG_ALLOC)) { 3001 if (count > persistent_huge_pages(h)) { 3002 spin_unlock_irq(&hugetlb_lock); 3003 mutex_unlock(&h->resize_lock); 3004 NODEMASK_FREE(node_alloc_noretry); 3005 return -EINVAL; 3006 } 3007 /* Fall through to decrease pool */ 3008 } 3009 3010 /* 3011 * Increase the pool size 3012 * First take pages out of surplus state. Then make up the 3013 * remaining difference by allocating fresh huge pages. 3014 * 3015 * We might race with alloc_surplus_huge_page() here and be unable 3016 * to convert a surplus huge page to a normal huge page. That is 3017 * not critical, though, it just means the overall size of the 3018 * pool might be one hugepage larger than it needs to be, but 3019 * within all the constraints specified by the sysctls. 3020 */ 3021 while (h->surplus_huge_pages && count > persistent_huge_pages(h)) { 3022 if (!adjust_pool_surplus(h, nodes_allowed, -1)) 3023 break; 3024 } 3025 3026 while (count > persistent_huge_pages(h)) { 3027 /* 3028 * If this allocation races such that we no longer need the 3029 * page, free_huge_page will handle it by freeing the page 3030 * and reducing the surplus. 3031 */ 3032 spin_unlock_irq(&hugetlb_lock); 3033 3034 /* yield cpu to avoid soft lockup */ 3035 cond_resched(); 3036 3037 ret = alloc_pool_huge_page(h, nodes_allowed, 3038 node_alloc_noretry); 3039 spin_lock_irq(&hugetlb_lock); 3040 if (!ret) 3041 goto out; 3042 3043 /* Bail for signals. Probably ctrl-c from user */ 3044 if (signal_pending(current)) 3045 goto out; 3046 } 3047 3048 /* 3049 * Decrease the pool size 3050 * First return free pages to the buddy allocator (being careful 3051 * to keep enough around to satisfy reservations). Then place 3052 * pages into surplus state as needed so the pool will shrink 3053 * to the desired size as pages become free. 3054 * 3055 * By placing pages into the surplus state independent of the 3056 * overcommit value, we are allowing the surplus pool size to 3057 * exceed overcommit. There are few sane options here. Since 3058 * alloc_surplus_huge_page() is checking the global counter, 3059 * though, we'll note that we're not allowed to exceed surplus 3060 * and won't grow the pool anywhere else. Not until one of the 3061 * sysctls are changed, or the surplus pages go out of use. 3062 */ 3063 min_count = h->resv_huge_pages + h->nr_huge_pages - h->free_huge_pages; 3064 min_count = max(count, min_count); 3065 try_to_free_low(h, min_count, nodes_allowed); 3066 3067 /* 3068 * Collect pages to be removed on list without dropping lock 3069 */ 3070 while (min_count < persistent_huge_pages(h)) { 3071 page = remove_pool_huge_page(h, nodes_allowed, 0); 3072 if (!page) 3073 break; 3074 3075 list_add(&page->lru, &page_list); 3076 } 3077 /* free the pages after dropping lock */ 3078 spin_unlock_irq(&hugetlb_lock); 3079 update_and_free_pages_bulk(h, &page_list); 3080 flush_free_hpage_work(h); 3081 spin_lock_irq(&hugetlb_lock); 3082 3083 while (count < persistent_huge_pages(h)) { 3084 if (!adjust_pool_surplus(h, nodes_allowed, 1)) 3085 break; 3086 } 3087 out: 3088 h->max_huge_pages = persistent_huge_pages(h); 3089 spin_unlock_irq(&hugetlb_lock); 3090 mutex_unlock(&h->resize_lock); 3091 3092 NODEMASK_FREE(node_alloc_noretry); 3093 3094 return 0; 3095 } 3096 3097 #define HSTATE_ATTR_RO(_name) \ 3098 static struct kobj_attribute _name##_attr = __ATTR_RO(_name) 3099 3100 #define HSTATE_ATTR(_name) \ 3101 static struct kobj_attribute _name##_attr = \ 3102 __ATTR(_name, 0644, _name##_show, _name##_store) 3103 3104 static struct kobject *hugepages_kobj; 3105 static struct kobject *hstate_kobjs[HUGE_MAX_HSTATE]; 3106 3107 static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp); 3108 3109 static struct hstate *kobj_to_hstate(struct kobject *kobj, int *nidp) 3110 { 3111 int i; 3112 3113 for (i = 0; i < HUGE_MAX_HSTATE; i++) 3114 if (hstate_kobjs[i] == kobj) { 3115 if (nidp) 3116 *nidp = NUMA_NO_NODE; 3117 return &hstates[i]; 3118 } 3119 3120 return kobj_to_node_hstate(kobj, nidp); 3121 } 3122 3123 static ssize_t nr_hugepages_show_common(struct kobject *kobj, 3124 struct kobj_attribute *attr, char *buf) 3125 { 3126 struct hstate *h; 3127 unsigned long nr_huge_pages; 3128 int nid; 3129 3130 h = kobj_to_hstate(kobj, &nid); 3131 if (nid == NUMA_NO_NODE) 3132 nr_huge_pages = h->nr_huge_pages; 3133 else 3134 nr_huge_pages = h->nr_huge_pages_node[nid]; 3135 3136 return sysfs_emit(buf, "%lu\n", nr_huge_pages); 3137 } 3138 3139 static ssize_t __nr_hugepages_store_common(bool obey_mempolicy, 3140 struct hstate *h, int nid, 3141 unsigned long count, size_t len) 3142 { 3143 int err; 3144 nodemask_t nodes_allowed, *n_mask; 3145 3146 if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported()) 3147 return -EINVAL; 3148 3149 if (nid == NUMA_NO_NODE) { 3150 /* 3151 * global hstate attribute 3152 */ 3153 if (!(obey_mempolicy && 3154 init_nodemask_of_mempolicy(&nodes_allowed))) 3155 n_mask = &node_states[N_MEMORY]; 3156 else 3157 n_mask = &nodes_allowed; 3158 } else { 3159 /* 3160 * Node specific request. count adjustment happens in 3161 * set_max_huge_pages() after acquiring hugetlb_lock. 3162 */ 3163 init_nodemask_of_node(&nodes_allowed, nid); 3164 n_mask = &nodes_allowed; 3165 } 3166 3167 err = set_max_huge_pages(h, count, nid, n_mask); 3168 3169 return err ? err : len; 3170 } 3171 3172 static ssize_t nr_hugepages_store_common(bool obey_mempolicy, 3173 struct kobject *kobj, const char *buf, 3174 size_t len) 3175 { 3176 struct hstate *h; 3177 unsigned long count; 3178 int nid; 3179 int err; 3180 3181 err = kstrtoul(buf, 10, &count); 3182 if (err) 3183 return err; 3184 3185 h = kobj_to_hstate(kobj, &nid); 3186 return __nr_hugepages_store_common(obey_mempolicy, h, nid, count, len); 3187 } 3188 3189 static ssize_t nr_hugepages_show(struct kobject *kobj, 3190 struct kobj_attribute *attr, char *buf) 3191 { 3192 return nr_hugepages_show_common(kobj, attr, buf); 3193 } 3194 3195 static ssize_t nr_hugepages_store(struct kobject *kobj, 3196 struct kobj_attribute *attr, const char *buf, size_t len) 3197 { 3198 return nr_hugepages_store_common(false, kobj, buf, len); 3199 } 3200 HSTATE_ATTR(nr_hugepages); 3201 3202 #ifdef CONFIG_NUMA 3203 3204 /* 3205 * hstate attribute for optionally mempolicy-based constraint on persistent 3206 * huge page alloc/free. 3207 */ 3208 static ssize_t nr_hugepages_mempolicy_show(struct kobject *kobj, 3209 struct kobj_attribute *attr, 3210 char *buf) 3211 { 3212 return nr_hugepages_show_common(kobj, attr, buf); 3213 } 3214 3215 static ssize_t nr_hugepages_mempolicy_store(struct kobject *kobj, 3216 struct kobj_attribute *attr, const char *buf, size_t len) 3217 { 3218 return nr_hugepages_store_common(true, kobj, buf, len); 3219 } 3220 HSTATE_ATTR(nr_hugepages_mempolicy); 3221 #endif 3222 3223 3224 static ssize_t nr_overcommit_hugepages_show(struct kobject *kobj, 3225 struct kobj_attribute *attr, char *buf) 3226 { 3227 struct hstate *h = kobj_to_hstate(kobj, NULL); 3228 return sysfs_emit(buf, "%lu\n", h->nr_overcommit_huge_pages); 3229 } 3230 3231 static ssize_t nr_overcommit_hugepages_store(struct kobject *kobj, 3232 struct kobj_attribute *attr, const char *buf, size_t count) 3233 { 3234 int err; 3235 unsigned long input; 3236 struct hstate *h = kobj_to_hstate(kobj, NULL); 3237 3238 if (hstate_is_gigantic(h)) 3239 return -EINVAL; 3240 3241 err = kstrtoul(buf, 10, &input); 3242 if (err) 3243 return err; 3244 3245 spin_lock_irq(&hugetlb_lock); 3246 h->nr_overcommit_huge_pages = input; 3247 spin_unlock_irq(&hugetlb_lock); 3248 3249 return count; 3250 } 3251 HSTATE_ATTR(nr_overcommit_hugepages); 3252 3253 static ssize_t free_hugepages_show(struct kobject *kobj, 3254 struct kobj_attribute *attr, char *buf) 3255 { 3256 struct hstate *h; 3257 unsigned long free_huge_pages; 3258 int nid; 3259 3260 h = kobj_to_hstate(kobj, &nid); 3261 if (nid == NUMA_NO_NODE) 3262 free_huge_pages = h->free_huge_pages; 3263 else 3264 free_huge_pages = h->free_huge_pages_node[nid]; 3265 3266 return sysfs_emit(buf, "%lu\n", free_huge_pages); 3267 } 3268 HSTATE_ATTR_RO(free_hugepages); 3269 3270 static ssize_t resv_hugepages_show(struct kobject *kobj, 3271 struct kobj_attribute *attr, char *buf) 3272 { 3273 struct hstate *h = kobj_to_hstate(kobj, NULL); 3274 return sysfs_emit(buf, "%lu\n", h->resv_huge_pages); 3275 } 3276 HSTATE_ATTR_RO(resv_hugepages); 3277 3278 static ssize_t surplus_hugepages_show(struct kobject *kobj, 3279 struct kobj_attribute *attr, char *buf) 3280 { 3281 struct hstate *h; 3282 unsigned long surplus_huge_pages; 3283 int nid; 3284 3285 h = kobj_to_hstate(kobj, &nid); 3286 if (nid == NUMA_NO_NODE) 3287 surplus_huge_pages = h->surplus_huge_pages; 3288 else 3289 surplus_huge_pages = h->surplus_huge_pages_node[nid]; 3290 3291 return sysfs_emit(buf, "%lu\n", surplus_huge_pages); 3292 } 3293 HSTATE_ATTR_RO(surplus_hugepages); 3294 3295 static struct attribute *hstate_attrs[] = { 3296 &nr_hugepages_attr.attr, 3297 &nr_overcommit_hugepages_attr.attr, 3298 &free_hugepages_attr.attr, 3299 &resv_hugepages_attr.attr, 3300 &surplus_hugepages_attr.attr, 3301 #ifdef CONFIG_NUMA 3302 &nr_hugepages_mempolicy_attr.attr, 3303 #endif 3304 NULL, 3305 }; 3306 3307 static const struct attribute_group hstate_attr_group = { 3308 .attrs = hstate_attrs, 3309 }; 3310 3311 static int hugetlb_sysfs_add_hstate(struct hstate *h, struct kobject *parent, 3312 struct kobject **hstate_kobjs, 3313 const struct attribute_group *hstate_attr_group) 3314 { 3315 int retval; 3316 int hi = hstate_index(h); 3317 3318 hstate_kobjs[hi] = kobject_create_and_add(h->name, parent); 3319 if (!hstate_kobjs[hi]) 3320 return -ENOMEM; 3321 3322 retval = sysfs_create_group(hstate_kobjs[hi], hstate_attr_group); 3323 if (retval) { 3324 kobject_put(hstate_kobjs[hi]); 3325 hstate_kobjs[hi] = NULL; 3326 } 3327 3328 return retval; 3329 } 3330 3331 static void __init hugetlb_sysfs_init(void) 3332 { 3333 struct hstate *h; 3334 int err; 3335 3336 hugepages_kobj = kobject_create_and_add("hugepages", mm_kobj); 3337 if (!hugepages_kobj) 3338 return; 3339 3340 for_each_hstate(h) { 3341 err = hugetlb_sysfs_add_hstate(h, hugepages_kobj, 3342 hstate_kobjs, &hstate_attr_group); 3343 if (err) 3344 pr_err("HugeTLB: Unable to add hstate %s", h->name); 3345 } 3346 } 3347 3348 #ifdef CONFIG_NUMA 3349 3350 /* 3351 * node_hstate/s - associate per node hstate attributes, via their kobjects, 3352 * with node devices in node_devices[] using a parallel array. The array 3353 * index of a node device or _hstate == node id. 3354 * This is here to avoid any static dependency of the node device driver, in 3355 * the base kernel, on the hugetlb module. 3356 */ 3357 struct node_hstate { 3358 struct kobject *hugepages_kobj; 3359 struct kobject *hstate_kobjs[HUGE_MAX_HSTATE]; 3360 }; 3361 static struct node_hstate node_hstates[MAX_NUMNODES]; 3362 3363 /* 3364 * A subset of global hstate attributes for node devices 3365 */ 3366 static struct attribute *per_node_hstate_attrs[] = { 3367 &nr_hugepages_attr.attr, 3368 &free_hugepages_attr.attr, 3369 &surplus_hugepages_attr.attr, 3370 NULL, 3371 }; 3372 3373 static const struct attribute_group per_node_hstate_attr_group = { 3374 .attrs = per_node_hstate_attrs, 3375 }; 3376 3377 /* 3378 * kobj_to_node_hstate - lookup global hstate for node device hstate attr kobj. 3379 * Returns node id via non-NULL nidp. 3380 */ 3381 static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp) 3382 { 3383 int nid; 3384 3385 for (nid = 0; nid < nr_node_ids; nid++) { 3386 struct node_hstate *nhs = &node_hstates[nid]; 3387 int i; 3388 for (i = 0; i < HUGE_MAX_HSTATE; i++) 3389 if (nhs->hstate_kobjs[i] == kobj) { 3390 if (nidp) 3391 *nidp = nid; 3392 return &hstates[i]; 3393 } 3394 } 3395 3396 BUG(); 3397 return NULL; 3398 } 3399 3400 /* 3401 * Unregister hstate attributes from a single node device. 3402 * No-op if no hstate attributes attached. 3403 */ 3404 static void hugetlb_unregister_node(struct node *node) 3405 { 3406 struct hstate *h; 3407 struct node_hstate *nhs = &node_hstates[node->dev.id]; 3408 3409 if (!nhs->hugepages_kobj) 3410 return; /* no hstate attributes */ 3411 3412 for_each_hstate(h) { 3413 int idx = hstate_index(h); 3414 if (nhs->hstate_kobjs[idx]) { 3415 kobject_put(nhs->hstate_kobjs[idx]); 3416 nhs->hstate_kobjs[idx] = NULL; 3417 } 3418 } 3419 3420 kobject_put(nhs->hugepages_kobj); 3421 nhs->hugepages_kobj = NULL; 3422 } 3423 3424 3425 /* 3426 * Register hstate attributes for a single node device. 3427 * No-op if attributes already registered. 3428 */ 3429 static void hugetlb_register_node(struct node *node) 3430 { 3431 struct hstate *h; 3432 struct node_hstate *nhs = &node_hstates[node->dev.id]; 3433 int err; 3434 3435 if (nhs->hugepages_kobj) 3436 return; /* already allocated */ 3437 3438 nhs->hugepages_kobj = kobject_create_and_add("hugepages", 3439 &node->dev.kobj); 3440 if (!nhs->hugepages_kobj) 3441 return; 3442 3443 for_each_hstate(h) { 3444 err = hugetlb_sysfs_add_hstate(h, nhs->hugepages_kobj, 3445 nhs->hstate_kobjs, 3446 &per_node_hstate_attr_group); 3447 if (err) { 3448 pr_err("HugeTLB: Unable to add hstate %s for node %d\n", 3449 h->name, node->dev.id); 3450 hugetlb_unregister_node(node); 3451 break; 3452 } 3453 } 3454 } 3455 3456 /* 3457 * hugetlb init time: register hstate attributes for all registered node 3458 * devices of nodes that have memory. All on-line nodes should have 3459 * registered their associated device by this time. 3460 */ 3461 static void __init hugetlb_register_all_nodes(void) 3462 { 3463 int nid; 3464 3465 for_each_node_state(nid, N_MEMORY) { 3466 struct node *node = node_devices[nid]; 3467 if (node->dev.id == nid) 3468 hugetlb_register_node(node); 3469 } 3470 3471 /* 3472 * Let the node device driver know we're here so it can 3473 * [un]register hstate attributes on node hotplug. 3474 */ 3475 register_hugetlbfs_with_node(hugetlb_register_node, 3476 hugetlb_unregister_node); 3477 } 3478 #else /* !CONFIG_NUMA */ 3479 3480 static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp) 3481 { 3482 BUG(); 3483 if (nidp) 3484 *nidp = -1; 3485 return NULL; 3486 } 3487 3488 static void hugetlb_register_all_nodes(void) { } 3489 3490 #endif 3491 3492 static int __init hugetlb_init(void) 3493 { 3494 int i; 3495 3496 BUILD_BUG_ON(sizeof_field(struct page, private) * BITS_PER_BYTE < 3497 __NR_HPAGEFLAGS); 3498 3499 if (!hugepages_supported()) { 3500 if (hugetlb_max_hstate || default_hstate_max_huge_pages) 3501 pr_warn("HugeTLB: huge pages not supported, ignoring associated command-line parameters\n"); 3502 return 0; 3503 } 3504 3505 /* 3506 * Make sure HPAGE_SIZE (HUGETLB_PAGE_ORDER) hstate exists. Some 3507 * architectures depend on setup being done here. 3508 */ 3509 hugetlb_add_hstate(HUGETLB_PAGE_ORDER); 3510 if (!parsed_default_hugepagesz) { 3511 /* 3512 * If we did not parse a default huge page size, set 3513 * default_hstate_idx to HPAGE_SIZE hstate. And, if the 3514 * number of huge pages for this default size was implicitly 3515 * specified, set that here as well. 3516 * Note that the implicit setting will overwrite an explicit 3517 * setting. A warning will be printed in this case. 3518 */ 3519 default_hstate_idx = hstate_index(size_to_hstate(HPAGE_SIZE)); 3520 if (default_hstate_max_huge_pages) { 3521 if (default_hstate.max_huge_pages) { 3522 char buf[32]; 3523 3524 string_get_size(huge_page_size(&default_hstate), 3525 1, STRING_UNITS_2, buf, 32); 3526 pr_warn("HugeTLB: Ignoring hugepages=%lu associated with %s page size\n", 3527 default_hstate.max_huge_pages, buf); 3528 pr_warn("HugeTLB: Using hugepages=%lu for number of default huge pages\n", 3529 default_hstate_max_huge_pages); 3530 } 3531 default_hstate.max_huge_pages = 3532 default_hstate_max_huge_pages; 3533 } 3534 } 3535 3536 hugetlb_cma_check(); 3537 hugetlb_init_hstates(); 3538 gather_bootmem_prealloc(); 3539 report_hugepages(); 3540 3541 hugetlb_sysfs_init(); 3542 hugetlb_register_all_nodes(); 3543 hugetlb_cgroup_file_init(); 3544 3545 #ifdef CONFIG_SMP 3546 num_fault_mutexes = roundup_pow_of_two(8 * num_possible_cpus()); 3547 #else 3548 num_fault_mutexes = 1; 3549 #endif 3550 hugetlb_fault_mutex_table = 3551 kmalloc_array(num_fault_mutexes, sizeof(struct mutex), 3552 GFP_KERNEL); 3553 BUG_ON(!hugetlb_fault_mutex_table); 3554 3555 for (i = 0; i < num_fault_mutexes; i++) 3556 mutex_init(&hugetlb_fault_mutex_table[i]); 3557 return 0; 3558 } 3559 subsys_initcall(hugetlb_init); 3560 3561 /* Overwritten by architectures with more huge page sizes */ 3562 bool __init __attribute((weak)) arch_hugetlb_valid_size(unsigned long size) 3563 { 3564 return size == HPAGE_SIZE; 3565 } 3566 3567 void __init hugetlb_add_hstate(unsigned int order) 3568 { 3569 struct hstate *h; 3570 unsigned long i; 3571 3572 if (size_to_hstate(PAGE_SIZE << order)) { 3573 return; 3574 } 3575 BUG_ON(hugetlb_max_hstate >= HUGE_MAX_HSTATE); 3576 BUG_ON(order == 0); 3577 h = &hstates[hugetlb_max_hstate++]; 3578 mutex_init(&h->resize_lock); 3579 h->order = order; 3580 h->mask = ~(huge_page_size(h) - 1); 3581 for (i = 0; i < MAX_NUMNODES; ++i) 3582 INIT_LIST_HEAD(&h->hugepage_freelists[i]); 3583 INIT_LIST_HEAD(&h->hugepage_activelist); 3584 h->next_nid_to_alloc = first_memory_node; 3585 h->next_nid_to_free = first_memory_node; 3586 snprintf(h->name, HSTATE_NAME_LEN, "hugepages-%lukB", 3587 huge_page_size(h)/1024); 3588 3589 parsed_hstate = h; 3590 } 3591 3592 /* 3593 * hugepages command line processing 3594 * hugepages normally follows a valid hugepagsz or default_hugepagsz 3595 * specification. If not, ignore the hugepages value. hugepages can also 3596 * be the first huge page command line option in which case it implicitly 3597 * specifies the number of huge pages for the default size. 3598 */ 3599 static int __init hugepages_setup(char *s) 3600 { 3601 unsigned long *mhp; 3602 static unsigned long *last_mhp; 3603 3604 if (!parsed_valid_hugepagesz) { 3605 pr_warn("HugeTLB: hugepages=%s does not follow a valid hugepagesz, ignoring\n", s); 3606 parsed_valid_hugepagesz = true; 3607 return 0; 3608 } 3609 3610 /* 3611 * !hugetlb_max_hstate means we haven't parsed a hugepagesz= parameter 3612 * yet, so this hugepages= parameter goes to the "default hstate". 3613 * Otherwise, it goes with the previously parsed hugepagesz or 3614 * default_hugepagesz. 3615 */ 3616 else if (!hugetlb_max_hstate) 3617 mhp = &default_hstate_max_huge_pages; 3618 else 3619 mhp = &parsed_hstate->max_huge_pages; 3620 3621 if (mhp == last_mhp) { 3622 pr_warn("HugeTLB: hugepages= specified twice without interleaving hugepagesz=, ignoring hugepages=%s\n", s); 3623 return 0; 3624 } 3625 3626 if (sscanf(s, "%lu", mhp) <= 0) 3627 *mhp = 0; 3628 3629 /* 3630 * Global state is always initialized later in hugetlb_init. 3631 * But we need to allocate gigantic hstates here early to still 3632 * use the bootmem allocator. 3633 */ 3634 if (hugetlb_max_hstate && hstate_is_gigantic(parsed_hstate)) 3635 hugetlb_hstate_alloc_pages(parsed_hstate); 3636 3637 last_mhp = mhp; 3638 3639 return 1; 3640 } 3641 __setup("hugepages=", hugepages_setup); 3642 3643 /* 3644 * hugepagesz command line processing 3645 * A specific huge page size can only be specified once with hugepagesz. 3646 * hugepagesz is followed by hugepages on the command line. The global 3647 * variable 'parsed_valid_hugepagesz' is used to determine if prior 3648 * hugepagesz argument was valid. 3649 */ 3650 static int __init hugepagesz_setup(char *s) 3651 { 3652 unsigned long size; 3653 struct hstate *h; 3654 3655 parsed_valid_hugepagesz = false; 3656 size = (unsigned long)memparse(s, NULL); 3657 3658 if (!arch_hugetlb_valid_size(size)) { 3659 pr_err("HugeTLB: unsupported hugepagesz=%s\n", s); 3660 return 0; 3661 } 3662 3663 h = size_to_hstate(size); 3664 if (h) { 3665 /* 3666 * hstate for this size already exists. This is normally 3667 * an error, but is allowed if the existing hstate is the 3668 * default hstate. More specifically, it is only allowed if 3669 * the number of huge pages for the default hstate was not 3670 * previously specified. 3671 */ 3672 if (!parsed_default_hugepagesz || h != &default_hstate || 3673 default_hstate.max_huge_pages) { 3674 pr_warn("HugeTLB: hugepagesz=%s specified twice, ignoring\n", s); 3675 return 0; 3676 } 3677 3678 /* 3679 * No need to call hugetlb_add_hstate() as hstate already 3680 * exists. But, do set parsed_hstate so that a following 3681 * hugepages= parameter will be applied to this hstate. 3682 */ 3683 parsed_hstate = h; 3684 parsed_valid_hugepagesz = true; 3685 return 1; 3686 } 3687 3688 hugetlb_add_hstate(ilog2(size) - PAGE_SHIFT); 3689 parsed_valid_hugepagesz = true; 3690 return 1; 3691 } 3692 __setup("hugepagesz=", hugepagesz_setup); 3693 3694 /* 3695 * default_hugepagesz command line input 3696 * Only one instance of default_hugepagesz allowed on command line. 3697 */ 3698 static int __init default_hugepagesz_setup(char *s) 3699 { 3700 unsigned long size; 3701 3702 parsed_valid_hugepagesz = false; 3703 if (parsed_default_hugepagesz) { 3704 pr_err("HugeTLB: default_hugepagesz previously specified, ignoring %s\n", s); 3705 return 0; 3706 } 3707 3708 size = (unsigned long)memparse(s, NULL); 3709 3710 if (!arch_hugetlb_valid_size(size)) { 3711 pr_err("HugeTLB: unsupported default_hugepagesz=%s\n", s); 3712 return 0; 3713 } 3714 3715 hugetlb_add_hstate(ilog2(size) - PAGE_SHIFT); 3716 parsed_valid_hugepagesz = true; 3717 parsed_default_hugepagesz = true; 3718 default_hstate_idx = hstate_index(size_to_hstate(size)); 3719 3720 /* 3721 * The number of default huge pages (for this size) could have been 3722 * specified as the first hugetlb parameter: hugepages=X. If so, 3723 * then default_hstate_max_huge_pages is set. If the default huge 3724 * page size is gigantic (>= MAX_ORDER), then the pages must be 3725 * allocated here from bootmem allocator. 3726 */ 3727 if (default_hstate_max_huge_pages) { 3728 default_hstate.max_huge_pages = default_hstate_max_huge_pages; 3729 if (hstate_is_gigantic(&default_hstate)) 3730 hugetlb_hstate_alloc_pages(&default_hstate); 3731 default_hstate_max_huge_pages = 0; 3732 } 3733 3734 return 1; 3735 } 3736 __setup("default_hugepagesz=", default_hugepagesz_setup); 3737 3738 static unsigned int allowed_mems_nr(struct hstate *h) 3739 { 3740 int node; 3741 unsigned int nr = 0; 3742 nodemask_t *mpol_allowed; 3743 unsigned int *array = h->free_huge_pages_node; 3744 gfp_t gfp_mask = htlb_alloc_mask(h); 3745 3746 mpol_allowed = policy_nodemask_current(gfp_mask); 3747 3748 for_each_node_mask(node, cpuset_current_mems_allowed) { 3749 if (!mpol_allowed || node_isset(node, *mpol_allowed)) 3750 nr += array[node]; 3751 } 3752 3753 return nr; 3754 } 3755 3756 #ifdef CONFIG_SYSCTL 3757 static int proc_hugetlb_doulongvec_minmax(struct ctl_table *table, int write, 3758 void *buffer, size_t *length, 3759 loff_t *ppos, unsigned long *out) 3760 { 3761 struct ctl_table dup_table; 3762 3763 /* 3764 * In order to avoid races with __do_proc_doulongvec_minmax(), we 3765 * can duplicate the @table and alter the duplicate of it. 3766 */ 3767 dup_table = *table; 3768 dup_table.data = out; 3769 3770 return proc_doulongvec_minmax(&dup_table, write, buffer, length, ppos); 3771 } 3772 3773 static int hugetlb_sysctl_handler_common(bool obey_mempolicy, 3774 struct ctl_table *table, int write, 3775 void *buffer, size_t *length, loff_t *ppos) 3776 { 3777 struct hstate *h = &default_hstate; 3778 unsigned long tmp = h->max_huge_pages; 3779 int ret; 3780 3781 if (!hugepages_supported()) 3782 return -EOPNOTSUPP; 3783 3784 ret = proc_hugetlb_doulongvec_minmax(table, write, buffer, length, ppos, 3785 &tmp); 3786 if (ret) 3787 goto out; 3788 3789 if (write) 3790 ret = __nr_hugepages_store_common(obey_mempolicy, h, 3791 NUMA_NO_NODE, tmp, *length); 3792 out: 3793 return ret; 3794 } 3795 3796 int hugetlb_sysctl_handler(struct ctl_table *table, int write, 3797 void *buffer, size_t *length, loff_t *ppos) 3798 { 3799 3800 return hugetlb_sysctl_handler_common(false, table, write, 3801 buffer, length, ppos); 3802 } 3803 3804 #ifdef CONFIG_NUMA 3805 int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int write, 3806 void *buffer, size_t *length, loff_t *ppos) 3807 { 3808 return hugetlb_sysctl_handler_common(true, table, write, 3809 buffer, length, ppos); 3810 } 3811 #endif /* CONFIG_NUMA */ 3812 3813 int hugetlb_overcommit_handler(struct ctl_table *table, int write, 3814 void *buffer, size_t *length, loff_t *ppos) 3815 { 3816 struct hstate *h = &default_hstate; 3817 unsigned long tmp; 3818 int ret; 3819 3820 if (!hugepages_supported()) 3821 return -EOPNOTSUPP; 3822 3823 tmp = h->nr_overcommit_huge_pages; 3824 3825 if (write && hstate_is_gigantic(h)) 3826 return -EINVAL; 3827 3828 ret = proc_hugetlb_doulongvec_minmax(table, write, buffer, length, ppos, 3829 &tmp); 3830 if (ret) 3831 goto out; 3832 3833 if (write) { 3834 spin_lock_irq(&hugetlb_lock); 3835 h->nr_overcommit_huge_pages = tmp; 3836 spin_unlock_irq(&hugetlb_lock); 3837 } 3838 out: 3839 return ret; 3840 } 3841 3842 #endif /* CONFIG_SYSCTL */ 3843 3844 void hugetlb_report_meminfo(struct seq_file *m) 3845 { 3846 struct hstate *h; 3847 unsigned long total = 0; 3848 3849 if (!hugepages_supported()) 3850 return; 3851 3852 for_each_hstate(h) { 3853 unsigned long count = h->nr_huge_pages; 3854 3855 total += huge_page_size(h) * count; 3856 3857 if (h == &default_hstate) 3858 seq_printf(m, 3859 "HugePages_Total: %5lu\n" 3860 "HugePages_Free: %5lu\n" 3861 "HugePages_Rsvd: %5lu\n" 3862 "HugePages_Surp: %5lu\n" 3863 "Hugepagesize: %8lu kB\n", 3864 count, 3865 h->free_huge_pages, 3866 h->resv_huge_pages, 3867 h->surplus_huge_pages, 3868 huge_page_size(h) / SZ_1K); 3869 } 3870 3871 seq_printf(m, "Hugetlb: %8lu kB\n", total / SZ_1K); 3872 } 3873 3874 int hugetlb_report_node_meminfo(char *buf, int len, int nid) 3875 { 3876 struct hstate *h = &default_hstate; 3877 3878 if (!hugepages_supported()) 3879 return 0; 3880 3881 return sysfs_emit_at(buf, len, 3882 "Node %d HugePages_Total: %5u\n" 3883 "Node %d HugePages_Free: %5u\n" 3884 "Node %d HugePages_Surp: %5u\n", 3885 nid, h->nr_huge_pages_node[nid], 3886 nid, h->free_huge_pages_node[nid], 3887 nid, h->surplus_huge_pages_node[nid]); 3888 } 3889 3890 void hugetlb_show_meminfo(void) 3891 { 3892 struct hstate *h; 3893 int nid; 3894 3895 if (!hugepages_supported()) 3896 return; 3897 3898 for_each_node_state(nid, N_MEMORY) 3899 for_each_hstate(h) 3900 pr_info("Node %d hugepages_total=%u hugepages_free=%u hugepages_surp=%u hugepages_size=%lukB\n", 3901 nid, 3902 h->nr_huge_pages_node[nid], 3903 h->free_huge_pages_node[nid], 3904 h->surplus_huge_pages_node[nid], 3905 huge_page_size(h) / SZ_1K); 3906 } 3907 3908 void hugetlb_report_usage(struct seq_file *m, struct mm_struct *mm) 3909 { 3910 seq_printf(m, "HugetlbPages:\t%8lu kB\n", 3911 atomic_long_read(&mm->hugetlb_usage) << (PAGE_SHIFT - 10)); 3912 } 3913 3914 /* Return the number pages of memory we physically have, in PAGE_SIZE units. */ 3915 unsigned long hugetlb_total_pages(void) 3916 { 3917 struct hstate *h; 3918 unsigned long nr_total_pages = 0; 3919 3920 for_each_hstate(h) 3921 nr_total_pages += h->nr_huge_pages * pages_per_huge_page(h); 3922 return nr_total_pages; 3923 } 3924 3925 static int hugetlb_acct_memory(struct hstate *h, long delta) 3926 { 3927 int ret = -ENOMEM; 3928 3929 if (!delta) 3930 return 0; 3931 3932 spin_lock_irq(&hugetlb_lock); 3933 /* 3934 * When cpuset is configured, it breaks the strict hugetlb page 3935 * reservation as the accounting is done on a global variable. Such 3936 * reservation is completely rubbish in the presence of cpuset because 3937 * the reservation is not checked against page availability for the 3938 * current cpuset. Application can still potentially OOM'ed by kernel 3939 * with lack of free htlb page in cpuset that the task is in. 3940 * Attempt to enforce strict accounting with cpuset is almost 3941 * impossible (or too ugly) because cpuset is too fluid that 3942 * task or memory node can be dynamically moved between cpusets. 3943 * 3944 * The change of semantics for shared hugetlb mapping with cpuset is 3945 * undesirable. However, in order to preserve some of the semantics, 3946 * we fall back to check against current free page availability as 3947 * a best attempt and hopefully to minimize the impact of changing 3948 * semantics that cpuset has. 3949 * 3950 * Apart from cpuset, we also have memory policy mechanism that 3951 * also determines from which node the kernel will allocate memory 3952 * in a NUMA system. So similar to cpuset, we also should consider 3953 * the memory policy of the current task. Similar to the description 3954 * above. 3955 */ 3956 if (delta > 0) { 3957 if (gather_surplus_pages(h, delta) < 0) 3958 goto out; 3959 3960 if (delta > allowed_mems_nr(h)) { 3961 return_unused_surplus_pages(h, delta); 3962 goto out; 3963 } 3964 } 3965 3966 ret = 0; 3967 if (delta < 0) 3968 return_unused_surplus_pages(h, (unsigned long) -delta); 3969 3970 out: 3971 spin_unlock_irq(&hugetlb_lock); 3972 return ret; 3973 } 3974 3975 static void hugetlb_vm_op_open(struct vm_area_struct *vma) 3976 { 3977 struct resv_map *resv = vma_resv_map(vma); 3978 3979 /* 3980 * This new VMA should share its siblings reservation map if present. 3981 * The VMA will only ever have a valid reservation map pointer where 3982 * it is being copied for another still existing VMA. As that VMA 3983 * has a reference to the reservation map it cannot disappear until 3984 * after this open call completes. It is therefore safe to take a 3985 * new reference here without additional locking. 3986 */ 3987 if (resv && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) 3988 kref_get(&resv->refs); 3989 } 3990 3991 static void hugetlb_vm_op_close(struct vm_area_struct *vma) 3992 { 3993 struct hstate *h = hstate_vma(vma); 3994 struct resv_map *resv = vma_resv_map(vma); 3995 struct hugepage_subpool *spool = subpool_vma(vma); 3996 unsigned long reserve, start, end; 3997 long gbl_reserve; 3998 3999 if (!resv || !is_vma_resv_set(vma, HPAGE_RESV_OWNER)) 4000 return; 4001 4002 start = vma_hugecache_offset(h, vma, vma->vm_start); 4003 end = vma_hugecache_offset(h, vma, vma->vm_end); 4004 4005 reserve = (end - start) - region_count(resv, start, end); 4006 hugetlb_cgroup_uncharge_counter(resv, start, end); 4007 if (reserve) { 4008 /* 4009 * Decrement reserve counts. The global reserve count may be 4010 * adjusted if the subpool has a minimum size. 4011 */ 4012 gbl_reserve = hugepage_subpool_put_pages(spool, reserve); 4013 hugetlb_acct_memory(h, -gbl_reserve); 4014 } 4015 4016 kref_put(&resv->refs, resv_map_release); 4017 } 4018 4019 static int hugetlb_vm_op_split(struct vm_area_struct *vma, unsigned long addr) 4020 { 4021 if (addr & ~(huge_page_mask(hstate_vma(vma)))) 4022 return -EINVAL; 4023 return 0; 4024 } 4025 4026 static unsigned long hugetlb_vm_op_pagesize(struct vm_area_struct *vma) 4027 { 4028 return huge_page_size(hstate_vma(vma)); 4029 } 4030 4031 /* 4032 * We cannot handle pagefaults against hugetlb pages at all. They cause 4033 * handle_mm_fault() to try to instantiate regular-sized pages in the 4034 * hugepage VMA. do_page_fault() is supposed to trap this, so BUG is we get 4035 * this far. 4036 */ 4037 static vm_fault_t hugetlb_vm_op_fault(struct vm_fault *vmf) 4038 { 4039 BUG(); 4040 return 0; 4041 } 4042 4043 /* 4044 * When a new function is introduced to vm_operations_struct and added 4045 * to hugetlb_vm_ops, please consider adding the function to shm_vm_ops. 4046 * This is because under System V memory model, mappings created via 4047 * shmget/shmat with "huge page" specified are backed by hugetlbfs files, 4048 * their original vm_ops are overwritten with shm_vm_ops. 4049 */ 4050 const struct vm_operations_struct hugetlb_vm_ops = { 4051 .fault = hugetlb_vm_op_fault, 4052 .open = hugetlb_vm_op_open, 4053 .close = hugetlb_vm_op_close, 4054 .may_split = hugetlb_vm_op_split, 4055 .pagesize = hugetlb_vm_op_pagesize, 4056 }; 4057 4058 static pte_t make_huge_pte(struct vm_area_struct *vma, struct page *page, 4059 int writable) 4060 { 4061 pte_t entry; 4062 4063 if (writable) { 4064 entry = huge_pte_mkwrite(huge_pte_mkdirty(mk_huge_pte(page, 4065 vma->vm_page_prot))); 4066 } else { 4067 entry = huge_pte_wrprotect(mk_huge_pte(page, 4068 vma->vm_page_prot)); 4069 } 4070 entry = pte_mkyoung(entry); 4071 entry = pte_mkhuge(entry); 4072 entry = arch_make_huge_pte(entry, vma, page, writable); 4073 4074 return entry; 4075 } 4076 4077 static void set_huge_ptep_writable(struct vm_area_struct *vma, 4078 unsigned long address, pte_t *ptep) 4079 { 4080 pte_t entry; 4081 4082 entry = huge_pte_mkwrite(huge_pte_mkdirty(huge_ptep_get(ptep))); 4083 if (huge_ptep_set_access_flags(vma, address, ptep, entry, 1)) 4084 update_mmu_cache(vma, address, ptep); 4085 } 4086 4087 bool is_hugetlb_entry_migration(pte_t pte) 4088 { 4089 swp_entry_t swp; 4090 4091 if (huge_pte_none(pte) || pte_present(pte)) 4092 return false; 4093 swp = pte_to_swp_entry(pte); 4094 if (is_migration_entry(swp)) 4095 return true; 4096 else 4097 return false; 4098 } 4099 4100 static bool is_hugetlb_entry_hwpoisoned(pte_t pte) 4101 { 4102 swp_entry_t swp; 4103 4104 if (huge_pte_none(pte) || pte_present(pte)) 4105 return false; 4106 swp = pte_to_swp_entry(pte); 4107 if (is_hwpoison_entry(swp)) 4108 return true; 4109 else 4110 return false; 4111 } 4112 4113 static void 4114 hugetlb_install_page(struct vm_area_struct *vma, pte_t *ptep, unsigned long addr, 4115 struct page *new_page) 4116 { 4117 __SetPageUptodate(new_page); 4118 set_huge_pte_at(vma->vm_mm, addr, ptep, make_huge_pte(vma, new_page, 1)); 4119 hugepage_add_new_anon_rmap(new_page, vma, addr); 4120 hugetlb_count_add(pages_per_huge_page(hstate_vma(vma)), vma->vm_mm); 4121 ClearHPageRestoreReserve(new_page); 4122 SetHPageMigratable(new_page); 4123 } 4124 4125 int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src, 4126 struct vm_area_struct *vma) 4127 { 4128 pte_t *src_pte, *dst_pte, entry, dst_entry; 4129 struct page *ptepage; 4130 unsigned long addr; 4131 bool cow = is_cow_mapping(vma->vm_flags); 4132 struct hstate *h = hstate_vma(vma); 4133 unsigned long sz = huge_page_size(h); 4134 unsigned long npages = pages_per_huge_page(h); 4135 struct address_space *mapping = vma->vm_file->f_mapping; 4136 struct mmu_notifier_range range; 4137 int ret = 0; 4138 4139 if (cow) { 4140 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, vma, src, 4141 vma->vm_start, 4142 vma->vm_end); 4143 mmu_notifier_invalidate_range_start(&range); 4144 } else { 4145 /* 4146 * For shared mappings i_mmap_rwsem must be held to call 4147 * huge_pte_alloc, otherwise the returned ptep could go 4148 * away if part of a shared pmd and another thread calls 4149 * huge_pmd_unshare. 4150 */ 4151 i_mmap_lock_read(mapping); 4152 } 4153 4154 for (addr = vma->vm_start; addr < vma->vm_end; addr += sz) { 4155 spinlock_t *src_ptl, *dst_ptl; 4156 src_pte = huge_pte_offset(src, addr, sz); 4157 if (!src_pte) 4158 continue; 4159 dst_pte = huge_pte_alloc(dst, vma, addr, sz); 4160 if (!dst_pte) { 4161 ret = -ENOMEM; 4162 break; 4163 } 4164 4165 /* 4166 * If the pagetables are shared don't copy or take references. 4167 * dst_pte == src_pte is the common case of src/dest sharing. 4168 * 4169 * However, src could have 'unshared' and dst shares with 4170 * another vma. If dst_pte !none, this implies sharing. 4171 * Check here before taking page table lock, and once again 4172 * after taking the lock below. 4173 */ 4174 dst_entry = huge_ptep_get(dst_pte); 4175 if ((dst_pte == src_pte) || !huge_pte_none(dst_entry)) 4176 continue; 4177 4178 dst_ptl = huge_pte_lock(h, dst, dst_pte); 4179 src_ptl = huge_pte_lockptr(h, src, src_pte); 4180 spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); 4181 entry = huge_ptep_get(src_pte); 4182 dst_entry = huge_ptep_get(dst_pte); 4183 again: 4184 if (huge_pte_none(entry) || !huge_pte_none(dst_entry)) { 4185 /* 4186 * Skip if src entry none. Also, skip in the 4187 * unlikely case dst entry !none as this implies 4188 * sharing with another vma. 4189 */ 4190 ; 4191 } else if (unlikely(is_hugetlb_entry_migration(entry) || 4192 is_hugetlb_entry_hwpoisoned(entry))) { 4193 swp_entry_t swp_entry = pte_to_swp_entry(entry); 4194 4195 if (is_write_migration_entry(swp_entry) && cow) { 4196 /* 4197 * COW mappings require pages in both 4198 * parent and child to be set to read. 4199 */ 4200 make_migration_entry_read(&swp_entry); 4201 entry = swp_entry_to_pte(swp_entry); 4202 set_huge_swap_pte_at(src, addr, src_pte, 4203 entry, sz); 4204 } 4205 set_huge_swap_pte_at(dst, addr, dst_pte, entry, sz); 4206 } else { 4207 entry = huge_ptep_get(src_pte); 4208 ptepage = pte_page(entry); 4209 get_page(ptepage); 4210 4211 /* 4212 * This is a rare case where we see pinned hugetlb 4213 * pages while they're prone to COW. We need to do the 4214 * COW earlier during fork. 4215 * 4216 * When pre-allocating the page or copying data, we 4217 * need to be without the pgtable locks since we could 4218 * sleep during the process. 4219 */ 4220 if (unlikely(page_needs_cow_for_dma(vma, ptepage))) { 4221 pte_t src_pte_old = entry; 4222 struct page *new; 4223 4224 spin_unlock(src_ptl); 4225 spin_unlock(dst_ptl); 4226 /* Do not use reserve as it's private owned */ 4227 new = alloc_huge_page(vma, addr, 1); 4228 if (IS_ERR(new)) { 4229 put_page(ptepage); 4230 ret = PTR_ERR(new); 4231 break; 4232 } 4233 copy_user_huge_page(new, ptepage, addr, vma, 4234 npages); 4235 put_page(ptepage); 4236 4237 /* Install the new huge page if src pte stable */ 4238 dst_ptl = huge_pte_lock(h, dst, dst_pte); 4239 src_ptl = huge_pte_lockptr(h, src, src_pte); 4240 spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); 4241 entry = huge_ptep_get(src_pte); 4242 if (!pte_same(src_pte_old, entry)) { 4243 restore_reserve_on_error(h, vma, addr, 4244 new); 4245 put_page(new); 4246 /* dst_entry won't change as in child */ 4247 goto again; 4248 } 4249 hugetlb_install_page(vma, dst_pte, addr, new); 4250 spin_unlock(src_ptl); 4251 spin_unlock(dst_ptl); 4252 continue; 4253 } 4254 4255 if (cow) { 4256 /* 4257 * No need to notify as we are downgrading page 4258 * table protection not changing it to point 4259 * to a new page. 4260 * 4261 * See Documentation/vm/mmu_notifier.rst 4262 */ 4263 huge_ptep_set_wrprotect(src, addr, src_pte); 4264 entry = huge_pte_wrprotect(entry); 4265 } 4266 4267 page_dup_rmap(ptepage, true); 4268 set_huge_pte_at(dst, addr, dst_pte, entry); 4269 hugetlb_count_add(npages, dst); 4270 } 4271 spin_unlock(src_ptl); 4272 spin_unlock(dst_ptl); 4273 } 4274 4275 if (cow) 4276 mmu_notifier_invalidate_range_end(&range); 4277 else 4278 i_mmap_unlock_read(mapping); 4279 4280 return ret; 4281 } 4282 4283 void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, 4284 unsigned long start, unsigned long end, 4285 struct page *ref_page) 4286 { 4287 struct mm_struct *mm = vma->vm_mm; 4288 unsigned long address; 4289 pte_t *ptep; 4290 pte_t pte; 4291 spinlock_t *ptl; 4292 struct page *page; 4293 struct hstate *h = hstate_vma(vma); 4294 unsigned long sz = huge_page_size(h); 4295 struct mmu_notifier_range range; 4296 4297 WARN_ON(!is_vm_hugetlb_page(vma)); 4298 BUG_ON(start & ~huge_page_mask(h)); 4299 BUG_ON(end & ~huge_page_mask(h)); 4300 4301 /* 4302 * This is a hugetlb vma, all the pte entries should point 4303 * to huge page. 4304 */ 4305 tlb_change_page_size(tlb, sz); 4306 tlb_start_vma(tlb, vma); 4307 4308 /* 4309 * If sharing possible, alert mmu notifiers of worst case. 4310 */ 4311 mmu_notifier_range_init(&range, MMU_NOTIFY_UNMAP, 0, vma, mm, start, 4312 end); 4313 adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); 4314 mmu_notifier_invalidate_range_start(&range); 4315 address = start; 4316 for (; address < end; address += sz) { 4317 ptep = huge_pte_offset(mm, address, sz); 4318 if (!ptep) 4319 continue; 4320 4321 ptl = huge_pte_lock(h, mm, ptep); 4322 if (huge_pmd_unshare(mm, vma, &address, ptep)) { 4323 spin_unlock(ptl); 4324 /* 4325 * We just unmapped a page of PMDs by clearing a PUD. 4326 * The caller's TLB flush range should cover this area. 4327 */ 4328 continue; 4329 } 4330 4331 pte = huge_ptep_get(ptep); 4332 if (huge_pte_none(pte)) { 4333 spin_unlock(ptl); 4334 continue; 4335 } 4336 4337 /* 4338 * Migrating hugepage or HWPoisoned hugepage is already 4339 * unmapped and its refcount is dropped, so just clear pte here. 4340 */ 4341 if (unlikely(!pte_present(pte))) { 4342 huge_pte_clear(mm, address, ptep, sz); 4343 spin_unlock(ptl); 4344 continue; 4345 } 4346 4347 page = pte_page(pte); 4348 /* 4349 * If a reference page is supplied, it is because a specific 4350 * page is being unmapped, not a range. Ensure the page we 4351 * are about to unmap is the actual page of interest. 4352 */ 4353 if (ref_page) { 4354 if (page != ref_page) { 4355 spin_unlock(ptl); 4356 continue; 4357 } 4358 /* 4359 * Mark the VMA as having unmapped its page so that 4360 * future faults in this VMA will fail rather than 4361 * looking like data was lost 4362 */ 4363 set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); 4364 } 4365 4366 pte = huge_ptep_get_and_clear(mm, address, ptep); 4367 tlb_remove_huge_tlb_entry(h, tlb, ptep, address); 4368 if (huge_pte_dirty(pte)) 4369 set_page_dirty(page); 4370 4371 hugetlb_count_sub(pages_per_huge_page(h), mm); 4372 page_remove_rmap(page, true); 4373 4374 spin_unlock(ptl); 4375 tlb_remove_page_size(tlb, page, huge_page_size(h)); 4376 /* 4377 * Bail out after unmapping reference page if supplied 4378 */ 4379 if (ref_page) 4380 break; 4381 } 4382 mmu_notifier_invalidate_range_end(&range); 4383 tlb_end_vma(tlb, vma); 4384 } 4385 4386 void __unmap_hugepage_range_final(struct mmu_gather *tlb, 4387 struct vm_area_struct *vma, unsigned long start, 4388 unsigned long end, struct page *ref_page) 4389 { 4390 __unmap_hugepage_range(tlb, vma, start, end, ref_page); 4391 4392 /* 4393 * Clear this flag so that x86's huge_pmd_share page_table_shareable 4394 * test will fail on a vma being torn down, and not grab a page table 4395 * on its way out. We're lucky that the flag has such an appropriate 4396 * name, and can in fact be safely cleared here. We could clear it 4397 * before the __unmap_hugepage_range above, but all that's necessary 4398 * is to clear it before releasing the i_mmap_rwsem. This works 4399 * because in the context this is called, the VMA is about to be 4400 * destroyed and the i_mmap_rwsem is held. 4401 */ 4402 vma->vm_flags &= ~VM_MAYSHARE; 4403 } 4404 4405 void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start, 4406 unsigned long end, struct page *ref_page) 4407 { 4408 struct mmu_gather tlb; 4409 4410 tlb_gather_mmu(&tlb, vma->vm_mm); 4411 __unmap_hugepage_range(&tlb, vma, start, end, ref_page); 4412 tlb_finish_mmu(&tlb); 4413 } 4414 4415 /* 4416 * This is called when the original mapper is failing to COW a MAP_PRIVATE 4417 * mapping it owns the reserve page for. The intention is to unmap the page 4418 * from other VMAs and let the children be SIGKILLed if they are faulting the 4419 * same region. 4420 */ 4421 static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, 4422 struct page *page, unsigned long address) 4423 { 4424 struct hstate *h = hstate_vma(vma); 4425 struct vm_area_struct *iter_vma; 4426 struct address_space *mapping; 4427 pgoff_t pgoff; 4428 4429 /* 4430 * vm_pgoff is in PAGE_SIZE units, hence the different calculation 4431 * from page cache lookup which is in HPAGE_SIZE units. 4432 */ 4433 address = address & huge_page_mask(h); 4434 pgoff = ((address - vma->vm_start) >> PAGE_SHIFT) + 4435 vma->vm_pgoff; 4436 mapping = vma->vm_file->f_mapping; 4437 4438 /* 4439 * Take the mapping lock for the duration of the table walk. As 4440 * this mapping should be shared between all the VMAs, 4441 * __unmap_hugepage_range() is called as the lock is already held 4442 */ 4443 i_mmap_lock_write(mapping); 4444 vma_interval_tree_foreach(iter_vma, &mapping->i_mmap, pgoff, pgoff) { 4445 /* Do not unmap the current VMA */ 4446 if (iter_vma == vma) 4447 continue; 4448 4449 /* 4450 * Shared VMAs have their own reserves and do not affect 4451 * MAP_PRIVATE accounting but it is possible that a shared 4452 * VMA is using the same page so check and skip such VMAs. 4453 */ 4454 if (iter_vma->vm_flags & VM_MAYSHARE) 4455 continue; 4456 4457 /* 4458 * Unmap the page from other VMAs without their own reserves. 4459 * They get marked to be SIGKILLed if they fault in these 4460 * areas. This is because a future no-page fault on this VMA 4461 * could insert a zeroed page instead of the data existing 4462 * from the time of fork. This would look like data corruption 4463 */ 4464 if (!is_vma_resv_set(iter_vma, HPAGE_RESV_OWNER)) 4465 unmap_hugepage_range(iter_vma, address, 4466 address + huge_page_size(h), page); 4467 } 4468 i_mmap_unlock_write(mapping); 4469 } 4470 4471 /* 4472 * Hugetlb_cow() should be called with page lock of the original hugepage held. 4473 * Called with hugetlb_instantiation_mutex held and pte_page locked so we 4474 * cannot race with other handlers or page migration. 4475 * Keep the pte_same checks anyway to make transition from the mutex easier. 4476 */ 4477 static vm_fault_t hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma, 4478 unsigned long address, pte_t *ptep, 4479 struct page *pagecache_page, spinlock_t *ptl) 4480 { 4481 pte_t pte; 4482 struct hstate *h = hstate_vma(vma); 4483 struct page *old_page, *new_page; 4484 int outside_reserve = 0; 4485 vm_fault_t ret = 0; 4486 unsigned long haddr = address & huge_page_mask(h); 4487 struct mmu_notifier_range range; 4488 4489 pte = huge_ptep_get(ptep); 4490 old_page = pte_page(pte); 4491 4492 retry_avoidcopy: 4493 /* If no-one else is actually using this page, avoid the copy 4494 * and just make the page writable */ 4495 if (page_mapcount(old_page) == 1 && PageAnon(old_page)) { 4496 page_move_anon_rmap(old_page, vma); 4497 set_huge_ptep_writable(vma, haddr, ptep); 4498 return 0; 4499 } 4500 4501 /* 4502 * If the process that created a MAP_PRIVATE mapping is about to 4503 * perform a COW due to a shared page count, attempt to satisfy 4504 * the allocation without using the existing reserves. The pagecache 4505 * page is used to determine if the reserve at this address was 4506 * consumed or not. If reserves were used, a partial faulted mapping 4507 * at the time of fork() could consume its reserves on COW instead 4508 * of the full address range. 4509 */ 4510 if (is_vma_resv_set(vma, HPAGE_RESV_OWNER) && 4511 old_page != pagecache_page) 4512 outside_reserve = 1; 4513 4514 get_page(old_page); 4515 4516 /* 4517 * Drop page table lock as buddy allocator may be called. It will 4518 * be acquired again before returning to the caller, as expected. 4519 */ 4520 spin_unlock(ptl); 4521 new_page = alloc_huge_page(vma, haddr, outside_reserve); 4522 4523 if (IS_ERR(new_page)) { 4524 /* 4525 * If a process owning a MAP_PRIVATE mapping fails to COW, 4526 * it is due to references held by a child and an insufficient 4527 * huge page pool. To guarantee the original mappers 4528 * reliability, unmap the page from child processes. The child 4529 * may get SIGKILLed if it later faults. 4530 */ 4531 if (outside_reserve) { 4532 struct address_space *mapping = vma->vm_file->f_mapping; 4533 pgoff_t idx; 4534 u32 hash; 4535 4536 put_page(old_page); 4537 BUG_ON(huge_pte_none(pte)); 4538 /* 4539 * Drop hugetlb_fault_mutex and i_mmap_rwsem before 4540 * unmapping. unmapping needs to hold i_mmap_rwsem 4541 * in write mode. Dropping i_mmap_rwsem in read mode 4542 * here is OK as COW mappings do not interact with 4543 * PMD sharing. 4544 * 4545 * Reacquire both after unmap operation. 4546 */ 4547 idx = vma_hugecache_offset(h, vma, haddr); 4548 hash = hugetlb_fault_mutex_hash(mapping, idx); 4549 mutex_unlock(&hugetlb_fault_mutex_table[hash]); 4550 i_mmap_unlock_read(mapping); 4551 4552 unmap_ref_private(mm, vma, old_page, haddr); 4553 4554 i_mmap_lock_read(mapping); 4555 mutex_lock(&hugetlb_fault_mutex_table[hash]); 4556 spin_lock(ptl); 4557 ptep = huge_pte_offset(mm, haddr, huge_page_size(h)); 4558 if (likely(ptep && 4559 pte_same(huge_ptep_get(ptep), pte))) 4560 goto retry_avoidcopy; 4561 /* 4562 * race occurs while re-acquiring page table 4563 * lock, and our job is done. 4564 */ 4565 return 0; 4566 } 4567 4568 ret = vmf_error(PTR_ERR(new_page)); 4569 goto out_release_old; 4570 } 4571 4572 /* 4573 * When the original hugepage is shared one, it does not have 4574 * anon_vma prepared. 4575 */ 4576 if (unlikely(anon_vma_prepare(vma))) { 4577 ret = VM_FAULT_OOM; 4578 goto out_release_all; 4579 } 4580 4581 copy_user_huge_page(new_page, old_page, address, vma, 4582 pages_per_huge_page(h)); 4583 __SetPageUptodate(new_page); 4584 4585 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, vma, mm, haddr, 4586 haddr + huge_page_size(h)); 4587 mmu_notifier_invalidate_range_start(&range); 4588 4589 /* 4590 * Retake the page table lock to check for racing updates 4591 * before the page tables are altered 4592 */ 4593 spin_lock(ptl); 4594 ptep = huge_pte_offset(mm, haddr, huge_page_size(h)); 4595 if (likely(ptep && pte_same(huge_ptep_get(ptep), pte))) { 4596 ClearHPageRestoreReserve(new_page); 4597 4598 /* Break COW */ 4599 huge_ptep_clear_flush(vma, haddr, ptep); 4600 mmu_notifier_invalidate_range(mm, range.start, range.end); 4601 set_huge_pte_at(mm, haddr, ptep, 4602 make_huge_pte(vma, new_page, 1)); 4603 page_remove_rmap(old_page, true); 4604 hugepage_add_new_anon_rmap(new_page, vma, haddr); 4605 SetHPageMigratable(new_page); 4606 /* Make the old page be freed below */ 4607 new_page = old_page; 4608 } 4609 spin_unlock(ptl); 4610 mmu_notifier_invalidate_range_end(&range); 4611 out_release_all: 4612 restore_reserve_on_error(h, vma, haddr, new_page); 4613 put_page(new_page); 4614 out_release_old: 4615 put_page(old_page); 4616 4617 spin_lock(ptl); /* Caller expects lock to be held */ 4618 return ret; 4619 } 4620 4621 /* Return the pagecache page at a given address within a VMA */ 4622 static struct page *hugetlbfs_pagecache_page(struct hstate *h, 4623 struct vm_area_struct *vma, unsigned long address) 4624 { 4625 struct address_space *mapping; 4626 pgoff_t idx; 4627 4628 mapping = vma->vm_file->f_mapping; 4629 idx = vma_hugecache_offset(h, vma, address); 4630 4631 return find_lock_page(mapping, idx); 4632 } 4633 4634 /* 4635 * Return whether there is a pagecache page to back given address within VMA. 4636 * Caller follow_hugetlb_page() holds page_table_lock so we cannot lock_page. 4637 */ 4638 static bool hugetlbfs_pagecache_present(struct hstate *h, 4639 struct vm_area_struct *vma, unsigned long address) 4640 { 4641 struct address_space *mapping; 4642 pgoff_t idx; 4643 struct page *page; 4644 4645 mapping = vma->vm_file->f_mapping; 4646 idx = vma_hugecache_offset(h, vma, address); 4647 4648 page = find_get_page(mapping, idx); 4649 if (page) 4650 put_page(page); 4651 return page != NULL; 4652 } 4653 4654 int huge_add_to_page_cache(struct page *page, struct address_space *mapping, 4655 pgoff_t idx) 4656 { 4657 struct inode *inode = mapping->host; 4658 struct hstate *h = hstate_inode(inode); 4659 int err = add_to_page_cache(page, mapping, idx, GFP_KERNEL); 4660 4661 if (err) 4662 return err; 4663 ClearHPageRestoreReserve(page); 4664 4665 /* 4666 * set page dirty so that it will not be removed from cache/file 4667 * by non-hugetlbfs specific code paths. 4668 */ 4669 set_page_dirty(page); 4670 4671 spin_lock(&inode->i_lock); 4672 inode->i_blocks += blocks_per_huge_page(h); 4673 spin_unlock(&inode->i_lock); 4674 return 0; 4675 } 4676 4677 static inline vm_fault_t hugetlb_handle_userfault(struct vm_area_struct *vma, 4678 struct address_space *mapping, 4679 pgoff_t idx, 4680 unsigned int flags, 4681 unsigned long haddr, 4682 unsigned long reason) 4683 { 4684 vm_fault_t ret; 4685 u32 hash; 4686 struct vm_fault vmf = { 4687 .vma = vma, 4688 .address = haddr, 4689 .flags = flags, 4690 4691 /* 4692 * Hard to debug if it ends up being 4693 * used by a callee that assumes 4694 * something about the other 4695 * uninitialized fields... same as in 4696 * memory.c 4697 */ 4698 }; 4699 4700 /* 4701 * hugetlb_fault_mutex and i_mmap_rwsem must be 4702 * dropped before handling userfault. Reacquire 4703 * after handling fault to make calling code simpler. 4704 */ 4705 hash = hugetlb_fault_mutex_hash(mapping, idx); 4706 mutex_unlock(&hugetlb_fault_mutex_table[hash]); 4707 i_mmap_unlock_read(mapping); 4708 ret = handle_userfault(&vmf, reason); 4709 i_mmap_lock_read(mapping); 4710 mutex_lock(&hugetlb_fault_mutex_table[hash]); 4711 4712 return ret; 4713 } 4714 4715 static vm_fault_t hugetlb_no_page(struct mm_struct *mm, 4716 struct vm_area_struct *vma, 4717 struct address_space *mapping, pgoff_t idx, 4718 unsigned long address, pte_t *ptep, unsigned int flags) 4719 { 4720 struct hstate *h = hstate_vma(vma); 4721 vm_fault_t ret = VM_FAULT_SIGBUS; 4722 int anon_rmap = 0; 4723 unsigned long size; 4724 struct page *page; 4725 pte_t new_pte; 4726 spinlock_t *ptl; 4727 unsigned long haddr = address & huge_page_mask(h); 4728 bool new_page = false; 4729 4730 /* 4731 * Currently, we are forced to kill the process in the event the 4732 * original mapper has unmapped pages from the child due to a failed 4733 * COW. Warn that such a situation has occurred as it may not be obvious 4734 */ 4735 if (is_vma_resv_set(vma, HPAGE_RESV_UNMAPPED)) { 4736 pr_warn_ratelimited("PID %d killed due to inadequate hugepage pool\n", 4737 current->pid); 4738 return ret; 4739 } 4740 4741 /* 4742 * We can not race with truncation due to holding i_mmap_rwsem. 4743 * i_size is modified when holding i_mmap_rwsem, so check here 4744 * once for faults beyond end of file. 4745 */ 4746 size = i_size_read(mapping->host) >> huge_page_shift(h); 4747 if (idx >= size) 4748 goto out; 4749 4750 retry: 4751 page = find_lock_page(mapping, idx); 4752 if (!page) { 4753 /* Check for page in userfault range */ 4754 if (userfaultfd_missing(vma)) { 4755 ret = hugetlb_handle_userfault(vma, mapping, idx, 4756 flags, haddr, 4757 VM_UFFD_MISSING); 4758 goto out; 4759 } 4760 4761 page = alloc_huge_page(vma, haddr, 0); 4762 if (IS_ERR(page)) { 4763 /* 4764 * Returning error will result in faulting task being 4765 * sent SIGBUS. The hugetlb fault mutex prevents two 4766 * tasks from racing to fault in the same page which 4767 * could result in false unable to allocate errors. 4768 * Page migration does not take the fault mutex, but 4769 * does a clear then write of pte's under page table 4770 * lock. Page fault code could race with migration, 4771 * notice the clear pte and try to allocate a page 4772 * here. Before returning error, get ptl and make 4773 * sure there really is no pte entry. 4774 */ 4775 ptl = huge_pte_lock(h, mm, ptep); 4776 ret = 0; 4777 if (huge_pte_none(huge_ptep_get(ptep))) 4778 ret = vmf_error(PTR_ERR(page)); 4779 spin_unlock(ptl); 4780 goto out; 4781 } 4782 clear_huge_page(page, address, pages_per_huge_page(h)); 4783 __SetPageUptodate(page); 4784 new_page = true; 4785 4786 if (vma->vm_flags & VM_MAYSHARE) { 4787 int err = huge_add_to_page_cache(page, mapping, idx); 4788 if (err) { 4789 put_page(page); 4790 if (err == -EEXIST) 4791 goto retry; 4792 goto out; 4793 } 4794 } else { 4795 lock_page(page); 4796 if (unlikely(anon_vma_prepare(vma))) { 4797 ret = VM_FAULT_OOM; 4798 goto backout_unlocked; 4799 } 4800 anon_rmap = 1; 4801 } 4802 } else { 4803 /* 4804 * If memory error occurs between mmap() and fault, some process 4805 * don't have hwpoisoned swap entry for errored virtual address. 4806 * So we need to block hugepage fault by PG_hwpoison bit check. 4807 */ 4808 if (unlikely(PageHWPoison(page))) { 4809 ret = VM_FAULT_HWPOISON_LARGE | 4810 VM_FAULT_SET_HINDEX(hstate_index(h)); 4811 goto backout_unlocked; 4812 } 4813 4814 /* Check for page in userfault range. */ 4815 if (userfaultfd_minor(vma)) { 4816 unlock_page(page); 4817 put_page(page); 4818 ret = hugetlb_handle_userfault(vma, mapping, idx, 4819 flags, haddr, 4820 VM_UFFD_MINOR); 4821 goto out; 4822 } 4823 } 4824 4825 /* 4826 * If we are going to COW a private mapping later, we examine the 4827 * pending reservations for this page now. This will ensure that 4828 * any allocations necessary to record that reservation occur outside 4829 * the spinlock. 4830 */ 4831 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { 4832 if (vma_needs_reservation(h, vma, haddr) < 0) { 4833 ret = VM_FAULT_OOM; 4834 goto backout_unlocked; 4835 } 4836 /* Just decrements count, does not deallocate */ 4837 vma_end_reservation(h, vma, haddr); 4838 } 4839 4840 ptl = huge_pte_lock(h, mm, ptep); 4841 ret = 0; 4842 if (!huge_pte_none(huge_ptep_get(ptep))) 4843 goto backout; 4844 4845 if (anon_rmap) { 4846 ClearHPageRestoreReserve(page); 4847 hugepage_add_new_anon_rmap(page, vma, haddr); 4848 } else 4849 page_dup_rmap(page, true); 4850 new_pte = make_huge_pte(vma, page, ((vma->vm_flags & VM_WRITE) 4851 && (vma->vm_flags & VM_SHARED))); 4852 set_huge_pte_at(mm, haddr, ptep, new_pte); 4853 4854 hugetlb_count_add(pages_per_huge_page(h), mm); 4855 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { 4856 /* Optimization, do the COW without a second fault */ 4857 ret = hugetlb_cow(mm, vma, address, ptep, page, ptl); 4858 } 4859 4860 spin_unlock(ptl); 4861 4862 /* 4863 * Only set HPageMigratable in newly allocated pages. Existing pages 4864 * found in the pagecache may not have HPageMigratableset if they have 4865 * been isolated for migration. 4866 */ 4867 if (new_page) 4868 SetHPageMigratable(page); 4869 4870 unlock_page(page); 4871 out: 4872 return ret; 4873 4874 backout: 4875 spin_unlock(ptl); 4876 backout_unlocked: 4877 unlock_page(page); 4878 restore_reserve_on_error(h, vma, haddr, page); 4879 put_page(page); 4880 goto out; 4881 } 4882 4883 #ifdef CONFIG_SMP 4884 u32 hugetlb_fault_mutex_hash(struct address_space *mapping, pgoff_t idx) 4885 { 4886 unsigned long key[2]; 4887 u32 hash; 4888 4889 key[0] = (unsigned long) mapping; 4890 key[1] = idx; 4891 4892 hash = jhash2((u32 *)&key, sizeof(key)/(sizeof(u32)), 0); 4893 4894 return hash & (num_fault_mutexes - 1); 4895 } 4896 #else 4897 /* 4898 * For uniprocessor systems we always use a single mutex, so just 4899 * return 0 and avoid the hashing overhead. 4900 */ 4901 u32 hugetlb_fault_mutex_hash(struct address_space *mapping, pgoff_t idx) 4902 { 4903 return 0; 4904 } 4905 #endif 4906 4907 vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, 4908 unsigned long address, unsigned int flags) 4909 { 4910 pte_t *ptep, entry; 4911 spinlock_t *ptl; 4912 vm_fault_t ret; 4913 u32 hash; 4914 pgoff_t idx; 4915 struct page *page = NULL; 4916 struct page *pagecache_page = NULL; 4917 struct hstate *h = hstate_vma(vma); 4918 struct address_space *mapping; 4919 int need_wait_lock = 0; 4920 unsigned long haddr = address & huge_page_mask(h); 4921 4922 ptep = huge_pte_offset(mm, haddr, huge_page_size(h)); 4923 if (ptep) { 4924 /* 4925 * Since we hold no locks, ptep could be stale. That is 4926 * OK as we are only making decisions based on content and 4927 * not actually modifying content here. 4928 */ 4929 entry = huge_ptep_get(ptep); 4930 if (unlikely(is_hugetlb_entry_migration(entry))) { 4931 migration_entry_wait_huge(vma, mm, ptep); 4932 return 0; 4933 } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry))) 4934 return VM_FAULT_HWPOISON_LARGE | 4935 VM_FAULT_SET_HINDEX(hstate_index(h)); 4936 } 4937 4938 /* 4939 * Acquire i_mmap_rwsem before calling huge_pte_alloc and hold 4940 * until finished with ptep. This serves two purposes: 4941 * 1) It prevents huge_pmd_unshare from being called elsewhere 4942 * and making the ptep no longer valid. 4943 * 2) It synchronizes us with i_size modifications during truncation. 4944 * 4945 * ptep could have already be assigned via huge_pte_offset. That 4946 * is OK, as huge_pte_alloc will return the same value unless 4947 * something has changed. 4948 */ 4949 mapping = vma->vm_file->f_mapping; 4950 i_mmap_lock_read(mapping); 4951 ptep = huge_pte_alloc(mm, vma, haddr, huge_page_size(h)); 4952 if (!ptep) { 4953 i_mmap_unlock_read(mapping); 4954 return VM_FAULT_OOM; 4955 } 4956 4957 /* 4958 * Serialize hugepage allocation and instantiation, so that we don't 4959 * get spurious allocation failures if two CPUs race to instantiate 4960 * the same page in the page cache. 4961 */ 4962 idx = vma_hugecache_offset(h, vma, haddr); 4963 hash = hugetlb_fault_mutex_hash(mapping, idx); 4964 mutex_lock(&hugetlb_fault_mutex_table[hash]); 4965 4966 entry = huge_ptep_get(ptep); 4967 if (huge_pte_none(entry)) { 4968 ret = hugetlb_no_page(mm, vma, mapping, idx, address, ptep, flags); 4969 goto out_mutex; 4970 } 4971 4972 ret = 0; 4973 4974 /* 4975 * entry could be a migration/hwpoison entry at this point, so this 4976 * check prevents the kernel from going below assuming that we have 4977 * an active hugepage in pagecache. This goto expects the 2nd page 4978 * fault, and is_hugetlb_entry_(migration|hwpoisoned) check will 4979 * properly handle it. 4980 */ 4981 if (!pte_present(entry)) 4982 goto out_mutex; 4983 4984 /* 4985 * If we are going to COW the mapping later, we examine the pending 4986 * reservations for this page now. This will ensure that any 4987 * allocations necessary to record that reservation occur outside the 4988 * spinlock. For private mappings, we also lookup the pagecache 4989 * page now as it is used to determine if a reservation has been 4990 * consumed. 4991 */ 4992 if ((flags & FAULT_FLAG_WRITE) && !huge_pte_write(entry)) { 4993 if (vma_needs_reservation(h, vma, haddr) < 0) { 4994 ret = VM_FAULT_OOM; 4995 goto out_mutex; 4996 } 4997 /* Just decrements count, does not deallocate */ 4998 vma_end_reservation(h, vma, haddr); 4999 5000 if (!(vma->vm_flags & VM_MAYSHARE)) 5001 pagecache_page = hugetlbfs_pagecache_page(h, 5002 vma, haddr); 5003 } 5004 5005 ptl = huge_pte_lock(h, mm, ptep); 5006 5007 /* Check for a racing update before calling hugetlb_cow */ 5008 if (unlikely(!pte_same(entry, huge_ptep_get(ptep)))) 5009 goto out_ptl; 5010 5011 /* 5012 * hugetlb_cow() requires page locks of pte_page(entry) and 5013 * pagecache_page, so here we need take the former one 5014 * when page != pagecache_page or !pagecache_page. 5015 */ 5016 page = pte_page(entry); 5017 if (page != pagecache_page) 5018 if (!trylock_page(page)) { 5019 need_wait_lock = 1; 5020 goto out_ptl; 5021 } 5022 5023 get_page(page); 5024 5025 if (flags & FAULT_FLAG_WRITE) { 5026 if (!huge_pte_write(entry)) { 5027 ret = hugetlb_cow(mm, vma, address, ptep, 5028 pagecache_page, ptl); 5029 goto out_put_page; 5030 } 5031 entry = huge_pte_mkdirty(entry); 5032 } 5033 entry = pte_mkyoung(entry); 5034 if (huge_ptep_set_access_flags(vma, haddr, ptep, entry, 5035 flags & FAULT_FLAG_WRITE)) 5036 update_mmu_cache(vma, haddr, ptep); 5037 out_put_page: 5038 if (page != pagecache_page) 5039 unlock_page(page); 5040 put_page(page); 5041 out_ptl: 5042 spin_unlock(ptl); 5043 5044 if (pagecache_page) { 5045 unlock_page(pagecache_page); 5046 put_page(pagecache_page); 5047 } 5048 out_mutex: 5049 mutex_unlock(&hugetlb_fault_mutex_table[hash]); 5050 i_mmap_unlock_read(mapping); 5051 /* 5052 * Generally it's safe to hold refcount during waiting page lock. But 5053 * here we just wait to defer the next page fault to avoid busy loop and 5054 * the page is not used after unlocked before returning from the current 5055 * page fault. So we are safe from accessing freed page, even if we wait 5056 * here without taking refcount. 5057 */ 5058 if (need_wait_lock) 5059 wait_on_page_locked(page); 5060 return ret; 5061 } 5062 5063 #ifdef CONFIG_USERFAULTFD 5064 /* 5065 * Used by userfaultfd UFFDIO_COPY. Based on mcopy_atomic_pte with 5066 * modifications for huge pages. 5067 */ 5068 int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, 5069 pte_t *dst_pte, 5070 struct vm_area_struct *dst_vma, 5071 unsigned long dst_addr, 5072 unsigned long src_addr, 5073 enum mcopy_atomic_mode mode, 5074 struct page **pagep) 5075 { 5076 bool is_continue = (mode == MCOPY_ATOMIC_CONTINUE); 5077 struct address_space *mapping; 5078 pgoff_t idx; 5079 unsigned long size; 5080 int vm_shared = dst_vma->vm_flags & VM_SHARED; 5081 struct hstate *h = hstate_vma(dst_vma); 5082 pte_t _dst_pte; 5083 spinlock_t *ptl; 5084 int ret; 5085 struct page *page; 5086 int writable; 5087 5088 mapping = dst_vma->vm_file->f_mapping; 5089 idx = vma_hugecache_offset(h, dst_vma, dst_addr); 5090 5091 if (is_continue) { 5092 ret = -EFAULT; 5093 page = find_lock_page(mapping, idx); 5094 if (!page) 5095 goto out; 5096 } else if (!*pagep) { 5097 /* If a page already exists, then it's UFFDIO_COPY for 5098 * a non-missing case. Return -EEXIST. 5099 */ 5100 if (vm_shared && 5101 hugetlbfs_pagecache_present(h, dst_vma, dst_addr)) { 5102 ret = -EEXIST; 5103 goto out; 5104 } 5105 5106 page = alloc_huge_page(dst_vma, dst_addr, 0); 5107 if (IS_ERR(page)) { 5108 ret = -ENOMEM; 5109 goto out; 5110 } 5111 5112 ret = copy_huge_page_from_user(page, 5113 (const void __user *) src_addr, 5114 pages_per_huge_page(h), false); 5115 5116 /* fallback to copy_from_user outside mmap_lock */ 5117 if (unlikely(ret)) { 5118 ret = -ENOENT; 5119 *pagep = page; 5120 /* don't free the page */ 5121 goto out; 5122 } 5123 } else { 5124 page = *pagep; 5125 *pagep = NULL; 5126 } 5127 5128 /* 5129 * The memory barrier inside __SetPageUptodate makes sure that 5130 * preceding stores to the page contents become visible before 5131 * the set_pte_at() write. 5132 */ 5133 __SetPageUptodate(page); 5134 5135 /* Add shared, newly allocated pages to the page cache. */ 5136 if (vm_shared && !is_continue) { 5137 size = i_size_read(mapping->host) >> huge_page_shift(h); 5138 ret = -EFAULT; 5139 if (idx >= size) 5140 goto out_release_nounlock; 5141 5142 /* 5143 * Serialization between remove_inode_hugepages() and 5144 * huge_add_to_page_cache() below happens through the 5145 * hugetlb_fault_mutex_table that here must be hold by 5146 * the caller. 5147 */ 5148 ret = huge_add_to_page_cache(page, mapping, idx); 5149 if (ret) 5150 goto out_release_nounlock; 5151 } 5152 5153 ptl = huge_pte_lockptr(h, dst_mm, dst_pte); 5154 spin_lock(ptl); 5155 5156 /* 5157 * Recheck the i_size after holding PT lock to make sure not 5158 * to leave any page mapped (as page_mapped()) beyond the end 5159 * of the i_size (remove_inode_hugepages() is strict about 5160 * enforcing that). If we bail out here, we'll also leave a 5161 * page in the radix tree in the vm_shared case beyond the end 5162 * of the i_size, but remove_inode_hugepages() will take care 5163 * of it as soon as we drop the hugetlb_fault_mutex_table. 5164 */ 5165 size = i_size_read(mapping->host) >> huge_page_shift(h); 5166 ret = -EFAULT; 5167 if (idx >= size) 5168 goto out_release_unlock; 5169 5170 ret = -EEXIST; 5171 if (!huge_pte_none(huge_ptep_get(dst_pte))) 5172 goto out_release_unlock; 5173 5174 if (vm_shared) { 5175 page_dup_rmap(page, true); 5176 } else { 5177 ClearHPageRestoreReserve(page); 5178 hugepage_add_new_anon_rmap(page, dst_vma, dst_addr); 5179 } 5180 5181 /* For CONTINUE on a non-shared VMA, don't set VM_WRITE for CoW. */ 5182 if (is_continue && !vm_shared) 5183 writable = 0; 5184 else 5185 writable = dst_vma->vm_flags & VM_WRITE; 5186 5187 _dst_pte = make_huge_pte(dst_vma, page, writable); 5188 if (writable) 5189 _dst_pte = huge_pte_mkdirty(_dst_pte); 5190 _dst_pte = pte_mkyoung(_dst_pte); 5191 5192 set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); 5193 5194 (void)huge_ptep_set_access_flags(dst_vma, dst_addr, dst_pte, _dst_pte, 5195 dst_vma->vm_flags & VM_WRITE); 5196 hugetlb_count_add(pages_per_huge_page(h), dst_mm); 5197 5198 /* No need to invalidate - it was non-present before */ 5199 update_mmu_cache(dst_vma, dst_addr, dst_pte); 5200 5201 spin_unlock(ptl); 5202 if (!is_continue) 5203 SetHPageMigratable(page); 5204 if (vm_shared || is_continue) 5205 unlock_page(page); 5206 ret = 0; 5207 out: 5208 return ret; 5209 out_release_unlock: 5210 spin_unlock(ptl); 5211 if (vm_shared || is_continue) 5212 unlock_page(page); 5213 out_release_nounlock: 5214 restore_reserve_on_error(h, dst_vma, dst_addr, page); 5215 put_page(page); 5216 goto out; 5217 } 5218 #endif /* CONFIG_USERFAULTFD */ 5219 5220 static void record_subpages_vmas(struct page *page, struct vm_area_struct *vma, 5221 int refs, struct page **pages, 5222 struct vm_area_struct **vmas) 5223 { 5224 int nr; 5225 5226 for (nr = 0; nr < refs; nr++) { 5227 if (likely(pages)) 5228 pages[nr] = mem_map_offset(page, nr); 5229 if (vmas) 5230 vmas[nr] = vma; 5231 } 5232 } 5233 5234 long follow_hugetlb_page(struct mm_struct *mm, struct vm_area_struct *vma, 5235 struct page **pages, struct vm_area_struct **vmas, 5236 unsigned long *position, unsigned long *nr_pages, 5237 long i, unsigned int flags, int *locked) 5238 { 5239 unsigned long pfn_offset; 5240 unsigned long vaddr = *position; 5241 unsigned long remainder = *nr_pages; 5242 struct hstate *h = hstate_vma(vma); 5243 int err = -EFAULT, refs; 5244 5245 while (vaddr < vma->vm_end && remainder) { 5246 pte_t *pte; 5247 spinlock_t *ptl = NULL; 5248 int absent; 5249 struct page *page; 5250 5251 /* 5252 * If we have a pending SIGKILL, don't keep faulting pages and 5253 * potentially allocating memory. 5254 */ 5255 if (fatal_signal_pending(current)) { 5256 remainder = 0; 5257 break; 5258 } 5259 5260 /* 5261 * Some archs (sparc64, sh*) have multiple pte_ts to 5262 * each hugepage. We have to make sure we get the 5263 * first, for the page indexing below to work. 5264 * 5265 * Note that page table lock is not held when pte is null. 5266 */ 5267 pte = huge_pte_offset(mm, vaddr & huge_page_mask(h), 5268 huge_page_size(h)); 5269 if (pte) 5270 ptl = huge_pte_lock(h, mm, pte); 5271 absent = !pte || huge_pte_none(huge_ptep_get(pte)); 5272 5273 /* 5274 * When coredumping, it suits get_dump_page if we just return 5275 * an error where there's an empty slot with no huge pagecache 5276 * to back it. This way, we avoid allocating a hugepage, and 5277 * the sparse dumpfile avoids allocating disk blocks, but its 5278 * huge holes still show up with zeroes where they need to be. 5279 */ 5280 if (absent && (flags & FOLL_DUMP) && 5281 !hugetlbfs_pagecache_present(h, vma, vaddr)) { 5282 if (pte) 5283 spin_unlock(ptl); 5284 remainder = 0; 5285 break; 5286 } 5287 5288 /* 5289 * We need call hugetlb_fault for both hugepages under migration 5290 * (in which case hugetlb_fault waits for the migration,) and 5291 * hwpoisoned hugepages (in which case we need to prevent the 5292 * caller from accessing to them.) In order to do this, we use 5293 * here is_swap_pte instead of is_hugetlb_entry_migration and 5294 * is_hugetlb_entry_hwpoisoned. This is because it simply covers 5295 * both cases, and because we can't follow correct pages 5296 * directly from any kind of swap entries. 5297 */ 5298 if (absent || is_swap_pte(huge_ptep_get(pte)) || 5299 ((flags & FOLL_WRITE) && 5300 !huge_pte_write(huge_ptep_get(pte)))) { 5301 vm_fault_t ret; 5302 unsigned int fault_flags = 0; 5303 5304 if (pte) 5305 spin_unlock(ptl); 5306 if (flags & FOLL_WRITE) 5307 fault_flags |= FAULT_FLAG_WRITE; 5308 if (locked) 5309 fault_flags |= FAULT_FLAG_ALLOW_RETRY | 5310 FAULT_FLAG_KILLABLE; 5311 if (flags & FOLL_NOWAIT) 5312 fault_flags |= FAULT_FLAG_ALLOW_RETRY | 5313 FAULT_FLAG_RETRY_NOWAIT; 5314 if (flags & FOLL_TRIED) { 5315 /* 5316 * Note: FAULT_FLAG_ALLOW_RETRY and 5317 * FAULT_FLAG_TRIED can co-exist 5318 */ 5319 fault_flags |= FAULT_FLAG_TRIED; 5320 } 5321 ret = hugetlb_fault(mm, vma, vaddr, fault_flags); 5322 if (ret & VM_FAULT_ERROR) { 5323 err = vm_fault_to_errno(ret, flags); 5324 remainder = 0; 5325 break; 5326 } 5327 if (ret & VM_FAULT_RETRY) { 5328 if (locked && 5329 !(fault_flags & FAULT_FLAG_RETRY_NOWAIT)) 5330 *locked = 0; 5331 *nr_pages = 0; 5332 /* 5333 * VM_FAULT_RETRY must not return an 5334 * error, it will return zero 5335 * instead. 5336 * 5337 * No need to update "position" as the 5338 * caller will not check it after 5339 * *nr_pages is set to 0. 5340 */ 5341 return i; 5342 } 5343 continue; 5344 } 5345 5346 pfn_offset = (vaddr & ~huge_page_mask(h)) >> PAGE_SHIFT; 5347 page = pte_page(huge_ptep_get(pte)); 5348 5349 /* 5350 * If subpage information not requested, update counters 5351 * and skip the same_page loop below. 5352 */ 5353 if (!pages && !vmas && !pfn_offset && 5354 (vaddr + huge_page_size(h) < vma->vm_end) && 5355 (remainder >= pages_per_huge_page(h))) { 5356 vaddr += huge_page_size(h); 5357 remainder -= pages_per_huge_page(h); 5358 i += pages_per_huge_page(h); 5359 spin_unlock(ptl); 5360 continue; 5361 } 5362 5363 refs = min3(pages_per_huge_page(h) - pfn_offset, 5364 (vma->vm_end - vaddr) >> PAGE_SHIFT, remainder); 5365 5366 if (pages || vmas) 5367 record_subpages_vmas(mem_map_offset(page, pfn_offset), 5368 vma, refs, 5369 likely(pages) ? pages + i : NULL, 5370 vmas ? vmas + i : NULL); 5371 5372 if (pages) { 5373 /* 5374 * try_grab_compound_head() should always succeed here, 5375 * because: a) we hold the ptl lock, and b) we've just 5376 * checked that the huge page is present in the page 5377 * tables. If the huge page is present, then the tail 5378 * pages must also be present. The ptl prevents the 5379 * head page and tail pages from being rearranged in 5380 * any way. So this page must be available at this 5381 * point, unless the page refcount overflowed: 5382 */ 5383 if (WARN_ON_ONCE(!try_grab_compound_head(pages[i], 5384 refs, 5385 flags))) { 5386 spin_unlock(ptl); 5387 remainder = 0; 5388 err = -ENOMEM; 5389 break; 5390 } 5391 } 5392 5393 vaddr += (refs << PAGE_SHIFT); 5394 remainder -= refs; 5395 i += refs; 5396 5397 spin_unlock(ptl); 5398 } 5399 *nr_pages = remainder; 5400 /* 5401 * setting position is actually required only if remainder is 5402 * not zero but it's faster not to add a "if (remainder)" 5403 * branch. 5404 */ 5405 *position = vaddr; 5406 5407 return i ? i : err; 5408 } 5409 5410 unsigned long hugetlb_change_protection(struct vm_area_struct *vma, 5411 unsigned long address, unsigned long end, pgprot_t newprot) 5412 { 5413 struct mm_struct *mm = vma->vm_mm; 5414 unsigned long start = address; 5415 pte_t *ptep; 5416 pte_t pte; 5417 struct hstate *h = hstate_vma(vma); 5418 unsigned long pages = 0; 5419 bool shared_pmd = false; 5420 struct mmu_notifier_range range; 5421 5422 /* 5423 * In the case of shared PMDs, the area to flush could be beyond 5424 * start/end. Set range.start/range.end to cover the maximum possible 5425 * range if PMD sharing is possible. 5426 */ 5427 mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 5428 0, vma, mm, start, end); 5429 adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); 5430 5431 BUG_ON(address >= end); 5432 flush_cache_range(vma, range.start, range.end); 5433 5434 mmu_notifier_invalidate_range_start(&range); 5435 i_mmap_lock_write(vma->vm_file->f_mapping); 5436 for (; address < end; address += huge_page_size(h)) { 5437 spinlock_t *ptl; 5438 ptep = huge_pte_offset(mm, address, huge_page_size(h)); 5439 if (!ptep) 5440 continue; 5441 ptl = huge_pte_lock(h, mm, ptep); 5442 if (huge_pmd_unshare(mm, vma, &address, ptep)) { 5443 pages++; 5444 spin_unlock(ptl); 5445 shared_pmd = true; 5446 continue; 5447 } 5448 pte = huge_ptep_get(ptep); 5449 if (unlikely(is_hugetlb_entry_hwpoisoned(pte))) { 5450 spin_unlock(ptl); 5451 continue; 5452 } 5453 if (unlikely(is_hugetlb_entry_migration(pte))) { 5454 swp_entry_t entry = pte_to_swp_entry(pte); 5455 5456 if (is_write_migration_entry(entry)) { 5457 pte_t newpte; 5458 5459 make_migration_entry_read(&entry); 5460 newpte = swp_entry_to_pte(entry); 5461 set_huge_swap_pte_at(mm, address, ptep, 5462 newpte, huge_page_size(h)); 5463 pages++; 5464 } 5465 spin_unlock(ptl); 5466 continue; 5467 } 5468 if (!huge_pte_none(pte)) { 5469 pte_t old_pte; 5470 5471 old_pte = huge_ptep_modify_prot_start(vma, address, ptep); 5472 pte = pte_mkhuge(huge_pte_modify(old_pte, newprot)); 5473 pte = arch_make_huge_pte(pte, vma, NULL, 0); 5474 huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte); 5475 pages++; 5476 } 5477 spin_unlock(ptl); 5478 } 5479 /* 5480 * Must flush TLB before releasing i_mmap_rwsem: x86's huge_pmd_unshare 5481 * may have cleared our pud entry and done put_page on the page table: 5482 * once we release i_mmap_rwsem, another task can do the final put_page 5483 * and that page table be reused and filled with junk. If we actually 5484 * did unshare a page of pmds, flush the range corresponding to the pud. 5485 */ 5486 if (shared_pmd) 5487 flush_hugetlb_tlb_range(vma, range.start, range.end); 5488 else 5489 flush_hugetlb_tlb_range(vma, start, end); 5490 /* 5491 * No need to call mmu_notifier_invalidate_range() we are downgrading 5492 * page table protection not changing it to point to a new page. 5493 * 5494 * See Documentation/vm/mmu_notifier.rst 5495 */ 5496 i_mmap_unlock_write(vma->vm_file->f_mapping); 5497 mmu_notifier_invalidate_range_end(&range); 5498 5499 return pages << h->order; 5500 } 5501 5502 /* Return true if reservation was successful, false otherwise. */ 5503 bool hugetlb_reserve_pages(struct inode *inode, 5504 long from, long to, 5505 struct vm_area_struct *vma, 5506 vm_flags_t vm_flags) 5507 { 5508 long chg, add = -1; 5509 struct hstate *h = hstate_inode(inode); 5510 struct hugepage_subpool *spool = subpool_inode(inode); 5511 struct resv_map *resv_map; 5512 struct hugetlb_cgroup *h_cg = NULL; 5513 long gbl_reserve, regions_needed = 0; 5514 5515 /* This should never happen */ 5516 if (from > to) { 5517 VM_WARN(1, "%s called with a negative range\n", __func__); 5518 return false; 5519 } 5520 5521 /* 5522 * Only apply hugepage reservation if asked. At fault time, an 5523 * attempt will be made for VM_NORESERVE to allocate a page 5524 * without using reserves 5525 */ 5526 if (vm_flags & VM_NORESERVE) 5527 return true; 5528 5529 /* 5530 * Shared mappings base their reservation on the number of pages that 5531 * are already allocated on behalf of the file. Private mappings need 5532 * to reserve the full area even if read-only as mprotect() may be 5533 * called to make the mapping read-write. Assume !vma is a shm mapping 5534 */ 5535 if (!vma || vma->vm_flags & VM_MAYSHARE) { 5536 /* 5537 * resv_map can not be NULL as hugetlb_reserve_pages is only 5538 * called for inodes for which resv_maps were created (see 5539 * hugetlbfs_get_inode). 5540 */ 5541 resv_map = inode_resv_map(inode); 5542 5543 chg = region_chg(resv_map, from, to, ®ions_needed); 5544 5545 } else { 5546 /* Private mapping. */ 5547 resv_map = resv_map_alloc(); 5548 if (!resv_map) 5549 return false; 5550 5551 chg = to - from; 5552 5553 set_vma_resv_map(vma, resv_map); 5554 set_vma_resv_flags(vma, HPAGE_RESV_OWNER); 5555 } 5556 5557 if (chg < 0) 5558 goto out_err; 5559 5560 if (hugetlb_cgroup_charge_cgroup_rsvd(hstate_index(h), 5561 chg * pages_per_huge_page(h), &h_cg) < 0) 5562 goto out_err; 5563 5564 if (vma && !(vma->vm_flags & VM_MAYSHARE) && h_cg) { 5565 /* For private mappings, the hugetlb_cgroup uncharge info hangs 5566 * of the resv_map. 5567 */ 5568 resv_map_set_hugetlb_cgroup_uncharge_info(resv_map, h_cg, h); 5569 } 5570 5571 /* 5572 * There must be enough pages in the subpool for the mapping. If 5573 * the subpool has a minimum size, there may be some global 5574 * reservations already in place (gbl_reserve). 5575 */ 5576 gbl_reserve = hugepage_subpool_get_pages(spool, chg); 5577 if (gbl_reserve < 0) 5578 goto out_uncharge_cgroup; 5579 5580 /* 5581 * Check enough hugepages are available for the reservation. 5582 * Hand the pages back to the subpool if there are not 5583 */ 5584 if (hugetlb_acct_memory(h, gbl_reserve) < 0) 5585 goto out_put_pages; 5586 5587 /* 5588 * Account for the reservations made. Shared mappings record regions 5589 * that have reservations as they are shared by multiple VMAs. 5590 * When the last VMA disappears, the region map says how much 5591 * the reservation was and the page cache tells how much of 5592 * the reservation was consumed. Private mappings are per-VMA and 5593 * only the consumed reservations are tracked. When the VMA 5594 * disappears, the original reservation is the VMA size and the 5595 * consumed reservations are stored in the map. Hence, nothing 5596 * else has to be done for private mappings here 5597 */ 5598 if (!vma || vma->vm_flags & VM_MAYSHARE) { 5599 add = region_add(resv_map, from, to, regions_needed, h, h_cg); 5600 5601 if (unlikely(add < 0)) { 5602 hugetlb_acct_memory(h, -gbl_reserve); 5603 goto out_put_pages; 5604 } else if (unlikely(chg > add)) { 5605 /* 5606 * pages in this range were added to the reserve 5607 * map between region_chg and region_add. This 5608 * indicates a race with alloc_huge_page. Adjust 5609 * the subpool and reserve counts modified above 5610 * based on the difference. 5611 */ 5612 long rsv_adjust; 5613 5614 /* 5615 * hugetlb_cgroup_uncharge_cgroup_rsvd() will put the 5616 * reference to h_cg->css. See comment below for detail. 5617 */ 5618 hugetlb_cgroup_uncharge_cgroup_rsvd( 5619 hstate_index(h), 5620 (chg - add) * pages_per_huge_page(h), h_cg); 5621 5622 rsv_adjust = hugepage_subpool_put_pages(spool, 5623 chg - add); 5624 hugetlb_acct_memory(h, -rsv_adjust); 5625 } else if (h_cg) { 5626 /* 5627 * The file_regions will hold their own reference to 5628 * h_cg->css. So we should release the reference held 5629 * via hugetlb_cgroup_charge_cgroup_rsvd() when we are 5630 * done. 5631 */ 5632 hugetlb_cgroup_put_rsvd_cgroup(h_cg); 5633 } 5634 } 5635 return true; 5636 5637 out_put_pages: 5638 /* put back original number of pages, chg */ 5639 (void)hugepage_subpool_put_pages(spool, chg); 5640 out_uncharge_cgroup: 5641 hugetlb_cgroup_uncharge_cgroup_rsvd(hstate_index(h), 5642 chg * pages_per_huge_page(h), h_cg); 5643 out_err: 5644 if (!vma || vma->vm_flags & VM_MAYSHARE) 5645 /* Only call region_abort if the region_chg succeeded but the 5646 * region_add failed or didn't run. 5647 */ 5648 if (chg >= 0 && add < 0) 5649 region_abort(resv_map, from, to, regions_needed); 5650 if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) 5651 kref_put(&resv_map->refs, resv_map_release); 5652 return false; 5653 } 5654 5655 long hugetlb_unreserve_pages(struct inode *inode, long start, long end, 5656 long freed) 5657 { 5658 struct hstate *h = hstate_inode(inode); 5659 struct resv_map *resv_map = inode_resv_map(inode); 5660 long chg = 0; 5661 struct hugepage_subpool *spool = subpool_inode(inode); 5662 long gbl_reserve; 5663 5664 /* 5665 * Since this routine can be called in the evict inode path for all 5666 * hugetlbfs inodes, resv_map could be NULL. 5667 */ 5668 if (resv_map) { 5669 chg = region_del(resv_map, start, end); 5670 /* 5671 * region_del() can fail in the rare case where a region 5672 * must be split and another region descriptor can not be 5673 * allocated. If end == LONG_MAX, it will not fail. 5674 */ 5675 if (chg < 0) 5676 return chg; 5677 } 5678 5679 spin_lock(&inode->i_lock); 5680 inode->i_blocks -= (blocks_per_huge_page(h) * freed); 5681 spin_unlock(&inode->i_lock); 5682 5683 /* 5684 * If the subpool has a minimum size, the number of global 5685 * reservations to be released may be adjusted. 5686 * 5687 * Note that !resv_map implies freed == 0. So (chg - freed) 5688 * won't go negative. 5689 */ 5690 gbl_reserve = hugepage_subpool_put_pages(spool, (chg - freed)); 5691 hugetlb_acct_memory(h, -gbl_reserve); 5692 5693 return 0; 5694 } 5695 5696 #ifdef CONFIG_ARCH_WANT_HUGE_PMD_SHARE 5697 static unsigned long page_table_shareable(struct vm_area_struct *svma, 5698 struct vm_area_struct *vma, 5699 unsigned long addr, pgoff_t idx) 5700 { 5701 unsigned long saddr = ((idx - svma->vm_pgoff) << PAGE_SHIFT) + 5702 svma->vm_start; 5703 unsigned long sbase = saddr & PUD_MASK; 5704 unsigned long s_end = sbase + PUD_SIZE; 5705 5706 /* Allow segments to share if only one is marked locked */ 5707 unsigned long vm_flags = vma->vm_flags & VM_LOCKED_CLEAR_MASK; 5708 unsigned long svm_flags = svma->vm_flags & VM_LOCKED_CLEAR_MASK; 5709 5710 /* 5711 * match the virtual addresses, permission and the alignment of the 5712 * page table page. 5713 */ 5714 if (pmd_index(addr) != pmd_index(saddr) || 5715 vm_flags != svm_flags || 5716 !range_in_vma(svma, sbase, s_end)) 5717 return 0; 5718 5719 return saddr; 5720 } 5721 5722 static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) 5723 { 5724 unsigned long base = addr & PUD_MASK; 5725 unsigned long end = base + PUD_SIZE; 5726 5727 /* 5728 * check on proper vm_flags and page table alignment 5729 */ 5730 if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) 5731 return true; 5732 return false; 5733 } 5734 5735 bool want_pmd_share(struct vm_area_struct *vma, unsigned long addr) 5736 { 5737 #ifdef CONFIG_USERFAULTFD 5738 if (uffd_disable_huge_pmd_share(vma)) 5739 return false; 5740 #endif 5741 return vma_shareable(vma, addr); 5742 } 5743 5744 /* 5745 * Determine if start,end range within vma could be mapped by shared pmd. 5746 * If yes, adjust start and end to cover range associated with possible 5747 * shared pmd mappings. 5748 */ 5749 void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, 5750 unsigned long *start, unsigned long *end) 5751 { 5752 unsigned long v_start = ALIGN(vma->vm_start, PUD_SIZE), 5753 v_end = ALIGN_DOWN(vma->vm_end, PUD_SIZE); 5754 5755 /* 5756 * vma needs to span at least one aligned PUD size, and the range 5757 * must be at least partially within in. 5758 */ 5759 if (!(vma->vm_flags & VM_MAYSHARE) || !(v_end > v_start) || 5760 (*end <= v_start) || (*start >= v_end)) 5761 return; 5762 5763 /* Extend the range to be PUD aligned for a worst case scenario */ 5764 if (*start > v_start) 5765 *start = ALIGN_DOWN(*start, PUD_SIZE); 5766 5767 if (*end < v_end) 5768 *end = ALIGN(*end, PUD_SIZE); 5769 } 5770 5771 /* 5772 * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() 5773 * and returns the corresponding pte. While this is not necessary for the 5774 * !shared pmd case because we can allocate the pmd later as well, it makes the 5775 * code much cleaner. 5776 * 5777 * This routine must be called with i_mmap_rwsem held in at least read mode if 5778 * sharing is possible. For hugetlbfs, this prevents removal of any page 5779 * table entries associated with the address space. This is important as we 5780 * are setting up sharing based on existing page table entries (mappings). 5781 * 5782 * NOTE: This routine is only called from huge_pte_alloc. Some callers of 5783 * huge_pte_alloc know that sharing is not possible and do not take 5784 * i_mmap_rwsem as a performance optimization. This is handled by the 5785 * if !vma_shareable check at the beginning of the routine. i_mmap_rwsem is 5786 * only required for subsequent processing. 5787 */ 5788 pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, 5789 unsigned long addr, pud_t *pud) 5790 { 5791 struct address_space *mapping = vma->vm_file->f_mapping; 5792 pgoff_t idx = ((addr - vma->vm_start) >> PAGE_SHIFT) + 5793 vma->vm_pgoff; 5794 struct vm_area_struct *svma; 5795 unsigned long saddr; 5796 pte_t *spte = NULL; 5797 pte_t *pte; 5798 spinlock_t *ptl; 5799 5800 i_mmap_assert_locked(mapping); 5801 vma_interval_tree_foreach(svma, &mapping->i_mmap, idx, idx) { 5802 if (svma == vma) 5803 continue; 5804 5805 saddr = page_table_shareable(svma, vma, addr, idx); 5806 if (saddr) { 5807 spte = huge_pte_offset(svma->vm_mm, saddr, 5808 vma_mmu_pagesize(svma)); 5809 if (spte) { 5810 get_page(virt_to_page(spte)); 5811 break; 5812 } 5813 } 5814 } 5815 5816 if (!spte) 5817 goto out; 5818 5819 ptl = huge_pte_lock(hstate_vma(vma), mm, spte); 5820 if (pud_none(*pud)) { 5821 pud_populate(mm, pud, 5822 (pmd_t *)((unsigned long)spte & PAGE_MASK)); 5823 mm_inc_nr_pmds(mm); 5824 } else { 5825 put_page(virt_to_page(spte)); 5826 } 5827 spin_unlock(ptl); 5828 out: 5829 pte = (pte_t *)pmd_alloc(mm, pud, addr); 5830 return pte; 5831 } 5832 5833 /* 5834 * unmap huge page backed by shared pte. 5835 * 5836 * Hugetlb pte page is ref counted at the time of mapping. If pte is shared 5837 * indicated by page_count > 1, unmap is achieved by clearing pud and 5838 * decrementing the ref count. If count == 1, the pte page is not shared. 5839 * 5840 * Called with page table lock held and i_mmap_rwsem held in write mode. 5841 * 5842 * returns: 1 successfully unmapped a shared pte page 5843 * 0 the underlying pte page is not shared, or it is the last user 5844 */ 5845 int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, 5846 unsigned long *addr, pte_t *ptep) 5847 { 5848 pgd_t *pgd = pgd_offset(mm, *addr); 5849 p4d_t *p4d = p4d_offset(pgd, *addr); 5850 pud_t *pud = pud_offset(p4d, *addr); 5851 5852 i_mmap_assert_write_locked(vma->vm_file->f_mapping); 5853 BUG_ON(page_count(virt_to_page(ptep)) == 0); 5854 if (page_count(virt_to_page(ptep)) == 1) 5855 return 0; 5856 5857 pud_clear(pud); 5858 put_page(virt_to_page(ptep)); 5859 mm_dec_nr_pmds(mm); 5860 *addr = ALIGN(*addr, HPAGE_SIZE * PTRS_PER_PTE) - HPAGE_SIZE; 5861 return 1; 5862 } 5863 5864 #else /* !CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ 5865 pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, 5866 unsigned long addr, pud_t *pud) 5867 { 5868 return NULL; 5869 } 5870 5871 int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, 5872 unsigned long *addr, pte_t *ptep) 5873 { 5874 return 0; 5875 } 5876 5877 void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, 5878 unsigned long *start, unsigned long *end) 5879 { 5880 } 5881 5882 bool want_pmd_share(struct vm_area_struct *vma, unsigned long addr) 5883 { 5884 return false; 5885 } 5886 #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ 5887 5888 #ifdef CONFIG_ARCH_WANT_GENERAL_HUGETLB 5889 pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, 5890 unsigned long addr, unsigned long sz) 5891 { 5892 pgd_t *pgd; 5893 p4d_t *p4d; 5894 pud_t *pud; 5895 pte_t *pte = NULL; 5896 5897 pgd = pgd_offset(mm, addr); 5898 p4d = p4d_alloc(mm, pgd, addr); 5899 if (!p4d) 5900 return NULL; 5901 pud = pud_alloc(mm, p4d, addr); 5902 if (pud) { 5903 if (sz == PUD_SIZE) { 5904 pte = (pte_t *)pud; 5905 } else { 5906 BUG_ON(sz != PMD_SIZE); 5907 if (want_pmd_share(vma, addr) && pud_none(*pud)) 5908 pte = huge_pmd_share(mm, vma, addr, pud); 5909 else 5910 pte = (pte_t *)pmd_alloc(mm, pud, addr); 5911 } 5912 } 5913 BUG_ON(pte && pte_present(*pte) && !pte_huge(*pte)); 5914 5915 return pte; 5916 } 5917 5918 /* 5919 * huge_pte_offset() - Walk the page table to resolve the hugepage 5920 * entry at address @addr 5921 * 5922 * Return: Pointer to page table entry (PUD or PMD) for 5923 * address @addr, or NULL if a !p*d_present() entry is encountered and the 5924 * size @sz doesn't match the hugepage size at this level of the page 5925 * table. 5926 */ 5927 pte_t *huge_pte_offset(struct mm_struct *mm, 5928 unsigned long addr, unsigned long sz) 5929 { 5930 pgd_t *pgd; 5931 p4d_t *p4d; 5932 pud_t *pud; 5933 pmd_t *pmd; 5934 5935 pgd = pgd_offset(mm, addr); 5936 if (!pgd_present(*pgd)) 5937 return NULL; 5938 p4d = p4d_offset(pgd, addr); 5939 if (!p4d_present(*p4d)) 5940 return NULL; 5941 5942 pud = pud_offset(p4d, addr); 5943 if (sz == PUD_SIZE) 5944 /* must be pud huge, non-present or none */ 5945 return (pte_t *)pud; 5946 if (!pud_present(*pud)) 5947 return NULL; 5948 /* must have a valid entry and size to go further */ 5949 5950 pmd = pmd_offset(pud, addr); 5951 /* must be pmd huge, non-present or none */ 5952 return (pte_t *)pmd; 5953 } 5954 5955 #endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */ 5956 5957 /* 5958 * These functions are overwritable if your architecture needs its own 5959 * behavior. 5960 */ 5961 struct page * __weak 5962 follow_huge_addr(struct mm_struct *mm, unsigned long address, 5963 int write) 5964 { 5965 return ERR_PTR(-EINVAL); 5966 } 5967 5968 struct page * __weak 5969 follow_huge_pd(struct vm_area_struct *vma, 5970 unsigned long address, hugepd_t hpd, int flags, int pdshift) 5971 { 5972 WARN(1, "hugepd follow called with no support for hugepage directory format\n"); 5973 return NULL; 5974 } 5975 5976 struct page * __weak 5977 follow_huge_pmd(struct mm_struct *mm, unsigned long address, 5978 pmd_t *pmd, int flags) 5979 { 5980 struct page *page = NULL; 5981 spinlock_t *ptl; 5982 pte_t pte; 5983 5984 /* FOLL_GET and FOLL_PIN are mutually exclusive. */ 5985 if (WARN_ON_ONCE((flags & (FOLL_PIN | FOLL_GET)) == 5986 (FOLL_PIN | FOLL_GET))) 5987 return NULL; 5988 5989 retry: 5990 ptl = pmd_lockptr(mm, pmd); 5991 spin_lock(ptl); 5992 /* 5993 * make sure that the address range covered by this pmd is not 5994 * unmapped from other threads. 5995 */ 5996 if (!pmd_huge(*pmd)) 5997 goto out; 5998 pte = huge_ptep_get((pte_t *)pmd); 5999 if (pte_present(pte)) { 6000 page = pmd_page(*pmd) + ((address & ~PMD_MASK) >> PAGE_SHIFT); 6001 /* 6002 * try_grab_page() should always succeed here, because: a) we 6003 * hold the pmd (ptl) lock, and b) we've just checked that the 6004 * huge pmd (head) page is present in the page tables. The ptl 6005 * prevents the head page and tail pages from being rearranged 6006 * in any way. So this page must be available at this point, 6007 * unless the page refcount overflowed: 6008 */ 6009 if (WARN_ON_ONCE(!try_grab_page(page, flags))) { 6010 page = NULL; 6011 goto out; 6012 } 6013 } else { 6014 if (is_hugetlb_entry_migration(pte)) { 6015 spin_unlock(ptl); 6016 __migration_entry_wait(mm, (pte_t *)pmd, ptl); 6017 goto retry; 6018 } 6019 /* 6020 * hwpoisoned entry is treated as no_page_table in 6021 * follow_page_mask(). 6022 */ 6023 } 6024 out: 6025 spin_unlock(ptl); 6026 return page; 6027 } 6028 6029 struct page * __weak 6030 follow_huge_pud(struct mm_struct *mm, unsigned long address, 6031 pud_t *pud, int flags) 6032 { 6033 if (flags & (FOLL_GET | FOLL_PIN)) 6034 return NULL; 6035 6036 return pte_page(*(pte_t *)pud) + ((address & ~PUD_MASK) >> PAGE_SHIFT); 6037 } 6038 6039 struct page * __weak 6040 follow_huge_pgd(struct mm_struct *mm, unsigned long address, pgd_t *pgd, int flags) 6041 { 6042 if (flags & (FOLL_GET | FOLL_PIN)) 6043 return NULL; 6044 6045 return pte_page(*(pte_t *)pgd) + ((address & ~PGDIR_MASK) >> PAGE_SHIFT); 6046 } 6047 6048 bool isolate_huge_page(struct page *page, struct list_head *list) 6049 { 6050 bool ret = true; 6051 6052 spin_lock_irq(&hugetlb_lock); 6053 if (!PageHeadHuge(page) || 6054 !HPageMigratable(page) || 6055 !get_page_unless_zero(page)) { 6056 ret = false; 6057 goto unlock; 6058 } 6059 ClearHPageMigratable(page); 6060 list_move_tail(&page->lru, list); 6061 unlock: 6062 spin_unlock_irq(&hugetlb_lock); 6063 return ret; 6064 } 6065 6066 int get_hwpoison_huge_page(struct page *page, bool *hugetlb) 6067 { 6068 int ret = 0; 6069 6070 *hugetlb = false; 6071 spin_lock_irq(&hugetlb_lock); 6072 if (PageHeadHuge(page)) { 6073 *hugetlb = true; 6074 if (HPageFreed(page) || HPageMigratable(page)) 6075 ret = get_page_unless_zero(page); 6076 else 6077 ret = -EBUSY; 6078 } 6079 spin_unlock_irq(&hugetlb_lock); 6080 return ret; 6081 } 6082 6083 void putback_active_hugepage(struct page *page) 6084 { 6085 spin_lock_irq(&hugetlb_lock); 6086 SetHPageMigratable(page); 6087 list_move_tail(&page->lru, &(page_hstate(page))->hugepage_activelist); 6088 spin_unlock_irq(&hugetlb_lock); 6089 put_page(page); 6090 } 6091 6092 void move_hugetlb_state(struct page *oldpage, struct page *newpage, int reason) 6093 { 6094 struct hstate *h = page_hstate(oldpage); 6095 6096 hugetlb_cgroup_migrate(oldpage, newpage); 6097 set_page_owner_migrate_reason(newpage, reason); 6098 6099 /* 6100 * transfer temporary state of the new huge page. This is 6101 * reverse to other transitions because the newpage is going to 6102 * be final while the old one will be freed so it takes over 6103 * the temporary status. 6104 * 6105 * Also note that we have to transfer the per-node surplus state 6106 * here as well otherwise the global surplus count will not match 6107 * the per-node's. 6108 */ 6109 if (HPageTemporary(newpage)) { 6110 int old_nid = page_to_nid(oldpage); 6111 int new_nid = page_to_nid(newpage); 6112 6113 SetHPageTemporary(oldpage); 6114 ClearHPageTemporary(newpage); 6115 6116 /* 6117 * There is no need to transfer the per-node surplus state 6118 * when we do not cross the node. 6119 */ 6120 if (new_nid == old_nid) 6121 return; 6122 spin_lock_irq(&hugetlb_lock); 6123 if (h->surplus_huge_pages_node[old_nid]) { 6124 h->surplus_huge_pages_node[old_nid]--; 6125 h->surplus_huge_pages_node[new_nid]++; 6126 } 6127 spin_unlock_irq(&hugetlb_lock); 6128 } 6129 } 6130 6131 /* 6132 * This function will unconditionally remove all the shared pmd pgtable entries 6133 * within the specific vma for a hugetlbfs memory range. 6134 */ 6135 void hugetlb_unshare_all_pmds(struct vm_area_struct *vma) 6136 { 6137 struct hstate *h = hstate_vma(vma); 6138 unsigned long sz = huge_page_size(h); 6139 struct mm_struct *mm = vma->vm_mm; 6140 struct mmu_notifier_range range; 6141 unsigned long address, start, end; 6142 spinlock_t *ptl; 6143 pte_t *ptep; 6144 6145 if (!(vma->vm_flags & VM_MAYSHARE)) 6146 return; 6147 6148 start = ALIGN(vma->vm_start, PUD_SIZE); 6149 end = ALIGN_DOWN(vma->vm_end, PUD_SIZE); 6150 6151 if (start >= end) 6152 return; 6153 6154 /* 6155 * No need to call adjust_range_if_pmd_sharing_possible(), because 6156 * we have already done the PUD_SIZE alignment. 6157 */ 6158 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, vma, mm, 6159 start, end); 6160 mmu_notifier_invalidate_range_start(&range); 6161 i_mmap_lock_write(vma->vm_file->f_mapping); 6162 for (address = start; address < end; address += PUD_SIZE) { 6163 unsigned long tmp = address; 6164 6165 ptep = huge_pte_offset(mm, address, sz); 6166 if (!ptep) 6167 continue; 6168 ptl = huge_pte_lock(h, mm, ptep); 6169 /* We don't want 'address' to be changed */ 6170 huge_pmd_unshare(mm, vma, &tmp, ptep); 6171 spin_unlock(ptl); 6172 } 6173 flush_hugetlb_tlb_range(vma, start, end); 6174 i_mmap_unlock_write(vma->vm_file->f_mapping); 6175 /* 6176 * No need to call mmu_notifier_invalidate_range(), see 6177 * Documentation/vm/mmu_notifier.rst. 6178 */ 6179 mmu_notifier_invalidate_range_end(&range); 6180 } 6181 6182 #ifdef CONFIG_CMA 6183 static bool cma_reserve_called __initdata; 6184 6185 static int __init cmdline_parse_hugetlb_cma(char *p) 6186 { 6187 hugetlb_cma_size = memparse(p, &p); 6188 return 0; 6189 } 6190 6191 early_param("hugetlb_cma", cmdline_parse_hugetlb_cma); 6192 6193 void __init hugetlb_cma_reserve(int order) 6194 { 6195 unsigned long size, reserved, per_node; 6196 int nid; 6197 6198 cma_reserve_called = true; 6199 6200 if (!hugetlb_cma_size) 6201 return; 6202 6203 if (hugetlb_cma_size < (PAGE_SIZE << order)) { 6204 pr_warn("hugetlb_cma: cma area should be at least %lu MiB\n", 6205 (PAGE_SIZE << order) / SZ_1M); 6206 return; 6207 } 6208 6209 /* 6210 * If 3 GB area is requested on a machine with 4 numa nodes, 6211 * let's allocate 1 GB on first three nodes and ignore the last one. 6212 */ 6213 per_node = DIV_ROUND_UP(hugetlb_cma_size, nr_online_nodes); 6214 pr_info("hugetlb_cma: reserve %lu MiB, up to %lu MiB per node\n", 6215 hugetlb_cma_size / SZ_1M, per_node / SZ_1M); 6216 6217 reserved = 0; 6218 for_each_node_state(nid, N_ONLINE) { 6219 int res; 6220 char name[CMA_MAX_NAME]; 6221 6222 size = min(per_node, hugetlb_cma_size - reserved); 6223 size = round_up(size, PAGE_SIZE << order); 6224 6225 snprintf(name, sizeof(name), "hugetlb%d", nid); 6226 res = cma_declare_contiguous_nid(0, size, 0, PAGE_SIZE << order, 6227 0, false, name, 6228 &hugetlb_cma[nid], nid); 6229 if (res) { 6230 pr_warn("hugetlb_cma: reservation failed: err %d, node %d", 6231 res, nid); 6232 continue; 6233 } 6234 6235 reserved += size; 6236 pr_info("hugetlb_cma: reserved %lu MiB on node %d\n", 6237 size / SZ_1M, nid); 6238 6239 if (reserved >= hugetlb_cma_size) 6240 break; 6241 } 6242 } 6243 6244 void __init hugetlb_cma_check(void) 6245 { 6246 if (!hugetlb_cma_size || cma_reserve_called) 6247 return; 6248 6249 pr_warn("hugetlb_cma: the option isn't supported by current arch\n"); 6250 } 6251 6252 #endif /* CONFIG_CMA */ 6253