xref: /openbmc/linux/mm/swapfile.c (revision d5cb9783536a41df9f9cba5b0a1d78047ed787f7)
1 /*
2  *  linux/mm/swapfile.c
3  *
4  *  Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
5  *  Swap reorganised 29.12.95, Stephen Tweedie
6  */
7 
8 #include <linux/config.h>
9 #include <linux/mm.h>
10 #include <linux/hugetlb.h>
11 #include <linux/mman.h>
12 #include <linux/slab.h>
13 #include <linux/kernel_stat.h>
14 #include <linux/swap.h>
15 #include <linux/vmalloc.h>
16 #include <linux/pagemap.h>
17 #include <linux/namei.h>
18 #include <linux/shm.h>
19 #include <linux/blkdev.h>
20 #include <linux/writeback.h>
21 #include <linux/proc_fs.h>
22 #include <linux/seq_file.h>
23 #include <linux/init.h>
24 #include <linux/module.h>
25 #include <linux/rmap.h>
26 #include <linux/security.h>
27 #include <linux/backing-dev.h>
28 #include <linux/syscalls.h>
29 
30 #include <asm/pgtable.h>
31 #include <asm/tlbflush.h>
32 #include <linux/swapops.h>
33 
34 DEFINE_SPINLOCK(swap_lock);
35 unsigned int nr_swapfiles;
36 long total_swap_pages;
37 static int swap_overflow;
38 
39 EXPORT_SYMBOL(total_swap_pages);
40 
41 static const char Bad_file[] = "Bad swap file entry ";
42 static const char Unused_file[] = "Unused swap file entry ";
43 static const char Bad_offset[] = "Bad swap offset entry ";
44 static const char Unused_offset[] = "Unused swap offset entry ";
45 
46 struct swap_list_t swap_list = {-1, -1};
47 
48 struct swap_info_struct swap_info[MAX_SWAPFILES];
49 
50 static DECLARE_MUTEX(swapon_sem);
51 
52 /*
53  * We need this because the bdev->unplug_fn can sleep and we cannot
54  * hold swap_lock while calling the unplug_fn. And swap_lock
55  * cannot be turned into a semaphore.
56  */
57 static DECLARE_RWSEM(swap_unplug_sem);
58 
59 void swap_unplug_io_fn(struct backing_dev_info *unused_bdi, struct page *page)
60 {
61 	swp_entry_t entry;
62 
63 	down_read(&swap_unplug_sem);
64 	entry.val = page_private(page);
65 	if (PageSwapCache(page)) {
66 		struct block_device *bdev = swap_info[swp_type(entry)].bdev;
67 		struct backing_dev_info *bdi;
68 
69 		/*
70 		 * If the page is removed from swapcache from under us (with a
71 		 * racy try_to_unuse/swapoff) we need an additional reference
72 		 * count to avoid reading garbage from page_private(page) above.
73 		 * If the WARN_ON triggers during a swapoff it maybe the race
74 		 * condition and it's harmless. However if it triggers without
75 		 * swapoff it signals a problem.
76 		 */
77 		WARN_ON(page_count(page) <= 1);
78 
79 		bdi = bdev->bd_inode->i_mapping->backing_dev_info;
80 		blk_run_backing_dev(bdi, page);
81 	}
82 	up_read(&swap_unplug_sem);
83 }
84 
85 #define SWAPFILE_CLUSTER	256
86 #define LATENCY_LIMIT		256
87 
88 static inline unsigned long scan_swap_map(struct swap_info_struct *si)
89 {
90 	unsigned long offset, last_in_cluster;
91 	int latency_ration = LATENCY_LIMIT;
92 
93 	/*
94 	 * We try to cluster swap pages by allocating them sequentially
95 	 * in swap.  Once we've allocated SWAPFILE_CLUSTER pages this
96 	 * way, however, we resort to first-free allocation, starting
97 	 * a new cluster.  This prevents us from scattering swap pages
98 	 * all over the entire swap partition, so that we reduce
99 	 * overall disk seek times between swap pages.  -- sct
100 	 * But we do now try to find an empty cluster.  -Andrea
101 	 */
102 
103 	si->flags += SWP_SCANNING;
104 	if (unlikely(!si->cluster_nr)) {
105 		si->cluster_nr = SWAPFILE_CLUSTER - 1;
106 		if (si->pages - si->inuse_pages < SWAPFILE_CLUSTER)
107 			goto lowest;
108 		spin_unlock(&swap_lock);
109 
110 		offset = si->lowest_bit;
111 		last_in_cluster = offset + SWAPFILE_CLUSTER - 1;
112 
113 		/* Locate the first empty (unaligned) cluster */
114 		for (; last_in_cluster <= si->highest_bit; offset++) {
115 			if (si->swap_map[offset])
116 				last_in_cluster = offset + SWAPFILE_CLUSTER;
117 			else if (offset == last_in_cluster) {
118 				spin_lock(&swap_lock);
119 				si->cluster_next = offset-SWAPFILE_CLUSTER-1;
120 				goto cluster;
121 			}
122 			if (unlikely(--latency_ration < 0)) {
123 				cond_resched();
124 				latency_ration = LATENCY_LIMIT;
125 			}
126 		}
127 		spin_lock(&swap_lock);
128 		goto lowest;
129 	}
130 
131 	si->cluster_nr--;
132 cluster:
133 	offset = si->cluster_next;
134 	if (offset > si->highest_bit)
135 lowest:		offset = si->lowest_bit;
136 checks:	if (!(si->flags & SWP_WRITEOK))
137 		goto no_page;
138 	if (!si->highest_bit)
139 		goto no_page;
140 	if (!si->swap_map[offset]) {
141 		if (offset == si->lowest_bit)
142 			si->lowest_bit++;
143 		if (offset == si->highest_bit)
144 			si->highest_bit--;
145 		si->inuse_pages++;
146 		if (si->inuse_pages == si->pages) {
147 			si->lowest_bit = si->max;
148 			si->highest_bit = 0;
149 		}
150 		si->swap_map[offset] = 1;
151 		si->cluster_next = offset + 1;
152 		si->flags -= SWP_SCANNING;
153 		return offset;
154 	}
155 
156 	spin_unlock(&swap_lock);
157 	while (++offset <= si->highest_bit) {
158 		if (!si->swap_map[offset]) {
159 			spin_lock(&swap_lock);
160 			goto checks;
161 		}
162 		if (unlikely(--latency_ration < 0)) {
163 			cond_resched();
164 			latency_ration = LATENCY_LIMIT;
165 		}
166 	}
167 	spin_lock(&swap_lock);
168 	goto lowest;
169 
170 no_page:
171 	si->flags -= SWP_SCANNING;
172 	return 0;
173 }
174 
175 swp_entry_t get_swap_page(void)
176 {
177 	struct swap_info_struct *si;
178 	pgoff_t offset;
179 	int type, next;
180 	int wrapped = 0;
181 
182 	spin_lock(&swap_lock);
183 	if (nr_swap_pages <= 0)
184 		goto noswap;
185 	nr_swap_pages--;
186 
187 	for (type = swap_list.next; type >= 0 && wrapped < 2; type = next) {
188 		si = swap_info + type;
189 		next = si->next;
190 		if (next < 0 ||
191 		    (!wrapped && si->prio != swap_info[next].prio)) {
192 			next = swap_list.head;
193 			wrapped++;
194 		}
195 
196 		if (!si->highest_bit)
197 			continue;
198 		if (!(si->flags & SWP_WRITEOK))
199 			continue;
200 
201 		swap_list.next = next;
202 		offset = scan_swap_map(si);
203 		if (offset) {
204 			spin_unlock(&swap_lock);
205 			return swp_entry(type, offset);
206 		}
207 		next = swap_list.next;
208 	}
209 
210 	nr_swap_pages++;
211 noswap:
212 	spin_unlock(&swap_lock);
213 	return (swp_entry_t) {0};
214 }
215 
216 static struct swap_info_struct * swap_info_get(swp_entry_t entry)
217 {
218 	struct swap_info_struct * p;
219 	unsigned long offset, type;
220 
221 	if (!entry.val)
222 		goto out;
223 	type = swp_type(entry);
224 	if (type >= nr_swapfiles)
225 		goto bad_nofile;
226 	p = & swap_info[type];
227 	if (!(p->flags & SWP_USED))
228 		goto bad_device;
229 	offset = swp_offset(entry);
230 	if (offset >= p->max)
231 		goto bad_offset;
232 	if (!p->swap_map[offset])
233 		goto bad_free;
234 	spin_lock(&swap_lock);
235 	return p;
236 
237 bad_free:
238 	printk(KERN_ERR "swap_free: %s%08lx\n", Unused_offset, entry.val);
239 	goto out;
240 bad_offset:
241 	printk(KERN_ERR "swap_free: %s%08lx\n", Bad_offset, entry.val);
242 	goto out;
243 bad_device:
244 	printk(KERN_ERR "swap_free: %s%08lx\n", Unused_file, entry.val);
245 	goto out;
246 bad_nofile:
247 	printk(KERN_ERR "swap_free: %s%08lx\n", Bad_file, entry.val);
248 out:
249 	return NULL;
250 }
251 
252 static int swap_entry_free(struct swap_info_struct *p, unsigned long offset)
253 {
254 	int count = p->swap_map[offset];
255 
256 	if (count < SWAP_MAP_MAX) {
257 		count--;
258 		p->swap_map[offset] = count;
259 		if (!count) {
260 			if (offset < p->lowest_bit)
261 				p->lowest_bit = offset;
262 			if (offset > p->highest_bit)
263 				p->highest_bit = offset;
264 			if (p->prio > swap_info[swap_list.next].prio)
265 				swap_list.next = p - swap_info;
266 			nr_swap_pages++;
267 			p->inuse_pages--;
268 		}
269 	}
270 	return count;
271 }
272 
273 /*
274  * Caller has made sure that the swapdevice corresponding to entry
275  * is still around or has not been recycled.
276  */
277 void swap_free(swp_entry_t entry)
278 {
279 	struct swap_info_struct * p;
280 
281 	p = swap_info_get(entry);
282 	if (p) {
283 		swap_entry_free(p, swp_offset(entry));
284 		spin_unlock(&swap_lock);
285 	}
286 }
287 
288 /*
289  * How many references to page are currently swapped out?
290  */
291 static inline int page_swapcount(struct page *page)
292 {
293 	int count = 0;
294 	struct swap_info_struct *p;
295 	swp_entry_t entry;
296 
297 	entry.val = page_private(page);
298 	p = swap_info_get(entry);
299 	if (p) {
300 		/* Subtract the 1 for the swap cache itself */
301 		count = p->swap_map[swp_offset(entry)] - 1;
302 		spin_unlock(&swap_lock);
303 	}
304 	return count;
305 }
306 
307 /*
308  * We can use this swap cache entry directly
309  * if there are no other references to it.
310  */
311 int can_share_swap_page(struct page *page)
312 {
313 	int count;
314 
315 	BUG_ON(!PageLocked(page));
316 	count = page_mapcount(page);
317 	if (count <= 1 && PageSwapCache(page))
318 		count += page_swapcount(page);
319 	return count == 1;
320 }
321 
322 /*
323  * Work out if there are any other processes sharing this
324  * swap cache page. Free it if you can. Return success.
325  */
326 int remove_exclusive_swap_page(struct page *page)
327 {
328 	int retval;
329 	struct swap_info_struct * p;
330 	swp_entry_t entry;
331 
332 	BUG_ON(PagePrivate(page));
333 	BUG_ON(!PageLocked(page));
334 
335 	if (!PageSwapCache(page))
336 		return 0;
337 	if (PageWriteback(page))
338 		return 0;
339 	if (page_count(page) != 2) /* 2: us + cache */
340 		return 0;
341 
342 	entry.val = page_private(page);
343 	p = swap_info_get(entry);
344 	if (!p)
345 		return 0;
346 
347 	/* Is the only swap cache user the cache itself? */
348 	retval = 0;
349 	if (p->swap_map[swp_offset(entry)] == 1) {
350 		/* Recheck the page count with the swapcache lock held.. */
351 		write_lock_irq(&swapper_space.tree_lock);
352 		if ((page_count(page) == 2) && !PageWriteback(page)) {
353 			__delete_from_swap_cache(page);
354 			SetPageDirty(page);
355 			retval = 1;
356 		}
357 		write_unlock_irq(&swapper_space.tree_lock);
358 	}
359 	spin_unlock(&swap_lock);
360 
361 	if (retval) {
362 		swap_free(entry);
363 		page_cache_release(page);
364 	}
365 
366 	return retval;
367 }
368 
369 /*
370  * Free the swap entry like above, but also try to
371  * free the page cache entry if it is the last user.
372  */
373 void free_swap_and_cache(swp_entry_t entry)
374 {
375 	struct swap_info_struct * p;
376 	struct page *page = NULL;
377 
378 	p = swap_info_get(entry);
379 	if (p) {
380 		if (swap_entry_free(p, swp_offset(entry)) == 1)
381 			page = find_trylock_page(&swapper_space, entry.val);
382 		spin_unlock(&swap_lock);
383 	}
384 	if (page) {
385 		int one_user;
386 
387 		BUG_ON(PagePrivate(page));
388 		page_cache_get(page);
389 		one_user = (page_count(page) == 2);
390 		/* Only cache user (+us), or swap space full? Free it! */
391 		if (!PageWriteback(page) && (one_user || vm_swap_full())) {
392 			delete_from_swap_cache(page);
393 			SetPageDirty(page);
394 		}
395 		unlock_page(page);
396 		page_cache_release(page);
397 	}
398 }
399 
400 /*
401  * No need to decide whether this PTE shares the swap entry with others,
402  * just let do_wp_page work it out if a write is requested later - to
403  * force COW, vm_page_prot omits write permission from any private vma.
404  */
405 static void unuse_pte(struct vm_area_struct *vma, pte_t *pte,
406 		unsigned long addr, swp_entry_t entry, struct page *page)
407 {
408 	inc_mm_counter(vma->vm_mm, anon_rss);
409 	get_page(page);
410 	set_pte_at(vma->vm_mm, addr, pte,
411 		   pte_mkold(mk_pte(page, vma->vm_page_prot)));
412 	page_add_anon_rmap(page, vma, addr);
413 	swap_free(entry);
414 	/*
415 	 * Move the page to the active list so it is not
416 	 * immediately swapped out again after swapon.
417 	 */
418 	activate_page(page);
419 }
420 
421 static int unuse_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
422 				unsigned long addr, unsigned long end,
423 				swp_entry_t entry, struct page *page)
424 {
425 	pte_t swp_pte = swp_entry_to_pte(entry);
426 	pte_t *pte;
427 	spinlock_t *ptl;
428 	int found = 0;
429 
430 	pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
431 	do {
432 		/*
433 		 * swapoff spends a _lot_ of time in this loop!
434 		 * Test inline before going to call unuse_pte.
435 		 */
436 		if (unlikely(pte_same(*pte, swp_pte))) {
437 			unuse_pte(vma, pte++, addr, entry, page);
438 			found = 1;
439 			break;
440 		}
441 	} while (pte++, addr += PAGE_SIZE, addr != end);
442 	pte_unmap_unlock(pte - 1, ptl);
443 	return found;
444 }
445 
446 static inline int unuse_pmd_range(struct vm_area_struct *vma, pud_t *pud,
447 				unsigned long addr, unsigned long end,
448 				swp_entry_t entry, struct page *page)
449 {
450 	pmd_t *pmd;
451 	unsigned long next;
452 
453 	pmd = pmd_offset(pud, addr);
454 	do {
455 		next = pmd_addr_end(addr, end);
456 		if (pmd_none_or_clear_bad(pmd))
457 			continue;
458 		if (unuse_pte_range(vma, pmd, addr, next, entry, page))
459 			return 1;
460 	} while (pmd++, addr = next, addr != end);
461 	return 0;
462 }
463 
464 static inline int unuse_pud_range(struct vm_area_struct *vma, pgd_t *pgd,
465 				unsigned long addr, unsigned long end,
466 				swp_entry_t entry, struct page *page)
467 {
468 	pud_t *pud;
469 	unsigned long next;
470 
471 	pud = pud_offset(pgd, addr);
472 	do {
473 		next = pud_addr_end(addr, end);
474 		if (pud_none_or_clear_bad(pud))
475 			continue;
476 		if (unuse_pmd_range(vma, pud, addr, next, entry, page))
477 			return 1;
478 	} while (pud++, addr = next, addr != end);
479 	return 0;
480 }
481 
482 static int unuse_vma(struct vm_area_struct *vma,
483 				swp_entry_t entry, struct page *page)
484 {
485 	pgd_t *pgd;
486 	unsigned long addr, end, next;
487 
488 	if (page->mapping) {
489 		addr = page_address_in_vma(page, vma);
490 		if (addr == -EFAULT)
491 			return 0;
492 		else
493 			end = addr + PAGE_SIZE;
494 	} else {
495 		addr = vma->vm_start;
496 		end = vma->vm_end;
497 	}
498 
499 	pgd = pgd_offset(vma->vm_mm, addr);
500 	do {
501 		next = pgd_addr_end(addr, end);
502 		if (pgd_none_or_clear_bad(pgd))
503 			continue;
504 		if (unuse_pud_range(vma, pgd, addr, next, entry, page))
505 			return 1;
506 	} while (pgd++, addr = next, addr != end);
507 	return 0;
508 }
509 
510 static int unuse_mm(struct mm_struct *mm,
511 				swp_entry_t entry, struct page *page)
512 {
513 	struct vm_area_struct *vma;
514 
515 	if (!down_read_trylock(&mm->mmap_sem)) {
516 		/*
517 		 * Activate page so shrink_cache is unlikely to unmap its
518 		 * ptes while lock is dropped, so swapoff can make progress.
519 		 */
520 		activate_page(page);
521 		unlock_page(page);
522 		down_read(&mm->mmap_sem);
523 		lock_page(page);
524 	}
525 	for (vma = mm->mmap; vma; vma = vma->vm_next) {
526 		if (vma->anon_vma && unuse_vma(vma, entry, page))
527 			break;
528 	}
529 	up_read(&mm->mmap_sem);
530 	/*
531 	 * Currently unuse_mm cannot fail, but leave error handling
532 	 * at call sites for now, since we change it from time to time.
533 	 */
534 	return 0;
535 }
536 
537 /*
538  * Scan swap_map from current position to next entry still in use.
539  * Recycle to start on reaching the end, returning 0 when empty.
540  */
541 static unsigned int find_next_to_unuse(struct swap_info_struct *si,
542 					unsigned int prev)
543 {
544 	unsigned int max = si->max;
545 	unsigned int i = prev;
546 	int count;
547 
548 	/*
549 	 * No need for swap_lock here: we're just looking
550 	 * for whether an entry is in use, not modifying it; false
551 	 * hits are okay, and sys_swapoff() has already prevented new
552 	 * allocations from this area (while holding swap_lock).
553 	 */
554 	for (;;) {
555 		if (++i >= max) {
556 			if (!prev) {
557 				i = 0;
558 				break;
559 			}
560 			/*
561 			 * No entries in use at top of swap_map,
562 			 * loop back to start and recheck there.
563 			 */
564 			max = prev + 1;
565 			prev = 0;
566 			i = 1;
567 		}
568 		count = si->swap_map[i];
569 		if (count && count != SWAP_MAP_BAD)
570 			break;
571 	}
572 	return i;
573 }
574 
575 /*
576  * We completely avoid races by reading each swap page in advance,
577  * and then search for the process using it.  All the necessary
578  * page table adjustments can then be made atomically.
579  */
580 static int try_to_unuse(unsigned int type)
581 {
582 	struct swap_info_struct * si = &swap_info[type];
583 	struct mm_struct *start_mm;
584 	unsigned short *swap_map;
585 	unsigned short swcount;
586 	struct page *page;
587 	swp_entry_t entry;
588 	unsigned int i = 0;
589 	int retval = 0;
590 	int reset_overflow = 0;
591 	int shmem;
592 
593 	/*
594 	 * When searching mms for an entry, a good strategy is to
595 	 * start at the first mm we freed the previous entry from
596 	 * (though actually we don't notice whether we or coincidence
597 	 * freed the entry).  Initialize this start_mm with a hold.
598 	 *
599 	 * A simpler strategy would be to start at the last mm we
600 	 * freed the previous entry from; but that would take less
601 	 * advantage of mmlist ordering, which clusters forked mms
602 	 * together, child after parent.  If we race with dup_mmap(), we
603 	 * prefer to resolve parent before child, lest we miss entries
604 	 * duplicated after we scanned child: using last mm would invert
605 	 * that.  Though it's only a serious concern when an overflowed
606 	 * swap count is reset from SWAP_MAP_MAX, preventing a rescan.
607 	 */
608 	start_mm = &init_mm;
609 	atomic_inc(&init_mm.mm_users);
610 
611 	/*
612 	 * Keep on scanning until all entries have gone.  Usually,
613 	 * one pass through swap_map is enough, but not necessarily:
614 	 * there are races when an instance of an entry might be missed.
615 	 */
616 	while ((i = find_next_to_unuse(si, i)) != 0) {
617 		if (signal_pending(current)) {
618 			retval = -EINTR;
619 			break;
620 		}
621 
622 		/*
623 		 * Get a page for the entry, using the existing swap
624 		 * cache page if there is one.  Otherwise, get a clean
625 		 * page and read the swap into it.
626 		 */
627 		swap_map = &si->swap_map[i];
628 		entry = swp_entry(type, i);
629 		page = read_swap_cache_async(entry, NULL, 0);
630 		if (!page) {
631 			/*
632 			 * Either swap_duplicate() failed because entry
633 			 * has been freed independently, and will not be
634 			 * reused since sys_swapoff() already disabled
635 			 * allocation from here, or alloc_page() failed.
636 			 */
637 			if (!*swap_map)
638 				continue;
639 			retval = -ENOMEM;
640 			break;
641 		}
642 
643 		/*
644 		 * Don't hold on to start_mm if it looks like exiting.
645 		 */
646 		if (atomic_read(&start_mm->mm_users) == 1) {
647 			mmput(start_mm);
648 			start_mm = &init_mm;
649 			atomic_inc(&init_mm.mm_users);
650 		}
651 
652 		/*
653 		 * Wait for and lock page.  When do_swap_page races with
654 		 * try_to_unuse, do_swap_page can handle the fault much
655 		 * faster than try_to_unuse can locate the entry.  This
656 		 * apparently redundant "wait_on_page_locked" lets try_to_unuse
657 		 * defer to do_swap_page in such a case - in some tests,
658 		 * do_swap_page and try_to_unuse repeatedly compete.
659 		 */
660 		wait_on_page_locked(page);
661 		wait_on_page_writeback(page);
662 		lock_page(page);
663 		wait_on_page_writeback(page);
664 
665 		/*
666 		 * Remove all references to entry.
667 		 * Whenever we reach init_mm, there's no address space
668 		 * to search, but use it as a reminder to search shmem.
669 		 */
670 		shmem = 0;
671 		swcount = *swap_map;
672 		if (swcount > 1) {
673 			if (start_mm == &init_mm)
674 				shmem = shmem_unuse(entry, page);
675 			else
676 				retval = unuse_mm(start_mm, entry, page);
677 		}
678 		if (*swap_map > 1) {
679 			int set_start_mm = (*swap_map >= swcount);
680 			struct list_head *p = &start_mm->mmlist;
681 			struct mm_struct *new_start_mm = start_mm;
682 			struct mm_struct *prev_mm = start_mm;
683 			struct mm_struct *mm;
684 
685 			atomic_inc(&new_start_mm->mm_users);
686 			atomic_inc(&prev_mm->mm_users);
687 			spin_lock(&mmlist_lock);
688 			while (*swap_map > 1 && !retval &&
689 					(p = p->next) != &start_mm->mmlist) {
690 				mm = list_entry(p, struct mm_struct, mmlist);
691 				if (atomic_inc_return(&mm->mm_users) == 1) {
692 					atomic_dec(&mm->mm_users);
693 					continue;
694 				}
695 				spin_unlock(&mmlist_lock);
696 				mmput(prev_mm);
697 				prev_mm = mm;
698 
699 				cond_resched();
700 
701 				swcount = *swap_map;
702 				if (swcount <= 1)
703 					;
704 				else if (mm == &init_mm) {
705 					set_start_mm = 1;
706 					shmem = shmem_unuse(entry, page);
707 				} else
708 					retval = unuse_mm(mm, entry, page);
709 				if (set_start_mm && *swap_map < swcount) {
710 					mmput(new_start_mm);
711 					atomic_inc(&mm->mm_users);
712 					new_start_mm = mm;
713 					set_start_mm = 0;
714 				}
715 				spin_lock(&mmlist_lock);
716 			}
717 			spin_unlock(&mmlist_lock);
718 			mmput(prev_mm);
719 			mmput(start_mm);
720 			start_mm = new_start_mm;
721 		}
722 		if (retval) {
723 			unlock_page(page);
724 			page_cache_release(page);
725 			break;
726 		}
727 
728 		/*
729 		 * How could swap count reach 0x7fff when the maximum
730 		 * pid is 0x7fff, and there's no way to repeat a swap
731 		 * page within an mm (except in shmem, where it's the
732 		 * shared object which takes the reference count)?
733 		 * We believe SWAP_MAP_MAX cannot occur in Linux 2.4.
734 		 *
735 		 * If that's wrong, then we should worry more about
736 		 * exit_mmap() and do_munmap() cases described above:
737 		 * we might be resetting SWAP_MAP_MAX too early here.
738 		 * We know "Undead"s can happen, they're okay, so don't
739 		 * report them; but do report if we reset SWAP_MAP_MAX.
740 		 */
741 		if (*swap_map == SWAP_MAP_MAX) {
742 			spin_lock(&swap_lock);
743 			*swap_map = 1;
744 			spin_unlock(&swap_lock);
745 			reset_overflow = 1;
746 		}
747 
748 		/*
749 		 * If a reference remains (rare), we would like to leave
750 		 * the page in the swap cache; but try_to_unmap could
751 		 * then re-duplicate the entry once we drop page lock,
752 		 * so we might loop indefinitely; also, that page could
753 		 * not be swapped out to other storage meanwhile.  So:
754 		 * delete from cache even if there's another reference,
755 		 * after ensuring that the data has been saved to disk -
756 		 * since if the reference remains (rarer), it will be
757 		 * read from disk into another page.  Splitting into two
758 		 * pages would be incorrect if swap supported "shared
759 		 * private" pages, but they are handled by tmpfs files.
760 		 *
761 		 * Note shmem_unuse already deleted a swappage from
762 		 * the swap cache, unless the move to filepage failed:
763 		 * in which case it left swappage in cache, lowered its
764 		 * swap count to pass quickly through the loops above,
765 		 * and now we must reincrement count to try again later.
766 		 */
767 		if ((*swap_map > 1) && PageDirty(page) && PageSwapCache(page)) {
768 			struct writeback_control wbc = {
769 				.sync_mode = WB_SYNC_NONE,
770 			};
771 
772 			swap_writepage(page, &wbc);
773 			lock_page(page);
774 			wait_on_page_writeback(page);
775 		}
776 		if (PageSwapCache(page)) {
777 			if (shmem)
778 				swap_duplicate(entry);
779 			else
780 				delete_from_swap_cache(page);
781 		}
782 
783 		/*
784 		 * So we could skip searching mms once swap count went
785 		 * to 1, we did not mark any present ptes as dirty: must
786 		 * mark page dirty so shrink_list will preserve it.
787 		 */
788 		SetPageDirty(page);
789 		unlock_page(page);
790 		page_cache_release(page);
791 
792 		/*
793 		 * Make sure that we aren't completely killing
794 		 * interactive performance.
795 		 */
796 		cond_resched();
797 	}
798 
799 	mmput(start_mm);
800 	if (reset_overflow) {
801 		printk(KERN_WARNING "swapoff: cleared swap entry overflow\n");
802 		swap_overflow = 0;
803 	}
804 	return retval;
805 }
806 
807 /*
808  * After a successful try_to_unuse, if no swap is now in use, we know
809  * we can empty the mmlist.  swap_lock must be held on entry and exit.
810  * Note that mmlist_lock nests inside swap_lock, and an mm must be
811  * added to the mmlist just after page_duplicate - before would be racy.
812  */
813 static void drain_mmlist(void)
814 {
815 	struct list_head *p, *next;
816 	unsigned int i;
817 
818 	for (i = 0; i < nr_swapfiles; i++)
819 		if (swap_info[i].inuse_pages)
820 			return;
821 	spin_lock(&mmlist_lock);
822 	list_for_each_safe(p, next, &init_mm.mmlist)
823 		list_del_init(p);
824 	spin_unlock(&mmlist_lock);
825 }
826 
827 /*
828  * Use this swapdev's extent info to locate the (PAGE_SIZE) block which
829  * corresponds to page offset `offset'.
830  */
831 sector_t map_swap_page(struct swap_info_struct *sis, pgoff_t offset)
832 {
833 	struct swap_extent *se = sis->curr_swap_extent;
834 	struct swap_extent *start_se = se;
835 
836 	for ( ; ; ) {
837 		struct list_head *lh;
838 
839 		if (se->start_page <= offset &&
840 				offset < (se->start_page + se->nr_pages)) {
841 			return se->start_block + (offset - se->start_page);
842 		}
843 		lh = se->list.next;
844 		if (lh == &sis->extent_list)
845 			lh = lh->next;
846 		se = list_entry(lh, struct swap_extent, list);
847 		sis->curr_swap_extent = se;
848 		BUG_ON(se == start_se);		/* It *must* be present */
849 	}
850 }
851 
852 /*
853  * Free all of a swapdev's extent information
854  */
855 static void destroy_swap_extents(struct swap_info_struct *sis)
856 {
857 	while (!list_empty(&sis->extent_list)) {
858 		struct swap_extent *se;
859 
860 		se = list_entry(sis->extent_list.next,
861 				struct swap_extent, list);
862 		list_del(&se->list);
863 		kfree(se);
864 	}
865 }
866 
867 /*
868  * Add a block range (and the corresponding page range) into this swapdev's
869  * extent list.  The extent list is kept sorted in page order.
870  *
871  * This function rather assumes that it is called in ascending page order.
872  */
873 static int
874 add_swap_extent(struct swap_info_struct *sis, unsigned long start_page,
875 		unsigned long nr_pages, sector_t start_block)
876 {
877 	struct swap_extent *se;
878 	struct swap_extent *new_se;
879 	struct list_head *lh;
880 
881 	lh = sis->extent_list.prev;	/* The highest page extent */
882 	if (lh != &sis->extent_list) {
883 		se = list_entry(lh, struct swap_extent, list);
884 		BUG_ON(se->start_page + se->nr_pages != start_page);
885 		if (se->start_block + se->nr_pages == start_block) {
886 			/* Merge it */
887 			se->nr_pages += nr_pages;
888 			return 0;
889 		}
890 	}
891 
892 	/*
893 	 * No merge.  Insert a new extent, preserving ordering.
894 	 */
895 	new_se = kmalloc(sizeof(*se), GFP_KERNEL);
896 	if (new_se == NULL)
897 		return -ENOMEM;
898 	new_se->start_page = start_page;
899 	new_se->nr_pages = nr_pages;
900 	new_se->start_block = start_block;
901 
902 	list_add_tail(&new_se->list, &sis->extent_list);
903 	return 1;
904 }
905 
906 /*
907  * A `swap extent' is a simple thing which maps a contiguous range of pages
908  * onto a contiguous range of disk blocks.  An ordered list of swap extents
909  * is built at swapon time and is then used at swap_writepage/swap_readpage
910  * time for locating where on disk a page belongs.
911  *
912  * If the swapfile is an S_ISBLK block device, a single extent is installed.
913  * This is done so that the main operating code can treat S_ISBLK and S_ISREG
914  * swap files identically.
915  *
916  * Whether the swapdev is an S_ISREG file or an S_ISBLK blockdev, the swap
917  * extent list operates in PAGE_SIZE disk blocks.  Both S_ISREG and S_ISBLK
918  * swapfiles are handled *identically* after swapon time.
919  *
920  * For S_ISREG swapfiles, setup_swap_extents() will walk all the file's blocks
921  * and will parse them into an ordered extent list, in PAGE_SIZE chunks.  If
922  * some stray blocks are found which do not fall within the PAGE_SIZE alignment
923  * requirements, they are simply tossed out - we will never use those blocks
924  * for swapping.
925  *
926  * For S_ISREG swapfiles we set S_SWAPFILE across the life of the swapon.  This
927  * prevents root from shooting her foot off by ftruncating an in-use swapfile,
928  * which will scribble on the fs.
929  *
930  * The amount of disk space which a single swap extent represents varies.
931  * Typically it is in the 1-4 megabyte range.  So we can have hundreds of
932  * extents in the list.  To avoid much list walking, we cache the previous
933  * search location in `curr_swap_extent', and start new searches from there.
934  * This is extremely effective.  The average number of iterations in
935  * map_swap_page() has been measured at about 0.3 per page.  - akpm.
936  */
937 static int setup_swap_extents(struct swap_info_struct *sis, sector_t *span)
938 {
939 	struct inode *inode;
940 	unsigned blocks_per_page;
941 	unsigned long page_no;
942 	unsigned blkbits;
943 	sector_t probe_block;
944 	sector_t last_block;
945 	sector_t lowest_block = -1;
946 	sector_t highest_block = 0;
947 	int nr_extents = 0;
948 	int ret;
949 
950 	inode = sis->swap_file->f_mapping->host;
951 	if (S_ISBLK(inode->i_mode)) {
952 		ret = add_swap_extent(sis, 0, sis->max, 0);
953 		*span = sis->pages;
954 		goto done;
955 	}
956 
957 	blkbits = inode->i_blkbits;
958 	blocks_per_page = PAGE_SIZE >> blkbits;
959 
960 	/*
961 	 * Map all the blocks into the extent list.  This code doesn't try
962 	 * to be very smart.
963 	 */
964 	probe_block = 0;
965 	page_no = 0;
966 	last_block = i_size_read(inode) >> blkbits;
967 	while ((probe_block + blocks_per_page) <= last_block &&
968 			page_no < sis->max) {
969 		unsigned block_in_page;
970 		sector_t first_block;
971 
972 		first_block = bmap(inode, probe_block);
973 		if (first_block == 0)
974 			goto bad_bmap;
975 
976 		/*
977 		 * It must be PAGE_SIZE aligned on-disk
978 		 */
979 		if (first_block & (blocks_per_page - 1)) {
980 			probe_block++;
981 			goto reprobe;
982 		}
983 
984 		for (block_in_page = 1; block_in_page < blocks_per_page;
985 					block_in_page++) {
986 			sector_t block;
987 
988 			block = bmap(inode, probe_block + block_in_page);
989 			if (block == 0)
990 				goto bad_bmap;
991 			if (block != first_block + block_in_page) {
992 				/* Discontiguity */
993 				probe_block++;
994 				goto reprobe;
995 			}
996 		}
997 
998 		first_block >>= (PAGE_SHIFT - blkbits);
999 		if (page_no) {	/* exclude the header page */
1000 			if (first_block < lowest_block)
1001 				lowest_block = first_block;
1002 			if (first_block > highest_block)
1003 				highest_block = first_block;
1004 		}
1005 
1006 		/*
1007 		 * We found a PAGE_SIZE-length, PAGE_SIZE-aligned run of blocks
1008 		 */
1009 		ret = add_swap_extent(sis, page_no, 1, first_block);
1010 		if (ret < 0)
1011 			goto out;
1012 		nr_extents += ret;
1013 		page_no++;
1014 		probe_block += blocks_per_page;
1015 reprobe:
1016 		continue;
1017 	}
1018 	ret = nr_extents;
1019 	*span = 1 + highest_block - lowest_block;
1020 	if (page_no == 0)
1021 		page_no = 1;	/* force Empty message */
1022 	sis->max = page_no;
1023 	sis->pages = page_no - 1;
1024 	sis->highest_bit = page_no - 1;
1025 done:
1026 	sis->curr_swap_extent = list_entry(sis->extent_list.prev,
1027 					struct swap_extent, list);
1028 	goto out;
1029 bad_bmap:
1030 	printk(KERN_ERR "swapon: swapfile has holes\n");
1031 	ret = -EINVAL;
1032 out:
1033 	return ret;
1034 }
1035 
1036 #if 0	/* We don't need this yet */
1037 #include <linux/backing-dev.h>
1038 int page_queue_congested(struct page *page)
1039 {
1040 	struct backing_dev_info *bdi;
1041 
1042 	BUG_ON(!PageLocked(page));	/* It pins the swap_info_struct */
1043 
1044 	if (PageSwapCache(page)) {
1045 		swp_entry_t entry = { .val = page_private(page) };
1046 		struct swap_info_struct *sis;
1047 
1048 		sis = get_swap_info_struct(swp_type(entry));
1049 		bdi = sis->bdev->bd_inode->i_mapping->backing_dev_info;
1050 	} else
1051 		bdi = page->mapping->backing_dev_info;
1052 	return bdi_write_congested(bdi);
1053 }
1054 #endif
1055 
1056 asmlinkage long sys_swapoff(const char __user * specialfile)
1057 {
1058 	struct swap_info_struct * p = NULL;
1059 	unsigned short *swap_map;
1060 	struct file *swap_file, *victim;
1061 	struct address_space *mapping;
1062 	struct inode *inode;
1063 	char * pathname;
1064 	int i, type, prev;
1065 	int err;
1066 
1067 	if (!capable(CAP_SYS_ADMIN))
1068 		return -EPERM;
1069 
1070 	pathname = getname(specialfile);
1071 	err = PTR_ERR(pathname);
1072 	if (IS_ERR(pathname))
1073 		goto out;
1074 
1075 	victim = filp_open(pathname, O_RDWR|O_LARGEFILE, 0);
1076 	putname(pathname);
1077 	err = PTR_ERR(victim);
1078 	if (IS_ERR(victim))
1079 		goto out;
1080 
1081 	mapping = victim->f_mapping;
1082 	prev = -1;
1083 	spin_lock(&swap_lock);
1084 	for (type = swap_list.head; type >= 0; type = swap_info[type].next) {
1085 		p = swap_info + type;
1086 		if ((p->flags & SWP_ACTIVE) == SWP_ACTIVE) {
1087 			if (p->swap_file->f_mapping == mapping)
1088 				break;
1089 		}
1090 		prev = type;
1091 	}
1092 	if (type < 0) {
1093 		err = -EINVAL;
1094 		spin_unlock(&swap_lock);
1095 		goto out_dput;
1096 	}
1097 	if (!security_vm_enough_memory(p->pages))
1098 		vm_unacct_memory(p->pages);
1099 	else {
1100 		err = -ENOMEM;
1101 		spin_unlock(&swap_lock);
1102 		goto out_dput;
1103 	}
1104 	if (prev < 0) {
1105 		swap_list.head = p->next;
1106 	} else {
1107 		swap_info[prev].next = p->next;
1108 	}
1109 	if (type == swap_list.next) {
1110 		/* just pick something that's safe... */
1111 		swap_list.next = swap_list.head;
1112 	}
1113 	nr_swap_pages -= p->pages;
1114 	total_swap_pages -= p->pages;
1115 	p->flags &= ~SWP_WRITEOK;
1116 	spin_unlock(&swap_lock);
1117 
1118 	current->flags |= PF_SWAPOFF;
1119 	err = try_to_unuse(type);
1120 	current->flags &= ~PF_SWAPOFF;
1121 
1122 	if (err) {
1123 		/* re-insert swap space back into swap_list */
1124 		spin_lock(&swap_lock);
1125 		for (prev = -1, i = swap_list.head; i >= 0; prev = i, i = swap_info[i].next)
1126 			if (p->prio >= swap_info[i].prio)
1127 				break;
1128 		p->next = i;
1129 		if (prev < 0)
1130 			swap_list.head = swap_list.next = p - swap_info;
1131 		else
1132 			swap_info[prev].next = p - swap_info;
1133 		nr_swap_pages += p->pages;
1134 		total_swap_pages += p->pages;
1135 		p->flags |= SWP_WRITEOK;
1136 		spin_unlock(&swap_lock);
1137 		goto out_dput;
1138 	}
1139 
1140 	/* wait for any unplug function to finish */
1141 	down_write(&swap_unplug_sem);
1142 	up_write(&swap_unplug_sem);
1143 
1144 	destroy_swap_extents(p);
1145 	down(&swapon_sem);
1146 	spin_lock(&swap_lock);
1147 	drain_mmlist();
1148 
1149 	/* wait for anyone still in scan_swap_map */
1150 	p->highest_bit = 0;		/* cuts scans short */
1151 	while (p->flags >= SWP_SCANNING) {
1152 		spin_unlock(&swap_lock);
1153 		schedule_timeout_uninterruptible(1);
1154 		spin_lock(&swap_lock);
1155 	}
1156 
1157 	swap_file = p->swap_file;
1158 	p->swap_file = NULL;
1159 	p->max = 0;
1160 	swap_map = p->swap_map;
1161 	p->swap_map = NULL;
1162 	p->flags = 0;
1163 	spin_unlock(&swap_lock);
1164 	up(&swapon_sem);
1165 	vfree(swap_map);
1166 	inode = mapping->host;
1167 	if (S_ISBLK(inode->i_mode)) {
1168 		struct block_device *bdev = I_BDEV(inode);
1169 		set_blocksize(bdev, p->old_block_size);
1170 		bd_release(bdev);
1171 	} else {
1172 		down(&inode->i_sem);
1173 		inode->i_flags &= ~S_SWAPFILE;
1174 		up(&inode->i_sem);
1175 	}
1176 	filp_close(swap_file, NULL);
1177 	err = 0;
1178 
1179 out_dput:
1180 	filp_close(victim, NULL);
1181 out:
1182 	return err;
1183 }
1184 
1185 #ifdef CONFIG_PROC_FS
1186 /* iterator */
1187 static void *swap_start(struct seq_file *swap, loff_t *pos)
1188 {
1189 	struct swap_info_struct *ptr = swap_info;
1190 	int i;
1191 	loff_t l = *pos;
1192 
1193 	down(&swapon_sem);
1194 
1195 	for (i = 0; i < nr_swapfiles; i++, ptr++) {
1196 		if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1197 			continue;
1198 		if (!l--)
1199 			return ptr;
1200 	}
1201 
1202 	return NULL;
1203 }
1204 
1205 static void *swap_next(struct seq_file *swap, void *v, loff_t *pos)
1206 {
1207 	struct swap_info_struct *ptr = v;
1208 	struct swap_info_struct *endptr = swap_info + nr_swapfiles;
1209 
1210 	for (++ptr; ptr < endptr; ptr++) {
1211 		if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1212 			continue;
1213 		++*pos;
1214 		return ptr;
1215 	}
1216 
1217 	return NULL;
1218 }
1219 
1220 static void swap_stop(struct seq_file *swap, void *v)
1221 {
1222 	up(&swapon_sem);
1223 }
1224 
1225 static int swap_show(struct seq_file *swap, void *v)
1226 {
1227 	struct swap_info_struct *ptr = v;
1228 	struct file *file;
1229 	int len;
1230 
1231 	if (v == swap_info)
1232 		seq_puts(swap, "Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
1233 
1234 	file = ptr->swap_file;
1235 	len = seq_path(swap, file->f_vfsmnt, file->f_dentry, " \t\n\\");
1236 	seq_printf(swap, "%*s%s\t%u\t%u\t%d\n",
1237 		       len < 40 ? 40 - len : 1, " ",
1238 		       S_ISBLK(file->f_dentry->d_inode->i_mode) ?
1239 				"partition" : "file\t",
1240 		       ptr->pages << (PAGE_SHIFT - 10),
1241 		       ptr->inuse_pages << (PAGE_SHIFT - 10),
1242 		       ptr->prio);
1243 	return 0;
1244 }
1245 
1246 static struct seq_operations swaps_op = {
1247 	.start =	swap_start,
1248 	.next =		swap_next,
1249 	.stop =		swap_stop,
1250 	.show =		swap_show
1251 };
1252 
1253 static int swaps_open(struct inode *inode, struct file *file)
1254 {
1255 	return seq_open(file, &swaps_op);
1256 }
1257 
1258 static struct file_operations proc_swaps_operations = {
1259 	.open		= swaps_open,
1260 	.read		= seq_read,
1261 	.llseek		= seq_lseek,
1262 	.release	= seq_release,
1263 };
1264 
1265 static int __init procswaps_init(void)
1266 {
1267 	struct proc_dir_entry *entry;
1268 
1269 	entry = create_proc_entry("swaps", 0, NULL);
1270 	if (entry)
1271 		entry->proc_fops = &proc_swaps_operations;
1272 	return 0;
1273 }
1274 __initcall(procswaps_init);
1275 #endif /* CONFIG_PROC_FS */
1276 
1277 /*
1278  * Written 01/25/92 by Simmule Turner, heavily changed by Linus.
1279  *
1280  * The swapon system call
1281  */
1282 asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags)
1283 {
1284 	struct swap_info_struct * p;
1285 	char *name = NULL;
1286 	struct block_device *bdev = NULL;
1287 	struct file *swap_file = NULL;
1288 	struct address_space *mapping;
1289 	unsigned int type;
1290 	int i, prev;
1291 	int error;
1292 	static int least_priority;
1293 	union swap_header *swap_header = NULL;
1294 	int swap_header_version;
1295 	unsigned int nr_good_pages = 0;
1296 	int nr_extents = 0;
1297 	sector_t span;
1298 	unsigned long maxpages = 1;
1299 	int swapfilesize;
1300 	unsigned short *swap_map;
1301 	struct page *page = NULL;
1302 	struct inode *inode = NULL;
1303 	int did_down = 0;
1304 
1305 	if (!capable(CAP_SYS_ADMIN))
1306 		return -EPERM;
1307 	spin_lock(&swap_lock);
1308 	p = swap_info;
1309 	for (type = 0 ; type < nr_swapfiles ; type++,p++)
1310 		if (!(p->flags & SWP_USED))
1311 			break;
1312 	error = -EPERM;
1313 	/*
1314 	 * Test if adding another swap device is possible. There are
1315 	 * two limiting factors: 1) the number of bits for the swap
1316 	 * type swp_entry_t definition and 2) the number of bits for
1317 	 * the swap type in the swap ptes as defined by the different
1318 	 * architectures. To honor both limitations a swap entry
1319 	 * with swap offset 0 and swap type ~0UL is created, encoded
1320 	 * to a swap pte, decoded to a swp_entry_t again and finally
1321 	 * the swap type part is extracted. This will mask all bits
1322 	 * from the initial ~0UL that can't be encoded in either the
1323 	 * swp_entry_t or the architecture definition of a swap pte.
1324 	 */
1325 	if (type > swp_type(pte_to_swp_entry(swp_entry_to_pte(swp_entry(~0UL,0))))) {
1326 		spin_unlock(&swap_lock);
1327 		goto out;
1328 	}
1329 	if (type >= nr_swapfiles)
1330 		nr_swapfiles = type+1;
1331 	INIT_LIST_HEAD(&p->extent_list);
1332 	p->flags = SWP_USED;
1333 	p->swap_file = NULL;
1334 	p->old_block_size = 0;
1335 	p->swap_map = NULL;
1336 	p->lowest_bit = 0;
1337 	p->highest_bit = 0;
1338 	p->cluster_nr = 0;
1339 	p->inuse_pages = 0;
1340 	p->next = -1;
1341 	if (swap_flags & SWAP_FLAG_PREFER) {
1342 		p->prio =
1343 		  (swap_flags & SWAP_FLAG_PRIO_MASK)>>SWAP_FLAG_PRIO_SHIFT;
1344 	} else {
1345 		p->prio = --least_priority;
1346 	}
1347 	spin_unlock(&swap_lock);
1348 	name = getname(specialfile);
1349 	error = PTR_ERR(name);
1350 	if (IS_ERR(name)) {
1351 		name = NULL;
1352 		goto bad_swap_2;
1353 	}
1354 	swap_file = filp_open(name, O_RDWR|O_LARGEFILE, 0);
1355 	error = PTR_ERR(swap_file);
1356 	if (IS_ERR(swap_file)) {
1357 		swap_file = NULL;
1358 		goto bad_swap_2;
1359 	}
1360 
1361 	p->swap_file = swap_file;
1362 	mapping = swap_file->f_mapping;
1363 	inode = mapping->host;
1364 
1365 	error = -EBUSY;
1366 	for (i = 0; i < nr_swapfiles; i++) {
1367 		struct swap_info_struct *q = &swap_info[i];
1368 
1369 		if (i == type || !q->swap_file)
1370 			continue;
1371 		if (mapping == q->swap_file->f_mapping)
1372 			goto bad_swap;
1373 	}
1374 
1375 	error = -EINVAL;
1376 	if (S_ISBLK(inode->i_mode)) {
1377 		bdev = I_BDEV(inode);
1378 		error = bd_claim(bdev, sys_swapon);
1379 		if (error < 0) {
1380 			bdev = NULL;
1381 			error = -EINVAL;
1382 			goto bad_swap;
1383 		}
1384 		p->old_block_size = block_size(bdev);
1385 		error = set_blocksize(bdev, PAGE_SIZE);
1386 		if (error < 0)
1387 			goto bad_swap;
1388 		p->bdev = bdev;
1389 	} else if (S_ISREG(inode->i_mode)) {
1390 		p->bdev = inode->i_sb->s_bdev;
1391 		down(&inode->i_sem);
1392 		did_down = 1;
1393 		if (IS_SWAPFILE(inode)) {
1394 			error = -EBUSY;
1395 			goto bad_swap;
1396 		}
1397 	} else {
1398 		goto bad_swap;
1399 	}
1400 
1401 	swapfilesize = i_size_read(inode) >> PAGE_SHIFT;
1402 
1403 	/*
1404 	 * Read the swap header.
1405 	 */
1406 	if (!mapping->a_ops->readpage) {
1407 		error = -EINVAL;
1408 		goto bad_swap;
1409 	}
1410 	page = read_cache_page(mapping, 0,
1411 			(filler_t *)mapping->a_ops->readpage, swap_file);
1412 	if (IS_ERR(page)) {
1413 		error = PTR_ERR(page);
1414 		goto bad_swap;
1415 	}
1416 	wait_on_page_locked(page);
1417 	if (!PageUptodate(page))
1418 		goto bad_swap;
1419 	kmap(page);
1420 	swap_header = page_address(page);
1421 
1422 	if (!memcmp("SWAP-SPACE",swap_header->magic.magic,10))
1423 		swap_header_version = 1;
1424 	else if (!memcmp("SWAPSPACE2",swap_header->magic.magic,10))
1425 		swap_header_version = 2;
1426 	else {
1427 		printk("Unable to find swap-space signature\n");
1428 		error = -EINVAL;
1429 		goto bad_swap;
1430 	}
1431 
1432 	switch (swap_header_version) {
1433 	case 1:
1434 		printk(KERN_ERR "version 0 swap is no longer supported. "
1435 			"Use mkswap -v1 %s\n", name);
1436 		error = -EINVAL;
1437 		goto bad_swap;
1438 	case 2:
1439 		/* Check the swap header's sub-version and the size of
1440                    the swap file and bad block lists */
1441 		if (swap_header->info.version != 1) {
1442 			printk(KERN_WARNING
1443 			       "Unable to handle swap header version %d\n",
1444 			       swap_header->info.version);
1445 			error = -EINVAL;
1446 			goto bad_swap;
1447 		}
1448 
1449 		p->lowest_bit  = 1;
1450 		p->cluster_next = 1;
1451 
1452 		/*
1453 		 * Find out how many pages are allowed for a single swap
1454 		 * device. There are two limiting factors: 1) the number of
1455 		 * bits for the swap offset in the swp_entry_t type and
1456 		 * 2) the number of bits in the a swap pte as defined by
1457 		 * the different architectures. In order to find the
1458 		 * largest possible bit mask a swap entry with swap type 0
1459 		 * and swap offset ~0UL is created, encoded to a swap pte,
1460 		 * decoded to a swp_entry_t again and finally the swap
1461 		 * offset is extracted. This will mask all the bits from
1462 		 * the initial ~0UL mask that can't be encoded in either
1463 		 * the swp_entry_t or the architecture definition of a
1464 		 * swap pte.
1465 		 */
1466 		maxpages = swp_offset(pte_to_swp_entry(swp_entry_to_pte(swp_entry(0,~0UL)))) - 1;
1467 		if (maxpages > swap_header->info.last_page)
1468 			maxpages = swap_header->info.last_page;
1469 		p->highest_bit = maxpages - 1;
1470 
1471 		error = -EINVAL;
1472 		if (!maxpages)
1473 			goto bad_swap;
1474 		if (swap_header->info.nr_badpages && S_ISREG(inode->i_mode))
1475 			goto bad_swap;
1476 		if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES)
1477 			goto bad_swap;
1478 
1479 		/* OK, set up the swap map and apply the bad block list */
1480 		if (!(p->swap_map = vmalloc(maxpages * sizeof(short)))) {
1481 			error = -ENOMEM;
1482 			goto bad_swap;
1483 		}
1484 
1485 		error = 0;
1486 		memset(p->swap_map, 0, maxpages * sizeof(short));
1487 		for (i=0; i<swap_header->info.nr_badpages; i++) {
1488 			int page = swap_header->info.badpages[i];
1489 			if (page <= 0 || page >= swap_header->info.last_page)
1490 				error = -EINVAL;
1491 			else
1492 				p->swap_map[page] = SWAP_MAP_BAD;
1493 		}
1494 		nr_good_pages = swap_header->info.last_page -
1495 				swap_header->info.nr_badpages -
1496 				1 /* header page */;
1497 		if (error)
1498 			goto bad_swap;
1499 	}
1500 
1501 	if (swapfilesize && maxpages > swapfilesize) {
1502 		printk(KERN_WARNING
1503 		       "Swap area shorter than signature indicates\n");
1504 		error = -EINVAL;
1505 		goto bad_swap;
1506 	}
1507 	if (nr_good_pages) {
1508 		p->swap_map[0] = SWAP_MAP_BAD;
1509 		p->max = maxpages;
1510 		p->pages = nr_good_pages;
1511 		nr_extents = setup_swap_extents(p, &span);
1512 		if (nr_extents < 0) {
1513 			error = nr_extents;
1514 			goto bad_swap;
1515 		}
1516 		nr_good_pages = p->pages;
1517 	}
1518 	if (!nr_good_pages) {
1519 		printk(KERN_WARNING "Empty swap-file\n");
1520 		error = -EINVAL;
1521 		goto bad_swap;
1522 	}
1523 
1524 	down(&swapon_sem);
1525 	spin_lock(&swap_lock);
1526 	p->flags = SWP_ACTIVE;
1527 	nr_swap_pages += nr_good_pages;
1528 	total_swap_pages += nr_good_pages;
1529 
1530 	printk(KERN_INFO "Adding %uk swap on %s.  "
1531 			"Priority:%d extents:%d across:%lluk\n",
1532 		nr_good_pages<<(PAGE_SHIFT-10), name, p->prio,
1533 		nr_extents, (unsigned long long)span<<(PAGE_SHIFT-10));
1534 
1535 	/* insert swap space into swap_list: */
1536 	prev = -1;
1537 	for (i = swap_list.head; i >= 0; i = swap_info[i].next) {
1538 		if (p->prio >= swap_info[i].prio) {
1539 			break;
1540 		}
1541 		prev = i;
1542 	}
1543 	p->next = i;
1544 	if (prev < 0) {
1545 		swap_list.head = swap_list.next = p - swap_info;
1546 	} else {
1547 		swap_info[prev].next = p - swap_info;
1548 	}
1549 	spin_unlock(&swap_lock);
1550 	up(&swapon_sem);
1551 	error = 0;
1552 	goto out;
1553 bad_swap:
1554 	if (bdev) {
1555 		set_blocksize(bdev, p->old_block_size);
1556 		bd_release(bdev);
1557 	}
1558 	destroy_swap_extents(p);
1559 bad_swap_2:
1560 	spin_lock(&swap_lock);
1561 	swap_map = p->swap_map;
1562 	p->swap_file = NULL;
1563 	p->swap_map = NULL;
1564 	p->flags = 0;
1565 	if (!(swap_flags & SWAP_FLAG_PREFER))
1566 		++least_priority;
1567 	spin_unlock(&swap_lock);
1568 	vfree(swap_map);
1569 	if (swap_file)
1570 		filp_close(swap_file, NULL);
1571 out:
1572 	if (page && !IS_ERR(page)) {
1573 		kunmap(page);
1574 		page_cache_release(page);
1575 	}
1576 	if (name)
1577 		putname(name);
1578 	if (did_down) {
1579 		if (!error)
1580 			inode->i_flags |= S_SWAPFILE;
1581 		up(&inode->i_sem);
1582 	}
1583 	return error;
1584 }
1585 
1586 void si_swapinfo(struct sysinfo *val)
1587 {
1588 	unsigned int i;
1589 	unsigned long nr_to_be_unused = 0;
1590 
1591 	spin_lock(&swap_lock);
1592 	for (i = 0; i < nr_swapfiles; i++) {
1593 		if (!(swap_info[i].flags & SWP_USED) ||
1594 		     (swap_info[i].flags & SWP_WRITEOK))
1595 			continue;
1596 		nr_to_be_unused += swap_info[i].inuse_pages;
1597 	}
1598 	val->freeswap = nr_swap_pages + nr_to_be_unused;
1599 	val->totalswap = total_swap_pages + nr_to_be_unused;
1600 	spin_unlock(&swap_lock);
1601 }
1602 
1603 /*
1604  * Verify that a swap entry is valid and increment its swap map count.
1605  *
1606  * Note: if swap_map[] reaches SWAP_MAP_MAX the entries are treated as
1607  * "permanent", but will be reclaimed by the next swapoff.
1608  */
1609 int swap_duplicate(swp_entry_t entry)
1610 {
1611 	struct swap_info_struct * p;
1612 	unsigned long offset, type;
1613 	int result = 0;
1614 
1615 	type = swp_type(entry);
1616 	if (type >= nr_swapfiles)
1617 		goto bad_file;
1618 	p = type + swap_info;
1619 	offset = swp_offset(entry);
1620 
1621 	spin_lock(&swap_lock);
1622 	if (offset < p->max && p->swap_map[offset]) {
1623 		if (p->swap_map[offset] < SWAP_MAP_MAX - 1) {
1624 			p->swap_map[offset]++;
1625 			result = 1;
1626 		} else if (p->swap_map[offset] <= SWAP_MAP_MAX) {
1627 			if (swap_overflow++ < 5)
1628 				printk(KERN_WARNING "swap_dup: swap entry overflow\n");
1629 			p->swap_map[offset] = SWAP_MAP_MAX;
1630 			result = 1;
1631 		}
1632 	}
1633 	spin_unlock(&swap_lock);
1634 out:
1635 	return result;
1636 
1637 bad_file:
1638 	printk(KERN_ERR "swap_dup: %s%08lx\n", Bad_file, entry.val);
1639 	goto out;
1640 }
1641 
1642 struct swap_info_struct *
1643 get_swap_info_struct(unsigned type)
1644 {
1645 	return &swap_info[type];
1646 }
1647 
1648 /*
1649  * swap_lock prevents swap_map being freed. Don't grab an extra
1650  * reference on the swaphandle, it doesn't matter if it becomes unused.
1651  */
1652 int valid_swaphandles(swp_entry_t entry, unsigned long *offset)
1653 {
1654 	int ret = 0, i = 1 << page_cluster;
1655 	unsigned long toff;
1656 	struct swap_info_struct *swapdev = swp_type(entry) + swap_info;
1657 
1658 	if (!page_cluster)	/* no readahead */
1659 		return 0;
1660 	toff = (swp_offset(entry) >> page_cluster) << page_cluster;
1661 	if (!toff)		/* first page is swap header */
1662 		toff++, i--;
1663 	*offset = toff;
1664 
1665 	spin_lock(&swap_lock);
1666 	do {
1667 		/* Don't read-ahead past the end of the swap area */
1668 		if (toff >= swapdev->max)
1669 			break;
1670 		/* Don't read in free or bad pages */
1671 		if (!swapdev->swap_map[toff])
1672 			break;
1673 		if (swapdev->swap_map[toff] == SWAP_MAP_BAD)
1674 			break;
1675 		toff++;
1676 		ret++;
1677 	} while (--i);
1678 	spin_unlock(&swap_lock);
1679 	return ret;
1680 }
1681