]> git.ipfire.org Git - thirdparty/linux.git/blob - mm/khugepaged.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scripts/objdump-func: Support multiple functions
[thirdparty/linux.git] / mm / khugepaged.c
1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3
4 #include <linux/mm.h>
5 #include <linux/sched.h>
6 #include <linux/sched/mm.h>
7 #include <linux/sched/coredump.h>
8 #include <linux/mmu_notifier.h>
9 #include <linux/rmap.h>
10 #include <linux/swap.h>
11 #include <linux/mm_inline.h>
12 #include <linux/kthread.h>
13 #include <linux/khugepaged.h>
14 #include <linux/freezer.h>
15 #include <linux/mman.h>
16 #include <linux/hashtable.h>
17 #include <linux/userfaultfd_k.h>
18 #include <linux/page_idle.h>
19 #include <linux/page_table_check.h>
20 #include <linux/swapops.h>
21 #include <linux/shmem_fs.h>
22
23 #include <asm/tlb.h>
24 #include <asm/pgalloc.h>
25 #include "internal.h"
26 #include "mm_slot.h"
27
28 enum scan_result {
29 SCAN_FAIL,
30 SCAN_SUCCEED,
31 SCAN_PMD_NULL,
32 SCAN_PMD_NONE,
33 SCAN_PMD_MAPPED,
34 SCAN_EXCEED_NONE_PTE,
35 SCAN_EXCEED_SWAP_PTE,
36 SCAN_EXCEED_SHARED_PTE,
37 SCAN_PTE_NON_PRESENT,
38 SCAN_PTE_UFFD_WP,
39 SCAN_PTE_MAPPED_HUGEPAGE,
40 SCAN_PAGE_RO,
41 SCAN_LACK_REFERENCED_PAGE,
42 SCAN_PAGE_NULL,
43 SCAN_SCAN_ABORT,
44 SCAN_PAGE_COUNT,
45 SCAN_PAGE_LRU,
46 SCAN_PAGE_LOCK,
47 SCAN_PAGE_ANON,
48 SCAN_PAGE_COMPOUND,
49 SCAN_ANY_PROCESS,
50 SCAN_VMA_NULL,
51 SCAN_VMA_CHECK,
52 SCAN_ADDRESS_RANGE,
53 SCAN_DEL_PAGE_LRU,
54 SCAN_ALLOC_HUGE_PAGE_FAIL,
55 SCAN_CGROUP_CHARGE_FAIL,
56 SCAN_TRUNCATED,
57 SCAN_PAGE_HAS_PRIVATE,
58 };
59
60 #define CREATE_TRACE_POINTS
61 #include <trace/events/huge_memory.h>
62
63 static struct task_struct *khugepaged_thread __read_mostly;
64 static DEFINE_MUTEX(khugepaged_mutex);
65
66 /* default scan 8*512 pte (or vmas) every 30 second */
67 static unsigned int khugepaged_pages_to_scan __read_mostly;
68 static unsigned int khugepaged_pages_collapsed;
69 static unsigned int khugepaged_full_scans;
70 static unsigned int khugepaged_scan_sleep_millisecs __read_mostly = 10000;
71 /* during fragmentation poll the hugepage allocator once every minute */
72 static unsigned int khugepaged_alloc_sleep_millisecs __read_mostly = 60000;
73 static unsigned long khugepaged_sleep_expire;
74 static DEFINE_SPINLOCK(khugepaged_mm_lock);
75 static DECLARE_WAIT_QUEUE_HEAD(khugepaged_wait);
76 /*
77 * default collapse hugepages if there is at least one pte mapped like
78 * it would have happened if the vma was large enough during page
79 * fault.
80 *
81 * Note that these are only respected if collapse was initiated by khugepaged.
82 */
83 static unsigned int khugepaged_max_ptes_none __read_mostly;
84 static unsigned int khugepaged_max_ptes_swap __read_mostly;
85 static unsigned int khugepaged_max_ptes_shared __read_mostly;
86
87 #define MM_SLOTS_HASH_BITS 10
88 static __read_mostly DEFINE_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
89
90 static struct kmem_cache *mm_slot_cache __read_mostly;
91
92 #define MAX_PTE_MAPPED_THP 8
93
94 struct collapse_control {
95 bool is_khugepaged;
96
97 /* Num pages scanned per node */
98 u32 node_load[MAX_NUMNODES];
99
100 /* nodemask for allocation fallback */
101 nodemask_t alloc_nmask;
102 };
103
104 /**
105 * struct khugepaged_mm_slot - khugepaged information per mm that is being scanned
106 * @slot: hash lookup from mm to mm_slot
107 * @nr_pte_mapped_thp: number of pte mapped THP
108 * @pte_mapped_thp: address array corresponding pte mapped THP
109 */
110 struct khugepaged_mm_slot {
111 struct mm_slot slot;
112
113 /* pte-mapped THP in this mm */
114 int nr_pte_mapped_thp;
115 unsigned long pte_mapped_thp[MAX_PTE_MAPPED_THP];
116 };
117
118 /**
119 * struct khugepaged_scan - cursor for scanning
120 * @mm_head: the head of the mm list to scan
121 * @mm_slot: the current mm_slot we are scanning
122 * @address: the next address inside that to be scanned
123 *
124 * There is only the one khugepaged_scan instance of this cursor structure.
125 */
126 struct khugepaged_scan {
127 struct list_head mm_head;
128 struct khugepaged_mm_slot *mm_slot;
129 unsigned long address;
130 };
131
132 static struct khugepaged_scan khugepaged_scan = {
133 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head),
134 };
135
136 #ifdef CONFIG_SYSFS
137 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj,
138 struct kobj_attribute *attr,
139 char *buf)
140 {
141 return sysfs_emit(buf, "%u\n", khugepaged_scan_sleep_millisecs);
142 }
143
144 static ssize_t scan_sleep_millisecs_store(struct kobject *kobj,
145 struct kobj_attribute *attr,
146 const char *buf, size_t count)
147 {
148 unsigned int msecs;
149 int err;
150
151 err = kstrtouint(buf, 10, &msecs);
152 if (err)
153 return -EINVAL;
154
155 khugepaged_scan_sleep_millisecs = msecs;
156 khugepaged_sleep_expire = 0;
157 wake_up_interruptible(&khugepaged_wait);
158
159 return count;
160 }
161 static struct kobj_attribute scan_sleep_millisecs_attr =
162 __ATTR_RW(scan_sleep_millisecs);
163
164 static ssize_t alloc_sleep_millisecs_show(struct kobject *kobj,
165 struct kobj_attribute *attr,
166 char *buf)
167 {
168 return sysfs_emit(buf, "%u\n", khugepaged_alloc_sleep_millisecs);
169 }
170
171 static ssize_t alloc_sleep_millisecs_store(struct kobject *kobj,
172 struct kobj_attribute *attr,
173 const char *buf, size_t count)
174 {
175 unsigned int msecs;
176 int err;
177
178 err = kstrtouint(buf, 10, &msecs);
179 if (err)
180 return -EINVAL;
181
182 khugepaged_alloc_sleep_millisecs = msecs;
183 khugepaged_sleep_expire = 0;
184 wake_up_interruptible(&khugepaged_wait);
185
186 return count;
187 }
188 static struct kobj_attribute alloc_sleep_millisecs_attr =
189 __ATTR_RW(alloc_sleep_millisecs);
190
191 static ssize_t pages_to_scan_show(struct kobject *kobj,
192 struct kobj_attribute *attr,
193 char *buf)
194 {
195 return sysfs_emit(buf, "%u\n", khugepaged_pages_to_scan);
196 }
197 static ssize_t pages_to_scan_store(struct kobject *kobj,
198 struct kobj_attribute *attr,
199 const char *buf, size_t count)
200 {
201 unsigned int pages;
202 int err;
203
204 err = kstrtouint(buf, 10, &pages);
205 if (err || !pages)
206 return -EINVAL;
207
208 khugepaged_pages_to_scan = pages;
209
210 return count;
211 }
212 static struct kobj_attribute pages_to_scan_attr =
213 __ATTR_RW(pages_to_scan);
214
215 static ssize_t pages_collapsed_show(struct kobject *kobj,
216 struct kobj_attribute *attr,
217 char *buf)
218 {
219 return sysfs_emit(buf, "%u\n", khugepaged_pages_collapsed);
220 }
221 static struct kobj_attribute pages_collapsed_attr =
222 __ATTR_RO(pages_collapsed);
223
224 static ssize_t full_scans_show(struct kobject *kobj,
225 struct kobj_attribute *attr,
226 char *buf)
227 {
228 return sysfs_emit(buf, "%u\n", khugepaged_full_scans);
229 }
230 static struct kobj_attribute full_scans_attr =
231 __ATTR_RO(full_scans);
232
233 static ssize_t defrag_show(struct kobject *kobj,
234 struct kobj_attribute *attr, char *buf)
235 {
236 return single_hugepage_flag_show(kobj, attr, buf,
237 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
238 }
239 static ssize_t defrag_store(struct kobject *kobj,
240 struct kobj_attribute *attr,
241 const char *buf, size_t count)
242 {
243 return single_hugepage_flag_store(kobj, attr, buf, count,
244 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
245 }
246 static struct kobj_attribute khugepaged_defrag_attr =
247 __ATTR_RW(defrag);
248
249 /*
250 * max_ptes_none controls if khugepaged should collapse hugepages over
251 * any unmapped ptes in turn potentially increasing the memory
252 * footprint of the vmas. When max_ptes_none is 0 khugepaged will not
253 * reduce the available free memory in the system as it
254 * runs. Increasing max_ptes_none will instead potentially reduce the
255 * free memory in the system during the khugepaged scan.
256 */
257 static ssize_t max_ptes_none_show(struct kobject *kobj,
258 struct kobj_attribute *attr,
259 char *buf)
260 {
261 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_none);
262 }
263 static ssize_t max_ptes_none_store(struct kobject *kobj,
264 struct kobj_attribute *attr,
265 const char *buf, size_t count)
266 {
267 int err;
268 unsigned long max_ptes_none;
269
270 err = kstrtoul(buf, 10, &max_ptes_none);
271 if (err || max_ptes_none > HPAGE_PMD_NR - 1)
272 return -EINVAL;
273
274 khugepaged_max_ptes_none = max_ptes_none;
275
276 return count;
277 }
278 static struct kobj_attribute khugepaged_max_ptes_none_attr =
279 __ATTR_RW(max_ptes_none);
280
281 static ssize_t max_ptes_swap_show(struct kobject *kobj,
282 struct kobj_attribute *attr,
283 char *buf)
284 {
285 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_swap);
286 }
287
288 static ssize_t max_ptes_swap_store(struct kobject *kobj,
289 struct kobj_attribute *attr,
290 const char *buf, size_t count)
291 {
292 int err;
293 unsigned long max_ptes_swap;
294
295 err = kstrtoul(buf, 10, &max_ptes_swap);
296 if (err || max_ptes_swap > HPAGE_PMD_NR - 1)
297 return -EINVAL;
298
299 khugepaged_max_ptes_swap = max_ptes_swap;
300
301 return count;
302 }
303
304 static struct kobj_attribute khugepaged_max_ptes_swap_attr =
305 __ATTR_RW(max_ptes_swap);
306
307 static ssize_t max_ptes_shared_show(struct kobject *kobj,
308 struct kobj_attribute *attr,
309 char *buf)
310 {
311 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_shared);
312 }
313
314 static ssize_t max_ptes_shared_store(struct kobject *kobj,
315 struct kobj_attribute *attr,
316 const char *buf, size_t count)
317 {
318 int err;
319 unsigned long max_ptes_shared;
320
321 err = kstrtoul(buf, 10, &max_ptes_shared);
322 if (err || max_ptes_shared > HPAGE_PMD_NR - 1)
323 return -EINVAL;
324
325 khugepaged_max_ptes_shared = max_ptes_shared;
326
327 return count;
328 }
329
330 static struct kobj_attribute khugepaged_max_ptes_shared_attr =
331 __ATTR_RW(max_ptes_shared);
332
333 static struct attribute *khugepaged_attr[] = {
334 &khugepaged_defrag_attr.attr,
335 &khugepaged_max_ptes_none_attr.attr,
336 &khugepaged_max_ptes_swap_attr.attr,
337 &khugepaged_max_ptes_shared_attr.attr,
338 &pages_to_scan_attr.attr,
339 &pages_collapsed_attr.attr,
340 &full_scans_attr.attr,
341 &scan_sleep_millisecs_attr.attr,
342 &alloc_sleep_millisecs_attr.attr,
343 NULL,
344 };
345
346 struct attribute_group khugepaged_attr_group = {
347 .attrs = khugepaged_attr,
348 .name = "khugepaged",
349 };
350 #endif /* CONFIG_SYSFS */
351
352 int hugepage_madvise(struct vm_area_struct *vma,
353 unsigned long *vm_flags, int advice)
354 {
355 switch (advice) {
356 case MADV_HUGEPAGE:
357 #ifdef CONFIG_S390
358 /*
359 * qemu blindly sets MADV_HUGEPAGE on all allocations, but s390
360 * can't handle this properly after s390_enable_sie, so we simply
361 * ignore the madvise to prevent qemu from causing a SIGSEGV.
362 */
363 if (mm_has_pgste(vma->vm_mm))
364 return 0;
365 #endif
366 *vm_flags &= ~VM_NOHUGEPAGE;
367 *vm_flags |= VM_HUGEPAGE;
368 /*
369 * If the vma become good for khugepaged to scan,
370 * register it here without waiting a page fault that
371 * may not happen any time soon.
372 */
373 khugepaged_enter_vma(vma, *vm_flags);
374 break;
375 case MADV_NOHUGEPAGE:
376 *vm_flags &= ~VM_HUGEPAGE;
377 *vm_flags |= VM_NOHUGEPAGE;
378 /*
379 * Setting VM_NOHUGEPAGE will prevent khugepaged from scanning
380 * this vma even if we leave the mm registered in khugepaged if
381 * it got registered before VM_NOHUGEPAGE was set.
382 */
383 break;
384 }
385
386 return 0;
387 }
388
389 int __init khugepaged_init(void)
390 {
391 mm_slot_cache = kmem_cache_create("khugepaged_mm_slot",
392 sizeof(struct khugepaged_mm_slot),
393 __alignof__(struct khugepaged_mm_slot),
394 0, NULL);
395 if (!mm_slot_cache)
396 return -ENOMEM;
397
398 khugepaged_pages_to_scan = HPAGE_PMD_NR * 8;
399 khugepaged_max_ptes_none = HPAGE_PMD_NR - 1;
400 khugepaged_max_ptes_swap = HPAGE_PMD_NR / 8;
401 khugepaged_max_ptes_shared = HPAGE_PMD_NR / 2;
402
403 return 0;
404 }
405
406 void __init khugepaged_destroy(void)
407 {
408 kmem_cache_destroy(mm_slot_cache);
409 }
410
411 static inline int hpage_collapse_test_exit(struct mm_struct *mm)
412 {
413 return atomic_read(&mm->mm_users) == 0;
414 }
415
416 void __khugepaged_enter(struct mm_struct *mm)
417 {
418 struct khugepaged_mm_slot *mm_slot;
419 struct mm_slot *slot;
420 int wakeup;
421
422 mm_slot = mm_slot_alloc(mm_slot_cache);
423 if (!mm_slot)
424 return;
425
426 slot = &mm_slot->slot;
427
428 /* __khugepaged_exit() must not run from under us */
429 VM_BUG_ON_MM(hpage_collapse_test_exit(mm), mm);
430 if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags))) {
431 mm_slot_free(mm_slot_cache, mm_slot);
432 return;
433 }
434
435 spin_lock(&khugepaged_mm_lock);
436 mm_slot_insert(mm_slots_hash, mm, slot);
437 /*
438 * Insert just behind the scanning cursor, to let the area settle
439 * down a little.
440 */
441 wakeup = list_empty(&khugepaged_scan.mm_head);
442 list_add_tail(&slot->mm_node, &khugepaged_scan.mm_head);
443 spin_unlock(&khugepaged_mm_lock);
444
445 mmgrab(mm);
446 if (wakeup)
447 wake_up_interruptible(&khugepaged_wait);
448 }
449
450 void khugepaged_enter_vma(struct vm_area_struct *vma,
451 unsigned long vm_flags)
452 {
453 if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) &&
454 hugepage_flags_enabled()) {
455 if (hugepage_vma_check(vma, vm_flags, false, false, true))
456 __khugepaged_enter(vma->vm_mm);
457 }
458 }
459
460 void __khugepaged_exit(struct mm_struct *mm)
461 {
462 struct khugepaged_mm_slot *mm_slot;
463 struct mm_slot *slot;
464 int free = 0;
465
466 spin_lock(&khugepaged_mm_lock);
467 slot = mm_slot_lookup(mm_slots_hash, mm);
468 mm_slot = mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
469 if (mm_slot && khugepaged_scan.mm_slot != mm_slot) {
470 hash_del(&slot->hash);
471 list_del(&slot->mm_node);
472 free = 1;
473 }
474 spin_unlock(&khugepaged_mm_lock);
475
476 if (free) {
477 clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
478 mm_slot_free(mm_slot_cache, mm_slot);
479 mmdrop(mm);
480 } else if (mm_slot) {
481 /*
482 * This is required to serialize against
483 * hpage_collapse_test_exit() (which is guaranteed to run
484 * under mmap sem read mode). Stop here (after we return all
485 * pagetables will be destroyed) until khugepaged has finished
486 * working on the pagetables under the mmap_lock.
487 */
488 mmap_write_lock(mm);
489 mmap_write_unlock(mm);
490 }
491 }
492
493 static void release_pte_folio(struct folio *folio)
494 {
495 node_stat_mod_folio(folio,
496 NR_ISOLATED_ANON + folio_is_file_lru(folio),
497 -folio_nr_pages(folio));
498 folio_unlock(folio);
499 folio_putback_lru(folio);
500 }
501
502 static void release_pte_page(struct page *page)
503 {
504 release_pte_folio(page_folio(page));
505 }
506
507 static void release_pte_pages(pte_t *pte, pte_t *_pte,
508 struct list_head *compound_pagelist)
509 {
510 struct folio *folio, *tmp;
511
512 while (--_pte >= pte) {
513 pte_t pteval = *_pte;
514 unsigned long pfn;
515
516 if (pte_none(pteval))
517 continue;
518 pfn = pte_pfn(pteval);
519 if (is_zero_pfn(pfn))
520 continue;
521 folio = pfn_folio(pfn);
522 if (folio_test_large(folio))
523 continue;
524 release_pte_folio(folio);
525 }
526
527 list_for_each_entry_safe(folio, tmp, compound_pagelist, lru) {
528 list_del(&folio->lru);
529 release_pte_folio(folio);
530 }
531 }
532
533 static bool is_refcount_suitable(struct page *page)
534 {
535 int expected_refcount;
536
537 expected_refcount = total_mapcount(page);
538 if (PageSwapCache(page))
539 expected_refcount += compound_nr(page);
540
541 return page_count(page) == expected_refcount;
542 }
543
544 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
545 unsigned long address,
546 pte_t *pte,
547 struct collapse_control *cc,
548 struct list_head *compound_pagelist)
549 {
550 struct page *page = NULL;
551 pte_t *_pte;
552 int none_or_zero = 0, shared = 0, result = SCAN_FAIL, referenced = 0;
553 bool writable = false;
554
555 for (_pte = pte; _pte < pte + HPAGE_PMD_NR;
556 _pte++, address += PAGE_SIZE) {
557 pte_t pteval = *_pte;
558 if (pte_none(pteval) || (pte_present(pteval) &&
559 is_zero_pfn(pte_pfn(pteval)))) {
560 ++none_or_zero;
561 if (!userfaultfd_armed(vma) &&
562 (!cc->is_khugepaged ||
563 none_or_zero <= khugepaged_max_ptes_none)) {
564 continue;
565 } else {
566 result = SCAN_EXCEED_NONE_PTE;
567 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
568 goto out;
569 }
570 }
571 if (!pte_present(pteval)) {
572 result = SCAN_PTE_NON_PRESENT;
573 goto out;
574 }
575 page = vm_normal_page(vma, address, pteval);
576 if (unlikely(!page) || unlikely(is_zone_device_page(page))) {
577 result = SCAN_PAGE_NULL;
578 goto out;
579 }
580
581 VM_BUG_ON_PAGE(!PageAnon(page), page);
582
583 if (page_mapcount(page) > 1) {
584 ++shared;
585 if (cc->is_khugepaged &&
586 shared > khugepaged_max_ptes_shared) {
587 result = SCAN_EXCEED_SHARED_PTE;
588 count_vm_event(THP_SCAN_EXCEED_SHARED_PTE);
589 goto out;
590 }
591 }
592
593 if (PageCompound(page)) {
594 struct page *p;
595 page = compound_head(page);
596
597 /*
598 * Check if we have dealt with the compound page
599 * already
600 */
601 list_for_each_entry(p, compound_pagelist, lru) {
602 if (page == p)
603 goto next;
604 }
605 }
606
607 /*
608 * We can do it before isolate_lru_page because the
609 * page can't be freed from under us. NOTE: PG_lock
610 * is needed to serialize against split_huge_page
611 * when invoked from the VM.
612 */
613 if (!trylock_page(page)) {
614 result = SCAN_PAGE_LOCK;
615 goto out;
616 }
617
618 /*
619 * Check if the page has any GUP (or other external) pins.
620 *
621 * The page table that maps the page has been already unlinked
622 * from the page table tree and this process cannot get
623 * an additional pin on the page.
624 *
625 * New pins can come later if the page is shared across fork,
626 * but not from this process. The other process cannot write to
627 * the page, only trigger CoW.
628 */
629 if (!is_refcount_suitable(page)) {
630 unlock_page(page);
631 result = SCAN_PAGE_COUNT;
632 goto out;
633 }
634
635 /*
636 * Isolate the page to avoid collapsing an hugepage
637 * currently in use by the VM.
638 */
639 if (!isolate_lru_page(page)) {
640 unlock_page(page);
641 result = SCAN_DEL_PAGE_LRU;
642 goto out;
643 }
644 mod_node_page_state(page_pgdat(page),
645 NR_ISOLATED_ANON + page_is_file_lru(page),
646 compound_nr(page));
647 VM_BUG_ON_PAGE(!PageLocked(page), page);
648 VM_BUG_ON_PAGE(PageLRU(page), page);
649
650 if (PageCompound(page))
651 list_add_tail(&page->lru, compound_pagelist);
652 next:
653 /*
654 * If collapse was initiated by khugepaged, check that there is
655 * enough young pte to justify collapsing the page
656 */
657 if (cc->is_khugepaged &&
658 (pte_young(pteval) || page_is_young(page) ||
659 PageReferenced(page) || mmu_notifier_test_young(vma->vm_mm,
660 address)))
661 referenced++;
662
663 if (pte_write(pteval))
664 writable = true;
665 }
666
667 if (unlikely(!writable)) {
668 result = SCAN_PAGE_RO;
669 } else if (unlikely(cc->is_khugepaged && !referenced)) {
670 result = SCAN_LACK_REFERENCED_PAGE;
671 } else {
672 result = SCAN_SUCCEED;
673 trace_mm_collapse_huge_page_isolate(page, none_or_zero,
674 referenced, writable, result);
675 return result;
676 }
677 out:
678 release_pte_pages(pte, _pte, compound_pagelist);
679 trace_mm_collapse_huge_page_isolate(page, none_or_zero,
680 referenced, writable, result);
681 return result;
682 }
683
684 static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
685 struct vm_area_struct *vma,
686 unsigned long address,
687 spinlock_t *ptl,
688 struct list_head *compound_pagelist)
689 {
690 struct page *src_page, *tmp;
691 pte_t *_pte;
692 for (_pte = pte; _pte < pte + HPAGE_PMD_NR;
693 _pte++, page++, address += PAGE_SIZE) {
694 pte_t pteval = *_pte;
695
696 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
697 clear_user_highpage(page, address);
698 add_mm_counter(vma->vm_mm, MM_ANONPAGES, 1);
699 if (is_zero_pfn(pte_pfn(pteval))) {
700 /*
701 * ptl mostly unnecessary.
702 */
703 spin_lock(ptl);
704 ptep_clear(vma->vm_mm, address, _pte);
705 spin_unlock(ptl);
706 }
707 } else {
708 src_page = pte_page(pteval);
709 copy_user_highpage(page, src_page, address, vma);
710 if (!PageCompound(src_page))
711 release_pte_page(src_page);
712 /*
713 * ptl mostly unnecessary, but preempt has to
714 * be disabled to update the per-cpu stats
715 * inside page_remove_rmap().
716 */
717 spin_lock(ptl);
718 ptep_clear(vma->vm_mm, address, _pte);
719 page_remove_rmap(src_page, vma, false);
720 spin_unlock(ptl);
721 free_page_and_swap_cache(src_page);
722 }
723 }
724
725 list_for_each_entry_safe(src_page, tmp, compound_pagelist, lru) {
726 list_del(&src_page->lru);
727 mod_node_page_state(page_pgdat(src_page),
728 NR_ISOLATED_ANON + page_is_file_lru(src_page),
729 -compound_nr(src_page));
730 unlock_page(src_page);
731 free_swap_cache(src_page);
732 putback_lru_page(src_page);
733 }
734 }
735
736 static void khugepaged_alloc_sleep(void)
737 {
738 DEFINE_WAIT(wait);
739
740 add_wait_queue(&khugepaged_wait, &wait);
741 __set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE);
742 schedule_timeout(msecs_to_jiffies(khugepaged_alloc_sleep_millisecs));
743 remove_wait_queue(&khugepaged_wait, &wait);
744 }
745
746 struct collapse_control khugepaged_collapse_control = {
747 .is_khugepaged = true,
748 };
749
750 static bool hpage_collapse_scan_abort(int nid, struct collapse_control *cc)
751 {
752 int i;
753
754 /*
755 * If node_reclaim_mode is disabled, then no extra effort is made to
756 * allocate memory locally.
757 */
758 if (!node_reclaim_enabled())
759 return false;
760
761 /* If there is a count for this node already, it must be acceptable */
762 if (cc->node_load[nid])
763 return false;
764
765 for (i = 0; i < MAX_NUMNODES; i++) {
766 if (!cc->node_load[i])
767 continue;
768 if (node_distance(nid, i) > node_reclaim_distance)
769 return true;
770 }
771 return false;
772 }
773
774 #define khugepaged_defrag() \
775 (transparent_hugepage_flags & \
776 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG))
777
778 /* Defrag for khugepaged will enter direct reclaim/compaction if necessary */
779 static inline gfp_t alloc_hugepage_khugepaged_gfpmask(void)
780 {
781 return khugepaged_defrag() ? GFP_TRANSHUGE : GFP_TRANSHUGE_LIGHT;
782 }
783
784 #ifdef CONFIG_NUMA
785 static int hpage_collapse_find_target_node(struct collapse_control *cc)
786 {
787 int nid, target_node = 0, max_value = 0;
788
789 /* find first node with max normal pages hit */
790 for (nid = 0; nid < MAX_NUMNODES; nid++)
791 if (cc->node_load[nid] > max_value) {
792 max_value = cc->node_load[nid];
793 target_node = nid;
794 }
795
796 for_each_online_node(nid) {
797 if (max_value == cc->node_load[nid])
798 node_set(nid, cc->alloc_nmask);
799 }
800
801 return target_node;
802 }
803 #else
804 static int hpage_collapse_find_target_node(struct collapse_control *cc)
805 {
806 return 0;
807 }
808 #endif
809
810 static bool hpage_collapse_alloc_page(struct page **hpage, gfp_t gfp, int node,
811 nodemask_t *nmask)
812 {
813 *hpage = __alloc_pages(gfp, HPAGE_PMD_ORDER, node, nmask);
814 if (unlikely(!*hpage)) {
815 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
816 return false;
817 }
818
819 prep_transhuge_page(*hpage);
820 count_vm_event(THP_COLLAPSE_ALLOC);
821 return true;
822 }
823
824 /*
825 * If mmap_lock temporarily dropped, revalidate vma
826 * before taking mmap_lock.
827 * Returns enum scan_result value.
828 */
829
830 static int hugepage_vma_revalidate(struct mm_struct *mm, unsigned long address,
831 bool expect_anon,
832 struct vm_area_struct **vmap,
833 struct collapse_control *cc)
834 {
835 struct vm_area_struct *vma;
836
837 if (unlikely(hpage_collapse_test_exit(mm)))
838 return SCAN_ANY_PROCESS;
839
840 *vmap = vma = find_vma(mm, address);
841 if (!vma)
842 return SCAN_VMA_NULL;
843
844 if (!transhuge_vma_suitable(vma, address))
845 return SCAN_ADDRESS_RANGE;
846 if (!hugepage_vma_check(vma, vma->vm_flags, false, false,
847 cc->is_khugepaged))
848 return SCAN_VMA_CHECK;
849 /*
850 * Anon VMA expected, the address may be unmapped then
851 * remapped to file after khugepaged reaquired the mmap_lock.
852 *
853 * hugepage_vma_check may return true for qualified file
854 * vmas.
855 */
856 if (expect_anon && (!(*vmap)->anon_vma || !vma_is_anonymous(*vmap)))
857 return SCAN_PAGE_ANON;
858 return SCAN_SUCCEED;
859 }
860
861 /*
862 * See pmd_trans_unstable() for how the result may change out from
863 * underneath us, even if we hold mmap_lock in read.
864 */
865 static int find_pmd_or_thp_or_none(struct mm_struct *mm,
866 unsigned long address,
867 pmd_t **pmd)
868 {
869 pmd_t pmde;
870
871 *pmd = mm_find_pmd(mm, address);
872 if (!*pmd)
873 return SCAN_PMD_NULL;
874
875 pmde = pmdp_get_lockless(*pmd);
876
877 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
878 /* See comments in pmd_none_or_trans_huge_or_clear_bad() */
879 barrier();
880 #endif
881 if (pmd_none(pmde))
882 return SCAN_PMD_NONE;
883 if (!pmd_present(pmde))
884 return SCAN_PMD_NULL;
885 if (pmd_trans_huge(pmde))
886 return SCAN_PMD_MAPPED;
887 if (pmd_devmap(pmde))
888 return SCAN_PMD_NULL;
889 if (pmd_bad(pmde))
890 return SCAN_PMD_NULL;
891 return SCAN_SUCCEED;
892 }
893
894 static int check_pmd_still_valid(struct mm_struct *mm,
895 unsigned long address,
896 pmd_t *pmd)
897 {
898 pmd_t *new_pmd;
899 int result = find_pmd_or_thp_or_none(mm, address, &new_pmd);
900
901 if (result != SCAN_SUCCEED)
902 return result;
903 if (new_pmd != pmd)
904 return SCAN_FAIL;
905 return SCAN_SUCCEED;
906 }
907
908 /*
909 * Bring missing pages in from swap, to complete THP collapse.
910 * Only done if hpage_collapse_scan_pmd believes it is worthwhile.
911 *
912 * Called and returns without pte mapped or spinlocks held.
913 * Note that if false is returned, mmap_lock will be released.
914 */
915
916 static int __collapse_huge_page_swapin(struct mm_struct *mm,
917 struct vm_area_struct *vma,
918 unsigned long haddr, pmd_t *pmd,
919 int referenced)
920 {
921 int swapped_in = 0;
922 vm_fault_t ret = 0;
923 unsigned long address, end = haddr + (HPAGE_PMD_NR * PAGE_SIZE);
924
925 for (address = haddr; address < end; address += PAGE_SIZE) {
926 struct vm_fault vmf = {
927 .vma = vma,
928 .address = address,
929 .pgoff = linear_page_index(vma, haddr),
930 .flags = FAULT_FLAG_ALLOW_RETRY,
931 .pmd = pmd,
932 };
933
934 vmf.pte = pte_offset_map(pmd, address);
935 vmf.orig_pte = *vmf.pte;
936 if (!is_swap_pte(vmf.orig_pte)) {
937 pte_unmap(vmf.pte);
938 continue;
939 }
940 ret = do_swap_page(&vmf);
941
942 /*
943 * do_swap_page returns VM_FAULT_RETRY with released mmap_lock.
944 * Note we treat VM_FAULT_RETRY as VM_FAULT_ERROR here because
945 * we do not retry here and swap entry will remain in pagetable
946 * resulting in later failure.
947 */
948 if (ret & VM_FAULT_RETRY) {
949 trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
950 /* Likely, but not guaranteed, that page lock failed */
951 return SCAN_PAGE_LOCK;
952 }
953 if (ret & VM_FAULT_ERROR) {
954 mmap_read_unlock(mm);
955 trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
956 return SCAN_FAIL;
957 }
958 swapped_in++;
959 }
960
961 /* Drain LRU add pagevec to remove extra pin on the swapped in pages */
962 if (swapped_in)
963 lru_add_drain();
964
965 trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 1);
966 return SCAN_SUCCEED;
967 }
968
969 static int alloc_charge_hpage(struct page **hpage, struct mm_struct *mm,
970 struct collapse_control *cc)
971 {
972 gfp_t gfp = (cc->is_khugepaged ? alloc_hugepage_khugepaged_gfpmask() :
973 GFP_TRANSHUGE);
974 int node = hpage_collapse_find_target_node(cc);
975
976 if (!hpage_collapse_alloc_page(hpage, gfp, node, &cc->alloc_nmask))
977 return SCAN_ALLOC_HUGE_PAGE_FAIL;
978 if (unlikely(mem_cgroup_charge(page_folio(*hpage), mm, gfp)))
979 return SCAN_CGROUP_CHARGE_FAIL;
980 count_memcg_page_event(*hpage, THP_COLLAPSE_ALLOC);
981 return SCAN_SUCCEED;
982 }
983
984 static int collapse_huge_page(struct mm_struct *mm, unsigned long address,
985 int referenced, int unmapped,
986 struct collapse_control *cc)
987 {
988 LIST_HEAD(compound_pagelist);
989 pmd_t *pmd, _pmd;
990 pte_t *pte;
991 pgtable_t pgtable;
992 struct page *hpage;
993 spinlock_t *pmd_ptl, *pte_ptl;
994 int result = SCAN_FAIL;
995 struct vm_area_struct *vma;
996 struct mmu_notifier_range range;
997
998 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
999
1000 /*
1001 * Before allocating the hugepage, release the mmap_lock read lock.
1002 * The allocation can take potentially a long time if it involves
1003 * sync compaction, and we do not need to hold the mmap_lock during
1004 * that. We will recheck the vma after taking it again in write mode.
1005 */
1006 mmap_read_unlock(mm);
1007
1008 result = alloc_charge_hpage(&hpage, mm, cc);
1009 if (result != SCAN_SUCCEED)
1010 goto out_nolock;
1011
1012 mmap_read_lock(mm);
1013 result = hugepage_vma_revalidate(mm, address, true, &vma, cc);
1014 if (result != SCAN_SUCCEED) {
1015 mmap_read_unlock(mm);
1016 goto out_nolock;
1017 }
1018
1019 result = find_pmd_or_thp_or_none(mm, address, &pmd);
1020 if (result != SCAN_SUCCEED) {
1021 mmap_read_unlock(mm);
1022 goto out_nolock;
1023 }
1024
1025 if (unmapped) {
1026 /*
1027 * __collapse_huge_page_swapin will return with mmap_lock
1028 * released when it fails. So we jump out_nolock directly in
1029 * that case. Continuing to collapse causes inconsistency.
1030 */
1031 result = __collapse_huge_page_swapin(mm, vma, address, pmd,
1032 referenced);
1033 if (result != SCAN_SUCCEED)
1034 goto out_nolock;
1035 }
1036
1037 mmap_read_unlock(mm);
1038 /*
1039 * Prevent all access to pagetables with the exception of
1040 * gup_fast later handled by the ptep_clear_flush and the VM
1041 * handled by the anon_vma lock + PG_lock.
1042 */
1043 mmap_write_lock(mm);
1044 result = hugepage_vma_revalidate(mm, address, true, &vma, cc);
1045 if (result != SCAN_SUCCEED)
1046 goto out_up_write;
1047 /* check if the pmd is still valid */
1048 result = check_pmd_still_valid(mm, address, pmd);
1049 if (result != SCAN_SUCCEED)
1050 goto out_up_write;
1051
1052 anon_vma_lock_write(vma->anon_vma);
1053
1054 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, address,
1055 address + HPAGE_PMD_SIZE);
1056 mmu_notifier_invalidate_range_start(&range);
1057
1058 pte = pte_offset_map(pmd, address);
1059 pte_ptl = pte_lockptr(mm, pmd);
1060
1061 pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
1062 /*
1063 * This removes any huge TLB entry from the CPU so we won't allow
1064 * huge and small TLB entries for the same virtual address to
1065 * avoid the risk of CPU bugs in that area.
1066 *
1067 * Parallel fast GUP is fine since fast GUP will back off when
1068 * it detects PMD is changed.
1069 */
1070 _pmd = pmdp_collapse_flush(vma, address, pmd);
1071 spin_unlock(pmd_ptl);
1072 mmu_notifier_invalidate_range_end(&range);
1073 tlb_remove_table_sync_one();
1074
1075 spin_lock(pte_ptl);
1076 result = __collapse_huge_page_isolate(vma, address, pte, cc,
1077 &compound_pagelist);
1078 spin_unlock(pte_ptl);
1079
1080 if (unlikely(result != SCAN_SUCCEED)) {
1081 pte_unmap(pte);
1082 spin_lock(pmd_ptl);
1083 BUG_ON(!pmd_none(*pmd));
1084 /*
1085 * We can only use set_pmd_at when establishing
1086 * hugepmds and never for establishing regular pmds that
1087 * points to regular pagetables. Use pmd_populate for that
1088 */
1089 pmd_populate(mm, pmd, pmd_pgtable(_pmd));
1090 spin_unlock(pmd_ptl);
1091 anon_vma_unlock_write(vma->anon_vma);
1092 goto out_up_write;
1093 }
1094
1095 /*
1096 * All pages are isolated and locked so anon_vma rmap
1097 * can't run anymore.
1098 */
1099 anon_vma_unlock_write(vma->anon_vma);
1100
1101 __collapse_huge_page_copy(pte, hpage, vma, address, pte_ptl,
1102 &compound_pagelist);
1103 pte_unmap(pte);
1104 /*
1105 * spin_lock() below is not the equivalent of smp_wmb(), but
1106 * the smp_wmb() inside __SetPageUptodate() can be reused to
1107 * avoid the copy_huge_page writes to become visible after
1108 * the set_pmd_at() write.
1109 */
1110 __SetPageUptodate(hpage);
1111 pgtable = pmd_pgtable(_pmd);
1112
1113 _pmd = mk_huge_pmd(hpage, vma->vm_page_prot);
1114 _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
1115
1116 spin_lock(pmd_ptl);
1117 BUG_ON(!pmd_none(*pmd));
1118 page_add_new_anon_rmap(hpage, vma, address);
1119 lru_cache_add_inactive_or_unevictable(hpage, vma);
1120 pgtable_trans_huge_deposit(mm, pmd, pgtable);
1121 set_pmd_at(mm, address, pmd, _pmd);
1122 update_mmu_cache_pmd(vma, address, pmd);
1123 spin_unlock(pmd_ptl);
1124
1125 hpage = NULL;
1126
1127 result = SCAN_SUCCEED;
1128 out_up_write:
1129 mmap_write_unlock(mm);
1130 out_nolock:
1131 if (hpage) {
1132 mem_cgroup_uncharge(page_folio(hpage));
1133 put_page(hpage);
1134 }
1135 trace_mm_collapse_huge_page(mm, result == SCAN_SUCCEED, result);
1136 return result;
1137 }
1138
1139 static int hpage_collapse_scan_pmd(struct mm_struct *mm,
1140 struct vm_area_struct *vma,
1141 unsigned long address, bool *mmap_locked,
1142 struct collapse_control *cc)
1143 {
1144 pmd_t *pmd;
1145 pte_t *pte, *_pte;
1146 int result = SCAN_FAIL, referenced = 0;
1147 int none_or_zero = 0, shared = 0;
1148 struct page *page = NULL;
1149 unsigned long _address;
1150 spinlock_t *ptl;
1151 int node = NUMA_NO_NODE, unmapped = 0;
1152 bool writable = false;
1153
1154 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
1155
1156 result = find_pmd_or_thp_or_none(mm, address, &pmd);
1157 if (result != SCAN_SUCCEED)
1158 goto out;
1159
1160 memset(cc->node_load, 0, sizeof(cc->node_load));
1161 nodes_clear(cc->alloc_nmask);
1162 pte = pte_offset_map_lock(mm, pmd, address, &ptl);
1163 for (_address = address, _pte = pte; _pte < pte + HPAGE_PMD_NR;
1164 _pte++, _address += PAGE_SIZE) {
1165 pte_t pteval = *_pte;
1166 if (is_swap_pte(pteval)) {
1167 ++unmapped;
1168 if (!cc->is_khugepaged ||
1169 unmapped <= khugepaged_max_ptes_swap) {
1170 /*
1171 * Always be strict with uffd-wp
1172 * enabled swap entries. Please see
1173 * comment below for pte_uffd_wp().
1174 */
1175 if (pte_swp_uffd_wp(pteval)) {
1176 result = SCAN_PTE_UFFD_WP;
1177 goto out_unmap;
1178 }
1179 continue;
1180 } else {
1181 result = SCAN_EXCEED_SWAP_PTE;
1182 count_vm_event(THP_SCAN_EXCEED_SWAP_PTE);
1183 goto out_unmap;
1184 }
1185 }
1186 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
1187 ++none_or_zero;
1188 if (!userfaultfd_armed(vma) &&
1189 (!cc->is_khugepaged ||
1190 none_or_zero <= khugepaged_max_ptes_none)) {
1191 continue;
1192 } else {
1193 result = SCAN_EXCEED_NONE_PTE;
1194 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
1195 goto out_unmap;
1196 }
1197 }
1198 if (pte_uffd_wp(pteval)) {
1199 /*
1200 * Don't collapse the page if any of the small
1201 * PTEs are armed with uffd write protection.
1202 * Here we can also mark the new huge pmd as
1203 * write protected if any of the small ones is
1204 * marked but that could bring unknown
1205 * userfault messages that falls outside of
1206 * the registered range. So, just be simple.
1207 */
1208 result = SCAN_PTE_UFFD_WP;
1209 goto out_unmap;
1210 }
1211 if (pte_write(pteval))
1212 writable = true;
1213
1214 page = vm_normal_page(vma, _address, pteval);
1215 if (unlikely(!page) || unlikely(is_zone_device_page(page))) {
1216 result = SCAN_PAGE_NULL;
1217 goto out_unmap;
1218 }
1219
1220 if (page_mapcount(page) > 1) {
1221 ++shared;
1222 if (cc->is_khugepaged &&
1223 shared > khugepaged_max_ptes_shared) {
1224 result = SCAN_EXCEED_SHARED_PTE;
1225 count_vm_event(THP_SCAN_EXCEED_SHARED_PTE);
1226 goto out_unmap;
1227 }
1228 }
1229
1230 page = compound_head(page);
1231
1232 /*
1233 * Record which node the original page is from and save this
1234 * information to cc->node_load[].
1235 * Khugepaged will allocate hugepage from the node has the max
1236 * hit record.
1237 */
1238 node = page_to_nid(page);
1239 if (hpage_collapse_scan_abort(node, cc)) {
1240 result = SCAN_SCAN_ABORT;
1241 goto out_unmap;
1242 }
1243 cc->node_load[node]++;
1244 if (!PageLRU(page)) {
1245 result = SCAN_PAGE_LRU;
1246 goto out_unmap;
1247 }
1248 if (PageLocked(page)) {
1249 result = SCAN_PAGE_LOCK;
1250 goto out_unmap;
1251 }
1252 if (!PageAnon(page)) {
1253 result = SCAN_PAGE_ANON;
1254 goto out_unmap;
1255 }
1256
1257 /*
1258 * Check if the page has any GUP (or other external) pins.
1259 *
1260 * Here the check may be racy:
1261 * it may see total_mapcount > refcount in some cases?
1262 * But such case is ephemeral we could always retry collapse
1263 * later. However it may report false positive if the page
1264 * has excessive GUP pins (i.e. 512). Anyway the same check
1265 * will be done again later the risk seems low.
1266 */
1267 if (!is_refcount_suitable(page)) {
1268 result = SCAN_PAGE_COUNT;
1269 goto out_unmap;
1270 }
1271
1272 /*
1273 * If collapse was initiated by khugepaged, check that there is
1274 * enough young pte to justify collapsing the page
1275 */
1276 if (cc->is_khugepaged &&
1277 (pte_young(pteval) || page_is_young(page) ||
1278 PageReferenced(page) || mmu_notifier_test_young(vma->vm_mm,
1279 address)))
1280 referenced++;
1281 }
1282 if (!writable) {
1283 result = SCAN_PAGE_RO;
1284 } else if (cc->is_khugepaged &&
1285 (!referenced ||
1286 (unmapped && referenced < HPAGE_PMD_NR / 2))) {
1287 result = SCAN_LACK_REFERENCED_PAGE;
1288 } else {
1289 result = SCAN_SUCCEED;
1290 }
1291 out_unmap:
1292 pte_unmap_unlock(pte, ptl);
1293 if (result == SCAN_SUCCEED) {
1294 result = collapse_huge_page(mm, address, referenced,
1295 unmapped, cc);
1296 /* collapse_huge_page will return with the mmap_lock released */
1297 *mmap_locked = false;
1298 }
1299 out:
1300 trace_mm_khugepaged_scan_pmd(mm, page, writable, referenced,
1301 none_or_zero, result, unmapped);
1302 return result;
1303 }
1304
1305 static void collect_mm_slot(struct khugepaged_mm_slot *mm_slot)
1306 {
1307 struct mm_slot *slot = &mm_slot->slot;
1308 struct mm_struct *mm = slot->mm;
1309
1310 lockdep_assert_held(&khugepaged_mm_lock);
1311
1312 if (hpage_collapse_test_exit(mm)) {
1313 /* free mm_slot */
1314 hash_del(&slot->hash);
1315 list_del(&slot->mm_node);
1316
1317 /*
1318 * Not strictly needed because the mm exited already.
1319 *
1320 * clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
1321 */
1322
1323 /* khugepaged_mm_lock actually not necessary for the below */
1324 mm_slot_free(mm_slot_cache, mm_slot);
1325 mmdrop(mm);
1326 }
1327 }
1328
1329 #ifdef CONFIG_SHMEM
1330 /*
1331 * Notify khugepaged that given addr of the mm is pte-mapped THP. Then
1332 * khugepaged should try to collapse the page table.
1333 *
1334 * Note that following race exists:
1335 * (1) khugepaged calls khugepaged_collapse_pte_mapped_thps() for mm_struct A,
1336 * emptying the A's ->pte_mapped_thp[] array.
1337 * (2) MADV_COLLAPSE collapses some file extent with target mm_struct B, and
1338 * retract_page_tables() finds a VMA in mm_struct A mapping the same extent
1339 * (at virtual address X) and adds an entry (for X) into mm_struct A's
1340 * ->pte-mapped_thp[] array.
1341 * (3) khugepaged calls khugepaged_collapse_scan_file() for mm_struct A at X,
1342 * sees a pte-mapped THP (SCAN_PTE_MAPPED_HUGEPAGE) and adds an entry
1343 * (for X) into mm_struct A's ->pte-mapped_thp[] array.
1344 * Thus, it's possible the same address is added multiple times for the same
1345 * mm_struct. Should this happen, we'll simply attempt
1346 * collapse_pte_mapped_thp() multiple times for the same address, under the same
1347 * exclusive mmap_lock, and assuming the first call is successful, subsequent
1348 * attempts will return quickly (without grabbing any additional locks) when
1349 * a huge pmd is found in find_pmd_or_thp_or_none(). Since this is a cheap
1350 * check, and since this is a rare occurrence, the cost of preventing this
1351 * "multiple-add" is thought to be more expensive than just handling it, should
1352 * it occur.
1353 */
1354 static bool khugepaged_add_pte_mapped_thp(struct mm_struct *mm,
1355 unsigned long addr)
1356 {
1357 struct khugepaged_mm_slot *mm_slot;
1358 struct mm_slot *slot;
1359 bool ret = false;
1360
1361 VM_BUG_ON(addr & ~HPAGE_PMD_MASK);
1362
1363 spin_lock(&khugepaged_mm_lock);
1364 slot = mm_slot_lookup(mm_slots_hash, mm);
1365 mm_slot = mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
1366 if (likely(mm_slot && mm_slot->nr_pte_mapped_thp < MAX_PTE_MAPPED_THP)) {
1367 mm_slot->pte_mapped_thp[mm_slot->nr_pte_mapped_thp++] = addr;
1368 ret = true;
1369 }
1370 spin_unlock(&khugepaged_mm_lock);
1371 return ret;
1372 }
1373
1374 /* hpage must be locked, and mmap_lock must be held in write */
1375 static int set_huge_pmd(struct vm_area_struct *vma, unsigned long addr,
1376 pmd_t *pmdp, struct page *hpage)
1377 {
1378 struct vm_fault vmf = {
1379 .vma = vma,
1380 .address = addr,
1381 .flags = 0,
1382 .pmd = pmdp,
1383 };
1384
1385 VM_BUG_ON(!PageTransHuge(hpage));
1386 mmap_assert_write_locked(vma->vm_mm);
1387
1388 if (do_set_pmd(&vmf, hpage))
1389 return SCAN_FAIL;
1390
1391 get_page(hpage);
1392 return SCAN_SUCCEED;
1393 }
1394
1395 /*
1396 * A note about locking:
1397 * Trying to take the page table spinlocks would be useless here because those
1398 * are only used to synchronize:
1399 *
1400 * - modifying terminal entries (ones that point to a data page, not to another
1401 * page table)
1402 * - installing *new* non-terminal entries
1403 *
1404 * Instead, we need roughly the same kind of protection as free_pgtables() or
1405 * mm_take_all_locks() (but only for a single VMA):
1406 * The mmap lock together with this VMA's rmap locks covers all paths towards
1407 * the page table entries we're messing with here, except for hardware page
1408 * table walks and lockless_pages_from_mm().
1409 */
1410 static void collapse_and_free_pmd(struct mm_struct *mm, struct vm_area_struct *vma,
1411 unsigned long addr, pmd_t *pmdp)
1412 {
1413 pmd_t pmd;
1414 struct mmu_notifier_range range;
1415
1416 mmap_assert_write_locked(mm);
1417 if (vma->vm_file)
1418 lockdep_assert_held_write(&vma->vm_file->f_mapping->i_mmap_rwsem);
1419 /*
1420 * All anon_vmas attached to the VMA have the same root and are
1421 * therefore locked by the same lock.
1422 */
1423 if (vma->anon_vma)
1424 lockdep_assert_held_write(&vma->anon_vma->root->rwsem);
1425
1426 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, addr,
1427 addr + HPAGE_PMD_SIZE);
1428 mmu_notifier_invalidate_range_start(&range);
1429 pmd = pmdp_collapse_flush(vma, addr, pmdp);
1430 tlb_remove_table_sync_one();
1431 mmu_notifier_invalidate_range_end(&range);
1432 mm_dec_nr_ptes(mm);
1433 page_table_check_pte_clear_range(mm, addr, pmd);
1434 pte_free(mm, pmd_pgtable(pmd));
1435 }
1436
1437 /**
1438 * collapse_pte_mapped_thp - Try to collapse a pte-mapped THP for mm at
1439 * address haddr.
1440 *
1441 * @mm: process address space where collapse happens
1442 * @addr: THP collapse address
1443 * @install_pmd: If a huge PMD should be installed
1444 *
1445 * This function checks whether all the PTEs in the PMD are pointing to the
1446 * right THP. If so, retract the page table so the THP can refault in with
1447 * as pmd-mapped. Possibly install a huge PMD mapping the THP.
1448 */
1449 int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
1450 bool install_pmd)
1451 {
1452 unsigned long haddr = addr & HPAGE_PMD_MASK;
1453 struct vm_area_struct *vma = vma_lookup(mm, haddr);
1454 struct page *hpage;
1455 pte_t *start_pte, *pte;
1456 pmd_t *pmd;
1457 spinlock_t *ptl;
1458 int count = 0, result = SCAN_FAIL;
1459 int i;
1460
1461 mmap_assert_write_locked(mm);
1462
1463 /* Fast check before locking page if already PMD-mapped */
1464 result = find_pmd_or_thp_or_none(mm, haddr, &pmd);
1465 if (result == SCAN_PMD_MAPPED)
1466 return result;
1467
1468 if (!vma || !vma->vm_file ||
1469 !range_in_vma(vma, haddr, haddr + HPAGE_PMD_SIZE))
1470 return SCAN_VMA_CHECK;
1471
1472 /*
1473 * If we are here, we've succeeded in replacing all the native pages
1474 * in the page cache with a single hugepage. If a mm were to fault-in
1475 * this memory (mapped by a suitably aligned VMA), we'd get the hugepage
1476 * and map it by a PMD, regardless of sysfs THP settings. As such, let's
1477 * analogously elide sysfs THP settings here.
1478 */
1479 if (!hugepage_vma_check(vma, vma->vm_flags, false, false, false))
1480 return SCAN_VMA_CHECK;
1481
1482 /* Keep pmd pgtable for uffd-wp; see comment in retract_page_tables() */
1483 if (userfaultfd_wp(vma))
1484 return SCAN_PTE_UFFD_WP;
1485
1486 hpage = find_lock_page(vma->vm_file->f_mapping,
1487 linear_page_index(vma, haddr));
1488 if (!hpage)
1489 return SCAN_PAGE_NULL;
1490
1491 if (!PageHead(hpage)) {
1492 result = SCAN_FAIL;
1493 goto drop_hpage;
1494 }
1495
1496 if (compound_order(hpage) != HPAGE_PMD_ORDER) {
1497 result = SCAN_PAGE_COMPOUND;
1498 goto drop_hpage;
1499 }
1500
1501 switch (result) {
1502 case SCAN_SUCCEED:
1503 break;
1504 case SCAN_PMD_NONE:
1505 /*
1506 * In MADV_COLLAPSE path, possible race with khugepaged where
1507 * all pte entries have been removed and pmd cleared. If so,
1508 * skip all the pte checks and just update the pmd mapping.
1509 */
1510 goto maybe_install_pmd;
1511 default:
1512 goto drop_hpage;
1513 }
1514
1515 /*
1516 * We need to lock the mapping so that from here on, only GUP-fast and
1517 * hardware page walks can access the parts of the page tables that
1518 * we're operating on.
1519 * See collapse_and_free_pmd().
1520 */
1521 i_mmap_lock_write(vma->vm_file->f_mapping);
1522
1523 /*
1524 * This spinlock should be unnecessary: Nobody else should be accessing
1525 * the page tables under spinlock protection here, only
1526 * lockless_pages_from_mm() and the hardware page walker can access page
1527 * tables while all the high-level locks are held in write mode.
1528 */
1529 start_pte = pte_offset_map_lock(mm, pmd, haddr, &ptl);
1530 result = SCAN_FAIL;
1531
1532 /* step 1: check all mapped PTEs are to the right huge page */
1533 for (i = 0, addr = haddr, pte = start_pte;
1534 i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1535 struct page *page;
1536
1537 /* empty pte, skip */
1538 if (pte_none(*pte))
1539 continue;
1540
1541 /* page swapped out, abort */
1542 if (!pte_present(*pte)) {
1543 result = SCAN_PTE_NON_PRESENT;
1544 goto abort;
1545 }
1546
1547 page = vm_normal_page(vma, addr, *pte);
1548 if (WARN_ON_ONCE(page && is_zone_device_page(page)))
1549 page = NULL;
1550 /*
1551 * Note that uprobe, debugger, or MAP_PRIVATE may change the
1552 * page table, but the new page will not be a subpage of hpage.
1553 */
1554 if (hpage + i != page)
1555 goto abort;
1556 count++;
1557 }
1558
1559 /* step 2: adjust rmap */
1560 for (i = 0, addr = haddr, pte = start_pte;
1561 i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1562 struct page *page;
1563
1564 if (pte_none(*pte))
1565 continue;
1566 page = vm_normal_page(vma, addr, *pte);
1567 if (WARN_ON_ONCE(page && is_zone_device_page(page)))
1568 goto abort;
1569 page_remove_rmap(page, vma, false);
1570 }
1571
1572 pte_unmap_unlock(start_pte, ptl);
1573
1574 /* step 3: set proper refcount and mm_counters. */
1575 if (count) {
1576 page_ref_sub(hpage, count);
1577 add_mm_counter(vma->vm_mm, mm_counter_file(hpage), -count);
1578 }
1579
1580 /* step 4: remove pte entries */
1581 /* we make no change to anon, but protect concurrent anon page lookup */
1582 if (vma->anon_vma)
1583 anon_vma_lock_write(vma->anon_vma);
1584
1585 collapse_and_free_pmd(mm, vma, haddr, pmd);
1586
1587 if (vma->anon_vma)
1588 anon_vma_unlock_write(vma->anon_vma);
1589 i_mmap_unlock_write(vma->vm_file->f_mapping);
1590
1591 maybe_install_pmd:
1592 /* step 5: install pmd entry */
1593 result = install_pmd
1594 ? set_huge_pmd(vma, haddr, pmd, hpage)
1595 : SCAN_SUCCEED;
1596
1597 drop_hpage:
1598 unlock_page(hpage);
1599 put_page(hpage);
1600 return result;
1601
1602 abort:
1603 pte_unmap_unlock(start_pte, ptl);
1604 i_mmap_unlock_write(vma->vm_file->f_mapping);
1605 goto drop_hpage;
1606 }
1607
1608 static void khugepaged_collapse_pte_mapped_thps(struct khugepaged_mm_slot *mm_slot)
1609 {
1610 struct mm_slot *slot = &mm_slot->slot;
1611 struct mm_struct *mm = slot->mm;
1612 int i;
1613
1614 if (likely(mm_slot->nr_pte_mapped_thp == 0))
1615 return;
1616
1617 if (!mmap_write_trylock(mm))
1618 return;
1619
1620 if (unlikely(hpage_collapse_test_exit(mm)))
1621 goto out;
1622
1623 for (i = 0; i < mm_slot->nr_pte_mapped_thp; i++)
1624 collapse_pte_mapped_thp(mm, mm_slot->pte_mapped_thp[i], false);
1625
1626 out:
1627 mm_slot->nr_pte_mapped_thp = 0;
1628 mmap_write_unlock(mm);
1629 }
1630
1631 static int retract_page_tables(struct address_space *mapping, pgoff_t pgoff,
1632 struct mm_struct *target_mm,
1633 unsigned long target_addr, struct page *hpage,
1634 struct collapse_control *cc)
1635 {
1636 struct vm_area_struct *vma;
1637 int target_result = SCAN_FAIL;
1638
1639 i_mmap_lock_write(mapping);
1640 vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) {
1641 int result = SCAN_FAIL;
1642 struct mm_struct *mm = NULL;
1643 unsigned long addr = 0;
1644 pmd_t *pmd;
1645 bool is_target = false;
1646
1647 /*
1648 * Check vma->anon_vma to exclude MAP_PRIVATE mappings that
1649 * got written to. These VMAs are likely not worth investing
1650 * mmap_write_lock(mm) as PMD-mapping is likely to be split
1651 * later.
1652 *
1653 * Note that vma->anon_vma check is racy: it can be set up after
1654 * the check but before we took mmap_lock by the fault path.
1655 * But page lock would prevent establishing any new ptes of the
1656 * page, so we are safe.
1657 *
1658 * An alternative would be drop the check, but check that page
1659 * table is clear before calling pmdp_collapse_flush() under
1660 * ptl. It has higher chance to recover THP for the VMA, but
1661 * has higher cost too. It would also probably require locking
1662 * the anon_vma.
1663 */
1664 if (READ_ONCE(vma->anon_vma)) {
1665 result = SCAN_PAGE_ANON;
1666 goto next;
1667 }
1668 addr = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
1669 if (addr & ~HPAGE_PMD_MASK ||
1670 vma->vm_end < addr + HPAGE_PMD_SIZE) {
1671 result = SCAN_VMA_CHECK;
1672 goto next;
1673 }
1674 mm = vma->vm_mm;
1675 is_target = mm == target_mm && addr == target_addr;
1676 result = find_pmd_or_thp_or_none(mm, addr, &pmd);
1677 if (result != SCAN_SUCCEED)
1678 goto next;
1679 /*
1680 * We need exclusive mmap_lock to retract page table.
1681 *
1682 * We use trylock due to lock inversion: we need to acquire
1683 * mmap_lock while holding page lock. Fault path does it in
1684 * reverse order. Trylock is a way to avoid deadlock.
1685 *
1686 * Also, it's not MADV_COLLAPSE's job to collapse other
1687 * mappings - let khugepaged take care of them later.
1688 */
1689 result = SCAN_PTE_MAPPED_HUGEPAGE;
1690 if ((cc->is_khugepaged || is_target) &&
1691 mmap_write_trylock(mm)) {
1692 /*
1693 * Re-check whether we have an ->anon_vma, because
1694 * collapse_and_free_pmd() requires that either no
1695 * ->anon_vma exists or the anon_vma is locked.
1696 * We already checked ->anon_vma above, but that check
1697 * is racy because ->anon_vma can be populated under the
1698 * mmap lock in read mode.
1699 */
1700 if (vma->anon_vma) {
1701 result = SCAN_PAGE_ANON;
1702 goto unlock_next;
1703 }
1704 /*
1705 * When a vma is registered with uffd-wp, we can't
1706 * recycle the pmd pgtable because there can be pte
1707 * markers installed. Skip it only, so the rest mm/vma
1708 * can still have the same file mapped hugely, however
1709 * it'll always mapped in small page size for uffd-wp
1710 * registered ranges.
1711 */
1712 if (hpage_collapse_test_exit(mm)) {
1713 result = SCAN_ANY_PROCESS;
1714 goto unlock_next;
1715 }
1716 if (userfaultfd_wp(vma)) {
1717 result = SCAN_PTE_UFFD_WP;
1718 goto unlock_next;
1719 }
1720 collapse_and_free_pmd(mm, vma, addr, pmd);
1721 if (!cc->is_khugepaged && is_target)
1722 result = set_huge_pmd(vma, addr, pmd, hpage);
1723 else
1724 result = SCAN_SUCCEED;
1725
1726 unlock_next:
1727 mmap_write_unlock(mm);
1728 goto next;
1729 }
1730 /*
1731 * Calling context will handle target mm/addr. Otherwise, let
1732 * khugepaged try again later.
1733 */
1734 if (!is_target) {
1735 khugepaged_add_pte_mapped_thp(mm, addr);
1736 continue;
1737 }
1738 next:
1739 if (is_target)
1740 target_result = result;
1741 }
1742 i_mmap_unlock_write(mapping);
1743 return target_result;
1744 }
1745
1746 /**
1747 * collapse_file - collapse filemap/tmpfs/shmem pages into huge one.
1748 *
1749 * @mm: process address space where collapse happens
1750 * @addr: virtual collapse start address
1751 * @file: file that collapse on
1752 * @start: collapse start address
1753 * @cc: collapse context and scratchpad
1754 *
1755 * Basic scheme is simple, details are more complex:
1756 * - allocate and lock a new huge page;
1757 * - scan page cache replacing old pages with the new one
1758 * + swap/gup in pages if necessary;
1759 * + fill in gaps;
1760 * + keep old pages around in case rollback is required;
1761 * - if replacing succeeds:
1762 * + copy data over;
1763 * + free old pages;
1764 * + unlock huge page;
1765 * - if replacing failed;
1766 * + put all pages back and unfreeze them;
1767 * + restore gaps in the page cache;
1768 * + unlock and free huge page;
1769 */
1770 static int collapse_file(struct mm_struct *mm, unsigned long addr,
1771 struct file *file, pgoff_t start,
1772 struct collapse_control *cc)
1773 {
1774 struct address_space *mapping = file->f_mapping;
1775 struct page *hpage;
1776 pgoff_t index = 0, end = start + HPAGE_PMD_NR;
1777 LIST_HEAD(pagelist);
1778 XA_STATE_ORDER(xas, &mapping->i_pages, start, HPAGE_PMD_ORDER);
1779 int nr_none = 0, result = SCAN_SUCCEED;
1780 bool is_shmem = shmem_file(file);
1781 int nr = 0;
1782
1783 VM_BUG_ON(!IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && !is_shmem);
1784 VM_BUG_ON(start & (HPAGE_PMD_NR - 1));
1785
1786 result = alloc_charge_hpage(&hpage, mm, cc);
1787 if (result != SCAN_SUCCEED)
1788 goto out;
1789
1790 /*
1791 * Ensure we have slots for all the pages in the range. This is
1792 * almost certainly a no-op because most of the pages must be present
1793 */
1794 do {
1795 xas_lock_irq(&xas);
1796 xas_create_range(&xas);
1797 if (!xas_error(&xas))
1798 break;
1799 xas_unlock_irq(&xas);
1800 if (!xas_nomem(&xas, GFP_KERNEL)) {
1801 result = SCAN_FAIL;
1802 goto out;
1803 }
1804 } while (1);
1805
1806 __SetPageLocked(hpage);
1807 if (is_shmem)
1808 __SetPageSwapBacked(hpage);
1809 hpage->index = start;
1810 hpage->mapping = mapping;
1811
1812 /*
1813 * At this point the hpage is locked and not up-to-date.
1814 * It's safe to insert it into the page cache, because nobody would
1815 * be able to map it or use it in another way until we unlock it.
1816 */
1817
1818 xas_set(&xas, start);
1819 for (index = start; index < end; index++) {
1820 struct page *page = xas_next(&xas);
1821 struct folio *folio;
1822
1823 VM_BUG_ON(index != xas.xa_index);
1824 if (is_shmem) {
1825 if (!page) {
1826 /*
1827 * Stop if extent has been truncated or
1828 * hole-punched, and is now completely
1829 * empty.
1830 */
1831 if (index == start) {
1832 if (!xas_next_entry(&xas, end - 1)) {
1833 result = SCAN_TRUNCATED;
1834 goto xa_locked;
1835 }
1836 xas_set(&xas, index);
1837 }
1838 if (!shmem_charge(mapping->host, 1)) {
1839 result = SCAN_FAIL;
1840 goto xa_locked;
1841 }
1842 xas_store(&xas, hpage);
1843 nr_none++;
1844 continue;
1845 }
1846
1847 if (xa_is_value(page) || !PageUptodate(page)) {
1848 xas_unlock_irq(&xas);
1849 /* swap in or instantiate fallocated page */
1850 if (shmem_get_folio(mapping->host, index,
1851 &folio, SGP_NOALLOC)) {
1852 result = SCAN_FAIL;
1853 goto xa_unlocked;
1854 }
1855 page = folio_file_page(folio, index);
1856 } else if (trylock_page(page)) {
1857 get_page(page);
1858 xas_unlock_irq(&xas);
1859 } else {
1860 result = SCAN_PAGE_LOCK;
1861 goto xa_locked;
1862 }
1863 } else { /* !is_shmem */
1864 if (!page || xa_is_value(page)) {
1865 xas_unlock_irq(&xas);
1866 page_cache_sync_readahead(mapping, &file->f_ra,
1867 file, index,
1868 end - index);
1869 /* drain pagevecs to help isolate_lru_page() */
1870 lru_add_drain();
1871 page = find_lock_page(mapping, index);
1872 if (unlikely(page == NULL)) {
1873 result = SCAN_FAIL;
1874 goto xa_unlocked;
1875 }
1876 } else if (PageDirty(page)) {
1877 /*
1878 * khugepaged only works on read-only fd,
1879 * so this page is dirty because it hasn't
1880 * been flushed since first write. There
1881 * won't be new dirty pages.
1882 *
1883 * Trigger async flush here and hope the
1884 * writeback is done when khugepaged
1885 * revisits this page.
1886 *
1887 * This is a one-off situation. We are not
1888 * forcing writeback in loop.
1889 */
1890 xas_unlock_irq(&xas);
1891 filemap_flush(mapping);
1892 result = SCAN_FAIL;
1893 goto xa_unlocked;
1894 } else if (PageWriteback(page)) {
1895 xas_unlock_irq(&xas);
1896 result = SCAN_FAIL;
1897 goto xa_unlocked;
1898 } else if (trylock_page(page)) {
1899 get_page(page);
1900 xas_unlock_irq(&xas);
1901 } else {
1902 result = SCAN_PAGE_LOCK;
1903 goto xa_locked;
1904 }
1905 }
1906
1907 /*
1908 * The page must be locked, so we can drop the i_pages lock
1909 * without racing with truncate.
1910 */
1911 VM_BUG_ON_PAGE(!PageLocked(page), page);
1912
1913 /* make sure the page is up to date */
1914 if (unlikely(!PageUptodate(page))) {
1915 result = SCAN_FAIL;
1916 goto out_unlock;
1917 }
1918
1919 /*
1920 * If file was truncated then extended, or hole-punched, before
1921 * we locked the first page, then a THP might be there already.
1922 * This will be discovered on the first iteration.
1923 */
1924 if (PageTransCompound(page)) {
1925 struct page *head = compound_head(page);
1926
1927 result = compound_order(head) == HPAGE_PMD_ORDER &&
1928 head->index == start
1929 /* Maybe PMD-mapped */
1930 ? SCAN_PTE_MAPPED_HUGEPAGE
1931 : SCAN_PAGE_COMPOUND;
1932 goto out_unlock;
1933 }
1934
1935 folio = page_folio(page);
1936
1937 if (folio_mapping(folio) != mapping) {
1938 result = SCAN_TRUNCATED;
1939 goto out_unlock;
1940 }
1941
1942 if (!is_shmem && (folio_test_dirty(folio) ||
1943 folio_test_writeback(folio))) {
1944 /*
1945 * khugepaged only works on read-only fd, so this
1946 * page is dirty because it hasn't been flushed
1947 * since first write.
1948 */
1949 result = SCAN_FAIL;
1950 goto out_unlock;
1951 }
1952
1953 if (!folio_isolate_lru(folio)) {
1954 result = SCAN_DEL_PAGE_LRU;
1955 goto out_unlock;
1956 }
1957
1958 if (folio_has_private(folio) &&
1959 !filemap_release_folio(folio, GFP_KERNEL)) {
1960 result = SCAN_PAGE_HAS_PRIVATE;
1961 folio_putback_lru(folio);
1962 goto out_unlock;
1963 }
1964
1965 if (folio_mapped(folio))
1966 try_to_unmap(folio,
1967 TTU_IGNORE_MLOCK | TTU_BATCH_FLUSH);
1968
1969 xas_lock_irq(&xas);
1970 xas_set(&xas, index);
1971
1972 VM_BUG_ON_PAGE(page != xas_load(&xas), page);
1973
1974 /*
1975 * The page is expected to have page_count() == 3:
1976 * - we hold a pin on it;
1977 * - one reference from page cache;
1978 * - one from isolate_lru_page;
1979 */
1980 if (!page_ref_freeze(page, 3)) {
1981 result = SCAN_PAGE_COUNT;
1982 xas_unlock_irq(&xas);
1983 putback_lru_page(page);
1984 goto out_unlock;
1985 }
1986
1987 /*
1988 * Add the page to the list to be able to undo the collapse if
1989 * something go wrong.
1990 */
1991 list_add_tail(&page->lru, &pagelist);
1992
1993 /* Finally, replace with the new page. */
1994 xas_store(&xas, hpage);
1995 continue;
1996 out_unlock:
1997 unlock_page(page);
1998 put_page(page);
1999 goto xa_unlocked;
2000 }
2001 nr = thp_nr_pages(hpage);
2002
2003 if (is_shmem)
2004 __mod_lruvec_page_state(hpage, NR_SHMEM_THPS, nr);
2005 else {
2006 __mod_lruvec_page_state(hpage, NR_FILE_THPS, nr);
2007 filemap_nr_thps_inc(mapping);
2008 /*
2009 * Paired with smp_mb() in do_dentry_open() to ensure
2010 * i_writecount is up to date and the update to nr_thps is
2011 * visible. Ensures the page cache will be truncated if the
2012 * file is opened writable.
2013 */
2014 smp_mb();
2015 if (inode_is_open_for_write(mapping->host)) {
2016 result = SCAN_FAIL;
2017 __mod_lruvec_page_state(hpage, NR_FILE_THPS, -nr);
2018 filemap_nr_thps_dec(mapping);
2019 goto xa_locked;
2020 }
2021 }
2022
2023 if (nr_none) {
2024 __mod_lruvec_page_state(hpage, NR_FILE_PAGES, nr_none);
2025 /* nr_none is always 0 for non-shmem. */
2026 __mod_lruvec_page_state(hpage, NR_SHMEM, nr_none);
2027 }
2028
2029 /* Join all the small entries into a single multi-index entry */
2030 xas_set_order(&xas, start, HPAGE_PMD_ORDER);
2031 xas_store(&xas, hpage);
2032 xa_locked:
2033 xas_unlock_irq(&xas);
2034 xa_unlocked:
2035
2036 /*
2037 * If collapse is successful, flush must be done now before copying.
2038 * If collapse is unsuccessful, does flush actually need to be done?
2039 * Do it anyway, to clear the state.
2040 */
2041 try_to_unmap_flush();
2042
2043 if (result == SCAN_SUCCEED) {
2044 struct page *page, *tmp;
2045 struct folio *folio;
2046
2047 /*
2048 * Replacing old pages with new one has succeeded, now we
2049 * need to copy the content and free the old pages.
2050 */
2051 index = start;
2052 list_for_each_entry_safe(page, tmp, &pagelist, lru) {
2053 while (index < page->index) {
2054 clear_highpage(hpage + (index % HPAGE_PMD_NR));
2055 index++;
2056 }
2057 copy_highpage(hpage + (page->index % HPAGE_PMD_NR),
2058 page);
2059 list_del(&page->lru);
2060 page->mapping = NULL;
2061 page_ref_unfreeze(page, 1);
2062 ClearPageActive(page);
2063 ClearPageUnevictable(page);
2064 unlock_page(page);
2065 put_page(page);
2066 index++;
2067 }
2068 while (index < end) {
2069 clear_highpage(hpage + (index % HPAGE_PMD_NR));
2070 index++;
2071 }
2072
2073 folio = page_folio(hpage);
2074 folio_mark_uptodate(folio);
2075 folio_ref_add(folio, HPAGE_PMD_NR - 1);
2076
2077 if (is_shmem)
2078 folio_mark_dirty(folio);
2079 folio_add_lru(folio);
2080
2081 /*
2082 * Remove pte page tables, so we can re-fault the page as huge.
2083 */
2084 result = retract_page_tables(mapping, start, mm, addr, hpage,
2085 cc);
2086 unlock_page(hpage);
2087 hpage = NULL;
2088 } else {
2089 struct page *page;
2090
2091 /* Something went wrong: roll back page cache changes */
2092 xas_lock_irq(&xas);
2093 if (nr_none) {
2094 mapping->nrpages -= nr_none;
2095 shmem_uncharge(mapping->host, nr_none);
2096 }
2097
2098 xas_set(&xas, start);
2099 xas_for_each(&xas, page, end - 1) {
2100 page = list_first_entry_or_null(&pagelist,
2101 struct page, lru);
2102 if (!page || xas.xa_index < page->index) {
2103 if (!nr_none)
2104 break;
2105 nr_none--;
2106 /* Put holes back where they were */
2107 xas_store(&xas, NULL);
2108 continue;
2109 }
2110
2111 VM_BUG_ON_PAGE(page->index != xas.xa_index, page);
2112
2113 /* Unfreeze the page. */
2114 list_del(&page->lru);
2115 page_ref_unfreeze(page, 2);
2116 xas_store(&xas, page);
2117 xas_pause(&xas);
2118 xas_unlock_irq(&xas);
2119 unlock_page(page);
2120 putback_lru_page(page);
2121 xas_lock_irq(&xas);
2122 }
2123 VM_BUG_ON(nr_none);
2124 xas_unlock_irq(&xas);
2125
2126 hpage->mapping = NULL;
2127 }
2128
2129 if (hpage)
2130 unlock_page(hpage);
2131 out:
2132 VM_BUG_ON(!list_empty(&pagelist));
2133 if (hpage) {
2134 mem_cgroup_uncharge(page_folio(hpage));
2135 put_page(hpage);
2136 }
2137
2138 trace_mm_khugepaged_collapse_file(mm, hpage, index, is_shmem, addr, file, nr, result);
2139 return result;
2140 }
2141
2142 static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr,
2143 struct file *file, pgoff_t start,
2144 struct collapse_control *cc)
2145 {
2146 struct page *page = NULL;
2147 struct address_space *mapping = file->f_mapping;
2148 XA_STATE(xas, &mapping->i_pages, start);
2149 int present, swap;
2150 int node = NUMA_NO_NODE;
2151 int result = SCAN_SUCCEED;
2152
2153 present = 0;
2154 swap = 0;
2155 memset(cc->node_load, 0, sizeof(cc->node_load));
2156 nodes_clear(cc->alloc_nmask);
2157 rcu_read_lock();
2158 xas_for_each(&xas, page, start + HPAGE_PMD_NR - 1) {
2159 if (xas_retry(&xas, page))
2160 continue;
2161
2162 if (xa_is_value(page)) {
2163 ++swap;
2164 if (cc->is_khugepaged &&
2165 swap > khugepaged_max_ptes_swap) {
2166 result = SCAN_EXCEED_SWAP_PTE;
2167 count_vm_event(THP_SCAN_EXCEED_SWAP_PTE);
2168 break;
2169 }
2170 continue;
2171 }
2172
2173 /*
2174 * TODO: khugepaged should compact smaller compound pages
2175 * into a PMD sized page
2176 */
2177 if (PageTransCompound(page)) {
2178 struct page *head = compound_head(page);
2179
2180 result = compound_order(head) == HPAGE_PMD_ORDER &&
2181 head->index == start
2182 /* Maybe PMD-mapped */
2183 ? SCAN_PTE_MAPPED_HUGEPAGE
2184 : SCAN_PAGE_COMPOUND;
2185 /*
2186 * For SCAN_PTE_MAPPED_HUGEPAGE, further processing
2187 * by the caller won't touch the page cache, and so
2188 * it's safe to skip LRU and refcount checks before
2189 * returning.
2190 */
2191 break;
2192 }
2193
2194 node = page_to_nid(page);
2195 if (hpage_collapse_scan_abort(node, cc)) {
2196 result = SCAN_SCAN_ABORT;
2197 break;
2198 }
2199 cc->node_load[node]++;
2200
2201 if (!PageLRU(page)) {
2202 result = SCAN_PAGE_LRU;
2203 break;
2204 }
2205
2206 if (page_count(page) !=
2207 1 + page_mapcount(page) + page_has_private(page)) {
2208 result = SCAN_PAGE_COUNT;
2209 break;
2210 }
2211
2212 /*
2213 * We probably should check if the page is referenced here, but
2214 * nobody would transfer pte_young() to PageReferenced() for us.
2215 * And rmap walk here is just too costly...
2216 */
2217
2218 present++;
2219
2220 if (need_resched()) {
2221 xas_pause(&xas);
2222 cond_resched_rcu();
2223 }
2224 }
2225 rcu_read_unlock();
2226
2227 if (result == SCAN_SUCCEED) {
2228 if (cc->is_khugepaged &&
2229 present < HPAGE_PMD_NR - khugepaged_max_ptes_none) {
2230 result = SCAN_EXCEED_NONE_PTE;
2231 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
2232 } else {
2233 result = collapse_file(mm, addr, file, start, cc);
2234 }
2235 }
2236
2237 trace_mm_khugepaged_scan_file(mm, page, file, present, swap, result);
2238 return result;
2239 }
2240 #else
2241 static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr,
2242 struct file *file, pgoff_t start,
2243 struct collapse_control *cc)
2244 {
2245 BUILD_BUG();
2246 }
2247
2248 static void khugepaged_collapse_pte_mapped_thps(struct khugepaged_mm_slot *mm_slot)
2249 {
2250 }
2251
2252 static bool khugepaged_add_pte_mapped_thp(struct mm_struct *mm,
2253 unsigned long addr)
2254 {
2255 return false;
2256 }
2257 #endif
2258
2259 static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result,
2260 struct collapse_control *cc)
2261 __releases(&khugepaged_mm_lock)
2262 __acquires(&khugepaged_mm_lock)
2263 {
2264 struct vma_iterator vmi;
2265 struct khugepaged_mm_slot *mm_slot;
2266 struct mm_slot *slot;
2267 struct mm_struct *mm;
2268 struct vm_area_struct *vma;
2269 int progress = 0;
2270
2271 VM_BUG_ON(!pages);
2272 lockdep_assert_held(&khugepaged_mm_lock);
2273 *result = SCAN_FAIL;
2274
2275 if (khugepaged_scan.mm_slot) {
2276 mm_slot = khugepaged_scan.mm_slot;
2277 slot = &mm_slot->slot;
2278 } else {
2279 slot = list_entry(khugepaged_scan.mm_head.next,
2280 struct mm_slot, mm_node);
2281 mm_slot = mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
2282 khugepaged_scan.address = 0;
2283 khugepaged_scan.mm_slot = mm_slot;
2284 }
2285 spin_unlock(&khugepaged_mm_lock);
2286 khugepaged_collapse_pte_mapped_thps(mm_slot);
2287
2288 mm = slot->mm;
2289 /*
2290 * Don't wait for semaphore (to avoid long wait times). Just move to
2291 * the next mm on the list.
2292 */
2293 vma = NULL;
2294 if (unlikely(!mmap_read_trylock(mm)))
2295 goto breakouterloop_mmap_lock;
2296
2297 progress++;
2298 if (unlikely(hpage_collapse_test_exit(mm)))
2299 goto breakouterloop;
2300
2301 vma_iter_init(&vmi, mm, khugepaged_scan.address);
2302 for_each_vma(vmi, vma) {
2303 unsigned long hstart, hend;
2304
2305 cond_resched();
2306 if (unlikely(hpage_collapse_test_exit(mm))) {
2307 progress++;
2308 break;
2309 }
2310 if (!hugepage_vma_check(vma, vma->vm_flags, false, false, true)) {
2311 skip:
2312 progress++;
2313 continue;
2314 }
2315 hstart = round_up(vma->vm_start, HPAGE_PMD_SIZE);
2316 hend = round_down(vma->vm_end, HPAGE_PMD_SIZE);
2317 if (khugepaged_scan.address > hend)
2318 goto skip;
2319 if (khugepaged_scan.address < hstart)
2320 khugepaged_scan.address = hstart;
2321 VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2322
2323 while (khugepaged_scan.address < hend) {
2324 bool mmap_locked = true;
2325
2326 cond_resched();
2327 if (unlikely(hpage_collapse_test_exit(mm)))
2328 goto breakouterloop;
2329
2330 VM_BUG_ON(khugepaged_scan.address < hstart ||
2331 khugepaged_scan.address + HPAGE_PMD_SIZE >
2332 hend);
2333 if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
2334 struct file *file = get_file(vma->vm_file);
2335 pgoff_t pgoff = linear_page_index(vma,
2336 khugepaged_scan.address);
2337
2338 mmap_read_unlock(mm);
2339 *result = hpage_collapse_scan_file(mm,
2340 khugepaged_scan.address,
2341 file, pgoff, cc);
2342 mmap_locked = false;
2343 fput(file);
2344 } else {
2345 *result = hpage_collapse_scan_pmd(mm, vma,
2346 khugepaged_scan.address,
2347 &mmap_locked,
2348 cc);
2349 }
2350 switch (*result) {
2351 case SCAN_PTE_MAPPED_HUGEPAGE: {
2352 pmd_t *pmd;
2353
2354 *result = find_pmd_or_thp_or_none(mm,
2355 khugepaged_scan.address,
2356 &pmd);
2357 if (*result != SCAN_SUCCEED)
2358 break;
2359 if (!khugepaged_add_pte_mapped_thp(mm,
2360 khugepaged_scan.address))
2361 break;
2362 } fallthrough;
2363 case SCAN_SUCCEED:
2364 ++khugepaged_pages_collapsed;
2365 break;
2366 default:
2367 break;
2368 }
2369
2370 /* move to next address */
2371 khugepaged_scan.address += HPAGE_PMD_SIZE;
2372 progress += HPAGE_PMD_NR;
2373 if (!mmap_locked)
2374 /*
2375 * We released mmap_lock so break loop. Note
2376 * that we drop mmap_lock before all hugepage
2377 * allocations, so if allocation fails, we are
2378 * guaranteed to break here and report the
2379 * correct result back to caller.
2380 */
2381 goto breakouterloop_mmap_lock;
2382 if (progress >= pages)
2383 goto breakouterloop;
2384 }
2385 }
2386 breakouterloop:
2387 mmap_read_unlock(mm); /* exit_mmap will destroy ptes after this */
2388 breakouterloop_mmap_lock:
2389
2390 spin_lock(&khugepaged_mm_lock);
2391 VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
2392 /*
2393 * Release the current mm_slot if this mm is about to die, or
2394 * if we scanned all vmas of this mm.
2395 */
2396 if (hpage_collapse_test_exit(mm) || !vma) {
2397 /*
2398 * Make sure that if mm_users is reaching zero while
2399 * khugepaged runs here, khugepaged_exit will find
2400 * mm_slot not pointing to the exiting mm.
2401 */
2402 if (slot->mm_node.next != &khugepaged_scan.mm_head) {
2403 slot = list_entry(slot->mm_node.next,
2404 struct mm_slot, mm_node);
2405 khugepaged_scan.mm_slot =
2406 mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
2407 khugepaged_scan.address = 0;
2408 } else {
2409 khugepaged_scan.mm_slot = NULL;
2410 khugepaged_full_scans++;
2411 }
2412
2413 collect_mm_slot(mm_slot);
2414 }
2415
2416 return progress;
2417 }
2418
2419 static int khugepaged_has_work(void)
2420 {
2421 return !list_empty(&khugepaged_scan.mm_head) &&
2422 hugepage_flags_enabled();
2423 }
2424
2425 static int khugepaged_wait_event(void)
2426 {
2427 return !list_empty(&khugepaged_scan.mm_head) ||
2428 kthread_should_stop();
2429 }
2430
2431 static void khugepaged_do_scan(struct collapse_control *cc)
2432 {
2433 unsigned int progress = 0, pass_through_head = 0;
2434 unsigned int pages = READ_ONCE(khugepaged_pages_to_scan);
2435 bool wait = true;
2436 int result = SCAN_SUCCEED;
2437
2438 lru_add_drain_all();
2439
2440 while (true) {
2441 cond_resched();
2442
2443 if (unlikely(kthread_should_stop() || try_to_freeze()))
2444 break;
2445
2446 spin_lock(&khugepaged_mm_lock);
2447 if (!khugepaged_scan.mm_slot)
2448 pass_through_head++;
2449 if (khugepaged_has_work() &&
2450 pass_through_head < 2)
2451 progress += khugepaged_scan_mm_slot(pages - progress,
2452 &result, cc);
2453 else
2454 progress = pages;
2455 spin_unlock(&khugepaged_mm_lock);
2456
2457 if (progress >= pages)
2458 break;
2459
2460 if (result == SCAN_ALLOC_HUGE_PAGE_FAIL) {
2461 /*
2462 * If fail to allocate the first time, try to sleep for
2463 * a while. When hit again, cancel the scan.
2464 */
2465 if (!wait)
2466 break;
2467 wait = false;
2468 khugepaged_alloc_sleep();
2469 }
2470 }
2471 }
2472
2473 static bool khugepaged_should_wakeup(void)
2474 {
2475 return kthread_should_stop() ||
2476 time_after_eq(jiffies, khugepaged_sleep_expire);
2477 }
2478
2479 static void khugepaged_wait_work(void)
2480 {
2481 if (khugepaged_has_work()) {
2482 const unsigned long scan_sleep_jiffies =
2483 msecs_to_jiffies(khugepaged_scan_sleep_millisecs);
2484
2485 if (!scan_sleep_jiffies)
2486 return;
2487
2488 khugepaged_sleep_expire = jiffies + scan_sleep_jiffies;
2489 wait_event_freezable_timeout(khugepaged_wait,
2490 khugepaged_should_wakeup(),
2491 scan_sleep_jiffies);
2492 return;
2493 }
2494
2495 if (hugepage_flags_enabled())
2496 wait_event_freezable(khugepaged_wait, khugepaged_wait_event());
2497 }
2498
2499 static int khugepaged(void *none)
2500 {
2501 struct khugepaged_mm_slot *mm_slot;
2502
2503 set_freezable();
2504 set_user_nice(current, MAX_NICE);
2505
2506 while (!kthread_should_stop()) {
2507 khugepaged_do_scan(&khugepaged_collapse_control);
2508 khugepaged_wait_work();
2509 }
2510
2511 spin_lock(&khugepaged_mm_lock);
2512 mm_slot = khugepaged_scan.mm_slot;
2513 khugepaged_scan.mm_slot = NULL;
2514 if (mm_slot)
2515 collect_mm_slot(mm_slot);
2516 spin_unlock(&khugepaged_mm_lock);
2517 return 0;
2518 }
2519
2520 static void set_recommended_min_free_kbytes(void)
2521 {
2522 struct zone *zone;
2523 int nr_zones = 0;
2524 unsigned long recommended_min;
2525
2526 if (!hugepage_flags_enabled()) {
2527 calculate_min_free_kbytes();
2528 goto update_wmarks;
2529 }
2530
2531 for_each_populated_zone(zone) {
2532 /*
2533 * We don't need to worry about fragmentation of
2534 * ZONE_MOVABLE since it only has movable pages.
2535 */
2536 if (zone_idx(zone) > gfp_zone(GFP_USER))
2537 continue;
2538
2539 nr_zones++;
2540 }
2541
2542 /* Ensure 2 pageblocks are free to assist fragmentation avoidance */
2543 recommended_min = pageblock_nr_pages * nr_zones * 2;
2544
2545 /*
2546 * Make sure that on average at least two pageblocks are almost free
2547 * of another type, one for a migratetype to fall back to and a
2548 * second to avoid subsequent fallbacks of other types There are 3
2549 * MIGRATE_TYPES we care about.
2550 */
2551 recommended_min += pageblock_nr_pages * nr_zones *
2552 MIGRATE_PCPTYPES * MIGRATE_PCPTYPES;
2553
2554 /* don't ever allow to reserve more than 5% of the lowmem */
2555 recommended_min = min(recommended_min,
2556 (unsigned long) nr_free_buffer_pages() / 20);
2557 recommended_min <<= (PAGE_SHIFT-10);
2558
2559 if (recommended_min > min_free_kbytes) {
2560 if (user_min_free_kbytes >= 0)
2561 pr_info("raising min_free_kbytes from %d to %lu to help transparent hugepage allocations\n",
2562 min_free_kbytes, recommended_min);
2563
2564 min_free_kbytes = recommended_min;
2565 }
2566
2567 update_wmarks:
2568 setup_per_zone_wmarks();
2569 }
2570
2571 int start_stop_khugepaged(void)
2572 {
2573 int err = 0;
2574
2575 mutex_lock(&khugepaged_mutex);
2576 if (hugepage_flags_enabled()) {
2577 if (!khugepaged_thread)
2578 khugepaged_thread = kthread_run(khugepaged, NULL,
2579 "khugepaged");
2580 if (IS_ERR(khugepaged_thread)) {
2581 pr_err("khugepaged: kthread_run(khugepaged) failed\n");
2582 err = PTR_ERR(khugepaged_thread);
2583 khugepaged_thread = NULL;
2584 goto fail;
2585 }
2586
2587 if (!list_empty(&khugepaged_scan.mm_head))
2588 wake_up_interruptible(&khugepaged_wait);
2589 } else if (khugepaged_thread) {
2590 kthread_stop(khugepaged_thread);
2591 khugepaged_thread = NULL;
2592 }
2593 set_recommended_min_free_kbytes();
2594 fail:
2595 mutex_unlock(&khugepaged_mutex);
2596 return err;
2597 }
2598
2599 void khugepaged_min_free_kbytes_update(void)
2600 {
2601 mutex_lock(&khugepaged_mutex);
2602 if (hugepage_flags_enabled() && khugepaged_thread)
2603 set_recommended_min_free_kbytes();
2604 mutex_unlock(&khugepaged_mutex);
2605 }
2606
2607 bool current_is_khugepaged(void)
2608 {
2609 return kthread_func(current) == khugepaged;
2610 }
2611
2612 static int madvise_collapse_errno(enum scan_result r)
2613 {
2614 /*
2615 * MADV_COLLAPSE breaks from existing madvise(2) conventions to provide
2616 * actionable feedback to caller, so they may take an appropriate
2617 * fallback measure depending on the nature of the failure.
2618 */
2619 switch (r) {
2620 case SCAN_ALLOC_HUGE_PAGE_FAIL:
2621 return -ENOMEM;
2622 case SCAN_CGROUP_CHARGE_FAIL:
2623 return -EBUSY;
2624 /* Resource temporary unavailable - trying again might succeed */
2625 case SCAN_PAGE_COUNT:
2626 case SCAN_PAGE_LOCK:
2627 case SCAN_PAGE_LRU:
2628 case SCAN_DEL_PAGE_LRU:
2629 return -EAGAIN;
2630 /*
2631 * Other: Trying again likely not to succeed / error intrinsic to
2632 * specified memory range. khugepaged likely won't be able to collapse
2633 * either.
2634 */
2635 default:
2636 return -EINVAL;
2637 }
2638 }
2639
2640 int madvise_collapse(struct vm_area_struct *vma, struct vm_area_struct **prev,
2641 unsigned long start, unsigned long end)
2642 {
2643 struct collapse_control *cc;
2644 struct mm_struct *mm = vma->vm_mm;
2645 unsigned long hstart, hend, addr;
2646 int thps = 0, last_fail = SCAN_FAIL;
2647 bool mmap_locked = true;
2648
2649 BUG_ON(vma->vm_start > start);
2650 BUG_ON(vma->vm_end < end);
2651
2652 *prev = vma;
2653
2654 if (!hugepage_vma_check(vma, vma->vm_flags, false, false, false))
2655 return -EINVAL;
2656
2657 cc = kmalloc(sizeof(*cc), GFP_KERNEL);
2658 if (!cc)
2659 return -ENOMEM;
2660 cc->is_khugepaged = false;
2661
2662 mmgrab(mm);
2663 lru_add_drain_all();
2664
2665 hstart = (start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2666 hend = end & HPAGE_PMD_MASK;
2667
2668 for (addr = hstart; addr < hend; addr += HPAGE_PMD_SIZE) {
2669 int result = SCAN_FAIL;
2670
2671 if (!mmap_locked) {
2672 cond_resched();
2673 mmap_read_lock(mm);
2674 mmap_locked = true;
2675 result = hugepage_vma_revalidate(mm, addr, false, &vma,
2676 cc);
2677 if (result != SCAN_SUCCEED) {
2678 last_fail = result;
2679 goto out_nolock;
2680 }
2681
2682 hend = min(hend, vma->vm_end & HPAGE_PMD_MASK);
2683 }
2684 mmap_assert_locked(mm);
2685 memset(cc->node_load, 0, sizeof(cc->node_load));
2686 nodes_clear(cc->alloc_nmask);
2687 if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
2688 struct file *file = get_file(vma->vm_file);
2689 pgoff_t pgoff = linear_page_index(vma, addr);
2690
2691 mmap_read_unlock(mm);
2692 mmap_locked = false;
2693 result = hpage_collapse_scan_file(mm, addr, file, pgoff,
2694 cc);
2695 fput(file);
2696 } else {
2697 result = hpage_collapse_scan_pmd(mm, vma, addr,
2698 &mmap_locked, cc);
2699 }
2700 if (!mmap_locked)
2701 *prev = NULL; /* Tell caller we dropped mmap_lock */
2702
2703 handle_result:
2704 switch (result) {
2705 case SCAN_SUCCEED:
2706 case SCAN_PMD_MAPPED:
2707 ++thps;
2708 break;
2709 case SCAN_PTE_MAPPED_HUGEPAGE:
2710 BUG_ON(mmap_locked);
2711 BUG_ON(*prev);
2712 mmap_write_lock(mm);
2713 result = collapse_pte_mapped_thp(mm, addr, true);
2714 mmap_write_unlock(mm);
2715 goto handle_result;
2716 /* Whitelisted set of results where continuing OK */
2717 case SCAN_PMD_NULL:
2718 case SCAN_PTE_NON_PRESENT:
2719 case SCAN_PTE_UFFD_WP:
2720 case SCAN_PAGE_RO:
2721 case SCAN_LACK_REFERENCED_PAGE:
2722 case SCAN_PAGE_NULL:
2723 case SCAN_PAGE_COUNT:
2724 case SCAN_PAGE_LOCK:
2725 case SCAN_PAGE_COMPOUND:
2726 case SCAN_PAGE_LRU:
2727 case SCAN_DEL_PAGE_LRU:
2728 last_fail = result;
2729 break;
2730 default:
2731 last_fail = result;
2732 /* Other error, exit */
2733 goto out_maybelock;
2734 }
2735 }
2736
2737 out_maybelock:
2738 /* Caller expects us to hold mmap_lock on return */
2739 if (!mmap_locked)
2740 mmap_read_lock(mm);
2741 out_nolock:
2742 mmap_assert_locked(mm);
2743 mmdrop(mm);
2744 kfree(cc);
2745
2746 return thps == ((hend - hstart) >> HPAGE_PMD_SHIFT) ? 0
2747 : madvise_collapse_errno(last_fail);
2748 }
A mirror of Linus' kernel repository