1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_RMAP_H
3 #define _LINUX_RMAP_H
4 /*
5 * Declarations for Reverse Mapping functions in mm/rmap.c
6 */
7
8 #include <linux/list.h>
9 #include <linux/slab.h>
10 #include <linux/mm.h>
11 #include <linux/rwsem.h>
12 #include <linux/memcontrol.h>
13 #include <linux/highmem.h>
14 #include <linux/pagemap.h>
15 #include <linux/memremap.h>
16
17 /*
18 * The anon_vma heads a list of private "related" vmas, to scan if
19 * an anonymous page pointing to this anon_vma needs to be unmapped:
20 * the vmas on the list will be related by forking, or by splitting.
21 *
22 * Since vmas come and go as they are split and merged (particularly
23 * in mprotect), the mapping field of an anonymous page cannot point
24 * directly to a vma: instead it points to an anon_vma, on whose list
25 * the related vmas can be easily linked or unlinked.
26 *
27 * After unlinking the last vma on the list, we must garbage collect
28 * the anon_vma object itself: we're guaranteed no page can be
29 * pointing to this anon_vma once its vma list is empty.
30 */
31 struct anon_vma {
32 struct anon_vma *root; /* Root of this anon_vma tree */
33 struct rw_semaphore rwsem; /* W: modification, R: walking the list */
34 /*
35 * The refcount is taken on an anon_vma when there is no
36 * guarantee that the vma of page tables will exist for
37 * the duration of the operation. A caller that takes
38 * the reference is responsible for clearing up the
39 * anon_vma if they are the last user on release
40 */
41 atomic_t refcount;
42
43 /*
44 * Count of child anon_vmas. Equals to the count of all anon_vmas that
45 * have ->parent pointing to this one, including itself.
46 *
47 * This counter is used for making decision about reusing anon_vma
48 * instead of forking new one. See comments in function anon_vma_clone.
49 */
50 unsigned long num_children;
51 /* Count of VMAs whose ->anon_vma pointer points to this object. */
52 unsigned long num_active_vmas;
53
54 struct anon_vma *parent; /* Parent of this anon_vma */
55
56 /*
57 * NOTE: the LSB of the rb_root.rb_node is set by
58 * mm_take_all_locks() _after_ taking the above lock. So the
59 * rb_root must only be read/written after taking the above lock
60 * to be sure to see a valid next pointer. The LSB bit itself
61 * is serialized by a system wide lock only visible to
62 * mm_take_all_locks() (mm_all_locks_mutex).
63 */
64
65 /* Interval tree of private "related" vmas */
66 struct rb_root_cached rb_root;
67 };
68
69 /*
70 * The copy-on-write semantics of fork mean that an anon_vma
71 * can become associated with multiple processes. Furthermore,
72 * each child process will have its own anon_vma, where new
73 * pages for that process are instantiated.
74 *
75 * This structure allows us to find the anon_vmas associated
76 * with a VMA, or the VMAs associated with an anon_vma.
77 * The "same_vma" list contains the anon_vma_chains linking
78 * all the anon_vmas associated with this VMA.
79 * The "rb" field indexes on an interval tree the anon_vma_chains
80 * which link all the VMAs associated with this anon_vma.
81 */
82 struct anon_vma_chain {
83 struct vm_area_struct *vma;
84 struct anon_vma *anon_vma;
85 struct list_head same_vma; /* locked by mmap_lock & page_table_lock */
86 struct rb_node rb; /* locked by anon_vma->rwsem */
87 unsigned long rb_subtree_last;
88 #ifdef CONFIG_DEBUG_VM_RB
89 unsigned long cached_vma_start, cached_vma_last;
90 #endif
91 };
92
93 enum ttu_flags {
94 TTU_SPLIT_HUGE_PMD = 0x4, /* split huge PMD if any */
95 TTU_IGNORE_MLOCK = 0x8, /* ignore mlock */
96 TTU_SYNC = 0x10, /* avoid racy checks with PVMW_SYNC */
97 TTU_HWPOISON = 0x20, /* do convert pte to hwpoison entry */
98 TTU_BATCH_FLUSH = 0x40, /* Batch TLB flushes where possible
99 * and caller guarantees they will
100 * do a final flush if necessary */
101 TTU_RMAP_LOCKED = 0x80, /* do not grab rmap lock:
102 * caller holds it */
103 };
104
105 #ifdef CONFIG_MMU
get_anon_vma(struct anon_vma * anon_vma)106 static inline void get_anon_vma(struct anon_vma *anon_vma)
107 {
108 atomic_inc(&anon_vma->refcount);
109 }
110
111 void __put_anon_vma(struct anon_vma *anon_vma);
112
put_anon_vma(struct anon_vma * anon_vma)113 static inline void put_anon_vma(struct anon_vma *anon_vma)
114 {
115 if (atomic_dec_and_test(&anon_vma->refcount))
116 __put_anon_vma(anon_vma);
117 }
118
anon_vma_lock_write(struct anon_vma * anon_vma)119 static inline void anon_vma_lock_write(struct anon_vma *anon_vma)
120 {
121 down_write(&anon_vma->root->rwsem);
122 }
123
anon_vma_trylock_write(struct anon_vma * anon_vma)124 static inline int anon_vma_trylock_write(struct anon_vma *anon_vma)
125 {
126 return down_write_trylock(&anon_vma->root->rwsem);
127 }
128
anon_vma_unlock_write(struct anon_vma * anon_vma)129 static inline void anon_vma_unlock_write(struct anon_vma *anon_vma)
130 {
131 up_write(&anon_vma->root->rwsem);
132 }
133
anon_vma_lock_read(struct anon_vma * anon_vma)134 static inline void anon_vma_lock_read(struct anon_vma *anon_vma)
135 {
136 down_read(&anon_vma->root->rwsem);
137 }
138
anon_vma_trylock_read(struct anon_vma * anon_vma)139 static inline int anon_vma_trylock_read(struct anon_vma *anon_vma)
140 {
141 return down_read_trylock(&anon_vma->root->rwsem);
142 }
143
anon_vma_unlock_read(struct anon_vma * anon_vma)144 static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
145 {
146 up_read(&anon_vma->root->rwsem);
147 }
148
149
150 /*
151 * anon_vma helper functions.
152 */
153 void anon_vma_init(void); /* create anon_vma_cachep */
154 int __anon_vma_prepare(struct vm_area_struct *);
155 void unlink_anon_vmas(struct vm_area_struct *);
156 int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
157 int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
158
anon_vma_prepare(struct vm_area_struct * vma)159 static inline int anon_vma_prepare(struct vm_area_struct *vma)
160 {
161 if (likely(vma->anon_vma))
162 return 0;
163
164 return __anon_vma_prepare(vma);
165 }
166
anon_vma_merge(struct vm_area_struct * vma,struct vm_area_struct * next)167 static inline void anon_vma_merge(struct vm_area_struct *vma,
168 struct vm_area_struct *next)
169 {
170 VM_BUG_ON_VMA(vma->anon_vma != next->anon_vma, vma);
171 unlink_anon_vmas(next);
172 }
173
174 struct anon_vma *folio_get_anon_vma(struct folio *folio);
175
176 /* RMAP flags, currently only relevant for some anon rmap operations. */
177 typedef int __bitwise rmap_t;
178
179 /*
180 * No special request: A mapped anonymous (sub)page is possibly shared between
181 * processes.
182 */
183 #define RMAP_NONE ((__force rmap_t)0)
184
185 /* The anonymous (sub)page is exclusive to a single process. */
186 #define RMAP_EXCLUSIVE ((__force rmap_t)BIT(0))
187
188 /*
189 * Internally, we're using an enum to specify the granularity. We make the
190 * compiler emit specialized code for each granularity.
191 */
192 enum rmap_level {
193 RMAP_LEVEL_PTE = 0,
194 RMAP_LEVEL_PMD,
195 };
196
__folio_rmap_sanity_checks(struct folio * folio,struct page * page,int nr_pages,enum rmap_level level)197 static inline void __folio_rmap_sanity_checks(struct folio *folio,
198 struct page *page, int nr_pages, enum rmap_level level)
199 {
200 /* hugetlb folios are handled separately. */
201 VM_WARN_ON_FOLIO(folio_test_hugetlb(folio), folio);
202
203 /* When (un)mapping zeropages, we should never touch ref+mapcount. */
204 VM_WARN_ON_FOLIO(is_zero_folio(folio), folio);
205
206 /*
207 * TODO: we get driver-allocated folios that have nothing to do with
208 * the rmap using vm_insert_page(); therefore, we cannot assume that
209 * folio_test_large_rmappable() holds for large folios. We should
210 * handle any desired mapcount+stats accounting for these folios in
211 * VM_MIXEDMAP VMAs separately, and then sanity-check here that
212 * we really only get rmappable folios.
213 */
214
215 VM_WARN_ON_ONCE(nr_pages <= 0);
216 VM_WARN_ON_FOLIO(page_folio(page) != folio, folio);
217 VM_WARN_ON_FOLIO(page_folio(page + nr_pages - 1) != folio, folio);
218
219 switch (level) {
220 case RMAP_LEVEL_PTE:
221 break;
222 case RMAP_LEVEL_PMD:
223 /*
224 * We don't support folios larger than a single PMD yet. So
225 * when RMAP_LEVEL_PMD is set, we assume that we are creating
226 * a single "entire" mapping of the folio.
227 */
228 VM_WARN_ON_FOLIO(folio_nr_pages(folio) != HPAGE_PMD_NR, folio);
229 VM_WARN_ON_FOLIO(nr_pages != HPAGE_PMD_NR, folio);
230 break;
231 default:
232 VM_WARN_ON_ONCE(true);
233 }
234 }
235
236 /*
237 * rmap interfaces called when adding or removing pte of page
238 */
239 void folio_move_anon_rmap(struct folio *, struct vm_area_struct *);
240 void folio_add_anon_rmap_ptes(struct folio *, struct page *, int nr_pages,
241 struct vm_area_struct *, unsigned long address, rmap_t flags);
242 #define folio_add_anon_rmap_pte(folio, page, vma, address, flags) \
243 folio_add_anon_rmap_ptes(folio, page, 1, vma, address, flags)
244 void folio_add_anon_rmap_pmd(struct folio *, struct page *,
245 struct vm_area_struct *, unsigned long address, rmap_t flags);
246 void folio_add_new_anon_rmap(struct folio *, struct vm_area_struct *,
247 unsigned long address, rmap_t flags);
248 void folio_add_file_rmap_ptes(struct folio *, struct page *, int nr_pages,
249 struct vm_area_struct *);
250 #define folio_add_file_rmap_pte(folio, page, vma) \
251 folio_add_file_rmap_ptes(folio, page, 1, vma)
252 void folio_add_file_rmap_pmd(struct folio *, struct page *,
253 struct vm_area_struct *);
254 void folio_remove_rmap_ptes(struct folio *, struct page *, int nr_pages,
255 struct vm_area_struct *);
256 #define folio_remove_rmap_pte(folio, page, vma) \
257 folio_remove_rmap_ptes(folio, page, 1, vma)
258 void folio_remove_rmap_pmd(struct folio *, struct page *,
259 struct vm_area_struct *);
260
261 void hugetlb_add_anon_rmap(struct folio *, struct vm_area_struct *,
262 unsigned long address, rmap_t flags);
263 void hugetlb_add_new_anon_rmap(struct folio *, struct vm_area_struct *,
264 unsigned long address);
265
266 /* See folio_try_dup_anon_rmap_*() */
hugetlb_try_dup_anon_rmap(struct folio * folio,struct vm_area_struct * vma)267 static inline int hugetlb_try_dup_anon_rmap(struct folio *folio,
268 struct vm_area_struct *vma)
269 {
270 VM_WARN_ON_FOLIO(!folio_test_hugetlb(folio), folio);
271 VM_WARN_ON_FOLIO(!folio_test_anon(folio), folio);
272
273 if (PageAnonExclusive(&folio->page)) {
274 if (unlikely(folio_needs_cow_for_dma(vma, folio)))
275 return -EBUSY;
276 ClearPageAnonExclusive(&folio->page);
277 }
278 atomic_inc(&folio->_entire_mapcount);
279 atomic_inc(&folio->_large_mapcount);
280 return 0;
281 }
282
283 /* See folio_try_share_anon_rmap_*() */
hugetlb_try_share_anon_rmap(struct folio * folio)284 static inline int hugetlb_try_share_anon_rmap(struct folio *folio)
285 {
286 VM_WARN_ON_FOLIO(!folio_test_hugetlb(folio), folio);
287 VM_WARN_ON_FOLIO(!folio_test_anon(folio), folio);
288 VM_WARN_ON_FOLIO(!PageAnonExclusive(&folio->page), folio);
289
290 /* Paired with the memory barrier in try_grab_folio(). */
291 if (IS_ENABLED(CONFIG_HAVE_GUP_FAST))
292 smp_mb();
293
294 if (unlikely(folio_maybe_dma_pinned(folio)))
295 return -EBUSY;
296 ClearPageAnonExclusive(&folio->page);
297
298 /*
299 * This is conceptually a smp_wmb() paired with the smp_rmb() in
300 * gup_must_unshare().
301 */
302 if (IS_ENABLED(CONFIG_HAVE_GUP_FAST))
303 smp_mb__after_atomic();
304 return 0;
305 }
306
hugetlb_add_file_rmap(struct folio * folio)307 static inline void hugetlb_add_file_rmap(struct folio *folio)
308 {
309 VM_WARN_ON_FOLIO(!folio_test_hugetlb(folio), folio);
310 VM_WARN_ON_FOLIO(folio_test_anon(folio), folio);
311
312 atomic_inc(&folio->_entire_mapcount);
313 atomic_inc(&folio->_large_mapcount);
314 }
315
hugetlb_remove_rmap(struct folio * folio)316 static inline void hugetlb_remove_rmap(struct folio *folio)
317 {
318 VM_WARN_ON_FOLIO(!folio_test_hugetlb(folio), folio);
319
320 atomic_dec(&folio->_entire_mapcount);
321 atomic_dec(&folio->_large_mapcount);
322 }
323
__folio_dup_file_rmap(struct folio * folio,struct page * page,int nr_pages,enum rmap_level level)324 static __always_inline void __folio_dup_file_rmap(struct folio *folio,
325 struct page *page, int nr_pages, enum rmap_level level)
326 {
327 const int orig_nr_pages = nr_pages;
328
329 __folio_rmap_sanity_checks(folio, page, nr_pages, level);
330
331 switch (level) {
332 case RMAP_LEVEL_PTE:
333 if (!folio_test_large(folio)) {
334 atomic_inc(&folio->_mapcount);
335 break;
336 }
337
338 do {
339 atomic_inc(&page->_mapcount);
340 } while (page++, --nr_pages > 0);
341 atomic_add(orig_nr_pages, &folio->_large_mapcount);
342 break;
343 case RMAP_LEVEL_PMD:
344 atomic_inc(&folio->_entire_mapcount);
345 atomic_inc(&folio->_large_mapcount);
346 break;
347 }
348 }
349
350 /**
351 * folio_dup_file_rmap_ptes - duplicate PTE mappings of a page range of a folio
352 * @folio: The folio to duplicate the mappings of
353 * @page: The first page to duplicate the mappings of
354 * @nr_pages: The number of pages of which the mapping will be duplicated
355 *
356 * The page range of the folio is defined by [page, page + nr_pages)
357 *
358 * The caller needs to hold the page table lock.
359 */
folio_dup_file_rmap_ptes(struct folio * folio,struct page * page,int nr_pages)360 static inline void folio_dup_file_rmap_ptes(struct folio *folio,
361 struct page *page, int nr_pages)
362 {
363 __folio_dup_file_rmap(folio, page, nr_pages, RMAP_LEVEL_PTE);
364 }
365
folio_dup_file_rmap_pte(struct folio * folio,struct page * page)366 static __always_inline void folio_dup_file_rmap_pte(struct folio *folio,
367 struct page *page)
368 {
369 __folio_dup_file_rmap(folio, page, 1, RMAP_LEVEL_PTE);
370 }
371
372 /**
373 * folio_dup_file_rmap_pmd - duplicate a PMD mapping of a page range of a folio
374 * @folio: The folio to duplicate the mapping of
375 * @page: The first page to duplicate the mapping of
376 *
377 * The page range of the folio is defined by [page, page + HPAGE_PMD_NR)
378 *
379 * The caller needs to hold the page table lock.
380 */
folio_dup_file_rmap_pmd(struct folio * folio,struct page * page)381 static inline void folio_dup_file_rmap_pmd(struct folio *folio,
382 struct page *page)
383 {
384 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
385 __folio_dup_file_rmap(folio, page, HPAGE_PMD_NR, RMAP_LEVEL_PTE);
386 #else
387 WARN_ON_ONCE(true);
388 #endif
389 }
390
__folio_try_dup_anon_rmap(struct folio * folio,struct page * page,int nr_pages,struct vm_area_struct * src_vma,enum rmap_level level)391 static __always_inline int __folio_try_dup_anon_rmap(struct folio *folio,
392 struct page *page, int nr_pages, struct vm_area_struct *src_vma,
393 enum rmap_level level)
394 {
395 const int orig_nr_pages = nr_pages;
396 bool maybe_pinned;
397 int i;
398
399 VM_WARN_ON_FOLIO(!folio_test_anon(folio), folio);
400 __folio_rmap_sanity_checks(folio, page, nr_pages, level);
401
402 /*
403 * If this folio may have been pinned by the parent process,
404 * don't allow to duplicate the mappings but instead require to e.g.,
405 * copy the subpage immediately for the child so that we'll always
406 * guarantee the pinned folio won't be randomly replaced in the
407 * future on write faults.
408 */
409 maybe_pinned = likely(!folio_is_device_private(folio)) &&
410 unlikely(folio_needs_cow_for_dma(src_vma, folio));
411
412 /*
413 * No need to check+clear for already shared PTEs/PMDs of the
414 * folio. But if any page is PageAnonExclusive, we must fallback to
415 * copying if the folio maybe pinned.
416 */
417 switch (level) {
418 case RMAP_LEVEL_PTE:
419 if (unlikely(maybe_pinned)) {
420 for (i = 0; i < nr_pages; i++)
421 if (PageAnonExclusive(page + i))
422 return -EBUSY;
423 }
424
425 if (!folio_test_large(folio)) {
426 if (PageAnonExclusive(page))
427 ClearPageAnonExclusive(page);
428 atomic_inc(&folio->_mapcount);
429 break;
430 }
431
432 do {
433 if (PageAnonExclusive(page))
434 ClearPageAnonExclusive(page);
435 atomic_inc(&page->_mapcount);
436 } while (page++, --nr_pages > 0);
437 atomic_add(orig_nr_pages, &folio->_large_mapcount);
438 break;
439 case RMAP_LEVEL_PMD:
440 if (PageAnonExclusive(page)) {
441 if (unlikely(maybe_pinned))
442 return -EBUSY;
443 ClearPageAnonExclusive(page);
444 }
445 atomic_inc(&folio->_entire_mapcount);
446 atomic_inc(&folio->_large_mapcount);
447 break;
448 }
449 return 0;
450 }
451
452 /**
453 * folio_try_dup_anon_rmap_ptes - try duplicating PTE mappings of a page range
454 * of a folio
455 * @folio: The folio to duplicate the mappings of
456 * @page: The first page to duplicate the mappings of
457 * @nr_pages: The number of pages of which the mapping will be duplicated
458 * @src_vma: The vm area from which the mappings are duplicated
459 *
460 * The page range of the folio is defined by [page, page + nr_pages)
461 *
462 * The caller needs to hold the page table lock and the
463 * vma->vma_mm->write_protect_seq.
464 *
465 * Duplicating the mappings can only fail if the folio may be pinned; device
466 * private folios cannot get pinned and consequently this function cannot fail
467 * for them.
468 *
469 * If duplicating the mappings succeeded, the duplicated PTEs have to be R/O in
470 * the parent and the child. They must *not* be writable after this call
471 * succeeded.
472 *
473 * Returns 0 if duplicating the mappings succeeded. Returns -EBUSY otherwise.
474 */
folio_try_dup_anon_rmap_ptes(struct folio * folio,struct page * page,int nr_pages,struct vm_area_struct * src_vma)475 static inline int folio_try_dup_anon_rmap_ptes(struct folio *folio,
476 struct page *page, int nr_pages, struct vm_area_struct *src_vma)
477 {
478 return __folio_try_dup_anon_rmap(folio, page, nr_pages, src_vma,
479 RMAP_LEVEL_PTE);
480 }
481
folio_try_dup_anon_rmap_pte(struct folio * folio,struct page * page,struct vm_area_struct * src_vma)482 static __always_inline int folio_try_dup_anon_rmap_pte(struct folio *folio,
483 struct page *page, struct vm_area_struct *src_vma)
484 {
485 return __folio_try_dup_anon_rmap(folio, page, 1, src_vma,
486 RMAP_LEVEL_PTE);
487 }
488
489 /**
490 * folio_try_dup_anon_rmap_pmd - try duplicating a PMD mapping of a page range
491 * of a folio
492 * @folio: The folio to duplicate the mapping of
493 * @page: The first page to duplicate the mapping of
494 * @src_vma: The vm area from which the mapping is duplicated
495 *
496 * The page range of the folio is defined by [page, page + HPAGE_PMD_NR)
497 *
498 * The caller needs to hold the page table lock and the
499 * vma->vma_mm->write_protect_seq.
500 *
501 * Duplicating the mapping can only fail if the folio may be pinned; device
502 * private folios cannot get pinned and consequently this function cannot fail
503 * for them.
504 *
505 * If duplicating the mapping succeeds, the duplicated PMD has to be R/O in
506 * the parent and the child. They must *not* be writable after this call
507 * succeeded.
508 *
509 * Returns 0 if duplicating the mapping succeeded. Returns -EBUSY otherwise.
510 */
folio_try_dup_anon_rmap_pmd(struct folio * folio,struct page * page,struct vm_area_struct * src_vma)511 static inline int folio_try_dup_anon_rmap_pmd(struct folio *folio,
512 struct page *page, struct vm_area_struct *src_vma)
513 {
514 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
515 return __folio_try_dup_anon_rmap(folio, page, HPAGE_PMD_NR, src_vma,
516 RMAP_LEVEL_PMD);
517 #else
518 WARN_ON_ONCE(true);
519 return -EBUSY;
520 #endif
521 }
522
__folio_try_share_anon_rmap(struct folio * folio,struct page * page,int nr_pages,enum rmap_level level)523 static __always_inline int __folio_try_share_anon_rmap(struct folio *folio,
524 struct page *page, int nr_pages, enum rmap_level level)
525 {
526 VM_WARN_ON_FOLIO(!folio_test_anon(folio), folio);
527 VM_WARN_ON_FOLIO(!PageAnonExclusive(page), folio);
528 __folio_rmap_sanity_checks(folio, page, nr_pages, level);
529
530 /* device private folios cannot get pinned via GUP. */
531 if (unlikely(folio_is_device_private(folio))) {
532 ClearPageAnonExclusive(page);
533 return 0;
534 }
535
536 /*
537 * We have to make sure that when we clear PageAnonExclusive, that
538 * the page is not pinned and that concurrent GUP-fast won't succeed in
539 * concurrently pinning the page.
540 *
541 * Conceptually, PageAnonExclusive clearing consists of:
542 * (A1) Clear PTE
543 * (A2) Check if the page is pinned; back off if so.
544 * (A3) Clear PageAnonExclusive
545 * (A4) Restore PTE (optional, but certainly not writable)
546 *
547 * When clearing PageAnonExclusive, we cannot possibly map the page
548 * writable again, because anon pages that may be shared must never
549 * be writable. So in any case, if the PTE was writable it cannot
550 * be writable anymore afterwards and there would be a PTE change. Only
551 * if the PTE wasn't writable, there might not be a PTE change.
552 *
553 * Conceptually, GUP-fast pinning of an anon page consists of:
554 * (B1) Read the PTE
555 * (B2) FOLL_WRITE: check if the PTE is not writable; back off if so.
556 * (B3) Pin the mapped page
557 * (B4) Check if the PTE changed by re-reading it; back off if so.
558 * (B5) If the original PTE is not writable, check if
559 * PageAnonExclusive is not set; back off if so.
560 *
561 * If the PTE was writable, we only have to make sure that GUP-fast
562 * observes a PTE change and properly backs off.
563 *
564 * If the PTE was not writable, we have to make sure that GUP-fast either
565 * detects a (temporary) PTE change or that PageAnonExclusive is cleared
566 * and properly backs off.
567 *
568 * Consequently, when clearing PageAnonExclusive(), we have to make
569 * sure that (A1), (A2)/(A3) and (A4) happen in the right memory
570 * order. In GUP-fast pinning code, we have to make sure that (B3),(B4)
571 * and (B5) happen in the right memory order.
572 *
573 * We assume that there might not be a memory barrier after
574 * clearing/invalidating the PTE (A1) and before restoring the PTE (A4),
575 * so we use explicit ones here.
576 */
577
578 /* Paired with the memory barrier in try_grab_folio(). */
579 if (IS_ENABLED(CONFIG_HAVE_GUP_FAST))
580 smp_mb();
581
582 if (unlikely(folio_maybe_dma_pinned(folio)))
583 return -EBUSY;
584 ClearPageAnonExclusive(page);
585
586 /*
587 * This is conceptually a smp_wmb() paired with the smp_rmb() in
588 * gup_must_unshare().
589 */
590 if (IS_ENABLED(CONFIG_HAVE_GUP_FAST))
591 smp_mb__after_atomic();
592 return 0;
593 }
594
595 /**
596 * folio_try_share_anon_rmap_pte - try marking an exclusive anonymous page
597 * mapped by a PTE possibly shared to prepare
598 * for KSM or temporary unmapping
599 * @folio: The folio to share a mapping of
600 * @page: The mapped exclusive page
601 *
602 * The caller needs to hold the page table lock and has to have the page table
603 * entries cleared/invalidated.
604 *
605 * This is similar to folio_try_dup_anon_rmap_pte(), however, not used during
606 * fork() to duplicate mappings, but instead to prepare for KSM or temporarily
607 * unmapping parts of a folio (swap, migration) via folio_remove_rmap_pte().
608 *
609 * Marking the mapped page shared can only fail if the folio maybe pinned;
610 * device private folios cannot get pinned and consequently this function cannot
611 * fail.
612 *
613 * Returns 0 if marking the mapped page possibly shared succeeded. Returns
614 * -EBUSY otherwise.
615 */
folio_try_share_anon_rmap_pte(struct folio * folio,struct page * page)616 static inline int folio_try_share_anon_rmap_pte(struct folio *folio,
617 struct page *page)
618 {
619 return __folio_try_share_anon_rmap(folio, page, 1, RMAP_LEVEL_PTE);
620 }
621
622 /**
623 * folio_try_share_anon_rmap_pmd - try marking an exclusive anonymous page
624 * range mapped by a PMD possibly shared to
625 * prepare for temporary unmapping
626 * @folio: The folio to share the mapping of
627 * @page: The first page to share the mapping of
628 *
629 * The page range of the folio is defined by [page, page + HPAGE_PMD_NR)
630 *
631 * The caller needs to hold the page table lock and has to have the page table
632 * entries cleared/invalidated.
633 *
634 * This is similar to folio_try_dup_anon_rmap_pmd(), however, not used during
635 * fork() to duplicate a mapping, but instead to prepare for temporarily
636 * unmapping parts of a folio (swap, migration) via folio_remove_rmap_pmd().
637 *
638 * Marking the mapped pages shared can only fail if the folio maybe pinned;
639 * device private folios cannot get pinned and consequently this function cannot
640 * fail.
641 *
642 * Returns 0 if marking the mapped pages possibly shared succeeded. Returns
643 * -EBUSY otherwise.
644 */
folio_try_share_anon_rmap_pmd(struct folio * folio,struct page * page)645 static inline int folio_try_share_anon_rmap_pmd(struct folio *folio,
646 struct page *page)
647 {
648 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
649 return __folio_try_share_anon_rmap(folio, page, HPAGE_PMD_NR,
650 RMAP_LEVEL_PMD);
651 #else
652 WARN_ON_ONCE(true);
653 return -EBUSY;
654 #endif
655 }
656
657 /*
658 * Called from mm/vmscan.c to handle paging out
659 */
660 int folio_referenced(struct folio *, int is_locked,
661 struct mem_cgroup *memcg, unsigned long *vm_flags);
662
663 void try_to_migrate(struct folio *folio, enum ttu_flags flags);
664 void try_to_unmap(struct folio *, enum ttu_flags flags);
665
666 int make_device_exclusive_range(struct mm_struct *mm, unsigned long start,
667 unsigned long end, struct page **pages,
668 void *arg);
669
670 /* Avoid racy checks */
671 #define PVMW_SYNC (1 << 0)
672 /* Look for migration entries rather than present PTEs */
673 #define PVMW_MIGRATION (1 << 1)
674
675 struct page_vma_mapped_walk {
676 unsigned long pfn;
677 unsigned long nr_pages;
678 pgoff_t pgoff;
679 struct vm_area_struct *vma;
680 unsigned long address;
681 pmd_t *pmd;
682 pte_t *pte;
683 spinlock_t *ptl;
684 unsigned int flags;
685 };
686
687 #define DEFINE_FOLIO_VMA_WALK(name, _folio, _vma, _address, _flags) \
688 struct page_vma_mapped_walk name = { \
689 .pfn = folio_pfn(_folio), \
690 .nr_pages = folio_nr_pages(_folio), \
691 .pgoff = folio_pgoff(_folio), \
692 .vma = _vma, \
693 .address = _address, \
694 .flags = _flags, \
695 }
696
page_vma_mapped_walk_done(struct page_vma_mapped_walk * pvmw)697 static inline void page_vma_mapped_walk_done(struct page_vma_mapped_walk *pvmw)
698 {
699 /* HugeTLB pte is set to the relevant page table entry without pte_mapped. */
700 if (pvmw->pte && !is_vm_hugetlb_page(pvmw->vma))
701 pte_unmap(pvmw->pte);
702 if (pvmw->ptl)
703 spin_unlock(pvmw->ptl);
704 }
705
706 /**
707 * page_vma_mapped_walk_restart - Restart the page table walk.
708 * @pvmw: Pointer to struct page_vma_mapped_walk.
709 *
710 * It restarts the page table walk when changes occur in the page
711 * table, such as splitting a PMD. Ensures that the PTL held during
712 * the previous walk is released and resets the state to allow for
713 * a new walk starting at the current address stored in pvmw->address.
714 */
715 static inline void
page_vma_mapped_walk_restart(struct page_vma_mapped_walk * pvmw)716 page_vma_mapped_walk_restart(struct page_vma_mapped_walk *pvmw)
717 {
718 WARN_ON_ONCE(!pvmw->pmd && !pvmw->pte);
719
720 if (likely(pvmw->ptl))
721 spin_unlock(pvmw->ptl);
722 else
723 WARN_ON_ONCE(1);
724
725 pvmw->ptl = NULL;
726 pvmw->pmd = NULL;
727 pvmw->pte = NULL;
728 }
729
730 bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw);
731
732 /*
733 * Used by swapoff to help locate where page is expected in vma.
734 */
735 unsigned long page_address_in_vma(struct page *, struct vm_area_struct *);
736
737 /*
738 * Cleans the PTEs of shared mappings.
739 * (and since clean PTEs should also be readonly, write protects them too)
740 *
741 * returns the number of cleaned PTEs.
742 */
743 int folio_mkclean(struct folio *);
744
745 int pfn_mkclean_range(unsigned long pfn, unsigned long nr_pages, pgoff_t pgoff,
746 struct vm_area_struct *vma);
747
748 enum rmp_flags {
749 RMP_LOCKED = 1 << 0,
750 RMP_USE_SHARED_ZEROPAGE = 1 << 1,
751 };
752
753 void remove_migration_ptes(struct folio *src, struct folio *dst, int flags);
754
755 /*
756 * rmap_walk_control: To control rmap traversing for specific needs
757 *
758 * arg: passed to rmap_one() and invalid_vma()
759 * try_lock: bail out if the rmap lock is contended
760 * contended: indicate the rmap traversal bailed out due to lock contention
761 * rmap_one: executed on each vma where page is mapped
762 * done: for checking traversing termination condition
763 * anon_lock: for getting anon_lock by optimized way rather than default
764 * invalid_vma: for skipping uninterested vma
765 */
766 struct rmap_walk_control {
767 void *arg;
768 bool try_lock;
769 bool contended;
770 /*
771 * Return false if page table scanning in rmap_walk should be stopped.
772 * Otherwise, return true.
773 */
774 bool (*rmap_one)(struct folio *folio, struct vm_area_struct *vma,
775 unsigned long addr, void *arg);
776 int (*done)(struct folio *folio);
777 struct anon_vma *(*anon_lock)(struct folio *folio,
778 struct rmap_walk_control *rwc);
779 bool (*invalid_vma)(struct vm_area_struct *vma, void *arg);
780 };
781
782 void rmap_walk(struct folio *folio, struct rmap_walk_control *rwc);
783 void rmap_walk_locked(struct folio *folio, struct rmap_walk_control *rwc);
784 struct anon_vma *folio_lock_anon_vma_read(struct folio *folio,
785 struct rmap_walk_control *rwc);
786
787 #else /* !CONFIG_MMU */
788
789 #define anon_vma_init() do {} while (0)
790 #define anon_vma_prepare(vma) (0)
791
folio_referenced(struct folio * folio,int is_locked,struct mem_cgroup * memcg,unsigned long * vm_flags)792 static inline int folio_referenced(struct folio *folio, int is_locked,
793 struct mem_cgroup *memcg,
794 unsigned long *vm_flags)
795 {
796 *vm_flags = 0;
797 return 0;
798 }
799
try_to_unmap(struct folio * folio,enum ttu_flags flags)800 static inline void try_to_unmap(struct folio *folio, enum ttu_flags flags)
801 {
802 }
803
folio_mkclean(struct folio * folio)804 static inline int folio_mkclean(struct folio *folio)
805 {
806 return 0;
807 }
808 #endif /* CONFIG_MMU */
809
810 #endif /* _LINUX_RMAP_H */
811