1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 1999 Linus Torvalds
6 * Copyright (C) 2002 Christoph Hellwig
9 #include <linux/mman.h>
10 #include <linux/pagemap.h>
11 #include <linux/syscalls.h>
12 #include <linux/mempolicy.h>
13 #include <linux/page-isolation.h>
14 #include <linux/page_idle.h>
15 #include <linux/userfaultfd_k.h>
16 #include <linux/hugetlb.h>
17 #include <linux/falloc.h>
18 #include <linux/fadvise.h>
19 #include <linux/sched.h>
20 #include <linux/sched/mm.h>
21 #include <linux/mm_inline.h>
22 #include <linux/string.h>
23 #include <linux/uio.h>
24 #include <linux/ksm.h>
26 #include <linux/file.h>
27 #include <linux/blkdev.h>
28 #include <linux/backing-dev.h>
29 #include <linux/pagewalk.h>
30 #include <linux/swap.h>
31 #include <linux/swapops.h>
32 #include <linux/shmem_fs.h>
33 #include <linux/mmu_notifier.h>
40 struct madvise_walk_private {
41 struct mmu_gather *tlb;
46 * Any behaviour which results in changes to the vma->vm_flags needs to
47 * take mmap_lock for writing. Others, which simply traverse vmas, need
48 * to only take it for reading.
50 static int madvise_need_mmap_write(int behavior)
56 case MADV_DONTNEED_LOCKED:
60 case MADV_POPULATE_READ:
61 case MADV_POPULATE_WRITE:
65 /* be safe, default to 1. list exceptions explicitly */
70 #ifdef CONFIG_ANON_VMA_NAME
71 struct anon_vma_name *anon_vma_name_alloc(const char *name)
73 struct anon_vma_name *anon_name;
76 /* Add 1 for NUL terminator at the end of the anon_name->name */
77 count = strlen(name) + 1;
78 anon_name = kmalloc(struct_size(anon_name, name, count), GFP_KERNEL);
80 kref_init(&anon_name->kref);
81 memcpy(anon_name->name, name, count);
87 void anon_vma_name_free(struct kref *kref)
89 struct anon_vma_name *anon_name =
90 container_of(kref, struct anon_vma_name, kref);
94 struct anon_vma_name *anon_vma_name(struct vm_area_struct *vma)
96 mmap_assert_locked(vma->vm_mm);
98 return vma->anon_name;
101 /* mmap_lock should be write-locked */
102 static int replace_anon_vma_name(struct vm_area_struct *vma,
103 struct anon_vma_name *anon_name)
105 struct anon_vma_name *orig_name = anon_vma_name(vma);
108 vma->anon_name = NULL;
109 anon_vma_name_put(orig_name);
113 if (anon_vma_name_eq(orig_name, anon_name))
116 vma->anon_name = anon_vma_name_reuse(anon_name);
117 anon_vma_name_put(orig_name);
121 #else /* CONFIG_ANON_VMA_NAME */
122 static int replace_anon_vma_name(struct vm_area_struct *vma,
123 struct anon_vma_name *anon_name)
130 #endif /* CONFIG_ANON_VMA_NAME */
132 * Update the vm_flags on region of a vma, splitting it or merging it as
133 * necessary. Must be called with mmap_lock held for writing;
134 * Caller should ensure anon_name stability by raising its refcount even when
135 * anon_name belongs to a valid vma because this function might free that vma.
137 static int madvise_update_vma(struct vm_area_struct *vma,
138 struct vm_area_struct **prev, unsigned long start,
139 unsigned long end, unsigned long new_flags,
140 struct anon_vma_name *anon_name)
142 struct mm_struct *mm = vma->vm_mm;
145 VMA_ITERATOR(vmi, mm, start);
147 if (new_flags == vma->vm_flags && anon_vma_name_eq(anon_vma_name(vma), anon_name)) {
152 pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
153 *prev = vma_merge(&vmi, mm, *prev, start, end, new_flags,
154 vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
155 vma->vm_userfaultfd_ctx, anon_name);
163 if (start != vma->vm_start) {
164 error = split_vma(&vmi, vma, start, 1);
169 if (end != vma->vm_end) {
170 error = split_vma(&vmi, vma, end, 0);
177 * vm_flags is protected by the mmap_lock held in write mode.
179 vm_flags_reset(vma, new_flags);
180 if (!vma->vm_file || vma_is_anon_shmem(vma)) {
181 error = replace_anon_vma_name(vma, anon_name);
190 static int swapin_walk_pmd_entry(pmd_t *pmd, unsigned long start,
191 unsigned long end, struct mm_walk *walk)
193 struct vm_area_struct *vma = walk->private;
194 struct swap_iocb *splug = NULL;
199 for (addr = start; addr < end; addr += PAGE_SIZE) {
205 ptep = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
210 pte = ptep_get(ptep);
211 if (!is_swap_pte(pte))
213 entry = pte_to_swp_entry(pte);
214 if (unlikely(non_swap_entry(entry)))
217 pte_unmap_unlock(ptep, ptl);
220 page = read_swap_cache_async(entry, GFP_HIGHUSER_MOVABLE,
221 vma, addr, false, &splug);
227 pte_unmap_unlock(ptep, ptl);
228 swap_read_unplug(splug);
234 static const struct mm_walk_ops swapin_walk_ops = {
235 .pmd_entry = swapin_walk_pmd_entry,
236 .walk_lock = PGWALK_RDLOCK,
239 static void shmem_swapin_range(struct vm_area_struct *vma,
240 unsigned long start, unsigned long end,
241 struct address_space *mapping)
243 XA_STATE(xas, &mapping->i_pages, linear_page_index(vma, start));
244 pgoff_t end_index = linear_page_index(vma, end) - 1;
246 struct swap_iocb *splug = NULL;
249 xas_for_each(&xas, page, end_index) {
253 if (!xa_is_value(page))
255 entry = radix_to_swp_entry(page);
256 /* There might be swapin error entries in shmem mapping. */
257 if (non_swap_entry(entry))
260 addr = vma->vm_start +
261 ((xas.xa_index - vma->vm_pgoff) << PAGE_SHIFT);
265 page = read_swap_cache_async(entry, mapping_gfp_mask(mapping),
266 vma, addr, false, &splug);
273 swap_read_unplug(splug);
275 #endif /* CONFIG_SWAP */
278 * Schedule all required I/O operations. Do not wait for completion.
280 static long madvise_willneed(struct vm_area_struct *vma,
281 struct vm_area_struct **prev,
282 unsigned long start, unsigned long end)
284 struct mm_struct *mm = vma->vm_mm;
285 struct file *file = vma->vm_file;
291 walk_page_range(vma->vm_mm, start, end, &swapin_walk_ops, vma);
292 lru_add_drain(); /* Push any new pages onto the LRU now */
296 if (shmem_mapping(file->f_mapping)) {
297 shmem_swapin_range(vma, start, end, file->f_mapping);
298 lru_add_drain(); /* Push any new pages onto the LRU now */
306 if (IS_DAX(file_inode(file))) {
307 /* no bad return value, but ignore advice */
312 * Filesystem's fadvise may need to take various locks. We need to
313 * explicitly grab a reference because the vma (and hence the
314 * vma's reference to the file) can go away as soon as we drop
317 *prev = NULL; /* tell sys_madvise we drop mmap_lock */
319 offset = (loff_t)(start - vma->vm_start)
320 + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
321 mmap_read_unlock(mm);
322 vfs_fadvise(file, offset, end - start, POSIX_FADV_WILLNEED);
328 static inline bool can_do_file_pageout(struct vm_area_struct *vma)
333 * paging out pagecache only for non-anonymous mappings that correspond
334 * to the files the calling process could (if tried) open for writing;
335 * otherwise we'd be including shared non-exclusive mappings, which
336 * opens a side channel.
338 return inode_owner_or_capable(&nop_mnt_idmap,
339 file_inode(vma->vm_file)) ||
340 file_permission(vma->vm_file, MAY_WRITE) == 0;
343 static int madvise_cold_or_pageout_pte_range(pmd_t *pmd,
344 unsigned long addr, unsigned long end,
345 struct mm_walk *walk)
347 struct madvise_walk_private *private = walk->private;
348 struct mmu_gather *tlb = private->tlb;
349 bool pageout = private->pageout;
350 struct mm_struct *mm = tlb->mm;
351 struct vm_area_struct *vma = walk->vma;
352 pte_t *start_pte, *pte, ptent;
354 struct folio *folio = NULL;
355 LIST_HEAD(folio_list);
356 bool pageout_anon_only_filter;
358 if (fatal_signal_pending(current))
361 pageout_anon_only_filter = pageout && !vma_is_anonymous(vma) &&
362 !can_do_file_pageout(vma);
364 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
365 if (pmd_trans_huge(*pmd)) {
367 unsigned long next = pmd_addr_end(addr, end);
369 tlb_change_page_size(tlb, HPAGE_PMD_SIZE);
370 ptl = pmd_trans_huge_lock(pmd, vma);
375 if (is_huge_zero_pmd(orig_pmd))
378 if (unlikely(!pmd_present(orig_pmd))) {
379 VM_BUG_ON(thp_migration_supported() &&
380 !is_pmd_migration_entry(orig_pmd));
384 folio = pfn_folio(pmd_pfn(orig_pmd));
386 /* Do not interfere with other mappings of this folio */
387 if (folio_estimated_sharers(folio) != 1)
390 if (pageout_anon_only_filter && !folio_test_anon(folio))
393 if (next - addr != HPAGE_PMD_SIZE) {
399 err = split_folio(folio);
407 if (pmd_young(orig_pmd)) {
408 pmdp_invalidate(vma, addr, pmd);
409 orig_pmd = pmd_mkold(orig_pmd);
411 set_pmd_at(mm, addr, pmd, orig_pmd);
412 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
415 folio_clear_referenced(folio);
416 folio_test_clear_young(folio);
418 if (folio_isolate_lru(folio)) {
419 if (folio_test_unevictable(folio))
420 folio_putback_lru(folio);
422 list_add(&folio->lru, &folio_list);
425 folio_deactivate(folio);
429 reclaim_pages(&folio_list);
435 tlb_change_page_size(tlb, PAGE_SIZE);
436 start_pte = pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
439 flush_tlb_batched_pending(mm);
440 arch_enter_lazy_mmu_mode();
441 for (; addr < end; pte++, addr += PAGE_SIZE) {
442 ptent = ptep_get(pte);
447 if (!pte_present(ptent))
450 folio = vm_normal_folio(vma, addr, ptent);
451 if (!folio || folio_is_zone_device(folio))
455 * Creating a THP page is expensive so split it only if we
456 * are sure it's worth. Split it if we are only owner.
458 if (folio_test_large(folio)) {
461 if (folio_estimated_sharers(folio) != 1)
463 if (pageout_anon_only_filter && !folio_test_anon(folio))
465 if (!folio_trylock(folio))
468 arch_leave_lazy_mmu_mode();
469 pte_unmap_unlock(start_pte, ptl);
471 err = split_folio(folio);
477 pte_offset_map_lock(mm, pmd, addr, &ptl);
480 arch_enter_lazy_mmu_mode();
487 * Do not interfere with other mappings of this folio and
490 if (!folio_test_lru(folio) || folio_mapcount(folio) != 1)
493 if (pageout_anon_only_filter && !folio_test_anon(folio))
496 VM_BUG_ON_FOLIO(folio_test_large(folio), folio);
498 if (pte_young(ptent)) {
499 ptent = ptep_get_and_clear_full(mm, addr, pte,
501 ptent = pte_mkold(ptent);
502 set_pte_at(mm, addr, pte, ptent);
503 tlb_remove_tlb_entry(tlb, pte, addr);
507 * We are deactivating a folio for accelerating reclaiming.
508 * VM couldn't reclaim the folio unless we clear PG_young.
509 * As a side effect, it makes confuse idle-page tracking
510 * because they will miss recent referenced history.
512 folio_clear_referenced(folio);
513 folio_test_clear_young(folio);
515 if (folio_isolate_lru(folio)) {
516 if (folio_test_unevictable(folio))
517 folio_putback_lru(folio);
519 list_add(&folio->lru, &folio_list);
522 folio_deactivate(folio);
526 arch_leave_lazy_mmu_mode();
527 pte_unmap_unlock(start_pte, ptl);
530 reclaim_pages(&folio_list);
536 static const struct mm_walk_ops cold_walk_ops = {
537 .pmd_entry = madvise_cold_or_pageout_pte_range,
538 .walk_lock = PGWALK_RDLOCK,
541 static void madvise_cold_page_range(struct mmu_gather *tlb,
542 struct vm_area_struct *vma,
543 unsigned long addr, unsigned long end)
545 struct madvise_walk_private walk_private = {
550 tlb_start_vma(tlb, vma);
551 walk_page_range(vma->vm_mm, addr, end, &cold_walk_ops, &walk_private);
552 tlb_end_vma(tlb, vma);
555 static inline bool can_madv_lru_vma(struct vm_area_struct *vma)
557 return !(vma->vm_flags & (VM_LOCKED|VM_PFNMAP|VM_HUGETLB));
560 static long madvise_cold(struct vm_area_struct *vma,
561 struct vm_area_struct **prev,
562 unsigned long start_addr, unsigned long end_addr)
564 struct mm_struct *mm = vma->vm_mm;
565 struct mmu_gather tlb;
568 if (!can_madv_lru_vma(vma))
572 tlb_gather_mmu(&tlb, mm);
573 madvise_cold_page_range(&tlb, vma, start_addr, end_addr);
574 tlb_finish_mmu(&tlb);
579 static void madvise_pageout_page_range(struct mmu_gather *tlb,
580 struct vm_area_struct *vma,
581 unsigned long addr, unsigned long end)
583 struct madvise_walk_private walk_private = {
588 tlb_start_vma(tlb, vma);
589 walk_page_range(vma->vm_mm, addr, end, &cold_walk_ops, &walk_private);
590 tlb_end_vma(tlb, vma);
593 static long madvise_pageout(struct vm_area_struct *vma,
594 struct vm_area_struct **prev,
595 unsigned long start_addr, unsigned long end_addr)
597 struct mm_struct *mm = vma->vm_mm;
598 struct mmu_gather tlb;
601 if (!can_madv_lru_vma(vma))
605 * If the VMA belongs to a private file mapping, there can be private
606 * dirty pages which can be paged out if even this process is neither
607 * owner nor write capable of the file. We allow private file mappings
608 * further to pageout dirty anon pages.
610 if (!vma_is_anonymous(vma) && (!can_do_file_pageout(vma) &&
611 (vma->vm_flags & VM_MAYSHARE)))
615 tlb_gather_mmu(&tlb, mm);
616 madvise_pageout_page_range(&tlb, vma, start_addr, end_addr);
617 tlb_finish_mmu(&tlb);
622 static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
623 unsigned long end, struct mm_walk *walk)
626 struct mmu_gather *tlb = walk->private;
627 struct mm_struct *mm = tlb->mm;
628 struct vm_area_struct *vma = walk->vma;
630 pte_t *start_pte, *pte, ptent;
635 next = pmd_addr_end(addr, end);
636 if (pmd_trans_huge(*pmd))
637 if (madvise_free_huge_pmd(tlb, vma, pmd, addr, next))
640 tlb_change_page_size(tlb, PAGE_SIZE);
641 start_pte = pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
644 flush_tlb_batched_pending(mm);
645 arch_enter_lazy_mmu_mode();
646 for (; addr != end; pte++, addr += PAGE_SIZE) {
647 ptent = ptep_get(pte);
652 * If the pte has swp_entry, just clear page table to
653 * prevent swap-in which is more expensive rather than
654 * (page allocation + zeroing).
656 if (!pte_present(ptent)) {
659 entry = pte_to_swp_entry(ptent);
660 if (!non_swap_entry(entry)) {
662 free_swap_and_cache(entry);
663 pte_clear_not_present_full(mm, addr, pte, tlb->fullmm);
664 } else if (is_hwpoison_entry(entry) ||
665 is_swapin_error_entry(entry)) {
666 pte_clear_not_present_full(mm, addr, pte, tlb->fullmm);
671 folio = vm_normal_folio(vma, addr, ptent);
672 if (!folio || folio_is_zone_device(folio))
676 * If pmd isn't transhuge but the folio is large and
677 * is owned by only this process, split it and
678 * deactivate all pages.
680 if (folio_test_large(folio)) {
683 if (folio_estimated_sharers(folio) != 1)
685 if (!folio_trylock(folio))
688 arch_leave_lazy_mmu_mode();
689 pte_unmap_unlock(start_pte, ptl);
691 err = split_folio(folio);
697 pte_offset_map_lock(mm, pmd, addr, &ptl);
700 arch_enter_lazy_mmu_mode();
706 if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
707 if (!folio_trylock(folio))
710 * If folio is shared with others, we mustn't clear
711 * the folio's dirty flag.
713 if (folio_mapcount(folio) != 1) {
718 if (folio_test_swapcache(folio) &&
719 !folio_free_swap(folio)) {
724 folio_clear_dirty(folio);
728 if (pte_young(ptent) || pte_dirty(ptent)) {
730 * Some of architecture(ex, PPC) don't update TLB
731 * with set_pte_at and tlb_remove_tlb_entry so for
732 * the portability, remap the pte with old|clean
733 * after pte clearing.
735 ptent = ptep_get_and_clear_full(mm, addr, pte,
738 ptent = pte_mkold(ptent);
739 ptent = pte_mkclean(ptent);
740 set_pte_at(mm, addr, pte, ptent);
741 tlb_remove_tlb_entry(tlb, pte, addr);
743 folio_mark_lazyfree(folio);
747 if (current->mm == mm)
749 add_mm_counter(mm, MM_SWAPENTS, nr_swap);
752 arch_leave_lazy_mmu_mode();
753 pte_unmap_unlock(start_pte, ptl);
760 static const struct mm_walk_ops madvise_free_walk_ops = {
761 .pmd_entry = madvise_free_pte_range,
762 .walk_lock = PGWALK_RDLOCK,
765 static int madvise_free_single_vma(struct vm_area_struct *vma,
766 unsigned long start_addr, unsigned long end_addr)
768 struct mm_struct *mm = vma->vm_mm;
769 struct mmu_notifier_range range;
770 struct mmu_gather tlb;
772 /* MADV_FREE works for only anon vma at the moment */
773 if (!vma_is_anonymous(vma))
776 range.start = max(vma->vm_start, start_addr);
777 if (range.start >= vma->vm_end)
779 range.end = min(vma->vm_end, end_addr);
780 if (range.end <= vma->vm_start)
782 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm,
783 range.start, range.end);
786 tlb_gather_mmu(&tlb, mm);
787 update_hiwater_rss(mm);
789 mmu_notifier_invalidate_range_start(&range);
790 tlb_start_vma(&tlb, vma);
791 walk_page_range(vma->vm_mm, range.start, range.end,
792 &madvise_free_walk_ops, &tlb);
793 tlb_end_vma(&tlb, vma);
794 mmu_notifier_invalidate_range_end(&range);
795 tlb_finish_mmu(&tlb);
801 * Application no longer needs these pages. If the pages are dirty,
802 * it's OK to just throw them away. The app will be more careful about
803 * data it wants to keep. Be sure to free swap resources too. The
804 * zap_page_range_single call sets things up for shrink_active_list to actually
805 * free these pages later if no one else has touched them in the meantime,
806 * although we could add these pages to a global reuse list for
807 * shrink_active_list to pick up before reclaiming other pages.
809 * NB: This interface discards data rather than pushes it out to swap,
810 * as some implementations do. This has performance implications for
811 * applications like large transactional databases which want to discard
812 * pages in anonymous maps after committing to backing store the data
813 * that was kept in them. There is no reason to write this data out to
814 * the swap area if the application is discarding it.
816 * An interface that causes the system to free clean pages and flush
817 * dirty pages is already available as msync(MS_INVALIDATE).
819 static long madvise_dontneed_single_vma(struct vm_area_struct *vma,
820 unsigned long start, unsigned long end)
822 zap_page_range_single(vma, start, end - start, NULL);
826 static bool madvise_dontneed_free_valid_vma(struct vm_area_struct *vma,
831 if (!is_vm_hugetlb_page(vma)) {
832 unsigned int forbidden = VM_PFNMAP;
834 if (behavior != MADV_DONTNEED_LOCKED)
835 forbidden |= VM_LOCKED;
837 return !(vma->vm_flags & forbidden);
840 if (behavior != MADV_DONTNEED && behavior != MADV_DONTNEED_LOCKED)
842 if (start & ~huge_page_mask(hstate_vma(vma)))
846 * Madvise callers expect the length to be rounded up to PAGE_SIZE
847 * boundaries, and may be unaware that this VMA uses huge pages.
848 * Avoid unexpected data loss by rounding down the number of
851 *end = ALIGN_DOWN(*end, huge_page_size(hstate_vma(vma)));
856 static long madvise_dontneed_free(struct vm_area_struct *vma,
857 struct vm_area_struct **prev,
858 unsigned long start, unsigned long end,
861 struct mm_struct *mm = vma->vm_mm;
864 if (!madvise_dontneed_free_valid_vma(vma, start, &end, behavior))
870 if (!userfaultfd_remove(vma, start, end)) {
871 *prev = NULL; /* mmap_lock has been dropped, prev is stale */
874 vma = vma_lookup(mm, start);
878 * Potential end adjustment for hugetlb vma is OK as
879 * the check below keeps end within vma.
881 if (!madvise_dontneed_free_valid_vma(vma, start, &end,
884 if (end > vma->vm_end) {
886 * Don't fail if end > vma->vm_end. If the old
887 * vma was split while the mmap_lock was
888 * released the effect of the concurrent
889 * operation may not cause madvise() to
890 * have an undefined result. There may be an
891 * adjacent next vma that we'll walk
892 * next. userfaultfd_remove() will generate an
893 * UFFD_EVENT_REMOVE repetition on the
894 * end-vma->vm_end range, but the manager can
895 * handle a repetition fine.
899 VM_WARN_ON(start >= end);
902 if (behavior == MADV_DONTNEED || behavior == MADV_DONTNEED_LOCKED)
903 return madvise_dontneed_single_vma(vma, start, end);
904 else if (behavior == MADV_FREE)
905 return madvise_free_single_vma(vma, start, end);
910 static long madvise_populate(struct vm_area_struct *vma,
911 struct vm_area_struct **prev,
912 unsigned long start, unsigned long end,
915 const bool write = behavior == MADV_POPULATE_WRITE;
916 struct mm_struct *mm = vma->vm_mm;
917 unsigned long tmp_end;
923 while (start < end) {
925 * We might have temporarily dropped the lock. For example,
926 * our VMA might have been split.
928 if (!vma || start >= vma->vm_end) {
929 vma = vma_lookup(mm, start);
934 tmp_end = min_t(unsigned long, end, vma->vm_end);
935 /* Populate (prefault) page tables readable/writable. */
936 pages = faultin_vma_page_range(vma, start, tmp_end, write,
948 case -EINVAL: /* Incompatible mappings / permissions. */
952 case -EFAULT: /* VM_FAULT_SIGBUS or VM_FAULT_SIGSEGV */
955 pr_warn_once("%s: unhandled return value: %ld\n",
962 start += pages * PAGE_SIZE;
968 * Application wants to free up the pages and associated backing store.
969 * This is effectively punching a hole into the middle of a file.
971 static long madvise_remove(struct vm_area_struct *vma,
972 struct vm_area_struct **prev,
973 unsigned long start, unsigned long end)
978 struct mm_struct *mm = vma->vm_mm;
980 *prev = NULL; /* tell sys_madvise we drop mmap_lock */
982 if (vma->vm_flags & VM_LOCKED)
987 if (!f || !f->f_mapping || !f->f_mapping->host) {
991 if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
994 offset = (loff_t)(start - vma->vm_start)
995 + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
998 * Filesystem's fallocate may need to take i_rwsem. We need to
999 * explicitly grab a reference because the vma (and hence the
1000 * vma's reference to the file) can go away as soon as we drop
1004 if (userfaultfd_remove(vma, start, end)) {
1005 /* mmap_lock was not released by userfaultfd_remove() */
1006 mmap_read_unlock(mm);
1008 error = vfs_fallocate(f,
1009 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
1010 offset, end - start);
1017 * Apply an madvise behavior to a region of a vma. madvise_update_vma
1018 * will handle splitting a vm area into separate areas, each area with its own
1021 static int madvise_vma_behavior(struct vm_area_struct *vma,
1022 struct vm_area_struct **prev,
1023 unsigned long start, unsigned long end,
1024 unsigned long behavior)
1027 struct anon_vma_name *anon_name;
1028 unsigned long new_flags = vma->vm_flags;
1032 return madvise_remove(vma, prev, start, end);
1034 return madvise_willneed(vma, prev, start, end);
1036 return madvise_cold(vma, prev, start, end);
1038 return madvise_pageout(vma, prev, start, end);
1041 case MADV_DONTNEED_LOCKED:
1042 return madvise_dontneed_free(vma, prev, start, end, behavior);
1043 case MADV_POPULATE_READ:
1044 case MADV_POPULATE_WRITE:
1045 return madvise_populate(vma, prev, start, end, behavior);
1047 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
1049 case MADV_SEQUENTIAL:
1050 new_flags = (new_flags & ~VM_RAND_READ) | VM_SEQ_READ;
1053 new_flags = (new_flags & ~VM_SEQ_READ) | VM_RAND_READ;
1056 new_flags |= VM_DONTCOPY;
1059 if (vma->vm_flags & VM_IO)
1061 new_flags &= ~VM_DONTCOPY;
1063 case MADV_WIPEONFORK:
1064 /* MADV_WIPEONFORK is only supported on anonymous memory. */
1065 if (vma->vm_file || vma->vm_flags & VM_SHARED)
1067 new_flags |= VM_WIPEONFORK;
1069 case MADV_KEEPONFORK:
1070 new_flags &= ~VM_WIPEONFORK;
1073 new_flags |= VM_DONTDUMP;
1076 if (!is_vm_hugetlb_page(vma) && new_flags & VM_SPECIAL)
1078 new_flags &= ~VM_DONTDUMP;
1080 case MADV_MERGEABLE:
1081 case MADV_UNMERGEABLE:
1082 error = ksm_madvise(vma, start, end, behavior, &new_flags);
1087 case MADV_NOHUGEPAGE:
1088 error = hugepage_madvise(vma, &new_flags, behavior);
1093 return madvise_collapse(vma, prev, start, end);
1096 anon_name = anon_vma_name(vma);
1097 anon_vma_name_get(anon_name);
1098 error = madvise_update_vma(vma, prev, start, end, new_flags,
1100 anon_vma_name_put(anon_name);
1104 * madvise() returns EAGAIN if kernel resources, such as
1105 * slab, are temporarily unavailable.
1107 if (error == -ENOMEM)
1112 #ifdef CONFIG_MEMORY_FAILURE
1114 * Error injection support for memory error handling.
1116 static int madvise_inject_error(int behavior,
1117 unsigned long start, unsigned long end)
1121 if (!capable(CAP_SYS_ADMIN))
1125 for (; start < end; start += size) {
1130 ret = get_user_pages_fast(start, 1, 0, &page);
1133 pfn = page_to_pfn(page);
1136 * When soft offlining hugepages, after migrating the page
1137 * we dissolve it, therefore in the second loop "page" will
1138 * no longer be a compound page.
1140 size = page_size(compound_head(page));
1142 if (behavior == MADV_SOFT_OFFLINE) {
1143 pr_info("Soft offlining pfn %#lx at process virtual address %#lx\n",
1145 ret = soft_offline_page(pfn, MF_COUNT_INCREASED);
1147 pr_info("Injecting memory failure for pfn %#lx at process virtual address %#lx\n",
1149 ret = memory_failure(pfn, MF_COUNT_INCREASED | MF_SW_SIMULATED);
1150 if (ret == -EOPNOTSUPP)
1163 madvise_behavior_valid(int behavior)
1169 case MADV_SEQUENTIAL:
1174 case MADV_DONTNEED_LOCKED:
1178 case MADV_POPULATE_READ:
1179 case MADV_POPULATE_WRITE:
1181 case MADV_MERGEABLE:
1182 case MADV_UNMERGEABLE:
1184 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
1186 case MADV_NOHUGEPAGE:
1191 case MADV_WIPEONFORK:
1192 case MADV_KEEPONFORK:
1193 #ifdef CONFIG_MEMORY_FAILURE
1194 case MADV_SOFT_OFFLINE:
1204 static bool process_madvise_behavior_valid(int behavior)
1218 * Walk the vmas in range [start,end), and call the visit function on each one.
1219 * The visit function will get start and end parameters that cover the overlap
1220 * between the current vma and the original range. Any unmapped regions in the
1221 * original range will result in this function returning -ENOMEM while still
1222 * calling the visit function on all of the existing vmas in the range.
1223 * Must be called with the mmap_lock held for reading or writing.
1226 int madvise_walk_vmas(struct mm_struct *mm, unsigned long start,
1227 unsigned long end, unsigned long arg,
1228 int (*visit)(struct vm_area_struct *vma,
1229 struct vm_area_struct **prev, unsigned long start,
1230 unsigned long end, unsigned long arg))
1232 struct vm_area_struct *vma;
1233 struct vm_area_struct *prev;
1235 int unmapped_error = 0;
1238 * If the interval [start,end) covers some unmapped address
1239 * ranges, just ignore them, but return -ENOMEM at the end.
1240 * - different from the way of handling in mlock etc.
1242 vma = find_vma_prev(mm, start, &prev);
1243 if (vma && start > vma->vm_start)
1249 /* Still start < end. */
1253 /* Here start < (end|vma->vm_end). */
1254 if (start < vma->vm_start) {
1255 unmapped_error = -ENOMEM;
1256 start = vma->vm_start;
1261 /* Here vma->vm_start <= start < (end|vma->vm_end) */
1266 /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */
1267 error = visit(vma, &prev, start, tmp, arg);
1271 if (prev && start < prev->vm_end)
1272 start = prev->vm_end;
1276 vma = find_vma(mm, prev->vm_end);
1277 else /* madvise_remove dropped mmap_lock */
1278 vma = find_vma(mm, start);
1281 return unmapped_error;
1284 #ifdef CONFIG_ANON_VMA_NAME
1285 static int madvise_vma_anon_name(struct vm_area_struct *vma,
1286 struct vm_area_struct **prev,
1287 unsigned long start, unsigned long end,
1288 unsigned long anon_name)
1292 /* Only anonymous mappings can be named */
1293 if (vma->vm_file && !vma_is_anon_shmem(vma))
1296 error = madvise_update_vma(vma, prev, start, end, vma->vm_flags,
1297 (struct anon_vma_name *)anon_name);
1300 * madvise() returns EAGAIN if kernel resources, such as
1301 * slab, are temporarily unavailable.
1303 if (error == -ENOMEM)
1308 int madvise_set_anon_name(struct mm_struct *mm, unsigned long start,
1309 unsigned long len_in, struct anon_vma_name *anon_name)
1314 if (start & ~PAGE_MASK)
1316 len = (len_in + ~PAGE_MASK) & PAGE_MASK;
1318 /* Check to see whether len was rounded up from small -ve to zero */
1329 return madvise_walk_vmas(mm, start, end, (unsigned long)anon_name,
1330 madvise_vma_anon_name);
1332 #endif /* CONFIG_ANON_VMA_NAME */
1334 * The madvise(2) system call.
1336 * Applications can use madvise() to advise the kernel how it should
1337 * handle paging I/O in this VM area. The idea is to help the kernel
1338 * use appropriate read-ahead and caching techniques. The information
1339 * provided is advisory only, and can be safely disregarded by the
1340 * kernel without affecting the correct operation of the application.
1343 * MADV_NORMAL - the default behavior is to read clusters. This
1344 * results in some read-ahead and read-behind.
1345 * MADV_RANDOM - the system should read the minimum amount of data
1346 * on any access, since it is unlikely that the appli-
1347 * cation will need more than what it asks for.
1348 * MADV_SEQUENTIAL - pages in the given range will probably be accessed
1349 * once, so they can be aggressively read ahead, and
1350 * can be freed soon after they are accessed.
1351 * MADV_WILLNEED - the application is notifying the system to read
1353 * MADV_DONTNEED - the application is finished with the given range,
1354 * so the kernel can free resources associated with it.
1355 * MADV_FREE - the application marks pages in the given range as lazy free,
1356 * where actual purges are postponed until memory pressure happens.
1357 * MADV_REMOVE - the application wants to free up the given range of
1358 * pages and associated backing store.
1359 * MADV_DONTFORK - omit this area from child's address space when forking:
1360 * typically, to avoid COWing pages pinned by get_user_pages().
1361 * MADV_DOFORK - cancel MADV_DONTFORK: no longer omit this area when forking.
1362 * MADV_WIPEONFORK - present the child process with zero-filled memory in this
1363 * range after a fork.
1364 * MADV_KEEPONFORK - undo the effect of MADV_WIPEONFORK
1365 * MADV_HWPOISON - trigger memory error handler as if the given memory range
1366 * were corrupted by unrecoverable hardware memory failure.
1367 * MADV_SOFT_OFFLINE - try to soft-offline the given range of memory.
1368 * MADV_MERGEABLE - the application recommends that KSM try to merge pages in
1369 * this area with pages of identical content from other such areas.
1370 * MADV_UNMERGEABLE- cancel MADV_MERGEABLE: no longer merge pages with others.
1371 * MADV_HUGEPAGE - the application wants to back the given range by transparent
1372 * huge pages in the future. Existing pages might be coalesced and
1373 * new pages might be allocated as THP.
1374 * MADV_NOHUGEPAGE - mark the given range as not worth being backed by
1375 * transparent huge pages so the existing pages will not be
1376 * coalesced into THP and new pages will not be allocated as THP.
1377 * MADV_COLLAPSE - synchronously coalesce pages into new THP.
1378 * MADV_DONTDUMP - the application wants to prevent pages in the given range
1379 * from being included in its core dump.
1380 * MADV_DODUMP - cancel MADV_DONTDUMP: no longer exclude from core dump.
1381 * MADV_COLD - the application is not expected to use this memory soon,
1382 * deactivate pages in this range so that they can be reclaimed
1383 * easily if memory pressure happens.
1384 * MADV_PAGEOUT - the application is not expected to use this memory soon,
1385 * page out the pages in this range immediately.
1386 * MADV_POPULATE_READ - populate (prefault) page tables readable by
1387 * triggering read faults if required
1388 * MADV_POPULATE_WRITE - populate (prefault) page tables writable by
1389 * triggering write faults if required
1393 * -EINVAL - start + len < 0, start is not page-aligned,
1394 * "behavior" is not a valid value, or application
1395 * is attempting to release locked or shared pages,
1396 * or the specified address range includes file, Huge TLB,
1397 * MAP_SHARED or VMPFNMAP range.
1398 * -ENOMEM - addresses in the specified range are not currently
1399 * mapped, or are outside the AS of the process.
1400 * -EIO - an I/O error occurred while paging in data.
1401 * -EBADF - map exists, but area maps something that isn't a file.
1402 * -EAGAIN - a kernel resource was temporarily unavailable.
1404 int do_madvise(struct mm_struct *mm, unsigned long start, size_t len_in, int behavior)
1410 struct blk_plug plug;
1412 if (!madvise_behavior_valid(behavior))
1415 if (!PAGE_ALIGNED(start))
1417 len = PAGE_ALIGN(len_in);
1419 /* Check to see whether len was rounded up from small -ve to zero */
1430 #ifdef CONFIG_MEMORY_FAILURE
1431 if (behavior == MADV_HWPOISON || behavior == MADV_SOFT_OFFLINE)
1432 return madvise_inject_error(behavior, start, start + len_in);
1435 write = madvise_need_mmap_write(behavior);
1437 if (mmap_write_lock_killable(mm))
1443 start = untagged_addr_remote(mm, start);
1446 blk_start_plug(&plug);
1447 error = madvise_walk_vmas(mm, start, end, behavior,
1448 madvise_vma_behavior);
1449 blk_finish_plug(&plug);
1451 mmap_write_unlock(mm);
1453 mmap_read_unlock(mm);
1458 SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
1460 return do_madvise(current->mm, start, len_in, behavior);
1463 SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec,
1464 size_t, vlen, int, behavior, unsigned int, flags)
1467 struct iovec iovstack[UIO_FASTIOV];
1468 struct iovec *iov = iovstack;
1469 struct iov_iter iter;
1470 struct task_struct *task;
1471 struct mm_struct *mm;
1473 unsigned int f_flags;
1480 ret = import_iovec(ITER_DEST, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
1484 task = pidfd_get_task(pidfd, &f_flags);
1486 ret = PTR_ERR(task);
1490 if (!process_madvise_behavior_valid(behavior)) {
1495 /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */
1496 mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
1497 if (IS_ERR_OR_NULL(mm)) {
1498 ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
1503 * Require CAP_SYS_NICE for influencing process performance. Note that
1504 * only non-destructive hints are currently supported.
1506 if (!capable(CAP_SYS_NICE)) {
1511 total_len = iov_iter_count(&iter);
1513 while (iov_iter_count(&iter)) {
1514 ret = do_madvise(mm, (unsigned long)iter_iov_addr(&iter),
1515 iter_iov_len(&iter), behavior);
1518 iov_iter_advance(&iter, iter_iov_len(&iter));
1521 ret = (total_len - iov_iter_count(&iter)) ? : ret;
1526 put_task_struct(task);
OSDN Git Service
