2 * Copyright (C) 2009 Red Hat, Inc.
4 * This work is licensed under the terms of the GNU GPL, version 2. See
5 * the COPYING file in the top-level directory.
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 #include <linux/sched.h>
12 #include <linux/highmem.h>
13 #include <linux/hugetlb.h>
14 #include <linux/mmu_notifier.h>
15 #include <linux/rmap.h>
16 #include <linux/swap.h>
17 #include <linux/shrinker.h>
18 #include <linux/mm_inline.h>
19 #include <linux/swapops.h>
20 #include <linux/dax.h>
21 #include <linux/kthread.h>
22 #include <linux/khugepaged.h>
23 #include <linux/freezer.h>
24 #include <linux/pfn_t.h>
25 #include <linux/mman.h>
26 #include <linux/pagemap.h>
27 #include <linux/debugfs.h>
28 #include <linux/migrate.h>
29 #include <linux/hashtable.h>
30 #include <linux/userfaultfd_k.h>
31 #include <linux/page_idle.h>
34 #include <asm/pgalloc.h>
44 SCAN_NO_REFERENCED_PAGE,
58 SCAN_ALLOC_HUGE_PAGE_FAIL,
59 SCAN_CGROUP_CHARGE_FAIL
62 #define CREATE_TRACE_POINTS
63 #include <trace/events/huge_memory.h>
66 * By default transparent hugepage support is disabled in order that avoid
67 * to risk increase the memory footprint of applications without a guaranteed
68 * benefit. When transparent hugepage support is enabled, is for all mappings,
69 * and khugepaged scans all mappings.
70 * Defrag is invoked by khugepaged hugepage allocations and by page faults
71 * for all hugepage allocations.
73 unsigned long transparent_hugepage_flags __read_mostly =
74 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS
75 (1<<TRANSPARENT_HUGEPAGE_FLAG)|
77 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_MADVISE
78 (1<<TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG)|
80 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_FLAG)|
81 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG)|
82 (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
84 /* default scan 8*512 pte (or vmas) every 30 second */
85 static unsigned int khugepaged_pages_to_scan __read_mostly = HPAGE_PMD_NR*8;
86 static unsigned int khugepaged_pages_collapsed;
87 static unsigned int khugepaged_full_scans;
88 static unsigned int khugepaged_scan_sleep_millisecs __read_mostly = 10000;
89 /* during fragmentation poll the hugepage allocator once every minute */
90 static unsigned int khugepaged_alloc_sleep_millisecs __read_mostly = 60000;
91 static struct task_struct *khugepaged_thread __read_mostly;
92 static DEFINE_MUTEX(khugepaged_mutex);
93 static DEFINE_SPINLOCK(khugepaged_mm_lock);
94 static DECLARE_WAIT_QUEUE_HEAD(khugepaged_wait);
96 * default collapse hugepages if there is at least one pte mapped like
97 * it would have happened if the vma was large enough during page
100 static unsigned int khugepaged_max_ptes_none __read_mostly = HPAGE_PMD_NR-1;
102 static int khugepaged(void *none);
103 static int khugepaged_slab_init(void);
104 static void khugepaged_slab_exit(void);
106 #define MM_SLOTS_HASH_BITS 10
107 static __read_mostly DEFINE_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
109 static struct kmem_cache *mm_slot_cache __read_mostly;
112 * struct mm_slot - hash lookup from mm to mm_slot
113 * @hash: hash collision list
114 * @mm_node: khugepaged scan list headed in khugepaged_scan.mm_head
115 * @mm: the mm that this information is valid for
118 struct hlist_node hash;
119 struct list_head mm_node;
120 struct mm_struct *mm;
124 * struct khugepaged_scan - cursor for scanning
125 * @mm_head: the head of the mm list to scan
126 * @mm_slot: the current mm_slot we are scanning
127 * @address: the next address inside that to be scanned
129 * There is only the one khugepaged_scan instance of this cursor structure.
131 struct khugepaged_scan {
132 struct list_head mm_head;
133 struct mm_slot *mm_slot;
134 unsigned long address;
136 static struct khugepaged_scan khugepaged_scan = {
137 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head),
140 static DEFINE_SPINLOCK(split_queue_lock);
141 static LIST_HEAD(split_queue);
142 static unsigned long split_queue_len;
143 static struct shrinker deferred_split_shrinker;
145 static void set_recommended_min_free_kbytes(void)
149 unsigned long recommended_min;
151 for_each_populated_zone(zone)
154 /* Ensure 2 pageblocks are free to assist fragmentation avoidance */
155 recommended_min = pageblock_nr_pages * nr_zones * 2;
158 * Make sure that on average at least two pageblocks are almost free
159 * of another type, one for a migratetype to fall back to and a
160 * second to avoid subsequent fallbacks of other types There are 3
161 * MIGRATE_TYPES we care about.
163 recommended_min += pageblock_nr_pages * nr_zones *
164 MIGRATE_PCPTYPES * MIGRATE_PCPTYPES;
166 /* don't ever allow to reserve more than 5% of the lowmem */
167 recommended_min = min(recommended_min,
168 (unsigned long) nr_free_buffer_pages() / 20);
169 recommended_min <<= (PAGE_SHIFT-10);
171 if (recommended_min > min_free_kbytes) {
172 if (user_min_free_kbytes >= 0)
173 pr_info("raising min_free_kbytes from %d to %lu "
174 "to help transparent hugepage allocations\n",
175 min_free_kbytes, recommended_min);
177 min_free_kbytes = recommended_min;
179 setup_per_zone_wmarks();
182 static int start_stop_khugepaged(void)
185 if (khugepaged_enabled()) {
186 if (!khugepaged_thread)
187 khugepaged_thread = kthread_run(khugepaged, NULL,
189 if (IS_ERR(khugepaged_thread)) {
190 pr_err("khugepaged: kthread_run(khugepaged) failed\n");
191 err = PTR_ERR(khugepaged_thread);
192 khugepaged_thread = NULL;
196 if (!list_empty(&khugepaged_scan.mm_head))
197 wake_up_interruptible(&khugepaged_wait);
199 set_recommended_min_free_kbytes();
200 } else if (khugepaged_thread) {
201 kthread_stop(khugepaged_thread);
202 khugepaged_thread = NULL;
208 static atomic_t huge_zero_refcount;
209 struct page *huge_zero_page __read_mostly;
211 struct page *get_huge_zero_page(void)
213 struct page *zero_page;
215 if (likely(atomic_inc_not_zero(&huge_zero_refcount)))
216 return READ_ONCE(huge_zero_page);
218 zero_page = alloc_pages((GFP_TRANSHUGE | __GFP_ZERO) & ~__GFP_MOVABLE,
221 count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED);
224 count_vm_event(THP_ZERO_PAGE_ALLOC);
226 if (cmpxchg(&huge_zero_page, NULL, zero_page)) {
228 __free_pages(zero_page, compound_order(zero_page));
232 /* We take additional reference here. It will be put back by shrinker */
233 atomic_set(&huge_zero_refcount, 2);
235 return READ_ONCE(huge_zero_page);
238 static void put_huge_zero_page(void)
241 * Counter should never go to zero here. Only shrinker can put
244 BUG_ON(atomic_dec_and_test(&huge_zero_refcount));
247 static unsigned long shrink_huge_zero_page_count(struct shrinker *shrink,
248 struct shrink_control *sc)
250 /* we can free zero page only if last reference remains */
251 return atomic_read(&huge_zero_refcount) == 1 ? HPAGE_PMD_NR : 0;
254 static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink,
255 struct shrink_control *sc)
257 if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) {
258 struct page *zero_page = xchg(&huge_zero_page, NULL);
259 BUG_ON(zero_page == NULL);
260 __free_pages(zero_page, compound_order(zero_page));
267 static struct shrinker huge_zero_page_shrinker = {
268 .count_objects = shrink_huge_zero_page_count,
269 .scan_objects = shrink_huge_zero_page_scan,
270 .seeks = DEFAULT_SEEKS,
275 static ssize_t double_flag_show(struct kobject *kobj,
276 struct kobj_attribute *attr, char *buf,
277 enum transparent_hugepage_flag enabled,
278 enum transparent_hugepage_flag req_madv)
280 if (test_bit(enabled, &transparent_hugepage_flags)) {
281 VM_BUG_ON(test_bit(req_madv, &transparent_hugepage_flags));
282 return sprintf(buf, "[always] madvise never\n");
283 } else if (test_bit(req_madv, &transparent_hugepage_flags))
284 return sprintf(buf, "always [madvise] never\n");
286 return sprintf(buf, "always madvise [never]\n");
288 static ssize_t double_flag_store(struct kobject *kobj,
289 struct kobj_attribute *attr,
290 const char *buf, size_t count,
291 enum transparent_hugepage_flag enabled,
292 enum transparent_hugepage_flag req_madv)
294 if (!memcmp("always", buf,
295 min(sizeof("always")-1, count))) {
296 set_bit(enabled, &transparent_hugepage_flags);
297 clear_bit(req_madv, &transparent_hugepage_flags);
298 } else if (!memcmp("madvise", buf,
299 min(sizeof("madvise")-1, count))) {
300 clear_bit(enabled, &transparent_hugepage_flags);
301 set_bit(req_madv, &transparent_hugepage_flags);
302 } else if (!memcmp("never", buf,
303 min(sizeof("never")-1, count))) {
304 clear_bit(enabled, &transparent_hugepage_flags);
305 clear_bit(req_madv, &transparent_hugepage_flags);
312 static ssize_t enabled_show(struct kobject *kobj,
313 struct kobj_attribute *attr, char *buf)
315 return double_flag_show(kobj, attr, buf,
316 TRANSPARENT_HUGEPAGE_FLAG,
317 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
319 static ssize_t enabled_store(struct kobject *kobj,
320 struct kobj_attribute *attr,
321 const char *buf, size_t count)
325 ret = double_flag_store(kobj, attr, buf, count,
326 TRANSPARENT_HUGEPAGE_FLAG,
327 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
332 mutex_lock(&khugepaged_mutex);
333 err = start_stop_khugepaged();
334 mutex_unlock(&khugepaged_mutex);
342 static struct kobj_attribute enabled_attr =
343 __ATTR(enabled, 0644, enabled_show, enabled_store);
345 static ssize_t single_flag_show(struct kobject *kobj,
346 struct kobj_attribute *attr, char *buf,
347 enum transparent_hugepage_flag flag)
349 return sprintf(buf, "%d\n",
350 !!test_bit(flag, &transparent_hugepage_flags));
353 static ssize_t single_flag_store(struct kobject *kobj,
354 struct kobj_attribute *attr,
355 const char *buf, size_t count,
356 enum transparent_hugepage_flag flag)
361 ret = kstrtoul(buf, 10, &value);
368 set_bit(flag, &transparent_hugepage_flags);
370 clear_bit(flag, &transparent_hugepage_flags);
376 * Currently defrag only disables __GFP_NOWAIT for allocation. A blind
377 * __GFP_REPEAT is too aggressive, it's never worth swapping tons of
378 * memory just to allocate one more hugepage.
380 static ssize_t defrag_show(struct kobject *kobj,
381 struct kobj_attribute *attr, char *buf)
383 return double_flag_show(kobj, attr, buf,
384 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
385 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
387 static ssize_t defrag_store(struct kobject *kobj,
388 struct kobj_attribute *attr,
389 const char *buf, size_t count)
391 return double_flag_store(kobj, attr, buf, count,
392 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
393 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
395 static struct kobj_attribute defrag_attr =
396 __ATTR(defrag, 0644, defrag_show, defrag_store);
398 static ssize_t use_zero_page_show(struct kobject *kobj,
399 struct kobj_attribute *attr, char *buf)
401 return single_flag_show(kobj, attr, buf,
402 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
404 static ssize_t use_zero_page_store(struct kobject *kobj,
405 struct kobj_attribute *attr, const char *buf, size_t count)
407 return single_flag_store(kobj, attr, buf, count,
408 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
410 static struct kobj_attribute use_zero_page_attr =
411 __ATTR(use_zero_page, 0644, use_zero_page_show, use_zero_page_store);
412 #ifdef CONFIG_DEBUG_VM
413 static ssize_t debug_cow_show(struct kobject *kobj,
414 struct kobj_attribute *attr, char *buf)
416 return single_flag_show(kobj, attr, buf,
417 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
419 static ssize_t debug_cow_store(struct kobject *kobj,
420 struct kobj_attribute *attr,
421 const char *buf, size_t count)
423 return single_flag_store(kobj, attr, buf, count,
424 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
426 static struct kobj_attribute debug_cow_attr =
427 __ATTR(debug_cow, 0644, debug_cow_show, debug_cow_store);
428 #endif /* CONFIG_DEBUG_VM */
430 static struct attribute *hugepage_attr[] = {
433 &use_zero_page_attr.attr,
434 #ifdef CONFIG_DEBUG_VM
435 &debug_cow_attr.attr,
440 static struct attribute_group hugepage_attr_group = {
441 .attrs = hugepage_attr,
444 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj,
445 struct kobj_attribute *attr,
448 return sprintf(buf, "%u\n", khugepaged_scan_sleep_millisecs);
451 static ssize_t scan_sleep_millisecs_store(struct kobject *kobj,
452 struct kobj_attribute *attr,
453 const char *buf, size_t count)
458 err = kstrtoul(buf, 10, &msecs);
459 if (err || msecs > UINT_MAX)
462 khugepaged_scan_sleep_millisecs = msecs;
463 wake_up_interruptible(&khugepaged_wait);
467 static struct kobj_attribute scan_sleep_millisecs_attr =
468 __ATTR(scan_sleep_millisecs, 0644, scan_sleep_millisecs_show,
469 scan_sleep_millisecs_store);
471 static ssize_t alloc_sleep_millisecs_show(struct kobject *kobj,
472 struct kobj_attribute *attr,
475 return sprintf(buf, "%u\n", khugepaged_alloc_sleep_millisecs);
478 static ssize_t alloc_sleep_millisecs_store(struct kobject *kobj,
479 struct kobj_attribute *attr,
480 const char *buf, size_t count)
485 err = kstrtoul(buf, 10, &msecs);
486 if (err || msecs > UINT_MAX)
489 khugepaged_alloc_sleep_millisecs = msecs;
490 wake_up_interruptible(&khugepaged_wait);
494 static struct kobj_attribute alloc_sleep_millisecs_attr =
495 __ATTR(alloc_sleep_millisecs, 0644, alloc_sleep_millisecs_show,
496 alloc_sleep_millisecs_store);
498 static ssize_t pages_to_scan_show(struct kobject *kobj,
499 struct kobj_attribute *attr,
502 return sprintf(buf, "%u\n", khugepaged_pages_to_scan);
504 static ssize_t pages_to_scan_store(struct kobject *kobj,
505 struct kobj_attribute *attr,
506 const char *buf, size_t count)
511 err = kstrtoul(buf, 10, &pages);
512 if (err || !pages || pages > UINT_MAX)
515 khugepaged_pages_to_scan = pages;
519 static struct kobj_attribute pages_to_scan_attr =
520 __ATTR(pages_to_scan, 0644, pages_to_scan_show,
521 pages_to_scan_store);
523 static ssize_t pages_collapsed_show(struct kobject *kobj,
524 struct kobj_attribute *attr,
527 return sprintf(buf, "%u\n", khugepaged_pages_collapsed);
529 static struct kobj_attribute pages_collapsed_attr =
530 __ATTR_RO(pages_collapsed);
532 static ssize_t full_scans_show(struct kobject *kobj,
533 struct kobj_attribute *attr,
536 return sprintf(buf, "%u\n", khugepaged_full_scans);
538 static struct kobj_attribute full_scans_attr =
539 __ATTR_RO(full_scans);
541 static ssize_t khugepaged_defrag_show(struct kobject *kobj,
542 struct kobj_attribute *attr, char *buf)
544 return single_flag_show(kobj, attr, buf,
545 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
547 static ssize_t khugepaged_defrag_store(struct kobject *kobj,
548 struct kobj_attribute *attr,
549 const char *buf, size_t count)
551 return single_flag_store(kobj, attr, buf, count,
552 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
554 static struct kobj_attribute khugepaged_defrag_attr =
555 __ATTR(defrag, 0644, khugepaged_defrag_show,
556 khugepaged_defrag_store);
559 * max_ptes_none controls if khugepaged should collapse hugepages over
560 * any unmapped ptes in turn potentially increasing the memory
561 * footprint of the vmas. When max_ptes_none is 0 khugepaged will not
562 * reduce the available free memory in the system as it
563 * runs. Increasing max_ptes_none will instead potentially reduce the
564 * free memory in the system during the khugepaged scan.
566 static ssize_t khugepaged_max_ptes_none_show(struct kobject *kobj,
567 struct kobj_attribute *attr,
570 return sprintf(buf, "%u\n", khugepaged_max_ptes_none);
572 static ssize_t khugepaged_max_ptes_none_store(struct kobject *kobj,
573 struct kobj_attribute *attr,
574 const char *buf, size_t count)
577 unsigned long max_ptes_none;
579 err = kstrtoul(buf, 10, &max_ptes_none);
580 if (err || max_ptes_none > HPAGE_PMD_NR-1)
583 khugepaged_max_ptes_none = max_ptes_none;
587 static struct kobj_attribute khugepaged_max_ptes_none_attr =
588 __ATTR(max_ptes_none, 0644, khugepaged_max_ptes_none_show,
589 khugepaged_max_ptes_none_store);
591 static struct attribute *khugepaged_attr[] = {
592 &khugepaged_defrag_attr.attr,
593 &khugepaged_max_ptes_none_attr.attr,
594 &pages_to_scan_attr.attr,
595 &pages_collapsed_attr.attr,
596 &full_scans_attr.attr,
597 &scan_sleep_millisecs_attr.attr,
598 &alloc_sleep_millisecs_attr.attr,
602 static struct attribute_group khugepaged_attr_group = {
603 .attrs = khugepaged_attr,
604 .name = "khugepaged",
607 static int __init hugepage_init_sysfs(struct kobject **hugepage_kobj)
611 *hugepage_kobj = kobject_create_and_add("transparent_hugepage", mm_kobj);
612 if (unlikely(!*hugepage_kobj)) {
613 pr_err("failed to create transparent hugepage kobject\n");
617 err = sysfs_create_group(*hugepage_kobj, &hugepage_attr_group);
619 pr_err("failed to register transparent hugepage group\n");
623 err = sysfs_create_group(*hugepage_kobj, &khugepaged_attr_group);
625 pr_err("failed to register transparent hugepage group\n");
626 goto remove_hp_group;
632 sysfs_remove_group(*hugepage_kobj, &hugepage_attr_group);
634 kobject_put(*hugepage_kobj);
638 static void __init hugepage_exit_sysfs(struct kobject *hugepage_kobj)
640 sysfs_remove_group(hugepage_kobj, &khugepaged_attr_group);
641 sysfs_remove_group(hugepage_kobj, &hugepage_attr_group);
642 kobject_put(hugepage_kobj);
645 static inline int hugepage_init_sysfs(struct kobject **hugepage_kobj)
650 static inline void hugepage_exit_sysfs(struct kobject *hugepage_kobj)
653 #endif /* CONFIG_SYSFS */
655 static int __init hugepage_init(void)
658 struct kobject *hugepage_kobj;
660 if (!has_transparent_hugepage()) {
661 transparent_hugepage_flags = 0;
665 err = hugepage_init_sysfs(&hugepage_kobj);
669 err = khugepaged_slab_init();
673 err = register_shrinker(&huge_zero_page_shrinker);
675 goto err_hzp_shrinker;
676 err = register_shrinker(&deferred_split_shrinker);
678 goto err_split_shrinker;
681 * By default disable transparent hugepages on smaller systems,
682 * where the extra memory used could hurt more than TLB overhead
683 * is likely to save. The admin can still enable it through /sys.
685 if (totalram_pages < (512 << (20 - PAGE_SHIFT))) {
686 transparent_hugepage_flags = 0;
690 err = start_stop_khugepaged();
696 unregister_shrinker(&deferred_split_shrinker);
698 unregister_shrinker(&huge_zero_page_shrinker);
700 khugepaged_slab_exit();
702 hugepage_exit_sysfs(hugepage_kobj);
706 subsys_initcall(hugepage_init);
708 static int __init setup_transparent_hugepage(char *str)
713 if (!strcmp(str, "always")) {
714 set_bit(TRANSPARENT_HUGEPAGE_FLAG,
715 &transparent_hugepage_flags);
716 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
717 &transparent_hugepage_flags);
719 } else if (!strcmp(str, "madvise")) {
720 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
721 &transparent_hugepage_flags);
722 set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
723 &transparent_hugepage_flags);
725 } else if (!strcmp(str, "never")) {
726 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
727 &transparent_hugepage_flags);
728 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
729 &transparent_hugepage_flags);
734 pr_warn("transparent_hugepage= cannot parse, ignored\n");
737 __setup("transparent_hugepage=", setup_transparent_hugepage);
739 pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma)
741 if (likely(vma->vm_flags & VM_WRITE))
742 pmd = pmd_mkwrite(pmd);
746 static inline pmd_t mk_huge_pmd(struct page *page, pgprot_t prot)
749 entry = mk_pmd(page, prot);
750 entry = pmd_mkhuge(entry);
754 static inline struct list_head *page_deferred_list(struct page *page)
757 * ->lru in the tail pages is occupied by compound_head.
758 * Let's use ->mapping + ->index in the second tail page as list_head.
760 return (struct list_head *)&page[2].mapping;
763 void prep_transhuge_page(struct page *page)
766 * we use page->mapping and page->indexlru in second tail page
767 * as list_head: assuming THP order >= 2
769 BUILD_BUG_ON(HPAGE_PMD_ORDER < 2);
771 INIT_LIST_HEAD(page_deferred_list(page));
772 set_compound_page_dtor(page, TRANSHUGE_PAGE_DTOR);
775 static int __do_huge_pmd_anonymous_page(struct mm_struct *mm,
776 struct vm_area_struct *vma,
777 unsigned long address, pmd_t *pmd,
778 struct page *page, gfp_t gfp,
781 struct mem_cgroup *memcg;
784 unsigned long haddr = address & HPAGE_PMD_MASK;
786 VM_BUG_ON_PAGE(!PageCompound(page), page);
788 if (mem_cgroup_try_charge(page, mm, gfp, &memcg, true)) {
790 count_vm_event(THP_FAULT_FALLBACK);
791 return VM_FAULT_FALLBACK;
794 pgtable = pte_alloc_one(mm, haddr);
795 if (unlikely(!pgtable)) {
796 mem_cgroup_cancel_charge(page, memcg, true);
801 clear_huge_page(page, haddr, HPAGE_PMD_NR);
803 * The memory barrier inside __SetPageUptodate makes sure that
804 * clear_huge_page writes become visible before the set_pmd_at()
807 __SetPageUptodate(page);
809 ptl = pmd_lock(mm, pmd);
810 if (unlikely(!pmd_none(*pmd))) {
812 mem_cgroup_cancel_charge(page, memcg, true);
814 pte_free(mm, pgtable);
818 /* Deliver the page fault to userland */
819 if (userfaultfd_missing(vma)) {
823 mem_cgroup_cancel_charge(page, memcg, true);
825 pte_free(mm, pgtable);
826 ret = handle_userfault(vma, address, flags,
828 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
832 entry = mk_huge_pmd(page, vma->vm_page_prot);
833 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
834 page_add_new_anon_rmap(page, vma, haddr, true);
835 mem_cgroup_commit_charge(page, memcg, false, true);
836 lru_cache_add_active_or_unevictable(page, vma);
837 pgtable_trans_huge_deposit(mm, pmd, pgtable);
838 set_pmd_at(mm, haddr, pmd, entry);
839 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
840 atomic_long_inc(&mm->nr_ptes);
842 count_vm_event(THP_FAULT_ALLOC);
848 static inline gfp_t alloc_hugepage_gfpmask(int defrag, gfp_t extra_gfp)
850 return (GFP_TRANSHUGE & ~(defrag ? 0 : __GFP_RECLAIM)) | extra_gfp;
853 /* Caller must hold page table lock. */
854 static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm,
855 struct vm_area_struct *vma, unsigned long haddr, pmd_t *pmd,
856 struct page *zero_page)
861 entry = mk_pmd(zero_page, vma->vm_page_prot);
862 entry = pmd_mkhuge(entry);
863 pgtable_trans_huge_deposit(mm, pmd, pgtable);
864 set_pmd_at(mm, haddr, pmd, entry);
865 atomic_long_inc(&mm->nr_ptes);
869 int do_huge_pmd_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
870 unsigned long address, pmd_t *pmd,
875 unsigned long haddr = address & HPAGE_PMD_MASK;
877 if (haddr < vma->vm_start || haddr + HPAGE_PMD_SIZE > vma->vm_end)
878 return VM_FAULT_FALLBACK;
879 if (unlikely(anon_vma_prepare(vma)))
881 if (unlikely(khugepaged_enter(vma, vma->vm_flags)))
883 if (!(flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(mm) &&
884 transparent_hugepage_use_zero_page()) {
887 struct page *zero_page;
890 pgtable = pte_alloc_one(mm, haddr);
891 if (unlikely(!pgtable))
893 zero_page = get_huge_zero_page();
894 if (unlikely(!zero_page)) {
895 pte_free(mm, pgtable);
896 count_vm_event(THP_FAULT_FALLBACK);
897 return VM_FAULT_FALLBACK;
899 ptl = pmd_lock(mm, pmd);
902 if (pmd_none(*pmd)) {
903 if (userfaultfd_missing(vma)) {
905 ret = handle_userfault(vma, address, flags,
907 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
909 set_huge_zero_page(pgtable, mm, vma,
918 pte_free(mm, pgtable);
919 put_huge_zero_page();
923 gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
924 page = alloc_hugepage_vma(gfp, vma, haddr, HPAGE_PMD_ORDER);
925 if (unlikely(!page)) {
926 count_vm_event(THP_FAULT_FALLBACK);
927 return VM_FAULT_FALLBACK;
929 prep_transhuge_page(page);
930 return __do_huge_pmd_anonymous_page(mm, vma, address, pmd, page, gfp,
934 static void insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
935 pmd_t *pmd, pfn_t pfn, pgprot_t prot, bool write)
937 struct mm_struct *mm = vma->vm_mm;
941 ptl = pmd_lock(mm, pmd);
942 entry = pmd_mkhuge(pfn_t_pmd(pfn, prot));
943 if (pfn_t_devmap(pfn))
944 entry = pmd_mkdevmap(entry);
946 entry = pmd_mkyoung(pmd_mkdirty(entry));
947 entry = maybe_pmd_mkwrite(entry, vma);
949 set_pmd_at(mm, addr, pmd, entry);
950 update_mmu_cache_pmd(vma, addr, pmd);
954 int vmf_insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
955 pmd_t *pmd, pfn_t pfn, bool write)
957 pgprot_t pgprot = vma->vm_page_prot;
959 * If we had pmd_special, we could avoid all these restrictions,
960 * but we need to be consistent with PTEs and architectures that
961 * can't support a 'special' bit.
963 BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)));
964 BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) ==
965 (VM_PFNMAP|VM_MIXEDMAP));
966 BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));
967 BUG_ON(!pfn_t_devmap(pfn));
969 if (addr < vma->vm_start || addr >= vma->vm_end)
970 return VM_FAULT_SIGBUS;
971 if (track_pfn_insert(vma, &pgprot, pfn))
972 return VM_FAULT_SIGBUS;
973 insert_pfn_pmd(vma, addr, pmd, pfn, pgprot, write);
974 return VM_FAULT_NOPAGE;
977 int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
978 pmd_t *dst_pmd, pmd_t *src_pmd, unsigned long addr,
979 struct vm_area_struct *vma)
981 spinlock_t *dst_ptl, *src_ptl;
982 struct page *src_page;
988 pgtable = pte_alloc_one(dst_mm, addr);
989 if (unlikely(!pgtable))
992 dst_ptl = pmd_lock(dst_mm, dst_pmd);
993 src_ptl = pmd_lockptr(src_mm, src_pmd);
994 spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
998 if (unlikely(!pmd_trans_huge(pmd) && !pmd_devmap(pmd))) {
999 pte_free(dst_mm, pgtable);
1003 * When page table lock is held, the huge zero pmd should not be
1004 * under splitting since we don't split the page itself, only pmd to
1007 if (is_huge_zero_pmd(pmd)) {
1008 struct page *zero_page;
1010 * get_huge_zero_page() will never allocate a new page here,
1011 * since we already have a zero page to copy. It just takes a
1014 zero_page = get_huge_zero_page();
1015 set_huge_zero_page(pgtable, dst_mm, vma, addr, dst_pmd,
1021 if (pmd_trans_huge(pmd)) {
1022 /* thp accounting separate from pmd_devmap accounting */
1023 src_page = pmd_page(pmd);
1024 VM_BUG_ON_PAGE(!PageHead(src_page), src_page);
1026 page_dup_rmap(src_page, true);
1027 add_mm_counter(dst_mm, MM_ANONPAGES, HPAGE_PMD_NR);
1028 atomic_long_inc(&dst_mm->nr_ptes);
1029 pgtable_trans_huge_deposit(dst_mm, dst_pmd, pgtable);
1032 pmdp_set_wrprotect(src_mm, addr, src_pmd);
1033 pmd = pmd_mkold(pmd_wrprotect(pmd));
1034 set_pmd_at(dst_mm, addr, dst_pmd, pmd);
1038 spin_unlock(src_ptl);
1039 spin_unlock(dst_ptl);
1044 void huge_pmd_set_accessed(struct mm_struct *mm,
1045 struct vm_area_struct *vma,
1046 unsigned long address,
1047 pmd_t *pmd, pmd_t orig_pmd,
1052 unsigned long haddr;
1054 ptl = pmd_lock(mm, pmd);
1055 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1058 entry = pmd_mkyoung(orig_pmd);
1059 haddr = address & HPAGE_PMD_MASK;
1060 if (pmdp_set_access_flags(vma, haddr, pmd, entry, dirty))
1061 update_mmu_cache_pmd(vma, address, pmd);
1067 static int do_huge_pmd_wp_page_fallback(struct mm_struct *mm,
1068 struct vm_area_struct *vma,
1069 unsigned long address,
1070 pmd_t *pmd, pmd_t orig_pmd,
1072 unsigned long haddr)
1074 struct mem_cgroup *memcg;
1079 struct page **pages;
1080 unsigned long mmun_start; /* For mmu_notifiers */
1081 unsigned long mmun_end; /* For mmu_notifiers */
1083 pages = kmalloc(sizeof(struct page *) * HPAGE_PMD_NR,
1085 if (unlikely(!pages)) {
1086 ret |= VM_FAULT_OOM;
1090 for (i = 0; i < HPAGE_PMD_NR; i++) {
1091 pages[i] = alloc_page_vma_node(GFP_HIGHUSER_MOVABLE |
1093 vma, address, page_to_nid(page));
1094 if (unlikely(!pages[i] ||
1095 mem_cgroup_try_charge(pages[i], mm, GFP_KERNEL,
1100 memcg = (void *)page_private(pages[i]);
1101 set_page_private(pages[i], 0);
1102 mem_cgroup_cancel_charge(pages[i], memcg,
1107 ret |= VM_FAULT_OOM;
1110 set_page_private(pages[i], (unsigned long)memcg);
1113 for (i = 0; i < HPAGE_PMD_NR; i++) {
1114 copy_user_highpage(pages[i], page + i,
1115 haddr + PAGE_SIZE * i, vma);
1116 __SetPageUptodate(pages[i]);
1121 mmun_end = haddr + HPAGE_PMD_SIZE;
1122 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1124 ptl = pmd_lock(mm, pmd);
1125 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1126 goto out_free_pages;
1127 VM_BUG_ON_PAGE(!PageHead(page), page);
1129 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1130 /* leave pmd empty until pte is filled */
1132 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
1133 pmd_populate(mm, &_pmd, pgtable);
1135 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
1137 entry = mk_pte(pages[i], vma->vm_page_prot);
1138 entry = maybe_mkwrite(pte_mkdirty(entry), vma);
1139 memcg = (void *)page_private(pages[i]);
1140 set_page_private(pages[i], 0);
1141 page_add_new_anon_rmap(pages[i], vma, haddr, false);
1142 mem_cgroup_commit_charge(pages[i], memcg, false, false);
1143 lru_cache_add_active_or_unevictable(pages[i], vma);
1144 pte = pte_offset_map(&_pmd, haddr);
1145 VM_BUG_ON(!pte_none(*pte));
1146 set_pte_at(mm, haddr, pte, entry);
1151 smp_wmb(); /* make pte visible before pmd */
1152 pmd_populate(mm, pmd, pgtable);
1153 page_remove_rmap(page, true);
1156 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1158 ret |= VM_FAULT_WRITE;
1166 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1167 for (i = 0; i < HPAGE_PMD_NR; i++) {
1168 memcg = (void *)page_private(pages[i]);
1169 set_page_private(pages[i], 0);
1170 mem_cgroup_cancel_charge(pages[i], memcg, false);
1177 int do_huge_pmd_wp_page(struct mm_struct *mm, struct vm_area_struct *vma,
1178 unsigned long address, pmd_t *pmd, pmd_t orig_pmd)
1182 struct page *page = NULL, *new_page;
1183 struct mem_cgroup *memcg;
1184 unsigned long haddr;
1185 unsigned long mmun_start; /* For mmu_notifiers */
1186 unsigned long mmun_end; /* For mmu_notifiers */
1187 gfp_t huge_gfp; /* for allocation and charge */
1189 ptl = pmd_lockptr(mm, pmd);
1190 VM_BUG_ON_VMA(!vma->anon_vma, vma);
1191 haddr = address & HPAGE_PMD_MASK;
1192 if (is_huge_zero_pmd(orig_pmd))
1195 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1198 page = pmd_page(orig_pmd);
1199 VM_BUG_ON_PAGE(!PageCompound(page) || !PageHead(page), page);
1201 * We can only reuse the page if nobody else maps the huge page or it's
1202 * part. We can do it by checking page_mapcount() on each sub-page, but
1204 * The cheaper way is to check page_count() to be equal 1: every
1205 * mapcount takes page reference reference, so this way we can
1206 * guarantee, that the PMD is the only mapping.
1207 * This can give false negative if somebody pinned the page, but that's
1210 if (page_mapcount(page) == 1 && page_count(page) == 1) {
1212 entry = pmd_mkyoung(orig_pmd);
1213 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1214 if (pmdp_set_access_flags(vma, haddr, pmd, entry, 1))
1215 update_mmu_cache_pmd(vma, address, pmd);
1216 ret |= VM_FAULT_WRITE;
1222 if (transparent_hugepage_enabled(vma) &&
1223 !transparent_hugepage_debug_cow()) {
1224 huge_gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
1225 new_page = alloc_hugepage_vma(huge_gfp, vma, haddr, HPAGE_PMD_ORDER);
1229 if (likely(new_page)) {
1230 prep_transhuge_page(new_page);
1233 split_huge_pmd(vma, pmd, address);
1234 ret |= VM_FAULT_FALLBACK;
1236 ret = do_huge_pmd_wp_page_fallback(mm, vma, address,
1237 pmd, orig_pmd, page, haddr);
1238 if (ret & VM_FAULT_OOM) {
1239 split_huge_pmd(vma, pmd, address);
1240 ret |= VM_FAULT_FALLBACK;
1244 count_vm_event(THP_FAULT_FALLBACK);
1248 if (unlikely(mem_cgroup_try_charge(new_page, mm, huge_gfp, &memcg,
1252 split_huge_pmd(vma, pmd, address);
1255 split_huge_pmd(vma, pmd, address);
1256 ret |= VM_FAULT_FALLBACK;
1257 count_vm_event(THP_FAULT_FALLBACK);
1261 count_vm_event(THP_FAULT_ALLOC);
1264 clear_huge_page(new_page, haddr, HPAGE_PMD_NR);
1266 copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR);
1267 __SetPageUptodate(new_page);
1270 mmun_end = haddr + HPAGE_PMD_SIZE;
1271 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1276 if (unlikely(!pmd_same(*pmd, orig_pmd))) {
1278 mem_cgroup_cancel_charge(new_page, memcg, true);
1283 entry = mk_huge_pmd(new_page, vma->vm_page_prot);
1284 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1285 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1286 page_add_new_anon_rmap(new_page, vma, haddr, true);
1287 mem_cgroup_commit_charge(new_page, memcg, false, true);
1288 lru_cache_add_active_or_unevictable(new_page, vma);
1289 set_pmd_at(mm, haddr, pmd, entry);
1290 update_mmu_cache_pmd(vma, address, pmd);
1292 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
1293 put_huge_zero_page();
1295 VM_BUG_ON_PAGE(!PageHead(page), page);
1296 page_remove_rmap(page, true);
1299 ret |= VM_FAULT_WRITE;
1303 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1311 struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
1316 struct mm_struct *mm = vma->vm_mm;
1317 struct page *page = NULL;
1319 assert_spin_locked(pmd_lockptr(mm, pmd));
1321 if (flags & FOLL_WRITE && !pmd_write(*pmd))
1324 /* Avoid dumping huge zero page */
1325 if ((flags & FOLL_DUMP) && is_huge_zero_pmd(*pmd))
1326 return ERR_PTR(-EFAULT);
1328 /* Full NUMA hinting faults to serialise migration in fault paths */
1329 if ((flags & FOLL_NUMA) && pmd_protnone(*pmd))
1332 page = pmd_page(*pmd);
1333 VM_BUG_ON_PAGE(!PageHead(page), page);
1334 if (flags & FOLL_TOUCH) {
1337 * We should set the dirty bit only for FOLL_WRITE but
1338 * for now the dirty bit in the pmd is meaningless.
1339 * And if the dirty bit will become meaningful and
1340 * we'll only set it with FOLL_WRITE, an atomic
1341 * set_bit will be required on the pmd to set the
1342 * young bit, instead of the current set_pmd_at.
1344 _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
1345 if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
1347 update_mmu_cache_pmd(vma, addr, pmd);
1349 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
1351 * We don't mlock() pte-mapped THPs. This way we can avoid
1352 * leaking mlocked pages into non-VM_LOCKED VMAs.
1354 * In most cases the pmd is the only mapping of the page as we
1355 * break COW for the mlock() -- see gup_flags |= FOLL_WRITE for
1356 * writable private mappings in populate_vma_page_range().
1358 * The only scenario when we have the page shared here is if we
1359 * mlocking read-only mapping shared over fork(). We skip
1360 * mlocking such pages.
1362 if (compound_mapcount(page) == 1 && !PageDoubleMap(page) &&
1363 page->mapping && trylock_page(page)) {
1366 mlock_vma_page(page);
1370 page += (addr & ~HPAGE_PMD_MASK) >> PAGE_SHIFT;
1371 VM_BUG_ON_PAGE(!PageCompound(page), page);
1372 if (flags & FOLL_GET)
1379 /* NUMA hinting page fault entry point for trans huge pmds */
1380 int do_huge_pmd_numa_page(struct mm_struct *mm, struct vm_area_struct *vma,
1381 unsigned long addr, pmd_t pmd, pmd_t *pmdp)
1384 struct anon_vma *anon_vma = NULL;
1386 unsigned long haddr = addr & HPAGE_PMD_MASK;
1387 int page_nid = -1, this_nid = numa_node_id();
1388 int target_nid, last_cpupid = -1;
1390 bool migrated = false;
1394 /* A PROT_NONE fault should not end up here */
1395 BUG_ON(!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE)));
1397 ptl = pmd_lock(mm, pmdp);
1398 if (unlikely(!pmd_same(pmd, *pmdp)))
1402 * If there are potential migrations, wait for completion and retry
1403 * without disrupting NUMA hinting information. Do not relock and
1404 * check_same as the page may no longer be mapped.
1406 if (unlikely(pmd_trans_migrating(*pmdp))) {
1407 page = pmd_page(*pmdp);
1409 wait_on_page_locked(page);
1413 page = pmd_page(pmd);
1414 BUG_ON(is_huge_zero_page(page));
1415 page_nid = page_to_nid(page);
1416 last_cpupid = page_cpupid_last(page);
1417 count_vm_numa_event(NUMA_HINT_FAULTS);
1418 if (page_nid == this_nid) {
1419 count_vm_numa_event(NUMA_HINT_FAULTS_LOCAL);
1420 flags |= TNF_FAULT_LOCAL;
1423 /* See similar comment in do_numa_page for explanation */
1424 if (!(vma->vm_flags & VM_WRITE))
1425 flags |= TNF_NO_GROUP;
1428 * Acquire the page lock to serialise THP migrations but avoid dropping
1429 * page_table_lock if at all possible
1431 page_locked = trylock_page(page);
1432 target_nid = mpol_misplaced(page, vma, haddr);
1433 if (target_nid == -1) {
1434 /* If the page was locked, there are no parallel migrations */
1439 /* Migration could have started since the pmd_trans_migrating check */
1442 wait_on_page_locked(page);
1448 * Page is misplaced. Page lock serialises migrations. Acquire anon_vma
1449 * to serialises splits
1453 anon_vma = page_lock_anon_vma_read(page);
1455 /* Confirm the PMD did not change while page_table_lock was released */
1457 if (unlikely(!pmd_same(pmd, *pmdp))) {
1464 /* Bail if we fail to protect against THP splits for any reason */
1465 if (unlikely(!anon_vma)) {
1472 * Migrate the THP to the requested node, returns with page unlocked
1473 * and access rights restored.
1476 migrated = migrate_misplaced_transhuge_page(mm, vma,
1477 pmdp, pmd, addr, page, target_nid);
1479 flags |= TNF_MIGRATED;
1480 page_nid = target_nid;
1482 flags |= TNF_MIGRATE_FAIL;
1486 BUG_ON(!PageLocked(page));
1487 was_writable = pmd_write(pmd);
1488 pmd = pmd_modify(pmd, vma->vm_page_prot);
1489 pmd = pmd_mkyoung(pmd);
1491 pmd = pmd_mkwrite(pmd);
1492 set_pmd_at(mm, haddr, pmdp, pmd);
1493 update_mmu_cache_pmd(vma, addr, pmdp);
1500 page_unlock_anon_vma_read(anon_vma);
1503 task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, flags);
1508 int madvise_free_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1509 pmd_t *pmd, unsigned long addr, unsigned long next)
1515 struct mm_struct *mm = tlb->mm;
1518 if (!pmd_trans_huge_lock(pmd, vma, &ptl))
1522 if (is_huge_zero_pmd(orig_pmd)) {
1527 page = pmd_page(orig_pmd);
1529 * If other processes are mapping this page, we couldn't discard
1530 * the page unless they all do MADV_FREE so let's skip the page.
1532 if (page_mapcount(page) != 1)
1535 if (!trylock_page(page))
1539 * If user want to discard part-pages of THP, split it so MADV_FREE
1540 * will deactivate only them.
1542 if (next - addr != HPAGE_PMD_SIZE) {
1545 if (split_huge_page(page)) {
1556 if (PageDirty(page))
1557 ClearPageDirty(page);
1560 if (PageActive(page))
1561 deactivate_page(page);
1563 if (pmd_young(orig_pmd) || pmd_dirty(orig_pmd)) {
1564 orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd,
1566 orig_pmd = pmd_mkold(orig_pmd);
1567 orig_pmd = pmd_mkclean(orig_pmd);
1569 set_pmd_at(mm, addr, pmd, orig_pmd);
1570 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1579 int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1580 pmd_t *pmd, unsigned long addr)
1585 if (!__pmd_trans_huge_lock(pmd, vma, &ptl))
1588 * For architectures like ppc64 we look at deposited pgtable
1589 * when calling pmdp_huge_get_and_clear. So do the
1590 * pgtable_trans_huge_withdraw after finishing pmdp related
1593 orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd,
1595 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1596 if (vma_is_dax(vma)) {
1598 if (is_huge_zero_pmd(orig_pmd))
1599 put_huge_zero_page();
1600 } else if (is_huge_zero_pmd(orig_pmd)) {
1601 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1602 atomic_long_dec(&tlb->mm->nr_ptes);
1604 put_huge_zero_page();
1606 struct page *page = pmd_page(orig_pmd);
1607 page_remove_rmap(page, true);
1608 VM_BUG_ON_PAGE(page_mapcount(page) < 0, page);
1609 add_mm_counter(tlb->mm, MM_ANONPAGES, -HPAGE_PMD_NR);
1610 VM_BUG_ON_PAGE(!PageHead(page), page);
1611 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1612 atomic_long_dec(&tlb->mm->nr_ptes);
1614 tlb_remove_page(tlb, page);
1619 bool move_huge_pmd(struct vm_area_struct *vma, struct vm_area_struct *new_vma,
1620 unsigned long old_addr,
1621 unsigned long new_addr, unsigned long old_end,
1622 pmd_t *old_pmd, pmd_t *new_pmd)
1624 spinlock_t *old_ptl, *new_ptl;
1627 struct mm_struct *mm = vma->vm_mm;
1629 if ((old_addr & ~HPAGE_PMD_MASK) ||
1630 (new_addr & ~HPAGE_PMD_MASK) ||
1631 old_end - old_addr < HPAGE_PMD_SIZE ||
1632 (new_vma->vm_flags & VM_NOHUGEPAGE))
1636 * The destination pmd shouldn't be established, free_pgtables()
1637 * should have release it.
1639 if (WARN_ON(!pmd_none(*new_pmd))) {
1640 VM_BUG_ON(pmd_trans_huge(*new_pmd));
1645 * We don't have to worry about the ordering of src and dst
1646 * ptlocks because exclusive mmap_sem prevents deadlock.
1648 if (__pmd_trans_huge_lock(old_pmd, vma, &old_ptl)) {
1649 new_ptl = pmd_lockptr(mm, new_pmd);
1650 if (new_ptl != old_ptl)
1651 spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING);
1652 pmd = pmdp_huge_get_and_clear(mm, old_addr, old_pmd);
1653 VM_BUG_ON(!pmd_none(*new_pmd));
1655 if (pmd_move_must_withdraw(new_ptl, old_ptl)) {
1657 pgtable = pgtable_trans_huge_withdraw(mm, old_pmd);
1658 pgtable_trans_huge_deposit(mm, new_pmd, pgtable);
1660 set_pmd_at(mm, new_addr, new_pmd, pmd_mksoft_dirty(pmd));
1661 if (new_ptl != old_ptl)
1662 spin_unlock(new_ptl);
1663 spin_unlock(old_ptl);
1671 * - 0 if PMD could not be locked
1672 * - 1 if PMD was locked but protections unchange and TLB flush unnecessary
1673 * - HPAGE_PMD_NR is protections changed and TLB flush necessary
1675 int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
1676 unsigned long addr, pgprot_t newprot, int prot_numa)
1678 struct mm_struct *mm = vma->vm_mm;
1682 if (__pmd_trans_huge_lock(pmd, vma, &ptl)) {
1684 bool preserve_write = prot_numa && pmd_write(*pmd);
1688 * Avoid trapping faults against the zero page. The read-only
1689 * data is likely to be read-cached on the local CPU and
1690 * local/remote hits to the zero page are not interesting.
1692 if (prot_numa && is_huge_zero_pmd(*pmd)) {
1697 if (!prot_numa || !pmd_protnone(*pmd)) {
1698 entry = pmdp_huge_get_and_clear_notify(mm, addr, pmd);
1699 entry = pmd_modify(entry, newprot);
1701 entry = pmd_mkwrite(entry);
1703 set_pmd_at(mm, addr, pmd, entry);
1704 BUG_ON(!preserve_write && pmd_write(entry));
1713 * Returns true if a given pmd maps a thp, false otherwise.
1715 * Note that if it returns true, this routine returns without unlocking page
1716 * table lock. So callers must unlock it.
1718 bool __pmd_trans_huge_lock(pmd_t *pmd, struct vm_area_struct *vma,
1721 *ptl = pmd_lock(vma->vm_mm, pmd);
1722 if (likely(pmd_trans_huge(*pmd) || pmd_devmap(*pmd)))
1728 #define VM_NO_THP (VM_SPECIAL | VM_HUGETLB | VM_SHARED | VM_MAYSHARE)
1730 int hugepage_madvise(struct vm_area_struct *vma,
1731 unsigned long *vm_flags, int advice)
1737 * qemu blindly sets MADV_HUGEPAGE on all allocations, but s390
1738 * can't handle this properly after s390_enable_sie, so we simply
1739 * ignore the madvise to prevent qemu from causing a SIGSEGV.
1741 if (mm_has_pgste(vma->vm_mm))
1745 * Be somewhat over-protective like KSM for now!
1747 if (*vm_flags & VM_NO_THP)
1749 *vm_flags &= ~VM_NOHUGEPAGE;
1750 *vm_flags |= VM_HUGEPAGE;
1752 * If the vma become good for khugepaged to scan,
1753 * register it here without waiting a page fault that
1754 * may not happen any time soon.
1756 if (unlikely(khugepaged_enter_vma_merge(vma, *vm_flags)))
1759 case MADV_NOHUGEPAGE:
1761 * Be somewhat over-protective like KSM for now!
1763 if (*vm_flags & VM_NO_THP)
1765 *vm_flags &= ~VM_HUGEPAGE;
1766 *vm_flags |= VM_NOHUGEPAGE;
1768 * Setting VM_NOHUGEPAGE will prevent khugepaged from scanning
1769 * this vma even if we leave the mm registered in khugepaged if
1770 * it got registered before VM_NOHUGEPAGE was set.
1778 static int __init khugepaged_slab_init(void)
1780 mm_slot_cache = kmem_cache_create("khugepaged_mm_slot",
1781 sizeof(struct mm_slot),
1782 __alignof__(struct mm_slot), 0, NULL);
1789 static void __init khugepaged_slab_exit(void)
1791 kmem_cache_destroy(mm_slot_cache);
1794 static inline struct mm_slot *alloc_mm_slot(void)
1796 if (!mm_slot_cache) /* initialization failed */
1798 return kmem_cache_zalloc(mm_slot_cache, GFP_KERNEL);
1801 static inline void free_mm_slot(struct mm_slot *mm_slot)
1803 kmem_cache_free(mm_slot_cache, mm_slot);
1806 static struct mm_slot *get_mm_slot(struct mm_struct *mm)
1808 struct mm_slot *mm_slot;
1810 hash_for_each_possible(mm_slots_hash, mm_slot, hash, (unsigned long)mm)
1811 if (mm == mm_slot->mm)
1817 static void insert_to_mm_slots_hash(struct mm_struct *mm,
1818 struct mm_slot *mm_slot)
1821 hash_add(mm_slots_hash, &mm_slot->hash, (long)mm);
1824 static inline int khugepaged_test_exit(struct mm_struct *mm)
1826 return atomic_read(&mm->mm_users) == 0;
1829 int __khugepaged_enter(struct mm_struct *mm)
1831 struct mm_slot *mm_slot;
1834 mm_slot = alloc_mm_slot();
1838 /* __khugepaged_exit() must not run from under us */
1839 VM_BUG_ON_MM(khugepaged_test_exit(mm), mm);
1840 if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags))) {
1841 free_mm_slot(mm_slot);
1845 spin_lock(&khugepaged_mm_lock);
1846 insert_to_mm_slots_hash(mm, mm_slot);
1848 * Insert just behind the scanning cursor, to let the area settle
1851 wakeup = list_empty(&khugepaged_scan.mm_head);
1852 list_add_tail(&mm_slot->mm_node, &khugepaged_scan.mm_head);
1853 spin_unlock(&khugepaged_mm_lock);
1855 atomic_inc(&mm->mm_count);
1857 wake_up_interruptible(&khugepaged_wait);
1862 int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
1863 unsigned long vm_flags)
1865 unsigned long hstart, hend;
1868 * Not yet faulted in so we will register later in the
1869 * page fault if needed.
1873 /* khugepaged not yet working on file or special mappings */
1875 VM_BUG_ON_VMA(vm_flags & VM_NO_THP, vma);
1876 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
1877 hend = vma->vm_end & HPAGE_PMD_MASK;
1879 return khugepaged_enter(vma, vm_flags);
1883 void __khugepaged_exit(struct mm_struct *mm)
1885 struct mm_slot *mm_slot;
1888 spin_lock(&khugepaged_mm_lock);
1889 mm_slot = get_mm_slot(mm);
1890 if (mm_slot && khugepaged_scan.mm_slot != mm_slot) {
1891 hash_del(&mm_slot->hash);
1892 list_del(&mm_slot->mm_node);
1895 spin_unlock(&khugepaged_mm_lock);
1898 clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
1899 free_mm_slot(mm_slot);
1901 } else if (mm_slot) {
1903 * This is required to serialize against
1904 * khugepaged_test_exit() (which is guaranteed to run
1905 * under mmap sem read mode). Stop here (after we
1906 * return all pagetables will be destroyed) until
1907 * khugepaged has finished working on the pagetables
1908 * under the mmap_sem.
1910 down_write(&mm->mmap_sem);
1911 up_write(&mm->mmap_sem);
1915 static void release_pte_page(struct page *page)
1917 /* 0 stands for page_is_file_cache(page) == false */
1918 dec_zone_page_state(page, NR_ISOLATED_ANON + 0);
1920 putback_lru_page(page);
1923 static void release_pte_pages(pte_t *pte, pte_t *_pte)
1925 while (--_pte >= pte) {
1926 pte_t pteval = *_pte;
1927 if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)))
1928 release_pte_page(pte_page(pteval));
1932 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
1933 unsigned long address,
1936 struct page *page = NULL;
1938 int none_or_zero = 0, result = 0;
1939 bool referenced = false, writable = false;
1941 for (_pte = pte; _pte < pte+HPAGE_PMD_NR;
1942 _pte++, address += PAGE_SIZE) {
1943 pte_t pteval = *_pte;
1944 if (pte_none(pteval) || (pte_present(pteval) &&
1945 is_zero_pfn(pte_pfn(pteval)))) {
1946 if (!userfaultfd_armed(vma) &&
1947 ++none_or_zero <= khugepaged_max_ptes_none) {
1950 result = SCAN_EXCEED_NONE_PTE;
1954 if (!pte_present(pteval)) {
1955 result = SCAN_PTE_NON_PRESENT;
1958 page = vm_normal_page(vma, address, pteval);
1959 if (unlikely(!page)) {
1960 result = SCAN_PAGE_NULL;
1964 VM_BUG_ON_PAGE(PageCompound(page), page);
1965 VM_BUG_ON_PAGE(!PageAnon(page), page);
1966 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
1969 * We can do it before isolate_lru_page because the
1970 * page can't be freed from under us. NOTE: PG_lock
1971 * is needed to serialize against split_huge_page
1972 * when invoked from the VM.
1974 if (!trylock_page(page)) {
1975 result = SCAN_PAGE_LOCK;
1980 * cannot use mapcount: can't collapse if there's a gup pin.
1981 * The page must only be referenced by the scanned process
1982 * and page swap cache.
1984 if (page_count(page) != 1 + !!PageSwapCache(page)) {
1986 result = SCAN_PAGE_COUNT;
1989 if (pte_write(pteval)) {
1992 if (PageSwapCache(page) && !reuse_swap_page(page)) {
1994 result = SCAN_SWAP_CACHE_PAGE;
1998 * Page is not in the swap cache. It can be collapsed
2004 * Isolate the page to avoid collapsing an hugepage
2005 * currently in use by the VM.
2007 if (isolate_lru_page(page)) {
2009 result = SCAN_DEL_PAGE_LRU;
2012 /* 0 stands for page_is_file_cache(page) == false */
2013 inc_zone_page_state(page, NR_ISOLATED_ANON + 0);
2014 VM_BUG_ON_PAGE(!PageLocked(page), page);
2015 VM_BUG_ON_PAGE(PageLRU(page), page);
2017 /* If there is no mapped pte young don't collapse the page */
2018 if (pte_young(pteval) ||
2019 page_is_young(page) || PageReferenced(page) ||
2020 mmu_notifier_test_young(vma->vm_mm, address))
2023 if (likely(writable)) {
2024 if (likely(referenced)) {
2025 result = SCAN_SUCCEED;
2026 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2027 referenced, writable, result);
2031 result = SCAN_PAGE_RO;
2035 release_pte_pages(pte, _pte);
2036 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2037 referenced, writable, result);
2041 static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
2042 struct vm_area_struct *vma,
2043 unsigned long address,
2047 for (_pte = pte; _pte < pte+HPAGE_PMD_NR; _pte++) {
2048 pte_t pteval = *_pte;
2049 struct page *src_page;
2051 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2052 clear_user_highpage(page, address);
2053 add_mm_counter(vma->vm_mm, MM_ANONPAGES, 1);
2054 if (is_zero_pfn(pte_pfn(pteval))) {
2056 * ptl mostly unnecessary.
2060 * paravirt calls inside pte_clear here are
2063 pte_clear(vma->vm_mm, address, _pte);
2067 src_page = pte_page(pteval);
2068 copy_user_highpage(page, src_page, address, vma);
2069 VM_BUG_ON_PAGE(page_mapcount(src_page) != 1, src_page);
2070 release_pte_page(src_page);
2072 * ptl mostly unnecessary, but preempt has to
2073 * be disabled to update the per-cpu stats
2074 * inside page_remove_rmap().
2078 * paravirt calls inside pte_clear here are
2081 pte_clear(vma->vm_mm, address, _pte);
2082 page_remove_rmap(src_page, false);
2084 free_page_and_swap_cache(src_page);
2087 address += PAGE_SIZE;
2092 static void khugepaged_alloc_sleep(void)
2096 add_wait_queue(&khugepaged_wait, &wait);
2097 freezable_schedule_timeout_interruptible(
2098 msecs_to_jiffies(khugepaged_alloc_sleep_millisecs));
2099 remove_wait_queue(&khugepaged_wait, &wait);
2102 static int khugepaged_node_load[MAX_NUMNODES];
2104 static bool khugepaged_scan_abort(int nid)
2109 * If zone_reclaim_mode is disabled, then no extra effort is made to
2110 * allocate memory locally.
2112 if (!zone_reclaim_mode)
2115 /* If there is a count for this node already, it must be acceptable */
2116 if (khugepaged_node_load[nid])
2119 for (i = 0; i < MAX_NUMNODES; i++) {
2120 if (!khugepaged_node_load[i])
2122 if (node_distance(nid, i) > RECLAIM_DISTANCE)
2129 static int khugepaged_find_target_node(void)
2131 static int last_khugepaged_target_node = NUMA_NO_NODE;
2132 int nid, target_node = 0, max_value = 0;
2134 /* find first node with max normal pages hit */
2135 for (nid = 0; nid < MAX_NUMNODES; nid++)
2136 if (khugepaged_node_load[nid] > max_value) {
2137 max_value = khugepaged_node_load[nid];
2141 /* do some balance if several nodes have the same hit record */
2142 if (target_node <= last_khugepaged_target_node)
2143 for (nid = last_khugepaged_target_node + 1; nid < MAX_NUMNODES;
2145 if (max_value == khugepaged_node_load[nid]) {
2150 last_khugepaged_target_node = target_node;
2154 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2156 if (IS_ERR(*hpage)) {
2162 khugepaged_alloc_sleep();
2163 } else if (*hpage) {
2171 static struct page *
2172 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2173 unsigned long address, int node)
2175 VM_BUG_ON_PAGE(*hpage, *hpage);
2178 * Before allocating the hugepage, release the mmap_sem read lock.
2179 * The allocation can take potentially a long time if it involves
2180 * sync compaction, and we do not need to hold the mmap_sem during
2181 * that. We will recheck the vma after taking it again in write mode.
2183 up_read(&mm->mmap_sem);
2185 *hpage = __alloc_pages_node(node, gfp, HPAGE_PMD_ORDER);
2186 if (unlikely(!*hpage)) {
2187 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2188 *hpage = ERR_PTR(-ENOMEM);
2192 prep_transhuge_page(*hpage);
2193 count_vm_event(THP_COLLAPSE_ALLOC);
2197 static int khugepaged_find_target_node(void)
2202 static inline struct page *alloc_hugepage(int defrag)
2206 page = alloc_pages(alloc_hugepage_gfpmask(defrag, 0), HPAGE_PMD_ORDER);
2208 prep_transhuge_page(page);
2212 static struct page *khugepaged_alloc_hugepage(bool *wait)
2217 hpage = alloc_hugepage(khugepaged_defrag());
2219 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2224 khugepaged_alloc_sleep();
2226 count_vm_event(THP_COLLAPSE_ALLOC);
2227 } while (unlikely(!hpage) && likely(khugepaged_enabled()));
2232 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2235 *hpage = khugepaged_alloc_hugepage(wait);
2237 if (unlikely(!*hpage))
2243 static struct page *
2244 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2245 unsigned long address, int node)
2247 up_read(&mm->mmap_sem);
2254 static bool hugepage_vma_check(struct vm_area_struct *vma)
2256 if ((!(vma->vm_flags & VM_HUGEPAGE) && !khugepaged_always()) ||
2257 (vma->vm_flags & VM_NOHUGEPAGE))
2259 if (!vma->anon_vma || vma->vm_ops)
2261 if (is_vma_temporary_stack(vma))
2263 VM_BUG_ON_VMA(vma->vm_flags & VM_NO_THP, vma);
2267 static void collapse_huge_page(struct mm_struct *mm,
2268 unsigned long address,
2269 struct page **hpage,
2270 struct vm_area_struct *vma,
2276 struct page *new_page;
2277 spinlock_t *pmd_ptl, *pte_ptl;
2278 int isolated, result = 0;
2279 unsigned long hstart, hend;
2280 struct mem_cgroup *memcg;
2281 unsigned long mmun_start; /* For mmu_notifiers */
2282 unsigned long mmun_end; /* For mmu_notifiers */
2285 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2287 /* Only allocate from the target node */
2288 gfp = alloc_hugepage_gfpmask(khugepaged_defrag(), __GFP_OTHER_NODE) |
2291 /* release the mmap_sem read lock. */
2292 new_page = khugepaged_alloc_page(hpage, gfp, mm, address, node);
2294 result = SCAN_ALLOC_HUGE_PAGE_FAIL;
2298 if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
2299 result = SCAN_CGROUP_CHARGE_FAIL;
2304 * Prevent all access to pagetables with the exception of
2305 * gup_fast later hanlded by the ptep_clear_flush and the VM
2306 * handled by the anon_vma lock + PG_lock.
2308 down_write(&mm->mmap_sem);
2309 if (unlikely(khugepaged_test_exit(mm))) {
2310 result = SCAN_ANY_PROCESS;
2314 vma = find_vma(mm, address);
2316 result = SCAN_VMA_NULL;
2319 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2320 hend = vma->vm_end & HPAGE_PMD_MASK;
2321 if (address < hstart || address + HPAGE_PMD_SIZE > hend) {
2322 result = SCAN_ADDRESS_RANGE;
2325 if (!hugepage_vma_check(vma)) {
2326 result = SCAN_VMA_CHECK;
2329 pmd = mm_find_pmd(mm, address);
2331 result = SCAN_PMD_NULL;
2335 anon_vma_lock_write(vma->anon_vma);
2337 pte = pte_offset_map(pmd, address);
2338 pte_ptl = pte_lockptr(mm, pmd);
2340 mmun_start = address;
2341 mmun_end = address + HPAGE_PMD_SIZE;
2342 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
2343 pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
2345 * After this gup_fast can't run anymore. This also removes
2346 * any huge TLB entry from the CPU so we won't allow
2347 * huge and small TLB entries for the same virtual address
2348 * to avoid the risk of CPU bugs in that area.
2350 _pmd = pmdp_collapse_flush(vma, address, pmd);
2351 spin_unlock(pmd_ptl);
2352 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
2355 isolated = __collapse_huge_page_isolate(vma, address, pte);
2356 spin_unlock(pte_ptl);
2358 if (unlikely(!isolated)) {
2361 BUG_ON(!pmd_none(*pmd));
2363 * We can only use set_pmd_at when establishing
2364 * hugepmds and never for establishing regular pmds that
2365 * points to regular pagetables. Use pmd_populate for that
2367 pmd_populate(mm, pmd, pmd_pgtable(_pmd));
2368 spin_unlock(pmd_ptl);
2369 anon_vma_unlock_write(vma->anon_vma);
2375 * All pages are isolated and locked so anon_vma rmap
2376 * can't run anymore.
2378 anon_vma_unlock_write(vma->anon_vma);
2380 __collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl);
2382 __SetPageUptodate(new_page);
2383 pgtable = pmd_pgtable(_pmd);
2385 _pmd = mk_huge_pmd(new_page, vma->vm_page_prot);
2386 _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
2389 * spin_lock() below is not the equivalent of smp_wmb(), so
2390 * this is needed to avoid the copy_huge_page writes to become
2391 * visible after the set_pmd_at() write.
2396 BUG_ON(!pmd_none(*pmd));
2397 page_add_new_anon_rmap(new_page, vma, address, true);
2398 mem_cgroup_commit_charge(new_page, memcg, false, true);
2399 lru_cache_add_active_or_unevictable(new_page, vma);
2400 pgtable_trans_huge_deposit(mm, pmd, pgtable);
2401 set_pmd_at(mm, address, pmd, _pmd);
2402 update_mmu_cache_pmd(vma, address, pmd);
2403 spin_unlock(pmd_ptl);
2407 khugepaged_pages_collapsed++;
2408 result = SCAN_SUCCEED;
2410 up_write(&mm->mmap_sem);
2411 trace_mm_collapse_huge_page(mm, isolated, result);
2415 trace_mm_collapse_huge_page(mm, isolated, result);
2418 mem_cgroup_cancel_charge(new_page, memcg, true);
2422 static int khugepaged_scan_pmd(struct mm_struct *mm,
2423 struct vm_area_struct *vma,
2424 unsigned long address,
2425 struct page **hpage)
2429 int ret = 0, none_or_zero = 0, result = 0;
2430 struct page *page = NULL;
2431 unsigned long _address;
2433 int node = NUMA_NO_NODE;
2434 bool writable = false, referenced = false;
2436 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2438 pmd = mm_find_pmd(mm, address);
2440 result = SCAN_PMD_NULL;
2444 memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
2445 pte = pte_offset_map_lock(mm, pmd, address, &ptl);
2446 for (_address = address, _pte = pte; _pte < pte+HPAGE_PMD_NR;
2447 _pte++, _address += PAGE_SIZE) {
2448 pte_t pteval = *_pte;
2449 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2450 if (!userfaultfd_armed(vma) &&
2451 ++none_or_zero <= khugepaged_max_ptes_none) {
2454 result = SCAN_EXCEED_NONE_PTE;
2458 if (!pte_present(pteval)) {
2459 result = SCAN_PTE_NON_PRESENT;
2462 if (pte_write(pteval))
2465 page = vm_normal_page(vma, _address, pteval);
2466 if (unlikely(!page)) {
2467 result = SCAN_PAGE_NULL;
2471 /* TODO: teach khugepaged to collapse THP mapped with pte */
2472 if (PageCompound(page)) {
2473 result = SCAN_PAGE_COMPOUND;
2478 * Record which node the original page is from and save this
2479 * information to khugepaged_node_load[].
2480 * Khupaged will allocate hugepage from the node has the max
2483 node = page_to_nid(page);
2484 if (khugepaged_scan_abort(node)) {
2485 result = SCAN_SCAN_ABORT;
2488 khugepaged_node_load[node]++;
2489 if (!PageLRU(page)) {
2490 result = SCAN_SCAN_ABORT;
2493 if (PageLocked(page)) {
2494 result = SCAN_PAGE_LOCK;
2497 if (!PageAnon(page)) {
2498 result = SCAN_PAGE_ANON;
2503 * cannot use mapcount: can't collapse if there's a gup pin.
2504 * The page must only be referenced by the scanned process
2505 * and page swap cache.
2507 if (page_count(page) != 1 + !!PageSwapCache(page)) {
2508 result = SCAN_PAGE_COUNT;
2511 if (pte_young(pteval) ||
2512 page_is_young(page) || PageReferenced(page) ||
2513 mmu_notifier_test_young(vma->vm_mm, address))
2518 result = SCAN_SUCCEED;
2521 result = SCAN_NO_REFERENCED_PAGE;
2524 result = SCAN_PAGE_RO;
2527 pte_unmap_unlock(pte, ptl);
2529 node = khugepaged_find_target_node();
2530 /* collapse_huge_page will return with the mmap_sem released */
2531 collapse_huge_page(mm, address, hpage, vma, node);
2534 trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
2535 none_or_zero, result);
2539 static void collect_mm_slot(struct mm_slot *mm_slot)
2541 struct mm_struct *mm = mm_slot->mm;
2543 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2545 if (khugepaged_test_exit(mm)) {
2547 hash_del(&mm_slot->hash);
2548 list_del(&mm_slot->mm_node);
2551 * Not strictly needed because the mm exited already.
2553 * clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
2556 /* khugepaged_mm_lock actually not necessary for the below */
2557 free_mm_slot(mm_slot);
2562 static unsigned int khugepaged_scan_mm_slot(unsigned int pages,
2563 struct page **hpage)
2564 __releases(&khugepaged_mm_lock)
2565 __acquires(&khugepaged_mm_lock)
2567 struct mm_slot *mm_slot;
2568 struct mm_struct *mm;
2569 struct vm_area_struct *vma;
2573 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2575 if (khugepaged_scan.mm_slot)
2576 mm_slot = khugepaged_scan.mm_slot;
2578 mm_slot = list_entry(khugepaged_scan.mm_head.next,
2579 struct mm_slot, mm_node);
2580 khugepaged_scan.address = 0;
2581 khugepaged_scan.mm_slot = mm_slot;
2583 spin_unlock(&khugepaged_mm_lock);
2586 down_read(&mm->mmap_sem);
2587 if (unlikely(khugepaged_test_exit(mm)))
2590 vma = find_vma(mm, khugepaged_scan.address);
2593 for (; vma; vma = vma->vm_next) {
2594 unsigned long hstart, hend;
2597 if (unlikely(khugepaged_test_exit(mm))) {
2601 if (!hugepage_vma_check(vma)) {
2606 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2607 hend = vma->vm_end & HPAGE_PMD_MASK;
2610 if (khugepaged_scan.address > hend)
2612 if (khugepaged_scan.address < hstart)
2613 khugepaged_scan.address = hstart;
2614 VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2616 while (khugepaged_scan.address < hend) {
2619 if (unlikely(khugepaged_test_exit(mm)))
2620 goto breakouterloop;
2622 VM_BUG_ON(khugepaged_scan.address < hstart ||
2623 khugepaged_scan.address + HPAGE_PMD_SIZE >
2625 ret = khugepaged_scan_pmd(mm, vma,
2626 khugepaged_scan.address,
2628 /* move to next address */
2629 khugepaged_scan.address += HPAGE_PMD_SIZE;
2630 progress += HPAGE_PMD_NR;
2632 /* we released mmap_sem so break loop */
2633 goto breakouterloop_mmap_sem;
2634 if (progress >= pages)
2635 goto breakouterloop;
2639 up_read(&mm->mmap_sem); /* exit_mmap will destroy ptes after this */
2640 breakouterloop_mmap_sem:
2642 spin_lock(&khugepaged_mm_lock);
2643 VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
2645 * Release the current mm_slot if this mm is about to die, or
2646 * if we scanned all vmas of this mm.
2648 if (khugepaged_test_exit(mm) || !vma) {
2650 * Make sure that if mm_users is reaching zero while
2651 * khugepaged runs here, khugepaged_exit will find
2652 * mm_slot not pointing to the exiting mm.
2654 if (mm_slot->mm_node.next != &khugepaged_scan.mm_head) {
2655 khugepaged_scan.mm_slot = list_entry(
2656 mm_slot->mm_node.next,
2657 struct mm_slot, mm_node);
2658 khugepaged_scan.address = 0;
2660 khugepaged_scan.mm_slot = NULL;
2661 khugepaged_full_scans++;
2664 collect_mm_slot(mm_slot);
2670 static int khugepaged_has_work(void)
2672 return !list_empty(&khugepaged_scan.mm_head) &&
2673 khugepaged_enabled();
2676 static int khugepaged_wait_event(void)
2678 return !list_empty(&khugepaged_scan.mm_head) ||
2679 kthread_should_stop();
2682 static void khugepaged_do_scan(void)
2684 struct page *hpage = NULL;
2685 unsigned int progress = 0, pass_through_head = 0;
2686 unsigned int pages = khugepaged_pages_to_scan;
2689 barrier(); /* write khugepaged_pages_to_scan to local stack */
2691 while (progress < pages) {
2692 if (!khugepaged_prealloc_page(&hpage, &wait))
2697 if (unlikely(kthread_should_stop() || try_to_freeze()))
2700 spin_lock(&khugepaged_mm_lock);
2701 if (!khugepaged_scan.mm_slot)
2702 pass_through_head++;
2703 if (khugepaged_has_work() &&
2704 pass_through_head < 2)
2705 progress += khugepaged_scan_mm_slot(pages - progress,
2709 spin_unlock(&khugepaged_mm_lock);
2712 if (!IS_ERR_OR_NULL(hpage))
2716 static void khugepaged_wait_work(void)
2718 if (khugepaged_has_work()) {
2719 if (!khugepaged_scan_sleep_millisecs)
2722 wait_event_freezable_timeout(khugepaged_wait,
2723 kthread_should_stop(),
2724 msecs_to_jiffies(khugepaged_scan_sleep_millisecs));
2728 if (khugepaged_enabled())
2729 wait_event_freezable(khugepaged_wait, khugepaged_wait_event());
2732 static int khugepaged(void *none)
2734 struct mm_slot *mm_slot;
2737 set_user_nice(current, MAX_NICE);
2739 while (!kthread_should_stop()) {
2740 khugepaged_do_scan();
2741 khugepaged_wait_work();
2744 spin_lock(&khugepaged_mm_lock);
2745 mm_slot = khugepaged_scan.mm_slot;
2746 khugepaged_scan.mm_slot = NULL;
2748 collect_mm_slot(mm_slot);
2749 spin_unlock(&khugepaged_mm_lock);
2753 static void __split_huge_zero_page_pmd(struct vm_area_struct *vma,
2754 unsigned long haddr, pmd_t *pmd)
2756 struct mm_struct *mm = vma->vm_mm;
2761 /* leave pmd empty until pte is filled */
2762 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2764 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2765 pmd_populate(mm, &_pmd, pgtable);
2767 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2769 entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot);
2770 entry = pte_mkspecial(entry);
2771 pte = pte_offset_map(&_pmd, haddr);
2772 VM_BUG_ON(!pte_none(*pte));
2773 set_pte_at(mm, haddr, pte, entry);
2776 smp_wmb(); /* make pte visible before pmd */
2777 pmd_populate(mm, pmd, pgtable);
2778 put_huge_zero_page();
2781 static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
2782 unsigned long haddr, bool freeze)
2784 struct mm_struct *mm = vma->vm_mm;
2788 bool young, write, dirty;
2791 VM_BUG_ON(haddr & ~HPAGE_PMD_MASK);
2792 VM_BUG_ON_VMA(vma->vm_start > haddr, vma);
2793 VM_BUG_ON_VMA(vma->vm_end < haddr + HPAGE_PMD_SIZE, vma);
2794 VM_BUG_ON(!pmd_trans_huge(*pmd) && !pmd_devmap(*pmd));
2796 count_vm_event(THP_SPLIT_PMD);
2798 if (vma_is_dax(vma)) {
2799 pmd_t _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2800 if (is_huge_zero_pmd(_pmd))
2801 put_huge_zero_page();
2803 } else if (is_huge_zero_pmd(*pmd)) {
2804 return __split_huge_zero_page_pmd(vma, haddr, pmd);
2807 page = pmd_page(*pmd);
2808 VM_BUG_ON_PAGE(!page_count(page), page);
2809 atomic_add(HPAGE_PMD_NR - 1, &page->_count);
2810 write = pmd_write(*pmd);
2811 young = pmd_young(*pmd);
2812 dirty = pmd_dirty(*pmd);
2814 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2815 pmd_populate(mm, &_pmd, pgtable);
2817 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2820 * Note that NUMA hinting access restrictions are not
2821 * transferred to avoid any possibility of altering
2822 * permissions across VMAs.
2825 swp_entry_t swp_entry;
2826 swp_entry = make_migration_entry(page + i, write);
2827 entry = swp_entry_to_pte(swp_entry);
2829 entry = mk_pte(page + i, vma->vm_page_prot);
2830 entry = maybe_mkwrite(entry, vma);
2832 entry = pte_wrprotect(entry);
2834 entry = pte_mkold(entry);
2837 SetPageDirty(page + i);
2838 pte = pte_offset_map(&_pmd, haddr);
2839 BUG_ON(!pte_none(*pte));
2840 set_pte_at(mm, haddr, pte, entry);
2841 atomic_inc(&page[i]._mapcount);
2846 * Set PG_double_map before dropping compound_mapcount to avoid
2847 * false-negative page_mapped().
2849 if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
2850 for (i = 0; i < HPAGE_PMD_NR; i++)
2851 atomic_inc(&page[i]._mapcount);
2854 if (atomic_add_negative(-1, compound_mapcount_ptr(page))) {
2855 /* Last compound_mapcount is gone. */
2856 __dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
2857 if (TestClearPageDoubleMap(page)) {
2858 /* No need in mapcount reference anymore */
2859 for (i = 0; i < HPAGE_PMD_NR; i++)
2860 atomic_dec(&page[i]._mapcount);
2864 smp_wmb(); /* make pte visible before pmd */
2866 * Up to this point the pmd is present and huge and userland has the
2867 * whole access to the hugepage during the split (which happens in
2868 * place). If we overwrite the pmd with the not-huge version pointing
2869 * to the pte here (which of course we could if all CPUs were bug
2870 * free), userland could trigger a small page size TLB miss on the
2871 * small sized TLB while the hugepage TLB entry is still established in
2872 * the huge TLB. Some CPU doesn't like that.
2873 * See http://support.amd.com/us/Processor_TechDocs/41322.pdf, Erratum
2874 * 383 on page 93. Intel should be safe but is also warns that it's
2875 * only safe if the permission and cache attributes of the two entries
2876 * loaded in the two TLB is identical (which should be the case here).
2877 * But it is generally safer to never allow small and huge TLB entries
2878 * for the same virtual address to be loaded simultaneously. So instead
2879 * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the
2880 * current pmd notpresent (atomically because here the pmd_trans_huge
2881 * and pmd_trans_splitting must remain set at all times on the pmd
2882 * until the split is complete for this pmd), then we flush the SMP TLB
2883 * and finally we write the non-huge version of the pmd entry with
2886 pmdp_invalidate(vma, haddr, pmd);
2887 pmd_populate(mm, pmd, pgtable);
2890 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2891 page_remove_rmap(page + i, false);
2897 void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
2898 unsigned long address)
2901 struct mm_struct *mm = vma->vm_mm;
2902 struct page *page = NULL;
2903 unsigned long haddr = address & HPAGE_PMD_MASK;
2905 mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE);
2906 ptl = pmd_lock(mm, pmd);
2907 if (pmd_trans_huge(*pmd)) {
2908 page = pmd_page(*pmd);
2909 if (PageMlocked(page))
2913 } else if (!pmd_devmap(*pmd))
2915 __split_huge_pmd_locked(vma, pmd, haddr, false);
2918 mmu_notifier_invalidate_range_end(mm, haddr, haddr + HPAGE_PMD_SIZE);
2921 munlock_vma_page(page);
2927 static void split_huge_pmd_address(struct vm_area_struct *vma,
2928 unsigned long address)
2934 VM_BUG_ON(!(address & ~HPAGE_PMD_MASK));
2936 pgd = pgd_offset(vma->vm_mm, address);
2937 if (!pgd_present(*pgd))
2940 pud = pud_offset(pgd, address);
2941 if (!pud_present(*pud))
2944 pmd = pmd_offset(pud, address);
2945 if (!pmd_present(*pmd) || (!pmd_trans_huge(*pmd) && !pmd_devmap(*pmd)))
2948 * Caller holds the mmap_sem write mode, so a huge pmd cannot
2949 * materialize from under us.
2951 split_huge_pmd(vma, pmd, address);
2954 void vma_adjust_trans_huge(struct vm_area_struct *vma,
2955 unsigned long start,
2960 * If the new start address isn't hpage aligned and it could
2961 * previously contain an hugepage: check if we need to split
2964 if (start & ~HPAGE_PMD_MASK &&
2965 (start & HPAGE_PMD_MASK) >= vma->vm_start &&
2966 (start & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
2967 split_huge_pmd_address(vma, start);
2970 * If the new end address isn't hpage aligned and it could
2971 * previously contain an hugepage: check if we need to split
2974 if (end & ~HPAGE_PMD_MASK &&
2975 (end & HPAGE_PMD_MASK) >= vma->vm_start &&
2976 (end & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
2977 split_huge_pmd_address(vma, end);
2980 * If we're also updating the vma->vm_next->vm_start, if the new
2981 * vm_next->vm_start isn't page aligned and it could previously
2982 * contain an hugepage: check if we need to split an huge pmd.
2984 if (adjust_next > 0) {
2985 struct vm_area_struct *next = vma->vm_next;
2986 unsigned long nstart = next->vm_start;
2987 nstart += adjust_next << PAGE_SHIFT;
2988 if (nstart & ~HPAGE_PMD_MASK &&
2989 (nstart & HPAGE_PMD_MASK) >= next->vm_start &&
2990 (nstart & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= next->vm_end)
2991 split_huge_pmd_address(next, nstart);
2995 static void freeze_page_vma(struct vm_area_struct *vma, struct page *page,
2996 unsigned long address)
2998 unsigned long haddr = address & HPAGE_PMD_MASK;
3004 int i, nr = HPAGE_PMD_NR;
3006 /* Skip pages which doesn't belong to the VMA */
3007 if (address < vma->vm_start) {
3008 int off = (vma->vm_start - address) >> PAGE_SHIFT;
3011 address = vma->vm_start;
3014 pgd = pgd_offset(vma->vm_mm, address);
3015 if (!pgd_present(*pgd))
3017 pud = pud_offset(pgd, address);
3018 if (!pud_present(*pud))
3020 pmd = pmd_offset(pud, address);
3021 ptl = pmd_lock(vma->vm_mm, pmd);
3022 if (!pmd_present(*pmd)) {
3026 if (pmd_trans_huge(*pmd)) {
3027 if (page == pmd_page(*pmd))
3028 __split_huge_pmd_locked(vma, pmd, haddr, true);
3034 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3035 for (i = 0; i < nr; i++, address += PAGE_SIZE, page++, pte++) {
3036 pte_t entry, swp_pte;
3037 swp_entry_t swp_entry;
3040 * We've just crossed page table boundary: need to map next one.
3041 * It can happen if THP was mremaped to non PMD-aligned address.
3043 if (unlikely(address == haddr + HPAGE_PMD_SIZE)) {
3044 pte_unmap_unlock(pte - 1, ptl);
3045 pmd = mm_find_pmd(vma->vm_mm, address);
3048 pte = pte_offset_map_lock(vma->vm_mm, pmd,
3052 if (!pte_present(*pte))
3054 if (page_to_pfn(page) != pte_pfn(*pte))
3056 flush_cache_page(vma, address, page_to_pfn(page));
3057 entry = ptep_clear_flush(vma, address, pte);
3058 if (pte_dirty(entry))
3060 swp_entry = make_migration_entry(page, pte_write(entry));
3061 swp_pte = swp_entry_to_pte(swp_entry);
3062 if (pte_soft_dirty(entry))
3063 swp_pte = pte_swp_mksoft_dirty(swp_pte);
3064 set_pte_at(vma->vm_mm, address, pte, swp_pte);
3065 page_remove_rmap(page, false);
3068 pte_unmap_unlock(pte - 1, ptl);
3071 static void freeze_page(struct anon_vma *anon_vma, struct page *page)
3073 struct anon_vma_chain *avc;
3074 pgoff_t pgoff = page_to_pgoff(page);
3076 VM_BUG_ON_PAGE(!PageHead(page), page);
3078 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff,
3079 pgoff + HPAGE_PMD_NR - 1) {
3080 unsigned long address = __vma_address(page, avc->vma);
3082 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3083 address, address + HPAGE_PMD_SIZE);
3084 freeze_page_vma(avc->vma, page, address);
3085 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3086 address, address + HPAGE_PMD_SIZE);
3090 static void unfreeze_page_vma(struct vm_area_struct *vma, struct page *page,
3091 unsigned long address)
3096 swp_entry_t swp_entry;
3097 unsigned long haddr = address & HPAGE_PMD_MASK;
3098 int i, nr = HPAGE_PMD_NR;
3100 /* Skip pages which doesn't belong to the VMA */
3101 if (address < vma->vm_start) {
3102 int off = (vma->vm_start - address) >> PAGE_SHIFT;
3105 address = vma->vm_start;
3108 pmd = mm_find_pmd(vma->vm_mm, address);
3112 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3113 for (i = 0; i < nr; i++, address += PAGE_SIZE, page++, pte++) {
3115 * We've just crossed page table boundary: need to map next one.
3116 * It can happen if THP was mremaped to non-PMD aligned address.
3118 if (unlikely(address == haddr + HPAGE_PMD_SIZE)) {
3119 pte_unmap_unlock(pte - 1, ptl);
3120 pmd = mm_find_pmd(vma->vm_mm, address);
3123 pte = pte_offset_map_lock(vma->vm_mm, pmd,
3127 if (!is_swap_pte(*pte))
3130 swp_entry = pte_to_swp_entry(*pte);
3131 if (!is_migration_entry(swp_entry))
3133 if (migration_entry_to_page(swp_entry) != page)
3137 page_add_anon_rmap(page, vma, address, false);
3139 entry = pte_mkold(mk_pte(page, vma->vm_page_prot));
3140 if (PageDirty(page))
3141 entry = pte_mkdirty(entry);
3142 if (is_write_migration_entry(swp_entry))
3143 entry = maybe_mkwrite(entry, vma);
3145 flush_dcache_page(page);
3146 set_pte_at(vma->vm_mm, address, pte, entry);
3148 /* No need to invalidate - it was non-present before */
3149 update_mmu_cache(vma, address, pte);
3151 pte_unmap_unlock(pte - 1, ptl);
3154 static void unfreeze_page(struct anon_vma *anon_vma, struct page *page)
3156 struct anon_vma_chain *avc;
3157 pgoff_t pgoff = page_to_pgoff(page);
3159 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root,
3160 pgoff, pgoff + HPAGE_PMD_NR - 1) {
3161 unsigned long address = __vma_address(page, avc->vma);
3163 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3164 address, address + HPAGE_PMD_SIZE);
3165 unfreeze_page_vma(avc->vma, page, address);
3166 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3167 address, address + HPAGE_PMD_SIZE);
3171 static int __split_huge_page_tail(struct page *head, int tail,
3172 struct lruvec *lruvec, struct list_head *list)
3175 struct page *page_tail = head + tail;
3177 mapcount = atomic_read(&page_tail->_mapcount) + 1;
3178 VM_BUG_ON_PAGE(atomic_read(&page_tail->_count) != 0, page_tail);
3181 * tail_page->_count is zero and not changing from under us. But
3182 * get_page_unless_zero() may be running from under us on the
3183 * tail_page. If we used atomic_set() below instead of atomic_add(), we
3184 * would then run atomic_set() concurrently with
3185 * get_page_unless_zero(), and atomic_set() is implemented in C not
3186 * using locked ops. spin_unlock on x86 sometime uses locked ops
3187 * because of PPro errata 66, 92, so unless somebody can guarantee
3188 * atomic_set() here would be safe on all archs (and not only on x86),
3189 * it's safer to use atomic_add().
3191 atomic_add(mapcount + 1, &page_tail->_count);
3194 page_tail->flags &= ~PAGE_FLAGS_CHECK_AT_PREP;
3195 page_tail->flags |= (head->flags &
3196 ((1L << PG_referenced) |
3197 (1L << PG_swapbacked) |
3198 (1L << PG_mlocked) |
3199 (1L << PG_uptodate) |
3202 (1L << PG_unevictable) |
3206 * After clearing PageTail the gup refcount can be released.
3207 * Page flags also must be visible before we make the page non-compound.
3211 clear_compound_head(page_tail);
3213 if (page_is_young(head))
3214 set_page_young(page_tail);
3215 if (page_is_idle(head))
3216 set_page_idle(page_tail);
3218 /* ->mapping in first tail page is compound_mapcount */
3219 VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING,
3221 page_tail->mapping = head->mapping;
3223 page_tail->index = head->index + tail;
3224 page_cpupid_xchg_last(page_tail, page_cpupid_last(head));
3225 lru_add_page_tail(head, page_tail, lruvec, list);
3230 static void __split_huge_page(struct page *page, struct list_head *list)
3232 struct page *head = compound_head(page);
3233 struct zone *zone = page_zone(head);
3234 struct lruvec *lruvec;
3235 int i, tail_mapcount;
3237 /* prevent PageLRU to go away from under us, and freeze lru stats */
3238 spin_lock_irq(&zone->lru_lock);
3239 lruvec = mem_cgroup_page_lruvec(head, zone);
3241 /* complete memcg works before add pages to LRU */
3242 mem_cgroup_split_huge_fixup(head);
3245 for (i = HPAGE_PMD_NR - 1; i >= 1; i--)
3246 tail_mapcount += __split_huge_page_tail(head, i, lruvec, list);
3247 atomic_sub(tail_mapcount, &head->_count);
3249 ClearPageCompound(head);
3250 spin_unlock_irq(&zone->lru_lock);
3252 unfreeze_page(page_anon_vma(head), head);
3254 for (i = 0; i < HPAGE_PMD_NR; i++) {
3255 struct page *subpage = head + i;
3256 if (subpage == page)
3258 unlock_page(subpage);
3261 * Subpages may be freed if there wasn't any mapping
3262 * like if add_to_swap() is running on a lru page that
3263 * had its mapping zapped. And freeing these pages
3264 * requires taking the lru_lock so we do the put_page
3265 * of the tail pages after the split is complete.
3271 int total_mapcount(struct page *page)
3275 VM_BUG_ON_PAGE(PageTail(page), page);
3277 if (likely(!PageCompound(page)))
3278 return atomic_read(&page->_mapcount) + 1;
3280 ret = compound_mapcount(page);
3283 for (i = 0; i < HPAGE_PMD_NR; i++)
3284 ret += atomic_read(&page[i]._mapcount) + 1;
3285 if (PageDoubleMap(page))
3286 ret -= HPAGE_PMD_NR;
3291 * This function splits huge page into normal pages. @page can point to any
3292 * subpage of huge page to split. Split doesn't change the position of @page.
3294 * Only caller must hold pin on the @page, otherwise split fails with -EBUSY.
3295 * The huge page must be locked.
3297 * If @list is null, tail pages will be added to LRU list, otherwise, to @list.
3299 * Both head page and tail pages will inherit mapping, flags, and so on from
3302 * GUP pin and PG_locked transferred to @page. Rest subpages can be freed if
3303 * they are not mapped.
3305 * Returns 0 if the hugepage is split successfully.
3306 * Returns -EBUSY if the page is pinned or if anon_vma disappeared from under
3309 int split_huge_page_to_list(struct page *page, struct list_head *list)
3311 struct page *head = compound_head(page);
3312 struct anon_vma *anon_vma;
3313 int count, mapcount, ret;
3316 VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
3317 VM_BUG_ON_PAGE(!PageAnon(page), page);
3318 VM_BUG_ON_PAGE(!PageLocked(page), page);
3319 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
3320 VM_BUG_ON_PAGE(!PageCompound(page), page);
3323 * The caller does not necessarily hold an mmap_sem that would prevent
3324 * the anon_vma disappearing so we first we take a reference to it
3325 * and then lock the anon_vma for write. This is similar to
3326 * page_lock_anon_vma_read except the write lock is taken to serialise
3327 * against parallel split or collapse operations.
3329 anon_vma = page_get_anon_vma(head);
3334 anon_vma_lock_write(anon_vma);
3337 * Racy check if we can split the page, before freeze_page() will
3340 if (total_mapcount(head) != page_count(head) - 1) {
3345 mlocked = PageMlocked(page);
3346 freeze_page(anon_vma, head);
3347 VM_BUG_ON_PAGE(compound_mapcount(head), head);
3349 /* Make sure the page is not on per-CPU pagevec as it takes pin */
3353 /* Prevent deferred_split_scan() touching ->_count */
3354 spin_lock(&split_queue_lock);
3355 count = page_count(head);
3356 mapcount = total_mapcount(head);
3357 if (!mapcount && count == 1) {
3358 if (!list_empty(page_deferred_list(head))) {
3360 list_del(page_deferred_list(head));
3362 spin_unlock(&split_queue_lock);
3363 __split_huge_page(page, list);
3365 } else if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount) {
3366 spin_unlock(&split_queue_lock);
3367 pr_alert("total_mapcount: %u, page_count(): %u\n",
3370 dump_page(head, NULL);
3371 dump_page(page, "total_mapcount(head) > 0");
3374 spin_unlock(&split_queue_lock);
3375 unfreeze_page(anon_vma, head);
3380 anon_vma_unlock_write(anon_vma);
3381 put_anon_vma(anon_vma);
3383 count_vm_event(!ret ? THP_SPLIT_PAGE : THP_SPLIT_PAGE_FAILED);
3387 void free_transhuge_page(struct page *page)
3389 unsigned long flags;
3391 spin_lock_irqsave(&split_queue_lock, flags);
3392 if (!list_empty(page_deferred_list(page))) {
3394 list_del(page_deferred_list(page));
3396 spin_unlock_irqrestore(&split_queue_lock, flags);
3397 free_compound_page(page);
3400 void deferred_split_huge_page(struct page *page)
3402 unsigned long flags;
3404 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
3406 spin_lock_irqsave(&split_queue_lock, flags);
3407 if (list_empty(page_deferred_list(page))) {
3408 list_add_tail(page_deferred_list(page), &split_queue);
3411 spin_unlock_irqrestore(&split_queue_lock, flags);
3414 static unsigned long deferred_split_count(struct shrinker *shrink,
3415 struct shrink_control *sc)
3418 * Split a page from split_queue will free up at least one page,
3419 * at most HPAGE_PMD_NR - 1. We don't track exact number.
3420 * Let's use HPAGE_PMD_NR / 2 as ballpark.
3422 return ACCESS_ONCE(split_queue_len) * HPAGE_PMD_NR / 2;
3425 static unsigned long deferred_split_scan(struct shrinker *shrink,
3426 struct shrink_control *sc)
3428 unsigned long flags;
3429 LIST_HEAD(list), *pos, *next;
3433 spin_lock_irqsave(&split_queue_lock, flags);
3434 list_splice_init(&split_queue, &list);
3436 /* Take pin on all head pages to avoid freeing them under us */
3437 list_for_each_safe(pos, next, &list) {
3438 page = list_entry((void *)pos, struct page, mapping);
3439 page = compound_head(page);
3440 /* race with put_compound_page() */
3441 if (!get_page_unless_zero(page)) {
3442 list_del_init(page_deferred_list(page));
3446 spin_unlock_irqrestore(&split_queue_lock, flags);
3448 list_for_each_safe(pos, next, &list) {
3449 page = list_entry((void *)pos, struct page, mapping);
3451 /* split_huge_page() removes page from list on success */
3452 if (!split_huge_page(page))
3458 spin_lock_irqsave(&split_queue_lock, flags);
3459 list_splice_tail(&list, &split_queue);
3460 spin_unlock_irqrestore(&split_queue_lock, flags);
3462 return split * HPAGE_PMD_NR / 2;
3465 static struct shrinker deferred_split_shrinker = {
3466 .count_objects = deferred_split_count,
3467 .scan_objects = deferred_split_scan,
3468 .seeks = DEFAULT_SEEKS,
3471 #ifdef CONFIG_DEBUG_FS
3472 static int split_huge_pages_set(void *data, u64 val)
3476 unsigned long pfn, max_zone_pfn;
3477 unsigned long total = 0, split = 0;
3482 for_each_populated_zone(zone) {
3483 max_zone_pfn = zone_end_pfn(zone);
3484 for (pfn = zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) {
3485 if (!pfn_valid(pfn))
3488 page = pfn_to_page(pfn);
3489 if (!get_page_unless_zero(page))
3492 if (zone != page_zone(page))
3495 if (!PageHead(page) || !PageAnon(page) ||
3501 if (!split_huge_page(page))
3509 pr_info("%lu of %lu THP split", split, total);
3513 DEFINE_SIMPLE_ATTRIBUTE(split_huge_pages_fops, NULL, split_huge_pages_set,
3516 static int __init split_huge_pages_debugfs(void)
3520 ret = debugfs_create_file("split_huge_pages", 0644, NULL, NULL,
3521 &split_huge_pages_fops);
3523 pr_warn("Failed to create split_huge_pages in debugfs");
3526 late_initcall(split_huge_pages_debugfs);
projects / karo-tx-linux.git / blob