2 * Copyright (C) 2009 Red Hat, Inc.
4 * This work is licensed under the terms of the GNU GPL, version 2. See
5 * the COPYING file in the top-level directory.
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 #include <linux/sched.h>
12 #include <linux/highmem.h>
13 #include <linux/hugetlb.h>
14 #include <linux/mmu_notifier.h>
15 #include <linux/rmap.h>
16 #include <linux/swap.h>
17 #include <linux/shrinker.h>
18 #include <linux/mm_inline.h>
19 #include <linux/swapops.h>
20 #include <linux/dax.h>
21 #include <linux/kthread.h>
22 #include <linux/khugepaged.h>
23 #include <linux/freezer.h>
24 #include <linux/pfn_t.h>
25 #include <linux/mman.h>
26 #include <linux/pagemap.h>
27 #include <linux/debugfs.h>
28 #include <linux/migrate.h>
29 #include <linux/hashtable.h>
30 #include <linux/userfaultfd_k.h>
31 #include <linux/page_idle.h>
34 #include <asm/pgalloc.h>
44 SCAN_NO_REFERENCED_PAGE,
58 SCAN_ALLOC_HUGE_PAGE_FAIL,
59 SCAN_CGROUP_CHARGE_FAIL
62 #define CREATE_TRACE_POINTS
63 #include <trace/events/huge_memory.h>
66 * By default transparent hugepage support is disabled in order that avoid
67 * to risk increase the memory footprint of applications without a guaranteed
68 * benefit. When transparent hugepage support is enabled, is for all mappings,
69 * and khugepaged scans all mappings.
70 * Defrag is invoked by khugepaged hugepage allocations and by page faults
71 * for all hugepage allocations.
73 unsigned long transparent_hugepage_flags __read_mostly =
74 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS
75 (1<<TRANSPARENT_HUGEPAGE_FLAG)|
77 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_MADVISE
78 (1<<TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG)|
80 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_FLAG)|
81 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG)|
82 (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
84 /* default scan 8*512 pte (or vmas) every 30 second */
85 static unsigned int khugepaged_pages_to_scan __read_mostly = HPAGE_PMD_NR*8;
86 static unsigned int khugepaged_pages_collapsed;
87 static unsigned int khugepaged_full_scans;
88 static unsigned int khugepaged_scan_sleep_millisecs __read_mostly = 10000;
89 /* during fragmentation poll the hugepage allocator once every minute */
90 static unsigned int khugepaged_alloc_sleep_millisecs __read_mostly = 60000;
91 static struct task_struct *khugepaged_thread __read_mostly;
92 static DEFINE_MUTEX(khugepaged_mutex);
93 static DEFINE_SPINLOCK(khugepaged_mm_lock);
94 static DECLARE_WAIT_QUEUE_HEAD(khugepaged_wait);
96 * default collapse hugepages if there is at least one pte mapped like
97 * it would have happened if the vma was large enough during page
100 static unsigned int khugepaged_max_ptes_none __read_mostly = HPAGE_PMD_NR-1;
102 static int khugepaged(void *none);
103 static int khugepaged_slab_init(void);
104 static void khugepaged_slab_exit(void);
106 #define MM_SLOTS_HASH_BITS 10
107 static __read_mostly DEFINE_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
109 static struct kmem_cache *mm_slot_cache __read_mostly;
112 * struct mm_slot - hash lookup from mm to mm_slot
113 * @hash: hash collision list
114 * @mm_node: khugepaged scan list headed in khugepaged_scan.mm_head
115 * @mm: the mm that this information is valid for
118 struct hlist_node hash;
119 struct list_head mm_node;
120 struct mm_struct *mm;
124 * struct khugepaged_scan - cursor for scanning
125 * @mm_head: the head of the mm list to scan
126 * @mm_slot: the current mm_slot we are scanning
127 * @address: the next address inside that to be scanned
129 * There is only the one khugepaged_scan instance of this cursor structure.
131 struct khugepaged_scan {
132 struct list_head mm_head;
133 struct mm_slot *mm_slot;
134 unsigned long address;
136 static struct khugepaged_scan khugepaged_scan = {
137 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head),
140 static DEFINE_SPINLOCK(split_queue_lock);
141 static LIST_HEAD(split_queue);
142 static unsigned long split_queue_len;
143 static struct shrinker deferred_split_shrinker;
145 static void set_recommended_min_free_kbytes(void)
149 unsigned long recommended_min;
151 for_each_populated_zone(zone)
154 /* Ensure 2 pageblocks are free to assist fragmentation avoidance */
155 recommended_min = pageblock_nr_pages * nr_zones * 2;
158 * Make sure that on average at least two pageblocks are almost free
159 * of another type, one for a migratetype to fall back to and a
160 * second to avoid subsequent fallbacks of other types There are 3
161 * MIGRATE_TYPES we care about.
163 recommended_min += pageblock_nr_pages * nr_zones *
164 MIGRATE_PCPTYPES * MIGRATE_PCPTYPES;
166 /* don't ever allow to reserve more than 5% of the lowmem */
167 recommended_min = min(recommended_min,
168 (unsigned long) nr_free_buffer_pages() / 20);
169 recommended_min <<= (PAGE_SHIFT-10);
171 if (recommended_min > min_free_kbytes) {
172 if (user_min_free_kbytes >= 0)
173 pr_info("raising min_free_kbytes from %d to %lu "
174 "to help transparent hugepage allocations\n",
175 min_free_kbytes, recommended_min);
177 min_free_kbytes = recommended_min;
179 setup_per_zone_wmarks();
182 static int start_stop_khugepaged(void)
185 if (khugepaged_enabled()) {
186 if (!khugepaged_thread)
187 khugepaged_thread = kthread_run(khugepaged, NULL,
189 if (IS_ERR(khugepaged_thread)) {
190 pr_err("khugepaged: kthread_run(khugepaged) failed\n");
191 err = PTR_ERR(khugepaged_thread);
192 khugepaged_thread = NULL;
196 if (!list_empty(&khugepaged_scan.mm_head))
197 wake_up_interruptible(&khugepaged_wait);
199 set_recommended_min_free_kbytes();
200 } else if (khugepaged_thread) {
201 kthread_stop(khugepaged_thread);
202 khugepaged_thread = NULL;
208 static atomic_t huge_zero_refcount;
209 struct page *huge_zero_page __read_mostly;
211 struct page *get_huge_zero_page(void)
213 struct page *zero_page;
215 if (likely(atomic_inc_not_zero(&huge_zero_refcount)))
216 return READ_ONCE(huge_zero_page);
218 zero_page = alloc_pages((GFP_TRANSHUGE | __GFP_ZERO) & ~__GFP_MOVABLE,
221 count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED);
224 count_vm_event(THP_ZERO_PAGE_ALLOC);
226 if (cmpxchg(&huge_zero_page, NULL, zero_page)) {
228 __free_pages(zero_page, compound_order(zero_page));
232 /* We take additional reference here. It will be put back by shrinker */
233 atomic_set(&huge_zero_refcount, 2);
235 return READ_ONCE(huge_zero_page);
238 static void put_huge_zero_page(void)
241 * Counter should never go to zero here. Only shrinker can put
244 BUG_ON(atomic_dec_and_test(&huge_zero_refcount));
247 static unsigned long shrink_huge_zero_page_count(struct shrinker *shrink,
248 struct shrink_control *sc)
250 /* we can free zero page only if last reference remains */
251 return atomic_read(&huge_zero_refcount) == 1 ? HPAGE_PMD_NR : 0;
254 static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink,
255 struct shrink_control *sc)
257 if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) {
258 struct page *zero_page = xchg(&huge_zero_page, NULL);
259 BUG_ON(zero_page == NULL);
260 __free_pages(zero_page, compound_order(zero_page));
267 static struct shrinker huge_zero_page_shrinker = {
268 .count_objects = shrink_huge_zero_page_count,
269 .scan_objects = shrink_huge_zero_page_scan,
270 .seeks = DEFAULT_SEEKS,
275 static ssize_t double_flag_show(struct kobject *kobj,
276 struct kobj_attribute *attr, char *buf,
277 enum transparent_hugepage_flag enabled,
278 enum transparent_hugepage_flag req_madv)
280 if (test_bit(enabled, &transparent_hugepage_flags)) {
281 VM_BUG_ON(test_bit(req_madv, &transparent_hugepage_flags));
282 return sprintf(buf, "[always] madvise never\n");
283 } else if (test_bit(req_madv, &transparent_hugepage_flags))
284 return sprintf(buf, "always [madvise] never\n");
286 return sprintf(buf, "always madvise [never]\n");
288 static ssize_t double_flag_store(struct kobject *kobj,
289 struct kobj_attribute *attr,
290 const char *buf, size_t count,
291 enum transparent_hugepage_flag enabled,
292 enum transparent_hugepage_flag req_madv)
294 if (!memcmp("always", buf,
295 min(sizeof("always")-1, count))) {
296 set_bit(enabled, &transparent_hugepage_flags);
297 clear_bit(req_madv, &transparent_hugepage_flags);
298 } else if (!memcmp("madvise", buf,
299 min(sizeof("madvise")-1, count))) {
300 clear_bit(enabled, &transparent_hugepage_flags);
301 set_bit(req_madv, &transparent_hugepage_flags);
302 } else if (!memcmp("never", buf,
303 min(sizeof("never")-1, count))) {
304 clear_bit(enabled, &transparent_hugepage_flags);
305 clear_bit(req_madv, &transparent_hugepage_flags);
312 static ssize_t enabled_show(struct kobject *kobj,
313 struct kobj_attribute *attr, char *buf)
315 return double_flag_show(kobj, attr, buf,
316 TRANSPARENT_HUGEPAGE_FLAG,
317 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
319 static ssize_t enabled_store(struct kobject *kobj,
320 struct kobj_attribute *attr,
321 const char *buf, size_t count)
325 ret = double_flag_store(kobj, attr, buf, count,
326 TRANSPARENT_HUGEPAGE_FLAG,
327 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
332 mutex_lock(&khugepaged_mutex);
333 err = start_stop_khugepaged();
334 mutex_unlock(&khugepaged_mutex);
342 static struct kobj_attribute enabled_attr =
343 __ATTR(enabled, 0644, enabled_show, enabled_store);
345 static ssize_t single_flag_show(struct kobject *kobj,
346 struct kobj_attribute *attr, char *buf,
347 enum transparent_hugepage_flag flag)
349 return sprintf(buf, "%d\n",
350 !!test_bit(flag, &transparent_hugepage_flags));
353 static ssize_t single_flag_store(struct kobject *kobj,
354 struct kobj_attribute *attr,
355 const char *buf, size_t count,
356 enum transparent_hugepage_flag flag)
361 ret = kstrtoul(buf, 10, &value);
368 set_bit(flag, &transparent_hugepage_flags);
370 clear_bit(flag, &transparent_hugepage_flags);
376 * Currently defrag only disables __GFP_NOWAIT for allocation. A blind
377 * __GFP_REPEAT is too aggressive, it's never worth swapping tons of
378 * memory just to allocate one more hugepage.
380 static ssize_t defrag_show(struct kobject *kobj,
381 struct kobj_attribute *attr, char *buf)
383 return double_flag_show(kobj, attr, buf,
384 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
385 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
387 static ssize_t defrag_store(struct kobject *kobj,
388 struct kobj_attribute *attr,
389 const char *buf, size_t count)
391 return double_flag_store(kobj, attr, buf, count,
392 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
393 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
395 static struct kobj_attribute defrag_attr =
396 __ATTR(defrag, 0644, defrag_show, defrag_store);
398 static ssize_t use_zero_page_show(struct kobject *kobj,
399 struct kobj_attribute *attr, char *buf)
401 return single_flag_show(kobj, attr, buf,
402 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
404 static ssize_t use_zero_page_store(struct kobject *kobj,
405 struct kobj_attribute *attr, const char *buf, size_t count)
407 return single_flag_store(kobj, attr, buf, count,
408 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
410 static struct kobj_attribute use_zero_page_attr =
411 __ATTR(use_zero_page, 0644, use_zero_page_show, use_zero_page_store);
412 #ifdef CONFIG_DEBUG_VM
413 static ssize_t debug_cow_show(struct kobject *kobj,
414 struct kobj_attribute *attr, char *buf)
416 return single_flag_show(kobj, attr, buf,
417 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
419 static ssize_t debug_cow_store(struct kobject *kobj,
420 struct kobj_attribute *attr,
421 const char *buf, size_t count)
423 return single_flag_store(kobj, attr, buf, count,
424 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
426 static struct kobj_attribute debug_cow_attr =
427 __ATTR(debug_cow, 0644, debug_cow_show, debug_cow_store);
428 #endif /* CONFIG_DEBUG_VM */
430 static struct attribute *hugepage_attr[] = {
433 &use_zero_page_attr.attr,
434 #ifdef CONFIG_DEBUG_VM
435 &debug_cow_attr.attr,
440 static struct attribute_group hugepage_attr_group = {
441 .attrs = hugepage_attr,
444 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj,
445 struct kobj_attribute *attr,
448 return sprintf(buf, "%u\n", khugepaged_scan_sleep_millisecs);
451 static ssize_t scan_sleep_millisecs_store(struct kobject *kobj,
452 struct kobj_attribute *attr,
453 const char *buf, size_t count)
458 err = kstrtoul(buf, 10, &msecs);
459 if (err || msecs > UINT_MAX)
462 khugepaged_scan_sleep_millisecs = msecs;
463 wake_up_interruptible(&khugepaged_wait);
467 static struct kobj_attribute scan_sleep_millisecs_attr =
468 __ATTR(scan_sleep_millisecs, 0644, scan_sleep_millisecs_show,
469 scan_sleep_millisecs_store);
471 static ssize_t alloc_sleep_millisecs_show(struct kobject *kobj,
472 struct kobj_attribute *attr,
475 return sprintf(buf, "%u\n", khugepaged_alloc_sleep_millisecs);
478 static ssize_t alloc_sleep_millisecs_store(struct kobject *kobj,
479 struct kobj_attribute *attr,
480 const char *buf, size_t count)
485 err = kstrtoul(buf, 10, &msecs);
486 if (err || msecs > UINT_MAX)
489 khugepaged_alloc_sleep_millisecs = msecs;
490 wake_up_interruptible(&khugepaged_wait);
494 static struct kobj_attribute alloc_sleep_millisecs_attr =
495 __ATTR(alloc_sleep_millisecs, 0644, alloc_sleep_millisecs_show,
496 alloc_sleep_millisecs_store);
498 static ssize_t pages_to_scan_show(struct kobject *kobj,
499 struct kobj_attribute *attr,
502 return sprintf(buf, "%u\n", khugepaged_pages_to_scan);
504 static ssize_t pages_to_scan_store(struct kobject *kobj,
505 struct kobj_attribute *attr,
506 const char *buf, size_t count)
511 err = kstrtoul(buf, 10, &pages);
512 if (err || !pages || pages > UINT_MAX)
515 khugepaged_pages_to_scan = pages;
519 static struct kobj_attribute pages_to_scan_attr =
520 __ATTR(pages_to_scan, 0644, pages_to_scan_show,
521 pages_to_scan_store);
523 static ssize_t pages_collapsed_show(struct kobject *kobj,
524 struct kobj_attribute *attr,
527 return sprintf(buf, "%u\n", khugepaged_pages_collapsed);
529 static struct kobj_attribute pages_collapsed_attr =
530 __ATTR_RO(pages_collapsed);
532 static ssize_t full_scans_show(struct kobject *kobj,
533 struct kobj_attribute *attr,
536 return sprintf(buf, "%u\n", khugepaged_full_scans);
538 static struct kobj_attribute full_scans_attr =
539 __ATTR_RO(full_scans);
541 static ssize_t khugepaged_defrag_show(struct kobject *kobj,
542 struct kobj_attribute *attr, char *buf)
544 return single_flag_show(kobj, attr, buf,
545 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
547 static ssize_t khugepaged_defrag_store(struct kobject *kobj,
548 struct kobj_attribute *attr,
549 const char *buf, size_t count)
551 return single_flag_store(kobj, attr, buf, count,
552 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
554 static struct kobj_attribute khugepaged_defrag_attr =
555 __ATTR(defrag, 0644, khugepaged_defrag_show,
556 khugepaged_defrag_store);
559 * max_ptes_none controls if khugepaged should collapse hugepages over
560 * any unmapped ptes in turn potentially increasing the memory
561 * footprint of the vmas. When max_ptes_none is 0 khugepaged will not
562 * reduce the available free memory in the system as it
563 * runs. Increasing max_ptes_none will instead potentially reduce the
564 * free memory in the system during the khugepaged scan.
566 static ssize_t khugepaged_max_ptes_none_show(struct kobject *kobj,
567 struct kobj_attribute *attr,
570 return sprintf(buf, "%u\n", khugepaged_max_ptes_none);
572 static ssize_t khugepaged_max_ptes_none_store(struct kobject *kobj,
573 struct kobj_attribute *attr,
574 const char *buf, size_t count)
577 unsigned long max_ptes_none;
579 err = kstrtoul(buf, 10, &max_ptes_none);
580 if (err || max_ptes_none > HPAGE_PMD_NR-1)
583 khugepaged_max_ptes_none = max_ptes_none;
587 static struct kobj_attribute khugepaged_max_ptes_none_attr =
588 __ATTR(max_ptes_none, 0644, khugepaged_max_ptes_none_show,
589 khugepaged_max_ptes_none_store);
591 static struct attribute *khugepaged_attr[] = {
592 &khugepaged_defrag_attr.attr,
593 &khugepaged_max_ptes_none_attr.attr,
594 &pages_to_scan_attr.attr,
595 &pages_collapsed_attr.attr,
596 &full_scans_attr.attr,
597 &scan_sleep_millisecs_attr.attr,
598 &alloc_sleep_millisecs_attr.attr,
602 static struct attribute_group khugepaged_attr_group = {
603 .attrs = khugepaged_attr,
604 .name = "khugepaged",
607 static int __init hugepage_init_sysfs(struct kobject **hugepage_kobj)
611 *hugepage_kobj = kobject_create_and_add("transparent_hugepage", mm_kobj);
612 if (unlikely(!*hugepage_kobj)) {
613 pr_err("failed to create transparent hugepage kobject\n");
617 err = sysfs_create_group(*hugepage_kobj, &hugepage_attr_group);
619 pr_err("failed to register transparent hugepage group\n");
623 err = sysfs_create_group(*hugepage_kobj, &khugepaged_attr_group);
625 pr_err("failed to register transparent hugepage group\n");
626 goto remove_hp_group;
632 sysfs_remove_group(*hugepage_kobj, &hugepage_attr_group);
634 kobject_put(*hugepage_kobj);
638 static void __init hugepage_exit_sysfs(struct kobject *hugepage_kobj)
640 sysfs_remove_group(hugepage_kobj, &khugepaged_attr_group);
641 sysfs_remove_group(hugepage_kobj, &hugepage_attr_group);
642 kobject_put(hugepage_kobj);
645 static inline int hugepage_init_sysfs(struct kobject **hugepage_kobj)
650 static inline void hugepage_exit_sysfs(struct kobject *hugepage_kobj)
653 #endif /* CONFIG_SYSFS */
655 static int __init hugepage_init(void)
658 struct kobject *hugepage_kobj;
660 if (!has_transparent_hugepage()) {
661 transparent_hugepage_flags = 0;
665 err = hugepage_init_sysfs(&hugepage_kobj);
669 err = khugepaged_slab_init();
673 err = register_shrinker(&huge_zero_page_shrinker);
675 goto err_hzp_shrinker;
676 err = register_shrinker(&deferred_split_shrinker);
678 goto err_split_shrinker;
681 * By default disable transparent hugepages on smaller systems,
682 * where the extra memory used could hurt more than TLB overhead
683 * is likely to save. The admin can still enable it through /sys.
685 if (totalram_pages < (512 << (20 - PAGE_SHIFT))) {
686 transparent_hugepage_flags = 0;
690 err = start_stop_khugepaged();
696 unregister_shrinker(&deferred_split_shrinker);
698 unregister_shrinker(&huge_zero_page_shrinker);
700 khugepaged_slab_exit();
702 hugepage_exit_sysfs(hugepage_kobj);
706 subsys_initcall(hugepage_init);
708 static int __init setup_transparent_hugepage(char *str)
713 if (!strcmp(str, "always")) {
714 set_bit(TRANSPARENT_HUGEPAGE_FLAG,
715 &transparent_hugepage_flags);
716 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
717 &transparent_hugepage_flags);
719 } else if (!strcmp(str, "madvise")) {
720 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
721 &transparent_hugepage_flags);
722 set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
723 &transparent_hugepage_flags);
725 } else if (!strcmp(str, "never")) {
726 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
727 &transparent_hugepage_flags);
728 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
729 &transparent_hugepage_flags);
734 pr_warn("transparent_hugepage= cannot parse, ignored\n");
737 __setup("transparent_hugepage=", setup_transparent_hugepage);
739 pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma)
741 if (likely(vma->vm_flags & VM_WRITE))
742 pmd = pmd_mkwrite(pmd);
746 static inline pmd_t mk_huge_pmd(struct page *page, pgprot_t prot)
749 entry = mk_pmd(page, prot);
750 entry = pmd_mkhuge(entry);
754 static inline struct list_head *page_deferred_list(struct page *page)
757 * ->lru in the tail pages is occupied by compound_head.
758 * Let's use ->mapping + ->index in the second tail page as list_head.
760 return (struct list_head *)&page[2].mapping;
763 void prep_transhuge_page(struct page *page)
766 * we use page->mapping and page->indexlru in second tail page
767 * as list_head: assuming THP order >= 2
769 BUILD_BUG_ON(HPAGE_PMD_ORDER < 2);
771 INIT_LIST_HEAD(page_deferred_list(page));
772 set_compound_page_dtor(page, TRANSHUGE_PAGE_DTOR);
775 static int __do_huge_pmd_anonymous_page(struct mm_struct *mm,
776 struct vm_area_struct *vma,
777 unsigned long address, pmd_t *pmd,
778 struct page *page, gfp_t gfp,
781 struct mem_cgroup *memcg;
784 unsigned long haddr = address & HPAGE_PMD_MASK;
786 VM_BUG_ON_PAGE(!PageCompound(page), page);
788 if (mem_cgroup_try_charge(page, mm, gfp, &memcg, true)) {
790 count_vm_event(THP_FAULT_FALLBACK);
791 return VM_FAULT_FALLBACK;
794 pgtable = pte_alloc_one(mm, haddr);
795 if (unlikely(!pgtable)) {
796 mem_cgroup_cancel_charge(page, memcg, true);
801 clear_huge_page(page, haddr, HPAGE_PMD_NR);
803 * The memory barrier inside __SetPageUptodate makes sure that
804 * clear_huge_page writes become visible before the set_pmd_at()
807 __SetPageUptodate(page);
809 ptl = pmd_lock(mm, pmd);
810 if (unlikely(!pmd_none(*pmd))) {
812 mem_cgroup_cancel_charge(page, memcg, true);
814 pte_free(mm, pgtable);
818 /* Deliver the page fault to userland */
819 if (userfaultfd_missing(vma)) {
823 mem_cgroup_cancel_charge(page, memcg, true);
825 pte_free(mm, pgtable);
826 ret = handle_userfault(vma, address, flags,
828 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
832 entry = mk_huge_pmd(page, vma->vm_page_prot);
833 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
834 page_add_new_anon_rmap(page, vma, haddr, true);
835 mem_cgroup_commit_charge(page, memcg, false, true);
836 lru_cache_add_active_or_unevictable(page, vma);
837 pgtable_trans_huge_deposit(mm, pmd, pgtable);
838 set_pmd_at(mm, haddr, pmd, entry);
839 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
840 atomic_long_inc(&mm->nr_ptes);
842 count_vm_event(THP_FAULT_ALLOC);
848 static inline gfp_t alloc_hugepage_gfpmask(int defrag, gfp_t extra_gfp)
850 return (GFP_TRANSHUGE & ~(defrag ? 0 : __GFP_RECLAIM)) | extra_gfp;
853 /* Caller must hold page table lock. */
854 static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm,
855 struct vm_area_struct *vma, unsigned long haddr, pmd_t *pmd,
856 struct page *zero_page)
861 entry = mk_pmd(zero_page, vma->vm_page_prot);
862 entry = pmd_mkhuge(entry);
863 pgtable_trans_huge_deposit(mm, pmd, pgtable);
864 set_pmd_at(mm, haddr, pmd, entry);
865 atomic_long_inc(&mm->nr_ptes);
869 int do_huge_pmd_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
870 unsigned long address, pmd_t *pmd,
875 unsigned long haddr = address & HPAGE_PMD_MASK;
877 if (haddr < vma->vm_start || haddr + HPAGE_PMD_SIZE > vma->vm_end)
878 return VM_FAULT_FALLBACK;
879 if (unlikely(anon_vma_prepare(vma)))
881 if (unlikely(khugepaged_enter(vma, vma->vm_flags)))
883 if (!(flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(mm) &&
884 transparent_hugepage_use_zero_page()) {
887 struct page *zero_page;
890 pgtable = pte_alloc_one(mm, haddr);
891 if (unlikely(!pgtable))
893 zero_page = get_huge_zero_page();
894 if (unlikely(!zero_page)) {
895 pte_free(mm, pgtable);
896 count_vm_event(THP_FAULT_FALLBACK);
897 return VM_FAULT_FALLBACK;
899 ptl = pmd_lock(mm, pmd);
902 if (pmd_none(*pmd)) {
903 if (userfaultfd_missing(vma)) {
905 ret = handle_userfault(vma, address, flags,
907 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
909 set_huge_zero_page(pgtable, mm, vma,
918 pte_free(mm, pgtable);
919 put_huge_zero_page();
923 gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
924 page = alloc_hugepage_vma(gfp, vma, haddr, HPAGE_PMD_ORDER);
925 if (unlikely(!page)) {
926 count_vm_event(THP_FAULT_FALLBACK);
927 return VM_FAULT_FALLBACK;
929 prep_transhuge_page(page);
930 return __do_huge_pmd_anonymous_page(mm, vma, address, pmd, page, gfp,
934 static void insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
935 pmd_t *pmd, pfn_t pfn, pgprot_t prot, bool write)
937 struct mm_struct *mm = vma->vm_mm;
941 ptl = pmd_lock(mm, pmd);
942 entry = pmd_mkhuge(pfn_t_pmd(pfn, prot));
943 if (pfn_t_devmap(pfn))
944 entry = pmd_mkdevmap(entry);
946 entry = pmd_mkyoung(pmd_mkdirty(entry));
947 entry = maybe_pmd_mkwrite(entry, vma);
949 set_pmd_at(mm, addr, pmd, entry);
950 update_mmu_cache_pmd(vma, addr, pmd);
954 int vmf_insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
955 pmd_t *pmd, pfn_t pfn, bool write)
957 pgprot_t pgprot = vma->vm_page_prot;
959 * If we had pmd_special, we could avoid all these restrictions,
960 * but we need to be consistent with PTEs and architectures that
961 * can't support a 'special' bit.
963 BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)));
964 BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) ==
965 (VM_PFNMAP|VM_MIXEDMAP));
966 BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));
967 BUG_ON(!pfn_t_devmap(pfn));
969 if (addr < vma->vm_start || addr >= vma->vm_end)
970 return VM_FAULT_SIGBUS;
971 if (track_pfn_insert(vma, &pgprot, pfn))
972 return VM_FAULT_SIGBUS;
973 insert_pfn_pmd(vma, addr, pmd, pfn, pgprot, write);
974 return VM_FAULT_NOPAGE;
977 int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
978 pmd_t *dst_pmd, pmd_t *src_pmd, unsigned long addr,
979 struct vm_area_struct *vma)
981 spinlock_t *dst_ptl, *src_ptl;
982 struct page *src_page;
988 pgtable = pte_alloc_one(dst_mm, addr);
989 if (unlikely(!pgtable))
992 dst_ptl = pmd_lock(dst_mm, dst_pmd);
993 src_ptl = pmd_lockptr(src_mm, src_pmd);
994 spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
998 if (unlikely(!pmd_trans_huge(pmd))) {
999 pte_free(dst_mm, pgtable);
1003 * When page table lock is held, the huge zero pmd should not be
1004 * under splitting since we don't split the page itself, only pmd to
1007 if (is_huge_zero_pmd(pmd)) {
1008 struct page *zero_page;
1010 * get_huge_zero_page() will never allocate a new page here,
1011 * since we already have a zero page to copy. It just takes a
1014 zero_page = get_huge_zero_page();
1015 set_huge_zero_page(pgtable, dst_mm, vma, addr, dst_pmd,
1021 src_page = pmd_page(pmd);
1022 VM_BUG_ON_PAGE(!PageHead(src_page), src_page);
1024 page_dup_rmap(src_page, true);
1025 add_mm_counter(dst_mm, MM_ANONPAGES, HPAGE_PMD_NR);
1027 pmdp_set_wrprotect(src_mm, addr, src_pmd);
1028 pmd = pmd_mkold(pmd_wrprotect(pmd));
1029 pgtable_trans_huge_deposit(dst_mm, dst_pmd, pgtable);
1030 set_pmd_at(dst_mm, addr, dst_pmd, pmd);
1031 atomic_long_inc(&dst_mm->nr_ptes);
1035 spin_unlock(src_ptl);
1036 spin_unlock(dst_ptl);
1041 void huge_pmd_set_accessed(struct mm_struct *mm,
1042 struct vm_area_struct *vma,
1043 unsigned long address,
1044 pmd_t *pmd, pmd_t orig_pmd,
1049 unsigned long haddr;
1051 ptl = pmd_lock(mm, pmd);
1052 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1055 entry = pmd_mkyoung(orig_pmd);
1056 haddr = address & HPAGE_PMD_MASK;
1057 if (pmdp_set_access_flags(vma, haddr, pmd, entry, dirty))
1058 update_mmu_cache_pmd(vma, address, pmd);
1064 static int do_huge_pmd_wp_page_fallback(struct mm_struct *mm,
1065 struct vm_area_struct *vma,
1066 unsigned long address,
1067 pmd_t *pmd, pmd_t orig_pmd,
1069 unsigned long haddr)
1071 struct mem_cgroup *memcg;
1076 struct page **pages;
1077 unsigned long mmun_start; /* For mmu_notifiers */
1078 unsigned long mmun_end; /* For mmu_notifiers */
1080 pages = kmalloc(sizeof(struct page *) * HPAGE_PMD_NR,
1082 if (unlikely(!pages)) {
1083 ret |= VM_FAULT_OOM;
1087 for (i = 0; i < HPAGE_PMD_NR; i++) {
1088 pages[i] = alloc_page_vma_node(GFP_HIGHUSER_MOVABLE |
1090 vma, address, page_to_nid(page));
1091 if (unlikely(!pages[i] ||
1092 mem_cgroup_try_charge(pages[i], mm, GFP_KERNEL,
1097 memcg = (void *)page_private(pages[i]);
1098 set_page_private(pages[i], 0);
1099 mem_cgroup_cancel_charge(pages[i], memcg,
1104 ret |= VM_FAULT_OOM;
1107 set_page_private(pages[i], (unsigned long)memcg);
1110 for (i = 0; i < HPAGE_PMD_NR; i++) {
1111 copy_user_highpage(pages[i], page + i,
1112 haddr + PAGE_SIZE * i, vma);
1113 __SetPageUptodate(pages[i]);
1118 mmun_end = haddr + HPAGE_PMD_SIZE;
1119 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1121 ptl = pmd_lock(mm, pmd);
1122 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1123 goto out_free_pages;
1124 VM_BUG_ON_PAGE(!PageHead(page), page);
1126 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1127 /* leave pmd empty until pte is filled */
1129 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
1130 pmd_populate(mm, &_pmd, pgtable);
1132 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
1134 entry = mk_pte(pages[i], vma->vm_page_prot);
1135 entry = maybe_mkwrite(pte_mkdirty(entry), vma);
1136 memcg = (void *)page_private(pages[i]);
1137 set_page_private(pages[i], 0);
1138 page_add_new_anon_rmap(pages[i], vma, haddr, false);
1139 mem_cgroup_commit_charge(pages[i], memcg, false, false);
1140 lru_cache_add_active_or_unevictable(pages[i], vma);
1141 pte = pte_offset_map(&_pmd, haddr);
1142 VM_BUG_ON(!pte_none(*pte));
1143 set_pte_at(mm, haddr, pte, entry);
1148 smp_wmb(); /* make pte visible before pmd */
1149 pmd_populate(mm, pmd, pgtable);
1150 page_remove_rmap(page, true);
1153 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1155 ret |= VM_FAULT_WRITE;
1163 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1164 for (i = 0; i < HPAGE_PMD_NR; i++) {
1165 memcg = (void *)page_private(pages[i]);
1166 set_page_private(pages[i], 0);
1167 mem_cgroup_cancel_charge(pages[i], memcg, false);
1174 int do_huge_pmd_wp_page(struct mm_struct *mm, struct vm_area_struct *vma,
1175 unsigned long address, pmd_t *pmd, pmd_t orig_pmd)
1179 struct page *page = NULL, *new_page;
1180 struct mem_cgroup *memcg;
1181 unsigned long haddr;
1182 unsigned long mmun_start; /* For mmu_notifiers */
1183 unsigned long mmun_end; /* For mmu_notifiers */
1184 gfp_t huge_gfp; /* for allocation and charge */
1186 ptl = pmd_lockptr(mm, pmd);
1187 VM_BUG_ON_VMA(!vma->anon_vma, vma);
1188 haddr = address & HPAGE_PMD_MASK;
1189 if (is_huge_zero_pmd(orig_pmd))
1192 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1195 page = pmd_page(orig_pmd);
1196 VM_BUG_ON_PAGE(!PageCompound(page) || !PageHead(page), page);
1198 * We can only reuse the page if nobody else maps the huge page or it's
1199 * part. We can do it by checking page_mapcount() on each sub-page, but
1201 * The cheaper way is to check page_count() to be equal 1: every
1202 * mapcount takes page reference reference, so this way we can
1203 * guarantee, that the PMD is the only mapping.
1204 * This can give false negative if somebody pinned the page, but that's
1207 if (page_mapcount(page) == 1 && page_count(page) == 1) {
1209 entry = pmd_mkyoung(orig_pmd);
1210 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1211 if (pmdp_set_access_flags(vma, haddr, pmd, entry, 1))
1212 update_mmu_cache_pmd(vma, address, pmd);
1213 ret |= VM_FAULT_WRITE;
1219 if (transparent_hugepage_enabled(vma) &&
1220 !transparent_hugepage_debug_cow()) {
1221 huge_gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
1222 new_page = alloc_hugepage_vma(huge_gfp, vma, haddr, HPAGE_PMD_ORDER);
1226 if (likely(new_page)) {
1227 prep_transhuge_page(new_page);
1230 split_huge_pmd(vma, pmd, address);
1231 ret |= VM_FAULT_FALLBACK;
1233 ret = do_huge_pmd_wp_page_fallback(mm, vma, address,
1234 pmd, orig_pmd, page, haddr);
1235 if (ret & VM_FAULT_OOM) {
1236 split_huge_pmd(vma, pmd, address);
1237 ret |= VM_FAULT_FALLBACK;
1241 count_vm_event(THP_FAULT_FALLBACK);
1245 if (unlikely(mem_cgroup_try_charge(new_page, mm, huge_gfp, &memcg,
1249 split_huge_pmd(vma, pmd, address);
1252 split_huge_pmd(vma, pmd, address);
1253 ret |= VM_FAULT_FALLBACK;
1254 count_vm_event(THP_FAULT_FALLBACK);
1258 count_vm_event(THP_FAULT_ALLOC);
1261 clear_huge_page(new_page, haddr, HPAGE_PMD_NR);
1263 copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR);
1264 __SetPageUptodate(new_page);
1267 mmun_end = haddr + HPAGE_PMD_SIZE;
1268 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1273 if (unlikely(!pmd_same(*pmd, orig_pmd))) {
1275 mem_cgroup_cancel_charge(new_page, memcg, true);
1280 entry = mk_huge_pmd(new_page, vma->vm_page_prot);
1281 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1282 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1283 page_add_new_anon_rmap(new_page, vma, haddr, true);
1284 mem_cgroup_commit_charge(new_page, memcg, false, true);
1285 lru_cache_add_active_or_unevictable(new_page, vma);
1286 set_pmd_at(mm, haddr, pmd, entry);
1287 update_mmu_cache_pmd(vma, address, pmd);
1289 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
1290 put_huge_zero_page();
1292 VM_BUG_ON_PAGE(!PageHead(page), page);
1293 page_remove_rmap(page, true);
1296 ret |= VM_FAULT_WRITE;
1300 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1308 struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
1313 struct mm_struct *mm = vma->vm_mm;
1314 struct page *page = NULL;
1316 assert_spin_locked(pmd_lockptr(mm, pmd));
1318 if (flags & FOLL_WRITE && !pmd_write(*pmd))
1321 /* Avoid dumping huge zero page */
1322 if ((flags & FOLL_DUMP) && is_huge_zero_pmd(*pmd))
1323 return ERR_PTR(-EFAULT);
1325 /* Full NUMA hinting faults to serialise migration in fault paths */
1326 if ((flags & FOLL_NUMA) && pmd_protnone(*pmd))
1329 page = pmd_page(*pmd);
1330 VM_BUG_ON_PAGE(!PageHead(page), page);
1331 if (flags & FOLL_TOUCH) {
1334 * We should set the dirty bit only for FOLL_WRITE but
1335 * for now the dirty bit in the pmd is meaningless.
1336 * And if the dirty bit will become meaningful and
1337 * we'll only set it with FOLL_WRITE, an atomic
1338 * set_bit will be required on the pmd to set the
1339 * young bit, instead of the current set_pmd_at.
1341 _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
1342 if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
1344 update_mmu_cache_pmd(vma, addr, pmd);
1346 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
1348 * We don't mlock() pte-mapped THPs. This way we can avoid
1349 * leaking mlocked pages into non-VM_LOCKED VMAs.
1351 * In most cases the pmd is the only mapping of the page as we
1352 * break COW for the mlock() -- see gup_flags |= FOLL_WRITE for
1353 * writable private mappings in populate_vma_page_range().
1355 * The only scenario when we have the page shared here is if we
1356 * mlocking read-only mapping shared over fork(). We skip
1357 * mlocking such pages.
1359 if (compound_mapcount(page) == 1 && !PageDoubleMap(page) &&
1360 page->mapping && trylock_page(page)) {
1363 mlock_vma_page(page);
1367 page += (addr & ~HPAGE_PMD_MASK) >> PAGE_SHIFT;
1368 VM_BUG_ON_PAGE(!PageCompound(page), page);
1369 if (flags & FOLL_GET)
1376 /* NUMA hinting page fault entry point for trans huge pmds */
1377 int do_huge_pmd_numa_page(struct mm_struct *mm, struct vm_area_struct *vma,
1378 unsigned long addr, pmd_t pmd, pmd_t *pmdp)
1381 struct anon_vma *anon_vma = NULL;
1383 unsigned long haddr = addr & HPAGE_PMD_MASK;
1384 int page_nid = -1, this_nid = numa_node_id();
1385 int target_nid, last_cpupid = -1;
1387 bool migrated = false;
1391 /* A PROT_NONE fault should not end up here */
1392 BUG_ON(!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE)));
1394 ptl = pmd_lock(mm, pmdp);
1395 if (unlikely(!pmd_same(pmd, *pmdp)))
1399 * If there are potential migrations, wait for completion and retry
1400 * without disrupting NUMA hinting information. Do not relock and
1401 * check_same as the page may no longer be mapped.
1403 if (unlikely(pmd_trans_migrating(*pmdp))) {
1404 page = pmd_page(*pmdp);
1406 wait_on_page_locked(page);
1410 page = pmd_page(pmd);
1411 BUG_ON(is_huge_zero_page(page));
1412 page_nid = page_to_nid(page);
1413 last_cpupid = page_cpupid_last(page);
1414 count_vm_numa_event(NUMA_HINT_FAULTS);
1415 if (page_nid == this_nid) {
1416 count_vm_numa_event(NUMA_HINT_FAULTS_LOCAL);
1417 flags |= TNF_FAULT_LOCAL;
1420 /* See similar comment in do_numa_page for explanation */
1421 if (!(vma->vm_flags & VM_WRITE))
1422 flags |= TNF_NO_GROUP;
1425 * Acquire the page lock to serialise THP migrations but avoid dropping
1426 * page_table_lock if at all possible
1428 page_locked = trylock_page(page);
1429 target_nid = mpol_misplaced(page, vma, haddr);
1430 if (target_nid == -1) {
1431 /* If the page was locked, there are no parallel migrations */
1436 /* Migration could have started since the pmd_trans_migrating check */
1439 wait_on_page_locked(page);
1445 * Page is misplaced. Page lock serialises migrations. Acquire anon_vma
1446 * to serialises splits
1450 anon_vma = page_lock_anon_vma_read(page);
1452 /* Confirm the PMD did not change while page_table_lock was released */
1454 if (unlikely(!pmd_same(pmd, *pmdp))) {
1461 /* Bail if we fail to protect against THP splits for any reason */
1462 if (unlikely(!anon_vma)) {
1469 * Migrate the THP to the requested node, returns with page unlocked
1470 * and access rights restored.
1473 migrated = migrate_misplaced_transhuge_page(mm, vma,
1474 pmdp, pmd, addr, page, target_nid);
1476 flags |= TNF_MIGRATED;
1477 page_nid = target_nid;
1479 flags |= TNF_MIGRATE_FAIL;
1483 BUG_ON(!PageLocked(page));
1484 was_writable = pmd_write(pmd);
1485 pmd = pmd_modify(pmd, vma->vm_page_prot);
1486 pmd = pmd_mkyoung(pmd);
1488 pmd = pmd_mkwrite(pmd);
1489 set_pmd_at(mm, haddr, pmdp, pmd);
1490 update_mmu_cache_pmd(vma, addr, pmdp);
1497 page_unlock_anon_vma_read(anon_vma);
1500 task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, flags);
1505 int madvise_free_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1506 pmd_t *pmd, unsigned long addr, unsigned long next)
1512 struct mm_struct *mm = tlb->mm;
1515 if (!pmd_trans_huge_lock(pmd, vma, &ptl))
1519 if (is_huge_zero_pmd(orig_pmd)) {
1524 page = pmd_page(orig_pmd);
1526 * If other processes are mapping this page, we couldn't discard
1527 * the page unless they all do MADV_FREE so let's skip the page.
1529 if (page_mapcount(page) != 1)
1532 if (!trylock_page(page))
1536 * If user want to discard part-pages of THP, split it so MADV_FREE
1537 * will deactivate only them.
1539 if (next - addr != HPAGE_PMD_SIZE) {
1542 if (split_huge_page(page)) {
1553 if (PageDirty(page))
1554 ClearPageDirty(page);
1557 if (PageActive(page))
1558 deactivate_page(page);
1560 if (pmd_young(orig_pmd) || pmd_dirty(orig_pmd)) {
1561 orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd,
1563 orig_pmd = pmd_mkold(orig_pmd);
1564 orig_pmd = pmd_mkclean(orig_pmd);
1566 set_pmd_at(mm, addr, pmd, orig_pmd);
1567 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1576 int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1577 pmd_t *pmd, unsigned long addr)
1582 if (!__pmd_trans_huge_lock(pmd, vma, &ptl))
1585 * For architectures like ppc64 we look at deposited pgtable
1586 * when calling pmdp_huge_get_and_clear. So do the
1587 * pgtable_trans_huge_withdraw after finishing pmdp related
1590 orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd,
1592 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1593 if (vma_is_dax(vma)) {
1595 if (is_huge_zero_pmd(orig_pmd))
1596 put_huge_zero_page();
1597 } else if (is_huge_zero_pmd(orig_pmd)) {
1598 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1599 atomic_long_dec(&tlb->mm->nr_ptes);
1601 put_huge_zero_page();
1603 struct page *page = pmd_page(orig_pmd);
1604 page_remove_rmap(page, true);
1605 VM_BUG_ON_PAGE(page_mapcount(page) < 0, page);
1606 add_mm_counter(tlb->mm, MM_ANONPAGES, -HPAGE_PMD_NR);
1607 VM_BUG_ON_PAGE(!PageHead(page), page);
1608 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1609 atomic_long_dec(&tlb->mm->nr_ptes);
1611 tlb_remove_page(tlb, page);
1616 bool move_huge_pmd(struct vm_area_struct *vma, struct vm_area_struct *new_vma,
1617 unsigned long old_addr,
1618 unsigned long new_addr, unsigned long old_end,
1619 pmd_t *old_pmd, pmd_t *new_pmd)
1621 spinlock_t *old_ptl, *new_ptl;
1624 struct mm_struct *mm = vma->vm_mm;
1626 if ((old_addr & ~HPAGE_PMD_MASK) ||
1627 (new_addr & ~HPAGE_PMD_MASK) ||
1628 old_end - old_addr < HPAGE_PMD_SIZE ||
1629 (new_vma->vm_flags & VM_NOHUGEPAGE))
1633 * The destination pmd shouldn't be established, free_pgtables()
1634 * should have release it.
1636 if (WARN_ON(!pmd_none(*new_pmd))) {
1637 VM_BUG_ON(pmd_trans_huge(*new_pmd));
1642 * We don't have to worry about the ordering of src and dst
1643 * ptlocks because exclusive mmap_sem prevents deadlock.
1645 if (__pmd_trans_huge_lock(old_pmd, vma, &old_ptl)) {
1646 new_ptl = pmd_lockptr(mm, new_pmd);
1647 if (new_ptl != old_ptl)
1648 spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING);
1649 pmd = pmdp_huge_get_and_clear(mm, old_addr, old_pmd);
1650 VM_BUG_ON(!pmd_none(*new_pmd));
1652 if (pmd_move_must_withdraw(new_ptl, old_ptl)) {
1654 pgtable = pgtable_trans_huge_withdraw(mm, old_pmd);
1655 pgtable_trans_huge_deposit(mm, new_pmd, pgtable);
1657 set_pmd_at(mm, new_addr, new_pmd, pmd_mksoft_dirty(pmd));
1658 if (new_ptl != old_ptl)
1659 spin_unlock(new_ptl);
1660 spin_unlock(old_ptl);
1668 * - 0 if PMD could not be locked
1669 * - 1 if PMD was locked but protections unchange and TLB flush unnecessary
1670 * - HPAGE_PMD_NR is protections changed and TLB flush necessary
1672 int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
1673 unsigned long addr, pgprot_t newprot, int prot_numa)
1675 struct mm_struct *mm = vma->vm_mm;
1679 if (__pmd_trans_huge_lock(pmd, vma, &ptl)) {
1681 bool preserve_write = prot_numa && pmd_write(*pmd);
1685 * Avoid trapping faults against the zero page. The read-only
1686 * data is likely to be read-cached on the local CPU and
1687 * local/remote hits to the zero page are not interesting.
1689 if (prot_numa && is_huge_zero_pmd(*pmd)) {
1694 if (!prot_numa || !pmd_protnone(*pmd)) {
1695 entry = pmdp_huge_get_and_clear_notify(mm, addr, pmd);
1696 entry = pmd_modify(entry, newprot);
1698 entry = pmd_mkwrite(entry);
1700 set_pmd_at(mm, addr, pmd, entry);
1701 BUG_ON(!preserve_write && pmd_write(entry));
1710 * Returns true if a given pmd maps a thp, false otherwise.
1712 * Note that if it returns true, this routine returns without unlocking page
1713 * table lock. So callers must unlock it.
1715 bool __pmd_trans_huge_lock(pmd_t *pmd, struct vm_area_struct *vma,
1718 *ptl = pmd_lock(vma->vm_mm, pmd);
1719 if (likely(pmd_trans_huge(*pmd)))
1725 #define VM_NO_THP (VM_SPECIAL | VM_HUGETLB | VM_SHARED | VM_MAYSHARE)
1727 int hugepage_madvise(struct vm_area_struct *vma,
1728 unsigned long *vm_flags, int advice)
1734 * qemu blindly sets MADV_HUGEPAGE on all allocations, but s390
1735 * can't handle this properly after s390_enable_sie, so we simply
1736 * ignore the madvise to prevent qemu from causing a SIGSEGV.
1738 if (mm_has_pgste(vma->vm_mm))
1742 * Be somewhat over-protective like KSM for now!
1744 if (*vm_flags & VM_NO_THP)
1746 *vm_flags &= ~VM_NOHUGEPAGE;
1747 *vm_flags |= VM_HUGEPAGE;
1749 * If the vma become good for khugepaged to scan,
1750 * register it here without waiting a page fault that
1751 * may not happen any time soon.
1753 if (unlikely(khugepaged_enter_vma_merge(vma, *vm_flags)))
1756 case MADV_NOHUGEPAGE:
1758 * Be somewhat over-protective like KSM for now!
1760 if (*vm_flags & VM_NO_THP)
1762 *vm_flags &= ~VM_HUGEPAGE;
1763 *vm_flags |= VM_NOHUGEPAGE;
1765 * Setting VM_NOHUGEPAGE will prevent khugepaged from scanning
1766 * this vma even if we leave the mm registered in khugepaged if
1767 * it got registered before VM_NOHUGEPAGE was set.
1775 static int __init khugepaged_slab_init(void)
1777 mm_slot_cache = kmem_cache_create("khugepaged_mm_slot",
1778 sizeof(struct mm_slot),
1779 __alignof__(struct mm_slot), 0, NULL);
1786 static void __init khugepaged_slab_exit(void)
1788 kmem_cache_destroy(mm_slot_cache);
1791 static inline struct mm_slot *alloc_mm_slot(void)
1793 if (!mm_slot_cache) /* initialization failed */
1795 return kmem_cache_zalloc(mm_slot_cache, GFP_KERNEL);
1798 static inline void free_mm_slot(struct mm_slot *mm_slot)
1800 kmem_cache_free(mm_slot_cache, mm_slot);
1803 static struct mm_slot *get_mm_slot(struct mm_struct *mm)
1805 struct mm_slot *mm_slot;
1807 hash_for_each_possible(mm_slots_hash, mm_slot, hash, (unsigned long)mm)
1808 if (mm == mm_slot->mm)
1814 static void insert_to_mm_slots_hash(struct mm_struct *mm,
1815 struct mm_slot *mm_slot)
1818 hash_add(mm_slots_hash, &mm_slot->hash, (long)mm);
1821 static inline int khugepaged_test_exit(struct mm_struct *mm)
1823 return atomic_read(&mm->mm_users) == 0;
1826 int __khugepaged_enter(struct mm_struct *mm)
1828 struct mm_slot *mm_slot;
1831 mm_slot = alloc_mm_slot();
1835 /* __khugepaged_exit() must not run from under us */
1836 VM_BUG_ON_MM(khugepaged_test_exit(mm), mm);
1837 if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags))) {
1838 free_mm_slot(mm_slot);
1842 spin_lock(&khugepaged_mm_lock);
1843 insert_to_mm_slots_hash(mm, mm_slot);
1845 * Insert just behind the scanning cursor, to let the area settle
1848 wakeup = list_empty(&khugepaged_scan.mm_head);
1849 list_add_tail(&mm_slot->mm_node, &khugepaged_scan.mm_head);
1850 spin_unlock(&khugepaged_mm_lock);
1852 atomic_inc(&mm->mm_count);
1854 wake_up_interruptible(&khugepaged_wait);
1859 int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
1860 unsigned long vm_flags)
1862 unsigned long hstart, hend;
1865 * Not yet faulted in so we will register later in the
1866 * page fault if needed.
1870 /* khugepaged not yet working on file or special mappings */
1872 VM_BUG_ON_VMA(vm_flags & VM_NO_THP, vma);
1873 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
1874 hend = vma->vm_end & HPAGE_PMD_MASK;
1876 return khugepaged_enter(vma, vm_flags);
1880 void __khugepaged_exit(struct mm_struct *mm)
1882 struct mm_slot *mm_slot;
1885 spin_lock(&khugepaged_mm_lock);
1886 mm_slot = get_mm_slot(mm);
1887 if (mm_slot && khugepaged_scan.mm_slot != mm_slot) {
1888 hash_del(&mm_slot->hash);
1889 list_del(&mm_slot->mm_node);
1892 spin_unlock(&khugepaged_mm_lock);
1895 clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
1896 free_mm_slot(mm_slot);
1898 } else if (mm_slot) {
1900 * This is required to serialize against
1901 * khugepaged_test_exit() (which is guaranteed to run
1902 * under mmap sem read mode). Stop here (after we
1903 * return all pagetables will be destroyed) until
1904 * khugepaged has finished working on the pagetables
1905 * under the mmap_sem.
1907 down_write(&mm->mmap_sem);
1908 up_write(&mm->mmap_sem);
1912 static void release_pte_page(struct page *page)
1914 /* 0 stands for page_is_file_cache(page) == false */
1915 dec_zone_page_state(page, NR_ISOLATED_ANON + 0);
1917 putback_lru_page(page);
1920 static void release_pte_pages(pte_t *pte, pte_t *_pte)
1922 while (--_pte >= pte) {
1923 pte_t pteval = *_pte;
1924 if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)))
1925 release_pte_page(pte_page(pteval));
1929 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
1930 unsigned long address,
1933 struct page *page = NULL;
1935 int none_or_zero = 0, result = 0;
1936 bool referenced = false, writable = false;
1938 for (_pte = pte; _pte < pte+HPAGE_PMD_NR;
1939 _pte++, address += PAGE_SIZE) {
1940 pte_t pteval = *_pte;
1941 if (pte_none(pteval) || (pte_present(pteval) &&
1942 is_zero_pfn(pte_pfn(pteval)))) {
1943 if (!userfaultfd_armed(vma) &&
1944 ++none_or_zero <= khugepaged_max_ptes_none) {
1947 result = SCAN_EXCEED_NONE_PTE;
1951 if (!pte_present(pteval)) {
1952 result = SCAN_PTE_NON_PRESENT;
1955 page = vm_normal_page(vma, address, pteval);
1956 if (unlikely(!page)) {
1957 result = SCAN_PAGE_NULL;
1961 VM_BUG_ON_PAGE(PageCompound(page), page);
1962 VM_BUG_ON_PAGE(!PageAnon(page), page);
1963 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
1966 * We can do it before isolate_lru_page because the
1967 * page can't be freed from under us. NOTE: PG_lock
1968 * is needed to serialize against split_huge_page
1969 * when invoked from the VM.
1971 if (!trylock_page(page)) {
1972 result = SCAN_PAGE_LOCK;
1977 * cannot use mapcount: can't collapse if there's a gup pin.
1978 * The page must only be referenced by the scanned process
1979 * and page swap cache.
1981 if (page_count(page) != 1 + !!PageSwapCache(page)) {
1983 result = SCAN_PAGE_COUNT;
1986 if (pte_write(pteval)) {
1989 if (PageSwapCache(page) && !reuse_swap_page(page)) {
1991 result = SCAN_SWAP_CACHE_PAGE;
1995 * Page is not in the swap cache. It can be collapsed
2001 * Isolate the page to avoid collapsing an hugepage
2002 * currently in use by the VM.
2004 if (isolate_lru_page(page)) {
2006 result = SCAN_DEL_PAGE_LRU;
2009 /* 0 stands for page_is_file_cache(page) == false */
2010 inc_zone_page_state(page, NR_ISOLATED_ANON + 0);
2011 VM_BUG_ON_PAGE(!PageLocked(page), page);
2012 VM_BUG_ON_PAGE(PageLRU(page), page);
2014 /* If there is no mapped pte young don't collapse the page */
2015 if (pte_young(pteval) ||
2016 page_is_young(page) || PageReferenced(page) ||
2017 mmu_notifier_test_young(vma->vm_mm, address))
2020 if (likely(writable)) {
2021 if (likely(referenced)) {
2022 result = SCAN_SUCCEED;
2023 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2024 referenced, writable, result);
2028 result = SCAN_PAGE_RO;
2032 release_pte_pages(pte, _pte);
2033 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2034 referenced, writable, result);
2038 static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
2039 struct vm_area_struct *vma,
2040 unsigned long address,
2044 for (_pte = pte; _pte < pte+HPAGE_PMD_NR; _pte++) {
2045 pte_t pteval = *_pte;
2046 struct page *src_page;
2048 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2049 clear_user_highpage(page, address);
2050 add_mm_counter(vma->vm_mm, MM_ANONPAGES, 1);
2051 if (is_zero_pfn(pte_pfn(pteval))) {
2053 * ptl mostly unnecessary.
2057 * paravirt calls inside pte_clear here are
2060 pte_clear(vma->vm_mm, address, _pte);
2064 src_page = pte_page(pteval);
2065 copy_user_highpage(page, src_page, address, vma);
2066 VM_BUG_ON_PAGE(page_mapcount(src_page) != 1, src_page);
2067 release_pte_page(src_page);
2069 * ptl mostly unnecessary, but preempt has to
2070 * be disabled to update the per-cpu stats
2071 * inside page_remove_rmap().
2075 * paravirt calls inside pte_clear here are
2078 pte_clear(vma->vm_mm, address, _pte);
2079 page_remove_rmap(src_page, false);
2081 free_page_and_swap_cache(src_page);
2084 address += PAGE_SIZE;
2089 static void khugepaged_alloc_sleep(void)
2093 add_wait_queue(&khugepaged_wait, &wait);
2094 freezable_schedule_timeout_interruptible(
2095 msecs_to_jiffies(khugepaged_alloc_sleep_millisecs));
2096 remove_wait_queue(&khugepaged_wait, &wait);
2099 static int khugepaged_node_load[MAX_NUMNODES];
2101 static bool khugepaged_scan_abort(int nid)
2106 * If zone_reclaim_mode is disabled, then no extra effort is made to
2107 * allocate memory locally.
2109 if (!zone_reclaim_mode)
2112 /* If there is a count for this node already, it must be acceptable */
2113 if (khugepaged_node_load[nid])
2116 for (i = 0; i < MAX_NUMNODES; i++) {
2117 if (!khugepaged_node_load[i])
2119 if (node_distance(nid, i) > RECLAIM_DISTANCE)
2126 static int khugepaged_find_target_node(void)
2128 static int last_khugepaged_target_node = NUMA_NO_NODE;
2129 int nid, target_node = 0, max_value = 0;
2131 /* find first node with max normal pages hit */
2132 for (nid = 0; nid < MAX_NUMNODES; nid++)
2133 if (khugepaged_node_load[nid] > max_value) {
2134 max_value = khugepaged_node_load[nid];
2138 /* do some balance if several nodes have the same hit record */
2139 if (target_node <= last_khugepaged_target_node)
2140 for (nid = last_khugepaged_target_node + 1; nid < MAX_NUMNODES;
2142 if (max_value == khugepaged_node_load[nid]) {
2147 last_khugepaged_target_node = target_node;
2151 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2153 if (IS_ERR(*hpage)) {
2159 khugepaged_alloc_sleep();
2160 } else if (*hpage) {
2168 static struct page *
2169 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2170 unsigned long address, int node)
2172 VM_BUG_ON_PAGE(*hpage, *hpage);
2175 * Before allocating the hugepage, release the mmap_sem read lock.
2176 * The allocation can take potentially a long time if it involves
2177 * sync compaction, and we do not need to hold the mmap_sem during
2178 * that. We will recheck the vma after taking it again in write mode.
2180 up_read(&mm->mmap_sem);
2182 *hpage = __alloc_pages_node(node, gfp, HPAGE_PMD_ORDER);
2183 if (unlikely(!*hpage)) {
2184 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2185 *hpage = ERR_PTR(-ENOMEM);
2189 prep_transhuge_page(*hpage);
2190 count_vm_event(THP_COLLAPSE_ALLOC);
2194 static int khugepaged_find_target_node(void)
2199 static inline struct page *alloc_hugepage(int defrag)
2203 page = alloc_pages(alloc_hugepage_gfpmask(defrag, 0), HPAGE_PMD_ORDER);
2205 prep_transhuge_page(page);
2209 static struct page *khugepaged_alloc_hugepage(bool *wait)
2214 hpage = alloc_hugepage(khugepaged_defrag());
2216 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2221 khugepaged_alloc_sleep();
2223 count_vm_event(THP_COLLAPSE_ALLOC);
2224 } while (unlikely(!hpage) && likely(khugepaged_enabled()));
2229 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2232 *hpage = khugepaged_alloc_hugepage(wait);
2234 if (unlikely(!*hpage))
2240 static struct page *
2241 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2242 unsigned long address, int node)
2244 up_read(&mm->mmap_sem);
2251 static bool hugepage_vma_check(struct vm_area_struct *vma)
2253 if ((!(vma->vm_flags & VM_HUGEPAGE) && !khugepaged_always()) ||
2254 (vma->vm_flags & VM_NOHUGEPAGE))
2256 if (!vma->anon_vma || vma->vm_ops)
2258 if (is_vma_temporary_stack(vma))
2260 VM_BUG_ON_VMA(vma->vm_flags & VM_NO_THP, vma);
2264 static void collapse_huge_page(struct mm_struct *mm,
2265 unsigned long address,
2266 struct page **hpage,
2267 struct vm_area_struct *vma,
2273 struct page *new_page;
2274 spinlock_t *pmd_ptl, *pte_ptl;
2275 int isolated, result = 0;
2276 unsigned long hstart, hend;
2277 struct mem_cgroup *memcg;
2278 unsigned long mmun_start; /* For mmu_notifiers */
2279 unsigned long mmun_end; /* For mmu_notifiers */
2282 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2284 /* Only allocate from the target node */
2285 gfp = alloc_hugepage_gfpmask(khugepaged_defrag(), __GFP_OTHER_NODE) |
2288 /* release the mmap_sem read lock. */
2289 new_page = khugepaged_alloc_page(hpage, gfp, mm, address, node);
2291 result = SCAN_ALLOC_HUGE_PAGE_FAIL;
2295 if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
2296 result = SCAN_CGROUP_CHARGE_FAIL;
2301 * Prevent all access to pagetables with the exception of
2302 * gup_fast later hanlded by the ptep_clear_flush and the VM
2303 * handled by the anon_vma lock + PG_lock.
2305 down_write(&mm->mmap_sem);
2306 if (unlikely(khugepaged_test_exit(mm))) {
2307 result = SCAN_ANY_PROCESS;
2311 vma = find_vma(mm, address);
2313 result = SCAN_VMA_NULL;
2316 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2317 hend = vma->vm_end & HPAGE_PMD_MASK;
2318 if (address < hstart || address + HPAGE_PMD_SIZE > hend) {
2319 result = SCAN_ADDRESS_RANGE;
2322 if (!hugepage_vma_check(vma)) {
2323 result = SCAN_VMA_CHECK;
2326 pmd = mm_find_pmd(mm, address);
2328 result = SCAN_PMD_NULL;
2332 anon_vma_lock_write(vma->anon_vma);
2334 pte = pte_offset_map(pmd, address);
2335 pte_ptl = pte_lockptr(mm, pmd);
2337 mmun_start = address;
2338 mmun_end = address + HPAGE_PMD_SIZE;
2339 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
2340 pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
2342 * After this gup_fast can't run anymore. This also removes
2343 * any huge TLB entry from the CPU so we won't allow
2344 * huge and small TLB entries for the same virtual address
2345 * to avoid the risk of CPU bugs in that area.
2347 _pmd = pmdp_collapse_flush(vma, address, pmd);
2348 spin_unlock(pmd_ptl);
2349 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
2352 isolated = __collapse_huge_page_isolate(vma, address, pte);
2353 spin_unlock(pte_ptl);
2355 if (unlikely(!isolated)) {
2358 BUG_ON(!pmd_none(*pmd));
2360 * We can only use set_pmd_at when establishing
2361 * hugepmds and never for establishing regular pmds that
2362 * points to regular pagetables. Use pmd_populate for that
2364 pmd_populate(mm, pmd, pmd_pgtable(_pmd));
2365 spin_unlock(pmd_ptl);
2366 anon_vma_unlock_write(vma->anon_vma);
2372 * All pages are isolated and locked so anon_vma rmap
2373 * can't run anymore.
2375 anon_vma_unlock_write(vma->anon_vma);
2377 __collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl);
2379 __SetPageUptodate(new_page);
2380 pgtable = pmd_pgtable(_pmd);
2382 _pmd = mk_huge_pmd(new_page, vma->vm_page_prot);
2383 _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
2386 * spin_lock() below is not the equivalent of smp_wmb(), so
2387 * this is needed to avoid the copy_huge_page writes to become
2388 * visible after the set_pmd_at() write.
2393 BUG_ON(!pmd_none(*pmd));
2394 page_add_new_anon_rmap(new_page, vma, address, true);
2395 mem_cgroup_commit_charge(new_page, memcg, false, true);
2396 lru_cache_add_active_or_unevictable(new_page, vma);
2397 pgtable_trans_huge_deposit(mm, pmd, pgtable);
2398 set_pmd_at(mm, address, pmd, _pmd);
2399 update_mmu_cache_pmd(vma, address, pmd);
2400 spin_unlock(pmd_ptl);
2404 khugepaged_pages_collapsed++;
2405 result = SCAN_SUCCEED;
2407 up_write(&mm->mmap_sem);
2408 trace_mm_collapse_huge_page(mm, isolated, result);
2412 trace_mm_collapse_huge_page(mm, isolated, result);
2415 mem_cgroup_cancel_charge(new_page, memcg, true);
2419 static int khugepaged_scan_pmd(struct mm_struct *mm,
2420 struct vm_area_struct *vma,
2421 unsigned long address,
2422 struct page **hpage)
2426 int ret = 0, none_or_zero = 0, result = 0;
2427 struct page *page = NULL;
2428 unsigned long _address;
2430 int node = NUMA_NO_NODE;
2431 bool writable = false, referenced = false;
2433 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2435 pmd = mm_find_pmd(mm, address);
2437 result = SCAN_PMD_NULL;
2441 memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
2442 pte = pte_offset_map_lock(mm, pmd, address, &ptl);
2443 for (_address = address, _pte = pte; _pte < pte+HPAGE_PMD_NR;
2444 _pte++, _address += PAGE_SIZE) {
2445 pte_t pteval = *_pte;
2446 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2447 if (!userfaultfd_armed(vma) &&
2448 ++none_or_zero <= khugepaged_max_ptes_none) {
2451 result = SCAN_EXCEED_NONE_PTE;
2455 if (!pte_present(pteval)) {
2456 result = SCAN_PTE_NON_PRESENT;
2459 if (pte_write(pteval))
2462 page = vm_normal_page(vma, _address, pteval);
2463 if (unlikely(!page)) {
2464 result = SCAN_PAGE_NULL;
2468 /* TODO: teach khugepaged to collapse THP mapped with pte */
2469 if (PageCompound(page)) {
2470 result = SCAN_PAGE_COMPOUND;
2475 * Record which node the original page is from and save this
2476 * information to khugepaged_node_load[].
2477 * Khupaged will allocate hugepage from the node has the max
2480 node = page_to_nid(page);
2481 if (khugepaged_scan_abort(node)) {
2482 result = SCAN_SCAN_ABORT;
2485 khugepaged_node_load[node]++;
2486 if (!PageLRU(page)) {
2487 result = SCAN_SCAN_ABORT;
2490 if (PageLocked(page)) {
2491 result = SCAN_PAGE_LOCK;
2494 if (!PageAnon(page)) {
2495 result = SCAN_PAGE_ANON;
2500 * cannot use mapcount: can't collapse if there's a gup pin.
2501 * The page must only be referenced by the scanned process
2502 * and page swap cache.
2504 if (page_count(page) != 1 + !!PageSwapCache(page)) {
2505 result = SCAN_PAGE_COUNT;
2508 if (pte_young(pteval) ||
2509 page_is_young(page) || PageReferenced(page) ||
2510 mmu_notifier_test_young(vma->vm_mm, address))
2515 result = SCAN_SUCCEED;
2518 result = SCAN_NO_REFERENCED_PAGE;
2521 result = SCAN_PAGE_RO;
2524 pte_unmap_unlock(pte, ptl);
2526 node = khugepaged_find_target_node();
2527 /* collapse_huge_page will return with the mmap_sem released */
2528 collapse_huge_page(mm, address, hpage, vma, node);
2531 trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
2532 none_or_zero, result);
2536 static void collect_mm_slot(struct mm_slot *mm_slot)
2538 struct mm_struct *mm = mm_slot->mm;
2540 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2542 if (khugepaged_test_exit(mm)) {
2544 hash_del(&mm_slot->hash);
2545 list_del(&mm_slot->mm_node);
2548 * Not strictly needed because the mm exited already.
2550 * clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
2553 /* khugepaged_mm_lock actually not necessary for the below */
2554 free_mm_slot(mm_slot);
2559 static unsigned int khugepaged_scan_mm_slot(unsigned int pages,
2560 struct page **hpage)
2561 __releases(&khugepaged_mm_lock)
2562 __acquires(&khugepaged_mm_lock)
2564 struct mm_slot *mm_slot;
2565 struct mm_struct *mm;
2566 struct vm_area_struct *vma;
2570 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2572 if (khugepaged_scan.mm_slot)
2573 mm_slot = khugepaged_scan.mm_slot;
2575 mm_slot = list_entry(khugepaged_scan.mm_head.next,
2576 struct mm_slot, mm_node);
2577 khugepaged_scan.address = 0;
2578 khugepaged_scan.mm_slot = mm_slot;
2580 spin_unlock(&khugepaged_mm_lock);
2583 down_read(&mm->mmap_sem);
2584 if (unlikely(khugepaged_test_exit(mm)))
2587 vma = find_vma(mm, khugepaged_scan.address);
2590 for (; vma; vma = vma->vm_next) {
2591 unsigned long hstart, hend;
2594 if (unlikely(khugepaged_test_exit(mm))) {
2598 if (!hugepage_vma_check(vma)) {
2603 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2604 hend = vma->vm_end & HPAGE_PMD_MASK;
2607 if (khugepaged_scan.address > hend)
2609 if (khugepaged_scan.address < hstart)
2610 khugepaged_scan.address = hstart;
2611 VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2613 while (khugepaged_scan.address < hend) {
2616 if (unlikely(khugepaged_test_exit(mm)))
2617 goto breakouterloop;
2619 VM_BUG_ON(khugepaged_scan.address < hstart ||
2620 khugepaged_scan.address + HPAGE_PMD_SIZE >
2622 ret = khugepaged_scan_pmd(mm, vma,
2623 khugepaged_scan.address,
2625 /* move to next address */
2626 khugepaged_scan.address += HPAGE_PMD_SIZE;
2627 progress += HPAGE_PMD_NR;
2629 /* we released mmap_sem so break loop */
2630 goto breakouterloop_mmap_sem;
2631 if (progress >= pages)
2632 goto breakouterloop;
2636 up_read(&mm->mmap_sem); /* exit_mmap will destroy ptes after this */
2637 breakouterloop_mmap_sem:
2639 spin_lock(&khugepaged_mm_lock);
2640 VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
2642 * Release the current mm_slot if this mm is about to die, or
2643 * if we scanned all vmas of this mm.
2645 if (khugepaged_test_exit(mm) || !vma) {
2647 * Make sure that if mm_users is reaching zero while
2648 * khugepaged runs here, khugepaged_exit will find
2649 * mm_slot not pointing to the exiting mm.
2651 if (mm_slot->mm_node.next != &khugepaged_scan.mm_head) {
2652 khugepaged_scan.mm_slot = list_entry(
2653 mm_slot->mm_node.next,
2654 struct mm_slot, mm_node);
2655 khugepaged_scan.address = 0;
2657 khugepaged_scan.mm_slot = NULL;
2658 khugepaged_full_scans++;
2661 collect_mm_slot(mm_slot);
2667 static int khugepaged_has_work(void)
2669 return !list_empty(&khugepaged_scan.mm_head) &&
2670 khugepaged_enabled();
2673 static int khugepaged_wait_event(void)
2675 return !list_empty(&khugepaged_scan.mm_head) ||
2676 kthread_should_stop();
2679 static void khugepaged_do_scan(void)
2681 struct page *hpage = NULL;
2682 unsigned int progress = 0, pass_through_head = 0;
2683 unsigned int pages = khugepaged_pages_to_scan;
2686 barrier(); /* write khugepaged_pages_to_scan to local stack */
2688 while (progress < pages) {
2689 if (!khugepaged_prealloc_page(&hpage, &wait))
2694 if (unlikely(kthread_should_stop() || try_to_freeze()))
2697 spin_lock(&khugepaged_mm_lock);
2698 if (!khugepaged_scan.mm_slot)
2699 pass_through_head++;
2700 if (khugepaged_has_work() &&
2701 pass_through_head < 2)
2702 progress += khugepaged_scan_mm_slot(pages - progress,
2706 spin_unlock(&khugepaged_mm_lock);
2709 if (!IS_ERR_OR_NULL(hpage))
2713 static void khugepaged_wait_work(void)
2715 if (khugepaged_has_work()) {
2716 if (!khugepaged_scan_sleep_millisecs)
2719 wait_event_freezable_timeout(khugepaged_wait,
2720 kthread_should_stop(),
2721 msecs_to_jiffies(khugepaged_scan_sleep_millisecs));
2725 if (khugepaged_enabled())
2726 wait_event_freezable(khugepaged_wait, khugepaged_wait_event());
2729 static int khugepaged(void *none)
2731 struct mm_slot *mm_slot;
2734 set_user_nice(current, MAX_NICE);
2736 while (!kthread_should_stop()) {
2737 khugepaged_do_scan();
2738 khugepaged_wait_work();
2741 spin_lock(&khugepaged_mm_lock);
2742 mm_slot = khugepaged_scan.mm_slot;
2743 khugepaged_scan.mm_slot = NULL;
2745 collect_mm_slot(mm_slot);
2746 spin_unlock(&khugepaged_mm_lock);
2750 static void __split_huge_zero_page_pmd(struct vm_area_struct *vma,
2751 unsigned long haddr, pmd_t *pmd)
2753 struct mm_struct *mm = vma->vm_mm;
2758 /* leave pmd empty until pte is filled */
2759 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2761 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2762 pmd_populate(mm, &_pmd, pgtable);
2764 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2766 entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot);
2767 entry = pte_mkspecial(entry);
2768 pte = pte_offset_map(&_pmd, haddr);
2769 VM_BUG_ON(!pte_none(*pte));
2770 set_pte_at(mm, haddr, pte, entry);
2773 smp_wmb(); /* make pte visible before pmd */
2774 pmd_populate(mm, pmd, pgtable);
2775 put_huge_zero_page();
2778 static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
2779 unsigned long haddr, bool freeze)
2781 struct mm_struct *mm = vma->vm_mm;
2785 bool young, write, dirty;
2788 VM_BUG_ON(haddr & ~HPAGE_PMD_MASK);
2789 VM_BUG_ON_VMA(vma->vm_start > haddr, vma);
2790 VM_BUG_ON_VMA(vma->vm_end < haddr + HPAGE_PMD_SIZE, vma);
2791 VM_BUG_ON(!pmd_trans_huge(*pmd));
2793 count_vm_event(THP_SPLIT_PMD);
2795 if (vma_is_dax(vma)) {
2796 pmd_t _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2797 if (is_huge_zero_pmd(_pmd))
2798 put_huge_zero_page();
2800 } else if (is_huge_zero_pmd(*pmd)) {
2801 return __split_huge_zero_page_pmd(vma, haddr, pmd);
2804 page = pmd_page(*pmd);
2805 VM_BUG_ON_PAGE(!page_count(page), page);
2806 atomic_add(HPAGE_PMD_NR - 1, &page->_count);
2807 write = pmd_write(*pmd);
2808 young = pmd_young(*pmd);
2809 dirty = pmd_dirty(*pmd);
2811 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2812 pmd_populate(mm, &_pmd, pgtable);
2814 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2817 * Note that NUMA hinting access restrictions are not
2818 * transferred to avoid any possibility of altering
2819 * permissions across VMAs.
2822 swp_entry_t swp_entry;
2823 swp_entry = make_migration_entry(page + i, write);
2824 entry = swp_entry_to_pte(swp_entry);
2826 entry = mk_pte(page + i, vma->vm_page_prot);
2827 entry = maybe_mkwrite(entry, vma);
2829 entry = pte_wrprotect(entry);
2831 entry = pte_mkold(entry);
2834 SetPageDirty(page + i);
2835 pte = pte_offset_map(&_pmd, haddr);
2836 BUG_ON(!pte_none(*pte));
2837 set_pte_at(mm, haddr, pte, entry);
2838 atomic_inc(&page[i]._mapcount);
2843 * Set PG_double_map before dropping compound_mapcount to avoid
2844 * false-negative page_mapped().
2846 if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
2847 for (i = 0; i < HPAGE_PMD_NR; i++)
2848 atomic_inc(&page[i]._mapcount);
2851 if (atomic_add_negative(-1, compound_mapcount_ptr(page))) {
2852 /* Last compound_mapcount is gone. */
2853 __dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
2854 if (TestClearPageDoubleMap(page)) {
2855 /* No need in mapcount reference anymore */
2856 for (i = 0; i < HPAGE_PMD_NR; i++)
2857 atomic_dec(&page[i]._mapcount);
2861 smp_wmb(); /* make pte visible before pmd */
2863 * Up to this point the pmd is present and huge and userland has the
2864 * whole access to the hugepage during the split (which happens in
2865 * place). If we overwrite the pmd with the not-huge version pointing
2866 * to the pte here (which of course we could if all CPUs were bug
2867 * free), userland could trigger a small page size TLB miss on the
2868 * small sized TLB while the hugepage TLB entry is still established in
2869 * the huge TLB. Some CPU doesn't like that.
2870 * See http://support.amd.com/us/Processor_TechDocs/41322.pdf, Erratum
2871 * 383 on page 93. Intel should be safe but is also warns that it's
2872 * only safe if the permission and cache attributes of the two entries
2873 * loaded in the two TLB is identical (which should be the case here).
2874 * But it is generally safer to never allow small and huge TLB entries
2875 * for the same virtual address to be loaded simultaneously. So instead
2876 * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the
2877 * current pmd notpresent (atomically because here the pmd_trans_huge
2878 * and pmd_trans_splitting must remain set at all times on the pmd
2879 * until the split is complete for this pmd), then we flush the SMP TLB
2880 * and finally we write the non-huge version of the pmd entry with
2883 pmdp_invalidate(vma, haddr, pmd);
2884 pmd_populate(mm, pmd, pgtable);
2887 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2888 page_remove_rmap(page + i, false);
2894 void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
2895 unsigned long address)
2898 struct mm_struct *mm = vma->vm_mm;
2899 struct page *page = NULL;
2900 unsigned long haddr = address & HPAGE_PMD_MASK;
2902 mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE);
2903 ptl = pmd_lock(mm, pmd);
2904 if (unlikely(!pmd_trans_huge(*pmd)))
2906 page = pmd_page(*pmd);
2907 __split_huge_pmd_locked(vma, pmd, haddr, false);
2908 if (PageMlocked(page))
2914 mmu_notifier_invalidate_range_end(mm, haddr, haddr + HPAGE_PMD_SIZE);
2917 munlock_vma_page(page);
2923 static void split_huge_pmd_address(struct vm_area_struct *vma,
2924 unsigned long address)
2930 VM_BUG_ON(!(address & ~HPAGE_PMD_MASK));
2932 pgd = pgd_offset(vma->vm_mm, address);
2933 if (!pgd_present(*pgd))
2936 pud = pud_offset(pgd, address);
2937 if (!pud_present(*pud))
2940 pmd = pmd_offset(pud, address);
2941 if (!pmd_present(*pmd) || !pmd_trans_huge(*pmd))
2944 * Caller holds the mmap_sem write mode, so a huge pmd cannot
2945 * materialize from under us.
2947 split_huge_pmd(vma, pmd, address);
2950 void vma_adjust_trans_huge(struct vm_area_struct *vma,
2951 unsigned long start,
2956 * If the new start address isn't hpage aligned and it could
2957 * previously contain an hugepage: check if we need to split
2960 if (start & ~HPAGE_PMD_MASK &&
2961 (start & HPAGE_PMD_MASK) >= vma->vm_start &&
2962 (start & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
2963 split_huge_pmd_address(vma, start);
2966 * If the new end address isn't hpage aligned and it could
2967 * previously contain an hugepage: check if we need to split
2970 if (end & ~HPAGE_PMD_MASK &&
2971 (end & HPAGE_PMD_MASK) >= vma->vm_start &&
2972 (end & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
2973 split_huge_pmd_address(vma, end);
2976 * If we're also updating the vma->vm_next->vm_start, if the new
2977 * vm_next->vm_start isn't page aligned and it could previously
2978 * contain an hugepage: check if we need to split an huge pmd.
2980 if (adjust_next > 0) {
2981 struct vm_area_struct *next = vma->vm_next;
2982 unsigned long nstart = next->vm_start;
2983 nstart += adjust_next << PAGE_SHIFT;
2984 if (nstart & ~HPAGE_PMD_MASK &&
2985 (nstart & HPAGE_PMD_MASK) >= next->vm_start &&
2986 (nstart & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= next->vm_end)
2987 split_huge_pmd_address(next, nstart);
2991 static void freeze_page_vma(struct vm_area_struct *vma, struct page *page,
2992 unsigned long address)
2994 unsigned long haddr = address & HPAGE_PMD_MASK;
3000 int i, nr = HPAGE_PMD_NR;
3002 /* Skip pages which doesn't belong to the VMA */
3003 if (address < vma->vm_start) {
3004 int off = (vma->vm_start - address) >> PAGE_SHIFT;
3007 address = vma->vm_start;
3010 pgd = pgd_offset(vma->vm_mm, address);
3011 if (!pgd_present(*pgd))
3013 pud = pud_offset(pgd, address);
3014 if (!pud_present(*pud))
3016 pmd = pmd_offset(pud, address);
3017 ptl = pmd_lock(vma->vm_mm, pmd);
3018 if (!pmd_present(*pmd)) {
3022 if (pmd_trans_huge(*pmd)) {
3023 if (page == pmd_page(*pmd))
3024 __split_huge_pmd_locked(vma, pmd, haddr, true);
3030 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3031 for (i = 0; i < nr; i++, address += PAGE_SIZE, page++, pte++) {
3032 pte_t entry, swp_pte;
3033 swp_entry_t swp_entry;
3036 * We've just crossed page table boundary: need to map next one.
3037 * It can happen if THP was mremaped to non PMD-aligned address.
3039 if (unlikely(address == haddr + HPAGE_PMD_SIZE)) {
3040 pte_unmap_unlock(pte - 1, ptl);
3041 pmd = mm_find_pmd(vma->vm_mm, address);
3044 pte = pte_offset_map_lock(vma->vm_mm, pmd,
3048 if (!pte_present(*pte))
3050 if (page_to_pfn(page) != pte_pfn(*pte))
3052 flush_cache_page(vma, address, page_to_pfn(page));
3053 entry = ptep_clear_flush(vma, address, pte);
3054 if (pte_dirty(entry))
3056 swp_entry = make_migration_entry(page, pte_write(entry));
3057 swp_pte = swp_entry_to_pte(swp_entry);
3058 if (pte_soft_dirty(entry))
3059 swp_pte = pte_swp_mksoft_dirty(swp_pte);
3060 set_pte_at(vma->vm_mm, address, pte, swp_pte);
3061 page_remove_rmap(page, false);
3064 pte_unmap_unlock(pte - 1, ptl);
3067 static void freeze_page(struct anon_vma *anon_vma, struct page *page)
3069 struct anon_vma_chain *avc;
3070 pgoff_t pgoff = page_to_pgoff(page);
3072 VM_BUG_ON_PAGE(!PageHead(page), page);
3074 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff,
3075 pgoff + HPAGE_PMD_NR - 1) {
3076 unsigned long address = __vma_address(page, avc->vma);
3078 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3079 address, address + HPAGE_PMD_SIZE);
3080 freeze_page_vma(avc->vma, page, address);
3081 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3082 address, address + HPAGE_PMD_SIZE);
3086 static void unfreeze_page_vma(struct vm_area_struct *vma, struct page *page,
3087 unsigned long address)
3092 swp_entry_t swp_entry;
3093 unsigned long haddr = address & HPAGE_PMD_MASK;
3094 int i, nr = HPAGE_PMD_NR;
3096 /* Skip pages which doesn't belong to the VMA */
3097 if (address < vma->vm_start) {
3098 int off = (vma->vm_start - address) >> PAGE_SHIFT;
3101 address = vma->vm_start;
3104 pmd = mm_find_pmd(vma->vm_mm, address);
3108 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3109 for (i = 0; i < nr; i++, address += PAGE_SIZE, page++, pte++) {
3111 * We've just crossed page table boundary: need to map next one.
3112 * It can happen if THP was mremaped to non-PMD aligned address.
3114 if (unlikely(address == haddr + HPAGE_PMD_SIZE)) {
3115 pte_unmap_unlock(pte - 1, ptl);
3116 pmd = mm_find_pmd(vma->vm_mm, address);
3119 pte = pte_offset_map_lock(vma->vm_mm, pmd,
3123 if (!is_swap_pte(*pte))
3126 swp_entry = pte_to_swp_entry(*pte);
3127 if (!is_migration_entry(swp_entry))
3129 if (migration_entry_to_page(swp_entry) != page)
3133 page_add_anon_rmap(page, vma, address, false);
3135 entry = pte_mkold(mk_pte(page, vma->vm_page_prot));
3136 if (PageDirty(page))
3137 entry = pte_mkdirty(entry);
3138 if (is_write_migration_entry(swp_entry))
3139 entry = maybe_mkwrite(entry, vma);
3141 flush_dcache_page(page);
3142 set_pte_at(vma->vm_mm, address, pte, entry);
3144 /* No need to invalidate - it was non-present before */
3145 update_mmu_cache(vma, address, pte);
3147 pte_unmap_unlock(pte - 1, ptl);
3150 static void unfreeze_page(struct anon_vma *anon_vma, struct page *page)
3152 struct anon_vma_chain *avc;
3153 pgoff_t pgoff = page_to_pgoff(page);
3155 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root,
3156 pgoff, pgoff + HPAGE_PMD_NR - 1) {
3157 unsigned long address = __vma_address(page, avc->vma);
3159 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3160 address, address + HPAGE_PMD_SIZE);
3161 unfreeze_page_vma(avc->vma, page, address);
3162 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3163 address, address + HPAGE_PMD_SIZE);
3167 static int __split_huge_page_tail(struct page *head, int tail,
3168 struct lruvec *lruvec, struct list_head *list)
3171 struct page *page_tail = head + tail;
3173 mapcount = atomic_read(&page_tail->_mapcount) + 1;
3174 VM_BUG_ON_PAGE(atomic_read(&page_tail->_count) != 0, page_tail);
3177 * tail_page->_count is zero and not changing from under us. But
3178 * get_page_unless_zero() may be running from under us on the
3179 * tail_page. If we used atomic_set() below instead of atomic_add(), we
3180 * would then run atomic_set() concurrently with
3181 * get_page_unless_zero(), and atomic_set() is implemented in C not
3182 * using locked ops. spin_unlock on x86 sometime uses locked ops
3183 * because of PPro errata 66, 92, so unless somebody can guarantee
3184 * atomic_set() here would be safe on all archs (and not only on x86),
3185 * it's safer to use atomic_add().
3187 atomic_add(mapcount + 1, &page_tail->_count);
3190 page_tail->flags &= ~PAGE_FLAGS_CHECK_AT_PREP;
3191 page_tail->flags |= (head->flags &
3192 ((1L << PG_referenced) |
3193 (1L << PG_swapbacked) |
3194 (1L << PG_mlocked) |
3195 (1L << PG_uptodate) |
3198 (1L << PG_unevictable) |
3202 * After clearing PageTail the gup refcount can be released.
3203 * Page flags also must be visible before we make the page non-compound.
3207 clear_compound_head(page_tail);
3209 if (page_is_young(head))
3210 set_page_young(page_tail);
3211 if (page_is_idle(head))
3212 set_page_idle(page_tail);
3214 /* ->mapping in first tail page is compound_mapcount */
3215 VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING,
3217 page_tail->mapping = head->mapping;
3219 page_tail->index = head->index + tail;
3220 page_cpupid_xchg_last(page_tail, page_cpupid_last(head));
3221 lru_add_page_tail(head, page_tail, lruvec, list);
3226 static void __split_huge_page(struct page *page, struct list_head *list)
3228 struct page *head = compound_head(page);
3229 struct zone *zone = page_zone(head);
3230 struct lruvec *lruvec;
3231 int i, tail_mapcount;
3233 /* prevent PageLRU to go away from under us, and freeze lru stats */
3234 spin_lock_irq(&zone->lru_lock);
3235 lruvec = mem_cgroup_page_lruvec(head, zone);
3237 /* complete memcg works before add pages to LRU */
3238 mem_cgroup_split_huge_fixup(head);
3241 for (i = HPAGE_PMD_NR - 1; i >= 1; i--)
3242 tail_mapcount += __split_huge_page_tail(head, i, lruvec, list);
3243 atomic_sub(tail_mapcount, &head->_count);
3245 ClearPageCompound(head);
3246 spin_unlock_irq(&zone->lru_lock);
3248 unfreeze_page(page_anon_vma(head), head);
3250 for (i = 0; i < HPAGE_PMD_NR; i++) {
3251 struct page *subpage = head + i;
3252 if (subpage == page)
3254 unlock_page(subpage);
3257 * Subpages may be freed if there wasn't any mapping
3258 * like if add_to_swap() is running on a lru page that
3259 * had its mapping zapped. And freeing these pages
3260 * requires taking the lru_lock so we do the put_page
3261 * of the tail pages after the split is complete.
3267 int total_mapcount(struct page *page)
3271 VM_BUG_ON_PAGE(PageTail(page), page);
3273 if (likely(!PageCompound(page)))
3274 return atomic_read(&page->_mapcount) + 1;
3276 ret = compound_mapcount(page);
3279 for (i = 0; i < HPAGE_PMD_NR; i++)
3280 ret += atomic_read(&page[i]._mapcount) + 1;
3281 if (PageDoubleMap(page))
3282 ret -= HPAGE_PMD_NR;
3287 * This function splits huge page into normal pages. @page can point to any
3288 * subpage of huge page to split. Split doesn't change the position of @page.
3290 * Only caller must hold pin on the @page, otherwise split fails with -EBUSY.
3291 * The huge page must be locked.
3293 * If @list is null, tail pages will be added to LRU list, otherwise, to @list.
3295 * Both head page and tail pages will inherit mapping, flags, and so on from
3298 * GUP pin and PG_locked transferred to @page. Rest subpages can be freed if
3299 * they are not mapped.
3301 * Returns 0 if the hugepage is split successfully.
3302 * Returns -EBUSY if the page is pinned or if anon_vma disappeared from under
3305 int split_huge_page_to_list(struct page *page, struct list_head *list)
3307 struct page *head = compound_head(page);
3308 struct anon_vma *anon_vma;
3309 int count, mapcount, ret;
3312 VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
3313 VM_BUG_ON_PAGE(!PageAnon(page), page);
3314 VM_BUG_ON_PAGE(!PageLocked(page), page);
3315 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
3316 VM_BUG_ON_PAGE(!PageCompound(page), page);
3319 * The caller does not necessarily hold an mmap_sem that would prevent
3320 * the anon_vma disappearing so we first we take a reference to it
3321 * and then lock the anon_vma for write. This is similar to
3322 * page_lock_anon_vma_read except the write lock is taken to serialise
3323 * against parallel split or collapse operations.
3325 anon_vma = page_get_anon_vma(head);
3330 anon_vma_lock_write(anon_vma);
3333 * Racy check if we can split the page, before freeze_page() will
3336 if (total_mapcount(head) != page_count(head) - 1) {
3341 mlocked = PageMlocked(page);
3342 freeze_page(anon_vma, head);
3343 VM_BUG_ON_PAGE(compound_mapcount(head), head);
3345 /* Make sure the page is not on per-CPU pagevec as it takes pin */
3349 /* Prevent deferred_split_scan() touching ->_count */
3350 spin_lock(&split_queue_lock);
3351 count = page_count(head);
3352 mapcount = total_mapcount(head);
3353 if (!mapcount && count == 1) {
3354 if (!list_empty(page_deferred_list(head))) {
3356 list_del(page_deferred_list(head));
3358 spin_unlock(&split_queue_lock);
3359 __split_huge_page(page, list);
3361 } else if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount) {
3362 spin_unlock(&split_queue_lock);
3363 pr_alert("total_mapcount: %u, page_count(): %u\n",
3366 dump_page(head, NULL);
3367 dump_page(page, "total_mapcount(head) > 0");
3370 spin_unlock(&split_queue_lock);
3371 unfreeze_page(anon_vma, head);
3376 anon_vma_unlock_write(anon_vma);
3377 put_anon_vma(anon_vma);
3379 count_vm_event(!ret ? THP_SPLIT_PAGE : THP_SPLIT_PAGE_FAILED);
3383 void free_transhuge_page(struct page *page)
3385 unsigned long flags;
3387 spin_lock_irqsave(&split_queue_lock, flags);
3388 if (!list_empty(page_deferred_list(page))) {
3390 list_del(page_deferred_list(page));
3392 spin_unlock_irqrestore(&split_queue_lock, flags);
3393 free_compound_page(page);
3396 void deferred_split_huge_page(struct page *page)
3398 unsigned long flags;
3400 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
3402 spin_lock_irqsave(&split_queue_lock, flags);
3403 if (list_empty(page_deferred_list(page))) {
3404 list_add_tail(page_deferred_list(page), &split_queue);
3407 spin_unlock_irqrestore(&split_queue_lock, flags);
3410 static unsigned long deferred_split_count(struct shrinker *shrink,
3411 struct shrink_control *sc)
3414 * Split a page from split_queue will free up at least one page,
3415 * at most HPAGE_PMD_NR - 1. We don't track exact number.
3416 * Let's use HPAGE_PMD_NR / 2 as ballpark.
3418 return ACCESS_ONCE(split_queue_len) * HPAGE_PMD_NR / 2;
3421 static unsigned long deferred_split_scan(struct shrinker *shrink,
3422 struct shrink_control *sc)
3424 unsigned long flags;
3425 LIST_HEAD(list), *pos, *next;
3429 spin_lock_irqsave(&split_queue_lock, flags);
3430 list_splice_init(&split_queue, &list);
3432 /* Take pin on all head pages to avoid freeing them under us */
3433 list_for_each_safe(pos, next, &list) {
3434 page = list_entry((void *)pos, struct page, mapping);
3435 page = compound_head(page);
3436 /* race with put_compound_page() */
3437 if (!get_page_unless_zero(page)) {
3438 list_del_init(page_deferred_list(page));
3442 spin_unlock_irqrestore(&split_queue_lock, flags);
3444 list_for_each_safe(pos, next, &list) {
3445 page = list_entry((void *)pos, struct page, mapping);
3447 /* split_huge_page() removes page from list on success */
3448 if (!split_huge_page(page))
3454 spin_lock_irqsave(&split_queue_lock, flags);
3455 list_splice_tail(&list, &split_queue);
3456 spin_unlock_irqrestore(&split_queue_lock, flags);
3458 return split * HPAGE_PMD_NR / 2;
3461 static struct shrinker deferred_split_shrinker = {
3462 .count_objects = deferred_split_count,
3463 .scan_objects = deferred_split_scan,
3464 .seeks = DEFAULT_SEEKS,
3467 #ifdef CONFIG_DEBUG_FS
3468 static int split_huge_pages_set(void *data, u64 val)
3472 unsigned long pfn, max_zone_pfn;
3473 unsigned long total = 0, split = 0;
3478 for_each_populated_zone(zone) {
3479 max_zone_pfn = zone_end_pfn(zone);
3480 for (pfn = zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) {
3481 if (!pfn_valid(pfn))
3484 page = pfn_to_page(pfn);
3485 if (!get_page_unless_zero(page))
3488 if (zone != page_zone(page))
3491 if (!PageHead(page) || !PageAnon(page) ||
3497 if (!split_huge_page(page))
3505 pr_info("%lu of %lu THP split", split, total);
3509 DEFINE_SIMPLE_ATTRIBUTE(split_huge_pages_fops, NULL, split_huge_pages_set,
3512 static int __init split_huge_pages_debugfs(void)
3516 ret = debugfs_create_file("split_huge_pages", 0644, NULL, NULL,
3517 &split_huge_pages_fops);
3519 pr_warn("Failed to create split_huge_pages in debugfs");
3522 late_initcall(split_huge_pages_debugfs);
projects / karo-tx-linux.git / blob