2 * Copyright (C) 2009 Red Hat, Inc.
4 * This work is licensed under the terms of the GNU GPL, version 2. See
5 * the COPYING file in the top-level directory.
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 #include <linux/sched.h>
12 #include <linux/highmem.h>
13 #include <linux/hugetlb.h>
14 #include <linux/mmu_notifier.h>
15 #include <linux/rmap.h>
16 #include <linux/swap.h>
17 #include <linux/shrinker.h>
18 #include <linux/mm_inline.h>
19 #include <linux/dax.h>
20 #include <linux/kthread.h>
21 #include <linux/khugepaged.h>
22 #include <linux/freezer.h>
23 #include <linux/mman.h>
24 #include <linux/pagemap.h>
25 #include <linux/migrate.h>
26 #include <linux/hashtable.h>
27 #include <linux/userfaultfd_k.h>
28 #include <linux/page_idle.h>
29 #include <linux/swapops.h>
32 #include <asm/pgalloc.h>
42 SCAN_NO_REFERENCED_PAGE,
56 SCAN_ALLOC_HUGE_PAGE_FAIL,
57 SCAN_CGROUP_CHARGE_FAIL,
61 #define CREATE_TRACE_POINTS
62 #include <trace/events/huge_memory.h>
65 * By default transparent hugepage support is disabled in order that avoid
66 * to risk increase the memory footprint of applications without a guaranteed
67 * benefit. When transparent hugepage support is enabled, is for all mappings,
68 * and khugepaged scans all mappings.
69 * Defrag is invoked by khugepaged hugepage allocations and by page faults
70 * for all hugepage allocations.
72 unsigned long transparent_hugepage_flags __read_mostly =
73 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS
74 (1<<TRANSPARENT_HUGEPAGE_FLAG)|
76 #ifdef CONFIG_TRANSPARENT_HUGEPAGE_MADVISE
77 (1<<TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG)|
79 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_FLAG)|
80 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG)|
81 (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
83 /* default scan 8*512 pte (or vmas) every 30 second */
84 static unsigned int khugepaged_pages_to_scan __read_mostly = HPAGE_PMD_NR*8;
85 static unsigned int khugepaged_pages_collapsed;
86 static unsigned int khugepaged_full_scans;
87 static unsigned int khugepaged_scan_sleep_millisecs __read_mostly = 10000;
88 /* during fragmentation poll the hugepage allocator once every minute */
89 static unsigned int khugepaged_alloc_sleep_millisecs __read_mostly = 60000;
90 static struct task_struct *khugepaged_thread __read_mostly;
91 static DEFINE_MUTEX(khugepaged_mutex);
92 static DEFINE_SPINLOCK(khugepaged_mm_lock);
93 static DECLARE_WAIT_QUEUE_HEAD(khugepaged_wait);
95 * default collapse hugepages if there is at least one pte mapped like
96 * it would have happened if the vma was large enough during page
99 static unsigned int khugepaged_max_ptes_none __read_mostly = HPAGE_PMD_NR-1;
100 static unsigned int khugepaged_max_ptes_swap __read_mostly = HPAGE_PMD_NR/8;
102 static int khugepaged(void *none);
103 static int khugepaged_slab_init(void);
104 static void khugepaged_slab_exit(void);
106 #define MM_SLOTS_HASH_BITS 10
107 static __read_mostly DEFINE_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
109 static struct kmem_cache *mm_slot_cache __read_mostly;
112 * struct mm_slot - hash lookup from mm to mm_slot
113 * @hash: hash collision list
114 * @mm_node: khugepaged scan list headed in khugepaged_scan.mm_head
115 * @mm: the mm that this information is valid for
118 struct hlist_node hash;
119 struct list_head mm_node;
120 struct mm_struct *mm;
124 * struct khugepaged_scan - cursor for scanning
125 * @mm_head: the head of the mm list to scan
126 * @mm_slot: the current mm_slot we are scanning
127 * @address: the next address inside that to be scanned
129 * There is only the one khugepaged_scan instance of this cursor structure.
131 struct khugepaged_scan {
132 struct list_head mm_head;
133 struct mm_slot *mm_slot;
134 unsigned long address;
136 static struct khugepaged_scan khugepaged_scan = {
137 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head),
140 static DEFINE_SPINLOCK(split_queue_lock);
141 static LIST_HEAD(split_queue);
142 static unsigned long split_queue_len;
143 static struct shrinker deferred_split_shrinker;
145 static void set_recommended_min_free_kbytes(void)
149 unsigned long recommended_min;
151 for_each_populated_zone(zone)
154 /* Ensure 2 pageblocks are free to assist fragmentation avoidance */
155 recommended_min = pageblock_nr_pages * nr_zones * 2;
158 * Make sure that on average at least two pageblocks are almost free
159 * of another type, one for a migratetype to fall back to and a
160 * second to avoid subsequent fallbacks of other types There are 3
161 * MIGRATE_TYPES we care about.
163 recommended_min += pageblock_nr_pages * nr_zones *
164 MIGRATE_PCPTYPES * MIGRATE_PCPTYPES;
166 /* don't ever allow to reserve more than 5% of the lowmem */
167 recommended_min = min(recommended_min,
168 (unsigned long) nr_free_buffer_pages() / 20);
169 recommended_min <<= (PAGE_SHIFT-10);
171 if (recommended_min > min_free_kbytes) {
172 if (user_min_free_kbytes >= 0)
173 pr_info("raising min_free_kbytes from %d to %lu "
174 "to help transparent hugepage allocations\n",
175 min_free_kbytes, recommended_min);
177 min_free_kbytes = recommended_min;
179 setup_per_zone_wmarks();
182 static int start_stop_khugepaged(void)
185 if (khugepaged_enabled()) {
186 if (!khugepaged_thread)
187 khugepaged_thread = kthread_run(khugepaged, NULL,
189 if (IS_ERR(khugepaged_thread)) {
190 pr_err("khugepaged: kthread_run(khugepaged) failed\n");
191 err = PTR_ERR(khugepaged_thread);
192 khugepaged_thread = NULL;
196 if (!list_empty(&khugepaged_scan.mm_head))
197 wake_up_interruptible(&khugepaged_wait);
199 set_recommended_min_free_kbytes();
200 } else if (khugepaged_thread) {
201 kthread_stop(khugepaged_thread);
202 khugepaged_thread = NULL;
208 static atomic_t huge_zero_refcount;
209 struct page *huge_zero_page __read_mostly;
211 struct page *get_huge_zero_page(void)
213 struct page *zero_page;
215 if (likely(atomic_inc_not_zero(&huge_zero_refcount)))
216 return READ_ONCE(huge_zero_page);
218 zero_page = alloc_pages((GFP_TRANSHUGE | __GFP_ZERO) & ~__GFP_MOVABLE,
221 count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED);
224 count_vm_event(THP_ZERO_PAGE_ALLOC);
226 if (cmpxchg(&huge_zero_page, NULL, zero_page)) {
228 __free_pages(zero_page, compound_order(zero_page));
232 /* We take additional reference here. It will be put back by shrinker */
233 atomic_set(&huge_zero_refcount, 2);
235 return READ_ONCE(huge_zero_page);
238 static void put_huge_zero_page(void)
241 * Counter should never go to zero here. Only shrinker can put
244 BUG_ON(atomic_dec_and_test(&huge_zero_refcount));
247 static unsigned long shrink_huge_zero_page_count(struct shrinker *shrink,
248 struct shrink_control *sc)
250 /* we can free zero page only if last reference remains */
251 return atomic_read(&huge_zero_refcount) == 1 ? HPAGE_PMD_NR : 0;
254 static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink,
255 struct shrink_control *sc)
257 if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) {
258 struct page *zero_page = xchg(&huge_zero_page, NULL);
259 BUG_ON(zero_page == NULL);
260 __free_pages(zero_page, compound_order(zero_page));
267 static struct shrinker huge_zero_page_shrinker = {
268 .count_objects = shrink_huge_zero_page_count,
269 .scan_objects = shrink_huge_zero_page_scan,
270 .seeks = DEFAULT_SEEKS,
275 static ssize_t double_flag_show(struct kobject *kobj,
276 struct kobj_attribute *attr, char *buf,
277 enum transparent_hugepage_flag enabled,
278 enum transparent_hugepage_flag req_madv)
280 if (test_bit(enabled, &transparent_hugepage_flags)) {
281 VM_BUG_ON(test_bit(req_madv, &transparent_hugepage_flags));
282 return sprintf(buf, "[always] madvise never\n");
283 } else if (test_bit(req_madv, &transparent_hugepage_flags))
284 return sprintf(buf, "always [madvise] never\n");
286 return sprintf(buf, "always madvise [never]\n");
288 static ssize_t double_flag_store(struct kobject *kobj,
289 struct kobj_attribute *attr,
290 const char *buf, size_t count,
291 enum transparent_hugepage_flag enabled,
292 enum transparent_hugepage_flag req_madv)
294 if (!memcmp("always", buf,
295 min(sizeof("always")-1, count))) {
296 set_bit(enabled, &transparent_hugepage_flags);
297 clear_bit(req_madv, &transparent_hugepage_flags);
298 } else if (!memcmp("madvise", buf,
299 min(sizeof("madvise")-1, count))) {
300 clear_bit(enabled, &transparent_hugepage_flags);
301 set_bit(req_madv, &transparent_hugepage_flags);
302 } else if (!memcmp("never", buf,
303 min(sizeof("never")-1, count))) {
304 clear_bit(enabled, &transparent_hugepage_flags);
305 clear_bit(req_madv, &transparent_hugepage_flags);
312 static ssize_t enabled_show(struct kobject *kobj,
313 struct kobj_attribute *attr, char *buf)
315 return double_flag_show(kobj, attr, buf,
316 TRANSPARENT_HUGEPAGE_FLAG,
317 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
319 static ssize_t enabled_store(struct kobject *kobj,
320 struct kobj_attribute *attr,
321 const char *buf, size_t count)
325 ret = double_flag_store(kobj, attr, buf, count,
326 TRANSPARENT_HUGEPAGE_FLAG,
327 TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG);
332 mutex_lock(&khugepaged_mutex);
333 err = start_stop_khugepaged();
334 mutex_unlock(&khugepaged_mutex);
342 static struct kobj_attribute enabled_attr =
343 __ATTR(enabled, 0644, enabled_show, enabled_store);
345 static ssize_t single_flag_show(struct kobject *kobj,
346 struct kobj_attribute *attr, char *buf,
347 enum transparent_hugepage_flag flag)
349 return sprintf(buf, "%d\n",
350 !!test_bit(flag, &transparent_hugepage_flags));
353 static ssize_t single_flag_store(struct kobject *kobj,
354 struct kobj_attribute *attr,
355 const char *buf, size_t count,
356 enum transparent_hugepage_flag flag)
361 ret = kstrtoul(buf, 10, &value);
368 set_bit(flag, &transparent_hugepage_flags);
370 clear_bit(flag, &transparent_hugepage_flags);
376 * Currently defrag only disables __GFP_NOWAIT for allocation. A blind
377 * __GFP_REPEAT is too aggressive, it's never worth swapping tons of
378 * memory just to allocate one more hugepage.
380 static ssize_t defrag_show(struct kobject *kobj,
381 struct kobj_attribute *attr, char *buf)
383 return double_flag_show(kobj, attr, buf,
384 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
385 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
387 static ssize_t defrag_store(struct kobject *kobj,
388 struct kobj_attribute *attr,
389 const char *buf, size_t count)
391 return double_flag_store(kobj, attr, buf, count,
392 TRANSPARENT_HUGEPAGE_DEFRAG_FLAG,
393 TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG);
395 static struct kobj_attribute defrag_attr =
396 __ATTR(defrag, 0644, defrag_show, defrag_store);
398 static ssize_t use_zero_page_show(struct kobject *kobj,
399 struct kobj_attribute *attr, char *buf)
401 return single_flag_show(kobj, attr, buf,
402 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
404 static ssize_t use_zero_page_store(struct kobject *kobj,
405 struct kobj_attribute *attr, const char *buf, size_t count)
407 return single_flag_store(kobj, attr, buf, count,
408 TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG);
410 static struct kobj_attribute use_zero_page_attr =
411 __ATTR(use_zero_page, 0644, use_zero_page_show, use_zero_page_store);
412 #ifdef CONFIG_DEBUG_VM
413 static ssize_t debug_cow_show(struct kobject *kobj,
414 struct kobj_attribute *attr, char *buf)
416 return single_flag_show(kobj, attr, buf,
417 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
419 static ssize_t debug_cow_store(struct kobject *kobj,
420 struct kobj_attribute *attr,
421 const char *buf, size_t count)
423 return single_flag_store(kobj, attr, buf, count,
424 TRANSPARENT_HUGEPAGE_DEBUG_COW_FLAG);
426 static struct kobj_attribute debug_cow_attr =
427 __ATTR(debug_cow, 0644, debug_cow_show, debug_cow_store);
428 #endif /* CONFIG_DEBUG_VM */
430 static struct attribute *hugepage_attr[] = {
433 &use_zero_page_attr.attr,
434 #ifdef CONFIG_DEBUG_VM
435 &debug_cow_attr.attr,
440 static struct attribute_group hugepage_attr_group = {
441 .attrs = hugepage_attr,
444 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj,
445 struct kobj_attribute *attr,
448 return sprintf(buf, "%u\n", khugepaged_scan_sleep_millisecs);
451 static ssize_t scan_sleep_millisecs_store(struct kobject *kobj,
452 struct kobj_attribute *attr,
453 const char *buf, size_t count)
458 err = kstrtoul(buf, 10, &msecs);
459 if (err || msecs > UINT_MAX)
462 khugepaged_scan_sleep_millisecs = msecs;
463 wake_up_interruptible(&khugepaged_wait);
467 static struct kobj_attribute scan_sleep_millisecs_attr =
468 __ATTR(scan_sleep_millisecs, 0644, scan_sleep_millisecs_show,
469 scan_sleep_millisecs_store);
471 static ssize_t alloc_sleep_millisecs_show(struct kobject *kobj,
472 struct kobj_attribute *attr,
475 return sprintf(buf, "%u\n", khugepaged_alloc_sleep_millisecs);
478 static ssize_t alloc_sleep_millisecs_store(struct kobject *kobj,
479 struct kobj_attribute *attr,
480 const char *buf, size_t count)
485 err = kstrtoul(buf, 10, &msecs);
486 if (err || msecs > UINT_MAX)
489 khugepaged_alloc_sleep_millisecs = msecs;
490 wake_up_interruptible(&khugepaged_wait);
494 static struct kobj_attribute alloc_sleep_millisecs_attr =
495 __ATTR(alloc_sleep_millisecs, 0644, alloc_sleep_millisecs_show,
496 alloc_sleep_millisecs_store);
498 static ssize_t pages_to_scan_show(struct kobject *kobj,
499 struct kobj_attribute *attr,
502 return sprintf(buf, "%u\n", khugepaged_pages_to_scan);
504 static ssize_t pages_to_scan_store(struct kobject *kobj,
505 struct kobj_attribute *attr,
506 const char *buf, size_t count)
511 err = kstrtoul(buf, 10, &pages);
512 if (err || !pages || pages > UINT_MAX)
515 khugepaged_pages_to_scan = pages;
519 static struct kobj_attribute pages_to_scan_attr =
520 __ATTR(pages_to_scan, 0644, pages_to_scan_show,
521 pages_to_scan_store);
523 static ssize_t pages_collapsed_show(struct kobject *kobj,
524 struct kobj_attribute *attr,
527 return sprintf(buf, "%u\n", khugepaged_pages_collapsed);
529 static struct kobj_attribute pages_collapsed_attr =
530 __ATTR_RO(pages_collapsed);
532 static ssize_t full_scans_show(struct kobject *kobj,
533 struct kobj_attribute *attr,
536 return sprintf(buf, "%u\n", khugepaged_full_scans);
538 static struct kobj_attribute full_scans_attr =
539 __ATTR_RO(full_scans);
541 static ssize_t khugepaged_defrag_show(struct kobject *kobj,
542 struct kobj_attribute *attr, char *buf)
544 return single_flag_show(kobj, attr, buf,
545 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
547 static ssize_t khugepaged_defrag_store(struct kobject *kobj,
548 struct kobj_attribute *attr,
549 const char *buf, size_t count)
551 return single_flag_store(kobj, attr, buf, count,
552 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
554 static struct kobj_attribute khugepaged_defrag_attr =
555 __ATTR(defrag, 0644, khugepaged_defrag_show,
556 khugepaged_defrag_store);
559 * max_ptes_none controls if khugepaged should collapse hugepages over
560 * any unmapped ptes in turn potentially increasing the memory
561 * footprint of the vmas. When max_ptes_none is 0 khugepaged will not
562 * reduce the available free memory in the system as it
563 * runs. Increasing max_ptes_none will instead potentially reduce the
564 * free memory in the system during the khugepaged scan.
566 static ssize_t khugepaged_max_ptes_none_show(struct kobject *kobj,
567 struct kobj_attribute *attr,
570 return sprintf(buf, "%u\n", khugepaged_max_ptes_none);
572 static ssize_t khugepaged_max_ptes_none_store(struct kobject *kobj,
573 struct kobj_attribute *attr,
574 const char *buf, size_t count)
577 unsigned long max_ptes_none;
579 err = kstrtoul(buf, 10, &max_ptes_none);
580 if (err || max_ptes_none > HPAGE_PMD_NR-1)
583 khugepaged_max_ptes_none = max_ptes_none;
587 static struct kobj_attribute khugepaged_max_ptes_none_attr =
588 __ATTR(max_ptes_none, 0644, khugepaged_max_ptes_none_show,
589 khugepaged_max_ptes_none_store);
591 static ssize_t khugepaged_max_ptes_swap_show(struct kobject *kobj,
592 struct kobj_attribute *attr,
595 return sprintf(buf, "%u\n", khugepaged_max_ptes_swap);
598 static ssize_t khugepaged_max_ptes_swap_store(struct kobject *kobj,
599 struct kobj_attribute *attr,
600 const char *buf, size_t count)
603 unsigned long max_ptes_swap;
605 err = kstrtoul(buf, 10, &max_ptes_swap);
606 if (err || max_ptes_swap > HPAGE_PMD_NR-1)
609 khugepaged_max_ptes_swap = max_ptes_swap;
614 static struct kobj_attribute khugepaged_max_ptes_swap_attr =
615 __ATTR(max_ptes_swap, 0644, khugepaged_max_ptes_swap_show,
616 khugepaged_max_ptes_swap_store);
618 static struct attribute *khugepaged_attr[] = {
619 &khugepaged_defrag_attr.attr,
620 &khugepaged_max_ptes_none_attr.attr,
621 &pages_to_scan_attr.attr,
622 &pages_collapsed_attr.attr,
623 &full_scans_attr.attr,
624 &scan_sleep_millisecs_attr.attr,
625 &alloc_sleep_millisecs_attr.attr,
626 &khugepaged_max_ptes_swap_attr.attr,
630 static struct attribute_group khugepaged_attr_group = {
631 .attrs = khugepaged_attr,
632 .name = "khugepaged",
635 static int __init hugepage_init_sysfs(struct kobject **hugepage_kobj)
639 *hugepage_kobj = kobject_create_and_add("transparent_hugepage", mm_kobj);
640 if (unlikely(!*hugepage_kobj)) {
641 pr_err("failed to create transparent hugepage kobject\n");
645 err = sysfs_create_group(*hugepage_kobj, &hugepage_attr_group);
647 pr_err("failed to register transparent hugepage group\n");
651 err = sysfs_create_group(*hugepage_kobj, &khugepaged_attr_group);
653 pr_err("failed to register transparent hugepage group\n");
654 goto remove_hp_group;
660 sysfs_remove_group(*hugepage_kobj, &hugepage_attr_group);
662 kobject_put(*hugepage_kobj);
666 static void __init hugepage_exit_sysfs(struct kobject *hugepage_kobj)
668 sysfs_remove_group(hugepage_kobj, &khugepaged_attr_group);
669 sysfs_remove_group(hugepage_kobj, &hugepage_attr_group);
670 kobject_put(hugepage_kobj);
673 static inline int hugepage_init_sysfs(struct kobject **hugepage_kobj)
678 static inline void hugepage_exit_sysfs(struct kobject *hugepage_kobj)
681 #endif /* CONFIG_SYSFS */
683 static int __init hugepage_init(void)
686 struct kobject *hugepage_kobj;
688 if (!has_transparent_hugepage()) {
689 transparent_hugepage_flags = 0;
693 err = hugepage_init_sysfs(&hugepage_kobj);
697 err = khugepaged_slab_init();
701 err = register_shrinker(&huge_zero_page_shrinker);
703 goto err_hzp_shrinker;
704 err = register_shrinker(&deferred_split_shrinker);
706 goto err_split_shrinker;
709 * By default disable transparent hugepages on smaller systems,
710 * where the extra memory used could hurt more than TLB overhead
711 * is likely to save. The admin can still enable it through /sys.
713 if (totalram_pages < (512 << (20 - PAGE_SHIFT))) {
714 transparent_hugepage_flags = 0;
718 err = start_stop_khugepaged();
724 unregister_shrinker(&deferred_split_shrinker);
726 unregister_shrinker(&huge_zero_page_shrinker);
728 khugepaged_slab_exit();
730 hugepage_exit_sysfs(hugepage_kobj);
734 subsys_initcall(hugepage_init);
736 static int __init setup_transparent_hugepage(char *str)
741 if (!strcmp(str, "always")) {
742 set_bit(TRANSPARENT_HUGEPAGE_FLAG,
743 &transparent_hugepage_flags);
744 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
745 &transparent_hugepage_flags);
747 } else if (!strcmp(str, "madvise")) {
748 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
749 &transparent_hugepage_flags);
750 set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
751 &transparent_hugepage_flags);
753 } else if (!strcmp(str, "never")) {
754 clear_bit(TRANSPARENT_HUGEPAGE_FLAG,
755 &transparent_hugepage_flags);
756 clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG,
757 &transparent_hugepage_flags);
762 pr_warn("transparent_hugepage= cannot parse, ignored\n");
765 __setup("transparent_hugepage=", setup_transparent_hugepage);
767 pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma)
769 if (likely(vma->vm_flags & VM_WRITE))
770 pmd = pmd_mkwrite(pmd);
774 static inline pmd_t mk_huge_pmd(struct page *page, pgprot_t prot)
777 entry = mk_pmd(page, prot);
778 entry = pmd_mkhuge(entry);
782 static inline struct list_head *page_deferred_list(struct page *page)
785 * ->lru in the tail pages is occupied by compound_head.
786 * Let's use ->mapping + ->index in the second tail page as list_head.
788 return (struct list_head *)&page[2].mapping;
791 void prep_transhuge_page(struct page *page)
794 * we use page->mapping and page->indexlru in second tail page
795 * as list_head: assuming THP order >= 2
797 BUILD_BUG_ON(HPAGE_PMD_ORDER < 2);
799 INIT_LIST_HEAD(page_deferred_list(page));
800 set_compound_page_dtor(page, TRANSHUGE_PAGE_DTOR);
803 static int __do_huge_pmd_anonymous_page(struct mm_struct *mm,
804 struct vm_area_struct *vma,
805 unsigned long address, pmd_t *pmd,
806 struct page *page, gfp_t gfp,
809 struct mem_cgroup *memcg;
812 unsigned long haddr = address & HPAGE_PMD_MASK;
814 VM_BUG_ON_PAGE(!PageCompound(page), page);
816 if (mem_cgroup_try_charge(page, mm, gfp, &memcg, true)) {
818 count_vm_event(THP_FAULT_FALLBACK);
819 return VM_FAULT_FALLBACK;
822 pgtable = pte_alloc_one(mm, haddr);
823 if (unlikely(!pgtable)) {
824 mem_cgroup_cancel_charge(page, memcg, true);
829 clear_huge_page(page, haddr, HPAGE_PMD_NR);
831 * The memory barrier inside __SetPageUptodate makes sure that
832 * clear_huge_page writes become visible before the set_pmd_at()
835 __SetPageUptodate(page);
837 ptl = pmd_lock(mm, pmd);
838 if (unlikely(!pmd_none(*pmd))) {
840 mem_cgroup_cancel_charge(page, memcg, true);
842 pte_free(mm, pgtable);
846 /* Deliver the page fault to userland */
847 if (userfaultfd_missing(vma)) {
851 mem_cgroup_cancel_charge(page, memcg, true);
853 pte_free(mm, pgtable);
854 ret = handle_userfault(vma, address, flags,
856 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
860 entry = mk_huge_pmd(page, vma->vm_page_prot);
861 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
862 page_add_new_anon_rmap(page, vma, haddr, true);
863 mem_cgroup_commit_charge(page, memcg, false, true);
864 lru_cache_add_active_or_unevictable(page, vma);
865 pgtable_trans_huge_deposit(mm, pmd, pgtable);
866 set_pmd_at(mm, haddr, pmd, entry);
867 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
868 atomic_long_inc(&mm->nr_ptes);
870 count_vm_event(THP_FAULT_ALLOC);
876 static inline gfp_t alloc_hugepage_gfpmask(int defrag, gfp_t extra_gfp)
878 return (GFP_TRANSHUGE & ~(defrag ? 0 : __GFP_RECLAIM)) | extra_gfp;
881 /* Caller must hold page table lock. */
882 static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm,
883 struct vm_area_struct *vma, unsigned long haddr, pmd_t *pmd,
884 struct page *zero_page)
889 entry = mk_pmd(zero_page, vma->vm_page_prot);
890 entry = pmd_mkhuge(entry);
891 pgtable_trans_huge_deposit(mm, pmd, pgtable);
892 set_pmd_at(mm, haddr, pmd, entry);
893 atomic_long_inc(&mm->nr_ptes);
897 int do_huge_pmd_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
898 unsigned long address, pmd_t *pmd,
903 unsigned long haddr = address & HPAGE_PMD_MASK;
905 if (haddr < vma->vm_start || haddr + HPAGE_PMD_SIZE > vma->vm_end)
906 return VM_FAULT_FALLBACK;
907 if (unlikely(anon_vma_prepare(vma)))
909 if (unlikely(khugepaged_enter(vma, vma->vm_flags)))
911 if (!(flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(mm) &&
912 transparent_hugepage_use_zero_page()) {
915 struct page *zero_page;
918 pgtable = pte_alloc_one(mm, haddr);
919 if (unlikely(!pgtable))
921 zero_page = get_huge_zero_page();
922 if (unlikely(!zero_page)) {
923 pte_free(mm, pgtable);
924 count_vm_event(THP_FAULT_FALLBACK);
925 return VM_FAULT_FALLBACK;
927 ptl = pmd_lock(mm, pmd);
930 if (pmd_none(*pmd)) {
931 if (userfaultfd_missing(vma)) {
933 ret = handle_userfault(vma, address, flags,
935 VM_BUG_ON(ret & VM_FAULT_FALLBACK);
937 set_huge_zero_page(pgtable, mm, vma,
946 pte_free(mm, pgtable);
947 put_huge_zero_page();
951 gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
952 page = alloc_hugepage_vma(gfp, vma, haddr, HPAGE_PMD_ORDER);
953 if (unlikely(!page)) {
954 count_vm_event(THP_FAULT_FALLBACK);
955 return VM_FAULT_FALLBACK;
957 prep_transhuge_page(page);
958 return __do_huge_pmd_anonymous_page(mm, vma, address, pmd, page, gfp,
962 static void insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
963 pmd_t *pmd, unsigned long pfn, pgprot_t prot, bool write)
965 struct mm_struct *mm = vma->vm_mm;
969 ptl = pmd_lock(mm, pmd);
970 if (pmd_none(*pmd)) {
971 entry = pmd_mkhuge(pfn_pmd(pfn, prot));
973 entry = pmd_mkyoung(pmd_mkdirty(entry));
974 entry = maybe_pmd_mkwrite(entry, vma);
976 set_pmd_at(mm, addr, pmd, entry);
977 update_mmu_cache_pmd(vma, addr, pmd);
982 int vmf_insert_pfn_pmd(struct vm_area_struct *vma, unsigned long addr,
983 pmd_t *pmd, unsigned long pfn, bool write)
985 pgprot_t pgprot = vma->vm_page_prot;
987 * If we had pmd_special, we could avoid all these restrictions,
988 * but we need to be consistent with PTEs and architectures that
989 * can't support a 'special' bit.
991 BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)));
992 BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) ==
993 (VM_PFNMAP|VM_MIXEDMAP));
994 BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));
995 BUG_ON((vma->vm_flags & VM_MIXEDMAP) && pfn_valid(pfn));
997 if (addr < vma->vm_start || addr >= vma->vm_end)
998 return VM_FAULT_SIGBUS;
999 if (track_pfn_insert(vma, &pgprot, pfn))
1000 return VM_FAULT_SIGBUS;
1001 insert_pfn_pmd(vma, addr, pmd, pfn, pgprot, write);
1002 return VM_FAULT_NOPAGE;
1005 int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
1006 pmd_t *dst_pmd, pmd_t *src_pmd, unsigned long addr,
1007 struct vm_area_struct *vma)
1009 spinlock_t *dst_ptl, *src_ptl;
1010 struct page *src_page;
1016 pgtable = pte_alloc_one(dst_mm, addr);
1017 if (unlikely(!pgtable))
1020 dst_ptl = pmd_lock(dst_mm, dst_pmd);
1021 src_ptl = pmd_lockptr(src_mm, src_pmd);
1022 spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
1026 if (unlikely(!pmd_trans_huge(pmd))) {
1027 pte_free(dst_mm, pgtable);
1031 * When page table lock is held, the huge zero pmd should not be
1032 * under splitting since we don't split the page itself, only pmd to
1035 if (is_huge_zero_pmd(pmd)) {
1036 struct page *zero_page;
1038 * get_huge_zero_page() will never allocate a new page here,
1039 * since we already have a zero page to copy. It just takes a
1042 zero_page = get_huge_zero_page();
1043 set_huge_zero_page(pgtable, dst_mm, vma, addr, dst_pmd,
1049 src_page = pmd_page(pmd);
1050 VM_BUG_ON_PAGE(!PageHead(src_page), src_page);
1052 page_dup_rmap(src_page, true);
1053 add_mm_counter(dst_mm, MM_ANONPAGES, HPAGE_PMD_NR);
1055 pmdp_set_wrprotect(src_mm, addr, src_pmd);
1056 pmd = pmd_mkold(pmd_wrprotect(pmd));
1057 pgtable_trans_huge_deposit(dst_mm, dst_pmd, pgtable);
1058 set_pmd_at(dst_mm, addr, dst_pmd, pmd);
1059 atomic_long_inc(&dst_mm->nr_ptes);
1063 spin_unlock(src_ptl);
1064 spin_unlock(dst_ptl);
1069 void huge_pmd_set_accessed(struct mm_struct *mm,
1070 struct vm_area_struct *vma,
1071 unsigned long address,
1072 pmd_t *pmd, pmd_t orig_pmd,
1077 unsigned long haddr;
1079 ptl = pmd_lock(mm, pmd);
1080 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1083 entry = pmd_mkyoung(orig_pmd);
1084 haddr = address & HPAGE_PMD_MASK;
1085 if (pmdp_set_access_flags(vma, haddr, pmd, entry, dirty))
1086 update_mmu_cache_pmd(vma, address, pmd);
1092 static int do_huge_pmd_wp_page_fallback(struct mm_struct *mm,
1093 struct vm_area_struct *vma,
1094 unsigned long address,
1095 pmd_t *pmd, pmd_t orig_pmd,
1097 unsigned long haddr)
1099 struct mem_cgroup *memcg;
1104 struct page **pages;
1105 unsigned long mmun_start; /* For mmu_notifiers */
1106 unsigned long mmun_end; /* For mmu_notifiers */
1108 pages = kmalloc(sizeof(struct page *) * HPAGE_PMD_NR,
1110 if (unlikely(!pages)) {
1111 ret |= VM_FAULT_OOM;
1115 for (i = 0; i < HPAGE_PMD_NR; i++) {
1116 pages[i] = alloc_page_vma_node(GFP_HIGHUSER_MOVABLE |
1118 vma, address, page_to_nid(page));
1119 if (unlikely(!pages[i] ||
1120 mem_cgroup_try_charge(pages[i], mm, GFP_KERNEL,
1125 memcg = (void *)page_private(pages[i]);
1126 set_page_private(pages[i], 0);
1127 mem_cgroup_cancel_charge(pages[i], memcg,
1132 ret |= VM_FAULT_OOM;
1135 set_page_private(pages[i], (unsigned long)memcg);
1138 for (i = 0; i < HPAGE_PMD_NR; i++) {
1139 copy_user_highpage(pages[i], page + i,
1140 haddr + PAGE_SIZE * i, vma);
1141 __SetPageUptodate(pages[i]);
1146 mmun_end = haddr + HPAGE_PMD_SIZE;
1147 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1149 ptl = pmd_lock(mm, pmd);
1150 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1151 goto out_free_pages;
1152 VM_BUG_ON_PAGE(!PageHead(page), page);
1154 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1155 /* leave pmd empty until pte is filled */
1157 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
1158 pmd_populate(mm, &_pmd, pgtable);
1160 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
1162 entry = mk_pte(pages[i], vma->vm_page_prot);
1163 entry = maybe_mkwrite(pte_mkdirty(entry), vma);
1164 memcg = (void *)page_private(pages[i]);
1165 set_page_private(pages[i], 0);
1166 page_add_new_anon_rmap(pages[i], vma, haddr, false);
1167 mem_cgroup_commit_charge(pages[i], memcg, false, false);
1168 lru_cache_add_active_or_unevictable(pages[i], vma);
1169 pte = pte_offset_map(&_pmd, haddr);
1170 VM_BUG_ON(!pte_none(*pte));
1171 set_pte_at(mm, haddr, pte, entry);
1176 smp_wmb(); /* make pte visible before pmd */
1177 pmd_populate(mm, pmd, pgtable);
1178 page_remove_rmap(page, true);
1181 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1183 ret |= VM_FAULT_WRITE;
1191 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1192 for (i = 0; i < HPAGE_PMD_NR; i++) {
1193 memcg = (void *)page_private(pages[i]);
1194 set_page_private(pages[i], 0);
1195 mem_cgroup_cancel_charge(pages[i], memcg, false);
1202 int do_huge_pmd_wp_page(struct mm_struct *mm, struct vm_area_struct *vma,
1203 unsigned long address, pmd_t *pmd, pmd_t orig_pmd)
1207 struct page *page = NULL, *new_page;
1208 struct mem_cgroup *memcg;
1209 unsigned long haddr;
1210 unsigned long mmun_start; /* For mmu_notifiers */
1211 unsigned long mmun_end; /* For mmu_notifiers */
1212 gfp_t huge_gfp; /* for allocation and charge */
1214 ptl = pmd_lockptr(mm, pmd);
1215 VM_BUG_ON_VMA(!vma->anon_vma, vma);
1216 haddr = address & HPAGE_PMD_MASK;
1217 if (is_huge_zero_pmd(orig_pmd))
1220 if (unlikely(!pmd_same(*pmd, orig_pmd)))
1223 page = pmd_page(orig_pmd);
1224 VM_BUG_ON_PAGE(!PageCompound(page) || !PageHead(page), page);
1226 * We can only reuse the page if nobody else maps the huge page or it's
1227 * part. We can do it by checking page_mapcount() on each sub-page, but
1229 * The cheaper way is to check page_count() to be equal 1: every
1230 * mapcount takes page reference reference, so this way we can
1231 * guarantee, that the PMD is the only mapping.
1232 * This can give false negative if somebody pinned the page, but that's
1235 if (page_mapcount(page) == 1 && page_count(page) == 1) {
1237 entry = pmd_mkyoung(orig_pmd);
1238 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1239 if (pmdp_set_access_flags(vma, haddr, pmd, entry, 1))
1240 update_mmu_cache_pmd(vma, address, pmd);
1241 ret |= VM_FAULT_WRITE;
1247 if (transparent_hugepage_enabled(vma) &&
1248 !transparent_hugepage_debug_cow()) {
1249 huge_gfp = alloc_hugepage_gfpmask(transparent_hugepage_defrag(vma), 0);
1250 new_page = alloc_hugepage_vma(huge_gfp, vma, haddr, HPAGE_PMD_ORDER);
1254 if (likely(new_page)) {
1255 prep_transhuge_page(new_page);
1258 split_huge_pmd(vma, pmd, address);
1259 ret |= VM_FAULT_FALLBACK;
1261 ret = do_huge_pmd_wp_page_fallback(mm, vma, address,
1262 pmd, orig_pmd, page, haddr);
1263 if (ret & VM_FAULT_OOM) {
1264 split_huge_pmd(vma, pmd, address);
1265 ret |= VM_FAULT_FALLBACK;
1269 count_vm_event(THP_FAULT_FALLBACK);
1273 if (unlikely(mem_cgroup_try_charge(new_page, mm, huge_gfp,
1277 split_huge_pmd(vma, pmd, address);
1280 split_huge_pmd(vma, pmd, address);
1281 ret |= VM_FAULT_FALLBACK;
1282 count_vm_event(THP_FAULT_FALLBACK);
1286 count_vm_event(THP_FAULT_ALLOC);
1289 clear_huge_page(new_page, haddr, HPAGE_PMD_NR);
1291 copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR);
1292 __SetPageUptodate(new_page);
1295 mmun_end = haddr + HPAGE_PMD_SIZE;
1296 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1301 if (unlikely(!pmd_same(*pmd, orig_pmd))) {
1303 mem_cgroup_cancel_charge(new_page, memcg, true);
1308 entry = mk_huge_pmd(new_page, vma->vm_page_prot);
1309 entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
1310 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1311 page_add_new_anon_rmap(new_page, vma, haddr, true);
1312 mem_cgroup_commit_charge(new_page, memcg, false, true);
1313 lru_cache_add_active_or_unevictable(new_page, vma);
1314 set_pmd_at(mm, haddr, pmd, entry);
1315 update_mmu_cache_pmd(vma, address, pmd);
1317 add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
1318 put_huge_zero_page();
1320 VM_BUG_ON_PAGE(!PageHead(page), page);
1321 page_remove_rmap(page, true);
1324 ret |= VM_FAULT_WRITE;
1328 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1336 struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
1341 struct mm_struct *mm = vma->vm_mm;
1342 struct page *page = NULL;
1344 assert_spin_locked(pmd_lockptr(mm, pmd));
1346 if (flags & FOLL_WRITE && !pmd_write(*pmd))
1349 /* Avoid dumping huge zero page */
1350 if ((flags & FOLL_DUMP) && is_huge_zero_pmd(*pmd))
1351 return ERR_PTR(-EFAULT);
1353 /* Full NUMA hinting faults to serialise migration in fault paths */
1354 if ((flags & FOLL_NUMA) && pmd_protnone(*pmd))
1357 page = pmd_page(*pmd);
1358 VM_BUG_ON_PAGE(!PageHead(page), page);
1359 if (flags & FOLL_TOUCH) {
1362 * We should set the dirty bit only for FOLL_WRITE but
1363 * for now the dirty bit in the pmd is meaningless.
1364 * And if the dirty bit will become meaningful and
1365 * we'll only set it with FOLL_WRITE, an atomic
1366 * set_bit will be required on the pmd to set the
1367 * young bit, instead of the current set_pmd_at.
1369 _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
1370 if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
1372 update_mmu_cache_pmd(vma, addr, pmd);
1374 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
1376 * We don't mlock() pte-mapped THPs. This way we can avoid
1377 * leaking mlocked pages into non-VM_LOCKED VMAs.
1379 * In most cases the pmd is the only mapping of the page as we
1380 * break COW for the mlock() -- see gup_flags |= FOLL_WRITE for
1381 * writable private mappings in populate_vma_page_range().
1383 * The only scenario when we have the page shared here is if we
1384 * mlocking read-only mapping shared over fork(). We skip
1385 * mlocking such pages.
1387 if (compound_mapcount(page) == 1 && !PageDoubleMap(page) &&
1388 page->mapping && trylock_page(page)) {
1391 mlock_vma_page(page);
1395 page += (addr & ~HPAGE_PMD_MASK) >> PAGE_SHIFT;
1396 VM_BUG_ON_PAGE(!PageCompound(page), page);
1397 if (flags & FOLL_GET)
1404 /* NUMA hinting page fault entry point for trans huge pmds */
1405 int do_huge_pmd_numa_page(struct mm_struct *mm, struct vm_area_struct *vma,
1406 unsigned long addr, pmd_t pmd, pmd_t *pmdp)
1409 struct anon_vma *anon_vma = NULL;
1411 unsigned long haddr = addr & HPAGE_PMD_MASK;
1412 int page_nid = -1, this_nid = numa_node_id();
1413 int target_nid, last_cpupid = -1;
1415 bool migrated = false;
1419 /* A PROT_NONE fault should not end up here */
1420 BUG_ON(!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE)));
1422 ptl = pmd_lock(mm, pmdp);
1423 if (unlikely(!pmd_same(pmd, *pmdp)))
1427 * If there are potential migrations, wait for completion and retry
1428 * without disrupting NUMA hinting information. Do not relock and
1429 * check_same as the page may no longer be mapped.
1431 if (unlikely(pmd_trans_migrating(*pmdp))) {
1432 page = pmd_page(*pmdp);
1434 wait_on_page_locked(page);
1438 page = pmd_page(pmd);
1439 BUG_ON(is_huge_zero_page(page));
1440 page_nid = page_to_nid(page);
1441 last_cpupid = page_cpupid_last(page);
1442 count_vm_numa_event(NUMA_HINT_FAULTS);
1443 if (page_nid == this_nid) {
1444 count_vm_numa_event(NUMA_HINT_FAULTS_LOCAL);
1445 flags |= TNF_FAULT_LOCAL;
1448 /* See similar comment in do_numa_page for explanation */
1449 if (!(vma->vm_flags & VM_WRITE))
1450 flags |= TNF_NO_GROUP;
1453 * Acquire the page lock to serialise THP migrations but avoid dropping
1454 * page_table_lock if at all possible
1456 page_locked = trylock_page(page);
1457 target_nid = mpol_misplaced(page, vma, haddr);
1458 if (target_nid == -1) {
1459 /* If the page was locked, there are no parallel migrations */
1464 /* Migration could have started since the pmd_trans_migrating check */
1467 wait_on_page_locked(page);
1473 * Page is misplaced. Page lock serialises migrations. Acquire anon_vma
1474 * to serialises splits
1478 anon_vma = page_lock_anon_vma_read(page);
1480 /* Confirm the PMD did not change while page_table_lock was released */
1482 if (unlikely(!pmd_same(pmd, *pmdp))) {
1489 /* Bail if we fail to protect against THP splits for any reason */
1490 if (unlikely(!anon_vma)) {
1497 * Migrate the THP to the requested node, returns with page unlocked
1498 * and access rights restored.
1501 migrated = migrate_misplaced_transhuge_page(mm, vma,
1502 pmdp, pmd, addr, page, target_nid);
1504 flags |= TNF_MIGRATED;
1505 page_nid = target_nid;
1507 flags |= TNF_MIGRATE_FAIL;
1511 BUG_ON(!PageLocked(page));
1512 was_writable = pmd_write(pmd);
1513 pmd = pmd_modify(pmd, vma->vm_page_prot);
1514 pmd = pmd_mkyoung(pmd);
1516 pmd = pmd_mkwrite(pmd);
1517 set_pmd_at(mm, haddr, pmdp, pmd);
1518 update_mmu_cache_pmd(vma, addr, pmdp);
1525 page_unlock_anon_vma_read(anon_vma);
1528 task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, flags);
1533 int madvise_free_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1534 pmd_t *pmd, unsigned long addr)
1538 struct mm_struct *mm = tlb->mm;
1541 if (pmd_trans_huge_lock(pmd, vma, &ptl) == 1) {
1545 if (is_huge_zero_pmd(*pmd))
1548 orig_pmd = pmdp_huge_get_and_clear(mm, addr, pmd);
1550 /* No hugepage in swapcache */
1551 page = pmd_page(orig_pmd);
1552 VM_BUG_ON_PAGE(PageSwapCache(page), page);
1554 orig_pmd = pmd_mkold(orig_pmd);
1555 orig_pmd = pmd_mkclean(orig_pmd);
1557 set_pmd_at(mm, addr, pmd, orig_pmd);
1558 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1567 int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
1568 pmd_t *pmd, unsigned long addr)
1573 if (!__pmd_trans_huge_lock(pmd, vma, &ptl))
1576 * For architectures like ppc64 we look at deposited pgtable
1577 * when calling pmdp_huge_get_and_clear. So do the
1578 * pgtable_trans_huge_withdraw after finishing pmdp related
1581 orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd,
1583 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
1584 if (vma_is_dax(vma)) {
1586 if (is_huge_zero_pmd(orig_pmd))
1587 put_huge_zero_page();
1588 } else if (is_huge_zero_pmd(orig_pmd)) {
1589 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1590 atomic_long_dec(&tlb->mm->nr_ptes);
1592 put_huge_zero_page();
1594 struct page *page = pmd_page(orig_pmd);
1595 page_remove_rmap(page, true);
1596 VM_BUG_ON_PAGE(page_mapcount(page) < 0, page);
1597 add_mm_counter(tlb->mm, MM_ANONPAGES, -HPAGE_PMD_NR);
1598 VM_BUG_ON_PAGE(!PageHead(page), page);
1599 pte_free(tlb->mm, pgtable_trans_huge_withdraw(tlb->mm, pmd));
1600 atomic_long_dec(&tlb->mm->nr_ptes);
1602 tlb_remove_page(tlb, page);
1607 bool move_huge_pmd(struct vm_area_struct *vma, struct vm_area_struct *new_vma,
1608 unsigned long old_addr,
1609 unsigned long new_addr, unsigned long old_end,
1610 pmd_t *old_pmd, pmd_t *new_pmd)
1612 spinlock_t *old_ptl, *new_ptl;
1615 struct mm_struct *mm = vma->vm_mm;
1617 if ((old_addr & ~HPAGE_PMD_MASK) ||
1618 (new_addr & ~HPAGE_PMD_MASK) ||
1619 old_end - old_addr < HPAGE_PMD_SIZE ||
1620 (new_vma->vm_flags & VM_NOHUGEPAGE))
1624 * The destination pmd shouldn't be established, free_pgtables()
1625 * should have release it.
1627 if (WARN_ON(!pmd_none(*new_pmd))) {
1628 VM_BUG_ON(pmd_trans_huge(*new_pmd));
1633 * We don't have to worry about the ordering of src and dst
1634 * ptlocks because exclusive mmap_sem prevents deadlock.
1636 if (__pmd_trans_huge_lock(old_pmd, vma, &old_ptl)) {
1637 new_ptl = pmd_lockptr(mm, new_pmd);
1638 if (new_ptl != old_ptl)
1639 spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING);
1640 pmd = pmdp_huge_get_and_clear(mm, old_addr, old_pmd);
1641 VM_BUG_ON(!pmd_none(*new_pmd));
1643 if (pmd_move_must_withdraw(new_ptl, old_ptl)) {
1645 pgtable = pgtable_trans_huge_withdraw(mm, old_pmd);
1646 pgtable_trans_huge_deposit(mm, new_pmd, pgtable);
1648 set_pmd_at(mm, new_addr, new_pmd, pmd_mksoft_dirty(pmd));
1649 if (new_ptl != old_ptl)
1650 spin_unlock(new_ptl);
1651 spin_unlock(old_ptl);
1659 * - 0 if PMD could not be locked
1660 * - 1 if PMD was locked but protections unchange and TLB flush unnecessary
1661 * - HPAGE_PMD_NR is protections changed and TLB flush necessary
1663 int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
1664 unsigned long addr, pgprot_t newprot, int prot_numa)
1666 struct mm_struct *mm = vma->vm_mm;
1670 if (__pmd_trans_huge_lock(pmd, vma, &ptl)) {
1672 bool preserve_write = prot_numa && pmd_write(*pmd);
1676 * Avoid trapping faults against the zero page. The read-only
1677 * data is likely to be read-cached on the local CPU and
1678 * local/remote hits to the zero page are not interesting.
1680 if (prot_numa && is_huge_zero_pmd(*pmd)) {
1685 if (!prot_numa || !pmd_protnone(*pmd)) {
1686 entry = pmdp_huge_get_and_clear_notify(mm, addr, pmd);
1687 entry = pmd_modify(entry, newprot);
1689 entry = pmd_mkwrite(entry);
1691 set_pmd_at(mm, addr, pmd, entry);
1692 BUG_ON(!preserve_write && pmd_write(entry));
1701 * Returns true if a given pmd maps a thp, false otherwise.
1703 * Note that if it returns true, this routine returns without unlocking page
1704 * table lock. So callers must unlock it.
1706 bool __pmd_trans_huge_lock(pmd_t *pmd, struct vm_area_struct *vma,
1709 *ptl = pmd_lock(vma->vm_mm, pmd);
1710 if (likely(pmd_trans_huge(*pmd)))
1717 * This function returns whether a given @page is mapped onto the @address
1718 * in the virtual space of @mm.
1720 * When it's true, this function returns *pmd with holding the page table lock
1721 * and passing it back to the caller via @ptl.
1722 * If it's false, returns NULL without holding the page table lock.
1724 pmd_t *page_check_address_pmd(struct page *page,
1725 struct mm_struct *mm,
1726 unsigned long address,
1733 if (address & ~HPAGE_PMD_MASK)
1736 pgd = pgd_offset(mm, address);
1737 if (!pgd_present(*pgd))
1739 pud = pud_offset(pgd, address);
1740 if (!pud_present(*pud))
1742 pmd = pmd_offset(pud, address);
1744 *ptl = pmd_lock(mm, pmd);
1745 if (!pmd_present(*pmd))
1747 if (pmd_page(*pmd) != page)
1749 if (pmd_trans_huge(*pmd))
1756 #define VM_NO_THP (VM_SPECIAL | VM_HUGETLB | VM_SHARED | VM_MAYSHARE)
1758 int hugepage_madvise(struct vm_area_struct *vma,
1759 unsigned long *vm_flags, int advice)
1765 * qemu blindly sets MADV_HUGEPAGE on all allocations, but s390
1766 * can't handle this properly after s390_enable_sie, so we simply
1767 * ignore the madvise to prevent qemu from causing a SIGSEGV.
1769 if (mm_has_pgste(vma->vm_mm))
1773 * Be somewhat over-protective like KSM for now!
1775 if (*vm_flags & (VM_HUGEPAGE | VM_NO_THP))
1777 *vm_flags &= ~VM_NOHUGEPAGE;
1778 *vm_flags |= VM_HUGEPAGE;
1780 * If the vma become good for khugepaged to scan,
1781 * register it here without waiting a page fault that
1782 * may not happen any time soon.
1784 if (unlikely(khugepaged_enter_vma_merge(vma, *vm_flags)))
1787 case MADV_NOHUGEPAGE:
1789 * Be somewhat over-protective like KSM for now!
1791 if (*vm_flags & (VM_NOHUGEPAGE | VM_NO_THP))
1793 *vm_flags &= ~VM_HUGEPAGE;
1794 *vm_flags |= VM_NOHUGEPAGE;
1796 * Setting VM_NOHUGEPAGE will prevent khugepaged from scanning
1797 * this vma even if we leave the mm registered in khugepaged if
1798 * it got registered before VM_NOHUGEPAGE was set.
1806 static int __init khugepaged_slab_init(void)
1808 mm_slot_cache = kmem_cache_create("khugepaged_mm_slot",
1809 sizeof(struct mm_slot),
1810 __alignof__(struct mm_slot), 0, NULL);
1817 static void __init khugepaged_slab_exit(void)
1819 kmem_cache_destroy(mm_slot_cache);
1822 static inline struct mm_slot *alloc_mm_slot(void)
1824 if (!mm_slot_cache) /* initialization failed */
1826 return kmem_cache_zalloc(mm_slot_cache, GFP_KERNEL);
1829 static inline void free_mm_slot(struct mm_slot *mm_slot)
1831 kmem_cache_free(mm_slot_cache, mm_slot);
1834 static struct mm_slot *get_mm_slot(struct mm_struct *mm)
1836 struct mm_slot *mm_slot;
1838 hash_for_each_possible(mm_slots_hash, mm_slot, hash, (unsigned long)mm)
1839 if (mm == mm_slot->mm)
1845 static void insert_to_mm_slots_hash(struct mm_struct *mm,
1846 struct mm_slot *mm_slot)
1849 hash_add(mm_slots_hash, &mm_slot->hash, (long)mm);
1852 static inline int khugepaged_test_exit(struct mm_struct *mm)
1854 return atomic_read(&mm->mm_users) == 0;
1857 int __khugepaged_enter(struct mm_struct *mm)
1859 struct mm_slot *mm_slot;
1862 mm_slot = alloc_mm_slot();
1866 /* __khugepaged_exit() must not run from under us */
1867 VM_BUG_ON_MM(khugepaged_test_exit(mm), mm);
1868 if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags))) {
1869 free_mm_slot(mm_slot);
1873 spin_lock(&khugepaged_mm_lock);
1874 insert_to_mm_slots_hash(mm, mm_slot);
1876 * Insert just behind the scanning cursor, to let the area settle
1879 wakeup = list_empty(&khugepaged_scan.mm_head);
1880 list_add_tail(&mm_slot->mm_node, &khugepaged_scan.mm_head);
1881 spin_unlock(&khugepaged_mm_lock);
1883 atomic_inc(&mm->mm_count);
1885 wake_up_interruptible(&khugepaged_wait);
1890 int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
1891 unsigned long vm_flags)
1893 unsigned long hstart, hend;
1896 * Not yet faulted in so we will register later in the
1897 * page fault if needed.
1901 /* khugepaged not yet working on file or special mappings */
1903 VM_BUG_ON_VMA(vm_flags & VM_NO_THP, vma);
1904 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
1905 hend = vma->vm_end & HPAGE_PMD_MASK;
1907 return khugepaged_enter(vma, vm_flags);
1911 void __khugepaged_exit(struct mm_struct *mm)
1913 struct mm_slot *mm_slot;
1916 spin_lock(&khugepaged_mm_lock);
1917 mm_slot = get_mm_slot(mm);
1918 if (mm_slot && khugepaged_scan.mm_slot != mm_slot) {
1919 hash_del(&mm_slot->hash);
1920 list_del(&mm_slot->mm_node);
1923 spin_unlock(&khugepaged_mm_lock);
1926 clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
1927 free_mm_slot(mm_slot);
1929 } else if (mm_slot) {
1931 * This is required to serialize against
1932 * khugepaged_test_exit() (which is guaranteed to run
1933 * under mmap sem read mode). Stop here (after we
1934 * return all pagetables will be destroyed) until
1935 * khugepaged has finished working on the pagetables
1936 * under the mmap_sem.
1938 down_write(&mm->mmap_sem);
1939 up_write(&mm->mmap_sem);
1943 static void release_pte_page(struct page *page)
1945 /* 0 stands for page_is_file_cache(page) == false */
1946 dec_zone_page_state(page, NR_ISOLATED_ANON + 0);
1948 putback_lru_page(page);
1951 static void release_pte_pages(pte_t *pte, pte_t *_pte)
1953 while (--_pte >= pte) {
1954 pte_t pteval = *_pte;
1955 if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)))
1956 release_pte_page(pte_page(pteval));
1960 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
1961 unsigned long address,
1964 struct page *page = NULL;
1966 int none_or_zero = 0, result = 0;
1967 bool referenced = false, writable = false;
1969 for (_pte = pte; _pte < pte+HPAGE_PMD_NR;
1970 _pte++, address += PAGE_SIZE) {
1971 pte_t pteval = *_pte;
1972 if (pte_none(pteval) || (pte_present(pteval) &&
1973 is_zero_pfn(pte_pfn(pteval)))) {
1974 if (!userfaultfd_armed(vma) &&
1975 ++none_or_zero <= khugepaged_max_ptes_none) {
1978 result = SCAN_EXCEED_NONE_PTE;
1982 if (!pte_present(pteval)) {
1983 result = SCAN_PTE_NON_PRESENT;
1986 page = vm_normal_page(vma, address, pteval);
1987 if (unlikely(!page)) {
1988 result = SCAN_PAGE_NULL;
1992 VM_BUG_ON_PAGE(PageCompound(page), page);
1993 VM_BUG_ON_PAGE(!PageAnon(page), page);
1994 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
1997 * We can do it before isolate_lru_page because the
1998 * page can't be freed from under us. NOTE: PG_lock
1999 * is needed to serialize against split_huge_page
2000 * when invoked from the VM.
2002 if (!trylock_page(page)) {
2003 result = SCAN_PAGE_LOCK;
2008 * cannot use mapcount: can't collapse if there's a gup pin.
2009 * The page must only be referenced by the scanned process
2010 * and page swap cache.
2012 if (page_count(page) != 1 + !!PageSwapCache(page)) {
2014 result = SCAN_PAGE_COUNT;
2017 if (pte_write(pteval)) {
2020 if (PageSwapCache(page) && !reuse_swap_page(page)) {
2022 result = SCAN_SWAP_CACHE_PAGE;
2026 * Page is not in the swap cache. It can be collapsed
2032 * Isolate the page to avoid collapsing an hugepage
2033 * currently in use by the VM.
2035 if (isolate_lru_page(page)) {
2037 result = SCAN_DEL_PAGE_LRU;
2040 /* 0 stands for page_is_file_cache(page) == false */
2041 inc_zone_page_state(page, NR_ISOLATED_ANON + 0);
2042 VM_BUG_ON_PAGE(!PageLocked(page), page);
2043 VM_BUG_ON_PAGE(PageLRU(page), page);
2045 /* If there is no mapped pte young don't collapse the page */
2046 if (pte_young(pteval) ||
2047 page_is_young(page) || PageReferenced(page) ||
2048 mmu_notifier_test_young(vma->vm_mm, address))
2051 if (likely(writable)) {
2052 if (likely(referenced)) {
2053 result = SCAN_SUCCEED;
2054 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2055 referenced, writable, result);
2059 result = SCAN_PAGE_RO;
2063 release_pte_pages(pte, _pte);
2064 trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
2065 referenced, writable, result);
2069 static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
2070 struct vm_area_struct *vma,
2071 unsigned long address,
2075 for (_pte = pte; _pte < pte+HPAGE_PMD_NR; _pte++) {
2076 pte_t pteval = *_pte;
2077 struct page *src_page;
2079 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2080 clear_user_highpage(page, address);
2081 add_mm_counter(vma->vm_mm, MM_ANONPAGES, 1);
2082 if (is_zero_pfn(pte_pfn(pteval))) {
2084 * ptl mostly unnecessary.
2088 * paravirt calls inside pte_clear here are
2091 pte_clear(vma->vm_mm, address, _pte);
2095 src_page = pte_page(pteval);
2096 copy_user_highpage(page, src_page, address, vma);
2097 VM_BUG_ON_PAGE(page_mapcount(src_page) != 1, src_page);
2098 release_pte_page(src_page);
2100 * ptl mostly unnecessary, but preempt has to
2101 * be disabled to update the per-cpu stats
2102 * inside page_remove_rmap().
2106 * paravirt calls inside pte_clear here are
2109 pte_clear(vma->vm_mm, address, _pte);
2110 page_remove_rmap(src_page, false);
2112 free_page_and_swap_cache(src_page);
2115 address += PAGE_SIZE;
2120 static void khugepaged_alloc_sleep(void)
2124 add_wait_queue(&khugepaged_wait, &wait);
2125 freezable_schedule_timeout_interruptible(
2126 msecs_to_jiffies(khugepaged_alloc_sleep_millisecs));
2127 remove_wait_queue(&khugepaged_wait, &wait);
2130 static int khugepaged_node_load[MAX_NUMNODES];
2132 static bool khugepaged_scan_abort(int nid)
2137 * If zone_reclaim_mode is disabled, then no extra effort is made to
2138 * allocate memory locally.
2140 if (!zone_reclaim_mode)
2143 /* If there is a count for this node already, it must be acceptable */
2144 if (khugepaged_node_load[nid])
2147 for (i = 0; i < MAX_NUMNODES; i++) {
2148 if (!khugepaged_node_load[i])
2150 if (node_distance(nid, i) > RECLAIM_DISTANCE)
2157 static int khugepaged_find_target_node(void)
2159 static int last_khugepaged_target_node = NUMA_NO_NODE;
2160 int nid, target_node = 0, max_value = 0;
2162 /* find first node with max normal pages hit */
2163 for (nid = 0; nid < MAX_NUMNODES; nid++)
2164 if (khugepaged_node_load[nid] > max_value) {
2165 max_value = khugepaged_node_load[nid];
2169 /* do some balance if several nodes have the same hit record */
2170 if (target_node <= last_khugepaged_target_node)
2171 for (nid = last_khugepaged_target_node + 1; nid < MAX_NUMNODES;
2173 if (max_value == khugepaged_node_load[nid]) {
2178 last_khugepaged_target_node = target_node;
2182 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2184 if (IS_ERR(*hpage)) {
2190 khugepaged_alloc_sleep();
2191 } else if (*hpage) {
2199 static struct page *
2200 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2201 struct vm_area_struct *vma, unsigned long address,
2204 VM_BUG_ON_PAGE(*hpage, *hpage);
2207 * Before allocating the hugepage, release the mmap_sem read lock.
2208 * The allocation can take potentially a long time if it involves
2209 * sync compaction, and we do not need to hold the mmap_sem during
2210 * that. We will recheck the vma after taking it again in write mode.
2212 up_read(&mm->mmap_sem);
2214 *hpage = __alloc_pages_node(node, gfp, HPAGE_PMD_ORDER);
2215 if (unlikely(!*hpage)) {
2216 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2217 *hpage = ERR_PTR(-ENOMEM);
2221 prep_transhuge_page(*hpage);
2222 count_vm_event(THP_COLLAPSE_ALLOC);
2226 static int khugepaged_find_target_node(void)
2231 static inline struct page *alloc_hugepage(int defrag)
2235 page = alloc_pages(alloc_hugepage_gfpmask(defrag, 0), HPAGE_PMD_ORDER);
2237 prep_transhuge_page(page);
2241 static struct page *khugepaged_alloc_hugepage(bool *wait)
2246 hpage = alloc_hugepage(khugepaged_defrag());
2248 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
2253 khugepaged_alloc_sleep();
2255 count_vm_event(THP_COLLAPSE_ALLOC);
2256 } while (unlikely(!hpage) && likely(khugepaged_enabled()));
2261 static bool khugepaged_prealloc_page(struct page **hpage, bool *wait)
2264 *hpage = khugepaged_alloc_hugepage(wait);
2266 if (unlikely(!*hpage))
2272 static struct page *
2273 khugepaged_alloc_page(struct page **hpage, gfp_t gfp, struct mm_struct *mm,
2274 struct vm_area_struct *vma, unsigned long address,
2277 up_read(&mm->mmap_sem);
2284 static bool hugepage_vma_check(struct vm_area_struct *vma)
2286 if ((!(vma->vm_flags & VM_HUGEPAGE) && !khugepaged_always()) ||
2287 (vma->vm_flags & VM_NOHUGEPAGE))
2289 if (!vma->anon_vma || vma->vm_ops)
2291 if (is_vma_temporary_stack(vma))
2293 VM_BUG_ON_VMA(vma->vm_flags & VM_NO_THP, vma);
2298 * Bring missing pages in from swap, to complete THP collapse.
2299 * Only done if khugepaged_scan_pmd believes it is worthwhile.
2301 * Called and returns without pte mapped or spinlocks held,
2302 * but with mmap_sem held to protect against vma changes.
2305 static void __collapse_huge_page_swapin(struct mm_struct *mm,
2306 struct vm_area_struct *vma,
2307 unsigned long address, pmd_t *pmd)
2309 unsigned long _address;
2311 int swapped_in = 0, ret = 0;
2313 pte = pte_offset_map(pmd, address);
2314 for (_address = address; _address < address + HPAGE_PMD_NR*PAGE_SIZE;
2315 pte++, _address += PAGE_SIZE) {
2317 if (!is_swap_pte(pteval))
2320 ret = do_swap_page(mm, vma, _address, pte, pmd,
2321 FAULT_FLAG_ALLOW_RETRY|FAULT_FLAG_RETRY_NOWAIT,
2323 if (ret & VM_FAULT_ERROR) {
2324 trace_mm_collapse_huge_page_swapin(mm, swapped_in, 0);
2327 /* pte is unmapped now, we need to map it */
2328 pte = pte_offset_map(pmd, _address);
2332 trace_mm_collapse_huge_page_swapin(mm, swapped_in, 1);
2335 static void collapse_huge_page(struct mm_struct *mm,
2336 unsigned long address,
2337 struct page **hpage,
2338 struct vm_area_struct *vma,
2344 struct page *new_page;
2345 spinlock_t *pmd_ptl, *pte_ptl;
2346 int isolated = 0, result = 0;
2347 unsigned long hstart, hend;
2348 struct mem_cgroup *memcg;
2349 unsigned long mmun_start; /* For mmu_notifiers */
2350 unsigned long mmun_end; /* For mmu_notifiers */
2353 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2355 /* Only allocate from the target node */
2356 gfp = alloc_hugepage_gfpmask(khugepaged_defrag(), __GFP_OTHER_NODE) |
2359 /* release the mmap_sem read lock. */
2360 new_page = khugepaged_alloc_page(hpage, gfp, mm, vma, address, node);
2362 result = SCAN_ALLOC_HUGE_PAGE_FAIL;
2366 if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
2367 result = SCAN_CGROUP_CHARGE_FAIL;
2372 * Prevent all access to pagetables with the exception of
2373 * gup_fast later hanlded by the ptep_clear_flush and the VM
2374 * handled by the anon_vma lock + PG_lock.
2376 down_write(&mm->mmap_sem);
2377 if (unlikely(khugepaged_test_exit(mm))) {
2378 result = SCAN_ANY_PROCESS;
2382 vma = find_vma(mm, address);
2384 result = SCAN_VMA_NULL;
2387 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2388 hend = vma->vm_end & HPAGE_PMD_MASK;
2389 if (address < hstart || address + HPAGE_PMD_SIZE > hend) {
2390 result = SCAN_ADDRESS_RANGE;
2393 if (!hugepage_vma_check(vma)) {
2394 result = SCAN_VMA_CHECK;
2397 pmd = mm_find_pmd(mm, address);
2399 result = SCAN_PMD_NULL;
2403 __collapse_huge_page_swapin(mm, vma, address, pmd);
2405 anon_vma_lock_write(vma->anon_vma);
2407 pte = pte_offset_map(pmd, address);
2408 pte_ptl = pte_lockptr(mm, pmd);
2410 mmun_start = address;
2411 mmun_end = address + HPAGE_PMD_SIZE;
2412 mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
2413 pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
2415 * After this gup_fast can't run anymore. This also removes
2416 * any huge TLB entry from the CPU so we won't allow
2417 * huge and small TLB entries for the same virtual address
2418 * to avoid the risk of CPU bugs in that area.
2420 _pmd = pmdp_collapse_flush(vma, address, pmd);
2421 spin_unlock(pmd_ptl);
2422 mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
2425 isolated = __collapse_huge_page_isolate(vma, address, pte);
2426 spin_unlock(pte_ptl);
2428 if (unlikely(!isolated)) {
2431 BUG_ON(!pmd_none(*pmd));
2433 * We can only use set_pmd_at when establishing
2434 * hugepmds and never for establishing regular pmds that
2435 * points to regular pagetables. Use pmd_populate for that
2437 pmd_populate(mm, pmd, pmd_pgtable(_pmd));
2438 spin_unlock(pmd_ptl);
2439 anon_vma_unlock_write(vma->anon_vma);
2445 * All pages are isolated and locked so anon_vma rmap
2446 * can't run anymore.
2448 anon_vma_unlock_write(vma->anon_vma);
2450 __collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl);
2452 __SetPageUptodate(new_page);
2453 pgtable = pmd_pgtable(_pmd);
2455 _pmd = mk_huge_pmd(new_page, vma->vm_page_prot);
2456 _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
2459 * spin_lock() below is not the equivalent of smp_wmb(), so
2460 * this is needed to avoid the copy_huge_page writes to become
2461 * visible after the set_pmd_at() write.
2466 BUG_ON(!pmd_none(*pmd));
2467 page_add_new_anon_rmap(new_page, vma, address, true);
2468 mem_cgroup_commit_charge(new_page, memcg, false, true);
2469 lru_cache_add_active_or_unevictable(new_page, vma);
2470 pgtable_trans_huge_deposit(mm, pmd, pgtable);
2471 set_pmd_at(mm, address, pmd, _pmd);
2472 update_mmu_cache_pmd(vma, address, pmd);
2473 spin_unlock(pmd_ptl);
2477 khugepaged_pages_collapsed++;
2478 result = SCAN_SUCCEED;
2480 up_write(&mm->mmap_sem);
2482 trace_mm_collapse_huge_page(mm, isolated, result);
2485 mem_cgroup_cancel_charge(new_page, memcg, true);
2489 static int khugepaged_scan_pmd(struct mm_struct *mm,
2490 struct vm_area_struct *vma,
2491 unsigned long address,
2492 struct page **hpage)
2496 int ret = 0, none_or_zero = 0, result = 0;
2497 struct page *page = NULL;
2498 unsigned long _address;
2500 int node = NUMA_NO_NODE, unmapped = 0;
2501 bool writable = false, referenced = false;
2503 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
2505 pmd = mm_find_pmd(mm, address);
2507 result = SCAN_PMD_NULL;
2511 memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
2512 pte = pte_offset_map_lock(mm, pmd, address, &ptl);
2513 for (_address = address, _pte = pte; _pte < pte+HPAGE_PMD_NR;
2514 _pte++, _address += PAGE_SIZE) {
2515 pte_t pteval = *_pte;
2516 if (is_swap_pte(pteval)) {
2517 if (++unmapped <= khugepaged_max_ptes_swap) {
2520 result = SCAN_EXCEED_SWAP_PTE;
2524 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
2525 if (!userfaultfd_armed(vma) &&
2526 ++none_or_zero <= khugepaged_max_ptes_none) {
2529 result = SCAN_EXCEED_NONE_PTE;
2533 if (!pte_present(pteval)) {
2534 result = SCAN_PTE_NON_PRESENT;
2537 if (pte_write(pteval))
2540 page = vm_normal_page(vma, _address, pteval);
2541 if (unlikely(!page)) {
2542 result = SCAN_PAGE_NULL;
2546 /* TODO: teach khugepaged to collapse THP mapped with pte */
2547 if (PageCompound(page)) {
2548 result = SCAN_PAGE_COMPOUND;
2553 * Record which node the original page is from and save this
2554 * information to khugepaged_node_load[].
2555 * Khupaged will allocate hugepage from the node has the max
2558 node = page_to_nid(page);
2559 if (khugepaged_scan_abort(node)) {
2560 result = SCAN_SCAN_ABORT;
2563 khugepaged_node_load[node]++;
2564 if (!PageLRU(page)) {
2565 result = SCAN_SCAN_ABORT;
2568 if (PageLocked(page)) {
2569 result = SCAN_PAGE_LOCK;
2572 if (!PageAnon(page)) {
2573 result = SCAN_PAGE_ANON;
2578 * cannot use mapcount: can't collapse if there's a gup pin.
2579 * The page must only be referenced by the scanned process
2580 * and page swap cache.
2582 if (page_count(page) != 1 + !!PageSwapCache(page)) {
2583 result = SCAN_PAGE_COUNT;
2586 if (pte_young(pteval) ||
2587 page_is_young(page) || PageReferenced(page) ||
2588 mmu_notifier_test_young(vma->vm_mm, address))
2593 result = SCAN_SUCCEED;
2596 result = SCAN_NO_REFERENCED_PAGE;
2599 result = SCAN_PAGE_RO;
2602 pte_unmap_unlock(pte, ptl);
2604 node = khugepaged_find_target_node();
2605 /* collapse_huge_page will return with the mmap_sem released */
2606 collapse_huge_page(mm, address, hpage, vma, node);
2609 trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
2610 none_or_zero, result, unmapped);
2614 static void collect_mm_slot(struct mm_slot *mm_slot)
2616 struct mm_struct *mm = mm_slot->mm;
2618 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2620 if (khugepaged_test_exit(mm)) {
2622 hash_del(&mm_slot->hash);
2623 list_del(&mm_slot->mm_node);
2626 * Not strictly needed because the mm exited already.
2628 * clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
2631 /* khugepaged_mm_lock actually not necessary for the below */
2632 free_mm_slot(mm_slot);
2637 static unsigned int khugepaged_scan_mm_slot(unsigned int pages,
2638 struct page **hpage)
2639 __releases(&khugepaged_mm_lock)
2640 __acquires(&khugepaged_mm_lock)
2642 struct mm_slot *mm_slot;
2643 struct mm_struct *mm;
2644 struct vm_area_struct *vma;
2648 VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2650 if (khugepaged_scan.mm_slot)
2651 mm_slot = khugepaged_scan.mm_slot;
2653 mm_slot = list_entry(khugepaged_scan.mm_head.next,
2654 struct mm_slot, mm_node);
2655 khugepaged_scan.address = 0;
2656 khugepaged_scan.mm_slot = mm_slot;
2658 spin_unlock(&khugepaged_mm_lock);
2661 down_read(&mm->mmap_sem);
2662 if (unlikely(khugepaged_test_exit(mm)))
2665 vma = find_vma(mm, khugepaged_scan.address);
2668 for (; vma; vma = vma->vm_next) {
2669 unsigned long hstart, hend;
2672 if (unlikely(khugepaged_test_exit(mm))) {
2676 if (!hugepage_vma_check(vma)) {
2681 hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2682 hend = vma->vm_end & HPAGE_PMD_MASK;
2685 if (khugepaged_scan.address > hend)
2687 if (khugepaged_scan.address < hstart)
2688 khugepaged_scan.address = hstart;
2689 VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2691 while (khugepaged_scan.address < hend) {
2694 if (unlikely(khugepaged_test_exit(mm)))
2695 goto breakouterloop;
2697 VM_BUG_ON(khugepaged_scan.address < hstart ||
2698 khugepaged_scan.address + HPAGE_PMD_SIZE >
2700 ret = khugepaged_scan_pmd(mm, vma,
2701 khugepaged_scan.address,
2703 /* move to next address */
2704 khugepaged_scan.address += HPAGE_PMD_SIZE;
2705 progress += HPAGE_PMD_NR;
2707 /* we released mmap_sem so break loop */
2708 goto breakouterloop_mmap_sem;
2709 if (progress >= pages)
2710 goto breakouterloop;
2714 up_read(&mm->mmap_sem); /* exit_mmap will destroy ptes after this */
2715 breakouterloop_mmap_sem:
2717 spin_lock(&khugepaged_mm_lock);
2718 VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
2720 * Release the current mm_slot if this mm is about to die, or
2721 * if we scanned all vmas of this mm.
2723 if (khugepaged_test_exit(mm) || !vma) {
2725 * Make sure that if mm_users is reaching zero while
2726 * khugepaged runs here, khugepaged_exit will find
2727 * mm_slot not pointing to the exiting mm.
2729 if (mm_slot->mm_node.next != &khugepaged_scan.mm_head) {
2730 khugepaged_scan.mm_slot = list_entry(
2731 mm_slot->mm_node.next,
2732 struct mm_slot, mm_node);
2733 khugepaged_scan.address = 0;
2735 khugepaged_scan.mm_slot = NULL;
2736 khugepaged_full_scans++;
2739 collect_mm_slot(mm_slot);
2745 static int khugepaged_has_work(void)
2747 return !list_empty(&khugepaged_scan.mm_head) &&
2748 khugepaged_enabled();
2751 static int khugepaged_wait_event(void)
2753 return !list_empty(&khugepaged_scan.mm_head) ||
2754 kthread_should_stop();
2757 static void khugepaged_do_scan(void)
2759 struct page *hpage = NULL;
2760 unsigned int progress = 0, pass_through_head = 0;
2761 unsigned int pages = khugepaged_pages_to_scan;
2764 barrier(); /* write khugepaged_pages_to_scan to local stack */
2766 while (progress < pages) {
2767 if (!khugepaged_prealloc_page(&hpage, &wait))
2772 if (unlikely(kthread_should_stop() || try_to_freeze()))
2775 spin_lock(&khugepaged_mm_lock);
2776 if (!khugepaged_scan.mm_slot)
2777 pass_through_head++;
2778 if (khugepaged_has_work() &&
2779 pass_through_head < 2)
2780 progress += khugepaged_scan_mm_slot(pages - progress,
2784 spin_unlock(&khugepaged_mm_lock);
2787 if (!IS_ERR_OR_NULL(hpage))
2791 static void khugepaged_wait_work(void)
2793 if (khugepaged_has_work()) {
2794 if (!khugepaged_scan_sleep_millisecs)
2797 wait_event_freezable_timeout(khugepaged_wait,
2798 kthread_should_stop(),
2799 msecs_to_jiffies(khugepaged_scan_sleep_millisecs));
2803 if (khugepaged_enabled())
2804 wait_event_freezable(khugepaged_wait, khugepaged_wait_event());
2807 static int khugepaged(void *none)
2809 struct mm_slot *mm_slot;
2812 set_user_nice(current, MAX_NICE);
2814 while (!kthread_should_stop()) {
2815 khugepaged_do_scan();
2816 khugepaged_wait_work();
2819 spin_lock(&khugepaged_mm_lock);
2820 mm_slot = khugepaged_scan.mm_slot;
2821 khugepaged_scan.mm_slot = NULL;
2823 collect_mm_slot(mm_slot);
2824 spin_unlock(&khugepaged_mm_lock);
2828 static void __split_huge_zero_page_pmd(struct vm_area_struct *vma,
2829 unsigned long haddr, pmd_t *pmd)
2831 struct mm_struct *mm = vma->vm_mm;
2836 /* leave pmd empty until pte is filled */
2837 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2839 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2840 pmd_populate(mm, &_pmd, pgtable);
2842 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2844 entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot);
2845 entry = pte_mkspecial(entry);
2846 pte = pte_offset_map(&_pmd, haddr);
2847 VM_BUG_ON(!pte_none(*pte));
2848 set_pte_at(mm, haddr, pte, entry);
2851 smp_wmb(); /* make pte visible before pmd */
2852 pmd_populate(mm, pmd, pgtable);
2853 put_huge_zero_page();
2856 static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
2857 unsigned long haddr, bool freeze)
2859 struct mm_struct *mm = vma->vm_mm;
2866 VM_BUG_ON(haddr & ~HPAGE_PMD_MASK);
2867 VM_BUG_ON_VMA(vma->vm_start > haddr, vma);
2868 VM_BUG_ON_VMA(vma->vm_end < haddr + HPAGE_PMD_SIZE, vma);
2869 VM_BUG_ON(!pmd_trans_huge(*pmd));
2871 count_vm_event(THP_SPLIT_PMD);
2873 if (vma_is_dax(vma)) {
2874 pmd_t _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2875 if (is_huge_zero_pmd(_pmd))
2876 put_huge_zero_page();
2878 } else if (is_huge_zero_pmd(*pmd)) {
2879 return __split_huge_zero_page_pmd(vma, haddr, pmd);
2882 page = pmd_page(*pmd);
2883 VM_BUG_ON_PAGE(!page_count(page), page);
2884 atomic_add(HPAGE_PMD_NR - 1, &page->_count);
2885 write = pmd_write(*pmd);
2886 young = pmd_young(*pmd);
2888 /* leave pmd empty until pte is filled */
2889 pmdp_huge_clear_flush_notify(vma, haddr, pmd);
2891 pgtable = pgtable_trans_huge_withdraw(mm, pmd);
2892 pmd_populate(mm, &_pmd, pgtable);
2894 for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) {
2897 * Note that NUMA hinting access restrictions are not
2898 * transferred to avoid any possibility of altering
2899 * permissions across VMAs.
2902 swp_entry_t swp_entry;
2903 swp_entry = make_migration_entry(page + i, write);
2904 entry = swp_entry_to_pte(swp_entry);
2906 entry = mk_pte(page + i, vma->vm_page_prot);
2907 entry = maybe_mkwrite(pte_mkdirty(entry), vma);
2909 entry = pte_wrprotect(entry);
2911 entry = pte_mkold(entry);
2913 pte = pte_offset_map(&_pmd, haddr);
2914 BUG_ON(!pte_none(*pte));
2915 set_pte_at(mm, haddr, pte, entry);
2916 atomic_inc(&page[i]._mapcount);
2921 * Set PG_double_map before dropping compound_mapcount to avoid
2922 * false-negative page_mapped().
2924 if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
2925 for (i = 0; i < HPAGE_PMD_NR; i++)
2926 atomic_inc(&page[i]._mapcount);
2929 if (atomic_add_negative(-1, compound_mapcount_ptr(page))) {
2930 /* Last compound_mapcount is gone. */
2931 __dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
2932 if (TestClearPageDoubleMap(page)) {
2933 /* No need in mapcount reference anymore */
2934 for (i = 0; i < HPAGE_PMD_NR; i++)
2935 atomic_dec(&page[i]._mapcount);
2939 smp_wmb(); /* make pte visible before pmd */
2940 pmd_populate(mm, pmd, pgtable);
2943 void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd,
2944 unsigned long address)
2947 struct mm_struct *mm = vma->vm_mm;
2948 struct page *page = NULL;
2949 unsigned long haddr = address & HPAGE_PMD_MASK;
2951 mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE);
2952 ptl = pmd_lock(mm, pmd);
2953 if (unlikely(!pmd_trans_huge(*pmd)))
2955 page = pmd_page(*pmd);
2956 __split_huge_pmd_locked(vma, pmd, haddr, false);
2957 if (PageMlocked(page))
2963 mmu_notifier_invalidate_range_end(mm, haddr, haddr + HPAGE_PMD_SIZE);
2966 munlock_vma_page(page);
2972 static void split_huge_pmd_address(struct vm_area_struct *vma,
2973 unsigned long address)
2979 VM_BUG_ON(!(address & ~HPAGE_PMD_MASK));
2981 pgd = pgd_offset(vma->vm_mm, address);
2982 if (!pgd_present(*pgd))
2985 pud = pud_offset(pgd, address);
2986 if (!pud_present(*pud))
2989 pmd = pmd_offset(pud, address);
2990 if (!pmd_present(*pmd) || !pmd_trans_huge(*pmd))
2993 * Caller holds the mmap_sem write mode, so a huge pmd cannot
2994 * materialize from under us.
2996 split_huge_pmd(vma, pmd, address);
2999 void vma_adjust_trans_huge(struct vm_area_struct *vma,
3000 unsigned long start,
3005 * If the new start address isn't hpage aligned and it could
3006 * previously contain an hugepage: check if we need to split
3009 if (start & ~HPAGE_PMD_MASK &&
3010 (start & HPAGE_PMD_MASK) >= vma->vm_start &&
3011 (start & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
3012 split_huge_pmd_address(vma, start);
3015 * If the new end address isn't hpage aligned and it could
3016 * previously contain an hugepage: check if we need to split
3019 if (end & ~HPAGE_PMD_MASK &&
3020 (end & HPAGE_PMD_MASK) >= vma->vm_start &&
3021 (end & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= vma->vm_end)
3022 split_huge_pmd_address(vma, end);
3025 * If we're also updating the vma->vm_next->vm_start, if the new
3026 * vm_next->vm_start isn't page aligned and it could previously
3027 * contain an hugepage: check if we need to split an huge pmd.
3029 if (adjust_next > 0) {
3030 struct vm_area_struct *next = vma->vm_next;
3031 unsigned long nstart = next->vm_start;
3032 nstart += adjust_next << PAGE_SHIFT;
3033 if (nstart & ~HPAGE_PMD_MASK &&
3034 (nstart & HPAGE_PMD_MASK) >= next->vm_start &&
3035 (nstart & HPAGE_PMD_MASK) + HPAGE_PMD_SIZE <= next->vm_end)
3036 split_huge_pmd_address(next, nstart);
3040 static void freeze_page_vma(struct vm_area_struct *vma, struct page *page,
3041 unsigned long address)
3050 pgd = pgd_offset(vma->vm_mm, address);
3051 if (!pgd_present(*pgd))
3053 pud = pud_offset(pgd, address);
3054 if (!pud_present(*pud))
3056 pmd = pmd_offset(pud, address);
3057 ptl = pmd_lock(vma->vm_mm, pmd);
3058 if (!pmd_present(*pmd)) {
3062 if (pmd_trans_huge(*pmd)) {
3063 if (page == pmd_page(*pmd))
3064 __split_huge_pmd_locked(vma, pmd, address, true);
3070 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3071 for (i = 0; i < HPAGE_PMD_NR; i++, address += PAGE_SIZE, page++) {
3072 pte_t entry, swp_pte;
3073 swp_entry_t swp_entry;
3075 if (!pte_present(pte[i]))
3077 if (page_to_pfn(page) != pte_pfn(pte[i]))
3079 flush_cache_page(vma, address, page_to_pfn(page));
3080 entry = ptep_clear_flush(vma, address, pte + i);
3081 swp_entry = make_migration_entry(page, pte_write(entry));
3082 swp_pte = swp_entry_to_pte(swp_entry);
3083 if (pte_soft_dirty(entry))
3084 swp_pte = pte_swp_mksoft_dirty(swp_pte);
3085 set_pte_at(vma->vm_mm, address, pte + i, swp_pte);
3087 pte_unmap_unlock(pte, ptl);
3090 static void freeze_page(struct anon_vma *anon_vma, struct page *page)
3092 struct anon_vma_chain *avc;
3093 pgoff_t pgoff = page_to_pgoff(page);
3095 VM_BUG_ON_PAGE(!PageHead(page), page);
3097 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff,
3098 pgoff + HPAGE_PMD_NR - 1) {
3099 unsigned long haddr;
3101 haddr = __vma_address(page, avc->vma) & HPAGE_PMD_MASK;
3102 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3103 haddr, haddr + HPAGE_PMD_SIZE);
3104 freeze_page_vma(avc->vma, page, haddr);
3105 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3106 haddr, haddr + HPAGE_PMD_SIZE);
3110 static void unfreeze_page_vma(struct vm_area_struct *vma, struct page *page,
3111 unsigned long address)
3116 swp_entry_t swp_entry;
3119 pmd = mm_find_pmd(vma->vm_mm, address);
3122 pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
3123 for (i = 0; i < HPAGE_PMD_NR; i++, address += PAGE_SIZE, page++) {
3124 if (!page_mapped(page))
3126 if (!is_swap_pte(pte[i]))
3129 swp_entry = pte_to_swp_entry(pte[i]);
3130 if (!is_migration_entry(swp_entry))
3132 if (migration_entry_to_page(swp_entry) != page)
3135 entry = pte_mkold(mk_pte(page, vma->vm_page_prot));
3136 entry = pte_mkdirty(entry);
3137 if (is_write_migration_entry(swp_entry))
3138 entry = maybe_mkwrite(entry, vma);
3140 flush_dcache_page(page);
3141 set_pte_at(vma->vm_mm, address, pte + i, entry);
3143 /* No need to invalidate - it was non-present before */
3144 update_mmu_cache(vma, address, pte + i);
3146 pte_unmap_unlock(pte, ptl);
3149 static void unfreeze_page(struct anon_vma *anon_vma, struct page *page)
3151 struct anon_vma_chain *avc;
3152 pgoff_t pgoff = page_to_pgoff(page);
3154 anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root,
3155 pgoff, pgoff + HPAGE_PMD_NR - 1) {
3156 unsigned long address = __vma_address(page, avc->vma);
3158 mmu_notifier_invalidate_range_start(avc->vma->vm_mm,
3159 address, address + HPAGE_PMD_SIZE);
3160 unfreeze_page_vma(avc->vma, page, address);
3161 mmu_notifier_invalidate_range_end(avc->vma->vm_mm,
3162 address, address + HPAGE_PMD_SIZE);
3166 static int total_mapcount(struct page *page)
3170 ret = compound_mapcount(page);
3171 for (i = 0; i < HPAGE_PMD_NR; i++)
3172 ret += atomic_read(&page[i]._mapcount) + 1;
3174 if (PageDoubleMap(page))
3175 ret -= HPAGE_PMD_NR;
3180 static int __split_huge_page_tail(struct page *head, int tail,
3181 struct lruvec *lruvec, struct list_head *list)
3184 struct page *page_tail = head + tail;
3186 mapcount = atomic_read(&page_tail->_mapcount) + 1;
3187 VM_BUG_ON_PAGE(atomic_read(&page_tail->_count) != 0, page_tail);
3190 * tail_page->_count is zero and not changing from under us. But
3191 * get_page_unless_zero() may be running from under us on the
3192 * tail_page. If we used atomic_set() below instead of atomic_add(), we
3193 * would then run atomic_set() concurrently with
3194 * get_page_unless_zero(), and atomic_set() is implemented in C not
3195 * using locked ops. spin_unlock on x86 sometime uses locked ops
3196 * because of PPro errata 66, 92, so unless somebody can guarantee
3197 * atomic_set() here would be safe on all archs (and not only on x86),
3198 * it's safer to use atomic_add().
3200 atomic_add(mapcount + 1, &page_tail->_count);
3202 /* after clearing PageTail the gup refcount can be released */
3203 smp_mb__after_atomic();
3205 page_tail->flags &= ~PAGE_FLAGS_CHECK_AT_PREP;
3206 page_tail->flags |= (head->flags &
3207 ((1L << PG_referenced) |
3208 (1L << PG_swapbacked) |
3209 (1L << PG_mlocked) |
3210 (1L << PG_uptodate) |
3213 (1L << PG_unevictable)));
3214 page_tail->flags |= (1L << PG_dirty);
3216 clear_compound_head(page_tail);
3218 if (page_is_young(head))
3219 set_page_young(page_tail);
3220 if (page_is_idle(head))
3221 set_page_idle(page_tail);
3223 /* ->mapping in first tail page is compound_mapcount */
3224 VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING,
3226 page_tail->mapping = head->mapping;
3228 page_tail->index = head->index + tail;
3229 page_cpupid_xchg_last(page_tail, page_cpupid_last(head));
3230 lru_add_page_tail(head, page_tail, lruvec, list);
3235 static void __split_huge_page(struct page *page, struct list_head *list)
3237 struct page *head = compound_head(page);
3238 struct zone *zone = page_zone(head);
3239 struct lruvec *lruvec;
3240 int i, tail_mapcount;
3242 /* prevent PageLRU to go away from under us, and freeze lru stats */
3243 spin_lock_irq(&zone->lru_lock);
3244 lruvec = mem_cgroup_page_lruvec(head, zone);
3246 spin_lock(&split_queue_lock);
3247 if (!list_empty(page_deferred_list(head))) {
3249 list_del(page_deferred_list(head));
3251 spin_unlock(&split_queue_lock);
3253 /* complete memcg works before add pages to LRU */
3254 mem_cgroup_split_huge_fixup(head);
3257 for (i = HPAGE_PMD_NR - 1; i >= 1; i--)
3258 tail_mapcount += __split_huge_page_tail(head, i, lruvec, list);
3259 atomic_sub(tail_mapcount, &head->_count);
3261 ClearPageCompound(head);
3262 spin_unlock_irq(&zone->lru_lock);
3264 unfreeze_page(page_anon_vma(head), head);
3266 for (i = 0; i < HPAGE_PMD_NR; i++) {
3267 struct page *subpage = head + i;
3268 if (subpage == page)
3270 unlock_page(subpage);
3273 * Subpages may be freed if there wasn't any mapping
3274 * like if add_to_swap() is running on a lru page that
3275 * had its mapping zapped. And freeing these pages
3276 * requires taking the lru_lock so we do the put_page
3277 * of the tail pages after the split is complete.
3284 * This function splits huge page into normal pages. @page can point to any
3285 * subpage of huge page to split. Split doesn't change the position of @page.
3287 * Only caller must hold pin on the @page, otherwise split fails with -EBUSY.
3288 * The huge page must be locked.
3290 * If @list is null, tail pages will be added to LRU list, otherwise, to @list.
3292 * Both head page and tail pages will inherit mapping, flags, and so on from
3295 * GUP pin and PG_locked transferred to @page. Rest subpages can be freed if
3296 * they are not mapped.
3298 * Returns 0 if the hugepage is split successfully.
3299 * Returns -EBUSY if the page is pinned or if anon_vma disappeared from under
3302 int split_huge_page_to_list(struct page *page, struct list_head *list)
3304 struct page *head = compound_head(page);
3305 struct anon_vma *anon_vma;
3306 int count, mapcount, ret;
3308 VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
3309 VM_BUG_ON_PAGE(!PageAnon(page), page);
3310 VM_BUG_ON_PAGE(!PageLocked(page), page);
3311 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
3312 VM_BUG_ON_PAGE(!PageCompound(page), page);
3315 * The caller does not necessarily hold an mmap_sem that would prevent
3316 * the anon_vma disappearing so we first we take a reference to it
3317 * and then lock the anon_vma for write. This is similar to
3318 * page_lock_anon_vma_read except the write lock is taken to serialise
3319 * against parallel split or collapse operations.
3321 anon_vma = page_get_anon_vma(head);
3326 anon_vma_lock_write(anon_vma);
3329 * Racy check if we can split the page, before freeze_page() will
3332 if (total_mapcount(head) != page_count(head) - 1) {
3337 freeze_page(anon_vma, head);
3338 VM_BUG_ON_PAGE(compound_mapcount(head), head);
3340 count = page_count(head);
3341 mapcount = total_mapcount(head);
3342 if (mapcount == count - 1) {
3343 __split_huge_page(page, list);
3345 } else if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount > count - 1) {
3346 pr_alert("total_mapcount: %u, page_count(): %u\n",
3349 dump_page(head, NULL);
3350 dump_page(page, "total_mapcount(head) > page_count(head) - 1");
3353 unfreeze_page(anon_vma, head);
3358 anon_vma_unlock_write(anon_vma);
3359 put_anon_vma(anon_vma);
3361 count_vm_event(!ret ? THP_SPLIT_PAGE : THP_SPLIT_PAGE_FAILED);
3365 void free_transhuge_page(struct page *page)
3367 unsigned long flags;
3369 spin_lock_irqsave(&split_queue_lock, flags);
3370 if (!list_empty(page_deferred_list(page))) {
3372 list_del(page_deferred_list(page));
3374 spin_unlock_irqrestore(&split_queue_lock, flags);
3375 free_compound_page(page);
3378 void deferred_split_huge_page(struct page *page)
3380 unsigned long flags;
3382 VM_BUG_ON_PAGE(!PageTransHuge(page), page);
3384 spin_lock_irqsave(&split_queue_lock, flags);
3385 if (list_empty(page_deferred_list(page))) {
3386 list_add_tail(page_deferred_list(page), &split_queue);
3389 spin_unlock_irqrestore(&split_queue_lock, flags);
3392 static unsigned long deferred_split_count(struct shrinker *shrink,
3393 struct shrink_control *sc)
3396 * Split a page from split_queue will free up at least one page,
3397 * at most HPAGE_PMD_NR - 1. We don't track exact number.
3398 * Let's use HPAGE_PMD_NR / 2 as ballpark.
3400 return ACCESS_ONCE(split_queue_len) * HPAGE_PMD_NR / 2;
3403 static unsigned long deferred_split_scan(struct shrinker *shrink,
3404 struct shrink_control *sc)
3406 unsigned long flags;
3407 LIST_HEAD(list), *pos, *next;
3411 spin_lock_irqsave(&split_queue_lock, flags);
3412 list_splice_init(&split_queue, &list);
3414 /* Take pin on all head pages to avoid freeing them under us */
3415 list_for_each_safe(pos, next, &list) {
3416 page = list_entry((void *)pos, struct page, mapping);
3417 page = compound_head(page);
3418 /* race with put_compound_page() */
3419 if (!get_page_unless_zero(page)) {
3420 list_del_init(page_deferred_list(page));
3424 spin_unlock_irqrestore(&split_queue_lock, flags);
3426 list_for_each_safe(pos, next, &list) {
3427 page = list_entry((void *)pos, struct page, mapping);
3429 /* split_huge_page() removes page from list on success */
3430 if (!split_huge_page(page))
3436 spin_lock_irqsave(&split_queue_lock, flags);
3437 list_splice_tail(&list, &split_queue);
3438 spin_unlock_irqrestore(&split_queue_lock, flags);
3440 return split * HPAGE_PMD_NR / 2;
3443 static struct shrinker deferred_split_shrinker = {
3444 .count_objects = deferred_split_count,
3445 .scan_objects = deferred_split_scan,
3446 .seeks = DEFAULT_SEEKS,
projects / karo-tx-linux.git / blob