1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 1999 Linus Torvalds
6 * Copyright (C) 2002 Christoph Hellwig
9 #include <linux/mman.h>
10 #include <linux/pagemap.h>
11 #include <linux/syscalls.h>
12 #include <linux/mempolicy.h>
13 #include <linux/page-isolation.h>
14 #include <linux/page_idle.h>
15 #include <linux/userfaultfd_k.h>
16 #include <linux/hugetlb.h>
17 #include <linux/falloc.h>
18 #include <linux/fadvise.h>
19 #include <linux/sched.h>
20 #include <linux/sched/mm.h>
21 #include <linux/mm_inline.h>
22 #include <linux/string.h>
23 #include <linux/uio.h>
24 #include <linux/ksm.h>
26 #include <linux/file.h>
27 #include <linux/blkdev.h>
28 #include <linux/backing-dev.h>
29 #include <linux/pagewalk.h>
30 #include <linux/swap.h>
31 #include <linux/swapops.h>
32 #include <linux/shmem_fs.h>
33 #include <linux/mmu_notifier.h>
40 struct madvise_walk_private {
41 struct mmu_gather *tlb;
46 * Any behaviour which results in changes to the vma->vm_flags needs to
47 * take mmap_lock for writing. Others, which simply traverse vmas, need
48 * to only take it for reading.
50 static int madvise_need_mmap_write(int behavior)
56 case MADV_DONTNEED_LOCKED:
60 case MADV_POPULATE_READ:
61 case MADV_POPULATE_WRITE:
65 /* be safe, default to 1. list exceptions explicitly */
70 #ifdef CONFIG_ANON_VMA_NAME
71 struct anon_vma_name *anon_vma_name_alloc(const char *name)
73 struct anon_vma_name *anon_name;
76 /* Add 1 for NUL terminator at the end of the anon_name->name */
77 count = strlen(name) + 1;
78 anon_name = kmalloc(struct_size(anon_name, name, count), GFP_KERNEL);
80 kref_init(&anon_name->kref);
81 memcpy(anon_name->name, name, count);
87 void anon_vma_name_free(struct kref *kref)
89 struct anon_vma_name *anon_name =
90 container_of(kref, struct anon_vma_name, kref);
94 struct anon_vma_name *anon_vma_name(struct vm_area_struct *vma)
96 mmap_assert_locked(vma->vm_mm);
98 return vma->anon_name;
101 /* mmap_lock should be write-locked */
102 static int replace_anon_vma_name(struct vm_area_struct *vma,
103 struct anon_vma_name *anon_name)
105 struct anon_vma_name *orig_name = anon_vma_name(vma);
108 vma->anon_name = NULL;
109 anon_vma_name_put(orig_name);
113 if (anon_vma_name_eq(orig_name, anon_name))
116 vma->anon_name = anon_vma_name_reuse(anon_name);
117 anon_vma_name_put(orig_name);
121 #else /* CONFIG_ANON_VMA_NAME */
122 static int replace_anon_vma_name(struct vm_area_struct *vma,
123 struct anon_vma_name *anon_name)
130 #endif /* CONFIG_ANON_VMA_NAME */
132 * Update the vm_flags on region of a vma, splitting it or merging it as
133 * necessary. Must be called with mmap_lock held for writing;
134 * Caller should ensure anon_name stability by raising its refcount even when
135 * anon_name belongs to a valid vma because this function might free that vma.
137 static int madvise_update_vma(struct vm_area_struct *vma,
138 struct vm_area_struct **prev, unsigned long start,
139 unsigned long end, unsigned long new_flags,
140 struct anon_vma_name *anon_name)
142 struct mm_struct *mm = vma->vm_mm;
144 VMA_ITERATOR(vmi, mm, start);
146 if (new_flags == vma->vm_flags && anon_vma_name_eq(anon_vma_name(vma), anon_name)) {
151 vma = vma_modify_flags_name(&vmi, *prev, vma, start, end, new_flags,
158 /* vm_flags is protected by the mmap_lock held in write mode. */
159 vma_start_write(vma);
160 vm_flags_reset(vma, new_flags);
161 if (!vma->vm_file || vma_is_anon_shmem(vma)) {
162 error = replace_anon_vma_name(vma, anon_name);
171 static int swapin_walk_pmd_entry(pmd_t *pmd, unsigned long start,
172 unsigned long end, struct mm_walk *walk)
174 struct vm_area_struct *vma = walk->private;
175 struct swap_iocb *splug = NULL;
180 for (addr = start; addr < end; addr += PAGE_SIZE) {
186 ptep = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
191 pte = ptep_get(ptep);
192 if (!is_swap_pte(pte))
194 entry = pte_to_swp_entry(pte);
195 if (unlikely(non_swap_entry(entry)))
198 pte_unmap_unlock(ptep, ptl);
201 folio = read_swap_cache_async(entry, GFP_HIGHUSER_MOVABLE,
208 pte_unmap_unlock(ptep, ptl);
209 swap_read_unplug(splug);
215 static const struct mm_walk_ops swapin_walk_ops = {
216 .pmd_entry = swapin_walk_pmd_entry,
217 .walk_lock = PGWALK_RDLOCK,
220 static void shmem_swapin_range(struct vm_area_struct *vma,
221 unsigned long start, unsigned long end,
222 struct address_space *mapping)
224 XA_STATE(xas, &mapping->i_pages, linear_page_index(vma, start));
225 pgoff_t end_index = linear_page_index(vma, end) - 1;
227 struct swap_iocb *splug = NULL;
230 xas_for_each(&xas, folio, end_index) {
234 if (!xa_is_value(folio))
236 entry = radix_to_swp_entry(folio);
237 /* There might be swapin error entries in shmem mapping. */
238 if (non_swap_entry(entry))
241 addr = vma->vm_start +
242 ((xas.xa_index - vma->vm_pgoff) << PAGE_SHIFT);
246 folio = read_swap_cache_async(entry, mapping_gfp_mask(mapping),
254 swap_read_unplug(splug);
256 #endif /* CONFIG_SWAP */
259 * Schedule all required I/O operations. Do not wait for completion.
261 static long madvise_willneed(struct vm_area_struct *vma,
262 struct vm_area_struct **prev,
263 unsigned long start, unsigned long end)
265 struct mm_struct *mm = vma->vm_mm;
266 struct file *file = vma->vm_file;
272 walk_page_range(vma->vm_mm, start, end, &swapin_walk_ops, vma);
273 lru_add_drain(); /* Push any new pages onto the LRU now */
277 if (shmem_mapping(file->f_mapping)) {
278 shmem_swapin_range(vma, start, end, file->f_mapping);
279 lru_add_drain(); /* Push any new pages onto the LRU now */
287 if (IS_DAX(file_inode(file))) {
288 /* no bad return value, but ignore advice */
293 * Filesystem's fadvise may need to take various locks. We need to
294 * explicitly grab a reference because the vma (and hence the
295 * vma's reference to the file) can go away as soon as we drop
298 *prev = NULL; /* tell sys_madvise we drop mmap_lock */
300 offset = (loff_t)(start - vma->vm_start)
301 + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
302 mmap_read_unlock(mm);
303 vfs_fadvise(file, offset, end - start, POSIX_FADV_WILLNEED);
309 static inline bool can_do_file_pageout(struct vm_area_struct *vma)
314 * paging out pagecache only for non-anonymous mappings that correspond
315 * to the files the calling process could (if tried) open for writing;
316 * otherwise we'd be including shared non-exclusive mappings, which
317 * opens a side channel.
319 return inode_owner_or_capable(&nop_mnt_idmap,
320 file_inode(vma->vm_file)) ||
321 file_permission(vma->vm_file, MAY_WRITE) == 0;
324 static int madvise_cold_or_pageout_pte_range(pmd_t *pmd,
325 unsigned long addr, unsigned long end,
326 struct mm_walk *walk)
328 struct madvise_walk_private *private = walk->private;
329 struct mmu_gather *tlb = private->tlb;
330 bool pageout = private->pageout;
331 struct mm_struct *mm = tlb->mm;
332 struct vm_area_struct *vma = walk->vma;
333 pte_t *start_pte, *pte, ptent;
335 struct folio *folio = NULL;
336 LIST_HEAD(folio_list);
337 bool pageout_anon_only_filter;
338 unsigned int batch_count = 0;
340 if (fatal_signal_pending(current))
343 pageout_anon_only_filter = pageout && !vma_is_anonymous(vma) &&
344 !can_do_file_pageout(vma);
346 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
347 if (pmd_trans_huge(*pmd)) {
349 unsigned long next = pmd_addr_end(addr, end);
351 tlb_change_page_size(tlb, HPAGE_PMD_SIZE);
352 ptl = pmd_trans_huge_lock(pmd, vma);
357 if (is_huge_zero_pmd(orig_pmd))
360 if (unlikely(!pmd_present(orig_pmd))) {
361 VM_BUG_ON(thp_migration_supported() &&
362 !is_pmd_migration_entry(orig_pmd));
366 folio = pmd_folio(orig_pmd);
368 /* Do not interfere with other mappings of this folio */
369 if (folio_likely_mapped_shared(folio))
372 if (pageout_anon_only_filter && !folio_test_anon(folio))
375 if (next - addr != HPAGE_PMD_SIZE) {
381 err = split_folio(folio);
389 if (!pageout && pmd_young(orig_pmd)) {
390 pmdp_invalidate(vma, addr, pmd);
391 orig_pmd = pmd_mkold(orig_pmd);
393 set_pmd_at(mm, addr, pmd, orig_pmd);
394 tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
397 folio_clear_referenced(folio);
398 folio_test_clear_young(folio);
399 if (folio_test_active(folio))
400 folio_set_workingset(folio);
402 if (folio_isolate_lru(folio)) {
403 if (folio_test_unevictable(folio))
404 folio_putback_lru(folio);
406 list_add(&folio->lru, &folio_list);
409 folio_deactivate(folio);
413 reclaim_pages(&folio_list, true);
419 tlb_change_page_size(tlb, PAGE_SIZE);
421 start_pte = pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
424 flush_tlb_batched_pending(mm);
425 arch_enter_lazy_mmu_mode();
426 for (; addr < end; pte++, addr += PAGE_SIZE) {
427 ptent = ptep_get(pte);
429 if (++batch_count == SWAP_CLUSTER_MAX) {
431 if (need_resched()) {
432 arch_leave_lazy_mmu_mode();
433 pte_unmap_unlock(start_pte, ptl);
442 if (!pte_present(ptent))
445 folio = vm_normal_folio(vma, addr, ptent);
446 if (!folio || folio_is_zone_device(folio))
450 * Creating a THP page is expensive so split it only if we
451 * are sure it's worth. Split it if we are only owner.
453 if (folio_test_large(folio)) {
456 if (folio_likely_mapped_shared(folio))
458 if (pageout_anon_only_filter && !folio_test_anon(folio))
460 if (!folio_trylock(folio))
463 arch_leave_lazy_mmu_mode();
464 pte_unmap_unlock(start_pte, ptl);
466 err = split_folio(folio);
472 pte_offset_map_lock(mm, pmd, addr, &ptl);
475 arch_enter_lazy_mmu_mode();
482 * Do not interfere with other mappings of this folio and
485 if (!folio_test_lru(folio) || folio_mapcount(folio) != 1)
488 if (pageout_anon_only_filter && !folio_test_anon(folio))
491 VM_BUG_ON_FOLIO(folio_test_large(folio), folio);
493 if (!pageout && pte_young(ptent)) {
494 ptent = ptep_get_and_clear_full(mm, addr, pte,
496 ptent = pte_mkold(ptent);
497 set_pte_at(mm, addr, pte, ptent);
498 tlb_remove_tlb_entry(tlb, pte, addr);
502 * We are deactivating a folio for accelerating reclaiming.
503 * VM couldn't reclaim the folio unless we clear PG_young.
504 * As a side effect, it makes confuse idle-page tracking
505 * because they will miss recent referenced history.
507 folio_clear_referenced(folio);
508 folio_test_clear_young(folio);
509 if (folio_test_active(folio))
510 folio_set_workingset(folio);
512 if (folio_isolate_lru(folio)) {
513 if (folio_test_unevictable(folio))
514 folio_putback_lru(folio);
516 list_add(&folio->lru, &folio_list);
519 folio_deactivate(folio);
523 arch_leave_lazy_mmu_mode();
524 pte_unmap_unlock(start_pte, ptl);
527 reclaim_pages(&folio_list, true);
533 static const struct mm_walk_ops cold_walk_ops = {
534 .pmd_entry = madvise_cold_or_pageout_pte_range,
535 .walk_lock = PGWALK_RDLOCK,
538 static void madvise_cold_page_range(struct mmu_gather *tlb,
539 struct vm_area_struct *vma,
540 unsigned long addr, unsigned long end)
542 struct madvise_walk_private walk_private = {
547 tlb_start_vma(tlb, vma);
548 walk_page_range(vma->vm_mm, addr, end, &cold_walk_ops, &walk_private);
549 tlb_end_vma(tlb, vma);
552 static inline bool can_madv_lru_vma(struct vm_area_struct *vma)
554 return !(vma->vm_flags & (VM_LOCKED|VM_PFNMAP|VM_HUGETLB));
557 static long madvise_cold(struct vm_area_struct *vma,
558 struct vm_area_struct **prev,
559 unsigned long start_addr, unsigned long end_addr)
561 struct mm_struct *mm = vma->vm_mm;
562 struct mmu_gather tlb;
565 if (!can_madv_lru_vma(vma))
569 tlb_gather_mmu(&tlb, mm);
570 madvise_cold_page_range(&tlb, vma, start_addr, end_addr);
571 tlb_finish_mmu(&tlb);
576 static void madvise_pageout_page_range(struct mmu_gather *tlb,
577 struct vm_area_struct *vma,
578 unsigned long addr, unsigned long end)
580 struct madvise_walk_private walk_private = {
585 tlb_start_vma(tlb, vma);
586 walk_page_range(vma->vm_mm, addr, end, &cold_walk_ops, &walk_private);
587 tlb_end_vma(tlb, vma);
590 static long madvise_pageout(struct vm_area_struct *vma,
591 struct vm_area_struct **prev,
592 unsigned long start_addr, unsigned long end_addr)
594 struct mm_struct *mm = vma->vm_mm;
595 struct mmu_gather tlb;
598 if (!can_madv_lru_vma(vma))
602 * If the VMA belongs to a private file mapping, there can be private
603 * dirty pages which can be paged out if even this process is neither
604 * owner nor write capable of the file. We allow private file mappings
605 * further to pageout dirty anon pages.
607 if (!vma_is_anonymous(vma) && (!can_do_file_pageout(vma) &&
608 (vma->vm_flags & VM_MAYSHARE)))
612 tlb_gather_mmu(&tlb, mm);
613 madvise_pageout_page_range(&tlb, vma, start_addr, end_addr);
614 tlb_finish_mmu(&tlb);
619 static int madvise_free_pte_range(pmd_t *pmd, unsigned long addr,
620 unsigned long end, struct mm_walk *walk)
623 struct mmu_gather *tlb = walk->private;
624 struct mm_struct *mm = tlb->mm;
625 struct vm_area_struct *vma = walk->vma;
627 pte_t *start_pte, *pte, ptent;
633 next = pmd_addr_end(addr, end);
634 if (pmd_trans_huge(*pmd))
635 if (madvise_free_huge_pmd(tlb, vma, pmd, addr, next))
638 tlb_change_page_size(tlb, PAGE_SIZE);
639 start_pte = pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
642 flush_tlb_batched_pending(mm);
643 arch_enter_lazy_mmu_mode();
644 for (; addr != end; pte += nr, addr += PAGE_SIZE * nr) {
646 ptent = ptep_get(pte);
651 * If the pte has swp_entry, just clear page table to
652 * prevent swap-in which is more expensive rather than
653 * (page allocation + zeroing).
655 if (!pte_present(ptent)) {
658 entry = pte_to_swp_entry(ptent);
659 if (!non_swap_entry(entry)) {
660 max_nr = (end - addr) / PAGE_SIZE;
661 nr = swap_pte_batch(pte, max_nr, ptent);
663 free_swap_and_cache_nr(entry, nr);
664 clear_not_present_full_ptes(mm, addr, pte, nr, tlb->fullmm);
665 } else if (is_hwpoison_entry(entry) ||
666 is_poisoned_swp_entry(entry)) {
667 pte_clear_not_present_full(mm, addr, pte, tlb->fullmm);
672 folio = vm_normal_folio(vma, addr, ptent);
673 if (!folio || folio_is_zone_device(folio))
677 * If pmd isn't transhuge but the folio is large and
678 * is owned by only this process, split it and
679 * deactivate all pages.
681 if (folio_test_large(folio)) {
684 if (folio_likely_mapped_shared(folio))
686 if (!folio_trylock(folio))
689 arch_leave_lazy_mmu_mode();
690 pte_unmap_unlock(start_pte, ptl);
692 err = split_folio(folio);
698 pte_offset_map_lock(mm, pmd, addr, &ptl);
701 arch_enter_lazy_mmu_mode();
707 if (folio_test_swapcache(folio) || folio_test_dirty(folio)) {
708 if (!folio_trylock(folio))
711 * If folio is shared with others, we mustn't clear
712 * the folio's dirty flag.
714 if (folio_mapcount(folio) != 1) {
719 if (folio_test_swapcache(folio) &&
720 !folio_free_swap(folio)) {
725 folio_clear_dirty(folio);
729 if (pte_young(ptent) || pte_dirty(ptent)) {
731 * Some of architecture(ex, PPC) don't update TLB
732 * with set_pte_at and tlb_remove_tlb_entry so for
733 * the portability, remap the pte with old|clean
734 * after pte clearing.
736 ptent = ptep_get_and_clear_full(mm, addr, pte,
739 ptent = pte_mkold(ptent);
740 ptent = pte_mkclean(ptent);
741 set_pte_at(mm, addr, pte, ptent);
742 tlb_remove_tlb_entry(tlb, pte, addr);
744 folio_mark_lazyfree(folio);
748 add_mm_counter(mm, MM_SWAPENTS, nr_swap);
750 arch_leave_lazy_mmu_mode();
751 pte_unmap_unlock(start_pte, ptl);
758 static const struct mm_walk_ops madvise_free_walk_ops = {
759 .pmd_entry = madvise_free_pte_range,
760 .walk_lock = PGWALK_RDLOCK,
763 static int madvise_free_single_vma(struct vm_area_struct *vma,
764 unsigned long start_addr, unsigned long end_addr)
766 struct mm_struct *mm = vma->vm_mm;
767 struct mmu_notifier_range range;
768 struct mmu_gather tlb;
770 /* MADV_FREE works for only anon vma at the moment */
771 if (!vma_is_anonymous(vma))
774 range.start = max(vma->vm_start, start_addr);
775 if (range.start >= vma->vm_end)
777 range.end = min(vma->vm_end, end_addr);
778 if (range.end <= vma->vm_start)
780 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm,
781 range.start, range.end);
784 tlb_gather_mmu(&tlb, mm);
785 update_hiwater_rss(mm);
787 mmu_notifier_invalidate_range_start(&range);
788 tlb_start_vma(&tlb, vma);
789 walk_page_range(vma->vm_mm, range.start, range.end,
790 &madvise_free_walk_ops, &tlb);
791 tlb_end_vma(&tlb, vma);
792 mmu_notifier_invalidate_range_end(&range);
793 tlb_finish_mmu(&tlb);
799 * Application no longer needs these pages. If the pages are dirty,
800 * it's OK to just throw them away. The app will be more careful about
801 * data it wants to keep. Be sure to free swap resources too. The
802 * zap_page_range_single call sets things up for shrink_active_list to actually
803 * free these pages later if no one else has touched them in the meantime,
804 * although we could add these pages to a global reuse list for
805 * shrink_active_list to pick up before reclaiming other pages.
807 * NB: This interface discards data rather than pushes it out to swap,
808 * as some implementations do. This has performance implications for
809 * applications like large transactional databases which want to discard
810 * pages in anonymous maps after committing to backing store the data
811 * that was kept in them. There is no reason to write this data out to
812 * the swap area if the application is discarding it.
814 * An interface that causes the system to free clean pages and flush
815 * dirty pages is already available as msync(MS_INVALIDATE).
817 static long madvise_dontneed_single_vma(struct vm_area_struct *vma,
818 unsigned long start, unsigned long end)
820 zap_page_range_single(vma, start, end - start, NULL);
824 static bool madvise_dontneed_free_valid_vma(struct vm_area_struct *vma,
829 if (!is_vm_hugetlb_page(vma)) {
830 unsigned int forbidden = VM_PFNMAP;
832 if (behavior != MADV_DONTNEED_LOCKED)
833 forbidden |= VM_LOCKED;
835 return !(vma->vm_flags & forbidden);
838 if (behavior != MADV_DONTNEED && behavior != MADV_DONTNEED_LOCKED)
840 if (start & ~huge_page_mask(hstate_vma(vma)))
844 * Madvise callers expect the length to be rounded up to PAGE_SIZE
845 * boundaries, and may be unaware that this VMA uses huge pages.
846 * Avoid unexpected data loss by rounding down the number of
849 *end = ALIGN_DOWN(*end, huge_page_size(hstate_vma(vma)));
854 static long madvise_dontneed_free(struct vm_area_struct *vma,
855 struct vm_area_struct **prev,
856 unsigned long start, unsigned long end,
859 struct mm_struct *mm = vma->vm_mm;
862 if (!madvise_dontneed_free_valid_vma(vma, start, &end, behavior))
868 if (!userfaultfd_remove(vma, start, end)) {
869 *prev = NULL; /* mmap_lock has been dropped, prev is stale */
872 vma = vma_lookup(mm, start);
876 * Potential end adjustment for hugetlb vma is OK as
877 * the check below keeps end within vma.
879 if (!madvise_dontneed_free_valid_vma(vma, start, &end,
882 if (end > vma->vm_end) {
884 * Don't fail if end > vma->vm_end. If the old
885 * vma was split while the mmap_lock was
886 * released the effect of the concurrent
887 * operation may not cause madvise() to
888 * have an undefined result. There may be an
889 * adjacent next vma that we'll walk
890 * next. userfaultfd_remove() will generate an
891 * UFFD_EVENT_REMOVE repetition on the
892 * end-vma->vm_end range, but the manager can
893 * handle a repetition fine.
897 VM_WARN_ON(start >= end);
900 if (behavior == MADV_DONTNEED || behavior == MADV_DONTNEED_LOCKED)
901 return madvise_dontneed_single_vma(vma, start, end);
902 else if (behavior == MADV_FREE)
903 return madvise_free_single_vma(vma, start, end);
908 static long madvise_populate(struct mm_struct *mm, unsigned long start,
909 unsigned long end, int behavior)
911 const bool write = behavior == MADV_POPULATE_WRITE;
915 while (start < end) {
916 /* Populate (prefault) page tables readable/writable. */
917 pages = faultin_page_range(mm, start, end, write, &locked);
926 case -EINVAL: /* Incompatible mappings / permissions. */
930 case -EFAULT: /* VM_FAULT_SIGBUS or VM_FAULT_SIGSEGV */
933 pr_warn_once("%s: unhandled return value: %ld\n",
936 case -ENOMEM: /* No VMA or out of memory. */
940 start += pages * PAGE_SIZE;
946 * Application wants to free up the pages and associated backing store.
947 * This is effectively punching a hole into the middle of a file.
949 static long madvise_remove(struct vm_area_struct *vma,
950 struct vm_area_struct **prev,
951 unsigned long start, unsigned long end)
956 struct mm_struct *mm = vma->vm_mm;
958 *prev = NULL; /* tell sys_madvise we drop mmap_lock */
960 if (vma->vm_flags & VM_LOCKED)
965 if (!f || !f->f_mapping || !f->f_mapping->host) {
969 if (!vma_is_shared_maywrite(vma))
972 offset = (loff_t)(start - vma->vm_start)
973 + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
976 * Filesystem's fallocate may need to take i_rwsem. We need to
977 * explicitly grab a reference because the vma (and hence the
978 * vma's reference to the file) can go away as soon as we drop
982 if (userfaultfd_remove(vma, start, end)) {
983 /* mmap_lock was not released by userfaultfd_remove() */
984 mmap_read_unlock(mm);
986 error = vfs_fallocate(f,
987 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
988 offset, end - start);
995 * Apply an madvise behavior to a region of a vma. madvise_update_vma
996 * will handle splitting a vm area into separate areas, each area with its own
999 static int madvise_vma_behavior(struct vm_area_struct *vma,
1000 struct vm_area_struct **prev,
1001 unsigned long start, unsigned long end,
1002 unsigned long behavior)
1005 struct anon_vma_name *anon_name;
1006 unsigned long new_flags = vma->vm_flags;
1010 return madvise_remove(vma, prev, start, end);
1012 return madvise_willneed(vma, prev, start, end);
1014 return madvise_cold(vma, prev, start, end);
1016 return madvise_pageout(vma, prev, start, end);
1019 case MADV_DONTNEED_LOCKED:
1020 return madvise_dontneed_free(vma, prev, start, end, behavior);
1022 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
1024 case MADV_SEQUENTIAL:
1025 new_flags = (new_flags & ~VM_RAND_READ) | VM_SEQ_READ;
1028 new_flags = (new_flags & ~VM_SEQ_READ) | VM_RAND_READ;
1031 new_flags |= VM_DONTCOPY;
1034 if (vma->vm_flags & VM_IO)
1036 new_flags &= ~VM_DONTCOPY;
1038 case MADV_WIPEONFORK:
1039 /* MADV_WIPEONFORK is only supported on anonymous memory. */
1040 if (vma->vm_file || vma->vm_flags & VM_SHARED)
1042 new_flags |= VM_WIPEONFORK;
1044 case MADV_KEEPONFORK:
1045 new_flags &= ~VM_WIPEONFORK;
1048 new_flags |= VM_DONTDUMP;
1051 if (!is_vm_hugetlb_page(vma) && new_flags & VM_SPECIAL)
1053 new_flags &= ~VM_DONTDUMP;
1055 case MADV_MERGEABLE:
1056 case MADV_UNMERGEABLE:
1057 error = ksm_madvise(vma, start, end, behavior, &new_flags);
1062 case MADV_NOHUGEPAGE:
1063 error = hugepage_madvise(vma, &new_flags, behavior);
1068 return madvise_collapse(vma, prev, start, end);
1071 anon_name = anon_vma_name(vma);
1072 anon_vma_name_get(anon_name);
1073 error = madvise_update_vma(vma, prev, start, end, new_flags,
1075 anon_vma_name_put(anon_name);
1079 * madvise() returns EAGAIN if kernel resources, such as
1080 * slab, are temporarily unavailable.
1082 if (error == -ENOMEM)
1087 #ifdef CONFIG_MEMORY_FAILURE
1089 * Error injection support for memory error handling.
1091 static int madvise_inject_error(int behavior,
1092 unsigned long start, unsigned long end)
1096 if (!capable(CAP_SYS_ADMIN))
1100 for (; start < end; start += size) {
1105 ret = get_user_pages_fast(start, 1, 0, &page);
1108 pfn = page_to_pfn(page);
1111 * When soft offlining hugepages, after migrating the page
1112 * we dissolve it, therefore in the second loop "page" will
1113 * no longer be a compound page.
1115 size = page_size(compound_head(page));
1117 if (behavior == MADV_SOFT_OFFLINE) {
1118 pr_info("Soft offlining pfn %#lx at process virtual address %#lx\n",
1120 ret = soft_offline_page(pfn, MF_COUNT_INCREASED);
1122 pr_info("Injecting memory failure for pfn %#lx at process virtual address %#lx\n",
1124 ret = memory_failure(pfn, MF_COUNT_INCREASED | MF_SW_SIMULATED);
1125 if (ret == -EOPNOTSUPP)
1138 madvise_behavior_valid(int behavior)
1144 case MADV_SEQUENTIAL:
1149 case MADV_DONTNEED_LOCKED:
1153 case MADV_POPULATE_READ:
1154 case MADV_POPULATE_WRITE:
1156 case MADV_MERGEABLE:
1157 case MADV_UNMERGEABLE:
1159 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
1161 case MADV_NOHUGEPAGE:
1166 case MADV_WIPEONFORK:
1167 case MADV_KEEPONFORK:
1168 #ifdef CONFIG_MEMORY_FAILURE
1169 case MADV_SOFT_OFFLINE:
1179 static bool process_madvise_behavior_valid(int behavior)
1193 * Walk the vmas in range [start,end), and call the visit function on each one.
1194 * The visit function will get start and end parameters that cover the overlap
1195 * between the current vma and the original range. Any unmapped regions in the
1196 * original range will result in this function returning -ENOMEM while still
1197 * calling the visit function on all of the existing vmas in the range.
1198 * Must be called with the mmap_lock held for reading or writing.
1201 int madvise_walk_vmas(struct mm_struct *mm, unsigned long start,
1202 unsigned long end, unsigned long arg,
1203 int (*visit)(struct vm_area_struct *vma,
1204 struct vm_area_struct **prev, unsigned long start,
1205 unsigned long end, unsigned long arg))
1207 struct vm_area_struct *vma;
1208 struct vm_area_struct *prev;
1210 int unmapped_error = 0;
1213 * If the interval [start,end) covers some unmapped address
1214 * ranges, just ignore them, but return -ENOMEM at the end.
1215 * - different from the way of handling in mlock etc.
1217 vma = find_vma_prev(mm, start, &prev);
1218 if (vma && start > vma->vm_start)
1224 /* Still start < end. */
1228 /* Here start < (end|vma->vm_end). */
1229 if (start < vma->vm_start) {
1230 unmapped_error = -ENOMEM;
1231 start = vma->vm_start;
1236 /* Here vma->vm_start <= start < (end|vma->vm_end) */
1241 /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */
1242 error = visit(vma, &prev, start, tmp, arg);
1246 if (prev && start < prev->vm_end)
1247 start = prev->vm_end;
1251 vma = find_vma(mm, prev->vm_end);
1252 else /* madvise_remove dropped mmap_lock */
1253 vma = find_vma(mm, start);
1256 return unmapped_error;
1259 #ifdef CONFIG_ANON_VMA_NAME
1260 static int madvise_vma_anon_name(struct vm_area_struct *vma,
1261 struct vm_area_struct **prev,
1262 unsigned long start, unsigned long end,
1263 unsigned long anon_name)
1267 /* Only anonymous mappings can be named */
1268 if (vma->vm_file && !vma_is_anon_shmem(vma))
1271 error = madvise_update_vma(vma, prev, start, end, vma->vm_flags,
1272 (struct anon_vma_name *)anon_name);
1275 * madvise() returns EAGAIN if kernel resources, such as
1276 * slab, are temporarily unavailable.
1278 if (error == -ENOMEM)
1283 int madvise_set_anon_name(struct mm_struct *mm, unsigned long start,
1284 unsigned long len_in, struct anon_vma_name *anon_name)
1289 if (start & ~PAGE_MASK)
1291 len = (len_in + ~PAGE_MASK) & PAGE_MASK;
1293 /* Check to see whether len was rounded up from small -ve to zero */
1304 return madvise_walk_vmas(mm, start, end, (unsigned long)anon_name,
1305 madvise_vma_anon_name);
1307 #endif /* CONFIG_ANON_VMA_NAME */
1309 * The madvise(2) system call.
1311 * Applications can use madvise() to advise the kernel how it should
1312 * handle paging I/O in this VM area. The idea is to help the kernel
1313 * use appropriate read-ahead and caching techniques. The information
1314 * provided is advisory only, and can be safely disregarded by the
1315 * kernel without affecting the correct operation of the application.
1318 * MADV_NORMAL - the default behavior is to read clusters. This
1319 * results in some read-ahead and read-behind.
1320 * MADV_RANDOM - the system should read the minimum amount of data
1321 * on any access, since it is unlikely that the appli-
1322 * cation will need more than what it asks for.
1323 * MADV_SEQUENTIAL - pages in the given range will probably be accessed
1324 * once, so they can be aggressively read ahead, and
1325 * can be freed soon after they are accessed.
1326 * MADV_WILLNEED - the application is notifying the system to read
1328 * MADV_DONTNEED - the application is finished with the given range,
1329 * so the kernel can free resources associated with it.
1330 * MADV_FREE - the application marks pages in the given range as lazy free,
1331 * where actual purges are postponed until memory pressure happens.
1332 * MADV_REMOVE - the application wants to free up the given range of
1333 * pages and associated backing store.
1334 * MADV_DONTFORK - omit this area from child's address space when forking:
1335 * typically, to avoid COWing pages pinned by get_user_pages().
1336 * MADV_DOFORK - cancel MADV_DONTFORK: no longer omit this area when forking.
1337 * MADV_WIPEONFORK - present the child process with zero-filled memory in this
1338 * range after a fork.
1339 * MADV_KEEPONFORK - undo the effect of MADV_WIPEONFORK
1340 * MADV_HWPOISON - trigger memory error handler as if the given memory range
1341 * were corrupted by unrecoverable hardware memory failure.
1342 * MADV_SOFT_OFFLINE - try to soft-offline the given range of memory.
1343 * MADV_MERGEABLE - the application recommends that KSM try to merge pages in
1344 * this area with pages of identical content from other such areas.
1345 * MADV_UNMERGEABLE- cancel MADV_MERGEABLE: no longer merge pages with others.
1346 * MADV_HUGEPAGE - the application wants to back the given range by transparent
1347 * huge pages in the future. Existing pages might be coalesced and
1348 * new pages might be allocated as THP.
1349 * MADV_NOHUGEPAGE - mark the given range as not worth being backed by
1350 * transparent huge pages so the existing pages will not be
1351 * coalesced into THP and new pages will not be allocated as THP.
1352 * MADV_COLLAPSE - synchronously coalesce pages into new THP.
1353 * MADV_DONTDUMP - the application wants to prevent pages in the given range
1354 * from being included in its core dump.
1355 * MADV_DODUMP - cancel MADV_DONTDUMP: no longer exclude from core dump.
1356 * MADV_COLD - the application is not expected to use this memory soon,
1357 * deactivate pages in this range so that they can be reclaimed
1358 * easily if memory pressure happens.
1359 * MADV_PAGEOUT - the application is not expected to use this memory soon,
1360 * page out the pages in this range immediately.
1361 * MADV_POPULATE_READ - populate (prefault) page tables readable by
1362 * triggering read faults if required
1363 * MADV_POPULATE_WRITE - populate (prefault) page tables writable by
1364 * triggering write faults if required
1368 * -EINVAL - start + len < 0, start is not page-aligned,
1369 * "behavior" is not a valid value, or application
1370 * is attempting to release locked or shared pages,
1371 * or the specified address range includes file, Huge TLB,
1372 * MAP_SHARED or VMPFNMAP range.
1373 * -ENOMEM - addresses in the specified range are not currently
1374 * mapped, or are outside the AS of the process.
1375 * -EIO - an I/O error occurred while paging in data.
1376 * -EBADF - map exists, but area maps something that isn't a file.
1377 * -EAGAIN - a kernel resource was temporarily unavailable.
1379 int do_madvise(struct mm_struct *mm, unsigned long start, size_t len_in, int behavior)
1385 struct blk_plug plug;
1387 if (!madvise_behavior_valid(behavior))
1390 if (!PAGE_ALIGNED(start))
1392 len = PAGE_ALIGN(len_in);
1394 /* Check to see whether len was rounded up from small -ve to zero */
1405 #ifdef CONFIG_MEMORY_FAILURE
1406 if (behavior == MADV_HWPOISON || behavior == MADV_SOFT_OFFLINE)
1407 return madvise_inject_error(behavior, start, start + len_in);
1410 write = madvise_need_mmap_write(behavior);
1412 if (mmap_write_lock_killable(mm))
1418 start = untagged_addr_remote(mm, start);
1421 blk_start_plug(&plug);
1423 case MADV_POPULATE_READ:
1424 case MADV_POPULATE_WRITE:
1425 error = madvise_populate(mm, start, end, behavior);
1428 error = madvise_walk_vmas(mm, start, end, behavior,
1429 madvise_vma_behavior);
1432 blk_finish_plug(&plug);
1434 mmap_write_unlock(mm);
1436 mmap_read_unlock(mm);
1441 SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
1443 return do_madvise(current->mm, start, len_in, behavior);
1446 SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec,
1447 size_t, vlen, int, behavior, unsigned int, flags)
1450 struct iovec iovstack[UIO_FASTIOV];
1451 struct iovec *iov = iovstack;
1452 struct iov_iter iter;
1453 struct task_struct *task;
1454 struct mm_struct *mm;
1456 unsigned int f_flags;
1463 ret = import_iovec(ITER_DEST, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
1467 task = pidfd_get_task(pidfd, &f_flags);
1469 ret = PTR_ERR(task);
1473 if (!process_madvise_behavior_valid(behavior)) {
1478 /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */
1479 mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
1480 if (IS_ERR_OR_NULL(mm)) {
1481 ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
1486 * Require CAP_SYS_NICE for influencing process performance. Note that
1487 * only non-destructive hints are currently supported.
1489 if (!capable(CAP_SYS_NICE)) {
1494 total_len = iov_iter_count(&iter);
1496 while (iov_iter_count(&iter)) {
1497 ret = do_madvise(mm, (unsigned long)iter_iov_addr(&iter),
1498 iter_iov_len(&iter), behavior);
1501 iov_iter_advance(&iter, iter_iov_len(&iter));
1504 ret = (total_len - iov_iter_count(&iter)) ? : ret;
1509 put_task_struct(task);
projects / linux.git / blob