1 #include <linux/kernel.h>
2 #include <linux/errno.h>
4 #include <linux/spinlock.h>
7 #include <linux/memremap.h>
8 #include <linux/pagemap.h>
9 #include <linux/rmap.h>
10 #include <linux/swap.h>
11 #include <linux/swapops.h>
13 #include <linux/sched/signal.h>
14 #include <linux/rwsem.h>
15 #include <linux/hugetlb.h>
17 #include <asm/mmu_context.h>
18 #include <asm/pgtable.h>
19 #include <asm/tlbflush.h>
23 struct follow_page_context {
24 struct dev_pagemap *pgmap;
25 unsigned int page_mask;
28 static struct page *no_page_table(struct vm_area_struct *vma,
32 * When core dumping an enormous anonymous area that nobody
33 * has touched so far, we don't want to allocate unnecessary pages or
34 * page tables. Return error instead of NULL to skip handle_mm_fault,
35 * then get_dump_page() will return NULL to leave a hole in the dump.
36 * But we can only make this optimization where a hole would surely
37 * be zero-filled if handle_mm_fault() actually did handle it.
39 if ((flags & FOLL_DUMP) && (!vma->vm_ops || !vma->vm_ops->fault))
40 return ERR_PTR(-EFAULT);
44 static int follow_pfn_pte(struct vm_area_struct *vma, unsigned long address,
45 pte_t *pte, unsigned int flags)
47 /* No page to get reference */
51 if (flags & FOLL_TOUCH) {
54 if (flags & FOLL_WRITE)
55 entry = pte_mkdirty(entry);
56 entry = pte_mkyoung(entry);
58 if (!pte_same(*pte, entry)) {
59 set_pte_at(vma->vm_mm, address, pte, entry);
60 update_mmu_cache(vma, address, pte);
64 /* Proper page table entry exists, but no corresponding struct page */
69 * FOLL_FORCE can write to even unwritable pte's, but only
70 * after we've gone through a COW cycle and they are dirty.
72 static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
74 return pte_write(pte) ||
75 ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
78 static struct page *follow_page_pte(struct vm_area_struct *vma,
79 unsigned long address, pmd_t *pmd, unsigned int flags,
80 struct dev_pagemap **pgmap)
82 struct mm_struct *mm = vma->vm_mm;
88 if (unlikely(pmd_bad(*pmd)))
89 return no_page_table(vma, flags);
91 ptep = pte_offset_map_lock(mm, pmd, address, &ptl);
93 if (!pte_present(pte)) {
96 * KSM's break_ksm() relies upon recognizing a ksm page
97 * even while it is being migrated, so for that case we
98 * need migration_entry_wait().
100 if (likely(!(flags & FOLL_MIGRATION)))
104 entry = pte_to_swp_entry(pte);
105 if (!is_migration_entry(entry))
107 pte_unmap_unlock(ptep, ptl);
108 migration_entry_wait(mm, pmd, address);
111 if ((flags & FOLL_NUMA) && pte_protnone(pte))
113 if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) {
114 pte_unmap_unlock(ptep, ptl);
118 page = vm_normal_page(vma, address, pte);
119 if (!page && pte_devmap(pte) && (flags & FOLL_GET)) {
121 * Only return device mapping pages in the FOLL_GET case since
122 * they are only valid while holding the pgmap reference.
124 *pgmap = get_dev_pagemap(pte_pfn(pte), *pgmap);
126 page = pte_page(pte);
129 } else if (unlikely(!page)) {
130 if (flags & FOLL_DUMP) {
131 /* Avoid special (like zero) pages in core dumps */
132 page = ERR_PTR(-EFAULT);
136 if (is_zero_pfn(pte_pfn(pte))) {
137 page = pte_page(pte);
141 ret = follow_pfn_pte(vma, address, ptep, flags);
147 if (flags & FOLL_SPLIT && PageTransCompound(page)) {
150 pte_unmap_unlock(ptep, ptl);
152 ret = split_huge_page(page);
160 if (flags & FOLL_GET) {
161 if (unlikely(!try_get_page(page))) {
162 page = ERR_PTR(-ENOMEM);
166 if (flags & FOLL_TOUCH) {
167 if ((flags & FOLL_WRITE) &&
168 !pte_dirty(pte) && !PageDirty(page))
169 set_page_dirty(page);
171 * pte_mkyoung() would be more correct here, but atomic care
172 * is needed to avoid losing the dirty bit: it is easier to use
173 * mark_page_accessed().
175 mark_page_accessed(page);
177 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
178 /* Do not mlock pte-mapped THP */
179 if (PageTransCompound(page))
183 * The preliminary mapping check is mainly to avoid the
184 * pointless overhead of lock_page on the ZERO_PAGE
185 * which might bounce very badly if there is contention.
187 * If the page is already locked, we don't need to
188 * handle it now - vmscan will handle it later if and
189 * when it attempts to reclaim the page.
191 if (page->mapping && trylock_page(page)) {
192 lru_add_drain(); /* push cached pages to LRU */
194 * Because we lock page here, and migration is
195 * blocked by the pte's page reference, and we
196 * know the page is still mapped, we don't even
197 * need to check for file-cache page truncation.
199 mlock_vma_page(page);
204 pte_unmap_unlock(ptep, ptl);
207 pte_unmap_unlock(ptep, ptl);
210 return no_page_table(vma, flags);
213 static struct page *follow_pmd_mask(struct vm_area_struct *vma,
214 unsigned long address, pud_t *pudp,
216 struct follow_page_context *ctx)
221 struct mm_struct *mm = vma->vm_mm;
223 pmd = pmd_offset(pudp, address);
225 * The READ_ONCE() will stabilize the pmdval in a register or
226 * on the stack so that it will stop changing under the code.
228 pmdval = READ_ONCE(*pmd);
229 if (pmd_none(pmdval))
230 return no_page_table(vma, flags);
231 if (pmd_huge(pmdval) && vma->vm_flags & VM_HUGETLB) {
232 page = follow_huge_pmd(mm, address, pmd, flags);
235 return no_page_table(vma, flags);
237 if (is_hugepd(__hugepd(pmd_val(pmdval)))) {
238 page = follow_huge_pd(vma, address,
239 __hugepd(pmd_val(pmdval)), flags,
243 return no_page_table(vma, flags);
246 if (!pmd_present(pmdval)) {
247 if (likely(!(flags & FOLL_MIGRATION)))
248 return no_page_table(vma, flags);
249 VM_BUG_ON(thp_migration_supported() &&
250 !is_pmd_migration_entry(pmdval));
251 if (is_pmd_migration_entry(pmdval))
252 pmd_migration_entry_wait(mm, pmd);
253 pmdval = READ_ONCE(*pmd);
255 * MADV_DONTNEED may convert the pmd to null because
256 * mmap_sem is held in read mode
258 if (pmd_none(pmdval))
259 return no_page_table(vma, flags);
262 if (pmd_devmap(pmdval)) {
263 ptl = pmd_lock(mm, pmd);
264 page = follow_devmap_pmd(vma, address, pmd, flags, &ctx->pgmap);
269 if (likely(!pmd_trans_huge(pmdval)))
270 return follow_page_pte(vma, address, pmd, flags, &ctx->pgmap);
272 if ((flags & FOLL_NUMA) && pmd_protnone(pmdval))
273 return no_page_table(vma, flags);
276 ptl = pmd_lock(mm, pmd);
277 if (unlikely(pmd_none(*pmd))) {
279 return no_page_table(vma, flags);
281 if (unlikely(!pmd_present(*pmd))) {
283 if (likely(!(flags & FOLL_MIGRATION)))
284 return no_page_table(vma, flags);
285 pmd_migration_entry_wait(mm, pmd);
288 if (unlikely(!pmd_trans_huge(*pmd))) {
290 return follow_page_pte(vma, address, pmd, flags, &ctx->pgmap);
292 if (flags & FOLL_SPLIT) {
294 page = pmd_page(*pmd);
295 if (is_huge_zero_page(page)) {
298 split_huge_pmd(vma, pmd, address);
299 if (pmd_trans_unstable(pmd))
302 if (unlikely(!try_get_page(page))) {
304 return ERR_PTR(-ENOMEM);
308 ret = split_huge_page(page);
312 return no_page_table(vma, flags);
315 return ret ? ERR_PTR(ret) :
316 follow_page_pte(vma, address, pmd, flags, &ctx->pgmap);
318 page = follow_trans_huge_pmd(vma, address, pmd, flags);
320 ctx->page_mask = HPAGE_PMD_NR - 1;
324 static struct page *follow_pud_mask(struct vm_area_struct *vma,
325 unsigned long address, p4d_t *p4dp,
327 struct follow_page_context *ctx)
332 struct mm_struct *mm = vma->vm_mm;
334 pud = pud_offset(p4dp, address);
336 return no_page_table(vma, flags);
337 if (pud_huge(*pud) && vma->vm_flags & VM_HUGETLB) {
338 page = follow_huge_pud(mm, address, pud, flags);
341 return no_page_table(vma, flags);
343 if (is_hugepd(__hugepd(pud_val(*pud)))) {
344 page = follow_huge_pd(vma, address,
345 __hugepd(pud_val(*pud)), flags,
349 return no_page_table(vma, flags);
351 if (pud_devmap(*pud)) {
352 ptl = pud_lock(mm, pud);
353 page = follow_devmap_pud(vma, address, pud, flags, &ctx->pgmap);
358 if (unlikely(pud_bad(*pud)))
359 return no_page_table(vma, flags);
361 return follow_pmd_mask(vma, address, pud, flags, ctx);
364 static struct page *follow_p4d_mask(struct vm_area_struct *vma,
365 unsigned long address, pgd_t *pgdp,
367 struct follow_page_context *ctx)
372 p4d = p4d_offset(pgdp, address);
374 return no_page_table(vma, flags);
375 BUILD_BUG_ON(p4d_huge(*p4d));
376 if (unlikely(p4d_bad(*p4d)))
377 return no_page_table(vma, flags);
379 if (is_hugepd(__hugepd(p4d_val(*p4d)))) {
380 page = follow_huge_pd(vma, address,
381 __hugepd(p4d_val(*p4d)), flags,
385 return no_page_table(vma, flags);
387 return follow_pud_mask(vma, address, p4d, flags, ctx);
391 * follow_page_mask - look up a page descriptor from a user-virtual address
392 * @vma: vm_area_struct mapping @address
393 * @address: virtual address to look up
394 * @flags: flags modifying lookup behaviour
395 * @ctx: contains dev_pagemap for %ZONE_DEVICE memory pinning and a
396 * pointer to output page_mask
398 * @flags can have FOLL_ flags set, defined in <linux/mm.h>
400 * When getting pages from ZONE_DEVICE memory, the @ctx->pgmap caches
401 * the device's dev_pagemap metadata to avoid repeating expensive lookups.
403 * On output, the @ctx->page_mask is set according to the size of the page.
405 * Return: the mapped (struct page *), %NULL if no mapping exists, or
406 * an error pointer if there is a mapping to something not represented
407 * by a page descriptor (see also vm_normal_page()).
409 struct page *follow_page_mask(struct vm_area_struct *vma,
410 unsigned long address, unsigned int flags,
411 struct follow_page_context *ctx)
415 struct mm_struct *mm = vma->vm_mm;
419 /* make this handle hugepd */
420 page = follow_huge_addr(mm, address, flags & FOLL_WRITE);
422 BUG_ON(flags & FOLL_GET);
426 pgd = pgd_offset(mm, address);
428 if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
429 return no_page_table(vma, flags);
431 if (pgd_huge(*pgd)) {
432 page = follow_huge_pgd(mm, address, pgd, flags);
435 return no_page_table(vma, flags);
437 if (is_hugepd(__hugepd(pgd_val(*pgd)))) {
438 page = follow_huge_pd(vma, address,
439 __hugepd(pgd_val(*pgd)), flags,
443 return no_page_table(vma, flags);
446 return follow_p4d_mask(vma, address, pgd, flags, ctx);
449 struct page *follow_page(struct vm_area_struct *vma, unsigned long address,
450 unsigned int foll_flags)
452 struct follow_page_context ctx = { NULL };
455 page = follow_page_mask(vma, address, foll_flags, &ctx);
457 put_dev_pagemap(ctx.pgmap);
461 static int get_gate_page(struct mm_struct *mm, unsigned long address,
462 unsigned int gup_flags, struct vm_area_struct **vma,
472 /* user gate pages are read-only */
473 if (gup_flags & FOLL_WRITE)
475 if (address > TASK_SIZE)
476 pgd = pgd_offset_k(address);
478 pgd = pgd_offset_gate(mm, address);
479 BUG_ON(pgd_none(*pgd));
480 p4d = p4d_offset(pgd, address);
481 BUG_ON(p4d_none(*p4d));
482 pud = pud_offset(p4d, address);
483 BUG_ON(pud_none(*pud));
484 pmd = pmd_offset(pud, address);
485 if (!pmd_present(*pmd))
487 VM_BUG_ON(pmd_trans_huge(*pmd));
488 pte = pte_offset_map(pmd, address);
491 *vma = get_gate_vma(mm);
494 *page = vm_normal_page(*vma, address, *pte);
496 if ((gup_flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(*pte)))
498 *page = pte_page(*pte);
501 * This should never happen (a device public page in the gate
504 if (is_device_public_page(*page))
507 if (unlikely(!try_get_page(*page))) {
519 * mmap_sem must be held on entry. If @nonblocking != NULL and
520 * *@flags does not include FOLL_NOWAIT, the mmap_sem may be released.
521 * If it is, *@nonblocking will be set to 0 and -EBUSY returned.
523 static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
524 unsigned long address, unsigned int *flags, int *nonblocking)
526 unsigned int fault_flags = 0;
529 /* mlock all present pages, but do not fault in new pages */
530 if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK)
532 if (*flags & FOLL_WRITE)
533 fault_flags |= FAULT_FLAG_WRITE;
534 if (*flags & FOLL_REMOTE)
535 fault_flags |= FAULT_FLAG_REMOTE;
537 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
538 if (*flags & FOLL_NOWAIT)
539 fault_flags |= FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT;
540 if (*flags & FOLL_TRIED) {
541 VM_WARN_ON_ONCE(fault_flags & FAULT_FLAG_ALLOW_RETRY);
542 fault_flags |= FAULT_FLAG_TRIED;
545 ret = handle_mm_fault(vma, address, fault_flags);
546 if (ret & VM_FAULT_ERROR) {
547 int err = vm_fault_to_errno(ret, *flags);
555 if (ret & VM_FAULT_MAJOR)
561 if (ret & VM_FAULT_RETRY) {
562 if (nonblocking && !(fault_flags & FAULT_FLAG_RETRY_NOWAIT))
568 * The VM_FAULT_WRITE bit tells us that do_wp_page has broken COW when
569 * necessary, even if maybe_mkwrite decided not to set pte_write. We
570 * can thus safely do subsequent page lookups as if they were reads.
571 * But only do so when looping for pte_write is futile: in some cases
572 * userspace may also be wanting to write to the gotten user page,
573 * which a read fault here might prevent (a readonly page might get
574 * reCOWed by userspace write).
576 if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE))
581 static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
583 vm_flags_t vm_flags = vma->vm_flags;
584 int write = (gup_flags & FOLL_WRITE);
585 int foreign = (gup_flags & FOLL_REMOTE);
587 if (vm_flags & (VM_IO | VM_PFNMAP))
590 if (gup_flags & FOLL_ANON && !vma_is_anonymous(vma))
594 if (!(vm_flags & VM_WRITE)) {
595 if (!(gup_flags & FOLL_FORCE))
598 * We used to let the write,force case do COW in a
599 * VM_MAYWRITE VM_SHARED !VM_WRITE vma, so ptrace could
600 * set a breakpoint in a read-only mapping of an
601 * executable, without corrupting the file (yet only
602 * when that file had been opened for writing!).
603 * Anon pages in shared mappings are surprising: now
606 if (!is_cow_mapping(vm_flags))
609 } else if (!(vm_flags & VM_READ)) {
610 if (!(gup_flags & FOLL_FORCE))
613 * Is there actually any vma we can reach here which does not
614 * have VM_MAYREAD set?
616 if (!(vm_flags & VM_MAYREAD))
620 * gups are always data accesses, not instruction
621 * fetches, so execute=false here
623 if (!arch_vma_access_permitted(vma, write, false, foreign))
629 * __get_user_pages() - pin user pages in memory
630 * @tsk: task_struct of target task
631 * @mm: mm_struct of target mm
632 * @start: starting user address
633 * @nr_pages: number of pages from start to pin
634 * @gup_flags: flags modifying pin behaviour
635 * @pages: array that receives pointers to the pages pinned.
636 * Should be at least nr_pages long. Or NULL, if caller
637 * only intends to ensure the pages are faulted in.
638 * @vmas: array of pointers to vmas corresponding to each page.
639 * Or NULL if the caller does not require them.
640 * @nonblocking: whether waiting for disk IO or mmap_sem contention
642 * Returns number of pages pinned. This may be fewer than the number
643 * requested. If nr_pages is 0 or negative, returns 0. If no pages
644 * were pinned, returns -errno. Each page returned must be released
645 * with a put_page() call when it is finished with. vmas will only
646 * remain valid while mmap_sem is held.
648 * Must be called with mmap_sem held. It may be released. See below.
650 * __get_user_pages walks a process's page tables and takes a reference to
651 * each struct page that each user address corresponds to at a given
652 * instant. That is, it takes the page that would be accessed if a user
653 * thread accesses the given user virtual address at that instant.
655 * This does not guarantee that the page exists in the user mappings when
656 * __get_user_pages returns, and there may even be a completely different
657 * page there in some cases (eg. if mmapped pagecache has been invalidated
658 * and subsequently re faulted). However it does guarantee that the page
659 * won't be freed completely. And mostly callers simply care that the page
660 * contains data that was valid *at some point in time*. Typically, an IO
661 * or similar operation cannot guarantee anything stronger anyway because
662 * locks can't be held over the syscall boundary.
664 * If @gup_flags & FOLL_WRITE == 0, the page must not be written to. If
665 * the page is written to, set_page_dirty (or set_page_dirty_lock, as
666 * appropriate) must be called after the page is finished with, and
667 * before put_page is called.
669 * If @nonblocking != NULL, __get_user_pages will not wait for disk IO
670 * or mmap_sem contention, and if waiting is needed to pin all pages,
671 * *@nonblocking will be set to 0. Further, if @gup_flags does not
672 * include FOLL_NOWAIT, the mmap_sem will be released via up_read() in
675 * A caller using such a combination of @nonblocking and @gup_flags
676 * must therefore hold the mmap_sem for reading only, and recognize
677 * when it's been released. Otherwise, it must be held for either
678 * reading or writing and will not be released.
680 * In most cases, get_user_pages or get_user_pages_fast should be used
681 * instead of __get_user_pages. __get_user_pages should be used only if
682 * you need some special @gup_flags.
684 static long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
685 unsigned long start, unsigned long nr_pages,
686 unsigned int gup_flags, struct page **pages,
687 struct vm_area_struct **vmas, int *nonblocking)
690 struct vm_area_struct *vma = NULL;
691 struct follow_page_context ctx = { NULL };
696 VM_BUG_ON(!!pages != !!(gup_flags & FOLL_GET));
699 * If FOLL_FORCE is set then do not force a full fault as the hinting
700 * fault information is unrelated to the reference behaviour of a task
701 * using the address space
703 if (!(gup_flags & FOLL_FORCE))
704 gup_flags |= FOLL_NUMA;
708 unsigned int foll_flags = gup_flags;
709 unsigned int page_increm;
711 /* first iteration or cross vma bound */
712 if (!vma || start >= vma->vm_end) {
713 vma = find_extend_vma(mm, start);
714 if (!vma && in_gate_area(mm, start)) {
715 ret = get_gate_page(mm, start & PAGE_MASK,
717 pages ? &pages[i] : NULL);
724 if (!vma || check_vma_flags(vma, gup_flags)) {
728 if (is_vm_hugetlb_page(vma)) {
729 i = follow_hugetlb_page(mm, vma, pages, vmas,
730 &start, &nr_pages, i,
731 gup_flags, nonblocking);
737 * If we have a pending SIGKILL, don't keep faulting pages and
738 * potentially allocating memory.
740 if (fatal_signal_pending(current)) {
746 page = follow_page_mask(vma, start, foll_flags, &ctx);
748 ret = faultin_page(tsk, vma, start, &foll_flags,
764 } else if (PTR_ERR(page) == -EEXIST) {
766 * Proper page table entry exists, but no corresponding
770 } else if (IS_ERR(page)) {
776 flush_anon_page(vma, page, start);
777 flush_dcache_page(page);
785 page_increm = 1 + (~(start >> PAGE_SHIFT) & ctx.page_mask);
786 if (page_increm > nr_pages)
787 page_increm = nr_pages;
789 start += page_increm * PAGE_SIZE;
790 nr_pages -= page_increm;
794 put_dev_pagemap(ctx.pgmap);
798 static bool vma_permits_fault(struct vm_area_struct *vma,
799 unsigned int fault_flags)
801 bool write = !!(fault_flags & FAULT_FLAG_WRITE);
802 bool foreign = !!(fault_flags & FAULT_FLAG_REMOTE);
803 vm_flags_t vm_flags = write ? VM_WRITE : VM_READ;
805 if (!(vm_flags & vma->vm_flags))
809 * The architecture might have a hardware protection
810 * mechanism other than read/write that can deny access.
812 * gup always represents data access, not instruction
813 * fetches, so execute=false here:
815 if (!arch_vma_access_permitted(vma, write, false, foreign))
822 * fixup_user_fault() - manually resolve a user page fault
823 * @tsk: the task_struct to use for page fault accounting, or
824 * NULL if faults are not to be recorded.
825 * @mm: mm_struct of target mm
826 * @address: user address
827 * @fault_flags:flags to pass down to handle_mm_fault()
828 * @unlocked: did we unlock the mmap_sem while retrying, maybe NULL if caller
829 * does not allow retry
831 * This is meant to be called in the specific scenario where for locking reasons
832 * we try to access user memory in atomic context (within a pagefault_disable()
833 * section), this returns -EFAULT, and we want to resolve the user fault before
836 * Typically this is meant to be used by the futex code.
838 * The main difference with get_user_pages() is that this function will
839 * unconditionally call handle_mm_fault() which will in turn perform all the
840 * necessary SW fixup of the dirty and young bits in the PTE, while
841 * get_user_pages() only guarantees to update these in the struct page.
843 * This is important for some architectures where those bits also gate the
844 * access permission to the page because they are maintained in software. On
845 * such architectures, gup() will not be enough to make a subsequent access
848 * This function will not return with an unlocked mmap_sem. So it has not the
849 * same semantics wrt the @mm->mmap_sem as does filemap_fault().
851 int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
852 unsigned long address, unsigned int fault_flags,
855 struct vm_area_struct *vma;
856 vm_fault_t ret, major = 0;
859 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
862 vma = find_extend_vma(mm, address);
863 if (!vma || address < vma->vm_start)
866 if (!vma_permits_fault(vma, fault_flags))
869 ret = handle_mm_fault(vma, address, fault_flags);
870 major |= ret & VM_FAULT_MAJOR;
871 if (ret & VM_FAULT_ERROR) {
872 int err = vm_fault_to_errno(ret, 0);
879 if (ret & VM_FAULT_RETRY) {
880 down_read(&mm->mmap_sem);
881 if (!(fault_flags & FAULT_FLAG_TRIED)) {
883 fault_flags &= ~FAULT_FLAG_ALLOW_RETRY;
884 fault_flags |= FAULT_FLAG_TRIED;
897 EXPORT_SYMBOL_GPL(fixup_user_fault);
899 static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
900 struct mm_struct *mm,
902 unsigned long nr_pages,
904 struct vm_area_struct **vmas,
908 long ret, pages_done;
912 /* if VM_FAULT_RETRY can be returned, vmas become invalid */
914 /* check caller initialized locked */
915 BUG_ON(*locked != 1);
922 lock_dropped = false;
924 ret = __get_user_pages(tsk, mm, start, nr_pages, flags, pages,
927 /* VM_FAULT_RETRY couldn't trigger, bypass */
930 /* VM_FAULT_RETRY cannot return errors */
933 BUG_ON(ret >= nr_pages);
937 /* If it's a prefault don't insist harder */
948 * VM_FAULT_RETRY didn't trigger or it was a
955 /* VM_FAULT_RETRY triggered, so seek to the faulting offset */
957 start += ret << PAGE_SHIFT;
960 * Repeat on the address that fired VM_FAULT_RETRY
961 * without FAULT_FLAG_ALLOW_RETRY but with
966 down_read(&mm->mmap_sem);
967 ret = __get_user_pages(tsk, mm, start, 1, flags | FOLL_TRIED,
982 if (lock_dropped && *locked) {
984 * We must let the caller know we temporarily dropped the lock
985 * and so the critical section protected by it was lost.
987 up_read(&mm->mmap_sem);
994 * We can leverage the VM_FAULT_RETRY functionality in the page fault
995 * paths better by using either get_user_pages_locked() or
996 * get_user_pages_unlocked().
998 * get_user_pages_locked() is suitable to replace the form:
1000 * down_read(&mm->mmap_sem);
1002 * get_user_pages(tsk, mm, ..., pages, NULL);
1003 * up_read(&mm->mmap_sem);
1008 * down_read(&mm->mmap_sem);
1010 * get_user_pages_locked(tsk, mm, ..., pages, &locked);
1012 * up_read(&mm->mmap_sem);
1014 long get_user_pages_locked(unsigned long start, unsigned long nr_pages,
1015 unsigned int gup_flags, struct page **pages,
1018 return __get_user_pages_locked(current, current->mm, start, nr_pages,
1019 pages, NULL, locked,
1020 gup_flags | FOLL_TOUCH);
1022 EXPORT_SYMBOL(get_user_pages_locked);
1025 * get_user_pages_unlocked() is suitable to replace the form:
1027 * down_read(&mm->mmap_sem);
1028 * get_user_pages(tsk, mm, ..., pages, NULL);
1029 * up_read(&mm->mmap_sem);
1033 * get_user_pages_unlocked(tsk, mm, ..., pages);
1035 * It is functionally equivalent to get_user_pages_fast so
1036 * get_user_pages_fast should be used instead if specific gup_flags
1037 * (e.g. FOLL_FORCE) are not required.
1039 long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages,
1040 struct page **pages, unsigned int gup_flags)
1042 struct mm_struct *mm = current->mm;
1046 down_read(&mm->mmap_sem);
1047 ret = __get_user_pages_locked(current, mm, start, nr_pages, pages, NULL,
1048 &locked, gup_flags | FOLL_TOUCH);
1050 up_read(&mm->mmap_sem);
1053 EXPORT_SYMBOL(get_user_pages_unlocked);
1056 * get_user_pages_remote() - pin user pages in memory
1057 * @tsk: the task_struct to use for page fault accounting, or
1058 * NULL if faults are not to be recorded.
1059 * @mm: mm_struct of target mm
1060 * @start: starting user address
1061 * @nr_pages: number of pages from start to pin
1062 * @gup_flags: flags modifying lookup behaviour
1063 * @pages: array that receives pointers to the pages pinned.
1064 * Should be at least nr_pages long. Or NULL, if caller
1065 * only intends to ensure the pages are faulted in.
1066 * @vmas: array of pointers to vmas corresponding to each page.
1067 * Or NULL if the caller does not require them.
1068 * @locked: pointer to lock flag indicating whether lock is held and
1069 * subsequently whether VM_FAULT_RETRY functionality can be
1070 * utilised. Lock must initially be held.
1072 * Returns number of pages pinned. This may be fewer than the number
1073 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1074 * were pinned, returns -errno. Each page returned must be released
1075 * with a put_page() call when it is finished with. vmas will only
1076 * remain valid while mmap_sem is held.
1078 * Must be called with mmap_sem held for read or write.
1080 * get_user_pages walks a process's page tables and takes a reference to
1081 * each struct page that each user address corresponds to at a given
1082 * instant. That is, it takes the page that would be accessed if a user
1083 * thread accesses the given user virtual address at that instant.
1085 * This does not guarantee that the page exists in the user mappings when
1086 * get_user_pages returns, and there may even be a completely different
1087 * page there in some cases (eg. if mmapped pagecache has been invalidated
1088 * and subsequently re faulted). However it does guarantee that the page
1089 * won't be freed completely. And mostly callers simply care that the page
1090 * contains data that was valid *at some point in time*. Typically, an IO
1091 * or similar operation cannot guarantee anything stronger anyway because
1092 * locks can't be held over the syscall boundary.
1094 * If gup_flags & FOLL_WRITE == 0, the page must not be written to. If the page
1095 * is written to, set_page_dirty (or set_page_dirty_lock, as appropriate) must
1096 * be called after the page is finished with, and before put_page is called.
1098 * get_user_pages is typically used for fewer-copy IO operations, to get a
1099 * handle on the memory by some means other than accesses via the user virtual
1100 * addresses. The pages may be submitted for DMA to devices or accessed via
1101 * their kernel linear mapping (via the kmap APIs). Care should be taken to
1102 * use the correct cache flushing APIs.
1104 * See also get_user_pages_fast, for performance critical applications.
1106 * get_user_pages should be phased out in favor of
1107 * get_user_pages_locked|unlocked or get_user_pages_fast. Nothing
1108 * should use get_user_pages because it cannot pass
1109 * FAULT_FLAG_ALLOW_RETRY to handle_mm_fault.
1111 long get_user_pages_remote(struct task_struct *tsk, struct mm_struct *mm,
1112 unsigned long start, unsigned long nr_pages,
1113 unsigned int gup_flags, struct page **pages,
1114 struct vm_area_struct **vmas, int *locked)
1116 return __get_user_pages_locked(tsk, mm, start, nr_pages, pages, vmas,
1118 gup_flags | FOLL_TOUCH | FOLL_REMOTE);
1120 EXPORT_SYMBOL(get_user_pages_remote);
1123 * This is the same as get_user_pages_remote(), just with a
1124 * less-flexible calling convention where we assume that the task
1125 * and mm being operated on are the current task's and don't allow
1126 * passing of a locked parameter. We also obviously don't pass
1127 * FOLL_REMOTE in here.
1129 long get_user_pages(unsigned long start, unsigned long nr_pages,
1130 unsigned int gup_flags, struct page **pages,
1131 struct vm_area_struct **vmas)
1133 return __get_user_pages_locked(current, current->mm, start, nr_pages,
1135 gup_flags | FOLL_TOUCH);
1137 EXPORT_SYMBOL(get_user_pages);
1139 #ifdef CONFIG_FS_DAX
1141 * This is the same as get_user_pages() in that it assumes we are
1142 * operating on the current task's mm, but it goes further to validate
1143 * that the vmas associated with the address range are suitable for
1144 * longterm elevated page reference counts. For example, filesystem-dax
1145 * mappings are subject to the lifetime enforced by the filesystem and
1146 * we need guarantees that longterm users like RDMA and V4L2 only
1147 * establish mappings that have a kernel enforced revocation mechanism.
1149 * "longterm" == userspace controlled elevated page count lifetime.
1150 * Contrast this to iov_iter_get_pages() usages which are transient.
1152 long get_user_pages_longterm(unsigned long start, unsigned long nr_pages,
1153 unsigned int gup_flags, struct page **pages,
1154 struct vm_area_struct **vmas_arg)
1156 struct vm_area_struct **vmas = vmas_arg;
1157 struct vm_area_struct *vma_prev = NULL;
1164 vmas = kcalloc(nr_pages, sizeof(struct vm_area_struct *),
1170 rc = get_user_pages(start, nr_pages, gup_flags, pages, vmas);
1172 for (i = 0; i < rc; i++) {
1173 struct vm_area_struct *vma = vmas[i];
1175 if (vma == vma_prev)
1180 if (vma_is_fsdax(vma))
1185 * Either get_user_pages() failed, or the vma validation
1186 * succeeded, in either case we don't need to put_page() before
1192 for (i = 0; i < rc; i++)
1196 if (vmas != vmas_arg)
1200 EXPORT_SYMBOL(get_user_pages_longterm);
1201 #endif /* CONFIG_FS_DAX */
1204 * populate_vma_page_range() - populate a range of pages in the vma.
1206 * @start: start address
1210 * This takes care of mlocking the pages too if VM_LOCKED is set.
1212 * return 0 on success, negative error code on error.
1214 * vma->vm_mm->mmap_sem must be held.
1216 * If @nonblocking is NULL, it may be held for read or write and will
1219 * If @nonblocking is non-NULL, it must held for read only and may be
1220 * released. If it's released, *@nonblocking will be set to 0.
1222 long populate_vma_page_range(struct vm_area_struct *vma,
1223 unsigned long start, unsigned long end, int *nonblocking)
1225 struct mm_struct *mm = vma->vm_mm;
1226 unsigned long nr_pages = (end - start) / PAGE_SIZE;
1229 VM_BUG_ON(start & ~PAGE_MASK);
1230 VM_BUG_ON(end & ~PAGE_MASK);
1231 VM_BUG_ON_VMA(start < vma->vm_start, vma);
1232 VM_BUG_ON_VMA(end > vma->vm_end, vma);
1233 VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_sem), mm);
1235 gup_flags = FOLL_TOUCH | FOLL_POPULATE | FOLL_MLOCK;
1236 if (vma->vm_flags & VM_LOCKONFAULT)
1237 gup_flags &= ~FOLL_POPULATE;
1239 * We want to touch writable mappings with a write fault in order
1240 * to break COW, except for shared mappings because these don't COW
1241 * and we would not want to dirty them for nothing.
1243 if ((vma->vm_flags & (VM_WRITE | VM_SHARED)) == VM_WRITE)
1244 gup_flags |= FOLL_WRITE;
1247 * We want mlock to succeed for regions that have any permissions
1248 * other than PROT_NONE.
1250 if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))
1251 gup_flags |= FOLL_FORCE;
1254 * We made sure addr is within a VMA, so the following will
1255 * not result in a stack expansion that recurses back here.
1257 return __get_user_pages(current, mm, start, nr_pages, gup_flags,
1258 NULL, NULL, nonblocking);
1262 * __mm_populate - populate and/or mlock pages within a range of address space.
1264 * This is used to implement mlock() and the MAP_POPULATE / MAP_LOCKED mmap
1265 * flags. VMAs must be already marked with the desired vm_flags, and
1266 * mmap_sem must not be held.
1268 int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
1270 struct mm_struct *mm = current->mm;
1271 unsigned long end, nstart, nend;
1272 struct vm_area_struct *vma = NULL;
1278 for (nstart = start; nstart < end; nstart = nend) {
1280 * We want to fault in pages for [nstart; end) address range.
1281 * Find first corresponding VMA.
1285 down_read(&mm->mmap_sem);
1286 vma = find_vma(mm, nstart);
1287 } else if (nstart >= vma->vm_end)
1289 if (!vma || vma->vm_start >= end)
1292 * Set [nstart; nend) to intersection of desired address
1293 * range with the first VMA. Also, skip undesirable VMA types.
1295 nend = min(end, vma->vm_end);
1296 if (vma->vm_flags & (VM_IO | VM_PFNMAP))
1298 if (nstart < vma->vm_start)
1299 nstart = vma->vm_start;
1301 * Now fault in a range of pages. populate_vma_page_range()
1302 * double checks the vma flags, so that it won't mlock pages
1303 * if the vma was already munlocked.
1305 ret = populate_vma_page_range(vma, nstart, nend, &locked);
1307 if (ignore_errors) {
1309 continue; /* continue at next VMA */
1313 nend = nstart + ret * PAGE_SIZE;
1317 up_read(&mm->mmap_sem);
1318 return ret; /* 0 or negative error code */
1322 * get_dump_page() - pin user page in memory while writing it to core dump
1323 * @addr: user address
1325 * Returns struct page pointer of user page pinned for dump,
1326 * to be freed afterwards by put_page().
1328 * Returns NULL on any kind of failure - a hole must then be inserted into
1329 * the corefile, to preserve alignment with its headers; and also returns
1330 * NULL wherever the ZERO_PAGE, or an anonymous pte_none, has been found -
1331 * allowing a hole to be left in the corefile to save diskspace.
1333 * Called without mmap_sem, but after all other threads have been killed.
1335 #ifdef CONFIG_ELF_CORE
1336 struct page *get_dump_page(unsigned long addr)
1338 struct vm_area_struct *vma;
1341 if (__get_user_pages(current, current->mm, addr, 1,
1342 FOLL_FORCE | FOLL_DUMP | FOLL_GET, &page, &vma,
1345 flush_cache_page(vma, addr, page_to_pfn(page));
1348 #endif /* CONFIG_ELF_CORE */
1353 * get_user_pages_fast attempts to pin user pages by walking the page
1354 * tables directly and avoids taking locks. Thus the walker needs to be
1355 * protected from page table pages being freed from under it, and should
1356 * block any THP splits.
1358 * One way to achieve this is to have the walker disable interrupts, and
1359 * rely on IPIs from the TLB flushing code blocking before the page table
1360 * pages are freed. This is unsuitable for architectures that do not need
1361 * to broadcast an IPI when invalidating TLBs.
1363 * Another way to achieve this is to batch up page table containing pages
1364 * belonging to more than one mm_user, then rcu_sched a callback to free those
1365 * pages. Disabling interrupts will allow the fast_gup walker to both block
1366 * the rcu_sched callback, and an IPI that we broadcast for splitting THPs
1367 * (which is a relatively rare event). The code below adopts this strategy.
1369 * Before activating this code, please be aware that the following assumptions
1370 * are currently made:
1372 * *) Either HAVE_RCU_TABLE_FREE is enabled, and tlb_remove_table() is used to
1373 * free pages containing page tables or TLB flushing requires IPI broadcast.
1375 * *) ptes can be read atomically by the architecture.
1377 * *) access_ok is sufficient to validate userspace address ranges.
1379 * The last two assumptions can be relaxed by the addition of helper functions.
1381 * This code is based heavily on the PowerPC implementation by Nick Piggin.
1383 #ifdef CONFIG_HAVE_GENERIC_GUP
1387 * We assume that the PTE can be read atomically. If this is not the case for
1388 * your architecture, please provide the helper.
1390 static inline pte_t gup_get_pte(pte_t *ptep)
1392 return READ_ONCE(*ptep);
1396 static void undo_dev_pagemap(int *nr, int nr_start, struct page **pages)
1398 while ((*nr) - nr_start) {
1399 struct page *page = pages[--(*nr)];
1401 ClearPageReferenced(page);
1407 * Return the compund head page with ref appropriately incremented,
1408 * or NULL if that failed.
1410 static inline struct page *try_get_compound_head(struct page *page, int refs)
1412 struct page *head = compound_head(page);
1413 if (WARN_ON_ONCE(page_ref_count(head) < 0))
1415 if (unlikely(!page_cache_add_speculative(head, refs)))
1420 #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
1421 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1422 int write, struct page **pages, int *nr)
1424 struct dev_pagemap *pgmap = NULL;
1425 int nr_start = *nr, ret = 0;
1428 ptem = ptep = pte_offset_map(&pmd, addr);
1430 pte_t pte = gup_get_pte(ptep);
1431 struct page *head, *page;
1434 * Similar to the PMD case below, NUMA hinting must take slow
1435 * path using the pte_protnone check.
1437 if (pte_protnone(pte))
1440 if (!pte_access_permitted(pte, write))
1443 if (pte_devmap(pte)) {
1444 pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
1445 if (unlikely(!pgmap)) {
1446 undo_dev_pagemap(nr, nr_start, pages);
1449 } else if (pte_special(pte))
1452 VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
1453 page = pte_page(pte);
1455 head = try_get_compound_head(page, 1);
1459 if (unlikely(pte_val(pte) != pte_val(*ptep))) {
1464 VM_BUG_ON_PAGE(compound_head(page) != head, page);
1466 SetPageReferenced(page);
1470 } while (ptep++, addr += PAGE_SIZE, addr != end);
1476 put_dev_pagemap(pgmap);
1483 * If we can't determine whether or not a pte is special, then fail immediately
1484 * for ptes. Note, we can still pin HugeTLB and THP as these are guaranteed not
1487 * For a futex to be placed on a THP tail page, get_futex_key requires a
1488 * __get_user_pages_fast implementation that can pin pages. Thus it's still
1489 * useful to have gup_huge_pmd even if we can't operate on ptes.
1491 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1492 int write, struct page **pages, int *nr)
1496 #endif /* CONFIG_ARCH_HAS_PTE_SPECIAL */
1498 #if defined(__HAVE_ARCH_PTE_DEVMAP) && defined(CONFIG_TRANSPARENT_HUGEPAGE)
1499 static int __gup_device_huge(unsigned long pfn, unsigned long addr,
1500 unsigned long end, struct page **pages, int *nr)
1503 struct dev_pagemap *pgmap = NULL;
1506 struct page *page = pfn_to_page(pfn);
1508 pgmap = get_dev_pagemap(pfn, pgmap);
1509 if (unlikely(!pgmap)) {
1510 undo_dev_pagemap(nr, nr_start, pages);
1513 SetPageReferenced(page);
1518 } while (addr += PAGE_SIZE, addr != end);
1521 put_dev_pagemap(pgmap);
1525 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1526 unsigned long end, struct page **pages, int *nr)
1528 unsigned long fault_pfn;
1531 fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1532 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1535 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1536 undo_dev_pagemap(nr, nr_start, pages);
1542 static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1543 unsigned long end, struct page **pages, int *nr)
1545 unsigned long fault_pfn;
1548 fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1549 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1552 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1553 undo_dev_pagemap(nr, nr_start, pages);
1559 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1560 unsigned long end, struct page **pages, int *nr)
1566 static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr,
1567 unsigned long end, struct page **pages, int *nr)
1574 static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1575 unsigned long end, int write, struct page **pages, int *nr)
1577 struct page *head, *page;
1580 if (!pmd_access_permitted(orig, write))
1583 if (pmd_devmap(orig))
1584 return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr);
1587 page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1593 } while (addr += PAGE_SIZE, addr != end);
1595 head = try_get_compound_head(pmd_page(orig), refs);
1601 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1608 SetPageReferenced(head);
1612 static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1613 unsigned long end, int write, struct page **pages, int *nr)
1615 struct page *head, *page;
1618 if (!pud_access_permitted(orig, write))
1621 if (pud_devmap(orig))
1622 return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr);
1625 page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1631 } while (addr += PAGE_SIZE, addr != end);
1633 head = try_get_compound_head(pud_page(orig), refs);
1639 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1646 SetPageReferenced(head);
1650 static int gup_huge_pgd(pgd_t orig, pgd_t *pgdp, unsigned long addr,
1651 unsigned long end, int write,
1652 struct page **pages, int *nr)
1655 struct page *head, *page;
1657 if (!pgd_access_permitted(orig, write))
1660 BUILD_BUG_ON(pgd_devmap(orig));
1662 page = pgd_page(orig) + ((addr & ~PGDIR_MASK) >> PAGE_SHIFT);
1668 } while (addr += PAGE_SIZE, addr != end);
1670 head = try_get_compound_head(pgd_page(orig), refs);
1676 if (unlikely(pgd_val(orig) != pgd_val(*pgdp))) {
1683 SetPageReferenced(head);
1687 static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
1688 int write, struct page **pages, int *nr)
1693 pmdp = pmd_offset(&pud, addr);
1695 pmd_t pmd = READ_ONCE(*pmdp);
1697 next = pmd_addr_end(addr, end);
1698 if (!pmd_present(pmd))
1701 if (unlikely(pmd_trans_huge(pmd) || pmd_huge(pmd) ||
1704 * NUMA hinting faults need to be handled in the GUP
1705 * slowpath for accounting purposes and so that they
1706 * can be serialised against THP migration.
1708 if (pmd_protnone(pmd))
1711 if (!gup_huge_pmd(pmd, pmdp, addr, next, write,
1715 } else if (unlikely(is_hugepd(__hugepd(pmd_val(pmd))))) {
1717 * architecture have different format for hugetlbfs
1718 * pmd format and THP pmd format
1720 if (!gup_huge_pd(__hugepd(pmd_val(pmd)), addr,
1721 PMD_SHIFT, next, write, pages, nr))
1723 } else if (!gup_pte_range(pmd, addr, next, write, pages, nr))
1725 } while (pmdp++, addr = next, addr != end);
1730 static int gup_pud_range(p4d_t p4d, unsigned long addr, unsigned long end,
1731 int write, struct page **pages, int *nr)
1736 pudp = pud_offset(&p4d, addr);
1738 pud_t pud = READ_ONCE(*pudp);
1740 next = pud_addr_end(addr, end);
1743 if (unlikely(pud_huge(pud))) {
1744 if (!gup_huge_pud(pud, pudp, addr, next, write,
1747 } else if (unlikely(is_hugepd(__hugepd(pud_val(pud))))) {
1748 if (!gup_huge_pd(__hugepd(pud_val(pud)), addr,
1749 PUD_SHIFT, next, write, pages, nr))
1751 } else if (!gup_pmd_range(pud, addr, next, write, pages, nr))
1753 } while (pudp++, addr = next, addr != end);
1758 static int gup_p4d_range(pgd_t pgd, unsigned long addr, unsigned long end,
1759 int write, struct page **pages, int *nr)
1764 p4dp = p4d_offset(&pgd, addr);
1766 p4d_t p4d = READ_ONCE(*p4dp);
1768 next = p4d_addr_end(addr, end);
1771 BUILD_BUG_ON(p4d_huge(p4d));
1772 if (unlikely(is_hugepd(__hugepd(p4d_val(p4d))))) {
1773 if (!gup_huge_pd(__hugepd(p4d_val(p4d)), addr,
1774 P4D_SHIFT, next, write, pages, nr))
1776 } else if (!gup_pud_range(p4d, addr, next, write, pages, nr))
1778 } while (p4dp++, addr = next, addr != end);
1783 static void gup_pgd_range(unsigned long addr, unsigned long end,
1784 int write, struct page **pages, int *nr)
1789 pgdp = pgd_offset(current->mm, addr);
1791 pgd_t pgd = READ_ONCE(*pgdp);
1793 next = pgd_addr_end(addr, end);
1796 if (unlikely(pgd_huge(pgd))) {
1797 if (!gup_huge_pgd(pgd, pgdp, addr, next, write,
1800 } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) {
1801 if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr,
1802 PGDIR_SHIFT, next, write, pages, nr))
1804 } else if (!gup_p4d_range(pgd, addr, next, write, pages, nr))
1806 } while (pgdp++, addr = next, addr != end);
1809 #ifndef gup_fast_permitted
1811 * Check if it's allowed to use __get_user_pages_fast() for the range, or
1812 * we need to fall back to the slow version:
1814 bool gup_fast_permitted(unsigned long start, int nr_pages, int write)
1816 unsigned long len, end;
1818 len = (unsigned long) nr_pages << PAGE_SHIFT;
1820 return end >= start;
1825 * Like get_user_pages_fast() except it's IRQ-safe in that it won't fall back to
1827 * Note a difference with get_user_pages_fast: this always returns the
1828 * number of pages pinned, 0 if no pages were pinned.
1830 int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
1831 struct page **pages)
1833 unsigned long len, end;
1834 unsigned long flags;
1838 len = (unsigned long) nr_pages << PAGE_SHIFT;
1841 if (unlikely(!access_ok((void __user *)start, len)))
1845 * Disable interrupts. We use the nested form as we can already have
1846 * interrupts disabled by get_futex_key.
1848 * With interrupts disabled, we block page table pages from being
1849 * freed from under us. See struct mmu_table_batch comments in
1850 * include/asm-generic/tlb.h for more details.
1852 * We do not adopt an rcu_read_lock(.) here as we also want to
1853 * block IPIs that come from THPs splitting.
1856 if (gup_fast_permitted(start, nr_pages, write)) {
1857 local_irq_save(flags);
1858 gup_pgd_range(start, end, write, pages, &nr);
1859 local_irq_restore(flags);
1866 * get_user_pages_fast() - pin user pages in memory
1867 * @start: starting user address
1868 * @nr_pages: number of pages from start to pin
1869 * @write: whether pages will be written to
1870 * @pages: array that receives pointers to the pages pinned.
1871 * Should be at least nr_pages long.
1873 * Attempt to pin user pages in memory without taking mm->mmap_sem.
1874 * If not successful, it will fall back to taking the lock and
1875 * calling get_user_pages().
1877 * Returns number of pages pinned. This may be fewer than the number
1878 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1879 * were pinned, returns -errno.
1881 int get_user_pages_fast(unsigned long start, int nr_pages, int write,
1882 struct page **pages)
1884 unsigned long addr, len, end;
1885 int nr = 0, ret = 0;
1889 len = (unsigned long) nr_pages << PAGE_SHIFT;
1895 if (unlikely(!access_ok((void __user *)start, len)))
1898 if (gup_fast_permitted(start, nr_pages, write)) {
1899 local_irq_disable();
1900 gup_pgd_range(addr, end, write, pages, &nr);
1905 if (nr < nr_pages) {
1906 /* Try to get the remaining pages with get_user_pages */
1907 start += nr << PAGE_SHIFT;
1910 ret = get_user_pages_unlocked(start, nr_pages - nr, pages,
1911 write ? FOLL_WRITE : 0);
1913 /* Have to be a bit careful with return values */
1925 #endif /* CONFIG_HAVE_GENERIC_GUP */
projects / linux.git / blob