1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <linux/mm.h>
3 #include <linux/slab.h>
4 #include <linux/string.h>
5 #include <linux/compiler.h>
6 #include <linux/export.h>
7 #include <linux/err.h>
8 #include <linux/sched.h>
9 #include <linux/sched/mm.h>
10 #include <linux/sched/signal.h>
11 #include <linux/sched/task_stack.h>
12 #include <linux/security.h>
13 #include <linux/swap.h>
14 #include <linux/swapops.h>
15 #include <linux/sysctl.h>
16 #include <linux/mman.h>
17 #include <linux/hugetlb.h>
18 #include <linux/vmalloc.h>
19 #include <linux/userfaultfd_k.h>
20 #include <linux/elf.h>
21 #include <linux/elf-randomize.h>
22 #include <linux/personality.h>
23 #include <linux/random.h>
24 #include <linux/processor.h>
25 #include <linux/sizes.h>
26 #include <linux/compat.h>
27 #include <linux/fsnotify.h>
28 #include <linux/page_idle.h>
29
30 #include <linux/uaccess.h>
31
32 #include <kunit/visibility.h>
33
34 #include "internal.h"
35 #include "swap.h"
36
37 /**
38 * kfree_const - conditionally free memory
39 * @x: pointer to the memory
40 *
41 * Function calls kfree only if @x is not in .rodata section.
42 */
kfree_const(const void * x)43 void kfree_const(const void *x)
44 {
45 if (!is_kernel_rodata((unsigned long)x))
46 kfree(x);
47 }
48 EXPORT_SYMBOL(kfree_const);
49
50 /**
51 * __kmemdup_nul - Create a NUL-terminated string from @s, which might be unterminated.
52 * @s: The data to copy
53 * @len: The size of the data, not including the NUL terminator
54 * @gfp: the GFP mask used in the kmalloc() call when allocating memory
55 *
56 * Return: newly allocated copy of @s with NUL-termination or %NULL in
57 * case of error
58 */
__kmemdup_nul(const char * s,size_t len,gfp_t gfp)59 static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp)
60 {
61 char *buf;
62
63 /* '+1' for the NUL terminator */
64 buf = kmalloc_track_caller(len + 1, gfp);
65 if (!buf)
66 return NULL;
67
68 memcpy(buf, s, len);
69 /* Ensure the buf is always NUL-terminated, regardless of @s. */
70 buf[len] = '\0';
71 return buf;
72 }
73
74 /**
75 * kstrdup - allocate space for and copy an existing string
76 * @s: the string to duplicate
77 * @gfp: the GFP mask used in the kmalloc() call when allocating memory
78 *
79 * Return: newly allocated copy of @s or %NULL in case of error
80 */
81 noinline
kstrdup(const char * s,gfp_t gfp)82 char *kstrdup(const char *s, gfp_t gfp)
83 {
84 return s ? __kmemdup_nul(s, strlen(s), gfp) : NULL;
85 }
86 EXPORT_SYMBOL(kstrdup);
87
88 /**
89 * kstrdup_const - conditionally duplicate an existing const string
90 * @s: the string to duplicate
91 * @gfp: the GFP mask used in the kmalloc() call when allocating memory
92 *
93 * Note: Strings allocated by kstrdup_const should be freed by kfree_const and
94 * must not be passed to krealloc().
95 *
96 * Return: source string if it is in .rodata section otherwise
97 * fallback to kstrdup.
98 */
kstrdup_const(const char * s,gfp_t gfp)99 const char *kstrdup_const(const char *s, gfp_t gfp)
100 {
101 if (is_kernel_rodata((unsigned long)s))
102 return s;
103
104 return kstrdup(s, gfp);
105 }
106 EXPORT_SYMBOL(kstrdup_const);
107
108 /**
109 * kstrndup - allocate space for and copy an existing string
110 * @s: the string to duplicate
111 * @max: read at most @max chars from @s
112 * @gfp: the GFP mask used in the kmalloc() call when allocating memory
113 *
114 * Note: Use kmemdup_nul() instead if the size is known exactly.
115 *
116 * Return: newly allocated copy of @s or %NULL in case of error
117 */
kstrndup(const char * s,size_t max,gfp_t gfp)118 char *kstrndup(const char *s, size_t max, gfp_t gfp)
119 {
120 return s ? __kmemdup_nul(s, strnlen(s, max), gfp) : NULL;
121 }
122 EXPORT_SYMBOL(kstrndup);
123
124 /**
125 * kmemdup - duplicate region of memory
126 *
127 * @src: memory region to duplicate
128 * @len: memory region length
129 * @gfp: GFP mask to use
130 *
131 * Return: newly allocated copy of @src or %NULL in case of error,
132 * result is physically contiguous. Use kfree() to free.
133 */
kmemdup_noprof(const void * src,size_t len,gfp_t gfp)134 void *kmemdup_noprof(const void *src, size_t len, gfp_t gfp)
135 {
136 void *p;
137
138 p = kmalloc_node_track_caller_noprof(len, gfp, NUMA_NO_NODE, _RET_IP_);
139 if (p)
140 memcpy(p, src, len);
141 return p;
142 }
143 EXPORT_SYMBOL(kmemdup_noprof);
144
145 /**
146 * kmemdup_array - duplicate a given array.
147 *
148 * @src: array to duplicate.
149 * @count: number of elements to duplicate from array.
150 * @element_size: size of each element of array.
151 * @gfp: GFP mask to use.
152 *
153 * Return: duplicated array of @src or %NULL in case of error,
154 * result is physically contiguous. Use kfree() to free.
155 */
kmemdup_array(const void * src,size_t count,size_t element_size,gfp_t gfp)156 void *kmemdup_array(const void *src, size_t count, size_t element_size, gfp_t gfp)
157 {
158 return kmemdup(src, size_mul(element_size, count), gfp);
159 }
160 EXPORT_SYMBOL(kmemdup_array);
161
162 /**
163 * kvmemdup - duplicate region of memory
164 *
165 * @src: memory region to duplicate
166 * @len: memory region length
167 * @gfp: GFP mask to use
168 *
169 * Return: newly allocated copy of @src or %NULL in case of error,
170 * result may be not physically contiguous. Use kvfree() to free.
171 */
kvmemdup(const void * src,size_t len,gfp_t gfp)172 void *kvmemdup(const void *src, size_t len, gfp_t gfp)
173 {
174 void *p;
175
176 p = kvmalloc(len, gfp);
177 if (p)
178 memcpy(p, src, len);
179 return p;
180 }
181 EXPORT_SYMBOL(kvmemdup);
182
183 /**
184 * kmemdup_nul - Create a NUL-terminated string from unterminated data
185 * @s: The data to stringify
186 * @len: The size of the data
187 * @gfp: the GFP mask used in the kmalloc() call when allocating memory
188 *
189 * Return: newly allocated copy of @s with NUL-termination or %NULL in
190 * case of error
191 */
kmemdup_nul(const char * s,size_t len,gfp_t gfp)192 char *kmemdup_nul(const char *s, size_t len, gfp_t gfp)
193 {
194 return s ? __kmemdup_nul(s, len, gfp) : NULL;
195 }
196 EXPORT_SYMBOL(kmemdup_nul);
197
198 static kmem_buckets *user_buckets __ro_after_init;
199
init_user_buckets(void)200 static int __init init_user_buckets(void)
201 {
202 user_buckets = kmem_buckets_create("memdup_user", 0, 0, INT_MAX, NULL);
203
204 return 0;
205 }
206 subsys_initcall(init_user_buckets);
207
208 /**
209 * memdup_user - duplicate memory region from user space
210 *
211 * @src: source address in user space
212 * @len: number of bytes to copy
213 *
214 * Return: an ERR_PTR() on failure. Result is physically
215 * contiguous, to be freed by kfree().
216 */
memdup_user(const void __user * src,size_t len)217 void *memdup_user(const void __user *src, size_t len)
218 {
219 void *p;
220
221 p = kmem_buckets_alloc_track_caller(user_buckets, len, GFP_USER | __GFP_NOWARN);
222 if (!p)
223 return ERR_PTR(-ENOMEM);
224
225 if (copy_from_user(p, src, len)) {
226 kfree(p);
227 return ERR_PTR(-EFAULT);
228 }
229
230 return p;
231 }
232 EXPORT_SYMBOL(memdup_user);
233
234 /**
235 * vmemdup_user - duplicate memory region from user space
236 *
237 * @src: source address in user space
238 * @len: number of bytes to copy
239 *
240 * Return: an ERR_PTR() on failure. Result may be not
241 * physically contiguous. Use kvfree() to free.
242 */
vmemdup_user(const void __user * src,size_t len)243 void *vmemdup_user(const void __user *src, size_t len)
244 {
245 void *p;
246
247 p = kmem_buckets_valloc(user_buckets, len, GFP_USER);
248 if (!p)
249 return ERR_PTR(-ENOMEM);
250
251 if (copy_from_user(p, src, len)) {
252 kvfree(p);
253 return ERR_PTR(-EFAULT);
254 }
255
256 return p;
257 }
258 EXPORT_SYMBOL(vmemdup_user);
259
260 /**
261 * strndup_user - duplicate an existing string from user space
262 * @s: The string to duplicate
263 * @n: Maximum number of bytes to copy, including the trailing NUL.
264 *
265 * Return: newly allocated copy of @s or an ERR_PTR() in case of error
266 */
strndup_user(const char __user * s,long n)267 char *strndup_user(const char __user *s, long n)
268 {
269 char *p;
270 long length;
271
272 length = strnlen_user(s, n);
273
274 if (!length)
275 return ERR_PTR(-EFAULT);
276
277 if (length > n)
278 return ERR_PTR(-EINVAL);
279
280 p = memdup_user(s, length);
281
282 if (IS_ERR(p))
283 return p;
284
285 p[length - 1] = '\0';
286
287 return p;
288 }
289 EXPORT_SYMBOL(strndup_user);
290
291 /**
292 * memdup_user_nul - duplicate memory region from user space and NUL-terminate
293 *
294 * @src: source address in user space
295 * @len: number of bytes to copy
296 *
297 * Return: an ERR_PTR() on failure.
298 */
memdup_user_nul(const void __user * src,size_t len)299 void *memdup_user_nul(const void __user *src, size_t len)
300 {
301 char *p;
302
303 p = kmem_buckets_alloc_track_caller(user_buckets, len + 1, GFP_USER | __GFP_NOWARN);
304 if (!p)
305 return ERR_PTR(-ENOMEM);
306
307 if (copy_from_user(p, src, len)) {
308 kfree(p);
309 return ERR_PTR(-EFAULT);
310 }
311 p[len] = '\0';
312
313 return p;
314 }
315 EXPORT_SYMBOL(memdup_user_nul);
316
317 /* Check if the vma is being used as a stack by this task */
vma_is_stack_for_current(const struct vm_area_struct * vma)318 int vma_is_stack_for_current(const struct vm_area_struct *vma)
319 {
320 struct task_struct * __maybe_unused t = current;
321
322 return (vma->vm_start <= KSTK_ESP(t) && vma->vm_end >= KSTK_ESP(t));
323 }
324
325 /*
326 * Change backing file, only valid to use during initial VMA setup.
327 */
vma_set_file(struct vm_area_struct * vma,struct file * file)328 void vma_set_file(struct vm_area_struct *vma, struct file *file)
329 {
330 /* Changing an anonymous vma with this is illegal */
331 get_file(file);
332 swap(vma->vm_file, file);
333 fput(file);
334 }
335 EXPORT_SYMBOL(vma_set_file);
336
337 #ifndef STACK_RND_MASK
338 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
339 #endif
340
randomize_stack_top(unsigned long stack_top)341 unsigned long randomize_stack_top(unsigned long stack_top)
342 {
343 unsigned long random_variable = 0;
344
345 if (current->flags & PF_RANDOMIZE) {
346 random_variable = get_random_long();
347 random_variable &= STACK_RND_MASK;
348 random_variable <<= PAGE_SHIFT;
349 }
350 #ifdef CONFIG_STACK_GROWSUP
351 return PAGE_ALIGN(stack_top) + random_variable;
352 #else
353 return PAGE_ALIGN(stack_top) - random_variable;
354 #endif
355 }
356
357 /**
358 * randomize_page - Generate a random, page aligned address
359 * @start: The smallest acceptable address the caller will take.
360 * @range: The size of the area, starting at @start, within which the
361 * random address must fall.
362 *
363 * If @start + @range would overflow, @range is capped.
364 *
365 * NOTE: Historical use of randomize_range, which this replaces, presumed that
366 * @start was already page aligned. We now align it regardless.
367 *
368 * Return: A page aligned address within [start, start + range). On error,
369 * @start is returned.
370 */
randomize_page(unsigned long start,unsigned long range)371 unsigned long randomize_page(unsigned long start, unsigned long range)
372 {
373 if (!PAGE_ALIGNED(start)) {
374 range -= PAGE_ALIGN(start) - start;
375 start = PAGE_ALIGN(start);
376 }
377
378 if (start > ULONG_MAX - range)
379 range = ULONG_MAX - start;
380
381 range >>= PAGE_SHIFT;
382
383 if (range == 0)
384 return start;
385
386 return start + (get_random_long() % range << PAGE_SHIFT);
387 }
388
389 #ifdef CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
arch_randomize_brk(struct mm_struct * mm)390 unsigned long __weak arch_randomize_brk(struct mm_struct *mm)
391 {
392 /* Is the current task 32bit ? */
393 if (!IS_ENABLED(CONFIG_64BIT) || is_compat_task())
394 return randomize_page(mm->brk, SZ_32M);
395
396 return randomize_page(mm->brk, SZ_1G);
397 }
398
arch_mmap_rnd(void)399 unsigned long arch_mmap_rnd(void)
400 {
401 unsigned long rnd;
402
403 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
404 if (is_compat_task())
405 rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
406 else
407 #endif /* CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS */
408 rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
409
410 return rnd << PAGE_SHIFT;
411 }
412
mmap_is_legacy(const struct rlimit * rlim_stack)413 static int mmap_is_legacy(const struct rlimit *rlim_stack)
414 {
415 if (current->personality & ADDR_COMPAT_LAYOUT)
416 return 1;
417
418 /* On parisc the stack always grows up - so a unlimited stack should
419 * not be an indicator to use the legacy memory layout. */
420 if (rlim_stack->rlim_cur == RLIM_INFINITY &&
421 !IS_ENABLED(CONFIG_STACK_GROWSUP))
422 return 1;
423
424 return sysctl_legacy_va_layout;
425 }
426
427 /*
428 * Leave enough space between the mmap area and the stack to honour ulimit in
429 * the face of randomisation.
430 */
431 #define MIN_GAP (SZ_128M)
432 #define MAX_GAP (STACK_TOP / 6 * 5)
433
mmap_base(const unsigned long rnd,const struct rlimit * rlim_stack)434 static unsigned long mmap_base(const unsigned long rnd, const struct rlimit *rlim_stack)
435 {
436 #ifdef CONFIG_STACK_GROWSUP
437 /*
438 * For an upwards growing stack the calculation is much simpler.
439 * Memory for the maximum stack size is reserved at the top of the
440 * task. mmap_base starts directly below the stack and grows
441 * downwards.
442 */
443 return PAGE_ALIGN_DOWN(mmap_upper_limit(rlim_stack) - rnd);
444 #else
445 unsigned long gap = rlim_stack->rlim_cur;
446 unsigned long pad = stack_guard_gap;
447
448 /* Account for stack randomization if necessary */
449 if (current->flags & PF_RANDOMIZE)
450 pad += (STACK_RND_MASK << PAGE_SHIFT);
451
452 /* Values close to RLIM_INFINITY can overflow. */
453 if (gap + pad > gap)
454 gap += pad;
455
456 if (gap < MIN_GAP && MIN_GAP < MAX_GAP)
457 gap = MIN_GAP;
458 else if (gap > MAX_GAP)
459 gap = MAX_GAP;
460
461 return PAGE_ALIGN(STACK_TOP - gap - rnd);
462 #endif
463 }
464
arch_pick_mmap_layout(struct mm_struct * mm,const struct rlimit * rlim_stack)465 void arch_pick_mmap_layout(struct mm_struct *mm, const struct rlimit *rlim_stack)
466 {
467 unsigned long random_factor = 0UL;
468
469 if (current->flags & PF_RANDOMIZE)
470 random_factor = arch_mmap_rnd();
471
472 if (mmap_is_legacy(rlim_stack)) {
473 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
474 mm_flags_clear(MMF_TOPDOWN, mm);
475 } else {
476 mm->mmap_base = mmap_base(random_factor, rlim_stack);
477 mm_flags_set(MMF_TOPDOWN, mm);
478 }
479 }
480 #elif defined(CONFIG_MMU) && !defined(HAVE_ARCH_PICK_MMAP_LAYOUT)
arch_pick_mmap_layout(struct mm_struct * mm,const struct rlimit * rlim_stack)481 void arch_pick_mmap_layout(struct mm_struct *mm, const struct rlimit *rlim_stack)
482 {
483 mm->mmap_base = TASK_UNMAPPED_BASE;
484 mm_flags_clear(MMF_TOPDOWN, mm);
485 }
486 #endif
487 #ifdef CONFIG_MMU
488 EXPORT_SYMBOL_IF_KUNIT(arch_pick_mmap_layout);
489 #endif
490
491 /**
492 * __account_locked_vm - account locked pages to an mm's locked_vm
493 * @mm: mm to account against
494 * @pages: number of pages to account
495 * @inc: %true if @pages should be considered positive, %false if not
496 * @task: task used to check RLIMIT_MEMLOCK
497 * @bypass_rlim: %true if checking RLIMIT_MEMLOCK should be skipped
498 *
499 * Assumes @task and @mm are valid (i.e. at least one reference on each), and
500 * that mmap_lock is held as writer.
501 *
502 * Return:
503 * * 0 on success
504 * * -ENOMEM if RLIMIT_MEMLOCK would be exceeded.
505 */
__account_locked_vm(struct mm_struct * mm,unsigned long pages,bool inc,const struct task_struct * task,bool bypass_rlim)506 int __account_locked_vm(struct mm_struct *mm, unsigned long pages, bool inc,
507 const struct task_struct *task, bool bypass_rlim)
508 {
509 unsigned long locked_vm, limit;
510 int ret = 0;
511
512 mmap_assert_write_locked(mm);
513
514 locked_vm = mm->locked_vm;
515 if (inc) {
516 if (!bypass_rlim) {
517 limit = task_rlimit(task, RLIMIT_MEMLOCK) >> PAGE_SHIFT;
518 if (locked_vm + pages > limit)
519 ret = -ENOMEM;
520 }
521 if (!ret)
522 mm->locked_vm = locked_vm + pages;
523 } else {
524 WARN_ON_ONCE(pages > locked_vm);
525 mm->locked_vm = locked_vm - pages;
526 }
527
528 pr_debug("%s: [%d] caller %ps %c%lu %lu/%lu%s\n", __func__, task->pid,
529 (void *)_RET_IP_, (inc) ? '+' : '-', pages << PAGE_SHIFT,
530 locked_vm << PAGE_SHIFT, task_rlimit(task, RLIMIT_MEMLOCK),
531 ret ? " - exceeded" : "");
532
533 return ret;
534 }
535 EXPORT_SYMBOL_GPL(__account_locked_vm);
536
537 /**
538 * account_locked_vm - account locked pages to an mm's locked_vm
539 * @mm: mm to account against, may be NULL
540 * @pages: number of pages to account
541 * @inc: %true if @pages should be considered positive, %false if not
542 *
543 * Assumes a non-NULL @mm is valid (i.e. at least one reference on it).
544 *
545 * Return:
546 * * 0 on success, or if mm is NULL
547 * * -ENOMEM if RLIMIT_MEMLOCK would be exceeded.
548 */
account_locked_vm(struct mm_struct * mm,unsigned long pages,bool inc)549 int account_locked_vm(struct mm_struct *mm, unsigned long pages, bool inc)
550 {
551 int ret;
552
553 if (pages == 0 || !mm)
554 return 0;
555
556 mmap_write_lock(mm);
557 ret = __account_locked_vm(mm, pages, inc, current,
558 capable(CAP_IPC_LOCK));
559 mmap_write_unlock(mm);
560
561 return ret;
562 }
563 EXPORT_SYMBOL_GPL(account_locked_vm);
564
vm_mmap_pgoff(struct file * file,unsigned long addr,unsigned long len,unsigned long prot,unsigned long flag,unsigned long pgoff)565 unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr,
566 unsigned long len, unsigned long prot,
567 unsigned long flag, unsigned long pgoff)
568 {
569 loff_t off = (loff_t)pgoff << PAGE_SHIFT;
570 unsigned long ret;
571 struct mm_struct *mm = current->mm;
572 unsigned long populate;
573 LIST_HEAD(uf);
574
575 ret = security_mmap_file(file, prot, flag);
576 if (!ret)
577 ret = fsnotify_mmap_perm(file, prot, off, len);
578 if (!ret) {
579 if (mmap_write_lock_killable(mm))
580 return -EINTR;
581 ret = do_mmap(file, addr, len, prot, flag, 0, pgoff, &populate,
582 &uf);
583 mmap_write_unlock(mm);
584 userfaultfd_unmap_complete(mm, &uf);
585 if (populate)
586 mm_populate(ret, populate);
587 }
588 return ret;
589 }
590
591 /*
592 * Perform a userland memory mapping into the current process address space. See
593 * the comment for do_mmap() for more details on this operation in general.
594 *
595 * This differs from do_mmap() in that:
596 *
597 * a. An offset parameter is provided rather than pgoff, which is both checked
598 * for overflow and page alignment.
599 * b. mmap locking is performed on the caller's behalf.
600 * c. Userfaultfd unmap events and memory population are handled.
601 *
602 * This means that this function performs essentially the same work as if
603 * userland were invoking mmap (2).
604 *
605 * Returns either an error, or the address at which the requested mapping has
606 * been performed.
607 */
vm_mmap(struct file * file,unsigned long addr,unsigned long len,unsigned long prot,unsigned long flag,unsigned long offset)608 unsigned long vm_mmap(struct file *file, unsigned long addr,
609 unsigned long len, unsigned long prot,
610 unsigned long flag, unsigned long offset)
611 {
612 if (unlikely(offset + PAGE_ALIGN(len) < offset))
613 return -EINVAL;
614 if (unlikely(offset_in_page(offset)))
615 return -EINVAL;
616
617 return vm_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT);
618 }
619 EXPORT_SYMBOL(vm_mmap);
620
621 /**
622 * __vmalloc_array - allocate memory for a virtually contiguous array.
623 * @n: number of elements.
624 * @size: element size.
625 * @flags: the type of memory to allocate (see kmalloc).
626 */
__vmalloc_array_noprof(size_t n,size_t size,gfp_t flags)627 void *__vmalloc_array_noprof(size_t n, size_t size, gfp_t flags)
628 {
629 size_t bytes;
630
631 if (unlikely(check_mul_overflow(n, size, &bytes)))
632 return NULL;
633 return __vmalloc_noprof(bytes, flags);
634 }
635 EXPORT_SYMBOL(__vmalloc_array_noprof);
636
637 /**
638 * vmalloc_array - allocate memory for a virtually contiguous array.
639 * @n: number of elements.
640 * @size: element size.
641 */
vmalloc_array_noprof(size_t n,size_t size)642 void *vmalloc_array_noprof(size_t n, size_t size)
643 {
644 return __vmalloc_array_noprof(n, size, GFP_KERNEL);
645 }
646 EXPORT_SYMBOL(vmalloc_array_noprof);
647
648 /**
649 * __vcalloc - allocate and zero memory for a virtually contiguous array.
650 * @n: number of elements.
651 * @size: element size.
652 * @flags: the type of memory to allocate (see kmalloc).
653 */
__vcalloc_noprof(size_t n,size_t size,gfp_t flags)654 void *__vcalloc_noprof(size_t n, size_t size, gfp_t flags)
655 {
656 return __vmalloc_array_noprof(n, size, flags | __GFP_ZERO);
657 }
658 EXPORT_SYMBOL(__vcalloc_noprof);
659
660 /**
661 * vcalloc - allocate and zero memory for a virtually contiguous array.
662 * @n: number of elements.
663 * @size: element size.
664 */
vcalloc_noprof(size_t n,size_t size)665 void *vcalloc_noprof(size_t n, size_t size)
666 {
667 return __vmalloc_array_noprof(n, size, GFP_KERNEL | __GFP_ZERO);
668 }
669 EXPORT_SYMBOL(vcalloc_noprof);
670
folio_anon_vma(const struct folio * folio)671 struct anon_vma *folio_anon_vma(const struct folio *folio)
672 {
673 unsigned long mapping = (unsigned long)folio->mapping;
674
675 if ((mapping & FOLIO_MAPPING_FLAGS) != FOLIO_MAPPING_ANON)
676 return NULL;
677 return (void *)(mapping - FOLIO_MAPPING_ANON);
678 }
679
680 /**
681 * folio_mapping - Find the mapping where this folio is stored.
682 * @folio: The folio.
683 *
684 * For folios which are in the page cache, return the mapping that this
685 * page belongs to. Folios in the swap cache return the swap mapping
686 * this page is stored in (which is different from the mapping for the
687 * swap file or swap device where the data is stored).
688 *
689 * You can call this for folios which aren't in the swap cache or page
690 * cache and it will return NULL.
691 */
folio_mapping(const struct folio * folio)692 struct address_space *folio_mapping(const struct folio *folio)
693 {
694 struct address_space *mapping;
695
696 /* This happens if someone calls flush_dcache_page on slab page */
697 if (unlikely(folio_test_slab(folio)))
698 return NULL;
699
700 if (unlikely(folio_test_swapcache(folio)))
701 return swap_address_space(folio->swap);
702
703 mapping = folio->mapping;
704 if ((unsigned long)mapping & FOLIO_MAPPING_FLAGS)
705 return NULL;
706
707 return mapping;
708 }
709 EXPORT_SYMBOL(folio_mapping);
710
711 /**
712 * folio_copy - Copy the contents of one folio to another.
713 * @dst: Folio to copy to.
714 * @src: Folio to copy from.
715 *
716 * The bytes in the folio represented by @src are copied to @dst.
717 * Assumes the caller has validated that @dst is at least as large as @src.
718 * Can be called in atomic context for order-0 folios, but if the folio is
719 * larger, it may sleep.
720 */
folio_copy(struct folio * dst,struct folio * src)721 void folio_copy(struct folio *dst, struct folio *src)
722 {
723 long i = 0;
724 long nr = folio_nr_pages(src);
725
726 for (;;) {
727 copy_highpage(folio_page(dst, i), folio_page(src, i));
728 if (++i == nr)
729 break;
730 cond_resched();
731 }
732 }
733 EXPORT_SYMBOL(folio_copy);
734
folio_mc_copy(struct folio * dst,struct folio * src)735 int folio_mc_copy(struct folio *dst, struct folio *src)
736 {
737 long nr = folio_nr_pages(src);
738 long i = 0;
739
740 for (;;) {
741 if (copy_mc_highpage(folio_page(dst, i), folio_page(src, i)))
742 return -EHWPOISON;
743 if (++i == nr)
744 break;
745 cond_resched();
746 }
747
748 return 0;
749 }
750 EXPORT_SYMBOL(folio_mc_copy);
751
752 int sysctl_overcommit_memory __read_mostly = OVERCOMMIT_GUESS;
753 static int sysctl_overcommit_ratio __read_mostly = 50;
754 static unsigned long sysctl_overcommit_kbytes __read_mostly;
755 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
756 unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */
757 unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */
758
759 #ifdef CONFIG_SYSCTL
760
overcommit_ratio_handler(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)761 static int overcommit_ratio_handler(const struct ctl_table *table, int write,
762 void *buffer, size_t *lenp, loff_t *ppos)
763 {
764 int ret;
765
766 ret = proc_dointvec(table, write, buffer, lenp, ppos);
767 if (ret == 0 && write)
768 sysctl_overcommit_kbytes = 0;
769 return ret;
770 }
771
sync_overcommit_as(struct work_struct * dummy)772 static void sync_overcommit_as(struct work_struct *dummy)
773 {
774 percpu_counter_sync(&vm_committed_as);
775 }
776
overcommit_policy_handler(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)777 static int overcommit_policy_handler(const struct ctl_table *table, int write,
778 void *buffer, size_t *lenp, loff_t *ppos)
779 {
780 struct ctl_table t;
781 int new_policy = -1;
782 int ret;
783
784 /*
785 * The deviation of sync_overcommit_as could be big with loose policy
786 * like OVERCOMMIT_ALWAYS/OVERCOMMIT_GUESS. When changing policy to
787 * strict OVERCOMMIT_NEVER, we need to reduce the deviation to comply
788 * with the strict "NEVER", and to avoid possible race condition (even
789 * though user usually won't too frequently do the switching to policy
790 * OVERCOMMIT_NEVER), the switch is done in the following order:
791 * 1. changing the batch
792 * 2. sync percpu count on each CPU
793 * 3. switch the policy
794 */
795 if (write) {
796 t = *table;
797 t.data = &new_policy;
798 ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
799 if (ret || new_policy == -1)
800 return ret;
801
802 mm_compute_batch(new_policy);
803 if (new_policy == OVERCOMMIT_NEVER)
804 schedule_on_each_cpu(sync_overcommit_as);
805 sysctl_overcommit_memory = new_policy;
806 } else {
807 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
808 }
809
810 return ret;
811 }
812
overcommit_kbytes_handler(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)813 static int overcommit_kbytes_handler(const struct ctl_table *table, int write,
814 void *buffer, size_t *lenp, loff_t *ppos)
815 {
816 int ret;
817
818 ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
819 if (ret == 0 && write)
820 sysctl_overcommit_ratio = 0;
821 return ret;
822 }
823
824 static const struct ctl_table util_sysctl_table[] = {
825 {
826 .procname = "overcommit_memory",
827 .data = &sysctl_overcommit_memory,
828 .maxlen = sizeof(sysctl_overcommit_memory),
829 .mode = 0644,
830 .proc_handler = overcommit_policy_handler,
831 .extra1 = SYSCTL_ZERO,
832 .extra2 = SYSCTL_TWO,
833 },
834 {
835 .procname = "overcommit_ratio",
836 .data = &sysctl_overcommit_ratio,
837 .maxlen = sizeof(sysctl_overcommit_ratio),
838 .mode = 0644,
839 .proc_handler = overcommit_ratio_handler,
840 },
841 {
842 .procname = "overcommit_kbytes",
843 .data = &sysctl_overcommit_kbytes,
844 .maxlen = sizeof(sysctl_overcommit_kbytes),
845 .mode = 0644,
846 .proc_handler = overcommit_kbytes_handler,
847 },
848 {
849 .procname = "user_reserve_kbytes",
850 .data = &sysctl_user_reserve_kbytes,
851 .maxlen = sizeof(sysctl_user_reserve_kbytes),
852 .mode = 0644,
853 .proc_handler = proc_doulongvec_minmax,
854 },
855 {
856 .procname = "admin_reserve_kbytes",
857 .data = &sysctl_admin_reserve_kbytes,
858 .maxlen = sizeof(sysctl_admin_reserve_kbytes),
859 .mode = 0644,
860 .proc_handler = proc_doulongvec_minmax,
861 },
862 };
863
init_vm_util_sysctls(void)864 static int __init init_vm_util_sysctls(void)
865 {
866 register_sysctl_init("vm", util_sysctl_table);
867 return 0;
868 }
869 subsys_initcall(init_vm_util_sysctls);
870 #endif /* CONFIG_SYSCTL */
871
872 /*
873 * Committed memory limit enforced when OVERCOMMIT_NEVER policy is used
874 */
vm_commit_limit(void)875 unsigned long vm_commit_limit(void)
876 {
877 unsigned long allowed;
878
879 if (sysctl_overcommit_kbytes)
880 allowed = sysctl_overcommit_kbytes >> (PAGE_SHIFT - 10);
881 else
882 allowed = ((totalram_pages() - hugetlb_total_pages())
883 * sysctl_overcommit_ratio / 100);
884 allowed += total_swap_pages;
885
886 return allowed;
887 }
888
889 /*
890 * Make sure vm_committed_as in one cacheline and not cacheline shared with
891 * other variables. It can be updated by several CPUs frequently.
892 */
893 struct percpu_counter vm_committed_as ____cacheline_aligned_in_smp;
894
895 /*
896 * The global memory commitment made in the system can be a metric
897 * that can be used to drive ballooning decisions when Linux is hosted
898 * as a guest. On Hyper-V, the host implements a policy engine for dynamically
899 * balancing memory across competing virtual machines that are hosted.
900 * Several metrics drive this policy engine including the guest reported
901 * memory commitment.
902 *
903 * The time cost of this is very low for small platforms, and for big
904 * platform like a 2S/36C/72T Skylake server, in worst case where
905 * vm_committed_as's spinlock is under severe contention, the time cost
906 * could be about 30~40 microseconds.
907 */
vm_memory_committed(void)908 unsigned long vm_memory_committed(void)
909 {
910 return percpu_counter_sum_positive(&vm_committed_as);
911 }
912 EXPORT_SYMBOL_GPL(vm_memory_committed);
913
914 /*
915 * Check that a process has enough memory to allocate a new virtual
916 * mapping. 0 means there is enough memory for the allocation to
917 * succeed and -ENOMEM implies there is not.
918 *
919 * We currently support three overcommit policies, which are set via the
920 * vm.overcommit_memory sysctl. See Documentation/mm/overcommit-accounting.rst
921 *
922 * Strict overcommit modes added 2002 Feb 26 by Alan Cox.
923 * Additional code 2002 Jul 20 by Robert Love.
924 *
925 * cap_sys_admin is 1 if the process has admin privileges, 0 otherwise.
926 *
927 * Note this is a helper function intended to be used by LSMs which
928 * wish to use this logic.
929 */
__vm_enough_memory(const struct mm_struct * mm,long pages,int cap_sys_admin)930 int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin)
931 {
932 long allowed;
933 unsigned long bytes_failed;
934
935 vm_acct_memory(pages);
936
937 /*
938 * Sometimes we want to use more memory than we have
939 */
940 if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
941 return 0;
942
943 if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
944 if (pages > totalram_pages() + total_swap_pages)
945 goto error;
946 return 0;
947 }
948
949 allowed = vm_commit_limit();
950 /*
951 * Reserve some for root
952 */
953 if (!cap_sys_admin)
954 allowed -= sysctl_admin_reserve_kbytes >> (PAGE_SHIFT - 10);
955
956 /*
957 * Don't let a single process grow so big a user can't recover
958 */
959 if (mm) {
960 long reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
961
962 allowed -= min_t(long, mm->total_vm / 32, reserve);
963 }
964
965 if (percpu_counter_read_positive(&vm_committed_as) < allowed)
966 return 0;
967 error:
968 bytes_failed = pages << PAGE_SHIFT;
969 pr_warn_ratelimited("%s: pid: %d, comm: %s, bytes: %lu not enough memory for the allocation\n",
970 __func__, current->pid, current->comm, bytes_failed);
971 vm_unacct_memory(pages);
972
973 return -ENOMEM;
974 }
975
976 /**
977 * get_cmdline() - copy the cmdline value to a buffer.
978 * @task: the task whose cmdline value to copy.
979 * @buffer: the buffer to copy to.
980 * @buflen: the length of the buffer. Larger cmdline values are truncated
981 * to this length.
982 *
983 * Return: the size of the cmdline field copied. Note that the copy does
984 * not guarantee an ending NULL byte.
985 */
get_cmdline(struct task_struct * task,char * buffer,int buflen)986 int get_cmdline(struct task_struct *task, char *buffer, int buflen)
987 {
988 int res = 0;
989 unsigned int len;
990 struct mm_struct *mm = get_task_mm(task);
991 unsigned long arg_start, arg_end, env_start, env_end;
992 if (!mm)
993 goto out;
994 if (!mm->arg_end)
995 goto out_mm; /* Shh! No looking before we're done */
996
997 spin_lock(&mm->arg_lock);
998 arg_start = mm->arg_start;
999 arg_end = mm->arg_end;
1000 env_start = mm->env_start;
1001 env_end = mm->env_end;
1002 spin_unlock(&mm->arg_lock);
1003
1004 len = arg_end - arg_start;
1005
1006 if (len > buflen)
1007 len = buflen;
1008
1009 res = access_process_vm(task, arg_start, buffer, len, FOLL_FORCE);
1010
1011 /*
1012 * If the nul at the end of args has been overwritten, then
1013 * assume application is using setproctitle(3).
1014 */
1015 if (res > 0 && buffer[res-1] != '\0' && len < buflen) {
1016 len = strnlen(buffer, res);
1017 if (len < res) {
1018 res = len;
1019 } else {
1020 len = env_end - env_start;
1021 if (len > buflen - res)
1022 len = buflen - res;
1023 res += access_process_vm(task, env_start,
1024 buffer+res, len,
1025 FOLL_FORCE);
1026 res = strnlen(buffer, res);
1027 }
1028 }
1029 out_mm:
1030 mmput(mm);
1031 out:
1032 return res;
1033 }
1034
memcmp_pages(struct page * page1,struct page * page2)1035 int __weak memcmp_pages(struct page *page1, struct page *page2)
1036 {
1037 char *addr1, *addr2;
1038 int ret;
1039
1040 addr1 = kmap_local_page(page1);
1041 addr2 = kmap_local_page(page2);
1042 ret = memcmp(addr1, addr2, PAGE_SIZE);
1043 kunmap_local(addr2);
1044 kunmap_local(addr1);
1045 return ret;
1046 }
1047
1048 #ifdef CONFIG_PRINTK
1049 /**
1050 * mem_dump_obj - Print available provenance information
1051 * @object: object for which to find provenance information.
1052 *
1053 * This function uses pr_cont(), so that the caller is expected to have
1054 * printed out whatever preamble is appropriate. The provenance information
1055 * depends on the type of object and on how much debugging is enabled.
1056 * For example, for a slab-cache object, the slab name is printed, and,
1057 * if available, the return address and stack trace from the allocation
1058 * and last free path of that object.
1059 */
mem_dump_obj(void * object)1060 void mem_dump_obj(void *object)
1061 {
1062 const char *type;
1063
1064 if (kmem_dump_obj(object))
1065 return;
1066
1067 if (vmalloc_dump_obj(object))
1068 return;
1069
1070 if (is_vmalloc_addr(object))
1071 type = "vmalloc memory";
1072 else if (virt_addr_valid(object))
1073 type = "non-slab/vmalloc memory";
1074 else if (object == NULL)
1075 type = "NULL pointer";
1076 else if (object == ZERO_SIZE_PTR)
1077 type = "zero-size pointer";
1078 else
1079 type = "non-paged memory";
1080
1081 pr_cont(" %s\n", type);
1082 }
1083 EXPORT_SYMBOL_GPL(mem_dump_obj);
1084 #endif
1085
1086 /*
1087 * A driver might set a page logically offline -- PageOffline() -- and
1088 * turn the page inaccessible in the hypervisor; after that, access to page
1089 * content can be fatal.
1090 *
1091 * Some special PFN walkers -- i.e., /proc/kcore -- read content of random
1092 * pages after checking PageOffline(); however, these PFN walkers can race
1093 * with drivers that set PageOffline().
1094 *
1095 * page_offline_freeze()/page_offline_thaw() allows for a subsystem to
1096 * synchronize with such drivers, achieving that a page cannot be set
1097 * PageOffline() while frozen.
1098 *
1099 * page_offline_begin()/page_offline_end() is used by drivers that care about
1100 * such races when setting a page PageOffline().
1101 */
1102 static DECLARE_RWSEM(page_offline_rwsem);
1103
page_offline_freeze(void)1104 void page_offline_freeze(void)
1105 {
1106 down_read(&page_offline_rwsem);
1107 }
1108
page_offline_thaw(void)1109 void page_offline_thaw(void)
1110 {
1111 up_read(&page_offline_rwsem);
1112 }
1113
page_offline_begin(void)1114 void page_offline_begin(void)
1115 {
1116 down_write(&page_offline_rwsem);
1117 }
1118 EXPORT_SYMBOL(page_offline_begin);
1119
page_offline_end(void)1120 void page_offline_end(void)
1121 {
1122 up_write(&page_offline_rwsem);
1123 }
1124 EXPORT_SYMBOL(page_offline_end);
1125
1126 #ifndef flush_dcache_folio
flush_dcache_folio(struct folio * folio)1127 void flush_dcache_folio(struct folio *folio)
1128 {
1129 long i, nr = folio_nr_pages(folio);
1130
1131 for (i = 0; i < nr; i++)
1132 flush_dcache_page(folio_page(folio, i));
1133 }
1134 EXPORT_SYMBOL(flush_dcache_folio);
1135 #endif
1136
1137 /**
1138 * __compat_vma_mmap_prepare() - See description for compat_vma_mmap_prepare()
1139 * for details. This is the same operation, only with a specific file operations
1140 * struct which may or may not be the same as vma->vm_file->f_op.
1141 * @f_op: The file operations whose .mmap_prepare() hook is specified.
1142 * @file: The file which backs or will back the mapping.
1143 * @vma: The VMA to apply the .mmap_prepare() hook to.
1144 * Returns: 0 on success or error.
1145 */
__compat_vma_mmap_prepare(const struct file_operations * f_op,struct file * file,struct vm_area_struct * vma)1146 int __compat_vma_mmap_prepare(const struct file_operations *f_op,
1147 struct file *file, struct vm_area_struct *vma)
1148 {
1149 struct vm_area_desc desc = {
1150 .mm = vma->vm_mm,
1151 .file = file,
1152 .start = vma->vm_start,
1153 .end = vma->vm_end,
1154
1155 .pgoff = vma->vm_pgoff,
1156 .vm_file = vma->vm_file,
1157 .vm_flags = vma->vm_flags,
1158 .page_prot = vma->vm_page_prot,
1159 };
1160 int err;
1161
1162 err = f_op->mmap_prepare(&desc);
1163 if (err)
1164 return err;
1165 set_vma_from_desc(vma, &desc);
1166
1167 return 0;
1168 }
1169 EXPORT_SYMBOL(__compat_vma_mmap_prepare);
1170
1171 /**
1172 * compat_vma_mmap_prepare() - Apply the file's .mmap_prepare() hook to an
1173 * existing VMA.
1174 * @file: The file which possesss an f_op->mmap_prepare() hook.
1175 * @vma: The VMA to apply the .mmap_prepare() hook to.
1176 *
1177 * Ordinarily, .mmap_prepare() is invoked directly upon mmap(). However, certain
1178 * stacked filesystems invoke a nested mmap hook of an underlying file.
1179 *
1180 * Until all filesystems are converted to use .mmap_prepare(), we must be
1181 * conservative and continue to invoke these stacked filesystems using the
1182 * deprecated .mmap() hook.
1183 *
1184 * However we have a problem if the underlying file system possesses an
1185 * .mmap_prepare() hook, as we are in a different context when we invoke the
1186 * .mmap() hook, already having a VMA to deal with.
1187 *
1188 * compat_vma_mmap_prepare() is a compatibility function that takes VMA state,
1189 * establishes a struct vm_area_desc descriptor, passes to the underlying
1190 * .mmap_prepare() hook and applies any changes performed by it.
1191 *
1192 * Once the conversion of filesystems is complete this function will no longer
1193 * be required and will be removed.
1194 *
1195 * Returns: 0 on success or error.
1196 */
compat_vma_mmap_prepare(struct file * file,struct vm_area_struct * vma)1197 int compat_vma_mmap_prepare(struct file *file, struct vm_area_struct *vma)
1198 {
1199 return __compat_vma_mmap_prepare(file->f_op, file, vma);
1200 }
1201 EXPORT_SYMBOL(compat_vma_mmap_prepare);
1202
set_ps_flags(struct page_snapshot * ps,const struct folio * folio,const struct page * page)1203 static void set_ps_flags(struct page_snapshot *ps, const struct folio *folio,
1204 const struct page *page)
1205 {
1206 /*
1207 * Only the first page of a high-order buddy page has PageBuddy() set.
1208 * So we have to check manually whether this page is part of a high-
1209 * order buddy page.
1210 */
1211 if (PageBuddy(page))
1212 ps->flags |= PAGE_SNAPSHOT_PG_BUDDY;
1213 else if (page_count(page) == 0 && is_free_buddy_page(page))
1214 ps->flags |= PAGE_SNAPSHOT_PG_BUDDY;
1215
1216 if (folio_test_idle(folio))
1217 ps->flags |= PAGE_SNAPSHOT_PG_IDLE;
1218 }
1219
1220 /**
1221 * snapshot_page() - Create a snapshot of a struct page
1222 * @ps: Pointer to a struct page_snapshot to store the page snapshot
1223 * @page: The page to snapshot
1224 *
1225 * Create a snapshot of the page and store both its struct page and struct
1226 * folio representations in @ps.
1227 *
1228 * A snapshot is marked as "faithful" if the compound state of @page was
1229 * stable and allowed safe reconstruction of the folio representation. In
1230 * rare cases where this is not possible (e.g. due to folio splitting),
1231 * snapshot_page() falls back to treating @page as a single page and the
1232 * snapshot is marked as "unfaithful". The snapshot_page_is_faithful()
1233 * helper can be used to check for this condition.
1234 */
snapshot_page(struct page_snapshot * ps,const struct page * page)1235 void snapshot_page(struct page_snapshot *ps, const struct page *page)
1236 {
1237 unsigned long head, nr_pages = 1;
1238 struct folio *foliop;
1239 int loops = 5;
1240
1241 ps->pfn = page_to_pfn(page);
1242 ps->flags = PAGE_SNAPSHOT_FAITHFUL;
1243
1244 again:
1245 memset(&ps->folio_snapshot, 0, sizeof(struct folio));
1246 memcpy(&ps->page_snapshot, page, sizeof(*page));
1247 head = ps->page_snapshot.compound_head;
1248 if ((head & 1) == 0) {
1249 ps->idx = 0;
1250 foliop = (struct folio *)&ps->page_snapshot;
1251 if (!folio_test_large(foliop)) {
1252 set_ps_flags(ps, page_folio(page), page);
1253 memcpy(&ps->folio_snapshot, foliop,
1254 sizeof(struct page));
1255 return;
1256 }
1257 foliop = (struct folio *)page;
1258 } else {
1259 foliop = (struct folio *)(head - 1);
1260 ps->idx = folio_page_idx(foliop, page);
1261 }
1262
1263 if (ps->idx < MAX_FOLIO_NR_PAGES) {
1264 memcpy(&ps->folio_snapshot, foliop, 2 * sizeof(struct page));
1265 nr_pages = folio_nr_pages(&ps->folio_snapshot);
1266 if (nr_pages > 1)
1267 memcpy(&ps->folio_snapshot.__page_2, &foliop->__page_2,
1268 sizeof(struct page));
1269 set_ps_flags(ps, foliop, page);
1270 }
1271
1272 if (ps->idx > nr_pages) {
1273 if (loops-- > 0)
1274 goto again;
1275 clear_compound_head(&ps->page_snapshot);
1276 foliop = (struct folio *)&ps->page_snapshot;
1277 memcpy(&ps->folio_snapshot, foliop, sizeof(struct page));
1278 ps->flags = 0;
1279 ps->idx = 0;
1280 }
1281 }
1282
1283 #ifdef CONFIG_MMU
1284 /**
1285 * folio_pte_batch - detect a PTE batch for a large folio
1286 * @folio: The large folio to detect a PTE batch for.
1287 * @ptep: Page table pointer for the first entry.
1288 * @pte: Page table entry for the first page.
1289 * @max_nr: The maximum number of table entries to consider.
1290 *
1291 * This is a simplified variant of folio_pte_batch_flags().
1292 *
1293 * Detect a PTE batch: consecutive (present) PTEs that map consecutive
1294 * pages of the same large folio in a single VMA and a single page table.
1295 *
1296 * All PTEs inside a PTE batch have the same PTE bits set, excluding the PFN,
1297 * the accessed bit, writable bit, dirt-bit and soft-dirty bit.
1298 *
1299 * ptep must map any page of the folio. max_nr must be at least one and
1300 * must be limited by the caller so scanning cannot exceed a single VMA and
1301 * a single page table.
1302 *
1303 * Return: the number of table entries in the batch.
1304 */
folio_pte_batch(struct folio * folio,pte_t * ptep,pte_t pte,unsigned int max_nr)1305 unsigned int folio_pte_batch(struct folio *folio, pte_t *ptep, pte_t pte,
1306 unsigned int max_nr)
1307 {
1308 return folio_pte_batch_flags(folio, NULL, ptep, &pte, max_nr, 0);
1309 }
1310 #endif /* CONFIG_MMU */
1311
1312 #if defined(CONFIG_SPARSEMEM) && !defined(CONFIG_SPARSEMEM_VMEMMAP)
1313 /**
1314 * page_range_contiguous - test whether the page range is contiguous
1315 * @page: the start of the page range.
1316 * @nr_pages: the number of pages in the range.
1317 *
1318 * Test whether the page range is contiguous, such that they can be iterated
1319 * naively, corresponding to iterating a contiguous PFN range.
1320 *
1321 * This function should primarily only be used for debug checks, or when
1322 * working with page ranges that are not naturally contiguous (e.g., pages
1323 * within a folio are).
1324 *
1325 * Returns true if contiguous, otherwise false.
1326 */
page_range_contiguous(const struct page * page,unsigned long nr_pages)1327 bool page_range_contiguous(const struct page *page, unsigned long nr_pages)
1328 {
1329 const unsigned long start_pfn = page_to_pfn(page);
1330 const unsigned long end_pfn = start_pfn + nr_pages;
1331 unsigned long pfn;
1332
1333 /*
1334 * The memmap is allocated per memory section, so no need to check
1335 * within the first section. However, we need to check each other
1336 * spanned memory section once, making sure the first page in a
1337 * section could similarly be reached by just iterating pages.
1338 */
1339 for (pfn = ALIGN(start_pfn, PAGES_PER_SECTION);
1340 pfn < end_pfn; pfn += PAGES_PER_SECTION)
1341 if (unlikely(page + (pfn - start_pfn) != pfn_to_page(pfn)))
1342 return false;
1343 return true;
1344 }
1345 EXPORT_SYMBOL(page_range_contiguous);
1346 #endif
1347