xref: /linux/mm/mempolicy.c (revision ed5c2f5fd10dda07263f79f338a512c0f49f76f5)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Simple NUMA memory policy for the Linux kernel.
4  *
5  * Copyright 2003,2004 Andi Kleen, SuSE Labs.
6  * (C) Copyright 2005 Christoph Lameter, Silicon Graphics, Inc.
7  *
8  * NUMA policy allows the user to give hints in which node(s) memory should
9  * be allocated.
10  *
11  * Support four policies per VMA and per process:
12  *
13  * The VMA policy has priority over the process policy for a page fault.
14  *
15  * interleave     Allocate memory interleaved over a set of nodes,
16  *                with normal fallback if it fails.
17  *                For VMA based allocations this interleaves based on the
18  *                offset into the backing object or offset into the mapping
19  *                for anonymous memory. For process policy an process counter
20  *                is used.
21  *
22  * bind           Only allocate memory on a specific set of nodes,
23  *                no fallback.
24  *                FIXME: memory is allocated starting with the first node
25  *                to the last. It would be better if bind would truly restrict
26  *                the allocation to memory nodes instead
27  *
28  * preferred       Try a specific node first before normal fallback.
29  *                As a special case NUMA_NO_NODE here means do the allocation
30  *                on the local CPU. This is normally identical to default,
31  *                but useful to set in a VMA when you have a non default
32  *                process policy.
33  *
34  * preferred many Try a set of nodes first before normal fallback. This is
35  *                similar to preferred without the special case.
36  *
37  * default        Allocate on the local node first, or when on a VMA
38  *                use the process policy. This is what Linux always did
39  *		  in a NUMA aware kernel and still does by, ahem, default.
40  *
41  * The process policy is applied for most non interrupt memory allocations
42  * in that process' context. Interrupts ignore the policies and always
43  * try to allocate on the local CPU. The VMA policy is only applied for memory
44  * allocations for a VMA in the VM.
45  *
46  * Currently there are a few corner cases in swapping where the policy
47  * is not applied, but the majority should be handled. When process policy
48  * is used it is not remembered over swap outs/swap ins.
49  *
50  * Only the highest zone in the zone hierarchy gets policied. Allocations
51  * requesting a lower zone just use default policy. This implies that
52  * on systems with highmem kernel lowmem allocation don't get policied.
53  * Same with GFP_DMA allocations.
54  *
55  * For shmfs/tmpfs/hugetlbfs shared memory the policy is shared between
56  * all users and remembered even when nobody has memory mapped.
57  */
58 
59 /* Notebook:
60    fix mmap readahead to honour policy and enable policy for any page cache
61    object
62    statistics for bigpages
63    global policy for page cache? currently it uses process policy. Requires
64    first item above.
65    handle mremap for shared memory (currently ignored for the policy)
66    grows down?
67    make bind policy root only? It can trigger oom much faster and the
68    kernel is not always grateful with that.
69 */
70 
71 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
72 
73 #include <linux/mempolicy.h>
74 #include <linux/pagewalk.h>
75 #include <linux/highmem.h>
76 #include <linux/hugetlb.h>
77 #include <linux/kernel.h>
78 #include <linux/sched.h>
79 #include <linux/sched/mm.h>
80 #include <linux/sched/numa_balancing.h>
81 #include <linux/sched/task.h>
82 #include <linux/nodemask.h>
83 #include <linux/cpuset.h>
84 #include <linux/slab.h>
85 #include <linux/string.h>
86 #include <linux/export.h>
87 #include <linux/nsproxy.h>
88 #include <linux/interrupt.h>
89 #include <linux/init.h>
90 #include <linux/compat.h>
91 #include <linux/ptrace.h>
92 #include <linux/swap.h>
93 #include <linux/seq_file.h>
94 #include <linux/proc_fs.h>
95 #include <linux/migrate.h>
96 #include <linux/ksm.h>
97 #include <linux/rmap.h>
98 #include <linux/security.h>
99 #include <linux/syscalls.h>
100 #include <linux/ctype.h>
101 #include <linux/mm_inline.h>
102 #include <linux/mmu_notifier.h>
103 #include <linux/printk.h>
104 #include <linux/swapops.h>
105 
106 #include <asm/tlbflush.h>
107 #include <asm/tlb.h>
108 #include <linux/uaccess.h>
109 
110 #include "internal.h"
111 
112 /* Internal flags */
113 #define MPOL_MF_DISCONTIG_OK (MPOL_MF_INTERNAL << 0)	/* Skip checks for continuous vmas */
114 #define MPOL_MF_INVERT (MPOL_MF_INTERNAL << 1)		/* Invert check for nodemask */
115 
116 static struct kmem_cache *policy_cache;
117 static struct kmem_cache *sn_cache;
118 
119 /* Highest zone. An specific allocation for a zone below that is not
120    policied. */
121 enum zone_type policy_zone = 0;
122 
123 /*
124  * run-time system-wide default policy => local allocation
125  */
126 static struct mempolicy default_policy = {
127 	.refcnt = ATOMIC_INIT(1), /* never free it */
128 	.mode = MPOL_LOCAL,
129 };
130 
131 static struct mempolicy preferred_node_policy[MAX_NUMNODES];
132 
133 /**
134  * numa_map_to_online_node - Find closest online node
135  * @node: Node id to start the search
136  *
137  * Lookup the next closest node by distance if @nid is not online.
138  *
139  * Return: this @node if it is online, otherwise the closest node by distance
140  */
141 int numa_map_to_online_node(int node)
142 {
143 	int min_dist = INT_MAX, dist, n, min_node;
144 
145 	if (node == NUMA_NO_NODE || node_online(node))
146 		return node;
147 
148 	min_node = node;
149 	for_each_online_node(n) {
150 		dist = node_distance(node, n);
151 		if (dist < min_dist) {
152 			min_dist = dist;
153 			min_node = n;
154 		}
155 	}
156 
157 	return min_node;
158 }
159 EXPORT_SYMBOL_GPL(numa_map_to_online_node);
160 
161 struct mempolicy *get_task_policy(struct task_struct *p)
162 {
163 	struct mempolicy *pol = p->mempolicy;
164 	int node;
165 
166 	if (pol)
167 		return pol;
168 
169 	node = numa_node_id();
170 	if (node != NUMA_NO_NODE) {
171 		pol = &preferred_node_policy[node];
172 		/* preferred_node_policy is not initialised early in boot */
173 		if (pol->mode)
174 			return pol;
175 	}
176 
177 	return &default_policy;
178 }
179 
180 static const struct mempolicy_operations {
181 	int (*create)(struct mempolicy *pol, const nodemask_t *nodes);
182 	void (*rebind)(struct mempolicy *pol, const nodemask_t *nodes);
183 } mpol_ops[MPOL_MAX];
184 
185 static inline int mpol_store_user_nodemask(const struct mempolicy *pol)
186 {
187 	return pol->flags & MPOL_MODE_FLAGS;
188 }
189 
190 static void mpol_relative_nodemask(nodemask_t *ret, const nodemask_t *orig,
191 				   const nodemask_t *rel)
192 {
193 	nodemask_t tmp;
194 	nodes_fold(tmp, *orig, nodes_weight(*rel));
195 	nodes_onto(*ret, tmp, *rel);
196 }
197 
198 static int mpol_new_nodemask(struct mempolicy *pol, const nodemask_t *nodes)
199 {
200 	if (nodes_empty(*nodes))
201 		return -EINVAL;
202 	pol->nodes = *nodes;
203 	return 0;
204 }
205 
206 static int mpol_new_preferred(struct mempolicy *pol, const nodemask_t *nodes)
207 {
208 	if (nodes_empty(*nodes))
209 		return -EINVAL;
210 
211 	nodes_clear(pol->nodes);
212 	node_set(first_node(*nodes), pol->nodes);
213 	return 0;
214 }
215 
216 /*
217  * mpol_set_nodemask is called after mpol_new() to set up the nodemask, if
218  * any, for the new policy.  mpol_new() has already validated the nodes
219  * parameter with respect to the policy mode and flags.
220  *
221  * Must be called holding task's alloc_lock to protect task's mems_allowed
222  * and mempolicy.  May also be called holding the mmap_lock for write.
223  */
224 static int mpol_set_nodemask(struct mempolicy *pol,
225 		     const nodemask_t *nodes, struct nodemask_scratch *nsc)
226 {
227 	int ret;
228 
229 	/*
230 	 * Default (pol==NULL) resp. local memory policies are not a
231 	 * subject of any remapping. They also do not need any special
232 	 * constructor.
233 	 */
234 	if (!pol || pol->mode == MPOL_LOCAL)
235 		return 0;
236 
237 	/* Check N_MEMORY */
238 	nodes_and(nsc->mask1,
239 		  cpuset_current_mems_allowed, node_states[N_MEMORY]);
240 
241 	VM_BUG_ON(!nodes);
242 
243 	if (pol->flags & MPOL_F_RELATIVE_NODES)
244 		mpol_relative_nodemask(&nsc->mask2, nodes, &nsc->mask1);
245 	else
246 		nodes_and(nsc->mask2, *nodes, nsc->mask1);
247 
248 	if (mpol_store_user_nodemask(pol))
249 		pol->w.user_nodemask = *nodes;
250 	else
251 		pol->w.cpuset_mems_allowed = cpuset_current_mems_allowed;
252 
253 	ret = mpol_ops[pol->mode].create(pol, &nsc->mask2);
254 	return ret;
255 }
256 
257 /*
258  * This function just creates a new policy, does some check and simple
259  * initialization. You must invoke mpol_set_nodemask() to set nodes.
260  */
261 static struct mempolicy *mpol_new(unsigned short mode, unsigned short flags,
262 				  nodemask_t *nodes)
263 {
264 	struct mempolicy *policy;
265 
266 	pr_debug("setting mode %d flags %d nodes[0] %lx\n",
267 		 mode, flags, nodes ? nodes_addr(*nodes)[0] : NUMA_NO_NODE);
268 
269 	if (mode == MPOL_DEFAULT) {
270 		if (nodes && !nodes_empty(*nodes))
271 			return ERR_PTR(-EINVAL);
272 		return NULL;
273 	}
274 	VM_BUG_ON(!nodes);
275 
276 	/*
277 	 * MPOL_PREFERRED cannot be used with MPOL_F_STATIC_NODES or
278 	 * MPOL_F_RELATIVE_NODES if the nodemask is empty (local allocation).
279 	 * All other modes require a valid pointer to a non-empty nodemask.
280 	 */
281 	if (mode == MPOL_PREFERRED) {
282 		if (nodes_empty(*nodes)) {
283 			if (((flags & MPOL_F_STATIC_NODES) ||
284 			     (flags & MPOL_F_RELATIVE_NODES)))
285 				return ERR_PTR(-EINVAL);
286 
287 			mode = MPOL_LOCAL;
288 		}
289 	} else if (mode == MPOL_LOCAL) {
290 		if (!nodes_empty(*nodes) ||
291 		    (flags & MPOL_F_STATIC_NODES) ||
292 		    (flags & MPOL_F_RELATIVE_NODES))
293 			return ERR_PTR(-EINVAL);
294 	} else if (nodes_empty(*nodes))
295 		return ERR_PTR(-EINVAL);
296 	policy = kmem_cache_alloc(policy_cache, GFP_KERNEL);
297 	if (!policy)
298 		return ERR_PTR(-ENOMEM);
299 	atomic_set(&policy->refcnt, 1);
300 	policy->mode = mode;
301 	policy->flags = flags;
302 	policy->home_node = NUMA_NO_NODE;
303 
304 	return policy;
305 }
306 
307 /* Slow path of a mpol destructor. */
308 void __mpol_put(struct mempolicy *p)
309 {
310 	if (!atomic_dec_and_test(&p->refcnt))
311 		return;
312 	kmem_cache_free(policy_cache, p);
313 }
314 
315 static void mpol_rebind_default(struct mempolicy *pol, const nodemask_t *nodes)
316 {
317 }
318 
319 static void mpol_rebind_nodemask(struct mempolicy *pol, const nodemask_t *nodes)
320 {
321 	nodemask_t tmp;
322 
323 	if (pol->flags & MPOL_F_STATIC_NODES)
324 		nodes_and(tmp, pol->w.user_nodemask, *nodes);
325 	else if (pol->flags & MPOL_F_RELATIVE_NODES)
326 		mpol_relative_nodemask(&tmp, &pol->w.user_nodemask, nodes);
327 	else {
328 		nodes_remap(tmp, pol->nodes, pol->w.cpuset_mems_allowed,
329 								*nodes);
330 		pol->w.cpuset_mems_allowed = *nodes;
331 	}
332 
333 	if (nodes_empty(tmp))
334 		tmp = *nodes;
335 
336 	pol->nodes = tmp;
337 }
338 
339 static void mpol_rebind_preferred(struct mempolicy *pol,
340 						const nodemask_t *nodes)
341 {
342 	pol->w.cpuset_mems_allowed = *nodes;
343 }
344 
345 /*
346  * mpol_rebind_policy - Migrate a policy to a different set of nodes
347  *
348  * Per-vma policies are protected by mmap_lock. Allocations using per-task
349  * policies are protected by task->mems_allowed_seq to prevent a premature
350  * OOM/allocation failure due to parallel nodemask modification.
351  */
352 static void mpol_rebind_policy(struct mempolicy *pol, const nodemask_t *newmask)
353 {
354 	if (!pol || pol->mode == MPOL_LOCAL)
355 		return;
356 	if (!mpol_store_user_nodemask(pol) &&
357 	    nodes_equal(pol->w.cpuset_mems_allowed, *newmask))
358 		return;
359 
360 	mpol_ops[pol->mode].rebind(pol, newmask);
361 }
362 
363 /*
364  * Wrapper for mpol_rebind_policy() that just requires task
365  * pointer, and updates task mempolicy.
366  *
367  * Called with task's alloc_lock held.
368  */
369 
370 void mpol_rebind_task(struct task_struct *tsk, const nodemask_t *new)
371 {
372 	mpol_rebind_policy(tsk->mempolicy, new);
373 }
374 
375 /*
376  * Rebind each vma in mm to new nodemask.
377  *
378  * Call holding a reference to mm.  Takes mm->mmap_lock during call.
379  */
380 
381 void mpol_rebind_mm(struct mm_struct *mm, nodemask_t *new)
382 {
383 	struct vm_area_struct *vma;
384 
385 	mmap_write_lock(mm);
386 	for (vma = mm->mmap; vma; vma = vma->vm_next)
387 		mpol_rebind_policy(vma->vm_policy, new);
388 	mmap_write_unlock(mm);
389 }
390 
391 static const struct mempolicy_operations mpol_ops[MPOL_MAX] = {
392 	[MPOL_DEFAULT] = {
393 		.rebind = mpol_rebind_default,
394 	},
395 	[MPOL_INTERLEAVE] = {
396 		.create = mpol_new_nodemask,
397 		.rebind = mpol_rebind_nodemask,
398 	},
399 	[MPOL_PREFERRED] = {
400 		.create = mpol_new_preferred,
401 		.rebind = mpol_rebind_preferred,
402 	},
403 	[MPOL_BIND] = {
404 		.create = mpol_new_nodemask,
405 		.rebind = mpol_rebind_nodemask,
406 	},
407 	[MPOL_LOCAL] = {
408 		.rebind = mpol_rebind_default,
409 	},
410 	[MPOL_PREFERRED_MANY] = {
411 		.create = mpol_new_nodemask,
412 		.rebind = mpol_rebind_preferred,
413 	},
414 };
415 
416 static int migrate_page_add(struct page *page, struct list_head *pagelist,
417 				unsigned long flags);
418 
419 struct queue_pages {
420 	struct list_head *pagelist;
421 	unsigned long flags;
422 	nodemask_t *nmask;
423 	unsigned long start;
424 	unsigned long end;
425 	struct vm_area_struct *first;
426 };
427 
428 /*
429  * Check if the page's nid is in qp->nmask.
430  *
431  * If MPOL_MF_INVERT is set in qp->flags, check if the nid is
432  * in the invert of qp->nmask.
433  */
434 static inline bool queue_pages_required(struct page *page,
435 					struct queue_pages *qp)
436 {
437 	int nid = page_to_nid(page);
438 	unsigned long flags = qp->flags;
439 
440 	return node_isset(nid, *qp->nmask) == !(flags & MPOL_MF_INVERT);
441 }
442 
443 /*
444  * queue_pages_pmd() has three possible return values:
445  * 0 - pages are placed on the right node or queued successfully, or
446  *     special page is met, i.e. huge zero page.
447  * 1 - there is unmovable page, and MPOL_MF_MOVE* & MPOL_MF_STRICT were
448  *     specified.
449  * -EIO - is migration entry or only MPOL_MF_STRICT was specified and an
450  *        existing page was already on a node that does not follow the
451  *        policy.
452  */
453 static int queue_pages_pmd(pmd_t *pmd, spinlock_t *ptl, unsigned long addr,
454 				unsigned long end, struct mm_walk *walk)
455 	__releases(ptl)
456 {
457 	int ret = 0;
458 	struct page *page;
459 	struct queue_pages *qp = walk->private;
460 	unsigned long flags;
461 
462 	if (unlikely(is_pmd_migration_entry(*pmd))) {
463 		ret = -EIO;
464 		goto unlock;
465 	}
466 	page = pmd_page(*pmd);
467 	if (is_huge_zero_page(page)) {
468 		walk->action = ACTION_CONTINUE;
469 		goto unlock;
470 	}
471 	if (!queue_pages_required(page, qp))
472 		goto unlock;
473 
474 	flags = qp->flags;
475 	/* go to thp migration */
476 	if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) {
477 		if (!vma_migratable(walk->vma) ||
478 		    migrate_page_add(page, qp->pagelist, flags)) {
479 			ret = 1;
480 			goto unlock;
481 		}
482 	} else
483 		ret = -EIO;
484 unlock:
485 	spin_unlock(ptl);
486 	return ret;
487 }
488 
489 /*
490  * Scan through pages checking if pages follow certain conditions,
491  * and move them to the pagelist if they do.
492  *
493  * queue_pages_pte_range() has three possible return values:
494  * 0 - pages are placed on the right node or queued successfully, or
495  *     special page is met, i.e. zero page.
496  * 1 - there is unmovable page, and MPOL_MF_MOVE* & MPOL_MF_STRICT were
497  *     specified.
498  * -EIO - only MPOL_MF_STRICT was specified and an existing page was already
499  *        on a node that does not follow the policy.
500  */
501 static int queue_pages_pte_range(pmd_t *pmd, unsigned long addr,
502 			unsigned long end, struct mm_walk *walk)
503 {
504 	struct vm_area_struct *vma = walk->vma;
505 	struct page *page;
506 	struct queue_pages *qp = walk->private;
507 	unsigned long flags = qp->flags;
508 	bool has_unmovable = false;
509 	pte_t *pte, *mapped_pte;
510 	spinlock_t *ptl;
511 
512 	ptl = pmd_trans_huge_lock(pmd, vma);
513 	if (ptl)
514 		return queue_pages_pmd(pmd, ptl, addr, end, walk);
515 
516 	if (pmd_trans_unstable(pmd))
517 		return 0;
518 
519 	mapped_pte = pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
520 	for (; addr != end; pte++, addr += PAGE_SIZE) {
521 		if (!pte_present(*pte))
522 			continue;
523 		page = vm_normal_page(vma, addr, *pte);
524 		if (!page || is_zone_device_page(page))
525 			continue;
526 		/*
527 		 * vm_normal_page() filters out zero pages, but there might
528 		 * still be PageReserved pages to skip, perhaps in a VDSO.
529 		 */
530 		if (PageReserved(page))
531 			continue;
532 		if (!queue_pages_required(page, qp))
533 			continue;
534 		if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) {
535 			/* MPOL_MF_STRICT must be specified if we get here */
536 			if (!vma_migratable(vma)) {
537 				has_unmovable = true;
538 				break;
539 			}
540 
541 			/*
542 			 * Do not abort immediately since there may be
543 			 * temporary off LRU pages in the range.  Still
544 			 * need migrate other LRU pages.
545 			 */
546 			if (migrate_page_add(page, qp->pagelist, flags))
547 				has_unmovable = true;
548 		} else
549 			break;
550 	}
551 	pte_unmap_unlock(mapped_pte, ptl);
552 	cond_resched();
553 
554 	if (has_unmovable)
555 		return 1;
556 
557 	return addr != end ? -EIO : 0;
558 }
559 
560 static int queue_pages_hugetlb(pte_t *pte, unsigned long hmask,
561 			       unsigned long addr, unsigned long end,
562 			       struct mm_walk *walk)
563 {
564 	int ret = 0;
565 #ifdef CONFIG_HUGETLB_PAGE
566 	struct queue_pages *qp = walk->private;
567 	unsigned long flags = (qp->flags & MPOL_MF_VALID);
568 	struct page *page;
569 	spinlock_t *ptl;
570 	pte_t entry;
571 
572 	ptl = huge_pte_lock(hstate_vma(walk->vma), walk->mm, pte);
573 	entry = huge_ptep_get(pte);
574 	if (!pte_present(entry))
575 		goto unlock;
576 	page = pte_page(entry);
577 	if (!queue_pages_required(page, qp))
578 		goto unlock;
579 
580 	if (flags == MPOL_MF_STRICT) {
581 		/*
582 		 * STRICT alone means only detecting misplaced page and no
583 		 * need to further check other vma.
584 		 */
585 		ret = -EIO;
586 		goto unlock;
587 	}
588 
589 	if (!vma_migratable(walk->vma)) {
590 		/*
591 		 * Must be STRICT with MOVE*, otherwise .test_walk() have
592 		 * stopped walking current vma.
593 		 * Detecting misplaced page but allow migrating pages which
594 		 * have been queued.
595 		 */
596 		ret = 1;
597 		goto unlock;
598 	}
599 
600 	/* With MPOL_MF_MOVE, we migrate only unshared hugepage. */
601 	if (flags & (MPOL_MF_MOVE_ALL) ||
602 	    (flags & MPOL_MF_MOVE && page_mapcount(page) == 1)) {
603 		if (isolate_hugetlb(page, qp->pagelist) &&
604 			(flags & MPOL_MF_STRICT))
605 			/*
606 			 * Failed to isolate page but allow migrating pages
607 			 * which have been queued.
608 			 */
609 			ret = 1;
610 	}
611 unlock:
612 	spin_unlock(ptl);
613 #else
614 	BUG();
615 #endif
616 	return ret;
617 }
618 
619 #ifdef CONFIG_NUMA_BALANCING
620 /*
621  * This is used to mark a range of virtual addresses to be inaccessible.
622  * These are later cleared by a NUMA hinting fault. Depending on these
623  * faults, pages may be migrated for better NUMA placement.
624  *
625  * This is assuming that NUMA faults are handled using PROT_NONE. If
626  * an architecture makes a different choice, it will need further
627  * changes to the core.
628  */
629 unsigned long change_prot_numa(struct vm_area_struct *vma,
630 			unsigned long addr, unsigned long end)
631 {
632 	struct mmu_gather tlb;
633 	int nr_updated;
634 
635 	tlb_gather_mmu(&tlb, vma->vm_mm);
636 
637 	nr_updated = change_protection(&tlb, vma, addr, end, PAGE_NONE,
638 				       MM_CP_PROT_NUMA);
639 	if (nr_updated)
640 		count_vm_numa_events(NUMA_PTE_UPDATES, nr_updated);
641 
642 	tlb_finish_mmu(&tlb);
643 
644 	return nr_updated;
645 }
646 #else
647 static unsigned long change_prot_numa(struct vm_area_struct *vma,
648 			unsigned long addr, unsigned long end)
649 {
650 	return 0;
651 }
652 #endif /* CONFIG_NUMA_BALANCING */
653 
654 static int queue_pages_test_walk(unsigned long start, unsigned long end,
655 				struct mm_walk *walk)
656 {
657 	struct vm_area_struct *vma = walk->vma;
658 	struct queue_pages *qp = walk->private;
659 	unsigned long endvma = vma->vm_end;
660 	unsigned long flags = qp->flags;
661 
662 	/* range check first */
663 	VM_BUG_ON_VMA(!range_in_vma(vma, start, end), vma);
664 
665 	if (!qp->first) {
666 		qp->first = vma;
667 		if (!(flags & MPOL_MF_DISCONTIG_OK) &&
668 			(qp->start < vma->vm_start))
669 			/* hole at head side of range */
670 			return -EFAULT;
671 	}
672 	if (!(flags & MPOL_MF_DISCONTIG_OK) &&
673 		((vma->vm_end < qp->end) &&
674 		(!vma->vm_next || vma->vm_end < vma->vm_next->vm_start)))
675 		/* hole at middle or tail of range */
676 		return -EFAULT;
677 
678 	/*
679 	 * Need check MPOL_MF_STRICT to return -EIO if possible
680 	 * regardless of vma_migratable
681 	 */
682 	if (!vma_migratable(vma) &&
683 	    !(flags & MPOL_MF_STRICT))
684 		return 1;
685 
686 	if (endvma > end)
687 		endvma = end;
688 
689 	if (flags & MPOL_MF_LAZY) {
690 		/* Similar to task_numa_work, skip inaccessible VMAs */
691 		if (!is_vm_hugetlb_page(vma) && vma_is_accessible(vma) &&
692 			!(vma->vm_flags & VM_MIXEDMAP))
693 			change_prot_numa(vma, start, endvma);
694 		return 1;
695 	}
696 
697 	/* queue pages from current vma */
698 	if (flags & MPOL_MF_VALID)
699 		return 0;
700 	return 1;
701 }
702 
703 static const struct mm_walk_ops queue_pages_walk_ops = {
704 	.hugetlb_entry		= queue_pages_hugetlb,
705 	.pmd_entry		= queue_pages_pte_range,
706 	.test_walk		= queue_pages_test_walk,
707 };
708 
709 /*
710  * Walk through page tables and collect pages to be migrated.
711  *
712  * If pages found in a given range are on a set of nodes (determined by
713  * @nodes and @flags,) it's isolated and queued to the pagelist which is
714  * passed via @private.
715  *
716  * queue_pages_range() has three possible return values:
717  * 1 - there is unmovable page, but MPOL_MF_MOVE* & MPOL_MF_STRICT were
718  *     specified.
719  * 0 - queue pages successfully or no misplaced page.
720  * errno - i.e. misplaced pages with MPOL_MF_STRICT specified (-EIO) or
721  *         memory range specified by nodemask and maxnode points outside
722  *         your accessible address space (-EFAULT)
723  */
724 static int
725 queue_pages_range(struct mm_struct *mm, unsigned long start, unsigned long end,
726 		nodemask_t *nodes, unsigned long flags,
727 		struct list_head *pagelist)
728 {
729 	int err;
730 	struct queue_pages qp = {
731 		.pagelist = pagelist,
732 		.flags = flags,
733 		.nmask = nodes,
734 		.start = start,
735 		.end = end,
736 		.first = NULL,
737 	};
738 
739 	err = walk_page_range(mm, start, end, &queue_pages_walk_ops, &qp);
740 
741 	if (!qp.first)
742 		/* whole range in hole */
743 		err = -EFAULT;
744 
745 	return err;
746 }
747 
748 /*
749  * Apply policy to a single VMA
750  * This must be called with the mmap_lock held for writing.
751  */
752 static int vma_replace_policy(struct vm_area_struct *vma,
753 						struct mempolicy *pol)
754 {
755 	int err;
756 	struct mempolicy *old;
757 	struct mempolicy *new;
758 
759 	pr_debug("vma %lx-%lx/%lx vm_ops %p vm_file %p set_policy %p\n",
760 		 vma->vm_start, vma->vm_end, vma->vm_pgoff,
761 		 vma->vm_ops, vma->vm_file,
762 		 vma->vm_ops ? vma->vm_ops->set_policy : NULL);
763 
764 	new = mpol_dup(pol);
765 	if (IS_ERR(new))
766 		return PTR_ERR(new);
767 
768 	if (vma->vm_ops && vma->vm_ops->set_policy) {
769 		err = vma->vm_ops->set_policy(vma, new);
770 		if (err)
771 			goto err_out;
772 	}
773 
774 	old = vma->vm_policy;
775 	vma->vm_policy = new; /* protected by mmap_lock */
776 	mpol_put(old);
777 
778 	return 0;
779  err_out:
780 	mpol_put(new);
781 	return err;
782 }
783 
784 /* Step 2: apply policy to a range and do splits. */
785 static int mbind_range(struct mm_struct *mm, unsigned long start,
786 		       unsigned long end, struct mempolicy *new_pol)
787 {
788 	struct vm_area_struct *prev;
789 	struct vm_area_struct *vma;
790 	int err = 0;
791 	pgoff_t pgoff;
792 	unsigned long vmstart;
793 	unsigned long vmend;
794 
795 	vma = find_vma(mm, start);
796 	VM_BUG_ON(!vma);
797 
798 	prev = vma->vm_prev;
799 	if (start > vma->vm_start)
800 		prev = vma;
801 
802 	for (; vma && vma->vm_start < end; prev = vma, vma = vma->vm_next) {
803 		vmstart = max(start, vma->vm_start);
804 		vmend   = min(end, vma->vm_end);
805 
806 		if (mpol_equal(vma_policy(vma), new_pol))
807 			continue;
808 
809 		pgoff = vma->vm_pgoff +
810 			((vmstart - vma->vm_start) >> PAGE_SHIFT);
811 		prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags,
812 				 vma->anon_vma, vma->vm_file, pgoff,
813 				 new_pol, vma->vm_userfaultfd_ctx,
814 				 anon_vma_name(vma));
815 		if (prev) {
816 			vma = prev;
817 			goto replace;
818 		}
819 		if (vma->vm_start != vmstart) {
820 			err = split_vma(vma->vm_mm, vma, vmstart, 1);
821 			if (err)
822 				goto out;
823 		}
824 		if (vma->vm_end != vmend) {
825 			err = split_vma(vma->vm_mm, vma, vmend, 0);
826 			if (err)
827 				goto out;
828 		}
829  replace:
830 		err = vma_replace_policy(vma, new_pol);
831 		if (err)
832 			goto out;
833 	}
834 
835  out:
836 	return err;
837 }
838 
839 /* Set the process memory policy */
840 static long do_set_mempolicy(unsigned short mode, unsigned short flags,
841 			     nodemask_t *nodes)
842 {
843 	struct mempolicy *new, *old;
844 	NODEMASK_SCRATCH(scratch);
845 	int ret;
846 
847 	if (!scratch)
848 		return -ENOMEM;
849 
850 	new = mpol_new(mode, flags, nodes);
851 	if (IS_ERR(new)) {
852 		ret = PTR_ERR(new);
853 		goto out;
854 	}
855 
856 	ret = mpol_set_nodemask(new, nodes, scratch);
857 	if (ret) {
858 		mpol_put(new);
859 		goto out;
860 	}
861 	task_lock(current);
862 	old = current->mempolicy;
863 	current->mempolicy = new;
864 	if (new && new->mode == MPOL_INTERLEAVE)
865 		current->il_prev = MAX_NUMNODES-1;
866 	task_unlock(current);
867 	mpol_put(old);
868 	ret = 0;
869 out:
870 	NODEMASK_SCRATCH_FREE(scratch);
871 	return ret;
872 }
873 
874 /*
875  * Return nodemask for policy for get_mempolicy() query
876  *
877  * Called with task's alloc_lock held
878  */
879 static void get_policy_nodemask(struct mempolicy *p, nodemask_t *nodes)
880 {
881 	nodes_clear(*nodes);
882 	if (p == &default_policy)
883 		return;
884 
885 	switch (p->mode) {
886 	case MPOL_BIND:
887 	case MPOL_INTERLEAVE:
888 	case MPOL_PREFERRED:
889 	case MPOL_PREFERRED_MANY:
890 		*nodes = p->nodes;
891 		break;
892 	case MPOL_LOCAL:
893 		/* return empty node mask for local allocation */
894 		break;
895 	default:
896 		BUG();
897 	}
898 }
899 
900 static int lookup_node(struct mm_struct *mm, unsigned long addr)
901 {
902 	struct page *p = NULL;
903 	int ret;
904 
905 	ret = get_user_pages_fast(addr & PAGE_MASK, 1, 0, &p);
906 	if (ret > 0) {
907 		ret = page_to_nid(p);
908 		put_page(p);
909 	}
910 	return ret;
911 }
912 
913 /* Retrieve NUMA policy */
914 static long do_get_mempolicy(int *policy, nodemask_t *nmask,
915 			     unsigned long addr, unsigned long flags)
916 {
917 	int err;
918 	struct mm_struct *mm = current->mm;
919 	struct vm_area_struct *vma = NULL;
920 	struct mempolicy *pol = current->mempolicy, *pol_refcount = NULL;
921 
922 	if (flags &
923 		~(unsigned long)(MPOL_F_NODE|MPOL_F_ADDR|MPOL_F_MEMS_ALLOWED))
924 		return -EINVAL;
925 
926 	if (flags & MPOL_F_MEMS_ALLOWED) {
927 		if (flags & (MPOL_F_NODE|MPOL_F_ADDR))
928 			return -EINVAL;
929 		*policy = 0;	/* just so it's initialized */
930 		task_lock(current);
931 		*nmask  = cpuset_current_mems_allowed;
932 		task_unlock(current);
933 		return 0;
934 	}
935 
936 	if (flags & MPOL_F_ADDR) {
937 		/*
938 		 * Do NOT fall back to task policy if the
939 		 * vma/shared policy at addr is NULL.  We
940 		 * want to return MPOL_DEFAULT in this case.
941 		 */
942 		mmap_read_lock(mm);
943 		vma = vma_lookup(mm, addr);
944 		if (!vma) {
945 			mmap_read_unlock(mm);
946 			return -EFAULT;
947 		}
948 		if (vma->vm_ops && vma->vm_ops->get_policy)
949 			pol = vma->vm_ops->get_policy(vma, addr);
950 		else
951 			pol = vma->vm_policy;
952 	} else if (addr)
953 		return -EINVAL;
954 
955 	if (!pol)
956 		pol = &default_policy;	/* indicates default behavior */
957 
958 	if (flags & MPOL_F_NODE) {
959 		if (flags & MPOL_F_ADDR) {
960 			/*
961 			 * Take a refcount on the mpol, because we are about to
962 			 * drop the mmap_lock, after which only "pol" remains
963 			 * valid, "vma" is stale.
964 			 */
965 			pol_refcount = pol;
966 			vma = NULL;
967 			mpol_get(pol);
968 			mmap_read_unlock(mm);
969 			err = lookup_node(mm, addr);
970 			if (err < 0)
971 				goto out;
972 			*policy = err;
973 		} else if (pol == current->mempolicy &&
974 				pol->mode == MPOL_INTERLEAVE) {
975 			*policy = next_node_in(current->il_prev, pol->nodes);
976 		} else {
977 			err = -EINVAL;
978 			goto out;
979 		}
980 	} else {
981 		*policy = pol == &default_policy ? MPOL_DEFAULT :
982 						pol->mode;
983 		/*
984 		 * Internal mempolicy flags must be masked off before exposing
985 		 * the policy to userspace.
986 		 */
987 		*policy |= (pol->flags & MPOL_MODE_FLAGS);
988 	}
989 
990 	err = 0;
991 	if (nmask) {
992 		if (mpol_store_user_nodemask(pol)) {
993 			*nmask = pol->w.user_nodemask;
994 		} else {
995 			task_lock(current);
996 			get_policy_nodemask(pol, nmask);
997 			task_unlock(current);
998 		}
999 	}
1000 
1001  out:
1002 	mpol_cond_put(pol);
1003 	if (vma)
1004 		mmap_read_unlock(mm);
1005 	if (pol_refcount)
1006 		mpol_put(pol_refcount);
1007 	return err;
1008 }
1009 
1010 #ifdef CONFIG_MIGRATION
1011 /*
1012  * page migration, thp tail pages can be passed.
1013  */
1014 static int migrate_page_add(struct page *page, struct list_head *pagelist,
1015 				unsigned long flags)
1016 {
1017 	struct page *head = compound_head(page);
1018 	/*
1019 	 * Avoid migrating a page that is shared with others.
1020 	 */
1021 	if ((flags & MPOL_MF_MOVE_ALL) || page_mapcount(head) == 1) {
1022 		if (!isolate_lru_page(head)) {
1023 			list_add_tail(&head->lru, pagelist);
1024 			mod_node_page_state(page_pgdat(head),
1025 				NR_ISOLATED_ANON + page_is_file_lru(head),
1026 				thp_nr_pages(head));
1027 		} else if (flags & MPOL_MF_STRICT) {
1028 			/*
1029 			 * Non-movable page may reach here.  And, there may be
1030 			 * temporary off LRU pages or non-LRU movable pages.
1031 			 * Treat them as unmovable pages since they can't be
1032 			 * isolated, so they can't be moved at the moment.  It
1033 			 * should return -EIO for this case too.
1034 			 */
1035 			return -EIO;
1036 		}
1037 	}
1038 
1039 	return 0;
1040 }
1041 
1042 /*
1043  * Migrate pages from one node to a target node.
1044  * Returns error or the number of pages not migrated.
1045  */
1046 static int migrate_to_node(struct mm_struct *mm, int source, int dest,
1047 			   int flags)
1048 {
1049 	nodemask_t nmask;
1050 	LIST_HEAD(pagelist);
1051 	int err = 0;
1052 	struct migration_target_control mtc = {
1053 		.nid = dest,
1054 		.gfp_mask = GFP_HIGHUSER_MOVABLE | __GFP_THISNODE,
1055 	};
1056 
1057 	nodes_clear(nmask);
1058 	node_set(source, nmask);
1059 
1060 	/*
1061 	 * This does not "check" the range but isolates all pages that
1062 	 * need migration.  Between passing in the full user address
1063 	 * space range and MPOL_MF_DISCONTIG_OK, this call can not fail.
1064 	 */
1065 	VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)));
1066 	queue_pages_range(mm, mm->mmap->vm_start, mm->task_size, &nmask,
1067 			flags | MPOL_MF_DISCONTIG_OK, &pagelist);
1068 
1069 	if (!list_empty(&pagelist)) {
1070 		err = migrate_pages(&pagelist, alloc_migration_target, NULL,
1071 				(unsigned long)&mtc, MIGRATE_SYNC, MR_SYSCALL, NULL);
1072 		if (err)
1073 			putback_movable_pages(&pagelist);
1074 	}
1075 
1076 	return err;
1077 }
1078 
1079 /*
1080  * Move pages between the two nodesets so as to preserve the physical
1081  * layout as much as possible.
1082  *
1083  * Returns the number of page that could not be moved.
1084  */
1085 int do_migrate_pages(struct mm_struct *mm, const nodemask_t *from,
1086 		     const nodemask_t *to, int flags)
1087 {
1088 	int busy = 0;
1089 	int err = 0;
1090 	nodemask_t tmp;
1091 
1092 	lru_cache_disable();
1093 
1094 	mmap_read_lock(mm);
1095 
1096 	/*
1097 	 * Find a 'source' bit set in 'tmp' whose corresponding 'dest'
1098 	 * bit in 'to' is not also set in 'tmp'.  Clear the found 'source'
1099 	 * bit in 'tmp', and return that <source, dest> pair for migration.
1100 	 * The pair of nodemasks 'to' and 'from' define the map.
1101 	 *
1102 	 * If no pair of bits is found that way, fallback to picking some
1103 	 * pair of 'source' and 'dest' bits that are not the same.  If the
1104 	 * 'source' and 'dest' bits are the same, this represents a node
1105 	 * that will be migrating to itself, so no pages need move.
1106 	 *
1107 	 * If no bits are left in 'tmp', or if all remaining bits left
1108 	 * in 'tmp' correspond to the same bit in 'to', return false
1109 	 * (nothing left to migrate).
1110 	 *
1111 	 * This lets us pick a pair of nodes to migrate between, such that
1112 	 * if possible the dest node is not already occupied by some other
1113 	 * source node, minimizing the risk of overloading the memory on a
1114 	 * node that would happen if we migrated incoming memory to a node
1115 	 * before migrating outgoing memory source that same node.
1116 	 *
1117 	 * A single scan of tmp is sufficient.  As we go, we remember the
1118 	 * most recent <s, d> pair that moved (s != d).  If we find a pair
1119 	 * that not only moved, but what's better, moved to an empty slot
1120 	 * (d is not set in tmp), then we break out then, with that pair.
1121 	 * Otherwise when we finish scanning from_tmp, we at least have the
1122 	 * most recent <s, d> pair that moved.  If we get all the way through
1123 	 * the scan of tmp without finding any node that moved, much less
1124 	 * moved to an empty node, then there is nothing left worth migrating.
1125 	 */
1126 
1127 	tmp = *from;
1128 	while (!nodes_empty(tmp)) {
1129 		int s, d;
1130 		int source = NUMA_NO_NODE;
1131 		int dest = 0;
1132 
1133 		for_each_node_mask(s, tmp) {
1134 
1135 			/*
1136 			 * do_migrate_pages() tries to maintain the relative
1137 			 * node relationship of the pages established between
1138 			 * threads and memory areas.
1139                          *
1140 			 * However if the number of source nodes is not equal to
1141 			 * the number of destination nodes we can not preserve
1142 			 * this node relative relationship.  In that case, skip
1143 			 * copying memory from a node that is in the destination
1144 			 * mask.
1145 			 *
1146 			 * Example: [2,3,4] -> [3,4,5] moves everything.
1147 			 *          [0-7] - > [3,4,5] moves only 0,1,2,6,7.
1148 			 */
1149 
1150 			if ((nodes_weight(*from) != nodes_weight(*to)) &&
1151 						(node_isset(s, *to)))
1152 				continue;
1153 
1154 			d = node_remap(s, *from, *to);
1155 			if (s == d)
1156 				continue;
1157 
1158 			source = s;	/* Node moved. Memorize */
1159 			dest = d;
1160 
1161 			/* dest not in remaining from nodes? */
1162 			if (!node_isset(dest, tmp))
1163 				break;
1164 		}
1165 		if (source == NUMA_NO_NODE)
1166 			break;
1167 
1168 		node_clear(source, tmp);
1169 		err = migrate_to_node(mm, source, dest, flags);
1170 		if (err > 0)
1171 			busy += err;
1172 		if (err < 0)
1173 			break;
1174 	}
1175 	mmap_read_unlock(mm);
1176 
1177 	lru_cache_enable();
1178 	if (err < 0)
1179 		return err;
1180 	return busy;
1181 
1182 }
1183 
1184 /*
1185  * Allocate a new page for page migration based on vma policy.
1186  * Start by assuming the page is mapped by the same vma as contains @start.
1187  * Search forward from there, if not.  N.B., this assumes that the
1188  * list of pages handed to migrate_pages()--which is how we get here--
1189  * is in virtual address order.
1190  */
1191 static struct page *new_page(struct page *page, unsigned long start)
1192 {
1193 	struct folio *dst, *src = page_folio(page);
1194 	struct vm_area_struct *vma;
1195 	unsigned long address;
1196 	gfp_t gfp = GFP_HIGHUSER_MOVABLE | __GFP_RETRY_MAYFAIL;
1197 
1198 	vma = find_vma(current->mm, start);
1199 	while (vma) {
1200 		address = page_address_in_vma(page, vma);
1201 		if (address != -EFAULT)
1202 			break;
1203 		vma = vma->vm_next;
1204 	}
1205 
1206 	if (folio_test_hugetlb(src))
1207 		return alloc_huge_page_vma(page_hstate(&src->page),
1208 				vma, address);
1209 
1210 	if (folio_test_large(src))
1211 		gfp = GFP_TRANSHUGE;
1212 
1213 	/*
1214 	 * if !vma, vma_alloc_folio() will use task or system default policy
1215 	 */
1216 	dst = vma_alloc_folio(gfp, folio_order(src), vma, address,
1217 			folio_test_large(src));
1218 	return &dst->page;
1219 }
1220 #else
1221 
1222 static int migrate_page_add(struct page *page, struct list_head *pagelist,
1223 				unsigned long flags)
1224 {
1225 	return -EIO;
1226 }
1227 
1228 int do_migrate_pages(struct mm_struct *mm, const nodemask_t *from,
1229 		     const nodemask_t *to, int flags)
1230 {
1231 	return -ENOSYS;
1232 }
1233 
1234 static struct page *new_page(struct page *page, unsigned long start)
1235 {
1236 	return NULL;
1237 }
1238 #endif
1239 
1240 static long do_mbind(unsigned long start, unsigned long len,
1241 		     unsigned short mode, unsigned short mode_flags,
1242 		     nodemask_t *nmask, unsigned long flags)
1243 {
1244 	struct mm_struct *mm = current->mm;
1245 	struct mempolicy *new;
1246 	unsigned long end;
1247 	int err;
1248 	int ret;
1249 	LIST_HEAD(pagelist);
1250 
1251 	if (flags & ~(unsigned long)MPOL_MF_VALID)
1252 		return -EINVAL;
1253 	if ((flags & MPOL_MF_MOVE_ALL) && !capable(CAP_SYS_NICE))
1254 		return -EPERM;
1255 
1256 	if (start & ~PAGE_MASK)
1257 		return -EINVAL;
1258 
1259 	if (mode == MPOL_DEFAULT)
1260 		flags &= ~MPOL_MF_STRICT;
1261 
1262 	len = (len + PAGE_SIZE - 1) & PAGE_MASK;
1263 	end = start + len;
1264 
1265 	if (end < start)
1266 		return -EINVAL;
1267 	if (end == start)
1268 		return 0;
1269 
1270 	new = mpol_new(mode, mode_flags, nmask);
1271 	if (IS_ERR(new))
1272 		return PTR_ERR(new);
1273 
1274 	if (flags & MPOL_MF_LAZY)
1275 		new->flags |= MPOL_F_MOF;
1276 
1277 	/*
1278 	 * If we are using the default policy then operation
1279 	 * on discontinuous address spaces is okay after all
1280 	 */
1281 	if (!new)
1282 		flags |= MPOL_MF_DISCONTIG_OK;
1283 
1284 	pr_debug("mbind %lx-%lx mode:%d flags:%d nodes:%lx\n",
1285 		 start, start + len, mode, mode_flags,
1286 		 nmask ? nodes_addr(*nmask)[0] : NUMA_NO_NODE);
1287 
1288 	if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) {
1289 
1290 		lru_cache_disable();
1291 	}
1292 	{
1293 		NODEMASK_SCRATCH(scratch);
1294 		if (scratch) {
1295 			mmap_write_lock(mm);
1296 			err = mpol_set_nodemask(new, nmask, scratch);
1297 			if (err)
1298 				mmap_write_unlock(mm);
1299 		} else
1300 			err = -ENOMEM;
1301 		NODEMASK_SCRATCH_FREE(scratch);
1302 	}
1303 	if (err)
1304 		goto mpol_out;
1305 
1306 	ret = queue_pages_range(mm, start, end, nmask,
1307 			  flags | MPOL_MF_INVERT, &pagelist);
1308 
1309 	if (ret < 0) {
1310 		err = ret;
1311 		goto up_out;
1312 	}
1313 
1314 	err = mbind_range(mm, start, end, new);
1315 
1316 	if (!err) {
1317 		int nr_failed = 0;
1318 
1319 		if (!list_empty(&pagelist)) {
1320 			WARN_ON_ONCE(flags & MPOL_MF_LAZY);
1321 			nr_failed = migrate_pages(&pagelist, new_page, NULL,
1322 				start, MIGRATE_SYNC, MR_MEMPOLICY_MBIND, NULL);
1323 			if (nr_failed)
1324 				putback_movable_pages(&pagelist);
1325 		}
1326 
1327 		if ((ret > 0) || (nr_failed && (flags & MPOL_MF_STRICT)))
1328 			err = -EIO;
1329 	} else {
1330 up_out:
1331 		if (!list_empty(&pagelist))
1332 			putback_movable_pages(&pagelist);
1333 	}
1334 
1335 	mmap_write_unlock(mm);
1336 mpol_out:
1337 	mpol_put(new);
1338 	if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))
1339 		lru_cache_enable();
1340 	return err;
1341 }
1342 
1343 /*
1344  * User space interface with variable sized bitmaps for nodelists.
1345  */
1346 static int get_bitmap(unsigned long *mask, const unsigned long __user *nmask,
1347 		      unsigned long maxnode)
1348 {
1349 	unsigned long nlongs = BITS_TO_LONGS(maxnode);
1350 	int ret;
1351 
1352 	if (in_compat_syscall())
1353 		ret = compat_get_bitmap(mask,
1354 					(const compat_ulong_t __user *)nmask,
1355 					maxnode);
1356 	else
1357 		ret = copy_from_user(mask, nmask,
1358 				     nlongs * sizeof(unsigned long));
1359 
1360 	if (ret)
1361 		return -EFAULT;
1362 
1363 	if (maxnode % BITS_PER_LONG)
1364 		mask[nlongs - 1] &= (1UL << (maxnode % BITS_PER_LONG)) - 1;
1365 
1366 	return 0;
1367 }
1368 
1369 /* Copy a node mask from user space. */
1370 static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask,
1371 		     unsigned long maxnode)
1372 {
1373 	--maxnode;
1374 	nodes_clear(*nodes);
1375 	if (maxnode == 0 || !nmask)
1376 		return 0;
1377 	if (maxnode > PAGE_SIZE*BITS_PER_BYTE)
1378 		return -EINVAL;
1379 
1380 	/*
1381 	 * When the user specified more nodes than supported just check
1382 	 * if the non supported part is all zero, one word at a time,
1383 	 * starting at the end.
1384 	 */
1385 	while (maxnode > MAX_NUMNODES) {
1386 		unsigned long bits = min_t(unsigned long, maxnode, BITS_PER_LONG);
1387 		unsigned long t;
1388 
1389 		if (get_bitmap(&t, &nmask[(maxnode - 1) / BITS_PER_LONG], bits))
1390 			return -EFAULT;
1391 
1392 		if (maxnode - bits >= MAX_NUMNODES) {
1393 			maxnode -= bits;
1394 		} else {
1395 			maxnode = MAX_NUMNODES;
1396 			t &= ~((1UL << (MAX_NUMNODES % BITS_PER_LONG)) - 1);
1397 		}
1398 		if (t)
1399 			return -EINVAL;
1400 	}
1401 
1402 	return get_bitmap(nodes_addr(*nodes), nmask, maxnode);
1403 }
1404 
1405 /* Copy a kernel node mask to user space */
1406 static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode,
1407 			      nodemask_t *nodes)
1408 {
1409 	unsigned long copy = ALIGN(maxnode-1, 64) / 8;
1410 	unsigned int nbytes = BITS_TO_LONGS(nr_node_ids) * sizeof(long);
1411 	bool compat = in_compat_syscall();
1412 
1413 	if (compat)
1414 		nbytes = BITS_TO_COMPAT_LONGS(nr_node_ids) * sizeof(compat_long_t);
1415 
1416 	if (copy > nbytes) {
1417 		if (copy > PAGE_SIZE)
1418 			return -EINVAL;
1419 		if (clear_user((char __user *)mask + nbytes, copy - nbytes))
1420 			return -EFAULT;
1421 		copy = nbytes;
1422 		maxnode = nr_node_ids;
1423 	}
1424 
1425 	if (compat)
1426 		return compat_put_bitmap((compat_ulong_t __user *)mask,
1427 					 nodes_addr(*nodes), maxnode);
1428 
1429 	return copy_to_user(mask, nodes_addr(*nodes), copy) ? -EFAULT : 0;
1430 }
1431 
1432 /* Basic parameter sanity check used by both mbind() and set_mempolicy() */
1433 static inline int sanitize_mpol_flags(int *mode, unsigned short *flags)
1434 {
1435 	*flags = *mode & MPOL_MODE_FLAGS;
1436 	*mode &= ~MPOL_MODE_FLAGS;
1437 
1438 	if ((unsigned int)(*mode) >=  MPOL_MAX)
1439 		return -EINVAL;
1440 	if ((*flags & MPOL_F_STATIC_NODES) && (*flags & MPOL_F_RELATIVE_NODES))
1441 		return -EINVAL;
1442 	if (*flags & MPOL_F_NUMA_BALANCING) {
1443 		if (*mode != MPOL_BIND)
1444 			return -EINVAL;
1445 		*flags |= (MPOL_F_MOF | MPOL_F_MORON);
1446 	}
1447 	return 0;
1448 }
1449 
1450 static long kernel_mbind(unsigned long start, unsigned long len,
1451 			 unsigned long mode, const unsigned long __user *nmask,
1452 			 unsigned long maxnode, unsigned int flags)
1453 {
1454 	unsigned short mode_flags;
1455 	nodemask_t nodes;
1456 	int lmode = mode;
1457 	int err;
1458 
1459 	start = untagged_addr(start);
1460 	err = sanitize_mpol_flags(&lmode, &mode_flags);
1461 	if (err)
1462 		return err;
1463 
1464 	err = get_nodes(&nodes, nmask, maxnode);
1465 	if (err)
1466 		return err;
1467 
1468 	return do_mbind(start, len, lmode, mode_flags, &nodes, flags);
1469 }
1470 
1471 SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned long, start, unsigned long, len,
1472 		unsigned long, home_node, unsigned long, flags)
1473 {
1474 	struct mm_struct *mm = current->mm;
1475 	struct vm_area_struct *vma;
1476 	struct mempolicy *new;
1477 	unsigned long vmstart;
1478 	unsigned long vmend;
1479 	unsigned long end;
1480 	int err = -ENOENT;
1481 
1482 	start = untagged_addr(start);
1483 	if (start & ~PAGE_MASK)
1484 		return -EINVAL;
1485 	/*
1486 	 * flags is used for future extension if any.
1487 	 */
1488 	if (flags != 0)
1489 		return -EINVAL;
1490 
1491 	/*
1492 	 * Check home_node is online to avoid accessing uninitialized
1493 	 * NODE_DATA.
1494 	 */
1495 	if (home_node >= MAX_NUMNODES || !node_online(home_node))
1496 		return -EINVAL;
1497 
1498 	len = (len + PAGE_SIZE - 1) & PAGE_MASK;
1499 	end = start + len;
1500 
1501 	if (end < start)
1502 		return -EINVAL;
1503 	if (end == start)
1504 		return 0;
1505 	mmap_write_lock(mm);
1506 	vma = find_vma(mm, start);
1507 	for (; vma && vma->vm_start < end;  vma = vma->vm_next) {
1508 
1509 		vmstart = max(start, vma->vm_start);
1510 		vmend   = min(end, vma->vm_end);
1511 		new = mpol_dup(vma_policy(vma));
1512 		if (IS_ERR(new)) {
1513 			err = PTR_ERR(new);
1514 			break;
1515 		}
1516 		/*
1517 		 * Only update home node if there is an existing vma policy
1518 		 */
1519 		if (!new)
1520 			continue;
1521 
1522 		/*
1523 		 * If any vma in the range got policy other than MPOL_BIND
1524 		 * or MPOL_PREFERRED_MANY we return error. We don't reset
1525 		 * the home node for vmas we already updated before.
1526 		 */
1527 		if (new->mode != MPOL_BIND && new->mode != MPOL_PREFERRED_MANY) {
1528 			err = -EOPNOTSUPP;
1529 			break;
1530 		}
1531 
1532 		new->home_node = home_node;
1533 		err = mbind_range(mm, vmstart, vmend, new);
1534 		mpol_put(new);
1535 		if (err)
1536 			break;
1537 	}
1538 	mmap_write_unlock(mm);
1539 	return err;
1540 }
1541 
1542 SYSCALL_DEFINE6(mbind, unsigned long, start, unsigned long, len,
1543 		unsigned long, mode, const unsigned long __user *, nmask,
1544 		unsigned long, maxnode, unsigned int, flags)
1545 {
1546 	return kernel_mbind(start, len, mode, nmask, maxnode, flags);
1547 }
1548 
1549 /* Set the process memory policy */
1550 static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask,
1551 				 unsigned long maxnode)
1552 {
1553 	unsigned short mode_flags;
1554 	nodemask_t nodes;
1555 	int lmode = mode;
1556 	int err;
1557 
1558 	err = sanitize_mpol_flags(&lmode, &mode_flags);
1559 	if (err)
1560 		return err;
1561 
1562 	err = get_nodes(&nodes, nmask, maxnode);
1563 	if (err)
1564 		return err;
1565 
1566 	return do_set_mempolicy(lmode, mode_flags, &nodes);
1567 }
1568 
1569 SYSCALL_DEFINE3(set_mempolicy, int, mode, const unsigned long __user *, nmask,
1570 		unsigned long, maxnode)
1571 {
1572 	return kernel_set_mempolicy(mode, nmask, maxnode);
1573 }
1574 
1575 static int kernel_migrate_pages(pid_t pid, unsigned long maxnode,
1576 				const unsigned long __user *old_nodes,
1577 				const unsigned long __user *new_nodes)
1578 {
1579 	struct mm_struct *mm = NULL;
1580 	struct task_struct *task;
1581 	nodemask_t task_nodes;
1582 	int err;
1583 	nodemask_t *old;
1584 	nodemask_t *new;
1585 	NODEMASK_SCRATCH(scratch);
1586 
1587 	if (!scratch)
1588 		return -ENOMEM;
1589 
1590 	old = &scratch->mask1;
1591 	new = &scratch->mask2;
1592 
1593 	err = get_nodes(old, old_nodes, maxnode);
1594 	if (err)
1595 		goto out;
1596 
1597 	err = get_nodes(new, new_nodes, maxnode);
1598 	if (err)
1599 		goto out;
1600 
1601 	/* Find the mm_struct */
1602 	rcu_read_lock();
1603 	task = pid ? find_task_by_vpid(pid) : current;
1604 	if (!task) {
1605 		rcu_read_unlock();
1606 		err = -ESRCH;
1607 		goto out;
1608 	}
1609 	get_task_struct(task);
1610 
1611 	err = -EINVAL;
1612 
1613 	/*
1614 	 * Check if this process has the right to modify the specified process.
1615 	 * Use the regular "ptrace_may_access()" checks.
1616 	 */
1617 	if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
1618 		rcu_read_unlock();
1619 		err = -EPERM;
1620 		goto out_put;
1621 	}
1622 	rcu_read_unlock();
1623 
1624 	task_nodes = cpuset_mems_allowed(task);
1625 	/* Is the user allowed to access the target nodes? */
1626 	if (!nodes_subset(*new, task_nodes) && !capable(CAP_SYS_NICE)) {
1627 		err = -EPERM;
1628 		goto out_put;
1629 	}
1630 
1631 	task_nodes = cpuset_mems_allowed(current);
1632 	nodes_and(*new, *new, task_nodes);
1633 	if (nodes_empty(*new))
1634 		goto out_put;
1635 
1636 	err = security_task_movememory(task);
1637 	if (err)
1638 		goto out_put;
1639 
1640 	mm = get_task_mm(task);
1641 	put_task_struct(task);
1642 
1643 	if (!mm) {
1644 		err = -EINVAL;
1645 		goto out;
1646 	}
1647 
1648 	err = do_migrate_pages(mm, old, new,
1649 		capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
1650 
1651 	mmput(mm);
1652 out:
1653 	NODEMASK_SCRATCH_FREE(scratch);
1654 
1655 	return err;
1656 
1657 out_put:
1658 	put_task_struct(task);
1659 	goto out;
1660 
1661 }
1662 
1663 SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
1664 		const unsigned long __user *, old_nodes,
1665 		const unsigned long __user *, new_nodes)
1666 {
1667 	return kernel_migrate_pages(pid, maxnode, old_nodes, new_nodes);
1668 }
1669 
1670 
1671 /* Retrieve NUMA policy */
1672 static int kernel_get_mempolicy(int __user *policy,
1673 				unsigned long __user *nmask,
1674 				unsigned long maxnode,
1675 				unsigned long addr,
1676 				unsigned long flags)
1677 {
1678 	int err;
1679 	int pval;
1680 	nodemask_t nodes;
1681 
1682 	if (nmask != NULL && maxnode < nr_node_ids)
1683 		return -EINVAL;
1684 
1685 	addr = untagged_addr(addr);
1686 
1687 	err = do_get_mempolicy(&pval, &nodes, addr, flags);
1688 
1689 	if (err)
1690 		return err;
1691 
1692 	if (policy && put_user(pval, policy))
1693 		return -EFAULT;
1694 
1695 	if (nmask)
1696 		err = copy_nodes_to_user(nmask, maxnode, &nodes);
1697 
1698 	return err;
1699 }
1700 
1701 SYSCALL_DEFINE5(get_mempolicy, int __user *, policy,
1702 		unsigned long __user *, nmask, unsigned long, maxnode,
1703 		unsigned long, addr, unsigned long, flags)
1704 {
1705 	return kernel_get_mempolicy(policy, nmask, maxnode, addr, flags);
1706 }
1707 
1708 bool vma_migratable(struct vm_area_struct *vma)
1709 {
1710 	if (vma->vm_flags & (VM_IO | VM_PFNMAP))
1711 		return false;
1712 
1713 	/*
1714 	 * DAX device mappings require predictable access latency, so avoid
1715 	 * incurring periodic faults.
1716 	 */
1717 	if (vma_is_dax(vma))
1718 		return false;
1719 
1720 	if (is_vm_hugetlb_page(vma) &&
1721 		!hugepage_migration_supported(hstate_vma(vma)))
1722 		return false;
1723 
1724 	/*
1725 	 * Migration allocates pages in the highest zone. If we cannot
1726 	 * do so then migration (at least from node to node) is not
1727 	 * possible.
1728 	 */
1729 	if (vma->vm_file &&
1730 		gfp_zone(mapping_gfp_mask(vma->vm_file->f_mapping))
1731 			< policy_zone)
1732 		return false;
1733 	return true;
1734 }
1735 
1736 struct mempolicy *__get_vma_policy(struct vm_area_struct *vma,
1737 						unsigned long addr)
1738 {
1739 	struct mempolicy *pol = NULL;
1740 
1741 	if (vma) {
1742 		if (vma->vm_ops && vma->vm_ops->get_policy) {
1743 			pol = vma->vm_ops->get_policy(vma, addr);
1744 		} else if (vma->vm_policy) {
1745 			pol = vma->vm_policy;
1746 
1747 			/*
1748 			 * shmem_alloc_page() passes MPOL_F_SHARED policy with
1749 			 * a pseudo vma whose vma->vm_ops=NULL. Take a reference
1750 			 * count on these policies which will be dropped by
1751 			 * mpol_cond_put() later
1752 			 */
1753 			if (mpol_needs_cond_ref(pol))
1754 				mpol_get(pol);
1755 		}
1756 	}
1757 
1758 	return pol;
1759 }
1760 
1761 /*
1762  * get_vma_policy(@vma, @addr)
1763  * @vma: virtual memory area whose policy is sought
1764  * @addr: address in @vma for shared policy lookup
1765  *
1766  * Returns effective policy for a VMA at specified address.
1767  * Falls back to current->mempolicy or system default policy, as necessary.
1768  * Shared policies [those marked as MPOL_F_SHARED] require an extra reference
1769  * count--added by the get_policy() vm_op, as appropriate--to protect against
1770  * freeing by another task.  It is the caller's responsibility to free the
1771  * extra reference for shared policies.
1772  */
1773 static struct mempolicy *get_vma_policy(struct vm_area_struct *vma,
1774 						unsigned long addr)
1775 {
1776 	struct mempolicy *pol = __get_vma_policy(vma, addr);
1777 
1778 	if (!pol)
1779 		pol = get_task_policy(current);
1780 
1781 	return pol;
1782 }
1783 
1784 bool vma_policy_mof(struct vm_area_struct *vma)
1785 {
1786 	struct mempolicy *pol;
1787 
1788 	if (vma->vm_ops && vma->vm_ops->get_policy) {
1789 		bool ret = false;
1790 
1791 		pol = vma->vm_ops->get_policy(vma, vma->vm_start);
1792 		if (pol && (pol->flags & MPOL_F_MOF))
1793 			ret = true;
1794 		mpol_cond_put(pol);
1795 
1796 		return ret;
1797 	}
1798 
1799 	pol = vma->vm_policy;
1800 	if (!pol)
1801 		pol = get_task_policy(current);
1802 
1803 	return pol->flags & MPOL_F_MOF;
1804 }
1805 
1806 static int apply_policy_zone(struct mempolicy *policy, enum zone_type zone)
1807 {
1808 	enum zone_type dynamic_policy_zone = policy_zone;
1809 
1810 	BUG_ON(dynamic_policy_zone == ZONE_MOVABLE);
1811 
1812 	/*
1813 	 * if policy->nodes has movable memory only,
1814 	 * we apply policy when gfp_zone(gfp) = ZONE_MOVABLE only.
1815 	 *
1816 	 * policy->nodes is intersect with node_states[N_MEMORY].
1817 	 * so if the following test fails, it implies
1818 	 * policy->nodes has movable memory only.
1819 	 */
1820 	if (!nodes_intersects(policy->nodes, node_states[N_HIGH_MEMORY]))
1821 		dynamic_policy_zone = ZONE_MOVABLE;
1822 
1823 	return zone >= dynamic_policy_zone;
1824 }
1825 
1826 /*
1827  * Return a nodemask representing a mempolicy for filtering nodes for
1828  * page allocation
1829  */
1830 nodemask_t *policy_nodemask(gfp_t gfp, struct mempolicy *policy)
1831 {
1832 	int mode = policy->mode;
1833 
1834 	/* Lower zones don't get a nodemask applied for MPOL_BIND */
1835 	if (unlikely(mode == MPOL_BIND) &&
1836 		apply_policy_zone(policy, gfp_zone(gfp)) &&
1837 		cpuset_nodemask_valid_mems_allowed(&policy->nodes))
1838 		return &policy->nodes;
1839 
1840 	if (mode == MPOL_PREFERRED_MANY)
1841 		return &policy->nodes;
1842 
1843 	return NULL;
1844 }
1845 
1846 /*
1847  * Return the  preferred node id for 'prefer' mempolicy, and return
1848  * the given id for all other policies.
1849  *
1850  * policy_node() is always coupled with policy_nodemask(), which
1851  * secures the nodemask limit for 'bind' and 'prefer-many' policy.
1852  */
1853 static int policy_node(gfp_t gfp, struct mempolicy *policy, int nd)
1854 {
1855 	if (policy->mode == MPOL_PREFERRED) {
1856 		nd = first_node(policy->nodes);
1857 	} else {
1858 		/*
1859 		 * __GFP_THISNODE shouldn't even be used with the bind policy
1860 		 * because we might easily break the expectation to stay on the
1861 		 * requested node and not break the policy.
1862 		 */
1863 		WARN_ON_ONCE(policy->mode == MPOL_BIND && (gfp & __GFP_THISNODE));
1864 	}
1865 
1866 	if ((policy->mode == MPOL_BIND ||
1867 	     policy->mode == MPOL_PREFERRED_MANY) &&
1868 	    policy->home_node != NUMA_NO_NODE)
1869 		return policy->home_node;
1870 
1871 	return nd;
1872 }
1873 
1874 /* Do dynamic interleaving for a process */
1875 static unsigned interleave_nodes(struct mempolicy *policy)
1876 {
1877 	unsigned next;
1878 	struct task_struct *me = current;
1879 
1880 	next = next_node_in(me->il_prev, policy->nodes);
1881 	if (next < MAX_NUMNODES)
1882 		me->il_prev = next;
1883 	return next;
1884 }
1885 
1886 /*
1887  * Depending on the memory policy provide a node from which to allocate the
1888  * next slab entry.
1889  */
1890 unsigned int mempolicy_slab_node(void)
1891 {
1892 	struct mempolicy *policy;
1893 	int node = numa_mem_id();
1894 
1895 	if (!in_task())
1896 		return node;
1897 
1898 	policy = current->mempolicy;
1899 	if (!policy)
1900 		return node;
1901 
1902 	switch (policy->mode) {
1903 	case MPOL_PREFERRED:
1904 		return first_node(policy->nodes);
1905 
1906 	case MPOL_INTERLEAVE:
1907 		return interleave_nodes(policy);
1908 
1909 	case MPOL_BIND:
1910 	case MPOL_PREFERRED_MANY:
1911 	{
1912 		struct zoneref *z;
1913 
1914 		/*
1915 		 * Follow bind policy behavior and start allocation at the
1916 		 * first node.
1917 		 */
1918 		struct zonelist *zonelist;
1919 		enum zone_type highest_zoneidx = gfp_zone(GFP_KERNEL);
1920 		zonelist = &NODE_DATA(node)->node_zonelists[ZONELIST_FALLBACK];
1921 		z = first_zones_zonelist(zonelist, highest_zoneidx,
1922 							&policy->nodes);
1923 		return z->zone ? zone_to_nid(z->zone) : node;
1924 	}
1925 	case MPOL_LOCAL:
1926 		return node;
1927 
1928 	default:
1929 		BUG();
1930 	}
1931 }
1932 
1933 /*
1934  * Do static interleaving for a VMA with known offset @n.  Returns the n'th
1935  * node in pol->nodes (starting from n=0), wrapping around if n exceeds the
1936  * number of present nodes.
1937  */
1938 static unsigned offset_il_node(struct mempolicy *pol, unsigned long n)
1939 {
1940 	nodemask_t nodemask = pol->nodes;
1941 	unsigned int target, nnodes;
1942 	int i;
1943 	int nid;
1944 	/*
1945 	 * The barrier will stabilize the nodemask in a register or on
1946 	 * the stack so that it will stop changing under the code.
1947 	 *
1948 	 * Between first_node() and next_node(), pol->nodes could be changed
1949 	 * by other threads. So we put pol->nodes in a local stack.
1950 	 */
1951 	barrier();
1952 
1953 	nnodes = nodes_weight(nodemask);
1954 	if (!nnodes)
1955 		return numa_node_id();
1956 	target = (unsigned int)n % nnodes;
1957 	nid = first_node(nodemask);
1958 	for (i = 0; i < target; i++)
1959 		nid = next_node(nid, nodemask);
1960 	return nid;
1961 }
1962 
1963 /* Determine a node number for interleave */
1964 static inline unsigned interleave_nid(struct mempolicy *pol,
1965 		 struct vm_area_struct *vma, unsigned long addr, int shift)
1966 {
1967 	if (vma) {
1968 		unsigned long off;
1969 
1970 		/*
1971 		 * for small pages, there is no difference between
1972 		 * shift and PAGE_SHIFT, so the bit-shift is safe.
1973 		 * for huge pages, since vm_pgoff is in units of small
1974 		 * pages, we need to shift off the always 0 bits to get
1975 		 * a useful offset.
1976 		 */
1977 		BUG_ON(shift < PAGE_SHIFT);
1978 		off = vma->vm_pgoff >> (shift - PAGE_SHIFT);
1979 		off += (addr - vma->vm_start) >> shift;
1980 		return offset_il_node(pol, off);
1981 	} else
1982 		return interleave_nodes(pol);
1983 }
1984 
1985 #ifdef CONFIG_HUGETLBFS
1986 /*
1987  * huge_node(@vma, @addr, @gfp_flags, @mpol)
1988  * @vma: virtual memory area whose policy is sought
1989  * @addr: address in @vma for shared policy lookup and interleave policy
1990  * @gfp_flags: for requested zone
1991  * @mpol: pointer to mempolicy pointer for reference counted mempolicy
1992  * @nodemask: pointer to nodemask pointer for 'bind' and 'prefer-many' policy
1993  *
1994  * Returns a nid suitable for a huge page allocation and a pointer
1995  * to the struct mempolicy for conditional unref after allocation.
1996  * If the effective policy is 'bind' or 'prefer-many', returns a pointer
1997  * to the mempolicy's @nodemask for filtering the zonelist.
1998  *
1999  * Must be protected by read_mems_allowed_begin()
2000  */
2001 int huge_node(struct vm_area_struct *vma, unsigned long addr, gfp_t gfp_flags,
2002 				struct mempolicy **mpol, nodemask_t **nodemask)
2003 {
2004 	int nid;
2005 	int mode;
2006 
2007 	*mpol = get_vma_policy(vma, addr);
2008 	*nodemask = NULL;
2009 	mode = (*mpol)->mode;
2010 
2011 	if (unlikely(mode == MPOL_INTERLEAVE)) {
2012 		nid = interleave_nid(*mpol, vma, addr,
2013 					huge_page_shift(hstate_vma(vma)));
2014 	} else {
2015 		nid = policy_node(gfp_flags, *mpol, numa_node_id());
2016 		if (mode == MPOL_BIND || mode == MPOL_PREFERRED_MANY)
2017 			*nodemask = &(*mpol)->nodes;
2018 	}
2019 	return nid;
2020 }
2021 
2022 /*
2023  * init_nodemask_of_mempolicy
2024  *
2025  * If the current task's mempolicy is "default" [NULL], return 'false'
2026  * to indicate default policy.  Otherwise, extract the policy nodemask
2027  * for 'bind' or 'interleave' policy into the argument nodemask, or
2028  * initialize the argument nodemask to contain the single node for
2029  * 'preferred' or 'local' policy and return 'true' to indicate presence
2030  * of non-default mempolicy.
2031  *
2032  * We don't bother with reference counting the mempolicy [mpol_get/put]
2033  * because the current task is examining it's own mempolicy and a task's
2034  * mempolicy is only ever changed by the task itself.
2035  *
2036  * N.B., it is the caller's responsibility to free a returned nodemask.
2037  */
2038 bool init_nodemask_of_mempolicy(nodemask_t *mask)
2039 {
2040 	struct mempolicy *mempolicy;
2041 
2042 	if (!(mask && current->mempolicy))
2043 		return false;
2044 
2045 	task_lock(current);
2046 	mempolicy = current->mempolicy;
2047 	switch (mempolicy->mode) {
2048 	case MPOL_PREFERRED:
2049 	case MPOL_PREFERRED_MANY:
2050 	case MPOL_BIND:
2051 	case MPOL_INTERLEAVE:
2052 		*mask = mempolicy->nodes;
2053 		break;
2054 
2055 	case MPOL_LOCAL:
2056 		init_nodemask_of_node(mask, numa_node_id());
2057 		break;
2058 
2059 	default:
2060 		BUG();
2061 	}
2062 	task_unlock(current);
2063 
2064 	return true;
2065 }
2066 #endif
2067 
2068 /*
2069  * mempolicy_in_oom_domain
2070  *
2071  * If tsk's mempolicy is "bind", check for intersection between mask and
2072  * the policy nodemask. Otherwise, return true for all other policies
2073  * including "interleave", as a tsk with "interleave" policy may have
2074  * memory allocated from all nodes in system.
2075  *
2076  * Takes task_lock(tsk) to prevent freeing of its mempolicy.
2077  */
2078 bool mempolicy_in_oom_domain(struct task_struct *tsk,
2079 					const nodemask_t *mask)
2080 {
2081 	struct mempolicy *mempolicy;
2082 	bool ret = true;
2083 
2084 	if (!mask)
2085 		return ret;
2086 
2087 	task_lock(tsk);
2088 	mempolicy = tsk->mempolicy;
2089 	if (mempolicy && mempolicy->mode == MPOL_BIND)
2090 		ret = nodes_intersects(mempolicy->nodes, *mask);
2091 	task_unlock(tsk);
2092 
2093 	return ret;
2094 }
2095 
2096 /* Allocate a page in interleaved policy.
2097    Own path because it needs to do special accounting. */
2098 static struct page *alloc_page_interleave(gfp_t gfp, unsigned order,
2099 					unsigned nid)
2100 {
2101 	struct page *page;
2102 
2103 	page = __alloc_pages(gfp, order, nid, NULL);
2104 	/* skip NUMA_INTERLEAVE_HIT counter update if numa stats is disabled */
2105 	if (!static_branch_likely(&vm_numa_stat_key))
2106 		return page;
2107 	if (page && page_to_nid(page) == nid) {
2108 		preempt_disable();
2109 		__count_numa_event(page_zone(page), NUMA_INTERLEAVE_HIT);
2110 		preempt_enable();
2111 	}
2112 	return page;
2113 }
2114 
2115 static struct page *alloc_pages_preferred_many(gfp_t gfp, unsigned int order,
2116 						int nid, struct mempolicy *pol)
2117 {
2118 	struct page *page;
2119 	gfp_t preferred_gfp;
2120 
2121 	/*
2122 	 * This is a two pass approach. The first pass will only try the
2123 	 * preferred nodes but skip the direct reclaim and allow the
2124 	 * allocation to fail, while the second pass will try all the
2125 	 * nodes in system.
2126 	 */
2127 	preferred_gfp = gfp | __GFP_NOWARN;
2128 	preferred_gfp &= ~(__GFP_DIRECT_RECLAIM | __GFP_NOFAIL);
2129 	page = __alloc_pages(preferred_gfp, order, nid, &pol->nodes);
2130 	if (!page)
2131 		page = __alloc_pages(gfp, order, nid, NULL);
2132 
2133 	return page;
2134 }
2135 
2136 /**
2137  * vma_alloc_folio - Allocate a folio for a VMA.
2138  * @gfp: GFP flags.
2139  * @order: Order of the folio.
2140  * @vma: Pointer to VMA or NULL if not available.
2141  * @addr: Virtual address of the allocation.  Must be inside @vma.
2142  * @hugepage: For hugepages try only the preferred node if possible.
2143  *
2144  * Allocate a folio for a specific address in @vma, using the appropriate
2145  * NUMA policy.  When @vma is not NULL the caller must hold the mmap_lock
2146  * of the mm_struct of the VMA to prevent it from going away.  Should be
2147  * used for all allocations for folios that will be mapped into user space.
2148  *
2149  * Return: The folio on success or NULL if allocation fails.
2150  */
2151 struct folio *vma_alloc_folio(gfp_t gfp, int order, struct vm_area_struct *vma,
2152 		unsigned long addr, bool hugepage)
2153 {
2154 	struct mempolicy *pol;
2155 	int node = numa_node_id();
2156 	struct folio *folio;
2157 	int preferred_nid;
2158 	nodemask_t *nmask;
2159 
2160 	pol = get_vma_policy(vma, addr);
2161 
2162 	if (pol->mode == MPOL_INTERLEAVE) {
2163 		struct page *page;
2164 		unsigned nid;
2165 
2166 		nid = interleave_nid(pol, vma, addr, PAGE_SHIFT + order);
2167 		mpol_cond_put(pol);
2168 		gfp |= __GFP_COMP;
2169 		page = alloc_page_interleave(gfp, order, nid);
2170 		if (page && order > 1)
2171 			prep_transhuge_page(page);
2172 		folio = (struct folio *)page;
2173 		goto out;
2174 	}
2175 
2176 	if (pol->mode == MPOL_PREFERRED_MANY) {
2177 		struct page *page;
2178 
2179 		node = policy_node(gfp, pol, node);
2180 		gfp |= __GFP_COMP;
2181 		page = alloc_pages_preferred_many(gfp, order, node, pol);
2182 		mpol_cond_put(pol);
2183 		if (page && order > 1)
2184 			prep_transhuge_page(page);
2185 		folio = (struct folio *)page;
2186 		goto out;
2187 	}
2188 
2189 	if (unlikely(IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && hugepage)) {
2190 		int hpage_node = node;
2191 
2192 		/*
2193 		 * For hugepage allocation and non-interleave policy which
2194 		 * allows the current node (or other explicitly preferred
2195 		 * node) we only try to allocate from the current/preferred
2196 		 * node and don't fall back to other nodes, as the cost of
2197 		 * remote accesses would likely offset THP benefits.
2198 		 *
2199 		 * If the policy is interleave or does not allow the current
2200 		 * node in its nodemask, we allocate the standard way.
2201 		 */
2202 		if (pol->mode == MPOL_PREFERRED)
2203 			hpage_node = first_node(pol->nodes);
2204 
2205 		nmask = policy_nodemask(gfp, pol);
2206 		if (!nmask || node_isset(hpage_node, *nmask)) {
2207 			mpol_cond_put(pol);
2208 			/*
2209 			 * First, try to allocate THP only on local node, but
2210 			 * don't reclaim unnecessarily, just compact.
2211 			 */
2212 			folio = __folio_alloc_node(gfp | __GFP_THISNODE |
2213 					__GFP_NORETRY, order, hpage_node);
2214 
2215 			/*
2216 			 * If hugepage allocations are configured to always
2217 			 * synchronous compact or the vma has been madvised
2218 			 * to prefer hugepage backing, retry allowing remote
2219 			 * memory with both reclaim and compact as well.
2220 			 */
2221 			if (!folio && (gfp & __GFP_DIRECT_RECLAIM))
2222 				folio = __folio_alloc(gfp, order, hpage_node,
2223 						      nmask);
2224 
2225 			goto out;
2226 		}
2227 	}
2228 
2229 	nmask = policy_nodemask(gfp, pol);
2230 	preferred_nid = policy_node(gfp, pol, node);
2231 	folio = __folio_alloc(gfp, order, preferred_nid, nmask);
2232 	mpol_cond_put(pol);
2233 out:
2234 	return folio;
2235 }
2236 EXPORT_SYMBOL(vma_alloc_folio);
2237 
2238 /**
2239  * alloc_pages - Allocate pages.
2240  * @gfp: GFP flags.
2241  * @order: Power of two of number of pages to allocate.
2242  *
2243  * Allocate 1 << @order contiguous pages.  The physical address of the
2244  * first page is naturally aligned (eg an order-3 allocation will be aligned
2245  * to a multiple of 8 * PAGE_SIZE bytes).  The NUMA policy of the current
2246  * process is honoured when in process context.
2247  *
2248  * Context: Can be called from any context, providing the appropriate GFP
2249  * flags are used.
2250  * Return: The page on success or NULL if allocation fails.
2251  */
2252 struct page *alloc_pages(gfp_t gfp, unsigned order)
2253 {
2254 	struct mempolicy *pol = &default_policy;
2255 	struct page *page;
2256 
2257 	if (!in_interrupt() && !(gfp & __GFP_THISNODE))
2258 		pol = get_task_policy(current);
2259 
2260 	/*
2261 	 * No reference counting needed for current->mempolicy
2262 	 * nor system default_policy
2263 	 */
2264 	if (pol->mode == MPOL_INTERLEAVE)
2265 		page = alloc_page_interleave(gfp, order, interleave_nodes(pol));
2266 	else if (pol->mode == MPOL_PREFERRED_MANY)
2267 		page = alloc_pages_preferred_many(gfp, order,
2268 				  policy_node(gfp, pol, numa_node_id()), pol);
2269 	else
2270 		page = __alloc_pages(gfp, order,
2271 				policy_node(gfp, pol, numa_node_id()),
2272 				policy_nodemask(gfp, pol));
2273 
2274 	return page;
2275 }
2276 EXPORT_SYMBOL(alloc_pages);
2277 
2278 struct folio *folio_alloc(gfp_t gfp, unsigned order)
2279 {
2280 	struct page *page = alloc_pages(gfp | __GFP_COMP, order);
2281 
2282 	if (page && order > 1)
2283 		prep_transhuge_page(page);
2284 	return (struct folio *)page;
2285 }
2286 EXPORT_SYMBOL(folio_alloc);
2287 
2288 static unsigned long alloc_pages_bulk_array_interleave(gfp_t gfp,
2289 		struct mempolicy *pol, unsigned long nr_pages,
2290 		struct page **page_array)
2291 {
2292 	int nodes;
2293 	unsigned long nr_pages_per_node;
2294 	int delta;
2295 	int i;
2296 	unsigned long nr_allocated;
2297 	unsigned long total_allocated = 0;
2298 
2299 	nodes = nodes_weight(pol->nodes);
2300 	nr_pages_per_node = nr_pages / nodes;
2301 	delta = nr_pages - nodes * nr_pages_per_node;
2302 
2303 	for (i = 0; i < nodes; i++) {
2304 		if (delta) {
2305 			nr_allocated = __alloc_pages_bulk(gfp,
2306 					interleave_nodes(pol), NULL,
2307 					nr_pages_per_node + 1, NULL,
2308 					page_array);
2309 			delta--;
2310 		} else {
2311 			nr_allocated = __alloc_pages_bulk(gfp,
2312 					interleave_nodes(pol), NULL,
2313 					nr_pages_per_node, NULL, page_array);
2314 		}
2315 
2316 		page_array += nr_allocated;
2317 		total_allocated += nr_allocated;
2318 	}
2319 
2320 	return total_allocated;
2321 }
2322 
2323 static unsigned long alloc_pages_bulk_array_preferred_many(gfp_t gfp, int nid,
2324 		struct mempolicy *pol, unsigned long nr_pages,
2325 		struct page **page_array)
2326 {
2327 	gfp_t preferred_gfp;
2328 	unsigned long nr_allocated = 0;
2329 
2330 	preferred_gfp = gfp | __GFP_NOWARN;
2331 	preferred_gfp &= ~(__GFP_DIRECT_RECLAIM | __GFP_NOFAIL);
2332 
2333 	nr_allocated  = __alloc_pages_bulk(preferred_gfp, nid, &pol->nodes,
2334 					   nr_pages, NULL, page_array);
2335 
2336 	if (nr_allocated < nr_pages)
2337 		nr_allocated += __alloc_pages_bulk(gfp, numa_node_id(), NULL,
2338 				nr_pages - nr_allocated, NULL,
2339 				page_array + nr_allocated);
2340 	return nr_allocated;
2341 }
2342 
2343 /* alloc pages bulk and mempolicy should be considered at the
2344  * same time in some situation such as vmalloc.
2345  *
2346  * It can accelerate memory allocation especially interleaving
2347  * allocate memory.
2348  */
2349 unsigned long alloc_pages_bulk_array_mempolicy(gfp_t gfp,
2350 		unsigned long nr_pages, struct page **page_array)
2351 {
2352 	struct mempolicy *pol = &default_policy;
2353 
2354 	if (!in_interrupt() && !(gfp & __GFP_THISNODE))
2355 		pol = get_task_policy(current);
2356 
2357 	if (pol->mode == MPOL_INTERLEAVE)
2358 		return alloc_pages_bulk_array_interleave(gfp, pol,
2359 							 nr_pages, page_array);
2360 
2361 	if (pol->mode == MPOL_PREFERRED_MANY)
2362 		return alloc_pages_bulk_array_preferred_many(gfp,
2363 				numa_node_id(), pol, nr_pages, page_array);
2364 
2365 	return __alloc_pages_bulk(gfp, policy_node(gfp, pol, numa_node_id()),
2366 				  policy_nodemask(gfp, pol), nr_pages, NULL,
2367 				  page_array);
2368 }
2369 
2370 int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
2371 {
2372 	struct mempolicy *pol = mpol_dup(vma_policy(src));
2373 
2374 	if (IS_ERR(pol))
2375 		return PTR_ERR(pol);
2376 	dst->vm_policy = pol;
2377 	return 0;
2378 }
2379 
2380 /*
2381  * If mpol_dup() sees current->cpuset == cpuset_being_rebound, then it
2382  * rebinds the mempolicy its copying by calling mpol_rebind_policy()
2383  * with the mems_allowed returned by cpuset_mems_allowed().  This
2384  * keeps mempolicies cpuset relative after its cpuset moves.  See
2385  * further kernel/cpuset.c update_nodemask().
2386  *
2387  * current's mempolicy may be rebinded by the other task(the task that changes
2388  * cpuset's mems), so we needn't do rebind work for current task.
2389  */
2390 
2391 /* Slow path of a mempolicy duplicate */
2392 struct mempolicy *__mpol_dup(struct mempolicy *old)
2393 {
2394 	struct mempolicy *new = kmem_cache_alloc(policy_cache, GFP_KERNEL);
2395 
2396 	if (!new)
2397 		return ERR_PTR(-ENOMEM);
2398 
2399 	/* task's mempolicy is protected by alloc_lock */
2400 	if (old == current->mempolicy) {
2401 		task_lock(current);
2402 		*new = *old;
2403 		task_unlock(current);
2404 	} else
2405 		*new = *old;
2406 
2407 	if (current_cpuset_is_being_rebound()) {
2408 		nodemask_t mems = cpuset_mems_allowed(current);
2409 		mpol_rebind_policy(new, &mems);
2410 	}
2411 	atomic_set(&new->refcnt, 1);
2412 	return new;
2413 }
2414 
2415 /* Slow path of a mempolicy comparison */
2416 bool __mpol_equal(struct mempolicy *a, struct mempolicy *b)
2417 {
2418 	if (!a || !b)
2419 		return false;
2420 	if (a->mode != b->mode)
2421 		return false;
2422 	if (a->flags != b->flags)
2423 		return false;
2424 	if (a->home_node != b->home_node)
2425 		return false;
2426 	if (mpol_store_user_nodemask(a))
2427 		if (!nodes_equal(a->w.user_nodemask, b->w.user_nodemask))
2428 			return false;
2429 
2430 	switch (a->mode) {
2431 	case MPOL_BIND:
2432 	case MPOL_INTERLEAVE:
2433 	case MPOL_PREFERRED:
2434 	case MPOL_PREFERRED_MANY:
2435 		return !!nodes_equal(a->nodes, b->nodes);
2436 	case MPOL_LOCAL:
2437 		return true;
2438 	default:
2439 		BUG();
2440 		return false;
2441 	}
2442 }
2443 
2444 /*
2445  * Shared memory backing store policy support.
2446  *
2447  * Remember policies even when nobody has shared memory mapped.
2448  * The policies are kept in Red-Black tree linked from the inode.
2449  * They are protected by the sp->lock rwlock, which should be held
2450  * for any accesses to the tree.
2451  */
2452 
2453 /*
2454  * lookup first element intersecting start-end.  Caller holds sp->lock for
2455  * reading or for writing
2456  */
2457 static struct sp_node *
2458 sp_lookup(struct shared_policy *sp, unsigned long start, unsigned long end)
2459 {
2460 	struct rb_node *n = sp->root.rb_node;
2461 
2462 	while (n) {
2463 		struct sp_node *p = rb_entry(n, struct sp_node, nd);
2464 
2465 		if (start >= p->end)
2466 			n = n->rb_right;
2467 		else if (end <= p->start)
2468 			n = n->rb_left;
2469 		else
2470 			break;
2471 	}
2472 	if (!n)
2473 		return NULL;
2474 	for (;;) {
2475 		struct sp_node *w = NULL;
2476 		struct rb_node *prev = rb_prev(n);
2477 		if (!prev)
2478 			break;
2479 		w = rb_entry(prev, struct sp_node, nd);
2480 		if (w->end <= start)
2481 			break;
2482 		n = prev;
2483 	}
2484 	return rb_entry(n, struct sp_node, nd);
2485 }
2486 
2487 /*
2488  * Insert a new shared policy into the list.  Caller holds sp->lock for
2489  * writing.
2490  */
2491 static void sp_insert(struct shared_policy *sp, struct sp_node *new)
2492 {
2493 	struct rb_node **p = &sp->root.rb_node;
2494 	struct rb_node *parent = NULL;
2495 	struct sp_node *nd;
2496 
2497 	while (*p) {
2498 		parent = *p;
2499 		nd = rb_entry(parent, struct sp_node, nd);
2500 		if (new->start < nd->start)
2501 			p = &(*p)->rb_left;
2502 		else if (new->end > nd->end)
2503 			p = &(*p)->rb_right;
2504 		else
2505 			BUG();
2506 	}
2507 	rb_link_node(&new->nd, parent, p);
2508 	rb_insert_color(&new->nd, &sp->root);
2509 	pr_debug("inserting %lx-%lx: %d\n", new->start, new->end,
2510 		 new->policy ? new->policy->mode : 0);
2511 }
2512 
2513 /* Find shared policy intersecting idx */
2514 struct mempolicy *
2515 mpol_shared_policy_lookup(struct shared_policy *sp, unsigned long idx)
2516 {
2517 	struct mempolicy *pol = NULL;
2518 	struct sp_node *sn;
2519 
2520 	if (!sp->root.rb_node)
2521 		return NULL;
2522 	read_lock(&sp->lock);
2523 	sn = sp_lookup(sp, idx, idx+1);
2524 	if (sn) {
2525 		mpol_get(sn->policy);
2526 		pol = sn->policy;
2527 	}
2528 	read_unlock(&sp->lock);
2529 	return pol;
2530 }
2531 
2532 static void sp_free(struct sp_node *n)
2533 {
2534 	mpol_put(n->policy);
2535 	kmem_cache_free(sn_cache, n);
2536 }
2537 
2538 /**
2539  * mpol_misplaced - check whether current page node is valid in policy
2540  *
2541  * @page: page to be checked
2542  * @vma: vm area where page mapped
2543  * @addr: virtual address where page mapped
2544  *
2545  * Lookup current policy node id for vma,addr and "compare to" page's
2546  * node id.  Policy determination "mimics" alloc_page_vma().
2547  * Called from fault path where we know the vma and faulting address.
2548  *
2549  * Return: NUMA_NO_NODE if the page is in a node that is valid for this
2550  * policy, or a suitable node ID to allocate a replacement page from.
2551  */
2552 int mpol_misplaced(struct page *page, struct vm_area_struct *vma, unsigned long addr)
2553 {
2554 	struct mempolicy *pol;
2555 	struct zoneref *z;
2556 	int curnid = page_to_nid(page);
2557 	unsigned long pgoff;
2558 	int thiscpu = raw_smp_processor_id();
2559 	int thisnid = cpu_to_node(thiscpu);
2560 	int polnid = NUMA_NO_NODE;
2561 	int ret = NUMA_NO_NODE;
2562 
2563 	pol = get_vma_policy(vma, addr);
2564 	if (!(pol->flags & MPOL_F_MOF))
2565 		goto out;
2566 
2567 	switch (pol->mode) {
2568 	case MPOL_INTERLEAVE:
2569 		pgoff = vma->vm_pgoff;
2570 		pgoff += (addr - vma->vm_start) >> PAGE_SHIFT;
2571 		polnid = offset_il_node(pol, pgoff);
2572 		break;
2573 
2574 	case MPOL_PREFERRED:
2575 		if (node_isset(curnid, pol->nodes))
2576 			goto out;
2577 		polnid = first_node(pol->nodes);
2578 		break;
2579 
2580 	case MPOL_LOCAL:
2581 		polnid = numa_node_id();
2582 		break;
2583 
2584 	case MPOL_BIND:
2585 		/* Optimize placement among multiple nodes via NUMA balancing */
2586 		if (pol->flags & MPOL_F_MORON) {
2587 			if (node_isset(thisnid, pol->nodes))
2588 				break;
2589 			goto out;
2590 		}
2591 		fallthrough;
2592 
2593 	case MPOL_PREFERRED_MANY:
2594 		/*
2595 		 * use current page if in policy nodemask,
2596 		 * else select nearest allowed node, if any.
2597 		 * If no allowed nodes, use current [!misplaced].
2598 		 */
2599 		if (node_isset(curnid, pol->nodes))
2600 			goto out;
2601 		z = first_zones_zonelist(
2602 				node_zonelist(numa_node_id(), GFP_HIGHUSER),
2603 				gfp_zone(GFP_HIGHUSER),
2604 				&pol->nodes);
2605 		polnid = zone_to_nid(z->zone);
2606 		break;
2607 
2608 	default:
2609 		BUG();
2610 	}
2611 
2612 	/* Migrate the page towards the node whose CPU is referencing it */
2613 	if (pol->flags & MPOL_F_MORON) {
2614 		polnid = thisnid;
2615 
2616 		if (!should_numa_migrate_memory(current, page, curnid, thiscpu))
2617 			goto out;
2618 	}
2619 
2620 	if (curnid != polnid)
2621 		ret = polnid;
2622 out:
2623 	mpol_cond_put(pol);
2624 
2625 	return ret;
2626 }
2627 
2628 /*
2629  * Drop the (possibly final) reference to task->mempolicy.  It needs to be
2630  * dropped after task->mempolicy is set to NULL so that any allocation done as
2631  * part of its kmem_cache_free(), such as by KASAN, doesn't reference a freed
2632  * policy.
2633  */
2634 void mpol_put_task_policy(struct task_struct *task)
2635 {
2636 	struct mempolicy *pol;
2637 
2638 	task_lock(task);
2639 	pol = task->mempolicy;
2640 	task->mempolicy = NULL;
2641 	task_unlock(task);
2642 	mpol_put(pol);
2643 }
2644 
2645 static void sp_delete(struct shared_policy *sp, struct sp_node *n)
2646 {
2647 	pr_debug("deleting %lx-l%lx\n", n->start, n->end);
2648 	rb_erase(&n->nd, &sp->root);
2649 	sp_free(n);
2650 }
2651 
2652 static void sp_node_init(struct sp_node *node, unsigned long start,
2653 			unsigned long end, struct mempolicy *pol)
2654 {
2655 	node->start = start;
2656 	node->end = end;
2657 	node->policy = pol;
2658 }
2659 
2660 static struct sp_node *sp_alloc(unsigned long start, unsigned long end,
2661 				struct mempolicy *pol)
2662 {
2663 	struct sp_node *n;
2664 	struct mempolicy *newpol;
2665 
2666 	n = kmem_cache_alloc(sn_cache, GFP_KERNEL);
2667 	if (!n)
2668 		return NULL;
2669 
2670 	newpol = mpol_dup(pol);
2671 	if (IS_ERR(newpol)) {
2672 		kmem_cache_free(sn_cache, n);
2673 		return NULL;
2674 	}
2675 	newpol->flags |= MPOL_F_SHARED;
2676 	sp_node_init(n, start, end, newpol);
2677 
2678 	return n;
2679 }
2680 
2681 /* Replace a policy range. */
2682 static int shared_policy_replace(struct shared_policy *sp, unsigned long start,
2683 				 unsigned long end, struct sp_node *new)
2684 {
2685 	struct sp_node *n;
2686 	struct sp_node *n_new = NULL;
2687 	struct mempolicy *mpol_new = NULL;
2688 	int ret = 0;
2689 
2690 restart:
2691 	write_lock(&sp->lock);
2692 	n = sp_lookup(sp, start, end);
2693 	/* Take care of old policies in the same range. */
2694 	while (n && n->start < end) {
2695 		struct rb_node *next = rb_next(&n->nd);
2696 		if (n->start >= start) {
2697 			if (n->end <= end)
2698 				sp_delete(sp, n);
2699 			else
2700 				n->start = end;
2701 		} else {
2702 			/* Old policy spanning whole new range. */
2703 			if (n->end > end) {
2704 				if (!n_new)
2705 					goto alloc_new;
2706 
2707 				*mpol_new = *n->policy;
2708 				atomic_set(&mpol_new->refcnt, 1);
2709 				sp_node_init(n_new, end, n->end, mpol_new);
2710 				n->end = start;
2711 				sp_insert(sp, n_new);
2712 				n_new = NULL;
2713 				mpol_new = NULL;
2714 				break;
2715 			} else
2716 				n->end = start;
2717 		}
2718 		if (!next)
2719 			break;
2720 		n = rb_entry(next, struct sp_node, nd);
2721 	}
2722 	if (new)
2723 		sp_insert(sp, new);
2724 	write_unlock(&sp->lock);
2725 	ret = 0;
2726 
2727 err_out:
2728 	if (mpol_new)
2729 		mpol_put(mpol_new);
2730 	if (n_new)
2731 		kmem_cache_free(sn_cache, n_new);
2732 
2733 	return ret;
2734 
2735 alloc_new:
2736 	write_unlock(&sp->lock);
2737 	ret = -ENOMEM;
2738 	n_new = kmem_cache_alloc(sn_cache, GFP_KERNEL);
2739 	if (!n_new)
2740 		goto err_out;
2741 	mpol_new = kmem_cache_alloc(policy_cache, GFP_KERNEL);
2742 	if (!mpol_new)
2743 		goto err_out;
2744 	atomic_set(&mpol_new->refcnt, 1);
2745 	goto restart;
2746 }
2747 
2748 /**
2749  * mpol_shared_policy_init - initialize shared policy for inode
2750  * @sp: pointer to inode shared policy
2751  * @mpol:  struct mempolicy to install
2752  *
2753  * Install non-NULL @mpol in inode's shared policy rb-tree.
2754  * On entry, the current task has a reference on a non-NULL @mpol.
2755  * This must be released on exit.
2756  * This is called at get_inode() calls and we can use GFP_KERNEL.
2757  */
2758 void mpol_shared_policy_init(struct shared_policy *sp, struct mempolicy *mpol)
2759 {
2760 	int ret;
2761 
2762 	sp->root = RB_ROOT;		/* empty tree == default mempolicy */
2763 	rwlock_init(&sp->lock);
2764 
2765 	if (mpol) {
2766 		struct vm_area_struct pvma;
2767 		struct mempolicy *new;
2768 		NODEMASK_SCRATCH(scratch);
2769 
2770 		if (!scratch)
2771 			goto put_mpol;
2772 		/* contextualize the tmpfs mount point mempolicy */
2773 		new = mpol_new(mpol->mode, mpol->flags, &mpol->w.user_nodemask);
2774 		if (IS_ERR(new))
2775 			goto free_scratch; /* no valid nodemask intersection */
2776 
2777 		task_lock(current);
2778 		ret = mpol_set_nodemask(new, &mpol->w.user_nodemask, scratch);
2779 		task_unlock(current);
2780 		if (ret)
2781 			goto put_new;
2782 
2783 		/* Create pseudo-vma that contains just the policy */
2784 		vma_init(&pvma, NULL);
2785 		pvma.vm_end = TASK_SIZE;	/* policy covers entire file */
2786 		mpol_set_shared_policy(sp, &pvma, new); /* adds ref */
2787 
2788 put_new:
2789 		mpol_put(new);			/* drop initial ref */
2790 free_scratch:
2791 		NODEMASK_SCRATCH_FREE(scratch);
2792 put_mpol:
2793 		mpol_put(mpol);	/* drop our incoming ref on sb mpol */
2794 	}
2795 }
2796 
2797 int mpol_set_shared_policy(struct shared_policy *info,
2798 			struct vm_area_struct *vma, struct mempolicy *npol)
2799 {
2800 	int err;
2801 	struct sp_node *new = NULL;
2802 	unsigned long sz = vma_pages(vma);
2803 
2804 	pr_debug("set_shared_policy %lx sz %lu %d %d %lx\n",
2805 		 vma->vm_pgoff,
2806 		 sz, npol ? npol->mode : -1,
2807 		 npol ? npol->flags : -1,
2808 		 npol ? nodes_addr(npol->nodes)[0] : NUMA_NO_NODE);
2809 
2810 	if (npol) {
2811 		new = sp_alloc(vma->vm_pgoff, vma->vm_pgoff + sz, npol);
2812 		if (!new)
2813 			return -ENOMEM;
2814 	}
2815 	err = shared_policy_replace(info, vma->vm_pgoff, vma->vm_pgoff+sz, new);
2816 	if (err && new)
2817 		sp_free(new);
2818 	return err;
2819 }
2820 
2821 /* Free a backing policy store on inode delete. */
2822 void mpol_free_shared_policy(struct shared_policy *p)
2823 {
2824 	struct sp_node *n;
2825 	struct rb_node *next;
2826 
2827 	if (!p->root.rb_node)
2828 		return;
2829 	write_lock(&p->lock);
2830 	next = rb_first(&p->root);
2831 	while (next) {
2832 		n = rb_entry(next, struct sp_node, nd);
2833 		next = rb_next(&n->nd);
2834 		sp_delete(p, n);
2835 	}
2836 	write_unlock(&p->lock);
2837 }
2838 
2839 #ifdef CONFIG_NUMA_BALANCING
2840 static int __initdata numabalancing_override;
2841 
2842 static void __init check_numabalancing_enable(void)
2843 {
2844 	bool numabalancing_default = false;
2845 
2846 	if (IS_ENABLED(CONFIG_NUMA_BALANCING_DEFAULT_ENABLED))
2847 		numabalancing_default = true;
2848 
2849 	/* Parsed by setup_numabalancing. override == 1 enables, -1 disables */
2850 	if (numabalancing_override)
2851 		set_numabalancing_state(numabalancing_override == 1);
2852 
2853 	if (num_online_nodes() > 1 && !numabalancing_override) {
2854 		pr_info("%s automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl\n",
2855 			numabalancing_default ? "Enabling" : "Disabling");
2856 		set_numabalancing_state(numabalancing_default);
2857 	}
2858 }
2859 
2860 static int __init setup_numabalancing(char *str)
2861 {
2862 	int ret = 0;
2863 	if (!str)
2864 		goto out;
2865 
2866 	if (!strcmp(str, "enable")) {
2867 		numabalancing_override = 1;
2868 		ret = 1;
2869 	} else if (!strcmp(str, "disable")) {
2870 		numabalancing_override = -1;
2871 		ret = 1;
2872 	}
2873 out:
2874 	if (!ret)
2875 		pr_warn("Unable to parse numa_balancing=\n");
2876 
2877 	return ret;
2878 }
2879 __setup("numa_balancing=", setup_numabalancing);
2880 #else
2881 static inline void __init check_numabalancing_enable(void)
2882 {
2883 }
2884 #endif /* CONFIG_NUMA_BALANCING */
2885 
2886 /* assumes fs == KERNEL_DS */
2887 void __init numa_policy_init(void)
2888 {
2889 	nodemask_t interleave_nodes;
2890 	unsigned long largest = 0;
2891 	int nid, prefer = 0;
2892 
2893 	policy_cache = kmem_cache_create("numa_policy",
2894 					 sizeof(struct mempolicy),
2895 					 0, SLAB_PANIC, NULL);
2896 
2897 	sn_cache = kmem_cache_create("shared_policy_node",
2898 				     sizeof(struct sp_node),
2899 				     0, SLAB_PANIC, NULL);
2900 
2901 	for_each_node(nid) {
2902 		preferred_node_policy[nid] = (struct mempolicy) {
2903 			.refcnt = ATOMIC_INIT(1),
2904 			.mode = MPOL_PREFERRED,
2905 			.flags = MPOL_F_MOF | MPOL_F_MORON,
2906 			.nodes = nodemask_of_node(nid),
2907 		};
2908 	}
2909 
2910 	/*
2911 	 * Set interleaving policy for system init. Interleaving is only
2912 	 * enabled across suitably sized nodes (default is >= 16MB), or
2913 	 * fall back to the largest node if they're all smaller.
2914 	 */
2915 	nodes_clear(interleave_nodes);
2916 	for_each_node_state(nid, N_MEMORY) {
2917 		unsigned long total_pages = node_present_pages(nid);
2918 
2919 		/* Preserve the largest node */
2920 		if (largest < total_pages) {
2921 			largest = total_pages;
2922 			prefer = nid;
2923 		}
2924 
2925 		/* Interleave this node? */
2926 		if ((total_pages << PAGE_SHIFT) >= (16 << 20))
2927 			node_set(nid, interleave_nodes);
2928 	}
2929 
2930 	/* All too small, use the largest */
2931 	if (unlikely(nodes_empty(interleave_nodes)))
2932 		node_set(prefer, interleave_nodes);
2933 
2934 	if (do_set_mempolicy(MPOL_INTERLEAVE, 0, &interleave_nodes))
2935 		pr_err("%s: interleaving failed\n", __func__);
2936 
2937 	check_numabalancing_enable();
2938 }
2939 
2940 /* Reset policy of current process to default */
2941 void numa_default_policy(void)
2942 {
2943 	do_set_mempolicy(MPOL_DEFAULT, 0, NULL);
2944 }
2945 
2946 /*
2947  * Parse and format mempolicy from/to strings
2948  */
2949 
2950 static const char * const policy_modes[] =
2951 {
2952 	[MPOL_DEFAULT]    = "default",
2953 	[MPOL_PREFERRED]  = "prefer",
2954 	[MPOL_BIND]       = "bind",
2955 	[MPOL_INTERLEAVE] = "interleave",
2956 	[MPOL_LOCAL]      = "local",
2957 	[MPOL_PREFERRED_MANY]  = "prefer (many)",
2958 };
2959 
2960 
2961 #ifdef CONFIG_TMPFS
2962 /**
2963  * mpol_parse_str - parse string to mempolicy, for tmpfs mpol mount option.
2964  * @str:  string containing mempolicy to parse
2965  * @mpol:  pointer to struct mempolicy pointer, returned on success.
2966  *
2967  * Format of input:
2968  *	<mode>[=<flags>][:<nodelist>]
2969  *
2970  * Return: %0 on success, else %1
2971  */
2972 int mpol_parse_str(char *str, struct mempolicy **mpol)
2973 {
2974 	struct mempolicy *new = NULL;
2975 	unsigned short mode_flags;
2976 	nodemask_t nodes;
2977 	char *nodelist = strchr(str, ':');
2978 	char *flags = strchr(str, '=');
2979 	int err = 1, mode;
2980 
2981 	if (flags)
2982 		*flags++ = '\0';	/* terminate mode string */
2983 
2984 	if (nodelist) {
2985 		/* NUL-terminate mode or flags string */
2986 		*nodelist++ = '\0';
2987 		if (nodelist_parse(nodelist, nodes))
2988 			goto out;
2989 		if (!nodes_subset(nodes, node_states[N_MEMORY]))
2990 			goto out;
2991 	} else
2992 		nodes_clear(nodes);
2993 
2994 	mode = match_string(policy_modes, MPOL_MAX, str);
2995 	if (mode < 0)
2996 		goto out;
2997 
2998 	switch (mode) {
2999 	case MPOL_PREFERRED:
3000 		/*
3001 		 * Insist on a nodelist of one node only, although later
3002 		 * we use first_node(nodes) to grab a single node, so here
3003 		 * nodelist (or nodes) cannot be empty.
3004 		 */
3005 		if (nodelist) {
3006 			char *rest = nodelist;
3007 			while (isdigit(*rest))
3008 				rest++;
3009 			if (*rest)
3010 				goto out;
3011 			if (nodes_empty(nodes))
3012 				goto out;
3013 		}
3014 		break;
3015 	case MPOL_INTERLEAVE:
3016 		/*
3017 		 * Default to online nodes with memory if no nodelist
3018 		 */
3019 		if (!nodelist)
3020 			nodes = node_states[N_MEMORY];
3021 		break;
3022 	case MPOL_LOCAL:
3023 		/*
3024 		 * Don't allow a nodelist;  mpol_new() checks flags
3025 		 */
3026 		if (nodelist)
3027 			goto out;
3028 		break;
3029 	case MPOL_DEFAULT:
3030 		/*
3031 		 * Insist on a empty nodelist
3032 		 */
3033 		if (!nodelist)
3034 			err = 0;
3035 		goto out;
3036 	case MPOL_PREFERRED_MANY:
3037 	case MPOL_BIND:
3038 		/*
3039 		 * Insist on a nodelist
3040 		 */
3041 		if (!nodelist)
3042 			goto out;
3043 	}
3044 
3045 	mode_flags = 0;
3046 	if (flags) {
3047 		/*
3048 		 * Currently, we only support two mutually exclusive
3049 		 * mode flags.
3050 		 */
3051 		if (!strcmp(flags, "static"))
3052 			mode_flags |= MPOL_F_STATIC_NODES;
3053 		else if (!strcmp(flags, "relative"))
3054 			mode_flags |= MPOL_F_RELATIVE_NODES;
3055 		else
3056 			goto out;
3057 	}
3058 
3059 	new = mpol_new(mode, mode_flags, &nodes);
3060 	if (IS_ERR(new))
3061 		goto out;
3062 
3063 	/*
3064 	 * Save nodes for mpol_to_str() to show the tmpfs mount options
3065 	 * for /proc/mounts, /proc/pid/mounts and /proc/pid/mountinfo.
3066 	 */
3067 	if (mode != MPOL_PREFERRED) {
3068 		new->nodes = nodes;
3069 	} else if (nodelist) {
3070 		nodes_clear(new->nodes);
3071 		node_set(first_node(nodes), new->nodes);
3072 	} else {
3073 		new->mode = MPOL_LOCAL;
3074 	}
3075 
3076 	/*
3077 	 * Save nodes for contextualization: this will be used to "clone"
3078 	 * the mempolicy in a specific context [cpuset] at a later time.
3079 	 */
3080 	new->w.user_nodemask = nodes;
3081 
3082 	err = 0;
3083 
3084 out:
3085 	/* Restore string for error message */
3086 	if (nodelist)
3087 		*--nodelist = ':';
3088 	if (flags)
3089 		*--flags = '=';
3090 	if (!err)
3091 		*mpol = new;
3092 	return err;
3093 }
3094 #endif /* CONFIG_TMPFS */
3095 
3096 /**
3097  * mpol_to_str - format a mempolicy structure for printing
3098  * @buffer:  to contain formatted mempolicy string
3099  * @maxlen:  length of @buffer
3100  * @pol:  pointer to mempolicy to be formatted
3101  *
3102  * Convert @pol into a string.  If @buffer is too short, truncate the string.
3103  * Recommend a @maxlen of at least 32 for the longest mode, "interleave", the
3104  * longest flag, "relative", and to display at least a few node ids.
3105  */
3106 void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol)
3107 {
3108 	char *p = buffer;
3109 	nodemask_t nodes = NODE_MASK_NONE;
3110 	unsigned short mode = MPOL_DEFAULT;
3111 	unsigned short flags = 0;
3112 
3113 	if (pol && pol != &default_policy && !(pol->flags & MPOL_F_MORON)) {
3114 		mode = pol->mode;
3115 		flags = pol->flags;
3116 	}
3117 
3118 	switch (mode) {
3119 	case MPOL_DEFAULT:
3120 	case MPOL_LOCAL:
3121 		break;
3122 	case MPOL_PREFERRED:
3123 	case MPOL_PREFERRED_MANY:
3124 	case MPOL_BIND:
3125 	case MPOL_INTERLEAVE:
3126 		nodes = pol->nodes;
3127 		break;
3128 	default:
3129 		WARN_ON_ONCE(1);
3130 		snprintf(p, maxlen, "unknown");
3131 		return;
3132 	}
3133 
3134 	p += snprintf(p, maxlen, "%s", policy_modes[mode]);
3135 
3136 	if (flags & MPOL_MODE_FLAGS) {
3137 		p += snprintf(p, buffer + maxlen - p, "=");
3138 
3139 		/*
3140 		 * Currently, the only defined flags are mutually exclusive
3141 		 */
3142 		if (flags & MPOL_F_STATIC_NODES)
3143 			p += snprintf(p, buffer + maxlen - p, "static");
3144 		else if (flags & MPOL_F_RELATIVE_NODES)
3145 			p += snprintf(p, buffer + maxlen - p, "relative");
3146 	}
3147 
3148 	if (!nodes_empty(nodes))
3149 		p += scnprintf(p, buffer + maxlen - p, ":%*pbl",
3150 			       nodemask_pr_args(&nodes));
3151 }
3152