1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Memory Migration functionality - linux/mm/migrate.c 4 * 5 * Copyright (C) 2006 Silicon Graphics, Inc., Christoph Lameter 6 * 7 * Page migration was first developed in the context of the memory hotplug 8 * project. The main authors of the migration code are: 9 * 10 * IWAMOTO Toshihiro <iwamoto@valinux.co.jp> 11 * Hirokazu Takahashi <taka@valinux.co.jp> 12 * Dave Hansen <haveblue@us.ibm.com> 13 * Christoph Lameter 14 */ 15 16 #include <linux/migrate.h> 17 #include <linux/export.h> 18 #include <linux/swap.h> 19 #include <linux/swapops.h> 20 #include <linux/pagemap.h> 21 #include <linux/buffer_head.h> 22 #include <linux/mm_inline.h> 23 #include <linux/nsproxy.h> 24 #include <linux/ksm.h> 25 #include <linux/rmap.h> 26 #include <linux/topology.h> 27 #include <linux/cpu.h> 28 #include <linux/cpuset.h> 29 #include <linux/writeback.h> 30 #include <linux/mempolicy.h> 31 #include <linux/vmalloc.h> 32 #include <linux/security.h> 33 #include <linux/backing-dev.h> 34 #include <linux/compaction.h> 35 #include <linux/syscalls.h> 36 #include <linux/compat.h> 37 #include <linux/hugetlb.h> 38 #include <linux/hugetlb_cgroup.h> 39 #include <linux/gfp.h> 40 #include <linux/pfn_t.h> 41 #include <linux/memremap.h> 42 #include <linux/userfaultfd_k.h> 43 #include <linux/balloon_compaction.h> 44 #include <linux/page_idle.h> 45 #include <linux/page_owner.h> 46 #include <linux/sched/mm.h> 47 #include <linux/ptrace.h> 48 #include <linux/oom.h> 49 #include <linux/memory.h> 50 #include <linux/random.h> 51 #include <linux/sched/sysctl.h> 52 #include <linux/memory-tiers.h> 53 54 #include <asm/tlbflush.h> 55 56 #include <trace/events/migrate.h> 57 58 #include "internal.h" 59 60 bool isolate_movable_page(struct page *page, isolate_mode_t mode) 61 { 62 struct folio *folio = folio_get_nontail_page(page); 63 const struct movable_operations *mops; 64 65 /* 66 * Avoid burning cycles with pages that are yet under __free_pages(), 67 * or just got freed under us. 68 * 69 * In case we 'win' a race for a movable page being freed under us and 70 * raise its refcount preventing __free_pages() from doing its job 71 * the put_page() at the end of this block will take care of 72 * release this page, thus avoiding a nasty leakage. 73 */ 74 if (!folio) 75 goto out; 76 77 if (unlikely(folio_test_slab(folio))) 78 goto out_putfolio; 79 /* Pairs with smp_wmb() in slab freeing, e.g. SLUB's __free_slab() */ 80 smp_rmb(); 81 /* 82 * Check movable flag before taking the page lock because 83 * we use non-atomic bitops on newly allocated page flags so 84 * unconditionally grabbing the lock ruins page's owner side. 85 */ 86 if (unlikely(!__folio_test_movable(folio))) 87 goto out_putfolio; 88 /* Pairs with smp_wmb() in slab allocation, e.g. SLUB's alloc_slab_page() */ 89 smp_rmb(); 90 if (unlikely(folio_test_slab(folio))) 91 goto out_putfolio; 92 93 /* 94 * As movable pages are not isolated from LRU lists, concurrent 95 * compaction threads can race against page migration functions 96 * as well as race against the releasing a page. 97 * 98 * In order to avoid having an already isolated movable page 99 * being (wrongly) re-isolated while it is under migration, 100 * or to avoid attempting to isolate pages being released, 101 * lets be sure we have the page lock 102 * before proceeding with the movable page isolation steps. 103 */ 104 if (unlikely(!folio_trylock(folio))) 105 goto out_putfolio; 106 107 if (!folio_test_movable(folio) || folio_test_isolated(folio)) 108 goto out_no_isolated; 109 110 mops = folio_movable_ops(folio); 111 VM_BUG_ON_FOLIO(!mops, folio); 112 113 if (!mops->isolate_page(&folio->page, mode)) 114 goto out_no_isolated; 115 116 /* Driver shouldn't use PG_isolated bit of page->flags */ 117 WARN_ON_ONCE(folio_test_isolated(folio)); 118 folio_set_isolated(folio); 119 folio_unlock(folio); 120 121 return true; 122 123 out_no_isolated: 124 folio_unlock(folio); 125 out_putfolio: 126 folio_put(folio); 127 out: 128 return false; 129 } 130 131 static void putback_movable_folio(struct folio *folio) 132 { 133 const struct movable_operations *mops = folio_movable_ops(folio); 134 135 mops->putback_page(&folio->page); 136 folio_clear_isolated(folio); 137 } 138 139 /* 140 * Put previously isolated pages back onto the appropriate lists 141 * from where they were once taken off for compaction/migration. 142 * 143 * This function shall be used whenever the isolated pageset has been 144 * built from lru, balloon, hugetlbfs page. See isolate_migratepages_range() 145 * and isolate_hugetlb(). 146 */ 147 void putback_movable_pages(struct list_head *l) 148 { 149 struct folio *folio; 150 struct folio *folio2; 151 152 list_for_each_entry_safe(folio, folio2, l, lru) { 153 if (unlikely(folio_test_hugetlb(folio))) { 154 folio_putback_active_hugetlb(folio); 155 continue; 156 } 157 list_del(&folio->lru); 158 /* 159 * We isolated non-lru movable folio so here we can use 160 * __folio_test_movable because LRU folio's mapping cannot 161 * have PAGE_MAPPING_MOVABLE. 162 */ 163 if (unlikely(__folio_test_movable(folio))) { 164 VM_BUG_ON_FOLIO(!folio_test_isolated(folio), folio); 165 folio_lock(folio); 166 if (folio_test_movable(folio)) 167 putback_movable_folio(folio); 168 else 169 folio_clear_isolated(folio); 170 folio_unlock(folio); 171 folio_put(folio); 172 } else { 173 node_stat_mod_folio(folio, NR_ISOLATED_ANON + 174 folio_is_file_lru(folio), -folio_nr_pages(folio)); 175 folio_putback_lru(folio); 176 } 177 } 178 } 179 180 /* 181 * Restore a potential migration pte to a working pte entry 182 */ 183 static bool remove_migration_pte(struct folio *folio, 184 struct vm_area_struct *vma, unsigned long addr, void *old) 185 { 186 DEFINE_FOLIO_VMA_WALK(pvmw, old, vma, addr, PVMW_SYNC | PVMW_MIGRATION); 187 188 while (page_vma_mapped_walk(&pvmw)) { 189 rmap_t rmap_flags = RMAP_NONE; 190 pte_t old_pte; 191 pte_t pte; 192 swp_entry_t entry; 193 struct page *new; 194 unsigned long idx = 0; 195 196 /* pgoff is invalid for ksm pages, but they are never large */ 197 if (folio_test_large(folio) && !folio_test_hugetlb(folio)) 198 idx = linear_page_index(vma, pvmw.address) - pvmw.pgoff; 199 new = folio_page(folio, idx); 200 201 #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION 202 /* PMD-mapped THP migration entry */ 203 if (!pvmw.pte) { 204 VM_BUG_ON_FOLIO(folio_test_hugetlb(folio) || 205 !folio_test_pmd_mappable(folio), folio); 206 remove_migration_pmd(&pvmw, new); 207 continue; 208 } 209 #endif 210 211 folio_get(folio); 212 pte = mk_pte(new, READ_ONCE(vma->vm_page_prot)); 213 old_pte = ptep_get(pvmw.pte); 214 if (pte_swp_soft_dirty(old_pte)) 215 pte = pte_mksoft_dirty(pte); 216 217 entry = pte_to_swp_entry(old_pte); 218 if (!is_migration_entry_young(entry)) 219 pte = pte_mkold(pte); 220 if (folio_test_dirty(folio) && is_migration_entry_dirty(entry)) 221 pte = pte_mkdirty(pte); 222 if (is_writable_migration_entry(entry)) 223 pte = pte_mkwrite(pte, vma); 224 else if (pte_swp_uffd_wp(old_pte)) 225 pte = pte_mkuffd_wp(pte); 226 227 if (folio_test_anon(folio) && !is_readable_migration_entry(entry)) 228 rmap_flags |= RMAP_EXCLUSIVE; 229 230 if (unlikely(is_device_private_page(new))) { 231 if (pte_write(pte)) 232 entry = make_writable_device_private_entry( 233 page_to_pfn(new)); 234 else 235 entry = make_readable_device_private_entry( 236 page_to_pfn(new)); 237 pte = swp_entry_to_pte(entry); 238 if (pte_swp_soft_dirty(old_pte)) 239 pte = pte_swp_mksoft_dirty(pte); 240 if (pte_swp_uffd_wp(old_pte)) 241 pte = pte_swp_mkuffd_wp(pte); 242 } 243 244 #ifdef CONFIG_HUGETLB_PAGE 245 if (folio_test_hugetlb(folio)) { 246 struct hstate *h = hstate_vma(vma); 247 unsigned int shift = huge_page_shift(h); 248 unsigned long psize = huge_page_size(h); 249 250 pte = arch_make_huge_pte(pte, shift, vma->vm_flags); 251 if (folio_test_anon(folio)) 252 hugepage_add_anon_rmap(folio, vma, pvmw.address, 253 rmap_flags); 254 else 255 page_dup_file_rmap(new, true); 256 set_huge_pte_at(vma->vm_mm, pvmw.address, pvmw.pte, pte, 257 psize); 258 } else 259 #endif 260 { 261 if (folio_test_anon(folio)) 262 page_add_anon_rmap(new, vma, pvmw.address, 263 rmap_flags); 264 else 265 page_add_file_rmap(new, vma, false); 266 set_pte_at(vma->vm_mm, pvmw.address, pvmw.pte, pte); 267 } 268 if (vma->vm_flags & VM_LOCKED) 269 mlock_drain_local(); 270 271 trace_remove_migration_pte(pvmw.address, pte_val(pte), 272 compound_order(new)); 273 274 /* No need to invalidate - it was non-present before */ 275 update_mmu_cache(vma, pvmw.address, pvmw.pte); 276 } 277 278 return true; 279 } 280 281 /* 282 * Get rid of all migration entries and replace them by 283 * references to the indicated page. 284 */ 285 void remove_migration_ptes(struct folio *src, struct folio *dst, bool locked) 286 { 287 struct rmap_walk_control rwc = { 288 .rmap_one = remove_migration_pte, 289 .arg = src, 290 }; 291 292 if (locked) 293 rmap_walk_locked(dst, &rwc); 294 else 295 rmap_walk(dst, &rwc); 296 } 297 298 /* 299 * Something used the pte of a page under migration. We need to 300 * get to the page and wait until migration is finished. 301 * When we return from this function the fault will be retried. 302 */ 303 void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd, 304 unsigned long address) 305 { 306 spinlock_t *ptl; 307 pte_t *ptep; 308 pte_t pte; 309 swp_entry_t entry; 310 311 ptep = pte_offset_map_lock(mm, pmd, address, &ptl); 312 if (!ptep) 313 return; 314 315 pte = ptep_get(ptep); 316 pte_unmap(ptep); 317 318 if (!is_swap_pte(pte)) 319 goto out; 320 321 entry = pte_to_swp_entry(pte); 322 if (!is_migration_entry(entry)) 323 goto out; 324 325 migration_entry_wait_on_locked(entry, ptl); 326 return; 327 out: 328 spin_unlock(ptl); 329 } 330 331 #ifdef CONFIG_HUGETLB_PAGE 332 /* 333 * The vma read lock must be held upon entry. Holding that lock prevents either 334 * the pte or the ptl from being freed. 335 * 336 * This function will release the vma lock before returning. 337 */ 338 void migration_entry_wait_huge(struct vm_area_struct *vma, pte_t *ptep) 339 { 340 spinlock_t *ptl = huge_pte_lockptr(hstate_vma(vma), vma->vm_mm, ptep); 341 pte_t pte; 342 343 hugetlb_vma_assert_locked(vma); 344 spin_lock(ptl); 345 pte = huge_ptep_get(ptep); 346 347 if (unlikely(!is_hugetlb_entry_migration(pte))) { 348 spin_unlock(ptl); 349 hugetlb_vma_unlock_read(vma); 350 } else { 351 /* 352 * If migration entry existed, safe to release vma lock 353 * here because the pgtable page won't be freed without the 354 * pgtable lock released. See comment right above pgtable 355 * lock release in migration_entry_wait_on_locked(). 356 */ 357 hugetlb_vma_unlock_read(vma); 358 migration_entry_wait_on_locked(pte_to_swp_entry(pte), ptl); 359 } 360 } 361 #endif 362 363 #ifdef CONFIG_ARCH_ENABLE_THP_MIGRATION 364 void pmd_migration_entry_wait(struct mm_struct *mm, pmd_t *pmd) 365 { 366 spinlock_t *ptl; 367 368 ptl = pmd_lock(mm, pmd); 369 if (!is_pmd_migration_entry(*pmd)) 370 goto unlock; 371 migration_entry_wait_on_locked(pmd_to_swp_entry(*pmd), ptl); 372 return; 373 unlock: 374 spin_unlock(ptl); 375 } 376 #endif 377 378 static int folio_expected_refs(struct address_space *mapping, 379 struct folio *folio) 380 { 381 int refs = 1; 382 if (!mapping) 383 return refs; 384 385 refs += folio_nr_pages(folio); 386 if (folio_test_private(folio)) 387 refs++; 388 389 return refs; 390 } 391 392 /* 393 * Replace the page in the mapping. 394 * 395 * The number of remaining references must be: 396 * 1 for anonymous pages without a mapping 397 * 2 for pages with a mapping 398 * 3 for pages with a mapping and PagePrivate/PagePrivate2 set. 399 */ 400 int folio_migrate_mapping(struct address_space *mapping, 401 struct folio *newfolio, struct folio *folio, int extra_count) 402 { 403 XA_STATE(xas, &mapping->i_pages, folio_index(folio)); 404 struct zone *oldzone, *newzone; 405 int dirty; 406 int expected_count = folio_expected_refs(mapping, folio) + extra_count; 407 long nr = folio_nr_pages(folio); 408 409 if (!mapping) { 410 /* Anonymous page without mapping */ 411 if (folio_ref_count(folio) != expected_count) 412 return -EAGAIN; 413 414 /* No turning back from here */ 415 newfolio->index = folio->index; 416 newfolio->mapping = folio->mapping; 417 if (folio_test_swapbacked(folio)) 418 __folio_set_swapbacked(newfolio); 419 420 return MIGRATEPAGE_SUCCESS; 421 } 422 423 oldzone = folio_zone(folio); 424 newzone = folio_zone(newfolio); 425 426 xas_lock_irq(&xas); 427 if (!folio_ref_freeze(folio, expected_count)) { 428 xas_unlock_irq(&xas); 429 return -EAGAIN; 430 } 431 432 /* 433 * Now we know that no one else is looking at the folio: 434 * no turning back from here. 435 */ 436 newfolio->index = folio->index; 437 newfolio->mapping = folio->mapping; 438 folio_ref_add(newfolio, nr); /* add cache reference */ 439 if (folio_test_swapbacked(folio)) { 440 __folio_set_swapbacked(newfolio); 441 if (folio_test_swapcache(folio)) { 442 folio_set_swapcache(newfolio); 443 newfolio->private = folio_get_private(folio); 444 } 445 } else { 446 VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); 447 } 448 449 /* Move dirty while page refs frozen and newpage not yet exposed */ 450 dirty = folio_test_dirty(folio); 451 if (dirty) { 452 folio_clear_dirty(folio); 453 folio_set_dirty(newfolio); 454 } 455 456 xas_store(&xas, newfolio); 457 458 /* 459 * Drop cache reference from old page by unfreezing 460 * to one less reference. 461 * We know this isn't the last reference. 462 */ 463 folio_ref_unfreeze(folio, expected_count - nr); 464 465 xas_unlock(&xas); 466 /* Leave irq disabled to prevent preemption while updating stats */ 467 468 /* 469 * If moved to a different zone then also account 470 * the page for that zone. Other VM counters will be 471 * taken care of when we establish references to the 472 * new page and drop references to the old page. 473 * 474 * Note that anonymous pages are accounted for 475 * via NR_FILE_PAGES and NR_ANON_MAPPED if they 476 * are mapped to swap space. 477 */ 478 if (newzone != oldzone) { 479 struct lruvec *old_lruvec, *new_lruvec; 480 struct mem_cgroup *memcg; 481 482 memcg = folio_memcg(folio); 483 old_lruvec = mem_cgroup_lruvec(memcg, oldzone->zone_pgdat); 484 new_lruvec = mem_cgroup_lruvec(memcg, newzone->zone_pgdat); 485 486 __mod_lruvec_state(old_lruvec, NR_FILE_PAGES, -nr); 487 __mod_lruvec_state(new_lruvec, NR_FILE_PAGES, nr); 488 if (folio_test_swapbacked(folio) && !folio_test_swapcache(folio)) { 489 __mod_lruvec_state(old_lruvec, NR_SHMEM, -nr); 490 __mod_lruvec_state(new_lruvec, NR_SHMEM, nr); 491 492 if (folio_test_pmd_mappable(folio)) { 493 __mod_lruvec_state(old_lruvec, NR_SHMEM_THPS, -nr); 494 __mod_lruvec_state(new_lruvec, NR_SHMEM_THPS, nr); 495 } 496 } 497 #ifdef CONFIG_SWAP 498 if (folio_test_swapcache(folio)) { 499 __mod_lruvec_state(old_lruvec, NR_SWAPCACHE, -nr); 500 __mod_lruvec_state(new_lruvec, NR_SWAPCACHE, nr); 501 } 502 #endif 503 if (dirty && mapping_can_writeback(mapping)) { 504 __mod_lruvec_state(old_lruvec, NR_FILE_DIRTY, -nr); 505 __mod_zone_page_state(oldzone, NR_ZONE_WRITE_PENDING, -nr); 506 __mod_lruvec_state(new_lruvec, NR_FILE_DIRTY, nr); 507 __mod_zone_page_state(newzone, NR_ZONE_WRITE_PENDING, nr); 508 } 509 } 510 local_irq_enable(); 511 512 return MIGRATEPAGE_SUCCESS; 513 } 514 EXPORT_SYMBOL(folio_migrate_mapping); 515 516 /* 517 * The expected number of remaining references is the same as that 518 * of folio_migrate_mapping(). 519 */ 520 int migrate_huge_page_move_mapping(struct address_space *mapping, 521 struct folio *dst, struct folio *src) 522 { 523 XA_STATE(xas, &mapping->i_pages, folio_index(src)); 524 int expected_count; 525 526 xas_lock_irq(&xas); 527 expected_count = folio_expected_refs(mapping, src); 528 if (!folio_ref_freeze(src, expected_count)) { 529 xas_unlock_irq(&xas); 530 return -EAGAIN; 531 } 532 533 dst->index = src->index; 534 dst->mapping = src->mapping; 535 536 folio_ref_add(dst, folio_nr_pages(dst)); 537 538 xas_store(&xas, dst); 539 540 folio_ref_unfreeze(src, expected_count - folio_nr_pages(src)); 541 542 xas_unlock_irq(&xas); 543 544 return MIGRATEPAGE_SUCCESS; 545 } 546 547 /* 548 * Copy the flags and some other ancillary information 549 */ 550 void folio_migrate_flags(struct folio *newfolio, struct folio *folio) 551 { 552 int cpupid; 553 554 if (folio_test_error(folio)) 555 folio_set_error(newfolio); 556 if (folio_test_referenced(folio)) 557 folio_set_referenced(newfolio); 558 if (folio_test_uptodate(folio)) 559 folio_mark_uptodate(newfolio); 560 if (folio_test_clear_active(folio)) { 561 VM_BUG_ON_FOLIO(folio_test_unevictable(folio), folio); 562 folio_set_active(newfolio); 563 } else if (folio_test_clear_unevictable(folio)) 564 folio_set_unevictable(newfolio); 565 if (folio_test_workingset(folio)) 566 folio_set_workingset(newfolio); 567 if (folio_test_checked(folio)) 568 folio_set_checked(newfolio); 569 /* 570 * PG_anon_exclusive (-> PG_mappedtodisk) is always migrated via 571 * migration entries. We can still have PG_anon_exclusive set on an 572 * effectively unmapped and unreferenced first sub-pages of an 573 * anonymous THP: we can simply copy it here via PG_mappedtodisk. 574 */ 575 if (folio_test_mappedtodisk(folio)) 576 folio_set_mappedtodisk(newfolio); 577 578 /* Move dirty on pages not done by folio_migrate_mapping() */ 579 if (folio_test_dirty(folio)) 580 folio_set_dirty(newfolio); 581 582 if (folio_test_young(folio)) 583 folio_set_young(newfolio); 584 if (folio_test_idle(folio)) 585 folio_set_idle(newfolio); 586 587 /* 588 * Copy NUMA information to the new page, to prevent over-eager 589 * future migrations of this same page. 590 */ 591 cpupid = folio_xchg_last_cpupid(folio, -1); 592 /* 593 * For memory tiering mode, when migrate between slow and fast 594 * memory node, reset cpupid, because that is used to record 595 * page access time in slow memory node. 596 */ 597 if (sysctl_numa_balancing_mode & NUMA_BALANCING_MEMORY_TIERING) { 598 bool f_toptier = node_is_toptier(folio_nid(folio)); 599 bool t_toptier = node_is_toptier(folio_nid(newfolio)); 600 601 if (f_toptier != t_toptier) 602 cpupid = -1; 603 } 604 folio_xchg_last_cpupid(newfolio, cpupid); 605 606 folio_migrate_ksm(newfolio, folio); 607 /* 608 * Please do not reorder this without considering how mm/ksm.c's 609 * get_ksm_page() depends upon ksm_migrate_page() and PageSwapCache(). 610 */ 611 if (folio_test_swapcache(folio)) 612 folio_clear_swapcache(folio); 613 folio_clear_private(folio); 614 615 /* page->private contains hugetlb specific flags */ 616 if (!folio_test_hugetlb(folio)) 617 folio->private = NULL; 618 619 /* 620 * If any waiters have accumulated on the new page then 621 * wake them up. 622 */ 623 if (folio_test_writeback(newfolio)) 624 folio_end_writeback(newfolio); 625 626 /* 627 * PG_readahead shares the same bit with PG_reclaim. The above 628 * end_page_writeback() may clear PG_readahead mistakenly, so set the 629 * bit after that. 630 */ 631 if (folio_test_readahead(folio)) 632 folio_set_readahead(newfolio); 633 634 folio_copy_owner(newfolio, folio); 635 636 mem_cgroup_migrate(folio, newfolio); 637 } 638 EXPORT_SYMBOL(folio_migrate_flags); 639 640 void folio_migrate_copy(struct folio *newfolio, struct folio *folio) 641 { 642 folio_copy(newfolio, folio); 643 folio_migrate_flags(newfolio, folio); 644 } 645 EXPORT_SYMBOL(folio_migrate_copy); 646 647 /************************************************************ 648 * Migration functions 649 ***********************************************************/ 650 651 int migrate_folio_extra(struct address_space *mapping, struct folio *dst, 652 struct folio *src, enum migrate_mode mode, int extra_count) 653 { 654 int rc; 655 656 BUG_ON(folio_test_writeback(src)); /* Writeback must be complete */ 657 658 rc = folio_migrate_mapping(mapping, dst, src, extra_count); 659 660 if (rc != MIGRATEPAGE_SUCCESS) 661 return rc; 662 663 if (mode != MIGRATE_SYNC_NO_COPY) 664 folio_migrate_copy(dst, src); 665 else 666 folio_migrate_flags(dst, src); 667 return MIGRATEPAGE_SUCCESS; 668 } 669 670 /** 671 * migrate_folio() - Simple folio migration. 672 * @mapping: The address_space containing the folio. 673 * @dst: The folio to migrate the data to. 674 * @src: The folio containing the current data. 675 * @mode: How to migrate the page. 676 * 677 * Common logic to directly migrate a single LRU folio suitable for 678 * folios that do not use PagePrivate/PagePrivate2. 679 * 680 * Folios are locked upon entry and exit. 681 */ 682 int migrate_folio(struct address_space *mapping, struct folio *dst, 683 struct folio *src, enum migrate_mode mode) 684 { 685 return migrate_folio_extra(mapping, dst, src, mode, 0); 686 } 687 EXPORT_SYMBOL(migrate_folio); 688 689 #ifdef CONFIG_BUFFER_HEAD 690 /* Returns true if all buffers are successfully locked */ 691 static bool buffer_migrate_lock_buffers(struct buffer_head *head, 692 enum migrate_mode mode) 693 { 694 struct buffer_head *bh = head; 695 struct buffer_head *failed_bh; 696 697 do { 698 if (!trylock_buffer(bh)) { 699 if (mode == MIGRATE_ASYNC) 700 goto unlock; 701 if (mode == MIGRATE_SYNC_LIGHT && !buffer_uptodate(bh)) 702 goto unlock; 703 lock_buffer(bh); 704 } 705 706 bh = bh->b_this_page; 707 } while (bh != head); 708 709 return true; 710 711 unlock: 712 /* We failed to lock the buffer and cannot stall. */ 713 failed_bh = bh; 714 bh = head; 715 while (bh != failed_bh) { 716 unlock_buffer(bh); 717 bh = bh->b_this_page; 718 } 719 720 return false; 721 } 722 723 static int __buffer_migrate_folio(struct address_space *mapping, 724 struct folio *dst, struct folio *src, enum migrate_mode mode, 725 bool check_refs) 726 { 727 struct buffer_head *bh, *head; 728 int rc; 729 int expected_count; 730 731 head = folio_buffers(src); 732 if (!head) 733 return migrate_folio(mapping, dst, src, mode); 734 735 /* Check whether page does not have extra refs before we do more work */ 736 expected_count = folio_expected_refs(mapping, src); 737 if (folio_ref_count(src) != expected_count) 738 return -EAGAIN; 739 740 if (!buffer_migrate_lock_buffers(head, mode)) 741 return -EAGAIN; 742 743 if (check_refs) { 744 bool busy; 745 bool invalidated = false; 746 747 recheck_buffers: 748 busy = false; 749 spin_lock(&mapping->i_private_lock); 750 bh = head; 751 do { 752 if (atomic_read(&bh->b_count)) { 753 busy = true; 754 break; 755 } 756 bh = bh->b_this_page; 757 } while (bh != head); 758 if (busy) { 759 if (invalidated) { 760 rc = -EAGAIN; 761 goto unlock_buffers; 762 } 763 spin_unlock(&mapping->i_private_lock); 764 invalidate_bh_lrus(); 765 invalidated = true; 766 goto recheck_buffers; 767 } 768 } 769 770 rc = folio_migrate_mapping(mapping, dst, src, 0); 771 if (rc != MIGRATEPAGE_SUCCESS) 772 goto unlock_buffers; 773 774 folio_attach_private(dst, folio_detach_private(src)); 775 776 bh = head; 777 do { 778 folio_set_bh(bh, dst, bh_offset(bh)); 779 bh = bh->b_this_page; 780 } while (bh != head); 781 782 if (mode != MIGRATE_SYNC_NO_COPY) 783 folio_migrate_copy(dst, src); 784 else 785 folio_migrate_flags(dst, src); 786 787 rc = MIGRATEPAGE_SUCCESS; 788 unlock_buffers: 789 if (check_refs) 790 spin_unlock(&mapping->i_private_lock); 791 bh = head; 792 do { 793 unlock_buffer(bh); 794 bh = bh->b_this_page; 795 } while (bh != head); 796 797 return rc; 798 } 799 800 /** 801 * buffer_migrate_folio() - Migration function for folios with buffers. 802 * @mapping: The address space containing @src. 803 * @dst: The folio to migrate to. 804 * @src: The folio to migrate from. 805 * @mode: How to migrate the folio. 806 * 807 * This function can only be used if the underlying filesystem guarantees 808 * that no other references to @src exist. For example attached buffer 809 * heads are accessed only under the folio lock. If your filesystem cannot 810 * provide this guarantee, buffer_migrate_folio_norefs() may be more 811 * appropriate. 812 * 813 * Return: 0 on success or a negative errno on failure. 814 */ 815 int buffer_migrate_folio(struct address_space *mapping, 816 struct folio *dst, struct folio *src, enum migrate_mode mode) 817 { 818 return __buffer_migrate_folio(mapping, dst, src, mode, false); 819 } 820 EXPORT_SYMBOL(buffer_migrate_folio); 821 822 /** 823 * buffer_migrate_folio_norefs() - Migration function for folios with buffers. 824 * @mapping: The address space containing @src. 825 * @dst: The folio to migrate to. 826 * @src: The folio to migrate from. 827 * @mode: How to migrate the folio. 828 * 829 * Like buffer_migrate_folio() except that this variant is more careful 830 * and checks that there are also no buffer head references. This function 831 * is the right one for mappings where buffer heads are directly looked 832 * up and referenced (such as block device mappings). 833 * 834 * Return: 0 on success or a negative errno on failure. 835 */ 836 int buffer_migrate_folio_norefs(struct address_space *mapping, 837 struct folio *dst, struct folio *src, enum migrate_mode mode) 838 { 839 return __buffer_migrate_folio(mapping, dst, src, mode, true); 840 } 841 EXPORT_SYMBOL_GPL(buffer_migrate_folio_norefs); 842 #endif /* CONFIG_BUFFER_HEAD */ 843 844 int filemap_migrate_folio(struct address_space *mapping, 845 struct folio *dst, struct folio *src, enum migrate_mode mode) 846 { 847 int ret; 848 849 ret = folio_migrate_mapping(mapping, dst, src, 0); 850 if (ret != MIGRATEPAGE_SUCCESS) 851 return ret; 852 853 if (folio_get_private(src)) 854 folio_attach_private(dst, folio_detach_private(src)); 855 856 if (mode != MIGRATE_SYNC_NO_COPY) 857 folio_migrate_copy(dst, src); 858 else 859 folio_migrate_flags(dst, src); 860 return MIGRATEPAGE_SUCCESS; 861 } 862 EXPORT_SYMBOL_GPL(filemap_migrate_folio); 863 864 /* 865 * Writeback a folio to clean the dirty state 866 */ 867 static int writeout(struct address_space *mapping, struct folio *folio) 868 { 869 struct writeback_control wbc = { 870 .sync_mode = WB_SYNC_NONE, 871 .nr_to_write = 1, 872 .range_start = 0, 873 .range_end = LLONG_MAX, 874 .for_reclaim = 1 875 }; 876 int rc; 877 878 if (!mapping->a_ops->writepage) 879 /* No write method for the address space */ 880 return -EINVAL; 881 882 if (!folio_clear_dirty_for_io(folio)) 883 /* Someone else already triggered a write */ 884 return -EAGAIN; 885 886 /* 887 * A dirty folio may imply that the underlying filesystem has 888 * the folio on some queue. So the folio must be clean for 889 * migration. Writeout may mean we lose the lock and the 890 * folio state is no longer what we checked for earlier. 891 * At this point we know that the migration attempt cannot 892 * be successful. 893 */ 894 remove_migration_ptes(folio, folio, false); 895 896 rc = mapping->a_ops->writepage(&folio->page, &wbc); 897 898 if (rc != AOP_WRITEPAGE_ACTIVATE) 899 /* unlocked. Relock */ 900 folio_lock(folio); 901 902 return (rc < 0) ? -EIO : -EAGAIN; 903 } 904 905 /* 906 * Default handling if a filesystem does not provide a migration function. 907 */ 908 static int fallback_migrate_folio(struct address_space *mapping, 909 struct folio *dst, struct folio *src, enum migrate_mode mode) 910 { 911 if (folio_test_dirty(src)) { 912 /* Only writeback folios in full synchronous migration */ 913 switch (mode) { 914 case MIGRATE_SYNC: 915 case MIGRATE_SYNC_NO_COPY: 916 break; 917 default: 918 return -EBUSY; 919 } 920 return writeout(mapping, src); 921 } 922 923 /* 924 * Buffers may be managed in a filesystem specific way. 925 * We must have no buffers or drop them. 926 */ 927 if (!filemap_release_folio(src, GFP_KERNEL)) 928 return mode == MIGRATE_SYNC ? -EAGAIN : -EBUSY; 929 930 return migrate_folio(mapping, dst, src, mode); 931 } 932 933 /* 934 * Move a page to a newly allocated page 935 * The page is locked and all ptes have been successfully removed. 936 * 937 * The new page will have replaced the old page if this function 938 * is successful. 939 * 940 * Return value: 941 * < 0 - error code 942 * MIGRATEPAGE_SUCCESS - success 943 */ 944 static int move_to_new_folio(struct folio *dst, struct folio *src, 945 enum migrate_mode mode) 946 { 947 int rc = -EAGAIN; 948 bool is_lru = !__folio_test_movable(src); 949 950 VM_BUG_ON_FOLIO(!folio_test_locked(src), src); 951 VM_BUG_ON_FOLIO(!folio_test_locked(dst), dst); 952 953 if (likely(is_lru)) { 954 struct address_space *mapping = folio_mapping(src); 955 956 if (!mapping) 957 rc = migrate_folio(mapping, dst, src, mode); 958 else if (mapping->a_ops->migrate_folio) 959 /* 960 * Most folios have a mapping and most filesystems 961 * provide a migrate_folio callback. Anonymous folios 962 * are part of swap space which also has its own 963 * migrate_folio callback. This is the most common path 964 * for page migration. 965 */ 966 rc = mapping->a_ops->migrate_folio(mapping, dst, src, 967 mode); 968 else 969 rc = fallback_migrate_folio(mapping, dst, src, mode); 970 } else { 971 const struct movable_operations *mops; 972 973 /* 974 * In case of non-lru page, it could be released after 975 * isolation step. In that case, we shouldn't try migration. 976 */ 977 VM_BUG_ON_FOLIO(!folio_test_isolated(src), src); 978 if (!folio_test_movable(src)) { 979 rc = MIGRATEPAGE_SUCCESS; 980 folio_clear_isolated(src); 981 goto out; 982 } 983 984 mops = folio_movable_ops(src); 985 rc = mops->migrate_page(&dst->page, &src->page, mode); 986 WARN_ON_ONCE(rc == MIGRATEPAGE_SUCCESS && 987 !folio_test_isolated(src)); 988 } 989 990 /* 991 * When successful, old pagecache src->mapping must be cleared before 992 * src is freed; but stats require that PageAnon be left as PageAnon. 993 */ 994 if (rc == MIGRATEPAGE_SUCCESS) { 995 if (__folio_test_movable(src)) { 996 VM_BUG_ON_FOLIO(!folio_test_isolated(src), src); 997 998 /* 999 * We clear PG_movable under page_lock so any compactor 1000 * cannot try to migrate this page. 1001 */ 1002 folio_clear_isolated(src); 1003 } 1004 1005 /* 1006 * Anonymous and movable src->mapping will be cleared by 1007 * free_pages_prepare so don't reset it here for keeping 1008 * the type to work PageAnon, for example. 1009 */ 1010 if (!folio_mapping_flags(src)) 1011 src->mapping = NULL; 1012 1013 if (likely(!folio_is_zone_device(dst))) 1014 flush_dcache_folio(dst); 1015 } 1016 out: 1017 return rc; 1018 } 1019 1020 /* 1021 * To record some information during migration, we use some unused 1022 * fields (mapping and private) of struct folio of the newly allocated 1023 * destination folio. This is safe because nobody is using them 1024 * except us. 1025 */ 1026 union migration_ptr { 1027 struct anon_vma *anon_vma; 1028 struct address_space *mapping; 1029 }; 1030 1031 enum { 1032 PAGE_WAS_MAPPED = BIT(0), 1033 PAGE_WAS_MLOCKED = BIT(1), 1034 }; 1035 1036 static void __migrate_folio_record(struct folio *dst, 1037 unsigned long old_page_state, 1038 struct anon_vma *anon_vma) 1039 { 1040 union migration_ptr ptr = { .anon_vma = anon_vma }; 1041 dst->mapping = ptr.mapping; 1042 dst->private = (void *)old_page_state; 1043 } 1044 1045 static void __migrate_folio_extract(struct folio *dst, 1046 int *old_page_state, 1047 struct anon_vma **anon_vmap) 1048 { 1049 union migration_ptr ptr = { .mapping = dst->mapping }; 1050 *anon_vmap = ptr.anon_vma; 1051 *old_page_state = (unsigned long)dst->private; 1052 dst->mapping = NULL; 1053 dst->private = NULL; 1054 } 1055 1056 /* Restore the source folio to the original state upon failure */ 1057 static void migrate_folio_undo_src(struct folio *src, 1058 int page_was_mapped, 1059 struct anon_vma *anon_vma, 1060 bool locked, 1061 struct list_head *ret) 1062 { 1063 if (page_was_mapped) 1064 remove_migration_ptes(src, src, false); 1065 /* Drop an anon_vma reference if we took one */ 1066 if (anon_vma) 1067 put_anon_vma(anon_vma); 1068 if (locked) 1069 folio_unlock(src); 1070 if (ret) 1071 list_move_tail(&src->lru, ret); 1072 } 1073 1074 /* Restore the destination folio to the original state upon failure */ 1075 static void migrate_folio_undo_dst(struct folio *dst, bool locked, 1076 free_folio_t put_new_folio, unsigned long private) 1077 { 1078 if (locked) 1079 folio_unlock(dst); 1080 if (put_new_folio) 1081 put_new_folio(dst, private); 1082 else 1083 folio_put(dst); 1084 } 1085 1086 /* Cleanup src folio upon migration success */ 1087 static void migrate_folio_done(struct folio *src, 1088 enum migrate_reason reason) 1089 { 1090 /* 1091 * Compaction can migrate also non-LRU pages which are 1092 * not accounted to NR_ISOLATED_*. They can be recognized 1093 * as __folio_test_movable 1094 */ 1095 if (likely(!__folio_test_movable(src))) 1096 mod_node_page_state(folio_pgdat(src), NR_ISOLATED_ANON + 1097 folio_is_file_lru(src), -folio_nr_pages(src)); 1098 1099 if (reason != MR_MEMORY_FAILURE) 1100 /* We release the page in page_handle_poison. */ 1101 folio_put(src); 1102 } 1103 1104 /* Obtain the lock on page, remove all ptes. */ 1105 static int migrate_folio_unmap(new_folio_t get_new_folio, 1106 free_folio_t put_new_folio, unsigned long private, 1107 struct folio *src, struct folio **dstp, enum migrate_mode mode, 1108 enum migrate_reason reason, struct list_head *ret) 1109 { 1110 struct folio *dst; 1111 int rc = -EAGAIN; 1112 int old_page_state = 0; 1113 struct anon_vma *anon_vma = NULL; 1114 bool is_lru = !__folio_test_movable(src); 1115 bool locked = false; 1116 bool dst_locked = false; 1117 1118 if (folio_ref_count(src) == 1) { 1119 /* Folio was freed from under us. So we are done. */ 1120 folio_clear_active(src); 1121 folio_clear_unevictable(src); 1122 /* free_pages_prepare() will clear PG_isolated. */ 1123 list_del(&src->lru); 1124 migrate_folio_done(src, reason); 1125 return MIGRATEPAGE_SUCCESS; 1126 } 1127 1128 dst = get_new_folio(src, private); 1129 if (!dst) 1130 return -ENOMEM; 1131 *dstp = dst; 1132 1133 dst->private = NULL; 1134 1135 if (!folio_trylock(src)) { 1136 if (mode == MIGRATE_ASYNC) 1137 goto out; 1138 1139 /* 1140 * It's not safe for direct compaction to call lock_page. 1141 * For example, during page readahead pages are added locked 1142 * to the LRU. Later, when the IO completes the pages are 1143 * marked uptodate and unlocked. However, the queueing 1144 * could be merging multiple pages for one bio (e.g. 1145 * mpage_readahead). If an allocation happens for the 1146 * second or third page, the process can end up locking 1147 * the same page twice and deadlocking. Rather than 1148 * trying to be clever about what pages can be locked, 1149 * avoid the use of lock_page for direct compaction 1150 * altogether. 1151 */ 1152 if (current->flags & PF_MEMALLOC) 1153 goto out; 1154 1155 /* 1156 * In "light" mode, we can wait for transient locks (eg 1157 * inserting a page into the page table), but it's not 1158 * worth waiting for I/O. 1159 */ 1160 if (mode == MIGRATE_SYNC_LIGHT && !folio_test_uptodate(src)) 1161 goto out; 1162 1163 folio_lock(src); 1164 } 1165 locked = true; 1166 if (folio_test_mlocked(src)) 1167 old_page_state |= PAGE_WAS_MLOCKED; 1168 1169 if (folio_test_writeback(src)) { 1170 /* 1171 * Only in the case of a full synchronous migration is it 1172 * necessary to wait for PageWriteback. In the async case, 1173 * the retry loop is too short and in the sync-light case, 1174 * the overhead of stalling is too much 1175 */ 1176 switch (mode) { 1177 case MIGRATE_SYNC: 1178 case MIGRATE_SYNC_NO_COPY: 1179 break; 1180 default: 1181 rc = -EBUSY; 1182 goto out; 1183 } 1184 folio_wait_writeback(src); 1185 } 1186 1187 /* 1188 * By try_to_migrate(), src->mapcount goes down to 0 here. In this case, 1189 * we cannot notice that anon_vma is freed while we migrate a page. 1190 * This get_anon_vma() delays freeing anon_vma pointer until the end 1191 * of migration. File cache pages are no problem because of page_lock() 1192 * File Caches may use write_page() or lock_page() in migration, then, 1193 * just care Anon page here. 1194 * 1195 * Only folio_get_anon_vma() understands the subtleties of 1196 * getting a hold on an anon_vma from outside one of its mms. 1197 * But if we cannot get anon_vma, then we won't need it anyway, 1198 * because that implies that the anon page is no longer mapped 1199 * (and cannot be remapped so long as we hold the page lock). 1200 */ 1201 if (folio_test_anon(src) && !folio_test_ksm(src)) 1202 anon_vma = folio_get_anon_vma(src); 1203 1204 /* 1205 * Block others from accessing the new page when we get around to 1206 * establishing additional references. We are usually the only one 1207 * holding a reference to dst at this point. We used to have a BUG 1208 * here if folio_trylock(dst) fails, but would like to allow for 1209 * cases where there might be a race with the previous use of dst. 1210 * This is much like races on refcount of oldpage: just don't BUG(). 1211 */ 1212 if (unlikely(!folio_trylock(dst))) 1213 goto out; 1214 dst_locked = true; 1215 1216 if (unlikely(!is_lru)) { 1217 __migrate_folio_record(dst, old_page_state, anon_vma); 1218 return MIGRATEPAGE_UNMAP; 1219 } 1220 1221 /* 1222 * Corner case handling: 1223 * 1. When a new swap-cache page is read into, it is added to the LRU 1224 * and treated as swapcache but it has no rmap yet. 1225 * Calling try_to_unmap() against a src->mapping==NULL page will 1226 * trigger a BUG. So handle it here. 1227 * 2. An orphaned page (see truncate_cleanup_page) might have 1228 * fs-private metadata. The page can be picked up due to memory 1229 * offlining. Everywhere else except page reclaim, the page is 1230 * invisible to the vm, so the page can not be migrated. So try to 1231 * free the metadata, so the page can be freed. 1232 */ 1233 if (!src->mapping) { 1234 if (folio_test_private(src)) { 1235 try_to_free_buffers(src); 1236 goto out; 1237 } 1238 } else if (folio_mapped(src)) { 1239 /* Establish migration ptes */ 1240 VM_BUG_ON_FOLIO(folio_test_anon(src) && 1241 !folio_test_ksm(src) && !anon_vma, src); 1242 try_to_migrate(src, mode == MIGRATE_ASYNC ? TTU_BATCH_FLUSH : 0); 1243 old_page_state |= PAGE_WAS_MAPPED; 1244 } 1245 1246 if (!folio_mapped(src)) { 1247 __migrate_folio_record(dst, old_page_state, anon_vma); 1248 return MIGRATEPAGE_UNMAP; 1249 } 1250 1251 out: 1252 /* 1253 * A folio that has not been unmapped will be restored to 1254 * right list unless we want to retry. 1255 */ 1256 if (rc == -EAGAIN) 1257 ret = NULL; 1258 1259 migrate_folio_undo_src(src, old_page_state & PAGE_WAS_MAPPED, 1260 anon_vma, locked, ret); 1261 migrate_folio_undo_dst(dst, dst_locked, put_new_folio, private); 1262 1263 return rc; 1264 } 1265 1266 /* Migrate the folio to the newly allocated folio in dst. */ 1267 static int migrate_folio_move(free_folio_t put_new_folio, unsigned long private, 1268 struct folio *src, struct folio *dst, 1269 enum migrate_mode mode, enum migrate_reason reason, 1270 struct list_head *ret) 1271 { 1272 int rc; 1273 int old_page_state = 0; 1274 struct anon_vma *anon_vma = NULL; 1275 bool is_lru = !__folio_test_movable(src); 1276 struct list_head *prev; 1277 1278 __migrate_folio_extract(dst, &old_page_state, &anon_vma); 1279 prev = dst->lru.prev; 1280 list_del(&dst->lru); 1281 1282 rc = move_to_new_folio(dst, src, mode); 1283 if (rc) 1284 goto out; 1285 1286 if (unlikely(!is_lru)) 1287 goto out_unlock_both; 1288 1289 /* 1290 * When successful, push dst to LRU immediately: so that if it 1291 * turns out to be an mlocked page, remove_migration_ptes() will 1292 * automatically build up the correct dst->mlock_count for it. 1293 * 1294 * We would like to do something similar for the old page, when 1295 * unsuccessful, and other cases when a page has been temporarily 1296 * isolated from the unevictable LRU: but this case is the easiest. 1297 */ 1298 folio_add_lru(dst); 1299 if (old_page_state & PAGE_WAS_MLOCKED) 1300 lru_add_drain(); 1301 1302 if (old_page_state & PAGE_WAS_MAPPED) 1303 remove_migration_ptes(src, dst, false); 1304 1305 out_unlock_both: 1306 folio_unlock(dst); 1307 set_page_owner_migrate_reason(&dst->page, reason); 1308 /* 1309 * If migration is successful, decrease refcount of dst, 1310 * which will not free the page because new page owner increased 1311 * refcounter. 1312 */ 1313 folio_put(dst); 1314 1315 /* 1316 * A folio that has been migrated has all references removed 1317 * and will be freed. 1318 */ 1319 list_del(&src->lru); 1320 /* Drop an anon_vma reference if we took one */ 1321 if (anon_vma) 1322 put_anon_vma(anon_vma); 1323 folio_unlock(src); 1324 migrate_folio_done(src, reason); 1325 1326 return rc; 1327 out: 1328 /* 1329 * A folio that has not been migrated will be restored to 1330 * right list unless we want to retry. 1331 */ 1332 if (rc == -EAGAIN) { 1333 list_add(&dst->lru, prev); 1334 __migrate_folio_record(dst, old_page_state, anon_vma); 1335 return rc; 1336 } 1337 1338 migrate_folio_undo_src(src, old_page_state & PAGE_WAS_MAPPED, 1339 anon_vma, true, ret); 1340 migrate_folio_undo_dst(dst, true, put_new_folio, private); 1341 1342 return rc; 1343 } 1344 1345 /* 1346 * Counterpart of unmap_and_move_page() for hugepage migration. 1347 * 1348 * This function doesn't wait the completion of hugepage I/O 1349 * because there is no race between I/O and migration for hugepage. 1350 * Note that currently hugepage I/O occurs only in direct I/O 1351 * where no lock is held and PG_writeback is irrelevant, 1352 * and writeback status of all subpages are counted in the reference 1353 * count of the head page (i.e. if all subpages of a 2MB hugepage are 1354 * under direct I/O, the reference of the head page is 512 and a bit more.) 1355 * This means that when we try to migrate hugepage whose subpages are 1356 * doing direct I/O, some references remain after try_to_unmap() and 1357 * hugepage migration fails without data corruption. 1358 * 1359 * There is also no race when direct I/O is issued on the page under migration, 1360 * because then pte is replaced with migration swap entry and direct I/O code 1361 * will wait in the page fault for migration to complete. 1362 */ 1363 static int unmap_and_move_huge_page(new_folio_t get_new_folio, 1364 free_folio_t put_new_folio, unsigned long private, 1365 struct folio *src, int force, enum migrate_mode mode, 1366 int reason, struct list_head *ret) 1367 { 1368 struct folio *dst; 1369 int rc = -EAGAIN; 1370 int page_was_mapped = 0; 1371 struct anon_vma *anon_vma = NULL; 1372 struct address_space *mapping = NULL; 1373 1374 if (folio_ref_count(src) == 1) { 1375 /* page was freed from under us. So we are done. */ 1376 folio_putback_active_hugetlb(src); 1377 return MIGRATEPAGE_SUCCESS; 1378 } 1379 1380 dst = get_new_folio(src, private); 1381 if (!dst) 1382 return -ENOMEM; 1383 1384 if (!folio_trylock(src)) { 1385 if (!force) 1386 goto out; 1387 switch (mode) { 1388 case MIGRATE_SYNC: 1389 case MIGRATE_SYNC_NO_COPY: 1390 break; 1391 default: 1392 goto out; 1393 } 1394 folio_lock(src); 1395 } 1396 1397 /* 1398 * Check for pages which are in the process of being freed. Without 1399 * folio_mapping() set, hugetlbfs specific move page routine will not 1400 * be called and we could leak usage counts for subpools. 1401 */ 1402 if (hugetlb_folio_subpool(src) && !folio_mapping(src)) { 1403 rc = -EBUSY; 1404 goto out_unlock; 1405 } 1406 1407 if (folio_test_anon(src)) 1408 anon_vma = folio_get_anon_vma(src); 1409 1410 if (unlikely(!folio_trylock(dst))) 1411 goto put_anon; 1412 1413 if (folio_mapped(src)) { 1414 enum ttu_flags ttu = 0; 1415 1416 if (!folio_test_anon(src)) { 1417 /* 1418 * In shared mappings, try_to_unmap could potentially 1419 * call huge_pmd_unshare. Because of this, take 1420 * semaphore in write mode here and set TTU_RMAP_LOCKED 1421 * to let lower levels know we have taken the lock. 1422 */ 1423 mapping = hugetlb_page_mapping_lock_write(&src->page); 1424 if (unlikely(!mapping)) 1425 goto unlock_put_anon; 1426 1427 ttu = TTU_RMAP_LOCKED; 1428 } 1429 1430 try_to_migrate(src, ttu); 1431 page_was_mapped = 1; 1432 1433 if (ttu & TTU_RMAP_LOCKED) 1434 i_mmap_unlock_write(mapping); 1435 } 1436 1437 if (!folio_mapped(src)) 1438 rc = move_to_new_folio(dst, src, mode); 1439 1440 if (page_was_mapped) 1441 remove_migration_ptes(src, 1442 rc == MIGRATEPAGE_SUCCESS ? dst : src, false); 1443 1444 unlock_put_anon: 1445 folio_unlock(dst); 1446 1447 put_anon: 1448 if (anon_vma) 1449 put_anon_vma(anon_vma); 1450 1451 if (rc == MIGRATEPAGE_SUCCESS) { 1452 move_hugetlb_state(src, dst, reason); 1453 put_new_folio = NULL; 1454 } 1455 1456 out_unlock: 1457 folio_unlock(src); 1458 out: 1459 if (rc == MIGRATEPAGE_SUCCESS) 1460 folio_putback_active_hugetlb(src); 1461 else if (rc != -EAGAIN) 1462 list_move_tail(&src->lru, ret); 1463 1464 /* 1465 * If migration was not successful and there's a freeing callback, use 1466 * it. Otherwise, put_page() will drop the reference grabbed during 1467 * isolation. 1468 */ 1469 if (put_new_folio) 1470 put_new_folio(dst, private); 1471 else 1472 folio_putback_active_hugetlb(dst); 1473 1474 return rc; 1475 } 1476 1477 static inline int try_split_folio(struct folio *folio, struct list_head *split_folios) 1478 { 1479 int rc; 1480 1481 folio_lock(folio); 1482 rc = split_folio_to_list(folio, split_folios); 1483 folio_unlock(folio); 1484 if (!rc) 1485 list_move_tail(&folio->lru, split_folios); 1486 1487 return rc; 1488 } 1489 1490 #ifdef CONFIG_TRANSPARENT_HUGEPAGE 1491 #define NR_MAX_BATCHED_MIGRATION HPAGE_PMD_NR 1492 #else 1493 #define NR_MAX_BATCHED_MIGRATION 512 1494 #endif 1495 #define NR_MAX_MIGRATE_PAGES_RETRY 10 1496 #define NR_MAX_MIGRATE_ASYNC_RETRY 3 1497 #define NR_MAX_MIGRATE_SYNC_RETRY \ 1498 (NR_MAX_MIGRATE_PAGES_RETRY - NR_MAX_MIGRATE_ASYNC_RETRY) 1499 1500 struct migrate_pages_stats { 1501 int nr_succeeded; /* Normal and large folios migrated successfully, in 1502 units of base pages */ 1503 int nr_failed_pages; /* Normal and large folios failed to be migrated, in 1504 units of base pages. Untried folios aren't counted */ 1505 int nr_thp_succeeded; /* THP migrated successfully */ 1506 int nr_thp_failed; /* THP failed to be migrated */ 1507 int nr_thp_split; /* THP split before migrating */ 1508 int nr_split; /* Large folio (include THP) split before migrating */ 1509 }; 1510 1511 /* 1512 * Returns the number of hugetlb folios that were not migrated, or an error code 1513 * after NR_MAX_MIGRATE_PAGES_RETRY attempts or if no hugetlb folios are movable 1514 * any more because the list has become empty or no retryable hugetlb folios 1515 * exist any more. It is caller's responsibility to call putback_movable_pages() 1516 * only if ret != 0. 1517 */ 1518 static int migrate_hugetlbs(struct list_head *from, new_folio_t get_new_folio, 1519 free_folio_t put_new_folio, unsigned long private, 1520 enum migrate_mode mode, int reason, 1521 struct migrate_pages_stats *stats, 1522 struct list_head *ret_folios) 1523 { 1524 int retry = 1; 1525 int nr_failed = 0; 1526 int nr_retry_pages = 0; 1527 int pass = 0; 1528 struct folio *folio, *folio2; 1529 int rc, nr_pages; 1530 1531 for (pass = 0; pass < NR_MAX_MIGRATE_PAGES_RETRY && retry; pass++) { 1532 retry = 0; 1533 nr_retry_pages = 0; 1534 1535 list_for_each_entry_safe(folio, folio2, from, lru) { 1536 if (!folio_test_hugetlb(folio)) 1537 continue; 1538 1539 nr_pages = folio_nr_pages(folio); 1540 1541 cond_resched(); 1542 1543 /* 1544 * Migratability of hugepages depends on architectures and 1545 * their size. This check is necessary because some callers 1546 * of hugepage migration like soft offline and memory 1547 * hotremove don't walk through page tables or check whether 1548 * the hugepage is pmd-based or not before kicking migration. 1549 */ 1550 if (!hugepage_migration_supported(folio_hstate(folio))) { 1551 nr_failed++; 1552 stats->nr_failed_pages += nr_pages; 1553 list_move_tail(&folio->lru, ret_folios); 1554 continue; 1555 } 1556 1557 rc = unmap_and_move_huge_page(get_new_folio, 1558 put_new_folio, private, 1559 folio, pass > 2, mode, 1560 reason, ret_folios); 1561 /* 1562 * The rules are: 1563 * Success: hugetlb folio will be put back 1564 * -EAGAIN: stay on the from list 1565 * -ENOMEM: stay on the from list 1566 * Other errno: put on ret_folios list 1567 */ 1568 switch(rc) { 1569 case -ENOMEM: 1570 /* 1571 * When memory is low, don't bother to try to migrate 1572 * other folios, just exit. 1573 */ 1574 stats->nr_failed_pages += nr_pages + nr_retry_pages; 1575 return -ENOMEM; 1576 case -EAGAIN: 1577 retry++; 1578 nr_retry_pages += nr_pages; 1579 break; 1580 case MIGRATEPAGE_SUCCESS: 1581 stats->nr_succeeded += nr_pages; 1582 break; 1583 default: 1584 /* 1585 * Permanent failure (-EBUSY, etc.): 1586 * unlike -EAGAIN case, the failed folio is 1587 * removed from migration folio list and not 1588 * retried in the next outer loop. 1589 */ 1590 nr_failed++; 1591 stats->nr_failed_pages += nr_pages; 1592 break; 1593 } 1594 } 1595 } 1596 /* 1597 * nr_failed is number of hugetlb folios failed to be migrated. After 1598 * NR_MAX_MIGRATE_PAGES_RETRY attempts, give up and count retried hugetlb 1599 * folios as failed. 1600 */ 1601 nr_failed += retry; 1602 stats->nr_failed_pages += nr_retry_pages; 1603 1604 return nr_failed; 1605 } 1606 1607 /* 1608 * migrate_pages_batch() first unmaps folios in the from list as many as 1609 * possible, then move the unmapped folios. 1610 * 1611 * We only batch migration if mode == MIGRATE_ASYNC to avoid to wait a 1612 * lock or bit when we have locked more than one folio. Which may cause 1613 * deadlock (e.g., for loop device). So, if mode != MIGRATE_ASYNC, the 1614 * length of the from list must be <= 1. 1615 */ 1616 static int migrate_pages_batch(struct list_head *from, 1617 new_folio_t get_new_folio, free_folio_t put_new_folio, 1618 unsigned long private, enum migrate_mode mode, int reason, 1619 struct list_head *ret_folios, struct list_head *split_folios, 1620 struct migrate_pages_stats *stats, int nr_pass) 1621 { 1622 int retry = 1; 1623 int thp_retry = 1; 1624 int nr_failed = 0; 1625 int nr_retry_pages = 0; 1626 int pass = 0; 1627 bool is_thp = false; 1628 bool is_large = false; 1629 struct folio *folio, *folio2, *dst = NULL, *dst2; 1630 int rc, rc_saved = 0, nr_pages; 1631 LIST_HEAD(unmap_folios); 1632 LIST_HEAD(dst_folios); 1633 bool nosplit = (reason == MR_NUMA_MISPLACED); 1634 1635 VM_WARN_ON_ONCE(mode != MIGRATE_ASYNC && 1636 !list_empty(from) && !list_is_singular(from)); 1637 1638 for (pass = 0; pass < nr_pass && retry; pass++) { 1639 retry = 0; 1640 thp_retry = 0; 1641 nr_retry_pages = 0; 1642 1643 list_for_each_entry_safe(folio, folio2, from, lru) { 1644 is_large = folio_test_large(folio); 1645 is_thp = is_large && folio_test_pmd_mappable(folio); 1646 nr_pages = folio_nr_pages(folio); 1647 1648 cond_resched(); 1649 1650 /* 1651 * Large folio migration might be unsupported or 1652 * the allocation might be failed so we should retry 1653 * on the same folio with the large folio split 1654 * to normal folios. 1655 * 1656 * Split folios are put in split_folios, and 1657 * we will migrate them after the rest of the 1658 * list is processed. 1659 */ 1660 if (!thp_migration_supported() && is_thp) { 1661 nr_failed++; 1662 stats->nr_thp_failed++; 1663 if (!try_split_folio(folio, split_folios)) { 1664 stats->nr_thp_split++; 1665 stats->nr_split++; 1666 continue; 1667 } 1668 stats->nr_failed_pages += nr_pages; 1669 list_move_tail(&folio->lru, ret_folios); 1670 continue; 1671 } 1672 1673 rc = migrate_folio_unmap(get_new_folio, put_new_folio, 1674 private, folio, &dst, mode, reason, 1675 ret_folios); 1676 /* 1677 * The rules are: 1678 * Success: folio will be freed 1679 * Unmap: folio will be put on unmap_folios list, 1680 * dst folio put on dst_folios list 1681 * -EAGAIN: stay on the from list 1682 * -ENOMEM: stay on the from list 1683 * Other errno: put on ret_folios list 1684 */ 1685 switch(rc) { 1686 case -ENOMEM: 1687 /* 1688 * When memory is low, don't bother to try to migrate 1689 * other folios, move unmapped folios, then exit. 1690 */ 1691 nr_failed++; 1692 stats->nr_thp_failed += is_thp; 1693 /* Large folio NUMA faulting doesn't split to retry. */ 1694 if (is_large && !nosplit) { 1695 int ret = try_split_folio(folio, split_folios); 1696 1697 if (!ret) { 1698 stats->nr_thp_split += is_thp; 1699 stats->nr_split++; 1700 break; 1701 } else if (reason == MR_LONGTERM_PIN && 1702 ret == -EAGAIN) { 1703 /* 1704 * Try again to split large folio to 1705 * mitigate the failure of longterm pinning. 1706 */ 1707 retry++; 1708 thp_retry += is_thp; 1709 nr_retry_pages += nr_pages; 1710 /* Undo duplicated failure counting. */ 1711 nr_failed--; 1712 stats->nr_thp_failed -= is_thp; 1713 break; 1714 } 1715 } 1716 1717 stats->nr_failed_pages += nr_pages + nr_retry_pages; 1718 /* nr_failed isn't updated for not used */ 1719 stats->nr_thp_failed += thp_retry; 1720 rc_saved = rc; 1721 if (list_empty(&unmap_folios)) 1722 goto out; 1723 else 1724 goto move; 1725 case -EAGAIN: 1726 retry++; 1727 thp_retry += is_thp; 1728 nr_retry_pages += nr_pages; 1729 break; 1730 case MIGRATEPAGE_SUCCESS: 1731 stats->nr_succeeded += nr_pages; 1732 stats->nr_thp_succeeded += is_thp; 1733 break; 1734 case MIGRATEPAGE_UNMAP: 1735 list_move_tail(&folio->lru, &unmap_folios); 1736 list_add_tail(&dst->lru, &dst_folios); 1737 break; 1738 default: 1739 /* 1740 * Permanent failure (-EBUSY, etc.): 1741 * unlike -EAGAIN case, the failed folio is 1742 * removed from migration folio list and not 1743 * retried in the next outer loop. 1744 */ 1745 nr_failed++; 1746 stats->nr_thp_failed += is_thp; 1747 stats->nr_failed_pages += nr_pages; 1748 break; 1749 } 1750 } 1751 } 1752 nr_failed += retry; 1753 stats->nr_thp_failed += thp_retry; 1754 stats->nr_failed_pages += nr_retry_pages; 1755 move: 1756 /* Flush TLBs for all unmapped folios */ 1757 try_to_unmap_flush(); 1758 1759 retry = 1; 1760 for (pass = 0; pass < nr_pass && retry; pass++) { 1761 retry = 0; 1762 thp_retry = 0; 1763 nr_retry_pages = 0; 1764 1765 dst = list_first_entry(&dst_folios, struct folio, lru); 1766 dst2 = list_next_entry(dst, lru); 1767 list_for_each_entry_safe(folio, folio2, &unmap_folios, lru) { 1768 is_thp = folio_test_large(folio) && folio_test_pmd_mappable(folio); 1769 nr_pages = folio_nr_pages(folio); 1770 1771 cond_resched(); 1772 1773 rc = migrate_folio_move(put_new_folio, private, 1774 folio, dst, mode, 1775 reason, ret_folios); 1776 /* 1777 * The rules are: 1778 * Success: folio will be freed 1779 * -EAGAIN: stay on the unmap_folios list 1780 * Other errno: put on ret_folios list 1781 */ 1782 switch(rc) { 1783 case -EAGAIN: 1784 retry++; 1785 thp_retry += is_thp; 1786 nr_retry_pages += nr_pages; 1787 break; 1788 case MIGRATEPAGE_SUCCESS: 1789 stats->nr_succeeded += nr_pages; 1790 stats->nr_thp_succeeded += is_thp; 1791 break; 1792 default: 1793 nr_failed++; 1794 stats->nr_thp_failed += is_thp; 1795 stats->nr_failed_pages += nr_pages; 1796 break; 1797 } 1798 dst = dst2; 1799 dst2 = list_next_entry(dst, lru); 1800 } 1801 } 1802 nr_failed += retry; 1803 stats->nr_thp_failed += thp_retry; 1804 stats->nr_failed_pages += nr_retry_pages; 1805 1806 rc = rc_saved ? : nr_failed; 1807 out: 1808 /* Cleanup remaining folios */ 1809 dst = list_first_entry(&dst_folios, struct folio, lru); 1810 dst2 = list_next_entry(dst, lru); 1811 list_for_each_entry_safe(folio, folio2, &unmap_folios, lru) { 1812 int old_page_state = 0; 1813 struct anon_vma *anon_vma = NULL; 1814 1815 __migrate_folio_extract(dst, &old_page_state, &anon_vma); 1816 migrate_folio_undo_src(folio, old_page_state & PAGE_WAS_MAPPED, 1817 anon_vma, true, ret_folios); 1818 list_del(&dst->lru); 1819 migrate_folio_undo_dst(dst, true, put_new_folio, private); 1820 dst = dst2; 1821 dst2 = list_next_entry(dst, lru); 1822 } 1823 1824 return rc; 1825 } 1826 1827 static int migrate_pages_sync(struct list_head *from, new_folio_t get_new_folio, 1828 free_folio_t put_new_folio, unsigned long private, 1829 enum migrate_mode mode, int reason, 1830 struct list_head *ret_folios, struct list_head *split_folios, 1831 struct migrate_pages_stats *stats) 1832 { 1833 int rc, nr_failed = 0; 1834 LIST_HEAD(folios); 1835 struct migrate_pages_stats astats; 1836 1837 memset(&astats, 0, sizeof(astats)); 1838 /* Try to migrate in batch with MIGRATE_ASYNC mode firstly */ 1839 rc = migrate_pages_batch(from, get_new_folio, put_new_folio, private, MIGRATE_ASYNC, 1840 reason, &folios, split_folios, &astats, 1841 NR_MAX_MIGRATE_ASYNC_RETRY); 1842 stats->nr_succeeded += astats.nr_succeeded; 1843 stats->nr_thp_succeeded += astats.nr_thp_succeeded; 1844 stats->nr_thp_split += astats.nr_thp_split; 1845 stats->nr_split += astats.nr_split; 1846 if (rc < 0) { 1847 stats->nr_failed_pages += astats.nr_failed_pages; 1848 stats->nr_thp_failed += astats.nr_thp_failed; 1849 list_splice_tail(&folios, ret_folios); 1850 return rc; 1851 } 1852 stats->nr_thp_failed += astats.nr_thp_split; 1853 /* 1854 * Do not count rc, as pages will be retried below. 1855 * Count nr_split only, since it includes nr_thp_split. 1856 */ 1857 nr_failed += astats.nr_split; 1858 /* 1859 * Fall back to migrate all failed folios one by one synchronously. All 1860 * failed folios except split THPs will be retried, so their failure 1861 * isn't counted 1862 */ 1863 list_splice_tail_init(&folios, from); 1864 while (!list_empty(from)) { 1865 list_move(from->next, &folios); 1866 rc = migrate_pages_batch(&folios, get_new_folio, put_new_folio, 1867 private, mode, reason, ret_folios, 1868 split_folios, stats, NR_MAX_MIGRATE_SYNC_RETRY); 1869 list_splice_tail_init(&folios, ret_folios); 1870 if (rc < 0) 1871 return rc; 1872 nr_failed += rc; 1873 } 1874 1875 return nr_failed; 1876 } 1877 1878 /* 1879 * migrate_pages - migrate the folios specified in a list, to the free folios 1880 * supplied as the target for the page migration 1881 * 1882 * @from: The list of folios to be migrated. 1883 * @get_new_folio: The function used to allocate free folios to be used 1884 * as the target of the folio migration. 1885 * @put_new_folio: The function used to free target folios if migration 1886 * fails, or NULL if no special handling is necessary. 1887 * @private: Private data to be passed on to get_new_folio() 1888 * @mode: The migration mode that specifies the constraints for 1889 * folio migration, if any. 1890 * @reason: The reason for folio migration. 1891 * @ret_succeeded: Set to the number of folios migrated successfully if 1892 * the caller passes a non-NULL pointer. 1893 * 1894 * The function returns after NR_MAX_MIGRATE_PAGES_RETRY attempts or if no folios 1895 * are movable any more because the list has become empty or no retryable folios 1896 * exist any more. It is caller's responsibility to call putback_movable_pages() 1897 * only if ret != 0. 1898 * 1899 * Returns the number of {normal folio, large folio, hugetlb} that were not 1900 * migrated, or an error code. The number of large folio splits will be 1901 * considered as the number of non-migrated large folio, no matter how many 1902 * split folios of the large folio are migrated successfully. 1903 */ 1904 int migrate_pages(struct list_head *from, new_folio_t get_new_folio, 1905 free_folio_t put_new_folio, unsigned long private, 1906 enum migrate_mode mode, int reason, unsigned int *ret_succeeded) 1907 { 1908 int rc, rc_gather; 1909 int nr_pages; 1910 struct folio *folio, *folio2; 1911 LIST_HEAD(folios); 1912 LIST_HEAD(ret_folios); 1913 LIST_HEAD(split_folios); 1914 struct migrate_pages_stats stats; 1915 1916 trace_mm_migrate_pages_start(mode, reason); 1917 1918 memset(&stats, 0, sizeof(stats)); 1919 1920 rc_gather = migrate_hugetlbs(from, get_new_folio, put_new_folio, private, 1921 mode, reason, &stats, &ret_folios); 1922 if (rc_gather < 0) 1923 goto out; 1924 1925 again: 1926 nr_pages = 0; 1927 list_for_each_entry_safe(folio, folio2, from, lru) { 1928 /* Retried hugetlb folios will be kept in list */ 1929 if (folio_test_hugetlb(folio)) { 1930 list_move_tail(&folio->lru, &ret_folios); 1931 continue; 1932 } 1933 1934 nr_pages += folio_nr_pages(folio); 1935 if (nr_pages >= NR_MAX_BATCHED_MIGRATION) 1936 break; 1937 } 1938 if (nr_pages >= NR_MAX_BATCHED_MIGRATION) 1939 list_cut_before(&folios, from, &folio2->lru); 1940 else 1941 list_splice_init(from, &folios); 1942 if (mode == MIGRATE_ASYNC) 1943 rc = migrate_pages_batch(&folios, get_new_folio, put_new_folio, 1944 private, mode, reason, &ret_folios, 1945 &split_folios, &stats, 1946 NR_MAX_MIGRATE_PAGES_RETRY); 1947 else 1948 rc = migrate_pages_sync(&folios, get_new_folio, put_new_folio, 1949 private, mode, reason, &ret_folios, 1950 &split_folios, &stats); 1951 list_splice_tail_init(&folios, &ret_folios); 1952 if (rc < 0) { 1953 rc_gather = rc; 1954 list_splice_tail(&split_folios, &ret_folios); 1955 goto out; 1956 } 1957 if (!list_empty(&split_folios)) { 1958 /* 1959 * Failure isn't counted since all split folios of a large folio 1960 * is counted as 1 failure already. And, we only try to migrate 1961 * with minimal effort, force MIGRATE_ASYNC mode and retry once. 1962 */ 1963 migrate_pages_batch(&split_folios, get_new_folio, 1964 put_new_folio, private, MIGRATE_ASYNC, reason, 1965 &ret_folios, NULL, &stats, 1); 1966 list_splice_tail_init(&split_folios, &ret_folios); 1967 } 1968 rc_gather += rc; 1969 if (!list_empty(from)) 1970 goto again; 1971 out: 1972 /* 1973 * Put the permanent failure folio back to migration list, they 1974 * will be put back to the right list by the caller. 1975 */ 1976 list_splice(&ret_folios, from); 1977 1978 /* 1979 * Return 0 in case all split folios of fail-to-migrate large folios 1980 * are migrated successfully. 1981 */ 1982 if (list_empty(from)) 1983 rc_gather = 0; 1984 1985 count_vm_events(PGMIGRATE_SUCCESS, stats.nr_succeeded); 1986 count_vm_events(PGMIGRATE_FAIL, stats.nr_failed_pages); 1987 count_vm_events(THP_MIGRATION_SUCCESS, stats.nr_thp_succeeded); 1988 count_vm_events(THP_MIGRATION_FAIL, stats.nr_thp_failed); 1989 count_vm_events(THP_MIGRATION_SPLIT, stats.nr_thp_split); 1990 trace_mm_migrate_pages(stats.nr_succeeded, stats.nr_failed_pages, 1991 stats.nr_thp_succeeded, stats.nr_thp_failed, 1992 stats.nr_thp_split, stats.nr_split, mode, 1993 reason); 1994 1995 if (ret_succeeded) 1996 *ret_succeeded = stats.nr_succeeded; 1997 1998 return rc_gather; 1999 } 2000 2001 struct folio *alloc_migration_target(struct folio *src, unsigned long private) 2002 { 2003 struct migration_target_control *mtc; 2004 gfp_t gfp_mask; 2005 unsigned int order = 0; 2006 int nid; 2007 int zidx; 2008 2009 mtc = (struct migration_target_control *)private; 2010 gfp_mask = mtc->gfp_mask; 2011 nid = mtc->nid; 2012 if (nid == NUMA_NO_NODE) 2013 nid = folio_nid(src); 2014 2015 if (folio_test_hugetlb(src)) { 2016 struct hstate *h = folio_hstate(src); 2017 2018 gfp_mask = htlb_modify_alloc_mask(h, gfp_mask); 2019 return alloc_hugetlb_folio_nodemask(h, nid, 2020 mtc->nmask, gfp_mask); 2021 } 2022 2023 if (folio_test_large(src)) { 2024 /* 2025 * clear __GFP_RECLAIM to make the migration callback 2026 * consistent with regular THP allocations. 2027 */ 2028 gfp_mask &= ~__GFP_RECLAIM; 2029 gfp_mask |= GFP_TRANSHUGE; 2030 order = folio_order(src); 2031 } 2032 zidx = zone_idx(folio_zone(src)); 2033 if (is_highmem_idx(zidx) || zidx == ZONE_MOVABLE) 2034 gfp_mask |= __GFP_HIGHMEM; 2035 2036 return __folio_alloc(gfp_mask, order, nid, mtc->nmask); 2037 } 2038 2039 #ifdef CONFIG_NUMA 2040 2041 static int store_status(int __user *status, int start, int value, int nr) 2042 { 2043 while (nr-- > 0) { 2044 if (put_user(value, status + start)) 2045 return -EFAULT; 2046 start++; 2047 } 2048 2049 return 0; 2050 } 2051 2052 static int do_move_pages_to_node(struct list_head *pagelist, int node) 2053 { 2054 int err; 2055 struct migration_target_control mtc = { 2056 .nid = node, 2057 .gfp_mask = GFP_HIGHUSER_MOVABLE | __GFP_THISNODE, 2058 }; 2059 2060 err = migrate_pages(pagelist, alloc_migration_target, NULL, 2061 (unsigned long)&mtc, MIGRATE_SYNC, MR_SYSCALL, NULL); 2062 if (err) 2063 putback_movable_pages(pagelist); 2064 return err; 2065 } 2066 2067 /* 2068 * Resolves the given address to a struct page, isolates it from the LRU and 2069 * puts it to the given pagelist. 2070 * Returns: 2071 * errno - if the page cannot be found/isolated 2072 * 0 - when it doesn't have to be migrated because it is already on the 2073 * target node 2074 * 1 - when it has been queued 2075 */ 2076 static int add_page_for_migration(struct mm_struct *mm, const void __user *p, 2077 int node, struct list_head *pagelist, bool migrate_all) 2078 { 2079 struct vm_area_struct *vma; 2080 unsigned long addr; 2081 struct page *page; 2082 struct folio *folio; 2083 int err; 2084 2085 mmap_read_lock(mm); 2086 addr = (unsigned long)untagged_addr_remote(mm, p); 2087 2088 err = -EFAULT; 2089 vma = vma_lookup(mm, addr); 2090 if (!vma || !vma_migratable(vma)) 2091 goto out; 2092 2093 /* FOLL_DUMP to ignore special (like zero) pages */ 2094 page = follow_page(vma, addr, FOLL_GET | FOLL_DUMP); 2095 2096 err = PTR_ERR(page); 2097 if (IS_ERR(page)) 2098 goto out; 2099 2100 err = -ENOENT; 2101 if (!page) 2102 goto out; 2103 2104 folio = page_folio(page); 2105 if (folio_is_zone_device(folio)) 2106 goto out_putfolio; 2107 2108 err = 0; 2109 if (folio_nid(folio) == node) 2110 goto out_putfolio; 2111 2112 err = -EACCES; 2113 if (page_mapcount(page) > 1 && !migrate_all) 2114 goto out_putfolio; 2115 2116 err = -EBUSY; 2117 if (folio_test_hugetlb(folio)) { 2118 if (isolate_hugetlb(folio, pagelist)) 2119 err = 1; 2120 } else { 2121 if (!folio_isolate_lru(folio)) 2122 goto out_putfolio; 2123 2124 err = 1; 2125 list_add_tail(&folio->lru, pagelist); 2126 node_stat_mod_folio(folio, 2127 NR_ISOLATED_ANON + folio_is_file_lru(folio), 2128 folio_nr_pages(folio)); 2129 } 2130 out_putfolio: 2131 /* 2132 * Either remove the duplicate refcount from folio_isolate_lru() 2133 * or drop the folio ref if it was not isolated. 2134 */ 2135 folio_put(folio); 2136 out: 2137 mmap_read_unlock(mm); 2138 return err; 2139 } 2140 2141 static int move_pages_and_store_status(int node, 2142 struct list_head *pagelist, int __user *status, 2143 int start, int i, unsigned long nr_pages) 2144 { 2145 int err; 2146 2147 if (list_empty(pagelist)) 2148 return 0; 2149 2150 err = do_move_pages_to_node(pagelist, node); 2151 if (err) { 2152 /* 2153 * Positive err means the number of failed 2154 * pages to migrate. Since we are going to 2155 * abort and return the number of non-migrated 2156 * pages, so need to include the rest of the 2157 * nr_pages that have not been attempted as 2158 * well. 2159 */ 2160 if (err > 0) 2161 err += nr_pages - i; 2162 return err; 2163 } 2164 return store_status(status, start, node, i - start); 2165 } 2166 2167 /* 2168 * Migrate an array of page address onto an array of nodes and fill 2169 * the corresponding array of status. 2170 */ 2171 static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes, 2172 unsigned long nr_pages, 2173 const void __user * __user *pages, 2174 const int __user *nodes, 2175 int __user *status, int flags) 2176 { 2177 compat_uptr_t __user *compat_pages = (void __user *)pages; 2178 int current_node = NUMA_NO_NODE; 2179 LIST_HEAD(pagelist); 2180 int start, i; 2181 int err = 0, err1; 2182 2183 lru_cache_disable(); 2184 2185 for (i = start = 0; i < nr_pages; i++) { 2186 const void __user *p; 2187 int node; 2188 2189 err = -EFAULT; 2190 if (in_compat_syscall()) { 2191 compat_uptr_t cp; 2192 2193 if (get_user(cp, compat_pages + i)) 2194 goto out_flush; 2195 2196 p = compat_ptr(cp); 2197 } else { 2198 if (get_user(p, pages + i)) 2199 goto out_flush; 2200 } 2201 if (get_user(node, nodes + i)) 2202 goto out_flush; 2203 2204 err = -ENODEV; 2205 if (node < 0 || node >= MAX_NUMNODES) 2206 goto out_flush; 2207 if (!node_state(node, N_MEMORY)) 2208 goto out_flush; 2209 2210 err = -EACCES; 2211 if (!node_isset(node, task_nodes)) 2212 goto out_flush; 2213 2214 if (current_node == NUMA_NO_NODE) { 2215 current_node = node; 2216 start = i; 2217 } else if (node != current_node) { 2218 err = move_pages_and_store_status(current_node, 2219 &pagelist, status, start, i, nr_pages); 2220 if (err) 2221 goto out; 2222 start = i; 2223 current_node = node; 2224 } 2225 2226 /* 2227 * Errors in the page lookup or isolation are not fatal and we simply 2228 * report them via status 2229 */ 2230 err = add_page_for_migration(mm, p, current_node, &pagelist, 2231 flags & MPOL_MF_MOVE_ALL); 2232 2233 if (err > 0) { 2234 /* The page is successfully queued for migration */ 2235 continue; 2236 } 2237 2238 /* 2239 * The move_pages() man page does not have an -EEXIST choice, so 2240 * use -EFAULT instead. 2241 */ 2242 if (err == -EEXIST) 2243 err = -EFAULT; 2244 2245 /* 2246 * If the page is already on the target node (!err), store the 2247 * node, otherwise, store the err. 2248 */ 2249 err = store_status(status, i, err ? : current_node, 1); 2250 if (err) 2251 goto out_flush; 2252 2253 err = move_pages_and_store_status(current_node, &pagelist, 2254 status, start, i, nr_pages); 2255 if (err) { 2256 /* We have accounted for page i */ 2257 if (err > 0) 2258 err--; 2259 goto out; 2260 } 2261 current_node = NUMA_NO_NODE; 2262 } 2263 out_flush: 2264 /* Make sure we do not overwrite the existing error */ 2265 err1 = move_pages_and_store_status(current_node, &pagelist, 2266 status, start, i, nr_pages); 2267 if (err >= 0) 2268 err = err1; 2269 out: 2270 lru_cache_enable(); 2271 return err; 2272 } 2273 2274 /* 2275 * Determine the nodes of an array of pages and store it in an array of status. 2276 */ 2277 static void do_pages_stat_array(struct mm_struct *mm, unsigned long nr_pages, 2278 const void __user **pages, int *status) 2279 { 2280 unsigned long i; 2281 2282 mmap_read_lock(mm); 2283 2284 for (i = 0; i < nr_pages; i++) { 2285 unsigned long addr = (unsigned long)(*pages); 2286 struct vm_area_struct *vma; 2287 struct page *page; 2288 int err = -EFAULT; 2289 2290 vma = vma_lookup(mm, addr); 2291 if (!vma) 2292 goto set_status; 2293 2294 /* FOLL_DUMP to ignore special (like zero) pages */ 2295 page = follow_page(vma, addr, FOLL_GET | FOLL_DUMP); 2296 2297 err = PTR_ERR(page); 2298 if (IS_ERR(page)) 2299 goto set_status; 2300 2301 err = -ENOENT; 2302 if (!page) 2303 goto set_status; 2304 2305 if (!is_zone_device_page(page)) 2306 err = page_to_nid(page); 2307 2308 put_page(page); 2309 set_status: 2310 *status = err; 2311 2312 pages++; 2313 status++; 2314 } 2315 2316 mmap_read_unlock(mm); 2317 } 2318 2319 static int get_compat_pages_array(const void __user *chunk_pages[], 2320 const void __user * __user *pages, 2321 unsigned long chunk_nr) 2322 { 2323 compat_uptr_t __user *pages32 = (compat_uptr_t __user *)pages; 2324 compat_uptr_t p; 2325 int i; 2326 2327 for (i = 0; i < chunk_nr; i++) { 2328 if (get_user(p, pages32 + i)) 2329 return -EFAULT; 2330 chunk_pages[i] = compat_ptr(p); 2331 } 2332 2333 return 0; 2334 } 2335 2336 /* 2337 * Determine the nodes of a user array of pages and store it in 2338 * a user array of status. 2339 */ 2340 static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages, 2341 const void __user * __user *pages, 2342 int __user *status) 2343 { 2344 #define DO_PAGES_STAT_CHUNK_NR 16UL 2345 const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR]; 2346 int chunk_status[DO_PAGES_STAT_CHUNK_NR]; 2347 2348 while (nr_pages) { 2349 unsigned long chunk_nr = min(nr_pages, DO_PAGES_STAT_CHUNK_NR); 2350 2351 if (in_compat_syscall()) { 2352 if (get_compat_pages_array(chunk_pages, pages, 2353 chunk_nr)) 2354 break; 2355 } else { 2356 if (copy_from_user(chunk_pages, pages, 2357 chunk_nr * sizeof(*chunk_pages))) 2358 break; 2359 } 2360 2361 do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status); 2362 2363 if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status))) 2364 break; 2365 2366 pages += chunk_nr; 2367 status += chunk_nr; 2368 nr_pages -= chunk_nr; 2369 } 2370 return nr_pages ? -EFAULT : 0; 2371 } 2372 2373 static struct mm_struct *find_mm_struct(pid_t pid, nodemask_t *mem_nodes) 2374 { 2375 struct task_struct *task; 2376 struct mm_struct *mm; 2377 2378 /* 2379 * There is no need to check if current process has the right to modify 2380 * the specified process when they are same. 2381 */ 2382 if (!pid) { 2383 mmget(current->mm); 2384 *mem_nodes = cpuset_mems_allowed(current); 2385 return current->mm; 2386 } 2387 2388 /* Find the mm_struct */ 2389 rcu_read_lock(); 2390 task = find_task_by_vpid(pid); 2391 if (!task) { 2392 rcu_read_unlock(); 2393 return ERR_PTR(-ESRCH); 2394 } 2395 get_task_struct(task); 2396 2397 /* 2398 * Check if this process has the right to modify the specified 2399 * process. Use the regular "ptrace_may_access()" checks. 2400 */ 2401 if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) { 2402 rcu_read_unlock(); 2403 mm = ERR_PTR(-EPERM); 2404 goto out; 2405 } 2406 rcu_read_unlock(); 2407 2408 mm = ERR_PTR(security_task_movememory(task)); 2409 if (IS_ERR(mm)) 2410 goto out; 2411 *mem_nodes = cpuset_mems_allowed(task); 2412 mm = get_task_mm(task); 2413 out: 2414 put_task_struct(task); 2415 if (!mm) 2416 mm = ERR_PTR(-EINVAL); 2417 return mm; 2418 } 2419 2420 /* 2421 * Move a list of pages in the address space of the currently executing 2422 * process. 2423 */ 2424 static int kernel_move_pages(pid_t pid, unsigned long nr_pages, 2425 const void __user * __user *pages, 2426 const int __user *nodes, 2427 int __user *status, int flags) 2428 { 2429 struct mm_struct *mm; 2430 int err; 2431 nodemask_t task_nodes; 2432 2433 /* Check flags */ 2434 if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) 2435 return -EINVAL; 2436 2437 if ((flags & MPOL_MF_MOVE_ALL) && !capable(CAP_SYS_NICE)) 2438 return -EPERM; 2439 2440 mm = find_mm_struct(pid, &task_nodes); 2441 if (IS_ERR(mm)) 2442 return PTR_ERR(mm); 2443 2444 if (nodes) 2445 err = do_pages_move(mm, task_nodes, nr_pages, pages, 2446 nodes, status, flags); 2447 else 2448 err = do_pages_stat(mm, nr_pages, pages, status); 2449 2450 mmput(mm); 2451 return err; 2452 } 2453 2454 SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, 2455 const void __user * __user *, pages, 2456 const int __user *, nodes, 2457 int __user *, status, int, flags) 2458 { 2459 return kernel_move_pages(pid, nr_pages, pages, nodes, status, flags); 2460 } 2461 2462 #ifdef CONFIG_NUMA_BALANCING 2463 /* 2464 * Returns true if this is a safe migration target node for misplaced NUMA 2465 * pages. Currently it only checks the watermarks which is crude. 2466 */ 2467 static bool migrate_balanced_pgdat(struct pglist_data *pgdat, 2468 unsigned long nr_migrate_pages) 2469 { 2470 int z; 2471 2472 for (z = pgdat->nr_zones - 1; z >= 0; z--) { 2473 struct zone *zone = pgdat->node_zones + z; 2474 2475 if (!managed_zone(zone)) 2476 continue; 2477 2478 /* Avoid waking kswapd by allocating pages_to_migrate pages. */ 2479 if (!zone_watermark_ok(zone, 0, 2480 high_wmark_pages(zone) + 2481 nr_migrate_pages, 2482 ZONE_MOVABLE, 0)) 2483 continue; 2484 return true; 2485 } 2486 return false; 2487 } 2488 2489 static struct folio *alloc_misplaced_dst_folio(struct folio *src, 2490 unsigned long data) 2491 { 2492 int nid = (int) data; 2493 int order = folio_order(src); 2494 gfp_t gfp = __GFP_THISNODE; 2495 2496 if (order > 0) 2497 gfp |= GFP_TRANSHUGE_LIGHT; 2498 else { 2499 gfp |= GFP_HIGHUSER_MOVABLE | __GFP_NOMEMALLOC | __GFP_NORETRY | 2500 __GFP_NOWARN; 2501 gfp &= ~__GFP_RECLAIM; 2502 } 2503 return __folio_alloc_node(gfp, order, nid); 2504 } 2505 2506 static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) 2507 { 2508 int nr_pages = folio_nr_pages(folio); 2509 2510 /* Avoid migrating to a node that is nearly full */ 2511 if (!migrate_balanced_pgdat(pgdat, nr_pages)) { 2512 int z; 2513 2514 if (!(sysctl_numa_balancing_mode & NUMA_BALANCING_MEMORY_TIERING)) 2515 return 0; 2516 for (z = pgdat->nr_zones - 1; z >= 0; z--) { 2517 if (managed_zone(pgdat->node_zones + z)) 2518 break; 2519 } 2520 wakeup_kswapd(pgdat->node_zones + z, 0, 2521 folio_order(folio), ZONE_MOVABLE); 2522 return 0; 2523 } 2524 2525 if (!folio_isolate_lru(folio)) 2526 return 0; 2527 2528 node_stat_mod_folio(folio, NR_ISOLATED_ANON + folio_is_file_lru(folio), 2529 nr_pages); 2530 2531 /* 2532 * Isolating the folio has taken another reference, so the 2533 * caller's reference can be safely dropped without the folio 2534 * disappearing underneath us during migration. 2535 */ 2536 folio_put(folio); 2537 return 1; 2538 } 2539 2540 /* 2541 * Attempt to migrate a misplaced folio to the specified destination 2542 * node. Caller is expected to have an elevated reference count on 2543 * the folio that will be dropped by this function before returning. 2544 */ 2545 int migrate_misplaced_folio(struct folio *folio, struct vm_area_struct *vma, 2546 int node) 2547 { 2548 pg_data_t *pgdat = NODE_DATA(node); 2549 int isolated; 2550 int nr_remaining; 2551 unsigned int nr_succeeded; 2552 LIST_HEAD(migratepages); 2553 int nr_pages = folio_nr_pages(folio); 2554 2555 /* 2556 * Don't migrate file folios that are mapped in multiple processes 2557 * with execute permissions as they are probably shared libraries. 2558 * To check if the folio is shared, ideally we want to make sure 2559 * every page is mapped to the same process. Doing that is very 2560 * expensive, so check the estimated mapcount of the folio instead. 2561 */ 2562 if (folio_estimated_sharers(folio) != 1 && folio_is_file_lru(folio) && 2563 (vma->vm_flags & VM_EXEC)) 2564 goto out; 2565 2566 /* 2567 * Also do not migrate dirty folios as not all filesystems can move 2568 * dirty folios in MIGRATE_ASYNC mode which is a waste of cycles. 2569 */ 2570 if (folio_is_file_lru(folio) && folio_test_dirty(folio)) 2571 goto out; 2572 2573 isolated = numamigrate_isolate_folio(pgdat, folio); 2574 if (!isolated) 2575 goto out; 2576 2577 list_add(&folio->lru, &migratepages); 2578 nr_remaining = migrate_pages(&migratepages, alloc_misplaced_dst_folio, 2579 NULL, node, MIGRATE_ASYNC, 2580 MR_NUMA_MISPLACED, &nr_succeeded); 2581 if (nr_remaining) { 2582 if (!list_empty(&migratepages)) { 2583 list_del(&folio->lru); 2584 node_stat_mod_folio(folio, NR_ISOLATED_ANON + 2585 folio_is_file_lru(folio), -nr_pages); 2586 folio_putback_lru(folio); 2587 } 2588 isolated = 0; 2589 } 2590 if (nr_succeeded) { 2591 count_vm_numa_events(NUMA_PAGE_MIGRATE, nr_succeeded); 2592 if (!node_is_toptier(folio_nid(folio)) && node_is_toptier(node)) 2593 mod_node_page_state(pgdat, PGPROMOTE_SUCCESS, 2594 nr_succeeded); 2595 } 2596 BUG_ON(!list_empty(&migratepages)); 2597 return isolated; 2598 2599 out: 2600 folio_put(folio); 2601 return 0; 2602 } 2603 #endif /* CONFIG_NUMA_BALANCING */ 2604 #endif /* CONFIG_NUMA */ 2605