11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * mm/rmap.c - physical to virtual reverse mappings 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Copyright 2001, Rik van Riel <riel@conectiva.com.br> 51da177e4SLinus Torvalds * Released under the General Public License (GPL). 61da177e4SLinus Torvalds * 71da177e4SLinus Torvalds * Simple, low overhead reverse mapping scheme. 81da177e4SLinus Torvalds * Please try to keep this thing as modular as possible. 91da177e4SLinus Torvalds * 101da177e4SLinus Torvalds * Provides methods for unmapping each kind of mapped page: 111da177e4SLinus Torvalds * the anon methods track anonymous pages, and 121da177e4SLinus Torvalds * the file methods track pages belonging to an inode. 131da177e4SLinus Torvalds * 141da177e4SLinus Torvalds * Original design by Rik van Riel <riel@conectiva.com.br> 2001 151da177e4SLinus Torvalds * File methods by Dave McCracken <dmccr@us.ibm.com> 2003, 2004 161da177e4SLinus Torvalds * Anonymous methods by Andrea Arcangeli <andrea@suse.de> 2004 171da177e4SLinus Torvalds * Contributions by Hugh Dickins <hugh@veritas.com> 2003, 2004 181da177e4SLinus Torvalds */ 191da177e4SLinus Torvalds 201da177e4SLinus Torvalds /* 211da177e4SLinus Torvalds * Lock ordering in mm: 221da177e4SLinus Torvalds * 231da177e4SLinus Torvalds * inode->i_sem (while writing or truncating, not reading or faulting) 241da177e4SLinus Torvalds * inode->i_alloc_sem 251da177e4SLinus Torvalds * 261da177e4SLinus Torvalds * When a page fault occurs in writing from user to file, down_read 271da177e4SLinus Torvalds * of mmap_sem nests within i_sem; in sys_msync, i_sem nests within 281da177e4SLinus Torvalds * down_read of mmap_sem; i_sem and down_write of mmap_sem are never 291da177e4SLinus Torvalds * taken together; in truncation, i_sem is taken outermost. 301da177e4SLinus Torvalds * 311da177e4SLinus Torvalds * mm->mmap_sem 321da177e4SLinus Torvalds * page->flags PG_locked (lock_page) 331da177e4SLinus Torvalds * mapping->i_mmap_lock 341da177e4SLinus Torvalds * anon_vma->lock 351da177e4SLinus Torvalds * mm->page_table_lock 361da177e4SLinus Torvalds * zone->lru_lock (in mark_page_accessed) 371da177e4SLinus Torvalds * swap_list_lock (in swap_free etc's swap_info_get) 381da177e4SLinus Torvalds * mmlist_lock (in mmput, drain_mmlist and others) 391da177e4SLinus Torvalds * swap_device_lock (in swap_duplicate, swap_info_get) 401da177e4SLinus Torvalds * mapping->private_lock (in __set_page_dirty_buffers) 411da177e4SLinus Torvalds * inode_lock (in set_page_dirty's __mark_inode_dirty) 421da177e4SLinus Torvalds * sb_lock (within inode_lock in fs/fs-writeback.c) 431da177e4SLinus Torvalds * mapping->tree_lock (widely used, in set_page_dirty, 441da177e4SLinus Torvalds * in arch-dependent flush_dcache_mmap_lock, 451da177e4SLinus Torvalds * within inode_lock in __sync_single_inode) 461da177e4SLinus Torvalds */ 471da177e4SLinus Torvalds 481da177e4SLinus Torvalds #include <linux/mm.h> 491da177e4SLinus Torvalds #include <linux/pagemap.h> 501da177e4SLinus Torvalds #include <linux/swap.h> 511da177e4SLinus Torvalds #include <linux/swapops.h> 521da177e4SLinus Torvalds #include <linux/slab.h> 531da177e4SLinus Torvalds #include <linux/init.h> 541da177e4SLinus Torvalds #include <linux/rmap.h> 551da177e4SLinus Torvalds #include <linux/rcupdate.h> 561da177e4SLinus Torvalds 571da177e4SLinus Torvalds #include <asm/tlbflush.h> 581da177e4SLinus Torvalds 591da177e4SLinus Torvalds //#define RMAP_DEBUG /* can be enabled only for debugging */ 601da177e4SLinus Torvalds 611da177e4SLinus Torvalds kmem_cache_t *anon_vma_cachep; 621da177e4SLinus Torvalds 631da177e4SLinus Torvalds static inline void validate_anon_vma(struct vm_area_struct *find_vma) 641da177e4SLinus Torvalds { 651da177e4SLinus Torvalds #ifdef RMAP_DEBUG 661da177e4SLinus Torvalds struct anon_vma *anon_vma = find_vma->anon_vma; 671da177e4SLinus Torvalds struct vm_area_struct *vma; 681da177e4SLinus Torvalds unsigned int mapcount = 0; 691da177e4SLinus Torvalds int found = 0; 701da177e4SLinus Torvalds 711da177e4SLinus Torvalds list_for_each_entry(vma, &anon_vma->head, anon_vma_node) { 721da177e4SLinus Torvalds mapcount++; 731da177e4SLinus Torvalds BUG_ON(mapcount > 100000); 741da177e4SLinus Torvalds if (vma == find_vma) 751da177e4SLinus Torvalds found = 1; 761da177e4SLinus Torvalds } 771da177e4SLinus Torvalds BUG_ON(!found); 781da177e4SLinus Torvalds #endif 791da177e4SLinus Torvalds } 801da177e4SLinus Torvalds 811da177e4SLinus Torvalds /* This must be called under the mmap_sem. */ 821da177e4SLinus Torvalds int anon_vma_prepare(struct vm_area_struct *vma) 831da177e4SLinus Torvalds { 841da177e4SLinus Torvalds struct anon_vma *anon_vma = vma->anon_vma; 851da177e4SLinus Torvalds 861da177e4SLinus Torvalds might_sleep(); 871da177e4SLinus Torvalds if (unlikely(!anon_vma)) { 881da177e4SLinus Torvalds struct mm_struct *mm = vma->vm_mm; 891da177e4SLinus Torvalds struct anon_vma *allocated, *locked; 901da177e4SLinus Torvalds 911da177e4SLinus Torvalds anon_vma = find_mergeable_anon_vma(vma); 921da177e4SLinus Torvalds if (anon_vma) { 931da177e4SLinus Torvalds allocated = NULL; 941da177e4SLinus Torvalds locked = anon_vma; 951da177e4SLinus Torvalds spin_lock(&locked->lock); 961da177e4SLinus Torvalds } else { 971da177e4SLinus Torvalds anon_vma = anon_vma_alloc(); 981da177e4SLinus Torvalds if (unlikely(!anon_vma)) 991da177e4SLinus Torvalds return -ENOMEM; 1001da177e4SLinus Torvalds allocated = anon_vma; 1011da177e4SLinus Torvalds locked = NULL; 1021da177e4SLinus Torvalds } 1031da177e4SLinus Torvalds 1041da177e4SLinus Torvalds /* page_table_lock to protect against threads */ 1051da177e4SLinus Torvalds spin_lock(&mm->page_table_lock); 1061da177e4SLinus Torvalds if (likely(!vma->anon_vma)) { 1071da177e4SLinus Torvalds vma->anon_vma = anon_vma; 1081da177e4SLinus Torvalds list_add(&vma->anon_vma_node, &anon_vma->head); 1091da177e4SLinus Torvalds allocated = NULL; 1101da177e4SLinus Torvalds } 1111da177e4SLinus Torvalds spin_unlock(&mm->page_table_lock); 1121da177e4SLinus Torvalds 1131da177e4SLinus Torvalds if (locked) 1141da177e4SLinus Torvalds spin_unlock(&locked->lock); 1151da177e4SLinus Torvalds if (unlikely(allocated)) 1161da177e4SLinus Torvalds anon_vma_free(allocated); 1171da177e4SLinus Torvalds } 1181da177e4SLinus Torvalds return 0; 1191da177e4SLinus Torvalds } 1201da177e4SLinus Torvalds 1211da177e4SLinus Torvalds void __anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) 1221da177e4SLinus Torvalds { 1231da177e4SLinus Torvalds BUG_ON(vma->anon_vma != next->anon_vma); 1241da177e4SLinus Torvalds list_del(&next->anon_vma_node); 1251da177e4SLinus Torvalds } 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds void __anon_vma_link(struct vm_area_struct *vma) 1281da177e4SLinus Torvalds { 1291da177e4SLinus Torvalds struct anon_vma *anon_vma = vma->anon_vma; 1301da177e4SLinus Torvalds 1311da177e4SLinus Torvalds if (anon_vma) { 1321da177e4SLinus Torvalds list_add(&vma->anon_vma_node, &anon_vma->head); 1331da177e4SLinus Torvalds validate_anon_vma(vma); 1341da177e4SLinus Torvalds } 1351da177e4SLinus Torvalds } 1361da177e4SLinus Torvalds 1371da177e4SLinus Torvalds void anon_vma_link(struct vm_area_struct *vma) 1381da177e4SLinus Torvalds { 1391da177e4SLinus Torvalds struct anon_vma *anon_vma = vma->anon_vma; 1401da177e4SLinus Torvalds 1411da177e4SLinus Torvalds if (anon_vma) { 1421da177e4SLinus Torvalds spin_lock(&anon_vma->lock); 1431da177e4SLinus Torvalds list_add(&vma->anon_vma_node, &anon_vma->head); 1441da177e4SLinus Torvalds validate_anon_vma(vma); 1451da177e4SLinus Torvalds spin_unlock(&anon_vma->lock); 1461da177e4SLinus Torvalds } 1471da177e4SLinus Torvalds } 1481da177e4SLinus Torvalds 1491da177e4SLinus Torvalds void anon_vma_unlink(struct vm_area_struct *vma) 1501da177e4SLinus Torvalds { 1511da177e4SLinus Torvalds struct anon_vma *anon_vma = vma->anon_vma; 1521da177e4SLinus Torvalds int empty; 1531da177e4SLinus Torvalds 1541da177e4SLinus Torvalds if (!anon_vma) 1551da177e4SLinus Torvalds return; 1561da177e4SLinus Torvalds 1571da177e4SLinus Torvalds spin_lock(&anon_vma->lock); 1581da177e4SLinus Torvalds validate_anon_vma(vma); 1591da177e4SLinus Torvalds list_del(&vma->anon_vma_node); 1601da177e4SLinus Torvalds 1611da177e4SLinus Torvalds /* We must garbage collect the anon_vma if it's empty */ 1621da177e4SLinus Torvalds empty = list_empty(&anon_vma->head); 1631da177e4SLinus Torvalds spin_unlock(&anon_vma->lock); 1641da177e4SLinus Torvalds 1651da177e4SLinus Torvalds if (empty) 1661da177e4SLinus Torvalds anon_vma_free(anon_vma); 1671da177e4SLinus Torvalds } 1681da177e4SLinus Torvalds 1691da177e4SLinus Torvalds static void anon_vma_ctor(void *data, kmem_cache_t *cachep, unsigned long flags) 1701da177e4SLinus Torvalds { 1711da177e4SLinus Torvalds if ((flags & (SLAB_CTOR_VERIFY|SLAB_CTOR_CONSTRUCTOR)) == 1721da177e4SLinus Torvalds SLAB_CTOR_CONSTRUCTOR) { 1731da177e4SLinus Torvalds struct anon_vma *anon_vma = data; 1741da177e4SLinus Torvalds 1751da177e4SLinus Torvalds spin_lock_init(&anon_vma->lock); 1761da177e4SLinus Torvalds INIT_LIST_HEAD(&anon_vma->head); 1771da177e4SLinus Torvalds } 1781da177e4SLinus Torvalds } 1791da177e4SLinus Torvalds 1801da177e4SLinus Torvalds void __init anon_vma_init(void) 1811da177e4SLinus Torvalds { 1821da177e4SLinus Torvalds anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), 1831da177e4SLinus Torvalds 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor, NULL); 1841da177e4SLinus Torvalds } 1851da177e4SLinus Torvalds 1861da177e4SLinus Torvalds /* 1871da177e4SLinus Torvalds * Getting a lock on a stable anon_vma from a page off the LRU is 1881da177e4SLinus Torvalds * tricky: page_lock_anon_vma rely on RCU to guard against the races. 1891da177e4SLinus Torvalds */ 1901da177e4SLinus Torvalds static struct anon_vma *page_lock_anon_vma(struct page *page) 1911da177e4SLinus Torvalds { 1921da177e4SLinus Torvalds struct anon_vma *anon_vma = NULL; 1931da177e4SLinus Torvalds unsigned long anon_mapping; 1941da177e4SLinus Torvalds 1951da177e4SLinus Torvalds rcu_read_lock(); 1961da177e4SLinus Torvalds anon_mapping = (unsigned long) page->mapping; 1971da177e4SLinus Torvalds if (!(anon_mapping & PAGE_MAPPING_ANON)) 1981da177e4SLinus Torvalds goto out; 1991da177e4SLinus Torvalds if (!page_mapped(page)) 2001da177e4SLinus Torvalds goto out; 2011da177e4SLinus Torvalds 2021da177e4SLinus Torvalds anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); 2031da177e4SLinus Torvalds spin_lock(&anon_vma->lock); 2041da177e4SLinus Torvalds out: 2051da177e4SLinus Torvalds rcu_read_unlock(); 2061da177e4SLinus Torvalds return anon_vma; 2071da177e4SLinus Torvalds } 2081da177e4SLinus Torvalds 2091da177e4SLinus Torvalds /* 2101da177e4SLinus Torvalds * At what user virtual address is page expected in vma? 2111da177e4SLinus Torvalds */ 2121da177e4SLinus Torvalds static inline unsigned long 2131da177e4SLinus Torvalds vma_address(struct page *page, struct vm_area_struct *vma) 2141da177e4SLinus Torvalds { 2151da177e4SLinus Torvalds pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT); 2161da177e4SLinus Torvalds unsigned long address; 2171da177e4SLinus Torvalds 2181da177e4SLinus Torvalds address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT); 2191da177e4SLinus Torvalds if (unlikely(address < vma->vm_start || address >= vma->vm_end)) { 2201da177e4SLinus Torvalds /* page should be within any vma from prio_tree_next */ 2211da177e4SLinus Torvalds BUG_ON(!PageAnon(page)); 2221da177e4SLinus Torvalds return -EFAULT; 2231da177e4SLinus Torvalds } 2241da177e4SLinus Torvalds return address; 2251da177e4SLinus Torvalds } 2261da177e4SLinus Torvalds 2271da177e4SLinus Torvalds /* 2281da177e4SLinus Torvalds * At what user virtual address is page expected in vma? checking that the 2291da177e4SLinus Torvalds * page matches the vma: currently only used by unuse_process, on anon pages. 2301da177e4SLinus Torvalds */ 2311da177e4SLinus Torvalds unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma) 2321da177e4SLinus Torvalds { 2331da177e4SLinus Torvalds if (PageAnon(page)) { 2341da177e4SLinus Torvalds if ((void *)vma->anon_vma != 2351da177e4SLinus Torvalds (void *)page->mapping - PAGE_MAPPING_ANON) 2361da177e4SLinus Torvalds return -EFAULT; 2371da177e4SLinus Torvalds } else if (page->mapping && !(vma->vm_flags & VM_NONLINEAR)) { 2381da177e4SLinus Torvalds if (vma->vm_file->f_mapping != page->mapping) 2391da177e4SLinus Torvalds return -EFAULT; 2401da177e4SLinus Torvalds } else 2411da177e4SLinus Torvalds return -EFAULT; 2421da177e4SLinus Torvalds return vma_address(page, vma); 2431da177e4SLinus Torvalds } 2441da177e4SLinus Torvalds 2451da177e4SLinus Torvalds /* 246*81b4082dSNikita Danilov * Check that @page is mapped at @address into @mm. 247*81b4082dSNikita Danilov * 248*81b4082dSNikita Danilov * On success returns with mapped pte and locked mm->page_table_lock. 249*81b4082dSNikita Danilov */ 250*81b4082dSNikita Danilov static pte_t *page_check_address(struct page *page, struct mm_struct *mm, 251*81b4082dSNikita Danilov unsigned long address) 252*81b4082dSNikita Danilov { 253*81b4082dSNikita Danilov pgd_t *pgd; 254*81b4082dSNikita Danilov pud_t *pud; 255*81b4082dSNikita Danilov pmd_t *pmd; 256*81b4082dSNikita Danilov pte_t *pte; 257*81b4082dSNikita Danilov 258*81b4082dSNikita Danilov /* 259*81b4082dSNikita Danilov * We need the page_table_lock to protect us from page faults, 260*81b4082dSNikita Danilov * munmap, fork, etc... 261*81b4082dSNikita Danilov */ 262*81b4082dSNikita Danilov spin_lock(&mm->page_table_lock); 263*81b4082dSNikita Danilov pgd = pgd_offset(mm, address); 264*81b4082dSNikita Danilov if (likely(pgd_present(*pgd))) { 265*81b4082dSNikita Danilov pud = pud_offset(pgd, address); 266*81b4082dSNikita Danilov if (likely(pud_present(*pud))) { 267*81b4082dSNikita Danilov pmd = pmd_offset(pud, address); 268*81b4082dSNikita Danilov if (likely(pmd_present(*pmd))) { 269*81b4082dSNikita Danilov pte = pte_offset_map(pmd, address); 270*81b4082dSNikita Danilov if (likely(pte_present(*pte) && 271*81b4082dSNikita Danilov page_to_pfn(page) == pte_pfn(*pte))) 272*81b4082dSNikita Danilov return pte; 273*81b4082dSNikita Danilov pte_unmap(pte); 274*81b4082dSNikita Danilov } 275*81b4082dSNikita Danilov } 276*81b4082dSNikita Danilov } 277*81b4082dSNikita Danilov spin_unlock(&mm->page_table_lock); 278*81b4082dSNikita Danilov return ERR_PTR(-ENOENT); 279*81b4082dSNikita Danilov } 280*81b4082dSNikita Danilov 281*81b4082dSNikita Danilov /* 2821da177e4SLinus Torvalds * Subfunctions of page_referenced: page_referenced_one called 2831da177e4SLinus Torvalds * repeatedly from either page_referenced_anon or page_referenced_file. 2841da177e4SLinus Torvalds */ 2851da177e4SLinus Torvalds static int page_referenced_one(struct page *page, 2861da177e4SLinus Torvalds struct vm_area_struct *vma, unsigned int *mapcount, int ignore_token) 2871da177e4SLinus Torvalds { 2881da177e4SLinus Torvalds struct mm_struct *mm = vma->vm_mm; 2891da177e4SLinus Torvalds unsigned long address; 2901da177e4SLinus Torvalds pte_t *pte; 2911da177e4SLinus Torvalds int referenced = 0; 2921da177e4SLinus Torvalds 2931da177e4SLinus Torvalds if (!get_mm_counter(mm, rss)) 2941da177e4SLinus Torvalds goto out; 2951da177e4SLinus Torvalds address = vma_address(page, vma); 2961da177e4SLinus Torvalds if (address == -EFAULT) 2971da177e4SLinus Torvalds goto out; 2981da177e4SLinus Torvalds 299*81b4082dSNikita Danilov pte = page_check_address(page, mm, address); 300*81b4082dSNikita Danilov if (!IS_ERR(pte)) { 3011da177e4SLinus Torvalds if (ptep_clear_flush_young(vma, address, pte)) 3021da177e4SLinus Torvalds referenced++; 3031da177e4SLinus Torvalds 3041da177e4SLinus Torvalds if (mm != current->mm && !ignore_token && has_swap_token(mm)) 3051da177e4SLinus Torvalds referenced++; 3061da177e4SLinus Torvalds 3071da177e4SLinus Torvalds (*mapcount)--; 3081da177e4SLinus Torvalds pte_unmap(pte); 3091da177e4SLinus Torvalds spin_unlock(&mm->page_table_lock); 310*81b4082dSNikita Danilov } 3111da177e4SLinus Torvalds out: 3121da177e4SLinus Torvalds return referenced; 3131da177e4SLinus Torvalds } 3141da177e4SLinus Torvalds 3151da177e4SLinus Torvalds static int page_referenced_anon(struct page *page, int ignore_token) 3161da177e4SLinus Torvalds { 3171da177e4SLinus Torvalds unsigned int mapcount; 3181da177e4SLinus Torvalds struct anon_vma *anon_vma; 3191da177e4SLinus Torvalds struct vm_area_struct *vma; 3201da177e4SLinus Torvalds int referenced = 0; 3211da177e4SLinus Torvalds 3221da177e4SLinus Torvalds anon_vma = page_lock_anon_vma(page); 3231da177e4SLinus Torvalds if (!anon_vma) 3241da177e4SLinus Torvalds return referenced; 3251da177e4SLinus Torvalds 3261da177e4SLinus Torvalds mapcount = page_mapcount(page); 3271da177e4SLinus Torvalds list_for_each_entry(vma, &anon_vma->head, anon_vma_node) { 3281da177e4SLinus Torvalds referenced += page_referenced_one(page, vma, &mapcount, 3291da177e4SLinus Torvalds ignore_token); 3301da177e4SLinus Torvalds if (!mapcount) 3311da177e4SLinus Torvalds break; 3321da177e4SLinus Torvalds } 3331da177e4SLinus Torvalds spin_unlock(&anon_vma->lock); 3341da177e4SLinus Torvalds return referenced; 3351da177e4SLinus Torvalds } 3361da177e4SLinus Torvalds 3371da177e4SLinus Torvalds /** 3381da177e4SLinus Torvalds * page_referenced_file - referenced check for object-based rmap 3391da177e4SLinus Torvalds * @page: the page we're checking references on. 3401da177e4SLinus Torvalds * 3411da177e4SLinus Torvalds * For an object-based mapped page, find all the places it is mapped and 3421da177e4SLinus Torvalds * check/clear the referenced flag. This is done by following the page->mapping 3431da177e4SLinus Torvalds * pointer, then walking the chain of vmas it holds. It returns the number 3441da177e4SLinus Torvalds * of references it found. 3451da177e4SLinus Torvalds * 3461da177e4SLinus Torvalds * This function is only called from page_referenced for object-based pages. 3471da177e4SLinus Torvalds */ 3481da177e4SLinus Torvalds static int page_referenced_file(struct page *page, int ignore_token) 3491da177e4SLinus Torvalds { 3501da177e4SLinus Torvalds unsigned int mapcount; 3511da177e4SLinus Torvalds struct address_space *mapping = page->mapping; 3521da177e4SLinus Torvalds pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT); 3531da177e4SLinus Torvalds struct vm_area_struct *vma; 3541da177e4SLinus Torvalds struct prio_tree_iter iter; 3551da177e4SLinus Torvalds int referenced = 0; 3561da177e4SLinus Torvalds 3571da177e4SLinus Torvalds /* 3581da177e4SLinus Torvalds * The caller's checks on page->mapping and !PageAnon have made 3591da177e4SLinus Torvalds * sure that this is a file page: the check for page->mapping 3601da177e4SLinus Torvalds * excludes the case just before it gets set on an anon page. 3611da177e4SLinus Torvalds */ 3621da177e4SLinus Torvalds BUG_ON(PageAnon(page)); 3631da177e4SLinus Torvalds 3641da177e4SLinus Torvalds /* 3651da177e4SLinus Torvalds * The page lock not only makes sure that page->mapping cannot 3661da177e4SLinus Torvalds * suddenly be NULLified by truncation, it makes sure that the 3671da177e4SLinus Torvalds * structure at mapping cannot be freed and reused yet, 3681da177e4SLinus Torvalds * so we can safely take mapping->i_mmap_lock. 3691da177e4SLinus Torvalds */ 3701da177e4SLinus Torvalds BUG_ON(!PageLocked(page)); 3711da177e4SLinus Torvalds 3721da177e4SLinus Torvalds spin_lock(&mapping->i_mmap_lock); 3731da177e4SLinus Torvalds 3741da177e4SLinus Torvalds /* 3751da177e4SLinus Torvalds * i_mmap_lock does not stabilize mapcount at all, but mapcount 3761da177e4SLinus Torvalds * is more likely to be accurate if we note it after spinning. 3771da177e4SLinus Torvalds */ 3781da177e4SLinus Torvalds mapcount = page_mapcount(page); 3791da177e4SLinus Torvalds 3801da177e4SLinus Torvalds vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) { 3811da177e4SLinus Torvalds if ((vma->vm_flags & (VM_LOCKED|VM_MAYSHARE)) 3821da177e4SLinus Torvalds == (VM_LOCKED|VM_MAYSHARE)) { 3831da177e4SLinus Torvalds referenced++; 3841da177e4SLinus Torvalds break; 3851da177e4SLinus Torvalds } 3861da177e4SLinus Torvalds referenced += page_referenced_one(page, vma, &mapcount, 3871da177e4SLinus Torvalds ignore_token); 3881da177e4SLinus Torvalds if (!mapcount) 3891da177e4SLinus Torvalds break; 3901da177e4SLinus Torvalds } 3911da177e4SLinus Torvalds 3921da177e4SLinus Torvalds spin_unlock(&mapping->i_mmap_lock); 3931da177e4SLinus Torvalds return referenced; 3941da177e4SLinus Torvalds } 3951da177e4SLinus Torvalds 3961da177e4SLinus Torvalds /** 3971da177e4SLinus Torvalds * page_referenced - test if the page was referenced 3981da177e4SLinus Torvalds * @page: the page to test 3991da177e4SLinus Torvalds * @is_locked: caller holds lock on the page 4001da177e4SLinus Torvalds * 4011da177e4SLinus Torvalds * Quick test_and_clear_referenced for all mappings to a page, 4021da177e4SLinus Torvalds * returns the number of ptes which referenced the page. 4031da177e4SLinus Torvalds */ 4041da177e4SLinus Torvalds int page_referenced(struct page *page, int is_locked, int ignore_token) 4051da177e4SLinus Torvalds { 4061da177e4SLinus Torvalds int referenced = 0; 4071da177e4SLinus Torvalds 4081da177e4SLinus Torvalds if (!swap_token_default_timeout) 4091da177e4SLinus Torvalds ignore_token = 1; 4101da177e4SLinus Torvalds 4111da177e4SLinus Torvalds if (page_test_and_clear_young(page)) 4121da177e4SLinus Torvalds referenced++; 4131da177e4SLinus Torvalds 4141da177e4SLinus Torvalds if (TestClearPageReferenced(page)) 4151da177e4SLinus Torvalds referenced++; 4161da177e4SLinus Torvalds 4171da177e4SLinus Torvalds if (page_mapped(page) && page->mapping) { 4181da177e4SLinus Torvalds if (PageAnon(page)) 4191da177e4SLinus Torvalds referenced += page_referenced_anon(page, ignore_token); 4201da177e4SLinus Torvalds else if (is_locked) 4211da177e4SLinus Torvalds referenced += page_referenced_file(page, ignore_token); 4221da177e4SLinus Torvalds else if (TestSetPageLocked(page)) 4231da177e4SLinus Torvalds referenced++; 4241da177e4SLinus Torvalds else { 4251da177e4SLinus Torvalds if (page->mapping) 4261da177e4SLinus Torvalds referenced += page_referenced_file(page, 4271da177e4SLinus Torvalds ignore_token); 4281da177e4SLinus Torvalds unlock_page(page); 4291da177e4SLinus Torvalds } 4301da177e4SLinus Torvalds } 4311da177e4SLinus Torvalds return referenced; 4321da177e4SLinus Torvalds } 4331da177e4SLinus Torvalds 4341da177e4SLinus Torvalds /** 4351da177e4SLinus Torvalds * page_add_anon_rmap - add pte mapping to an anonymous page 4361da177e4SLinus Torvalds * @page: the page to add the mapping to 4371da177e4SLinus Torvalds * @vma: the vm area in which the mapping is added 4381da177e4SLinus Torvalds * @address: the user virtual address mapped 4391da177e4SLinus Torvalds * 4401da177e4SLinus Torvalds * The caller needs to hold the mm->page_table_lock. 4411da177e4SLinus Torvalds */ 4421da177e4SLinus Torvalds void page_add_anon_rmap(struct page *page, 4431da177e4SLinus Torvalds struct vm_area_struct *vma, unsigned long address) 4441da177e4SLinus Torvalds { 4451da177e4SLinus Torvalds struct anon_vma *anon_vma = vma->anon_vma; 4461da177e4SLinus Torvalds pgoff_t index; 4471da177e4SLinus Torvalds 4481da177e4SLinus Torvalds BUG_ON(PageReserved(page)); 4491da177e4SLinus Torvalds BUG_ON(!anon_vma); 4501da177e4SLinus Torvalds 4511da177e4SLinus Torvalds inc_mm_counter(vma->vm_mm, anon_rss); 4521da177e4SLinus Torvalds 4531da177e4SLinus Torvalds anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON; 4541da177e4SLinus Torvalds index = (address - vma->vm_start) >> PAGE_SHIFT; 4551da177e4SLinus Torvalds index += vma->vm_pgoff; 4561da177e4SLinus Torvalds index >>= PAGE_CACHE_SHIFT - PAGE_SHIFT; 4571da177e4SLinus Torvalds 4581da177e4SLinus Torvalds if (atomic_inc_and_test(&page->_mapcount)) { 4591da177e4SLinus Torvalds page->index = index; 4601da177e4SLinus Torvalds page->mapping = (struct address_space *) anon_vma; 4611da177e4SLinus Torvalds inc_page_state(nr_mapped); 4621da177e4SLinus Torvalds } 4631da177e4SLinus Torvalds /* else checking page index and mapping is racy */ 4641da177e4SLinus Torvalds } 4651da177e4SLinus Torvalds 4661da177e4SLinus Torvalds /** 4671da177e4SLinus Torvalds * page_add_file_rmap - add pte mapping to a file page 4681da177e4SLinus Torvalds * @page: the page to add the mapping to 4691da177e4SLinus Torvalds * 4701da177e4SLinus Torvalds * The caller needs to hold the mm->page_table_lock. 4711da177e4SLinus Torvalds */ 4721da177e4SLinus Torvalds void page_add_file_rmap(struct page *page) 4731da177e4SLinus Torvalds { 4741da177e4SLinus Torvalds BUG_ON(PageAnon(page)); 4751da177e4SLinus Torvalds if (!pfn_valid(page_to_pfn(page)) || PageReserved(page)) 4761da177e4SLinus Torvalds return; 4771da177e4SLinus Torvalds 4781da177e4SLinus Torvalds if (atomic_inc_and_test(&page->_mapcount)) 4791da177e4SLinus Torvalds inc_page_state(nr_mapped); 4801da177e4SLinus Torvalds } 4811da177e4SLinus Torvalds 4821da177e4SLinus Torvalds /** 4831da177e4SLinus Torvalds * page_remove_rmap - take down pte mapping from a page 4841da177e4SLinus Torvalds * @page: page to remove mapping from 4851da177e4SLinus Torvalds * 4861da177e4SLinus Torvalds * Caller needs to hold the mm->page_table_lock. 4871da177e4SLinus Torvalds */ 4881da177e4SLinus Torvalds void page_remove_rmap(struct page *page) 4891da177e4SLinus Torvalds { 4901da177e4SLinus Torvalds BUG_ON(PageReserved(page)); 4911da177e4SLinus Torvalds 4921da177e4SLinus Torvalds if (atomic_add_negative(-1, &page->_mapcount)) { 4931da177e4SLinus Torvalds BUG_ON(page_mapcount(page) < 0); 4941da177e4SLinus Torvalds /* 4951da177e4SLinus Torvalds * It would be tidy to reset the PageAnon mapping here, 4961da177e4SLinus Torvalds * but that might overwrite a racing page_add_anon_rmap 4971da177e4SLinus Torvalds * which increments mapcount after us but sets mapping 4981da177e4SLinus Torvalds * before us: so leave the reset to free_hot_cold_page, 4991da177e4SLinus Torvalds * and remember that it's only reliable while mapped. 5001da177e4SLinus Torvalds * Leaving it set also helps swapoff to reinstate ptes 5011da177e4SLinus Torvalds * faster for those pages still in swapcache. 5021da177e4SLinus Torvalds */ 5031da177e4SLinus Torvalds if (page_test_and_clear_dirty(page)) 5041da177e4SLinus Torvalds set_page_dirty(page); 5051da177e4SLinus Torvalds dec_page_state(nr_mapped); 5061da177e4SLinus Torvalds } 5071da177e4SLinus Torvalds } 5081da177e4SLinus Torvalds 5091da177e4SLinus Torvalds /* 5101da177e4SLinus Torvalds * Subfunctions of try_to_unmap: try_to_unmap_one called 5111da177e4SLinus Torvalds * repeatedly from either try_to_unmap_anon or try_to_unmap_file. 5121da177e4SLinus Torvalds */ 5131da177e4SLinus Torvalds static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma) 5141da177e4SLinus Torvalds { 5151da177e4SLinus Torvalds struct mm_struct *mm = vma->vm_mm; 5161da177e4SLinus Torvalds unsigned long address; 5171da177e4SLinus Torvalds pte_t *pte; 5181da177e4SLinus Torvalds pte_t pteval; 5191da177e4SLinus Torvalds int ret = SWAP_AGAIN; 5201da177e4SLinus Torvalds 5211da177e4SLinus Torvalds if (!get_mm_counter(mm, rss)) 5221da177e4SLinus Torvalds goto out; 5231da177e4SLinus Torvalds address = vma_address(page, vma); 5241da177e4SLinus Torvalds if (address == -EFAULT) 5251da177e4SLinus Torvalds goto out; 5261da177e4SLinus Torvalds 527*81b4082dSNikita Danilov pte = page_check_address(page, mm, address); 528*81b4082dSNikita Danilov if (IS_ERR(pte)) 529*81b4082dSNikita Danilov goto out; 5301da177e4SLinus Torvalds 5311da177e4SLinus Torvalds /* 5321da177e4SLinus Torvalds * If the page is mlock()d, we cannot swap it out. 5331da177e4SLinus Torvalds * If it's recently referenced (perhaps page_referenced 5341da177e4SLinus Torvalds * skipped over this mm) then we should reactivate it. 5351da177e4SLinus Torvalds */ 5361da177e4SLinus Torvalds if ((vma->vm_flags & (VM_LOCKED|VM_RESERVED)) || 5371da177e4SLinus Torvalds ptep_clear_flush_young(vma, address, pte)) { 5381da177e4SLinus Torvalds ret = SWAP_FAIL; 5391da177e4SLinus Torvalds goto out_unmap; 5401da177e4SLinus Torvalds } 5411da177e4SLinus Torvalds 5421da177e4SLinus Torvalds /* 5431da177e4SLinus Torvalds * Don't pull an anonymous page out from under get_user_pages. 5441da177e4SLinus Torvalds * GUP carefully breaks COW and raises page count (while holding 5451da177e4SLinus Torvalds * page_table_lock, as we have here) to make sure that the page 5461da177e4SLinus Torvalds * cannot be freed. If we unmap that page here, a user write 5471da177e4SLinus Torvalds * access to the virtual address will bring back the page, but 5481da177e4SLinus Torvalds * its raised count will (ironically) be taken to mean it's not 5491da177e4SLinus Torvalds * an exclusive swap page, do_wp_page will replace it by a copy 5501da177e4SLinus Torvalds * page, and the user never get to see the data GUP was holding 5511da177e4SLinus Torvalds * the original page for. 5521da177e4SLinus Torvalds * 5531da177e4SLinus Torvalds * This test is also useful for when swapoff (unuse_process) has 5541da177e4SLinus Torvalds * to drop page lock: its reference to the page stops existing 5551da177e4SLinus Torvalds * ptes from being unmapped, so swapoff can make progress. 5561da177e4SLinus Torvalds */ 5571da177e4SLinus Torvalds if (PageSwapCache(page) && 5581da177e4SLinus Torvalds page_count(page) != page_mapcount(page) + 2) { 5591da177e4SLinus Torvalds ret = SWAP_FAIL; 5601da177e4SLinus Torvalds goto out_unmap; 5611da177e4SLinus Torvalds } 5621da177e4SLinus Torvalds 5631da177e4SLinus Torvalds /* Nuke the page table entry. */ 5641da177e4SLinus Torvalds flush_cache_page(vma, address, page_to_pfn(page)); 5651da177e4SLinus Torvalds pteval = ptep_clear_flush(vma, address, pte); 5661da177e4SLinus Torvalds 5671da177e4SLinus Torvalds /* Move the dirty bit to the physical page now the pte is gone. */ 5681da177e4SLinus Torvalds if (pte_dirty(pteval)) 5691da177e4SLinus Torvalds set_page_dirty(page); 5701da177e4SLinus Torvalds 5711da177e4SLinus Torvalds if (PageAnon(page)) { 5721da177e4SLinus Torvalds swp_entry_t entry = { .val = page->private }; 5731da177e4SLinus Torvalds /* 5741da177e4SLinus Torvalds * Store the swap location in the pte. 5751da177e4SLinus Torvalds * See handle_pte_fault() ... 5761da177e4SLinus Torvalds */ 5771da177e4SLinus Torvalds BUG_ON(!PageSwapCache(page)); 5781da177e4SLinus Torvalds swap_duplicate(entry); 5791da177e4SLinus Torvalds if (list_empty(&mm->mmlist)) { 5801da177e4SLinus Torvalds spin_lock(&mmlist_lock); 5811da177e4SLinus Torvalds list_add(&mm->mmlist, &init_mm.mmlist); 5821da177e4SLinus Torvalds spin_unlock(&mmlist_lock); 5831da177e4SLinus Torvalds } 5841da177e4SLinus Torvalds set_pte_at(mm, address, pte, swp_entry_to_pte(entry)); 5851da177e4SLinus Torvalds BUG_ON(pte_file(*pte)); 5861da177e4SLinus Torvalds dec_mm_counter(mm, anon_rss); 5871da177e4SLinus Torvalds } 5881da177e4SLinus Torvalds 5891da177e4SLinus Torvalds inc_mm_counter(mm, rss); 5901da177e4SLinus Torvalds page_remove_rmap(page); 5911da177e4SLinus Torvalds page_cache_release(page); 5921da177e4SLinus Torvalds 5931da177e4SLinus Torvalds out_unmap: 5941da177e4SLinus Torvalds pte_unmap(pte); 5951da177e4SLinus Torvalds spin_unlock(&mm->page_table_lock); 5961da177e4SLinus Torvalds out: 5971da177e4SLinus Torvalds return ret; 5981da177e4SLinus Torvalds } 5991da177e4SLinus Torvalds 6001da177e4SLinus Torvalds /* 6011da177e4SLinus Torvalds * objrmap doesn't work for nonlinear VMAs because the assumption that 6021da177e4SLinus Torvalds * offset-into-file correlates with offset-into-virtual-addresses does not hold. 6031da177e4SLinus Torvalds * Consequently, given a particular page and its ->index, we cannot locate the 6041da177e4SLinus Torvalds * ptes which are mapping that page without an exhaustive linear search. 6051da177e4SLinus Torvalds * 6061da177e4SLinus Torvalds * So what this code does is a mini "virtual scan" of each nonlinear VMA which 6071da177e4SLinus Torvalds * maps the file to which the target page belongs. The ->vm_private_data field 6081da177e4SLinus Torvalds * holds the current cursor into that scan. Successive searches will circulate 6091da177e4SLinus Torvalds * around the vma's virtual address space. 6101da177e4SLinus Torvalds * 6111da177e4SLinus Torvalds * So as more replacement pressure is applied to the pages in a nonlinear VMA, 6121da177e4SLinus Torvalds * more scanning pressure is placed against them as well. Eventually pages 6131da177e4SLinus Torvalds * will become fully unmapped and are eligible for eviction. 6141da177e4SLinus Torvalds * 6151da177e4SLinus Torvalds * For very sparsely populated VMAs this is a little inefficient - chances are 6161da177e4SLinus Torvalds * there there won't be many ptes located within the scan cluster. In this case 6171da177e4SLinus Torvalds * maybe we could scan further - to the end of the pte page, perhaps. 6181da177e4SLinus Torvalds */ 6191da177e4SLinus Torvalds #define CLUSTER_SIZE min(32*PAGE_SIZE, PMD_SIZE) 6201da177e4SLinus Torvalds #define CLUSTER_MASK (~(CLUSTER_SIZE - 1)) 6211da177e4SLinus Torvalds 6221da177e4SLinus Torvalds static void try_to_unmap_cluster(unsigned long cursor, 6231da177e4SLinus Torvalds unsigned int *mapcount, struct vm_area_struct *vma) 6241da177e4SLinus Torvalds { 6251da177e4SLinus Torvalds struct mm_struct *mm = vma->vm_mm; 6261da177e4SLinus Torvalds pgd_t *pgd; 6271da177e4SLinus Torvalds pud_t *pud; 6281da177e4SLinus Torvalds pmd_t *pmd; 6291da177e4SLinus Torvalds pte_t *pte; 6301da177e4SLinus Torvalds pte_t pteval; 6311da177e4SLinus Torvalds struct page *page; 6321da177e4SLinus Torvalds unsigned long address; 6331da177e4SLinus Torvalds unsigned long end; 6341da177e4SLinus Torvalds unsigned long pfn; 6351da177e4SLinus Torvalds 6361da177e4SLinus Torvalds /* 6371da177e4SLinus Torvalds * We need the page_table_lock to protect us from page faults, 6381da177e4SLinus Torvalds * munmap, fork, etc... 6391da177e4SLinus Torvalds */ 6401da177e4SLinus Torvalds spin_lock(&mm->page_table_lock); 6411da177e4SLinus Torvalds 6421da177e4SLinus Torvalds address = (vma->vm_start + cursor) & CLUSTER_MASK; 6431da177e4SLinus Torvalds end = address + CLUSTER_SIZE; 6441da177e4SLinus Torvalds if (address < vma->vm_start) 6451da177e4SLinus Torvalds address = vma->vm_start; 6461da177e4SLinus Torvalds if (end > vma->vm_end) 6471da177e4SLinus Torvalds end = vma->vm_end; 6481da177e4SLinus Torvalds 6491da177e4SLinus Torvalds pgd = pgd_offset(mm, address); 6501da177e4SLinus Torvalds if (!pgd_present(*pgd)) 6511da177e4SLinus Torvalds goto out_unlock; 6521da177e4SLinus Torvalds 6531da177e4SLinus Torvalds pud = pud_offset(pgd, address); 6541da177e4SLinus Torvalds if (!pud_present(*pud)) 6551da177e4SLinus Torvalds goto out_unlock; 6561da177e4SLinus Torvalds 6571da177e4SLinus Torvalds pmd = pmd_offset(pud, address); 6581da177e4SLinus Torvalds if (!pmd_present(*pmd)) 6591da177e4SLinus Torvalds goto out_unlock; 6601da177e4SLinus Torvalds 6611da177e4SLinus Torvalds for (pte = pte_offset_map(pmd, address); 6621da177e4SLinus Torvalds address < end; pte++, address += PAGE_SIZE) { 6631da177e4SLinus Torvalds 6641da177e4SLinus Torvalds if (!pte_present(*pte)) 6651da177e4SLinus Torvalds continue; 6661da177e4SLinus Torvalds 6671da177e4SLinus Torvalds pfn = pte_pfn(*pte); 6681da177e4SLinus Torvalds if (!pfn_valid(pfn)) 6691da177e4SLinus Torvalds continue; 6701da177e4SLinus Torvalds 6711da177e4SLinus Torvalds page = pfn_to_page(pfn); 6721da177e4SLinus Torvalds BUG_ON(PageAnon(page)); 6731da177e4SLinus Torvalds if (PageReserved(page)) 6741da177e4SLinus Torvalds continue; 6751da177e4SLinus Torvalds 6761da177e4SLinus Torvalds if (ptep_clear_flush_young(vma, address, pte)) 6771da177e4SLinus Torvalds continue; 6781da177e4SLinus Torvalds 6791da177e4SLinus Torvalds /* Nuke the page table entry. */ 6801da177e4SLinus Torvalds flush_cache_page(vma, address, pfn); 6811da177e4SLinus Torvalds pteval = ptep_clear_flush(vma, address, pte); 6821da177e4SLinus Torvalds 6831da177e4SLinus Torvalds /* If nonlinear, store the file page offset in the pte. */ 6841da177e4SLinus Torvalds if (page->index != linear_page_index(vma, address)) 6851da177e4SLinus Torvalds set_pte_at(mm, address, pte, pgoff_to_pte(page->index)); 6861da177e4SLinus Torvalds 6871da177e4SLinus Torvalds /* Move the dirty bit to the physical page now the pte is gone. */ 6881da177e4SLinus Torvalds if (pte_dirty(pteval)) 6891da177e4SLinus Torvalds set_page_dirty(page); 6901da177e4SLinus Torvalds 6911da177e4SLinus Torvalds page_remove_rmap(page); 6921da177e4SLinus Torvalds page_cache_release(page); 6931da177e4SLinus Torvalds dec_mm_counter(mm, rss); 6941da177e4SLinus Torvalds (*mapcount)--; 6951da177e4SLinus Torvalds } 6961da177e4SLinus Torvalds 6971da177e4SLinus Torvalds pte_unmap(pte); 6981da177e4SLinus Torvalds out_unlock: 6991da177e4SLinus Torvalds spin_unlock(&mm->page_table_lock); 7001da177e4SLinus Torvalds } 7011da177e4SLinus Torvalds 7021da177e4SLinus Torvalds static int try_to_unmap_anon(struct page *page) 7031da177e4SLinus Torvalds { 7041da177e4SLinus Torvalds struct anon_vma *anon_vma; 7051da177e4SLinus Torvalds struct vm_area_struct *vma; 7061da177e4SLinus Torvalds int ret = SWAP_AGAIN; 7071da177e4SLinus Torvalds 7081da177e4SLinus Torvalds anon_vma = page_lock_anon_vma(page); 7091da177e4SLinus Torvalds if (!anon_vma) 7101da177e4SLinus Torvalds return ret; 7111da177e4SLinus Torvalds 7121da177e4SLinus Torvalds list_for_each_entry(vma, &anon_vma->head, anon_vma_node) { 7131da177e4SLinus Torvalds ret = try_to_unmap_one(page, vma); 7141da177e4SLinus Torvalds if (ret == SWAP_FAIL || !page_mapped(page)) 7151da177e4SLinus Torvalds break; 7161da177e4SLinus Torvalds } 7171da177e4SLinus Torvalds spin_unlock(&anon_vma->lock); 7181da177e4SLinus Torvalds return ret; 7191da177e4SLinus Torvalds } 7201da177e4SLinus Torvalds 7211da177e4SLinus Torvalds /** 7221da177e4SLinus Torvalds * try_to_unmap_file - unmap file page using the object-based rmap method 7231da177e4SLinus Torvalds * @page: the page to unmap 7241da177e4SLinus Torvalds * 7251da177e4SLinus Torvalds * Find all the mappings of a page using the mapping pointer and the vma chains 7261da177e4SLinus Torvalds * contained in the address_space struct it points to. 7271da177e4SLinus Torvalds * 7281da177e4SLinus Torvalds * This function is only called from try_to_unmap for object-based pages. 7291da177e4SLinus Torvalds */ 7301da177e4SLinus Torvalds static int try_to_unmap_file(struct page *page) 7311da177e4SLinus Torvalds { 7321da177e4SLinus Torvalds struct address_space *mapping = page->mapping; 7331da177e4SLinus Torvalds pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT); 7341da177e4SLinus Torvalds struct vm_area_struct *vma; 7351da177e4SLinus Torvalds struct prio_tree_iter iter; 7361da177e4SLinus Torvalds int ret = SWAP_AGAIN; 7371da177e4SLinus Torvalds unsigned long cursor; 7381da177e4SLinus Torvalds unsigned long max_nl_cursor = 0; 7391da177e4SLinus Torvalds unsigned long max_nl_size = 0; 7401da177e4SLinus Torvalds unsigned int mapcount; 7411da177e4SLinus Torvalds 7421da177e4SLinus Torvalds spin_lock(&mapping->i_mmap_lock); 7431da177e4SLinus Torvalds vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) { 7441da177e4SLinus Torvalds ret = try_to_unmap_one(page, vma); 7451da177e4SLinus Torvalds if (ret == SWAP_FAIL || !page_mapped(page)) 7461da177e4SLinus Torvalds goto out; 7471da177e4SLinus Torvalds } 7481da177e4SLinus Torvalds 7491da177e4SLinus Torvalds if (list_empty(&mapping->i_mmap_nonlinear)) 7501da177e4SLinus Torvalds goto out; 7511da177e4SLinus Torvalds 7521da177e4SLinus Torvalds list_for_each_entry(vma, &mapping->i_mmap_nonlinear, 7531da177e4SLinus Torvalds shared.vm_set.list) { 7541da177e4SLinus Torvalds if (vma->vm_flags & (VM_LOCKED|VM_RESERVED)) 7551da177e4SLinus Torvalds continue; 7561da177e4SLinus Torvalds cursor = (unsigned long) vma->vm_private_data; 7571da177e4SLinus Torvalds if (cursor > max_nl_cursor) 7581da177e4SLinus Torvalds max_nl_cursor = cursor; 7591da177e4SLinus Torvalds cursor = vma->vm_end - vma->vm_start; 7601da177e4SLinus Torvalds if (cursor > max_nl_size) 7611da177e4SLinus Torvalds max_nl_size = cursor; 7621da177e4SLinus Torvalds } 7631da177e4SLinus Torvalds 7641da177e4SLinus Torvalds if (max_nl_size == 0) { /* any nonlinears locked or reserved */ 7651da177e4SLinus Torvalds ret = SWAP_FAIL; 7661da177e4SLinus Torvalds goto out; 7671da177e4SLinus Torvalds } 7681da177e4SLinus Torvalds 7691da177e4SLinus Torvalds /* 7701da177e4SLinus Torvalds * We don't try to search for this page in the nonlinear vmas, 7711da177e4SLinus Torvalds * and page_referenced wouldn't have found it anyway. Instead 7721da177e4SLinus Torvalds * just walk the nonlinear vmas trying to age and unmap some. 7731da177e4SLinus Torvalds * The mapcount of the page we came in with is irrelevant, 7741da177e4SLinus Torvalds * but even so use it as a guide to how hard we should try? 7751da177e4SLinus Torvalds */ 7761da177e4SLinus Torvalds mapcount = page_mapcount(page); 7771da177e4SLinus Torvalds if (!mapcount) 7781da177e4SLinus Torvalds goto out; 7791da177e4SLinus Torvalds cond_resched_lock(&mapping->i_mmap_lock); 7801da177e4SLinus Torvalds 7811da177e4SLinus Torvalds max_nl_size = (max_nl_size + CLUSTER_SIZE - 1) & CLUSTER_MASK; 7821da177e4SLinus Torvalds if (max_nl_cursor == 0) 7831da177e4SLinus Torvalds max_nl_cursor = CLUSTER_SIZE; 7841da177e4SLinus Torvalds 7851da177e4SLinus Torvalds do { 7861da177e4SLinus Torvalds list_for_each_entry(vma, &mapping->i_mmap_nonlinear, 7871da177e4SLinus Torvalds shared.vm_set.list) { 7881da177e4SLinus Torvalds if (vma->vm_flags & (VM_LOCKED|VM_RESERVED)) 7891da177e4SLinus Torvalds continue; 7901da177e4SLinus Torvalds cursor = (unsigned long) vma->vm_private_data; 7911da177e4SLinus Torvalds while (get_mm_counter(vma->vm_mm, rss) && 7921da177e4SLinus Torvalds cursor < max_nl_cursor && 7931da177e4SLinus Torvalds cursor < vma->vm_end - vma->vm_start) { 7941da177e4SLinus Torvalds try_to_unmap_cluster(cursor, &mapcount, vma); 7951da177e4SLinus Torvalds cursor += CLUSTER_SIZE; 7961da177e4SLinus Torvalds vma->vm_private_data = (void *) cursor; 7971da177e4SLinus Torvalds if ((int)mapcount <= 0) 7981da177e4SLinus Torvalds goto out; 7991da177e4SLinus Torvalds } 8001da177e4SLinus Torvalds vma->vm_private_data = (void *) max_nl_cursor; 8011da177e4SLinus Torvalds } 8021da177e4SLinus Torvalds cond_resched_lock(&mapping->i_mmap_lock); 8031da177e4SLinus Torvalds max_nl_cursor += CLUSTER_SIZE; 8041da177e4SLinus Torvalds } while (max_nl_cursor <= max_nl_size); 8051da177e4SLinus Torvalds 8061da177e4SLinus Torvalds /* 8071da177e4SLinus Torvalds * Don't loop forever (perhaps all the remaining pages are 8081da177e4SLinus Torvalds * in locked vmas). Reset cursor on all unreserved nonlinear 8091da177e4SLinus Torvalds * vmas, now forgetting on which ones it had fallen behind. 8101da177e4SLinus Torvalds */ 8111da177e4SLinus Torvalds list_for_each_entry(vma, &mapping->i_mmap_nonlinear, 8121da177e4SLinus Torvalds shared.vm_set.list) { 8131da177e4SLinus Torvalds if (!(vma->vm_flags & VM_RESERVED)) 8141da177e4SLinus Torvalds vma->vm_private_data = NULL; 8151da177e4SLinus Torvalds } 8161da177e4SLinus Torvalds out: 8171da177e4SLinus Torvalds spin_unlock(&mapping->i_mmap_lock); 8181da177e4SLinus Torvalds return ret; 8191da177e4SLinus Torvalds } 8201da177e4SLinus Torvalds 8211da177e4SLinus Torvalds /** 8221da177e4SLinus Torvalds * try_to_unmap - try to remove all page table mappings to a page 8231da177e4SLinus Torvalds * @page: the page to get unmapped 8241da177e4SLinus Torvalds * 8251da177e4SLinus Torvalds * Tries to remove all the page table entries which are mapping this 8261da177e4SLinus Torvalds * page, used in the pageout path. Caller must hold the page lock. 8271da177e4SLinus Torvalds * Return values are: 8281da177e4SLinus Torvalds * 8291da177e4SLinus Torvalds * SWAP_SUCCESS - we succeeded in removing all mappings 8301da177e4SLinus Torvalds * SWAP_AGAIN - we missed a mapping, try again later 8311da177e4SLinus Torvalds * SWAP_FAIL - the page is unswappable 8321da177e4SLinus Torvalds */ 8331da177e4SLinus Torvalds int try_to_unmap(struct page *page) 8341da177e4SLinus Torvalds { 8351da177e4SLinus Torvalds int ret; 8361da177e4SLinus Torvalds 8371da177e4SLinus Torvalds BUG_ON(PageReserved(page)); 8381da177e4SLinus Torvalds BUG_ON(!PageLocked(page)); 8391da177e4SLinus Torvalds 8401da177e4SLinus Torvalds if (PageAnon(page)) 8411da177e4SLinus Torvalds ret = try_to_unmap_anon(page); 8421da177e4SLinus Torvalds else 8431da177e4SLinus Torvalds ret = try_to_unmap_file(page); 8441da177e4SLinus Torvalds 8451da177e4SLinus Torvalds if (!page_mapped(page)) 8461da177e4SLinus Torvalds ret = SWAP_SUCCESS; 8471da177e4SLinus Torvalds return ret; 8481da177e4SLinus Torvalds } 849*81b4082dSNikita Danilov 850