1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _LINUX_RMAP_H 3 #define _LINUX_RMAP_H 4 /* 5 * Declarations for Reverse Mapping functions in mm/rmap.c 6 */ 7 8 #include <linux/list.h> 9 #include <linux/slab.h> 10 #include <linux/mm.h> 11 #include <linux/rwsem.h> 12 #include <linux/memcontrol.h> 13 #include <linux/highmem.h> 14 #include <linux/pagemap.h> 15 #include <linux/memremap.h> 16 17 /* 18 * The anon_vma heads a list of private "related" vmas, to scan if 19 * an anonymous page pointing to this anon_vma needs to be unmapped: 20 * the vmas on the list will be related by forking, or by splitting. 21 * 22 * Since vmas come and go as they are split and merged (particularly 23 * in mprotect), the mapping field of an anonymous page cannot point 24 * directly to a vma: instead it points to an anon_vma, on whose list 25 * the related vmas can be easily linked or unlinked. 26 * 27 * After unlinking the last vma on the list, we must garbage collect 28 * the anon_vma object itself: we're guaranteed no page can be 29 * pointing to this anon_vma once its vma list is empty. 30 */ 31 struct anon_vma { 32 struct anon_vma *root; /* Root of this anon_vma tree */ 33 struct rw_semaphore rwsem; /* W: modification, R: walking the list */ 34 /* 35 * The refcount is taken on an anon_vma when there is no 36 * guarantee that the vma of page tables will exist for 37 * the duration of the operation. A caller that takes 38 * the reference is responsible for clearing up the 39 * anon_vma if they are the last user on release 40 */ 41 atomic_t refcount; 42 43 /* 44 * Count of child anon_vmas and VMAs which points to this anon_vma. 45 * 46 * This counter is used for making decision about reusing anon_vma 47 * instead of forking new one. See comments in function anon_vma_clone. 48 */ 49 unsigned degree; 50 51 struct anon_vma *parent; /* Parent of this anon_vma */ 52 53 /* 54 * NOTE: the LSB of the rb_root.rb_node is set by 55 * mm_take_all_locks() _after_ taking the above lock. So the 56 * rb_root must only be read/written after taking the above lock 57 * to be sure to see a valid next pointer. The LSB bit itself 58 * is serialized by a system wide lock only visible to 59 * mm_take_all_locks() (mm_all_locks_mutex). 60 */ 61 62 /* Interval tree of private "related" vmas */ 63 struct rb_root_cached rb_root; 64 }; 65 66 /* 67 * The copy-on-write semantics of fork mean that an anon_vma 68 * can become associated with multiple processes. Furthermore, 69 * each child process will have its own anon_vma, where new 70 * pages for that process are instantiated. 71 * 72 * This structure allows us to find the anon_vmas associated 73 * with a VMA, or the VMAs associated with an anon_vma. 74 * The "same_vma" list contains the anon_vma_chains linking 75 * all the anon_vmas associated with this VMA. 76 * The "rb" field indexes on an interval tree the anon_vma_chains 77 * which link all the VMAs associated with this anon_vma. 78 */ 79 struct anon_vma_chain { 80 struct vm_area_struct *vma; 81 struct anon_vma *anon_vma; 82 struct list_head same_vma; /* locked by mmap_lock & page_table_lock */ 83 struct rb_node rb; /* locked by anon_vma->rwsem */ 84 unsigned long rb_subtree_last; 85 #ifdef CONFIG_DEBUG_VM_RB 86 unsigned long cached_vma_start, cached_vma_last; 87 #endif 88 }; 89 90 enum ttu_flags { 91 TTU_SPLIT_HUGE_PMD = 0x4, /* split huge PMD if any */ 92 TTU_IGNORE_MLOCK = 0x8, /* ignore mlock */ 93 TTU_SYNC = 0x10, /* avoid racy checks with PVMW_SYNC */ 94 TTU_IGNORE_HWPOISON = 0x20, /* corrupted page is recoverable */ 95 TTU_BATCH_FLUSH = 0x40, /* Batch TLB flushes where possible 96 * and caller guarantees they will 97 * do a final flush if necessary */ 98 TTU_RMAP_LOCKED = 0x80, /* do not grab rmap lock: 99 * caller holds it */ 100 }; 101 102 #ifdef CONFIG_MMU 103 static inline void get_anon_vma(struct anon_vma *anon_vma) 104 { 105 atomic_inc(&anon_vma->refcount); 106 } 107 108 void __put_anon_vma(struct anon_vma *anon_vma); 109 110 static inline void put_anon_vma(struct anon_vma *anon_vma) 111 { 112 if (atomic_dec_and_test(&anon_vma->refcount)) 113 __put_anon_vma(anon_vma); 114 } 115 116 static inline void anon_vma_lock_write(struct anon_vma *anon_vma) 117 { 118 down_write(&anon_vma->root->rwsem); 119 } 120 121 static inline void anon_vma_unlock_write(struct anon_vma *anon_vma) 122 { 123 up_write(&anon_vma->root->rwsem); 124 } 125 126 static inline void anon_vma_lock_read(struct anon_vma *anon_vma) 127 { 128 down_read(&anon_vma->root->rwsem); 129 } 130 131 static inline int anon_vma_trylock_read(struct anon_vma *anon_vma) 132 { 133 return down_read_trylock(&anon_vma->root->rwsem); 134 } 135 136 static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) 137 { 138 up_read(&anon_vma->root->rwsem); 139 } 140 141 142 /* 143 * anon_vma helper functions. 144 */ 145 void anon_vma_init(void); /* create anon_vma_cachep */ 146 int __anon_vma_prepare(struct vm_area_struct *); 147 void unlink_anon_vmas(struct vm_area_struct *); 148 int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *); 149 int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); 150 151 static inline int anon_vma_prepare(struct vm_area_struct *vma) 152 { 153 if (likely(vma->anon_vma)) 154 return 0; 155 156 return __anon_vma_prepare(vma); 157 } 158 159 static inline void anon_vma_merge(struct vm_area_struct *vma, 160 struct vm_area_struct *next) 161 { 162 VM_BUG_ON_VMA(vma->anon_vma != next->anon_vma, vma); 163 unlink_anon_vmas(next); 164 } 165 166 struct anon_vma *folio_get_anon_vma(struct folio *folio); 167 168 /* RMAP flags, currently only relevant for some anon rmap operations. */ 169 typedef int __bitwise rmap_t; 170 171 /* 172 * No special request: if the page is a subpage of a compound page, it is 173 * mapped via a PTE. The mapped (sub)page is possibly shared between processes. 174 */ 175 #define RMAP_NONE ((__force rmap_t)0) 176 177 /* The (sub)page is exclusive to a single process. */ 178 #define RMAP_EXCLUSIVE ((__force rmap_t)BIT(0)) 179 180 /* 181 * The compound page is not mapped via PTEs, but instead via a single PMD and 182 * should be accounted accordingly. 183 */ 184 #define RMAP_COMPOUND ((__force rmap_t)BIT(1)) 185 186 /* 187 * rmap interfaces called when adding or removing pte of page 188 */ 189 void page_move_anon_rmap(struct page *, struct vm_area_struct *); 190 void page_add_anon_rmap(struct page *, struct vm_area_struct *, 191 unsigned long address, rmap_t flags); 192 void page_add_new_anon_rmap(struct page *, struct vm_area_struct *, 193 unsigned long address); 194 void page_add_file_rmap(struct page *, struct vm_area_struct *, 195 bool compound); 196 void page_remove_rmap(struct page *, struct vm_area_struct *, 197 bool compound); 198 199 void hugepage_add_anon_rmap(struct page *, struct vm_area_struct *, 200 unsigned long address, rmap_t flags); 201 void hugepage_add_new_anon_rmap(struct page *, struct vm_area_struct *, 202 unsigned long address); 203 204 static inline void __page_dup_rmap(struct page *page, bool compound) 205 { 206 atomic_inc(compound ? compound_mapcount_ptr(page) : &page->_mapcount); 207 } 208 209 static inline void page_dup_file_rmap(struct page *page, bool compound) 210 { 211 __page_dup_rmap(page, compound); 212 } 213 214 /** 215 * page_try_dup_anon_rmap - try duplicating a mapping of an already mapped 216 * anonymous page 217 * @page: the page to duplicate the mapping for 218 * @compound: the page is mapped as compound or as a small page 219 * @vma: the source vma 220 * 221 * The caller needs to hold the PT lock and the vma->vma_mm->write_protect_seq. 222 * 223 * Duplicating the mapping can only fail if the page may be pinned; device 224 * private pages cannot get pinned and consequently this function cannot fail. 225 * 226 * If duplicating the mapping succeeds, the page has to be mapped R/O into 227 * the parent and the child. It must *not* get mapped writable after this call. 228 * 229 * Returns 0 if duplicating the mapping succeeded. Returns -EBUSY otherwise. 230 */ 231 static inline int page_try_dup_anon_rmap(struct page *page, bool compound, 232 struct vm_area_struct *vma) 233 { 234 VM_BUG_ON_PAGE(!PageAnon(page), page); 235 236 /* 237 * No need to check+clear for already shared pages, including KSM 238 * pages. 239 */ 240 if (!PageAnonExclusive(page)) 241 goto dup; 242 243 /* 244 * If this page may have been pinned by the parent process, 245 * don't allow to duplicate the mapping but instead require to e.g., 246 * copy the page immediately for the child so that we'll always 247 * guarantee the pinned page won't be randomly replaced in the 248 * future on write faults. 249 */ 250 if (likely(!is_device_private_page(page) && 251 unlikely(page_needs_cow_for_dma(vma, page)))) 252 return -EBUSY; 253 254 ClearPageAnonExclusive(page); 255 /* 256 * It's okay to share the anon page between both processes, mapping 257 * the page R/O into both processes. 258 */ 259 dup: 260 __page_dup_rmap(page, compound); 261 return 0; 262 } 263 264 /** 265 * page_try_share_anon_rmap - try marking an exclusive anonymous page possibly 266 * shared to prepare for KSM or temporary unmapping 267 * @page: the exclusive anonymous page to try marking possibly shared 268 * 269 * The caller needs to hold the PT lock and has to have the page table entry 270 * cleared/invalidated. 271 * 272 * This is similar to page_try_dup_anon_rmap(), however, not used during fork() 273 * to duplicate a mapping, but instead to prepare for KSM or temporarily 274 * unmapping a page (swap, migration) via page_remove_rmap(). 275 * 276 * Marking the page shared can only fail if the page may be pinned; device 277 * private pages cannot get pinned and consequently this function cannot fail. 278 * 279 * Returns 0 if marking the page possibly shared succeeded. Returns -EBUSY 280 * otherwise. 281 */ 282 static inline int page_try_share_anon_rmap(struct page *page) 283 { 284 VM_BUG_ON_PAGE(!PageAnon(page) || !PageAnonExclusive(page), page); 285 286 /* device private pages cannot get pinned via GUP. */ 287 if (unlikely(is_device_private_page(page))) { 288 ClearPageAnonExclusive(page); 289 return 0; 290 } 291 292 /* 293 * We have to make sure that when we clear PageAnonExclusive, that 294 * the page is not pinned and that concurrent GUP-fast won't succeed in 295 * concurrently pinning the page. 296 * 297 * Conceptually, PageAnonExclusive clearing consists of: 298 * (A1) Clear PTE 299 * (A2) Check if the page is pinned; back off if so. 300 * (A3) Clear PageAnonExclusive 301 * (A4) Restore PTE (optional, but certainly not writable) 302 * 303 * When clearing PageAnonExclusive, we cannot possibly map the page 304 * writable again, because anon pages that may be shared must never 305 * be writable. So in any case, if the PTE was writable it cannot 306 * be writable anymore afterwards and there would be a PTE change. Only 307 * if the PTE wasn't writable, there might not be a PTE change. 308 * 309 * Conceptually, GUP-fast pinning of an anon page consists of: 310 * (B1) Read the PTE 311 * (B2) FOLL_WRITE: check if the PTE is not writable; back off if so. 312 * (B3) Pin the mapped page 313 * (B4) Check if the PTE changed by re-reading it; back off if so. 314 * (B5) If the original PTE is not writable, check if 315 * PageAnonExclusive is not set; back off if so. 316 * 317 * If the PTE was writable, we only have to make sure that GUP-fast 318 * observes a PTE change and properly backs off. 319 * 320 * If the PTE was not writable, we have to make sure that GUP-fast either 321 * detects a (temporary) PTE change or that PageAnonExclusive is cleared 322 * and properly backs off. 323 * 324 * Consequently, when clearing PageAnonExclusive(), we have to make 325 * sure that (A1), (A2)/(A3) and (A4) happen in the right memory 326 * order. In GUP-fast pinning code, we have to make sure that (B3),(B4) 327 * and (B5) happen in the right memory order. 328 * 329 * We assume that there might not be a memory barrier after 330 * clearing/invalidating the PTE (A1) and before restoring the PTE (A4), 331 * so we use explicit ones here. 332 */ 333 334 /* Paired with the memory barrier in try_grab_folio(). */ 335 if (IS_ENABLED(CONFIG_HAVE_FAST_GUP)) 336 smp_mb(); 337 338 if (unlikely(page_maybe_dma_pinned(page))) 339 return -EBUSY; 340 ClearPageAnonExclusive(page); 341 342 /* 343 * This is conceptually a smp_wmb() paired with the smp_rmb() in 344 * gup_must_unshare(). 345 */ 346 if (IS_ENABLED(CONFIG_HAVE_FAST_GUP)) 347 smp_mb__after_atomic(); 348 return 0; 349 } 350 351 /* 352 * Called from mm/vmscan.c to handle paging out 353 */ 354 int folio_referenced(struct folio *, int is_locked, 355 struct mem_cgroup *memcg, unsigned long *vm_flags); 356 357 void try_to_migrate(struct folio *folio, enum ttu_flags flags); 358 void try_to_unmap(struct folio *, enum ttu_flags flags); 359 360 int make_device_exclusive_range(struct mm_struct *mm, unsigned long start, 361 unsigned long end, struct page **pages, 362 void *arg); 363 364 /* Avoid racy checks */ 365 #define PVMW_SYNC (1 << 0) 366 /* Look for migration entries rather than present PTEs */ 367 #define PVMW_MIGRATION (1 << 1) 368 369 struct page_vma_mapped_walk { 370 unsigned long pfn; 371 unsigned long nr_pages; 372 pgoff_t pgoff; 373 struct vm_area_struct *vma; 374 unsigned long address; 375 pmd_t *pmd; 376 pte_t *pte; 377 spinlock_t *ptl; 378 unsigned int flags; 379 }; 380 381 #define DEFINE_PAGE_VMA_WALK(name, _page, _vma, _address, _flags) \ 382 struct page_vma_mapped_walk name = { \ 383 .pfn = page_to_pfn(_page), \ 384 .nr_pages = compound_nr(_page), \ 385 .pgoff = page_to_pgoff(_page), \ 386 .vma = _vma, \ 387 .address = _address, \ 388 .flags = _flags, \ 389 } 390 391 #define DEFINE_FOLIO_VMA_WALK(name, _folio, _vma, _address, _flags) \ 392 struct page_vma_mapped_walk name = { \ 393 .pfn = folio_pfn(_folio), \ 394 .nr_pages = folio_nr_pages(_folio), \ 395 .pgoff = folio_pgoff(_folio), \ 396 .vma = _vma, \ 397 .address = _address, \ 398 .flags = _flags, \ 399 } 400 401 static inline void page_vma_mapped_walk_done(struct page_vma_mapped_walk *pvmw) 402 { 403 /* HugeTLB pte is set to the relevant page table entry without pte_mapped. */ 404 if (pvmw->pte && !is_vm_hugetlb_page(pvmw->vma)) 405 pte_unmap(pvmw->pte); 406 if (pvmw->ptl) 407 spin_unlock(pvmw->ptl); 408 } 409 410 bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw); 411 412 /* 413 * Used by swapoff to help locate where page is expected in vma. 414 */ 415 unsigned long page_address_in_vma(struct page *, struct vm_area_struct *); 416 417 /* 418 * Cleans the PTEs of shared mappings. 419 * (and since clean PTEs should also be readonly, write protects them too) 420 * 421 * returns the number of cleaned PTEs. 422 */ 423 int folio_mkclean(struct folio *); 424 425 int pfn_mkclean_range(unsigned long pfn, unsigned long nr_pages, pgoff_t pgoff, 426 struct vm_area_struct *vma); 427 428 void remove_migration_ptes(struct folio *src, struct folio *dst, bool locked); 429 430 int page_mapped_in_vma(struct page *page, struct vm_area_struct *vma); 431 432 /* 433 * rmap_walk_control: To control rmap traversing for specific needs 434 * 435 * arg: passed to rmap_one() and invalid_vma() 436 * try_lock: bail out if the rmap lock is contended 437 * contended: indicate the rmap traversal bailed out due to lock contention 438 * rmap_one: executed on each vma where page is mapped 439 * done: for checking traversing termination condition 440 * anon_lock: for getting anon_lock by optimized way rather than default 441 * invalid_vma: for skipping uninterested vma 442 */ 443 struct rmap_walk_control { 444 void *arg; 445 bool try_lock; 446 bool contended; 447 /* 448 * Return false if page table scanning in rmap_walk should be stopped. 449 * Otherwise, return true. 450 */ 451 bool (*rmap_one)(struct folio *folio, struct vm_area_struct *vma, 452 unsigned long addr, void *arg); 453 int (*done)(struct folio *folio); 454 struct anon_vma *(*anon_lock)(struct folio *folio, 455 struct rmap_walk_control *rwc); 456 bool (*invalid_vma)(struct vm_area_struct *vma, void *arg); 457 }; 458 459 void rmap_walk(struct folio *folio, struct rmap_walk_control *rwc); 460 void rmap_walk_locked(struct folio *folio, struct rmap_walk_control *rwc); 461 struct anon_vma *folio_lock_anon_vma_read(struct folio *folio, 462 struct rmap_walk_control *rwc); 463 464 #else /* !CONFIG_MMU */ 465 466 #define anon_vma_init() do {} while (0) 467 #define anon_vma_prepare(vma) (0) 468 #define anon_vma_link(vma) do {} while (0) 469 470 static inline int folio_referenced(struct folio *folio, int is_locked, 471 struct mem_cgroup *memcg, 472 unsigned long *vm_flags) 473 { 474 *vm_flags = 0; 475 return 0; 476 } 477 478 static inline void try_to_unmap(struct folio *folio, enum ttu_flags flags) 479 { 480 } 481 482 static inline int folio_mkclean(struct folio *folio) 483 { 484 return 0; 485 } 486 #endif /* CONFIG_MMU */ 487 488 static inline int page_mkclean(struct page *page) 489 { 490 return folio_mkclean(page_folio(page)); 491 } 492 #endif /* _LINUX_RMAP_H */ 493