search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'trace-printf-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/trace...
[drm/drm-misc.git] / mm / khugepaged.c
blob6f8d46d107b4bf3aa9c97704974c2f05f6f1c0be
1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3
4 #include <linux/mm.h>
5 #include <linux/sched.h>
6 #include <linux/sched/mm.h>
7 #include <linux/mmu_notifier.h>
8 #include <linux/rmap.h>
9 #include <linux/swap.h>
10 #include <linux/mm_inline.h>
11 #include <linux/kthread.h>
12 #include <linux/khugepaged.h>
13 #include <linux/freezer.h>
14 #include <linux/mman.h>
15 #include <linux/hashtable.h>
16 #include <linux/userfaultfd_k.h>
17 #include <linux/page_idle.h>
18 #include <linux/page_table_check.h>
19 #include <linux/rcupdate_wait.h>
20 #include <linux/swapops.h>
21 #include <linux/shmem_fs.h>
22 #include <linux/ksm.h>
23
24 #include <asm/tlb.h>
25 #include <asm/pgalloc.h>
26 #include "internal.h"
27 #include "mm_slot.h"
28
29 enum scan_result {
30 SCAN_FAIL,
31 SCAN_SUCCEED,
32 SCAN_PMD_NULL,
33 SCAN_PMD_NONE,
34 SCAN_PMD_MAPPED,
35 SCAN_EXCEED_NONE_PTE,
36 SCAN_EXCEED_SWAP_PTE,
37 SCAN_EXCEED_SHARED_PTE,
38 SCAN_PTE_NON_PRESENT,
39 SCAN_PTE_UFFD_WP,
40 SCAN_PTE_MAPPED_HUGEPAGE,
41 SCAN_PAGE_RO,
42 SCAN_LACK_REFERENCED_PAGE,
43 SCAN_PAGE_NULL,
44 SCAN_SCAN_ABORT,
45 SCAN_PAGE_COUNT,
46 SCAN_PAGE_LRU,
47 SCAN_PAGE_LOCK,
48 SCAN_PAGE_ANON,
49 SCAN_PAGE_COMPOUND,
50 SCAN_ANY_PROCESS,
51 SCAN_VMA_NULL,
52 SCAN_VMA_CHECK,
53 SCAN_ADDRESS_RANGE,
54 SCAN_DEL_PAGE_LRU,
55 SCAN_ALLOC_HUGE_PAGE_FAIL,
56 SCAN_CGROUP_CHARGE_FAIL,
57 SCAN_TRUNCATED,
58 SCAN_PAGE_HAS_PRIVATE,
59 SCAN_STORE_FAILED,
60 SCAN_COPY_MC,
61 SCAN_PAGE_FILLED,
62 };
63
64 #define CREATE_TRACE_POINTS
65 #include <trace/events/huge_memory.h>
66
67 static struct task_struct *khugepaged_thread __read_mostly;
68 static DEFINE_MUTEX(khugepaged_mutex);
69
70 /* default scan 8*512 pte (or vmas) every 30 second */
71 static unsigned int khugepaged_pages_to_scan __read_mostly;
72 static unsigned int khugepaged_pages_collapsed;
73 static unsigned int khugepaged_full_scans;
74 static unsigned int khugepaged_scan_sleep_millisecs __read_mostly = 10000;
75 /* during fragmentation poll the hugepage allocator once every minute */
76 static unsigned int khugepaged_alloc_sleep_millisecs __read_mostly = 60000;
77 static unsigned long khugepaged_sleep_expire;
78 static DEFINE_SPINLOCK(khugepaged_mm_lock);
79 static DECLARE_WAIT_QUEUE_HEAD(khugepaged_wait);
80 /*
81 * default collapse hugepages if there is at least one pte mapped like
82 * it would have happened if the vma was large enough during page
83 * fault.
84 *
85 * Note that these are only respected if collapse was initiated by khugepaged.
86 */
87 unsigned int khugepaged_max_ptes_none __read_mostly;
88 static unsigned int khugepaged_max_ptes_swap __read_mostly;
89 static unsigned int khugepaged_max_ptes_shared __read_mostly;
90
91 #define MM_SLOTS_HASH_BITS 10
92 static DEFINE_READ_MOSTLY_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
93
94 static struct kmem_cache *mm_slot_cache __ro_after_init;
95
96 struct collapse_control {
97 bool is_khugepaged;
98
99 /* Num pages scanned per node */
100 u32 node_load[MAX_NUMNODES];
101
102 /* nodemask for allocation fallback */
103 nodemask_t alloc_nmask;
104 };
105
106 /**
107 * struct khugepaged_mm_slot - khugepaged information per mm that is being scanned
108 * @slot: hash lookup from mm to mm_slot
109 */
110 struct khugepaged_mm_slot {
111 struct mm_slot slot;
112 };
113
114 /**
115 * struct khugepaged_scan - cursor for scanning
116 * @mm_head: the head of the mm list to scan
117 * @mm_slot: the current mm_slot we are scanning
118 * @address: the next address inside that to be scanned
119 *
120 * There is only the one khugepaged_scan instance of this cursor structure.
121 */
122 struct khugepaged_scan {
123 struct list_head mm_head;
124 struct khugepaged_mm_slot *mm_slot;
125 unsigned long address;
126 };
127
128 static struct khugepaged_scan khugepaged_scan = {
129 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head),
130 };
131
132 #ifdef CONFIG_SYSFS
133 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj,
134 struct kobj_attribute *attr,
135 char *buf)
136 {
137 return sysfs_emit(buf, "%u\n", khugepaged_scan_sleep_millisecs);
138 }
139
140 static ssize_t scan_sleep_millisecs_store(struct kobject *kobj,
141 struct kobj_attribute *attr,
142 const char *buf, size_t count)
143 {
144 unsigned int msecs;
145 int err;
146
147 err = kstrtouint(buf, 10, &msecs);
148 if (err)
149 return -EINVAL;
150
151 khugepaged_scan_sleep_millisecs = msecs;
152 khugepaged_sleep_expire = 0;
153 wake_up_interruptible(&khugepaged_wait);
154
155 return count;
156 }
157 static struct kobj_attribute scan_sleep_millisecs_attr =
158 __ATTR_RW(scan_sleep_millisecs);
159
160 static ssize_t alloc_sleep_millisecs_show(struct kobject *kobj,
161 struct kobj_attribute *attr,
162 char *buf)
163 {
164 return sysfs_emit(buf, "%u\n", khugepaged_alloc_sleep_millisecs);
165 }
166
167 static ssize_t alloc_sleep_millisecs_store(struct kobject *kobj,
168 struct kobj_attribute *attr,
169 const char *buf, size_t count)
170 {
171 unsigned int msecs;
172 int err;
173
174 err = kstrtouint(buf, 10, &msecs);
175 if (err)
176 return -EINVAL;
177
178 khugepaged_alloc_sleep_millisecs = msecs;
179 khugepaged_sleep_expire = 0;
180 wake_up_interruptible(&khugepaged_wait);
181
182 return count;
183 }
184 static struct kobj_attribute alloc_sleep_millisecs_attr =
185 __ATTR_RW(alloc_sleep_millisecs);
186
187 static ssize_t pages_to_scan_show(struct kobject *kobj,
188 struct kobj_attribute *attr,
189 char *buf)
190 {
191 return sysfs_emit(buf, "%u\n", khugepaged_pages_to_scan);
192 }
193 static ssize_t pages_to_scan_store(struct kobject *kobj,
194 struct kobj_attribute *attr,
195 const char *buf, size_t count)
196 {
197 unsigned int pages;
198 int err;
199
200 err = kstrtouint(buf, 10, &pages);
201 if (err || !pages)
202 return -EINVAL;
203
204 khugepaged_pages_to_scan = pages;
205
206 return count;
207 }
208 static struct kobj_attribute pages_to_scan_attr =
209 __ATTR_RW(pages_to_scan);
210
211 static ssize_t pages_collapsed_show(struct kobject *kobj,
212 struct kobj_attribute *attr,
213 char *buf)
214 {
215 return sysfs_emit(buf, "%u\n", khugepaged_pages_collapsed);
216 }
217 static struct kobj_attribute pages_collapsed_attr =
218 __ATTR_RO(pages_collapsed);
219
220 static ssize_t full_scans_show(struct kobject *kobj,
221 struct kobj_attribute *attr,
222 char *buf)
223 {
224 return sysfs_emit(buf, "%u\n", khugepaged_full_scans);
225 }
226 static struct kobj_attribute full_scans_attr =
227 __ATTR_RO(full_scans);
228
229 static ssize_t defrag_show(struct kobject *kobj,
230 struct kobj_attribute *attr, char *buf)
231 {
232 return single_hugepage_flag_show(kobj, attr, buf,
233 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
234 }
235 static ssize_t defrag_store(struct kobject *kobj,
236 struct kobj_attribute *attr,
237 const char *buf, size_t count)
238 {
239 return single_hugepage_flag_store(kobj, attr, buf, count,
240 TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG);
241 }
242 static struct kobj_attribute khugepaged_defrag_attr =
243 __ATTR_RW(defrag);
244
245 /*
246 * max_ptes_none controls if khugepaged should collapse hugepages over
247 * any unmapped ptes in turn potentially increasing the memory
248 * footprint of the vmas. When max_ptes_none is 0 khugepaged will not
249 * reduce the available free memory in the system as it
250 * runs. Increasing max_ptes_none will instead potentially reduce the
251 * free memory in the system during the khugepaged scan.
252 */
253 static ssize_t max_ptes_none_show(struct kobject *kobj,
254 struct kobj_attribute *attr,
255 char *buf)
256 {
257 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_none);
258 }
259 static ssize_t max_ptes_none_store(struct kobject *kobj,
260 struct kobj_attribute *attr,
261 const char *buf, size_t count)
262 {
263 int err;
264 unsigned long max_ptes_none;
265
266 err = kstrtoul(buf, 10, &max_ptes_none);
267 if (err || max_ptes_none > HPAGE_PMD_NR - 1)
268 return -EINVAL;
269
270 khugepaged_max_ptes_none = max_ptes_none;
271
272 return count;
273 }
274 static struct kobj_attribute khugepaged_max_ptes_none_attr =
275 __ATTR_RW(max_ptes_none);
276
277 static ssize_t max_ptes_swap_show(struct kobject *kobj,
278 struct kobj_attribute *attr,
279 char *buf)
280 {
281 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_swap);
282 }
283
284 static ssize_t max_ptes_swap_store(struct kobject *kobj,
285 struct kobj_attribute *attr,
286 const char *buf, size_t count)
287 {
288 int err;
289 unsigned long max_ptes_swap;
290
291 err = kstrtoul(buf, 10, &max_ptes_swap);
292 if (err || max_ptes_swap > HPAGE_PMD_NR - 1)
293 return -EINVAL;
294
295 khugepaged_max_ptes_swap = max_ptes_swap;
296
297 return count;
298 }
299
300 static struct kobj_attribute khugepaged_max_ptes_swap_attr =
301 __ATTR_RW(max_ptes_swap);
302
303 static ssize_t max_ptes_shared_show(struct kobject *kobj,
304 struct kobj_attribute *attr,
305 char *buf)
306 {
307 return sysfs_emit(buf, "%u\n", khugepaged_max_ptes_shared);
308 }
309
310 static ssize_t max_ptes_shared_store(struct kobject *kobj,
311 struct kobj_attribute *attr,
312 const char *buf, size_t count)
313 {
314 int err;
315 unsigned long max_ptes_shared;
316
317 err = kstrtoul(buf, 10, &max_ptes_shared);
318 if (err || max_ptes_shared > HPAGE_PMD_NR - 1)
319 return -EINVAL;
320
321 khugepaged_max_ptes_shared = max_ptes_shared;
322
323 return count;
324 }
325
326 static struct kobj_attribute khugepaged_max_ptes_shared_attr =
327 __ATTR_RW(max_ptes_shared);
328
329 static struct attribute *khugepaged_attr[] = {
330 &khugepaged_defrag_attr.attr,
331 &khugepaged_max_ptes_none_attr.attr,
332 &khugepaged_max_ptes_swap_attr.attr,
333 &khugepaged_max_ptes_shared_attr.attr,
334 &pages_to_scan_attr.attr,
335 &pages_collapsed_attr.attr,
336 &full_scans_attr.attr,
337 &scan_sleep_millisecs_attr.attr,
338 &alloc_sleep_millisecs_attr.attr,
339 NULL,
340 };
341
342 struct attribute_group khugepaged_attr_group = {
343 .attrs = khugepaged_attr,
344 .name = "khugepaged",
345 };
346 #endif /* CONFIG_SYSFS */
347
348 int hugepage_madvise(struct vm_area_struct *vma,
349 unsigned long *vm_flags, int advice)
350 {
351 switch (advice) {
352 case MADV_HUGEPAGE:
353 #ifdef CONFIG_S390
354 /*
355 * qemu blindly sets MADV_HUGEPAGE on all allocations, but s390
356 * can't handle this properly after s390_enable_sie, so we simply
357 * ignore the madvise to prevent qemu from causing a SIGSEGV.
358 */
359 if (mm_has_pgste(vma->vm_mm))
360 return 0;
361 #endif
362 *vm_flags &= ~VM_NOHUGEPAGE;
363 *vm_flags |= VM_HUGEPAGE;
364 /*
365 * If the vma become good for khugepaged to scan,
366 * register it here without waiting a page fault that
367 * may not happen any time soon.
368 */
369 khugepaged_enter_vma(vma, *vm_flags);
370 break;
371 case MADV_NOHUGEPAGE:
372 *vm_flags &= ~VM_HUGEPAGE;
373 *vm_flags |= VM_NOHUGEPAGE;
374 /*
375 * Setting VM_NOHUGEPAGE will prevent khugepaged from scanning
376 * this vma even if we leave the mm registered in khugepaged if
377 * it got registered before VM_NOHUGEPAGE was set.
378 */
379 break;
380 }
381
382 return 0;
383 }
384
385 int __init khugepaged_init(void)
386 {
387 mm_slot_cache = KMEM_CACHE(khugepaged_mm_slot, 0);
388 if (!mm_slot_cache)
389 return -ENOMEM;
390
391 khugepaged_pages_to_scan = HPAGE_PMD_NR * 8;
392 khugepaged_max_ptes_none = HPAGE_PMD_NR - 1;
393 khugepaged_max_ptes_swap = HPAGE_PMD_NR / 8;
394 khugepaged_max_ptes_shared = HPAGE_PMD_NR / 2;
395
396 return 0;
397 }
398
399 void __init khugepaged_destroy(void)
400 {
401 kmem_cache_destroy(mm_slot_cache);
402 }
403
404 static inline int hpage_collapse_test_exit(struct mm_struct *mm)
405 {
406 return atomic_read(&mm->mm_users) == 0;
407 }
408
409 static inline int hpage_collapse_test_exit_or_disable(struct mm_struct *mm)
410 {
411 return hpage_collapse_test_exit(mm) ||
412 test_bit(MMF_DISABLE_THP, &mm->flags);
413 }
414
415 static bool hugepage_pmd_enabled(void)
416 {
417 /*
418 * We cover the anon, shmem and the file-backed case here; file-backed
419 * hugepages, when configured in, are determined by the global control.
420 * Anon pmd-sized hugepages are determined by the pmd-size control.
421 * Shmem pmd-sized hugepages are also determined by its pmd-size control,
422 * except when the global shmem_huge is set to SHMEM_HUGE_DENY.
423 */
424 if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) &&
425 hugepage_global_enabled())
426 return true;
427 if (test_bit(PMD_ORDER, &huge_anon_orders_always))
428 return true;
429 if (test_bit(PMD_ORDER, &huge_anon_orders_madvise))
430 return true;
431 if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) &&
432 hugepage_global_enabled())
433 return true;
434 if (IS_ENABLED(CONFIG_SHMEM) && shmem_hpage_pmd_enabled())
435 return true;
436 return false;
437 }
438
439 void __khugepaged_enter(struct mm_struct *mm)
440 {
441 struct khugepaged_mm_slot *mm_slot;
442 struct mm_slot *slot;
443 int wakeup;
444
445 /* __khugepaged_exit() must not run from under us */
446 VM_BUG_ON_MM(hpage_collapse_test_exit(mm), mm);
447 if (unlikely(test_and_set_bit(MMF_VM_HUGEPAGE, &mm->flags)))
448 return;
449
450 mm_slot = mm_slot_alloc(mm_slot_cache);
451 if (!mm_slot)
452 return;
453
454 slot = &mm_slot->slot;
455
456 spin_lock(&khugepaged_mm_lock);
457 mm_slot_insert(mm_slots_hash, mm, slot);
458 /*
459 * Insert just behind the scanning cursor, to let the area settle
460 * down a little.
461 */
462 wakeup = list_empty(&khugepaged_scan.mm_head);
463 list_add_tail(&slot->mm_node, &khugepaged_scan.mm_head);
464 spin_unlock(&khugepaged_mm_lock);
465
466 mmgrab(mm);
467 if (wakeup)
468 wake_up_interruptible(&khugepaged_wait);
469 }
470
471 void khugepaged_enter_vma(struct vm_area_struct *vma,
472 unsigned long vm_flags)
473 {
474 if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) &&
475 hugepage_pmd_enabled()) {
476 if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS,
477 PMD_ORDER))
478 __khugepaged_enter(vma->vm_mm);
479 }
480 }
481
482 void __khugepaged_exit(struct mm_struct *mm)
483 {
484 struct khugepaged_mm_slot *mm_slot;
485 struct mm_slot *slot;
486 int free = 0;
487
488 spin_lock(&khugepaged_mm_lock);
489 slot = mm_slot_lookup(mm_slots_hash, mm);
490 mm_slot = mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
491 if (mm_slot && khugepaged_scan.mm_slot != mm_slot) {
492 hash_del(&slot->hash);
493 list_del(&slot->mm_node);
494 free = 1;
495 }
496 spin_unlock(&khugepaged_mm_lock);
497
498 if (free) {
499 clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
500 mm_slot_free(mm_slot_cache, mm_slot);
501 mmdrop(mm);
502 } else if (mm_slot) {
503 /*
504 * This is required to serialize against
505 * hpage_collapse_test_exit() (which is guaranteed to run
506 * under mmap sem read mode). Stop here (after we return all
507 * pagetables will be destroyed) until khugepaged has finished
508 * working on the pagetables under the mmap_lock.
509 */
510 mmap_write_lock(mm);
511 mmap_write_unlock(mm);
512 }
513 }
514
515 static void release_pte_folio(struct folio *folio)
516 {
517 node_stat_mod_folio(folio,
518 NR_ISOLATED_ANON + folio_is_file_lru(folio),
519 -folio_nr_pages(folio));
520 folio_unlock(folio);
521 folio_putback_lru(folio);
522 }
523
524 static void release_pte_pages(pte_t *pte, pte_t *_pte,
525 struct list_head *compound_pagelist)
526 {
527 struct folio *folio, *tmp;
528
529 while (--_pte >= pte) {
530 pte_t pteval = ptep_get(_pte);
531 unsigned long pfn;
532
533 if (pte_none(pteval))
534 continue;
535 pfn = pte_pfn(pteval);
536 if (is_zero_pfn(pfn))
537 continue;
538 folio = pfn_folio(pfn);
539 if (folio_test_large(folio))
540 continue;
541 release_pte_folio(folio);
542 }
543
544 list_for_each_entry_safe(folio, tmp, compound_pagelist, lru) {
545 list_del(&folio->lru);
546 release_pte_folio(folio);
547 }
548 }
549
550 static bool is_refcount_suitable(struct folio *folio)
551 {
552 int expected_refcount = folio_mapcount(folio);
553
554 if (!folio_test_anon(folio) || folio_test_swapcache(folio))
555 expected_refcount += folio_nr_pages(folio);
556
557 if (folio_test_private(folio))
558 expected_refcount++;
559
560 return folio_ref_count(folio) == expected_refcount;
561 }
562
563 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
564 unsigned long address,
565 pte_t *pte,
566 struct collapse_control *cc,
567 struct list_head *compound_pagelist)
568 {
569 struct page *page = NULL;
570 struct folio *folio = NULL;
571 pte_t *_pte;
572 int none_or_zero = 0, shared = 0, result = SCAN_FAIL, referenced = 0;
573 bool writable = false;
574
575 for (_pte = pte; _pte < pte + HPAGE_PMD_NR;
576 _pte++, address += PAGE_SIZE) {
577 pte_t pteval = ptep_get(_pte);
578 if (pte_none(pteval) || (pte_present(pteval) &&
579 is_zero_pfn(pte_pfn(pteval)))) {
580 ++none_or_zero;
581 if (!userfaultfd_armed(vma) &&
582 (!cc->is_khugepaged ||
583 none_or_zero <= khugepaged_max_ptes_none)) {
584 continue;
585 } else {
586 result = SCAN_EXCEED_NONE_PTE;
587 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
588 goto out;
589 }
590 }
591 if (!pte_present(pteval)) {
592 result = SCAN_PTE_NON_PRESENT;
593 goto out;
594 }
595 if (pte_uffd_wp(pteval)) {
596 result = SCAN_PTE_UFFD_WP;
597 goto out;
598 }
599 page = vm_normal_page(vma, address, pteval);
600 if (unlikely(!page) || unlikely(is_zone_device_page(page))) {
601 result = SCAN_PAGE_NULL;
602 goto out;
603 }
604
605 folio = page_folio(page);
606 VM_BUG_ON_FOLIO(!folio_test_anon(folio), folio);
607
608 /* See hpage_collapse_scan_pmd(). */
609 if (folio_likely_mapped_shared(folio)) {
610 ++shared;
611 if (cc->is_khugepaged &&
612 shared > khugepaged_max_ptes_shared) {
613 result = SCAN_EXCEED_SHARED_PTE;
614 count_vm_event(THP_SCAN_EXCEED_SHARED_PTE);
615 goto out;
616 }
617 }
618
619 if (folio_test_large(folio)) {
620 struct folio *f;
621
622 /*
623 * Check if we have dealt with the compound page
624 * already
625 */
626 list_for_each_entry(f, compound_pagelist, lru) {
627 if (folio == f)
628 goto next;
629 }
630 }
631
632 /*
633 * We can do it before folio_isolate_lru because the
634 * folio can't be freed from under us. NOTE: PG_lock
635 * is needed to serialize against split_huge_page
636 * when invoked from the VM.
637 */
638 if (!folio_trylock(folio)) {
639 result = SCAN_PAGE_LOCK;
640 goto out;
641 }
642
643 /*
644 * Check if the page has any GUP (or other external) pins.
645 *
646 * The page table that maps the page has been already unlinked
647 * from the page table tree and this process cannot get
648 * an additional pin on the page.
649 *
650 * New pins can come later if the page is shared across fork,
651 * but not from this process. The other process cannot write to
652 * the page, only trigger CoW.
653 */
654 if (!is_refcount_suitable(folio)) {
655 folio_unlock(folio);
656 result = SCAN_PAGE_COUNT;
657 goto out;
658 }
659
660 /*
661 * Isolate the page to avoid collapsing an hugepage
662 * currently in use by the VM.
663 */
664 if (!folio_isolate_lru(folio)) {
665 folio_unlock(folio);
666 result = SCAN_DEL_PAGE_LRU;
667 goto out;
668 }
669 node_stat_mod_folio(folio,
670 NR_ISOLATED_ANON + folio_is_file_lru(folio),
671 folio_nr_pages(folio));
672 VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio);
673 VM_BUG_ON_FOLIO(folio_test_lru(folio), folio);
674
675 if (folio_test_large(folio))
676 list_add_tail(&folio->lru, compound_pagelist);
677 next:
678 /*
679 * If collapse was initiated by khugepaged, check that there is
680 * enough young pte to justify collapsing the page
681 */
682 if (cc->is_khugepaged &&
683 (pte_young(pteval) || folio_test_young(folio) ||
684 folio_test_referenced(folio) || mmu_notifier_test_young(vma->vm_mm,
685 address)))
686 referenced++;
687
688 if (pte_write(pteval))
689 writable = true;
690 }
691
692 if (unlikely(!writable)) {
693 result = SCAN_PAGE_RO;
694 } else if (unlikely(cc->is_khugepaged && !referenced)) {
695 result = SCAN_LACK_REFERENCED_PAGE;
696 } else {
697 result = SCAN_SUCCEED;
698 trace_mm_collapse_huge_page_isolate(&folio->page, none_or_zero,
699 referenced, writable, result);
700 return result;
701 }
702 out:
703 release_pte_pages(pte, _pte, compound_pagelist);
704 trace_mm_collapse_huge_page_isolate(&folio->page, none_or_zero,
705 referenced, writable, result);
706 return result;
707 }
708
709 static void __collapse_huge_page_copy_succeeded(pte_t *pte,
710 struct vm_area_struct *vma,
711 unsigned long address,
712 spinlock_t *ptl,
713 struct list_head *compound_pagelist)
714 {
715 struct folio *src, *tmp;
716 pte_t *_pte;
717 pte_t pteval;
718
719 for (_pte = pte; _pte < pte + HPAGE_PMD_NR;
720 _pte++, address += PAGE_SIZE) {
721 pteval = ptep_get(_pte);
722 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
723 add_mm_counter(vma->vm_mm, MM_ANONPAGES, 1);
724 if (is_zero_pfn(pte_pfn(pteval))) {
725 /*
726 * ptl mostly unnecessary.
727 */
728 spin_lock(ptl);
729 ptep_clear(vma->vm_mm, address, _pte);
730 spin_unlock(ptl);
731 ksm_might_unmap_zero_page(vma->vm_mm, pteval);
732 }
733 } else {
734 struct page *src_page = pte_page(pteval);
735
736 src = page_folio(src_page);
737 if (!folio_test_large(src))
738 release_pte_folio(src);
739 /*
740 * ptl mostly unnecessary, but preempt has to
741 * be disabled to update the per-cpu stats
742 * inside folio_remove_rmap_pte().
743 */
744 spin_lock(ptl);
745 ptep_clear(vma->vm_mm, address, _pte);
746 folio_remove_rmap_pte(src, src_page, vma);
747 spin_unlock(ptl);
748 free_page_and_swap_cache(src_page);
749 }
750 }
751
752 list_for_each_entry_safe(src, tmp, compound_pagelist, lru) {
753 list_del(&src->lru);
754 node_stat_sub_folio(src, NR_ISOLATED_ANON +
755 folio_is_file_lru(src));
756 folio_unlock(src);
757 free_swap_cache(src);
758 folio_putback_lru(src);
759 }
760 }
761
762 static void __collapse_huge_page_copy_failed(pte_t *pte,
763 pmd_t *pmd,
764 pmd_t orig_pmd,
765 struct vm_area_struct *vma,
766 struct list_head *compound_pagelist)
767 {
768 spinlock_t *pmd_ptl;
769
770 /*
771 * Re-establish the PMD to point to the original page table
772 * entry. Restoring PMD needs to be done prior to releasing
773 * pages. Since pages are still isolated and locked here,
774 * acquiring anon_vma_lock_write is unnecessary.
775 */
776 pmd_ptl = pmd_lock(vma->vm_mm, pmd);
777 pmd_populate(vma->vm_mm, pmd, pmd_pgtable(orig_pmd));
778 spin_unlock(pmd_ptl);
779 /*
780 * Release both raw and compound pages isolated
781 * in __collapse_huge_page_isolate.
782 */
783 release_pte_pages(pte, pte + HPAGE_PMD_NR, compound_pagelist);
784 }
785
786 /*
787 * __collapse_huge_page_copy - attempts to copy memory contents from raw
788 * pages to a hugepage. Cleans up the raw pages if copying succeeds;
789 * otherwise restores the original page table and releases isolated raw pages.
790 * Returns SCAN_SUCCEED if copying succeeds, otherwise returns SCAN_COPY_MC.
791 *
792 * @pte: starting of the PTEs to copy from
793 * @folio: the new hugepage to copy contents to
794 * @pmd: pointer to the new hugepage's PMD
795 * @orig_pmd: the original raw pages' PMD
796 * @vma: the original raw pages' virtual memory area
797 * @address: starting address to copy
798 * @ptl: lock on raw pages' PTEs
799 * @compound_pagelist: list that stores compound pages
800 */
801 static int __collapse_huge_page_copy(pte_t *pte, struct folio *folio,
802 pmd_t *pmd, pmd_t orig_pmd, struct vm_area_struct *vma,
803 unsigned long address, spinlock_t *ptl,
804 struct list_head *compound_pagelist)
805 {
806 unsigned int i;
807 int result = SCAN_SUCCEED;
808
809 /*
810 * Copying pages' contents is subject to memory poison at any iteration.
811 */
812 for (i = 0; i < HPAGE_PMD_NR; i++) {
813 pte_t pteval = ptep_get(pte + i);
814 struct page *page = folio_page(folio, i);
815 unsigned long src_addr = address + i * PAGE_SIZE;
816 struct page *src_page;
817
818 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
819 clear_user_highpage(page, src_addr);
820 continue;
821 }
822 src_page = pte_page(pteval);
823 if (copy_mc_user_highpage(page, src_page, src_addr, vma) > 0) {
824 result = SCAN_COPY_MC;
825 break;
826 }
827 }
828
829 if (likely(result == SCAN_SUCCEED))
830 __collapse_huge_page_copy_succeeded(pte, vma, address, ptl,
831 compound_pagelist);
832 else
833 __collapse_huge_page_copy_failed(pte, pmd, orig_pmd, vma,
834 compound_pagelist);
835
836 return result;
837 }
838
839 static void khugepaged_alloc_sleep(void)
840 {
841 DEFINE_WAIT(wait);
842
843 add_wait_queue(&khugepaged_wait, &wait);
844 __set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE);
845 schedule_timeout(msecs_to_jiffies(khugepaged_alloc_sleep_millisecs));
846 remove_wait_queue(&khugepaged_wait, &wait);
847 }
848
849 struct collapse_control khugepaged_collapse_control = {
850 .is_khugepaged = true,
851 };
852
853 static bool hpage_collapse_scan_abort(int nid, struct collapse_control *cc)
854 {
855 int i;
856
857 /*
858 * If node_reclaim_mode is disabled, then no extra effort is made to
859 * allocate memory locally.
860 */
861 if (!node_reclaim_enabled())
862 return false;
863
864 /* If there is a count for this node already, it must be acceptable */
865 if (cc->node_load[nid])
866 return false;
867
868 for (i = 0; i < MAX_NUMNODES; i++) {
869 if (!cc->node_load[i])
870 continue;
871 if (node_distance(nid, i) > node_reclaim_distance)
872 return true;
873 }
874 return false;
875 }
876
877 #define khugepaged_defrag() \
878 (transparent_hugepage_flags & \
879 (1<<TRANSPARENT_HUGEPAGE_DEFRAG_KHUGEPAGED_FLAG))
880
881 /* Defrag for khugepaged will enter direct reclaim/compaction if necessary */
882 static inline gfp_t alloc_hugepage_khugepaged_gfpmask(void)
883 {
884 return khugepaged_defrag() ? GFP_TRANSHUGE : GFP_TRANSHUGE_LIGHT;
885 }
886
887 #ifdef CONFIG_NUMA
888 static int hpage_collapse_find_target_node(struct collapse_control *cc)
889 {
890 int nid, target_node = 0, max_value = 0;
891
892 /* find first node with max normal pages hit */
893 for (nid = 0; nid < MAX_NUMNODES; nid++)
894 if (cc->node_load[nid] > max_value) {
895 max_value = cc->node_load[nid];
896 target_node = nid;
897 }
898
899 for_each_online_node(nid) {
900 if (max_value == cc->node_load[nid])
901 node_set(nid, cc->alloc_nmask);
902 }
903
904 return target_node;
905 }
906 #else
907 static int hpage_collapse_find_target_node(struct collapse_control *cc)
908 {
909 return 0;
910 }
911 #endif
912
913 /*
914 * If mmap_lock temporarily dropped, revalidate vma
915 * before taking mmap_lock.
916 * Returns enum scan_result value.
917 */
918
919 static int hugepage_vma_revalidate(struct mm_struct *mm, unsigned long address,
920 bool expect_anon,
921 struct vm_area_struct **vmap,
922 struct collapse_control *cc)
923 {
924 struct vm_area_struct *vma;
925 unsigned long tva_flags = cc->is_khugepaged ? TVA_ENFORCE_SYSFS : 0;
926
927 if (unlikely(hpage_collapse_test_exit_or_disable(mm)))
928 return SCAN_ANY_PROCESS;
929
930 *vmap = vma = find_vma(mm, address);
931 if (!vma)
932 return SCAN_VMA_NULL;
933
934 if (!thp_vma_suitable_order(vma, address, PMD_ORDER))
935 return SCAN_ADDRESS_RANGE;
936 if (!thp_vma_allowable_order(vma, vma->vm_flags, tva_flags, PMD_ORDER))
937 return SCAN_VMA_CHECK;
938 /*
939 * Anon VMA expected, the address may be unmapped then
940 * remapped to file after khugepaged reaquired the mmap_lock.
941 *
942 * thp_vma_allowable_order may return true for qualified file
943 * vmas.
944 */
945 if (expect_anon && (!(*vmap)->anon_vma || !vma_is_anonymous(*vmap)))
946 return SCAN_PAGE_ANON;
947 return SCAN_SUCCEED;
948 }
949
950 static int find_pmd_or_thp_or_none(struct mm_struct *mm,
951 unsigned long address,
952 pmd_t **pmd)
953 {
954 pmd_t pmde;
955
956 *pmd = mm_find_pmd(mm, address);
957 if (!*pmd)
958 return SCAN_PMD_NULL;
959
960 pmde = pmdp_get_lockless(*pmd);
961 if (pmd_none(pmde))
962 return SCAN_PMD_NONE;
963 if (!pmd_present(pmde))
964 return SCAN_PMD_NULL;
965 if (pmd_trans_huge(pmde))
966 return SCAN_PMD_MAPPED;
967 if (pmd_devmap(pmde))
968 return SCAN_PMD_NULL;
969 if (pmd_bad(pmde))
970 return SCAN_PMD_NULL;
971 return SCAN_SUCCEED;
972 }
973
974 static int check_pmd_still_valid(struct mm_struct *mm,
975 unsigned long address,
976 pmd_t *pmd)
977 {
978 pmd_t *new_pmd;
979 int result = find_pmd_or_thp_or_none(mm, address, &new_pmd);
980
981 if (result != SCAN_SUCCEED)
982 return result;
983 if (new_pmd != pmd)
984 return SCAN_FAIL;
985 return SCAN_SUCCEED;
986 }
987
988 /*
989 * Bring missing pages in from swap, to complete THP collapse.
990 * Only done if hpage_collapse_scan_pmd believes it is worthwhile.
991 *
992 * Called and returns without pte mapped or spinlocks held.
993 * Returns result: if not SCAN_SUCCEED, mmap_lock has been released.
994 */
995 static int __collapse_huge_page_swapin(struct mm_struct *mm,
996 struct vm_area_struct *vma,
997 unsigned long haddr, pmd_t *pmd,
998 int referenced)
999 {
1000 int swapped_in = 0;
1001 vm_fault_t ret = 0;
1002 unsigned long address, end = haddr + (HPAGE_PMD_NR * PAGE_SIZE);
1003 int result;
1004 pte_t *pte = NULL;
1005 spinlock_t *ptl;
1006
1007 for (address = haddr; address < end; address += PAGE_SIZE) {
1008 struct vm_fault vmf = {
1009 .vma = vma,
1010 .address = address,
1011 .pgoff = linear_page_index(vma, address),
1012 .flags = FAULT_FLAG_ALLOW_RETRY,
1013 .pmd = pmd,
1014 };
1015
1016 if (!pte++) {
1017 /*
1018 * Here the ptl is only used to check pte_same() in
1019 * do_swap_page(), so readonly version is enough.
1020 */
1021 pte = pte_offset_map_ro_nolock(mm, pmd, address, &ptl);
1022 if (!pte) {
1023 mmap_read_unlock(mm);
1024 result = SCAN_PMD_NULL;
1025 goto out;
1026 }
1027 }
1028
1029 vmf.orig_pte = ptep_get_lockless(pte);
1030 if (!is_swap_pte(vmf.orig_pte))
1031 continue;
1032
1033 vmf.pte = pte;
1034 vmf.ptl = ptl;
1035 ret = do_swap_page(&vmf);
1036 /* Which unmaps pte (after perhaps re-checking the entry) */
1037 pte = NULL;
1038
1039 /*
1040 * do_swap_page returns VM_FAULT_RETRY with released mmap_lock.
1041 * Note we treat VM_FAULT_RETRY as VM_FAULT_ERROR here because
1042 * we do not retry here and swap entry will remain in pagetable
1043 * resulting in later failure.
1044 */
1045 if (ret & VM_FAULT_RETRY) {
1046 /* Likely, but not guaranteed, that page lock failed */
1047 result = SCAN_PAGE_LOCK;
1048 goto out;
1049 }
1050 if (ret & VM_FAULT_ERROR) {
1051 mmap_read_unlock(mm);
1052 result = SCAN_FAIL;
1053 goto out;
1054 }
1055 swapped_in++;
1056 }
1057
1058 if (pte)
1059 pte_unmap(pte);
1060
1061 /* Drain LRU cache to remove extra pin on the swapped in pages */
1062 if (swapped_in)
1063 lru_add_drain();
1064
1065 result = SCAN_SUCCEED;
1066 out:
1067 trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, result);
1068 return result;
1069 }
1070
1071 static int alloc_charge_folio(struct folio **foliop, struct mm_struct *mm,
1072 struct collapse_control *cc)
1073 {
1074 gfp_t gfp = (cc->is_khugepaged ? alloc_hugepage_khugepaged_gfpmask() :
1075 GFP_TRANSHUGE);
1076 int node = hpage_collapse_find_target_node(cc);
1077 struct folio *folio;
1078
1079 folio = __folio_alloc(gfp, HPAGE_PMD_ORDER, node, &cc->alloc_nmask);
1080 if (!folio) {
1081 *foliop = NULL;
1082 count_vm_event(THP_COLLAPSE_ALLOC_FAILED);
1083 return SCAN_ALLOC_HUGE_PAGE_FAIL;
1084 }
1085
1086 count_vm_event(THP_COLLAPSE_ALLOC);
1087 if (unlikely(mem_cgroup_charge(folio, mm, gfp))) {
1088 folio_put(folio);
1089 *foliop = NULL;
1090 return SCAN_CGROUP_CHARGE_FAIL;
1091 }
1092
1093 count_memcg_folio_events(folio, THP_COLLAPSE_ALLOC, 1);
1094
1095 *foliop = folio;
1096 return SCAN_SUCCEED;
1097 }
1098
1099 static int collapse_huge_page(struct mm_struct *mm, unsigned long address,
1100 int referenced, int unmapped,
1101 struct collapse_control *cc)
1102 {
1103 LIST_HEAD(compound_pagelist);
1104 pmd_t *pmd, _pmd;
1105 pte_t *pte;
1106 pgtable_t pgtable;
1107 struct folio *folio;
1108 spinlock_t *pmd_ptl, *pte_ptl;
1109 int result = SCAN_FAIL;
1110 struct vm_area_struct *vma;
1111 struct mmu_notifier_range range;
1112
1113 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
1114
1115 /*
1116 * Before allocating the hugepage, release the mmap_lock read lock.
1117 * The allocation can take potentially a long time if it involves
1118 * sync compaction, and we do not need to hold the mmap_lock during
1119 * that. We will recheck the vma after taking it again in write mode.
1120 */
1121 mmap_read_unlock(mm);
1122
1123 result = alloc_charge_folio(&folio, mm, cc);
1124 if (result != SCAN_SUCCEED)
1125 goto out_nolock;
1126
1127 mmap_read_lock(mm);
1128 result = hugepage_vma_revalidate(mm, address, true, &vma, cc);
1129 if (result != SCAN_SUCCEED) {
1130 mmap_read_unlock(mm);
1131 goto out_nolock;
1132 }
1133
1134 result = find_pmd_or_thp_or_none(mm, address, &pmd);
1135 if (result != SCAN_SUCCEED) {
1136 mmap_read_unlock(mm);
1137 goto out_nolock;
1138 }
1139
1140 if (unmapped) {
1141 /*
1142 * __collapse_huge_page_swapin will return with mmap_lock
1143 * released when it fails. So we jump out_nolock directly in
1144 * that case. Continuing to collapse causes inconsistency.
1145 */
1146 result = __collapse_huge_page_swapin(mm, vma, address, pmd,
1147 referenced);
1148 if (result != SCAN_SUCCEED)
1149 goto out_nolock;
1150 }
1151
1152 mmap_read_unlock(mm);
1153 /*
1154 * Prevent all access to pagetables with the exception of
1155 * gup_fast later handled by the ptep_clear_flush and the VM
1156 * handled by the anon_vma lock + PG_lock.
1157 *
1158 * UFFDIO_MOVE is prevented to race as well thanks to the
1159 * mmap_lock.
1160 */
1161 mmap_write_lock(mm);
1162 result = hugepage_vma_revalidate(mm, address, true, &vma, cc);
1163 if (result != SCAN_SUCCEED)
1164 goto out_up_write;
1165 /* check if the pmd is still valid */
1166 result = check_pmd_still_valid(mm, address, pmd);
1167 if (result != SCAN_SUCCEED)
1168 goto out_up_write;
1169
1170 vma_start_write(vma);
1171 anon_vma_lock_write(vma->anon_vma);
1172
1173 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, address,
1174 address + HPAGE_PMD_SIZE);
1175 mmu_notifier_invalidate_range_start(&range);
1176
1177 pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
1178 /*
1179 * This removes any huge TLB entry from the CPU so we won't allow
1180 * huge and small TLB entries for the same virtual address to
1181 * avoid the risk of CPU bugs in that area.
1182 *
1183 * Parallel GUP-fast is fine since GUP-fast will back off when
1184 * it detects PMD is changed.
1185 */
1186 _pmd = pmdp_collapse_flush(vma, address, pmd);
1187 spin_unlock(pmd_ptl);
1188 mmu_notifier_invalidate_range_end(&range);
1189 tlb_remove_table_sync_one();
1190
1191 pte = pte_offset_map_lock(mm, &_pmd, address, &pte_ptl);
1192 if (pte) {
1193 result = __collapse_huge_page_isolate(vma, address, pte, cc,
1194 &compound_pagelist);
1195 spin_unlock(pte_ptl);
1196 } else {
1197 result = SCAN_PMD_NULL;
1198 }
1199
1200 if (unlikely(result != SCAN_SUCCEED)) {
1201 if (pte)
1202 pte_unmap(pte);
1203 spin_lock(pmd_ptl);
1204 BUG_ON(!pmd_none(*pmd));
1205 /*
1206 * We can only use set_pmd_at when establishing
1207 * hugepmds and never for establishing regular pmds that
1208 * points to regular pagetables. Use pmd_populate for that
1209 */
1210 pmd_populate(mm, pmd, pmd_pgtable(_pmd));
1211 spin_unlock(pmd_ptl);
1212 anon_vma_unlock_write(vma->anon_vma);
1213 goto out_up_write;
1214 }
1215
1216 /*
1217 * All pages are isolated and locked so anon_vma rmap
1218 * can't run anymore.
1219 */
1220 anon_vma_unlock_write(vma->anon_vma);
1221
1222 result = __collapse_huge_page_copy(pte, folio, pmd, _pmd,
1223 vma, address, pte_ptl,
1224 &compound_pagelist);
1225 pte_unmap(pte);
1226 if (unlikely(result != SCAN_SUCCEED))
1227 goto out_up_write;
1228
1229 /*
1230 * The smp_wmb() inside __folio_mark_uptodate() ensures the
1231 * copy_huge_page writes become visible before the set_pmd_at()
1232 * write.
1233 */
1234 __folio_mark_uptodate(folio);
1235 pgtable = pmd_pgtable(_pmd);
1236
1237 _pmd = mk_huge_pmd(&folio->page, vma->vm_page_prot);
1238 _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma);
1239
1240 spin_lock(pmd_ptl);
1241 BUG_ON(!pmd_none(*pmd));
1242 folio_add_new_anon_rmap(folio, vma, address, RMAP_EXCLUSIVE);
1243 folio_add_lru_vma(folio, vma);
1244 pgtable_trans_huge_deposit(mm, pmd, pgtable);
1245 set_pmd_at(mm, address, pmd, _pmd);
1246 update_mmu_cache_pmd(vma, address, pmd);
1247 deferred_split_folio(folio, false);
1248 spin_unlock(pmd_ptl);
1249
1250 folio = NULL;
1251
1252 result = SCAN_SUCCEED;
1253 out_up_write:
1254 mmap_write_unlock(mm);
1255 out_nolock:
1256 if (folio)
1257 folio_put(folio);
1258 trace_mm_collapse_huge_page(mm, result == SCAN_SUCCEED, result);
1259 return result;
1260 }
1261
1262 static int hpage_collapse_scan_pmd(struct mm_struct *mm,
1263 struct vm_area_struct *vma,
1264 unsigned long address, bool *mmap_locked,
1265 struct collapse_control *cc)
1266 {
1267 pmd_t *pmd;
1268 pte_t *pte, *_pte;
1269 int result = SCAN_FAIL, referenced = 0;
1270 int none_or_zero = 0, shared = 0;
1271 struct page *page = NULL;
1272 struct folio *folio = NULL;
1273 unsigned long _address;
1274 spinlock_t *ptl;
1275 int node = NUMA_NO_NODE, unmapped = 0;
1276 bool writable = false;
1277
1278 VM_BUG_ON(address & ~HPAGE_PMD_MASK);
1279
1280 result = find_pmd_or_thp_or_none(mm, address, &pmd);
1281 if (result != SCAN_SUCCEED)
1282 goto out;
1283
1284 memset(cc->node_load, 0, sizeof(cc->node_load));
1285 nodes_clear(cc->alloc_nmask);
1286 pte = pte_offset_map_lock(mm, pmd, address, &ptl);
1287 if (!pte) {
1288 result = SCAN_PMD_NULL;
1289 goto out;
1290 }
1291
1292 for (_address = address, _pte = pte; _pte < pte + HPAGE_PMD_NR;
1293 _pte++, _address += PAGE_SIZE) {
1294 pte_t pteval = ptep_get(_pte);
1295 if (is_swap_pte(pteval)) {
1296 ++unmapped;
1297 if (!cc->is_khugepaged ||
1298 unmapped <= khugepaged_max_ptes_swap) {
1299 /*
1300 * Always be strict with uffd-wp
1301 * enabled swap entries. Please see
1302 * comment below for pte_uffd_wp().
1303 */
1304 if (pte_swp_uffd_wp_any(pteval)) {
1305 result = SCAN_PTE_UFFD_WP;
1306 goto out_unmap;
1307 }
1308 continue;
1309 } else {
1310 result = SCAN_EXCEED_SWAP_PTE;
1311 count_vm_event(THP_SCAN_EXCEED_SWAP_PTE);
1312 goto out_unmap;
1313 }
1314 }
1315 if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
1316 ++none_or_zero;
1317 if (!userfaultfd_armed(vma) &&
1318 (!cc->is_khugepaged ||
1319 none_or_zero <= khugepaged_max_ptes_none)) {
1320 continue;
1321 } else {
1322 result = SCAN_EXCEED_NONE_PTE;
1323 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
1324 goto out_unmap;
1325 }
1326 }
1327 if (pte_uffd_wp(pteval)) {
1328 /*
1329 * Don't collapse the page if any of the small
1330 * PTEs are armed with uffd write protection.
1331 * Here we can also mark the new huge pmd as
1332 * write protected if any of the small ones is
1333 * marked but that could bring unknown
1334 * userfault messages that falls outside of
1335 * the registered range. So, just be simple.
1336 */
1337 result = SCAN_PTE_UFFD_WP;
1338 goto out_unmap;
1339 }
1340 if (pte_write(pteval))
1341 writable = true;
1342
1343 page = vm_normal_page(vma, _address, pteval);
1344 if (unlikely(!page) || unlikely(is_zone_device_page(page))) {
1345 result = SCAN_PAGE_NULL;
1346 goto out_unmap;
1347 }
1348 folio = page_folio(page);
1349
1350 if (!folio_test_anon(folio)) {
1351 result = SCAN_PAGE_ANON;
1352 goto out_unmap;
1353 }
1354
1355 /*
1356 * We treat a single page as shared if any part of the THP
1357 * is shared. "False negatives" from
1358 * folio_likely_mapped_shared() are not expected to matter
1359 * much in practice.
1360 */
1361 if (folio_likely_mapped_shared(folio)) {
1362 ++shared;
1363 if (cc->is_khugepaged &&
1364 shared > khugepaged_max_ptes_shared) {
1365 result = SCAN_EXCEED_SHARED_PTE;
1366 count_vm_event(THP_SCAN_EXCEED_SHARED_PTE);
1367 goto out_unmap;
1368 }
1369 }
1370
1371 /*
1372 * Record which node the original page is from and save this
1373 * information to cc->node_load[].
1374 * Khugepaged will allocate hugepage from the node has the max
1375 * hit record.
1376 */
1377 node = folio_nid(folio);
1378 if (hpage_collapse_scan_abort(node, cc)) {
1379 result = SCAN_SCAN_ABORT;
1380 goto out_unmap;
1381 }
1382 cc->node_load[node]++;
1383 if (!folio_test_lru(folio)) {
1384 result = SCAN_PAGE_LRU;
1385 goto out_unmap;
1386 }
1387 if (folio_test_locked(folio)) {
1388 result = SCAN_PAGE_LOCK;
1389 goto out_unmap;
1390 }
1391
1392 /*
1393 * Check if the page has any GUP (or other external) pins.
1394 *
1395 * Here the check may be racy:
1396 * it may see folio_mapcount() > folio_ref_count().
1397 * But such case is ephemeral we could always retry collapse
1398 * later. However it may report false positive if the page
1399 * has excessive GUP pins (i.e. 512). Anyway the same check
1400 * will be done again later the risk seems low.
1401 */
1402 if (!is_refcount_suitable(folio)) {
1403 result = SCAN_PAGE_COUNT;
1404 goto out_unmap;
1405 }
1406
1407 /*
1408 * If collapse was initiated by khugepaged, check that there is
1409 * enough young pte to justify collapsing the page
1410 */
1411 if (cc->is_khugepaged &&
1412 (pte_young(pteval) || folio_test_young(folio) ||
1413 folio_test_referenced(folio) || mmu_notifier_test_young(vma->vm_mm,
1414 address)))
1415 referenced++;
1416 }
1417 if (!writable) {
1418 result = SCAN_PAGE_RO;
1419 } else if (cc->is_khugepaged &&
1420 (!referenced ||
1421 (unmapped && referenced < HPAGE_PMD_NR / 2))) {
1422 result = SCAN_LACK_REFERENCED_PAGE;
1423 } else {
1424 result = SCAN_SUCCEED;
1425 }
1426 out_unmap:
1427 pte_unmap_unlock(pte, ptl);
1428 if (result == SCAN_SUCCEED) {
1429 result = collapse_huge_page(mm, address, referenced,
1430 unmapped, cc);
1431 /* collapse_huge_page will return with the mmap_lock released */
1432 *mmap_locked = false;
1433 }
1434 out:
1435 trace_mm_khugepaged_scan_pmd(mm, &folio->page, writable, referenced,
1436 none_or_zero, result, unmapped);
1437 return result;
1438 }
1439
1440 static void collect_mm_slot(struct khugepaged_mm_slot *mm_slot)
1441 {
1442 struct mm_slot *slot = &mm_slot->slot;
1443 struct mm_struct *mm = slot->mm;
1444
1445 lockdep_assert_held(&khugepaged_mm_lock);
1446
1447 if (hpage_collapse_test_exit(mm)) {
1448 /* free mm_slot */
1449 hash_del(&slot->hash);
1450 list_del(&slot->mm_node);
1451
1452 /*
1453 * Not strictly needed because the mm exited already.
1454 *
1455 * clear_bit(MMF_VM_HUGEPAGE, &mm->flags);
1456 */
1457
1458 /* khugepaged_mm_lock actually not necessary for the below */
1459 mm_slot_free(mm_slot_cache, mm_slot);
1460 mmdrop(mm);
1461 }
1462 }
1463
1464 #ifdef CONFIG_SHMEM
1465 /* hpage must be locked, and mmap_lock must be held */
1466 static int set_huge_pmd(struct vm_area_struct *vma, unsigned long addr,
1467 pmd_t *pmdp, struct page *hpage)
1468 {
1469 struct vm_fault vmf = {
1470 .vma = vma,
1471 .address = addr,
1472 .flags = 0,
1473 .pmd = pmdp,
1474 };
1475
1476 VM_BUG_ON(!PageTransHuge(hpage));
1477 mmap_assert_locked(vma->vm_mm);
1478
1479 if (do_set_pmd(&vmf, hpage))
1480 return SCAN_FAIL;
1481
1482 get_page(hpage);
1483 return SCAN_SUCCEED;
1484 }
1485
1486 /**
1487 * collapse_pte_mapped_thp - Try to collapse a pte-mapped THP for mm at
1488 * address haddr.
1489 *
1490 * @mm: process address space where collapse happens
1491 * @addr: THP collapse address
1492 * @install_pmd: If a huge PMD should be installed
1493 *
1494 * This function checks whether all the PTEs in the PMD are pointing to the
1495 * right THP. If so, retract the page table so the THP can refault in with
1496 * as pmd-mapped. Possibly install a huge PMD mapping the THP.
1497 */
1498 int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
1499 bool install_pmd)
1500 {
1501 struct mmu_notifier_range range;
1502 bool notified = false;
1503 unsigned long haddr = addr & HPAGE_PMD_MASK;
1504 struct vm_area_struct *vma = vma_lookup(mm, haddr);
1505 struct folio *folio;
1506 pte_t *start_pte, *pte;
1507 pmd_t *pmd, pgt_pmd;
1508 spinlock_t *pml = NULL, *ptl;
1509 int nr_ptes = 0, result = SCAN_FAIL;
1510 int i;
1511
1512 mmap_assert_locked(mm);
1513
1514 /* First check VMA found, in case page tables are being torn down */
1515 if (!vma || !vma->vm_file ||
1516 !range_in_vma(vma, haddr, haddr + HPAGE_PMD_SIZE))
1517 return SCAN_VMA_CHECK;
1518
1519 /* Fast check before locking page if already PMD-mapped */
1520 result = find_pmd_or_thp_or_none(mm, haddr, &pmd);
1521 if (result == SCAN_PMD_MAPPED)
1522 return result;
1523
1524 /*
1525 * If we are here, we've succeeded in replacing all the native pages
1526 * in the page cache with a single hugepage. If a mm were to fault-in
1527 * this memory (mapped by a suitably aligned VMA), we'd get the hugepage
1528 * and map it by a PMD, regardless of sysfs THP settings. As such, let's
1529 * analogously elide sysfs THP settings here.
1530 */
1531 if (!thp_vma_allowable_order(vma, vma->vm_flags, 0, PMD_ORDER))
1532 return SCAN_VMA_CHECK;
1533
1534 /* Keep pmd pgtable for uffd-wp; see comment in retract_page_tables() */
1535 if (userfaultfd_wp(vma))
1536 return SCAN_PTE_UFFD_WP;
1537
1538 folio = filemap_lock_folio(vma->vm_file->f_mapping,
1539 linear_page_index(vma, haddr));
1540 if (IS_ERR(folio))
1541 return SCAN_PAGE_NULL;
1542
1543 if (folio_order(folio) != HPAGE_PMD_ORDER) {
1544 result = SCAN_PAGE_COMPOUND;
1545 goto drop_folio;
1546 }
1547
1548 result = find_pmd_or_thp_or_none(mm, haddr, &pmd);
1549 switch (result) {
1550 case SCAN_SUCCEED:
1551 break;
1552 case SCAN_PMD_NONE:
1553 /*
1554 * All pte entries have been removed and pmd cleared.
1555 * Skip all the pte checks and just update the pmd mapping.
1556 */
1557 goto maybe_install_pmd;
1558 default:
1559 goto drop_folio;
1560 }
1561
1562 result = SCAN_FAIL;
1563 start_pte = pte_offset_map_lock(mm, pmd, haddr, &ptl);
1564 if (!start_pte) /* mmap_lock + page lock should prevent this */
1565 goto drop_folio;
1566
1567 /* step 1: check all mapped PTEs are to the right huge page */
1568 for (i = 0, addr = haddr, pte = start_pte;
1569 i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1570 struct page *page;
1571 pte_t ptent = ptep_get(pte);
1572
1573 /* empty pte, skip */
1574 if (pte_none(ptent))
1575 continue;
1576
1577 /* page swapped out, abort */
1578 if (!pte_present(ptent)) {
1579 result = SCAN_PTE_NON_PRESENT;
1580 goto abort;
1581 }
1582
1583 page = vm_normal_page(vma, addr, ptent);
1584 if (WARN_ON_ONCE(page && is_zone_device_page(page)))
1585 page = NULL;
1586 /*
1587 * Note that uprobe, debugger, or MAP_PRIVATE may change the
1588 * page table, but the new page will not be a subpage of hpage.
1589 */
1590 if (folio_page(folio, i) != page)
1591 goto abort;
1592 }
1593
1594 pte_unmap_unlock(start_pte, ptl);
1595 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm,
1596 haddr, haddr + HPAGE_PMD_SIZE);
1597 mmu_notifier_invalidate_range_start(&range);
1598 notified = true;
1599
1600 /*
1601 * pmd_lock covers a wider range than ptl, and (if split from mm's
1602 * page_table_lock) ptl nests inside pml. The less time we hold pml,
1603 * the better; but userfaultfd's mfill_atomic_pte() on a private VMA
1604 * inserts a valid as-if-COWed PTE without even looking up page cache.
1605 * So page lock of folio does not protect from it, so we must not drop
1606 * ptl before pgt_pmd is removed, so uffd private needs pml taken now.
1607 */
1608 if (userfaultfd_armed(vma) && !(vma->vm_flags & VM_SHARED))
1609 pml = pmd_lock(mm, pmd);
1610
1611 start_pte = pte_offset_map_rw_nolock(mm, pmd, haddr, &pgt_pmd, &ptl);
1612 if (!start_pte) /* mmap_lock + page lock should prevent this */
1613 goto abort;
1614 if (!pml)
1615 spin_lock(ptl);
1616 else if (ptl != pml)
1617 spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
1618
1619 if (unlikely(!pmd_same(pgt_pmd, pmdp_get_lockless(pmd))))
1620 goto abort;
1621
1622 /* step 2: clear page table and adjust rmap */
1623 for (i = 0, addr = haddr, pte = start_pte;
1624 i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1625 struct page *page;
1626 pte_t ptent = ptep_get(pte);
1627
1628 if (pte_none(ptent))
1629 continue;
1630 /*
1631 * We dropped ptl after the first scan, to do the mmu_notifier:
1632 * page lock stops more PTEs of the folio being faulted in, but
1633 * does not stop write faults COWing anon copies from existing
1634 * PTEs; and does not stop those being swapped out or migrated.
1635 */
1636 if (!pte_present(ptent)) {
1637 result = SCAN_PTE_NON_PRESENT;
1638 goto abort;
1639 }
1640 page = vm_normal_page(vma, addr, ptent);
1641 if (folio_page(folio, i) != page)
1642 goto abort;
1643
1644 /*
1645 * Must clear entry, or a racing truncate may re-remove it.
1646 * TLB flush can be left until pmdp_collapse_flush() does it.
1647 * PTE dirty? Shmem page is already dirty; file is read-only.
1648 */
1649 ptep_clear(mm, addr, pte);
1650 folio_remove_rmap_pte(folio, page, vma);
1651 nr_ptes++;
1652 }
1653
1654 if (!pml)
1655 spin_unlock(ptl);
1656
1657 /* step 3: set proper refcount and mm_counters. */
1658 if (nr_ptes) {
1659 folio_ref_sub(folio, nr_ptes);
1660 add_mm_counter(mm, mm_counter_file(folio), -nr_ptes);
1661 }
1662
1663 /* step 4: remove empty page table */
1664 if (!pml) {
1665 pml = pmd_lock(mm, pmd);
1666 if (ptl != pml) {
1667 spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
1668 if (unlikely(!pmd_same(pgt_pmd, pmdp_get_lockless(pmd)))) {
1669 flush_tlb_mm(mm);
1670 goto unlock;
1671 }
1672 }
1673 }
1674 pgt_pmd = pmdp_collapse_flush(vma, haddr, pmd);
1675 pmdp_get_lockless_sync();
1676 pte_unmap_unlock(start_pte, ptl);
1677 if (ptl != pml)
1678 spin_unlock(pml);
1679
1680 mmu_notifier_invalidate_range_end(&range);
1681
1682 mm_dec_nr_ptes(mm);
1683 page_table_check_pte_clear_range(mm, haddr, pgt_pmd);
1684 pte_free_defer(mm, pmd_pgtable(pgt_pmd));
1685
1686 maybe_install_pmd:
1687 /* step 5: install pmd entry */
1688 result = install_pmd
1689 ? set_huge_pmd(vma, haddr, pmd, &folio->page)
1690 : SCAN_SUCCEED;
1691 goto drop_folio;
1692 abort:
1693 if (nr_ptes) {
1694 flush_tlb_mm(mm);
1695 folio_ref_sub(folio, nr_ptes);
1696 add_mm_counter(mm, mm_counter_file(folio), -nr_ptes);
1697 }
1698 unlock:
1699 if (start_pte)
1700 pte_unmap_unlock(start_pte, ptl);
1701 if (pml && pml != ptl)
1702 spin_unlock(pml);
1703 if (notified)
1704 mmu_notifier_invalidate_range_end(&range);
1705 drop_folio:
1706 folio_unlock(folio);
1707 folio_put(folio);
1708 return result;
1709 }
1710
1711 static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff)
1712 {
1713 struct vm_area_struct *vma;
1714
1715 i_mmap_lock_read(mapping);
1716 vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) {
1717 struct mmu_notifier_range range;
1718 struct mm_struct *mm;
1719 unsigned long addr;
1720 pmd_t *pmd, pgt_pmd;
1721 spinlock_t *pml;
1722 spinlock_t *ptl;
1723 bool skipped_uffd = false;
1724
1725 /*
1726 * Check vma->anon_vma to exclude MAP_PRIVATE mappings that
1727 * got written to. These VMAs are likely not worth removing
1728 * page tables from, as PMD-mapping is likely to be split later.
1729 */
1730 if (READ_ONCE(vma->anon_vma))
1731 continue;
1732
1733 addr = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
1734 if (addr & ~HPAGE_PMD_MASK ||
1735 vma->vm_end < addr + HPAGE_PMD_SIZE)
1736 continue;
1737
1738 mm = vma->vm_mm;
1739 if (find_pmd_or_thp_or_none(mm, addr, &pmd) != SCAN_SUCCEED)
1740 continue;
1741
1742 if (hpage_collapse_test_exit(mm))
1743 continue;
1744 /*
1745 * When a vma is registered with uffd-wp, we cannot recycle
1746 * the page table because there may be pte markers installed.
1747 * Other vmas can still have the same file mapped hugely, but
1748 * skip this one: it will always be mapped in small page size
1749 * for uffd-wp registered ranges.
1750 */
1751 if (userfaultfd_wp(vma))
1752 continue;
1753
1754 /* PTEs were notified when unmapped; but now for the PMD? */
1755 mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm,
1756 addr, addr + HPAGE_PMD_SIZE);
1757 mmu_notifier_invalidate_range_start(&range);
1758
1759 pml = pmd_lock(mm, pmd);
1760 ptl = pte_lockptr(mm, pmd);
1761 if (ptl != pml)
1762 spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
1763
1764 /*
1765 * Huge page lock is still held, so normally the page table
1766 * must remain empty; and we have already skipped anon_vma
1767 * and userfaultfd_wp() vmas. But since the mmap_lock is not
1768 * held, it is still possible for a racing userfaultfd_ioctl()
1769 * to have inserted ptes or markers. Now that we hold ptlock,
1770 * repeating the anon_vma check protects from one category,
1771 * and repeating the userfaultfd_wp() check from another.
1772 */
1773 if (unlikely(vma->anon_vma || userfaultfd_wp(vma))) {
1774 skipped_uffd = true;
1775 } else {
1776 pgt_pmd = pmdp_collapse_flush(vma, addr, pmd);
1777 pmdp_get_lockless_sync();
1778 }
1779
1780 if (ptl != pml)
1781 spin_unlock(ptl);
1782 spin_unlock(pml);
1783
1784 mmu_notifier_invalidate_range_end(&range);
1785
1786 if (!skipped_uffd) {
1787 mm_dec_nr_ptes(mm);
1788 page_table_check_pte_clear_range(mm, addr, pgt_pmd);
1789 pte_free_defer(mm, pmd_pgtable(pgt_pmd));
1790 }
1791 }
1792 i_mmap_unlock_read(mapping);
1793 }
1794
1795 /**
1796 * collapse_file - collapse filemap/tmpfs/shmem pages into huge one.
1797 *
1798 * @mm: process address space where collapse happens
1799 * @addr: virtual collapse start address
1800 * @file: file that collapse on
1801 * @start: collapse start address
1802 * @cc: collapse context and scratchpad
1803 *
1804 * Basic scheme is simple, details are more complex:
1805 * - allocate and lock a new huge page;
1806 * - scan page cache, locking old pages
1807 * + swap/gup in pages if necessary;
1808 * - copy data to new page
1809 * - handle shmem holes
1810 * + re-validate that holes weren't filled by someone else
1811 * + check for userfaultfd
1812 * - finalize updates to the page cache;
1813 * - if replacing succeeds:
1814 * + unlock huge page;
1815 * + free old pages;
1816 * - if replacing failed;
1817 * + unlock old pages
1818 * + unlock and free huge page;
1819 */
1820 static int collapse_file(struct mm_struct *mm, unsigned long addr,
1821 struct file *file, pgoff_t start,
1822 struct collapse_control *cc)
1823 {
1824 struct address_space *mapping = file->f_mapping;
1825 struct page *dst;
1826 struct folio *folio, *tmp, *new_folio;
1827 pgoff_t index = 0, end = start + HPAGE_PMD_NR;
1828 LIST_HEAD(pagelist);
1829 XA_STATE_ORDER(xas, &mapping->i_pages, start, HPAGE_PMD_ORDER);
1830 int nr_none = 0, result = SCAN_SUCCEED;
1831 bool is_shmem = shmem_file(file);
1832
1833 VM_BUG_ON(!IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && !is_shmem);
1834 VM_BUG_ON(start & (HPAGE_PMD_NR - 1));
1835
1836 result = alloc_charge_folio(&new_folio, mm, cc);
1837 if (result != SCAN_SUCCEED)
1838 goto out;
1839
1840 __folio_set_locked(new_folio);
1841 if (is_shmem)
1842 __folio_set_swapbacked(new_folio);
1843 new_folio->index = start;
1844 new_folio->mapping = mapping;
1845
1846 /*
1847 * Ensure we have slots for all the pages in the range. This is
1848 * almost certainly a no-op because most of the pages must be present
1849 */
1850 do {
1851 xas_lock_irq(&xas);
1852 xas_create_range(&xas);
1853 if (!xas_error(&xas))
1854 break;
1855 xas_unlock_irq(&xas);
1856 if (!xas_nomem(&xas, GFP_KERNEL)) {
1857 result = SCAN_FAIL;
1858 goto rollback;
1859 }
1860 } while (1);
1861
1862 for (index = start; index < end;) {
1863 xas_set(&xas, index);
1864 folio = xas_load(&xas);
1865
1866 VM_BUG_ON(index != xas.xa_index);
1867 if (is_shmem) {
1868 if (!folio) {
1869 /*
1870 * Stop if extent has been truncated or
1871 * hole-punched, and is now completely
1872 * empty.
1873 */
1874 if (index == start) {
1875 if (!xas_next_entry(&xas, end - 1)) {
1876 result = SCAN_TRUNCATED;
1877 goto xa_locked;
1878 }
1879 }
1880 nr_none++;
1881 index++;
1882 continue;
1883 }
1884
1885 if (xa_is_value(folio) || !folio_test_uptodate(folio)) {
1886 xas_unlock_irq(&xas);
1887 /* swap in or instantiate fallocated page */
1888 if (shmem_get_folio(mapping->host, index, 0,
1889 &folio, SGP_NOALLOC)) {
1890 result = SCAN_FAIL;
1891 goto xa_unlocked;
1892 }
1893 /* drain lru cache to help folio_isolate_lru() */
1894 lru_add_drain();
1895 } else if (folio_trylock(folio)) {
1896 folio_get(folio);
1897 xas_unlock_irq(&xas);
1898 } else {
1899 result = SCAN_PAGE_LOCK;
1900 goto xa_locked;
1901 }
1902 } else { /* !is_shmem */
1903 if (!folio || xa_is_value(folio)) {
1904 xas_unlock_irq(&xas);
1905 page_cache_sync_readahead(mapping, &file->f_ra,
1906 file, index,
1907 end - index);
1908 /* drain lru cache to help folio_isolate_lru() */
1909 lru_add_drain();
1910 folio = filemap_lock_folio(mapping, index);
1911 if (IS_ERR(folio)) {
1912 result = SCAN_FAIL;
1913 goto xa_unlocked;
1914 }
1915 } else if (folio_test_dirty(folio)) {
1916 /*
1917 * khugepaged only works on read-only fd,
1918 * so this page is dirty because it hasn't
1919 * been flushed since first write. There
1920 * won't be new dirty pages.
1921 *
1922 * Trigger async flush here and hope the
1923 * writeback is done when khugepaged
1924 * revisits this page.
1925 *
1926 * This is a one-off situation. We are not
1927 * forcing writeback in loop.
1928 */
1929 xas_unlock_irq(&xas);
1930 filemap_flush(mapping);
1931 result = SCAN_FAIL;
1932 goto xa_unlocked;
1933 } else if (folio_test_writeback(folio)) {
1934 xas_unlock_irq(&xas);
1935 result = SCAN_FAIL;
1936 goto xa_unlocked;
1937 } else if (folio_trylock(folio)) {
1938 folio_get(folio);
1939 xas_unlock_irq(&xas);
1940 } else {
1941 result = SCAN_PAGE_LOCK;
1942 goto xa_locked;
1943 }
1944 }
1945
1946 /*
1947 * The folio must be locked, so we can drop the i_pages lock
1948 * without racing with truncate.
1949 */
1950 VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio);
1951
1952 /* make sure the folio is up to date */
1953 if (unlikely(!folio_test_uptodate(folio))) {
1954 result = SCAN_FAIL;
1955 goto out_unlock;
1956 }
1957
1958 /*
1959 * If file was truncated then extended, or hole-punched, before
1960 * we locked the first folio, then a THP might be there already.
1961 * This will be discovered on the first iteration.
1962 */
1963 if (folio_order(folio) == HPAGE_PMD_ORDER &&
1964 folio->index == start) {
1965 /* Maybe PMD-mapped */
1966 result = SCAN_PTE_MAPPED_HUGEPAGE;
1967 goto out_unlock;
1968 }
1969
1970 if (folio_mapping(folio) != mapping) {
1971 result = SCAN_TRUNCATED;
1972 goto out_unlock;
1973 }
1974
1975 if (!is_shmem && (folio_test_dirty(folio) ||
1976 folio_test_writeback(folio))) {
1977 /*
1978 * khugepaged only works on read-only fd, so this
1979 * folio is dirty because it hasn't been flushed
1980 * since first write.
1981 */
1982 result = SCAN_FAIL;
1983 goto out_unlock;
1984 }
1985
1986 if (!folio_isolate_lru(folio)) {
1987 result = SCAN_DEL_PAGE_LRU;
1988 goto out_unlock;
1989 }
1990
1991 if (!filemap_release_folio(folio, GFP_KERNEL)) {
1992 result = SCAN_PAGE_HAS_PRIVATE;
1993 folio_putback_lru(folio);
1994 goto out_unlock;
1995 }
1996
1997 if (folio_mapped(folio))
1998 try_to_unmap(folio,
1999 TTU_IGNORE_MLOCK | TTU_BATCH_FLUSH);
2000
2001 xas_lock_irq(&xas);
2002
2003 VM_BUG_ON_FOLIO(folio != xa_load(xas.xa, index), folio);
2004
2005 /*
2006 * We control 2 + nr_pages references to the folio:
2007 * - we hold a pin on it;
2008 * - nr_pages reference from page cache;
2009 * - one from lru_isolate_folio;
2010 * If those are the only references, then any new usage
2011 * of the folio will have to fetch it from the page
2012 * cache. That requires locking the folio to handle
2013 * truncate, so any new usage will be blocked until we
2014 * unlock folio after collapse/during rollback.
2015 */
2016 if (folio_ref_count(folio) != 2 + folio_nr_pages(folio)) {
2017 result = SCAN_PAGE_COUNT;
2018 xas_unlock_irq(&xas);
2019 folio_putback_lru(folio);
2020 goto out_unlock;
2021 }
2022
2023 /*
2024 * Accumulate the folios that are being collapsed.
2025 */
2026 list_add_tail(&folio->lru, &pagelist);
2027 index += folio_nr_pages(folio);
2028 continue;
2029 out_unlock:
2030 folio_unlock(folio);
2031 folio_put(folio);
2032 goto xa_unlocked;
2033 }
2034
2035 if (!is_shmem) {
2036 filemap_nr_thps_inc(mapping);
2037 /*
2038 * Paired with the fence in do_dentry_open() -> get_write_access()
2039 * to ensure i_writecount is up to date and the update to nr_thps
2040 * is visible. Ensures the page cache will be truncated if the
2041 * file is opened writable.
2042 */
2043 smp_mb();
2044 if (inode_is_open_for_write(mapping->host)) {
2045 result = SCAN_FAIL;
2046 filemap_nr_thps_dec(mapping);
2047 }
2048 }
2049
2050 xa_locked:
2051 xas_unlock_irq(&xas);
2052 xa_unlocked:
2053
2054 /*
2055 * If collapse is successful, flush must be done now before copying.
2056 * If collapse is unsuccessful, does flush actually need to be done?
2057 * Do it anyway, to clear the state.
2058 */
2059 try_to_unmap_flush();
2060
2061 if (result == SCAN_SUCCEED && nr_none &&
2062 !shmem_charge(mapping->host, nr_none))
2063 result = SCAN_FAIL;
2064 if (result != SCAN_SUCCEED) {
2065 nr_none = 0;
2066 goto rollback;
2067 }
2068
2069 /*
2070 * The old folios are locked, so they won't change anymore.
2071 */
2072 index = start;
2073 dst = folio_page(new_folio, 0);
2074 list_for_each_entry(folio, &pagelist, lru) {
2075 int i, nr_pages = folio_nr_pages(folio);
2076
2077 while (index < folio->index) {
2078 clear_highpage(dst);
2079 index++;
2080 dst++;
2081 }
2082
2083 for (i = 0; i < nr_pages; i++) {
2084 if (copy_mc_highpage(dst, folio_page(folio, i)) > 0) {
2085 result = SCAN_COPY_MC;
2086 goto rollback;
2087 }
2088 index++;
2089 dst++;
2090 }
2091 }
2092 while (index < end) {
2093 clear_highpage(dst);
2094 index++;
2095 dst++;
2096 }
2097
2098 if (nr_none) {
2099 struct vm_area_struct *vma;
2100 int nr_none_check = 0;
2101
2102 i_mmap_lock_read(mapping);
2103 xas_lock_irq(&xas);
2104
2105 xas_set(&xas, start);
2106 for (index = start; index < end; index++) {
2107 if (!xas_next(&xas)) {
2108 xas_store(&xas, XA_RETRY_ENTRY);
2109 if (xas_error(&xas)) {
2110 result = SCAN_STORE_FAILED;
2111 goto immap_locked;
2112 }
2113 nr_none_check++;
2114 }
2115 }
2116
2117 if (nr_none != nr_none_check) {
2118 result = SCAN_PAGE_FILLED;
2119 goto immap_locked;
2120 }
2121
2122 /*
2123 * If userspace observed a missing page in a VMA with
2124 * a MODE_MISSING userfaultfd, then it might expect a
2125 * UFFD_EVENT_PAGEFAULT for that page. If so, we need to
2126 * roll back to avoid suppressing such an event. Since
2127 * wp/minor userfaultfds don't give userspace any
2128 * guarantees that the kernel doesn't fill a missing
2129 * page with a zero page, so they don't matter here.
2130 *
2131 * Any userfaultfds registered after this point will
2132 * not be able to observe any missing pages due to the
2133 * previously inserted retry entries.
2134 */
2135 vma_interval_tree_foreach(vma, &mapping->i_mmap, start, end) {
2136 if (userfaultfd_missing(vma)) {
2137 result = SCAN_EXCEED_NONE_PTE;
2138 goto immap_locked;
2139 }
2140 }
2141
2142 immap_locked:
2143 i_mmap_unlock_read(mapping);
2144 if (result != SCAN_SUCCEED) {
2145 xas_set(&xas, start);
2146 for (index = start; index < end; index++) {
2147 if (xas_next(&xas) == XA_RETRY_ENTRY)
2148 xas_store(&xas, NULL);
2149 }
2150
2151 xas_unlock_irq(&xas);
2152 goto rollback;
2153 }
2154 } else {
2155 xas_lock_irq(&xas);
2156 }
2157
2158 if (is_shmem)
2159 __lruvec_stat_mod_folio(new_folio, NR_SHMEM_THPS, HPAGE_PMD_NR);
2160 else
2161 __lruvec_stat_mod_folio(new_folio, NR_FILE_THPS, HPAGE_PMD_NR);
2162
2163 if (nr_none) {
2164 __lruvec_stat_mod_folio(new_folio, NR_FILE_PAGES, nr_none);
2165 /* nr_none is always 0 for non-shmem. */
2166 __lruvec_stat_mod_folio(new_folio, NR_SHMEM, nr_none);
2167 }
2168
2169 /*
2170 * Mark new_folio as uptodate before inserting it into the
2171 * page cache so that it isn't mistaken for an fallocated but
2172 * unwritten page.
2173 */
2174 folio_mark_uptodate(new_folio);
2175 folio_ref_add(new_folio, HPAGE_PMD_NR - 1);
2176
2177 if (is_shmem)
2178 folio_mark_dirty(new_folio);
2179 folio_add_lru(new_folio);
2180
2181 /* Join all the small entries into a single multi-index entry. */
2182 xas_set_order(&xas, start, HPAGE_PMD_ORDER);
2183 xas_store(&xas, new_folio);
2184 WARN_ON_ONCE(xas_error(&xas));
2185 xas_unlock_irq(&xas);
2186
2187 /*
2188 * Remove pte page tables, so we can re-fault the page as huge.
2189 * If MADV_COLLAPSE, adjust result to call collapse_pte_mapped_thp().
2190 */
2191 retract_page_tables(mapping, start);
2192 if (cc && !cc->is_khugepaged)
2193 result = SCAN_PTE_MAPPED_HUGEPAGE;
2194 folio_unlock(new_folio);
2195
2196 /*
2197 * The collapse has succeeded, so free the old folios.
2198 */
2199 list_for_each_entry_safe(folio, tmp, &pagelist, lru) {
2200 list_del(&folio->lru);
2201 folio->mapping = NULL;
2202 folio_clear_active(folio);
2203 folio_clear_unevictable(folio);
2204 folio_unlock(folio);
2205 folio_put_refs(folio, 2 + folio_nr_pages(folio));
2206 }
2207
2208 goto out;
2209
2210 rollback:
2211 /* Something went wrong: roll back page cache changes */
2212 if (nr_none) {
2213 xas_lock_irq(&xas);
2214 mapping->nrpages -= nr_none;
2215 xas_unlock_irq(&xas);
2216 shmem_uncharge(mapping->host, nr_none);
2217 }
2218
2219 list_for_each_entry_safe(folio, tmp, &pagelist, lru) {
2220 list_del(&folio->lru);
2221 folio_unlock(folio);
2222 folio_putback_lru(folio);
2223 folio_put(folio);
2224 }
2225 /*
2226 * Undo the updates of filemap_nr_thps_inc for non-SHMEM
2227 * file only. This undo is not needed unless failure is
2228 * due to SCAN_COPY_MC.
2229 */
2230 if (!is_shmem && result == SCAN_COPY_MC) {
2231 filemap_nr_thps_dec(mapping);
2232 /*
2233 * Paired with the fence in do_dentry_open() -> get_write_access()
2234 * to ensure the update to nr_thps is visible.
2235 */
2236 smp_mb();
2237 }
2238
2239 new_folio->mapping = NULL;
2240
2241 folio_unlock(new_folio);
2242 folio_put(new_folio);
2243 out:
2244 VM_BUG_ON(!list_empty(&pagelist));
2245 trace_mm_khugepaged_collapse_file(mm, new_folio, index, addr, is_shmem, file, HPAGE_PMD_NR, result);
2246 return result;
2247 }
2248
2249 static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr,
2250 struct file *file, pgoff_t start,
2251 struct collapse_control *cc)
2252 {
2253 struct folio *folio = NULL;
2254 struct address_space *mapping = file->f_mapping;
2255 XA_STATE(xas, &mapping->i_pages, start);
2256 int present, swap;
2257 int node = NUMA_NO_NODE;
2258 int result = SCAN_SUCCEED;
2259
2260 present = 0;
2261 swap = 0;
2262 memset(cc->node_load, 0, sizeof(cc->node_load));
2263 nodes_clear(cc->alloc_nmask);
2264 rcu_read_lock();
2265 xas_for_each(&xas, folio, start + HPAGE_PMD_NR - 1) {
2266 if (xas_retry(&xas, folio))
2267 continue;
2268
2269 if (xa_is_value(folio)) {
2270 swap += 1 << xas_get_order(&xas);
2271 if (cc->is_khugepaged &&
2272 swap > khugepaged_max_ptes_swap) {
2273 result = SCAN_EXCEED_SWAP_PTE;
2274 count_vm_event(THP_SCAN_EXCEED_SWAP_PTE);
2275 break;
2276 }
2277 continue;
2278 }
2279
2280 if (folio_order(folio) == HPAGE_PMD_ORDER &&
2281 folio->index == start) {
2282 /* Maybe PMD-mapped */
2283 result = SCAN_PTE_MAPPED_HUGEPAGE;
2284 /*
2285 * For SCAN_PTE_MAPPED_HUGEPAGE, further processing
2286 * by the caller won't touch the page cache, and so
2287 * it's safe to skip LRU and refcount checks before
2288 * returning.
2289 */
2290 break;
2291 }
2292
2293 node = folio_nid(folio);
2294 if (hpage_collapse_scan_abort(node, cc)) {
2295 result = SCAN_SCAN_ABORT;
2296 break;
2297 }
2298 cc->node_load[node]++;
2299
2300 if (!folio_test_lru(folio)) {
2301 result = SCAN_PAGE_LRU;
2302 break;
2303 }
2304
2305 if (!is_refcount_suitable(folio)) {
2306 result = SCAN_PAGE_COUNT;
2307 break;
2308 }
2309
2310 /*
2311 * We probably should check if the folio is referenced
2312 * here, but nobody would transfer pte_young() to
2313 * folio_test_referenced() for us. And rmap walk here
2314 * is just too costly...
2315 */
2316
2317 present += folio_nr_pages(folio);
2318
2319 if (need_resched()) {
2320 xas_pause(&xas);
2321 cond_resched_rcu();
2322 }
2323 }
2324 rcu_read_unlock();
2325
2326 if (result == SCAN_SUCCEED) {
2327 if (cc->is_khugepaged &&
2328 present < HPAGE_PMD_NR - khugepaged_max_ptes_none) {
2329 result = SCAN_EXCEED_NONE_PTE;
2330 count_vm_event(THP_SCAN_EXCEED_NONE_PTE);
2331 } else {
2332 result = collapse_file(mm, addr, file, start, cc);
2333 }
2334 }
2335
2336 trace_mm_khugepaged_scan_file(mm, folio, file, present, swap, result);
2337 return result;
2338 }
2339 #else
2340 static int hpage_collapse_scan_file(struct mm_struct *mm, unsigned long addr,
2341 struct file *file, pgoff_t start,
2342 struct collapse_control *cc)
2343 {
2344 BUILD_BUG();
2345 }
2346 #endif
2347
2348 static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result,
2349 struct collapse_control *cc)
2350 __releases(&khugepaged_mm_lock)
2351 __acquires(&khugepaged_mm_lock)
2352 {
2353 struct vma_iterator vmi;
2354 struct khugepaged_mm_slot *mm_slot;
2355 struct mm_slot *slot;
2356 struct mm_struct *mm;
2357 struct vm_area_struct *vma;
2358 int progress = 0;
2359
2360 VM_BUG_ON(!pages);
2361 lockdep_assert_held(&khugepaged_mm_lock);
2362 *result = SCAN_FAIL;
2363
2364 if (khugepaged_scan.mm_slot) {
2365 mm_slot = khugepaged_scan.mm_slot;
2366 slot = &mm_slot->slot;
2367 } else {
2368 slot = list_entry(khugepaged_scan.mm_head.next,
2369 struct mm_slot, mm_node);
2370 mm_slot = mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
2371 khugepaged_scan.address = 0;
2372 khugepaged_scan.mm_slot = mm_slot;
2373 }
2374 spin_unlock(&khugepaged_mm_lock);
2375
2376 mm = slot->mm;
2377 /*
2378 * Don't wait for semaphore (to avoid long wait times). Just move to
2379 * the next mm on the list.
2380 */
2381 vma = NULL;
2382 if (unlikely(!mmap_read_trylock(mm)))
2383 goto breakouterloop_mmap_lock;
2384
2385 progress++;
2386 if (unlikely(hpage_collapse_test_exit_or_disable(mm)))
2387 goto breakouterloop;
2388
2389 vma_iter_init(&vmi, mm, khugepaged_scan.address);
2390 for_each_vma(vmi, vma) {
2391 unsigned long hstart, hend;
2392
2393 cond_resched();
2394 if (unlikely(hpage_collapse_test_exit_or_disable(mm))) {
2395 progress++;
2396 break;
2397 }
2398 if (!thp_vma_allowable_order(vma, vma->vm_flags,
2399 TVA_ENFORCE_SYSFS, PMD_ORDER)) {
2400 skip:
2401 progress++;
2402 continue;
2403 }
2404 hstart = round_up(vma->vm_start, HPAGE_PMD_SIZE);
2405 hend = round_down(vma->vm_end, HPAGE_PMD_SIZE);
2406 if (khugepaged_scan.address > hend)
2407 goto skip;
2408 if (khugepaged_scan.address < hstart)
2409 khugepaged_scan.address = hstart;
2410 VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2411
2412 while (khugepaged_scan.address < hend) {
2413 bool mmap_locked = true;
2414
2415 cond_resched();
2416 if (unlikely(hpage_collapse_test_exit_or_disable(mm)))
2417 goto breakouterloop;
2418
2419 VM_BUG_ON(khugepaged_scan.address < hstart ||
2420 khugepaged_scan.address + HPAGE_PMD_SIZE >
2421 hend);
2422 if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
2423 struct file *file = get_file(vma->vm_file);
2424 pgoff_t pgoff = linear_page_index(vma,
2425 khugepaged_scan.address);
2426
2427 mmap_read_unlock(mm);
2428 mmap_locked = false;
2429 *result = hpage_collapse_scan_file(mm,
2430 khugepaged_scan.address, file, pgoff, cc);
2431 fput(file);
2432 if (*result == SCAN_PTE_MAPPED_HUGEPAGE) {
2433 mmap_read_lock(mm);
2434 if (hpage_collapse_test_exit_or_disable(mm))
2435 goto breakouterloop;
2436 *result = collapse_pte_mapped_thp(mm,
2437 khugepaged_scan.address, false);
2438 if (*result == SCAN_PMD_MAPPED)
2439 *result = SCAN_SUCCEED;
2440 mmap_read_unlock(mm);
2441 }
2442 } else {
2443 *result = hpage_collapse_scan_pmd(mm, vma,
2444 khugepaged_scan.address, &mmap_locked, cc);
2445 }
2446
2447 if (*result == SCAN_SUCCEED)
2448 ++khugepaged_pages_collapsed;
2449
2450 /* move to next address */
2451 khugepaged_scan.address += HPAGE_PMD_SIZE;
2452 progress += HPAGE_PMD_NR;
2453 if (!mmap_locked)
2454 /*
2455 * We released mmap_lock so break loop. Note
2456 * that we drop mmap_lock before all hugepage
2457 * allocations, so if allocation fails, we are
2458 * guaranteed to break here and report the
2459 * correct result back to caller.
2460 */
2461 goto breakouterloop_mmap_lock;
2462 if (progress >= pages)
2463 goto breakouterloop;
2464 }
2465 }
2466 breakouterloop:
2467 mmap_read_unlock(mm); /* exit_mmap will destroy ptes after this */
2468 breakouterloop_mmap_lock:
2469
2470 spin_lock(&khugepaged_mm_lock);
2471 VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
2472 /*
2473 * Release the current mm_slot if this mm is about to die, or
2474 * if we scanned all vmas of this mm.
2475 */
2476 if (hpage_collapse_test_exit(mm) || !vma) {
2477 /*
2478 * Make sure that if mm_users is reaching zero while
2479 * khugepaged runs here, khugepaged_exit will find
2480 * mm_slot not pointing to the exiting mm.
2481 */
2482 if (slot->mm_node.next != &khugepaged_scan.mm_head) {
2483 slot = list_entry(slot->mm_node.next,
2484 struct mm_slot, mm_node);
2485 khugepaged_scan.mm_slot =
2486 mm_slot_entry(slot, struct khugepaged_mm_slot, slot);
2487 khugepaged_scan.address = 0;
2488 } else {
2489 khugepaged_scan.mm_slot = NULL;
2490 khugepaged_full_scans++;
2491 }
2492
2493 collect_mm_slot(mm_slot);
2494 }
2495
2496 return progress;
2497 }
2498
2499 static int khugepaged_has_work(void)
2500 {
2501 return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled();
2502 }
2503
2504 static int khugepaged_wait_event(void)
2505 {
2506 return !list_empty(&khugepaged_scan.mm_head) ||
2507 kthread_should_stop();
2508 }
2509
2510 static void khugepaged_do_scan(struct collapse_control *cc)
2511 {
2512 unsigned int progress = 0, pass_through_head = 0;
2513 unsigned int pages = READ_ONCE(khugepaged_pages_to_scan);
2514 bool wait = true;
2515 int result = SCAN_SUCCEED;
2516
2517 lru_add_drain_all();
2518
2519 while (true) {
2520 cond_resched();
2521
2522 if (unlikely(kthread_should_stop()))
2523 break;
2524
2525 spin_lock(&khugepaged_mm_lock);
2526 if (!khugepaged_scan.mm_slot)
2527 pass_through_head++;
2528 if (khugepaged_has_work() &&
2529 pass_through_head < 2)
2530 progress += khugepaged_scan_mm_slot(pages - progress,
2531 &result, cc);
2532 else
2533 progress = pages;
2534 spin_unlock(&khugepaged_mm_lock);
2535
2536 if (progress >= pages)
2537 break;
2538
2539 if (result == SCAN_ALLOC_HUGE_PAGE_FAIL) {
2540 /*
2541 * If fail to allocate the first time, try to sleep for
2542 * a while. When hit again, cancel the scan.
2543 */
2544 if (!wait)
2545 break;
2546 wait = false;
2547 khugepaged_alloc_sleep();
2548 }
2549 }
2550 }
2551
2552 static bool khugepaged_should_wakeup(void)
2553 {
2554 return kthread_should_stop() ||
2555 time_after_eq(jiffies, khugepaged_sleep_expire);
2556 }
2557
2558 static void khugepaged_wait_work(void)
2559 {
2560 if (khugepaged_has_work()) {
2561 const unsigned long scan_sleep_jiffies =
2562 msecs_to_jiffies(khugepaged_scan_sleep_millisecs);
2563
2564 if (!scan_sleep_jiffies)
2565 return;
2566
2567 khugepaged_sleep_expire = jiffies + scan_sleep_jiffies;
2568 wait_event_freezable_timeout(khugepaged_wait,
2569 khugepaged_should_wakeup(),
2570 scan_sleep_jiffies);
2571 return;
2572 }
2573
2574 if (hugepage_pmd_enabled())
2575 wait_event_freezable(khugepaged_wait, khugepaged_wait_event());
2576 }
2577
2578 static int khugepaged(void *none)
2579 {
2580 struct khugepaged_mm_slot *mm_slot;
2581
2582 set_freezable();
2583 set_user_nice(current, MAX_NICE);
2584
2585 while (!kthread_should_stop()) {
2586 khugepaged_do_scan(&khugepaged_collapse_control);
2587 khugepaged_wait_work();
2588 }
2589
2590 spin_lock(&khugepaged_mm_lock);
2591 mm_slot = khugepaged_scan.mm_slot;
2592 khugepaged_scan.mm_slot = NULL;
2593 if (mm_slot)
2594 collect_mm_slot(mm_slot);
2595 spin_unlock(&khugepaged_mm_lock);
2596 return 0;
2597 }
2598
2599 static void set_recommended_min_free_kbytes(void)
2600 {
2601 struct zone *zone;
2602 int nr_zones = 0;
2603 unsigned long recommended_min;
2604
2605 if (!hugepage_pmd_enabled()) {
2606 calculate_min_free_kbytes();
2607 goto update_wmarks;
2608 }
2609
2610 for_each_populated_zone(zone) {
2611 /*
2612 * We don't need to worry about fragmentation of
2613 * ZONE_MOVABLE since it only has movable pages.
2614 */
2615 if (zone_idx(zone) > gfp_zone(GFP_USER))
2616 continue;
2617
2618 nr_zones++;
2619 }
2620
2621 /* Ensure 2 pageblocks are free to assist fragmentation avoidance */
2622 recommended_min = pageblock_nr_pages * nr_zones * 2;
2623
2624 /*
2625 * Make sure that on average at least two pageblocks are almost free
2626 * of another type, one for a migratetype to fall back to and a
2627 * second to avoid subsequent fallbacks of other types There are 3
2628 * MIGRATE_TYPES we care about.
2629 */
2630 recommended_min += pageblock_nr_pages * nr_zones *
2631 MIGRATE_PCPTYPES * MIGRATE_PCPTYPES;
2632
2633 /* don't ever allow to reserve more than 5% of the lowmem */
2634 recommended_min = min(recommended_min,
2635 (unsigned long) nr_free_buffer_pages() / 20);
2636 recommended_min <<= (PAGE_SHIFT-10);
2637
2638 if (recommended_min > min_free_kbytes) {
2639 if (user_min_free_kbytes >= 0)
2640 pr_info("raising min_free_kbytes from %d to %lu to help transparent hugepage allocations\n",
2641 min_free_kbytes, recommended_min);
2642
2643 min_free_kbytes = recommended_min;
2644 }
2645
2646 update_wmarks:
2647 setup_per_zone_wmarks();
2648 }
2649
2650 int start_stop_khugepaged(void)
2651 {
2652 int err = 0;
2653
2654 mutex_lock(&khugepaged_mutex);
2655 if (hugepage_pmd_enabled()) {
2656 if (!khugepaged_thread)
2657 khugepaged_thread = kthread_run(khugepaged, NULL,
2658 "khugepaged");
2659 if (IS_ERR(khugepaged_thread)) {
2660 pr_err("khugepaged: kthread_run(khugepaged) failed\n");
2661 err = PTR_ERR(khugepaged_thread);
2662 khugepaged_thread = NULL;
2663 goto fail;
2664 }
2665
2666 if (!list_empty(&khugepaged_scan.mm_head))
2667 wake_up_interruptible(&khugepaged_wait);
2668 } else if (khugepaged_thread) {
2669 kthread_stop(khugepaged_thread);
2670 khugepaged_thread = NULL;
2671 }
2672 set_recommended_min_free_kbytes();
2673 fail:
2674 mutex_unlock(&khugepaged_mutex);
2675 return err;
2676 }
2677
2678 void khugepaged_min_free_kbytes_update(void)
2679 {
2680 mutex_lock(&khugepaged_mutex);
2681 if (hugepage_pmd_enabled() && khugepaged_thread)
2682 set_recommended_min_free_kbytes();
2683 mutex_unlock(&khugepaged_mutex);
2684 }
2685
2686 bool current_is_khugepaged(void)
2687 {
2688 return kthread_func(current) == khugepaged;
2689 }
2690
2691 static int madvise_collapse_errno(enum scan_result r)
2692 {
2693 /*
2694 * MADV_COLLAPSE breaks from existing madvise(2) conventions to provide
2695 * actionable feedback to caller, so they may take an appropriate
2696 * fallback measure depending on the nature of the failure.
2697 */
2698 switch (r) {
2699 case SCAN_ALLOC_HUGE_PAGE_FAIL:
2700 return -ENOMEM;
2701 case SCAN_CGROUP_CHARGE_FAIL:
2702 case SCAN_EXCEED_NONE_PTE:
2703 return -EBUSY;
2704 /* Resource temporary unavailable - trying again might succeed */
2705 case SCAN_PAGE_COUNT:
2706 case SCAN_PAGE_LOCK:
2707 case SCAN_PAGE_LRU:
2708 case SCAN_DEL_PAGE_LRU:
2709 case SCAN_PAGE_FILLED:
2710 return -EAGAIN;
2711 /*
2712 * Other: Trying again likely not to succeed / error intrinsic to
2713 * specified memory range. khugepaged likely won't be able to collapse
2714 * either.
2715 */
2716 default:
2717 return -EINVAL;
2718 }
2719 }
2720
2721 int madvise_collapse(struct vm_area_struct *vma, struct vm_area_struct **prev,
2722 unsigned long start, unsigned long end)
2723 {
2724 struct collapse_control *cc;
2725 struct mm_struct *mm = vma->vm_mm;
2726 unsigned long hstart, hend, addr;
2727 int thps = 0, last_fail = SCAN_FAIL;
2728 bool mmap_locked = true;
2729
2730 BUG_ON(vma->vm_start > start);
2731 BUG_ON(vma->vm_end < end);
2732
2733 *prev = vma;
2734
2735 if (!thp_vma_allowable_order(vma, vma->vm_flags, 0, PMD_ORDER))
2736 return -EINVAL;
2737
2738 cc = kmalloc(sizeof(*cc), GFP_KERNEL);
2739 if (!cc)
2740 return -ENOMEM;
2741 cc->is_khugepaged = false;
2742
2743 mmgrab(mm);
2744 lru_add_drain_all();
2745
2746 hstart = (start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
2747 hend = end & HPAGE_PMD_MASK;
2748
2749 for (addr = hstart; addr < hend; addr += HPAGE_PMD_SIZE) {
2750 int result = SCAN_FAIL;
2751
2752 if (!mmap_locked) {
2753 cond_resched();
2754 mmap_read_lock(mm);
2755 mmap_locked = true;
2756 result = hugepage_vma_revalidate(mm, addr, false, &vma,
2757 cc);
2758 if (result != SCAN_SUCCEED) {
2759 last_fail = result;
2760 goto out_nolock;
2761 }
2762
2763 hend = min(hend, vma->vm_end & HPAGE_PMD_MASK);
2764 }
2765 mmap_assert_locked(mm);
2766 memset(cc->node_load, 0, sizeof(cc->node_load));
2767 nodes_clear(cc->alloc_nmask);
2768 if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
2769 struct file *file = get_file(vma->vm_file);
2770 pgoff_t pgoff = linear_page_index(vma, addr);
2771
2772 mmap_read_unlock(mm);
2773 mmap_locked = false;
2774 result = hpage_collapse_scan_file(mm, addr, file, pgoff,
2775 cc);
2776 fput(file);
2777 } else {
2778 result = hpage_collapse_scan_pmd(mm, vma, addr,
2779 &mmap_locked, cc);
2780 }
2781 if (!mmap_locked)
2782 *prev = NULL; /* Tell caller we dropped mmap_lock */
2783
2784 handle_result:
2785 switch (result) {
2786 case SCAN_SUCCEED:
2787 case SCAN_PMD_MAPPED:
2788 ++thps;
2789 break;
2790 case SCAN_PTE_MAPPED_HUGEPAGE:
2791 BUG_ON(mmap_locked);
2792 BUG_ON(*prev);
2793 mmap_read_lock(mm);
2794 result = collapse_pte_mapped_thp(mm, addr, true);
2795 mmap_read_unlock(mm);
2796 goto handle_result;
2797 /* Whitelisted set of results where continuing OK */
2798 case SCAN_PMD_NULL:
2799 case SCAN_PTE_NON_PRESENT:
2800 case SCAN_PTE_UFFD_WP:
2801 case SCAN_PAGE_RO:
2802 case SCAN_LACK_REFERENCED_PAGE:
2803 case SCAN_PAGE_NULL:
2804 case SCAN_PAGE_COUNT:
2805 case SCAN_PAGE_LOCK:
2806 case SCAN_PAGE_COMPOUND:
2807 case SCAN_PAGE_LRU:
2808 case SCAN_DEL_PAGE_LRU:
2809 last_fail = result;
2810 break;
2811 default:
2812 last_fail = result;
2813 /* Other error, exit */
2814 goto out_maybelock;
2815 }
2816 }
2817
2818 out_maybelock:
2819 /* Caller expects us to hold mmap_lock on return */
2820 if (!mmap_locked)
2821 mmap_read_lock(mm);
2822 out_nolock:
2823 mmap_assert_locked(mm);
2824 mmdrop(mm);
2825 kfree(cc);
2826
2827 return thps == ((hend - hstart) >> HPAGE_PMD_SHIFT) ? 0
2828 : madvise_collapse_errno(last_fail);
2829 }
Kernel DRM miscellaneous fixes and cross-tree changes