mic: vop: Fix use-after-free on remove
[linux/fpc-iii.git] / drivers / xen / balloon.c
blobceb5048de9a7eb8f2e861380964ebf3c15f8a23a
1 /******************************************************************************
2 * Xen balloon driver - enables returning/claiming memory to/from Xen.
4 * Copyright (c) 2003, B Dragovic
5 * Copyright (c) 2003-2004, M Williamson, K Fraser
6 * Copyright (c) 2005 Dan M. Smith, IBM Corporation
7 * Copyright (c) 2010 Daniel Kiper
9 * Memory hotplug support was written by Daniel Kiper. Work on
10 * it was sponsored by Google under Google Summer of Code 2010
11 * program. Jeremy Fitzhardinge from Citrix was the mentor for
12 * this project.
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License version 2
16 * as published by the Free Software Foundation; or, when distributed
17 * separately from the Linux kernel or incorporated into other
18 * software packages, subject to the following license:
20 * Permission is hereby granted, free of charge, to any person obtaining a copy
21 * of this source file (the "Software"), to deal in the Software without
22 * restriction, including without limitation the rights to use, copy, modify,
23 * merge, publish, distribute, sublicense, and/or sell copies of the Software,
24 * and to permit persons to whom the Software is furnished to do so, subject to
25 * the following conditions:
27 * The above copyright notice and this permission notice shall be included in
28 * all copies or substantial portions of the Software.
30 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
31 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
32 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
33 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
34 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
35 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
36 * IN THE SOFTWARE.
39 #define pr_fmt(fmt) "xen:" KBUILD_MODNAME ": " fmt
41 #include <linux/cpu.h>
42 #include <linux/kernel.h>
43 #include <linux/sched.h>
44 #include <linux/cred.h>
45 #include <linux/errno.h>
46 #include <linux/mm.h>
47 #include <linux/memblock.h>
48 #include <linux/pagemap.h>
49 #include <linux/highmem.h>
50 #include <linux/mutex.h>
51 #include <linux/list.h>
52 #include <linux/gfp.h>
53 #include <linux/notifier.h>
54 #include <linux/memory.h>
55 #include <linux/memory_hotplug.h>
56 #include <linux/percpu-defs.h>
57 #include <linux/slab.h>
58 #include <linux/sysctl.h>
60 #include <asm/page.h>
61 #include <asm/pgalloc.h>
62 #include <asm/pgtable.h>
63 #include <asm/tlb.h>
65 #include <asm/xen/hypervisor.h>
66 #include <asm/xen/hypercall.h>
68 #include <xen/xen.h>
69 #include <xen/interface/xen.h>
70 #include <xen/interface/memory.h>
71 #include <xen/balloon.h>
72 #include <xen/features.h>
73 #include <xen/page.h>
74 #include <xen/mem-reservation.h>
76 static int xen_hotplug_unpopulated;
78 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
80 static int zero;
81 static int one = 1;
83 static struct ctl_table balloon_table[] = {
85 .procname = "hotplug_unpopulated",
86 .data = &xen_hotplug_unpopulated,
87 .maxlen = sizeof(int),
88 .mode = 0644,
89 .proc_handler = proc_dointvec_minmax,
90 .extra1 = &zero,
91 .extra2 = &one,
93 { }
96 static struct ctl_table balloon_root[] = {
98 .procname = "balloon",
99 .mode = 0555,
100 .child = balloon_table,
105 static struct ctl_table xen_root[] = {
107 .procname = "xen",
108 .mode = 0555,
109 .child = balloon_root,
114 #endif
117 * Use one extent per PAGE_SIZE to avoid to break down the page into
118 * multiple frame.
120 #define EXTENT_ORDER (fls(XEN_PFN_PER_PAGE) - 1)
123 * balloon_process() state:
125 * BP_DONE: done or nothing to do,
126 * BP_WAIT: wait to be rescheduled,
127 * BP_EAGAIN: error, go to sleep,
128 * BP_ECANCELED: error, balloon operation canceled.
131 enum bp_state {
132 BP_DONE,
133 BP_WAIT,
134 BP_EAGAIN,
135 BP_ECANCELED
139 static DEFINE_MUTEX(balloon_mutex);
141 struct balloon_stats balloon_stats;
142 EXPORT_SYMBOL_GPL(balloon_stats);
144 /* We increase/decrease in batches which fit in a page */
145 static xen_pfn_t frame_list[PAGE_SIZE / sizeof(xen_pfn_t)];
148 /* List of ballooned pages, threaded through the mem_map array. */
149 static LIST_HEAD(ballooned_pages);
150 static DECLARE_WAIT_QUEUE_HEAD(balloon_wq);
152 /* Main work function, always executed in process context. */
153 static void balloon_process(struct work_struct *work);
154 static DECLARE_DELAYED_WORK(balloon_worker, balloon_process);
156 /* When ballooning out (allocating memory to return to Xen) we don't really
157 want the kernel to try too hard since that can trigger the oom killer. */
158 #define GFP_BALLOON \
159 (GFP_HIGHUSER | __GFP_NOWARN | __GFP_NORETRY | __GFP_NOMEMALLOC)
161 /* balloon_append: add the given page to the balloon. */
162 static void __balloon_append(struct page *page)
164 /* Lowmem is re-populated first, so highmem pages go at list tail. */
165 if (PageHighMem(page)) {
166 list_add_tail(&page->lru, &ballooned_pages);
167 balloon_stats.balloon_high++;
168 } else {
169 list_add(&page->lru, &ballooned_pages);
170 balloon_stats.balloon_low++;
172 wake_up(&balloon_wq);
175 static void balloon_append(struct page *page)
177 __balloon_append(page);
180 /* balloon_retrieve: rescue a page from the balloon, if it is not empty. */
181 static struct page *balloon_retrieve(bool require_lowmem)
183 struct page *page;
185 if (list_empty(&ballooned_pages))
186 return NULL;
188 page = list_entry(ballooned_pages.next, struct page, lru);
189 if (require_lowmem && PageHighMem(page))
190 return NULL;
191 list_del(&page->lru);
193 if (PageHighMem(page))
194 balloon_stats.balloon_high--;
195 else
196 balloon_stats.balloon_low--;
198 return page;
201 static struct page *balloon_next_page(struct page *page)
203 struct list_head *next = page->lru.next;
204 if (next == &ballooned_pages)
205 return NULL;
206 return list_entry(next, struct page, lru);
209 static enum bp_state update_schedule(enum bp_state state)
211 if (state == BP_WAIT)
212 return BP_WAIT;
214 if (state == BP_ECANCELED)
215 return BP_ECANCELED;
217 if (state == BP_DONE) {
218 balloon_stats.schedule_delay = 1;
219 balloon_stats.retry_count = 1;
220 return BP_DONE;
223 ++balloon_stats.retry_count;
225 if (balloon_stats.max_retry_count != RETRY_UNLIMITED &&
226 balloon_stats.retry_count > balloon_stats.max_retry_count) {
227 balloon_stats.schedule_delay = 1;
228 balloon_stats.retry_count = 1;
229 return BP_ECANCELED;
232 balloon_stats.schedule_delay <<= 1;
234 if (balloon_stats.schedule_delay > balloon_stats.max_schedule_delay)
235 balloon_stats.schedule_delay = balloon_stats.max_schedule_delay;
237 return BP_EAGAIN;
240 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
241 static void release_memory_resource(struct resource *resource)
243 if (!resource)
244 return;
247 * No need to reset region to identity mapped since we now
248 * know that no I/O can be in this region
250 release_resource(resource);
251 kfree(resource);
254 static struct resource *additional_memory_resource(phys_addr_t size)
256 struct resource *res;
257 int ret;
259 res = kzalloc(sizeof(*res), GFP_KERNEL);
260 if (!res)
261 return NULL;
263 res->name = "System RAM";
264 res->flags = IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY;
266 ret = allocate_resource(&iomem_resource, res,
267 size, 0, -1,
268 PAGES_PER_SECTION * PAGE_SIZE, NULL, NULL);
269 if (ret < 0) {
270 pr_err("Cannot allocate new System RAM resource\n");
271 kfree(res);
272 return NULL;
275 #ifdef CONFIG_SPARSEMEM
277 unsigned long limit = 1UL << (MAX_PHYSMEM_BITS - PAGE_SHIFT);
278 unsigned long pfn = res->start >> PAGE_SHIFT;
280 if (pfn > limit) {
281 pr_err("New System RAM resource outside addressable RAM (%lu > %lu)\n",
282 pfn, limit);
283 release_memory_resource(res);
284 return NULL;
287 #endif
289 return res;
292 static enum bp_state reserve_additional_memory(void)
294 long credit;
295 struct resource *resource;
296 int nid, rc;
297 unsigned long balloon_hotplug;
299 credit = balloon_stats.target_pages + balloon_stats.target_unpopulated
300 - balloon_stats.total_pages;
303 * Already hotplugged enough pages? Wait for them to be
304 * onlined.
306 if (credit <= 0)
307 return BP_WAIT;
309 balloon_hotplug = round_up(credit, PAGES_PER_SECTION);
311 resource = additional_memory_resource(balloon_hotplug * PAGE_SIZE);
312 if (!resource)
313 goto err;
315 nid = memory_add_physaddr_to_nid(resource->start);
317 #ifdef CONFIG_XEN_HAVE_PVMMU
319 * We don't support PV MMU when Linux and Xen is using
320 * different page granularity.
322 BUILD_BUG_ON(XEN_PAGE_SIZE != PAGE_SIZE);
325 * add_memory() will build page tables for the new memory so
326 * the p2m must contain invalid entries so the correct
327 * non-present PTEs will be written.
329 * If a failure occurs, the original (identity) p2m entries
330 * are not restored since this region is now known not to
331 * conflict with any devices.
333 if (!xen_feature(XENFEAT_auto_translated_physmap)) {
334 unsigned long pfn, i;
336 pfn = PFN_DOWN(resource->start);
337 for (i = 0; i < balloon_hotplug; i++) {
338 if (!set_phys_to_machine(pfn + i, INVALID_P2M_ENTRY)) {
339 pr_warn("set_phys_to_machine() failed, no memory added\n");
340 goto err;
344 #endif
347 * add_memory_resource() will call online_pages() which in its turn
348 * will call xen_online_page() callback causing deadlock if we don't
349 * release balloon_mutex here. Unlocking here is safe because the
350 * callers drop the mutex before trying again.
352 mutex_unlock(&balloon_mutex);
353 /* add_memory_resource() requires the device_hotplug lock */
354 lock_device_hotplug();
355 rc = add_memory_resource(nid, resource);
356 unlock_device_hotplug();
357 mutex_lock(&balloon_mutex);
359 if (rc) {
360 pr_warn("Cannot add additional memory (%i)\n", rc);
361 goto err;
364 balloon_stats.total_pages += balloon_hotplug;
366 return BP_WAIT;
367 err:
368 release_memory_resource(resource);
369 return BP_ECANCELED;
372 static void xen_online_page(struct page *page)
374 __online_page_set_limits(page);
376 mutex_lock(&balloon_mutex);
378 __balloon_append(page);
380 mutex_unlock(&balloon_mutex);
383 static int xen_memory_notifier(struct notifier_block *nb, unsigned long val, void *v)
385 if (val == MEM_ONLINE)
386 schedule_delayed_work(&balloon_worker, 0);
388 return NOTIFY_OK;
391 static struct notifier_block xen_memory_nb = {
392 .notifier_call = xen_memory_notifier,
393 .priority = 0
395 #else
396 static enum bp_state reserve_additional_memory(void)
398 balloon_stats.target_pages = balloon_stats.current_pages;
399 return BP_ECANCELED;
401 #endif /* CONFIG_XEN_BALLOON_MEMORY_HOTPLUG */
403 static long current_credit(void)
405 return balloon_stats.target_pages - balloon_stats.current_pages;
408 static bool balloon_is_inflated(void)
410 return balloon_stats.balloon_low || balloon_stats.balloon_high;
413 static enum bp_state increase_reservation(unsigned long nr_pages)
415 int rc;
416 unsigned long i;
417 struct page *page;
419 if (nr_pages > ARRAY_SIZE(frame_list))
420 nr_pages = ARRAY_SIZE(frame_list);
422 page = list_first_entry_or_null(&ballooned_pages, struct page, lru);
423 for (i = 0; i < nr_pages; i++) {
424 if (!page) {
425 nr_pages = i;
426 break;
429 frame_list[i] = page_to_xen_pfn(page);
430 page = balloon_next_page(page);
433 rc = xenmem_reservation_increase(nr_pages, frame_list);
434 if (rc <= 0)
435 return BP_EAGAIN;
437 for (i = 0; i < rc; i++) {
438 page = balloon_retrieve(false);
439 BUG_ON(page == NULL);
441 xenmem_reservation_va_mapping_update(1, &page, &frame_list[i]);
443 /* Relinquish the page back to the allocator. */
444 free_reserved_page(page);
447 balloon_stats.current_pages += rc;
449 return BP_DONE;
452 static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
454 enum bp_state state = BP_DONE;
455 unsigned long i;
456 struct page *page, *tmp;
457 int ret;
458 LIST_HEAD(pages);
460 if (nr_pages > ARRAY_SIZE(frame_list))
461 nr_pages = ARRAY_SIZE(frame_list);
463 for (i = 0; i < nr_pages; i++) {
464 page = alloc_page(gfp);
465 if (page == NULL) {
466 nr_pages = i;
467 state = BP_EAGAIN;
468 break;
470 adjust_managed_page_count(page, -1);
471 xenmem_reservation_scrub_page(page);
472 list_add(&page->lru, &pages);
476 * Ensure that ballooned highmem pages don't have kmaps.
478 * Do this before changing the p2m as kmap_flush_unused()
479 * reads PTEs to obtain pages (and hence needs the original
480 * p2m entry).
482 kmap_flush_unused();
485 * Setup the frame, update direct mapping, invalidate P2M,
486 * and add to balloon.
488 i = 0;
489 list_for_each_entry_safe(page, tmp, &pages, lru) {
490 frame_list[i++] = xen_page_to_gfn(page);
492 xenmem_reservation_va_mapping_reset(1, &page);
494 list_del(&page->lru);
496 balloon_append(page);
499 flush_tlb_all();
501 ret = xenmem_reservation_decrease(nr_pages, frame_list);
502 BUG_ON(ret != nr_pages);
504 balloon_stats.current_pages -= nr_pages;
506 return state;
510 * As this is a work item it is guaranteed to run as a single instance only.
511 * We may of course race updates of the target counts (which are protected
512 * by the balloon lock), or with changes to the Xen hard limit, but we will
513 * recover from these in time.
515 static void balloon_process(struct work_struct *work)
517 enum bp_state state = BP_DONE;
518 long credit;
521 do {
522 mutex_lock(&balloon_mutex);
524 credit = current_credit();
526 if (credit > 0) {
527 if (balloon_is_inflated())
528 state = increase_reservation(credit);
529 else
530 state = reserve_additional_memory();
533 if (credit < 0)
534 state = decrease_reservation(-credit, GFP_BALLOON);
536 state = update_schedule(state);
538 mutex_unlock(&balloon_mutex);
540 cond_resched();
542 } while (credit && state == BP_DONE);
544 /* Schedule more work if there is some still to be done. */
545 if (state == BP_EAGAIN)
546 schedule_delayed_work(&balloon_worker, balloon_stats.schedule_delay * HZ);
549 /* Resets the Xen limit, sets new target, and kicks off processing. */
550 void balloon_set_new_target(unsigned long target)
552 /* No need for lock. Not read-modify-write updates. */
553 balloon_stats.target_pages = target;
554 schedule_delayed_work(&balloon_worker, 0);
556 EXPORT_SYMBOL_GPL(balloon_set_new_target);
558 static int add_ballooned_pages(int nr_pages)
560 enum bp_state st;
562 if (xen_hotplug_unpopulated) {
563 st = reserve_additional_memory();
564 if (st != BP_ECANCELED) {
565 mutex_unlock(&balloon_mutex);
566 wait_event(balloon_wq,
567 !list_empty(&ballooned_pages));
568 mutex_lock(&balloon_mutex);
569 return 0;
573 st = decrease_reservation(nr_pages, GFP_USER);
574 if (st != BP_DONE)
575 return -ENOMEM;
577 return 0;
581 * alloc_xenballooned_pages - get pages that have been ballooned out
582 * @nr_pages: Number of pages to get
583 * @pages: pages returned
584 * @return 0 on success, error otherwise
586 int alloc_xenballooned_pages(int nr_pages, struct page **pages)
588 int pgno = 0;
589 struct page *page;
590 int ret;
592 mutex_lock(&balloon_mutex);
594 balloon_stats.target_unpopulated += nr_pages;
596 while (pgno < nr_pages) {
597 page = balloon_retrieve(true);
598 if (page) {
599 pages[pgno++] = page;
600 #ifdef CONFIG_XEN_HAVE_PVMMU
602 * We don't support PV MMU when Linux and Xen is using
603 * different page granularity.
605 BUILD_BUG_ON(XEN_PAGE_SIZE != PAGE_SIZE);
607 if (!xen_feature(XENFEAT_auto_translated_physmap)) {
608 ret = xen_alloc_p2m_entry(page_to_pfn(page));
609 if (ret < 0)
610 goto out_undo;
612 #endif
613 } else {
614 ret = add_ballooned_pages(nr_pages - pgno);
615 if (ret < 0)
616 goto out_undo;
619 mutex_unlock(&balloon_mutex);
620 return 0;
621 out_undo:
622 mutex_unlock(&balloon_mutex);
623 free_xenballooned_pages(pgno, pages);
624 return ret;
626 EXPORT_SYMBOL(alloc_xenballooned_pages);
629 * free_xenballooned_pages - return pages retrieved with get_ballooned_pages
630 * @nr_pages: Number of pages
631 * @pages: pages to return
633 void free_xenballooned_pages(int nr_pages, struct page **pages)
635 int i;
637 mutex_lock(&balloon_mutex);
639 for (i = 0; i < nr_pages; i++) {
640 if (pages[i])
641 balloon_append(pages[i]);
644 balloon_stats.target_unpopulated -= nr_pages;
646 /* The balloon may be too large now. Shrink it if needed. */
647 if (current_credit())
648 schedule_delayed_work(&balloon_worker, 0);
650 mutex_unlock(&balloon_mutex);
652 EXPORT_SYMBOL(free_xenballooned_pages);
654 #ifdef CONFIG_XEN_PV
655 static void __init balloon_add_region(unsigned long start_pfn,
656 unsigned long pages)
658 unsigned long pfn, extra_pfn_end;
659 struct page *page;
662 * If the amount of usable memory has been limited (e.g., with
663 * the 'mem' command line parameter), don't add pages beyond
664 * this limit.
666 extra_pfn_end = min(max_pfn, start_pfn + pages);
668 for (pfn = start_pfn; pfn < extra_pfn_end; pfn++) {
669 page = pfn_to_page(pfn);
670 /* totalram_pages and totalhigh_pages do not
671 include the boot-time balloon extension, so
672 don't subtract from it. */
673 __balloon_append(page);
676 balloon_stats.total_pages += extra_pfn_end - start_pfn;
678 #endif
680 static int __init balloon_init(void)
682 if (!xen_domain())
683 return -ENODEV;
685 pr_info("Initialising balloon driver\n");
687 #ifdef CONFIG_XEN_PV
688 balloon_stats.current_pages = xen_pv_domain()
689 ? min(xen_start_info->nr_pages - xen_released_pages, max_pfn)
690 : get_num_physpages();
691 #else
692 balloon_stats.current_pages = get_num_physpages();
693 #endif
694 balloon_stats.target_pages = balloon_stats.current_pages;
695 balloon_stats.balloon_low = 0;
696 balloon_stats.balloon_high = 0;
697 balloon_stats.total_pages = balloon_stats.current_pages;
699 balloon_stats.schedule_delay = 1;
700 balloon_stats.max_schedule_delay = 32;
701 balloon_stats.retry_count = 1;
702 balloon_stats.max_retry_count = RETRY_UNLIMITED;
704 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
705 set_online_page_callback(&xen_online_page);
706 register_memory_notifier(&xen_memory_nb);
707 register_sysctl_table(xen_root);
708 #endif
710 #ifdef CONFIG_XEN_PV
712 int i;
715 * Initialize the balloon with pages from the extra memory
716 * regions (see arch/x86/xen/setup.c).
718 for (i = 0; i < XEN_EXTRA_MEM_MAX_REGIONS; i++)
719 if (xen_extra_mem[i].n_pfns)
720 balloon_add_region(xen_extra_mem[i].start_pfn,
721 xen_extra_mem[i].n_pfns);
723 #endif
725 /* Init the xen-balloon driver. */
726 xen_balloon_init();
728 return 0;
730 subsys_initcall(balloon_init);