1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright 2013 Red Hat Inc.
5 * Authors: Jérôme Glisse <jglisse@redhat.com>
8 * Refer to include/linux/hmm.h for information about heterogeneous memory
9 * management or HMM for short.
12 #include <linux/hmm.h>
13 #include <linux/init.h>
14 #include <linux/rmap.h>
15 #include <linux/swap.h>
16 #include <linux/slab.h>
17 #include <linux/sched.h>
18 #include <linux/mmzone.h>
19 #include <linux/pagemap.h>
20 #include <linux/swapops.h>
21 #include <linux/hugetlb.h>
22 #include <linux/memremap.h>
23 #include <linux/sched/mm.h>
24 #include <linux/jump_label.h>
25 #include <linux/dma-mapping.h>
26 #include <linux/mmu_notifier.h>
27 #include <linux/memory_hotplug.h>
29 #define PA_SECTION_SIZE (1UL << PA_SECTION_SHIFT)
31 #if IS_ENABLED(CONFIG_HMM_MIRROR)
32 static const struct mmu_notifier_ops hmm_mmu_notifier_ops;
35 * hmm_get_or_create - register HMM against an mm (HMM internal)
37 * @mm: mm struct to attach to
38 * Returns: returns an HMM object, either by referencing the existing
39 * (per-process) object, or by creating a new one.
41 * This is not intended to be used directly by device drivers. If mm already
42 * has an HMM struct then it get a reference on it and returns it. Otherwise
43 * it allocates an HMM struct, initializes it, associate it with the mm and
46 static struct hmm *hmm_get_or_create(struct mm_struct *mm)
50 lockdep_assert_held_exclusive(&mm->mmap_sem);
52 /* Abuse the page_table_lock to also protect mm->hmm. */
53 spin_lock(&mm->page_table_lock);
55 if (mm->hmm && kref_get_unless_zero(&mm->hmm->kref))
57 spin_unlock(&mm->page_table_lock);
59 hmm = kmalloc(sizeof(*hmm), GFP_KERNEL);
62 init_waitqueue_head(&hmm->wq);
63 INIT_LIST_HEAD(&hmm->mirrors);
64 init_rwsem(&hmm->mirrors_sem);
65 hmm->mmu_notifier.ops = NULL;
66 INIT_LIST_HEAD(&hmm->ranges);
67 mutex_init(&hmm->lock);
68 kref_init(&hmm->kref);
72 hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops;
73 if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) {
81 * We hold the exclusive mmap_sem here so we know that mm->hmm is
82 * still NULL or 0 kref, and is safe to update.
84 spin_lock(&mm->page_table_lock);
88 spin_unlock(&mm->page_table_lock);
92 static void hmm_free_rcu(struct rcu_head *rcu)
94 struct hmm *hmm = container_of(rcu, struct hmm, rcu);
100 static void hmm_free(struct kref *kref)
102 struct hmm *hmm = container_of(kref, struct hmm, kref);
104 spin_lock(&hmm->mm->page_table_lock);
105 if (hmm->mm->hmm == hmm)
107 spin_unlock(&hmm->mm->page_table_lock);
109 mmu_notifier_unregister_no_release(&hmm->mmu_notifier, hmm->mm);
110 mmu_notifier_call_srcu(&hmm->rcu, hmm_free_rcu);
113 static inline void hmm_put(struct hmm *hmm)
115 kref_put(&hmm->kref, hmm_free);
118 static void hmm_release(struct mmu_notifier *mn, struct mm_struct *mm)
120 struct hmm *hmm = container_of(mn, struct hmm, mmu_notifier);
121 struct hmm_mirror *mirror;
123 /* Bail out if hmm is in the process of being freed */
124 if (!kref_get_unless_zero(&hmm->kref))
128 * Since hmm_range_register() holds the mmget() lock hmm_release() is
129 * prevented as long as a range exists.
131 WARN_ON(!list_empty_careful(&hmm->ranges));
133 down_write(&hmm->mirrors_sem);
134 mirror = list_first_entry_or_null(&hmm->mirrors, struct hmm_mirror,
137 list_del_init(&mirror->list);
138 if (mirror->ops->release) {
140 * Drop mirrors_sem so the release callback can wait
141 * on any pending work that might itself trigger a
142 * mmu_notifier callback and thus would deadlock with
145 up_write(&hmm->mirrors_sem);
146 mirror->ops->release(mirror);
147 down_write(&hmm->mirrors_sem);
149 mirror = list_first_entry_or_null(&hmm->mirrors,
150 struct hmm_mirror, list);
152 up_write(&hmm->mirrors_sem);
157 static int hmm_invalidate_range_start(struct mmu_notifier *mn,
158 const struct mmu_notifier_range *nrange)
160 struct hmm *hmm = container_of(mn, struct hmm, mmu_notifier);
161 struct hmm_mirror *mirror;
162 struct hmm_update update;
163 struct hmm_range *range;
166 if (!kref_get_unless_zero(&hmm->kref))
169 update.start = nrange->start;
170 update.end = nrange->end;
171 update.event = HMM_UPDATE_INVALIDATE;
172 update.blockable = mmu_notifier_range_blockable(nrange);
174 if (mmu_notifier_range_blockable(nrange))
175 mutex_lock(&hmm->lock);
176 else if (!mutex_trylock(&hmm->lock)) {
181 list_for_each_entry(range, &hmm->ranges, list) {
182 if (update.end < range->start || update.start >= range->end)
185 range->valid = false;
187 mutex_unlock(&hmm->lock);
189 if (mmu_notifier_range_blockable(nrange))
190 down_read(&hmm->mirrors_sem);
191 else if (!down_read_trylock(&hmm->mirrors_sem)) {
195 list_for_each_entry(mirror, &hmm->mirrors, list) {
198 ret = mirror->ops->sync_cpu_device_pagetables(mirror, &update);
199 if (!update.blockable && ret == -EAGAIN)
202 up_read(&hmm->mirrors_sem);
209 static void hmm_invalidate_range_end(struct mmu_notifier *mn,
210 const struct mmu_notifier_range *nrange)
212 struct hmm *hmm = container_of(mn, struct hmm, mmu_notifier);
214 if (!kref_get_unless_zero(&hmm->kref))
217 mutex_lock(&hmm->lock);
219 if (!hmm->notifiers) {
220 struct hmm_range *range;
222 list_for_each_entry(range, &hmm->ranges, list) {
227 wake_up_all(&hmm->wq);
229 mutex_unlock(&hmm->lock);
234 static const struct mmu_notifier_ops hmm_mmu_notifier_ops = {
235 .release = hmm_release,
236 .invalidate_range_start = hmm_invalidate_range_start,
237 .invalidate_range_end = hmm_invalidate_range_end,
241 * hmm_mirror_register() - register a mirror against an mm
243 * @mirror: new mirror struct to register
244 * @mm: mm to register against
245 * Return: 0 on success, -ENOMEM if no memory, -EINVAL if invalid arguments
247 * To start mirroring a process address space, the device driver must register
248 * an HMM mirror struct.
250 * THE mm->mmap_sem MUST BE HELD IN WRITE MODE !
252 int hmm_mirror_register(struct hmm_mirror *mirror, struct mm_struct *mm)
255 if (!mm || !mirror || !mirror->ops)
258 mirror->hmm = hmm_get_or_create(mm);
262 down_write(&mirror->hmm->mirrors_sem);
263 list_add(&mirror->list, &mirror->hmm->mirrors);
264 up_write(&mirror->hmm->mirrors_sem);
268 EXPORT_SYMBOL(hmm_mirror_register);
271 * hmm_mirror_unregister() - unregister a mirror
273 * @mirror: mirror struct to unregister
275 * Stop mirroring a process address space, and cleanup.
277 void hmm_mirror_unregister(struct hmm_mirror *mirror)
279 struct hmm *hmm = READ_ONCE(mirror->hmm);
284 down_write(&hmm->mirrors_sem);
285 list_del_init(&mirror->list);
286 /* To protect us against double unregister ... */
288 up_write(&hmm->mirrors_sem);
292 EXPORT_SYMBOL(hmm_mirror_unregister);
294 struct hmm_vma_walk {
295 struct hmm_range *range;
296 struct dev_pagemap *pgmap;
302 static int hmm_vma_do_fault(struct mm_walk *walk, unsigned long addr,
303 bool write_fault, uint64_t *pfn)
305 unsigned int flags = FAULT_FLAG_REMOTE;
306 struct hmm_vma_walk *hmm_vma_walk = walk->private;
307 struct hmm_range *range = hmm_vma_walk->range;
308 struct vm_area_struct *vma = walk->vma;
311 flags |= hmm_vma_walk->block ? 0 : FAULT_FLAG_ALLOW_RETRY;
312 flags |= write_fault ? FAULT_FLAG_WRITE : 0;
313 ret = handle_mm_fault(vma, addr, flags);
314 if (ret & VM_FAULT_RETRY)
316 if (ret & VM_FAULT_ERROR) {
317 *pfn = range->values[HMM_PFN_ERROR];
324 static int hmm_pfns_bad(unsigned long addr,
326 struct mm_walk *walk)
328 struct hmm_vma_walk *hmm_vma_walk = walk->private;
329 struct hmm_range *range = hmm_vma_walk->range;
330 uint64_t *pfns = range->pfns;
333 i = (addr - range->start) >> PAGE_SHIFT;
334 for (; addr < end; addr += PAGE_SIZE, i++)
335 pfns[i] = range->values[HMM_PFN_ERROR];
341 * hmm_vma_walk_hole() - handle a range lacking valid pmd or pte(s)
342 * @start: range virtual start address (inclusive)
343 * @end: range virtual end address (exclusive)
344 * @fault: should we fault or not ?
345 * @write_fault: write fault ?
346 * @walk: mm_walk structure
347 * Return: 0 on success, -EBUSY after page fault, or page fault error
349 * This function will be called whenever pmd_none() or pte_none() returns true,
350 * or whenever there is no page directory covering the virtual address range.
352 static int hmm_vma_walk_hole_(unsigned long addr, unsigned long end,
353 bool fault, bool write_fault,
354 struct mm_walk *walk)
356 struct hmm_vma_walk *hmm_vma_walk = walk->private;
357 struct hmm_range *range = hmm_vma_walk->range;
358 uint64_t *pfns = range->pfns;
359 unsigned long i, page_size;
361 hmm_vma_walk->last = addr;
362 page_size = hmm_range_page_size(range);
363 i = (addr - range->start) >> range->page_shift;
365 for (; addr < end; addr += page_size, i++) {
366 pfns[i] = range->values[HMM_PFN_NONE];
367 if (fault || write_fault) {
370 ret = hmm_vma_do_fault(walk, addr, write_fault,
377 return (fault || write_fault) ? -EBUSY : 0;
380 static inline void hmm_pte_need_fault(const struct hmm_vma_walk *hmm_vma_walk,
381 uint64_t pfns, uint64_t cpu_flags,
382 bool *fault, bool *write_fault)
384 struct hmm_range *range = hmm_vma_walk->range;
386 if (!hmm_vma_walk->fault)
390 * So we not only consider the individual per page request we also
391 * consider the default flags requested for the range. The API can
392 * be use in 2 fashions. The first one where the HMM user coalesce
393 * multiple page fault into one request and set flags per pfns for
394 * of those faults. The second one where the HMM user want to pre-
395 * fault a range with specific flags. For the latter one it is a
396 * waste to have the user pre-fill the pfn arrays with a default
399 pfns = (pfns & range->pfn_flags_mask) | range->default_flags;
401 /* We aren't ask to do anything ... */
402 if (!(pfns & range->flags[HMM_PFN_VALID]))
404 /* If this is device memory than only fault if explicitly requested */
405 if ((cpu_flags & range->flags[HMM_PFN_DEVICE_PRIVATE])) {
406 /* Do we fault on device memory ? */
407 if (pfns & range->flags[HMM_PFN_DEVICE_PRIVATE]) {
408 *write_fault = pfns & range->flags[HMM_PFN_WRITE];
414 /* If CPU page table is not valid then we need to fault */
415 *fault = !(cpu_flags & range->flags[HMM_PFN_VALID]);
416 /* Need to write fault ? */
417 if ((pfns & range->flags[HMM_PFN_WRITE]) &&
418 !(cpu_flags & range->flags[HMM_PFN_WRITE])) {
424 static void hmm_range_need_fault(const struct hmm_vma_walk *hmm_vma_walk,
425 const uint64_t *pfns, unsigned long npages,
426 uint64_t cpu_flags, bool *fault,
431 if (!hmm_vma_walk->fault) {
432 *fault = *write_fault = false;
436 *fault = *write_fault = false;
437 for (i = 0; i < npages; ++i) {
438 hmm_pte_need_fault(hmm_vma_walk, pfns[i], cpu_flags,
445 static int hmm_vma_walk_hole(unsigned long addr, unsigned long end,
446 struct mm_walk *walk)
448 struct hmm_vma_walk *hmm_vma_walk = walk->private;
449 struct hmm_range *range = hmm_vma_walk->range;
450 bool fault, write_fault;
451 unsigned long i, npages;
454 i = (addr - range->start) >> PAGE_SHIFT;
455 npages = (end - addr) >> PAGE_SHIFT;
456 pfns = &range->pfns[i];
457 hmm_range_need_fault(hmm_vma_walk, pfns, npages,
458 0, &fault, &write_fault);
459 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
462 static inline uint64_t pmd_to_hmm_pfn_flags(struct hmm_range *range, pmd_t pmd)
464 if (pmd_protnone(pmd))
466 return pmd_write(pmd) ? range->flags[HMM_PFN_VALID] |
467 range->flags[HMM_PFN_WRITE] :
468 range->flags[HMM_PFN_VALID];
471 static inline uint64_t pud_to_hmm_pfn_flags(struct hmm_range *range, pud_t pud)
473 if (!pud_present(pud))
475 return pud_write(pud) ? range->flags[HMM_PFN_VALID] |
476 range->flags[HMM_PFN_WRITE] :
477 range->flags[HMM_PFN_VALID];
480 static int hmm_vma_handle_pmd(struct mm_walk *walk,
486 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
487 struct hmm_vma_walk *hmm_vma_walk = walk->private;
488 struct hmm_range *range = hmm_vma_walk->range;
489 unsigned long pfn, npages, i;
490 bool fault, write_fault;
493 npages = (end - addr) >> PAGE_SHIFT;
494 cpu_flags = pmd_to_hmm_pfn_flags(range, pmd);
495 hmm_range_need_fault(hmm_vma_walk, pfns, npages, cpu_flags,
496 &fault, &write_fault);
498 if (pmd_protnone(pmd) || fault || write_fault)
499 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
501 pfn = pmd_pfn(pmd) + pte_index(addr);
502 for (i = 0; addr < end; addr += PAGE_SIZE, i++, pfn++) {
503 if (pmd_devmap(pmd)) {
504 hmm_vma_walk->pgmap = get_dev_pagemap(pfn,
505 hmm_vma_walk->pgmap);
506 if (unlikely(!hmm_vma_walk->pgmap))
509 pfns[i] = hmm_device_entry_from_pfn(range, pfn) | cpu_flags;
511 if (hmm_vma_walk->pgmap) {
512 put_dev_pagemap(hmm_vma_walk->pgmap);
513 hmm_vma_walk->pgmap = NULL;
515 hmm_vma_walk->last = end;
518 /* If THP is not enabled then we should never reach that code ! */
523 static inline uint64_t pte_to_hmm_pfn_flags(struct hmm_range *range, pte_t pte)
525 if (pte_none(pte) || !pte_present(pte) || pte_protnone(pte))
527 return pte_write(pte) ? range->flags[HMM_PFN_VALID] |
528 range->flags[HMM_PFN_WRITE] :
529 range->flags[HMM_PFN_VALID];
532 static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr,
533 unsigned long end, pmd_t *pmdp, pte_t *ptep,
536 struct hmm_vma_walk *hmm_vma_walk = walk->private;
537 struct hmm_range *range = hmm_vma_walk->range;
538 struct vm_area_struct *vma = walk->vma;
539 bool fault, write_fault;
542 uint64_t orig_pfn = *pfn;
544 *pfn = range->values[HMM_PFN_NONE];
545 fault = write_fault = false;
548 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, 0,
549 &fault, &write_fault);
550 if (fault || write_fault)
555 if (!pte_present(pte)) {
556 swp_entry_t entry = pte_to_swp_entry(pte);
558 if (!non_swap_entry(entry)) {
559 if (fault || write_fault)
565 * This is a special swap entry, ignore migration, use
566 * device and report anything else as error.
568 if (is_device_private_entry(entry)) {
569 cpu_flags = range->flags[HMM_PFN_VALID] |
570 range->flags[HMM_PFN_DEVICE_PRIVATE];
571 cpu_flags |= is_write_device_private_entry(entry) ?
572 range->flags[HMM_PFN_WRITE] : 0;
573 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags,
574 &fault, &write_fault);
575 if (fault || write_fault)
577 *pfn = hmm_device_entry_from_pfn(range,
583 if (is_migration_entry(entry)) {
584 if (fault || write_fault) {
586 hmm_vma_walk->last = addr;
587 migration_entry_wait(vma->vm_mm,
594 /* Report error for everything else */
595 *pfn = range->values[HMM_PFN_ERROR];
598 cpu_flags = pte_to_hmm_pfn_flags(range, pte);
599 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags,
600 &fault, &write_fault);
603 if (fault || write_fault)
606 if (pte_devmap(pte)) {
607 hmm_vma_walk->pgmap = get_dev_pagemap(pte_pfn(pte),
608 hmm_vma_walk->pgmap);
609 if (unlikely(!hmm_vma_walk->pgmap))
611 } else if (IS_ENABLED(CONFIG_ARCH_HAS_PTE_SPECIAL) && pte_special(pte)) {
612 *pfn = range->values[HMM_PFN_SPECIAL];
616 *pfn = hmm_device_entry_from_pfn(range, pte_pfn(pte)) | cpu_flags;
620 if (hmm_vma_walk->pgmap) {
621 put_dev_pagemap(hmm_vma_walk->pgmap);
622 hmm_vma_walk->pgmap = NULL;
625 /* Fault any virtual address we were asked to fault */
626 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
629 static int hmm_vma_walk_pmd(pmd_t *pmdp,
632 struct mm_walk *walk)
634 struct hmm_vma_walk *hmm_vma_walk = walk->private;
635 struct hmm_range *range = hmm_vma_walk->range;
636 struct vm_area_struct *vma = walk->vma;
637 uint64_t *pfns = range->pfns;
638 unsigned long addr = start, i;
644 pmd = READ_ONCE(*pmdp);
646 return hmm_vma_walk_hole(start, end, walk);
648 if (pmd_huge(pmd) && (range->vma->vm_flags & VM_HUGETLB))
649 return hmm_pfns_bad(start, end, walk);
651 if (thp_migration_supported() && is_pmd_migration_entry(pmd)) {
652 bool fault, write_fault;
653 unsigned long npages;
656 i = (addr - range->start) >> PAGE_SHIFT;
657 npages = (end - addr) >> PAGE_SHIFT;
658 pfns = &range->pfns[i];
660 hmm_range_need_fault(hmm_vma_walk, pfns, npages,
661 0, &fault, &write_fault);
662 if (fault || write_fault) {
663 hmm_vma_walk->last = addr;
664 pmd_migration_entry_wait(vma->vm_mm, pmdp);
668 } else if (!pmd_present(pmd))
669 return hmm_pfns_bad(start, end, walk);
671 if (pmd_devmap(pmd) || pmd_trans_huge(pmd)) {
673 * No need to take pmd_lock here, even if some other threads
674 * is splitting the huge pmd we will get that event through
675 * mmu_notifier callback.
677 * So just read pmd value and check again its a transparent
678 * huge or device mapping one and compute corresponding pfn
681 pmd = pmd_read_atomic(pmdp);
683 if (!pmd_devmap(pmd) && !pmd_trans_huge(pmd))
686 i = (addr - range->start) >> PAGE_SHIFT;
687 return hmm_vma_handle_pmd(walk, addr, end, &pfns[i], pmd);
691 * We have handled all the valid case above ie either none, migration,
692 * huge or transparent huge. At this point either it is a valid pmd
693 * entry pointing to pte directory or it is a bad pmd that will not
697 return hmm_pfns_bad(start, end, walk);
699 ptep = pte_offset_map(pmdp, addr);
700 i = (addr - range->start) >> PAGE_SHIFT;
701 for (; addr < end; addr += PAGE_SIZE, ptep++, i++) {
704 r = hmm_vma_handle_pte(walk, addr, end, pmdp, ptep, &pfns[i]);
706 /* hmm_vma_handle_pte() did unmap pte directory */
707 hmm_vma_walk->last = addr;
711 if (hmm_vma_walk->pgmap) {
713 * We do put_dev_pagemap() here and not in hmm_vma_handle_pte()
714 * so that we can leverage get_dev_pagemap() optimization which
715 * will not re-take a reference on a pgmap if we already have
718 put_dev_pagemap(hmm_vma_walk->pgmap);
719 hmm_vma_walk->pgmap = NULL;
723 hmm_vma_walk->last = addr;
727 static int hmm_vma_walk_pud(pud_t *pudp,
730 struct mm_walk *walk)
732 struct hmm_vma_walk *hmm_vma_walk = walk->private;
733 struct hmm_range *range = hmm_vma_walk->range;
734 unsigned long addr = start, next;
740 pud = READ_ONCE(*pudp);
742 return hmm_vma_walk_hole(start, end, walk);
744 if (pud_huge(pud) && pud_devmap(pud)) {
745 unsigned long i, npages, pfn;
746 uint64_t *pfns, cpu_flags;
747 bool fault, write_fault;
749 if (!pud_present(pud))
750 return hmm_vma_walk_hole(start, end, walk);
752 i = (addr - range->start) >> PAGE_SHIFT;
753 npages = (end - addr) >> PAGE_SHIFT;
754 pfns = &range->pfns[i];
756 cpu_flags = pud_to_hmm_pfn_flags(range, pud);
757 hmm_range_need_fault(hmm_vma_walk, pfns, npages,
758 cpu_flags, &fault, &write_fault);
759 if (fault || write_fault)
760 return hmm_vma_walk_hole_(addr, end, fault,
763 pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
764 for (i = 0; i < npages; ++i, ++pfn) {
765 hmm_vma_walk->pgmap = get_dev_pagemap(pfn,
766 hmm_vma_walk->pgmap);
767 if (unlikely(!hmm_vma_walk->pgmap))
769 pfns[i] = hmm_device_entry_from_pfn(range, pfn) |
772 if (hmm_vma_walk->pgmap) {
773 put_dev_pagemap(hmm_vma_walk->pgmap);
774 hmm_vma_walk->pgmap = NULL;
776 hmm_vma_walk->last = end;
780 split_huge_pud(walk->vma, pudp, addr);
784 pmdp = pmd_offset(pudp, addr);
786 next = pmd_addr_end(addr, end);
787 ret = hmm_vma_walk_pmd(pmdp, addr, next, walk);
790 } while (pmdp++, addr = next, addr != end);
795 static int hmm_vma_walk_hugetlb_entry(pte_t *pte, unsigned long hmask,
796 unsigned long start, unsigned long end,
797 struct mm_walk *walk)
799 #ifdef CONFIG_HUGETLB_PAGE
800 unsigned long addr = start, i, pfn, mask, size, pfn_inc;
801 struct hmm_vma_walk *hmm_vma_walk = walk->private;
802 struct hmm_range *range = hmm_vma_walk->range;
803 struct vm_area_struct *vma = walk->vma;
804 struct hstate *h = hstate_vma(vma);
805 uint64_t orig_pfn, cpu_flags;
806 bool fault, write_fault;
811 size = 1UL << huge_page_shift(h);
813 if (range->page_shift != PAGE_SHIFT) {
814 /* Make sure we are looking at full page. */
817 if (end < (start + size))
819 pfn_inc = size >> PAGE_SHIFT;
826 ptl = huge_pte_lock(hstate_vma(walk->vma), walk->mm, pte);
827 entry = huge_ptep_get(pte);
829 i = (start - range->start) >> range->page_shift;
830 orig_pfn = range->pfns[i];
831 range->pfns[i] = range->values[HMM_PFN_NONE];
832 cpu_flags = pte_to_hmm_pfn_flags(range, entry);
833 fault = write_fault = false;
834 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags,
835 &fault, &write_fault);
836 if (fault || write_fault) {
841 pfn = pte_pfn(entry) + ((start & mask) >> range->page_shift);
842 for (; addr < end; addr += size, i++, pfn += pfn_inc)
843 range->pfns[i] = hmm_device_entry_from_pfn(range, pfn) |
845 hmm_vma_walk->last = end;
851 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
854 #else /* CONFIG_HUGETLB_PAGE */
859 static void hmm_pfns_clear(struct hmm_range *range,
864 for (; addr < end; addr += PAGE_SIZE, pfns++)
865 *pfns = range->values[HMM_PFN_NONE];
869 * hmm_range_register() - start tracking change to CPU page table over a range
871 * @mm: the mm struct for the range of virtual address
872 * @start: start virtual address (inclusive)
873 * @end: end virtual address (exclusive)
874 * @page_shift: expect page shift for the range
875 * Returns 0 on success, -EFAULT if the address space is no longer valid
877 * Track updates to the CPU page table see include/linux/hmm.h
879 int hmm_range_register(struct hmm_range *range,
880 struct hmm_mirror *mirror,
885 unsigned long mask = ((1UL << page_shift) - 1UL);
886 struct hmm *hmm = mirror->hmm;
888 range->valid = false;
891 if ((start & mask) || (end & mask))
896 range->page_shift = page_shift;
897 range->start = start;
900 /* Prevent hmm_release() from running while the range is valid */
901 if (!mmget_not_zero(hmm->mm))
904 /* Initialize range to track CPU page table updates. */
905 mutex_lock(&hmm->lock);
908 kref_get(&hmm->kref);
909 list_add(&range->list, &hmm->ranges);
912 * If there are any concurrent notifiers we have to wait for them for
913 * the range to be valid (see hmm_range_wait_until_valid()).
917 mutex_unlock(&hmm->lock);
921 EXPORT_SYMBOL(hmm_range_register);
924 * hmm_range_unregister() - stop tracking change to CPU page table over a range
927 * Range struct is used to track updates to the CPU page table after a call to
928 * hmm_range_register(). See include/linux/hmm.h for how to use it.
930 void hmm_range_unregister(struct hmm_range *range)
932 struct hmm *hmm = range->hmm;
934 /* Sanity check this really should not happen. */
935 if (hmm == NULL || range->end <= range->start)
938 mutex_lock(&hmm->lock);
939 list_del_init(&range->list);
940 mutex_unlock(&hmm->lock);
942 /* Drop reference taken by hmm_range_register() */
943 range->valid = false;
948 EXPORT_SYMBOL(hmm_range_unregister);
951 * hmm_range_snapshot() - snapshot CPU page table for a range
953 * Return: -EINVAL if invalid argument, -ENOMEM out of memory, -EPERM invalid
954 * permission (for instance asking for write and range is read only),
955 * -EAGAIN if you need to retry, -EFAULT invalid (ie either no valid
956 * vma or it is illegal to access that range), number of valid pages
957 * in range->pfns[] (from range start address).
959 * This snapshots the CPU page table for a range of virtual addresses. Snapshot
960 * validity is tracked by range struct. See in include/linux/hmm.h for example
963 long hmm_range_snapshot(struct hmm_range *range)
965 const unsigned long device_vma = VM_IO | VM_PFNMAP | VM_MIXEDMAP;
966 unsigned long start = range->start, end;
967 struct hmm_vma_walk hmm_vma_walk;
968 struct hmm *hmm = range->hmm;
969 struct vm_area_struct *vma;
970 struct mm_walk mm_walk;
972 lockdep_assert_held(&hmm->mm->mmap_sem);
974 /* If range is no longer valid force retry. */
978 vma = find_vma(hmm->mm, start);
979 if (vma == NULL || (vma->vm_flags & device_vma))
982 if (is_vm_hugetlb_page(vma)) {
983 if (huge_page_shift(hstate_vma(vma)) !=
985 range->page_shift != PAGE_SHIFT)
988 if (range->page_shift != PAGE_SHIFT)
992 if (!(vma->vm_flags & VM_READ)) {
994 * If vma do not allow read access, then assume that it
995 * does not allow write access, either. HMM does not
996 * support architecture that allow write without read.
998 hmm_pfns_clear(range, range->pfns,
999 range->start, range->end);
1004 hmm_vma_walk.pgmap = NULL;
1005 hmm_vma_walk.last = start;
1006 hmm_vma_walk.fault = false;
1007 hmm_vma_walk.range = range;
1008 mm_walk.private = &hmm_vma_walk;
1009 end = min(range->end, vma->vm_end);
1012 mm_walk.mm = vma->vm_mm;
1013 mm_walk.pte_entry = NULL;
1014 mm_walk.test_walk = NULL;
1015 mm_walk.hugetlb_entry = NULL;
1016 mm_walk.pud_entry = hmm_vma_walk_pud;
1017 mm_walk.pmd_entry = hmm_vma_walk_pmd;
1018 mm_walk.pte_hole = hmm_vma_walk_hole;
1019 mm_walk.hugetlb_entry = hmm_vma_walk_hugetlb_entry;
1021 walk_page_range(start, end, &mm_walk);
1023 } while (start < range->end);
1025 return (hmm_vma_walk.last - range->start) >> PAGE_SHIFT;
1027 EXPORT_SYMBOL(hmm_range_snapshot);
1030 * hmm_range_fault() - try to fault some address in a virtual address range
1031 * @range: range being faulted
1032 * @block: allow blocking on fault (if true it sleeps and do not drop mmap_sem)
1033 * Return: number of valid pages in range->pfns[] (from range start
1034 * address). This may be zero. If the return value is negative,
1035 * then one of the following values may be returned:
1037 * -EINVAL invalid arguments or mm or virtual address are in an
1038 * invalid vma (for instance device file vma).
1039 * -ENOMEM: Out of memory.
1040 * -EPERM: Invalid permission (for instance asking for write and
1041 * range is read only).
1042 * -EAGAIN: If you need to retry and mmap_sem was drop. This can only
1043 * happens if block argument is false.
1044 * -EBUSY: If the the range is being invalidated and you should wait
1045 * for invalidation to finish.
1046 * -EFAULT: Invalid (ie either no valid vma or it is illegal to access
1047 * that range), number of valid pages in range->pfns[] (from
1048 * range start address).
1050 * This is similar to a regular CPU page fault except that it will not trigger
1051 * any memory migration if the memory being faulted is not accessible by CPUs
1052 * and caller does not ask for migration.
1054 * On error, for one virtual address in the range, the function will mark the
1055 * corresponding HMM pfn entry with an error flag.
1057 long hmm_range_fault(struct hmm_range *range, bool block)
1059 const unsigned long device_vma = VM_IO | VM_PFNMAP | VM_MIXEDMAP;
1060 unsigned long start = range->start, end;
1061 struct hmm_vma_walk hmm_vma_walk;
1062 struct hmm *hmm = range->hmm;
1063 struct vm_area_struct *vma;
1064 struct mm_walk mm_walk;
1067 lockdep_assert_held(&hmm->mm->mmap_sem);
1070 /* If range is no longer valid force retry. */
1071 if (!range->valid) {
1072 up_read(&hmm->mm->mmap_sem);
1076 vma = find_vma(hmm->mm, start);
1077 if (vma == NULL || (vma->vm_flags & device_vma))
1080 if (is_vm_hugetlb_page(vma)) {
1081 if (huge_page_shift(hstate_vma(vma)) !=
1082 range->page_shift &&
1083 range->page_shift != PAGE_SHIFT)
1086 if (range->page_shift != PAGE_SHIFT)
1090 if (!(vma->vm_flags & VM_READ)) {
1092 * If vma do not allow read access, then assume that it
1093 * does not allow write access, either. HMM does not
1094 * support architecture that allow write without read.
1096 hmm_pfns_clear(range, range->pfns,
1097 range->start, range->end);
1102 hmm_vma_walk.pgmap = NULL;
1103 hmm_vma_walk.last = start;
1104 hmm_vma_walk.fault = true;
1105 hmm_vma_walk.block = block;
1106 hmm_vma_walk.range = range;
1107 mm_walk.private = &hmm_vma_walk;
1108 end = min(range->end, vma->vm_end);
1111 mm_walk.mm = vma->vm_mm;
1112 mm_walk.pte_entry = NULL;
1113 mm_walk.test_walk = NULL;
1114 mm_walk.hugetlb_entry = NULL;
1115 mm_walk.pud_entry = hmm_vma_walk_pud;
1116 mm_walk.pmd_entry = hmm_vma_walk_pmd;
1117 mm_walk.pte_hole = hmm_vma_walk_hole;
1118 mm_walk.hugetlb_entry = hmm_vma_walk_hugetlb_entry;
1121 ret = walk_page_range(start, end, &mm_walk);
1122 start = hmm_vma_walk.last;
1124 /* Keep trying while the range is valid. */
1125 } while (ret == -EBUSY && range->valid);
1130 i = (hmm_vma_walk.last - range->start) >> PAGE_SHIFT;
1131 hmm_pfns_clear(range, &range->pfns[i],
1132 hmm_vma_walk.last, range->end);
1137 } while (start < range->end);
1139 return (hmm_vma_walk.last - range->start) >> PAGE_SHIFT;
1141 EXPORT_SYMBOL(hmm_range_fault);
1144 * hmm_range_dma_map() - hmm_range_fault() and dma map page all in one.
1145 * @range: range being faulted
1146 * @device: device against to dma map page to
1147 * @daddrs: dma address of mapped pages
1148 * @block: allow blocking on fault (if true it sleeps and do not drop mmap_sem)
1149 * Return: number of pages mapped on success, -EAGAIN if mmap_sem have been
1150 * drop and you need to try again, some other error value otherwise
1152 * Note same usage pattern as hmm_range_fault().
1154 long hmm_range_dma_map(struct hmm_range *range,
1155 struct device *device,
1159 unsigned long i, npages, mapped;
1162 ret = hmm_range_fault(range, block);
1164 return ret ? ret : -EBUSY;
1166 npages = (range->end - range->start) >> PAGE_SHIFT;
1167 for (i = 0, mapped = 0; i < npages; ++i) {
1168 enum dma_data_direction dir = DMA_TO_DEVICE;
1172 * FIXME need to update DMA API to provide invalid DMA address
1173 * value instead of a function to test dma address value. This
1174 * would remove lot of dumb code duplicated accross many arch.
1176 * For now setting it to 0 here is good enough as the pfns[]
1177 * value is what is use to check what is valid and what isn't.
1181 page = hmm_device_entry_to_page(range, range->pfns[i]);
1185 /* Check if range is being invalidated */
1186 if (!range->valid) {
1191 /* If it is read and write than map bi-directional. */
1192 if (range->pfns[i] & range->flags[HMM_PFN_WRITE])
1193 dir = DMA_BIDIRECTIONAL;
1195 daddrs[i] = dma_map_page(device, page, 0, PAGE_SIZE, dir);
1196 if (dma_mapping_error(device, daddrs[i])) {
1207 for (npages = i, i = 0; (i < npages) && mapped; ++i) {
1208 enum dma_data_direction dir = DMA_TO_DEVICE;
1211 page = hmm_device_entry_to_page(range, range->pfns[i]);
1215 if (dma_mapping_error(device, daddrs[i]))
1218 /* If it is read and write than map bi-directional. */
1219 if (range->pfns[i] & range->flags[HMM_PFN_WRITE])
1220 dir = DMA_BIDIRECTIONAL;
1222 dma_unmap_page(device, daddrs[i], PAGE_SIZE, dir);
1228 EXPORT_SYMBOL(hmm_range_dma_map);
1231 * hmm_range_dma_unmap() - unmap range of that was map with hmm_range_dma_map()
1232 * @range: range being unmapped
1233 * @vma: the vma against which the range (optional)
1234 * @device: device against which dma map was done
1235 * @daddrs: dma address of mapped pages
1236 * @dirty: dirty page if it had the write flag set
1237 * Return: number of page unmapped on success, -EINVAL otherwise
1239 * Note that caller MUST abide by mmu notifier or use HMM mirror and abide
1240 * to the sync_cpu_device_pagetables() callback so that it is safe here to
1241 * call set_page_dirty(). Caller must also take appropriate locks to avoid
1242 * concurrent mmu notifier or sync_cpu_device_pagetables() to make progress.
1244 long hmm_range_dma_unmap(struct hmm_range *range,
1245 struct vm_area_struct *vma,
1246 struct device *device,
1250 unsigned long i, npages;
1254 if (range->end <= range->start)
1261 npages = (range->end - range->start) >> PAGE_SHIFT;
1262 for (i = 0; i < npages; ++i) {
1263 enum dma_data_direction dir = DMA_TO_DEVICE;
1266 page = hmm_device_entry_to_page(range, range->pfns[i]);
1270 /* If it is read and write than map bi-directional. */
1271 if (range->pfns[i] & range->flags[HMM_PFN_WRITE]) {
1272 dir = DMA_BIDIRECTIONAL;
1275 * See comments in function description on why it is
1276 * safe here to call set_page_dirty()
1279 set_page_dirty(page);
1282 /* Unmap and clear pfns/dma address */
1283 dma_unmap_page(device, daddrs[i], PAGE_SIZE, dir);
1284 range->pfns[i] = range->values[HMM_PFN_NONE];
1285 /* FIXME see comments in hmm_vma_dma_map() */
1292 EXPORT_SYMBOL(hmm_range_dma_unmap);
1293 #endif /* IS_ENABLED(CONFIG_HMM_MIRROR) */
1296 #if IS_ENABLED(CONFIG_DEVICE_PRIVATE) || IS_ENABLED(CONFIG_DEVICE_PUBLIC)
1297 struct page *hmm_vma_alloc_locked_page(struct vm_area_struct *vma,
1302 page = alloc_page_vma(GFP_HIGHUSER, vma, addr);
1308 EXPORT_SYMBOL(hmm_vma_alloc_locked_page);
1311 static void hmm_devmem_ref_release(struct percpu_ref *ref)
1313 struct hmm_devmem *devmem;
1315 devmem = container_of(ref, struct hmm_devmem, ref);
1316 complete(&devmem->completion);
1319 static void hmm_devmem_ref_exit(void *data)
1321 struct percpu_ref *ref = data;
1322 struct hmm_devmem *devmem;
1324 devmem = container_of(ref, struct hmm_devmem, ref);
1325 wait_for_completion(&devmem->completion);
1326 percpu_ref_exit(ref);
1329 static void hmm_devmem_ref_kill(struct percpu_ref *ref)
1331 percpu_ref_kill(ref);
1334 static vm_fault_t hmm_devmem_fault(struct vm_area_struct *vma,
1336 const struct page *page,
1340 struct hmm_devmem *devmem = page->pgmap->data;
1342 return devmem->ops->fault(devmem, vma, addr, page, flags, pmdp);
1345 static void hmm_devmem_free(struct page *page, void *data)
1347 struct hmm_devmem *devmem = data;
1349 page->mapping = NULL;
1351 devmem->ops->free(devmem, page);
1355 * hmm_devmem_add() - hotplug ZONE_DEVICE memory for device memory
1357 * @ops: memory event device driver callback (see struct hmm_devmem_ops)
1358 * @device: device struct to bind the resource too
1359 * @size: size in bytes of the device memory to add
1360 * Return: pointer to new hmm_devmem struct ERR_PTR otherwise
1362 * This function first finds an empty range of physical address big enough to
1363 * contain the new resource, and then hotplugs it as ZONE_DEVICE memory, which
1364 * in turn allocates struct pages. It does not do anything beyond that; all
1365 * events affecting the memory will go through the various callbacks provided
1366 * by hmm_devmem_ops struct.
1368 * Device driver should call this function during device initialization and
1369 * is then responsible of memory management. HMM only provides helpers.
1371 struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops,
1372 struct device *device,
1375 struct hmm_devmem *devmem;
1376 resource_size_t addr;
1380 dev_pagemap_get_ops();
1382 devmem = devm_kzalloc(device, sizeof(*devmem), GFP_KERNEL);
1384 return ERR_PTR(-ENOMEM);
1386 init_completion(&devmem->completion);
1387 devmem->pfn_first = -1UL;
1388 devmem->pfn_last = -1UL;
1389 devmem->resource = NULL;
1390 devmem->device = device;
1393 ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release,
1396 return ERR_PTR(ret);
1398 ret = devm_add_action_or_reset(device, hmm_devmem_ref_exit, &devmem->ref);
1400 return ERR_PTR(ret);
1402 size = ALIGN(size, PA_SECTION_SIZE);
1403 addr = min((unsigned long)iomem_resource.end,
1404 (1UL << MAX_PHYSMEM_BITS) - 1);
1405 addr = addr - size + 1UL;
1408 * FIXME add a new helper to quickly walk resource tree and find free
1411 * FIXME what about ioport_resource resource ?
1413 for (; addr > size && addr >= iomem_resource.start; addr -= size) {
1414 ret = region_intersects(addr, size, 0, IORES_DESC_NONE);
1415 if (ret != REGION_DISJOINT)
1418 devmem->resource = devm_request_mem_region(device, addr, size,
1420 if (!devmem->resource)
1421 return ERR_PTR(-ENOMEM);
1424 if (!devmem->resource)
1425 return ERR_PTR(-ERANGE);
1427 devmem->resource->desc = IORES_DESC_DEVICE_PRIVATE_MEMORY;
1428 devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
1429 devmem->pfn_last = devmem->pfn_first +
1430 (resource_size(devmem->resource) >> PAGE_SHIFT);
1431 devmem->page_fault = hmm_devmem_fault;
1433 devmem->pagemap.type = MEMORY_DEVICE_PRIVATE;
1434 devmem->pagemap.res = *devmem->resource;
1435 devmem->pagemap.page_free = hmm_devmem_free;
1436 devmem->pagemap.altmap_valid = false;
1437 devmem->pagemap.ref = &devmem->ref;
1438 devmem->pagemap.data = devmem;
1439 devmem->pagemap.kill = hmm_devmem_ref_kill;
1441 result = devm_memremap_pages(devmem->device, &devmem->pagemap);
1446 EXPORT_SYMBOL_GPL(hmm_devmem_add);
1448 struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops,
1449 struct device *device,
1450 struct resource *res)
1452 struct hmm_devmem *devmem;
1456 if (res->desc != IORES_DESC_DEVICE_PUBLIC_MEMORY)
1457 return ERR_PTR(-EINVAL);
1459 dev_pagemap_get_ops();
1461 devmem = devm_kzalloc(device, sizeof(*devmem), GFP_KERNEL);
1463 return ERR_PTR(-ENOMEM);
1465 init_completion(&devmem->completion);
1466 devmem->pfn_first = -1UL;
1467 devmem->pfn_last = -1UL;
1468 devmem->resource = res;
1469 devmem->device = device;
1472 ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release,
1475 return ERR_PTR(ret);
1477 ret = devm_add_action_or_reset(device, hmm_devmem_ref_exit,
1480 return ERR_PTR(ret);
1482 devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
1483 devmem->pfn_last = devmem->pfn_first +
1484 (resource_size(devmem->resource) >> PAGE_SHIFT);
1485 devmem->page_fault = hmm_devmem_fault;
1487 devmem->pagemap.type = MEMORY_DEVICE_PUBLIC;
1488 devmem->pagemap.res = *devmem->resource;
1489 devmem->pagemap.page_free = hmm_devmem_free;
1490 devmem->pagemap.altmap_valid = false;
1491 devmem->pagemap.ref = &devmem->ref;
1492 devmem->pagemap.data = devmem;
1493 devmem->pagemap.kill = hmm_devmem_ref_kill;
1495 result = devm_memremap_pages(devmem->device, &devmem->pagemap);
1500 EXPORT_SYMBOL_GPL(hmm_devmem_add_resource);
1503 * A device driver that wants to handle multiple devices memory through a
1504 * single fake device can use hmm_device to do so. This is purely a helper
1505 * and it is not needed to make use of any HMM functionality.
1507 #define HMM_DEVICE_MAX 256
1509 static DECLARE_BITMAP(hmm_device_mask, HMM_DEVICE_MAX);
1510 static DEFINE_SPINLOCK(hmm_device_lock);
1511 static struct class *hmm_device_class;
1512 static dev_t hmm_device_devt;
1514 static void hmm_device_release(struct device *device)
1516 struct hmm_device *hmm_device;
1518 hmm_device = container_of(device, struct hmm_device, device);
1519 spin_lock(&hmm_device_lock);
1520 clear_bit(hmm_device->minor, hmm_device_mask);
1521 spin_unlock(&hmm_device_lock);
1526 struct hmm_device *hmm_device_new(void *drvdata)
1528 struct hmm_device *hmm_device;
1530 hmm_device = kzalloc(sizeof(*hmm_device), GFP_KERNEL);
1532 return ERR_PTR(-ENOMEM);
1534 spin_lock(&hmm_device_lock);
1535 hmm_device->minor = find_first_zero_bit(hmm_device_mask, HMM_DEVICE_MAX);
1536 if (hmm_device->minor >= HMM_DEVICE_MAX) {
1537 spin_unlock(&hmm_device_lock);
1539 return ERR_PTR(-EBUSY);
1541 set_bit(hmm_device->minor, hmm_device_mask);
1542 spin_unlock(&hmm_device_lock);
1544 dev_set_name(&hmm_device->device, "hmm_device%d", hmm_device->minor);
1545 hmm_device->device.devt = MKDEV(MAJOR(hmm_device_devt),
1547 hmm_device->device.release = hmm_device_release;
1548 dev_set_drvdata(&hmm_device->device, drvdata);
1549 hmm_device->device.class = hmm_device_class;
1550 device_initialize(&hmm_device->device);
1554 EXPORT_SYMBOL(hmm_device_new);
1556 void hmm_device_put(struct hmm_device *hmm_device)
1558 put_device(&hmm_device->device);
1560 EXPORT_SYMBOL(hmm_device_put);
1562 static int __init hmm_init(void)
1566 ret = alloc_chrdev_region(&hmm_device_devt, 0,
1572 hmm_device_class = class_create(THIS_MODULE, "hmm_device");
1573 if (IS_ERR(hmm_device_class)) {
1574 unregister_chrdev_region(hmm_device_devt, HMM_DEVICE_MAX);
1575 return PTR_ERR(hmm_device_class);
1580 device_initcall(hmm_init);
1581 #endif /* CONFIG_DEVICE_PRIVATE || CONFIG_DEVICE_PUBLIC */
projects / linux-2.6-block.git / blob