[mirror_ubuntu-artful-kernel.git] / arch / x86 / mm / gup.c

/*
 * Lockless get_user_pages_fast for x86
 *
 * Copyright (C) 2008 Nick Piggin
 * Copyright (C) 2008 Novell Inc.
 */
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/vmstat.h>
#include <linux/highmem.h>
#include <linux/swap.h>
#include <linux/memremap.h>

#include <asm/mmu_context.h>
#include <asm/pgtable.h>

static inline pte_t gup_get_pte(pte_t *ptep)
{
#ifndef CONFIG_X86_PAE
	return READ_ONCE(*ptep);
#else
	/*
	 * With get_user_pages_fast, we walk down the pagetables without taking
	 * any locks.  For this we would like to load the pointers atomically,
	 * but that is not possible (without expensive cmpxchg8b) on PAE.  What
	 * we do have is the guarantee that a pte will only either go from not
	 * present to present, or present to not present or both -- it will not
	 * switch to a completely different present page without a TLB flush in
	 * between; something that we are blocking by holding interrupts off.
	 *
	 * Setting ptes from not present to present goes:
	 * ptep->pte_high = h;
	 * smp_wmb();
	 * ptep->pte_low = l;
	 *
	 * And present to not present goes:
	 * ptep->pte_low = 0;
	 * smp_wmb();
	 * ptep->pte_high = 0;
	 *
	 * We must ensure here that the load of pte_low sees l iff pte_high
	 * sees h. We load pte_high *after* loading pte_low, which ensures we
	 * don't see an older value of pte_high.  *Then* we recheck pte_low,
	 * which ensures that we haven't picked up a changed pte high. We might
	 * have got rubbish values from pte_low and pte_high, but we are
	 * guaranteed that pte_low will not have the present bit set *unless*
	 * it is 'l'. And get_user_pages_fast only operates on present ptes, so
	 * we're safe.
	 *
	 * gup_get_pte should not be used or copied outside gup.c without being
	 * very careful -- it does not atomically load the pte or anything that
	 * is likely to be useful for you.
	 */
	pte_t pte;

retry:
	pte.pte_low = ptep->pte_low;
	smp_rmb();
	pte.pte_high = ptep->pte_high;
	smp_rmb();
	if (unlikely(pte.pte_low != ptep->pte_low))
		goto retry;

	return pte;
#endif
}

static void undo_dev_pagemap(int *nr, int nr_start, struct page **pages)
{
	while ((*nr) - nr_start) {
		struct page *page = pages[--(*nr)];

		ClearPageReferenced(page);
		put_page(page);
	}
}

/*
 * 'pteval' can come from a pte, pmd or pud.  We only check
 * _PAGE_PRESENT, _PAGE_USER, and _PAGE_RW in here which are the
 * same value on all 3 types.
 */
static inline int pte_allows_gup(unsigned long pteval, int write)
{
	unsigned long need_pte_bits = _PAGE_PRESENT|_PAGE_USER;

	if (write)
		need_pte_bits |= _PAGE_RW;

	if ((pteval & need_pte_bits) != need_pte_bits)
		return 0;

	/* Check memory protection keys permissions. */
	if (!__pkru_allows_pkey(pte_flags_pkey(pteval), write))
		return 0;

	return 1;
}

/*
 * The performance critical leaf functions are made noinline otherwise gcc
 * inlines everything into a single function which results in too much
 * register pressure.
 */
static noinline int gup_pte_range(pmd_t pmd, unsigned long addr,
		unsigned long end, int write, struct page **pages, int *nr)
{
	struct dev_pagemap *pgmap = NULL;
	int nr_start = *nr;
	pte_t *ptep;

	ptep = pte_offset_map(&pmd, addr);
	do {
		pte_t pte = gup_get_pte(ptep);
		struct page *page;

		/* Similar to the PMD case, NUMA hinting must take slow path */
		if (pte_protnone(pte)) {
			pte_unmap(ptep);
			return 0;
		}

		if (!pte_allows_gup(pte_val(pte), write)) {
			pte_unmap(ptep);
			return 0;
		}

		if (pte_devmap(pte)) {
			pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
			if (unlikely(!pgmap)) {
				undo_dev_pagemap(nr, nr_start, pages);
				pte_unmap(ptep);
				return 0;
			}
		} else if (pte_special(pte)) {
			pte_unmap(ptep);
			return 0;
		}
		VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
		page = pte_page(pte);
		get_page(page);
		put_dev_pagemap(pgmap);
		SetPageReferenced(page);
		pages[*nr] = page;
		(*nr)++;

	} while (ptep++, addr += PAGE_SIZE, addr != end);
	pte_unmap(ptep - 1);

	return 1;
}

static inline void get_head_page_multiple(struct page *page, int nr)
{
	VM_BUG_ON_PAGE(page != compound_head(page), page);
	VM_BUG_ON_PAGE(page_count(page) == 0, page);
	page_ref_add(page, nr);
	SetPageReferenced(page);
}

static int __gup_device_huge(unsigned long pfn, unsigned long addr,
		unsigned long end, struct page **pages, int *nr)
{
	int nr_start = *nr;
	struct dev_pagemap *pgmap = NULL;

	do {
		struct page *page = pfn_to_page(pfn);

		pgmap = get_dev_pagemap(pfn, pgmap);
		if (unlikely(!pgmap)) {
			undo_dev_pagemap(nr, nr_start, pages);
			return 0;
		}
		SetPageReferenced(page);
		pages[*nr] = page;
		get_page(page);
		put_dev_pagemap(pgmap);
		(*nr)++;
		pfn++;
	} while (addr += PAGE_SIZE, addr != end);
	return 1;
}

static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr,
		unsigned long end, struct page **pages, int *nr)
{
	unsigned long fault_pfn;

	fault_pfn = pmd_pfn(pmd) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
	return __gup_device_huge(fault_pfn, addr, end, pages, nr);
}

static int __gup_device_huge_pud(pud_t pud, unsigned long addr,
		unsigned long end, struct page **pages, int *nr)
{
	unsigned long fault_pfn;

	fault_pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
	return __gup_device_huge(fault_pfn, addr, end, pages, nr);
}

static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
		unsigned long end, int write, struct page **pages, int *nr)
{
	struct page *head, *page;
	int refs;

	if (!pte_allows_gup(pmd_val(pmd), write))
		return 0;

	VM_BUG_ON(!pfn_valid(pmd_pfn(pmd)));
	if (pmd_devmap(pmd))
		return __gup_device_huge_pmd(pmd, addr, end, pages, nr);

	/* hugepages are never "special" */
	VM_BUG_ON(pmd_flags(pmd) & _PAGE_SPECIAL);

	refs = 0;
	head = pmd_page(pmd);
	page = head + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
	do {
		VM_BUG_ON_PAGE(compound_head(page) != head, page);
		pages[*nr] = page;
		(*nr)++;
		page++;
		refs++;
	} while (addr += PAGE_SIZE, addr != end);
	get_head_page_multiple(head, refs);

	return 1;
}

static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
		int write, struct page **pages, int *nr)
{
	unsigned long next;
	pmd_t *pmdp;

	pmdp = pmd_offset(&pud, addr);
	do {
		pmd_t pmd = *pmdp;

		next = pmd_addr_end(addr, end);
		if (pmd_none(pmd))
			return 0;
		if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) {
			/*
			 * NUMA hinting faults need to be handled in the GUP
			 * slowpath for accounting purposes and so that they
			 * can be serialised against THP migration.
			 */
			if (pmd_protnone(pmd))
				return 0;
			if (!gup_huge_pmd(pmd, addr, next, write, pages, nr))
				return 0;
		} else {
			if (!gup_pte_range(pmd, addr, next, write, pages, nr))
				return 0;
		}
	} while (pmdp++, addr = next, addr != end);

	return 1;
}

static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
		unsigned long end, int write, struct page **pages, int *nr)
{
	struct page *head, *page;
	int refs;

	if (!pte_allows_gup(pud_val(pud), write))
		return 0;

	VM_BUG_ON(!pfn_valid(pud_pfn(pud)));
	if (pud_devmap(pud))
		return __gup_device_huge_pud(pud, addr, end, pages, nr);

	/* hugepages are never "special" */
	VM_BUG_ON(pud_flags(pud) & _PAGE_SPECIAL);

	refs = 0;
	head = pud_page(pud);
	page = head + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
	do {
		VM_BUG_ON_PAGE(compound_head(page) != head, page);
		pages[*nr] = page;
		(*nr)++;
		page++;
		refs++;
	} while (addr += PAGE_SIZE, addr != end);
	get_head_page_multiple(head, refs);

	return 1;
}

static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
			int write, struct page **pages, int *nr)
{
	unsigned long next;
	pud_t *pudp;

	pudp = pud_offset(&pgd, addr);
	do {
		pud_t pud = *pudp;

		next = pud_addr_end(addr, end);
		if (pud_none(pud))
			return 0;
		if (unlikely(pud_large(pud))) {
			if (!gup_huge_pud(pud, addr, next, write, pages, nr))
				return 0;
		} else {
			if (!gup_pmd_range(pud, addr, next, write, pages, nr))
				return 0;
		}
	} while (pudp++, addr = next, addr != end);

	return 1;
}

/*
 * Like get_user_pages_fast() except its IRQ-safe in that it won't fall
 * back to the regular GUP.
 */
int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
			  struct page **pages)
{
	struct mm_struct *mm = current->mm;
	unsigned long addr, len, end;
	unsigned long next;
	unsigned long flags;
	pgd_t *pgdp;
	int nr = 0;

	start &= PAGE_MASK;
	addr = start;
	len = (unsigned long) nr_pages << PAGE_SHIFT;
	end = start + len;
	if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
					(void __user *)start, len)))
		return 0;

	/*
	 * XXX: batch / limit 'nr', to avoid large irq off latency
	 * needs some instrumenting to determine the common sizes used by
	 * important workloads (eg. DB2), and whether limiting the batch size
	 * will decrease performance.
	 *
	 * It seems like we're in the clear for the moment. Direct-IO is
	 * the main guy that batches up lots of get_user_pages, and even
	 * they are limited to 64-at-a-time which is not so many.
	 */
	/*
	 * This doesn't prevent pagetable teardown, but does prevent
	 * the pagetables and pages from being freed on x86.
	 *
	 * So long as we atomically load page table pointers versus teardown
	 * (which we do on x86, with the above PAE exception), we can follow the
	 * address down to the the page and take a ref on it.
	 */
	local_irq_save(flags);
	pgdp = pgd_offset(mm, addr);
	do {
		pgd_t pgd = *pgdp;

		next = pgd_addr_end(addr, end);
		if (pgd_none(pgd))
			break;
		if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
			break;
	} while (pgdp++, addr = next, addr != end);
	local_irq_restore(flags);

	return nr;
}

/**
 * get_user_pages_fast() - pin user pages in memory
 * @start:	starting user address
 * @nr_pages:	number of pages from start to pin
 * @write:	whether pages will be written to
 * @pages:	array that receives pointers to the pages pinned.
 * 		Should be at least nr_pages long.
 *
 * Attempt to pin user pages in memory without taking mm->mmap_sem.
 * If not successful, it will fall back to taking the lock and
 * calling get_user_pages().
 *
 * Returns number of pages pinned. This may be fewer than the number
 * requested. If nr_pages is 0 or negative, returns 0. If no pages
 * were pinned, returns -errno.
 */
int get_user_pages_fast(unsigned long start, int nr_pages, int write,
			struct page **pages)
{
	struct mm_struct *mm = current->mm;
	unsigned long addr, len, end;
	unsigned long next;
	pgd_t *pgdp;
	int nr = 0;

	start &= PAGE_MASK;
	addr = start;
	len = (unsigned long) nr_pages << PAGE_SHIFT;

	end = start + len;
	if (end < start)
		goto slow_irqon;

#ifdef CONFIG_X86_64
	if (end >> __VIRTUAL_MASK_SHIFT)
		goto slow_irqon;
#endif

	/*
	 * XXX: batch / limit 'nr', to avoid large irq off latency
	 * needs some instrumenting to determine the common sizes used by
	 * important workloads (eg. DB2), and whether limiting the batch size
	 * will decrease performance.
	 *
	 * It seems like we're in the clear for the moment. Direct-IO is
	 * the main guy that batches up lots of get_user_pages, and even
	 * they are limited to 64-at-a-time which is not so many.
	 */
	/*
	 * This doesn't prevent pagetable teardown, but does prevent
	 * the pagetables and pages from being freed on x86.
	 *
	 * So long as we atomically load page table pointers versus teardown
	 * (which we do on x86, with the above PAE exception), we can follow the
	 * address down to the the page and take a ref on it.
	 */
	local_irq_disable();
	pgdp = pgd_offset(mm, addr);
	do {
		pgd_t pgd = *pgdp;

		next = pgd_addr_end(addr, end);
		if (pgd_none(pgd))
			goto slow;
		if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
			goto slow;
	} while (pgdp++, addr = next, addr != end);
	local_irq_enable();

	VM_BUG_ON(nr != (end - start) >> PAGE_SHIFT);
	return nr;

	{
		int ret;

slow:
		local_irq_enable();
slow_irqon:
		/* Try to get the remaining pages with get_user_pages */
		start += nr << PAGE_SHIFT;
		pages += nr;

		ret = get_user_pages_unlocked(start,
					      (end - start) >> PAGE_SHIFT,
					      pages, write ? FOLL_WRITE : 0);

		/* Have to be a bit careful with return values */
		if (nr > 0) {
			if (ret < 0)
				ret = nr;
			else
				ret += nr;
		}

		return ret;
	}
}
Commit	Line	Data
8174c430 NP	1	/*
	2	* Lockless get_user_pages_fast for x86
	3	*
	4	* Copyright (C) 2008 Nick Piggin
	5	* Copyright (C) 2008 Novell Inc.
	6	*/
	7	#include <linux/sched.h>
	8	#include <linux/mm.h>
	9	#include <linux/vmstat.h>
	10	#include <linux/highmem.h>
8ee53820	11	#include <linux/swap.h>
3565fce3	12	#include <linux/memremap.h>
8174c430	13
33a709b2	14	#include <asm/mmu_context.h>
8174c430 NP	15	#include <asm/pgtable.h>
	16
	17	static inline pte_t gup_get_pte(pte_t *ptep)
	18	{
	19	#ifndef CONFIG_X86_PAE
14cf3d97	20	return READ_ONCE(*ptep);
8174c430 NP	21	#else
	22	/*
	23	* With get_user_pages_fast, we walk down the pagetables without taking
ab09809f	24	* any locks. For this we would like to load the pointers atomically,
8174c430 NP	25	* but that is not possible (without expensive cmpxchg8b) on PAE. What
	26	* we do have is the guarantee that a pte will only either go from not
	27	* present to present, or present to not present or both -- it will not
	28	* switch to a completely different present page without a TLB flush in
	29	* between; something that we are blocking by holding interrupts off.
	30	*
	31	* Setting ptes from not present to present goes:
	32	* ptep->pte_high = h;
	33	* smp_wmb();
	34	* ptep->pte_low = l;
	35	*
	36	* And present to not present goes:
	37	* ptep->pte_low = 0;
	38	* smp_wmb();
	39	* ptep->pte_high = 0;
	40	*
	41	* We must ensure here that the load of pte_low sees l iff pte_high
	42	* sees h. We load pte_high after loading pte_low, which ensures we
	43	* don't see an older value of pte_high. Then we recheck pte_low,
	44	* which ensures that we haven't picked up a changed pte high. We might
	45	* have got rubbish values from pte_low and pte_high, but we are
	46	* guaranteed that pte_low will not have the present bit set unless
	47	* it is 'l'. And get_user_pages_fast only operates on present ptes, so
	48	* we're safe.
	49	*
	50	* gup_get_pte should not be used or copied outside gup.c without being
	51	* very careful -- it does not atomically load the pte or anything that
	52	* is likely to be useful for you.
	53	*/
	54	pte_t pte;
	55
	56	retry:
	57	pte.pte_low = ptep->pte_low;
	58	smp_rmb();
	59	pte.pte_high = ptep->pte_high;
	60	smp_rmb();
	61	if (unlikely(pte.pte_low != ptep->pte_low))
	62	goto retry;
	63
	64	return pte;
	65	#endif
	66	}
	67
3565fce3 DW	68	static void undo_dev_pagemap(int nr, int nr_start, struct page *pages)
	69	{
	70	while ((*nr) - nr_start) {
	71	struct page page = pages[--(nr)];
	72
	73	ClearPageReferenced(page);
	74	put_page(page);
	75	}
	76	}
	77
1874f689 DH	78	/*
	79	* 'pteval' can come from a pte, pmd or pud. We only check
	80	* _PAGE_PRESENT, _PAGE_USER, and _PAGE_RW in here which are the
	81	* same value on all 3 types.
	82	*/
	83	static inline int pte_allows_gup(unsigned long pteval, int write)
	84	{
	85	unsigned long need_pte_bits = _PAGE_PRESENT\|_PAGE_USER;
	86
	87	if (write)
	88	need_pte_bits \|= _PAGE_RW;
	89
	90	if ((pteval & need_pte_bits) != need_pte_bits)
	91	return 0;
	92
33a709b2 DH	93	/* Check memory protection keys permissions. */
	94	if (!__pkru_allows_pkey(pte_flags_pkey(pteval), write))
	95	return 0;
	96
1874f689 DH	97	return 1;
	98	}
	99
8174c430 NP	100	/*
	101	* The performance critical leaf functions are made noinline otherwise gcc
	102	* inlines everything into a single function which results in too much
	103	* register pressure.
	104	*/
	105	static noinline int gup_pte_range(pmd_t pmd, unsigned long addr,
	106	unsigned long end, int write, struct page *pages, int nr)
	107	{
3565fce3	108	struct dev_pagemap *pgmap = NULL;
3565fce3	109	int nr_start = *nr;
8174c430 NP	110	pte_t *ptep;
8174c430 NP	111
8174c430 NP	112	ptep = pte_offset_map(&pmd, addr);
	113	do {
	114	pte_t pte = gup_get_pte(ptep);
	115	struct page *page;
	116
2b4847e7	117	/* Similar to the PMD case, NUMA hinting must take slow path */
8a0516ed	118	if (pte_protnone(pte)) {
2b4847e7 MG	119	pte_unmap(ptep);
	120	return 0;
	121	}
	122
ef947b25 DW	123	if (!pte_allows_gup(pte_val(pte), write)) {
	124	pte_unmap(ptep);
	125	return 0;
	126	}
	127
3565fce3 DW	128	if (pte_devmap(pte)) {
	129	pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
	130	if (unlikely(!pgmap)) {
	131	undo_dev_pagemap(nr, nr_start, pages);
	132	pte_unmap(ptep);
	133	return 0;
	134	}
ef947b25	135	} else if (pte_special(pte)) {
8174c430 NP	136	pte_unmap(ptep);
	137	return 0;
	138	}
	139	VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
457a98b0	140	page = pte_page(pte);
8174c430	141	get_page(page);
3565fce3	142	put_dev_pagemap(pgmap);
8ee53820	143	SetPageReferenced(page);
8174c430 NP	144	pages[*nr] = page;
	145	(*nr)++;
	146
	147	} while (ptep++, addr += PAGE_SIZE, addr != end);
	148	pte_unmap(ptep - 1);
	149
	150	return 1;
	151	}
	152
	153	static inline void get_head_page_multiple(struct page *page, int nr)
	154	{
309381fe SL	155	VM_BUG_ON_PAGE(page != compound_head(page), page);
309381fe SL	156	VM_BUG_ON_PAGE(page_count(page) == 0, page);
fe896d18	157	page_ref_add(page, nr);
8ee53820	158	SetPageReferenced(page);
8174c430 NP	159	}
8174c430 NP	160
220ced16	161	static int __gup_device_huge(unsigned long pfn, unsigned long addr,
3565fce3 DW	162	unsigned long end, struct page *pages, int nr)
	163	{
	164	int nr_start = *nr;
3565fce3 DW	165	struct dev_pagemap *pgmap = NULL;
3565fce3 DW	166
3565fce3 DW	167	do {
	168	struct page *page = pfn_to_page(pfn);
	169
	170	pgmap = get_dev_pagemap(pfn, pgmap);
	171	if (unlikely(!pgmap)) {
	172	undo_dev_pagemap(nr, nr_start, pages);
	173	return 0;
	174	}
	175	SetPageReferenced(page);
	176	pages[*nr] = page;
	177	get_page(page);
	178	put_dev_pagemap(pgmap);
	179	(*nr)++;
	180	pfn++;
	181	} while (addr += PAGE_SIZE, addr != end);
	182	return 1;
	183	}
	184
220ced16 DW	185	static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr,
	186	unsigned long end, struct page *pages, int nr)
	187	{
	188	unsigned long fault_pfn;
	189
	190	fault_pfn = pmd_pfn(pmd) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
	191	return __gup_device_huge(fault_pfn, addr, end, pages, nr);
	192	}
	193
	194	static int __gup_device_huge_pud(pud_t pud, unsigned long addr,
	195	unsigned long end, struct page *pages, int nr)
	196	{
	197	unsigned long fault_pfn;
	198
	199	fault_pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
	200	return __gup_device_huge(fault_pfn, addr, end, pages, nr);
	201	}
	202
8174c430 NP	203	static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
	204	unsigned long end, int write, struct page *pages, int nr)
	205	{
8174c430 NP	206	struct page head, page;
	207	int refs;
	208
1874f689	209	if (!pte_allows_gup(pmd_val(pmd), write))
8174c430	210	return 0;
3565fce3 DW	211
	212	VM_BUG_ON(!pfn_valid(pmd_pfn(pmd)));
	213	if (pmd_devmap(pmd))
	214	return __gup_device_huge_pmd(pmd, addr, end, pages, nr);
	215
8174c430	216	/* hugepages are never "special" */
daf3e35c	217	VM_BUG_ON(pmd_flags(pmd) & _PAGE_SPECIAL);
8174c430 NP	218
8174c430 NP	219	refs = 0;
daf3e35c	220	head = pmd_page(pmd);
652ea695	221	page = head + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
8174c430	222	do {
309381fe	223	VM_BUG_ON_PAGE(compound_head(page) != head, page);
8174c430 NP	224	pages[*nr] = page;
	225	(*nr)++;
	226	page++;
	227	refs++;
	228	} while (addr += PAGE_SIZE, addr != end);
	229	get_head_page_multiple(head, refs);
	230
	231	return 1;
	232	}
	233
	234	static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
	235	int write, struct page *pages, int nr)
	236	{
	237	unsigned long next;
	238	pmd_t *pmdp;
	239
	240	pmdp = pmd_offset(&pud, addr);
	241	do {
	242	pmd_t pmd = *pmdp;
	243
	244	next = pmd_addr_end(addr, end);
1f19617d	245	if (pmd_none(pmd))
8174c430	246	return 0;
cbef8478	247	if (unlikely(pmd_large(pmd) \|\| !pmd_present(pmd))) {
2b4847e7 MG	248	/*
	249	* NUMA hinting faults need to be handled in the GUP
	250	* slowpath for accounting purposes and so that they
	251	* can be serialised against THP migration.
	252	*/
8a0516ed	253	if (pmd_protnone(pmd))
2b4847e7	254	return 0;
8174c430 NP	255	if (!gup_huge_pmd(pmd, addr, next, write, pages, nr))
	256	return 0;
	257	} else {
	258	if (!gup_pte_range(pmd, addr, next, write, pages, nr))
	259	return 0;
	260	}
	261	} while (pmdp++, addr = next, addr != end);
	262
	263	return 1;
	264	}
	265
652ea695 NP	266	static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
	267	unsigned long end, int write, struct page *pages, int nr)
	268	{
652ea695 NP	269	struct page head, page;
	270	int refs;
	271
1874f689	272	if (!pte_allows_gup(pud_val(pud), write))
652ea695	273	return 0;
220ced16 DW	274
	275	VM_BUG_ON(!pfn_valid(pud_pfn(pud)));
	276	if (pud_devmap(pud))
	277	return __gup_device_huge_pud(pud, addr, end, pages, nr);
	278
652ea695	279	/* hugepages are never "special" */
daf3e35c	280	VM_BUG_ON(pud_flags(pud) & _PAGE_SPECIAL);
652ea695 NP	281
652ea695 NP	282	refs = 0;
daf3e35c	283	head = pud_page(pud);
652ea695 NP	284	page = head + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
652ea695 NP	285	do {
309381fe	286	VM_BUG_ON_PAGE(compound_head(page) != head, page);
652ea695 NP	287	pages[*nr] = page;
	288	(*nr)++;
	289	page++;
	290	refs++;
	291	} while (addr += PAGE_SIZE, addr != end);
	292	get_head_page_multiple(head, refs);
	293
	294	return 1;
	295	}
	296
8174c430 NP	297	static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
	298	int write, struct page *pages, int nr)
	299	{
	300	unsigned long next;
	301	pud_t *pudp;
	302
	303	pudp = pud_offset(&pgd, addr);
	304	do {
	305	pud_t pud = *pudp;
	306
	307	next = pud_addr_end(addr, end);
	308	if (pud_none(pud))
	309	return 0;
652ea695 NP	310	if (unlikely(pud_large(pud))) {
	311	if (!gup_huge_pud(pud, addr, next, write, pages, nr))
	312	return 0;
	313	} else {
	314	if (!gup_pmd_range(pud, addr, next, write, pages, nr))
	315	return 0;
	316	}
8174c430 NP	317	} while (pudp++, addr = next, addr != end);
	318
	319	return 1;
	320	}
	321
465a454f PZ	322	/*
	323	* Like get_user_pages_fast() except its IRQ-safe in that it won't fall
	324	* back to the regular GUP.
	325	*/
	326	int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
	327	struct page **pages)
	328	{
	329	struct mm_struct *mm = current->mm;
	330	unsigned long addr, len, end;
	331	unsigned long next;
	332	unsigned long flags;
	333	pgd_t *pgdp;
	334	int nr = 0;
	335
	336	start &= PAGE_MASK;
	337	addr = start;
	338	len = (unsigned long) nr_pages << PAGE_SHIFT;
	339	end = start + len;
	340	if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
	341	(void __user *)start, len)))
	342	return 0;
	343
	344	/*
	345	* XXX: batch / limit 'nr', to avoid large irq off latency
	346	* needs some instrumenting to determine the common sizes used by
	347	* important workloads (eg. DB2), and whether limiting the batch size
	348	* will decrease performance.
	349	*
	350	* It seems like we're in the clear for the moment. Direct-IO is
	351	* the main guy that batches up lots of get_user_pages, and even
	352	* they are limited to 64-at-a-time which is not so many.
	353	*/
	354	/*
	355	* This doesn't prevent pagetable teardown, but does prevent
	356	* the pagetables and pages from being freed on x86.
	357	*
	358	* So long as we atomically load page table pointers versus teardown
	359	* (which we do on x86, with the above PAE exception), we can follow the
	360	* address down to the the page and take a ref on it.
	361	*/
	362	local_irq_save(flags);
	363	pgdp = pgd_offset(mm, addr);
	364	do {
	365	pgd_t pgd = *pgdp;
	366
	367	next = pgd_addr_end(addr, end);
	368	if (pgd_none(pgd))
	369	break;
	370	if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
	371	break;
	372	} while (pgdp++, addr = next, addr != end);
	373	local_irq_restore(flags);
	374
	375	return nr;
	376	}
	377
a0d22f48 AG	378	/**
	379	* get_user_pages_fast() - pin user pages in memory
	380	* @start: starting user address
	381	* @nr_pages: number of pages from start to pin
	382	* @write: whether pages will be written to
	383	* @pages: array that receives pointers to the pages pinned.
	384	* Should be at least nr_pages long.
	385	*
	386	* Attempt to pin user pages in memory without taking mm->mmap_sem.
	387	* If not successful, it will fall back to taking the lock and
	388	* calling get_user_pages().
	389	*
	390	* Returns number of pages pinned. This may be fewer than the number
	391	* requested. If nr_pages is 0 or negative, returns 0. If no pages
	392	* were pinned, returns -errno.
	393	*/
8174c430 NP	394	int get_user_pages_fast(unsigned long start, int nr_pages, int write,
	395	struct page **pages)
	396	{
	397	struct mm_struct *mm = current->mm;
9b79022c	398	unsigned long addr, len, end;
8174c430 NP	399	unsigned long next;
	400	pgd_t *pgdp;
	401	int nr = 0;
	402
9b79022c LT	403	start &= PAGE_MASK;
	404	addr = start;
	405	len = (unsigned long) nr_pages << PAGE_SHIFT;
7f818906	406
9b79022c	407	end = start + len;
7f818906 LT	408	if (end < start)
	409	goto slow_irqon;
	410
	411	#ifdef CONFIG_X86_64
	412	if (end >> __VIRTUAL_MASK_SHIFT)
8174c430	413	goto slow_irqon;
7f818906	414	#endif
8174c430 NP	415
	416	/*
	417	* XXX: batch / limit 'nr', to avoid large irq off latency
	418	* needs some instrumenting to determine the common sizes used by
	419	* important workloads (eg. DB2), and whether limiting the batch size
	420	* will decrease performance.
	421	*
	422	* It seems like we're in the clear for the moment. Direct-IO is
	423	* the main guy that batches up lots of get_user_pages, and even
	424	* they are limited to 64-at-a-time which is not so many.
	425	*/
	426	/*
	427	* This doesn't prevent pagetable teardown, but does prevent
	428	* the pagetables and pages from being freed on x86.
	429	*
	430	* So long as we atomically load page table pointers versus teardown
	431	* (which we do on x86, with the above PAE exception), we can follow the
	432	* address down to the the page and take a ref on it.
	433	*/
	434	local_irq_disable();
	435	pgdp = pgd_offset(mm, addr);
	436	do {
	437	pgd_t pgd = *pgdp;
	438
	439	next = pgd_addr_end(addr, end);
	440	if (pgd_none(pgd))
	441	goto slow;
	442	if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
	443	goto slow;
	444	} while (pgdp++, addr = next, addr != end);
	445	local_irq_enable();
	446
	447	VM_BUG_ON(nr != (end - start) >> PAGE_SHIFT);
	448	return nr;
	449
	450	{
	451	int ret;
	452
	453	slow:
	454	local_irq_enable();
	455	slow_irqon:
	456	/* Try to get the remaining pages with get_user_pages */
	457	start += nr << PAGE_SHIFT;
	458	pages += nr;
	459
d4edcf0d	460	ret = get_user_pages_unlocked(start,
a7b78075	461	(end - start) >> PAGE_SHIFT,
c164154f	462	pages, write ? FOLL_WRITE : 0);
8174c430 NP	463
	464	/* Have to be a bit careful with return values */
	465	if (nr > 0) {
	466	if (ret < 0)
	467	ret = nr;
	468	else
	469	ret += nr;
	470	}
	471
	472	return ret;
	473	}
	474	}