2 * Lockless get_user_pages_fast for x86
4 * Copyright (C) 2008 Nick Piggin
5 * Copyright (C) 2008 Novell Inc.
7 #include <linux/sched.h>
9 #include <linux/vmstat.h>
10 #include <linux/highmem.h>
11 #include <linux/swap.h>
12 #include <linux/memremap.h>
14 #include <asm/pgtable.h>
16 static inline pte_t gup_get_pte(pte_t *ptep)
18 #ifndef CONFIG_X86_PAE
19 return READ_ONCE(*ptep);
22 * With get_user_pages_fast, we walk down the pagetables without taking
23 * any locks. For this we would like to load the pointers atomically,
24 * but that is not possible (without expensive cmpxchg8b) on PAE. What
25 * we do have is the guarantee that a pte will only either go from not
26 * present to present, or present to not present or both -- it will not
27 * switch to a completely different present page without a TLB flush in
28 * between; something that we are blocking by holding interrupts off.
30 * Setting ptes from not present to present goes:
35 * And present to not present goes:
40 * We must ensure here that the load of pte_low sees l iff pte_high
41 * sees h. We load pte_high *after* loading pte_low, which ensures we
42 * don't see an older value of pte_high. *Then* we recheck pte_low,
43 * which ensures that we haven't picked up a changed pte high. We might
44 * have got rubbish values from pte_low and pte_high, but we are
45 * guaranteed that pte_low will not have the present bit set *unless*
46 * it is 'l'. And get_user_pages_fast only operates on present ptes, so
49 * gup_get_pte should not be used or copied outside gup.c without being
50 * very careful -- it does not atomically load the pte or anything that
51 * is likely to be useful for you.
56 pte.pte_low = ptep->pte_low;
58 pte.pte_high = ptep->pte_high;
60 if (unlikely(pte.pte_low != ptep->pte_low))
67 static void undo_dev_pagemap(int *nr, int nr_start, struct page **pages)
69 while ((*nr) - nr_start) {
70 struct page *page = pages[--(*nr)];
72 ClearPageReferenced(page);
78 * 'pteval' can come from a pte, pmd or pud. We only check
79 * _PAGE_PRESENT, _PAGE_USER, and _PAGE_RW in here which are the
80 * same value on all 3 types.
82 static inline int pte_allows_gup(unsigned long pteval, int write)
84 unsigned long need_pte_bits = _PAGE_PRESENT|_PAGE_USER;
87 need_pte_bits |= _PAGE_RW;
89 if ((pteval & need_pte_bits) != need_pte_bits)
96 * The performance critical leaf functions are made noinline otherwise gcc
97 * inlines everything into a single function which results in too much
100 static noinline int gup_pte_range(pmd_t pmd, unsigned long addr,
101 unsigned long end, int write, struct page **pages, int *nr)
103 struct dev_pagemap *pgmap = NULL;
107 ptep = pte_offset_map(&pmd, addr);
109 pte_t pte = gup_get_pte(ptep);
112 /* Similar to the PMD case, NUMA hinting must take slow path */
113 if (pte_protnone(pte)) {
118 page = pte_page(pte);
119 if (pte_devmap(pte)) {
120 pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
121 if (unlikely(!pgmap)) {
122 undo_dev_pagemap(nr, nr_start, pages);
126 } else if (!pte_allows_gup(pte_val(pte), write) ||
131 VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
133 put_dev_pagemap(pgmap);
134 SetPageReferenced(page);
138 } while (ptep++, addr += PAGE_SIZE, addr != end);
144 static inline void get_head_page_multiple(struct page *page, int nr)
146 VM_BUG_ON_PAGE(page != compound_head(page), page);
147 VM_BUG_ON_PAGE(page_count(page) == 0, page);
148 atomic_add(nr, &page->_count);
149 SetPageReferenced(page);
152 static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr,
153 unsigned long end, struct page **pages, int *nr)
156 unsigned long pfn = pmd_pfn(pmd);
157 struct dev_pagemap *pgmap = NULL;
159 pfn += (addr & ~PMD_MASK) >> PAGE_SHIFT;
161 struct page *page = pfn_to_page(pfn);
163 pgmap = get_dev_pagemap(pfn, pgmap);
164 if (unlikely(!pgmap)) {
165 undo_dev_pagemap(nr, nr_start, pages);
168 SetPageReferenced(page);
171 put_dev_pagemap(pgmap);
174 } while (addr += PAGE_SIZE, addr != end);
178 static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
179 unsigned long end, int write, struct page **pages, int *nr)
181 struct page *head, *page;
184 if (!pte_allows_gup(pmd_val(pmd), write))
187 VM_BUG_ON(!pfn_valid(pmd_pfn(pmd)));
189 return __gup_device_huge_pmd(pmd, addr, end, pages, nr);
191 /* hugepages are never "special" */
192 VM_BUG_ON(pmd_flags(pmd) & _PAGE_SPECIAL);
195 head = pmd_page(pmd);
196 page = head + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
198 VM_BUG_ON_PAGE(compound_head(page) != head, page);
203 } while (addr += PAGE_SIZE, addr != end);
204 get_head_page_multiple(head, refs);
209 static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
210 int write, struct page **pages, int *nr)
215 pmdp = pmd_offset(&pud, addr);
219 next = pmd_addr_end(addr, end);
222 if (unlikely(pmd_large(pmd) || !pmd_present(pmd))) {
224 * NUMA hinting faults need to be handled in the GUP
225 * slowpath for accounting purposes and so that they
226 * can be serialised against THP migration.
228 if (pmd_protnone(pmd))
230 if (!gup_huge_pmd(pmd, addr, next, write, pages, nr))
233 if (!gup_pte_range(pmd, addr, next, write, pages, nr))
236 } while (pmdp++, addr = next, addr != end);
241 static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
242 unsigned long end, int write, struct page **pages, int *nr)
244 struct page *head, *page;
247 if (!pte_allows_gup(pud_val(pud), write))
249 /* hugepages are never "special" */
250 VM_BUG_ON(pud_flags(pud) & _PAGE_SPECIAL);
251 VM_BUG_ON(!pfn_valid(pud_pfn(pud)));
254 head = pud_page(pud);
255 page = head + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
257 VM_BUG_ON_PAGE(compound_head(page) != head, page);
262 } while (addr += PAGE_SIZE, addr != end);
263 get_head_page_multiple(head, refs);
268 static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
269 int write, struct page **pages, int *nr)
274 pudp = pud_offset(&pgd, addr);
278 next = pud_addr_end(addr, end);
281 if (unlikely(pud_large(pud))) {
282 if (!gup_huge_pud(pud, addr, next, write, pages, nr))
285 if (!gup_pmd_range(pud, addr, next, write, pages, nr))
288 } while (pudp++, addr = next, addr != end);
294 * Like get_user_pages_fast() except its IRQ-safe in that it won't fall
295 * back to the regular GUP.
297 int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
300 struct mm_struct *mm = current->mm;
301 unsigned long addr, len, end;
309 len = (unsigned long) nr_pages << PAGE_SHIFT;
311 if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
312 (void __user *)start, len)))
316 * XXX: batch / limit 'nr', to avoid large irq off latency
317 * needs some instrumenting to determine the common sizes used by
318 * important workloads (eg. DB2), and whether limiting the batch size
319 * will decrease performance.
321 * It seems like we're in the clear for the moment. Direct-IO is
322 * the main guy that batches up lots of get_user_pages, and even
323 * they are limited to 64-at-a-time which is not so many.
326 * This doesn't prevent pagetable teardown, but does prevent
327 * the pagetables and pages from being freed on x86.
329 * So long as we atomically load page table pointers versus teardown
330 * (which we do on x86, with the above PAE exception), we can follow the
331 * address down to the the page and take a ref on it.
333 local_irq_save(flags);
334 pgdp = pgd_offset(mm, addr);
338 next = pgd_addr_end(addr, end);
341 if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
343 } while (pgdp++, addr = next, addr != end);
344 local_irq_restore(flags);
350 * get_user_pages_fast() - pin user pages in memory
351 * @start: starting user address
352 * @nr_pages: number of pages from start to pin
353 * @write: whether pages will be written to
354 * @pages: array that receives pointers to the pages pinned.
355 * Should be at least nr_pages long.
357 * Attempt to pin user pages in memory without taking mm->mmap_sem.
358 * If not successful, it will fall back to taking the lock and
359 * calling get_user_pages().
361 * Returns number of pages pinned. This may be fewer than the number
362 * requested. If nr_pages is 0 or negative, returns 0. If no pages
363 * were pinned, returns -errno.
365 int get_user_pages_fast(unsigned long start, int nr_pages, int write,
368 struct mm_struct *mm = current->mm;
369 unsigned long addr, len, end;
376 len = (unsigned long) nr_pages << PAGE_SHIFT;
383 if (end >> __VIRTUAL_MASK_SHIFT)
388 * XXX: batch / limit 'nr', to avoid large irq off latency
389 * needs some instrumenting to determine the common sizes used by
390 * important workloads (eg. DB2), and whether limiting the batch size
391 * will decrease performance.
393 * It seems like we're in the clear for the moment. Direct-IO is
394 * the main guy that batches up lots of get_user_pages, and even
395 * they are limited to 64-at-a-time which is not so many.
398 * This doesn't prevent pagetable teardown, but does prevent
399 * the pagetables and pages from being freed on x86.
401 * So long as we atomically load page table pointers versus teardown
402 * (which we do on x86, with the above PAE exception), we can follow the
403 * address down to the the page and take a ref on it.
406 pgdp = pgd_offset(mm, addr);
410 next = pgd_addr_end(addr, end);
413 if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
415 } while (pgdp++, addr = next, addr != end);
418 VM_BUG_ON(nr != (end - start) >> PAGE_SHIFT);
427 /* Try to get the remaining pages with get_user_pages */
428 start += nr << PAGE_SHIFT;
431 ret = get_user_pages_unlocked(start,
432 (end - start) >> PAGE_SHIFT,
435 /* Have to be a bit careful with return values */
projects / cascardo / linux.git / blob