1 #include <linux/kernel.h>
2 #include <linux/errno.h>
4 #include <linux/spinlock.h>
7 #include <linux/memremap.h>
8 #include <linux/pagemap.h>
9 #include <linux/rmap.h>
10 #include <linux/swap.h>
11 #include <linux/swapops.h>
13 #include <linux/sched/signal.h>
14 #include <linux/rwsem.h>
15 #include <linux/hugetlb.h>
17 #include <asm/mmu_context.h>
18 #include <asm/pgtable.h>
19 #include <asm/tlbflush.h>
23 static struct page *no_page_table(struct vm_area_struct *vma,
27 * When core dumping an enormous anonymous area that nobody
28 * has touched so far, we don't want to allocate unnecessary pages or
29 * page tables. Return error instead of NULL to skip handle_mm_fault,
30 * then get_dump_page() will return NULL to leave a hole in the dump.
31 * But we can only make this optimization where a hole would surely
32 * be zero-filled if handle_mm_fault() actually did handle it.
34 if ((flags & FOLL_DUMP) && (!vma->vm_ops || !vma->vm_ops->fault))
35 return ERR_PTR(-EFAULT);
39 static int follow_pfn_pte(struct vm_area_struct *vma, unsigned long address,
40 pte_t *pte, unsigned int flags)
42 /* No page to get reference */
46 if (flags & FOLL_TOUCH) {
49 if (flags & FOLL_WRITE)
50 entry = pte_mkdirty(entry);
51 entry = pte_mkyoung(entry);
53 if (!pte_same(*pte, entry)) {
54 set_pte_at(vma->vm_mm, address, pte, entry);
55 update_mmu_cache(vma, address, pte);
59 /* Proper page table entry exists, but no corresponding struct page */
64 * FOLL_FORCE or a forced COW break can write even to unwritable pte's,
65 * but only after we've gone through a COW cycle and they are dirty.
67 static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
69 return pte_write(pte) || ((flags & FOLL_COW) && pte_dirty(pte));
73 * A (separate) COW fault might break the page the other way and
74 * get_user_pages() would return the page from what is now the wrong
75 * VM. So we need to force a COW break at GUP time even for reads.
77 static inline bool should_force_cow_break(struct vm_area_struct *vma, unsigned int flags)
79 return is_cow_mapping(vma->vm_flags) && (flags & FOLL_GET);
82 static struct page *follow_page_pte(struct vm_area_struct *vma,
83 unsigned long address, pmd_t *pmd, unsigned int flags)
85 struct mm_struct *mm = vma->vm_mm;
86 struct dev_pagemap *pgmap = NULL;
92 if (unlikely(pmd_bad(*pmd)))
93 return no_page_table(vma, flags);
95 ptep = pte_offset_map_lock(mm, pmd, address, &ptl);
97 if (!pte_present(pte)) {
100 * KSM's break_ksm() relies upon recognizing a ksm page
101 * even while it is being migrated, so for that case we
102 * need migration_entry_wait().
104 if (likely(!(flags & FOLL_MIGRATION)))
108 entry = pte_to_swp_entry(pte);
109 if (!is_migration_entry(entry))
111 pte_unmap_unlock(ptep, ptl);
112 migration_entry_wait(mm, pmd, address);
115 if ((flags & FOLL_NUMA) && pte_protnone(pte))
117 if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) {
118 pte_unmap_unlock(ptep, ptl);
122 page = vm_normal_page(vma, address, pte);
123 if (!page && pte_devmap(pte) && (flags & FOLL_GET)) {
125 * Only return device mapping pages in the FOLL_GET case since
126 * they are only valid while holding the pgmap reference.
128 pgmap = get_dev_pagemap(pte_pfn(pte), NULL);
130 page = pte_page(pte);
133 } else if (unlikely(!page)) {
134 if (flags & FOLL_DUMP) {
135 /* Avoid special (like zero) pages in core dumps */
136 page = ERR_PTR(-EFAULT);
140 if (is_zero_pfn(pte_pfn(pte))) {
141 page = pte_page(pte);
145 ret = follow_pfn_pte(vma, address, ptep, flags);
151 if (flags & FOLL_SPLIT && PageTransCompound(page)) {
154 pte_unmap_unlock(ptep, ptl);
156 ret = split_huge_page(page);
164 if (flags & FOLL_GET) {
165 if (unlikely(!try_get_page(page))) {
166 page = ERR_PTR(-ENOMEM);
170 /* drop the pgmap reference now that we hold the page */
172 put_dev_pagemap(pgmap);
176 if (flags & FOLL_TOUCH) {
177 if ((flags & FOLL_WRITE) &&
178 !pte_dirty(pte) && !PageDirty(page))
179 set_page_dirty(page);
181 * pte_mkyoung() would be more correct here, but atomic care
182 * is needed to avoid losing the dirty bit: it is easier to use
183 * mark_page_accessed().
185 mark_page_accessed(page);
187 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
188 /* Do not mlock pte-mapped THP */
189 if (PageTransCompound(page))
193 * The preliminary mapping check is mainly to avoid the
194 * pointless overhead of lock_page on the ZERO_PAGE
195 * which might bounce very badly if there is contention.
197 * If the page is already locked, we don't need to
198 * handle it now - vmscan will handle it later if and
199 * when it attempts to reclaim the page.
201 if (page->mapping && trylock_page(page)) {
202 lru_add_drain(); /* push cached pages to LRU */
204 * Because we lock page here, and migration is
205 * blocked by the pte's page reference, and we
206 * know the page is still mapped, we don't even
207 * need to check for file-cache page truncation.
209 mlock_vma_page(page);
214 pte_unmap_unlock(ptep, ptl);
217 pte_unmap_unlock(ptep, ptl);
220 return no_page_table(vma, flags);
223 static struct page *follow_pmd_mask(struct vm_area_struct *vma,
224 unsigned long address, pud_t *pudp,
225 unsigned int flags, unsigned int *page_mask)
230 struct mm_struct *mm = vma->vm_mm;
232 pmd = pmd_offset(pudp, address);
234 * The READ_ONCE() will stabilize the pmdval in a register or
235 * on the stack so that it will stop changing under the code.
237 pmdval = READ_ONCE(*pmd);
238 if (pmd_none(pmdval))
239 return no_page_table(vma, flags);
240 if (pmd_huge(pmdval) && vma->vm_flags & VM_HUGETLB) {
241 page = follow_huge_pmd(mm, address, pmd, flags);
244 return no_page_table(vma, flags);
246 if (is_hugepd(__hugepd(pmd_val(pmdval)))) {
247 page = follow_huge_pd(vma, address,
248 __hugepd(pmd_val(pmdval)), flags,
252 return no_page_table(vma, flags);
255 if (!pmd_present(pmdval)) {
256 if (likely(!(flags & FOLL_MIGRATION)))
257 return no_page_table(vma, flags);
258 VM_BUG_ON(thp_migration_supported() &&
259 !is_pmd_migration_entry(pmdval));
260 if (is_pmd_migration_entry(pmdval))
261 pmd_migration_entry_wait(mm, pmd);
262 pmdval = READ_ONCE(*pmd);
264 * MADV_DONTNEED may convert the pmd to null because
265 * mmap_sem is held in read mode
267 if (pmd_none(pmdval))
268 return no_page_table(vma, flags);
271 if (pmd_devmap(pmdval)) {
272 ptl = pmd_lock(mm, pmd);
273 page = follow_devmap_pmd(vma, address, pmd, flags);
278 if (likely(!pmd_trans_huge(pmdval)))
279 return follow_page_pte(vma, address, pmd, flags);
281 if ((flags & FOLL_NUMA) && pmd_protnone(pmdval))
282 return no_page_table(vma, flags);
285 ptl = pmd_lock(mm, pmd);
286 if (unlikely(pmd_none(*pmd))) {
288 return no_page_table(vma, flags);
290 if (unlikely(!pmd_present(*pmd))) {
292 if (likely(!(flags & FOLL_MIGRATION)))
293 return no_page_table(vma, flags);
294 pmd_migration_entry_wait(mm, pmd);
297 if (unlikely(!pmd_trans_huge(*pmd))) {
299 return follow_page_pte(vma, address, pmd, flags);
301 if (flags & FOLL_SPLIT) {
303 page = pmd_page(*pmd);
304 if (is_huge_zero_page(page)) {
307 split_huge_pmd(vma, pmd, address);
308 if (pmd_trans_unstable(pmd))
311 if (unlikely(!try_get_page(page))) {
313 return ERR_PTR(-ENOMEM);
317 ret = split_huge_page(page);
321 return no_page_table(vma, flags);
324 return ret ? ERR_PTR(ret) :
325 follow_page_pte(vma, address, pmd, flags);
327 page = follow_trans_huge_pmd(vma, address, pmd, flags);
329 *page_mask = HPAGE_PMD_NR - 1;
334 static struct page *follow_pud_mask(struct vm_area_struct *vma,
335 unsigned long address, p4d_t *p4dp,
336 unsigned int flags, unsigned int *page_mask)
341 struct mm_struct *mm = vma->vm_mm;
343 pud = pud_offset(p4dp, address);
345 return no_page_table(vma, flags);
346 if (pud_huge(*pud) && vma->vm_flags & VM_HUGETLB) {
347 page = follow_huge_pud(mm, address, pud, flags);
350 return no_page_table(vma, flags);
352 if (is_hugepd(__hugepd(pud_val(*pud)))) {
353 page = follow_huge_pd(vma, address,
354 __hugepd(pud_val(*pud)), flags,
358 return no_page_table(vma, flags);
360 if (pud_devmap(*pud)) {
361 ptl = pud_lock(mm, pud);
362 page = follow_devmap_pud(vma, address, pud, flags);
367 if (unlikely(pud_bad(*pud)))
368 return no_page_table(vma, flags);
370 return follow_pmd_mask(vma, address, pud, flags, page_mask);
374 static struct page *follow_p4d_mask(struct vm_area_struct *vma,
375 unsigned long address, pgd_t *pgdp,
376 unsigned int flags, unsigned int *page_mask)
381 p4d = p4d_offset(pgdp, address);
383 return no_page_table(vma, flags);
384 BUILD_BUG_ON(p4d_huge(*p4d));
385 if (unlikely(p4d_bad(*p4d)))
386 return no_page_table(vma, flags);
388 if (is_hugepd(__hugepd(p4d_val(*p4d)))) {
389 page = follow_huge_pd(vma, address,
390 __hugepd(p4d_val(*p4d)), flags,
394 return no_page_table(vma, flags);
396 return follow_pud_mask(vma, address, p4d, flags, page_mask);
400 * follow_page_mask - look up a page descriptor from a user-virtual address
401 * @vma: vm_area_struct mapping @address
402 * @address: virtual address to look up
403 * @flags: flags modifying lookup behaviour
404 * @page_mask: on output, *page_mask is set according to the size of the page
406 * @flags can have FOLL_ flags set, defined in <linux/mm.h>
408 * Returns the mapped (struct page *), %NULL if no mapping exists, or
409 * an error pointer if there is a mapping to something not represented
410 * by a page descriptor (see also vm_normal_page()).
412 struct page *follow_page_mask(struct vm_area_struct *vma,
413 unsigned long address, unsigned int flags,
414 unsigned int *page_mask)
418 struct mm_struct *mm = vma->vm_mm;
422 /* make this handle hugepd */
423 page = follow_huge_addr(mm, address, flags & FOLL_WRITE);
425 BUG_ON(flags & FOLL_GET);
429 pgd = pgd_offset(mm, address);
431 if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
432 return no_page_table(vma, flags);
434 if (pgd_huge(*pgd)) {
435 page = follow_huge_pgd(mm, address, pgd, flags);
438 return no_page_table(vma, flags);
440 if (is_hugepd(__hugepd(pgd_val(*pgd)))) {
441 page = follow_huge_pd(vma, address,
442 __hugepd(pgd_val(*pgd)), flags,
446 return no_page_table(vma, flags);
449 return follow_p4d_mask(vma, address, pgd, flags, page_mask);
452 static int get_gate_page(struct mm_struct *mm, unsigned long address,
453 unsigned int gup_flags, struct vm_area_struct **vma,
463 /* user gate pages are read-only */
464 if (gup_flags & FOLL_WRITE)
466 if (address > TASK_SIZE)
467 pgd = pgd_offset_k(address);
469 pgd = pgd_offset_gate(mm, address);
472 p4d = p4d_offset(pgd, address);
475 pud = pud_offset(p4d, address);
478 pmd = pmd_offset(pud, address);
479 if (!pmd_present(*pmd))
481 VM_BUG_ON(pmd_trans_huge(*pmd));
482 pte = pte_offset_map(pmd, address);
485 *vma = get_gate_vma(mm);
488 *page = vm_normal_page(*vma, address, *pte);
490 if ((gup_flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(*pte)))
492 *page = pte_page(*pte);
495 * This should never happen (a device public page in the gate
498 if (is_device_public_page(*page))
501 if (unlikely(!try_get_page(*page))) {
513 * mmap_sem must be held on entry. If @nonblocking != NULL and
514 * *@flags does not include FOLL_NOWAIT, the mmap_sem may be released.
515 * If it is, *@nonblocking will be set to 0 and -EBUSY returned.
517 static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
518 unsigned long address, unsigned int *flags, int *nonblocking)
520 unsigned int fault_flags = 0;
523 /* mlock all present pages, but do not fault in new pages */
524 if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK)
526 if (*flags & FOLL_WRITE)
527 fault_flags |= FAULT_FLAG_WRITE;
528 if (*flags & FOLL_REMOTE)
529 fault_flags |= FAULT_FLAG_REMOTE;
531 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
532 if (*flags & FOLL_NOWAIT)
533 fault_flags |= FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT;
534 if (*flags & FOLL_TRIED) {
535 VM_WARN_ON_ONCE(fault_flags & FAULT_FLAG_ALLOW_RETRY);
536 fault_flags |= FAULT_FLAG_TRIED;
539 ret = handle_mm_fault(vma, address, fault_flags);
540 if (ret & VM_FAULT_ERROR) {
541 int err = vm_fault_to_errno(ret, *flags);
549 if (ret & VM_FAULT_MAJOR)
555 if (ret & VM_FAULT_RETRY) {
556 if (nonblocking && !(fault_flags & FAULT_FLAG_RETRY_NOWAIT))
562 * The VM_FAULT_WRITE bit tells us that do_wp_page has broken COW when
563 * necessary, even if maybe_mkwrite decided not to set pte_write. We
564 * can thus safely do subsequent page lookups as if they were reads.
565 * But only do so when looping for pte_write is futile: in some cases
566 * userspace may also be wanting to write to the gotten user page,
567 * which a read fault here might prevent (a readonly page might get
568 * reCOWed by userspace write).
570 if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE))
575 static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
577 vm_flags_t vm_flags = vma->vm_flags;
578 int write = (gup_flags & FOLL_WRITE);
579 int foreign = (gup_flags & FOLL_REMOTE);
581 if (vm_flags & (VM_IO | VM_PFNMAP))
584 if (gup_flags & FOLL_ANON && !vma_is_anonymous(vma))
588 if (!(vm_flags & VM_WRITE)) {
589 if (!(gup_flags & FOLL_FORCE))
592 * We used to let the write,force case do COW in a
593 * VM_MAYWRITE VM_SHARED !VM_WRITE vma, so ptrace could
594 * set a breakpoint in a read-only mapping of an
595 * executable, without corrupting the file (yet only
596 * when that file had been opened for writing!).
597 * Anon pages in shared mappings are surprising: now
600 if (!is_cow_mapping(vm_flags))
603 } else if (!(vm_flags & VM_READ)) {
604 if (!(gup_flags & FOLL_FORCE))
607 * Is there actually any vma we can reach here which does not
608 * have VM_MAYREAD set?
610 if (!(vm_flags & VM_MAYREAD))
614 * gups are always data accesses, not instruction
615 * fetches, so execute=false here
617 if (!arch_vma_access_permitted(vma, write, false, foreign))
623 * __get_user_pages() - pin user pages in memory
624 * @tsk: task_struct of target task
625 * @mm: mm_struct of target mm
626 * @start: starting user address
627 * @nr_pages: number of pages from start to pin
628 * @gup_flags: flags modifying pin behaviour
629 * @pages: array that receives pointers to the pages pinned.
630 * Should be at least nr_pages long. Or NULL, if caller
631 * only intends to ensure the pages are faulted in.
632 * @vmas: array of pointers to vmas corresponding to each page.
633 * Or NULL if the caller does not require them.
634 * @nonblocking: whether waiting for disk IO or mmap_sem contention
636 * Returns number of pages pinned. This may be fewer than the number
637 * requested. If nr_pages is 0 or negative, returns 0. If no pages
638 * were pinned, returns -errno. Each page returned must be released
639 * with a put_page() call when it is finished with. vmas will only
640 * remain valid while mmap_sem is held.
642 * Must be called with mmap_sem held. It may be released. See below.
644 * __get_user_pages walks a process's page tables and takes a reference to
645 * each struct page that each user address corresponds to at a given
646 * instant. That is, it takes the page that would be accessed if a user
647 * thread accesses the given user virtual address at that instant.
649 * This does not guarantee that the page exists in the user mappings when
650 * __get_user_pages returns, and there may even be a completely different
651 * page there in some cases (eg. if mmapped pagecache has been invalidated
652 * and subsequently re faulted). However it does guarantee that the page
653 * won't be freed completely. And mostly callers simply care that the page
654 * contains data that was valid *at some point in time*. Typically, an IO
655 * or similar operation cannot guarantee anything stronger anyway because
656 * locks can't be held over the syscall boundary.
658 * If @gup_flags & FOLL_WRITE == 0, the page must not be written to. If
659 * the page is written to, set_page_dirty (or set_page_dirty_lock, as
660 * appropriate) must be called after the page is finished with, and
661 * before put_page is called.
663 * If @nonblocking != NULL, __get_user_pages will not wait for disk IO
664 * or mmap_sem contention, and if waiting is needed to pin all pages,
665 * *@nonblocking will be set to 0. Further, if @gup_flags does not
666 * include FOLL_NOWAIT, the mmap_sem will be released via up_read() in
669 * A caller using such a combination of @nonblocking and @gup_flags
670 * must therefore hold the mmap_sem for reading only, and recognize
671 * when it's been released. Otherwise, it must be held for either
672 * reading or writing and will not be released.
674 * In most cases, get_user_pages or get_user_pages_fast should be used
675 * instead of __get_user_pages. __get_user_pages should be used only if
676 * you need some special @gup_flags.
678 static long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
679 unsigned long start, unsigned long nr_pages,
680 unsigned int gup_flags, struct page **pages,
681 struct vm_area_struct **vmas, int *nonblocking)
684 unsigned int page_mask;
685 struct vm_area_struct *vma = NULL;
690 VM_BUG_ON(!!pages != !!(gup_flags & FOLL_GET));
693 * If FOLL_FORCE is set then do not force a full fault as the hinting
694 * fault information is unrelated to the reference behaviour of a task
695 * using the address space
697 if (!(gup_flags & FOLL_FORCE))
698 gup_flags |= FOLL_NUMA;
702 unsigned int foll_flags = gup_flags;
703 unsigned int page_increm;
705 /* first iteration or cross vma bound */
706 if (!vma || start >= vma->vm_end) {
707 vma = find_extend_vma(mm, start);
708 if (!vma && in_gate_area(mm, start)) {
710 ret = get_gate_page(mm, start & PAGE_MASK,
712 pages ? &pages[i] : NULL);
719 if (!vma || check_vma_flags(vma, gup_flags))
720 return i ? : -EFAULT;
721 if (is_vm_hugetlb_page(vma)) {
722 if (should_force_cow_break(vma, foll_flags))
723 foll_flags |= FOLL_WRITE;
724 i = follow_hugetlb_page(mm, vma, pages, vmas,
725 &start, &nr_pages, i,
726 foll_flags, nonblocking);
731 if (should_force_cow_break(vma, foll_flags))
732 foll_flags |= FOLL_WRITE;
736 * If we have a pending SIGKILL, don't keep faulting pages and
737 * potentially allocating memory.
739 if (unlikely(fatal_signal_pending(current)))
740 return i ? i : -ERESTARTSYS;
742 page = follow_page_mask(vma, start, foll_flags, &page_mask);
745 ret = faultin_page(tsk, vma, start, &foll_flags,
760 } else if (PTR_ERR(page) == -EEXIST) {
762 * Proper page table entry exists, but no corresponding
766 } else if (IS_ERR(page)) {
767 return i ? i : PTR_ERR(page);
771 flush_anon_page(vma, page, start);
772 flush_dcache_page(page);
780 page_increm = 1 + (~(start >> PAGE_SHIFT) & page_mask);
781 if (page_increm > nr_pages)
782 page_increm = nr_pages;
784 start += page_increm * PAGE_SIZE;
785 nr_pages -= page_increm;
790 static bool vma_permits_fault(struct vm_area_struct *vma,
791 unsigned int fault_flags)
793 bool write = !!(fault_flags & FAULT_FLAG_WRITE);
794 bool foreign = !!(fault_flags & FAULT_FLAG_REMOTE);
795 vm_flags_t vm_flags = write ? VM_WRITE : VM_READ;
797 if (!(vm_flags & vma->vm_flags))
801 * The architecture might have a hardware protection
802 * mechanism other than read/write that can deny access.
804 * gup always represents data access, not instruction
805 * fetches, so execute=false here:
807 if (!arch_vma_access_permitted(vma, write, false, foreign))
814 * fixup_user_fault() - manually resolve a user page fault
815 * @tsk: the task_struct to use for page fault accounting, or
816 * NULL if faults are not to be recorded.
817 * @mm: mm_struct of target mm
818 * @address: user address
819 * @fault_flags:flags to pass down to handle_mm_fault()
820 * @unlocked: did we unlock the mmap_sem while retrying, maybe NULL if caller
821 * does not allow retry
823 * This is meant to be called in the specific scenario where for locking reasons
824 * we try to access user memory in atomic context (within a pagefault_disable()
825 * section), this returns -EFAULT, and we want to resolve the user fault before
828 * Typically this is meant to be used by the futex code.
830 * The main difference with get_user_pages() is that this function will
831 * unconditionally call handle_mm_fault() which will in turn perform all the
832 * necessary SW fixup of the dirty and young bits in the PTE, while
833 * get_user_pages() only guarantees to update these in the struct page.
835 * This is important for some architectures where those bits also gate the
836 * access permission to the page because they are maintained in software. On
837 * such architectures, gup() will not be enough to make a subsequent access
840 * This function will not return with an unlocked mmap_sem. So it has not the
841 * same semantics wrt the @mm->mmap_sem as does filemap_fault().
843 int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
844 unsigned long address, unsigned int fault_flags,
847 struct vm_area_struct *vma;
848 vm_fault_t ret, major = 0;
851 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
854 vma = find_extend_vma(mm, address);
855 if (!vma || address < vma->vm_start)
858 if (!vma_permits_fault(vma, fault_flags))
861 ret = handle_mm_fault(vma, address, fault_flags);
862 major |= ret & VM_FAULT_MAJOR;
863 if (ret & VM_FAULT_ERROR) {
864 int err = vm_fault_to_errno(ret, 0);
871 if (ret & VM_FAULT_RETRY) {
872 down_read(&mm->mmap_sem);
873 if (!(fault_flags & FAULT_FLAG_TRIED)) {
875 fault_flags &= ~FAULT_FLAG_ALLOW_RETRY;
876 fault_flags |= FAULT_FLAG_TRIED;
889 EXPORT_SYMBOL_GPL(fixup_user_fault);
891 static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
892 struct mm_struct *mm,
894 unsigned long nr_pages,
896 struct vm_area_struct **vmas,
900 long ret, pages_done;
904 /* if VM_FAULT_RETRY can be returned, vmas become invalid */
906 /* check caller initialized locked */
907 BUG_ON(*locked != 1);
914 lock_dropped = false;
916 ret = __get_user_pages(tsk, mm, start, nr_pages, flags, pages,
919 /* VM_FAULT_RETRY couldn't trigger, bypass */
922 /* VM_FAULT_RETRY cannot return errors */
925 BUG_ON(ret >= nr_pages);
929 /* If it's a prefault don't insist harder */
940 * VM_FAULT_RETRY didn't trigger or it was a
947 /* VM_FAULT_RETRY triggered, so seek to the faulting offset */
949 start += ret << PAGE_SHIFT;
952 * Repeat on the address that fired VM_FAULT_RETRY
953 * without FAULT_FLAG_ALLOW_RETRY but with
958 down_read(&mm->mmap_sem);
959 ret = __get_user_pages(tsk, mm, start, 1, flags | FOLL_TRIED,
974 if (lock_dropped && *locked) {
976 * We must let the caller know we temporarily dropped the lock
977 * and so the critical section protected by it was lost.
979 up_read(&mm->mmap_sem);
986 * We can leverage the VM_FAULT_RETRY functionality in the page fault
987 * paths better by using either get_user_pages_locked() or
988 * get_user_pages_unlocked().
990 * get_user_pages_locked() is suitable to replace the form:
992 * down_read(&mm->mmap_sem);
994 * get_user_pages(tsk, mm, ..., pages, NULL);
995 * up_read(&mm->mmap_sem);
1000 * down_read(&mm->mmap_sem);
1002 * get_user_pages_locked(tsk, mm, ..., pages, &locked);
1004 * up_read(&mm->mmap_sem);
1006 long get_user_pages_locked(unsigned long start, unsigned long nr_pages,
1007 unsigned int gup_flags, struct page **pages,
1010 return __get_user_pages_locked(current, current->mm, start, nr_pages,
1011 pages, NULL, locked,
1012 gup_flags | FOLL_TOUCH);
1014 EXPORT_SYMBOL(get_user_pages_locked);
1017 * get_user_pages_unlocked() is suitable to replace the form:
1019 * down_read(&mm->mmap_sem);
1020 * get_user_pages(tsk, mm, ..., pages, NULL);
1021 * up_read(&mm->mmap_sem);
1025 * get_user_pages_unlocked(tsk, mm, ..., pages);
1027 * It is functionally equivalent to get_user_pages_fast so
1028 * get_user_pages_fast should be used instead if specific gup_flags
1029 * (e.g. FOLL_FORCE) are not required.
1031 long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages,
1032 struct page **pages, unsigned int gup_flags)
1034 struct mm_struct *mm = current->mm;
1038 down_read(&mm->mmap_sem);
1039 ret = __get_user_pages_locked(current, mm, start, nr_pages, pages, NULL,
1040 &locked, gup_flags | FOLL_TOUCH);
1042 up_read(&mm->mmap_sem);
1045 EXPORT_SYMBOL(get_user_pages_unlocked);
1048 * get_user_pages_remote() - pin user pages in memory
1049 * @tsk: the task_struct to use for page fault accounting, or
1050 * NULL if faults are not to be recorded.
1051 * @mm: mm_struct of target mm
1052 * @start: starting user address
1053 * @nr_pages: number of pages from start to pin
1054 * @gup_flags: flags modifying lookup behaviour
1055 * @pages: array that receives pointers to the pages pinned.
1056 * Should be at least nr_pages long. Or NULL, if caller
1057 * only intends to ensure the pages are faulted in.
1058 * @vmas: array of pointers to vmas corresponding to each page.
1059 * Or NULL if the caller does not require them.
1060 * @locked: pointer to lock flag indicating whether lock is held and
1061 * subsequently whether VM_FAULT_RETRY functionality can be
1062 * utilised. Lock must initially be held.
1064 * Returns number of pages pinned. This may be fewer than the number
1065 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1066 * were pinned, returns -errno. Each page returned must be released
1067 * with a put_page() call when it is finished with. vmas will only
1068 * remain valid while mmap_sem is held.
1070 * Must be called with mmap_sem held for read or write.
1072 * get_user_pages walks a process's page tables and takes a reference to
1073 * each struct page that each user address corresponds to at a given
1074 * instant. That is, it takes the page that would be accessed if a user
1075 * thread accesses the given user virtual address at that instant.
1077 * This does not guarantee that the page exists in the user mappings when
1078 * get_user_pages returns, and there may even be a completely different
1079 * page there in some cases (eg. if mmapped pagecache has been invalidated
1080 * and subsequently re faulted). However it does guarantee that the page
1081 * won't be freed completely. And mostly callers simply care that the page
1082 * contains data that was valid *at some point in time*. Typically, an IO
1083 * or similar operation cannot guarantee anything stronger anyway because
1084 * locks can't be held over the syscall boundary.
1086 * If gup_flags & FOLL_WRITE == 0, the page must not be written to. If the page
1087 * is written to, set_page_dirty (or set_page_dirty_lock, as appropriate) must
1088 * be called after the page is finished with, and before put_page is called.
1090 * get_user_pages is typically used for fewer-copy IO operations, to get a
1091 * handle on the memory by some means other than accesses via the user virtual
1092 * addresses. The pages may be submitted for DMA to devices or accessed via
1093 * their kernel linear mapping (via the kmap APIs). Care should be taken to
1094 * use the correct cache flushing APIs.
1096 * See also get_user_pages_fast, for performance critical applications.
1098 * get_user_pages should be phased out in favor of
1099 * get_user_pages_locked|unlocked or get_user_pages_fast. Nothing
1100 * should use get_user_pages because it cannot pass
1101 * FAULT_FLAG_ALLOW_RETRY to handle_mm_fault.
1103 long get_user_pages_remote(struct task_struct *tsk, struct mm_struct *mm,
1104 unsigned long start, unsigned long nr_pages,
1105 unsigned int gup_flags, struct page **pages,
1106 struct vm_area_struct **vmas, int *locked)
1108 return __get_user_pages_locked(tsk, mm, start, nr_pages, pages, vmas,
1110 gup_flags | FOLL_TOUCH | FOLL_REMOTE);
1112 EXPORT_SYMBOL(get_user_pages_remote);
1115 * This is the same as get_user_pages_remote(), just with a
1116 * less-flexible calling convention where we assume that the task
1117 * and mm being operated on are the current task's and don't allow
1118 * passing of a locked parameter. We also obviously don't pass
1119 * FOLL_REMOTE in here.
1121 long get_user_pages(unsigned long start, unsigned long nr_pages,
1122 unsigned int gup_flags, struct page **pages,
1123 struct vm_area_struct **vmas)
1125 return __get_user_pages_locked(current, current->mm, start, nr_pages,
1127 gup_flags | FOLL_TOUCH);
1129 EXPORT_SYMBOL(get_user_pages);
1131 #ifdef CONFIG_FS_DAX
1133 * This is the same as get_user_pages() in that it assumes we are
1134 * operating on the current task's mm, but it goes further to validate
1135 * that the vmas associated with the address range are suitable for
1136 * longterm elevated page reference counts. For example, filesystem-dax
1137 * mappings are subject to the lifetime enforced by the filesystem and
1138 * we need guarantees that longterm users like RDMA and V4L2 only
1139 * establish mappings that have a kernel enforced revocation mechanism.
1141 * "longterm" == userspace controlled elevated page count lifetime.
1142 * Contrast this to iov_iter_get_pages() usages which are transient.
1144 long get_user_pages_longterm(unsigned long start, unsigned long nr_pages,
1145 unsigned int gup_flags, struct page **pages,
1146 struct vm_area_struct **vmas_arg)
1148 struct vm_area_struct **vmas = vmas_arg;
1149 struct vm_area_struct *vma_prev = NULL;
1156 vmas = kcalloc(nr_pages, sizeof(struct vm_area_struct *),
1162 rc = get_user_pages(start, nr_pages, gup_flags, pages, vmas);
1164 for (i = 0; i < rc; i++) {
1165 struct vm_area_struct *vma = vmas[i];
1167 if (vma == vma_prev)
1172 if (vma_is_fsdax(vma))
1177 * Either get_user_pages() failed, or the vma validation
1178 * succeeded, in either case we don't need to put_page() before
1184 for (i = 0; i < rc; i++)
1188 if (vmas != vmas_arg)
1192 EXPORT_SYMBOL(get_user_pages_longterm);
1193 #endif /* CONFIG_FS_DAX */
1196 * populate_vma_page_range() - populate a range of pages in the vma.
1198 * @start: start address
1202 * This takes care of mlocking the pages too if VM_LOCKED is set.
1204 * return 0 on success, negative error code on error.
1206 * vma->vm_mm->mmap_sem must be held.
1208 * If @nonblocking is NULL, it may be held for read or write and will
1211 * If @nonblocking is non-NULL, it must held for read only and may be
1212 * released. If it's released, *@nonblocking will be set to 0.
1214 long populate_vma_page_range(struct vm_area_struct *vma,
1215 unsigned long start, unsigned long end, int *nonblocking)
1217 struct mm_struct *mm = vma->vm_mm;
1218 unsigned long nr_pages = (end - start) / PAGE_SIZE;
1221 VM_BUG_ON(start & ~PAGE_MASK);
1222 VM_BUG_ON(end & ~PAGE_MASK);
1223 VM_BUG_ON_VMA(start < vma->vm_start, vma);
1224 VM_BUG_ON_VMA(end > vma->vm_end, vma);
1225 VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_sem), mm);
1227 gup_flags = FOLL_TOUCH | FOLL_POPULATE | FOLL_MLOCK;
1228 if (vma->vm_flags & VM_LOCKONFAULT)
1229 gup_flags &= ~FOLL_POPULATE;
1231 * We want to touch writable mappings with a write fault in order
1232 * to break COW, except for shared mappings because these don't COW
1233 * and we would not want to dirty them for nothing.
1235 if ((vma->vm_flags & (VM_WRITE | VM_SHARED)) == VM_WRITE)
1236 gup_flags |= FOLL_WRITE;
1239 * We want mlock to succeed for regions that have any permissions
1240 * other than PROT_NONE.
1242 if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))
1243 gup_flags |= FOLL_FORCE;
1246 * We made sure addr is within a VMA, so the following will
1247 * not result in a stack expansion that recurses back here.
1249 return __get_user_pages(current, mm, start, nr_pages, gup_flags,
1250 NULL, NULL, nonblocking);
1254 * __mm_populate - populate and/or mlock pages within a range of address space.
1256 * This is used to implement mlock() and the MAP_POPULATE / MAP_LOCKED mmap
1257 * flags. VMAs must be already marked with the desired vm_flags, and
1258 * mmap_sem must not be held.
1260 int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
1262 struct mm_struct *mm = current->mm;
1263 unsigned long end, nstart, nend;
1264 struct vm_area_struct *vma = NULL;
1270 for (nstart = start; nstart < end; nstart = nend) {
1272 * We want to fault in pages for [nstart; end) address range.
1273 * Find first corresponding VMA.
1277 down_read(&mm->mmap_sem);
1278 vma = find_vma(mm, nstart);
1279 } else if (nstart >= vma->vm_end)
1281 if (!vma || vma->vm_start >= end)
1284 * Set [nstart; nend) to intersection of desired address
1285 * range with the first VMA. Also, skip undesirable VMA types.
1287 nend = min(end, vma->vm_end);
1288 if (vma->vm_flags & (VM_IO | VM_PFNMAP))
1290 if (nstart < vma->vm_start)
1291 nstart = vma->vm_start;
1293 * Now fault in a range of pages. populate_vma_page_range()
1294 * double checks the vma flags, so that it won't mlock pages
1295 * if the vma was already munlocked.
1297 ret = populate_vma_page_range(vma, nstart, nend, &locked);
1299 if (ignore_errors) {
1301 continue; /* continue at next VMA */
1305 nend = nstart + ret * PAGE_SIZE;
1309 up_read(&mm->mmap_sem);
1310 return ret; /* 0 or negative error code */
1314 * get_dump_page() - pin user page in memory while writing it to core dump
1315 * @addr: user address
1317 * Returns struct page pointer of user page pinned for dump,
1318 * to be freed afterwards by put_page().
1320 * Returns NULL on any kind of failure - a hole must then be inserted into
1321 * the corefile, to preserve alignment with its headers; and also returns
1322 * NULL wherever the ZERO_PAGE, or an anonymous pte_none, has been found -
1323 * allowing a hole to be left in the corefile to save diskspace.
1325 * Called without mmap_sem, but after all other threads have been killed.
1327 #ifdef CONFIG_ELF_CORE
1328 struct page *get_dump_page(unsigned long addr)
1330 struct vm_area_struct *vma;
1333 if (__get_user_pages(current, current->mm, addr, 1,
1334 FOLL_FORCE | FOLL_DUMP | FOLL_GET, &page, &vma,
1337 flush_cache_page(vma, addr, page_to_pfn(page));
1340 #endif /* CONFIG_ELF_CORE */
1345 * get_user_pages_fast attempts to pin user pages by walking the page
1346 * tables directly and avoids taking locks. Thus the walker needs to be
1347 * protected from page table pages being freed from under it, and should
1348 * block any THP splits.
1350 * One way to achieve this is to have the walker disable interrupts, and
1351 * rely on IPIs from the TLB flushing code blocking before the page table
1352 * pages are freed. This is unsuitable for architectures that do not need
1353 * to broadcast an IPI when invalidating TLBs.
1355 * Another way to achieve this is to batch up page table containing pages
1356 * belonging to more than one mm_user, then rcu_sched a callback to free those
1357 * pages. Disabling interrupts will allow the fast_gup walker to both block
1358 * the rcu_sched callback, and an IPI that we broadcast for splitting THPs
1359 * (which is a relatively rare event). The code below adopts this strategy.
1361 * Before activating this code, please be aware that the following assumptions
1362 * are currently made:
1364 * *) Either HAVE_RCU_TABLE_FREE is enabled, and tlb_remove_table() is used to
1365 * free pages containing page tables or TLB flushing requires IPI broadcast.
1367 * *) ptes can be read atomically by the architecture.
1369 * *) access_ok is sufficient to validate userspace address ranges.
1371 * The last two assumptions can be relaxed by the addition of helper functions.
1373 * This code is based heavily on the PowerPC implementation by Nick Piggin.
1375 #ifdef CONFIG_HAVE_GENERIC_GUP
1379 * We assume that the PTE can be read atomically. If this is not the case for
1380 * your architecture, please provide the helper.
1382 static inline pte_t gup_get_pte(pte_t *ptep)
1384 return READ_ONCE(*ptep);
1388 static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start,
1389 struct page **pages)
1391 while ((*nr) - nr_start) {
1392 struct page *page = pages[--(*nr)];
1394 ClearPageReferenced(page);
1400 * Return the compund head page with ref appropriately incremented,
1401 * or NULL if that failed.
1403 static inline struct page *try_get_compound_head(struct page *page, int refs)
1405 struct page *head = compound_head(page);
1406 if (WARN_ON_ONCE(page_ref_count(head) < 0))
1408 if (unlikely(!page_cache_add_speculative(head, refs)))
1413 #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
1414 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1415 int write, struct page **pages, int *nr)
1417 struct dev_pagemap *pgmap = NULL;
1418 int nr_start = *nr, ret = 0;
1421 ptem = ptep = pte_offset_map(&pmd, addr);
1423 pte_t pte = gup_get_pte(ptep);
1424 struct page *head, *page;
1427 * Similar to the PMD case below, NUMA hinting must take slow
1428 * path using the pte_protnone check.
1430 if (pte_protnone(pte))
1433 if (!pte_access_permitted(pte, write))
1436 if (pte_devmap(pte)) {
1437 pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
1438 if (unlikely(!pgmap)) {
1439 undo_dev_pagemap(nr, nr_start, pages);
1442 } else if (pte_special(pte))
1445 VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
1446 page = pte_page(pte);
1448 head = try_get_compound_head(page, 1);
1452 if (unlikely(pte_val(pte) != pte_val(*ptep))) {
1457 VM_BUG_ON_PAGE(compound_head(page) != head, page);
1459 SetPageReferenced(page);
1463 } while (ptep++, addr += PAGE_SIZE, addr != end);
1469 put_dev_pagemap(pgmap);
1476 * If we can't determine whether or not a pte is special, then fail immediately
1477 * for ptes. Note, we can still pin HugeTLB and THP as these are guaranteed not
1480 * For a futex to be placed on a THP tail page, get_futex_key requires a
1481 * __get_user_pages_fast implementation that can pin pages. Thus it's still
1482 * useful to have gup_huge_pmd even if we can't operate on ptes.
1484 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1485 int write, struct page **pages, int *nr)
1489 #endif /* CONFIG_ARCH_HAS_PTE_SPECIAL */
1491 #if defined(__HAVE_ARCH_PTE_DEVMAP) && defined(CONFIG_TRANSPARENT_HUGEPAGE)
1492 static int __gup_device_huge(unsigned long pfn, unsigned long addr,
1493 unsigned long end, struct page **pages, int *nr)
1496 struct dev_pagemap *pgmap = NULL;
1499 struct page *page = pfn_to_page(pfn);
1501 pgmap = get_dev_pagemap(pfn, pgmap);
1502 if (unlikely(!pgmap)) {
1503 undo_dev_pagemap(nr, nr_start, pages);
1506 SetPageReferenced(page);
1511 } while (addr += PAGE_SIZE, addr != end);
1514 put_dev_pagemap(pgmap);
1518 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1519 unsigned long end, struct page **pages, int *nr)
1521 unsigned long fault_pfn;
1524 fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1525 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1528 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1529 undo_dev_pagemap(nr, nr_start, pages);
1535 static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1536 unsigned long end, struct page **pages, int *nr)
1538 unsigned long fault_pfn;
1541 fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1542 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1545 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1546 undo_dev_pagemap(nr, nr_start, pages);
1552 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1553 unsigned long end, struct page **pages, int *nr)
1559 static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr,
1560 unsigned long end, struct page **pages, int *nr)
1567 static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1568 unsigned long end, int write, struct page **pages, int *nr)
1570 struct page *head, *page;
1573 if (!pmd_access_permitted(orig, write))
1576 if (pmd_devmap(orig))
1577 return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr);
1580 page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1586 } while (addr += PAGE_SIZE, addr != end);
1588 head = try_get_compound_head(pmd_page(orig), refs);
1594 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1601 SetPageReferenced(head);
1605 static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1606 unsigned long end, int write, struct page **pages, int *nr)
1608 struct page *head, *page;
1611 if (!pud_access_permitted(orig, write))
1614 if (pud_devmap(orig))
1615 return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr);
1618 page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1624 } while (addr += PAGE_SIZE, addr != end);
1626 head = try_get_compound_head(pud_page(orig), refs);
1632 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1639 SetPageReferenced(head);
1643 static int gup_huge_pgd(pgd_t orig, pgd_t *pgdp, unsigned long addr,
1644 unsigned long end, int write,
1645 struct page **pages, int *nr)
1648 struct page *head, *page;
1650 if (!pgd_access_permitted(orig, write))
1653 BUILD_BUG_ON(pgd_devmap(orig));
1655 page = pgd_page(orig) + ((addr & ~PGDIR_MASK) >> PAGE_SHIFT);
1661 } while (addr += PAGE_SIZE, addr != end);
1663 head = try_get_compound_head(pgd_page(orig), refs);
1669 if (unlikely(pgd_val(orig) != pgd_val(*pgdp))) {
1676 SetPageReferenced(head);
1680 static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
1681 int write, struct page **pages, int *nr)
1686 pmdp = pmd_offset(&pud, addr);
1688 pmd_t pmd = READ_ONCE(*pmdp);
1690 next = pmd_addr_end(addr, end);
1691 if (!pmd_present(pmd))
1694 if (unlikely(pmd_trans_huge(pmd) || pmd_huge(pmd) ||
1697 * NUMA hinting faults need to be handled in the GUP
1698 * slowpath for accounting purposes and so that they
1699 * can be serialised against THP migration.
1701 if (pmd_protnone(pmd))
1704 if (!gup_huge_pmd(pmd, pmdp, addr, next, write,
1708 } else if (unlikely(is_hugepd(__hugepd(pmd_val(pmd))))) {
1710 * architecture have different format for hugetlbfs
1711 * pmd format and THP pmd format
1713 if (!gup_huge_pd(__hugepd(pmd_val(pmd)), addr,
1714 PMD_SHIFT, next, write, pages, nr))
1716 } else if (!gup_pte_range(pmd, addr, next, write, pages, nr))
1718 } while (pmdp++, addr = next, addr != end);
1723 static int gup_pud_range(p4d_t p4d, unsigned long addr, unsigned long end,
1724 int write, struct page **pages, int *nr)
1729 pudp = pud_offset(&p4d, addr);
1731 pud_t pud = READ_ONCE(*pudp);
1733 next = pud_addr_end(addr, end);
1736 if (unlikely(pud_huge(pud))) {
1737 if (!gup_huge_pud(pud, pudp, addr, next, write,
1740 } else if (unlikely(is_hugepd(__hugepd(pud_val(pud))))) {
1741 if (!gup_huge_pd(__hugepd(pud_val(pud)), addr,
1742 PUD_SHIFT, next, write, pages, nr))
1744 } else if (!gup_pmd_range(pud, addr, next, write, pages, nr))
1746 } while (pudp++, addr = next, addr != end);
1751 static int gup_p4d_range(pgd_t pgd, unsigned long addr, unsigned long end,
1752 int write, struct page **pages, int *nr)
1757 p4dp = p4d_offset(&pgd, addr);
1759 p4d_t p4d = READ_ONCE(*p4dp);
1761 next = p4d_addr_end(addr, end);
1764 BUILD_BUG_ON(p4d_huge(p4d));
1765 if (unlikely(is_hugepd(__hugepd(p4d_val(p4d))))) {
1766 if (!gup_huge_pd(__hugepd(p4d_val(p4d)), addr,
1767 P4D_SHIFT, next, write, pages, nr))
1769 } else if (!gup_pud_range(p4d, addr, next, write, pages, nr))
1771 } while (p4dp++, addr = next, addr != end);
1776 static void gup_pgd_range(unsigned long addr, unsigned long end,
1777 int write, struct page **pages, int *nr)
1782 pgdp = pgd_offset(current->mm, addr);
1784 pgd_t pgd = READ_ONCE(*pgdp);
1786 next = pgd_addr_end(addr, end);
1789 if (unlikely(pgd_huge(pgd))) {
1790 if (!gup_huge_pgd(pgd, pgdp, addr, next, write,
1793 } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) {
1794 if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr,
1795 PGDIR_SHIFT, next, write, pages, nr))
1797 } else if (!gup_p4d_range(pgd, addr, next, write, pages, nr))
1799 } while (pgdp++, addr = next, addr != end);
1802 #ifndef gup_fast_permitted
1804 * Check if it's allowed to use __get_user_pages_fast() for the range, or
1805 * we need to fall back to the slow version:
1807 bool gup_fast_permitted(unsigned long start, int nr_pages, int write)
1809 unsigned long len, end;
1811 len = (unsigned long) nr_pages << PAGE_SHIFT;
1813 return end >= start;
1818 * Like get_user_pages_fast() except it's IRQ-safe in that it won't fall back to
1820 * Note a difference with get_user_pages_fast: this always returns the
1821 * number of pages pinned, 0 if no pages were pinned.
1823 * Careful, careful! COW breaking can go either way, so a non-write
1824 * access can get ambiguous page results. If you call this function without
1825 * 'write' set, you'd better be sure that you're ok with that ambiguity.
1827 int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
1828 struct page **pages)
1830 unsigned long addr, len, end;
1831 unsigned long flags;
1836 len = (unsigned long) nr_pages << PAGE_SHIFT;
1839 if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
1840 (void __user *)start, len)))
1844 * Disable interrupts. We use the nested form as we can already have
1845 * interrupts disabled by get_futex_key.
1847 * With interrupts disabled, we block page table pages from being
1848 * freed from under us. See mmu_gather_tlb in asm-generic/tlb.h
1851 * We do not adopt an rcu_read_lock(.) here as we also want to
1852 * block IPIs that come from THPs splitting.
1854 * NOTE! We allow read-only gup_fast() here, but you'd better be
1855 * careful about possible COW pages. You'll get _a_ COW page, but
1856 * not necessarily the one you intended to get depending on what
1857 * COW event happens after this. COW may break the page copy in a
1861 if (gup_fast_permitted(start, nr_pages, write)) {
1862 local_irq_save(flags);
1863 gup_pgd_range(addr, end, write, pages, &nr);
1864 local_irq_restore(flags);
1871 * get_user_pages_fast() - pin user pages in memory
1872 * @start: starting user address
1873 * @nr_pages: number of pages from start to pin
1874 * @write: whether pages will be written to
1875 * @pages: array that receives pointers to the pages pinned.
1876 * Should be at least nr_pages long.
1878 * Attempt to pin user pages in memory without taking mm->mmap_sem.
1879 * If not successful, it will fall back to taking the lock and
1880 * calling get_user_pages().
1882 * Returns number of pages pinned. This may be fewer than the number
1883 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1884 * were pinned, returns -errno.
1886 int get_user_pages_fast(unsigned long start, int nr_pages, int write,
1887 struct page **pages)
1889 unsigned long addr, len, end;
1890 int nr = 0, ret = 0;
1894 len = (unsigned long) nr_pages << PAGE_SHIFT;
1900 if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
1901 (void __user *)start, len)))
1905 * The FAST_GUP case requires FOLL_WRITE even for pure reads,
1906 * because get_user_pages() may need to cause an early COW in
1907 * order to avoid confusing the normal COW routines. So only
1908 * targets that are already writable are safe to do by just
1909 * looking at the page tables.
1911 if (gup_fast_permitted(start, nr_pages, write)) {
1912 local_irq_disable();
1913 gup_pgd_range(addr, end, 1, pages, &nr);
1918 if (nr < nr_pages) {
1919 /* Try to get the remaining pages with get_user_pages */
1920 start += nr << PAGE_SHIFT;
1923 ret = get_user_pages_unlocked(start, nr_pages - nr, pages,
1924 write ? FOLL_WRITE : 0);
1926 /* Have to be a bit careful with return values */
1938 #endif /* CONFIG_HAVE_GENERIC_GUP */
projects / releases.git / blob