blob: f40e8add84b5ed186a5f5028fbb9140ed1ee4138 [file] [log] [blame]
Jérôme Glisse133ff0e2017-09-08 16:11:23 -07001/*
2 * Copyright 2013 Red Hat Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * Authors: Jérôme Glisse <jglisse@redhat.com>
15 */
16/*
17 * Refer to include/linux/hmm.h for information about heterogeneous memory
18 * management or HMM for short.
19 */
20#include <linux/mm.h>
21#include <linux/hmm.h>
Jérôme Glisse858b54d2017-09-08 16:12:02 -070022#include <linux/init.h>
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070023#include <linux/rmap.h>
24#include <linux/swap.h>
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070025#include <linux/slab.h>
26#include <linux/sched.h>
Jérôme Glisse4ef589d2017-09-08 16:11:58 -070027#include <linux/mmzone.h>
28#include <linux/pagemap.h>
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070029#include <linux/swapops.h>
30#include <linux/hugetlb.h>
Jérôme Glisse4ef589d2017-09-08 16:11:58 -070031#include <linux/memremap.h>
Jérôme Glisse7b2d55d22017-09-08 16:11:46 -070032#include <linux/jump_label.h>
Jérôme Glissec0b12402017-09-08 16:11:27 -070033#include <linux/mmu_notifier.h>
Jérôme Glisse4ef589d2017-09-08 16:11:58 -070034#include <linux/memory_hotplug.h>
35
36#define PA_SECTION_SIZE (1UL << PA_SECTION_SHIFT)
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070037
Jérôme Glisse6b368cd2017-09-08 16:12:32 -070038#if IS_ENABLED(CONFIG_HMM_MIRROR)
Jérôme Glissec0b12402017-09-08 16:11:27 -070039static const struct mmu_notifier_ops hmm_mmu_notifier_ops;
40
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070041/*
42 * struct hmm - HMM per mm struct
43 *
44 * @mm: mm struct this HMM struct is bound to
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070045 * @lock: lock protecting ranges list
Jérôme Glissec0b12402017-09-08 16:11:27 -070046 * @sequence: we track updates to the CPU page table with a sequence number
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070047 * @ranges: list of range being snapshotted
Jérôme Glissec0b12402017-09-08 16:11:27 -070048 * @mirrors: list of mirrors for this mm
49 * @mmu_notifier: mmu notifier to track updates to CPU page table
50 * @mirrors_sem: read/write semaphore protecting the mirrors list
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070051 */
52struct hmm {
53 struct mm_struct *mm;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070054 spinlock_t lock;
Jérôme Glissec0b12402017-09-08 16:11:27 -070055 atomic_t sequence;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070056 struct list_head ranges;
Jérôme Glissec0b12402017-09-08 16:11:27 -070057 struct list_head mirrors;
58 struct mmu_notifier mmu_notifier;
59 struct rw_semaphore mirrors_sem;
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070060};
61
62/*
63 * hmm_register - register HMM against an mm (HMM internal)
64 *
65 * @mm: mm struct to attach to
66 *
67 * This is not intended to be used directly by device drivers. It allocates an
68 * HMM struct if mm does not have one, and initializes it.
69 */
70static struct hmm *hmm_register(struct mm_struct *mm)
71{
Jérôme Glissec0b12402017-09-08 16:11:27 -070072 struct hmm *hmm = READ_ONCE(mm->hmm);
73 bool cleanup = false;
Jérôme Glisse133ff0e2017-09-08 16:11:23 -070074
75 /*
76 * The hmm struct can only be freed once the mm_struct goes away,
77 * hence we should always have pre-allocated an new hmm struct
78 * above.
79 */
Jérôme Glissec0b12402017-09-08 16:11:27 -070080 if (hmm)
81 return hmm;
82
83 hmm = kmalloc(sizeof(*hmm), GFP_KERNEL);
84 if (!hmm)
85 return NULL;
86 INIT_LIST_HEAD(&hmm->mirrors);
87 init_rwsem(&hmm->mirrors_sem);
88 atomic_set(&hmm->sequence, 0);
89 hmm->mmu_notifier.ops = NULL;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -070090 INIT_LIST_HEAD(&hmm->ranges);
91 spin_lock_init(&hmm->lock);
Jérôme Glissec0b12402017-09-08 16:11:27 -070092 hmm->mm = mm;
93
94 /*
95 * We should only get here if hold the mmap_sem in write mode ie on
96 * registration of first mirror through hmm_mirror_register()
97 */
98 hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops;
99 if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) {
100 kfree(hmm);
101 return NULL;
102 }
103
104 spin_lock(&mm->page_table_lock);
105 if (!mm->hmm)
106 mm->hmm = hmm;
107 else
108 cleanup = true;
109 spin_unlock(&mm->page_table_lock);
110
111 if (cleanup) {
112 mmu_notifier_unregister(&hmm->mmu_notifier, mm);
113 kfree(hmm);
114 }
115
Jérôme Glisse133ff0e2017-09-08 16:11:23 -0700116 return mm->hmm;
117}
118
119void hmm_mm_destroy(struct mm_struct *mm)
120{
121 kfree(mm->hmm);
122}
Jérôme Glissec0b12402017-09-08 16:11:27 -0700123
Jérôme Glissec0b12402017-09-08 16:11:27 -0700124static void hmm_invalidate_range(struct hmm *hmm,
125 enum hmm_update_type action,
126 unsigned long start,
127 unsigned long end)
128{
129 struct hmm_mirror *mirror;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700130 struct hmm_range *range;
131
132 spin_lock(&hmm->lock);
133 list_for_each_entry(range, &hmm->ranges, list) {
134 unsigned long addr, idx, npages;
135
136 if (end < range->start || start >= range->end)
137 continue;
138
139 range->valid = false;
140 addr = max(start, range->start);
141 idx = (addr - range->start) >> PAGE_SHIFT;
142 npages = (min(range->end, end) - addr) >> PAGE_SHIFT;
143 memset(&range->pfns[idx], 0, sizeof(*range->pfns) * npages);
144 }
145 spin_unlock(&hmm->lock);
Jérôme Glissec0b12402017-09-08 16:11:27 -0700146
147 down_read(&hmm->mirrors_sem);
148 list_for_each_entry(mirror, &hmm->mirrors, list)
149 mirror->ops->sync_cpu_device_pagetables(mirror, action,
150 start, end);
151 up_read(&hmm->mirrors_sem);
152}
153
Ralph Campbelle1401512018-04-10 16:28:19 -0700154static void hmm_release(struct mmu_notifier *mn, struct mm_struct *mm)
155{
156 struct hmm_mirror *mirror;
157 struct hmm *hmm = mm->hmm;
158
159 down_write(&hmm->mirrors_sem);
160 mirror = list_first_entry_or_null(&hmm->mirrors, struct hmm_mirror,
161 list);
162 while (mirror) {
163 list_del_init(&mirror->list);
164 if (mirror->ops->release) {
165 /*
166 * Drop mirrors_sem so callback can wait on any pending
167 * work that might itself trigger mmu_notifier callback
168 * and thus would deadlock with us.
169 */
170 up_write(&hmm->mirrors_sem);
171 mirror->ops->release(mirror);
172 down_write(&hmm->mirrors_sem);
173 }
174 mirror = list_first_entry_or_null(&hmm->mirrors,
175 struct hmm_mirror, list);
176 }
177 up_write(&hmm->mirrors_sem);
178}
179
Jérôme Glissec0b12402017-09-08 16:11:27 -0700180static void hmm_invalidate_range_start(struct mmu_notifier *mn,
181 struct mm_struct *mm,
182 unsigned long start,
183 unsigned long end)
184{
185 struct hmm *hmm = mm->hmm;
186
187 VM_BUG_ON(!hmm);
188
189 atomic_inc(&hmm->sequence);
190}
191
192static void hmm_invalidate_range_end(struct mmu_notifier *mn,
193 struct mm_struct *mm,
194 unsigned long start,
195 unsigned long end)
196{
197 struct hmm *hmm = mm->hmm;
198
199 VM_BUG_ON(!hmm);
200
201 hmm_invalidate_range(mm->hmm, HMM_UPDATE_INVALIDATE, start, end);
202}
203
204static const struct mmu_notifier_ops hmm_mmu_notifier_ops = {
Ralph Campbelle1401512018-04-10 16:28:19 -0700205 .release = hmm_release,
Jérôme Glissec0b12402017-09-08 16:11:27 -0700206 .invalidate_range_start = hmm_invalidate_range_start,
207 .invalidate_range_end = hmm_invalidate_range_end,
208};
209
210/*
211 * hmm_mirror_register() - register a mirror against an mm
212 *
213 * @mirror: new mirror struct to register
214 * @mm: mm to register against
215 *
216 * To start mirroring a process address space, the device driver must register
217 * an HMM mirror struct.
218 *
219 * THE mm->mmap_sem MUST BE HELD IN WRITE MODE !
220 */
221int hmm_mirror_register(struct hmm_mirror *mirror, struct mm_struct *mm)
222{
223 /* Sanity check */
224 if (!mm || !mirror || !mirror->ops)
225 return -EINVAL;
226
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700227again:
Jérôme Glissec0b12402017-09-08 16:11:27 -0700228 mirror->hmm = hmm_register(mm);
229 if (!mirror->hmm)
230 return -ENOMEM;
231
232 down_write(&mirror->hmm->mirrors_sem);
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700233 if (mirror->hmm->mm == NULL) {
234 /*
235 * A racing hmm_mirror_unregister() is about to destroy the hmm
236 * struct. Try again to allocate a new one.
237 */
238 up_write(&mirror->hmm->mirrors_sem);
239 mirror->hmm = NULL;
240 goto again;
241 } else {
242 list_add(&mirror->list, &mirror->hmm->mirrors);
243 up_write(&mirror->hmm->mirrors_sem);
244 }
Jérôme Glissec0b12402017-09-08 16:11:27 -0700245
246 return 0;
247}
248EXPORT_SYMBOL(hmm_mirror_register);
249
250/*
251 * hmm_mirror_unregister() - unregister a mirror
252 *
253 * @mirror: new mirror struct to register
254 *
255 * Stop mirroring a process address space, and cleanup.
256 */
257void hmm_mirror_unregister(struct hmm_mirror *mirror)
258{
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700259 bool should_unregister = false;
260 struct mm_struct *mm;
261 struct hmm *hmm;
Jérôme Glissec0b12402017-09-08 16:11:27 -0700262
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700263 if (mirror->hmm == NULL)
264 return;
265
266 hmm = mirror->hmm;
Jérôme Glissec0b12402017-09-08 16:11:27 -0700267 down_write(&hmm->mirrors_sem);
Ralph Campbelle1401512018-04-10 16:28:19 -0700268 list_del_init(&mirror->list);
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700269 should_unregister = list_empty(&hmm->mirrors);
270 mirror->hmm = NULL;
271 mm = hmm->mm;
272 hmm->mm = NULL;
Jérôme Glissec0b12402017-09-08 16:11:27 -0700273 up_write(&hmm->mirrors_sem);
Jérôme Glissec01cbba2018-04-10 16:28:23 -0700274
275 if (!should_unregister || mm == NULL)
276 return;
277
278 spin_lock(&mm->page_table_lock);
279 if (mm->hmm == hmm)
280 mm->hmm = NULL;
281 spin_unlock(&mm->page_table_lock);
282
283 mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm);
284 kfree(hmm);
Jérôme Glissec0b12402017-09-08 16:11:27 -0700285}
286EXPORT_SYMBOL(hmm_mirror_unregister);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700287
Jérôme Glisse74eee182017-09-08 16:11:35 -0700288struct hmm_vma_walk {
289 struct hmm_range *range;
290 unsigned long last;
291 bool fault;
292 bool block;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700293};
294
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700295static int hmm_vma_do_fault(struct mm_walk *walk, unsigned long addr,
296 bool write_fault, uint64_t *pfn)
Jérôme Glisse74eee182017-09-08 16:11:35 -0700297{
298 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_REMOTE;
299 struct hmm_vma_walk *hmm_vma_walk = walk->private;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700300 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700301 struct vm_area_struct *vma = walk->vma;
302 int r;
303
304 flags |= hmm_vma_walk->block ? 0 : FAULT_FLAG_ALLOW_RETRY;
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700305 flags |= write_fault ? FAULT_FLAG_WRITE : 0;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700306 r = handle_mm_fault(vma, addr, flags);
307 if (r & VM_FAULT_RETRY)
308 return -EBUSY;
309 if (r & VM_FAULT_ERROR) {
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700310 *pfn = range->values[HMM_PFN_ERROR];
Jérôme Glisse74eee182017-09-08 16:11:35 -0700311 return -EFAULT;
312 }
313
314 return -EAGAIN;
315}
316
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700317static int hmm_pfns_bad(unsigned long addr,
318 unsigned long end,
319 struct mm_walk *walk)
320{
Jérôme Glissec7195472018-04-10 16:28:27 -0700321 struct hmm_vma_walk *hmm_vma_walk = walk->private;
322 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisseff05c0c2018-04-10 16:28:38 -0700323 uint64_t *pfns = range->pfns;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700324 unsigned long i;
325
326 i = (addr - range->start) >> PAGE_SHIFT;
327 for (; addr < end; addr += PAGE_SIZE, i++)
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700328 pfns[i] = range->values[HMM_PFN_ERROR];
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700329
330 return 0;
331}
332
Jérôme Glisse5504ed22018-04-10 16:28:46 -0700333/*
334 * hmm_vma_walk_hole() - handle a range lacking valid pmd or pte(s)
335 * @start: range virtual start address (inclusive)
336 * @end: range virtual end address (exclusive)
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700337 * @fault: should we fault or not ?
338 * @write_fault: write fault ?
Jérôme Glisse5504ed22018-04-10 16:28:46 -0700339 * @walk: mm_walk structure
340 * Returns: 0 on success, -EAGAIN after page fault, or page fault error
341 *
342 * This function will be called whenever pmd_none() or pte_none() returns true,
343 * or whenever there is no page directory covering the virtual address range.
344 */
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700345static int hmm_vma_walk_hole_(unsigned long addr, unsigned long end,
346 bool fault, bool write_fault,
347 struct mm_walk *walk)
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700348{
Jérôme Glisse74eee182017-09-08 16:11:35 -0700349 struct hmm_vma_walk *hmm_vma_walk = walk->private;
350 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisseff05c0c2018-04-10 16:28:38 -0700351 uint64_t *pfns = range->pfns;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700352 unsigned long i;
353
Jérôme Glisse74eee182017-09-08 16:11:35 -0700354 hmm_vma_walk->last = addr;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700355 i = (addr - range->start) >> PAGE_SHIFT;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700356 for (; addr < end; addr += PAGE_SIZE, i++) {
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700357 pfns[i] = range->values[HMM_PFN_NONE];
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700358 if (fault || write_fault) {
Jérôme Glisse74eee182017-09-08 16:11:35 -0700359 int ret;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700360
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700361 ret = hmm_vma_do_fault(walk, addr, write_fault,
362 &pfns[i]);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700363 if (ret != -EAGAIN)
364 return ret;
365 }
366 }
367
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700368 return (fault || write_fault) ? -EAGAIN : 0;
369}
370
371static inline void hmm_pte_need_fault(const struct hmm_vma_walk *hmm_vma_walk,
372 uint64_t pfns, uint64_t cpu_flags,
373 bool *fault, bool *write_fault)
374{
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700375 struct hmm_range *range = hmm_vma_walk->range;
376
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700377 *fault = *write_fault = false;
378 if (!hmm_vma_walk->fault)
379 return;
380
381 /* We aren't ask to do anything ... */
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700382 if (!(pfns & range->flags[HMM_PFN_VALID]))
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700383 return;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700384 /* If this is device memory than only fault if explicitly requested */
385 if ((cpu_flags & range->flags[HMM_PFN_DEVICE_PRIVATE])) {
386 /* Do we fault on device memory ? */
387 if (pfns & range->flags[HMM_PFN_DEVICE_PRIVATE]) {
388 *write_fault = pfns & range->flags[HMM_PFN_WRITE];
389 *fault = true;
390 }
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700391 return;
392 }
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700393
394 /* If CPU page table is not valid then we need to fault */
395 *fault = !(cpu_flags & range->flags[HMM_PFN_VALID]);
396 /* Need to write fault ? */
397 if ((pfns & range->flags[HMM_PFN_WRITE]) &&
398 !(cpu_flags & range->flags[HMM_PFN_WRITE])) {
399 *write_fault = true;
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700400 *fault = true;
401 }
402}
403
404static void hmm_range_need_fault(const struct hmm_vma_walk *hmm_vma_walk,
405 const uint64_t *pfns, unsigned long npages,
406 uint64_t cpu_flags, bool *fault,
407 bool *write_fault)
408{
409 unsigned long i;
410
411 if (!hmm_vma_walk->fault) {
412 *fault = *write_fault = false;
413 return;
414 }
415
416 for (i = 0; i < npages; ++i) {
417 hmm_pte_need_fault(hmm_vma_walk, pfns[i], cpu_flags,
418 fault, write_fault);
419 if ((*fault) || (*write_fault))
420 return;
421 }
422}
423
424static int hmm_vma_walk_hole(unsigned long addr, unsigned long end,
425 struct mm_walk *walk)
426{
427 struct hmm_vma_walk *hmm_vma_walk = walk->private;
428 struct hmm_range *range = hmm_vma_walk->range;
429 bool fault, write_fault;
430 unsigned long i, npages;
431 uint64_t *pfns;
432
433 i = (addr - range->start) >> PAGE_SHIFT;
434 npages = (end - addr) >> PAGE_SHIFT;
435 pfns = &range->pfns[i];
436 hmm_range_need_fault(hmm_vma_walk, pfns, npages,
437 0, &fault, &write_fault);
438 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
439}
440
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700441static inline uint64_t pmd_to_hmm_pfn_flags(struct hmm_range *range, pmd_t pmd)
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700442{
443 if (pmd_protnone(pmd))
444 return 0;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700445 return pmd_write(pmd) ? range->flags[HMM_PFN_VALID] |
446 range->flags[HMM_PFN_WRITE] :
447 range->flags[HMM_PFN_VALID];
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700448}
449
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700450static int hmm_vma_handle_pmd(struct mm_walk *walk,
451 unsigned long addr,
452 unsigned long end,
453 uint64_t *pfns,
454 pmd_t pmd)
455{
456 struct hmm_vma_walk *hmm_vma_walk = walk->private;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700457 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700458 unsigned long pfn, npages, i;
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700459 bool fault, write_fault;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700460 uint64_t cpu_flags;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700461
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700462 npages = (end - addr) >> PAGE_SHIFT;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700463 cpu_flags = pmd_to_hmm_pfn_flags(range, pmd);
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700464 hmm_range_need_fault(hmm_vma_walk, pfns, npages, cpu_flags,
465 &fault, &write_fault);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700466
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700467 if (pmd_protnone(pmd) || fault || write_fault)
468 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700469
470 pfn = pmd_pfn(pmd) + pte_index(addr);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700471 for (i = 0; addr < end; addr += PAGE_SIZE, i++, pfn++)
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700472 pfns[i] = hmm_pfn_from_pfn(range, pfn) | cpu_flags;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700473 hmm_vma_walk->last = end;
474 return 0;
475}
476
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700477static inline uint64_t pte_to_hmm_pfn_flags(struct hmm_range *range, pte_t pte)
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700478{
479 if (pte_none(pte) || !pte_present(pte))
480 return 0;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700481 return pte_write(pte) ? range->flags[HMM_PFN_VALID] |
482 range->flags[HMM_PFN_WRITE] :
483 range->flags[HMM_PFN_VALID];
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700484}
485
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700486static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr,
487 unsigned long end, pmd_t *pmdp, pte_t *ptep,
488 uint64_t *pfn)
489{
490 struct hmm_vma_walk *hmm_vma_walk = walk->private;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700491 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700492 struct vm_area_struct *vma = walk->vma;
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700493 bool fault, write_fault;
494 uint64_t cpu_flags;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700495 pte_t pte = *ptep;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700496 uint64_t orig_pfn = *pfn;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700497
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700498 *pfn = range->values[HMM_PFN_NONE];
499 cpu_flags = pte_to_hmm_pfn_flags(range, pte);
500 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags,
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700501 &fault, &write_fault);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700502
503 if (pte_none(pte)) {
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700504 if (fault || write_fault)
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700505 goto fault;
506 return 0;
507 }
508
509 if (!pte_present(pte)) {
510 swp_entry_t entry = pte_to_swp_entry(pte);
511
512 if (!non_swap_entry(entry)) {
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700513 if (fault || write_fault)
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700514 goto fault;
515 return 0;
516 }
517
518 /*
519 * This is a special swap entry, ignore migration, use
520 * device and report anything else as error.
521 */
522 if (is_device_private_entry(entry)) {
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700523 cpu_flags = range->flags[HMM_PFN_VALID] |
524 range->flags[HMM_PFN_DEVICE_PRIVATE];
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700525 cpu_flags |= is_write_device_private_entry(entry) ?
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700526 range->flags[HMM_PFN_WRITE] : 0;
527 hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags,
528 &fault, &write_fault);
529 if (fault || write_fault)
530 goto fault;
531 *pfn = hmm_pfn_from_pfn(range, swp_offset(entry));
532 *pfn |= cpu_flags;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700533 return 0;
534 }
535
536 if (is_migration_entry(entry)) {
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700537 if (fault || write_fault) {
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700538 pte_unmap(ptep);
539 hmm_vma_walk->last = addr;
540 migration_entry_wait(vma->vm_mm,
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700541 pmdp, addr);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700542 return -EAGAIN;
543 }
544 return 0;
545 }
546
547 /* Report error for everything else */
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700548 *pfn = range->values[HMM_PFN_ERROR];
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700549 return -EFAULT;
550 }
551
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700552 if (fault || write_fault)
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700553 goto fault;
554
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700555 *pfn = hmm_pfn_from_pfn(range, pte_pfn(pte)) | cpu_flags;
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700556 return 0;
557
558fault:
559 pte_unmap(ptep);
560 /* Fault any virtual address we were asked to fault */
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700561 return hmm_vma_walk_hole_(addr, end, fault, write_fault, walk);
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700562}
563
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700564static int hmm_vma_walk_pmd(pmd_t *pmdp,
565 unsigned long start,
566 unsigned long end,
567 struct mm_walk *walk)
568{
Jérôme Glisse74eee182017-09-08 16:11:35 -0700569 struct hmm_vma_walk *hmm_vma_walk = walk->private;
570 struct hmm_range *range = hmm_vma_walk->range;
Jérôme Glisseff05c0c2018-04-10 16:28:38 -0700571 uint64_t *pfns = range->pfns;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700572 unsigned long addr = start, i;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700573 pte_t *ptep;
574
575 i = (addr - range->start) >> PAGE_SHIFT;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700576
577again:
578 if (pmd_none(*pmdp))
579 return hmm_vma_walk_hole(start, end, walk);
580
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700581 if (pmd_huge(*pmdp) && (range->vma->vm_flags & VM_HUGETLB))
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700582 return hmm_pfns_bad(start, end, walk);
583
584 if (pmd_devmap(*pmdp) || pmd_trans_huge(*pmdp)) {
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700585 pmd_t pmd;
586
587 /*
588 * No need to take pmd_lock here, even if some other threads
589 * is splitting the huge pmd we will get that event through
590 * mmu_notifier callback.
591 *
592 * So just read pmd value and check again its a transparent
593 * huge or device mapping one and compute corresponding pfn
594 * values.
595 */
596 pmd = pmd_read_atomic(pmdp);
597 barrier();
598 if (!pmd_devmap(pmd) && !pmd_trans_huge(pmd))
599 goto again;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700600
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700601 return hmm_vma_handle_pmd(walk, addr, end, &pfns[i], pmd);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700602 }
603
604 if (pmd_bad(*pmdp))
605 return hmm_pfns_bad(start, end, walk);
606
607 ptep = pte_offset_map(pmdp, addr);
608 for (; addr < end; addr += PAGE_SIZE, ptep++, i++) {
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700609 int r;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700610
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700611 r = hmm_vma_handle_pte(walk, addr, end, pmdp, ptep, &pfns[i]);
612 if (r) {
613 /* hmm_vma_handle_pte() did unmap pte directory */
614 hmm_vma_walk->last = addr;
615 return r;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700616 }
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700617 }
618 pte_unmap(ptep - 1);
619
Jérôme Glisse53f5c3f2018-04-10 16:28:59 -0700620 hmm_vma_walk->last = addr;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700621 return 0;
622}
623
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700624static void hmm_pfns_clear(struct hmm_range *range,
625 uint64_t *pfns,
Jérôme Glisse33cd47d2018-04-10 16:28:54 -0700626 unsigned long addr,
627 unsigned long end)
628{
629 for (; addr < end; addr += PAGE_SIZE, pfns++)
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700630 *pfns = range->values[HMM_PFN_NONE];
Jérôme Glisse33cd47d2018-04-10 16:28:54 -0700631}
632
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700633static void hmm_pfns_special(struct hmm_range *range)
634{
635 unsigned long addr = range->start, i = 0;
636
637 for (; addr < range->end; addr += PAGE_SIZE, i++)
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700638 range->pfns[i] = range->values[HMM_PFN_SPECIAL];
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700639}
640
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700641/*
642 * hmm_vma_get_pfns() - snapshot CPU page table for a range of virtual addresses
Jérôme Glisse08232a42018-04-10 16:28:30 -0700643 * @range: range being snapshotted
Jérôme Glisse86586a42018-04-10 16:28:34 -0700644 * Returns: -EINVAL if invalid argument, -ENOMEM out of memory, -EPERM invalid
645 * vma permission, 0 success
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700646 *
647 * This snapshots the CPU page table for a range of virtual addresses. Snapshot
648 * validity is tracked by range struct. See hmm_vma_range_done() for further
649 * information.
650 *
651 * The range struct is initialized here. It tracks the CPU page table, but only
652 * if the function returns success (0), in which case the caller must then call
653 * hmm_vma_range_done() to stop CPU page table update tracking on this range.
654 *
655 * NOT CALLING hmm_vma_range_done() IF FUNCTION RETURNS 0 WILL LEAD TO SERIOUS
656 * MEMORY CORRUPTION ! YOU HAVE BEEN WARNED !
657 */
Jérôme Glisse08232a42018-04-10 16:28:30 -0700658int hmm_vma_get_pfns(struct hmm_range *range)
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700659{
Jérôme Glisse08232a42018-04-10 16:28:30 -0700660 struct vm_area_struct *vma = range->vma;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700661 struct hmm_vma_walk hmm_vma_walk;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700662 struct mm_walk mm_walk;
663 struct hmm *hmm;
664
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700665 /* Sanity check, this really should not happen ! */
Jérôme Glisse08232a42018-04-10 16:28:30 -0700666 if (range->start < vma->vm_start || range->start >= vma->vm_end)
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700667 return -EINVAL;
Jérôme Glisse08232a42018-04-10 16:28:30 -0700668 if (range->end < vma->vm_start || range->end > vma->vm_end)
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700669 return -EINVAL;
670
671 hmm = hmm_register(vma->vm_mm);
672 if (!hmm)
673 return -ENOMEM;
674 /* Caller must have registered a mirror, via hmm_mirror_register() ! */
675 if (!hmm->mmu_notifier.ops)
676 return -EINVAL;
677
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700678 /* FIXME support hugetlb fs */
Dave Jiange1fb4a02018-08-17 15:43:40 -0700679 if (is_vm_hugetlb_page(vma) || (vma->vm_flags & VM_SPECIAL) ||
680 vma_is_dax(vma)) {
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700681 hmm_pfns_special(range);
682 return -EINVAL;
683 }
684
Jérôme Glisse86586a42018-04-10 16:28:34 -0700685 if (!(vma->vm_flags & VM_READ)) {
686 /*
687 * If vma do not allow read access, then assume that it does
688 * not allow write access, either. Architecture that allow
689 * write without read access are not supported by HMM, because
690 * operations such has atomic access would not work.
691 */
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700692 hmm_pfns_clear(range, range->pfns, range->start, range->end);
Jérôme Glisse86586a42018-04-10 16:28:34 -0700693 return -EPERM;
694 }
695
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700696 /* Initialize range to track CPU page table update */
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700697 spin_lock(&hmm->lock);
698 range->valid = true;
699 list_add_rcu(&range->list, &hmm->ranges);
700 spin_unlock(&hmm->lock);
701
Jérôme Glisse74eee182017-09-08 16:11:35 -0700702 hmm_vma_walk.fault = false;
703 hmm_vma_walk.range = range;
704 mm_walk.private = &hmm_vma_walk;
705
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700706 mm_walk.vma = vma;
707 mm_walk.mm = vma->vm_mm;
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700708 mm_walk.pte_entry = NULL;
709 mm_walk.test_walk = NULL;
710 mm_walk.hugetlb_entry = NULL;
711 mm_walk.pmd_entry = hmm_vma_walk_pmd;
712 mm_walk.pte_hole = hmm_vma_walk_hole;
713
Jérôme Glisse08232a42018-04-10 16:28:30 -0700714 walk_page_range(range->start, range->end, &mm_walk);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700715 return 0;
716}
717EXPORT_SYMBOL(hmm_vma_get_pfns);
718
719/*
720 * hmm_vma_range_done() - stop tracking change to CPU page table over a range
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700721 * @range: range being tracked
722 * Returns: false if range data has been invalidated, true otherwise
723 *
724 * Range struct is used to track updates to the CPU page table after a call to
725 * either hmm_vma_get_pfns() or hmm_vma_fault(). Once the device driver is done
726 * using the data, or wants to lock updates to the data it got from those
727 * functions, it must call the hmm_vma_range_done() function, which will then
728 * stop tracking CPU page table updates.
729 *
730 * Note that device driver must still implement general CPU page table update
731 * tracking either by using hmm_mirror (see hmm_mirror_register()) or by using
732 * the mmu_notifier API directly.
733 *
734 * CPU page table update tracking done through hmm_range is only temporary and
735 * to be used while trying to duplicate CPU page table contents for a range of
736 * virtual addresses.
737 *
738 * There are two ways to use this :
739 * again:
Jérôme Glisse08232a42018-04-10 16:28:30 -0700740 * hmm_vma_get_pfns(range); or hmm_vma_fault(...);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700741 * trans = device_build_page_table_update_transaction(pfns);
742 * device_page_table_lock();
Jérôme Glisse08232a42018-04-10 16:28:30 -0700743 * if (!hmm_vma_range_done(range)) {
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700744 * device_page_table_unlock();
745 * goto again;
746 * }
747 * device_commit_transaction(trans);
748 * device_page_table_unlock();
749 *
750 * Or:
Jérôme Glisse08232a42018-04-10 16:28:30 -0700751 * hmm_vma_get_pfns(range); or hmm_vma_fault(...);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700752 * device_page_table_lock();
Jérôme Glisse08232a42018-04-10 16:28:30 -0700753 * hmm_vma_range_done(range);
754 * device_update_page_table(range->pfns);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700755 * device_page_table_unlock();
756 */
Jérôme Glisse08232a42018-04-10 16:28:30 -0700757bool hmm_vma_range_done(struct hmm_range *range)
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700758{
759 unsigned long npages = (range->end - range->start) >> PAGE_SHIFT;
760 struct hmm *hmm;
761
762 if (range->end <= range->start) {
763 BUG();
764 return false;
765 }
766
Jérôme Glisse08232a42018-04-10 16:28:30 -0700767 hmm = hmm_register(range->vma->vm_mm);
Jérôme Glisseda4c3c72017-09-08 16:11:31 -0700768 if (!hmm) {
769 memset(range->pfns, 0, sizeof(*range->pfns) * npages);
770 return false;
771 }
772
773 spin_lock(&hmm->lock);
774 list_del_rcu(&range->list);
775 spin_unlock(&hmm->lock);
776
777 return range->valid;
778}
779EXPORT_SYMBOL(hmm_vma_range_done);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700780
781/*
782 * hmm_vma_fault() - try to fault some address in a virtual address range
Jérôme Glisse08232a42018-04-10 16:28:30 -0700783 * @range: range being faulted
Jérôme Glisse74eee182017-09-08 16:11:35 -0700784 * @block: allow blocking on fault (if true it sleeps and do not drop mmap_sem)
785 * Returns: 0 success, error otherwise (-EAGAIN means mmap_sem have been drop)
786 *
787 * This is similar to a regular CPU page fault except that it will not trigger
788 * any memory migration if the memory being faulted is not accessible by CPUs.
789 *
Jérôme Glisseff05c0c2018-04-10 16:28:38 -0700790 * On error, for one virtual address in the range, the function will mark the
791 * corresponding HMM pfn entry with an error flag.
Jérôme Glisse74eee182017-09-08 16:11:35 -0700792 *
793 * Expected use pattern:
794 * retry:
795 * down_read(&mm->mmap_sem);
796 * // Find vma and address device wants to fault, initialize hmm_pfn_t
797 * // array accordingly
Jérôme Glisse08232a42018-04-10 16:28:30 -0700798 * ret = hmm_vma_fault(range, write, block);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700799 * switch (ret) {
800 * case -EAGAIN:
Jérôme Glisse08232a42018-04-10 16:28:30 -0700801 * hmm_vma_range_done(range);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700802 * // You might want to rate limit or yield to play nicely, you may
803 * // also commit any valid pfn in the array assuming that you are
804 * // getting true from hmm_vma_range_monitor_end()
805 * goto retry;
806 * case 0:
807 * break;
Jérôme Glisse86586a42018-04-10 16:28:34 -0700808 * case -ENOMEM:
809 * case -EINVAL:
810 * case -EPERM:
Jérôme Glisse74eee182017-09-08 16:11:35 -0700811 * default:
812 * // Handle error !
813 * up_read(&mm->mmap_sem)
814 * return;
815 * }
816 * // Take device driver lock that serialize device page table update
817 * driver_lock_device_page_table_update();
Jérôme Glisse08232a42018-04-10 16:28:30 -0700818 * hmm_vma_range_done(range);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700819 * // Commit pfns we got from hmm_vma_fault()
820 * driver_unlock_device_page_table_update();
821 * up_read(&mm->mmap_sem)
822 *
823 * YOU MUST CALL hmm_vma_range_done() AFTER THIS FUNCTION RETURN SUCCESS (0)
824 * BEFORE FREEING THE range struct OR YOU WILL HAVE SERIOUS MEMORY CORRUPTION !
825 *
826 * YOU HAVE BEEN WARNED !
827 */
Jérôme Glisse2aee09d2018-04-10 16:29:02 -0700828int hmm_vma_fault(struct hmm_range *range, bool block)
Jérôme Glisse74eee182017-09-08 16:11:35 -0700829{
Jérôme Glisse08232a42018-04-10 16:28:30 -0700830 struct vm_area_struct *vma = range->vma;
831 unsigned long start = range->start;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700832 struct hmm_vma_walk hmm_vma_walk;
833 struct mm_walk mm_walk;
834 struct hmm *hmm;
835 int ret;
836
837 /* Sanity check, this really should not happen ! */
Jérôme Glisse08232a42018-04-10 16:28:30 -0700838 if (range->start < vma->vm_start || range->start >= vma->vm_end)
Jérôme Glisse74eee182017-09-08 16:11:35 -0700839 return -EINVAL;
Jérôme Glisse08232a42018-04-10 16:28:30 -0700840 if (range->end < vma->vm_start || range->end > vma->vm_end)
Jérôme Glisse74eee182017-09-08 16:11:35 -0700841 return -EINVAL;
842
843 hmm = hmm_register(vma->vm_mm);
844 if (!hmm) {
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700845 hmm_pfns_clear(range, range->pfns, range->start, range->end);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700846 return -ENOMEM;
847 }
848 /* Caller must have registered a mirror using hmm_mirror_register() */
849 if (!hmm->mmu_notifier.ops)
850 return -EINVAL;
851
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700852 /* FIXME support hugetlb fs */
Dave Jiange1fb4a02018-08-17 15:43:40 -0700853 if (is_vm_hugetlb_page(vma) || (vma->vm_flags & VM_SPECIAL) ||
854 vma_is_dax(vma)) {
Jérôme Glisse855ce7d2018-04-10 16:28:42 -0700855 hmm_pfns_special(range);
856 return -EINVAL;
857 }
858
Jérôme Glisse86586a42018-04-10 16:28:34 -0700859 if (!(vma->vm_flags & VM_READ)) {
860 /*
861 * If vma do not allow read access, then assume that it does
862 * not allow write access, either. Architecture that allow
863 * write without read access are not supported by HMM, because
864 * operations such has atomic access would not work.
865 */
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700866 hmm_pfns_clear(range, range->pfns, range->start, range->end);
Jérôme Glisse86586a42018-04-10 16:28:34 -0700867 return -EPERM;
868 }
Jérôme Glisse74eee182017-09-08 16:11:35 -0700869
Jérôme Glisse86586a42018-04-10 16:28:34 -0700870 /* Initialize range to track CPU page table update */
871 spin_lock(&hmm->lock);
872 range->valid = true;
873 list_add_rcu(&range->list, &hmm->ranges);
874 spin_unlock(&hmm->lock);
875
Jérôme Glisse74eee182017-09-08 16:11:35 -0700876 hmm_vma_walk.fault = true;
Jérôme Glisse74eee182017-09-08 16:11:35 -0700877 hmm_vma_walk.block = block;
878 hmm_vma_walk.range = range;
879 mm_walk.private = &hmm_vma_walk;
880 hmm_vma_walk.last = range->start;
881
882 mm_walk.vma = vma;
883 mm_walk.mm = vma->vm_mm;
884 mm_walk.pte_entry = NULL;
885 mm_walk.test_walk = NULL;
886 mm_walk.hugetlb_entry = NULL;
887 mm_walk.pmd_entry = hmm_vma_walk_pmd;
888 mm_walk.pte_hole = hmm_vma_walk_hole;
889
890 do {
Jérôme Glisse08232a42018-04-10 16:28:30 -0700891 ret = walk_page_range(start, range->end, &mm_walk);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700892 start = hmm_vma_walk.last;
893 } while (ret == -EAGAIN);
894
895 if (ret) {
896 unsigned long i;
897
898 i = (hmm_vma_walk.last - range->start) >> PAGE_SHIFT;
Jérôme Glissef88a1e92018-04-10 16:29:06 -0700899 hmm_pfns_clear(range, &range->pfns[i], hmm_vma_walk.last,
900 range->end);
Jérôme Glisse08232a42018-04-10 16:28:30 -0700901 hmm_vma_range_done(range);
Jérôme Glisse74eee182017-09-08 16:11:35 -0700902 }
903 return ret;
904}
905EXPORT_SYMBOL(hmm_vma_fault);
Jérôme Glissec0b12402017-09-08 16:11:27 -0700906#endif /* IS_ENABLED(CONFIG_HMM_MIRROR) */
Jérôme Glisse4ef589d2017-09-08 16:11:58 -0700907
908
Jérôme Glissedf6ad692017-09-08 16:12:24 -0700909#if IS_ENABLED(CONFIG_DEVICE_PRIVATE) || IS_ENABLED(CONFIG_DEVICE_PUBLIC)
Jérôme Glisse4ef589d2017-09-08 16:11:58 -0700910struct page *hmm_vma_alloc_locked_page(struct vm_area_struct *vma,
911 unsigned long addr)
912{
913 struct page *page;
914
915 page = alloc_page_vma(GFP_HIGHUSER, vma, addr);
916 if (!page)
917 return NULL;
918 lock_page(page);
919 return page;
920}
921EXPORT_SYMBOL(hmm_vma_alloc_locked_page);
922
923
924static void hmm_devmem_ref_release(struct percpu_ref *ref)
925{
926 struct hmm_devmem *devmem;
927
928 devmem = container_of(ref, struct hmm_devmem, ref);
929 complete(&devmem->completion);
930}
931
932static void hmm_devmem_ref_exit(void *data)
933{
934 struct percpu_ref *ref = data;
935 struct hmm_devmem *devmem;
936
937 devmem = container_of(ref, struct hmm_devmem, ref);
938 percpu_ref_exit(ref);
939 devm_remove_action(devmem->device, &hmm_devmem_ref_exit, data);
940}
941
942static void hmm_devmem_ref_kill(void *data)
943{
944 struct percpu_ref *ref = data;
945 struct hmm_devmem *devmem;
946
947 devmem = container_of(ref, struct hmm_devmem, ref);
948 percpu_ref_kill(ref);
949 wait_for_completion(&devmem->completion);
950 devm_remove_action(devmem->device, &hmm_devmem_ref_kill, data);
951}
952
953static int hmm_devmem_fault(struct vm_area_struct *vma,
954 unsigned long addr,
955 const struct page *page,
956 unsigned int flags,
957 pmd_t *pmdp)
958{
959 struct hmm_devmem *devmem = page->pgmap->data;
960
961 return devmem->ops->fault(devmem, vma, addr, page, flags, pmdp);
962}
963
964static void hmm_devmem_free(struct page *page, void *data)
965{
966 struct hmm_devmem *devmem = data;
967
968 devmem->ops->free(devmem, page);
969}
970
971static DEFINE_MUTEX(hmm_devmem_lock);
972static RADIX_TREE(hmm_devmem_radix, GFP_KERNEL);
973
974static void hmm_devmem_radix_release(struct resource *resource)
975{
Colin Ian Kingfec11bc2017-11-15 17:38:52 -0800976 resource_size_t key, align_start, align_size;
Jérôme Glisse4ef589d2017-09-08 16:11:58 -0700977
978 align_start = resource->start & ~(PA_SECTION_SIZE - 1);
979 align_size = ALIGN(resource_size(resource), PA_SECTION_SIZE);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -0700980
981 mutex_lock(&hmm_devmem_lock);
982 for (key = resource->start;
983 key <= resource->end;
984 key += PA_SECTION_SIZE)
985 radix_tree_delete(&hmm_devmem_radix, key >> PA_SECTION_SHIFT);
986 mutex_unlock(&hmm_devmem_lock);
987}
988
989static void hmm_devmem_release(struct device *dev, void *data)
990{
991 struct hmm_devmem *devmem = data;
992 struct resource *resource = devmem->resource;
993 unsigned long start_pfn, npages;
994 struct zone *zone;
995 struct page *page;
996
997 if (percpu_ref_tryget_live(&devmem->ref)) {
998 dev_WARN(dev, "%s: page mapping is still live!\n", __func__);
999 percpu_ref_put(&devmem->ref);
1000 }
1001
1002 /* pages are dead and unused, undo the arch mapping */
1003 start_pfn = (resource->start & ~(PA_SECTION_SIZE - 1)) >> PAGE_SHIFT;
1004 npages = ALIGN(resource_size(resource), PA_SECTION_SIZE) >> PAGE_SHIFT;
1005
1006 page = pfn_to_page(start_pfn);
1007 zone = page_zone(page);
1008
1009 mem_hotplug_begin();
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001010 if (resource->desc == IORES_DESC_DEVICE_PRIVATE_MEMORY)
Christoph Hellwigda024512017-12-29 08:53:55 +01001011 __remove_pages(zone, start_pfn, npages, NULL);
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001012 else
1013 arch_remove_memory(start_pfn << PAGE_SHIFT,
Christoph Hellwigda024512017-12-29 08:53:55 +01001014 npages << PAGE_SHIFT, NULL);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001015 mem_hotplug_done();
1016
1017 hmm_devmem_radix_release(resource);
1018}
1019
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001020static int hmm_devmem_pages_create(struct hmm_devmem *devmem)
1021{
1022 resource_size_t key, align_start, align_size, align_end;
1023 struct device *device = devmem->device;
1024 int ret, nid, is_ram;
1025 unsigned long pfn;
1026
1027 align_start = devmem->resource->start & ~(PA_SECTION_SIZE - 1);
1028 align_size = ALIGN(devmem->resource->start +
1029 resource_size(devmem->resource),
1030 PA_SECTION_SIZE) - align_start;
1031
1032 is_ram = region_intersects(align_start, align_size,
1033 IORESOURCE_SYSTEM_RAM,
1034 IORES_DESC_NONE);
1035 if (is_ram == REGION_MIXED) {
1036 WARN_ONCE(1, "%s attempted on mixed region %pr\n",
1037 __func__, devmem->resource);
1038 return -ENXIO;
1039 }
1040 if (is_ram == REGION_INTERSECTS)
1041 return -ENXIO;
1042
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001043 if (devmem->resource->desc == IORES_DESC_DEVICE_PUBLIC_MEMORY)
1044 devmem->pagemap.type = MEMORY_DEVICE_PUBLIC;
1045 else
1046 devmem->pagemap.type = MEMORY_DEVICE_PRIVATE;
1047
Logan Gunthorpee7744aa2017-12-29 08:54:04 +01001048 devmem->pagemap.res = *devmem->resource;
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001049 devmem->pagemap.page_fault = hmm_devmem_fault;
1050 devmem->pagemap.page_free = hmm_devmem_free;
1051 devmem->pagemap.dev = devmem->device;
1052 devmem->pagemap.ref = &devmem->ref;
1053 devmem->pagemap.data = devmem;
1054
1055 mutex_lock(&hmm_devmem_lock);
1056 align_end = align_start + align_size - 1;
1057 for (key = align_start; key <= align_end; key += PA_SECTION_SIZE) {
1058 struct hmm_devmem *dup;
1059
Tejun Heo18be4602018-04-10 16:29:09 -07001060 dup = radix_tree_lookup(&hmm_devmem_radix,
1061 key >> PA_SECTION_SHIFT);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001062 if (dup) {
1063 dev_err(device, "%s: collides with mapping for %s\n",
1064 __func__, dev_name(dup->device));
1065 mutex_unlock(&hmm_devmem_lock);
1066 ret = -EBUSY;
1067 goto error;
1068 }
1069 ret = radix_tree_insert(&hmm_devmem_radix,
1070 key >> PA_SECTION_SHIFT,
1071 devmem);
1072 if (ret) {
1073 dev_err(device, "%s: failed: %d\n", __func__, ret);
1074 mutex_unlock(&hmm_devmem_lock);
1075 goto error_radix;
1076 }
1077 }
1078 mutex_unlock(&hmm_devmem_lock);
1079
1080 nid = dev_to_node(device);
1081 if (nid < 0)
1082 nid = numa_mem_id();
1083
1084 mem_hotplug_begin();
1085 /*
1086 * For device private memory we call add_pages() as we only need to
1087 * allocate and initialize struct page for the device memory. More-
1088 * over the device memory is un-accessible thus we do not want to
1089 * create a linear mapping for the memory like arch_add_memory()
1090 * would do.
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001091 *
1092 * For device public memory, which is accesible by the CPU, we do
1093 * want the linear mapping and thus use arch_add_memory().
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001094 */
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001095 if (devmem->pagemap.type == MEMORY_DEVICE_PUBLIC)
Christoph Hellwig24e6d5a2017-12-29 08:53:53 +01001096 ret = arch_add_memory(nid, align_start, align_size, NULL,
1097 false);
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001098 else
1099 ret = add_pages(nid, align_start >> PAGE_SHIFT,
Christoph Hellwig24e6d5a2017-12-29 08:53:53 +01001100 align_size >> PAGE_SHIFT, NULL, false);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001101 if (ret) {
1102 mem_hotplug_done();
1103 goto error_add_memory;
1104 }
1105 move_pfn_range_to_zone(&NODE_DATA(nid)->node_zones[ZONE_DEVICE],
1106 align_start >> PAGE_SHIFT,
Christoph Hellwiga99583e2017-12-29 08:53:57 +01001107 align_size >> PAGE_SHIFT, NULL);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001108 mem_hotplug_done();
1109
1110 for (pfn = devmem->pfn_first; pfn < devmem->pfn_last; pfn++) {
1111 struct page *page = pfn_to_page(pfn);
1112
1113 page->pgmap = &devmem->pagemap;
1114 }
1115 return 0;
1116
1117error_add_memory:
1118 untrack_pfn(NULL, PHYS_PFN(align_start), align_size);
1119error_radix:
1120 hmm_devmem_radix_release(devmem->resource);
1121error:
1122 return ret;
1123}
1124
1125static int hmm_devmem_match(struct device *dev, void *data, void *match_data)
1126{
1127 struct hmm_devmem *devmem = data;
1128
1129 return devmem->resource == match_data;
1130}
1131
1132static void hmm_devmem_pages_remove(struct hmm_devmem *devmem)
1133{
1134 devres_release(devmem->device, &hmm_devmem_release,
1135 &hmm_devmem_match, devmem->resource);
1136}
1137
1138/*
1139 * hmm_devmem_add() - hotplug ZONE_DEVICE memory for device memory
1140 *
1141 * @ops: memory event device driver callback (see struct hmm_devmem_ops)
1142 * @device: device struct to bind the resource too
1143 * @size: size in bytes of the device memory to add
1144 * Returns: pointer to new hmm_devmem struct ERR_PTR otherwise
1145 *
1146 * This function first finds an empty range of physical address big enough to
1147 * contain the new resource, and then hotplugs it as ZONE_DEVICE memory, which
1148 * in turn allocates struct pages. It does not do anything beyond that; all
1149 * events affecting the memory will go through the various callbacks provided
1150 * by hmm_devmem_ops struct.
1151 *
1152 * Device driver should call this function during device initialization and
1153 * is then responsible of memory management. HMM only provides helpers.
1154 */
1155struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops,
1156 struct device *device,
1157 unsigned long size)
1158{
1159 struct hmm_devmem *devmem;
1160 resource_size_t addr;
1161 int ret;
1162
Dan Williamse76384882018-05-16 11:46:08 -07001163 dev_pagemap_get_ops();
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001164
1165 devmem = devres_alloc_node(&hmm_devmem_release, sizeof(*devmem),
1166 GFP_KERNEL, dev_to_node(device));
1167 if (!devmem)
1168 return ERR_PTR(-ENOMEM);
1169
1170 init_completion(&devmem->completion);
1171 devmem->pfn_first = -1UL;
1172 devmem->pfn_last = -1UL;
1173 devmem->resource = NULL;
1174 devmem->device = device;
1175 devmem->ops = ops;
1176
1177 ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release,
1178 0, GFP_KERNEL);
1179 if (ret)
1180 goto error_percpu_ref;
1181
1182 ret = devm_add_action(device, hmm_devmem_ref_exit, &devmem->ref);
1183 if (ret)
1184 goto error_devm_add_action;
1185
1186 size = ALIGN(size, PA_SECTION_SIZE);
1187 addr = min((unsigned long)iomem_resource.end,
1188 (1UL << MAX_PHYSMEM_BITS) - 1);
1189 addr = addr - size + 1UL;
1190
1191 /*
1192 * FIXME add a new helper to quickly walk resource tree and find free
1193 * range
1194 *
1195 * FIXME what about ioport_resource resource ?
1196 */
1197 for (; addr > size && addr >= iomem_resource.start; addr -= size) {
1198 ret = region_intersects(addr, size, 0, IORES_DESC_NONE);
1199 if (ret != REGION_DISJOINT)
1200 continue;
1201
1202 devmem->resource = devm_request_mem_region(device, addr, size,
1203 dev_name(device));
1204 if (!devmem->resource) {
1205 ret = -ENOMEM;
1206 goto error_no_resource;
1207 }
1208 break;
1209 }
1210 if (!devmem->resource) {
1211 ret = -ERANGE;
1212 goto error_no_resource;
1213 }
1214
1215 devmem->resource->desc = IORES_DESC_DEVICE_PRIVATE_MEMORY;
1216 devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
1217 devmem->pfn_last = devmem->pfn_first +
1218 (resource_size(devmem->resource) >> PAGE_SHIFT);
1219
1220 ret = hmm_devmem_pages_create(devmem);
1221 if (ret)
1222 goto error_pages;
1223
1224 devres_add(device, devmem);
1225
1226 ret = devm_add_action(device, hmm_devmem_ref_kill, &devmem->ref);
1227 if (ret) {
1228 hmm_devmem_remove(devmem);
1229 return ERR_PTR(ret);
1230 }
1231
1232 return devmem;
1233
1234error_pages:
1235 devm_release_mem_region(device, devmem->resource->start,
1236 resource_size(devmem->resource));
1237error_no_resource:
1238error_devm_add_action:
1239 hmm_devmem_ref_kill(&devmem->ref);
1240 hmm_devmem_ref_exit(&devmem->ref);
1241error_percpu_ref:
1242 devres_free(devmem);
1243 return ERR_PTR(ret);
1244}
1245EXPORT_SYMBOL(hmm_devmem_add);
1246
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001247struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops,
1248 struct device *device,
1249 struct resource *res)
1250{
1251 struct hmm_devmem *devmem;
1252 int ret;
1253
1254 if (res->desc != IORES_DESC_DEVICE_PUBLIC_MEMORY)
1255 return ERR_PTR(-EINVAL);
1256
Dan Williamse76384882018-05-16 11:46:08 -07001257 dev_pagemap_get_ops();
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001258
1259 devmem = devres_alloc_node(&hmm_devmem_release, sizeof(*devmem),
1260 GFP_KERNEL, dev_to_node(device));
1261 if (!devmem)
1262 return ERR_PTR(-ENOMEM);
1263
1264 init_completion(&devmem->completion);
1265 devmem->pfn_first = -1UL;
1266 devmem->pfn_last = -1UL;
1267 devmem->resource = res;
1268 devmem->device = device;
1269 devmem->ops = ops;
1270
1271 ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release,
1272 0, GFP_KERNEL);
1273 if (ret)
1274 goto error_percpu_ref;
1275
1276 ret = devm_add_action(device, hmm_devmem_ref_exit, &devmem->ref);
1277 if (ret)
1278 goto error_devm_add_action;
1279
1280
1281 devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT;
1282 devmem->pfn_last = devmem->pfn_first +
1283 (resource_size(devmem->resource) >> PAGE_SHIFT);
1284
1285 ret = hmm_devmem_pages_create(devmem);
1286 if (ret)
1287 goto error_devm_add_action;
1288
1289 devres_add(device, devmem);
1290
1291 ret = devm_add_action(device, hmm_devmem_ref_kill, &devmem->ref);
1292 if (ret) {
1293 hmm_devmem_remove(devmem);
1294 return ERR_PTR(ret);
1295 }
1296
1297 return devmem;
1298
1299error_devm_add_action:
1300 hmm_devmem_ref_kill(&devmem->ref);
1301 hmm_devmem_ref_exit(&devmem->ref);
1302error_percpu_ref:
1303 devres_free(devmem);
1304 return ERR_PTR(ret);
1305}
1306EXPORT_SYMBOL(hmm_devmem_add_resource);
1307
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001308/*
1309 * hmm_devmem_remove() - remove device memory (kill and free ZONE_DEVICE)
1310 *
1311 * @devmem: hmm_devmem struct use to track and manage the ZONE_DEVICE memory
1312 *
1313 * This will hot-unplug memory that was hotplugged by hmm_devmem_add on behalf
1314 * of the device driver. It will free struct page and remove the resource that
1315 * reserved the physical address range for this device memory.
1316 */
1317void hmm_devmem_remove(struct hmm_devmem *devmem)
1318{
1319 resource_size_t start, size;
1320 struct device *device;
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001321 bool cdm = false;
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001322
1323 if (!devmem)
1324 return;
1325
1326 device = devmem->device;
1327 start = devmem->resource->start;
1328 size = resource_size(devmem->resource);
1329
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001330 cdm = devmem->resource->desc == IORES_DESC_DEVICE_PUBLIC_MEMORY;
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001331 hmm_devmem_ref_kill(&devmem->ref);
1332 hmm_devmem_ref_exit(&devmem->ref);
1333 hmm_devmem_pages_remove(devmem);
1334
Jérôme Glissed3df0a42017-09-08 16:12:28 -07001335 if (!cdm)
1336 devm_release_mem_region(device, start, size);
Jérôme Glisse4ef589d2017-09-08 16:11:58 -07001337}
1338EXPORT_SYMBOL(hmm_devmem_remove);
Jérôme Glisse858b54d2017-09-08 16:12:02 -07001339
1340/*
1341 * A device driver that wants to handle multiple devices memory through a
1342 * single fake device can use hmm_device to do so. This is purely a helper
1343 * and it is not needed to make use of any HMM functionality.
1344 */
1345#define HMM_DEVICE_MAX 256
1346
1347static DECLARE_BITMAP(hmm_device_mask, HMM_DEVICE_MAX);
1348static DEFINE_SPINLOCK(hmm_device_lock);
1349static struct class *hmm_device_class;
1350static dev_t hmm_device_devt;
1351
1352static void hmm_device_release(struct device *device)
1353{
1354 struct hmm_device *hmm_device;
1355
1356 hmm_device = container_of(device, struct hmm_device, device);
1357 spin_lock(&hmm_device_lock);
1358 clear_bit(hmm_device->minor, hmm_device_mask);
1359 spin_unlock(&hmm_device_lock);
1360
1361 kfree(hmm_device);
1362}
1363
1364struct hmm_device *hmm_device_new(void *drvdata)
1365{
1366 struct hmm_device *hmm_device;
1367
1368 hmm_device = kzalloc(sizeof(*hmm_device), GFP_KERNEL);
1369 if (!hmm_device)
1370 return ERR_PTR(-ENOMEM);
1371
1372 spin_lock(&hmm_device_lock);
1373 hmm_device->minor = find_first_zero_bit(hmm_device_mask, HMM_DEVICE_MAX);
1374 if (hmm_device->minor >= HMM_DEVICE_MAX) {
1375 spin_unlock(&hmm_device_lock);
1376 kfree(hmm_device);
1377 return ERR_PTR(-EBUSY);
1378 }
1379 set_bit(hmm_device->minor, hmm_device_mask);
1380 spin_unlock(&hmm_device_lock);
1381
1382 dev_set_name(&hmm_device->device, "hmm_device%d", hmm_device->minor);
1383 hmm_device->device.devt = MKDEV(MAJOR(hmm_device_devt),
1384 hmm_device->minor);
1385 hmm_device->device.release = hmm_device_release;
1386 dev_set_drvdata(&hmm_device->device, drvdata);
1387 hmm_device->device.class = hmm_device_class;
1388 device_initialize(&hmm_device->device);
1389
1390 return hmm_device;
1391}
1392EXPORT_SYMBOL(hmm_device_new);
1393
1394void hmm_device_put(struct hmm_device *hmm_device)
1395{
1396 put_device(&hmm_device->device);
1397}
1398EXPORT_SYMBOL(hmm_device_put);
1399
1400static int __init hmm_init(void)
1401{
1402 int ret;
1403
1404 ret = alloc_chrdev_region(&hmm_device_devt, 0,
1405 HMM_DEVICE_MAX,
1406 "hmm_device");
1407 if (ret)
1408 return ret;
1409
1410 hmm_device_class = class_create(THIS_MODULE, "hmm_device");
1411 if (IS_ERR(hmm_device_class)) {
1412 unregister_chrdev_region(hmm_device_devt, HMM_DEVICE_MAX);
1413 return PTR_ERR(hmm_device_class);
1414 }
1415 return 0;
1416}
1417
1418device_initcall(hmm_init);
Jérôme Glissedf6ad692017-09-08 16:12:24 -07001419#endif /* CONFIG_DEVICE_PRIVATE || CONFIG_DEVICE_PUBLIC */