1 #include <linux/kernel.h>
2 #include <linux/errno.h>
4 #include <linux/spinlock.h>
7 #include <linux/memremap.h>
8 #include <linux/pagemap.h>
9 #include <linux/rmap.h>
10 #include <linux/swap.h>
11 #include <linux/swapops.h>
13 #include <linux/sched/signal.h>
14 #include <linux/rwsem.h>
15 #include <linux/hugetlb.h>
17 #include <asm/mmu_context.h>
18 #include <asm/pgtable.h>
19 #include <asm/tlbflush.h>
23 static struct page *no_page_table(struct vm_area_struct *vma,
27 * When core dumping an enormous anonymous area that nobody
28 * has touched so far, we don't want to allocate unnecessary pages or
29 * page tables. Return error instead of NULL to skip handle_mm_fault,
30 * then get_dump_page() will return NULL to leave a hole in the dump.
31 * But we can only make this optimization where a hole would surely
32 * be zero-filled if handle_mm_fault() actually did handle it.
34 if ((flags & FOLL_DUMP) && (!vma->vm_ops || !vma->vm_ops->fault))
35 return ERR_PTR(-EFAULT);
39 static int follow_pfn_pte(struct vm_area_struct *vma, unsigned long address,
40 pte_t *pte, unsigned int flags)
42 /* No page to get reference */
46 if (flags & FOLL_TOUCH) {
49 if (flags & FOLL_WRITE)
50 entry = pte_mkdirty(entry);
51 entry = pte_mkyoung(entry);
53 if (!pte_same(*pte, entry)) {
54 set_pte_at(vma->vm_mm, address, pte, entry);
55 update_mmu_cache(vma, address, pte);
59 /* Proper page table entry exists, but no corresponding struct page */
64 * FOLL_FORCE can write to even unwritable pte's, but only
65 * after we've gone through a COW cycle and they are dirty.
67 static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
69 return pte_write(pte) ||
70 ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
73 static struct page *follow_page_pte(struct vm_area_struct *vma,
74 unsigned long address, pmd_t *pmd, unsigned int flags)
76 struct mm_struct *mm = vma->vm_mm;
77 struct dev_pagemap *pgmap = NULL;
83 if (unlikely(pmd_bad(*pmd)))
84 return no_page_table(vma, flags);
86 ptep = pte_offset_map_lock(mm, pmd, address, &ptl);
88 if (!pte_present(pte)) {
91 * KSM's break_ksm() relies upon recognizing a ksm page
92 * even while it is being migrated, so for that case we
93 * need migration_entry_wait().
95 if (likely(!(flags & FOLL_MIGRATION)))
99 entry = pte_to_swp_entry(pte);
100 if (!is_migration_entry(entry))
102 pte_unmap_unlock(ptep, ptl);
103 migration_entry_wait(mm, pmd, address);
106 if ((flags & FOLL_NUMA) && pte_protnone(pte))
108 if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) {
109 pte_unmap_unlock(ptep, ptl);
113 page = vm_normal_page(vma, address, pte);
114 if (!page && pte_devmap(pte) && (flags & FOLL_GET)) {
116 * Only return device mapping pages in the FOLL_GET case since
117 * they are only valid while holding the pgmap reference.
119 pgmap = get_dev_pagemap(pte_pfn(pte), NULL);
121 page = pte_page(pte);
124 } else if (unlikely(!page)) {
125 if (flags & FOLL_DUMP) {
126 /* Avoid special (like zero) pages in core dumps */
127 page = ERR_PTR(-EFAULT);
131 if (is_zero_pfn(pte_pfn(pte))) {
132 page = pte_page(pte);
136 ret = follow_pfn_pte(vma, address, ptep, flags);
142 if (flags & FOLL_SPLIT && PageTransCompound(page)) {
145 pte_unmap_unlock(ptep, ptl);
147 ret = split_huge_page(page);
155 if (flags & FOLL_GET) {
156 if (unlikely(!try_get_page(page))) {
157 page = ERR_PTR(-ENOMEM);
161 /* drop the pgmap reference now that we hold the page */
163 put_dev_pagemap(pgmap);
167 if (flags & FOLL_TOUCH) {
168 if ((flags & FOLL_WRITE) &&
169 !pte_dirty(pte) && !PageDirty(page))
170 set_page_dirty(page);
172 * pte_mkyoung() would be more correct here, but atomic care
173 * is needed to avoid losing the dirty bit: it is easier to use
174 * mark_page_accessed().
176 mark_page_accessed(page);
178 if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
179 /* Do not mlock pte-mapped THP */
180 if (PageTransCompound(page))
184 * The preliminary mapping check is mainly to avoid the
185 * pointless overhead of lock_page on the ZERO_PAGE
186 * which might bounce very badly if there is contention.
188 * If the page is already locked, we don't need to
189 * handle it now - vmscan will handle it later if and
190 * when it attempts to reclaim the page.
192 if (page->mapping && trylock_page(page)) {
193 lru_add_drain(); /* push cached pages to LRU */
195 * Because we lock page here, and migration is
196 * blocked by the pte's page reference, and we
197 * know the page is still mapped, we don't even
198 * need to check for file-cache page truncation.
200 mlock_vma_page(page);
205 pte_unmap_unlock(ptep, ptl);
208 pte_unmap_unlock(ptep, ptl);
211 return no_page_table(vma, flags);
214 static struct page *follow_pmd_mask(struct vm_area_struct *vma,
215 unsigned long address, pud_t *pudp,
216 unsigned int flags, unsigned int *page_mask)
221 struct mm_struct *mm = vma->vm_mm;
223 pmd = pmd_offset(pudp, address);
225 * The READ_ONCE() will stabilize the pmdval in a register or
226 * on the stack so that it will stop changing under the code.
228 pmdval = READ_ONCE(*pmd);
229 if (pmd_none(pmdval))
230 return no_page_table(vma, flags);
231 if (pmd_huge(pmdval) && vma->vm_flags & VM_HUGETLB) {
232 page = follow_huge_pmd(mm, address, pmd, flags);
235 return no_page_table(vma, flags);
237 if (is_hugepd(__hugepd(pmd_val(pmdval)))) {
238 page = follow_huge_pd(vma, address,
239 __hugepd(pmd_val(pmdval)), flags,
243 return no_page_table(vma, flags);
246 if (!pmd_present(pmdval)) {
247 if (likely(!(flags & FOLL_MIGRATION)))
248 return no_page_table(vma, flags);
249 VM_BUG_ON(thp_migration_supported() &&
250 !is_pmd_migration_entry(pmdval));
251 if (is_pmd_migration_entry(pmdval))
252 pmd_migration_entry_wait(mm, pmd);
253 pmdval = READ_ONCE(*pmd);
255 * MADV_DONTNEED may convert the pmd to null because
256 * mmap_sem is held in read mode
258 if (pmd_none(pmdval))
259 return no_page_table(vma, flags);
262 if (pmd_devmap(pmdval)) {
263 ptl = pmd_lock(mm, pmd);
264 page = follow_devmap_pmd(vma, address, pmd, flags);
269 if (likely(!pmd_trans_huge(pmdval)))
270 return follow_page_pte(vma, address, pmd, flags);
272 if ((flags & FOLL_NUMA) && pmd_protnone(pmdval))
273 return no_page_table(vma, flags);
276 ptl = pmd_lock(mm, pmd);
277 if (unlikely(pmd_none(*pmd))) {
279 return no_page_table(vma, flags);
281 if (unlikely(!pmd_present(*pmd))) {
283 if (likely(!(flags & FOLL_MIGRATION)))
284 return no_page_table(vma, flags);
285 pmd_migration_entry_wait(mm, pmd);
288 if (unlikely(!pmd_trans_huge(*pmd))) {
290 return follow_page_pte(vma, address, pmd, flags);
292 if (flags & FOLL_SPLIT) {
294 page = pmd_page(*pmd);
295 if (is_huge_zero_page(page)) {
298 split_huge_pmd(vma, pmd, address);
299 if (pmd_trans_unstable(pmd))
302 if (unlikely(!try_get_page(page))) {
304 return ERR_PTR(-ENOMEM);
308 ret = split_huge_page(page);
312 return no_page_table(vma, flags);
315 return ret ? ERR_PTR(ret) :
316 follow_page_pte(vma, address, pmd, flags);
318 page = follow_trans_huge_pmd(vma, address, pmd, flags);
320 *page_mask = HPAGE_PMD_NR - 1;
325 static struct page *follow_pud_mask(struct vm_area_struct *vma,
326 unsigned long address, p4d_t *p4dp,
327 unsigned int flags, unsigned int *page_mask)
332 struct mm_struct *mm = vma->vm_mm;
334 pud = pud_offset(p4dp, address);
336 return no_page_table(vma, flags);
337 if (pud_huge(*pud) && vma->vm_flags & VM_HUGETLB) {
338 page = follow_huge_pud(mm, address, pud, flags);
341 return no_page_table(vma, flags);
343 if (is_hugepd(__hugepd(pud_val(*pud)))) {
344 page = follow_huge_pd(vma, address,
345 __hugepd(pud_val(*pud)), flags,
349 return no_page_table(vma, flags);
351 if (pud_devmap(*pud)) {
352 ptl = pud_lock(mm, pud);
353 page = follow_devmap_pud(vma, address, pud, flags);
358 if (unlikely(pud_bad(*pud)))
359 return no_page_table(vma, flags);
361 return follow_pmd_mask(vma, address, pud, flags, page_mask);
365 static struct page *follow_p4d_mask(struct vm_area_struct *vma,
366 unsigned long address, pgd_t *pgdp,
367 unsigned int flags, unsigned int *page_mask)
372 p4d = p4d_offset(pgdp, address);
374 return no_page_table(vma, flags);
375 BUILD_BUG_ON(p4d_huge(*p4d));
376 if (unlikely(p4d_bad(*p4d)))
377 return no_page_table(vma, flags);
379 if (is_hugepd(__hugepd(p4d_val(*p4d)))) {
380 page = follow_huge_pd(vma, address,
381 __hugepd(p4d_val(*p4d)), flags,
385 return no_page_table(vma, flags);
387 return follow_pud_mask(vma, address, p4d, flags, page_mask);
391 * follow_page_mask - look up a page descriptor from a user-virtual address
392 * @vma: vm_area_struct mapping @address
393 * @address: virtual address to look up
394 * @flags: flags modifying lookup behaviour
395 * @page_mask: on output, *page_mask is set according to the size of the page
397 * @flags can have FOLL_ flags set, defined in <linux/mm.h>
399 * Returns the mapped (struct page *), %NULL if no mapping exists, or
400 * an error pointer if there is a mapping to something not represented
401 * by a page descriptor (see also vm_normal_page()).
403 struct page *follow_page_mask(struct vm_area_struct *vma,
404 unsigned long address, unsigned int flags,
405 unsigned int *page_mask)
409 struct mm_struct *mm = vma->vm_mm;
413 /* make this handle hugepd */
414 page = follow_huge_addr(mm, address, flags & FOLL_WRITE);
416 BUG_ON(flags & FOLL_GET);
420 pgd = pgd_offset(mm, address);
422 if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
423 return no_page_table(vma, flags);
425 if (pgd_huge(*pgd)) {
426 page = follow_huge_pgd(mm, address, pgd, flags);
429 return no_page_table(vma, flags);
431 if (is_hugepd(__hugepd(pgd_val(*pgd)))) {
432 page = follow_huge_pd(vma, address,
433 __hugepd(pgd_val(*pgd)), flags,
437 return no_page_table(vma, flags);
440 return follow_p4d_mask(vma, address, pgd, flags, page_mask);
443 static int get_gate_page(struct mm_struct *mm, unsigned long address,
444 unsigned int gup_flags, struct vm_area_struct **vma,
454 /* user gate pages are read-only */
455 if (gup_flags & FOLL_WRITE)
457 if (address > TASK_SIZE)
458 pgd = pgd_offset_k(address);
460 pgd = pgd_offset_gate(mm, address);
463 p4d = p4d_offset(pgd, address);
466 pud = pud_offset(p4d, address);
469 pmd = pmd_offset(pud, address);
470 if (!pmd_present(*pmd))
472 VM_BUG_ON(pmd_trans_huge(*pmd));
473 pte = pte_offset_map(pmd, address);
476 *vma = get_gate_vma(mm);
479 *page = vm_normal_page(*vma, address, *pte);
481 if ((gup_flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(*pte)))
483 *page = pte_page(*pte);
486 * This should never happen (a device public page in the gate
489 if (is_device_public_page(*page))
492 if (unlikely(!try_get_page(*page))) {
504 * mmap_sem must be held on entry. If @nonblocking != NULL and
505 * *@flags does not include FOLL_NOWAIT, the mmap_sem may be released.
506 * If it is, *@nonblocking will be set to 0 and -EBUSY returned.
508 static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
509 unsigned long address, unsigned int *flags, int *nonblocking)
511 unsigned int fault_flags = 0;
514 /* mlock all present pages, but do not fault in new pages */
515 if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK)
517 if (*flags & FOLL_WRITE)
518 fault_flags |= FAULT_FLAG_WRITE;
519 if (*flags & FOLL_REMOTE)
520 fault_flags |= FAULT_FLAG_REMOTE;
522 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
523 if (*flags & FOLL_NOWAIT)
524 fault_flags |= FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT;
525 if (*flags & FOLL_TRIED) {
526 VM_WARN_ON_ONCE(fault_flags & FAULT_FLAG_ALLOW_RETRY);
527 fault_flags |= FAULT_FLAG_TRIED;
530 ret = handle_mm_fault(vma, address, fault_flags);
531 if (ret & VM_FAULT_ERROR) {
532 int err = vm_fault_to_errno(ret, *flags);
540 if (ret & VM_FAULT_MAJOR)
546 if (ret & VM_FAULT_RETRY) {
547 if (nonblocking && !(fault_flags & FAULT_FLAG_RETRY_NOWAIT))
553 * The VM_FAULT_WRITE bit tells us that do_wp_page has broken COW when
554 * necessary, even if maybe_mkwrite decided not to set pte_write. We
555 * can thus safely do subsequent page lookups as if they were reads.
556 * But only do so when looping for pte_write is futile: in some cases
557 * userspace may also be wanting to write to the gotten user page,
558 * which a read fault here might prevent (a readonly page might get
559 * reCOWed by userspace write).
561 if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE))
566 static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
568 vm_flags_t vm_flags = vma->vm_flags;
569 int write = (gup_flags & FOLL_WRITE);
570 int foreign = (gup_flags & FOLL_REMOTE);
572 if (vm_flags & (VM_IO | VM_PFNMAP))
575 if (gup_flags & FOLL_ANON && !vma_is_anonymous(vma))
579 if (!(vm_flags & VM_WRITE)) {
580 if (!(gup_flags & FOLL_FORCE))
583 * We used to let the write,force case do COW in a
584 * VM_MAYWRITE VM_SHARED !VM_WRITE vma, so ptrace could
585 * set a breakpoint in a read-only mapping of an
586 * executable, without corrupting the file (yet only
587 * when that file had been opened for writing!).
588 * Anon pages in shared mappings are surprising: now
591 if (!is_cow_mapping(vm_flags))
594 } else if (!(vm_flags & VM_READ)) {
595 if (!(gup_flags & FOLL_FORCE))
598 * Is there actually any vma we can reach here which does not
599 * have VM_MAYREAD set?
601 if (!(vm_flags & VM_MAYREAD))
605 * gups are always data accesses, not instruction
606 * fetches, so execute=false here
608 if (!arch_vma_access_permitted(vma, write, false, foreign))
614 * __get_user_pages() - pin user pages in memory
615 * @tsk: task_struct of target task
616 * @mm: mm_struct of target mm
617 * @start: starting user address
618 * @nr_pages: number of pages from start to pin
619 * @gup_flags: flags modifying pin behaviour
620 * @pages: array that receives pointers to the pages pinned.
621 * Should be at least nr_pages long. Or NULL, if caller
622 * only intends to ensure the pages are faulted in.
623 * @vmas: array of pointers to vmas corresponding to each page.
624 * Or NULL if the caller does not require them.
625 * @nonblocking: whether waiting for disk IO or mmap_sem contention
627 * Returns number of pages pinned. This may be fewer than the number
628 * requested. If nr_pages is 0 or negative, returns 0. If no pages
629 * were pinned, returns -errno. Each page returned must be released
630 * with a put_page() call when it is finished with. vmas will only
631 * remain valid while mmap_sem is held.
633 * Must be called with mmap_sem held. It may be released. See below.
635 * __get_user_pages walks a process's page tables and takes a reference to
636 * each struct page that each user address corresponds to at a given
637 * instant. That is, it takes the page that would be accessed if a user
638 * thread accesses the given user virtual address at that instant.
640 * This does not guarantee that the page exists in the user mappings when
641 * __get_user_pages returns, and there may even be a completely different
642 * page there in some cases (eg. if mmapped pagecache has been invalidated
643 * and subsequently re faulted). However it does guarantee that the page
644 * won't be freed completely. And mostly callers simply care that the page
645 * contains data that was valid *at some point in time*. Typically, an IO
646 * or similar operation cannot guarantee anything stronger anyway because
647 * locks can't be held over the syscall boundary.
649 * If @gup_flags & FOLL_WRITE == 0, the page must not be written to. If
650 * the page is written to, set_page_dirty (or set_page_dirty_lock, as
651 * appropriate) must be called after the page is finished with, and
652 * before put_page is called.
654 * If @nonblocking != NULL, __get_user_pages will not wait for disk IO
655 * or mmap_sem contention, and if waiting is needed to pin all pages,
656 * *@nonblocking will be set to 0. Further, if @gup_flags does not
657 * include FOLL_NOWAIT, the mmap_sem will be released via up_read() in
660 * A caller using such a combination of @nonblocking and @gup_flags
661 * must therefore hold the mmap_sem for reading only, and recognize
662 * when it's been released. Otherwise, it must be held for either
663 * reading or writing and will not be released.
665 * In most cases, get_user_pages or get_user_pages_fast should be used
666 * instead of __get_user_pages. __get_user_pages should be used only if
667 * you need some special @gup_flags.
669 static long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
670 unsigned long start, unsigned long nr_pages,
671 unsigned int gup_flags, struct page **pages,
672 struct vm_area_struct **vmas, int *nonblocking)
675 unsigned int page_mask;
676 struct vm_area_struct *vma = NULL;
681 VM_BUG_ON(!!pages != !!(gup_flags & FOLL_GET));
684 * If FOLL_FORCE is set then do not force a full fault as the hinting
685 * fault information is unrelated to the reference behaviour of a task
686 * using the address space
688 if (!(gup_flags & FOLL_FORCE))
689 gup_flags |= FOLL_NUMA;
693 unsigned int foll_flags = gup_flags;
694 unsigned int page_increm;
696 /* first iteration or cross vma bound */
697 if (!vma || start >= vma->vm_end) {
698 vma = find_extend_vma(mm, start);
699 if (!vma && in_gate_area(mm, start)) {
701 ret = get_gate_page(mm, start & PAGE_MASK,
703 pages ? &pages[i] : NULL);
710 if (!vma || check_vma_flags(vma, gup_flags))
711 return i ? : -EFAULT;
712 if (is_vm_hugetlb_page(vma)) {
713 i = follow_hugetlb_page(mm, vma, pages, vmas,
714 &start, &nr_pages, i,
715 gup_flags, nonblocking);
721 * If we have a pending SIGKILL, don't keep faulting pages and
722 * potentially allocating memory.
724 if (unlikely(fatal_signal_pending(current)))
725 return i ? i : -ERESTARTSYS;
727 page = follow_page_mask(vma, start, foll_flags, &page_mask);
730 ret = faultin_page(tsk, vma, start, &foll_flags,
745 } else if (PTR_ERR(page) == -EEXIST) {
747 * Proper page table entry exists, but no corresponding
751 } else if (IS_ERR(page)) {
752 return i ? i : PTR_ERR(page);
756 flush_anon_page(vma, page, start);
757 flush_dcache_page(page);
765 page_increm = 1 + (~(start >> PAGE_SHIFT) & page_mask);
766 if (page_increm > nr_pages)
767 page_increm = nr_pages;
769 start += page_increm * PAGE_SIZE;
770 nr_pages -= page_increm;
775 static bool vma_permits_fault(struct vm_area_struct *vma,
776 unsigned int fault_flags)
778 bool write = !!(fault_flags & FAULT_FLAG_WRITE);
779 bool foreign = !!(fault_flags & FAULT_FLAG_REMOTE);
780 vm_flags_t vm_flags = write ? VM_WRITE : VM_READ;
782 if (!(vm_flags & vma->vm_flags))
786 * The architecture might have a hardware protection
787 * mechanism other than read/write that can deny access.
789 * gup always represents data access, not instruction
790 * fetches, so execute=false here:
792 if (!arch_vma_access_permitted(vma, write, false, foreign))
799 * fixup_user_fault() - manually resolve a user page fault
800 * @tsk: the task_struct to use for page fault accounting, or
801 * NULL if faults are not to be recorded.
802 * @mm: mm_struct of target mm
803 * @address: user address
804 * @fault_flags:flags to pass down to handle_mm_fault()
805 * @unlocked: did we unlock the mmap_sem while retrying, maybe NULL if caller
806 * does not allow retry
808 * This is meant to be called in the specific scenario where for locking reasons
809 * we try to access user memory in atomic context (within a pagefault_disable()
810 * section), this returns -EFAULT, and we want to resolve the user fault before
813 * Typically this is meant to be used by the futex code.
815 * The main difference with get_user_pages() is that this function will
816 * unconditionally call handle_mm_fault() which will in turn perform all the
817 * necessary SW fixup of the dirty and young bits in the PTE, while
818 * get_user_pages() only guarantees to update these in the struct page.
820 * This is important for some architectures where those bits also gate the
821 * access permission to the page because they are maintained in software. On
822 * such architectures, gup() will not be enough to make a subsequent access
825 * This function will not return with an unlocked mmap_sem. So it has not the
826 * same semantics wrt the @mm->mmap_sem as does filemap_fault().
828 int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
829 unsigned long address, unsigned int fault_flags,
832 struct vm_area_struct *vma;
833 vm_fault_t ret, major = 0;
836 fault_flags |= FAULT_FLAG_ALLOW_RETRY;
839 vma = find_extend_vma(mm, address);
840 if (!vma || address < vma->vm_start)
843 if (!vma_permits_fault(vma, fault_flags))
846 ret = handle_mm_fault(vma, address, fault_flags);
847 major |= ret & VM_FAULT_MAJOR;
848 if (ret & VM_FAULT_ERROR) {
849 int err = vm_fault_to_errno(ret, 0);
856 if (ret & VM_FAULT_RETRY) {
857 down_read(&mm->mmap_sem);
858 if (!(fault_flags & FAULT_FLAG_TRIED)) {
860 fault_flags &= ~FAULT_FLAG_ALLOW_RETRY;
861 fault_flags |= FAULT_FLAG_TRIED;
874 EXPORT_SYMBOL_GPL(fixup_user_fault);
876 static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
877 struct mm_struct *mm,
879 unsigned long nr_pages,
881 struct vm_area_struct **vmas,
885 long ret, pages_done;
889 /* if VM_FAULT_RETRY can be returned, vmas become invalid */
891 /* check caller initialized locked */
892 BUG_ON(*locked != 1);
899 lock_dropped = false;
901 ret = __get_user_pages(tsk, mm, start, nr_pages, flags, pages,
904 /* VM_FAULT_RETRY couldn't trigger, bypass */
907 /* VM_FAULT_RETRY cannot return errors */
910 BUG_ON(ret >= nr_pages);
914 /* If it's a prefault don't insist harder */
925 * VM_FAULT_RETRY didn't trigger or it was a
932 /* VM_FAULT_RETRY triggered, so seek to the faulting offset */
934 start += ret << PAGE_SHIFT;
937 * Repeat on the address that fired VM_FAULT_RETRY
938 * without FAULT_FLAG_ALLOW_RETRY but with
943 down_read(&mm->mmap_sem);
944 ret = __get_user_pages(tsk, mm, start, 1, flags | FOLL_TRIED,
959 if (lock_dropped && *locked) {
961 * We must let the caller know we temporarily dropped the lock
962 * and so the critical section protected by it was lost.
964 up_read(&mm->mmap_sem);
971 * We can leverage the VM_FAULT_RETRY functionality in the page fault
972 * paths better by using either get_user_pages_locked() or
973 * get_user_pages_unlocked().
975 * get_user_pages_locked() is suitable to replace the form:
977 * down_read(&mm->mmap_sem);
979 * get_user_pages(tsk, mm, ..., pages, NULL);
980 * up_read(&mm->mmap_sem);
985 * down_read(&mm->mmap_sem);
987 * get_user_pages_locked(tsk, mm, ..., pages, &locked);
989 * up_read(&mm->mmap_sem);
991 long get_user_pages_locked(unsigned long start, unsigned long nr_pages,
992 unsigned int gup_flags, struct page **pages,
995 return __get_user_pages_locked(current, current->mm, start, nr_pages,
997 gup_flags | FOLL_TOUCH);
999 EXPORT_SYMBOL(get_user_pages_locked);
1002 * get_user_pages_unlocked() is suitable to replace the form:
1004 * down_read(&mm->mmap_sem);
1005 * get_user_pages(tsk, mm, ..., pages, NULL);
1006 * up_read(&mm->mmap_sem);
1010 * get_user_pages_unlocked(tsk, mm, ..., pages);
1012 * It is functionally equivalent to get_user_pages_fast so
1013 * get_user_pages_fast should be used instead if specific gup_flags
1014 * (e.g. FOLL_FORCE) are not required.
1016 long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages,
1017 struct page **pages, unsigned int gup_flags)
1019 struct mm_struct *mm = current->mm;
1023 down_read(&mm->mmap_sem);
1024 ret = __get_user_pages_locked(current, mm, start, nr_pages, pages, NULL,
1025 &locked, gup_flags | FOLL_TOUCH);
1027 up_read(&mm->mmap_sem);
1030 EXPORT_SYMBOL(get_user_pages_unlocked);
1033 * get_user_pages_remote() - pin user pages in memory
1034 * @tsk: the task_struct to use for page fault accounting, or
1035 * NULL if faults are not to be recorded.
1036 * @mm: mm_struct of target mm
1037 * @start: starting user address
1038 * @nr_pages: number of pages from start to pin
1039 * @gup_flags: flags modifying lookup behaviour
1040 * @pages: array that receives pointers to the pages pinned.
1041 * Should be at least nr_pages long. Or NULL, if caller
1042 * only intends to ensure the pages are faulted in.
1043 * @vmas: array of pointers to vmas corresponding to each page.
1044 * Or NULL if the caller does not require them.
1045 * @locked: pointer to lock flag indicating whether lock is held and
1046 * subsequently whether VM_FAULT_RETRY functionality can be
1047 * utilised. Lock must initially be held.
1049 * Returns number of pages pinned. This may be fewer than the number
1050 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1051 * were pinned, returns -errno. Each page returned must be released
1052 * with a put_page() call when it is finished with. vmas will only
1053 * remain valid while mmap_sem is held.
1055 * Must be called with mmap_sem held for read or write.
1057 * get_user_pages walks a process's page tables and takes a reference to
1058 * each struct page that each user address corresponds to at a given
1059 * instant. That is, it takes the page that would be accessed if a user
1060 * thread accesses the given user virtual address at that instant.
1062 * This does not guarantee that the page exists in the user mappings when
1063 * get_user_pages returns, and there may even be a completely different
1064 * page there in some cases (eg. if mmapped pagecache has been invalidated
1065 * and subsequently re faulted). However it does guarantee that the page
1066 * won't be freed completely. And mostly callers simply care that the page
1067 * contains data that was valid *at some point in time*. Typically, an IO
1068 * or similar operation cannot guarantee anything stronger anyway because
1069 * locks can't be held over the syscall boundary.
1071 * If gup_flags & FOLL_WRITE == 0, the page must not be written to. If the page
1072 * is written to, set_page_dirty (or set_page_dirty_lock, as appropriate) must
1073 * be called after the page is finished with, and before put_page is called.
1075 * get_user_pages is typically used for fewer-copy IO operations, to get a
1076 * handle on the memory by some means other than accesses via the user virtual
1077 * addresses. The pages may be submitted for DMA to devices or accessed via
1078 * their kernel linear mapping (via the kmap APIs). Care should be taken to
1079 * use the correct cache flushing APIs.
1081 * See also get_user_pages_fast, for performance critical applications.
1083 * get_user_pages should be phased out in favor of
1084 * get_user_pages_locked|unlocked or get_user_pages_fast. Nothing
1085 * should use get_user_pages because it cannot pass
1086 * FAULT_FLAG_ALLOW_RETRY to handle_mm_fault.
1088 long get_user_pages_remote(struct task_struct *tsk, struct mm_struct *mm,
1089 unsigned long start, unsigned long nr_pages,
1090 unsigned int gup_flags, struct page **pages,
1091 struct vm_area_struct **vmas, int *locked)
1093 return __get_user_pages_locked(tsk, mm, start, nr_pages, pages, vmas,
1095 gup_flags | FOLL_TOUCH | FOLL_REMOTE);
1097 EXPORT_SYMBOL(get_user_pages_remote);
1100 * This is the same as get_user_pages_remote(), just with a
1101 * less-flexible calling convention where we assume that the task
1102 * and mm being operated on are the current task's and don't allow
1103 * passing of a locked parameter. We also obviously don't pass
1104 * FOLL_REMOTE in here.
1106 long get_user_pages(unsigned long start, unsigned long nr_pages,
1107 unsigned int gup_flags, struct page **pages,
1108 struct vm_area_struct **vmas)
1110 return __get_user_pages_locked(current, current->mm, start, nr_pages,
1112 gup_flags | FOLL_TOUCH);
1114 EXPORT_SYMBOL(get_user_pages);
1116 #ifdef CONFIG_FS_DAX
1118 * This is the same as get_user_pages() in that it assumes we are
1119 * operating on the current task's mm, but it goes further to validate
1120 * that the vmas associated with the address range are suitable for
1121 * longterm elevated page reference counts. For example, filesystem-dax
1122 * mappings are subject to the lifetime enforced by the filesystem and
1123 * we need guarantees that longterm users like RDMA and V4L2 only
1124 * establish mappings that have a kernel enforced revocation mechanism.
1126 * "longterm" == userspace controlled elevated page count lifetime.
1127 * Contrast this to iov_iter_get_pages() usages which are transient.
1129 long get_user_pages_longterm(unsigned long start, unsigned long nr_pages,
1130 unsigned int gup_flags, struct page **pages,
1131 struct vm_area_struct **vmas_arg)
1133 struct vm_area_struct **vmas = vmas_arg;
1134 struct vm_area_struct *vma_prev = NULL;
1141 vmas = kcalloc(nr_pages, sizeof(struct vm_area_struct *),
1147 rc = get_user_pages(start, nr_pages, gup_flags, pages, vmas);
1149 for (i = 0; i < rc; i++) {
1150 struct vm_area_struct *vma = vmas[i];
1152 if (vma == vma_prev)
1157 if (vma_is_fsdax(vma))
1162 * Either get_user_pages() failed, or the vma validation
1163 * succeeded, in either case we don't need to put_page() before
1169 for (i = 0; i < rc; i++)
1173 if (vmas != vmas_arg)
1177 EXPORT_SYMBOL(get_user_pages_longterm);
1178 #endif /* CONFIG_FS_DAX */
1181 * populate_vma_page_range() - populate a range of pages in the vma.
1183 * @start: start address
1187 * This takes care of mlocking the pages too if VM_LOCKED is set.
1189 * return 0 on success, negative error code on error.
1191 * vma->vm_mm->mmap_sem must be held.
1193 * If @nonblocking is NULL, it may be held for read or write and will
1196 * If @nonblocking is non-NULL, it must held for read only and may be
1197 * released. If it's released, *@nonblocking will be set to 0.
1199 long populate_vma_page_range(struct vm_area_struct *vma,
1200 unsigned long start, unsigned long end, int *nonblocking)
1202 struct mm_struct *mm = vma->vm_mm;
1203 unsigned long nr_pages = (end - start) / PAGE_SIZE;
1206 VM_BUG_ON(start & ~PAGE_MASK);
1207 VM_BUG_ON(end & ~PAGE_MASK);
1208 VM_BUG_ON_VMA(start < vma->vm_start, vma);
1209 VM_BUG_ON_VMA(end > vma->vm_end, vma);
1210 VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_sem), mm);
1212 gup_flags = FOLL_TOUCH | FOLL_POPULATE | FOLL_MLOCK;
1213 if (vma->vm_flags & VM_LOCKONFAULT)
1214 gup_flags &= ~FOLL_POPULATE;
1216 * We want to touch writable mappings with a write fault in order
1217 * to break COW, except for shared mappings because these don't COW
1218 * and we would not want to dirty them for nothing.
1220 if ((vma->vm_flags & (VM_WRITE | VM_SHARED)) == VM_WRITE)
1221 gup_flags |= FOLL_WRITE;
1224 * We want mlock to succeed for regions that have any permissions
1225 * other than PROT_NONE.
1227 if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))
1228 gup_flags |= FOLL_FORCE;
1231 * We made sure addr is within a VMA, so the following will
1232 * not result in a stack expansion that recurses back here.
1234 return __get_user_pages(current, mm, start, nr_pages, gup_flags,
1235 NULL, NULL, nonblocking);
1239 * __mm_populate - populate and/or mlock pages within a range of address space.
1241 * This is used to implement mlock() and the MAP_POPULATE / MAP_LOCKED mmap
1242 * flags. VMAs must be already marked with the desired vm_flags, and
1243 * mmap_sem must not be held.
1245 int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
1247 struct mm_struct *mm = current->mm;
1248 unsigned long end, nstart, nend;
1249 struct vm_area_struct *vma = NULL;
1255 for (nstart = start; nstart < end; nstart = nend) {
1257 * We want to fault in pages for [nstart; end) address range.
1258 * Find first corresponding VMA.
1262 down_read(&mm->mmap_sem);
1263 vma = find_vma(mm, nstart);
1264 } else if (nstart >= vma->vm_end)
1266 if (!vma || vma->vm_start >= end)
1269 * Set [nstart; nend) to intersection of desired address
1270 * range with the first VMA. Also, skip undesirable VMA types.
1272 nend = min(end, vma->vm_end);
1273 if (vma->vm_flags & (VM_IO | VM_PFNMAP))
1275 if (nstart < vma->vm_start)
1276 nstart = vma->vm_start;
1278 * Now fault in a range of pages. populate_vma_page_range()
1279 * double checks the vma flags, so that it won't mlock pages
1280 * if the vma was already munlocked.
1282 ret = populate_vma_page_range(vma, nstart, nend, &locked);
1284 if (ignore_errors) {
1286 continue; /* continue at next VMA */
1290 nend = nstart + ret * PAGE_SIZE;
1294 up_read(&mm->mmap_sem);
1295 return ret; /* 0 or negative error code */
1299 * get_dump_page() - pin user page in memory while writing it to core dump
1300 * @addr: user address
1302 * Returns struct page pointer of user page pinned for dump,
1303 * to be freed afterwards by put_page().
1305 * Returns NULL on any kind of failure - a hole must then be inserted into
1306 * the corefile, to preserve alignment with its headers; and also returns
1307 * NULL wherever the ZERO_PAGE, or an anonymous pte_none, has been found -
1308 * allowing a hole to be left in the corefile to save diskspace.
1310 * Called without mmap_sem, but after all other threads have been killed.
1312 #ifdef CONFIG_ELF_CORE
1313 struct page *get_dump_page(unsigned long addr)
1315 struct vm_area_struct *vma;
1318 if (__get_user_pages(current, current->mm, addr, 1,
1319 FOLL_FORCE | FOLL_DUMP | FOLL_GET, &page, &vma,
1322 flush_cache_page(vma, addr, page_to_pfn(page));
1325 #endif /* CONFIG_ELF_CORE */
1330 * get_user_pages_fast attempts to pin user pages by walking the page
1331 * tables directly and avoids taking locks. Thus the walker needs to be
1332 * protected from page table pages being freed from under it, and should
1333 * block any THP splits.
1335 * One way to achieve this is to have the walker disable interrupts, and
1336 * rely on IPIs from the TLB flushing code blocking before the page table
1337 * pages are freed. This is unsuitable for architectures that do not need
1338 * to broadcast an IPI when invalidating TLBs.
1340 * Another way to achieve this is to batch up page table containing pages
1341 * belonging to more than one mm_user, then rcu_sched a callback to free those
1342 * pages. Disabling interrupts will allow the fast_gup walker to both block
1343 * the rcu_sched callback, and an IPI that we broadcast for splitting THPs
1344 * (which is a relatively rare event). The code below adopts this strategy.
1346 * Before activating this code, please be aware that the following assumptions
1347 * are currently made:
1349 * *) Either HAVE_RCU_TABLE_FREE is enabled, and tlb_remove_table() is used to
1350 * free pages containing page tables or TLB flushing requires IPI broadcast.
1352 * *) ptes can be read atomically by the architecture.
1354 * *) access_ok is sufficient to validate userspace address ranges.
1356 * The last two assumptions can be relaxed by the addition of helper functions.
1358 * This code is based heavily on the PowerPC implementation by Nick Piggin.
1360 #ifdef CONFIG_HAVE_GENERIC_GUP
1364 * We assume that the PTE can be read atomically. If this is not the case for
1365 * your architecture, please provide the helper.
1367 static inline pte_t gup_get_pte(pte_t *ptep)
1369 return READ_ONCE(*ptep);
1373 static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start,
1374 struct page **pages)
1376 while ((*nr) - nr_start) {
1377 struct page *page = pages[--(*nr)];
1379 ClearPageReferenced(page);
1385 * Return the compund head page with ref appropriately incremented,
1386 * or NULL if that failed.
1388 static inline struct page *try_get_compound_head(struct page *page, int refs)
1390 struct page *head = compound_head(page);
1391 if (WARN_ON_ONCE(page_ref_count(head) < 0))
1393 if (unlikely(!page_cache_add_speculative(head, refs)))
1398 #ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
1399 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1400 int write, struct page **pages, int *nr)
1402 struct dev_pagemap *pgmap = NULL;
1403 int nr_start = *nr, ret = 0;
1406 ptem = ptep = pte_offset_map(&pmd, addr);
1408 pte_t pte = gup_get_pte(ptep);
1409 struct page *head, *page;
1412 * Similar to the PMD case below, NUMA hinting must take slow
1413 * path using the pte_protnone check.
1415 if (pte_protnone(pte))
1418 if (!pte_access_permitted(pte, write))
1421 if (pte_devmap(pte)) {
1422 pgmap = get_dev_pagemap(pte_pfn(pte), pgmap);
1423 if (unlikely(!pgmap)) {
1424 undo_dev_pagemap(nr, nr_start, pages);
1427 } else if (pte_special(pte))
1430 VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
1431 page = pte_page(pte);
1433 head = try_get_compound_head(page, 1);
1437 if (unlikely(pte_val(pte) != pte_val(*ptep))) {
1442 VM_BUG_ON_PAGE(compound_head(page) != head, page);
1444 SetPageReferenced(page);
1448 } while (ptep++, addr += PAGE_SIZE, addr != end);
1454 put_dev_pagemap(pgmap);
1461 * If we can't determine whether or not a pte is special, then fail immediately
1462 * for ptes. Note, we can still pin HugeTLB and THP as these are guaranteed not
1465 * For a futex to be placed on a THP tail page, get_futex_key requires a
1466 * __get_user_pages_fast implementation that can pin pages. Thus it's still
1467 * useful to have gup_huge_pmd even if we can't operate on ptes.
1469 static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end,
1470 int write, struct page **pages, int *nr)
1474 #endif /* CONFIG_ARCH_HAS_PTE_SPECIAL */
1476 #if defined(__HAVE_ARCH_PTE_DEVMAP) && defined(CONFIG_TRANSPARENT_HUGEPAGE)
1477 static int __gup_device_huge(unsigned long pfn, unsigned long addr,
1478 unsigned long end, struct page **pages, int *nr)
1481 struct dev_pagemap *pgmap = NULL;
1484 struct page *page = pfn_to_page(pfn);
1486 pgmap = get_dev_pagemap(pfn, pgmap);
1487 if (unlikely(!pgmap)) {
1488 undo_dev_pagemap(nr, nr_start, pages);
1491 SetPageReferenced(page);
1496 } while (addr += PAGE_SIZE, addr != end);
1499 put_dev_pagemap(pgmap);
1503 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1504 unsigned long end, struct page **pages, int *nr)
1506 unsigned long fault_pfn;
1509 fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1510 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1513 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1514 undo_dev_pagemap(nr, nr_start, pages);
1520 static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1521 unsigned long end, struct page **pages, int *nr)
1523 unsigned long fault_pfn;
1526 fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1527 if (!__gup_device_huge(fault_pfn, addr, end, pages, nr))
1530 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1531 undo_dev_pagemap(nr, nr_start, pages);
1537 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1538 unsigned long end, struct page **pages, int *nr)
1544 static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr,
1545 unsigned long end, struct page **pages, int *nr)
1552 static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
1553 unsigned long end, int write, struct page **pages, int *nr)
1555 struct page *head, *page;
1558 if (!pmd_access_permitted(orig, write))
1561 if (pmd_devmap(orig))
1562 return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr);
1565 page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT);
1571 } while (addr += PAGE_SIZE, addr != end);
1573 head = try_get_compound_head(pmd_page(orig), refs);
1579 if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) {
1586 SetPageReferenced(head);
1590 static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr,
1591 unsigned long end, int write, struct page **pages, int *nr)
1593 struct page *head, *page;
1596 if (!pud_access_permitted(orig, write))
1599 if (pud_devmap(orig))
1600 return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr);
1603 page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);
1609 } while (addr += PAGE_SIZE, addr != end);
1611 head = try_get_compound_head(pud_page(orig), refs);
1617 if (unlikely(pud_val(orig) != pud_val(*pudp))) {
1624 SetPageReferenced(head);
1628 static int gup_huge_pgd(pgd_t orig, pgd_t *pgdp, unsigned long addr,
1629 unsigned long end, int write,
1630 struct page **pages, int *nr)
1633 struct page *head, *page;
1635 if (!pgd_access_permitted(orig, write))
1638 BUILD_BUG_ON(pgd_devmap(orig));
1640 page = pgd_page(orig) + ((addr & ~PGDIR_MASK) >> PAGE_SHIFT);
1646 } while (addr += PAGE_SIZE, addr != end);
1648 head = try_get_compound_head(pgd_page(orig), refs);
1654 if (unlikely(pgd_val(orig) != pgd_val(*pgdp))) {
1661 SetPageReferenced(head);
1665 static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
1666 int write, struct page **pages, int *nr)
1671 pmdp = pmd_offset(&pud, addr);
1673 pmd_t pmd = READ_ONCE(*pmdp);
1675 next = pmd_addr_end(addr, end);
1676 if (!pmd_present(pmd))
1679 if (unlikely(pmd_trans_huge(pmd) || pmd_huge(pmd) ||
1682 * NUMA hinting faults need to be handled in the GUP
1683 * slowpath for accounting purposes and so that they
1684 * can be serialised against THP migration.
1686 if (pmd_protnone(pmd))
1689 if (!gup_huge_pmd(pmd, pmdp, addr, next, write,
1693 } else if (unlikely(is_hugepd(__hugepd(pmd_val(pmd))))) {
1695 * architecture have different format for hugetlbfs
1696 * pmd format and THP pmd format
1698 if (!gup_huge_pd(__hugepd(pmd_val(pmd)), addr,
1699 PMD_SHIFT, next, write, pages, nr))
1701 } else if (!gup_pte_range(pmd, addr, next, write, pages, nr))
1703 } while (pmdp++, addr = next, addr != end);
1708 static int gup_pud_range(p4d_t p4d, unsigned long addr, unsigned long end,
1709 int write, struct page **pages, int *nr)
1714 pudp = pud_offset(&p4d, addr);
1716 pud_t pud = READ_ONCE(*pudp);
1718 next = pud_addr_end(addr, end);
1721 if (unlikely(pud_huge(pud))) {
1722 if (!gup_huge_pud(pud, pudp, addr, next, write,
1725 } else if (unlikely(is_hugepd(__hugepd(pud_val(pud))))) {
1726 if (!gup_huge_pd(__hugepd(pud_val(pud)), addr,
1727 PUD_SHIFT, next, write, pages, nr))
1729 } else if (!gup_pmd_range(pud, addr, next, write, pages, nr))
1731 } while (pudp++, addr = next, addr != end);
1736 static int gup_p4d_range(pgd_t pgd, unsigned long addr, unsigned long end,
1737 int write, struct page **pages, int *nr)
1742 p4dp = p4d_offset(&pgd, addr);
1744 p4d_t p4d = READ_ONCE(*p4dp);
1746 next = p4d_addr_end(addr, end);
1749 BUILD_BUG_ON(p4d_huge(p4d));
1750 if (unlikely(is_hugepd(__hugepd(p4d_val(p4d))))) {
1751 if (!gup_huge_pd(__hugepd(p4d_val(p4d)), addr,
1752 P4D_SHIFT, next, write, pages, nr))
1754 } else if (!gup_pud_range(p4d, addr, next, write, pages, nr))
1756 } while (p4dp++, addr = next, addr != end);
1761 static void gup_pgd_range(unsigned long addr, unsigned long end,
1762 int write, struct page **pages, int *nr)
1767 pgdp = pgd_offset(current->mm, addr);
1769 pgd_t pgd = READ_ONCE(*pgdp);
1771 next = pgd_addr_end(addr, end);
1774 if (unlikely(pgd_huge(pgd))) {
1775 if (!gup_huge_pgd(pgd, pgdp, addr, next, write,
1778 } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) {
1779 if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr,
1780 PGDIR_SHIFT, next, write, pages, nr))
1782 } else if (!gup_p4d_range(pgd, addr, next, write, pages, nr))
1784 } while (pgdp++, addr = next, addr != end);
1787 #ifndef gup_fast_permitted
1789 * Check if it's allowed to use __get_user_pages_fast() for the range, or
1790 * we need to fall back to the slow version:
1792 bool gup_fast_permitted(unsigned long start, int nr_pages, int write)
1794 unsigned long len, end;
1796 len = (unsigned long) nr_pages << PAGE_SHIFT;
1798 return end >= start;
1803 * Like get_user_pages_fast() except it's IRQ-safe in that it won't fall back to
1805 * Note a difference with get_user_pages_fast: this always returns the
1806 * number of pages pinned, 0 if no pages were pinned.
1808 int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
1809 struct page **pages)
1811 unsigned long addr, len, end;
1812 unsigned long flags;
1817 len = (unsigned long) nr_pages << PAGE_SHIFT;
1820 if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
1821 (void __user *)start, len)))
1825 * Disable interrupts. We use the nested form as we can already have
1826 * interrupts disabled by get_futex_key.
1828 * With interrupts disabled, we block page table pages from being
1829 * freed from under us. See mmu_gather_tlb in asm-generic/tlb.h
1832 * We do not adopt an rcu_read_lock(.) here as we also want to
1833 * block IPIs that come from THPs splitting.
1836 if (gup_fast_permitted(start, nr_pages, write)) {
1837 local_irq_save(flags);
1838 gup_pgd_range(addr, end, write, pages, &nr);
1839 local_irq_restore(flags);
1846 * get_user_pages_fast() - pin user pages in memory
1847 * @start: starting user address
1848 * @nr_pages: number of pages from start to pin
1849 * @write: whether pages will be written to
1850 * @pages: array that receives pointers to the pages pinned.
1851 * Should be at least nr_pages long.
1853 * Attempt to pin user pages in memory without taking mm->mmap_sem.
1854 * If not successful, it will fall back to taking the lock and
1855 * calling get_user_pages().
1857 * Returns number of pages pinned. This may be fewer than the number
1858 * requested. If nr_pages is 0 or negative, returns 0. If no pages
1859 * were pinned, returns -errno.
1861 int get_user_pages_fast(unsigned long start, int nr_pages, int write,
1862 struct page **pages)
1864 unsigned long addr, len, end;
1865 int nr = 0, ret = 0;
1869 len = (unsigned long) nr_pages << PAGE_SHIFT;
1875 if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
1876 (void __user *)start, len)))
1879 if (gup_fast_permitted(start, nr_pages, write)) {
1880 local_irq_disable();
1881 gup_pgd_range(addr, end, write, pages, &nr);
1886 if (nr < nr_pages) {
1887 /* Try to get the remaining pages with get_user_pages */
1888 start += nr << PAGE_SHIFT;
1891 ret = get_user_pages_unlocked(start, nr_pages - nr, pages,
1892 write ? FOLL_WRITE : 0);
1894 /* Have to be a bit careful with return values */
1906 #endif /* CONFIG_HAVE_GENERIC_GUP */
projects / platform / kernel / linux-rpi.git / blob