add boot partition size

hc

2023-12-11 d2ccde1c8e90d38cee87a1b0309ad2827f3fd30d

 kernel/mm/khugepaged.c
..
..
@@ -28,7 +28,10 @@
28
28
 	SCAN_SUCCEED,
29
29
 	SCAN_PMD_NULL,
30
30
 	SCAN_EXCEED_NONE_PTE,
31
+	SCAN_EXCEED_SWAP_PTE,
32
+	SCAN_EXCEED_SHARED_PTE,
31
33
 	SCAN_PTE_NON_PRESENT,
34
+	SCAN_PTE_UFFD_WP,
32
35
 	SCAN_PAGE_RO,
33
36
 	SCAN_LACK_REFERENCED_PAGE,
34
37
 	SCAN_PAGE_NULL,
..
..
@@ -46,8 +49,8 @@
46
49
 	SCAN_DEL_PAGE_LRU,
47
50
 	SCAN_ALLOC_HUGE_PAGE_FAIL,
48
51
 	SCAN_CGROUP_CHARGE_FAIL,
49
-	SCAN_EXCEED_SWAP_PTE,
50
52
 	SCAN_TRUNCATED,
53
+	SCAN_PAGE_HAS_PRIVATE,
51
54
 };
52
55
 
53
56
 #define CREATE_TRACE_POINTS
..
..
@@ -73,11 +76,14 @@
73
76
  */
74
77
 static unsigned int khugepaged_max_ptes_none __read_mostly;
75
78
 static unsigned int khugepaged_max_ptes_swap __read_mostly;
79
+static unsigned int khugepaged_max_ptes_shared __read_mostly;
76
80
 
77
81
 #define MM_SLOTS_HASH_BITS 10
78
82
 static __read_mostly DEFINE_HASHTABLE(mm_slots_hash, MM_SLOTS_HASH_BITS);
79
83
 
80
84
 static struct kmem_cache *mm_slot_cache __read_mostly;
85
+
86
+#define MAX_PTE_MAPPED_THP 8
81
87
 
82
88
 /**
83
89
  * struct mm_slot - hash lookup from mm to mm_slot
..
..
@@ -89,6 +95,10 @@
89
95
 	struct hlist_node hash;
90
96
 	struct list_head mm_node;
91
97
 	struct mm_struct *mm;
98
+
99
+	/* pte-mapped THP in this mm */
100
+	int nr_pte_mapped_thp;
101
+	unsigned long pte_mapped_thp[MAX_PTE_MAPPED_THP];
92
102
 };
93
103
 
94
104
 /**
..
..
@@ -286,15 +296,43 @@
286
296
 	__ATTR(max_ptes_swap, 0644, khugepaged_max_ptes_swap_show,
287
297
 	       khugepaged_max_ptes_swap_store);
288
298
 
299
+static ssize_t khugepaged_max_ptes_shared_show(struct kobject *kobj,
300
+					     struct kobj_attribute *attr,
301
+					     char *buf)
302
+{
303
+	return sprintf(buf, "%u\n", khugepaged_max_ptes_shared);
304
+}
305
+
306
+static ssize_t khugepaged_max_ptes_shared_store(struct kobject *kobj,
307
+					      struct kobj_attribute *attr,
308
+					      const char *buf, size_t count)
309
+{
310
+	int err;
311
+	unsigned long max_ptes_shared;
312
+
313
+	err  = kstrtoul(buf, 10, &max_ptes_shared);
314
+	if (err || max_ptes_shared > HPAGE_PMD_NR-1)
315
+		return -EINVAL;
316
+
317
+	khugepaged_max_ptes_shared = max_ptes_shared;
318
+
319
+	return count;
320
+}
321
+
322
+static struct kobj_attribute khugepaged_max_ptes_shared_attr =
323
+	__ATTR(max_ptes_shared, 0644, khugepaged_max_ptes_shared_show,
324
+	       khugepaged_max_ptes_shared_store);
325
+
289
326
 static struct attribute *khugepaged_attr[] = {
290
327
 	&khugepaged_defrag_attr.attr,
291
328
 	&khugepaged_max_ptes_none_attr.attr,
329
+	&khugepaged_max_ptes_swap_attr.attr,
330
+	&khugepaged_max_ptes_shared_attr.attr,
292
331
 	&pages_to_scan_attr.attr,
293
332
 	&pages_collapsed_attr.attr,
294
333
 	&full_scans_attr.attr,
295
334
 	&scan_sleep_millisecs_attr.attr,
296
335
 	&alloc_sleep_millisecs_attr.attr,
297
-	&khugepaged_max_ptes_swap_attr.attr,
298
336
 	NULL,
299
337
 };
300
338
 
..
..
@@ -303,8 +341,6 @@
303
341
 	.name = "khugepaged",
304
342
 };
305
343
 #endif /* CONFIG_SYSFS */
306
-
307
-#define VM_NO_KHUGEPAGED (VM_SPECIAL | VM_HUGETLB)
308
344
 
309
345
 int hugepage_madvise(struct vm_area_struct *vma,
310
346
 		     unsigned long *vm_flags, int advice)
..
..
@@ -356,6 +392,7 @@
356
392
 	khugepaged_pages_to_scan = HPAGE_PMD_NR * 8;
357
393
 	khugepaged_max_ptes_none = HPAGE_PMD_NR - 1;
358
394
 	khugepaged_max_ptes_swap = HPAGE_PMD_NR / 8;
395
+	khugepaged_max_ptes_shared = HPAGE_PMD_NR / 2;
359
396
 
360
397
 	return 0;
361
398
 }
..
..
@@ -397,25 +434,39 @@
397
434
 
398
435
 static inline int khugepaged_test_exit(struct mm_struct *mm)
399
436
 {
400
-	return atomic_read(&mm->mm_users) == 0 || !mmget_still_valid(mm);
437
+	return atomic_read(&mm->mm_users) == 0;
401
438
 }
402
439
 
403
440
 static bool hugepage_vma_check(struct vm_area_struct *vma,
404
441
 			       unsigned long vm_flags)
405
442
 {
406
-	if ((!(vm_flags & VM_HUGEPAGE) && !khugepaged_always()) ||
407
-	    (vm_flags & VM_NOHUGEPAGE) ||
408
-	    test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags))
443
+	if (!transhuge_vma_enabled(vma, vm_flags))
409
444
 		return false;
410
-	if (shmem_file(vma->vm_file)) {
411
-		if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGE_PAGECACHE))
412
-			return false;
413
-		return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff,
414
-				HPAGE_PMD_NR);
445
+
446
+	if (vma->vm_file && !IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) -
447
+				vma->vm_pgoff, HPAGE_PMD_NR))
448
+		return false;
449
+
450
+	/* Enabled via shmem mount options or sysfs settings. */
451
+	if (shmem_file(vma->vm_file))
452
+		return shmem_huge_enabled(vma);
453
+
454
+	/* THP settings require madvise. */
455
+	if (!(vm_flags & VM_HUGEPAGE) && !khugepaged_always())
456
+		return false;
457
+
458
+	/* Only regular file is valid */
459
+	if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && vma->vm_file &&
460
+	    !inode_is_open_for_write(vma->vm_file->f_inode) &&
461
+	    (vm_flags & VM_EXEC)) {
462
+		struct inode *inode = vma->vm_file->f_inode;
463
+
464
+		return S_ISREG(inode->i_mode);
415
465
 	}
466
+
416
467
 	if (!vma->anon_vma || vma->vm_ops)
417
468
 		return false;
418
-	if (is_vma_temporary_stack(vma))
469
+	if (vma_is_temporary_stack(vma))
419
470
 		return false;
420
471
 	return !(vm_flags & VM_NO_KHUGEPAGED);
421
472
 }
..
..
@@ -459,8 +510,9 @@
459
510
 	unsigned long hstart, hend;
460
511
 
461
512
 	/*
462
-	 * khugepaged does not yet work on non-shmem files or special
463
-	 * mappings. And file-private shmem THP is not supported.
513
+	 * khugepaged only supports read-only files for non-shmem files.
514
+	 * khugepaged does not yet work on special mappings. And
515
+	 * file-private shmem THP is not supported.
464
516
 	 */
465
517
 	if (!hugepage_vma_check(vma, vm_flags))
466
518
 		return 0;
..
..
@@ -497,36 +549,61 @@
497
549
 		 * under mmap sem read mode). Stop here (after we
498
550
 		 * return all pagetables will be destroyed) until
499
551
 		 * khugepaged has finished working on the pagetables
500
-		 * under the mmap_sem.
552
+		 * under the mmap_lock.
501
553
 		 */
502
-		down_write(&mm->mmap_sem);
503
-		up_write(&mm->mmap_sem);
554
+		mmap_write_lock(mm);
555
+		mmap_write_unlock(mm);
504
556
 	}
505
557
 }
506
558
 
507
559
 static void release_pte_page(struct page *page)
508
560
 {
509
-	dec_node_page_state(page, NR_ISOLATED_ANON + page_is_file_cache(page));
561
+	mod_node_page_state(page_pgdat(page),
562
+			NR_ISOLATED_ANON + page_is_file_lru(page),
563
+			-compound_nr(page));
510
564
 	unlock_page(page);
511
565
 	putback_lru_page(page);
512
566
 }
513
567
 
514
-static void release_pte_pages(pte_t *pte, pte_t *_pte)
568
+static void release_pte_pages(pte_t *pte, pte_t *_pte,
569
+		struct list_head *compound_pagelist)
515
570
 {
571
+	struct page *page, *tmp;
572
+
516
573
 	while (--_pte >= pte) {
517
574
 		pte_t pteval = *_pte;
518
-		if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)))
519
-			release_pte_page(pte_page(pteval));
575
+
576
+		page = pte_page(pteval);
577
+		if (!pte_none(pteval) && !is_zero_pfn(pte_pfn(pteval)) &&
578
+				!PageCompound(page))
579
+			release_pte_page(page);
520
580
 	}
581
+
582
+	list_for_each_entry_safe(page, tmp, compound_pagelist, lru) {
583
+		list_del(&page->lru);
584
+		release_pte_page(page);
585
+	}
586
+}
587
+
588
+static bool is_refcount_suitable(struct page *page)
589
+{
590
+	int expected_refcount;
591
+
592
+	expected_refcount = total_mapcount(page);
593
+	if (PageSwapCache(page))
594
+		expected_refcount += compound_nr(page);
595
+
596
+	return page_count(page) == expected_refcount;
521
597
 }
522
598
 
523
599
 static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
524
600
 					unsigned long address,
525
-					pte_t *pte)
601
+					pte_t *pte,
602
+					struct list_head *compound_pagelist)
526
603
 {
527
604
 	struct page *page = NULL;
528
605
 	pte_t *_pte;
529
-	int none_or_zero = 0, result = 0, referenced = 0;
606
+	int none_or_zero = 0, shared = 0, result = 0, referenced = 0;
530
607
 	bool writable = false;
531
608
 
532
609
 	for (_pte = pte; _pte < pte+HPAGE_PMD_NR;
..
..
@@ -552,13 +629,27 @@
552
629
 			goto out;
553
630
 		}
554
631
 
555
-		/* TODO: teach khugepaged to collapse THP mapped with pte */
556
-		if (PageCompound(page)) {
557
-			result = SCAN_PAGE_COMPOUND;
632
+		VM_BUG_ON_PAGE(!PageAnon(page), page);
633
+
634
+		if (page_mapcount(page) > 1 &&
635
+				++shared > khugepaged_max_ptes_shared) {
636
+			result = SCAN_EXCEED_SHARED_PTE;
558
637
 			goto out;
559
638
 		}
560
639
 
561
-		VM_BUG_ON_PAGE(!PageAnon(page), page);
640
+		if (PageCompound(page)) {
641
+			struct page *p;
642
+			page = compound_head(page);
643
+
644
+			/*
645
+			 * Check if we have dealt with the compound page
646
+			 * already
647
+			 */
648
+			list_for_each_entry(p, compound_pagelist, lru) {
649
+				if (page == p)
650
+					goto next;
651
+			}
652
+		}
562
653
 
563
654
 		/*
564
655
 		 * We can do it before isolate_lru_page because the
..
..
@@ -572,28 +663,30 @@
572
663
 		}
573
664
 
574
665
 		/*
575
-		 * cannot use mapcount: can't collapse if there's a gup pin.
576
-		 * The page must only be referenced by the scanned process
577
-		 * and page swap cache.
666
+		 * Check if the page has any GUP (or other external) pins.
667
+		 *
668
+		 * The page table that maps the page has been already unlinked
669
+		 * from the page table tree and this process cannot get
670
+		 * an additinal pin on the page.
671
+		 *
672
+		 * New pins can come later if the page is shared across fork,
673
+		 * but not from this process. The other process cannot write to
674
+		 * the page, only trigger CoW.
578
675
 		 */
579
-		if (page_count(page) != 1 + PageSwapCache(page)) {
676
+		if (!is_refcount_suitable(page)) {
580
677
 			unlock_page(page);
581
678
 			result = SCAN_PAGE_COUNT;
582
679
 			goto out;
583
680
 		}
584
-		if (pte_write(pteval)) {
585
-			writable = true;
586
-		} else {
587
-			if (PageSwapCache(page) &&
588
-			    !reuse_swap_page(page, NULL)) {
589
-				unlock_page(page);
590
-				result = SCAN_SWAP_CACHE_PAGE;
591
-				goto out;
592
-			}
681
+		if (!pte_write(pteval) && PageSwapCache(page) &&
682
+				!reuse_swap_page(page, NULL)) {
593
683
 			/*
594
-			 * Page is not in the swap cache. It can be collapsed
595
-			 * into a THP.
684
+			 * Page is in the swap cache and cannot be re-used.
685
+			 * It cannot be collapsed into a THP.
596
686
 			 */
687
+			unlock_page(page);
688
+			result = SCAN_SWAP_CACHE_PAGE;
689
+			goto out;
597
690
 		}
598
691
 
599
692
 		/*
..
..
@@ -605,16 +698,23 @@
605
698
 			result = SCAN_DEL_PAGE_LRU;
606
699
 			goto out;
607
700
 		}
608
-		inc_node_page_state(page,
609
-				NR_ISOLATED_ANON + page_is_file_cache(page));
701
+		mod_node_page_state(page_pgdat(page),
702
+				NR_ISOLATED_ANON + page_is_file_lru(page),
703
+				compound_nr(page));
610
704
 		VM_BUG_ON_PAGE(!PageLocked(page), page);
611
705
 		VM_BUG_ON_PAGE(PageLRU(page), page);
612
706
 
707
+		if (PageCompound(page))
708
+			list_add_tail(&page->lru, compound_pagelist);
709
+next:
613
710
 		/* There should be enough young pte to collapse the page */
614
711
 		if (pte_young(pteval) ||
615
712
 		    page_is_young(page) || PageReferenced(page) ||
616
713
 		    mmu_notifier_test_young(vma->vm_mm, address))
617
714
 			referenced++;
715
+
716
+		if (pte_write(pteval))
717
+			writable = true;
618
718
 	}
619
719
 
620
720
 	if (unlikely(!writable)) {
..
..
@@ -628,7 +728,7 @@
628
728
 		return 1;
629
729
 	}
630
730
 out:
631
-	release_pte_pages(pte, _pte);
731
+	release_pte_pages(pte, _pte, compound_pagelist);
632
732
 	trace_mm_collapse_huge_page_isolate(page, none_or_zero,
633
733
 					    referenced, writable, result);
634
734
 	return 0;
..
..
@@ -637,13 +737,14 @@
637
737
 static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
638
738
 				      struct vm_area_struct *vma,
639
739
 				      unsigned long address,
640
-				      spinlock_t *ptl)
740
+				      spinlock_t *ptl,
741
+				      struct list_head *compound_pagelist)
641
742
 {
743
+	struct page *src_page, *tmp;
642
744
 	pte_t *_pte;
643
745
 	for (_pte = pte; _pte < pte + HPAGE_PMD_NR;
644
746
 				_pte++, page++, address += PAGE_SIZE) {
645
747
 		pte_t pteval = *_pte;
646
-		struct page *src_page;
647
748
 
648
749
 		if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {
649
750
 			clear_user_highpage(page, address);
..
..
@@ -663,8 +764,8 @@
663
764
 		} else {
664
765
 			src_page = pte_page(pteval);
665
766
 			copy_user_highpage(page, src_page, address, vma);
666
-			VM_BUG_ON_PAGE(page_mapcount(src_page) != 1, src_page);
667
-			release_pte_page(src_page);
767
+			if (!PageCompound(src_page))
768
+				release_pte_page(src_page);
668
769
 			/*
669
770
 			 * ptl mostly unnecessary, but preempt has to
670
771
 			 * be disabled to update the per-cpu stats
..
..
@@ -680,6 +781,11 @@
680
781
 			spin_unlock(ptl);
681
782
 			free_page_and_swap_cache(src_page);
682
783
 		}
784
+	}
785
+
786
+	list_for_each_entry_safe(src_page, tmp, compound_pagelist, lru) {
787
+		list_del(&src_page->lru);
788
+		release_pte_page(src_page);
683
789
 	}
684
790
 }
685
791
 
..
..
@@ -713,7 +819,7 @@
713
819
 	for (i = 0; i < MAX_NUMNODES; i++) {
714
820
 		if (!khugepaged_node_load[i])
715
821
 			continue;
716
-		if (node_distance(nid, i) > RECLAIM_DISTANCE)
822
+		if (node_distance(nid, i) > node_reclaim_distance)
717
823
 			return true;
718
824
 	}
719
825
 	return false;
..
..
@@ -854,8 +960,8 @@
854
960
 #endif
855
961
 
856
962
 /*
857
- * If mmap_sem temporarily dropped, revalidate vma
858
- * before taking mmap_sem.
963
+ * If mmap_lock temporarily dropped, revalidate vma
964
+ * before taking mmap_lock.
859
965
  * Return 0 if succeeds, otherwise return none-zero
860
966
  * value (scan code).
861
967
  */
..
..
@@ -879,6 +985,9 @@
879
985
 		return SCAN_ADDRESS_RANGE;
880
986
 	if (!hugepage_vma_check(vma, vma->vm_flags))
881
987
 		return SCAN_VMA_CHECK;
988
+	/* Anon VMA expected */
989
+	if (!vma->anon_vma || vma->vm_ops)
990
+		return SCAN_VMA_CHECK;
882
991
 	return 0;
883
992
 }
884
993
 
..
..
@@ -887,48 +996,48 @@
887
996
  * Only done if khugepaged_scan_pmd believes it is worthwhile.
888
997
  *
889
998
  * Called and returns without pte mapped or spinlocks held,
890
- * but with mmap_sem held to protect against vma changes.
999
+ * but with mmap_lock held to protect against vma changes.
891
1000
  */
892
1001
 
893
1002
 static bool __collapse_huge_page_swapin(struct mm_struct *mm,
894
1003
 					struct vm_area_struct *vma,
895
-					unsigned long address, pmd_t *pmd,
1004
+					unsigned long haddr, pmd_t *pmd,
896
1005
 					int referenced)
897
1006
 {
898
1007
 	int swapped_in = 0;
899
1008
 	vm_fault_t ret = 0;
900
-	struct vm_fault vmf = {
901
-		.vma = vma,
902
-		.address = address,
903
-		.flags = FAULT_FLAG_ALLOW_RETRY,
904
-		.pmd = pmd,
905
-		.pgoff = linear_page_index(vma, address),
906
-	};
1009
+	unsigned long address, end = haddr + (HPAGE_PMD_NR * PAGE_SIZE);
907
1010
 
908
-	/* we only decide to swapin, if there is enough young ptes */
909
-	if (referenced < HPAGE_PMD_NR/2) {
910
-		trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
911
-		return false;
912
-	}
913
-	vmf.pte = pte_offset_map(pmd, address);
914
-	for (; vmf.address < address + HPAGE_PMD_NR*PAGE_SIZE;
915
-			vmf.pte++, vmf.address += PAGE_SIZE) {
1011
+	for (address = haddr; address < end; address += PAGE_SIZE) {
1012
+		struct vm_fault vmf = {
1013
+			.vma = vma,
1014
+			.address = address,
1015
+			.pgoff = linear_page_index(vma, haddr),
1016
+			.flags = FAULT_FLAG_ALLOW_RETRY,
1017
+			.pmd = pmd,
1018
+			.vma_flags = vma->vm_flags,
1019
+			.vma_page_prot = vma->vm_page_prot,
1020
+		};
1021
+
1022
+		vmf.pte = pte_offset_map(pmd, address);
916
1023
 		vmf.orig_pte = *vmf.pte;
917
-		if (!is_swap_pte(vmf.orig_pte))
1024
+		if (!is_swap_pte(vmf.orig_pte)) {
1025
+			pte_unmap(vmf.pte);
918
1026
 			continue;
1027
+		}
919
1028
 		swapped_in++;
920
1029
 		ret = do_swap_page(&vmf);
921
1030
 
922
-		/* do_swap_page returns VM_FAULT_RETRY with released mmap_sem */
1031
+		/* do_swap_page returns VM_FAULT_RETRY with released mmap_lock */
923
1032
 		if (ret & VM_FAULT_RETRY) {
924
-			down_read(&mm->mmap_sem);
925
-			if (hugepage_vma_revalidate(mm, address, &vmf.vma)) {
1033
+			mmap_read_lock(mm);
1034
+			if (hugepage_vma_revalidate(mm, haddr, &vma)) {
926
1035
 				/* vma is no longer available, don't continue to swapin */
927
1036
 				trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
928
1037
 				return false;
929
1038
 			}
930
1039
 			/* check if the pmd is still valid */
931
-			if (mm_find_pmd(mm, address) != pmd) {
1040
+			if (mm_find_pmd(mm, haddr) != pmd) {
932
1041
 				trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
933
1042
 				return false;
934
1043
 			}
..
..
@@ -937,11 +1046,12 @@
937
1046
 			trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 0);
938
1047
 			return false;
939
1048
 		}
940
-		/* pte is unmapped now, we need to map it */
941
-		vmf.pte = pte_offset_map(pmd, vmf.address);
942
1049
 	}
943
-	vmf.pte--;
944
-	pte_unmap(vmf.pte);
1050
+
1051
+	/* Drain LRU add pagevec to remove extra pin on the swapped in pages */
1052
+	if (swapped_in)
1053
+		lru_add_drain();
1054
+
945
1055
 	trace_mm_collapse_huge_page_swapin(mm, swapped_in, referenced, 1);
946
1056
 	return true;
947
1057
 }
..
..
@@ -949,18 +1059,17 @@
949
1059
 static void collapse_huge_page(struct mm_struct *mm,
950
1060
 				   unsigned long address,
951
1061
 				   struct page **hpage,
952
-				   int node, int referenced)
1062
+				   int node, int referenced, int unmapped)
953
1063
 {
1064
+	LIST_HEAD(compound_pagelist);
954
1065
 	pmd_t *pmd, _pmd;
955
1066
 	pte_t *pte;
956
1067
 	pgtable_t pgtable;
957
1068
 	struct page *new_page;
958
1069
 	spinlock_t *pmd_ptl, *pte_ptl;
959
1070
 	int isolated = 0, result = 0;
960
-	struct mem_cgroup *memcg;
961
1071
 	struct vm_area_struct *vma;
962
-	unsigned long mmun_start;	/* For mmu_notifiers */
963
-	unsigned long mmun_end;		/* For mmu_notifiers */
1072
+	struct mmu_notifier_range range;
964
1073
 	gfp_t gfp;
965
1074
 
966
1075
 	VM_BUG_ON(address & ~HPAGE_PMD_MASK);
..
..
@@ -969,57 +1078,56 @@
969
1078
 	gfp = alloc_hugepage_khugepaged_gfpmask() | __GFP_THISNODE;
970
1079
 
971
1080
 	/*
972
-	 * Before allocating the hugepage, release the mmap_sem read lock.
1081
+	 * Before allocating the hugepage, release the mmap_lock read lock.
973
1082
 	 * The allocation can take potentially a long time if it involves
974
-	 * sync compaction, and we do not need to hold the mmap_sem during
1083
+	 * sync compaction, and we do not need to hold the mmap_lock during
975
1084
 	 * that. We will recheck the vma after taking it again in write mode.
976
1085
 	 */
977
-	up_read(&mm->mmap_sem);
1086
+	mmap_read_unlock(mm);
978
1087
 	new_page = khugepaged_alloc_page(hpage, gfp, node);
979
1088
 	if (!new_page) {
980
1089
 		result = SCAN_ALLOC_HUGE_PAGE_FAIL;
981
1090
 		goto out_nolock;
982
1091
 	}
983
1092
 
984
-	if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
1093
+	if (unlikely(mem_cgroup_charge(new_page, mm, gfp))) {
985
1094
 		result = SCAN_CGROUP_CHARGE_FAIL;
986
1095
 		goto out_nolock;
987
1096
 	}
1097
+	count_memcg_page_event(new_page, THP_COLLAPSE_ALLOC);
988
1098
 
989
-	down_read(&mm->mmap_sem);
1099
+	mmap_read_lock(mm);
990
1100
 	result = hugepage_vma_revalidate(mm, address, &vma);
991
1101
 	if (result) {
992
-		mem_cgroup_cancel_charge(new_page, memcg, true);
993
-		up_read(&mm->mmap_sem);
1102
+		mmap_read_unlock(mm);
994
1103
 		goto out_nolock;
995
1104
 	}
996
1105
 
997
1106
 	pmd = mm_find_pmd(mm, address);
998
1107
 	if (!pmd) {
999
1108
 		result = SCAN_PMD_NULL;
1000
-		mem_cgroup_cancel_charge(new_page, memcg, true);
1001
-		up_read(&mm->mmap_sem);
1109
+		mmap_read_unlock(mm);
1002
1110
 		goto out_nolock;
1003
1111
 	}
1004
1112
 
1005
1113
 	/*
1006
-	 * __collapse_huge_page_swapin always returns with mmap_sem locked.
1007
-	 * If it fails, we release mmap_sem and jump out_nolock.
1114
+	 * __collapse_huge_page_swapin always returns with mmap_lock locked.
1115
+	 * If it fails, we release mmap_lock and jump out_nolock.
1008
1116
 	 * Continuing to collapse causes inconsistency.
1009
1117
 	 */
1010
-	if (!__collapse_huge_page_swapin(mm, vma, address, pmd, referenced)) {
1011
-		mem_cgroup_cancel_charge(new_page, memcg, true);
1012
-		up_read(&mm->mmap_sem);
1118
+	if (unmapped && !__collapse_huge_page_swapin(mm, vma, address,
1119
+						     pmd, referenced)) {
1120
+		mmap_read_unlock(mm);
1013
1121
 		goto out_nolock;
1014
1122
 	}
1015
1123
 
1016
-	up_read(&mm->mmap_sem);
1124
+	mmap_read_unlock(mm);
1017
1125
 	/*
1018
1126
 	 * Prevent all access to pagetables with the exception of
1019
1127
 	 * gup_fast later handled by the ptep_clear_flush and the VM
1020
1128
 	 * handled by the anon_vma lock + PG_lock.
1021
1129
 	 */
1022
-	down_write(&mm->mmap_sem);
1130
+	mmap_write_lock(mm);
1023
1131
 	result = hugepage_vma_revalidate(mm, address, &vma);
1024
1132
 	if (result)
1025
1133
 		goto out;
..
..
@@ -1027,27 +1135,33 @@
1027
1135
 	if (mm_find_pmd(mm, address) != pmd)
1028
1136
 		goto out;
1029
1137
 
1138
+	vm_write_begin(vma);
1030
1139
 	anon_vma_lock_write(vma->anon_vma);
1140
+
1141
+	mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm,
1142
+				address, address + HPAGE_PMD_SIZE);
1143
+	mmu_notifier_invalidate_range_start(&range);
1031
1144
 
1032
1145
 	pte = pte_offset_map(pmd, address);
1033
1146
 	pte_ptl = pte_lockptr(mm, pmd);
1034
1147
 
1035
-	mmun_start = address;
1036
-	mmun_end   = address + HPAGE_PMD_SIZE;
1037
-	mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
1038
1148
 	pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */
1039
1149
 	/*
1040
-	 * After this gup_fast can't run anymore. This also removes
1041
-	 * any huge TLB entry from the CPU so we won't allow
1042
-	 * huge and small TLB entries for the same virtual address
1043
-	 * to avoid the risk of CPU bugs in that area.
1150
+	 * This removes any huge TLB entry from the CPU so we won't allow
1151
+	 * huge and small TLB entries for the same virtual address to
1152
+	 * avoid the risk of CPU bugs in that area.
1153
+	 *
1154
+	 * Parallel fast GUP is fine since fast GUP will back off when
1155
+	 * it detects PMD is changed.
1044
1156
 	 */
1045
1157
 	_pmd = pmdp_collapse_flush(vma, address, pmd);
1046
1158
 	spin_unlock(pmd_ptl);
1047
-	mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
1159
+	mmu_notifier_invalidate_range_end(&range);
1160
+	tlb_remove_table_sync_one();
1048
1161
 
1049
1162
 	spin_lock(pte_ptl);
1050
-	isolated = __collapse_huge_page_isolate(vma, address, pte);
1163
+	isolated = __collapse_huge_page_isolate(vma, address, pte,
1164
+			&compound_pagelist);
1051
1165
 	spin_unlock(pte_ptl);
1052
1166
 
1053
1167
 	if (unlikely(!isolated)) {
..
..
@@ -1062,6 +1176,7 @@
1062
1176
 		pmd_populate(mm, pmd, pmd_pgtable(_pmd));
1063
1177
 		spin_unlock(pmd_ptl);
1064
1178
 		anon_vma_unlock_write(vma->anon_vma);
1179
+		vm_write_end(vma);
1065
1180
 		result = SCAN_FAIL;
1066
1181
 		goto out;
1067
1182
 	}
..
..
@@ -1072,7 +1187,8 @@
1072
1187
 	 */
1073
1188
 	anon_vma_unlock_write(vma->anon_vma);
1074
1189
 
1075
-	__collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl);
1190
+	__collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl,
1191
+			&compound_pagelist);
1076
1192
 	pte_unmap(pte);
1077
1193
 	__SetPageUptodate(new_page);
1078
1194
 	pgtable = pmd_pgtable(_pmd);
..
..
@@ -1090,24 +1206,25 @@
1090
1206
 	spin_lock(pmd_ptl);
1091
1207
 	BUG_ON(!pmd_none(*pmd));
1092
1208
 	page_add_new_anon_rmap(new_page, vma, address, true);
1093
-	mem_cgroup_commit_charge(new_page, memcg, false, true);
1094
-	lru_cache_add_active_or_unevictable(new_page, vma);
1209
+	lru_cache_add_inactive_or_unevictable(new_page, vma);
1095
1210
 	pgtable_trans_huge_deposit(mm, pmd, pgtable);
1096
1211
 	set_pmd_at(mm, address, pmd, _pmd);
1097
1212
 	update_mmu_cache_pmd(vma, address, pmd);
1098
1213
 	spin_unlock(pmd_ptl);
1214
+	vm_write_end(vma);
1099
1215
 
1100
1216
 	*hpage = NULL;
1101
1217
 
1102
1218
 	khugepaged_pages_collapsed++;
1103
1219
 	result = SCAN_SUCCEED;
1104
1220
 out_up_write:
1105
-	up_write(&mm->mmap_sem);
1221
+	mmap_write_unlock(mm);
1106
1222
 out_nolock:
1223
+	if (!IS_ERR_OR_NULL(*hpage))
1224
+		mem_cgroup_uncharge(*hpage);
1107
1225
 	trace_mm_collapse_huge_page(mm, isolated, result);
1108
1226
 	return;
1109
1227
 out:
1110
-	mem_cgroup_cancel_charge(new_page, memcg, true);
1111
1228
 	goto out_up_write;
1112
1229
 }
1113
1230
 
..
..
@@ -1118,7 +1235,8 @@
1118
1235
 {
1119
1236
 	pmd_t *pmd;
1120
1237
 	pte_t *pte, *_pte;
1121
-	int ret = 0, none_or_zero = 0, result = 0, referenced = 0;
1238
+	int ret = 0, result = 0, referenced = 0;
1239
+	int none_or_zero = 0, shared = 0;
1122
1240
 	struct page *page = NULL;
1123
1241
 	unsigned long _address;
1124
1242
 	spinlock_t *ptl;
..
..
@@ -1140,6 +1258,15 @@
1140
1258
 		pte_t pteval = *_pte;
1141
1259
 		if (is_swap_pte(pteval)) {
1142
1260
 			if (++unmapped <= khugepaged_max_ptes_swap) {
1261
+				/*
1262
+				 * Always be strict with uffd-wp
1263
+				 * enabled swap entries.  Please see
1264
+				 * comment below for pte_uffd_wp().
1265
+				 */
1266
+				if (pte_swp_uffd_wp(pteval)) {
1267
+					result = SCAN_PTE_UFFD_WP;
1268
+					goto out_unmap;
1269
+				}
1143
1270
 				continue;
1144
1271
 			} else {
1145
1272
 				result = SCAN_EXCEED_SWAP_PTE;
..
..
@@ -1159,6 +1286,19 @@
1159
1286
 			result = SCAN_PTE_NON_PRESENT;
1160
1287
 			goto out_unmap;
1161
1288
 		}
1289
+		if (pte_uffd_wp(pteval)) {
1290
+			/*
1291
+			 * Don't collapse the page if any of the small
1292
+			 * PTEs are armed with uffd write protection.
1293
+			 * Here we can also mark the new huge pmd as
1294
+			 * write protected if any of the small ones is
1295
+			 * marked but that could bring uknown
1296
+			 * userfault messages that falls outside of
1297
+			 * the registered range.  So, just be simple.
1298
+			 */
1299
+			result = SCAN_PTE_UFFD_WP;
1300
+			goto out_unmap;
1301
+		}
1162
1302
 		if (pte_write(pteval))
1163
1303
 			writable = true;
1164
1304
 
..
..
@@ -1168,11 +1308,13 @@
1168
1308
 			goto out_unmap;
1169
1309
 		}
1170
1310
 
1171
-		/* TODO: teach khugepaged to collapse THP mapped with pte */
1172
-		if (PageCompound(page)) {
1173
-			result = SCAN_PAGE_COMPOUND;
1311
+		if (page_mapcount(page) > 1 &&
1312
+				++shared > khugepaged_max_ptes_shared) {
1313
+			result = SCAN_EXCEED_SHARED_PTE;
1174
1314
 			goto out_unmap;
1175
1315
 		}
1316
+
1317
+		page = compound_head(page);
1176
1318
 
1177
1319
 		/*
1178
1320
 		 * Record which node the original page is from and save this
..
..
@@ -1200,11 +1342,23 @@
1200
1342
 		}
1201
1343
 
1202
1344
 		/*
1203
-		 * cannot use mapcount: can't collapse if there's a gup pin.
1204
-		 * The page must only be referenced by the scanned process
1205
-		 * and page swap cache.
1345
+		 * Check if the page has any GUP (or other external) pins.
1346
+		 *
1347
+		 * Here the check is racy it may see totmal_mapcount > refcount
1348
+		 * in some cases.
1349
+		 * For example, one process with one forked child process.
1350
+		 * The parent has the PMD split due to MADV_DONTNEED, then
1351
+		 * the child is trying unmap the whole PMD, but khugepaged
1352
+		 * may be scanning the parent between the child has
1353
+		 * PageDoubleMap flag cleared and dec the mapcount.  So
1354
+		 * khugepaged may see total_mapcount > refcount.
1355
+		 *
1356
+		 * But such case is ephemeral we could always retry collapse
1357
+		 * later.  However it may report false positive if the page
1358
+		 * has excessive GUP pins (i.e. 512).  Anyway the same check
1359
+		 * will be done again later the risk seems low.
1206
1360
 		 */
1207
-		if (page_count(page) != 1 + PageSwapCache(page)) {
1361
+		if (!is_refcount_suitable(page)) {
1208
1362
 			result = SCAN_PAGE_COUNT;
1209
1363
 			goto out_unmap;
1210
1364
 		}
..
..
@@ -1213,22 +1367,21 @@
1213
1367
 		    mmu_notifier_test_young(vma->vm_mm, address))
1214
1368
 			referenced++;
1215
1369
 	}
1216
-	if (writable) {
1217
-		if (referenced) {
1218
-			result = SCAN_SUCCEED;
1219
-			ret = 1;
1220
-		} else {
1221
-			result = SCAN_LACK_REFERENCED_PAGE;
1222
-		}
1223
-	} else {
1370
+	if (!writable) {
1224
1371
 		result = SCAN_PAGE_RO;
1372
+	} else if (!referenced || (unmapped && referenced < HPAGE_PMD_NR/2)) {
1373
+		result = SCAN_LACK_REFERENCED_PAGE;
1374
+	} else {
1375
+		result = SCAN_SUCCEED;
1376
+		ret = 1;
1225
1377
 	}
1226
1378
 out_unmap:
1227
1379
 	pte_unmap_unlock(pte, ptl);
1228
1380
 	if (ret) {
1229
1381
 		node = khugepaged_find_target_node();
1230
-		/* collapse_huge_page will return with the mmap_sem released */
1231
-		collapse_huge_page(mm, address, hpage, node, referenced);
1382
+		/* collapse_huge_page will return with the mmap_lock released */
1383
+		collapse_huge_page(mm, address, hpage, node,
1384
+				referenced, unmapped);
1232
1385
 	}
1233
1386
 out:
1234
1387
 	trace_mm_khugepaged_scan_pmd(mm, page, writable, referenced,
..
..
@@ -1240,7 +1393,7 @@
1240
1393
 {
1241
1394
 	struct mm_struct *mm = mm_slot->mm;
1242
1395
 
1243
-	VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
1396
+	lockdep_assert_held(&khugepaged_mm_lock);
1244
1397
 
1245
1398
 	if (khugepaged_test_exit(mm)) {
1246
1399
 		/* free mm_slot */
..
..
@@ -1259,7 +1412,186 @@
1259
1412
 	}
1260
1413
 }
1261
1414
 
1262
-#if defined(CONFIG_SHMEM) && defined(CONFIG_TRANSPARENT_HUGE_PAGECACHE)
1415
+#ifdef CONFIG_SHMEM
1416
+/*
1417
+ * Notify khugepaged that given addr of the mm is pte-mapped THP. Then
1418
+ * khugepaged should try to collapse the page table.
1419
+ */
1420
+static int khugepaged_add_pte_mapped_thp(struct mm_struct *mm,
1421
+					 unsigned long addr)
1422
+{
1423
+	struct mm_slot *mm_slot;
1424
+
1425
+	VM_BUG_ON(addr & ~HPAGE_PMD_MASK);
1426
+
1427
+	spin_lock(&khugepaged_mm_lock);
1428
+	mm_slot = get_mm_slot(mm);
1429
+	if (likely(mm_slot && mm_slot->nr_pte_mapped_thp < MAX_PTE_MAPPED_THP))
1430
+		mm_slot->pte_mapped_thp[mm_slot->nr_pte_mapped_thp++] = addr;
1431
+	spin_unlock(&khugepaged_mm_lock);
1432
+	return 0;
1433
+}
1434
+
1435
+/**
1436
+ * Try to collapse a pte-mapped THP for mm at address haddr.
1437
+ *
1438
+ * This function checks whether all the PTEs in the PMD are pointing to the
1439
+ * right THP. If so, retract the page table so the THP can refault in with
1440
+ * as pmd-mapped.
1441
+ */
1442
+void collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr)
1443
+{
1444
+	unsigned long haddr = addr & HPAGE_PMD_MASK;
1445
+	struct vm_area_struct *vma = find_vma(mm, haddr);
1446
+	struct page *hpage;
1447
+	pte_t *start_pte, *pte;
1448
+	pmd_t *pmd, _pmd;
1449
+	spinlock_t *ptl;
1450
+	int count = 0;
1451
+	int i;
1452
+	struct mmu_notifier_range range;
1453
+
1454
+	if (!vma || !vma->vm_file ||
1455
+	    vma->vm_start > haddr || vma->vm_end < haddr + HPAGE_PMD_SIZE)
1456
+		return;
1457
+
1458
+	/*
1459
+	 * This vm_flags may not have VM_HUGEPAGE if the page was not
1460
+	 * collapsed by this mm. But we can still collapse if the page is
1461
+	 * the valid THP. Add extra VM_HUGEPAGE so hugepage_vma_check()
1462
+	 * will not fail the vma for missing VM_HUGEPAGE
1463
+	 */
1464
+	if (!hugepage_vma_check(vma, vma->vm_flags | VM_HUGEPAGE))
1465
+		return;
1466
+
1467
+	/*
1468
+	 * Symmetry with retract_page_tables(): Exclude MAP_PRIVATE mappings
1469
+	 * that got written to. Without this, we'd have to also lock the
1470
+	 * anon_vma if one exists.
1471
+	 */
1472
+	if (vma->anon_vma)
1473
+		return;
1474
+
1475
+	hpage = find_lock_page(vma->vm_file->f_mapping,
1476
+			       linear_page_index(vma, haddr));
1477
+	if (!hpage)
1478
+		return;
1479
+
1480
+	if (!PageHead(hpage))
1481
+		goto drop_hpage;
1482
+
1483
+	pmd = mm_find_pmd(mm, haddr);
1484
+	if (!pmd)
1485
+		goto drop_hpage;
1486
+
1487
+	vm_write_begin(vma);
1488
+
1489
+	/*
1490
+	 * We need to lock the mapping so that from here on, only GUP-fast and
1491
+	 * hardware page walks can access the parts of the page tables that
1492
+	 * we're operating on.
1493
+	 */
1494
+	i_mmap_lock_write(vma->vm_file->f_mapping);
1495
+
1496
+	/*
1497
+	 * This spinlock should be unnecessary: Nobody else should be accessing
1498
+	 * the page tables under spinlock protection here, only
1499
+	 * lockless_pages_from_mm() and the hardware page walker can access page
1500
+	 * tables while all the high-level locks are held in write mode.
1501
+	 */
1502
+	start_pte = pte_offset_map_lock(mm, pmd, haddr, &ptl);
1503
+
1504
+	/* step 1: check all mapped PTEs are to the right huge page */
1505
+	for (i = 0, addr = haddr, pte = start_pte;
1506
+	     i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1507
+		struct page *page;
1508
+
1509
+		/* empty pte, skip */
1510
+		if (pte_none(*pte))
1511
+			continue;
1512
+
1513
+		/* page swapped out, abort */
1514
+		if (!pte_present(*pte))
1515
+			goto abort;
1516
+
1517
+		page = vm_normal_page(vma, addr, *pte);
1518
+
1519
+		/*
1520
+		 * Note that uprobe, debugger, or MAP_PRIVATE may change the
1521
+		 * page table, but the new page will not be a subpage of hpage.
1522
+		 */
1523
+		if (hpage + i != page)
1524
+			goto abort;
1525
+		count++;
1526
+	}
1527
+
1528
+	/* step 2: adjust rmap */
1529
+	for (i = 0, addr = haddr, pte = start_pte;
1530
+	     i < HPAGE_PMD_NR; i++, addr += PAGE_SIZE, pte++) {
1531
+		struct page *page;
1532
+
1533
+		if (pte_none(*pte))
1534
+			continue;
1535
+		page = vm_normal_page(vma, addr, *pte);
1536
+		page_remove_rmap(page, false);
1537
+	}
1538
+
1539
+	pte_unmap_unlock(start_pte, ptl);
1540
+
1541
+	/* step 3: set proper refcount and mm_counters. */
1542
+	if (count) {
1543
+		page_ref_sub(hpage, count);
1544
+		add_mm_counter(vma->vm_mm, mm_counter_file(hpage), -count);
1545
+	}
1546
+
1547
+	/* step 4: collapse pmd */
1548
+	mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm, haddr,
1549
+				haddr + HPAGE_PMD_SIZE);
1550
+	mmu_notifier_invalidate_range_start(&range);
1551
+	_pmd = pmdp_collapse_flush(vma, haddr, pmd);
1552
+	vm_write_end(vma);
1553
+	mm_dec_nr_ptes(mm);
1554
+	tlb_remove_table_sync_one();
1555
+	mmu_notifier_invalidate_range_end(&range);
1556
+	pte_free(mm, pmd_pgtable(_pmd));
1557
+
1558
+	i_mmap_unlock_write(vma->vm_file->f_mapping);
1559
+
1560
+drop_hpage:
1561
+	unlock_page(hpage);
1562
+	put_page(hpage);
1563
+	return;
1564
+
1565
+abort:
1566
+	pte_unmap_unlock(start_pte, ptl);
1567
+	vm_write_end(vma);
1568
+	i_mmap_unlock_write(vma->vm_file->f_mapping);
1569
+	goto drop_hpage;
1570
+}
1571
+
1572
+static int khugepaged_collapse_pte_mapped_thps(struct mm_slot *mm_slot)
1573
+{
1574
+	struct mm_struct *mm = mm_slot->mm;
1575
+	int i;
1576
+
1577
+	if (likely(mm_slot->nr_pte_mapped_thp == 0))
1578
+		return 0;
1579
+
1580
+	if (!mmap_write_trylock(mm))
1581
+		return -EBUSY;
1582
+
1583
+	if (unlikely(khugepaged_test_exit(mm)))
1584
+		goto out;
1585
+
1586
+	for (i = 0; i < mm_slot->nr_pte_mapped_thp; i++)
1587
+		collapse_pte_mapped_thp(mm, mm_slot->pte_mapped_thp[i]);
1588
+
1589
+out:
1590
+	mm_slot->nr_pte_mapped_thp = 0;
1591
+	mmap_write_unlock(mm);
1592
+	return 0;
1593
+}
1594
+
1263
1595
 static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff)
1264
1596
 {
1265
1597
 	struct vm_area_struct *vma;
..
..
@@ -1269,7 +1601,23 @@
1269
1601
 
1270
1602
 	i_mmap_lock_write(mapping);
1271
1603
 	vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) {
1272
-		/* probably overkill */
1604
+		/*
1605
+		 * Check vma->anon_vma to exclude MAP_PRIVATE mappings that
1606
+		 * got written to. These VMAs are likely not worth investing
1607
+		 * mmap_write_lock(mm) as PMD-mapping is likely to be split
1608
+		 * later.
1609
+		 *
1610
+		 * Not that vma->anon_vma check is racy: it can be set up after
1611
+		 * the check but before we took mmap_lock by the fault path.
1612
+		 * But page lock would prevent establishing any new ptes of the
1613
+		 * page, so we are safe.
1614
+		 *
1615
+		 * An alternative would be drop the check, but check that page
1616
+		 * table is clear before calling pmdp_collapse_flush() under
1617
+		 * ptl. It has higher chance to recover THP for the VMA, but
1618
+		 * has higher cost too. It would also probably require locking
1619
+		 * the anon_vma.
1620
+		 */
1273
1621
 		if (vma->anon_vma)
1274
1622
 			continue;
1275
1623
 		addr = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
..
..
@@ -1282,57 +1630,71 @@
1282
1630
 		if (!pmd)
1283
1631
 			continue;
1284
1632
 		/*
1285
-		 * We need exclusive mmap_sem to retract page table.
1286
-		 * If trylock fails we would end up with pte-mapped THP after
1287
-		 * re-fault. Not ideal, but it's more important to not disturb
1288
-		 * the system too much.
1633
+		 * We need exclusive mmap_lock to retract page table.
1634
+		 *
1635
+		 * We use trylock due to lock inversion: we need to acquire
1636
+		 * mmap_lock while holding page lock. Fault path does it in
1637
+		 * reverse order. Trylock is a way to avoid deadlock.
1289
1638
 		 */
1290
-		if (down_write_trylock(&mm->mmap_sem)) {
1639
+		if (mmap_write_trylock(mm)) {
1291
1640
 			if (!khugepaged_test_exit(mm)) {
1292
-				spinlock_t *ptl = pmd_lock(mm, pmd);
1641
+				struct mmu_notifier_range range;
1642
+
1643
+				vm_write_begin(vma);
1644
+				mmu_notifier_range_init(&range,
1645
+							MMU_NOTIFY_CLEAR, 0,
1646
+							NULL, mm, addr,
1647
+							addr + HPAGE_PMD_SIZE);
1648
+				mmu_notifier_invalidate_range_start(&range);
1293
1649
 				/* assume page table is clear */
1294
1650
 				_pmd = pmdp_collapse_flush(vma, addr, pmd);
1295
-				spin_unlock(ptl);
1651
+				vm_write_end(vma);
1296
1652
 				mm_dec_nr_ptes(mm);
1653
+				tlb_remove_table_sync_one();
1297
1654
 				pte_free(mm, pmd_pgtable(_pmd));
1655
+				mmu_notifier_invalidate_range_end(&range);
1298
1656
 			}
1299
-			up_write(&mm->mmap_sem);
1657
+			mmap_write_unlock(mm);
1658
+		} else {
1659
+			/* Try again later */
1660
+			khugepaged_add_pte_mapped_thp(mm, addr);
1300
1661
 		}
1301
1662
 	}
1302
1663
 	i_mmap_unlock_write(mapping);
1303
1664
 }
1304
1665
 
1305
1666
 /**
1306
- * collapse_shmem - collapse small tmpfs/shmem pages into huge one.
1667
+ * collapse_file - collapse filemap/tmpfs/shmem pages into huge one.
1307
1668
  *
1308
1669
  * Basic scheme is simple, details are more complex:
1309
1670
  *  - allocate and lock a new huge page;
1310
- *  - scan over radix tree replacing old pages the new one
1311
- *    + swap in pages if necessary;
1671
+ *  - scan page cache replacing old pages with the new one
1672
+ *    + swap/gup in pages if necessary;
1312
1673
  *    + fill in gaps;
1313
- *    + keep old pages around in case if rollback is required;
1314
- *  - if replacing succeed:
1674
+ *    + keep old pages around in case rollback is required;
1675
+ *  - if replacing succeeds:
1315
1676
  *    + copy data over;
1316
1677
  *    + free old pages;
1317
1678
  *    + unlock huge page;
1318
1679
  *  - if replacing failed;
1319
1680
  *    + put all pages back and unfreeze them;
1320
- *    + restore gaps in the radix-tree;
1681
+ *    + restore gaps in the page cache;
1321
1682
  *    + unlock and free huge page;
1322
1683
  */
1323
-static void collapse_shmem(struct mm_struct *mm,
1324
-		struct address_space *mapping, pgoff_t start,
1684
+static void collapse_file(struct mm_struct *mm,
1685
+		struct file *file, pgoff_t start,
1325
1686
 		struct page **hpage, int node)
1326
1687
 {
1688
+	struct address_space *mapping = file->f_mapping;
1327
1689
 	gfp_t gfp;
1328
-	struct page *page, *new_page, *tmp;
1329
-	struct mem_cgroup *memcg;
1690
+	struct page *new_page;
1330
1691
 	pgoff_t index, end = start + HPAGE_PMD_NR;
1331
1692
 	LIST_HEAD(pagelist);
1332
-	struct radix_tree_iter iter;
1333
-	void **slot;
1693
+	XA_STATE_ORDER(xas, &mapping->i_pages, start, HPAGE_PMD_ORDER);
1334
1694
 	int nr_none = 0, result = SCAN_SUCCEED;
1695
+	bool is_shmem = shmem_file(file);
1335
1696
 
1697
+	VM_BUG_ON(!IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && !is_shmem);
1336
1698
 	VM_BUG_ON(start & (HPAGE_PMD_NR - 1));
1337
1699
 
1338
1700
 	/* Only allocate from the target node */
..
..
@@ -1344,13 +1706,28 @@
1344
1706
 		goto out;
1345
1707
 	}
1346
1708
 
1347
-	if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
1709
+	if (unlikely(mem_cgroup_charge(new_page, mm, gfp))) {
1348
1710
 		result = SCAN_CGROUP_CHARGE_FAIL;
1349
1711
 		goto out;
1350
1712
 	}
1713
+	count_memcg_page_event(new_page, THP_COLLAPSE_ALLOC);
1714
+
1715
+	/* This will be less messy when we use multi-index entries */
1716
+	do {
1717
+		xas_lock_irq(&xas);
1718
+		xas_create_range(&xas);
1719
+		if (!xas_error(&xas))
1720
+			break;
1721
+		xas_unlock_irq(&xas);
1722
+		if (!xas_nomem(&xas, GFP_KERNEL)) {
1723
+			result = SCAN_FAIL;
1724
+			goto out;
1725
+		}
1726
+	} while (1);
1351
1727
 
1352
1728
 	__SetPageLocked(new_page);
1353
-	__SetPageSwapBacked(new_page);
1729
+	if (is_shmem)
1730
+		__SetPageSwapBacked(new_page);
1354
1731
 	new_page->index = start;
1355
1732
 	new_page->mapping = mapping;
1356
1733
 
..
..
@@ -1360,55 +1737,91 @@
1360
1737
 	 * be able to map it or use it in another way until we unlock it.
1361
1738
 	 */
1362
1739
 
1363
-	index = start;
1364
-	xa_lock_irq(&mapping->i_pages);
1365
-	radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) {
1366
-		int n = min(iter.index, end) - index;
1740
+	xas_set(&xas, start);
1741
+	for (index = start; index < end; index++) {
1742
+		struct page *page = xas_next(&xas);
1367
1743
 
1368
-		/*
1369
-		 * Stop if extent has been hole-punched, and is now completely
1370
-		 * empty (the more obvious i_size_read() check would take an
1371
-		 * irq-unsafe seqlock on 32-bit).
1372
-		 */
1373
-		if (n >= HPAGE_PMD_NR) {
1374
-			result = SCAN_TRUNCATED;
1375
-			goto tree_locked;
1376
-		}
1377
-
1378
-		/*
1379
-		 * Handle holes in the radix tree: charge it from shmem and
1380
-		 * insert relevant subpage of new_page into the radix-tree.
1381
-		 */
1382
-		if (n && !shmem_charge(mapping->host, n)) {
1383
-			result = SCAN_FAIL;
1384
-			goto tree_locked;
1385
-		}
1386
-		for (; index < min(iter.index, end); index++) {
1387
-			radix_tree_insert(&mapping->i_pages, index,
1388
-					new_page + (index % HPAGE_PMD_NR));
1389
-		}
1390
-		nr_none += n;
1391
-
1392
-		/* We are done. */
1393
-		if (index >= end)
1394
-			break;
1395
-
1396
-		page = radix_tree_deref_slot_protected(slot,
1397
-				&mapping->i_pages.xa_lock);
1398
-		if (radix_tree_exceptional_entry(page) || !PageUptodate(page)) {
1399
-			xa_unlock_irq(&mapping->i_pages);
1400
-			/* swap in or instantiate fallocated page */
1401
-			if (shmem_getpage(mapping->host, index, &page,
1402
-						SGP_NOHUGE)) {
1403
-				result = SCAN_FAIL;
1404
-				goto tree_unlocked;
1744
+		VM_BUG_ON(index != xas.xa_index);
1745
+		if (is_shmem) {
1746
+			if (!page) {
1747
+				/*
1748
+				 * Stop if extent has been truncated or
1749
+				 * hole-punched, and is now completely
1750
+				 * empty.
1751
+				 */
1752
+				if (index == start) {
1753
+					if (!xas_next_entry(&xas, end - 1)) {
1754
+						result = SCAN_TRUNCATED;
1755
+						goto xa_locked;
1756
+					}
1757
+					xas_set(&xas, index);
1758
+				}
1759
+				if (!shmem_charge(mapping->host, 1)) {
1760
+					result = SCAN_FAIL;
1761
+					goto xa_locked;
1762
+				}
1763
+				xas_store(&xas, new_page);
1764
+				nr_none++;
1765
+				continue;
1405
1766
 			}
1406
-		} else if (trylock_page(page)) {
1407
-			get_page(page);
1408
-			xa_unlock_irq(&mapping->i_pages);
1409
-		} else {
1410
-			result = SCAN_PAGE_LOCK;
1411
-			goto tree_locked;
1767
+
1768
+			if (xa_is_value(page) || !PageUptodate(page)) {
1769
+				xas_unlock_irq(&xas);
1770
+				/* swap in or instantiate fallocated page */
1771
+				if (shmem_getpage(mapping->host, index, &page,
1772
+						  SGP_NOHUGE)) {
1773
+					result = SCAN_FAIL;
1774
+					goto xa_unlocked;
1775
+				}
1776
+			} else if (trylock_page(page)) {
1777
+				get_page(page);
1778
+				xas_unlock_irq(&xas);
1779
+			} else {
1780
+				result = SCAN_PAGE_LOCK;
1781
+				goto xa_locked;
1782
+			}
1783
+		} else {	/* !is_shmem */
1784
+			if (!page || xa_is_value(page)) {
1785
+				xas_unlock_irq(&xas);
1786
+				page_cache_sync_readahead(mapping, &file->f_ra,
1787
+							  file, index,
1788
+							  end - index);
1789
+				/* drain pagevecs to help isolate_lru_page() */
1790
+				lru_add_drain();
1791
+				page = find_lock_page(mapping, index);
1792
+				if (unlikely(page == NULL)) {
1793
+					result = SCAN_FAIL;
1794
+					goto xa_unlocked;
1795
+				}
1796
+			} else if (PageDirty(page)) {
1797
+				/*
1798
+				 * khugepaged only works on read-only fd,
1799
+				 * so this page is dirty because it hasn't
1800
+				 * been flushed since first write. There
1801
+				 * won't be new dirty pages.
1802
+				 *
1803
+				 * Trigger async flush here and hope the
1804
+				 * writeback is done when khugepaged
1805
+				 * revisits this page.
1806
+				 *
1807
+				 * This is a one-off situation. We are not
1808
+				 * forcing writeback in loop.
1809
+				 */
1810
+				xas_unlock_irq(&xas);
1811
+				filemap_flush(mapping);
1812
+				result = SCAN_FAIL;
1813
+				goto xa_unlocked;
1814
+			} else if (PageWriteback(page)) {
1815
+				xas_unlock_irq(&xas);
1816
+				result = SCAN_FAIL;
1817
+				goto xa_unlocked;
1818
+			} else if (trylock_page(page)) {
1819
+				get_page(page);
1820
+				xas_unlock_irq(&xas);
1821
+			} else {
1822
+				result = SCAN_PAGE_LOCK;
1823
+				goto xa_locked;
1824
+			}
1412
1825
 		}
1413
1826
 
1414
1827
 		/*
..
..
@@ -1416,7 +1829,12 @@
1416
1829
 		 * without racing with truncate.
1417
1830
 		 */
1418
1831
 		VM_BUG_ON_PAGE(!PageLocked(page), page);
1419
-		VM_BUG_ON_PAGE(!PageUptodate(page), page);
1832
+
1833
+		/* make sure the page is up to date */
1834
+		if (unlikely(!PageUptodate(page))) {
1835
+			result = SCAN_FAIL;
1836
+			goto out_unlock;
1837
+		}
1420
1838
 
1421
1839
 		/*
1422
1840
 		 * If file was truncated then extended, or hole-punched, before
..
..
@@ -1432,30 +1850,47 @@
1432
1850
 			goto out_unlock;
1433
1851
 		}
1434
1852
 
1853
+		if (!is_shmem && (PageDirty(page) ||
1854
+				  PageWriteback(page))) {
1855
+			/*
1856
+			 * khugepaged only works on read-only fd, so this
1857
+			 * page is dirty because it hasn't been flushed
1858
+			 * since first write.
1859
+			 */
1860
+			result = SCAN_FAIL;
1861
+			goto out_unlock;
1862
+		}
1863
+
1435
1864
 		if (isolate_lru_page(page)) {
1436
1865
 			result = SCAN_DEL_PAGE_LRU;
1866
+			goto out_unlock;
1867
+		}
1868
+
1869
+		if (page_has_private(page) &&
1870
+		    !try_to_release_page(page, GFP_KERNEL)) {
1871
+			result = SCAN_PAGE_HAS_PRIVATE;
1872
+			putback_lru_page(page);
1437
1873
 			goto out_unlock;
1438
1874
 		}
1439
1875
 
1440
1876
 		if (page_mapped(page))
1441
1877
 			unmap_mapping_pages(mapping, index, 1, false);
1442
1878
 
1443
-		xa_lock_irq(&mapping->i_pages);
1879
+		xas_lock_irq(&xas);
1880
+		xas_set(&xas, index);
1444
1881
 
1445
-		slot = radix_tree_lookup_slot(&mapping->i_pages, index);
1446
-		VM_BUG_ON_PAGE(page != radix_tree_deref_slot_protected(slot,
1447
-					&mapping->i_pages.xa_lock), page);
1882
+		VM_BUG_ON_PAGE(page != xas_load(&xas), page);
1448
1883
 		VM_BUG_ON_PAGE(page_mapped(page), page);
1449
1884
 
1450
1885
 		/*
1451
1886
 		 * The page is expected to have page_count() == 3:
1452
1887
 		 *  - we hold a pin on it;
1453
-		 *  - one reference from radix tree;
1888
+		 *  - one reference from page cache;
1454
1889
 		 *  - one from isolate_lru_page;
1455
1890
 		 */
1456
1891
 		if (!page_ref_freeze(page, 3)) {
1457
1892
 			result = SCAN_PAGE_COUNT;
1458
-			xa_unlock_irq(&mapping->i_pages);
1893
+			xas_unlock_irq(&xas);
1459
1894
 			putback_lru_page(page);
1460
1895
 			goto out_unlock;
1461
1896
 		}
..
..
@@ -1467,58 +1902,50 @@
1467
1902
 		list_add_tail(&page->lru, &pagelist);
1468
1903
 
1469
1904
 		/* Finally, replace with the new page. */
1470
-		radix_tree_replace_slot(&mapping->i_pages, slot,
1471
-				new_page + (index % HPAGE_PMD_NR));
1472
-
1473
-		slot = radix_tree_iter_resume(slot, &iter);
1474
-		index++;
1905
+		xas_store(&xas, new_page);
1475
1906
 		continue;
1476
1907
 out_unlock:
1477
1908
 		unlock_page(page);
1478
1909
 		put_page(page);
1479
-		goto tree_unlocked;
1910
+		goto xa_unlocked;
1480
1911
 	}
1481
1912
 
1482
-	/*
1483
-	 * Handle hole in radix tree at the end of the range.
1484
-	 * This code only triggers if there's nothing in radix tree
1485
-	 * beyond 'end'.
1486
-	 */
1487
-	if (index < end) {
1488
-		int n = end - index;
1489
-
1490
-		/* Stop if extent has been truncated, and is now empty */
1491
-		if (n >= HPAGE_PMD_NR) {
1492
-			result = SCAN_TRUNCATED;
1493
-			goto tree_locked;
1494
-		}
1495
-		if (!shmem_charge(mapping->host, n)) {
1913
+	if (is_shmem)
1914
+		__inc_node_page_state(new_page, NR_SHMEM_THPS);
1915
+	else {
1916
+		__inc_node_page_state(new_page, NR_FILE_THPS);
1917
+		filemap_nr_thps_inc(mapping);
1918
+		/*
1919
+		 * Paired with smp_mb() in do_dentry_open() to ensure
1920
+		 * i_writecount is up to date and the update to nr_thps is
1921
+		 * visible. Ensures the page cache will be truncated if the
1922
+		 * file is opened writable.
1923
+		*/
1924
+		smp_mb();
1925
+		if (inode_is_open_for_write(mapping->host)) {
1496
1926
 			result = SCAN_FAIL;
1497
-			goto tree_locked;
1927
+			__dec_node_page_state(new_page, NR_FILE_THPS);
1928
+			filemap_nr_thps_dec(mapping);
1929
+			goto xa_locked;
1498
1930
 		}
1499
-		for (; index < end; index++) {
1500
-			radix_tree_insert(&mapping->i_pages, index,
1501
-					new_page + (index % HPAGE_PMD_NR));
1502
-		}
1503
-		nr_none += n;
1504
1931
 	}
1505
1932
 
1506
-	__inc_node_page_state(new_page, NR_SHMEM_THPS);
1507
1933
 	if (nr_none) {
1508
-		struct zone *zone = page_zone(new_page);
1509
-
1510
-		__mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none);
1511
-		__mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none);
1934
+		__mod_lruvec_page_state(new_page, NR_FILE_PAGES, nr_none);
1935
+		if (is_shmem)
1936
+			__mod_lruvec_page_state(new_page, NR_SHMEM, nr_none);
1512
1937
 	}
1513
1938
 
1514
-tree_locked:
1515
-	xa_unlock_irq(&mapping->i_pages);
1516
-tree_unlocked:
1939
+xa_locked:
1940
+	xas_unlock_irq(&xas);
1941
+xa_unlocked:
1517
1942
 
1518
1943
 	if (result == SCAN_SUCCEED) {
1944
+		struct page *page, *tmp;
1945
+
1519
1946
 		/*
1520
-		 * Replacing old pages with new one has succeed, now we need to
1521
-		 * copy the content and free old pages.
1947
+		 * Replacing old pages with new one has succeeded, now we
1948
+		 * need to copy the content and free the old pages.
1522
1949
 		 */
1523
1950
 		index = start;
1524
1951
 		list_for_each_entry_safe(page, tmp, &pagelist, lru) {
..
..
@@ -1544,9 +1971,9 @@
1544
1971
 
1545
1972
 		SetPageUptodate(new_page);
1546
1973
 		page_ref_add(new_page, HPAGE_PMD_NR - 1);
1547
-		set_page_dirty(new_page);
1548
-		mem_cgroup_commit_charge(new_page, memcg, false, true);
1549
-		lru_cache_add_anon(new_page);
1974
+		if (is_shmem)
1975
+			set_page_dirty(new_page);
1976
+		lru_cache_add(new_page);
1550
1977
 
1551
1978
 		/*
1552
1979
 		 * Remove pte page tables, so we can re-fault the page as huge.
..
..
@@ -1556,57 +1983,60 @@
1556
1983
 
1557
1984
 		khugepaged_pages_collapsed++;
1558
1985
 	} else {
1559
-		/* Something went wrong: rollback changes to the radix-tree */
1560
-		xa_lock_irq(&mapping->i_pages);
1561
-		mapping->nrpages -= nr_none;
1562
-		shmem_uncharge(mapping->host, nr_none);
1986
+		struct page *page;
1563
1987
 
1564
-		radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) {
1565
-			if (iter.index >= end)
1566
-				break;
1988
+		/* Something went wrong: roll back page cache changes */
1989
+		xas_lock_irq(&xas);
1990
+		mapping->nrpages -= nr_none;
1991
+
1992
+		if (is_shmem)
1993
+			shmem_uncharge(mapping->host, nr_none);
1994
+
1995
+		xas_set(&xas, start);
1996
+		xas_for_each(&xas, page, end - 1) {
1567
1997
 			page = list_first_entry_or_null(&pagelist,
1568
1998
 					struct page, lru);
1569
-			if (!page || iter.index < page->index) {
1999
+			if (!page || xas.xa_index < page->index) {
1570
2000
 				if (!nr_none)
1571
2001
 					break;
1572
2002
 				nr_none--;
1573
2003
 				/* Put holes back where they were */
1574
-				radix_tree_delete(&mapping->i_pages, iter.index);
2004
+				xas_store(&xas, NULL);
1575
2005
 				continue;
1576
2006
 			}
1577
2007
 
1578
-			VM_BUG_ON_PAGE(page->index != iter.index, page);
2008
+			VM_BUG_ON_PAGE(page->index != xas.xa_index, page);
1579
2009
 
1580
2010
 			/* Unfreeze the page. */
1581
2011
 			list_del(&page->lru);
1582
2012
 			page_ref_unfreeze(page, 2);
1583
-			radix_tree_replace_slot(&mapping->i_pages, slot, page);
1584
-			slot = radix_tree_iter_resume(slot, &iter);
1585
-			xa_unlock_irq(&mapping->i_pages);
2013
+			xas_store(&xas, page);
2014
+			xas_pause(&xas);
2015
+			xas_unlock_irq(&xas);
1586
2016
 			unlock_page(page);
1587
2017
 			putback_lru_page(page);
1588
-			xa_lock_irq(&mapping->i_pages);
2018
+			xas_lock_irq(&xas);
1589
2019
 		}
1590
2020
 		VM_BUG_ON(nr_none);
1591
-		xa_unlock_irq(&mapping->i_pages);
2021
+		xas_unlock_irq(&xas);
1592
2022
 
1593
-		mem_cgroup_cancel_charge(new_page, memcg, true);
1594
2023
 		new_page->mapping = NULL;
1595
2024
 	}
1596
2025
 
1597
2026
 	unlock_page(new_page);
1598
2027
 out:
1599
2028
 	VM_BUG_ON(!list_empty(&pagelist));
2029
+	if (!IS_ERR_OR_NULL(*hpage))
2030
+		mem_cgroup_uncharge(*hpage);
1600
2031
 	/* TODO: tracepoints */
1601
2032
 }
1602
2033
 
1603
-static void khugepaged_scan_shmem(struct mm_struct *mm,
1604
-		struct address_space *mapping,
1605
-		pgoff_t start, struct page **hpage)
2034
+static void khugepaged_scan_file(struct mm_struct *mm,
2035
+		struct file *file, pgoff_t start, struct page **hpage)
1606
2036
 {
1607
2037
 	struct page *page = NULL;
1608
-	struct radix_tree_iter iter;
1609
-	void **slot;
2038
+	struct address_space *mapping = file->f_mapping;
2039
+	XA_STATE(xas, &mapping->i_pages, start);
1610
2040
 	int present, swap;
1611
2041
 	int node = NUMA_NO_NODE;
1612
2042
 	int result = SCAN_SUCCEED;
..
..
@@ -1615,17 +2045,11 @@
1615
2045
 	swap = 0;
1616
2046
 	memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
1617
2047
 	rcu_read_lock();
1618
-	radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) {
1619
-		if (iter.index >= start + HPAGE_PMD_NR)
1620
-			break;
1621
-
1622
-		page = radix_tree_deref_slot(slot);
1623
-		if (radix_tree_deref_retry(page)) {
1624
-			slot = radix_tree_iter_retry(&iter);
2048
+	xas_for_each(&xas, page, start + HPAGE_PMD_NR - 1) {
2049
+		if (xas_retry(&xas, page))
1625
2050
 			continue;
1626
-		}
1627
2051
 
1628
-		if (radix_tree_exception(page)) {
2052
+		if (xa_is_value(page)) {
1629
2053
 			if (++swap > khugepaged_max_ptes_swap) {
1630
2054
 				result = SCAN_EXCEED_SWAP_PTE;
1631
2055
 				break;
..
..
@@ -1650,7 +2074,8 @@
1650
2074
 			break;
1651
2075
 		}
1652
2076
 
1653
-		if (page_count(page) != 1 + page_mapcount(page)) {
2077
+		if (page_count(page) !=
2078
+		    1 + page_mapcount(page) + page_has_private(page)) {
1654
2079
 			result = SCAN_PAGE_COUNT;
1655
2080
 			break;
1656
2081
 		}
..
..
@@ -1664,7 +2089,7 @@
1664
2089
 		present++;
1665
2090
 
1666
2091
 		if (need_resched()) {
1667
-			slot = radix_tree_iter_resume(slot, &iter);
2092
+			xas_pause(&xas);
1668
2093
 			cond_resched_rcu();
1669
2094
 		}
1670
2095
 	}
..
..
@@ -1675,18 +2100,22 @@
1675
2100
 			result = SCAN_EXCEED_NONE_PTE;
1676
2101
 		} else {
1677
2102
 			node = khugepaged_find_target_node();
1678
-			collapse_shmem(mm, mapping, start, hpage, node);
2103
+			collapse_file(mm, file, start, hpage, node);
1679
2104
 		}
1680
2105
 	}
1681
2106
 
1682
2107
 	/* TODO: tracepoints */
1683
2108
 }
1684
2109
 #else
1685
-static void khugepaged_scan_shmem(struct mm_struct *mm,
1686
-		struct address_space *mapping,
1687
-		pgoff_t start, struct page **hpage)
2110
+static void khugepaged_scan_file(struct mm_struct *mm,
2111
+		struct file *file, pgoff_t start, struct page **hpage)
1688
2112
 {
1689
2113
 	BUILD_BUG();
2114
+}
2115
+
2116
+static int khugepaged_collapse_pte_mapped_thps(struct mm_slot *mm_slot)
2117
+{
2118
+	return 0;
1690
2119
 }
1691
2120
 #endif
1692
2121
 
..
..
@@ -1701,7 +2130,7 @@
1701
2130
 	int progress = 0;
1702
2131
 
1703
2132
 	VM_BUG_ON(!pages);
1704
-	VM_BUG_ON(NR_CPUS != 1 && !spin_is_locked(&khugepaged_mm_lock));
2133
+	lockdep_assert_held(&khugepaged_mm_lock);
1705
2134
 
1706
2135
 	if (khugepaged_scan.mm_slot)
1707
2136
 		mm_slot = khugepaged_scan.mm_slot;
..
..
@@ -1712,6 +2141,7 @@
1712
2141
 		khugepaged_scan.mm_slot = mm_slot;
1713
2142
 	}
1714
2143
 	spin_unlock(&khugepaged_mm_lock);
2144
+	khugepaged_collapse_pte_mapped_thps(mm_slot);
1715
2145
 
1716
2146
 	mm = mm_slot->mm;
1717
2147
 	/*
..
..
@@ -1719,8 +2149,8 @@
1719
2149
 	 * the next mm on the list.
1720
2150
 	 */
1721
2151
 	vma = NULL;
1722
-	if (unlikely(!down_read_trylock(&mm->mmap_sem)))
1723
-		goto breakouterloop_mmap_sem;
2152
+	if (unlikely(!mmap_read_trylock(mm)))
2153
+		goto breakouterloop_mmap_lock;
1724
2154
 	if (likely(!khugepaged_test_exit(mm)))
1725
2155
 		vma = find_vma(mm, khugepaged_scan.address);
1726
2156
 
..
..
@@ -1747,6 +2177,8 @@
1747
2177
 		if (khugepaged_scan.address < hstart)
1748
2178
 			khugepaged_scan.address = hstart;
1749
2179
 		VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK);
2180
+		if (shmem_file(vma->vm_file) && !shmem_huge_enabled(vma))
2181
+			goto skip;
1750
2182
 
1751
2183
 		while (khugepaged_scan.address < hend) {
1752
2184
 			int ret;
..
..
@@ -1757,17 +2189,14 @@
1757
2189
 			VM_BUG_ON(khugepaged_scan.address < hstart ||
1758
2190
 				  khugepaged_scan.address + HPAGE_PMD_SIZE >
1759
2191
 				  hend);
1760
-			if (shmem_file(vma->vm_file)) {
1761
-				struct file *file;
2192
+			if (IS_ENABLED(CONFIG_SHMEM) && vma->vm_file) {
2193
+				struct file *file = get_file(vma->vm_file);
1762
2194
 				pgoff_t pgoff = linear_page_index(vma,
1763
2195
 						khugepaged_scan.address);
1764
-				if (!shmem_huge_enabled(vma))
1765
-					goto skip;
1766
-				file = get_file(vma->vm_file);
1767
-				up_read(&mm->mmap_sem);
2196
+
2197
+				mmap_read_unlock(mm);
1768
2198
 				ret = 1;
1769
-				khugepaged_scan_shmem(mm, file->f_mapping,
1770
-						pgoff, hpage);
2199
+				khugepaged_scan_file(mm, file, pgoff, hpage);
1771
2200
 				fput(file);
1772
2201
 			} else {
1773
2202
 				ret = khugepaged_scan_pmd(mm, vma,
..
..
@@ -1778,15 +2207,15 @@
1778
2207
 			khugepaged_scan.address += HPAGE_PMD_SIZE;
1779
2208
 			progress += HPAGE_PMD_NR;
1780
2209
 			if (ret)
1781
-				/* we released mmap_sem so break loop */
1782
-				goto breakouterloop_mmap_sem;
2210
+				/* we released mmap_lock so break loop */
2211
+				goto breakouterloop_mmap_lock;
1783
2212
 			if (progress >= pages)
1784
2213
 				goto breakouterloop;
1785
2214
 		}
1786
2215
 	}
1787
2216
 breakouterloop:
1788
-	up_read(&mm->mmap_sem); /* exit_mmap will destroy ptes after this */
1789
-breakouterloop_mmap_sem:
2217
+	mmap_read_unlock(mm); /* exit_mmap will destroy ptes after this */
2218
+breakouterloop_mmap_lock:
1790
2219
 
1791
2220
 	spin_lock(&khugepaged_mm_lock);
1792
2221
 	VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot);
..
..
@@ -1837,6 +2266,8 @@
1837
2266
 
1838
2267
 	barrier(); /* write khugepaged_pages_to_scan to local stack */
1839
2268
 
2269
+	lru_add_drain_all();
2270
+
1840
2271
 	while (progress < pages) {
1841
2272
 		if (!khugepaged_prealloc_page(&hpage, &wait))
1842
2273
 			break;