1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 1993 Linus Torvalds
6 * Support of BIGMEM added by Gerhard Wichert, Siemens AG, July 1999
7 * SMP-safe vmalloc/vfree/ioremap, Tigran Aivazian <tigran@veritas.com>, May 2000
8 * Major rework to support vmap/vunmap, Christoph Hellwig, SGI, August 2002
9 * Numa awareness, Christoph Lameter, SGI, June 2005
12 #include <linux/vmalloc.h>
14 #include <linux/module.h>
15 #include <linux/highmem.h>
16 #include <linux/sched/signal.h>
17 #include <linux/slab.h>
18 #include <linux/spinlock.h>
19 #include <linux/interrupt.h>
20 #include <linux/proc_fs.h>
21 #include <linux/seq_file.h>
22 #include <linux/set_memory.h>
23 #include <linux/debugobjects.h>
24 #include <linux/kallsyms.h>
25 #include <linux/list.h>
26 #include <linux/notifier.h>
27 #include <linux/rbtree.h>
28 #include <linux/radix-tree.h>
29 #include <linux/rcupdate.h>
30 #include <linux/pfn.h>
31 #include <linux/kmemleak.h>
32 #include <linux/atomic.h>
33 #include <linux/compiler.h>
34 #include <linux/llist.h>
35 #include <linux/bitops.h>
36 #include <linux/rbtree_augmented.h>
37 #include <linux/overflow.h>
39 #include <linux/uaccess.h>
40 #include <asm/tlbflush.h>
41 #include <asm/shmparam.h>
45 struct vfree_deferred {
46 struct llist_head list;
47 struct work_struct wq;
49 static DEFINE_PER_CPU(struct vfree_deferred, vfree_deferred);
51 static void __vunmap(const void *, int);
53 static void free_work(struct work_struct *w)
55 struct vfree_deferred *p = container_of(w, struct vfree_deferred, wq);
56 struct llist_node *t, *llnode;
58 llist_for_each_safe(llnode, t, llist_del_all(&p->list))
59 __vunmap((void *)llnode, 1);
62 /*** Page table manipulation functions ***/
64 static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
68 pte = pte_offset_kernel(pmd, addr);
70 pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
71 WARN_ON(!pte_none(ptent) && !pte_present(ptent));
72 } while (pte++, addr += PAGE_SIZE, addr != end);
75 static void vunmap_pmd_range(pud_t *pud, unsigned long addr, unsigned long end)
80 pmd = pmd_offset(pud, addr);
82 next = pmd_addr_end(addr, end);
83 if (pmd_clear_huge(pmd))
85 if (pmd_none_or_clear_bad(pmd))
87 vunmap_pte_range(pmd, addr, next);
90 } while (pmd++, addr = next, addr != end);
93 static void vunmap_pud_range(p4d_t *p4d, unsigned long addr, unsigned long end)
98 pud = pud_offset(p4d, addr);
100 next = pud_addr_end(addr, end);
101 if (pud_clear_huge(pud))
103 if (pud_none_or_clear_bad(pud))
105 vunmap_pmd_range(pud, addr, next);
106 } while (pud++, addr = next, addr != end);
109 static void vunmap_p4d_range(pgd_t *pgd, unsigned long addr, unsigned long end)
114 p4d = p4d_offset(pgd, addr);
116 next = p4d_addr_end(addr, end);
117 if (p4d_clear_huge(p4d))
119 if (p4d_none_or_clear_bad(p4d))
121 vunmap_pud_range(p4d, addr, next);
122 } while (p4d++, addr = next, addr != end);
125 static void vunmap_page_range(unsigned long addr, unsigned long end)
131 pgd = pgd_offset_k(addr);
133 next = pgd_addr_end(addr, end);
134 if (pgd_none_or_clear_bad(pgd))
136 vunmap_p4d_range(pgd, addr, next);
137 } while (pgd++, addr = next, addr != end);
140 static int vmap_pte_range(pmd_t *pmd, unsigned long addr,
141 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
146 * nr is a running index into the array which helps higher level
147 * callers keep track of where we're up to.
150 pte = pte_alloc_kernel(pmd, addr);
154 struct page *page = pages[*nr];
156 if (WARN_ON(!pte_none(*pte)))
160 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
162 } while (pte++, addr += PAGE_SIZE, addr != end);
166 static int vmap_pmd_range(pud_t *pud, unsigned long addr,
167 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
172 pmd = pmd_alloc(&init_mm, pud, addr);
176 next = pmd_addr_end(addr, end);
177 if (vmap_pte_range(pmd, addr, next, prot, pages, nr))
179 } while (pmd++, addr = next, addr != end);
183 static int vmap_pud_range(p4d_t *p4d, unsigned long addr,
184 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
189 pud = pud_alloc(&init_mm, p4d, addr);
193 next = pud_addr_end(addr, end);
194 if (vmap_pmd_range(pud, addr, next, prot, pages, nr))
196 } while (pud++, addr = next, addr != end);
200 static int vmap_p4d_range(pgd_t *pgd, unsigned long addr,
201 unsigned long end, pgprot_t prot, struct page **pages, int *nr)
206 p4d = p4d_alloc(&init_mm, pgd, addr);
210 next = p4d_addr_end(addr, end);
211 if (vmap_pud_range(p4d, addr, next, prot, pages, nr))
213 } while (p4d++, addr = next, addr != end);
218 * Set up page tables in kva (addr, end). The ptes shall have prot "prot", and
219 * will have pfns corresponding to the "pages" array.
221 * Ie. pte at addr+N*PAGE_SIZE shall point to pfn corresponding to pages[N]
223 static int vmap_page_range_noflush(unsigned long start, unsigned long end,
224 pgprot_t prot, struct page **pages)
228 unsigned long addr = start;
233 pgd = pgd_offset_k(addr);
235 next = pgd_addr_end(addr, end);
236 err = vmap_p4d_range(pgd, addr, next, prot, pages, &nr);
239 } while (pgd++, addr = next, addr != end);
244 static int vmap_page_range(unsigned long start, unsigned long end,
245 pgprot_t prot, struct page **pages)
249 ret = vmap_page_range_noflush(start, end, prot, pages);
250 flush_cache_vmap(start, end);
254 int is_vmalloc_or_module_addr(const void *x)
257 * ARM, x86-64 and sparc64 put modules in a special place,
258 * and fall back on vmalloc() if that fails. Others
259 * just put it in the vmalloc space.
261 #if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
262 unsigned long addr = (unsigned long)x;
263 if (addr >= MODULES_VADDR && addr < MODULES_END)
266 return is_vmalloc_addr(x);
270 * Walk a vmap address to the struct page it maps.
272 struct page *vmalloc_to_page(const void *vmalloc_addr)
274 unsigned long addr = (unsigned long) vmalloc_addr;
275 struct page *page = NULL;
276 pgd_t *pgd = pgd_offset_k(addr);
283 * XXX we might need to change this if we add VIRTUAL_BUG_ON for
284 * architectures that do not vmalloc module space
286 VIRTUAL_BUG_ON(!is_vmalloc_or_module_addr(vmalloc_addr));
290 p4d = p4d_offset(pgd, addr);
293 pud = pud_offset(p4d, addr);
296 * Don't dereference bad PUD or PMD (below) entries. This will also
297 * identify huge mappings, which we may encounter on architectures
298 * that define CONFIG_HAVE_ARCH_HUGE_VMAP=y. Such regions will be
299 * identified as vmalloc addresses by is_vmalloc_addr(), but are
300 * not [unambiguously] associated with a struct page, so there is
301 * no correct value to return for them.
303 WARN_ON_ONCE(pud_bad(*pud));
304 if (pud_none(*pud) || pud_bad(*pud))
306 pmd = pmd_offset(pud, addr);
307 WARN_ON_ONCE(pmd_bad(*pmd));
308 if (pmd_none(*pmd) || pmd_bad(*pmd))
311 ptep = pte_offset_map(pmd, addr);
313 if (pte_present(pte))
314 page = pte_page(pte);
318 EXPORT_SYMBOL(vmalloc_to_page);
321 * Map a vmalloc()-space virtual address to the physical page frame number.
323 unsigned long vmalloc_to_pfn(const void *vmalloc_addr)
325 return page_to_pfn(vmalloc_to_page(vmalloc_addr));
327 EXPORT_SYMBOL(vmalloc_to_pfn);
330 /*** Global kva allocator ***/
332 #define DEBUG_AUGMENT_PROPAGATE_CHECK 0
333 #define DEBUG_AUGMENT_LOWEST_MATCH_CHECK 0
336 static DEFINE_SPINLOCK(vmap_area_lock);
337 /* Export for kexec only */
338 LIST_HEAD(vmap_area_list);
339 static LLIST_HEAD(vmap_purge_list);
340 static struct rb_root vmap_area_root = RB_ROOT;
341 static bool vmap_initialized __read_mostly;
344 * This kmem_cache is used for vmap_area objects. Instead of
345 * allocating from slab we reuse an object from this cache to
346 * make things faster. Especially in "no edge" splitting of
349 static struct kmem_cache *vmap_area_cachep;
352 * This linked list is used in pair with free_vmap_area_root.
353 * It gives O(1) access to prev/next to perform fast coalescing.
355 static LIST_HEAD(free_vmap_area_list);
358 * This augment red-black tree represents the free vmap space.
359 * All vmap_area objects in this tree are sorted by va->va_start
360 * address. It is used for allocation and merging when a vmap
361 * object is released.
363 * Each vmap_area node contains a maximum available free block
364 * of its sub-tree, right or left. Therefore it is possible to
365 * find a lowest match of free area.
367 static struct rb_root free_vmap_area_root = RB_ROOT;
370 * Preload a CPU with one object for "no edge" split case. The
371 * aim is to get rid of allocations from the atomic context, thus
372 * to use more permissive allocation masks.
374 static DEFINE_PER_CPU(struct vmap_area *, ne_fit_preload_node);
376 static __always_inline unsigned long
377 va_size(struct vmap_area *va)
379 return (va->va_end - va->va_start);
382 static __always_inline unsigned long
383 get_subtree_max_size(struct rb_node *node)
385 struct vmap_area *va;
387 va = rb_entry_safe(node, struct vmap_area, rb_node);
388 return va ? va->subtree_max_size : 0;
392 * Gets called when remove the node and rotate.
394 static __always_inline unsigned long
395 compute_subtree_max_size(struct vmap_area *va)
397 return max3(va_size(va),
398 get_subtree_max_size(va->rb_node.rb_left),
399 get_subtree_max_size(va->rb_node.rb_right));
402 RB_DECLARE_CALLBACKS_MAX(static, free_vmap_area_rb_augment_cb,
403 struct vmap_area, rb_node, unsigned long, subtree_max_size, va_size)
405 static void purge_vmap_area_lazy(void);
406 static BLOCKING_NOTIFIER_HEAD(vmap_notify_list);
407 static unsigned long lazy_max_pages(void);
409 static atomic_long_t nr_vmalloc_pages;
411 unsigned long vmalloc_nr_pages(void)
413 return atomic_long_read(&nr_vmalloc_pages);
416 static struct vmap_area *__find_vmap_area(unsigned long addr)
418 struct rb_node *n = vmap_area_root.rb_node;
421 struct vmap_area *va;
423 va = rb_entry(n, struct vmap_area, rb_node);
424 if (addr < va->va_start)
426 else if (addr >= va->va_end)
436 * This function returns back addresses of parent node
437 * and its left or right link for further processing.
439 static __always_inline struct rb_node **
440 find_va_links(struct vmap_area *va,
441 struct rb_root *root, struct rb_node *from,
442 struct rb_node **parent)
444 struct vmap_area *tmp_va;
445 struct rb_node **link;
448 link = &root->rb_node;
449 if (unlikely(!*link)) {
458 * Go to the bottom of the tree. When we hit the last point
459 * we end up with parent rb_node and correct direction, i name
460 * it link, where the new va->rb_node will be attached to.
463 tmp_va = rb_entry(*link, struct vmap_area, rb_node);
466 * During the traversal we also do some sanity check.
467 * Trigger the BUG() if there are sides(left/right)
470 if (va->va_start < tmp_va->va_end &&
471 va->va_end <= tmp_va->va_start)
472 link = &(*link)->rb_left;
473 else if (va->va_end > tmp_va->va_start &&
474 va->va_start >= tmp_va->va_end)
475 link = &(*link)->rb_right;
480 *parent = &tmp_va->rb_node;
484 static __always_inline struct list_head *
485 get_va_next_sibling(struct rb_node *parent, struct rb_node **link)
487 struct list_head *list;
489 if (unlikely(!parent))
491 * The red-black tree where we try to find VA neighbors
492 * before merging or inserting is empty, i.e. it means
493 * there is no free vmap space. Normally it does not
494 * happen but we handle this case anyway.
498 list = &rb_entry(parent, struct vmap_area, rb_node)->list;
499 return (&parent->rb_right == link ? list->next : list);
502 static __always_inline void
503 link_va(struct vmap_area *va, struct rb_root *root,
504 struct rb_node *parent, struct rb_node **link, struct list_head *head)
507 * VA is still not in the list, but we can
508 * identify its future previous list_head node.
510 if (likely(parent)) {
511 head = &rb_entry(parent, struct vmap_area, rb_node)->list;
512 if (&parent->rb_right != link)
516 /* Insert to the rb-tree */
517 rb_link_node(&va->rb_node, parent, link);
518 if (root == &free_vmap_area_root) {
520 * Some explanation here. Just perform simple insertion
521 * to the tree. We do not set va->subtree_max_size to
522 * its current size before calling rb_insert_augmented().
523 * It is because of we populate the tree from the bottom
524 * to parent levels when the node _is_ in the tree.
526 * Therefore we set subtree_max_size to zero after insertion,
527 * to let __augment_tree_propagate_from() puts everything to
528 * the correct order later on.
530 rb_insert_augmented(&va->rb_node,
531 root, &free_vmap_area_rb_augment_cb);
532 va->subtree_max_size = 0;
534 rb_insert_color(&va->rb_node, root);
537 /* Address-sort this list */
538 list_add(&va->list, head);
541 static __always_inline void
542 unlink_va(struct vmap_area *va, struct rb_root *root)
544 if (WARN_ON(RB_EMPTY_NODE(&va->rb_node)))
547 if (root == &free_vmap_area_root)
548 rb_erase_augmented(&va->rb_node,
549 root, &free_vmap_area_rb_augment_cb);
551 rb_erase(&va->rb_node, root);
554 RB_CLEAR_NODE(&va->rb_node);
557 #if DEBUG_AUGMENT_PROPAGATE_CHECK
559 augment_tree_propagate_check(struct rb_node *n)
561 struct vmap_area *va;
562 struct rb_node *node;
569 va = rb_entry(n, struct vmap_area, rb_node);
570 size = va->subtree_max_size;
574 va = rb_entry(node, struct vmap_area, rb_node);
576 if (get_subtree_max_size(node->rb_left) == size) {
577 node = node->rb_left;
579 if (va_size(va) == size) {
584 node = node->rb_right;
589 va = rb_entry(n, struct vmap_area, rb_node);
590 pr_emerg("tree is corrupted: %lu, %lu\n",
591 va_size(va), va->subtree_max_size);
594 augment_tree_propagate_check(n->rb_left);
595 augment_tree_propagate_check(n->rb_right);
600 * This function populates subtree_max_size from bottom to upper
601 * levels starting from VA point. The propagation must be done
602 * when VA size is modified by changing its va_start/va_end. Or
603 * in case of newly inserting of VA to the tree.
605 * It means that __augment_tree_propagate_from() must be called:
606 * - After VA has been inserted to the tree(free path);
607 * - After VA has been shrunk(allocation path);
608 * - After VA has been increased(merging path).
610 * Please note that, it does not mean that upper parent nodes
611 * and their subtree_max_size are recalculated all the time up
620 * For example if we modify the node 4, shrinking it to 2, then
621 * no any modification is required. If we shrink the node 2 to 1
622 * its subtree_max_size is updated only, and set to 1. If we shrink
623 * the node 8 to 6, then its subtree_max_size is set to 6 and parent
626 static __always_inline void
627 augment_tree_propagate_from(struct vmap_area *va)
629 struct rb_node *node = &va->rb_node;
630 unsigned long new_va_sub_max_size;
633 va = rb_entry(node, struct vmap_area, rb_node);
634 new_va_sub_max_size = compute_subtree_max_size(va);
637 * If the newly calculated maximum available size of the
638 * subtree is equal to the current one, then it means that
639 * the tree is propagated correctly. So we have to stop at
640 * this point to save cycles.
642 if (va->subtree_max_size == new_va_sub_max_size)
645 va->subtree_max_size = new_va_sub_max_size;
646 node = rb_parent(&va->rb_node);
649 #if DEBUG_AUGMENT_PROPAGATE_CHECK
650 augment_tree_propagate_check(free_vmap_area_root.rb_node);
655 insert_vmap_area(struct vmap_area *va,
656 struct rb_root *root, struct list_head *head)
658 struct rb_node **link;
659 struct rb_node *parent;
661 link = find_va_links(va, root, NULL, &parent);
662 link_va(va, root, parent, link, head);
666 insert_vmap_area_augment(struct vmap_area *va,
667 struct rb_node *from, struct rb_root *root,
668 struct list_head *head)
670 struct rb_node **link;
671 struct rb_node *parent;
674 link = find_va_links(va, NULL, from, &parent);
676 link = find_va_links(va, root, NULL, &parent);
678 link_va(va, root, parent, link, head);
679 augment_tree_propagate_from(va);
683 * Merge de-allocated chunk of VA memory with previous
684 * and next free blocks. If coalesce is not done a new
685 * free area is inserted. If VA has been merged, it is
688 static __always_inline void
689 merge_or_add_vmap_area(struct vmap_area *va,
690 struct rb_root *root, struct list_head *head)
692 struct vmap_area *sibling;
693 struct list_head *next;
694 struct rb_node **link;
695 struct rb_node *parent;
699 * Find a place in the tree where VA potentially will be
700 * inserted, unless it is merged with its sibling/siblings.
702 link = find_va_links(va, root, NULL, &parent);
705 * Get next node of VA to check if merging can be done.
707 next = get_va_next_sibling(parent, link);
708 if (unlikely(next == NULL))
714 * |<------VA------>|<-----Next----->|
719 sibling = list_entry(next, struct vmap_area, list);
720 if (sibling->va_start == va->va_end) {
721 sibling->va_start = va->va_start;
723 /* Check and update the tree if needed. */
724 augment_tree_propagate_from(sibling);
726 /* Free vmap_area object. */
727 kmem_cache_free(vmap_area_cachep, va);
729 /* Point to the new merged area. */
738 * |<-----Prev----->|<------VA------>|
742 if (next->prev != head) {
743 sibling = list_entry(next->prev, struct vmap_area, list);
744 if (sibling->va_end == va->va_start) {
745 sibling->va_end = va->va_end;
747 /* Check and update the tree if needed. */
748 augment_tree_propagate_from(sibling);
753 /* Free vmap_area object. */
754 kmem_cache_free(vmap_area_cachep, va);
761 link_va(va, root, parent, link, head);
762 augment_tree_propagate_from(va);
766 static __always_inline bool
767 is_within_this_va(struct vmap_area *va, unsigned long size,
768 unsigned long align, unsigned long vstart)
770 unsigned long nva_start_addr;
772 if (va->va_start > vstart)
773 nva_start_addr = ALIGN(va->va_start, align);
775 nva_start_addr = ALIGN(vstart, align);
777 /* Can be overflowed due to big size or alignment. */
778 if (nva_start_addr + size < nva_start_addr ||
779 nva_start_addr < vstart)
782 return (nva_start_addr + size <= va->va_end);
786 * Find the first free block(lowest start address) in the tree,
787 * that will accomplish the request corresponding to passing
790 static __always_inline struct vmap_area *
791 find_vmap_lowest_match(unsigned long size,
792 unsigned long align, unsigned long vstart)
794 struct vmap_area *va;
795 struct rb_node *node;
796 unsigned long length;
798 /* Start from the root. */
799 node = free_vmap_area_root.rb_node;
801 /* Adjust the search size for alignment overhead. */
802 length = size + align - 1;
805 va = rb_entry(node, struct vmap_area, rb_node);
807 if (get_subtree_max_size(node->rb_left) >= length &&
808 vstart < va->va_start) {
809 node = node->rb_left;
811 if (is_within_this_va(va, size, align, vstart))
815 * Does not make sense to go deeper towards the right
816 * sub-tree if it does not have a free block that is
817 * equal or bigger to the requested search length.
819 if (get_subtree_max_size(node->rb_right) >= length) {
820 node = node->rb_right;
825 * OK. We roll back and find the first right sub-tree,
826 * that will satisfy the search criteria. It can happen
827 * only once due to "vstart" restriction.
829 while ((node = rb_parent(node))) {
830 va = rb_entry(node, struct vmap_area, rb_node);
831 if (is_within_this_va(va, size, align, vstart))
834 if (get_subtree_max_size(node->rb_right) >= length &&
835 vstart <= va->va_start) {
836 node = node->rb_right;
846 #if DEBUG_AUGMENT_LOWEST_MATCH_CHECK
847 #include <linux/random.h>
849 static struct vmap_area *
850 find_vmap_lowest_linear_match(unsigned long size,
851 unsigned long align, unsigned long vstart)
853 struct vmap_area *va;
855 list_for_each_entry(va, &free_vmap_area_list, list) {
856 if (!is_within_this_va(va, size, align, vstart))
866 find_vmap_lowest_match_check(unsigned long size)
868 struct vmap_area *va_1, *va_2;
869 unsigned long vstart;
872 get_random_bytes(&rnd, sizeof(rnd));
873 vstart = VMALLOC_START + rnd;
875 va_1 = find_vmap_lowest_match(size, 1, vstart);
876 va_2 = find_vmap_lowest_linear_match(size, 1, vstart);
879 pr_emerg("not lowest: t: 0x%p, l: 0x%p, v: 0x%lx\n",
886 FL_FIT_TYPE = 1, /* full fit */
887 LE_FIT_TYPE = 2, /* left edge fit */
888 RE_FIT_TYPE = 3, /* right edge fit */
889 NE_FIT_TYPE = 4 /* no edge fit */
892 static __always_inline enum fit_type
893 classify_va_fit_type(struct vmap_area *va,
894 unsigned long nva_start_addr, unsigned long size)
898 /* Check if it is within VA. */
899 if (nva_start_addr < va->va_start ||
900 nva_start_addr + size > va->va_end)
904 if (va->va_start == nva_start_addr) {
905 if (va->va_end == nva_start_addr + size)
909 } else if (va->va_end == nva_start_addr + size) {
918 static __always_inline int
919 adjust_va_to_fit_type(struct vmap_area *va,
920 unsigned long nva_start_addr, unsigned long size,
923 struct vmap_area *lva = NULL;
925 if (type == FL_FIT_TYPE) {
927 * No need to split VA, it fully fits.
933 unlink_va(va, &free_vmap_area_root);
934 kmem_cache_free(vmap_area_cachep, va);
935 } else if (type == LE_FIT_TYPE) {
937 * Split left edge of fit VA.
943 va->va_start += size;
944 } else if (type == RE_FIT_TYPE) {
946 * Split right edge of fit VA.
952 va->va_end = nva_start_addr;
953 } else if (type == NE_FIT_TYPE) {
955 * Split no edge of fit VA.
961 lva = __this_cpu_xchg(ne_fit_preload_node, NULL);
962 if (unlikely(!lva)) {
964 * For percpu allocator we do not do any pre-allocation
965 * and leave it as it is. The reason is it most likely
966 * never ends up with NE_FIT_TYPE splitting. In case of
967 * percpu allocations offsets and sizes are aligned to
968 * fixed align request, i.e. RE_FIT_TYPE and FL_FIT_TYPE
969 * are its main fitting cases.
971 * There are a few exceptions though, as an example it is
972 * a first allocation (early boot up) when we have "one"
973 * big free space that has to be split.
975 lva = kmem_cache_alloc(vmap_area_cachep, GFP_NOWAIT);
981 * Build the remainder.
983 lva->va_start = va->va_start;
984 lva->va_end = nva_start_addr;
987 * Shrink this VA to remaining size.
989 va->va_start = nva_start_addr + size;
994 if (type != FL_FIT_TYPE) {
995 augment_tree_propagate_from(va);
997 if (lva) /* type == NE_FIT_TYPE */
998 insert_vmap_area_augment(lva, &va->rb_node,
999 &free_vmap_area_root, &free_vmap_area_list);
1006 * Returns a start address of the newly allocated area, if success.
1007 * Otherwise a vend is returned that indicates failure.
1009 static __always_inline unsigned long
1010 __alloc_vmap_area(unsigned long size, unsigned long align,
1011 unsigned long vstart, unsigned long vend)
1013 unsigned long nva_start_addr;
1014 struct vmap_area *va;
1018 va = find_vmap_lowest_match(size, align, vstart);
1022 if (va->va_start > vstart)
1023 nva_start_addr = ALIGN(va->va_start, align);
1025 nva_start_addr = ALIGN(vstart, align);
1027 /* Check the "vend" restriction. */
1028 if (nva_start_addr + size > vend)
1031 /* Classify what we have found. */
1032 type = classify_va_fit_type(va, nva_start_addr, size);
1033 if (WARN_ON_ONCE(type == NOTHING_FIT))
1036 /* Update the free vmap_area. */
1037 ret = adjust_va_to_fit_type(va, nva_start_addr, size, type);
1041 #if DEBUG_AUGMENT_LOWEST_MATCH_CHECK
1042 find_vmap_lowest_match_check(size);
1045 return nva_start_addr;
1049 * Allocate a region of KVA of the specified size and alignment, within the
1052 static struct vmap_area *alloc_vmap_area(unsigned long size,
1053 unsigned long align,
1054 unsigned long vstart, unsigned long vend,
1055 int node, gfp_t gfp_mask)
1057 struct vmap_area *va, *pva;
1062 BUG_ON(offset_in_page(size));
1063 BUG_ON(!is_power_of_2(align));
1065 if (unlikely(!vmap_initialized))
1066 return ERR_PTR(-EBUSY);
1070 va = kmem_cache_alloc_node(vmap_area_cachep,
1071 gfp_mask & GFP_RECLAIM_MASK, node);
1073 return ERR_PTR(-ENOMEM);
1076 * Only scan the relevant parts containing pointers to other objects
1077 * to avoid false negatives.
1079 kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask & GFP_RECLAIM_MASK);
1083 * Preload this CPU with one extra vmap_area object to ensure
1084 * that we have it available when fit type of free area is
1087 * The preload is done in non-atomic context, thus it allows us
1088 * to use more permissive allocation masks to be more stable under
1089 * low memory condition and high memory pressure.
1091 * Even if it fails we do not really care about that. Just proceed
1092 * as it is. "overflow" path will refill the cache we allocate from.
1095 if (!__this_cpu_read(ne_fit_preload_node)) {
1097 pva = kmem_cache_alloc_node(vmap_area_cachep, GFP_KERNEL, node);
1100 if (__this_cpu_cmpxchg(ne_fit_preload_node, NULL, pva)) {
1102 kmem_cache_free(vmap_area_cachep, pva);
1106 spin_lock(&vmap_area_lock);
1110 * If an allocation fails, the "vend" address is
1111 * returned. Therefore trigger the overflow path.
1113 addr = __alloc_vmap_area(size, align, vstart, vend);
1114 if (unlikely(addr == vend))
1117 va->va_start = addr;
1118 va->va_end = addr + size;
1120 insert_vmap_area(va, &vmap_area_root, &vmap_area_list);
1122 spin_unlock(&vmap_area_lock);
1124 BUG_ON(!IS_ALIGNED(va->va_start, align));
1125 BUG_ON(va->va_start < vstart);
1126 BUG_ON(va->va_end > vend);
1131 spin_unlock(&vmap_area_lock);
1133 purge_vmap_area_lazy();
1138 if (gfpflags_allow_blocking(gfp_mask)) {
1139 unsigned long freed = 0;
1140 blocking_notifier_call_chain(&vmap_notify_list, 0, &freed);
1147 if (!(gfp_mask & __GFP_NOWARN) && printk_ratelimit())
1148 pr_warn("vmap allocation for size %lu failed: use vmalloc=<size> to increase size\n",
1151 kmem_cache_free(vmap_area_cachep, va);
1152 return ERR_PTR(-EBUSY);
1155 int register_vmap_purge_notifier(struct notifier_block *nb)
1157 return blocking_notifier_chain_register(&vmap_notify_list, nb);
1159 EXPORT_SYMBOL_GPL(register_vmap_purge_notifier);
1161 int unregister_vmap_purge_notifier(struct notifier_block *nb)
1163 return blocking_notifier_chain_unregister(&vmap_notify_list, nb);
1165 EXPORT_SYMBOL_GPL(unregister_vmap_purge_notifier);
1167 static void __free_vmap_area(struct vmap_area *va)
1170 * Remove from the busy tree/list.
1172 unlink_va(va, &vmap_area_root);
1175 * Merge VA with its neighbors, otherwise just add it.
1177 merge_or_add_vmap_area(va,
1178 &free_vmap_area_root, &free_vmap_area_list);
1182 * Free a region of KVA allocated by alloc_vmap_area
1184 static void free_vmap_area(struct vmap_area *va)
1186 spin_lock(&vmap_area_lock);
1187 __free_vmap_area(va);
1188 spin_unlock(&vmap_area_lock);
1192 * Clear the pagetable entries of a given vmap_area
1194 static void unmap_vmap_area(struct vmap_area *va)
1196 vunmap_page_range(va->va_start, va->va_end);
1200 * lazy_max_pages is the maximum amount of virtual address space we gather up
1201 * before attempting to purge with a TLB flush.
1203 * There is a tradeoff here: a larger number will cover more kernel page tables
1204 * and take slightly longer to purge, but it will linearly reduce the number of
1205 * global TLB flushes that must be performed. It would seem natural to scale
1206 * this number up linearly with the number of CPUs (because vmapping activity
1207 * could also scale linearly with the number of CPUs), however it is likely
1208 * that in practice, workloads might be constrained in other ways that mean
1209 * vmap activity will not scale linearly with CPUs. Also, I want to be
1210 * conservative and not introduce a big latency on huge systems, so go with
1211 * a less aggressive log scale. It will still be an improvement over the old
1212 * code, and it will be simple to change the scale factor if we find that it
1213 * becomes a problem on bigger systems.
1215 static unsigned long lazy_max_pages(void)
1219 log = fls(num_online_cpus());
1221 return log * (32UL * 1024 * 1024 / PAGE_SIZE);
1224 static atomic_long_t vmap_lazy_nr = ATOMIC_LONG_INIT(0);
1227 * Serialize vmap purging. There is no actual criticial section protected
1228 * by this look, but we want to avoid concurrent calls for performance
1229 * reasons and to make the pcpu_get_vm_areas more deterministic.
1231 static DEFINE_MUTEX(vmap_purge_lock);
1233 /* for per-CPU blocks */
1234 static void purge_fragmented_blocks_allcpus(void);
1237 * called before a call to iounmap() if the caller wants vm_area_struct's
1238 * immediately freed.
1240 void set_iounmap_nonlazy(void)
1242 atomic_long_set(&vmap_lazy_nr, lazy_max_pages()+1);
1246 * Purges all lazily-freed vmap areas.
1248 static bool __purge_vmap_area_lazy(unsigned long start, unsigned long end)
1250 unsigned long resched_threshold;
1251 struct llist_node *valist;
1252 struct vmap_area *va;
1253 struct vmap_area *n_va;
1255 lockdep_assert_held(&vmap_purge_lock);
1257 valist = llist_del_all(&vmap_purge_list);
1258 if (unlikely(valist == NULL))
1262 * First make sure the mappings are removed from all page-tables
1263 * before they are freed.
1265 vmalloc_sync_unmappings();
1268 * TODO: to calculate a flush range without looping.
1269 * The list can be up to lazy_max_pages() elements.
1271 llist_for_each_entry(va, valist, purge_list) {
1272 if (va->va_start < start)
1273 start = va->va_start;
1274 if (va->va_end > end)
1278 flush_tlb_kernel_range(start, end);
1279 resched_threshold = lazy_max_pages() << 1;
1281 spin_lock(&vmap_area_lock);
1282 llist_for_each_entry_safe(va, n_va, valist, purge_list) {
1283 unsigned long nr = (va->va_end - va->va_start) >> PAGE_SHIFT;
1286 * Finally insert or merge lazily-freed area. It is
1287 * detached and there is no need to "unlink" it from
1290 merge_or_add_vmap_area(va,
1291 &free_vmap_area_root, &free_vmap_area_list);
1293 atomic_long_sub(nr, &vmap_lazy_nr);
1295 if (atomic_long_read(&vmap_lazy_nr) < resched_threshold)
1296 cond_resched_lock(&vmap_area_lock);
1298 spin_unlock(&vmap_area_lock);
1303 * Kick off a purge of the outstanding lazy areas. Don't bother if somebody
1304 * is already purging.
1306 static void try_purge_vmap_area_lazy(void)
1308 if (mutex_trylock(&vmap_purge_lock)) {
1309 __purge_vmap_area_lazy(ULONG_MAX, 0);
1310 mutex_unlock(&vmap_purge_lock);
1315 * Kick off a purge of the outstanding lazy areas.
1317 static void purge_vmap_area_lazy(void)
1319 mutex_lock(&vmap_purge_lock);
1320 purge_fragmented_blocks_allcpus();
1321 __purge_vmap_area_lazy(ULONG_MAX, 0);
1322 mutex_unlock(&vmap_purge_lock);
1326 * Free a vmap area, caller ensuring that the area has been unmapped
1327 * and flush_cache_vunmap had been called for the correct range
1330 static void free_vmap_area_noflush(struct vmap_area *va)
1332 unsigned long nr_lazy;
1334 spin_lock(&vmap_area_lock);
1335 unlink_va(va, &vmap_area_root);
1336 spin_unlock(&vmap_area_lock);
1338 nr_lazy = atomic_long_add_return((va->va_end - va->va_start) >>
1339 PAGE_SHIFT, &vmap_lazy_nr);
1341 /* After this point, we may free va at any time */
1342 llist_add(&va->purge_list, &vmap_purge_list);
1344 if (unlikely(nr_lazy > lazy_max_pages()))
1345 try_purge_vmap_area_lazy();
1349 * Free and unmap a vmap area
1351 static void free_unmap_vmap_area(struct vmap_area *va)
1353 flush_cache_vunmap(va->va_start, va->va_end);
1354 unmap_vmap_area(va);
1355 if (debug_pagealloc_enabled_static())
1356 flush_tlb_kernel_range(va->va_start, va->va_end);
1358 free_vmap_area_noflush(va);
1361 static struct vmap_area *find_vmap_area(unsigned long addr)
1363 struct vmap_area *va;
1365 spin_lock(&vmap_area_lock);
1366 va = __find_vmap_area(addr);
1367 spin_unlock(&vmap_area_lock);
1372 /*** Per cpu kva allocator ***/
1375 * vmap space is limited especially on 32 bit architectures. Ensure there is
1376 * room for at least 16 percpu vmap blocks per CPU.
1379 * If we had a constant VMALLOC_START and VMALLOC_END, we'd like to be able
1380 * to #define VMALLOC_SPACE (VMALLOC_END-VMALLOC_START). Guess
1381 * instead (we just need a rough idea)
1383 #if BITS_PER_LONG == 32
1384 #define VMALLOC_SPACE (128UL*1024*1024)
1386 #define VMALLOC_SPACE (128UL*1024*1024*1024)
1389 #define VMALLOC_PAGES (VMALLOC_SPACE / PAGE_SIZE)
1390 #define VMAP_MAX_ALLOC BITS_PER_LONG /* 256K with 4K pages */
1391 #define VMAP_BBMAP_BITS_MAX 1024 /* 4MB with 4K pages */
1392 #define VMAP_BBMAP_BITS_MIN (VMAP_MAX_ALLOC*2)
1393 #define VMAP_MIN(x, y) ((x) < (y) ? (x) : (y)) /* can't use min() */
1394 #define VMAP_MAX(x, y) ((x) > (y) ? (x) : (y)) /* can't use max() */
1395 #define VMAP_BBMAP_BITS \
1396 VMAP_MIN(VMAP_BBMAP_BITS_MAX, \
1397 VMAP_MAX(VMAP_BBMAP_BITS_MIN, \
1398 VMALLOC_PAGES / roundup_pow_of_two(NR_CPUS) / 16))
1400 #define VMAP_BLOCK_SIZE (VMAP_BBMAP_BITS * PAGE_SIZE)
1402 struct vmap_block_queue {
1404 struct list_head free;
1409 struct vmap_area *va;
1410 unsigned long free, dirty;
1411 unsigned long dirty_min, dirty_max; /*< dirty range */
1412 struct list_head free_list;
1413 struct rcu_head rcu_head;
1414 struct list_head purge;
1417 /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */
1418 static DEFINE_PER_CPU(struct vmap_block_queue, vmap_block_queue);
1421 * Radix tree of vmap blocks, indexed by address, to quickly find a vmap block
1422 * in the free path. Could get rid of this if we change the API to return a
1423 * "cookie" from alloc, to be passed to free. But no big deal yet.
1425 static DEFINE_SPINLOCK(vmap_block_tree_lock);
1426 static RADIX_TREE(vmap_block_tree, GFP_ATOMIC);
1429 * We should probably have a fallback mechanism to allocate virtual memory
1430 * out of partially filled vmap blocks. However vmap block sizing should be
1431 * fairly reasonable according to the vmalloc size, so it shouldn't be a
1435 static unsigned long addr_to_vb_idx(unsigned long addr)
1437 addr -= VMALLOC_START & ~(VMAP_BLOCK_SIZE-1);
1438 addr /= VMAP_BLOCK_SIZE;
1442 static void *vmap_block_vaddr(unsigned long va_start, unsigned long pages_off)
1446 addr = va_start + (pages_off << PAGE_SHIFT);
1447 BUG_ON(addr_to_vb_idx(addr) != addr_to_vb_idx(va_start));
1448 return (void *)addr;
1452 * new_vmap_block - allocates new vmap_block and occupies 2^order pages in this
1453 * block. Of course pages number can't exceed VMAP_BBMAP_BITS
1454 * @order: how many 2^order pages should be occupied in newly allocated block
1455 * @gfp_mask: flags for the page level allocator
1457 * Return: virtual address in a newly allocated block or ERR_PTR(-errno)
1459 static void *new_vmap_block(unsigned int order, gfp_t gfp_mask)
1461 struct vmap_block_queue *vbq;
1462 struct vmap_block *vb;
1463 struct vmap_area *va;
1464 unsigned long vb_idx;
1468 node = numa_node_id();
1470 vb = kmalloc_node(sizeof(struct vmap_block),
1471 gfp_mask & GFP_RECLAIM_MASK, node);
1473 return ERR_PTR(-ENOMEM);
1475 va = alloc_vmap_area(VMAP_BLOCK_SIZE, VMAP_BLOCK_SIZE,
1476 VMALLOC_START, VMALLOC_END,
1480 return ERR_CAST(va);
1483 err = radix_tree_preload(gfp_mask);
1484 if (unlikely(err)) {
1487 return ERR_PTR(err);
1490 vaddr = vmap_block_vaddr(va->va_start, 0);
1491 spin_lock_init(&vb->lock);
1493 /* At least something should be left free */
1494 BUG_ON(VMAP_BBMAP_BITS <= (1UL << order));
1495 vb->free = VMAP_BBMAP_BITS - (1UL << order);
1497 vb->dirty_min = VMAP_BBMAP_BITS;
1499 INIT_LIST_HEAD(&vb->free_list);
1501 vb_idx = addr_to_vb_idx(va->va_start);
1502 spin_lock(&vmap_block_tree_lock);
1503 err = radix_tree_insert(&vmap_block_tree, vb_idx, vb);
1504 spin_unlock(&vmap_block_tree_lock);
1506 radix_tree_preload_end();
1508 vbq = &get_cpu_var(vmap_block_queue);
1509 spin_lock(&vbq->lock);
1510 list_add_tail_rcu(&vb->free_list, &vbq->free);
1511 spin_unlock(&vbq->lock);
1512 put_cpu_var(vmap_block_queue);
1517 static void free_vmap_block(struct vmap_block *vb)
1519 struct vmap_block *tmp;
1520 unsigned long vb_idx;
1522 vb_idx = addr_to_vb_idx(vb->va->va_start);
1523 spin_lock(&vmap_block_tree_lock);
1524 tmp = radix_tree_delete(&vmap_block_tree, vb_idx);
1525 spin_unlock(&vmap_block_tree_lock);
1528 free_vmap_area_noflush(vb->va);
1529 kfree_rcu(vb, rcu_head);
1532 static void purge_fragmented_blocks(int cpu)
1535 struct vmap_block *vb;
1536 struct vmap_block *n_vb;
1537 struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, cpu);
1540 list_for_each_entry_rcu(vb, &vbq->free, free_list) {
1542 if (!(vb->free + vb->dirty == VMAP_BBMAP_BITS && vb->dirty != VMAP_BBMAP_BITS))
1545 spin_lock(&vb->lock);
1546 if (vb->free + vb->dirty == VMAP_BBMAP_BITS && vb->dirty != VMAP_BBMAP_BITS) {
1547 vb->free = 0; /* prevent further allocs after releasing lock */
1548 vb->dirty = VMAP_BBMAP_BITS; /* prevent purging it again */
1550 vb->dirty_max = VMAP_BBMAP_BITS;
1551 spin_lock(&vbq->lock);
1552 list_del_rcu(&vb->free_list);
1553 spin_unlock(&vbq->lock);
1554 spin_unlock(&vb->lock);
1555 list_add_tail(&vb->purge, &purge);
1557 spin_unlock(&vb->lock);
1561 list_for_each_entry_safe(vb, n_vb, &purge, purge) {
1562 list_del(&vb->purge);
1563 free_vmap_block(vb);
1567 static void purge_fragmented_blocks_allcpus(void)
1571 for_each_possible_cpu(cpu)
1572 purge_fragmented_blocks(cpu);
1575 static void *vb_alloc(unsigned long size, gfp_t gfp_mask)
1577 struct vmap_block_queue *vbq;
1578 struct vmap_block *vb;
1582 BUG_ON(offset_in_page(size));
1583 BUG_ON(size > PAGE_SIZE*VMAP_MAX_ALLOC);
1584 if (WARN_ON(size == 0)) {
1586 * Allocating 0 bytes isn't what caller wants since
1587 * get_order(0) returns funny result. Just warn and terminate
1592 order = get_order(size);
1595 vbq = &get_cpu_var(vmap_block_queue);
1596 list_for_each_entry_rcu(vb, &vbq->free, free_list) {
1597 unsigned long pages_off;
1599 spin_lock(&vb->lock);
1600 if (vb->free < (1UL << order)) {
1601 spin_unlock(&vb->lock);
1605 pages_off = VMAP_BBMAP_BITS - vb->free;
1606 vaddr = vmap_block_vaddr(vb->va->va_start, pages_off);
1607 vb->free -= 1UL << order;
1608 if (vb->free == 0) {
1609 spin_lock(&vbq->lock);
1610 list_del_rcu(&vb->free_list);
1611 spin_unlock(&vbq->lock);
1614 spin_unlock(&vb->lock);
1618 put_cpu_var(vmap_block_queue);
1621 /* Allocate new block if nothing was found */
1623 vaddr = new_vmap_block(order, gfp_mask);
1628 static void vb_free(const void *addr, unsigned long size)
1630 unsigned long offset;
1631 unsigned long vb_idx;
1633 struct vmap_block *vb;
1635 BUG_ON(offset_in_page(size));
1636 BUG_ON(size > PAGE_SIZE*VMAP_MAX_ALLOC);
1638 flush_cache_vunmap((unsigned long)addr, (unsigned long)addr + size);
1640 order = get_order(size);
1642 offset = (unsigned long)addr & (VMAP_BLOCK_SIZE - 1);
1643 offset >>= PAGE_SHIFT;
1645 vb_idx = addr_to_vb_idx((unsigned long)addr);
1647 vb = radix_tree_lookup(&vmap_block_tree, vb_idx);
1651 vunmap_page_range((unsigned long)addr, (unsigned long)addr + size);
1653 if (debug_pagealloc_enabled_static())
1654 flush_tlb_kernel_range((unsigned long)addr,
1655 (unsigned long)addr + size);
1657 spin_lock(&vb->lock);
1659 /* Expand dirty range */
1660 vb->dirty_min = min(vb->dirty_min, offset);
1661 vb->dirty_max = max(vb->dirty_max, offset + (1UL << order));
1663 vb->dirty += 1UL << order;
1664 if (vb->dirty == VMAP_BBMAP_BITS) {
1666 spin_unlock(&vb->lock);
1667 free_vmap_block(vb);
1669 spin_unlock(&vb->lock);
1672 static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush)
1676 if (unlikely(!vmap_initialized))
1681 for_each_possible_cpu(cpu) {
1682 struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, cpu);
1683 struct vmap_block *vb;
1686 list_for_each_entry_rcu(vb, &vbq->free, free_list) {
1687 spin_lock(&vb->lock);
1689 unsigned long va_start = vb->va->va_start;
1692 s = va_start + (vb->dirty_min << PAGE_SHIFT);
1693 e = va_start + (vb->dirty_max << PAGE_SHIFT);
1695 start = min(s, start);
1700 spin_unlock(&vb->lock);
1705 mutex_lock(&vmap_purge_lock);
1706 purge_fragmented_blocks_allcpus();
1707 if (!__purge_vmap_area_lazy(start, end) && flush)
1708 flush_tlb_kernel_range(start, end);
1709 mutex_unlock(&vmap_purge_lock);
1713 * vm_unmap_aliases - unmap outstanding lazy aliases in the vmap layer
1715 * The vmap/vmalloc layer lazily flushes kernel virtual mappings primarily
1716 * to amortize TLB flushing overheads. What this means is that any page you
1717 * have now, may, in a former life, have been mapped into kernel virtual
1718 * address by the vmap layer and so there might be some CPUs with TLB entries
1719 * still referencing that page (additional to the regular 1:1 kernel mapping).
1721 * vm_unmap_aliases flushes all such lazy mappings. After it returns, we can
1722 * be sure that none of the pages we have control over will have any aliases
1723 * from the vmap layer.
1725 void vm_unmap_aliases(void)
1727 unsigned long start = ULONG_MAX, end = 0;
1730 _vm_unmap_aliases(start, end, flush);
1732 EXPORT_SYMBOL_GPL(vm_unmap_aliases);
1735 * vm_unmap_ram - unmap linear kernel address space set up by vm_map_ram
1736 * @mem: the pointer returned by vm_map_ram
1737 * @count: the count passed to that vm_map_ram call (cannot unmap partial)
1739 void vm_unmap_ram(const void *mem, unsigned int count)
1741 unsigned long size = (unsigned long)count << PAGE_SHIFT;
1742 unsigned long addr = (unsigned long)mem;
1743 struct vmap_area *va;
1747 BUG_ON(addr < VMALLOC_START);
1748 BUG_ON(addr > VMALLOC_END);
1749 BUG_ON(!PAGE_ALIGNED(addr));
1751 if (likely(count <= VMAP_MAX_ALLOC)) {
1752 debug_check_no_locks_freed(mem, size);
1757 va = find_vmap_area(addr);
1759 debug_check_no_locks_freed((void *)va->va_start,
1760 (va->va_end - va->va_start));
1761 free_unmap_vmap_area(va);
1763 EXPORT_SYMBOL(vm_unmap_ram);
1766 * vm_map_ram - map pages linearly into kernel virtual address (vmalloc space)
1767 * @pages: an array of pointers to the pages to be mapped
1768 * @count: number of pages
1769 * @node: prefer to allocate data structures on this node
1770 * @prot: memory protection to use. PAGE_KERNEL for regular RAM
1772 * If you use this function for less than VMAP_MAX_ALLOC pages, it could be
1773 * faster than vmap so it's good. But if you mix long-life and short-life
1774 * objects with vm_map_ram(), it could consume lots of address space through
1775 * fragmentation (especially on a 32bit machine). You could see failures in
1776 * the end. Please use this function for short-lived objects.
1778 * Returns: a pointer to the address that has been mapped, or %NULL on failure
1780 void *vm_map_ram(struct page **pages, unsigned int count, int node, pgprot_t prot)
1782 unsigned long size = (unsigned long)count << PAGE_SHIFT;
1786 if (likely(count <= VMAP_MAX_ALLOC)) {
1787 mem = vb_alloc(size, GFP_KERNEL);
1790 addr = (unsigned long)mem;
1792 struct vmap_area *va;
1793 va = alloc_vmap_area(size, PAGE_SIZE,
1794 VMALLOC_START, VMALLOC_END, node, GFP_KERNEL);
1798 addr = va->va_start;
1801 if (vmap_page_range(addr, addr + size, prot, pages) < 0) {
1802 vm_unmap_ram(mem, count);
1807 EXPORT_SYMBOL(vm_map_ram);
1809 static struct vm_struct *vmlist __initdata;
1812 * vm_area_add_early - add vmap area early during boot
1813 * @vm: vm_struct to add
1815 * This function is used to add fixed kernel vm area to vmlist before
1816 * vmalloc_init() is called. @vm->addr, @vm->size, and @vm->flags
1817 * should contain proper values and the other fields should be zero.
1819 * DO NOT USE THIS FUNCTION UNLESS YOU KNOW WHAT YOU'RE DOING.
1821 void __init vm_area_add_early(struct vm_struct *vm)
1823 struct vm_struct *tmp, **p;
1825 BUG_ON(vmap_initialized);
1826 for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next) {
1827 if (tmp->addr >= vm->addr) {
1828 BUG_ON(tmp->addr < vm->addr + vm->size);
1831 BUG_ON(tmp->addr + tmp->size > vm->addr);
1838 * vm_area_register_early - register vmap area early during boot
1839 * @vm: vm_struct to register
1840 * @align: requested alignment
1842 * This function is used to register kernel vm area before
1843 * vmalloc_init() is called. @vm->size and @vm->flags should contain
1844 * proper values on entry and other fields should be zero. On return,
1845 * vm->addr contains the allocated address.
1847 * DO NOT USE THIS FUNCTION UNLESS YOU KNOW WHAT YOU'RE DOING.
1849 void __init vm_area_register_early(struct vm_struct *vm, size_t align)
1851 static size_t vm_init_off __initdata;
1854 addr = ALIGN(VMALLOC_START + vm_init_off, align);
1855 vm_init_off = PFN_ALIGN(addr + vm->size) - VMALLOC_START;
1857 vm->addr = (void *)addr;
1859 vm_area_add_early(vm);
1862 static void vmap_init_free_space(void)
1864 unsigned long vmap_start = 1;
1865 const unsigned long vmap_end = ULONG_MAX;
1866 struct vmap_area *busy, *free;
1870 * -|-----|.....|-----|-----|-----|.....|-
1872 * |<--------------------------------->|
1874 list_for_each_entry(busy, &vmap_area_list, list) {
1875 if (busy->va_start - vmap_start > 0) {
1876 free = kmem_cache_zalloc(vmap_area_cachep, GFP_NOWAIT);
1877 if (!WARN_ON_ONCE(!free)) {
1878 free->va_start = vmap_start;
1879 free->va_end = busy->va_start;
1881 insert_vmap_area_augment(free, NULL,
1882 &free_vmap_area_root,
1883 &free_vmap_area_list);
1887 vmap_start = busy->va_end;
1890 if (vmap_end - vmap_start > 0) {
1891 free = kmem_cache_zalloc(vmap_area_cachep, GFP_NOWAIT);
1892 if (!WARN_ON_ONCE(!free)) {
1893 free->va_start = vmap_start;
1894 free->va_end = vmap_end;
1896 insert_vmap_area_augment(free, NULL,
1897 &free_vmap_area_root,
1898 &free_vmap_area_list);
1903 void __init vmalloc_init(void)
1905 struct vmap_area *va;
1906 struct vm_struct *tmp;
1910 * Create the cache for vmap_area objects.
1912 vmap_area_cachep = KMEM_CACHE(vmap_area, SLAB_PANIC);
1914 for_each_possible_cpu(i) {
1915 struct vmap_block_queue *vbq;
1916 struct vfree_deferred *p;
1918 vbq = &per_cpu(vmap_block_queue, i);
1919 spin_lock_init(&vbq->lock);
1920 INIT_LIST_HEAD(&vbq->free);
1921 p = &per_cpu(vfree_deferred, i);
1922 init_llist_head(&p->list);
1923 INIT_WORK(&p->wq, free_work);
1926 /* Import existing vmlist entries. */
1927 for (tmp = vmlist; tmp; tmp = tmp->next) {
1928 va = kmem_cache_zalloc(vmap_area_cachep, GFP_NOWAIT);
1929 if (WARN_ON_ONCE(!va))
1932 va->va_start = (unsigned long)tmp->addr;
1933 va->va_end = va->va_start + tmp->size;
1935 insert_vmap_area(va, &vmap_area_root, &vmap_area_list);
1939 * Now we can initialize a free vmap space.
1941 vmap_init_free_space();
1942 vmap_initialized = true;
1946 * map_kernel_range_noflush - map kernel VM area with the specified pages
1947 * @addr: start of the VM area to map
1948 * @size: size of the VM area to map
1949 * @prot: page protection flags to use
1950 * @pages: pages to map
1952 * Map PFN_UP(@size) pages at @addr. The VM area @addr and @size
1953 * specify should have been allocated using get_vm_area() and its
1957 * This function does NOT do any cache flushing. The caller is
1958 * responsible for calling flush_cache_vmap() on to-be-mapped areas
1959 * before calling this function.
1962 * The number of pages mapped on success, -errno on failure.
1964 int map_kernel_range_noflush(unsigned long addr, unsigned long size,
1965 pgprot_t prot, struct page **pages)
1967 return vmap_page_range_noflush(addr, addr + size, prot, pages);
1971 * unmap_kernel_range_noflush - unmap kernel VM area
1972 * @addr: start of the VM area to unmap
1973 * @size: size of the VM area to unmap
1975 * Unmap PFN_UP(@size) pages at @addr. The VM area @addr and @size
1976 * specify should have been allocated using get_vm_area() and its
1980 * This function does NOT do any cache flushing. The caller is
1981 * responsible for calling flush_cache_vunmap() on to-be-mapped areas
1982 * before calling this function and flush_tlb_kernel_range() after.
1984 void unmap_kernel_range_noflush(unsigned long addr, unsigned long size)
1986 vunmap_page_range(addr, addr + size);
1988 EXPORT_SYMBOL_GPL(unmap_kernel_range_noflush);
1991 * unmap_kernel_range - unmap kernel VM area and flush cache and TLB
1992 * @addr: start of the VM area to unmap
1993 * @size: size of the VM area to unmap
1995 * Similar to unmap_kernel_range_noflush() but flushes vcache before
1996 * the unmapping and tlb after.
1998 void unmap_kernel_range(unsigned long addr, unsigned long size)
2000 unsigned long end = addr + size;
2002 flush_cache_vunmap(addr, end);
2003 vunmap_page_range(addr, end);
2004 flush_tlb_kernel_range(addr, end);
2006 EXPORT_SYMBOL_GPL(unmap_kernel_range);
2008 int map_vm_area(struct vm_struct *area, pgprot_t prot, struct page **pages)
2010 unsigned long addr = (unsigned long)area->addr;
2011 unsigned long end = addr + get_vm_area_size(area);
2014 err = vmap_page_range(addr, end, prot, pages);
2016 return err > 0 ? 0 : err;
2018 EXPORT_SYMBOL_GPL(map_vm_area);
2020 static void setup_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va,
2021 unsigned long flags, const void *caller)
2023 spin_lock(&vmap_area_lock);
2025 vm->addr = (void *)va->va_start;
2026 vm->size = va->va_end - va->va_start;
2027 vm->caller = caller;
2029 spin_unlock(&vmap_area_lock);
2032 static void clear_vm_uninitialized_flag(struct vm_struct *vm)
2035 * Before removing VM_UNINITIALIZED,
2036 * we should make sure that vm has proper values.
2037 * Pair with smp_rmb() in show_numa_info().
2040 vm->flags &= ~VM_UNINITIALIZED;
2043 static struct vm_struct *__get_vm_area_node(unsigned long size,
2044 unsigned long align, unsigned long flags, unsigned long start,
2045 unsigned long end, int node, gfp_t gfp_mask, const void *caller)
2047 struct vmap_area *va;
2048 struct vm_struct *area;
2050 BUG_ON(in_interrupt());
2051 size = PAGE_ALIGN(size);
2052 if (unlikely(!size))
2055 if (flags & VM_IOREMAP)
2056 align = 1ul << clamp_t(int, get_count_order_long(size),
2057 PAGE_SHIFT, IOREMAP_MAX_ORDER);
2059 area = kzalloc_node(sizeof(*area), gfp_mask & GFP_RECLAIM_MASK, node);
2060 if (unlikely(!area))
2063 if (!(flags & VM_NO_GUARD))
2066 va = alloc_vmap_area(size, align, start, end, node, gfp_mask);
2072 setup_vmalloc_vm(area, va, flags, caller);
2077 struct vm_struct *__get_vm_area(unsigned long size, unsigned long flags,
2078 unsigned long start, unsigned long end)
2080 return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
2081 GFP_KERNEL, __builtin_return_address(0));
2083 EXPORT_SYMBOL_GPL(__get_vm_area);
2085 struct vm_struct *__get_vm_area_caller(unsigned long size, unsigned long flags,
2086 unsigned long start, unsigned long end,
2089 return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE,
2090 GFP_KERNEL, caller);
2094 * get_vm_area - reserve a contiguous kernel virtual area
2095 * @size: size of the area
2096 * @flags: %VM_IOREMAP for I/O mappings or VM_ALLOC
2098 * Search an area of @size in the kernel virtual mapping area,
2099 * and reserved it for out purposes. Returns the area descriptor
2100 * on success or %NULL on failure.
2102 * Return: the area descriptor on success or %NULL on failure.
2104 struct vm_struct *get_vm_area(unsigned long size, unsigned long flags)
2106 return __get_vm_area_node(size, 1, flags, VMALLOC_START, VMALLOC_END,
2107 NUMA_NO_NODE, GFP_KERNEL,
2108 __builtin_return_address(0));
2111 struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
2114 return __get_vm_area_node(size, 1, flags, VMALLOC_START, VMALLOC_END,
2115 NUMA_NO_NODE, GFP_KERNEL, caller);
2119 * find_vm_area - find a continuous kernel virtual area
2120 * @addr: base address
2122 * Search for the kernel VM area starting at @addr, and return it.
2123 * It is up to the caller to do all required locking to keep the returned
2126 * Return: pointer to the found area or %NULL on faulure
2128 struct vm_struct *find_vm_area(const void *addr)
2130 struct vmap_area *va;
2132 va = find_vmap_area((unsigned long)addr);
2140 * remove_vm_area - find and remove a continuous kernel virtual area
2141 * @addr: base address
2143 * Search for the kernel VM area starting at @addr, and remove it.
2144 * This function returns the found VM area, but using it is NOT safe
2145 * on SMP machines, except for its size or flags.
2147 * Return: pointer to the found area or %NULL on faulure
2149 struct vm_struct *remove_vm_area(const void *addr)
2151 struct vmap_area *va;
2155 spin_lock(&vmap_area_lock);
2156 va = __find_vmap_area((unsigned long)addr);
2158 struct vm_struct *vm = va->vm;
2161 spin_unlock(&vmap_area_lock);
2163 kasan_free_shadow(vm);
2164 free_unmap_vmap_area(va);
2169 spin_unlock(&vmap_area_lock);
2173 static inline void set_area_direct_map(const struct vm_struct *area,
2174 int (*set_direct_map)(struct page *page))
2178 for (i = 0; i < area->nr_pages; i++)
2179 if (page_address(area->pages[i]))
2180 set_direct_map(area->pages[i]);
2183 /* Handle removing and resetting vm mappings related to the vm_struct. */
2184 static void vm_remove_mappings(struct vm_struct *area, int deallocate_pages)
2186 unsigned long start = ULONG_MAX, end = 0;
2187 int flush_reset = area->flags & VM_FLUSH_RESET_PERMS;
2191 remove_vm_area(area->addr);
2193 /* If this is not VM_FLUSH_RESET_PERMS memory, no need for the below. */
2198 * If not deallocating pages, just do the flush of the VM area and
2201 if (!deallocate_pages) {
2207 * If execution gets here, flush the vm mapping and reset the direct
2208 * map. Find the start and end range of the direct mappings to make sure
2209 * the vm_unmap_aliases() flush includes the direct map.
2211 for (i = 0; i < area->nr_pages; i++) {
2212 unsigned long addr = (unsigned long)page_address(area->pages[i]);
2214 start = min(addr, start);
2215 end = max(addr + PAGE_SIZE, end);
2221 * Set direct map to something invalid so that it won't be cached if
2222 * there are any accesses after the TLB flush, then flush the TLB and
2223 * reset the direct map permissions to the default.
2225 set_area_direct_map(area, set_direct_map_invalid_noflush);
2226 _vm_unmap_aliases(start, end, flush_dmap);
2227 set_area_direct_map(area, set_direct_map_default_noflush);
2230 static void __vunmap(const void *addr, int deallocate_pages)
2232 struct vm_struct *area;
2237 if (WARN(!PAGE_ALIGNED(addr), "Trying to vfree() bad address (%p)\n",
2241 area = find_vm_area(addr);
2242 if (unlikely(!area)) {
2243 WARN(1, KERN_ERR "Trying to vfree() nonexistent vm area (%p)\n",
2248 debug_check_no_locks_freed(area->addr, get_vm_area_size(area));
2249 debug_check_no_obj_freed(area->addr, get_vm_area_size(area));
2251 vm_remove_mappings(area, deallocate_pages);
2253 if (deallocate_pages) {
2256 for (i = 0; i < area->nr_pages; i++) {
2257 struct page *page = area->pages[i];
2260 __free_pages(page, 0);
2262 atomic_long_sub(area->nr_pages, &nr_vmalloc_pages);
2264 kvfree(area->pages);
2271 static inline void __vfree_deferred(const void *addr)
2274 * Use raw_cpu_ptr() because this can be called from preemptible
2275 * context. Preemption is absolutely fine here, because the llist_add()
2276 * implementation is lockless, so it works even if we are adding to
2277 * nother cpu's list. schedule_work() should be fine with this too.
2279 struct vfree_deferred *p = raw_cpu_ptr(&vfree_deferred);
2281 if (llist_add((struct llist_node *)addr, &p->list))
2282 schedule_work(&p->wq);
2286 * vfree_atomic - release memory allocated by vmalloc()
2287 * @addr: memory base address
2289 * This one is just like vfree() but can be called in any atomic context
2292 void vfree_atomic(const void *addr)
2296 kmemleak_free(addr);
2300 __vfree_deferred(addr);
2303 static void __vfree(const void *addr)
2305 if (unlikely(in_interrupt()))
2306 __vfree_deferred(addr);
2312 * vfree - release memory allocated by vmalloc()
2313 * @addr: memory base address
2315 * Free the virtually continuous memory area starting at @addr, as
2316 * obtained from vmalloc(), vmalloc_32() or __vmalloc(). If @addr is
2317 * NULL, no operation is performed.
2319 * Must not be called in NMI context (strictly speaking, only if we don't
2320 * have CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG, but making the calling
2321 * conventions for vfree() arch-depenedent would be a really bad idea)
2323 * May sleep if called *not* from interrupt context.
2325 * NOTE: assumes that the object at @addr has a size >= sizeof(llist_node)
2327 void vfree(const void *addr)
2331 kmemleak_free(addr);
2333 might_sleep_if(!in_interrupt());
2340 EXPORT_SYMBOL(vfree);
2343 * vunmap - release virtual mapping obtained by vmap()
2344 * @addr: memory base address
2346 * Free the virtually contiguous memory area starting at @addr,
2347 * which was created from the page array passed to vmap().
2349 * Must not be called in interrupt context.
2351 void vunmap(const void *addr)
2353 BUG_ON(in_interrupt());
2358 EXPORT_SYMBOL(vunmap);
2361 * vmap - map an array of pages into virtually contiguous space
2362 * @pages: array of page pointers
2363 * @count: number of pages to map
2364 * @flags: vm_area->flags
2365 * @prot: page protection for the mapping
2367 * Maps @count pages from @pages into contiguous kernel virtual
2370 * Return: the address of the area or %NULL on failure
2372 void *vmap(struct page **pages, unsigned int count,
2373 unsigned long flags, pgprot_t prot)
2375 struct vm_struct *area;
2376 unsigned long size; /* In bytes */
2380 if (count > totalram_pages())
2383 size = (unsigned long)count << PAGE_SHIFT;
2384 area = get_vm_area_caller(size, flags, __builtin_return_address(0));
2388 if (map_vm_area(area, prot, pages)) {
2395 EXPORT_SYMBOL(vmap);
2397 static void *__vmalloc_node(unsigned long size, unsigned long align,
2398 gfp_t gfp_mask, pgprot_t prot,
2399 int node, const void *caller);
2400 static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
2401 pgprot_t prot, int node)
2403 struct page **pages;
2404 unsigned int nr_pages, array_size, i;
2405 const gfp_t nested_gfp = (gfp_mask & GFP_RECLAIM_MASK) | __GFP_ZERO;
2406 const gfp_t alloc_mask = gfp_mask | __GFP_NOWARN;
2407 const gfp_t highmem_mask = (gfp_mask & (GFP_DMA | GFP_DMA32)) ?
2411 nr_pages = get_vm_area_size(area) >> PAGE_SHIFT;
2412 array_size = (nr_pages * sizeof(struct page *));
2414 /* Please note that the recursion is strictly bounded. */
2415 if (array_size > PAGE_SIZE) {
2416 pages = __vmalloc_node(array_size, 1, nested_gfp|highmem_mask,
2417 PAGE_KERNEL, node, area->caller);
2419 pages = kmalloc_node(array_size, nested_gfp, node);
2423 remove_vm_area(area->addr);
2428 area->pages = pages;
2429 area->nr_pages = nr_pages;
2431 for (i = 0; i < area->nr_pages; i++) {
2434 if (node == NUMA_NO_NODE)
2435 page = alloc_page(alloc_mask|highmem_mask);
2437 page = alloc_pages_node(node, alloc_mask|highmem_mask, 0);
2439 if (unlikely(!page)) {
2440 /* Successfully allocated i pages, free them in __vunmap() */
2442 atomic_long_add(area->nr_pages, &nr_vmalloc_pages);
2445 area->pages[i] = page;
2446 if (gfpflags_allow_blocking(gfp_mask|highmem_mask))
2449 atomic_long_add(area->nr_pages, &nr_vmalloc_pages);
2451 if (map_vm_area(area, prot, pages))
2456 warn_alloc(gfp_mask, NULL,
2457 "vmalloc: allocation failure, allocated %ld of %ld bytes",
2458 (area->nr_pages*PAGE_SIZE), area->size);
2459 __vfree(area->addr);
2464 * __vmalloc_node_range - allocate virtually contiguous memory
2465 * @size: allocation size
2466 * @align: desired alignment
2467 * @start: vm area range start
2468 * @end: vm area range end
2469 * @gfp_mask: flags for the page level allocator
2470 * @prot: protection mask for the allocated pages
2471 * @vm_flags: additional vm area flags (e.g. %VM_NO_GUARD)
2472 * @node: node to use for allocation or NUMA_NO_NODE
2473 * @caller: caller's return address
2475 * Allocate enough pages to cover @size from the page level
2476 * allocator with @gfp_mask flags. Map them into contiguous
2477 * kernel virtual space, using a pagetable protection of @prot.
2479 * Return: the address of the area or %NULL on failure
2481 void *__vmalloc_node_range(unsigned long size, unsigned long align,
2482 unsigned long start, unsigned long end, gfp_t gfp_mask,
2483 pgprot_t prot, unsigned long vm_flags, int node,
2486 struct vm_struct *area;
2488 unsigned long real_size = size;
2490 size = PAGE_ALIGN(size);
2491 if (!size || (size >> PAGE_SHIFT) > totalram_pages())
2494 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED |
2495 vm_flags, start, end, node, gfp_mask, caller);
2499 addr = __vmalloc_area_node(area, gfp_mask, prot, node);
2504 * In this function, newly allocated vm_struct has VM_UNINITIALIZED
2505 * flag. It means that vm_struct is not fully initialized.
2506 * Now, it is fully initialized, so remove this flag here.
2508 clear_vm_uninitialized_flag(area);
2510 kmemleak_vmalloc(area, size, gfp_mask);
2515 warn_alloc(gfp_mask, NULL,
2516 "vmalloc: allocation failure: %lu bytes", real_size);
2521 * This is only for performance analysis of vmalloc and stress purpose.
2522 * It is required by vmalloc test module, therefore do not use it other
2525 #ifdef CONFIG_TEST_VMALLOC_MODULE
2526 EXPORT_SYMBOL_GPL(__vmalloc_node_range);
2530 * __vmalloc_node - allocate virtually contiguous memory
2531 * @size: allocation size
2532 * @align: desired alignment
2533 * @gfp_mask: flags for the page level allocator
2534 * @prot: protection mask for the allocated pages
2535 * @node: node to use for allocation or NUMA_NO_NODE
2536 * @caller: caller's return address
2538 * Allocate enough pages to cover @size from the page level
2539 * allocator with @gfp_mask flags. Map them into contiguous
2540 * kernel virtual space, using a pagetable protection of @prot.
2542 * Reclaim modifiers in @gfp_mask - __GFP_NORETRY, __GFP_RETRY_MAYFAIL
2543 * and __GFP_NOFAIL are not supported
2545 * Any use of gfp flags outside of GFP_KERNEL should be consulted
2548 * Return: pointer to the allocated memory or %NULL on error
2550 static void *__vmalloc_node(unsigned long size, unsigned long align,
2551 gfp_t gfp_mask, pgprot_t prot,
2552 int node, const void *caller)
2554 return __vmalloc_node_range(size, align, VMALLOC_START, VMALLOC_END,
2555 gfp_mask, prot, 0, node, caller);
2558 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
2560 return __vmalloc_node(size, 1, gfp_mask, prot, NUMA_NO_NODE,
2561 __builtin_return_address(0));
2563 EXPORT_SYMBOL(__vmalloc);
2565 static inline void *__vmalloc_node_flags(unsigned long size,
2566 int node, gfp_t flags)
2568 return __vmalloc_node(size, 1, flags, PAGE_KERNEL,
2569 node, __builtin_return_address(0));
2573 void *__vmalloc_node_flags_caller(unsigned long size, int node, gfp_t flags,
2576 return __vmalloc_node(size, 1, flags, PAGE_KERNEL, node, caller);
2580 * vmalloc - allocate virtually contiguous memory
2581 * @size: allocation size
2583 * Allocate enough pages to cover @size from the page level
2584 * allocator and map them into contiguous kernel virtual space.
2586 * For tight control over page level allocator and protection flags
2587 * use __vmalloc() instead.
2589 * Return: pointer to the allocated memory or %NULL on error
2591 void *vmalloc(unsigned long size)
2593 return __vmalloc_node_flags(size, NUMA_NO_NODE,
2596 EXPORT_SYMBOL(vmalloc);
2599 * vzalloc - allocate virtually contiguous memory with zero fill
2600 * @size: allocation size
2602 * Allocate enough pages to cover @size from the page level
2603 * allocator and map them into contiguous kernel virtual space.
2604 * The memory allocated is set to zero.
2606 * For tight control over page level allocator and protection flags
2607 * use __vmalloc() instead.
2609 * Return: pointer to the allocated memory or %NULL on error
2611 void *vzalloc(unsigned long size)
2613 return __vmalloc_node_flags(size, NUMA_NO_NODE,
2614 GFP_KERNEL | __GFP_ZERO);
2616 EXPORT_SYMBOL(vzalloc);
2619 * vmalloc_user - allocate zeroed virtually contiguous memory for userspace
2620 * @size: allocation size
2622 * The resulting memory area is zeroed so it can be mapped to userspace
2623 * without leaking data.
2625 * Return: pointer to the allocated memory or %NULL on error
2627 void *vmalloc_user(unsigned long size)
2629 return __vmalloc_node_range(size, SHMLBA, VMALLOC_START, VMALLOC_END,
2630 GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL,
2631 VM_USERMAP, NUMA_NO_NODE,
2632 __builtin_return_address(0));
2634 EXPORT_SYMBOL(vmalloc_user);
2637 * vmalloc_node - allocate memory on a specific node
2638 * @size: allocation size
2641 * Allocate enough pages to cover @size from the page level
2642 * allocator and map them into contiguous kernel virtual space.
2644 * For tight control over page level allocator and protection flags
2645 * use __vmalloc() instead.
2647 * Return: pointer to the allocated memory or %NULL on error
2649 void *vmalloc_node(unsigned long size, int node)
2651 return __vmalloc_node(size, 1, GFP_KERNEL, PAGE_KERNEL,
2652 node, __builtin_return_address(0));
2654 EXPORT_SYMBOL(vmalloc_node);
2657 * vzalloc_node - allocate memory on a specific node with zero fill
2658 * @size: allocation size
2661 * Allocate enough pages to cover @size from the page level
2662 * allocator and map them into contiguous kernel virtual space.
2663 * The memory allocated is set to zero.
2665 * For tight control over page level allocator and protection flags
2666 * use __vmalloc_node() instead.
2668 * Return: pointer to the allocated memory or %NULL on error
2670 void *vzalloc_node(unsigned long size, int node)
2672 return __vmalloc_node_flags(size, node,
2673 GFP_KERNEL | __GFP_ZERO);
2675 EXPORT_SYMBOL(vzalloc_node);
2678 * vmalloc_exec - allocate virtually contiguous, executable memory
2679 * @size: allocation size
2681 * Kernel-internal function to allocate enough pages to cover @size
2682 * the page level allocator and map them into contiguous and
2683 * executable kernel virtual space.
2685 * For tight control over page level allocator and protection flags
2686 * use __vmalloc() instead.
2688 * Return: pointer to the allocated memory or %NULL on error
2690 void *vmalloc_exec(unsigned long size)
2692 return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END,
2693 GFP_KERNEL, PAGE_KERNEL_EXEC, VM_FLUSH_RESET_PERMS,
2694 NUMA_NO_NODE, __builtin_return_address(0));
2697 #if defined(CONFIG_64BIT) && defined(CONFIG_ZONE_DMA32)
2698 #define GFP_VMALLOC32 (GFP_DMA32 | GFP_KERNEL)
2699 #elif defined(CONFIG_64BIT) && defined(CONFIG_ZONE_DMA)
2700 #define GFP_VMALLOC32 (GFP_DMA | GFP_KERNEL)
2703 * 64b systems should always have either DMA or DMA32 zones. For others
2704 * GFP_DMA32 should do the right thing and use the normal zone.
2706 #define GFP_VMALLOC32 GFP_DMA32 | GFP_KERNEL
2710 * vmalloc_32 - allocate virtually contiguous memory (32bit addressable)
2711 * @size: allocation size
2713 * Allocate enough 32bit PA addressable pages to cover @size from the
2714 * page level allocator and map them into contiguous kernel virtual space.
2716 * Return: pointer to the allocated memory or %NULL on error
2718 void *vmalloc_32(unsigned long size)
2720 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
2721 NUMA_NO_NODE, __builtin_return_address(0));
2723 EXPORT_SYMBOL(vmalloc_32);
2726 * vmalloc_32_user - allocate zeroed virtually contiguous 32bit memory
2727 * @size: allocation size
2729 * The resulting memory area is 32bit addressable and zeroed so it can be
2730 * mapped to userspace without leaking data.
2732 * Return: pointer to the allocated memory or %NULL on error
2734 void *vmalloc_32_user(unsigned long size)
2736 return __vmalloc_node_range(size, SHMLBA, VMALLOC_START, VMALLOC_END,
2737 GFP_VMALLOC32 | __GFP_ZERO, PAGE_KERNEL,
2738 VM_USERMAP, NUMA_NO_NODE,
2739 __builtin_return_address(0));
2741 EXPORT_SYMBOL(vmalloc_32_user);
2744 * small helper routine , copy contents to buf from addr.
2745 * If the page is not present, fill zero.
2748 static int aligned_vread(char *buf, char *addr, unsigned long count)
2754 unsigned long offset, length;
2756 offset = offset_in_page(addr);
2757 length = PAGE_SIZE - offset;
2760 p = vmalloc_to_page(addr);
2762 * To do safe access to this _mapped_ area, we need
2763 * lock. But adding lock here means that we need to add
2764 * overhead of vmalloc()/vfree() calles for this _debug_
2765 * interface, rarely used. Instead of that, we'll use
2766 * kmap() and get small overhead in this access function.
2770 * we can expect USER0 is not used (see vread/vwrite's
2771 * function description)
2773 void *map = kmap_atomic(p);
2774 memcpy(buf, map + offset, length);
2777 memset(buf, 0, length);
2787 static int aligned_vwrite(char *buf, char *addr, unsigned long count)
2793 unsigned long offset, length;
2795 offset = offset_in_page(addr);
2796 length = PAGE_SIZE - offset;
2799 p = vmalloc_to_page(addr);
2801 * To do safe access to this _mapped_ area, we need
2802 * lock. But adding lock here means that we need to add
2803 * overhead of vmalloc()/vfree() calles for this _debug_
2804 * interface, rarely used. Instead of that, we'll use
2805 * kmap() and get small overhead in this access function.
2809 * we can expect USER0 is not used (see vread/vwrite's
2810 * function description)
2812 void *map = kmap_atomic(p);
2813 memcpy(map + offset, buf, length);
2825 * vread() - read vmalloc area in a safe way.
2826 * @buf: buffer for reading data
2827 * @addr: vm address.
2828 * @count: number of bytes to be read.
2830 * This function checks that addr is a valid vmalloc'ed area, and
2831 * copy data from that area to a given buffer. If the given memory range
2832 * of [addr...addr+count) includes some valid address, data is copied to
2833 * proper area of @buf. If there are memory holes, they'll be zero-filled.
2834 * IOREMAP area is treated as memory hole and no copy is done.
2836 * If [addr...addr+count) doesn't includes any intersects with alive
2837 * vm_struct area, returns 0. @buf should be kernel's buffer.
2839 * Note: In usual ops, vread() is never necessary because the caller
2840 * should know vmalloc() area is valid and can use memcpy().
2841 * This is for routines which have to access vmalloc area without
2842 * any information, as /dev/kmem.
2844 * Return: number of bytes for which addr and buf should be increased
2845 * (same number as @count) or %0 if [addr...addr+count) doesn't
2846 * include any intersection with valid vmalloc area
2848 long vread(char *buf, char *addr, unsigned long count)
2850 struct vmap_area *va;
2851 struct vm_struct *vm;
2852 char *vaddr, *buf_start = buf;
2853 unsigned long buflen = count;
2856 /* Don't allow overflow */
2857 if ((unsigned long) addr + count < count)
2858 count = -(unsigned long) addr;
2860 spin_lock(&vmap_area_lock);
2861 list_for_each_entry(va, &vmap_area_list, list) {
2869 vaddr = (char *) vm->addr;
2870 if (addr >= vaddr + get_vm_area_size(vm))
2872 while (addr < vaddr) {
2880 n = vaddr + get_vm_area_size(vm) - addr;
2883 if (!(vm->flags & VM_IOREMAP))
2884 aligned_vread(buf, addr, n);
2885 else /* IOREMAP area is treated as memory hole */
2892 spin_unlock(&vmap_area_lock);
2894 if (buf == buf_start)
2896 /* zero-fill memory holes */
2897 if (buf != buf_start + buflen)
2898 memset(buf, 0, buflen - (buf - buf_start));
2904 * vwrite() - write vmalloc area in a safe way.
2905 * @buf: buffer for source data
2906 * @addr: vm address.
2907 * @count: number of bytes to be read.
2909 * This function checks that addr is a valid vmalloc'ed area, and
2910 * copy data from a buffer to the given addr. If specified range of
2911 * [addr...addr+count) includes some valid address, data is copied from
2912 * proper area of @buf. If there are memory holes, no copy to hole.
2913 * IOREMAP area is treated as memory hole and no copy is done.
2915 * If [addr...addr+count) doesn't includes any intersects with alive
2916 * vm_struct area, returns 0. @buf should be kernel's buffer.
2918 * Note: In usual ops, vwrite() is never necessary because the caller
2919 * should know vmalloc() area is valid and can use memcpy().
2920 * This is for routines which have to access vmalloc area without
2921 * any information, as /dev/kmem.
2923 * Return: number of bytes for which addr and buf should be
2924 * increased (same number as @count) or %0 if [addr...addr+count)
2925 * doesn't include any intersection with valid vmalloc area
2927 long vwrite(char *buf, char *addr, unsigned long count)
2929 struct vmap_area *va;
2930 struct vm_struct *vm;
2932 unsigned long n, buflen;
2935 /* Don't allow overflow */
2936 if ((unsigned long) addr + count < count)
2937 count = -(unsigned long) addr;
2940 spin_lock(&vmap_area_lock);
2941 list_for_each_entry(va, &vmap_area_list, list) {
2949 vaddr = (char *) vm->addr;
2950 if (addr >= vaddr + get_vm_area_size(vm))
2952 while (addr < vaddr) {
2959 n = vaddr + get_vm_area_size(vm) - addr;
2962 if (!(vm->flags & VM_IOREMAP)) {
2963 aligned_vwrite(buf, addr, n);
2971 spin_unlock(&vmap_area_lock);
2978 * remap_vmalloc_range_partial - map vmalloc pages to userspace
2979 * @vma: vma to cover
2980 * @uaddr: target user address to start at
2981 * @kaddr: virtual address of vmalloc kernel memory
2982 * @pgoff: offset from @kaddr to start at
2983 * @size: size of map area
2985 * Returns: 0 for success, -Exxx on failure
2987 * This function checks that @kaddr is a valid vmalloc'ed area,
2988 * and that it is big enough to cover the range starting at
2989 * @uaddr in @vma. Will return failure if that criteria isn't
2992 * Similar to remap_pfn_range() (see mm/memory.c)
2994 int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
2995 void *kaddr, unsigned long pgoff,
2998 struct vm_struct *area;
3000 unsigned long end_index;
3002 if (check_shl_overflow(pgoff, PAGE_SHIFT, &off))
3005 size = PAGE_ALIGN(size);
3007 if (!PAGE_ALIGNED(uaddr) || !PAGE_ALIGNED(kaddr))
3010 area = find_vm_area(kaddr);
3014 if (!(area->flags & (VM_USERMAP | VM_DMA_COHERENT)))
3017 if (check_add_overflow(size, off, &end_index) ||
3018 end_index > get_vm_area_size(area))
3023 struct page *page = vmalloc_to_page(kaddr);
3026 ret = vm_insert_page(vma, uaddr, page);
3035 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
3039 EXPORT_SYMBOL(remap_vmalloc_range_partial);
3042 * remap_vmalloc_range - map vmalloc pages to userspace
3043 * @vma: vma to cover (map full range of vma)
3044 * @addr: vmalloc memory
3045 * @pgoff: number of pages into addr before first page to map
3047 * Returns: 0 for success, -Exxx on failure
3049 * This function checks that addr is a valid vmalloc'ed area, and
3050 * that it is big enough to cover the vma. Will return failure if
3051 * that criteria isn't met.
3053 * Similar to remap_pfn_range() (see mm/memory.c)
3055 int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
3056 unsigned long pgoff)
3058 return remap_vmalloc_range_partial(vma, vma->vm_start,
3060 vma->vm_end - vma->vm_start);
3062 EXPORT_SYMBOL(remap_vmalloc_range);
3065 * Implement stubs for vmalloc_sync_[un]mappings () if the architecture chose
3068 * The purpose of this function is to make sure the vmalloc area
3069 * mappings are identical in all page-tables in the system.
3071 void __weak vmalloc_sync_mappings(void)
3075 void __weak vmalloc_sync_unmappings(void)
3079 static int f(pte_t *pte, unsigned long addr, void *data)
3091 * alloc_vm_area - allocate a range of kernel address space
3092 * @size: size of the area
3093 * @ptes: returns the PTEs for the address space
3095 * Returns: NULL on failure, vm_struct on success
3097 * This function reserves a range of kernel address space, and
3098 * allocates pagetables to map that range. No actual mappings
3101 * If @ptes is non-NULL, pointers to the PTEs (in init_mm)
3102 * allocated for the VM area are returned.
3104 struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes)
3106 struct vm_struct *area;
3108 area = get_vm_area_caller(size, VM_IOREMAP,
3109 __builtin_return_address(0));
3114 * This ensures that page tables are constructed for this region
3115 * of kernel virtual address space and mapped into init_mm.
3117 if (apply_to_page_range(&init_mm, (unsigned long)area->addr,
3118 size, f, ptes ? &ptes : NULL)) {
3125 EXPORT_SYMBOL_GPL(alloc_vm_area);
3127 void free_vm_area(struct vm_struct *area)
3129 struct vm_struct *ret;
3130 ret = remove_vm_area(area->addr);
3131 BUG_ON(ret != area);
3134 EXPORT_SYMBOL_GPL(free_vm_area);
3137 static struct vmap_area *node_to_va(struct rb_node *n)
3139 return rb_entry_safe(n, struct vmap_area, rb_node);
3143 * pvm_find_va_enclose_addr - find the vmap_area @addr belongs to
3144 * @addr: target address
3146 * Returns: vmap_area if it is found. If there is no such area
3147 * the first highest(reverse order) vmap_area is returned
3148 * i.e. va->va_start < addr && va->va_end < addr or NULL
3149 * if there are no any areas before @addr.
3151 static struct vmap_area *
3152 pvm_find_va_enclose_addr(unsigned long addr)
3154 struct vmap_area *va, *tmp;
3157 n = free_vmap_area_root.rb_node;
3161 tmp = rb_entry(n, struct vmap_area, rb_node);
3162 if (tmp->va_start <= addr) {
3164 if (tmp->va_end >= addr)
3177 * pvm_determine_end_from_reverse - find the highest aligned address
3178 * of free block below VMALLOC_END
3180 * in - the VA we start the search(reverse order);
3181 * out - the VA with the highest aligned end address.
3183 * Returns: determined end address within vmap_area
3185 static unsigned long
3186 pvm_determine_end_from_reverse(struct vmap_area **va, unsigned long align)
3188 unsigned long vmalloc_end = VMALLOC_END & ~(align - 1);
3192 list_for_each_entry_from_reverse((*va),
3193 &free_vmap_area_list, list) {
3194 addr = min((*va)->va_end & ~(align - 1), vmalloc_end);
3195 if ((*va)->va_start < addr)
3204 * pcpu_get_vm_areas - allocate vmalloc areas for percpu allocator
3205 * @offsets: array containing offset of each area
3206 * @sizes: array containing size of each area
3207 * @nr_vms: the number of areas to allocate
3208 * @align: alignment, all entries in @offsets and @sizes must be aligned to this
3210 * Returns: kmalloc'd vm_struct pointer array pointing to allocated
3211 * vm_structs on success, %NULL on failure
3213 * Percpu allocator wants to use congruent vm areas so that it can
3214 * maintain the offsets among percpu areas. This function allocates
3215 * congruent vmalloc areas for it with GFP_KERNEL. These areas tend to
3216 * be scattered pretty far, distance between two areas easily going up
3217 * to gigabytes. To avoid interacting with regular vmallocs, these
3218 * areas are allocated from top.
3220 * Despite its complicated look, this allocator is rather simple. It
3221 * does everything top-down and scans free blocks from the end looking
3222 * for matching base. While scanning, if any of the areas do not fit the
3223 * base address is pulled down to fit the area. Scanning is repeated till
3224 * all the areas fit and then all necessary data structures are inserted
3225 * and the result is returned.
3227 struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
3228 const size_t *sizes, int nr_vms,
3231 const unsigned long vmalloc_start = ALIGN(VMALLOC_START, align);
3232 const unsigned long vmalloc_end = VMALLOC_END & ~(align - 1);
3233 struct vmap_area **vas, *va;
3234 struct vm_struct **vms;
3235 int area, area2, last_area, term_area;
3236 unsigned long base, start, size, end, last_end;
3237 bool purged = false;
3240 /* verify parameters and allocate data structures */
3241 BUG_ON(offset_in_page(align) || !is_power_of_2(align));
3242 for (last_area = 0, area = 0; area < nr_vms; area++) {
3243 start = offsets[area];
3244 end = start + sizes[area];
3246 /* is everything aligned properly? */
3247 BUG_ON(!IS_ALIGNED(offsets[area], align));
3248 BUG_ON(!IS_ALIGNED(sizes[area], align));
3250 /* detect the area with the highest address */
3251 if (start > offsets[last_area])
3254 for (area2 = area + 1; area2 < nr_vms; area2++) {
3255 unsigned long start2 = offsets[area2];
3256 unsigned long end2 = start2 + sizes[area2];
3258 BUG_ON(start2 < end && start < end2);
3261 last_end = offsets[last_area] + sizes[last_area];
3263 if (vmalloc_end - vmalloc_start < last_end) {
3268 vms = kcalloc(nr_vms, sizeof(vms[0]), GFP_KERNEL);
3269 vas = kcalloc(nr_vms, sizeof(vas[0]), GFP_KERNEL);
3273 for (area = 0; area < nr_vms; area++) {
3274 vas[area] = kmem_cache_zalloc(vmap_area_cachep, GFP_KERNEL);
3275 vms[area] = kzalloc(sizeof(struct vm_struct), GFP_KERNEL);
3276 if (!vas[area] || !vms[area])
3280 spin_lock(&vmap_area_lock);
3282 /* start scanning - we scan from the top, begin with the last area */
3283 area = term_area = last_area;
3284 start = offsets[area];
3285 end = start + sizes[area];
3287 va = pvm_find_va_enclose_addr(vmalloc_end);
3288 base = pvm_determine_end_from_reverse(&va, align) - end;
3292 * base might have underflowed, add last_end before
3295 if (base + last_end < vmalloc_start + last_end)
3299 * Fitting base has not been found.
3305 * If required width exeeds current VA block, move
3306 * base downwards and then recheck.
3308 if (base + end > va->va_end) {
3309 base = pvm_determine_end_from_reverse(&va, align) - end;
3315 * If this VA does not fit, move base downwards and recheck.
3317 if (base + start < va->va_start) {
3318 va = node_to_va(rb_prev(&va->rb_node));
3319 base = pvm_determine_end_from_reverse(&va, align) - end;
3325 * This area fits, move on to the previous one. If
3326 * the previous one is the terminal one, we're done.
3328 area = (area + nr_vms - 1) % nr_vms;
3329 if (area == term_area)
3332 start = offsets[area];
3333 end = start + sizes[area];
3334 va = pvm_find_va_enclose_addr(base + end);
3337 /* we've found a fitting base, insert all va's */
3338 for (area = 0; area < nr_vms; area++) {
3341 start = base + offsets[area];
3344 va = pvm_find_va_enclose_addr(start);
3345 if (WARN_ON_ONCE(va == NULL))
3346 /* It is a BUG(), but trigger recovery instead. */
3349 type = classify_va_fit_type(va, start, size);
3350 if (WARN_ON_ONCE(type == NOTHING_FIT))
3351 /* It is a BUG(), but trigger recovery instead. */
3354 ret = adjust_va_to_fit_type(va, start, size, type);
3358 /* Allocated area. */
3360 va->va_start = start;
3361 va->va_end = start + size;
3363 insert_vmap_area(va, &vmap_area_root, &vmap_area_list);
3366 spin_unlock(&vmap_area_lock);
3368 /* insert all vm's */
3369 for (area = 0; area < nr_vms; area++)
3370 setup_vmalloc_vm(vms[area], vas[area], VM_ALLOC,
3377 /* Remove previously inserted areas. */
3379 __free_vmap_area(vas[area]);
3384 spin_unlock(&vmap_area_lock);
3386 purge_vmap_area_lazy();
3389 /* Before "retry", check if we recover. */
3390 for (area = 0; area < nr_vms; area++) {
3394 vas[area] = kmem_cache_zalloc(
3395 vmap_area_cachep, GFP_KERNEL);
3404 for (area = 0; area < nr_vms; area++) {
3406 kmem_cache_free(vmap_area_cachep, vas[area]);
3417 * pcpu_free_vm_areas - free vmalloc areas for percpu allocator
3418 * @vms: vm_struct pointer array returned by pcpu_get_vm_areas()
3419 * @nr_vms: the number of allocated areas
3421 * Free vm_structs and the array allocated by pcpu_get_vm_areas().
3423 void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
3427 for (i = 0; i < nr_vms; i++)
3428 free_vm_area(vms[i]);
3431 #endif /* CONFIG_SMP */
3433 #ifdef CONFIG_PROC_FS
3434 static void *s_start(struct seq_file *m, loff_t *pos)
3435 __acquires(&vmap_area_lock)
3437 spin_lock(&vmap_area_lock);
3438 return seq_list_start(&vmap_area_list, *pos);
3441 static void *s_next(struct seq_file *m, void *p, loff_t *pos)
3443 return seq_list_next(p, &vmap_area_list, pos);
3446 static void s_stop(struct seq_file *m, void *p)
3447 __releases(&vmap_area_lock)
3449 spin_unlock(&vmap_area_lock);
3452 static void show_numa_info(struct seq_file *m, struct vm_struct *v)
3454 if (IS_ENABLED(CONFIG_NUMA)) {
3455 unsigned int nr, *counters = m->private;
3460 if (v->flags & VM_UNINITIALIZED)
3462 /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */
3465 memset(counters, 0, nr_node_ids * sizeof(unsigned int));
3467 for (nr = 0; nr < v->nr_pages; nr++)
3468 counters[page_to_nid(v->pages[nr])]++;
3470 for_each_node_state(nr, N_HIGH_MEMORY)
3472 seq_printf(m, " N%u=%u", nr, counters[nr]);
3476 static void show_purge_info(struct seq_file *m)
3478 struct llist_node *head;
3479 struct vmap_area *va;
3481 head = READ_ONCE(vmap_purge_list.first);
3485 llist_for_each_entry(va, head, purge_list) {
3486 seq_printf(m, "0x%pK-0x%pK %7ld unpurged vm_area\n",
3487 (void *)va->va_start, (void *)va->va_end,
3488 va->va_end - va->va_start);
3492 static int s_show(struct seq_file *m, void *p)
3494 struct vmap_area *va;
3495 struct vm_struct *v;
3497 va = list_entry(p, struct vmap_area, list);
3500 * s_show can encounter race with remove_vm_area, !vm on behalf
3501 * of vmap area is being tear down or vm_map_ram allocation.
3504 seq_printf(m, "0x%pK-0x%pK %7ld vm_map_ram\n",
3505 (void *)va->va_start, (void *)va->va_end,
3506 va->va_end - va->va_start);
3513 seq_printf(m, "0x%pK-0x%pK %7ld",
3514 v->addr, v->addr + v->size, v->size);
3517 seq_printf(m, " %pS", v->caller);
3520 seq_printf(m, " pages=%d", v->nr_pages);
3523 seq_printf(m, " phys=%pa", &v->phys_addr);
3525 if (v->flags & VM_IOREMAP)
3526 seq_puts(m, " ioremap");
3528 if (v->flags & VM_ALLOC)
3529 seq_puts(m, " vmalloc");
3531 if (v->flags & VM_MAP)
3532 seq_puts(m, " vmap");
3534 if (v->flags & VM_USERMAP)
3535 seq_puts(m, " user");
3537 if (v->flags & VM_DMA_COHERENT)
3538 seq_puts(m, " dma-coherent");
3540 if (is_vmalloc_addr(v->pages))
3541 seq_puts(m, " vpages");
3543 show_numa_info(m, v);
3547 * As a final step, dump "unpurged" areas. Note,
3548 * that entire "/proc/vmallocinfo" output will not
3549 * be address sorted, because the purge list is not
3552 if (list_is_last(&va->list, &vmap_area_list))
3558 static const struct seq_operations vmalloc_op = {
3565 static int __init proc_vmalloc_init(void)
3567 if (IS_ENABLED(CONFIG_NUMA))
3568 proc_create_seq_private("vmallocinfo", 0400, NULL,
3570 nr_node_ids * sizeof(unsigned int), NULL);
3572 proc_create_seq("vmallocinfo", 0400, NULL, &vmalloc_op);
3575 module_init(proc_vmalloc_init);
projects / releases.git / blob