rmap.c revision b7ab795b7bec9997d4fde39f249d52823d36d98d 
1/*
2 * mm/rmap.c - physical to virtual reverse mappings
3 *
4 * Copyright 2001, Rik van Riel <riel@conectiva.com.br>
5 * Released under the General Public License (GPL).
6 *
7 * Simple, low overhead reverse mapping scheme.
8 * Please try to keep this thing as modular as possible.
9 *
10 * Provides methods for unmapping each kind of mapped page:
11 * the anon methods track anonymous pages, and
12 * the file methods track pages belonging to an inode.
13 *
14 * Original design by Rik van Riel <riel@conectiva.com.br> 2001
15 * File methods by Dave McCracken <dmccr@us.ibm.com> 2003, 2004
16 * Anonymous methods by Andrea Arcangeli <andrea@suse.de> 2004
17 * Contributions by Hugh Dickins <hugh@veritas.com> 2003, 2004
18 */
19
20/*
21 * Lock ordering in mm:
22 *
23 * inode->i_mutex	(while writing or truncating, not reading or faulting)
24 *   inode->i_alloc_sem
25 *
26 * When a page fault occurs in writing from user to file, down_read
27 * of mmap_sem nests within i_mutex; in sys_msync, i_mutex nests within
28 * down_read of mmap_sem; i_mutex and down_write of mmap_sem are never
29 * taken together; in truncation, i_mutex is taken outermost.
30 *
31 * mm->mmap_sem
32 *   page->flags PG_locked (lock_page)
33 *     mapping->i_mmap_lock
34 *       anon_vma->lock
35 *         mm->page_table_lock or pte_lock
36 *           zone->lru_lock (in mark_page_accessed, isolate_lru_page)
37 *           swap_lock (in swap_duplicate, swap_info_get)
38 *             mmlist_lock (in mmput, drain_mmlist and others)
39 *             mapping->private_lock (in __set_page_dirty_buffers)
40 *             inode_lock (in set_page_dirty's __mark_inode_dirty)
41 *               sb_lock (within inode_lock in fs/fs-writeback.c)
42 *               mapping->tree_lock (widely used, in set_page_dirty,
43 *                         in arch-dependent flush_dcache_mmap_lock,
44 *                         within inode_lock in __sync_single_inode)
45 */
46
47#include <linux/mm.h>
48#include <linux/pagemap.h>
49#include <linux/swap.h>
50#include <linux/swapops.h>
51#include <linux/slab.h>
52#include <linux/init.h>
53#include <linux/rmap.h>
54#include <linux/rcupdate.h>
55#include <linux/module.h>
56
57#include <asm/tlbflush.h>
58
59struct kmem_cache *anon_vma_cachep;
60
61static inline void validate_anon_vma(struct vm_area_struct *find_vma)
62{
63#ifdef CONFIG_DEBUG_VM
64	struct anon_vma *anon_vma = find_vma->anon_vma;
65	struct vm_area_struct *vma;
66	unsigned int mapcount = 0;
67	int found = 0;
68
69	list_for_each_entry(vma, &anon_vma->head, anon_vma_node) {
70		mapcount++;
71		BUG_ON(mapcount > 100000);
72		if (vma == find_vma)
73			found = 1;
74	}
75	BUG_ON(!found);
76#endif
77}
78
79/* This must be called under the mmap_sem. */
80int anon_vma_prepare(struct vm_area_struct *vma)
81{
82	struct anon_vma *anon_vma = vma->anon_vma;
83
84	might_sleep();
85	if (unlikely(!anon_vma)) {
86		struct mm_struct *mm = vma->vm_mm;
87		struct anon_vma *allocated, *locked;
88
89		anon_vma = find_mergeable_anon_vma(vma);
90		if (anon_vma) {
91			allocated = NULL;
92			locked = anon_vma;
93			spin_lock(&locked->lock);
94		} else {
95			anon_vma = anon_vma_alloc();
96			if (unlikely(!anon_vma))
97				return -ENOMEM;
98			allocated = anon_vma;
99			locked = NULL;
100		}
101
102		/* page_table_lock to protect against threads */
103		spin_lock(&mm->page_table_lock);
104		if (likely(!vma->anon_vma)) {
105			vma->anon_vma = anon_vma;
106			list_add(&vma->anon_vma_node, &anon_vma->head);
107			allocated = NULL;
108		}
109		spin_unlock(&mm->page_table_lock);
110
111		if (locked)
112			spin_unlock(&locked->lock);
113		if (unlikely(allocated))
114			anon_vma_free(allocated);
115	}
116	return 0;
117}
118
119void __anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next)
120{
121	BUG_ON(vma->anon_vma != next->anon_vma);
122	list_del(&next->anon_vma_node);
123}
124
125void __anon_vma_link(struct vm_area_struct *vma)
126{
127	struct anon_vma *anon_vma = vma->anon_vma;
128
129	if (anon_vma) {
130		list_add(&vma->anon_vma_node, &anon_vma->head);
131		validate_anon_vma(vma);
132	}
133}
134
135void anon_vma_link(struct vm_area_struct *vma)
136{
137	struct anon_vma *anon_vma = vma->anon_vma;
138
139	if (anon_vma) {
140		spin_lock(&anon_vma->lock);
141		list_add(&vma->anon_vma_node, &anon_vma->head);
142		validate_anon_vma(vma);
143		spin_unlock(&anon_vma->lock);
144	}
145}
146
147void anon_vma_unlink(struct vm_area_struct *vma)
148{
149	struct anon_vma *anon_vma = vma->anon_vma;
150	int empty;
151
152	if (!anon_vma)
153		return;
154
155	spin_lock(&anon_vma->lock);
156	validate_anon_vma(vma);
157	list_del(&vma->anon_vma_node);
158
159	/* We must garbage collect the anon_vma if it's empty */
160	empty = list_empty(&anon_vma->head);
161	spin_unlock(&anon_vma->lock);
162
163	if (empty)
164		anon_vma_free(anon_vma);
165}
166
167static void anon_vma_ctor(void *data, struct kmem_cache *cachep,
168			  unsigned long flags)
169{
170	if ((flags & (SLAB_CTOR_VERIFY|SLAB_CTOR_CONSTRUCTOR)) ==
171						SLAB_CTOR_CONSTRUCTOR) {
172		struct anon_vma *anon_vma = data;
173
174		spin_lock_init(&anon_vma->lock);
175		INIT_LIST_HEAD(&anon_vma->head);
176	}
177}
178
179void __init anon_vma_init(void)
180{
181	anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
182			0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor, NULL);
183}
184
185/*
186 * Getting a lock on a stable anon_vma from a page off the LRU is
187 * tricky: page_lock_anon_vma rely on RCU to guard against the races.
188 */
189static struct anon_vma *page_lock_anon_vma(struct page *page)
190{
191	struct anon_vma *anon_vma = NULL;
192	unsigned long anon_mapping;
193
194	rcu_read_lock();
195	anon_mapping = (unsigned long) page->mapping;
196	if (!(anon_mapping & PAGE_MAPPING_ANON))
197		goto out;
198	if (!page_mapped(page))
199		goto out;
200
201	anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON);
202	spin_lock(&anon_vma->lock);
203out:
204	rcu_read_unlock();
205	return anon_vma;
206}
207
208#ifdef CONFIG_MIGRATION
209/*
210 * Remove an anonymous page from swap replacing the swap pte's
211 * through real pte's pointing to valid pages and then releasing
212 * the page from the swap cache.
213 *
214 * Must hold page lock on page and mmap_sem of one vma that contains
215 * the page.
216 */
217void remove_from_swap(struct page *page)
218{
219	struct anon_vma *anon_vma;
220	struct vm_area_struct *vma;
221	unsigned long mapping;
222
223	if (!PageSwapCache(page))
224		return;
225
226	mapping = (unsigned long)page->mapping;
227
228	if (!mapping || (mapping & PAGE_MAPPING_ANON) == 0)
229		return;
230
231	/*
232	 * We hold the mmap_sem lock. So no need to call page_lock_anon_vma.
233	 */
234	anon_vma = (struct anon_vma *) (mapping - PAGE_MAPPING_ANON);
235	spin_lock(&anon_vma->lock);
236
237	list_for_each_entry(vma, &anon_vma->head, anon_vma_node)
238		remove_vma_swap(vma, page);
239
240	spin_unlock(&anon_vma->lock);
241	delete_from_swap_cache(page);
242}
243EXPORT_SYMBOL(remove_from_swap);
244#endif
245
246/*
247 * At what user virtual address is page expected in vma?
248 */
249static inline unsigned long
250vma_address(struct page *page, struct vm_area_struct *vma)
251{
252	pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
253	unsigned long address;
254
255	address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
256	if (unlikely(address < vma->vm_start || address >= vma->vm_end)) {
257		/* page should be within any vma from prio_tree_next */
258		BUG_ON(!PageAnon(page));
259		return -EFAULT;
260	}
261	return address;
262}
263
264/*
265 * At what user virtual address is page expected in vma? checking that the
266 * page matches the vma: currently only used on anon pages, by unuse_vma;
267 */
268unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
269{
270	if (PageAnon(page)) {
271		if ((void *)vma->anon_vma !=
272		    (void *)page->mapping - PAGE_MAPPING_ANON)
273			return -EFAULT;
274	} else if (page->mapping && !(vma->vm_flags & VM_NONLINEAR)) {
275		if (!vma->vm_file ||
276		    vma->vm_file->f_mapping != page->mapping)
277			return -EFAULT;
278	} else
279		return -EFAULT;
280	return vma_address(page, vma);
281}
282
283/*
284 * Check that @page is mapped at @address into @mm.
285 *
286 * On success returns with pte mapped and locked.
287 */
288pte_t *page_check_address(struct page *page, struct mm_struct *mm,
289			  unsigned long address, spinlock_t **ptlp)
290{
291	pgd_t *pgd;
292	pud_t *pud;
293	pmd_t *pmd;
294	pte_t *pte;
295	spinlock_t *ptl;
296
297	pgd = pgd_offset(mm, address);
298	if (!pgd_present(*pgd))
299		return NULL;
300
301	pud = pud_offset(pgd, address);
302	if (!pud_present(*pud))
303		return NULL;
304
305	pmd = pmd_offset(pud, address);
306	if (!pmd_present(*pmd))
307		return NULL;
308
309	pte = pte_offset_map(pmd, address);
310	/* Make a quick check before getting the lock */
311	if (!pte_present(*pte)) {
312		pte_unmap(pte);
313		return NULL;
314	}
315
316	ptl = pte_lockptr(mm, pmd);
317	spin_lock(ptl);
318	if (pte_present(*pte) && page_to_pfn(page) == pte_pfn(*pte)) {
319		*ptlp = ptl;
320		return pte;
321	}
322	pte_unmap_unlock(pte, ptl);
323	return NULL;
324}
325
326/*
327 * Subfunctions of page_referenced: page_referenced_one called
328 * repeatedly from either page_referenced_anon or page_referenced_file.
329 */
330static int page_referenced_one(struct page *page,
331	struct vm_area_struct *vma, unsigned int *mapcount)
332{
333	struct mm_struct *mm = vma->vm_mm;
334	unsigned long address;
335	pte_t *pte;
336	spinlock_t *ptl;
337	int referenced = 0;
338
339	address = vma_address(page, vma);
340	if (address == -EFAULT)
341		goto out;
342
343	pte = page_check_address(page, mm, address, &ptl);
344	if (!pte)
345		goto out;
346
347	if (ptep_clear_flush_young(vma, address, pte))
348		referenced++;
349
350	/* Pretend the page is referenced if the task has the
351	   swap token and is in the middle of a page fault. */
352	if (mm != current->mm && has_swap_token(mm) &&
353			rwsem_is_locked(&mm->mmap_sem))
354		referenced++;
355
356	(*mapcount)--;
357	pte_unmap_unlock(pte, ptl);
358out:
359	return referenced;
360}
361
362static int page_referenced_anon(struct page *page)
363{
364	unsigned int mapcount;
365	struct anon_vma *anon_vma;
366	struct vm_area_struct *vma;
367	int referenced = 0;
368
369	anon_vma = page_lock_anon_vma(page);
370	if (!anon_vma)
371		return referenced;
372
373	mapcount = page_mapcount(page);
374	list_for_each_entry(vma, &anon_vma->head, anon_vma_node) {
375		referenced += page_referenced_one(page, vma, &mapcount);
376		if (!mapcount)
377			break;
378	}
379	spin_unlock(&anon_vma->lock);
380	return referenced;
381}
382
383/**
384 * page_referenced_file - referenced check for object-based rmap
385 * @page: the page we're checking references on.
386 *
387 * For an object-based mapped page, find all the places it is mapped and
388 * check/clear the referenced flag.  This is done by following the page->mapping
389 * pointer, then walking the chain of vmas it holds.  It returns the number
390 * of references it found.
391 *
392 * This function is only called from page_referenced for object-based pages.
393 */
394static int page_referenced_file(struct page *page)
395{
396	unsigned int mapcount;
397	struct address_space *mapping = page->mapping;
398	pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
399	struct vm_area_struct *vma;
400	struct prio_tree_iter iter;
401	int referenced = 0;
402
403	/*
404	 * The caller's checks on page->mapping and !PageAnon have made
405	 * sure that this is a file page: the check for page->mapping
406	 * excludes the case just before it gets set on an anon page.
407	 */
408	BUG_ON(PageAnon(page));
409
410	/*
411	 * The page lock not only makes sure that page->mapping cannot
412	 * suddenly be NULLified by truncation, it makes sure that the
413	 * structure at mapping cannot be freed and reused yet,
414	 * so we can safely take mapping->i_mmap_lock.
415	 */
416	BUG_ON(!PageLocked(page));
417
418	spin_lock(&mapping->i_mmap_lock);
419
420	/*
421	 * i_mmap_lock does not stabilize mapcount at all, but mapcount
422	 * is more likely to be accurate if we note it after spinning.
423	 */
424	mapcount = page_mapcount(page);
425
426	vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) {
427		if ((vma->vm_flags & (VM_LOCKED|VM_MAYSHARE))
428				  == (VM_LOCKED|VM_MAYSHARE)) {
429			referenced++;
430			break;
431		}
432		referenced += page_referenced_one(page, vma, &mapcount);
433		if (!mapcount)
434			break;
435	}
436
437	spin_unlock(&mapping->i_mmap_lock);
438	return referenced;
439}
440
441/**
442 * page_referenced - test if the page was referenced
443 * @page: the page to test
444 * @is_locked: caller holds lock on the page
445 *
446 * Quick test_and_clear_referenced for all mappings to a page,
447 * returns the number of ptes which referenced the page.
448 */
449int page_referenced(struct page *page, int is_locked)
450{
451	int referenced = 0;
452
453	if (page_test_and_clear_young(page))
454		referenced++;
455
456	if (TestClearPageReferenced(page))
457		referenced++;
458
459	if (page_mapped(page) && page->mapping) {
460		if (PageAnon(page))
461			referenced += page_referenced_anon(page);
462		else if (is_locked)
463			referenced += page_referenced_file(page);
464		else if (TestSetPageLocked(page))
465			referenced++;
466		else {
467			if (page->mapping)
468				referenced += page_referenced_file(page);
469			unlock_page(page);
470		}
471	}
472	return referenced;
473}
474
475/**
476 * page_set_anon_rmap - setup new anonymous rmap
477 * @page:	the page to add the mapping to
478 * @vma:	the vm area in which the mapping is added
479 * @address:	the user virtual address mapped
480 */
481static void __page_set_anon_rmap(struct page *page,
482	struct vm_area_struct *vma, unsigned long address)
483{
484	struct anon_vma *anon_vma = vma->anon_vma;
485
486	BUG_ON(!anon_vma);
487	anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
488	page->mapping = (struct address_space *) anon_vma;
489
490	page->index = linear_page_index(vma, address);
491
492	/*
493	 * nr_mapped state can be updated without turning off
494	 * interrupts because it is not modified via interrupt.
495	 */
496	__inc_page_state(nr_mapped);
497}
498
499/**
500 * page_add_anon_rmap - add pte mapping to an anonymous page
501 * @page:	the page to add the mapping to
502 * @vma:	the vm area in which the mapping is added
503 * @address:	the user virtual address mapped
504 *
505 * The caller needs to hold the pte lock.
506 */
507void page_add_anon_rmap(struct page *page,
508	struct vm_area_struct *vma, unsigned long address)
509{
510	if (atomic_inc_and_test(&page->_mapcount))
511		__page_set_anon_rmap(page, vma, address);
512	/* else checking page index and mapping is racy */
513}
514
515/*
516 * page_add_new_anon_rmap - add pte mapping to a new anonymous page
517 * @page:	the page to add the mapping to
518 * @vma:	the vm area in which the mapping is added
519 * @address:	the user virtual address mapped
520 *
521 * Same as page_add_anon_rmap but must only be called on *new* pages.
522 * This means the inc-and-test can be bypassed.
523 */
524void page_add_new_anon_rmap(struct page *page,
525	struct vm_area_struct *vma, unsigned long address)
526{
527	atomic_set(&page->_mapcount, 0); /* elevate count by 1 (starts at -1) */
528	__page_set_anon_rmap(page, vma, address);
529}
530
531/**
532 * page_add_file_rmap - add pte mapping to a file page
533 * @page: the page to add the mapping to
534 *
535 * The caller needs to hold the pte lock.
536 */
537void page_add_file_rmap(struct page *page)
538{
539	if (atomic_inc_and_test(&page->_mapcount))
540		__inc_page_state(nr_mapped);
541}
542
543/**
544 * page_remove_rmap - take down pte mapping from a page
545 * @page: page to remove mapping from
546 *
547 * The caller needs to hold the pte lock.
548 */
549void page_remove_rmap(struct page *page)
550{
551	if (atomic_add_negative(-1, &page->_mapcount)) {
552#ifdef CONFIG_DEBUG_VM
553		if (unlikely(page_mapcount(page) < 0)) {
554			printk (KERN_EMERG "Eeek! page_mapcount(page) went negative! (%d)\n", page_mapcount(page));
555			printk (KERN_EMERG "  page->flags = %lx\n", page->flags);
556			printk (KERN_EMERG "  page->count = %x\n", page_count(page));
557			printk (KERN_EMERG "  page->mapping = %p\n", page->mapping);
558		}
559#endif
560		BUG_ON(page_mapcount(page) < 0);
561		/*
562		 * It would be tidy to reset the PageAnon mapping here,
563		 * but that might overwrite a racing page_add_anon_rmap
564		 * which increments mapcount after us but sets mapping
565		 * before us: so leave the reset to free_hot_cold_page,
566		 * and remember that it's only reliable while mapped.
567		 * Leaving it set also helps swapoff to reinstate ptes
568		 * faster for those pages still in swapcache.
569		 */
570		if (page_test_and_clear_dirty(page))
571			set_page_dirty(page);
572		__dec_page_state(nr_mapped);
573	}
574}
575
576/*
577 * Subfunctions of try_to_unmap: try_to_unmap_one called
578 * repeatedly from either try_to_unmap_anon or try_to_unmap_file.
579 */
580static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
581				int ignore_refs)
582{
583	struct mm_struct *mm = vma->vm_mm;
584	unsigned long address;
585	pte_t *pte;
586	pte_t pteval;
587	spinlock_t *ptl;
588	int ret = SWAP_AGAIN;
589
590	address = vma_address(page, vma);
591	if (address == -EFAULT)
592		goto out;
593
594	pte = page_check_address(page, mm, address, &ptl);
595	if (!pte)
596		goto out;
597
598	/*
599	 * If the page is mlock()d, we cannot swap it out.
600	 * If it's recently referenced (perhaps page_referenced
601	 * skipped over this mm) then we should reactivate it.
602	 */
603	if ((vma->vm_flags & VM_LOCKED) ||
604			(ptep_clear_flush_young(vma, address, pte)
605				&& !ignore_refs)) {
606		ret = SWAP_FAIL;
607		goto out_unmap;
608	}
609
610	/* Nuke the page table entry. */
611	flush_cache_page(vma, address, page_to_pfn(page));
612	pteval = ptep_clear_flush(vma, address, pte);
613
614	/* Move the dirty bit to the physical page now the pte is gone. */
615	if (pte_dirty(pteval))
616		set_page_dirty(page);
617
618	/* Update high watermark before we lower rss */
619	update_hiwater_rss(mm);
620
621	if (PageAnon(page)) {
622		swp_entry_t entry = { .val = page_private(page) };
623		/*
624		 * Store the swap location in the pte.
625		 * See handle_pte_fault() ...
626		 */
627		BUG_ON(!PageSwapCache(page));
628		swap_duplicate(entry);
629		if (list_empty(&mm->mmlist)) {
630			spin_lock(&mmlist_lock);
631			if (list_empty(&mm->mmlist))
632				list_add(&mm->mmlist, &init_mm.mmlist);
633			spin_unlock(&mmlist_lock);
634		}
635		set_pte_at(mm, address, pte, swp_entry_to_pte(entry));
636		BUG_ON(pte_file(*pte));
637		dec_mm_counter(mm, anon_rss);
638	} else
639		dec_mm_counter(mm, file_rss);
640
641	page_remove_rmap(page);
642	page_cache_release(page);
643
644out_unmap:
645	pte_unmap_unlock(pte, ptl);
646out:
647	return ret;
648}
649
650/*
651 * objrmap doesn't work for nonlinear VMAs because the assumption that
652 * offset-into-file correlates with offset-into-virtual-addresses does not hold.
653 * Consequently, given a particular page and its ->index, we cannot locate the
654 * ptes which are mapping that page without an exhaustive linear search.
655 *
656 * So what this code does is a mini "virtual scan" of each nonlinear VMA which
657 * maps the file to which the target page belongs.  The ->vm_private_data field
658 * holds the current cursor into that scan.  Successive searches will circulate
659 * around the vma's virtual address space.
660 *
661 * So as more replacement pressure is applied to the pages in a nonlinear VMA,
662 * more scanning pressure is placed against them as well.   Eventually pages
663 * will become fully unmapped and are eligible for eviction.
664 *
665 * For very sparsely populated VMAs this is a little inefficient - chances are
666 * there there won't be many ptes located within the scan cluster.  In this case
667 * maybe we could scan further - to the end of the pte page, perhaps.
668 */
669#define CLUSTER_SIZE	min(32*PAGE_SIZE, PMD_SIZE)
670#define CLUSTER_MASK	(~(CLUSTER_SIZE - 1))
671
672static void try_to_unmap_cluster(unsigned long cursor,
673	unsigned int *mapcount, struct vm_area_struct *vma)
674{
675	struct mm_struct *mm = vma->vm_mm;
676	pgd_t *pgd;
677	pud_t *pud;
678	pmd_t *pmd;
679	pte_t *pte;
680	pte_t pteval;
681	spinlock_t *ptl;
682	struct page *page;
683	unsigned long address;
684	unsigned long end;
685
686	address = (vma->vm_start + cursor) & CLUSTER_MASK;
687	end = address + CLUSTER_SIZE;
688	if (address < vma->vm_start)
689		address = vma->vm_start;
690	if (end > vma->vm_end)
691		end = vma->vm_end;
692
693	pgd = pgd_offset(mm, address);
694	if (!pgd_present(*pgd))
695		return;
696
697	pud = pud_offset(pgd, address);
698	if (!pud_present(*pud))
699		return;
700
701	pmd = pmd_offset(pud, address);
702	if (!pmd_present(*pmd))
703		return;
704
705	pte = pte_offset_map_lock(mm, pmd, address, &ptl);
706
707	/* Update high watermark before we lower rss */
708	update_hiwater_rss(mm);
709
710	for (; address < end; pte++, address += PAGE_SIZE) {
711		if (!pte_present(*pte))
712			continue;
713		page = vm_normal_page(vma, address, *pte);
714		BUG_ON(!page || PageAnon(page));
715
716		if (ptep_clear_flush_young(vma, address, pte))
717			continue;
718
719		/* Nuke the page table entry. */
720		flush_cache_page(vma, address, pte_pfn(*pte));
721		pteval = ptep_clear_flush(vma, address, pte);
722
723		/* If nonlinear, store the file page offset in the pte. */
724		if (page->index != linear_page_index(vma, address))
725			set_pte_at(mm, address, pte, pgoff_to_pte(page->index));
726
727		/* Move the dirty bit to the physical page now the pte is gone. */
728		if (pte_dirty(pteval))
729			set_page_dirty(page);
730
731		page_remove_rmap(page);
732		page_cache_release(page);
733		dec_mm_counter(mm, file_rss);
734		(*mapcount)--;
735	}
736	pte_unmap_unlock(pte - 1, ptl);
737}
738
739static int try_to_unmap_anon(struct page *page, int ignore_refs)
740{
741	struct anon_vma *anon_vma;
742	struct vm_area_struct *vma;
743	int ret = SWAP_AGAIN;
744
745	anon_vma = page_lock_anon_vma(page);
746	if (!anon_vma)
747		return ret;
748
749	list_for_each_entry(vma, &anon_vma->head, anon_vma_node) {
750		ret = try_to_unmap_one(page, vma, ignore_refs);
751		if (ret == SWAP_FAIL || !page_mapped(page))
752			break;
753	}
754	spin_unlock(&anon_vma->lock);
755	return ret;
756}
757
758/**
759 * try_to_unmap_file - unmap file page using the object-based rmap method
760 * @page: the page to unmap
761 *
762 * Find all the mappings of a page using the mapping pointer and the vma chains
763 * contained in the address_space struct it points to.
764 *
765 * This function is only called from try_to_unmap for object-based pages.
766 */
767static int try_to_unmap_file(struct page *page, int ignore_refs)
768{
769	struct address_space *mapping = page->mapping;
770	pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
771	struct vm_area_struct *vma;
772	struct prio_tree_iter iter;
773	int ret = SWAP_AGAIN;
774	unsigned long cursor;
775	unsigned long max_nl_cursor = 0;
776	unsigned long max_nl_size = 0;
777	unsigned int mapcount;
778
779	spin_lock(&mapping->i_mmap_lock);
780	vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) {
781		ret = try_to_unmap_one(page, vma, ignore_refs);
782		if (ret == SWAP_FAIL || !page_mapped(page))
783			goto out;
784	}
785
786	if (list_empty(&mapping->i_mmap_nonlinear))
787		goto out;
788
789	list_for_each_entry(vma, &mapping->i_mmap_nonlinear,
790						shared.vm_set.list) {
791		if (vma->vm_flags & VM_LOCKED)
792			continue;
793		cursor = (unsigned long) vma->vm_private_data;
794		if (cursor > max_nl_cursor)
795			max_nl_cursor = cursor;
796		cursor = vma->vm_end - vma->vm_start;
797		if (cursor > max_nl_size)
798			max_nl_size = cursor;
799	}
800
801	if (max_nl_size == 0) {	/* any nonlinears locked or reserved */
802		ret = SWAP_FAIL;
803		goto out;
804	}
805
806	/*
807	 * We don't try to search for this page in the nonlinear vmas,
808	 * and page_referenced wouldn't have found it anyway.  Instead
809	 * just walk the nonlinear vmas trying to age and unmap some.
810	 * The mapcount of the page we came in with is irrelevant,
811	 * but even so use it as a guide to how hard we should try?
812	 */
813	mapcount = page_mapcount(page);
814	if (!mapcount)
815		goto out;
816	cond_resched_lock(&mapping->i_mmap_lock);
817
818	max_nl_size = (max_nl_size + CLUSTER_SIZE - 1) & CLUSTER_MASK;
819	if (max_nl_cursor == 0)
820		max_nl_cursor = CLUSTER_SIZE;
821
822	do {
823		list_for_each_entry(vma, &mapping->i_mmap_nonlinear,
824						shared.vm_set.list) {
825			if (vma->vm_flags & VM_LOCKED)
826				continue;
827			cursor = (unsigned long) vma->vm_private_data;
828			while ( cursor < max_nl_cursor &&
829				cursor < vma->vm_end - vma->vm_start) {
830				try_to_unmap_cluster(cursor, &mapcount, vma);
831				cursor += CLUSTER_SIZE;
832				vma->vm_private_data = (void *) cursor;
833				if ((int)mapcount <= 0)
834					goto out;
835			}
836			vma->vm_private_data = (void *) max_nl_cursor;
837		}
838		cond_resched_lock(&mapping->i_mmap_lock);
839		max_nl_cursor += CLUSTER_SIZE;
840	} while (max_nl_cursor <= max_nl_size);
841
842	/*
843	 * Don't loop forever (perhaps all the remaining pages are
844	 * in locked vmas).  Reset cursor on all unreserved nonlinear
845	 * vmas, now forgetting on which ones it had fallen behind.
846	 */
847	list_for_each_entry(vma, &mapping->i_mmap_nonlinear, shared.vm_set.list)
848		vma->vm_private_data = NULL;
849out:
850	spin_unlock(&mapping->i_mmap_lock);
851	return ret;
852}
853
854/**
855 * try_to_unmap - try to remove all page table mappings to a page
856 * @page: the page to get unmapped
857 *
858 * Tries to remove all the page table entries which are mapping this
859 * page, used in the pageout path.  Caller must hold the page lock.
860 * Return values are:
861 *
862 * SWAP_SUCCESS	- we succeeded in removing all mappings
863 * SWAP_AGAIN	- we missed a mapping, try again later
864 * SWAP_FAIL	- the page is unswappable
865 */
866int try_to_unmap(struct page *page, int ignore_refs)
867{
868	int ret;
869
870	BUG_ON(!PageLocked(page));
871
872	if (PageAnon(page))
873		ret = try_to_unmap_anon(page, ignore_refs);
874	else
875		ret = try_to_unmap_file(page, ignore_refs);
876
877	if (!page_mapped(page))
878		ret = SWAP_SUCCESS;
879	return ret;
880}
881
882