2005-04-17 02:20:36 +04:00
/*
* mm / truncate . c - code for taking down pages from address_spaces
*
* Copyright ( C ) 2002 , Linus Torvalds
*
2008-10-16 09:01:59 +04:00
* 10 Sep2002 Andrew Morton
2005-04-17 02:20:36 +04:00
* Initial version .
*/
# include <linux/kernel.h>
2007-10-17 10:29:23 +04:00
# include <linux/backing-dev.h>
2005-04-17 02:20:36 +04:00
# include <linux/mm.h>
2006-09-27 12:50:02 +04:00
# include <linux/swap.h>
2005-04-17 02:20:36 +04:00
# include <linux/module.h>
# include <linux/pagemap.h>
2007-05-09 13:35:07 +04:00
# include <linux/highmem.h>
2005-04-17 02:20:36 +04:00
# include <linux/pagevec.h>
2006-12-10 13:19:31 +03:00
# include <linux/task_io_accounting_ops.h>
2005-04-17 02:20:36 +04:00
# include <linux/buffer_head.h> /* grr. try_to_release_page,
2005-10-31 02:00:16 +03:00
do_invalidatepage */
2008-10-19 07:26:50 +04:00
# include "internal.h"
2005-04-17 02:20:36 +04:00
2006-08-29 22:05:54 +04:00
/**
2008-02-03 19:04:10 +03:00
* do_invalidatepage - invalidate part or all of a page
2006-08-29 22:05:54 +04:00
* @ page : the page which is affected
* @ offset : the index of the truncation point
*
* do_invalidatepage ( ) is called when all or part of the page has become
* invalidated by a truncate operation .
*
* do_invalidatepage ( ) does not have to release all buffers , but it must
* ensure that no dirty buffer is left outside @ offset and that no I / O
* is underway against any of the blocks which are outside the truncation
* point . Because the caller is about to free ( and possibly reuse ) those
* blocks on - disk .
*/
void do_invalidatepage ( struct page * page , unsigned long offset )
{
void ( * invalidatepage ) ( struct page * , unsigned long ) ;
invalidatepage = page - > mapping - > a_ops - > invalidatepage ;
[PATCH] BLOCK: Make it possible to disable the block layer [try #6]
Make it possible to disable the block layer. Not all embedded devices require
it, some can make do with just JFFS2, NFS, ramfs, etc - none of which require
the block layer to be present.
This patch does the following:
(*) Introduces CONFIG_BLOCK to disable the block layer, buffering and blockdev
support.
(*) Adds dependencies on CONFIG_BLOCK to any configuration item that controls
an item that uses the block layer. This includes:
(*) Block I/O tracing.
(*) Disk partition code.
(*) All filesystems that are block based, eg: Ext3, ReiserFS, ISOFS.
(*) The SCSI layer. As far as I can tell, even SCSI chardevs use the
block layer to do scheduling. Some drivers that use SCSI facilities -
such as USB storage - end up disabled indirectly from this.
(*) Various block-based device drivers, such as IDE and the old CDROM
drivers.
(*) MTD blockdev handling and FTL.
(*) JFFS - which uses set_bdev_super(), something it could avoid doing by
taking a leaf out of JFFS2's book.
(*) Makes most of the contents of linux/blkdev.h, linux/buffer_head.h and
linux/elevator.h contingent on CONFIG_BLOCK being set. sector_div() is,
however, still used in places, and so is still available.
(*) Also made contingent are the contents of linux/mpage.h, linux/genhd.h and
parts of linux/fs.h.
(*) Makes a number of files in fs/ contingent on CONFIG_BLOCK.
(*) Makes mm/bounce.c (bounce buffering) contingent on CONFIG_BLOCK.
(*) set_page_dirty() doesn't call __set_page_dirty_buffers() if CONFIG_BLOCK
is not enabled.
(*) fs/no-block.c is created to hold out-of-line stubs and things that are
required when CONFIG_BLOCK is not set:
(*) Default blockdev file operations (to give error ENODEV on opening).
(*) Makes some /proc changes:
(*) /proc/devices does not list any blockdevs.
(*) /proc/diskstats and /proc/partitions are contingent on CONFIG_BLOCK.
(*) Makes some compat ioctl handling contingent on CONFIG_BLOCK.
(*) If CONFIG_BLOCK is not defined, makes sys_quotactl() return -ENODEV if
given command other than Q_SYNC or if a special device is specified.
(*) In init/do_mounts.c, no reference is made to the blockdev routines if
CONFIG_BLOCK is not defined. This does not prohibit NFS roots or JFFS2.
(*) The bdflush, ioprio_set and ioprio_get syscalls can now be absent (return
error ENOSYS by way of cond_syscall if so).
(*) The seclvl_bd_claim() and seclvl_bd_release() security calls do nothing if
CONFIG_BLOCK is not set, since they can't then happen.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2006-09-30 22:45:40 +04:00
# ifdef CONFIG_BLOCK
2006-08-29 22:05:54 +04:00
if ( ! invalidatepage )
invalidatepage = block_invalidatepage ;
[PATCH] BLOCK: Make it possible to disable the block layer [try #6]
Make it possible to disable the block layer. Not all embedded devices require
it, some can make do with just JFFS2, NFS, ramfs, etc - none of which require
the block layer to be present.
This patch does the following:
(*) Introduces CONFIG_BLOCK to disable the block layer, buffering and blockdev
support.
(*) Adds dependencies on CONFIG_BLOCK to any configuration item that controls
an item that uses the block layer. This includes:
(*) Block I/O tracing.
(*) Disk partition code.
(*) All filesystems that are block based, eg: Ext3, ReiserFS, ISOFS.
(*) The SCSI layer. As far as I can tell, even SCSI chardevs use the
block layer to do scheduling. Some drivers that use SCSI facilities -
such as USB storage - end up disabled indirectly from this.
(*) Various block-based device drivers, such as IDE and the old CDROM
drivers.
(*) MTD blockdev handling and FTL.
(*) JFFS - which uses set_bdev_super(), something it could avoid doing by
taking a leaf out of JFFS2's book.
(*) Makes most of the contents of linux/blkdev.h, linux/buffer_head.h and
linux/elevator.h contingent on CONFIG_BLOCK being set. sector_div() is,
however, still used in places, and so is still available.
(*) Also made contingent are the contents of linux/mpage.h, linux/genhd.h and
parts of linux/fs.h.
(*) Makes a number of files in fs/ contingent on CONFIG_BLOCK.
(*) Makes mm/bounce.c (bounce buffering) contingent on CONFIG_BLOCK.
(*) set_page_dirty() doesn't call __set_page_dirty_buffers() if CONFIG_BLOCK
is not enabled.
(*) fs/no-block.c is created to hold out-of-line stubs and things that are
required when CONFIG_BLOCK is not set:
(*) Default blockdev file operations (to give error ENODEV on opening).
(*) Makes some /proc changes:
(*) /proc/devices does not list any blockdevs.
(*) /proc/diskstats and /proc/partitions are contingent on CONFIG_BLOCK.
(*) Makes some compat ioctl handling contingent on CONFIG_BLOCK.
(*) If CONFIG_BLOCK is not defined, makes sys_quotactl() return -ENODEV if
given command other than Q_SYNC or if a special device is specified.
(*) In init/do_mounts.c, no reference is made to the blockdev routines if
CONFIG_BLOCK is not defined. This does not prohibit NFS roots or JFFS2.
(*) The bdflush, ioprio_set and ioprio_get syscalls can now be absent (return
error ENOSYS by way of cond_syscall if so).
(*) The seclvl_bd_claim() and seclvl_bd_release() security calls do nothing if
CONFIG_BLOCK is not set, since they can't then happen.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2006-09-30 22:45:40 +04:00
# endif
2006-08-29 22:05:54 +04:00
if ( invalidatepage )
( * invalidatepage ) ( page , offset ) ;
}
2005-04-17 02:20:36 +04:00
static inline void truncate_partial_page ( struct page * page , unsigned partial )
{
2008-02-05 09:28:29 +03:00
zero_user_segment ( page , partial , PAGE_CACHE_SIZE ) ;
2005-04-17 02:20:36 +04:00
if ( PagePrivate ( page ) )
do_invalidatepage ( page , partial ) ;
}
Resurrect 'try_to_free_buffers()' VM hackery
It's not pretty, but it appears that ext3 with data=journal will clean
pages without ever actually telling the VM that they are clean. This,
in turn, will result in the VM (and balance_dirty_pages() in particular)
to never realize that the pages got cleaned, and wait forever for an
event that already happened.
Technically, this seems to be a problem with ext3 itself, but it used to
be hidden by 'try_to_free_buffers()' noticing this situation on its own,
and just working around the filesystem problem.
This commit re-instates that hack, in order to avoid a regression for
the 2.6.20 release. This fixes bugzilla 7844:
http://bugzilla.kernel.org/show_bug.cgi?id=7844
Peter Zijlstra points out that we should probably retain the debugging
code that this removes from cancel_dirty_page(), and I agree, but for
the imminent release we might as well just silence the warning too
(since it's not a new bug: anything that triggers that warning has been
around forever).
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-26 23:47:06 +03:00
/*
* This cancels just the dirty bit on the kernel page itself , it
* does NOT actually remove dirty bits on any mmap ' s that may be
* around . It also leaves the page tagged dirty , so any sync
* activity will still find it on the dirty lists , and in particular ,
* clear_page_dirty_for_io ( ) will still look at the dirty bits in
* the VM .
*
* Doing this should * normally * only ever be done when a page
* is truncated , and is not actually mapped anywhere at all . However ,
* fs / buffer . c does this when it notices that somebody has cleaned
* out all the buffers on a page without actually doing it through
* the VM . Can you say " ext3 is horribly ugly " ? Tought you could .
*/
VM: Remove "clear_page_dirty()" and "test_clear_page_dirty()" functions
They were horribly easy to mis-use because of their tempting naming, and
they also did way more than any users of them generally wanted them to
do.
A dirty page can become clean under two circumstances:
(a) when we write it out. We have "clear_page_dirty_for_io()" for
this, and that function remains unchanged.
In the "for IO" case it is not sufficient to just clear the dirty
bit, you also have to mark the page as being under writeback etc.
(b) when we actually remove a page due to it becoming inaccessible to
users, notably because it was truncate()'d away or the file (or
metadata) no longer exists, and we thus want to cancel any
outstanding dirty state.
For the (b) case, we now introduce "cancel_dirty_page()", which only
touches the page state itself, and verifies that the page is not mapped
(since cancelling writes on a mapped page would be actively wrong as it
is still accessible to users).
Some filesystems need to be fixed up for this: CIFS, FUSE, JFS,
ReiserFS, XFS all use the old confusing functions, and will be fixed
separately in subsequent commits (with some of them just removing the
offending logic, and others using clear_page_dirty_for_io()).
This was confirmed by Martin Michlmayr to fix the apt database
corruption on ARM.
Cc: Martin Michlmayr <tbm@cyrius.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Andrei Popa <andrei.popa@i-neo.ro>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-21 00:46:42 +03:00
void cancel_dirty_page ( struct page * page , unsigned int account_size )
{
2006-12-23 20:25:04 +03:00
if ( TestClearPageDirty ( page ) ) {
struct address_space * mapping = page - > mapping ;
if ( mapping & & mapping_cap_account_dirty ( mapping ) ) {
dec_zone_page_state ( page , NR_FILE_DIRTY ) ;
2007-10-17 10:25:47 +04:00
dec_bdi_stat ( mapping - > backing_dev_info ,
BDI_RECLAIMABLE ) ;
2006-12-23 20:25:04 +03:00
if ( account_size )
task_io_account_cancelled_write ( account_size ) ;
}
2006-12-21 22:00:33 +03:00
}
VM: Remove "clear_page_dirty()" and "test_clear_page_dirty()" functions
They were horribly easy to mis-use because of their tempting naming, and
they also did way more than any users of them generally wanted them to
do.
A dirty page can become clean under two circumstances:
(a) when we write it out. We have "clear_page_dirty_for_io()" for
this, and that function remains unchanged.
In the "for IO" case it is not sufficient to just clear the dirty
bit, you also have to mark the page as being under writeback etc.
(b) when we actually remove a page due to it becoming inaccessible to
users, notably because it was truncate()'d away or the file (or
metadata) no longer exists, and we thus want to cancel any
outstanding dirty state.
For the (b) case, we now introduce "cancel_dirty_page()", which only
touches the page state itself, and verifies that the page is not mapped
(since cancelling writes on a mapped page would be actively wrong as it
is still accessible to users).
Some filesystems need to be fixed up for this: CIFS, FUSE, JFS,
ReiserFS, XFS all use the old confusing functions, and will be fixed
separately in subsequent commits (with some of them just removing the
offending logic, and others using clear_page_dirty_for_io()).
This was confirmed by Martin Michlmayr to fix the apt database
corruption on ARM.
Cc: Martin Michlmayr <tbm@cyrius.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Andrei Popa <andrei.popa@i-neo.ro>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-21 00:46:42 +03:00
}
2006-12-23 20:25:04 +03:00
EXPORT_SYMBOL ( cancel_dirty_page ) ;
VM: Remove "clear_page_dirty()" and "test_clear_page_dirty()" functions
They were horribly easy to mis-use because of their tempting naming, and
they also did way more than any users of them generally wanted them to
do.
A dirty page can become clean under two circumstances:
(a) when we write it out. We have "clear_page_dirty_for_io()" for
this, and that function remains unchanged.
In the "for IO" case it is not sufficient to just clear the dirty
bit, you also have to mark the page as being under writeback etc.
(b) when we actually remove a page due to it becoming inaccessible to
users, notably because it was truncate()'d away or the file (or
metadata) no longer exists, and we thus want to cancel any
outstanding dirty state.
For the (b) case, we now introduce "cancel_dirty_page()", which only
touches the page state itself, and verifies that the page is not mapped
(since cancelling writes on a mapped page would be actively wrong as it
is still accessible to users).
Some filesystems need to be fixed up for this: CIFS, FUSE, JFS,
ReiserFS, XFS all use the old confusing functions, and will be fixed
separately in subsequent commits (with some of them just removing the
offending logic, and others using clear_page_dirty_for_io()).
This was confirmed by Martin Michlmayr to fix the apt database
corruption on ARM.
Cc: Martin Michlmayr <tbm@cyrius.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Andrei Popa <andrei.popa@i-neo.ro>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-21 00:46:42 +03:00
2005-04-17 02:20:36 +04:00
/*
* If truncate cannot remove the fs - private metadata from the page , the page
2008-02-05 09:29:33 +03:00
* becomes orphaned . It will be left on the LRU and may even be mapped into
2007-07-19 12:46:59 +04:00
* user pagetables if we ' re racing with filemap_fault ( ) .
2005-04-17 02:20:36 +04:00
*
* We need to bale out if page - > mapping is no longer equal to the original
* mapping . This happens a ) when the VM reclaimed the page while we waited on
2007-02-10 12:45:39 +03:00
* its lock , b ) when a concurrent invalidate_mapping_pages got there first and
2005-04-17 02:20:36 +04:00
* c ) when tmpfs swizzles a page between a tmpfs inode and swapper_space .
*/
static void
truncate_complete_page ( struct address_space * mapping , struct page * page )
{
if ( page - > mapping ! = mapping )
return ;
if ( PagePrivate ( page ) )
do_invalidatepage ( page , 0 ) ;
Fix dirty page accounting leak with ext3 data=journal
In 46d2277c796f9f4937bfa668c40b2e3f43e93dd0 ("Clean up and make
try_to_free_buffers() not race with dirty pages"), try_to_free_buffers
was changed to bail out if the page was dirty.
That in turn caused truncate_complete_page to leak massive amounts of
memory, because the dirty bit was only cleared after the call to
try_to_free_buffers.
So the call to cancel_dirty_page was moved up to have the dirty bit
cleared early in 3e67c0987d7567ad666641164a153dca9a43b11d ("truncate:
clear page dirtiness before running try_to_free_buffers()").
The problem with that fix is, that the page can be redirtied after
cancel_dirty_page was called, eg. like this:
truncate_complete_page()
cancel_dirty_page() // PG_dirty cleared, decr. dirty pages
do_invalidatepage()
ext3_invalidatepage()
journal_invalidatepage()
journal_unmap_buffer()
__dispose_buffer()
__journal_unfile_buffer()
__journal_temp_unlink_buffer()
mark_buffer_dirty(); // PG_dirty set, incr. dirty pages
And then we end up with dirty pages being wrongly accounted.
As a result, in ecdfc9787fe527491baefc22dce8b2dbd5b2908d ("Resurrect
'try_to_free_buffers()' VM hackery") the changes to try_to_free_buffers
were reverted, so the original reason for the massive memory leak is
gone, and we can also revert the move of the call to cancel_dirty_page
from truncate_complete_page and get the accounting right again.
I'm not sure if it matters, but opposed to the final check in
__remove_from_page_cache, this one also cares about the task io
accounting, so maybe we want to use this instead, although it's not
quite the clean fix either.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Cc: Jan Kara <jack@ucw.cz>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Thomas Osterried <osterried@jesse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-05 09:29:28 +03:00
cancel_dirty_page ( page , PAGE_CACHE_SIZE ) ;
2008-10-19 07:26:50 +04:00
clear_page_mlock ( page ) ;
2007-07-17 15:03:34 +04:00
remove_from_page_cache ( page ) ;
2005-04-17 02:20:36 +04:00
ClearPageMappedToDisk ( page ) ;
page_cache_release ( page ) ; /* pagecache ref */
}
/*
2007-02-10 12:45:39 +03:00
* This is for invalidate_mapping_pages ( ) . That function can be called at
2005-04-17 02:20:36 +04:00
* any time , and is not supposed to throw away dirty pages . But pages can
2006-09-27 12:50:02 +04:00
* be marked dirty at any time too , so use remove_mapping which safely
* discards clean , unused pages .
2005-04-17 02:20:36 +04:00
*
* Returns non - zero if the page was successfully invalidated .
*/
static int
invalidate_complete_page ( struct address_space * mapping , struct page * page )
{
2006-09-27 12:50:02 +04:00
int ret ;
2005-04-17 02:20:36 +04:00
if ( page - > mapping ! = mapping )
return 0 ;
if ( PagePrivate ( page ) & & ! try_to_release_page ( page , 0 ) )
return 0 ;
2008-10-19 07:26:50 +04:00
clear_page_mlock ( page ) ;
2006-09-27 12:50:02 +04:00
ret = remove_mapping ( mapping , page ) ;
return ret ;
2005-04-17 02:20:36 +04:00
}
/**
2008-03-01 09:03:15 +03:00
* truncate_inode_pages - truncate range of pages specified by start & end byte offsets
2005-04-17 02:20:36 +04:00
* @ mapping : mapping to truncate
* @ lstart : offset from which to truncate
2006-01-06 11:10:36 +03:00
* @ lend : offset to which to truncate
2005-04-17 02:20:36 +04:00
*
2006-01-06 11:10:36 +03:00
* Truncate the page cache , removing the pages that are between
* specified offsets ( and zeroing out partial page
* ( if lstart is not page aligned ) ) .
2005-04-17 02:20:36 +04:00
*
* Truncate takes two passes - the first pass is nonblocking . It will not
* block on page locks and it will not block on writeback . The second pass
* will wait . This is to prevent as much IO as possible in the affected region .
* The first pass will remove most pages , so the search cost of the second pass
* is low .
*
* When looking at page - > index outside the page lock we need to be careful to
* copy it into a local to avoid races ( it could change at any time ) .
*
* We pass down the cache - hot hint to the page freeing code . Even if the
* mapping is large , it is probably the case that the final pages are the most
* recently touched , and freeing happens in ascending file offset order .
*/
2006-01-06 11:10:36 +03:00
void truncate_inode_pages_range ( struct address_space * mapping ,
loff_t lstart , loff_t lend )
2005-04-17 02:20:36 +04:00
{
const pgoff_t start = ( lstart + PAGE_CACHE_SIZE - 1 ) > > PAGE_CACHE_SHIFT ;
2006-01-06 11:10:36 +03:00
pgoff_t end ;
2005-04-17 02:20:36 +04:00
const unsigned partial = lstart & ( PAGE_CACHE_SIZE - 1 ) ;
struct pagevec pvec ;
pgoff_t next ;
int i ;
if ( mapping - > nrpages = = 0 )
return ;
2006-01-06 11:10:36 +03:00
BUG_ON ( ( lend & ( PAGE_CACHE_SIZE - 1 ) ) ! = ( PAGE_CACHE_SIZE - 1 ) ) ;
end = ( lend > > PAGE_CACHE_SHIFT ) ;
2005-04-17 02:20:36 +04:00
pagevec_init ( & pvec , 0 ) ;
next = start ;
2006-01-06 11:10:36 +03:00
while ( next < = end & &
pagevec_lookup ( & pvec , mapping , next , PAGEVEC_SIZE ) ) {
2005-04-17 02:20:36 +04:00
for ( i = 0 ; i < pagevec_count ( & pvec ) ; i + + ) {
struct page * page = pvec . pages [ i ] ;
pgoff_t page_index = page - > index ;
2006-01-06 11:10:36 +03:00
if ( page_index > end ) {
next = page_index ;
break ;
}
2005-04-17 02:20:36 +04:00
if ( page_index > next )
next = page_index ;
next + + ;
2008-08-02 14:01:03 +04:00
if ( ! trylock_page ( page ) )
2005-04-17 02:20:36 +04:00
continue ;
if ( PageWriteback ( page ) ) {
unlock_page ( page ) ;
continue ;
}
mm: fix fault vs invalidate race for linear mappings
Fix the race between invalidate_inode_pages and do_no_page.
Andrea Arcangeli identified a subtle race between invalidation of pages from
pagecache with userspace mappings, and do_no_page.
The issue is that invalidation has to shoot down all mappings to the page,
before it can be discarded from the pagecache. Between shooting down ptes to
a particular page, and actually dropping the struct page from the pagecache,
do_no_page from any process might fault on that page and establish a new
mapping to the page just before it gets discarded from the pagecache.
The most common case where such invalidation is used is in file truncation.
This case was catered for by doing a sort of open-coded seqlock between the
file's i_size, and its truncate_count.
Truncation will decrease i_size, then increment truncate_count before
unmapping userspace pages; do_no_page will read truncate_count, then find the
page if it is within i_size, and then check truncate_count under the page
table lock and back out and retry if it had subsequently been changed (ptl
will serialise against unmapping, and ensure a potentially updated
truncate_count is actually visible).
Complexity and documentation issues aside, the locking protocol fails in the
case where we would like to invalidate pagecache inside i_size. do_no_page
can come in anytime and filemap_nopage is not aware of the invalidation in
progress (as it is when it is outside i_size). The end result is that
dangling (->mapping == NULL) pages that appear to be from a particular file
may be mapped into userspace with nonsense data. Valid mappings to the same
place will see a different page.
Andrea implemented two working fixes, one using a real seqlock, another using
a page->flags bit. He also proposed using the page lock in do_no_page, but
that was initially considered too heavyweight. However, it is not a global or
per-file lock, and the page cacheline is modified in do_no_page to increment
_count and _mapcount anyway, so a further modification should not be a large
performance hit. Scalability is not an issue.
This patch implements this latter approach. ->nopage implementations return
with the page locked if it is possible for their underlying file to be
invalidated (in that case, they must set a special vm_flags bit to indicate
so). do_no_page only unlocks the page after setting up the mapping
completely. invalidation is excluded because it holds the page lock during
invalidation of each page (and ensures that the page is not mapped while
holding the lock).
This also allows significant simplifications in do_no_page, because we have
the page locked in the right place in the pagecache from the start.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19 12:46:57 +04:00
if ( page_mapped ( page ) ) {
unmap_mapping_range ( mapping ,
( loff_t ) page_index < < PAGE_CACHE_SHIFT ,
PAGE_CACHE_SIZE , 0 ) ;
}
2005-04-17 02:20:36 +04:00
truncate_complete_page ( mapping , page ) ;
unlock_page ( page ) ;
}
pagevec_release ( & pvec ) ;
cond_resched ( ) ;
}
if ( partial ) {
struct page * page = find_lock_page ( mapping , start - 1 ) ;
if ( page ) {
wait_on_page_writeback ( page ) ;
truncate_partial_page ( page , partial ) ;
unlock_page ( page ) ;
page_cache_release ( page ) ;
}
}
next = start ;
for ( ; ; ) {
cond_resched ( ) ;
if ( ! pagevec_lookup ( & pvec , mapping , next , PAGEVEC_SIZE ) ) {
if ( next = = start )
break ;
next = start ;
continue ;
}
2006-01-06 11:10:36 +03:00
if ( pvec . pages [ 0 ] - > index > end ) {
pagevec_release ( & pvec ) ;
break ;
}
2005-04-17 02:20:36 +04:00
for ( i = 0 ; i < pagevec_count ( & pvec ) ; i + + ) {
struct page * page = pvec . pages [ i ] ;
2006-01-06 11:10:36 +03:00
if ( page - > index > end )
break ;
2005-04-17 02:20:36 +04:00
lock_page ( page ) ;
wait_on_page_writeback ( page ) ;
mm: fix fault vs invalidate race for linear mappings
Fix the race between invalidate_inode_pages and do_no_page.
Andrea Arcangeli identified a subtle race between invalidation of pages from
pagecache with userspace mappings, and do_no_page.
The issue is that invalidation has to shoot down all mappings to the page,
before it can be discarded from the pagecache. Between shooting down ptes to
a particular page, and actually dropping the struct page from the pagecache,
do_no_page from any process might fault on that page and establish a new
mapping to the page just before it gets discarded from the pagecache.
The most common case where such invalidation is used is in file truncation.
This case was catered for by doing a sort of open-coded seqlock between the
file's i_size, and its truncate_count.
Truncation will decrease i_size, then increment truncate_count before
unmapping userspace pages; do_no_page will read truncate_count, then find the
page if it is within i_size, and then check truncate_count under the page
table lock and back out and retry if it had subsequently been changed (ptl
will serialise against unmapping, and ensure a potentially updated
truncate_count is actually visible).
Complexity and documentation issues aside, the locking protocol fails in the
case where we would like to invalidate pagecache inside i_size. do_no_page
can come in anytime and filemap_nopage is not aware of the invalidation in
progress (as it is when it is outside i_size). The end result is that
dangling (->mapping == NULL) pages that appear to be from a particular file
may be mapped into userspace with nonsense data. Valid mappings to the same
place will see a different page.
Andrea implemented two working fixes, one using a real seqlock, another using
a page->flags bit. He also proposed using the page lock in do_no_page, but
that was initially considered too heavyweight. However, it is not a global or
per-file lock, and the page cacheline is modified in do_no_page to increment
_count and _mapcount anyway, so a further modification should not be a large
performance hit. Scalability is not an issue.
This patch implements this latter approach. ->nopage implementations return
with the page locked if it is possible for their underlying file to be
invalidated (in that case, they must set a special vm_flags bit to indicate
so). do_no_page only unlocks the page after setting up the mapping
completely. invalidation is excluded because it holds the page lock during
invalidation of each page (and ensures that the page is not mapped while
holding the lock).
This also allows significant simplifications in do_no_page, because we have
the page locked in the right place in the pagecache from the start.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19 12:46:57 +04:00
if ( page_mapped ( page ) ) {
unmap_mapping_range ( mapping ,
( loff_t ) page - > index < < PAGE_CACHE_SHIFT ,
PAGE_CACHE_SIZE , 0 ) ;
}
2005-04-17 02:20:36 +04:00
if ( page - > index > next )
next = page - > index ;
next + + ;
truncate_complete_page ( mapping , page ) ;
unlock_page ( page ) ;
}
pagevec_release ( & pvec ) ;
}
}
2006-01-06 11:10:36 +03:00
EXPORT_SYMBOL ( truncate_inode_pages_range ) ;
2005-04-17 02:20:36 +04:00
2006-01-06 11:10:36 +03:00
/**
* truncate_inode_pages - truncate * all * the pages from an offset
* @ mapping : mapping to truncate
* @ lstart : offset from which to truncate
*
2006-01-10 02:59:24 +03:00
* Called under ( and serialised by ) inode - > i_mutex .
2006-01-06 11:10:36 +03:00
*/
void truncate_inode_pages ( struct address_space * mapping , loff_t lstart )
{
truncate_inode_pages_range ( mapping , lstart , ( loff_t ) - 1 ) ;
}
2005-04-17 02:20:36 +04:00
EXPORT_SYMBOL ( truncate_inode_pages ) ;
2007-07-16 10:38:14 +04:00
unsigned long __invalidate_mapping_pages ( struct address_space * mapping ,
pgoff_t start , pgoff_t end , bool be_atomic )
2005-04-17 02:20:36 +04:00
{
struct pagevec pvec ;
pgoff_t next = start ;
unsigned long ret = 0 ;
int i ;
pagevec_init ( & pvec , 0 ) ;
while ( next < = end & &
pagevec_lookup ( & pvec , mapping , next , PAGEVEC_SIZE ) ) {
for ( i = 0 ; i < pagevec_count ( & pvec ) ; i + + ) {
struct page * page = pvec . pages [ i ] ;
2006-06-23 13:05:48 +04:00
pgoff_t index ;
int lock_failed ;
2005-04-17 02:20:36 +04:00
2008-08-02 14:01:03 +04:00
lock_failed = ! trylock_page ( page ) ;
2006-06-23 13:05:48 +04:00
/*
* We really shouldn ' t be looking at the - > index of an
* unlocked page . But we ' re not allowed to lock these
* pages . So we rely upon nobody altering the - > index
* of this ( pinned - by - us ) page .
*/
index = page - > index ;
if ( index > next )
next = index ;
2005-04-17 02:20:36 +04:00
next + + ;
2006-06-23 13:05:48 +04:00
if ( lock_failed )
continue ;
2005-04-17 02:20:36 +04:00
if ( PageDirty ( page ) | | PageWriteback ( page ) )
goto unlock ;
if ( page_mapped ( page ) )
goto unlock ;
ret + = invalidate_complete_page ( mapping , page ) ;
unlock :
unlock_page ( page ) ;
if ( next > end )
break ;
}
pagevec_release ( & pvec ) ;
2007-07-16 10:38:14 +04:00
if ( likely ( ! be_atomic ) )
cond_resched ( ) ;
2005-04-17 02:20:36 +04:00
}
return ret ;
}
2007-07-16 10:38:14 +04:00
/**
* invalidate_mapping_pages - Invalidate all the unlocked pages of one inode
* @ mapping : the address_space which holds the pages to invalidate
* @ start : the offset ' from ' which to invalidate
* @ end : the offset ' to ' which to invalidate ( inclusive )
*
* This function only removes the unlocked pages , if you want to
* remove all the pages of one inode , you must call truncate_inode_pages .
*
* invalidate_mapping_pages ( ) will not block on IO activity . It will not
* invalidate pages which are dirty , locked , under writeback or mapped into
* pagetables .
*/
unsigned long invalidate_mapping_pages ( struct address_space * mapping ,
pgoff_t start , pgoff_t end )
{
return __invalidate_mapping_pages ( mapping , start , end , false ) ;
}
2007-02-10 12:45:38 +03:00
EXPORT_SYMBOL ( invalidate_mapping_pages ) ;
2005-04-17 02:20:36 +04:00
2006-10-01 10:29:29 +04:00
/*
* This is like invalidate_complete_page ( ) , except it ignores the page ' s
* refcount . We do this because invalidate_inode_pages2 ( ) needs stronger
* invalidation guarantees , and cannot afford to leave pages behind because
2007-07-16 10:38:09 +04:00
* shrink_page_list ( ) has a temp ref on them , or because they ' re transiently
* sitting in the lru_cache_add ( ) pagevecs .
2006-10-01 10:29:29 +04:00
*/
static int
invalidate_complete_page2 ( struct address_space * mapping , struct page * page )
{
if ( page - > mapping ! = mapping )
return 0 ;
2006-10-11 12:21:58 +04:00
if ( PagePrivate ( page ) & & ! try_to_release_page ( page , GFP_KERNEL ) )
2006-10-01 10:29:29 +04:00
return 0 ;
2008-07-26 06:45:32 +04:00
spin_lock_irq ( & mapping - > tree_lock ) ;
2006-10-01 10:29:29 +04:00
if ( PageDirty ( page ) )
goto failed ;
2008-10-19 07:26:50 +04:00
clear_page_mlock ( page ) ;
2006-10-01 10:29:29 +04:00
BUG_ON ( PagePrivate ( page ) ) ;
__remove_from_page_cache ( page ) ;
2008-07-26 06:45:32 +04:00
spin_unlock_irq ( & mapping - > tree_lock ) ;
2006-10-01 10:29:29 +04:00
page_cache_release ( page ) ; /* pagecache ref */
return 1 ;
failed :
2008-07-26 06:45:32 +04:00
spin_unlock_irq ( & mapping - > tree_lock ) ;
2006-10-01 10:29:29 +04:00
return 0 ;
}
2007-01-11 10:15:39 +03:00
static int do_launder_page ( struct address_space * mapping , struct page * page )
{
if ( ! PageDirty ( page ) )
return 0 ;
if ( page - > mapping ! = mapping | | mapping - > a_ops - > launder_page = = NULL )
return 0 ;
return mapping - > a_ops - > launder_page ( page ) ;
}
2005-04-17 02:20:36 +04:00
/**
* invalidate_inode_pages2_range - remove range of pages from an address_space
2005-05-01 19:59:26 +04:00
* @ mapping : the address_space
2005-04-17 02:20:36 +04:00
* @ start : the page offset ' from ' which to invalidate
* @ end : the page offset ' to ' which to invalidate ( inclusive )
*
* Any pages which are found to be mapped into pagetables are unmapped prior to
* invalidation .
*
2008-09-03 01:35:40 +04:00
* Returns - EBUSY if any pages could not be invalidated .
2005-04-17 02:20:36 +04:00
*/
int invalidate_inode_pages2_range ( struct address_space * mapping ,
pgoff_t start , pgoff_t end )
{
struct pagevec pvec ;
pgoff_t next ;
int i ;
int ret = 0 ;
2008-04-28 13:12:08 +04:00
int ret2 = 0 ;
2005-04-17 02:20:36 +04:00
int did_range_unmap = 0 ;
int wrapped = 0 ;
pagevec_init ( & pvec , 0 ) ;
next = start ;
2007-03-01 07:13:55 +03:00
while ( next < = end & & ! wrapped & &
2005-04-17 02:20:36 +04:00
pagevec_lookup ( & pvec , mapping , next ,
min ( end - next , ( pgoff_t ) PAGEVEC_SIZE - 1 ) + 1 ) ) {
2007-03-01 07:13:55 +03:00
for ( i = 0 ; i < pagevec_count ( & pvec ) ; i + + ) {
2005-04-17 02:20:36 +04:00
struct page * page = pvec . pages [ i ] ;
pgoff_t page_index ;
lock_page ( page ) ;
if ( page - > mapping ! = mapping ) {
unlock_page ( page ) ;
continue ;
}
page_index = page - > index ;
next = page_index + 1 ;
if ( next = = 0 )
wrapped = 1 ;
if ( page_index > end ) {
unlock_page ( page ) ;
break ;
}
wait_on_page_writeback ( page ) ;
mm: fix fault vs invalidate race for linear mappings
Fix the race between invalidate_inode_pages and do_no_page.
Andrea Arcangeli identified a subtle race between invalidation of pages from
pagecache with userspace mappings, and do_no_page.
The issue is that invalidation has to shoot down all mappings to the page,
before it can be discarded from the pagecache. Between shooting down ptes to
a particular page, and actually dropping the struct page from the pagecache,
do_no_page from any process might fault on that page and establish a new
mapping to the page just before it gets discarded from the pagecache.
The most common case where such invalidation is used is in file truncation.
This case was catered for by doing a sort of open-coded seqlock between the
file's i_size, and its truncate_count.
Truncation will decrease i_size, then increment truncate_count before
unmapping userspace pages; do_no_page will read truncate_count, then find the
page if it is within i_size, and then check truncate_count under the page
table lock and back out and retry if it had subsequently been changed (ptl
will serialise against unmapping, and ensure a potentially updated
truncate_count is actually visible).
Complexity and documentation issues aside, the locking protocol fails in the
case where we would like to invalidate pagecache inside i_size. do_no_page
can come in anytime and filemap_nopage is not aware of the invalidation in
progress (as it is when it is outside i_size). The end result is that
dangling (->mapping == NULL) pages that appear to be from a particular file
may be mapped into userspace with nonsense data. Valid mappings to the same
place will see a different page.
Andrea implemented two working fixes, one using a real seqlock, another using
a page->flags bit. He also proposed using the page lock in do_no_page, but
that was initially considered too heavyweight. However, it is not a global or
per-file lock, and the page cacheline is modified in do_no_page to increment
_count and _mapcount anyway, so a further modification should not be a large
performance hit. Scalability is not an issue.
This patch implements this latter approach. ->nopage implementations return
with the page locked if it is possible for their underlying file to be
invalidated (in that case, they must set a special vm_flags bit to indicate
so). do_no_page only unlocks the page after setting up the mapping
completely. invalidation is excluded because it holds the page lock during
invalidation of each page (and ensures that the page is not mapped while
holding the lock).
This also allows significant simplifications in do_no_page, because we have
the page locked in the right place in the pagecache from the start.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19 12:46:57 +04:00
if ( page_mapped ( page ) ) {
2005-04-17 02:20:36 +04:00
if ( ! did_range_unmap ) {
/*
* Zap the rest of the file in one hit .
*/
unmap_mapping_range ( mapping ,
2005-11-24 00:37:47 +03:00
( loff_t ) page_index < < PAGE_CACHE_SHIFT ,
( loff_t ) ( end - page_index + 1 )
2005-04-17 02:20:36 +04:00
< < PAGE_CACHE_SHIFT ,
0 ) ;
did_range_unmap = 1 ;
} else {
/*
* Just zap this page
*/
unmap_mapping_range ( mapping ,
2005-11-24 00:37:47 +03:00
( loff_t ) page_index < < PAGE_CACHE_SHIFT ,
2005-04-17 02:20:36 +04:00
PAGE_CACHE_SIZE , 0 ) ;
}
}
mm: fix fault vs invalidate race for linear mappings
Fix the race between invalidate_inode_pages and do_no_page.
Andrea Arcangeli identified a subtle race between invalidation of pages from
pagecache with userspace mappings, and do_no_page.
The issue is that invalidation has to shoot down all mappings to the page,
before it can be discarded from the pagecache. Between shooting down ptes to
a particular page, and actually dropping the struct page from the pagecache,
do_no_page from any process might fault on that page and establish a new
mapping to the page just before it gets discarded from the pagecache.
The most common case where such invalidation is used is in file truncation.
This case was catered for by doing a sort of open-coded seqlock between the
file's i_size, and its truncate_count.
Truncation will decrease i_size, then increment truncate_count before
unmapping userspace pages; do_no_page will read truncate_count, then find the
page if it is within i_size, and then check truncate_count under the page
table lock and back out and retry if it had subsequently been changed (ptl
will serialise against unmapping, and ensure a potentially updated
truncate_count is actually visible).
Complexity and documentation issues aside, the locking protocol fails in the
case where we would like to invalidate pagecache inside i_size. do_no_page
can come in anytime and filemap_nopage is not aware of the invalidation in
progress (as it is when it is outside i_size). The end result is that
dangling (->mapping == NULL) pages that appear to be from a particular file
may be mapped into userspace with nonsense data. Valid mappings to the same
place will see a different page.
Andrea implemented two working fixes, one using a real seqlock, another using
a page->flags bit. He also proposed using the page lock in do_no_page, but
that was initially considered too heavyweight. However, it is not a global or
per-file lock, and the page cacheline is modified in do_no_page to increment
_count and _mapcount anyway, so a further modification should not be a large
performance hit. Scalability is not an issue.
This patch implements this latter approach. ->nopage implementations return
with the page locked if it is possible for their underlying file to be
invalidated (in that case, they must set a special vm_flags bit to indicate
so). do_no_page only unlocks the page after setting up the mapping
completely. invalidation is excluded because it holds the page lock during
invalidation of each page (and ensures that the page is not mapped while
holding the lock).
This also allows significant simplifications in do_no_page, because we have
the page locked in the right place in the pagecache from the start.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19 12:46:57 +04:00
BUG_ON ( page_mapped ( page ) ) ;
2008-04-28 13:12:08 +04:00
ret2 = do_launder_page ( mapping , page ) ;
if ( ret2 = = 0 ) {
if ( ! invalidate_complete_page2 ( mapping , page ) )
2008-09-03 01:35:40 +04:00
ret2 = - EBUSY ;
2008-04-28 13:12:08 +04:00
}
if ( ret2 < 0 )
ret = ret2 ;
2005-04-17 02:20:36 +04:00
unlock_page ( page ) ;
}
pagevec_release ( & pvec ) ;
cond_resched ( ) ;
}
return ret ;
}
EXPORT_SYMBOL_GPL ( invalidate_inode_pages2_range ) ;
/**
* invalidate_inode_pages2 - remove all pages from an address_space
2005-05-01 19:59:26 +04:00
* @ mapping : the address_space
2005-04-17 02:20:36 +04:00
*
* Any pages which are found to be mapped into pagetables are unmapped prior to
* invalidation .
*
* Returns - EIO if any pages could not be invalidated .
*/
int invalidate_inode_pages2 ( struct address_space * mapping )
{
return invalidate_inode_pages2_range ( mapping , 0 , - 1 ) ;
}
EXPORT_SYMBOL_GPL ( invalidate_inode_pages2 ) ;