ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 994

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	mm/swapfile.c
Line in file:	1752
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-03-02 21:35:18 UTC
Source:

   1/*
   2 *  linux/mm/swapfile.c
   3 *
   4 *  Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
   5 *  Swap reorganised 29.12.95, Stephen Tweedie
   6 */
   7
   8#include <linux/mm.h>
   9#include <linux/hugetlb.h>
  10#include <linux/mman.h>
  11#include <linux/slab.h>
  12#include <linux/kernel_stat.h>
  13#include <linux/swap.h>
  14#include <linux/vmalloc.h>
  15#include <linux/pagemap.h>
  16#include <linux/namei.h>
  17#include <linux/shm.h>
  18#include <linux/blkdev.h>
  19#include <linux/writeback.h>
  20#include <linux/proc_fs.h>
  21#include <linux/seq_file.h>
  22#include <linux/init.h>
  23#include <linux/module.h>
  24#include <linux/rmap.h>
  25#include <linux/security.h>
  26#include <linux/backing-dev.h>
  27#include <linux/mutex.h>
  28#include <linux/capability.h>
  29#include <linux/syscalls.h>
  30#include <linux/memcontrol.h>
  31
  32#include <asm/pgtable.h>
  33#include <asm/tlbflush.h>
  34#include <linux/swapops.h>
  35
  36static DEFINE_SPINLOCK(swap_lock);
  37static unsigned int nr_swapfiles;
  38long total_swap_pages;
  39static int swap_overflow;
  40static int least_priority;
  41
  42static const char Bad_file[] = "Bad swap file entry ";
  43static const char Unused_file[] = "Unused swap file entry ";
  44static const char Bad_offset[] = "Bad swap offset entry ";
  45static const char Unused_offset[] = "Unused swap offset entry ";
  46
  47static struct swap_list_t swap_list = {-1, -1};
  48
  49static struct swap_info_struct swap_info[MAX_SWAPFILES];
  50
  51static DEFINE_MUTEX(swapon_mutex);
  52
  53/*
  54 * We need this because the bdev->unplug_fn can sleep and we cannot
  55 * hold swap_lock while calling the unplug_fn. And swap_lock
  56 * cannot be turned into a mutex.
  57 */
  58static DECLARE_RWSEM(swap_unplug_sem);
  59
  60void swap_unplug_io_fn(struct backing_dev_info *unused_bdi, struct page *page)
  61{
  62        swp_entry_t entry;
  63
  64        down_read(&swap_unplug_sem);
  65        entry.val = page_private(page);
  66        if (PageSwapCache(page)) {
  67                struct block_device *bdev = swap_info[swp_type(entry)].bdev;
  68                struct backing_dev_info *bdi;
  69
  70                /*
  71                 * If the page is removed from swapcache from under us (with a
  72                 * racy try_to_unuse/swapoff) we need an additional reference
  73                 * count to avoid reading garbage from page_private(page) above.
  74                 * If the WARN_ON triggers during a swapoff it maybe the race
  75                 * condition and it's harmless. However if it triggers without
  76                 * swapoff it signals a problem.
  77                 */
  78                WARN_ON(page_count(page) <= 1);
  79
  80                bdi = bdev->bd_inode->i_mapping->backing_dev_info;
  81                blk_run_backing_dev(bdi, page);
  82        }
  83        up_read(&swap_unplug_sem);
  84}
  85
  86#define SWAPFILE_CLUSTER        256
  87#define LATENCY_LIMIT                256
  88
  89static inline unsigned long scan_swap_map(struct swap_info_struct *si)
  90{
  91        unsigned long offset, last_in_cluster;
  92        int latency_ration = LATENCY_LIMIT;
  93
  94        /* 
  95         * We try to cluster swap pages by allocating them sequentially
  96         * in swap.  Once we've allocated SWAPFILE_CLUSTER pages this
  97         * way, however, we resort to first-free allocation, starting
  98         * a new cluster.  This prevents us from scattering swap pages
  99         * all over the entire swap partition, so that we reduce
 100         * overall disk seek times between swap pages.  -- sct
 101         * But we do now try to find an empty cluster.  -Andrea
 102         */
 103
 104        si->flags += SWP_SCANNING;
 105        if (unlikely(!si->cluster_nr)) {
 106                si->cluster_nr = SWAPFILE_CLUSTER - 1;
 107                if (si->pages - si->inuse_pages < SWAPFILE_CLUSTER)
 108                        goto lowest;
 109                spin_unlock(&swap_lock);
 110
 111                offset = si->lowest_bit;
 112                last_in_cluster = offset + SWAPFILE_CLUSTER - 1;
 113
 114                /* Locate the first empty (unaligned) cluster */
 115                for (; last_in_cluster <= si->highest_bit; offset++) {
 116                        if (si->swap_map[offset])
 117                                last_in_cluster = offset + SWAPFILE_CLUSTER;
 118                        else if (offset == last_in_cluster) {
 119                                spin_lock(&swap_lock);
 120                                si->cluster_next = offset-SWAPFILE_CLUSTER+1;
 121                                goto cluster;
 122                        }
 123                        if (unlikely(--latency_ration < 0)) {
 124                                cond_resched();
 125                                latency_ration = LATENCY_LIMIT;
 126                        }
 127                }
 128                spin_lock(&swap_lock);
 129                goto lowest;
 130        }
 131
 132        si->cluster_nr--;
 133cluster:
 134        offset = si->cluster_next;
 135        if (offset > si->highest_bit)
 136lowest:                offset = si->lowest_bit;
 137checks:        if (!(si->flags & SWP_WRITEOK))
 138                goto no_page;
 139        if (!si->highest_bit)
 140                goto no_page;
 141        if (!si->swap_map[offset]) {
 142                if (offset == si->lowest_bit)
 143                        si->lowest_bit++;
 144                if (offset == si->highest_bit)
 145                        si->highest_bit--;
 146                si->inuse_pages++;
 147                if (si->inuse_pages == si->pages) {
 148                        si->lowest_bit = si->max;
 149                        si->highest_bit = 0;
 150                }
 151                si->swap_map[offset] = 1;
 152                si->cluster_next = offset + 1;
 153                si->flags -= SWP_SCANNING;
 154                return offset;
 155        }
 156
 157        spin_unlock(&swap_lock);
 158        while (++offset <= si->highest_bit) {
 159                if (!si->swap_map[offset]) {
 160                        spin_lock(&swap_lock);
 161                        goto checks;
 162                }
 163                if (unlikely(--latency_ration < 0)) {
 164                        cond_resched();
 165                        latency_ration = LATENCY_LIMIT;
 166                }
 167        }
 168        spin_lock(&swap_lock);
 169        goto lowest;
 170
 171no_page:
 172        si->flags -= SWP_SCANNING;
 173        return 0;
 174}
 175
 176swp_entry_t get_swap_page(void)
 177{
 178        struct swap_info_struct *si;
 179        pgoff_t offset;
 180        int type, next;
 181        int wrapped = 0;
 182
 183        spin_lock(&swap_lock);
 184        if (nr_swap_pages <= 0)
 185                goto noswap;
 186        nr_swap_pages--;
 187
 188        for (type = swap_list.next; type >= 0 && wrapped < 2; type = next) {
 189                si = swap_info + type;
 190                next = si->next;
 191                if (next < 0 ||
 192                    (!wrapped && si->prio != swap_info[next].prio)) {
 193                        next = swap_list.head;
 194                        wrapped++;
 195                }
 196
 197                if (!si->highest_bit)
 198                        continue;
 199                if (!(si->flags & SWP_WRITEOK))
 200                        continue;
 201
 202                swap_list.next = next;
 203                offset = scan_swap_map(si);
 204                if (offset) {
 205                        spin_unlock(&swap_lock);
 206                        return swp_entry(type, offset);
 207                }
 208                next = swap_list.next;
 209        }
 210
 211        nr_swap_pages++;
 212noswap:
 213        spin_unlock(&swap_lock);
 214        return (swp_entry_t) {0};
 215}
 216
 217swp_entry_t get_swap_page_of_type(int type)
 218{
 219        struct swap_info_struct *si;
 220        pgoff_t offset;
 221
 222        spin_lock(&swap_lock);
 223        si = swap_info + type;
 224        if (si->flags & SWP_WRITEOK) {
 225                nr_swap_pages--;
 226                offset = scan_swap_map(si);
 227                if (offset) {
 228                        spin_unlock(&swap_lock);
 229                        return swp_entry(type, offset);
 230                }
 231                nr_swap_pages++;
 232        }
 233        spin_unlock(&swap_lock);
 234        return (swp_entry_t) {0};
 235}
 236
 237static struct swap_info_struct * swap_info_get(swp_entry_t entry)
 238{
 239        struct swap_info_struct * p;
 240        unsigned long offset, type;
 241
 242        if (!entry.val)
 243                goto out;
 244        type = swp_type(entry);
 245        if (type >= nr_swapfiles)
 246                goto bad_nofile;
 247        p = & swap_info[type];
 248        if (!(p->flags & SWP_USED))
 249                goto bad_device;
 250        offset = swp_offset(entry);
 251        if (offset >= p->max)
 252                goto bad_offset;
 253        if (!p->swap_map[offset])
 254                goto bad_free;
 255        spin_lock(&swap_lock);
 256        return p;
 257
 258bad_free:
 259        printk(KERN_ERR "swap_free: %s%08lx\n", Unused_offset, entry.val);
 260        goto out;
 261bad_offset:
 262        printk(KERN_ERR "swap_free: %s%08lx\n", Bad_offset, entry.val);
 263        goto out;
 264bad_device:
 265        printk(KERN_ERR "swap_free: %s%08lx\n", Unused_file, entry.val);
 266        goto out;
 267bad_nofile:
 268        printk(KERN_ERR "swap_free: %s%08lx\n", Bad_file, entry.val);
 269out:
 270        return NULL;
 271}        
 272
 273static int swap_entry_free(struct swap_info_struct *p, unsigned long offset)
 274{
 275        int count = p->swap_map[offset];
 276
 277        if (count < SWAP_MAP_MAX) {
 278                count--;
 279                p->swap_map[offset] = count;
 280                if (!count) {
 281                        if (offset < p->lowest_bit)
 282                                p->lowest_bit = offset;
 283                        if (offset > p->highest_bit)
 284                                p->highest_bit = offset;
 285                        if (p->prio > swap_info[swap_list.next].prio)
 286                                swap_list.next = p - swap_info;
 287                        nr_swap_pages++;
 288                        p->inuse_pages--;
 289                }
 290        }
 291        return count;
 292}
 293
 294/*
 295 * Caller has made sure that the swapdevice corresponding to entry
 296 * is still around or has not been recycled.
 297 */
 298void swap_free(swp_entry_t entry)
 299{
 300        struct swap_info_struct * p;
 301
 302        p = swap_info_get(entry);
 303        if (p) {
 304                swap_entry_free(p, swp_offset(entry));
 305                spin_unlock(&swap_lock);
 306        }
 307}
 308
 309/*
 310 * How many references to page are currently swapped out?
 311 */
 312static inline int page_swapcount(struct page *page)
 313{
 314        int count = 0;
 315        struct swap_info_struct *p;
 316        swp_entry_t entry;
 317
 318        entry.val = page_private(page);
 319        p = swap_info_get(entry);
 320        if (p) {
 321                /* Subtract the 1 for the swap cache itself */
 322                count = p->swap_map[swp_offset(entry)] - 1;
 323                spin_unlock(&swap_lock);
 324        }
 325        return count;
 326}
 327
 328/*
 329 * We can use this swap cache entry directly
 330 * if there are no other references to it.
 331 */
 332int can_share_swap_page(struct page *page)
 333{
 334        int count;
 335
 336        BUG_ON(!PageLocked(page));
 337        count = page_mapcount(page);
 338        if (count <= 1 && PageSwapCache(page))
 339                count += page_swapcount(page);
 340        return count == 1;
 341}
 342
 343/*
 344 * Work out if there are any other processes sharing this
 345 * swap cache page. Free it if you can. Return success.
 346 */
 347static int remove_exclusive_swap_page_count(struct page *page, int count)
 348{
 349        int retval;
 350        struct swap_info_struct * p;
 351        swp_entry_t entry;
 352
 353        BUG_ON(PagePrivate(page));
 354        BUG_ON(!PageLocked(page));
 355
 356        if (!PageSwapCache(page))
 357                return 0;
 358        if (PageWriteback(page))
 359                return 0;
 360        if (page_count(page) != count) /* us + cache + ptes */
 361                return 0;
 362
 363        entry.val = page_private(page);
 364        p = swap_info_get(entry);
 365        if (!p)
 366                return 0;
 367
 368        /* Is the only swap cache user the cache itself? */
 369        retval = 0;
 370        if (p->swap_map[swp_offset(entry)] == 1) {
 371                /* Recheck the page count with the swapcache lock held.. */
 372                spin_lock_irq(&swapper_space.tree_lock);
 373                if ((page_count(page) == count) && !PageWriteback(page)) {
 374                        __delete_from_swap_cache(page);
 375                        SetPageDirty(page);
 376                        retval = 1;
 377                }
 378                spin_unlock_irq(&swapper_space.tree_lock);
 379        }
 380        spin_unlock(&swap_lock);
 381
 382        if (retval) {
 383                swap_free(entry);
 384                page_cache_release(page);
 385        }
 386
 387        return retval;
 388}
 389
 390/*
 391 * Most of the time the page should have two references: one for the
 392 * process and one for the swap cache.
 393 */
 394int remove_exclusive_swap_page(struct page *page)
 395{
 396        return remove_exclusive_swap_page_count(page, 2);
 397}
 398
 399/*
 400 * The pageout code holds an extra reference to the page.  That raises
 401 * the reference count to test for to 2 for a page that is only in the
 402 * swap cache plus 1 for each process that maps the page.
 403 */
 404int remove_exclusive_swap_page_ref(struct page *page)
 405{
 406        return remove_exclusive_swap_page_count(page, 2 + page_mapcount(page));
 407}
 408
 409/*
 410 * Free the swap entry like above, but also try to
 411 * free the page cache entry if it is the last user.
 412 */
 413void free_swap_and_cache(swp_entry_t entry)
 414{
 415        struct swap_info_struct * p;
 416        struct page *page = NULL;
 417
 418        if (is_migration_entry(entry))
 419                return;
 420
 421        p = swap_info_get(entry);
 422        if (p) {
 423                if (swap_entry_free(p, swp_offset(entry)) == 1) {
 424                        page = find_get_page(&swapper_space, entry.val);
 425                        if (page && !trylock_page(page)) {
 426                                page_cache_release(page);
 427                                page = NULL;
 428                        }
 429                }
 430                spin_unlock(&swap_lock);
 431        }
 432        if (page) {
 433                int one_user;
 434
 435                BUG_ON(PagePrivate(page));
 436                one_user = (page_count(page) == 2);
 437                /* Only cache user (+us), or swap space full? Free it! */
 438                /* Also recheck PageSwapCache after page is locked (above) */
 439                if (PageSwapCache(page) && !PageWriteback(page) &&
 440                                        (one_user || vm_swap_full())) {
 441                        delete_from_swap_cache(page);
 442                        SetPageDirty(page);
 443                }
 444                unlock_page(page);
 445                page_cache_release(page);
 446        }
 447}
 448
 449#ifdef CONFIG_HIBERNATION
 450/*
 451 * Find the swap type that corresponds to given device (if any).
 452 *
 453 * @offset - number of the PAGE_SIZE-sized block of the device, starting
 454 * from 0, in which the swap header is expected to be located.
 455 *
 456 * This is needed for the suspend to disk (aka swsusp).
 457 */
 458int swap_type_of(dev_t device, sector_t offset, struct block_device **bdev_p)
 459{
 460        struct block_device *bdev = NULL;
 461        int i;
 462
 463        if (device)
 464                bdev = bdget(device);
 465
 466        spin_lock(&swap_lock);
 467        for (i = 0; i < nr_swapfiles; i++) {
 468                struct swap_info_struct *sis = swap_info + i;
 469
 470                if (!(sis->flags & SWP_WRITEOK))
 471                        continue;
 472
 473                if (!bdev) {
 474                        if (bdev_p)
 475                                *bdev_p = sis->bdev;
 476
 477                        spin_unlock(&swap_lock);
 478                        return i;
 479                }
 480                if (bdev == sis->bdev) {
 481                        struct swap_extent *se;
 482
 483                        se = list_entry(sis->extent_list.next,
 484                                        struct swap_extent, list);
 485                        if (se->start_block == offset) {
 486                                if (bdev_p)
 487                                        *bdev_p = sis->bdev;
 488
 489                                spin_unlock(&swap_lock);
 490                                bdput(bdev);
 491                                return i;
 492                        }
 493                }
 494        }
 495        spin_unlock(&swap_lock);
 496        if (bdev)
 497                bdput(bdev);
 498
 499        return -ENODEV;
 500}
 501
 502/*
 503 * Return either the total number of swap pages of given type, or the number
 504 * of free pages of that type (depending on @free)
 505 *
 506 * This is needed for software suspend
 507 */
 508unsigned int count_swap_pages(int type, int free)
 509{
 510        unsigned int n = 0;
 511
 512        if (type < nr_swapfiles) {
 513                spin_lock(&swap_lock);
 514                if (swap_info[type].flags & SWP_WRITEOK) {
 515                        n = swap_info[type].pages;
 516                        if (free)
 517                                n -= swap_info[type].inuse_pages;
 518                }
 519                spin_unlock(&swap_lock);
 520        }
 521        return n;
 522}
 523#endif
 524
 525/*
 526 * No need to decide whether this PTE shares the swap entry with others,
 527 * just let do_wp_page work it out if a write is requested later - to
 528 * force COW, vm_page_prot omits write permission from any private vma.
 529 */
 530static int unuse_pte(struct vm_area_struct *vma, pmd_t *pmd,
 531                unsigned long addr, swp_entry_t entry, struct page *page)
 532{
 533        spinlock_t *ptl;
 534        pte_t *pte;
 535        int ret = 1;
 536
 537        if (mem_cgroup_charge(page, vma->vm_mm, GFP_KERNEL))
 538                ret = -ENOMEM;
 539
 540        pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
 541        if (unlikely(!pte_same(*pte, swp_entry_to_pte(entry)))) {
 542                if (ret > 0)
 543                        mem_cgroup_uncharge_page(page);
 544                ret = 0;
 545                goto out;
 546        }
 547
 548        inc_mm_counter(vma->vm_mm, anon_rss);
 549        get_page(page);
 550        set_pte_at(vma->vm_mm, addr, pte,
 551                   pte_mkold(mk_pte(page, vma->vm_page_prot)));
 552        page_add_anon_rmap(page, vma, addr);
 553        swap_free(entry);
 554        /*
 555         * Move the page to the active list so it is not
 556         * immediately swapped out again after swapon.
 557         */
 558        activate_page(page);
 559out:
 560        pte_unmap_unlock(pte, ptl);
 561        return ret;
 562}
 563
 564static int unuse_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
 565                                unsigned long addr, unsigned long end,
 566                                swp_entry_t entry, struct page *page)
 567{
 568        pte_t swp_pte = swp_entry_to_pte(entry);
 569        pte_t *pte;
 570        int ret = 0;
 571
 572        /*
 573         * We don't actually need pte lock while scanning for swp_pte: since
 574         * we hold page lock and mmap_sem, swp_pte cannot be inserted into the
 575         * page table while we're scanning; though it could get zapped, and on
 576         * some architectures (e.g. x86_32 with PAE) we might catch a glimpse
 577         * of unmatched parts which look like swp_pte, so unuse_pte must
 578         * recheck under pte lock.  Scanning without pte lock lets it be
 579         * preemptible whenever CONFIG_PREEMPT but not CONFIG_HIGHPTE.
 580         */
 581        pte = pte_offset_map(pmd, addr);
 582        do {
 583                /*
 584                 * swapoff spends a _lot_ of time in this loop!
 585                 * Test inline before going to call unuse_pte.
 586                 */
 587                if (unlikely(pte_same(*pte, swp_pte))) {
 588                        pte_unmap(pte);
 589                        ret = unuse_pte(vma, pmd, addr, entry, page);
 590                        if (ret)
 591                                goto out;
 592                        pte = pte_offset_map(pmd, addr);
 593                }
 594        } while (pte++, addr += PAGE_SIZE, addr != end);
 595        pte_unmap(pte - 1);
 596out:
 597        return ret;
 598}
 599
 600static inline int unuse_pmd_range(struct vm_area_struct *vma, pud_t *pud,
 601                                unsigned long addr, unsigned long end,
 602                                swp_entry_t entry, struct page *page)
 603{
 604        pmd_t *pmd;
 605        unsigned long next;
 606        int ret;
 607
 608        pmd = pmd_offset(pud, addr);
 609        do {
 610                next = pmd_addr_end(addr, end);
 611                if (pmd_none_or_clear_bad(pmd))
 612                        continue;
 613                ret = unuse_pte_range(vma, pmd, addr, next, entry, page);
 614                if (ret)
 615                        return ret;
 616        } while (pmd++, addr = next, addr != end);
 617        return 0;
 618}
 619
 620static inline int unuse_pud_range(struct vm_area_struct *vma, pgd_t *pgd,
 621                                unsigned long addr, unsigned long end,
 622                                swp_entry_t entry, struct page *page)
 623{
 624        pud_t *pud;
 625        unsigned long next;
 626        int ret;
 627
 628        pud = pud_offset(pgd, addr);
 629        do {
 630                next = pud_addr_end(addr, end);
 631                if (pud_none_or_clear_bad(pud))
 632                        continue;
 633                ret = unuse_pmd_range(vma, pud, addr, next, entry, page);
 634                if (ret)
 635                        return ret;
 636        } while (pud++, addr = next, addr != end);
 637        return 0;
 638}
 639
 640static int unuse_vma(struct vm_area_struct *vma,
 641                                swp_entry_t entry, struct page *page)
 642{
 643        pgd_t *pgd;
 644        unsigned long addr, end, next;
 645        int ret;
 646
 647        if (page->mapping) {
 648                addr = page_address_in_vma(page, vma);
 649                if (addr == -EFAULT)
 650                        return 0;
 651                else
 652                        end = addr + PAGE_SIZE;
 653        } else {
 654                addr = vma->vm_start;
 655                end = vma->vm_end;
 656        }
 657
 658        pgd = pgd_offset(vma->vm_mm, addr);
 659        do {
 660                next = pgd_addr_end(addr, end);
 661                if (pgd_none_or_clear_bad(pgd))
 662                        continue;
 663                ret = unuse_pud_range(vma, pgd, addr, next, entry, page);
 664                if (ret)
 665                        return ret;
 666        } while (pgd++, addr = next, addr != end);
 667        return 0;
 668}
 669
 670static int unuse_mm(struct mm_struct *mm,
 671                                swp_entry_t entry, struct page *page)
 672{
 673        struct vm_area_struct *vma;
 674        int ret = 0;
 675
 676        if (!down_read_trylock(&mm->mmap_sem)) {
 677                /*
 678                 * Activate page so shrink_inactive_list is unlikely to unmap
 679                 * its ptes while lock is dropped, so swapoff can make progress.
 680                 */
 681                activate_page(page);
 682                unlock_page(page);
 683                down_read(&mm->mmap_sem);
 684                lock_page(page);
 685        }
 686        for (vma = mm->mmap; vma; vma = vma->vm_next) {
 687                if (vma->anon_vma && (ret = unuse_vma(vma, entry, page)))
 688                        break;
 689        }
 690        up_read(&mm->mmap_sem);
 691        return (ret < 0)? ret: 0;
 692}
 693
 694/*
 695 * Scan swap_map from current position to next entry still in use.
 696 * Recycle to start on reaching the end, returning 0 when empty.
 697 */
 698static unsigned int find_next_to_unuse(struct swap_info_struct *si,
 699                                        unsigned int prev)
 700{
 701        unsigned int max = si->max;
 702        unsigned int i = prev;
 703        int count;
 704
 705        /*
 706         * No need for swap_lock here: we're just looking
 707         * for whether an entry is in use, not modifying it; false
 708         * hits are okay, and sys_swapoff() has already prevented new
 709         * allocations from this area (while holding swap_lock).
 710         */
 711        for (;;) {
 712                if (++i >= max) {
 713                        if (!prev) {
 714                                i = 0;
 715                                break;
 716                        }
 717                        /*
 718                         * No entries in use at top of swap_map,
 719                         * loop back to start and recheck there.
 720                         */
 721                        max = prev + 1;
 722                        prev = 0;
 723                        i = 1;
 724                }
 725                count = si->swap_map[i];
 726                if (count && count != SWAP_MAP_BAD)
 727                        break;
 728        }
 729        return i;
 730}
 731
 732/*
 733 * We completely avoid races by reading each swap page in advance,
 734 * and then search for the process using it.  All the necessary
 735 * page table adjustments can then be made atomically.
 736 */
 737static int try_to_unuse(unsigned int type)
 738{
 739        struct swap_info_struct * si = &swap_info[type];
 740        struct mm_struct *start_mm;
 741        unsigned short *swap_map;
 742        unsigned short swcount;
 743        struct page *page;
 744        swp_entry_t entry;
 745        unsigned int i = 0;
 746        int retval = 0;
 747        int reset_overflow = 0;
 748        int shmem;
 749
 750        /*
 751         * When searching mms for an entry, a good strategy is to
 752         * start at the first mm we freed the previous entry from
 753         * (though actually we don't notice whether we or coincidence
 754         * freed the entry).  Initialize this start_mm with a hold.
 755         *
 756         * A simpler strategy would be to start at the last mm we
 757         * freed the previous entry from; but that would take less
 758         * advantage of mmlist ordering, which clusters forked mms
 759         * together, child after parent.  If we race with dup_mmap(), we
 760         * prefer to resolve parent before child, lest we miss entries
 761         * duplicated after we scanned child: using last mm would invert
 762         * that.  Though it's only a serious concern when an overflowed
 763         * swap count is reset from SWAP_MAP_MAX, preventing a rescan.
 764         */
 765        start_mm = &init_mm;
 766        atomic_inc(&init_mm.mm_users);
 767
 768        /*
 769         * Keep on scanning until all entries have gone.  Usually,
 770         * one pass through swap_map is enough, but not necessarily:
 771         * there are races when an instance of an entry might be missed.
 772         */
 773        while ((i = find_next_to_unuse(si, i)) != 0) {
 774                if (signal_pending(current)) {
 775                        retval = -EINTR;
 776                        break;
 777                }
 778
 779                /* 
 780                 * Get a page for the entry, using the existing swap
 781                 * cache page if there is one.  Otherwise, get a clean
 782                 * page and read the swap into it. 
 783                 */
 784                swap_map = &si->swap_map[i];
 785                entry = swp_entry(type, i);
 786                page = read_swap_cache_async(entry,
 787                                        GFP_HIGHUSER_MOVABLE, NULL, 0);
 788                if (!page) {
 789                        /*
 790                         * Either swap_duplicate() failed because entry
 791                         * has been freed independently, and will not be
 792                         * reused since sys_swapoff() already disabled
 793                         * allocation from here, or alloc_page() failed.
 794                         */
 795                        if (!*swap_map)
 796                                continue;
 797                        retval = -ENOMEM;
 798                        break;
 799                }
 800
 801                /*
 802                 * Don't hold on to start_mm if it looks like exiting.
 803                 */
 804                if (atomic_read(&start_mm->mm_users) == 1) {
 805                        mmput(start_mm);
 806                        start_mm = &init_mm;
 807                        atomic_inc(&init_mm.mm_users);
 808                }
 809
 810                /*
 811                 * Wait for and lock page.  When do_swap_page races with
 812                 * try_to_unuse, do_swap_page can handle the fault much
 813                 * faster than try_to_unuse can locate the entry.  This
 814                 * apparently redundant "wait_on_page_locked" lets try_to_unuse
 815                 * defer to do_swap_page in such a case - in some tests,
 816                 * do_swap_page and try_to_unuse repeatedly compete.
 817                 */
 818                wait_on_page_locked(page);
 819                wait_on_page_writeback(page);
 820                lock_page(page);
 821                wait_on_page_writeback(page);
 822
 823                /*
 824                 * Remove all references to entry.
 825                 * Whenever we reach init_mm, there's no address space
 826                 * to search, but use it as a reminder to search shmem.
 827                 */
 828                shmem = 0;
 829                swcount = *swap_map;
 830                if (swcount > 1) {
 831                        if (start_mm == &init_mm)
 832                                shmem = shmem_unuse(entry, page);
 833                        else
 834                                retval = unuse_mm(start_mm, entry, page);
 835                }
 836                if (*swap_map > 1) {
 837                        int set_start_mm = (*swap_map >= swcount);
 838                        struct list_head *p = &start_mm->mmlist;
 839                        struct mm_struct *new_start_mm = start_mm;
 840                        struct mm_struct *prev_mm = start_mm;
 841                        struct mm_struct *mm;
 842
 843                        atomic_inc(&new_start_mm->mm_users);
 844                        atomic_inc(&prev_mm->mm_users);
 845                        spin_lock(&mmlist_lock);
 846                        while (*swap_map > 1 && !retval && !shmem &&
 847                                        (p = p->next) != &start_mm->mmlist) {
 848                                mm = list_entry(p, struct mm_struct, mmlist);
 849                                if (!atomic_inc_not_zero(&mm->mm_users))
 850                                        continue;
 851                                spin_unlock(&mmlist_lock);
 852                                mmput(prev_mm);
 853                                prev_mm = mm;
 854
 855                                cond_resched();
 856
 857                                swcount = *swap_map;
 858                                if (swcount <= 1)
 859                                        ;
 860                                else if (mm == &init_mm) {
 861                                        set_start_mm = 1;
 862                                        shmem = shmem_unuse(entry, page);
 863                                } else
 864                                        retval = unuse_mm(mm, entry, page);
 865                                if (set_start_mm && *swap_map < swcount) {
 866                                        mmput(new_start_mm);
 867                                        atomic_inc(&mm->mm_users);
 868                                        new_start_mm = mm;
 869                                        set_start_mm = 0;
 870                                }
 871                                spin_lock(&mmlist_lock);
 872                        }
 873                        spin_unlock(&mmlist_lock);
 874                        mmput(prev_mm);
 875                        mmput(start_mm);
 876                        start_mm = new_start_mm;
 877                }
 878                if (shmem) {
 879                        /* page has already been unlocked and released */
 880                        if (shmem > 0)
 881                                continue;
 882                        retval = shmem;
 883                        break;
 884                }
 885                if (retval) {
 886                        unlock_page(page);
 887                        page_cache_release(page);
 888                        break;
 889                }
 890
 891                /*
 892                 * How could swap count reach 0x7fff when the maximum
 893                 * pid is 0x7fff, and there's no way to repeat a swap
 894                 * page within an mm (except in shmem, where it's the
 895                 * shared object which takes the reference count)?
 896                 * We believe SWAP_MAP_MAX cannot occur in Linux 2.4.
 897                 *
 898                 * If that's wrong, then we should worry more about
 899                 * exit_mmap() and do_munmap() cases described above:
 900                 * we might be resetting SWAP_MAP_MAX too early here.
 901                 * We know "Undead"s can happen, they're okay, so don't
 902                 * report them; but do report if we reset SWAP_MAP_MAX.
 903                 */
 904                if (*swap_map == SWAP_MAP_MAX) {
 905                        spin_lock(&swap_lock);
 906                        *swap_map = 1;
 907                        spin_unlock(&swap_lock);
 908                        reset_overflow = 1;
 909                }
 910
 911                /*
 912                 * If a reference remains (rare), we would like to leave
 913                 * the page in the swap cache; but try_to_unmap could
 914                 * then re-duplicate the entry once we drop page lock,
 915                 * so we might loop indefinitely; also, that page could
 916                 * not be swapped out to other storage meanwhile.  So:
 917                 * delete from cache even if there's another reference,
 918                 * after ensuring that the data has been saved to disk -
 919                 * since if the reference remains (rarer), it will be
 920                 * read from disk into another page.  Splitting into two
 921                 * pages would be incorrect if swap supported "shared
 922                 * private" pages, but they are handled by tmpfs files.
 923                 */
 924                if ((*swap_map > 1) && PageDirty(page) && PageSwapCache(page)) {
 925                        struct writeback_control wbc = {
 926                                .sync_mode = WB_SYNC_NONE,
 927                        };
 928
 929                        swap_writepage(page, &wbc);
 930                        lock_page(page);
 931                        wait_on_page_writeback(page);
 932                }
 933                if (PageSwapCache(page))
 934                        delete_from_swap_cache(page);
 935
 936                /*
 937                 * So we could skip searching mms once swap count went
 938                 * to 1, we did not mark any present ptes as dirty: must
 939                 * mark page dirty so shrink_page_list will preserve it.
 940                 */
 941                SetPageDirty(page);
 942                unlock_page(page);
 943                page_cache_release(page);
 944
 945                /*
 946                 * Make sure that we aren't completely killing
 947                 * interactive performance.
 948                 */
 949                cond_resched();
 950        }
 951
 952        mmput(start_mm);
 953        if (reset_overflow) {
 954                printk(KERN_WARNING "swapoff: cleared swap entry overflow\n");
 955                swap_overflow = 0;
 956        }
 957        return retval;
 958}
 959
 960/*
 961 * After a successful try_to_unuse, if no swap is now in use, we know
 962 * we can empty the mmlist.  swap_lock must be held on entry and exit.
 963 * Note that mmlist_lock nests inside swap_lock, and an mm must be
 964 * added to the mmlist just after page_duplicate - before would be racy.
 965 */
 966static void drain_mmlist(void)
 967{
 968        struct list_head *p, *next;
 969        unsigned int i;
 970
 971        for (i = 0; i < nr_swapfiles; i++)
 972                if (swap_info[i].inuse_pages)
 973                        return;
 974        spin_lock(&mmlist_lock);
 975        list_for_each_safe(p, next, &init_mm.mmlist)
 976                list_del_init(p);
 977        spin_unlock(&mmlist_lock);
 978}
 979
 980/*
 981 * Use this swapdev's extent info to locate the (PAGE_SIZE) block which
 982 * corresponds to page offset `offset'.
 983 */
 984sector_t map_swap_page(struct swap_info_struct *sis, pgoff_t offset)
 985{
 986        struct swap_extent *se = sis->curr_swap_extent;
 987        struct swap_extent *start_se = se;
 988
 989        for ( ; ; ) {
 990                struct list_head *lh;
 991
 992                if (se->start_page <= offset &&
 993                                offset < (se->start_page + se->nr_pages)) {
 994                        return se->start_block + (offset - se->start_page);
 995                }
 996                lh = se->list.next;
 997                if (lh == &sis->extent_list)
 998                        lh = lh->next;
 999                se = list_entry(lh, struct swap_extent, list);
1000                sis->curr_swap_extent = se;
1001                BUG_ON(se == start_se);                /* It *must* be present */
1002        }
1003}
1004
1005#ifdef CONFIG_HIBERNATION
1006/*
1007 * Get the (PAGE_SIZE) block corresponding to given offset on the swapdev
1008 * corresponding to given index in swap_info (swap type).
1009 */
1010sector_t swapdev_block(int swap_type, pgoff_t offset)
1011{
1012        struct swap_info_struct *sis;
1013
1014        if (swap_type >= nr_swapfiles)
1015                return 0;
1016
1017        sis = swap_info + swap_type;
1018        return (sis->flags & SWP_WRITEOK) ? map_swap_page(sis, offset) : 0;
1019}
1020#endif /* CONFIG_HIBERNATION */
1021
1022/*
1023 * Free all of a swapdev's extent information
1024 */
1025static void destroy_swap_extents(struct swap_info_struct *sis)
1026{
1027        while (!list_empty(&sis->extent_list)) {
1028                struct swap_extent *se;
1029
1030                se = list_entry(sis->extent_list.next,
1031                                struct swap_extent, list);
1032                list_del(&se->list);
1033                kfree(se);
1034        }
1035}
1036
1037/*
1038 * Add a block range (and the corresponding page range) into this swapdev's
1039 * extent list.  The extent list is kept sorted in page order.
1040 *
1041 * This function rather assumes that it is called in ascending page order.
1042 */
1043static int
1044add_swap_extent(struct swap_info_struct *sis, unsigned long start_page,
1045                unsigned long nr_pages, sector_t start_block)
1046{
1047        struct swap_extent *se;
1048        struct swap_extent *new_se;
1049        struct list_head *lh;
1050
1051        lh = sis->extent_list.prev;        /* The highest page extent */
1052        if (lh != &sis->extent_list) {
1053                se = list_entry(lh, struct swap_extent, list);
1054                BUG_ON(se->start_page + se->nr_pages != start_page);
1055                if (se->start_block + se->nr_pages == start_block) {
1056                        /* Merge it */
1057                        se->nr_pages += nr_pages;
1058                        return 0;
1059                }
1060        }
1061
1062        /*
1063         * No merge.  Insert a new extent, preserving ordering.
1064         */
1065        new_se = kmalloc(sizeof(*se), GFP_KERNEL);
1066        if (new_se == NULL)
1067                return -ENOMEM;
1068        new_se->start_page = start_page;
1069        new_se->nr_pages = nr_pages;
1070        new_se->start_block = start_block;
1071
1072        list_add_tail(&new_se->list, &sis->extent_list);
1073        return 1;
1074}
1075
1076/*
1077 * A `swap extent' is a simple thing which maps a contiguous range of pages
1078 * onto a contiguous range of disk blocks.  An ordered list of swap extents
1079 * is built at swapon time and is then used at swap_writepage/swap_readpage
1080 * time for locating where on disk a page belongs.
1081 *
1082 * If the swapfile is an S_ISBLK block device, a single extent is installed.
1083 * This is done so that the main operating code can treat S_ISBLK and S_ISREG
1084 * swap files identically.
1085 *
1086 * Whether the swapdev is an S_ISREG file or an S_ISBLK blockdev, the swap
1087 * extent list operates in PAGE_SIZE disk blocks.  Both S_ISREG and S_ISBLK
1088 * swapfiles are handled *identically* after swapon time.
1089 *
1090 * For S_ISREG swapfiles, setup_swap_extents() will walk all the file's blocks
1091 * and will parse them into an ordered extent list, in PAGE_SIZE chunks.  If
1092 * some stray blocks are found which do not fall within the PAGE_SIZE alignment
1093 * requirements, they are simply tossed out - we will never use those blocks
1094 * for swapping.
1095 *
1096 * For S_ISREG swapfiles we set S_SWAPFILE across the life of the swapon.  This
1097 * prevents root from shooting her foot off by ftruncating an in-use swapfile,
1098 * which will scribble on the fs.
1099 *
1100 * The amount of disk space which a single swap extent represents varies.
1101 * Typically it is in the 1-4 megabyte range.  So we can have hundreds of
1102 * extents in the list.  To avoid much list walking, we cache the previous
1103 * search location in `curr_swap_extent', and start new searches from there.
1104 * This is extremely effective.  The average number of iterations in
1105 * map_swap_page() has been measured at about 0.3 per page.  - akpm.
1106 */
1107static int setup_swap_extents(struct swap_info_struct *sis, sector_t *span)
1108{
1109        struct inode *inode;
1110        unsigned blocks_per_page;
1111        unsigned long page_no;
1112        unsigned blkbits;
1113        sector_t probe_block;
1114        sector_t last_block;
1115        sector_t lowest_block = -1;
1116        sector_t highest_block = 0;
1117        int nr_extents = 0;
1118        int ret;
1119
1120        inode = sis->swap_file->f_mapping->host;
1121        if (S_ISBLK(inode->i_mode)) {
1122                ret = add_swap_extent(sis, 0, sis->max, 0);
1123                *span = sis->pages;
1124                goto done;
1125        }
1126
1127        blkbits = inode->i_blkbits;
1128        blocks_per_page = PAGE_SIZE >> blkbits;
1129
1130        /*
1131         * Map all the blocks into the extent list.  This code doesn't try
1132         * to be very smart.
1133         */
1134        probe_block = 0;
1135        page_no = 0;
1136        last_block = i_size_read(inode) >> blkbits;
1137        while ((probe_block + blocks_per_page) <= last_block &&
1138                        page_no < sis->max) {
1139                unsigned block_in_page;
1140                sector_t first_block;
1141
1142                first_block = bmap(inode, probe_block);
1143                if (first_block == 0)
1144                        goto bad_bmap;
1145
1146                /*
1147                 * It must be PAGE_SIZE aligned on-disk
1148                 */
1149                if (first_block & (blocks_per_page - 1)) {
1150                        probe_block++;
1151                        goto reprobe;
1152                }
1153
1154                for (block_in_page = 1; block_in_page < blocks_per_page;
1155                                        block_in_page++) {
1156                        sector_t block;
1157
1158                        block = bmap(inode, probe_block + block_in_page);
1159                        if (block == 0)
1160                                goto bad_bmap;
1161                        if (block != first_block + block_in_page) {
1162                                /* Discontiguity */
1163                                probe_block++;
1164                                goto reprobe;
1165                        }
1166                }
1167
1168                first_block >>= (PAGE_SHIFT - blkbits);
1169                if (page_no) {        /* exclude the header page */
1170                        if (first_block < lowest_block)
1171                                lowest_block = first_block;
1172                        if (first_block > highest_block)
1173                                highest_block = first_block;
1174                }
1175
1176                /*
1177                 * We found a PAGE_SIZE-length, PAGE_SIZE-aligned run of blocks
1178                 */
1179                ret = add_swap_extent(sis, page_no, 1, first_block);
1180                if (ret < 0)
1181                        goto out;
1182                nr_extents += ret;
1183                page_no++;
1184                probe_block += blocks_per_page;
1185reprobe:
1186                continue;
1187        }
1188        ret = nr_extents;
1189        *span = 1 + highest_block - lowest_block;
1190        if (page_no == 0)
1191                page_no = 1;        /* force Empty message */
1192        sis->max = page_no;
1193        sis->pages = page_no - 1;
1194        sis->highest_bit = page_no - 1;
1195done:
1196        sis->curr_swap_extent = list_entry(sis->extent_list.prev,
1197                                        struct swap_extent, list);
1198        goto out;
1199bad_bmap:
1200        printk(KERN_ERR "swapon: swapfile has holes\n");
1201        ret = -EINVAL;
1202out:
1203        return ret;
1204}
1205
1206#if 0        /* We don't need this yet */
1207#include <linux/backing-dev.h>
1208int page_queue_congested(struct page *page)
1209{
1210        struct backing_dev_info *bdi;
1211
1212        BUG_ON(!PageLocked(page));        /* It pins the swap_info_struct */
1213
1214        if (PageSwapCache(page)) {
1215                swp_entry_t entry = { .val = page_private(page) };
1216                struct swap_info_struct *sis;
1217
1218                sis = get_swap_info_struct(swp_type(entry));
1219                bdi = sis->bdev->bd_inode->i_mapping->backing_dev_info;
1220        } else
1221                bdi = page->mapping->backing_dev_info;
1222        return bdi_write_congested(bdi);
1223}
1224#endif
1225
1226asmlinkage long sys_swapoff(const char __user * specialfile)
1227{
1228        struct swap_info_struct * p = NULL;
1229        unsigned short *swap_map;
1230        struct file *swap_file, *victim;
1231        struct address_space *mapping;
1232        struct inode *inode;
1233        char * pathname;
1234        int i, type, prev;
1235        int err;
1236        
1237        if (!capable(CAP_SYS_ADMIN))
1238                return -EPERM;
1239
1240        pathname = getname(specialfile);
1241        err = PTR_ERR(pathname);
1242        if (IS_ERR(pathname))
1243                goto out;
1244
1245        victim = filp_open(pathname, O_RDWR|O_LARGEFILE, 0);
1246        putname(pathname);
1247        err = PTR_ERR(victim);
1248        if (IS_ERR(victim))
1249                goto out;
1250
1251        mapping = victim->f_mapping;
1252        prev = -1;
1253        spin_lock(&swap_lock);
1254        for (type = swap_list.head; type >= 0; type = swap_info[type].next) {
1255                p = swap_info + type;
1256                if ((p->flags & SWP_ACTIVE) == SWP_ACTIVE) {
1257                        if (p->swap_file->f_mapping == mapping)
1258                                break;
1259                }
1260                prev = type;
1261        }
1262        if (type < 0) {
1263                err = -EINVAL;
1264                spin_unlock(&swap_lock);
1265                goto out_dput;
1266        }
1267        if (!security_vm_enough_memory(p->pages))
1268                vm_unacct_memory(p->pages);
1269        else {
1270                err = -ENOMEM;
1271                spin_unlock(&swap_lock);
1272                goto out_dput;
1273        }
1274        if (prev < 0) {
1275                swap_list.head = p->next;
1276        } else {
1277                swap_info[prev].next = p->next;
1278        }
1279        if (type == swap_list.next) {
1280                /* just pick something that's safe... */
1281                swap_list.next = swap_list.head;
1282        }
1283        if (p->prio < 0) {
1284                for (i = p->next; i >= 0; i = swap_info[i].next)
1285                        swap_info[i].prio = p->prio--;
1286                least_priority++;
1287        }
1288        nr_swap_pages -= p->pages;
1289        total_swap_pages -= p->pages;
1290        p->flags &= ~SWP_WRITEOK;
1291        spin_unlock(&swap_lock);
1292
1293        current->flags |= PF_SWAPOFF;
1294        err = try_to_unuse(type);
1295        current->flags &= ~PF_SWAPOFF;
1296
1297        if (err) {
1298                /* re-insert swap space back into swap_list */
1299                spin_lock(&swap_lock);
1300                if (p->prio < 0)
1301                        p->prio = --least_priority;
1302                prev = -1;
1303                for (i = swap_list.head; i >= 0; i = swap_info[i].next) {
1304                        if (p->prio >= swap_info[i].prio)
1305                                break;
1306                        prev = i;
1307                }
1308                p->next = i;
1309                if (prev < 0)
1310                        swap_list.head = swap_list.next = p - swap_info;
1311                else
1312                        swap_info[prev].next = p - swap_info;
1313                nr_swap_pages += p->pages;
1314                total_swap_pages += p->pages;
1315                p->flags |= SWP_WRITEOK;
1316                spin_unlock(&swap_lock);
1317                goto out_dput;
1318        }
1319
1320        /* wait for any unplug function to finish */
1321        down_write(&swap_unplug_sem);
1322        up_write(&swap_unplug_sem);
1323
1324        destroy_swap_extents(p);
1325        mutex_lock(&swapon_mutex);
1326        spin_lock(&swap_lock);
1327        drain_mmlist();
1328
1329        /* wait for anyone still in scan_swap_map */
1330        p->highest_bit = 0;                /* cuts scans short */
1331        while (p->flags >= SWP_SCANNING) {
1332                spin_unlock(&swap_lock);
1333                schedule_timeout_uninterruptible(1);
1334                spin_lock(&swap_lock);
1335        }
1336
1337        swap_file = p->swap_file;
1338        p->swap_file = NULL;
1339        p->max = 0;
1340        swap_map = p->swap_map;
1341        p->swap_map = NULL;
1342        p->flags = 0;
1343        spin_unlock(&swap_lock);
1344        mutex_unlock(&swapon_mutex);
1345        vfree(swap_map);
1346        inode = mapping->host;
1347        if (S_ISBLK(inode->i_mode)) {
1348                struct block_device *bdev = I_BDEV(inode);
1349                set_blocksize(bdev, p->old_block_size);
1350                bd_release(bdev);
1351        } else {
1352                mutex_lock(&inode->i_mutex);
1353                inode->i_flags &= ~S_SWAPFILE;
1354                mutex_unlock(&inode->i_mutex);
1355        }
1356        filp_close(swap_file, NULL);
1357        err = 0;
1358
1359out_dput:
1360        filp_close(victim, NULL);
1361out:
1362        return err;
1363}
1364
1365#ifdef CONFIG_PROC_FS
1366/* iterator */
1367static void *swap_start(struct seq_file *swap, loff_t *pos)
1368{
1369        struct swap_info_struct *ptr = swap_info;
1370        int i;
1371        loff_t l = *pos;
1372
1373        mutex_lock(&swapon_mutex);
1374
1375        if (!l)
1376                return SEQ_START_TOKEN;
1377
1378        for (i = 0; i < nr_swapfiles; i++, ptr++) {
1379                if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1380                        continue;
1381                if (!--l)
1382                        return ptr;
1383        }
1384
1385        return NULL;
1386}
1387
1388static void *swap_next(struct seq_file *swap, void *v, loff_t *pos)
1389{
1390        struct swap_info_struct *ptr;
1391        struct swap_info_struct *endptr = swap_info + nr_swapfiles;
1392
1393        if (v == SEQ_START_TOKEN)
1394                ptr = swap_info;
1395        else {
1396                ptr = v;
1397                ptr++;
1398        }
1399
1400        for (; ptr < endptr; ptr++) {
1401                if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1402                        continue;
1403                ++*pos;
1404                return ptr;
1405        }
1406
1407        return NULL;
1408}
1409
1410static void swap_stop(struct seq_file *swap, void *v)
1411{
1412        mutex_unlock(&swapon_mutex);
1413}
1414
1415static int swap_show(struct seq_file *swap, void *v)
1416{
1417        struct swap_info_struct *ptr = v;
1418        struct file *file;
1419        int len;
1420
1421        if (ptr == SEQ_START_TOKEN) {
1422                seq_puts(swap,"Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
1423                return 0;
1424        }
1425
1426        file = ptr->swap_file;
1427        len = seq_path(swap, &file->f_path, " \t\n\\");
1428        seq_printf(swap, "%*s%s\t%u\t%u\t%d\n",
1429                       len < 40 ? 40 - len : 1, " ",
1430                       S_ISBLK(file->f_path.dentry->d_inode->i_mode) ?
1431                                "partition" : "file\t",
1432                       ptr->pages << (PAGE_SHIFT - 10),
1433                       ptr->inuse_pages << (PAGE_SHIFT - 10),
1434                       ptr->prio);
1435        return 0;
1436}
1437
1438static const struct seq_operations swaps_op = {
1439        .start =        swap_start,
1440        .next =                swap_next,
1441        .stop =                swap_stop,
1442        .show =                swap_show
1443};
1444
1445static int swaps_open(struct inode *inode, struct file *file)
1446{
1447        return seq_open(file, &swaps_op);
1448}
1449
1450static const struct file_operations proc_swaps_operations = {
1451        .open                = swaps_open,
1452        .read                = seq_read,
1453        .llseek                = seq_lseek,
1454        .release        = seq_release,
1455};
1456
1457static int __init procswaps_init(void)
1458{
1459        proc_create("swaps", 0, NULL, &proc_swaps_operations);
1460        return 0;
1461}
1462__initcall(procswaps_init);
1463#endif /* CONFIG_PROC_FS */
1464
1465/*
1466 * Written 01/25/92 by Simmule Turner, heavily changed by Linus.
1467 *
1468 * The swapon system call
1469 */
1470asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags)
1471{
1472        struct swap_info_struct * p;
1473        char *name = NULL;
1474        struct block_device *bdev = NULL;
1475        struct file *swap_file = NULL;
1476        struct address_space *mapping;
1477        unsigned int type;
1478        int i, prev;
1479        int error;
1480        union swap_header *swap_header = NULL;
1481        int swap_header_version;
1482        unsigned int nr_good_pages = 0;
1483        int nr_extents = 0;
1484        sector_t span;
1485        unsigned long maxpages = 1;
1486        int swapfilesize;
1487        unsigned short *swap_map = NULL;
1488        struct page *page = NULL;
1489        struct inode *inode = NULL;
1490        int did_down = 0;
1491
1492        if (!capable(CAP_SYS_ADMIN))
1493                return -EPERM;
1494        spin_lock(&swap_lock);
1495        p = swap_info;
1496        for (type = 0 ; type < nr_swapfiles ; type++,p++)
1497                if (!(p->flags & SWP_USED))
1498                        break;
1499        error = -EPERM;
1500        if (type >= MAX_SWAPFILES) {
1501                spin_unlock(&swap_lock);
1502                goto out;
1503        }
1504        if (type >= nr_swapfiles)
1505                nr_swapfiles = type+1;
1506        memset(p, 0, sizeof(*p));
1507        INIT_LIST_HEAD(&p->extent_list);
1508        p->flags = SWP_USED;
1509        p->next = -1;
1510        spin_unlock(&swap_lock);
1511        name = getname(specialfile);
1512        error = PTR_ERR(name);
1513        if (IS_ERR(name)) {
1514                name = NULL;
1515                goto bad_swap_2;
1516        }
1517        swap_file = filp_open(name, O_RDWR|O_LARGEFILE, 0);
1518        error = PTR_ERR(swap_file);
1519        if (IS_ERR(swap_file)) {
1520                swap_file = NULL;
1521                goto bad_swap_2;
1522        }
1523
1524        p->swap_file = swap_file;
1525        mapping = swap_file->f_mapping;
1526        inode = mapping->host;
1527
1528        error = -EBUSY;
1529        for (i = 0; i < nr_swapfiles; i++) {
1530                struct swap_info_struct *q = &swap_info[i];
1531
1532                if (i == type || !q->swap_file)
1533                        continue;
1534                if (mapping == q->swap_file->f_mapping)
1535                        goto bad_swap;
1536        }
1537
1538        error = -EINVAL;
1539        if (S_ISBLK(inode->i_mode)) {
1540                bdev = I_BDEV(inode);
1541                error = bd_claim(bdev, sys_swapon);
1542                if (error < 0) {
1543                        bdev = NULL;
1544                        error = -EINVAL;
1545                        goto bad_swap;
1546                }
1547                p->old_block_size = block_size(bdev);
1548                error = set_blocksize(bdev, PAGE_SIZE);
1549                if (error < 0)
1550                        goto bad_swap;
1551                p->bdev = bdev;
1552        } else if (S_ISREG(inode->i_mode)) {
1553                p->bdev = inode->i_sb->s_bdev;
1554                mutex_lock(&inode->i_mutex);
1555                did_down = 1;
1556                if (IS_SWAPFILE(inode)) {
1557                        error = -EBUSY;
1558                        goto bad_swap;
1559                }
1560        } else {
1561                goto bad_swap;
1562        }
1563
1564        swapfilesize = i_size_read(inode) >> PAGE_SHIFT;
1565
1566        /*
1567         * Read the swap header.
1568         */
1569        if (!mapping->a_ops->readpage) {
1570                error = -EINVAL;
1571                goto bad_swap;
1572        }
1573        page = read_mapping_page(mapping, 0, swap_file);
1574        if (IS_ERR(page)) {
1575                error = PTR_ERR(page);
1576                goto bad_swap;
1577        }
1578        kmap(page);
1579        swap_header = page_address(page);
1580
1581        if (!memcmp("SWAP-SPACE",swap_header->magic.magic,10))
1582                swap_header_version = 1;
1583        else if (!memcmp("SWAPSPACE2",swap_header->magic.magic,10))
1584                swap_header_version = 2;
1585        else {
1586                printk(KERN_ERR "Unable to find swap-space signature\n");
1587                error = -EINVAL;
1588                goto bad_swap;
1589        }
1590        
1591        switch (swap_header_version) {
1592        case 1:
1593                printk(KERN_ERR "version 0 swap is no longer supported. "
1594                        "Use mkswap -v1 %s\n", name);
1595                error = -EINVAL;
1596                goto bad_swap;
1597        case 2:
1598                /* swap partition endianess hack... */
1599                if (swab32(swap_header->info.version) == 1) {
1600                        swab32s(&swap_header->info.version);
1601                        swab32s(&swap_header->info.last_page);
1602                        swab32s(&swap_header->info.nr_badpages);
1603                        for (i = 0; i < swap_header->info.nr_badpages; i++)
1604                                swab32s(&swap_header->info.badpages[i]);
1605                }
1606                /* Check the swap header's sub-version and the size of
1607                   the swap file and bad block lists */
1608                if (swap_header->info.version != 1) {
1609                        printk(KERN_WARNING
1610                               "Unable to handle swap header version %d\n",
1611                               swap_header->info.version);
1612                        error = -EINVAL;
1613                        goto bad_swap;
1614                }
1615
1616                p->lowest_bit  = 1;
1617                p->cluster_next = 1;
1618
1619                /*
1620                 * Find out how many pages are allowed for a single swap
1621                 * device. There are two limiting factors: 1) the number of
1622                 * bits for the swap offset in the swp_entry_t type and
1623                 * 2) the number of bits in the a swap pte as defined by
1624                 * the different architectures. In order to find the
1625                 * largest possible bit mask a swap entry with swap type 0
1626                 * and swap offset ~0UL is created, encoded to a swap pte,
1627                 * decoded to a swp_entry_t again and finally the swap
1628                 * offset is extracted. This will mask all the bits from
1629                 * the initial ~0UL mask that can't be encoded in either
1630                 * the swp_entry_t or the architecture definition of a
1631                 * swap pte.
1632                 */
1633                maxpages = swp_offset(pte_to_swp_entry(swp_entry_to_pte(swp_entry(0,~0UL)))) - 1;
1634                if (maxpages > swap_header->info.last_page)
1635                        maxpages = swap_header->info.last_page;
1636                p->highest_bit = maxpages - 1;
1637
1638                error = -EINVAL;
1639                if (!maxpages)
1640                        goto bad_swap;
1641                if (swapfilesize && maxpages > swapfilesize) {
1642                        printk(KERN_WARNING
1643                               "Swap area shorter than signature indicates\n");
1644                        goto bad_swap;
1645                }
1646                if (swap_header->info.nr_badpages && S_ISREG(inode->i_mode))
1647                        goto bad_swap;
1648                if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES)
1649                        goto bad_swap;
1650
1651                /* OK, set up the swap map and apply the bad block list */
1652                swap_map = vmalloc(maxpages * sizeof(short));
1653                if (!swap_map) {
1654                        error = -ENOMEM;
1655                        goto bad_swap;
1656                }
1657
1658                error = 0;
1659                memset(swap_map, 0, maxpages * sizeof(short));
1660                for (i = 0; i < swap_header->info.nr_badpages; i++) {
1661                        int page_nr = swap_header->info.badpages[i];
1662                        if (page_nr <= 0 || page_nr >= swap_header->info.last_page)
1663                                error = -EINVAL;
1664                        else
1665                                swap_map[page_nr] = SWAP_MAP_BAD;
1666                }
1667                nr_good_pages = swap_header->info.last_page -
1668                                swap_header->info.nr_badpages -
1669                                1 /* header page */;
1670                if (error)
1671                        goto bad_swap;
1672        }
1673
1674        if (nr_good_pages) {
1675                swap_map[0] = SWAP_MAP_BAD;
1676                p->max = maxpages;
1677                p->pages = nr_good_pages;
1678                nr_extents = setup_swap_extents(p, &span);
1679                if (nr_extents < 0) {
1680                        error = nr_extents;
1681                        goto bad_swap;
1682                }
1683                nr_good_pages = p->pages;
1684        }
1685        if (!nr_good_pages) {
1686                printk(KERN_WARNING "Empty swap-file\n");
1687                error = -EINVAL;
1688                goto bad_swap;
1689        }
1690
1691        mutex_lock(&swapon_mutex);
1692        spin_lock(&swap_lock);
1693        if (swap_flags & SWAP_FLAG_PREFER)
1694                p->prio =
1695                  (swap_flags & SWAP_FLAG_PRIO_MASK) >> SWAP_FLAG_PRIO_SHIFT;
1696        else
1697                p->prio = --least_priority;
1698        p->swap_map = swap_map;
1699        p->flags = SWP_ACTIVE;
1700        nr_swap_pages += nr_good_pages;
1701        total_swap_pages += nr_good_pages;
1702
1703        printk(KERN_INFO "Adding %uk swap on %s.  "
1704                        "Priority:%d extents:%d across:%lluk\n",
1705                nr_good_pages<<(PAGE_SHIFT-10), name, p->prio,
1706                nr_extents, (unsigned long long)span<<(PAGE_SHIFT-10));
1707
1708        /* insert swap space into swap_list: */
1709        prev = -1;
1710        for (i = swap_list.head; i >= 0; i = swap_info[i].next) {
1711                if (p->prio >= swap_info[i].prio) {
1712                        break;
1713                }
1714                prev = i;
1715        }
1716        p->next = i;
1717        if (prev < 0) {
1718                swap_list.head = swap_list.next = p - swap_info;
1719        } else {
1720                swap_info[prev].next = p - swap_info;
1721        }
1722        spin_unlock(&swap_lock);
1723        mutex_unlock(&swapon_mutex);
1724        error = 0;
1725        goto out;
1726bad_swap:
1727        if (bdev) {
1728                set_blocksize(bdev, p->old_block_size);
1729                bd_release(bdev);
1730        }
1731        destroy_swap_extents(p);
1732bad_swap_2:
1733        spin_lock(&swap_lock);
1734        p->swap_file = NULL;
1735        p->flags = 0;
1736        spin_unlock(&swap_lock);
1737        vfree(swap_map);
1738        if (swap_file)
1739                filp_close(swap_file, NULL);
1740out:
1741        if (page && !IS_ERR(page)) {
1742                kunmap(page);
1743                page_cache_release(page);
1744        }
1745        if (name)
1746                putname(name);
1747        if (did_down) {
1748                if (!error)
1749                        inode->i_flags |= S_SWAPFILE;
1750                mutex_unlock(&inode->i_mutex);
1751        }
1752        return error;
1753}
1754
1755void si_swapinfo(struct sysinfo *val)
1756{
1757        unsigned int i;
1758        unsigned long nr_to_be_unused = 0;
1759
1760        spin_lock(&swap_lock);
1761        for (i = 0; i < nr_swapfiles; i++) {
1762                if (!(swap_info[i].flags & SWP_USED) ||
1763                     (swap_info[i].flags & SWP_WRITEOK))
1764                        continue;
1765                nr_to_be_unused += swap_info[i].inuse_pages;
1766        }
1767        val->freeswap = nr_swap_pages + nr_to_be_unused;
1768        val->totalswap = total_swap_pages + nr_to_be_unused;
1769        spin_unlock(&swap_lock);
1770}
1771
1772/*
1773 * Verify that a swap entry is valid and increment its swap map count.
1774 *
1775 * Note: if swap_map[] reaches SWAP_MAP_MAX the entries are treated as
1776 * "permanent", but will be reclaimed by the next swapoff.
1777 */
1778int swap_duplicate(swp_entry_t entry)
1779{
1780        struct swap_info_struct * p;
1781        unsigned long offset, type;
1782        int result = 0;
1783
1784        if (is_migration_entry(entry))
1785                return 1;
1786
1787        type = swp_type(entry);
1788        if (type >= nr_swapfiles)
1789                goto bad_file;
1790        p = type + swap_info;
1791        offset = swp_offset(entry);
1792
1793        spin_lock(&swap_lock);
1794        if (offset < p->max && p->swap_map[offset]) {
1795                if (p->swap_map[offset] < SWAP_MAP_MAX - 1) {
1796                        p->swap_map[offset]++;
1797                        result = 1;
1798                } else if (p->swap_map[offset] <= SWAP_MAP_MAX) {
1799                        if (swap_overflow++ < 5)
1800                                printk(KERN_WARNING "swap_dup: swap entry overflow\n");
1801                        p->swap_map[offset] = SWAP_MAP_MAX;
1802                        result = 1;
1803                }
1804        }
1805        spin_unlock(&swap_lock);
1806out:
1807        return result;
1808
1809bad_file:
1810        printk(KERN_ERR "swap_dup: %s%08lx\n", Bad_file, entry.val);
1811        goto out;
1812}
1813
1814struct swap_info_struct *
1815get_swap_info_struct(unsigned type)
1816{
1817        return &swap_info[type];
1818}
1819
1820/*
1821 * swap_lock prevents swap_map being freed. Don't grab an extra
1822 * reference on the swaphandle, it doesn't matter if it becomes unused.
1823 */
1824int valid_swaphandles(swp_entry_t entry, unsigned long *offset)
1825{
1826        struct swap_info_struct *si;
1827        int our_page_cluster = page_cluster;
1828        pgoff_t target, toff;
1829        pgoff_t base, end;
1830        int nr_pages = 0;
1831
1832        if (!our_page_cluster)        /* no readahead */
1833                return 0;
1834
1835        si = &swap_info[swp_type(entry)];
1836        target = swp_offset(entry);
1837        base = (target >> our_page_cluster) << our_page_cluster;
1838        end = base + (1 << our_page_cluster);
1839        if (!base)                /* first page is swap header */
1840                base++;
1841
1842        spin_lock(&swap_lock);
1843        if (end > si->max)        /* don't go beyond end of map */
1844                end = si->max;
1845
1846        /* Count contiguous allocated slots above our target */
1847        for (toff = target; ++toff < end; nr_pages++) {
1848                /* Don't read in free or bad pages */
1849                if (!si->swap_map[toff])
1850                        break;
1851                if (si->swap_map[toff] == SWAP_MAP_BAD)
1852                        break;
1853        }
1854        /* Count contiguous allocated slots below our target */
1855        for (toff = target; --toff >= base; nr_pages++) {
1856                /* Don't read in free or bad pages */
1857                if (!si->swap_map[toff])
1858                        break;
1859                if (si->swap_map[toff] == SWAP_MAP_BAD)
1860                        break;
1861        }
1862        spin_unlock(&swap_lock);
1863
1864        /*
1865         * Indicate starting offset, and return number of pages to get:
1866         * if only 1, say 0, since there's then no readahead to be done.
1867         */
1868        *offset = ++toff;
1869        return nr_pages? ++nr_pages: 0;
1870}