18.1 KSM实现
胥玮
KSM在初始化是会创建一个名为"ksmd"的内核线程。
[mm/ksm.c]
static int __init ksm_init(void)
{
struct task_struct *ksm_thread;
int err;
err = ksm_slab_init();
if (err)
goto out;
ksm_thread = kthread_run(ksm_scan_thread, NULL, "ksmd");
if (IS_ERR(ksm_thread)) {
pr_err("ksm: creating kthread failed\n");
err = PTR_ERR(ksm_thread);
goto out_free;
}
#ifdef CONFIG_SYSFS
err = sysfs_create_group(mm_kobj, &ksm_attr_group);
if (err) {
pr_err("ksm: register sysfs failed\n");
kthread_stop(ksm_thread);
goto out_free;
}
#else
ksm_run = KSM_RUN_MERGE; /* no way for user to start it */
#endif /* CONFIG_SYSFS */
#ifdef CONFIG_MEMORY_HOTREMOVE
/* There is no significance to this priority 100 */
hotplug_memory_notifier(ksm_memory_callback, 100);
#endif
return 0;
out_free:
ksm_slab_free();
out:
return err;
}KSM只会处理通过madvise系统调用显式指定的用户进程空间内存,因此用户程序想使用这个功能就必须分配内存时显式地调用"madvise(add, length, MADV_MERGEABLE)", 如果用户想在KSM中取消某一个用户进程地址空间的合并功能,也需要显式得调用"madvise(addr, lenght, MADV_UNMERGEABLE)"。
在Android系统中,在libc库(Android系统的libc库是bionic)中的mmap函数实现已经默认添加了此功能。
[libc/bionic/mmap.cpp]
void* mmap64(void* addr, size_t size, int prot, int flags, int fd, off64_t offset) {
if (offset < 0 || (offset & ((1UL << MMAP2_SHIFT)-1)) != 0) {
errno = EINVAL;
return MAP_FAILED;
}
// prevent allocations large enough for `end - start` to overflow
size_t rounded = BIONIC_ALIGN(size, PAGE_SIZE);
if (rounded < size || rounded > PTRDIFF_MAX) {
errno = ENOMEM;
return MAP_FAILED;
}
bool is_private_anonymous =
(flags & (MAP_PRIVATE | MAP_ANONYMOUS)) == (MAP_PRIVATE | MAP_ANONYMOUS);
bool is_stack_or_grows_down = (flags & (MAP_STACK | MAP_GROWSDOWN)) != 0;
void* result = __mmap2(addr, size, prot, flags, fd, offset >> MMAP2_SHIFT);
/*判断mmap分配的内存,即进程用户空间地址是否私有映射(MAP_PRIVATE)或匿名映射(MAP_ANONYMOUS),
如果是,则显式地调用madvise系统调用把进程用户空间地址区间添加到Linux内核KSM系统中。*/
if (result != MAP_FAILED && kernel_has_MADV_MERGEABLE &&
is_private_anonymous && !is_stack_or_grows_down) {
ErrnoRestorer errno_restorer;
int rc = madvise(result, size, MADV_MERGEABLE);
if (rc == -1 && errno == EINVAL) {
kernel_has_MADV_MERGEABLE = false;
}
}
return result;
}[madvise()->ksm_madvise()->__ksm_enter()]
int __ksm_enter(struct mm_struct *mm)
{
struct mm_slot *mm_slot;
int needs_wakeup;
/*分配一个struct mm_slot数据结构*/
mm_slot = alloc_mm_slot();
if (!mm_slot)
return -ENOMEM;
/* Check ksm_run too? Would need tighter locking */
needs_wakeup = list_empty(&ksm_mm_head.mm_list);
/*添加管理ksm mmlist链表的spinlock锁*/
spin_lock(&ksm_mmlist_lock);
/*把当前的mm数据结构添加到mm_lots_hash哈希表中(mm_lots_hash是一个全局hash链表,必须加锁访问)*/
insert_to_mm_slots_hash(mm, mm_slot);
/*
* When KSM_RUN_MERGE (or KSM_RUN_STOP),
* insert just behind the scanning cursor, to let the area settle
* down a little; when fork is followed by immediate exec, we don't
* want ksmd to waste time setting up and tearing down an rmap_list.
*
* But when KSM_RUN_UNMERGE, it's important to insert ahead of its
* scanning cursor, otherwise KSM pages in newly forked mms will be
* missed: then we might as well insert at the end of the list.
*/
if (ksm_run & KSM_RUN_UNMERGE)
list_add_tail(&mm_slot->mm_list, &ksm_mm_head.mm_list);
else
list_add_tail(&mm_slot->mm_list, &ksm_scan.mm_slot->mm_list);
spin_unlock(&ksm_mmlist_lock);
/*设置mm->flags中的MMF_VM_MERGEABLE标志位,表示这个进程已经添加到KSM系统中*/
set_bit(MMF_VM_MERGEABLE, &mm->flags);
atomic_inc(&mm->mm_count);
/*如果之前ksm_mm_head.mm_list链表为空,则唤醒ksmd内核线程。*/
if (needs_wakeup)
wake_up_interruptible(&ksm_thread_wait);
return 0;
}ksm_scan_thread()函数实现:此函数是ksmd内核线程的主干,每次会执行ksm_do_scan()函数取扫描和合并100个页面(见ksm_thread_pages_to_scan变量),然后睡眠等待20毫秒(见ksm_thread_sleep_millisecs变量),这两个参数可以在"/sys/kernel/mm/ksm"目录下的相关参数中去设置和修改。
[ksmd内核线程]
static int ksm_scan_thread(void *nothing)
{
set_freezable();
set_user_nice(current, 5);
while (!kthread_should_stop()) {
mutex_lock(&ksm_thread_mutex);
wait_while_offlining();
if (ksmd_should_run())
ksm_do_scan(ksm_thread_pages_to_scan);
mutex_unlock(&ksm_thread_mutex);
try_to_freeze();
if (ksmd_should_run()) {
schedule_timeout_interruptible(
msecs_to_jiffies(ksm_thread_sleep_millisecs));
} else {
wait_event_freezable(ksm_thread_wait,
ksmd_should_run() || kthread_should_stop());
}
}
return 0;
}
ksm_do_scan()函数实现:
/**
* ksm_do_scan - the ksm scanner main worker function.
* @scan_npages - number of pages we want to scan before we return.
*/
static void ksm_do_scan(unsigned int scan_npages)
{
struct rmap_item *rmap_item;
struct page *uninitialized_var(page);
/*while循环中尝试去合并scan_npages个页面,*/
while (scan_npages-- && likely(!freezing(current))) {
cond_resched();
/*scan_get_next_rmap_item()获取一个合适的匿名页面page,下面查看此函数实现*/
rmap_item = scan_get_next_rmap_item(&page);
if (!rmap_item)
return;
/*cmp_and_merge_page()会让page在KSM中的
stable和unstable的两颗红黑树中查找是否有合适合并的对象,并且尝试去合并它们
下面查看此函数实现*/
cmp_and_merge_page(page, rmap_item);
put_page(page);
}
}
KSM的核心数据结构:
/*描述一个虚拟地址反向映射的条目(item)*/
struct rmap_item {
/*所有的rmap_item连接成一个链表,链表头在ksm_scan.rmap_list中*/
struct rmap_item *rmap_list;
union {
/*当rmap_item加入stable树时,指向VMA的anon_vma数据结构*/
struct anon_vma *anon_vma; /* when stable */
#ifdef CONFIG_NUMA
int nid; /* when node of unstable tree */
#endif
};
/*进程的struct mm_struct数据结构*/
struct mm_struct *mm;
/*rmap_item所跟踪的用户空间地址*/
unsigned long address; /* + low bits used for flags below */
/*虚拟地址对应物理页面的旧校验值*/
unsigned int oldchecksum; /* when unstable */
union {
/*rmap_item加入unstable红黑树的节点*/
struct rb_node node; /* when node of unstable tree */
struct { /* when listed from stable tree */
/*加入stable红黑树的节点*/
struct stable_node *head;
/*stable链表*/
struct hlist_node hlist;
};
};
};
/*描述添加到KSM系统中将要被扫描的进程mm_struct数据结构*/
struct mm_slot {
/*用于添加到mm_slot哈希表中*/
struct hlist_node link;
/*用于添加到mm_slot链表中,链表头在ksm_mm_head*/
struct list_head mm_list;
/*rmap_item链表头*/
struct rmap_item *rmap_list;
/*进程的mm数据结构*/
struct mm_struct *mm;
};
/*用于表示当前扫描的状态*/
struct ksm_scan {
/*当前正在扫描的mm_slot*/
struct mm_slot *mm_slot;
/*下一次扫描的地址*/
unsigned long address;
/*将要扫描rmap_item的指针*/
struct rmap_item **rmap_list;
/*全局扫描完成后会计数一次,用于删除unstable节点*/
unsigned long seqnr;
};[mm/ksm.c]
ksm_mm_head是mm_slot链表的头。ksm_scan是静态全局的数据结构,用于描述当前扫描的mm_slot。
static struct mm_slot ksm_mm_head = {
.mm_list = LIST_HEAD_INIT(ksm_mm_head.mm_list),
};
static struct ksm_scan ksm_scan = {
.mm_slot = &ksm_mm_head,
};scan_get_next_rmap_item()函数实现:获取一个合格的匿名页面page。
如果找到合格的page,分配一个rmap_item结构体,用来描述page
下面来看ksm_do_scan()中scan_get_next_rmap_item()函数的实现。
[ksm_do_scan()->scan_get_next_rmap_item()]
static struct rmap_item *scan_get_next_rmap_item(struct page **page)
{
struct mm_struct *mm;
struct mm_slot *slot;
struct vm_area_struct *vma;
struct rmap_item *rmap_item;
int nid;
if (list_empty(&ksm_mm_head.mm_list))
return NULL;
/*ksmd第一次跑的情况,初始化ksm_scan数据结构中的成员ksm_scan.mm_slot、
ksm_scan.address和ksm_scan.rmap_list*/
slot = ksm_scan.mm_slot;
if (slot == &ksm_mm_head) {
/*
* A number of pages can hang around indefinitely on per-cpu
* pagevecs, raised page count preventing write_protect_page
* from merging them. Though it doesn't really matter much,
* it is puzzling to see some stuck in pages_volatile until
* other activity jostles them out, and they also prevented
* LTP's KSM test from succeeding deterministically; so drain
* them here (here rather than on entry to ksm_do_scan(),
* so we don't IPI too often when pages_to_scan is set low).
*/
lru_add_drain_all();
/*
* Whereas stale stable_nodes on the stable_tree itself
* get pruned in the regular course of stable_tree_search(),
* those moved out to the migrate_nodes list can accumulate:
* so prune them once before each full scan.
*/
if (!ksm_merge_across_nodes) {
struct stable_node *stable_node;
struct list_head *this, *next;
struct page *page;
list_for_each_safe(this, next, &migrate_nodes) {
stable_node = list_entry(this,
struct stable_node, list);
page = get_ksm_page(stable_node, false);
if (page)
put_page(page);
cond_resched();
}
}
for (nid = 0; nid < ksm_nr_node_ids; nid++)
root_unstable_tree[nid] = RB_ROOT;
spin_lock(&ksm_mmlist_lock);
slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list);
ksm_scan.mm_slot = slot;
spin_unlock(&ksm_mmlist_lock);
/*
* Although we tested list_empty() above, a racing __ksm_exit
* of the last mm on the list may have removed it since then.
*/
if (slot == &ksm_mm_head)
return NULL;
next_mm:
ksm_scan.address = 0;
ksm_scan.rmap_list = &slot->rmap_list;
}
/*扫描当前slot对应的用户进程中的所有VMAs,寻找一个合适的匿名页面*/
mm = slot->mm;
down_read(&mm->mmap_sem);
if (ksm_test_exit(mm))
vma = NULL;
else
vma = find_vma(mm, ksm_scan.address);/*因为ksm_scan.address刚初始化时为0,
所以这里会找到这个用户进程中的第一个VMA。*/
/*for循环遍历所有的VMA*/
for (; vma; vma = vma->vm_next) {
if (!(vma->vm_flags & VM_MERGEABLE))
continue;
if (ksm_scan.address < vma->vm_start)
ksm_scan.address = vma->vm_start; /*第一个vma的地址存放在ksm_scan.address*/
if (!vma->anon_vma)
ksm_scan.address = vma->vm_end;
while (ksm_scan.address < vma->vm_end) {
if (ksm_test_exit(mm))
break;
/*follow_page()函数从虚拟地址开始找回normal mapping页面的struct page数据结构,
KSM只会处理匿名页面的情况*/
*page = follow_page(vma, ksm_scan.address, FOLL_GET);
if (IS_ERR_OR_NULL(*page)) {
ksm_scan.address += PAGE_SIZE;
cond_resched();
continue;
}
/*使用PageAnon()来判断该页是否为匿名页面*/
if (PageAnon(*page) ||
page_trans_compound_anon(*page)) {
/*下面两行代码冲刷该页对应的cache。*/
flush_anon_page(vma, *page, ksm_scan.address);
flush_dcache_page(*page);
/*get_next_rmap_item()去找ksm_scan.rmap_list链表上是否有
该虚拟地址对应的rmap_item,没有找到就新建一个*/
rmap_item = get_next_rmap_item(slot,
ksm_scan.rmap_list, ksm_scan.address);
if (rmap_item) {
/*ksm_scan.rmap_list指向刚找到或者新建的rmap_item,方便后续的扫描。
找到合适的匿名页面后,释放mm->mmap_sem信号量,这个信号量是在扫描VMA
时加的,然后返回该页struct page数据结构*/
ksm_scan.rmap_list =
&rmap_item->rmap_list;
ksm_scan.address += PAGE_SIZE;
} else
put_page(*page);
up_read(&mm->mmap_sem);
return rmap_item;
}
put_page(*page);
ksm_scan.address += PAGE_SIZE;
cond_resched();
}
}
/*运行到这里说明for循环里扫描该进程所有的VMA都没有找到合适的匿名页面,因为如果
找到一个合适的匿名页面是会返回rmap_item的。如果被扫描的进程已经销毁了(mm->mm_users = 0),
那么设置ksm_scan.address = 0.*/
if (ksm_test_exit(mm)) {
ksm_scan.address = 0;
ksm_scan.rmap_list = &slot->rmap_list;
}
/*
* Nuke all the rmap_items that are above this current rmap:
* because there were no VM_MERGEABLE vmas with such addresses.
*/
/*在该进程中没找到合适的匿名页面时,那么对应的rmap_item已经没有用处,为了
避免占用内存空间,直接全部删除。*/
remove_trailing_rmap_items(slot, ksm_scan.rmap_list);
spin_lock(&ksm_mmlist_lock);
/*取下一个mm_slot,这里操作了mm_slot链表,所以用一个spinlock锁
ksm_mmlist_lock来保护链表*/
ksm_scan.mm_slot = list_entry(slot->mm_list.next,
struct mm_slot, mm_list);
/*如果找到一个合适的匿名页面是会返回rmap_item的。如果被扫描的进程已经销毁
了(mm->mm_users = 0),那么设置ksm_scan.address = 0.
处理该进程被销毁的情况,把mm_slot从ksm_mm_head链表删除,释放mm_slot数据结构,
清空mm->flags中的MMF_VM_MERGEABLE标志位*/
if (ksm_scan.address == 0) {
/*
* We've completed a full scan of all vmas, holding mmap_sem
* throughout, and found no VM_MERGEABLE: so do the same as
* __ksm_exit does to remove this mm from all our lists now.
* This applies either when cleaning up after __ksm_exit
* (but beware: we can reach here even before __ksm_exit),
* or when all VM_MERGEABLE areas have been unmapped (and
* mmap_sem then protects against race with MADV_MERGEABLE).
*/
hash_del(&slot->link);
list_del(&slot->mm_list);
spin_unlock(&ksm_mmlist_lock);
free_mm_slot(slot);
clear_bit(MMF_VM_MERGEABLE, &mm->flags);
up_read(&mm->mmap_sem);
mmdrop(mm);
} else {
spin_unlock(&ksm_mmlist_lock);
up_read(&mm->mmap_sem);
}
/* Repeat until we've completed scanning the whole list */
/*如果没有扫描完一轮所有的mm_slot,那么继续扫描下一个mm_slot。*/
slot = ksm_scan.mm_slot;
if (slot != &ksm_mm_head)
goto next_mm;
/*如果扫描完一轮mm_slot,则增加ksm_scan.seqnr计数*/
ksm_scan.seqnr++;
return NULL;
}
回到ksm_do_scan()函数cmp_and_merge_page()函数实现:
[ksm_do_scan()->cmp_and_merge_page()]
/*
* cmp_and_merge_page - first see if page can be merged into the stable tree;
* if not, compare checksum to previous and if it's the same, see if page can
* be inserted into the unstable tree, or merged with a page already there and
* both transferred to the stable tree.
*
* @page: the page that we are searching identical page to.
* @rmap_item: the reverse mapping into the virtual address of this page
*/
/*
参数说明:
@page: 刚才扫描mm_slot时找到的一个合适的匿名页面,rmap_item表示该page对应的rmap_item数据结构。
@rmap_item: 表示该page对应的rmap_item数据结构。
*/
static void cmp_and_merge_page(struct page *page, struct rmap_item *rmap_item)
{
struct rmap_item *tree_rmap_item;
struct page *tree_page = NULL;
struct stable_node *stable_node;
struct page *kpage;
unsigned int checksum;
int err;
/*如果这个页面是stable_node,则page_stable_node()返回这个page对应的stable_node,
否则返回NULL*/
stable_node = page_stable_node(page);
if (stable_node) {
if (stable_node->head != &migrate_nodes &&
get_kpfn_nid(stable_node->kpfn) != NUMA(stable_node->nid)) {
rb_erase(&stable_node->node,
root_stable_tree + NUMA(stable_node->nid));
stable_node->head = &migrate_nodes;
list_add(&stable_node->list, stable_node->head);
}
if (stable_node->head != &migrate_nodes &&
rmap_item->head == stable_node)
return;
}
/* We first start with searching the page inside the stable tree */
/*stable_tree_search()函数在stable红黑树中查找页面内容和page相同的stable页。下面查看此函数实现*/
kpage = stable_tree_search(page);
/*如果找到的stable页kpage和page是同一个页面,说明该页已经是KSM页面,不需要继续处理。
直接返回。put_page()减少_count引用计数,注意page在scan_get_next_rmap_item()->
follow_page()时给该页增加了_count引用计数。*/
if (kpage == page && rmap_item->head == stable_node) {
put_page(kpage);
return;
}
remove_rmap_item_from_tree(rmap_item);
if (kpage) {
/*如果在stable红黑树中找到一个页面内容相同的节点,那么调用try_to_merge_with_ksm_page()
尝试合并这个页面到节点上。合并成功后,stable_tree_append()会把rmap_item添加到
stable_node->hlist哈希链表上,下面查看此函数实现*/
err = try_to_merge_with_ksm_page(rmap_item, page, kpage);
if (!err) {
/*
* The page was successfully merged:
* add its rmap_item to the stable tree.
*/
lock_page(kpage);
/*try_to_merge_with_ksm_page把page合并到kpage页面后,需要做
一些统计工作,下面来查看此函数实现*/
stable_tree_append(rmap_item, page_stable_node(kpage));
unlock_page(kpage);
}
put_page(kpage);
return;
}
/*
* If the hash value of the page has changed from the last time
* we calculated it, this page is changing frequently: therefore we
* don't want to insert it in the unstable tree, and we don't want
* to waste our time searching for something identical to it there.
*/
/*若在stable红黑树中没能找到和page内容相同的节点,则重新计算该页的校验值。
如果校验值发生变化,说明该页面的内容被频繁修改,这种页面不适合添加到unstable
红黑树中*/
checksum = calc_checksum(page);
if (rmap_item->oldchecksum != checksum) {
rmap_item->oldchecksum = checksum;
return;
}
/*上面是在stable树中找到候选者页面内容相同的情况,假设在stable树中没有找到的话,那么
接下来就去查找unstable树*/
/*unstable_tree_search_insert()搜索unstable红黑树中是否有和该页内容相同的节点,
如果没有找到,则将page插入到unstable树,在一次全盘扫描结束的时候会删除unstable树,再
下一次重新加入page,下面查看此函数实现*/
tree_rmap_item =
unstable_tree_search_insert(rmap_item, page, &tree_page);
/*若在unstable红黑树中能找到页面内容相同的节点tree_rmap_item和页面tree_page,
那么调用try_to_merge_two_pages()去尝试合并该页page和tree_page称为一个KSM页面
kpage。stable_tree_insert()会把kpage添加到stable红黑树中,创建一个新的stable
节点。stable_tree_append()把tree_rmap_item和rmap_item添加到stable节点的哈希
链表中,并更新统计计数ksm_pages_sharing和ksm_pages_shared*/
if (tree_rmap_item) {
/*当unstable树中找到和候选页面page内容相同的tree_page后,尝试把该page和
tree_page合并成一个KSM页面,下面我们查看try_to_merge_two_pages()函数实现*/
kpage = try_to_merge_two_pages(rmap_item, page,
tree_rmap_item, tree_page);
put_page(tree_page);
if (kpage) {
/*
* The pages were successfully merged: insert new
* node in the stable tree and add both rmap_items.
*/
lock_page(kpage);
/*当候选page荣升为KSM页面kpage后,stable_tree_insert()会把KSM页
kpage添加到stable树中,下面查看此函数实现*/
stable_node = stable_tree_insert(kpage);
if (stable_node) {
stable_tree_append(tree_rmap_item, stable_node);
stable_tree_append(rmap_item, stable_node);
}
unlock_page(kpage);
/*
* If we fail to insert the page into the stable tree,
* we will have 2 virtual addresses that are pointing
* to a ksm page left outside the stable tree,
* in which case we need to break_cow on both.
*/
/*到这里,我们就完成了对一个页面如何合并成KSM页面的介绍,包括了查找stable树和
unstable树等,接下来看如果在合并过程中发生失败的情况。*/
/*如果stable节点插入到stable红黑树失败,那么调用
break_cow()主动触发一个缺页中断来分离这个ksm页面,查看此函数的实现*/
if (!stable_node) {
break_cow(tree_rmap_item);
break_cow(rmap_item);
}
}
}
}
回到ksm_do_scanstable_tree_search()函数实现:搜索stable红黑树并查找是否有和page页面内容一致的节点。
[ksm_do_scan()->cmp_and_merge_page()->stable_tree_search()]
/*
* stable_tree_search - search for page inside the stable tree
*
* This function checks if there is a page inside the stable tree
* with identical content to the page that we are scanning right now.
*
* This function returns the stable tree node of identical content if found,
* NULL otherwise.
*/
static struct page *stable_tree_search(struct page *page)
{
int nid;
struct rb_root *root;
struct rb_node **new;
struct rb_node *parent;
struct stable_node *stable_node;
struct stable_node *page_node;
/*如果page已经是stable page,那不需要搜索了。*/
page_node = page_stable_node(page);
if (page_node && page_node->head != &migrate_nodes) {
/* ksm page forked */
get_page(page);
return page;
}
nid = get_kpfn_nid(page_to_pfn(page));
/*从这里开始搜索stable红黑树*/
root = root_stable_tree + nid;
again:
new = &root->rb_node;
parent = NULL;
while (*new) {
struct page *tree_page;
int ret;
cond_resched();
/*rb_entry取出一个节点元素stable_node*/
stable_node = rb_entry(*new, struct stable_node, node);
/*get_ksm_page()函数把对应的stable节点转换为struct page数据结构。
stable节点中有一个成员kpfn存放着页帧号,通过页帧号可以求出对应的page数据
结构tree_page,注意这个函数会增加该结点tree_page的_count引用计数。*/
tree_page = get_ksm_page(stable_node, false);
if (!tree_page)
return NULL;
/*通过memcmp_pages()来对比page和tree_page的内容是否一致。*/
ret = memcmp_pages(page, tree_page);
/*调用put_page()来减少tree_page的_count引用计数,之前get_ksm_page()对该页增加了引用计数*/
put_page(tree_page);
parent = *new;
/*如果两个page内容不一致,则继续搜索红黑树的叶节点。*/
if (ret < 0)
new = &parent->rb_left;
else if (ret > 0)
new = &parent->rb_right;
else {
/*
* Lock and unlock the stable_node's page (which
* might already have been migrated) so that page
* migration is sure to notice its raised count.
* It would be more elegant to return stable_node
* than kpage, but that involves more changes.
*/
/*page和tree_page内容一致,重新用get_ksm_page()增加tree_page的引用计数,
其实是让页面迁移模块(page migration)知道这里在使用这个页面,最后返回tree_page*/
tree_page = get_ksm_page(stable_node, true);
if (tree_page) {
unlock_page(tree_page);
if (get_kpfn_nid(stable_node->kpfn) !=
NUMA(stable_node->nid)) {
put_page(tree_page);
goto replace;
}
return tree_page;
}
/*
* There is now a place for page_node, but the tree may
* have been rebalanced, so re-evaluate parent and new.
*/
if (page_node)
goto again;
return NULL;
}
}
if (!page_node)
return NULL;
list_del(&page_node->list);
DO_NUMA(page_node->nid = nid);
rb_link_node(&page_node->node, parent, new);
rb_insert_color(&page_node->node, root);
get_page(page);
return page;
replace:
if (page_node) {
list_del(&page_node->list);
DO_NUMA(page_node->nid = nid);
rb_replace_node(&stable_node->node, &page_node->node, root);
get_page(page);
} else {
rb_erase(&stable_node->node, root);
page = NULL;
}
stable_node->head = &migrate_nodes;
list_add(&stable_node->list, stable_node->head);
return page;
}
回到cmp_and_merge_pagetry_to_merge_with_ksm_page()函数实现:合并page页面到ksm页面
[ksm_do_scan()->cmp_and_merge_page()->try_to_merge_with_ksm_page()]
/*
* try_to_merge_with_ksm_page - like try_to_merge_two_pages,
* but no new kernel page is allocated: kpage must already be a ksm page.
*
* This function returns 0 if the pages were merged, -EFAULT otherwise.
*/
/*参数说明:
@rmap_item: 候选页对应的rmap_item结构
@page:需要合并的页
@kpage: 是stable树中的KSM页面,尝试把候选页page合并到kpage中。
*/
static int try_to_merge_with_ksm_page(struct rmap_item *rmap_item,
struct page *page, struct page *kpage)
{
struct mm_struct *mm = rmap_item->mm;
struct vm_area_struct *vma;
int err = -EFAULT;
/*需要操作VMA,因此加一个mm->mmap_sem读者锁*/
down_read(&mm->mmap_sem);
if (ksm_test_exit(mm))
goto out;
/*根据虚拟地址找到对应的VMA*/
vma = find_vma(mm, rmap_item->address);
if (!vma || vma->vm_start > rmap_item->address)
goto out;
/*调用try_to_merge_one_page(),尝试合并page到kpage中。下面查看此函数实现*/
err = try_to_merge_one_page(vma, page, kpage);
if (err)
goto out;
/* Unstable nid is in union with stable anon_vma: remove first */
remove_rmap_item_from_tree(rmap_item);
/* Must get reference to anon_vma while still holding mmap_sem */
/*rmap_item->anon_vma指向VMA对应的anon_vma数据结构*/
rmap_item->anon_vma = vma->anon_vma;
/*增加anon_vma->refcount的引用计数,防止anon_vma被释放*/
get_anon_vma(vma->anon_vma);
out:
/*释放mm->mmap_sem的读者锁*/
up_read(&mm->mmap_sem);
return err;
}
回到cmp_and_merge_pagetry_to_merge_one_page()函数实现:尝试合并page页面到kpage
[ksm_do_scan()->cmp_and_merge_page()->try_to_merge_with_ksm_page()->try_to_merge_one_page()]
/*
* try_to_merge_one_page - take two pages and merge them into one
* @vma: the vma that holds the pte pointing to page
* @page: the PageAnon page that we want to replace with kpage
* @kpage: the PageKsm page that we want to map instead of page,
* or NULL the first time when we want to use page as kpage.
*
* This function returns 0 if the pages were merged, -EFAULT otherwise.
*/
static int try_to_merge_one_page(struct vm_area_struct *vma,
struct page *page, struct page *kpage)
{
pte_t orig_pte = __pte(0);
int err = -EFAULT;
/*page和kpage是同一个page*/
if (page == kpage) /* ksm page forked */
return 0;
/*page对应的VMA属性是不可合并的,即没有包含VM_MERGEABLE标志。*/
if (!(vma->vm_flags & VM_MERGEABLE))
goto out;
if (PageTransCompound(page) && page_trans_compound_anon_split(page))
goto out;
BUG_ON(PageTransCompound(page));
/*剔除不是匿名页面的部分*/
if (!PageAnon(page))
goto out;
/*
* We need the page lock to read a stable PageSwapCache in
* write_protect_page(). We use trylock_page() instead of
* lock_page() because we don't want to wait here - we
* prefer to continue scanning and merging different pages,
* then come back to this page when it is unlocked.
*/
/*这里为什么要使用trylock_page(page), 而不是lock_page(page)呢?我们需要
申请该页的页面锁以方便在稍后的write_protect_page()中读取稳定的PageSwapCache
的状态,并且不需要在这里睡眠等待该页的页面锁。如果该页被其他人加锁了,我们可以
略过它,先处理其他页面。*/
if (!trylock_page(page))
goto out;
/*
* If this anonymous page is mapped only here, its pte may need
* to be write-protected. If it's mapped elsewhere, all of its
* ptes are necessarily already write-protected. But in either
* case, we need to lock and check page_count is not raised.
*/
/*write_protect_page()对该页映射VMA的pte进行写保护操作,下面查看此函数实现*/
if (write_protect_page(vma, page, &orig_pte) == 0) {
/*在与unstable书节点合并时,参数kpage有可能传过来NULL,这主要是设置
page为stable节点,并且设置该页的活动情况(mark_page_accessed())*/
if (!kpage) {
/*
* While we hold page lock, upgrade page from
* PageAnon+anon_vma to PageKsm+NULL stable_node:
* stable_tree_insert() will update stable_node.
*/
set_page_stable_node(page, NULL);
mark_page_accessed(page);
err = 0;
/*pages_identical()再一次比较page和kpage内容是否一致。如果一致,则调用
replace_page(),把该page对应的pte设置对应的kpage中*/
} else if (pages_identical(page, kpage))
err = replace_page(vma, page, kpage, orig_pte);/*vma的用户空间和kpage建立映射,下面查看此函数实现*/
}
if ((vma->vm_flags & VM_LOCKED) && kpage && !err) {
munlock_vma_page(page);
if (!PageMlocked(kpage)) {
unlock_page(page);
lock_page(kpage);
mlock_vma_page(kpage);
page = kpage; /* for final unlock */
}
}
unlock_page(page);
out:
return err;
}
回到try_to_merge_with_ksm_pagewrite_protect_page()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->try_to_merge_with_ksm_page()->try_to_merge_one_page()->write_protect_page()]
static int write_protect_page(struct vm_area_struct *vma, struct page *page,
pte_t *orig_pte)
{
struct mm_struct *mm = vma->vm_mm;
unsigned long addr;
pte_t *ptep;
spinlock_t *ptl;
int swapped;
int err = -EFAULT;
unsigned long mmun_start; /* For mmu_notifiers */
unsigned long mmun_end; /* For mmu_notifiers */
/*通过VMA和page数据结构可以计算出page对应的虚拟地址address。page结构
中有一个成员index,表示在VMA中的偏移量,由此可以得出虚拟地址。*/
addr = page_address_in_vma(page, vma);
if (addr == -EFAULT)
goto out;
BUG_ON(PageTransCompound(page));
mmun_start = addr;
mmun_end = addr + PAGE_SIZE;
mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
/*有mm和虚拟地址address通过查询页表找到该地址对应的pte页表项*/
ptep = page_check_address(page, mm, addr, &ptl, 0);
if (!ptep)
goto out_mn;
/*因为该函数的作用是设置pte为写保护,因此对应pte页表项的属性是可写或脏页面需要设置pte为写
保护(对ARM处理器设置页表项的L_PTE_RDONLY比特位,对x86处理器清_PAGE_BIT_RW比特位),脏页面
通过set_page_dirty()函数来调用该页的mapping->a_ops->set_page_dirty()函数并通知回写系统。*/
if (pte_write(*ptep) || pte_dirty(*ptep)) {
pte_t entry;
swapped = PageSwapCache(page);
/*刷新这个页面对应的cache。*/
flush_cache_page(vma, addr, page_to_pfn(page));
/*
* Ok this is tricky, when get_user_pages_fast() run it doesn't
* take any lock, therefore the check that we are going to make
* with the pagecount against the mapcount is racey and
* O_DIRECT can happen right after the check.
* So we clear the pte and flush the tlb before the check
* this assure us that no O_DIRECT can happen after the check
* or in the middle of the check.
*/
/*清空pte页表项内容并冲刷相应的TLB,保证没有DIRECT_IO发生,函数返回该pte原来的内容*/
entry = ptep_clear_flush_notify(vma, addr, ptep);
/*
* Check that no O_DIRECT or similar I/O is in progress on the
* page
*/
/*为什么要有这样的判断公式呢?
这是一个需要深入理解内存管理代码才能明白的问题,涉及到page的_count和_mapcount两个引用计数的巧妙运用。
write_protect_page()函数本身的目的是让页面变成只读,后续可以做比较和合并的工作了。要把一个页面变成只读
需要满足如下两个条件:
(1) 确认没有其他人获取了该页面。
(2) 将指向该页面的pte变成只读属性。
第二个条件容易处理,难点在第一个条件上。一般来说,page 的_count计数有如下4中来源:
(1) page cache在radix tree上,KSM不考虑page cache情况
(2) 被用户引用,_count和_mapcount都会增加计数
(3) page->private私有数据也会增加_count计数,对于匿名页面,需要判断是否在swap cache中,例如add_to_swap()函数。
(4) 内核中有某些页面操作时会增加_count计数,例如follow_page()、get_user_pages_fast()等。
假设没有他内核路径操作该页面,并且该页面不在swap cache中,两个引用计数的关系为:
(page->_mapcount + 1) = page->_count
那么在write_protect_page()场景中,swapped指的是页面是否为swapcache,在add_to_swap()函数里增加_count计数,因此
上面的公式可以变为:
(page->_mapcount + 1) + PageSwapCache() = page->_count
这里为什么会有"+1"呢?因为该页面scan_get_next_rmap_item()函数通过follow_page()操作来获取struct page数据结构,
这个过程会让page->_count引用计数加1,综上所述,在当前场景下判断没有DIRECT_IO读写的情况,公式变为:
(page->_mapcount + 1) + 1 + PageSwapCache() == page->_count
因此判断不相等,说明有内核代码路径(例如DIRECT_IO读写)正在操作该页面,那么write_protect_page()函数只能返回错误。
*/
if (page_mapcount(page) + 1 + swapped != page_count(page)) {
set_pte_at(mm, addr, ptep, entry);
goto out_unlock;
}
if (pte_dirty(entry))
set_page_dirty(page);
/*下面两行生成一个具有只读属性的PTE entry,并设置到硬件页面中*/
entry = pte_mkclean(pte_wrprotect(entry));
set_pte_at_notify(mm, addr, ptep, entry);
}
*orig_pte = *ptep;
err = 0;
out_unlock:
pte_unmap_unlock(ptep, ptl);
out_mn:
mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
out:
return err;
}
回到try_to_merge_one_pagereplace_page()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->try_to_merge_with_ksm_page()->try_to_merge_one_page()->replace_page()]
/**
* replace_page - replace page in vma by new ksm page
* @vma: vma that holds the pte pointing to page
* @page: the page we are replacing by kpage 旧的page
* @kpage: the ksm page we replace page by kpage是stable树中找到的KSM页面
* @orig_pte: the original value of the pte 用于判断在这期间page是否被修改了
*
* Returns 0 on success, -EFAULT on failure.
*/
/*此函数的作用:简单说就是使用kpage的pfn加上原来page的一些属性构造成一个新的pte页表项,然后写入原来
page的pte页表项中,这样原来的page页对应的VMA用户地址空间就和kpage建立了映射关系*/
static int replace_page(struct vm_area_struct *vma, struct page *page,
struct page *kpage, pte_t orig_pte)
{
struct mm_struct *mm = vma->vm_mm;
pmd_t *pmd;
pte_t *ptep;
spinlock_t *ptl;
unsigned long addr;
int err = -EFAULT;
unsigned long mmun_start; /* For mmu_notifiers */
unsigned long mmun_end; /* For mmu_notifiers */
addr = page_address_in_vma(page, vma);
if (addr == -EFAULT)
goto out;
pmd = mm_find_pmd(mm, addr);
if (!pmd)
goto out;
mmun_start = addr;
mmun_end = addr + PAGE_SIZE;
mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
ptep = pte_offset_map_lock(mm, pmd, addr, &ptl);
if (!pte_same(*ptep, orig_pte)) {
pte_unmap_unlock(ptep, ptl);
goto out_mn;
}
/*给kpage增加在_count引用计数*/
get_page(kpage);
/*看起来page_add_anon_rmap()是要把kpage添加到RMAP系统中,因为kpage早已经
添加到RMAP系统中,所以这里只是增加_mapcount计数*/
page_add_anon_rmap(kpage, vma, addr);
/*冲刷addr和pte对应的cache,然后清空pte的内容和对应的TLB后,写入新的pte内容*/
flush_cache_page(vma, addr, pte_pfn(*ptep));
ptep_clear_flush_notify(vma, addr, ptep);
set_pte_at_notify(mm, addr, ptep, mk_pte(kpage, vma->vm_page_prot));
/*减少page的_mapcount和_count计数,并且删掉该page在swap分区的swap space*/
page_remove_rmap(page);
if (!page_mapped(page))
try_to_free_swap(page);
put_page(page);
pte_unmap_unlock(ptep, ptl);
err = 0;
out_mn:
mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
out:
return err;
}
回到try_to_merge_one_page函数stable_tree_append()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->stable_tree_append()]
/*
* stable_tree_append - add another rmap_item to the linked list of
* rmap_items hanging off a given node of the stable tree, all sharing
* the same ksm page.
*/
/*参数说明:
@rmap_item: 是page页面对应的rmap_item数据结构
@stable_node: struct stable_node是KSM页面mapping指向的数据结构,类似匿名页面中的anon_vma数据结构
stable_node参数是kpage指向的struct stable_node数据结构。
*/
static void stable_tree_append(struct rmap_item *rmap_item,
struct stable_node *stable_node)
{
rmap_item->head = stable_node;
rmap_item->address |= STABLE_FLAG;
/*把rmap_item添加到kpage页面的stable_node中的哈希链表里*/
hlist_add_head(&rmap_item->hlist, &stable_node->hlist);
/*如果有多个页面同时映射到stable_node上,则增加ksm_pages_sharing计数,
否则增加ksm_pages_shared计数,说明这是一个新成立的stable节点。
ksm_pages_shared计数表示系统中有多个ksm节点,ksm_pages_sharing计数表示
合并到ksm节点中的页面个数。*/
if (rmap_item->hlist.next)
ksm_pages_sharing++;
else
ksm_pages_shared++;
}
回到cmp_and_merge_page()函数unstable_tree_search_insert()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->unstable_tree_search_insert()]
/*
* unstable_tree_search_insert - search for identical page,
* else insert rmap_item into the unstable tree.
*
* This function searches for a page in the unstable tree identical to the
* page currently being scanned; and if no identical page is found in the
* tree, we insert rmap_item as a new object into the unstable tree.
*
* This function returns pointer to rmap_item found to be identical
* to the currently scanned page, NULL otherwise.
*
* This function does both searching and inserting, because they share
* the same walking algorithm in an rbtree.
*/
static
struct rmap_item *unstable_tree_search_insert(struct rmap_item *rmap_item,
struct page *page,
struct page **tree_pagep)
{
struct rb_node **new;
struct rb_root *root;
struct rb_node *parent = NULL;
int nid;
nid = get_kpfn_nid(page_to_pfn(page));
root = root_unstable_tree + nid;
new = &root->rb_node;
/*查找unstable红黑树,这棵树的根在root_unstable_tree。*/
while (*new) {
struct rmap_item *tree_rmap_item;
struct page *tree_page;
int ret;
cond_resched();
tree_rmap_item = rb_entry(*new, struct rmap_item, node);
/*get_mergeable_page()判断从树中取出来的页面是否合格,只有匿名页面
才可以被合并。如果在树中没找到和候选页面相同的内容,那么会把候选页面
也添加到该树中。*/
tree_page = get_mergeable_page(tree_rmap_item);
if (IS_ERR_OR_NULL(tree_page))
return NULL;
/*
* Don't substitute a ksm page for a forked page.
*/
if (page == tree_page) {
put_page(tree_page);
return NULL;
}
ret = memcmp_pages(page, tree_page);
parent = *new;
if (ret < 0) {
put_page(tree_page);
new = &parent->rb_left;
} else if (ret > 0) {
put_page(tree_page);
new = &parent->rb_right;
} else if (!ksm_merge_across_nodes &&
page_to_nid(tree_page) != nid) {
/*
* If tree_page has been migrated to another NUMA node,
* it will be flushed out and put in the right unstable
* tree next time: only merge with it when across_nodes.
*/
put_page(tree_page);
return NULL;
} else {
*tree_pagep = tree_page;
return tree_rmap_item;
}
}
/*rmap_item->address的低12比特位用于存放一些标志位。例如UNSTABLE_FLAG(0x100)
表示rmap_item在unstable树中,另外低8位用于存放全盘扫描的次数seqnr。unstable树
的节点会在一次全盘扫描后被删掉,在下一次全盘扫描重新加入到unstable树中。
ksm_pages_unshared表示有在unstable树中的节点个数。*/
rmap_item->address |= UNSTABLE_FLAG;
rmap_item->address |= (ksm_scan.seqnr & SEQNR_MASK);
DO_NUMA(rmap_item->nid = nid);
rb_link_node(&rmap_item->node, parent, new);
rb_insert_color(&rmap_item->node, root);
ksm_pages_unshared++;
return NULL;
}
回到cmp_and_merge_page函数try_to_merge_two_pages()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->try_to_merge_two_pages()]
/*
* try_to_merge_two_pages - take two identical pages and prepare them
* to be merged into one page.
*
* This function returns the kpage if we successfully merged two identical
* pages into one ksm page, NULL otherwise.
*
* Note that this function upgrades page to ksm page: if one of the pages
* is already a ksm page, try_to_merge_with_ksm_page should be used.
*/
static struct page *try_to_merge_two_pages(struct rmap_item *rmap_item,
struct page *page,
struct rmap_item *tree_rmap_item,
struct page *tree_page)
{
int err;
/*这里调用了两次try_to_merge_with_ksm_page(),注意这两次调用的参数不一
样,实现的功能也不一样。
第一次,参数是候选者page和对应的rmap_item,kpage为NULL,因此第一次调用主
要是把page的页表设置为写保护,并且把该页设置为KSM节点。*/
err = try_to_merge_with_ksm_page(rmap_item, page, NULL);
if (!err) {
/*第二次,参数变成了tree_page和对应的tree_rmap_item,kpage为候选者
page,因此这里要实现的功能是把tree_page的页表设置为写保护,然后再比较
tree_page和page之间的内容是否一致。在查找unstable树时已经做过了页面
内容的比较,为什么这里还需要再比较一次呢?因为在这个过程中,页面有可能
被别的进程修改了内容。当两个页面内容确保一致后,借用page的pfn来重新生
成一个页表项并设置到tree_page的页表中,也就是tree_page对应的进程虚拟
地址和物理页面page重新建立了映射关系,tree_page和page合并成了一个KSM
页面,page作为KSM页面的联络点。*/
err = try_to_merge_with_ksm_page(tree_rmap_item,
tree_page, page);
/*
* If that fails, we have a ksm page with only one pte
* pointing to it: so break it.
*/
if (err)
break_cow(rmap_item);
}
return err ? NULL : page;
}
回到cmp_and_merge_page函数stable_tree_insert()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->stable_tree_insert()]
/*
* stable_tree_insert - insert stable tree node pointing to new ksm page
* into the stable tree.
*
* This function returns the stable tree node just allocated on success,
* NULL otherwise.
*/
static struct stable_node *stable_tree_insert(struct page *kpage)
{
int nid;
unsigned long kpfn;
struct rb_root *root;
struct rb_node **new;
struct rb_node *parent = NULL;
struct stable_node *stable_node;
kpfn = page_to_pfn(kpage);
nid = get_kpfn_nid(kpfn);
root = root_stable_tree + nid;
new = &root->rb_node;
/*查找stable树查找合适插入的叶节点*/
while (*new) {
struct page *tree_page;
int ret;
cond_resched();
stable_node = rb_entry(*new, struct stable_node, node);
tree_page = get_ksm_page(stable_node, false);
if (!tree_page)
return NULL;
ret = memcmp_pages(kpage, tree_page);
put_page(tree_page);
parent = *new;
if (ret < 0)
new = &parent->rb_left;
else if (ret > 0)
new = &parent->rb_right;
else {
/*
* It is not a bug that stable_tree_search() didn't
* find this node: because at that time our page was
* not yet write-protected, so may have changed since.
*/
return NULL;
}
}
/*分配一个新的stable_node节点,page->mapping指向stable_node节点,然后把
stable_node节点插入到stable树中*/
stable_node = alloc_stable_node();
if (!stable_node)
return NULL;
/*最后rmap_item和tree_rmap_item会添加到新的stable_tree的哈希链表中,并更新ksm的数据统计*/
INIT_HLIST_HEAD(&stable_node->hlist);
stable_node->kpfn = kpfn;
set_page_stable_node(kpage, stable_node);
DO_NUMA(stable_node->nid = nid);
rb_link_node(&stable_node->node, parent, new);
rb_insert_color(&stable_node->node, root);
return stable_node;
}
回到cmp_and_merge_page函数break_cow()函数实现:
此函数处理已经把页面设置成写保护的情况,并人为造一个写错误的缺页中断,即写时复制(COW)的场景。其中,参数rmap_item中保存了该页的虚拟地址和进程数据结构,由此可以找到对应的VMA。
[ksm_do_scan()->cmp_and_merge_page()->break_cow()]
static void break_cow(struct rmap_item *rmap_item)
{
struct mm_struct *mm = rmap_item->mm;
unsigned long addr = rmap_item->address;
struct vm_area_struct *vma;
/*
* It is not an accident that whenever we want to break COW
* to undo, we also need to drop a reference to the anon_vma.
*/
put_anon_vma(rmap_item->anon_vma);
down_read(&mm->mmap_sem);
vma = find_mergeable_vma(mm, addr);
if (vma)
break_ksm(vma, addr);
up_read(&mm->mmap_sem);
}break_ksm()函数实现:
[ksm_do_scan()->cmp_and_merge_page()->break_cow()->break_ksm()]
/*
* We use break_ksm to break COW on a ksm page: it's a stripped down
*
* if (get_user_pages(current, mm, addr, 1, 1, 1, &page, NULL) == 1)
* put_page(page);
*
* but taking great care only to touch a ksm page, in a VM_MERGEABLE vma,
* in case the application has unmapped and remapped mm,addr meanwhile.
* Could a ksm page appear anywhere else? Actually yes, in a VM_PFNMAP
* mmap of /dev/mem or /dev/kmem, where we would not want to touch it.
*/
static int break_ksm(struct vm_area_struct *vma, unsigned long addr)
{
struct page *page;
int ret = 0;
do {
cond_resched();
/*follow_page函数由VMA和虚拟地址获取normal mapping的页面数据结构,参数flags
是FOLL_GET|FOLL_MIGRATION, FOLL_GET表示增加该页的_count计数,FOLL_MIGRATION
表示如果该页在页迁移的过程中会等待页迁移完成。*/
page = follow_page(vma, addr, FOLL_GET | FOLL_MIGRATION);
if (IS_ERR_OR_NULL(page))
break;
/*对于KSM页面,这里直接调用handle_mm_fault()人为造一个写错误(FAULT_FLAG_WRITE)的
缺页中断,在缺页中断处理函数找那个处理写时复制COW,最终调用do_wp_page()重新分配一个页面来
和对应的虚拟地址建立映射关系。*/
if (PageKsm(page))
ret = handle_mm_fault(vma->vm_mm, vma, addr,
FAULT_FLAG_WRITE);
else
ret = VM_FAULT_WRITE;
put_page(page);
} while (!(ret & (VM_FAULT_WRITE | VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV | VM_FAULT_OOM)));
/*
* We must loop because handle_mm_fault() may back out if there's
* any difficulty e.g. if pte accessed bit gets updated concurrently.
*
* VM_FAULT_WRITE is what we have been hoping for: it indicates that
* COW has been broken, even if the vma does not permit VM_WRITE;
* but note that a concurrent fault might break PageKsm for us.
*
* VM_FAULT_SIGBUS could occur if we race with truncation of the
* backing file, which also invalidates anonymous pages: that's
* okay, that truncation will have unmapped the PageKsm for us.
*
* VM_FAULT_OOM: at the time of writing (late July 2009), setting
* aside mem_cgroup limits, VM_FAULT_OOM would only be set if the
* current task has TIF_MEMDIE set, and will be OOM killed on return
* to user; and ksmd, having no mm, would never be chosen for that.
*
* But if the mm is in a limited mem_cgroup, then the fault may fail
* with VM_FAULT_OOM even if the current task is not TIF_MEMDIE; and
* even ksmd can fail in this way - though it's usually breaking ksm
* just to undo a merge it made a moment before, so unlikely to oom.
*
* That's a pity: we might therefore have more kernel pages allocated
* than we're counting as nodes in the stable tree; but ksm_do_scan
* will retry to break_cow on each pass, so should recover the page
* in due course. The important thing is to not let VM_MERGEABLE
* be cleared while any such pages might remain in the area.
*/
return (ret & VM_FAULT_OOM) ? -ENOMEM : 0;
}
类似资料: