]> pilppa.org Git - linux-2.6-omap-h63xx.git/blob - mm/swapfile.c
netfilter: fix double-free and use-after free
[linux-2.6-omap-h63xx.git] / mm / swapfile.c
1 /*
2  *  linux/mm/swapfile.c
3  *
4  *  Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
5  *  Swap reorganised 29.12.95, Stephen Tweedie
6  */
7
8 #include <linux/mm.h>
9 #include <linux/hugetlb.h>
10 #include <linux/mman.h>
11 #include <linux/slab.h>
12 #include <linux/kernel_stat.h>
13 #include <linux/swap.h>
14 #include <linux/vmalloc.h>
15 #include <linux/pagemap.h>
16 #include <linux/namei.h>
17 #include <linux/shm.h>
18 #include <linux/blkdev.h>
19 #include <linux/writeback.h>
20 #include <linux/proc_fs.h>
21 #include <linux/seq_file.h>
22 #include <linux/init.h>
23 #include <linux/module.h>
24 #include <linux/rmap.h>
25 #include <linux/security.h>
26 #include <linux/backing-dev.h>
27 #include <linux/mutex.h>
28 #include <linux/capability.h>
29 #include <linux/syscalls.h>
30 #include <linux/memcontrol.h>
31
32 #include <asm/pgtable.h>
33 #include <asm/tlbflush.h>
34 #include <linux/swapops.h>
35
36 DEFINE_SPINLOCK(swap_lock);
37 unsigned int nr_swapfiles;
38 long total_swap_pages;
39 static int swap_overflow;
40
41 static const char Bad_file[] = "Bad swap file entry ";
42 static const char Unused_file[] = "Unused swap file entry ";
43 static const char Bad_offset[] = "Bad swap offset entry ";
44 static const char Unused_offset[] = "Unused swap offset entry ";
45
46 struct swap_list_t swap_list = {-1, -1};
47
48 static struct swap_info_struct swap_info[MAX_SWAPFILES];
49
50 static DEFINE_MUTEX(swapon_mutex);
51
52 /*
53  * We need this because the bdev->unplug_fn can sleep and we cannot
54  * hold swap_lock while calling the unplug_fn. And swap_lock
55  * cannot be turned into a mutex.
56  */
57 static DECLARE_RWSEM(swap_unplug_sem);
58
59 void swap_unplug_io_fn(struct backing_dev_info *unused_bdi, struct page *page)
60 {
61         swp_entry_t entry;
62
63         down_read(&swap_unplug_sem);
64         entry.val = page_private(page);
65         if (PageSwapCache(page)) {
66                 struct block_device *bdev = swap_info[swp_type(entry)].bdev;
67                 struct backing_dev_info *bdi;
68
69                 /*
70                  * If the page is removed from swapcache from under us (with a
71                  * racy try_to_unuse/swapoff) we need an additional reference
72                  * count to avoid reading garbage from page_private(page) above.
73                  * If the WARN_ON triggers during a swapoff it maybe the race
74                  * condition and it's harmless. However if it triggers without
75                  * swapoff it signals a problem.
76                  */
77                 WARN_ON(page_count(page) <= 1);
78
79                 bdi = bdev->bd_inode->i_mapping->backing_dev_info;
80                 blk_run_backing_dev(bdi, page);
81         }
82         up_read(&swap_unplug_sem);
83 }
84
85 #define SWAPFILE_CLUSTER        256
86 #define LATENCY_LIMIT           256
87
88 static inline unsigned long scan_swap_map(struct swap_info_struct *si)
89 {
90         unsigned long offset, last_in_cluster;
91         int latency_ration = LATENCY_LIMIT;
92
93         /* 
94          * We try to cluster swap pages by allocating them sequentially
95          * in swap.  Once we've allocated SWAPFILE_CLUSTER pages this
96          * way, however, we resort to first-free allocation, starting
97          * a new cluster.  This prevents us from scattering swap pages
98          * all over the entire swap partition, so that we reduce
99          * overall disk seek times between swap pages.  -- sct
100          * But we do now try to find an empty cluster.  -Andrea
101          */
102
103         si->flags += SWP_SCANNING;
104         if (unlikely(!si->cluster_nr)) {
105                 si->cluster_nr = SWAPFILE_CLUSTER - 1;
106                 if (si->pages - si->inuse_pages < SWAPFILE_CLUSTER)
107                         goto lowest;
108                 spin_unlock(&swap_lock);
109
110                 offset = si->lowest_bit;
111                 last_in_cluster = offset + SWAPFILE_CLUSTER - 1;
112
113                 /* Locate the first empty (unaligned) cluster */
114                 for (; last_in_cluster <= si->highest_bit; offset++) {
115                         if (si->swap_map[offset])
116                                 last_in_cluster = offset + SWAPFILE_CLUSTER;
117                         else if (offset == last_in_cluster) {
118                                 spin_lock(&swap_lock);
119                                 si->cluster_next = offset-SWAPFILE_CLUSTER+1;
120                                 goto cluster;
121                         }
122                         if (unlikely(--latency_ration < 0)) {
123                                 cond_resched();
124                                 latency_ration = LATENCY_LIMIT;
125                         }
126                 }
127                 spin_lock(&swap_lock);
128                 goto lowest;
129         }
130
131         si->cluster_nr--;
132 cluster:
133         offset = si->cluster_next;
134         if (offset > si->highest_bit)
135 lowest:         offset = si->lowest_bit;
136 checks: if (!(si->flags & SWP_WRITEOK))
137                 goto no_page;
138         if (!si->highest_bit)
139                 goto no_page;
140         if (!si->swap_map[offset]) {
141                 if (offset == si->lowest_bit)
142                         si->lowest_bit++;
143                 if (offset == si->highest_bit)
144                         si->highest_bit--;
145                 si->inuse_pages++;
146                 if (si->inuse_pages == si->pages) {
147                         si->lowest_bit = si->max;
148                         si->highest_bit = 0;
149                 }
150                 si->swap_map[offset] = 1;
151                 si->cluster_next = offset + 1;
152                 si->flags -= SWP_SCANNING;
153                 return offset;
154         }
155
156         spin_unlock(&swap_lock);
157         while (++offset <= si->highest_bit) {
158                 if (!si->swap_map[offset]) {
159                         spin_lock(&swap_lock);
160                         goto checks;
161                 }
162                 if (unlikely(--latency_ration < 0)) {
163                         cond_resched();
164                         latency_ration = LATENCY_LIMIT;
165                 }
166         }
167         spin_lock(&swap_lock);
168         goto lowest;
169
170 no_page:
171         si->flags -= SWP_SCANNING;
172         return 0;
173 }
174
175 swp_entry_t get_swap_page(void)
176 {
177         struct swap_info_struct *si;
178         pgoff_t offset;
179         int type, next;
180         int wrapped = 0;
181
182         spin_lock(&swap_lock);
183         if (nr_swap_pages <= 0)
184                 goto noswap;
185         nr_swap_pages--;
186
187         for (type = swap_list.next; type >= 0 && wrapped < 2; type = next) {
188                 si = swap_info + type;
189                 next = si->next;
190                 if (next < 0 ||
191                     (!wrapped && si->prio != swap_info[next].prio)) {
192                         next = swap_list.head;
193                         wrapped++;
194                 }
195
196                 if (!si->highest_bit)
197                         continue;
198                 if (!(si->flags & SWP_WRITEOK))
199                         continue;
200
201                 swap_list.next = next;
202                 offset = scan_swap_map(si);
203                 if (offset) {
204                         spin_unlock(&swap_lock);
205                         return swp_entry(type, offset);
206                 }
207                 next = swap_list.next;
208         }
209
210         nr_swap_pages++;
211 noswap:
212         spin_unlock(&swap_lock);
213         return (swp_entry_t) {0};
214 }
215
216 swp_entry_t get_swap_page_of_type(int type)
217 {
218         struct swap_info_struct *si;
219         pgoff_t offset;
220
221         spin_lock(&swap_lock);
222         si = swap_info + type;
223         if (si->flags & SWP_WRITEOK) {
224                 nr_swap_pages--;
225                 offset = scan_swap_map(si);
226                 if (offset) {
227                         spin_unlock(&swap_lock);
228                         return swp_entry(type, offset);
229                 }
230                 nr_swap_pages++;
231         }
232         spin_unlock(&swap_lock);
233         return (swp_entry_t) {0};
234 }
235
236 static struct swap_info_struct * swap_info_get(swp_entry_t entry)
237 {
238         struct swap_info_struct * p;
239         unsigned long offset, type;
240
241         if (!entry.val)
242                 goto out;
243         type = swp_type(entry);
244         if (type >= nr_swapfiles)
245                 goto bad_nofile;
246         p = & swap_info[type];
247         if (!(p->flags & SWP_USED))
248                 goto bad_device;
249         offset = swp_offset(entry);
250         if (offset >= p->max)
251                 goto bad_offset;
252         if (!p->swap_map[offset])
253                 goto bad_free;
254         spin_lock(&swap_lock);
255         return p;
256
257 bad_free:
258         printk(KERN_ERR "swap_free: %s%08lx\n", Unused_offset, entry.val);
259         goto out;
260 bad_offset:
261         printk(KERN_ERR "swap_free: %s%08lx\n", Bad_offset, entry.val);
262         goto out;
263 bad_device:
264         printk(KERN_ERR "swap_free: %s%08lx\n", Unused_file, entry.val);
265         goto out;
266 bad_nofile:
267         printk(KERN_ERR "swap_free: %s%08lx\n", Bad_file, entry.val);
268 out:
269         return NULL;
270 }       
271
272 static int swap_entry_free(struct swap_info_struct *p, unsigned long offset)
273 {
274         int count = p->swap_map[offset];
275
276         if (count < SWAP_MAP_MAX) {
277                 count--;
278                 p->swap_map[offset] = count;
279                 if (!count) {
280                         if (offset < p->lowest_bit)
281                                 p->lowest_bit = offset;
282                         if (offset > p->highest_bit)
283                                 p->highest_bit = offset;
284                         if (p->prio > swap_info[swap_list.next].prio)
285                                 swap_list.next = p - swap_info;
286                         nr_swap_pages++;
287                         p->inuse_pages--;
288                 }
289         }
290         return count;
291 }
292
293 /*
294  * Caller has made sure that the swapdevice corresponding to entry
295  * is still around or has not been recycled.
296  */
297 void swap_free(swp_entry_t entry)
298 {
299         struct swap_info_struct * p;
300
301         p = swap_info_get(entry);
302         if (p) {
303                 swap_entry_free(p, swp_offset(entry));
304                 spin_unlock(&swap_lock);
305         }
306 }
307
308 /*
309  * How many references to page are currently swapped out?
310  */
311 static inline int page_swapcount(struct page *page)
312 {
313         int count = 0;
314         struct swap_info_struct *p;
315         swp_entry_t entry;
316
317         entry.val = page_private(page);
318         p = swap_info_get(entry);
319         if (p) {
320                 /* Subtract the 1 for the swap cache itself */
321                 count = p->swap_map[swp_offset(entry)] - 1;
322                 spin_unlock(&swap_lock);
323         }
324         return count;
325 }
326
327 /*
328  * We can use this swap cache entry directly
329  * if there are no other references to it.
330  */
331 int can_share_swap_page(struct page *page)
332 {
333         int count;
334
335         BUG_ON(!PageLocked(page));
336         count = page_mapcount(page);
337         if (count <= 1 && PageSwapCache(page))
338                 count += page_swapcount(page);
339         return count == 1;
340 }
341
342 /*
343  * Work out if there are any other processes sharing this
344  * swap cache page. Free it if you can. Return success.
345  */
346 int remove_exclusive_swap_page(struct page *page)
347 {
348         int retval;
349         struct swap_info_struct * p;
350         swp_entry_t entry;
351
352         BUG_ON(PagePrivate(page));
353         BUG_ON(!PageLocked(page));
354
355         if (!PageSwapCache(page))
356                 return 0;
357         if (PageWriteback(page))
358                 return 0;
359         if (page_count(page) != 2) /* 2: us + cache */
360                 return 0;
361
362         entry.val = page_private(page);
363         p = swap_info_get(entry);
364         if (!p)
365                 return 0;
366
367         /* Is the only swap cache user the cache itself? */
368         retval = 0;
369         if (p->swap_map[swp_offset(entry)] == 1) {
370                 /* Recheck the page count with the swapcache lock held.. */
371                 write_lock_irq(&swapper_space.tree_lock);
372                 if ((page_count(page) == 2) && !PageWriteback(page)) {
373                         __delete_from_swap_cache(page);
374                         SetPageDirty(page);
375                         retval = 1;
376                 }
377                 write_unlock_irq(&swapper_space.tree_lock);
378         }
379         spin_unlock(&swap_lock);
380
381         if (retval) {
382                 swap_free(entry);
383                 page_cache_release(page);
384         }
385
386         return retval;
387 }
388
389 /*
390  * Free the swap entry like above, but also try to
391  * free the page cache entry if it is the last user.
392  */
393 void free_swap_and_cache(swp_entry_t entry)
394 {
395         struct swap_info_struct * p;
396         struct page *page = NULL;
397
398         if (is_migration_entry(entry))
399                 return;
400
401         p = swap_info_get(entry);
402         if (p) {
403                 if (swap_entry_free(p, swp_offset(entry)) == 1) {
404                         page = find_get_page(&swapper_space, entry.val);
405                         if (page && unlikely(TestSetPageLocked(page))) {
406                                 page_cache_release(page);
407                                 page = NULL;
408                         }
409                 }
410                 spin_unlock(&swap_lock);
411         }
412         if (page) {
413                 int one_user;
414
415                 BUG_ON(PagePrivate(page));
416                 one_user = (page_count(page) == 2);
417                 /* Only cache user (+us), or swap space full? Free it! */
418                 /* Also recheck PageSwapCache after page is locked (above) */
419                 if (PageSwapCache(page) && !PageWriteback(page) &&
420                                         (one_user || vm_swap_full())) {
421                         delete_from_swap_cache(page);
422                         SetPageDirty(page);
423                 }
424                 unlock_page(page);
425                 page_cache_release(page);
426         }
427 }
428
429 #ifdef CONFIG_HIBERNATION
430 /*
431  * Find the swap type that corresponds to given device (if any).
432  *
433  * @offset - number of the PAGE_SIZE-sized block of the device, starting
434  * from 0, in which the swap header is expected to be located.
435  *
436  * This is needed for the suspend to disk (aka swsusp).
437  */
438 int swap_type_of(dev_t device, sector_t offset, struct block_device **bdev_p)
439 {
440         struct block_device *bdev = NULL;
441         int i;
442
443         if (device)
444                 bdev = bdget(device);
445
446         spin_lock(&swap_lock);
447         for (i = 0; i < nr_swapfiles; i++) {
448                 struct swap_info_struct *sis = swap_info + i;
449
450                 if (!(sis->flags & SWP_WRITEOK))
451                         continue;
452
453                 if (!bdev) {
454                         if (bdev_p)
455                                 *bdev_p = sis->bdev;
456
457                         spin_unlock(&swap_lock);
458                         return i;
459                 }
460                 if (bdev == sis->bdev) {
461                         struct swap_extent *se;
462
463                         se = list_entry(sis->extent_list.next,
464                                         struct swap_extent, list);
465                         if (se->start_block == offset) {
466                                 if (bdev_p)
467                                         *bdev_p = sis->bdev;
468
469                                 spin_unlock(&swap_lock);
470                                 bdput(bdev);
471                                 return i;
472                         }
473                 }
474         }
475         spin_unlock(&swap_lock);
476         if (bdev)
477                 bdput(bdev);
478
479         return -ENODEV;
480 }
481
482 /*
483  * Return either the total number of swap pages of given type, or the number
484  * of free pages of that type (depending on @free)
485  *
486  * This is needed for software suspend
487  */
488 unsigned int count_swap_pages(int type, int free)
489 {
490         unsigned int n = 0;
491
492         if (type < nr_swapfiles) {
493                 spin_lock(&swap_lock);
494                 if (swap_info[type].flags & SWP_WRITEOK) {
495                         n = swap_info[type].pages;
496                         if (free)
497                                 n -= swap_info[type].inuse_pages;
498                 }
499                 spin_unlock(&swap_lock);
500         }
501         return n;
502 }
503 #endif
504
505 /*
506  * No need to decide whether this PTE shares the swap entry with others,
507  * just let do_wp_page work it out if a write is requested later - to
508  * force COW, vm_page_prot omits write permission from any private vma.
509  */
510 static int unuse_pte(struct vm_area_struct *vma, pmd_t *pmd,
511                 unsigned long addr, swp_entry_t entry, struct page *page)
512 {
513         spinlock_t *ptl;
514         pte_t *pte;
515         int ret = 1;
516
517         if (mem_cgroup_charge(page, vma->vm_mm, GFP_KERNEL))
518                 ret = -ENOMEM;
519
520         pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
521         if (unlikely(!pte_same(*pte, swp_entry_to_pte(entry)))) {
522                 if (ret > 0)
523                         mem_cgroup_uncharge_page(page);
524                 ret = 0;
525                 goto out;
526         }
527
528         inc_mm_counter(vma->vm_mm, anon_rss);
529         get_page(page);
530         set_pte_at(vma->vm_mm, addr, pte,
531                    pte_mkold(mk_pte(page, vma->vm_page_prot)));
532         page_add_anon_rmap(page, vma, addr);
533         swap_free(entry);
534         /*
535          * Move the page to the active list so it is not
536          * immediately swapped out again after swapon.
537          */
538         activate_page(page);
539 out:
540         pte_unmap_unlock(pte, ptl);
541         return ret;
542 }
543
544 static int unuse_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
545                                 unsigned long addr, unsigned long end,
546                                 swp_entry_t entry, struct page *page)
547 {
548         pte_t swp_pte = swp_entry_to_pte(entry);
549         pte_t *pte;
550         int ret = 0;
551
552         /*
553          * We don't actually need pte lock while scanning for swp_pte: since
554          * we hold page lock and mmap_sem, swp_pte cannot be inserted into the
555          * page table while we're scanning; though it could get zapped, and on
556          * some architectures (e.g. x86_32 with PAE) we might catch a glimpse
557          * of unmatched parts which look like swp_pte, so unuse_pte must
558          * recheck under pte lock.  Scanning without pte lock lets it be
559          * preemptible whenever CONFIG_PREEMPT but not CONFIG_HIGHPTE.
560          */
561         pte = pte_offset_map(pmd, addr);
562         do {
563                 /*
564                  * swapoff spends a _lot_ of time in this loop!
565                  * Test inline before going to call unuse_pte.
566                  */
567                 if (unlikely(pte_same(*pte, swp_pte))) {
568                         pte_unmap(pte);
569                         ret = unuse_pte(vma, pmd, addr, entry, page);
570                         if (ret)
571                                 goto out;
572                         pte = pte_offset_map(pmd, addr);
573                 }
574         } while (pte++, addr += PAGE_SIZE, addr != end);
575         pte_unmap(pte - 1);
576 out:
577         return ret;
578 }
579
580 static inline int unuse_pmd_range(struct vm_area_struct *vma, pud_t *pud,
581                                 unsigned long addr, unsigned long end,
582                                 swp_entry_t entry, struct page *page)
583 {
584         pmd_t *pmd;
585         unsigned long next;
586         int ret;
587
588         pmd = pmd_offset(pud, addr);
589         do {
590                 next = pmd_addr_end(addr, end);
591                 if (pmd_none_or_clear_bad(pmd))
592                         continue;
593                 ret = unuse_pte_range(vma, pmd, addr, next, entry, page);
594                 if (ret)
595                         return ret;
596         } while (pmd++, addr = next, addr != end);
597         return 0;
598 }
599
600 static inline int unuse_pud_range(struct vm_area_struct *vma, pgd_t *pgd,
601                                 unsigned long addr, unsigned long end,
602                                 swp_entry_t entry, struct page *page)
603 {
604         pud_t *pud;
605         unsigned long next;
606         int ret;
607
608         pud = pud_offset(pgd, addr);
609         do {
610                 next = pud_addr_end(addr, end);
611                 if (pud_none_or_clear_bad(pud))
612                         continue;
613                 ret = unuse_pmd_range(vma, pud, addr, next, entry, page);
614                 if (ret)
615                         return ret;
616         } while (pud++, addr = next, addr != end);
617         return 0;
618 }
619
620 static int unuse_vma(struct vm_area_struct *vma,
621                                 swp_entry_t entry, struct page *page)
622 {
623         pgd_t *pgd;
624         unsigned long addr, end, next;
625         int ret;
626
627         if (page->mapping) {
628                 addr = page_address_in_vma(page, vma);
629                 if (addr == -EFAULT)
630                         return 0;
631                 else
632                         end = addr + PAGE_SIZE;
633         } else {
634                 addr = vma->vm_start;
635                 end = vma->vm_end;
636         }
637
638         pgd = pgd_offset(vma->vm_mm, addr);
639         do {
640                 next = pgd_addr_end(addr, end);
641                 if (pgd_none_or_clear_bad(pgd))
642                         continue;
643                 ret = unuse_pud_range(vma, pgd, addr, next, entry, page);
644                 if (ret)
645                         return ret;
646         } while (pgd++, addr = next, addr != end);
647         return 0;
648 }
649
650 static int unuse_mm(struct mm_struct *mm,
651                                 swp_entry_t entry, struct page *page)
652 {
653         struct vm_area_struct *vma;
654         int ret = 0;
655
656         if (!down_read_trylock(&mm->mmap_sem)) {
657                 /*
658                  * Activate page so shrink_cache is unlikely to unmap its
659                  * ptes while lock is dropped, so swapoff can make progress.
660                  */
661                 activate_page(page);
662                 unlock_page(page);
663                 down_read(&mm->mmap_sem);
664                 lock_page(page);
665         }
666         for (vma = mm->mmap; vma; vma = vma->vm_next) {
667                 if (vma->anon_vma && (ret = unuse_vma(vma, entry, page)))
668                         break;
669         }
670         up_read(&mm->mmap_sem);
671         return (ret < 0)? ret: 0;
672 }
673
674 /*
675  * Scan swap_map from current position to next entry still in use.
676  * Recycle to start on reaching the end, returning 0 when empty.
677  */
678 static unsigned int find_next_to_unuse(struct swap_info_struct *si,
679                                         unsigned int prev)
680 {
681         unsigned int max = si->max;
682         unsigned int i = prev;
683         int count;
684
685         /*
686          * No need for swap_lock here: we're just looking
687          * for whether an entry is in use, not modifying it; false
688          * hits are okay, and sys_swapoff() has already prevented new
689          * allocations from this area (while holding swap_lock).
690          */
691         for (;;) {
692                 if (++i >= max) {
693                         if (!prev) {
694                                 i = 0;
695                                 break;
696                         }
697                         /*
698                          * No entries in use at top of swap_map,
699                          * loop back to start and recheck there.
700                          */
701                         max = prev + 1;
702                         prev = 0;
703                         i = 1;
704                 }
705                 count = si->swap_map[i];
706                 if (count && count != SWAP_MAP_BAD)
707                         break;
708         }
709         return i;
710 }
711
712 /*
713  * We completely avoid races by reading each swap page in advance,
714  * and then search for the process using it.  All the necessary
715  * page table adjustments can then be made atomically.
716  */
717 static int try_to_unuse(unsigned int type)
718 {
719         struct swap_info_struct * si = &swap_info[type];
720         struct mm_struct *start_mm;
721         unsigned short *swap_map;
722         unsigned short swcount;
723         struct page *page;
724         swp_entry_t entry;
725         unsigned int i = 0;
726         int retval = 0;
727         int reset_overflow = 0;
728         int shmem;
729
730         /*
731          * When searching mms for an entry, a good strategy is to
732          * start at the first mm we freed the previous entry from
733          * (though actually we don't notice whether we or coincidence
734          * freed the entry).  Initialize this start_mm with a hold.
735          *
736          * A simpler strategy would be to start at the last mm we
737          * freed the previous entry from; but that would take less
738          * advantage of mmlist ordering, which clusters forked mms
739          * together, child after parent.  If we race with dup_mmap(), we
740          * prefer to resolve parent before child, lest we miss entries
741          * duplicated after we scanned child: using last mm would invert
742          * that.  Though it's only a serious concern when an overflowed
743          * swap count is reset from SWAP_MAP_MAX, preventing a rescan.
744          */
745         start_mm = &init_mm;
746         atomic_inc(&init_mm.mm_users);
747
748         /*
749          * Keep on scanning until all entries have gone.  Usually,
750          * one pass through swap_map is enough, but not necessarily:
751          * there are races when an instance of an entry might be missed.
752          */
753         while ((i = find_next_to_unuse(si, i)) != 0) {
754                 if (signal_pending(current)) {
755                         retval = -EINTR;
756                         break;
757                 }
758
759                 /* 
760                  * Get a page for the entry, using the existing swap
761                  * cache page if there is one.  Otherwise, get a clean
762                  * page and read the swap into it. 
763                  */
764                 swap_map = &si->swap_map[i];
765                 entry = swp_entry(type, i);
766                 page = read_swap_cache_async(entry,
767                                         GFP_HIGHUSER_MOVABLE, NULL, 0);
768                 if (!page) {
769                         /*
770                          * Either swap_duplicate() failed because entry
771                          * has been freed independently, and will not be
772                          * reused since sys_swapoff() already disabled
773                          * allocation from here, or alloc_page() failed.
774                          */
775                         if (!*swap_map)
776                                 continue;
777                         retval = -ENOMEM;
778                         break;
779                 }
780
781                 /*
782                  * Don't hold on to start_mm if it looks like exiting.
783                  */
784                 if (atomic_read(&start_mm->mm_users) == 1) {
785                         mmput(start_mm);
786                         start_mm = &init_mm;
787                         atomic_inc(&init_mm.mm_users);
788                 }
789
790                 /*
791                  * Wait for and lock page.  When do_swap_page races with
792                  * try_to_unuse, do_swap_page can handle the fault much
793                  * faster than try_to_unuse can locate the entry.  This
794                  * apparently redundant "wait_on_page_locked" lets try_to_unuse
795                  * defer to do_swap_page in such a case - in some tests,
796                  * do_swap_page and try_to_unuse repeatedly compete.
797                  */
798                 wait_on_page_locked(page);
799                 wait_on_page_writeback(page);
800                 lock_page(page);
801                 wait_on_page_writeback(page);
802
803                 /*
804                  * Remove all references to entry.
805                  * Whenever we reach init_mm, there's no address space
806                  * to search, but use it as a reminder to search shmem.
807                  */
808                 shmem = 0;
809                 swcount = *swap_map;
810                 if (swcount > 1) {
811                         if (start_mm == &init_mm)
812                                 shmem = shmem_unuse(entry, page);
813                         else
814                                 retval = unuse_mm(start_mm, entry, page);
815                 }
816                 if (*swap_map > 1) {
817                         int set_start_mm = (*swap_map >= swcount);
818                         struct list_head *p = &start_mm->mmlist;
819                         struct mm_struct *new_start_mm = start_mm;
820                         struct mm_struct *prev_mm = start_mm;
821                         struct mm_struct *mm;
822
823                         atomic_inc(&new_start_mm->mm_users);
824                         atomic_inc(&prev_mm->mm_users);
825                         spin_lock(&mmlist_lock);
826                         while (*swap_map > 1 && !retval && !shmem &&
827                                         (p = p->next) != &start_mm->mmlist) {
828                                 mm = list_entry(p, struct mm_struct, mmlist);
829                                 if (!atomic_inc_not_zero(&mm->mm_users))
830                                         continue;
831                                 spin_unlock(&mmlist_lock);
832                                 mmput(prev_mm);
833                                 prev_mm = mm;
834
835                                 cond_resched();
836
837                                 swcount = *swap_map;
838                                 if (swcount <= 1)
839                                         ;
840                                 else if (mm == &init_mm) {
841                                         set_start_mm = 1;
842                                         shmem = shmem_unuse(entry, page);
843                                 } else
844                                         retval = unuse_mm(mm, entry, page);
845                                 if (set_start_mm && *swap_map < swcount) {
846                                         mmput(new_start_mm);
847                                         atomic_inc(&mm->mm_users);
848                                         new_start_mm = mm;
849                                         set_start_mm = 0;
850                                 }
851                                 spin_lock(&mmlist_lock);
852                         }
853                         spin_unlock(&mmlist_lock);
854                         mmput(prev_mm);
855                         mmput(start_mm);
856                         start_mm = new_start_mm;
857                 }
858                 if (shmem) {
859                         /* page has already been unlocked and released */
860                         if (shmem > 0)
861                                 continue;
862                         retval = shmem;
863                         break;
864                 }
865                 if (retval) {
866                         unlock_page(page);
867                         page_cache_release(page);
868                         break;
869                 }
870
871                 /*
872                  * How could swap count reach 0x7fff when the maximum
873                  * pid is 0x7fff, and there's no way to repeat a swap
874                  * page within an mm (except in shmem, where it's the
875                  * shared object which takes the reference count)?
876                  * We believe SWAP_MAP_MAX cannot occur in Linux 2.4.
877                  *
878                  * If that's wrong, then we should worry more about
879                  * exit_mmap() and do_munmap() cases described above:
880                  * we might be resetting SWAP_MAP_MAX too early here.
881                  * We know "Undead"s can happen, they're okay, so don't
882                  * report them; but do report if we reset SWAP_MAP_MAX.
883                  */
884                 if (*swap_map == SWAP_MAP_MAX) {
885                         spin_lock(&swap_lock);
886                         *swap_map = 1;
887                         spin_unlock(&swap_lock);
888                         reset_overflow = 1;
889                 }
890
891                 /*
892                  * If a reference remains (rare), we would like to leave
893                  * the page in the swap cache; but try_to_unmap could
894                  * then re-duplicate the entry once we drop page lock,
895                  * so we might loop indefinitely; also, that page could
896                  * not be swapped out to other storage meanwhile.  So:
897                  * delete from cache even if there's another reference,
898                  * after ensuring that the data has been saved to disk -
899                  * since if the reference remains (rarer), it will be
900                  * read from disk into another page.  Splitting into two
901                  * pages would be incorrect if swap supported "shared
902                  * private" pages, but they are handled by tmpfs files.
903                  */
904                 if ((*swap_map > 1) && PageDirty(page) && PageSwapCache(page)) {
905                         struct writeback_control wbc = {
906                                 .sync_mode = WB_SYNC_NONE,
907                         };
908
909                         swap_writepage(page, &wbc);
910                         lock_page(page);
911                         wait_on_page_writeback(page);
912                 }
913                 if (PageSwapCache(page))
914                         delete_from_swap_cache(page);
915
916                 /*
917                  * So we could skip searching mms once swap count went
918                  * to 1, we did not mark any present ptes as dirty: must
919                  * mark page dirty so shrink_page_list will preserve it.
920                  */
921                 SetPageDirty(page);
922                 unlock_page(page);
923                 page_cache_release(page);
924
925                 /*
926                  * Make sure that we aren't completely killing
927                  * interactive performance.
928                  */
929                 cond_resched();
930         }
931
932         mmput(start_mm);
933         if (reset_overflow) {
934                 printk(KERN_WARNING "swapoff: cleared swap entry overflow\n");
935                 swap_overflow = 0;
936         }
937         return retval;
938 }
939
940 /*
941  * After a successful try_to_unuse, if no swap is now in use, we know
942  * we can empty the mmlist.  swap_lock must be held on entry and exit.
943  * Note that mmlist_lock nests inside swap_lock, and an mm must be
944  * added to the mmlist just after page_duplicate - before would be racy.
945  */
946 static void drain_mmlist(void)
947 {
948         struct list_head *p, *next;
949         unsigned int i;
950
951         for (i = 0; i < nr_swapfiles; i++)
952                 if (swap_info[i].inuse_pages)
953                         return;
954         spin_lock(&mmlist_lock);
955         list_for_each_safe(p, next, &init_mm.mmlist)
956                 list_del_init(p);
957         spin_unlock(&mmlist_lock);
958 }
959
960 /*
961  * Use this swapdev's extent info to locate the (PAGE_SIZE) block which
962  * corresponds to page offset `offset'.
963  */
964 sector_t map_swap_page(struct swap_info_struct *sis, pgoff_t offset)
965 {
966         struct swap_extent *se = sis->curr_swap_extent;
967         struct swap_extent *start_se = se;
968
969         for ( ; ; ) {
970                 struct list_head *lh;
971
972                 if (se->start_page <= offset &&
973                                 offset < (se->start_page + se->nr_pages)) {
974                         return se->start_block + (offset - se->start_page);
975                 }
976                 lh = se->list.next;
977                 if (lh == &sis->extent_list)
978                         lh = lh->next;
979                 se = list_entry(lh, struct swap_extent, list);
980                 sis->curr_swap_extent = se;
981                 BUG_ON(se == start_se);         /* It *must* be present */
982         }
983 }
984
985 #ifdef CONFIG_HIBERNATION
986 /*
987  * Get the (PAGE_SIZE) block corresponding to given offset on the swapdev
988  * corresponding to given index in swap_info (swap type).
989  */
990 sector_t swapdev_block(int swap_type, pgoff_t offset)
991 {
992         struct swap_info_struct *sis;
993
994         if (swap_type >= nr_swapfiles)
995                 return 0;
996
997         sis = swap_info + swap_type;
998         return (sis->flags & SWP_WRITEOK) ? map_swap_page(sis, offset) : 0;
999 }
1000 #endif /* CONFIG_HIBERNATION */
1001
1002 /*
1003  * Free all of a swapdev's extent information
1004  */
1005 static void destroy_swap_extents(struct swap_info_struct *sis)
1006 {
1007         while (!list_empty(&sis->extent_list)) {
1008                 struct swap_extent *se;
1009
1010                 se = list_entry(sis->extent_list.next,
1011                                 struct swap_extent, list);
1012                 list_del(&se->list);
1013                 kfree(se);
1014         }
1015 }
1016
1017 /*
1018  * Add a block range (and the corresponding page range) into this swapdev's
1019  * extent list.  The extent list is kept sorted in page order.
1020  *
1021  * This function rather assumes that it is called in ascending page order.
1022  */
1023 static int
1024 add_swap_extent(struct swap_info_struct *sis, unsigned long start_page,
1025                 unsigned long nr_pages, sector_t start_block)
1026 {
1027         struct swap_extent *se;
1028         struct swap_extent *new_se;
1029         struct list_head *lh;
1030
1031         lh = sis->extent_list.prev;     /* The highest page extent */
1032         if (lh != &sis->extent_list) {
1033                 se = list_entry(lh, struct swap_extent, list);
1034                 BUG_ON(se->start_page + se->nr_pages != start_page);
1035                 if (se->start_block + se->nr_pages == start_block) {
1036                         /* Merge it */
1037                         se->nr_pages += nr_pages;
1038                         return 0;
1039                 }
1040         }
1041
1042         /*
1043          * No merge.  Insert a new extent, preserving ordering.
1044          */
1045         new_se = kmalloc(sizeof(*se), GFP_KERNEL);
1046         if (new_se == NULL)
1047                 return -ENOMEM;
1048         new_se->start_page = start_page;
1049         new_se->nr_pages = nr_pages;
1050         new_se->start_block = start_block;
1051
1052         list_add_tail(&new_se->list, &sis->extent_list);
1053         return 1;
1054 }
1055
1056 /*
1057  * A `swap extent' is a simple thing which maps a contiguous range of pages
1058  * onto a contiguous range of disk blocks.  An ordered list of swap extents
1059  * is built at swapon time and is then used at swap_writepage/swap_readpage
1060  * time for locating where on disk a page belongs.
1061  *
1062  * If the swapfile is an S_ISBLK block device, a single extent is installed.
1063  * This is done so that the main operating code can treat S_ISBLK and S_ISREG
1064  * swap files identically.
1065  *
1066  * Whether the swapdev is an S_ISREG file or an S_ISBLK blockdev, the swap
1067  * extent list operates in PAGE_SIZE disk blocks.  Both S_ISREG and S_ISBLK
1068  * swapfiles are handled *identically* after swapon time.
1069  *
1070  * For S_ISREG swapfiles, setup_swap_extents() will walk all the file's blocks
1071  * and will parse them into an ordered extent list, in PAGE_SIZE chunks.  If
1072  * some stray blocks are found which do not fall within the PAGE_SIZE alignment
1073  * requirements, they are simply tossed out - we will never use those blocks
1074  * for swapping.
1075  *
1076  * For S_ISREG swapfiles we set S_SWAPFILE across the life of the swapon.  This
1077  * prevents root from shooting her foot off by ftruncating an in-use swapfile,
1078  * which will scribble on the fs.
1079  *
1080  * The amount of disk space which a single swap extent represents varies.
1081  * Typically it is in the 1-4 megabyte range.  So we can have hundreds of
1082  * extents in the list.  To avoid much list walking, we cache the previous
1083  * search location in `curr_swap_extent', and start new searches from there.
1084  * This is extremely effective.  The average number of iterations in
1085  * map_swap_page() has been measured at about 0.3 per page.  - akpm.
1086  */
1087 static int setup_swap_extents(struct swap_info_struct *sis, sector_t *span)
1088 {
1089         struct inode *inode;
1090         unsigned blocks_per_page;
1091         unsigned long page_no;
1092         unsigned blkbits;
1093         sector_t probe_block;
1094         sector_t last_block;
1095         sector_t lowest_block = -1;
1096         sector_t highest_block = 0;
1097         int nr_extents = 0;
1098         int ret;
1099
1100         inode = sis->swap_file->f_mapping->host;
1101         if (S_ISBLK(inode->i_mode)) {
1102                 ret = add_swap_extent(sis, 0, sis->max, 0);
1103                 *span = sis->pages;
1104                 goto done;
1105         }
1106
1107         blkbits = inode->i_blkbits;
1108         blocks_per_page = PAGE_SIZE >> blkbits;
1109
1110         /*
1111          * Map all the blocks into the extent list.  This code doesn't try
1112          * to be very smart.
1113          */
1114         probe_block = 0;
1115         page_no = 0;
1116         last_block = i_size_read(inode) >> blkbits;
1117         while ((probe_block + blocks_per_page) <= last_block &&
1118                         page_no < sis->max) {
1119                 unsigned block_in_page;
1120                 sector_t first_block;
1121
1122                 first_block = bmap(inode, probe_block);
1123                 if (first_block == 0)
1124                         goto bad_bmap;
1125
1126                 /*
1127                  * It must be PAGE_SIZE aligned on-disk
1128                  */
1129                 if (first_block & (blocks_per_page - 1)) {
1130                         probe_block++;
1131                         goto reprobe;
1132                 }
1133
1134                 for (block_in_page = 1; block_in_page < blocks_per_page;
1135                                         block_in_page++) {
1136                         sector_t block;
1137
1138                         block = bmap(inode, probe_block + block_in_page);
1139                         if (block == 0)
1140                                 goto bad_bmap;
1141                         if (block != first_block + block_in_page) {
1142                                 /* Discontiguity */
1143                                 probe_block++;
1144                                 goto reprobe;
1145                         }
1146                 }
1147
1148                 first_block >>= (PAGE_SHIFT - blkbits);
1149                 if (page_no) {  /* exclude the header page */
1150                         if (first_block < lowest_block)
1151                                 lowest_block = first_block;
1152                         if (first_block > highest_block)
1153                                 highest_block = first_block;
1154                 }
1155
1156                 /*
1157                  * We found a PAGE_SIZE-length, PAGE_SIZE-aligned run of blocks
1158                  */
1159                 ret = add_swap_extent(sis, page_no, 1, first_block);
1160                 if (ret < 0)
1161                         goto out;
1162                 nr_extents += ret;
1163                 page_no++;
1164                 probe_block += blocks_per_page;
1165 reprobe:
1166                 continue;
1167         }
1168         ret = nr_extents;
1169         *span = 1 + highest_block - lowest_block;
1170         if (page_no == 0)
1171                 page_no = 1;    /* force Empty message */
1172         sis->max = page_no;
1173         sis->pages = page_no - 1;
1174         sis->highest_bit = page_no - 1;
1175 done:
1176         sis->curr_swap_extent = list_entry(sis->extent_list.prev,
1177                                         struct swap_extent, list);
1178         goto out;
1179 bad_bmap:
1180         printk(KERN_ERR "swapon: swapfile has holes\n");
1181         ret = -EINVAL;
1182 out:
1183         return ret;
1184 }
1185
1186 #if 0   /* We don't need this yet */
1187 #include <linux/backing-dev.h>
1188 int page_queue_congested(struct page *page)
1189 {
1190         struct backing_dev_info *bdi;
1191
1192         BUG_ON(!PageLocked(page));      /* It pins the swap_info_struct */
1193
1194         if (PageSwapCache(page)) {
1195                 swp_entry_t entry = { .val = page_private(page) };
1196                 struct swap_info_struct *sis;
1197
1198                 sis = get_swap_info_struct(swp_type(entry));
1199                 bdi = sis->bdev->bd_inode->i_mapping->backing_dev_info;
1200         } else
1201                 bdi = page->mapping->backing_dev_info;
1202         return bdi_write_congested(bdi);
1203 }
1204 #endif
1205
1206 asmlinkage long sys_swapoff(const char __user * specialfile)
1207 {
1208         struct swap_info_struct * p = NULL;
1209         unsigned short *swap_map;
1210         struct file *swap_file, *victim;
1211         struct address_space *mapping;
1212         struct inode *inode;
1213         char * pathname;
1214         int i, type, prev;
1215         int err;
1216         
1217         if (!capable(CAP_SYS_ADMIN))
1218                 return -EPERM;
1219
1220         pathname = getname(specialfile);
1221         err = PTR_ERR(pathname);
1222         if (IS_ERR(pathname))
1223                 goto out;
1224
1225         victim = filp_open(pathname, O_RDWR|O_LARGEFILE, 0);
1226         putname(pathname);
1227         err = PTR_ERR(victim);
1228         if (IS_ERR(victim))
1229                 goto out;
1230
1231         mapping = victim->f_mapping;
1232         prev = -1;
1233         spin_lock(&swap_lock);
1234         for (type = swap_list.head; type >= 0; type = swap_info[type].next) {
1235                 p = swap_info + type;
1236                 if ((p->flags & SWP_ACTIVE) == SWP_ACTIVE) {
1237                         if (p->swap_file->f_mapping == mapping)
1238                                 break;
1239                 }
1240                 prev = type;
1241         }
1242         if (type < 0) {
1243                 err = -EINVAL;
1244                 spin_unlock(&swap_lock);
1245                 goto out_dput;
1246         }
1247         if (!security_vm_enough_memory(p->pages))
1248                 vm_unacct_memory(p->pages);
1249         else {
1250                 err = -ENOMEM;
1251                 spin_unlock(&swap_lock);
1252                 goto out_dput;
1253         }
1254         if (prev < 0) {
1255                 swap_list.head = p->next;
1256         } else {
1257                 swap_info[prev].next = p->next;
1258         }
1259         if (type == swap_list.next) {
1260                 /* just pick something that's safe... */
1261                 swap_list.next = swap_list.head;
1262         }
1263         nr_swap_pages -= p->pages;
1264         total_swap_pages -= p->pages;
1265         p->flags &= ~SWP_WRITEOK;
1266         spin_unlock(&swap_lock);
1267
1268         current->flags |= PF_SWAPOFF;
1269         err = try_to_unuse(type);
1270         current->flags &= ~PF_SWAPOFF;
1271
1272         if (err) {
1273                 /* re-insert swap space back into swap_list */
1274                 spin_lock(&swap_lock);
1275                 for (prev = -1, i = swap_list.head; i >= 0; prev = i, i = swap_info[i].next)
1276                         if (p->prio >= swap_info[i].prio)
1277                                 break;
1278                 p->next = i;
1279                 if (prev < 0)
1280                         swap_list.head = swap_list.next = p - swap_info;
1281                 else
1282                         swap_info[prev].next = p - swap_info;
1283                 nr_swap_pages += p->pages;
1284                 total_swap_pages += p->pages;
1285                 p->flags |= SWP_WRITEOK;
1286                 spin_unlock(&swap_lock);
1287                 goto out_dput;
1288         }
1289
1290         /* wait for any unplug function to finish */
1291         down_write(&swap_unplug_sem);
1292         up_write(&swap_unplug_sem);
1293
1294         destroy_swap_extents(p);
1295         mutex_lock(&swapon_mutex);
1296         spin_lock(&swap_lock);
1297         drain_mmlist();
1298
1299         /* wait for anyone still in scan_swap_map */
1300         p->highest_bit = 0;             /* cuts scans short */
1301         while (p->flags >= SWP_SCANNING) {
1302                 spin_unlock(&swap_lock);
1303                 schedule_timeout_uninterruptible(1);
1304                 spin_lock(&swap_lock);
1305         }
1306
1307         swap_file = p->swap_file;
1308         p->swap_file = NULL;
1309         p->max = 0;
1310         swap_map = p->swap_map;
1311         p->swap_map = NULL;
1312         p->flags = 0;
1313         spin_unlock(&swap_lock);
1314         mutex_unlock(&swapon_mutex);
1315         vfree(swap_map);
1316         inode = mapping->host;
1317         if (S_ISBLK(inode->i_mode)) {
1318                 struct block_device *bdev = I_BDEV(inode);
1319                 set_blocksize(bdev, p->old_block_size);
1320                 bd_release(bdev);
1321         } else {
1322                 mutex_lock(&inode->i_mutex);
1323                 inode->i_flags &= ~S_SWAPFILE;
1324                 mutex_unlock(&inode->i_mutex);
1325         }
1326         filp_close(swap_file, NULL);
1327         err = 0;
1328
1329 out_dput:
1330         filp_close(victim, NULL);
1331 out:
1332         return err;
1333 }
1334
1335 #ifdef CONFIG_PROC_FS
1336 /* iterator */
1337 static void *swap_start(struct seq_file *swap, loff_t *pos)
1338 {
1339         struct swap_info_struct *ptr = swap_info;
1340         int i;
1341         loff_t l = *pos;
1342
1343         mutex_lock(&swapon_mutex);
1344
1345         if (!l)
1346                 return SEQ_START_TOKEN;
1347
1348         for (i = 0; i < nr_swapfiles; i++, ptr++) {
1349                 if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1350                         continue;
1351                 if (!--l)
1352                         return ptr;
1353         }
1354
1355         return NULL;
1356 }
1357
1358 static void *swap_next(struct seq_file *swap, void *v, loff_t *pos)
1359 {
1360         struct swap_info_struct *ptr;
1361         struct swap_info_struct *endptr = swap_info + nr_swapfiles;
1362
1363         if (v == SEQ_START_TOKEN)
1364                 ptr = swap_info;
1365         else {
1366                 ptr = v;
1367                 ptr++;
1368         }
1369
1370         for (; ptr < endptr; ptr++) {
1371                 if (!(ptr->flags & SWP_USED) || !ptr->swap_map)
1372                         continue;
1373                 ++*pos;
1374                 return ptr;
1375         }
1376
1377         return NULL;
1378 }
1379
1380 static void swap_stop(struct seq_file *swap, void *v)
1381 {
1382         mutex_unlock(&swapon_mutex);
1383 }
1384
1385 static int swap_show(struct seq_file *swap, void *v)
1386 {
1387         struct swap_info_struct *ptr = v;
1388         struct file *file;
1389         int len;
1390
1391         if (ptr == SEQ_START_TOKEN) {
1392                 seq_puts(swap,"Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
1393                 return 0;
1394         }
1395
1396         file = ptr->swap_file;
1397         len = seq_path(swap, &file->f_path, " \t\n\\");
1398         seq_printf(swap, "%*s%s\t%u\t%u\t%d\n",
1399                        len < 40 ? 40 - len : 1, " ",
1400                        S_ISBLK(file->f_path.dentry->d_inode->i_mode) ?
1401                                 "partition" : "file\t",
1402                        ptr->pages << (PAGE_SHIFT - 10),
1403                        ptr->inuse_pages << (PAGE_SHIFT - 10),
1404                        ptr->prio);
1405         return 0;
1406 }
1407
1408 static const struct seq_operations swaps_op = {
1409         .start =        swap_start,
1410         .next =         swap_next,
1411         .stop =         swap_stop,
1412         .show =         swap_show
1413 };
1414
1415 static int swaps_open(struct inode *inode, struct file *file)
1416 {
1417         return seq_open(file, &swaps_op);
1418 }
1419
1420 static const struct file_operations proc_swaps_operations = {
1421         .open           = swaps_open,
1422         .read           = seq_read,
1423         .llseek         = seq_lseek,
1424         .release        = seq_release,
1425 };
1426
1427 static int __init procswaps_init(void)
1428 {
1429         proc_create("swaps", 0, NULL, &proc_swaps_operations);
1430         return 0;
1431 }
1432 __initcall(procswaps_init);
1433 #endif /* CONFIG_PROC_FS */
1434
1435 /*
1436  * Written 01/25/92 by Simmule Turner, heavily changed by Linus.
1437  *
1438  * The swapon system call
1439  */
1440 asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags)
1441 {
1442         struct swap_info_struct * p;
1443         char *name = NULL;
1444         struct block_device *bdev = NULL;
1445         struct file *swap_file = NULL;
1446         struct address_space *mapping;
1447         unsigned int type;
1448         int i, prev;
1449         int error;
1450         static int least_priority;
1451         union swap_header *swap_header = NULL;
1452         int swap_header_version;
1453         unsigned int nr_good_pages = 0;
1454         int nr_extents = 0;
1455         sector_t span;
1456         unsigned long maxpages = 1;
1457         int swapfilesize;
1458         unsigned short *swap_map;
1459         struct page *page = NULL;
1460         struct inode *inode = NULL;
1461         int did_down = 0;
1462
1463         if (!capable(CAP_SYS_ADMIN))
1464                 return -EPERM;
1465         spin_lock(&swap_lock);
1466         p = swap_info;
1467         for (type = 0 ; type < nr_swapfiles ; type++,p++)
1468                 if (!(p->flags & SWP_USED))
1469                         break;
1470         error = -EPERM;
1471         if (type >= MAX_SWAPFILES) {
1472                 spin_unlock(&swap_lock);
1473                 goto out;
1474         }
1475         if (type >= nr_swapfiles)
1476                 nr_swapfiles = type+1;
1477         INIT_LIST_HEAD(&p->extent_list);
1478         p->flags = SWP_USED;
1479         p->swap_file = NULL;
1480         p->old_block_size = 0;
1481         p->swap_map = NULL;
1482         p->lowest_bit = 0;
1483         p->highest_bit = 0;
1484         p->cluster_nr = 0;
1485         p->inuse_pages = 0;
1486         p->next = -1;
1487         if (swap_flags & SWAP_FLAG_PREFER) {
1488                 p->prio =
1489                   (swap_flags & SWAP_FLAG_PRIO_MASK)>>SWAP_FLAG_PRIO_SHIFT;
1490         } else {
1491                 p->prio = --least_priority;
1492         }
1493         spin_unlock(&swap_lock);
1494         name = getname(specialfile);
1495         error = PTR_ERR(name);
1496         if (IS_ERR(name)) {
1497                 name = NULL;
1498                 goto bad_swap_2;
1499         }
1500         swap_file = filp_open(name, O_RDWR|O_LARGEFILE, 0);
1501         error = PTR_ERR(swap_file);
1502         if (IS_ERR(swap_file)) {
1503                 swap_file = NULL;
1504                 goto bad_swap_2;
1505         }
1506
1507         p->swap_file = swap_file;
1508         mapping = swap_file->f_mapping;
1509         inode = mapping->host;
1510
1511         error = -EBUSY;
1512         for (i = 0; i < nr_swapfiles; i++) {
1513                 struct swap_info_struct *q = &swap_info[i];
1514
1515                 if (i == type || !q->swap_file)
1516                         continue;
1517                 if (mapping == q->swap_file->f_mapping)
1518                         goto bad_swap;
1519         }
1520
1521         error = -EINVAL;
1522         if (S_ISBLK(inode->i_mode)) {
1523                 bdev = I_BDEV(inode);
1524                 error = bd_claim(bdev, sys_swapon);
1525                 if (error < 0) {
1526                         bdev = NULL;
1527                         error = -EINVAL;
1528                         goto bad_swap;
1529                 }
1530                 p->old_block_size = block_size(bdev);
1531                 error = set_blocksize(bdev, PAGE_SIZE);
1532                 if (error < 0)
1533                         goto bad_swap;
1534                 p->bdev = bdev;
1535         } else if (S_ISREG(inode->i_mode)) {
1536                 p->bdev = inode->i_sb->s_bdev;
1537                 mutex_lock(&inode->i_mutex);
1538                 did_down = 1;
1539                 if (IS_SWAPFILE(inode)) {
1540                         error = -EBUSY;
1541                         goto bad_swap;
1542                 }
1543         } else {
1544                 goto bad_swap;
1545         }
1546
1547         swapfilesize = i_size_read(inode) >> PAGE_SHIFT;
1548
1549         /*
1550          * Read the swap header.
1551          */
1552         if (!mapping->a_ops->readpage) {
1553                 error = -EINVAL;
1554                 goto bad_swap;
1555         }
1556         page = read_mapping_page(mapping, 0, swap_file);
1557         if (IS_ERR(page)) {
1558                 error = PTR_ERR(page);
1559                 goto bad_swap;
1560         }
1561         kmap(page);
1562         swap_header = page_address(page);
1563
1564         if (!memcmp("SWAP-SPACE",swap_header->magic.magic,10))
1565                 swap_header_version = 1;
1566         else if (!memcmp("SWAPSPACE2",swap_header->magic.magic,10))
1567                 swap_header_version = 2;
1568         else {
1569                 printk(KERN_ERR "Unable to find swap-space signature\n");
1570                 error = -EINVAL;
1571                 goto bad_swap;
1572         }
1573         
1574         switch (swap_header_version) {
1575         case 1:
1576                 printk(KERN_ERR "version 0 swap is no longer supported. "
1577                         "Use mkswap -v1 %s\n", name);
1578                 error = -EINVAL;
1579                 goto bad_swap;
1580         case 2:
1581                 /* swap partition endianess hack... */
1582                 if (swab32(swap_header->info.version) == 1) {
1583                         swab32s(&swap_header->info.version);
1584                         swab32s(&swap_header->info.last_page);
1585                         swab32s(&swap_header->info.nr_badpages);
1586                         for (i = 0; i < swap_header->info.nr_badpages; i++)
1587                                 swab32s(&swap_header->info.badpages[i]);
1588                 }
1589                 /* Check the swap header's sub-version and the size of
1590                    the swap file and bad block lists */
1591                 if (swap_header->info.version != 1) {
1592                         printk(KERN_WARNING
1593                                "Unable to handle swap header version %d\n",
1594                                swap_header->info.version);
1595                         error = -EINVAL;
1596                         goto bad_swap;
1597                 }
1598
1599                 p->lowest_bit  = 1;
1600                 p->cluster_next = 1;
1601
1602                 /*
1603                  * Find out how many pages are allowed for a single swap
1604                  * device. There are two limiting factors: 1) the number of
1605                  * bits for the swap offset in the swp_entry_t type and
1606                  * 2) the number of bits in the a swap pte as defined by
1607                  * the different architectures. In order to find the
1608                  * largest possible bit mask a swap entry with swap type 0
1609                  * and swap offset ~0UL is created, encoded to a swap pte,
1610                  * decoded to a swp_entry_t again and finally the swap
1611                  * offset is extracted. This will mask all the bits from
1612                  * the initial ~0UL mask that can't be encoded in either
1613                  * the swp_entry_t or the architecture definition of a
1614                  * swap pte.
1615                  */
1616                 maxpages = swp_offset(pte_to_swp_entry(swp_entry_to_pte(swp_entry(0,~0UL)))) - 1;
1617                 if (maxpages > swap_header->info.last_page)
1618                         maxpages = swap_header->info.last_page;
1619                 p->highest_bit = maxpages - 1;
1620
1621                 error = -EINVAL;
1622                 if (!maxpages)
1623                         goto bad_swap;
1624                 if (swapfilesize && maxpages > swapfilesize) {
1625                         printk(KERN_WARNING
1626                                "Swap area shorter than signature indicates\n");
1627                         goto bad_swap;
1628                 }
1629                 if (swap_header->info.nr_badpages && S_ISREG(inode->i_mode))
1630                         goto bad_swap;
1631                 if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES)
1632                         goto bad_swap;
1633
1634                 /* OK, set up the swap map and apply the bad block list */
1635                 if (!(p->swap_map = vmalloc(maxpages * sizeof(short)))) {
1636                         error = -ENOMEM;
1637                         goto bad_swap;
1638                 }
1639
1640                 error = 0;
1641                 memset(p->swap_map, 0, maxpages * sizeof(short));
1642                 for (i = 0; i < swap_header->info.nr_badpages; i++) {
1643                         int page_nr = swap_header->info.badpages[i];
1644                         if (page_nr <= 0 || page_nr >= swap_header->info.last_page)
1645                                 error = -EINVAL;
1646                         else
1647                                 p->swap_map[page_nr] = SWAP_MAP_BAD;
1648                 }
1649                 nr_good_pages = swap_header->info.last_page -
1650                                 swap_header->info.nr_badpages -
1651                                 1 /* header page */;
1652                 if (error)
1653                         goto bad_swap;
1654         }
1655
1656         if (nr_good_pages) {
1657                 p->swap_map[0] = SWAP_MAP_BAD;
1658                 p->max = maxpages;
1659                 p->pages = nr_good_pages;
1660                 nr_extents = setup_swap_extents(p, &span);
1661                 if (nr_extents < 0) {
1662                         error = nr_extents;
1663                         goto bad_swap;
1664                 }
1665                 nr_good_pages = p->pages;
1666         }
1667         if (!nr_good_pages) {
1668                 printk(KERN_WARNING "Empty swap-file\n");
1669                 error = -EINVAL;
1670                 goto bad_swap;
1671         }
1672
1673         mutex_lock(&swapon_mutex);
1674         spin_lock(&swap_lock);
1675         p->flags = SWP_ACTIVE;
1676         nr_swap_pages += nr_good_pages;
1677         total_swap_pages += nr_good_pages;
1678
1679         printk(KERN_INFO "Adding %uk swap on %s.  "
1680                         "Priority:%d extents:%d across:%lluk\n",
1681                 nr_good_pages<<(PAGE_SHIFT-10), name, p->prio,
1682                 nr_extents, (unsigned long long)span<<(PAGE_SHIFT-10));
1683
1684         /* insert swap space into swap_list: */
1685         prev = -1;
1686         for (i = swap_list.head; i >= 0; i = swap_info[i].next) {
1687                 if (p->prio >= swap_info[i].prio) {
1688                         break;
1689                 }
1690                 prev = i;
1691         }
1692         p->next = i;
1693         if (prev < 0) {
1694                 swap_list.head = swap_list.next = p - swap_info;
1695         } else {
1696                 swap_info[prev].next = p - swap_info;
1697         }
1698         spin_unlock(&swap_lock);
1699         mutex_unlock(&swapon_mutex);
1700         error = 0;
1701         goto out;
1702 bad_swap:
1703         if (bdev) {
1704                 set_blocksize(bdev, p->old_block_size);
1705                 bd_release(bdev);
1706         }
1707         destroy_swap_extents(p);
1708 bad_swap_2:
1709         spin_lock(&swap_lock);
1710         swap_map = p->swap_map;
1711         p->swap_file = NULL;
1712         p->swap_map = NULL;
1713         p->flags = 0;
1714         if (!(swap_flags & SWAP_FLAG_PREFER))
1715                 ++least_priority;
1716         spin_unlock(&swap_lock);
1717         vfree(swap_map);
1718         if (swap_file)
1719                 filp_close(swap_file, NULL);
1720 out:
1721         if (page && !IS_ERR(page)) {
1722                 kunmap(page);
1723                 page_cache_release(page);
1724         }
1725         if (name)
1726                 putname(name);
1727         if (did_down) {
1728                 if (!error)
1729                         inode->i_flags |= S_SWAPFILE;
1730                 mutex_unlock(&inode->i_mutex);
1731         }
1732         return error;
1733 }
1734
1735 void si_swapinfo(struct sysinfo *val)
1736 {
1737         unsigned int i;
1738         unsigned long nr_to_be_unused = 0;
1739
1740         spin_lock(&swap_lock);
1741         for (i = 0; i < nr_swapfiles; i++) {
1742                 if (!(swap_info[i].flags & SWP_USED) ||
1743                      (swap_info[i].flags & SWP_WRITEOK))
1744                         continue;
1745                 nr_to_be_unused += swap_info[i].inuse_pages;
1746         }
1747         val->freeswap = nr_swap_pages + nr_to_be_unused;
1748         val->totalswap = total_swap_pages + nr_to_be_unused;
1749         spin_unlock(&swap_lock);
1750 }
1751
1752 /*
1753  * Verify that a swap entry is valid and increment its swap map count.
1754  *
1755  * Note: if swap_map[] reaches SWAP_MAP_MAX the entries are treated as
1756  * "permanent", but will be reclaimed by the next swapoff.
1757  */
1758 int swap_duplicate(swp_entry_t entry)
1759 {
1760         struct swap_info_struct * p;
1761         unsigned long offset, type;
1762         int result = 0;
1763
1764         if (is_migration_entry(entry))
1765                 return 1;
1766
1767         type = swp_type(entry);
1768         if (type >= nr_swapfiles)
1769                 goto bad_file;
1770         p = type + swap_info;
1771         offset = swp_offset(entry);
1772
1773         spin_lock(&swap_lock);
1774         if (offset < p->max && p->swap_map[offset]) {
1775                 if (p->swap_map[offset] < SWAP_MAP_MAX - 1) {
1776                         p->swap_map[offset]++;
1777                         result = 1;
1778                 } else if (p->swap_map[offset] <= SWAP_MAP_MAX) {
1779                         if (swap_overflow++ < 5)
1780                                 printk(KERN_WARNING "swap_dup: swap entry overflow\n");
1781                         p->swap_map[offset] = SWAP_MAP_MAX;
1782                         result = 1;
1783                 }
1784         }
1785         spin_unlock(&swap_lock);
1786 out:
1787         return result;
1788
1789 bad_file:
1790         printk(KERN_ERR "swap_dup: %s%08lx\n", Bad_file, entry.val);
1791         goto out;
1792 }
1793
1794 struct swap_info_struct *
1795 get_swap_info_struct(unsigned type)
1796 {
1797         return &swap_info[type];
1798 }
1799
1800 /*
1801  * swap_lock prevents swap_map being freed. Don't grab an extra
1802  * reference on the swaphandle, it doesn't matter if it becomes unused.
1803  */
1804 int valid_swaphandles(swp_entry_t entry, unsigned long *offset)
1805 {
1806         struct swap_info_struct *si;
1807         int our_page_cluster = page_cluster;
1808         pgoff_t target, toff;
1809         pgoff_t base, end;
1810         int nr_pages = 0;
1811
1812         if (!our_page_cluster)  /* no readahead */
1813                 return 0;
1814
1815         si = &swap_info[swp_type(entry)];
1816         target = swp_offset(entry);
1817         base = (target >> our_page_cluster) << our_page_cluster;
1818         end = base + (1 << our_page_cluster);
1819         if (!base)              /* first page is swap header */
1820                 base++;
1821
1822         spin_lock(&swap_lock);
1823         if (end > si->max)      /* don't go beyond end of map */
1824                 end = si->max;
1825
1826         /* Count contiguous allocated slots above our target */
1827         for (toff = target; ++toff < end; nr_pages++) {
1828                 /* Don't read in free or bad pages */
1829                 if (!si->swap_map[toff])
1830                         break;
1831                 if (si->swap_map[toff] == SWAP_MAP_BAD)
1832                         break;
1833         }
1834         /* Count contiguous allocated slots below our target */
1835         for (toff = target; --toff >= base; nr_pages++) {
1836                 /* Don't read in free or bad pages */
1837                 if (!si->swap_map[toff])
1838                         break;
1839                 if (si->swap_map[toff] == SWAP_MAP_BAD)
1840                         break;
1841         }
1842         spin_unlock(&swap_lock);
1843
1844         /*
1845          * Indicate starting offset, and return number of pages to get:
1846          * if only 1, say 0, since there's then no readahead to be done.
1847          */
1848         *offset = ++toff;
1849         return nr_pages? ++nr_pages: 0;
1850 }