6 files changed, 94 insertions, 36 deletions
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 010d32944d14..ce59ada09462 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1375,13 +1375,14 @@ static void __split_huge_page(struct page *page,
                              struct anon_vma *anon_vma)
 {
        int mapcount, mapcount2;
+        pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
        struct anon_vma_chain *avc;
        BUG_ON(!PageHead(page));
        BUG_ON(PageTail(page));
        mapcount = 0;
-        list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {
+        anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
                struct vm_area_struct *vma = avc->vma;
                unsigned long addr = vma_address(page, vma);
                BUG_ON(is_vma_temporary_stack(vma));
@@ -1407,7 +1408,7 @@ static void __split_huge_page(struct page *page,
        __split_huge_page_refcount(page);
        mapcount2 = 0;
-        list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {
+        anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
                struct vm_area_struct *vma = avc->vma;
                unsigned long addr = vma_address(page, vma);
                BUG_ON(is_vma_temporary_stack(vma));
diff --git a/mm/interval_tree.c b/mm/interval_tree.c
index 4ab7b9ec3a56..f7c72cd35e1d 100644
--- a/mm/interval_tree.c
+++ b/mm/interval_tree.c
@@ -8,6 +8,7 @@
 #include <linux/mm.h>
 #include <linux/fs.h>
+#include <linux/rmap.h>
 #include <linux/interval_tree_generic.h>
 static inline unsigned long vma_start_pgoff(struct vm_area_struct *v)
@@ -57,3 +58,16 @@ void vma_interval_tree_insert_after(struct vm_area_struct *node,
        rb_insert_augmented(&node->shared.linear.rb, root,
                            &vma_interval_tree_augment);
 }
+static inline unsigned long avc_start_pgoff(struct anon_vma_chain *avc)
+{
+        return vma_start_pgoff(avc->vma);
+}
+static inline unsigned long avc_last_pgoff(struct anon_vma_chain *avc)
+{
+        return vma_last_pgoff(avc->vma);
+}
+INTERVAL_TREE_DEFINE(struct anon_vma_chain, rb, unsigned long, rb_subtree_last,
+                     avc_start_pgoff, avc_last_pgoff,, anon_vma_interval_tree)
diff --git a/mm/ksm.c b/mm/ksm.c
index 9638620a7530..14ee5cf8a513 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1618,7 +1618,8 @@ again:
                struct vm_area_struct *vma;
                anon_vma_lock(anon_vma);
-                list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {
+                anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
+                                               0, ULONG_MAX) {
                        vma = vmac->vma;
                        if (rmap_item->address < vma->vm_start ||
                            rmap_item->address >= vma->vm_end)
@@ -1671,7 +1672,8 @@ again:
                struct vm_area_struct *vma;
                anon_vma_lock(anon_vma);
-                list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {
+                anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
+                                               0, ULONG_MAX) {
                        vma = vmac->vma;
                        if (rmap_item->address < vma->vm_start ||
                            rmap_item->address >= vma->vm_end)
@@ -1723,7 +1725,8 @@ again:
                struct vm_area_struct *vma;
                anon_vma_lock(anon_vma);
-                list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {
+                anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
+                                               0, ULONG_MAX) {
                        vma = vmac->vma;
                        if (rmap_item->address < vma->vm_start ||
                            rmap_item->address >= vma->vm_end)
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index c38a6257d082..6c5899b9034a 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -400,18 +400,21 @@ static void collect_procs_anon(struct page *page, struct list_head *to_kill,
        struct vm_area_struct *vma;
        struct task_struct *tsk;
        struct anon_vma *av;
+        pgoff_t pgoff;
        av = page_lock_anon_vma(page);
        if (av == NULL) /* Not actually mapped anymore */
                return;
+        pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
        read_lock(&tasklist_lock);
        for_each_process (tsk) {
                struct anon_vma_chain *vmac;
                if (!task_early_kill(tsk))
                        continue;
-                list_for_each_entry(vmac, &av->head, same_anon_vma) {
+                anon_vma_interval_tree_foreach(vmac, &av->rb_root,
+                                               pgoff, pgoff) {
                        vma = vmac->vma;
                        if (!page_mapped_in_vma(page, vma))
                                continue;
diff --git a/mm/mmap.c b/mm/mmap.c
index 66984aab7915..2e580ed79211 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -353,6 +353,38 @@ void validate_mm(struct mm_struct *mm)
 #define validate_mm(mm) do { } while (0)
 #endif
+/*
+ * vma has some anon_vma assigned, and is already inserted on that
+ * anon_vma's interval trees.
+ *
+ * Before updating the vma's vm_start / vm_end / vm_pgoff fields, the
+ * vma must be removed from the anon_vma's interval trees using
+ * anon_vma_interval_tree_pre_update_vma().
+ *
+ * After the update, the vma will be reinserted using
+ * anon_vma_interval_tree_post_update_vma().
+ *
+ * The entire update must be protected by exclusive mmap_sem and by
+ * the root anon_vma's mutex.
+ */
+static inline void
+anon_vma_interval_tree_pre_update_vma(struct vm_area_struct *vma)
+{
+        struct anon_vma_chain *avc;
+        list_for_each_entry(avc, &vma->anon_vma_chain, same_vma)
+                anon_vma_interval_tree_remove(avc, &avc->anon_vma->rb_root);
+}
+static inline void
+anon_vma_interval_tree_post_update_vma(struct vm_area_struct *vma)
+{
+        struct anon_vma_chain *avc;
+        list_for_each_entry(avc, &vma->anon_vma_chain, same_vma)
+                anon_vma_interval_tree_insert(avc, &avc->anon_vma->rb_root);
+}
 static int find_vma_links(struct mm_struct *mm, unsigned long addr,
                unsigned long end, struct vm_area_struct **pprev,
                struct rb_node ***rb_link, struct rb_node **rb_parent)
@@ -565,20 +597,17 @@ again:			remove_next = 1 + (end > next->vm_end);
        vma_adjust_trans_huge(vma, start, end, adjust_next);
-        /*
+        anon_vma = vma->anon_vma;
-         * When changing only vma->vm_end, we don't really need anon_vma
+        if (!anon_vma && adjust_next)
-         * lock. This is a fairly rare case by itself, but the anon_vma
+                anon_vma = next->anon_vma;
-         * lock may be shared between many sibling processes.  Skipping
+        if (anon_vma) {
-         * the lock for brk adjustments makes a difference sometimes.
-         */
-        if (vma->anon_vma && (importer || start != vma->vm_start)) {
-                anon_vma = vma->anon_vma;
                VM_BUG_ON(adjust_next && next->anon_vma &&
                          anon_vma != next->anon_vma);
-        } else if (adjust_next && next->anon_vma)
-                anon_vma = next->anon_vma;
-        if (anon_vma)
                anon_vma_lock(anon_vma);
+                anon_vma_interval_tree_pre_update_vma(vma);
+                if (adjust_next)
+                        anon_vma_interval_tree_pre_update_vma(next);
+        }
        if (root) {
                flush_dcache_mmap_lock(mapping);
@@ -619,8 +648,12 @@ again:			remove_next = 1 + (end > next->vm_end);
                __insert_vm_struct(mm, insert);
        }
-        if (anon_vma)
+        if (anon_vma) {
+                anon_vma_interval_tree_post_update_vma(vma);
+                if (adjust_next)
+                        anon_vma_interval_tree_post_update_vma(next);
                anon_vma_unlock(anon_vma);
+        }
        if (mapping)
                mutex_unlock(&mapping->i_mmap_mutex);
@@ -1748,7 +1781,9 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
                if (vma->vm_pgoff + (size >> PAGE_SHIFT) >= vma->vm_pgoff) {
                        error = acct_stack_growth(vma, size, grow);
                        if (!error) {
+                                anon_vma_interval_tree_pre_update_vma(vma);
                                vma->vm_end = address;
+                                anon_vma_interval_tree_post_update_vma(vma);
                                perf_event_mmap(vma);
                        }
                }
@@ -1798,8 +1833,10 @@ int expand_downwards(struct vm_area_struct *vma,
                if (grow <= vma->vm_pgoff) {
                        error = acct_stack_growth(vma, size, grow);
                        if (!error) {
+                                anon_vma_interval_tree_pre_update_vma(vma);
                                vma->vm_start = address;
                                vma->vm_pgoff -= grow;
+                                anon_vma_interval_tree_post_update_vma(vma);
                                perf_event_mmap(vma);
                        }
                }
@@ -2515,7 +2552,7 @@ static DEFINE_MUTEX(mm_all_locks_mutex);
 static void vm_lock_anon_vma(struct mm_struct *mm, struct anon_vma *anon_vma)
 {
-        if (!test_bit(0, (unsigned long *) &anon_vma->root->head.next)) {
+        if (!test_bit(0, (unsigned long *) &anon_vma->root->rb_root.rb_node)) {
                /*
                 * The LSB of head.next can't change from under us
                 * because we hold the mm_all_locks_mutex.
@@ -2531,7 +2568,7 @@ static void vm_lock_anon_vma(struct mm_struct *mm, struct anon_vma *anon_vma)
                 * anon_vma->root->mutex.
                 */
                if (__test_and_set_bit(0, (unsigned long *)
-                                       &anon_vma->root->head.next))
+                                       &anon_vma->root->rb_root.rb_node))
                        BUG();
        }
 }
@@ -2572,7 +2609,7 @@ static void vm_lock_mapping(struct mm_struct *mm, struct address_space *mapping)
 * A single task can't take more than one mm_take_all_locks() in a row
 * or it would deadlock.
 *
- * The LSB in anon_vma->head.next and the AS_MM_ALL_LOCKS bitflag in
+ * The LSB in anon_vma->rb_root.rb_node and the AS_MM_ALL_LOCKS bitflag in
 * mapping->flags avoid to take the same lock twice, if more than one
 * vma in this mm is backed by the same anon_vma or address_space.
 *
@@ -2619,13 +2656,13 @@ out_unlock:
 static void vm_unlock_anon_vma(struct anon_vma *anon_vma)
 {
-        if (test_bit(0, (unsigned long *) &anon_vma->root->head.next)) {
+        if (test_bit(0, (unsigned long *) &anon_vma->root->rb_root.rb_node)) {
                /*
                 * The LSB of head.next can't change to 0 from under
                 * us because we hold the mm_all_locks_mutex.
                 *
                 * We must however clear the bitflag before unlocking
-                 * the vma so the users using the anon_vma->head will
+                 * the vma so the users using the anon_vma->rb_root will
                 * never see our bitflag.
                 *
                 * No need of atomic instructions here, head.next
@@ -2633,7 +2670,7 @@ static void vm_unlock_anon_vma(struct anon_vma *anon_vma)
                 * anon_vma->root->mutex.
                 */
                if (!__test_and_clear_bit(0, (unsigned long *)
-                                          &anon_vma->root->head.next))
+                                          &anon_vma->root->rb_root.rb_node))
                        BUG();
                anon_vma_unlock(anon_vma);
        }
diff --git a/mm/rmap.c b/mm/rmap.c
index 8cbd62fde0f1..9c61bf387fd1 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -127,12 +127,7 @@ static void anon_vma_chain_link(struct vm_area_struct *vma,
        avc->vma = vma;
        avc->anon_vma = anon_vma;
        list_add(&avc->same_vma, &vma->anon_vma_chain);
+        anon_vma_interval_tree_insert(avc, &anon_vma->rb_root);
-        /*
-         * It's critical to add new vmas to the tail of the anon_vma,
-         * see comment in huge_memory.c:__split_huge_page().
-         */
-        list_add_tail(&avc->same_anon_vma, &anon_vma->head);
 }
 /**
@@ -336,13 +331,13 @@ void unlink_anon_vmas(struct vm_area_struct *vma)
                struct anon_vma *anon_vma = avc->anon_vma;
                root = lock_anon_vma_root(root, anon_vma);
-                list_del(&avc->same_anon_vma);
+                anon_vma_interval_tree_remove(avc, &anon_vma->rb_root);
                /*
                 * Leave empty anon_vmas on the list - we'll need
                 * to free them outside the lock.
                 */
-                if (list_empty(&anon_vma->head))
+                if (RB_EMPTY_ROOT(&anon_vma->rb_root))
                        continue;
                list_del(&avc->same_vma);
@@ -371,7 +366,7 @@ static void anon_vma_ctor(void *data)
        mutex_init(&anon_vma->mutex);
        atomic_set(&anon_vma->refcount, 0);
-        INIT_LIST_HEAD(&anon_vma->head);
+        anon_vma->rb_root = RB_ROOT;
 }
 void __init anon_vma_init(void)
@@ -724,6 +719,7 @@ static int page_referenced_anon(struct page *page,
 {
        unsigned int mapcount;
        struct anon_vma *anon_vma;
+        pgoff_t pgoff;
        struct anon_vma_chain *avc;
        int referenced = 0;
@@ -732,7 +728,8 @@ static int page_referenced_anon(struct page *page,
                return referenced;
        mapcount = page_mapcount(page);
-        list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {
+        pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
+        anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
                struct vm_area_struct *vma = avc->vma;
                unsigned long address = vma_address(page, vma);
                if (address == -EFAULT)
@@ -1445,6 +1442,7 @@ bool is_vma_temporary_stack(struct vm_area_struct *vma)
 static int try_to_unmap_anon(struct page *page, enum ttu_flags flags)
 {
        struct anon_vma *anon_vma;
+        pgoff_t pgoff;
        struct anon_vma_chain *avc;
        int ret = SWAP_AGAIN;
@@ -1452,7 +1450,8 @@ static int try_to_unmap_anon(struct page *page, enum ttu_flags flags)
        if (!anon_vma)
                return ret;
-        list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {
+        pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
+        anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
                struct vm_area_struct *vma = avc->vma;
                unsigned long address;
@@ -1668,6 +1667,7 @@ static int rmap_walk_anon(struct page *page, int (*rmap_one)(struct page *,
                struct vm_area_struct *, unsigned long, void *), void *arg)
 {
        struct anon_vma *anon_vma;
+        pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
        struct anon_vma_chain *avc;
        int ret = SWAP_AGAIN;
@@ -1681,7 +1681,7 @@ static int rmap_walk_anon(struct page *page, int (*rmap_one)(struct page *,
        if (!anon_vma)
                return ret;
        anon_vma_lock(anon_vma);
-        list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {
+        anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
                struct vm_area_struct *vma = avc->vma;
                unsigned long address = vma_address(page, vma);
                if (address == -EFAULT)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 010d32944d14..ce59ada09462 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c
@@ -1375,13 +1375,14 @@ static void __split_huge_page(struct page *page,
1375	struct anon_vma *anon_vma)	1375	struct anon_vma *anon_vma)
1376	{	1376	{
1377	int mapcount, mapcount2;	1377	int mapcount, mapcount2;
		1378	pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
1378	struct anon_vma_chain *avc;	1379	struct anon_vma_chain *avc;
1379		1380
1380	BUG_ON(!PageHead(page));	1381	BUG_ON(!PageHead(page));
1381	BUG_ON(PageTail(page));	1382	BUG_ON(PageTail(page));
1382		1383
1383	mapcount = 0;	1384	mapcount = 0;
1384	list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {	1385	anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
1385	struct vm_area_struct *vma = avc->vma;	1386	struct vm_area_struct *vma = avc->vma;
1386	unsigned long addr = vma_address(page, vma);	1387	unsigned long addr = vma_address(page, vma);
1387	BUG_ON(is_vma_temporary_stack(vma));	1388	BUG_ON(is_vma_temporary_stack(vma));
@@ -1407,7 +1408,7 @@ static void __split_huge_page(struct page *page,
1407	__split_huge_page_refcount(page);	1408	__split_huge_page_refcount(page);
1408		1409
1409	mapcount2 = 0;	1410	mapcount2 = 0;
1410	list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {	1411	anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
1411	struct vm_area_struct *vma = avc->vma;	1412	struct vm_area_struct *vma = avc->vma;
1412	unsigned long addr = vma_address(page, vma);	1413	unsigned long addr = vma_address(page, vma);
1413	BUG_ON(is_vma_temporary_stack(vma));	1414	BUG_ON(is_vma_temporary_stack(vma));


diff --git a/mm/interval_tree.c b/mm/interval_tree.c index 4ab7b9ec3a56..f7c72cd35e1d 100644 --- a/mm/interval_tree.c +++ b/mm/interval_tree.c
@@ -8,6 +8,7 @@
8		8
9	#include <linux/mm.h>	9	#include <linux/mm.h>
10	#include <linux/fs.h>	10	#include <linux/fs.h>
		11	#include <linux/rmap.h>
11	#include <linux/interval_tree_generic.h>	12	#include <linux/interval_tree_generic.h>
12		13
13	static inline unsigned long vma_start_pgoff(struct vm_area_struct *v)	14	static inline unsigned long vma_start_pgoff(struct vm_area_struct *v)
@@ -57,3 +58,16 @@ void vma_interval_tree_insert_after(struct vm_area_struct *node,
57	rb_insert_augmented(&node->shared.linear.rb, root,	58	rb_insert_augmented(&node->shared.linear.rb, root,
58	&vma_interval_tree_augment);	59	&vma_interval_tree_augment);
59	}	60	}
		61
		62	static inline unsigned long avc_start_pgoff(struct anon_vma_chain *avc)
		63	{
		64	return vma_start_pgoff(avc->vma);
		65	}
		66
		67	static inline unsigned long avc_last_pgoff(struct anon_vma_chain *avc)
		68	{
		69	return vma_last_pgoff(avc->vma);
		70	}
		71
		72	INTERVAL_TREE_DEFINE(struct anon_vma_chain, rb, unsigned long, rb_subtree_last,
		73	avc_start_pgoff, avc_last_pgoff,, anon_vma_interval_tree)


diff --git a/mm/ksm.c b/mm/ksm.c index 9638620a7530..14ee5cf8a513 100644 --- a/mm/ksm.c +++ b/mm/ksm.c
@@ -1618,7 +1618,8 @@ again:
1618	struct vm_area_struct *vma;	1618	struct vm_area_struct *vma;
1619		1619
1620	anon_vma_lock(anon_vma);	1620	anon_vma_lock(anon_vma);
1621	list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {	1621	anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
		1622	0, ULONG_MAX) {
1622	vma = vmac->vma;	1623	vma = vmac->vma;
1623	if (rmap_item->address < vma->vm_start \|\|	1624	if (rmap_item->address < vma->vm_start \|\|
1624	rmap_item->address >= vma->vm_end)	1625	rmap_item->address >= vma->vm_end)
@@ -1671,7 +1672,8 @@ again:
1671	struct vm_area_struct *vma;	1672	struct vm_area_struct *vma;
1672		1673
1673	anon_vma_lock(anon_vma);	1674	anon_vma_lock(anon_vma);
1674	list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {	1675	anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
		1676	0, ULONG_MAX) {
1675	vma = vmac->vma;	1677	vma = vmac->vma;
1676	if (rmap_item->address < vma->vm_start \|\|	1678	if (rmap_item->address < vma->vm_start \|\|
1677	rmap_item->address >= vma->vm_end)	1679	rmap_item->address >= vma->vm_end)
@@ -1723,7 +1725,8 @@ again:
1723	struct vm_area_struct *vma;	1725	struct vm_area_struct *vma;
1724		1726
1725	anon_vma_lock(anon_vma);	1727	anon_vma_lock(anon_vma);
1726	list_for_each_entry(vmac, &anon_vma->head, same_anon_vma) {	1728	anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
		1729	0, ULONG_MAX) {
1727	vma = vmac->vma;	1730	vma = vmac->vma;
1728	if (rmap_item->address < vma->vm_start \|\|	1731	if (rmap_item->address < vma->vm_start \|\|
1729	rmap_item->address >= vma->vm_end)	1732	rmap_item->address >= vma->vm_end)


diff --git a/mm/memory-failure.c b/mm/memory-failure.c index c38a6257d082..6c5899b9034a 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c
@@ -400,18 +400,21 @@ static void collect_procs_anon(struct page page, struct list_head to_kill,
400	struct vm_area_struct *vma;	400	struct vm_area_struct *vma;
401	struct task_struct *tsk;	401	struct task_struct *tsk;
402	struct anon_vma *av;	402	struct anon_vma *av;
		403	pgoff_t pgoff;
403		404
404	av = page_lock_anon_vma(page);	405	av = page_lock_anon_vma(page);
405	if (av == NULL) /* Not actually mapped anymore */	406	if (av == NULL) /* Not actually mapped anymore */
406	return;	407	return;
407		408
		409	pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
408	read_lock(&tasklist_lock);	410	read_lock(&tasklist_lock);
409	for_each_process (tsk) {	411	for_each_process (tsk) {
410	struct anon_vma_chain *vmac;	412	struct anon_vma_chain *vmac;
411		413
412	if (!task_early_kill(tsk))	414	if (!task_early_kill(tsk))
413	continue;	415	continue;
414	list_for_each_entry(vmac, &av->head, same_anon_vma) {	416	anon_vma_interval_tree_foreach(vmac, &av->rb_root,
		417	pgoff, pgoff) {
415	vma = vmac->vma;	418	vma = vmac->vma;
416	if (!page_mapped_in_vma(page, vma))	419	if (!page_mapped_in_vma(page, vma))
417	continue;	420	continue;


diff --git a/mm/mmap.c b/mm/mmap.c index 66984aab7915..2e580ed79211 100644 --- a/mm/mmap.c +++ b/mm/mmap.c
@@ -353,6 +353,38 @@ void validate_mm(struct mm_struct *mm)
353	#define validate_mm(mm) do { } while (0)	353	#define validate_mm(mm) do { } while (0)
354	#endif	354	#endif
355		355
		356	/*
		357	* vma has some anon_vma assigned, and is already inserted on that
		358	* anon_vma's interval trees.
		359	*
		360	* Before updating the vma's vm_start / vm_end / vm_pgoff fields, the
		361	* vma must be removed from the anon_vma's interval trees using
		362	* anon_vma_interval_tree_pre_update_vma().
		363	*
		364	* After the update, the vma will be reinserted using
		365	* anon_vma_interval_tree_post_update_vma().
		366	*
		367	* The entire update must be protected by exclusive mmap_sem and by
		368	* the root anon_vma's mutex.
		369	*/
		370	static inline void
		371	anon_vma_interval_tree_pre_update_vma(struct vm_area_struct *vma)
		372	{
		373	struct anon_vma_chain *avc;
		374
		375	list_for_each_entry(avc, &vma->anon_vma_chain, same_vma)
		376	anon_vma_interval_tree_remove(avc, &avc->anon_vma->rb_root);
		377	}
		378
		379	static inline void
		380	anon_vma_interval_tree_post_update_vma(struct vm_area_struct *vma)
		381	{
		382	struct anon_vma_chain *avc;
		383
		384	list_for_each_entry(avc, &vma->anon_vma_chain, same_vma)
		385	anon_vma_interval_tree_insert(avc, &avc->anon_vma->rb_root);
		386	}
		387
356	static int find_vma_links(struct mm_struct *mm, unsigned long addr,	388	static int find_vma_links(struct mm_struct *mm, unsigned long addr,
357	unsigned long end, struct vm_area_struct **pprev,	389	unsigned long end, struct vm_area_struct **pprev,
358	struct rb_node *rb_link, struct rb_node rb_parent)	390	struct rb_node *rb_link, struct rb_node rb_parent)
@@ -565,20 +597,17 @@ again: remove_next = 1 + (end > next->vm_end);
565		597
566	vma_adjust_trans_huge(vma, start, end, adjust_next);	598	vma_adjust_trans_huge(vma, start, end, adjust_next);
567		599
568	/*	600	anon_vma = vma->anon_vma;
569	* When changing only vma->vm_end, we don't really need anon_vma	601	if (!anon_vma && adjust_next)
570	* lock. This is a fairly rare case by itself, but the anon_vma	602	anon_vma = next->anon_vma;
571	* lock may be shared between many sibling processes. Skipping	603	if (anon_vma) {
572	* the lock for brk adjustments makes a difference sometimes.
573	*/
574	if (vma->anon_vma && (importer \|\| start != vma->vm_start)) {
575	anon_vma = vma->anon_vma;
576	VM_BUG_ON(adjust_next && next->anon_vma &&	604	VM_BUG_ON(adjust_next && next->anon_vma &&
577	anon_vma != next->anon_vma);	605	anon_vma != next->anon_vma);
578	} else if (adjust_next && next->anon_vma)
579	anon_vma = next->anon_vma;
580	if (anon_vma)
581	anon_vma_lock(anon_vma);	606	anon_vma_lock(anon_vma);
		607	anon_vma_interval_tree_pre_update_vma(vma);
		608	if (adjust_next)
		609	anon_vma_interval_tree_pre_update_vma(next);
		610	}
582		611
583	if (root) {	612	if (root) {
584	flush_dcache_mmap_lock(mapping);	613	flush_dcache_mmap_lock(mapping);
@@ -619,8 +648,12 @@ again: remove_next = 1 + (end > next->vm_end);
619	__insert_vm_struct(mm, insert);	648	__insert_vm_struct(mm, insert);
620	}	649	}
621		650
622	if (anon_vma)	651	if (anon_vma) {
		652	anon_vma_interval_tree_post_update_vma(vma);
		653	if (adjust_next)
		654	anon_vma_interval_tree_post_update_vma(next);
623	anon_vma_unlock(anon_vma);	655	anon_vma_unlock(anon_vma);
		656	}
624	if (mapping)	657	if (mapping)
625	mutex_unlock(&mapping->i_mmap_mutex);	658	mutex_unlock(&mapping->i_mmap_mutex);
626		659
@@ -1748,7 +1781,9 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
1748	if (vma->vm_pgoff + (size >> PAGE_SHIFT) >= vma->vm_pgoff) {	1781	if (vma->vm_pgoff + (size >> PAGE_SHIFT) >= vma->vm_pgoff) {
1749	error = acct_stack_growth(vma, size, grow);	1782	error = acct_stack_growth(vma, size, grow);
1750	if (!error) {	1783	if (!error) {
		1784	anon_vma_interval_tree_pre_update_vma(vma);
1751	vma->vm_end = address;	1785	vma->vm_end = address;
		1786	anon_vma_interval_tree_post_update_vma(vma);
1752	perf_event_mmap(vma);	1787	perf_event_mmap(vma);
1753	}	1788	}
1754	}	1789	}
@@ -1798,8 +1833,10 @@ int expand_downwards(struct vm_area_struct *vma,
1798	if (grow <= vma->vm_pgoff) {	1833	if (grow <= vma->vm_pgoff) {
1799	error = acct_stack_growth(vma, size, grow);	1834	error = acct_stack_growth(vma, size, grow);
1800	if (!error) {	1835	if (!error) {
		1836	anon_vma_interval_tree_pre_update_vma(vma);
1801	vma->vm_start = address;	1837	vma->vm_start = address;
1802	vma->vm_pgoff -= grow;	1838	vma->vm_pgoff -= grow;
		1839	anon_vma_interval_tree_post_update_vma(vma);
1803	perf_event_mmap(vma);	1840	perf_event_mmap(vma);
1804	}	1841	}
1805	}	1842	}
@@ -2515,7 +2552,7 @@ static DEFINE_MUTEX(mm_all_locks_mutex);
2515		2552
2516	static void vm_lock_anon_vma(struct mm_struct mm, struct anon_vma anon_vma)	2553	static void vm_lock_anon_vma(struct mm_struct mm, struct anon_vma anon_vma)
2517	{	2554	{
2518	if (!test_bit(0, (unsigned long *) &anon_vma->root->head.next)) {	2555	if (!test_bit(0, (unsigned long *) &anon_vma->root->rb_root.rb_node)) {
2519	/*	2556	/*
2520	* The LSB of head.next can't change from under us	2557	* The LSB of head.next can't change from under us
2521	* because we hold the mm_all_locks_mutex.	2558	* because we hold the mm_all_locks_mutex.
@@ -2531,7 +2568,7 @@ static void vm_lock_anon_vma(struct mm_struct mm, struct anon_vma anon_vma)
2531	* anon_vma->root->mutex.	2568	* anon_vma->root->mutex.
2532	*/	2569	*/
2533	if (__test_and_set_bit(0, (unsigned long *)	2570	if (__test_and_set_bit(0, (unsigned long *)
2534	&anon_vma->root->head.next))	2571	&anon_vma->root->rb_root.rb_node))
2535	BUG();	2572	BUG();
2536	}	2573	}
2537	}	2574	}
@@ -2572,7 +2609,7 @@ static void vm_lock_mapping(struct mm_struct mm, struct address_space mapping)
2572	* A single task can't take more than one mm_take_all_locks() in a row	2609	* A single task can't take more than one mm_take_all_locks() in a row
2573	* or it would deadlock.	2610	* or it would deadlock.
2574	*	2611	*
2575	* The LSB in anon_vma->head.next and the AS_MM_ALL_LOCKS bitflag in	2612	* The LSB in anon_vma->rb_root.rb_node and the AS_MM_ALL_LOCKS bitflag in
2576	* mapping->flags avoid to take the same lock twice, if more than one	2613	* mapping->flags avoid to take the same lock twice, if more than one
2577	* vma in this mm is backed by the same anon_vma or address_space.	2614	* vma in this mm is backed by the same anon_vma or address_space.
2578	*	2615	*
@@ -2619,13 +2656,13 @@ out_unlock:
2619		2656
2620	static void vm_unlock_anon_vma(struct anon_vma *anon_vma)	2657	static void vm_unlock_anon_vma(struct anon_vma *anon_vma)
2621	{	2658	{
2622	if (test_bit(0, (unsigned long *) &anon_vma->root->head.next)) {	2659	if (test_bit(0, (unsigned long *) &anon_vma->root->rb_root.rb_node)) {
2623	/*	2660	/*
2624	* The LSB of head.next can't change to 0 from under	2661	* The LSB of head.next can't change to 0 from under
2625	* us because we hold the mm_all_locks_mutex.	2662	* us because we hold the mm_all_locks_mutex.
2626	*	2663	*
2627	* We must however clear the bitflag before unlocking	2664	* We must however clear the bitflag before unlocking
2628	* the vma so the users using the anon_vma->head will	2665	* the vma so the users using the anon_vma->rb_root will
2629	* never see our bitflag.	2666	* never see our bitflag.
2630	*	2667	*
2631	* No need of atomic instructions here, head.next	2668	* No need of atomic instructions here, head.next
@@ -2633,7 +2670,7 @@ static void vm_unlock_anon_vma(struct anon_vma *anon_vma)
2633	* anon_vma->root->mutex.	2670	* anon_vma->root->mutex.
2634	*/	2671	*/
2635	if (!__test_and_clear_bit(0, (unsigned long *)	2672	if (!__test_and_clear_bit(0, (unsigned long *)
2636	&anon_vma->root->head.next))	2673	&anon_vma->root->rb_root.rb_node))
2637	BUG();	2674	BUG();
2638	anon_vma_unlock(anon_vma);	2675	anon_vma_unlock(anon_vma);
2639	}	2676	}


diff --git a/mm/rmap.c b/mm/rmap.c index 8cbd62fde0f1..9c61bf387fd1 100644 --- a/mm/rmap.c +++ b/mm/rmap.c
@@ -127,12 +127,7 @@ static void anon_vma_chain_link(struct vm_area_struct *vma,
127	avc->vma = vma;	127	avc->vma = vma;
128	avc->anon_vma = anon_vma;	128	avc->anon_vma = anon_vma;
129	list_add(&avc->same_vma, &vma->anon_vma_chain);	129	list_add(&avc->same_vma, &vma->anon_vma_chain);
130		130	anon_vma_interval_tree_insert(avc, &anon_vma->rb_root);
131	/*
132	* It's critical to add new vmas to the tail of the anon_vma,
133	* see comment in huge_memory.c:__split_huge_page().
134	*/
135	list_add_tail(&avc->same_anon_vma, &anon_vma->head);
136	}	131	}
137		132
138	/**	133	/**
@@ -336,13 +331,13 @@ void unlink_anon_vmas(struct vm_area_struct *vma)
336	struct anon_vma *anon_vma = avc->anon_vma;	331	struct anon_vma *anon_vma = avc->anon_vma;
337		332
338	root = lock_anon_vma_root(root, anon_vma);	333	root = lock_anon_vma_root(root, anon_vma);
339	list_del(&avc->same_anon_vma);	334	anon_vma_interval_tree_remove(avc, &anon_vma->rb_root);
340		335
341	/*	336	/*
342	* Leave empty anon_vmas on the list - we'll need	337	* Leave empty anon_vmas on the list - we'll need
343	* to free them outside the lock.	338	* to free them outside the lock.
344	*/	339	*/
345	if (list_empty(&anon_vma->head))	340	if (RB_EMPTY_ROOT(&anon_vma->rb_root))
346	continue;	341	continue;
347		342
348	list_del(&avc->same_vma);	343	list_del(&avc->same_vma);
@@ -371,7 +366,7 @@ static void anon_vma_ctor(void *data)
371		366
372	mutex_init(&anon_vma->mutex);	367	mutex_init(&anon_vma->mutex);
373	atomic_set(&anon_vma->refcount, 0);	368	atomic_set(&anon_vma->refcount, 0);
374	INIT_LIST_HEAD(&anon_vma->head);	369	anon_vma->rb_root = RB_ROOT;
375	}	370	}
376		371
377	void __init anon_vma_init(void)	372	void __init anon_vma_init(void)
@@ -724,6 +719,7 @@ static int page_referenced_anon(struct page *page,
724	{	719	{
725	unsigned int mapcount;	720	unsigned int mapcount;
726	struct anon_vma *anon_vma;	721	struct anon_vma *anon_vma;
		722	pgoff_t pgoff;
727	struct anon_vma_chain *avc;	723	struct anon_vma_chain *avc;
728	int referenced = 0;	724	int referenced = 0;
729		725
@@ -732,7 +728,8 @@ static int page_referenced_anon(struct page *page,
732	return referenced;	728	return referenced;
733		729
734	mapcount = page_mapcount(page);	730	mapcount = page_mapcount(page);
735	list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {	731	pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
		732	anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
736	struct vm_area_struct *vma = avc->vma;	733	struct vm_area_struct *vma = avc->vma;
737	unsigned long address = vma_address(page, vma);	734	unsigned long address = vma_address(page, vma);
738	if (address == -EFAULT)	735	if (address == -EFAULT)
@@ -1445,6 +1442,7 @@ bool is_vma_temporary_stack(struct vm_area_struct *vma)
1445	static int try_to_unmap_anon(struct page *page, enum ttu_flags flags)	1442	static int try_to_unmap_anon(struct page *page, enum ttu_flags flags)
1446	{	1443	{
1447	struct anon_vma *anon_vma;	1444	struct anon_vma *anon_vma;
		1445	pgoff_t pgoff;
1448	struct anon_vma_chain *avc;	1446	struct anon_vma_chain *avc;
1449	int ret = SWAP_AGAIN;	1447	int ret = SWAP_AGAIN;
1450		1448
@@ -1452,7 +1450,8 @@ static int try_to_unmap_anon(struct page *page, enum ttu_flags flags)
1452	if (!anon_vma)	1450	if (!anon_vma)
1453	return ret;	1451	return ret;
1454		1452
1455	list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {	1453	pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
		1454	anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
1456	struct vm_area_struct *vma = avc->vma;	1455	struct vm_area_struct *vma = avc->vma;
1457	unsigned long address;	1456	unsigned long address;
1458		1457
@@ -1668,6 +1667,7 @@ static int rmap_walk_anon(struct page page, int (rmap_one)(struct page *,
1668	struct vm_area_struct , unsigned long, void ), void *arg)	1667	struct vm_area_struct , unsigned long, void ), void *arg)
1669	{	1668	{
1670	struct anon_vma *anon_vma;	1669	struct anon_vma *anon_vma;
		1670	pgoff_t pgoff = page->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT);
1671	struct anon_vma_chain *avc;	1671	struct anon_vma_chain *avc;
1672	int ret = SWAP_AGAIN;	1672	int ret = SWAP_AGAIN;
1673		1673
@@ -1681,7 +1681,7 @@ static int rmap_walk_anon(struct page page, int (rmap_one)(struct page *,
1681	if (!anon_vma)	1681	if (!anon_vma)
1682	return ret;	1682	return ret;
1683	anon_vma_lock(anon_vma);	1683	anon_vma_lock(anon_vma);
1684	list_for_each_entry(avc, &anon_vma->head, same_anon_vma) {	1684	anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
1685	struct vm_area_struct *vma = avc->vma;	1685	struct vm_area_struct *vma = avc->vma;
1686	unsigned long address = vma_address(page, vma);	1686	unsigned long address = vma_address(page, vma);
1687	if (address == -EFAULT)	1687	if (address == -EFAULT)