1 2This document describes the Linux memory management "Unevictable LRU" 3infrastructure and the use of this infrastructure to manage several types 4of "unevictable" pages. The document attempts to provide the overall 5rationale behind this mechanism and the rationale for some of the design 6decisions that drove the implementation. The latter design rationale is 7discussed in the context of an implementation description. Admittedly, one 8can obtain the implementation details--the "what does it do?"--by reading the 9code. One hopes that the descriptions below add value by provide the answer 10to "why does it do that?". 11 12Unevictable LRU Infrastructure: 13 14The Unevictable LRU adds an additional LRU list to track unevictable pages 15and to hide these pages from vmscan. This mechanism is based on a patch by 16Larry Woodman of Red Hat to address several scalability problems with page 17reclaim in Linux. The problems have been observed at customer sites on large 18memory x86_64 systems. For example, a non-numal x86_64 platform with 128GB 19of main memory will have over 32 million 4k pages in a single zone. When a 20large fraction of these pages are not evictable for any reason [see below], 21vmscan will spend a lot of time scanning the LRU lists looking for the small 22fraction of pages that are evictable. This can result in a situation where 23all cpus are spending 100% of their time in vmscan for hours or days on end, 24with the system completely unresponsive. 25 26The Unevictable LRU infrastructure addresses the following classes of 27unevictable pages: 28 29+ page owned by ramfs 30+ page mapped into SHM_LOCKed shared memory regions 31+ page mapped into VM_LOCKED [mlock()ed] vmas 32 33The infrastructure might be able to handle other conditions that make pages 34unevictable, either by definition or by circumstance, in the future. 35 36 37The Unevictable LRU List 38 39The Unevictable LRU infrastructure consists of an additional, per-zone, LRU list 40called the "unevictable" list and an associated page flag, PG_unevictable, to 41indicate that the page is being managed on the unevictable list. The 42PG_unevictable flag is analogous to, and mutually exclusive with, the PG_active 43flag in that it indicates on which LRU list a page resides when PG_lru is set. 44The unevictable LRU list is source configurable based on the UNEVICTABLE_LRU 45Kconfig option. 46 47The Unevictable LRU infrastructure maintains unevictable pages on an additional 48LRU list for a few reasons: 49 501) We get to "treat unevictable pages just like we treat other pages in the 51 system, which means we get to use the same code to manipulate them, the 52 same code to isolate them (for migrate, etc.), the same code to keep track 53 of the statistics, etc..." [Rik van Riel] 54 552) We want to be able to migrate unevictable pages between nodes--for memory 56 defragmentation, workload management and memory hotplug. The linux kernel 57 can only migrate pages that it can successfully isolate from the lru lists. 58 If we were to maintain pages elsewise than on an lru-like list, where they 59 can be found by isolate_lru_page(), we would prevent their migration, unless 60 we reworked migration code to find the unevictable pages. 61 62 63The unevictable LRU list does not differentiate between file backed and swap 64backed [anon] pages. This differentiation is only important while the pages 65are, in fact, evictable. 66 67The unevictable LRU list benefits from the "arrayification" of the per-zone 68LRU lists and statistics originally proposed and posted by Christoph Lameter. 69 70The unevictable list does not use the lru pagevec mechanism. Rather, 71unevictable pages are placed directly on the page's zone's unevictable 72list under the zone lru_lock. The reason for this is to prevent stranding 73of pages on the unevictable list when one task has the page isolated from the 74lru and other tasks are changing the "evictability" state of the page. 75 76 77Unevictable LRU and Memory Controller Interaction 78 79The memory controller data structure automatically gets a per zone unevictable 80lru list as a result of the "arrayification" of the per-zone LRU lists. The 81memory controller tracks the movement of pages to and from the unevictable list. 82When a memory control group comes under memory pressure, the controller will 83not attempt to reclaim pages on the unevictable list. This has a couple of 84effects. Because the pages are "hidden" from reclaim on the unevictable list, 85the reclaim process can be more efficient, dealing only with pages that have 86a chance of being reclaimed. On the other hand, if too many of the pages 87charged to the control group are unevictable, the evictable portion of the 88working set of the tasks in the control group may not fit into the available 89memory. This can cause the control group to thrash or to oom-kill tasks. 90 91 92Unevictable LRU: Detecting Unevictable Pages 93 94The function page_evictable(page, vma) in vmscan.c determines whether a 95page is evictable or not. For ramfs pages and pages in SHM_LOCKed regions, 96page_evictable() tests a new address space flag, AS_UNEVICTABLE, in the page's 97address space using a wrapper function. Wrapper functions are used to set, 98clear and test the flag to reduce the requirement for #ifdef's throughout the 99source code. AS_UNEVICTABLE is set on ramfs inode/mapping when it is created. 100This flag remains for the life of the inode. 101 102For shared memory regions, AS_UNEVICTABLE is set when an application 103successfully SHM_LOCKs the region and is removed when the region is 104SHM_UNLOCKed. Note that shmctl(SHM_LOCK, ...) does not populate the page 105tables for the region as does, for example, mlock(). So, we make no special 106effort to push any pages in the SHM_LOCKed region to the unevictable list. 107Vmscan will do this when/if it encounters the pages during reclaim. On 108SHM_UNLOCK, shmctl() scans the pages in the region and "rescues" them from the 109unevictable list if no other condition keeps them unevictable. If a SHM_LOCKed 110region is destroyed, the pages are also "rescued" from the unevictable list in 111the process of freeing them. 112 113page_evictable() detects mlock()ed pages by testing an additional page flag, 114PG_mlocked via the PageMlocked() wrapper. If the page is NOT mlocked, and a 115non-NULL vma is supplied, page_evictable() will check whether the vma is 116VM_LOCKED via is_mlocked_vma(). is_mlocked_vma() will SetPageMlocked() and 117update the appropriate statistics if the vma is VM_LOCKED. This method allows 118efficient "culling" of pages in the fault path that are being faulted in to 119VM_LOCKED vmas. 120 121 122Unevictable Pages and Vmscan [shrink_*_list()] 123 124If unevictable pages are culled in the fault path, or moved to the unevictable 125list at mlock() or mmap() time, vmscan will never encounter the pages until 126they have become evictable again, for example, via munlock() and have been 127"rescued" from the unevictable list. However, there may be situations where we 128decide, for the sake of expediency, to leave a unevictable page on one of the 129regular active/inactive LRU lists for vmscan to deal with. Vmscan checks for 130such pages in all of the shrink_{active|inactive|page}_list() functions and 131will "cull" such pages that it encounters--that is, it diverts those pages to 132the unevictable list for the zone being scanned. 133 134There may be situations where a page is mapped into a VM_LOCKED vma, but the 135page is not marked as PageMlocked. Such pages will make it all the way to 136shrink_page_list() where they will be detected when vmscan walks the reverse 137map in try_to_unmap(). If try_to_unmap() returns SWAP_MLOCK, shrink_page_list() 138will cull the page at that point. 139 140To "cull" an unevictable page, vmscan simply puts the page back on the lru 141list using putback_lru_page()--the inverse operation to isolate_lru_page()-- 142after dropping the page lock. Because the condition which makes the page 143unevictable may change once the page is unlocked, putback_lru_page() will 144recheck the unevictable state of a page that it places on the unevictable lru 145list. If the page has become unevictable, putback_lru_page() removes it from 146the list and retries, including the page_unevictable() test. Because such a 147race is a rare event and movement of pages onto the unevictable list should be 148rare, these extra evictabilty checks should not occur in the majority of calls 149to putback_lru_page(). 150 151 152Mlocked Page: Prior Work 153 154The "Unevictable Mlocked Pages" infrastructure is based on work originally 155posted by Nick Piggin in an RFC patch entitled "mm: mlocked pages off LRU". 156Nick posted his patch as an alternative to a patch posted by Christoph 157Lameter to achieve the same objective--hiding mlocked pages from vmscan. 158In Nick's patch, he used one of the struct page lru list link fields as a count 159of VM_LOCKED vmas that map the page. This use of the link field for a count 160prevented the management of the pages on an LRU list. Thus, mlocked pages were 161not migratable as isolate_lru_page() could not find them and the lru list link 162field was not available to the migration subsystem. Nick resolved this by 163putting mlocked pages back on the lru list before attempting to isolate them, 164thus abandoning the count of VM_LOCKED vmas. When Nick's patch was integrated 165with the Unevictable LRU work, the count was replaced by walking the reverse 166map to determine whether any VM_LOCKED vmas mapped the page. More on this 167below. 168 169 170Mlocked Pages: Basic Management 171 172Mlocked pages--pages mapped into a VM_LOCKED vma--represent one class of 173unevictable pages. When such a page has been "noticed" by the memory 174management subsystem, the page is marked with the PG_mlocked [PageMlocked()] 175flag. A PageMlocked() page will be placed on the unevictable LRU list when 176it is added to the LRU. Pages can be "noticed" by memory management in 177several places: 178 1791) in the mlock()/mlockall() system call handlers. 1802) in the mmap() system call handler when mmap()ing a region with the 181 MAP_LOCKED flag, or mmap()ing a region in a task that has called 182 mlockall() with the MCL_FUTURE flag. Both of these conditions result 183 in the VM_LOCKED flag being set for the vma. 1843) in the fault path, if mlocked pages are "culled" in the fault path, 185 and when a VM_LOCKED stack segment is expanded. 1864) as mentioned above, in vmscan:shrink_page_list() when attempting to 187 reclaim a page in a VM_LOCKED vma via try_to_unmap(). 188 189Mlocked pages become unlocked and rescued from the unevictable list when: 190 1911) mapped in a range unlocked via the munlock()/munlockall() system calls. 1922) munmapped() out of the last VM_LOCKED vma that maps the page, including 193 unmapping at task exit. 1943) when the page is truncated from the last VM_LOCKED vma of an mmap()ed file. 1954) before a page is COWed in a VM_LOCKED vma. 196 197 198Mlocked Pages: mlock()/mlockall() System Call Handling 199 200Both [do_]mlock() and [do_]mlockall() system call handlers call mlock_fixup() 201for each vma in the range specified by the call. In the case of mlockall(), 202this is the entire active address space of the task. Note that mlock_fixup() 203is used for both mlock()ing and munlock()ing a range of memory. A call to 204mlock() an already VM_LOCKED vma, or to munlock() a vma that is not VM_LOCKED 205is treated as a no-op--mlock_fixup() simply returns. 206 207If the vma passes some filtering described in "Mlocked Pages: Filtering Vmas" 208below, mlock_fixup() will attempt to merge the vma with its neighbors or split 209off a subset of the vma if the range does not cover the entire vma. Once the 210vma has been merged or split or neither, mlock_fixup() will call 211__mlock_vma_pages_range() to fault in the pages via get_user_pages() and 212to mark the pages as mlocked via mlock_vma_page(). 213 214Note that the vma being mlocked might be mapped with PROT_NONE. In this case, 215get_user_pages() will be unable to fault in the pages. That's OK. If pages 216do end up getting faulted into this VM_LOCKED vma, we'll handle them in the 217fault path or in vmscan. 218 219Also note that a page returned by get_user_pages() could be truncated or 220migrated out from under us, while we're trying to mlock it. To detect 221this, __mlock_vma_pages_range() tests the page_mapping after acquiring 222the page lock. If the page is still associated with its mapping, we'll 223go ahead and call mlock_vma_page(). If the mapping is gone, we just 224unlock the page and move on. Worse case, this results in page mapped 225in a VM_LOCKED vma remaining on a normal LRU list without being 226PageMlocked(). Again, vmscan will detect and cull such pages. 227 228mlock_vma_page(), called with the page locked [N.B., not "mlocked"], will 229TestSetPageMlocked() for each page returned by get_user_pages(). We use 230TestSetPageMlocked() because the page might already be mlocked by another 231task/vma and we don't want to do extra work. We especially do not want to 232count an mlocked page more than once in the statistics. If the page was 233already mlocked, mlock_vma_page() is done. 234 235If the page was NOT already mlocked, mlock_vma_page() attempts to isolate the 236page from the LRU, as it is likely on the appropriate active or inactive list 237at that time. If the isolate_lru_page() succeeds, mlock_vma_page() will 238putback the page--putback_lru_page()--which will notice that the page is now 239mlocked and divert the page to the zone's unevictable LRU list. If 240mlock_vma_page() is unable to isolate the page from the LRU, vmscan will handle 241it later if/when it attempts to reclaim the page. 242 243 244Mlocked Pages: Filtering Special Vmas 245 246mlock_fixup() filters several classes of "special" vmas: 247 2481) vmas with VM_IO|VM_PFNMAP set are skipped entirely. The pages behind 249 these mappings are inherently pinned, so we don't need to mark them as 250 mlocked. In any case, most of the pages have no struct page in which to 251 so mark the page. Because of this, get_user_pages() will fail for these 252 vmas, so there is no sense in attempting to visit them. 253 2542) vmas mapping hugetlbfs page are already effectively pinned into memory. 255 We don't need nor want to mlock() these pages. However, to preserve the 256 prior behavior of mlock()--before the unevictable/mlock changes-- 257 mlock_fixup() will call make_pages_present() in the hugetlbfs vma range 258 to allocate the huge pages and populate the ptes. 259 2603) vmas with VM_DONTEXPAND|VM_RESERVED are generally user space mappings of 261 kernel pages, such as the vdso page, relay channel pages, etc. These pages 262 are inherently unevictable and are not managed on the LRU lists. 263 mlock_fixup() treats these vmas the same as hugetlbfs vmas. It calls 264 make_pages_present() to populate the ptes. 265 266Note that for all of these special vmas, mlock_fixup() does not set the 267VM_LOCKED flag. Therefore, we won't have to deal with them later during 268munlock() or munmap()--for example, at task exit. Neither does mlock_fixup() 269account these vmas against the task's "locked_vm". 270 271Mlocked Pages: Downgrading the Mmap Semaphore. 272 273mlock_fixup() must be called with the mmap semaphore held for write, because 274it may have to merge or split vmas. However, mlocking a large region of 275memory can take a long time--especially if vmscan must reclaim pages to 276satisfy the regions requirements. Faulting in a large region with the mmap 277semaphore held for write can hold off other faults on the address space, in 278the case of a multi-threaded task. It can also hold off scans of the task's 279address space via /proc. While testing under heavy load, it was observed that 280the ps(1) command could be held off for many minutes while a large segment was 281mlock()ed down. 282 283To address this issue, and to make the system more responsive during mlock()ing 284of large segments, mlock_fixup() downgrades the mmap semaphore to read mode 285during the call to __mlock_vma_pages_range(). This works fine. However, the 286callers of mlock_fixup() expect the semaphore to be returned in write mode. 287So, mlock_fixup() "upgrades" the semphore to write mode. Linux does not 288support an atomic upgrade_sem() call, so mlock_fixup() must drop the semaphore 289and reacquire it in write mode. In a multi-threaded task, it is possible for 290the task memory map to change while the semaphore is dropped. Therefore, 291mlock_fixup() looks up the vma at the range start address after reacquiring 292the semaphore in write mode and verifies that it still covers the original 293range. If not, mlock_fixup() returns an error [-EAGAIN]. All callers of 294mlock_fixup() have been changed to deal with this new error condition. 295 296Note: when munlocking a region, all of the pages should already be resident-- 297unless we have racing threads mlocking() and munlocking() regions. So, 298unlocking should not have to wait for page allocations nor faults of any kind. 299Therefore mlock_fixup() does not downgrade the semaphore for munlock(). 300 301 302Mlocked Pages: munlock()/munlockall() System Call Handling 303 304The munlock() and munlockall() system calls are handled by the same functions-- 305do_mlock[all]()--as the mlock() and mlockall() system calls with the unlock 306vs lock operation indicated by an argument. So, these system calls are also 307handled by mlock_fixup(). Again, if called for an already munlock()ed vma, 308mlock_fixup() simply returns. Because of the vma filtering discussed above, 309VM_LOCKED will not be set in any "special" vmas. So, these vmas will be 310ignored for munlock. 311 312If the vma is VM_LOCKED, mlock_fixup() again attempts to merge or split off 313the specified range. The range is then munlocked via the function 314__mlock_vma_pages_range()--the same function used to mlock a vma range-- 315passing a flag to indicate that munlock() is being performed. 316 317Because the vma access protections could have been changed to PROT_NONE after 318faulting in and mlocking pages, get_user_pages() was unreliable for visiting 319these pages for munlocking. Because we don't want to leave pages mlocked(), 320get_user_pages() was enhanced to accept a flag to ignore the permissions when 321fetching the pages--all of which should be resident as a result of previous 322mlock()ing. 323 324For munlock(), __mlock_vma_pages_range() unlocks individual pages by calling 325munlock_vma_page(). munlock_vma_page() unconditionally clears the PG_mlocked 326flag using TestClearPageMlocked(). As with mlock_vma_page(), munlock_vma_page() 327use the Test*PageMlocked() function to handle the case where the page might 328have already been unlocked by another task. If the page was mlocked, 329munlock_vma_page() updates that zone statistics for the number of mlocked 330pages. Note, however, that at this point we haven't checked whether the page 331is mapped by other VM_LOCKED vmas. 332 333We can't call try_to_munlock(), the function that walks the reverse map to check 334for other VM_LOCKED vmas, without first isolating the page from the LRU. 335try_to_munlock() is a variant of try_to_unmap() and thus requires that the page 336not be on an lru list. [More on these below.] However, the call to 337isolate_lru_page() could fail, in which case we couldn't try_to_munlock(). 338So, we go ahead and clear PG_mlocked up front, as this might be the only chance 339we have. If we can successfully isolate the page, we go ahead and 340try_to_munlock(), which will restore the PG_mlocked flag and update the zone 341page statistics if it finds another vma holding the page mlocked. If we fail 342to isolate the page, we'll have left a potentially mlocked page on the LRU. 343This is fine, because we'll catch it later when/if vmscan tries to reclaim the 344page. This should be relatively rare. 345 346Mlocked Pages: Migrating Them... 347 348A page that is being migrated has been isolated from the lru lists and is 349held locked across unmapping of the page, updating the page's mapping 350[address_space] entry and copying the contents and state, until the 351page table entry has been replaced with an entry that refers to the new 352page. Linux supports migration of mlocked pages and other unevictable 353pages. This involves simply moving the PageMlocked and PageUnevictable states 354from the old page to the new page. 355 356Note that page migration can race with mlocking or munlocking of the same 357page. This has been discussed from the mlock/munlock perspective in the 358respective sections above. Both processes [migration, m[un]locking], hold 359the page locked. This provides the first level of synchronization. Page 360migration zeros out the page_mapping of the old page before unlocking it, 361so m[un]lock can skip these pages by testing the page mapping under page 362lock. 363 364When completing page migration, we place the new and old pages back onto the 365lru after dropping the page lock. The "unneeded" page--old page on success, 366new page on failure--will be freed when the reference count held by the 367migration process is released. To ensure that we don't strand pages on the 368unevictable list because of a race between munlock and migration, page 369migration uses the putback_lru_page() function to add migrated pages back to 370the lru. 371 372 373Mlocked Pages: mmap(MAP_LOCKED) System Call Handling 374 375In addition the the mlock()/mlockall() system calls, an application can request 376that a region of memory be mlocked using the MAP_LOCKED flag with the mmap() 377call. Furthermore, any mmap() call or brk() call that expands the heap by a 378task that has previously called mlockall() with the MCL_FUTURE flag will result 379in the newly mapped memory being mlocked. Before the unevictable/mlock changes, 380the kernel simply called make_pages_present() to allocate pages and populate 381the page table. 382 383To mlock a range of memory under the unevictable/mlock infrastructure, the 384mmap() handler and task address space expansion functions call 385mlock_vma_pages_range() specifying the vma and the address range to mlock. 386mlock_vma_pages_range() filters vmas like mlock_fixup(), as described above in 387"Mlocked Pages: Filtering Vmas". It will clear the VM_LOCKED flag, which will 388have already been set by the caller, in filtered vmas. Thus these vma's need 389not be visited for munlock when the region is unmapped. 390 391For "normal" vmas, mlock_vma_pages_range() calls __mlock_vma_pages_range() to 392fault/allocate the pages and mlock them. Again, like mlock_fixup(), 393mlock_vma_pages_range() downgrades the mmap semaphore to read mode before 394attempting to fault/allocate and mlock the pages; and "upgrades" the semaphore 395back to write mode before returning. 396 397The callers of mlock_vma_pages_range() will have already added the memory 398range to be mlocked to the task's "locked_vm". To account for filtered vmas, 399mlock_vma_pages_range() returns the number of pages NOT mlocked. All of the 400callers then subtract a non-negative return value from the task's locked_vm. 401A negative return value represent an error--for example, from get_user_pages() 402attempting to fault in a vma with PROT_NONE access. In this case, we leave 403the memory range accounted as locked_vm, as the protections could be changed 404later and pages allocated into that region. 405 406 407Mlocked Pages: munmap()/exit()/exec() System Call Handling 408 409When unmapping an mlocked region of memory, whether by an explicit call to 410munmap() or via an internal unmap from exit() or exec() processing, we must 411munlock the pages if we're removing the last VM_LOCKED vma that maps the pages. 412Before the unevictable/mlock changes, mlocking did not mark the pages in any 413way, so unmapping them required no processing. 414 415To munlock a range of memory under the unevictable/mlock infrastructure, the 416munmap() hander and task address space tear down function call 417munlock_vma_pages_all(). The name reflects the observation that one always 418specifies the entire vma range when munlock()ing during unmap of a region. 419Because of the vma filtering when mlocking() regions, only "normal" vmas that 420actually contain mlocked pages will be passed to munlock_vma_pages_all(). 421 422munlock_vma_pages_all() clears the VM_LOCKED vma flag and, like mlock_fixup() 423for the munlock case, calls __munlock_vma_pages_range() to walk the page table 424for the vma's memory range and munlock_vma_page() each resident page mapped by 425the vma. This effectively munlocks the page, only if this is the last 426VM_LOCKED vma that maps the page. 427 428 429Mlocked Page: try_to_unmap() 430 431[Note: the code changes represented by this section are really quite small 432compared to the text to describe what happening and why, and to discuss the 433implications.] 434 435Pages can, of course, be mapped into multiple vmas. Some of these vmas may 436have VM_LOCKED flag set. It is possible for a page mapped into one or more 437VM_LOCKED vmas not to have the PG_mlocked flag set and therefore reside on one 438of the active or inactive LRU lists. This could happen if, for example, a 439task in the process of munlock()ing the page could not isolate the page from 440the LRU. As a result, vmscan/shrink_page_list() might encounter such a page 441as described in "Unevictable Pages and Vmscan [shrink_*_list()]". To 442handle this situation, try_to_unmap() has been enhanced to check for VM_LOCKED 443vmas while it is walking a page's reverse map. 444 445try_to_unmap() is always called, by either vmscan for reclaim or for page 446migration, with the argument page locked and isolated from the LRU. BUG_ON() 447assertions enforce this requirement. Separate functions handle anonymous and 448mapped file pages, as these types of pages have different reverse map 449mechanisms. 450 451 try_to_unmap_anon() 452 453To unmap anonymous pages, each vma in the list anchored in the anon_vma must be 454visited--at least until a VM_LOCKED vma is encountered. If the page is being 455unmapped for migration, VM_LOCKED vmas do not stop the process because mlocked 456pages are migratable. However, for reclaim, if the page is mapped into a 457VM_LOCKED vma, the scan stops. try_to_unmap() attempts to acquire the mmap 458semphore of the mm_struct to which the vma belongs in read mode. If this is 459successful, try_to_unmap() will mlock the page via mlock_vma_page()--we 460wouldn't have gotten to try_to_unmap() if the page were already mlocked--and 461will return SWAP_MLOCK, indicating that the page is unevictable. If the 462mmap semaphore cannot be acquired, we are not sure whether the page is really 463unevictable or not. In this case, try_to_unmap() will return SWAP_AGAIN. 464 465 try_to_unmap_file() -- linear mappings 466 467Unmapping of a mapped file page works the same, except that the scan visits 468all vmas that maps the page's index/page offset in the page's mapping's 469reverse map priority search tree. It must also visit each vma in the page's 470mapping's non-linear list, if the list is non-empty. As for anonymous pages, 471on encountering a VM_LOCKED vma for a mapped file page, try_to_unmap() will 472attempt to acquire the associated mm_struct's mmap semaphore to mlock the page, 473returning SWAP_MLOCK if this is successful, and SWAP_AGAIN, if not. 474 475 try_to_unmap_file() -- non-linear mappings 476 477If a page's mapping contains a non-empty non-linear mapping vma list, then 478try_to_un{map|lock}() must also visit each vma in that list to determine 479whether the page is mapped in a VM_LOCKED vma. Again, the scan must visit 480all vmas in the non-linear list to ensure that the pages is not/should not be 481mlocked. If a VM_LOCKED vma is found in the list, the scan could terminate. 482However, there is no easy way to determine whether the page is actually mapped 483in a given vma--either for unmapping or testing whether the VM_LOCKED vma 484actually pins the page. 485 486So, try_to_unmap_file() handles non-linear mappings by scanning a certain 487number of pages--a "cluster"--in each non-linear vma associated with the page's 488mapping, for each file mapped page that vmscan tries to unmap. If this happens 489to unmap the page we're trying to unmap, try_to_unmap() will notice this on 490return--(page_mapcount(page) == 0)--and return SWAP_SUCCESS. Otherwise, it 491will return SWAP_AGAIN, causing vmscan to recirculate this page. We take 492advantage of the cluster scan in try_to_unmap_cluster() as follows: 493 494For each non-linear vma, try_to_unmap_cluster() attempts to acquire the mmap 495semaphore of the associated mm_struct for read without blocking. If this 496attempt is successful and the vma is VM_LOCKED, try_to_unmap_cluster() will 497retain the mmap semaphore for the scan; otherwise it drops it here. Then, 498for each page in the cluster, if we're holding the mmap semaphore for a locked 499vma, try_to_unmap_cluster() calls mlock_vma_page() to mlock the page. This 500call is a no-op if the page is already locked, but will mlock any pages in 501the non-linear mapping that happen to be unlocked. If one of the pages so 502mlocked is the page passed in to try_to_unmap(), try_to_unmap_cluster() will 503return SWAP_MLOCK, rather than the default SWAP_AGAIN. This will allow vmscan 504to cull the page, rather than recirculating it on the inactive list. Again, 505if try_to_unmap_cluster() cannot acquire the vma's mmap sem, it returns 506SWAP_AGAIN, indicating that the page is mapped by a VM_LOCKED vma, but 507couldn't be mlocked. 508 509 510Mlocked pages: try_to_munlock() Reverse Map Scan 511 512TODO/FIXME: a better name might be page_mlocked()--analogous to the 513page_referenced() reverse map walker. 514 515When munlock_vma_page()--see "Mlocked Pages: munlock()/munlockall() 516System Call Handling" above--tries to munlock a page, it needs to 517determine whether or not the page is mapped by any VM_LOCKED vma, without 518actually attempting to unmap all ptes from the page. For this purpose, the 519unevictable/mlock infrastructure introduced a variant of try_to_unmap() called 520try_to_munlock(). 521 522try_to_munlock() calls the same functions as try_to_unmap() for anonymous and 523mapped file pages with an additional argument specifing unlock versus unmap 524processing. Again, these functions walk the respective reverse maps looking 525for VM_LOCKED vmas. When such a vma is found for anonymous pages and file 526pages mapped in linear VMAs, as in the try_to_unmap() case, the functions 527attempt to acquire the associated mmap semphore, mlock the page via 528mlock_vma_page() and return SWAP_MLOCK. This effectively undoes the 529pre-clearing of the page's PG_mlocked done by munlock_vma_page. 530 531If try_to_unmap() is unable to acquire a VM_LOCKED vma's associated mmap 532semaphore, it will return SWAP_AGAIN. This will allow shrink_page_list() 533to recycle the page on the inactive list and hope that it has better luck 534with the page next time. 535 536For file pages mapped into non-linear vmas, the try_to_munlock() logic works 537slightly differently. On encountering a VM_LOCKED non-linear vma that might 538map the page, try_to_munlock() returns SWAP_AGAIN without actually mlocking 539the page. munlock_vma_page() will just leave the page unlocked and let 540vmscan deal with it--the usual fallback position. 541 542Note that try_to_munlock()'s reverse map walk must visit every vma in a pages' 543reverse map to determine that a page is NOT mapped into any VM_LOCKED vma. 544However, the scan can terminate when it encounters a VM_LOCKED vma and can 545successfully acquire the vma's mmap semphore for read and mlock the page. 546Although try_to_munlock() can be called many [very many!] times when 547munlock()ing a large region or tearing down a large address space that has been 548mlocked via mlockall(), overall this is a fairly rare event. 549 550Mlocked Page: Page Reclaim in shrink_*_list() 551 552shrink_active_list() culls any obviously unevictable pages--i.e., 553!page_evictable(page, NULL)--diverting these to the unevictable lru 554list. However, shrink_active_list() only sees unevictable pages that 555made it onto the active/inactive lru lists. Note that these pages do not 556have PageUnevictable set--otherwise, they would be on the unevictable list and 557shrink_active_list would never see them. 558 559Some examples of these unevictable pages on the LRU lists are: 560 5611) ramfs pages that have been placed on the lru lists when first allocated. 562 5632) SHM_LOCKed shared memory pages. shmctl(SHM_LOCK) does not attempt to 564 allocate or fault in the pages in the shared memory region. This happens 565 when an application accesses the page the first time after SHM_LOCKing 566 the segment. 567 5683) Mlocked pages that could not be isolated from the lru and moved to the 569 unevictable list in mlock_vma_page(). 570 5713) Pages mapped into multiple VM_LOCKED vmas, but try_to_munlock() couldn't 572 acquire the vma's mmap semaphore to test the flags and set PageMlocked. 573 munlock_vma_page() was forced to let the page back on to the normal 574 LRU list for vmscan to handle. 575 576shrink_inactive_list() also culls any unevictable pages that it finds on 577the inactive lists, again diverting them to the appropriate zone's unevictable 578lru list. shrink_inactive_list() should only see SHM_LOCKed pages that became 579SHM_LOCKed after shrink_active_list() had moved them to the inactive list, or 580pages mapped into VM_LOCKED vmas that munlock_vma_page() couldn't isolate from 581the lru to recheck via try_to_munlock(). shrink_inactive_list() won't notice 582the latter, but will pass on to shrink_page_list(). 583 584shrink_page_list() again culls obviously unevictable pages that it could 585encounter for similar reason to shrink_inactive_list(). Pages mapped into 586VM_LOCKED vmas but without PG_mlocked set will make it all the way to 587try_to_unmap(). shrink_page_list() will divert them to the unevictable list 588when try_to_unmap() returns SWAP_MLOCK, as discussed above. 589