/*
 * Generic hugetlb support.
 * (C) Nadia Yvette Chambers, April 2004
 */
#include <linux/list.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/seq_file.h>
#include <linux/sysctl.h>
#include <linux/highmem.h>
#include <linux/mmu_notifier.h>
#include <linux/nodemask.h>
#include <linux/pagemap.h>
#include <linux/mempolicy.h>
#include <linux/compiler.h>
#include <linux/cpuset.h>
#include <linux/mutex.h>
#include <linux/bootmem.h>
#include <linux/sysfs.h>
#include <linux/slab.h>
#include <linux/rmap.h>
#include <linux/swap.h>
#include <linux/swapops.h>
#include <linux/page-isolation.h>
#include <linux/jhash.h>

#include <asm/page.h>
#include <asm/pgtable.h>
#include <asm/tlb.h>

#include <linux/io.h>
#include <linux/hugetlb.h>
#include <linux/hugetlb_cgroup.h>
#include <linux/node.h>
#include "internal.h"

int hugepages_treat_as_movable;

int hugetlb_max_hstate __read_mostly;
unsigned int default_hstate_idx;
struct hstate hstates[HUGE_MAX_HSTATE];

__initdata LIST_HEAD(huge_boot_pages);

/* for command line parsing */
static struct hstate * __initdata parsed_hstate;
static unsigned long __initdata default_hstate_max_huge_pages;
static unsigned long __initdata default_hstate_size;

/*
 * Protects updates to hugepage_freelists, hugepage_activelist, nr_huge_pages,
 * free_huge_pages, and surplus_huge_pages.
 */
DEFINE_SPINLOCK(hugetlb_lock);

/*
 * Serializes faults on the same logical page.  This is used to
 * prevent spurious OOMs when the hugepage pool is fully utilized.
 */
static int num_fault_mutexes;
static struct mutex *htlb_fault_mutex_table ____cacheline_aligned_in_smp;

static inline void unlock_or_release_subpool(struct hugepage_subpool *spool)
{
        bool free = (spool->count == 0) && (spool->used_hpages == 0);

        spin_unlock(&spool->lock);

        /* If no pages are used, and no other handles to the subpool
         * remain, free the subpool the subpool remain */
        if (free)
                kfree(spool);
}

struct hugepage_subpool *hugepage_new_subpool(long nr_blocks)
{
        struct hugepage_subpool *spool;

        spool = kmalloc(sizeof(*spool), GFP_KERNEL);
        if (!spool)
                return NULL;

        spin_lock_init(&spool->lock);
        spool->count = 1;
        spool->max_hpages = nr_blocks;
        spool->used_hpages = 0;

        return spool;
}

void hugepage_put_subpool(struct hugepage_subpool *spool)
{
        spin_lock(&spool->lock);
        BUG_ON(!spool->count);
        spool->count--;
        unlock_or_release_subpool(spool);
}

static int hugepage_subpool_get_pages(struct hugepage_subpool *spool,
                                      long delta)
{
        int ret = 0;

        if (!spool)
                return 0;

        spin_lock(&spool->lock);
        if ((spool->used_hpages + delta) <= spool->max_hpages) {
                spool->used_hpages += delta;
        } else {
                ret = -ENOMEM;
        }
        spin_unlock(&spool->lock);

        return ret;
}

static void hugepage_subpool_put_pages(struct hugepage_subpool *spool,
                                       long delta)
{
        if (!spool)
                return;

        spin_lock(&spool->lock);
        spool->used_hpages -= delta;
        /* If hugetlbfs_put_super couldn't free spool due to
        * an outstanding quota reference, free it now. */
        unlock_or_release_subpool(spool);
}

static inline struct hugepage_subpool *subpool_inode(struct inode *inode)
{
        return HUGETLBFS_SB(inode->i_sb)->spool;
}

static inline struct hugepage_subpool *subpool_vma(struct vm_area_struct *vma)
{
        return subpool_inode(file_inode(vma->vm_file));
}

/*
 * Region tracking -- allows tracking of reservations and instantiated pages
 *                    across the pages in a mapping.
 *
 * The region data structures are embedded into a resv_map and
 * protected by a resv_map's lock
 */
struct file_region {
        struct list_head link;
        long from;
        long to;
};

static long region_add(struct resv_map *resv, long f, long t)
{
        struct list_head *head = &resv->regions;
        struct file_region *rg, *nrg, *trg;

        spin_lock(&resv->lock);
        /* Locate the region we are either in or before. */
        list_for_each_entry(rg, head, link)
                if (f <= rg->to)
                        break;

        /* Round our left edge to the current segment if it encloses us. */
        if (f > rg->from)
                f = rg->from;

        /* Check for and consume any regions we now overlap with. */
        nrg = rg;
        list_for_each_entry_safe(rg, trg, rg->link.prev, link) {
                if (&rg->link == head)
                        break;
                if (rg->from > t)
                        break;

                /* If this area reaches higher then extend our area to
                 * include it completely.  If this is not the first area
                 * which we intend to reuse, free it. */
                if (rg->to > t)
                        t = rg->to;
                if (rg != nrg) {
                        list_del(&rg->link);
                        kfree(rg);
                }
        }
        nrg->from = f;
        nrg->to = t;
        spin_unlock(&resv->lock);
        return 0;
}

static long region_chg(struct resv_map *resv, long f, long t)
{
        struct list_head *head = &resv->regions;
        struct file_region *rg, *nrg = NULL;
        long chg = 0;

retry:
        spin_lock(&resv->lock);
        /* Locate the region we are before or in. */
        list_for_each_entry(rg, head, link)
                if (f <= rg->to)
                        break;

        /* If we are below the current region then a new region is required.
         * Subtle, allocate a new region at the position but make it zero
         * size such that we can guarantee to record the reservation. */
        if (&rg->link == head || t < rg->from) {
                if (!nrg) {
                        spin_unlock(&resv->lock);
                        nrg = kmalloc(sizeof(*nrg), GFP_KERNEL);
                        if (!nrg)
                                return -ENOMEM;

                        nrg->from = f;
                        nrg->to   = f;
                        INIT_LIST_HEAD(&nrg->link);
                        goto retry;
                }

                list_add(&nrg->link, rg->link.prev);
                chg = t - f;
                goto out_nrg;
        }

        /* Round our left edge to the current segment if it encloses us. */
        if (f > rg->from)
                f = rg->from;
        chg = t - f;

        /* Check for and consume any regions we now overlap with. */
        list_for_each_entry(rg, rg->link.prev, link) {
                if (&rg->link == head)
                        break;
                if (rg->from > t)
                        goto out;

                /* We overlap with this area, if it extends further than
                 * us then we must extend ourselves.  Account for its
                 * existing reservation. */
                if (rg->to > t) {
                        chg += rg->to - t;
                        t = rg->to;
                }
                chg -= rg->to - rg->from;
        }

out:
        spin_unlock(&resv->lock);
        /*  We already know we raced and no longer need the new region */
        kfree(nrg);
        return chg;
out_nrg:
        spin_unlock(&resv->lock);
        return chg;
}

static long region_truncate(struct resv_map *resv, long end)
{
        struct list_head *head = &resv->regions;
        struct file_region *rg, *trg;
        long chg = 0;

        spin_lock(&resv->lock);
        /* Locate the region we are either in or before. */
        list_for_each_entry(rg, head, link)
                if (end <= rg->to)
                        break;
        if (&rg->link == head)
                goto out;

        /* If we are in the middle of a region then adjust it. */
        if (end > rg->from) {
                chg = rg->to - end;
                rg->to = end;
                rg = list_entry(rg->link.next, typeof(*rg), link);
        }

        /* Drop any remaining regions. */
        list_for_each_entry_safe(rg, trg, rg->link.prev, link) {
                if (&rg->link == head)
                        break;
                chg += rg->to - rg->from;
                list_del(&rg->link);
                kfree(rg);
        }

out:
        spin_unlock(&resv->lock);
        return chg;
}

static long region_count(struct resv_map *resv, long f, long t)
{
        struct list_head *head = &resv->regions;
        struct file_region *rg;
        long chg = 0;

        spin_lock(&resv->lock);
        /* Locate each segment we overlap with, and count that overlap. */
        list_for_each_entry(rg, head, link) {
                long seg_from;
                long seg_to;

                if (rg->to <= f)
                        continue;
                if (rg->from >= t)
                        break;

                seg_from = max(rg->from, f);
                seg_to = min(rg->to, t);

                chg += seg_to - seg_from;
        }
        spin_unlock(&resv->lock);

        return chg;
}

/*
 * Convert the address within this vma to the page offset within
 * the mapping, in pagecache page units; huge pages here.
 */
static pgoff_t vma_hugecache_offset(struct hstate *h,
                        struct vm_area_struct *vma, unsigned long address)
{
        return ((address - vma->vm_start) >> huge_page_shift(h)) +
                        (vma->vm_pgoff >> huge_page_order(h));
}

pgoff_t linear_hugepage_index(struct vm_area_struct *vma,
                                     unsigned long address)
{
        return vma_hugecache_offset(hstate_vma(vma), vma, address);
}

/*
 * Return the size of the pages allocated when backing a VMA. In the majority
 * cases this will be same size as used by the page table entries.
 */
unsigned long vma_kernel_pagesize(struct vm_area_struct *vma)
{
        struct hstate *hstate;

        if (!is_vm_hugetlb_page(vma))
                return PAGE_SIZE;

        hstate = hstate_vma(vma);

        return 1UL << huge_page_shift(hstate);
}
EXPORT_SYMBOL_GPL(vma_kernel_pagesize);

/*
 * Return the page size being used by the MMU to back a VMA. In the majority
 * of cases, the page size used by the kernel matches the MMU size. On
 * architectures where it differs, an architecture-specific version of this
 * function is required.
 */
#ifndef vma_mmu_pagesize
unsigned long vma_mmu_pagesize(struct vm_area_struct *vma)
{
        return vma_kernel_pagesize(vma);
}
#endif

/*
 * Flags for MAP_PRIVATE reservations.  These are stored in the bottom
 * bits of the reservation map pointer, which are always clear due to
 * alignment.
 */
#define HPAGE_RESV_OWNER    (1UL << 0)
#define HPAGE_RESV_UNMAPPED (1UL << 1)
#define HPAGE_RESV_MASK (HPAGE_RESV_OWNER | HPAGE_RESV_UNMAPPED)

/*
 * These helpers are used to track how many pages are reserved for
 * faults in a MAP_PRIVATE mapping. Only the process that called mmap()
 * is guaranteed to have their future faults succeed.
 *
 * With the exception of reset_vma_resv_huge_pages() which is called at fork(),
 * the reserve counters are updated with the hugetlb_lock held. It is safe
 * to reset the VMA at fork() time as it is not in use yet and there is no
 * chance of the global counters getting corrupted as a result of the values.
 *
 * The private mapping reservation is represented in a subtly different
 * manner to a shared mapping.  A shared mapping has a region map associated
 * with the underlying file, this region map represents the backing file
 * pages which have ever had a reservation assigned which this persists even
 * after the page is instantiated.  A private mapping has a region map
 * associated with the original mmap which is attached to all VMAs which
 * reference it, this region map represents those offsets which have consumed
 * reservation ie. where pages have been instantiated.
 */
static unsigned long get_vma_private_data(struct vm_area_struct *vma)
{
        return (unsigned long)vma->vm_private_data;
}

static void set_vma_private_data(struct vm_area_struct *vma,
                                                        unsigned long value)
{
        vma->vm_private_data = (void *)value;
}

struct resv_map *resv_map_alloc(void)
{
        struct resv_map *resv_map = kmalloc(sizeof(*resv_map), GFP_KERNEL);
        if (!resv_map)
                return NULL;

        kref_init(&resv_map->refs);
        spin_lock_init(&resv_map->lock);
        INIT_LIST_HEAD(&resv_map->regions);

        return resv_map;
}

void resv_map_release(struct kref *ref)
{
        struct resv_map *resv_map = container_of(ref, struct resv_map, refs);

        /* Clear out any active regions before we release the map. */
        region_truncate(resv_map, 0);
        kfree(resv_map);
}

static inline struct resv_map *inode_resv_map(struct inode *inode)
{
        return inode->i_mapping->private_data;
}

static struct resv_map *vma_resv_map(struct vm_area_struct *vma)
{
        VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);
        if (vma->vm_flags & VM_MAYSHARE) {
                struct address_space *mapping = vma->vm_file->f_mapping;
                struct inode *inode = mapping->host;

                return inode_resv_map(inode);

        } else {
                return (struct resv_map *)(get_vma_private_data(vma) &
                                                        ~HPAGE_RESV_MASK);
        }
}

static void set_vma_resv_map(struct vm_area_struct *vma, struct resv_map *map)
{
        VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);
        VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma);

        set_vma_private_data(vma, (get_vma_private_data(vma) &
                                HPAGE_RESV_MASK) | (unsigned long)map);
}

static void set_vma_resv_flags(struct vm_area_struct *vma, unsigned long flags)
{
        VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);
        VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma);

        set_vma_private_data(vma, get_vma_private_data(vma) | flags);
}

static int is_vma_resv_set(struct vm_area_struct *vma, unsigned long flag)
{
        VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);

        return (get_vma_private_data(vma) & flag) != 0;
}

/* Reset counters to 0 and clear all HPAGE_RESV_* flags */
void reset_vma_resv_huge_pages(struct vm_area_struct *vma)
{
        VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);
        if (!(vma->vm_flags & VM_MAYSHARE))
                vma->vm_private_data = (void *)0;
}

/* Returns true if the VMA has associated reserve pages */
static int vma_has_reserves(struct vm_area_struct *vma, long chg)
{
        if (vma->vm_flags & VM_NORESERVE) {
                /*
                 * This address is already reserved by other process(chg == 0),
                 * so, we should decrement reserved count. Without decrementing,
                 * reserve count remains after releasing inode, because this
                 * allocated page will go into page cache and is regarded as
                 * coming from reserved pool in releasing step.  Currently, we
                 * don't have any other solution to deal with this situation
                 * properly, so add work-around here.
                 */
                if (vma->vm_flags & VM_MAYSHARE && chg == 0)
                        return 1;
                else
                        return 0;
        }

        /* Shared mappings always use reserves */
        if (vma->vm_flags & VM_MAYSHARE)
                return 1;

        /*
         * Only the process that called mmap() has reserves for
         * private mappings.
         */
        if (is_vma_resv_set(vma, HPAGE_RESV_OWNER))
                return 1;

        return 0;
}

static void enqueue_huge_page(struct hstate *h, struct page *page)
{
        int nid = page_to_nid(page);
        list_move(&page->lru, &h->hugepage_freelists[nid]);
        h->free_huge_pages++;
        h->free_huge_pages_node[nid]++;
}

static struct page *dequeue_huge_page_node(struct hstate *h, int nid)
{
        struct page *page;

        list_for_each_entry(page, &h->hugepage_freelists[nid], lru)
                if (!is_migrate_isolate_page(page))
                        break;
        /*
         * if 'non-isolated free hugepage' not found on the list,
         * the allocation fails.
         */
        if (&h->hugepage_freelists[nid] == &page->lru)
                return NULL;
        list_move(&page->lru, &h->hugepage_activelist);
        set_page_refcounted(page);
        h->free_huge_pages--;
        h->free_huge_pages_node[nid]--;
        return page;
}

/* Movability of hugepages depends on migration support. */
static inline gfp_t htlb_alloc_mask(struct hstate *h)
{
        if (hugepages_treat_as_movable || hugepage_migration_supported(h))
                return GFP_HIGHUSER_MOVABLE;
        else
                return GFP_HIGHUSER;
}

static struct page *dequeue_huge_page_vma(struct hstate *h,
                                struct vm_area_struct *vma,
                                unsigned long address, int avoid_reserve,
                                long chg)
{
        struct page *page = NULL;
        struct mempolicy *mpol;
        nodemask_t *nodemask;
        struct zonelist *zonelist;
        struct zone *zone;
        struct zoneref *z;
        unsigned int cpuset_mems_cookie;

        /*
         * A child process with MAP_PRIVATE mappings created by their parent
         * have no page reserves. This check ensures that reservations are
         * not "stolen". The child may still get SIGKILLed
         */
        if (!vma_has_reserves(vma, chg) &&
                        h->free_huge_pages - h->resv_huge_pages == 0)
                goto err;

        /* If reserves cannot be used, ensure enough pages are in the pool */
        if (avoid_reserve && h->free_huge_pages - h->resv_huge_pages == 0)
                goto err;

retry_cpuset:
        cpuset_mems_cookie = read_mems_allowed_begin();
        zonelist = huge_zonelist(vma, address,
                                        htlb_alloc_mask(h), &mpol, &nodemask);

        for_each_zone_zonelist_nodemask(zone, z, zonelist,
                                                MAX_NR_ZONES - 1, nodemask) {
                if (cpuset_zone_allowed(zone, htlb_alloc_mask(h))) {
                        page = dequeue_huge_page_node(h, zone_to_nid(zone));
                        if (page) {
                                if (avoid_reserve)
                                        break;
                                if (!vma_has_reserves(vma, chg))
                                        break;

                                SetPagePrivate(page);
                                h->resv_huge_pages--;
                                break;
                        }
                }
        }

        mpol_cond_put(mpol);
        if (unlikely(!page && read_mems_allowed_retry(cpuset_mems_cookie)))
                goto retry_cpuset;
        return page;

err:
        return NULL;
}

/*
 * common helper functions for hstate_next_node_to_{alloc|free}.
 * We may have allocated or freed a huge page based on a different
 * nodes_allowed previously, so h->next_node_to_{alloc|free} might
 * be outside of *nodes_allowed.  Ensure that we use an allowed
 * node for alloc or free.
 */
static int next_node_allowed(int nid, nodemask_t *nodes_allowed)
{
        nid = next_node(nid, *nodes_allowed);
        if (nid == MAX_NUMNODES)
                nid = first_node(*nodes_allowed);
        VM_BUG_ON(nid >= MAX_NUMNODES);

        return nid;
}

static int get_valid_node_allowed(int nid, nodemask_t *nodes_allowed)
{
        if (!node_isset(nid, *nodes_allowed))
                nid = next_node_allowed(nid, nodes_allowed);
        return nid;
}

/*
 * returns the previously saved node ["this node"] from which to
 * allocate a persistent huge page for the pool and advance the
 * next node from which to allocate, handling wrap at end of node
 * mask.
 */
static int hstate_next_node_to_alloc(struct hstate *h,
                                        nodemask_t *nodes_allowed)
{
        int nid;

        VM_BUG_ON(!nodes_allowed);

        nid = get_valid_node_allowed(h->next_nid_to_alloc, nodes_allowed);
        h->next_nid_to_alloc = next_node_allowed(nid, nodes_allowed);

        return nid;
}

/*
 * helper for free_pool_huge_page() - return the previously saved
 * node ["this node"] from which to free a huge page.  Advance the
 * next node id whether or not we find a free huge page to free so
 * that the next attempt to free addresses the next node.
 */
static int hstate_next_node_to_free(struct hstate *h, nodemask_t *nodes_allowed)
{
        int nid;

        VM_BUG_ON(!nodes_allowed);

        nid = get_valid_node_allowed(h->next_nid_to_free, nodes_allowed);
        h->next_nid_to_free = next_node_allowed(nid, nodes_allowed);

        return nid;
}

#define for_each_node_mask_to_alloc(hs, nr_nodes, node, mask)           \
        for (nr_nodes = nodes_weight(*mask);                            \
                nr_nodes > 0 &&                                         \
                ((node = hstate_next_node_to_alloc(hs, mask)) || 1);    \
                nr_nodes--)

#define for_each_node_mask_to_free(hs, nr_nodes, node, mask)            \
        for (nr_nodes = nodes_weight(*mask);                            \
                nr_nodes > 0 &&                                         \
                ((node = hstate_next_node_to_free(hs, mask)) || 1);     \
                nr_nodes--)

#if defined(CONFIG_CMA) && defined(CONFIG_X86_64)
static void destroy_compound_gigantic_page(struct page *page,
                                        unsigned long order)
{
        int i;
        int nr_pages = 1 << order;
        struct page *p = page + 1;

        for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) {
                __ClearPageTail(p);
                set_page_refcounted(p);
                p->first_page = NULL;
        }

        set_compound_order(page, 0);
        __ClearPageHead(page);
}

static void free_gigantic_page(struct page *page, unsigned order)
{
        free_contig_range(page_to_pfn(page), 1 << order);
}

static int __alloc_gigantic_page(unsigned long start_pfn,
                                unsigned long nr_pages)
{
        unsigned long end_pfn = start_pfn + nr_pages;
        return alloc_contig_range(start_pfn, end_pfn, MIGRATE_MOVABLE);
}

static bool pfn_range_valid_gigantic(unsigned long start_pfn,
                                unsigned long nr_pages)
{
        unsigned long i, end_pfn = start_pfn + nr_pages;
        struct page *page;

        for (i = start_pfn; i < end_pfn; i++) {
                if (!pfn_valid(i))
                        return false;

                page = pfn_to_page(i);

                if (PageReserved(page))
                        return false;

                if (page_count(page) > 0)
                        return false;

                if (PageHuge(page))
                        return false;
        }

        return true;
}

static bool zone_spans_last_pfn(const struct zone *zone,
                        unsigned long start_pfn, unsigned long nr_pages)
{
        unsigned long last_pfn = start_pfn + nr_pages - 1;
        return zone_spans_pfn(zone, last_pfn);
}

static struct page *alloc_gigantic_page(int nid, unsigned order)
{
        unsigned long nr_pages = 1 << order;
        unsigned long ret, pfn, flags;
        struct zone *z;

        z = NODE_DATA(nid)->node_zones;
        for (; z - NODE_DATA(nid)->node_zones < MAX_NR_ZONES; z++) {
                spin_lock_irqsave(&z->lock, flags);

                pfn = ALIGN(z->zone_start_pfn, nr_pages);
                while (zone_spans_last_pfn(z, pfn, nr_pages)) {
                        if (pfn_range_valid_gigantic(pfn, nr_pages)) {
                                /*
                                 * We release the zone lock here because
                                 * alloc_contig_range() will also lock the zone
                                 * at some point. If there's an allocation
                                 * spinning on this lock, it may win the race
                                 * and cause alloc_contig_range() to fail...
                                 */
                                spin_unlock_irqrestore(&z->lock, flags);
                                ret = __alloc_gigantic_page(pfn, nr_pages);
                                if (!ret)
                                        return pfn_to_page(pfn);
                                spin_lock_irqsave(&z->lock, flags);
                        }
                        pfn += nr_pages;
                }

                spin_unlock_irqrestore(&z->lock, flags);
        }

        return NULL;
}

static void prep_new_huge_page(struct hstate *h, struct page *page, int nid);
static void prep_compound_gigantic_page(struct page *page, unsigned long order);

static struct page *alloc_fresh_gigantic_page_node(struct hstate *h, int nid)
{
        struct page *page;

        page = alloc_gigantic_page(nid, huge_page_order(h));
        if (page) {
                prep_compound_gigantic_page(page, huge_page_order(h));
                prep_new_huge_page(h, page, nid);
        }

        return page;
}

static int alloc_fresh_gigantic_page(struct hstate *h,
                                nodemask_t *nodes_allowed)
{
        struct page *page = NULL;
        int nr_nodes, node;

        for_each_node_mask_to_alloc(h, nr_nodes, node, nodes_allowed) {
                page = alloc_fresh_gigantic_page_node(h, node);
                if (page)
                        return 1;
        }

        return 0;
}

static inline bool gigantic_page_supported(void) { return true; }
#else
static inline bool gigantic_page_supported(void) { return false; }
static inline void free_gigantic_page(struct page *page, unsigned order) { }
static inline void destroy_compound_gigantic_page(struct page *page,
                                                unsigned long order) { }
static inline int alloc_fresh_gigantic_page(struct hstate *h,
                                        nodemask_t *nodes_allowed) { return 0; }
#endif

static void update_and_free_page(struct hstate *h, struct page *page)
{
        int i;

        if (hstate_is_gigantic(h) && !gigantic_page_supported())
                return;

        h->nr_huge_pages--;
        h->nr_huge_pages_node[page_to_nid(page)]--;
        for (i = 0; i < pages_per_huge_page(h); i++) {
                page[i].flags &= ~(1 << PG_locked | 1 << PG_error |
                                1 << PG_referenced | 1 << PG_dirty |
                                1 << PG_active | 1 << PG_private |
                                1 << PG_writeback);
        }
        VM_BUG_ON_PAGE(hugetlb_cgroup_from_page(page), page);
        set_compound_page_dtor(page, NULL);
        set_page_refcounted(page);
        if (hstate_is_gigantic(h)) {
                destroy_compound_gigantic_page(page, huge_page_order(h));
                free_gigantic_page(page, huge_page_order(h));
        } else {
                arch_release_hugepage(page);
                __free_pages(page, huge_page_order(h));
        }
}

struct hstate *size_to_hstate(unsigned long size)
{
        struct hstate *h;

        for_each_hstate(h) {
                if (huge_page_size(h) == size)
                        return h;
        }
        return NULL;
}

void free_huge_page(struct page *page)
{
        /*
         * Can't pass hstate in here because it is called from the
         * compound page destructor.
         */
        struct hstate *h = page_hstate(page);
        int nid = page_to_nid(page);
        struct hugepage_subpool *spool =
                (struct hugepage_subpool *)page_private(page);
        bool restore_reserve;

        set_page_private(page, 0);
        page->mapping = NULL;
        BUG_ON(page_count(page));
        BUG_ON(page_mapcount(page));
        restore_reserve = PagePrivate(page);
        ClearPagePrivate(page);

        spin_lock(&hugetlb_lock);
        hugetlb_cgroup_uncharge_page(hstate_index(h),
                                     pages_per_huge_page(h), page);
        if (restore_reserve)
                h->resv_huge_pages++;

        if (h->surplus_huge_pages_node[nid]) {
                /* remove the page from active list */
                list_del(&page->lru);
                update_and_free_page(h, page);
                h->surplus_huge_pages--;
                h->surplus_huge_pages_node[nid]--;
        } else {
                arch_clear_hugepage_flags(page);
                enqueue_huge_page(h, page);
        }
        spin_unlock(&hugetlb_lock);
        hugepage_subpool_put_pages(spool, 1);
}

static void prep_new_huge_page(struct hstate *h, struct page *page, int nid)
{
        INIT_LIST_HEAD(&page->lru);
        set_compound_page_dtor(page, free_huge_page);
        spin_lock(&hugetlb_lock);
        set_hugetlb_cgroup(page, NULL);
        h->nr_huge_pages++;
        h->nr_huge_pages_node[nid]++;
        spin_unlock(&hugetlb_lock);
        put_page(page); /* free it into the hugepage allocator */
}

static void prep_compound_gigantic_page(struct page *page, unsigned long order)
{
        int i;
        int nr_pages = 1 << order;
        struct page *p = page + 1;

        /* we rely on prep_new_huge_page to set the destructor */
        set_compound_order(page, order);
        __SetPageHead(page);
        __ClearPageReserved(page);
        for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) {
                /*
                 * For gigantic hugepages allocated through bootmem at
                 * boot, it's safer to be consistent with the not-gigantic
                 * hugepages and clear the PG_reserved bit from all tail pages
                 * too.  Otherwse drivers using get_user_pages() to access tail
                 * pages may get the reference counting wrong if they see
                 * PG_reserved set on a tail page (despite the head page not
                 * having PG_reserved set).  Enforcing this consistency between
                 * head and tail pages allows drivers to optimize away a check
                 * on the head page when they need know if put_page() is needed
                 * after get_user_pages().
                 */
                __ClearPageReserved(p);
                set_page_count(p, 0);
                p->first_page = page;
                /* Make sure p->first_page is always valid for PageTail() */
                smp_wmb();
                __SetPageTail(p);
        }
}

/*
 * PageHuge() only returns true for hugetlbfs pages, but not for normal or
 * transparent huge pages.  See the PageTransHuge() documentation for more
 * details.
 */
int PageHuge(struct page *page)
{
        if (!PageCompound(page))
                return 0;

        page = compound_head(page);
        return get_compound_page_dtor(page) == free_huge_page;
}
EXPORT_SYMBOL_GPL(PageHuge);

/*
 * PageHeadHuge() only returns true for hugetlbfs head page, but not for
 * normal or transparent huge pages.
 */
int PageHeadHuge(struct page *page_head)
{
        if (!PageHead(page_head))
                return 0;

        return get_compound_page_dtor(page_head) == free_huge_page;
}

pgoff_t __basepage_index(struct page *page)
{
        struct page *page_head = compound_head(page);
        pgoff_t index = page_index(page_head);
        unsigned long compound_idx;

        if (!PageHuge(page_head))
                return page_index(page);

        if (compound_order(page_head) >= MAX_ORDER)
                compound_idx = page_to_pfn(page) - page_to_pfn(page_head);
        else
                compound_idx = page - page_head;

        return (index << compound_order(page_head)) + compound_idx;
}

static struct page *alloc_fresh_huge_page_node(struct hstate *h, int nid)
{
        struct page *page;

        page = alloc_pages_exact_node(nid,
                htlb_alloc_mask(h)|__GFP_COMP|__GFP_THISNODE|
                                                __GFP_REPEAT|__GFP_NOWARN,
                huge_page_order(h));
        if (page) {
                if (arch_prepare_hugepage(page)) {
                        __free_pages(page, huge_page_order(h));
                        return NULL;
                }
                prep_new_huge_page(h, page, nid);
        }

        return page;
}

static int alloc_fresh_huge_page(struct hstate *h, nodemask_t *nodes_allowed)
{
        struct page *page;
        int nr_nodes, node;
        int ret = 0;

        for_each_node_mask_to_alloc(h, nr_nodes, node, nodes_allowed) {
                page = alloc_fresh_huge_page_node(h, node);
                if (page) {
                        ret = 1;
                        break;
                }
        }

        if (ret)
                count_vm_event(HTLB_BUDDY_PGALLOC);
        else
                count_vm_event(HTLB_BUDDY_PGALLOC_FAIL);

        return ret;
}

/*
 * Free huge page from pool from next node to free.
 * Attempt to keep persistent huge pages more or less
 * balanced over allowed nodes.
 * Called with hugetlb_lock locked.
 */
static int free_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed,
                                                         bool acct_surplus)
{
        int nr_nodes, node;
        int ret = 0;

        for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) {
                /*
                 * If we're returning unused surplus pages, only examine
                 * nodes with surplus pages.
                 */
                if ((!acct_surplus || h->surplus_huge_pages_node[node]) &&
                    !list_empty(&h->hugepage_freelists[node])) {
                        struct page *page =
                                list_entry(h->hugepage_freelists[node].next,
                                          struct page, lru);
                        list_del(&page->lru);
                        h->free_huge_pages--;
                        h->free_huge_pages_node[node]--;
                        if (acct_surplus) {
                                h->surplus_huge_pages--;
                                h->surplus_huge_pages_node[node]--;
                        }
                        update_and_free_page(h, page);
                        ret = 1;
                        break;
                }
        }

        return ret;
}

/*
 * Dissolve a given free hugepage into free buddy pages. This function does
 * nothing for in-use (including surplus) hugepages.
 */
static void dissolve_free_huge_page(struct page *page)
{
        spin_lock(&hugetlb_lock);
        if (PageHuge(page) && !page_count(page)) {
                struct hstate *h = page_hstate(page);
                int nid = page_to_nid(page);
                list_del(&page->lru);
                h->free_huge_pages--;
                h->free_huge_pages_node[nid]--;
                update_and_free_page(h, page);
        }
        spin_unlock(&hugetlb_lock);
}

/*
 * Dissolve free hugepages in a given pfn range. Used by memory hotplug to
 * make specified memory blocks removable from the system.
 * Note that start_pfn should aligned with (minimum) hugepage size.
 */
void dissolve_free_huge_pages(unsigned long start_pfn, unsigned long end_pfn)
{
        unsigned int order = 8 * sizeof(void *);
        unsigned long pfn;
        struct hstate *h;

        if (!hugepages_supported())
                return;

        /* Set scan step to minimum hugepage size */
        for_each_hstate(h)
                if (order > huge_page_order(h))
                        order = huge_page_order(h);
        VM_BUG_ON(!IS_ALIGNED(start_pfn, 1 << order));
        for (pfn = start_pfn; pfn < end_pfn; pfn += 1 << order)
                dissolve_free_huge_page(pfn_to_page(pfn));
}

static struct page *alloc_buddy_huge_page(struct hstate *h, int nid)
{
        struct page *page;
        unsigned int r_nid;

        if (hstate_is_gigantic(h))
                return NULL;

        /*
         * Assume we will successfully allocate the surplus page to
         * prevent racing processes from causing the surplus to exceed
         * overcommit
         *
         * This however introduces a different race, where a process B
         * tries to grow the static hugepage pool while alloc_pages() is
         * called by process A. B will only examine the per-node
         * counters in determining if surplus huge pages can be
         * converted to normal huge pages in adjust_pool_surplus(). A
         * won't be able to increment the per-node counter, until the
         * lock is dropped by B, but B doesn't drop hugetlb_lock until
         * no more huge pages can be converted from surplus to normal
         * state (and doesn't try to convert again). Thus, we have a
         * case where a surplus huge page exists, the pool is grown, and
         * the surplus huge page still exists after, even though it
         * should just have been converted to a normal huge page. This
         * does not leak memory, though, as the hugepage will be freed
         * once it is out of use. It also does not allow the counters to
         * go out of whack in adjust_pool_surplus() as we don't modify
         * the node values until we've gotten the hugepage and only the
         * per-node value is checked there.
         */
        spin_lock(&hugetlb_lock);
        if (h->surplus_huge_pages >= h->nr_overcommit_huge_pages) {
                spin_unlock(&hugetlb_lock);
                return NULL;
        } else {
                h->nr_huge_pages++;
                h->surplus_huge_pages++;
        }
        spin_unlock(&hugetlb_lock);

        if (nid == NUMA_NO_NODE)
                page = alloc_pages(htlb_alloc_mask(h)|__GFP_COMP|
                                   __GFP_REPEAT|__GFP_NOWARN,
                                   huge_page_order(h));
        else
                page = alloc_pages_exact_node(nid,
                        htlb_alloc_mask(h)|__GFP_COMP|__GFP_THISNODE|
                        __GFP_REPEAT|__GFP_NOWARN, huge_page_order(h));

        if (page && arch_prepare_hugepage(page)) {
                __free_pages(page, huge_page_order(h));
                page = NULL;
        }

        spin_lock(&hugetlb_lock);
        if (page) {
                INIT_LIST_HEAD(&page->lru);
                r_nid = page_to_nid(page);
                set_compound_page_dtor(page, free_huge_page);
                set_hugetlb_cgroup(page, NULL);
                /*
                 * We incremented the global counters already
                 */
                h->nr_huge_pages_node[r_nid]++;
                h->surplus_huge_pages_node[r_nid]++;
                __count_vm_event(HTLB_BUDDY_PGALLOC);
        } else {
                h->nr_huge_pages--;
                h->surplus_huge_pages--;
                __count_vm_event(HTLB_BUDDY_PGALLOC_FAIL);
        }
        spin_unlock(&hugetlb_lock);

        return page;
}

/*
 * This allocation function is useful in the context where vma is irrelevant.
 * E.g. soft-offlining uses this function because it only cares physical
 * address of error page.
 */
struct page *alloc_huge_page_node(struct hstate *h, int nid)
{
        struct page *page = NULL;

        spin_lock(&hugetlb_lock);
        if (h->free_huge_pages - h->resv_huge_pages > 0)
                page = dequeue_huge_page_node(h, nid);
        spin_unlock(&hugetlb_lock);

        if (!page)
                page = alloc_buddy_huge_page(h, nid);

        return page;
}

/*
 * Increase the hugetlb pool such that it can accommodate a reservation
 * of size 'delta'.
 */
static int gather_surplus_pages(struct hstate *h, int delta)
{
        struct list_head surplus_list;
        struct page *page, *tmp;
        int ret, i;
        int needed, allocated;
        bool alloc_ok = true;

        needed = (h->resv_huge_pages + delta) - h->free_huge_pages;
        if (needed <= 0) {
                h->resv_huge_pages += delta;
                return 0;
        }

        allocated = 0;
        INIT_LIST_HEAD(&surplus_list);

        ret = -ENOMEM;
retry:
        spin_unlock(&hugetlb_lock);
        for (i = 0; i < needed; i++) {
                page = alloc_buddy_huge_page(h, NUMA_NO_NODE);
                if (!page) {
                        alloc_ok = false;
                        break;
                }
                list_add(&page->lru, &surplus_list);
        }
        allocated += i;

        /*
         * After retaking hugetlb_lock, we need to recalculate 'needed'
         * because either resv_huge_pages or free_huge_pages may have changed.
         */
        spin_lock(&hugetlb_lock);
        needed = (h->resv_huge_pages + delta) -
                        (h->free_huge_pages + allocated);
        if (needed > 0) {
                if (alloc_ok)
                        goto retry;
                /*
                 * We were not able to allocate enough pages to
                 * satisfy the entire reservation so we free what
                 * we've allocated so far.
                 */
                goto free;
        }
        /*
         * The surplus_list now contains _at_least_ the number of extra pages
         * needed to accommodate the reservation.  Add the appropriate number
         * of pages to the hugetlb pool and free the extras back to the buddy
         * allocator.  Commit the entire reservation here to prevent another
         * process from stealing the pages as they are added to the pool but
         * before they are reserved.
         */
        needed += allocated;
        h->resv_huge_pages += delta;
        ret = 0;

        /* Free the needed pages to the hugetlb pool */
        list_for_each_entry_safe(page, tmp, &surplus_list, lru) {
                if ((--needed) < 0)
                        break;
                /*
                 * This page is now managed by the hugetlb allocator and has
                 * no users -- drop the buddy allocator's reference.
                 */
                put_page_testzero(page);
                VM_BUG_ON_PAGE(page_count(page), page);
                enqueue_huge_page(h, page);
        }
free:
        spin_unlock(&hugetlb_lock);

        /* Free unnecessary surplus pages to the buddy allocator */
        list_for_each_entry_safe(page, tmp, &surplus_list, lru)
                put_page(page);
        spin_lock(&hugetlb_lock);

        return ret;
}

/*
 * When releasing a hugetlb pool reservation, any surplus pages that were
 * allocated to satisfy the reservation must be explicitly freed if they were
 * never used.
 * Called with hugetlb_lock held.
 */
static void return_unused_surplus_pages(struct hstate *h,
                                        unsigned long unused_resv_pages)
{
        unsigned long nr_pages;

        /* Uncommit the reservation */
        h->resv_huge_pages -= unused_resv_pages;

        /* Cannot return gigantic pages currently */
        if (hstate_is_gigantic(h))
                return;

        nr_pages = min(unused_resv_pages, h->surplus_huge_pages);

        /*
         * We want to release as many surplus pages as possible, spread
         * evenly across all nodes with memory. Iterate across these nodes
         * until we can no longer free unreserved surplus pages. This occurs
         * when the nodes with surplus pages have no free pages.
         * free_pool_huge_page() will balance the the freed pages across the
         * on-line nodes with memory and will handle the hstate accounting.
         */
        while (nr_pages--) {
                if (!free_pool_huge_page(h, &node_states[N_MEMORY], 1))
                        break;
                cond_resched_lock(&hugetlb_lock);
        }
}

/*
 * Determine if the huge page at addr within the vma has an associated
 * reservation.  Where it does not we will need to logically increase
 * reservation and actually increase subpool usage before an allocation
 * can occur.  Where any new reservation would be required the
 * reservation change is prepared, but not committed.  Once the page
 * has been allocated from the subpool and instantiated the change should
 * be committed via vma_commit_reservation.  No action is required on
 * failure.
 */
static long vma_needs_reservation(struct hstate *h,
                        struct vm_area_struct *vma, unsigned long addr)
{
        struct resv_map *resv;
        pgoff_t idx;
        long chg;

        resv = vma_resv_map(vma);
        if (!resv)
                return 1;

        idx = vma_hugecache_offset(h, vma, addr);
        chg = region_chg(resv, idx, idx + 1);

        if (vma->vm_flags & VM_MAYSHARE)
                return chg;
        else
                return chg < 0 ? chg : 0;
}
static void vma_commit_reservation(struct hstate *h,
                        struct vm_area_struct *vma, unsigned long addr)
{
        struct resv_map *resv;
        pgoff_t idx;

        resv = vma_resv_map(vma);
        if (!resv)
                return;

        idx = vma_hugecache_offset(h, vma, addr);
        region_add(resv, idx, idx + 1);
}

static struct page *alloc_huge_page(struct vm_area_struct *vma,
                                    unsigned long addr, int avoid_reserve)
{
        struct hugepage_subpool *spool = subpool_vma(vma);
        struct hstate *h = hstate_vma(vma);
        struct page *page;
        long chg;
        int ret, idx;
        struct hugetlb_cgroup *h_cg;

        idx = hstate_index(h);
        /*
         * Processes that did not create the mapping will have no
         * reserves and will not have accounted against subpool
         * limit. Check that the subpool limit can be made before
         * satisfying the allocation MAP_NORESERVE mappings may also
         * need pages and subpool limit allocated allocated if no reserve
         * mapping overlaps.
         */
        chg = vma_needs_reservation(h, vma, addr);
        if (chg < 0)
                return ERR_PTR(-ENOMEM);
        if (chg || avoid_reserve)
                if (hugepage_subpool_get_pages(spool, 1))
                        return ERR_PTR(-ENOSPC);

        ret = hugetlb_cgroup_charge_cgroup(idx, pages_per_huge_page(h), &h_cg);
        if (ret)
                goto out_subpool_put;

        spin_lock(&hugetlb_lock);
        page = dequeue_huge_page_vma(h, vma, addr, avoid_reserve, chg);
        if (!page) {
                spin_unlock(&hugetlb_lock);
                page = alloc_buddy_huge_page(h, NUMA_NO_NODE);
                if (!page)
                        goto out_uncharge_cgroup;

                spin_lock(&hugetlb_lock);
                list_move(&page->lru, &h->hugepage_activelist);
                /* Fall through */
        }
        hugetlb_cgroup_commit_charge(idx, pages_per_huge_page(h), h_cg, page);
        spin_unlock(&hugetlb_lock);

        set_page_private(page, (unsigned long)spool);

        vma_commit_reservation(h, vma, addr);
        return page;

out_uncharge_cgroup:
        hugetlb_cgroup_uncharge_cgroup(idx, pages_per_huge_page(h), h_cg);
out_subpool_put:
        if (chg || avoid_reserve)
                hugepage_subpool_put_pages(spool, 1);
        return ERR_PTR(-ENOSPC);
}

/*
 * alloc_huge_page()'s wrapper which simply returns the page if allocation
 * succeeds, otherwise NULL. This function is called from new_vma_page(),
 * where no ERR_VALUE is expected to be returned.
 */
struct page *alloc_huge_page_noerr(struct vm_area_struct *vma,
                                unsigned long addr, int avoid_reserve)
{
        struct page *page = alloc_huge_page(vma, addr, avoid_reserve);
        if (IS_ERR(page))
                page = NULL;
        return page;
}

int __weak alloc_bootmem_huge_page(struct hstate *h)
{
        struct huge_bootmem_page *m;
        int nr_nodes, node;

        for_each_node_mask_to_alloc(h, nr_nodes, node, &node_states[N_MEMORY]) {
                void *addr;

                addr = memblock_virt_alloc_try_nid_nopanic(
                                huge_page_size(h), huge_page_size(h),
                                0, BOOTMEM_ALLOC_ACCESSIBLE, node);
                if (addr) {
                        /*
                         * Use the beginning of the huge page to store the
                         * huge_bootmem_page struct (until gather_bootmem
                         * puts them into the mem_map).
                         */
                        m = addr;
                        goto found;
                }
        }
        return 0;

found:
        BUG_ON(!IS_ALIGNED(virt_to_phys(m), huge_page_size(h)));
        /* Put them into a private list first because mem_map is not up yet */
        list_add(&m->list, &huge_boot_pages);
        m->hstate = h;
        return 1;
}

static void __init prep_compound_huge_page(struct page *page, int order)
{
        if (unlikely(order > (MAX_ORDER - 1)))
                prep_compound_gigantic_page(page, order);
        else
                prep_compound_page(page, order);
}

/* Put bootmem huge pages into the standard lists after mem_map is up */
static void __init gather_bootmem_prealloc(void)
{
        struct huge_bootmem_page *m;

        list_for_each_entry(m, &huge_boot_pages, list) {
                struct hstate *h = m->hstate;
                struct page *page;

#ifdef CONFIG_HIGHMEM
                page = pfn_to_page(m->phys >> PAGE_SHIFT);
                memblock_free_late(__pa(m),
                                   sizeof(struct huge_bootmem_page));
#else
                page = virt_to_page(m);
#endif
                WARN_ON(page_count(page) != 1);
                prep_compound_huge_page(page, h->order);
                WARN_ON(PageReserved(page));
                prep_new_huge_page(h, page, page_to_nid(page));
                /*
                 * If we had gigantic hugepages allocated at boot time, we need
                 * to restore the 'stolen' pages to totalram_pages in order to
                 * fix confusing memory reports from free(1) and another
                 * side-effects, like CommitLimit going negative.
                 */
                if (hstate_is_gigantic(h))
                        adjust_managed_page_count(page, 1 << h->order);
        }
}

static void __init hugetlb_hstate_alloc_pages(struct hstate *h)
{
        unsigned long i;

        for (i = 0; i < h->max_huge_pages; ++i) {
                if (hstate_is_gigantic(h)) {
                        if (!alloc_bootmem_huge_page(h))
                                break;
                } else if (!alloc_fresh_huge_page(h,
                                         &node_states[N_MEMORY]))
                        break;
        }
        h->max_huge_pages = i;
}

static void __init hugetlb_init_hstates(void)
{
        struct hstate *h;

        for_each_hstate(h) {
                /* oversize hugepages were init'ed in early boot */
                if (!hstate_is_gigantic(h))
                        hugetlb_hstate_alloc_pages(h);
        }
}

static char * __init memfmt(char *buf, unsigned long n)
{
        if (n >= (1UL << 30))
                sprintf(buf, "%lu GB", n >> 30);
        else if (n >= (1UL << 20))
                sprintf(buf, "%lu MB", n >> 20);
        else
                sprintf(buf, "%lu KB", n >> 10);
        return buf;
}

static void __init report_hugepages(void)
{
        struct hstate *h;

        for_each_hstate(h) {
                char buf[32];
                pr_info("HugeTLB registered %s page size, pre-allocated %ld pages\n",
                        memfmt(buf, huge_page_size(h)),
                        h->free_huge_pages);
        }
}

#ifdef CONFIG_HIGHMEM
static void try_to_free_low(struct hstate *h, unsigned long count,
                                                nodemask_t *nodes_allowed)
{
        int i;

        if (hstate_is_gigantic(h))
                return;

        for_each_node_mask(i, *nodes_allowed) {
                struct page *page, *next;
                struct list_head *freel = &h->hugepage_freelists[i];
                list_for_each_entry_safe(page, next, freel, lru) {
                        if (count >= h->nr_huge_pages)
                                return;
                        if (PageHighMem(page))
                                continue;
                        list_del(&page->lru);
                        update_and_free_page(h, page);
                        h->free_huge_pages--;
                        h->free_huge_pages_node[page_to_nid(page)]--;
                }
        }
}
#else
static inline void try_to_free_low(struct hstate *h, unsigned long count,
                                                nodemask_t *nodes_allowed)
{
}
#endif

/*
 * Increment or decrement surplus_huge_pages.  Keep node-specific counters
 * balanced by operating on them in a round-robin fashion.
 * Returns 1 if an adjustment was made.
 */
static int adjust_pool_surplus(struct hstate *h, nodemask_t *nodes_allowed,
                                int delta)
{
        int nr_nodes, node;

        VM_BUG_ON(delta != -1 && delta != 1);

        if (delta < 0) {
                for_each_node_mask_to_alloc(h, nr_nodes, node, nodes_allowed) {
                        if (h->surplus_huge_pages_node[node])
                                goto found;
                }
        } else {
                for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) {
                        if (h->surplus_huge_pages_node[node] <
                                        h->nr_huge_pages_node[node])
                                goto found;
                }
        }
        return 0;

found:
        h->surplus_huge_pages += delta;
        h->surplus_huge_pages_node[node] += delta;
        return 1;
}

#define persistent_huge_pages(h) (h->nr_huge_pages - h->surplus_huge_pages)
static unsigned long set_max_huge_pages(struct hstate *h, unsigned long count,
                                                nodemask_t *nodes_allowed)
{
        unsigned long min_count, ret;

        if (hstate_is_gigantic(h) && !gigantic_page_supported())
                return h->max_huge_pages;

        /*
         * Increase the pool size
         * First take pages out of surplus state.  Then make up the
         * remaining difference by allocating fresh huge pages.
         *
         * We might race with alloc_buddy_huge_page() here and be unable
         * to convert a surplus huge page to a normal huge page. That is
         * not critical, though, it just means the overall size of the
         * pool might be one hugepage larger than it needs to be, but
         * within all the constraints specified by the sysctls.
         */
        spin_lock(&hugetlb_lock);
        while (h->surplus_huge_pages && count > persistent_huge_pages(h)) {
                if (!adjust_pool_surplus(h, nodes_allowed, -1))
                        break;
        }

        while (count > persistent_huge_pages(h)) {
                /*
                 * If this allocation races such that we no longer need the
                 * page, free_huge_page will handle it by freeing the page
                 * and reducing the surplus.
                 */
                spin_unlock(&hugetlb_lock);
                if (hstate_is_gigantic(h))
                        ret = alloc_fresh_gigantic_page(h, nodes_allowed);
                else
                        ret = alloc_fresh_huge_page(h, nodes_allowed);
                spin_lock(&hugetlb_lock);
                if (!ret)
                        goto out;

                /* Bail for signals. Probably ctrl-c from user */
                if (signal_pending(current))
                        goto out;
        }

        /*
         * Decrease the pool size
         * First return free pages to the buddy allocator (being careful
         * to keep enough around to satisfy reservations).  Then place
         * pages into surplus state as needed so the pool will shrink
         * to the desired size as pages become free.
         *
         * By placing pages into the surplus state independent of the
         * overcommit value, we are allowing the surplus pool size to
         * exceed overcommit. There are few sane options here. Since
         * alloc_buddy_huge_page() is checking the global counter,
         * though, we'll note that we're not allowed to exceed surplus
         * and won't grow the pool anywhere else. Not until one of the
         * sysctls are changed, or the surplus pages go out of use.
         */
        min_count = h->resv_huge_pages + h->nr_huge_pages - h->free_huge_pages;
        min_count = max(count, min_count);
        try_to_free_low(h, min_count, nodes_allowed);
        while (min_count < persistent_huge_pages(h)) {
                if (!free_pool_huge_page(h, nodes_allowed, 0))
                        break;
                cond_resched_lock(&hugetlb_lock);
        }
        while (count < persistent_huge_pages(h)) {
                if (!adjust_pool_surplus(h, nodes_allowed, 1))
                        break;
        }
out:
        ret = persistent_huge_pages(h);
        spin_unlock(&hugetlb_lock);
        return ret;
}

#define HSTATE_ATTR_RO(_name) \
        static struct kobj_attribute _name##_attr = __ATTR_RO(_name)

#define HSTATE_ATTR(_name) \
        static struct kobj_attribute _name##_attr = \
                __ATTR(_name, 0644, _name##_show, _name##_store)

static struct kobject *hugepages_kobj;
static struct kobject *hstate_kobjs[HUGE_MAX_HSTATE];

static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp);

static struct hstate *kobj_to_hstate(struct kobject *kobj, int *nidp)
{
        int i;

        for (i = 0; i < HUGE_MAX_HSTATE; i++)
                if (hstate_kobjs[i] == kobj) {
                        if (nidp)
                                *nidp = NUMA_NO_NODE;
                        return &hstates[i];
                }

        return kobj_to_node_hstate(kobj, nidp);
}

static ssize_t nr_hugepages_show_common(struct kobject *kobj,
                                        struct kobj_attribute *attr, char *buf)
{
        struct hstate *h;
        unsigned long nr_huge_pages;
        int nid;

        h = kobj_to_hstate(kobj, &nid);
        if (nid == NUMA_NO_NODE)
                nr_huge_pages = h->nr_huge_pages;
        else
                nr_huge_pages = h->nr_huge_pages_node[nid];

        return sprintf(buf, "%lu\n", nr_huge_pages);
}

static ssize_t __nr_hugepages_store_common(bool obey_mempolicy,
                                           struct hstate *h, int nid,
                                           unsigned long count, size_t len)
{
        int err;
        NODEMASK_ALLOC(nodemask_t, nodes_allowed, GFP_KERNEL | __GFP_NORETRY);

        if (hstate_is_gigantic(h) && !gigantic_page_supported()) {
                err = -EINVAL;
                goto out;
        }

        if (nid == NUMA_NO_NODE) {
                /*
                 * global hstate attribute
                 */
                if (!(obey_mempolicy &&
                                init_nodemask_of_mempolicy(nodes_allowed))) {
                        NODEMASK_FREE(nodes_allowed);
                        nodes_allowed = &node_states[N_MEMORY];
                }
        } else if (nodes_allowed) {
                /*
                 * per node hstate attribute: adjust count to global,
                 * but restrict alloc/free to the specified node.
                 */
                count += h->nr_huge_pages - h->nr_huge_pages_node[nid];
                init_nodemask_of_node(nodes_allowed, nid);
        } else
                nodes_allowed = &node_states[N_MEMORY];

        h->max_huge_pages = set_max_huge_pages(h, count, nodes_allowed);

        if (nodes_allowed != &node_states[N_MEMORY])
                NODEMASK_FREE(nodes_allowed);

        return len;
out:
        NODEMASK_FREE(nodes_allowed);
        return err;
}

static ssize_t nr_hugepages_store_common(bool obey_mempolicy,
                                         struct kobject *kobj, const char *buf,
                                         size_t len)
{
        struct hstate *h;
        unsigned long count;
        int nid;
        int err;

        err = kstrtoul(buf, 10, &count);
        if (err)
                return err;

        h = kobj_to_hstate(kobj, &nid);
        return __nr_hugepages_store_common(obey_mempolicy, h, nid, count, len);
}

static ssize_t nr_hugepages_show(struct kobject *kobj,
                                       struct kobj_attribute *attr, char *buf)
{
        return nr_hugepages_show_common(kobj, attr, buf);
}

static ssize_t nr_hugepages_store(struct kobject *kobj,
               struct kobj_attribute *attr, const char *buf, size_t len)
{
        return nr_hugepages_store_common(false, kobj, buf, len);
}
HSTATE_ATTR(nr_hugepages);

#ifdef CONFIG_NUMA

/*
 * hstate attribute for optionally mempolicy-based constraint on persistent
 * huge page alloc/free.
 */
static ssize_t nr_hugepages_mempolicy_show(struct kobject *kobj,
                                       struct kobj_attribute *attr, char *buf)
{
        return nr_hugepages_show_common(kobj, attr, buf);
}

static ssize_t nr_hugepages_mempolicy_store(struct kobject *kobj,
               struct kobj_attribute *attr, const char *buf, size_t len)
{
        return nr_hugepages_store_common(true, kobj, buf, len);
}
HSTATE_ATTR(nr_hugepages_mempolicy);
#endif


static ssize_t nr_overcommit_hugepages_show(struct kobject *kobj,
                                        struct kobj_attribute *attr, char *buf)
{
        struct hstate *h = kobj_to_hstate(kobj, NULL);
        return sprintf(buf, "%lu\n", h->nr_overcommit_huge_pages);
}

static ssize_t nr_overcommit_hugepages_store(struct kobject *kobj,
                struct kobj_attribute *attr, const char *buf, size_t count)
{
        int err;
        unsigned long input;
        struct hstate *h = kobj_to_hstate(kobj, NULL);

        if (hstate_is_gigantic(h))
                return -EINVAL;

        err = kstrtoul(buf, 10, &input);
        if (err)
                return err;

        spin_lock(&hugetlb_lock);
        h->nr_overcommit_huge_pages = input;
        spin_unlock(&hugetlb_lock);

        return count;
}
HSTATE_ATTR(nr_overcommit_hugepages);

static ssize_t free_hugepages_show(struct kobject *kobj,
                                        struct kobj_attribute *attr, char *buf)
{
        struct hstate *h;
        unsigned long free_huge_pages;
        int nid;

        h = kobj_to_hstate(kobj, &nid);
        if (nid == NUMA_NO_NODE)
                free_huge_pages = h->free_huge_pages;
        else
                free_huge_pages = h->free_huge_pages_node[nid];

        return sprintf(buf, "%lu\n", free_huge_pages);
}
HSTATE_ATTR_RO(free_hugepages);

static ssize_t resv_hugepages_show(struct kobject *kobj,
                                        struct kobj_attribute *attr, char *buf)
{
        struct hstate *h = kobj_to_hstate(kobj, NULL);
        return sprintf(buf, "%lu\n", h->resv_huge_pages);
}
HSTATE_ATTR_RO(resv_hugepages);

static ssize_t surplus_hugepages_show(struct kobject *kobj,
                                        struct kobj_attribute *attr, char *buf)
{
        struct hstate *h;
        unsigned long surplus_huge_pages;
        int nid;

        h = kobj_to_hstate(kobj, &nid);
        if (nid == NUMA_NO_NODE)
                surplus_huge_pages = h->surplus_huge_pages;
        else
                surplus_huge_pages = h->surplus_huge_pages_node[nid];

        return sprintf(buf, "%lu\n", surplus_huge_pages);
}
HSTATE_ATTR_RO(surplus_hugepages);

static struct attribute *hstate_attrs[] = {
        &nr_hugepages_attr.attr,
        &nr_overcommit_hugepages_attr.attr,
        &free_hugepages_attr.attr,
        &resv_hugepages_attr.attr,
        &surplus_hugepages_attr.attr,
#ifdef CONFIG_NUMA
        &nr_hugepages_mempolicy_attr.attr,
#endif
        NULL,
};

static struct attribute_group hstate_attr_group = {
        .attrs = hstate_attrs,
};

static int hugetlb_sysfs_add_hstate(struct hstate *h, struct kobject *parent,
                                    struct kobject **hstate_kobjs,
                                    struct attribute_group *hstate_attr_group)
{
        int retval;
        int hi = hstate_index(h);

        hstate_kobjs[hi] = kobject_create_and_add(h->name, parent);
        if (!hstate_kobjs[hi])
                return -ENOMEM;

        retval = sysfs_create_group(hstate_kobjs[hi], hstate_attr_group);
        if (retval)
                kobject_put(hstate_kobjs[hi]);

        return retval;
}

static void __init hugetlb_sysfs_init(void)
{
        struct hstate *h;
        int err;

        hugepages_kobj = kobject_create_and_add("hugepages", mm_kobj);
        if (!hugepages_kobj)
                return;

        for_each_hstate(h) {
                err = hugetlb_sysfs_add_hstate(h, hugepages_kobj,
                                         hstate_kobjs, &hstate_attr_group);
                if (err)
                        pr_err("Hugetlb: Unable to add hstate %s", h->name);
        }
}

#ifdef CONFIG_NUMA

/*
 * node_hstate/s - associate per node hstate attributes, via their kobjects,
 * with node devices in node_devices[] using a parallel array.  The array
 * index of a node device or _hstate == node id.
 * This is here to avoid any static dependency of the node device driver, in
 * the base kernel, on the hugetlb module.
 */
struct node_hstate {
        struct kobject          *hugepages_kobj;
        struct kobject          *hstate_kobjs[HUGE_MAX_HSTATE];
};
struct node_hstate node_hstates[MAX_NUMNODES];

/*
 * A subset of global hstate attributes for node devices
 */
static struct attribute *per_node_hstate_attrs[] = {
        &nr_hugepages_attr.attr,
        &free_hugepages_attr.attr,
        &surplus_hugepages_attr.attr,
        NULL,
};

static struct attribute_group per_node_hstate_attr_group = {
        .attrs = per_node_hstate_attrs,
};

/*
 * kobj_to_node_hstate - lookup global hstate for node device hstate attr kobj.
 * Returns node id via non-NULL nidp.
 */
static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp)
{
        int nid;

        for (nid = 0; nid < nr_node_ids; nid++) {
                struct node_hstate *nhs = &node_hstates[nid];
                int i;
                for (i = 0; i < HUGE_MAX_HSTATE; i++)
                        if (nhs->hstate_kobjs[i] == kobj) {
                                if (nidp)
                                        *nidp = nid;
                                return &hstates[i];

                        }
        }

        BUG();
        return NULL;
}

/*
 * Unregister hstate attributes from a single node device.
 * No-op if no hstate attributes attached.
 */
static void hugetlb_unregister_node(struct node *node)
{
        struct hstate *h;
        struct node_hstate *nhs = &node_hstates[node->dev.id];

        if (!nhs->hugepages_kobj)
                return;         /* no hstate attributes */

        for_each_hstate(h) {
                int idx = hstate_index(h);
                if (nhs->hstate_kobjs[idx]) {
                        kobject_put(nhs->hstate_kobjs[idx]);
                        nhs->hstate_kobjs[idx] = NULL;
                }
        }

        kobject_put(nhs->hugepages_kobj);
        nhs->hugepages_kobj = NULL;
}

/*
 * hugetlb module exit:  unregister hstate attributes from node devices
 * that have them.
 */
static void hugetlb_unregister_all_nodes(void)
{
        int nid;

        /*
         * disable node device registrations.
         */
        register_hugetlbfs_with_node(NULL, NULL);

        /*
         * remove hstate attributes from any nodes that have them.
         */
        for (nid = 0; nid < nr_node_ids; nid++)
                hugetlb_unregister_node(node_devices[nid]);
}

/*
 * Register hstate attributes for a single node device.
 * No-op if attributes already registered.
 */
static void hugetlb_register_node(struct node *node)
{
        struct hstate *h;
        struct node_hstate *nhs = &node_hstates[node->dev.id];
        int err;

        if (nhs->hugepages_kobj)
                return;         /* already allocated */

        nhs->hugepages_kobj = kobject_create_and_add("hugepages",
                                                        &node->dev.kobj);
        if (!nhs->hugepages_kobj)
                return;

        for_each_hstate(h) {
                err = hugetlb_sysfs_add_hstate(h, nhs->hugepages_kobj,
                                                nhs->hstate_kobjs,
                                                &per_node_hstate_attr_group);
                if (err) {
                        pr_err("Hugetlb: Unable to add hstate %s for node %d\n",
                                h->name, node->dev.id);
                        hugetlb_unregister_node(node);
                        break;
                }
        }
}

/*
 * hugetlb init time:  register hstate attributes for all registered node
 * devices of nodes that have memory.  All on-line nodes should have
 * registered their associated device by this time.
 */
static void __init hugetlb_register_all_nodes(void)
{
        int nid;

        for_each_node_state(nid, N_MEMORY) {
                struct node *node = node_devices[nid];
                if (node->dev.id == nid)
                        hugetlb_register_node(node);
        }

        /*
         * Let the node device driver know we're here so it can
         * [un]register hstate attributes on node hotplug.
         */
        register_hugetlbfs_with_node(hugetlb_register_node,
                                     hugetlb_unregister_node);
}
#else   /* !CONFIG_NUMA */

static struct hstate *kobj_to_node_hstate(struct kobject *kobj, int *nidp)
{
        BUG();
        if (nidp)
                *nidp = -1;
        return NULL;
}

static void hugetlb_unregister_all_nodes(void) { }

static void hugetlb_register_all_nodes(void) { }

#endif

static void __exit hugetlb_exit(void)
{
        struct hstate *h;

        hugetlb_unregister_all_nodes();

        for_each_hstate(h) {
                kobject_put(hstate_kobjs[hstate_index(h)]);
        }

        kobject_put(hugepages_kobj);
        kfree(htlb_fault_mutex_table);
}
module_exit(hugetlb_exit);

static int __init hugetlb_init(void)
{
        int i;

        if (!hugepages_supported())
                return 0;

        if (!size_to_hstate(default_hstate_size)) {
                default_hstate_size = HPAGE_SIZE;
                if (!size_to_hstate(default_hstate_size))
                        hugetlb_add_hstate(HUGETLB_PAGE_ORDER);
        }
        default_hstate_idx = hstate_index(size_to_hstate(default_hstate_size));
        if (default_hstate_max_huge_pages)
                default_hstate.max_huge_pages = default_hstate_max_huge_pages;

        hugetlb_init_hstates();
        gather_bootmem_prealloc();
        report_hugepages();

        hugetlb_sysfs_init();
        hugetlb_register_all_nodes();
        hugetlb_cgroup_file_init();

#ifdef CONFIG_SMP
        num_fault_mutexes = roundup_pow_of_two(8 * num_possible_cpus());
#else
        num_fault_mutexes = 1;
#endif
        htlb_fault_mutex_table =
                kmalloc(sizeof(struct mutex) * num_fault_mutexes, GFP_KERNEL);
        BUG_ON(!htlb_fault_mutex_table);

        for (i = 0; i < num_fault_mutexes; i++)
                mutex_init(&htlb_fault_mutex_table[i]);
        return 0;
}
module_init(hugetlb_init);

/* Should be called on processing a hugepagesz=... option */
void __init hugetlb_add_hstate(unsigned order)
{
        struct hstate *h;
        unsigned long i;

        if (size_to_hstate(PAGE_SIZE << order)) {
                pr_warning("hugepagesz= specified twice, ignoring\n");
                return;
        }
        BUG_ON(hugetlb_max_hstate >= HUGE_MAX_HSTATE);
        BUG_ON(order == 0);
        h = &hstates[hugetlb_max_hstate++];
        h->order = order;
        h->mask = ~((1ULL << (order + PAGE_SHIFT)) - 1);
        h->nr_huge_pages = 0;
        h->free_huge_pages = 0;
        for (i = 0; i < MAX_NUMNODES; ++i)
                INIT_LIST_HEAD(&h->hugepage_freelists[i]);
        INIT_LIST_HEAD(&h->hugepage_activelist);
        h->next_nid_to_alloc = first_node(node_states[N_MEMORY]);
        h->next_nid_to_free = first_node(node_states[N_MEMORY]);
        snprintf(h->name, HSTATE_NAME_LEN, "hugepages-%lukB",
                                        huge_page_size(h)/1024);

        parsed_hstate = h;
}

static int __init hugetlb_nrpages_setup(char *s)
{
        unsigned long *mhp;
        static unsigned long *last_mhp;

        /*
         * !hugetlb_max_hstate means we haven't parsed a hugepagesz= parameter yet,
         * so this hugepages= parameter goes to the "default hstate".
         */
        if (!hugetlb_max_hstate)
                mhp = &default_hstate_max_huge_pages;
        else
                mhp = &parsed_hstate->max_huge_pages;

        if (mhp == last_mhp) {
                pr_warning("hugepages= specified twice without "
                           "interleaving hugepagesz=, ignoring\n");
                return 1;
        }

        if (sscanf(s, "%lu", mhp) <= 0)
                *mhp = 0;

        /*
         * Global state is always initialized later in hugetlb_init.
         * But we need to allocate >= MAX_ORDER hstates here early to still
         * use the bootmem allocator.
         */
        if (hugetlb_max_hstate && parsed_hstate->order >= MAX_ORDER)
                hugetlb_hstate_alloc_pages(parsed_hstate);

        last_mhp = mhp;

        return 1;
}
__setup("hugepages=", hugetlb_nrpages_setup);

static int __init hugetlb_default_setup(char *s)
{
        default_hstate_size = memparse(s, &s);
        return 1;
}
__setup("default_hugepagesz=", hugetlb_default_setup);

static unsigned int cpuset_mems_nr(unsigned int *array)
{
        int node;
        unsigned int nr = 0;

        for_each_node_mask(node, cpuset_current_mems_allowed)
                nr += array[node];

        return nr;
}

#ifdef CONFIG_SYSCTL
static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
                         struct ctl_table *table, int write,
                         void __user *buffer, size_t *length, loff_t *ppos)
{
        struct hstate *h = &default_hstate;
        unsigned long tmp = h->max_huge_pages;
        int ret;

        if (!hugepages_supported())
                return -ENOTSUPP;

        table->data = &tmp;
        table->maxlen = sizeof(unsigned long);
        ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
        if (ret)
                goto out;

        if (write)
                ret = __nr_hugepages_store_common(obey_mempolicy, h,
                                                  NUMA_NO_NODE, tmp, *length);
out:
        return ret;
}

int hugetlb_sysctl_handler(struct ctl_table *table, int write,
                          void __user *buffer, size_t *length, loff_t *ppos)
{

        return hugetlb_sysctl_handler_common(false, table, write,
                                                        buffer, length, ppos);
}

#ifdef CONFIG_NUMA
int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int write,
                          void __user *buffer, size_t *length, loff_t *ppos)
{
        return hugetlb_sysctl_handler_common(true, table, write,
                                                        buffer, length, ppos);
}
#endif /* CONFIG_NUMA */

int hugetlb_overcommit_handler(struct ctl_table *table, int write,
                        void __user *buffer,
                        size_t *length, loff_t *ppos)
{
        struct hstate *h = &default_hstate;
        unsigned long tmp;
        int ret;

        if (!hugepages_supported())
                return -ENOTSUPP;

        tmp = h->nr_overcommit_huge_pages;

        if (write && hstate_is_gigantic(h))
                return -EINVAL;

        table->data = &tmp;
        table->maxlen = sizeof(unsigned long);
        ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
        if (ret)
                goto out;

        if (write) {
                spin_lock(&hugetlb_lock);
                h->nr_overcommit_huge_pages = tmp;
                spin_unlock(&hugetlb_lock);
        }
out:
        return ret;
}

#endif /* CONFIG_SYSCTL */

void hugetlb_report_meminfo(struct seq_file *m)
{
        struct hstate *h = &default_hstate;
        if (!hugepages_supported())
                return;
        seq_printf(m,
                        "HugePages_Total:   %5lu\n"
                        "HugePages_Free:    %5lu\n"
                        "HugePages_Rsvd:    %5lu\n"
                        "HugePages_Surp:    %5lu\n"
                        "Hugepagesize:   %8lu kB\n",
                        h->nr_huge_pages,
                        h->free_huge_pages,
                        h->resv_huge_pages,
                        h->surplus_huge_pages,
                        1UL << (huge_page_order(h) + PAGE_SHIFT - 10));
}

int hugetlb_report_node_meminfo(int nid, char *buf)
{
        struct hstate *h = &default_hstate;
        if (!hugepages_supported())
                return 0;
        return sprintf(buf,
                "Node %d HugePages_Total: %5u\n"
                "Node %d HugePages_Free:  %5u\n"
                "Node %d HugePages_Surp:  %5u\n",
                nid, h->nr_huge_pages_node[nid],
                nid, h->free_huge_pages_node[nid],
                nid, h->surplus_huge_pages_node[nid]);
}

void hugetlb_show_meminfo(void)
{
        struct hstate *h;
        int nid;

        if (!hugepages_supported())
                return;

        for_each_node_state(nid, N_MEMORY)
                for_each_hstate(h)
                        pr_info("Node %d hugepages_total=%u hugepages_free=%u hugepages_surp=%u hugepages_size=%lukB\n",
                                nid,
                                h->nr_huge_pages_node[nid],
                                h->free_huge_pages_node[nid],
                                h->surplus_huge_pages_node[nid],
                                1UL << (huge_page_order(h) + PAGE_SHIFT - 10));
}

/* Return the number pages of memory we physically have, in PAGE_SIZE units. */
unsigned long hugetlb_total_pages(void)
{
        struct hstate *h;
        unsigned long nr_total_pages = 0;

        for_each_hstate(h)
                nr_total_pages += h->nr_huge_pages * pages_per_huge_page(h);
        return nr_total_pages;
}

static int hugetlb_acct_memory(struct hstate *h, long delta)
{
        int ret = -ENOMEM;

        spin_lock(&hugetlb_lock);
        /*
         * When cpuset is configured, it breaks the strict hugetlb page
         * reservation as the accounting is done on a global variable. Such
         * reservation is completely rubbish in the presence of cpuset because
         * the reservation is not checked against page availability for the
         * current cpuset. Application can still potentially OOM'ed by kernel
         * with lack of free htlb page in cpuset that the task is in.
         * Attempt to enforce strict accounting with cpuset is almost
         * impossible (or too ugly) because cpuset is too fluid that
         * task or memory node can be dynamically moved between cpusets.
         *
         * The change of semantics for shared hugetlb mapping with cpuset is
         * undesirable. However, in order to preserve some of the semantics,
         * we fall back to check against current free page availability as
         * a best attempt and hopefully to minimize the impact of changing
         * semantics that cpuset has.
         */
        if (delta > 0) {
                if (gather_surplus_pages(h, delta) < 0)
                        goto out;

                if (delta > cpuset_mems_nr(h->free_huge_pages_node)) {
                        return_unused_surplus_pages(h, delta);
                        goto out;
                }
        }

        ret = 0;
        if (delta < 0)
                return_unused_surplus_pages(h, (unsigned long) -delta);

out:
        spin_unlock(&hugetlb_lock);
        return ret;
}

static void hugetlb_vm_op_open(struct vm_area_struct *vma)
{
        struct resv_map *resv = vma_resv_map(vma);

        /*
         * This new VMA should share its siblings reservation map if present.
         * The VMA will only ever have a valid reservation map pointer where
         * it is being copied for another still existing VMA.  As that VMA
         * has a reference to the reservation map it cannot disappear until
         * after this open call completes.  It is therefore safe to take a
         * new reference here without additional locking.
         */
        if (resv && is_vma_resv_set(vma, HPAGE_RESV_OWNER))
                kref_get(&resv->refs);
}

static void hugetlb_vm_op_close(struct vm_area_struct *vma)
{
        struct hstate *h = hstate_vma(vma);
        struct resv_map *resv = vma_resv_map(vma);
        struct hugepage_subpool *spool = subpool_vma(vma);
        unsigned long reserve, start, end;

        if (!resv || !is_vma_resv_set(vma, HPAGE_RESV_OWNER))
                return;

        start = vma_hugecache_offset(h, vma, vma->vm_start);
        end = vma_hugecache_offset(h, vma, vma->vm_end);

        reserve = (end - start) - region_count(resv, start, end);

        kref_put(&resv->refs, resv_map_release);

        if (reserve) {
                hugetlb_acct_memory(h, -reserve);
                hugepage_subpool_put_pages(spool, reserve);
        }
}

/*
 * We cannot handle pagefaults against hugetlb pages at all.  They cause
 * handle_mm_fault() to try to instantiate regular-sized pages in the
 * hugegpage VMA.  do_page_fault() is supposed to trap this, so BUG is we get
 * this far.
 */
static int hugetlb_vm_op_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
{
        BUG();
        return 0;
}

const struct vm_operations_struct hugetlb_vm_ops = {
        .fault = hugetlb_vm_op_fault,
        .open = hugetlb_vm_op_open,
        .close = hugetlb_vm_op_close,
};

static pte_t make_huge_pte(struct vm_area_struct *vma, struct page *page,
                                int writable)
{
        pte_t entry;

        if (writable) {
                entry = huge_pte_mkwrite(huge_pte_mkdirty(mk_huge_pte(page,
                                         vma->vm_page_prot)));
        } else {
                entry = huge_pte_wrprotect(mk_huge_pte(page,
                                           vma->vm_page_prot));
        }
        entry = pte_mkyoung(entry);
        entry = pte_mkhuge(entry);
        entry = arch_make_huge_pte(entry, vma, page, writable);

        return entry;
}

static void set_huge_ptep_writable(struct vm_area_struct *vma,
                                   unsigned long address, pte_t *ptep)
{
        pte_t entry;

        entry = huge_pte_mkwrite(huge_pte_mkdirty(huge_ptep_get(ptep)));
        if (huge_ptep_set_access_flags(vma, address, ptep, entry, 1))
                update_mmu_cache(vma, address, ptep);
}

static int is_hugetlb_entry_migration(pte_t pte)
{
        swp_entry_t swp;

        if (huge_pte_none(pte) || pte_present(pte))
                return 0;
        swp = pte_to_swp_entry(pte);
        if (non_swap_entry(swp) && is_migration_entry(swp))
                return 1;
        else
                return 0;
}

static int is_hugetlb_entry_hwpoisoned(pte_t pte)
{
        swp_entry_t swp;

        if (huge_pte_none(pte) || pte_present(pte))
                return 0;
        swp = pte_to_swp_entry(pte);
        if (non_swap_entry(swp) && is_hwpoison_entry(swp))
                return 1;
        else
                return 0;
}

int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
                            struct vm_area_struct *vma)
{
        pte_t *src_pte, *dst_pte, entry;
        struct page *ptepage;
        unsigned long addr;
        int cow;
        struct hstate *h = hstate_vma(vma);
        unsigned long sz = huge_page_size(h);
        unsigned long mmun_start;       /* For mmu_notifiers */
        unsigned long mmun_end;         /* For mmu_notifiers */
        int ret = 0;

        cow = (vma->vm_flags & (VM_SHARED | VM_MAYWRITE)) == VM_MAYWRITE;

        mmun_start = vma->vm_start;
        mmun_end = vma->vm_end;
        if (cow)
                mmu_notifier_invalidate_range_start(src, mmun_start, mmun_end);

        for (addr = vma->vm_start; addr < vma->vm_end; addr += sz) {
                spinlock_t *src_ptl, *dst_ptl;
                src_pte = huge_pte_offset(src, addr);
                if (!src_pte)
                        continue;
                dst_pte = huge_pte_alloc(dst, addr, sz);
                if (!dst_pte) {
                        ret = -ENOMEM;
                        break;
                }

                /* If the pagetables are shared don't copy or take references */
                if (dst_pte == src_pte)
                        continue;

                dst_ptl = huge_pte_lock(h, dst, dst_pte);
                src_ptl = huge_pte_lockptr(h, src, src_pte);
                spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
                entry = huge_ptep_get(src_pte);
                if (huge_pte_none(entry)) { /* skip none entry */
                        ;
                } else if (unlikely(is_hugetlb_entry_migration(entry) ||
                                    is_hugetlb_entry_hwpoisoned(entry))) {
                        swp_entry_t swp_entry = pte_to_swp_entry(entry);

                        if (is_write_migration_entry(swp_entry) && cow) {
                                /*
                                 * COW mappings require pages in both
                                 * parent and child to be set to read.
                                 */
                                make_migration_entry_read(&swp_entry);
                                entry = swp_entry_to_pte(swp_entry);
                                set_huge_pte_at(src, addr, src_pte, entry);
                        }
                        set_huge_pte_at(dst, addr, dst_pte, entry);
                } else {
                        if (cow) {
                                huge_ptep_set_wrprotect(src, addr, src_pte);
                                mmu_notifier_invalidate_range(src, mmun_start,
                                                                   mmun_end);
                        }
                        entry = huge_ptep_get(src_pte);
                        ptepage = pte_page(entry);
                        get_page(ptepage);
                        page_dup_rmap(ptepage);
                        set_huge_pte_at(dst, addr, dst_pte, entry);
                }
                spin_unlock(src_ptl);
                spin_unlock(dst_ptl);
        }

        if (cow)
                mmu_notifier_invalidate_range_end(src, mmun_start, mmun_end);

        return ret;
}

void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
                            unsigned long start, unsigned long end,
                            struct page *ref_page)
{
        int force_flush = 0;
        struct mm_struct *mm = vma->vm_mm;
        unsigned long address;
        pte_t *ptep;
        pte_t pte;
        spinlock_t *ptl;
        struct page *page;
        struct hstate *h = hstate_vma(vma);
        unsigned long sz = huge_page_size(h);
        const unsigned long mmun_start = start; /* For mmu_notifiers */
        const unsigned long mmun_end   = end;   /* For mmu_notifiers */

        WARN_ON(!is_vm_hugetlb_page(vma));
        BUG_ON(start & ~huge_page_mask(h));
        BUG_ON(end & ~huge_page_mask(h));

        tlb_start_vma(tlb, vma);
        mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
        address = start;
again:
        for (; address < end; address += sz) {
                ptep = huge_pte_offset(mm, address);
                if (!ptep)
                        continue;

                ptl = huge_pte_lock(h, mm, ptep);
                if (huge_pmd_unshare(mm, &address, ptep))
                        goto unlock;

                pte = huge_ptep_get(ptep);
                if (huge_pte_none(pte))
                        goto unlock;

                /*
                 * Migrating hugepage or HWPoisoned hugepage is already
                 * unmapped and its refcount is dropped, so just clear pte here.
                 */
                if (unlikely(!pte_present(pte))) {
                        huge_pte_clear(mm, address, ptep);
                        goto unlock;
                }

                page = pte_page(pte);
                /*
                 * If a reference page is supplied, it is because a specific
                 * page is being unmapped, not a range. Ensure the page we
                 * are about to unmap is the actual page of interest.
                 */
                if (ref_page) {
                        if (page != ref_page)
                                goto unlock;

                        /*
                         * Mark the VMA as having unmapped its page so that
                         * future faults in this VMA will fail rather than
                         * looking like data was lost
                         */
                        set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED);
                }

                pte = huge_ptep_get_and_clear(mm, address, ptep);
                tlb_remove_tlb_entry(tlb, ptep, address);
                if (huge_pte_dirty(pte))
                        set_page_dirty(page);

                page_remove_rmap(page);
                force_flush = !__tlb_remove_page(tlb, page);
                if (force_flush) {
                        address += sz;
                        spin_unlock(ptl);
                        break;
                }
                /* Bail out after unmapping reference page if supplied */
                if (ref_page) {
                        spin_unlock(ptl);
                        break;
                }
unlock:
                spin_unlock(ptl);
        }
        /*
         * mmu_gather ran out of room to batch pages, we break out of
         * the PTE lock to avoid doing the potential expensive TLB invalidate
         * and page-free while holding it.
         */
        if (force_flush) {
                force_flush = 0;
                tlb_flush_mmu(tlb);
                if (address < end && !ref_page)
                        goto again;
        }
        mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
        tlb_end_vma(tlb, vma);
}

void __unmap_hugepage_range_final(struct mmu_gather *tlb,
                          struct vm_area_struct *vma, unsigned long start,
                          unsigned long end, struct page *ref_page)
{
        __unmap_hugepage_range(tlb, vma, start, end, ref_page);

        /*
         * Clear this flag so that x86's huge_pmd_share page_table_shareable
         * test will fail on a vma being torn down, and not grab a page table
         * on its way out.  We're lucky that the flag has such an appropriate
         * name, and can in fact be safely cleared here. We could clear it
         * before the __unmap_hugepage_range above, but all that's necessary
         * is to clear it before releasing the i_mmap_rwsem. This works
         * because in the context this is called, the VMA is about to be
         * destroyed and the i_mmap_rwsem is held.
         */
        vma->vm_flags &= ~VM_MAYSHARE;
}

void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start,
                          unsigned long end, struct page *ref_page)
{
        struct mm_struct *mm;
        struct mmu_gather tlb;

        mm = vma->vm_mm;

        tlb_gather_mmu(&tlb, mm, start, end);
        __unmap_hugepage_range(&tlb, vma, start, end, ref_page);
        tlb_finish_mmu(&tlb, start, end);
}

/*
 * This is called when the original mapper is failing to COW a MAP_PRIVATE
 * mappping it owns the reserve page for. The intention is to unmap the page
 * from other VMAs and let the children be SIGKILLed if they are faulting the
 * same region.
 */
static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
                              struct page *page, unsigned long address)
{
        struct hstate *h = hstate_vma(vma);
        struct vm_area_struct *iter_vma;
        struct address_space *mapping;
        pgoff_t pgoff;

        /*
         * vm_pgoff is in PAGE_SIZE units, hence the different calculation
         * from page cache lookup which is in HPAGE_SIZE units.
         */
        address = address & huge_page_mask(h);
        pgoff = ((address - vma->vm_start) >> PAGE_SHIFT) +
                        vma->vm_pgoff;
        mapping = file_inode(vma->vm_file)->i_mapping;

        /*
         * Take the mapping lock for the duration of the table walk. As
         * this mapping should be shared between all the VMAs,
         * __unmap_hugepage_range() is called as the lock is already held
         */
        i_mmap_lock_write(mapping);
        vma_interval_tree_foreach(iter_vma, &mapping->i_mmap, pgoff, pgoff) {
                /* Do not unmap the current VMA */
                if (iter_vma == vma)
                        continue;

                /*
                 * Unmap the page from other VMAs without their own reserves.
                 * They get marked to be SIGKILLed if they fault in these
                 * areas. This is because a future no-page fault on this VMA
                 * could insert a zeroed page instead of the data existing
                 * from the time of fork. This would look like data corruption
                 */
                if (!is_vma_resv_set(iter_vma, HPAGE_RESV_OWNER))
                        unmap_hugepage_range(iter_vma, address,
                                             address + huge_page_size(h), page);
        }
        i_mmap_unlock_write(mapping);
}

/*
 * Hugetlb_cow() should be called with page lock of the original hugepage held.
 * Called with hugetlb_instantiation_mutex held and pte_page locked so we
 * cannot race with other handlers or page migration.
 * Keep the pte_same checks anyway to make transition from the mutex easier.
 */
static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
                        unsigned long address, pte_t *ptep, pte_t pte,
                        struct page *pagecache_page, spinlock_t *ptl)
{
        struct hstate *h = hstate_vma(vma);
        struct page *old_page, *new_page;
        int ret = 0, outside_reserve = 0;
        unsigned long mmun_start;       /* For mmu_notifiers */
        unsigned long mmun_end;         /* For mmu_notifiers */

        old_page = pte_page(pte);

retry_avoidcopy:
        /* If no-one else is actually using this page, avoid the copy
         * and just make the page writable */
        if (page_mapcount(old_page) == 1 && PageAnon(old_page)) {
                page_move_anon_rmap(old_page, vma, address);
                set_huge_ptep_writable(vma, address, ptep);
                return 0;
        }

        /*
         * If the process that created a MAP_PRIVATE mapping is about to
         * perform a COW due to a shared page count, attempt to satisfy
         * the allocation without using the existing reserves. The pagecache
         * page is used to determine if the reserve at this address was
         * consumed or not. If reserves were used, a partial faulted mapping
         * at the time of fork() could consume its reserves on COW instead
         * of the full address range.
         */
        if (is_vma_resv_set(vma, HPAGE_RESV_OWNER) &&
                        old_page != pagecache_page)
                outside_reserve = 1;

        page_cache_get(old_page);

        /*
         * Drop page table lock as buddy allocator may be called. It will
         * be acquired again before returning to the caller, as expected.
         */
        spin_unlock(ptl);
        new_page = alloc_huge_page(vma, address, outside_reserve);

        if (IS_ERR(new_page)) {
                /*
                 * If a process owning a MAP_PRIVATE mapping fails to COW,
                 * it is due to references held by a child and an insufficient
                 * huge page pool. To guarantee the original mappers
                 * reliability, unmap the page from child processes. The child
                 * may get SIGKILLed if it later faults.
                 */
                if (outside_reserve) {
                        page_cache_release(old_page);
                        BUG_ON(huge_pte_none(pte));
                        unmap_ref_private(mm, vma, old_page, address);
                        BUG_ON(huge_pte_none(pte));
                        spin_lock(ptl);
                        ptep = huge_pte_offset(mm, address & huge_page_mask(h));
                        if (likely(ptep &&
                                   pte_same(huge_ptep_get(ptep), pte)))
                                goto retry_avoidcopy;
                        /*
                         * race occurs while re-acquiring page table
                         * lock, and our job is done.
                         */
                        return 0;
                }

                ret = (PTR_ERR(new_page) == -ENOMEM) ?
                        VM_FAULT_OOM : VM_FAULT_SIGBUS;
                goto out_release_old;
        }

        /*
         * When the original hugepage is shared one, it does not have
         * anon_vma prepared.
         */
        if (unlikely(anon_vma_prepare(vma))) {
                ret = VM_FAULT_OOM;
                goto out_release_all;
        }

        copy_user_huge_page(new_page, old_page, address, vma,
                            pages_per_huge_page(h));
        __SetPageUptodate(new_page);

        mmun_start = address & huge_page_mask(h);
        mmun_end = mmun_start + huge_page_size(h);
        mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);

        /*
         * Retake the page table lock to check for racing updates
         * before the page tables are altered
         */
        spin_lock(ptl);
        ptep = huge_pte_offset(mm, address & huge_page_mask(h));
        if (likely(ptep && pte_same(huge_ptep_get(ptep), pte))) {
                ClearPagePrivate(new_page);

                /* Break COW */
                huge_ptep_clear_flush(vma, address, ptep);
                mmu_notifier_invalidate_range(mm, mmun_start, mmun_end);
                set_huge_pte_at(mm, address, ptep,
                                make_huge_pte(vma, new_page, 1));
                page_remove_rmap(old_page);
                hugepage_add_new_anon_rmap(new_page, vma, address);
                /* Make the old page be freed below */
                new_page = old_page;
        }
        spin_unlock(ptl);
        mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
out_release_all:
        page_cache_release(new_page);
out_release_old:
        page_cache_release(old_page);

        spin_lock(ptl); /* Caller expects lock to be held */
        return ret;
}

/* Return the pagecache page at a given address within a VMA */
static struct page *hugetlbfs_pagecache_page(struct hstate *h,
                        struct vm_area_struct *vma, unsigned long address)
{
        struct address_space *mapping;
        pgoff_t idx;

        mapping = vma->vm_file->f_mapping;
        idx = vma_hugecache_offset(h, vma, address);

        return find_lock_page(mapping, idx);
}

/*
 * Return whether there is a pagecache page to back given address within VMA.
 * Caller follow_hugetlb_page() holds page_table_lock so we cannot lock_page.
 */
static bool hugetlbfs_pagecache_present(struct hstate *h,
                        struct vm_area_struct *vma, unsigned long address)
{
        struct address_space *mapping;
        pgoff_t idx;
        struct page *page;

        mapping = vma->vm_file->f_mapping;
        idx = vma_hugecache_offset(h, vma, address);

        page = find_get_page(mapping, idx);
        if (page)
                put_page(page);
        return page != NULL;
}

static int hugetlb_no_page(struct mm_struct *mm, struct vm_area_struct *vma,
                           struct address_space *mapping, pgoff_t idx,
                           unsigned long address, pte_t *ptep, unsigned int flags)
{
        struct hstate *h = hstate_vma(vma);
        int ret = VM_FAULT_SIGBUS;
        int anon_rmap = 0;
        unsigned long size;
        struct page *page;
        pte_t new_pte;
        spinlock_t *ptl;

        /*
         * Currently, we are forced to kill the process in the event the
         * original mapper has unmapped pages from the child due to a failed
         * COW. Warn that such a situation has occurred as it may not be obvious
         */
        if (is_vma_resv_set(vma, HPAGE_RESV_UNMAPPED)) {
                pr_warning("PID %d killed due to inadequate hugepage pool\n",
                           current->pid);
                return ret;
        }

        /*
         * Use page lock to guard against racing truncation
         * before we get page_table_lock.
         */
retry:
        page = find_lock_page(mapping, idx);
        if (!page) {
                size = i_size_read(mapping->host) >> huge_page_shift(h);
                if (idx >= size)
                        goto out;
                page = alloc_huge_page(vma, address, 0);
                if (IS_ERR(page)) {
                        ret = PTR_ERR(page);
                        if (ret == -ENOMEM)
                                ret = VM_FAULT_OOM;
                        else

                                ret = VM_FAULT_SIGBUS;
                        goto out;
                }
                clear_huge_page(page, address, pages_per_huge_page(h));
                __SetPageUptodate(page);

                if (vma->vm_flags & VM_MAYSHARE) {
                        int err;
                        struct inode *inode = mapping->host;

                        err = add_to_page_cache(page, mapping, idx, GFP_KERNEL);
                        if (err) {
                                put_page(page);
                                if (err == -EEXIST)
                                        goto retry;
                                goto out;
                        }
                        ClearPagePrivate(page);

                        spin_lock(&inode->i_lock);
                        inode->i_blocks += blocks_per_huge_page(h);
                        spin_unlock(&inode->i_lock);
                } else {
                        lock_page(page);
                        if (unlikely(anon_vma_prepare(vma))) {
                                ret = VM_FAULT_OOM;
                                goto backout_unlocked;
                        }
                        anon_rmap = 1;
                }
        } else {
                /*
                 * If memory error occurs between mmap() and fault, some process
                 * don't have hwpoisoned swap entry for errored virtual address.
                 * So we need to block hugepage fault by PG_hwpoison bit check.
                 */
                if (unlikely(PageHWPoison(page))) {
                        ret = VM_FAULT_HWPOISON |
                                VM_FAULT_SET_HINDEX(hstate_index(h));
                        goto backout_unlocked;
                }
        }

        /*
         * If we are going to COW a private mapping later, we examine the
         * pending reservations for this page now. This will ensure that
         * any allocations necessary to record that reservation occur outside
         * the spinlock.
         */
        if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED))
                if (vma_needs_reservation(h, vma, address) < 0) {
                        ret = VM_FAULT_OOM;
                        goto backout_unlocked;
                }

        ptl = huge_pte_lockptr(h, mm, ptep);
        spin_lock(ptl);
        size = i_size_read(mapping->host) >> huge_page_shift(h);
        if (idx >= size)
                goto backout;

        ret = 0;
        if (!huge_pte_none(huge_ptep_get(ptep)))
                goto backout;

        if (anon_rmap) {
                ClearPagePrivate(page);
                hugepage_add_new_anon_rmap(page, vma, address);
        } else
                page_dup_rmap(page);
        new_pte = make_huge_pte(vma, page, ((vma->vm_flags & VM_WRITE)
                                && (vma->vm_flags & VM_SHARED)));
        set_huge_pte_at(mm, address, ptep, new_pte);

        if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
                /* Optimization, do the COW without a second fault */
                ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
        }

        spin_unlock(ptl);
        unlock_page(page);
out:
        return ret;

backout:
        spin_unlock(ptl);
backout_unlocked:
        unlock_page(page);
        put_page(page);
        goto out;
}

#ifdef CONFIG_SMP
static u32 fault_mutex_hash(struct hstate *h, struct mm_struct *mm,
                            struct vm_area_struct *vma,
                            struct address_space *mapping,
                            pgoff_t idx, unsigned long address)
{
        unsigned long key[2];
        u32 hash;

        if (vma->vm_flags & VM_SHARED) {
                key[0] = (unsigned long) mapping;
                key[1] = idx;
        } else {
                key[0] = (unsigned long) mm;
                key[1] = address >> huge_page_shift(h);
        }

        hash = jhash2((u32 *)&key, sizeof(key)/sizeof(u32), 0);

        return hash & (num_fault_mutexes - 1);
}
#else
/*
 * For uniprocesor systems we always use a single mutex, so just
 * return 0 and avoid the hashing overhead.
 */
static u32 fault_mutex_hash(struct hstate *h, struct mm_struct *mm,
                            struct vm_area_struct *vma,
                            struct address_space *mapping,
                            pgoff_t idx, unsigned long address)
{
        return 0;
}
#endif

int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
                        unsigned long address, unsigned int flags)
{
        pte_t *ptep, entry;
        spinlock_t *ptl;
        int ret;
        u32 hash;
        pgoff_t idx;
        struct page *page = NULL;
        struct page *pagecache_page = NULL;
        struct hstate *h = hstate_vma(vma);
        struct address_space *mapping;
        int need_wait_lock = 0;

        address &= huge_page_mask(h);

        ptep = huge_pte_offset(mm, address);
        if (ptep) {
                entry = huge_ptep_get(ptep);
                if (unlikely(is_hugetlb_entry_migration(entry))) {
                        migration_entry_wait_huge(vma, mm, ptep);
                        return 0;
                } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry)))
                        return VM_FAULT_HWPOISON_LARGE |
                                VM_FAULT_SET_HINDEX(hstate_index(h));
        }

        ptep = huge_pte_alloc(mm, address, huge_page_size(h));
        if (!ptep)
                return VM_FAULT_OOM;

        mapping = vma->vm_file->f_mapping;
        idx = vma_hugecache_offset(h, vma, address);

        /*
         * Serialize hugepage allocation and instantiation, so that we don't
         * get spurious allocation failures if two CPUs race to instantiate
         * the same page in the page cache.
         */
        hash = fault_mutex_hash(h, mm, vma, mapping, idx, address);
        mutex_lock(&htlb_fault_mutex_table[hash]);

        entry = huge_ptep_get(ptep);
        if (huge_pte_none(entry)) {
                ret = hugetlb_no_page(mm, vma, mapping, idx, address, ptep, flags);
                goto out_mutex;
        }

        ret = 0;

        /*
         * entry could be a migration/hwpoison entry at this point, so this
         * check prevents the kernel from going below assuming that we have
         * a active hugepage in pagecache. This goto expects the 2nd page fault,
         * and is_hugetlb_entry_(migration|hwpoisoned) check will properly
         * handle it.
         */
        if (!pte_present(entry))
                goto out_mutex;

        /*
         * If we are going to COW the mapping later, we examine the pending
         * reservations for this page now. This will ensure that any
         * allocations necessary to record that reservation occur outside the
         * spinlock. For private mappings, we also lookup the pagecache
         * page now as it is used to determine if a reservation has been
         * consumed.
         */
        if ((flags & FAULT_FLAG_WRITE) && !huge_pte_write(entry)) {
                if (vma_needs_reservation(h, vma, address) < 0) {
                        ret = VM_FAULT_OOM;
                        goto out_mutex;
                }

                if (!(vma->vm_flags & VM_MAYSHARE))
                        pagecache_page = hugetlbfs_pagecache_page(h,
                                                                vma, address);
        }

        ptl = huge_pte_lock(h, mm, ptep);

        /* Check for a racing update before calling hugetlb_cow */
        if (unlikely(!pte_same(entry, huge_ptep_get(ptep))))
                goto out_ptl;

        /*
         * hugetlb_cow() requires page locks of pte_page(entry) and
         * pagecache_page, so here we need take the former one
         * when page != pagecache_page or !pagecache_page.
         */
        page = pte_page(entry);
        if (page != pagecache_page)
                if (!trylock_page(page)) {
                        need_wait_lock = 1;
                        goto out_ptl;
                }

        get_page(page);

        if (flags & FAULT_FLAG_WRITE) {
                if (!huge_pte_write(entry)) {
                        ret = hugetlb_cow(mm, vma, address, ptep, entry,
                                        pagecache_page, ptl);
                        goto out_put_page;
                }
                entry = huge_pte_mkdirty(entry);
        }
        entry = pte_mkyoung(entry);
        if (huge_ptep_set_access_flags(vma, address, ptep, entry,
                                                flags & FAULT_FLAG_WRITE))
                update_mmu_cache(vma, address, ptep);
out_put_page:
        if (page != pagecache_page)
                unlock_page(page);
        put_page(page);
out_ptl:
        spin_unlock(ptl);

        if (pagecache_page) {
                unlock_page(pagecache_page);
                put_page(pagecache_page);
        }
out_mutex:
        mutex_unlock(&htlb_fault_mutex_table[hash]);
        /*
         * Generally it's safe to hold refcount during waiting page lock. But
         * here we just wait to defer the next page fault to avoid busy loop and
         * the page is not used after unlocked before returning from the current
         * page fault. So we are safe from accessing freed page, even if we wait
         * here without taking refcount.
         */
        if (need_wait_lock)
                wait_on_page_locked(page);
        return ret;
}

long follow_hugetlb_page(struct mm_struct *mm, struct vm_area_struct *vma,
                         struct page **pages, struct vm_area_struct **vmas,
                         unsigned long *position, unsigned long *nr_pages,
                         long i, unsigned int flags)
{
        unsigned long pfn_offset;
        unsigned long vaddr = *position;
        unsigned long remainder = *nr_pages;
        struct hstate *h = hstate_vma(vma);

        while (vaddr < vma->vm_end && remainder) {
                pte_t *pte;
                spinlock_t *ptl = NULL;
                int absent;
                struct page *page;

                /*
                 * Some archs (sparc64, sh*) have multiple pte_ts to
                 * each hugepage.  We have to make sure we get the
                 * first, for the page indexing below to work.
                 *
                 * Note that page table lock is not held when pte is null.
                 */
                pte = huge_pte_offset(mm, vaddr & huge_page_mask(h));
                if (pte)
                        ptl = huge_pte_lock(h, mm, pte);
                absent = !pte || huge_pte_none(huge_ptep_get(pte));

                /*
                 * When coredumping, it suits get_dump_page if we just return
                 * an error where there's an empty slot with no huge pagecache
                 * to back it.  This way, we avoid allocating a hugepage, and
                 * the sparse dumpfile avoids allocating disk blocks, but its
                 * huge holes still show up with zeroes where they need to be.
                 */
                if (absent && (flags & FOLL_DUMP) &&
                    !hugetlbfs_pagecache_present(h, vma, vaddr)) {
                        if (pte)
                                spin_unlock(ptl);
                        remainder = 0;
                        break;
                }

                /*
                 * We need call hugetlb_fault for both hugepages under migration
                 * (in which case hugetlb_fault waits for the migration,) and
                 * hwpoisoned hugepages (in which case we need to prevent the
                 * caller from accessing to them.) In order to do this, we use
                 * here is_swap_pte instead of is_hugetlb_entry_migration and
                 * is_hugetlb_entry_hwpoisoned. This is because it simply covers
                 * both cases, and because we can't follow correct pages
                 * directly from any kind of swap entries.
                 */
                if (absent || is_swap_pte(huge_ptep_get(pte)) ||
                    ((flags & FOLL_WRITE) &&
                      !huge_pte_write(huge_ptep_get(pte)))) {
                        int ret;

                        if (pte)
                                spin_unlock(ptl);
                        ret = hugetlb_fault(mm, vma, vaddr,
                                (flags & FOLL_WRITE) ? FAULT_FLAG_WRITE : 0);
                        if (!(ret & VM_FAULT_ERROR))
                                continue;

                        remainder = 0;
                        break;
                }

                pfn_offset = (vaddr & ~huge_page_mask(h)) >> PAGE_SHIFT;
                page = pte_page(huge_ptep_get(pte));
same_page:
                if (pages) {
                        pages[i] = mem_map_offset(page, pfn_offset);
                        get_page_foll(pages[i]);
                }

                if (vmas)
                        vmas[i] = vma;

                vaddr += PAGE_SIZE;
                ++pfn_offset;
                --remainder;
                ++i;
                if (vaddr < vma->vm_end && remainder &&
                                pfn_offset < pages_per_huge_page(h)) {
                        /*
                         * We use pfn_offset to avoid touching the pageframes
                         * of this compound page.
                         */
                        goto same_page;
                }
                spin_unlock(ptl);
        }
        *nr_pages = remainder;
        *position = vaddr;

        return i ? i : -EFAULT;
}

unsigned long hugetlb_change_protection(struct vm_area_struct *vma,
                unsigned long address, unsigned long end, pgprot_t newprot)
{
        struct mm_struct *mm = vma->vm_mm;
        unsigned long start = address;
        pte_t *ptep;
        pte_t pte;
        struct hstate *h = hstate_vma(vma);
        unsigned long pages = 0;

        BUG_ON(address >= end);
        flush_cache_range(vma, address, end);

        mmu_notifier_invalidate_range_start(mm, start, end);
        i_mmap_lock_write(vma->vm_file->f_mapping);
        for (; address < end; address += huge_page_size(h)) {
                spinlock_t *ptl;
                ptep = huge_pte_offset(mm, address);
                if (!ptep)
                        continue;
                ptl = huge_pte_lock(h, mm, ptep);
                if (huge_pmd_unshare(mm, &address, ptep)) {
                        pages++;
                        spin_unlock(ptl);
                        continue;
                }
                pte = huge_ptep_get(ptep);
                if (unlikely(is_hugetlb_entry_hwpoisoned(pte))) {
                        spin_unlock(ptl);
                        continue;
                }
                if (unlikely(is_hugetlb_entry_migration(pte))) {
                        swp_entry_t entry = pte_to_swp_entry(pte);

                        if (is_write_migration_entry(entry)) {
                                pte_t newpte;

                                make_migration_entry_read(&entry);
                                newpte = swp_entry_to_pte(entry);
                                set_huge_pte_at(mm, address, ptep, newpte);
                                pages++;
                        }
                        spin_unlock(ptl);
                        continue;
                }
                if (!huge_pte_none(pte)) {
                        pte = huge_ptep_get_and_clear(mm, address, ptep);
                        pte = pte_mkhuge(huge_pte_modify(pte, newprot));
                        pte = arch_make_huge_pte(pte, vma, NULL, 0);
                        set_huge_pte_at(mm, address, ptep, pte);
                        pages++;
                }
                spin_unlock(ptl);
        }
        /*
         * Must flush TLB before releasing i_mmap_rwsem: x86's huge_pmd_unshare
         * may have cleared our pud entry and done put_page on the page table:
         * once we release i_mmap_rwsem, another task can do the final put_page
         * and that page table be reused and filled with junk.
         */
        flush_tlb_range(vma, start, end);
        mmu_notifier_invalidate_range(mm, start, end);
        i_mmap_unlock_write(vma->vm_file->f_mapping);
        mmu_notifier_invalidate_range_end(mm, start, end);

        return pages << h->order;
}

int hugetlb_reserve_pages(struct inode *inode,
                                        long from, long to,
                                        struct vm_area_struct *vma,
                                        vm_flags_t vm_flags)
{
        long ret, chg;
        struct hstate *h = hstate_inode(inode);
        struct hugepage_subpool *spool = subpool_inode(inode);
        struct resv_map *resv_map;

        /*
         * Only apply hugepage reservation if asked. At fault time, an
         * attempt will be made for VM_NORESERVE to allocate a page
         * without using reserves
         */
        if (vm_flags & VM_NORESERVE)
                return 0;

        /*
         * Shared mappings base their reservation on the number of pages that
         * are already allocated on behalf of the file. Private mappings need
         * to reserve the full area even if read-only as mprotect() may be
         * called to make the mapping read-write. Assume !vma is a shm mapping
         */
        if (!vma || vma->vm_flags & VM_MAYSHARE) {
                resv_map = inode_resv_map(inode);

                chg = region_chg(resv_map, from, to);

        } else {
                resv_map = resv_map_alloc();
                if (!resv_map)
                        return -ENOMEM;

                chg = to - from;

                set_vma_resv_map(vma, resv_map);
                set_vma_resv_flags(vma, HPAGE_RESV_OWNER);
        }

        if (chg < 0) {
                ret = chg;
                goto out_err;
        }

        /* There must be enough pages in the subpool for the mapping */
        if (hugepage_subpool_get_pages(spool, chg)) {
                ret = -ENOSPC;
                goto out_err;
        }

        /*
         * Check enough hugepages are available for the reservation.
         * Hand the pages back to the subpool if there are not
         */
        ret = hugetlb_acct_memory(h, chg);
        if (ret < 0) {
                hugepage_subpool_put_pages(spool, chg);
                goto out_err;
        }

        /*
         * Account for the reservations made. Shared mappings record regions
         * that have reservations as they are shared by multiple VMAs.
         * When the last VMA disappears, the region map says how much
         * the reservation was and the page cache tells how much of
         * the reservation was consumed. Private mappings are per-VMA and
         * only the consumed reservations are tracked. When the VMA
         * disappears, the original reservation is the VMA size and the
         * consumed reservations are stored in the map. Hence, nothing
         * else has to be done for private mappings here
         */
        if (!vma || vma->vm_flags & VM_MAYSHARE)
                region_add(resv_map, from, to);
        return 0;
out_err:
        if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER))
                kref_put(&resv_map->refs, resv_map_release);
        return ret;
}

void hugetlb_unreserve_pages(struct inode *inode, long offset, long freed)
{
        struct hstate *h = hstate_inode(inode);
        struct resv_map *resv_map = inode_resv_map(inode);
        long chg = 0;
        struct hugepage_subpool *spool = subpool_inode(inode);

        if (resv_map)
                chg = region_truncate(resv_map, offset);
        spin_lock(&inode->i_lock);
        inode->i_blocks -= (blocks_per_huge_page(h) * freed);
        spin_unlock(&inode->i_lock);

        hugepage_subpool_put_pages(spool, (chg - freed));
        hugetlb_acct_memory(h, -(chg - freed));
}

#ifdef CONFIG_ARCH_WANT_HUGE_PMD_SHARE
static unsigned long page_table_shareable(struct vm_area_struct *svma,
                                struct vm_area_struct *vma,
                                unsigned long addr, pgoff_t idx)
{
        unsigned long saddr = ((idx - svma->vm_pgoff) << PAGE_SHIFT) +
                                svma->vm_start;
        unsigned long sbase = saddr & PUD_MASK;
        unsigned long s_end = sbase + PUD_SIZE;

        /* Allow segments to share if only one is marked locked */
        unsigned long vm_flags = vma->vm_flags & ~VM_LOCKED;
        unsigned long svm_flags = svma->vm_flags & ~VM_LOCKED;

        /*
         * match the virtual addresses, permission and the alignment of the
         * page table page.
         */
        if (pmd_index(addr) != pmd_index(saddr) ||
            vm_flags != svm_flags ||
            sbase < svma->vm_start || svma->vm_end < s_end)
                return 0;

        return saddr;
}

static int vma_shareable(struct vm_area_struct *vma, unsigned long addr)
{
        unsigned long base = addr & PUD_MASK;
        unsigned long end = base + PUD_SIZE;

        /*
         * check on proper vm_flags and page table alignment
         */
        if (vma->vm_flags & VM_MAYSHARE &&
            vma->vm_start <= base && end <= vma->vm_end)
                return 1;
        return 0;
}

/*
 * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc()
 * and returns the corresponding pte. While this is not necessary for the
 * !shared pmd case because we can allocate the pmd later as well, it makes the
 * code much cleaner. pmd allocation is essential for the shared case because
 * pud has to be populated inside the same i_mmap_rwsem section - otherwise
 * racing tasks could either miss the sharing (see huge_pte_offset) or select a
 * bad pmd for sharing.
 */
pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)
{
        struct vm_area_struct *vma = find_vma(mm, addr);
        struct address_space *mapping = vma->vm_file->f_mapping;
        pgoff_t idx = ((addr - vma->vm_start) >> PAGE_SHIFT) +
                        vma->vm_pgoff;
        struct vm_area_struct *svma;
        unsigned long saddr;
        pte_t *spte = NULL;
        pte_t *pte;
        spinlock_t *ptl;

        if (!vma_shareable(vma, addr))
                return (pte_t *)pmd_alloc(mm, pud, addr);

        i_mmap_lock_write(mapping);
        vma_interval_tree_foreach(svma, &mapping->i_mmap, idx, idx) {
                if (svma == vma)
                        continue;

                saddr = page_table_shareable(svma, vma, addr, idx);
                if (saddr) {
                        spte = huge_pte_offset(svma->vm_mm, saddr);
                        if (spte) {
                                mm_inc_nr_pmds(mm);
                                get_page(virt_to_page(spte));
                                break;
                        }
                }
        }

        if (!spte)
                goto out;

        ptl = huge_pte_lockptr(hstate_vma(vma), mm, spte);
        spin_lock(ptl);
        if (pud_none(*pud)) {
                pud_populate(mm, pud,
                                (pmd_t *)((unsigned long)spte & PAGE_MASK));
        } else {
                put_page(virt_to_page(spte));
                mm_inc_nr_pmds(mm);
        }
        spin_unlock(ptl);
out:
        pte = (pte_t *)pmd_alloc(mm, pud, addr);
        i_mmap_unlock_write(mapping);
        return pte;
}

/*
 * unmap huge page backed by shared pte.
 *
 * Hugetlb pte page is ref counted at the time of mapping.  If pte is shared
 * indicated by page_count > 1, unmap is achieved by clearing pud and
 * decrementing the ref count. If count == 1, the pte page is not shared.
 *
 * called with page table lock held.
 *
 * returns: 1 successfully unmapped a shared pte page
 *          0 the underlying pte page is not shared, or it is the last user
 */
int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
{
        pgd_t *pgd = pgd_offset(mm, *addr);
        pud_t *pud = pud_offset(pgd, *addr);

        BUG_ON(page_count(virt_to_page(ptep)) == 0);
        if (page_count(virt_to_page(ptep)) == 1)
                return 0;

        pud_clear(pud);
        put_page(virt_to_page(ptep));
        mm_dec_nr_pmds(mm);
        *addr = ALIGN(*addr, HPAGE_SIZE * PTRS_PER_PTE) - HPAGE_SIZE;
        return 1;
}
#define want_pmd_share()        (1)
#else /* !CONFIG_ARCH_WANT_HUGE_PMD_SHARE */
pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)
{
        return NULL;
}
#define want_pmd_share()        (0)
#endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */

#ifdef CONFIG_ARCH_WANT_GENERAL_HUGETLB
pte_t *huge_pte_alloc(struct mm_struct *mm,
                        unsigned long addr, unsigned long sz)
{
        pgd_t *pgd;
        pud_t *pud;
        pte_t *pte = NULL;

        pgd = pgd_offset(mm, addr);
        pud = pud_alloc(mm, pgd, addr);
        if (pud) {
                if (sz == PUD_SIZE) {
                        pte = (pte_t *)pud;
                } else {
                        BUG_ON(sz != PMD_SIZE);
                        if (want_pmd_share() && pud_none(*pud))
                                pte = huge_pmd_share(mm, addr, pud);
                        else
                                pte = (pte_t *)pmd_alloc(mm, pud, addr);
                }
        }
        BUG_ON(pte && !pte_none(*pte) && !pte_huge(*pte));

        return pte;
}

pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
{
        pgd_t *pgd;
        pud_t *pud;
        pmd_t *pmd = NULL;

        pgd = pgd_offset(mm, addr);
        if (pgd_present(*pgd)) {
                pud = pud_offset(pgd, addr);
                if (pud_present(*pud)) {
                        if (pud_huge(*pud))
                                return (pte_t *)pud;
                        pmd = pmd_offset(pud, addr);
                }
        }
        return (pte_t *) pmd;
}

#endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */

/*
 * These functions are overwritable if your architecture needs its own
 * behavior.
 */
struct page * __weak
follow_huge_addr(struct mm_struct *mm, unsigned long address,
                              int write)
{
        return ERR_PTR(-EINVAL);
}

struct page * __weak
follow_huge_pmd(struct mm_struct *mm, unsigned long address,
                pmd_t *pmd, int flags)
{
        struct page *page = NULL;
        spinlock_t *ptl;
retry:
        ptl = pmd_lockptr(mm, pmd);
        spin_lock(ptl);
        /*
         * make sure that the address range covered by this pmd is not
         * unmapped from other threads.
         */
        if (!pmd_huge(*pmd))
                goto out;
        if (pmd_present(*pmd)) {
                page = pte_page(*(pte_t *)pmd) +
                        ((address & ~PMD_MASK) >> PAGE_SHIFT);
                if (flags & FOLL_GET)
                        get_page(page);
        } else {
                if (is_hugetlb_entry_migration(huge_ptep_get((pte_t *)pmd))) {
                        spin_unlock(ptl);
                        __migration_entry_wait(mm, (pte_t *)pmd, ptl);
                        goto retry;
                }
                /*
                 * hwpoisoned entry is treated as no_page_table in
                 * follow_page_mask().
                 */
        }
out:
        spin_unlock(ptl);
        return page;
}

struct page * __weak
follow_huge_pud(struct mm_struct *mm, unsigned long address,
                pud_t *pud, int flags)
{
        if (flags & FOLL_GET)
                return NULL;

        return pte_page(*(pte_t *)pud) + ((address & ~PUD_MASK) >> PAGE_SHIFT);
}

#ifdef CONFIG_MEMORY_FAILURE

/* Should be called in hugetlb_lock */
static int is_hugepage_on_freelist(struct page *hpage)
{
        struct page *page;
        struct page *tmp;
        struct hstate *h = page_hstate(hpage);
        int nid = page_to_nid(hpage);

        list_for_each_entry_safe(page, tmp, &h->hugepage_freelists[nid], lru)
                if (page == hpage)
                        return 1;
        return 0;
}

/*
 * This function is called from memory failure code.
 * Assume the caller holds page lock of the head page.
 */
int dequeue_hwpoisoned_huge_page(struct page *hpage)
{
        struct hstate *h = page_hstate(hpage);
        int nid = page_to_nid(hpage);
        int ret = -EBUSY;

        spin_lock(&hugetlb_lock);
        if (is_hugepage_on_freelist(hpage)) {
                /*
                 * Hwpoisoned hugepage isn't linked to activelist or freelist,
                 * but dangling hpage->lru can trigger list-debug warnings
                 * (this happens when we call unpoison_memory() on it),
                 * so let it point to itself with list_del_init().
                 */
                list_del_init(&hpage->lru);
                set_page_refcounted(hpage);
                h->free_huge_pages--;
                h->free_huge_pages_node[nid]--;
                ret = 0;
        }
        spin_unlock(&hugetlb_lock);
        return ret;
}
#endif

bool isolate_huge_page(struct page *page, struct list_head *list)
{
        VM_BUG_ON_PAGE(!PageHead(page), page);
        if (!get_page_unless_zero(page))
                return false;
        spin_lock(&hugetlb_lock);
        list_move_tail(&page->lru, list);
        spin_unlock(&hugetlb_lock);
        return true;
}

void putback_active_hugepage(struct page *page)
{
        VM_BUG_ON_PAGE(!PageHead(page), page);
        spin_lock(&hugetlb_lock);
        list_move_tail(&page->lru, &(page_hstate(page))->hugepage_activelist);
        spin_unlock(&hugetlb_lock);
        put_page(page);
}

bool is_hugepage_active(struct page *page)
{
        VM_BUG_ON_PAGE(!PageHuge(page), page);
        /*
         * This function can be called for a tail page because the caller,
         * scan_movable_pages, scans through a given pfn-range which typically
         * covers one memory block. In systems using gigantic hugepage (1GB
         * for x86_64,) a hugepage is larger than a memory block, and we don't
         * support migrating such large hugepages for now, so return false
         * when called for tail pages.
         */
        if (PageTail(page))
                return false;
        /*
         * Refcount of a hwpoisoned hugepages is 1, but they are not active,
         * so we should return false for them.
         */
        if (unlikely(PageHWPoison(page)))
                return false;
        return page_count(page) > 0;
}