mm: remove follow_pte()

PlaidCat · PlaidCat · commit 7eb43fbcfff7 · 2025-07-15T00:01:34.000-04:00
jira LE-3557 Rebuild_History Non-Buildable kernel-5.14.0-570.26.1.el9_6 commit-author Peter Xu <peterx@redhat.com> commit b0a1c0d Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/b0a1c0d0.failed follow_pte() users have been converted to follow_pfnmap*(). Remove the API. Link: https://lkml.kernel.org/r/20240826204353.2228736-17-peterx@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com> Cc: Alexander Gordeev <agordeev@linux.ibm.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christian Borntraeger <borntraeger@linux.ibm.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Hildenbrand <david@redhat.com> Cc: Gavin Shan <gshan@redhat.com> Cc: Gerald Schaefer <gerald.schaefer@linux.ibm.com> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jason Gunthorpe <jgg@nvidia.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Niklas Schnelle <schnelle@linux.ibm.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Ryan Roberts <ryan.roberts@arm.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Sven Schnelle <svens@linux.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Will Deacon <will@kernel.org> Cc: Zi Yan <ziy@nvidia.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b0a1c0d) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # include/linux/mm.h # mm/memory.c
diff --git a/ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/b0a1c0d0.failed b/ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/b0a1c0d0.failed
@@ -0,0 +1,335 @@
+mm: remove follow_pte()
+
+jira LE-3557
+Rebuild_History Non-Buildable kernel-5.14.0-570.26.1.el9_6
+commit-author Peter Xu <peterx@redhat.com>
+commit b0a1c0d0edcd75a0f8ec5fd19dbd64b8d097f534
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/b0a1c0d0.failed
+
+follow_pte() users have been converted to follow_pfnmap*().  Remove the
+API.
+
+Link: https://lkml.kernel.org/r/20240826204353.2228736-17-peterx@redhat.com
+	Signed-off-by: Peter Xu <peterx@redhat.com>
+	Cc: Alexander Gordeev <agordeev@linux.ibm.com>
+	Cc: Alex Williamson <alex.williamson@redhat.com>
+	Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+	Cc: Borislav Petkov <bp@alien8.de>
+	Cc: Catalin Marinas <catalin.marinas@arm.com>
+	Cc: Christian Borntraeger <borntraeger@linux.ibm.com>
+	Cc: Dave Hansen <dave.hansen@linux.intel.com>
+	Cc: David Hildenbrand <david@redhat.com>
+	Cc: Gavin Shan <gshan@redhat.com>
+	Cc: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+	Cc: Heiko Carstens <hca@linux.ibm.com>
+	Cc: Ingo Molnar <mingo@redhat.com>
+	Cc: Jason Gunthorpe <jgg@nvidia.com>
+	Cc: Matthew Wilcox <willy@infradead.org>
+	Cc: Niklas Schnelle <schnelle@linux.ibm.com>
+	Cc: Paolo Bonzini <pbonzini@redhat.com>
+	Cc: Ryan Roberts <ryan.roberts@arm.com>
+	Cc: Sean Christopherson <seanjc@google.com>
+	Cc: Sven Schnelle <svens@linux.ibm.com>
+	Cc: Thomas Gleixner <tglx@linutronix.de>
+	Cc: Vasily Gorbik <gor@linux.ibm.com>
+	Cc: Will Deacon <will@kernel.org>
+	Cc: Zi Yan <ziy@nvidia.com>
+	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+(cherry picked from commit b0a1c0d0edcd75a0f8ec5fd19dbd64b8d097f534)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	include/linux/mm.h
+#	mm/memory.c
+diff --cc include/linux/mm.h
+index 196c481ec160,d750be768121..000000000000
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@@ -2427,12 -2368,6 +2427,15 @@@ void free_pgd_range(struct mmu_gather *
+  		unsigned long end, unsigned long floor, unsigned long ceiling);
+  int
+  copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma);
+++<<<<<<< HEAD
+ +int follow_pte(struct mm_struct *mm, unsigned long address,
+ +	       pte_t **ptepp, spinlock_t **ptlp);
+ +int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+ +	unsigned long *pfn);
+ +int follow_phys(struct vm_area_struct *vma, unsigned long address,
+ +		unsigned int flags, unsigned long *prot, resource_size_t *phys);
+++=======
+++>>>>>>> b0a1c0d0edcd (mm: remove follow_pte())
+  int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+  			void *buf, int len, int write);
+  
+diff --cc mm/memory.c
+index e2794e3b8919,42674c0748cb..000000000000
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@@ -5607,130 -6099,157 +5607,159 @@@ int __pmd_alloc(struct mm_struct *mm, p
+  }
+  #endif /* __PAGETABLE_PMD_FOLDED */
+  
+++<<<<<<< HEAD
+ +/**
+ + * follow_pte - look up PTE at a user virtual address
+ + * @mm: the mm_struct of the target address space
+ + * @address: user virtual address
+ + * @ptepp: location to store found PTE
+ + * @ptlp: location to store the lock for the PTE
+ + *
+ + * On a successful return, the pointer to the PTE is stored in @ptepp;
+ + * the corresponding lock is taken and its location is stored in @ptlp.
+ + * The contents of the PTE are only stable until @ptlp is released;
+ + * any further use, if any, must be protected against invalidation
+ + * with MMU notifiers.
+ + *
+ + * Only IO mappings and raw PFN mappings are allowed.  The mmap semaphore
+ + * should be taken for read.
+ + *
+ + * KVM uses this function.  While it is arguably less bad than ``follow_pfn``,
+ + * it is not a good general-purpose API.
+ + *
+ + * Return: zero on success, -ve otherwise.
+ + */
+ +int follow_pte(struct mm_struct *mm, unsigned long address,
+ +	       pte_t **ptepp, spinlock_t **ptlp)
+ +{
+ +	pgd_t *pgd;
+ +	p4d_t *p4d;
+ +	pud_t *pud;
+ +	pmd_t *pmd;
+ +	pte_t *ptep;
+ +
+ +	pgd = pgd_offset(mm, address);
+ +	if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
+ +		goto out;
+ +
+ +	p4d = p4d_offset(pgd, address);
+ +	if (p4d_none(*p4d) || unlikely(p4d_bad(*p4d)))
+ +		goto out;
+ +
+ +	pud = pud_offset(p4d, address);
+ +	if (pud_none(*pud) || unlikely(pud_bad(*pud)))
+ +		goto out;
+ +
+ +	pmd = pmd_offset(pud, address);
+ +	VM_BUG_ON(pmd_trans_huge(*pmd));
+ +
+ +	ptep = pte_offset_map_lock(mm, pmd, address, ptlp);
+ +	if (!ptep)
+ +		goto out;
+ +	if (!pte_present(ptep_get(ptep)))
+ +		goto unlock;
+ +	*ptepp = ptep;
+ +	return 0;
+ +unlock:
+ +	pte_unmap_unlock(ptep, *ptlp);
+ +out:
+ +	return -EINVAL;
+ +}
+ +EXPORT_SYMBOL_GPL(follow_pte);
+++=======
++ static inline void pfnmap_args_setup(struct follow_pfnmap_args *args,
++ 				     spinlock_t *lock, pte_t *ptep,
++ 				     pgprot_t pgprot, unsigned long pfn_base,
++ 				     unsigned long addr_mask, bool writable,
++ 				     bool special)
++ {
++ 	args->lock = lock;
++ 	args->ptep = ptep;
++ 	args->pfn = pfn_base + ((args->address & ~addr_mask) >> PAGE_SHIFT);
++ 	args->pgprot = pgprot;
++ 	args->writable = writable;
++ 	args->special = special;
++ }
++ 
++ static inline void pfnmap_lockdep_assert(struct vm_area_struct *vma)
++ {
++ #ifdef CONFIG_LOCKDEP
++ 	struct address_space *mapping = vma->vm_file->f_mapping;
++ 
++ 	if (mapping)
++ 		lockdep_assert(lockdep_is_held(&vma->vm_file->f_mapping->i_mmap_rwsem) ||
++ 			       lockdep_is_held(&vma->vm_mm->mmap_lock));
++ 	else
++ 		lockdep_assert(lockdep_is_held(&vma->vm_mm->mmap_lock));
++ #endif
++ }
+++>>>>>>> b0a1c0d0edcd (mm: remove follow_pte())
+  
+  /**
+ - * follow_pfnmap_start() - Look up a pfn mapping at a user virtual address
+ - * @args: Pointer to struct @follow_pfnmap_args
+ + * follow_pfn - look up PFN at a user virtual address
+ + * @vma: memory mapping
+ + * @address: user virtual address
+ + * @pfn: location to store found PFN
+   *
+ - * The caller needs to setup args->vma and args->address to point to the
+ - * virtual address as the target of such lookup.  On a successful return,
+ - * the results will be put into other output fields.
+ + * Only IO mappings and raw PFN mappings are allowed.
+   *
+ - * After the caller finished using the fields, the caller must invoke
+ - * another follow_pfnmap_end() to proper releases the locks and resources
+ - * of such look up request.
+ + * This function does not allow the caller to read the permissions
+ + * of the PTE.  Do not use it.
+   *
+ - * During the start() and end() calls, the results in @args will be valid
+ - * as proper locks will be held.  After the end() is called, all the fields
+ - * in @follow_pfnmap_args will be invalid to be further accessed.  Further
+ - * use of such information after end() may require proper synchronizations
+ - * by the caller with page table updates, otherwise it can create a
+ - * security bug.
+ - *
+ - * If the PTE maps a refcounted page, callers are responsible to protect
+ - * against invalidation with MMU notifiers; otherwise access to the PFN at
+ - * a later point in time can trigger use-after-free.
+ - *
+ - * Only IO mappings and raw PFN mappings are allowed.  The mmap semaphore
+ - * should be taken for read, and the mmap semaphore cannot be released
+ - * before the end() is invoked.
+ - *
+ - * This function must not be used to modify PTE content.
+ - *
+ - * Return: zero on success, negative otherwise.
+ + * Return: zero and the pfn at @pfn on success, -ve otherwise.
+   */
+ -int follow_pfnmap_start(struct follow_pfnmap_args *args)
+ +int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+ +	unsigned long *pfn)
+  {
+ -	struct vm_area_struct *vma = args->vma;
+ -	unsigned long address = args->address;
+ -	struct mm_struct *mm = vma->vm_mm;
+ -	spinlock_t *lock;
+ -	pgd_t *pgdp;
+ -	p4d_t *p4dp, p4d;
+ -	pud_t *pudp, pud;
+ -	pmd_t *pmdp, pmd;
+ -	pte_t *ptep, pte;
+ +	int ret = -EINVAL;
+ +	spinlock_t *ptl;
+ +	pte_t *ptep;
+  
+ -	pfnmap_lockdep_assert(vma);
+ +	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
+ +		return ret;
+  
+ -	if (unlikely(address < vma->vm_start || address >= vma->vm_end))
+ -		goto out;
+ +	ret = follow_pte(vma->vm_mm, address, &ptep, &ptl);
+ +	if (ret)
+ +		return ret;
+ +	*pfn = pte_pfn(ptep_get(ptep));
+ +	pte_unmap_unlock(ptep, ptl);
+ +	return 0;
+ +}
+ +EXPORT_SYMBOL(follow_pfn);
+  
+ -	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
+ -		goto out;
+ -retry:
+ -	pgdp = pgd_offset(mm, address);
+ -	if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp)))
+ -		goto out;
+ +#ifdef CONFIG_HAVE_IOREMAP_PROT
+ +int follow_phys(struct vm_area_struct *vma,
+ +		unsigned long address, unsigned int flags,
+ +		unsigned long *prot, resource_size_t *phys)
+ +{
+ +	int ret = -EINVAL;
+ +	pte_t *ptep, pte;
+ +	spinlock_t *ptl;
+  
+ -	p4dp = p4d_offset(pgdp, address);
+ -	p4d = READ_ONCE(*p4dp);
+ -	if (p4d_none(p4d) || unlikely(p4d_bad(p4d)))
+ +	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
+  		goto out;
+  
+ -	pudp = pud_offset(p4dp, address);
+ -	pud = READ_ONCE(*pudp);
+ -	if (pud_none(pud))
+ +	if (follow_pte(vma->vm_mm, address, &ptep, &ptl))
+  		goto out;
+ -	if (pud_leaf(pud)) {
+ -		lock = pud_lock(mm, pudp);
+ -		if (!unlikely(pud_leaf(pud))) {
+ -			spin_unlock(lock);
+ -			goto retry;
+ -		}
+ -		pfnmap_args_setup(args, lock, NULL, pud_pgprot(pud),
+ -				  pud_pfn(pud), PUD_MASK, pud_write(pud),
+ -				  pud_special(pud));
+ -		return 0;
+ -	}
+ +	pte = ptep_get(ptep);
+  
+ -	pmdp = pmd_offset(pudp, address);
+ -	pmd = pmdp_get_lockless(pmdp);
+ -	if (pmd_leaf(pmd)) {
+ -		lock = pmd_lock(mm, pmdp);
+ -		if (!unlikely(pmd_leaf(pmd))) {
+ -			spin_unlock(lock);
+ -			goto retry;
+ -		}
+ -		pfnmap_args_setup(args, lock, NULL, pmd_pgprot(pmd),
+ -				  pmd_pfn(pmd), PMD_MASK, pmd_write(pmd),
+ -				  pmd_special(pmd));
+ -		return 0;
+ -	}
+ +	/* Never return PFNs of anon folios in COW mappings. */
+ +	if (vm_normal_folio(vma, address, pte))
+ +		goto unlock;
+  
+ -	ptep = pte_offset_map_lock(mm, pmdp, address, &lock);
+ -	if (!ptep)
+ -		goto out;
+ -	pte = ptep_get(ptep);
+ -	if (!pte_present(pte))
+ +	if ((flags & FOLL_WRITE) && !pte_write(pte))
+  		goto unlock;
+ -	pfnmap_args_setup(args, lock, ptep, pte_pgprot(pte),
+ -			  pte_pfn(pte), PAGE_MASK, pte_write(pte),
+ -			  pte_special(pte));
+ -	return 0;
+ +
+ +	*prot = pgprot_val(pte_pgprot(pte));
+ +	*phys = (resource_size_t)pte_pfn(pte) << PAGE_SHIFT;
+ +
+ +	ret = 0;
+  unlock:
+ -	pte_unmap_unlock(ptep, lock);
+ +	pte_unmap_unlock(ptep, ptl);
+  out:
+ -	return -EINVAL;
+ -}
+ -EXPORT_SYMBOL_GPL(follow_pfnmap_start);
+ -
+ -/**
+ - * follow_pfnmap_end(): End a follow_pfnmap_start() process
+ - * @args: Pointer to struct @follow_pfnmap_args
+ - *
+ - * Must be used in pair of follow_pfnmap_start().  See the start() function
+ - * above for more information.
+ - */
+ -void follow_pfnmap_end(struct follow_pfnmap_args *args)
+ -{
+ -	if (args->lock)
+ -		spin_unlock(args->lock);
+ -	if (args->ptep)
+ -		pte_unmap(args->ptep);
+ +	return ret;
+  }
+ -EXPORT_SYMBOL_GPL(follow_pfnmap_end);
+  
+ -#ifdef CONFIG_HAVE_IOREMAP_PROT
+  /**
+   * generic_access_phys - generic implementation for iomem mmap access
+   * @vma: the vma to access
+* Unmerged path include/linux/mm.h
+* Unmerged path mm/memory.c

-Original file line number
+Diff line change
@@ @@ -0,0 +1,335 @@ @@
 +mm: remove follow_pte()
++
 +jira LE-3557
 +Rebuild_History Non-Buildable kernel-5.14.0-570.26.1.el9_6
 +commit-author Peter Xu <[email protected]>
 +commit b0a1c0d0edcd75a0f8ec5fd19dbd64b8d097f534
 +Empty-Commit: Cherry-Pick Conflicts during history rebuild.
 +Will be included in final tarball splat. Ref for failed cherry-pick at:
 +ciq/ciq_backports/kernel-5.14.0-570.26.1.el9_6/b0a1c0d0.failed
++
 +follow_pte() users have been converted to follow_pfnmap*().  Remove the
 +API.
++
 +Link: https://lkml.kernel.org/r/[email protected]
 +	Signed-off-by: Peter Xu <[email protected]>
 +	Cc: Alexander Gordeev <[email protected]>
 +	Cc: Alex Williamson <[email protected]>
 +	Cc: Aneesh Kumar K.V <[email protected]>
 +	Cc: Borislav Petkov <[email protected]>
 +	Cc: Catalin Marinas <[email protected]>
 +	Cc: Christian Borntraeger <[email protected]>
 +	Cc: Dave Hansen <[email protected]>
 +	Cc: David Hildenbrand <[email protected]>
 +	Cc: Gavin Shan <[email protected]>
 +	Cc: Gerald Schaefer <[email protected]>
 +	Cc: Heiko Carstens <[email protected]>
 +	Cc: Ingo Molnar <[email protected]>
 +	Cc: Jason Gunthorpe <[email protected]>
 +	Cc: Matthew Wilcox <[email protected]>
 +	Cc: Niklas Schnelle <[email protected]>
 +	Cc: Paolo Bonzini <[email protected]>
 +	Cc: Ryan Roberts <[email protected]>
 +	Cc: Sean Christopherson <[email protected]>
 +	Cc: Sven Schnelle <[email protected]>
 +	Cc: Thomas Gleixner <[email protected]>
 +	Cc: Vasily Gorbik <[email protected]>
 +	Cc: Will Deacon <[email protected]>
 +	Cc: Zi Yan <[email protected]>
 +	Signed-off-by: Andrew Morton <[email protected]>
 +(cherry picked from commit b0a1c0d0edcd75a0f8ec5fd19dbd64b8d097f534)
 +	Signed-off-by: Jonathan Maple <[email protected]>
++
 +# Conflicts:
 +#	include/linux/mm.h
 +#	mm/memory.c
 +diff --cc include/linux/mm.h
 +index 196c481ec160,d750be768121..000000000000
 +--- a/include/linux/mm.h
 ++++ b/include/linux/mm.h
 +@@@ -2427,12 -2368,6 +2427,15 @@@ void free_pgd_range(struct mmu_gather *
 +  		unsigned long end, unsigned long floor, unsigned long ceiling);
 +  int
 +  copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma);
 +++<<<<<<< HEAD
 + +int follow_pte(struct mm_struct *mm, unsigned long address,
 + +	       pte_t **ptepp, spinlock_t **ptlp);
 + +int follow_pfn(struct vm_area_struct *vma, unsigned long address,
 + +	unsigned long *pfn);
 + +int follow_phys(struct vm_area_struct *vma, unsigned long address,
 + +		unsigned int flags, unsigned long *prot, resource_size_t *phys);
 +++=======
 +++>>>>>>> b0a1c0d0edcd (mm: remove follow_pte())
 +  int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
 +  			void *buf, int len, int write);
++
 +diff --cc mm/memory.c
 +index e2794e3b8919,42674c0748cb..000000000000
 +--- a/mm/memory.c
 ++++ b/mm/memory.c
 +@@@ -5607,130 -6099,157 +5607,159 @@@ int __pmd_alloc(struct mm_struct *mm, p
 +  }
 +  #endif /* __PAGETABLE_PMD_FOLDED */
++
 +++<<<<<<< HEAD
 + +/**
 + + * follow_pte - look up PTE at a user virtual address
 + + * @mm: the mm_struct of the target address space
 + + * @address: user virtual address
 + + * @ptepp: location to store found PTE
 + + * @ptlp: location to store the lock for the PTE
 + + *
 + + * On a successful return, the pointer to the PTE is stored in @ptepp;
 + + * the corresponding lock is taken and its location is stored in @ptlp.
 + + * The contents of the PTE are only stable until @ptlp is released;
 + + * any further use, if any, must be protected against invalidation
 + + * with MMU notifiers.
 + + *
 + + * Only IO mappings and raw PFN mappings are allowed.  The mmap semaphore
 + + * should be taken for read.
 + + *
 + + * KVM uses this function.  While it is arguably less bad than ``follow_pfn``,
 + + * it is not a good general-purpose API.
 + + *
 + + * Return: zero on success, -ve otherwise.
 + + */
 + +int follow_pte(struct mm_struct *mm, unsigned long address,
 + +	       pte_t **ptepp, spinlock_t **ptlp)
 + +{
 + +	pgd_t *pgd;
 + +	p4d_t *p4d;
 + +	pud_t *pud;
 + +	pmd_t *pmd;
 + +	pte_t *ptep;
 + +
 + +	pgd = pgd_offset(mm, address);
 + +	if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
 + +		goto out;
 + +
 + +	p4d = p4d_offset(pgd, address);
 + +	if (p4d_none(*p4d) || unlikely(p4d_bad(*p4d)))
 + +		goto out;
 + +
 + +	pud = pud_offset(p4d, address);
 + +	if (pud_none(*pud) || unlikely(pud_bad(*pud)))
 + +		goto out;
 + +
 + +	pmd = pmd_offset(pud, address);
 + +	VM_BUG_ON(pmd_trans_huge(*pmd));
 + +
 + +	ptep = pte_offset_map_lock(mm, pmd, address, ptlp);
 + +	if (!ptep)
 + +		goto out;
 + +	if (!pte_present(ptep_get(ptep)))
 + +		goto unlock;
 + +	*ptepp = ptep;
 + +	return 0;
 + +unlock:
 + +	pte_unmap_unlock(ptep, *ptlp);
 + +out:
 + +	return -EINVAL;
 + +}
 + +EXPORT_SYMBOL_GPL(follow_pte);
 +++=======
 ++ static inline void pfnmap_args_setup(struct follow_pfnmap_args *args,
 ++ 				     spinlock_t *lock, pte_t *ptep,
 ++ 				     pgprot_t pgprot, unsigned long pfn_base,
 ++ 				     unsigned long addr_mask, bool writable,
 ++ 				     bool special)
 ++ {
 ++ 	args->lock = lock;
 ++ 	args->ptep = ptep;
 ++ 	args->pfn = pfn_base + ((args->address & ~addr_mask) >> PAGE_SHIFT);
 ++ 	args->pgprot = pgprot;
 ++ 	args->writable = writable;
 ++ 	args->special = special;
 ++ }
 ++
 ++ static inline void pfnmap_lockdep_assert(struct vm_area_struct *vma)
 ++ {
 ++ #ifdef CONFIG_LOCKDEP
 ++ 	struct address_space *mapping = vma->vm_file->f_mapping;
 ++
 ++ 	if (mapping)
 ++ 		lockdep_assert(lockdep_is_held(&vma->vm_file->f_mapping->i_mmap_rwsem) ||
 ++ 			       lockdep_is_held(&vma->vm_mm->mmap_lock));
 ++ 	else
 ++ 		lockdep_assert(lockdep_is_held(&vma->vm_mm->mmap_lock));
 ++ #endif
 ++ }
 +++>>>>>>> b0a1c0d0edcd (mm: remove follow_pte())
++
 +  /**
 + - * follow_pfnmap_start() - Look up a pfn mapping at a user virtual address
 + - * @args: Pointer to struct @follow_pfnmap_args
 + + * follow_pfn - look up PFN at a user virtual address
 + + * @vma: memory mapping
 + + * @address: user virtual address
 + + * @pfn: location to store found PFN
 +   *
 + - * The caller needs to setup args->vma and args->address to point to the
 + - * virtual address as the target of such lookup.  On a successful return,
 + - * the results will be put into other output fields.
 + + * Only IO mappings and raw PFN mappings are allowed.
 +   *
 + - * After the caller finished using the fields, the caller must invoke
 + - * another follow_pfnmap_end() to proper releases the locks and resources
 + - * of such look up request.
 + + * This function does not allow the caller to read the permissions
 + + * of the PTE.  Do not use it.
 +   *
 + - * During the start() and end() calls, the results in @args will be valid
 + - * as proper locks will be held.  After the end() is called, all the fields
 + - * in @follow_pfnmap_args will be invalid to be further accessed.  Further
 + - * use of such information after end() may require proper synchronizations
 + - * by the caller with page table updates, otherwise it can create a
 + - * security bug.
 + - *
 + - * If the PTE maps a refcounted page, callers are responsible to protect
 + - * against invalidation with MMU notifiers; otherwise access to the PFN at
 + - * a later point in time can trigger use-after-free.
 + - *
 + - * Only IO mappings and raw PFN mappings are allowed.  The mmap semaphore
 + - * should be taken for read, and the mmap semaphore cannot be released
 + - * before the end() is invoked.
 + - *
 + - * This function must not be used to modify PTE content.
 + - *
 + - * Return: zero on success, negative otherwise.
 + + * Return: zero and the pfn at @pfn on success, -ve otherwise.
 +   */
 + -int follow_pfnmap_start(struct follow_pfnmap_args *args)
 + +int follow_pfn(struct vm_area_struct *vma, unsigned long address,
 + +	unsigned long *pfn)
 +  {
 + -	struct vm_area_struct *vma = args->vma;
 + -	unsigned long address = args->address;
 + -	struct mm_struct *mm = vma->vm_mm;
 + -	spinlock_t *lock;
 + -	pgd_t *pgdp;
 + -	p4d_t *p4dp, p4d;
 + -	pud_t *pudp, pud;
 + -	pmd_t *pmdp, pmd;
 + -	pte_t *ptep, pte;
 + +	int ret = -EINVAL;
 + +	spinlock_t *ptl;
 + +	pte_t *ptep;
++
 + -	pfnmap_lockdep_assert(vma);
 + +	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
 + +		return ret;
++
 + -	if (unlikely(address < vma->vm_start || address >= vma->vm_end))
 + -		goto out;
 + +	ret = follow_pte(vma->vm_mm, address, &ptep, &ptl);
 + +	if (ret)
 + +		return ret;
 + +	*pfn = pte_pfn(ptep_get(ptep));
 + +	pte_unmap_unlock(ptep, ptl);
 + +	return 0;
 + +}
 + +EXPORT_SYMBOL(follow_pfn);
++
 + -	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
 + -		goto out;
 + -retry:
 + -	pgdp = pgd_offset(mm, address);
 + -	if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp)))
 + -		goto out;
 + +#ifdef CONFIG_HAVE_IOREMAP_PROT
 + +int follow_phys(struct vm_area_struct *vma,
 + +		unsigned long address, unsigned int flags,
 + +		unsigned long *prot, resource_size_t *phys)
 + +{
 + +	int ret = -EINVAL;
 + +	pte_t *ptep, pte;
 + +	spinlock_t *ptl;
++
 + -	p4dp = p4d_offset(pgdp, address);
 + -	p4d = READ_ONCE(*p4dp);
 + -	if (p4d_none(p4d) || unlikely(p4d_bad(p4d)))
 + +	if (!(vma->vm_flags & (VM_IO | VM_PFNMAP)))
 +  		goto out;
++
 + -	pudp = pud_offset(p4dp, address);
 + -	pud = READ_ONCE(*pudp);
 + -	if (pud_none(pud))
 + +	if (follow_pte(vma->vm_mm, address, &ptep, &ptl))
 +  		goto out;
 + -	if (pud_leaf(pud)) {
 + -		lock = pud_lock(mm, pudp);
 + -		if (!unlikely(pud_leaf(pud))) {
 + -			spin_unlock(lock);
 + -			goto retry;
 + -		}
 + -		pfnmap_args_setup(args, lock, NULL, pud_pgprot(pud),
 + -				  pud_pfn(pud), PUD_MASK, pud_write(pud),
 + -				  pud_special(pud));
 + -		return 0;
 + -	}
 + +	pte = ptep_get(ptep);
++
 + -	pmdp = pmd_offset(pudp, address);
 + -	pmd = pmdp_get_lockless(pmdp);
 + -	if (pmd_leaf(pmd)) {
 + -		lock = pmd_lock(mm, pmdp);
 + -		if (!unlikely(pmd_leaf(pmd))) {
 + -			spin_unlock(lock);
 + -			goto retry;
 + -		}
 + -		pfnmap_args_setup(args, lock, NULL, pmd_pgprot(pmd),
 + -				  pmd_pfn(pmd), PMD_MASK, pmd_write(pmd),
 + -				  pmd_special(pmd));
 + -		return 0;
 + -	}
 + +	/* Never return PFNs of anon folios in COW mappings. */
 + +	if (vm_normal_folio(vma, address, pte))
 + +		goto unlock;
++
 + -	ptep = pte_offset_map_lock(mm, pmdp, address, &lock);
 + -	if (!ptep)
 + -		goto out;
 + -	pte = ptep_get(ptep);
 + -	if (!pte_present(pte))
 + +	if ((flags & FOLL_WRITE) && !pte_write(pte))
 +  		goto unlock;
 + -	pfnmap_args_setup(args, lock, ptep, pte_pgprot(pte),
 + -			  pte_pfn(pte), PAGE_MASK, pte_write(pte),
 + -			  pte_special(pte));
 + -	return 0;
 + +
 + +	*prot = pgprot_val(pte_pgprot(pte));
 + +	*phys = (resource_size_t)pte_pfn(pte) << PAGE_SHIFT;
 + +
 + +	ret = 0;
 +  unlock:
 + -	pte_unmap_unlock(ptep, lock);
 + +	pte_unmap_unlock(ptep, ptl);
 +  out:
 + -	return -EINVAL;
 + -}
 + -EXPORT_SYMBOL_GPL(follow_pfnmap_start);
 + -
 + -/**
 + - * follow_pfnmap_end(): End a follow_pfnmap_start() process
 + - * @args: Pointer to struct @follow_pfnmap_args
 + - *
 + - * Must be used in pair of follow_pfnmap_start().  See the start() function
 + - * above for more information.
 + - */
 + -void follow_pfnmap_end(struct follow_pfnmap_args *args)
 + -{
 + -	if (args->lock)
 + -		spin_unlock(args->lock);
 + -	if (args->ptep)
 + -		pte_unmap(args->ptep);
 + +	return ret;
 +  }
 + -EXPORT_SYMBOL_GPL(follow_pfnmap_end);
++
 + -#ifdef CONFIG_HAVE_IOREMAP_PROT
 +  /**
 +   * generic_access_phys - generic implementation for iomem mmap access
 +   * @vma: the vma to access
 +* Unmerged path include/linux/mm.h
 +* Unmerged path mm/memory.c