root/mm/memory.c

/* */

DEFINITIONS

1. oom
2. free_one_table
3. clear_page_tables
4. free_page_tables
5. clone_page_tables
6. copy_page_tables
7. unmap_page_range
8. zeromap_page_range
9. remap_page_range
10. put_page
11. put_dirty_page
12. __do_wp_page
13. do_wp_page
14. __verify_write
15. verify_area
16. get_empty_page
17. try_to_share
18. share_page
19. get_empty_pgtable
20. do_no_page
21. do_page_fault
22. __bad_pagetable
23. __bad_page
24. __zero_page
25. show_mem
26. paging_init
27. mem_init
28. si_meminfo
29. file_mmap_nopage
30. file_mmap_free
31. file_mmap_share

   1 /*
   2  *  linux/mm/memory.c
   3  *
   4  *  Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
   5  */
   6 
   7 /*
   8  * demand-loading started 01.12.91 - seems it is high on the list of
   9  * things wanted, and it should be easy to implement. - Linus
  10  */
  11 
  12 /*
  13  * Ok, demand-loading was easy, shared pages a little bit tricker. Shared
  14  * pages started 02.12.91, seems to work. - Linus.
  15  *
  16  * Tested sharing by executing about 30 /bin/sh: under the old kernel it
  17  * would have taken more than the 6M I have free, but it worked well as
  18  * far as I could see.
  19  *
  20  * Also corrected some "invalidate()"s - I wasn't doing enough of them.
  21  */
  22 
  23 /*
  24  * Real VM (paging to/from disk) started 18.12.91. Much more work and
  25  * thought has to go into this. Oh, well..
  26  * 19.12.91  -  works, somewhat. Sometimes I get faults, don't know why.
  27  *              Found it. Everything seems to work now.
  28  * 20.12.91  -  Ok, making the swap-device changeable like the root.
  29  */
  30 
  31 /*
  32  * 05.04.94  -  Multi-page memory management added for v1.1.
  33  *              Idea by Alex Bligh (alex@cconcepts.co.uk)
  34  */
  35 
  36 #include <asm/system.h>
  37 #include <linux/config.h>
  38 
  39 #include <linux/signal.h>
  40 #include <linux/sched.h>
  41 #include <linux/head.h>
  42 #include <linux/kernel.h>
  43 #include <linux/errno.h>
  44 #include <linux/string.h>
  45 #include <linux/types.h>
  46 #include <linux/ptrace.h>
  47 #include <linux/mman.h>
  48 #include <linux/segment.h>
  49 #include <asm/segment.h>
  50 
  51 /*
  52  * Define this if things work differently on a i386 and a i486:
  53  * it will (on a i486) warn about kernel memory accesses that are
  54  * done without a 'verify_area(VERIFY_WRITE,..)'
  55  */
  56 #undef CONFIG_TEST_VERIFY_AREA
  57 
  58 unsigned long high_memory = 0;
  59 
  60 extern unsigned long pg0[1024];         /* page table for 0-4MB for everybody */
  61 
  62 extern void sound_mem_init(void);
  63 extern void die_if_kernel(char *,struct pt_regs *,long);
  64 extern void show_net_buffers(void);
  65 
  66 /*
  67  * The free_area_list arrays point to the queue heads of the free areas
  68  * of different sizes
  69  */
  70 int nr_swap_pages = 0;
  71 int nr_free_pages = 0;
  72 struct mem_list free_area_list[NR_MEM_LISTS];
  73 unsigned char * free_area_map[NR_MEM_LISTS];
  74 
  75 #define copy_page(from,to) \
  76 __asm__("cld ; rep ; movsl": :"S" (from),"D" (to),"c" (1024):"cx","di","si")
  77 
  78 unsigned short * mem_map = NULL;
  79 
  80 #define CODE_SPACE(addr,p) ((addr) < (p)->end_code)
  81 
  82 /*
  83  * oom() prints a message (so that the user knows why the process died),
  84  * and gives the process an untrappable SIGKILL.
  85  */
  86 void oom(struct task_struct * task)
     /*  */
  87 {
  88         printk("\nOut of memory.\n");
  89         task->sigaction[SIGKILL-1].sa_handler = NULL;
  90         task->blocked &= ~(1<<(SIGKILL-1));
  91         send_sig(SIGKILL,task,1);
  92 }
  93 
  94 static void free_one_table(unsigned long * page_dir)
     /*  */
  95 {
  96         int j;
  97         unsigned long pg_table = *page_dir;
  98         unsigned long * page_table;
  99 
 100         if (!pg_table)
 101                 return;
 102         *page_dir = 0;
 103         if (pg_table >= high_memory || !(pg_table & PAGE_PRESENT)) {
 104                 printk("Bad page table: [%p]=%08lx\n",page_dir,pg_table);
 105                 return;
 106         }
 107         if (mem_map[MAP_NR(pg_table)] & MAP_PAGE_RESERVED)
 108                 return;
 109         page_table = (unsigned long *) (pg_table & PAGE_MASK);
 110         for (j = 0 ; j < PTRS_PER_PAGE ; j++,page_table++) {
 111                 unsigned long pg = *page_table;
 112                 
 113                 if (!pg)
 114                         continue;
 115                 *page_table = 0;
 116                 if (pg & PAGE_PRESENT)
 117                         free_page(PAGE_MASK & pg);
 118                 else
 119                         swap_free(pg);
 120         }
 121         free_page(PAGE_MASK & pg_table);
 122 }
 123 
 124 /*
 125  * This function clears all user-level page tables of a process - this
 126  * is needed by execve(), so that old pages aren't in the way. Note that
 127  * unlike 'free_page_tables()', this function still leaves a valid
 128  * page-table-tree in memory: it just removes the user pages. The two
 129  * functions are similar, but there is a fundamental difference.
 130  */
 131 void clear_page_tables(struct task_struct * tsk)
     /*  */
 132 {
 133         int i;
 134         unsigned long pg_dir;
 135         unsigned long * page_dir;
 136 
 137         if (!tsk)
 138                 return;
 139         if (tsk == task[0])
 140                 panic("task[0] (swapper) doesn't support exec()\n");
 141         pg_dir = tsk->tss.cr3;
 142         page_dir = (unsigned long *) pg_dir;
 143         if (!page_dir || page_dir == swapper_pg_dir) {
 144                 printk("Trying to clear kernel page-directory: not good\n");
 145                 return;
 146         }
 147         if (mem_map[MAP_NR(pg_dir)] > 1) {
 148                 unsigned long * new_pg;
 149 
 150                 if (!(new_pg = (unsigned long*) get_free_page(GFP_KERNEL))) {
 151                         oom(tsk);
 152                         return;
 153                 }
 154                 for (i = 768 ; i < 1024 ; i++)
 155                         new_pg[i] = page_dir[i];
 156                 free_page(pg_dir);
 157                 tsk->tss.cr3 = (unsigned long) new_pg;
 158                 return;
 159         }
 160         for (i = 0 ; i < 768 ; i++,page_dir++)
 161                 free_one_table(page_dir);
 162         invalidate();
 163         return;
 164 }
 165 
 166 /*
 167  * This function frees up all page tables of a process when it exits.
 168  */
 169 void free_page_tables(struct task_struct * tsk)
     /*  */
 170 {
 171         int i;
 172         unsigned long pg_dir;
 173         unsigned long * page_dir;
 174 
 175         if (!tsk)
 176                 return;
 177         if (tsk == task[0]) {
 178                 printk("task[0] (swapper) killed: unable to recover\n");
 179                 panic("Trying to free up swapper memory space");
 180         }
 181         pg_dir = tsk->tss.cr3;
 182         if (!pg_dir || pg_dir == (unsigned long) swapper_pg_dir) {
 183                 printk("Trying to free kernel page-directory: not good\n");
 184                 return;
 185         }
 186         tsk->tss.cr3 = (unsigned long) swapper_pg_dir;
 187         if (tsk == current)
 188                 __asm__ __volatile__("movl %0,%%cr3": :"a" (tsk->tss.cr3));
 189         if (mem_map[MAP_NR(pg_dir)] > 1) {
 190                 free_page(pg_dir);
 191                 return;
 192         }
 193         page_dir = (unsigned long *) pg_dir;
 194         for (i = 0 ; i < PTRS_PER_PAGE ; i++,page_dir++)
 195                 free_one_table(page_dir);
 196         free_page(pg_dir);
 197         invalidate();
 198 }
 199 
 200 /*
 201  * clone_page_tables() clones the page table for a process - both
 202  * processes will have the exact same pages in memory. There are
 203  * probably races in the memory management with cloning, but we'll
 204  * see..
 205  */
 206 int clone_page_tables(struct task_struct * tsk)
     /*  */
 207 {
 208         unsigned long pg_dir;
 209 
 210         pg_dir = current->tss.cr3;
 211         mem_map[MAP_NR(pg_dir)]++;
 212         tsk->tss.cr3 = pg_dir;
 213         return 0;
 214 }
 215 
 216 /*
 217  * copy_page_tables() just copies the whole process memory range:
 218  * note the special handling of RESERVED (ie kernel) pages, which
 219  * means that they are always shared by all processes.
 220  */
 221 int copy_page_tables(struct task_struct * tsk)
     /*  */
 222 {
 223         int i;
 224         unsigned long old_pg_dir, *old_page_dir;
 225         unsigned long new_pg_dir, *new_page_dir;
 226 
 227         if (!(new_pg_dir = get_free_page(GFP_KERNEL)))
 228                 return -ENOMEM;
 229         old_pg_dir = current->tss.cr3;
 230         tsk->tss.cr3 = new_pg_dir;
 231         old_page_dir = (unsigned long *) old_pg_dir;
 232         new_page_dir = (unsigned long *) new_pg_dir;
 233         for (i = 0 ; i < PTRS_PER_PAGE ; i++,old_page_dir++,new_page_dir++) {
 234                 int j;
 235                 unsigned long old_pg_table, *old_page_table;
 236                 unsigned long new_pg_table, *new_page_table;
 237 
 238                 old_pg_table = *old_page_dir;
 239                 if (!old_pg_table)
 240                         continue;
 241                 if (old_pg_table >= high_memory || !(old_pg_table & PAGE_PRESENT)) {
 242                         printk("copy_page_tables: bad page table: "
 243                                 "probable memory corruption");
 244                         *old_page_dir = 0;
 245                         continue;
 246                 }
 247                 if (mem_map[MAP_NR(old_pg_table)] & MAP_PAGE_RESERVED) {
 248                         *new_page_dir = old_pg_table;
 249                         continue;
 250                 }
 251                 if (!(new_pg_table = get_free_page(GFP_KERNEL))) {
 252                         free_page_tables(tsk);
 253                         return -ENOMEM;
 254                 }
 255                 old_page_table = (unsigned long *) (PAGE_MASK & old_pg_table);
 256                 new_page_table = (unsigned long *) (PAGE_MASK & new_pg_table);
 257                 for (j = 0 ; j < PTRS_PER_PAGE ; j++,old_page_table++,new_page_table++) {
 258                         unsigned long pg;
 259                         pg = *old_page_table;
 260                         if (!pg)
 261                                 continue;
 262                         if (!(pg & PAGE_PRESENT)) {
 263                                 *new_page_table = swap_duplicate(pg);
 264                                 continue;
 265                         }
 266                         if ((pg & (PAGE_RW | PAGE_COW)) == (PAGE_RW | PAGE_COW))
 267                                 pg &= ~PAGE_RW;
 268                         *new_page_table = pg;
 269                         if (mem_map[MAP_NR(pg)] & MAP_PAGE_RESERVED)
 270                                 continue;
 271                         *old_page_table = pg;
 272                         mem_map[MAP_NR(pg)]++;
 273                 }
 274                 *new_page_dir = new_pg_table | PAGE_TABLE;
 275         }
 276         invalidate();
 277         return 0;
 278 }
 279 
 280 /*
 281  * a more complete version of free_page_tables which performs with page
 282  * granularity.
 283  */
 284 int unmap_page_range(unsigned long from, unsigned long size)
     /*  */
 285 {
 286         unsigned long page, page_dir;
 287         unsigned long *page_table, *dir;
 288         unsigned long poff, pcnt, pc;
 289 
 290         if (from & ~PAGE_MASK) {
 291                 printk("unmap_page_range called with wrong alignment\n");
 292                 return -EINVAL;
 293         }
 294         size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
 295         dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
 296         poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
 297         if ((pcnt = PTRS_PER_PAGE - poff) > size)
 298                 pcnt = size;
 299 
 300         for ( ; size > 0; ++dir, size -= pcnt,
 301              pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size)) {
 302                 if (!(page_dir = *dir)) {
 303                         poff = 0;
 304                         continue;
 305                 }
 306                 if (!(page_dir & PAGE_PRESENT)) {
 307                         printk("unmap_page_range: bad page directory.");
 308                         continue;
 309                 }
 310                 page_table = (unsigned long *)(PAGE_MASK & page_dir);
 311                 if (poff) {
 312                         page_table += poff;
 313                         poff = 0;
 314                 }
 315                 for (pc = pcnt; pc--; page_table++) {
 316                         if ((page = *page_table) != 0) {
 317                                 *page_table = 0;
 318                                 if (1 & page) {
 319                                         if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
 320                                                 if (current->mm->rss > 0)
 321                                                         --current->mm->rss;
 322                                         free_page(PAGE_MASK & page);
 323                                 } else
 324                                         swap_free(page);
 325                         }
 326                 }
 327                 if (pcnt == PTRS_PER_PAGE) {
 328                         *dir = 0;
 329                         free_page(PAGE_MASK & page_dir);
 330                 }
 331         }
 332         invalidate();
 333         return 0;
 334 }
 335 
 336 int zeromap_page_range(unsigned long from, unsigned long size, int mask)
     /*  */
 337 {
 338         unsigned long *page_table, *dir;
 339         unsigned long poff, pcnt;
 340         unsigned long page;
 341 
 342         if (mask) {
 343                 if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) {
 344                         printk("zeromap_page_range: mask = %08x\n",mask);
 345                         return -EINVAL;
 346                 }
 347                 mask |= ZERO_PAGE;
 348         }
 349         if (from & ~PAGE_MASK) {
 350                 printk("zeromap_page_range: from = %08lx\n",from);
 351                 return -EINVAL;
 352         }
 353         dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
 354         size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
 355         poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
 356         if ((pcnt = PTRS_PER_PAGE - poff) > size)
 357                 pcnt = size;
 358 
 359         while (size > 0) {
 360                 if (!(PAGE_PRESENT & *dir)) {
 361                                 /* clear page needed here?  SRB. */
 362                         if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
 363                                 invalidate();
 364                                 return -ENOMEM;
 365                         }
 366                         if (PAGE_PRESENT & *dir) {
 367                                 free_page((unsigned long) page_table);
 368                                 page_table = (unsigned long *)(PAGE_MASK & *dir++);
 369                         } else
 370                                 *dir++ = ((unsigned long) page_table) | PAGE_TABLE;
 371                 } else
 372                         page_table = (unsigned long *)(PAGE_MASK & *dir++);
 373                 page_table += poff;
 374                 poff = 0;
 375                 for (size -= pcnt; pcnt-- ;) {
 376                         if ((page = *page_table) != 0) {
 377                                 *page_table = 0;
 378                                 if (page & PAGE_PRESENT) {
 379                                         if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
 380                                                 if (current->mm->rss > 0)
 381                                                         --current->mm->rss;
 382                                         free_page(PAGE_MASK & page);
 383                                 } else
 384                                         swap_free(page);
 385                         }
 386                         *page_table++ = mask;
 387                 }
 388                 pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
 389         }
 390         invalidate();
 391         return 0;
 392 }
 393 
 394 /*
 395  * maps a range of physical memory into the requested pages. the old
 396  * mappings are removed. any references to nonexistent pages results
 397  * in null mappings (currently treated as "copy-on-access")
 398  */
 399 int remap_page_range(unsigned long from, unsigned long to, unsigned long size, int mask)
     /*  */
 400 {
 401         unsigned long *page_table, *dir;
 402         unsigned long poff, pcnt;
 403         unsigned long page;
 404 
 405         if (mask) {
 406                 if ((mask & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT) {
 407                         printk("remap_page_range: mask = %08x\n",mask);
 408                         return -EINVAL;
 409                 }
 410         }
 411         if ((from & ~PAGE_MASK) || (to & ~PAGE_MASK)) {
 412                 printk("remap_page_range: from = %08lx, to=%08lx\n",from,to);
 413                 return -EINVAL;
 414         }
 415         dir = PAGE_DIR_OFFSET(current->tss.cr3,from);
 416         size = (size + ~PAGE_MASK) >> PAGE_SHIFT;
 417         poff = (from >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
 418         if ((pcnt = PTRS_PER_PAGE - poff) > size)
 419                 pcnt = size;
 420 
 421         while (size > 0) {
 422                 if (!(PAGE_PRESENT & *dir)) {
 423                         /* clearing page here, needed?  SRB. */
 424                         if (!(page_table = (unsigned long*) get_free_page(GFP_KERNEL))) {
 425                                 invalidate();
 426                                 return -1;
 427                         }
 428                         *dir++ = ((unsigned long) page_table) | PAGE_TABLE;
 429                 }
 430                 else
 431                         page_table = (unsigned long *)(PAGE_MASK & *dir++);
 432                 if (poff) {
 433                         page_table += poff;
 434                         poff = 0;
 435                 }
 436 
 437                 for (size -= pcnt; pcnt-- ;) {
 438                         if ((page = *page_table) != 0) {
 439                                 *page_table = 0;
 440                                 if (PAGE_PRESENT & page) {
 441                                         if (!(mem_map[MAP_NR(page)] & MAP_PAGE_RESERVED))
 442                                                 if (current->mm->rss > 0)
 443                                                         --current->mm->rss;
 444                                         free_page(PAGE_MASK & page);
 445                                 } else
 446                                         swap_free(page);
 447                         }
 448 
 449                         /*
 450                          * the first condition should return an invalid access
 451                          * when the page is referenced. current assumptions
 452                          * cause it to be treated as demand allocation in some
 453                          * cases.
 454                          */
 455                         if (!mask)
 456                                 *page_table++ = 0;      /* not present */
 457                         else if (to >= high_memory)
 458                                 *page_table++ = (to | mask);
 459                         else if (!mem_map[MAP_NR(to)])
 460                                 *page_table++ = 0;      /* not present */
 461                         else {
 462                                 *page_table++ = (to | mask);
 463                                 if (!(mem_map[MAP_NR(to)] & MAP_PAGE_RESERVED)) {
 464                                         ++current->mm->rss;
 465                                         mem_map[MAP_NR(to)]++;
 466                                 }
 467                         }
 468                         to += PAGE_SIZE;
 469                 }
 470                 pcnt = (size > PTRS_PER_PAGE ? PTRS_PER_PAGE : size);
 471         }
 472         invalidate();
 473         return 0;
 474 }
 475 
 476 /*
 477  * This function puts a page in memory at the wanted address.
 478  * It returns the physical address of the page gotten, 0 if
 479  * out of memory (either when trying to access page-table or
 480  * page.)
 481  */
 482 unsigned long put_page(struct task_struct * tsk,unsigned long page,
     /*  */
 483         unsigned long address,int prot)
 484 {
 485         unsigned long *page_table;
 486 
 487         if ((prot & (PAGE_MASK|PAGE_PRESENT)) != PAGE_PRESENT)
 488                 printk("put_page: prot = %08x\n",prot);
 489         if (page >= high_memory) {
 490                 printk("put_page: trying to put page %08lx at %08lx\n",page,address);
 491                 return 0;
 492         }
 493         page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 494         if ((*page_table) & PAGE_PRESENT)
 495                 page_table = (unsigned long *) (PAGE_MASK & *page_table);
 496         else {
 497                 printk("put_page: bad page directory entry\n");
 498                 oom(tsk);
 499                 *page_table = BAD_PAGETABLE | PAGE_TABLE;
 500                 return 0;
 501         }
 502         page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
 503         if (*page_table) {
 504                 printk("put_page: page already exists\n");
 505                 *page_table = 0;
 506                 invalidate();
 507         }
 508         *page_table = page | prot;
 509 /* no need for invalidate */
 510         return page;
 511 }
 512 
 513 /*
 514  * The previous function doesn't work very well if you also want to mark
 515  * the page dirty: exec.c wants this, as it has earlier changed the page,
 516  * and we want the dirty-status to be correct (for VM). Thus the same
 517  * routine, but this time we mark it dirty too.
 518  */
 519 unsigned long put_dirty_page(struct task_struct * tsk, unsigned long page, unsigned long address)
     /*  */
 520 {
 521         unsigned long tmp, *page_table;
 522 
 523         if (page >= high_memory)
 524                 printk("put_dirty_page: trying to put page %08lx at %08lx\n",page,address);
 525         if (mem_map[MAP_NR(page)] != 1)
 526                 printk("mem_map disagrees with %08lx at %08lx\n",page,address);
 527         page_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 528         if (PAGE_PRESENT & *page_table)
 529                 page_table = (unsigned long *) (PAGE_MASK & *page_table);
 530         else {
 531                 if (!(tmp = get_free_page(GFP_KERNEL)))
 532                         return 0;
 533                 if (PAGE_PRESENT & *page_table) {
 534                         free_page(tmp);
 535                         page_table = (unsigned long *) (PAGE_MASK & *page_table);
 536                 } else {
 537                         *page_table = tmp | PAGE_TABLE;
 538                         page_table = (unsigned long *) tmp;
 539                 }
 540         }
 541         page_table += (address >> PAGE_SHIFT) & (PTRS_PER_PAGE-1);
 542         if (*page_table) {
 543                 printk("put_dirty_page: page already exists\n");
 544                 *page_table = 0;
 545                 invalidate();
 546         }
 547         *page_table = page | (PAGE_DIRTY | PAGE_PRIVATE);
 548 /* no need for invalidate */
 549         return page;
 550 }
 551 
 552 /*
 553  * This routine handles present pages, when users try to write
 554  * to a shared page. It is done by copying the page to a new address
 555  * and decrementing the shared-page counter for the old page.
 556  *
 557  * Note that we do many checks twice (look at do_wp_page()), as
 558  * we have to be careful about race-conditions.
 559  *
 560  * Goto-purists beware: the only reason for goto's here is that it results
 561  * in better assembly code.. The "default" path will see no jumps at all.
 562  */
 563 static void __do_wp_page(unsigned long error_code, unsigned long address,
     /*  */
 564         struct task_struct * tsk, unsigned long user_esp)
 565 {
 566         unsigned long *pde, pte, old_page, prot;
 567         unsigned long new_page;
 568 
 569         new_page = __get_free_page(GFP_KERNEL);
 570         pde = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 571         pte = *pde;
 572         if (!(pte & PAGE_PRESENT))
 573                 goto end_wp_page;
 574         if ((pte & PAGE_TABLE) != PAGE_TABLE || pte >= high_memory)
 575                 goto bad_wp_pagetable;
 576         pte &= PAGE_MASK;
 577         pte += PAGE_PTR(address);
 578         old_page = *(unsigned long *) pte;
 579         if (!(old_page & PAGE_PRESENT))
 580                 goto end_wp_page;
 581         if (old_page >= high_memory)
 582                 goto bad_wp_page;
 583         if (old_page & PAGE_RW)
 584                 goto end_wp_page;
 585         tsk->mm->min_flt++;
 586         prot = (old_page & ~PAGE_MASK) | PAGE_RW;
 587         old_page &= PAGE_MASK;
 588         if (mem_map[MAP_NR(old_page)] != 1) {
 589                 if (new_page) {
 590                         if (mem_map[MAP_NR(old_page)] & MAP_PAGE_RESERVED)
 591                                 ++tsk->mm->rss;
 592                         copy_page(old_page,new_page);
 593                         *(unsigned long *) pte = new_page | prot;
 594                         free_page(old_page);
 595                         invalidate();
 596                         return;
 597                 }
 598                 free_page(old_page);
 599                 oom(tsk);
 600                 *(unsigned long *) pte = BAD_PAGE | prot;
 601                 invalidate();
 602                 return;
 603         }
 604         *(unsigned long *) pte |= PAGE_RW;
 605         invalidate();
 606         if (new_page)
 607                 free_page(new_page);
 608         return;
 609 bad_wp_page:
 610         printk("do_wp_page: bogus page at address %08lx (%08lx)\n",address,old_page);
 611         *(unsigned long *) pte = BAD_PAGE | PAGE_SHARED;
 612         send_sig(SIGKILL, tsk, 1);
 613         goto end_wp_page;
 614 bad_wp_pagetable:
 615         printk("do_wp_page: bogus page-table at address %08lx (%08lx)\n",address,pte);
 616         *pde = BAD_PAGETABLE | PAGE_TABLE;
 617         send_sig(SIGKILL, tsk, 1);
 618 end_wp_page:
 619         if (new_page)
 620                 free_page(new_page);
 621         return;
 622 }
 623 
 624 /*
 625  * check that a page table change is actually needed, and call
 626  * the low-level function only in that case..
 627  */
 628 void do_wp_page(unsigned long error_code, unsigned long address,
     /*  */
 629         struct task_struct * tsk, unsigned long user_esp)
 630 {
 631         unsigned long page;
 632         unsigned long * pg_table;
 633 
 634         pg_table = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 635         page = *pg_table;
 636         if (!page)
 637                 return;
 638         if ((page & PAGE_PRESENT) && page < high_memory) {
 639                 pg_table = (unsigned long *) ((page & PAGE_MASK) + PAGE_PTR(address));
 640                 page = *pg_table;
 641                 if (!(page & PAGE_PRESENT))
 642                         return;
 643                 if (page & PAGE_RW)
 644                         return;
 645                 if (!(page & PAGE_COW)) {
 646                         if (user_esp && tsk == current) {
 647                                 current->tss.cr2 = address;
 648                                 current->tss.error_code = error_code;
 649                                 current->tss.trap_no = 14;
 650                                 send_sig(SIGSEGV, tsk, 1);
 651                                 return;
 652                         }
 653                 }
 654                 if (mem_map[MAP_NR(page)] == 1) {
 655                         *pg_table |= PAGE_RW | PAGE_DIRTY;
 656                         invalidate();
 657                         return;
 658                 }
 659                 __do_wp_page(error_code, address, tsk, user_esp);
 660                 return;
 661         }
 662         printk("bad page directory entry %08lx\n",page);
 663         *pg_table = 0;
 664 }
 665 
 666 static int __verify_write(unsigned long start, unsigned long size)
     /*  */
 667 {
 668         size--;
 669         size += start & ~PAGE_MASK;
 670         size >>= PAGE_SHIFT;
 671         start &= PAGE_MASK;
 672         do {
 673                 do_wp_page(1,start,current,0);
 674                 start += PAGE_SIZE;
 675         } while (size--);
 676         return 0;
 677 }
 678 
 679 int verify_area(int type, const void * addr, unsigned long size)
     /*  */
 680 {
 681         struct vm_area_struct * vma;
 682 
 683         /* If the current user space is mapped to kernel space (for the
 684          * case where we use a fake user buffer with get_fs/set_fs()) we
 685          * don't expect to find the address in the user vm map.
 686          */
 687         if (get_fs() == get_ds())
 688                 return 0;
 689 
 690         for (vma = current->mm->mmap ; ; vma = vma->vm_next) {
 691                 if (!vma)
 692                         goto bad_area;
 693                 if (vma->vm_end > (unsigned long) addr)
 694                         break;
 695         }
 696         if (vma->vm_start <= (unsigned long) addr)
 697                 goto good_area;
 698         if (!(vma->vm_flags & VM_GROWSDOWN))
 699                 goto bad_area;
 700         if (vma->vm_end - (unsigned long) addr > current->rlim[RLIMIT_STACK].rlim_cur)
 701                 goto bad_area;
 702 good_area:
 703         while (vma->vm_end - (unsigned long) addr < size) {
 704                 struct vm_area_struct * next = vma->vm_next;
 705                 if (!next)
 706                         goto bad_area;
 707                 if (vma->vm_end != next->vm_start)
 708                         goto bad_area;
 709                 vma = next;
 710         }
 711         if (wp_works_ok || type == VERIFY_READ || !size)
 712                 return 0;
 713         return __verify_write((unsigned long) addr,size);
 714 bad_area:
 715         return -EFAULT;
 716 }
 717 
 718 static inline void get_empty_page(struct task_struct * tsk, unsigned long address)
     /*  */
 719 {
 720         unsigned long tmp;
 721 
 722         if (!(tmp = get_free_page(GFP_KERNEL))) {
 723                 oom(tsk);
 724                 tmp = BAD_PAGE;
 725         }
 726         if (!put_page(tsk,tmp,address,PAGE_PRIVATE))
 727                 free_page(tmp);
 728 }
 729 
 730 /*
 731  * try_to_share() checks the page at address "address" in the task "p",
 732  * to see if it exists, and if it is clean. If so, share it with the current
 733  * task.
 734  *
 735  * NOTE! This assumes we have checked that p != current, and that they
 736  * share the same executable or library.
 737  *
 738  * We may want to fix this to allow page sharing for PIC pages at different
 739  * addresses so that ELF will really perform properly. As long as the vast
 740  * majority of sharable libraries load at fixed addresses this is not a
 741  * big concern. Any sharing of pages between the buffer cache and the
 742  * code space reduces the need for this as well.  - ERY
 743  */
 744 static int try_to_share(unsigned long address, struct task_struct * tsk,
     /*  */
 745         struct task_struct * p, unsigned long error_code, unsigned long newpage)
 746 {
 747         unsigned long from;
 748         unsigned long to;
 749         unsigned long from_page;
 750         unsigned long to_page;
 751 
 752         from_page = (unsigned long)PAGE_DIR_OFFSET(p->tss.cr3,address);
 753         to_page = (unsigned long)PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 754 /* is there a page-directory at from? */
 755         from = *(unsigned long *) from_page;
 756         if (!(from & PAGE_PRESENT))
 757                 return 0;
 758         from &= PAGE_MASK;
 759         from_page = from + PAGE_PTR(address);
 760         from = *(unsigned long *) from_page;
 761 /* is the page clean and present? */
 762         if ((from & (PAGE_PRESENT | PAGE_DIRTY)) != PAGE_PRESENT)
 763                 return 0;
 764         if (from >= high_memory)
 765                 return 0;
 766         if (mem_map[MAP_NR(from)] & MAP_PAGE_RESERVED)
 767                 return 0;
 768 /* is the destination ok? */
 769         to = *(unsigned long *) to_page;
 770         if (!(to & PAGE_PRESENT))
 771                 return 0;
 772         to &= PAGE_MASK;
 773         to_page = to + PAGE_PTR(address);
 774         if (*(unsigned long *) to_page)
 775                 return 0;
 776 /* share them if read - do COW immediately otherwise */
 777         if (error_code & PAGE_RW) {
 778                 if(!newpage)    /* did the page exist?  SRB. */
 779                         return 0;
 780                 copy_page((from & PAGE_MASK),newpage);
 781                 to = newpage | PAGE_PRIVATE;
 782         } else {
 783                 mem_map[MAP_NR(from)]++;
 784                 from &= ~PAGE_RW;
 785                 to = from;
 786                 if(newpage)     /* only if it existed. SRB. */
 787                         free_page(newpage);
 788         }
 789         *(unsigned long *) from_page = from;
 790         *(unsigned long *) to_page = to;
 791         invalidate();
 792         return 1;
 793 }
 794 
 795 /*
 796  * share_page() tries to find a process that could share a page with
 797  * the current one. Address is the address of the wanted page relative
 798  * to the current data space.
 799  *
 800  * We first check if it is at all feasible by checking executable->i_count.
 801  * It should be >1 if there are other tasks sharing this inode.
 802  */
 803 int share_page(struct vm_area_struct * area, struct task_struct * tsk,
     /*  */
 804         struct inode * inode,
 805         unsigned long address, unsigned long error_code, unsigned long newpage)
 806 {
 807         struct task_struct ** p;
 808 
 809         if (!inode || inode->i_count < 2 || !area->vm_ops)
 810                 return 0;
 811         for (p = &LAST_TASK ; p > &FIRST_TASK ; --p) {
 812                 if (!*p)
 813                         continue;
 814                 if (tsk == *p)
 815                         continue;
 816                 if (inode != (*p)->executable) {
 817                           if(!area) continue;
 818                         /* Now see if there is something in the VMM that
 819                            we can share pages with */
 820                         if(area){
 821                           struct vm_area_struct * mpnt;
 822                           for (mpnt = (*p)->mm->mmap; mpnt; mpnt = mpnt->vm_next) {
 823                             if (mpnt->vm_ops == area->vm_ops &&
 824                                mpnt->vm_inode->i_ino == area->vm_inode->i_ino&&
 825                                mpnt->vm_inode->i_dev == area->vm_inode->i_dev){
 826                               if (mpnt->vm_ops->share(mpnt, area, address))
 827                                 break;
 828                             };
 829                           };
 830                           if (!mpnt) continue;  /* Nope.  Nuthin here */
 831                         };
 832                 }
 833                 if (try_to_share(address,tsk,*p,error_code,newpage))
 834                         return 1;
 835         }
 836         return 0;
 837 }
 838 
 839 /*
 840  * fill in an empty page-table if none exists.
 841  */
 842 static inline unsigned long get_empty_pgtable(struct task_struct * tsk,unsigned long address)
     /*  */
 843 {
 844         unsigned long page;
 845         unsigned long *p;
 846 
 847         p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 848         if (PAGE_PRESENT & *p)
 849                 return *p;
 850         if (*p) {
 851                 printk("get_empty_pgtable: bad page-directory entry \n");
 852                 *p = 0;
 853         }
 854         page = get_free_page(GFP_KERNEL);
 855         p = PAGE_DIR_OFFSET(tsk->tss.cr3,address);
 856         if (PAGE_PRESENT & *p) {
 857                 free_page(page);
 858                 return *p;
 859         }
 860         if (*p) {
 861                 printk("get_empty_pgtable: bad page-directory entry \n");
 862                 *p = 0;
 863         }
 864         if (page) {
 865                 *p = page | PAGE_TABLE;
 866                 return *p;
 867         }
 868         oom(current);
 869         *p = BAD_PAGETABLE | PAGE_TABLE;
 870         return 0;
 871 }
 872 
 873 void do_no_page(unsigned long error_code, unsigned long address,
     /*  */
 874         struct task_struct *tsk, unsigned long user_esp)
 875 {
 876         unsigned long tmp;
 877         unsigned long page;
 878         struct vm_area_struct * mpnt;
 879 
 880         page = get_empty_pgtable(tsk,address);
 881         if (!page)
 882                 return;
 883         page &= PAGE_MASK;
 884         page += PAGE_PTR(address);
 885         tmp = *(unsigned long *) page;
 886         if (tmp & PAGE_PRESENT)
 887                 return;
 888         if (tmp) {
 889                 ++tsk->mm->rss;
 890                 ++tsk->mm->maj_flt;
 891                 swap_in((unsigned long *) page);
 892                 return;
 893         }
 894         address &= 0xfffff000;
 895         tmp = 0;
 896         for (mpnt = tsk->mm->mmap; mpnt != NULL; mpnt = mpnt->vm_next) {
 897                 if (address < mpnt->vm_start)
 898                         break;
 899                 if (address >= mpnt->vm_end) {
 900                         tmp = mpnt->vm_end;
 901                         continue;
 902                 }
 903                 if (!mpnt->vm_ops || !mpnt->vm_ops->nopage) {
 904                         ++tsk->mm->rss;
 905                         ++tsk->mm->min_flt;
 906                         get_empty_page(tsk,address);
 907                         return;
 908                 }
 909                 ++tsk->mm->rss;
 910                 mpnt->vm_ops->nopage(error_code, mpnt, address);
 911                 return;
 912         }
 913         if (tsk != current)
 914                 goto ok_no_page;
 915         if (address >= tsk->mm->end_data && address < tsk->mm->brk)
 916                 goto ok_no_page;
 917         if (mpnt && (mpnt->vm_flags & VM_GROWSDOWN) &&
 918             address - tmp > mpnt->vm_start - address &&
 919             tsk->rlim[RLIMIT_STACK].rlim_cur > mpnt->vm_end - address) {
 920                 mpnt->vm_start = address;
 921                 goto ok_no_page;
 922         }
 923         tsk->tss.cr2 = address;
 924         current->tss.error_code = error_code;
 925         current->tss.trap_no = 14;
 926         send_sig(SIGSEGV,tsk,1);
 927         if (error_code & 4)     /* user level access? */
 928                 return;
 929 ok_no_page:
 930         ++tsk->mm->rss;
 931         ++tsk->mm->min_flt;
 932         get_empty_page(tsk,address);
 933 }
 934 
 935 /*
 936  * This routine handles page faults.  It determines the address,
 937  * and the problem, and then passes it off to one of the appropriate
 938  * routines.
 939  */
 940 asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
     /*  */
 941 {
 942         unsigned long address;
 943         unsigned long user_esp = 0;
 944         unsigned int bit;
 945 
 946         /* get the address */
 947         __asm__("movl %%cr2,%0":"=r" (address));
 948         if (address < TASK_SIZE) {
 949                 if (error_code & 4) {   /* user mode access? */
 950                         if (regs->eflags & VM_MASK) {
 951                                 bit = (address - 0xA0000) >> PAGE_SHIFT;
 952                                 if (bit < 32)
 953                                         current->screen_bitmap |= 1 << bit;
 954                         } else 
 955                                 user_esp = regs->esp;
 956                 }
 957                 if (error_code & PAGE_PRESENT) {
 958 #ifdef CONFIG_TEST_VERIFY_AREA
 959                         if (regs->cs == KERNEL_CS)
 960                                 printk("WP fault at %08x\n", regs->eip);
 961 #endif
 962                         do_wp_page(error_code, address, current, user_esp);
 963                 } else {
 964                         do_no_page(error_code, address, current, user_esp);
 965                 }
 966                 return;
 967         }
 968         address -= TASK_SIZE;
 969         if (wp_works_ok < 0 && address == 0 && (error_code & PAGE_PRESENT)) {
 970                 wp_works_ok = 1;
 971                 pg0[0] = PAGE_SHARED;
 972                 printk("This processor honours the WP bit even when in supervisor mode. Good.\n");
 973                 return;
 974         }
 975         if (address < PAGE_SIZE) {
 976                 printk(KERN_ALERT "Unable to handle kernel NULL pointer dereference");
 977                 pg0[0] = PAGE_SHARED;
 978         } else
 979                 printk(KERN_ALERT "Unable to handle kernel paging request");
 980         printk(" at kernel address %08lx\n",address);
 981         address += TASK_SIZE;
 982         __asm__("movl %%cr3,%0" : "=r" (user_esp));
 983         printk(KERN_ALERT "current->tss.cr3 = %08lx, %%cr3 = %08lx\n",
 984                 current->tss.cr3, user_esp);
 985         user_esp = ((unsigned long *) user_esp)[address >> 22];
 986         printk(KERN_ALERT "*pde = %08lx\n", user_esp);
 987         if (user_esp & PAGE_PRESENT) {
 988                 user_esp &= PAGE_MASK;
 989                 address &= 0x003ff000;
 990                 user_esp = ((unsigned long *) user_esp)[address >> PAGE_SHIFT];
 991                 printk(KERN_ALERT "*pte = %08lx\n", user_esp);
 992         }
 993         die_if_kernel("Oops", regs, error_code);
 994         do_exit(SIGKILL);
 995 }
 996 
 997 /*
 998  * BAD_PAGE is the page that is used for page faults when linux
 999  * is out-of-memory. Older versions of linux just did a
1000  * do_exit(), but using this instead means there is less risk
1001  * for a process dying in kernel mode, possibly leaving a inode
1002  * unused etc..
1003  *
1004  * BAD_PAGETABLE is the accompanying page-table: it is initialized
1005  * to point to BAD_PAGE entries.
1006  *
1007  * ZERO_PAGE is a special page that is used for zero-initialized
1008  * data and COW.
1009  */
1010 unsigned long __bad_pagetable(void)
     /*  */
1011 {
1012         extern char empty_bad_page_table[PAGE_SIZE];
1013 
1014         __asm__ __volatile__("cld ; rep ; stosl":
1015                 :"a" (BAD_PAGE + PAGE_TABLE),
1016                  "D" ((long) empty_bad_page_table),
1017                  "c" (PTRS_PER_PAGE)
1018                 :"di","cx");
1019         return (unsigned long) empty_bad_page_table;
1020 }
1021 
1022 unsigned long __bad_page(void)
     /*  */
1023 {
1024         extern char empty_bad_page[PAGE_SIZE];
1025 
1026         __asm__ __volatile__("cld ; rep ; stosl":
1027                 :"a" (0),
1028                  "D" ((long) empty_bad_page),
1029                  "c" (PTRS_PER_PAGE)
1030                 :"di","cx");
1031         return (unsigned long) empty_bad_page;
1032 }
1033 
1034 unsigned long __zero_page(void)
     /*  */
1035 {
1036         extern char empty_zero_page[PAGE_SIZE];
1037 
1038         __asm__ __volatile__("cld ; rep ; stosl":
1039                 :"a" (0),
1040                  "D" ((long) empty_zero_page),
1041                  "c" (PTRS_PER_PAGE)
1042                 :"di","cx");
1043         return (unsigned long) empty_zero_page;
1044 }
1045 
1046 void show_mem(void)
     /*  */
1047 {
1048         int i,free = 0,total = 0,reserved = 0;
1049         int shared = 0;
1050 
1051         printk("Mem-info:\n");
1052         show_free_areas();
1053         printk("Free swap:       %6dkB\n",nr_swap_pages<<(PAGE_SHIFT-10));
1054         i = high_memory >> PAGE_SHIFT;
1055         while (i-- > 0) {
1056                 total++;
1057                 if (mem_map[i] & MAP_PAGE_RESERVED)
1058                         reserved++;
1059                 else if (!mem_map[i])
1060                         free++;
1061                 else
1062                         shared += mem_map[i]-1;
1063         }
1064         printk("%d pages of RAM\n",total);
1065         printk("%d free pages\n",free);
1066         printk("%d reserved pages\n",reserved);
1067         printk("%d pages shared\n",shared);
1068         show_buffers();
1069 #ifdef CONFIG_NET
1070         show_net_buffers();
1071 #endif
1072 }
1073 
1074 extern unsigned long free_area_init(unsigned long, unsigned long);
1075 
1076 /*
1077  * paging_init() sets up the page tables - note that the first 4MB are
1078  * already mapped by head.S.
1079  *
1080  * This routines also unmaps the page at virtual kernel address 0, so
1081  * that we can trap those pesky NULL-reference errors in the kernel.
1082  */
1083 unsigned long paging_init(unsigned long start_mem, unsigned long end_mem)
     /*  */
1084 {
1085         unsigned long * pg_dir;
1086         unsigned long * pg_table;
1087         unsigned long tmp;
1088         unsigned long address;
1089 
1090 /*
1091  * Physical page 0 is special; it's not touched by Linux since BIOS
1092  * and SMM (for laptops with [34]86/SL chips) may need it.  It is read
1093  * and write protected to detect null pointer references in the
1094  * kernel.
1095  */
1096 #if 0
1097         memset((void *) 0, 0, PAGE_SIZE);
1098 #endif
1099         start_mem = PAGE_ALIGN(start_mem);
1100         address = 0;
1101         pg_dir = swapper_pg_dir;
1102         while (address < end_mem) {
1103                 tmp = *(pg_dir + 768);          /* at virtual addr 0xC0000000 */
1104                 if (!tmp) {
1105                         tmp = start_mem | PAGE_TABLE;
1106                         *(pg_dir + 768) = tmp;
1107                         start_mem += PAGE_SIZE;
1108                 }
1109                 *pg_dir = tmp;                  /* also map it in at 0x0000000 for init */
1110                 pg_dir++;
1111                 pg_table = (unsigned long *) (tmp & PAGE_MASK);
1112                 for (tmp = 0 ; tmp < PTRS_PER_PAGE ; tmp++,pg_table++) {
1113                         if (address < end_mem)
1114                                 *pg_table = address | PAGE_SHARED;
1115                         else
1116                                 *pg_table = 0;
1117                         address += PAGE_SIZE;
1118                 }
1119         }
1120         invalidate();
1121         return free_area_init(start_mem, end_mem);
1122 }
1123 
1124 void mem_init(unsigned long start_low_mem,
     /*  */
1125               unsigned long start_mem, unsigned long end_mem)
1126 {
1127         int codepages = 0;
1128         int reservedpages = 0;
1129         int datapages = 0;
1130         unsigned long tmp;
1131         extern int etext;
1132 
1133         cli();
1134         end_mem &= PAGE_MASK;
1135         high_memory = end_mem;
1136 
1137         /* mark usable pages in the mem_map[] */
1138         start_low_mem = PAGE_ALIGN(start_low_mem);
1139         start_mem = PAGE_ALIGN(start_mem);
1140 
1141         /*
1142          * IBM messed up *AGAIN* in their thinkpad: 0xA0000 -> 0x9F000.
1143          * They seem to have done something stupid with the floppy
1144          * controller as well..
1145          */
1146         while (start_low_mem < 0x9f000) {
1147                 mem_map[MAP_NR(start_low_mem)] = 0;
1148                 start_low_mem += PAGE_SIZE;
1149         }
1150 
1151         while (start_mem < high_memory) {
1152                 mem_map[MAP_NR(start_mem)] = 0;
1153                 start_mem += PAGE_SIZE;
1154         }
1155 #ifdef CONFIG_SOUND
1156         sound_mem_init();
1157 #endif
1158         for (tmp = 0 ; tmp < high_memory ; tmp += PAGE_SIZE) {
1159                 if (mem_map[MAP_NR(tmp)]) {
1160                         if (tmp >= 0xA0000 && tmp < 0x100000)
1161                                 reservedpages++;
1162                         else if (tmp < (unsigned long) &etext)
1163                                 codepages++;
1164                         else
1165                                 datapages++;
1166                         continue;
1167                 }
1168                 mem_map[MAP_NR(tmp)] = 1;
1169                 free_page(tmp);
1170         }
1171         tmp = nr_free_pages << PAGE_SHIFT;
1172         printk("Memory: %luk/%luk available (%dk kernel code, %dk reserved, %dk data)\n",
1173                 tmp >> 10,
1174                 high_memory >> 10,
1175                 codepages << (PAGE_SHIFT-10),
1176                 reservedpages << (PAGE_SHIFT-10),
1177                 datapages << (PAGE_SHIFT-10));
1178 /* test if the WP bit is honoured in supervisor mode */
1179         wp_works_ok = -1;
1180         pg0[0] = PAGE_READONLY;
1181         invalidate();
1182         __asm__ __volatile__("movb 0,%%al ; movb %%al,0": : :"ax", "memory");
1183         pg0[0] = 0;
1184         invalidate();
1185         if (wp_works_ok < 0)
1186                 wp_works_ok = 0;
1187 #ifdef CONFIG_TEST_VERIFY_AREA
1188         wp_works_ok = 0;
1189 #endif
1190         return;
1191 }
1192 
1193 void si_meminfo(struct sysinfo *val)
     /*  */
1194 {
1195         int i;
1196 
1197         i = high_memory >> PAGE_SHIFT;
1198         val->totalram = 0;
1199         val->sharedram = 0;
1200         val->freeram = nr_free_pages << PAGE_SHIFT;
1201         val->bufferram = buffermem;
1202         while (i-- > 0)  {
1203                 if (mem_map[i] & MAP_PAGE_RESERVED)
1204                         continue;
1205                 val->totalram++;
1206                 if (!mem_map[i])
1207                         continue;
1208                 val->sharedram += mem_map[i]-1;
1209         }
1210         val->totalram <<= PAGE_SHIFT;
1211         val->sharedram <<= PAGE_SHIFT;
1212         return;
1213 }
1214 
1215 
1216 /* This handles a generic mmap of a disk file */
1217 void file_mmap_nopage(int error_code, struct vm_area_struct * area, unsigned long address)
     /*  */
1218 {
1219         struct inode * inode = area->vm_inode;
1220         unsigned int block;
1221         unsigned long page;
1222         int nr[8];
1223         int i, j;
1224         int prot = area->vm_page_prot;
1225 
1226         address &= PAGE_MASK;
1227         block = address - area->vm_start + area->vm_offset;
1228         block >>= inode->i_sb->s_blocksize_bits;
1229 
1230         page = get_free_page(GFP_KERNEL);
1231         if (share_page(area, area->vm_task, inode, address, error_code, page)) {
1232                 ++area->vm_task->mm->min_flt;
1233                 return;
1234         }
1235 
1236         ++area->vm_task->mm->maj_flt;
1237         if (!page) {
1238                 oom(current);
1239                 put_page(area->vm_task, BAD_PAGE, address, PAGE_PRIVATE);
1240                 return;
1241         }
1242         for (i=0, j=0; i< PAGE_SIZE ; j++, block++, i += inode->i_sb->s_blocksize)
1243                 nr[j] = bmap(inode,block);
1244         if (error_code & PAGE_RW)
1245                 prot |= PAGE_RW | PAGE_DIRTY;
1246         page = bread_page(page, inode->i_dev, nr, inode->i_sb->s_blocksize, prot);
1247 
1248         if (!(prot & PAGE_RW)) {
1249                 if (share_page(area, area->vm_task, inode, address, error_code, page))
1250                         return;
1251         }
1252         if (put_page(area->vm_task,page,address,prot))
1253                 return;
1254         free_page(page);
1255         oom(current);
1256 }
1257 
1258 void file_mmap_free(struct vm_area_struct * area)
     /*  */
1259 {
1260         if (area->vm_inode)
1261                 iput(area->vm_inode);
1262 #if 0
1263         if (area->vm_inode)
1264                 printk("Free inode %x:%d (%d)\n",area->vm_inode->i_dev, 
1265                                  area->vm_inode->i_ino, area->vm_inode->i_count);
1266 #endif
1267 }
1268 
1269 /*
1270  * Compare the contents of the mmap entries, and decide if we are allowed to
1271  * share the pages
1272  */
1273 int file_mmap_share(struct vm_area_struct * area1, 
     /*  */
1274                     struct vm_area_struct * area2, 
1275                     unsigned long address)
1276 {
1277         if (area1->vm_inode != area2->vm_inode)
1278                 return 0;
1279         if (area1->vm_start != area2->vm_start)
1280                 return 0;
1281         if (area1->vm_end != area2->vm_end)
1282                 return 0;
1283         if (area1->vm_offset != area2->vm_offset)
1284                 return 0;
1285         if (area1->vm_page_prot != area2->vm_page_prot)
1286                 return 0;
1287         return 1;
1288 }
1289 
1290 struct vm_operations_struct file_mmap = {
1291         NULL,                   /* open */
1292         file_mmap_free,         /* close */
1293         file_mmap_nopage,       /* nopage */
1294         NULL,                   /* wppage */
1295         file_mmap_share,        /* share */
1296         NULL,                   /* unmap */
1297 };

/* */