4 * Copyright (c) 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * Copyright (c) 1994 John S. Dyson
8 * Copyright (c) 1994 David Greenman
12 * This code is derived from software contributed to Berkeley by
13 * The Mach Operating System project at Carnegie-Mellon University.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the University nor the names of its contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * from: @(#)vm_fault.c 8.4 (Berkeley) 1/12/94
42 * Copyright (c) 1987, 1990 Carnegie-Mellon University.
43 * All rights reserved.
45 * Authors: Avadis Tevanian, Jr., Michael Wayne Young
47 * Permission to use, copy, modify and distribute this software and
48 * its documentation is hereby granted, provided that both the copyright
49 * notice and this permission notice appear in all copies of the
50 * software, derivative works or modified versions, and any portions
51 * thereof, and that both notices appear in supporting documentation.
53 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
54 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND
55 * FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
57 * Carnegie Mellon requests users of this software to return to
59 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
60 * School of Computer Science
61 * Carnegie Mellon University
62 * Pittsburgh PA 15213-3890
64 * any improvements or extensions that they make and grant Carnegie the
65 * rights to redistribute these changes.
67 * $FreeBSD: src/sys/vm/vm_fault.c,v 1.108.2.8 2002/02/26 05:49:27 silby Exp $
68 * $DragonFly: src/sys/vm/vm_fault.c,v 1.47 2008/07/01 02:02:56 dillon Exp $
72 * Page fault handling module.
75 #include <sys/param.h>
76 #include <sys/systm.h>
77 #include <sys/kernel.h>
79 #include <sys/vnode.h>
80 #include <sys/resourcevar.h>
81 #include <sys/vmmeter.h>
82 #include <sys/vkernel.h>
84 #include <sys/sysctl.h>
86 #include <cpu/lwbuf.h>
89 #include <vm/vm_param.h>
91 #include <vm/vm_map.h>
92 #include <vm/vm_object.h>
93 #include <vm/vm_page.h>
94 #include <vm/vm_pageout.h>
95 #include <vm/vm_kern.h>
96 #include <vm/vm_pager.h>
97 #include <vm/vnode_pager.h>
98 #include <vm/vm_extern.h>
100 #include <sys/thread2.h>
101 #include <vm/vm_page2.h>
109 vm_object_t first_object;
110 vm_prot_t first_prot;
112 vm_map_entry_t entry;
113 int lookup_still_valid;
123 static int debug_fault = 0;
124 SYSCTL_INT(_vm, OID_AUTO, debug_fault, CTLFLAG_RW, &debug_fault, 0, "");
125 static int debug_cluster = 0;
126 SYSCTL_INT(_vm, OID_AUTO, debug_cluster, CTLFLAG_RW, &debug_cluster, 0, "");
127 int vm_shared_fault = 1;
128 TUNABLE_INT("vm.shared_fault", &vm_shared_fault);
129 SYSCTL_INT(_vm, OID_AUTO, shared_fault, CTLFLAG_RW, &vm_shared_fault, 0,
130 "Allow shared token on vm_object");
131 static long vm_shared_hit = 0;
132 SYSCTL_LONG(_vm, OID_AUTO, shared_hit, CTLFLAG_RW, &vm_shared_hit, 0,
133 "Successful shared faults");
134 static long vm_shared_count = 0;
135 SYSCTL_LONG(_vm, OID_AUTO, shared_count, CTLFLAG_RW, &vm_shared_count, 0,
136 "Shared fault attempts");
137 static long vm_shared_miss = 0;
138 SYSCTL_LONG(_vm, OID_AUTO, shared_miss, CTLFLAG_RW, &vm_shared_miss, 0,
139 "Unsuccessful shared faults");
141 static int vm_fault_object(struct faultstate *, vm_pindex_t, vm_prot_t, int);
142 static int vm_fault_vpagetable(struct faultstate *, vm_pindex_t *,
145 static int vm_fault_additional_pages (vm_page_t, int, int, vm_page_t *, int *);
147 static void vm_set_nosync(vm_page_t m, vm_map_entry_t entry);
148 static void vm_prefault(pmap_t pmap, vm_offset_t addra,
149 vm_map_entry_t entry, int prot, int fault_flags);
150 static void vm_prefault_quick(pmap_t pmap, vm_offset_t addra,
151 vm_map_entry_t entry, int prot, int fault_flags);
154 release_page(struct faultstate *fs)
156 vm_page_deactivate(fs->m);
157 vm_page_wakeup(fs->m);
162 * NOTE: Once unlocked any cached fs->entry becomes invalid, any reuse
163 * requires relocking and then checking the timestamp.
165 * NOTE: vm_map_lock_read() does not bump fs->map->timestamp so we do
166 * not have to update fs->map_generation here.
168 * NOTE: This function can fail due to a deadlock against the caller's
169 * holding of a vm_page BUSY.
172 relock_map(struct faultstate *fs)
176 if (fs->lookup_still_valid == FALSE && fs->map) {
177 error = vm_map_lock_read_to(fs->map);
179 fs->lookup_still_valid = TRUE;
187 unlock_map(struct faultstate *fs)
189 if (fs->lookup_still_valid && fs->map) {
190 vm_map_lookup_done(fs->map, fs->entry, 0);
191 fs->lookup_still_valid = FALSE;
196 * Clean up after a successful call to vm_fault_object() so another call
197 * to vm_fault_object() can be made.
200 _cleanup_successful_fault(struct faultstate *fs, int relock)
203 * We allocated a junk page for a COW operation that did
204 * not occur, the page must be freed.
206 if (fs->object != fs->first_object) {
207 KKASSERT(fs->first_shared == 0);
208 vm_page_free(fs->first_m);
209 vm_object_pip_wakeup(fs->object);
216 fs->object = fs->first_object;
217 if (relock && fs->lookup_still_valid == FALSE) {
219 vm_map_lock_read(fs->map);
220 fs->lookup_still_valid = TRUE;
225 _unlock_things(struct faultstate *fs, int dealloc)
227 _cleanup_successful_fault(fs, 0);
229 /*vm_object_deallocate(fs->first_object);*/
230 /*fs->first_object = NULL; drop used later on */
233 if (fs->vp != NULL) {
239 #define unlock_things(fs) _unlock_things(fs, 0)
240 #define unlock_and_deallocate(fs) _unlock_things(fs, 1)
241 #define cleanup_successful_fault(fs) _cleanup_successful_fault(fs, 1)
246 * Determine if the pager for the current object *might* contain the page.
248 * We only need to try the pager if this is not a default object (default
249 * objects are zero-fill and have no real pager), and if we are not taking
250 * a wiring fault or if the FS entry is wired.
252 #define TRYPAGER(fs) \
253 (fs->object->type != OBJT_DEFAULT && \
254 (((fs->fault_flags & VM_FAULT_WIRE_MASK) == 0) || fs->wired))
259 * Handle a page fault occuring at the given address, requiring the given
260 * permissions, in the map specified. If successful, the page is inserted
261 * into the associated physical map.
263 * NOTE: The given address should be truncated to the proper page address.
265 * KERN_SUCCESS is returned if the page fault is handled; otherwise,
266 * a standard error specifying why the fault is fatal is returned.
268 * The map in question must be referenced, and remains so.
269 * The caller may hold no locks.
270 * No other requirements.
273 vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type, int fault_flags)
276 vm_pindex_t first_pindex;
277 struct faultstate fs;
283 inherit_prot = fault_type & VM_PROT_NOSYNC;
284 vm_page_pcpu_cache();
286 fs.fault_flags = fault_flags;
288 fs.shared = vm_shared_fault;
289 fs.first_shared = vm_shared_fault;
295 * vm_map interactions
297 if ((lp = curthread->td_lwp) != NULL)
298 lp->lwp_flags |= LWP_PAGING;
299 lwkt_gettoken(&map->token);
303 * Find the vm_map_entry representing the backing store and resolve
304 * the top level object and page index. This may have the side
305 * effect of executing a copy-on-write on the map entry and/or
306 * creating a shadow object, but will not COW any actual VM pages.
308 * On success fs.map is left read-locked and various other fields
309 * are initialized but not otherwise referenced or locked.
311 * NOTE! vm_map_lookup will try to upgrade the fault_type to
312 * VM_FAULT_WRITE if the map entry is a virtual page table and also
313 * writable, so we can set the 'A'accessed bit in the virtual page
317 result = vm_map_lookup(&fs.map, vaddr, fault_type,
318 &fs.entry, &fs.first_object,
319 &first_pindex, &fs.first_prot, &fs.wired);
322 * If the lookup failed or the map protections are incompatible,
323 * the fault generally fails. However, if the caller is trying
324 * to do a user wiring we have more work to do.
326 if (result != KERN_SUCCESS) {
327 if (result != KERN_PROTECTION_FAILURE ||
328 (fs.fault_flags & VM_FAULT_WIRE_MASK) != VM_FAULT_USER_WIRE)
330 if (result == KERN_INVALID_ADDRESS && growstack &&
331 map != &kernel_map && curproc != NULL) {
332 result = vm_map_growstack(curproc, vaddr);
333 if (result == KERN_SUCCESS) {
338 result = KERN_FAILURE;
344 * If we are user-wiring a r/w segment, and it is COW, then
345 * we need to do the COW operation. Note that we don't
346 * currently COW RO sections now, because it is NOT desirable
347 * to COW .text. We simply keep .text from ever being COW'ed
348 * and take the heat that one cannot debug wired .text sections.
350 result = vm_map_lookup(&fs.map, vaddr,
351 VM_PROT_READ|VM_PROT_WRITE|
352 VM_PROT_OVERRIDE_WRITE,
353 &fs.entry, &fs.first_object,
354 &first_pindex, &fs.first_prot,
356 if (result != KERN_SUCCESS) {
357 result = KERN_FAILURE;
362 * If we don't COW now, on a user wire, the user will never
363 * be able to write to the mapping. If we don't make this
364 * restriction, the bookkeeping would be nearly impossible.
366 * XXX We have a shared lock, this will have a MP race but
367 * I don't see how it can hurt anything.
369 if ((fs.entry->protection & VM_PROT_WRITE) == 0)
370 fs.entry->max_protection &= ~VM_PROT_WRITE;
374 * fs.map is read-locked
376 * Misc checks. Save the map generation number to detect races.
378 fs.map_generation = fs.map->timestamp;
379 fs.lookup_still_valid = TRUE;
381 fs.object = fs.first_object; /* so unlock_and_deallocate works */
383 if (fs.entry->eflags & (MAP_ENTRY_NOFAULT | MAP_ENTRY_KSTACK)) {
384 if (fs.entry->eflags & MAP_ENTRY_NOFAULT) {
385 panic("vm_fault: fault on nofault entry, addr: %p",
388 if ((fs.entry->eflags & MAP_ENTRY_KSTACK) &&
389 vaddr >= fs.entry->start &&
390 vaddr < fs.entry->start + PAGE_SIZE) {
391 panic("vm_fault: fault on stack guard, addr: %p",
397 * A system map entry may return a NULL object. No object means
398 * no pager means an unrecoverable kernel fault.
400 if (fs.first_object == NULL) {
401 panic("vm_fault: unrecoverable fault at %p in entry %p",
402 (void *)vaddr, fs.entry);
406 * Fail here if not a trivial anonymous page fault and TDF_NOFAULT
409 if ((curthread->td_flags & TDF_NOFAULT) &&
411 fs.first_object->type == OBJT_VNODE ||
412 fs.first_object->backing_object)) {
413 result = KERN_FAILURE;
419 * If the entry is wired we cannot change the page protection.
422 fault_type = fs.first_prot;
425 * We generally want to avoid unnecessary exclusive modes on backing
426 * and terminal objects because this can seriously interfere with
427 * heavily fork()'d processes (particularly /bin/sh scripts).
429 * However, we also want to avoid unnecessary retries due to needed
430 * shared->exclusive promotion for common faults. Exclusive mode is
431 * always needed if any page insertion, rename, or free occurs in an
432 * object (and also indirectly if any I/O is done).
434 * The main issue here is going to be fs.first_shared. If the
435 * first_object has a backing object which isn't shadowed and the
436 * process is single-threaded we might as well use an exclusive
437 * lock/chain right off the bat.
439 if (fs.first_shared && fs.first_object->backing_object &&
440 LIST_EMPTY(&fs.first_object->shadow_head) &&
441 curthread->td_proc && curthread->td_proc->p_nthreads == 1) {
446 * swap_pager_unswapped() needs an exclusive object
448 if (fault_flags & (VM_FAULT_UNSWAP | VM_FAULT_DIRTY)) {
453 * Obtain a top-level object lock, shared or exclusive depending
454 * on fs.first_shared. If a shared lock winds up being insufficient
455 * we will retry with an exclusive lock.
457 * The vnode pager lock is always shared.
460 vm_object_hold_shared(fs.first_object);
462 vm_object_hold(fs.first_object);
464 fs.vp = vnode_pager_lock(fs.first_object);
467 * The page we want is at (first_object, first_pindex), but if the
468 * vm_map_entry is VM_MAPTYPE_VPAGETABLE we have to traverse the
469 * page table to figure out the actual pindex.
471 * NOTE! DEVELOPMENT IN PROGRESS, THIS IS AN INITIAL IMPLEMENTATION
474 if (fs.entry->maptype == VM_MAPTYPE_VPAGETABLE) {
475 result = vm_fault_vpagetable(&fs, &first_pindex,
476 fs.entry->aux.master_pde,
478 if (result == KERN_TRY_AGAIN) {
479 vm_object_drop(fs.first_object);
483 if (result != KERN_SUCCESS)
488 * Now we have the actual (object, pindex), fault in the page. If
489 * vm_fault_object() fails it will unlock and deallocate the FS
490 * data. If it succeeds everything remains locked and fs->object
491 * will have an additional PIP count if it is not equal to
494 * vm_fault_object will set fs->prot for the pmap operation. It is
495 * allowed to set VM_PROT_WRITE if fault_type == VM_PROT_READ if the
496 * page can be safely written. However, it will force a read-only
497 * mapping for a read fault if the memory is managed by a virtual
500 * If the fault code uses the shared object lock shortcut
501 * we must not try to burst (we can't allocate VM pages).
503 result = vm_fault_object(&fs, first_pindex, fault_type, 1);
505 if (debug_fault > 0) {
507 kprintf("VM_FAULT result %d addr=%jx type=%02x flags=%02x "
508 "fs.m=%p fs.prot=%02x fs.wired=%02x fs.entry=%p\n",
509 result, (intmax_t)vaddr, fault_type, fault_flags,
510 fs.m, fs.prot, fs.wired, fs.entry);
513 if (result == KERN_TRY_AGAIN) {
514 vm_object_drop(fs.first_object);
518 if (result != KERN_SUCCESS)
522 * On success vm_fault_object() does not unlock or deallocate, and fs.m
523 * will contain a busied page.
525 * Enter the page into the pmap and do pmap-related adjustments.
527 KKASSERT(fs.lookup_still_valid == TRUE);
528 vm_page_flag_set(fs.m, PG_REFERENCED);
529 pmap_enter(fs.map->pmap, vaddr, fs.m, fs.prot | inherit_prot,
531 mycpu->gd_cnt.v_vm_faults++;
532 if (curthread->td_lwp)
533 ++curthread->td_lwp->lwp_ru.ru_minflt;
535 /*KKASSERT(fs.m->queue == PQ_NONE); page-in op may deactivate page */
536 KKASSERT(fs.m->flags & PG_BUSY);
539 * If the page is not wired down, then put it where the pageout daemon
542 if (fs.fault_flags & VM_FAULT_WIRE_MASK) {
546 vm_page_unwire(fs.m, 1);
548 vm_page_activate(fs.m);
550 vm_page_wakeup(fs.m);
553 * Burst in a few more pages if possible. The fs.map should still
554 * be locked. To avoid interlocking against a vnode->getblk
555 * operation we had to be sure to unbusy our primary vm_page above
558 * A normal burst can continue down backing store, only execute
559 * if we are holding an exclusive lock, otherwise the exclusive
560 * locks the burst code gets might cause excessive SMP collisions.
562 * A quick burst can be utilized when there is no backing object
563 * (i.e. a shared file mmap).
565 if ((fault_flags & VM_FAULT_BURST) &&
566 (fs.fault_flags & VM_FAULT_WIRE_MASK) == 0 &&
568 if (fs.first_shared == 0 && fs.shared == 0) {
569 vm_prefault(fs.map->pmap, vaddr,
570 fs.entry, fs.prot, fault_flags);
572 vm_prefault_quick(fs.map->pmap, vaddr,
573 fs.entry, fs.prot, fault_flags);
578 * Unlock everything, and return
582 if (curthread->td_lwp) {
584 curthread->td_lwp->lwp_ru.ru_majflt++;
586 curthread->td_lwp->lwp_ru.ru_minflt++;
590 /*vm_object_deallocate(fs.first_object);*/
592 /*fs.first_object = NULL; must still drop later */
594 result = KERN_SUCCESS;
597 vm_object_drop(fs.first_object);
599 lwkt_reltoken(&map->token);
601 lp->lwp_flags &= ~LWP_PAGING;
602 if (vm_shared_fault && fs.shared == 0)
608 * Fault in the specified virtual address in the current process map,
609 * returning a held VM page or NULL. See vm_fault_page() for more
615 vm_fault_page_quick(vm_offset_t va, vm_prot_t fault_type, int *errorp)
617 struct lwp *lp = curthread->td_lwp;
620 m = vm_fault_page(&lp->lwp_vmspace->vm_map, va,
621 fault_type, VM_FAULT_NORMAL, errorp);
626 * Fault in the specified virtual address in the specified map, doing all
627 * necessary manipulation of the object store and all necessary I/O. Return
628 * a held VM page or NULL, and set *errorp. The related pmap is not
631 * The returned page will be properly dirtied if VM_PROT_WRITE was specified,
632 * and marked PG_REFERENCED as well.
634 * If the page cannot be faulted writable and VM_PROT_WRITE was specified, an
635 * error will be returned.
640 vm_fault_page(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
641 int fault_flags, int *errorp)
643 vm_pindex_t first_pindex;
644 struct faultstate fs;
647 vm_prot_t orig_fault_type = fault_type;
650 fs.fault_flags = fault_flags;
651 KKASSERT((fault_flags & VM_FAULT_WIRE_MASK) == 0);
654 * Dive the pmap (concurrency possible). If we find the
655 * appropriate page we can terminate early and quickly.
657 fs.m = pmap_fault_page_quick(map->pmap, vaddr, fault_type);
664 * Otherwise take a concurrency hit and do a formal page
667 fs.shared = vm_shared_fault;
668 fs.first_shared = vm_shared_fault;
670 lwkt_gettoken(&map->token);
673 * swap_pager_unswapped() needs an exclusive object
675 if (fault_flags & (VM_FAULT_UNSWAP | VM_FAULT_DIRTY)) {
681 * Find the vm_map_entry representing the backing store and resolve
682 * the top level object and page index. This may have the side
683 * effect of executing a copy-on-write on the map entry and/or
684 * creating a shadow object, but will not COW any actual VM pages.
686 * On success fs.map is left read-locked and various other fields
687 * are initialized but not otherwise referenced or locked.
689 * NOTE! vm_map_lookup will upgrade the fault_type to VM_FAULT_WRITE
690 * if the map entry is a virtual page table and also writable,
691 * so we can set the 'A'accessed bit in the virtual page table entry.
694 result = vm_map_lookup(&fs.map, vaddr, fault_type,
695 &fs.entry, &fs.first_object,
696 &first_pindex, &fs.first_prot, &fs.wired);
698 if (result != KERN_SUCCESS) {
705 * fs.map is read-locked
707 * Misc checks. Save the map generation number to detect races.
709 fs.map_generation = fs.map->timestamp;
710 fs.lookup_still_valid = TRUE;
712 fs.object = fs.first_object; /* so unlock_and_deallocate works */
714 if (fs.entry->eflags & MAP_ENTRY_NOFAULT) {
715 panic("vm_fault: fault on nofault entry, addr: %lx",
720 * A system map entry may return a NULL object. No object means
721 * no pager means an unrecoverable kernel fault.
723 if (fs.first_object == NULL) {
724 panic("vm_fault: unrecoverable fault at %p in entry %p",
725 (void *)vaddr, fs.entry);
729 * Fail here if not a trivial anonymous page fault and TDF_NOFAULT
732 if ((curthread->td_flags & TDF_NOFAULT) &&
734 fs.first_object->type == OBJT_VNODE ||
735 fs.first_object->backing_object)) {
736 *errorp = KERN_FAILURE;
742 * If the entry is wired we cannot change the page protection.
745 fault_type = fs.first_prot;
748 * Make a reference to this object to prevent its disposal while we
749 * are messing with it. Once we have the reference, the map is free
750 * to be diddled. Since objects reference their shadows (and copies),
751 * they will stay around as well.
753 * The reference should also prevent an unexpected collapse of the
754 * parent that might move pages from the current object into the
755 * parent unexpectedly, resulting in corruption.
757 * Bump the paging-in-progress count to prevent size changes (e.g.
758 * truncation operations) during I/O. This must be done after
759 * obtaining the vnode lock in order to avoid possible deadlocks.
762 vm_object_hold_shared(fs.first_object);
764 vm_object_hold(fs.first_object);
766 fs.vp = vnode_pager_lock(fs.first_object); /* shared */
769 * The page we want is at (first_object, first_pindex), but if the
770 * vm_map_entry is VM_MAPTYPE_VPAGETABLE we have to traverse the
771 * page table to figure out the actual pindex.
773 * NOTE! DEVELOPMENT IN PROGRESS, THIS IS AN INITIAL IMPLEMENTATION
776 if (fs.entry->maptype == VM_MAPTYPE_VPAGETABLE) {
777 result = vm_fault_vpagetable(&fs, &first_pindex,
778 fs.entry->aux.master_pde,
780 if (result == KERN_TRY_AGAIN) {
781 vm_object_drop(fs.first_object);
785 if (result != KERN_SUCCESS) {
793 * Now we have the actual (object, pindex), fault in the page. If
794 * vm_fault_object() fails it will unlock and deallocate the FS
795 * data. If it succeeds everything remains locked and fs->object
796 * will have an additinal PIP count if it is not equal to
800 result = vm_fault_object(&fs, first_pindex, fault_type, 1);
802 if (result == KERN_TRY_AGAIN) {
803 vm_object_drop(fs.first_object);
807 if (result != KERN_SUCCESS) {
813 if ((orig_fault_type & VM_PROT_WRITE) &&
814 (fs.prot & VM_PROT_WRITE) == 0) {
815 *errorp = KERN_PROTECTION_FAILURE;
816 unlock_and_deallocate(&fs);
822 * DO NOT UPDATE THE PMAP!!! This function may be called for
823 * a pmap unrelated to the current process pmap, in which case
824 * the current cpu core will not be listed in the pmap's pm_active
825 * mask. Thus invalidation interlocks will fail to work properly.
827 * (for example, 'ps' uses procfs to read program arguments from
828 * each process's stack).
830 * In addition to the above this function will be called to acquire
831 * a page that might already be faulted in, re-faulting it
832 * continuously is a waste of time.
834 * XXX could this have been the cause of our random seg-fault
835 * issues? procfs accesses user stacks.
837 vm_page_flag_set(fs.m, PG_REFERENCED);
839 pmap_enter(fs.map->pmap, vaddr, fs.m, fs.prot, fs.wired, NULL);
840 mycpu->gd_cnt.v_vm_faults++;
841 if (curthread->td_lwp)
842 ++curthread->td_lwp->lwp_ru.ru_minflt;
846 * On success vm_fault_object() does not unlock or deallocate, and fs.m
847 * will contain a busied page. So we must unlock here after having
848 * messed with the pmap.
853 * Return a held page. We are not doing any pmap manipulation so do
854 * not set PG_MAPPED. However, adjust the page flags according to
855 * the fault type because the caller may not use a managed pmapping
856 * (so we don't want to lose the fact that the page will be dirtied
857 * if a write fault was specified).
860 vm_page_activate(fs.m);
861 if (fault_type & VM_PROT_WRITE)
864 if (curthread->td_lwp) {
866 curthread->td_lwp->lwp_ru.ru_majflt++;
868 curthread->td_lwp->lwp_ru.ru_minflt++;
873 * Unlock everything, and return the held page.
875 vm_page_wakeup(fs.m);
876 /*vm_object_deallocate(fs.first_object);*/
877 /*fs.first_object = NULL; */
882 vm_object_drop(fs.first_object);
884 lwkt_reltoken(&map->token);
889 * Fault in the specified (object,offset), dirty the returned page as
890 * needed. If the requested fault_type cannot be done NULL and an
893 * A held (but not busied) page is returned.
895 * The passed in object must be held as specified by the shared
899 vm_fault_object_page(vm_object_t object, vm_ooffset_t offset,
900 vm_prot_t fault_type, int fault_flags,
901 int *sharedp, int *errorp)
904 vm_pindex_t first_pindex;
905 struct faultstate fs;
906 struct vm_map_entry entry;
908 ASSERT_LWKT_TOKEN_HELD(vm_object_token(object));
909 bzero(&entry, sizeof(entry));
910 entry.object.vm_object = object;
911 entry.maptype = VM_MAPTYPE_NORMAL;
912 entry.protection = entry.max_protection = fault_type;
915 fs.fault_flags = fault_flags;
917 fs.shared = vm_shared_fault;
918 fs.first_shared = *sharedp;
920 KKASSERT((fault_flags & VM_FAULT_WIRE_MASK) == 0);
923 * Might require swap block adjustments
925 if (fs.first_shared && (fault_flags & (VM_FAULT_UNSWAP | VM_FAULT_DIRTY))) {
927 vm_object_upgrade(object);
931 * Retry loop as needed (typically for shared->exclusive transitions)
934 *sharedp = fs.first_shared;
935 first_pindex = OFF_TO_IDX(offset);
936 fs.first_object = object;
938 fs.first_prot = fault_type;
940 /*fs.map_generation = 0; unused */
943 * Make a reference to this object to prevent its disposal while we
944 * are messing with it. Once we have the reference, the map is free
945 * to be diddled. Since objects reference their shadows (and copies),
946 * they will stay around as well.
948 * The reference should also prevent an unexpected collapse of the
949 * parent that might move pages from the current object into the
950 * parent unexpectedly, resulting in corruption.
952 * Bump the paging-in-progress count to prevent size changes (e.g.
953 * truncation operations) during I/O. This must be done after
954 * obtaining the vnode lock in order to avoid possible deadlocks.
957 fs.vp = vnode_pager_lock(fs.first_object);
959 fs.lookup_still_valid = TRUE;
961 fs.object = fs.first_object; /* so unlock_and_deallocate works */
964 /* XXX future - ability to operate on VM object using vpagetable */
965 if (fs.entry->maptype == VM_MAPTYPE_VPAGETABLE) {
966 result = vm_fault_vpagetable(&fs, &first_pindex,
967 fs.entry->aux.master_pde,
969 if (result == KERN_TRY_AGAIN) {
970 if (fs.first_shared == 0 && *sharedp)
971 vm_object_upgrade(object);
974 if (result != KERN_SUCCESS) {
982 * Now we have the actual (object, pindex), fault in the page. If
983 * vm_fault_object() fails it will unlock and deallocate the FS
984 * data. If it succeeds everything remains locked and fs->object
985 * will have an additinal PIP count if it is not equal to
988 * On KERN_TRY_AGAIN vm_fault_object() leaves fs.first_object intact.
989 * We may have to upgrade its lock to handle the requested fault.
991 result = vm_fault_object(&fs, first_pindex, fault_type, 0);
993 if (result == KERN_TRY_AGAIN) {
994 if (fs.first_shared == 0 && *sharedp)
995 vm_object_upgrade(object);
998 if (result != KERN_SUCCESS) {
1003 if ((fault_type & VM_PROT_WRITE) && (fs.prot & VM_PROT_WRITE) == 0) {
1004 *errorp = KERN_PROTECTION_FAILURE;
1005 unlock_and_deallocate(&fs);
1010 * On success vm_fault_object() does not unlock or deallocate, so we
1011 * do it here. Note that the returned fs.m will be busied.
1016 * Return a held page. We are not doing any pmap manipulation so do
1017 * not set PG_MAPPED. However, adjust the page flags according to
1018 * the fault type because the caller may not use a managed pmapping
1019 * (so we don't want to lose the fact that the page will be dirtied
1020 * if a write fault was specified).
1023 vm_page_activate(fs.m);
1024 if ((fault_type & VM_PROT_WRITE) || (fault_flags & VM_FAULT_DIRTY))
1025 vm_page_dirty(fs.m);
1026 if (fault_flags & VM_FAULT_UNSWAP)
1027 swap_pager_unswapped(fs.m);
1030 * Indicate that the page was accessed.
1032 vm_page_flag_set(fs.m, PG_REFERENCED);
1034 if (curthread->td_lwp) {
1036 curthread->td_lwp->lwp_ru.ru_majflt++;
1038 curthread->td_lwp->lwp_ru.ru_minflt++;
1043 * Unlock everything, and return the held page.
1045 vm_page_wakeup(fs.m);
1046 /*vm_object_deallocate(fs.first_object);*/
1047 /*fs.first_object = NULL; */
1054 * Translate the virtual page number (first_pindex) that is relative
1055 * to the address space into a logical page number that is relative to the
1056 * backing object. Use the virtual page table pointed to by (vpte).
1058 * This implements an N-level page table. Any level can terminate the
1059 * scan by setting VPTE_PS. A linear mapping is accomplished by setting
1060 * VPTE_PS in the master page directory entry set via mcontrol(MADV_SETMAP).
1064 vm_fault_vpagetable(struct faultstate *fs, vm_pindex_t *pindex,
1065 vpte_t vpte, int fault_type, int allow_nofault)
1068 struct lwbuf lwb_cache;
1069 int vshift = VPTE_FRAME_END - PAGE_SHIFT; /* index bits remaining */
1070 int result = KERN_SUCCESS;
1073 ASSERT_LWKT_TOKEN_HELD(vm_object_token(fs->first_object));
1076 * We cannot proceed if the vpte is not valid, not readable
1077 * for a read fault, or not writable for a write fault.
1079 if ((vpte & VPTE_V) == 0) {
1080 unlock_and_deallocate(fs);
1081 return (KERN_FAILURE);
1083 if ((fault_type & VM_PROT_WRITE) && (vpte & VPTE_RW) == 0) {
1084 unlock_and_deallocate(fs);
1085 return (KERN_FAILURE);
1087 if ((vpte & VPTE_PS) || vshift == 0)
1089 KKASSERT(vshift >= VPTE_PAGE_BITS);
1092 * Get the page table page. Nominally we only read the page
1093 * table, but since we are actively setting VPTE_M and VPTE_A,
1094 * tell vm_fault_object() that we are writing it.
1096 * There is currently no real need to optimize this.
1098 result = vm_fault_object(fs, (vpte & VPTE_FRAME) >> PAGE_SHIFT,
1099 VM_PROT_READ|VM_PROT_WRITE,
1101 if (result != KERN_SUCCESS)
1105 * Process the returned fs.m and look up the page table
1106 * entry in the page table page.
1108 vshift -= VPTE_PAGE_BITS;
1109 lwb = lwbuf_alloc(fs->m, &lwb_cache);
1110 ptep = ((vpte_t *)lwbuf_kva(lwb) +
1111 ((*pindex >> vshift) & VPTE_PAGE_MASK));
1115 * Page table write-back. If the vpte is valid for the
1116 * requested operation, do a write-back to the page table.
1118 * XXX VPTE_M is not set properly for page directory pages.
1119 * It doesn't get set in the page directory if the page table
1120 * is modified during a read access.
1122 vm_page_activate(fs->m);
1123 if ((fault_type & VM_PROT_WRITE) && (vpte & VPTE_V) &&
1125 if ((vpte & (VPTE_M|VPTE_A)) != (VPTE_M|VPTE_A)) {
1126 atomic_set_long(ptep, VPTE_M | VPTE_A);
1127 vm_page_dirty(fs->m);
1130 if ((fault_type & VM_PROT_READ) && (vpte & VPTE_V)) {
1131 if ((vpte & VPTE_A) == 0) {
1132 atomic_set_long(ptep, VPTE_A);
1133 vm_page_dirty(fs->m);
1137 vm_page_flag_set(fs->m, PG_REFERENCED);
1138 vm_page_wakeup(fs->m);
1140 cleanup_successful_fault(fs);
1143 * Combine remaining address bits with the vpte.
1145 /* JG how many bits from each? */
1146 *pindex = ((vpte & VPTE_FRAME) >> PAGE_SHIFT) +
1147 (*pindex & ((1L << vshift) - 1));
1148 return (KERN_SUCCESS);
1153 * This is the core of the vm_fault code.
1155 * Do all operations required to fault-in (fs.first_object, pindex). Run
1156 * through the shadow chain as necessary and do required COW or virtual
1157 * copy operations. The caller has already fully resolved the vm_map_entry
1158 * and, if appropriate, has created a copy-on-write layer. All we need to
1159 * do is iterate the object chain.
1161 * On failure (fs) is unlocked and deallocated and the caller may return or
1162 * retry depending on the failure code. On success (fs) is NOT unlocked or
1163 * deallocated, fs.m will contained a resolved, busied page, and fs.object
1164 * will have an additional PIP count if it is not equal to fs.first_object.
1166 * If locks based on fs->first_shared or fs->shared are insufficient,
1167 * clear the appropriate field(s) and return RETRY. COWs require that
1168 * first_shared be 0, while page allocations (or frees) require that
1169 * shared be 0. Renames require that both be 0.
1171 * fs->first_object must be held on call.
1175 vm_fault_object(struct faultstate *fs, vm_pindex_t first_pindex,
1176 vm_prot_t fault_type, int allow_nofault)
1178 vm_object_t next_object;
1182 ASSERT_LWKT_TOKEN_HELD(vm_object_token(fs->first_object));
1183 fs->prot = fs->first_prot;
1184 fs->object = fs->first_object;
1185 pindex = first_pindex;
1187 vm_object_chain_acquire(fs->first_object, fs->shared);
1188 vm_object_pip_add(fs->first_object, 1);
1191 * If a read fault occurs we try to make the page writable if
1192 * possible. There are three cases where we cannot make the
1193 * page mapping writable:
1195 * (1) The mapping is read-only or the VM object is read-only,
1196 * fs->prot above will simply not have VM_PROT_WRITE set.
1198 * (2) If the mapping is a virtual page table we need to be able
1199 * to detect writes so we can set VPTE_M in the virtual page
1202 * (3) If the VM page is read-only or copy-on-write, upgrading would
1203 * just result in an unnecessary COW fault.
1205 * VM_PROT_VPAGED is set if faulting via a virtual page table and
1206 * causes adjustments to the 'M'odify bit to also turn off write
1207 * access to force a re-fault.
1209 if (fs->entry->maptype == VM_MAPTYPE_VPAGETABLE) {
1210 if ((fault_type & VM_PROT_WRITE) == 0)
1211 fs->prot &= ~VM_PROT_WRITE;
1214 if (curthread->td_lwp && curthread->td_lwp->lwp_vmspace &&
1215 pmap_emulate_ad_bits(&curthread->td_lwp->lwp_vmspace->vm_pmap)) {
1216 if ((fault_type & VM_PROT_WRITE) == 0)
1217 fs->prot &= ~VM_PROT_WRITE;
1220 /* vm_object_hold(fs->object); implied b/c object == first_object */
1224 * The entire backing chain from first_object to object
1225 * inclusive is chainlocked.
1227 * If the object is dead, we stop here
1229 if (fs->object->flags & OBJ_DEAD) {
1230 vm_object_pip_wakeup(fs->first_object);
1231 vm_object_chain_release_all(fs->first_object,
1233 if (fs->object != fs->first_object)
1234 vm_object_drop(fs->object);
1235 unlock_and_deallocate(fs);
1236 return (KERN_PROTECTION_FAILURE);
1240 * See if the page is resident. Wait/Retry if the page is
1241 * busy (lots of stuff may have changed so we can't continue
1244 * We can theoretically allow the soft-busy case on a read
1245 * fault if the page is marked valid, but since such
1246 * pages are typically already pmap'd, putting that
1247 * special case in might be more effort then it is
1248 * worth. We cannot under any circumstances mess
1249 * around with a vm_page_t->busy page except, perhaps,
1252 fs->m = vm_page_lookup_busy_try(fs->object, pindex,
1255 vm_object_pip_wakeup(fs->first_object);
1256 vm_object_chain_release_all(fs->first_object,
1258 if (fs->object != fs->first_object)
1259 vm_object_drop(fs->object);
1261 vm_page_sleep_busy(fs->m, TRUE, "vmpfw");
1262 mycpu->gd_cnt.v_intrans++;
1263 /*vm_object_deallocate(fs->first_object);*/
1264 /*fs->first_object = NULL;*/
1266 return (KERN_TRY_AGAIN);
1270 * The page is busied for us.
1272 * If reactivating a page from PQ_CACHE we may have
1275 int queue = fs->m->queue;
1276 vm_page_unqueue_nowakeup(fs->m);
1278 if ((queue - fs->m->pc) == PQ_CACHE &&
1279 vm_page_count_severe()) {
1280 vm_page_activate(fs->m);
1281 vm_page_wakeup(fs->m);
1283 vm_object_pip_wakeup(fs->first_object);
1284 vm_object_chain_release_all(fs->first_object,
1286 if (fs->object != fs->first_object)
1287 vm_object_drop(fs->object);
1288 unlock_and_deallocate(fs);
1289 if (allow_nofault == 0 ||
1290 (curthread->td_flags & TDF_NOFAULT) == 0) {
1293 return (KERN_TRY_AGAIN);
1297 * If it still isn't completely valid (readable),
1298 * or if a read-ahead-mark is set on the VM page,
1299 * jump to readrest, else we found the page and
1302 * We can release the spl once we have marked the
1305 if (fs->m->object != &kernel_object) {
1306 if ((fs->m->valid & VM_PAGE_BITS_ALL) !=
1310 if (fs->m->flags & PG_RAM) {
1313 vm_page_flag_clear(fs->m, PG_RAM);
1317 break; /* break to PAGE HAS BEEN FOUND */
1321 * Page is not resident, If this is the search termination
1322 * or the pager might contain the page, allocate a new page.
1324 if (TRYPAGER(fs) || fs->object == fs->first_object) {
1326 * Allocating, must be exclusive.
1328 if (fs->object == fs->first_object &&
1330 fs->first_shared = 0;
1331 vm_object_pip_wakeup(fs->first_object);
1332 vm_object_chain_release_all(fs->first_object,
1334 if (fs->object != fs->first_object)
1335 vm_object_drop(fs->object);
1336 unlock_and_deallocate(fs);
1337 return (KERN_TRY_AGAIN);
1339 if (fs->object != fs->first_object &&
1341 fs->first_shared = 0;
1343 vm_object_pip_wakeup(fs->first_object);
1344 vm_object_chain_release_all(fs->first_object,
1346 if (fs->object != fs->first_object)
1347 vm_object_drop(fs->object);
1348 unlock_and_deallocate(fs);
1349 return (KERN_TRY_AGAIN);
1353 * If the page is beyond the object size we fail
1355 if (pindex >= fs->object->size) {
1356 vm_object_pip_wakeup(fs->first_object);
1357 vm_object_chain_release_all(fs->first_object,
1359 if (fs->object != fs->first_object)
1360 vm_object_drop(fs->object);
1361 unlock_and_deallocate(fs);
1362 return (KERN_PROTECTION_FAILURE);
1366 * Allocate a new page for this object/offset pair.
1368 * It is possible for the allocation to race, so
1372 if (!vm_page_count_severe()) {
1373 fs->m = vm_page_alloc(fs->object, pindex,
1374 ((fs->vp || fs->object->backing_object) ?
1375 VM_ALLOC_NULL_OK | VM_ALLOC_NORMAL :
1376 VM_ALLOC_NULL_OK | VM_ALLOC_NORMAL |
1377 VM_ALLOC_USE_GD | VM_ALLOC_ZERO));
1379 if (fs->m == NULL) {
1380 vm_object_pip_wakeup(fs->first_object);
1381 vm_object_chain_release_all(fs->first_object,
1383 if (fs->object != fs->first_object)
1384 vm_object_drop(fs->object);
1385 unlock_and_deallocate(fs);
1386 if (allow_nofault == 0 ||
1387 (curthread->td_flags & TDF_NOFAULT) == 0) {
1390 return (KERN_TRY_AGAIN);
1394 * Fall through to readrest. We have a new page which
1395 * will have to be paged (since m->valid will be 0).
1401 * We have found an invalid or partially valid page, a
1402 * page with a read-ahead mark which might be partially or
1403 * fully valid (and maybe dirty too), or we have allocated
1406 * Attempt to fault-in the page if there is a chance that the
1407 * pager has it, and potentially fault in additional pages
1410 * If TRYPAGER is true then fs.m will be non-NULL and busied
1416 u_char behavior = vm_map_entry_behavior(fs->entry);
1418 if (behavior == MAP_ENTRY_BEHAV_RANDOM)
1424 * Doing I/O may synchronously insert additional
1425 * pages so we can't be shared at this point either.
1427 * NOTE: We can't free fs->m here in the allocated
1428 * case (fs->object != fs->first_object) as
1429 * this would require an exclusively locked
1432 if (fs->object == fs->first_object &&
1434 vm_page_deactivate(fs->m);
1435 vm_page_wakeup(fs->m);
1437 fs->first_shared = 0;
1438 vm_object_pip_wakeup(fs->first_object);
1439 vm_object_chain_release_all(fs->first_object,
1441 if (fs->object != fs->first_object)
1442 vm_object_drop(fs->object);
1443 unlock_and_deallocate(fs);
1444 return (KERN_TRY_AGAIN);
1446 if (fs->object != fs->first_object &&
1448 vm_page_deactivate(fs->m);
1449 vm_page_wakeup(fs->m);
1451 fs->first_shared = 0;
1453 vm_object_pip_wakeup(fs->first_object);
1454 vm_object_chain_release_all(fs->first_object,
1456 if (fs->object != fs->first_object)
1457 vm_object_drop(fs->object);
1458 unlock_and_deallocate(fs);
1459 return (KERN_TRY_AGAIN);
1463 * Avoid deadlocking against the map when doing I/O.
1464 * fs.object and the page is PG_BUSY'd.
1466 * NOTE: Once unlocked, fs->entry can become stale
1467 * so this will NULL it out.
1469 * NOTE: fs->entry is invalid until we relock the
1470 * map and verify that the timestamp has not
1476 * Acquire the page data. We still hold a ref on
1477 * fs.object and the page has been PG_BUSY's.
1479 * The pager may replace the page (for example, in
1480 * order to enter a fictitious page into the
1481 * object). If it does so it is responsible for
1482 * cleaning up the passed page and properly setting
1483 * the new page PG_BUSY.
1485 * If we got here through a PG_RAM read-ahead
1486 * mark the page may be partially dirty and thus
1487 * not freeable. Don't bother checking to see
1488 * if the pager has the page because we can't free
1489 * it anyway. We have to depend on the get_page
1490 * operation filling in any gaps whether there is
1491 * backing store or not.
1493 rv = vm_pager_get_page(fs->object, &fs->m, seqaccess);
1495 if (rv == VM_PAGER_OK) {
1497 * Relookup in case pager changed page. Pager
1498 * is responsible for disposition of old page
1501 * XXX other code segments do relookups too.
1502 * It's a bad abstraction that needs to be
1505 fs->m = vm_page_lookup(fs->object, pindex);
1506 if (fs->m == NULL) {
1507 vm_object_pip_wakeup(fs->first_object);
1508 vm_object_chain_release_all(
1509 fs->first_object, fs->object);
1510 if (fs->object != fs->first_object)
1511 vm_object_drop(fs->object);
1512 unlock_and_deallocate(fs);
1513 return (KERN_TRY_AGAIN);
1516 break; /* break to PAGE HAS BEEN FOUND */
1520 * Remove the bogus page (which does not exist at this
1521 * object/offset); before doing so, we must get back
1522 * our object lock to preserve our invariant.
1524 * Also wake up any other process that may want to bring
1527 * If this is the top-level object, we must leave the
1528 * busy page to prevent another process from rushing
1529 * past us, and inserting the page in that object at
1530 * the same time that we are.
1532 if (rv == VM_PAGER_ERROR) {
1534 kprintf("vm_fault: pager read error, "
1539 kprintf("vm_fault: pager read error, "
1547 * Data outside the range of the pager or an I/O error
1549 * The page may have been wired during the pagein,
1550 * e.g. by the buffer cache, and cannot simply be
1551 * freed. Call vnode_pager_freepage() to deal with it.
1553 * Also note that we cannot free the page if we are
1554 * holding the related object shared. XXX not sure
1555 * what to do in that case.
1557 if (fs->object != fs->first_object) {
1558 vnode_pager_freepage(fs->m);
1561 * XXX - we cannot just fall out at this
1562 * point, m has been freed and is invalid!
1566 * XXX - the check for kernel_map is a kludge to work
1567 * around having the machine panic on a kernel space
1568 * fault w/ I/O error.
1570 if (((fs->map != &kernel_map) &&
1571 (rv == VM_PAGER_ERROR)) || (rv == VM_PAGER_BAD)) {
1573 if (fs->first_shared) {
1574 vm_page_deactivate(fs->m);
1575 vm_page_wakeup(fs->m);
1577 vnode_pager_freepage(fs->m);
1581 vm_object_pip_wakeup(fs->first_object);
1582 vm_object_chain_release_all(fs->first_object,
1584 if (fs->object != fs->first_object)
1585 vm_object_drop(fs->object);
1586 unlock_and_deallocate(fs);
1587 if (rv == VM_PAGER_ERROR)
1588 return (KERN_FAILURE);
1590 return (KERN_PROTECTION_FAILURE);
1596 * We get here if the object has a default pager (or unwiring)
1597 * or the pager doesn't have the page.
1599 * fs->first_m will be used for the COW unless we find a
1600 * deeper page to be mapped read-only, in which case the
1601 * unlock*(fs) will free first_m.
1603 if (fs->object == fs->first_object)
1604 fs->first_m = fs->m;
1607 * Move on to the next object. The chain lock should prevent
1608 * the backing_object from getting ripped out from under us.
1610 * The object lock for the next object is governed by
1613 if ((next_object = fs->object->backing_object) != NULL) {
1615 vm_object_hold_shared(next_object);
1617 vm_object_hold(next_object);
1618 vm_object_chain_acquire(next_object, fs->shared);
1619 KKASSERT(next_object == fs->object->backing_object);
1620 pindex += OFF_TO_IDX(fs->object->backing_object_offset);
1623 if (next_object == NULL) {
1625 * If there's no object left, fill the page in the top
1626 * object with zeros.
1628 if (fs->object != fs->first_object) {
1630 if (fs->first_object->backing_object !=
1632 vm_object_hold(fs->first_object->backing_object);
1635 vm_object_chain_release_all(
1636 fs->first_object->backing_object,
1639 if (fs->first_object->backing_object !=
1641 vm_object_drop(fs->first_object->backing_object);
1644 vm_object_pip_wakeup(fs->object);
1645 vm_object_drop(fs->object);
1646 fs->object = fs->first_object;
1647 pindex = first_pindex;
1648 fs->m = fs->first_m;
1653 * Zero the page if necessary and mark it valid.
1655 if ((fs->m->flags & PG_ZERO) == 0) {
1656 vm_page_zero_fill(fs->m);
1659 pmap_page_assertzero(VM_PAGE_TO_PHYS(fs->m));
1661 vm_page_flag_clear(fs->m, PG_ZERO);
1662 mycpu->gd_cnt.v_ozfod++;
1664 mycpu->gd_cnt.v_zfod++;
1665 fs->m->valid = VM_PAGE_BITS_ALL;
1666 break; /* break to PAGE HAS BEEN FOUND */
1668 if (fs->object != fs->first_object) {
1669 vm_object_pip_wakeup(fs->object);
1670 vm_object_lock_swap();
1671 vm_object_drop(fs->object);
1673 KASSERT(fs->object != next_object,
1674 ("object loop %p", next_object));
1675 fs->object = next_object;
1676 vm_object_pip_add(fs->object, 1);
1680 * PAGE HAS BEEN FOUND. [Loop invariant still holds -- the object lock
1683 * object still held.
1685 * local shared variable may be different from fs->shared.
1687 * If the page is being written, but isn't already owned by the
1688 * top-level object, we have to copy it into a new page owned by the
1691 KASSERT((fs->m->flags & PG_BUSY) != 0,
1692 ("vm_fault: not busy after main loop"));
1694 if (fs->object != fs->first_object) {
1696 * We only really need to copy if we want to write it.
1698 if (fault_type & VM_PROT_WRITE) {
1700 * This allows pages to be virtually copied from a
1701 * backing_object into the first_object, where the
1702 * backing object has no other refs to it, and cannot
1703 * gain any more refs. Instead of a bcopy, we just
1704 * move the page from the backing object to the
1705 * first object. Note that we must mark the page
1706 * dirty in the first object so that it will go out
1707 * to swap when needed.
1711 * Must be holding exclusive locks
1713 fs->first_shared == 0 &&
1716 * Map, if present, has not changed
1719 fs->map_generation == fs->map->timestamp) &&
1721 * Only one shadow object
1723 (fs->object->shadow_count == 1) &&
1725 * No COW refs, except us
1727 (fs->object->ref_count == 1) &&
1729 * No one else can look this object up
1731 (fs->object->handle == NULL) &&
1733 * No other ways to look the object up
1735 ((fs->object->type == OBJT_DEFAULT) ||
1736 (fs->object->type == OBJT_SWAP)) &&
1738 * We don't chase down the shadow chain
1740 (fs->object == fs->first_object->backing_object) &&
1743 * grab the lock if we need to
1745 (fs->lookup_still_valid ||
1747 lockmgr(&fs->map->lock, LK_EXCLUSIVE|LK_NOWAIT) == 0)
1750 * (first_m) and (m) are both busied. We have
1751 * move (m) into (first_m)'s object/pindex
1752 * in an atomic fashion, then free (first_m).
1754 * first_object is held so second remove
1755 * followed by the rename should wind
1756 * up being atomic. vm_page_free() might
1757 * block so we don't do it until after the
1760 fs->lookup_still_valid = 1;
1761 vm_page_protect(fs->first_m, VM_PROT_NONE);
1762 vm_page_remove(fs->first_m);
1763 vm_page_rename(fs->m, fs->first_object,
1765 vm_page_free(fs->first_m);
1766 fs->first_m = fs->m;
1768 mycpu->gd_cnt.v_cow_optim++;
1771 * Oh, well, lets copy it.
1773 * Why are we unmapping the original page
1774 * here? Well, in short, not all accessors
1775 * of user memory go through the pmap. The
1776 * procfs code doesn't have access user memory
1777 * via a local pmap, so vm_fault_page*()
1778 * can't call pmap_enter(). And the umtx*()
1779 * code may modify the COW'd page via a DMAP
1780 * or kernel mapping and not via the pmap,
1781 * leaving the original page still mapped
1782 * read-only into the pmap.
1784 * So we have to remove the page from at
1785 * least the current pmap if it is in it.
1786 * Just remove it from all pmaps.
1788 KKASSERT(fs->first_shared == 0);
1789 vm_page_copy(fs->m, fs->first_m);
1790 vm_page_protect(fs->m, VM_PROT_NONE);
1791 vm_page_event(fs->m, VMEVENT_COW);
1795 * We no longer need the old page or object.
1801 * We intend to revert to first_object, undo the
1802 * chain lock through to that.
1805 if (fs->first_object->backing_object != fs->object)
1806 vm_object_hold(fs->first_object->backing_object);
1808 vm_object_chain_release_all(
1809 fs->first_object->backing_object,
1812 if (fs->first_object->backing_object != fs->object)
1813 vm_object_drop(fs->first_object->backing_object);
1817 * fs->object != fs->first_object due to above
1820 vm_object_pip_wakeup(fs->object);
1821 vm_object_drop(fs->object);
1824 * Only use the new page below...
1826 mycpu->gd_cnt.v_cow_faults++;
1827 fs->m = fs->first_m;
1828 fs->object = fs->first_object;
1829 pindex = first_pindex;
1832 * If it wasn't a write fault avoid having to copy
1833 * the page by mapping it read-only.
1835 fs->prot &= ~VM_PROT_WRITE;
1840 * Relock the map if necessary, then check the generation count.
1841 * relock_map() will update fs->timestamp to account for the
1842 * relocking if necessary.
1844 * If the count has changed after relocking then all sorts of
1845 * crap may have happened and we have to retry.
1847 * NOTE: The relock_map() can fail due to a deadlock against
1848 * the vm_page we are holding BUSY.
1850 if (fs->lookup_still_valid == FALSE && fs->map) {
1851 if (relock_map(fs) ||
1852 fs->map->timestamp != fs->map_generation) {
1854 vm_object_pip_wakeup(fs->first_object);
1855 vm_object_chain_release_all(fs->first_object,
1857 if (fs->object != fs->first_object)
1858 vm_object_drop(fs->object);
1859 unlock_and_deallocate(fs);
1860 return (KERN_TRY_AGAIN);
1865 * If the fault is a write, we know that this page is being
1866 * written NOW so dirty it explicitly to save on pmap_is_modified()
1869 * If this is a NOSYNC mmap we do not want to set PG_NOSYNC
1870 * if the page is already dirty to prevent data written with
1871 * the expectation of being synced from not being synced.
1872 * Likewise if this entry does not request NOSYNC then make
1873 * sure the page isn't marked NOSYNC. Applications sharing
1874 * data should use the same flags to avoid ping ponging.
1876 * Also tell the backing pager, if any, that it should remove
1877 * any swap backing since the page is now dirty.
1879 vm_page_activate(fs->m);
1880 if (fs->prot & VM_PROT_WRITE) {
1881 vm_object_set_writeable_dirty(fs->m->object);
1882 vm_set_nosync(fs->m, fs->entry);
1883 if (fs->fault_flags & VM_FAULT_DIRTY) {
1884 vm_page_dirty(fs->m);
1885 swap_pager_unswapped(fs->m);
1889 vm_object_pip_wakeup(fs->first_object);
1890 vm_object_chain_release_all(fs->first_object, fs->object);
1891 if (fs->object != fs->first_object)
1892 vm_object_drop(fs->object);
1895 * Page had better still be busy. We are still locked up and
1896 * fs->object will have another PIP reference if it is not equal
1897 * to fs->first_object.
1899 KASSERT(fs->m->flags & PG_BUSY,
1900 ("vm_fault: page %p not busy!", fs->m));
1903 * Sanity check: page must be completely valid or it is not fit to
1904 * map into user space. vm_pager_get_pages() ensures this.
1906 if (fs->m->valid != VM_PAGE_BITS_ALL) {
1907 vm_page_zero_invalid(fs->m, TRUE);
1908 kprintf("Warning: page %p partially invalid on fault\n", fs->m);
1910 vm_page_flag_clear(fs->m, PG_ZERO);
1912 return (KERN_SUCCESS);
1916 * Hold each of the physical pages that are mapped by the specified range of
1917 * virtual addresses, ["addr", "addr" + "len"), if those mappings are valid
1918 * and allow the specified types of access, "prot". If all of the implied
1919 * pages are successfully held, then the number of held pages is returned
1920 * together with pointers to those pages in the array "ma". However, if any
1921 * of the pages cannot be held, -1 is returned.
1924 vm_fault_quick_hold_pages(vm_map_t map, vm_offset_t addr, vm_size_t len,
1925 vm_prot_t prot, vm_page_t *ma, int max_count)
1927 vm_offset_t start, end;
1928 int i, npages, error;
1930 start = trunc_page(addr);
1931 end = round_page(addr + len);
1933 npages = howmany(end - start, PAGE_SIZE);
1935 if (npages > max_count)
1938 for (i = 0; i < npages; i++) {
1939 // XXX error handling
1940 ma[i] = vm_fault_page_quick(start + (i * PAGE_SIZE),
1949 * Wire down a range of virtual addresses in a map. The entry in question
1950 * should be marked in-transition and the map must be locked. We must
1951 * release the map temporarily while faulting-in the page to avoid a
1952 * deadlock. Note that the entry may be clipped while we are blocked but
1953 * will never be freed.
1958 vm_fault_wire(vm_map_t map, vm_map_entry_t entry,
1959 boolean_t user_wire, int kmflags)
1961 boolean_t fictitious;
1972 lwkt_gettoken(&map->token);
1975 wire_prot = VM_PROT_READ;
1976 fault_flags = VM_FAULT_USER_WIRE;
1978 wire_prot = VM_PROT_READ | VM_PROT_WRITE;
1979 fault_flags = VM_FAULT_CHANGE_WIRING;
1981 if (kmflags & KM_NOTLBSYNC)
1982 wire_prot |= VM_PROT_NOSYNC;
1984 pmap = vm_map_pmap(map);
1985 start = entry->start;
1987 fictitious = entry->object.vm_object &&
1988 ((entry->object.vm_object->type == OBJT_DEVICE) ||
1989 (entry->object.vm_object->type == OBJT_MGTDEVICE));
1990 if (entry->eflags & MAP_ENTRY_KSTACK)
1996 * We simulate a fault to get the page and enter it in the physical
1999 for (va = start; va < end; va += PAGE_SIZE) {
2000 rv = vm_fault(map, va, wire_prot, fault_flags);
2002 while (va > start) {
2004 if ((pa = pmap_extract(pmap, va)) == 0)
2006 pmap_change_wiring(pmap, va, FALSE, entry);
2008 m = PHYS_TO_VM_PAGE(pa);
2009 vm_page_busy_wait(m, FALSE, "vmwrpg");
2010 vm_page_unwire(m, 1);
2020 lwkt_reltoken(&map->token);
2025 * Unwire a range of virtual addresses in a map. The map should be
2029 vm_fault_unwire(vm_map_t map, vm_map_entry_t entry)
2031 boolean_t fictitious;
2039 lwkt_gettoken(&map->token);
2041 pmap = vm_map_pmap(map);
2042 start = entry->start;
2044 fictitious = entry->object.vm_object &&
2045 ((entry->object.vm_object->type == OBJT_DEVICE) ||
2046 (entry->object.vm_object->type == OBJT_MGTDEVICE));
2047 if (entry->eflags & MAP_ENTRY_KSTACK)
2051 * Since the pages are wired down, we must be able to get their
2052 * mappings from the physical map system.
2054 for (va = start; va < end; va += PAGE_SIZE) {
2055 pa = pmap_extract(pmap, va);
2057 pmap_change_wiring(pmap, va, FALSE, entry);
2059 m = PHYS_TO_VM_PAGE(pa);
2060 vm_page_busy_wait(m, FALSE, "vmwupg");
2061 vm_page_unwire(m, 1);
2066 lwkt_reltoken(&map->token);
2070 * Copy all of the pages from a wired-down map entry to another.
2072 * The source and destination maps must be locked for write.
2073 * The source and destination maps token must be held
2074 * The source map entry must be wired down (or be a sharing map
2075 * entry corresponding to a main map entry that is wired down).
2077 * No other requirements.
2079 * XXX do segment optimization
2082 vm_fault_copy_entry(vm_map_t dst_map, vm_map_t src_map,
2083 vm_map_entry_t dst_entry, vm_map_entry_t src_entry)
2085 vm_object_t dst_object;
2086 vm_object_t src_object;
2087 vm_ooffset_t dst_offset;
2088 vm_ooffset_t src_offset;
2094 src_object = src_entry->object.vm_object;
2095 src_offset = src_entry->offset;
2098 * Create the top-level object for the destination entry. (Doesn't
2099 * actually shadow anything - we copy the pages directly.)
2101 vm_map_entry_allocate_object(dst_entry);
2102 dst_object = dst_entry->object.vm_object;
2104 prot = dst_entry->max_protection;
2107 * Loop through all of the pages in the entry's range, copying each
2108 * one from the source object (it should be there) to the destination
2111 vm_object_hold(src_object);
2112 vm_object_hold(dst_object);
2113 for (vaddr = dst_entry->start, dst_offset = 0;
2114 vaddr < dst_entry->end;
2115 vaddr += PAGE_SIZE, dst_offset += PAGE_SIZE) {
2118 * Allocate a page in the destination object
2121 dst_m = vm_page_alloc(dst_object,
2122 OFF_TO_IDX(dst_offset),
2124 if (dst_m == NULL) {
2127 } while (dst_m == NULL);
2130 * Find the page in the source object, and copy it in.
2131 * (Because the source is wired down, the page will be in
2134 src_m = vm_page_lookup(src_object,
2135 OFF_TO_IDX(dst_offset + src_offset));
2137 panic("vm_fault_copy_wired: page missing");
2139 vm_page_copy(src_m, dst_m);
2140 vm_page_event(src_m, VMEVENT_COW);
2143 * Enter it in the pmap...
2146 vm_page_flag_clear(dst_m, PG_ZERO);
2147 pmap_enter(dst_map->pmap, vaddr, dst_m, prot, FALSE, dst_entry);
2150 * Mark it no longer busy, and put it on the active list.
2152 vm_page_activate(dst_m);
2153 vm_page_wakeup(dst_m);
2155 vm_object_drop(dst_object);
2156 vm_object_drop(src_object);
2162 * This routine checks around the requested page for other pages that
2163 * might be able to be faulted in. This routine brackets the viable
2164 * pages for the pages to be paged in.
2167 * m, rbehind, rahead
2170 * marray (array of vm_page_t), reqpage (index of requested page)
2173 * number of pages in marray
2176 vm_fault_additional_pages(vm_page_t m, int rbehind, int rahead,
2177 vm_page_t *marray, int *reqpage)
2181 vm_pindex_t pindex, startpindex, endpindex, tpindex;
2183 int cbehind, cahead;
2189 * we don't fault-ahead for device pager
2191 if ((object->type == OBJT_DEVICE) ||
2192 (object->type == OBJT_MGTDEVICE)) {
2199 * if the requested page is not available, then give up now
2201 if (!vm_pager_has_page(object, pindex, &cbehind, &cahead)) {
2202 *reqpage = 0; /* not used by caller, fix compiler warn */
2206 if ((cbehind == 0) && (cahead == 0)) {
2212 if (rahead > cahead) {
2216 if (rbehind > cbehind) {
2221 * Do not do any readahead if we have insufficient free memory.
2223 * XXX code was broken disabled before and has instability
2224 * with this conditonal fixed, so shortcut for now.
2226 if (burst_fault == 0 || vm_page_count_severe()) {
2233 * scan backward for the read behind pages -- in memory
2235 * Assume that if the page is not found an interrupt will not
2236 * create it. Theoretically interrupts can only remove (busy)
2237 * pages, not create new associations.
2240 if (rbehind > pindex) {
2244 startpindex = pindex - rbehind;
2247 vm_object_hold(object);
2248 for (tpindex = pindex; tpindex > startpindex; --tpindex) {
2249 if (vm_page_lookup(object, tpindex - 1))
2254 while (tpindex < pindex) {
2255 rtm = vm_page_alloc(object, tpindex, VM_ALLOC_SYSTEM |
2258 for (j = 0; j < i; j++) {
2259 vm_page_free(marray[j]);
2261 vm_object_drop(object);
2270 vm_object_drop(object);
2276 * Assign requested page
2283 * Scan forwards for read-ahead pages
2285 tpindex = pindex + 1;
2286 endpindex = tpindex + rahead;
2287 if (endpindex > object->size)
2288 endpindex = object->size;
2290 vm_object_hold(object);
2291 while (tpindex < endpindex) {
2292 if (vm_page_lookup(object, tpindex))
2294 rtm = vm_page_alloc(object, tpindex, VM_ALLOC_SYSTEM |
2302 vm_object_drop(object);
2310 * vm_prefault() provides a quick way of clustering pagefaults into a
2311 * processes address space. It is a "cousin" of pmap_object_init_pt,
2312 * except it runs at page fault time instead of mmap time.
2314 * vm.fast_fault Enables pre-faulting zero-fill pages
2316 * vm.prefault_pages Number of pages (1/2 negative, 1/2 positive) to
2317 * prefault. Scan stops in either direction when
2318 * a page is found to already exist.
2320 * This code used to be per-platform pmap_prefault(). It is now
2321 * machine-independent and enhanced to also pre-fault zero-fill pages
2322 * (see vm.fast_fault) as well as make them writable, which greatly
2323 * reduces the number of page faults programs incur.
2325 * Application performance when pre-faulting zero-fill pages is heavily
2326 * dependent on the application. Very tiny applications like /bin/echo
2327 * lose a little performance while applications of any appreciable size
2328 * gain performance. Prefaulting multiple pages also reduces SMP
2329 * congestion and can improve SMP performance significantly.
2331 * NOTE! prot may allow writing but this only applies to the top level
2332 * object. If we wind up mapping a page extracted from a backing
2333 * object we have to make sure it is read-only.
2335 * NOTE! The caller has already handled any COW operations on the
2336 * vm_map_entry via the normal fault code. Do NOT call this
2337 * shortcut unless the normal fault code has run on this entry.
2339 * The related map must be locked.
2340 * No other requirements.
2342 static int vm_prefault_pages = 8;
2343 SYSCTL_INT(_vm, OID_AUTO, prefault_pages, CTLFLAG_RW, &vm_prefault_pages, 0,
2344 "Maximum number of pages to pre-fault");
2345 static int vm_fast_fault = 1;
2346 SYSCTL_INT(_vm, OID_AUTO, fast_fault, CTLFLAG_RW, &vm_fast_fault, 0,
2347 "Burst fault zero-fill regions");
2350 * Set PG_NOSYNC if the map entry indicates so, but only if the page
2351 * is not already dirty by other means. This will prevent passive
2352 * filesystem syncing as well as 'sync' from writing out the page.
2355 vm_set_nosync(vm_page_t m, vm_map_entry_t entry)
2357 if (entry->eflags & MAP_ENTRY_NOSYNC) {
2359 vm_page_flag_set(m, PG_NOSYNC);
2361 vm_page_flag_clear(m, PG_NOSYNC);
2366 vm_prefault(pmap_t pmap, vm_offset_t addra, vm_map_entry_t entry, int prot,
2382 * Get stable max count value, disabled if set to 0
2384 maxpages = vm_prefault_pages;
2390 * We do not currently prefault mappings that use virtual page
2391 * tables. We do not prefault foreign pmaps.
2393 if (entry->maptype == VM_MAPTYPE_VPAGETABLE)
2395 lp = curthread->td_lwp;
2396 if (lp == NULL || (pmap != vmspace_pmap(lp->lwp_vmspace)))
2400 * Limit pre-fault count to 1024 pages.
2402 if (maxpages > 1024)
2405 object = entry->object.vm_object;
2406 KKASSERT(object != NULL);
2407 KKASSERT(object == entry->object.vm_object);
2408 vm_object_hold(object);
2409 vm_object_chain_acquire(object, 0);
2413 for (i = 0; i < maxpages; ++i) {
2414 vm_object_t lobject;
2415 vm_object_t nobject;
2420 * This can eat a lot of time on a heavily contended
2421 * machine so yield on the tick if needed.
2427 * Calculate the page to pre-fault, stopping the scan in
2428 * each direction separately if the limit is reached.
2433 addr = addra - ((i + 1) >> 1) * PAGE_SIZE;
2437 addr = addra + ((i + 2) >> 1) * PAGE_SIZE;
2439 if (addr < entry->start) {
2445 if (addr >= entry->end) {
2453 * Skip pages already mapped, and stop scanning in that
2454 * direction. When the scan terminates in both directions
2457 if (pmap_prefault_ok(pmap, addr) == 0) {
2468 * Follow the VM object chain to obtain the page to be mapped
2471 * If we reach the terminal object without finding a page
2472 * and we determine it would be advantageous, then allocate
2473 * a zero-fill page for the base object. The base object
2474 * is guaranteed to be OBJT_DEFAULT for this case.
2476 * In order to not have to check the pager via *haspage*()
2477 * we stop if any non-default object is encountered. e.g.
2478 * a vnode or swap object would stop the loop.
2480 index = ((addr - entry->start) + entry->offset) >> PAGE_SHIFT;
2485 KKASSERT(lobject == entry->object.vm_object);
2486 /*vm_object_hold(lobject); implied */
2488 while ((m = vm_page_lookup_busy_try(lobject, pindex,
2489 TRUE, &error)) == NULL) {
2490 if (lobject->type != OBJT_DEFAULT)
2492 if (lobject->backing_object == NULL) {
2493 if (vm_fast_fault == 0)
2495 if ((prot & VM_PROT_WRITE) == 0 ||
2496 vm_page_count_min(0)) {
2501 * NOTE: Allocated from base object
2503 m = vm_page_alloc(object, index,
2512 /* lobject = object .. not needed */
2515 if (lobject->backing_object_offset & PAGE_MASK)
2517 nobject = lobject->backing_object;
2518 vm_object_hold(nobject);
2519 KKASSERT(nobject == lobject->backing_object);
2520 pindex += lobject->backing_object_offset >> PAGE_SHIFT;
2521 if (lobject != object) {
2522 vm_object_lock_swap();
2523 vm_object_drop(lobject);
2526 pprot &= ~VM_PROT_WRITE;
2527 vm_object_chain_acquire(lobject, 0);
2531 * NOTE: A non-NULL (m) will be associated with lobject if
2532 * it was found there, otherwise it is probably a
2533 * zero-fill page associated with the base object.
2535 * Give-up if no page is available.
2538 if (lobject != object) {
2540 if (object->backing_object != lobject)
2541 vm_object_hold(object->backing_object);
2543 vm_object_chain_release_all(
2544 object->backing_object, lobject);
2546 if (object->backing_object != lobject)
2547 vm_object_drop(object->backing_object);
2549 vm_object_drop(lobject);
2555 * The object must be marked dirty if we are mapping a
2556 * writable page. m->object is either lobject or object,
2557 * both of which are still held. Do this before we
2558 * potentially drop the object.
2560 if (pprot & VM_PROT_WRITE)
2561 vm_object_set_writeable_dirty(m->object);
2564 * Do not conditionalize on PG_RAM. If pages are present in
2565 * the VM system we assume optimal caching. If caching is
2566 * not optimal the I/O gravy train will be restarted when we
2567 * hit an unavailable page. We do not want to try to restart
2568 * the gravy train now because we really don't know how much
2569 * of the object has been cached. The cost for restarting
2570 * the gravy train should be low (since accesses will likely
2571 * be I/O bound anyway).
2573 if (lobject != object) {
2575 if (object->backing_object != lobject)
2576 vm_object_hold(object->backing_object);
2578 vm_object_chain_release_all(object->backing_object,
2581 if (object->backing_object != lobject)
2582 vm_object_drop(object->backing_object);
2584 vm_object_drop(lobject);
2588 * Enter the page into the pmap if appropriate. If we had
2589 * allocated the page we have to place it on a queue. If not
2590 * we just have to make sure it isn't on the cache queue
2591 * (pages on the cache queue are not allowed to be mapped).
2595 * Page must be zerod.
2597 if ((m->flags & PG_ZERO) == 0) {
2598 vm_page_zero_fill(m);
2601 pmap_page_assertzero(
2602 VM_PAGE_TO_PHYS(m));
2604 vm_page_flag_clear(m, PG_ZERO);
2605 mycpu->gd_cnt.v_ozfod++;
2607 mycpu->gd_cnt.v_zfod++;
2608 m->valid = VM_PAGE_BITS_ALL;
2611 * Handle dirty page case
2613 if (pprot & VM_PROT_WRITE)
2614 vm_set_nosync(m, entry);
2615 pmap_enter(pmap, addr, m, pprot, 0, entry);
2616 mycpu->gd_cnt.v_vm_faults++;
2617 if (curthread->td_lwp)
2618 ++curthread->td_lwp->lwp_ru.ru_minflt;
2619 vm_page_deactivate(m);
2620 if (pprot & VM_PROT_WRITE) {
2621 /*vm_object_set_writeable_dirty(m->object);*/
2622 vm_set_nosync(m, entry);
2623 if (fault_flags & VM_FAULT_DIRTY) {
2626 swap_pager_unswapped(m);
2631 /* couldn't busy page, no wakeup */
2633 ((m->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
2634 (m->flags & PG_FICTITIOUS) == 0) {
2636 * A fully valid page not undergoing soft I/O can
2637 * be immediately entered into the pmap.
2639 if ((m->queue - m->pc) == PQ_CACHE)
2640 vm_page_deactivate(m);
2641 if (pprot & VM_PROT_WRITE) {
2642 /*vm_object_set_writeable_dirty(m->object);*/
2643 vm_set_nosync(m, entry);
2644 if (fault_flags & VM_FAULT_DIRTY) {
2647 swap_pager_unswapped(m);
2650 if (pprot & VM_PROT_WRITE)
2651 vm_set_nosync(m, entry);
2652 pmap_enter(pmap, addr, m, pprot, 0, entry);
2653 mycpu->gd_cnt.v_vm_faults++;
2654 if (curthread->td_lwp)
2655 ++curthread->td_lwp->lwp_ru.ru_minflt;
2661 vm_object_chain_release(object);
2662 vm_object_drop(object);
2666 * Object can be held shared
2669 vm_prefault_quick(pmap_t pmap, vm_offset_t addra,
2670 vm_map_entry_t entry, int prot, int fault_flags)
2683 * Get stable max count value, disabled if set to 0
2685 maxpages = vm_prefault_pages;
2691 * We do not currently prefault mappings that use virtual page
2692 * tables. We do not prefault foreign pmaps.
2694 if (entry->maptype == VM_MAPTYPE_VPAGETABLE)
2696 lp = curthread->td_lwp;
2697 if (lp == NULL || (pmap != vmspace_pmap(lp->lwp_vmspace)))
2699 object = entry->object.vm_object;
2700 if (object->backing_object != NULL)
2702 ASSERT_LWKT_TOKEN_HELD(vm_object_token(object));
2705 * Limit pre-fault count to 1024 pages.
2707 if (maxpages > 1024)
2712 for (i = 0; i < maxpages; ++i) {
2716 * Calculate the page to pre-fault, stopping the scan in
2717 * each direction separately if the limit is reached.
2722 addr = addra - ((i + 1) >> 1) * PAGE_SIZE;
2726 addr = addra + ((i + 2) >> 1) * PAGE_SIZE;
2728 if (addr < entry->start) {
2734 if (addr >= entry->end) {
2742 * Skip pages already mapped, and stop scanning in that
2743 * direction. When the scan terminates in both directions
2746 if (pmap_prefault_ok(pmap, addr) == 0) {
2757 * Follow the VM object chain to obtain the page to be mapped
2758 * into the pmap. This version of the prefault code only
2759 * works with terminal objects.
2761 * WARNING! We cannot call swap_pager_unswapped() with a
2764 pindex = ((addr - entry->start) + entry->offset) >> PAGE_SHIFT;
2766 m = vm_page_lookup_busy_try(object, pindex, TRUE, &error);
2767 if (m == NULL || error)
2770 if (((m->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
2771 (m->flags & PG_FICTITIOUS) == 0 &&
2772 ((m->flags & PG_SWAPPED) == 0 ||
2773 (prot & VM_PROT_WRITE) == 0 ||
2774 (fault_flags & VM_FAULT_DIRTY) == 0)) {
2776 * A fully valid page not undergoing soft I/O can
2777 * be immediately entered into the pmap.
2779 if ((m->queue - m->pc) == PQ_CACHE)
2780 vm_page_deactivate(m);
2781 if (prot & VM_PROT_WRITE) {
2782 vm_object_set_writeable_dirty(m->object);
2783 vm_set_nosync(m, entry);
2784 if (fault_flags & VM_FAULT_DIRTY) {
2787 swap_pager_unswapped(m);
2790 pmap_enter(pmap, addr, m, prot, 0, entry);
2791 mycpu->gd_cnt.v_vm_faults++;
2792 if (curthread->td_lwp)
2793 ++curthread->td_lwp->lwp_ru.ru_minflt;
projects / dragonfly.git / blob