2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2003-2017 The DragonFly Project. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * The Mach Operating System project at Carnegie-Mellon University.
9 * This code is derived from software contributed to The DragonFly Project
10 * by Matthew Dillon <dillon@backplane.com>
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * from: @(#)vm_map.c 8.3 (Berkeley) 1/12/94
39 * Copyright (c) 1987, 1990 Carnegie-Mellon University.
40 * All rights reserved.
42 * Authors: Avadis Tevanian, Jr., Michael Wayne Young
44 * Permission to use, copy, modify and distribute this software and
45 * its documentation is hereby granted, provided that both the copyright
46 * notice and this permission notice appear in all copies of the
47 * software, derivative works or modified versions, and any portions
48 * thereof, and that both notices appear in supporting documentation.
50 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
51 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND
52 * FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
54 * Carnegie Mellon requests users of this software to return to
56 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
57 * School of Computer Science
58 * Carnegie Mellon University
59 * Pittsburgh PA 15213-3890
61 * any improvements or extensions that they make and grant Carnegie the
62 * rights to redistribute these changes.
64 * $FreeBSD: src/sys/vm/vm_map.c,v 1.187.2.19 2003/05/27 00:47:02 alc Exp $
68 * Virtual memory mapping module.
71 #include <sys/param.h>
72 #include <sys/systm.h>
73 #include <sys/kernel.h>
75 #include <sys/serialize.h>
77 #include <sys/vmmeter.h>
79 #include <sys/vnode.h>
80 #include <sys/resourcevar.h>
83 #include <sys/malloc.h>
84 #include <sys/objcache.h>
85 #include <sys/kern_syscall.h>
88 #include <vm/vm_param.h>
90 #include <vm/vm_map.h>
91 #include <vm/vm_page.h>
92 #include <vm/vm_object.h>
93 #include <vm/vm_pager.h>
94 #include <vm/vm_kern.h>
95 #include <vm/vm_extern.h>
96 #include <vm/swap_pager.h>
97 #include <vm/vm_zone.h>
99 #include <sys/random.h>
100 #include <sys/sysctl.h>
101 #include <sys/spinlock.h>
103 #include <sys/thread2.h>
104 #include <sys/spinlock2.h>
107 * Virtual memory maps provide for the mapping, protection, and sharing
108 * of virtual memory objects. In addition, this module provides for an
109 * efficient virtual copy of memory from one map to another.
111 * Synchronization is required prior to most operations.
113 * Maps consist of an ordered doubly-linked list of simple entries.
114 * A hint and a RB tree is used to speed-up lookups.
116 * Callers looking to modify maps specify start/end addresses which cause
117 * the related map entry to be clipped if necessary, and then later
118 * recombined if the pieces remained compatible.
120 * Virtual copy operations are performed by copying VM object references
121 * from one map to another, and then marking both regions as copy-on-write.
123 static boolean_t vmspace_ctor(void *obj, void *privdata, int ocflags);
124 static void vmspace_dtor(void *obj, void *privdata);
125 static void vmspace_terminate(struct vmspace *vm, int final);
127 MALLOC_DEFINE(M_VMSPACE, "vmspace", "vmspace objcache backingstore");
128 MALLOC_DEFINE(M_MAP_BACKING, "map_backing", "vm_map_backing to entry");
129 static struct objcache *vmspace_cache;
132 * per-cpu page table cross mappings are initialized in early boot
133 * and might require a considerable number of vm_map_entry structures.
135 #define MAPENTRYBSP_CACHE (MAXCPU+1)
136 #define MAPENTRYAP_CACHE 8
139 * Partioning threaded programs with large anonymous memory areas can
140 * improve concurrent fault performance.
142 #define MAP_ENTRY_PARTITION_SIZE ((vm_offset_t)(32 * 1024 * 1024))
143 #define MAP_ENTRY_PARTITION_MASK (MAP_ENTRY_PARTITION_SIZE - 1)
145 #define VM_MAP_ENTRY_WITHIN_PARTITION(entry) \
146 ((((entry)->start ^ (entry)->end) & ~MAP_ENTRY_PARTITION_MASK) == 0)
148 static struct vm_zone mapentzone_store;
149 static vm_zone_t mapentzone;
151 static struct vm_map_entry map_entry_init[MAX_MAPENT];
152 static struct vm_map_entry cpu_map_entry_init_bsp[MAPENTRYBSP_CACHE];
153 static struct vm_map_entry cpu_map_entry_init_ap[MAXCPU][MAPENTRYAP_CACHE];
155 static int randomize_mmap;
156 SYSCTL_INT(_vm, OID_AUTO, randomize_mmap, CTLFLAG_RW, &randomize_mmap, 0,
157 "Randomize mmap offsets");
158 static int vm_map_relock_enable = 1;
159 SYSCTL_INT(_vm, OID_AUTO, map_relock_enable, CTLFLAG_RW,
160 &vm_map_relock_enable, 0, "insert pop pgtable optimization");
161 static int vm_map_partition_enable = 1;
162 SYSCTL_INT(_vm, OID_AUTO, map_partition_enable, CTLFLAG_RW,
163 &vm_map_partition_enable, 0, "Break up larger vm_map_entry's");
164 static int vm_map_backing_limit = 5;
165 SYSCTL_INT(_vm, OID_AUTO, map_backing_limit, CTLFLAG_RW,
166 &vm_map_backing_limit, 0, "ba.backing_ba link depth");
168 static void vmspace_drop_notoken(struct vmspace *vm);
169 static void vm_map_entry_shadow(vm_map_entry_t entry, int addref);
170 static vm_map_entry_t vm_map_entry_create(vm_map_t map, int *);
171 static void vm_map_entry_dispose (vm_map_t map, vm_map_entry_t entry, int *);
172 static void vm_map_entry_dispose_ba (vm_map_backing_t ba);
173 static void _vm_map_clip_end (vm_map_t, vm_map_entry_t, vm_offset_t, int *);
174 static void _vm_map_clip_start (vm_map_t, vm_map_entry_t, vm_offset_t, int *);
175 static void vm_map_entry_delete (vm_map_t, vm_map_entry_t, int *);
176 static void vm_map_entry_unwire (vm_map_t, vm_map_entry_t);
177 static void vm_map_copy_entry (vm_map_t, vm_map_t, vm_map_entry_t,
179 static void vm_map_unclip_range (vm_map_t map, vm_map_entry_t start_entry,
180 vm_offset_t start, vm_offset_t end, int *countp, int flags);
181 static void vm_map_entry_partition(vm_map_t map, vm_map_entry_t entry,
182 vm_offset_t vaddr, int *countp);
185 * Initialize the vm_map module. Must be called before any other vm_map
188 * Map and entry structures are allocated from the general purpose
189 * memory pool with some exceptions:
191 * - The kernel map is allocated statically.
192 * - Initial kernel map entries are allocated out of a static pool.
193 * - We must set ZONE_SPECIAL here or the early boot code can get
194 * stuck if there are >63 cores.
196 * These restrictions are necessary since malloc() uses the
197 * maps and requires map entries.
199 * Called from the low level boot code only.
204 mapentzone = &mapentzone_store;
205 zbootinit(mapentzone, "MAP ENTRY", sizeof (struct vm_map_entry),
206 map_entry_init, MAX_MAPENT);
207 mapentzone_store.zflags |= ZONE_SPECIAL;
211 * Called prior to any vmspace allocations.
213 * Called from the low level boot code only.
218 vmspace_cache = objcache_create_mbacked(M_VMSPACE,
219 sizeof(struct vmspace),
221 vmspace_ctor, vmspace_dtor,
223 zinitna(mapentzone, NULL, 0, 0, ZONE_USE_RESERVE | ZONE_SPECIAL);
229 * objcache support. We leave the pmap root cached as long as possible
230 * for performance reasons.
234 vmspace_ctor(void *obj, void *privdata, int ocflags)
236 struct vmspace *vm = obj;
238 bzero(vm, sizeof(*vm));
239 vm->vm_refcnt = VM_REF_DELETED;
246 vmspace_dtor(void *obj, void *privdata)
248 struct vmspace *vm = obj;
250 KKASSERT(vm->vm_refcnt == VM_REF_DELETED);
251 pmap_puninit(vmspace_pmap(vm));
255 * Red black tree functions
257 * The caller must hold the related map lock.
259 static int rb_vm_map_compare(vm_map_entry_t a, vm_map_entry_t b);
260 RB_GENERATE(vm_map_rb_tree, vm_map_entry, rb_entry, rb_vm_map_compare);
262 /* a->start is address, and the only field which must be initialized */
264 rb_vm_map_compare(vm_map_entry_t a, vm_map_entry_t b)
266 if (a->start < b->start)
268 else if (a->start > b->start)
274 * Initialize vmspace ref/hold counts vmspace0. There is a holdcnt for
278 vmspace_initrefs(struct vmspace *vm)
285 * Allocate a vmspace structure, including a vm_map and pmap.
286 * Initialize numerous fields. While the initial allocation is zerod,
287 * subsequence reuse from the objcache leaves elements of the structure
288 * intact (particularly the pmap), so portions must be zerod.
290 * Returns a referenced vmspace.
295 vmspace_alloc(vm_offset_t min, vm_offset_t max)
299 vm = objcache_get(vmspace_cache, M_WAITOK);
301 bzero(&vm->vm_startcopy,
302 (char *)&vm->vm_endcopy - (char *)&vm->vm_startcopy);
303 vm_map_init(&vm->vm_map, min, max, NULL); /* initializes token */
306 * NOTE: hold to acquires token for safety.
308 * On return vmspace is referenced (refs=1, hold=1). That is,
309 * each refcnt also has a holdcnt. There can be additional holds
310 * (holdcnt) above and beyond the refcnt. Finalization is handled in
311 * two stages, one on refs 1->0, and the the second on hold 1->0.
313 KKASSERT(vm->vm_holdcnt == 0);
314 KKASSERT(vm->vm_refcnt == VM_REF_DELETED);
315 vmspace_initrefs(vm);
317 pmap_pinit(vmspace_pmap(vm)); /* (some fields reused) */
318 vm->vm_map.pmap = vmspace_pmap(vm); /* XXX */
321 cpu_vmspace_alloc(vm);
328 * NOTE: Can return 0 if the vmspace is exiting.
331 vmspace_getrefs(struct vmspace *vm)
337 if (n & VM_REF_DELETED)
343 vmspace_hold(struct vmspace *vm)
345 atomic_add_int(&vm->vm_holdcnt, 1);
346 lwkt_gettoken(&vm->vm_map.token);
350 * Drop with final termination interlock.
353 vmspace_drop(struct vmspace *vm)
355 lwkt_reltoken(&vm->vm_map.token);
356 vmspace_drop_notoken(vm);
360 vmspace_drop_notoken(struct vmspace *vm)
362 if (atomic_fetchadd_int(&vm->vm_holdcnt, -1) == 1) {
363 if (vm->vm_refcnt & VM_REF_DELETED)
364 vmspace_terminate(vm, 1);
369 * A vmspace object must not be in a terminated state to be able to obtain
370 * additional refs on it.
372 * These are official references to the vmspace, the count is used to check
373 * for vmspace sharing. Foreign accessors should use 'hold' and not 'ref'.
375 * XXX we need to combine hold & ref together into one 64-bit field to allow
376 * holds to prevent stage-1 termination.
379 vmspace_ref(struct vmspace *vm)
383 atomic_add_int(&vm->vm_holdcnt, 1);
384 n = atomic_fetchadd_int(&vm->vm_refcnt, 1);
385 KKASSERT((n & VM_REF_DELETED) == 0);
389 * Release a ref on the vmspace. On the 1->0 transition we do stage-1
390 * termination of the vmspace. Then, on the final drop of the hold we
391 * will do stage-2 final termination.
394 vmspace_rel(struct vmspace *vm)
399 * Drop refs. Each ref also has a hold which is also dropped.
401 * When refs hits 0 compete to get the VM_REF_DELETED flag (hold
402 * prevent finalization) to start termination processing.
403 * Finalization occurs when the last hold count drops to 0.
405 n = atomic_fetchadd_int(&vm->vm_refcnt, -1) - 1;
407 if (atomic_cmpset_int(&vm->vm_refcnt, 0, VM_REF_DELETED)) {
408 vmspace_terminate(vm, 0);
414 vmspace_drop_notoken(vm);
418 * This is called during exit indicating that the vmspace is no
419 * longer in used by an exiting process, but the process has not yet
422 * We drop refs, allowing for stage-1 termination, but maintain a holdcnt
423 * to prevent stage-2 until the process is reaped. Note hte order of
424 * operation, we must hold first.
429 vmspace_relexit(struct vmspace *vm)
431 atomic_add_int(&vm->vm_holdcnt, 1);
436 * Called during reap to disconnect the remainder of the vmspace from
437 * the process. On the hold drop the vmspace termination is finalized.
442 vmspace_exitfree(struct proc *p)
448 vmspace_drop_notoken(vm);
452 * Called in two cases:
454 * (1) When the last refcnt is dropped and the vmspace becomes inactive,
455 * called with final == 0. refcnt will be (u_int)-1 at this point,
456 * and holdcnt will still be non-zero.
458 * (2) When holdcnt becomes 0, called with final == 1. There should no
459 * longer be anyone with access to the vmspace.
461 * VMSPACE_EXIT1 flags the primary deactivation
462 * VMSPACE_EXIT2 flags the last reap
465 vmspace_terminate(struct vmspace *vm, int final)
469 lwkt_gettoken(&vm->vm_map.token);
471 KKASSERT((vm->vm_flags & VMSPACE_EXIT1) == 0);
472 vm->vm_flags |= VMSPACE_EXIT1;
475 * Get rid of most of the resources. Leave the kernel pmap
478 * If the pmap does not contain wired pages we can bulk-delete
479 * the pmap as a performance optimization before removing the
482 * If the pmap contains wired pages we cannot do this
483 * pre-optimization because currently vm_fault_unwire()
484 * expects the pmap pages to exist and will not decrement
485 * p->wire_count if they do not.
488 if (vmspace_pmap(vm)->pm_stats.wired_count) {
489 vm_map_remove(&vm->vm_map, VM_MIN_USER_ADDRESS,
490 VM_MAX_USER_ADDRESS);
491 pmap_remove_pages(vmspace_pmap(vm), VM_MIN_USER_ADDRESS,
492 VM_MAX_USER_ADDRESS);
494 pmap_remove_pages(vmspace_pmap(vm), VM_MIN_USER_ADDRESS,
495 VM_MAX_USER_ADDRESS);
496 vm_map_remove(&vm->vm_map, VM_MIN_USER_ADDRESS,
497 VM_MAX_USER_ADDRESS);
499 lwkt_reltoken(&vm->vm_map.token);
501 KKASSERT((vm->vm_flags & VMSPACE_EXIT1) != 0);
502 KKASSERT((vm->vm_flags & VMSPACE_EXIT2) == 0);
505 * Get rid of remaining basic resources.
507 vm->vm_flags |= VMSPACE_EXIT2;
510 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
511 vm_map_lock(&vm->vm_map);
512 cpu_vmspace_free(vm);
515 * Lock the map, to wait out all other references to it.
516 * Delete all of the mappings and pages they hold, then call
517 * the pmap module to reclaim anything left.
519 vm_map_delete(&vm->vm_map,
520 vm_map_min(&vm->vm_map),
521 vm_map_max(&vm->vm_map),
523 vm_map_unlock(&vm->vm_map);
524 vm_map_entry_release(count);
526 pmap_release(vmspace_pmap(vm));
527 lwkt_reltoken(&vm->vm_map.token);
528 objcache_put(vmspace_cache, vm);
533 * Swap useage is determined by taking the proportional swap used by
534 * VM objects backing the VM map. To make up for fractional losses,
535 * if the VM object has any swap use at all the associated map entries
536 * count for at least 1 swap page.
541 vmspace_swap_count(struct vmspace *vm)
543 vm_map_t map = &vm->vm_map;
546 vm_offset_t count = 0;
551 RB_FOREACH(cur, vm_map_rb_tree, &map->rb_root) {
552 switch(cur->maptype) {
553 case VM_MAPTYPE_NORMAL:
554 case VM_MAPTYPE_VPAGETABLE:
555 if ((object = cur->ba.object) == NULL)
557 if (object->swblock_count) {
558 n = (cur->end - cur->start) / PAGE_SIZE;
559 count += object->swblock_count *
560 SWAP_META_PAGES * n / object->size + 1;
573 * Calculate the approximate number of anonymous pages in use by
574 * this vmspace. To make up for fractional losses, we count each
575 * VM object as having at least 1 anonymous page.
580 vmspace_anonymous_count(struct vmspace *vm)
582 vm_map_t map = &vm->vm_map;
585 vm_offset_t count = 0;
588 RB_FOREACH(cur, vm_map_rb_tree, &map->rb_root) {
589 switch(cur->maptype) {
590 case VM_MAPTYPE_NORMAL:
591 case VM_MAPTYPE_VPAGETABLE:
592 if ((object = cur->ba.object) == NULL)
594 if (object->type != OBJT_DEFAULT &&
595 object->type != OBJT_SWAP) {
598 count += object->resident_page_count;
610 * Initialize an existing vm_map structure such as that in the vmspace
611 * structure. The pmap is initialized elsewhere.
616 vm_map_init(struct vm_map *map, vm_offset_t min_addr, vm_offset_t max_addr,
619 RB_INIT(&map->rb_root);
620 spin_init(&map->ilock_spin, "ilock");
621 map->ilock_base = NULL;
625 vm_map_min(map) = min_addr;
626 vm_map_max(map) = max_addr;
630 bzero(&map->freehint, sizeof(map->freehint));
631 lwkt_token_init(&map->token, "vm_map");
632 lockinit(&map->lock, "vm_maplk", (hz + 9) / 10, 0);
636 * Find the first possible free address for the specified request length.
637 * Returns 0 if we don't have one cached.
641 vm_map_freehint_find(vm_map_t map, vm_size_t length, vm_size_t align)
643 vm_map_freehint_t *scan;
645 scan = &map->freehint[0];
646 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
647 if (scan->length == length && scan->align == align)
655 * Unconditionally set the freehint. Called by vm_map_findspace() after
656 * it finds an address. This will help us iterate optimally on the next
661 vm_map_freehint_update(vm_map_t map, vm_offset_t start,
662 vm_size_t length, vm_size_t align)
664 vm_map_freehint_t *scan;
666 scan = &map->freehint[0];
667 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
668 if (scan->length == length && scan->align == align) {
674 scan = &map->freehint[map->freehint_newindex & VM_MAP_FFMASK];
677 scan->length = length;
678 ++map->freehint_newindex;
682 * Update any existing freehints (for any alignment), for the hole we just
687 vm_map_freehint_hole(vm_map_t map, vm_offset_t start, vm_size_t length)
689 vm_map_freehint_t *scan;
691 scan = &map->freehint[0];
692 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
693 if (scan->length <= length && scan->start > start)
700 * This function handles MAP_ENTRY_NEEDS_COPY by inserting a fronting
701 * object in the entry for COW faults.
703 * The entire chain including entry->ba (prior to inserting the fronting
704 * object) essentially becomes set in stone... elements of it can be paged
705 * in or out, but cannot be further modified.
707 * NOTE: If we do not optimize the backing chain then a unique copy is not
708 * needed. Note, however, that because portions of the chain are
709 * shared across pmaps we cannot make any changes to the vm_map_backing
710 * elements themselves.
712 * If the map segment is governed by a virtual page table then it is
713 * possible to address offsets beyond the mapped area. Just allocate
714 * a maximally sized object for this case.
716 * If addref is non-zero an additional reference is added to the returned
717 * entry. This mechanic exists because the additional reference might have
718 * to be added atomically and not after return to prevent a premature
719 * collapse. XXX currently there is no collapse code.
721 * The vm_map must be exclusively locked.
722 * No other requirements.
726 vm_map_entry_shadow(vm_map_entry_t entry, int addref)
734 if (entry->maptype == VM_MAPTYPE_VPAGETABLE)
737 length = atop(entry->end - entry->start);
738 ba = kmalloc(sizeof(*ba), M_MAP_BACKING, M_INTWAIT); /* copied later */
741 * The ref on source is inherited when we move it into the ba.
743 source = entry->ba.object;
746 * Don't create the new object if the old object isn't shared.
748 * If addref is non-zero additional ref(s) are being added (probably
749 * for map entry fork purposes), so clear OBJ_ONEMAPPING.
751 * WARNING! Checking ref_count == 1 only works because we are testing
752 * the object embedded in the entry (entry->ba.object).
753 * This test DOES NOT WORK if checking an object hanging off
754 * the backing chain (entry->ba.backing_ba list) because the
755 * vm_map_backing might be shared, or part of a chain that
756 * is shared. Checking ba->refs is worthless.
760 if (source->type != OBJT_VNODE) {
761 vm_object_hold(source);
762 if (source->ref_count == 1 &&
763 source->handle == NULL &&
764 (source->type == OBJT_DEFAULT ||
765 source->type == OBJT_SWAP)) {
767 vm_object_reference_locked(source);
768 vm_object_clear_flag(source,
771 vm_object_drop(source);
772 kfree(ba, M_MAP_BACKING);
775 /*vm_object_reference_locked(source);*/
776 vm_object_clear_flag(source, OBJ_ONEMAPPING);
777 drop_source = 1; /* drop source at end */
779 /*vm_object_reference_quick(source);*/
780 vm_object_clear_flag(source, OBJ_ONEMAPPING);
785 * Allocate a new object with the given length. The new object
786 * is returned referenced but we may have to add another one.
787 * If we are adding a second reference we must clear OBJ_ONEMAPPING.
788 * (typically because the caller is about to clone a vm_map_entry).
790 * The source object currently has an extra reference to prevent
791 * collapses into it while we mess with its shadow list, which
792 * we will remove later in this routine.
794 * The target object may require a second reference if asked for one
797 result = vm_object_allocate(OBJT_DEFAULT, length);
799 panic("vm_object_shadow: no object for shadowing");
800 vm_object_hold(result);
802 vm_object_reference_locked(result);
803 vm_object_clear_flag(result, OBJ_ONEMAPPING);
807 * The new object shadows the source object.
809 * Try to optimize the result object's page color when shadowing
810 * in order to maintain page coloring consistency in the combined
813 * The source object is moved to ba, retaining its existing ref-count.
814 * No additional ref is needed.
816 * SHADOWING IS NOT APPLICABLE TO OBJT_VNODE OBJECTS
818 *ba = entry->ba; /* previous ba */
819 ba->refs = 1; /* initialize ref count */
820 entry->ba.object = result; /* new ba (at head of entry) */
821 entry->ba.backing_ba = ba;
822 entry->ba.backing_count = ba->backing_count + 1;
823 entry->ba.offset = 0;
828 /* shadowing no longer messes with generation count */
830 atomic_add_int(&source->generation, 1);
831 vm_object_set_flag(result, OBJ_ONSHADOW);
834 /* cpu localization twist */
835 result->pg_color = vm_quickcolor();
839 * Adjust the return storage. Drop the ref on source before
842 vm_object_drop(result);
845 /*vm_object_deallocate_locked(source);*/
846 vm_object_drop(source);
848 /*vm_object_deallocate(source);*/
853 entry->eflags &= ~MAP_ENTRY_NEEDS_COPY;
857 * Allocate an object for a vm_map_entry.
859 * Object allocation for anonymous mappings is defered as long as possible.
860 * This function is called when we can defer no longer, generally when a map
861 * entry might be split or forked or takes a page fault.
863 * If the map segment is governed by a virtual page table then it is
864 * possible to address offsets beyond the mapped area. Just allocate
865 * a maximally sized object for this case.
867 * The vm_map must be exclusively locked.
868 * No other requirements.
871 vm_map_entry_allocate_object(vm_map_entry_t entry)
876 * ba.offset is added cumulatively in the backing_ba scan, so we
877 * can noly reset it to zero if ba.backing_ba is NULL. We reset
878 * it to 0 only for debugging convenience.
880 * ba.offset cannot otherwise be modified because it effects
881 * the offsets for the entire backing_ba chain.
883 if (entry->ba.backing_ba == NULL)
884 entry->ba.offset = 0;
886 if (entry->maptype == VM_MAPTYPE_VPAGETABLE) {
887 obj = vm_object_allocate(OBJT_DEFAULT, 0x7FFFFFFF); /* XXX */
889 obj = vm_object_allocate(OBJT_DEFAULT,
890 atop(entry->end - entry->start) +
893 entry->ba.object = obj;
897 * Set an initial negative count so the first attempt to reserve
898 * space preloads a bunch of vm_map_entry's for this cpu. Also
899 * pre-allocate 2 vm_map_entries which will be needed by zalloc() to
900 * map a new page for vm_map_entry structures. SMP systems are
901 * particularly sensitive.
903 * This routine is called in early boot so we cannot just call
904 * vm_map_entry_reserve().
906 * Called from the low level boot code only (for each cpu)
908 * WARNING! Take care not to have too-big a static/BSS structure here
909 * as MAXCPU can be 256+, otherwise the loader's 64MB heap
910 * can get blown out by the kernel plus the initrd image.
913 vm_map_entry_reserve_cpu_init(globaldata_t gd)
915 vm_map_entry_t entry;
919 atomic_add_int(&gd->gd_vme_avail, -MAP_RESERVE_COUNT * 2);
920 if (gd->gd_cpuid == 0) {
921 entry = &cpu_map_entry_init_bsp[0];
922 count = MAPENTRYBSP_CACHE;
924 entry = &cpu_map_entry_init_ap[gd->gd_cpuid][0];
925 count = MAPENTRYAP_CACHE;
927 for (i = 0; i < count; ++i, ++entry) {
928 MAPENT_FREELIST(entry) = gd->gd_vme_base;
929 gd->gd_vme_base = entry;
934 * Reserves vm_map_entry structures so code later-on can manipulate
935 * map_entry structures within a locked map without blocking trying
936 * to allocate a new vm_map_entry.
940 * WARNING! We must not decrement gd_vme_avail until after we have
941 * ensured that sufficient entries exist, otherwise we can
942 * get into an endless call recursion in the zalloc code
946 vm_map_entry_reserve(int count)
948 struct globaldata *gd = mycpu;
949 vm_map_entry_t entry;
952 * Make sure we have enough structures in gd_vme_base to handle
953 * the reservation request.
955 * Use a critical section to protect against VM faults. It might
956 * not be needed, but we have to be careful here.
958 if (gd->gd_vme_avail < count) {
960 while (gd->gd_vme_avail < count) {
961 entry = zalloc(mapentzone);
962 MAPENT_FREELIST(entry) = gd->gd_vme_base;
963 gd->gd_vme_base = entry;
964 atomic_add_int(&gd->gd_vme_avail, 1);
968 atomic_add_int(&gd->gd_vme_avail, -count);
974 * Releases previously reserved vm_map_entry structures that were not
975 * used. If we have too much junk in our per-cpu cache clean some of
981 vm_map_entry_release(int count)
983 struct globaldata *gd = mycpu;
984 vm_map_entry_t entry;
985 vm_map_entry_t efree;
987 count = atomic_fetchadd_int(&gd->gd_vme_avail, count) + count;
988 if (gd->gd_vme_avail > MAP_RESERVE_SLOP) {
991 while (gd->gd_vme_avail > MAP_RESERVE_HYST) {
992 entry = gd->gd_vme_base;
993 KKASSERT(entry != NULL);
994 gd->gd_vme_base = MAPENT_FREELIST(entry);
995 atomic_add_int(&gd->gd_vme_avail, -1);
996 MAPENT_FREELIST(entry) = efree;
1000 while ((entry = efree) != NULL) {
1001 efree = MAPENT_FREELIST(efree);
1002 zfree(mapentzone, entry);
1008 * Reserve map entry structures for use in kernel_map itself. These
1009 * entries have *ALREADY* been reserved on a per-cpu basis when the map
1010 * was inited. This function is used by zalloc() to avoid a recursion
1011 * when zalloc() itself needs to allocate additional kernel memory.
1013 * This function works like the normal reserve but does not load the
1014 * vm_map_entry cache (because that would result in an infinite
1015 * recursion). Note that gd_vme_avail may go negative. This is expected.
1017 * Any caller of this function must be sure to renormalize after
1018 * potentially eating entries to ensure that the reserve supply
1024 vm_map_entry_kreserve(int count)
1026 struct globaldata *gd = mycpu;
1028 atomic_add_int(&gd->gd_vme_avail, -count);
1029 KASSERT(gd->gd_vme_base != NULL,
1030 ("no reserved entries left, gd_vme_avail = %d",
1036 * Release previously reserved map entries for kernel_map. We do not
1037 * attempt to clean up like the normal release function as this would
1038 * cause an unnecessary (but probably not fatal) deep procedure call.
1043 vm_map_entry_krelease(int count)
1045 struct globaldata *gd = mycpu;
1047 atomic_add_int(&gd->gd_vme_avail, count);
1051 * Allocates a VM map entry for insertion. No entry fields are filled in.
1053 * The entries should have previously been reserved. The reservation count
1054 * is tracked in (*countp).
1058 static vm_map_entry_t
1059 vm_map_entry_create(vm_map_t map, int *countp)
1061 struct globaldata *gd = mycpu;
1062 vm_map_entry_t entry;
1064 KKASSERT(*countp > 0);
1067 entry = gd->gd_vme_base;
1068 KASSERT(entry != NULL, ("gd_vme_base NULL! count %d", *countp));
1069 gd->gd_vme_base = MAPENT_FREELIST(entry);
1076 * Dispose of the dynamically allocated backing_ba chain associated
1077 * with a vm_map_entry.
1079 * We decrement the (possibly shared) element and kfree() on the
1080 * 1->0 transition. We only iterate to the next backing_ba when
1081 * the previous one went through a 1->0 transition.
1084 vm_map_entry_dispose_ba(vm_map_backing_t ba)
1086 vm_map_backing_t next;
1090 refs = atomic_fetchadd_long(&ba->refs, -1);
1093 KKASSERT(refs == 1); /* transitioned 1->0 */
1095 vm_object_deallocate(ba->object);
1096 next = ba->backing_ba;
1097 kfree(ba, M_MAP_BACKING);
1103 * Dispose of a vm_map_entry that is no longer being referenced.
1108 vm_map_entry_dispose(vm_map_t map, vm_map_entry_t entry, int *countp)
1110 struct globaldata *gd = mycpu;
1113 * Dispose of the base object and the backing link.
1115 switch(entry->maptype) {
1116 case VM_MAPTYPE_NORMAL:
1117 case VM_MAPTYPE_VPAGETABLE:
1118 case VM_MAPTYPE_SUBMAP:
1119 if (entry->ba.object)
1120 vm_object_deallocate(entry->ba.object);
1122 case VM_MAPTYPE_UKSMAP:
1128 vm_map_entry_dispose_ba(entry->ba.backing_ba);
1131 * Cleanup for safety.
1133 entry->ba.backing_ba = NULL;
1134 entry->ba.object = NULL;
1135 entry->ba.offset = 0;
1139 MAPENT_FREELIST(entry) = gd->gd_vme_base;
1140 gd->gd_vme_base = entry;
1146 * Insert/remove entries from maps.
1148 * The related map must be exclusively locked.
1149 * The caller must hold map->token
1150 * No other requirements.
1152 static __inline void
1153 vm_map_entry_link(vm_map_t map, vm_map_entry_t entry)
1155 ASSERT_VM_MAP_LOCKED(map);
1158 if (vm_map_rb_tree_RB_INSERT(&map->rb_root, entry))
1159 panic("vm_map_entry_link: dup addr map %p ent %p", map, entry);
1162 static __inline void
1163 vm_map_entry_unlink(vm_map_t map,
1164 vm_map_entry_t entry)
1166 ASSERT_VM_MAP_LOCKED(map);
1168 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1169 panic("vm_map_entry_unlink: attempt to mess with "
1170 "locked entry! %p", entry);
1172 vm_map_rb_tree_RB_REMOVE(&map->rb_root, entry);
1177 * Finds the map entry containing (or immediately preceding) the specified
1178 * address in the given map. The entry is returned in (*entry).
1180 * The boolean result indicates whether the address is actually contained
1183 * The related map must be locked.
1184 * No other requirements.
1187 vm_map_lookup_entry(vm_map_t map, vm_offset_t address, vm_map_entry_t *entry)
1190 vm_map_entry_t last;
1192 ASSERT_VM_MAP_LOCKED(map);
1195 * Locate the record from the top of the tree. 'last' tracks the
1196 * closest prior record and is returned if no match is found, which
1197 * in binary tree terms means tracking the most recent right-branch
1198 * taken. If there is no prior record, *entry is set to NULL.
1201 tmp = RB_ROOT(&map->rb_root);
1204 if (address >= tmp->start) {
1205 if (address < tmp->end) {
1210 tmp = RB_RIGHT(tmp, rb_entry);
1212 tmp = RB_LEFT(tmp, rb_entry);
1220 * Inserts the given whole VM object into the target map at the specified
1221 * address range. The object's size should match that of the address range.
1223 * The map must be exclusively locked.
1224 * The object must be held.
1225 * The caller must have reserved sufficient vm_map_entry structures.
1227 * If object is non-NULL, ref count must be bumped by caller prior to
1228 * making call to account for the new entry.
1231 vm_map_insert(vm_map_t map, int *countp, void *map_object, void *map_aux,
1232 vm_ooffset_t offset, vm_offset_t start, vm_offset_t end,
1233 vm_maptype_t maptype, vm_subsys_t id,
1234 vm_prot_t prot, vm_prot_t max, int cow)
1236 vm_map_entry_t new_entry;
1237 vm_map_entry_t prev_entry;
1238 vm_map_entry_t next;
1239 vm_map_entry_t temp_entry;
1240 vm_eflags_t protoeflags;
1244 if (maptype == VM_MAPTYPE_UKSMAP)
1247 object = map_object;
1249 ASSERT_VM_MAP_LOCKED(map);
1251 ASSERT_LWKT_TOKEN_HELD(vm_object_token(object));
1254 * Check that the start and end points are not bogus.
1256 if ((start < vm_map_min(map)) || (end > vm_map_max(map)) ||
1258 return (KERN_INVALID_ADDRESS);
1262 * Find the entry prior to the proposed starting address; if it's part
1263 * of an existing entry, this range is bogus.
1265 if (vm_map_lookup_entry(map, start, &temp_entry))
1266 return (KERN_NO_SPACE);
1267 prev_entry = temp_entry;
1270 * Assert that the next entry doesn't overlap the end point.
1273 next = vm_map_rb_tree_RB_NEXT(prev_entry);
1275 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
1276 if (next && next->start < end)
1277 return (KERN_NO_SPACE);
1281 if (cow & MAP_COPY_ON_WRITE)
1282 protoeflags |= MAP_ENTRY_COW|MAP_ENTRY_NEEDS_COPY;
1284 if (cow & MAP_NOFAULT) {
1285 protoeflags |= MAP_ENTRY_NOFAULT;
1287 KASSERT(object == NULL,
1288 ("vm_map_insert: paradoxical MAP_NOFAULT request"));
1290 if (cow & MAP_DISABLE_SYNCER)
1291 protoeflags |= MAP_ENTRY_NOSYNC;
1292 if (cow & MAP_DISABLE_COREDUMP)
1293 protoeflags |= MAP_ENTRY_NOCOREDUMP;
1294 if (cow & MAP_IS_STACK)
1295 protoeflags |= MAP_ENTRY_STACK;
1296 if (cow & MAP_IS_KSTACK)
1297 protoeflags |= MAP_ENTRY_KSTACK;
1299 lwkt_gettoken(&map->token);
1303 * When object is non-NULL, it could be shared with another
1304 * process. We have to set or clear OBJ_ONEMAPPING
1307 * NOTE: This flag is only applicable to DEFAULT and SWAP
1308 * objects and will already be clear in other types
1309 * of objects, so a shared object lock is ok for
1312 if (object->ref_count > 1)
1313 vm_object_clear_flag(object, OBJ_ONEMAPPING);
1315 else if (prev_entry &&
1316 (prev_entry->eflags == protoeflags) &&
1317 (prev_entry->end == start) &&
1318 (prev_entry->wired_count == 0) &&
1319 (prev_entry->id == id) &&
1320 prev_entry->maptype == maptype &&
1321 maptype == VM_MAPTYPE_NORMAL &&
1322 prev_entry->ba.backing_ba == NULL && /* not backed */
1323 ((prev_entry->ba.object == NULL) ||
1324 vm_object_coalesce(prev_entry->ba.object,
1325 OFF_TO_IDX(prev_entry->ba.offset),
1326 (vm_size_t)(prev_entry->end - prev_entry->start),
1327 (vm_size_t)(end - prev_entry->end)))) {
1329 * We were able to extend the object. Determine if we
1330 * can extend the previous map entry to include the
1331 * new range as well.
1333 if ((prev_entry->inheritance == VM_INHERIT_DEFAULT) &&
1334 (prev_entry->protection == prot) &&
1335 (prev_entry->max_protection == max)) {
1336 map->size += (end - prev_entry->end);
1337 prev_entry->end = end;
1338 vm_map_simplify_entry(map, prev_entry, countp);
1339 lwkt_reltoken(&map->token);
1340 return (KERN_SUCCESS);
1344 * If we can extend the object but cannot extend the
1345 * map entry, we have to create a new map entry. We
1346 * must bump the ref count on the extended object to
1347 * account for it. object may be NULL.
1349 object = prev_entry->ba.object;
1350 offset = prev_entry->ba.offset +
1351 (prev_entry->end - prev_entry->start);
1353 vm_object_hold(object);
1354 vm_object_lock_swap(); /* map->token order */
1355 vm_object_reference_locked(object);
1356 map_object = object;
1362 * NOTE: if conditionals fail, object can be NULL here. This occurs
1363 * in things like the buffer map where we manage kva but do not manage
1368 * Create a new entry
1370 new_entry = vm_map_entry_create(map, countp);
1371 new_entry->start = start;
1372 new_entry->end = end;
1375 new_entry->maptype = maptype;
1376 new_entry->eflags = protoeflags;
1377 new_entry->aux.master_pde = 0; /* in case size is different */
1378 new_entry->aux.map_aux = map_aux;
1379 new_entry->ba.map_object = map_object;
1380 new_entry->ba.backing_ba = NULL;
1381 new_entry->ba.backing_count = 0;
1382 new_entry->ba.offset = offset;
1383 new_entry->ba.refs = 0;
1384 new_entry->ba.flags = 0;
1386 new_entry->inheritance = VM_INHERIT_DEFAULT;
1387 new_entry->protection = prot;
1388 new_entry->max_protection = max;
1389 new_entry->wired_count = 0;
1392 * Insert the new entry into the list
1395 vm_map_entry_link(map, new_entry);
1396 map->size += new_entry->end - new_entry->start;
1399 * Don't worry about updating freehint[] when inserting, allow
1400 * addresses to be lower than the actual first free spot.
1404 * Temporarily removed to avoid MAP_STACK panic, due to
1405 * MAP_STACK being a huge hack. Will be added back in
1406 * when MAP_STACK (and the user stack mapping) is fixed.
1409 * It may be possible to simplify the entry
1411 vm_map_simplify_entry(map, new_entry, countp);
1415 * Try to pre-populate the page table. Mappings governed by virtual
1416 * page tables cannot be prepopulated without a lot of work, so
1419 if ((cow & (MAP_PREFAULT|MAP_PREFAULT_PARTIAL)) &&
1420 maptype != VM_MAPTYPE_VPAGETABLE &&
1421 maptype != VM_MAPTYPE_UKSMAP) {
1423 if (vm_map_relock_enable && (cow & MAP_PREFAULT_RELOCK)) {
1425 vm_object_lock_swap();
1426 vm_object_drop(object);
1428 pmap_object_init_pt(map->pmap, start, prot,
1429 object, OFF_TO_IDX(offset), end - start,
1430 cow & MAP_PREFAULT_PARTIAL);
1432 vm_object_hold(object);
1433 vm_object_lock_swap();
1436 lwkt_reltoken(&map->token);
1438 vm_object_drop(object);
1440 return (KERN_SUCCESS);
1444 * Find sufficient space for `length' bytes in the given map, starting at
1445 * `start'. Returns 0 on success, 1 on no space.
1447 * This function will returned an arbitrarily aligned pointer. If no
1448 * particular alignment is required you should pass align as 1. Note that
1449 * the map may return PAGE_SIZE aligned pointers if all the lengths used in
1450 * the map are a multiple of PAGE_SIZE, even if you pass a smaller align
1453 * 'align' should be a power of 2 but is not required to be.
1455 * The map must be exclusively locked.
1456 * No other requirements.
1459 vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
1460 vm_size_t align, int flags, vm_offset_t *addr)
1462 vm_map_entry_t entry;
1464 vm_offset_t hole_start;
1466 vm_offset_t align_mask;
1468 if (start < vm_map_min(map))
1469 start = vm_map_min(map);
1470 if (start > vm_map_max(map))
1474 * If the alignment is not a power of 2 we will have to use
1475 * a mod/division, set align_mask to a special value.
1477 if ((align | (align - 1)) + 1 != (align << 1))
1478 align_mask = (vm_offset_t)-1;
1480 align_mask = align - 1;
1483 * Use freehint to adjust the start point, hopefully reducing
1484 * the iteration to O(1).
1486 hole_start = vm_map_freehint_find(map, length, align);
1487 if (start < hole_start)
1489 if (vm_map_lookup_entry(map, start, &tmp))
1491 entry = tmp; /* may be NULL */
1494 * Look through the rest of the map, trying to fit a new region in the
1495 * gap between existing regions, or after the very last region.
1499 * Adjust the proposed start by the requested alignment,
1500 * be sure that we didn't wrap the address.
1502 if (align_mask == (vm_offset_t)-1)
1503 end = roundup(start, align);
1505 end = (start + align_mask) & ~align_mask;
1511 * Find the end of the proposed new region. Be sure we didn't
1512 * go beyond the end of the map, or wrap around the address.
1513 * Then check to see if this is the last entry or if the
1514 * proposed end fits in the gap between this and the next
1517 end = start + length;
1518 if (end > vm_map_max(map) || end < start)
1522 * Locate the next entry, we can stop if this is the
1523 * last entry (we know we are in-bounds so that would
1527 entry = vm_map_rb_tree_RB_NEXT(entry);
1529 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
1534 * Determine if the proposed area would overlap the
1537 * When matching against a STACK entry, only allow the
1538 * memory map to intrude on the ungrown portion of the
1539 * STACK entry when MAP_TRYFIXED is set.
1541 if (entry->start >= end) {
1542 if ((entry->eflags & MAP_ENTRY_STACK) == 0)
1544 if (flags & MAP_TRYFIXED)
1546 if (entry->start - entry->aux.avail_ssize >= end)
1553 * Update the freehint
1555 vm_map_freehint_update(map, start, length, align);
1558 * Grow the kernel_map if necessary. pmap_growkernel() will panic
1559 * if it fails. The kernel_map is locked and nothing can steal
1560 * our address space if pmap_growkernel() blocks.
1562 * NOTE: This may be unconditionally called for kldload areas on
1563 * x86_64 because these do not bump kernel_vm_end (which would
1564 * fill 128G worth of page tables!). Therefore we must not
1567 if (map == &kernel_map) {
1570 kstop = round_page(start + length);
1571 if (kstop > kernel_vm_end)
1572 pmap_growkernel(start, kstop);
1579 * vm_map_find finds an unallocated region in the target address map with
1580 * the given length and allocates it. The search is defined to be first-fit
1581 * from the specified address; the region found is returned in the same
1584 * If object is non-NULL, ref count must be bumped by caller
1585 * prior to making call to account for the new entry.
1587 * No requirements. This function will lock the map temporarily.
1590 vm_map_find(vm_map_t map, void *map_object, void *map_aux,
1591 vm_ooffset_t offset, vm_offset_t *addr,
1592 vm_size_t length, vm_size_t align, boolean_t fitit,
1593 vm_maptype_t maptype, vm_subsys_t id,
1594 vm_prot_t prot, vm_prot_t max, int cow)
1601 if (maptype == VM_MAPTYPE_UKSMAP)
1604 object = map_object;
1608 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
1611 vm_object_hold_shared(object);
1613 if (vm_map_findspace(map, start, length, align, 0, addr)) {
1615 vm_object_drop(object);
1617 vm_map_entry_release(count);
1618 return (KERN_NO_SPACE);
1622 result = vm_map_insert(map, &count, map_object, map_aux,
1623 offset, start, start + length,
1624 maptype, id, prot, max, cow);
1626 vm_object_drop(object);
1628 vm_map_entry_release(count);
1634 * Simplify the given map entry by merging with either neighbor. This
1635 * routine also has the ability to merge with both neighbors.
1637 * This routine guarentees that the passed entry remains valid (though
1638 * possibly extended). When merging, this routine may delete one or
1639 * both neighbors. No action is taken on entries which have their
1640 * in-transition flag set.
1642 * The map must be exclusively locked.
1645 vm_map_simplify_entry(vm_map_t map, vm_map_entry_t entry, int *countp)
1647 vm_map_entry_t next, prev;
1648 vm_size_t prevsize, esize;
1650 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1651 ++mycpu->gd_cnt.v_intrans_coll;
1655 if (entry->maptype == VM_MAPTYPE_SUBMAP)
1657 if (entry->maptype == VM_MAPTYPE_UKSMAP)
1660 prev = vm_map_rb_tree_RB_PREV(entry);
1662 prevsize = prev->end - prev->start;
1663 if ( (prev->end == entry->start) &&
1664 (prev->maptype == entry->maptype) &&
1665 (prev->ba.object == entry->ba.object) &&
1666 (prev->ba.backing_ba == entry->ba.backing_ba) &&
1667 (!prev->ba.object ||
1668 (prev->ba.offset + prevsize == entry->ba.offset)) &&
1669 (prev->eflags == entry->eflags) &&
1670 (prev->protection == entry->protection) &&
1671 (prev->max_protection == entry->max_protection) &&
1672 (prev->inheritance == entry->inheritance) &&
1673 (prev->id == entry->id) &&
1674 (prev->wired_count == entry->wired_count)) {
1675 vm_map_entry_unlink(map, prev);
1676 entry->start = prev->start;
1677 entry->ba.offset = prev->ba.offset;
1678 vm_map_entry_dispose(map, prev, countp);
1682 next = vm_map_rb_tree_RB_NEXT(entry);
1684 esize = entry->end - entry->start;
1685 if ((entry->end == next->start) &&
1686 (next->maptype == entry->maptype) &&
1687 (next->ba.object == entry->ba.object) &&
1688 (prev->ba.backing_ba == entry->ba.backing_ba) &&
1689 (!entry->ba.object ||
1690 (entry->ba.offset + esize == next->ba.offset)) &&
1691 (next->eflags == entry->eflags) &&
1692 (next->protection == entry->protection) &&
1693 (next->max_protection == entry->max_protection) &&
1694 (next->inheritance == entry->inheritance) &&
1695 (next->id == entry->id) &&
1696 (next->wired_count == entry->wired_count)) {
1697 vm_map_entry_unlink(map, next);
1698 entry->end = next->end;
1699 vm_map_entry_dispose(map, next, countp);
1705 * Asserts that the given entry begins at or after the specified address.
1706 * If necessary, it splits the entry into two.
1708 #define vm_map_clip_start(map, entry, startaddr, countp) \
1710 if (startaddr > entry->start) \
1711 _vm_map_clip_start(map, entry, startaddr, countp); \
1715 * This routine is called only when it is known that the entry must be split.
1717 * The map must be exclusively locked.
1720 _vm_map_clip_start(vm_map_t map, vm_map_entry_t entry, vm_offset_t start,
1723 vm_map_entry_t new_entry;
1726 * Split off the front portion -- note that we must insert the new
1727 * entry BEFORE this one, so that this entry has the specified
1731 vm_map_simplify_entry(map, entry, countp);
1734 * If there is no object backing this entry, we might as well create
1735 * one now. If we defer it, an object can get created after the map
1736 * is clipped, and individual objects will be created for the split-up
1737 * map. This is a bit of a hack, but is also about the best place to
1738 * put this improvement.
1740 if (entry->ba.object == NULL && !map->system_map &&
1741 VM_MAP_ENTRY_WITHIN_PARTITION(entry)) {
1742 vm_map_entry_allocate_object(entry);
1745 new_entry = vm_map_entry_create(map, countp);
1746 *new_entry = *entry;
1748 new_entry->end = start;
1749 entry->ba.offset += (start - entry->start);
1750 entry->start = start;
1751 if (new_entry->ba.backing_ba)
1752 atomic_add_long(&new_entry->ba.backing_ba->refs, 1);
1754 vm_map_entry_link(map, new_entry);
1756 switch(entry->maptype) {
1757 case VM_MAPTYPE_NORMAL:
1758 case VM_MAPTYPE_VPAGETABLE:
1759 if (new_entry->ba.object) {
1760 vm_object_hold(new_entry->ba.object);
1761 vm_object_reference_locked(new_entry->ba.object);
1762 vm_object_drop(new_entry->ba.object);
1771 * Asserts that the given entry ends at or before the specified address.
1772 * If necessary, it splits the entry into two.
1774 * The map must be exclusively locked.
1776 #define vm_map_clip_end(map, entry, endaddr, countp) \
1778 if (endaddr < entry->end) \
1779 _vm_map_clip_end(map, entry, endaddr, countp); \
1783 * This routine is called only when it is known that the entry must be split.
1785 * The map must be exclusively locked.
1788 _vm_map_clip_end(vm_map_t map, vm_map_entry_t entry, vm_offset_t end,
1791 vm_map_entry_t new_entry;
1794 * If there is no object backing this entry, we might as well create
1795 * one now. If we defer it, an object can get created after the map
1796 * is clipped, and individual objects will be created for the split-up
1797 * map. This is a bit of a hack, but is also about the best place to
1798 * put this improvement.
1801 if (entry->ba.object == NULL && !map->system_map &&
1802 VM_MAP_ENTRY_WITHIN_PARTITION(entry)) {
1803 vm_map_entry_allocate_object(entry);
1807 * Create a new entry and insert it AFTER the specified entry
1809 new_entry = vm_map_entry_create(map, countp);
1810 *new_entry = *entry;
1812 new_entry->start = entry->end = end;
1813 new_entry->ba.offset += (end - entry->start);
1814 if (new_entry->ba.backing_ba)
1815 atomic_add_long(&new_entry->ba.backing_ba->refs, 1);
1817 vm_map_entry_link(map, new_entry);
1819 switch(entry->maptype) {
1820 case VM_MAPTYPE_NORMAL:
1821 case VM_MAPTYPE_VPAGETABLE:
1822 if (new_entry->ba.object) {
1823 vm_object_hold(new_entry->ba.object);
1824 vm_object_reference_locked(new_entry->ba.object);
1825 vm_object_drop(new_entry->ba.object);
1834 * Asserts that the starting and ending region addresses fall within the
1835 * valid range for the map.
1837 #define VM_MAP_RANGE_CHECK(map, start, end) \
1839 if (start < vm_map_min(map)) \
1840 start = vm_map_min(map); \
1841 if (end > vm_map_max(map)) \
1842 end = vm_map_max(map); \
1848 * Used to block when an in-transition collison occurs. The map
1849 * is unlocked for the sleep and relocked before the return.
1852 vm_map_transition_wait(vm_map_t map, int relock)
1854 tsleep_interlock(map, 0);
1856 tsleep(map, PINTERLOCKED, "vment", 0);
1862 * When we do blocking operations with the map lock held it is
1863 * possible that a clip might have occured on our in-transit entry,
1864 * requiring an adjustment to the entry in our loop. These macros
1865 * help the pageable and clip_range code deal with the case. The
1866 * conditional costs virtually nothing if no clipping has occured.
1869 #define CLIP_CHECK_BACK(entry, save_start) \
1871 while (entry->start != save_start) { \
1872 entry = vm_map_rb_tree_RB_PREV(entry); \
1873 KASSERT(entry, ("bad entry clip")); \
1877 #define CLIP_CHECK_FWD(entry, save_end) \
1879 while (entry->end != save_end) { \
1880 entry = vm_map_rb_tree_RB_NEXT(entry); \
1881 KASSERT(entry, ("bad entry clip")); \
1887 * Clip the specified range and return the base entry. The
1888 * range may cover several entries starting at the returned base
1889 * and the first and last entry in the covering sequence will be
1890 * properly clipped to the requested start and end address.
1892 * If no holes are allowed you should pass the MAP_CLIP_NO_HOLES
1895 * The MAP_ENTRY_IN_TRANSITION flag will be set for the entries
1896 * covered by the requested range.
1898 * The map must be exclusively locked on entry and will remain locked
1899 * on return. If no range exists or the range contains holes and you
1900 * specified that no holes were allowed, NULL will be returned. This
1901 * routine may temporarily unlock the map in order avoid a deadlock when
1906 vm_map_clip_range(vm_map_t map, vm_offset_t start, vm_offset_t end,
1907 int *countp, int flags)
1909 vm_map_entry_t start_entry;
1910 vm_map_entry_t entry;
1911 vm_map_entry_t next;
1914 * Locate the entry and effect initial clipping. The in-transition
1915 * case does not occur very often so do not try to optimize it.
1918 if (vm_map_lookup_entry(map, start, &start_entry) == FALSE)
1920 entry = start_entry;
1921 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1922 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
1923 ++mycpu->gd_cnt.v_intrans_coll;
1924 ++mycpu->gd_cnt.v_intrans_wait;
1925 vm_map_transition_wait(map, 1);
1927 * entry and/or start_entry may have been clipped while
1928 * we slept, or may have gone away entirely. We have
1929 * to restart from the lookup.
1935 * Since we hold an exclusive map lock we do not have to restart
1936 * after clipping, even though clipping may block in zalloc.
1938 vm_map_clip_start(map, entry, start, countp);
1939 vm_map_clip_end(map, entry, end, countp);
1940 entry->eflags |= MAP_ENTRY_IN_TRANSITION;
1943 * Scan entries covered by the range. When working on the next
1944 * entry a restart need only re-loop on the current entry which
1945 * we have already locked, since 'next' may have changed. Also,
1946 * even though entry is safe, it may have been clipped so we
1947 * have to iterate forwards through the clip after sleeping.
1950 next = vm_map_rb_tree_RB_NEXT(entry);
1951 if (next == NULL || next->start >= end)
1953 if (flags & MAP_CLIP_NO_HOLES) {
1954 if (next->start > entry->end) {
1955 vm_map_unclip_range(map, start_entry,
1956 start, entry->end, countp, flags);
1961 if (next->eflags & MAP_ENTRY_IN_TRANSITION) {
1962 vm_offset_t save_end = entry->end;
1963 next->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
1964 ++mycpu->gd_cnt.v_intrans_coll;
1965 ++mycpu->gd_cnt.v_intrans_wait;
1966 vm_map_transition_wait(map, 1);
1969 * clips might have occured while we blocked.
1971 CLIP_CHECK_FWD(entry, save_end);
1972 CLIP_CHECK_BACK(start_entry, start);
1977 * No restart necessary even though clip_end may block, we
1978 * are holding the map lock.
1980 vm_map_clip_end(map, next, end, countp);
1981 next->eflags |= MAP_ENTRY_IN_TRANSITION;
1984 if (flags & MAP_CLIP_NO_HOLES) {
1985 if (entry->end != end) {
1986 vm_map_unclip_range(map, start_entry,
1987 start, entry->end, countp, flags);
1991 return(start_entry);
1995 * Undo the effect of vm_map_clip_range(). You should pass the same
1996 * flags and the same range that you passed to vm_map_clip_range().
1997 * This code will clear the in-transition flag on the entries and
1998 * wake up anyone waiting. This code will also simplify the sequence
1999 * and attempt to merge it with entries before and after the sequence.
2001 * The map must be locked on entry and will remain locked on return.
2003 * Note that you should also pass the start_entry returned by
2004 * vm_map_clip_range(). However, if you block between the two calls
2005 * with the map unlocked please be aware that the start_entry may
2006 * have been clipped and you may need to scan it backwards to find
2007 * the entry corresponding with the original start address. You are
2008 * responsible for this, vm_map_unclip_range() expects the correct
2009 * start_entry to be passed to it and will KASSERT otherwise.
2013 vm_map_unclip_range(vm_map_t map, vm_map_entry_t start_entry,
2014 vm_offset_t start, vm_offset_t end,
2015 int *countp, int flags)
2017 vm_map_entry_t entry;
2019 entry = start_entry;
2021 KASSERT(entry->start == start, ("unclip_range: illegal base entry"));
2022 while (entry && entry->start < end) {
2023 KASSERT(entry->eflags & MAP_ENTRY_IN_TRANSITION,
2024 ("in-transition flag not set during unclip on: %p",
2026 KASSERT(entry->end <= end,
2027 ("unclip_range: tail wasn't clipped"));
2028 entry->eflags &= ~MAP_ENTRY_IN_TRANSITION;
2029 if (entry->eflags & MAP_ENTRY_NEEDS_WAKEUP) {
2030 entry->eflags &= ~MAP_ENTRY_NEEDS_WAKEUP;
2033 entry = vm_map_rb_tree_RB_NEXT(entry);
2037 * Simplification does not block so there is no restart case.
2039 entry = start_entry;
2040 while (entry && entry->start < end) {
2041 vm_map_simplify_entry(map, entry, countp);
2042 entry = vm_map_rb_tree_RB_NEXT(entry);
2047 * Mark the given range as handled by a subordinate map.
2049 * This range must have been created with vm_map_find(), and no other
2050 * operations may have been performed on this range prior to calling
2053 * Submappings cannot be removed.
2058 vm_map_submap(vm_map_t map, vm_offset_t start, vm_offset_t end, vm_map_t submap)
2060 vm_map_entry_t entry;
2061 int result = KERN_INVALID_ARGUMENT;
2064 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2067 VM_MAP_RANGE_CHECK(map, start, end);
2069 if (vm_map_lookup_entry(map, start, &entry)) {
2070 vm_map_clip_start(map, entry, start, &count);
2072 entry = vm_map_rb_tree_RB_NEXT(entry);
2074 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2077 vm_map_clip_end(map, entry, end, &count);
2079 if ((entry->start == start) && (entry->end == end) &&
2080 ((entry->eflags & MAP_ENTRY_COW) == 0) &&
2081 (entry->ba.object == NULL)) {
2082 entry->ba.sub_map = submap;
2083 entry->maptype = VM_MAPTYPE_SUBMAP;
2084 result = KERN_SUCCESS;
2087 vm_map_entry_release(count);
2093 * Sets the protection of the specified address region in the target map.
2094 * If "set_max" is specified, the maximum protection is to be set;
2095 * otherwise, only the current protection is affected.
2097 * The protection is not applicable to submaps, but is applicable to normal
2098 * maps and maps governed by virtual page tables. For example, when operating
2099 * on a virtual page table our protection basically controls how COW occurs
2100 * on the backing object, whereas the virtual page table abstraction itself
2101 * is an abstraction for userland.
2106 vm_map_protect(vm_map_t map, vm_offset_t start, vm_offset_t end,
2107 vm_prot_t new_prot, boolean_t set_max)
2109 vm_map_entry_t current;
2110 vm_map_entry_t entry;
2113 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2116 VM_MAP_RANGE_CHECK(map, start, end);
2118 if (vm_map_lookup_entry(map, start, &entry)) {
2119 vm_map_clip_start(map, entry, start, &count);
2121 entry = vm_map_rb_tree_RB_NEXT(entry);
2123 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2127 * Make a first pass to check for protection violations.
2130 while (current && current->start < end) {
2131 if (current->maptype == VM_MAPTYPE_SUBMAP) {
2133 vm_map_entry_release(count);
2134 return (KERN_INVALID_ARGUMENT);
2136 if ((new_prot & current->max_protection) != new_prot) {
2138 vm_map_entry_release(count);
2139 return (KERN_PROTECTION_FAILURE);
2143 * When making a SHARED+RW file mmap writable, update
2146 if (new_prot & PROT_WRITE &&
2147 (current->eflags & MAP_ENTRY_NEEDS_COPY) == 0 &&
2148 (current->maptype == VM_MAPTYPE_NORMAL ||
2149 current->maptype == VM_MAPTYPE_VPAGETABLE) &&
2150 current->ba.object &&
2151 current->ba.object->type == OBJT_VNODE) {
2154 vp = current->ba.object->handle;
2155 if (vp && vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_NOWAIT) == 0) {
2156 vfs_timestamp(&vp->v_lastwrite_ts);
2157 vsetflags(vp, VLASTWRITETS);
2161 current = vm_map_rb_tree_RB_NEXT(current);
2165 * Go back and fix up protections. [Note that clipping is not
2166 * necessary the second time.]
2170 while (current && current->start < end) {
2173 vm_map_clip_end(map, current, end, &count);
2175 old_prot = current->protection;
2177 current->max_protection = new_prot;
2178 current->protection = new_prot & old_prot;
2180 current->protection = new_prot;
2184 * Update physical map if necessary. Worry about copy-on-write
2185 * here -- CHECK THIS XXX
2187 if (current->protection != old_prot) {
2188 #define MASK(entry) (((entry)->eflags & MAP_ENTRY_COW) ? ~VM_PROT_WRITE : \
2191 pmap_protect(map->pmap, current->start,
2193 current->protection & MASK(current));
2197 vm_map_simplify_entry(map, current, &count);
2199 current = vm_map_rb_tree_RB_NEXT(current);
2202 vm_map_entry_release(count);
2203 return (KERN_SUCCESS);
2207 * This routine traverses a processes map handling the madvise
2208 * system call. Advisories are classified as either those effecting
2209 * the vm_map_entry structure, or those effecting the underlying
2212 * The <value> argument is used for extended madvise calls.
2217 vm_map_madvise(vm_map_t map, vm_offset_t start, vm_offset_t end,
2218 int behav, off_t value)
2220 vm_map_entry_t current, entry;
2226 * Some madvise calls directly modify the vm_map_entry, in which case
2227 * we need to use an exclusive lock on the map and we need to perform
2228 * various clipping operations. Otherwise we only need a read-lock
2231 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2235 case MADV_SEQUENTIAL:
2249 vm_map_lock_read(map);
2252 vm_map_entry_release(count);
2257 * Locate starting entry and clip if necessary.
2260 VM_MAP_RANGE_CHECK(map, start, end);
2262 if (vm_map_lookup_entry(map, start, &entry)) {
2264 vm_map_clip_start(map, entry, start, &count);
2266 entry = vm_map_rb_tree_RB_NEXT(entry);
2268 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2273 * madvise behaviors that are implemented in the vm_map_entry.
2275 * We clip the vm_map_entry so that behavioral changes are
2276 * limited to the specified address range.
2278 for (current = entry;
2279 current && current->start < end;
2280 current = vm_map_rb_tree_RB_NEXT(current)) {
2284 if (current->maptype == VM_MAPTYPE_SUBMAP)
2287 vm_map_clip_end(map, current, end, &count);
2291 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_NORMAL);
2293 case MADV_SEQUENTIAL:
2294 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_SEQUENTIAL);
2297 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_RANDOM);
2300 current->eflags |= MAP_ENTRY_NOSYNC;
2303 current->eflags &= ~MAP_ENTRY_NOSYNC;
2306 current->eflags |= MAP_ENTRY_NOCOREDUMP;
2309 current->eflags &= ~MAP_ENTRY_NOCOREDUMP;
2313 * Set the page directory page for a map
2314 * governed by a virtual page table. Mark
2315 * the entry as being governed by a virtual
2316 * page table if it is not.
2318 * XXX the page directory page is stored
2319 * in the avail_ssize field if the map_entry.
2321 * XXX the map simplification code does not
2322 * compare this field so weird things may
2323 * happen if you do not apply this function
2324 * to the entire mapping governed by the
2325 * virtual page table.
2327 if (current->maptype != VM_MAPTYPE_VPAGETABLE) {
2331 current->aux.master_pde = value;
2332 pmap_remove(map->pmap,
2333 current->start, current->end);
2337 * Invalidate the related pmap entries, used
2338 * to flush portions of the real kernel's
2339 * pmap when the caller has removed or
2340 * modified existing mappings in a virtual
2343 * (exclusive locked map version does not
2344 * need the range interlock).
2346 pmap_remove(map->pmap,
2347 current->start, current->end);
2353 vm_map_simplify_entry(map, current, &count);
2361 * madvise behaviors that are implemented in the underlying
2364 * Since we don't clip the vm_map_entry, we have to clip
2365 * the vm_object pindex and count.
2367 * NOTE! These functions are only supported on normal maps,
2368 * except MADV_INVAL which is also supported on
2369 * virtual page tables.
2371 * NOTE! These functions only apply to the top-most object.
2372 * It is not applicable to backing objects.
2374 for (current = entry;
2375 current && current->start < end;
2376 current = vm_map_rb_tree_RB_NEXT(current)) {
2377 vm_offset_t useStart;
2379 if (current->maptype != VM_MAPTYPE_NORMAL &&
2380 (current->maptype != VM_MAPTYPE_VPAGETABLE ||
2381 behav != MADV_INVAL)) {
2385 pindex = OFF_TO_IDX(current->ba.offset);
2386 delta = atop(current->end - current->start);
2387 useStart = current->start;
2389 if (current->start < start) {
2390 pindex += atop(start - current->start);
2391 delta -= atop(start - current->start);
2394 if (current->end > end)
2395 delta -= atop(current->end - end);
2397 if ((vm_spindex_t)delta <= 0)
2400 if (behav == MADV_INVAL) {
2402 * Invalidate the related pmap entries, used
2403 * to flush portions of the real kernel's
2404 * pmap when the caller has removed or
2405 * modified existing mappings in a virtual
2408 * (shared locked map version needs the
2409 * interlock, see vm_fault()).
2411 struct vm_map_ilock ilock;
2413 KASSERT(useStart >= VM_MIN_USER_ADDRESS &&
2414 useStart + ptoa(delta) <=
2415 VM_MAX_USER_ADDRESS,
2416 ("Bad range %016jx-%016jx (%016jx)",
2417 useStart, useStart + ptoa(delta),
2419 vm_map_interlock(map, &ilock,
2421 useStart + ptoa(delta));
2422 pmap_remove(map->pmap,
2424 useStart + ptoa(delta));
2425 vm_map_deinterlock(map, &ilock);
2427 vm_object_madvise(current->ba.object,
2428 pindex, delta, behav);
2432 * Try to populate the page table. Mappings governed
2433 * by virtual page tables cannot be pre-populated
2434 * without a lot of work so don't try.
2436 if (behav == MADV_WILLNEED &&
2437 current->maptype != VM_MAPTYPE_VPAGETABLE) {
2438 pmap_object_init_pt(
2441 current->protection,
2444 (count << PAGE_SHIFT),
2445 MAP_PREFAULT_MADVISE
2449 vm_map_unlock_read(map);
2451 vm_map_entry_release(count);
2457 * Sets the inheritance of the specified address range in the target map.
2458 * Inheritance affects how the map will be shared with child maps at the
2459 * time of vm_map_fork.
2462 vm_map_inherit(vm_map_t map, vm_offset_t start, vm_offset_t end,
2463 vm_inherit_t new_inheritance)
2465 vm_map_entry_t entry;
2466 vm_map_entry_t temp_entry;
2469 switch (new_inheritance) {
2470 case VM_INHERIT_NONE:
2471 case VM_INHERIT_COPY:
2472 case VM_INHERIT_SHARE:
2475 return (KERN_INVALID_ARGUMENT);
2478 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2481 VM_MAP_RANGE_CHECK(map, start, end);
2483 if (vm_map_lookup_entry(map, start, &temp_entry)) {
2485 vm_map_clip_start(map, entry, start, &count);
2486 } else if (temp_entry) {
2487 entry = vm_map_rb_tree_RB_NEXT(temp_entry);
2489 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2492 while (entry && entry->start < end) {
2493 vm_map_clip_end(map, entry, end, &count);
2495 entry->inheritance = new_inheritance;
2497 vm_map_simplify_entry(map, entry, &count);
2499 entry = vm_map_rb_tree_RB_NEXT(entry);
2502 vm_map_entry_release(count);
2503 return (KERN_SUCCESS);
2507 * Implement the semantics of mlock
2510 vm_map_unwire(vm_map_t map, vm_offset_t start, vm_offset_t real_end,
2511 boolean_t new_pageable)
2513 vm_map_entry_t entry;
2514 vm_map_entry_t start_entry;
2516 int rv = KERN_SUCCESS;
2519 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2521 VM_MAP_RANGE_CHECK(map, start, real_end);
2524 start_entry = vm_map_clip_range(map, start, end, &count,
2526 if (start_entry == NULL) {
2528 vm_map_entry_release(count);
2529 return (KERN_INVALID_ADDRESS);
2532 if (new_pageable == 0) {
2533 entry = start_entry;
2534 while (entry && entry->start < end) {
2535 vm_offset_t save_start;
2536 vm_offset_t save_end;
2539 * Already user wired or hard wired (trivial cases)
2541 if (entry->eflags & MAP_ENTRY_USER_WIRED) {
2542 entry = vm_map_rb_tree_RB_NEXT(entry);
2545 if (entry->wired_count != 0) {
2546 entry->wired_count++;
2547 entry->eflags |= MAP_ENTRY_USER_WIRED;
2548 entry = vm_map_rb_tree_RB_NEXT(entry);
2553 * A new wiring requires instantiation of appropriate
2554 * management structures and the faulting in of the
2557 if (entry->maptype == VM_MAPTYPE_NORMAL ||
2558 entry->maptype == VM_MAPTYPE_VPAGETABLE) {
2559 int copyflag = entry->eflags &
2560 MAP_ENTRY_NEEDS_COPY;
2561 if (copyflag && ((entry->protection &
2562 VM_PROT_WRITE) != 0)) {
2563 vm_map_entry_shadow(entry, 0);
2564 } else if (entry->ba.object == NULL &&
2566 vm_map_entry_allocate_object(entry);
2569 entry->wired_count++;
2570 entry->eflags |= MAP_ENTRY_USER_WIRED;
2573 * Now fault in the area. Note that vm_fault_wire()
2574 * may release the map lock temporarily, it will be
2575 * relocked on return. The in-transition
2576 * flag protects the entries.
2578 save_start = entry->start;
2579 save_end = entry->end;
2580 rv = vm_fault_wire(map, entry, TRUE, 0);
2582 CLIP_CHECK_BACK(entry, save_start);
2584 KASSERT(entry->wired_count == 1, ("bad wired_count on entry"));
2585 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
2586 entry->wired_count = 0;
2587 if (entry->end == save_end)
2589 entry = vm_map_rb_tree_RB_NEXT(entry);
2591 ("bad entry clip during backout"));
2593 end = save_start; /* unwire the rest */
2597 * note that even though the entry might have been
2598 * clipped, the USER_WIRED flag we set prevents
2599 * duplication so we do not have to do a
2602 entry = vm_map_rb_tree_RB_NEXT(entry);
2606 * If we failed fall through to the unwiring section to
2607 * unwire what we had wired so far. 'end' has already
2614 * start_entry might have been clipped if we unlocked the
2615 * map and blocked. No matter how clipped it has gotten
2616 * there should be a fragment that is on our start boundary.
2618 CLIP_CHECK_BACK(start_entry, start);
2622 * Deal with the unwiring case.
2626 * This is the unwiring case. We must first ensure that the
2627 * range to be unwired is really wired down. We know there
2630 entry = start_entry;
2631 while (entry && entry->start < end) {
2632 if ((entry->eflags & MAP_ENTRY_USER_WIRED) == 0) {
2633 rv = KERN_INVALID_ARGUMENT;
2636 KASSERT(entry->wired_count != 0,
2637 ("wired count was 0 with USER_WIRED set! %p",
2639 entry = vm_map_rb_tree_RB_NEXT(entry);
2643 * Now decrement the wiring count for each region. If a region
2644 * becomes completely unwired, unwire its physical pages and
2648 * The map entries are processed in a loop, checking to
2649 * make sure the entry is wired and asserting it has a wired
2650 * count. However, another loop was inserted more-or-less in
2651 * the middle of the unwiring path. This loop picks up the
2652 * "entry" loop variable from the first loop without first
2653 * setting it to start_entry. Naturally, the secound loop
2654 * is never entered and the pages backing the entries are
2655 * never unwired. This can lead to a leak of wired pages.
2657 entry = start_entry;
2658 while (entry && entry->start < end) {
2659 KASSERT(entry->eflags & MAP_ENTRY_USER_WIRED,
2660 ("expected USER_WIRED on entry %p", entry));
2661 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
2662 entry->wired_count--;
2663 if (entry->wired_count == 0)
2664 vm_fault_unwire(map, entry);
2665 entry = vm_map_rb_tree_RB_NEXT(entry);
2669 vm_map_unclip_range(map, start_entry, start, real_end, &count,
2672 vm_map_entry_release(count);
2678 * Sets the pageability of the specified address range in the target map.
2679 * Regions specified as not pageable require locked-down physical
2680 * memory and physical page maps.
2682 * The map must not be locked, but a reference must remain to the map
2683 * throughout the call.
2685 * This function may be called via the zalloc path and must properly
2686 * reserve map entries for kernel_map.
2691 vm_map_wire(vm_map_t map, vm_offset_t start, vm_offset_t real_end, int kmflags)
2693 vm_map_entry_t entry;
2694 vm_map_entry_t start_entry;
2696 int rv = KERN_SUCCESS;
2699 if (kmflags & KM_KRESERVE)
2700 count = vm_map_entry_kreserve(MAP_RESERVE_COUNT);
2702 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2704 VM_MAP_RANGE_CHECK(map, start, real_end);
2707 start_entry = vm_map_clip_range(map, start, end, &count,
2709 if (start_entry == NULL) {
2711 rv = KERN_INVALID_ADDRESS;
2714 if ((kmflags & KM_PAGEABLE) == 0) {
2718 * 1. Holding the write lock, we create any shadow or zero-fill
2719 * objects that need to be created. Then we clip each map
2720 * entry to the region to be wired and increment its wiring
2721 * count. We create objects before clipping the map entries
2722 * to avoid object proliferation.
2724 * 2. We downgrade to a read lock, and call vm_fault_wire to
2725 * fault in the pages for any newly wired area (wired_count is
2728 * Downgrading to a read lock for vm_fault_wire avoids a
2729 * possible deadlock with another process that may have faulted
2730 * on one of the pages to be wired (it would mark the page busy,
2731 * blocking us, then in turn block on the map lock that we
2732 * hold). Because of problems in the recursive lock package,
2733 * we cannot upgrade to a write lock in vm_map_lookup. Thus,
2734 * any actions that require the write lock must be done
2735 * beforehand. Because we keep the read lock on the map, the
2736 * copy-on-write status of the entries we modify here cannot
2739 entry = start_entry;
2740 while (entry && entry->start < end) {
2742 * Trivial case if the entry is already wired
2744 if (entry->wired_count) {
2745 entry->wired_count++;
2746 entry = vm_map_rb_tree_RB_NEXT(entry);
2751 * The entry is being newly wired, we have to setup
2752 * appropriate management structures. A shadow
2753 * object is required for a copy-on-write region,
2754 * or a normal object for a zero-fill region. We
2755 * do not have to do this for entries that point to sub
2756 * maps because we won't hold the lock on the sub map.
2758 if (entry->maptype == VM_MAPTYPE_NORMAL ||
2759 entry->maptype == VM_MAPTYPE_VPAGETABLE) {
2760 int copyflag = entry->eflags &
2761 MAP_ENTRY_NEEDS_COPY;
2762 if (copyflag && ((entry->protection &
2763 VM_PROT_WRITE) != 0)) {
2764 vm_map_entry_shadow(entry, 0);
2765 } else if (entry->ba.object == NULL &&
2767 vm_map_entry_allocate_object(entry);
2770 entry->wired_count++;
2771 entry = vm_map_rb_tree_RB_NEXT(entry);
2779 * HACK HACK HACK HACK
2781 * vm_fault_wire() temporarily unlocks the map to avoid
2782 * deadlocks. The in-transition flag from vm_map_clip_range
2783 * call should protect us from changes while the map is
2786 * NOTE: Previously this comment stated that clipping might
2787 * still occur while the entry is unlocked, but from
2788 * what I can tell it actually cannot.
2790 * It is unclear whether the CLIP_CHECK_*() calls
2791 * are still needed but we keep them in anyway.
2793 * HACK HACK HACK HACK
2796 entry = start_entry;
2797 while (entry && entry->start < end) {
2799 * If vm_fault_wire fails for any page we need to undo
2800 * what has been done. We decrement the wiring count
2801 * for those pages which have not yet been wired (now)
2802 * and unwire those that have (later).
2804 vm_offset_t save_start = entry->start;
2805 vm_offset_t save_end = entry->end;
2807 if (entry->wired_count == 1)
2808 rv = vm_fault_wire(map, entry, FALSE, kmflags);
2810 CLIP_CHECK_BACK(entry, save_start);
2812 KASSERT(entry->wired_count == 1,
2813 ("wired_count changed unexpectedly"));
2814 entry->wired_count = 0;
2815 if (entry->end == save_end)
2817 entry = vm_map_rb_tree_RB_NEXT(entry);
2819 ("bad entry clip during backout"));
2824 CLIP_CHECK_FWD(entry, save_end);
2825 entry = vm_map_rb_tree_RB_NEXT(entry);
2829 * If a failure occured undo everything by falling through
2830 * to the unwiring code. 'end' has already been adjusted
2834 kmflags |= KM_PAGEABLE;
2837 * start_entry is still IN_TRANSITION but may have been
2838 * clipped since vm_fault_wire() unlocks and relocks the
2839 * map. No matter how clipped it has gotten there should
2840 * be a fragment that is on our start boundary.
2842 CLIP_CHECK_BACK(start_entry, start);
2845 if (kmflags & KM_PAGEABLE) {
2847 * This is the unwiring case. We must first ensure that the
2848 * range to be unwired is really wired down. We know there
2851 entry = start_entry;
2852 while (entry && entry->start < end) {
2853 if (entry->wired_count == 0) {
2854 rv = KERN_INVALID_ARGUMENT;
2857 entry = vm_map_rb_tree_RB_NEXT(entry);
2861 * Now decrement the wiring count for each region. If a region
2862 * becomes completely unwired, unwire its physical pages and
2865 entry = start_entry;
2866 while (entry && entry->start < end) {
2867 entry->wired_count--;
2868 if (entry->wired_count == 0)
2869 vm_fault_unwire(map, entry);
2870 entry = vm_map_rb_tree_RB_NEXT(entry);
2874 vm_map_unclip_range(map, start_entry, start, real_end,
2875 &count, MAP_CLIP_NO_HOLES);
2878 if (kmflags & KM_KRESERVE)
2879 vm_map_entry_krelease(count);
2881 vm_map_entry_release(count);
2886 * Mark a newly allocated address range as wired but do not fault in
2887 * the pages. The caller is expected to load the pages into the object.
2889 * The map must be locked on entry and will remain locked on return.
2890 * No other requirements.
2893 vm_map_set_wired_quick(vm_map_t map, vm_offset_t addr, vm_size_t size,
2896 vm_map_entry_t scan;
2897 vm_map_entry_t entry;
2899 entry = vm_map_clip_range(map, addr, addr + size,
2900 countp, MAP_CLIP_NO_HOLES);
2902 while (scan && scan->start < addr + size) {
2903 KKASSERT(scan->wired_count == 0);
2904 scan->wired_count = 1;
2905 scan = vm_map_rb_tree_RB_NEXT(scan);
2907 vm_map_unclip_range(map, entry, addr, addr + size,
2908 countp, MAP_CLIP_NO_HOLES);
2912 * Push any dirty cached pages in the address range to their pager.
2913 * If syncio is TRUE, dirty pages are written synchronously.
2914 * If invalidate is TRUE, any cached pages are freed as well.
2916 * This routine is called by sys_msync()
2918 * Returns an error if any part of the specified range is not mapped.
2923 vm_map_clean(vm_map_t map, vm_offset_t start, vm_offset_t end,
2924 boolean_t syncio, boolean_t invalidate)
2926 vm_map_entry_t current;
2927 vm_map_entry_t next;
2928 vm_map_entry_t entry;
2929 vm_map_backing_t ba;
2932 vm_ooffset_t offset;
2934 vm_map_lock_read(map);
2935 VM_MAP_RANGE_CHECK(map, start, end);
2936 if (!vm_map_lookup_entry(map, start, &entry)) {
2937 vm_map_unlock_read(map);
2938 return (KERN_INVALID_ADDRESS);
2940 lwkt_gettoken(&map->token);
2943 * Make a first pass to check for holes.
2946 while (current && current->start < end) {
2947 if (current->maptype == VM_MAPTYPE_SUBMAP) {
2948 lwkt_reltoken(&map->token);
2949 vm_map_unlock_read(map);
2950 return (KERN_INVALID_ARGUMENT);
2952 next = vm_map_rb_tree_RB_NEXT(current);
2953 if (end > current->end &&
2955 current->end != next->start)) {
2956 lwkt_reltoken(&map->token);
2957 vm_map_unlock_read(map);
2958 return (KERN_INVALID_ADDRESS);
2964 pmap_remove(vm_map_pmap(map), start, end);
2967 * Make a second pass, cleaning/uncaching pages from the indicated
2971 while (current && current->start < end) {
2972 offset = current->ba.offset + (start - current->start);
2973 size = (end <= current->end ? end : current->end) - start;
2975 switch(current->maptype) {
2976 case VM_MAPTYPE_SUBMAP:
2979 vm_map_entry_t tentry;
2982 smap = current->ba.sub_map;
2983 vm_map_lock_read(smap);
2984 vm_map_lookup_entry(smap, offset, &tentry);
2985 if (tentry == NULL) {
2986 tsize = vm_map_max(smap) - offset;
2988 offset = 0 + (offset - vm_map_min(smap));
2990 tsize = tentry->end - offset;
2992 offset = tentry->ba.offset +
2993 (offset - tentry->start);
2995 vm_map_unlock_read(smap);
3000 case VM_MAPTYPE_NORMAL:
3001 case VM_MAPTYPE_VPAGETABLE:
3009 object = ba->object;
3011 vm_object_hold(object);
3017 * Note that there is absolutely no sense in writing out
3018 * anonymous objects, so we track down the vnode object
3020 * We invalidate (remove) all pages from the address space
3021 * anyway, for semantic correctness.
3023 * note: certain anonymous maps, such as MAP_NOSYNC maps,
3024 * may start out with a NULL object.
3026 * XXX do we really want to stop at the first backing store
3027 * here if there are more? XXX
3033 while (ba->backing_ba != NULL) {
3034 ba = ba->backing_ba;
3035 offset += ba->offset;
3037 if (tobj->size < OFF_TO_IDX(offset + size))
3038 size = IDX_TO_OFF(tobj->size) - offset;
3039 break; /* XXX this break is not correct */
3041 if (object != tobj) {
3043 vm_object_drop(object);
3045 vm_object_hold(object);
3049 if (object && (object->type == OBJT_VNODE) &&
3050 (current->protection & VM_PROT_WRITE) &&
3051 (object->flags & OBJ_NOMSYNC) == 0) {
3053 * Flush pages if writing is allowed, invalidate them
3054 * if invalidation requested. Pages undergoing I/O
3055 * will be ignored by vm_object_page_remove().
3057 * We cannot lock the vnode and then wait for paging
3058 * to complete without deadlocking against vm_fault.
3059 * Instead we simply call vm_object_page_remove() and
3060 * allow it to block internally on a page-by-page
3061 * basis when it encounters pages undergoing async
3066 /* no chain wait needed for vnode objects */
3067 vm_object_reference_locked(object);
3068 vn_lock(object->handle, LK_EXCLUSIVE | LK_RETRY);
3069 flags = (syncio || invalidate) ? OBJPC_SYNC : 0;
3070 flags |= invalidate ? OBJPC_INVAL : 0;
3073 * When operating on a virtual page table just
3074 * flush the whole object. XXX we probably ought
3077 switch(current->maptype) {
3078 case VM_MAPTYPE_NORMAL:
3079 vm_object_page_clean(object,
3081 OFF_TO_IDX(offset + size + PAGE_MASK),
3084 case VM_MAPTYPE_VPAGETABLE:
3085 vm_object_page_clean(object, 0, 0, flags);
3088 vn_unlock(((struct vnode *)object->handle));
3089 vm_object_deallocate_locked(object);
3091 if (object && invalidate &&
3092 ((object->type == OBJT_VNODE) ||
3093 (object->type == OBJT_DEVICE) ||
3094 (object->type == OBJT_MGTDEVICE))) {
3096 ((object->type == OBJT_DEVICE) ||
3097 (object->type == OBJT_MGTDEVICE)) ? FALSE : TRUE;
3098 /* no chain wait needed for vnode/device objects */
3099 vm_object_reference_locked(object);
3100 switch(current->maptype) {
3101 case VM_MAPTYPE_NORMAL:
3102 vm_object_page_remove(object,
3104 OFF_TO_IDX(offset + size + PAGE_MASK),
3107 case VM_MAPTYPE_VPAGETABLE:
3108 vm_object_page_remove(object, 0, 0, clean_only);
3111 vm_object_deallocate_locked(object);
3115 vm_object_drop(object);
3116 current = vm_map_rb_tree_RB_NEXT(current);
3119 lwkt_reltoken(&map->token);
3120 vm_map_unlock_read(map);
3122 return (KERN_SUCCESS);
3126 * Make the region specified by this entry pageable.
3128 * The vm_map must be exclusively locked.
3131 vm_map_entry_unwire(vm_map_t map, vm_map_entry_t entry)
3133 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3134 entry->wired_count = 0;
3135 vm_fault_unwire(map, entry);
3139 * Deallocate the given entry from the target map.
3141 * The vm_map must be exclusively locked.
3144 vm_map_entry_delete(vm_map_t map, vm_map_entry_t entry, int *countp)
3146 vm_map_entry_unlink(map, entry);
3147 map->size -= entry->end - entry->start;
3148 vm_map_entry_dispose(map, entry, countp);
3152 * Deallocates the given address range from the target map.
3154 * The vm_map must be exclusively locked.
3157 vm_map_delete(vm_map_t map, vm_offset_t start, vm_offset_t end, int *countp)
3160 vm_map_entry_t entry;
3161 vm_map_entry_t first_entry;
3162 vm_offset_t hole_start;
3164 ASSERT_VM_MAP_LOCKED(map);
3165 lwkt_gettoken(&map->token);
3168 * Find the start of the region, and clip it. Set entry to point
3169 * at the first record containing the requested address or, if no
3170 * such record exists, the next record with a greater address. The
3171 * loop will run from this point until a record beyond the termination
3172 * address is encountered.
3174 * Adjust freehint[] for either the clip case or the extension case.
3176 * GGG see other GGG comment.
3178 if (vm_map_lookup_entry(map, start, &first_entry)) {
3179 entry = first_entry;
3180 vm_map_clip_start(map, entry, start, countp);
3184 entry = vm_map_rb_tree_RB_NEXT(first_entry);
3186 hole_start = first_entry->start;
3188 hole_start = first_entry->end;
3190 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
3192 hole_start = vm_map_min(map);
3194 hole_start = vm_map_max(map);
3199 * Step through all entries in this region
3201 while (entry && entry->start < end) {
3202 vm_map_entry_t next;
3204 vm_pindex_t offidxstart, offidxend, count;
3207 * If we hit an in-transition entry we have to sleep and
3208 * retry. It's easier (and not really slower) to just retry
3209 * since this case occurs so rarely and the hint is already
3210 * pointing at the right place. We have to reset the
3211 * start offset so as not to accidently delete an entry
3212 * another process just created in vacated space.
3214 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
3215 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
3216 start = entry->start;
3217 ++mycpu->gd_cnt.v_intrans_coll;
3218 ++mycpu->gd_cnt.v_intrans_wait;
3219 vm_map_transition_wait(map, 1);
3222 vm_map_clip_end(map, entry, end, countp);
3226 next = vm_map_rb_tree_RB_NEXT(entry);
3228 offidxstart = OFF_TO_IDX(entry->ba.offset);
3229 count = OFF_TO_IDX(e - s);
3231 switch(entry->maptype) {
3232 case VM_MAPTYPE_NORMAL:
3233 case VM_MAPTYPE_VPAGETABLE:
3234 case VM_MAPTYPE_SUBMAP:
3235 object = entry->ba.object;
3243 * Unwire before removing addresses from the pmap; otherwise,
3244 * unwiring will put the entries back in the pmap.
3246 * Generally speaking, doing a bulk pmap_remove() before
3247 * removing the pages from the VM object is better at
3248 * reducing unnecessary IPIs. The pmap code is now optimized
3249 * to not blindly iterate the range when pt and pd pages
3252 if (entry->wired_count != 0)
3253 vm_map_entry_unwire(map, entry);
3255 offidxend = offidxstart + count;
3257 if (object == &kernel_object) {
3258 pmap_remove(map->pmap, s, e);
3259 vm_object_hold(object);
3260 vm_object_page_remove(object, offidxstart,
3262 vm_object_drop(object);
3263 } else if (object && object->type != OBJT_DEFAULT &&
3264 object->type != OBJT_SWAP) {
3266 * vnode object routines cannot be chain-locked,
3267 * but since we aren't removing pages from the
3268 * object here we can use a shared hold.
3270 vm_object_hold_shared(object);
3271 pmap_remove(map->pmap, s, e);
3272 vm_object_drop(object);
3273 } else if (object) {
3274 vm_object_hold(object);
3275 pmap_remove(map->pmap, s, e);
3277 if (object != NULL &&
3278 object->ref_count != 1 &&
3279 (object->flags & (OBJ_NOSPLIT|OBJ_ONEMAPPING)) ==
3281 (object->type == OBJT_DEFAULT ||
3282 object->type == OBJT_SWAP)) {
3284 * When ONEMAPPING is set we can destroy the
3285 * pages underlying the entry's range.
3287 /*vm_object_collapse(object, NULL);*/
3288 vm_object_page_remove(object, offidxstart,
3290 if (object->type == OBJT_SWAP) {
3291 swap_pager_freespace(object,
3295 if (offidxend >= object->size &&
3296 offidxstart < object->size) {
3297 object->size = offidxstart;
3300 vm_object_drop(object);
3301 } else if (entry->maptype == VM_MAPTYPE_UKSMAP) {
3302 pmap_remove(map->pmap, s, e);
3306 * Delete the entry (which may delete the object) only after
3307 * removing all pmap entries pointing to its pages.
3308 * (Otherwise, its page frames may be reallocated, and any
3309 * modify bits will be set in the wrong object!)
3311 vm_map_entry_delete(map, entry, countp);
3316 * We either reached the end and use vm_map_max as the end
3317 * address, or we didn't and we use the next entry as the
3320 if (entry == NULL) {
3321 vm_map_freehint_hole(map, hole_start,
3322 vm_map_max(map) - hole_start);
3324 vm_map_freehint_hole(map, hole_start,
3325 entry->start - hole_start);
3328 lwkt_reltoken(&map->token);
3330 return (KERN_SUCCESS);
3334 * Remove the given address range from the target map.
3335 * This is the exported form of vm_map_delete.
3340 vm_map_remove(vm_map_t map, vm_offset_t start, vm_offset_t end)
3345 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
3347 VM_MAP_RANGE_CHECK(map, start, end);
3348 result = vm_map_delete(map, start, end, &count);
3350 vm_map_entry_release(count);
3356 * Assert that the target map allows the specified privilege on the
3357 * entire address region given. The entire region must be allocated.
3359 * The caller must specify whether the vm_map is already locked or not.
3362 vm_map_check_protection(vm_map_t map, vm_offset_t start, vm_offset_t end,
3363 vm_prot_t protection, boolean_t have_lock)
3365 vm_map_entry_t entry;
3366 vm_map_entry_t tmp_entry;
3369 if (have_lock == FALSE)
3370 vm_map_lock_read(map);
3372 if (!vm_map_lookup_entry(map, start, &tmp_entry)) {
3373 if (have_lock == FALSE)
3374 vm_map_unlock_read(map);
3380 while (start < end) {
3381 if (entry == NULL) {
3390 if (start < entry->start) {
3395 * Check protection associated with entry.
3398 if ((entry->protection & protection) != protection) {
3402 /* go to next entry */
3404 entry = vm_map_rb_tree_RB_NEXT(entry);
3406 if (have_lock == FALSE)
3407 vm_map_unlock_read(map);
3412 * Handles the dirty work of making src_entry and dst_entry copy-on-write
3413 * after src_entry has been cloned to dst_entry.
3415 * The vm_maps must be exclusively locked.
3416 * The vm_map's token must be held.
3418 * Because the maps are locked no faults can be in progress during the
3422 vm_map_copy_entry(vm_map_t src_map, vm_map_t dst_map,
3423 vm_map_entry_t src_entry, vm_map_entry_t dst_entry)
3425 vm_object_t src_object;
3428 * Nothing to do for special map types
3430 if (dst_entry->maptype == VM_MAPTYPE_SUBMAP ||
3431 dst_entry->maptype == VM_MAPTYPE_UKSMAP) {
3434 if (src_entry->maptype == VM_MAPTYPE_SUBMAP ||
3435 src_entry->maptype == VM_MAPTYPE_UKSMAP) {
3439 if (src_entry->wired_count) {
3441 * Of course, wired down pages can't be set copy-on-write.
3442 * Cause wired pages to be copied into the new map by
3443 * simulating faults (the new pages are pageable)
3445 * Scrap ba.object (its ref-count has not yet been adjusted
3446 * so we can just NULL out the field). Remove the backing
3449 * Then call vm_fault_copy_entry() to create a new object
3450 * in dst_entry and copy the wired pages from src to dst.
3452 dst_entry->ba.object = NULL;
3453 vm_map_entry_dispose_ba(dst_entry->ba.backing_ba);
3454 dst_entry->ba.backing_ba = NULL;
3455 dst_entry->ba.backing_count = 0;
3456 vm_fault_copy_entry(dst_map, src_map, dst_entry, src_entry);
3458 if ((src_entry->eflags & MAP_ENTRY_NEEDS_COPY) == 0) {
3460 * If the source entry is not already marked NEEDS_COPY
3461 * we need to write-protect the PTEs.
3463 pmap_protect(src_map->pmap,
3466 src_entry->protection & ~VM_PROT_WRITE);
3470 * dst_entry.ba_object might be stale. Update it (its
3471 * ref-count has not yet been updated so just overwrite
3474 * If there is no object then we are golden. Also, in
3475 * this situation if there are no backing_ba linkages then
3476 * we can set ba.offset to 0 for debugging convenience.
3478 * ba.offset cannot otherwise be modified because it effects
3479 * the offsets for the entire backing_ba chain.
3481 src_object = src_entry->ba.object;
3484 vm_object_hold(src_object); /* for ref & flag clr */
3485 vm_object_reference_locked(src_object);
3486 vm_object_clear_flag(src_object, OBJ_ONEMAPPING);
3488 src_entry->eflags |= (MAP_ENTRY_COW |
3489 MAP_ENTRY_NEEDS_COPY);
3490 dst_entry->eflags |= (MAP_ENTRY_COW |
3491 MAP_ENTRY_NEEDS_COPY);
3492 KKASSERT(dst_entry->ba.offset == src_entry->ba.offset);
3493 vm_object_drop(src_object);
3495 if (dst_entry->ba.backing_ba == NULL)
3496 dst_entry->ba.offset = 0;
3500 * Normal, allow the backing_ba link depth to
3503 pmap_copy(dst_map->pmap, src_map->pmap,
3505 dst_entry->end - dst_entry->start,
3512 * Create a new process vmspace structure and vm_map
3513 * based on those of an existing process. The new map
3514 * is based on the old map, according to the inheritance
3515 * values on the regions in that map.
3517 * The source map must not be locked.
3520 static void vmspace_fork_normal_entry(vm_map_t old_map, vm_map_t new_map,
3521 vm_map_entry_t old_entry, int *countp);
3522 static void vmspace_fork_uksmap_entry(vm_map_t old_map, vm_map_t new_map,
3523 vm_map_entry_t old_entry, int *countp);
3526 vmspace_fork(struct vmspace *vm1)
3528 struct vmspace *vm2;
3529 vm_map_t old_map = &vm1->vm_map;
3531 vm_map_entry_t old_entry;
3534 lwkt_gettoken(&vm1->vm_map.token);
3535 vm_map_lock(old_map);
3537 vm2 = vmspace_alloc(vm_map_min(old_map), vm_map_max(old_map));
3538 lwkt_gettoken(&vm2->vm_map.token);
3541 * We must bump the timestamp to force any concurrent fault
3544 bcopy(&vm1->vm_startcopy, &vm2->vm_startcopy,
3545 (caddr_t)&vm1->vm_endcopy - (caddr_t)&vm1->vm_startcopy);
3546 new_map = &vm2->vm_map; /* XXX */
3547 new_map->timestamp = 1;
3549 vm_map_lock(new_map);
3551 count = old_map->nentries;
3552 count = vm_map_entry_reserve(count + MAP_RESERVE_COUNT);
3554 RB_FOREACH(old_entry, vm_map_rb_tree, &old_map->rb_root) {
3555 switch(old_entry->maptype) {
3556 case VM_MAPTYPE_SUBMAP:
3557 panic("vm_map_fork: encountered a submap");
3559 case VM_MAPTYPE_UKSMAP:
3560 vmspace_fork_uksmap_entry(old_map, new_map,
3563 case VM_MAPTYPE_NORMAL:
3564 case VM_MAPTYPE_VPAGETABLE:
3565 vmspace_fork_normal_entry(old_map, new_map,
3571 new_map->size = old_map->size;
3572 vm_map_unlock(new_map);
3573 vm_map_unlock(old_map);
3574 vm_map_entry_release(count);
3576 lwkt_reltoken(&vm2->vm_map.token);
3577 lwkt_reltoken(&vm1->vm_map.token);
3584 vmspace_fork_normal_entry(vm_map_t old_map, vm_map_t new_map,
3585 vm_map_entry_t old_entry, int *countp)
3587 vm_map_entry_t new_entry;
3590 switch (old_entry->inheritance) {
3591 case VM_INHERIT_NONE:
3593 case VM_INHERIT_SHARE:
3595 * Clone the entry as a shared entry. This will look like
3596 * shared memory across the old and the new process. We must
3597 * ensure that the object is allocated.
3599 if (old_entry->ba.object == NULL)
3600 vm_map_entry_allocate_object(old_entry);
3602 if (old_entry->eflags & MAP_ENTRY_NEEDS_COPY) {
3604 * Create the fronting vm_map_backing for
3605 * an entry which needs a copy, plus an extra
3606 * ref because we are going to duplicate it
3609 * The call to vm_map_entry_shadow() will also clear
3612 * XXX no more collapse. Still need extra ref
3615 vm_map_entry_shadow(old_entry, 1);
3616 } else if (old_entry->ba.object) {
3618 * We will make a shared copy of the object,
3619 * and must clear OBJ_ONEMAPPING.
3621 * Optimize vnode objects. OBJ_ONEMAPPING
3622 * is non-applicable but clear it anyway,
3623 * and its terminal so we don't have to deal
3624 * with chains. Reduces SMP conflicts.
3626 * XXX assert that object.vm_object != NULL
3627 * since we allocate it above.
3629 object = old_entry->ba.object;
3630 if (object->type == OBJT_VNODE) {
3631 vm_object_reference_quick(object);
3632 vm_object_clear_flag(object,
3635 vm_object_hold(object);
3636 vm_object_reference_locked(object);
3637 vm_object_clear_flag(object, OBJ_ONEMAPPING);
3638 vm_object_drop(object);
3643 * Clone the entry. We've already bumped the ref on
3644 * the vm_object for our new entry.
3646 new_entry = vm_map_entry_create(new_map, countp);
3647 *new_entry = *old_entry;
3649 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3650 new_entry->wired_count = 0;
3651 if (new_entry->ba.backing_ba)
3652 atomic_add_long(&new_entry->ba.backing_ba->refs, 1);
3655 * Insert the entry into the new map -- we know we're
3656 * inserting at the end of the new map.
3658 vm_map_entry_link(new_map, new_entry);
3661 * Update the physical map
3663 pmap_copy(new_map->pmap, old_map->pmap,
3665 (old_entry->end - old_entry->start),
3668 case VM_INHERIT_COPY:
3670 * Clone the entry and link the copy into the new map.
3672 * Note that ref-counting adjustment for old_entry->ba.object
3673 * (if it isn't a special map that is) is handled by
3674 * vm_map_copy_entry().
3676 new_entry = vm_map_entry_create(new_map, countp);
3677 *new_entry = *old_entry;
3679 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3680 new_entry->wired_count = 0;
3681 if (new_entry->ba.backing_ba)
3682 atomic_add_long(&new_entry->ba.backing_ba->refs, 1);
3684 vm_map_entry_link(new_map, new_entry);
3687 * This does the actual dirty work of making both entries
3688 * copy-on-write, and will also handle the fronting object.
3690 vm_map_copy_entry(old_map, new_map, old_entry, new_entry);
3696 * When forking user-kernel shared maps, the map might change in the
3697 * child so do not try to copy the underlying pmap entries.
3701 vmspace_fork_uksmap_entry(vm_map_t old_map, vm_map_t new_map,
3702 vm_map_entry_t old_entry, int *countp)
3704 vm_map_entry_t new_entry;
3706 new_entry = vm_map_entry_create(new_map, countp);
3707 *new_entry = *old_entry;
3709 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3710 new_entry->wired_count = 0;
3711 if (new_entry->ba.backing_ba)
3712 atomic_add_long(&new_entry->ba.backing_ba->refs, 1);
3714 vm_map_entry_link(new_map, new_entry);
3718 * Create an auto-grow stack entry
3723 vm_map_stack (vm_map_t map, vm_offset_t *addrbos, vm_size_t max_ssize,
3724 int flags, vm_prot_t prot, vm_prot_t max, int cow)
3726 vm_map_entry_t prev_entry;
3727 vm_map_entry_t next;
3728 vm_size_t init_ssize;
3731 vm_offset_t tmpaddr;
3733 cow |= MAP_IS_STACK;
3735 if (max_ssize < sgrowsiz)
3736 init_ssize = max_ssize;
3738 init_ssize = sgrowsiz;
3740 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
3744 * Find space for the mapping
3746 if ((flags & (MAP_FIXED | MAP_TRYFIXED)) == 0) {
3747 if (vm_map_findspace(map, *addrbos, max_ssize, 1,
3750 vm_map_entry_release(count);
3751 return (KERN_NO_SPACE);
3756 /* If addr is already mapped, no go */
3757 if (vm_map_lookup_entry(map, *addrbos, &prev_entry)) {
3759 vm_map_entry_release(count);
3760 return (KERN_NO_SPACE);
3764 /* XXX already handled by kern_mmap() */
3765 /* If we would blow our VMEM resource limit, no go */
3766 if (map->size + init_ssize >
3767 curproc->p_rlimit[RLIMIT_VMEM].rlim_cur) {
3769 vm_map_entry_release(count);
3770 return (KERN_NO_SPACE);
3775 * If we can't accomodate max_ssize in the current mapping,
3776 * no go. However, we need to be aware that subsequent user
3777 * mappings might map into the space we have reserved for
3778 * stack, and currently this space is not protected.
3780 * Hopefully we will at least detect this condition
3781 * when we try to grow the stack.
3784 next = vm_map_rb_tree_RB_NEXT(prev_entry);
3786 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
3788 if (next && next->start < *addrbos + max_ssize) {
3790 vm_map_entry_release(count);
3791 return (KERN_NO_SPACE);
3795 * We initially map a stack of only init_ssize. We will
3796 * grow as needed later. Since this is to be a grow
3797 * down stack, we map at the top of the range.
3799 * Note: we would normally expect prot and max to be
3800 * VM_PROT_ALL, and cow to be 0. Possibly we should
3801 * eliminate these as input parameters, and just
3802 * pass these values here in the insert call.
3804 rv = vm_map_insert(map, &count, NULL, NULL,
3805 0, *addrbos + max_ssize - init_ssize,
3806 *addrbos + max_ssize,
3808 VM_SUBSYS_STACK, prot, max, cow);
3810 /* Now set the avail_ssize amount */
3811 if (rv == KERN_SUCCESS) {
3813 next = vm_map_rb_tree_RB_NEXT(prev_entry);
3815 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
3816 if (prev_entry != NULL) {
3817 vm_map_clip_end(map,
3819 *addrbos + max_ssize - init_ssize,
3822 if (next->end != *addrbos + max_ssize ||
3823 next->start != *addrbos + max_ssize - init_ssize){
3824 panic ("Bad entry start/end for new stack entry");
3826 next->aux.avail_ssize = max_ssize - init_ssize;
3831 vm_map_entry_release(count);
3836 * Attempts to grow a vm stack entry. Returns KERN_SUCCESS if the
3837 * desired address is already mapped, or if we successfully grow
3838 * the stack. Also returns KERN_SUCCESS if addr is outside the
3839 * stack range (this is strange, but preserves compatibility with
3840 * the grow function in vm_machdep.c).
3845 vm_map_growstack (vm_map_t map, vm_offset_t addr)
3847 vm_map_entry_t prev_entry;
3848 vm_map_entry_t stack_entry;
3849 vm_map_entry_t next;
3855 int rv = KERN_SUCCESS;
3857 int use_read_lock = 1;
3863 lp = curthread->td_lwp;
3864 p = curthread->td_proc;
3865 KKASSERT(lp != NULL);
3866 vm = lp->lwp_vmspace;
3869 * Growstack is only allowed on the current process. We disallow
3870 * other use cases, e.g. trying to access memory via procfs that
3871 * the stack hasn't grown into.
3873 if (map != &vm->vm_map) {
3874 return KERN_FAILURE;
3877 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
3880 vm_map_lock_read(map);
3885 * If addr is already in the entry range, no need to grow.
3886 * prev_entry returns NULL if addr is at the head.
3888 if (vm_map_lookup_entry(map, addr, &prev_entry))
3891 stack_entry = vm_map_rb_tree_RB_NEXT(prev_entry);
3893 stack_entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
3895 if (stack_entry == NULL)
3897 if (prev_entry == NULL)
3898 end = stack_entry->start - stack_entry->aux.avail_ssize;
3900 end = prev_entry->end;
3903 * This next test mimics the old grow function in vm_machdep.c.
3904 * It really doesn't quite make sense, but we do it anyway
3905 * for compatibility.
3907 * If not growable stack, return success. This signals the
3908 * caller to proceed as he would normally with normal vm.
3910 if (stack_entry->aux.avail_ssize < 1 ||
3911 addr >= stack_entry->start ||
3912 addr < stack_entry->start - stack_entry->aux.avail_ssize) {
3916 /* Find the minimum grow amount */
3917 grow_amount = roundup (stack_entry->start - addr, PAGE_SIZE);
3918 if (grow_amount > stack_entry->aux.avail_ssize) {
3924 * If there is no longer enough space between the entries
3925 * nogo, and adjust the available space. Note: this
3926 * should only happen if the user has mapped into the
3927 * stack area after the stack was created, and is
3928 * probably an error.
3930 * This also effectively destroys any guard page the user
3931 * might have intended by limiting the stack size.
3933 if (grow_amount > stack_entry->start - end) {
3934 if (use_read_lock && vm_map_lock_upgrade(map)) {
3940 stack_entry->aux.avail_ssize = stack_entry->start - end;
3945 is_procstack = addr >= (vm_offset_t)vm->vm_maxsaddr;
3947 /* If this is the main process stack, see if we're over the
3950 if (is_procstack && (vm->vm_ssize + grow_amount >
3951 p->p_rlimit[RLIMIT_STACK].rlim_cur)) {
3956 /* Round up the grow amount modulo SGROWSIZ */
3957 grow_amount = roundup (grow_amount, sgrowsiz);
3958 if (grow_amount > stack_entry->aux.avail_ssize) {
3959 grow_amount = stack_entry->aux.avail_ssize;
3961 if (is_procstack && (vm->vm_ssize + grow_amount >
3962 p->p_rlimit[RLIMIT_STACK].rlim_cur)) {
3963 grow_amount = p->p_rlimit[RLIMIT_STACK].rlim_cur - vm->vm_ssize;
3966 /* If we would blow our VMEM resource limit, no go */
3967 if (map->size + grow_amount > p->p_rlimit[RLIMIT_VMEM].rlim_cur) {
3972 if (use_read_lock && vm_map_lock_upgrade(map)) {
3979 /* Get the preliminary new entry start value */
3980 addr = stack_entry->start - grow_amount;
3982 /* If this puts us into the previous entry, cut back our growth
3983 * to the available space. Also, see the note above.
3986 stack_entry->aux.avail_ssize = stack_entry->start - end;
3990 rv = vm_map_insert(map, &count, NULL, NULL,
3991 0, addr, stack_entry->start,
3993 VM_SUBSYS_STACK, VM_PROT_ALL, VM_PROT_ALL, 0);
3995 /* Adjust the available stack space by the amount we grew. */
3996 if (rv == KERN_SUCCESS) {
3998 vm_map_clip_end(map, prev_entry, addr, &count);
3999 next = vm_map_rb_tree_RB_NEXT(prev_entry);
4001 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
4003 if (next->end != stack_entry->start ||
4004 next->start != addr) {
4005 panic ("Bad stack grow start/end in new stack entry");
4007 next->aux.avail_ssize =
4008 stack_entry->aux.avail_ssize -
4009 (next->end - next->start);
4011 vm->vm_ssize += next->end -
4016 if (map->flags & MAP_WIREFUTURE)
4017 vm_map_unwire(map, next->start, next->end, FALSE);
4022 vm_map_unlock_read(map);
4025 vm_map_entry_release(count);
4030 * Unshare the specified VM space for exec. If other processes are
4031 * mapped to it, then create a new one. The new vmspace is null.
4036 vmspace_exec(struct proc *p, struct vmspace *vmcopy)
4038 struct vmspace *oldvmspace = p->p_vmspace;
4039 struct vmspace *newvmspace;
4040 vm_map_t map = &p->p_vmspace->vm_map;
4043 * If we are execing a resident vmspace we fork it, otherwise
4044 * we create a new vmspace. Note that exitingcnt is not
4045 * copied to the new vmspace.
4047 lwkt_gettoken(&oldvmspace->vm_map.token);
4049 newvmspace = vmspace_fork(vmcopy);
4050 lwkt_gettoken(&newvmspace->vm_map.token);
4052 newvmspace = vmspace_alloc(vm_map_min(map), vm_map_max(map));
4053 lwkt_gettoken(&newvmspace->vm_map.token);
4054 bcopy(&oldvmspace->vm_startcopy, &newvmspace->vm_startcopy,
4055 (caddr_t)&oldvmspace->vm_endcopy -
4056 (caddr_t)&oldvmspace->vm_startcopy);
4060 * Finish initializing the vmspace before assigning it
4061 * to the process. The vmspace will become the current vmspace
4064 pmap_pinit2(vmspace_pmap(newvmspace));
4065 pmap_replacevm(p, newvmspace, 0);
4066 lwkt_reltoken(&newvmspace->vm_map.token);
4067 lwkt_reltoken(&oldvmspace->vm_map.token);
4068 vmspace_rel(oldvmspace);
4072 * Unshare the specified VM space for forcing COW. This
4073 * is called by rfork, for the (RFMEM|RFPROC) == 0 case.
4076 vmspace_unshare(struct proc *p)
4078 struct vmspace *oldvmspace = p->p_vmspace;
4079 struct vmspace *newvmspace;
4081 lwkt_gettoken(&oldvmspace->vm_map.token);
4082 if (vmspace_getrefs(oldvmspace) == 1) {
4083 lwkt_reltoken(&oldvmspace->vm_map.token);
4086 newvmspace = vmspace_fork(oldvmspace);
4087 lwkt_gettoken(&newvmspace->vm_map.token);
4088 pmap_pinit2(vmspace_pmap(newvmspace));
4089 pmap_replacevm(p, newvmspace, 0);
4090 lwkt_reltoken(&newvmspace->vm_map.token);
4091 lwkt_reltoken(&oldvmspace->vm_map.token);
4092 vmspace_rel(oldvmspace);
4096 * vm_map_hint: return the beginning of the best area suitable for
4097 * creating a new mapping with "prot" protection.
4102 vm_map_hint(struct proc *p, vm_offset_t addr, vm_prot_t prot)
4104 struct vmspace *vms = p->p_vmspace;
4105 struct rlimit limit;
4109 * Acquire datasize limit for mmap() operation,
4110 * calculate nearest power of 2.
4112 if (kern_getrlimit(RLIMIT_DATA, &limit))
4113 limit.rlim_cur = maxdsiz;
4114 dsiz = limit.rlim_cur;
4116 if (!randomize_mmap || addr != 0) {
4118 * Set a reasonable start point for the hint if it was
4119 * not specified or if it falls within the heap space.
4120 * Hinted mmap()s do not allocate out of the heap space.
4123 (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
4124 addr < round_page((vm_offset_t)vms->vm_daddr + dsiz))) {
4125 addr = round_page((vm_offset_t)vms->vm_daddr + dsiz);
4132 * randomize_mmap && addr == 0. For now randomize the
4133 * address within a dsiz range beyond the data limit.
4135 addr = (vm_offset_t)vms->vm_daddr + dsiz;
4137 addr += (karc4random64() & 0x7FFFFFFFFFFFFFFFLU) % dsiz;
4138 return (round_page(addr));
4142 * Finds the VM object, offset, and protection for a given virtual address
4143 * in the specified map, assuming a page fault of the type specified.
4145 * Leaves the map in question locked for read; return values are guaranteed
4146 * until a vm_map_lookup_done call is performed. Note that the map argument
4147 * is in/out; the returned map must be used in the call to vm_map_lookup_done.
4149 * A handle (out_entry) is returned for use in vm_map_lookup_done, to make
4152 * If a lookup is requested with "write protection" specified, the map may
4153 * be changed to perform virtual copying operations, although the data
4154 * referenced will remain the same.
4159 vm_map_lookup(vm_map_t *var_map, /* IN/OUT */
4161 vm_prot_t fault_typea,
4162 vm_map_entry_t *out_entry, /* OUT */
4163 struct vm_map_backing **bap, /* OUT */
4164 vm_pindex_t *pindex, /* OUT */
4165 vm_prot_t *out_prot, /* OUT */
4166 int *wflags) /* OUT */
4168 vm_map_entry_t entry;
4169 vm_map_t map = *var_map;
4171 vm_prot_t fault_type = fault_typea;
4172 int use_read_lock = 1;
4173 int rv = KERN_SUCCESS;
4175 thread_t td = curthread;
4178 * vm_map_entry_reserve() implements an important mitigation
4179 * against mmap() span running the kernel out of vm_map_entry
4180 * structures, but it can also cause an infinite call recursion.
4181 * Use td_nest_count to prevent an infinite recursion (allows
4182 * the vm_map code to dig into the pcpu vm_map_entry reserve).
4185 if (td->td_nest_count == 0) {
4186 ++td->td_nest_count;
4187 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
4188 --td->td_nest_count;
4192 vm_map_lock_read(map);
4197 * Always do a full lookup. The hint doesn't get us much anymore
4198 * now that the map is RB'd.
4205 vm_map_entry_t tmp_entry;
4207 if (!vm_map_lookup_entry(map, vaddr, &tmp_entry)) {
4208 rv = KERN_INVALID_ADDRESS;
4218 if (entry->maptype == VM_MAPTYPE_SUBMAP) {
4219 vm_map_t old_map = map;
4221 *var_map = map = entry->ba.sub_map;
4223 vm_map_unlock_read(old_map);
4225 vm_map_unlock(old_map);
4231 * Check whether this task is allowed to have this page.
4232 * Note the special case for MAP_ENTRY_COW pages with an override.
4233 * This is to implement a forced COW for debuggers.
4235 if (fault_type & VM_PROT_OVERRIDE_WRITE)
4236 prot = entry->max_protection;
4238 prot = entry->protection;
4240 fault_type &= (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
4241 if ((fault_type & prot) != fault_type) {
4242 rv = KERN_PROTECTION_FAILURE;
4246 if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
4247 (entry->eflags & MAP_ENTRY_COW) &&
4248 (fault_type & VM_PROT_WRITE) &&
4249 (fault_typea & VM_PROT_OVERRIDE_WRITE) == 0) {
4250 rv = KERN_PROTECTION_FAILURE;
4255 * If this page is not pageable, we have to get it for all possible
4259 if (entry->wired_count) {
4260 *wflags |= FW_WIRED;
4261 prot = fault_type = entry->protection;
4265 * Virtual page tables may need to update the accessed (A) bit
4266 * in a page table entry. Upgrade the fault to a write fault for
4267 * that case if the map will support it. If the map does not support
4268 * it the page table entry simply will not be updated.
4270 if (entry->maptype == VM_MAPTYPE_VPAGETABLE) {
4271 if (prot & VM_PROT_WRITE)
4272 fault_type |= VM_PROT_WRITE;
4275 if (curthread->td_lwp && curthread->td_lwp->lwp_vmspace &&
4276 pmap_emulate_ad_bits(&curthread->td_lwp->lwp_vmspace->vm_pmap)) {
4277 if ((prot & VM_PROT_WRITE) == 0)
4278 fault_type |= VM_PROT_WRITE;
4282 * Only NORMAL and VPAGETABLE maps are object-based. UKSMAPs are not.
4284 if (entry->maptype != VM_MAPTYPE_NORMAL &&
4285 entry->maptype != VM_MAPTYPE_VPAGETABLE) {
4291 * If the entry was copy-on-write, we either ...
4293 if (entry->eflags & MAP_ENTRY_NEEDS_COPY) {
4295 * If we want to write the page, we may as well handle that
4296 * now since we've got the map locked.
4298 * If we don't need to write the page, we just demote the
4299 * permissions allowed.
4301 if (fault_type & VM_PROT_WRITE) {
4303 * Not allowed if TDF_NOFAULT is set as the shadowing
4304 * operation can deadlock against the faulting
4305 * function due to the copy-on-write.
4307 if (curthread->td_flags & TDF_NOFAULT) {
4308 rv = KERN_FAILURE_NOFAULT;
4313 * Make a new vm_map_backing + object, and place it
4314 * in the object chain. Note that no new references
4315 * have appeared -- one just moved from the map to
4318 if (use_read_lock && vm_map_lock_upgrade(map)) {
4324 vm_map_entry_shadow(entry, 0);
4325 *wflags |= FW_DIDCOW;
4328 * We're attempting to read a copy-on-write page --
4329 * don't allow writes.
4331 prot &= ~VM_PROT_WRITE;
4336 * Create an object if necessary. This code also handles
4337 * partitioning large entries to improve vm_fault performance.
4339 if (entry->ba.object == NULL && !map->system_map) {
4340 if (use_read_lock && vm_map_lock_upgrade(map)) {
4348 * Partition large entries, giving each its own VM object,
4349 * to improve concurrent fault performance. This is only
4350 * applicable to userspace.
4352 if (map != &kernel_map &&
4353 entry->maptype == VM_MAPTYPE_NORMAL &&
4354 ((entry->start ^ entry->end) & ~MAP_ENTRY_PARTITION_MASK) &&
4355 vm_map_partition_enable) {
4356 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
4357 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
4358 ++mycpu->gd_cnt.v_intrans_coll;
4359 ++mycpu->gd_cnt.v_intrans_wait;
4360 vm_map_transition_wait(map, 0);
4363 vm_map_entry_partition(map, entry, vaddr, &count);
4365 vm_map_entry_allocate_object(entry);
4369 * Return the object/offset from this entry. If the entry was
4370 * copy-on-write or empty, it has been fixed up.
4375 *pindex = OFF_TO_IDX((vaddr - entry->start) + entry->ba.offset);
4378 * Return whether this is the only map sharing this data. On
4379 * success we return with a read lock held on the map. On failure
4380 * we return with the map unlocked.
4384 if (rv == KERN_SUCCESS) {
4385 if (use_read_lock == 0)
4386 vm_map_lock_downgrade(map);
4387 } else if (use_read_lock) {
4388 vm_map_unlock_read(map);
4393 vm_map_entry_release(count);
4399 * Releases locks acquired by a vm_map_lookup()
4400 * (according to the handle returned by that lookup).
4402 * No other requirements.
4405 vm_map_lookup_done(vm_map_t map, vm_map_entry_t entry, int count)
4408 * Unlock the main-level map
4410 vm_map_unlock_read(map);
4412 vm_map_entry_release(count);
4416 vm_map_entry_partition(vm_map_t map, vm_map_entry_t entry,
4417 vm_offset_t vaddr, int *countp)
4419 vaddr &= ~MAP_ENTRY_PARTITION_MASK;
4420 vm_map_clip_start(map, entry, vaddr, countp);
4421 vaddr += MAP_ENTRY_PARTITION_SIZE;
4422 vm_map_clip_end(map, entry, vaddr, countp);
4426 * Quick hack, needs some help to make it more SMP friendly.
4429 vm_map_interlock(vm_map_t map, struct vm_map_ilock *ilock,
4430 vm_offset_t ran_beg, vm_offset_t ran_end)
4432 struct vm_map_ilock *scan;
4434 ilock->ran_beg = ran_beg;
4435 ilock->ran_end = ran_end;
4438 spin_lock(&map->ilock_spin);
4440 for (scan = map->ilock_base; scan; scan = scan->next) {
4441 if (ran_end > scan->ran_beg && ran_beg < scan->ran_end) {
4442 scan->flags |= ILOCK_WAITING;
4443 ssleep(scan, &map->ilock_spin, 0, "ilock", 0);
4447 ilock->next = map->ilock_base;
4448 map->ilock_base = ilock;
4449 spin_unlock(&map->ilock_spin);
4453 vm_map_deinterlock(vm_map_t map, struct vm_map_ilock *ilock)
4455 struct vm_map_ilock *scan;
4456 struct vm_map_ilock **scanp;
4458 spin_lock(&map->ilock_spin);
4459 scanp = &map->ilock_base;
4460 while ((scan = *scanp) != NULL) {
4461 if (scan == ilock) {
4462 *scanp = ilock->next;
4463 spin_unlock(&map->ilock_spin);
4464 if (ilock->flags & ILOCK_WAITING)
4468 scanp = &scan->next;
4470 spin_unlock(&map->ilock_spin);
4471 panic("vm_map_deinterlock: missing ilock!");
4474 #include "opt_ddb.h"
4476 #include <ddb/ddb.h>
4481 DB_SHOW_COMMAND(map, vm_map_print)
4484 /* XXX convert args. */
4485 vm_map_t map = (vm_map_t)addr;
4486 boolean_t full = have_addr;
4488 vm_map_entry_t entry;
4490 db_iprintf("Task map %p: pmap=%p, nentries=%d, version=%u\n",
4492 (void *)map->pmap, map->nentries, map->timestamp);
4495 if (!full && db_indent)
4499 RB_FOREACH(entry, vm_map_rb_tree, &map->rb_root) {
4500 db_iprintf("map entry %p: start=%p, end=%p\n",
4501 (void *)entry, (void *)entry->start, (void *)entry->end);
4504 static char *inheritance_name[4] =
4505 {"share", "copy", "none", "donate_copy"};
4507 db_iprintf(" prot=%x/%x/%s",
4509 entry->max_protection,
4510 inheritance_name[(int)(unsigned char)
4511 entry->inheritance]);
4512 if (entry->wired_count != 0)
4513 db_printf(", wired");
4515 switch(entry->maptype) {
4516 case VM_MAPTYPE_SUBMAP:
4517 /* XXX no %qd in kernel. Truncate entry->ba.offset. */
4518 db_printf(", share=%p, offset=0x%lx\n",
4519 (void *)entry->ba.sub_map,
4520 (long)entry->ba.offset);
4524 vm_map_print((db_expr_t)(intptr_t)entry->ba.sub_map,
4528 case VM_MAPTYPE_NORMAL:
4529 case VM_MAPTYPE_VPAGETABLE:
4530 /* XXX no %qd in kernel. Truncate entry->ba.offset. */
4531 db_printf(", object=%p, offset=0x%lx",
4532 (void *)entry->ba.object,
4533 (long)entry->ba.offset);
4534 if (entry->eflags & MAP_ENTRY_COW)
4535 db_printf(", copy (%s)",
4536 (entry->eflags & MAP_ENTRY_NEEDS_COPY) ? "needed" : "done");
4540 if (entry->ba.object) {
4542 vm_object_print((db_expr_t)(intptr_t)
4549 case VM_MAPTYPE_UKSMAP:
4550 db_printf(", uksmap=%p, offset=0x%lx",
4551 (void *)entry->ba.uksmap,
4552 (long)entry->ba.offset);
4553 if (entry->eflags & MAP_ENTRY_COW)
4554 db_printf(", copy (%s)",
4555 (entry->eflags & MAP_ENTRY_NEEDS_COPY) ? "needed" : "done");
4571 DB_SHOW_COMMAND(procvm, procvm)
4576 p = (struct proc *) addr;
4581 db_printf("p = %p, vmspace = %p, map = %p, pmap = %p\n",
4582 (void *)p, (void *)p->p_vmspace, (void *)&p->p_vmspace->vm_map,
4583 (void *)vmspace_pmap(p->p_vmspace));
4585 vm_map_print((db_expr_t)(intptr_t)&p->p_vmspace->vm_map, 1, 0, NULL);
projects / dragonfly.git / blob