4 * Copyright (c) 1991 Regents of the University of California.
6 * Copyright (c) 1994 John S. Dyson
8 * Copyright (c) 1994 David Greenman
11 * This code is derived from software contributed to Berkeley by
12 * the Systems Programming Group of the University of Utah Computer
13 * Science Department and William Jolitz of UUNET Technologies Inc.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. All advertising materials mentioning features or use of this software
24 * must display the following acknowledgement:
25 * This product includes software developed by the University of
26 * California, Berkeley and its contributors.
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
44 * $FreeBSD: src/sys/i386/i386/pmap.c,v 1.250.2.18 2002/03/06 22:48:53 silby Exp $
48 * Manages physical address maps.
50 * In most cases we hold page table pages busy in order to manipulate them.
53 * PMAP_DEBUG - see platform/pc32/include/pmap.h
56 #include "opt_disable_pse.h"
58 #include "opt_msgbuf.h"
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/kernel.h>
64 #include <sys/msgbuf.h>
65 #include <sys/vmmeter.h>
67 #include <sys/thread.h>
70 #include <vm/vm_param.h>
71 #include <sys/sysctl.h>
73 #include <vm/vm_kern.h>
74 #include <vm/vm_page.h>
75 #include <vm/vm_map.h>
76 #include <vm/vm_object.h>
77 #include <vm/vm_extern.h>
78 #include <vm/vm_pageout.h>
79 #include <vm/vm_pager.h>
80 #include <vm/vm_zone.h>
83 #include <sys/thread2.h>
84 #include <sys/sysref2.h>
85 #include <sys/spinlock2.h>
86 #include <vm/vm_page2.h>
88 #include <machine/cputypes.h>
89 #include <machine/md_var.h>
90 #include <machine/specialreg.h>
91 #include <machine/smp.h>
92 #include <machine_base/apic/apicreg.h>
93 #include <machine/globaldata.h>
94 #include <machine/pmap.h>
95 #include <machine/pmap_inval.h>
97 #define PMAP_KEEP_PDIRS
98 #ifndef PMAP_SHPGPERPROC
99 #define PMAP_SHPGPERPROC 200
100 #define PMAP_PVLIMIT 1400000 /* i386 kvm problems */
103 #if defined(DIAGNOSTIC)
104 #define PMAP_DIAGNOSTIC
109 #if !defined(PMAP_DIAGNOSTIC)
110 #define PMAP_INLINE __inline
116 * Get PDEs and PTEs for user/kernel address space
118 #define pmap_pde(m, v) (&((m)->pm_pdir[(vm_offset_t)(v) >> PDRSHIFT]))
119 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
121 #define pmap_pde_v(pte) ((*(int *)pte & PG_V) != 0)
122 #define pmap_pte_w(pte) ((*(int *)pte & PG_W) != 0)
123 #define pmap_pte_m(pte) ((*(int *)pte & PG_M) != 0)
124 #define pmap_pte_u(pte) ((*(int *)pte & PG_A) != 0)
125 #define pmap_pte_v(pte) ((*(int *)pte & PG_V) != 0)
128 * Given a map and a machine independent protection code,
129 * convert to a vax protection code.
131 #define pte_prot(m, p) \
132 (protection_codes[p & (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)])
133 static int protection_codes[8];
135 struct pmap kernel_pmap;
136 static TAILQ_HEAD(,pmap) pmap_list = TAILQ_HEAD_INITIALIZER(pmap_list);
138 vm_paddr_t avail_start; /* PA of first available physical page */
139 vm_paddr_t avail_end; /* PA of last available physical page */
140 vm_offset_t virtual_start; /* VA of first avail page (after kernel bss) */
141 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
142 vm_offset_t virtual2_start;
143 vm_offset_t virtual2_end;
144 vm_offset_t KvaStart; /* VA start of KVA space */
145 vm_offset_t KvaEnd; /* VA end of KVA space (non-inclusive) */
146 vm_offset_t KvaSize; /* max size of kernel virtual address space */
147 static boolean_t pmap_initialized = FALSE; /* Has pmap_init completed? */
148 static int pgeflag; /* PG_G or-in */
149 static int pseflag; /* PG_PS or-in */
151 static vm_object_t kptobj;
154 vm_offset_t kernel_vm_end;
157 * Data for the pv entry allocation mechanism
159 static vm_zone_t pvzone;
160 static struct vm_zone pvzone_store;
161 static struct vm_object pvzone_obj;
162 static int pv_entry_count=0, pv_entry_max=0, pv_entry_high_water=0;
163 static int pmap_pagedaemon_waken = 0;
164 static struct pv_entry *pvinit;
167 * Considering all the issues I'm having with pmap caching, if breakage
168 * continues to occur, and for debugging, I've added a sysctl that will
169 * just do an unconditional invltlb.
171 static int dreadful_invltlb;
173 SYSCTL_INT(_vm, OID_AUTO, dreadful_invltlb,
174 CTLFLAG_RW, &dreadful_invltlb, 0, "Debugging sysctl to force invltlb on pmap operations");
177 * All those kernel PT submaps that BSD is so fond of
179 pt_entry_t *CMAP1 = 0, *ptmmap;
180 caddr_t CADDR1 = 0, ptvmmap = 0;
181 static pt_entry_t *msgbufmap;
182 struct msgbuf *msgbufp=0;
187 static pt_entry_t *pt_crashdumpmap;
188 static caddr_t crashdumpmap;
190 extern pt_entry_t *SMPpt;
192 static PMAP_INLINE void free_pv_entry (pv_entry_t pv);
193 static unsigned * get_ptbase (pmap_t pmap);
194 static pv_entry_t get_pv_entry (void);
195 static void i386_protection_init (void);
196 static __inline void pmap_clearbit (vm_page_t m, int bit);
198 static void pmap_remove_all (vm_page_t m);
199 static int pmap_remove_pte (struct pmap *pmap, unsigned *ptq,
200 vm_offset_t sva, pmap_inval_info_t info);
201 static void pmap_remove_page (struct pmap *pmap,
202 vm_offset_t va, pmap_inval_info_t info);
203 static int pmap_remove_entry (struct pmap *pmap, vm_page_t m,
204 vm_offset_t va, pmap_inval_info_t info);
205 static boolean_t pmap_testbit (vm_page_t m, int bit);
206 static void pmap_insert_entry (pmap_t pmap, vm_offset_t va,
207 vm_page_t mpte, vm_page_t m);
209 static vm_page_t pmap_allocpte (pmap_t pmap, vm_offset_t va);
211 static int pmap_release_free_page (pmap_t pmap, vm_page_t p);
212 static vm_page_t _pmap_allocpte (pmap_t pmap, unsigned ptepindex);
213 static unsigned * pmap_pte_quick (pmap_t pmap, vm_offset_t va);
214 static vm_page_t pmap_page_lookup (vm_object_t object, vm_pindex_t pindex);
215 static int pmap_unuse_pt (pmap_t, vm_offset_t, vm_page_t, pmap_inval_info_t);
216 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
218 static unsigned pdir4mb;
221 * Move the kernel virtual free pointer to the next
222 * 4MB. This is used to help improve performance
223 * by using a large (4MB) page for much of the kernel
224 * (.text, .data, .bss)
228 pmap_kmem_choose(vm_offset_t addr)
230 vm_offset_t newaddr = addr;
232 if (cpu_feature & CPUID_PSE) {
233 newaddr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
240 * This function returns a pointer to the pte entry in the pmap and has
241 * the side effect of potentially retaining a cached mapping of the pmap.
243 * The caller must hold vm_token and the returned value is only valid
244 * until the caller blocks or releases the token.
248 pmap_pte(pmap_t pmap, vm_offset_t va)
252 ASSERT_LWKT_TOKEN_HELD(&vm_token);
254 pdeaddr = (unsigned *) pmap_pde(pmap, va);
255 if (*pdeaddr & PG_PS)
258 return get_ptbase(pmap) + i386_btop(va);
264 * pmap_pte using the kernel_pmap
266 * Used for debugging, no requirements.
269 pmap_kernel_pte(vm_offset_t va)
273 pdeaddr = (unsigned *) pmap_pde(&kernel_pmap, va);
274 if (*pdeaddr & PG_PS)
277 return (unsigned *)vtopte(va);
284 * Super fast pmap_pte routine best used when scanning the pv lists.
285 * This eliminates many course-grained invltlb calls. Note that many of
286 * the pv list scans are across different pmaps and it is very wasteful
287 * to do an entire invltlb when checking a single mapping.
289 * Should only be called while in a critical section.
291 * The caller must hold vm_token and the returned value is only valid
292 * until the caller blocks or releases the token.
296 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
298 struct mdglobaldata *gd = mdcpu;
301 ASSERT_LWKT_TOKEN_HELD(&vm_token);
302 if ((pde = (unsigned) pmap->pm_pdir[va >> PDRSHIFT]) != 0) {
303 unsigned frame = (unsigned) pmap->pm_pdir[PTDPTDI] & PG_FRAME;
304 unsigned index = i386_btop(va);
305 /* are we current address space or kernel? */
306 if ((pmap == &kernel_pmap) ||
307 (frame == (((unsigned) PTDpde) & PG_FRAME))) {
308 return (unsigned *) PTmap + index;
310 newpf = pde & PG_FRAME;
311 if (((*(unsigned *)gd->gd_PMAP1) & PG_FRAME) != newpf) {
312 *(unsigned *)gd->gd_PMAP1 = newpf | PG_RW | PG_V;
313 cpu_invlpg(gd->gd_PADDR1);
315 return gd->gd_PADDR1 + ((unsigned) index & (NPTEPG - 1));
322 * Bootstrap the system enough to run with virtual memory.
324 * On the i386 this is called after mapping has already been enabled
325 * and just syncs the pmap module with what has already been done.
326 * [We can't call it easily with mapping off since the kernel is not
327 * mapped with PA == VA, hence we would have to relocate every address
328 * from the linked base (virtual) address "KERNBASE" to the actual
329 * (physical) address starting relative to 0]
332 pmap_bootstrap(vm_paddr_t firstaddr, vm_paddr_t loadaddr)
336 struct mdglobaldata *gd;
340 KvaStart = (vm_offset_t)VADDR(PTDPTDI, 0);
341 KvaSize = (vm_offset_t)VADDR(APTDPTDI, 0) - KvaStart;
342 KvaEnd = KvaStart + KvaSize;
344 avail_start = firstaddr;
347 * XXX The calculation of virtual_start is wrong. It's NKPT*PAGE_SIZE
348 * too large. It should instead be correctly calculated in locore.s and
349 * not based on 'first' (which is a physical address, not a virtual
350 * address, for the start of unused physical memory). The kernel
351 * page tables are NOT double mapped and thus should not be included
352 * in this calculation.
354 virtual_start = (vm_offset_t) KERNBASE + firstaddr;
355 virtual_start = pmap_kmem_choose(virtual_start);
356 virtual_end = VADDR(KPTDI+NKPDE-1, NPTEPG-1);
359 * Initialize protection array.
361 i386_protection_init();
364 * The kernel's pmap is statically allocated so we don't have to use
365 * pmap_create, which is unlikely to work correctly at this part of
366 * the boot sequence (XXX and which no longer exists).
368 * The kernel_pmap's pm_pteobj is used only for locking and not
371 kernel_pmap.pm_pdir = (pd_entry_t *)(KERNBASE + (u_int)IdlePTD);
372 kernel_pmap.pm_count = 1;
373 kernel_pmap.pm_active = (cpumask_t)-1 & ~CPUMASK_LOCK;
374 kernel_pmap.pm_pteobj = &kernel_object;
375 TAILQ_INIT(&kernel_pmap.pm_pvlist);
376 TAILQ_INIT(&kernel_pmap.pm_pvlist_free);
377 spin_init(&kernel_pmap.pm_spin);
378 lwkt_token_init(&kernel_pmap.pm_token, "kpmap_tok");
382 * Reserve some special page table entries/VA space for temporary
385 #define SYSMAP(c, p, v, n) \
386 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
389 pte = (pt_entry_t *) pmap_kernel_pte(va);
392 * CMAP1/CMAP2 are used for zeroing and copying pages.
394 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
399 SYSMAP(caddr_t, pt_crashdumpmap, crashdumpmap, MAXDUMPPGS);
402 * ptvmmap is used for reading arbitrary physical pages via
405 SYSMAP(caddr_t, ptmmap, ptvmmap, 1)
408 * msgbufp is used to map the system message buffer.
409 * XXX msgbufmap is not used.
411 SYSMAP(struct msgbuf *, msgbufmap, msgbufp,
412 atop(round_page(MSGBUF_SIZE)))
417 for (i = 0; i < NKPT; i++)
421 * PG_G is terribly broken on SMP because we IPI invltlb's in some
422 * cases rather then invl1pg. Actually, I don't even know why it
423 * works under UP because self-referential page table mappings
428 if (cpu_feature & CPUID_PGE)
433 * Initialize the 4MB page size flag
437 * The 4MB page version of the initial
438 * kernel page mapping.
442 #if !defined(DISABLE_PSE)
443 if (cpu_feature & CPUID_PSE) {
446 * Note that we have enabled PSE mode
449 ptditmp = *((unsigned *)PTmap + i386_btop(KERNBASE));
450 ptditmp &= ~(NBPDR - 1);
451 ptditmp |= PG_V | PG_RW | PG_PS | PG_U | pgeflag;
456 * Enable the PSE mode. If we are SMP we can't do this
457 * now because the APs will not be able to use it when
460 load_cr4(rcr4() | CR4_PSE);
463 * We can do the mapping here for the single processor
464 * case. We simply ignore the old page table page from
468 * For SMP, we still need 4K pages to bootstrap APs,
469 * PSE will be enabled as soon as all APs are up.
471 PTD[KPTDI] = (pd_entry_t)ptditmp;
472 kernel_pmap.pm_pdir[KPTDI] = (pd_entry_t)ptditmp;
479 * We need to finish setting up the globaldata page for the BSP.
480 * locore has already populated the page table for the mdglobaldata
483 pg = MDGLOBALDATA_BASEALLOC_PAGES;
484 gd = &CPU_prvspace[0].mdglobaldata;
485 gd->gd_CMAP1 = &SMPpt[pg + 0];
486 gd->gd_CMAP2 = &SMPpt[pg + 1];
487 gd->gd_CMAP3 = &SMPpt[pg + 2];
488 gd->gd_PMAP1 = &SMPpt[pg + 3];
489 gd->gd_GDMAP1 = &PTD[APTDPTDI];
490 gd->gd_CADDR1 = CPU_prvspace[0].CPAGE1;
491 gd->gd_CADDR2 = CPU_prvspace[0].CPAGE2;
492 gd->gd_CADDR3 = CPU_prvspace[0].CPAGE3;
493 gd->gd_PADDR1 = (unsigned *)CPU_prvspace[0].PPAGE1;
494 gd->gd_GDADDR1= (unsigned *)VADDR(APTDPTDI, 0);
501 * Set 4mb pdir for mp startup
506 if (pseflag && (cpu_feature & CPUID_PSE)) {
507 load_cr4(rcr4() | CR4_PSE);
508 if (pdir4mb && mycpu->gd_cpuid == 0) { /* only on BSP */
509 kernel_pmap.pm_pdir[KPTDI] =
510 PTD[KPTDI] = (pd_entry_t)pdir4mb;
518 * Initialize the pmap module, called by vm_init()
520 * Called from the low level boot code only.
529 * object for kernel page table pages
531 kptobj = vm_object_allocate(OBJT_DEFAULT, NKPDE);
534 * Allocate memory for random pmap data structures. Includes the
538 for(i = 0; i < vm_page_array_size; i++) {
541 m = &vm_page_array[i];
542 TAILQ_INIT(&m->md.pv_list);
543 m->md.pv_list_count = 0;
547 * init the pv free list
549 initial_pvs = vm_page_array_size;
550 if (initial_pvs < MINPV)
552 pvzone = &pvzone_store;
553 pvinit = (void *)kmem_alloc(&kernel_map,
554 initial_pvs * sizeof (struct pv_entry));
555 zbootinit(pvzone, "PV ENTRY", sizeof (struct pv_entry),
556 pvinit, initial_pvs);
559 * Now it is safe to enable pv_table recording.
561 pmap_initialized = TRUE;
565 * Initialize the address space (zone) for the pv_entries. Set a
566 * high water mark so that the system can recover from excessive
567 * numbers of pv entries.
569 * Called from the low level boot code only.
574 int shpgperproc = PMAP_SHPGPERPROC;
577 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
578 pv_entry_max = shpgperproc * maxproc + vm_page_array_size;
582 * Horrible hack for systems with a lot of memory running i386.
583 * the calculated pv_entry_max can wind up eating a ton of KVM
584 * so put a cap on the number of entries if the user did not
585 * change any of the values. This saves about 44MB of KVM on
586 * boxes with 3+GB of ram.
588 * On the flip side, this makes it more likely that some setups
589 * will run out of pv entries. Those sysads will have to bump
590 * the limit up with vm.pamp.pv_entries or vm.pmap.shpgperproc.
592 if (shpgperproc == PMAP_SHPGPERPROC) {
593 if (pv_entry_max > PMAP_PVLIMIT)
594 pv_entry_max = PMAP_PVLIMIT;
597 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
598 pv_entry_high_water = 9 * (pv_entry_max / 10);
601 * Subtract out pages already installed in the zone (hack)
603 entry_max = pv_entry_max - vm_page_array_size;
607 zinitna(pvzone, &pvzone_obj, NULL, 0, entry_max, ZONE_INTERRUPT, 1);
611 /***************************************************
612 * Low level helper routines.....
613 ***************************************************/
618 test_m_maps_pv(vm_page_t m, pv_entry_t pv)
624 KKASSERT(pv->pv_m == m);
626 TAILQ_FOREACH(spv, &m->md.pv_list, pv_list) {
633 panic("test_m_maps_pv: failed m %p pv %p\n", m, pv);
637 ptbase_assert(struct pmap *pmap)
639 unsigned frame = (unsigned) pmap->pm_pdir[PTDPTDI] & PG_FRAME;
641 /* are we current address space or kernel? */
642 if (pmap == &kernel_pmap || frame == (((unsigned)PTDpde) & PG_FRAME))
644 KKASSERT(frame == (*mdcpu->gd_GDMAP1 & PG_FRAME));
649 #define test_m_maps_pv(m, pv)
650 #define ptbase_assert(pmap)
654 #if defined(PMAP_DIAGNOSTIC)
657 * This code checks for non-writeable/modified pages.
658 * This should be an invalid condition.
661 pmap_nw_modified(pt_entry_t ptea)
667 if ((pte & (PG_M|PG_RW)) == PG_M)
676 * This routine defines the region(s) of memory that should not be tested
677 * for the modified bit.
681 static PMAP_INLINE int
682 pmap_track_modified(vm_offset_t va)
684 if ((va < clean_sva) || (va >= clean_eva))
691 * Retrieve the mapped page table base for a particular pmap. Use our self
692 * mapping for the kernel_pmap or our current pmap.
694 * For foreign pmaps we use the per-cpu page table map. Since this involves
695 * installing a ptd it's actually (per-process x per-cpu). However, we
696 * still cannot depend on our mapping to survive thread switches because
697 * the process might be threaded and switching to another thread for the
698 * same process on the same cpu will allow that other thread to make its
701 * This could be a bit confusing but the jist is for something like the
702 * vkernel which uses foreign pmaps all the time this represents a pretty
703 * good cache that avoids unnecessary invltlb()s.
705 * The caller must hold vm_token and the returned value is only valid
706 * until the caller blocks or releases the token.
709 get_ptbase(pmap_t pmap)
711 unsigned frame = (unsigned) pmap->pm_pdir[PTDPTDI] & PG_FRAME;
712 struct mdglobaldata *gd = mdcpu;
714 ASSERT_LWKT_TOKEN_HELD(&vm_token);
717 * We can use PTmap if the pmap is our current address space or
718 * the kernel address space.
720 if (pmap == &kernel_pmap || frame == (((unsigned) PTDpde) & PG_FRAME)) {
721 return (unsigned *) PTmap;
725 * Otherwise we use the per-cpu alternative page table map. Each
726 * cpu gets its own map. Because of this we cannot use this map
727 * from interrupts or threads which can preempt.
729 * Even if we already have the map cached we may still have to
730 * invalidate the TLB if another cpu modified a PDE in the map.
732 KKASSERT(gd->mi.gd_intr_nesting_level == 0 &&
733 (gd->mi.gd_curthread->td_flags & TDF_INTTHREAD) == 0);
735 if ((*gd->gd_GDMAP1 & PG_FRAME) != frame) {
736 *gd->gd_GDMAP1 = frame | PG_RW | PG_V;
737 pmap->pm_cached |= gd->mi.gd_cpumask;
739 } else if ((pmap->pm_cached & gd->mi.gd_cpumask) == 0) {
740 pmap->pm_cached |= gd->mi.gd_cpumask;
742 } else if (dreadful_invltlb) {
745 return ((unsigned *)gd->gd_GDADDR1);
751 * Extract the physical page address associated with the map/VA pair.
753 * The caller may hold vm_token if it desires non-blocking operation.
756 pmap_extract(pmap_t pmap, vm_offset_t va)
759 vm_offset_t pdirindex;
761 lwkt_gettoken(&vm_token);
762 pdirindex = va >> PDRSHIFT;
763 if (pmap && (rtval = (unsigned) pmap->pm_pdir[pdirindex])) {
765 if ((rtval & PG_PS) != 0) {
766 rtval &= ~(NBPDR - 1);
767 rtval |= va & (NBPDR - 1);
769 pte = get_ptbase(pmap) + i386_btop(va);
770 rtval = ((*pte & PG_FRAME) | (va & PAGE_MASK));
775 lwkt_reltoken(&vm_token);
779 /***************************************************
780 * Low level mapping routines.....
781 ***************************************************/
784 * Map a wired VM page to a KVA, fully SMP synchronized.
786 * No requirements, non blocking.
789 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
793 pmap_inval_info info;
795 pmap_inval_init(&info);
796 npte = pa | PG_RW | PG_V | pgeflag;
797 pte = (unsigned *)vtopte(va);
798 pmap_inval_interlock(&info, &kernel_pmap, va);
800 pmap_inval_deinterlock(&info, &kernel_pmap);
801 pmap_inval_done(&info);
805 * Map a wired VM page to a KVA, synchronized on current cpu only.
807 * No requirements, non blocking.
810 pmap_kenter_quick(vm_offset_t va, vm_paddr_t pa)
815 npte = pa | PG_RW | PG_V | pgeflag;
816 pte = (unsigned *)vtopte(va);
818 cpu_invlpg((void *)va);
822 * Synchronize a previously entered VA on all cpus.
824 * No requirements, non blocking.
827 pmap_kenter_sync(vm_offset_t va)
829 pmap_inval_info info;
831 pmap_inval_init(&info);
832 pmap_inval_interlock(&info, &kernel_pmap, va);
833 pmap_inval_deinterlock(&info, &kernel_pmap);
834 pmap_inval_done(&info);
838 * Synchronize a previously entered VA on the current cpu only.
840 * No requirements, non blocking.
843 pmap_kenter_sync_quick(vm_offset_t va)
845 cpu_invlpg((void *)va);
849 * Remove a page from the kernel pagetables, fully SMP synchronized.
851 * No requirements, non blocking.
854 pmap_kremove(vm_offset_t va)
857 pmap_inval_info info;
859 pmap_inval_init(&info);
860 pte = (unsigned *)vtopte(va);
861 pmap_inval_interlock(&info, &kernel_pmap, va);
863 pmap_inval_deinterlock(&info, &kernel_pmap);
864 pmap_inval_done(&info);
868 * Remove a page from the kernel pagetables, synchronized on current cpu only.
870 * No requirements, non blocking.
873 pmap_kremove_quick(vm_offset_t va)
876 pte = (unsigned *)vtopte(va);
878 cpu_invlpg((void *)va);
882 * Adjust the permissions of a page in the kernel page table,
883 * synchronized on the current cpu only.
885 * No requirements, non blocking.
888 pmap_kmodify_rw(vm_offset_t va)
890 atomic_set_int(vtopte(va), PG_RW);
891 cpu_invlpg((void *)va);
895 * Adjust the permissions of a page in the kernel page table,
896 * synchronized on the current cpu only.
898 * No requirements, non blocking.
901 pmap_kmodify_nc(vm_offset_t va)
903 atomic_set_int(vtopte(va), PG_N);
904 cpu_invlpg((void *)va);
908 * Map a range of physical addresses into kernel virtual address space.
910 * No requirements, non blocking.
913 pmap_map(vm_offset_t *virtp, vm_paddr_t start, vm_paddr_t end, int prot)
915 vm_offset_t sva, virt;
918 while (start < end) {
919 pmap_kenter(virt, start);
928 * Add a list of wired pages to the kva, fully SMP synchronized.
930 * No requirements, non blocking.
933 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
937 end_va = va + count * PAGE_SIZE;
939 while (va < end_va) {
942 pte = (unsigned *)vtopte(va);
943 *pte = VM_PAGE_TO_PHYS(*m) | PG_RW | PG_V | pgeflag;
944 cpu_invlpg((void *)va);
949 smp_invltlb(); /* XXX */
954 * Remove pages from KVA, fully SMP synchronized.
956 * No requirements, non blocking.
959 pmap_qremove(vm_offset_t va, int count)
963 end_va = va + count*PAGE_SIZE;
965 while (va < end_va) {
968 pte = (unsigned *)vtopte(va);
970 cpu_invlpg((void *)va);
979 * This routine works like vm_page_lookup() but also blocks as long as the
980 * page is busy. This routine does not busy the page it returns.
982 * The caller must hold the object.
985 pmap_page_lookup(vm_object_t object, vm_pindex_t pindex)
989 ASSERT_LWKT_TOKEN_HELD(vm_object_token(object));
990 m = vm_page_lookup_busy_wait(object, pindex, FALSE, "pplookp");
996 * Create a new thread and optionally associate it with a (new) process.
997 * NOTE! the new thread's cpu may not equal the current cpu.
1000 pmap_init_thread(thread_t td)
1002 /* enforce pcb placement */
1003 td->td_pcb = (struct pcb *)(td->td_kstack + td->td_kstack_size) - 1;
1004 td->td_savefpu = &td->td_pcb->pcb_save;
1005 td->td_sp = (char *)td->td_pcb - 16;
1009 * This routine directly affects the fork perf for a process.
1012 pmap_init_proc(struct proc *p)
1016 /***************************************************
1017 * Page table page management routines.....
1018 ***************************************************/
1021 * This routine unwires page table pages, removing and freeing the page
1022 * tale page when the wire count drops to 0.
1024 * The caller must hold vm_token.
1025 * This function can block.
1028 _pmap_unwire_pte(pmap_t pmap, vm_page_t m, pmap_inval_info_t info)
1031 * Wait until we can busy the page ourselves. We cannot have
1032 * any active flushes if we block.
1034 vm_page_busy_wait(m, FALSE, "pmuwpt");
1035 KASSERT(m->queue == PQ_NONE,
1036 ("_pmap_unwire_pte: %p->queue != PQ_NONE", m));
1038 if (m->wire_count == 1) {
1040 * Unmap the page table page.
1042 * NOTE: We must clear pm_cached for all cpus, including
1043 * the current one, when clearing a page directory
1046 pmap_inval_interlock(info, pmap, -1);
1047 KKASSERT(pmap->pm_pdir[m->pindex]);
1048 pmap->pm_pdir[m->pindex] = 0;
1049 pmap->pm_cached = 0;
1050 pmap_inval_deinterlock(info, pmap);
1052 KKASSERT(pmap->pm_stats.resident_count > 0);
1053 --pmap->pm_stats.resident_count;
1055 if (pmap->pm_ptphint == m)
1056 pmap->pm_ptphint = NULL;
1059 * This was our last hold, the page had better be unwired
1060 * after we decrement wire_count.
1062 * FUTURE NOTE: shared page directory page could result in
1063 * multiple wire counts.
1065 vm_page_unwire(m, 0);
1066 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
1068 vm_page_free_zero(m);
1071 KKASSERT(m->wire_count > 1);
1072 if (vm_page_unwire_quick(m))
1073 panic("pmap_unwire_pte: Insufficient wire_count");
1080 * The caller must hold vm_token.
1081 * This function can block.
1083 static PMAP_INLINE int
1084 pmap_unwire_pte(pmap_t pmap, vm_page_t m, pmap_inval_info_t info)
1086 KKASSERT(m->wire_count > 0);
1087 if (m->wire_count > 1) {
1088 if (vm_page_unwire_quick(m))
1089 panic("pmap_unwire_pte: Insufficient wire_count");
1092 return _pmap_unwire_pte(pmap, m, info);
1097 * After removing a (user) page table entry, this routine is used to
1098 * conditionally free the page, and manage the hold/wire counts.
1100 * The caller must hold vm_token.
1101 * This function can block regardless.
1104 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, vm_page_t mpte,
1105 pmap_inval_info_t info)
1109 ASSERT_LWKT_TOKEN_HELD(vm_object_token(pmap->pm_pteobj));
1111 if (va >= UPT_MIN_ADDRESS)
1115 ptepindex = (va >> PDRSHIFT);
1116 if (pmap->pm_ptphint &&
1117 (pmap->pm_ptphint->pindex == ptepindex)) {
1118 mpte = pmap->pm_ptphint;
1120 mpte = pmap_page_lookup(pmap->pm_pteobj, ptepindex);
1121 pmap->pm_ptphint = mpte;
1122 vm_page_wakeup(mpte);
1126 return pmap_unwire_pte(pmap, mpte, info);
1130 * Initialize pmap0/vmspace0. This pmap is not added to pmap_list because
1131 * it, and IdlePTD, represents the template used to update all other pmaps.
1133 * On architectures where the kernel pmap is not integrated into the user
1134 * process pmap, this pmap represents the process pmap, not the kernel pmap.
1135 * kernel_pmap should be used to directly access the kernel_pmap.
1140 pmap_pinit0(struct pmap *pmap)
1143 (pd_entry_t *)kmem_alloc_pageable(&kernel_map, PAGE_SIZE);
1144 pmap_kenter((vm_offset_t)pmap->pm_pdir, (vm_offset_t) IdlePTD);
1146 pmap->pm_active = 0;
1147 pmap->pm_cached = 0;
1148 pmap->pm_ptphint = NULL;
1149 TAILQ_INIT(&pmap->pm_pvlist);
1150 TAILQ_INIT(&pmap->pm_pvlist_free);
1151 spin_init(&pmap->pm_spin);
1152 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1153 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1157 * Initialize a preallocated and zeroed pmap structure,
1158 * such as one in a vmspace structure.
1163 pmap_pinit(struct pmap *pmap)
1168 * No need to allocate page table space yet but we do need a valid
1169 * page directory table.
1171 if (pmap->pm_pdir == NULL) {
1173 (pd_entry_t *)kmem_alloc_pageable(&kernel_map, PAGE_SIZE);
1177 * Allocate an object for the ptes
1179 if (pmap->pm_pteobj == NULL)
1180 pmap->pm_pteobj = vm_object_allocate(OBJT_DEFAULT, PTDPTDI + 1);
1183 * Allocate the page directory page, unless we already have
1184 * one cached. If we used the cached page the wire_count will
1185 * already be set appropriately.
1187 if ((ptdpg = pmap->pm_pdirm) == NULL) {
1188 ptdpg = vm_page_grab(pmap->pm_pteobj, PTDPTDI,
1189 VM_ALLOC_NORMAL | VM_ALLOC_RETRY |
1191 pmap->pm_pdirm = ptdpg;
1192 vm_page_flag_clear(ptdpg, PG_MAPPED);
1193 vm_page_wire(ptdpg);
1194 KKASSERT(ptdpg->valid == VM_PAGE_BITS_ALL);
1195 pmap_kenter((vm_offset_t)pmap->pm_pdir, VM_PAGE_TO_PHYS(ptdpg));
1196 vm_page_wakeup(ptdpg);
1198 pmap->pm_pdir[MPPTDI] = PTD[MPPTDI];
1200 /* install self-referential address mapping entry */
1201 *(unsigned *) (pmap->pm_pdir + PTDPTDI) =
1202 VM_PAGE_TO_PHYS(ptdpg) | PG_V | PG_RW | PG_A | PG_M;
1205 pmap->pm_active = 0;
1206 pmap->pm_cached = 0;
1207 pmap->pm_ptphint = NULL;
1208 TAILQ_INIT(&pmap->pm_pvlist);
1209 TAILQ_INIT(&pmap->pm_pvlist_free);
1210 spin_init(&pmap->pm_spin);
1211 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1212 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1213 pmap->pm_stats.resident_count = 1;
1217 * Clean up a pmap structure so it can be physically freed. This routine
1218 * is called by the vmspace dtor function. A great deal of pmap data is
1219 * left passively mapped to improve vmspace management so we have a bit
1220 * of cleanup work to do here.
1225 pmap_puninit(pmap_t pmap)
1229 KKASSERT(pmap->pm_active == 0);
1230 if ((p = pmap->pm_pdirm) != NULL) {
1231 KKASSERT(pmap->pm_pdir != NULL);
1232 pmap_kremove((vm_offset_t)pmap->pm_pdir);
1233 vm_page_busy_wait(p, FALSE, "pgpun");
1234 vm_page_unwire(p, 0);
1235 vm_page_free_zero(p);
1236 pmap->pm_pdirm = NULL;
1238 if (pmap->pm_pdir) {
1239 kmem_free(&kernel_map, (vm_offset_t)pmap->pm_pdir, PAGE_SIZE);
1240 pmap->pm_pdir = NULL;
1242 if (pmap->pm_pteobj) {
1243 vm_object_deallocate(pmap->pm_pteobj);
1244 pmap->pm_pteobj = NULL;
1249 * Wire in kernel global address entries. To avoid a race condition
1250 * between pmap initialization and pmap_growkernel, this procedure
1251 * adds the pmap to the master list (which growkernel scans to update),
1252 * then copies the template.
1257 pmap_pinit2(struct pmap *pmap)
1260 * XXX copies current process, does not fill in MPPTDI
1262 spin_lock(&pmap_spin);
1263 TAILQ_INSERT_TAIL(&pmap_list, pmap, pm_pmnode);
1264 bcopy(PTD + KPTDI, pmap->pm_pdir + KPTDI, nkpt * PTESIZE);
1265 spin_unlock(&pmap_spin);
1269 * Attempt to release and free a vm_page in a pmap. Returns 1 on success,
1270 * 0 on failure (if the procedure had to sleep).
1272 * When asked to remove the page directory page itself, we actually just
1273 * leave it cached so we do not have to incur the SMP inval overhead of
1274 * removing the kernel mapping. pmap_puninit() will take care of it.
1276 * The caller must hold vm_token.
1277 * This function can block regardless.
1280 pmap_release_free_page(struct pmap *pmap, vm_page_t p)
1282 unsigned *pde = (unsigned *) pmap->pm_pdir;
1285 * This code optimizes the case of freeing non-busy
1286 * page-table pages. Those pages are zero now, and
1287 * might as well be placed directly into the zero queue.
1289 if (vm_page_busy_try(p, FALSE)) {
1290 vm_page_sleep_busy(p, FALSE, "pmaprl");
1295 * Remove the page table page from the processes address space.
1297 KKASSERT(pmap->pm_stats.resident_count > 0);
1298 KKASSERT(pde[p->pindex]);
1300 --pmap->pm_stats.resident_count;
1301 pmap->pm_cached = 0;
1303 if (p->wire_count != 1) {
1304 panic("pmap_release: freeing wired page table page");
1306 if (pmap->pm_ptphint && (pmap->pm_ptphint->pindex == p->pindex))
1307 pmap->pm_ptphint = NULL;
1310 * We leave the page directory page cached, wired, and mapped in
1311 * the pmap until the dtor function (pmap_puninit()) gets called.
1312 * However, still clean it up so we can set PG_ZERO.
1314 * The pmap has already been removed from the pmap_list in the
1317 if (p->pindex == PTDPTDI) {
1318 bzero(pde + KPTDI, nkpt * PTESIZE);
1319 bzero(pde + MPPTDI, (NPDEPG - MPPTDI) * PTESIZE);
1320 vm_page_flag_set(p, PG_ZERO);
1323 panic("pmap_release: page should already be gone %p", p);
1324 /*vm_page_flag_clear(p, PG_MAPPED); should already be clear */
1325 vm_page_unwire(p, 0);
1326 vm_page_free_zero(p);
1332 * This routine is called if the page table page is not mapped correctly.
1334 * The caller must hold vm_token.
1337 _pmap_allocpte(pmap_t pmap, unsigned ptepindex)
1343 * Find or fabricate a new pagetable page. Setting VM_ALLOC_ZERO
1344 * will zero any new page and mark it valid.
1346 m = vm_page_grab(pmap->pm_pteobj, ptepindex,
1347 VM_ALLOC_NORMAL | VM_ALLOC_ZERO | VM_ALLOC_RETRY);
1349 KASSERT(m->queue == PQ_NONE,
1350 ("_pmap_allocpte: %p->queue != PQ_NONE", m));
1353 * Increment the wire count for the page we will be returning to
1359 * It is possible that someone else got in and mapped by the page
1360 * directory page while we were blocked, if so just unbusy and
1361 * return the wired page.
1363 if ((ptepa = pmap->pm_pdir[ptepindex]) != 0) {
1364 KKASSERT((ptepa & PG_FRAME) == VM_PAGE_TO_PHYS(m));
1370 * Map the pagetable page into the process address space, if
1371 * it isn't already there.
1373 * NOTE: For safety clear pm_cached for all cpus including the
1374 * current one when adding a PDE to the map.
1376 ++pmap->pm_stats.resident_count;
1378 ptepa = VM_PAGE_TO_PHYS(m);
1379 pmap->pm_pdir[ptepindex] =
1380 (pd_entry_t) (ptepa | PG_U | PG_RW | PG_V | PG_A | PG_M);
1381 pmap->pm_cached = 0;
1384 * Set the page table hint
1386 pmap->pm_ptphint = m;
1387 vm_page_flag_set(m, PG_MAPPED);
1394 * Allocate a page table entry for a va.
1396 * The caller must hold vm_token.
1399 pmap_allocpte(pmap_t pmap, vm_offset_t va)
1405 ASSERT_LWKT_TOKEN_HELD(vm_object_token(pmap->pm_pteobj));
1408 * Calculate pagetable page index
1410 ptepindex = va >> PDRSHIFT;
1413 * Get the page directory entry
1415 ptepa = (vm_offset_t) pmap->pm_pdir[ptepindex];
1418 * This supports switching from a 4MB page to a
1421 if (ptepa & PG_PS) {
1422 pmap->pm_pdir[ptepindex] = 0;
1429 * If the page table page is mapped, we just increment the
1430 * wire count, and activate it.
1434 * In order to get the page table page, try the
1437 if (pmap->pm_ptphint &&
1438 (pmap->pm_ptphint->pindex == ptepindex)) {
1439 m = pmap->pm_ptphint;
1441 m = pmap_page_lookup(pmap->pm_pteobj, ptepindex);
1442 pmap->pm_ptphint = m;
1445 vm_page_wire_quick(m);
1449 * Here if the pte page isn't mapped, or if it has been deallocated.
1451 return _pmap_allocpte(pmap, ptepindex);
1455 /***************************************************
1456 * Pmap allocation/deallocation routines.
1457 ***************************************************/
1460 * Release any resources held by the given physical map.
1461 * Called when a pmap initialized by pmap_pinit is being released.
1462 * Should only be called if the map contains no valid mappings.
1464 * Caller must hold pmap->pm_token
1466 static int pmap_release_callback(struct vm_page *p, void *data);
1469 pmap_release(struct pmap *pmap)
1471 vm_object_t object = pmap->pm_pteobj;
1472 struct rb_vm_page_scan_info info;
1474 KASSERT(pmap->pm_active == 0,
1475 ("pmap still active! %08x", pmap->pm_active));
1476 #if defined(DIAGNOSTIC)
1477 if (object->ref_count != 1)
1478 panic("pmap_release: pteobj reference count != 1");
1482 info.object = object;
1484 spin_lock(&pmap_spin);
1485 TAILQ_REMOVE(&pmap_list, pmap, pm_pmnode);
1486 spin_unlock(&pmap_spin);
1488 vm_object_hold(object);
1492 info.limit = object->generation;
1494 vm_page_rb_tree_RB_SCAN(&object->rb_memq, NULL,
1495 pmap_release_callback, &info);
1496 if (info.error == 0 && info.mpte) {
1497 if (!pmap_release_free_page(pmap, info.mpte))
1500 } while (info.error);
1501 vm_object_drop(object);
1503 pmap->pm_cached = 0;
1507 * The caller must hold vm_token.
1510 pmap_release_callback(struct vm_page *p, void *data)
1512 struct rb_vm_page_scan_info *info = data;
1514 if (p->pindex == PTDPTDI) {
1518 if (!pmap_release_free_page(info->pmap, p)) {
1522 if (info->object->generation != info->limit) {
1530 * Grow the number of kernel page table entries, if needed.
1535 pmap_growkernel(vm_offset_t kstart, vm_offset_t kend)
1537 vm_offset_t addr = kend;
1539 vm_offset_t ptppaddr;
1543 vm_object_hold(kptobj);
1544 if (kernel_vm_end == 0) {
1545 kernel_vm_end = KERNBASE;
1547 while (pdir_pde(PTD, kernel_vm_end)) {
1548 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) &
1549 ~(PAGE_SIZE * NPTEPG - 1);
1553 addr = (addr + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1554 while (kernel_vm_end < addr) {
1555 if (pdir_pde(PTD, kernel_vm_end)) {
1556 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) &
1557 ~(PAGE_SIZE * NPTEPG - 1);
1562 * This index is bogus, but out of the way
1564 nkpg = vm_page_alloc(kptobj, nkpt, VM_ALLOC_NORMAL |
1566 VM_ALLOC_INTERRUPT);
1568 panic("pmap_growkernel: no memory to grow kernel");
1571 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
1572 pmap_zero_page(ptppaddr);
1573 newpdir = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
1574 pdir_pde(PTD, kernel_vm_end) = newpdir;
1575 *pmap_pde(&kernel_pmap, kernel_vm_end) = newpdir;
1579 * This update must be interlocked with pmap_pinit2.
1581 spin_lock(&pmap_spin);
1582 TAILQ_FOREACH(pmap, &pmap_list, pm_pmnode) {
1583 *pmap_pde(pmap, kernel_vm_end) = newpdir;
1585 spin_unlock(&pmap_spin);
1586 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) &
1587 ~(PAGE_SIZE * NPTEPG - 1);
1589 vm_object_drop(kptobj);
1593 * Retire the given physical map from service.
1595 * Should only be called if the map contains no valid mappings.
1600 pmap_destroy(pmap_t pmap)
1605 lwkt_gettoken(&vm_token);
1606 if (--pmap->pm_count == 0) {
1608 panic("destroying a pmap is not yet implemented");
1610 lwkt_reltoken(&vm_token);
1614 * Add a reference to the specified pmap.
1619 pmap_reference(pmap_t pmap)
1622 lwkt_gettoken(&vm_token);
1624 lwkt_reltoken(&vm_token);
1628 /***************************************************
1629 * page management routines.
1630 ***************************************************/
1633 * free the pv_entry back to the free list. This function may be
1634 * called from an interrupt.
1636 * The caller must hold vm_token.
1638 static PMAP_INLINE void
1639 free_pv_entry(pv_entry_t pv)
1642 KKASSERT(pv->pv_m != NULL);
1650 * get a new pv_entry, allocating a block from the system
1651 * when needed. This function may be called from an interrupt.
1653 * The caller must hold vm_token.
1659 if (pv_entry_high_water &&
1660 (pv_entry_count > pv_entry_high_water) &&
1661 (pmap_pagedaemon_waken == 0)) {
1662 pmap_pagedaemon_waken = 1;
1663 wakeup (&vm_pages_needed);
1665 return zalloc(pvzone);
1669 * This routine is very drastic, but can save the system
1679 static int warningdone=0;
1681 if (pmap_pagedaemon_waken == 0)
1683 lwkt_gettoken(&vm_token);
1684 pmap_pagedaemon_waken = 0;
1686 if (warningdone < 5) {
1687 kprintf("pmap_collect: collecting pv entries -- "
1688 "suggest increasing PMAP_SHPGPERPROC\n");
1692 for (i = 0; i < vm_page_array_size; i++) {
1693 m = &vm_page_array[i];
1694 if (m->wire_count || m->hold_count)
1696 if (vm_page_busy_try(m, TRUE) == 0) {
1697 if (m->wire_count == 0 && m->hold_count == 0) {
1703 lwkt_reltoken(&vm_token);
1708 * If it is the first entry on the list, it is actually
1709 * in the header and we must copy the following entry up
1710 * to the header. Otherwise we must search the list for
1711 * the entry. In either case we free the now unused entry.
1713 * The caller must hold vm_token.
1716 pmap_remove_entry(struct pmap *pmap, vm_page_t m,
1717 vm_offset_t va, pmap_inval_info_t info)
1722 ASSERT_LWKT_TOKEN_HELD(&vm_token);
1723 if (m->md.pv_list_count < pmap->pm_stats.resident_count) {
1724 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
1725 if (pmap == pv->pv_pmap && va == pv->pv_va)
1729 TAILQ_FOREACH(pv, &pmap->pm_pvlist, pv_plist) {
1731 KKASSERT(pv->pv_pmap == pmap);
1733 if (va == pv->pv_va)
1740 test_m_maps_pv(m, pv);
1741 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1742 m->md.pv_list_count--;
1744 atomic_add_int(&m->object->agg_pv_list_count, -1);
1745 if (TAILQ_EMPTY(&m->md.pv_list))
1746 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
1747 TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
1748 ++pmap->pm_generation;
1749 vm_object_hold(pmap->pm_pteobj);
1750 rtval = pmap_unuse_pt(pmap, va, pv->pv_ptem, info);
1751 vm_object_drop(pmap->pm_pteobj);
1758 * Create a pv entry for page at pa for (pmap, va).
1760 * The caller must hold vm_token.
1763 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t mpte, vm_page_t m)
1767 pv = get_pv_entry();
1769 KKASSERT(pv->pv_m == NULL);
1776 TAILQ_INSERT_TAIL(&pmap->pm_pvlist, pv, pv_plist);
1777 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1778 ++pmap->pm_generation;
1779 m->md.pv_list_count++;
1781 atomic_add_int(&m->object->agg_pv_list_count, 1);
1785 * pmap_remove_pte: do the things to unmap a page in a process.
1787 * The caller must hold vm_token.
1789 * WARNING! As with most other pmap functions this one can block, so
1790 * callers using temporary page table mappings must reload
1794 pmap_remove_pte(struct pmap *pmap, unsigned *ptq, vm_offset_t va,
1795 pmap_inval_info_t info)
1800 ptbase_assert(pmap);
1801 pmap_inval_interlock(info, pmap, va);
1802 ptbase_assert(pmap);
1803 oldpte = loadandclear(ptq);
1805 pmap->pm_stats.wired_count -= 1;
1806 pmap_inval_deinterlock(info, pmap);
1807 KKASSERT(oldpte & PG_V);
1809 * Machines that don't support invlpg, also don't support
1810 * PG_G. XXX PG_G is disabled for SMP so don't worry about
1814 cpu_invlpg((void *)va);
1815 KKASSERT(pmap->pm_stats.resident_count > 0);
1816 --pmap->pm_stats.resident_count;
1817 if (oldpte & PG_MANAGED) {
1818 m = PHYS_TO_VM_PAGE(oldpte);
1819 if (oldpte & PG_M) {
1820 #if defined(PMAP_DIAGNOSTIC)
1821 if (pmap_nw_modified((pt_entry_t) oldpte)) {
1822 kprintf("pmap_remove: modified page not "
1823 "writable: va: %p, pte: 0x%lx\n",
1824 (void *)va, (long)oldpte);
1827 if (pmap_track_modified(va))
1831 vm_page_flag_set(m, PG_REFERENCED);
1832 return pmap_remove_entry(pmap, m, va, info);
1834 return pmap_unuse_pt(pmap, va, NULL, info);
1841 * Remove a single page from a process address space.
1843 * The caller must hold vm_token.
1846 pmap_remove_page(struct pmap *pmap, vm_offset_t va, pmap_inval_info_t info)
1851 * If there is no pte for this address, just skip it!!! Otherwise
1852 * get a local va for mappings for this pmap and remove the entry.
1854 if (*pmap_pde(pmap, va) != 0) {
1855 ptq = get_ptbase(pmap) + i386_btop(va);
1857 pmap_remove_pte(pmap, ptq, va, info);
1864 * Remove the given range of addresses from the specified map.
1866 * It is assumed that the start and end are properly rounded to the page
1872 pmap_remove(struct pmap *pmap, vm_offset_t sva, vm_offset_t eva)
1876 vm_offset_t ptpaddr;
1877 vm_offset_t sindex, eindex;
1878 struct pmap_inval_info info;
1883 vm_object_hold(pmap->pm_pteobj);
1884 lwkt_gettoken(&vm_token);
1885 if (pmap->pm_stats.resident_count == 0) {
1886 lwkt_reltoken(&vm_token);
1887 vm_object_drop(pmap->pm_pteobj);
1891 pmap_inval_init(&info);
1894 * special handling of removing one page. a very
1895 * common operation and easy to short circuit some
1898 if (((sva + PAGE_SIZE) == eva) &&
1899 (((unsigned) pmap->pm_pdir[(sva >> PDRSHIFT)] & PG_PS) == 0)) {
1900 pmap_remove_page(pmap, sva, &info);
1901 pmap_inval_done(&info);
1902 lwkt_reltoken(&vm_token);
1903 vm_object_drop(pmap->pm_pteobj);
1908 * Get a local virtual address for the mappings that are being
1911 sindex = i386_btop(sva);
1912 eindex = i386_btop(eva);
1914 for (; sindex < eindex; sindex = pdnxt) {
1918 * Calculate index for next page table.
1920 pdnxt = ((sindex + NPTEPG) & ~(NPTEPG - 1));
1921 if (pmap->pm_stats.resident_count == 0)
1924 pdirindex = sindex / NPDEPG;
1925 if (((ptpaddr = (unsigned) pmap->pm_pdir[pdirindex]) & PG_PS) != 0) {
1926 pmap_inval_interlock(&info, pmap, -1);
1927 pmap->pm_pdir[pdirindex] = 0;
1928 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
1929 pmap->pm_cached = 0;
1930 pmap_inval_deinterlock(&info, pmap);
1935 * Weed out invalid mappings. Note: we assume that the page
1936 * directory table is always allocated, and in kernel virtual.
1942 * Limit our scan to either the end of the va represented
1943 * by the current page table page, or to the end of the
1944 * range being removed.
1946 if (pdnxt > eindex) {
1951 * NOTE: pmap_remove_pte() can block and wipe the temporary
1954 for (; sindex != pdnxt; sindex++) {
1957 ptbase = get_ptbase(pmap);
1958 if (ptbase[sindex] == 0)
1960 va = i386_ptob(sindex);
1961 if (pmap_remove_pte(pmap, ptbase + sindex, va, &info))
1965 pmap_inval_done(&info);
1966 lwkt_reltoken(&vm_token);
1967 vm_object_drop(pmap->pm_pteobj);
1971 * Removes this physical page from all physical maps in which it resides.
1972 * Reflects back modify bits to the pager.
1977 pmap_remove_all(vm_page_t m)
1979 struct pmap_inval_info info;
1980 unsigned *pte, tpte;
1983 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
1986 pmap_inval_init(&info);
1987 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
1988 KKASSERT(pv->pv_pmap->pm_stats.resident_count > 0);
1989 --pv->pv_pmap->pm_stats.resident_count;
1991 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
1992 pmap_inval_interlock(&info, pv->pv_pmap, pv->pv_va);
1993 tpte = loadandclear(pte);
1995 pv->pv_pmap->pm_stats.wired_count--;
1996 pmap_inval_deinterlock(&info, pv->pv_pmap);
1998 vm_page_flag_set(m, PG_REFERENCED);
2000 KKASSERT(PHYS_TO_VM_PAGE(tpte) == m);
2004 * Update the vm_page_t clean and reference bits.
2007 #if defined(PMAP_DIAGNOSTIC)
2008 if (pmap_nw_modified((pt_entry_t) tpte)) {
2009 kprintf("pmap_remove_all: modified page "
2010 "not writable: va: %p, pte: 0x%lx\n",
2011 (void *)pv->pv_va, (long)tpte);
2014 if (pmap_track_modified(pv->pv_va))
2018 KKASSERT(pv->pv_m == m);
2020 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2021 TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
2022 ++pv->pv_pmap->pm_generation;
2023 m->md.pv_list_count--;
2025 atomic_add_int(&m->object->agg_pv_list_count, -1);
2026 if (TAILQ_EMPTY(&m->md.pv_list))
2027 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
2028 vm_object_hold(pv->pv_pmap->pm_pteobj);
2029 pmap_unuse_pt(pv->pv_pmap, pv->pv_va, pv->pv_ptem, &info);
2030 vm_object_drop(pv->pv_pmap->pm_pteobj);
2033 KKASSERT((m->flags & (PG_MAPPED|PG_WRITEABLE)) == 0);
2034 pmap_inval_done(&info);
2038 * Set the physical protection on the specified range of this map
2044 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2047 vm_offset_t pdnxt, ptpaddr;
2048 vm_pindex_t sindex, eindex;
2049 pmap_inval_info info;
2054 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2055 pmap_remove(pmap, sva, eva);
2059 if (prot & VM_PROT_WRITE)
2062 lwkt_gettoken(&vm_token);
2063 pmap_inval_init(&info);
2065 ptbase = get_ptbase(pmap);
2067 sindex = i386_btop(sva);
2068 eindex = i386_btop(eva);
2070 for (; sindex < eindex; sindex = pdnxt) {
2073 pdnxt = ((sindex + NPTEPG) & ~(NPTEPG - 1));
2075 pdirindex = sindex / NPDEPG;
2076 if (((ptpaddr = (unsigned) pmap->pm_pdir[pdirindex]) & PG_PS) != 0) {
2077 pmap_inval_interlock(&info, pmap, -1);
2078 pmap->pm_pdir[pdirindex] &= ~(PG_M|PG_RW);
2079 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
2080 pmap_inval_deinterlock(&info, pmap);
2085 * Weed out invalid mappings. Note: we assume that the page
2086 * directory table is always allocated, and in kernel virtual.
2091 if (pdnxt > eindex) {
2095 for (; sindex != pdnxt; sindex++) {
2103 pmap_inval_interlock(&info, pmap, i386_ptob(sindex));
2105 pbits = ptbase[sindex];
2108 if (pbits & PG_MANAGED) {
2111 m = PHYS_TO_VM_PAGE(pbits);
2112 vm_page_flag_set(m, PG_REFERENCED);
2116 if (pmap_track_modified(i386_ptob(sindex))) {
2118 m = PHYS_TO_VM_PAGE(pbits);
2125 if (pbits != cbits &&
2126 !atomic_cmpset_int(ptbase + sindex, pbits, cbits)) {
2129 pmap_inval_deinterlock(&info, pmap);
2132 pmap_inval_done(&info);
2133 lwkt_reltoken(&vm_token);
2137 * Insert the given physical page (p) at the specified virtual address (v)
2138 * in the target physical map with the protection requested.
2140 * If specified, the page will be wired down, meaning that the related pte
2141 * cannot be reclaimed.
2146 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2152 vm_offset_t origpte, newpte;
2154 pmap_inval_info info;
2160 #ifdef PMAP_DIAGNOSTIC
2162 panic("pmap_enter: toobig");
2163 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS)) {
2164 panic("pmap_enter: invalid to pmap_enter page "
2165 "table pages (va: %p)", (void *)va);
2168 if (va < UPT_MAX_ADDRESS && pmap == &kernel_pmap) {
2169 kprintf("Warning: pmap_enter called on UVA with kernel_pmap\n");
2170 print_backtrace(-1);
2172 if (va >= UPT_MAX_ADDRESS && pmap != &kernel_pmap) {
2173 kprintf("Warning: pmap_enter called on KVA without kernel_pmap\n");
2174 print_backtrace(-1);
2177 vm_object_hold(pmap->pm_pteobj);
2178 lwkt_gettoken(&vm_token);
2181 * In the case that a page table page is not
2182 * resident, we are creating it here.
2184 if (va < UPT_MIN_ADDRESS)
2185 mpte = pmap_allocpte(pmap, va);
2189 if ((prot & VM_PROT_NOSYNC) == 0)
2190 pmap_inval_init(&info);
2191 pte = pmap_pte(pmap, va);
2194 * Page Directory table entry not valid, we need a new PT page
2197 panic("pmap_enter: invalid page directory pdir=0x%lx, va=%p\n",
2198 (long)pmap->pm_pdir[PTDPTDI], (void *)va);
2201 pa = VM_PAGE_TO_PHYS(m) & PG_FRAME;
2202 origpte = *(vm_offset_t *)pte;
2203 opa = origpte & PG_FRAME;
2205 if (origpte & PG_PS)
2206 panic("pmap_enter: attempted pmap_enter on 4MB page");
2209 * Mapping has not changed, must be protection or wiring change.
2211 if (origpte && (opa == pa)) {
2213 * Wiring change, just update stats. We don't worry about
2214 * wiring PT pages as they remain resident as long as there
2215 * are valid mappings in them. Hence, if a user page is wired,
2216 * the PT page will be also.
2218 if (wired && ((origpte & PG_W) == 0))
2219 pmap->pm_stats.wired_count++;
2220 else if (!wired && (origpte & PG_W))
2221 pmap->pm_stats.wired_count--;
2223 #if defined(PMAP_DIAGNOSTIC)
2224 if (pmap_nw_modified((pt_entry_t) origpte)) {
2225 kprintf("pmap_enter: modified page not "
2226 "writable: va: %p, pte: 0x%lx\n",
2227 (void *)va, (long )origpte);
2232 * Remove the extra pte reference. Note that we cannot
2233 * optimize the RO->RW case because we have adjusted the
2234 * wiring count above and may need to adjust the wiring
2238 if (vm_page_unwire_quick(mpte))
2239 panic("pmap_enter: Insufficient wire_count");
2243 * We might be turning off write access to the page,
2244 * so we go ahead and sense modify status.
2246 if (origpte & PG_MANAGED) {
2247 if ((origpte & PG_M) && pmap_track_modified(va)) {
2249 om = PHYS_TO_VM_PAGE(opa);
2253 KKASSERT(m->flags & PG_MAPPED);
2258 * Mapping has changed, invalidate old range and fall through to
2259 * handle validating new mapping.
2261 * Since we have a ref on the page directory page pmap_pte()
2262 * will always return non-NULL.
2264 * NOTE: pmap_remove_pte() can block and cause the temporary ptbase
2265 * to get wiped. reload the ptbase. I'm not sure if it is
2266 * also possible to race another pmap_enter() but check for
2272 KKASSERT((origpte & PG_FRAME) ==
2273 (*(vm_offset_t *)pte & PG_FRAME));
2274 err = pmap_remove_pte(pmap, pte, va, &info);
2276 panic("pmap_enter: pte vanished, va: %p", (void *)va);
2277 pte = pmap_pte(pmap, va);
2278 origpte = *(vm_offset_t *)pte;
2279 opa = origpte & PG_FRAME;
2281 kprintf("pmap_enter: Warning, raced pmap %p va %p\n",
2287 * Enter on the PV list if part of our managed memory. Note that we
2288 * raise IPL while manipulating pv_table since pmap_enter can be
2289 * called at interrupt time.
2291 if (pmap_initialized &&
2292 (m->flags & (PG_FICTITIOUS|PG_UNMANAGED)) == 0) {
2293 pmap_insert_entry(pmap, va, mpte, m);
2294 ptbase_assert(pmap);
2296 vm_page_flag_set(m, PG_MAPPED);
2300 * Increment counters
2302 ++pmap->pm_stats.resident_count;
2304 pmap->pm_stats.wired_count++;
2305 KKASSERT(*pte == 0);
2309 * Now validate mapping with desired protection/wiring.
2311 ptbase_assert(pmap);
2312 newpte = (vm_offset_t) (pa | pte_prot(pmap, prot) | PG_V);
2316 if (va < UPT_MIN_ADDRESS)
2318 if (pmap == &kernel_pmap)
2322 * if the mapping or permission bits are different, we need
2323 * to update the pte.
2325 if ((origpte & ~(PG_M|PG_A)) != newpte) {
2326 if (prot & VM_PROT_NOSYNC)
2327 cpu_invlpg((void *)va);
2329 pmap_inval_interlock(&info, pmap, va);
2330 ptbase_assert(pmap);
2331 KKASSERT(*pte == 0 ||
2332 (*pte & PG_FRAME) == (newpte & PG_FRAME));
2333 *pte = newpte | PG_A;
2334 if ((prot & VM_PROT_NOSYNC) == 0)
2335 pmap_inval_deinterlock(&info, pmap);
2337 vm_page_flag_set(m, PG_WRITEABLE);
2339 KKASSERT((newpte & PG_MANAGED) == 0 || (m->flags & PG_MAPPED));
2340 if ((prot & VM_PROT_NOSYNC) == 0)
2341 pmap_inval_done(&info);
2342 lwkt_reltoken(&vm_token);
2343 vm_object_drop(pmap->pm_pteobj);
2347 * This code works like pmap_enter() but assumes VM_PROT_READ and not-wired.
2348 * This code also assumes that the pmap has no pre-existing entry for this
2351 * This code currently may only be used on user pmaps, not kernel_pmap.
2356 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m)
2363 pmap_inval_info info;
2365 vm_object_hold(pmap->pm_pteobj);
2366 lwkt_gettoken(&vm_token);
2367 pmap_inval_init(&info);
2369 if (va < UPT_MAX_ADDRESS && pmap == &kernel_pmap) {
2370 kprintf("Warning: pmap_enter_quick called on UVA with kernel_pmap\n");
2371 print_backtrace(-1);
2373 if (va >= UPT_MAX_ADDRESS && pmap != &kernel_pmap) {
2374 kprintf("Warning: pmap_enter_quick called on KVA without kernel_pmap\n");
2375 print_backtrace(-1);
2378 KKASSERT(va < UPT_MIN_ADDRESS); /* assert used on user pmaps only */
2381 * Calculate the page table page (mpte), allocating it if necessary.
2383 * A held page table page (mpte), or NULL, is passed onto the
2384 * section following.
2386 if (va < UPT_MIN_ADDRESS) {
2388 * Calculate pagetable page index
2390 ptepindex = va >> PDRSHIFT;
2394 * Get the page directory entry
2396 ptepa = (vm_offset_t) pmap->pm_pdir[ptepindex];
2399 * If the page table page is mapped, we just increment
2400 * the wire count, and activate it.
2404 panic("pmap_enter_quick: unexpected mapping into 4MB page");
2405 if (pmap->pm_ptphint &&
2406 (pmap->pm_ptphint->pindex == ptepindex)) {
2407 mpte = pmap->pm_ptphint;
2409 mpte = pmap_page_lookup(pmap->pm_pteobj, ptepindex);
2410 pmap->pm_ptphint = mpte;
2411 vm_page_wakeup(mpte);
2414 vm_page_wire_quick(mpte);
2416 mpte = _pmap_allocpte(pmap, ptepindex);
2418 } while (mpte == NULL);
2421 /* this code path is not yet used */
2425 * With a valid (and held) page directory page, we can just use
2426 * vtopte() to get to the pte. If the pte is already present
2427 * we do not disturb it.
2429 pte = (unsigned *)vtopte(va);
2432 pmap_unwire_pte(pmap, mpte, &info);
2433 pa = VM_PAGE_TO_PHYS(m);
2434 KKASSERT(((*pte ^ pa) & PG_FRAME) == 0);
2435 pmap_inval_done(&info);
2436 lwkt_reltoken(&vm_token);
2437 vm_object_drop(pmap->pm_pteobj);
2442 * Enter on the PV list if part of our managed memory
2444 if ((m->flags & (PG_FICTITIOUS|PG_UNMANAGED)) == 0) {
2445 pmap_insert_entry(pmap, va, mpte, m);
2446 vm_page_flag_set(m, PG_MAPPED);
2450 * Increment counters
2452 ++pmap->pm_stats.resident_count;
2454 pa = VM_PAGE_TO_PHYS(m);
2457 * Now validate mapping with RO protection
2459 if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
2460 *pte = pa | PG_V | PG_U;
2462 *pte = pa | PG_V | PG_U | PG_MANAGED;
2463 /* pmap_inval_add(&info, pmap, va); shouldn't be needed inval->valid */
2464 pmap_inval_done(&info);
2465 lwkt_reltoken(&vm_token);
2466 vm_object_drop(pmap->pm_pteobj);
2470 * Make a temporary mapping for a physical address. This is only intended
2471 * to be used for panic dumps.
2473 * The caller is responsible for calling smp_invltlb().
2478 pmap_kenter_temporary(vm_paddr_t pa, long i)
2480 pmap_kenter_quick((vm_offset_t)crashdumpmap + (i * PAGE_SIZE), pa);
2481 return ((void *)crashdumpmap);
2484 #define MAX_INIT_PT (96)
2487 * This routine preloads the ptes for a given object into the specified pmap.
2488 * This eliminates the blast of soft faults on process startup and
2489 * immediately after an mmap.
2493 static int pmap_object_init_pt_callback(vm_page_t p, void *data);
2496 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_prot_t prot,
2497 vm_object_t object, vm_pindex_t pindex,
2498 vm_size_t size, int limit)
2500 struct rb_vm_page_scan_info info;
2505 * We can't preinit if read access isn't set or there is no pmap
2508 if ((prot & VM_PROT_READ) == 0 || pmap == NULL || object == NULL)
2512 * We can't preinit if the pmap is not the current pmap
2514 lp = curthread->td_lwp;
2515 if (lp == NULL || pmap != vmspace_pmap(lp->lwp_vmspace))
2518 psize = i386_btop(size);
2520 if ((object->type != OBJT_VNODE) ||
2521 ((limit & MAP_PREFAULT_PARTIAL) && (psize > MAX_INIT_PT) &&
2522 (object->resident_page_count > MAX_INIT_PT))) {
2526 if (psize + pindex > object->size) {
2527 if (object->size < pindex)
2529 psize = object->size - pindex;
2536 * Use a red-black scan to traverse the requested range and load
2537 * any valid pages found into the pmap.
2539 * We cannot safely scan the object's memq unless we are in a
2540 * critical section since interrupts can remove pages from objects.
2542 info.start_pindex = pindex;
2543 info.end_pindex = pindex + psize - 1;
2549 vm_object_hold(object);
2550 vm_page_rb_tree_RB_SCAN(&object->rb_memq, rb_vm_page_scancmp,
2551 pmap_object_init_pt_callback, &info);
2552 vm_object_drop(object);
2556 * The caller must hold vm_token.
2560 pmap_object_init_pt_callback(vm_page_t p, void *data)
2562 struct rb_vm_page_scan_info *info = data;
2563 vm_pindex_t rel_index;
2565 * don't allow an madvise to blow away our really
2566 * free pages allocating pv entries.
2568 if ((info->limit & MAP_PREFAULT_MADVISE) &&
2569 vmstats.v_free_count < vmstats.v_free_reserved) {
2574 * Ignore list markers and ignore pages we cannot instantly
2575 * busy (while holding the object token).
2577 if (p->flags & PG_MARKER)
2579 if (vm_page_busy_try(p, TRUE))
2581 if (((p->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
2582 (p->flags & PG_FICTITIOUS) == 0) {
2583 if ((p->queue - p->pc) == PQ_CACHE)
2584 vm_page_deactivate(p);
2585 rel_index = p->pindex - info->start_pindex;
2586 pmap_enter_quick(info->pmap,
2587 info->addr + i386_ptob(rel_index), p);
2594 * Return TRUE if the pmap is in shape to trivially
2595 * pre-fault the specified address.
2597 * Returns FALSE if it would be non-trivial or if a
2598 * pte is already loaded into the slot.
2603 pmap_prefault_ok(pmap_t pmap, vm_offset_t addr)
2608 lwkt_gettoken(&vm_token);
2609 if ((*pmap_pde(pmap, addr)) == 0) {
2612 pte = (unsigned *) vtopte(addr);
2613 ret = (*pte) ? 0 : 1;
2615 lwkt_reltoken(&vm_token);
2620 * Change the wiring attribute for a map/virtual-adderss pair. The mapping
2621 * must already exist.
2626 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
2633 lwkt_gettoken(&vm_token);
2634 pte = pmap_pte(pmap, va);
2636 if (wired && !pmap_pte_w(pte))
2637 pmap->pm_stats.wired_count++;
2638 else if (!wired && pmap_pte_w(pte))
2639 pmap->pm_stats.wired_count--;
2642 * Wiring is not a hardware characteristic so there is no need to
2643 * invalidate TLB. However, in an SMP environment we must use
2644 * a locked bus cycle to update the pte (if we are not using
2645 * the pmap_inval_*() API that is)... it's ok to do this for simple
2650 atomic_set_int(pte, PG_W);
2652 atomic_clear_int(pte, PG_W);
2655 atomic_set_int_nonlocked(pte, PG_W);
2657 atomic_clear_int_nonlocked(pte, PG_W);
2659 lwkt_reltoken(&vm_token);
2663 * Copy the range specified by src_addr/len from the source map to the
2664 * range dst_addr/len in the destination map.
2666 * This routine is only advisory and need not do anything.
2671 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
2672 vm_size_t len, vm_offset_t src_addr)
2678 * Zero the specified PA by mapping the page into KVM and clearing its
2684 pmap_zero_page(vm_paddr_t phys)
2686 struct mdglobaldata *gd = mdcpu;
2689 if (*(int *)gd->gd_CMAP3)
2690 panic("pmap_zero_page: CMAP3 busy");
2691 *(int *)gd->gd_CMAP3 =
2692 PG_V | PG_RW | (phys & PG_FRAME) | PG_A | PG_M;
2693 cpu_invlpg(gd->gd_CADDR3);
2694 bzero(gd->gd_CADDR3, PAGE_SIZE);
2695 *(int *) gd->gd_CMAP3 = 0;
2700 * Assert that a page is empty, panic if it isn't.
2705 pmap_page_assertzero(vm_paddr_t phys)
2707 struct mdglobaldata *gd = mdcpu;
2711 if (*(int *)gd->gd_CMAP3)
2712 panic("pmap_zero_page: CMAP3 busy");
2713 *(int *)gd->gd_CMAP3 =
2714 PG_V | PG_RW | (phys & PG_FRAME) | PG_A | PG_M;
2715 cpu_invlpg(gd->gd_CADDR3);
2716 for (i = 0; i < PAGE_SIZE; i += 4) {
2717 if (*(int *)((char *)gd->gd_CADDR3 + i) != 0) {
2718 panic("pmap_page_assertzero() @ %p not zero!\n",
2719 (void *)gd->gd_CADDR3);
2722 *(int *) gd->gd_CMAP3 = 0;
2727 * Zero part of a physical page by mapping it into memory and clearing
2728 * its contents with bzero.
2730 * off and size may not cover an area beyond a single hardware page.
2735 pmap_zero_page_area(vm_paddr_t phys, int off, int size)
2737 struct mdglobaldata *gd = mdcpu;
2740 if (*(int *) gd->gd_CMAP3)
2741 panic("pmap_zero_page: CMAP3 busy");
2742 *(int *) gd->gd_CMAP3 = PG_V | PG_RW | (phys & PG_FRAME) | PG_A | PG_M;
2743 cpu_invlpg(gd->gd_CADDR3);
2744 bzero((char *)gd->gd_CADDR3 + off, size);
2745 *(int *) gd->gd_CMAP3 = 0;
2750 * Copy the physical page from the source PA to the target PA.
2751 * This function may be called from an interrupt. No locking
2757 pmap_copy_page(vm_paddr_t src, vm_paddr_t dst)
2759 struct mdglobaldata *gd = mdcpu;
2762 if (*(int *) gd->gd_CMAP1)
2763 panic("pmap_copy_page: CMAP1 busy");
2764 if (*(int *) gd->gd_CMAP2)
2765 panic("pmap_copy_page: CMAP2 busy");
2767 *(int *) gd->gd_CMAP1 = PG_V | (src & PG_FRAME) | PG_A;
2768 *(int *) gd->gd_CMAP2 = PG_V | PG_RW | (dst & PG_FRAME) | PG_A | PG_M;
2770 cpu_invlpg(gd->gd_CADDR1);
2771 cpu_invlpg(gd->gd_CADDR2);
2773 bcopy(gd->gd_CADDR1, gd->gd_CADDR2, PAGE_SIZE);
2775 *(int *) gd->gd_CMAP1 = 0;
2776 *(int *) gd->gd_CMAP2 = 0;
2781 * Copy the physical page from the source PA to the target PA.
2782 * This function may be called from an interrupt. No locking
2788 pmap_copy_page_frag(vm_paddr_t src, vm_paddr_t dst, size_t bytes)
2790 struct mdglobaldata *gd = mdcpu;
2793 if (*(int *) gd->gd_CMAP1)
2794 panic("pmap_copy_page: CMAP1 busy");
2795 if (*(int *) gd->gd_CMAP2)
2796 panic("pmap_copy_page: CMAP2 busy");
2798 *(int *) gd->gd_CMAP1 = PG_V | (src & PG_FRAME) | PG_A;
2799 *(int *) gd->gd_CMAP2 = PG_V | PG_RW | (dst & PG_FRAME) | PG_A | PG_M;
2801 cpu_invlpg(gd->gd_CADDR1);
2802 cpu_invlpg(gd->gd_CADDR2);
2804 bcopy((char *)gd->gd_CADDR1 + (src & PAGE_MASK),
2805 (char *)gd->gd_CADDR2 + (dst & PAGE_MASK),
2808 *(int *) gd->gd_CMAP1 = 0;
2809 *(int *) gd->gd_CMAP2 = 0;
2814 * Returns true if the pmap's pv is one of the first
2815 * 16 pvs linked to from this page. This count may
2816 * be changed upwards or downwards in the future; it
2817 * is only necessary that true be returned for a small
2818 * subset of pmaps for proper page aging.
2823 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
2828 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
2831 lwkt_gettoken(&vm_token);
2832 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
2833 if (pv->pv_pmap == pmap) {
2834 lwkt_reltoken(&vm_token);
2841 lwkt_reltoken(&vm_token);
2846 * Remove all pages from specified address space
2847 * this aids process exit speeds. Also, this code
2848 * is special cased for current process only, but
2849 * can have the more generic (and slightly slower)
2850 * mode enabled. This is much faster than pmap_remove
2851 * in the case of running down an entire address space.
2856 pmap_remove_pages(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2859 unsigned *pte, tpte;
2862 pmap_inval_info info;
2864 int32_t save_generation;
2866 lp = curthread->td_lwp;
2867 if (lp && pmap == vmspace_pmap(lp->lwp_vmspace))
2872 if (pmap->pm_pteobj)
2873 vm_object_hold(pmap->pm_pteobj);
2874 lwkt_gettoken(&vm_token);
2875 pmap_inval_init(&info);
2877 for (pv = TAILQ_FIRST(&pmap->pm_pvlist); pv; pv = npv) {
2878 if (pv->pv_va >= eva || pv->pv_va < sva) {
2879 npv = TAILQ_NEXT(pv, pv_plist);
2883 KKASSERT(pmap == pv->pv_pmap);
2886 pte = (unsigned *)vtopte(pv->pv_va);
2888 pte = pmap_pte_quick(pmap, pv->pv_va);
2890 pmap_inval_interlock(&info, pmap, pv->pv_va);
2893 * We cannot remove wired pages from a process' mapping
2897 pmap_inval_deinterlock(&info, pmap);
2898 npv = TAILQ_NEXT(pv, pv_plist);
2902 tpte = loadandclear(pte);
2903 pmap_inval_deinterlock(&info, pmap);
2905 m = PHYS_TO_VM_PAGE(tpte);
2906 test_m_maps_pv(m, pv);
2908 KASSERT(m < &vm_page_array[vm_page_array_size],
2909 ("pmap_remove_pages: bad tpte %x", tpte));
2911 KKASSERT(pmap->pm_stats.resident_count > 0);
2912 --pmap->pm_stats.resident_count;
2915 * Update the vm_page_t clean and reference bits.
2921 npv = TAILQ_NEXT(pv, pv_plist);
2923 KKASSERT(pv->pv_m == m);
2924 KKASSERT(pv->pv_pmap == pmap);
2926 TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
2927 save_generation = ++pmap->pm_generation;
2929 m->md.pv_list_count--;
2931 atomic_add_int(&m->object->agg_pv_list_count, -1);
2932 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2933 if (TAILQ_EMPTY(&m->md.pv_list))
2934 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
2936 pmap_unuse_pt(pmap, pv->pv_va, pv->pv_ptem, &info);
2940 * Restart the scan if we blocked during the unuse or free
2941 * calls and other removals were made.
2943 if (save_generation != pmap->pm_generation) {
2944 kprintf("Warning: pmap_remove_pages race-A avoided\n");
2945 npv = TAILQ_FIRST(&pmap->pm_pvlist);
2948 pmap_inval_done(&info);
2949 lwkt_reltoken(&vm_token);
2950 if (pmap->pm_pteobj)
2951 vm_object_drop(pmap->pm_pteobj);
2955 * pmap_testbit tests bits in pte's
2956 * note that the testbit/clearbit routines are inline,
2957 * and a lot of things compile-time evaluate.
2959 * The caller must hold vm_token.
2962 pmap_testbit(vm_page_t m, int bit)
2967 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
2970 if (TAILQ_FIRST(&m->md.pv_list) == NULL)
2973 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
2975 * if the bit being tested is the modified bit, then
2976 * mark clean_map and ptes as never
2979 if (bit & (PG_A|PG_M)) {
2980 if (!pmap_track_modified(pv->pv_va))
2984 #if defined(PMAP_DIAGNOSTIC)
2986 kprintf("Null pmap (tb) at va: %p\n",
2991 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
3000 * This routine is used to modify bits in ptes
3002 * The caller must hold vm_token.
3004 static __inline void
3005 pmap_clearbit(vm_page_t m, int bit)
3007 struct pmap_inval_info info;
3012 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
3015 pmap_inval_init(&info);
3018 * Loop over all current mappings setting/clearing as appropos If
3019 * setting RO do we need to clear the VAC?
3021 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3023 * don't write protect pager mappings
3026 if (!pmap_track_modified(pv->pv_va))
3030 #if defined(PMAP_DIAGNOSTIC)
3032 kprintf("Null pmap (cb) at va: %p\n",
3039 * Careful here. We can use a locked bus instruction to
3040 * clear PG_A or PG_M safely but we need to synchronize
3041 * with the target cpus when we mess with PG_RW.
3043 * We do not have to force synchronization when clearing
3044 * PG_M even for PTEs generated via virtual memory maps,
3045 * because the virtual kernel will invalidate the pmap
3046 * entry when/if it needs to resynchronize the Modify bit.
3049 pmap_inval_interlock(&info, pv->pv_pmap, pv->pv_va);
3050 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
3057 atomic_clear_int(pte, PG_M|PG_RW);
3060 * The cpu may be trying to set PG_M
3061 * simultaniously with our clearing
3064 if (!atomic_cmpset_int(pte, pbits,
3068 } else if (bit == PG_M) {
3070 * We could also clear PG_RW here to force
3071 * a fault on write to redetect PG_M for
3072 * virtual kernels, but it isn't necessary
3073 * since virtual kernels invalidate the pte
3074 * when they clear the VPTE_M bit in their
3075 * virtual page tables.
3077 atomic_clear_int(pte, PG_M);
3079 atomic_clear_int(pte, bit);
3083 pmap_inval_deinterlock(&info, pv->pv_pmap);
3085 pmap_inval_done(&info);
3089 * Lower the permission for all mappings to a given page.
3094 pmap_page_protect(vm_page_t m, vm_prot_t prot)
3096 if ((prot & VM_PROT_WRITE) == 0) {
3097 lwkt_gettoken(&vm_token);
3098 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
3099 pmap_clearbit(m, PG_RW);
3100 vm_page_flag_clear(m, PG_WRITEABLE);
3104 lwkt_reltoken(&vm_token);
3109 * Return the physical address given a physical page index.
3114 pmap_phys_address(vm_pindex_t ppn)
3116 return (i386_ptob(ppn));
3120 * Return a count of reference bits for a page, clearing those bits.
3121 * It is not necessary for every reference bit to be cleared, but it
3122 * is necessary that 0 only be returned when there are truly no
3123 * reference bits set.
3128 pmap_ts_referenced(vm_page_t m)
3130 pv_entry_t pv, pvf, pvn;
3134 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
3137 lwkt_gettoken(&vm_token);
3139 if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3144 pvn = TAILQ_NEXT(pv, pv_list);
3146 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3147 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
3149 if (!pmap_track_modified(pv->pv_va))
3152 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va);
3154 if (pte && (*pte & PG_A)) {
3156 atomic_clear_int(pte, PG_A);
3158 atomic_clear_int_nonlocked(pte, PG_A);
3165 } while ((pv = pvn) != NULL && pv != pvf);
3168 lwkt_reltoken(&vm_token);
3174 * Return whether or not the specified physical page was modified
3175 * in any physical maps.
3180 pmap_is_modified(vm_page_t m)
3184 lwkt_gettoken(&vm_token);
3185 res = pmap_testbit(m, PG_M);
3186 lwkt_reltoken(&vm_token);
3191 * Clear the modify bits on the specified physical page.
3196 pmap_clear_modify(vm_page_t m)
3198 lwkt_gettoken(&vm_token);
3199 pmap_clearbit(m, PG_M);
3200 lwkt_reltoken(&vm_token);
3204 * Clear the reference bit on the specified physical page.
3209 pmap_clear_reference(vm_page_t m)
3211 lwkt_gettoken(&vm_token);
3212 pmap_clearbit(m, PG_A);
3213 lwkt_reltoken(&vm_token);
3217 * Miscellaneous support routines follow
3219 * Called from the low level boot code only.
3222 i386_protection_init(void)
3226 kp = protection_codes;
3227 for (prot = 0; prot < 8; prot++) {
3229 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_NONE:
3231 * Read access is also 0. There isn't any execute bit,
3232 * so just make it readable.
3234 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_NONE:
3235 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_EXECUTE:
3236 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_EXECUTE:
3239 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_NONE:
3240 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_EXECUTE:
3241 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_NONE:
3242 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
3250 * Map a set of physical memory pages into the kernel virtual
3251 * address space. Return a pointer to where it is mapped. This
3252 * routine is intended to be used for mapping device memory,
3255 * NOTE: we can't use pgeflag unless we invalidate the pages one at
3261 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
3263 vm_offset_t va, tmpva, offset;
3266 offset = pa & PAGE_MASK;
3267 size = roundup(offset + size, PAGE_SIZE);
3269 va = kmem_alloc_nofault(&kernel_map, size, PAGE_SIZE);
3271 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3274 for (tmpva = va; size > 0;) {
3275 pte = (unsigned *)vtopte(tmpva);
3276 *pte = pa | PG_RW | PG_V; /* | pgeflag; */
3284 return ((void *)(va + offset));
3288 pmap_mapdev_uncacheable(vm_paddr_t pa, vm_size_t size)
3290 vm_offset_t va, tmpva, offset;
3293 offset = pa & PAGE_MASK;
3294 size = roundup(offset + size, PAGE_SIZE);
3296 va = kmem_alloc_nofault(&kernel_map, size, PAGE_SIZE);
3298 panic("pmap_mapdev_uncacheable: "
3299 "Couldn't alloc kernel virtual memory");
3303 for (tmpva = va; size > 0;) {
3304 pte = (unsigned *)vtopte(tmpva);
3305 *pte = pa | PG_RW | PG_V | PG_N; /* | pgeflag; */
3313 return ((void *)(va + offset));
3320 pmap_unmapdev(vm_offset_t va, vm_size_t size)
3322 vm_offset_t base, offset;
3324 base = va & PG_FRAME;
3325 offset = va & PAGE_MASK;
3326 size = roundup(offset + size, PAGE_SIZE);
3327 pmap_qremove(va, size >> PAGE_SHIFT);
3328 kmem_free(&kernel_map, base, size);
3332 * Perform the pmap work for mincore
3334 * The caller must hold vm_token if the caller wishes a stable result,
3335 * and even in that case some bits can change due to third party accesses
3341 pmap_mincore(pmap_t pmap, vm_offset_t addr)
3343 unsigned *ptep, pte;
3347 lwkt_gettoken(&vm_token);
3348 ptep = pmap_pte(pmap, addr);
3350 if (ptep && (pte = *ptep) != 0) {
3353 val = MINCORE_INCORE;
3354 if ((pte & PG_MANAGED) == 0)
3357 pa = pte & PG_FRAME;
3359 m = PHYS_TO_VM_PAGE(pa);
3365 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
3366 } else if (m->dirty || pmap_is_modified(m)) {
3368 * Modified by someone else
3370 val |= MINCORE_MODIFIED_OTHER;
3377 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
3378 } else if ((m->flags & PG_REFERENCED) ||
3379 pmap_ts_referenced(m)) {
3381 * Referenced by someone else
3383 val |= MINCORE_REFERENCED_OTHER;
3384 vm_page_flag_set(m, PG_REFERENCED);
3388 lwkt_reltoken(&vm_token);
3393 * Replace p->p_vmspace with a new one. If adjrefs is non-zero the new
3394 * vmspace will be ref'd and the old one will be deref'd.
3396 * cr3 will be reloaded if any lwp is the current lwp.
3398 * Only called with new VM spaces.
3399 * The process must have only a single thread.
3400 * The process must hold the vmspace->vm_map.token for oldvm and newvm
3401 * No other requirements.
3404 pmap_replacevm(struct proc *p, struct vmspace *newvm, int adjrefs)
3406 struct vmspace *oldvm;
3409 oldvm = p->p_vmspace;
3410 if (oldvm != newvm) {
3412 sysref_get(&newvm->vm_sysref);
3413 p->p_vmspace = newvm;
3414 KKASSERT(p->p_nthreads == 1);
3415 lp = RB_ROOT(&p->p_lwp_tree);
3416 pmap_setlwpvm(lp, newvm);
3418 sysref_put(&oldvm->vm_sysref);
3423 * Set the vmspace for a LWP. The vmspace is almost universally set the
3424 * same as the process vmspace, but virtual kernels need to swap out contexts
3425 * on a per-lwp basis.
3427 * Always called with a lp under the caller's direct control, either
3428 * unscheduled or the current lwp.
3433 pmap_setlwpvm(struct lwp *lp, struct vmspace *newvm)
3435 struct vmspace *oldvm;
3438 oldvm = lp->lwp_vmspace;
3440 if (oldvm != newvm) {
3441 lp->lwp_vmspace = newvm;
3442 if (curthread->td_lwp == lp) {
3443 pmap = vmspace_pmap(newvm);
3445 atomic_set_cpumask(&pmap->pm_active, mycpu->gd_cpumask);
3446 if (pmap->pm_active & CPUMASK_LOCK)
3447 pmap_interlock_wait(newvm);
3449 pmap->pm_active |= 1;
3451 #if defined(SWTCH_OPTIM_STATS)
3454 curthread->td_pcb->pcb_cr3 = vtophys(pmap->pm_pdir);
3455 load_cr3(curthread->td_pcb->pcb_cr3);
3456 pmap = vmspace_pmap(oldvm);
3458 atomic_clear_cpumask(&pmap->pm_active,
3461 pmap->pm_active &= ~(cpumask_t)1;
3469 * Called when switching to a locked pmap, used to interlock against pmaps
3470 * undergoing modifications to prevent us from activating the MMU for the
3471 * target pmap until all such modifications have completed. We have to do
3472 * this because the thread making the modifications has already set up its
3473 * SMP synchronization mask.
3478 pmap_interlock_wait(struct vmspace *vm)
3480 struct pmap *pmap = &vm->vm_pmap;
3482 if (pmap->pm_active & CPUMASK_LOCK) {
3484 DEBUG_PUSH_INFO("pmap_interlock_wait");
3485 while (pmap->pm_active & CPUMASK_LOCK) {
3487 lwkt_process_ipiq();
3497 * Return a page-directory alignment hint for device mappings which will
3498 * allow the use of super-pages for the mapping.
3503 pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
3506 if ((obj == NULL) || (size < NBPDR) || (obj->type != OBJT_DEVICE)) {
3510 addr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
3515 * Return whether the PGE flag is supported globally.
3520 pmap_get_pgeflag(void)
3526 * Used by kmalloc/kfree, page already exists at va
3529 pmap_kvtom(vm_offset_t va)
3531 return(PHYS_TO_VM_PAGE(*vtopte(va) & PG_FRAME));
projects / dragonfly.git / blob