4 * Copyright (c) 1991 Regents of the University of California.
5 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
7 * Copyright (c) 2003 Peter Wemm
8 * Copyright (c) 2005-2008 Alan L. Cox <alc@cs.rice.edu>
9 * Copyright (c) 2008, 2009 The DragonFly Project.
10 * Copyright (c) 2008, 2009 Jordan Gordeev.
11 * Copyright (c) 2011 Matthew Dillon
12 * All rights reserved.
14 * This code is derived from software contributed to Berkeley by
15 * the Systems Programming Group of the University of Utah Computer
16 * Science Department and William Jolitz of UUNET Technologies Inc.
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 * 3. All advertising materials mentioning features or use of this software
27 * must display the following acknowledgement:
28 * This product includes software developed by the University of
29 * California, Berkeley and its contributors.
30 * 4. Neither the name of the University nor the names of its contributors
31 * may be used to endorse or promote products derived from this software
32 * without specific prior written permission.
34 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
47 * $FreeBSD: src/sys/i386/i386/pmap.c,v 1.250.2.18 2002/03/06 22:48:53 silby Exp $
51 * Manages physical address maps.
53 * In addition to hardware address maps, this
54 * module is called upon to provide software-use-only
55 * maps which may or may not be stored in the same
56 * form as hardware maps. These pseudo-maps are
57 * used to store intermediate results from copy
58 * operations to and from address spaces.
60 * Since the information managed by this module is
61 * also stored by the logical address mapping module,
62 * this module may throw away valid virtual-to-physical
63 * mappings at almost any time. However, invalidations
64 * of virtual-to-physical mappings must be done as
67 * In order to cope with hardware architectures which
68 * make virtual-to-physical map invalidates expensive,
69 * this module may delay invalidate or reduced protection
70 * operations until such time as they are actually
71 * necessary. This module is given full information as
72 * to which processors are currently using which maps,
73 * and to when physical maps must be made correct.
77 #include "opt_disable_pse.h"
80 #include "opt_msgbuf.h"
82 #include <sys/param.h>
83 #include <sys/systm.h>
84 #include <sys/kernel.h>
86 #include <sys/msgbuf.h>
87 #include <sys/vmmeter.h>
91 #include <vm/vm_param.h>
92 #include <sys/sysctl.h>
94 #include <vm/vm_kern.h>
95 #include <vm/vm_page.h>
96 #include <vm/vm_map.h>
97 #include <vm/vm_object.h>
98 #include <vm/vm_extern.h>
99 #include <vm/vm_pageout.h>
100 #include <vm/vm_pager.h>
101 #include <vm/vm_zone.h>
103 #include <sys/user.h>
104 #include <sys/thread2.h>
105 #include <sys/sysref2.h>
106 #include <sys/spinlock2.h>
107 #include <vm/vm_page2.h>
109 #include <machine/cputypes.h>
110 #include <machine/md_var.h>
111 #include <machine/specialreg.h>
112 #include <machine/smp.h>
113 #include <machine_base/apic/apicreg.h>
114 #include <machine/globaldata.h>
115 #include <machine/pmap.h>
116 #include <machine/pmap_inval.h>
117 #include <machine/inttypes.h>
121 #define PMAP_KEEP_PDIRS
122 #ifndef PMAP_SHPGPERPROC
123 #define PMAP_SHPGPERPROC 200
126 #if defined(DIAGNOSTIC)
127 #define PMAP_DIAGNOSTIC
133 * pmap debugging will report who owns a pv lock when blocking.
137 #define PMAP_DEBUG_DECL ,const char *func, int lineno
138 #define PMAP_DEBUG_ARGS , __func__, __LINE__
139 #define PMAP_DEBUG_COPY , func, lineno
141 #define pv_get(pmap, pindex) _pv_get(pmap, pindex \
143 #define pv_lock(pv) _pv_lock(pv \
145 #define pv_hold_try(pv) _pv_hold_try(pv \
147 #define pv_alloc(pmap, pindex, isnewp) _pv_alloc(pmap, pindex, isnewp \
152 #define PMAP_DEBUG_DECL
153 #define PMAP_DEBUG_ARGS
154 #define PMAP_DEBUG_COPY
156 #define pv_get(pmap, pindex) _pv_get(pmap, pindex)
157 #define pv_lock(pv) _pv_lock(pv)
158 #define pv_hold_try(pv) _pv_hold_try(pv)
159 #define pv_alloc(pmap, pindex, isnewp) _pv_alloc(pmap, pindex, isnewp)
164 * Get PDEs and PTEs for user/kernel address space
166 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
168 #define pmap_pde_v(pte) ((*(pd_entry_t *)pte & PG_V) != 0)
169 #define pmap_pte_w(pte) ((*(pt_entry_t *)pte & PG_W) != 0)
170 #define pmap_pte_m(pte) ((*(pt_entry_t *)pte & PG_M) != 0)
171 #define pmap_pte_u(pte) ((*(pt_entry_t *)pte & PG_A) != 0)
172 #define pmap_pte_v(pte) ((*(pt_entry_t *)pte & PG_V) != 0)
175 * Given a map and a machine independent protection code,
176 * convert to a vax protection code.
178 #define pte_prot(m, p) \
179 (protection_codes[p & (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)])
180 static int protection_codes[8];
182 struct pmap kernel_pmap;
183 static TAILQ_HEAD(,pmap) pmap_list = TAILQ_HEAD_INITIALIZER(pmap_list);
185 vm_paddr_t avail_start; /* PA of first available physical page */
186 vm_paddr_t avail_end; /* PA of last available physical page */
187 vm_offset_t virtual2_start; /* cutout free area prior to kernel start */
188 vm_offset_t virtual2_end;
189 vm_offset_t virtual_start; /* VA of first avail page (after kernel bss) */
190 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
191 vm_offset_t KvaStart; /* VA start of KVA space */
192 vm_offset_t KvaEnd; /* VA end of KVA space (non-inclusive) */
193 vm_offset_t KvaSize; /* max size of kernel virtual address space */
194 static boolean_t pmap_initialized = FALSE; /* Has pmap_init completed? */
195 static int pgeflag; /* PG_G or-in */
196 static int pseflag; /* PG_PS or-in */
199 static vm_paddr_t dmaplimit;
201 vm_offset_t kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
203 static uint64_t KPTbase;
204 static uint64_t KPTphys;
205 static uint64_t KPDphys; /* phys addr of kernel level 2 */
206 static uint64_t KPDbase; /* phys addr of kernel level 2 @ KERNBASE */
207 uint64_t KPDPphys; /* phys addr of kernel level 3 */
208 uint64_t KPML4phys; /* phys addr of kernel level 4 */
210 static uint64_t DMPDphys; /* phys addr of direct mapped level 2 */
211 static uint64_t DMPDPphys; /* phys addr of direct mapped level 3 */
214 * Data for the pv entry allocation mechanism
216 static vm_zone_t pvzone;
217 static struct vm_zone pvzone_store;
218 static struct vm_object pvzone_obj;
219 static int pv_entry_max=0, pv_entry_high_water=0;
220 static int pmap_pagedaemon_waken = 0;
221 static struct pv_entry *pvinit;
224 * All those kernel PT submaps that BSD is so fond of
226 pt_entry_t *CMAP1 = 0, *ptmmap;
227 caddr_t CADDR1 = 0, ptvmmap = 0;
228 static pt_entry_t *msgbufmap;
229 struct msgbuf *msgbufp=0;
234 static pt_entry_t *pt_crashdumpmap;
235 static caddr_t crashdumpmap;
237 static int pmap_yield_count = 64;
238 SYSCTL_INT(_machdep, OID_AUTO, pmap_yield_count, CTLFLAG_RW,
239 &pmap_yield_count, 0, "Yield during init_pt/release");
243 static void pv_hold(pv_entry_t pv);
244 static int _pv_hold_try(pv_entry_t pv
246 static void pv_drop(pv_entry_t pv);
247 static void _pv_lock(pv_entry_t pv
249 static void pv_unlock(pv_entry_t pv);
250 static pv_entry_t _pv_alloc(pmap_t pmap, vm_pindex_t pindex, int *isnew
252 static pv_entry_t _pv_get(pmap_t pmap, vm_pindex_t pindex
254 static pv_entry_t pv_get_try(pmap_t pmap, vm_pindex_t pindex, int *errorp);
255 static pv_entry_t pv_find(pmap_t pmap, vm_pindex_t pindex);
256 static void pv_put(pv_entry_t pv);
257 static void pv_free(pv_entry_t pv);
258 static void *pv_pte_lookup(pv_entry_t pv, vm_pindex_t pindex);
259 static pv_entry_t pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex,
261 static void pmap_remove_pv_pte(pv_entry_t pv, pv_entry_t pvp,
262 struct pmap_inval_info *info);
263 static vm_page_t pmap_remove_pv_page(pv_entry_t pv, int holdpg);
265 static void pmap_remove_callback(pmap_t pmap, struct pmap_inval_info *info,
266 pv_entry_t pte_pv, pv_entry_t pt_pv, vm_offset_t va,
267 pt_entry_t *ptep, void *arg __unused);
268 static void pmap_protect_callback(pmap_t pmap, struct pmap_inval_info *info,
269 pv_entry_t pte_pv, pv_entry_t pt_pv, vm_offset_t va,
270 pt_entry_t *ptep, void *arg __unused);
272 static void i386_protection_init (void);
273 static void create_pagetables(vm_paddr_t *firstaddr);
274 static void pmap_remove_all (vm_page_t m);
275 static boolean_t pmap_testbit (vm_page_t m, int bit);
277 static pt_entry_t * pmap_pte_quick (pmap_t pmap, vm_offset_t va);
278 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
280 static unsigned pdir4mb;
283 pv_entry_compare(pv_entry_t pv1, pv_entry_t pv2)
285 if (pv1->pv_pindex < pv2->pv_pindex)
287 if (pv1->pv_pindex > pv2->pv_pindex)
292 RB_GENERATE2(pv_entry_rb_tree, pv_entry, pv_entry,
293 pv_entry_compare, vm_pindex_t, pv_pindex);
296 * Move the kernel virtual free pointer to the next
297 * 2MB. This is used to help improve performance
298 * by using a large (2MB) page for much of the kernel
299 * (.text, .data, .bss)
303 pmap_kmem_choose(vm_offset_t addr)
305 vm_offset_t newaddr = addr;
307 newaddr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
314 * Super fast pmap_pte routine best used when scanning the pv lists.
315 * This eliminates many course-grained invltlb calls. Note that many of
316 * the pv list scans are across different pmaps and it is very wasteful
317 * to do an entire invltlb when checking a single mapping.
319 static __inline pt_entry_t *pmap_pte(pmap_t pmap, vm_offset_t va);
323 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
325 return pmap_pte(pmap, va);
329 * Returns the pindex of a page table entry (representing a terminal page).
330 * There are NUPTE_TOTAL page table entries possible (a huge number)
332 * x86-64 has a 48-bit address space, where bit 47 is sign-extended out.
333 * We want to properly translate negative KVAs.
337 pmap_pte_pindex(vm_offset_t va)
339 return ((va >> PAGE_SHIFT) & (NUPTE_TOTAL - 1));
343 * Returns the pindex of a page table.
347 pmap_pt_pindex(vm_offset_t va)
349 return (NUPTE_TOTAL + ((va >> PDRSHIFT) & (NUPT_TOTAL - 1)));
353 * Returns the pindex of a page directory.
357 pmap_pd_pindex(vm_offset_t va)
359 return (NUPTE_TOTAL + NUPT_TOTAL +
360 ((va >> PDPSHIFT) & (NUPD_TOTAL - 1)));
365 pmap_pdp_pindex(vm_offset_t va)
367 return (NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL +
368 ((va >> PML4SHIFT) & (NUPDP_TOTAL - 1)));
373 pmap_pml4_pindex(void)
375 return (NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL + NUPDP_TOTAL);
379 * Return various clipped indexes for a given VA
381 * Returns the index of a pte in a page table, representing a terminal
386 pmap_pte_index(vm_offset_t va)
388 return ((va >> PAGE_SHIFT) & ((1ul << NPTEPGSHIFT) - 1));
392 * Returns the index of a pt in a page directory, representing a page
397 pmap_pt_index(vm_offset_t va)
399 return ((va >> PDRSHIFT) & ((1ul << NPDEPGSHIFT) - 1));
403 * Returns the index of a pd in a page directory page, representing a page
408 pmap_pd_index(vm_offset_t va)
410 return ((va >> PDPSHIFT) & ((1ul << NPDPEPGSHIFT) - 1));
414 * Returns the index of a pdp in the pml4 table, representing a page
419 pmap_pdp_index(vm_offset_t va)
421 return ((va >> PML4SHIFT) & ((1ul << NPML4EPGSHIFT) - 1));
425 * Generic procedure to index a pte from a pt, pd, or pdp.
429 pv_pte_lookup(pv_entry_t pv, vm_pindex_t pindex)
433 pte = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pv->pv_m));
434 return(&pte[pindex]);
438 * Return pointer to PDP slot in the PML4
442 pmap_pdp(pmap_t pmap, vm_offset_t va)
444 return (&pmap->pm_pml4[pmap_pdp_index(va)]);
448 * Return pointer to PD slot in the PDP given a pointer to the PDP
452 pmap_pdp_to_pd(pml4_entry_t *pdp, vm_offset_t va)
456 pd = (pdp_entry_t *)PHYS_TO_DMAP(*pdp & PG_FRAME);
457 return (&pd[pmap_pd_index(va)]);
461 * Return pointer to PD slot in the PDP
465 pmap_pd(pmap_t pmap, vm_offset_t va)
469 pdp = pmap_pdp(pmap, va);
470 if ((*pdp & PG_V) == 0)
472 return (pmap_pdp_to_pd(pdp, va));
476 * Return pointer to PT slot in the PD given a pointer to the PD
480 pmap_pd_to_pt(pdp_entry_t *pd, vm_offset_t va)
484 pt = (pd_entry_t *)PHYS_TO_DMAP(*pd & PG_FRAME);
485 return (&pt[pmap_pt_index(va)]);
489 * Return pointer to PT slot in the PD
493 pmap_pt(pmap_t pmap, vm_offset_t va)
497 pd = pmap_pd(pmap, va);
498 if (pd == NULL || (*pd & PG_V) == 0)
500 return (pmap_pd_to_pt(pd, va));
504 * Return pointer to PTE slot in the PT given a pointer to the PT
508 pmap_pt_to_pte(pd_entry_t *pt, vm_offset_t va)
512 pte = (pt_entry_t *)PHYS_TO_DMAP(*pt & PG_FRAME);
513 return (&pte[pmap_pte_index(va)]);
517 * Return pointer to PTE slot in the PT
521 pmap_pte(pmap_t pmap, vm_offset_t va)
525 pt = pmap_pt(pmap, va);
526 if (pt == NULL || (*pt & PG_V) == 0)
528 if ((*pt & PG_PS) != 0)
529 return ((pt_entry_t *)pt);
530 return (pmap_pt_to_pte(pt, va));
534 * Of all the layers (PTE, PT, PD, PDP, PML4) the best one to cache is
535 * the PT layer. This will speed up core pmap operations considerably.
539 pv_cache(pv_entry_t pv, vm_pindex_t pindex)
541 if (pindex >= pmap_pt_pindex(0) && pindex <= pmap_pd_pindex(0))
542 pv->pv_pmap->pm_pvhint = pv;
547 * KVM - return address of PT slot in PD
551 vtopt(vm_offset_t va)
553 uint64_t mask = ((1ul << (NPDEPGSHIFT + NPDPEPGSHIFT +
554 NPML4EPGSHIFT)) - 1);
556 return (PDmap + ((va >> PDRSHIFT) & mask));
560 * KVM - return address of PTE slot in PT
564 vtopte(vm_offset_t va)
566 uint64_t mask = ((1ul << (NPTEPGSHIFT + NPDEPGSHIFT +
567 NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
569 return (PTmap + ((va >> PAGE_SHIFT) & mask));
573 allocpages(vm_paddr_t *firstaddr, long n)
578 bzero((void *)ret, n * PAGE_SIZE);
579 *firstaddr += n * PAGE_SIZE;
585 create_pagetables(vm_paddr_t *firstaddr)
587 long i; /* must be 64 bits */
592 * We are running (mostly) V=P at this point
594 * Calculate NKPT - number of kernel page tables. We have to
595 * accomodoate prealloction of the vm_page_array, dump bitmap,
596 * MSGBUF_SIZE, and other stuff. Be generous.
598 * Maxmem is in pages.
600 ndmpdp = (ptoa(Maxmem) + NBPDP - 1) >> PDPSHIFT;
601 if (ndmpdp < 4) /* Minimum 4GB of dirmap */
605 * Starting at the beginning of kvm (not KERNBASE).
607 nkpt_phys = (Maxmem * sizeof(struct vm_page) + NBPDR - 1) / NBPDR;
608 nkpt_phys += (Maxmem * sizeof(struct pv_entry) + NBPDR - 1) / NBPDR;
609 nkpt_phys += ((nkpt + nkpt + 1 + NKPML4E + NKPDPE + NDMPML4E + ndmpdp) +
614 * Starting at KERNBASE - map 2G worth of page table pages.
615 * KERNBASE is offset -2G from the end of kvm.
617 nkpt_base = (NPDPEPG - KPDPI) * NPTEPG; /* typically 2 x 512 */
622 KPTbase = allocpages(firstaddr, nkpt_base);
623 KPTphys = allocpages(firstaddr, nkpt_phys);
624 KPML4phys = allocpages(firstaddr, 1);
625 KPDPphys = allocpages(firstaddr, NKPML4E);
626 KPDphys = allocpages(firstaddr, NKPDPE);
629 * Calculate the page directory base for KERNBASE,
630 * that is where we start populating the page table pages.
631 * Basically this is the end - 2.
633 KPDbase = KPDphys + ((NKPDPE - (NPDPEPG - KPDPI)) << PAGE_SHIFT);
635 DMPDPphys = allocpages(firstaddr, NDMPML4E);
636 if ((amd_feature & AMDID_PAGE1GB) == 0)
637 DMPDphys = allocpages(firstaddr, ndmpdp);
638 dmaplimit = (vm_paddr_t)ndmpdp << PDPSHIFT;
641 * Fill in the underlying page table pages for the area around
642 * KERNBASE. This remaps low physical memory to KERNBASE.
644 * Read-only from zero to physfree
645 * XXX not fully used, underneath 2M pages
647 for (i = 0; (i << PAGE_SHIFT) < *firstaddr; i++) {
648 ((pt_entry_t *)KPTbase)[i] = i << PAGE_SHIFT;
649 ((pt_entry_t *)KPTbase)[i] |= PG_RW | PG_V | PG_G;
653 * Now map the initial kernel page tables. One block of page
654 * tables is placed at the beginning of kernel virtual memory,
655 * and another block is placed at KERNBASE to map the kernel binary,
656 * data, bss, and initial pre-allocations.
658 for (i = 0; i < nkpt_base; i++) {
659 ((pd_entry_t *)KPDbase)[i] = KPTbase + (i << PAGE_SHIFT);
660 ((pd_entry_t *)KPDbase)[i] |= PG_RW | PG_V;
662 for (i = 0; i < nkpt_phys; i++) {
663 ((pd_entry_t *)KPDphys)[i] = KPTphys + (i << PAGE_SHIFT);
664 ((pd_entry_t *)KPDphys)[i] |= PG_RW | PG_V;
668 * Map from zero to end of allocations using 2M pages as an
669 * optimization. This will bypass some of the KPTBase pages
670 * above in the KERNBASE area.
672 for (i = 0; (i << PDRSHIFT) < *firstaddr; i++) {
673 ((pd_entry_t *)KPDbase)[i] = i << PDRSHIFT;
674 ((pd_entry_t *)KPDbase)[i] |= PG_RW | PG_V | PG_PS | PG_G;
678 * And connect up the PD to the PDP. The kernel pmap is expected
679 * to pre-populate all of its PDs. See NKPDPE in vmparam.h.
681 for (i = 0; i < NKPDPE; i++) {
682 ((pdp_entry_t *)KPDPphys)[NPDPEPG - NKPDPE + i] =
683 KPDphys + (i << PAGE_SHIFT);
684 ((pdp_entry_t *)KPDPphys)[NPDPEPG - NKPDPE + i] |=
688 /* Now set up the direct map space using either 2MB or 1GB pages */
689 /* Preset PG_M and PG_A because demotion expects it */
690 if ((amd_feature & AMDID_PAGE1GB) == 0) {
691 for (i = 0; i < NPDEPG * ndmpdp; i++) {
692 ((pd_entry_t *)DMPDphys)[i] = i << PDRSHIFT;
693 ((pd_entry_t *)DMPDphys)[i] |= PG_RW | PG_V | PG_PS |
696 /* And the direct map space's PDP */
697 for (i = 0; i < ndmpdp; i++) {
698 ((pdp_entry_t *)DMPDPphys)[i] = DMPDphys +
700 ((pdp_entry_t *)DMPDPphys)[i] |= PG_RW | PG_V | PG_U;
703 for (i = 0; i < ndmpdp; i++) {
704 ((pdp_entry_t *)DMPDPphys)[i] =
705 (vm_paddr_t)i << PDPSHIFT;
706 ((pdp_entry_t *)DMPDPphys)[i] |= PG_RW | PG_V | PG_PS |
711 /* And recursively map PML4 to itself in order to get PTmap */
712 ((pdp_entry_t *)KPML4phys)[PML4PML4I] = KPML4phys;
713 ((pdp_entry_t *)KPML4phys)[PML4PML4I] |= PG_RW | PG_V | PG_U;
715 /* Connect the Direct Map slot up to the PML4 */
716 ((pdp_entry_t *)KPML4phys)[DMPML4I] = DMPDPphys;
717 ((pdp_entry_t *)KPML4phys)[DMPML4I] |= PG_RW | PG_V | PG_U;
719 /* Connect the KVA slot up to the PML4 */
720 ((pdp_entry_t *)KPML4phys)[KPML4I] = KPDPphys;
721 ((pdp_entry_t *)KPML4phys)[KPML4I] |= PG_RW | PG_V | PG_U;
725 * Bootstrap the system enough to run with virtual memory.
727 * On the i386 this is called after mapping has already been enabled
728 * and just syncs the pmap module with what has already been done.
729 * [We can't call it easily with mapping off since the kernel is not
730 * mapped with PA == VA, hence we would have to relocate every address
731 * from the linked base (virtual) address "KERNBASE" to the actual
732 * (physical) address starting relative to 0]
735 pmap_bootstrap(vm_paddr_t *firstaddr)
739 struct mdglobaldata *gd;
742 KvaStart = VM_MIN_KERNEL_ADDRESS;
743 KvaEnd = VM_MAX_KERNEL_ADDRESS;
744 KvaSize = KvaEnd - KvaStart;
746 avail_start = *firstaddr;
749 * Create an initial set of page tables to run the kernel in.
751 create_pagetables(firstaddr);
753 virtual2_start = KvaStart;
754 virtual2_end = PTOV_OFFSET;
756 virtual_start = (vm_offset_t) PTOV_OFFSET + *firstaddr;
757 virtual_start = pmap_kmem_choose(virtual_start);
759 virtual_end = VM_MAX_KERNEL_ADDRESS;
761 /* XXX do %cr0 as well */
762 load_cr4(rcr4() | CR4_PGE | CR4_PSE);
766 * Initialize protection array.
768 i386_protection_init();
771 * The kernel's pmap is statically allocated so we don't have to use
772 * pmap_create, which is unlikely to work correctly at this part of
773 * the boot sequence (XXX and which no longer exists).
775 kernel_pmap.pm_pml4 = (pdp_entry_t *) (PTOV_OFFSET + KPML4phys);
776 kernel_pmap.pm_count = 1;
777 kernel_pmap.pm_active = (cpumask_t)-1 & ~CPUMASK_LOCK;
778 RB_INIT(&kernel_pmap.pm_pvroot);
779 spin_init(&kernel_pmap.pm_spin);
780 lwkt_token_init(&kernel_pmap.pm_token, "kpmap_tok");
783 * Reserve some special page table entries/VA space for temporary
786 #define SYSMAP(c, p, v, n) \
787 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
793 * CMAP1/CMAP2 are used for zeroing and copying pages.
795 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
800 SYSMAP(caddr_t, pt_crashdumpmap, crashdumpmap, MAXDUMPPGS);
803 * ptvmmap is used for reading arbitrary physical pages via
806 SYSMAP(caddr_t, ptmmap, ptvmmap, 1)
809 * msgbufp is used to map the system message buffer.
810 * XXX msgbufmap is not used.
812 SYSMAP(struct msgbuf *, msgbufmap, msgbufp,
813 atop(round_page(MSGBUF_SIZE)))
820 * PG_G is terribly broken on SMP because we IPI invltlb's in some
821 * cases rather then invl1pg. Actually, I don't even know why it
822 * works under UP because self-referential page table mappings
827 if (cpu_feature & CPUID_PGE)
832 * Initialize the 4MB page size flag
836 * The 4MB page version of the initial
837 * kernel page mapping.
841 #if !defined(DISABLE_PSE)
842 if (cpu_feature & CPUID_PSE) {
845 * Note that we have enabled PSE mode
848 ptditmp = *(PTmap + x86_64_btop(KERNBASE));
849 ptditmp &= ~(NBPDR - 1);
850 ptditmp |= PG_V | PG_RW | PG_PS | PG_U | pgeflag;
855 * Enable the PSE mode. If we are SMP we can't do this
856 * now because the APs will not be able to use it when
859 load_cr4(rcr4() | CR4_PSE);
862 * We can do the mapping here for the single processor
863 * case. We simply ignore the old page table page from
867 * For SMP, we still need 4K pages to bootstrap APs,
868 * PSE will be enabled as soon as all APs are up.
870 PTD[KPTDI] = (pd_entry_t)ptditmp;
877 * We need to finish setting up the globaldata page for the BSP.
878 * locore has already populated the page table for the mdglobaldata
881 pg = MDGLOBALDATA_BASEALLOC_PAGES;
882 gd = &CPU_prvspace[0].mdglobaldata;
889 * Set 4mb pdir for mp startup
894 if (pseflag && (cpu_feature & CPUID_PSE)) {
895 load_cr4(rcr4() | CR4_PSE);
896 if (pdir4mb && mycpu->gd_cpuid == 0) { /* only on BSP */
904 * Initialize the pmap module.
905 * Called by vm_init, to initialize any structures that the pmap
906 * system needs to map virtual memory.
907 * pmap_init has been enhanced to support in a fairly consistant
908 * way, discontiguous physical memory.
917 * Allocate memory for random pmap data structures. Includes the
921 for (i = 0; i < vm_page_array_size; i++) {
924 m = &vm_page_array[i];
925 TAILQ_INIT(&m->md.pv_list);
929 * init the pv free list
931 initial_pvs = vm_page_array_size;
932 if (initial_pvs < MINPV)
934 pvzone = &pvzone_store;
935 pvinit = (void *)kmem_alloc(&kernel_map,
936 initial_pvs * sizeof (struct pv_entry));
937 zbootinit(pvzone, "PV ENTRY", sizeof (struct pv_entry),
938 pvinit, initial_pvs);
941 * Now it is safe to enable pv_table recording.
943 pmap_initialized = TRUE;
947 * Initialize the address space (zone) for the pv_entries. Set a
948 * high water mark so that the system can recover from excessive
949 * numbers of pv entries.
954 int shpgperproc = PMAP_SHPGPERPROC;
957 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
958 pv_entry_max = shpgperproc * maxproc + vm_page_array_size;
959 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
960 pv_entry_high_water = 9 * (pv_entry_max / 10);
963 * Subtract out pages already installed in the zone (hack)
965 entry_max = pv_entry_max - vm_page_array_size;
969 zinitna(pvzone, &pvzone_obj, NULL, 0, entry_max, ZONE_INTERRUPT, 1);
973 /***************************************************
974 * Low level helper routines.....
975 ***************************************************/
977 #if defined(PMAP_DIAGNOSTIC)
980 * This code checks for non-writeable/modified pages.
981 * This should be an invalid condition.
985 pmap_nw_modified(pt_entry_t pte)
987 if ((pte & (PG_M|PG_RW)) == PG_M)
996 * this routine defines the region(s) of memory that should
997 * not be tested for the modified bit.
1001 pmap_track_modified(vm_pindex_t pindex)
1003 vm_offset_t va = (vm_offset_t)pindex << PAGE_SHIFT;
1004 if ((va < clean_sva) || (va >= clean_eva))
1011 * Extract the physical page address associated with the map/VA pair.
1012 * The page must be wired for this to work reliably.
1014 * XXX for the moment we're using pv_find() instead of pv_get(), as
1015 * callers might be expecting non-blocking operation.
1018 pmap_extract(pmap_t pmap, vm_offset_t va)
1025 if (va >= VM_MAX_USER_ADDRESS) {
1027 * Kernel page directories might be direct-mapped and
1028 * there is typically no PV tracking of pte's
1032 pt = pmap_pt(pmap, va);
1033 if (pt && (*pt & PG_V)) {
1035 rtval = *pt & PG_PS_FRAME;
1036 rtval |= va & PDRMASK;
1038 ptep = pmap_pt_to_pte(pt, va);
1040 rtval = *ptep & PG_FRAME;
1041 rtval |= va & PAGE_MASK;
1047 * User pages currently do not direct-map the page directory
1048 * and some pages might not used managed PVs. But all PT's
1051 pt_pv = pv_find(pmap, pmap_pt_pindex(va));
1053 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
1055 rtval = *ptep & PG_FRAME;
1056 rtval |= va & PAGE_MASK;
1065 * Extract the physical page address associated kernel virtual address.
1068 pmap_kextract(vm_offset_t va)
1070 pd_entry_t pt; /* pt entry in pd */
1073 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
1074 pa = DMAP_TO_PHYS(va);
1078 pa = (pt & PG_PS_FRAME) | (va & PDRMASK);
1081 * Beware of a concurrent promotion that changes the
1082 * PDE at this point! For example, vtopte() must not
1083 * be used to access the PTE because it would use the
1084 * new PDE. It is, however, safe to use the old PDE
1085 * because the page table page is preserved by the
1088 pa = *pmap_pt_to_pte(&pt, va);
1089 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
1095 /***************************************************
1096 * Low level mapping routines.....
1097 ***************************************************/
1100 * Routine: pmap_kenter
1102 * Add a wired page to the KVA
1103 * NOTE! note that in order for the mapping to take effect -- you
1104 * should do an invltlb after doing the pmap_kenter().
1107 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1111 pmap_inval_info info;
1113 pmap_inval_init(&info); /* XXX remove */
1114 npte = pa | PG_RW | PG_V | pgeflag;
1116 pmap_inval_interlock(&info, &kernel_pmap, va); /* XXX remove */
1118 pmap_inval_deinterlock(&info, &kernel_pmap); /* XXX remove */
1119 pmap_inval_done(&info); /* XXX remove */
1123 * Routine: pmap_kenter_quick
1125 * Similar to pmap_kenter(), except we only invalidate the
1126 * mapping on the current CPU.
1129 pmap_kenter_quick(vm_offset_t va, vm_paddr_t pa)
1134 npte = pa | PG_RW | PG_V | pgeflag;
1137 cpu_invlpg((void *)va);
1141 pmap_kenter_sync(vm_offset_t va)
1143 pmap_inval_info info;
1145 pmap_inval_init(&info);
1146 pmap_inval_interlock(&info, &kernel_pmap, va);
1147 pmap_inval_deinterlock(&info, &kernel_pmap);
1148 pmap_inval_done(&info);
1152 pmap_kenter_sync_quick(vm_offset_t va)
1154 cpu_invlpg((void *)va);
1158 * remove a page from the kernel pagetables
1161 pmap_kremove(vm_offset_t va)
1164 pmap_inval_info info;
1166 pmap_inval_init(&info);
1168 pmap_inval_interlock(&info, &kernel_pmap, va);
1170 pmap_inval_deinterlock(&info, &kernel_pmap);
1171 pmap_inval_done(&info);
1175 pmap_kremove_quick(vm_offset_t va)
1180 cpu_invlpg((void *)va);
1184 * XXX these need to be recoded. They are not used in any critical path.
1187 pmap_kmodify_rw(vm_offset_t va)
1189 atomic_set_long(vtopte(va), PG_RW);
1190 cpu_invlpg((void *)va);
1194 pmap_kmodify_nc(vm_offset_t va)
1196 atomic_set_long(vtopte(va), PG_N);
1197 cpu_invlpg((void *)va);
1201 * Used to map a range of physical addresses into kernel virtual
1202 * address space during the low level boot, typically to map the
1203 * dump bitmap, message buffer, and vm_page_array.
1205 * These mappings are typically made at some pointer after the end of the
1208 * We could return PHYS_TO_DMAP(start) here and not allocate any
1209 * via (*virtp), but then kmem from userland and kernel dumps won't
1210 * have access to the related pointers.
1213 pmap_map(vm_offset_t *virtp, vm_paddr_t start, vm_paddr_t end, int prot)
1216 vm_offset_t va_start;
1218 /*return PHYS_TO_DMAP(start);*/
1223 while (start < end) {
1224 pmap_kenter_quick(va, start);
1234 * Add a list of wired pages to the kva
1235 * this routine is only used for temporary
1236 * kernel mappings that do not need to have
1237 * page modification or references recorded.
1238 * Note that old mappings are simply written
1239 * over. The page *must* be wired.
1242 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
1246 end_va = va + count * PAGE_SIZE;
1248 while (va < end_va) {
1252 *pte = VM_PAGE_TO_PHYS(*m) | PG_RW | PG_V | pgeflag;
1253 cpu_invlpg((void *)va);
1261 * This routine jerks page mappings from the
1262 * kernel -- it is meant only for temporary mappings.
1264 * MPSAFE, INTERRUPT SAFE (cluster callback)
1267 pmap_qremove(vm_offset_t va, int count)
1271 end_va = va + count * PAGE_SIZE;
1273 while (va < end_va) {
1278 cpu_invlpg((void *)va);
1285 * Create a new thread and optionally associate it with a (new) process.
1286 * NOTE! the new thread's cpu may not equal the current cpu.
1289 pmap_init_thread(thread_t td)
1291 /* enforce pcb placement & alignment */
1292 td->td_pcb = (struct pcb *)(td->td_kstack + td->td_kstack_size) - 1;
1293 td->td_pcb = (struct pcb *)((intptr_t)td->td_pcb & ~(intptr_t)0xF);
1294 td->td_savefpu = &td->td_pcb->pcb_save;
1295 td->td_sp = (char *)td->td_pcb; /* no -16 */
1299 * This routine directly affects the fork perf for a process.
1302 pmap_init_proc(struct proc *p)
1307 * Dispose the UPAGES for a process that has exited.
1308 * This routine directly impacts the exit perf of a process.
1311 pmap_dispose_proc(struct proc *p)
1313 KASSERT(p->p_lock == 0, ("attempt to dispose referenced proc! %p", p));
1317 * Initialize pmap0/vmspace0. This pmap is not added to pmap_list because
1318 * it, and IdlePTD, represents the template used to update all other pmaps.
1320 * On architectures where the kernel pmap is not integrated into the user
1321 * process pmap, this pmap represents the process pmap, not the kernel pmap.
1322 * kernel_pmap should be used to directly access the kernel_pmap.
1325 pmap_pinit0(struct pmap *pmap)
1327 pmap->pm_pml4 = (pml4_entry_t *)(PTOV_OFFSET + KPML4phys);
1329 pmap->pm_active = 0;
1330 pmap->pm_pvhint = NULL;
1331 RB_INIT(&pmap->pm_pvroot);
1332 spin_init(&pmap->pm_spin);
1333 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1334 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1338 * Initialize a preallocated and zeroed pmap structure,
1339 * such as one in a vmspace structure.
1342 pmap_pinit(struct pmap *pmap)
1347 * Misc initialization
1350 pmap->pm_active = 0;
1351 pmap->pm_pvhint = NULL;
1352 if (pmap->pm_pmlpv == NULL) {
1353 RB_INIT(&pmap->pm_pvroot);
1354 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1355 spin_init(&pmap->pm_spin);
1356 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1360 * No need to allocate page table space yet but we do need a valid
1361 * page directory table.
1363 if (pmap->pm_pml4 == NULL) {
1365 (pml4_entry_t *)kmem_alloc_pageable(&kernel_map, PAGE_SIZE);
1369 * Allocate the page directory page, which wires it even though
1370 * it isn't being entered into some higher level page table (it
1371 * being the highest level). If one is already cached we don't
1372 * have to do anything.
1374 if ((pv = pmap->pm_pmlpv) == NULL) {
1375 pv = pmap_allocpte(pmap, pmap_pml4_pindex(), NULL);
1376 pmap->pm_pmlpv = pv;
1377 pmap_kenter((vm_offset_t)pmap->pm_pml4,
1378 VM_PAGE_TO_PHYS(pv->pv_m));
1380 pmap->pm_pml4[KPML4I] = KPDPphys | PG_RW | PG_V | PG_U;
1381 pmap->pm_pml4[DMPML4I] = DMPDPphys | PG_RW | PG_V | PG_U;
1383 /* install self-referential address mapping entry */
1384 pmap->pm_pml4[PML4PML4I] = VM_PAGE_TO_PHYS(pv->pv_m) |
1385 PG_V | PG_RW | PG_A | PG_M;
1387 KKASSERT(pv->pv_m->flags & PG_MAPPED);
1388 KKASSERT(pv->pv_m->flags & PG_WRITEABLE);
1393 * Clean up a pmap structure so it can be physically freed. This routine
1394 * is called by the vmspace dtor function. A great deal of pmap data is
1395 * left passively mapped to improve vmspace management so we have a bit
1396 * of cleanup work to do here.
1399 pmap_puninit(pmap_t pmap)
1404 KKASSERT(pmap->pm_active == 0);
1405 if ((pv = pmap->pm_pmlpv) != NULL) {
1406 if (pv_hold_try(pv) == 0)
1408 p = pmap_remove_pv_page(pv, 1);
1410 pmap_kremove((vm_offset_t)pmap->pm_pml4);
1411 vm_page_busy_wait(p, FALSE, "pgpun");
1413 KKASSERT(p->flags & (PG_FICTITIOUS|PG_UNMANAGED));
1414 vm_page_unwire(p, 0);
1415 vm_page_flag_clear(p, PG_MAPPED | PG_WRITEABLE);
1418 * XXX eventually clean out PML4 static entries and
1419 * use vm_page_free_zero()
1422 pmap->pm_pmlpv = NULL;
1424 if (pmap->pm_pml4) {
1425 KKASSERT(pmap->pm_pml4 != (void *)(PTOV_OFFSET + KPML4phys));
1426 kmem_free(&kernel_map, (vm_offset_t)pmap->pm_pml4, PAGE_SIZE);
1427 pmap->pm_pml4 = NULL;
1429 KKASSERT(pmap->pm_stats.resident_count == 0);
1430 KKASSERT(pmap->pm_stats.wired_count == 0);
1434 * Wire in kernel global address entries. To avoid a race condition
1435 * between pmap initialization and pmap_growkernel, this procedure
1436 * adds the pmap to the master list (which growkernel scans to update),
1437 * then copies the template.
1440 pmap_pinit2(struct pmap *pmap)
1443 * XXX copies current process, does not fill in MPPTDI
1445 spin_lock(&pmap_spin);
1446 TAILQ_INSERT_TAIL(&pmap_list, pmap, pm_pmnode);
1447 spin_unlock(&pmap_spin);
1451 * This routine is called when various levels in the page table need to
1452 * be populated. This routine cannot fail.
1454 * This function returns two locked pv_entry's, one representing the
1455 * requested pv and one representing the requested pv's parent pv. If
1456 * the pv did not previously exist it will be mapped into its parent
1457 * and wired, otherwise no additional wire count will be added.
1461 pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, pv_entry_t *pvpp)
1466 vm_pindex_t pt_pindex;
1471 * If the pv already exists and we aren't being asked for the
1472 * parent page table page we can just return it. A locked+held pv
1475 pv = pv_alloc(pmap, ptepindex, &isnew);
1476 if (isnew == 0 && pvpp == NULL)
1480 * This is a new PV, we have to resolve its parent page table and
1481 * add an additional wiring to the page if necessary.
1485 * Special case terminal PVs. These are not page table pages so
1486 * no vm_page is allocated (the caller supplied the vm_page). If
1487 * pvpp is non-NULL we are being asked to also removed the pt_pv
1490 * Note that pt_pv's are only returned for user VAs. We assert that
1491 * a pt_pv is not being requested for kernel VAs.
1493 if (ptepindex < pmap_pt_pindex(0)) {
1494 if (ptepindex >= NUPTE_USER)
1495 KKASSERT(pvpp == NULL);
1497 KKASSERT(pvpp != NULL);
1499 pt_pindex = NUPTE_TOTAL + (ptepindex >> NPTEPGSHIFT);
1500 pvp = pmap_allocpte(pmap, pt_pindex, NULL);
1502 vm_page_wire_quick(pvp->pv_m);
1511 * Non-terminal PVs allocate a VM page to represent the page table,
1512 * so we have to resolve pvp and calculate ptepindex for the pvp
1513 * and then for the page table entry index in the pvp for
1516 if (ptepindex < pmap_pd_pindex(0)) {
1518 * pv is PT, pvp is PD
1520 ptepindex = (ptepindex - pmap_pt_pindex(0)) >> NPDEPGSHIFT;
1521 ptepindex += NUPTE_TOTAL + NUPT_TOTAL;
1522 pvp = pmap_allocpte(pmap, ptepindex, NULL);
1529 ptepindex = pv->pv_pindex - pmap_pt_pindex(0);
1530 ptepindex &= ((1ul << NPDEPGSHIFT) - 1);
1531 } else if (ptepindex < pmap_pdp_pindex(0)) {
1533 * pv is PD, pvp is PDP
1535 ptepindex = (ptepindex - pmap_pd_pindex(0)) >> NPDPEPGSHIFT;
1536 ptepindex += NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL;
1537 pvp = pmap_allocpte(pmap, ptepindex, NULL);
1544 ptepindex = pv->pv_pindex - pmap_pd_pindex(0);
1545 ptepindex &= ((1ul << NPDPEPGSHIFT) - 1);
1546 } else if (ptepindex < pmap_pml4_pindex()) {
1548 * pv is PDP, pvp is the root pml4 table
1550 pvp = pmap_allocpte(pmap, pmap_pml4_pindex(), NULL);
1557 ptepindex = pv->pv_pindex - pmap_pdp_pindex(0);
1558 ptepindex &= ((1ul << NPML4EPGSHIFT) - 1);
1561 * pv represents the top-level PML4, there is no parent.
1569 * This code is only reached if isnew is TRUE and this is not a
1570 * terminal PV. We need to allocate a vm_page for the page table
1571 * at this level and enter it into the parent page table.
1573 * page table pages are marked PG_WRITEABLE and PG_MAPPED.
1576 m = vm_page_alloc(NULL, pv->pv_pindex,
1577 VM_ALLOC_NORMAL | VM_ALLOC_SYSTEM |
1578 VM_ALLOC_INTERRUPT);
1583 vm_page_spin_lock(m);
1584 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1586 vm_page_flag_set(m, PG_MAPPED | PG_WRITEABLE);
1587 vm_page_spin_unlock(m);
1588 vm_page_unmanage(m); /* m must be spinunlocked */
1590 if ((m->flags & PG_ZERO) == 0) {
1591 pmap_zero_page(VM_PAGE_TO_PHYS(m));
1595 pmap_page_assertzero(VM_PAGE_TO_PHYS(m));
1598 m->valid = VM_PAGE_BITS_ALL;
1599 vm_page_flag_clear(m, PG_ZERO);
1600 vm_page_wire(m); /* wire for mapping in parent */
1603 * Wire the page into pvp, bump the wire-count for pvp's page table
1604 * page. Bump the resident_count for the pmap. There is no pvp
1605 * for the top level, address the pm_pml4[] array directly.
1607 * If the caller wants the parent we return it, otherwise
1608 * we just put it away.
1610 * No interlock is needed for pte 0 -> non-zero.
1613 vm_page_wire_quick(pvp->pv_m);
1614 ptep = pv_pte_lookup(pvp, ptepindex);
1615 KKASSERT((*ptep & PG_V) == 0);
1616 *ptep = VM_PAGE_TO_PHYS(m) | (PG_U | PG_RW | PG_V |
1629 * Release any resources held by the given physical map.
1631 * Called when a pmap initialized by pmap_pinit is being released. Should
1632 * only be called if the map contains no valid mappings.
1634 * Caller must hold pmap->pm_token
1636 struct pmap_release_info {
1641 static int pmap_release_callback(pv_entry_t pv, void *data);
1644 pmap_release(struct pmap *pmap)
1646 struct pmap_release_info info;
1648 KASSERT(pmap->pm_active == 0,
1649 ("pmap still active! %016jx", (uintmax_t)pmap->pm_active));
1651 spin_lock(&pmap_spin);
1652 TAILQ_REMOVE(&pmap_list, pmap, pm_pmnode);
1653 spin_unlock(&pmap_spin);
1656 * Pull pv's off the RB tree in order from low to high and release
1662 spin_lock(&pmap->pm_spin);
1663 RB_SCAN(pv_entry_rb_tree, &pmap->pm_pvroot, NULL,
1664 pmap_release_callback, &info);
1665 spin_unlock(&pmap->pm_spin);
1666 } while (info.retry);
1670 * One resident page (the pml4 page) should remain.
1671 * No wired pages should remain.
1673 KKASSERT(pmap->pm_stats.resident_count == 1);
1674 KKASSERT(pmap->pm_stats.wired_count == 0);
1678 pmap_release_callback(pv_entry_t pv, void *data)
1680 struct pmap_release_info *info = data;
1681 pmap_t pmap = info->pmap;
1684 if (pv_hold_try(pv)) {
1685 spin_unlock(&pmap->pm_spin);
1687 spin_unlock(&pmap->pm_spin);
1689 if (pv->pv_pmap != pmap) {
1691 spin_lock(&pmap->pm_spin);
1698 * The pmap is currently not spinlocked, pv is held+locked.
1699 * Remove the pv's page from its parent's page table. The
1700 * parent's page table page's wire_count will be decremented.
1702 pmap_remove_pv_pte(pv, NULL, NULL);
1705 * Terminal pvs are unhooked from their vm_pages. Because
1706 * terminal pages aren't page table pages they aren't wired
1707 * by us, so we have to be sure not to unwire them either.
1709 if (pv->pv_pindex < pmap_pt_pindex(0)) {
1710 pmap_remove_pv_page(pv, 0);
1715 * We leave the top-level page table page cached, wired, and
1716 * mapped in the pmap until the dtor function (pmap_puninit())
1719 * Since we are leaving the top-level pv intact we need
1720 * to break out of what would otherwise be an infinite loop.
1722 if (pv->pv_pindex == pmap_pml4_pindex()) {
1724 spin_lock(&pmap->pm_spin);
1729 * For page table pages (other than the top-level page),
1730 * remove and free the vm_page. The representitive mapping
1731 * removed above by pmap_remove_pv_pte() did not undo the
1732 * last wire_count so we have to do that as well.
1734 p = pmap_remove_pv_page(pv, 1);
1735 vm_page_busy_wait(p, FALSE, "pmaprl");
1737 if (p->wire_count != 1) {
1738 kprintf("p->wire_count was %016lx %d\n",
1739 pv->pv_pindex, p->wire_count);
1741 KKASSERT(p->wire_count == 1);
1742 KKASSERT(p->flags & PG_UNMANAGED);
1744 vm_page_unwire(p, 0);
1745 KKASSERT(p->wire_count == 0);
1746 /* JG eventually revert to using vm_page_free_zero() */
1750 spin_lock(&pmap->pm_spin);
1755 * This function will remove the pte associated with a pv from its parent.
1756 * Terminal pv's are supported. The removal will be interlocked if info
1757 * is non-NULL. The caller must dispose of pv instead of just unlocking
1760 * The wire count will be dropped on the parent page table. The wire
1761 * count on the page being removed (pv->pv_m) from the parent page table
1762 * is NOT touched. Note that terminal pages will not have any additional
1763 * wire counts while page table pages will have at least one representing
1764 * the mapping, plus others representing sub-mappings.
1766 * NOTE: Cannot be called on kernel page table pages, only KVM terminal
1767 * pages and user page table and terminal pages.
1769 * The pv must be locked.
1771 * XXX must lock parent pv's if they exist to remove pte XXX
1775 pmap_remove_pv_pte(pv_entry_t pv, pv_entry_t pvp, struct pmap_inval_info *info)
1777 vm_pindex_t ptepindex = pv->pv_pindex;
1778 pmap_t pmap = pv->pv_pmap;
1784 if (ptepindex == pmap_pml4_pindex()) {
1786 * We are the top level pml4 table, there is no parent.
1788 p = pmap->pm_pmlpv->pv_m;
1789 } else if (ptepindex >= pmap_pdp_pindex(0)) {
1791 * Remove a PDP page from the pml4e. This can only occur
1792 * with user page tables. We do not have to lock the
1793 * pml4 PV so just ignore pvp.
1795 vm_pindex_t pml4_pindex;
1796 vm_pindex_t pdp_index;
1799 pdp_index = ptepindex - pmap_pdp_pindex(0);
1801 pml4_pindex = pmap_pml4_pindex();
1802 pvp = pv_get(pv->pv_pmap, pml4_pindex);
1805 pdp = &pmap->pm_pml4[pdp_index & ((1ul << NPML4EPGSHIFT) - 1)];
1806 KKASSERT((*pdp & PG_V) != 0);
1807 p = PHYS_TO_VM_PAGE(*pdp & PG_FRAME);
1809 KKASSERT(info == NULL);
1810 } else if (ptepindex >= pmap_pd_pindex(0)) {
1812 * Remove a PD page from the pdp
1814 vm_pindex_t pdp_pindex;
1815 vm_pindex_t pd_index;
1818 pd_index = ptepindex - pmap_pd_pindex(0);
1821 pdp_pindex = NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL +
1822 (pd_index >> NPML4EPGSHIFT);
1823 pvp = pv_get(pv->pv_pmap, pdp_pindex);
1826 pd = pv_pte_lookup(pvp, pd_index & ((1ul << NPDPEPGSHIFT) - 1));
1827 KKASSERT((*pd & PG_V) != 0);
1828 p = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
1830 KKASSERT(info == NULL);
1831 } else if (ptepindex >= pmap_pt_pindex(0)) {
1833 * Remove a PT page from the pd
1835 vm_pindex_t pd_pindex;
1836 vm_pindex_t pt_index;
1839 pt_index = ptepindex - pmap_pt_pindex(0);
1842 pd_pindex = NUPTE_TOTAL + NUPT_TOTAL +
1843 (pt_index >> NPDPEPGSHIFT);
1844 pvp = pv_get(pv->pv_pmap, pd_pindex);
1847 pt = pv_pte_lookup(pvp, pt_index & ((1ul << NPDPEPGSHIFT) - 1));
1848 KKASSERT((*pt & PG_V) != 0);
1849 p = PHYS_TO_VM_PAGE(*pt & PG_FRAME);
1851 KKASSERT(info == NULL);
1854 * Remove a PTE from the PT page
1856 * NOTE: pv's must be locked bottom-up to avoid deadlocking.
1857 * pv is a pte_pv so we can safely lock pt_pv.
1859 vm_pindex_t pt_pindex;
1864 pt_pindex = ptepindex >> NPTEPGSHIFT;
1865 va = (vm_offset_t)ptepindex << PAGE_SHIFT;
1867 if (ptepindex >= NUPTE_USER) {
1868 ptep = vtopte(ptepindex << PAGE_SHIFT);
1869 KKASSERT(pvp == NULL);
1872 pt_pindex = NUPTE_TOTAL +
1873 (ptepindex >> NPDPEPGSHIFT);
1874 pvp = pv_get(pv->pv_pmap, pt_pindex);
1877 ptep = pv_pte_lookup(pvp, ptepindex &
1878 ((1ul << NPDPEPGSHIFT) - 1));
1882 pmap_inval_interlock(info, pmap, va);
1883 pte = pte_load_clear(ptep);
1885 pmap_inval_deinterlock(info, pmap);
1888 * Now update the vm_page_t
1890 if ((pte & (PG_MANAGED|PG_V)) != (PG_MANAGED|PG_V)) {
1891 kprintf("remove_pte badpte %016lx %016lx %d\n",
1893 pv->pv_pindex < pmap_pt_pindex(0));
1895 /*KKASSERT((pte & (PG_MANAGED|PG_V)) == (PG_MANAGED|PG_V));*/
1896 p = PHYS_TO_VM_PAGE(pte & PG_FRAME);
1899 if (pmap_track_modified(ptepindex))
1903 vm_page_flag_set(p, PG_REFERENCED);
1906 atomic_add_long(&pmap->pm_stats.wired_count, -1);
1908 cpu_invlpg((void *)va);
1912 * Unwire the parent page table page. The wire_count cannot go below
1913 * 1 here because the parent page table page is itself still mapped.
1915 * XXX remove the assertions later.
1917 KKASSERT(pv->pv_m == p);
1918 if (pvp && vm_page_unwire_quick(pvp->pv_m))
1919 panic("pmap_remove_pv_pte: Insufficient wire_count");
1927 pmap_remove_pv_page(pv_entry_t pv, int holdpg)
1935 vm_page_spin_lock(m);
1937 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1940 atomic_add_int(&m->object->agg_pv_list_count, -1);
1942 if (TAILQ_EMPTY(&m->md.pv_list))
1943 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
1944 vm_page_spin_unlock(m);
1951 * Grow the number of kernel page table entries, if needed.
1953 * This routine is always called to validate any address space
1954 * beyond KERNBASE (for kldloads). kernel_vm_end only governs the address
1955 * space below KERNBASE.
1958 pmap_growkernel(vm_offset_t kstart, vm_offset_t kend)
1961 vm_offset_t ptppaddr;
1963 pd_entry_t *pt, newpt;
1965 int update_kernel_vm_end;
1968 * bootstrap kernel_vm_end on first real VM use
1970 if (kernel_vm_end == 0) {
1971 kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
1973 while ((*pmap_pt(&kernel_pmap, kernel_vm_end) & PG_V) != 0) {
1974 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) &
1975 ~(PAGE_SIZE * NPTEPG - 1);
1977 if (kernel_vm_end - 1 >= kernel_map.max_offset) {
1978 kernel_vm_end = kernel_map.max_offset;
1985 * Fill in the gaps. kernel_vm_end is only adjusted for ranges
1986 * below KERNBASE. Ranges above KERNBASE are kldloaded and we
1987 * do not want to force-fill 128G worth of page tables.
1989 if (kstart < KERNBASE) {
1990 if (kstart > kernel_vm_end)
1991 kstart = kernel_vm_end;
1992 KKASSERT(kend <= KERNBASE);
1993 update_kernel_vm_end = 1;
1995 update_kernel_vm_end = 0;
1998 kstart = rounddown2(kstart, PAGE_SIZE * NPTEPG);
1999 kend = roundup2(kend, PAGE_SIZE * NPTEPG);
2001 if (kend - 1 >= kernel_map.max_offset)
2002 kend = kernel_map.max_offset;
2004 while (kstart < kend) {
2005 pt = pmap_pt(&kernel_pmap, kstart);
2007 /* We need a new PDP entry */
2008 nkpg = vm_page_alloc(NULL, nkpt,
2011 VM_ALLOC_INTERRUPT);
2013 panic("pmap_growkernel: no memory to grow "
2016 paddr = VM_PAGE_TO_PHYS(nkpg);
2017 if ((nkpg->flags & PG_ZERO) == 0)
2018 pmap_zero_page(paddr);
2019 vm_page_flag_clear(nkpg, PG_ZERO);
2020 newpd = (pdp_entry_t)
2021 (paddr | PG_V | PG_RW | PG_A | PG_M);
2022 *pmap_pd(&kernel_pmap, kstart) = newpd;
2024 continue; /* try again */
2026 if ((*pt & PG_V) != 0) {
2027 kstart = (kstart + PAGE_SIZE * NPTEPG) &
2028 ~(PAGE_SIZE * NPTEPG - 1);
2029 if (kstart - 1 >= kernel_map.max_offset) {
2030 kstart = kernel_map.max_offset;
2037 * This index is bogus, but out of the way
2039 nkpg = vm_page_alloc(NULL, nkpt,
2042 VM_ALLOC_INTERRUPT);
2044 panic("pmap_growkernel: no memory to grow kernel");
2047 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
2048 pmap_zero_page(ptppaddr);
2049 vm_page_flag_clear(nkpg, PG_ZERO);
2050 newpt = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
2051 *pmap_pt(&kernel_pmap, kstart) = newpt;
2054 kstart = (kstart + PAGE_SIZE * NPTEPG) &
2055 ~(PAGE_SIZE * NPTEPG - 1);
2057 if (kstart - 1 >= kernel_map.max_offset) {
2058 kstart = kernel_map.max_offset;
2064 * Only update kernel_vm_end for areas below KERNBASE.
2066 if (update_kernel_vm_end && kernel_vm_end < kstart)
2067 kernel_vm_end = kstart;
2071 * Retire the given physical map from service.
2072 * Should only be called if the map contains
2073 * no valid mappings.
2076 pmap_destroy(pmap_t pmap)
2083 lwkt_gettoken(&pmap->pm_token);
2084 count = --pmap->pm_count;
2086 pmap_release(pmap); /* eats pm_token */
2087 panic("destroying a pmap is not yet implemented");
2089 lwkt_reltoken(&pmap->pm_token);
2093 * Add a reference to the specified pmap.
2096 pmap_reference(pmap_t pmap)
2099 lwkt_gettoken(&pmap->pm_token);
2101 lwkt_reltoken(&pmap->pm_token);
2105 /***************************************************
2106 * page management routines.
2107 ***************************************************/
2110 * Hold a pv without locking it
2113 pv_hold(pv_entry_t pv)
2117 if (atomic_cmpset_int(&pv->pv_hold, 0, 1))
2121 count = pv->pv_hold;
2123 if (atomic_cmpset_int(&pv->pv_hold, count, count + 1))
2130 * Hold a pv_entry, preventing its destruction. TRUE is returned if the pv
2131 * was successfully locked, FALSE if it wasn't. The caller must dispose of
2134 * Either the pmap->pm_spin or the related vm_page_spin (if traversing a
2135 * pv list via its page) must be held by the caller.
2138 _pv_hold_try(pv_entry_t pv PMAP_DEBUG_DECL)
2142 if (atomic_cmpset_int(&pv->pv_hold, 0, PV_HOLD_LOCKED | 1)) {
2145 pv->pv_line = lineno;
2151 count = pv->pv_hold;
2153 if ((count & PV_HOLD_LOCKED) == 0) {
2154 if (atomic_cmpset_int(&pv->pv_hold, count,
2155 (count + 1) | PV_HOLD_LOCKED)) {
2158 pv->pv_line = lineno;
2163 if (atomic_cmpset_int(&pv->pv_hold, count, count + 1))
2171 * Drop a previously held pv_entry which could not be locked, allowing its
2174 * Must not be called with a spinlock held as we might zfree() the pv if it
2175 * is no longer associated with a pmap and this was the last hold count.
2178 pv_drop(pv_entry_t pv)
2182 if (atomic_cmpset_int(&pv->pv_hold, 1, 0)) {
2183 if (pv->pv_pmap == NULL)
2189 count = pv->pv_hold;
2191 KKASSERT((count & PV_HOLD_MASK) > 0);
2192 KKASSERT((count & (PV_HOLD_LOCKED | PV_HOLD_MASK)) !=
2193 (PV_HOLD_LOCKED | 1));
2194 if (atomic_cmpset_int(&pv->pv_hold, count, count - 1)) {
2195 if (count == 1 && pv->pv_pmap == NULL)
2204 * Find or allocate the requested PV entry, returning a locked pv
2208 _pv_alloc(pmap_t pmap, vm_pindex_t pindex, int *isnew PMAP_DEBUG_DECL)
2211 pv_entry_t pnew = NULL;
2213 spin_lock(&pmap->pm_spin);
2215 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex) {
2216 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot,
2221 spin_unlock(&pmap->pm_spin);
2222 pnew = zalloc(pvzone);
2223 spin_lock(&pmap->pm_spin);
2226 pnew->pv_pmap = pmap;
2227 pnew->pv_pindex = pindex;
2228 pnew->pv_hold = PV_HOLD_LOCKED | 1;
2230 pnew->pv_func = func;
2231 pnew->pv_line = lineno;
2233 pv_entry_rb_tree_RB_INSERT(&pmap->pm_pvroot, pnew);
2234 atomic_add_long(&pmap->pm_stats.resident_count, 1);
2235 spin_unlock(&pmap->pm_spin);
2240 spin_unlock(&pmap->pm_spin);
2241 zfree(pvzone, pnew);
2243 spin_lock(&pmap->pm_spin);
2246 if (_pv_hold_try(pv PMAP_DEBUG_COPY)) {
2247 spin_unlock(&pmap->pm_spin);
2251 spin_unlock(&pmap->pm_spin);
2252 _pv_lock(pv PMAP_DEBUG_COPY);
2253 if (pv->pv_pmap == pmap && pv->pv_pindex == pindex) {
2258 spin_lock(&pmap->pm_spin);
2265 * Find the requested PV entry, returning a locked+held pv or NULL
2269 _pv_get(pmap_t pmap, vm_pindex_t pindex PMAP_DEBUG_DECL)
2273 spin_lock(&pmap->pm_spin);
2278 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex) {
2279 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot,
2283 spin_unlock(&pmap->pm_spin);
2286 if (_pv_hold_try(pv PMAP_DEBUG_COPY)) {
2287 pv_cache(pv, pindex);
2288 spin_unlock(&pmap->pm_spin);
2291 spin_unlock(&pmap->pm_spin);
2292 _pv_lock(pv PMAP_DEBUG_COPY);
2293 if (pv->pv_pmap == pmap && pv->pv_pindex == pindex)
2296 spin_lock(&pmap->pm_spin);
2301 * Lookup, hold, and attempt to lock (pmap,pindex).
2303 * If the entry does not exist NULL is returned and *errorp is set to 0
2305 * If the entry exists and could be successfully locked it is returned and
2306 * errorp is set to 0.
2308 * If the entry exists but could NOT be successfully locked it is returned
2309 * held and *errorp is set to 1.
2313 pv_get_try(pmap_t pmap, vm_pindex_t pindex, int *errorp)
2317 spin_lock(&pmap->pm_spin);
2318 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex)
2319 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot, pindex);
2321 spin_unlock(&pmap->pm_spin);
2325 if (pv_hold_try(pv)) {
2326 pv_cache(pv, pindex);
2327 spin_unlock(&pmap->pm_spin);
2329 return(pv); /* lock succeeded */
2331 spin_unlock(&pmap->pm_spin);
2333 return (pv); /* lock failed */
2337 * Find the requested PV entry, returning a held pv or NULL
2341 pv_find(pmap_t pmap, vm_pindex_t pindex)
2345 spin_lock(&pmap->pm_spin);
2347 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex)
2348 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot, pindex);
2350 spin_unlock(&pmap->pm_spin);
2354 pv_cache(pv, pindex);
2355 spin_unlock(&pmap->pm_spin);
2360 * Lock a held pv, keeping the hold count
2364 _pv_lock(pv_entry_t pv PMAP_DEBUG_DECL)
2369 count = pv->pv_hold;
2371 if ((count & PV_HOLD_LOCKED) == 0) {
2372 if (atomic_cmpset_int(&pv->pv_hold, count,
2373 count | PV_HOLD_LOCKED)) {
2376 pv->pv_line = lineno;
2382 tsleep_interlock(pv, 0);
2383 if (atomic_cmpset_int(&pv->pv_hold, count,
2384 count | PV_HOLD_WAITING)) {
2386 kprintf("pv waiting on %s:%d\n",
2387 pv->pv_func, pv->pv_line);
2389 tsleep(pv, PINTERLOCKED, "pvwait", hz);
2396 * Unlock a held and locked pv, keeping the hold count.
2400 pv_unlock(pv_entry_t pv)
2404 if (atomic_cmpset_int(&pv->pv_hold, PV_HOLD_LOCKED | 1, 1))
2408 count = pv->pv_hold;
2410 KKASSERT((count & (PV_HOLD_LOCKED|PV_HOLD_MASK)) >=
2411 (PV_HOLD_LOCKED | 1));
2412 if (atomic_cmpset_int(&pv->pv_hold, count,
2414 ~(PV_HOLD_LOCKED | PV_HOLD_WAITING))) {
2415 if (count & PV_HOLD_WAITING)
2423 * Unlock and drop a pv. If the pv is no longer associated with a pmap
2424 * and the hold count drops to zero we will free it.
2426 * Caller should not hold any spin locks. We are protected from hold races
2427 * by virtue of holds only occuring only with a pmap_spin or vm_page_spin
2428 * lock held. A pv cannot be located otherwise.
2432 pv_put(pv_entry_t pv)
2434 if (atomic_cmpset_int(&pv->pv_hold, PV_HOLD_LOCKED | 1, 0)) {
2435 if (pv->pv_pmap == NULL)
2444 * Unlock, drop, and free a pv, destroying it. The pv is removed from its
2445 * pmap. Any pte operations must have already been completed.
2449 pv_free(pv_entry_t pv)
2453 KKASSERT(pv->pv_m == NULL);
2454 if ((pmap = pv->pv_pmap) != NULL) {
2455 spin_lock(&pmap->pm_spin);
2456 pv_entry_rb_tree_RB_REMOVE(&pmap->pm_pvroot, pv);
2457 if (pmap->pm_pvhint == pv)
2458 pmap->pm_pvhint = NULL;
2459 atomic_add_long(&pmap->pm_stats.resident_count, -1);
2462 spin_unlock(&pmap->pm_spin);
2468 * This routine is very drastic, but can save the system
2476 static int warningdone=0;
2478 if (pmap_pagedaemon_waken == 0)
2480 pmap_pagedaemon_waken = 0;
2481 if (warningdone < 5) {
2482 kprintf("pmap_collect: collecting pv entries -- "
2483 "suggest increasing PMAP_SHPGPERPROC\n");
2487 for (i = 0; i < vm_page_array_size; i++) {
2488 m = &vm_page_array[i];
2489 if (m->wire_count || m->hold_count)
2491 if (vm_page_busy_try(m, TRUE) == 0) {
2492 if (m->wire_count == 0 && m->hold_count == 0) {
2501 * Scan the pmap for active page table entries and issue a callback.
2502 * The callback must dispose of pte_pv.
2504 * NOTE: Unmanaged page table entries will not have a pte_pv
2506 * NOTE: Kernel page table entries will not have a pt_pv. That is, wiring
2507 * counts are not tracked in kernel page table pages.
2509 * It is assumed that the start and end are properly rounded to the page size.
2512 pmap_scan(struct pmap *pmap, vm_offset_t sva, vm_offset_t eva,
2513 void (*func)(pmap_t, struct pmap_inval_info *,
2514 pv_entry_t, pv_entry_t, vm_offset_t,
2515 pt_entry_t *, void *),
2518 pv_entry_t pdp_pv; /* A page directory page PV */
2519 pv_entry_t pd_pv; /* A page directory PV */
2520 pv_entry_t pt_pv; /* A page table PV */
2521 pv_entry_t pte_pv; /* A page table entry PV */
2523 vm_offset_t va_next;
2524 struct pmap_inval_info info;
2531 * Hold the token for stability; if the pmap is empty we have nothing
2534 lwkt_gettoken(&pmap->pm_token);
2536 if (pmap->pm_stats.resident_count == 0) {
2537 lwkt_reltoken(&pmap->pm_token);
2542 pmap_inval_init(&info);
2545 * Special handling for removing one page, which is a very common
2546 * operation (it is?).
2547 * NOTE: Locks must be ordered bottom-up. pte,pt,pd,pdp,pml4
2549 if (sva + PAGE_SIZE == eva) {
2550 if (sva >= VM_MAX_USER_ADDRESS) {
2552 * Kernel mappings do not track wire counts on
2556 pte_pv = pv_get(pmap, pmap_pte_pindex(sva));
2560 * User mappings may or may not have a pte_pv but
2561 * will always have a pt_pv if the page is present.
2563 pte_pv = pv_get(pmap, pmap_pte_pindex(sva));
2564 pt_pv = pv_get(pmap, pmap_pt_pindex(sva));
2565 if (pt_pv == NULL) {
2566 KKASSERT(pte_pv == NULL);
2569 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(sva));
2573 * Unlike the pv_find() case below we actually
2574 * acquired a locked pv in this case so any
2575 * race should have been resolved. It is expected
2578 KKASSERT(pte_pv == NULL);
2579 } else if (pte_pv) {
2580 KASSERT((*ptep & (PG_MANAGED|PG_V)) == (PG_MANAGED|
2582 ("bad *ptep %016lx sva %016lx pte_pv %p",
2583 *ptep, sva, pte_pv));
2584 func(pmap, &info, pte_pv, pt_pv, sva, ptep, arg);
2586 KASSERT((*ptep & (PG_MANAGED|PG_V)) == PG_V,
2587 ("bad *ptep %016lx sva %016lx pte_pv NULL",
2589 func(pmap, &info, pte_pv, pt_pv, sva, ptep, arg);
2594 pmap_inval_done(&info);
2595 lwkt_reltoken(&pmap->pm_token);
2600 * NOTE: kernel mappings do not track page table pages, only
2603 * NOTE: Locks must be ordered bottom-up. pte,pt,pd,pdp,pml4.
2604 * However, for the scan to be efficient we try to
2605 * cache items top-down.
2611 for (; sva < eva; sva = va_next) {
2613 if (sva >= VM_MAX_USER_ADDRESS) {
2624 if (pdp_pv == NULL) {
2625 pdp_pv = pv_get(pmap, pmap_pdp_pindex(sva));
2626 } else if (pdp_pv->pv_pindex != pmap_pdp_pindex(sva)) {
2628 pdp_pv = pv_get(pmap, pmap_pdp_pindex(sva));
2630 if (pdp_pv == NULL) {
2631 va_next = (sva + NBPML4) & ~PML4MASK;
2640 if (pd_pv == NULL) {
2645 pd_pv = pv_get(pmap, pmap_pd_pindex(sva));
2646 } else if (pd_pv->pv_pindex != pmap_pd_pindex(sva)) {
2652 pd_pv = pv_get(pmap, pmap_pd_pindex(sva));
2654 if (pd_pv == NULL) {
2655 va_next = (sva + NBPDP) & ~PDPMASK;
2665 if (pt_pv == NULL) {
2674 pt_pv = pv_get(pmap, pmap_pt_pindex(sva));
2675 } else if (pt_pv->pv_pindex != pmap_pt_pindex(sva)) {
2685 pt_pv = pv_get(pmap, pmap_pt_pindex(sva));
2689 * We will scan or skip a page table page so adjust va_next
2692 if (pt_pv == NULL) {
2693 va_next = (sva + NBPDR) & ~PDRMASK;
2700 * From this point in the loop testing pt_pv for non-NULL
2701 * means we are in UVM, else if it is NULL we are in KVM.
2704 va_next = (sva + NBPDR) & ~PDRMASK;
2709 * Limit our scan to either the end of the va represented
2710 * by the current page table page, or to the end of the
2711 * range being removed.
2713 * Scan the page table for pages. Some pages may not be
2714 * managed (might not have a pv_entry).
2716 * There is no page table management for kernel pages so
2717 * pt_pv will be NULL in that case, but otherwise pt_pv
2718 * is non-NULL, locked, and referenced.
2724 * At this point a non-NULL pt_pv means a UVA, and a NULL
2725 * pt_pv means a KVA.
2728 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(sva));
2732 while (sva < va_next) {
2734 * NOTE: It is possible for an empty ptep to
2735 * race a pv removal by some other means
2736 * (typically via the vm_page_t).
2738 * For now debug the situation by locking
2739 * the potentially conflicting pv and
2744 pte_pv = pv_find(pmap, pmap_pte_pindex(sva));
2745 if (pte_pv == NULL) {
2752 * Possible race against another thread
2755 kprintf("pmap_scan: caught race func %p", func);
2757 pv_put(pt_pv); /* must be non-NULL */
2760 pv_lock(pte_pv); /* safe to block now */
2761 if (pte_pv->pv_pmap) {
2762 kprintf(", uh oh, pte_pv still good\n");
2763 panic("unexpected non-NULL pte_pv %p",
2766 kprintf(", resolved ok\n");
2774 * We need a locked pte_pv as well but just like the
2775 * above, the lock order is all wrong so if we
2776 * cannot acquire it non-blocking we will have to
2777 * undo a bunch of stuff and retry.
2780 pte_pv = pv_get_try(pmap, pmap_pte_pindex(sva),
2791 pv_put(pt_pv); /* must be non-NULL */
2793 pv_lock(pte_pv); /* safe to block now */
2796 pt_pv = pv_get(pmap,
2797 pmap_pt_pindex(sva));
2801 pte_pv = pv_get(pmap, pmap_pte_pindex(sva));
2805 * *ptep can get ripped out while we were blocked.
2816 * Ready for the callback. The locked pte_pv (if
2817 * not NULL) is consumed by the callback.
2820 KASSERT((*ptep & (PG_MANAGED|PG_V)) ==
2822 ("bad *ptep %016lx sva %016lx "
2824 *ptep, sva, pte_pv));
2825 func(pmap, &info, pte_pv, pt_pv, sva,
2828 KASSERT((*ptep & (PG_MANAGED|PG_V)) ==
2830 ("bad *ptep %016lx sva %016lx "
2833 func(pmap, &info, pte_pv, pt_pv, sva,
2853 pmap_inval_done(&info);
2854 lwkt_reltoken(&pmap->pm_token);
2858 pmap_remove(struct pmap *pmap, vm_offset_t sva, vm_offset_t eva)
2860 pmap_scan(pmap, sva, eva, pmap_remove_callback, NULL);
2864 pmap_remove_callback(pmap_t pmap, struct pmap_inval_info *info,
2865 pv_entry_t pte_pv, pv_entry_t pt_pv, vm_offset_t va,
2866 pt_entry_t *ptep, void *arg __unused)
2872 * This will also drop pt_pv's wire_count. Note that
2873 * terminal pages are not wired based on mmu presence.
2875 pmap_remove_pv_pte(pte_pv, pt_pv, info);
2876 pmap_remove_pv_page(pte_pv, 0);
2880 * pt_pv's wire_count is still bumped by unmanaged pages
2881 * so we must decrement it manually.
2883 pmap_inval_interlock(info, pmap, va);
2884 pte = pte_load_clear(ptep);
2885 pmap_inval_deinterlock(info, pmap);
2887 atomic_add_long(&pmap->pm_stats.wired_count, -1);
2888 atomic_add_long(&pmap->pm_stats.resident_count, -1);
2889 if (pt_pv && vm_page_unwire_quick(pt_pv->pv_m))
2890 panic("pmap_remove: insufficient wirecount");
2895 * Removes this physical page from all physical maps in which it resides.
2896 * Reflects back modify bits to the pager.
2898 * This routine may not be called from an interrupt.
2902 pmap_remove_all(vm_page_t m)
2904 struct pmap_inval_info info;
2907 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
2910 pmap_inval_init(&info);
2911 vm_page_spin_lock(m);
2912 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2913 KKASSERT(pv->pv_m == m);
2914 if (pv_hold_try(pv)) {
2915 vm_page_spin_unlock(m);
2917 vm_page_spin_unlock(m);
2919 if (pv->pv_m != m) {
2921 vm_page_spin_lock(m);
2926 * Holding no spinlocks, pv is locked.
2928 pmap_remove_pv_pte(pv, NULL, &info);
2929 pmap_remove_pv_page(pv, 0);
2931 vm_page_spin_lock(m);
2933 vm_page_spin_unlock(m);
2934 KKASSERT((m->flags & (PG_MAPPED|PG_WRITEABLE)) == 0);
2935 pmap_inval_done(&info);
2941 * Set the physical protection on the specified range of this map
2944 * This function may not be called from an interrupt if the map is
2945 * not the kernel_pmap.
2948 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2950 /* JG review for NX */
2954 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2955 pmap_remove(pmap, sva, eva);
2958 if (prot & VM_PROT_WRITE)
2960 pmap_scan(pmap, sva, eva, pmap_protect_callback, &prot);
2965 pmap_protect_callback(pmap_t pmap, struct pmap_inval_info *info,
2966 pv_entry_t pte_pv, pv_entry_t pt_pv, vm_offset_t va,
2967 pt_entry_t *ptep, void *arg __unused)
2976 pmap_inval_interlock(info, pmap, va);
2983 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
2984 KKASSERT(m == pte_pv->pv_m);
2985 vm_page_flag_set(m, PG_REFERENCED);
2989 if (pmap_track_modified(pte_pv->pv_pindex)) {
2991 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
2998 if (pbits != cbits && !atomic_cmpset_long(ptep, pbits, cbits)) {
3001 pmap_inval_deinterlock(info, pmap);
3007 * Insert the vm_page (m) at the virtual address (va), replacing any prior
3008 * mapping at that address. Set protection and wiring as requested.
3010 * NOTE: This routine MUST insert the page into the pmap now, it cannot
3014 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3017 pmap_inval_info info;
3018 pv_entry_t pt_pv; /* page table */
3019 pv_entry_t pte_pv; /* page table entry */
3022 pt_entry_t origpte, newpte;
3027 va = trunc_page(va);
3028 #ifdef PMAP_DIAGNOSTIC
3030 panic("pmap_enter: toobig");
3031 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
3032 panic("pmap_enter: invalid to pmap_enter page table "
3033 "pages (va: 0x%lx)", va);
3035 if (va < UPT_MAX_ADDRESS && pmap == &kernel_pmap) {
3036 kprintf("Warning: pmap_enter called on UVA with "
3039 db_print_backtrace();
3042 if (va >= UPT_MAX_ADDRESS && pmap != &kernel_pmap) {
3043 kprintf("Warning: pmap_enter called on KVA without"
3046 db_print_backtrace();
3051 * Get locked PV entries for our new page table entry (pte_pv)
3052 * and for its parent page table (pt_pv). We need the parent
3053 * so we can resolve the location of the ptep.
3055 * Only hardware MMU actions can modify the ptep out from
3058 * if (m) is fictitious or unmanaged we do not create a managing
3059 * pte_pv for it. Any pre-existing page's management state must
3060 * match (avoiding code complexity).
3062 * If the pmap is still being initialized we assume existing
3065 * Kernel mapppings do not track page table pages (i.e. pt_pv).
3066 * pmap_allocpte() checks the
3068 if (pmap_initialized == FALSE) {
3072 } else if (m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) {
3074 if (va >= VM_MAX_USER_ADDRESS) {
3078 pt_pv = pmap_allocpte(pmap, pmap_pt_pindex(va), NULL);
3079 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
3081 KKASSERT(*ptep == 0 || (*ptep & PG_MANAGED) == 0);
3083 if (va >= VM_MAX_USER_ADDRESS) {
3085 pte_pv = pmap_allocpte(pmap, pmap_pte_pindex(va), NULL);
3088 pte_pv = pmap_allocpte(pmap, pmap_pte_pindex(va),
3090 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
3092 KKASSERT(*ptep == 0 || (*ptep & PG_MANAGED));
3095 if ((prot & VM_PROT_NOSYNC) == 0)
3096 pmap_inval_init(&info);
3098 pa = VM_PAGE_TO_PHYS(m);
3100 opa = origpte & PG_FRAME;
3103 * Mapping has not changed, must be protection or wiring change.
3105 if (origpte && (opa == pa)) {
3107 * Wiring change, just update stats. We don't worry about
3108 * wiring PT pages as they remain resident as long as there
3109 * are valid mappings in them. Hence, if a user page is wired,
3110 * the PT page will be also.
3112 KKASSERT(pte_pv == NULL || m == pte_pv->pv_m);
3113 if (wired && ((origpte & PG_W) == 0))
3114 atomic_add_long(&pmap->pm_stats.wired_count, 1);
3115 else if (!wired && (origpte & PG_W))
3116 atomic_add_long(&pmap->pm_stats.wired_count, -1);
3118 #if defined(PMAP_DIAGNOSTIC)
3119 if (pmap_nw_modified(origpte)) {
3120 kprintf("pmap_enter: modified page not writable: "
3121 "va: 0x%lx, pte: 0x%lx\n", va, origpte);
3126 * We might be turning off write access to the page,
3127 * so we go ahead and sense modify status.
3130 if ((origpte & PG_M) &&
3131 pmap_track_modified(pte_pv->pv_pindex)) {
3134 KKASSERT(PHYS_TO_VM_PAGE(opa) == om);
3143 * Mapping has changed, invalidate old range and fall through to
3144 * handle validating new mapping.
3146 * We always interlock pte removals.
3150 /* XXX pmap_remove_pv_pte() unwires pt_pv */
3151 vm_page_wire_quick(pt_pv->pv_m);
3152 if (prot & VM_PROT_NOSYNC)
3153 pmap_remove_pv_pte(pte_pv, pt_pv, NULL);
3155 pmap_remove_pv_pte(pte_pv, pt_pv, &info);
3157 pmap_remove_pv_page(pte_pv, 0);
3158 } else if (prot & VM_PROT_NOSYNC) {
3160 cpu_invlpg((void *)va);
3161 atomic_add_long(&pmap->pm_stats.resident_count, -1);
3163 pmap_inval_interlock(&info, pmap, va);
3165 pmap_inval_deinterlock(&info, pmap);
3166 atomic_add_long(&pmap->pm_stats.resident_count, -1);
3168 KKASSERT(*ptep == 0);
3172 * Enter on the PV list if part of our managed memory. Wiring is
3173 * handled automatically.
3176 KKASSERT(pte_pv->pv_m == NULL);
3177 vm_page_spin_lock(m);
3179 TAILQ_INSERT_TAIL(&m->md.pv_list, pte_pv, pv_list);
3182 atomic_add_int(&m->object->agg_pv_list_count, 1);
3184 vm_page_flag_set(m, PG_MAPPED);
3185 vm_page_spin_unlock(m);
3187 } else if (pt_pv && opa == 0) {
3188 vm_page_wire_quick(pt_pv->pv_m);
3192 * Increment counters
3195 atomic_add_long(&pmap->pm_stats.wired_count, 1);
3199 * Now validate mapping with desired protection/wiring.
3201 newpte = (pt_entry_t)(pa | pte_prot(pmap, prot) | PG_V);
3205 if (va < VM_MAX_USER_ADDRESS)
3207 if (pmap == &kernel_pmap)
3211 * If the mapping or permission bits are different, we need
3212 * to update the pte.
3214 * We do not have to interlock pte insertions as no other
3215 * cpu will have a TLB entry.
3217 if ((origpte & ~(PG_M|PG_A)) != newpte) {
3219 if ((prot & VM_PROT_NOSYNC) == 0)
3220 pmap_inval_interlock(&info, pmap, va);
3222 *ptep = newpte | PG_A;
3223 cpu_invlpg((void *)va);
3225 if (prot & VM_PROT_NOSYNC)
3226 cpu_invlpg((void *)va);
3228 pmap_inval_deinterlock(&info, pmap);
3231 vm_page_flag_set(m, PG_WRITEABLE);
3233 atomic_add_long(&pmap->pm_stats.resident_count, 1);
3236 KKASSERT((newpte & PG_MANAGED) == 0 || (m->flags & PG_MAPPED));
3237 if ((prot & VM_PROT_NOSYNC) == 0)
3238 pmap_inval_done(&info);
3241 * Cleanup the pv entry, allowing other accessors.
3250 * This code works like pmap_enter() but assumes VM_PROT_READ and not-wired.
3251 * This code also assumes that the pmap has no pre-existing entry for this
3254 * This code currently may only be used on user pmaps, not kernel_pmap.
3257 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m)
3259 pmap_enter(pmap, va, m, VM_PROT_READ, FALSE);
3263 * Make a temporary mapping for a physical address. This is only intended
3264 * to be used for panic dumps.
3266 * The caller is responsible for calling smp_invltlb().
3269 pmap_kenter_temporary(vm_paddr_t pa, long i)
3271 pmap_kenter_quick((vm_offset_t)crashdumpmap + (i * PAGE_SIZE), pa);
3272 return ((void *)crashdumpmap);
3275 #define MAX_INIT_PT (96)
3278 * This routine preloads the ptes for a given object into the specified pmap.
3279 * This eliminates the blast of soft faults on process startup and
3280 * immediately after an mmap.
3282 static int pmap_object_init_pt_callback(vm_page_t p, void *data);
3285 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_prot_t prot,
3286 vm_object_t object, vm_pindex_t pindex,
3287 vm_size_t size, int limit)
3289 struct rb_vm_page_scan_info info;
3294 * We can't preinit if read access isn't set or there is no pmap
3297 if ((prot & VM_PROT_READ) == 0 || pmap == NULL || object == NULL)
3301 * We can't preinit if the pmap is not the current pmap
3303 lp = curthread->td_lwp;
3304 if (lp == NULL || pmap != vmspace_pmap(lp->lwp_vmspace))
3307 psize = x86_64_btop(size);
3309 if ((object->type != OBJT_VNODE) ||
3310 ((limit & MAP_PREFAULT_PARTIAL) && (psize > MAX_INIT_PT) &&
3311 (object->resident_page_count > MAX_INIT_PT))) {
3315 if (pindex + psize > object->size) {
3316 if (object->size < pindex)
3318 psize = object->size - pindex;
3325 * Use a red-black scan to traverse the requested range and load
3326 * any valid pages found into the pmap.
3328 * We cannot safely scan the object's memq without holding the
3331 info.start_pindex = pindex;
3332 info.end_pindex = pindex + psize - 1;
3338 vm_object_hold(object);
3339 vm_page_rb_tree_RB_SCAN(&object->rb_memq, rb_vm_page_scancmp,
3340 pmap_object_init_pt_callback, &info);
3341 vm_object_drop(object);
3346 pmap_object_init_pt_callback(vm_page_t p, void *data)
3348 struct rb_vm_page_scan_info *info = data;
3349 vm_pindex_t rel_index;
3352 * don't allow an madvise to blow away our really
3353 * free pages allocating pv entries.
3355 if ((info->limit & MAP_PREFAULT_MADVISE) &&
3356 vmstats.v_free_count < vmstats.v_free_reserved) {
3359 if (vm_page_busy_try(p, TRUE))
3361 if (((p->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
3362 (p->flags & PG_FICTITIOUS) == 0) {
3363 if ((p->queue - p->pc) == PQ_CACHE)
3364 vm_page_deactivate(p);
3365 rel_index = p->pindex - info->start_pindex;
3366 pmap_enter_quick(info->pmap,
3367 info->addr + x86_64_ptob(rel_index), p);
3375 * Return TRUE if the pmap is in shape to trivially pre-fault the specified
3378 * Returns FALSE if it would be non-trivial or if a pte is already loaded
3382 pmap_prefault_ok(pmap_t pmap, vm_offset_t addr)
3386 spin_lock(&pmap->pm_spin);
3387 if ((pte = pmap_pte(pmap, addr)) != NULL) {
3389 spin_unlock(&pmap->pm_spin);
3393 spin_unlock(&pmap->pm_spin);
3398 * Change the wiring attribute for a pmap/va pair. The mapping must already
3399 * exist in the pmap. The mapping may or may not be managed.
3402 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
3409 lwkt_gettoken(&pmap->pm_token);
3410 pv = pmap_allocpte(pmap, pmap_pt_pindex(va), NULL);
3411 ptep = pv_pte_lookup(pv, pmap_pte_index(va));
3413 if (wired && !pmap_pte_w(ptep))
3414 atomic_add_long(&pmap->pm_stats.wired_count, 1);
3415 else if (!wired && pmap_pte_w(ptep))
3416 atomic_add_long(&pmap->pm_stats.wired_count, -1);
3419 * Wiring is not a hardware characteristic so there is no need to
3420 * invalidate TLB. However, in an SMP environment we must use
3421 * a locked bus cycle to update the pte (if we are not using
3422 * the pmap_inval_*() API that is)... it's ok to do this for simple
3427 atomic_set_long(ptep, PG_W);
3429 atomic_clear_long(ptep, PG_W);
3432 atomic_set_long_nonlocked(ptep, PG_W);
3434 atomic_clear_long_nonlocked(ptep, PG_W);
3437 lwkt_reltoken(&pmap->pm_token);
3443 * Copy the range specified by src_addr/len from the source map to
3444 * the range dst_addr/len in the destination map.
3446 * This routine is only advisory and need not do anything.
3449 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
3450 vm_size_t len, vm_offset_t src_addr)
3457 * Zero the specified physical page.
3459 * This function may be called from an interrupt and no locking is
3463 pmap_zero_page(vm_paddr_t phys)
3465 vm_offset_t va = PHYS_TO_DMAP(phys);
3467 pagezero((void *)va);
3471 * pmap_page_assertzero:
3473 * Assert that a page is empty, panic if it isn't.
3476 pmap_page_assertzero(vm_paddr_t phys)
3478 vm_offset_t va = PHYS_TO_DMAP(phys);
3481 for (i = 0; i < PAGE_SIZE; i += sizeof(long)) {
3482 if (*(long *)((char *)va + i) != 0) {
3483 panic("pmap_page_assertzero() @ %p not zero!\n",
3484 (void *)(intptr_t)va);
3492 * Zero part of a physical page by mapping it into memory and clearing
3493 * its contents with bzero.
3495 * off and size may not cover an area beyond a single hardware page.
3498 pmap_zero_page_area(vm_paddr_t phys, int off, int size)
3500 vm_offset_t virt = PHYS_TO_DMAP(phys);
3502 bzero((char *)virt + off, size);
3508 * Copy the physical page from the source PA to the target PA.
3509 * This function may be called from an interrupt. No locking
3513 pmap_copy_page(vm_paddr_t src, vm_paddr_t dst)
3515 vm_offset_t src_virt, dst_virt;
3517 src_virt = PHYS_TO_DMAP(src);
3518 dst_virt = PHYS_TO_DMAP(dst);
3519 bcopy((void *)src_virt, (void *)dst_virt, PAGE_SIZE);
3523 * pmap_copy_page_frag:
3525 * Copy the physical page from the source PA to the target PA.
3526 * This function may be called from an interrupt. No locking
3530 pmap_copy_page_frag(vm_paddr_t src, vm_paddr_t dst, size_t bytes)
3532 vm_offset_t src_virt, dst_virt;
3534 src_virt = PHYS_TO_DMAP(src);
3535 dst_virt = PHYS_TO_DMAP(dst);
3537 bcopy((char *)src_virt + (src & PAGE_MASK),
3538 (char *)dst_virt + (dst & PAGE_MASK),
3543 * Returns true if the pmap's pv is one of the first 16 pvs linked to from
3544 * this page. This count may be changed upwards or downwards in the future;
3545 * it is only necessary that true be returned for a small subset of pmaps
3546 * for proper page aging.
3549 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3554 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
3557 vm_page_spin_lock(m);
3558 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3559 if (pv->pv_pmap == pmap) {
3560 vm_page_spin_unlock(m);
3567 vm_page_spin_unlock(m);
3572 * Remove all pages from specified address space this aids process exit
3573 * speeds. Also, this code may be special cased for the current process
3577 pmap_remove_pages(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3579 pmap_remove(pmap, sva, eva);
3583 * pmap_testbit tests bits in pte's note that the testbit/clearbit
3584 * routines are inline, and a lot of things compile-time evaluate.
3588 pmap_testbit(vm_page_t m, int bit)
3593 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
3596 if (TAILQ_FIRST(&m->md.pv_list) == NULL)
3598 vm_page_spin_lock(m);
3599 if (TAILQ_FIRST(&m->md.pv_list) == NULL) {
3600 vm_page_spin_unlock(m);
3604 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3606 * if the bit being tested is the modified bit, then
3607 * mark clean_map and ptes as never
3610 if (bit & (PG_A|PG_M)) {
3611 if (!pmap_track_modified(pv->pv_pindex))
3615 #if defined(PMAP_DIAGNOSTIC)
3616 if (pv->pv_pmap == NULL) {
3617 kprintf("Null pmap (tb) at pindex: %"PRIu64"\n",
3622 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
3624 vm_page_spin_unlock(m);
3628 vm_page_spin_unlock(m);
3633 * This routine is used to modify bits in ptes
3635 * Caller must NOT hold any spin locks
3639 pmap_clearbit(vm_page_t m, int bit)
3641 struct pmap_inval_info info;
3645 vm_pindex_t save_pindex;
3649 vm_page_flag_clear(m, PG_WRITEABLE);
3650 if (!pmap_initialized || (m->flags & PG_FICTITIOUS)) {
3654 pmap_inval_init(&info);
3657 * Loop over all current mappings setting/clearing as appropos If
3658 * setting RO do we need to clear the VAC?
3660 vm_page_spin_lock(m);
3662 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3664 * don't write protect pager mappings
3667 if (!pmap_track_modified(pv->pv_pindex))
3671 #if defined(PMAP_DIAGNOSTIC)
3672 if (pv->pv_pmap == NULL) {
3673 kprintf("Null pmap (cb) at pindex: %"PRIu64"\n",
3680 * Careful here. We can use a locked bus instruction to
3681 * clear PG_A or PG_M safely but we need to synchronize
3682 * with the target cpus when we mess with PG_RW.
3684 * We do not have to force synchronization when clearing
3685 * PG_M even for PTEs generated via virtual memory maps,
3686 * because the virtual kernel will invalidate the pmap
3687 * entry when/if it needs to resynchronize the Modify bit.
3690 save_pmap = pv->pv_pmap;
3691 save_pindex = pv->pv_pindex;
3693 vm_page_spin_unlock(m);
3694 pmap_inval_interlock(&info, save_pmap,
3695 (vm_offset_t)save_pindex << PAGE_SHIFT);
3696 vm_page_spin_lock(m);
3697 if (pv->pv_pmap == NULL) {
3703 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
3710 atomic_clear_long(pte, PG_M|PG_RW);
3713 * The cpu may be trying to set PG_M
3714 * simultaniously with our clearing
3717 if (!atomic_cmpset_long(pte, pbits,
3721 } else if (bit == PG_M) {
3723 * We could also clear PG_RW here to force
3724 * a fault on write to redetect PG_M for
3725 * virtual kernels, but it isn't necessary
3726 * since virtual kernels invalidate the pte
3727 * when they clear the VPTE_M bit in their
3728 * virtual page tables.
3730 atomic_clear_long(pte, PG_M);
3732 atomic_clear_long(pte, bit);
3736 save_pmap = pv->pv_pmap;
3738 vm_page_spin_unlock(m);
3739 pmap_inval_deinterlock(&info, save_pmap);
3740 vm_page_spin_lock(m);
3741 if (pv->pv_pmap == NULL) {
3748 vm_page_spin_unlock(m);
3749 pmap_inval_done(&info);
3753 * Lower the permission for all mappings to a given page.
3755 * Page must be busied by caller.
3758 pmap_page_protect(vm_page_t m, vm_prot_t prot)
3760 /* JG NX support? */
3761 if ((prot & VM_PROT_WRITE) == 0) {
3762 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
3764 * NOTE: pmap_clearbit(.. PG_RW) also clears
3765 * the PG_WRITEABLE flag in (m).
3767 pmap_clearbit(m, PG_RW);
3775 pmap_phys_address(vm_pindex_t ppn)
3777 return (x86_64_ptob(ppn));
3781 * Return a count of reference bits for a page, clearing those bits.
3782 * It is not necessary for every reference bit to be cleared, but it
3783 * is necessary that 0 only be returned when there are truly no
3784 * reference bits set.
3786 * XXX: The exact number of bits to check and clear is a matter that
3787 * should be tested and standardized at some point in the future for
3788 * optimal aging of shared pages.
3790 * This routine may not block.
3793 pmap_ts_referenced(vm_page_t m)
3799 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
3802 vm_page_spin_lock(m);
3803 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3804 if (!pmap_track_modified(pv->pv_pindex))
3806 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
3807 if (pte && (*pte & PG_A)) {
3809 atomic_clear_long(pte, PG_A);
3811 atomic_clear_long_nonlocked(pte, PG_A);
3818 vm_page_spin_unlock(m);
3825 * Return whether or not the specified physical page was modified
3826 * in any physical maps.
3829 pmap_is_modified(vm_page_t m)
3833 res = pmap_testbit(m, PG_M);
3838 * Clear the modify bits on the specified physical page.
3841 pmap_clear_modify(vm_page_t m)
3843 pmap_clearbit(m, PG_M);
3847 * pmap_clear_reference:
3849 * Clear the reference bit on the specified physical page.
3852 pmap_clear_reference(vm_page_t m)
3854 pmap_clearbit(m, PG_A);
3858 * Miscellaneous support routines follow
3863 i386_protection_init(void)
3867 /* JG NX support may go here; No VM_PROT_EXECUTE ==> set NX bit */
3868 kp = protection_codes;
3869 for (prot = 0; prot < 8; prot++) {
3871 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_NONE:
3873 * Read access is also 0. There isn't any execute bit,
3874 * so just make it readable.
3876 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_NONE:
3877 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_EXECUTE:
3878 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_EXECUTE:
3881 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_NONE:
3882 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_EXECUTE:
3883 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_NONE:
3884 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
3892 * Map a set of physical memory pages into the kernel virtual
3893 * address space. Return a pointer to where it is mapped. This
3894 * routine is intended to be used for mapping device memory,
3897 * NOTE: we can't use pgeflag unless we invalidate the pages one at
3901 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
3903 vm_offset_t va, tmpva, offset;
3906 offset = pa & PAGE_MASK;
3907 size = roundup(offset + size, PAGE_SIZE);
3909 va = kmem_alloc_nofault(&kernel_map, size, PAGE_SIZE);
3911 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3913 pa = pa & ~PAGE_MASK;
3914 for (tmpva = va; size > 0;) {
3915 pte = vtopte(tmpva);
3916 *pte = pa | PG_RW | PG_V; /* | pgeflag; */
3924 return ((void *)(va + offset));
3928 pmap_mapdev_uncacheable(vm_paddr_t pa, vm_size_t size)
3930 vm_offset_t va, tmpva, offset;
3933 offset = pa & PAGE_MASK;
3934 size = roundup(offset + size, PAGE_SIZE);
3936 va = kmem_alloc_nofault(&kernel_map, size, PAGE_SIZE);
3938 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3940 pa = pa & ~PAGE_MASK;
3941 for (tmpva = va; size > 0;) {
3942 pte = vtopte(tmpva);
3943 *pte = pa | PG_RW | PG_V | PG_N; /* | pgeflag; */
3951 return ((void *)(va + offset));
3955 pmap_unmapdev(vm_offset_t va, vm_size_t size)
3957 vm_offset_t base, offset;
3959 base = va & ~PAGE_MASK;
3960 offset = va & PAGE_MASK;
3961 size = roundup(offset + size, PAGE_SIZE);
3962 pmap_qremove(va, size >> PAGE_SHIFT);
3963 kmem_free(&kernel_map, base, size);
3967 * perform the pmap work for mincore
3970 pmap_mincore(pmap_t pmap, vm_offset_t addr)
3972 pt_entry_t *ptep, pte;
3976 lwkt_gettoken(&pmap->pm_token);
3977 ptep = pmap_pte(pmap, addr);
3979 if (ptep && (pte = *ptep) != 0) {
3982 val = MINCORE_INCORE;
3983 if ((pte & PG_MANAGED) == 0)
3986 pa = pte & PG_FRAME;
3988 m = PHYS_TO_VM_PAGE(pa);
3994 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
3996 * Modified by someone
3998 else if (m->dirty || pmap_is_modified(m))
3999 val |= MINCORE_MODIFIED_OTHER;
4004 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
4007 * Referenced by someone
4009 else if ((m->flags & PG_REFERENCED) || pmap_ts_referenced(m)) {
4010 val |= MINCORE_REFERENCED_OTHER;
4011 vm_page_flag_set(m, PG_REFERENCED);
4015 lwkt_reltoken(&pmap->pm_token);
4021 * Replace p->p_vmspace with a new one. If adjrefs is non-zero the new
4022 * vmspace will be ref'd and the old one will be deref'd.
4024 * The vmspace for all lwps associated with the process will be adjusted
4025 * and cr3 will be reloaded if any lwp is the current lwp.
4027 * The process must hold the vmspace->vm_map.token for oldvm and newvm
4030 pmap_replacevm(struct proc *p, struct vmspace *newvm, int adjrefs)
4032 struct vmspace *oldvm;
4035 oldvm = p->p_vmspace;
4036 if (oldvm != newvm) {
4038 sysref_get(&newvm->vm_sysref);
4039 p->p_vmspace = newvm;
4040 KKASSERT(p->p_nthreads == 1);
4041 lp = RB_ROOT(&p->p_lwp_tree);
4042 pmap_setlwpvm(lp, newvm);
4044 sysref_put(&oldvm->vm_sysref);
4049 * Set the vmspace for a LWP. The vmspace is almost universally set the
4050 * same as the process vmspace, but virtual kernels need to swap out contexts
4051 * on a per-lwp basis.
4053 * Caller does not necessarily hold any vmspace tokens. Caller must control
4054 * the lwp (typically be in the context of the lwp). We use a critical
4055 * section to protect against statclock and hardclock (statistics collection).
4058 pmap_setlwpvm(struct lwp *lp, struct vmspace *newvm)
4060 struct vmspace *oldvm;
4063 oldvm = lp->lwp_vmspace;
4065 if (oldvm != newvm) {
4067 lp->lwp_vmspace = newvm;
4068 if (curthread->td_lwp == lp) {
4069 pmap = vmspace_pmap(newvm);
4071 atomic_set_cpumask(&pmap->pm_active, mycpu->gd_cpumask);
4072 if (pmap->pm_active & CPUMASK_LOCK)
4073 pmap_interlock_wait(newvm);
4075 pmap->pm_active |= 1;
4077 #if defined(SWTCH_OPTIM_STATS)
4080 curthread->td_pcb->pcb_cr3 = vtophys(pmap->pm_pml4);
4081 curthread->td_pcb->pcb_cr3 |= PG_RW | PG_U | PG_V;
4082 load_cr3(curthread->td_pcb->pcb_cr3);
4083 pmap = vmspace_pmap(oldvm);
4085 atomic_clear_cpumask(&pmap->pm_active, mycpu->gd_cpumask);
4087 pmap->pm_active &= ~(cpumask_t)1;
4097 * Called when switching to a locked pmap, used to interlock against pmaps
4098 * undergoing modifications to prevent us from activating the MMU for the
4099 * target pmap until all such modifications have completed. We have to do
4100 * this because the thread making the modifications has already set up its
4101 * SMP synchronization mask.
4106 pmap_interlock_wait(struct vmspace *vm)
4108 struct pmap *pmap = &vm->vm_pmap;
4110 if (pmap->pm_active & CPUMASK_LOCK) {
4112 DEBUG_PUSH_INFO("pmap_interlock_wait");
4113 while (pmap->pm_active & CPUMASK_LOCK) {
4115 lwkt_process_ipiq();
4125 pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
4128 if ((obj == NULL) || (size < NBPDR) || (obj->type != OBJT_DEVICE)) {
4132 addr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
4137 * Used by kmalloc/kfree, page already exists at va
4140 pmap_kvtom(vm_offset_t va)
4142 return(PHYS_TO_VM_PAGE(*vtopte(va) & PG_FRAME));
projects / dragonfly.git / blob