2 * Copyright (c) 1991 Regents of the University of California.
3 * Copyright (c) 1994 John S. Dyson
4 * Copyright (c) 1994 David Greenman
5 * Copyright (c) 2003 Peter Wemm
6 * Copyright (c) 2005-2008 Alan L. Cox <alc@cs.rice.edu>
7 * Copyright (c) 2008, 2009 The DragonFly Project.
8 * Copyright (c) 2008, 2009 Jordan Gordeev.
9 * Copyright (c) 2011-2012 Matthew Dillon
10 * All rights reserved.
12 * This code is derived from software contributed to Berkeley by
13 * the Systems Programming Group of the University of Utah Computer
14 * Science Department and William Jolitz of UUNET Technologies Inc.
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. All advertising materials mentioning features or use of this software
25 * must display the following acknowledgement:
26 * This product includes software developed by the University of
27 * California, Berkeley and its contributors.
28 * 4. Neither the name of the University nor the names of its contributors
29 * may be used to endorse or promote products derived from this software
30 * without specific prior written permission.
32 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45 * Manage physical address maps for x86-64 systems.
49 #include "opt_disable_pse.h"
52 #include "opt_msgbuf.h"
54 #include <sys/param.h>
55 #include <sys/kernel.h>
57 #include <sys/msgbuf.h>
58 #include <sys/vmmeter.h>
60 #include <sys/systm.h>
63 #include <vm/vm_param.h>
64 #include <sys/sysctl.h>
66 #include <vm/vm_kern.h>
67 #include <vm/vm_page.h>
68 #include <vm/vm_map.h>
69 #include <vm/vm_object.h>
70 #include <vm/vm_extern.h>
71 #include <vm/vm_pageout.h>
72 #include <vm/vm_pager.h>
73 #include <vm/vm_zone.h>
76 #include <sys/thread2.h>
77 #include <sys/sysref2.h>
78 #include <sys/spinlock2.h>
79 #include <vm/vm_page2.h>
81 #include <machine/cputypes.h>
82 #include <machine/md_var.h>
83 #include <machine/specialreg.h>
84 #include <machine/smp.h>
85 #include <machine_base/apic/apicreg.h>
86 #include <machine/globaldata.h>
87 #include <machine/pmap.h>
88 #include <machine/pmap_inval.h>
89 #include <machine/inttypes.h>
93 #define PMAP_KEEP_PDIRS
94 #ifndef PMAP_SHPGPERPROC
95 #define PMAP_SHPGPERPROC 2000
98 #if defined(DIAGNOSTIC)
99 #define PMAP_DIAGNOSTIC
105 * pmap debugging will report who owns a pv lock when blocking.
109 #define PMAP_DEBUG_DECL ,const char *func, int lineno
110 #define PMAP_DEBUG_ARGS , __func__, __LINE__
111 #define PMAP_DEBUG_COPY , func, lineno
113 #define pv_get(pmap, pindex) _pv_get(pmap, pindex \
115 #define pv_lock(pv) _pv_lock(pv \
117 #define pv_hold_try(pv) _pv_hold_try(pv \
119 #define pv_alloc(pmap, pindex, isnewp) _pv_alloc(pmap, pindex, isnewp \
124 #define PMAP_DEBUG_DECL
125 #define PMAP_DEBUG_ARGS
126 #define PMAP_DEBUG_COPY
128 #define pv_get(pmap, pindex) _pv_get(pmap, pindex)
129 #define pv_lock(pv) _pv_lock(pv)
130 #define pv_hold_try(pv) _pv_hold_try(pv)
131 #define pv_alloc(pmap, pindex, isnewp) _pv_alloc(pmap, pindex, isnewp)
136 * Get PDEs and PTEs for user/kernel address space
138 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
140 #define pmap_pde_v(pmap, pte) ((*(pd_entry_t *)pte & pmap->pmap_bits[PG_V_IDX]) != 0)
141 #define pmap_pte_w(pmap, pte) ((*(pt_entry_t *)pte & pmap->pmap_bits[PG_W_IDX]) != 0)
142 #define pmap_pte_m(pmap, pte) ((*(pt_entry_t *)pte & pmap->pmap_bits[PG_M_IDX]) != 0)
143 #define pmap_pte_u(pmap, pte) ((*(pt_entry_t *)pte & pmap->pmap_bits[PG_U_IDX]) != 0)
144 #define pmap_pte_v(pmap, pte) ((*(pt_entry_t *)pte & pmap->pmap_bits[PG_V_IDX]) != 0)
147 * Given a map and a machine independent protection code,
148 * convert to a vax protection code.
150 #define pte_prot(m, p) \
151 (m->protection_codes[p & (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)])
152 static int protection_codes[PROTECTION_CODES_SIZE];
154 struct pmap kernel_pmap;
155 static TAILQ_HEAD(,pmap) pmap_list = TAILQ_HEAD_INITIALIZER(pmap_list);
157 MALLOC_DEFINE(M_OBJPMAP, "objpmap", "pmaps associated with VM objects");
159 vm_paddr_t avail_start; /* PA of first available physical page */
160 vm_paddr_t avail_end; /* PA of last available physical page */
161 vm_offset_t virtual2_start; /* cutout free area prior to kernel start */
162 vm_offset_t virtual2_end;
163 vm_offset_t virtual_start; /* VA of first avail page (after kernel bss) */
164 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
165 vm_offset_t KvaStart; /* VA start of KVA space */
166 vm_offset_t KvaEnd; /* VA end of KVA space (non-inclusive) */
167 vm_offset_t KvaSize; /* max size of kernel virtual address space */
168 static boolean_t pmap_initialized = FALSE; /* Has pmap_init completed? */
169 //static int pgeflag; /* PG_G or-in */
170 //static int pseflag; /* PG_PS or-in */
174 static vm_paddr_t dmaplimit;
176 vm_offset_t kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
178 static pt_entry_t pat_pte_index[PAT_INDEX_SIZE]; /* PAT -> PG_ bits */
179 /*static pt_entry_t pat_pde_index[PAT_INDEX_SIZE];*/ /* PAT -> PG_ bits */
181 static uint64_t KPTbase;
182 static uint64_t KPTphys;
183 static uint64_t KPDphys; /* phys addr of kernel level 2 */
184 static uint64_t KPDbase; /* phys addr of kernel level 2 @ KERNBASE */
185 uint64_t KPDPphys; /* phys addr of kernel level 3 */
186 uint64_t KPML4phys; /* phys addr of kernel level 4 */
188 static uint64_t DMPDphys; /* phys addr of direct mapped level 2 */
189 static uint64_t DMPDPphys; /* phys addr of direct mapped level 3 */
192 * Data for the pv entry allocation mechanism
194 static vm_zone_t pvzone;
195 static struct vm_zone pvzone_store;
196 static struct vm_object pvzone_obj;
197 static int pv_entry_max=0, pv_entry_high_water=0;
198 static int pmap_pagedaemon_waken = 0;
199 static struct pv_entry *pvinit;
202 * All those kernel PT submaps that BSD is so fond of
204 pt_entry_t *CMAP1 = NULL, *ptmmap;
205 caddr_t CADDR1 = NULL, ptvmmap = NULL;
206 static pt_entry_t *msgbufmap;
207 struct msgbuf *msgbufp=NULL;
210 * PMAP default PG_* bits. Needed to be able to add
211 * EPT/NPT pagetable pmap_bits for the VMM module
213 uint64_t pmap_bits_default[] = {
214 REGULAR_PMAP, /* TYPE_IDX 0 */
215 X86_PG_V, /* PG_V_IDX 1 */
216 X86_PG_RW, /* PG_RW_IDX 2 */
217 X86_PG_U, /* PG_U_IDX 3 */
218 X86_PG_A, /* PG_A_IDX 4 */
219 X86_PG_M, /* PG_M_IDX 5 */
220 X86_PG_PS, /* PG_PS_IDX3 6 */
221 X86_PG_G, /* PG_G_IDX 7 */
222 X86_PG_AVAIL1, /* PG_AVAIL1_IDX 8 */
223 X86_PG_AVAIL2, /* PG_AVAIL2_IDX 9 */
224 X86_PG_AVAIL3, /* PG_AVAIL3_IDX 10 */
225 X86_PG_NC_PWT | X86_PG_NC_PCD, /* PG_N_IDX 11 */
230 static pt_entry_t *pt_crashdumpmap;
231 static caddr_t crashdumpmap;
234 static int pmap_enter_debug = 0;
235 SYSCTL_INT(_machdep, OID_AUTO, pmap_enter_debug, CTLFLAG_RW,
236 &pmap_enter_debug, 0, "Debug pmap_enter's");
238 static int pmap_yield_count = 64;
239 SYSCTL_INT(_machdep, OID_AUTO, pmap_yield_count, CTLFLAG_RW,
240 &pmap_yield_count, 0, "Yield during init_pt/release");
241 static int pmap_mmu_optimize = 0;
242 SYSCTL_INT(_machdep, OID_AUTO, pmap_mmu_optimize, CTLFLAG_RW,
243 &pmap_mmu_optimize, 0, "Share page table pages when possible");
247 /* Standard user access funtions */
248 extern int std_copyinstr (const void *udaddr, void *kaddr, size_t len,
250 extern int std_copyin (const void *udaddr, void *kaddr, size_t len);
251 extern int std_copyout (const void *kaddr, void *udaddr, size_t len);
252 extern int std_fubyte (const void *base);
253 extern int std_subyte (void *base, int byte);
254 extern long std_fuword (const void *base);
255 extern int std_suword (void *base, long word);
256 extern int std_suword32 (void *base, int word);
258 static void pv_hold(pv_entry_t pv);
259 static int _pv_hold_try(pv_entry_t pv
261 static void pv_drop(pv_entry_t pv);
262 static void _pv_lock(pv_entry_t pv
264 static void pv_unlock(pv_entry_t pv);
265 static pv_entry_t _pv_alloc(pmap_t pmap, vm_pindex_t pindex, int *isnew
267 static pv_entry_t _pv_get(pmap_t pmap, vm_pindex_t pindex
269 static pv_entry_t pv_get_try(pmap_t pmap, vm_pindex_t pindex, int *errorp);
270 static pv_entry_t pv_find(pmap_t pmap, vm_pindex_t pindex);
271 static void pv_put(pv_entry_t pv);
272 static void pv_free(pv_entry_t pv);
273 static void *pv_pte_lookup(pv_entry_t pv, vm_pindex_t pindex);
274 static pv_entry_t pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex,
276 static pv_entry_t pmap_allocpte_seg(pmap_t pmap, vm_pindex_t ptepindex,
277 pv_entry_t *pvpp, vm_map_entry_t entry, vm_offset_t va);
278 static void pmap_remove_pv_pte(pv_entry_t pv, pv_entry_t pvp,
279 struct pmap_inval_info *info);
280 static vm_page_t pmap_remove_pv_page(pv_entry_t pv);
281 static int pmap_release_pv( struct pmap_inval_info *info,
282 pv_entry_t pv, pv_entry_t pvp);
284 struct pmap_scan_info;
285 static void pmap_remove_callback(pmap_t pmap, struct pmap_scan_info *info,
286 pv_entry_t pte_pv, pv_entry_t pt_pv, int sharept,
287 vm_offset_t va, pt_entry_t *ptep, void *arg __unused);
288 static void pmap_protect_callback(pmap_t pmap, struct pmap_scan_info *info,
289 pv_entry_t pte_pv, pv_entry_t pt_pv, int sharept,
290 vm_offset_t va, pt_entry_t *ptep, void *arg __unused);
292 static void i386_protection_init (void);
293 static void create_pagetables(vm_paddr_t *firstaddr);
294 static void pmap_remove_all (vm_page_t m);
295 static boolean_t pmap_testbit (vm_page_t m, int bit);
297 static pt_entry_t * pmap_pte_quick (pmap_t pmap, vm_offset_t va);
298 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
300 static void pmap_pinit_defaults(struct pmap *pmap);
302 static unsigned pdir4mb;
305 pv_entry_compare(pv_entry_t pv1, pv_entry_t pv2)
307 if (pv1->pv_pindex < pv2->pv_pindex)
309 if (pv1->pv_pindex > pv2->pv_pindex)
314 RB_GENERATE2(pv_entry_rb_tree, pv_entry, pv_entry,
315 pv_entry_compare, vm_pindex_t, pv_pindex);
319 pmap_page_stats_adding(vm_page_t m)
321 globaldata_t gd = mycpu;
323 if (TAILQ_EMPTY(&m->md.pv_list)) {
324 ++gd->gd_vmtotal.t_arm;
325 } else if (TAILQ_FIRST(&m->md.pv_list) ==
326 TAILQ_LAST(&m->md.pv_list, md_page_pv_list)) {
327 ++gd->gd_vmtotal.t_armshr;
328 ++gd->gd_vmtotal.t_avmshr;
330 ++gd->gd_vmtotal.t_avmshr;
336 pmap_page_stats_deleting(vm_page_t m)
338 globaldata_t gd = mycpu;
340 if (TAILQ_EMPTY(&m->md.pv_list)) {
341 --gd->gd_vmtotal.t_arm;
342 } else if (TAILQ_FIRST(&m->md.pv_list) ==
343 TAILQ_LAST(&m->md.pv_list, md_page_pv_list)) {
344 --gd->gd_vmtotal.t_armshr;
345 --gd->gd_vmtotal.t_avmshr;
347 --gd->gd_vmtotal.t_avmshr;
352 * Move the kernel virtual free pointer to the next
353 * 2MB. This is used to help improve performance
354 * by using a large (2MB) page for much of the kernel
355 * (.text, .data, .bss)
359 pmap_kmem_choose(vm_offset_t addr)
361 vm_offset_t newaddr = addr;
363 newaddr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
370 * Super fast pmap_pte routine best used when scanning the pv lists.
371 * This eliminates many course-grained invltlb calls. Note that many of
372 * the pv list scans are across different pmaps and it is very wasteful
373 * to do an entire invltlb when checking a single mapping.
375 static __inline pt_entry_t *pmap_pte(pmap_t pmap, vm_offset_t va);
379 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
381 return pmap_pte(pmap, va);
385 * Returns the pindex of a page table entry (representing a terminal page).
386 * There are NUPTE_TOTAL page table entries possible (a huge number)
388 * x86-64 has a 48-bit address space, where bit 47 is sign-extended out.
389 * We want to properly translate negative KVAs.
393 pmap_pte_pindex(vm_offset_t va)
395 return ((va >> PAGE_SHIFT) & (NUPTE_TOTAL - 1));
399 * Returns the pindex of a page table.
403 pmap_pt_pindex(vm_offset_t va)
405 return (NUPTE_TOTAL + ((va >> PDRSHIFT) & (NUPT_TOTAL - 1)));
409 * Returns the pindex of a page directory.
413 pmap_pd_pindex(vm_offset_t va)
415 return (NUPTE_TOTAL + NUPT_TOTAL +
416 ((va >> PDPSHIFT) & (NUPD_TOTAL - 1)));
421 pmap_pdp_pindex(vm_offset_t va)
423 return (NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL +
424 ((va >> PML4SHIFT) & (NUPDP_TOTAL - 1)));
429 pmap_pml4_pindex(void)
431 return (NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL + NUPDP_TOTAL);
435 * Return various clipped indexes for a given VA
437 * Returns the index of a pte in a page table, representing a terminal
442 pmap_pte_index(vm_offset_t va)
444 return ((va >> PAGE_SHIFT) & ((1ul << NPTEPGSHIFT) - 1));
448 * Returns the index of a pt in a page directory, representing a page
453 pmap_pt_index(vm_offset_t va)
455 return ((va >> PDRSHIFT) & ((1ul << NPDEPGSHIFT) - 1));
459 * Returns the index of a pd in a page directory page, representing a page
464 pmap_pd_index(vm_offset_t va)
466 return ((va >> PDPSHIFT) & ((1ul << NPDPEPGSHIFT) - 1));
470 * Returns the index of a pdp in the pml4 table, representing a page
475 pmap_pdp_index(vm_offset_t va)
477 return ((va >> PML4SHIFT) & ((1ul << NPML4EPGSHIFT) - 1));
481 * Generic procedure to index a pte from a pt, pd, or pdp.
483 * NOTE: Normally passed pindex as pmap_xx_index(). pmap_xx_pindex() is NOT
484 * a page table page index but is instead of PV lookup index.
488 pv_pte_lookup(pv_entry_t pv, vm_pindex_t pindex)
492 pte = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pv->pv_m));
493 return(&pte[pindex]);
497 * Return pointer to PDP slot in the PML4
501 pmap_pdp(pmap_t pmap, vm_offset_t va)
503 return (&pmap->pm_pml4[pmap_pdp_index(va)]);
507 * Return pointer to PD slot in the PDP given a pointer to the PDP
511 pmap_pdp_to_pd(pml4_entry_t pdp_pte, vm_offset_t va)
515 pd = (pdp_entry_t *)PHYS_TO_DMAP(pdp_pte & PG_FRAME);
516 return (&pd[pmap_pd_index(va)]);
520 * Return pointer to PD slot in the PDP.
524 pmap_pd(pmap_t pmap, vm_offset_t va)
528 pdp = pmap_pdp(pmap, va);
529 if ((*pdp & pmap->pmap_bits[PG_V_IDX]) == 0)
531 return (pmap_pdp_to_pd(*pdp, va));
535 * Return pointer to PT slot in the PD given a pointer to the PD
539 pmap_pd_to_pt(pdp_entry_t pd_pte, vm_offset_t va)
543 pt = (pd_entry_t *)PHYS_TO_DMAP(pd_pte & PG_FRAME);
544 return (&pt[pmap_pt_index(va)]);
548 * Return pointer to PT slot in the PD
550 * SIMPLE PMAP NOTE: Simple pmaps (embedded in objects) do not have PDPs,
551 * so we cannot lookup the PD via the PDP. Instead we
552 * must look it up via the pmap.
556 pmap_pt(pmap_t pmap, vm_offset_t va)
560 vm_pindex_t pd_pindex;
562 if (pmap->pm_flags & PMAP_FLAG_SIMPLE) {
563 pd_pindex = pmap_pd_pindex(va);
564 spin_lock(&pmap->pm_spin);
565 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot, pd_pindex);
566 spin_unlock(&pmap->pm_spin);
567 if (pv == NULL || pv->pv_m == NULL)
569 return (pmap_pd_to_pt(VM_PAGE_TO_PHYS(pv->pv_m), va));
571 pd = pmap_pd(pmap, va);
572 if (pd == NULL || (*pd & pmap->pmap_bits[PG_V_IDX]) == 0)
574 return (pmap_pd_to_pt(*pd, va));
579 * Return pointer to PTE slot in the PT given a pointer to the PT
583 pmap_pt_to_pte(pd_entry_t pt_pte, vm_offset_t va)
587 pte = (pt_entry_t *)PHYS_TO_DMAP(pt_pte & PG_FRAME);
588 return (&pte[pmap_pte_index(va)]);
592 * Return pointer to PTE slot in the PT
596 pmap_pte(pmap_t pmap, vm_offset_t va)
600 pt = pmap_pt(pmap, va);
601 if (pt == NULL || (*pt & pmap->pmap_bits[PG_V_IDX]) == 0)
603 if ((*pt & pmap->pmap_bits[PG_PS_IDX]) != 0)
604 return ((pt_entry_t *)pt);
605 return (pmap_pt_to_pte(*pt, va));
609 * Of all the layers (PTE, PT, PD, PDP, PML4) the best one to cache is
610 * the PT layer. This will speed up core pmap operations considerably.
612 * NOTE: The pmap spinlock does not need to be held but the passed-in pv
613 * must be in a known associated state (typically by being locked when
614 * the pmap spinlock isn't held). We allow the race for that case.
618 pv_cache(pv_entry_t pv, vm_pindex_t pindex)
620 if (pindex >= pmap_pt_pindex(0) && pindex <= pmap_pd_pindex(0))
621 pv->pv_pmap->pm_pvhint = pv;
626 * Return address of PT slot in PD (KVM only)
628 * Cannot be used for user page tables because it might interfere with
629 * the shared page-table-page optimization (pmap_mmu_optimize).
633 vtopt(vm_offset_t va)
635 uint64_t mask = ((1ul << (NPDEPGSHIFT + NPDPEPGSHIFT +
636 NPML4EPGSHIFT)) - 1);
638 return (PDmap + ((va >> PDRSHIFT) & mask));
642 * KVM - return address of PTE slot in PT
646 vtopte(vm_offset_t va)
648 uint64_t mask = ((1ul << (NPTEPGSHIFT + NPDEPGSHIFT +
649 NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
651 return (PTmap + ((va >> PAGE_SHIFT) & mask));
655 allocpages(vm_paddr_t *firstaddr, long n)
660 bzero((void *)ret, n * PAGE_SIZE);
661 *firstaddr += n * PAGE_SIZE;
667 create_pagetables(vm_paddr_t *firstaddr)
669 long i; /* must be 64 bits */
675 * We are running (mostly) V=P at this point
677 * Calculate NKPT - number of kernel page tables. We have to
678 * accomodoate prealloction of the vm_page_array, dump bitmap,
679 * MSGBUF_SIZE, and other stuff. Be generous.
681 * Maxmem is in pages.
683 * ndmpdp is the number of 1GB pages we wish to map.
685 ndmpdp = (ptoa(Maxmem) + NBPDP - 1) >> PDPSHIFT;
686 if (ndmpdp < 4) /* Minimum 4GB of dirmap */
688 KKASSERT(ndmpdp <= NKPDPE * NPDEPG);
691 * Starting at the beginning of kvm (not KERNBASE).
693 nkpt_phys = (Maxmem * sizeof(struct vm_page) + NBPDR - 1) / NBPDR;
694 nkpt_phys += (Maxmem * sizeof(struct pv_entry) + NBPDR - 1) / NBPDR;
695 nkpt_phys += ((nkpt + nkpt + 1 + NKPML4E + NKPDPE + NDMPML4E +
696 ndmpdp) + 511) / 512;
700 * Starting at KERNBASE - map 2G worth of page table pages.
701 * KERNBASE is offset -2G from the end of kvm.
703 nkpt_base = (NPDPEPG - KPDPI) * NPTEPG; /* typically 2 x 512 */
708 KPTbase = allocpages(firstaddr, nkpt_base);
709 KPTphys = allocpages(firstaddr, nkpt_phys);
710 KPML4phys = allocpages(firstaddr, 1);
711 KPDPphys = allocpages(firstaddr, NKPML4E);
712 KPDphys = allocpages(firstaddr, NKPDPE);
715 * Calculate the page directory base for KERNBASE,
716 * that is where we start populating the page table pages.
717 * Basically this is the end - 2.
719 KPDbase = KPDphys + ((NKPDPE - (NPDPEPG - KPDPI)) << PAGE_SHIFT);
721 DMPDPphys = allocpages(firstaddr, NDMPML4E);
722 if ((amd_feature & AMDID_PAGE1GB) == 0)
723 DMPDphys = allocpages(firstaddr, ndmpdp);
724 dmaplimit = (vm_paddr_t)ndmpdp << PDPSHIFT;
727 * Fill in the underlying page table pages for the area around
728 * KERNBASE. This remaps low physical memory to KERNBASE.
730 * Read-only from zero to physfree
731 * XXX not fully used, underneath 2M pages
733 for (i = 0; (i << PAGE_SHIFT) < *firstaddr; i++) {
734 ((pt_entry_t *)KPTbase)[i] = i << PAGE_SHIFT;
735 ((pt_entry_t *)KPTbase)[i] |=
736 pmap_bits_default[PG_RW_IDX] |
737 pmap_bits_default[PG_V_IDX] |
738 pmap_bits_default[PG_G_IDX];
742 * Now map the initial kernel page tables. One block of page
743 * tables is placed at the beginning of kernel virtual memory,
744 * and another block is placed at KERNBASE to map the kernel binary,
745 * data, bss, and initial pre-allocations.
747 for (i = 0; i < nkpt_base; i++) {
748 ((pd_entry_t *)KPDbase)[i] = KPTbase + (i << PAGE_SHIFT);
749 ((pd_entry_t *)KPDbase)[i] |=
750 pmap_bits_default[PG_RW_IDX] |
751 pmap_bits_default[PG_V_IDX];
753 for (i = 0; i < nkpt_phys; i++) {
754 ((pd_entry_t *)KPDphys)[i] = KPTphys + (i << PAGE_SHIFT);
755 ((pd_entry_t *)KPDphys)[i] |=
756 pmap_bits_default[PG_RW_IDX] |
757 pmap_bits_default[PG_V_IDX];
761 * Map from zero to end of allocations using 2M pages as an
762 * optimization. This will bypass some of the KPTBase pages
763 * above in the KERNBASE area.
765 for (i = 0; (i << PDRSHIFT) < *firstaddr; i++) {
766 ((pd_entry_t *)KPDbase)[i] = i << PDRSHIFT;
767 ((pd_entry_t *)KPDbase)[i] |=
768 pmap_bits_default[PG_RW_IDX] |
769 pmap_bits_default[PG_V_IDX] |
770 pmap_bits_default[PG_PS_IDX] |
771 pmap_bits_default[PG_G_IDX];
775 * And connect up the PD to the PDP. The kernel pmap is expected
776 * to pre-populate all of its PDs. See NKPDPE in vmparam.h.
778 for (i = 0; i < NKPDPE; i++) {
779 ((pdp_entry_t *)KPDPphys)[NPDPEPG - NKPDPE + i] =
780 KPDphys + (i << PAGE_SHIFT);
781 ((pdp_entry_t *)KPDPphys)[NPDPEPG - NKPDPE + i] |=
782 pmap_bits_default[PG_RW_IDX] |
783 pmap_bits_default[PG_V_IDX] |
784 pmap_bits_default[PG_U_IDX];
788 * Now set up the direct map space using either 2MB or 1GB pages
789 * Preset PG_M and PG_A because demotion expects it.
791 * When filling in entries in the PD pages make sure any excess
792 * entries are set to zero as we allocated enough PD pages
794 if ((amd_feature & AMDID_PAGE1GB) == 0) {
795 for (i = 0; i < NPDEPG * ndmpdp; i++) {
796 ((pd_entry_t *)DMPDphys)[i] = i << PDRSHIFT;
797 ((pd_entry_t *)DMPDphys)[i] |=
798 pmap_bits_default[PG_RW_IDX] |
799 pmap_bits_default[PG_V_IDX] |
800 pmap_bits_default[PG_PS_IDX] |
801 pmap_bits_default[PG_G_IDX] |
802 pmap_bits_default[PG_M_IDX] |
803 pmap_bits_default[PG_A_IDX];
807 * And the direct map space's PDP
809 for (i = 0; i < ndmpdp; i++) {
810 ((pdp_entry_t *)DMPDPphys)[i] = DMPDphys +
812 ((pdp_entry_t *)DMPDPphys)[i] |=
813 pmap_bits_default[PG_RW_IDX] |
814 pmap_bits_default[PG_V_IDX] |
815 pmap_bits_default[PG_U_IDX];
818 for (i = 0; i < ndmpdp; i++) {
819 ((pdp_entry_t *)DMPDPphys)[i] =
820 (vm_paddr_t)i << PDPSHIFT;
821 ((pdp_entry_t *)DMPDPphys)[i] |=
822 pmap_bits_default[PG_RW_IDX] |
823 pmap_bits_default[PG_V_IDX] |
824 pmap_bits_default[PG_PS_IDX] |
825 pmap_bits_default[PG_G_IDX] |
826 pmap_bits_default[PG_M_IDX] |
827 pmap_bits_default[PG_A_IDX];
831 /* And recursively map PML4 to itself in order to get PTmap */
832 ((pdp_entry_t *)KPML4phys)[PML4PML4I] = KPML4phys;
833 ((pdp_entry_t *)KPML4phys)[PML4PML4I] |=
834 pmap_bits_default[PG_RW_IDX] |
835 pmap_bits_default[PG_V_IDX] |
836 pmap_bits_default[PG_U_IDX];
839 * Connect the Direct Map slots up to the PML4
841 for (j = 0; j < NDMPML4E; ++j) {
842 ((pdp_entry_t *)KPML4phys)[DMPML4I + j] =
843 (DMPDPphys + ((vm_paddr_t)j << PML4SHIFT)) |
844 pmap_bits_default[PG_RW_IDX] |
845 pmap_bits_default[PG_V_IDX] |
846 pmap_bits_default[PG_U_IDX];
850 * Connect the KVA slot up to the PML4
852 ((pdp_entry_t *)KPML4phys)[KPML4I] = KPDPphys;
853 ((pdp_entry_t *)KPML4phys)[KPML4I] |=
854 pmap_bits_default[PG_RW_IDX] |
855 pmap_bits_default[PG_V_IDX] |
856 pmap_bits_default[PG_U_IDX];
860 * Bootstrap the system enough to run with virtual memory.
862 * On the i386 this is called after mapping has already been enabled
863 * and just syncs the pmap module with what has already been done.
864 * [We can't call it easily with mapping off since the kernel is not
865 * mapped with PA == VA, hence we would have to relocate every address
866 * from the linked base (virtual) address "KERNBASE" to the actual
867 * (physical) address starting relative to 0]
870 pmap_bootstrap(vm_paddr_t *firstaddr)
875 KvaStart = VM_MIN_KERNEL_ADDRESS;
876 KvaEnd = VM_MAX_KERNEL_ADDRESS;
877 KvaSize = KvaEnd - KvaStart;
879 avail_start = *firstaddr;
882 * Create an initial set of page tables to run the kernel in.
884 create_pagetables(firstaddr);
886 virtual2_start = KvaStart;
887 virtual2_end = PTOV_OFFSET;
889 virtual_start = (vm_offset_t) PTOV_OFFSET + *firstaddr;
890 virtual_start = pmap_kmem_choose(virtual_start);
892 virtual_end = VM_MAX_KERNEL_ADDRESS;
894 /* XXX do %cr0 as well */
895 load_cr4(rcr4() | CR4_PGE | CR4_PSE);
899 * Initialize protection array.
901 i386_protection_init();
904 * The kernel's pmap is statically allocated so we don't have to use
905 * pmap_create, which is unlikely to work correctly at this part of
906 * the boot sequence (XXX and which no longer exists).
908 kernel_pmap.pm_pml4 = (pdp_entry_t *) (PTOV_OFFSET + KPML4phys);
909 kernel_pmap.pm_count = 1;
910 kernel_pmap.pm_active = (cpumask_t)-1;
911 RB_INIT(&kernel_pmap.pm_pvroot);
912 spin_init(&kernel_pmap.pm_spin);
913 lwkt_token_init(&kernel_pmap.pm_token, "kpmap_tok");
916 * Reserve some special page table entries/VA space for temporary
919 #define SYSMAP(c, p, v, n) \
920 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
926 * CMAP1/CMAP2 are used for zeroing and copying pages.
928 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
933 SYSMAP(caddr_t, pt_crashdumpmap, crashdumpmap, MAXDUMPPGS);
936 * ptvmmap is used for reading arbitrary physical pages via
939 SYSMAP(caddr_t, ptmmap, ptvmmap, 1)
942 * msgbufp is used to map the system message buffer.
943 * XXX msgbufmap is not used.
945 SYSMAP(struct msgbuf *, msgbufmap, msgbufp,
946 atop(round_page(MSGBUF_SIZE)))
953 * PG_G is terribly broken on SMP because we IPI invltlb's in some
954 * cases rather then invl1pg. Actually, I don't even know why it
955 * works under UP because self-referential page table mappings
960 * Initialize the 4MB page size flag
964 * The 4MB page version of the initial
965 * kernel page mapping.
969 #if !defined(DISABLE_PSE)
970 if (cpu_feature & CPUID_PSE) {
973 * Note that we have enabled PSE mode
975 // pseflag = kernel_pmap.pmap_bits[PG_PS_IDX];
976 ptditmp = *(PTmap + x86_64_btop(KERNBASE));
977 ptditmp &= ~(NBPDR - 1);
978 ptditmp |= pmap_bits_default[PG_V_IDX] |
979 pmap_bits_default[PG_RW_IDX] |
980 pmap_bits_default[PG_PS_IDX] |
981 pmap_bits_default[PG_U_IDX];
988 /* Initialize the PAT MSR */
991 pmap_pinit_defaults(&kernel_pmap);
1004 * Default values mapping PATi,PCD,PWT bits at system reset.
1005 * The default values effectively ignore the PATi bit by
1006 * repeating the encodings for 0-3 in 4-7, and map the PCD
1007 * and PWT bit combinations to the expected PAT types.
1009 pat_msr = PAT_VALUE(0, PAT_WRITE_BACK) | /* 000 */
1010 PAT_VALUE(1, PAT_WRITE_THROUGH) | /* 001 */
1011 PAT_VALUE(2, PAT_UNCACHED) | /* 010 */
1012 PAT_VALUE(3, PAT_UNCACHEABLE) | /* 011 */
1013 PAT_VALUE(4, PAT_WRITE_BACK) | /* 100 */
1014 PAT_VALUE(5, PAT_WRITE_THROUGH) | /* 101 */
1015 PAT_VALUE(6, PAT_UNCACHED) | /* 110 */
1016 PAT_VALUE(7, PAT_UNCACHEABLE); /* 111 */
1017 pat_pte_index[PAT_WRITE_BACK] = 0;
1018 pat_pte_index[PAT_WRITE_THROUGH]= 0 | X86_PG_NC_PWT;
1019 pat_pte_index[PAT_UNCACHED] = X86_PG_NC_PCD;
1020 pat_pte_index[PAT_UNCACHEABLE] = X86_PG_NC_PCD | X86_PG_NC_PWT;
1021 pat_pte_index[PAT_WRITE_PROTECTED] = pat_pte_index[PAT_UNCACHEABLE];
1022 pat_pte_index[PAT_WRITE_COMBINING] = pat_pte_index[PAT_UNCACHEABLE];
1024 if (cpu_feature & CPUID_PAT) {
1026 * If we support the PAT then set-up entries for
1027 * WRITE_PROTECTED and WRITE_COMBINING using bit patterns
1030 pat_msr = (pat_msr & ~PAT_MASK(4)) |
1031 PAT_VALUE(4, PAT_WRITE_PROTECTED);
1032 pat_msr = (pat_msr & ~PAT_MASK(5)) |
1033 PAT_VALUE(5, PAT_WRITE_COMBINING);
1034 pat_pte_index[PAT_WRITE_PROTECTED] = X86_PG_PTE_PAT | 0;
1035 pat_pte_index[PAT_WRITE_COMBINING] = X86_PG_PTE_PAT | X86_PG_NC_PWT;
1038 * Then enable the PAT
1043 load_cr4(cr4 & ~CR4_PGE);
1045 /* Disable caches (CD = 1, NW = 0). */
1047 load_cr0((cr0 & ~CR0_NW) | CR0_CD);
1049 /* Flushes caches and TLBs. */
1053 /* Update PAT and index table. */
1054 wrmsr(MSR_PAT, pat_msr);
1056 /* Flush caches and TLBs again. */
1060 /* Restore caches and PGE. */
1068 * Set 4mb pdir for mp startup
1073 if (cpu_feature & CPUID_PSE) {
1074 load_cr4(rcr4() | CR4_PSE);
1075 if (pdir4mb && mycpu->gd_cpuid == 0) { /* only on BSP */
1082 * Initialize the pmap module.
1083 * Called by vm_init, to initialize any structures that the pmap
1084 * system needs to map virtual memory.
1085 * pmap_init has been enhanced to support in a fairly consistant
1086 * way, discontiguous physical memory.
1095 * Allocate memory for random pmap data structures. Includes the
1099 for (i = 0; i < vm_page_array_size; i++) {
1102 m = &vm_page_array[i];
1103 TAILQ_INIT(&m->md.pv_list);
1107 * init the pv free list
1109 initial_pvs = vm_page_array_size;
1110 if (initial_pvs < MINPV)
1111 initial_pvs = MINPV;
1112 pvzone = &pvzone_store;
1113 pvinit = (void *)kmem_alloc(&kernel_map,
1114 initial_pvs * sizeof (struct pv_entry));
1115 zbootinit(pvzone, "PV ENTRY", sizeof (struct pv_entry),
1116 pvinit, initial_pvs);
1119 * Now it is safe to enable pv_table recording.
1121 pmap_initialized = TRUE;
1125 * Initialize the address space (zone) for the pv_entries. Set a
1126 * high water mark so that the system can recover from excessive
1127 * numbers of pv entries.
1132 int shpgperproc = PMAP_SHPGPERPROC;
1135 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
1136 pv_entry_max = shpgperproc * maxproc + vm_page_array_size;
1137 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
1138 pv_entry_high_water = 9 * (pv_entry_max / 10);
1141 * Subtract out pages already installed in the zone (hack)
1143 entry_max = pv_entry_max - vm_page_array_size;
1147 zinitna(pvzone, &pvzone_obj, NULL, 0, entry_max, ZONE_INTERRUPT, 1);
1151 * Typically used to initialize a fictitious page by vm/device_pager.c
1154 pmap_page_init(struct vm_page *m)
1157 TAILQ_INIT(&m->md.pv_list);
1160 /***************************************************
1161 * Low level helper routines.....
1162 ***************************************************/
1165 * this routine defines the region(s) of memory that should
1166 * not be tested for the modified bit.
1170 pmap_track_modified(vm_pindex_t pindex)
1172 vm_offset_t va = (vm_offset_t)pindex << PAGE_SHIFT;
1173 if ((va < clean_sva) || (va >= clean_eva))
1180 * Extract the physical page address associated with the map/VA pair.
1181 * The page must be wired for this to work reliably.
1183 * XXX for the moment we're using pv_find() instead of pv_get(), as
1184 * callers might be expecting non-blocking operation.
1187 pmap_extract(pmap_t pmap, vm_offset_t va)
1194 if (va >= VM_MAX_USER_ADDRESS) {
1196 * Kernel page directories might be direct-mapped and
1197 * there is typically no PV tracking of pte's
1201 pt = pmap_pt(pmap, va);
1202 if (pt && (*pt & pmap->pmap_bits[PG_V_IDX])) {
1203 if (*pt & pmap->pmap_bits[PG_PS_IDX]) {
1204 rtval = *pt & PG_PS_FRAME;
1205 rtval |= va & PDRMASK;
1207 ptep = pmap_pt_to_pte(*pt, va);
1208 if (*pt & pmap->pmap_bits[PG_V_IDX]) {
1209 rtval = *ptep & PG_FRAME;
1210 rtval |= va & PAGE_MASK;
1216 * User pages currently do not direct-map the page directory
1217 * and some pages might not used managed PVs. But all PT's
1220 pt_pv = pv_find(pmap, pmap_pt_pindex(va));
1222 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
1223 if (*ptep & pmap->pmap_bits[PG_V_IDX]) {
1224 rtval = *ptep & PG_FRAME;
1225 rtval |= va & PAGE_MASK;
1234 * Similar to extract but checks protections, SMP-friendly short-cut for
1235 * vm_fault_page[_quick](). Can return NULL to cause the caller to
1236 * fall-through to the real fault code.
1238 * The returned page, if not NULL, is held (and not busied).
1241 pmap_fault_page_quick(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1243 if (pmap && va < VM_MAX_USER_ADDRESS) {
1251 req = pmap->pmap_bits[PG_V_IDX] |
1252 pmap->pmap_bits[PG_U_IDX];
1253 if (prot & VM_PROT_WRITE)
1254 req |= pmap->pmap_bits[PG_RW_IDX];
1256 pt_pv = pv_find(pmap, pmap_pt_pindex(va));
1259 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
1260 if ((*ptep & req) != req) {
1264 pte_pv = pv_get_try(pmap, pmap_pte_pindex(va), &error);
1265 if (pte_pv && error == 0) {
1268 if (prot & VM_PROT_WRITE)
1271 } else if (pte_pv) {
1285 * Extract the physical page address associated kernel virtual address.
1288 pmap_kextract(vm_offset_t va)
1290 pd_entry_t pt; /* pt entry in pd */
1293 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
1294 pa = DMAP_TO_PHYS(va);
1297 if (pt & kernel_pmap.pmap_bits[PG_PS_IDX]) {
1298 pa = (pt & PG_PS_FRAME) | (va & PDRMASK);
1301 * Beware of a concurrent promotion that changes the
1302 * PDE at this point! For example, vtopte() must not
1303 * be used to access the PTE because it would use the
1304 * new PDE. It is, however, safe to use the old PDE
1305 * because the page table page is preserved by the
1308 pa = *pmap_pt_to_pte(pt, va);
1309 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
1315 /***************************************************
1316 * Low level mapping routines.....
1317 ***************************************************/
1320 * Routine: pmap_kenter
1322 * Add a wired page to the KVA
1323 * NOTE! note that in order for the mapping to take effect -- you
1324 * should do an invltlb after doing the pmap_kenter().
1327 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1331 pmap_inval_info info;
1333 pmap_inval_init(&info); /* XXX remove */
1335 kernel_pmap.pmap_bits[PG_RW_IDX] |
1336 kernel_pmap.pmap_bits[PG_V_IDX];
1339 pmap_inval_interlock(&info, &kernel_pmap, va); /* XXX remove */
1341 pmap_inval_deinterlock(&info, &kernel_pmap); /* XXX remove */
1342 pmap_inval_done(&info); /* XXX remove */
1346 * Routine: pmap_kenter_quick
1348 * Similar to pmap_kenter(), except we only invalidate the
1349 * mapping on the current CPU.
1352 pmap_kenter_quick(vm_offset_t va, vm_paddr_t pa)
1358 kernel_pmap.pmap_bits[PG_RW_IDX] |
1359 kernel_pmap.pmap_bits[PG_V_IDX];
1363 cpu_invlpg((void *)va);
1367 pmap_kenter_sync(vm_offset_t va)
1369 pmap_inval_info info;
1371 pmap_inval_init(&info);
1372 pmap_inval_interlock(&info, &kernel_pmap, va);
1373 pmap_inval_deinterlock(&info, &kernel_pmap);
1374 pmap_inval_done(&info);
1378 pmap_kenter_sync_quick(vm_offset_t va)
1380 cpu_invlpg((void *)va);
1384 * remove a page from the kernel pagetables
1387 pmap_kremove(vm_offset_t va)
1390 pmap_inval_info info;
1392 pmap_inval_init(&info);
1394 pmap_inval_interlock(&info, &kernel_pmap, va);
1395 (void)pte_load_clear(pte);
1396 pmap_inval_deinterlock(&info, &kernel_pmap);
1397 pmap_inval_done(&info);
1401 pmap_kremove_quick(vm_offset_t va)
1405 (void)pte_load_clear(pte);
1406 cpu_invlpg((void *)va);
1410 * XXX these need to be recoded. They are not used in any critical path.
1413 pmap_kmodify_rw(vm_offset_t va)
1415 atomic_set_long(vtopte(va), kernel_pmap.pmap_bits[PG_RW_IDX]);
1416 cpu_invlpg((void *)va);
1421 pmap_kmodify_nc(vm_offset_t va)
1423 atomic_set_long(vtopte(va), PG_N);
1424 cpu_invlpg((void *)va);
1429 * Used to map a range of physical addresses into kernel virtual
1430 * address space during the low level boot, typically to map the
1431 * dump bitmap, message buffer, and vm_page_array.
1433 * These mappings are typically made at some pointer after the end of the
1436 * We could return PHYS_TO_DMAP(start) here and not allocate any
1437 * via (*virtp), but then kmem from userland and kernel dumps won't
1438 * have access to the related pointers.
1441 pmap_map(vm_offset_t *virtp, vm_paddr_t start, vm_paddr_t end, int prot)
1444 vm_offset_t va_start;
1446 /*return PHYS_TO_DMAP(start);*/
1451 while (start < end) {
1452 pmap_kenter_quick(va, start);
1460 #define PMAP_CLFLUSH_THRESHOLD (2 * 1024 * 1024)
1463 * Remove the specified set of pages from the data and instruction caches.
1465 * In contrast to pmap_invalidate_cache_range(), this function does not
1466 * rely on the CPU's self-snoop feature, because it is intended for use
1467 * when moving pages into a different cache domain.
1470 pmap_invalidate_cache_pages(vm_page_t *pages, int count)
1472 vm_offset_t daddr, eva;
1475 if (count >= PMAP_CLFLUSH_THRESHOLD / PAGE_SIZE ||
1476 (cpu_feature & CPUID_CLFSH) == 0)
1480 for (i = 0; i < count; i++) {
1481 daddr = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pages[i]));
1482 eva = daddr + PAGE_SIZE;
1483 for (; daddr < eva; daddr += cpu_clflush_line_size)
1491 pmap_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
1493 KASSERT((sva & PAGE_MASK) == 0,
1494 ("pmap_invalidate_cache_range: sva not page-aligned"));
1495 KASSERT((eva & PAGE_MASK) == 0,
1496 ("pmap_invalidate_cache_range: eva not page-aligned"));
1498 if (cpu_feature & CPUID_SS) {
1499 ; /* If "Self Snoop" is supported, do nothing. */
1501 /* Globally invalidate caches */
1502 cpu_wbinvd_on_all_cpus();
1506 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1508 smp_invlpg_range(pmap->pm_active, sva, eva);
1512 * Add a list of wired pages to the kva
1513 * this routine is only used for temporary
1514 * kernel mappings that do not need to have
1515 * page modification or references recorded.
1516 * Note that old mappings are simply written
1517 * over. The page *must* be wired.
1520 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
1524 end_va = va + count * PAGE_SIZE;
1526 while (va < end_va) {
1530 *pte = VM_PAGE_TO_PHYS(*m) |
1531 kernel_pmap.pmap_bits[PG_RW_IDX] |
1532 kernel_pmap.pmap_bits[PG_V_IDX] |
1533 kernel_pmap.pmap_cache_bits[(*m)->pat_mode];
1535 cpu_invlpg((void *)va);
1543 * This routine jerks page mappings from the
1544 * kernel -- it is meant only for temporary mappings.
1546 * MPSAFE, INTERRUPT SAFE (cluster callback)
1549 pmap_qremove(vm_offset_t va, int count)
1553 end_va = va + count * PAGE_SIZE;
1555 while (va < end_va) {
1559 (void)pte_load_clear(pte);
1560 cpu_invlpg((void *)va);
1567 * Create a new thread and optionally associate it with a (new) process.
1568 * NOTE! the new thread's cpu may not equal the current cpu.
1571 pmap_init_thread(thread_t td)
1573 /* enforce pcb placement & alignment */
1574 td->td_pcb = (struct pcb *)(td->td_kstack + td->td_kstack_size) - 1;
1575 td->td_pcb = (struct pcb *)((intptr_t)td->td_pcb & ~(intptr_t)0xF);
1576 td->td_savefpu = &td->td_pcb->pcb_save;
1577 td->td_sp = (char *)td->td_pcb; /* no -16 */
1581 * This routine directly affects the fork perf for a process.
1584 pmap_init_proc(struct proc *p)
1589 pmap_pinit_defaults(struct pmap *pmap)
1591 bcopy(pmap_bits_default, pmap->pmap_bits,
1592 sizeof(pmap_bits_default));
1593 bcopy(protection_codes, pmap->protection_codes,
1594 sizeof(protection_codes));
1595 bcopy(pat_pte_index, pmap->pmap_cache_bits,
1596 sizeof(pat_pte_index));
1597 pmap->pmap_cache_mask = X86_PG_NC_PWT | X86_PG_NC_PCD | X86_PG_PTE_PAT;
1598 pmap->copyinstr = std_copyinstr;
1599 pmap->copyin = std_copyin;
1600 pmap->copyout = std_copyout;
1601 pmap->fubyte = std_fubyte;
1602 pmap->subyte = std_subyte;
1603 pmap->fuword = std_fuword;
1604 pmap->suword = std_suword;
1605 pmap->suword32 = std_suword32;
1608 * Initialize pmap0/vmspace0. This pmap is not added to pmap_list because
1609 * it, and IdlePTD, represents the template used to update all other pmaps.
1611 * On architectures where the kernel pmap is not integrated into the user
1612 * process pmap, this pmap represents the process pmap, not the kernel pmap.
1613 * kernel_pmap should be used to directly access the kernel_pmap.
1616 pmap_pinit0(struct pmap *pmap)
1618 pmap->pm_pml4 = (pml4_entry_t *)(PTOV_OFFSET + KPML4phys);
1620 pmap->pm_active = 0;
1621 pmap->pm_pvhint = NULL;
1622 RB_INIT(&pmap->pm_pvroot);
1623 spin_init(&pmap->pm_spin);
1624 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1625 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1626 pmap_pinit_defaults(pmap);
1630 * Initialize a preallocated and zeroed pmap structure,
1631 * such as one in a vmspace structure.
1634 pmap_pinit_simple(struct pmap *pmap)
1637 * Misc initialization
1640 pmap->pm_active = 0;
1641 pmap->pm_pvhint = NULL;
1642 pmap->pm_flags = PMAP_FLAG_SIMPLE;
1644 pmap_pinit_defaults(pmap);
1647 * Don't blow up locks/tokens on re-use (XXX fix/use drop code
1650 if (pmap->pm_pmlpv == NULL) {
1651 RB_INIT(&pmap->pm_pvroot);
1652 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1653 spin_init(&pmap->pm_spin);
1654 lwkt_token_init(&pmap->pm_token, "pmap_tok");
1659 pmap_pinit(struct pmap *pmap)
1664 if (pmap->pm_pmlpv) {
1665 if (pmap->pmap_bits[TYPE_IDX] != REGULAR_PMAP) {
1670 pmap_pinit_simple(pmap);
1671 pmap->pm_flags &= ~PMAP_FLAG_SIMPLE;
1674 * No need to allocate page table space yet but we do need a valid
1675 * page directory table.
1677 if (pmap->pm_pml4 == NULL) {
1679 (pml4_entry_t *)kmem_alloc_pageable(&kernel_map, PAGE_SIZE);
1683 * Allocate the page directory page, which wires it even though
1684 * it isn't being entered into some higher level page table (it
1685 * being the highest level). If one is already cached we don't
1686 * have to do anything.
1688 if ((pv = pmap->pm_pmlpv) == NULL) {
1689 pv = pmap_allocpte(pmap, pmap_pml4_pindex(), NULL);
1690 pmap->pm_pmlpv = pv;
1691 pmap_kenter((vm_offset_t)pmap->pm_pml4,
1692 VM_PAGE_TO_PHYS(pv->pv_m));
1696 * Install DMAP and KMAP.
1698 for (j = 0; j < NDMPML4E; ++j) {
1699 pmap->pm_pml4[DMPML4I + j] =
1700 (DMPDPphys + ((vm_paddr_t)j << PML4SHIFT)) |
1701 pmap->pmap_bits[PG_RW_IDX] |
1702 pmap->pmap_bits[PG_V_IDX] |
1703 pmap->pmap_bits[PG_U_IDX];
1705 pmap->pm_pml4[KPML4I] = KPDPphys |
1706 pmap->pmap_bits[PG_RW_IDX] |
1707 pmap->pmap_bits[PG_V_IDX] |
1708 pmap->pmap_bits[PG_U_IDX];
1711 * install self-referential address mapping entry
1713 pmap->pm_pml4[PML4PML4I] = VM_PAGE_TO_PHYS(pv->pv_m) |
1714 pmap->pmap_bits[PG_V_IDX] |
1715 pmap->pmap_bits[PG_RW_IDX] |
1716 pmap->pmap_bits[PG_A_IDX] |
1717 pmap->pmap_bits[PG_M_IDX];
1719 KKASSERT(pv->pv_m->flags & PG_MAPPED);
1720 KKASSERT(pv->pv_m->flags & PG_WRITEABLE);
1722 KKASSERT(pmap->pm_pml4[255] == 0);
1723 KKASSERT(RB_ROOT(&pmap->pm_pvroot) == pv);
1724 KKASSERT(pv->pv_entry.rbe_left == NULL);
1725 KKASSERT(pv->pv_entry.rbe_right == NULL);
1729 * Clean up a pmap structure so it can be physically freed. This routine
1730 * is called by the vmspace dtor function. A great deal of pmap data is
1731 * left passively mapped to improve vmspace management so we have a bit
1732 * of cleanup work to do here.
1735 pmap_puninit(pmap_t pmap)
1740 KKASSERT(pmap->pm_active == 0);
1741 if ((pv = pmap->pm_pmlpv) != NULL) {
1742 if (pv_hold_try(pv) == 0)
1744 KKASSERT(pv == pmap->pm_pmlpv);
1745 p = pmap_remove_pv_page(pv);
1747 pmap_kremove((vm_offset_t)pmap->pm_pml4);
1748 vm_page_busy_wait(p, FALSE, "pgpun");
1749 KKASSERT(p->flags & (PG_FICTITIOUS|PG_UNMANAGED));
1750 vm_page_unwire(p, 0);
1751 vm_page_flag_clear(p, PG_MAPPED | PG_WRITEABLE);
1754 * XXX eventually clean out PML4 static entries and
1755 * use vm_page_free_zero()
1758 pmap->pm_pmlpv = NULL;
1760 if (pmap->pm_pml4) {
1761 KKASSERT(pmap->pm_pml4 != (void *)(PTOV_OFFSET + KPML4phys));
1762 kmem_free(&kernel_map, (vm_offset_t)pmap->pm_pml4, PAGE_SIZE);
1763 pmap->pm_pml4 = NULL;
1765 KKASSERT(pmap->pm_stats.resident_count == 0);
1766 KKASSERT(pmap->pm_stats.wired_count == 0);
1770 * Wire in kernel global address entries. To avoid a race condition
1771 * between pmap initialization and pmap_growkernel, this procedure
1772 * adds the pmap to the master list (which growkernel scans to update),
1773 * then copies the template.
1776 pmap_pinit2(struct pmap *pmap)
1778 spin_lock(&pmap_spin);
1779 TAILQ_INSERT_TAIL(&pmap_list, pmap, pm_pmnode);
1780 spin_unlock(&pmap_spin);
1784 * This routine is called when various levels in the page table need to
1785 * be populated. This routine cannot fail.
1787 * This function returns two locked pv_entry's, one representing the
1788 * requested pv and one representing the requested pv's parent pv. If
1789 * the pv did not previously exist it will be mapped into its parent
1790 * and wired, otherwise no additional wire count will be added.
1794 pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, pv_entry_t *pvpp)
1799 vm_pindex_t pt_pindex;
1805 * If the pv already exists and we aren't being asked for the
1806 * parent page table page we can just return it. A locked+held pv
1807 * is returned. The pv will also have a second hold related to the
1808 * pmap association that we don't have to worry about.
1811 pv = pv_alloc(pmap, ptepindex, &isnew);
1812 if (isnew == 0 && pvpp == NULL)
1816 * Special case terminal PVs. These are not page table pages so
1817 * no vm_page is allocated (the caller supplied the vm_page). If
1818 * pvpp is non-NULL we are being asked to also removed the pt_pv
1821 * Note that pt_pv's are only returned for user VAs. We assert that
1822 * a pt_pv is not being requested for kernel VAs.
1824 if (ptepindex < pmap_pt_pindex(0)) {
1825 if (ptepindex >= NUPTE_USER)
1826 KKASSERT(pvpp == NULL);
1828 KKASSERT(pvpp != NULL);
1830 pt_pindex = NUPTE_TOTAL + (ptepindex >> NPTEPGSHIFT);
1831 pvp = pmap_allocpte(pmap, pt_pindex, NULL);
1833 vm_page_wire_quick(pvp->pv_m);
1842 * Non-terminal PVs allocate a VM page to represent the page table,
1843 * so we have to resolve pvp and calculate ptepindex for the pvp
1844 * and then for the page table entry index in the pvp for
1847 if (ptepindex < pmap_pd_pindex(0)) {
1849 * pv is PT, pvp is PD
1851 ptepindex = (ptepindex - pmap_pt_pindex(0)) >> NPDEPGSHIFT;
1852 ptepindex += NUPTE_TOTAL + NUPT_TOTAL;
1853 pvp = pmap_allocpte(pmap, ptepindex, NULL);
1860 ptepindex = pv->pv_pindex - pmap_pt_pindex(0);
1861 ptepindex &= ((1ul << NPDEPGSHIFT) - 1);
1863 } else if (ptepindex < pmap_pdp_pindex(0)) {
1865 * pv is PD, pvp is PDP
1867 * SIMPLE PMAP NOTE: Simple pmaps do not allocate above
1870 ptepindex = (ptepindex - pmap_pd_pindex(0)) >> NPDPEPGSHIFT;
1871 ptepindex += NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL;
1873 if (pmap->pm_flags & PMAP_FLAG_SIMPLE) {
1874 KKASSERT(pvpp == NULL);
1877 pvp = pmap_allocpte(pmap, ptepindex, NULL);
1885 ptepindex = pv->pv_pindex - pmap_pd_pindex(0);
1886 ptepindex &= ((1ul << NPDPEPGSHIFT) - 1);
1887 } else if (ptepindex < pmap_pml4_pindex()) {
1889 * pv is PDP, pvp is the root pml4 table
1891 pvp = pmap_allocpte(pmap, pmap_pml4_pindex(), NULL);
1898 ptepindex = pv->pv_pindex - pmap_pdp_pindex(0);
1899 ptepindex &= ((1ul << NPML4EPGSHIFT) - 1);
1902 * pv represents the top-level PML4, there is no parent.
1910 * This code is only reached if isnew is TRUE and this is not a
1911 * terminal PV. We need to allocate a vm_page for the page table
1912 * at this level and enter it into the parent page table.
1914 * page table pages are marked PG_WRITEABLE and PG_MAPPED.
1917 m = vm_page_alloc(NULL, pv->pv_pindex,
1918 VM_ALLOC_NORMAL | VM_ALLOC_SYSTEM |
1919 VM_ALLOC_INTERRUPT);
1924 vm_page_spin_lock(m);
1925 pmap_page_stats_adding(m);
1926 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1928 vm_page_flag_set(m, PG_MAPPED | PG_WRITEABLE);
1929 vm_page_spin_unlock(m);
1930 vm_page_unmanage(m); /* m must be spinunlocked */
1932 if ((m->flags & PG_ZERO) == 0) {
1933 pmap_zero_page(VM_PAGE_TO_PHYS(m));
1937 pmap_page_assertzero(VM_PAGE_TO_PHYS(m));
1940 m->valid = VM_PAGE_BITS_ALL;
1941 vm_page_flag_clear(m, PG_ZERO);
1942 vm_page_wire(m); /* wire for mapping in parent */
1945 * Wire the page into pvp, bump the wire-count for pvp's page table
1946 * page. Bump the resident_count for the pmap. There is no pvp
1947 * for the top level, address the pm_pml4[] array directly.
1949 * If the caller wants the parent we return it, otherwise
1950 * we just put it away.
1952 * No interlock is needed for pte 0 -> non-zero.
1954 * In the situation where *ptep is valid we might have an unmanaged
1955 * page table page shared from another page table which we need to
1956 * unshare before installing our private page table page.
1959 ptep = pv_pte_lookup(pvp, ptepindex);
1960 if (*ptep & pmap->pmap_bits[PG_V_IDX]) {
1962 pmap_inval_info info;
1965 panic("pmap_allocpte: unexpected pte %p/%d",
1966 pvp, (int)ptepindex);
1968 pmap_inval_init(&info);
1969 pmap_inval_interlock(&info, pmap, (vm_offset_t)-1);
1970 pte = pte_load_clear(ptep);
1971 pmap_inval_deinterlock(&info, pmap);
1972 pmap_inval_done(&info);
1973 if (vm_page_unwire_quick(
1974 PHYS_TO_VM_PAGE(pte & PG_FRAME))) {
1975 panic("pmap_allocpte: shared pgtable "
1976 "pg bad wirecount");
1978 atomic_add_long(&pmap->pm_stats.resident_count, -1);
1980 vm_page_wire_quick(pvp->pv_m);
1982 *ptep = VM_PAGE_TO_PHYS(m) |
1983 (pmap->pmap_bits[PG_U_IDX] |
1984 pmap->pmap_bits[PG_RW_IDX] |
1985 pmap->pmap_bits[PG_V_IDX] |
1986 pmap->pmap_bits[PG_A_IDX] |
1987 pmap->pmap_bits[PG_M_IDX]);
1999 * This version of pmap_allocpte() checks for possible segment optimizations
2000 * that would allow page-table sharing. It can be called for terminal
2001 * page or page table page ptepindex's.
2003 * The function is called with page table page ptepindex's for fictitious
2004 * and unmanaged terminal pages. That is, we don't want to allocate a
2005 * terminal pv, we just want the pt_pv. pvpp is usually passed as NULL
2008 * This function can return a pv and *pvpp associated with the passed in pmap
2009 * OR a pv and *pvpp associated with the shared pmap. In the latter case
2010 * an unmanaged page table page will be entered into the pass in pmap.
2014 pmap_allocpte_seg(pmap_t pmap, vm_pindex_t ptepindex, pv_entry_t *pvpp,
2015 vm_map_entry_t entry, vm_offset_t va)
2017 struct pmap_inval_info info;
2022 pv_entry_t pte_pv; /* in original or shared pmap */
2023 pv_entry_t pt_pv; /* in original or shared pmap */
2024 pv_entry_t proc_pd_pv; /* in original pmap */
2025 pv_entry_t proc_pt_pv; /* in original pmap */
2026 pv_entry_t xpv; /* PT in shared pmap */
2027 pd_entry_t *pt; /* PT entry in PD of original pmap */
2028 pd_entry_t opte; /* contents of *pt */
2029 pd_entry_t npte; /* contents of *pt */
2034 * Basic tests, require a non-NULL vm_map_entry, require proper
2035 * alignment and type for the vm_map_entry, require that the
2036 * underlying object already be allocated.
2038 * We allow almost any type of object to use this optimization.
2039 * The object itself does NOT have to be sized to a multiple of the
2040 * segment size, but the memory mapping does.
2042 * XXX don't handle devices currently, because VM_PAGE_TO_PHYS()
2043 * won't work as expected.
2045 if (entry == NULL ||
2046 pmap_mmu_optimize == 0 || /* not enabled */
2047 ptepindex >= pmap_pd_pindex(0) || /* not terminal or pt */
2048 entry->inheritance != VM_INHERIT_SHARE || /* not shared */
2049 entry->maptype != VM_MAPTYPE_NORMAL || /* weird map type */
2050 entry->object.vm_object == NULL || /* needs VM object */
2051 entry->object.vm_object->type == OBJT_DEVICE || /* ick */
2052 entry->object.vm_object->type == OBJT_MGTDEVICE || /* ick */
2053 (entry->offset & SEG_MASK) || /* must be aligned */
2054 (entry->start & SEG_MASK)) {
2055 return(pmap_allocpte(pmap, ptepindex, pvpp));
2059 * Make sure the full segment can be represented.
2061 b = va & ~(vm_offset_t)SEG_MASK;
2062 if (b < entry->start || b + SEG_SIZE > entry->end)
2063 return(pmap_allocpte(pmap, ptepindex, pvpp));
2066 * If the full segment can be represented dive the VM object's
2067 * shared pmap, allocating as required.
2069 object = entry->object.vm_object;
2071 if (entry->protection & VM_PROT_WRITE)
2072 obpmapp = &object->md.pmap_rw;
2074 obpmapp = &object->md.pmap_ro;
2077 if (pmap_enter_debug > 0) {
2079 kprintf("pmap_allocpte_seg: va=%jx prot %08x o=%p "
2081 va, entry->protection, object,
2083 kprintf("pmap_allocpte_seg: entry %p %jx-%jx\n",
2084 entry, entry->start, entry->end);
2089 * We allocate what appears to be a normal pmap but because portions
2090 * of this pmap are shared with other unrelated pmaps we have to
2091 * set pm_active to point to all cpus.
2093 * XXX Currently using pmap_spin to interlock the update, can't use
2094 * vm_object_hold/drop because the token might already be held
2095 * shared OR exclusive and we don't know.
2097 while ((obpmap = *obpmapp) == NULL) {
2098 obpmap = kmalloc(sizeof(*obpmap), M_OBJPMAP, M_WAITOK|M_ZERO);
2099 pmap_pinit_simple(obpmap);
2100 pmap_pinit2(obpmap);
2101 spin_lock(&pmap_spin);
2102 if (*obpmapp != NULL) {
2106 spin_unlock(&pmap_spin);
2107 pmap_release(obpmap);
2108 pmap_puninit(obpmap);
2109 kfree(obpmap, M_OBJPMAP);
2110 obpmap = *obpmapp; /* safety */
2112 obpmap->pm_active = smp_active_mask;
2114 spin_unlock(&pmap_spin);
2119 * Layering is: PTE, PT, PD, PDP, PML4. We have to return the
2120 * pte/pt using the shared pmap from the object but also adjust
2121 * the process pmap's page table page as a side effect.
2125 * Resolve the terminal PTE and PT in the shared pmap. This is what
2126 * we will return. This is true if ptepindex represents a terminal
2127 * page, otherwise pte_pv is actually the PT and pt_pv is actually
2131 pte_pv = pmap_allocpte(obpmap, ptepindex, &pt_pv);
2132 if (ptepindex >= pmap_pt_pindex(0))
2138 * Resolve the PD in the process pmap so we can properly share the
2139 * page table page. Lock order is bottom-up (leaf first)!
2141 * NOTE: proc_pt_pv can be NULL.
2143 proc_pt_pv = pv_get(pmap, pmap_pt_pindex(b));
2144 proc_pd_pv = pmap_allocpte(pmap, pmap_pd_pindex(b), NULL);
2146 if (pmap_enter_debug > 0) {
2148 kprintf("proc_pt_pv %p (wc %d) pd_pv %p va=%jx\n",
2150 (proc_pt_pv ? proc_pt_pv->pv_m->wire_count : -1),
2157 * xpv is the page table page pv from the shared object
2158 * (for convenience), from above.
2160 * Calculate the pte value for the PT to load into the process PD.
2161 * If we have to change it we must properly dispose of the previous
2164 pt = pv_pte_lookup(proc_pd_pv, pmap_pt_index(b));
2165 npte = VM_PAGE_TO_PHYS(xpv->pv_m) |
2166 (pmap->pmap_bits[PG_U_IDX] |
2167 pmap->pmap_bits[PG_RW_IDX] |
2168 pmap->pmap_bits[PG_V_IDX] |
2169 pmap->pmap_bits[PG_A_IDX] |
2170 pmap->pmap_bits[PG_M_IDX]);
2173 * Dispose of previous page table page if it was local to the
2174 * process pmap. If the old pt is not empty we cannot dispose of it
2175 * until we clean it out. This case should not arise very often so
2176 * it is not optimized.
2179 if (proc_pt_pv->pv_m->wire_count != 1) {
2185 va & ~(vm_offset_t)SEG_MASK,
2186 (va + SEG_SIZE) & ~(vm_offset_t)SEG_MASK);
2191 * The release call will indirectly clean out *pt
2193 pmap_inval_init(&info);
2194 pmap_release_pv(&info, proc_pt_pv, proc_pd_pv);
2195 pmap_inval_done(&info);
2198 pt = pv_pte_lookup(proc_pd_pv, pmap_pt_index(b));
2202 * Handle remaining cases.
2206 vm_page_wire_quick(xpv->pv_m);
2207 vm_page_wire_quick(proc_pd_pv->pv_m);
2208 atomic_add_long(&pmap->pm_stats.resident_count, 1);
2209 } else if (*pt != npte) {
2210 pmap_inval_init(&info);
2211 pmap_inval_interlock(&info, pmap, (vm_offset_t)-1);
2213 opte = pte_load_clear(pt);
2214 KKASSERT(opte && opte != npte);
2217 vm_page_wire_quick(xpv->pv_m); /* pgtable pg that is npte */
2220 * Clean up opte, bump the wire_count for the process
2221 * PD page representing the new entry if it was
2224 * If the entry was not previously empty and we have
2225 * a PT in the proc pmap then opte must match that
2226 * pt. The proc pt must be retired (this is done
2227 * later on in this procedure).
2229 * NOTE: replacing valid pte, wire_count on proc_pd_pv
2232 KKASSERT(opte & pmap->pmap_bits[PG_V_IDX]);
2233 m = PHYS_TO_VM_PAGE(opte & PG_FRAME);
2234 if (vm_page_unwire_quick(m)) {
2235 panic("pmap_allocpte_seg: "
2236 "bad wire count %p",
2240 pmap_inval_deinterlock(&info, pmap);
2241 pmap_inval_done(&info);
2245 * The existing process page table was replaced and must be destroyed
2259 * Release any resources held by the given physical map.
2261 * Called when a pmap initialized by pmap_pinit is being released. Should
2262 * only be called if the map contains no valid mappings.
2264 * Caller must hold pmap->pm_token
2266 struct pmap_release_info {
2271 static int pmap_release_callback(pv_entry_t pv, void *data);
2274 pmap_release(struct pmap *pmap)
2276 struct pmap_release_info info;
2278 KASSERT(pmap->pm_active == 0,
2279 ("pmap still active! %016jx", (uintmax_t)pmap->pm_active));
2281 spin_lock(&pmap_spin);
2282 TAILQ_REMOVE(&pmap_list, pmap, pm_pmnode);
2283 spin_unlock(&pmap_spin);
2286 * Pull pv's off the RB tree in order from low to high and release
2292 spin_lock(&pmap->pm_spin);
2293 RB_SCAN(pv_entry_rb_tree, &pmap->pm_pvroot, NULL,
2294 pmap_release_callback, &info);
2295 spin_unlock(&pmap->pm_spin);
2296 } while (info.retry);
2300 * One resident page (the pml4 page) should remain.
2301 * No wired pages should remain.
2303 KKASSERT(pmap->pm_stats.resident_count ==
2304 ((pmap->pm_flags & PMAP_FLAG_SIMPLE) ? 0 : 1));
2306 KKASSERT(pmap->pm_stats.wired_count == 0);
2310 pmap_release_callback(pv_entry_t pv, void *data)
2312 struct pmap_release_info *info = data;
2313 pmap_t pmap = info->pmap;
2316 if (pv_hold_try(pv)) {
2317 spin_unlock(&pmap->pm_spin);
2319 spin_unlock(&pmap->pm_spin);
2322 if (pv->pv_pmap != pmap) {
2324 spin_lock(&pmap->pm_spin);
2328 r = pmap_release_pv(NULL, pv, NULL);
2329 spin_lock(&pmap->pm_spin);
2334 * Called with held (i.e. also locked) pv. This function will dispose of
2335 * the lock along with the pv.
2337 * If the caller already holds the locked parent page table for pv it
2338 * must pass it as pvp, allowing us to avoid a deadlock, else it can
2339 * pass NULL for pvp.
2342 pmap_release_pv(struct pmap_inval_info *info, pv_entry_t pv, pv_entry_t pvp)
2347 * The pmap is currently not spinlocked, pv is held+locked.
2348 * Remove the pv's page from its parent's page table. The
2349 * parent's page table page's wire_count will be decremented.
2351 * This will clean out the pte at any level of the page table.
2352 * If info is not NULL the appropriate invlpg/invltlb/smp
2353 * invalidation will be made.
2355 pmap_remove_pv_pte(pv, pvp, info);
2358 * Terminal pvs are unhooked from their vm_pages. Because
2359 * terminal pages aren't page table pages they aren't wired
2360 * by us, so we have to be sure not to unwire them either.
2362 if (pv->pv_pindex < pmap_pt_pindex(0)) {
2363 pmap_remove_pv_page(pv);
2368 * We leave the top-level page table page cached, wired, and
2369 * mapped in the pmap until the dtor function (pmap_puninit())
2372 * Since we are leaving the top-level pv intact we need
2373 * to break out of what would otherwise be an infinite loop.
2375 if (pv->pv_pindex == pmap_pml4_pindex()) {
2381 * For page table pages (other than the top-level page),
2382 * remove and free the vm_page. The representitive mapping
2383 * removed above by pmap_remove_pv_pte() did not undo the
2384 * last wire_count so we have to do that as well.
2386 p = pmap_remove_pv_page(pv);
2387 vm_page_busy_wait(p, FALSE, "pmaprl");
2388 if (p->wire_count != 1) {
2389 kprintf("p->wire_count was %016lx %d\n",
2390 pv->pv_pindex, p->wire_count);
2392 KKASSERT(p->wire_count == 1);
2393 KKASSERT(p->flags & PG_UNMANAGED);
2395 vm_page_unwire(p, 0);
2396 KKASSERT(p->wire_count == 0);
2399 * Theoretically this page, if not the pml4 page, should contain
2400 * all-zeros. But its just too dangerous to mark it PG_ZERO. Free
2410 * This function will remove the pte associated with a pv from its parent.
2411 * Terminal pv's are supported. The removal will be interlocked if info
2412 * is non-NULL. The caller must dispose of pv instead of just unlocking
2415 * The wire count will be dropped on the parent page table. The wire
2416 * count on the page being removed (pv->pv_m) from the parent page table
2417 * is NOT touched. Note that terminal pages will not have any additional
2418 * wire counts while page table pages will have at least one representing
2419 * the mapping, plus others representing sub-mappings.
2421 * NOTE: Cannot be called on kernel page table pages, only KVM terminal
2422 * pages and user page table and terminal pages.
2424 * The pv must be locked.
2426 * XXX must lock parent pv's if they exist to remove pte XXX
2430 pmap_remove_pv_pte(pv_entry_t pv, pv_entry_t pvp, struct pmap_inval_info *info)
2432 vm_pindex_t ptepindex = pv->pv_pindex;
2433 pmap_t pmap = pv->pv_pmap;
2439 if (ptepindex == pmap_pml4_pindex()) {
2441 * We are the top level pml4 table, there is no parent.
2443 p = pmap->pm_pmlpv->pv_m;
2444 } else if (ptepindex >= pmap_pdp_pindex(0)) {
2446 * Remove a PDP page from the pml4e. This can only occur
2447 * with user page tables. We do not have to lock the
2448 * pml4 PV so just ignore pvp.
2450 vm_pindex_t pml4_pindex;
2451 vm_pindex_t pdp_index;
2454 pdp_index = ptepindex - pmap_pdp_pindex(0);
2456 pml4_pindex = pmap_pml4_pindex();
2457 pvp = pv_get(pv->pv_pmap, pml4_pindex);
2461 pdp = &pmap->pm_pml4[pdp_index & ((1ul << NPML4EPGSHIFT) - 1)];
2462 KKASSERT((*pdp & pmap->pmap_bits[PG_V_IDX]) != 0);
2463 p = PHYS_TO_VM_PAGE(*pdp & PG_FRAME);
2465 pmap_inval_interlock(info, pmap, (vm_offset_t)-1);
2466 pte_load_clear(pdp);
2467 pmap_inval_deinterlock(info, pmap);
2471 } else if (ptepindex >= pmap_pd_pindex(0)) {
2473 * Remove a PD page from the pdp
2475 * SIMPLE PMAP NOTE: Non-existant pvp's are ok in the case
2476 * of a simple pmap because it stops at
2479 vm_pindex_t pdp_pindex;
2480 vm_pindex_t pd_index;
2483 pd_index = ptepindex - pmap_pd_pindex(0);
2486 pdp_pindex = NUPTE_TOTAL + NUPT_TOTAL + NUPD_TOTAL +
2487 (pd_index >> NPML4EPGSHIFT);
2488 pvp = pv_get(pv->pv_pmap, pdp_pindex);
2493 pd = pv_pte_lookup(pvp, pd_index &
2494 ((1ul << NPDPEPGSHIFT) - 1));
2495 KKASSERT((*pd & pmap->pmap_bits[PG_V_IDX]) != 0);
2496 p = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
2498 pmap_inval_interlock(info, pmap,
2501 pmap_inval_deinterlock(info, pmap);
2506 KKASSERT(pmap->pm_flags & PMAP_FLAG_SIMPLE);
2507 p = pv->pv_m; /* degenerate test later */
2509 } else if (ptepindex >= pmap_pt_pindex(0)) {
2511 * Remove a PT page from the pd
2513 vm_pindex_t pd_pindex;
2514 vm_pindex_t pt_index;
2517 pt_index = ptepindex - pmap_pt_pindex(0);
2520 pd_pindex = NUPTE_TOTAL + NUPT_TOTAL +
2521 (pt_index >> NPDPEPGSHIFT);
2522 pvp = pv_get(pv->pv_pmap, pd_pindex);
2526 pt = pv_pte_lookup(pvp, pt_index & ((1ul << NPDPEPGSHIFT) - 1));
2527 KKASSERT((*pt & pmap->pmap_bits[PG_V_IDX]) != 0);
2528 p = PHYS_TO_VM_PAGE(*pt & PG_FRAME);
2530 pmap_inval_interlock(info, pmap, (vm_offset_t)-1);
2532 pmap_inval_deinterlock(info, pmap);
2538 * Remove a PTE from the PT page
2540 * NOTE: pv's must be locked bottom-up to avoid deadlocking.
2541 * pv is a pte_pv so we can safely lock pt_pv.
2543 * NOTE: FICTITIOUS pages may have multiple physical mappings
2544 * so PHYS_TO_VM_PAGE() will not necessarily work for
2547 vm_pindex_t pt_pindex;
2552 pt_pindex = ptepindex >> NPTEPGSHIFT;
2553 va = (vm_offset_t)ptepindex << PAGE_SHIFT;
2555 if (ptepindex >= NUPTE_USER) {
2556 ptep = vtopte(ptepindex << PAGE_SHIFT);
2557 KKASSERT(pvp == NULL);
2560 pt_pindex = NUPTE_TOTAL +
2561 (ptepindex >> NPDPEPGSHIFT);
2562 pvp = pv_get(pv->pv_pmap, pt_pindex);
2566 ptep = pv_pte_lookup(pvp, ptepindex &
2567 ((1ul << NPDPEPGSHIFT) - 1));
2571 pmap_inval_interlock(info, pmap, va);
2572 pte = pte_load_clear(ptep);
2574 pmap_inval_deinterlock(info, pmap);
2576 cpu_invlpg((void *)va);
2579 * Now update the vm_page_t
2581 if ((pte & (pmap->pmap_bits[PG_MANAGED_IDX] | pmap->pmap_bits[PG_V_IDX])) !=
2582 (pmap->pmap_bits[PG_MANAGED_IDX]|pmap->pmap_bits[PG_V_IDX])) {
2583 kprintf("remove_pte badpte %016lx %016lx %d\n",
2585 pv->pv_pindex < pmap_pt_pindex(0));
2587 /* PHYS_TO_VM_PAGE() will not work for FICTITIOUS pages */
2588 /*KKASSERT((pte & (PG_MANAGED|PG_V)) == (PG_MANAGED|PG_V));*/
2589 if (pte & pmap->pmap_bits[PG_DEVICE_IDX])
2592 p = PHYS_TO_VM_PAGE(pte & PG_FRAME);
2595 if (pte & pmap->pmap_bits[PG_M_IDX]) {
2596 if (pmap_track_modified(ptepindex))
2599 if (pte & pmap->pmap_bits[PG_A_IDX]) {
2600 vm_page_flag_set(p, PG_REFERENCED);
2602 if (pte & pmap->pmap_bits[PG_W_IDX])
2603 atomic_add_long(&pmap->pm_stats.wired_count, -1);
2604 if (pte & pmap->pmap_bits[PG_G_IDX])
2605 cpu_invlpg((void *)va);
2609 * Unwire the parent page table page. The wire_count cannot go below
2610 * 1 here because the parent page table page is itself still mapped.
2612 * XXX remove the assertions later.
2614 KKASSERT(pv->pv_m == p);
2615 if (pvp && vm_page_unwire_quick(pvp->pv_m))
2616 panic("pmap_remove_pv_pte: Insufficient wire_count");
2623 * Remove the vm_page association to a pv. The pv must be locked.
2627 pmap_remove_pv_page(pv_entry_t pv)
2633 vm_page_spin_lock(m);
2635 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2636 pmap_page_stats_deleting(m);
2639 atomic_add_int(&m->object->agg_pv_list_count, -1);
2641 if (TAILQ_EMPTY(&m->md.pv_list))
2642 vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
2643 vm_page_spin_unlock(m);
2648 * Grow the number of kernel page table entries, if needed.
2650 * This routine is always called to validate any address space
2651 * beyond KERNBASE (for kldloads). kernel_vm_end only governs the address
2652 * space below KERNBASE.
2655 pmap_growkernel(vm_offset_t kstart, vm_offset_t kend)
2658 vm_offset_t ptppaddr;
2660 pd_entry_t *pt, newpt;
2662 int update_kernel_vm_end;
2665 * bootstrap kernel_vm_end on first real VM use
2667 if (kernel_vm_end == 0) {
2668 kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
2670 while ((*pmap_pt(&kernel_pmap, kernel_vm_end) & kernel_pmap.pmap_bits[PG_V_IDX]) != 0) {
2671 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) &
2672 ~(PAGE_SIZE * NPTEPG - 1);
2674 if (kernel_vm_end - 1 >= kernel_map.max_offset) {
2675 kernel_vm_end = kernel_map.max_offset;
2682 * Fill in the gaps. kernel_vm_end is only adjusted for ranges
2683 * below KERNBASE. Ranges above KERNBASE are kldloaded and we
2684 * do not want to force-fill 128G worth of page tables.
2686 if (kstart < KERNBASE) {
2687 if (kstart > kernel_vm_end)
2688 kstart = kernel_vm_end;
2689 KKASSERT(kend <= KERNBASE);
2690 update_kernel_vm_end = 1;
2692 update_kernel_vm_end = 0;
2695 kstart = rounddown2(kstart, PAGE_SIZE * NPTEPG);
2696 kend = roundup2(kend, PAGE_SIZE * NPTEPG);
2698 if (kend - 1 >= kernel_map.max_offset)
2699 kend = kernel_map.max_offset;
2701 while (kstart < kend) {
2702 pt = pmap_pt(&kernel_pmap, kstart);
2704 /* We need a new PDP entry */
2705 nkpg = vm_page_alloc(NULL, nkpt,
2708 VM_ALLOC_INTERRUPT);
2710 panic("pmap_growkernel: no memory to grow "
2713 paddr = VM_PAGE_TO_PHYS(nkpg);
2714 if ((nkpg->flags & PG_ZERO) == 0)
2715 pmap_zero_page(paddr);
2716 vm_page_flag_clear(nkpg, PG_ZERO);
2717 newpd = (pdp_entry_t)
2719 kernel_pmap.pmap_bits[PG_V_IDX] |
2720 kernel_pmap.pmap_bits[PG_RW_IDX] |
2721 kernel_pmap.pmap_bits[PG_A_IDX] |
2722 kernel_pmap.pmap_bits[PG_M_IDX]);
2723 *pmap_pd(&kernel_pmap, kstart) = newpd;
2725 continue; /* try again */
2727 if ((*pt & kernel_pmap.pmap_bits[PG_V_IDX]) != 0) {
2728 kstart = (kstart + PAGE_SIZE * NPTEPG) &
2729 ~(PAGE_SIZE * NPTEPG - 1);
2730 if (kstart - 1 >= kernel_map.max_offset) {
2731 kstart = kernel_map.max_offset;
2738 * This index is bogus, but out of the way
2740 nkpg = vm_page_alloc(NULL, nkpt,
2743 VM_ALLOC_INTERRUPT);
2745 panic("pmap_growkernel: no memory to grow kernel");
2748 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
2749 pmap_zero_page(ptppaddr);
2750 vm_page_flag_clear(nkpg, PG_ZERO);
2751 newpt = (pd_entry_t) (ptppaddr |
2752 kernel_pmap.pmap_bits[PG_V_IDX] |
2753 kernel_pmap.pmap_bits[PG_RW_IDX] |
2754 kernel_pmap.pmap_bits[PG_A_IDX] |
2755 kernel_pmap.pmap_bits[PG_M_IDX]);
2756 *pmap_pt(&kernel_pmap, kstart) = newpt;
2759 kstart = (kstart + PAGE_SIZE * NPTEPG) &
2760 ~(PAGE_SIZE * NPTEPG - 1);
2762 if (kstart - 1 >= kernel_map.max_offset) {
2763 kstart = kernel_map.max_offset;
2769 * Only update kernel_vm_end for areas below KERNBASE.
2771 if (update_kernel_vm_end && kernel_vm_end < kstart)
2772 kernel_vm_end = kstart;
2776 * Add a reference to the specified pmap.
2779 pmap_reference(pmap_t pmap)
2782 lwkt_gettoken(&pmap->pm_token);
2784 lwkt_reltoken(&pmap->pm_token);
2788 /***************************************************
2789 * page management routines.
2790 ***************************************************/
2793 * Hold a pv without locking it
2796 pv_hold(pv_entry_t pv)
2798 atomic_add_int(&pv->pv_hold, 1);
2802 * Hold a pv_entry, preventing its destruction. TRUE is returned if the pv
2803 * was successfully locked, FALSE if it wasn't. The caller must dispose of
2806 * Either the pmap->pm_spin or the related vm_page_spin (if traversing a
2807 * pv list via its page) must be held by the caller.
2810 _pv_hold_try(pv_entry_t pv PMAP_DEBUG_DECL)
2815 * Critical path shortcut expects pv to already have one ref
2816 * (for the pv->pv_pmap).
2818 if (atomic_cmpset_int(&pv->pv_hold, 1, PV_HOLD_LOCKED | 2)) {
2821 pv->pv_line = lineno;
2827 count = pv->pv_hold;
2829 if ((count & PV_HOLD_LOCKED) == 0) {
2830 if (atomic_cmpset_int(&pv->pv_hold, count,
2831 (count + 1) | PV_HOLD_LOCKED)) {
2834 pv->pv_line = lineno;
2839 if (atomic_cmpset_int(&pv->pv_hold, count, count + 1))
2847 * Drop a previously held pv_entry which could not be locked, allowing its
2850 * Must not be called with a spinlock held as we might zfree() the pv if it
2851 * is no longer associated with a pmap and this was the last hold count.
2854 pv_drop(pv_entry_t pv)
2859 count = pv->pv_hold;
2861 KKASSERT((count & PV_HOLD_MASK) > 0);
2862 KKASSERT((count & (PV_HOLD_LOCKED | PV_HOLD_MASK)) !=
2863 (PV_HOLD_LOCKED | 1));
2864 if (atomic_cmpset_int(&pv->pv_hold, count, count - 1)) {
2865 if ((count & PV_HOLD_MASK) == 1) {
2867 if (pmap_enter_debug > 0) {
2869 kprintf("pv_drop: free pv %p\n", pv);
2872 KKASSERT(count == 1);
2873 KKASSERT(pv->pv_pmap == NULL);
2883 * Find or allocate the requested PV entry, returning a locked, held pv.
2885 * If (*isnew) is non-zero, the returned pv will have two hold counts, one
2886 * for the caller and one representing the pmap and vm_page association.
2888 * If (*isnew) is zero, the returned pv will have only one hold count.
2890 * Since both associations can only be adjusted while the pv is locked,
2891 * together they represent just one additional hold.
2895 _pv_alloc(pmap_t pmap, vm_pindex_t pindex, int *isnew PMAP_DEBUG_DECL)
2898 pv_entry_t pnew = NULL;
2900 spin_lock(&pmap->pm_spin);
2902 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex) {
2903 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot,
2908 spin_unlock(&pmap->pm_spin);
2909 pnew = zalloc(pvzone);
2910 spin_lock(&pmap->pm_spin);
2913 pnew->pv_pmap = pmap;
2914 pnew->pv_pindex = pindex;
2915 pnew->pv_hold = PV_HOLD_LOCKED | 2;
2917 pnew->pv_func = func;
2918 pnew->pv_line = lineno;
2920 pv_entry_rb_tree_RB_INSERT(&pmap->pm_pvroot, pnew);
2921 ++pmap->pm_generation;
2922 atomic_add_long(&pmap->pm_stats.resident_count, 1);
2923 spin_unlock(&pmap->pm_spin);
2928 spin_unlock(&pmap->pm_spin);
2929 zfree(pvzone, pnew);
2931 spin_lock(&pmap->pm_spin);
2934 if (_pv_hold_try(pv PMAP_DEBUG_COPY)) {
2935 spin_unlock(&pmap->pm_spin);
2937 spin_unlock(&pmap->pm_spin);
2938 _pv_lock(pv PMAP_DEBUG_COPY);
2940 if (pv->pv_pmap == pmap && pv->pv_pindex == pindex) {
2945 spin_lock(&pmap->pm_spin);
2950 * Find the requested PV entry, returning a locked+held pv or NULL
2954 _pv_get(pmap_t pmap, vm_pindex_t pindex PMAP_DEBUG_DECL)
2958 spin_lock(&pmap->pm_spin);
2963 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex) {
2964 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot,
2968 spin_unlock(&pmap->pm_spin);
2971 if (_pv_hold_try(pv PMAP_DEBUG_COPY)) {
2972 spin_unlock(&pmap->pm_spin);
2974 spin_unlock(&pmap->pm_spin);
2975 _pv_lock(pv PMAP_DEBUG_COPY);
2977 if (pv->pv_pmap == pmap && pv->pv_pindex == pindex) {
2978 pv_cache(pv, pindex);
2982 spin_lock(&pmap->pm_spin);
2987 * Lookup, hold, and attempt to lock (pmap,pindex).
2989 * If the entry does not exist NULL is returned and *errorp is set to 0
2991 * If the entry exists and could be successfully locked it is returned and
2992 * errorp is set to 0.
2994 * If the entry exists but could NOT be successfully locked it is returned
2995 * held and *errorp is set to 1.
2999 pv_get_try(pmap_t pmap, vm_pindex_t pindex, int *errorp)
3003 spin_lock_shared(&pmap->pm_spin);
3004 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex)
3005 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot, pindex);
3007 spin_unlock_shared(&pmap->pm_spin);
3011 if (pv_hold_try(pv)) {
3012 pv_cache(pv, pindex);
3013 spin_unlock_shared(&pmap->pm_spin);
3015 KKASSERT(pv->pv_pmap == pmap && pv->pv_pindex == pindex);
3016 return(pv); /* lock succeeded */
3018 spin_unlock_shared(&pmap->pm_spin);
3020 return (pv); /* lock failed */
3024 * Find the requested PV entry, returning a held pv or NULL
3028 pv_find(pmap_t pmap, vm_pindex_t pindex)
3032 spin_lock_shared(&pmap->pm_spin);
3034 if ((pv = pmap->pm_pvhint) == NULL || pv->pv_pindex != pindex)
3035 pv = pv_entry_rb_tree_RB_LOOKUP(&pmap->pm_pvroot, pindex);
3037 spin_unlock_shared(&pmap->pm_spin);
3041 pv_cache(pv, pindex);
3042 spin_unlock_shared(&pmap->pm_spin);
3047 * Lock a held pv, keeping the hold count
3051 _pv_lock(pv_entry_t pv PMAP_DEBUG_DECL)
3056 count = pv->pv_hold;
3058 if ((count & PV_HOLD_LOCKED) == 0) {
3059 if (atomic_cmpset_int(&pv->pv_hold, count,
3060 count | PV_HOLD_LOCKED)) {
3063 pv->pv_line = lineno;
3069 tsleep_interlock(pv, 0);
3070 if (atomic_cmpset_int(&pv->pv_hold, count,
3071 count | PV_HOLD_WAITING)) {
3073 kprintf("pv waiting on %s:%d\n",
3074 pv->pv_func, pv->pv_line);
3076 tsleep(pv, PINTERLOCKED, "pvwait", hz);
3083 * Unlock a held and locked pv, keeping the hold count.
3087 pv_unlock(pv_entry_t pv)
3092 count = pv->pv_hold;
3094 KKASSERT((count & (PV_HOLD_LOCKED | PV_HOLD_MASK)) >=
3095 (PV_HOLD_LOCKED | 1));
3096 if (atomic_cmpset_int(&pv->pv_hold, count,
3098 ~(PV_HOLD_LOCKED | PV_HOLD_WAITING))) {
3099 if (count & PV_HOLD_WAITING)
3107 * Unlock and drop a pv. If the pv is no longer associated with a pmap
3108 * and the hold count drops to zero we will free it.
3110 * Caller should not hold any spin locks. We are protected from hold races
3111 * by virtue of holds only occuring only with a pmap_spin or vm_page_spin
3112 * lock held. A pv cannot be located otherwise.
3116 pv_put(pv_entry_t pv)
3119 if (pmap_enter_debug > 0) {
3121 kprintf("pv_put pv=%p hold=%08x\n", pv, pv->pv_hold);
3126 * Fast - shortcut most common condition
3128 if (atomic_cmpset_int(&pv->pv_hold, PV_HOLD_LOCKED | 2, 1))
3139 * Remove the pmap association from a pv, require that pv_m already be removed,
3140 * then unlock and drop the pv. Any pte operations must have already been
3141 * completed. This call may result in a last-drop which will physically free
3144 * Removing the pmap association entails an additional drop.
3146 * pv must be exclusively locked on call and will be disposed of on return.
3150 pv_free(pv_entry_t pv)
3154 KKASSERT(pv->pv_m == NULL);
3155 KKASSERT((pv->pv_hold & PV_HOLD_MASK) >= 2);
3156 if ((pmap = pv->pv_pmap) != NULL) {
3157 spin_lock(&pmap->pm_spin);
3158 pv_entry_rb_tree_RB_REMOVE(&pmap->pm_pvroot, pv);
3159 ++pmap->pm_generation;
3160 if (pmap->pm_pvhint == pv)
3161 pmap->pm_pvhint = NULL;
3162 atomic_add_long(&pmap->pm_stats.resident_count, -1);
3165 spin_unlock(&pmap->pm_spin);
3168 * Try to shortcut three atomic ops, otherwise fall through
3169 * and do it normally. Drop two refs and the lock all in
3172 if (atomic_cmpset_int(&pv->pv_hold, PV_HOLD_LOCKED | 2, 0)) {
3174 if (pmap_enter_debug > 0) {
3176 kprintf("pv_free: free pv %p\n", pv);
3182 pv_drop(pv); /* ref for pv_pmap */
3188 * This routine is very drastic, but can save the system
3196 static int warningdone=0;
3198 if (pmap_pagedaemon_waken == 0)
3200 pmap_pagedaemon_waken = 0;
3201 if (warningdone < 5) {
3202 kprintf("pmap_collect: collecting pv entries -- "
3203 "suggest increasing PMAP_SHPGPERPROC\n");
3207 for (i = 0; i < vm_page_array_size; i++) {
3208 m = &vm_page_array[i];
3209 if (m->wire_count || m->hold_count)
3211 if (vm_page_busy_try(m, TRUE) == 0) {
3212 if (m->wire_count == 0 && m->hold_count == 0) {
3221 * Scan the pmap for active page table entries and issue a callback.
3222 * The callback must dispose of pte_pv, whos PTE entry is at *ptep in
3223 * its parent page table.
3225 * pte_pv will be NULL if the page or page table is unmanaged.
3226 * pt_pv will point to the page table page containing the pte for the page.
3228 * NOTE! If we come across an unmanaged page TABLE (verses an unmanaged page),
3229 * we pass a NULL pte_pv and we pass a pt_pv pointing to the passed
3230 * process pmap's PD and page to the callback function. This can be
3231 * confusing because the pt_pv is really a pd_pv, and the target page
3232 * table page is simply aliased by the pmap and not owned by it.
3234 * It is assumed that the start and end are properly rounded to the page size.
3236 * It is assumed that PD pages and above are managed and thus in the RB tree,
3237 * allowing us to use RB_SCAN from the PD pages down for ranged scans.
3239 struct pmap_scan_info {
3243 vm_pindex_t sva_pd_pindex;
3244 vm_pindex_t eva_pd_pindex;
3245 void (*func)(pmap_t, struct pmap_scan_info *,
3246 pv_entry_t, pv_entry_t, int, vm_offset_t,
3247 pt_entry_t *, void *);
3250 struct pmap_inval_info inval;
3253 static int pmap_scan_cmp(pv_entry_t pv, void *data);
3254 static int pmap_scan_callback(pv_entry_t pv, void *data);
3257 pmap_scan(struct pmap_scan_info *info)
3259 struct pmap *pmap = info->pmap;
3260 pv_entry_t pd_pv; /* A page directory PV */
3261 pv_entry_t pt_pv; /* A page table PV */
3262 pv_entry_t pte_pv; /* A page table entry PV */
3265 struct pv_entry dummy_pv;
3272 * Hold the token for stability; if the pmap is empty we have nothing
3275 lwkt_gettoken(&pmap->pm_token);
3277 if (pmap->pm_stats.resident_count == 0) {
3278 lwkt_reltoken(&pmap->pm_token);
3283 pmap_inval_init(&info->inval);
3287 * Special handling for scanning one page, which is a very common
3288 * operation (it is?).
3290 * NOTE: Locks must be ordered bottom-up. pte,pt,pd,pdp,pml4
3292 if (info->sva + PAGE_SIZE == info->eva) {
3293 generation = pmap->pm_generation;
3294 if (info->sva >= VM_MAX_USER_ADDRESS) {
3296 * Kernel mappings do not track wire counts on
3297 * page table pages and only maintain pd_pv and
3298 * pte_pv levels so pmap_scan() works.
3301 pte_pv = pv_get(pmap, pmap_pte_pindex(info->sva));
3302 ptep = vtopte(info->sva);
3305 * User pages which are unmanaged will not have a
3306 * pte_pv. User page table pages which are unmanaged
3307 * (shared from elsewhere) will also not have a pt_pv.
3308 * The func() callback will pass both pte_pv and pt_pv
3309 * as NULL in that case.
3311 pte_pv = pv_get(pmap, pmap_pte_pindex(info->sva));
3312 pt_pv = pv_get(pmap, pmap_pt_pindex(info->sva));
3313 if (pt_pv == NULL) {
3314 KKASSERT(pte_pv == NULL);
3315 pd_pv = pv_get(pmap, pmap_pd_pindex(info->sva));
3317 ptep = pv_pte_lookup(pd_pv,
3318 pmap_pt_index(info->sva));
3320 info->func(pmap, info,
3329 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(info->sva));
3333 * NOTE: *ptep can't be ripped out from under us if we hold
3334 * pte_pv locked, but bits can change. However, there is
3335 * a race where another thread may be inserting pte_pv
3336 * and setting *ptep just after our pte_pv lookup fails.
3338 * In this situation we can end up with a NULL pte_pv
3339 * but find that we have a managed *ptep. We explicitly
3340 * check for this race.
3346 * Unlike the pv_find() case below we actually
3347 * acquired a locked pv in this case so any
3348 * race should have been resolved. It is expected
3351 KKASSERT(pte_pv == NULL);
3352 } else if (pte_pv) {
3353 KASSERT((oldpte & (pmap->pmap_bits[PG_MANAGED_IDX] |
3354 pmap->pmap_bits[PG_V_IDX])) ==
3355 (pmap->pmap_bits[PG_MANAGED_IDX] |
3356 pmap->pmap_bits[PG_V_IDX]),
3357 ("badA *ptep %016lx/%016lx sva %016lx pte_pv %p"
3359 *ptep, oldpte, info->sva, pte_pv,
3360 generation, pmap->pm_generation));
3361 info->func(pmap, info, pte_pv, pt_pv, 0,
3362 info->sva, ptep, info->arg);
3365 * Check for insertion race
3367 if ((oldpte & pmap->pmap_bits[PG_MANAGED_IDX]) &&
3369 pte_pv = pv_find(pmap,
3370 pmap_pte_pindex(info->sva));
3374 kprintf("pmap_scan: RACE1 "
3384 KASSERT((oldpte & (pmap->pmap_bits[PG_MANAGED_IDX] |
3385 pmap->pmap_bits[PG_V_IDX])) ==
3386 pmap->pmap_bits[PG_V_IDX],
3387 ("badB *ptep %016lx/%016lx sva %016lx pte_pv NULL"
3389 *ptep, oldpte, info->sva,
3390 generation, pmap->pm_generation));
3391 info->func(pmap, info, NULL, pt_pv, 0,
3392 info->sva, ptep, info->arg);
3397 pmap_inval_done(&info->inval);
3398 lwkt_reltoken(&pmap->pm_token);
3403 * Nominal scan case, RB_SCAN() for PD pages and iterate from
3406 info->sva_pd_pindex = pmap_pd_pindex(info->sva);
3407 info->eva_pd_pindex = pmap_pd_pindex(info->eva + NBPDP - 1);
3409 if (info->sva >= VM_MAX_USER_ADDRESS) {
3411 * The kernel does not currently maintain any pv_entry's for
3412 * higher-level page tables.
3414 bzero(&dummy_pv, sizeof(dummy_pv));
3415 dummy_pv.pv_pindex = info->sva_pd_pindex;
3416 spin_lock(&pmap->pm_spin);
3417 while (dummy_pv.pv_pindex < info->eva_pd_pindex) {
3418 pmap_scan_callback(&dummy_pv, info);
3419 ++dummy_pv.pv_pindex;
3421 spin_unlock(&pmap->pm_spin);
3424 * User page tables maintain local PML4, PDP, and PD
3425 * pv_entry's at the very least. PT pv's might be
3426 * unmanaged and thus not exist. PTE pv's might be
3427 * unmanaged and thus not exist.
3429 spin_lock(&pmap->pm_spin);
3430 pv_entry_rb_tree_RB_SCAN(&pmap->pm_pvroot,
3431 pmap_scan_cmp, pmap_scan_callback, info);
3432 spin_unlock(&pmap->pm_spin);
3434 pmap_inval_done(&info->inval);
3435 lwkt_reltoken(&pmap->pm_token);
3439 * WARNING! pmap->pm_spin held
3442 pmap_scan_cmp(pv_entry_t pv, void *data)
3444 struct pmap_scan_info *info = data;
3445 if (pv->pv_pindex < info->sva_pd_pindex)
3447 if (pv->pv_pindex >= info->eva_pd_pindex)
3453 * WARNING! pmap->pm_spin held
3456 pmap_scan_callback(pv_entry_t pv, void *data)
3458 struct pmap_scan_info *info = data;
3459 struct pmap *pmap = info->pmap;
3460 pv_entry_t pd_pv; /* A page directory PV */
3461 pv_entry_t pt_pv; /* A page table PV */
3462 pv_entry_t pte_pv; /* A page table entry PV */
3467 vm_offset_t va_next;
3468 vm_pindex_t pd_pindex;
3473 * Pull the PD pindex from the pv before releasing the spinlock.
3475 * WARNING: pv is faked for kernel pmap scans.
3477 pd_pindex = pv->pv_pindex;
3478 spin_unlock(&pmap->pm_spin);
3479 pv = NULL; /* invalid after spinlock unlocked */
3482 * Calculate the page range within the PD. SIMPLE pmaps are
3483 * direct-mapped for the entire 2^64 address space. Normal pmaps
3484 * reflect the user and kernel address space which requires
3485 * cannonicalization w/regards to converting pd_pindex's back
3488 sva = (pd_pindex - NUPTE_TOTAL - NUPT_TOTAL) << PDPSHIFT;
3489 if ((pmap->pm_flags & PMAP_FLAG_SIMPLE) == 0 &&
3490 (sva & PML4_SIGNMASK)) {
3491 sva |= PML4_SIGNMASK;
3493 eva = sva + NBPDP; /* can overflow */
3494 if (sva < info->sva)
3496 if (eva < info->sva || eva > info->eva)
3500 * NOTE: kernel mappings do not track page table pages, only
3503 * NOTE: Locks must be ordered bottom-up. pte,pt,pd,pdp,pml4.
3504 * However, for the scan to be efficient we try to
3505 * cache items top-down.
3510 for (; sva < eva; sva = va_next) {
3511 if (sva >= VM_MAX_USER_ADDRESS) {
3520 * PD cache (degenerate case if we skip). It is possible
3521 * for the PD to not exist due to races. This is ok.
3523 if (pd_pv == NULL) {
3524 pd_pv = pv_get(pmap, pmap_pd_pindex(sva));
3525 } else if (pd_pv->pv_pindex != pmap_pd_pindex(sva)) {
3527 pd_pv = pv_get(pmap, pmap_pd_pindex(sva));
3529 if (pd_pv == NULL) {
3530 va_next = (sva + NBPDP) & ~PDPMASK;
3539 if (pt_pv == NULL) {
3544 pt_pv = pv_get(pmap, pmap_pt_pindex(sva));
3545 } else if (pt_pv->pv_pindex != pmap_pt_pindex(sva)) {
3551 pt_pv = pv_get(pmap, pmap_pt_pindex(sva));
3555 * If pt_pv is NULL we either have an shared page table
3556 * page and must issue a callback specific to that case,
3557 * or there is no page table page.
3559 * Either way we can skip the page table page.
3561 if (pt_pv == NULL) {
3563 * Possible unmanaged (shared from another pmap)
3567 pd_pv = pv_get(pmap, pmap_pd_pindex(sva));
3568 KKASSERT(pd_pv != NULL);
3569 ptep = pv_pte_lookup(pd_pv, pmap_pt_index(sva));
3570 if (*ptep & pmap->pmap_bits[PG_V_IDX]) {
3571 info->func(pmap, info, NULL, pd_pv, 1,
3572 sva, ptep, info->arg);
3576 * Done, move to next page table page.
3578 va_next = (sva + NBPDR) & ~PDRMASK;
3585 * From this point in the loop testing pt_pv for non-NULL
3586 * means we are in UVM, else if it is NULL we are in KVM.
3588 * Limit our scan to either the end of the va represented
3589 * by the current page table page, or to the end of the
3590 * range being removed.
3593 va_next = (sva + NBPDR) & ~PDRMASK;
3600 * Scan the page table for pages. Some pages may not be
3601 * managed (might not have a pv_entry).
3603 * There is no page table management for kernel pages so
3604 * pt_pv will be NULL in that case, but otherwise pt_pv
3605 * is non-NULL, locked, and referenced.
3609 * At this point a non-NULL pt_pv means a UVA, and a NULL
3610 * pt_pv means a KVA.
3613 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(sva));
3617 while (sva < va_next) {
3619 * Acquire the related pte_pv, if any. If *ptep == 0
3620 * the related pte_pv should not exist, but if *ptep
3621 * is not zero the pte_pv may or may not exist (e.g.
3622 * will not exist for an unmanaged page).
3624 * However a multitude of races are possible here.
3626 * In addition, the (pt_pv, pte_pv) lock order is
3627 * backwards, so we have to be careful in aquiring
3628 * a properly locked pte_pv.
3630 generation = pmap->pm_generation;
3632 pte_pv = pv_get_try(pmap, pmap_pte_pindex(sva),
3639 pv_put(pt_pv); /* must be non-NULL */
3641 pv_lock(pte_pv); /* safe to block now */
3644 pt_pv = pv_get(pmap,
3645 pmap_pt_pindex(sva));
3647 * pt_pv reloaded, need new ptep
3649 KKASSERT(pt_pv != NULL);
3650 ptep = pv_pte_lookup(pt_pv,
3651 pmap_pte_index(sva));
3655 pte_pv = pv_get(pmap, pmap_pte_pindex(sva));
3659 * Ok, if *ptep == 0 we had better NOT have a pte_pv.
3664 kprintf("Unexpected non-NULL pte_pv "
3666 "*ptep = %016lx/%016lx\n",
3667 pte_pv, pt_pv, *ptep, oldpte);
3668 panic("Unexpected non-NULL pte_pv");
3676 * Ready for the callback. The locked pte_pv (if any)
3677 * is consumed by the callback. pte_pv will exist if
3678 * the page is managed, and will not exist if it
3682 KASSERT((oldpte & (pmap->pmap_bits[PG_MANAGED_IDX] | pmap->pmap_bits[PG_V_IDX])) ==
3683 (pmap->pmap_bits[PG_MANAGED_IDX] | pmap->pmap_bits[PG_V_IDX]),
3684 ("badC *ptep %016lx/%016lx sva %016lx "
3685 "pte_pv %p pm_generation %d/%d",
3686 *ptep, oldpte, sva, pte_pv,
3687 generation, pmap->pm_generation));
3688 info->func(pmap, info, pte_pv, pt_pv, 0,
3689 sva, ptep, info->arg);
3692 * Check for insertion race. Since there is no
3693 * pte_pv to guard us it is possible for us
3694 * to race another thread doing an insertion.
3695 * Our lookup misses the pte_pv but our *ptep
3696 * check sees the inserted pte.
3698 * XXX panic case seems to occur within a
3699 * vm_fork() of /bin/sh, which frankly
3700 * shouldn't happen since no other threads
3701 * should be inserting to our pmap in that
3702 * situation. Removing, possibly. Inserting,
3705 if ((oldpte & pmap->pmap_bits[PG_MANAGED_IDX]) &&
3707 pte_pv = pv_find(pmap,
3708 pmap_pte_pindex(sva));
3711 kprintf("pmap_scan: RACE2 "
3721 KASSERT((oldpte & (pmap->pmap_bits[PG_MANAGED_IDX] | pmap->pmap_bits[PG_V_IDX])) ==
3722 pmap->pmap_bits[PG_V_IDX],
3723 ("badD *ptep %016lx/%016lx sva %016lx "
3724 "pte_pv NULL pm_generation %d/%d",
3726 generation, pmap->pm_generation));
3727 info->func(pmap, info, NULL, pt_pv, 0,
3728 sva, ptep, info->arg);
3747 * Relock before returning.
3749 spin_lock(&pmap->pm_spin);
3754 pmap_remove(struct pmap *pmap, vm_offset_t sva, vm_offset_t eva)
3756 struct pmap_scan_info info;
3761 info.func = pmap_remove_callback;
3763 info.doinval = 1; /* normal remove requires pmap inval */
3768 pmap_remove_noinval(struct pmap *pmap, vm_offset_t sva, vm_offset_t eva)
3770 struct pmap_scan_info info;
3775 info.func = pmap_remove_callback;
3777 info.doinval = 0; /* normal remove requires pmap inval */
3782 pmap_remove_callback(pmap_t pmap, struct pmap_scan_info *info,
3783 pv_entry_t pte_pv, pv_entry_t pt_pv, int sharept,
3784 vm_offset_t va, pt_entry_t *ptep, void *arg __unused)
3790 * This will also drop pt_pv's wire_count. Note that
3791 * terminal pages are not wired based on mmu presence.
3794 pmap_remove_pv_pte(pte_pv, pt_pv, &info->inval);
3796 pmap_remove_pv_pte(pte_pv, pt_pv, NULL);
3797 pmap_remove_pv_page(pte_pv);
3799 } else if (sharept == 0) {
3801 * Unmanaged page table (pt, pd, or pdp. Not pte).
3803 * pt_pv's wire_count is still bumped by unmanaged pages
3804 * so we must decrement it manually.
3806 * We have to unwire the target page table page.
3808 * It is unclear how we can invalidate a segment so we
3809 * invalidate -1 which invlidates the tlb.
3812 pmap_inval_interlock(&info->inval, pmap, -1);
3813 pte = pte_load_clear(ptep);
3815 pmap_inval_deinterlock(&info->inval, pmap);
3816 if (pte & pmap->pmap_bits[PG_W_IDX])
3817 atomic_add_long(&pmap->pm_stats.wired_count, -1);
3818 atomic_add_long(&pmap->pm_stats.resident_count, -1);
3819 if (vm_page_unwire_quick(pt_pv->pv_m))
3820 panic("pmap_remove: insufficient wirecount");
3823 * Unmanaged page table (pt, pd, or pdp. Not pte) for
3824 * a shared page table.
3826 * pt_pv is actually the pd_pv for our pmap (not the shared
3829 * We have to unwire the target page table page and we
3830 * have to unwire our page directory page.
3832 * It is unclear how we can invalidate a segment so we
3833 * invalidate -1 which invlidates the tlb.
3836 pmap_inval_interlock(&info->inval, pmap, -1);
3837 pte = pte_load_clear(ptep);
3839 pmap_inval_deinterlock(&info->inval, pmap);
3840 atomic_add_long(&pmap->pm_stats.resident_count, -1);
3841 KKASSERT((pte & pmap->pmap_bits[PG_DEVICE_IDX]) == 0);
3842 if (vm_page_unwire_quick(PHYS_TO_VM_PAGE(pte & PG_FRAME)))
3843 panic("pmap_remove: shared pgtable1 bad wirecount");
3844 if (vm_page_unwire_quick(pt_pv->pv_m))
3845 panic("pmap_remove: shared pgtable2 bad wirecount");
3850 * Removes this physical page from all physical maps in which it resides.
3851 * Reflects back modify bits to the pager.
3853 * This routine may not be called from an interrupt.
3857 pmap_remove_all(vm_page_t m)
3859 struct pmap_inval_info info;
3862 if (!pmap_initialized /* || (m->flags & PG_FICTITIOUS)*/)
3865 pmap_inval_init(&info);
3866 vm_page_spin_lock(m);
3867 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3868 KKASSERT(pv->pv_m == m);
3869 if (pv_hold_try(pv)) {
3870 vm_page_spin_unlock(m);
3872 vm_page_spin_unlock(m);
3875 if (pv->pv_m != m) {
3877 vm_page_spin_lock(m);
3882 * Holding no spinlocks, pv is locked.
3884 pmap_remove_pv_pte(pv, NULL, &info);
3885 pmap_remove_pv_page(pv);
3887 vm_page_spin_lock(m);
3889 KKASSERT((m->flags & (PG_MAPPED|PG_WRITEABLE)) == 0);
3890 vm_page_spin_unlock(m);
3891 pmap_inval_done(&info);
3895 * Set the physical protection on the specified range of this map
3896 * as requested. This function is typically only used for debug watchpoints
3899 * This function may not be called from an interrupt if the map is
3900 * not the kernel_pmap.
3902 * NOTE! For shared page table pages we just unmap the page.
3905 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3907 struct pmap_scan_info info;
3908 /* JG review for NX */
3912 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
3913 pmap_remove(pmap, sva, eva);
3916 if (prot & VM_PROT_WRITE)
3921 info.func = pmap_protect_callback;
3929 pmap_protect_callback(pmap_t pmap, struct pmap_scan_info *info,
3930 pv_entry_t pte_pv, pv_entry_t pt_pv, int sharept,
3931 vm_offset_t va, pt_entry_t *ptep, void *arg __unused)
3941 pmap_inval_interlock(&info->inval, pmap, va);
3947 if (pbits & pmap->pmap_bits[PG_A_IDX]) {
3948 if ((pbits & pmap->pmap_bits[PG_DEVICE_IDX]) == 0) {
3949 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
3950 KKASSERT(m == pte_pv->pv_m);
3951 vm_page_flag_set(m, PG_REFERENCED);
3953 cbits &= ~pmap->pmap_bits[PG_A_IDX];
3955 if (pbits & pmap->pmap_bits[PG_M_IDX]) {
3956 if (pmap_track_modified(pte_pv->pv_pindex)) {
3957 if ((pbits & pmap->pmap_bits[PG_DEVICE_IDX]) == 0) {
3959 m = PHYS_TO_VM_PAGE(pbits &
3964 cbits &= ~pmap->pmap_bits[PG_M_IDX];
3967 } else if (sharept) {
3969 * Unmanaged page table, pt_pv is actually the pd_pv
3970 * for our pmap (not the object's shared pmap).
3972 * When asked to protect something in a shared page table
3973 * page we just unmap the page table page. We have to
3974 * invalidate the tlb in this situation.
3976 * XXX Warning, shared page tables will not be used for
3977 * OBJT_DEVICE or OBJT_MGTDEVICE (PG_FICTITIOUS) mappings
3978 * so PHYS_TO_VM_PAGE() should be safe here.
3980 pte = pte_load_clear(ptep);
3981 pmap_inval_invltlb(&info->inval);
3982 if (vm_page_unwire_quick(PHYS_TO_VM_PAGE(pte & PG_FRAME)))
3983 panic("pmap_protect: pgtable1 pg bad wirecount");
3984 if (vm_page_unwire_quick(pt_pv->pv_m))
3985 panic("pmap_protect: pgtable2 pg bad wirecount");
3988 /* else unmanaged page, adjust bits, no wire changes */
3991 cbits &= ~pmap->pmap_bits[PG_RW_IDX];
3993 if (pmap_enter_debug > 0) {
3995 kprintf("pmap_protect va=%lx ptep=%p pte_pv=%p "
3996 "pt_pv=%p cbits=%08lx\n",
4002 if (pbits != cbits && !atomic_cmpset_long(ptep, pbits, cbits)) {
4006 pmap_inval_deinterlock(&info->inval, pmap);
4012 * Insert the vm_page (m) at the virtual address (va), replacing any prior
4013 * mapping at that address. Set protection and wiring as requested.
4015 * If entry is non-NULL we check to see if the SEG_SIZE optimization is
4016 * possible. If it is we enter the page into the appropriate shared pmap
4017 * hanging off the related VM object instead of the passed pmap, then we
4018 * share the page table page from the VM object's pmap into the current pmap.
4020 * NOTE: This routine MUST insert the page into the pmap now, it cannot
4024 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
4025 boolean_t wired, vm_map_entry_t entry)
4027 pmap_inval_info info;
4028 pv_entry_t pt_pv; /* page table */
4029 pv_entry_t pte_pv; /* page table entry */
4032 pt_entry_t origpte, newpte;
4037 va = trunc_page(va);
4038 #ifdef PMAP_DIAGNOSTIC
4040 panic("pmap_enter: toobig");
4041 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
4042 panic("pmap_enter: invalid to pmap_enter page table "
4043 "pages (va: 0x%lx)", va);
4045 if (va < UPT_MAX_ADDRESS && pmap == &kernel_pmap) {
4046 kprintf("Warning: pmap_enter called on UVA with "
4049 db_print_backtrace();
4052 if (va >= UPT_MAX_ADDRESS && pmap != &kernel_pmap) {
4053 kprintf("Warning: pmap_enter called on KVA without"
4056 db_print_backtrace();
4061 * Get locked PV entries for our new page table entry (pte_pv)
4062 * and for its parent page table (pt_pv). We need the parent
4063 * so we can resolve the location of the ptep.
4065 * Only hardware MMU actions can modify the ptep out from
4068 * if (m) is fictitious or unmanaged we do not create a managing
4069 * pte_pv for it. Any pre-existing page's management state must
4070 * match (avoiding code complexity).
4072 * If the pmap is still being initialized we assume existing
4075 * Kernel mapppings do not track page table pages (i.e. pt_pv).
4077 if (pmap_initialized == FALSE) {
4082 } else if (m->flags & (/*PG_FICTITIOUS |*/ PG_UNMANAGED)) { /* XXX */
4084 if (va >= VM_MAX_USER_ADDRESS) {
4088 pt_pv = pmap_allocpte_seg(pmap, pmap_pt_pindex(va),
4090 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
4094 KKASSERT(origpte == 0 ||
4095 (origpte & pmap->pmap_bits[PG_MANAGED_IDX]) == 0);
4097 if (va >= VM_MAX_USER_ADDRESS) {
4099 * Kernel map, pv_entry-tracked.
4102 pte_pv = pmap_allocpte(pmap, pmap_pte_pindex(va), NULL);
4108 pte_pv = pmap_allocpte_seg(pmap, pmap_pte_pindex(va),
4110 ptep = pv_pte_lookup(pt_pv, pmap_pte_index(va));
4114 KKASSERT(origpte == 0 ||
4115 (origpte & pmap->pmap_bits[PG_MANAGED_IDX]));
4118 pa = VM_PAGE_TO_PHYS(m);
4119 opa = origpte & PG_FRAME;
4121 newpte = (pt_entry_t)(pa | pte_prot(pmap, prot) |
4122 pmap->pmap_bits[PG_V_IDX] | pmap->pmap_bits[PG_A_IDX]);
4124 newpte |= pmap->pmap_bits[PG_W_IDX];
4125 if (va < VM_MAX_USER_ADDRESS)
4126 newpte |= pmap->pmap_bits[PG_U_IDX];
4128 newpte |= pmap->pmap_bits[PG_MANAGED_IDX];
4129 // if (pmap == &kernel_pmap)
4130 // newpte |= pgeflag;
4131 newpte |= pmap->pmap_cache_bits[m->pat_mode];
4132 if (m->flags & PG_FICTITIOUS)
4133 newpte |= pmap->pmap_bits[PG_DEVICE_IDX];
4136 * It is possible for multiple faults to occur in threaded
4137 * environments, the existing pte might be correct.
4139 if (((origpte ^ newpte) & ~(pt_entry_t)(pmap->pmap_bits[PG_M_IDX] |
4140 pmap->pmap_bits[PG_A_IDX])) == 0)
4143 if ((prot & VM_PROT_NOSYNC) == 0)
4144 pmap_inval_init(&info);
4147 * Ok, either the address changed or the protection or wiring
4150 * Clear the current entry, interlocking the removal. For managed
4151 * pte's this will also flush the modified state to the vm_page.
4152 * Atomic ops are mandatory in order to ensure that PG_M events are
4153 * not lost during any transition.
4155 * WARNING: The caller has busied the new page but not the original
4156 * vm_page which we are trying to replace. Because we hold
4157 * the pte_pv lock, but have not busied the page, PG bits
4158 * can be cleared out from under us.
4163 * pmap_remove_pv_pte() unwires pt_pv and assumes
4164 * we will free pte_pv, but since we are reusing
4165 * pte_pv we want to retain the wire count.
4167 * pt_pv won't exist for a kernel page (managed or
4171 vm_page_wire_quick(pt_pv->pv_m);
4172 if (prot & VM_PROT_NOSYNC)
4173 pmap_remove_pv_pte(pte_pv, pt_pv, NULL);
4175 pmap_remove_pv_pte(pte_pv, pt_pv, &info);
4177 pmap_remove_pv_page(pte_pv);
4178 } else if (prot & VM_PROT_NOSYNC) {
4180 * Unmanaged page, NOSYNC (no mmu sync) requested.
4182 * Leave wire count on PT page intact.
4184 (void)pte_load_clear(ptep);
4185 cpu_invlpg((void *)va);
4186 atomic_add_long(&pmap->pm_stats.resident_count, -1);
4189 * Unmanaged page, normal enter.
4191 * Leave wire count on PT page intact.
4193 pmap_inval_interlock(&info, pmap, va);
4194 (void)pte_load_clear(ptep);
4195 pmap_inval_deinterlock(&info, pmap);
4196 atomic_add_long(&pmap->pm_stats.resident_count, -1);
4198 KKASSERT(*ptep == 0);
4202 if (pmap_enter_debug > 0) {
4204 kprintf("pmap_enter: va=%lx m=%p origpte=%lx newpte=%lx ptep=%p"
4205 " pte_pv=%p pt_pv=%p opa=%lx prot=%02x\n",
4207 origpte, newpte, ptep,
4208 pte_pv, pt_pv, opa, prot);
4214 * Enter on the PV list if part of our managed memory.
4215 * Wiring of the PT page is already handled.
4217 KKASSERT(pte_pv->pv_m == NULL);
4218 vm_page_spin_lock(m);
4220 pmap_page_stats_adding(m);
4221 TAILQ_INSERT_TAIL(&m->md.pv_list, pte_pv, pv_list);
4222 vm_page_flag_set(m, PG_MAPPED);
4223 vm_page_spin_unlock(m);
4224 } else if (pt_pv && opa == 0) {
4226 * We have to adjust the wire count on the PT page ourselves
4227 * for unmanaged entries. If opa was non-zero we retained
4228 * the existing wire count from the removal.
4230 vm_page_wire_quick(pt_pv->pv_m);
4234 * Kernel VMAs (pt_pv == NULL) require pmap invalidation interlocks.
4236 * User VMAs do not because those will be zero->non-zero, so no
4237 * stale entries to worry about at this point.
4239 * For KVM there appear to still be issues. Theoretically we
4240 * should be able to scrap the interlocks entirely but we
4243 if ((prot & VM_PROT_NOSYNC) == 0 && pt_pv == NULL)
4244 pmap_inval_interlock(&info, pmap, va);
4249 *(volatile pt_entry_t *)ptep = newpte;
4251 if ((prot & VM_PROT_NOSYNC) == 0 && pt_pv == NULL)
4252 pmap_inval_deinterlock(&info, pmap);
4253 else if (pt_pv == NULL)
4254 cpu_invlpg((void *)va);
4258 atomic_add_long(&pte_pv->pv_pmap->pm_stats.wired_count,
4261 atomic_add_long(&pmap->pm_stats.wired_count, 1);
4264 if (newpte & pmap->pmap_bits[PG_RW_IDX])
4265 vm_page_flag_set(m, PG_WRITEABLE);
4268 * Unmanaged pages need manual resident_count tracking.
4270 if (pte_pv == NULL && pt_pv)
4271 atomic_add_long(&pt_pv->pv_pmap->pm_stats.resident_count, 1);
4276 if ((prot & VM_PROT_NOSYNC) == 0 || pte_pv == NULL)
4277 pmap_inval_done(&info);
4279 KKASSERT((newpte & pmap->pmap_bits[PG_MANAGED_IDX]) == 0 ||
4280 (m->flags & PG_MAPPED));
4283 * Cleanup the pv entry, allowing other accessors.
4292 * This code works like pmap_enter() but assumes VM_PROT_READ and not-wired.
4293 * This code also assumes that the pmap has no pre-existing entry for this
4296 * This code currently may only be used on user pmaps, not kernel_pmap.
4299 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m)
4301 pmap_enter(pmap, va, m, VM_PROT_READ, FALSE, NULL);
4305 * Make a temporary mapping for a physical address. This is only intended
4306 * to be used for panic dumps.
4308 * The caller is responsible for calling smp_invltlb().
4311 pmap_kenter_temporary(vm_paddr_t pa, long i)
4313 pmap_kenter_quick((vm_offset_t)crashdumpmap + (i * PAGE_SIZE), pa);
4314 return ((void *)crashdumpmap);
4317 #define MAX_INIT_PT (96)
4320 * This routine preloads the ptes for a given object into the specified pmap.
4321 * This eliminates the blast of soft faults on process startup and
4322 * immediately after an mmap.
4324 static int pmap_object_init_pt_callback(vm_page_t p, void *data);
4327 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_prot_t prot,
4328 vm_object_t object, vm_pindex_t pindex,
4329 vm_size_t size, int limit)
4331 struct rb_vm_page_scan_info info;
4336 * We can't preinit if read access isn't set or there is no pmap
4339 if ((prot & VM_PROT_READ) == 0 || pmap == NULL || object == NULL)
4343 * We can't preinit if the pmap is not the current pmap
4345 lp = curthread->td_lwp;
4346 if (lp == NULL || pmap != vmspace_pmap(lp->lwp_vmspace))
4350 * Misc additional checks
4352 psize = x86_64_btop(size);
4354 if ((object->type != OBJT_VNODE) ||
4355 ((limit & MAP_PREFAULT_PARTIAL) && (psize > MAX_INIT_PT) &&
4356 (object->resident_page_count > MAX_INIT_PT))) {
4360 if (pindex + psize > object->size) {
4361 if (object->size < pindex)
4363 psize = object->size - pindex;
4370 * If everything is segment-aligned do not pre-init here. Instead
4371 * allow the normal vm_fault path to pass a segment hint to
4372 * pmap_enter() which will then use an object-referenced shared
4375 if ((addr & SEG_MASK) == 0 &&
4376 (ctob(psize) & SEG_MASK) == 0 &&
4377 (ctob(pindex) & SEG_MASK) == 0) {
4382 * Use a red-black scan to traverse the requested range and load
4383 * any valid pages found into the pmap.
4385 * We cannot safely scan the object's memq without holding the
4388 info.start_pindex = pindex;
4389 info.end_pindex = pindex + psize - 1;
4395 vm_object_hold_shared(object);
4396 vm_page_rb_tree_RB_SCAN(&object->rb_memq, rb_vm_page_scancmp,
4397 pmap_object_init_pt_callback, &info);
4398 vm_object_drop(object);
4403 pmap_object_init_pt_callback(vm_page_t p, void *data)
4405 struct rb_vm_page_scan_info *info = data;
4406 vm_pindex_t rel_index;
4409 * don't allow an madvise to blow away our really
4410 * free pages allocating pv entries.
4412 if ((info->limit & MAP_PREFAULT_MADVISE) &&
4413 vmstats.v_free_count < vmstats.v_free_reserved) {
4418 * Ignore list markers and ignore pages we cannot instantly
4419 * busy (while holding the object token).
4421 if (p->flags & PG_MARKER)
4423 if (vm_page_busy_try(p, TRUE))
4425 if (((p->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
4426 (p->flags & PG_FICTITIOUS) == 0) {
4427 if ((p->queue - p->pc) == PQ_CACHE)
4428 vm_page_deactivate(p);
4429 rel_index = p->pindex - info->start_pindex;
4430 pmap_enter_quick(info->pmap,
4431 info->addr + x86_64_ptob(rel_index), p);
4439 * Return TRUE if the pmap is in shape to trivially pre-fault the specified
4442 * Returns FALSE if it would be non-trivial or if a pte is already loaded
4445 * XXX This is safe only because page table pages are not freed.
4448 pmap_prefault_ok(pmap_t pmap, vm_offset_t addr)
4452 /*spin_lock(&pmap->pm_spin);*/
4453 if ((pte = pmap_pte(pmap, addr)) != NULL) {
4454 if (*pte & pmap->pmap_bits[PG_V_IDX]) {
4455 /*spin_unlock(&pmap->pm_spin);*/
4459 /*spin_unlock(&pmap->pm_spin);*/
4464 * Change the wiring attribute for a pmap/va pair. The mapping must already
4465 * exist in the pmap. The mapping may or may not be managed.
4468 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired,
4469 vm_map_entry_t entry)
4476 lwkt_gettoken(&pmap->pm_token);
4477 pv = pmap_allocpte_seg(pmap, pmap_pt_pindex(va), NULL, entry, va);
4478 ptep = pv_pte_lookup(pv, pmap_pte_index(va));
4480 if (wired && !pmap_pte_w(pmap, ptep))
4481 atomic_add_long(&pv->pv_pmap->pm_stats.wired_count, 1);
4482 else if (!wired && pmap_pte_w(pmap, ptep))
4483 atomic_add_long(&pv->pv_pmap->pm_stats.wired_count, -1);
4486 * Wiring is not a hardware characteristic so there is no need to
4487 * invalidate TLB. However, in an SMP environment we must use
4488 * a locked bus cycle to update the pte (if we are not using
4489 * the pmap_inval_*() API that is)... it's ok to do this for simple
4493 atomic_set_long(ptep, pmap->pmap_bits[PG_W_IDX]);
4495 atomic_clear_long(ptep, pmap->pmap_bits[PG_W_IDX]);
4497 lwkt_reltoken(&pmap->pm_token);
4503 * Copy the range specified by src_addr/len from the source map to
4504 * the range dst_addr/len in the destination map.
4506 * This routine is only advisory and need not do anything.
4509 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
4510 vm_size_t len, vm_offset_t src_addr)
4517 * Zero the specified physical page.
4519 * This function may be called from an interrupt and no locking is
4523 pmap_zero_page(vm_paddr_t phys)
4525 vm_offset_t va = PHYS_TO_DMAP(phys);
4527 pagezero((void *)va);
4531 * pmap_page_assertzero:
4533 * Assert that a page is empty, panic if it isn't.
4536 pmap_page_assertzero(vm_paddr_t phys)
4538 vm_offset_t va = PHYS_TO_DMAP(phys);
4541 for (i = 0; i < PAGE_SIZE; i += sizeof(long)) {
4542 if (*(long *)((char *)va + i) != 0) {
4543 panic("pmap_page_assertzero() @ %p not zero!",
4544 (void *)(intptr_t)va);
4552 * Zero part of a physical page by mapping it into memory and clearing
4553 * its contents with bzero.
4555 * off and size may not cover an area beyond a single hardware page.
4558 pmap_zero_page_area(vm_paddr_t phys, int off, int size)
4560 vm_offset_t virt = PHYS_TO_DMAP(phys);
4562 bzero((char *)virt + off, size);
4568 * Copy the physical page from the source PA to the target PA.
4569 * This function may be called from an interrupt. No locking
4573 pmap_copy_page(vm_paddr_t src, vm_paddr_t dst)
4575 vm_offset_t src_virt, dst_virt;
4577 src_virt = PHYS_TO_DMAP(src);
4578 dst_virt = PHYS_TO_DMAP(dst);
4579 bcopy((void *)src_virt, (void *)dst_virt, PAGE_SIZE);
4583 * pmap_copy_page_frag:
4585 * Copy the physical page from the source PA to the target PA.
4586 * This function may be called from an interrupt. No locking
4590 pmap_copy_page_frag(vm_paddr_t src, vm_paddr_t dst, size_t bytes)
4592 vm_offset_t src_virt, dst_virt;
4594 src_virt = PHYS_TO_DMAP(src);
4595 dst_virt = PHYS_TO_DMAP(dst);
4597 bcopy((char *)src_virt + (src & PAGE_MASK),
4598 (char *)dst_virt + (dst & PAGE_MASK),
4603 * Returns true if the pmap's pv is one of the first 16 pvs linked to from
4604 * this page. This count may be changed upwards or downwards in the future;
4605 * it is only necessary that true be returned for a small subset of pmaps
4606 * for proper page aging.
4609 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4614 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
4617 vm_page_spin_lock(m);
4618 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4619 if (pv->pv_pmap == pmap) {
4620 vm_page_spin_unlock(m);
4627 vm_page_spin_unlock(m);
4632 * Remove all pages from specified address space this aids process exit
4633 * speeds. Also, this code may be special cased for the current process
4637 pmap_remove_pages(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4639 pmap_remove_noinval(pmap, sva, eva);
4644 * pmap_testbit tests bits in pte's note that the testbit/clearbit
4645 * routines are inline, and a lot of things compile-time evaluate.
4649 pmap_testbit(vm_page_t m, int bit)
4655 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
4658 if (TAILQ_FIRST(&m->md.pv_list) == NULL)
4660 vm_page_spin_lock(m);
4661 if (TAILQ_FIRST(&m->md.pv_list) == NULL) {
4662 vm_page_spin_unlock(m);
4666 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4668 #if defined(PMAP_DIAGNOSTIC)
4669 if (pv->pv_pmap == NULL) {
4670 kprintf("Null pmap (tb) at pindex: %"PRIu64"\n",
4678 * If the bit being tested is the modified bit, then
4679 * mark clean_map and ptes as never
4682 * WARNING! Because we do not lock the pv, *pte can be in a
4683 * state of flux. Despite this the value of *pte
4684 * will still be related to the vm_page in some way
4685 * because the pv cannot be destroyed as long as we
4686 * hold the vm_page spin lock.
4688 if (bit == PG_A_IDX || bit == PG_M_IDX) {
4689 //& (pmap->pmap_bits[PG_A_IDX] | pmap->pmap_bits[PG_M_IDX])) {
4690 if (!pmap_track_modified(pv->pv_pindex))
4694 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
4695 if (*pte & pmap->pmap_bits[bit]) {
4696 vm_page_spin_unlock(m);
4700 vm_page_spin_unlock(m);
4705 * This routine is used to modify bits in ptes. Only one bit should be
4706 * specified. PG_RW requires special handling.
4708 * Caller must NOT hold any spin locks
4712 pmap_clearbit(vm_page_t m, int bit_index)
4714 struct pmap_inval_info info;
4720 if (bit_index == PG_RW_IDX)
4721 vm_page_flag_clear(m, PG_WRITEABLE);
4722 if (!pmap_initialized || (m->flags & PG_FICTITIOUS)) {
4729 * Loop over all current mappings setting/clearing as appropos If
4730 * setting RO do we need to clear the VAC?
4732 * NOTE: When clearing PG_M we could also (not implemented) drop
4733 * through to the PG_RW code and clear PG_RW too, forcing
4734 * a fault on write to redetect PG_M for virtual kernels, but
4735 * it isn't necessary since virtual kernels invalidate the
4736 * pte when they clear the VPTE_M bit in their virtual page
4739 * NOTE: Does not re-dirty the page when clearing only PG_M.
4741 * NOTE: Because we do not lock the pv, *pte can be in a state of
4742 * flux. Despite this the value of *pte is still somewhat
4743 * related while we hold the vm_page spin lock.
4745 * *pte can be zero due to this race. Since we are clearing
4746 * bits we basically do no harm when this race ccurs.
4748 if (bit_index != PG_RW_IDX) {
4749 vm_page_spin_lock(m);
4750 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4751 #if defined(PMAP_DIAGNOSTIC)
4752 if (pv->pv_pmap == NULL) {
4753 kprintf("Null pmap (cb) at pindex: %"PRIu64"\n",
4759 pte = pmap_pte_quick(pv->pv_pmap,
4760 pv->pv_pindex << PAGE_SHIFT);
4762 if (pbits & pmap->pmap_bits[bit_index])
4763 atomic_clear_long(pte, pmap->pmap_bits[bit_index]);
4765 vm_page_spin_unlock(m);
4770 * Clear PG_RW. Also clears PG_M and marks the page dirty if PG_M
4773 pmap_inval_init(&info);
4776 vm_page_spin_lock(m);
4777 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4779 * don't write protect pager mappings
4781 if (!pmap_track_modified(pv->pv_pindex))
4784 #if defined(PMAP_DIAGNOSTIC)
4785 if (pv->pv_pmap == NULL) {
4786 kprintf("Null pmap (cb) at pindex: %"PRIu64"\n",
4793 * Skip pages which do not have PG_RW set.
4795 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
4796 if ((*pte & pmap->pmap_bits[PG_RW_IDX]) == 0)
4802 if (pv_hold_try(pv)) {
4803 vm_page_spin_unlock(m);
4805 vm_page_spin_unlock(m);
4806 pv_lock(pv); /* held, now do a blocking lock */
4808 if (pv->pv_pmap != pmap || pv->pv_m != m) {
4809 pv_put(pv); /* and release */
4810 goto restart; /* anything could have happened */
4812 pmap_inval_interlock(&info, pmap,
4813 (vm_offset_t)pv->pv_pindex << PAGE_SHIFT);
4814 KKASSERT(pv->pv_pmap == pmap);
4818 if (atomic_cmpset_long(pte, pbits, pbits &
4819 ~(pmap->pmap_bits[PG_RW_IDX] |
4820 pmap->pmap_bits[PG_M_IDX]))) {
4824 pmap_inval_deinterlock(&info, pmap);
4825 vm_page_spin_lock(m);
4828 * If PG_M was found to be set while we were clearing PG_RW
4829 * we also clear PG_M (done above) and mark the page dirty.
4830 * Callers expect this behavior.
4832 if (pbits & pmap->pmap_bits[PG_M_IDX])
4836 vm_page_spin_unlock(m);
4837 pmap_inval_done(&info);
4841 * Lower the permission for all mappings to a given page.
4843 * Page must be busied by caller. Because page is busied by caller this
4844 * should not be able to race a pmap_enter().
4847 pmap_page_protect(vm_page_t m, vm_prot_t prot)
4849 /* JG NX support? */
4850 if ((prot & VM_PROT_WRITE) == 0) {
4851 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
4853 * NOTE: pmap_clearbit(.. PG_RW) also clears
4854 * the PG_WRITEABLE flag in (m).
4856 pmap_clearbit(m, PG_RW_IDX);
4864 pmap_phys_address(vm_pindex_t ppn)
4866 return (x86_64_ptob(ppn));
4870 * Return a count of reference bits for a page, clearing those bits.
4871 * It is not necessary for every reference bit to be cleared, but it
4872 * is necessary that 0 only be returned when there are truly no
4873 * reference bits set.
4875 * XXX: The exact number of bits to check and clear is a matter that
4876 * should be tested and standardized at some point in the future for
4877 * optimal aging of shared pages.
4879 * This routine may not block.
4882 pmap_ts_referenced(vm_page_t m)
4889 if (!pmap_initialized || (m->flags & PG_FICTITIOUS))
4892 vm_page_spin_lock(m);
4893 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4894 if (!pmap_track_modified(pv->pv_pindex))
4897 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_pindex << PAGE_SHIFT);
4898 if (pte && (*pte & pmap->pmap_bits[PG_A_IDX])) {
4899 atomic_clear_long(pte, pmap->pmap_bits[PG_A_IDX]);
4905 vm_page_spin_unlock(m);
4912 * Return whether or not the specified physical page was modified
4913 * in any physical maps.
4916 pmap_is_modified(vm_page_t m)
4920 res = pmap_testbit(m, PG_M_IDX);
4925 * Clear the modify bits on the specified physical page.
4928 pmap_clear_modify(vm_page_t m)
4930 pmap_clearbit(m, PG_M_IDX);
4934 * pmap_clear_reference:
4936 * Clear the reference bit on the specified physical page.
4939 pmap_clear_reference(vm_page_t m)
4941 pmap_clearbit(m, PG_A_IDX);
4945 * Miscellaneous support routines follow
4950 i386_protection_init(void)
4954 /* JG NX support may go here; No VM_PROT_EXECUTE ==> set NX bit */
4955 kp = protection_codes;
4956 for (prot = 0; prot < PROTECTION_CODES_SIZE; prot++) {
4958 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_NONE:
4960 * Read access is also 0. There isn't any execute bit,
4961 * so just make it readable.
4963 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_NONE:
4964 case VM_PROT_READ | VM_PROT_NONE | VM_PROT_EXECUTE:
4965 case VM_PROT_NONE | VM_PROT_NONE | VM_PROT_EXECUTE:
4968 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_NONE:
4969 case VM_PROT_NONE | VM_PROT_WRITE | VM_PROT_EXECUTE:
4970 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_NONE:
4971 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
4972 *kp++ = pmap_bits_default[PG_RW_IDX];
4979 * Map a set of physical memory pages into the kernel virtual
4980 * address space. Return a pointer to where it is mapped. This
4981 * routine is intended to be used for mapping device memory,
4984 * NOTE: We can't use pgeflag unless we invalidate the pages one at
4987 * NOTE: The PAT attributes {WRITE_BACK, WRITE_THROUGH, UNCACHED, UNCACHEABLE}
4988 * work whether the cpu supports PAT or not. The remaining PAT
4989 * attributes {WRITE_PROTECTED, WRITE_COMBINING} only work if the cpu
4993 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
4995 return(pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
4999 pmap_mapdev_uncacheable(vm_paddr_t pa, vm_size_t size)
5001 return(pmap_mapdev_attr(pa, size, PAT_UNCACHEABLE));
5005 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5007 return (pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
5011 * Map a set of physical memory pages into the kernel virtual
5012 * address space. Return a pointer to where it is mapped. This
5013 * routine is intended to be used for mapping device memory,
5017 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
5019 vm_offset_t va, tmpva, offset;
5023 offset = pa & PAGE_MASK;
5024 size = roundup(offset + size, PAGE_SIZE);
5026 va = kmem_alloc_nofault(&kernel_map, size, PAGE_SIZE);
5028 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
5030 pa = pa & ~PAGE_MASK;
5031 for (tmpva = va, tmpsize = size; tmpsize > 0;) {
5032 pte = vtopte(tmpva);
5034 kernel_pmap.pmap_bits[PG_RW_IDX] |
5035 kernel_pmap.pmap_bits[PG_V_IDX] | /* pgeflag | */
5036 kernel_pmap.pmap_cache_bits[mode];
5037 tmpsize -= PAGE_SIZE;
5041 pmap_invalidate_range(&kernel_pmap, va, va + size);
5042 pmap_invalidate_cache_range(va, va + size);
5044 return ((void *)(va + offset));
5048 pmap_unmapdev(vm_offset_t va, vm_size_t size)
5050 vm_offset_t base, offset;
5052 base = va & ~PAGE_MASK;
5053 offset = va & PAGE_MASK;
5054 size = roundup(offset + size, PAGE_SIZE);
5055 pmap_qremove(va, size >> PAGE_SHIFT);
5056 kmem_free(&kernel_map, base, size);
5060 * Sets the memory attribute for the specified page.
5063 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5069 * If "m" is a normal page, update its direct mapping. This update
5070 * can be relied upon to perform any cache operations that are
5071 * required for data coherence.
5073 if ((m->flags & PG_FICTITIOUS) == 0)
5074 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
5079 * Change the PAT attribute on an existing kernel memory map. Caller
5080 * must ensure that the virtual memory in question is not accessed
5081 * during the adjustment.
5084 pmap_change_attr(vm_offset_t va, vm_size_t count, int mode)
5091 panic("pmap_change_attr: va is NULL");
5092 base = trunc_page(va);
5096 *pte = (*pte & ~(pt_entry_t)(kernel_pmap.pmap_cache_mask)) |
5097 kernel_pmap.pmap_cache_bits[mode];
5102 changed = 1; /* XXX: not optimal */
5105 * Flush CPU caches if required to make sure any data isn't cached that
5106 * shouldn't be, etc.
5109 pmap_invalidate_range(&kernel_pmap, base, va);
5110 pmap_invalidate_cache_range(base, va);
5115 * perform the pmap work for mincore
5118 pmap_mincore(pmap_t pmap, vm_offset_t addr)
5120 pt_entry_t *ptep, pte;
5124 lwkt_gettoken(&pmap->pm_token);
5125 ptep = pmap_pte(pmap, addr);
5127 if (ptep && (pte = *ptep) != 0) {
5130 val = MINCORE_INCORE;
5131 if ((pte & pmap->pmap_bits[PG_MANAGED_IDX]) == 0)
5134 pa = pte & PG_FRAME;
5136 if (pte & pmap->pmap_bits[PG_DEVICE_IDX])
5139 m = PHYS_TO_VM_PAGE(pa);
5144 if (pte & pmap->pmap_bits[PG_M_IDX])
5145 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
5147 * Modified by someone
5149 else if (m && (m->dirty || pmap_is_modified(m)))
5150 val |= MINCORE_MODIFIED_OTHER;
5154 if (pte & pmap->pmap_bits[PG_A_IDX])
5155 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
5158 * Referenced by someone
5160 else if (m && ((m->flags & PG_REFERENCED) ||
5161 pmap_ts_referenced(m))) {
5162 val |= MINCORE_REFERENCED_OTHER;
5163 vm_page_flag_set(m, PG_REFERENCED);
5167 lwkt_reltoken(&pmap->pm_token);
5173 * Replace p->p_vmspace with a new one. If adjrefs is non-zero the new
5174 * vmspace will be ref'd and the old one will be deref'd.
5176 * The vmspace for all lwps associated with the process will be adjusted
5177 * and cr3 will be reloaded if any lwp is the current lwp.
5179 * The process must hold the vmspace->vm_map.token for oldvm and newvm
5182 pmap_replacevm(struct proc *p, struct vmspace *newvm, int adjrefs)
5184 struct vmspace *oldvm;
5187 oldvm = p->p_vmspace;
5188 if (oldvm != newvm) {
5190 sysref_get(&newvm->vm_sysref);
5191 p->p_vmspace = newvm;
5192 KKASSERT(p->p_nthreads == 1);
5193 lp = RB_ROOT(&p->p_lwp_tree);
5194 pmap_setlwpvm(lp, newvm);
5196 sysref_put(&oldvm->vm_sysref);
5201 * Set the vmspace for a LWP. The vmspace is almost universally set the
5202 * same as the process vmspace, but virtual kernels need to swap out contexts
5203 * on a per-lwp basis.
5205 * Caller does not necessarily hold any vmspace tokens. Caller must control
5206 * the lwp (typically be in the context of the lwp). We use a critical
5207 * section to protect against statclock and hardclock (statistics collection).
5210 pmap_setlwpvm(struct lwp *lp, struct vmspace *newvm)
5212 struct vmspace *oldvm;
5215 oldvm = lp->lwp_vmspace;
5217 if (oldvm != newvm) {
5219 lp->lwp_vmspace = newvm;
5220 if (curthread->td_lwp == lp) {
5221 pmap = vmspace_pmap(newvm);
5222 atomic_set_cpumask(&pmap->pm_active, mycpu->gd_cpumask);
5223 if (pmap->pm_active_lock & CPULOCK_EXCL)
5224 pmap_interlock_wait(newvm);
5225 #if defined(SWTCH_OPTIM_STATS)
5228 if (pmap->pmap_bits[TYPE_IDX] == REGULAR_PMAP) {
5229 curthread->td_pcb->pcb_cr3 = vtophys(pmap->pm_pml4);
5230 } else if (pmap->pmap_bits[TYPE_IDX] == EPT_PMAP) {
5231 curthread->td_pcb->pcb_cr3 = KPML4phys;
5233 panic("pmap_setlwpvm: unknown pmap type\n");
5235 load_cr3(curthread->td_pcb->pcb_cr3);
5236 pmap = vmspace_pmap(oldvm);
5237 atomic_clear_cpumask(&pmap->pm_active, mycpu->gd_cpumask);
5244 * Called when switching to a locked pmap, used to interlock against pmaps
5245 * undergoing modifications to prevent us from activating the MMU for the
5246 * target pmap until all such modifications have completed. We have to do
5247 * this because the thread making the modifications has already set up its
5248 * SMP synchronization mask.
5250 * This function cannot sleep!
5255 pmap_interlock_wait(struct vmspace *vm)
5257 struct pmap *pmap = &vm->vm_pmap;
5259 if (pmap->pm_active_lock & CPULOCK_EXCL) {
5261 KKASSERT(curthread->td_critcount >= 2);
5262 DEBUG_PUSH_INFO("pmap_interlock_wait");
5263 while (pmap->pm_active_lock & CPULOCK_EXCL) {
5265 lwkt_process_ipiq();
5273 pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
5276 if ((obj == NULL) || (size < NBPDR) ||
5277 ((obj->type != OBJT_DEVICE) && (obj->type != OBJT_MGTDEVICE))) {
5281 addr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
5286 * Used by kmalloc/kfree, page already exists at va
5289 pmap_kvtom(vm_offset_t va)
5291 pt_entry_t *ptep = vtopte(va);
5293 KKASSERT((*ptep & kernel_pmap.pmap_bits[PG_DEVICE_IDX]) == 0);
5294 return(PHYS_TO_VM_PAGE(*ptep & PG_FRAME));
5298 * Initialize machine-specific shared page directory support. This
5299 * is executed when a VM object is created.
5302 pmap_object_init(vm_object_t object)
5304 object->md.pmap_rw = NULL;
5305 object->md.pmap_ro = NULL;
5309 * Clean up machine-specific shared page directory support. This
5310 * is executed when a VM object is destroyed.
5313 pmap_object_free(vm_object_t object)
5317 if ((pmap = object->md.pmap_rw) != NULL) {
5318 object->md.pmap_rw = NULL;
5319 pmap_remove_noinval(pmap,
5320 VM_MIN_USER_ADDRESS, VM_MAX_USER_ADDRESS);
5321 pmap->pm_active = 0;
5324 kfree(pmap, M_OBJPMAP);
5326 if ((pmap = object->md.pmap_ro) != NULL) {
5327 object->md.pmap_ro = NULL;
5328 pmap_remove_noinval(pmap,
5329 VM_MIN_USER_ADDRESS, VM_MAX_USER_ADDRESS);
5330 pmap->pm_active = 0;
5333 kfree(pmap, M_OBJPMAP);
projects / dragonfly.git / blob