2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
12 * Copyright (c) 2014 Andrew Turner
13 * All rights reserved.
14 * Copyright (c) 2014-2016 The FreeBSD Foundation
15 * All rights reserved.
17 * This code is derived from software contributed to Berkeley by
18 * the Systems Programming Group of the University of Utah Computer
19 * Science Department and William Jolitz of UUNET Technologies Inc.
21 * This software was developed by Andrew Turner under sponsorship from
22 * the FreeBSD Foundation.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in the
31 * documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 * must display the following acknowledgement:
34 * This product includes software developed by the University of
35 * California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
55 * Copyright (c) 2003 Networks Associates Technology, Inc.
56 * All rights reserved.
58 * This software was developed for the FreeBSD Project by Jake Burkholder,
59 * Safeport Network Services, and Network Associates Laboratories, the
60 * Security Research Division of Network Associates, Inc. under
61 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
62 * CHATS research program.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #include <sys/cdefs.h>
87 __FBSDID("$FreeBSD$");
90 * Manages physical address maps.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
110 #include <sys/param.h>
111 #include <sys/bitstring.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
116 #include <sys/lock.h>
117 #include <sys/malloc.h>
118 #include <sys/mman.h>
119 #include <sys/msgbuf.h>
120 #include <sys/mutex.h>
121 #include <sys/proc.h>
122 #include <sys/rwlock.h>
124 #include <sys/vmem.h>
125 #include <sys/vmmeter.h>
126 #include <sys/sched.h>
127 #include <sys/sysctl.h>
128 #include <sys/_unrhdr.h>
132 #include <vm/vm_param.h>
133 #include <vm/vm_kern.h>
134 #include <vm/vm_page.h>
135 #include <vm/vm_map.h>
136 #include <vm/vm_object.h>
137 #include <vm/vm_extern.h>
138 #include <vm/vm_pageout.h>
139 #include <vm/vm_pager.h>
140 #include <vm/vm_phys.h>
141 #include <vm/vm_radix.h>
142 #include <vm/vm_reserv.h>
145 #include <machine/machdep.h>
146 #include <machine/md_var.h>
147 #include <machine/pcb.h>
149 #define NL0PG (PAGE_SIZE/(sizeof (pd_entry_t)))
150 #define NL1PG (PAGE_SIZE/(sizeof (pd_entry_t)))
151 #define NL2PG (PAGE_SIZE/(sizeof (pd_entry_t)))
152 #define NL3PG (PAGE_SIZE/(sizeof (pt_entry_t)))
154 #define NUL0E L0_ENTRIES
155 #define NUL1E (NUL0E * NL1PG)
156 #define NUL2E (NUL1E * NL2PG)
158 #if !defined(DIAGNOSTIC)
159 #ifdef __GNUC_GNU_INLINE__
160 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
162 #define PMAP_INLINE extern inline
169 * These are configured by the mair_el1 register. This is set up in locore.S
171 #define DEVICE_MEMORY 0
172 #define UNCACHED_MEMORY 1
173 #define CACHED_MEMORY 2
177 #define PV_STAT(x) do { x ; } while (0)
179 #define PV_STAT(x) do { } while (0)
182 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
183 #define pa_to_pvh(pa) (&pv_table[pmap_l2_pindex(pa)])
185 #define NPV_LIST_LOCKS MAXCPU
187 #define PHYS_TO_PV_LIST_LOCK(pa) \
188 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
190 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
191 struct rwlock **_lockp = (lockp); \
192 struct rwlock *_new_lock; \
194 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
195 if (_new_lock != *_lockp) { \
196 if (*_lockp != NULL) \
197 rw_wunlock(*_lockp); \
198 *_lockp = _new_lock; \
203 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
204 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
206 #define RELEASE_PV_LIST_LOCK(lockp) do { \
207 struct rwlock **_lockp = (lockp); \
209 if (*_lockp != NULL) { \
210 rw_wunlock(*_lockp); \
215 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
216 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
218 struct pmap kernel_pmap_store;
220 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
221 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
222 vm_offset_t kernel_vm_end = 0;
225 * Data for the pv entry allocation mechanism.
226 * Updates to pv_invl_gen are protected by the pv_list_locks[]
227 * elements, but reads are not.
229 static struct md_page *pv_table;
230 static struct md_page pv_dummy;
232 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
233 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
234 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
236 /* This code assumes all L1 DMAP entries will be used */
237 CTASSERT((DMAP_MIN_ADDRESS & ~L0_OFFSET) == DMAP_MIN_ADDRESS);
238 CTASSERT((DMAP_MAX_ADDRESS & ~L0_OFFSET) == DMAP_MAX_ADDRESS);
240 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
241 extern pt_entry_t pagetable_dmap[];
243 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
245 static int superpages_enabled = 1;
246 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
247 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &superpages_enabled, 0,
248 "Are large page mappings enabled?");
251 * Data for the pv entry allocation mechanism
253 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
254 static struct mtx pv_chunks_mutex;
255 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
257 static void free_pv_chunk(struct pv_chunk *pc);
258 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
259 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
260 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
261 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
262 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
265 static int pmap_change_attr(vm_offset_t va, vm_size_t size, int mode);
266 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode);
267 static pt_entry_t *pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va);
268 static pt_entry_t *pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2,
269 vm_offset_t va, struct rwlock **lockp);
270 static pt_entry_t *pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va);
271 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
272 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
273 static int pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
274 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp);
275 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
276 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp);
277 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
278 vm_page_t m, struct rwlock **lockp);
280 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
281 struct rwlock **lockp);
283 static void _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m,
284 struct spglist *free);
285 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
286 static __inline vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
289 * These load the old table data and store the new value.
290 * They need to be atomic as the System MMU may write to the table at
291 * the same time as the CPU.
293 #define pmap_load_store(table, entry) atomic_swap_64(table, entry)
294 #define pmap_set(table, mask) atomic_set_64(table, mask)
295 #define pmap_load_clear(table) atomic_swap_64(table, 0)
296 #define pmap_load(table) (*table)
298 /********************/
299 /* Inline functions */
300 /********************/
303 pagecopy(void *s, void *d)
306 memcpy(d, s, PAGE_SIZE);
309 static __inline pd_entry_t *
310 pmap_l0(pmap_t pmap, vm_offset_t va)
313 return (&pmap->pm_l0[pmap_l0_index(va)]);
316 static __inline pd_entry_t *
317 pmap_l0_to_l1(pd_entry_t *l0, vm_offset_t va)
321 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
322 return (&l1[pmap_l1_index(va)]);
325 static __inline pd_entry_t *
326 pmap_l1(pmap_t pmap, vm_offset_t va)
330 l0 = pmap_l0(pmap, va);
331 if ((pmap_load(l0) & ATTR_DESCR_MASK) != L0_TABLE)
334 return (pmap_l0_to_l1(l0, va));
337 static __inline pd_entry_t *
338 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
342 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
343 return (&l2[pmap_l2_index(va)]);
346 static __inline pd_entry_t *
347 pmap_l2(pmap_t pmap, vm_offset_t va)
351 l1 = pmap_l1(pmap, va);
352 if ((pmap_load(l1) & ATTR_DESCR_MASK) != L1_TABLE)
355 return (pmap_l1_to_l2(l1, va));
358 static __inline pt_entry_t *
359 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
363 l3 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l2) & ~ATTR_MASK);
364 return (&l3[pmap_l3_index(va)]);
368 * Returns the lowest valid pde for a given virtual address.
369 * The next level may or may not point to a valid page or block.
371 static __inline pd_entry_t *
372 pmap_pde(pmap_t pmap, vm_offset_t va, int *level)
374 pd_entry_t *l0, *l1, *l2, desc;
376 l0 = pmap_l0(pmap, va);
377 desc = pmap_load(l0) & ATTR_DESCR_MASK;
378 if (desc != L0_TABLE) {
383 l1 = pmap_l0_to_l1(l0, va);
384 desc = pmap_load(l1) & ATTR_DESCR_MASK;
385 if (desc != L1_TABLE) {
390 l2 = pmap_l1_to_l2(l1, va);
391 desc = pmap_load(l2) & ATTR_DESCR_MASK;
392 if (desc != L2_TABLE) {
402 * Returns the lowest valid pte block or table entry for a given virtual
403 * address. If there are no valid entries return NULL and set the level to
404 * the first invalid level.
406 static __inline pt_entry_t *
407 pmap_pte(pmap_t pmap, vm_offset_t va, int *level)
409 pd_entry_t *l1, *l2, desc;
412 l1 = pmap_l1(pmap, va);
417 desc = pmap_load(l1) & ATTR_DESCR_MASK;
418 if (desc == L1_BLOCK) {
423 if (desc != L1_TABLE) {
428 l2 = pmap_l1_to_l2(l1, va);
429 desc = pmap_load(l2) & ATTR_DESCR_MASK;
430 if (desc == L2_BLOCK) {
435 if (desc != L2_TABLE) {
441 l3 = pmap_l2_to_l3(l2, va);
442 if ((pmap_load(l3) & ATTR_DESCR_MASK) != L3_PAGE)
449 pmap_superpages_enabled(void)
452 return (superpages_enabled != 0);
456 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l0, pd_entry_t **l1,
457 pd_entry_t **l2, pt_entry_t **l3)
459 pd_entry_t *l0p, *l1p, *l2p;
461 if (pmap->pm_l0 == NULL)
464 l0p = pmap_l0(pmap, va);
467 if ((pmap_load(l0p) & ATTR_DESCR_MASK) != L0_TABLE)
470 l1p = pmap_l0_to_l1(l0p, va);
473 if ((pmap_load(l1p) & ATTR_DESCR_MASK) == L1_BLOCK) {
479 if ((pmap_load(l1p) & ATTR_DESCR_MASK) != L1_TABLE)
482 l2p = pmap_l1_to_l2(l1p, va);
485 if ((pmap_load(l2p) & ATTR_DESCR_MASK) == L2_BLOCK) {
490 *l3 = pmap_l2_to_l3(l2p, va);
496 pmap_l3_valid(pt_entry_t l3)
499 return ((l3 & ATTR_DESCR_MASK) == L3_PAGE);
503 CTASSERT(L1_BLOCK == L2_BLOCK);
506 * Checks if the page is dirty. We currently lack proper tracking of this on
507 * arm64 so for now assume is a page mapped as rw was accessed it is.
510 pmap_page_dirty(pt_entry_t pte)
513 return ((pte & (ATTR_AF | ATTR_AP_RW_BIT)) ==
514 (ATTR_AF | ATTR_AP(ATTR_AP_RW)));
518 pmap_resident_count_inc(pmap_t pmap, int count)
521 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
522 pmap->pm_stats.resident_count += count;
526 pmap_resident_count_dec(pmap_t pmap, int count)
529 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
530 KASSERT(pmap->pm_stats.resident_count >= count,
531 ("pmap %p resident count underflow %ld %d", pmap,
532 pmap->pm_stats.resident_count, count));
533 pmap->pm_stats.resident_count -= count;
537 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
543 l1 = (pd_entry_t *)l1pt;
544 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
546 /* Check locore has used a table L1 map */
547 KASSERT((l1[*l1_slot] & ATTR_DESCR_MASK) == L1_TABLE,
548 ("Invalid bootstrap L1 table"));
549 /* Find the address of the L2 table */
550 l2 = (pt_entry_t *)init_pt_va;
551 *l2_slot = pmap_l2_index(va);
557 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
559 u_int l1_slot, l2_slot;
562 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
564 return ((l2[l2_slot] & ~ATTR_MASK) + (va & L2_OFFSET));
568 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa, vm_paddr_t max_pa)
574 pa = dmap_phys_base = min_pa & ~L1_OFFSET;
575 va = DMAP_MIN_ADDRESS;
576 for (; va < DMAP_MAX_ADDRESS && pa < max_pa;
577 pa += L1_SIZE, va += L1_SIZE, l1_slot++) {
578 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
580 pmap_load_store(&pagetable_dmap[l1_slot],
581 (pa & ~L1_OFFSET) | ATTR_DEFAULT | ATTR_XN |
582 ATTR_IDX(CACHED_MEMORY) | L1_BLOCK);
585 /* Set the upper limit of the DMAP region */
593 pmap_bootstrap_l2(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l2_start)
600 KASSERT((va & L1_OFFSET) == 0, ("Invalid virtual address"));
602 l1 = (pd_entry_t *)l1pt;
603 l1_slot = pmap_l1_index(va);
606 for (; va < VM_MAX_KERNEL_ADDRESS; l1_slot++, va += L1_SIZE) {
607 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
609 pa = pmap_early_vtophys(l1pt, l2pt);
610 pmap_load_store(&l1[l1_slot],
611 (pa & ~Ln_TABLE_MASK) | L1_TABLE);
615 /* Clean the L2 page table */
616 memset((void *)l2_start, 0, l2pt - l2_start);
622 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
624 vm_offset_t l2pt, l3pt;
629 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
631 l2 = pmap_l2(kernel_pmap, va);
632 l2 = (pd_entry_t *)rounddown2((uintptr_t)l2, PAGE_SIZE);
633 l2pt = (vm_offset_t)l2;
634 l2_slot = pmap_l2_index(va);
637 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
638 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
640 pa = pmap_early_vtophys(l1pt, l3pt);
641 pmap_load_store(&l2[l2_slot],
642 (pa & ~Ln_TABLE_MASK) | L2_TABLE);
646 /* Clean the L2 page table */
647 memset((void *)l3_start, 0, l3pt - l3_start);
653 * Bootstrap the system enough to run with virtual memory.
656 pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
659 u_int l1_slot, l2_slot, avail_slot, map_slot, used_map_slot;
662 vm_offset_t va, freemempos;
663 vm_offset_t dpcpu, msgbufpv;
664 vm_paddr_t pa, max_pa, min_pa;
667 kern_delta = KERNBASE - kernstart;
670 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
671 printf("%lx\n", l1pt);
672 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
674 /* Set this early so we can use the pagetable walking functions */
675 kernel_pmap_store.pm_l0 = (pd_entry_t *)l0pt;
676 PMAP_LOCK_INIT(kernel_pmap);
678 /* Assume the address we were loaded to is a valid physical address */
679 min_pa = max_pa = KERNBASE - kern_delta;
682 * Find the minimum physical address. physmap is sorted,
683 * but may contain empty ranges.
685 for (i = 0; i < (physmap_idx * 2); i += 2) {
686 if (physmap[i] == physmap[i + 1])
688 if (physmap[i] <= min_pa)
690 if (physmap[i + 1] > max_pa)
691 max_pa = physmap[i + 1];
694 /* Create a direct map region early so we can use it for pa -> va */
695 pmap_bootstrap_dmap(l1pt, min_pa, max_pa);
698 pa = KERNBASE - kern_delta;
701 * Start to initialise phys_avail by copying from physmap
702 * up to the physical address KERNBASE points at.
704 map_slot = avail_slot = 0;
705 for (; map_slot < (physmap_idx * 2) &&
706 avail_slot < (PHYS_AVAIL_SIZE - 2); map_slot += 2) {
707 if (physmap[map_slot] == physmap[map_slot + 1])
710 if (physmap[map_slot] <= pa &&
711 physmap[map_slot + 1] > pa)
714 phys_avail[avail_slot] = physmap[map_slot];
715 phys_avail[avail_slot + 1] = physmap[map_slot + 1];
716 physmem += (phys_avail[avail_slot + 1] -
717 phys_avail[avail_slot]) >> PAGE_SHIFT;
721 /* Add the memory before the kernel */
722 if (physmap[avail_slot] < pa && avail_slot < (PHYS_AVAIL_SIZE - 2)) {
723 phys_avail[avail_slot] = physmap[map_slot];
724 phys_avail[avail_slot + 1] = pa;
725 physmem += (phys_avail[avail_slot + 1] -
726 phys_avail[avail_slot]) >> PAGE_SHIFT;
729 used_map_slot = map_slot;
732 * Read the page table to find out what is already mapped.
733 * This assumes we have mapped a block of memory from KERNBASE
734 * using a single L1 entry.
736 l2 = pmap_early_page_idx(l1pt, KERNBASE, &l1_slot, &l2_slot);
738 /* Sanity check the index, KERNBASE should be the first VA */
739 KASSERT(l2_slot == 0, ("The L2 index is non-zero"));
741 /* Find how many pages we have mapped */
742 for (; l2_slot < Ln_ENTRIES; l2_slot++) {
743 if ((l2[l2_slot] & ATTR_DESCR_MASK) == 0)
746 /* Check locore used L2 blocks */
747 KASSERT((l2[l2_slot] & ATTR_DESCR_MASK) == L2_BLOCK,
748 ("Invalid bootstrap L2 table"));
749 KASSERT((l2[l2_slot] & ~ATTR_MASK) == pa,
750 ("Incorrect PA in L2 table"));
756 va = roundup2(va, L1_SIZE);
758 freemempos = KERNBASE + kernlen;
759 freemempos = roundup2(freemempos, PAGE_SIZE);
760 /* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS */
761 freemempos = pmap_bootstrap_l2(l1pt, va, freemempos);
762 /* And the l3 tables for the early devmap */
763 freemempos = pmap_bootstrap_l3(l1pt,
764 VM_MAX_KERNEL_ADDRESS - L2_SIZE, freemempos);
768 #define alloc_pages(var, np) \
769 (var) = freemempos; \
770 freemempos += (np * PAGE_SIZE); \
771 memset((char *)(var), 0, ((np) * PAGE_SIZE));
773 /* Allocate dynamic per-cpu area. */
774 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
775 dpcpu_init((void *)dpcpu, 0);
777 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
778 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
779 msgbufp = (void *)msgbufpv;
781 virtual_avail = roundup2(freemempos, L1_SIZE);
782 virtual_end = VM_MAX_KERNEL_ADDRESS - L2_SIZE;
783 kernel_vm_end = virtual_avail;
785 pa = pmap_early_vtophys(l1pt, freemempos);
787 /* Finish initialising physmap */
788 map_slot = used_map_slot;
789 for (; avail_slot < (PHYS_AVAIL_SIZE - 2) &&
790 map_slot < (physmap_idx * 2); map_slot += 2) {
791 if (physmap[map_slot] == physmap[map_slot + 1])
794 /* Have we used the current range? */
795 if (physmap[map_slot + 1] <= pa)
798 /* Do we need to split the entry? */
799 if (physmap[map_slot] < pa) {
800 phys_avail[avail_slot] = pa;
801 phys_avail[avail_slot + 1] = physmap[map_slot + 1];
803 phys_avail[avail_slot] = physmap[map_slot];
804 phys_avail[avail_slot + 1] = physmap[map_slot + 1];
806 physmem += (phys_avail[avail_slot + 1] -
807 phys_avail[avail_slot]) >> PAGE_SHIFT;
811 phys_avail[avail_slot] = 0;
812 phys_avail[avail_slot + 1] = 0;
815 * Maxmem isn't the "maximum memory", it's one larger than the
816 * highest page of the physical address space. It should be
817 * called something like "Maxphyspage".
819 Maxmem = atop(phys_avail[avail_slot - 1]);
825 * Initialize a vm_page's machine-dependent fields.
828 pmap_page_init(vm_page_t m)
831 TAILQ_INIT(&m->md.pv_list);
832 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
836 * Initialize the pmap module.
837 * Called by vm_init, to initialize any structures that the pmap
838 * system needs to map virtual memory.
847 * Are large page mappings enabled?
849 TUNABLE_INT_FETCH("vm.pmap.superpages_enabled", &superpages_enabled);
852 * Initialize the pv chunk list mutex.
854 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
857 * Initialize the pool of pv list locks.
859 for (i = 0; i < NPV_LIST_LOCKS; i++)
860 rw_init(&pv_list_locks[i], "pmap pv list");
863 * Calculate the size of the pv head table for superpages.
865 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
868 * Allocate memory for the pv head table for superpages.
870 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
872 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s,
874 for (i = 0; i < pv_npg; i++)
875 TAILQ_INIT(&pv_table[i].pv_list);
876 TAILQ_INIT(&pv_dummy.pv_list);
879 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD, 0,
880 "2MB page mapping counters");
882 static u_long pmap_l2_demotions;
883 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
884 &pmap_l2_demotions, 0, "2MB page demotions");
886 static u_long pmap_l2_p_failures;
887 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
888 &pmap_l2_p_failures, 0, "2MB page promotion failures");
890 static u_long pmap_l2_promotions;
891 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
892 &pmap_l2_promotions, 0, "2MB page promotions");
895 * Invalidate a single TLB entry.
898 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
904 "tlbi vaae1is, %0 \n"
907 : : "r"(va >> PAGE_SHIFT));
912 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
918 for (addr = sva; addr < eva; addr += PAGE_SIZE) {
920 "tlbi vaae1is, %0" : : "r"(addr >> PAGE_SHIFT));
929 pmap_invalidate_all(pmap_t pmap)
942 * Routine: pmap_extract
944 * Extract the physical page address associated
945 * with the given map/virtual_address pair.
948 pmap_extract(pmap_t pmap, vm_offset_t va)
950 pt_entry_t *pte, tpte;
957 * Find the block or page map for this virtual address. pmap_pte
958 * will return either a valid block/page entry, or NULL.
960 pte = pmap_pte(pmap, va, &lvl);
962 tpte = pmap_load(pte);
963 pa = tpte & ~ATTR_MASK;
966 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
967 ("pmap_extract: Invalid L1 pte found: %lx",
968 tpte & ATTR_DESCR_MASK));
969 pa |= (va & L1_OFFSET);
972 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
973 ("pmap_extract: Invalid L2 pte found: %lx",
974 tpte & ATTR_DESCR_MASK));
975 pa |= (va & L2_OFFSET);
978 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
979 ("pmap_extract: Invalid L3 pte found: %lx",
980 tpte & ATTR_DESCR_MASK));
981 pa |= (va & L3_OFFSET);
990 * Routine: pmap_extract_and_hold
992 * Atomically extract and hold the physical page
993 * with the given pmap and virtual address pair
994 * if that mapping permits the given protection.
997 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
999 pt_entry_t *pte, tpte;
1009 pte = pmap_pte(pmap, va, &lvl);
1011 tpte = pmap_load(pte);
1013 KASSERT(lvl > 0 && lvl <= 3,
1014 ("pmap_extract_and_hold: Invalid level %d", lvl));
1015 CTASSERT(L1_BLOCK == L2_BLOCK);
1016 KASSERT((lvl == 3 && (tpte & ATTR_DESCR_MASK) == L3_PAGE) ||
1017 (lvl < 3 && (tpte & ATTR_DESCR_MASK) == L1_BLOCK),
1018 ("pmap_extract_and_hold: Invalid pte at L%d: %lx", lvl,
1019 tpte & ATTR_DESCR_MASK));
1020 if (((tpte & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW)) ||
1021 ((prot & VM_PROT_WRITE) == 0)) {
1024 off = va & L1_OFFSET;
1027 off = va & L2_OFFSET;
1033 if (vm_page_pa_tryrelock(pmap,
1034 (tpte & ~ATTR_MASK) | off, &pa))
1036 m = PHYS_TO_VM_PAGE((tpte & ~ATTR_MASK) | off);
1046 pmap_kextract(vm_offset_t va)
1048 pt_entry_t *pte, tpte;
1052 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
1053 pa = DMAP_TO_PHYS(va);
1056 pte = pmap_pte(kernel_pmap, va, &lvl);
1058 tpte = pmap_load(pte);
1059 pa = tpte & ~ATTR_MASK;
1062 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1063 ("pmap_kextract: Invalid L1 pte found: %lx",
1064 tpte & ATTR_DESCR_MASK));
1065 pa |= (va & L1_OFFSET);
1068 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1069 ("pmap_kextract: Invalid L2 pte found: %lx",
1070 tpte & ATTR_DESCR_MASK));
1071 pa |= (va & L2_OFFSET);
1074 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1075 ("pmap_kextract: Invalid L3 pte found: %lx",
1076 tpte & ATTR_DESCR_MASK));
1077 pa |= (va & L3_OFFSET);
1085 /***************************************************
1086 * Low level mapping routines.....
1087 ***************************************************/
1090 pmap_kenter(vm_offset_t sva, vm_size_t size, vm_paddr_t pa, int mode)
1093 pt_entry_t *pte, attr;
1097 KASSERT((pa & L3_OFFSET) == 0,
1098 ("pmap_kenter: Invalid physical address"));
1099 KASSERT((sva & L3_OFFSET) == 0,
1100 ("pmap_kenter: Invalid virtual address"));
1101 KASSERT((size & PAGE_MASK) == 0,
1102 ("pmap_kenter: Mapping is not page-sized"));
1104 attr = ATTR_DEFAULT | ATTR_IDX(mode) | L3_PAGE;
1105 if (mode == DEVICE_MEMORY)
1110 pde = pmap_pde(kernel_pmap, va, &lvl);
1111 KASSERT(pde != NULL,
1112 ("pmap_kenter: Invalid page entry, va: 0x%lx", va));
1113 KASSERT(lvl == 2, ("pmap_kenter: Invalid level %d", lvl));
1115 pte = pmap_l2_to_l3(pde, va);
1116 pmap_load_store(pte, (pa & ~L3_OFFSET) | attr);
1122 pmap_invalidate_range(kernel_pmap, sva, va);
1126 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
1129 pmap_kenter(sva, size, pa, DEVICE_MEMORY);
1133 * Remove a page from the kernel pagetables.
1136 pmap_kremove(vm_offset_t va)
1141 pte = pmap_pte(kernel_pmap, va, &lvl);
1142 KASSERT(pte != NULL, ("pmap_kremove: Invalid address"));
1143 KASSERT(lvl == 3, ("pmap_kremove: Invalid pte level %d", lvl));
1145 pmap_load_clear(pte);
1146 pmap_invalidate_page(kernel_pmap, va);
1150 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
1156 KASSERT((sva & L3_OFFSET) == 0,
1157 ("pmap_kremove_device: Invalid virtual address"));
1158 KASSERT((size & PAGE_MASK) == 0,
1159 ("pmap_kremove_device: Mapping is not page-sized"));
1163 pte = pmap_pte(kernel_pmap, va, &lvl);
1164 KASSERT(pte != NULL, ("Invalid page table, va: 0x%lx", va));
1166 ("Invalid device pagetable level: %d != 3", lvl));
1167 pmap_load_clear(pte);
1172 pmap_invalidate_range(kernel_pmap, sva, va);
1176 * Used to map a range of physical addresses into kernel
1177 * virtual address space.
1179 * The value passed in '*virt' is a suggested virtual address for
1180 * the mapping. Architectures which can support a direct-mapped
1181 * physical to virtual region can return the appropriate address
1182 * within that region, leaving '*virt' unchanged. Other
1183 * architectures should map the pages starting at '*virt' and
1184 * update '*virt' with the first usable address after the mapped
1188 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1190 return PHYS_TO_DMAP(start);
1195 * Add a list of wired pages to the kva
1196 * this routine is only used for temporary
1197 * kernel mappings that do not need to have
1198 * page modification or references recorded.
1199 * Note that old mappings are simply written
1200 * over. The page *must* be wired.
1201 * Note: SMP coherent. Uses a ranged shootdown IPI.
1204 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1207 pt_entry_t *pte, pa;
1213 for (i = 0; i < count; i++) {
1214 pde = pmap_pde(kernel_pmap, va, &lvl);
1215 KASSERT(pde != NULL,
1216 ("pmap_qenter: Invalid page entry, va: 0x%lx", va));
1218 ("pmap_qenter: Invalid level %d", lvl));
1221 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT | ATTR_AP(ATTR_AP_RW) |
1222 ATTR_IDX(m->md.pv_memattr) | L3_PAGE;
1223 if (m->md.pv_memattr == DEVICE_MEMORY)
1225 pte = pmap_l2_to_l3(pde, va);
1226 pmap_load_store(pte, pa);
1230 pmap_invalidate_range(kernel_pmap, sva, va);
1234 * This routine tears out page mappings from the
1235 * kernel -- it is meant only for temporary mappings.
1238 pmap_qremove(vm_offset_t sva, int count)
1244 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1247 while (count-- > 0) {
1248 pte = pmap_pte(kernel_pmap, va, &lvl);
1250 ("Invalid device pagetable level: %d != 3", lvl));
1252 pmap_load_clear(pte);
1257 pmap_invalidate_range(kernel_pmap, sva, va);
1260 /***************************************************
1261 * Page table page management routines.....
1262 ***************************************************/
1263 static __inline void
1264 pmap_free_zero_pages(struct spglist *free)
1268 while ((m = SLIST_FIRST(free)) != NULL) {
1269 SLIST_REMOVE_HEAD(free, plinks.s.ss);
1270 /* Preserve the page's PG_ZERO setting. */
1271 vm_page_free_toq(m);
1276 * Schedule the specified unused page table page to be freed. Specifically,
1277 * add the page to the specified list of pages that will be released to the
1278 * physical memory manager after the TLB has been updated.
1280 static __inline void
1281 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1282 boolean_t set_PG_ZERO)
1286 m->flags |= PG_ZERO;
1288 m->flags &= ~PG_ZERO;
1289 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1293 * Decrements a page table page's wire count, which is used to record the
1294 * number of valid page table entries within the page. If the wire count
1295 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1296 * page table page was unmapped and FALSE otherwise.
1298 static inline boolean_t
1299 pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1303 if (m->wire_count == 0) {
1304 _pmap_unwire_l3(pmap, va, m, free);
1311 _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1314 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1316 * unmap the page table page
1318 if (m->pindex >= (NUL2E + NUL1E)) {
1322 l0 = pmap_l0(pmap, va);
1323 pmap_load_clear(l0);
1324 } else if (m->pindex >= NUL2E) {
1328 l1 = pmap_l1(pmap, va);
1329 pmap_load_clear(l1);
1334 l2 = pmap_l2(pmap, va);
1335 pmap_load_clear(l2);
1337 pmap_resident_count_dec(pmap, 1);
1338 if (m->pindex < NUL2E) {
1339 /* We just released an l3, unhold the matching l2 */
1340 pd_entry_t *l1, tl1;
1343 l1 = pmap_l1(pmap, va);
1344 tl1 = pmap_load(l1);
1345 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1346 pmap_unwire_l3(pmap, va, l2pg, free);
1347 } else if (m->pindex < (NUL2E + NUL1E)) {
1348 /* We just released an l2, unhold the matching l1 */
1349 pd_entry_t *l0, tl0;
1352 l0 = pmap_l0(pmap, va);
1353 tl0 = pmap_load(l0);
1354 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1355 pmap_unwire_l3(pmap, va, l1pg, free);
1357 pmap_invalidate_page(pmap, va);
1360 * This is a release store so that the ordinary store unmapping
1361 * the page table page is globally performed before TLB shoot-
1364 atomic_subtract_rel_int(&vm_cnt.v_wire_count, 1);
1367 * Put page on a list so that it is released after
1368 * *ALL* TLB shootdown is done
1370 pmap_add_delayed_free_list(m, free, TRUE);
1374 * After removing a page table entry, this routine is used to
1375 * conditionally free the page, and manage the hold/wire counts.
1378 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1379 struct spglist *free)
1383 if (va >= VM_MAXUSER_ADDRESS)
1385 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1386 mpte = PHYS_TO_VM_PAGE(ptepde & ~ATTR_MASK);
1387 return (pmap_unwire_l3(pmap, va, mpte, free));
1391 pmap_pinit0(pmap_t pmap)
1394 PMAP_LOCK_INIT(pmap);
1395 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1396 pmap->pm_l0 = kernel_pmap->pm_l0;
1397 pmap->pm_root.rt_root = 0;
1401 pmap_pinit(pmap_t pmap)
1407 * allocate the l0 page
1409 while ((l0pt = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
1410 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1413 l0phys = VM_PAGE_TO_PHYS(l0pt);
1414 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(l0phys);
1416 if ((l0pt->flags & PG_ZERO) == 0)
1417 pagezero(pmap->pm_l0);
1419 pmap->pm_root.rt_root = 0;
1420 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1426 * This routine is called if the desired page table page does not exist.
1428 * If page table page allocation fails, this routine may sleep before
1429 * returning NULL. It sleeps only if a lock pointer was given.
1431 * Note: If a page allocation fails at page table level two or three,
1432 * one or two pages may be held during the wait, only to be released
1433 * afterwards. This conservative approach is easily argued to avoid
1437 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1439 vm_page_t m, l1pg, l2pg;
1441 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1444 * Allocate a page table page.
1446 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1447 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1448 if (lockp != NULL) {
1449 RELEASE_PV_LIST_LOCK(lockp);
1456 * Indicate the need to retry. While waiting, the page table
1457 * page may have been allocated.
1461 if ((m->flags & PG_ZERO) == 0)
1465 * Map the pagetable page into the process address space, if
1466 * it isn't already there.
1469 if (ptepindex >= (NUL2E + NUL1E)) {
1471 vm_pindex_t l0index;
1473 l0index = ptepindex - (NUL2E + NUL1E);
1474 l0 = &pmap->pm_l0[l0index];
1475 pmap_load_store(l0, VM_PAGE_TO_PHYS(m) | L0_TABLE);
1476 } else if (ptepindex >= NUL2E) {
1477 vm_pindex_t l0index, l1index;
1478 pd_entry_t *l0, *l1;
1481 l1index = ptepindex - NUL2E;
1482 l0index = l1index >> L0_ENTRIES_SHIFT;
1484 l0 = &pmap->pm_l0[l0index];
1485 tl0 = pmap_load(l0);
1487 /* recurse for allocating page dir */
1488 if (_pmap_alloc_l3(pmap, NUL2E + NUL1E + l0index,
1491 /* XXX: release mem barrier? */
1492 atomic_subtract_int(&vm_cnt.v_wire_count, 1);
1493 vm_page_free_zero(m);
1497 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1501 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
1502 l1 = &l1[ptepindex & Ln_ADDR_MASK];
1503 pmap_load_store(l1, VM_PAGE_TO_PHYS(m) | L1_TABLE);
1505 vm_pindex_t l0index, l1index;
1506 pd_entry_t *l0, *l1, *l2;
1507 pd_entry_t tl0, tl1;
1509 l1index = ptepindex >> Ln_ENTRIES_SHIFT;
1510 l0index = l1index >> L0_ENTRIES_SHIFT;
1512 l0 = &pmap->pm_l0[l0index];
1513 tl0 = pmap_load(l0);
1515 /* recurse for allocating page dir */
1516 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1519 atomic_subtract_int(&vm_cnt.v_wire_count, 1);
1520 vm_page_free_zero(m);
1523 tl0 = pmap_load(l0);
1524 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1525 l1 = &l1[l1index & Ln_ADDR_MASK];
1527 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1528 l1 = &l1[l1index & Ln_ADDR_MASK];
1529 tl1 = pmap_load(l1);
1531 /* recurse for allocating page dir */
1532 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1535 /* XXX: release mem barrier? */
1536 atomic_subtract_int(
1537 &vm_cnt.v_wire_count, 1);
1538 vm_page_free_zero(m);
1542 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1547 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
1548 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1549 pmap_load_store(l2, VM_PAGE_TO_PHYS(m) | L2_TABLE);
1552 pmap_resident_count_inc(pmap, 1);
1558 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1560 vm_pindex_t ptepindex;
1561 pd_entry_t *pde, tpde;
1569 * Calculate pagetable page index
1571 ptepindex = pmap_l2_pindex(va);
1574 * Get the page directory entry
1576 pde = pmap_pde(pmap, va, &lvl);
1579 * If the page table page is mapped, we just increment the hold count,
1580 * and activate it. If we get a level 2 pde it will point to a level 3
1588 pte = pmap_l0_to_l1(pde, va);
1589 KASSERT(pmap_load(pte) == 0,
1590 ("pmap_alloc_l3: TODO: l0 superpages"));
1595 pte = pmap_l1_to_l2(pde, va);
1596 KASSERT(pmap_load(pte) == 0,
1597 ("pmap_alloc_l3: TODO: l1 superpages"));
1601 tpde = pmap_load(pde);
1603 m = PHYS_TO_VM_PAGE(tpde & ~ATTR_MASK);
1609 panic("pmap_alloc_l3: Invalid level %d", lvl);
1613 * Here if the pte page isn't mapped, or if it has been deallocated.
1615 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1616 if (m == NULL && lockp != NULL)
1623 /***************************************************
1624 * Pmap allocation/deallocation routines.
1625 ***************************************************/
1628 * Release any resources held by the given physical map.
1629 * Called when a pmap initialized by pmap_pinit is being released.
1630 * Should only be called if the map contains no valid mappings.
1633 pmap_release(pmap_t pmap)
1637 KASSERT(pmap->pm_stats.resident_count == 0,
1638 ("pmap_release: pmap resident count %ld != 0",
1639 pmap->pm_stats.resident_count));
1640 KASSERT(vm_radix_is_empty(&pmap->pm_root),
1641 ("pmap_release: pmap has reserved page table page(s)"));
1643 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l0));
1646 atomic_subtract_int(&vm_cnt.v_wire_count, 1);
1647 vm_page_free_zero(m);
1651 kvm_size(SYSCTL_HANDLER_ARGS)
1653 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1655 return sysctl_handle_long(oidp, &ksize, 0, req);
1657 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
1658 0, 0, kvm_size, "LU", "Size of KVM");
1661 kvm_free(SYSCTL_HANDLER_ARGS)
1663 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1665 return sysctl_handle_long(oidp, &kfree, 0, req);
1667 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
1668 0, 0, kvm_free, "LU", "Amount of KVM free");
1671 * grow the number of kernel page table entries, if needed
1674 pmap_growkernel(vm_offset_t addr)
1678 pd_entry_t *l0, *l1, *l2;
1680 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1682 addr = roundup2(addr, L2_SIZE);
1683 if (addr - 1 >= kernel_map->max_offset)
1684 addr = kernel_map->max_offset;
1685 while (kernel_vm_end < addr) {
1686 l0 = pmap_l0(kernel_pmap, kernel_vm_end);
1687 KASSERT(pmap_load(l0) != 0,
1688 ("pmap_growkernel: No level 0 kernel entry"));
1690 l1 = pmap_l0_to_l1(l0, kernel_vm_end);
1691 if (pmap_load(l1) == 0) {
1692 /* We need a new PDP entry */
1693 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
1694 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
1695 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1697 panic("pmap_growkernel: no memory to grow kernel");
1698 if ((nkpg->flags & PG_ZERO) == 0)
1699 pmap_zero_page(nkpg);
1700 paddr = VM_PAGE_TO_PHYS(nkpg);
1701 pmap_load_store(l1, paddr | L1_TABLE);
1702 continue; /* try again */
1704 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
1705 if ((pmap_load(l2) & ATTR_AF) != 0) {
1706 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1707 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1708 kernel_vm_end = kernel_map->max_offset;
1714 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
1715 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1718 panic("pmap_growkernel: no memory to grow kernel");
1719 if ((nkpg->flags & PG_ZERO) == 0)
1720 pmap_zero_page(nkpg);
1721 paddr = VM_PAGE_TO_PHYS(nkpg);
1722 pmap_load_store(l2, paddr | L2_TABLE);
1723 pmap_invalidate_page(kernel_pmap, kernel_vm_end);
1725 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1726 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1727 kernel_vm_end = kernel_map->max_offset;
1734 /***************************************************
1735 * page management routines.
1736 ***************************************************/
1738 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1739 CTASSERT(_NPCM == 3);
1740 CTASSERT(_NPCPV == 168);
1742 static __inline struct pv_chunk *
1743 pv_to_chunk(pv_entry_t pv)
1746 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
1749 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1751 #define PC_FREE0 0xfffffffffffffffful
1752 #define PC_FREE1 0xfffffffffffffffful
1753 #define PC_FREE2 0x000000fffffffffful
1755 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
1759 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1761 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1762 "Current number of pv entry chunks");
1763 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1764 "Current number of pv entry chunks allocated");
1765 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1766 "Current number of pv entry chunks frees");
1767 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1768 "Number of times tried to get a chunk page but failed.");
1770 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
1771 static int pv_entry_spare;
1773 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1774 "Current number of pv entry frees");
1775 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1776 "Current number of pv entry allocs");
1777 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1778 "Current number of pv entries");
1779 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1780 "Current number of spare pv entries");
1785 * We are in a serious low memory condition. Resort to
1786 * drastic measures to free some pages so we can allocate
1787 * another pv entry chunk.
1789 * Returns NULL if PV entries were reclaimed from the specified pmap.
1791 * We do not, however, unmap 2mpages because subsequent accesses will
1792 * allocate per-page pv entries until repromotion occurs, thereby
1793 * exacerbating the shortage of free pv entries.
1796 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
1798 struct pch new_tail;
1799 struct pv_chunk *pc;
1800 struct md_page *pvh;
1803 pt_entry_t *pte, tpte;
1807 struct spglist free;
1809 int bit, field, freed, lvl;
1811 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
1812 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
1816 TAILQ_INIT(&new_tail);
1817 mtx_lock(&pv_chunks_mutex);
1818 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && SLIST_EMPTY(&free)) {
1819 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1820 mtx_unlock(&pv_chunks_mutex);
1821 if (pmap != pc->pc_pmap) {
1822 if (pmap != NULL && pmap != locked_pmap)
1825 /* Avoid deadlock and lock recursion. */
1826 if (pmap > locked_pmap) {
1827 RELEASE_PV_LIST_LOCK(lockp);
1829 } else if (pmap != locked_pmap &&
1830 !PMAP_TRYLOCK(pmap)) {
1832 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1833 mtx_lock(&pv_chunks_mutex);
1839 * Destroy every non-wired, 4 KB page mapping in the chunk.
1842 for (field = 0; field < _NPCM; field++) {
1843 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
1844 inuse != 0; inuse &= ~(1UL << bit)) {
1845 bit = ffsl(inuse) - 1;
1846 pv = &pc->pc_pventry[field * 64 + bit];
1848 pde = pmap_pde(pmap, va, &lvl);
1851 pte = pmap_l2_to_l3(pde, va);
1852 tpte = pmap_load(pte);
1853 if ((tpte & ATTR_SW_WIRED) != 0)
1855 tpte = pmap_load_clear(pte);
1856 pmap_invalidate_page(pmap, va);
1857 m = PHYS_TO_VM_PAGE(tpte & ~ATTR_MASK);
1858 if (pmap_page_dirty(tpte))
1860 if ((tpte & ATTR_AF) != 0)
1861 vm_page_aflag_set(m, PGA_REFERENCED);
1862 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1863 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
1865 if (TAILQ_EMPTY(&m->md.pv_list) &&
1866 (m->flags & PG_FICTITIOUS) == 0) {
1867 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
1868 if (TAILQ_EMPTY(&pvh->pv_list)) {
1869 vm_page_aflag_clear(m,
1873 pc->pc_map[field] |= 1UL << bit;
1874 pmap_unuse_pt(pmap, va, pmap_load(pde), &free);
1879 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1880 mtx_lock(&pv_chunks_mutex);
1883 /* Every freed mapping is for a 4 KB page. */
1884 pmap_resident_count_dec(pmap, freed);
1885 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
1886 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
1887 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
1888 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1889 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
1890 pc->pc_map[2] == PC_FREE2) {
1891 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1892 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1893 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1894 /* Entire chunk is free; return it. */
1895 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1896 dump_drop_page(m_pc->phys_addr);
1897 mtx_lock(&pv_chunks_mutex);
1900 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1901 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1902 mtx_lock(&pv_chunks_mutex);
1903 /* One freed pv entry in locked_pmap is sufficient. */
1904 if (pmap == locked_pmap)
1907 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
1908 mtx_unlock(&pv_chunks_mutex);
1909 if (pmap != NULL && pmap != locked_pmap)
1911 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
1912 m_pc = SLIST_FIRST(&free);
1913 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
1914 /* Recycle a freed page table page. */
1915 m_pc->wire_count = 1;
1916 atomic_add_int(&vm_cnt.v_wire_count, 1);
1918 pmap_free_zero_pages(&free);
1923 * free the pv_entry back to the free list
1926 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1928 struct pv_chunk *pc;
1929 int idx, field, bit;
1931 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1932 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
1933 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
1934 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
1935 pc = pv_to_chunk(pv);
1936 idx = pv - &pc->pc_pventry[0];
1939 pc->pc_map[field] |= 1ul << bit;
1940 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
1941 pc->pc_map[2] != PC_FREE2) {
1942 /* 98% of the time, pc is already at the head of the list. */
1943 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
1944 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1945 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1949 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1954 free_pv_chunk(struct pv_chunk *pc)
1958 mtx_lock(&pv_chunks_mutex);
1959 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1960 mtx_unlock(&pv_chunks_mutex);
1961 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1962 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1963 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1964 /* entire chunk is free, return it */
1965 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1966 dump_drop_page(m->phys_addr);
1967 vm_page_unwire(m, PQ_NONE);
1972 * Returns a new PV entry, allocating a new PV chunk from the system when
1973 * needed. If this PV chunk allocation fails and a PV list lock pointer was
1974 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
1977 * The given PV list lock may be released.
1980 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
1984 struct pv_chunk *pc;
1987 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1988 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
1990 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1992 for (field = 0; field < _NPCM; field++) {
1993 if (pc->pc_map[field]) {
1994 bit = ffsl(pc->pc_map[field]) - 1;
1998 if (field < _NPCM) {
1999 pv = &pc->pc_pventry[field * 64 + bit];
2000 pc->pc_map[field] &= ~(1ul << bit);
2001 /* If this was the last item, move it to tail */
2002 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
2003 pc->pc_map[2] == 0) {
2004 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2005 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
2008 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2009 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
2013 /* No free items, allocate another chunk */
2014 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2017 if (lockp == NULL) {
2018 PV_STAT(pc_chunk_tryfail++);
2021 m = reclaim_pv_chunk(pmap, lockp);
2025 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2026 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2027 dump_add_page(m->phys_addr);
2028 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2030 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
2031 pc->pc_map[1] = PC_FREE1;
2032 pc->pc_map[2] = PC_FREE2;
2033 mtx_lock(&pv_chunks_mutex);
2034 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2035 mtx_unlock(&pv_chunks_mutex);
2036 pv = &pc->pc_pventry[0];
2037 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2038 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2039 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
2044 * Ensure that the number of spare PV entries in the specified pmap meets or
2045 * exceeds the given count, "needed".
2047 * The given PV list lock may be released.
2050 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
2052 struct pch new_tail;
2053 struct pv_chunk *pc;
2057 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2058 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
2061 * Newly allocated PV chunks must be stored in a private list until
2062 * the required number of PV chunks have been allocated. Otherwise,
2063 * reclaim_pv_chunk() could recycle one of these chunks. In
2064 * contrast, these chunks must be added to the pmap upon allocation.
2066 TAILQ_INIT(&new_tail);
2069 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
2070 bit_count((bitstr_t *)pc->pc_map, 0,
2071 sizeof(pc->pc_map) * NBBY, &free);
2075 if (avail >= needed)
2078 for (; avail < needed; avail += _NPCPV) {
2079 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2082 m = reclaim_pv_chunk(pmap, lockp);
2086 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2087 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2088 dump_add_page(m->phys_addr);
2089 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2091 pc->pc_map[0] = PC_FREE0;
2092 pc->pc_map[1] = PC_FREE1;
2093 pc->pc_map[2] = PC_FREE2;
2094 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2095 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
2096 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
2098 if (!TAILQ_EMPTY(&new_tail)) {
2099 mtx_lock(&pv_chunks_mutex);
2100 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
2101 mtx_unlock(&pv_chunks_mutex);
2106 * First find and then remove the pv entry for the specified pmap and virtual
2107 * address from the specified pv list. Returns the pv entry if found and NULL
2108 * otherwise. This operation can be performed on pv lists for either 4KB or
2109 * 2MB page mappings.
2111 static __inline pv_entry_t
2112 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2116 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2117 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2118 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2127 * After demotion from a 2MB page mapping to 512 4KB page mappings,
2128 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
2129 * entries for each of the 4KB page mappings.
2132 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2133 struct rwlock **lockp)
2135 struct md_page *pvh;
2136 struct pv_chunk *pc;
2138 vm_offset_t va_last;
2142 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2143 KASSERT((pa & L2_OFFSET) == 0,
2144 ("pmap_pv_demote_l2: pa is not 2mpage aligned"));
2145 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2148 * Transfer the 2mpage's pv entry for this mapping to the first
2149 * page's pv list. Once this transfer begins, the pv list lock
2150 * must not be released until the last pv entry is reinstantiated.
2152 pvh = pa_to_pvh(pa);
2153 va = va & ~L2_OFFSET;
2154 pv = pmap_pvh_remove(pvh, pmap, va);
2155 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
2156 m = PHYS_TO_VM_PAGE(pa);
2157 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2159 /* Instantiate the remaining Ln_ENTRIES - 1 pv entries. */
2160 PV_STAT(atomic_add_long(&pv_entry_allocs, Ln_ENTRIES - 1));
2161 va_last = va + L2_SIZE - PAGE_SIZE;
2163 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2164 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
2165 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
2166 for (field = 0; field < _NPCM; field++) {
2167 while (pc->pc_map[field]) {
2168 bit = ffsl(pc->pc_map[field]) - 1;
2169 pc->pc_map[field] &= ~(1ul << bit);
2170 pv = &pc->pc_pventry[field * 64 + bit];
2174 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2175 ("pmap_pv_demote_l2: page %p is not managed", m));
2176 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2182 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2183 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2186 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
2187 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2188 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2190 PV_STAT(atomic_add_long(&pv_entry_count, Ln_ENTRIES - 1));
2191 PV_STAT(atomic_subtract_int(&pv_entry_spare, Ln_ENTRIES - 1));
2195 * First find and then destroy the pv entry for the specified pmap and virtual
2196 * address. This operation can be performed on pv lists for either 4KB or 2MB
2200 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2204 pv = pmap_pvh_remove(pvh, pmap, va);
2205 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2206 free_pv_entry(pmap, pv);
2210 * Conditionally create the PV entry for a 4KB page mapping if the required
2211 * memory can be allocated without resorting to reclamation.
2214 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
2215 struct rwlock **lockp)
2219 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2220 /* Pass NULL instead of the lock pointer to disable reclamation. */
2221 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
2223 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2224 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2232 * pmap_remove_l2: do the things to unmap a level 2 superpage in a process
2235 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2236 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2238 struct md_page *pvh;
2240 vm_offset_t eva, va;
2243 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2244 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2245 old_l2 = pmap_load_clear(l2);
2246 pmap_invalidate_range(pmap, sva, sva + L2_SIZE);
2247 if (old_l2 & ATTR_SW_WIRED)
2248 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2249 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2250 if (old_l2 & ATTR_SW_MANAGED) {
2251 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, old_l2 & ~ATTR_MASK);
2252 pvh = pa_to_pvh(old_l2 & ~ATTR_MASK);
2253 pmap_pvh_free(pvh, pmap, sva);
2254 eva = sva + L2_SIZE;
2255 for (va = sva, m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
2256 va < eva; va += PAGE_SIZE, m++) {
2257 if (pmap_page_dirty(old_l2))
2259 if (old_l2 & ATTR_AF)
2260 vm_page_aflag_set(m, PGA_REFERENCED);
2261 if (TAILQ_EMPTY(&m->md.pv_list) &&
2262 TAILQ_EMPTY(&pvh->pv_list))
2263 vm_page_aflag_clear(m, PGA_WRITEABLE);
2266 KASSERT(pmap != kernel_pmap,
2267 ("Attempting to remove an l2 kernel page"));
2268 ml3 = pmap_remove_pt_page(pmap, sva);
2270 pmap_resident_count_dec(pmap, 1);
2271 KASSERT(ml3->wire_count == NL3PG,
2272 ("pmap_remove_pages: l3 page wire count error"));
2273 ml3->wire_count = 0;
2274 pmap_add_delayed_free_list(ml3, free, FALSE);
2275 atomic_subtract_int(&vm_cnt.v_wire_count, 1);
2277 return (pmap_unuse_pt(pmap, sva, l1e, free));
2281 * pmap_remove_l3: do the things to unmap a page in a process
2284 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2285 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2287 struct md_page *pvh;
2291 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2292 old_l3 = pmap_load_clear(l3);
2293 pmap_invalidate_page(pmap, va);
2294 if (old_l3 & ATTR_SW_WIRED)
2295 pmap->pm_stats.wired_count -= 1;
2296 pmap_resident_count_dec(pmap, 1);
2297 if (old_l3 & ATTR_SW_MANAGED) {
2298 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2299 if (pmap_page_dirty(old_l3))
2301 if (old_l3 & ATTR_AF)
2302 vm_page_aflag_set(m, PGA_REFERENCED);
2303 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2304 pmap_pvh_free(&m->md, pmap, va);
2305 if (TAILQ_EMPTY(&m->md.pv_list) &&
2306 (m->flags & PG_FICTITIOUS) == 0) {
2307 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2308 if (TAILQ_EMPTY(&pvh->pv_list))
2309 vm_page_aflag_clear(m, PGA_WRITEABLE);
2312 return (pmap_unuse_pt(pmap, va, l2e, free));
2316 * Remove the given range of addresses from the specified map.
2318 * It is assumed that the start and end are properly
2319 * rounded to the page size.
2322 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2324 struct rwlock *lock;
2325 vm_offset_t va, va_next;
2326 pd_entry_t *l0, *l1, *l2;
2327 pt_entry_t l3_paddr, *l3;
2328 struct spglist free;
2331 * Perform an unsynchronized read. This is, however, safe.
2333 if (pmap->pm_stats.resident_count == 0)
2341 for (; sva < eva; sva = va_next) {
2343 if (pmap->pm_stats.resident_count == 0)
2346 l0 = pmap_l0(pmap, sva);
2347 if (pmap_load(l0) == 0) {
2348 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2354 l1 = pmap_l0_to_l1(l0, sva);
2355 if (pmap_load(l1) == 0) {
2356 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2363 * Calculate index for next page table.
2365 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2369 l2 = pmap_l1_to_l2(l1, sva);
2373 l3_paddr = pmap_load(l2);
2375 if ((l3_paddr & ATTR_DESCR_MASK) == L2_BLOCK) {
2376 if (sva + L2_SIZE == va_next && eva >= va_next) {
2377 pmap_remove_l2(pmap, l2, sva, pmap_load(l1),
2380 } else if (pmap_demote_l2_locked(pmap, l2,
2381 sva &~L2_OFFSET, &lock) == NULL)
2383 l3_paddr = pmap_load(l2);
2387 * Weed out invalid mappings.
2389 if ((l3_paddr & ATTR_DESCR_MASK) != L2_TABLE)
2393 * Limit our scan to either the end of the va represented
2394 * by the current page table page, or to the end of the
2395 * range being removed.
2401 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2404 panic("l3 == NULL");
2405 if (pmap_load(l3) == 0) {
2406 if (va != va_next) {
2407 pmap_invalidate_range(pmap, va, sva);
2414 if (pmap_remove_l3(pmap, l3, sva, l3_paddr, &free,
2421 pmap_invalidate_range(pmap, va, sva);
2426 pmap_free_zero_pages(&free);
2430 * Routine: pmap_remove_all
2432 * Removes this physical page from
2433 * all physical maps in which it resides.
2434 * Reflects back modify bits to the pager.
2437 * Original versions of this routine were very
2438 * inefficient because they iteratively called
2439 * pmap_remove (slow...)
2443 pmap_remove_all(vm_page_t m)
2445 struct md_page *pvh;
2448 struct rwlock *lock;
2449 pd_entry_t *pde, tpde;
2450 pt_entry_t *pte, tpte;
2452 struct spglist free;
2453 int lvl, pvh_gen, md_gen;
2455 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2456 ("pmap_remove_all: page %p is not managed", m));
2458 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
2459 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2460 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2463 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2465 if (!PMAP_TRYLOCK(pmap)) {
2466 pvh_gen = pvh->pv_gen;
2470 if (pvh_gen != pvh->pv_gen) {
2477 pte = pmap_pte(pmap, va, &lvl);
2478 KASSERT(pte != NULL,
2479 ("pmap_remove_all: no page table entry found"));
2481 ("pmap_remove_all: invalid pte level %d", lvl));
2483 pmap_demote_l2_locked(pmap, pte, va, &lock);
2486 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2488 if (!PMAP_TRYLOCK(pmap)) {
2489 pvh_gen = pvh->pv_gen;
2490 md_gen = m->md.pv_gen;
2494 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
2500 pmap_resident_count_dec(pmap, 1);
2502 pde = pmap_pde(pmap, pv->pv_va, &lvl);
2503 KASSERT(pde != NULL,
2504 ("pmap_remove_all: no page directory entry found"));
2506 ("pmap_remove_all: invalid pde level %d", lvl));
2507 tpde = pmap_load(pde);
2509 pte = pmap_l2_to_l3(pde, pv->pv_va);
2510 tpte = pmap_load(pte);
2511 pmap_load_clear(pte);
2512 pmap_invalidate_page(pmap, pv->pv_va);
2513 if (tpte & ATTR_SW_WIRED)
2514 pmap->pm_stats.wired_count--;
2515 if ((tpte & ATTR_AF) != 0)
2516 vm_page_aflag_set(m, PGA_REFERENCED);
2519 * Update the vm_page_t clean and reference bits.
2521 if (pmap_page_dirty(tpte))
2523 pmap_unuse_pt(pmap, pv->pv_va, tpde, &free);
2524 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2526 free_pv_entry(pmap, pv);
2529 vm_page_aflag_clear(m, PGA_WRITEABLE);
2531 pmap_free_zero_pages(&free);
2535 * Set the physical protection on the
2536 * specified range of this map as requested.
2539 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2541 vm_offset_t va, va_next;
2542 pd_entry_t *l0, *l1, *l2;
2543 pt_entry_t *l3p, l3, nbits;
2545 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
2546 if (prot == VM_PROT_NONE) {
2547 pmap_remove(pmap, sva, eva);
2551 if ((prot & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ==
2552 (VM_PROT_WRITE | VM_PROT_EXECUTE))
2556 for (; sva < eva; sva = va_next) {
2558 l0 = pmap_l0(pmap, sva);
2559 if (pmap_load(l0) == 0) {
2560 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2566 l1 = pmap_l0_to_l1(l0, sva);
2567 if (pmap_load(l1) == 0) {
2568 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2574 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2578 l2 = pmap_l1_to_l2(l1, sva);
2579 if (pmap_load(l2) == 0)
2582 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
2583 l3p = pmap_demote_l2(pmap, l2, sva);
2587 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
2588 ("pmap_protect: Invalid L2 entry after demotion"));
2594 for (l3p = pmap_l2_to_l3(l2, sva); sva != va_next; l3p++,
2596 l3 = pmap_load(l3p);
2597 if (!pmap_l3_valid(l3))
2601 if ((prot & VM_PROT_WRITE) == 0) {
2602 if ((l3 & ATTR_SW_MANAGED) &&
2603 pmap_page_dirty(l3)) {
2604 vm_page_dirty(PHYS_TO_VM_PAGE(l3 &
2607 nbits |= ATTR_AP(ATTR_AP_RO);
2609 if ((prot & VM_PROT_EXECUTE) == 0)
2612 pmap_set(l3p, nbits);
2613 /* XXX: Use pmap_invalidate_range */
2614 pmap_invalidate_page(pmap, sva);
2621 * Inserts the specified page table page into the specified pmap's collection
2622 * of idle page table pages. Each of a pmap's page table pages is responsible
2623 * for mapping a distinct range of virtual addresses. The pmap's collection is
2624 * ordered by this virtual address range.
2627 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte)
2630 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2631 return (vm_radix_insert(&pmap->pm_root, mpte));
2635 * Removes the page table page mapping the specified virtual address from the
2636 * specified pmap's collection of idle page table pages, and returns it.
2637 * Otherwise, returns NULL if there is no page table page corresponding to the
2638 * specified virtual address.
2640 static __inline vm_page_t
2641 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
2644 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2645 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
2649 * Performs a break-before-make update of a pmap entry. This is needed when
2650 * either promoting or demoting pages to ensure the TLB doesn't get into an
2651 * inconsistent state.
2654 pmap_update_entry(pmap_t pmap, pd_entry_t *pte, pd_entry_t newpte,
2655 vm_offset_t va, vm_size_t size)
2659 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2662 * Ensure we don't get switched out with the page table in an
2663 * inconsistent state. We also need to ensure no interrupts fire
2664 * as they may make use of an address we are about to invalidate.
2666 intr = intr_disable();
2669 /* Clear the old mapping */
2670 pmap_load_clear(pte);
2671 pmap_invalidate_range(pmap, va, va + size);
2673 /* Create the new mapping */
2674 pmap_load_store(pte, newpte);
2680 #if VM_NRESERVLEVEL > 0
2682 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
2683 * replace the many pv entries for the 4KB page mappings by a single pv entry
2684 * for the 2MB page mapping.
2687 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2688 struct rwlock **lockp)
2690 struct md_page *pvh;
2692 vm_offset_t va_last;
2695 KASSERT((pa & L2_OFFSET) == 0,
2696 ("pmap_pv_promote_l2: pa is not 2mpage aligned"));
2697 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2700 * Transfer the first page's pv entry for this mapping to the 2mpage's
2701 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
2702 * a transfer avoids the possibility that get_pv_entry() calls
2703 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
2704 * mappings that is being promoted.
2706 m = PHYS_TO_VM_PAGE(pa);
2707 va = va & ~L2_OFFSET;
2708 pv = pmap_pvh_remove(&m->md, pmap, va);
2709 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv not found"));
2710 pvh = pa_to_pvh(pa);
2711 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2713 /* Free the remaining NPTEPG - 1 pv entries. */
2714 va_last = va + L2_SIZE - PAGE_SIZE;
2718 pmap_pvh_free(&m->md, pmap, va);
2719 } while (va < va_last);
2723 * Tries to promote the 512, contiguous 4KB page mappings that are within a
2724 * single level 2 table entry to a single 2MB page mapping. For promotion
2725 * to occur, two conditions must be met: (1) the 4KB page mappings must map
2726 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
2727 * identical characteristics.
2730 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2731 struct rwlock **lockp)
2733 pt_entry_t *firstl3, *l3, newl2, oldl3, pa;
2737 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2739 sva = va & ~L2_OFFSET;
2740 firstl3 = pmap_l2_to_l3(l2, sva);
2741 newl2 = pmap_load(firstl3);
2743 /* Check the alingment is valid */
2744 if (((newl2 & ~ATTR_MASK) & L2_OFFSET) != 0) {
2745 atomic_add_long(&pmap_l2_p_failures, 1);
2746 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
2747 " in pmap %p", va, pmap);
2751 pa = newl2 + L2_SIZE - PAGE_SIZE;
2752 for (l3 = firstl3 + NL3PG - 1; l3 > firstl3; l3--) {
2753 oldl3 = pmap_load(l3);
2755 atomic_add_long(&pmap_l2_p_failures, 1);
2756 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
2757 " in pmap %p", va, pmap);
2764 * Save the page table page in its current state until the L2
2765 * mapping the superpage is demoted by pmap_demote_l2() or
2766 * destroyed by pmap_remove_l3().
2768 mpte = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
2769 KASSERT(mpte >= vm_page_array &&
2770 mpte < &vm_page_array[vm_page_array_size],
2771 ("pmap_promote_l2: page table page is out of range"));
2772 KASSERT(mpte->pindex == pmap_l2_pindex(va),
2773 ("pmap_promote_l2: page table page's pindex is wrong"));
2774 if (pmap_insert_pt_page(pmap, mpte)) {
2775 atomic_add_long(&pmap_l2_p_failures, 1);
2777 "pmap_promote_l2: failure for va %#lx in pmap %p", va,
2782 if ((newl2 & ATTR_SW_MANAGED) != 0)
2783 pmap_pv_promote_l2(pmap, va, newl2 & ~ATTR_MASK, lockp);
2785 newl2 &= ~ATTR_DESCR_MASK;
2788 pmap_update_entry(pmap, l2, newl2, sva, L2_SIZE);
2790 atomic_add_long(&pmap_l2_promotions, 1);
2791 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
2794 #endif /* VM_NRESERVLEVEL > 0 */
2797 * Insert the given physical page (p) at
2798 * the specified virtual address (v) in the
2799 * target physical map with the protection requested.
2801 * If specified, the page will be wired down, meaning
2802 * that the related pte can not be reclaimed.
2804 * NB: This is the only routine which MAY NOT lazy-evaluate
2805 * or lose information. That is, this routine must actually
2806 * insert this page into the given map NOW.
2809 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2810 u_int flags, int8_t psind __unused)
2812 struct rwlock *lock;
2814 pt_entry_t new_l3, orig_l3;
2815 pt_entry_t *l2, *l3;
2817 vm_paddr_t opa, pa, l1_pa, l2_pa, l3_pa;
2818 vm_page_t mpte, om, l1_m, l2_m, l3_m;
2822 va = trunc_page(va);
2823 if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
2824 VM_OBJECT_ASSERT_LOCKED(m->object);
2825 pa = VM_PAGE_TO_PHYS(m);
2826 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT | ATTR_IDX(m->md.pv_memattr) |
2828 if ((prot & VM_PROT_WRITE) == 0)
2829 new_l3 |= ATTR_AP(ATTR_AP_RO);
2830 if ((prot & VM_PROT_EXECUTE) == 0 || m->md.pv_memattr == DEVICE_MEMORY)
2832 if ((flags & PMAP_ENTER_WIRED) != 0)
2833 new_l3 |= ATTR_SW_WIRED;
2834 if (va < VM_MAXUSER_ADDRESS)
2835 new_l3 |= ATTR_AP(ATTR_AP_USER) | ATTR_PXN;
2837 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
2844 pde = pmap_pde(pmap, va, &lvl);
2845 if (pde != NULL && lvl == 1) {
2846 l2 = pmap_l1_to_l2(pde, va);
2847 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK &&
2848 (l3 = pmap_demote_l2_locked(pmap, l2, va & ~L2_OFFSET,
2850 l3 = &l3[pmap_l3_index(va)];
2851 if (va < VM_MAXUSER_ADDRESS) {
2852 mpte = PHYS_TO_VM_PAGE(
2853 pmap_load(l2) & ~ATTR_MASK);
2860 if (va < VM_MAXUSER_ADDRESS) {
2861 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
2862 mpte = pmap_alloc_l3(pmap, va, nosleep ? NULL : &lock);
2863 if (mpte == NULL && nosleep) {
2864 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
2868 return (KERN_RESOURCE_SHORTAGE);
2870 pde = pmap_pde(pmap, va, &lvl);
2871 KASSERT(pde != NULL,
2872 ("pmap_enter: Invalid page entry, va: 0x%lx", va));
2874 ("pmap_enter: Invalid level %d", lvl));
2876 l3 = pmap_l2_to_l3(pde, va);
2879 * If we get a level 2 pde it must point to a level 3 entry
2880 * otherwise we will need to create the intermediate tables
2886 /* Get the l0 pde to update */
2887 pde = pmap_l0(pmap, va);
2888 KASSERT(pde != NULL, ("..."));
2890 l1_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2891 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2894 panic("pmap_enter: l1 pte_m == NULL");
2895 if ((l1_m->flags & PG_ZERO) == 0)
2896 pmap_zero_page(l1_m);
2898 l1_pa = VM_PAGE_TO_PHYS(l1_m);
2899 pmap_load_store(pde, l1_pa | L0_TABLE);
2902 /* Get the l1 pde to update */
2903 pde = pmap_l1_to_l2(pde, va);
2904 KASSERT(pde != NULL, ("..."));
2906 l2_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2907 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2910 panic("pmap_enter: l2 pte_m == NULL");
2911 if ((l2_m->flags & PG_ZERO) == 0)
2912 pmap_zero_page(l2_m);
2914 l2_pa = VM_PAGE_TO_PHYS(l2_m);
2915 pmap_load_store(pde, l2_pa | L1_TABLE);
2918 /* Get the l2 pde to update */
2919 pde = pmap_l1_to_l2(pde, va);
2921 l3_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2922 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2925 panic("pmap_enter: l3 pte_m == NULL");
2926 if ((l3_m->flags & PG_ZERO) == 0)
2927 pmap_zero_page(l3_m);
2929 l3_pa = VM_PAGE_TO_PHYS(l3_m);
2930 pmap_load_store(pde, l3_pa | L2_TABLE);
2934 l3 = pmap_l2_to_l3(pde, va);
2935 pmap_invalidate_page(pmap, va);
2940 orig_l3 = pmap_load(l3);
2941 opa = orig_l3 & ~ATTR_MASK;
2944 * Is the specified virtual address already mapped?
2946 if (pmap_l3_valid(orig_l3)) {
2948 * Wiring change, just update stats. We don't worry about
2949 * wiring PT pages as they remain resident as long as there
2950 * are valid mappings in them. Hence, if a user page is wired,
2951 * the PT page will be also.
2953 if ((flags & PMAP_ENTER_WIRED) != 0 &&
2954 (orig_l3 & ATTR_SW_WIRED) == 0)
2955 pmap->pm_stats.wired_count++;
2956 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
2957 (orig_l3 & ATTR_SW_WIRED) != 0)
2958 pmap->pm_stats.wired_count--;
2961 * Remove the extra PT page reference.
2965 KASSERT(mpte->wire_count > 0,
2966 ("pmap_enter: missing reference to page table page,"
2971 * Has the physical page changed?
2975 * No, might be a protection or wiring change.
2977 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
2978 new_l3 |= ATTR_SW_MANAGED;
2979 if ((new_l3 & ATTR_AP(ATTR_AP_RW)) ==
2980 ATTR_AP(ATTR_AP_RW)) {
2981 vm_page_aflag_set(m, PGA_WRITEABLE);
2988 * Increment the counters.
2990 if ((new_l3 & ATTR_SW_WIRED) != 0)
2991 pmap->pm_stats.wired_count++;
2992 pmap_resident_count_inc(pmap, 1);
2995 * Enter on the PV list if part of our managed memory.
2997 if ((m->oflags & VPO_UNMANAGED) == 0) {
2998 new_l3 |= ATTR_SW_MANAGED;
2999 pv = get_pv_entry(pmap, &lock);
3001 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
3002 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3004 if ((new_l3 & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW))
3005 vm_page_aflag_set(m, PGA_WRITEABLE);
3009 * Update the L3 entry.
3013 orig_l3 = pmap_load(l3);
3014 opa = orig_l3 & ~ATTR_MASK;
3017 pmap_update_entry(pmap, l3, new_l3, va, PAGE_SIZE);
3018 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
3019 om = PHYS_TO_VM_PAGE(opa);
3020 if (pmap_page_dirty(orig_l3))
3022 if ((orig_l3 & ATTR_AF) != 0)
3023 vm_page_aflag_set(om, PGA_REFERENCED);
3024 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
3025 pmap_pvh_free(&om->md, pmap, va);
3026 if ((om->aflags & PGA_WRITEABLE) != 0 &&
3027 TAILQ_EMPTY(&om->md.pv_list) &&
3028 ((om->flags & PG_FICTITIOUS) != 0 ||
3029 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3030 vm_page_aflag_clear(om, PGA_WRITEABLE);
3033 pmap_load_store(l3, new_l3);
3034 pmap_invalidate_page(pmap, va);
3035 if (pmap_page_dirty(orig_l3) &&
3036 (orig_l3 & ATTR_SW_MANAGED) != 0)
3040 pmap_load_store(l3, new_l3);
3043 pmap_invalidate_page(pmap, va);
3045 if (pmap != pmap_kernel()) {
3046 if (pmap == &curproc->p_vmspace->vm_pmap &&
3047 (prot & VM_PROT_EXECUTE) != 0)
3048 cpu_icache_sync_range(va, PAGE_SIZE);
3050 #if VM_NRESERVLEVEL > 0
3051 if ((mpte == NULL || mpte->wire_count == NL3PG) &&
3052 pmap_superpages_enabled() &&
3053 (m->flags & PG_FICTITIOUS) == 0 &&
3054 vm_reserv_level_iffullpop(m) == 0) {
3055 pmap_promote_l2(pmap, pde, va, &lock);
3063 return (KERN_SUCCESS);
3067 * Maps a sequence of resident pages belonging to the same object.
3068 * The sequence begins with the given page m_start. This page is
3069 * mapped at the given virtual address start. Each subsequent page is
3070 * mapped at a virtual address that is offset from start by the same
3071 * amount as the page is offset from m_start within the object. The
3072 * last page in the sequence is the page with the largest offset from
3073 * m_start that can be mapped at a virtual address less than the given
3074 * virtual address end. Not every virtual page between start and end
3075 * is mapped; only those for which a resident page exists with the
3076 * corresponding offset from m_start are mapped.
3079 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3080 vm_page_t m_start, vm_prot_t prot)
3082 struct rwlock *lock;
3085 vm_pindex_t diff, psize;
3087 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3089 psize = atop(end - start);
3094 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3095 va = start + ptoa(diff);
3096 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte, &lock);
3097 m = TAILQ_NEXT(m, listq);
3105 * this code makes some *MAJOR* assumptions:
3106 * 1. Current pmap & pmap exists.
3109 * 4. No page table pages.
3110 * but is *MUCH* faster than pmap_enter...
3114 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3116 struct rwlock *lock;
3120 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3127 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3128 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3130 struct spglist free;
3132 pt_entry_t *l2, *l3;
3136 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3137 (m->oflags & VPO_UNMANAGED) != 0,
3138 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3139 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3141 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3143 * In the case that a page table page is not
3144 * resident, we are creating it here.
3146 if (va < VM_MAXUSER_ADDRESS) {
3147 vm_pindex_t l2pindex;
3150 * Calculate pagetable page index
3152 l2pindex = pmap_l2_pindex(va);
3153 if (mpte && (mpte->pindex == l2pindex)) {
3159 pde = pmap_pde(pmap, va, &lvl);
3162 * If the page table page is mapped, we just increment
3163 * the hold count, and activate it. Otherwise, we
3164 * attempt to allocate a page table page. If this
3165 * attempt fails, we don't retry. Instead, we give up.
3168 l2 = pmap_l1_to_l2(pde, va);
3169 if ((pmap_load(l2) & ATTR_DESCR_MASK) ==
3173 if (lvl == 2 && pmap_load(pde) != 0) {
3175 PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3179 * Pass NULL instead of the PV list lock
3180 * pointer, because we don't intend to sleep.
3182 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
3187 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
3188 l3 = &l3[pmap_l3_index(va)];
3191 pde = pmap_pde(kernel_pmap, va, &lvl);
3192 KASSERT(pde != NULL,
3193 ("pmap_enter_quick_locked: Invalid page entry, va: 0x%lx",
3196 ("pmap_enter_quick_locked: Invalid level %d", lvl));
3197 l3 = pmap_l2_to_l3(pde, va);
3200 if (pmap_load(l3) != 0) {
3209 * Enter on the PV list if part of our managed memory.
3211 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3212 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
3215 if (pmap_unwire_l3(pmap, va, mpte, &free)) {
3216 pmap_invalidate_page(pmap, va);
3217 pmap_free_zero_pages(&free);
3225 * Increment counters
3227 pmap_resident_count_inc(pmap, 1);
3229 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT | ATTR_IDX(m->md.pv_memattr) |
3230 ATTR_AP(ATTR_AP_RO) | L3_PAGE;
3231 if ((prot & VM_PROT_EXECUTE) == 0 || m->md.pv_memattr == DEVICE_MEMORY)
3233 else if (va < VM_MAXUSER_ADDRESS)
3237 * Now validate mapping with RO protection
3239 if ((m->oflags & VPO_UNMANAGED) == 0)
3240 pa |= ATTR_SW_MANAGED;
3241 pmap_load_store(l3, pa);
3242 pmap_invalidate_page(pmap, va);
3247 * This code maps large physical mmap regions into the
3248 * processor address space. Note that some shortcuts
3249 * are taken, but the code works.
3252 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3253 vm_pindex_t pindex, vm_size_t size)
3256 VM_OBJECT_ASSERT_WLOCKED(object);
3257 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3258 ("pmap_object_init_pt: non-device object"));
3262 * Clear the wired attribute from the mappings for the specified range of
3263 * addresses in the given pmap. Every valid mapping within that range
3264 * must have the wired attribute set. In contrast, invalid mappings
3265 * cannot have the wired attribute set, so they are ignored.
3267 * The wired attribute of the page table entry is not a hardware feature,
3268 * so there is no need to invalidate any TLB entries.
3271 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3273 vm_offset_t va_next;
3274 pd_entry_t *l0, *l1, *l2;
3278 for (; sva < eva; sva = va_next) {
3279 l0 = pmap_l0(pmap, sva);
3280 if (pmap_load(l0) == 0) {
3281 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3287 l1 = pmap_l0_to_l1(l0, sva);
3288 if (pmap_load(l1) == 0) {
3289 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3295 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3299 l2 = pmap_l1_to_l2(l1, sva);
3300 if (pmap_load(l2) == 0)
3303 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
3304 l3 = pmap_demote_l2(pmap, l2, sva);
3308 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
3309 ("pmap_unwire: Invalid l2 entry after demotion"));
3313 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
3315 if (pmap_load(l3) == 0)
3317 if ((pmap_load(l3) & ATTR_SW_WIRED) == 0)
3318 panic("pmap_unwire: l3 %#jx is missing "
3319 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l3));
3322 * PG_W must be cleared atomically. Although the pmap
3323 * lock synchronizes access to PG_W, another processor
3324 * could be setting PG_M and/or PG_A concurrently.
3326 atomic_clear_long(l3, ATTR_SW_WIRED);
3327 pmap->pm_stats.wired_count--;
3334 * Copy the range specified by src_addr/len
3335 * from the source map to the range dst_addr/len
3336 * in the destination map.
3338 * This routine is only advisory and need not do anything.
3342 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
3343 vm_offset_t src_addr)
3348 * pmap_zero_page zeros the specified hardware page by mapping
3349 * the page into KVM and using bzero to clear its contents.
3352 pmap_zero_page(vm_page_t m)
3354 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3356 pagezero((void *)va);
3360 * pmap_zero_page_area zeros the specified hardware page by mapping
3361 * the page into KVM and using bzero to clear its contents.
3363 * off and size may not cover an area beyond a single hardware page.
3366 pmap_zero_page_area(vm_page_t m, int off, int size)
3368 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3370 if (off == 0 && size == PAGE_SIZE)
3371 pagezero((void *)va);
3373 bzero((char *)va + off, size);
3377 * pmap_copy_page copies the specified (machine independent)
3378 * page by mapping the page into virtual memory and using
3379 * bcopy to copy the page, one machine dependent page at a
3383 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
3385 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
3386 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
3388 pagecopy((void *)src, (void *)dst);
3391 int unmapped_buf_allowed = 1;
3394 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3395 vm_offset_t b_offset, int xfersize)
3399 vm_paddr_t p_a, p_b;
3400 vm_offset_t a_pg_offset, b_pg_offset;
3403 while (xfersize > 0) {
3404 a_pg_offset = a_offset & PAGE_MASK;
3405 m_a = ma[a_offset >> PAGE_SHIFT];
3406 p_a = m_a->phys_addr;
3407 b_pg_offset = b_offset & PAGE_MASK;
3408 m_b = mb[b_offset >> PAGE_SHIFT];
3409 p_b = m_b->phys_addr;
3410 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3411 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3412 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
3413 panic("!DMAP a %lx", p_a);
3415 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
3417 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
3418 panic("!DMAP b %lx", p_b);
3420 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
3422 bcopy(a_cp, b_cp, cnt);
3430 pmap_quick_enter_page(vm_page_t m)
3433 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
3437 pmap_quick_remove_page(vm_offset_t addr)
3442 * Returns true if the pmap's pv is one of the first
3443 * 16 pvs linked to from this page. This count may
3444 * be changed upwards or downwards in the future; it
3445 * is only necessary that true be returned for a small
3446 * subset of pmaps for proper page aging.
3449 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3451 struct md_page *pvh;
3452 struct rwlock *lock;
3457 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3458 ("pmap_page_exists_quick: page %p is not managed", m));
3460 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3462 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3463 if (PV_PMAP(pv) == pmap) {
3471 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
3472 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3473 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3474 if (PV_PMAP(pv) == pmap) {
3488 * pmap_page_wired_mappings:
3490 * Return the number of managed mappings to the given physical page
3494 pmap_page_wired_mappings(vm_page_t m)
3496 struct rwlock *lock;
3497 struct md_page *pvh;
3501 int count, lvl, md_gen, pvh_gen;
3503 if ((m->oflags & VPO_UNMANAGED) != 0)
3505 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3509 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3511 if (!PMAP_TRYLOCK(pmap)) {
3512 md_gen = m->md.pv_gen;
3516 if (md_gen != m->md.pv_gen) {
3521 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3522 if (pte != NULL && (pmap_load(pte) & ATTR_SW_WIRED) != 0)
3526 if ((m->flags & PG_FICTITIOUS) == 0) {
3527 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3528 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3530 if (!PMAP_TRYLOCK(pmap)) {
3531 md_gen = m->md.pv_gen;
3532 pvh_gen = pvh->pv_gen;
3536 if (md_gen != m->md.pv_gen ||
3537 pvh_gen != pvh->pv_gen) {
3542 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3544 (pmap_load(pte) & ATTR_SW_WIRED) != 0)
3554 * Destroy all managed, non-wired mappings in the given user-space
3555 * pmap. This pmap cannot be active on any processor besides the
3558 * This function cannot be applied to the kernel pmap. Moreover, it
3559 * is not intended for general use. It is only to be used during
3560 * process termination. Consequently, it can be implemented in ways
3561 * that make it faster than pmap_remove(). First, it can more quickly
3562 * destroy mappings by iterating over the pmap's collection of PV
3563 * entries, rather than searching the page table. Second, it doesn't
3564 * have to test and clear the page table entries atomically, because
3565 * no processor is currently accessing the user address space. In
3566 * particular, a page table entry's dirty bit won't change state once
3567 * this function starts.
3570 pmap_remove_pages(pmap_t pmap)
3573 pt_entry_t *pte, tpte;
3574 struct spglist free;
3575 vm_page_t m, ml3, mt;
3577 struct md_page *pvh;
3578 struct pv_chunk *pc, *npc;
3579 struct rwlock *lock;
3581 uint64_t inuse, bitmask;
3582 int allfree, field, freed, idx, lvl;
3589 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3592 for (field = 0; field < _NPCM; field++) {
3593 inuse = ~pc->pc_map[field] & pc_freemask[field];
3594 while (inuse != 0) {
3595 bit = ffsl(inuse) - 1;
3596 bitmask = 1UL << bit;
3597 idx = field * 64 + bit;
3598 pv = &pc->pc_pventry[idx];
3601 pde = pmap_pde(pmap, pv->pv_va, &lvl);
3602 KASSERT(pde != NULL,
3603 ("Attempting to remove an unmapped page"));
3607 pte = pmap_l1_to_l2(pde, pv->pv_va);
3608 tpte = pmap_load(pte);
3609 KASSERT((tpte & ATTR_DESCR_MASK) ==
3611 ("Attempting to remove an invalid "
3612 "block: %lx", tpte));
3613 tpte = pmap_load(pte);
3616 pte = pmap_l2_to_l3(pde, pv->pv_va);
3617 tpte = pmap_load(pte);
3618 KASSERT((tpte & ATTR_DESCR_MASK) ==
3620 ("Attempting to remove an invalid "
3621 "page: %lx", tpte));
3625 "Invalid page directory level: %d",
3630 * We cannot remove wired pages from a process' mapping at this time
3632 if (tpte & ATTR_SW_WIRED) {
3637 pa = tpte & ~ATTR_MASK;
3639 m = PHYS_TO_VM_PAGE(pa);
3640 KASSERT(m->phys_addr == pa,
3641 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
3642 m, (uintmax_t)m->phys_addr,
3645 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
3646 m < &vm_page_array[vm_page_array_size],
3647 ("pmap_remove_pages: bad pte %#jx",
3650 pmap_load_clear(pte);
3653 * Update the vm_page_t clean/reference bits.
3655 if ((tpte & ATTR_AP_RW_BIT) ==
3656 ATTR_AP(ATTR_AP_RW)) {
3659 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3668 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
3671 pc->pc_map[field] |= bitmask;
3674 pmap_resident_count_dec(pmap,
3675 L2_SIZE / PAGE_SIZE);
3676 pvh = pa_to_pvh(tpte & ~ATTR_MASK);
3677 TAILQ_REMOVE(&pvh->pv_list, pv,pv_next);
3679 if (TAILQ_EMPTY(&pvh->pv_list)) {
3680 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3681 if ((mt->aflags & PGA_WRITEABLE) != 0 &&
3682 TAILQ_EMPTY(&mt->md.pv_list))
3683 vm_page_aflag_clear(mt, PGA_WRITEABLE);
3685 ml3 = pmap_remove_pt_page(pmap,
3688 pmap_resident_count_dec(pmap,1);
3689 KASSERT(ml3->wire_count == NL3PG,
3690 ("pmap_remove_pages: l3 page wire count error"));
3691 ml3->wire_count = 0;
3692 pmap_add_delayed_free_list(ml3,
3694 atomic_subtract_int(
3695 &vm_cnt.v_wire_count, 1);
3699 pmap_resident_count_dec(pmap, 1);
3700 TAILQ_REMOVE(&m->md.pv_list, pv,
3703 if ((m->aflags & PGA_WRITEABLE) != 0 &&
3704 TAILQ_EMPTY(&m->md.pv_list) &&
3705 (m->flags & PG_FICTITIOUS) == 0) {
3707 VM_PAGE_TO_PHYS(m));
3708 if (TAILQ_EMPTY(&pvh->pv_list))
3709 vm_page_aflag_clear(m,
3714 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(pde),
3719 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
3720 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
3721 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
3723 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3727 pmap_invalidate_all(pmap);
3731 pmap_free_zero_pages(&free);
3735 * This is used to check if a page has been accessed or modified. As we
3736 * don't have a bit to see if it has been modified we have to assume it
3737 * has been if the page is read/write.
3740 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
3742 struct rwlock *lock;
3744 struct md_page *pvh;
3745 pt_entry_t *pte, mask, value;
3747 int lvl, md_gen, pvh_gen;
3751 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3754 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3756 if (!PMAP_TRYLOCK(pmap)) {
3757 md_gen = m->md.pv_gen;
3761 if (md_gen != m->md.pv_gen) {
3766 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3768 ("pmap_page_test_mappings: Invalid level %d", lvl));
3772 mask |= ATTR_AP_RW_BIT;
3773 value |= ATTR_AP(ATTR_AP_RW);
3776 mask |= ATTR_AF | ATTR_DESCR_MASK;
3777 value |= ATTR_AF | L3_PAGE;
3779 rv = (pmap_load(pte) & mask) == value;
3784 if ((m->flags & PG_FICTITIOUS) == 0) {
3785 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3786 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3788 if (!PMAP_TRYLOCK(pmap)) {
3789 md_gen = m->md.pv_gen;
3790 pvh_gen = pvh->pv_gen;
3794 if (md_gen != m->md.pv_gen ||
3795 pvh_gen != pvh->pv_gen) {
3800 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3802 ("pmap_page_test_mappings: Invalid level %d", lvl));
3806 mask |= ATTR_AP_RW_BIT;
3807 value |= ATTR_AP(ATTR_AP_RW);
3810 mask |= ATTR_AF | ATTR_DESCR_MASK;
3811 value |= ATTR_AF | L2_BLOCK;
3813 rv = (pmap_load(pte) & mask) == value;
3827 * Return whether or not the specified physical page was modified
3828 * in any physical maps.
3831 pmap_is_modified(vm_page_t m)
3834 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3835 ("pmap_is_modified: page %p is not managed", m));
3838 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
3839 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
3840 * is clear, no PTEs can have PG_M set.
3842 VM_OBJECT_ASSERT_WLOCKED(m->object);
3843 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
3845 return (pmap_page_test_mappings(m, FALSE, TRUE));
3849 * pmap_is_prefaultable:
3851 * Return whether or not the specified virtual address is eligible
3855 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3863 pte = pmap_pte(pmap, addr, &lvl);
3864 if (pte != NULL && pmap_load(pte) != 0) {
3872 * pmap_is_referenced:
3874 * Return whether or not the specified physical page was referenced
3875 * in any physical maps.
3878 pmap_is_referenced(vm_page_t m)
3881 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3882 ("pmap_is_referenced: page %p is not managed", m));
3883 return (pmap_page_test_mappings(m, TRUE, FALSE));
3887 * Clear the write and modified bits in each of the given page's mappings.
3890 pmap_remove_write(vm_page_t m)
3892 struct md_page *pvh;
3894 struct rwlock *lock;
3895 pv_entry_t next_pv, pv;
3896 pt_entry_t oldpte, *pte;
3898 int lvl, md_gen, pvh_gen;
3900 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3901 ("pmap_remove_write: page %p is not managed", m));
3904 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
3905 * set by another thread while the object is locked. Thus,
3906 * if PGA_WRITEABLE is clear, no page table entries need updating.
3908 VM_OBJECT_ASSERT_WLOCKED(m->object);
3909 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
3911 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3912 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
3913 pa_to_pvh(VM_PAGE_TO_PHYS(m));
3916 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
3918 if (!PMAP_TRYLOCK(pmap)) {
3919 pvh_gen = pvh->pv_gen;
3923 if (pvh_gen != pvh->pv_gen) {
3930 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3931 if ((pmap_load(pte) & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW))
3932 pmap_demote_l2_locked(pmap, pte, va & ~L2_OFFSET,
3934 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
3935 ("inconsistent pv lock %p %p for page %p",
3936 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
3939 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3941 if (!PMAP_TRYLOCK(pmap)) {
3942 pvh_gen = pvh->pv_gen;
3943 md_gen = m->md.pv_gen;
3947 if (pvh_gen != pvh->pv_gen ||
3948 md_gen != m->md.pv_gen) {
3954 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3956 oldpte = pmap_load(pte);
3957 if ((oldpte & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW)) {
3958 if (!atomic_cmpset_long(pte, oldpte,
3959 oldpte | ATTR_AP(ATTR_AP_RO)))
3961 if ((oldpte & ATTR_AF) != 0)
3963 pmap_invalidate_page(pmap, pv->pv_va);
3968 vm_page_aflag_clear(m, PGA_WRITEABLE);
3971 static __inline boolean_t
3972 safe_to_clear_referenced(pmap_t pmap, pt_entry_t pte)
3979 * pmap_ts_referenced:
3981 * Return a count of reference bits for a page, clearing those bits.
3982 * It is not necessary for every reference bit to be cleared, but it
3983 * is necessary that 0 only be returned when there are truly no
3984 * reference bits set.
3986 * As an optimization, update the page's dirty field if a modified bit is
3987 * found while counting reference bits. This opportunistic update can be
3988 * performed at low cost and can eliminate the need for some future calls
3989 * to pmap_is_modified(). However, since this function stops after
3990 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
3991 * dirty pages. Those dirty pages will only be detected by a future call
3992 * to pmap_is_modified().
3995 pmap_ts_referenced(vm_page_t m)
3997 struct md_page *pvh;
4000 struct rwlock *lock;
4001 pd_entry_t *pde, tpde;
4002 pt_entry_t *pte, tpte;
4006 int cleared, md_gen, not_cleared, lvl, pvh_gen;
4007 struct spglist free;
4010 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4011 ("pmap_ts_referenced: page %p is not managed", m));
4014 pa = VM_PAGE_TO_PHYS(m);
4015 lock = PHYS_TO_PV_LIST_LOCK(pa);
4016 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
4020 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
4021 goto small_mappings;
4027 if (!PMAP_TRYLOCK(pmap)) {
4028 pvh_gen = pvh->pv_gen;
4032 if (pvh_gen != pvh->pv_gen) {
4038 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4039 KASSERT(pde != NULL, ("pmap_ts_referenced: no l1 table found"));
4041 ("pmap_ts_referenced: invalid pde level %d", lvl));
4042 tpde = pmap_load(pde);
4043 KASSERT((tpde & ATTR_DESCR_MASK) == L1_TABLE,
4044 ("pmap_ts_referenced: found an invalid l1 table"));
4045 pte = pmap_l1_to_l2(pde, pv->pv_va);
4046 tpte = pmap_load(pte);
4047 if (pmap_page_dirty(tpte)) {
4049 * Although "tpte" is mapping a 2MB page, because
4050 * this function is called at a 4KB page granularity,
4051 * we only update the 4KB page under test.
4055 if ((tpte & ATTR_AF) != 0) {
4057 * Since this reference bit is shared by 512 4KB
4058 * pages, it should not be cleared every time it is
4059 * tested. Apply a simple "hash" function on the
4060 * physical page number, the virtual superpage number,
4061 * and the pmap address to select one 4KB page out of
4062 * the 512 on which testing the reference bit will
4063 * result in clearing that reference bit. This
4064 * function is designed to avoid the selection of the
4065 * same 4KB page for every 2MB page mapping.
4067 * On demotion, a mapping that hasn't been referenced
4068 * is simply destroyed. To avoid the possibility of a
4069 * subsequent page fault on a demoted wired mapping,
4070 * always leave its reference bit set. Moreover,
4071 * since the superpage is wired, the current state of
4072 * its reference bit won't affect page replacement.
4074 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
4075 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
4076 (tpte & ATTR_SW_WIRED) == 0) {
4077 if (safe_to_clear_referenced(pmap, tpte)) {
4079 * TODO: We don't handle the access
4080 * flag at all. We need to be able
4081 * to set it in the exception handler.
4084 "safe_to_clear_referenced\n");
4085 } else if (pmap_demote_l2_locked(pmap, pte,
4086 pv->pv_va, &lock) != NULL) {
4088 va += VM_PAGE_TO_PHYS(m) -
4089 (tpte & ~ATTR_MASK);
4090 l3 = pmap_l2_to_l3(pte, va);
4091 pmap_remove_l3(pmap, l3, va,
4092 pmap_load(pte), NULL, &lock);
4098 * The superpage mapping was removed
4099 * entirely and therefore 'pv' is no
4107 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4108 ("inconsistent pv lock %p %p for page %p",
4109 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4114 /* Rotate the PV list if it has more than one entry. */
4115 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4116 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4117 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4120 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
4122 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
4124 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
4131 if (!PMAP_TRYLOCK(pmap)) {
4132 pvh_gen = pvh->pv_gen;
4133 md_gen = m->md.pv_gen;
4137 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4142 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4143 KASSERT(pde != NULL, ("pmap_ts_referenced: no l2 table found"));
4145 ("pmap_ts_referenced: invalid pde level %d", lvl));
4146 tpde = pmap_load(pde);
4147 KASSERT((tpde & ATTR_DESCR_MASK) == L2_TABLE,
4148 ("pmap_ts_referenced: found an invalid l2 table"));
4149 pte = pmap_l2_to_l3(pde, pv->pv_va);
4150 tpte = pmap_load(pte);
4151 if (pmap_page_dirty(tpte))
4153 if ((tpte & ATTR_AF) != 0) {
4154 if (safe_to_clear_referenced(pmap, tpte)) {
4156 * TODO: We don't handle the access flag
4157 * at all. We need to be able to set it in
4158 * the exception handler.
4160 panic("ARM64TODO: safe_to_clear_referenced\n");
4161 } else if ((tpte & ATTR_SW_WIRED) == 0) {
4163 * Wired pages cannot be paged out so
4164 * doing accessed bit emulation for
4165 * them is wasted effort. We do the
4166 * hard work for unwired pages only.
4168 pmap_remove_l3(pmap, pte, pv->pv_va, tpde,
4170 pmap_invalidate_page(pmap, pv->pv_va);
4175 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4176 ("inconsistent pv lock %p %p for page %p",
4177 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4182 /* Rotate the PV list if it has more than one entry. */
4183 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4184 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4185 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4188 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
4189 not_cleared < PMAP_TS_REFERENCED_MAX);
4192 pmap_free_zero_pages(&free);
4193 return (cleared + not_cleared);
4197 * Apply the given advice to the specified range of addresses within the
4198 * given pmap. Depending on the advice, clear the referenced and/or
4199 * modified flags in each mapping and set the mapped page's dirty field.
4202 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4207 * Clear the modify bits on the specified physical page.
4210 pmap_clear_modify(vm_page_t m)
4213 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4214 ("pmap_clear_modify: page %p is not managed", m));
4215 VM_OBJECT_ASSERT_WLOCKED(m->object);
4216 KASSERT(!vm_page_xbusied(m),
4217 ("pmap_clear_modify: page %p is exclusive busied", m));
4220 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4221 * If the object containing the page is locked and the page is not
4222 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4224 if ((m->aflags & PGA_WRITEABLE) == 0)
4227 /* ARM64TODO: We lack support for tracking if a page is modified */
4231 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
4234 return ((void *)PHYS_TO_DMAP(pa));
4238 pmap_unmapbios(vm_paddr_t pa, vm_size_t size)
4243 * Sets the memory attribute for the specified page.
4246 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4249 m->md.pv_memattr = ma;
4252 * If "m" is a normal page, update its direct mapping. This update
4253 * can be relied upon to perform any cache operations that are
4254 * required for data coherence.
4256 if ((m->flags & PG_FICTITIOUS) == 0 &&
4257 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
4258 m->md.pv_memattr) != 0)
4259 panic("memory attribute change on the direct map failed");
4263 * Changes the specified virtual address range's memory type to that given by
4264 * the parameter "mode". The specified virtual address range must be
4265 * completely contained within either the direct map or the kernel map. If
4266 * the virtual address range is contained within the kernel map, then the
4267 * memory type for each of the corresponding ranges of the direct map is also
4268 * changed. (The corresponding ranges of the direct map are those ranges that
4269 * map the same physical pages as the specified virtual address range.) These
4270 * changes to the direct map are necessary because Intel describes the
4271 * behavior of their processors as "undefined" if two or more mappings to the
4272 * same physical page have different memory types.
4274 * Returns zero if the change completed successfully, and either EINVAL or
4275 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
4276 * of the virtual address range was not mapped, and ENOMEM is returned if
4277 * there was insufficient memory available to complete the change. In the
4278 * latter case, the memory type may have been changed on some part of the
4279 * virtual address range or the direct map.
4282 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
4286 PMAP_LOCK(kernel_pmap);
4287 error = pmap_change_attr_locked(va, size, mode);
4288 PMAP_UNLOCK(kernel_pmap);
4293 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode)
4295 vm_offset_t base, offset, tmpva;
4296 pt_entry_t l3, *pte, *newpte;
4299 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
4300 base = trunc_page(va);
4301 offset = va & PAGE_MASK;
4302 size = round_page(offset + size);
4304 if (!VIRT_IN_DMAP(base))
4307 for (tmpva = base; tmpva < base + size; ) {
4308 pte = pmap_pte(kernel_pmap, va, &lvl);
4312 if ((pmap_load(pte) & ATTR_IDX_MASK) == ATTR_IDX(mode)) {
4314 * We already have the correct attribute,
4315 * ignore this entry.
4319 panic("Invalid DMAP table level: %d\n", lvl);
4321 tmpva = (tmpva & ~L1_OFFSET) + L1_SIZE;
4324 tmpva = (tmpva & ~L2_OFFSET) + L2_SIZE;
4332 * Split the entry to an level 3 table, then
4333 * set the new attribute.
4337 panic("Invalid DMAP table level: %d\n", lvl);
4339 newpte = pmap_demote_l1(kernel_pmap, pte,
4340 tmpva & ~L1_OFFSET);
4343 pte = pmap_l1_to_l2(pte, tmpva);
4345 newpte = pmap_demote_l2(kernel_pmap, pte,
4346 tmpva & ~L2_OFFSET);
4349 pte = pmap_l2_to_l3(pte, tmpva);
4351 /* Update the entry */
4352 l3 = pmap_load(pte);
4353 l3 &= ~ATTR_IDX_MASK;
4354 l3 |= ATTR_IDX(mode);
4355 if (mode == DEVICE_MEMORY)
4358 pmap_update_entry(kernel_pmap, pte, l3, tmpva,
4362 * If moving to a non-cacheable entry flush
4365 if (mode == VM_MEMATTR_UNCACHEABLE)
4366 cpu_dcache_wbinv_range(tmpva, L3_SIZE);
4378 * Create an L2 table to map all addresses within an L1 mapping.
4381 pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va)
4383 pt_entry_t *l2, newl2, oldl1;
4385 vm_paddr_t l2phys, phys;
4389 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4390 oldl1 = pmap_load(l1);
4391 KASSERT((oldl1 & ATTR_DESCR_MASK) == L1_BLOCK,
4392 ("pmap_demote_l1: Demoting a non-block entry"));
4393 KASSERT((va & L1_OFFSET) == 0,
4394 ("pmap_demote_l1: Invalid virtual address %#lx", va));
4395 KASSERT((oldl1 & ATTR_SW_MANAGED) == 0,
4396 ("pmap_demote_l1: Level 1 table shouldn't be managed"));
4399 if (va <= (vm_offset_t)l1 && va + L1_SIZE > (vm_offset_t)l1) {
4400 tmpl1 = kva_alloc(PAGE_SIZE);
4405 if ((ml2 = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
4406 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
4407 CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx"
4408 " in pmap %p", va, pmap);
4412 l2phys = VM_PAGE_TO_PHYS(ml2);
4413 l2 = (pt_entry_t *)PHYS_TO_DMAP(l2phys);
4415 /* Address the range points at */
4416 phys = oldl1 & ~ATTR_MASK;
4417 /* The attributed from the old l1 table to be copied */
4418 newl2 = oldl1 & ATTR_MASK;
4420 /* Create the new entries */
4421 for (i = 0; i < Ln_ENTRIES; i++) {
4422 l2[i] = newl2 | phys;
4425 KASSERT(l2[0] == ((oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK),
4426 ("Invalid l2 page (%lx != %lx)", l2[0],
4427 (oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK));
4430 pmap_kenter(tmpl1, PAGE_SIZE,
4431 DMAP_TO_PHYS((vm_offset_t)l1) & ~L3_OFFSET, CACHED_MEMORY);
4432 l1 = (pt_entry_t *)(tmpl1 + ((vm_offset_t)l1 & PAGE_MASK));
4435 pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE);
4438 pmap_kremove(tmpl1);
4439 kva_free(tmpl1, PAGE_SIZE);
4446 * Create an L3 table to map all addresses within an L2 mapping.
4449 pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va,
4450 struct rwlock **lockp)
4452 pt_entry_t *l3, newl3, oldl2;
4454 vm_paddr_t l3phys, phys;
4458 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4460 oldl2 = pmap_load(l2);
4461 KASSERT((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK,
4462 ("pmap_demote_l2: Demoting a non-block entry"));
4463 KASSERT((va & L2_OFFSET) == 0,
4464 ("pmap_demote_l2: Invalid virtual address %#lx", va));
4467 if (va <= (vm_offset_t)l2 && va + L2_SIZE > (vm_offset_t)l2) {
4468 tmpl2 = kva_alloc(PAGE_SIZE);
4473 if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) {
4474 ml3 = vm_page_alloc(NULL, pmap_l2_pindex(va),
4475 (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
4476 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
4478 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx"
4479 " in pmap %p", va, pmap);
4482 if (va < VM_MAXUSER_ADDRESS)
4483 pmap_resident_count_inc(pmap, 1);
4486 l3phys = VM_PAGE_TO_PHYS(ml3);
4487 l3 = (pt_entry_t *)PHYS_TO_DMAP(l3phys);
4489 /* Address the range points at */
4490 phys = oldl2 & ~ATTR_MASK;
4491 /* The attributed from the old l2 table to be copied */
4492 newl3 = (oldl2 & (ATTR_MASK & ~ATTR_DESCR_MASK)) | L3_PAGE;
4495 * If the page table page is new, initialize it.
4497 if (ml3->wire_count == 1) {
4498 for (i = 0; i < Ln_ENTRIES; i++) {
4499 l3[i] = newl3 | phys;
4503 KASSERT(l3[0] == ((oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE),
4504 ("Invalid l3 page (%lx != %lx)", l3[0],
4505 (oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE));
4508 * Map the temporary page so we don't lose access to the l2 table.
4511 pmap_kenter(tmpl2, PAGE_SIZE,
4512 DMAP_TO_PHYS((vm_offset_t)l2) & ~L3_OFFSET, CACHED_MEMORY);
4513 l2 = (pt_entry_t *)(tmpl2 + ((vm_offset_t)l2 & PAGE_MASK));
4517 * The spare PV entries must be reserved prior to demoting the
4518 * mapping, that is, prior to changing the PDE. Otherwise, the state
4519 * of the L2 and the PV lists will be inconsistent, which can result
4520 * in reclaim_pv_chunk() attempting to remove a PV entry from the
4521 * wrong PV list and pmap_pv_demote_l2() failing to find the expected
4522 * PV entry for the 2MB page mapping that is being demoted.
4524 if ((oldl2 & ATTR_SW_MANAGED) != 0)
4525 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
4527 pmap_update_entry(pmap, l2, l3phys | L2_TABLE, va, PAGE_SIZE);
4530 * Demote the PV entry.
4532 if ((oldl2 & ATTR_SW_MANAGED) != 0)
4533 pmap_pv_demote_l2(pmap, va, oldl2 & ~ATTR_MASK, lockp);
4535 atomic_add_long(&pmap_l2_demotions, 1);
4536 CTR3(KTR_PMAP, "pmap_demote_l2: success for va %#lx"
4537 " in pmap %p %lx", va, pmap, l3[0]);
4541 pmap_kremove(tmpl2);
4542 kva_free(tmpl2, PAGE_SIZE);
4550 pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
4552 struct rwlock *lock;
4556 l3 = pmap_demote_l2_locked(pmap, l2, va, &lock);
4563 * perform the pmap work for mincore
4566 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
4568 pd_entry_t *l1p, l1;
4569 pd_entry_t *l2p, l2;
4570 pt_entry_t *l3p, l3;
4581 l1p = pmap_l1(pmap, addr);
4582 if (l1p == NULL) /* No l1 */
4585 l1 = pmap_load(l1p);
4586 if ((l1 & ATTR_DESCR_MASK) == L1_INVAL)
4589 if ((l1 & ATTR_DESCR_MASK) == L1_BLOCK) {
4590 pa = (l1 & ~ATTR_MASK) | (addr & L1_OFFSET);
4591 managed = (l1 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4592 val = MINCORE_SUPER | MINCORE_INCORE;
4593 if (pmap_page_dirty(l1))
4594 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4595 if ((l1 & ATTR_AF) == ATTR_AF)
4596 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4600 l2p = pmap_l1_to_l2(l1p, addr);
4601 if (l2p == NULL) /* No l2 */
4604 l2 = pmap_load(l2p);
4605 if ((l2 & ATTR_DESCR_MASK) == L2_INVAL)
4608 if ((l2 & ATTR_DESCR_MASK) == L2_BLOCK) {
4609 pa = (l2 & ~ATTR_MASK) | (addr & L2_OFFSET);
4610 managed = (l2 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4611 val = MINCORE_SUPER | MINCORE_INCORE;
4612 if (pmap_page_dirty(l2))
4613 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4614 if ((l2 & ATTR_AF) == ATTR_AF)
4615 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4619 l3p = pmap_l2_to_l3(l2p, addr);
4620 if (l3p == NULL) /* No l3 */
4623 l3 = pmap_load(l2p);
4624 if ((l3 & ATTR_DESCR_MASK) == L3_INVAL)
4627 if ((l3 & ATTR_DESCR_MASK) == L3_PAGE) {
4628 pa = (l3 & ~ATTR_MASK) | (addr & L3_OFFSET);
4629 managed = (l3 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4630 val = MINCORE_INCORE;
4631 if (pmap_page_dirty(l3))
4632 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4633 if ((l3 & ATTR_AF) == ATTR_AF)
4634 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4638 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4639 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4640 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
4641 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
4644 PA_UNLOCK_COND(*locked_pa);
4651 pmap_activate(struct thread *td)
4656 pmap = vmspace_pmap(td->td_proc->p_vmspace);
4657 td->td_proc->p_md.md_l0addr = vtophys(pmap->pm_l0);
4658 __asm __volatile("msr ttbr0_el1, %0" : :
4659 "r"(td->td_proc->p_md.md_l0addr));
4660 pmap_invalidate_all(pmap);
4665 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
4668 if (va >= VM_MIN_KERNEL_ADDRESS) {
4669 cpu_icache_sync_range(va, sz);
4674 /* Find the length of data in this page to flush */
4675 offset = va & PAGE_MASK;
4676 len = imin(PAGE_SIZE - offset, sz);
4679 /* Extract the physical address & find it in the DMAP */
4680 pa = pmap_extract(pmap, va);
4682 cpu_icache_sync_range(PHYS_TO_DMAP(pa), len);
4684 /* Move to the next page */
4687 /* Set the length for the next iteration */
4688 len = imin(PAGE_SIZE, sz);
4694 pmap_fault(pmap_t pmap, uint64_t esr, uint64_t far)
4700 switch (ESR_ELx_EXCEPTION(esr)) {
4701 case EXCP_DATA_ABORT_L:
4702 case EXCP_DATA_ABORT:
4705 return (KERN_FAILURE);
4710 switch (esr & ISS_DATA_DFSC_MASK) {
4711 case ISS_DATA_DFSC_TF_L0:
4712 case ISS_DATA_DFSC_TF_L1:
4713 case ISS_DATA_DFSC_TF_L2:
4714 case ISS_DATA_DFSC_TF_L3:
4715 /* Ask the MMU to check the address */
4716 if (pmap == kernel_pmap)
4717 par = arm64_address_translate_s1e1r(far);
4719 par = arm64_address_translate_s1e0r(far);
4722 * If the translation was successful the address was invalid
4723 * due to a break-before-make sequence. We can unlock and
4724 * return success to the trap handler.
4726 if (PAR_SUCCESS(par)) {
4728 return (KERN_SUCCESS);
4737 return (KERN_FAILURE);
4741 * Increase the starting virtual address of the given mapping if a
4742 * different alignment might result in more superpage mappings.
4745 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4746 vm_offset_t *addr, vm_size_t size)
4748 vm_offset_t superpage_offset;
4752 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
4753 offset += ptoa(object->pg_color);
4754 superpage_offset = offset & L2_OFFSET;
4755 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
4756 (*addr & L2_OFFSET) == superpage_offset)
4758 if ((*addr & L2_OFFSET) < superpage_offset)
4759 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
4761 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
4765 * Get the kernel virtual address of a set of physical pages. If there are
4766 * physical addresses not covered by the DMAP perform a transient mapping
4767 * that will be removed when calling pmap_unmap_io_transient.
4769 * \param page The pages the caller wishes to obtain the virtual
4770 * address on the kernel memory map.
4771 * \param vaddr On return contains the kernel virtual memory address
4772 * of the pages passed in the page parameter.
4773 * \param count Number of pages passed in.
4774 * \param can_fault TRUE if the thread using the mapped pages can take
4775 * page faults, FALSE otherwise.
4777 * \returns TRUE if the caller must call pmap_unmap_io_transient when
4778 * finished or FALSE otherwise.
4782 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4783 boolean_t can_fault)
4786 boolean_t needs_mapping;
4790 * Allocate any KVA space that we need, this is done in a separate
4791 * loop to prevent calling vmem_alloc while pinned.
4793 needs_mapping = FALSE;
4794 for (i = 0; i < count; i++) {
4795 paddr = VM_PAGE_TO_PHYS(page[i]);
4796 if (__predict_false(!PHYS_IN_DMAP(paddr))) {
4797 error = vmem_alloc(kernel_arena, PAGE_SIZE,
4798 M_BESTFIT | M_WAITOK, &vaddr[i]);
4799 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
4800 needs_mapping = TRUE;
4802 vaddr[i] = PHYS_TO_DMAP(paddr);
4806 /* Exit early if everything is covered by the DMAP */
4812 for (i = 0; i < count; i++) {
4813 paddr = VM_PAGE_TO_PHYS(page[i]);
4814 if (!PHYS_IN_DMAP(paddr)) {
4816 "pmap_map_io_transient: TODO: Map out of DMAP data");
4820 return (needs_mapping);
4824 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4825 boolean_t can_fault)
4832 for (i = 0; i < count; i++) {
4833 paddr = VM_PAGE_TO_PHYS(page[i]);
4834 if (!PHYS_IN_DMAP(paddr)) {
4835 panic("ARM64TODO: pmap_unmap_io_transient: Unmap data");
projects / freebsd.git / blob