2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2003-2022 The DragonFly Project. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * The Mach Operating System project at Carnegie-Mellon University.
9 * This code is derived from software contributed to The DragonFly Project
10 * by Matthew Dillon <dillon@backplane.com>
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * from: @(#)vm_map.c 8.3 (Berkeley) 1/12/94
38 * Copyright (c) 1987, 1990 Carnegie-Mellon University.
39 * All rights reserved.
41 * Authors: Avadis Tevanian, Jr., Michael Wayne Young
43 * Permission to use, copy, modify and distribute this software and
44 * its documentation is hereby granted, provided that both the copyright
45 * notice and this permission notice appear in all copies of the
46 * software, derivative works or modified versions, and any portions
47 * thereof, and that both notices appear in supporting documentation.
49 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
50 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND
51 * FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
53 * Carnegie Mellon requests users of this software to return to
55 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
56 * School of Computer Science
57 * Carnegie Mellon University
58 * Pittsburgh PA 15213-3890
60 * any improvements or extensions that they make and grant Carnegie the
61 * rights to redistribute these changes.
63 #include <sys/param.h>
64 #include <sys/systm.h>
65 #include <sys/kernel.h>
67 #include <sys/serialize.h>
69 #include <sys/vmmeter.h>
71 #include <sys/vnode.h>
72 #include <sys/resourcevar.h>
75 #include <sys/malloc.h>
76 #include <sys/objcache.h>
77 #include <sys/kern_syscall.h>
80 #include <vm/vm_param.h>
82 #include <vm/vm_map.h>
83 #include <vm/vm_page.h>
84 #include <vm/vm_object.h>
85 #include <vm/vm_pager.h>
86 #include <vm/vm_kern.h>
87 #include <vm/vm_extern.h>
88 #include <vm/swap_pager.h>
89 #include <vm/vm_zone.h>
91 #include <sys/random.h>
92 #include <sys/sysctl.h>
93 #include <sys/spinlock.h>
95 #include <sys/thread2.h>
96 #include <sys/spinlock2.h>
99 * Virtual memory maps provide for the mapping, protection, and sharing
100 * of virtual memory objects. In addition, this module provides for an
101 * efficient virtual copy of memory from one map to another.
103 * Synchronization is required prior to most operations.
105 * Maps consist of an ordered doubly-linked list of simple entries.
106 * A hint and a RB tree is used to speed-up lookups.
108 * Callers looking to modify maps specify start/end addresses which cause
109 * the related map entry to be clipped if necessary, and then later
110 * recombined if the pieces remained compatible.
112 * Virtual copy operations are performed by copying VM object references
113 * from one map to another, and then marking both regions as copy-on-write.
115 static boolean_t vmspace_ctor(void *obj, void *privdata, int ocflags);
116 static void vmspace_dtor(void *obj, void *privdata);
117 static void vmspace_terminate(struct vmspace *vm, int final);
119 MALLOC_DEFINE(M_VMSPACE, "vmspace", "vmspace objcache backingstore");
120 MALLOC_DEFINE(M_MAP_BACKING, "map_backing", "vm_map_backing to entry");
121 static struct objcache *vmspace_cache;
124 * per-cpu page table cross mappings are initialized in early boot
125 * and might require a considerable number of vm_map_entry structures.
127 #define MAPENTRYBSP_CACHE (MAXCPU+1)
128 #define MAPENTRYAP_CACHE 8
131 * Partioning threaded programs with large anonymous memory areas can
132 * improve concurrent fault performance.
134 #define MAP_ENTRY_PARTITION_SIZE ((vm_offset_t)(32 * 1024 * 1024))
135 #define MAP_ENTRY_PARTITION_MASK (MAP_ENTRY_PARTITION_SIZE - 1)
137 #define VM_MAP_ENTRY_WITHIN_PARTITION(entry) \
138 ((((entry)->ba.start ^ (entry)->ba.end) & ~MAP_ENTRY_PARTITION_MASK) == 0)
140 static struct vm_zone mapentzone_store;
141 __read_mostly static vm_zone_t mapentzone;
143 static struct vm_map_entry map_entry_init[MAX_MAPENT];
144 static struct vm_map_entry cpu_map_entry_init_bsp[MAPENTRYBSP_CACHE];
145 static struct vm_map_entry cpu_map_entry_init_ap[MAXCPU][MAPENTRYAP_CACHE];
147 __read_mostly static int randomize_mmap;
148 SYSCTL_INT(_vm, OID_AUTO, randomize_mmap, CTLFLAG_RW, &randomize_mmap, 0,
149 "Randomize mmap offsets");
150 __read_mostly static int vm_map_relock_enable = 1;
151 SYSCTL_INT(_vm, OID_AUTO, map_relock_enable, CTLFLAG_RW,
152 &vm_map_relock_enable, 0, "insert pop pgtable optimization");
153 __read_mostly static int vm_map_partition_enable = 1;
154 SYSCTL_INT(_vm, OID_AUTO, map_partition_enable, CTLFLAG_RW,
155 &vm_map_partition_enable, 0, "Break up larger vm_map_entry's");
156 __read_mostly static int vm_map_backing_limit = 5;
157 SYSCTL_INT(_vm, OID_AUTO, map_backing_limit, CTLFLAG_RW,
158 &vm_map_backing_limit, 0, "ba.backing_ba link depth");
159 __read_mostly static int vm_map_backing_shadow_test = 1;
160 SYSCTL_INT(_vm, OID_AUTO, map_backing_shadow_test, CTLFLAG_RW,
161 &vm_map_backing_shadow_test, 0, "ba.object shadow test");
163 static void vmspace_drop_notoken(struct vmspace *vm);
164 static void vm_map_entry_shadow(vm_map_entry_t entry);
165 static vm_map_entry_t vm_map_entry_create(int *);
166 static void vm_map_entry_dispose (vm_map_t map, vm_map_entry_t entry, int *);
167 static void vm_map_entry_dispose_ba (vm_map_entry_t entry, vm_map_backing_t ba);
168 static void vm_map_backing_replicated(vm_map_t map,
169 vm_map_entry_t entry, int flags);
170 static void vm_map_backing_adjust_start(vm_map_entry_t entry,
172 static void vm_map_backing_adjust_end(vm_map_entry_t entry,
174 static void vm_map_backing_attach (vm_map_entry_t entry, vm_map_backing_t ba);
175 static void vm_map_backing_detach (vm_map_entry_t entry, vm_map_backing_t ba);
176 static void _vm_map_clip_end (vm_map_t, vm_map_entry_t, vm_offset_t, int *);
177 static void _vm_map_clip_start (vm_map_t, vm_map_entry_t, vm_offset_t, int *);
178 static void vm_map_entry_delete (vm_map_t, vm_map_entry_t, int *);
179 static void vm_map_entry_unwire (vm_map_t, vm_map_entry_t);
180 static void vm_map_copy_entry (vm_map_t, vm_map_t, vm_map_entry_t,
182 static void vm_map_unclip_range (vm_map_t map, vm_map_entry_t start_entry,
183 vm_offset_t start, vm_offset_t end, int *countp, int flags);
184 static void vm_map_entry_partition(vm_map_t map, vm_map_entry_t entry,
185 vm_offset_t vaddr, int *countp);
187 #define MAP_BACK_CLIPPED 0x0001
188 #define MAP_BACK_BASEOBJREFD 0x0002
191 * Initialize the vm_map module. Must be called before any other vm_map
194 * Map and entry structures are allocated from the general purpose
195 * memory pool with some exceptions:
197 * - The kernel map is allocated statically.
198 * - Initial kernel map entries are allocated out of a static pool.
199 * - We must set ZONE_SPECIAL here or the early boot code can get
200 * stuck if there are >63 cores.
202 * These restrictions are necessary since malloc() uses the
203 * maps and requires map entries.
205 * Called from the low level boot code only.
210 mapentzone = &mapentzone_store;
211 zbootinit(mapentzone, "MAP ENTRY", sizeof (struct vm_map_entry),
212 map_entry_init, MAX_MAPENT);
213 mapentzone_store.zflags |= ZONE_SPECIAL;
217 * Called prior to any vmspace allocations.
219 * Called from the low level boot code only.
224 vmspace_cache = objcache_create_mbacked(M_VMSPACE,
225 sizeof(struct vmspace),
227 vmspace_ctor, vmspace_dtor,
229 zinitna(mapentzone, NULL, 0, 0, ZONE_USE_RESERVE | ZONE_SPECIAL);
235 * objcache support. We leave the pmap root cached as long as possible
236 * for performance reasons.
240 vmspace_ctor(void *obj, void *privdata, int ocflags)
242 struct vmspace *vm = obj;
244 bzero(vm, sizeof(*vm));
245 vm->vm_refcnt = VM_REF_DELETED;
252 vmspace_dtor(void *obj, void *privdata)
254 struct vmspace *vm = obj;
256 KKASSERT(vm->vm_refcnt == VM_REF_DELETED);
257 pmap_puninit(vmspace_pmap(vm));
261 * Red black tree functions
263 * The caller must hold the related map lock.
265 static int rb_vm_map_compare(vm_map_entry_t a, vm_map_entry_t b);
266 RB_GENERATE(vm_map_rb_tree, vm_map_entry, rb_entry, rb_vm_map_compare);
268 /* a->ba.start is address, and the only field which must be initialized */
270 rb_vm_map_compare(vm_map_entry_t a, vm_map_entry_t b)
272 if (a->ba.start < b->ba.start)
274 else if (a->ba.start > b->ba.start)
280 * Initialize vmspace ref/hold counts vmspace0. There is a holdcnt for
284 vmspace_initrefs(struct vmspace *vm)
291 * Allocate a vmspace structure, including a vm_map and pmap.
292 * Initialize numerous fields. While the initial allocation is zerod,
293 * subsequence reuse from the objcache leaves elements of the structure
294 * intact (particularly the pmap), so portions must be zerod.
296 * Returns a referenced vmspace.
301 vmspace_alloc(vm_offset_t min, vm_offset_t max)
305 vm = objcache_get(vmspace_cache, M_WAITOK);
307 bzero(&vm->vm_startcopy,
308 (char *)&vm->vm_endcopy - (char *)&vm->vm_startcopy);
309 vm_map_init(&vm->vm_map, min, max, NULL); /* initializes token */
312 * NOTE: hold to acquires token for safety.
314 * On return vmspace is referenced (refs=1, hold=1). That is,
315 * each refcnt also has a holdcnt. There can be additional holds
316 * (holdcnt) above and beyond the refcnt. Finalization is handled in
317 * two stages, one on refs 1->0, and the the second on hold 1->0.
319 KKASSERT(vm->vm_holdcnt == 0);
320 KKASSERT(vm->vm_refcnt == VM_REF_DELETED);
321 vmspace_initrefs(vm);
323 pmap_pinit(vmspace_pmap(vm)); /* (some fields reused) */
324 vm->vm_map.pmap = vmspace_pmap(vm); /* XXX */
327 cpu_vmspace_alloc(vm);
334 * NOTE: Can return 0 if the vmspace is exiting.
337 vmspace_getrefs(struct vmspace *vm)
343 if (n & VM_REF_DELETED)
349 vmspace_hold(struct vmspace *vm)
351 atomic_add_int(&vm->vm_holdcnt, 1);
352 lwkt_gettoken(&vm->vm_map.token);
356 * Drop with final termination interlock.
359 vmspace_drop(struct vmspace *vm)
361 lwkt_reltoken(&vm->vm_map.token);
362 vmspace_drop_notoken(vm);
366 vmspace_drop_notoken(struct vmspace *vm)
368 if (atomic_fetchadd_int(&vm->vm_holdcnt, -1) == 1) {
369 if (vm->vm_refcnt & VM_REF_DELETED)
370 vmspace_terminate(vm, 1);
375 * A vmspace object must not be in a terminated state to be able to obtain
376 * additional refs on it.
378 * These are official references to the vmspace, the count is used to check
379 * for vmspace sharing. Foreign accessors should use 'hold' and not 'ref'.
381 * XXX we need to combine hold & ref together into one 64-bit field to allow
382 * holds to prevent stage-1 termination.
385 vmspace_ref(struct vmspace *vm)
389 atomic_add_int(&vm->vm_holdcnt, 1);
390 n = atomic_fetchadd_int(&vm->vm_refcnt, 1);
391 KKASSERT((n & VM_REF_DELETED) == 0);
395 * Release a ref on the vmspace. On the 1->0 transition we do stage-1
396 * termination of the vmspace. Then, on the final drop of the hold we
397 * will do stage-2 final termination.
400 vmspace_rel(struct vmspace *vm)
405 * Drop refs. Each ref also has a hold which is also dropped.
407 * When refs hits 0 compete to get the VM_REF_DELETED flag (hold
408 * prevent finalization) to start termination processing.
409 * Finalization occurs when the last hold count drops to 0.
411 n = atomic_fetchadd_int(&vm->vm_refcnt, -1) - 1;
413 if (atomic_cmpset_int(&vm->vm_refcnt, 0, VM_REF_DELETED)) {
414 vmspace_terminate(vm, 0);
420 vmspace_drop_notoken(vm);
424 * This is called during exit indicating that the vmspace is no
425 * longer in used by an exiting process, but the process has not yet
428 * We drop refs, allowing for stage-1 termination, but maintain a holdcnt
429 * to prevent stage-2 until the process is reaped. Note hte order of
430 * operation, we must hold first.
435 vmspace_relexit(struct vmspace *vm)
437 atomic_add_int(&vm->vm_holdcnt, 1);
442 * Called during reap to disconnect the remainder of the vmspace from
443 * the process. On the hold drop the vmspace termination is finalized.
448 vmspace_exitfree(struct proc *p)
454 vmspace_drop_notoken(vm);
458 * Called in two cases:
460 * (1) When the last refcnt is dropped and the vmspace becomes inactive,
461 * called with final == 0. refcnt will be (u_int)-1 at this point,
462 * and holdcnt will still be non-zero.
464 * (2) When holdcnt becomes 0, called with final == 1. There should no
465 * longer be anyone with access to the vmspace.
467 * VMSPACE_EXIT1 flags the primary deactivation
468 * VMSPACE_EXIT2 flags the last reap
471 vmspace_terminate(struct vmspace *vm, int final)
475 lwkt_gettoken(&vm->vm_map.token);
477 KKASSERT((vm->vm_flags & VMSPACE_EXIT1) == 0);
478 vm->vm_flags |= VMSPACE_EXIT1;
481 * Get rid of most of the resources. Leave the kernel pmap
484 * If the pmap does not contain wired pages we can bulk-delete
485 * the pmap as a performance optimization before removing the
488 * If the pmap contains wired pages we cannot do this
489 * pre-optimization because currently vm_fault_unwire()
490 * expects the pmap pages to exist and will not decrement
491 * p->wire_count if they do not.
494 if (vmspace_pmap(vm)->pm_stats.wired_count) {
495 vm_map_remove(&vm->vm_map, VM_MIN_USER_ADDRESS,
496 VM_MAX_USER_ADDRESS);
497 pmap_remove_pages(vmspace_pmap(vm), VM_MIN_USER_ADDRESS,
498 VM_MAX_USER_ADDRESS);
500 pmap_remove_pages(vmspace_pmap(vm), VM_MIN_USER_ADDRESS,
501 VM_MAX_USER_ADDRESS);
502 vm_map_remove(&vm->vm_map, VM_MIN_USER_ADDRESS,
503 VM_MAX_USER_ADDRESS);
505 lwkt_reltoken(&vm->vm_map.token);
507 KKASSERT((vm->vm_flags & VMSPACE_EXIT1) != 0);
508 KKASSERT((vm->vm_flags & VMSPACE_EXIT2) == 0);
511 * Get rid of remaining basic resources.
513 vm->vm_flags |= VMSPACE_EXIT2;
516 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
517 vm_map_lock(&vm->vm_map);
518 cpu_vmspace_free(vm);
521 * Lock the map, to wait out all other references to it.
522 * Delete all of the mappings and pages they hold, then call
523 * the pmap module to reclaim anything left.
525 vm_map_delete(&vm->vm_map,
526 vm_map_min(&vm->vm_map),
527 vm_map_max(&vm->vm_map),
529 vm_map_unlock(&vm->vm_map);
530 vm_map_entry_release(count);
532 pmap_release(vmspace_pmap(vm));
533 lwkt_reltoken(&vm->vm_map.token);
534 objcache_put(vmspace_cache, vm);
539 * Swap useage is determined by taking the proportional swap used by
540 * VM objects backing the VM map. To make up for fractional losses,
541 * if the VM object has any swap use at all the associated map entries
542 * count for at least 1 swap page.
547 vmspace_swap_count(struct vmspace *vm)
549 vm_map_t map = &vm->vm_map;
552 vm_offset_t count = 0;
557 RB_FOREACH(cur, vm_map_rb_tree, &map->rb_root) {
558 switch(cur->maptype) {
559 case VM_MAPTYPE_NORMAL:
560 if ((object = cur->ba.object) == NULL)
562 if (object->swblock_count) {
563 n = (cur->ba.end - cur->ba.start) / PAGE_SIZE;
564 count += object->swblock_count *
565 SWAP_META_PAGES * n / object->size + 1;
578 * Calculate the approximate number of anonymous pages in use by
579 * this vmspace. To make up for fractional losses, we count each
580 * VM object as having at least 1 anonymous page.
585 vmspace_anonymous_count(struct vmspace *vm)
587 vm_map_t map = &vm->vm_map;
590 vm_offset_t count = 0;
593 RB_FOREACH(cur, vm_map_rb_tree, &map->rb_root) {
594 switch(cur->maptype) {
595 case VM_MAPTYPE_NORMAL:
596 if ((object = cur->ba.object) == NULL)
598 if (object->type != OBJT_DEFAULT &&
599 object->type != OBJT_SWAP) {
602 count += object->resident_page_count;
614 * Initialize an existing vm_map structure such as that in the vmspace
615 * structure. The pmap is initialized elsewhere.
620 vm_map_init(struct vm_map *map, vm_offset_t min_addr, vm_offset_t max_addr,
623 RB_INIT(&map->rb_root);
624 spin_init(&map->ilock_spin, "ilock");
625 map->ilock_base = NULL;
629 vm_map_min(map) = min_addr;
630 vm_map_max(map) = max_addr;
634 bzero(&map->freehint, sizeof(map->freehint));
635 lwkt_token_init(&map->token, "vm_map");
636 lockinit(&map->lock, "vm_maplk", (hz + 9) / 10, 0);
640 * Find the first possible free address for the specified request length.
641 * Returns 0 if we don't have one cached.
645 vm_map_freehint_find(vm_map_t map, vm_size_t length, vm_size_t align)
647 vm_map_freehint_t *scan;
649 scan = &map->freehint[0];
650 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
651 if (scan->length == length && scan->align == align)
659 * Unconditionally set the freehint. Called by vm_map_findspace() after
660 * it finds an address. This will help us iterate optimally on the next
665 vm_map_freehint_update(vm_map_t map, vm_offset_t start,
666 vm_size_t length, vm_size_t align)
668 vm_map_freehint_t *scan;
670 scan = &map->freehint[0];
671 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
672 if (scan->length == length && scan->align == align) {
678 scan = &map->freehint[map->freehint_newindex & VM_MAP_FFMASK];
681 scan->length = length;
682 ++map->freehint_newindex;
686 * Update any existing freehints (for any alignment), for the hole we just
691 vm_map_freehint_hole(vm_map_t map, vm_offset_t start, vm_size_t length)
693 vm_map_freehint_t *scan;
695 scan = &map->freehint[0];
696 while (scan < &map->freehint[VM_MAP_FFCOUNT]) {
697 if (scan->length <= length && scan->start > start)
704 * This function handles MAP_ENTRY_NEEDS_COPY by inserting a fronting
705 * object in the entry for COW faults.
707 * The entire chain including entry->ba (prior to inserting the fronting
708 * object) essentially becomes set in stone... elements of it can be paged
709 * in or out, but cannot be further modified.
711 * NOTE: If we do not optimize the backing chain then a unique copy is not
712 * needed. Note, however, that because portions of the chain are
713 * shared across pmaps we cannot make any changes to the vm_map_backing
714 * elements themselves.
716 * If the map segment is governed by a virtual page table then it is
717 * possible to address offsets beyond the mapped area. Just allocate
718 * a maximally sized object for this case.
720 * If addref is non-zero an additional reference is added to the returned
721 * entry. This mechanic exists because the additional reference might have
722 * to be added atomically and not after return to prevent a premature
723 * collapse. XXX currently there is no collapse code.
725 * The vm_map must be exclusively locked.
726 * No other requirements.
730 vm_map_entry_shadow(vm_map_entry_t entry)
738 * Number of bytes we have to shadow
740 length = atop(entry->ba.end - entry->ba.start);
743 * Don't create the new object if the old object isn't shared.
744 * This case occurs quite often when programs fork/exec/wait.
746 * Caller ensures source exists (all backing_ba's must have objects),
747 * typically indirectly by virtue of the NEEDS_COPY flag being set.
748 * We have a ref on source by virtue of the entry and do not need
749 * to lock it to do this test.
751 source = entry->ba.object;
754 if (source->type != OBJT_VNODE) {
755 if (source->ref_count == 1 &&
756 source->handle == NULL &&
757 (source->type == OBJT_DEFAULT ||
758 source->type == OBJT_SWAP)) {
762 ba = kmalloc(sizeof(*ba), M_MAP_BACKING, M_INTWAIT); /* copied later */
763 vm_object_hold_shared(source);
766 * Once it becomes part of a backing_ba chain it can wind up anywhere,
767 * drop the ONEMAPPING flag now.
769 vm_object_clear_flag(source, OBJ_ONEMAPPING);
772 * Allocate a new object with the given length. The new object
773 * is returned referenced but we may have to add another one.
774 * If we are adding a second reference we must clear OBJ_ONEMAPPING.
775 * (typically because the caller is about to clone a vm_map_entry).
777 * The source object currently has an extra reference to prevent
778 * collapses into it while we mess with its shadow list, which
779 * we will remove later in this routine.
781 * The target object may require a second reference if asked for one
784 result = vm_object_allocate_hold(OBJT_DEFAULT, length);
786 panic("vm_object_shadow: no object for shadowing");
789 * The new object shadows the source object.
791 * Try to optimize the result object's page color when shadowing
792 * in order to maintain page coloring consistency in the combined
795 * The source object is moved to ba, retaining its existing ref-count.
796 * No additional ref is needed.
798 * SHADOWING IS NOT APPLICABLE TO OBJT_VNODE OBJECTS
800 vm_map_backing_detach(entry, &entry->ba);
801 *ba = entry->ba; /* previous ba */
802 entry->ba.object = result; /* new ba (at head of entry) */
803 entry->ba.backing_ba = ba;
804 entry->ba.backing_count = ba->backing_count + 1;
805 entry->ba.offset = 0;
807 /* cpu localization twist */
808 result->pg_color = vm_quickcolor();
810 vm_map_backing_attach(entry, &entry->ba);
811 vm_map_backing_attach(entry, ba);
814 * Adjust the return storage. Drop the ref on source before
817 vm_object_drop(result);
818 vm_object_drop(source);
820 entry->eflags &= ~MAP_ENTRY_NEEDS_COPY;
824 * Allocate an object for a vm_map_entry.
826 * Object allocation for anonymous mappings is defered as long as possible.
827 * This function is called when we can defer no longer, generally when a map
828 * entry might be split or forked or takes a page fault.
830 * If the map segment is governed by a virtual page table then it is
831 * possible to address offsets beyond the mapped area. Just allocate
832 * a maximally sized object for this case.
834 * The vm_map must be exclusively locked.
835 * No other requirements.
838 vm_map_entry_allocate_object(vm_map_entry_t entry)
843 * ba.offset is NOT cumulatively added in the backing_ba scan like
844 * it was in the old object chain, so we can assign whatever offset
845 * we like to the new object.
847 * For now assign a value of 0 to make debugging object sizes
850 entry->ba.offset = 0;
852 obj = vm_object_allocate(OBJT_DEFAULT,
853 atop(entry->ba.end - entry->ba.start) +
855 entry->ba.object = obj;
856 vm_map_backing_attach(entry, &entry->ba);
860 * Set an initial negative count so the first attempt to reserve
861 * space preloads a bunch of vm_map_entry's for this cpu. Also
862 * pre-allocate 2 vm_map_entries which will be needed by zalloc() to
863 * map a new page for vm_map_entry structures. SMP systems are
864 * particularly sensitive.
866 * This routine is called in early boot so we cannot just call
867 * vm_map_entry_reserve().
869 * Called from the low level boot code only (for each cpu)
871 * WARNING! Take care not to have too-big a static/BSS structure here
872 * as MAXCPU can be 256+, otherwise the loader's 64MB heap
873 * can get blown out by the kernel plus the initrd image.
876 vm_map_entry_reserve_cpu_init(globaldata_t gd)
878 vm_map_entry_t entry;
882 atomic_add_int(&gd->gd_vme_avail, -MAP_RESERVE_COUNT * 2);
883 if (gd->gd_cpuid == 0) {
884 entry = &cpu_map_entry_init_bsp[0];
885 count = MAPENTRYBSP_CACHE;
887 entry = &cpu_map_entry_init_ap[gd->gd_cpuid][0];
888 count = MAPENTRYAP_CACHE;
890 for (i = 0; i < count; ++i, ++entry) {
891 MAPENT_FREELIST(entry) = gd->gd_vme_base;
892 gd->gd_vme_base = entry;
897 * Reserves vm_map_entry structures so code later-on can manipulate
898 * map_entry structures within a locked map without blocking trying
899 * to allocate a new vm_map_entry.
903 * WARNING! We must not decrement gd_vme_avail until after we have
904 * ensured that sufficient entries exist, otherwise we can
905 * get into an endless call recursion in the zalloc code
909 vm_map_entry_reserve(int count)
911 struct globaldata *gd = mycpu;
912 vm_map_entry_t entry;
915 * Make sure we have enough structures in gd_vme_base to handle
916 * the reservation request.
918 * Use a critical section to protect against VM faults. It might
919 * not be needed, but we have to be careful here.
921 if (gd->gd_vme_avail < count) {
923 while (gd->gd_vme_avail < count) {
924 entry = zalloc(mapentzone);
925 MAPENT_FREELIST(entry) = gd->gd_vme_base;
926 gd->gd_vme_base = entry;
927 atomic_add_int(&gd->gd_vme_avail, 1);
931 atomic_add_int(&gd->gd_vme_avail, -count);
937 * Releases previously reserved vm_map_entry structures that were not
938 * used. If we have too much junk in our per-cpu cache clean some of
944 vm_map_entry_release(int count)
946 struct globaldata *gd = mycpu;
947 vm_map_entry_t entry;
948 vm_map_entry_t efree;
950 count = atomic_fetchadd_int(&gd->gd_vme_avail, count) + count;
951 if (gd->gd_vme_avail > MAP_RESERVE_SLOP) {
954 while (gd->gd_vme_avail > MAP_RESERVE_HYST) {
955 entry = gd->gd_vme_base;
956 KKASSERT(entry != NULL);
957 gd->gd_vme_base = MAPENT_FREELIST(entry);
958 atomic_add_int(&gd->gd_vme_avail, -1);
959 MAPENT_FREELIST(entry) = efree;
963 while ((entry = efree) != NULL) {
964 efree = MAPENT_FREELIST(efree);
965 zfree(mapentzone, entry);
971 * Reserve map entry structures for use in kernel_map itself. These
972 * entries have *ALREADY* been reserved on a per-cpu basis when the map
973 * was inited. This function is used by zalloc() to avoid a recursion
974 * when zalloc() itself needs to allocate additional kernel memory.
976 * This function works like the normal reserve but does not load the
977 * vm_map_entry cache (because that would result in an infinite
978 * recursion). Note that gd_vme_avail may go negative. This is expected.
980 * Any caller of this function must be sure to renormalize after
981 * potentially eating entries to ensure that the reserve supply
987 vm_map_entry_kreserve(int count)
989 struct globaldata *gd = mycpu;
991 atomic_add_int(&gd->gd_vme_avail, -count);
992 KASSERT(gd->gd_vme_base != NULL,
993 ("no reserved entries left, gd_vme_avail = %d",
999 * Release previously reserved map entries for kernel_map. We do not
1000 * attempt to clean up like the normal release function as this would
1001 * cause an unnecessary (but probably not fatal) deep procedure call.
1006 vm_map_entry_krelease(int count)
1008 struct globaldata *gd = mycpu;
1010 atomic_add_int(&gd->gd_vme_avail, count);
1014 * Allocates a VM map entry for insertion. No entry fields are filled in.
1016 * The entries should have previously been reserved. The reservation count
1017 * is tracked in (*countp).
1021 static vm_map_entry_t
1022 vm_map_entry_create(int *countp)
1024 struct globaldata *gd = mycpu;
1025 vm_map_entry_t entry;
1027 KKASSERT(*countp > 0);
1030 entry = gd->gd_vme_base;
1031 KASSERT(entry != NULL, ("gd_vme_base NULL! count %d", *countp));
1032 gd->gd_vme_base = MAPENT_FREELIST(entry);
1039 * Attach and detach backing store elements
1042 vm_map_backing_attach(vm_map_entry_t entry, vm_map_backing_t ba)
1046 switch(entry->maptype) {
1047 case VM_MAPTYPE_NORMAL:
1049 lockmgr(&obj->backing_lk, LK_EXCLUSIVE);
1050 TAILQ_INSERT_TAIL(&obj->backing_list, ba, entry);
1051 lockmgr(&obj->backing_lk, LK_RELEASE);
1053 case VM_MAPTYPE_UKSMAP:
1054 ba->uksmap(ba, UKSMAPOP_ADD, entry->aux.dev, NULL);
1060 vm_map_backing_detach(vm_map_entry_t entry, vm_map_backing_t ba)
1064 switch(entry->maptype) {
1065 case VM_MAPTYPE_NORMAL:
1067 lockmgr(&obj->backing_lk, LK_EXCLUSIVE);
1068 TAILQ_REMOVE(&obj->backing_list, ba, entry);
1069 lockmgr(&obj->backing_lk, LK_RELEASE);
1071 case VM_MAPTYPE_UKSMAP:
1072 ba->uksmap(ba, UKSMAPOP_REM, entry->aux.dev, NULL);
1078 * Dispose of the dynamically allocated backing_ba chain associated
1079 * with a vm_map_entry.
1081 * We decrement the (possibly shared) element and kfree() on the
1082 * 1->0 transition. We only iterate to the next backing_ba when
1083 * the previous one went through a 1->0 transition.
1085 * These can only be normal vm_object based backings.
1088 vm_map_entry_dispose_ba(vm_map_entry_t entry, vm_map_backing_t ba)
1090 vm_map_backing_t next;
1093 if (ba->map_object) {
1094 vm_map_backing_detach(entry, ba);
1095 vm_object_deallocate(ba->object);
1097 next = ba->backing_ba;
1098 kfree(ba, M_MAP_BACKING);
1104 * Dispose of a vm_map_entry that is no longer being referenced.
1109 vm_map_entry_dispose(vm_map_t map, vm_map_entry_t entry, int *countp)
1111 struct globaldata *gd = mycpu;
1114 * Dispose of the base object and the backing link.
1116 switch(entry->maptype) {
1117 case VM_MAPTYPE_NORMAL:
1118 if (entry->ba.map_object) {
1119 vm_map_backing_detach(entry, &entry->ba);
1120 vm_object_deallocate(entry->ba.object);
1123 case VM_MAPTYPE_SUBMAP:
1125 case VM_MAPTYPE_UKSMAP:
1126 vm_map_backing_detach(entry, &entry->ba);
1131 vm_map_entry_dispose_ba(entry, entry->ba.backing_ba);
1134 * Cleanup for safety.
1136 entry->ba.backing_ba = NULL;
1137 entry->ba.object = NULL;
1138 entry->ba.offset = 0;
1142 MAPENT_FREELIST(entry) = gd->gd_vme_base;
1143 gd->gd_vme_base = entry;
1149 * Insert/remove entries from maps.
1151 * The related map must be exclusively locked.
1152 * The caller must hold map->token
1153 * No other requirements.
1155 static __inline void
1156 vm_map_entry_link(vm_map_t map, vm_map_entry_t entry)
1158 ASSERT_VM_MAP_LOCKED(map);
1161 if (vm_map_rb_tree_RB_INSERT(&map->rb_root, entry))
1162 panic("vm_map_entry_link: dup addr map %p ent %p", map, entry);
1165 static __inline void
1166 vm_map_entry_unlink(vm_map_t map,
1167 vm_map_entry_t entry)
1169 ASSERT_VM_MAP_LOCKED(map);
1171 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1172 panic("vm_map_entry_unlink: attempt to mess with "
1173 "locked entry! %p", entry);
1175 vm_map_rb_tree_RB_REMOVE(&map->rb_root, entry);
1180 * Finds the map entry containing (or immediately preceding) the specified
1181 * address in the given map. The entry is returned in (*entry).
1183 * The boolean result indicates whether the address is actually contained
1186 * The related map must be locked.
1187 * No other requirements.
1190 vm_map_lookup_entry(vm_map_t map, vm_offset_t address, vm_map_entry_t *entry)
1193 vm_map_entry_t last;
1195 ASSERT_VM_MAP_LOCKED(map);
1198 * Locate the record from the top of the tree. 'last' tracks the
1199 * closest prior record and is returned if no match is found, which
1200 * in binary tree terms means tracking the most recent right-branch
1201 * taken. If there is no prior record, *entry is set to NULL.
1204 tmp = RB_ROOT(&map->rb_root);
1207 if (address >= tmp->ba.start) {
1208 if (address < tmp->ba.end) {
1213 tmp = RB_RIGHT(tmp, rb_entry);
1215 tmp = RB_LEFT(tmp, rb_entry);
1223 * Inserts the given whole VM object into the target map at the specified
1224 * address range. The object's size should match that of the address range.
1226 * The map must be exclusively locked.
1227 * The object must be held.
1228 * The caller must have reserved sufficient vm_map_entry structures.
1230 * If object is non-NULL, ref count must be bumped by caller prior to
1231 * making call to account for the new entry. XXX API is a bit messy.
1234 vm_map_insert(vm_map_t map, int *countp,
1235 void *map_object, void *map_aux,
1236 vm_ooffset_t offset, void *aux_info,
1237 vm_offset_t start, vm_offset_t end,
1238 vm_maptype_t maptype, vm_subsys_t id,
1239 vm_prot_t prot, vm_prot_t max, int cow)
1241 vm_map_entry_t new_entry;
1242 vm_map_entry_t prev_entry;
1243 vm_map_entry_t next;
1244 vm_map_entry_t temp_entry;
1245 vm_eflags_t protoeflags;
1249 if (maptype == VM_MAPTYPE_UKSMAP)
1252 object = map_object;
1254 ASSERT_VM_MAP_LOCKED(map);
1256 ASSERT_LWKT_TOKEN_HELD(vm_object_token(object));
1259 * Check that the start and end points are not bogus.
1261 if ((start < vm_map_min(map)) || (end > vm_map_max(map)) ||
1263 return (KERN_INVALID_ADDRESS);
1267 * Find the entry prior to the proposed starting address; if it's part
1268 * of an existing entry, this range is bogus.
1270 if (vm_map_lookup_entry(map, start, &temp_entry))
1271 return (KERN_NO_SPACE);
1272 prev_entry = temp_entry;
1275 * Assert that the next entry doesn't overlap the end point.
1278 next = vm_map_rb_tree_RB_NEXT(prev_entry);
1280 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
1281 if (next && next->ba.start < end)
1282 return (KERN_NO_SPACE);
1286 if (cow & MAP_COPY_ON_WRITE)
1287 protoeflags |= MAP_ENTRY_COW|MAP_ENTRY_NEEDS_COPY;
1289 if (cow & MAP_NOFAULT) {
1290 protoeflags |= MAP_ENTRY_NOFAULT;
1292 KASSERT(object == NULL,
1293 ("vm_map_insert: paradoxical MAP_NOFAULT request"));
1295 if (cow & MAP_DISABLE_SYNCER)
1296 protoeflags |= MAP_ENTRY_NOSYNC;
1297 if (cow & MAP_DISABLE_COREDUMP)
1298 protoeflags |= MAP_ENTRY_NOCOREDUMP;
1299 if (cow & MAP_IS_STACK)
1300 protoeflags |= MAP_ENTRY_STACK;
1301 if (cow & MAP_IS_KSTACK)
1302 protoeflags |= MAP_ENTRY_KSTACK;
1304 lwkt_gettoken(&map->token);
1308 } else if (prev_entry &&
1309 (prev_entry->eflags == protoeflags) &&
1310 (prev_entry->ba.end == start) &&
1311 (prev_entry->wired_count == 0) &&
1312 (prev_entry->id == id) &&
1313 prev_entry->maptype == maptype &&
1314 maptype == VM_MAPTYPE_NORMAL &&
1315 prev_entry->ba.backing_ba == NULL && /* not backed */
1316 ((prev_entry->ba.object == NULL) ||
1317 vm_object_coalesce(prev_entry->ba.object,
1318 OFF_TO_IDX(prev_entry->ba.offset),
1319 (vm_size_t)(prev_entry->ba.end - prev_entry->ba.start),
1320 (vm_size_t)(end - prev_entry->ba.end)))) {
1322 * We were able to extend the object. Determine if we
1323 * can extend the previous map entry to include the
1324 * new range as well.
1326 if ((prev_entry->inheritance == VM_INHERIT_DEFAULT) &&
1327 (prev_entry->protection == prot) &&
1328 (prev_entry->max_protection == max)) {
1329 map->size += (end - prev_entry->ba.end);
1330 vm_map_backing_adjust_end(prev_entry, end);
1331 vm_map_simplify_entry(map, prev_entry, countp);
1332 lwkt_reltoken(&map->token);
1333 return (KERN_SUCCESS);
1337 * If we can extend the object but cannot extend the
1338 * map entry, we have to create a new map entry. We
1339 * must bump the ref count on the extended object to
1340 * account for it. object may be NULL.
1342 object = prev_entry->ba.object;
1343 offset = prev_entry->ba.offset +
1344 (prev_entry->ba.end - prev_entry->ba.start);
1346 vm_object_hold(object);
1347 vm_object_lock_swap(); /* map->token order */
1348 vm_object_reference_locked(object);
1349 map_object = object;
1355 * NOTE: if conditionals fail, object can be NULL here. This occurs
1356 * in things like the buffer map where we manage kva but do not manage
1361 * Create a new entry
1363 new_entry = vm_map_entry_create(countp);
1364 new_entry->ba.pmap = map->pmap;
1365 new_entry->ba.start = start;
1366 new_entry->ba.end = end;
1369 new_entry->maptype = maptype;
1370 new_entry->eflags = protoeflags;
1371 new_entry->aux.master_pde = 0; /* in case size is different */
1372 new_entry->aux.map_aux = map_aux;
1373 new_entry->ba.map_object = map_object;
1374 new_entry->ba.backing_ba = NULL;
1375 new_entry->ba.backing_count = 0;
1376 new_entry->ba.offset = offset;
1377 new_entry->ba.aux_info = aux_info;
1378 new_entry->ba.flags = 0;
1379 new_entry->ba.pmap = map->pmap;
1381 new_entry->inheritance = VM_INHERIT_DEFAULT;
1382 new_entry->protection = prot;
1383 new_entry->max_protection = max;
1384 new_entry->wired_count = 0;
1387 * Insert the new entry into the list
1389 vm_map_backing_replicated(map, new_entry, MAP_BACK_BASEOBJREFD);
1390 vm_map_entry_link(map, new_entry);
1391 map->size += new_entry->ba.end - new_entry->ba.start;
1394 * Don't worry about updating freehint[] when inserting, allow
1395 * addresses to be lower than the actual first free spot.
1399 * Temporarily removed to avoid MAP_STACK panic, due to
1400 * MAP_STACK being a huge hack. Will be added back in
1401 * when MAP_STACK (and the user stack mapping) is fixed.
1404 * It may be possible to simplify the entry
1406 vm_map_simplify_entry(map, new_entry, countp);
1410 * Try to pre-populate the page table. Mappings governed by virtual
1411 * page tables cannot be prepopulated without a lot of work, so
1414 if ((cow & (MAP_PREFAULT|MAP_PREFAULT_PARTIAL)) &&
1415 maptype != VM_MAPTYPE_UKSMAP) {
1417 if (vm_map_relock_enable && (cow & MAP_PREFAULT_RELOCK)) {
1419 vm_object_lock_swap();
1420 vm_object_drop(object);
1422 pmap_object_init_pt(map->pmap, new_entry,
1423 new_entry->ba.start,
1424 new_entry->ba.end - new_entry->ba.start,
1425 cow & MAP_PREFAULT_PARTIAL);
1427 vm_object_hold(object);
1428 vm_object_lock_swap();
1431 lwkt_reltoken(&map->token);
1433 vm_object_drop(object);
1435 return (KERN_SUCCESS);
1439 * Find sufficient space for `length' bytes in the given map, starting at
1440 * `start'. Returns 0 on success, 1 on no space.
1442 * This function will returned an arbitrarily aligned pointer. If no
1443 * particular alignment is required you should pass align as 1. Note that
1444 * the map may return PAGE_SIZE aligned pointers if all the lengths used in
1445 * the map are a multiple of PAGE_SIZE, even if you pass a smaller align
1448 * 'align' should be a power of 2 but is not required to be.
1450 * The map must be exclusively locked.
1451 * No other requirements.
1454 vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
1455 vm_size_t align, int flags, vm_offset_t *addr)
1457 vm_map_entry_t entry;
1459 vm_offset_t hole_start;
1461 vm_offset_t align_mask;
1463 if (start < vm_map_min(map))
1464 start = vm_map_min(map);
1465 if (start > vm_map_max(map))
1469 * If the alignment is not a power of 2 we will have to use
1470 * a mod/division, set align_mask to a special value.
1472 if ((align | (align - 1)) + 1 != (align << 1))
1473 align_mask = (vm_offset_t)-1;
1475 align_mask = align - 1;
1478 * Use freehint to adjust the start point, hopefully reducing
1479 * the iteration to O(1).
1481 hole_start = vm_map_freehint_find(map, length, align);
1482 if (start < hole_start)
1484 if (vm_map_lookup_entry(map, start, &tmp))
1485 start = tmp->ba.end;
1486 entry = tmp; /* may be NULL */
1489 * Look through the rest of the map, trying to fit a new region in the
1490 * gap between existing regions, or after the very last region.
1494 * Adjust the proposed start by the requested alignment,
1495 * be sure that we didn't wrap the address.
1497 if (align_mask == (vm_offset_t)-1)
1498 end = roundup(start, align);
1500 end = (start + align_mask) & ~align_mask;
1506 * Find the end of the proposed new region. Be sure we didn't
1507 * go beyond the end of the map, or wrap around the address.
1508 * Then check to see if this is the last entry or if the
1509 * proposed end fits in the gap between this and the next
1512 end = start + length;
1513 if (end > vm_map_max(map) || end < start)
1517 * Locate the next entry, we can stop if this is the
1518 * last entry (we know we are in-bounds so that would
1522 entry = vm_map_rb_tree_RB_NEXT(entry);
1524 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
1529 * Determine if the proposed area would overlap the
1532 * When matching against a STACK entry, only allow the
1533 * memory map to intrude on the ungrown portion of the
1534 * STACK entry when MAP_TRYFIXED is set.
1536 if (entry->ba.start >= end) {
1537 if ((entry->eflags & MAP_ENTRY_STACK) == 0)
1539 if (flags & MAP_TRYFIXED)
1541 if (entry->ba.start - entry->aux.avail_ssize >= end)
1544 start = entry->ba.end;
1548 * Update the freehint
1550 vm_map_freehint_update(map, start, length, align);
1553 * Grow the kernel_map if necessary. pmap_growkernel() will panic
1554 * if it fails. The kernel_map is locked and nothing can steal
1555 * our address space if pmap_growkernel() blocks.
1557 * NOTE: This may be unconditionally called for kldload areas on
1558 * x86_64 because these do not bump kernel_vm_end (which would
1559 * fill 128G worth of page tables!). Therefore we must not
1562 if (map == kernel_map) {
1565 kstop = round_page(start + length);
1566 if (kstop > kernel_vm_end)
1567 pmap_growkernel(start, kstop);
1574 * vm_map_find finds an unallocated region in the target address map with
1575 * the given length and allocates it. The search is defined to be first-fit
1576 * from the specified address; the region found is returned in the same
1579 * If object is non-NULL, ref count must be bumped by caller
1580 * prior to making call to account for the new entry.
1582 * No requirements. This function will lock the map temporarily.
1585 vm_map_find(vm_map_t map, void *map_object, void *map_aux,
1586 vm_ooffset_t offset, vm_offset_t *addr,
1587 vm_size_t length, vm_size_t align, boolean_t fitit,
1588 vm_maptype_t maptype, vm_subsys_t id,
1589 vm_prot_t prot, vm_prot_t max, int cow)
1598 * Certain UKSMAPs may need aux_info.
1600 * (map_object is the callback function, aux_info is the process
1601 * or thread, if necessary).
1604 if (maptype == VM_MAPTYPE_UKSMAP) {
1605 KKASSERT(map_aux != NULL && map_object != NULL);
1607 switch(minor(((struct cdev *)map_aux))) {
1623 aux_info = curthread->td_lwp;
1628 object = map_object;
1633 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
1636 vm_object_hold_shared(object);
1638 if (vm_map_findspace(map, start, length, align, 0, addr)) {
1640 vm_object_drop(object);
1642 vm_map_entry_release(count);
1643 return (KERN_NO_SPACE);
1647 result = vm_map_insert(map, &count,
1648 map_object, map_aux,
1650 start, start + length,
1651 maptype, id, prot, max, cow);
1653 vm_object_drop(object);
1655 vm_map_entry_release(count);
1661 * Simplify the given map entry by merging with either neighbor. This
1662 * routine also has the ability to merge with both neighbors.
1664 * This routine guarentees that the passed entry remains valid (though
1665 * possibly extended). When merging, this routine may delete one or
1666 * both neighbors. No action is taken on entries which have their
1667 * in-transition flag set.
1669 * The map must be exclusively locked.
1672 vm_map_simplify_entry(vm_map_t map, vm_map_entry_t entry, int *countp)
1674 vm_map_entry_t next, prev;
1675 vm_size_t prevsize, esize;
1677 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1678 ++mycpu->gd_cnt.v_intrans_coll;
1682 if (entry->maptype == VM_MAPTYPE_SUBMAP)
1684 if (entry->maptype == VM_MAPTYPE_UKSMAP)
1687 prev = vm_map_rb_tree_RB_PREV(entry);
1689 prevsize = prev->ba.end - prev->ba.start;
1690 if ( (prev->ba.end == entry->ba.start) &&
1691 (prev->maptype == entry->maptype) &&
1692 (prev->ba.object == entry->ba.object) &&
1693 (prev->ba.backing_ba == entry->ba.backing_ba) &&
1694 (!prev->ba.object ||
1695 (prev->ba.offset + prevsize == entry->ba.offset)) &&
1696 (prev->eflags == entry->eflags) &&
1697 (prev->protection == entry->protection) &&
1698 (prev->max_protection == entry->max_protection) &&
1699 (prev->inheritance == entry->inheritance) &&
1700 (prev->id == entry->id) &&
1701 (prev->wired_count == entry->wired_count)) {
1703 * NOTE: order important. Unlink before gumming up
1704 * the RBTREE w/adjust, adjust before disposal
1705 * of prior entry, to avoid pmap snafus.
1707 vm_map_entry_unlink(map, prev);
1708 vm_map_backing_adjust_start(entry, prev->ba.start);
1709 if (entry->ba.object == NULL)
1710 entry->ba.offset = 0;
1711 vm_map_entry_dispose(map, prev, countp);
1715 next = vm_map_rb_tree_RB_NEXT(entry);
1717 esize = entry->ba.end - entry->ba.start;
1718 if ((entry->ba.end == next->ba.start) &&
1719 (next->maptype == entry->maptype) &&
1720 (next->ba.object == entry->ba.object) &&
1721 (prev->ba.backing_ba == entry->ba.backing_ba) &&
1722 (!entry->ba.object ||
1723 (entry->ba.offset + esize == next->ba.offset)) &&
1724 (next->eflags == entry->eflags) &&
1725 (next->protection == entry->protection) &&
1726 (next->max_protection == entry->max_protection) &&
1727 (next->inheritance == entry->inheritance) &&
1728 (next->id == entry->id) &&
1729 (next->wired_count == entry->wired_count)) {
1731 * NOTE: order important. Unlink before gumming up
1732 * the RBTREE w/adjust, adjust before disposal
1733 * of prior entry, to avoid pmap snafus.
1735 vm_map_entry_unlink(map, next);
1736 vm_map_backing_adjust_end(entry, next->ba.end);
1737 vm_map_entry_dispose(map, next, countp);
1743 * Asserts that the given entry begins at or after the specified address.
1744 * If necessary, it splits the entry into two.
1746 #define vm_map_clip_start(map, entry, startaddr, countp) \
1748 if (startaddr > entry->ba.start) \
1749 _vm_map_clip_start(map, entry, startaddr, countp); \
1753 * This routine is called only when it is known that the entry must be split.
1755 * The map must be exclusively locked.
1758 _vm_map_clip_start(vm_map_t map, vm_map_entry_t entry, vm_offset_t start,
1761 vm_map_entry_t new_entry;
1764 * Split off the front portion -- note that we must insert the new
1765 * entry BEFORE this one, so that this entry has the specified
1769 vm_map_simplify_entry(map, entry, countp);
1772 * If there is no object backing this entry, we might as well create
1773 * one now. If we defer it, an object can get created after the map
1774 * is clipped, and individual objects will be created for the split-up
1775 * map. This is a bit of a hack, but is also about the best place to
1776 * put this improvement.
1778 if (entry->ba.object == NULL && !map->system_map &&
1779 VM_MAP_ENTRY_WITHIN_PARTITION(entry)) {
1780 vm_map_entry_allocate_object(entry);
1784 * NOTE: The replicated function will adjust start, end, and offset
1785 * for the remainder of the backing_ba linkages. We must fixup
1788 new_entry = vm_map_entry_create(countp);
1789 *new_entry = *entry;
1790 new_entry->ba.end = start;
1793 * Ordering is important, make sure the new entry is replicated
1794 * before we cut the exiting entry.
1796 vm_map_backing_replicated(map, new_entry, MAP_BACK_CLIPPED);
1797 vm_map_backing_adjust_start(entry, start);
1798 vm_map_entry_link(map, new_entry);
1802 * Asserts that the given entry ends at or before the specified address.
1803 * If necessary, it splits the entry into two.
1805 * The map must be exclusively locked.
1807 #define vm_map_clip_end(map, entry, endaddr, countp) \
1809 if (endaddr < entry->ba.end) \
1810 _vm_map_clip_end(map, entry, endaddr, countp); \
1814 * This routine is called only when it is known that the entry must be split.
1816 * The map must be exclusively locked.
1819 _vm_map_clip_end(vm_map_t map, vm_map_entry_t entry, vm_offset_t end,
1822 vm_map_entry_t new_entry;
1825 * If there is no object backing this entry, we might as well create
1826 * one now. If we defer it, an object can get created after the map
1827 * is clipped, and individual objects will be created for the split-up
1828 * map. This is a bit of a hack, but is also about the best place to
1829 * put this improvement.
1832 if (entry->ba.object == NULL && !map->system_map &&
1833 VM_MAP_ENTRY_WITHIN_PARTITION(entry)) {
1834 vm_map_entry_allocate_object(entry);
1838 * Create a new entry and insert it AFTER the specified entry
1840 * NOTE: The replicated function will adjust start, end, and offset
1841 * for the remainder of the backing_ba linkages. We must fixup
1844 new_entry = vm_map_entry_create(countp);
1845 *new_entry = *entry;
1846 new_entry->ba.start = end;
1847 new_entry->ba.offset += (new_entry->ba.start - entry->ba.start);
1850 * Ordering is important, make sure the new entry is replicated
1851 * before we cut the exiting entry.
1853 vm_map_backing_replicated(map, new_entry, MAP_BACK_CLIPPED);
1854 vm_map_backing_adjust_end(entry, end);
1855 vm_map_entry_link(map, new_entry);
1859 * Asserts that the starting and ending region addresses fall within the
1860 * valid range for the map.
1862 #define VM_MAP_RANGE_CHECK(map, start, end) \
1864 if (start < vm_map_min(map)) \
1865 start = vm_map_min(map); \
1866 if (end > vm_map_max(map)) \
1867 end = vm_map_max(map); \
1873 * Used to block when an in-transition collison occurs. The map
1874 * is unlocked for the sleep and relocked before the return.
1877 vm_map_transition_wait(vm_map_t map, int relock)
1879 tsleep_interlock(map, 0);
1881 tsleep(map, PINTERLOCKED, "vment", 0);
1887 * When we do blocking operations with the map lock held it is
1888 * possible that a clip might have occured on our in-transit entry,
1889 * requiring an adjustment to the entry in our loop. These macros
1890 * help the pageable and clip_range code deal with the case. The
1891 * conditional costs virtually nothing if no clipping has occured.
1894 #define CLIP_CHECK_BACK(entry, save_start) \
1896 while (entry->ba.start != save_start) { \
1897 entry = vm_map_rb_tree_RB_PREV(entry); \
1898 KASSERT(entry, ("bad entry clip")); \
1902 #define CLIP_CHECK_FWD(entry, save_end) \
1904 while (entry->ba.end != save_end) { \
1905 entry = vm_map_rb_tree_RB_NEXT(entry); \
1906 KASSERT(entry, ("bad entry clip")); \
1912 * Clip the specified range and return the base entry. The
1913 * range may cover several entries starting at the returned base
1914 * and the first and last entry in the covering sequence will be
1915 * properly clipped to the requested start and end address.
1917 * If no holes are allowed you should pass the MAP_CLIP_NO_HOLES
1920 * The MAP_ENTRY_IN_TRANSITION flag will be set for the entries
1921 * covered by the requested range.
1923 * The map must be exclusively locked on entry and will remain locked
1924 * on return. If no range exists or the range contains holes and you
1925 * specified that no holes were allowed, NULL will be returned. This
1926 * routine may temporarily unlock the map in order avoid a deadlock when
1931 vm_map_clip_range(vm_map_t map, vm_offset_t start, vm_offset_t end,
1932 int *countp, int flags)
1934 vm_map_entry_t start_entry;
1935 vm_map_entry_t entry;
1936 vm_map_entry_t next;
1939 * Locate the entry and effect initial clipping. The in-transition
1940 * case does not occur very often so do not try to optimize it.
1943 if (vm_map_lookup_entry(map, start, &start_entry) == FALSE)
1945 entry = start_entry;
1946 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
1947 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
1948 ++mycpu->gd_cnt.v_intrans_coll;
1949 ++mycpu->gd_cnt.v_intrans_wait;
1950 vm_map_transition_wait(map, 1);
1952 * entry and/or start_entry may have been clipped while
1953 * we slept, or may have gone away entirely. We have
1954 * to restart from the lookup.
1960 * Since we hold an exclusive map lock we do not have to restart
1961 * after clipping, even though clipping may block in zalloc.
1963 vm_map_clip_start(map, entry, start, countp);
1964 vm_map_clip_end(map, entry, end, countp);
1965 entry->eflags |= MAP_ENTRY_IN_TRANSITION;
1968 * Scan entries covered by the range. When working on the next
1969 * entry a restart need only re-loop on the current entry which
1970 * we have already locked, since 'next' may have changed. Also,
1971 * even though entry is safe, it may have been clipped so we
1972 * have to iterate forwards through the clip after sleeping.
1975 next = vm_map_rb_tree_RB_NEXT(entry);
1976 if (next == NULL || next->ba.start >= end)
1978 if (flags & MAP_CLIP_NO_HOLES) {
1979 if (next->ba.start > entry->ba.end) {
1980 vm_map_unclip_range(map, start_entry,
1981 start, entry->ba.end, countp, flags);
1986 if (next->eflags & MAP_ENTRY_IN_TRANSITION) {
1987 vm_offset_t save_end = entry->ba.end;
1988 next->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
1989 ++mycpu->gd_cnt.v_intrans_coll;
1990 ++mycpu->gd_cnt.v_intrans_wait;
1991 vm_map_transition_wait(map, 1);
1994 * clips might have occured while we blocked.
1996 CLIP_CHECK_FWD(entry, save_end);
1997 CLIP_CHECK_BACK(start_entry, start);
2002 * No restart necessary even though clip_end may block, we
2003 * are holding the map lock.
2005 vm_map_clip_end(map, next, end, countp);
2006 next->eflags |= MAP_ENTRY_IN_TRANSITION;
2009 if (flags & MAP_CLIP_NO_HOLES) {
2010 if (entry->ba.end != end) {
2011 vm_map_unclip_range(map, start_entry,
2012 start, entry->ba.end, countp, flags);
2016 return(start_entry);
2020 * Undo the effect of vm_map_clip_range(). You should pass the same
2021 * flags and the same range that you passed to vm_map_clip_range().
2022 * This code will clear the in-transition flag on the entries and
2023 * wake up anyone waiting. This code will also simplify the sequence
2024 * and attempt to merge it with entries before and after the sequence.
2026 * The map must be locked on entry and will remain locked on return.
2028 * Note that you should also pass the start_entry returned by
2029 * vm_map_clip_range(). However, if you block between the two calls
2030 * with the map unlocked please be aware that the start_entry may
2031 * have been clipped and you may need to scan it backwards to find
2032 * the entry corresponding with the original start address. You are
2033 * responsible for this, vm_map_unclip_range() expects the correct
2034 * start_entry to be passed to it and will KASSERT otherwise.
2038 vm_map_unclip_range(vm_map_t map, vm_map_entry_t start_entry,
2039 vm_offset_t start, vm_offset_t end,
2040 int *countp, int flags)
2042 vm_map_entry_t entry;
2044 entry = start_entry;
2046 KASSERT(entry->ba.start == start, ("unclip_range: illegal base entry"));
2047 while (entry && entry->ba.start < end) {
2048 KASSERT(entry->eflags & MAP_ENTRY_IN_TRANSITION,
2049 ("in-transition flag not set during unclip on: %p",
2051 KASSERT(entry->ba.end <= end,
2052 ("unclip_range: tail wasn't clipped"));
2053 entry->eflags &= ~MAP_ENTRY_IN_TRANSITION;
2054 if (entry->eflags & MAP_ENTRY_NEEDS_WAKEUP) {
2055 entry->eflags &= ~MAP_ENTRY_NEEDS_WAKEUP;
2058 entry = vm_map_rb_tree_RB_NEXT(entry);
2062 * Simplification does not block so there is no restart case.
2064 entry = start_entry;
2065 while (entry && entry->ba.start < end) {
2066 vm_map_simplify_entry(map, entry, countp);
2067 entry = vm_map_rb_tree_RB_NEXT(entry);
2072 * Mark the given range as handled by a subordinate map.
2074 * This range must have been created with vm_map_find(), and no other
2075 * operations may have been performed on this range prior to calling
2078 * Submappings cannot be removed.
2083 vm_map_submap(vm_map_t map, vm_offset_t start, vm_offset_t end, vm_map_t submap)
2085 vm_map_entry_t entry;
2086 int result = KERN_INVALID_ARGUMENT;
2089 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2092 VM_MAP_RANGE_CHECK(map, start, end);
2094 if (vm_map_lookup_entry(map, start, &entry)) {
2095 vm_map_clip_start(map, entry, start, &count);
2097 entry = vm_map_rb_tree_RB_NEXT(entry);
2099 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2102 vm_map_clip_end(map, entry, end, &count);
2104 if ((entry->ba.start == start) && (entry->ba.end == end) &&
2105 ((entry->eflags & MAP_ENTRY_COW) == 0) &&
2106 (entry->ba.object == NULL)) {
2107 entry->ba.sub_map = submap;
2108 entry->maptype = VM_MAPTYPE_SUBMAP;
2109 result = KERN_SUCCESS;
2112 vm_map_entry_release(count);
2118 * Sets the protection of the specified address region in the target map.
2119 * If "set_max" is specified, the maximum protection is to be set;
2120 * otherwise, only the current protection is affected.
2122 * The protection is not applicable to submaps, but is applicable to normal
2123 * maps and maps governed by virtual page tables. For example, when operating
2124 * on a virtual page table our protection basically controls how COW occurs
2125 * on the backing object, whereas the virtual page table abstraction itself
2126 * is an abstraction for userland.
2131 vm_map_protect(vm_map_t map, vm_offset_t start, vm_offset_t end,
2132 vm_prot_t new_prot, boolean_t set_max)
2134 vm_map_entry_t current;
2135 vm_map_entry_t entry;
2138 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2141 VM_MAP_RANGE_CHECK(map, start, end);
2143 if (vm_map_lookup_entry(map, start, &entry)) {
2144 vm_map_clip_start(map, entry, start, &count);
2146 entry = vm_map_rb_tree_RB_NEXT(entry);
2148 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2152 * Make a first pass to check for protection violations.
2155 while (current && current->ba.start < end) {
2156 if (current->maptype == VM_MAPTYPE_SUBMAP) {
2158 vm_map_entry_release(count);
2159 return (KERN_INVALID_ARGUMENT);
2161 if ((new_prot & current->max_protection) != new_prot) {
2163 vm_map_entry_release(count);
2164 return (KERN_PROTECTION_FAILURE);
2168 * When making a SHARED+RW file mmap writable, update
2171 if (new_prot & PROT_WRITE &&
2172 (current->eflags & MAP_ENTRY_NEEDS_COPY) == 0 &&
2173 current->maptype == VM_MAPTYPE_NORMAL &&
2174 current->ba.object &&
2175 current->ba.object->type == OBJT_VNODE) {
2178 vp = current->ba.object->handle;
2179 if (vp && vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_NOWAIT) == 0) {
2180 vfs_timestamp(&vp->v_lastwrite_ts);
2181 vsetflags(vp, VLASTWRITETS);
2185 current = vm_map_rb_tree_RB_NEXT(current);
2189 * Go back and fix up protections. [Note that clipping is not
2190 * necessary the second time.]
2194 while (current && current->ba.start < end) {
2197 vm_map_clip_end(map, current, end, &count);
2199 old_prot = current->protection;
2201 current->max_protection = new_prot;
2202 current->protection = new_prot & old_prot;
2204 current->protection = new_prot;
2208 * Update physical map if necessary. Worry about copy-on-write
2209 * here -- CHECK THIS XXX
2211 if (current->protection != old_prot) {
2212 #define MASK(entry) (((entry)->eflags & MAP_ENTRY_COW) ? ~VM_PROT_WRITE : \
2215 pmap_protect(map->pmap, current->ba.start,
2217 current->protection & MASK(current));
2221 vm_map_simplify_entry(map, current, &count);
2223 current = vm_map_rb_tree_RB_NEXT(current);
2226 vm_map_entry_release(count);
2227 return (KERN_SUCCESS);
2231 * This routine traverses a processes map handling the madvise
2232 * system call. Advisories are classified as either those effecting
2233 * the vm_map_entry structure, or those effecting the underlying
2236 * The <value> argument is used for extended madvise calls.
2241 vm_map_madvise(vm_map_t map, vm_offset_t start, vm_offset_t end,
2242 int behav, off_t value)
2244 vm_map_entry_t current, entry;
2250 * Some madvise calls directly modify the vm_map_entry, in which case
2251 * we need to use an exclusive lock on the map and we need to perform
2252 * various clipping operations. Otherwise we only need a read-lock
2255 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2259 case MADV_SEQUENTIAL:
2273 vm_map_lock_read(map);
2276 vm_map_entry_release(count);
2281 * Locate starting entry and clip if necessary.
2284 VM_MAP_RANGE_CHECK(map, start, end);
2286 if (vm_map_lookup_entry(map, start, &entry)) {
2288 vm_map_clip_start(map, entry, start, &count);
2290 entry = vm_map_rb_tree_RB_NEXT(entry);
2292 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2297 * madvise behaviors that are implemented in the vm_map_entry.
2299 * We clip the vm_map_entry so that behavioral changes are
2300 * limited to the specified address range.
2302 for (current = entry;
2303 current && current->ba.start < end;
2304 current = vm_map_rb_tree_RB_NEXT(current)) {
2308 if (current->maptype == VM_MAPTYPE_SUBMAP)
2311 vm_map_clip_end(map, current, end, &count);
2315 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_NORMAL);
2317 case MADV_SEQUENTIAL:
2318 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_SEQUENTIAL);
2321 vm_map_entry_set_behavior(current, MAP_ENTRY_BEHAV_RANDOM);
2324 current->eflags |= MAP_ENTRY_NOSYNC;
2327 current->eflags &= ~MAP_ENTRY_NOSYNC;
2330 current->eflags |= MAP_ENTRY_NOCOREDUMP;
2333 current->eflags &= ~MAP_ENTRY_NOCOREDUMP;
2337 * Set the page directory page for a map
2338 * governed by a virtual page table.
2340 * Software virtual page table support has
2341 * been removed, this MADV is no longer
2348 * Invalidate the related pmap entries, used
2349 * to flush portions of the real kernel's
2350 * pmap when the caller has removed or
2351 * modified existing mappings in a virtual
2354 * (exclusive locked map version does not
2355 * need the range interlock).
2357 pmap_remove(map->pmap,
2358 current->ba.start, current->ba.end);
2364 vm_map_simplify_entry(map, current, &count);
2372 * madvise behaviors that are implemented in the underlying
2375 * Since we don't clip the vm_map_entry, we have to clip
2376 * the vm_object pindex and count.
2378 * NOTE! These functions are only supported on normal maps.
2380 * NOTE! These functions only apply to the top-most object.
2381 * It is not applicable to backing objects.
2383 for (current = entry;
2384 current && current->ba.start < end;
2385 current = vm_map_rb_tree_RB_NEXT(current)) {
2386 vm_offset_t useStart;
2388 if (current->maptype != VM_MAPTYPE_NORMAL)
2391 pindex = OFF_TO_IDX(current->ba.offset);
2392 delta = atop(current->ba.end - current->ba.start);
2393 useStart = current->ba.start;
2395 if (current->ba.start < start) {
2396 pindex += atop(start - current->ba.start);
2397 delta -= atop(start - current->ba.start);
2400 if (current->ba.end > end)
2401 delta -= atop(current->ba.end - end);
2403 if ((vm_spindex_t)delta <= 0)
2406 if (behav == MADV_INVAL) {
2408 * Invalidate the related pmap entries, used
2409 * to flush portions of the real kernel's
2410 * pmap when the caller has removed or
2411 * modified existing mappings in a virtual
2414 * (shared locked map version needs the
2415 * interlock, see vm_fault()).
2417 struct vm_map_ilock ilock;
2419 KASSERT(useStart >= VM_MIN_USER_ADDRESS &&
2420 useStart + ptoa(delta) <=
2421 VM_MAX_USER_ADDRESS,
2422 ("Bad range %016jx-%016jx (%016jx)",
2423 useStart, useStart + ptoa(delta),
2425 vm_map_interlock(map, &ilock,
2427 useStart + ptoa(delta));
2428 pmap_remove(map->pmap,
2430 useStart + ptoa(delta));
2431 vm_map_deinterlock(map, &ilock);
2433 vm_object_madvise(current->ba.object,
2434 pindex, delta, behav);
2438 * Try to pre-populate the page table.
2440 if (behav == MADV_WILLNEED) {
2441 pmap_object_init_pt(
2444 (delta << PAGE_SHIFT),
2445 MAP_PREFAULT_MADVISE
2449 vm_map_unlock_read(map);
2451 vm_map_entry_release(count);
2457 * Sets the inheritance of the specified address range in the target map.
2458 * Inheritance affects how the map will be shared with child maps at the
2459 * time of vm_map_fork.
2462 vm_map_inherit(vm_map_t map, vm_offset_t start, vm_offset_t end,
2463 vm_inherit_t new_inheritance)
2465 vm_map_entry_t entry;
2466 vm_map_entry_t temp_entry;
2469 switch (new_inheritance) {
2470 case VM_INHERIT_NONE:
2471 case VM_INHERIT_COPY:
2472 case VM_INHERIT_SHARE:
2475 return (KERN_INVALID_ARGUMENT);
2478 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2481 VM_MAP_RANGE_CHECK(map, start, end);
2483 if (vm_map_lookup_entry(map, start, &temp_entry)) {
2485 vm_map_clip_start(map, entry, start, &count);
2486 } else if (temp_entry) {
2487 entry = vm_map_rb_tree_RB_NEXT(temp_entry);
2489 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
2492 while (entry && entry->ba.start < end) {
2493 vm_map_clip_end(map, entry, end, &count);
2495 entry->inheritance = new_inheritance;
2497 vm_map_simplify_entry(map, entry, &count);
2499 entry = vm_map_rb_tree_RB_NEXT(entry);
2502 vm_map_entry_release(count);
2503 return (KERN_SUCCESS);
2507 * Wiring/Unwiring of memory for user-related operation.
2509 * Implement the semantics of mlock
2512 vm_map_user_wiring(vm_map_t map, vm_offset_t start, vm_offset_t real_end,
2513 boolean_t new_pageable)
2515 vm_map_entry_t entry;
2516 vm_map_entry_t start_entry;
2518 int rv = KERN_SUCCESS;
2521 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2523 VM_MAP_RANGE_CHECK(map, start, real_end);
2526 start_entry = vm_map_clip_range(map, start, end, &count,
2528 if (start_entry == NULL) {
2530 vm_map_entry_release(count);
2531 return (KERN_INVALID_ADDRESS);
2534 if (new_pageable == 0) {
2535 entry = start_entry;
2536 while (entry && entry->ba.start < end) {
2537 vm_offset_t save_start;
2538 vm_offset_t save_end;
2541 * Already user wired or hard wired (trivial cases)
2543 if (entry->eflags & MAP_ENTRY_USER_WIRED) {
2544 entry = vm_map_rb_tree_RB_NEXT(entry);
2547 if (entry->wired_count != 0) {
2548 entry->wired_count++;
2549 entry->eflags |= MAP_ENTRY_USER_WIRED;
2550 entry = vm_map_rb_tree_RB_NEXT(entry);
2555 * A new wiring requires instantiation of appropriate
2556 * management structures and the faulting in of the
2559 if (entry->maptype == VM_MAPTYPE_NORMAL) {
2560 int copyflag = entry->eflags &
2561 MAP_ENTRY_NEEDS_COPY;
2562 if (copyflag && ((entry->protection &
2563 VM_PROT_WRITE) != 0)) {
2564 vm_map_entry_shadow(entry);
2565 } else if (entry->ba.object == NULL &&
2567 vm_map_entry_allocate_object(entry);
2570 entry->wired_count++;
2571 entry->eflags |= MAP_ENTRY_USER_WIRED;
2574 * Now fault in the area. Note that vm_fault_wire()
2575 * may release the map lock temporarily, it will be
2576 * relocked on return. The in-transition
2577 * flag protects the entries.
2579 save_start = entry->ba.start;
2580 save_end = entry->ba.end;
2581 rv = vm_fault_wire(map, entry, TRUE, 0);
2583 CLIP_CHECK_BACK(entry, save_start);
2585 KASSERT(entry->wired_count == 1, ("bad wired_count on entry"));
2586 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
2587 entry->wired_count = 0;
2588 if (entry->ba.end == save_end)
2590 entry = vm_map_rb_tree_RB_NEXT(entry);
2592 ("bad entry clip during backout"));
2594 end = save_start; /* unwire the rest */
2598 * note that even though the entry might have been
2599 * clipped, the USER_WIRED flag we set prevents
2600 * duplication so we do not have to do a
2603 entry = vm_map_rb_tree_RB_NEXT(entry);
2607 * If we failed fall through to the unwiring section to
2608 * unwire what we had wired so far. 'end' has already
2615 * start_entry might have been clipped if we unlocked the
2616 * map and blocked. No matter how clipped it has gotten
2617 * there should be a fragment that is on our start boundary.
2619 CLIP_CHECK_BACK(start_entry, start);
2623 * Deal with the unwiring case.
2627 * This is the unwiring case. We must first ensure that the
2628 * range to be unwired is really wired down. We know there
2631 entry = start_entry;
2632 while (entry && entry->ba.start < end) {
2633 if ((entry->eflags & MAP_ENTRY_USER_WIRED) == 0) {
2634 rv = KERN_INVALID_ARGUMENT;
2637 KASSERT(entry->wired_count != 0,
2638 ("wired count was 0 with USER_WIRED set! %p",
2640 entry = vm_map_rb_tree_RB_NEXT(entry);
2644 * Now decrement the wiring count for each region. If a region
2645 * becomes completely unwired, unwire its physical pages and
2649 * The map entries are processed in a loop, checking to
2650 * make sure the entry is wired and asserting it has a wired
2651 * count. However, another loop was inserted more-or-less in
2652 * the middle of the unwiring path. This loop picks up the
2653 * "entry" loop variable from the first loop without first
2654 * setting it to start_entry. Naturally, the secound loop
2655 * is never entered and the pages backing the entries are
2656 * never unwired. This can lead to a leak of wired pages.
2658 entry = start_entry;
2659 while (entry && entry->ba.start < end) {
2660 KASSERT(entry->eflags & MAP_ENTRY_USER_WIRED,
2661 ("expected USER_WIRED on entry %p", entry));
2662 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
2663 entry->wired_count--;
2664 if (entry->wired_count == 0)
2665 vm_fault_unwire(map, entry);
2666 entry = vm_map_rb_tree_RB_NEXT(entry);
2670 vm_map_unclip_range(map, start_entry, start, real_end, &count,
2673 vm_map_entry_release(count);
2679 * Wiring/Unwiring of memory for kernel-related operation.
2681 * Sets the pageability of the specified address range in the target map.
2682 * Regions specified as not pageable require locked-down physical
2683 * memory and physical page maps.
2685 * The map must not be locked, but a reference must remain to the map
2686 * throughout the call.
2688 * This function may be called via the zalloc path and must properly
2689 * reserve map entries for kernel_map.
2694 vm_map_kernel_wiring(vm_map_t map, vm_offset_t start,
2695 vm_offset_t real_end, int kmflags)
2697 vm_map_entry_t entry;
2698 vm_map_entry_t start_entry;
2700 int rv = KERN_SUCCESS;
2703 if (kmflags & KM_KRESERVE)
2704 count = vm_map_entry_kreserve(MAP_RESERVE_COUNT);
2706 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
2708 VM_MAP_RANGE_CHECK(map, start, real_end);
2711 start_entry = vm_map_clip_range(map, start, end, &count,
2713 if (start_entry == NULL) {
2715 rv = KERN_INVALID_ADDRESS;
2718 if ((kmflags & KM_PAGEABLE) == 0) {
2722 * 1. Holding the write lock, we create any shadow or zero-fill
2723 * objects that need to be created. Then we clip each map
2724 * entry to the region to be wired and increment its wiring
2725 * count. We create objects before clipping the map entries
2726 * to avoid object proliferation.
2728 * 2. We downgrade to a read lock, and call vm_fault_wire to
2729 * fault in the pages for any newly wired area (wired_count is
2732 * Downgrading to a read lock for vm_fault_wire avoids a
2733 * possible deadlock with another process that may have faulted
2734 * on one of the pages to be wired (it would mark the page busy,
2735 * blocking us, then in turn block on the map lock that we
2736 * hold). Because of problems in the recursive lock package,
2737 * we cannot upgrade to a write lock in vm_map_lookup. Thus,
2738 * any actions that require the write lock must be done
2739 * beforehand. Because we keep the read lock on the map, the
2740 * copy-on-write status of the entries we modify here cannot
2743 entry = start_entry;
2744 while (entry && entry->ba.start < end) {
2746 * Trivial case if the entry is already wired
2748 if (entry->wired_count) {
2749 entry->wired_count++;
2750 entry = vm_map_rb_tree_RB_NEXT(entry);
2755 * The entry is being newly wired, we have to setup
2756 * appropriate management structures. A shadow
2757 * object is required for a copy-on-write region,
2758 * or a normal object for a zero-fill region. We
2759 * do not have to do this for entries that point to sub
2760 * maps because we won't hold the lock on the sub map.
2762 if (entry->maptype == VM_MAPTYPE_NORMAL) {
2763 int copyflag = entry->eflags &
2764 MAP_ENTRY_NEEDS_COPY;
2765 if (copyflag && ((entry->protection &
2766 VM_PROT_WRITE) != 0)) {
2767 vm_map_entry_shadow(entry);
2768 } else if (entry->ba.object == NULL &&
2770 vm_map_entry_allocate_object(entry);
2773 entry->wired_count++;
2774 entry = vm_map_rb_tree_RB_NEXT(entry);
2782 * HACK HACK HACK HACK
2784 * vm_fault_wire() temporarily unlocks the map to avoid
2785 * deadlocks. The in-transition flag from vm_map_clip_range
2786 * call should protect us from changes while the map is
2789 * NOTE: Previously this comment stated that clipping might
2790 * still occur while the entry is unlocked, but from
2791 * what I can tell it actually cannot.
2793 * It is unclear whether the CLIP_CHECK_*() calls
2794 * are still needed but we keep them in anyway.
2796 * HACK HACK HACK HACK
2799 entry = start_entry;
2800 while (entry && entry->ba.start < end) {
2802 * If vm_fault_wire fails for any page we need to undo
2803 * what has been done. We decrement the wiring count
2804 * for those pages which have not yet been wired (now)
2805 * and unwire those that have (later).
2807 vm_offset_t save_start = entry->ba.start;
2808 vm_offset_t save_end = entry->ba.end;
2810 if (entry->wired_count == 1)
2811 rv = vm_fault_wire(map, entry, FALSE, kmflags);
2813 CLIP_CHECK_BACK(entry, save_start);
2815 KASSERT(entry->wired_count == 1,
2816 ("wired_count changed unexpectedly"));
2817 entry->wired_count = 0;
2818 if (entry->ba.end == save_end)
2820 entry = vm_map_rb_tree_RB_NEXT(entry);
2822 ("bad entry clip during backout"));
2827 CLIP_CHECK_FWD(entry, save_end);
2828 entry = vm_map_rb_tree_RB_NEXT(entry);
2832 * If a failure occured undo everything by falling through
2833 * to the unwiring code. 'end' has already been adjusted
2837 kmflags |= KM_PAGEABLE;
2840 * start_entry is still IN_TRANSITION but may have been
2841 * clipped since vm_fault_wire() unlocks and relocks the
2842 * map. No matter how clipped it has gotten there should
2843 * be a fragment that is on our start boundary.
2845 CLIP_CHECK_BACK(start_entry, start);
2848 if (kmflags & KM_PAGEABLE) {
2850 * This is the unwiring case. We must first ensure that the
2851 * range to be unwired is really wired down. We know there
2854 entry = start_entry;
2855 while (entry && entry->ba.start < end) {
2856 if (entry->wired_count == 0) {
2857 rv = KERN_INVALID_ARGUMENT;
2860 entry = vm_map_rb_tree_RB_NEXT(entry);
2864 * Now decrement the wiring count for each region. If a region
2865 * becomes completely unwired, unwire its physical pages and
2868 entry = start_entry;
2869 while (entry && entry->ba.start < end) {
2870 entry->wired_count--;
2871 if (entry->wired_count == 0)
2872 vm_fault_unwire(map, entry);
2873 entry = vm_map_rb_tree_RB_NEXT(entry);
2877 vm_map_unclip_range(map, start_entry, start, real_end,
2878 &count, MAP_CLIP_NO_HOLES);
2881 if (kmflags & KM_KRESERVE)
2882 vm_map_entry_krelease(count);
2884 vm_map_entry_release(count);
2889 * Mark a newly allocated address range as wired but do not fault in
2890 * the pages. The caller is expected to load the pages into the object.
2892 * The map must be locked on entry and will remain locked on return.
2893 * No other requirements.
2896 vm_map_set_wired_quick(vm_map_t map, vm_offset_t addr, vm_size_t size,
2899 vm_map_entry_t scan;
2900 vm_map_entry_t entry;
2902 entry = vm_map_clip_range(map, addr, addr + size,
2903 countp, MAP_CLIP_NO_HOLES);
2905 while (scan && scan->ba.start < addr + size) {
2906 KKASSERT(scan->wired_count == 0);
2907 scan->wired_count = 1;
2908 scan = vm_map_rb_tree_RB_NEXT(scan);
2910 vm_map_unclip_range(map, entry, addr, addr + size,
2911 countp, MAP_CLIP_NO_HOLES);
2915 * Push any dirty cached pages in the address range to their pager.
2916 * If syncio is TRUE, dirty pages are written synchronously.
2917 * If invalidate is TRUE, any cached pages are freed as well.
2919 * This routine is called by sys_msync()
2921 * Returns an error if any part of the specified range is not mapped.
2926 vm_map_clean(vm_map_t map, vm_offset_t start, vm_offset_t end,
2927 boolean_t syncio, boolean_t invalidate)
2929 vm_map_entry_t current;
2930 vm_map_entry_t next;
2931 vm_map_entry_t entry;
2932 vm_map_backing_t ba;
2935 vm_ooffset_t offset;
2937 vm_map_lock_read(map);
2938 VM_MAP_RANGE_CHECK(map, start, end);
2939 if (!vm_map_lookup_entry(map, start, &entry)) {
2940 vm_map_unlock_read(map);
2941 return (KERN_INVALID_ADDRESS);
2943 lwkt_gettoken(&map->token);
2946 * Make a first pass to check for holes.
2949 while (current && current->ba.start < end) {
2950 if (current->maptype == VM_MAPTYPE_SUBMAP) {
2951 lwkt_reltoken(&map->token);
2952 vm_map_unlock_read(map);
2953 return (KERN_INVALID_ARGUMENT);
2955 next = vm_map_rb_tree_RB_NEXT(current);
2956 if (end > current->ba.end &&
2958 current->ba.end != next->ba.start)) {
2959 lwkt_reltoken(&map->token);
2960 vm_map_unlock_read(map);
2961 return (KERN_INVALID_ADDRESS);
2967 pmap_remove(vm_map_pmap(map), start, end);
2970 * Make a second pass, cleaning/uncaching pages from the indicated
2974 while (current && current->ba.start < end) {
2975 offset = current->ba.offset + (start - current->ba.start);
2976 size = (end <= current->ba.end ? end : current->ba.end) - start;
2978 switch(current->maptype) {
2979 case VM_MAPTYPE_SUBMAP:
2982 vm_map_entry_t tentry;
2985 smap = current->ba.sub_map;
2986 vm_map_lock_read(smap);
2987 vm_map_lookup_entry(smap, offset, &tentry);
2988 if (tentry == NULL) {
2989 tsize = vm_map_max(smap) - offset;
2991 offset = 0 + (offset - vm_map_min(smap));
2993 tsize = tentry->ba.end - offset;
2995 offset = tentry->ba.offset +
2996 (offset - tentry->ba.start);
2998 vm_map_unlock_read(smap);
3003 case VM_MAPTYPE_NORMAL:
3011 object = ba->object;
3013 vm_object_hold(object);
3019 * Note that there is absolutely no sense in writing out
3020 * anonymous objects, so we track down the vnode object
3022 * We invalidate (remove) all pages from the address space
3023 * anyway, for semantic correctness.
3025 * note: certain anonymous maps, such as MAP_NOSYNC maps,
3026 * may start out with a NULL object.
3028 * XXX do we really want to stop at the first backing store
3029 * here if there are more? XXX
3035 while (ba->backing_ba != NULL) {
3036 offset -= ba->offset;
3037 ba = ba->backing_ba;
3038 offset += ba->offset;
3040 if (tobj->size < OFF_TO_IDX(offset + size))
3041 size = IDX_TO_OFF(tobj->size) - offset;
3042 break; /* XXX this break is not correct */
3044 if (object != tobj) {
3046 vm_object_drop(object);
3048 vm_object_hold(object);
3052 if (object && (object->type == OBJT_VNODE) &&
3053 (current->protection & VM_PROT_WRITE) &&
3054 (object->flags & OBJ_NOMSYNC) == 0) {
3056 * Flush pages if writing is allowed, invalidate them
3057 * if invalidation requested. Pages undergoing I/O
3058 * will be ignored by vm_object_page_remove().
3060 * We cannot lock the vnode and then wait for paging
3061 * to complete without deadlocking against vm_fault.
3062 * Instead we simply call vm_object_page_remove() and
3063 * allow it to block internally on a page-by-page
3064 * basis when it encounters pages undergoing async
3069 /* no chain wait needed for vnode objects */
3070 vm_object_reference_locked(object);
3071 vn_lock(object->handle, LK_EXCLUSIVE | LK_RETRY);
3072 flags = (syncio || invalidate) ? OBJPC_SYNC : 0;
3073 flags |= invalidate ? OBJPC_INVAL : 0;
3075 if (current->maptype == VM_MAPTYPE_NORMAL) {
3076 vm_object_page_clean(object,
3078 OFF_TO_IDX(offset + size + PAGE_MASK),
3081 vn_unlock(((struct vnode *)object->handle));
3082 vm_object_deallocate_locked(object);
3084 if (object && invalidate &&
3085 ((object->type == OBJT_VNODE) ||
3086 (object->type == OBJT_DEVICE) ||
3087 (object->type == OBJT_MGTDEVICE))) {
3089 ((object->type == OBJT_DEVICE) ||
3090 (object->type == OBJT_MGTDEVICE)) ? FALSE : TRUE;
3091 /* no chain wait needed for vnode/device objects */
3092 vm_object_reference_locked(object);
3093 if (current->maptype == VM_MAPTYPE_NORMAL) {
3094 vm_object_page_remove(object,
3096 OFF_TO_IDX(offset + size + PAGE_MASK),
3099 vm_object_deallocate_locked(object);
3103 vm_object_drop(object);
3104 current = vm_map_rb_tree_RB_NEXT(current);
3107 lwkt_reltoken(&map->token);
3108 vm_map_unlock_read(map);
3110 return (KERN_SUCCESS);
3114 * Make the region specified by this entry pageable.
3116 * The vm_map must be exclusively locked.
3119 vm_map_entry_unwire(vm_map_t map, vm_map_entry_t entry)
3121 entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3122 entry->wired_count = 0;
3123 vm_fault_unwire(map, entry);
3127 * Deallocate the given entry from the target map.
3129 * The vm_map must be exclusively locked.
3132 vm_map_entry_delete(vm_map_t map, vm_map_entry_t entry, int *countp)
3134 vm_map_entry_unlink(map, entry);
3135 map->size -= entry->ba.end - entry->ba.start;
3136 vm_map_entry_dispose(map, entry, countp);
3140 * Deallocates the given address range from the target map.
3142 * The vm_map must be exclusively locked.
3145 vm_map_delete(vm_map_t map, vm_offset_t start, vm_offset_t end, int *countp)
3148 vm_map_entry_t entry;
3149 vm_map_entry_t first_entry;
3150 vm_offset_t hole_start;
3152 ASSERT_VM_MAP_LOCKED(map);
3153 lwkt_gettoken(&map->token);
3156 * Find the start of the region, and clip it. Set entry to point
3157 * at the first record containing the requested address or, if no
3158 * such record exists, the next record with a greater address. The
3159 * loop will run from this point until a record beyond the termination
3160 * address is encountered.
3162 * Adjust freehint[] for either the clip case or the extension case.
3164 * GGG see other GGG comment.
3166 if (vm_map_lookup_entry(map, start, &first_entry)) {
3167 entry = first_entry;
3168 vm_map_clip_start(map, entry, start, countp);
3172 entry = vm_map_rb_tree_RB_NEXT(first_entry);
3174 hole_start = first_entry->ba.start;
3176 hole_start = first_entry->ba.end;
3178 entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
3180 hole_start = vm_map_min(map);
3182 hole_start = vm_map_max(map);
3187 * Step through all entries in this region
3189 while (entry && entry->ba.start < end) {
3190 vm_map_entry_t next;
3192 vm_pindex_t offidxstart, offidxend, count;
3195 * If we hit an in-transition entry we have to sleep and
3196 * retry. It's easier (and not really slower) to just retry
3197 * since this case occurs so rarely and the hint is already
3198 * pointing at the right place. We have to reset the
3199 * start offset so as not to accidently delete an entry
3200 * another process just created in vacated space.
3202 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
3203 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
3204 start = entry->ba.start;
3205 ++mycpu->gd_cnt.v_intrans_coll;
3206 ++mycpu->gd_cnt.v_intrans_wait;
3207 vm_map_transition_wait(map, 1);
3210 vm_map_clip_end(map, entry, end, countp);
3212 s = entry->ba.start;
3214 next = vm_map_rb_tree_RB_NEXT(entry);
3216 offidxstart = OFF_TO_IDX(entry->ba.offset);
3217 count = OFF_TO_IDX(e - s);
3219 switch(entry->maptype) {
3220 case VM_MAPTYPE_NORMAL:
3221 case VM_MAPTYPE_SUBMAP:
3222 object = entry->ba.object;
3230 * Unwire before removing addresses from the pmap; otherwise,
3231 * unwiring will put the entries back in the pmap.
3233 * Generally speaking, doing a bulk pmap_remove() before
3234 * removing the pages from the VM object is better at
3235 * reducing unnecessary IPIs. The pmap code is now optimized
3236 * to not blindly iterate the range when pt and pd pages
3239 if (entry->wired_count != 0)
3240 vm_map_entry_unwire(map, entry);
3242 offidxend = offidxstart + count;
3244 if (object == kernel_object) {
3245 pmap_remove(map->pmap, s, e);
3246 vm_object_hold(object);
3247 vm_object_page_remove(object, offidxstart,
3249 vm_object_drop(object);
3250 } else if (object && object->type != OBJT_DEFAULT &&
3251 object->type != OBJT_SWAP) {
3253 * vnode object routines cannot be chain-locked,
3254 * but since we aren't removing pages from the
3255 * object here we can use a shared hold.
3257 vm_object_hold_shared(object);
3258 pmap_remove(map->pmap, s, e);
3259 vm_object_drop(object);
3260 } else if (object) {
3261 vm_object_hold(object);
3262 pmap_remove(map->pmap, s, e);
3264 if (object != NULL &&
3265 object->ref_count != 1 &&
3266 (object->flags & (OBJ_NOSPLIT|OBJ_ONEMAPPING)) ==
3268 (object->type == OBJT_DEFAULT ||
3269 object->type == OBJT_SWAP)) {
3271 * When ONEMAPPING is set we can destroy the
3272 * pages underlying the entry's range.
3274 vm_object_page_remove(object, offidxstart,
3276 if (object->type == OBJT_SWAP) {
3277 swap_pager_freespace(object,
3281 if (offidxend >= object->size &&
3282 offidxstart < object->size) {
3283 object->size = offidxstart;
3286 vm_object_drop(object);
3287 } else if (entry->maptype == VM_MAPTYPE_UKSMAP) {
3288 pmap_remove(map->pmap, s, e);
3292 * Delete the entry (which may delete the object) only after
3293 * removing all pmap entries pointing to its pages.
3294 * (Otherwise, its page frames may be reallocated, and any
3295 * modify bits will be set in the wrong object!)
3297 vm_map_entry_delete(map, entry, countp);
3302 * We either reached the end and use vm_map_max as the end
3303 * address, or we didn't and we use the next entry as the
3306 if (entry == NULL) {
3307 vm_map_freehint_hole(map, hole_start,
3308 vm_map_max(map) - hole_start);
3310 vm_map_freehint_hole(map, hole_start,
3311 entry->ba.start - hole_start);
3314 lwkt_reltoken(&map->token);
3316 return (KERN_SUCCESS);
3320 * Remove the given address range from the target map.
3321 * This is the exported form of vm_map_delete.
3326 vm_map_remove(vm_map_t map, vm_offset_t start, vm_offset_t end)
3331 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
3333 VM_MAP_RANGE_CHECK(map, start, end);
3334 result = vm_map_delete(map, start, end, &count);
3336 vm_map_entry_release(count);
3342 * Assert that the target map allows the specified privilege on the
3343 * entire address region given. The entire region must be allocated.
3345 * The caller must specify whether the vm_map is already locked or not.
3348 vm_map_check_protection(vm_map_t map, vm_offset_t start, vm_offset_t end,
3349 vm_prot_t protection, boolean_t have_lock)
3351 vm_map_entry_t entry;
3352 vm_map_entry_t tmp_entry;
3355 if (have_lock == FALSE)
3356 vm_map_lock_read(map);
3358 if (!vm_map_lookup_entry(map, start, &tmp_entry)) {
3359 if (have_lock == FALSE)
3360 vm_map_unlock_read(map);
3366 while (start < end) {
3367 if (entry == NULL) {
3376 if (start < entry->ba.start) {
3381 * Check protection associated with entry.
3384 if ((entry->protection & protection) != protection) {
3388 /* go to next entry */
3389 start = entry->ba.end;
3390 entry = vm_map_rb_tree_RB_NEXT(entry);
3392 if (have_lock == FALSE)
3393 vm_map_unlock_read(map);
3398 * vm_map_backing structures are not shared across forks and must be
3401 * Generally speaking we must reallocate the backing_ba sequence and
3402 * also adjust it for any changes made to the base entry->ba.start and
3403 * entry->ba.end. The first ba in the chain is of course &entry->ba,
3404 * so we only need to adjust subsequent ba's start, end, and offset.
3406 * MAP_BACK_CLIPPED - Called as part of a clipping replication.
3407 * Do not clear OBJ_ONEMAPPING.
3409 * MAP_BACK_BASEOBJREFD - Called from vm_map_insert(). The base object
3410 * has already been referenced.
3414 vm_map_backing_replicated(vm_map_t map, vm_map_entry_t entry, int flags)
3416 vm_map_backing_t ba;
3417 vm_map_backing_t nba;
3422 ba->pmap = map->pmap;
3424 if (ba->map_object) {
3425 switch(entry->maptype) {
3426 case VM_MAPTYPE_NORMAL:
3427 object = ba->object;
3428 if (ba != &entry->ba ||
3429 (flags & MAP_BACK_BASEOBJREFD) == 0) {
3430 vm_object_reference_quick(object);
3432 vm_map_backing_attach(entry, ba);
3433 if ((flags & MAP_BACK_CLIPPED) == 0 &&
3434 object->ref_count > 1) {
3435 vm_object_clear_flag(object,
3439 case VM_MAPTYPE_UKSMAP:
3440 vm_map_backing_attach(entry, ba);
3446 if (ba->backing_ba == NULL)
3450 * NOTE: The aux_info field is retained.
3452 nba = kmalloc(sizeof(*nba), M_MAP_BACKING, M_INTWAIT);
3453 *nba = *ba->backing_ba;
3454 nba->offset += (ba->start - nba->start); /* += (new - old) */
3455 nba->start = ba->start;
3457 ba->backing_ba = nba;
3459 /* pmap is replaced at the top of the loop */
3465 vm_map_backing_adjust_start(vm_map_entry_t entry, vm_ooffset_t start)
3467 vm_map_backing_t ba;
3469 if (entry->maptype == VM_MAPTYPE_NORMAL) {
3470 for (ba = &entry->ba; ba; ba = ba->backing_ba) {
3472 lockmgr(&ba->object->backing_lk, LK_EXCLUSIVE);
3473 ba->offset += (start - ba->start);
3475 lockmgr(&ba->object->backing_lk, LK_RELEASE);
3477 ba->offset += (start - ba->start);
3482 /* not an object and can't be shadowed */
3488 vm_map_backing_adjust_end(vm_map_entry_t entry, vm_ooffset_t end)
3490 vm_map_backing_t ba;
3492 if (entry->maptype == VM_MAPTYPE_NORMAL) {
3493 for (ba = &entry->ba; ba; ba = ba->backing_ba) {
3495 lockmgr(&ba->object->backing_lk, LK_EXCLUSIVE);
3497 lockmgr(&ba->object->backing_lk, LK_RELEASE);
3502 } /* else not an object and/or can't be shadowed */
3506 * Handles the dirty work of making src_entry and dst_entry copy-on-write
3507 * after src_entry has been cloned to dst_entry. For normal entries only.
3509 * The vm_maps must be exclusively locked.
3510 * The vm_map's token must be held.
3512 * Because the maps are locked no faults can be in progress during the
3516 vm_map_copy_entry(vm_map_t src_map, vm_map_t dst_map,
3517 vm_map_entry_t src_entry, vm_map_entry_t dst_entry)
3521 KKASSERT(dst_entry->maptype == VM_MAPTYPE_NORMAL);
3523 if (src_entry->wired_count) {
3525 * Of course, wired down pages can't be set copy-on-write.
3526 * Cause wired pages to be copied into the new map by
3527 * simulating faults (the new pages are pageable)
3529 * Scrap ba.object (its ref-count has not yet been adjusted
3530 * so we can just NULL out the field). Remove the backing
3533 * Then call vm_fault_copy_entry() to create a new object
3534 * in dst_entry and copy the wired pages from src to dst.
3536 * The fault-copy code doesn't work with virtual page
3539 * NOTE: obj is not actually an object for all MAPTYPEs,
3540 * just test against NULL.
3542 if (dst_entry->ba.map_object != NULL) {
3543 vm_map_backing_detach(dst_entry, &dst_entry->ba);
3544 dst_entry->ba.map_object = NULL;
3545 vm_map_entry_dispose_ba(dst_entry,
3546 dst_entry->ba.backing_ba);
3547 dst_entry->ba.backing_ba = NULL;
3548 dst_entry->ba.backing_count = 0;
3550 vm_fault_copy_entry(dst_map, src_map, dst_entry, src_entry);
3552 if ((src_entry->eflags & MAP_ENTRY_NEEDS_COPY) == 0) {
3554 * If the source entry is not already marked NEEDS_COPY
3555 * we need to write-protect the PTEs.
3557 pmap_protect(src_map->pmap,
3558 src_entry->ba.start,
3560 src_entry->protection & ~VM_PROT_WRITE);
3564 * dst_entry.ba_object might be stale. Update it (its
3565 * ref-count has not yet been updated so just overwrite
3568 * If there is no object then we are golden. Also, in
3569 * this situation if there are no backing_ba linkages then
3570 * we can set ba.offset to whatever we want. For now we
3571 * set the offset for 0 for make debugging object sizes
3574 obj = src_entry->ba.object;
3577 src_entry->eflags |= (MAP_ENTRY_COW |
3578 MAP_ENTRY_NEEDS_COPY);
3579 dst_entry->eflags |= (MAP_ENTRY_COW |
3580 MAP_ENTRY_NEEDS_COPY);
3581 KKASSERT(dst_entry->ba.offset == src_entry->ba.offset);
3583 dst_entry->ba.offset = 0;
3587 * Normal, allow the backing_ba link depth to
3590 pmap_copy(dst_map->pmap, src_map->pmap,
3591 dst_entry->ba.start,
3592 dst_entry->ba.end - dst_entry->ba.start,
3593 src_entry->ba.start);
3598 * Create a vmspace for a new process and its related vm_map based on an
3599 * existing vmspace. The new map inherits information from the old map
3600 * according to inheritance settings.
3602 * The source map must not be locked.
3605 static void vmspace_fork_normal_entry(vm_map_t old_map, vm_map_t new_map,
3606 vm_map_entry_t old_entry, int *countp);
3607 static void vmspace_fork_uksmap_entry(struct proc *p2, struct lwp *lp2,
3608 vm_map_t old_map, vm_map_t new_map,
3609 vm_map_entry_t old_entry, int *countp);
3612 vmspace_fork(struct vmspace *vm1, struct proc *p2, struct lwp *lp2)
3614 struct vmspace *vm2;
3615 vm_map_t old_map = &vm1->vm_map;
3617 vm_map_entry_t old_entry;
3620 lwkt_gettoken(&vm1->vm_map.token);
3621 vm_map_lock(old_map);
3623 vm2 = vmspace_alloc(vm_map_min(old_map), vm_map_max(old_map));
3624 lwkt_gettoken(&vm2->vm_map.token);
3627 * We must bump the timestamp to force any concurrent fault
3630 bcopy(&vm1->vm_startcopy, &vm2->vm_startcopy,
3631 (caddr_t)&vm1->vm_endcopy - (caddr_t)&vm1->vm_startcopy);
3632 new_map = &vm2->vm_map; /* XXX */
3633 new_map->timestamp = 1;
3635 vm_map_lock(new_map);
3637 count = old_map->nentries;
3638 count = vm_map_entry_reserve(count + MAP_RESERVE_COUNT);
3640 RB_FOREACH(old_entry, vm_map_rb_tree, &old_map->rb_root) {
3641 switch(old_entry->maptype) {
3642 case VM_MAPTYPE_SUBMAP:
3643 panic("vm_map_fork: encountered a submap");
3645 case VM_MAPTYPE_UKSMAP:
3646 vmspace_fork_uksmap_entry(p2, lp2,
3650 case VM_MAPTYPE_NORMAL:
3651 vmspace_fork_normal_entry(old_map, new_map,
3660 new_map->size = old_map->size;
3661 vm_map_unlock(new_map);
3662 vm_map_unlock(old_map);
3663 vm_map_entry_release(count);
3665 lwkt_reltoken(&vm2->vm_map.token);
3666 lwkt_reltoken(&vm1->vm_map.token);
3673 vmspace_fork_normal_entry(vm_map_t old_map, vm_map_t new_map,
3674 vm_map_entry_t old_entry, int *countp)
3676 vm_map_entry_t new_entry;
3677 vm_map_backing_t ba;
3681 * If the backing_ba link list gets too long then fault it
3682 * all into the head object and dispose of the list. We do
3683 * this in old_entry prior to cloning in order to benefit both
3686 * We can test our fronting object's size against its
3687 * resident_page_count for a really cheap (but probably not perfect)
3688 * all-shadowed test, allowing us to disconnect the backing_ba
3691 object = old_entry->ba.object;
3692 if (old_entry->ba.backing_ba &&
3693 (old_entry->ba.backing_count >= vm_map_backing_limit ||
3694 (vm_map_backing_shadow_test && object &&
3695 object->size == object->resident_page_count))) {
3697 * If there are too many backing_ba linkages we
3698 * collapse everything into the head
3700 * This will also remove all the pte's.
3702 if (old_entry->eflags & MAP_ENTRY_NEEDS_COPY)
3703 vm_map_entry_shadow(old_entry);
3705 vm_map_entry_allocate_object(old_entry);
3706 if (vm_fault_collapse(old_map, old_entry) == KERN_SUCCESS) {
3707 ba = old_entry->ba.backing_ba;
3708 old_entry->ba.backing_ba = NULL;
3709 old_entry->ba.backing_count = 0;
3710 vm_map_entry_dispose_ba(old_entry, ba);
3713 object = NULL; /* object variable is now invalid */
3718 switch (old_entry->inheritance) {
3719 case VM_INHERIT_NONE:
3721 case VM_INHERIT_SHARE:
3723 * Clone the entry as a shared entry. This will look like
3724 * shared memory across the old and the new process. We must
3725 * ensure that the object is allocated.
3727 if (old_entry->ba.object == NULL)
3728 vm_map_entry_allocate_object(old_entry);
3730 if (old_entry->eflags & MAP_ENTRY_NEEDS_COPY) {
3732 * Create the fronting vm_map_backing for
3733 * an entry which needs a copy, plus an extra
3734 * ref because we are going to duplicate it
3737 * The call to vm_map_entry_shadow() will also clear
3740 * XXX no more collapse. Still need extra ref
3743 vm_map_entry_shadow(old_entry);
3744 } else if (old_entry->ba.object) {
3745 object = old_entry->ba.object;
3749 * Clone the entry. We've already bumped the ref on
3750 * the vm_object for our new entry.
3752 new_entry = vm_map_entry_create(countp);
3753 *new_entry = *old_entry;
3755 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3756 new_entry->wired_count = 0;
3759 * Replicate and index the vm_map_backing. Don't share
3760 * the vm_map_backing across vm_map's (only across clips).
3762 * Insert the entry into the new map -- we know we're
3763 * inserting at the end of the new map.
3765 vm_map_backing_replicated(new_map, new_entry, 0);
3766 vm_map_entry_link(new_map, new_entry);
3769 * Update the physical map
3771 pmap_copy(new_map->pmap, old_map->pmap,
3772 new_entry->ba.start,
3773 (old_entry->ba.end - old_entry->ba.start),
3774 old_entry->ba.start);
3776 case VM_INHERIT_COPY:
3778 * Clone the entry and link the copy into the new map.
3780 * Note that ref-counting adjustment for old_entry->ba.object
3781 * (if it isn't a special map that is) is handled by
3782 * vm_map_copy_entry().
3784 new_entry = vm_map_entry_create(countp);
3785 *new_entry = *old_entry;
3787 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3788 new_entry->wired_count = 0;
3790 vm_map_backing_replicated(new_map, new_entry, 0);
3791 vm_map_entry_link(new_map, new_entry);
3794 * This does the actual dirty work of making both entries
3795 * copy-on-write, and will also handle the fronting object.
3797 vm_map_copy_entry(old_map, new_map, old_entry, new_entry);
3803 * When forking user-kernel shared maps, the map might change in the
3804 * child so do not try to copy the underlying pmap entries.
3808 vmspace_fork_uksmap_entry(struct proc *p2, struct lwp *lp2,
3809 vm_map_t old_map, vm_map_t new_map,
3810 vm_map_entry_t old_entry, int *countp)
3812 vm_map_entry_t new_entry;
3815 * Do not fork lpmap entries whos TIDs do not match lp2's tid.
3817 * XXX if p2 is NULL and lp2 is non-NULL, we retain the lpmap entry
3818 * (this is for e.g. resident'ing vmspace's) but set the field
3819 * to NULL. Upon restore it should be restored. XXX NOT IMPL YET
3821 if (old_entry->aux.dev) {
3822 switch(minor(old_entry->aux.dev)) {
3830 if (old_entry->ba.aux_info == NULL)
3832 if (((struct lwp *)old_entry->ba.aux_info)->lwp_tid !=
3839 new_entry = vm_map_entry_create(countp);
3840 *new_entry = *old_entry;
3842 new_entry->eflags &= ~MAP_ENTRY_USER_WIRED;
3843 new_entry->wired_count = 0;
3844 KKASSERT(new_entry->ba.backing_ba == NULL);
3846 if (new_entry->aux.dev) {
3847 switch(minor(new_entry->aux.dev)) {
3852 new_entry->ba.aux_info = p2;
3858 new_entry->ba.aux_info = NULL;
3864 new_entry->ba.aux_info = lp2;
3868 new_entry->ba.aux_info = NULL;
3871 vm_map_backing_replicated(new_map, new_entry, 0);
3873 vm_map_entry_link(new_map, new_entry);
3877 * Create an auto-grow stack entry
3882 vm_map_stack (vm_map_t map, vm_offset_t *addrbos, vm_size_t max_ssize,
3883 int flags, vm_prot_t prot, vm_prot_t max, int cow)
3885 vm_map_entry_t prev_entry;
3886 vm_map_entry_t next;
3887 vm_size_t init_ssize;
3890 vm_offset_t tmpaddr;
3892 cow |= MAP_IS_STACK;
3894 if (max_ssize < sgrowsiz)
3895 init_ssize = max_ssize;
3897 init_ssize = sgrowsiz;
3899 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
3903 * Find space for the mapping
3905 if ((flags & (MAP_FIXED | MAP_TRYFIXED)) == 0) {
3906 if (vm_map_findspace(map, *addrbos, max_ssize, 1,
3909 vm_map_entry_release(count);
3910 return (KERN_NO_SPACE);
3915 /* If addr is already mapped, no go */
3916 if (vm_map_lookup_entry(map, *addrbos, &prev_entry)) {
3918 vm_map_entry_release(count);
3919 return (KERN_NO_SPACE);
3923 /* XXX already handled by kern_mmap() */
3924 /* If we would blow our VMEM resource limit, no go */
3925 if (map->size + init_ssize >
3926 curproc->p_rlimit[RLIMIT_VMEM].rlim_cur) {
3928 vm_map_entry_release(count);
3929 return (KERN_NO_SPACE);
3934 * If we can't accomodate max_ssize in the current mapping,
3935 * no go. However, we need to be aware that subsequent user
3936 * mappings might map into the space we have reserved for
3937 * stack, and currently this space is not protected.
3939 * Hopefully we will at least detect this condition
3940 * when we try to grow the stack.
3943 next = vm_map_rb_tree_RB_NEXT(prev_entry);
3945 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
3947 if (next && next->ba.start < *addrbos + max_ssize) {
3949 vm_map_entry_release(count);
3950 return (KERN_NO_SPACE);
3954 * We initially map a stack of only init_ssize. We will
3955 * grow as needed later. Since this is to be a grow
3956 * down stack, we map at the top of the range.
3958 * Note: we would normally expect prot and max to be
3959 * VM_PROT_ALL, and cow to be 0. Possibly we should
3960 * eliminate these as input parameters, and just
3961 * pass these values here in the insert call.
3963 rv = vm_map_insert(map, &count,
3966 *addrbos + max_ssize - init_ssize,
3967 *addrbos + max_ssize,
3969 VM_SUBSYS_STACK, prot, max, cow);
3971 /* Now set the avail_ssize amount */
3972 if (rv == KERN_SUCCESS) {
3974 next = vm_map_rb_tree_RB_NEXT(prev_entry);
3976 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
3977 if (prev_entry != NULL) {
3978 vm_map_clip_end(map,
3980 *addrbos + max_ssize - init_ssize,
3983 if (next->ba.end != *addrbos + max_ssize ||
3984 next->ba.start != *addrbos + max_ssize - init_ssize){
3985 panic ("Bad entry start/end for new stack entry");
3987 next->aux.avail_ssize = max_ssize - init_ssize;
3992 vm_map_entry_release(count);
3997 * Attempts to grow a vm stack entry. Returns KERN_SUCCESS if the
3998 * desired address is already mapped, or if we successfully grow
3999 * the stack. Also returns KERN_SUCCESS if addr is outside the
4000 * stack range (this is strange, but preserves compatibility with
4001 * the grow function in vm_machdep.c).
4006 vm_map_growstack (vm_map_t map, vm_offset_t addr)
4008 vm_map_entry_t prev_entry;
4009 vm_map_entry_t stack_entry;
4010 vm_map_entry_t next;
4016 int rv = KERN_SUCCESS;
4018 int use_read_lock = 1;
4024 lp = curthread->td_lwp;
4025 p = curthread->td_proc;
4026 KKASSERT(lp != NULL);
4027 vm = lp->lwp_vmspace;
4030 * Growstack is only allowed on the current process. We disallow
4031 * other use cases, e.g. trying to access memory via procfs that
4032 * the stack hasn't grown into.
4034 if (map != &vm->vm_map) {
4035 return KERN_FAILURE;
4038 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
4041 vm_map_lock_read(map);
4046 * If addr is already in the entry range, no need to grow.
4047 * prev_entry returns NULL if addr is at the head.
4049 if (vm_map_lookup_entry(map, addr, &prev_entry))
4052 stack_entry = vm_map_rb_tree_RB_NEXT(prev_entry);
4054 stack_entry = RB_MIN(vm_map_rb_tree, &map->rb_root);
4056 if (stack_entry == NULL)
4058 if (prev_entry == NULL)
4059 end = stack_entry->ba.start - stack_entry->aux.avail_ssize;
4061 end = prev_entry->ba.end;
4064 * This next test mimics the old grow function in vm_machdep.c.
4065 * It really doesn't quite make sense, but we do it anyway
4066 * for compatibility.
4068 * If not growable stack, return success. This signals the
4069 * caller to proceed as he would normally with normal vm.
4071 if (stack_entry->aux.avail_ssize < 1 ||
4072 addr >= stack_entry->ba.start ||
4073 addr < stack_entry->ba.start - stack_entry->aux.avail_ssize) {
4077 /* Find the minimum grow amount */
4078 grow_amount = roundup (stack_entry->ba.start - addr, PAGE_SIZE);
4079 if (grow_amount > stack_entry->aux.avail_ssize) {
4085 * If there is no longer enough space between the entries
4086 * nogo, and adjust the available space. Note: this
4087 * should only happen if the user has mapped into the
4088 * stack area after the stack was created, and is
4089 * probably an error.
4091 * This also effectively destroys any guard page the user
4092 * might have intended by limiting the stack size.
4094 if (grow_amount > stack_entry->ba.start - end) {
4095 if (use_read_lock && vm_map_lock_upgrade(map)) {
4101 stack_entry->aux.avail_ssize = stack_entry->ba.start - end;
4106 is_procstack = addr >= (vm_offset_t)vm->vm_maxsaddr;
4108 /* If this is the main process stack, see if we're over the
4111 if (is_procstack && (vm->vm_ssize + grow_amount >
4112 p->p_rlimit[RLIMIT_STACK].rlim_cur)) {
4117 /* Round up the grow amount modulo SGROWSIZ */
4118 grow_amount = roundup (grow_amount, sgrowsiz);
4119 if (grow_amount > stack_entry->aux.avail_ssize) {
4120 grow_amount = stack_entry->aux.avail_ssize;
4122 if (is_procstack && (vm->vm_ssize + grow_amount >
4123 p->p_rlimit[RLIMIT_STACK].rlim_cur)) {
4124 grow_amount = p->p_rlimit[RLIMIT_STACK].rlim_cur - vm->vm_ssize;
4127 /* If we would blow our VMEM resource limit, no go */
4128 if (map->size + grow_amount > p->p_rlimit[RLIMIT_VMEM].rlim_cur) {
4133 if (use_read_lock && vm_map_lock_upgrade(map)) {
4140 /* Get the preliminary new entry start value */
4141 addr = stack_entry->ba.start - grow_amount;
4143 /* If this puts us into the previous entry, cut back our growth
4144 * to the available space. Also, see the note above.
4147 stack_entry->aux.avail_ssize = stack_entry->ba.start - end;
4151 rv = vm_map_insert(map, &count,
4154 addr, stack_entry->ba.start,
4156 VM_SUBSYS_STACK, VM_PROT_ALL, VM_PROT_ALL, 0);
4158 /* Adjust the available stack space by the amount we grew. */
4159 if (rv == KERN_SUCCESS) {
4161 vm_map_clip_end(map, prev_entry, addr, &count);
4162 next = vm_map_rb_tree_RB_NEXT(prev_entry);
4164 next = RB_MIN(vm_map_rb_tree, &map->rb_root);
4166 if (next->ba.end != stack_entry->ba.start ||
4167 next->ba.start != addr) {
4168 panic ("Bad stack grow start/end in new stack entry");
4170 next->aux.avail_ssize =
4171 stack_entry->aux.avail_ssize -
4172 (next->ba.end - next->ba.start);
4174 vm->vm_ssize += next->ba.end -
4179 if (map->flags & MAP_WIREFUTURE) {
4180 vm_map_user_wiring(map,
4189 vm_map_unlock_read(map);
4192 vm_map_entry_release(count);
4197 * Unshare the specified VM space for exec. If other processes are
4198 * mapped to it, then create a new one. The new vmspace is null.
4203 vmspace_exec(struct proc *p, struct vmspace *vmcopy)
4205 struct vmspace *oldvmspace = p->p_vmspace;
4206 struct vmspace *newvmspace;
4207 vm_map_t map = &p->p_vmspace->vm_map;
4210 * If we are execing a resident vmspace we fork it, otherwise
4211 * we create a new vmspace. Note that exitingcnt is not
4212 * copied to the new vmspace.
4214 lwkt_gettoken(&oldvmspace->vm_map.token);
4216 newvmspace = vmspace_fork(vmcopy, NULL, NULL);
4217 lwkt_gettoken(&newvmspace->vm_map.token);
4219 newvmspace = vmspace_alloc(vm_map_min(map), vm_map_max(map));
4220 lwkt_gettoken(&newvmspace->vm_map.token);
4221 bcopy(&oldvmspace->vm_startcopy, &newvmspace->vm_startcopy,
4222 (caddr_t)&oldvmspace->vm_endcopy -
4223 (caddr_t)&oldvmspace->vm_startcopy);
4227 * Finish initializing the vmspace before assigning it
4228 * to the process. The vmspace will become the current vmspace
4231 pmap_pinit2(vmspace_pmap(newvmspace));
4232 pmap_replacevm(p, newvmspace, 0);
4233 lwkt_reltoken(&newvmspace->vm_map.token);
4234 lwkt_reltoken(&oldvmspace->vm_map.token);
4235 vmspace_rel(oldvmspace);
4239 * Unshare the specified VM space for forcing COW. This
4240 * is called by rfork, for the (RFMEM|RFPROC) == 0 case.
4243 vmspace_unshare(struct proc *p)
4245 struct vmspace *oldvmspace = p->p_vmspace;
4246 struct vmspace *newvmspace;
4248 lwkt_gettoken(&oldvmspace->vm_map.token);
4249 if (vmspace_getrefs(oldvmspace) == 1) {
4250 lwkt_reltoken(&oldvmspace->vm_map.token);
4253 newvmspace = vmspace_fork(oldvmspace, NULL, NULL);
4254 lwkt_gettoken(&newvmspace->vm_map.token);
4255 pmap_pinit2(vmspace_pmap(newvmspace));
4256 pmap_replacevm(p, newvmspace, 0);
4257 lwkt_reltoken(&newvmspace->vm_map.token);
4258 lwkt_reltoken(&oldvmspace->vm_map.token);
4259 vmspace_rel(oldvmspace);
4263 * vm_map_hint: return the beginning of the best area suitable for
4264 * creating a new mapping with "prot" protection.
4269 vm_map_hint(struct proc *p, vm_offset_t addr, vm_prot_t prot)
4271 struct vmspace *vms = p->p_vmspace;
4272 struct rlimit limit;
4276 * Acquire datasize limit for mmap() operation,
4277 * calculate nearest power of 2.
4279 if (kern_getrlimit(RLIMIT_DATA, &limit))
4280 limit.rlim_cur = maxdsiz;
4281 dsiz = limit.rlim_cur;
4283 if (!randomize_mmap || addr != 0) {
4285 * Set a reasonable start point for the hint if it was
4286 * not specified or if it falls within the heap space.
4287 * Hinted mmap()s do not allocate out of the heap space.
4290 (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
4291 addr < round_page((vm_offset_t)vms->vm_daddr + dsiz))) {
4292 addr = round_page((vm_offset_t)vms->vm_daddr + dsiz);
4299 * randomize_mmap && addr == 0. For now randomize the
4300 * address within a dsiz range beyond the data limit.
4302 addr = (vm_offset_t)vms->vm_daddr + dsiz;
4304 addr += (karc4random64() & 0x7FFFFFFFFFFFFFFFLU) % dsiz;
4305 return (round_page(addr));
4309 * Finds the VM object, offset, and protection for a given virtual address
4310 * in the specified map, assuming a page fault of the type specified.
4312 * Leaves the map in question locked for read; return values are guaranteed
4313 * until a vm_map_lookup_done call is performed. Note that the map argument
4314 * is in/out; the returned map must be used in the call to vm_map_lookup_done.
4316 * A handle (out_entry) is returned for use in vm_map_lookup_done, to make
4319 * If a lookup is requested with "write protection" specified, the map may
4320 * be changed to perform virtual copying operations, although the data
4321 * referenced will remain the same.
4326 vm_map_lookup(vm_map_t *var_map, /* IN/OUT */
4328 vm_prot_t fault_typea,
4329 vm_map_entry_t *out_entry, /* OUT */
4330 struct vm_map_backing **bap, /* OUT */
4331 vm_pindex_t *pindex, /* OUT */
4332 vm_pindex_t *pcount, /* OUT */
4333 vm_prot_t *out_prot, /* OUT */
4334 int *wflags) /* OUT */
4336 vm_map_entry_t entry;
4337 vm_map_t map = *var_map;
4339 vm_prot_t fault_type = fault_typea;
4340 int use_read_lock = 1;
4341 int rv = KERN_SUCCESS;
4343 thread_t td = curthread;
4346 * vm_map_entry_reserve() implements an important mitigation
4347 * against mmap() span running the kernel out of vm_map_entry
4348 * structures, but it can also cause an infinite call recursion.
4349 * Use td_nest_count to prevent an infinite recursion (allows
4350 * the vm_map code to dig into the pcpu vm_map_entry reserve).
4353 if (td->td_nest_count == 0) {
4354 ++td->td_nest_count;
4355 count = vm_map_entry_reserve(MAP_RESERVE_COUNT);
4356 --td->td_nest_count;
4360 vm_map_lock_read(map);
4365 * Always do a full lookup. The hint doesn't get us much anymore
4366 * now that the map is RB'd.
4373 vm_map_entry_t tmp_entry;
4375 if (!vm_map_lookup_entry(map, vaddr, &tmp_entry)) {
4376 rv = KERN_INVALID_ADDRESS;
4386 if (entry->maptype == VM_MAPTYPE_SUBMAP) {
4387 vm_map_t old_map = map;
4389 *var_map = map = entry->ba.sub_map;
4391 vm_map_unlock_read(old_map);
4393 vm_map_unlock(old_map);
4399 * Check whether this task is allowed to have this page.
4400 * Note the special case for MAP_ENTRY_COW pages with an override.
4401 * This is to implement a forced COW for debuggers.
4403 if (fault_type & VM_PROT_OVERRIDE_WRITE)
4404 prot = entry->max_protection;
4406 prot = entry->protection;
4408 fault_type &= (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
4409 if ((fault_type & prot) != fault_type) {
4410 rv = KERN_PROTECTION_FAILURE;
4414 if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
4415 (entry->eflags & MAP_ENTRY_COW) &&
4416 (fault_type & VM_PROT_WRITE) &&
4417 (fault_typea & VM_PROT_OVERRIDE_WRITE) == 0) {
4418 rv = KERN_PROTECTION_FAILURE;
4423 * Flag regular pages that are supposed to be wired. Remove prior
4424 * semantics that disallowed protection changes for such pages.
4426 * The prior semantics are not used by modern systems. Applications
4427 * do not assume an inability to change protection modes and may
4428 * operate incorrectly if we try to prevent protection changes.
4430 * Modern applications are aware that even for locked memory,
4431 * changing protection modes, modifying MAP_PRIVATE mappings,
4432 * or fork() may still cause page faults on the locked memory.
4435 if (entry->wired_count) {
4436 *wflags |= FW_WIRED;
4438 prot = fault_type = entry->protection;
4442 if (curthread->td_lwp && curthread->td_lwp->lwp_vmspace &&
4443 pmap_emulate_ad_bits(&curthread->td_lwp->lwp_vmspace->vm_pmap)) {
4444 if ((prot & VM_PROT_WRITE) == 0)
4445 fault_type |= VM_PROT_WRITE;
4449 * Only NORMAL maps are object-based. UKSMAPs are not.
4451 if (entry->maptype != VM_MAPTYPE_NORMAL) {
4457 * If the entry was copy-on-write, we either ...
4459 if (entry->eflags & MAP_ENTRY_NEEDS_COPY) {
4461 * If we want to write the page, we may as well handle that
4462 * now since we've got the map locked.
4464 * If we don't need to write the page, we just demote the
4465 * permissions allowed.
4467 if (fault_type & VM_PROT_WRITE) {
4469 * Not allowed if TDF_NOFAULT is set as the shadowing
4470 * operation can deadlock against the faulting
4471 * function due to the copy-on-write.
4473 if (curthread->td_flags & TDF_NOFAULT) {
4474 rv = KERN_FAILURE_NOFAULT;
4479 * Make a new vm_map_backing + object, and place it
4480 * in the object chain. Note that no new references
4481 * have appeared -- one just moved from the map to
4484 if (use_read_lock && vm_map_lock_upgrade(map)) {
4490 vm_map_entry_shadow(entry);
4491 *wflags |= FW_DIDCOW;
4494 * We're attempting to read a copy-on-write page --
4495 * don't allow writes.
4497 prot &= ~VM_PROT_WRITE;
4502 * Create an object if necessary. This code also handles
4503 * partitioning large entries to improve vm_fault performance.
4505 if (entry->ba.object == NULL && !map->system_map) {
4506 if (use_read_lock && vm_map_lock_upgrade(map)) {
4514 * Partition large entries, giving each its own VM object,
4515 * to improve concurrent fault performance. This is only
4516 * applicable to userspace.
4518 if (map != kernel_map &&
4519 entry->maptype == VM_MAPTYPE_NORMAL &&
4520 ((entry->ba.start ^ entry->ba.end) &
4521 ~MAP_ENTRY_PARTITION_MASK) &&
4522 vm_map_partition_enable) {
4523 if (entry->eflags & MAP_ENTRY_IN_TRANSITION) {
4524 entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP;
4525 ++mycpu->gd_cnt.v_intrans_coll;
4526 ++mycpu->gd_cnt.v_intrans_wait;
4527 vm_map_transition_wait(map, 0);
4530 vm_map_entry_partition(map, entry, vaddr, &count);
4532 vm_map_entry_allocate_object(entry);
4536 * Return the object/offset from this entry. If the entry was
4537 * copy-on-write or empty, it has been fixed up.
4542 *pindex = OFF_TO_IDX((vaddr - entry->ba.start) + entry->ba.offset);
4543 *pcount = OFF_TO_IDX(entry->ba.end - trunc_page(vaddr));
4546 * Return whether this is the only map sharing this data. On
4547 * success we return with a read lock held on the map. On failure
4548 * we return with the map unlocked.
4552 if (rv == KERN_SUCCESS) {
4553 if (use_read_lock == 0)
4554 vm_map_lock_downgrade(map);
4555 } else if (use_read_lock) {
4556 vm_map_unlock_read(map);
4561 vm_map_entry_release(count);
4567 * Releases locks acquired by a vm_map_lookup()
4568 * (according to the handle returned by that lookup).
4570 * No other requirements.
4573 vm_map_lookup_done(vm_map_t map, vm_map_entry_t entry, int count)
4576 * Unlock the main-level map
4578 vm_map_unlock_read(map);
4580 vm_map_entry_release(count);
4584 vm_map_entry_partition(vm_map_t map, vm_map_entry_t entry,
4585 vm_offset_t vaddr, int *countp)
4587 vaddr &= ~MAP_ENTRY_PARTITION_MASK;
4588 vm_map_clip_start(map, entry, vaddr, countp);
4589 vaddr += MAP_ENTRY_PARTITION_SIZE;
4590 vm_map_clip_end(map, entry, vaddr, countp);
4594 * Quick hack, needs some help to make it more SMP friendly.
4597 vm_map_interlock(vm_map_t map, struct vm_map_ilock *ilock,
4598 vm_offset_t ran_beg, vm_offset_t ran_end)
4600 struct vm_map_ilock *scan;
4602 ilock->ran_beg = ran_beg;
4603 ilock->ran_end = ran_end;
4606 spin_lock(&map->ilock_spin);
4608 for (scan = map->ilock_base; scan; scan = scan->next) {
4609 if (ran_end > scan->ran_beg && ran_beg < scan->ran_end) {
4610 scan->flags |= ILOCK_WAITING;
4611 ssleep(scan, &map->ilock_spin, 0, "ilock", 0);
4615 ilock->next = map->ilock_base;
4616 map->ilock_base = ilock;
4617 spin_unlock(&map->ilock_spin);
4621 vm_map_deinterlock(vm_map_t map, struct vm_map_ilock *ilock)
4623 struct vm_map_ilock *scan;
4624 struct vm_map_ilock **scanp;
4626 spin_lock(&map->ilock_spin);
4627 scanp = &map->ilock_base;
4628 while ((scan = *scanp) != NULL) {
4629 if (scan == ilock) {
4630 *scanp = ilock->next;
4631 spin_unlock(&map->ilock_spin);
4632 if (ilock->flags & ILOCK_WAITING)
4636 scanp = &scan->next;
4638 spin_unlock(&map->ilock_spin);
4639 panic("vm_map_deinterlock: missing ilock!");
4642 #include "opt_ddb.h"
4644 #include <ddb/ddb.h>
4649 DB_SHOW_COMMAND(map, vm_map_print)
4652 /* XXX convert args. */
4653 vm_map_t map = (vm_map_t)addr;
4654 boolean_t full = have_addr;
4656 vm_map_entry_t entry;
4658 db_iprintf("Task map %p: pmap=%p, nentries=%d, version=%u\n",
4660 (void *)map->pmap, map->nentries, map->timestamp);
4663 if (!full && db_indent)
4667 RB_FOREACH(entry, vm_map_rb_tree, &map->rb_root) {
4668 db_iprintf("map entry %p: start=%p, end=%p\n",
4670 (void *)entry->ba.start, (void *)entry->ba.end);
4673 static char *inheritance_name[4] =
4674 {"share", "copy", "none", "donate_copy"};
4676 db_iprintf(" prot=%x/%x/%s",
4678 entry->max_protection,
4679 inheritance_name[(int)(unsigned char)
4680 entry->inheritance]);
4681 if (entry->wired_count != 0)
4682 db_printf(", wired");
4684 switch(entry->maptype) {
4685 case VM_MAPTYPE_SUBMAP:
4686 /* XXX no %qd in kernel. Truncate entry->ba.offset. */
4687 db_printf(", share=%p, offset=0x%lx\n",
4688 (void *)entry->ba.sub_map,
4689 (long)entry->ba.offset);
4693 vm_map_print((db_expr_t)(intptr_t)entry->ba.sub_map,
4697 case VM_MAPTYPE_NORMAL:
4698 /* XXX no %qd in kernel. Truncate entry->ba.offset. */
4699 db_printf(", object=%p, offset=0x%lx",
4700 (void *)entry->ba.object,
4701 (long)entry->ba.offset);
4702 if (entry->eflags & MAP_ENTRY_COW)
4703 db_printf(", copy (%s)",
4704 ((entry->eflags & MAP_ENTRY_NEEDS_COPY) ?
4705 "needed" : "done"));
4709 if (entry->ba.object) {
4711 vm_object_print((db_expr_t)(intptr_t)
4718 case VM_MAPTYPE_UKSMAP:
4719 db_printf(", uksmap=%p, offset=0x%lx",
4720 (void *)entry->ba.uksmap,
4721 (long)entry->ba.offset);
4722 if (entry->eflags & MAP_ENTRY_COW)
4723 db_printf(", copy (%s)",
4724 (entry->eflags & MAP_ENTRY_NEEDS_COPY) ? "needed" : "done");
4740 DB_SHOW_COMMAND(procvm, procvm)
4745 p = (struct proc *) addr;
4750 db_printf("p = %p, vmspace = %p, map = %p, pmap = %p\n",
4751 (void *)p, (void *)p->p_vmspace, (void *)&p->p_vmspace->vm_map,
4752 (void *)vmspace_pmap(p->p_vmspace));
4754 vm_map_print((db_expr_t)(intptr_t)&p->p_vmspace->vm_map, 1, 0, NULL);
projects / dragonfly.git / blob