4 * Copyright (c) 2006 The DragonFly Project. All rights reserved.
6 * This code is derived from software contributed to The DragonFly Project
7 * by Matthew Dillon <dillon@backplane.com>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
19 * 3. Neither the name of The DragonFly Project nor the names of its
20 * contributors may be used to endorse or promote products derived
21 * from this software without specific, prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
29 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
31 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 #include <sys/param.h>
38 #include <sys/kernel.h>
39 #include <sys/systm.h>
40 #include <sys/sysmsg.h>
41 #include <sys/kern_syscall.h>
43 #include <sys/thread.h>
45 #include <sys/malloc.h>
46 #include <sys/sysctl.h>
47 #include <sys/vkernel.h>
48 #include <sys/vmspace.h>
50 #include <vm/vm_extern.h>
53 #include <machine/vmparam.h>
55 static struct vmspace_entry *vkernel_find_vmspace(struct vkernel_proc *vkp,
56 void *id, int havetoken);
57 static int vmspace_entry_delete(struct vmspace_entry *ve,
58 struct vkernel_proc *vkp, int refs);
59 static void vmspace_entry_cache_ref(struct vmspace_entry *ve);
60 static void vmspace_entry_cache_drop(struct vmspace_entry *ve);
61 static void vmspace_entry_drop(struct vmspace_entry *ve);
63 static MALLOC_DEFINE(M_VKERNEL, "vkernel", "VKernel structures");
66 * vmspace_create (void *id, int type, void *data)
68 * Create a VMSPACE under the control of the caller with the specified id.
69 * An id of NULL cannot be used. The type and data fields must currently
72 * The vmspace starts out completely empty. Memory may be mapped into the
73 * VMSPACE with vmspace_mmap().
78 sys_vmspace_create(struct sysmsg *sysmsg,
79 const struct vmspace_create_args *uap)
81 struct vmspace_entry *ve;
82 struct vkernel_proc *vkp;
83 struct proc *p = curproc;
86 if (vkernel_enable == 0)
90 * Create a virtual kernel side-structure for the process if one
93 * Implement a simple resolution for SMP races.
95 if ((vkp = p->p_vkernel) == NULL) {
96 vkp = kmalloc(sizeof(*vkp), M_VKERNEL, M_WAITOK|M_ZERO);
97 lwkt_gettoken(&p->p_token);
98 if (p->p_vkernel == NULL) {
100 lwkt_token_init(&vkp->token, "vkernel");
104 kfree(vkp, M_VKERNEL);
107 lwkt_reltoken(&p->p_token);
111 * Create a new VMSPACE, disallow conflicting ids
113 ve = kmalloc(sizeof(struct vmspace_entry), M_VKERNEL, M_WAITOK|M_ZERO);
114 ve->vmspace = vmspace_alloc(VM_MIN_USER_ADDRESS, VM_MAX_USER_ADDRESS);
116 ve->refs = 0; /* active refs (none) */
117 ve->cache_refs = 1; /* on-tree, not deleted (prevent kfree) */
118 pmap_pinit2(vmspace_pmap(ve->vmspace));
120 lwkt_gettoken(&vkp->token);
121 if (RB_INSERT(vmspace_rb_tree, &vkp->root, ve)) {
122 vmspace_rel(ve->vmspace);
123 ve->vmspace = NULL; /* safety */
124 kfree(ve, M_VKERNEL);
129 lwkt_reltoken(&vkp->token);
135 * Destroy a VMSPACE given its identifier.
140 sys_vmspace_destroy(struct sysmsg *sysmsg,
141 const struct vmspace_destroy_args *uap)
143 struct vkernel_proc *vkp;
144 struct vmspace_entry *ve;
147 if ((vkp = curproc->p_vkernel) == NULL)
151 * vkp->token protects the deletion against a new RB tree search.
153 lwkt_gettoken(&vkp->token);
155 if ((ve = vkernel_find_vmspace(vkp, uap->id, 1)) != NULL) {
156 error = vmspace_entry_delete(ve, vkp, 1);
158 vmspace_entry_cache_drop(ve);
160 lwkt_reltoken(&vkp->token);
166 * vmspace_ctl (void *id, int cmd, struct trapframe *tframe,
167 * struct vextframe *vframe);
169 * Transfer control to a VMSPACE. Control is returned after the specified
170 * number of microseconds or if a page fault, signal, trap, or system call
171 * occurs. The context is updated as appropriate.
176 sys_vmspace_ctl(struct sysmsg *sysmsg,
177 const struct vmspace_ctl_args *uap)
179 struct vmspace_ctl_args ua = *uap;
180 struct vkernel_proc *vkp;
181 struct vkernel_lwp *vklp;
182 struct vmspace_entry *ve = NULL;
188 lp = curthread->td_lwp;
191 if ((vkp = p->p_vkernel) == NULL)
195 * NOTE: We have to copy *uap into ua because uap is an aliased
196 * pointer into the sysframe, which we are replacing.
198 if ((ve = vkernel_find_vmspace(vkp, ua.id, 0)) == NULL) {
204 case VMSPACE_CTL_RUN:
206 * Save the caller's register context, swap VM spaces, and
207 * install the passed register context. Return with
208 * EJUSTRETURN so the syscall code doesn't adjust the context.
210 framesz = sizeof(struct trapframe);
211 if ((vklp = lp->lwp_vkernel) == NULL) {
212 vklp = kmalloc(sizeof(*vklp), M_VKERNEL,
214 lp->lwp_vkernel = vklp;
216 if (ve && vklp->ve_cache != ve) {
217 vmspace_entry_cache_ref(ve);
219 vmspace_entry_cache_drop(vklp->ve_cache);
222 vklp->user_trapframe = ua.tframe;
223 vklp->user_vextframe = ua.vframe;
224 bcopy(sysmsg->sysmsg_frame, &vklp->save_trapframe, framesz);
225 bcopy(&curthread->td_tls, &vklp->save_vextframe.vx_tls,
226 sizeof(vklp->save_vextframe.vx_tls));
227 error = copyin(ua.tframe, sysmsg->sysmsg_frame, framesz);
229 error = copyin(&ua.vframe->vx_tls,
231 sizeof(struct savetls));
234 error = cpu_sanitize_frame(sysmsg->sysmsg_frame);
236 error = cpu_sanitize_tls(&curthread->td_tls);
238 bcopy(&vklp->save_trapframe, sysmsg->sysmsg_frame,
240 bcopy(&vklp->save_vextframe.vx_tls, &curthread->td_tls,
241 sizeof(vklp->save_vextframe.vx_tls));
245 atomic_add_int(&ve->refs, 1);
246 pmap_setlwpvm(lp, ve->vmspace);
248 set_vkernel_fp(sysmsg->sysmsg_frame);
258 vmspace_entry_drop(ve);
264 * vmspace_mmap(id, addr, len, prot, flags, fd, offset)
266 * map memory within a VMSPACE. This function is just like a normal mmap()
267 * but operates on the vmspace's memory map.
272 sys_vmspace_mmap(struct sysmsg *sysmsg,
273 const struct vmspace_mmap_args *uap)
275 struct vkernel_proc *vkp;
276 struct vmspace_entry *ve;
279 if ((vkp = curproc->p_vkernel) == NULL) {
284 if ((ve = vkernel_find_vmspace(vkp, uap->id, 0)) == NULL) {
289 error = kern_mmap(ve->vmspace, uap->addr, uap->len,
290 uap->prot, uap->flags,
291 uap->fd, uap->offset, &sysmsg->sysmsg_resultp);
293 vmspace_entry_drop(ve);
299 * vmspace_munmap(id, addr, len)
301 * unmap memory within a VMSPACE.
306 sys_vmspace_munmap(struct sysmsg *sysmsg,
307 const struct vmspace_munmap_args *uap)
309 struct vkernel_proc *vkp;
310 struct vmspace_entry *ve;
313 vm_size_t size, pageoff;
317 if ((vkp = curproc->p_vkernel) == NULL) {
322 if ((ve = vkernel_find_vmspace(vkp, uap->id, 0)) == NULL) {
328 * NOTE: kern_munmap() can block so we need to temporarily
333 * Copied from sys_munmap()
335 addr = (vm_offset_t)uap->addr;
338 pageoff = (addr & PAGE_MASK);
341 size = (vm_size_t)round_page(size);
342 if (size < uap->len) { /* wrap */
346 tmpaddr = addr + size; /* workaround gcc4 opt */
347 if (tmpaddr < addr) { /* wrap */
356 if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) {
360 if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) {
364 map = &ve->vmspace->vm_map;
365 if (!vm_map_check_protection(map, addr, tmpaddr, VM_PROT_NONE, FALSE)) {
369 vm_map_remove(map, addr, addr + size);
372 vmspace_entry_drop(ve);
378 * vmspace_pread(id, buf, nbyte, flags, offset)
380 * Read data from a vmspace. The number of bytes read is returned or
381 * -1 if an unrecoverable error occured. If the number of bytes read is
382 * less then the request size, a page fault occured in the VMSPACE which
383 * the caller must resolve in order to proceed.
385 * (not implemented yet)
389 sys_vmspace_pread(struct sysmsg *sysmsg,
390 const struct vmspace_pread_args *uap)
392 struct vkernel_proc *vkp;
393 struct vmspace_entry *ve;
396 if ((vkp = curproc->p_vkernel) == NULL) {
401 if ((ve = vkernel_find_vmspace(vkp, uap->id, 0)) == NULL) {
405 vmspace_entry_drop(ve);
412 * vmspace_pwrite(id, buf, nbyte, flags, offset)
414 * Write data to a vmspace. The number of bytes written is returned or
415 * -1 if an unrecoverable error occured. If the number of bytes written is
416 * less then the request size, a page fault occured in the VMSPACE which
417 * the caller must resolve in order to proceed.
419 * (not implemented yet)
423 sys_vmspace_pwrite(struct sysmsg *sysmsg,
424 const struct vmspace_pwrite_args *uap)
426 struct vkernel_proc *vkp;
427 struct vmspace_entry *ve;
430 if ((vkp = curproc->p_vkernel) == NULL) {
434 if ((ve = vkernel_find_vmspace(vkp, uap->id, 0)) == NULL) {
438 vmspace_entry_drop(ve);
445 * vmspace_mcontrol(id, addr, len, behav, value)
447 * madvise/mcontrol support for a vmspace.
452 sys_vmspace_mcontrol(struct sysmsg *sysmsg,
453 const struct vmspace_mcontrol_args *uap)
455 struct vkernel_proc *vkp;
456 struct vmspace_entry *ve;
458 vm_offset_t start, end;
459 vm_offset_t tmpaddr = (vm_offset_t)uap->addr + uap->len;
462 lp = curthread->td_lwp;
463 if ((vkp = curproc->p_vkernel) == NULL) {
468 if ((ve = vkernel_find_vmspace(vkp, uap->id, 0)) == NULL) {
474 * This code is basically copied from sys_mcontrol()
476 if (uap->behav < 0 || uap->behav > MADV_CONTROL_END) {
481 if (tmpaddr < (vm_offset_t)uap->addr) {
485 if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) {
489 if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) {
494 start = trunc_page((vm_offset_t) uap->addr);
495 end = round_page(tmpaddr);
497 error = vm_map_madvise(&ve->vmspace->vm_map, start, end,
498 uap->behav, uap->value);
500 vmspace_entry_drop(ve);
506 * Red black tree functions
508 static int rb_vmspace_compare(struct vmspace_entry *, struct vmspace_entry *);
509 RB_GENERATE(vmspace_rb_tree, vmspace_entry, rb_entry, rb_vmspace_compare);
512 * a->start is address, and the only field has to be initialized.
513 * The caller must hold vkp->token.
515 * The caller must hold vkp->token.
518 rb_vmspace_compare(struct vmspace_entry *a, struct vmspace_entry *b)
520 if ((char *)a->id < (char *)b->id)
522 else if ((char *)a->id > (char *)b->id)
528 * The caller must hold vkp->token.
532 rb_vmspace_delete(struct vmspace_entry *ve, void *data)
534 struct vkernel_proc *vkp = data;
536 if (vmspace_entry_delete(ve, vkp, 0) == 0)
537 vmspace_entry_cache_drop(ve);
539 panic("rb_vmspace_delete: invalid refs %d", ve->refs);
544 * Remove a vmspace_entry from the RB tree and destroy it. We have to clean
545 * up the pmap, the vm_map, then destroy the vmspace. We gain control of
546 * the associated cache_refs ref, which the caller will drop for us.
548 * The ve must not have any active references other than those from the
549 * caller. If it does, EBUSY is returned. The ve may still maintain
550 * any number of cache references which will drop as the related LWPs
551 * execute vmspace operations or exit.
553 * 0 is returned on success, EBUSY on failure. On success the caller must
554 * drop the last cache_refs. We have dropped the callers active refs.
556 * The caller must hold vkp->token.
560 vmspace_entry_delete(struct vmspace_entry *ve, struct vkernel_proc *vkp,
564 * Interlocked by vkp->token.
566 * Drop the callers refs and set VKE_REF_DELETED atomically, if
567 * the remaining refs match exactly. Dropping refs and setting
568 * the DELETED flag atomically protects other threads from trying
571 * The caller now owns the final cache_ref that was previously
572 * associated with the live state of the ve.
574 if (atomic_cmpset_int(&ve->refs, refs, VKE_REF_DELETED) == 0) {
575 KKASSERT(ve->refs >= refs);
578 RB_REMOVE(vmspace_rb_tree, &vkp->root, ve);
580 pmap_remove_pages(vmspace_pmap(ve->vmspace),
581 VM_MIN_USER_ADDRESS, VM_MAX_USER_ADDRESS);
582 vm_map_remove(&ve->vmspace->vm_map,
583 VM_MIN_USER_ADDRESS, VM_MAX_USER_ADDRESS);
584 vmspace_rel(ve->vmspace);
585 ve->vmspace = NULL; /* safety */
591 * Ref a ve for cache purposes
595 vmspace_entry_cache_ref(struct vmspace_entry *ve)
597 atomic_add_int(&ve->cache_refs, 1);
601 * The ve cache_drop is the final word for a ve. It gains an extra ref
602 * representing it being on the RB tree and not being in a deleted state.
603 * Removal from the RB tree and deletion manipulate this ref. The last
604 * drop will thus include full deletion of the ve in addition to the last
605 * cached user going away.
609 vmspace_entry_cache_drop(struct vmspace_entry *ve)
611 if (atomic_fetchadd_int(&ve->cache_refs, -1) == 1) {
612 KKASSERT(ve->refs & VKE_REF_DELETED);
613 kfree(ve, M_VKERNEL);
618 * Drop primary reference. The ve cannot be freed on the 1->0 transition.
619 * Instead, ve deletion interlocks the final kfree() via cache_refs.
623 vmspace_entry_drop(struct vmspace_entry *ve)
625 atomic_fetchadd_int(&ve->refs, -1);
629 * Locate the ve for (id), return the ve or NULL. If found this function
630 * will bump ve->refs which prevents the ve from being immediately destroyed
631 * (but it can still be removed).
633 * The cache can potentially contain a stale ve, check by testing ve->vmspace.
635 * The caller must hold vkp->token if excl is non-zero.
638 struct vmspace_entry *
639 vkernel_find_vmspace(struct vkernel_proc *vkp, void *id, int excl)
641 struct vmspace_entry *ve;
642 struct vmspace_entry key;
643 struct vkernel_lwp *vklp;
644 struct lwp *lp = curthread->td_lwp;
647 * Cache check. Since we already hold a ref on the cache entry
648 * the ve cannot be ripped out from under us while we cycle
651 if ((vklp = lp->lwp_vkernel) != NULL) {
653 if (ve && ve->id == id) {
657 * Bump active refs, check to see if the cache
658 * entry is stale. If not, we are good.
660 n = atomic_fetchadd_int(&ve->refs, 1);
661 if ((n & VKE_REF_DELETED) == 0) {
662 KKASSERT(ve->vmspace);
667 * Cache is stale, clean it out and fall through
668 * to a normal search.
670 vklp->ve_cache = NULL;
671 vmspace_entry_drop(ve);
672 vmspace_entry_cache_drop(ve);
677 * Normal search protected by vkp->token. No new ve's can be marked
678 * DELETED while we hold the token so we are safe.
681 lwkt_gettoken_shared(&vkp->token);
683 ve = RB_FIND(vmspace_rb_tree, &vkp->root, &key);
685 if (atomic_fetchadd_int(&ve->refs, 1) & VKE_REF_DELETED) {
686 vmspace_entry_drop(ve);
691 lwkt_reltoken(&vkp->token);
696 * Manage vkernel refs, used by the kernel when fork()ing or exit()ing
702 vkernel_inherit(struct proc *p1, struct proc *p2)
704 struct vkernel_proc *vkp;
707 KKASSERT(vkp->refs > 0);
708 atomic_add_int(&vkp->refs, 1);
716 vkernel_exit(struct proc *p)
718 struct vkernel_proc *vkp;
724 * Restore the original VM context if we are killed while running
727 * This isn't supposed to happen. What is supposed to happen is
728 * that the process should enter vkernel_trap() before the handling
731 RB_FOREACH(lp, lwp_rb_tree, &p->p_lwp_tree) {
732 vkernel_lwp_exit(lp);
736 * Dereference the common area
739 KKASSERT(vkp->refs > 0);
741 if (atomic_fetchadd_int(&vkp->refs, -1) == 1) {
742 lwkt_gettoken(&vkp->token);
743 RB_SCAN(vmspace_rb_tree, &vkp->root, NULL,
744 rb_vmspace_delete, vkp);
745 lwkt_reltoken(&vkp->token);
746 kfree(vkp, M_VKERNEL);
754 vkernel_lwp_exit(struct lwp *lp)
756 struct vkernel_lwp *vklp;
757 struct vmspace_entry *ve;
759 if ((vklp = lp->lwp_vkernel) != NULL) {
763 if ((ve = vklp->ve) != NULL) {
764 kprintf("Warning, pid %d killed with "
765 "active VC!\n", lp->lwp_proc->p_pid);
766 pmap_setlwpvm(lp, lp->lwp_proc->p_vmspace);
768 KKASSERT(ve->refs > 0);
769 vmspace_entry_drop(ve);
771 if ((ve = vklp->ve_cache) != NULL) {
772 vklp->ve_cache = NULL;
773 vmspace_entry_cache_drop(ve);
776 lp->lwp_vkernel = NULL;
777 kfree(vklp, M_VKERNEL);
782 * A VM space under virtual kernel control trapped out or made a system call
783 * or otherwise needs to return control to the virtual kernel context.
788 vkernel_trap(struct lwp *lp, struct trapframe *frame)
790 struct proc *p = lp->lwp_proc;
791 struct vmspace_entry *ve;
792 struct vkernel_lwp *vklp;
796 * Which vmspace entry was running?
798 vklp = lp->lwp_vkernel;
802 KKASSERT(ve != NULL);
805 * Switch the LWP vmspace back to the virtual kernel's VM space.
808 pmap_setlwpvm(lp, p->p_vmspace);
809 KKASSERT(ve->refs > 0);
810 vmspace_entry_drop(ve);
811 /* ve is invalid once we kill our ref */
814 * Copy the emulated process frame to the virtual kernel process.
815 * The emulated process cannot change TLS descriptors so don't
816 * bother saving them, we already have a copy.
818 * Restore the virtual kernel's saved context so the virtual kernel
819 * process can resume.
821 error = copyout(frame, vklp->user_trapframe, sizeof(*frame));
822 bcopy(&vklp->save_trapframe, frame, sizeof(*frame));
823 bcopy(&vklp->save_vextframe.vx_tls, &curthread->td_tls,
824 sizeof(vklp->save_vextframe.vx_tls));
826 cpu_vkernel_trap(frame, error);