FreeBSD/Linux Kernel Cross Reference
sys/i386/i386/pmap.c
1 /*-
2 * Copyright (c) 1991 Regents of the University of California.
3 * All rights reserved.
4 * Copyright (c) 1994 John S. Dyson
5 * All rights reserved.
6 * Copyright (c) 1994 David Greenman
7 * All rights reserved.
8 * Copyright (c) 2005 Alan L. Cox <alc@cs.rice.edu>
9 * All rights reserved.
10 *
11 * This code is derived from software contributed to Berkeley by
12 * the Systems Programming Group of the University of Utah Computer
13 * Science Department and William Jolitz of UUNET Technologies Inc.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. All advertising materials mentioning features or use of this software
24 * must display the following acknowledgement:
25 * This product includes software developed by the University of
26 * California, Berkeley and its contributors.
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
30 *
31 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
41 * SUCH DAMAGE.
42 *
43 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
44 */
45 /*-
46 * Copyright (c) 2003 Networks Associates Technology, Inc.
47 * All rights reserved.
48 *
49 * This software was developed for the FreeBSD Project by Jake Burkholder,
50 * Safeport Network Services, and Network Associates Laboratories, the
51 * Security Research Division of Network Associates, Inc. under
52 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
53 * CHATS research program.
54 *
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
57 * are met:
58 * 1. Redistributions of source code must retain the above copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
63 *
64 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
65 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
66 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
67 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
68 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
69 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
70 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
71 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
72 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
73 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
74 * SUCH DAMAGE.
75 */
76
77 #include <sys/cdefs.h>
78 __FBSDID("$FreeBSD$");
79
80 /*
81 * Manages physical address maps.
82 *
83 * In addition to hardware address maps, this
84 * module is called upon to provide software-use-only
85 * maps which may or may not be stored in the same
86 * form as hardware maps. These pseudo-maps are
87 * used to store intermediate results from copy
88 * operations to and from address spaces.
89 *
90 * Since the information managed by this module is
91 * also stored by the logical address mapping module,
92 * this module may throw away valid virtual-to-physical
93 * mappings at almost any time. However, invalidations
94 * of virtual-to-physical mappings must be done as
95 * requested.
96 *
97 * In order to cope with hardware architectures which
98 * make virtual-to-physical map invalidates expensive,
99 * this module may delay invalidate or reduced protection
100 * operations until such time as they are actually
101 * necessary. This module is given full information as
102 * to which processors are currently using which maps,
103 * and to when physical maps must be made correct.
104 */
105
106 #include "opt_cpu.h"
107 #include "opt_pmap.h"
108 #include "opt_msgbuf.h"
109 #include "opt_smp.h"
110 #include "opt_xbox.h"
111
112 #include <sys/param.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
115 #include <sys/lock.h>
116 #include <sys/malloc.h>
117 #include <sys/mman.h>
118 #include <sys/msgbuf.h>
119 #include <sys/mutex.h>
120 #include <sys/proc.h>
121 #include <sys/sx.h>
122 #include <sys/vmmeter.h>
123 #include <sys/sched.h>
124 #include <sys/sysctl.h>
125 #ifdef SMP
126 #include <sys/smp.h>
127 #endif
128
129 #include <vm/vm.h>
130 #include <vm/vm_param.h>
131 #include <vm/vm_kern.h>
132 #include <vm/vm_page.h>
133 #include <vm/vm_map.h>
134 #include <vm/vm_object.h>
135 #include <vm/vm_extern.h>
136 #include <vm/vm_pageout.h>
137 #include <vm/vm_pager.h>
138 #include <vm/uma.h>
139
140 #include <machine/cpu.h>
141 #include <machine/cputypes.h>
142 #include <machine/md_var.h>
143 #include <machine/pcb.h>
144 #include <machine/specialreg.h>
145 #ifdef SMP
146 #include <machine/smp.h>
147 #endif
148
149 #ifdef XBOX
150 #include <machine/xbox.h>
151 #endif
152
153 #if !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
154 #define CPU_ENABLE_SSE
155 #endif
156
157 #ifndef PMAP_SHPGPERPROC
158 #define PMAP_SHPGPERPROC 200
159 #endif
160
161 #if defined(DIAGNOSTIC)
162 #define PMAP_DIAGNOSTIC
163 #endif
164
165 #if !defined(PMAP_DIAGNOSTIC)
166 #define PMAP_INLINE __gnu89_inline
167 #else
168 #define PMAP_INLINE
169 #endif
170
171 #define PV_STATS
172 #ifdef PV_STATS
173 #define PV_STAT(x) do { x ; } while (0)
174 #else
175 #define PV_STAT(x) do { } while (0)
176 #endif
177
178 /*
179 * Get PDEs and PTEs for user/kernel address space
180 */
181 #define pmap_pde(m, v) (&((m)->pm_pdir[(vm_offset_t)(v) >> PDRSHIFT]))
182 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
183
184 #define pmap_pde_v(pte) ((*(int *)pte & PG_V) != 0)
185 #define pmap_pte_w(pte) ((*(int *)pte & PG_W) != 0)
186 #define pmap_pte_m(pte) ((*(int *)pte & PG_M) != 0)
187 #define pmap_pte_u(pte) ((*(int *)pte & PG_A) != 0)
188 #define pmap_pte_v(pte) ((*(int *)pte & PG_V) != 0)
189
190 #define pmap_pte_set_w(pte, v) ((v) ? atomic_set_int((u_int *)(pte), PG_W) : \
191 atomic_clear_int((u_int *)(pte), PG_W))
192 #define pmap_pte_set_prot(pte, v) ((*(int *)pte &= ~PG_PROT), (*(int *)pte |= (v)))
193
194 struct pmap kernel_pmap_store;
195 LIST_HEAD(pmaplist, pmap);
196 static struct pmaplist allpmaps;
197 static struct mtx allpmaps_lock;
198
199 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
200 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
201 int pgeflag = 0; /* PG_G or-in */
202 int pseflag = 0; /* PG_PS or-in */
203
204 static int nkpt;
205 vm_offset_t kernel_vm_end;
206 extern u_int32_t KERNend;
207
208 #ifdef PAE
209 pt_entry_t pg_nx;
210 static uma_zone_t pdptzone;
211 #endif
212
213 /*
214 * Data for the pv entry allocation mechanism
215 */
216 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
217 static int shpgperproc = PMAP_SHPGPERPROC;
218
219 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
220 int pv_maxchunks; /* How many chunks we have KVA for */
221 vm_offset_t pv_vafree; /* freelist stored in the PTE */
222
223 /*
224 * All those kernel PT submaps that BSD is so fond of
225 */
226 struct sysmaps {
227 struct mtx lock;
228 pt_entry_t *CMAP1;
229 pt_entry_t *CMAP2;
230 caddr_t CADDR1;
231 caddr_t CADDR2;
232 };
233 static struct sysmaps sysmaps_pcpu[MAXCPU];
234 pt_entry_t *CMAP1 = 0;
235 static pt_entry_t *CMAP3;
236 caddr_t CADDR1 = 0, ptvmmap = 0;
237 static caddr_t CADDR3;
238 struct msgbuf *msgbufp = 0;
239
240 /*
241 * Crashdump maps.
242 */
243 static caddr_t crashdumpmap;
244
245 static pt_entry_t *PMAP1 = 0, *PMAP2;
246 static pt_entry_t *PADDR1 = 0, *PADDR2;
247 #ifdef SMP
248 static int PMAP1cpu;
249 static int PMAP1changedcpu;
250 SYSCTL_INT(_debug, OID_AUTO, PMAP1changedcpu, CTLFLAG_RD,
251 &PMAP1changedcpu, 0,
252 "Number of times pmap_pte_quick changed CPU with same PMAP1");
253 #endif
254 static int PMAP1changed;
255 SYSCTL_INT(_debug, OID_AUTO, PMAP1changed, CTLFLAG_RD,
256 &PMAP1changed, 0,
257 "Number of times pmap_pte_quick changed PMAP1");
258 static int PMAP1unchanged;
259 SYSCTL_INT(_debug, OID_AUTO, PMAP1unchanged, CTLFLAG_RD,
260 &PMAP1unchanged, 0,
261 "Number of times pmap_pte_quick didn't change PMAP1");
262 static struct mtx PMAP2mutex;
263
264 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
265 static pv_entry_t get_pv_entry(pmap_t locked_pmap, int try);
266
267 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
268 vm_page_t m, vm_prot_t prot, vm_page_t mpte);
269 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
270 vm_page_t *free);
271 static void pmap_remove_page(struct pmap *pmap, vm_offset_t va,
272 vm_page_t *free);
273 static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
274 vm_offset_t va);
275 static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);
276 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
277 vm_page_t m);
278
279 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);
280
281 static vm_page_t _pmap_allocpte(pmap_t pmap, unsigned ptepindex, int flags);
282 static int _pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free);
283 static pt_entry_t *pmap_pte_quick(pmap_t pmap, vm_offset_t va);
284 static void pmap_pte_release(pt_entry_t *pte);
285 static int pmap_unuse_pt(pmap_t, vm_offset_t, vm_page_t *);
286 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
287 #ifdef PAE
288 static void *pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait);
289 #endif
290
291 CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
292 CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));
293
294 /*
295 * If you get an error here, then you set KVA_PAGES wrong! See the
296 * description of KVA_PAGES in sys/i386/include/pmap.h. It must be
297 * multiple of 4 for a normal kernel, or a multiple of 8 for a PAE.
298 */
299 CTASSERT(KERNBASE % (1 << 24) == 0);
300
301 /*
302 * Move the kernel virtual free pointer to the next
303 * 4MB. This is used to help improve performance
304 * by using a large (4MB) page for much of the kernel
305 * (.text, .data, .bss)
306 */
307 static vm_offset_t
308 pmap_kmem_choose(vm_offset_t addr)
309 {
310 vm_offset_t newaddr = addr;
311
312 #ifndef DISABLE_PSE
313 if (cpu_feature & CPUID_PSE)
314 newaddr = (addr + PDRMASK) & ~PDRMASK;
315 #endif
316 return newaddr;
317 }
318
319 /*
320 * Bootstrap the system enough to run with virtual memory.
321 *
322 * On the i386 this is called after mapping has already been enabled
323 * and just syncs the pmap module with what has already been done.
324 * [We can't call it easily with mapping off since the kernel is not
325 * mapped with PA == VA, hence we would have to relocate every address
326 * from the linked base (virtual) address "KERNBASE" to the actual
327 * (physical) address starting relative to 0]
328 */
329 void
330 pmap_bootstrap(vm_paddr_t firstaddr)
331 {
332 vm_offset_t va;
333 pt_entry_t *pte, *unused;
334 struct sysmaps *sysmaps;
335 int i;
336
337 /*
338 * XXX The calculation of virtual_avail is wrong. It's NKPT*PAGE_SIZE too
339 * large. It should instead be correctly calculated in locore.s and
340 * not based on 'first' (which is a physical address, not a virtual
341 * address, for the start of unused physical memory). The kernel
342 * page tables are NOT double mapped and thus should not be included
343 * in this calculation.
344 */
345 virtual_avail = (vm_offset_t) KERNBASE + firstaddr;
346 virtual_avail = pmap_kmem_choose(virtual_avail);
347
348 virtual_end = VM_MAX_KERNEL_ADDRESS;
349
350 /*
351 * Initialize the kernel pmap (which is statically allocated).
352 */
353 PMAP_LOCK_INIT(kernel_pmap);
354 kernel_pmap->pm_pdir = (pd_entry_t *) (KERNBASE + (u_int)IdlePTD);
355 #ifdef PAE
356 kernel_pmap->pm_pdpt = (pdpt_entry_t *) (KERNBASE + (u_int)IdlePDPT);
357 #endif
358 kernel_pmap->pm_active = -1; /* don't allow deactivation */
359 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
360 LIST_INIT(&allpmaps);
361 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_SPIN);
362 mtx_lock_spin(&allpmaps_lock);
363 LIST_INSERT_HEAD(&allpmaps, kernel_pmap, pm_list);
364 mtx_unlock_spin(&allpmaps_lock);
365 nkpt = NKPT;
366
367 /*
368 * Reserve some special page table entries/VA space for temporary
369 * mapping of pages.
370 */
371 #define SYSMAP(c, p, v, n) \
372 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
373
374 va = virtual_avail;
375 pte = vtopte(va);
376
377 /*
378 * CMAP1/CMAP2 are used for zeroing and copying pages.
379 * CMAP3 is used for the idle process page zeroing.
380 */
381 for (i = 0; i < MAXCPU; i++) {
382 sysmaps = &sysmaps_pcpu[i];
383 mtx_init(&sysmaps->lock, "SYSMAPS", NULL, MTX_DEF);
384 SYSMAP(caddr_t, sysmaps->CMAP1, sysmaps->CADDR1, 1)
385 SYSMAP(caddr_t, sysmaps->CMAP2, sysmaps->CADDR2, 1)
386 }
387 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
388 SYSMAP(caddr_t, CMAP3, CADDR3, 1)
389 *CMAP3 = 0;
390
391 /*
392 * Crashdump maps.
393 */
394 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)
395
396 /*
397 * ptvmmap is used for reading arbitrary physical pages via /dev/mem.
398 */
399 SYSMAP(caddr_t, unused, ptvmmap, 1)
400
401 /*
402 * msgbufp is used to map the system message buffer.
403 */
404 SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(MSGBUF_SIZE)))
405
406 /*
407 * ptemap is used for pmap_pte_quick
408 */
409 SYSMAP(pt_entry_t *, PMAP1, PADDR1, 1);
410 SYSMAP(pt_entry_t *, PMAP2, PADDR2, 1);
411
412 mtx_init(&PMAP2mutex, "PMAP2", NULL, MTX_DEF);
413
414 virtual_avail = va;
415
416 *CMAP1 = 0;
417
418 /*
419 * Leave in place an identity mapping (virt == phys) for the low 1 MB
420 * physical memory region that is used by the ACPI wakeup code. This
421 * mapping must not have PG_G set.
422 */
423 #ifdef XBOX
424 /* FIXME: This is gross, but needed for the XBOX. Since we are in such
425 * an early stadium, we cannot yet neatly map video memory ... :-(
426 * Better fixes are very welcome! */
427 if (!arch_i386_is_xbox)
428 #endif
429 for (i = 1; i < NKPT; i++)
430 PTD[i] = 0;
431
432 /* Initialize the PAT MSR if present. */
433 pmap_init_pat();
434
435 /* Turn on PG_G on kernel page(s) */
436 pmap_set_pg();
437 }
438
439 /*
440 * Setup the PAT MSR.
441 */
442 void
443 pmap_init_pat(void)
444 {
445 uint64_t pat_msr;
446
447 /* Bail if this CPU doesn't implement PAT. */
448 if (!(cpu_feature & CPUID_PAT))
449 return;
450
451 #ifdef PAT_WORKS
452 /*
453 * Leave the indices 0-3 at the default of WB, WT, UC, and UC-.
454 * Program 4 and 5 as WP and WC.
455 * Leave 6 and 7 as UC and UC-.
456 */
457 pat_msr = rdmsr(MSR_PAT);
458 pat_msr &= ~(PAT_MASK(4) | PAT_MASK(5));
459 pat_msr |= PAT_VALUE(4, PAT_WRITE_PROTECTED) |
460 PAT_VALUE(5, PAT_WRITE_COMBINING);
461 #else
462 /*
463 * Due to some Intel errata, we can only safely use the lower 4
464 * PAT entries. Thus, just replace PAT Index 2 with WC instead
465 * of UC-.
466 *
467 * Intel Pentium III Processor Specification Update
468 * Errata E.27 (Upper Four PAT Entries Not Usable With Mode B
469 * or Mode C Paging)
470 *
471 * Intel Pentium IV Processor Specification Update
472 * Errata N46 (PAT Index MSB May Be Calculated Incorrectly)
473 */
474 pat_msr = rdmsr(MSR_PAT);
475 pat_msr &= ~PAT_MASK(2);
476 pat_msr |= PAT_VALUE(2, PAT_WRITE_COMBINING);
477 #endif
478 wrmsr(MSR_PAT, pat_msr);
479 }
480
481 /*
482 * Set PG_G on kernel pages. Only the BSP calls this when SMP is turned on.
483 */
484 void
485 pmap_set_pg(void)
486 {
487 pd_entry_t pdir;
488 pt_entry_t *pte;
489 vm_offset_t va, endva;
490 int i;
491
492 if (pgeflag == 0)
493 return;
494
495 i = KERNLOAD/NBPDR;
496 endva = KERNBASE + KERNend;
497
498 if (pseflag) {
499 va = KERNBASE + KERNLOAD;
500 while (va < endva) {
501 pdir = kernel_pmap->pm_pdir[KPTDI+i];
502 pdir |= pgeflag;
503 kernel_pmap->pm_pdir[KPTDI+i] = PTD[KPTDI+i] = pdir;
504 invltlb(); /* Play it safe, invltlb() every time */
505 i++;
506 va += NBPDR;
507 }
508 } else {
509 va = (vm_offset_t)btext;
510 while (va < endva) {
511 pte = vtopte(va);
512 if (*pte)
513 *pte |= pgeflag;
514 invltlb(); /* Play it safe, invltlb() every time */
515 va += PAGE_SIZE;
516 }
517 }
518 }
519
520 /*
521 * Initialize a vm_page's machine-dependent fields.
522 */
523 void
524 pmap_page_init(vm_page_t m)
525 {
526
527 TAILQ_INIT(&m->md.pv_list);
528 m->md.pv_list_count = 0;
529 }
530
531 #ifdef PAE
532
533 static MALLOC_DEFINE(M_PMAPPDPT, "pmap", "pmap pdpt");
534
535 static void *
536 pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
537 {
538
539 /* Inform UMA that this allocator uses kernel_map/object. */
540 *flags = UMA_SLAB_KERNEL;
541 return (contigmalloc(PAGE_SIZE, M_PMAPPDPT, 0, 0x0ULL, 0xffffffffULL,
542 1, 0));
543 }
544 #endif
545
546 /*
547 * ABuse the pte nodes for unmapped kva to thread a kva freelist through.
548 * Requirements:
549 * - Must deal with pages in order to ensure that none of the PG_* bits
550 * are ever set, PG_V in particular.
551 * - Assumes we can write to ptes without pte_store() atomic ops, even
552 * on PAE systems. This should be ok.
553 * - Assumes nothing will ever test these addresses for 0 to indicate
554 * no mapping instead of correctly checking PG_V.
555 * - Assumes a vm_offset_t will fit in a pte (true for i386).
556 * Because PG_V is never set, there can be no mappings to invalidate.
557 */
558 static vm_offset_t
559 pmap_ptelist_alloc(vm_offset_t *head)
560 {
561 pt_entry_t *pte;
562 vm_offset_t va;
563
564 va = *head;
565 if (va == 0)
566 return (va); /* Out of memory */
567 pte = vtopte(va);
568 *head = *pte;
569 if (*head & PG_V)
570 panic("pmap_ptelist_alloc: va with PG_V set!");
571 *pte = 0;
572 return (va);
573 }
574
575 static void
576 pmap_ptelist_free(vm_offset_t *head, vm_offset_t va)
577 {
578 pt_entry_t *pte;
579
580 if (va & PG_V)
581 panic("pmap_ptelist_free: freeing va with PG_V set!");
582 pte = vtopte(va);
583 *pte = *head; /* virtual! PG_V is 0 though */
584 *head = va;
585 }
586
587 static void
588 pmap_ptelist_init(vm_offset_t *head, void *base, int npages)
589 {
590 int i;
591 vm_offset_t va;
592
593 *head = 0;
594 for (i = npages - 1; i >= 0; i--) {
595 va = (vm_offset_t)base + i * PAGE_SIZE;
596 pmap_ptelist_free(head, va);
597 }
598 }
599
600
601 /*
602 * Initialize the pmap module.
603 * Called by vm_init, to initialize any structures that the pmap
604 * system needs to map virtual memory.
605 */
606 void
607 pmap_init(void)
608 {
609
610 /*
611 * Initialize the address space (zone) for the pv entries. Set a
612 * high water mark so that the system can recover from excessive
613 * numbers of pv entries.
614 */
615 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
616 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
617 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
618 pv_entry_max = roundup(pv_entry_max, _NPCPV);
619 pv_entry_high_water = 9 * (pv_entry_max / 10);
620
621 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
622 pv_chunkbase = (struct pv_chunk *)kmem_alloc_nofault(kernel_map,
623 PAGE_SIZE * pv_maxchunks);
624 if (pv_chunkbase == NULL)
625 panic("pmap_init: not enough kvm for pv chunks");
626 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
627 #ifdef PAE
628 pdptzone = uma_zcreate("PDPT", NPGPTD * sizeof(pdpt_entry_t), NULL,
629 NULL, NULL, NULL, (NPGPTD * sizeof(pdpt_entry_t)) - 1,
630 UMA_ZONE_VM | UMA_ZONE_NOFREE);
631 uma_zone_set_allocf(pdptzone, pmap_pdpt_allocf);
632 #endif
633 }
634
635
636 SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
637 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
638 "Max number of PV entries");
639 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
640 "Page share factor per proc");
641
642 /***************************************************
643 * Low level helper routines.....
644 ***************************************************/
645
646 /*
647 * Determine the appropriate bits to set in a PTE or PDE for a specified
648 * caching mode.
649 */
650 static int
651 pmap_cache_bits(int mode, boolean_t is_pde)
652 {
653 int pat_flag, pat_index, cache_bits;
654
655 /* The PAT bit is different for PTE's and PDE's. */
656 pat_flag = is_pde ? PG_PDE_PAT : PG_PTE_PAT;
657
658 /* If we don't support PAT, map extended modes to older ones. */
659 if (!(cpu_feature & CPUID_PAT)) {
660 switch (mode) {
661 case PAT_UNCACHEABLE:
662 case PAT_WRITE_THROUGH:
663 case PAT_WRITE_BACK:
664 break;
665 case PAT_UNCACHED:
666 case PAT_WRITE_COMBINING:
667 case PAT_WRITE_PROTECTED:
668 mode = PAT_UNCACHEABLE;
669 break;
670 }
671 }
672
673 /* Map the caching mode to a PAT index. */
674 switch (mode) {
675 #ifdef PAT_WORKS
676 case PAT_UNCACHEABLE:
677 pat_index = 3;
678 break;
679 case PAT_WRITE_THROUGH:
680 pat_index = 1;
681 break;
682 case PAT_WRITE_BACK:
683 pat_index = 0;
684 break;
685 case PAT_UNCACHED:
686 pat_index = 2;
687 break;
688 case PAT_WRITE_COMBINING:
689 pat_index = 5;
690 break;
691 case PAT_WRITE_PROTECTED:
692 pat_index = 4;
693 break;
694 #else
695 case PAT_UNCACHED:
696 case PAT_UNCACHEABLE:
697 case PAT_WRITE_PROTECTED:
698 pat_index = 3;
699 break;
700 case PAT_WRITE_THROUGH:
701 pat_index = 1;
702 break;
703 case PAT_WRITE_BACK:
704 pat_index = 0;
705 break;
706 case PAT_WRITE_COMBINING:
707 pat_index = 2;
708 break;
709 #endif
710 default:
711 panic("Unknown caching mode %d\n", mode);
712 }
713
714 /* Map the 3-bit index value into the PAT, PCD, and PWT bits. */
715 cache_bits = 0;
716 if (pat_index & 0x4)
717 cache_bits |= pat_flag;
718 if (pat_index & 0x2)
719 cache_bits |= PG_NC_PCD;
720 if (pat_index & 0x1)
721 cache_bits |= PG_NC_PWT;
722 return (cache_bits);
723 }
724 #ifdef SMP
725 /*
726 * For SMP, these functions have to use the IPI mechanism for coherence.
727 *
728 * N.B.: Before calling any of the following TLB invalidation functions,
729 * the calling processor must ensure that all stores updating a non-
730 * kernel page table are globally performed. Otherwise, another
731 * processor could cache an old, pre-update entry without being
732 * invalidated. This can happen one of two ways: (1) The pmap becomes
733 * active on another processor after its pm_active field is checked by
734 * one of the following functions but before a store updating the page
735 * table is globally performed. (2) The pmap becomes active on another
736 * processor before its pm_active field is checked but due to
737 * speculative loads one of the following functions stills reads the
738 * pmap as inactive on the other processor.
739 *
740 * The kernel page table is exempt because its pm_active field is
741 * immutable. The kernel page table is always active on every
742 * processor.
743 */
744 void
745 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
746 {
747 u_int cpumask;
748 u_int other_cpus;
749
750 sched_pin();
751 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
752 invlpg(va);
753 smp_invlpg(va);
754 } else {
755 cpumask = PCPU_GET(cpumask);
756 other_cpus = PCPU_GET(other_cpus);
757 if (pmap->pm_active & cpumask)
758 invlpg(va);
759 if (pmap->pm_active & other_cpus)
760 smp_masked_invlpg(pmap->pm_active & other_cpus, va);
761 }
762 sched_unpin();
763 }
764
765 void
766 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
767 {
768 u_int cpumask;
769 u_int other_cpus;
770 vm_offset_t addr;
771
772 sched_pin();
773 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
774 for (addr = sva; addr < eva; addr += PAGE_SIZE)
775 invlpg(addr);
776 smp_invlpg_range(sva, eva);
777 } else {
778 cpumask = PCPU_GET(cpumask);
779 other_cpus = PCPU_GET(other_cpus);
780 if (pmap->pm_active & cpumask)
781 for (addr = sva; addr < eva; addr += PAGE_SIZE)
782 invlpg(addr);
783 if (pmap->pm_active & other_cpus)
784 smp_masked_invlpg_range(pmap->pm_active & other_cpus,
785 sva, eva);
786 }
787 sched_unpin();
788 }
789
790 void
791 pmap_invalidate_all(pmap_t pmap)
792 {
793 u_int cpumask;
794 u_int other_cpus;
795
796 sched_pin();
797 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
798 invltlb();
799 smp_invltlb();
800 } else {
801 cpumask = PCPU_GET(cpumask);
802 other_cpus = PCPU_GET(other_cpus);
803 if (pmap->pm_active & cpumask)
804 invltlb();
805 if (pmap->pm_active & other_cpus)
806 smp_masked_invltlb(pmap->pm_active & other_cpus);
807 }
808 sched_unpin();
809 }
810
811 void
812 pmap_invalidate_cache(void)
813 {
814
815 sched_pin();
816 wbinvd();
817 smp_cache_flush();
818 sched_unpin();
819 }
820 #else /* !SMP */
821 /*
822 * Normal, non-SMP, 486+ invalidation functions.
823 * We inline these within pmap.c for speed.
824 */
825 PMAP_INLINE void
826 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
827 {
828
829 if (pmap == kernel_pmap || pmap->pm_active)
830 invlpg(va);
831 }
832
833 PMAP_INLINE void
834 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
835 {
836 vm_offset_t addr;
837
838 if (pmap == kernel_pmap || pmap->pm_active)
839 for (addr = sva; addr < eva; addr += PAGE_SIZE)
840 invlpg(addr);
841 }
842
843 PMAP_INLINE void
844 pmap_invalidate_all(pmap_t pmap)
845 {
846
847 if (pmap == kernel_pmap || pmap->pm_active)
848 invltlb();
849 }
850
851 PMAP_INLINE void
852 pmap_invalidate_cache(void)
853 {
854
855 wbinvd();
856 }
857 #endif /* !SMP */
858
859 /*
860 * Are we current address space or kernel? N.B. We return FALSE when
861 * a pmap's page table is in use because a kernel thread is borrowing
862 * it. The borrowed page table can change spontaneously, making any
863 * dependence on its continued use subject to a race condition.
864 */
865 static __inline int
866 pmap_is_current(pmap_t pmap)
867 {
868
869 return (pmap == kernel_pmap ||
870 (pmap == vmspace_pmap(curthread->td_proc->p_vmspace) &&
871 (pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] & PG_FRAME)));
872 }
873
874 /*
875 * If the given pmap is not the current or kernel pmap, the returned pte must
876 * be released by passing it to pmap_pte_release().
877 */
878 pt_entry_t *
879 pmap_pte(pmap_t pmap, vm_offset_t va)
880 {
881 pd_entry_t newpf;
882 pd_entry_t *pde;
883
884 pde = pmap_pde(pmap, va);
885 if (*pde & PG_PS)
886 return (pde);
887 if (*pde != 0) {
888 /* are we current address space or kernel? */
889 if (pmap_is_current(pmap))
890 return (vtopte(va));
891 mtx_lock(&PMAP2mutex);
892 newpf = *pde & PG_FRAME;
893 if ((*PMAP2 & PG_FRAME) != newpf) {
894 *PMAP2 = newpf | PG_RW | PG_V | PG_A | PG_M;
895 pmap_invalidate_page(kernel_pmap, (vm_offset_t)PADDR2);
896 }
897 return (PADDR2 + (i386_btop(va) & (NPTEPG - 1)));
898 }
899 return (0);
900 }
901
902 /*
903 * Releases a pte that was obtained from pmap_pte(). Be prepared for the pte
904 * being NULL.
905 */
906 static __inline void
907 pmap_pte_release(pt_entry_t *pte)
908 {
909
910 if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2)
911 mtx_unlock(&PMAP2mutex);
912 }
913
914 static __inline void
915 invlcaddr(void *caddr)
916 {
917
918 invlpg((u_int)caddr);
919 }
920
921 /*
922 * Super fast pmap_pte routine best used when scanning
923 * the pv lists. This eliminates many coarse-grained
924 * invltlb calls. Note that many of the pv list
925 * scans are across different pmaps. It is very wasteful
926 * to do an entire invltlb for checking a single mapping.
927 *
928 * If the given pmap is not the current pmap, vm_page_queue_mtx
929 * must be held and curthread pinned to a CPU.
930 */
931 static pt_entry_t *
932 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
933 {
934 pd_entry_t newpf;
935 pd_entry_t *pde;
936
937 pde = pmap_pde(pmap, va);
938 if (*pde & PG_PS)
939 return (pde);
940 if (*pde != 0) {
941 /* are we current address space or kernel? */
942 if (pmap_is_current(pmap))
943 return (vtopte(va));
944 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
945 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
946 newpf = *pde & PG_FRAME;
947 if ((*PMAP1 & PG_FRAME) != newpf) {
948 *PMAP1 = newpf | PG_RW | PG_V | PG_A | PG_M;
949 #ifdef SMP
950 PMAP1cpu = PCPU_GET(cpuid);
951 #endif
952 invlcaddr(PADDR1);
953 PMAP1changed++;
954 } else
955 #ifdef SMP
956 if (PMAP1cpu != PCPU_GET(cpuid)) {
957 PMAP1cpu = PCPU_GET(cpuid);
958 invlcaddr(PADDR1);
959 PMAP1changedcpu++;
960 } else
961 #endif
962 PMAP1unchanged++;
963 return (PADDR1 + (i386_btop(va) & (NPTEPG - 1)));
964 }
965 return (0);
966 }
967
968 /*
969 * Routine: pmap_extract
970 * Function:
971 * Extract the physical page address associated
972 * with the given map/virtual_address pair.
973 */
974 vm_paddr_t
975 pmap_extract(pmap_t pmap, vm_offset_t va)
976 {
977 vm_paddr_t rtval;
978 pt_entry_t *pte;
979 pd_entry_t pde;
980
981 rtval = 0;
982 PMAP_LOCK(pmap);
983 pde = pmap->pm_pdir[va >> PDRSHIFT];
984 if (pde != 0) {
985 if ((pde & PG_PS) != 0) {
986 rtval = (pde & PG_PS_FRAME) | (va & PDRMASK);
987 PMAP_UNLOCK(pmap);
988 return rtval;
989 }
990 pte = pmap_pte(pmap, va);
991 rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
992 pmap_pte_release(pte);
993 }
994 PMAP_UNLOCK(pmap);
995 return (rtval);
996 }
997
998 /*
999 * Routine: pmap_extract_and_hold
1000 * Function:
1001 * Atomically extract and hold the physical page
1002 * with the given pmap and virtual address pair
1003 * if that mapping permits the given protection.
1004 */
1005 vm_page_t
1006 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1007 {
1008 pd_entry_t pde;
1009 pt_entry_t pte;
1010 vm_page_t m;
1011
1012 m = NULL;
1013 vm_page_lock_queues();
1014 PMAP_LOCK(pmap);
1015 pde = *pmap_pde(pmap, va);
1016 if (pde != 0) {
1017 if (pde & PG_PS) {
1018 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
1019 m = PHYS_TO_VM_PAGE((pde & PG_PS_FRAME) |
1020 (va & PDRMASK));
1021 vm_page_hold(m);
1022 }
1023 } else {
1024 sched_pin();
1025 pte = *pmap_pte_quick(pmap, va);
1026 if (pte != 0 &&
1027 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
1028 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
1029 vm_page_hold(m);
1030 }
1031 sched_unpin();
1032 }
1033 }
1034 vm_page_unlock_queues();
1035 PMAP_UNLOCK(pmap);
1036 return (m);
1037 }
1038
1039 /***************************************************
1040 * Low level mapping routines.....
1041 ***************************************************/
1042
1043 /*
1044 * Add a wired page to the kva.
1045 * Note: not SMP coherent.
1046 */
1047 PMAP_INLINE void
1048 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1049 {
1050 pt_entry_t *pte;
1051
1052 pte = vtopte(va);
1053 pte_store(pte, pa | PG_RW | PG_V | pgeflag);
1054 }
1055
1056 PMAP_INLINE void
1057 pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode)
1058 {
1059 pt_entry_t *pte;
1060
1061 pte = vtopte(va);
1062 pte_store(pte, pa | PG_RW | PG_V | pgeflag | pmap_cache_bits(mode, 0));
1063 }
1064
1065 /*
1066 * Remove a page from the kernel pagetables.
1067 * Note: not SMP coherent.
1068 */
1069 PMAP_INLINE void
1070 pmap_kremove(vm_offset_t va)
1071 {
1072 pt_entry_t *pte;
1073
1074 pte = vtopte(va);
1075 pte_clear(pte);
1076 }
1077
1078 /*
1079 * Used to map a range of physical addresses into kernel
1080 * virtual address space.
1081 *
1082 * The value passed in '*virt' is a suggested virtual address for
1083 * the mapping. Architectures which can support a direct-mapped
1084 * physical to virtual region can return the appropriate address
1085 * within that region, leaving '*virt' unchanged. Other
1086 * architectures should map the pages starting at '*virt' and
1087 * update '*virt' with the first usable address after the mapped
1088 * region.
1089 */
1090 vm_offset_t
1091 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1092 {
1093 vm_offset_t va, sva;
1094
1095 va = sva = *virt;
1096 while (start < end) {
1097 pmap_kenter(va, start);
1098 va += PAGE_SIZE;
1099 start += PAGE_SIZE;
1100 }
1101 pmap_invalidate_range(kernel_pmap, sva, va);
1102 *virt = va;
1103 return (sva);
1104 }
1105
1106
1107 /*
1108 * Add a list of wired pages to the kva
1109 * this routine is only used for temporary
1110 * kernel mappings that do not need to have
1111 * page modification or references recorded.
1112 * Note that old mappings are simply written
1113 * over. The page *must* be wired.
1114 * Note: SMP coherent. Uses a ranged shootdown IPI.
1115 */
1116 void
1117 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1118 {
1119 pt_entry_t *endpte, oldpte, *pte;
1120
1121 oldpte = 0;
1122 pte = vtopte(sva);
1123 endpte = pte + count;
1124 while (pte < endpte) {
1125 oldpte |= *pte;
1126 pte_store(pte, VM_PAGE_TO_PHYS(*ma) | pgeflag | PG_RW | PG_V);
1127 pte++;
1128 ma++;
1129 }
1130 if ((oldpte & PG_V) != 0)
1131 pmap_invalidate_range(kernel_pmap, sva, sva + count *
1132 PAGE_SIZE);
1133 }
1134
1135 /*
1136 * This routine tears out page mappings from the
1137 * kernel -- it is meant only for temporary mappings.
1138 * Note: SMP coherent. Uses a ranged shootdown IPI.
1139 */
1140 void
1141 pmap_qremove(vm_offset_t sva, int count)
1142 {
1143 vm_offset_t va;
1144
1145 va = sva;
1146 while (count-- > 0) {
1147 pmap_kremove(va);
1148 va += PAGE_SIZE;
1149 }
1150 pmap_invalidate_range(kernel_pmap, sva, va);
1151 }
1152
1153 /***************************************************
1154 * Page table page management routines.....
1155 ***************************************************/
1156 static __inline void
1157 pmap_free_zero_pages(vm_page_t free)
1158 {
1159 vm_page_t m;
1160
1161 while (free != NULL) {
1162 m = free;
1163 free = m->right;
1164 vm_page_free_zero(m);
1165 }
1166 }
1167
1168 /*
1169 * This routine unholds page table pages, and if the hold count
1170 * drops to zero, then it decrements the wire count.
1171 */
1172 static __inline int
1173 pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free)
1174 {
1175
1176 --m->wire_count;
1177 if (m->wire_count == 0)
1178 return _pmap_unwire_pte_hold(pmap, m, free);
1179 else
1180 return 0;
1181 }
1182
1183 static int
1184 _pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free)
1185 {
1186 vm_offset_t pteva;
1187
1188 /*
1189 * unmap the page table page
1190 */
1191 pmap->pm_pdir[m->pindex] = 0;
1192 --pmap->pm_stats.resident_count;
1193
1194 /*
1195 * This is a release store so that the ordinary store unmapping
1196 * the page table page is globally performed before TLB shoot-
1197 * down is begun.
1198 */
1199 atomic_subtract_rel_int(&cnt.v_wire_count, 1);
1200
1201 /*
1202 * Do an invltlb to make the invalidated mapping
1203 * take effect immediately.
1204 */
1205 pteva = VM_MAXUSER_ADDRESS + i386_ptob(m->pindex);
1206 pmap_invalidate_page(pmap, pteva);
1207
1208 /*
1209 * Put page on a list so that it is released after
1210 * *ALL* TLB shootdown is done
1211 */
1212 m->right = *free;
1213 *free = m;
1214
1215 return 1;
1216 }
1217
1218 /*
1219 * After removing a page table entry, this routine is used to
1220 * conditionally free the page, and manage the hold/wire counts.
1221 */
1222 static int
1223 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, vm_page_t *free)
1224 {
1225 pd_entry_t ptepde;
1226 vm_page_t mpte;
1227
1228 if (va >= VM_MAXUSER_ADDRESS)
1229 return 0;
1230 ptepde = *pmap_pde(pmap, va);
1231 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
1232 return pmap_unwire_pte_hold(pmap, mpte, free);
1233 }
1234
1235 void
1236 pmap_pinit0(pmap_t pmap)
1237 {
1238
1239 PMAP_LOCK_INIT(pmap);
1240 pmap->pm_pdir = (pd_entry_t *)(KERNBASE + (vm_offset_t)IdlePTD);
1241 #ifdef PAE
1242 pmap->pm_pdpt = (pdpt_entry_t *)(KERNBASE + (vm_offset_t)IdlePDPT);
1243 #endif
1244 pmap->pm_active = 0;
1245 PCPU_SET(curpmap, pmap);
1246 TAILQ_INIT(&pmap->pm_pvchunk);
1247 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1248 mtx_lock_spin(&allpmaps_lock);
1249 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1250 mtx_unlock_spin(&allpmaps_lock);
1251 }
1252
1253 /*
1254 * Initialize a preallocated and zeroed pmap structure,
1255 * such as one in a vmspace structure.
1256 */
1257 int
1258 pmap_pinit(pmap_t pmap)
1259 {
1260 vm_page_t m, ptdpg[NPGPTD];
1261 vm_paddr_t pa;
1262 static int color;
1263 int i;
1264
1265 PMAP_LOCK_INIT(pmap);
1266
1267 /*
1268 * No need to allocate page table space yet but we do need a valid
1269 * page directory table.
1270 */
1271 if (pmap->pm_pdir == NULL) {
1272 pmap->pm_pdir = (pd_entry_t *)kmem_alloc_nofault(kernel_map,
1273 NBPTD);
1274
1275 if (pmap->pm_pdir == NULL) {
1276 PMAP_LOCK_DESTROY(pmap);
1277 return (0);
1278 }
1279 #ifdef PAE
1280 pmap->pm_pdpt = uma_zalloc(pdptzone, M_WAITOK | M_ZERO);
1281 KASSERT(((vm_offset_t)pmap->pm_pdpt &
1282 ((NPGPTD * sizeof(pdpt_entry_t)) - 1)) == 0,
1283 ("pmap_pinit: pdpt misaligned"));
1284 KASSERT(pmap_kextract((vm_offset_t)pmap->pm_pdpt) < (4ULL<<30),
1285 ("pmap_pinit: pdpt above 4g"));
1286 #endif
1287 }
1288
1289 /*
1290 * allocate the page directory page(s)
1291 */
1292 for (i = 0; i < NPGPTD;) {
1293 m = vm_page_alloc(NULL, color++,
1294 VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1295 VM_ALLOC_ZERO);
1296 if (m == NULL)
1297 VM_WAIT;
1298 else {
1299 ptdpg[i++] = m;
1300 }
1301 }
1302
1303 pmap_qenter((vm_offset_t)pmap->pm_pdir, ptdpg, NPGPTD);
1304
1305 for (i = 0; i < NPGPTD; i++) {
1306 if ((ptdpg[i]->flags & PG_ZERO) == 0)
1307 bzero(pmap->pm_pdir + (i * NPDEPG), PAGE_SIZE);
1308 }
1309
1310 mtx_lock_spin(&allpmaps_lock);
1311 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1312 mtx_unlock_spin(&allpmaps_lock);
1313 /* Wire in kernel global address entries. */
1314 bcopy(PTD + KPTDI, pmap->pm_pdir + KPTDI, nkpt * sizeof(pd_entry_t));
1315
1316 /* install self-referential address mapping entry(s) */
1317 for (i = 0; i < NPGPTD; i++) {
1318 pa = VM_PAGE_TO_PHYS(ptdpg[i]);
1319 pmap->pm_pdir[PTDPTDI + i] = pa | PG_V | PG_RW | PG_A | PG_M;
1320 #ifdef PAE
1321 pmap->pm_pdpt[i] = pa | PG_V;
1322 #endif
1323 }
1324
1325 pmap->pm_active = 0;
1326 TAILQ_INIT(&pmap->pm_pvchunk);
1327 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1328
1329 return (1);
1330 }
1331
1332 /*
1333 * this routine is called if the page table page is not
1334 * mapped correctly.
1335 */
1336 static vm_page_t
1337 _pmap_allocpte(pmap_t pmap, unsigned ptepindex, int flags)
1338 {
1339 vm_paddr_t ptepa;
1340 vm_page_t m;
1341
1342 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1343 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1344 ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1345
1346 /*
1347 * Allocate a page table page.
1348 */
1349 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1350 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1351 if (flags & M_WAITOK) {
1352 PMAP_UNLOCK(pmap);
1353 vm_page_unlock_queues();
1354 VM_WAIT;
1355 vm_page_lock_queues();
1356 PMAP_LOCK(pmap);
1357 }
1358
1359 /*
1360 * Indicate the need to retry. While waiting, the page table
1361 * page may have been allocated.
1362 */
1363 return (NULL);
1364 }
1365 if ((m->flags & PG_ZERO) == 0)
1366 pmap_zero_page(m);
1367
1368 /*
1369 * Map the pagetable page into the process address space, if
1370 * it isn't already there.
1371 */
1372
1373 pmap->pm_stats.resident_count++;
1374
1375 ptepa = VM_PAGE_TO_PHYS(m);
1376 pmap->pm_pdir[ptepindex] =
1377 (pd_entry_t) (ptepa | PG_U | PG_RW | PG_V | PG_A | PG_M);
1378
1379 return m;
1380 }
1381
1382 static vm_page_t
1383 pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
1384 {
1385 unsigned ptepindex;
1386 pd_entry_t ptepa;
1387 vm_page_t m;
1388
1389 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1390 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1391 ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1392
1393 /*
1394 * Calculate pagetable page index
1395 */
1396 ptepindex = va >> PDRSHIFT;
1397 retry:
1398 /*
1399 * Get the page directory entry
1400 */
1401 ptepa = pmap->pm_pdir[ptepindex];
1402
1403 /*
1404 * This supports switching from a 4MB page to a
1405 * normal 4K page.
1406 */
1407 if (ptepa & PG_PS) {
1408 pmap->pm_pdir[ptepindex] = 0;
1409 ptepa = 0;
1410 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
1411 pmap_invalidate_all(kernel_pmap);
1412 }
1413
1414 /*
1415 * If the page table page is mapped, we just increment the
1416 * hold count, and activate it.
1417 */
1418 if (ptepa) {
1419 m = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
1420 m->wire_count++;
1421 } else {
1422 /*
1423 * Here if the pte page isn't mapped, or if it has
1424 * been deallocated.
1425 */
1426 m = _pmap_allocpte(pmap, ptepindex, flags);
1427 if (m == NULL && (flags & M_WAITOK))
1428 goto retry;
1429 }
1430 return (m);
1431 }
1432
1433
1434 /***************************************************
1435 * Pmap allocation/deallocation routines.
1436 ***************************************************/
1437
1438 #ifdef SMP
1439 /*
1440 * Deal with a SMP shootdown of other users of the pmap that we are
1441 * trying to dispose of. This can be a bit hairy.
1442 */
1443 static u_int *lazymask;
1444 static u_int lazyptd;
1445 static volatile u_int lazywait;
1446
1447 void pmap_lazyfix_action(void);
1448
1449 void
1450 pmap_lazyfix_action(void)
1451 {
1452 u_int mymask = PCPU_GET(cpumask);
1453
1454 #ifdef COUNT_IPIS
1455 (*ipi_lazypmap_counts[PCPU_GET(cpuid)])++;
1456 #endif
1457 if (rcr3() == lazyptd)
1458 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1459 atomic_clear_int(lazymask, mymask);
1460 atomic_store_rel_int(&lazywait, 1);
1461 }
1462
1463 static void
1464 pmap_lazyfix_self(u_int mymask)
1465 {
1466
1467 if (rcr3() == lazyptd)
1468 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1469 atomic_clear_int(lazymask, mymask);
1470 }
1471
1472
1473 static void
1474 pmap_lazyfix(pmap_t pmap)
1475 {
1476 u_int mymask;
1477 u_int mask;
1478 u_int spins;
1479
1480 while ((mask = pmap->pm_active) != 0) {
1481 spins = 50000000;
1482 mask = mask & -mask; /* Find least significant set bit */
1483 mtx_lock_spin(&smp_ipi_mtx);
1484 #ifdef PAE
1485 lazyptd = vtophys(pmap->pm_pdpt);
1486 #else
1487 lazyptd = vtophys(pmap->pm_pdir);
1488 #endif
1489 mymask = PCPU_GET(cpumask);
1490 if (mask == mymask) {
1491 lazymask = &pmap->pm_active;
1492 pmap_lazyfix_self(mymask);
1493 } else {
1494 atomic_store_rel_int((u_int *)&lazymask,
1495 (u_int)&pmap->pm_active);
1496 atomic_store_rel_int(&lazywait, 0);
1497 ipi_selected(mask, IPI_LAZYPMAP);
1498 while (lazywait == 0) {
1499 ia32_pause();
1500 if (--spins == 0)
1501 break;
1502 }
1503 }
1504 mtx_unlock_spin(&smp_ipi_mtx);
1505 if (spins == 0)
1506 printf("pmap_lazyfix: spun for 50000000\n");
1507 }
1508 }
1509
1510 #else /* SMP */
1511
1512 /*
1513 * Cleaning up on uniprocessor is easy. For various reasons, we're
1514 * unlikely to have to even execute this code, including the fact
1515 * that the cleanup is deferred until the parent does a wait(2), which
1516 * means that another userland process has run.
1517 */
1518 static void
1519 pmap_lazyfix(pmap_t pmap)
1520 {
1521 u_int cr3;
1522
1523 cr3 = vtophys(pmap->pm_pdir);
1524 if (cr3 == rcr3()) {
1525 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1526 pmap->pm_active &= ~(PCPU_GET(cpumask));
1527 }
1528 }
1529 #endif /* SMP */
1530
1531 /*
1532 * Release any resources held by the given physical map.
1533 * Called when a pmap initialized by pmap_pinit is being released.
1534 * Should only be called if the map contains no valid mappings.
1535 */
1536 void
1537 pmap_release(pmap_t pmap)
1538 {
1539 vm_page_t m, ptdpg[NPGPTD];
1540 int i;
1541
1542 KASSERT(pmap->pm_stats.resident_count == 0,
1543 ("pmap_release: pmap resident count %ld != 0",
1544 pmap->pm_stats.resident_count));
1545
1546 pmap_lazyfix(pmap);
1547 mtx_lock_spin(&allpmaps_lock);
1548 LIST_REMOVE(pmap, pm_list);
1549 mtx_unlock_spin(&allpmaps_lock);
1550
1551 for (i = 0; i < NPGPTD; i++)
1552 ptdpg[i] = PHYS_TO_VM_PAGE(pmap->pm_pdir[PTDPTDI + i] &
1553 PG_FRAME);
1554
1555 bzero(pmap->pm_pdir + PTDPTDI, (nkpt + NPGPTD) *
1556 sizeof(*pmap->pm_pdir));
1557
1558 pmap_qremove((vm_offset_t)pmap->pm_pdir, NPGPTD);
1559
1560 for (i = 0; i < NPGPTD; i++) {
1561 m = ptdpg[i];
1562 #ifdef PAE
1563 KASSERT(VM_PAGE_TO_PHYS(m) == (pmap->pm_pdpt[i] & PG_FRAME),
1564 ("pmap_release: got wrong ptd page"));
1565 #endif
1566 m->wire_count--;
1567 atomic_subtract_int(&cnt.v_wire_count, 1);
1568 vm_page_free_zero(m);
1569 }
1570 PMAP_LOCK_DESTROY(pmap);
1571 }
1572
1573 static int
1574 kvm_size(SYSCTL_HANDLER_ARGS)
1575 {
1576 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;
1577
1578 return sysctl_handle_long(oidp, &ksize, 0, req);
1579 }
1580 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
1581 0, 0, kvm_size, "IU", "Size of KVM");
1582
1583 static int
1584 kvm_free(SYSCTL_HANDLER_ARGS)
1585 {
1586 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1587
1588 return sysctl_handle_long(oidp, &kfree, 0, req);
1589 }
1590 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
1591 0, 0, kvm_free, "IU", "Amount of KVM free");
1592
1593 /*
1594 * grow the number of kernel page table entries, if needed
1595 */
1596 void
1597 pmap_growkernel(vm_offset_t addr)
1598 {
1599 struct pmap *pmap;
1600 vm_paddr_t ptppaddr;
1601 vm_page_t nkpg;
1602 pd_entry_t newpdir;
1603 pt_entry_t *pde;
1604
1605 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1606 if (kernel_vm_end == 0) {
1607 kernel_vm_end = KERNBASE;
1608 nkpt = 0;
1609 while (pdir_pde(PTD, kernel_vm_end)) {
1610 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1611 nkpt++;
1612 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1613 kernel_vm_end = kernel_map->max_offset;
1614 break;
1615 }
1616 }
1617 }
1618 addr = roundup2(addr, PAGE_SIZE * NPTEPG);
1619 if (addr - 1 >= kernel_map->max_offset)
1620 addr = kernel_map->max_offset;
1621 while (kernel_vm_end < addr) {
1622 if (pdir_pde(PTD, kernel_vm_end)) {
1623 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1624 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1625 kernel_vm_end = kernel_map->max_offset;
1626 break;
1627 }
1628 continue;
1629 }
1630
1631 /*
1632 * This index is bogus, but out of the way
1633 */
1634 nkpg = vm_page_alloc(NULL, nkpt,
1635 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1636 VM_ALLOC_ZERO);
1637 if (!nkpg)
1638 panic("pmap_growkernel: no memory to grow kernel");
1639
1640 nkpt++;
1641
1642 if ((nkpg->flags & PG_ZERO) == 0)
1643 pmap_zero_page(nkpg);
1644 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
1645 newpdir = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
1646 pdir_pde(PTD, kernel_vm_end) = newpdir;
1647
1648 mtx_lock_spin(&allpmaps_lock);
1649 LIST_FOREACH(pmap, &allpmaps, pm_list) {
1650 pde = pmap_pde(pmap, kernel_vm_end);
1651 pde_store(pde, newpdir);
1652 }
1653 mtx_unlock_spin(&allpmaps_lock);
1654 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1655 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1656 kernel_vm_end = kernel_map->max_offset;
1657 break;
1658 }
1659 }
1660 }
1661
1662
1663 /***************************************************
1664 * page management routines.
1665 ***************************************************/
1666
1667 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1668 CTASSERT(_NPCM == 11);
1669
1670 static __inline struct pv_chunk *
1671 pv_to_chunk(pv_entry_t pv)
1672 {
1673
1674 return (struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK);
1675 }
1676
1677 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1678
1679 #define PC_FREE0_9 0xfffffffful /* Free values for index 0 through 9 */
1680 #define PC_FREE10 0x0000fffful /* Free values for index 10 */
1681
1682 static uint32_t pc_freemask[11] = {
1683 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
1684 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
1685 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
1686 PC_FREE0_9, PC_FREE10
1687 };
1688
1689 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1690 "Current number of pv entries");
1691
1692 #ifdef PV_STATS
1693 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1694
1695 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1696 "Current number of pv entry chunks");
1697 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1698 "Current number of pv entry chunks allocated");
1699 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1700 "Current number of pv entry chunks frees");
1701 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1702 "Number of times tried to get a chunk page but failed.");
1703
1704 static long pv_entry_frees, pv_entry_allocs;
1705 static int pv_entry_spare;
1706
1707 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1708 "Current number of pv entry frees");
1709 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1710 "Current number of pv entry allocs");
1711 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1712 "Current number of spare pv entries");
1713
1714 static int pmap_collect_inactive, pmap_collect_active;
1715
1716 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_inactive, CTLFLAG_RD, &pmap_collect_inactive, 0,
1717 "Current number times pmap_collect called on inactive queue");
1718 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_active, CTLFLAG_RD, &pmap_collect_active, 0,
1719 "Current number times pmap_collect called on active queue");
1720 #endif
1721
1722 /*
1723 * We are in a serious low memory condition. Resort to
1724 * drastic measures to free some pages so we can allocate
1725 * another pv entry chunk. This is normally called to
1726 * unmap inactive pages, and if necessary, active pages.
1727 */
1728 static void
1729 pmap_collect(pmap_t locked_pmap, struct vpgqueues *vpq)
1730 {
1731 pmap_t pmap;
1732 pt_entry_t *pte, tpte;
1733 pv_entry_t next_pv, pv;
1734 vm_offset_t va;
1735 vm_page_t m, free;
1736
1737 sched_pin();
1738 TAILQ_FOREACH(m, &vpq->pl, pageq) {
1739 if (m->hold_count || m->busy)
1740 continue;
1741 TAILQ_FOREACH_SAFE(pv, &m->md.pv_list, pv_list, next_pv) {
1742 va = pv->pv_va;
1743 pmap = PV_PMAP(pv);
1744 /* Avoid deadlock and lock recursion. */
1745 if (pmap > locked_pmap)
1746 PMAP_LOCK(pmap);
1747 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap))
1748 continue;
1749 pmap->pm_stats.resident_count--;
1750 pte = pmap_pte_quick(pmap, va);
1751 tpte = pte_load_clear(pte);
1752 KASSERT((tpte & PG_W) == 0,
1753 ("pmap_collect: wired pte %#jx", (uintmax_t)tpte));
1754 if (tpte & PG_A)
1755 vm_page_flag_set(m, PG_REFERENCED);
1756 if (tpte & PG_M) {
1757 KASSERT((tpte & PG_RW),
1758 ("pmap_collect: modified page not writable: va: %#x, pte: %#jx",
1759 va, (uintmax_t)tpte));
1760 vm_page_dirty(m);
1761 }
1762 free = NULL;
1763 pmap_unuse_pt(pmap, va, &free);
1764 pmap_invalidate_page(pmap, va);
1765 pmap_free_zero_pages(free);
1766 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1767 if (TAILQ_EMPTY(&m->md.pv_list))
1768 vm_page_flag_clear(m, PG_WRITEABLE);
1769 m->md.pv_list_count--;
1770 free_pv_entry(pmap, pv);
1771 if (pmap != locked_pmap)
1772 PMAP_UNLOCK(pmap);
1773 }
1774 }
1775 sched_unpin();
1776 }
1777
1778
1779 /*
1780 * free the pv_entry back to the free list
1781 */
1782 static void
1783 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1784 {
1785 vm_page_t m;
1786 struct pv_chunk *pc;
1787 int idx, field, bit;
1788
1789 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1790 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1791 PV_STAT(pv_entry_frees++);
1792 PV_STAT(pv_entry_spare++);
1793 pv_entry_count--;
1794 pc = pv_to_chunk(pv);
1795 idx = pv - &pc->pc_pventry[0];
1796 field = idx / 32;
1797 bit = idx % 32;
1798 pc->pc_map[field] |= 1ul << bit;
1799 /* move to head of list */
1800 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1801 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1802 for (idx = 0; idx < _NPCM; idx++)
1803 if (pc->pc_map[idx] != pc_freemask[idx])
1804 return;
1805 PV_STAT(pv_entry_spare -= _NPCPV);
1806 PV_STAT(pc_chunk_count--);
1807 PV_STAT(pc_chunk_frees++);
1808 /* entire chunk is free, return it */
1809 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1810 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
1811 pmap_qremove((vm_offset_t)pc, 1);
1812 vm_page_unwire(m, 0);
1813 vm_page_free(m);
1814 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
1815 }
1816
1817 /*
1818 * get a new pv_entry, allocating a block from the system
1819 * when needed.
1820 */
1821 static pv_entry_t
1822 get_pv_entry(pmap_t pmap, int try)
1823 {
1824 static const struct timeval printinterval = { 60, 0 };
1825 static struct timeval lastprint;
1826 static vm_pindex_t colour;
1827 struct vpgqueues *pq;
1828 int bit, field;
1829 pv_entry_t pv;
1830 struct pv_chunk *pc;
1831 vm_page_t m;
1832
1833 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1834 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1835 PV_STAT(pv_entry_allocs++);
1836 pv_entry_count++;
1837 if (pv_entry_count > pv_entry_high_water)
1838 if (ratecheck(&lastprint, &printinterval))
1839 printf("Approaching the limit on PV entries, consider "
1840 "increasing either the vm.pmap.shpgperproc or the "
1841 "vm.pmap.pv_entry_max tunable.\n");
1842 pq = NULL;
1843 retry:
1844 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1845 if (pc != NULL) {
1846 for (field = 0; field < _NPCM; field++) {
1847 if (pc->pc_map[field]) {
1848 bit = bsfl(pc->pc_map[field]);
1849 break;
1850 }
1851 }
1852 if (field < _NPCM) {
1853 pv = &pc->pc_pventry[field * 32 + bit];
1854 pc->pc_map[field] &= ~(1ul << bit);
1855 /* If this was the last item, move it to tail */
1856 for (field = 0; field < _NPCM; field++)
1857 if (pc->pc_map[field] != 0) {
1858 PV_STAT(pv_entry_spare--);
1859 return (pv); /* not full, return */
1860 }
1861 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1862 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1863 PV_STAT(pv_entry_spare--);
1864 return (pv);
1865 }
1866 }
1867 /*
1868 * Access to the ptelist "pv_vafree" is synchronized by the page
1869 * queues lock. If "pv_vafree" is currently non-empty, it will
1870 * remain non-empty until pmap_ptelist_alloc() completes.
1871 */
1872 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, colour, (pq ==
1873 &vm_page_queues[PQ_ACTIVE] ? VM_ALLOC_SYSTEM : VM_ALLOC_NORMAL) |
1874 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
1875 if (try) {
1876 pv_entry_count--;
1877 PV_STAT(pc_chunk_tryfail++);
1878 return (NULL);
1879 }
1880 /*
1881 * Reclaim pv entries: At first, destroy mappings to
1882 * inactive pages. After that, if a pv chunk entry
1883 * is still needed, destroy mappings to active pages.
1884 */
1885 if (pq == NULL) {
1886 PV_STAT(pmap_collect_inactive++);
1887 pq = &vm_page_queues[PQ_INACTIVE];
1888 } else if (pq == &vm_page_queues[PQ_INACTIVE]) {
1889 PV_STAT(pmap_collect_active++);
1890 pq = &vm_page_queues[PQ_ACTIVE];
1891 } else
1892 panic("get_pv_entry: increase vm.pmap.shpgperproc");
1893 pmap_collect(pmap, pq);
1894 goto retry;
1895 }
1896 PV_STAT(pc_chunk_count++);
1897 PV_STAT(pc_chunk_allocs++);
1898 colour++;
1899 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree);
1900 pmap_qenter((vm_offset_t)pc, &m, 1);
1901 pc->pc_pmap = pmap;
1902 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
1903 for (field = 1; field < _NPCM; field++)
1904 pc->pc_map[field] = pc_freemask[field];
1905 pv = &pc->pc_pventry[0];
1906 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1907 PV_STAT(pv_entry_spare += _NPCPV - 1);
1908 return (pv);
1909 }
1910
1911 static void
1912 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
1913 {
1914 pv_entry_t pv;
1915
1916 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1917 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1918 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
1919 if (pmap == PV_PMAP(pv) && va == pv->pv_va)
1920 break;
1921 }
1922 KASSERT(pv != NULL, ("pmap_remove_entry: pv not found"));
1923 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1924 m->md.pv_list_count--;
1925 if (TAILQ_EMPTY(&m->md.pv_list))
1926 vm_page_flag_clear(m, PG_WRITEABLE);
1927 free_pv_entry(pmap, pv);
1928 }
1929
1930 /*
1931 * Create a pv entry for page at pa for
1932 * (pmap, va).
1933 */
1934 static void
1935 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
1936 {
1937 pv_entry_t pv;
1938
1939 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1940 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1941 pv = get_pv_entry(pmap, FALSE);
1942 pv->pv_va = va;
1943 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1944 m->md.pv_list_count++;
1945 }
1946
1947 /*
1948 * Conditionally create a pv entry.
1949 */
1950 static boolean_t
1951 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
1952 {
1953 pv_entry_t pv;
1954
1955 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1956 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1957 if (pv_entry_count < pv_entry_high_water &&
1958 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
1959 pv->pv_va = va;
1960 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1961 m->md.pv_list_count++;
1962 return (TRUE);
1963 } else
1964 return (FALSE);
1965 }
1966
1967 /*
1968 * pmap_remove_pte: do the things to unmap a page in a process
1969 */
1970 static int
1971 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va, vm_page_t *free)
1972 {
1973 pt_entry_t oldpte;
1974 vm_page_t m;
1975
1976 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1977 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1978 oldpte = pte_load_clear(ptq);
1979 if (oldpte & PG_W)
1980 pmap->pm_stats.wired_count -= 1;
1981 /*
1982 * Machines that don't support invlpg, also don't support
1983 * PG_G.
1984 */
1985 if (oldpte & PG_G)
1986 pmap_invalidate_page(kernel_pmap, va);
1987 pmap->pm_stats.resident_count -= 1;
1988 if (oldpte & PG_MANAGED) {
1989 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
1990 if (oldpte & PG_M) {
1991 KASSERT((oldpte & PG_RW),
1992 ("pmap_remove_pte: modified page not writable: va: %#x, pte: %#jx",
1993 va, (uintmax_t)oldpte));
1994 vm_page_dirty(m);
1995 }
1996 if (oldpte & PG_A)
1997 vm_page_flag_set(m, PG_REFERENCED);
1998 pmap_remove_entry(pmap, m, va);
1999 }
2000 return (pmap_unuse_pt(pmap, va, free));
2001 }
2002
2003 /*
2004 * Remove a single page from a process address space
2005 */
2006 static void
2007 pmap_remove_page(pmap_t pmap, vm_offset_t va, vm_page_t *free)
2008 {
2009 pt_entry_t *pte;
2010
2011 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2012 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
2013 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2014 if ((pte = pmap_pte_quick(pmap, va)) == NULL || *pte == 0)
2015 return;
2016 pmap_remove_pte(pmap, pte, va, free);
2017 pmap_invalidate_page(pmap, va);
2018 }
2019
2020 /*
2021 * Remove the given range of addresses from the specified map.
2022 *
2023 * It is assumed that the start and end are properly
2024 * rounded to the page size.
2025 */
2026 void
2027 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2028 {
2029 vm_offset_t pdnxt;
2030 pd_entry_t ptpaddr;
2031 pt_entry_t *pte;
2032 vm_page_t free = NULL;
2033 int anyvalid;
2034
2035 /*
2036 * Perform an unsynchronized read. This is, however, safe.
2037 */
2038 if (pmap->pm_stats.resident_count == 0)
2039 return;
2040
2041 anyvalid = 0;
2042
2043 vm_page_lock_queues();
2044 sched_pin();
2045 PMAP_LOCK(pmap);
2046
2047 /*
2048 * special handling of removing one page. a very
2049 * common operation and easy to short circuit some
2050 * code.
2051 */
2052 if ((sva + PAGE_SIZE == eva) &&
2053 ((pmap->pm_pdir[(sva >> PDRSHIFT)] & PG_PS) == 0)) {
2054 pmap_remove_page(pmap, sva, &free);
2055 goto out;
2056 }
2057
2058 for (; sva < eva; sva = pdnxt) {
2059 unsigned pdirindex;
2060
2061 /*
2062 * Calculate index for next page table.
2063 */
2064 pdnxt = (sva + NBPDR) & ~PDRMASK;
2065 if (pdnxt < sva)
2066 pdnxt = eva;
2067 if (pmap->pm_stats.resident_count == 0)
2068 break;
2069
2070 pdirindex = sva >> PDRSHIFT;
2071 ptpaddr = pmap->pm_pdir[pdirindex];
2072
2073 /*
2074 * Weed out invalid mappings. Note: we assume that the page
2075 * directory table is always allocated, and in kernel virtual.
2076 */
2077 if (ptpaddr == 0)
2078 continue;
2079
2080 /*
2081 * Check for large page.
2082 */
2083 if ((ptpaddr & PG_PS) != 0) {
2084 pmap->pm_pdir[pdirindex] = 0;
2085 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
2086 anyvalid = 1;
2087 continue;
2088 }
2089
2090 /*
2091 * Limit our scan to either the end of the va represented
2092 * by the current page table page, or to the end of the
2093 * range being removed.
2094 */
2095 if (pdnxt > eva)
2096 pdnxt = eva;
2097
2098 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
2099 sva += PAGE_SIZE) {
2100 if (*pte == 0)
2101 continue;
2102
2103 /*
2104 * The TLB entry for a PG_G mapping is invalidated
2105 * by pmap_remove_pte().
2106 */
2107 if ((*pte & PG_G) == 0)
2108 anyvalid = 1;
2109 if (pmap_remove_pte(pmap, pte, sva, &free))
2110 break;
2111 }
2112 }
2113 out:
2114 sched_unpin();
2115 if (anyvalid)
2116 pmap_invalidate_all(pmap);
2117 vm_page_unlock_queues();
2118 PMAP_UNLOCK(pmap);
2119 pmap_free_zero_pages(free);
2120 }
2121
2122 /*
2123 * Routine: pmap_remove_all
2124 * Function:
2125 * Removes this physical page from
2126 * all physical maps in which it resides.
2127 * Reflects back modify bits to the pager.
2128 *
2129 * Notes:
2130 * Original versions of this routine were very
2131 * inefficient because they iteratively called
2132 * pmap_remove (slow...)
2133 */
2134
2135 void
2136 pmap_remove_all(vm_page_t m)
2137 {
2138 pv_entry_t pv;
2139 pmap_t pmap;
2140 pt_entry_t *pte, tpte;
2141 vm_page_t free;
2142
2143 #if defined(PMAP_DIAGNOSTIC)
2144 /*
2145 * XXX This makes pmap_remove_all() illegal for non-managed pages!
2146 */
2147 if (m->flags & PG_FICTITIOUS) {
2148 panic("pmap_remove_all: illegal for unmanaged page, va: 0x%x",
2149 VM_PAGE_TO_PHYS(m));
2150 }
2151 #endif
2152 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2153 sched_pin();
2154 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2155 pmap = PV_PMAP(pv);
2156 PMAP_LOCK(pmap);
2157 pmap->pm_stats.resident_count--;
2158 pte = pmap_pte_quick(pmap, pv->pv_va);
2159 tpte = pte_load_clear(pte);
2160 if (tpte & PG_W)
2161 pmap->pm_stats.wired_count--;
2162 if (tpte & PG_A)
2163 vm_page_flag_set(m, PG_REFERENCED);
2164
2165 /*
2166 * Update the vm_page_t clean and reference bits.
2167 */
2168 if (tpte & PG_M) {
2169 KASSERT((tpte & PG_RW),
2170 ("pmap_remove_all: modified page not writable: va: %#x, pte: %#jx",
2171 pv->pv_va, (uintmax_t)tpte));
2172 vm_page_dirty(m);
2173 }
2174 free = NULL;
2175 pmap_unuse_pt(pmap, pv->pv_va, &free);
2176 pmap_invalidate_page(pmap, pv->pv_va);
2177 pmap_free_zero_pages(free);
2178 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2179 m->md.pv_list_count--;
2180 free_pv_entry(pmap, pv);
2181 PMAP_UNLOCK(pmap);
2182 }
2183 vm_page_flag_clear(m, PG_WRITEABLE);
2184 sched_unpin();
2185 }
2186
2187 /*
2188 * Set the physical protection on the
2189 * specified range of this map as requested.
2190 */
2191 void
2192 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2193 {
2194 vm_offset_t pdnxt;
2195 pd_entry_t ptpaddr;
2196 pt_entry_t *pte;
2197 int anychanged;
2198
2199 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2200 pmap_remove(pmap, sva, eva);
2201 return;
2202 }
2203
2204 #ifdef PAE
2205 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
2206 (VM_PROT_WRITE|VM_PROT_EXECUTE))
2207 return;
2208 #else
2209 if (prot & VM_PROT_WRITE)
2210 return;
2211 #endif
2212
2213 anychanged = 0;
2214
2215 vm_page_lock_queues();
2216 sched_pin();
2217 PMAP_LOCK(pmap);
2218 for (; sva < eva; sva = pdnxt) {
2219 pt_entry_t obits, pbits;
2220 unsigned pdirindex;
2221
2222 pdnxt = (sva + NBPDR) & ~PDRMASK;
2223 if (pdnxt < sva)
2224 pdnxt = eva;
2225
2226 pdirindex = sva >> PDRSHIFT;
2227 ptpaddr = pmap->pm_pdir[pdirindex];
2228
2229 /*
2230 * Weed out invalid mappings. Note: we assume that the page
2231 * directory table is always allocated, and in kernel virtual.
2232 */
2233 if (ptpaddr == 0)
2234 continue;
2235
2236 /*
2237 * Check for large page.
2238 */
2239 if ((ptpaddr & PG_PS) != 0) {
2240 if ((prot & VM_PROT_WRITE) == 0)
2241 pmap->pm_pdir[pdirindex] &= ~(PG_M|PG_RW);
2242 #ifdef PAE
2243 if ((prot & VM_PROT_EXECUTE) == 0)
2244 pmap->pm_pdir[pdirindex] |= pg_nx;
2245 #endif
2246 anychanged = 1;
2247 continue;
2248 }
2249
2250 if (pdnxt > eva)
2251 pdnxt = eva;
2252
2253 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
2254 sva += PAGE_SIZE) {
2255 vm_page_t m;
2256
2257 retry:
2258 /*
2259 * Regardless of whether a pte is 32 or 64 bits in
2260 * size, PG_RW, PG_A, and PG_M are among the least
2261 * significant 32 bits.
2262 */
2263 obits = pbits = *pte;
2264 if ((pbits & PG_V) == 0)
2265 continue;
2266 if (pbits & PG_MANAGED) {
2267 m = NULL;
2268 if (pbits & PG_A) {
2269 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
2270 vm_page_flag_set(m, PG_REFERENCED);
2271 pbits &= ~PG_A;
2272 }
2273 if ((pbits & PG_M) != 0) {
2274 if (m == NULL)
2275 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
2276 vm_page_dirty(m);
2277 }
2278 }
2279
2280 if ((prot & VM_PROT_WRITE) == 0)
2281 pbits &= ~(PG_RW | PG_M);
2282 #ifdef PAE
2283 if ((prot & VM_PROT_EXECUTE) == 0)
2284 pbits |= pg_nx;
2285 #endif
2286
2287 if (pbits != obits) {
2288 #ifdef PAE
2289 if (!atomic_cmpset_64(pte, obits, pbits))
2290 goto retry;
2291 #else
2292 if (!atomic_cmpset_int((u_int *)pte, obits,
2293 pbits))
2294 goto retry;
2295 #endif
2296 if (obits & PG_G)
2297 pmap_invalidate_page(pmap, sva);
2298 else
2299 anychanged = 1;
2300 }
2301 }
2302 }
2303 sched_unpin();
2304 if (anychanged)
2305 pmap_invalidate_all(pmap);
2306 vm_page_unlock_queues();
2307 PMAP_UNLOCK(pmap);
2308 }
2309
2310 /*
2311 * Insert the given physical page (p) at
2312 * the specified virtual address (v) in the
2313 * target physical map with the protection requested.
2314 *
2315 * If specified, the page will be wired down, meaning
2316 * that the related pte can not be reclaimed.
2317 *
2318 * NB: This is the only routine which MAY NOT lazy-evaluate
2319 * or lose information. That is, this routine must actually
2320 * insert this page into the given map NOW.
2321 */
2322 void
2323 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2324 boolean_t wired)
2325 {
2326 vm_paddr_t pa;
2327 pd_entry_t *pde;
2328 pt_entry_t *pte;
2329 vm_paddr_t opa;
2330 pt_entry_t origpte, newpte;
2331 vm_page_t mpte, om;
2332 boolean_t invlva;
2333
2334 va = trunc_page(va);
2335 #ifdef PMAP_DIAGNOSTIC
2336 if (va > VM_MAX_KERNEL_ADDRESS)
2337 panic("pmap_enter: toobig");
2338 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
2339 panic("pmap_enter: invalid to pmap_enter page table pages (va: 0x%x)", va);
2340 #endif
2341
2342 mpte = NULL;
2343
2344 vm_page_lock_queues();
2345 PMAP_LOCK(pmap);
2346 sched_pin();
2347
2348 /*
2349 * In the case that a page table page is not
2350 * resident, we are creating it here.
2351 */
2352 if (va < VM_MAXUSER_ADDRESS) {
2353 mpte = pmap_allocpte(pmap, va, M_WAITOK);
2354 }
2355 #if 0 && defined(PMAP_DIAGNOSTIC)
2356 else {
2357 pd_entry_t *pdeaddr = pmap_pde(pmap, va);
2358 origpte = *pdeaddr;
2359 if ((origpte & PG_V) == 0) {
2360 panic("pmap_enter: invalid kernel page table page, pdir=%p, pde=%p, va=%p\n",
2361 pmap->pm_pdir[PTDPTDI], origpte, va);
2362 }
2363 }
2364 #endif
2365
2366 pde = pmap_pde(pmap, va);
2367 if ((*pde & PG_PS) != 0)
2368 panic("pmap_enter: attempted pmap_enter on 4MB page");
2369 pte = pmap_pte_quick(pmap, va);
2370
2371 /*
2372 * Page Directory table entry not valid, we need a new PT page
2373 */
2374 if (pte == NULL) {
2375 panic("pmap_enter: invalid page directory pdir=%#jx, va=%#x\n",
2376 (uintmax_t)pmap->pm_pdir[PTDPTDI], va);
2377 }
2378
2379 pa = VM_PAGE_TO_PHYS(m);
2380 om = NULL;
2381 origpte = *pte;
2382 opa = origpte & PG_FRAME;
2383
2384 /*
2385 * Mapping has not changed, must be protection or wiring change.
2386 */
2387 if (origpte && (opa == pa)) {
2388 /*
2389 * Wiring change, just update stats. We don't worry about
2390 * wiring PT pages as they remain resident as long as there
2391 * are valid mappings in them. Hence, if a user page is wired,
2392 * the PT page will be also.
2393 */
2394 if (wired && ((origpte & PG_W) == 0))
2395 pmap->pm_stats.wired_count++;
2396 else if (!wired && (origpte & PG_W))
2397 pmap->pm_stats.wired_count--;
2398
2399 /*
2400 * Remove extra pte reference
2401 */
2402 if (mpte)
2403 mpte->wire_count--;
2404
2405 /*
2406 * We might be turning off write access to the page,
2407 * so we go ahead and sense modify status.
2408 */
2409 if (origpte & PG_MANAGED) {
2410 om = m;
2411 pa |= PG_MANAGED;
2412 }
2413 goto validate;
2414 }
2415 /*
2416 * Mapping has changed, invalidate old range and fall through to
2417 * handle validating new mapping.
2418 */
2419 if (opa) {
2420 if (origpte & PG_W)
2421 pmap->pm_stats.wired_count--;
2422 if (origpte & PG_MANAGED) {
2423 om = PHYS_TO_VM_PAGE(opa);
2424 pmap_remove_entry(pmap, om, va);
2425 }
2426 if (mpte != NULL) {
2427 mpte->wire_count--;
2428 KASSERT(mpte->wire_count > 0,
2429 ("pmap_enter: missing reference to page table page,"
2430 " va: 0x%x", va));
2431 }
2432 } else
2433 pmap->pm_stats.resident_count++;
2434
2435 /*
2436 * Enter on the PV list if part of our managed memory.
2437 */
2438 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0) {
2439 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
2440 ("pmap_enter: managed mapping within the clean submap"));
2441 pmap_insert_entry(pmap, va, m);
2442 pa |= PG_MANAGED;
2443 }
2444
2445 /*
2446 * Increment counters
2447 */
2448 if (wired)
2449 pmap->pm_stats.wired_count++;
2450
2451 validate:
2452 /*
2453 * Now validate mapping with desired protection/wiring.
2454 */
2455 newpte = (pt_entry_t)(pa | PG_V);
2456 if ((prot & VM_PROT_WRITE) != 0) {
2457 newpte |= PG_RW;
2458 vm_page_flag_set(m, PG_WRITEABLE);
2459 }
2460 #ifdef PAE
2461 if ((prot & VM_PROT_EXECUTE) == 0)
2462 newpte |= pg_nx;
2463 #endif
2464 if (wired)
2465 newpte |= PG_W;
2466 if (va < VM_MAXUSER_ADDRESS)
2467 newpte |= PG_U;
2468 if (pmap == kernel_pmap)
2469 newpte |= pgeflag;
2470
2471 /*
2472 * if the mapping or permission bits are different, we need
2473 * to update the pte.
2474 */
2475 if ((origpte & ~(PG_M|PG_A)) != newpte) {
2476 if (origpte & PG_V) {
2477 invlva = FALSE;
2478 origpte = pte_load_store(pte, newpte | PG_A);
2479 if (origpte & PG_A) {
2480 if (origpte & PG_MANAGED)
2481 vm_page_flag_set(om, PG_REFERENCED);
2482 if (opa != VM_PAGE_TO_PHYS(m))
2483 invlva = TRUE;
2484 #ifdef PAE
2485 if ((origpte & PG_NX) == 0 &&
2486 (newpte & PG_NX) != 0)
2487 invlva = TRUE;
2488 #endif
2489 }
2490 if (origpte & PG_M) {
2491 KASSERT((origpte & PG_RW),
2492 ("pmap_enter: modified page not writable: va: %#x, pte: %#jx",
2493 va, (uintmax_t)origpte));
2494 if ((origpte & PG_MANAGED) != 0)
2495 vm_page_dirty(om);
2496 if ((prot & VM_PROT_WRITE) == 0)
2497 invlva = TRUE;
2498 }
2499 if (invlva)
2500 pmap_invalidate_page(pmap, va);
2501 } else
2502 pte_store(pte, newpte | PG_A);
2503 }
2504 sched_unpin();
2505 vm_page_unlock_queues();
2506 PMAP_UNLOCK(pmap);
2507 }
2508
2509 /*
2510 * Maps a sequence of resident pages belonging to the same object.
2511 * The sequence begins with the given page m_start. This page is
2512 * mapped at the given virtual address start. Each subsequent page is
2513 * mapped at a virtual address that is offset from start by the same
2514 * amount as the page is offset from m_start within the object. The
2515 * last page in the sequence is the page with the largest offset from
2516 * m_start that can be mapped at a virtual address less than the given
2517 * virtual address end. Not every virtual page between start and end
2518 * is mapped; only those for which a resident page exists with the
2519 * corresponding offset from m_start are mapped.
2520 */
2521 void
2522 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
2523 vm_page_t m_start, vm_prot_t prot)
2524 {
2525 vm_page_t m, mpte;
2526 vm_pindex_t diff, psize;
2527
2528 VM_OBJECT_LOCK_ASSERT(m_start->object, MA_OWNED);
2529 psize = atop(end - start);
2530 mpte = NULL;
2531 m = m_start;
2532 PMAP_LOCK(pmap);
2533 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
2534 mpte = pmap_enter_quick_locked(pmap, start + ptoa(diff), m,
2535 prot, mpte);
2536 m = TAILQ_NEXT(m, listq);
2537 }
2538 PMAP_UNLOCK(pmap);
2539 }
2540
2541 /*
2542 * this code makes some *MAJOR* assumptions:
2543 * 1. Current pmap & pmap exists.
2544 * 2. Not wired.
2545 * 3. Read access.
2546 * 4. No page table pages.
2547 * but is *MUCH* faster than pmap_enter...
2548 */
2549
2550 void
2551 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
2552 {
2553
2554 PMAP_LOCK(pmap);
2555 (void) pmap_enter_quick_locked(pmap, va, m, prot, NULL);
2556 PMAP_UNLOCK(pmap);
2557 }
2558
2559 static vm_page_t
2560 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
2561 vm_prot_t prot, vm_page_t mpte)
2562 {
2563 pt_entry_t *pte;
2564 vm_paddr_t pa;
2565 vm_page_t free;
2566
2567 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
2568 (m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) != 0,
2569 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
2570 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2571 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2572
2573 /*
2574 * In the case that a page table page is not
2575 * resident, we are creating it here.
2576 */
2577 if (va < VM_MAXUSER_ADDRESS) {
2578 unsigned ptepindex;
2579 pd_entry_t ptepa;
2580
2581 /*
2582 * Calculate pagetable page index
2583 */
2584 ptepindex = va >> PDRSHIFT;
2585 if (mpte && (mpte->pindex == ptepindex)) {
2586 mpte->wire_count++;
2587 } else {
2588 /*
2589 * Get the page directory entry
2590 */
2591 ptepa = pmap->pm_pdir[ptepindex];
2592
2593 /*
2594 * If the page table page is mapped, we just increment
2595 * the hold count, and activate it.
2596 */
2597 if (ptepa) {
2598 if (ptepa & PG_PS)
2599 panic("pmap_enter_quick: unexpected mapping into 4MB page");
2600 mpte = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
2601 mpte->wire_count++;
2602 } else {
2603 mpte = _pmap_allocpte(pmap, ptepindex,
2604 M_NOWAIT);
2605 if (mpte == NULL)
2606 return (mpte);
2607 }
2608 }
2609 } else {
2610 mpte = NULL;
2611 }
2612
2613 /*
2614 * This call to vtopte makes the assumption that we are
2615 * entering the page into the current pmap. In order to support
2616 * quick entry into any pmap, one would likely use pmap_pte_quick.
2617 * But that isn't as quick as vtopte.
2618 */
2619 pte = vtopte(va);
2620 if (*pte) {
2621 if (mpte != NULL) {
2622 mpte->wire_count--;
2623 mpte = NULL;
2624 }
2625 return (mpte);
2626 }
2627
2628 /*
2629 * Enter on the PV list if part of our managed memory.
2630 */
2631 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0 &&
2632 !pmap_try_insert_pv_entry(pmap, va, m)) {
2633 if (mpte != NULL) {
2634 free = NULL;
2635 if (pmap_unwire_pte_hold(pmap, mpte, &free)) {
2636 pmap_invalidate_page(pmap, va);
2637 pmap_free_zero_pages(free);
2638 }
2639
2640 mpte = NULL;
2641 }
2642 return (mpte);
2643 }
2644
2645 /*
2646 * Increment counters
2647 */
2648 pmap->pm_stats.resident_count++;
2649
2650 pa = VM_PAGE_TO_PHYS(m);
2651 #ifdef PAE
2652 if ((prot & VM_PROT_EXECUTE) == 0)
2653 pa |= pg_nx;
2654 #endif
2655
2656 /*
2657 * Now validate mapping with RO protection
2658 */
2659 if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
2660 pte_store(pte, pa | PG_V | PG_U);
2661 else
2662 pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
2663 return mpte;
2664 }
2665
2666 /*
2667 * Make a temporary mapping for a physical address. This is only intended
2668 * to be used for panic dumps.
2669 */
2670 void *
2671 pmap_kenter_temporary(vm_paddr_t pa, int i)
2672 {
2673 vm_offset_t va;
2674
2675 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
2676 pmap_kenter(va, pa);
2677 invlpg(va);
2678 return ((void *)crashdumpmap);
2679 }
2680
2681 /*
2682 * This code maps large physical mmap regions into the
2683 * processor address space. Note that some shortcuts
2684 * are taken, but the code works.
2685 */
2686 void
2687 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr,
2688 vm_object_t object, vm_pindex_t pindex,
2689 vm_size_t size)
2690 {
2691 vm_page_t p;
2692
2693 VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
2694 KASSERT(object->type == OBJT_DEVICE,
2695 ("pmap_object_init_pt: non-device object"));
2696 if (pseflag &&
2697 ((addr & (NBPDR - 1)) == 0) && ((size & (NBPDR - 1)) == 0)) {
2698 int i;
2699 vm_page_t m[1];
2700 unsigned int ptepindex;
2701 int npdes;
2702 pd_entry_t ptepa;
2703
2704 PMAP_LOCK(pmap);
2705 if (pmap->pm_pdir[ptepindex = (addr >> PDRSHIFT)])
2706 goto out;
2707 PMAP_UNLOCK(pmap);
2708 retry:
2709 p = vm_page_lookup(object, pindex);
2710 if (p != NULL) {
2711 if (vm_page_sleep_if_busy(p, FALSE, "init4p"))
2712 goto retry;
2713 } else {
2714 p = vm_page_alloc(object, pindex, VM_ALLOC_NORMAL);
2715 if (p == NULL)
2716 return;
2717 m[0] = p;
2718
2719 if (vm_pager_get_pages(object, m, 1, 0) != VM_PAGER_OK) {
2720 vm_page_lock_queues();
2721 vm_page_free(p);
2722 vm_page_unlock_queues();
2723 return;
2724 }
2725
2726 p = vm_page_lookup(object, pindex);
2727 vm_page_lock_queues();
2728 vm_page_wakeup(p);
2729 vm_page_unlock_queues();
2730 }
2731
2732 ptepa = VM_PAGE_TO_PHYS(p);
2733 if (ptepa & (NBPDR - 1))
2734 return;
2735
2736 p->valid = VM_PAGE_BITS_ALL;
2737
2738 PMAP_LOCK(pmap);
2739 pmap->pm_stats.resident_count += size >> PAGE_SHIFT;
2740 npdes = size >> PDRSHIFT;
2741 for(i = 0; i < npdes; i++) {
2742 pde_store(&pmap->pm_pdir[ptepindex],
2743 ptepa | PG_U | PG_RW | PG_V | PG_PS);
2744 ptepa += NBPDR;
2745 ptepindex += 1;
2746 }
2747 pmap_invalidate_all(pmap);
2748 out:
2749 PMAP_UNLOCK(pmap);
2750 }
2751 }
2752
2753 /*
2754 * Routine: pmap_change_wiring
2755 * Function: Change the wiring attribute for a map/virtual-address
2756 * pair.
2757 * In/out conditions:
2758 * The mapping must already exist in the pmap.
2759 */
2760 void
2761 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
2762 {
2763 pt_entry_t *pte;
2764
2765 PMAP_LOCK(pmap);
2766 pte = pmap_pte(pmap, va);
2767
2768 if (wired && !pmap_pte_w(pte))
2769 pmap->pm_stats.wired_count++;
2770 else if (!wired && pmap_pte_w(pte))
2771 pmap->pm_stats.wired_count--;
2772
2773 /*
2774 * Wiring is not a hardware characteristic so there is no need to
2775 * invalidate TLB.
2776 */
2777 pmap_pte_set_w(pte, wired);
2778 pmap_pte_release(pte);
2779 PMAP_UNLOCK(pmap);
2780 }
2781
2782
2783
2784 /*
2785 * Copy the range specified by src_addr/len
2786 * from the source map to the range dst_addr/len
2787 * in the destination map.
2788 *
2789 * This routine is only advisory and need not do anything.
2790 */
2791
2792 void
2793 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
2794 vm_offset_t src_addr)
2795 {
2796 vm_page_t free;
2797 vm_offset_t addr;
2798 vm_offset_t end_addr = src_addr + len;
2799 vm_offset_t pdnxt;
2800
2801 if (dst_addr != src_addr)
2802 return;
2803
2804 if (!pmap_is_current(src_pmap))
2805 return;
2806
2807 vm_page_lock_queues();
2808 if (dst_pmap < src_pmap) {
2809 PMAP_LOCK(dst_pmap);
2810 PMAP_LOCK(src_pmap);
2811 } else {
2812 PMAP_LOCK(src_pmap);
2813 PMAP_LOCK(dst_pmap);
2814 }
2815 sched_pin();
2816 for (addr = src_addr; addr < end_addr; addr = pdnxt) {
2817 pt_entry_t *src_pte, *dst_pte;
2818 vm_page_t dstmpte, srcmpte;
2819 pd_entry_t srcptepaddr;
2820 unsigned ptepindex;
2821
2822 if (addr >= UPT_MIN_ADDRESS)
2823 panic("pmap_copy: invalid to pmap_copy page tables");
2824
2825 pdnxt = (addr + NBPDR) & ~PDRMASK;
2826 if (pdnxt < addr)
2827 pdnxt = end_addr;
2828 ptepindex = addr >> PDRSHIFT;
2829
2830 srcptepaddr = src_pmap->pm_pdir[ptepindex];
2831 if (srcptepaddr == 0)
2832 continue;
2833
2834 if (srcptepaddr & PG_PS) {
2835 if (dst_pmap->pm_pdir[ptepindex] == 0) {
2836 dst_pmap->pm_pdir[ptepindex] = srcptepaddr &
2837 ~PG_W;
2838 dst_pmap->pm_stats.resident_count +=
2839 NBPDR / PAGE_SIZE;
2840 }
2841 continue;
2842 }
2843
2844 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
2845 if (srcmpte->wire_count == 0)
2846 panic("pmap_copy: source page table page is unused");
2847
2848 if (pdnxt > end_addr)
2849 pdnxt = end_addr;
2850
2851 src_pte = vtopte(addr);
2852 while (addr < pdnxt) {
2853 pt_entry_t ptetemp;
2854 ptetemp = *src_pte;
2855 /*
2856 * we only virtual copy managed pages
2857 */
2858 if ((ptetemp & PG_MANAGED) != 0) {
2859 dstmpte = pmap_allocpte(dst_pmap, addr,
2860 M_NOWAIT);
2861 if (dstmpte == NULL)
2862 break;
2863 dst_pte = pmap_pte_quick(dst_pmap, addr);
2864 if (*dst_pte == 0 &&
2865 pmap_try_insert_pv_entry(dst_pmap, addr,
2866 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME))) {
2867 /*
2868 * Clear the wired, modified, and
2869 * accessed (referenced) bits
2870 * during the copy.
2871 */
2872 *dst_pte = ptetemp & ~(PG_W | PG_M |
2873 PG_A);
2874 dst_pmap->pm_stats.resident_count++;
2875 } else {
2876 free = NULL;
2877 if (pmap_unwire_pte_hold( dst_pmap,
2878 dstmpte, &free)) {
2879 pmap_invalidate_page(dst_pmap,
2880 addr);
2881 pmap_free_zero_pages(free);
2882 }
2883 }
2884 if (dstmpte->wire_count >= srcmpte->wire_count)
2885 break;
2886 }
2887 addr += PAGE_SIZE;
2888 src_pte++;
2889 }
2890 }
2891 sched_unpin();
2892 vm_page_unlock_queues();
2893 PMAP_UNLOCK(src_pmap);
2894 PMAP_UNLOCK(dst_pmap);
2895 }
2896
2897 static __inline void
2898 pagezero(void *page)
2899 {
2900 #if defined(I686_CPU)
2901 if (cpu_class == CPUCLASS_686) {
2902 #if defined(CPU_ENABLE_SSE)
2903 if (cpu_feature & CPUID_SSE2)
2904 sse2_pagezero(page);
2905 else
2906 #endif
2907 i686_pagezero(page);
2908 } else
2909 #endif
2910 bzero(page, PAGE_SIZE);
2911 }
2912
2913 /*
2914 * pmap_zero_page zeros the specified hardware page by mapping
2915 * the page into KVM and using bzero to clear its contents.
2916 */
2917 void
2918 pmap_zero_page(vm_page_t m)
2919 {
2920 struct sysmaps *sysmaps;
2921
2922 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
2923 mtx_lock(&sysmaps->lock);
2924 if (*sysmaps->CMAP2)
2925 panic("pmap_zero_page: CMAP2 busy");
2926 sched_pin();
2927 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M;
2928 invlcaddr(sysmaps->CADDR2);
2929 pagezero(sysmaps->CADDR2);
2930 *sysmaps->CMAP2 = 0;
2931 sched_unpin();
2932 mtx_unlock(&sysmaps->lock);
2933 }
2934
2935 /*
2936 * pmap_zero_page_area zeros the specified hardware page by mapping
2937 * the page into KVM and using bzero to clear its contents.
2938 *
2939 * off and size may not cover an area beyond a single hardware page.
2940 */
2941 void
2942 pmap_zero_page_area(vm_page_t m, int off, int size)
2943 {
2944 struct sysmaps *sysmaps;
2945
2946 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
2947 mtx_lock(&sysmaps->lock);
2948 if (*sysmaps->CMAP2)
2949 panic("pmap_zero_page: CMAP2 busy");
2950 sched_pin();
2951 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M;
2952 invlcaddr(sysmaps->CADDR2);
2953 if (off == 0 && size == PAGE_SIZE)
2954 pagezero(sysmaps->CADDR2);
2955 else
2956 bzero((char *)sysmaps->CADDR2 + off, size);
2957 *sysmaps->CMAP2 = 0;
2958 sched_unpin();
2959 mtx_unlock(&sysmaps->lock);
2960 }
2961
2962 /*
2963 * pmap_zero_page_idle zeros the specified hardware page by mapping
2964 * the page into KVM and using bzero to clear its contents. This
2965 * is intended to be called from the vm_pagezero process only and
2966 * outside of Giant.
2967 */
2968 void
2969 pmap_zero_page_idle(vm_page_t m)
2970 {
2971
2972 if (*CMAP3)
2973 panic("pmap_zero_page: CMAP3 busy");
2974 sched_pin();
2975 *CMAP3 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M;
2976 invlcaddr(CADDR3);
2977 pagezero(CADDR3);
2978 *CMAP3 = 0;
2979 sched_unpin();
2980 }
2981
2982 /*
2983 * pmap_copy_page copies the specified (machine independent)
2984 * page by mapping the page into virtual memory and using
2985 * bcopy to copy the page, one machine dependent page at a
2986 * time.
2987 */
2988 void
2989 pmap_copy_page(vm_page_t src, vm_page_t dst)
2990 {
2991 struct sysmaps *sysmaps;
2992
2993 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
2994 mtx_lock(&sysmaps->lock);
2995 if (*sysmaps->CMAP1)
2996 panic("pmap_copy_page: CMAP1 busy");
2997 if (*sysmaps->CMAP2)
2998 panic("pmap_copy_page: CMAP2 busy");
2999 sched_pin();
3000 invlpg((u_int)sysmaps->CADDR1);
3001 invlpg((u_int)sysmaps->CADDR2);
3002 *sysmaps->CMAP1 = PG_V | VM_PAGE_TO_PHYS(src) | PG_A;
3003 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(dst) | PG_A | PG_M;
3004 bcopy(sysmaps->CADDR1, sysmaps->CADDR2, PAGE_SIZE);
3005 *sysmaps->CMAP1 = 0;
3006 *sysmaps->CMAP2 = 0;
3007 sched_unpin();
3008 mtx_unlock(&sysmaps->lock);
3009 }
3010
3011 /*
3012 * Returns true if the pmap's pv is one of the first
3013 * 16 pvs linked to from this page. This count may
3014 * be changed upwards or downwards in the future; it
3015 * is only necessary that true be returned for a small
3016 * subset of pmaps for proper page aging.
3017 */
3018 boolean_t
3019 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3020 {
3021 pv_entry_t pv;
3022 int loops = 0;
3023
3024 if (m->flags & PG_FICTITIOUS)
3025 return FALSE;
3026
3027 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3028 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3029 if (PV_PMAP(pv) == pmap) {
3030 return TRUE;
3031 }
3032 loops++;
3033 if (loops >= 16)
3034 break;
3035 }
3036 return (FALSE);
3037 }
3038
3039 /*
3040 * Remove all pages from specified address space
3041 * this aids process exit speeds. Also, this code
3042 * is special cased for current process only, but
3043 * can have the more generic (and slightly slower)
3044 * mode enabled. This is much faster than pmap_remove
3045 * in the case of running down an entire address space.
3046 */
3047 void
3048 pmap_remove_pages(pmap_t pmap)
3049 {
3050 pt_entry_t *pte, tpte;
3051 vm_page_t m, free = NULL;
3052 pv_entry_t pv;
3053 struct pv_chunk *pc, *npc;
3054 int field, idx;
3055 int32_t bit;
3056 uint32_t inuse, bitmask;
3057 int allfree;
3058
3059 if (pmap != vmspace_pmap(curthread->td_proc->p_vmspace)) {
3060 printf("warning: pmap_remove_pages called with non-current pmap\n");
3061 return;
3062 }
3063 vm_page_lock_queues();
3064 PMAP_LOCK(pmap);
3065 sched_pin();
3066 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3067 allfree = 1;
3068 for (field = 0; field < _NPCM; field++) {
3069 inuse = (~(pc->pc_map[field])) & pc_freemask[field];
3070 while (inuse != 0) {
3071 bit = bsfl(inuse);
3072 bitmask = 1UL << bit;
3073 idx = field * 32 + bit;
3074 pv = &pc->pc_pventry[idx];
3075 inuse &= ~bitmask;
3076
3077 pte = vtopte(pv->pv_va);
3078 tpte = *pte;
3079
3080 if (tpte == 0) {
3081 printf(
3082 "TPTE at %p IS ZERO @ VA %08x\n",
3083 pte, pv->pv_va);
3084 panic("bad pte");
3085 }
3086
3087 /*
3088 * We cannot remove wired pages from a process' mapping at this time
3089 */
3090 if (tpte & PG_W) {
3091 allfree = 0;
3092 continue;
3093 }
3094
3095 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
3096 KASSERT(m->phys_addr == (tpte & PG_FRAME),
3097 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
3098 m, (uintmax_t)m->phys_addr,
3099 (uintmax_t)tpte));
3100
3101 KASSERT(m < &vm_page_array[vm_page_array_size],
3102 ("pmap_remove_pages: bad tpte %#jx",
3103 (uintmax_t)tpte));
3104
3105 pmap->pm_stats.resident_count--;
3106
3107 pte_clear(pte);
3108
3109 /*
3110 * Update the vm_page_t clean/reference bits.
3111 */
3112 if (tpte & PG_M)
3113 vm_page_dirty(m);
3114
3115 /* Mark free */
3116 PV_STAT(pv_entry_frees++);
3117 PV_STAT(pv_entry_spare++);
3118 pv_entry_count--;
3119 pc->pc_map[field] |= bitmask;
3120 m->md.pv_list_count--;
3121 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3122 if (TAILQ_EMPTY(&m->md.pv_list))
3123 vm_page_flag_clear(m, PG_WRITEABLE);
3124
3125 pmap_unuse_pt(pmap, pv->pv_va, &free);
3126 }
3127 }
3128 if (allfree) {
3129 PV_STAT(pv_entry_spare -= _NPCPV);
3130 PV_STAT(pc_chunk_count--);
3131 PV_STAT(pc_chunk_frees++);
3132 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3133 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
3134 pmap_qremove((vm_offset_t)pc, 1);
3135 vm_page_unwire(m, 0);
3136 vm_page_free(m);
3137 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
3138 }
3139 }
3140 sched_unpin();
3141 pmap_invalidate_all(pmap);
3142 vm_page_unlock_queues();
3143 PMAP_UNLOCK(pmap);
3144 pmap_free_zero_pages(free);
3145 }
3146
3147 /*
3148 * pmap_is_modified:
3149 *
3150 * Return whether or not the specified physical page was modified
3151 * in any physical maps.
3152 */
3153 boolean_t
3154 pmap_is_modified(vm_page_t m)
3155 {
3156 pv_entry_t pv;
3157 pt_entry_t *pte;
3158 pmap_t pmap;
3159 boolean_t rv;
3160
3161 rv = FALSE;
3162 if (m->flags & PG_FICTITIOUS)
3163 return (rv);
3164
3165 sched_pin();
3166 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3167 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3168 pmap = PV_PMAP(pv);
3169 PMAP_LOCK(pmap);
3170 pte = pmap_pte_quick(pmap, pv->pv_va);
3171 rv = (*pte & PG_M) != 0;
3172 PMAP_UNLOCK(pmap);
3173 if (rv)
3174 break;
3175 }
3176 sched_unpin();
3177 return (rv);
3178 }
3179
3180 /*
3181 * pmap_is_prefaultable:
3182 *
3183 * Return whether or not the specified virtual address is elgible
3184 * for prefault.
3185 */
3186 boolean_t
3187 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3188 {
3189 pt_entry_t *pte;
3190 boolean_t rv;
3191
3192 rv = FALSE;
3193 PMAP_LOCK(pmap);
3194 if (*pmap_pde(pmap, addr)) {
3195 pte = vtopte(addr);
3196 rv = *pte == 0;
3197 }
3198 PMAP_UNLOCK(pmap);
3199 return (rv);
3200 }
3201
3202 /*
3203 * Clear the write and modified bits in each of the given page's mappings.
3204 */
3205 void
3206 pmap_remove_write(vm_page_t m)
3207 {
3208 pv_entry_t pv;
3209 pmap_t pmap;
3210 pt_entry_t oldpte, *pte;
3211
3212 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3213 if ((m->flags & PG_FICTITIOUS) != 0 ||
3214 (m->flags & PG_WRITEABLE) == 0)
3215 return;
3216 sched_pin();
3217 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3218 pmap = PV_PMAP(pv);
3219 PMAP_LOCK(pmap);
3220 pte = pmap_pte_quick(pmap, pv->pv_va);
3221 retry:
3222 oldpte = *pte;
3223 if ((oldpte & PG_RW) != 0) {
3224 /*
3225 * Regardless of whether a pte is 32 or 64 bits
3226 * in size, PG_RW and PG_M are among the least
3227 * significant 32 bits.
3228 */
3229 if (!atomic_cmpset_int((u_int *)pte, oldpte,
3230 oldpte & ~(PG_RW | PG_M)))
3231 goto retry;
3232 if ((oldpte & PG_M) != 0)
3233 vm_page_dirty(m);
3234 pmap_invalidate_page(pmap, pv->pv_va);
3235 }
3236 PMAP_UNLOCK(pmap);
3237 }
3238 vm_page_flag_clear(m, PG_WRITEABLE);
3239 sched_unpin();
3240 }
3241
3242 /*
3243 * pmap_ts_referenced:
3244 *
3245 * Return a count of reference bits for a page, clearing those bits.
3246 * It is not necessary for every reference bit to be cleared, but it
3247 * is necessary that 0 only be returned when there are truly no
3248 * reference bits set.
3249 *
3250 * XXX: The exact number of bits to check and clear is a matter that
3251 * should be tested and standardized at some point in the future for
3252 * optimal aging of shared pages.
3253 */
3254 int
3255 pmap_ts_referenced(vm_page_t m)
3256 {
3257 pv_entry_t pv, pvf, pvn;
3258 pmap_t pmap;
3259 pt_entry_t *pte;
3260 int rtval = 0;
3261
3262 if (m->flags & PG_FICTITIOUS)
3263 return (rtval);
3264 sched_pin();
3265 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3266 if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3267 pvf = pv;
3268 do {
3269 pvn = TAILQ_NEXT(pv, pv_list);
3270 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3271 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
3272 pmap = PV_PMAP(pv);
3273 PMAP_LOCK(pmap);
3274 pte = pmap_pte_quick(pmap, pv->pv_va);
3275 if ((*pte & PG_A) != 0) {
3276 atomic_clear_int((u_int *)pte, PG_A);
3277 pmap_invalidate_page(pmap, pv->pv_va);
3278 rtval++;
3279 if (rtval > 4)
3280 pvn = NULL;
3281 }
3282 PMAP_UNLOCK(pmap);
3283 } while ((pv = pvn) != NULL && pv != pvf);
3284 }
3285 sched_unpin();
3286 return (rtval);
3287 }
3288
3289 /*
3290 * Clear the modify bits on the specified physical page.
3291 */
3292 void
3293 pmap_clear_modify(vm_page_t m)
3294 {
3295 pv_entry_t pv;
3296 pmap_t pmap;
3297 pt_entry_t *pte;
3298
3299 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3300 if ((m->flags & PG_FICTITIOUS) != 0)
3301 return;
3302 sched_pin();
3303 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3304 pmap = PV_PMAP(pv);
3305 PMAP_LOCK(pmap);
3306 pte = pmap_pte_quick(pmap, pv->pv_va);
3307 if ((*pte & PG_M) != 0) {
3308 /*
3309 * Regardless of whether a pte is 32 or 64 bits
3310 * in size, PG_M is among the least significant
3311 * 32 bits.
3312 */
3313 atomic_clear_int((u_int *)pte, PG_M);
3314 pmap_invalidate_page(pmap, pv->pv_va);
3315 }
3316 PMAP_UNLOCK(pmap);
3317 }
3318 sched_unpin();
3319 }
3320
3321 /*
3322 * pmap_clear_reference:
3323 *
3324 * Clear the reference bit on the specified physical page.
3325 */
3326 void
3327 pmap_clear_reference(vm_page_t m)
3328 {
3329 pv_entry_t pv;
3330 pmap_t pmap;
3331 pt_entry_t *pte;
3332
3333 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3334 if ((m->flags & PG_FICTITIOUS) != 0)
3335 return;
3336 sched_pin();
3337 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3338 pmap = PV_PMAP(pv);
3339 PMAP_LOCK(pmap);
3340 pte = pmap_pte_quick(pmap, pv->pv_va);
3341 if ((*pte & PG_A) != 0) {
3342 /*
3343 * Regardless of whether a pte is 32 or 64 bits
3344 * in size, PG_A is among the least significant
3345 * 32 bits.
3346 */
3347 atomic_clear_int((u_int *)pte, PG_A);
3348 pmap_invalidate_page(pmap, pv->pv_va);
3349 }
3350 PMAP_UNLOCK(pmap);
3351 }
3352 sched_unpin();
3353 }
3354
3355 /*
3356 * Miscellaneous support routines follow
3357 */
3358
3359 /*
3360 * Map a set of physical memory pages into the kernel virtual
3361 * address space. Return a pointer to where it is mapped. This
3362 * routine is intended to be used for mapping device memory,
3363 * NOT real memory.
3364 */
3365 void *
3366 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
3367 {
3368 vm_offset_t va, tmpva, offset;
3369
3370 offset = pa & PAGE_MASK;
3371 size = roundup(offset + size, PAGE_SIZE);
3372 pa = pa & PG_FRAME;
3373
3374 if (pa < KERNLOAD && pa + size <= KERNLOAD)
3375 va = KERNBASE + pa;
3376 else
3377 va = kmem_alloc_nofault(kernel_map, size);
3378 if (!va)
3379 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3380
3381 for (tmpva = va; size > 0; ) {
3382 pmap_kenter_attr(tmpva, pa, mode);
3383 size -= PAGE_SIZE;
3384 tmpva += PAGE_SIZE;
3385 pa += PAGE_SIZE;
3386 }
3387 pmap_invalidate_range(kernel_pmap, va, tmpva);
3388 pmap_invalidate_cache();
3389 return ((void *)(va + offset));
3390 }
3391
3392 void *
3393 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
3394 {
3395
3396 return (pmap_mapdev_attr(pa, size, PAT_UNCACHEABLE));
3397 }
3398
3399 void *
3400 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
3401 {
3402
3403 return (pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
3404 }
3405
3406 void
3407 pmap_unmapdev(vm_offset_t va, vm_size_t size)
3408 {
3409 vm_offset_t base, offset, tmpva;
3410
3411 if (va >= KERNBASE && va + size <= KERNBASE + KERNLOAD)
3412 return;
3413 base = trunc_page(va);
3414 offset = va & PAGE_MASK;
3415 size = roundup(offset + size, PAGE_SIZE);
3416 for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE)
3417 pmap_kremove(tmpva);
3418 pmap_invalidate_range(kernel_pmap, va, tmpva);
3419 kmem_free(kernel_map, base, size);
3420 }
3421
3422 int
3423 pmap_change_attr(va, size, mode)
3424 vm_offset_t va;
3425 vm_size_t size;
3426 int mode;
3427 {
3428 vm_offset_t base, offset, tmpva;
3429 pt_entry_t *pte;
3430 u_int opte, npte;
3431 pd_entry_t *pde;
3432
3433 base = trunc_page(va);
3434 offset = va & PAGE_MASK;
3435 size = roundup(offset + size, PAGE_SIZE);
3436
3437 /* Only supported on kernel virtual addresses. */
3438 if (base <= VM_MAXUSER_ADDRESS)
3439 return (EINVAL);
3440
3441 /* 4MB pages and pages that aren't mapped aren't supported. */
3442 for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE) {
3443 pde = pmap_pde(kernel_pmap, tmpva);
3444 if (*pde & PG_PS)
3445 return (EINVAL);
3446 if (*pde == 0)
3447 return (EINVAL);
3448 pte = vtopte(va);
3449 if (*pte == 0)
3450 return (EINVAL);
3451 }
3452
3453 /*
3454 * Ok, all the pages exist and are 4k, so run through them updating
3455 * their cache mode.
3456 */
3457 for (tmpva = base; size > 0; ) {
3458 pte = vtopte(tmpva);
3459
3460 /*
3461 * The cache mode bits are all in the low 32-bits of the
3462 * PTE, so we can just spin on updating the low 32-bits.
3463 */
3464 do {
3465 opte = *(u_int *)pte;
3466 npte = opte & ~(PG_PTE_PAT | PG_NC_PCD | PG_NC_PWT);
3467 npte |= pmap_cache_bits(mode, 0);
3468 } while (npte != opte &&
3469 !atomic_cmpset_int((u_int *)pte, opte, npte));
3470 tmpva += PAGE_SIZE;
3471 size -= PAGE_SIZE;
3472 }
3473
3474 /*
3475 * Flush CPU caches to make sure any data isn't cached that shouldn't
3476 * be, etc.
3477 */
3478 pmap_invalidate_range(kernel_pmap, base, tmpva);
3479 pmap_invalidate_cache();
3480 return (0);
3481 }
3482
3483 /*
3484 * perform the pmap work for mincore
3485 */
3486 int
3487 pmap_mincore(pmap_t pmap, vm_offset_t addr)
3488 {
3489 pt_entry_t *ptep, pte;
3490 vm_page_t m;
3491 int val = 0;
3492
3493 PMAP_LOCK(pmap);
3494 ptep = pmap_pte(pmap, addr);
3495 pte = (ptep != NULL) ? *ptep : 0;
3496 pmap_pte_release(ptep);
3497 PMAP_UNLOCK(pmap);
3498
3499 if (pte != 0) {
3500 vm_paddr_t pa;
3501
3502 val = MINCORE_INCORE;
3503 if ((pte & PG_MANAGED) == 0)
3504 return val;
3505
3506 pa = pte & PG_FRAME;
3507
3508 m = PHYS_TO_VM_PAGE(pa);
3509
3510 /*
3511 * Modified by us
3512 */
3513 if (pte & PG_M)
3514 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
3515 else {
3516 /*
3517 * Modified by someone else
3518 */
3519 vm_page_lock_queues();
3520 if (m->dirty || pmap_is_modified(m))
3521 val |= MINCORE_MODIFIED_OTHER;
3522 vm_page_unlock_queues();
3523 }
3524 /*
3525 * Referenced by us
3526 */
3527 if (pte & PG_A)
3528 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
3529 else {
3530 /*
3531 * Referenced by someone else
3532 */
3533 vm_page_lock_queues();
3534 if ((m->flags & PG_REFERENCED) ||
3535 pmap_ts_referenced(m)) {
3536 val |= MINCORE_REFERENCED_OTHER;
3537 vm_page_flag_set(m, PG_REFERENCED);
3538 }
3539 vm_page_unlock_queues();
3540 }
3541 }
3542 return val;
3543 }
3544
3545 void
3546 pmap_activate(struct thread *td)
3547 {
3548 pmap_t pmap, oldpmap;
3549 u_int32_t cr3;
3550
3551 critical_enter();
3552 pmap = vmspace_pmap(td->td_proc->p_vmspace);
3553 oldpmap = PCPU_GET(curpmap);
3554 #if defined(SMP)
3555 atomic_clear_int(&oldpmap->pm_active, PCPU_GET(cpumask));
3556 atomic_set_int(&pmap->pm_active, PCPU_GET(cpumask));
3557 #else
3558 oldpmap->pm_active &= ~1;
3559 pmap->pm_active |= 1;
3560 #endif
3561 #ifdef PAE
3562 cr3 = vtophys(pmap->pm_pdpt);
3563 #else
3564 cr3 = vtophys(pmap->pm_pdir);
3565 #endif
3566 /*
3567 * pmap_activate is for the current thread on the current cpu
3568 */
3569 td->td_pcb->pcb_cr3 = cr3;
3570 load_cr3(cr3);
3571 PCPU_SET(curpmap, pmap);
3572 critical_exit();
3573 }
3574
3575 vm_offset_t
3576 pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
3577 {
3578
3579 if ((obj == NULL) || (size < NBPDR) || (obj->type != OBJT_DEVICE)) {
3580 return addr;
3581 }
3582
3583 addr = (addr + PDRMASK) & ~PDRMASK;
3584 return addr;
3585 }
3586
3587
3588 #if defined(PMAP_DEBUG)
3589 pmap_pid_dump(int pid)
3590 {
3591 pmap_t pmap;
3592 struct proc *p;
3593 int npte = 0;
3594 int index;
3595
3596 sx_slock(&allproc_lock);
3597 FOREACH_PROC_IN_SYSTEM(p) {
3598 if (p->p_pid != pid)
3599 continue;
3600
3601 if (p->p_vmspace) {
3602 int i,j;
3603 index = 0;
3604 pmap = vmspace_pmap(p->p_vmspace);
3605 for (i = 0; i < NPDEPTD; i++) {
3606 pd_entry_t *pde;
3607 pt_entry_t *pte;
3608 vm_offset_t base = i << PDRSHIFT;
3609
3610 pde = &pmap->pm_pdir[i];
3611 if (pde && pmap_pde_v(pde)) {
3612 for (j = 0; j < NPTEPG; j++) {
3613 vm_offset_t va = base + (j << PAGE_SHIFT);
3614 if (va >= (vm_offset_t) VM_MIN_KERNEL_ADDRESS) {
3615 if (index) {
3616 index = 0;
3617 printf("\n");
3618 }
3619 sx_sunlock(&allproc_lock);
3620 return npte;
3621 }
3622 pte = pmap_pte(pmap, va);
3623 if (pte && pmap_pte_v(pte)) {
3624 pt_entry_t pa;
3625 vm_page_t m;
3626 pa = *pte;
3627 m = PHYS_TO_VM_PAGE(pa & PG_FRAME);
3628 printf("va: 0x%x, pt: 0x%x, h: %d, w: %d, f: 0x%x",
3629 va, pa, m->hold_count, m->wire_count, m->flags);
3630 npte++;
3631 index++;
3632 if (index >= 2) {
3633 index = 0;
3634 printf("\n");
3635 } else {
3636 printf(" ");
3637 }
3638 }
3639 }
3640 }
3641 }
3642 }
3643 }
3644 sx_sunlock(&allproc_lock);
3645 return npte;
3646 }
3647 #endif
3648
3649 #if defined(DEBUG)
3650
3651 static void pads(pmap_t pm);
3652 void pmap_pvdump(vm_offset_t pa);
3653
3654 /* print address space of pmap*/
3655 static void
3656 pads(pmap_t pm)
3657 {
3658 int i, j;
3659 vm_paddr_t va;
3660 pt_entry_t *ptep;
3661
3662 if (pm == kernel_pmap)
3663 return;
3664 for (i = 0; i < NPDEPTD; i++)
3665 if (pm->pm_pdir[i])
3666 for (j = 0; j < NPTEPG; j++) {
3667 va = (i << PDRSHIFT) + (j << PAGE_SHIFT);
3668 if (pm == kernel_pmap && va < KERNBASE)
3669 continue;
3670 if (pm != kernel_pmap && va > UPT_MAX_ADDRESS)
3671 continue;
3672 ptep = pmap_pte(pm, va);
3673 if (pmap_pte_v(ptep))
3674 printf("%x:%x ", va, *ptep);
3675 };
3676
3677 }
3678
3679 void
3680 pmap_pvdump(vm_paddr_t pa)
3681 {
3682 pv_entry_t pv;
3683 pmap_t pmap;
3684 vm_page_t m;
3685
3686 printf("pa %x", pa);
3687 m = PHYS_TO_VM_PAGE(pa);
3688 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3689 pmap = PV_PMAP(pv);
3690 printf(" -> pmap %p, va %x", (void *)pmap, pv->pv_va);
3691 pads(pmap);
3692 }
3693 printf(" ");
3694 }
3695 #endif
Cache object: e50c793995c31e0b537f4a75968fa2ff
|