Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/vm/vm_object.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * The Mach Operating System project at Carnegie-Mellon University. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 4. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * from: @(#)vm_object.c 8.5 (Berkeley) 3/22/94 33 * 34 * 35 * Copyright (c) 1987, 1990 Carnegie-Mellon University. 36 * All rights reserved. 37 * 38 * Authors: Avadis Tevanian, Jr., Michael Wayne Young 39 * 40 * Permission to use, copy, modify and distribute this software and 41 * its documentation is hereby granted, provided that both the copyright 42 * notice and this permission notice appear in all copies of the 43 * software, derivative works or modified versions, and any portions 44 * thereof, and that both notices appear in supporting documentation. 45 * 46 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" 47 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND 48 * FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. 49 * 50 * Carnegie Mellon requests users of this software to return to 51 * 52 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU 53 * School of Computer Science 54 * Carnegie Mellon University 55 * Pittsburgh PA 15213-3890 56 * 57 * any improvements or extensions that they make and grant Carnegie the 58 * rights to redistribute these changes. 59 */ 60 61 /* 62 * Virtual memory object module. 63 */ 64 65 #include <sys/cdefs.h> 66 __FBSDID("$FreeBSD: releng/11.1/sys/vm/vm_object.c 318716 2017-05-23 07:27:30Z markj $"); 67 68 #include "opt_vm.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/mman.h> 74 #include <sys/mount.h> 75 #include <sys/kernel.h> 76 #include <sys/sysctl.h> 77 #include <sys/mutex.h> 78 #include <sys/proc.h> /* for curproc, pageproc */ 79 #include <sys/socket.h> 80 #include <sys/resourcevar.h> 81 #include <sys/rwlock.h> 82 #include <sys/user.h> 83 #include <sys/vnode.h> 84 #include <sys/vmmeter.h> 85 #include <sys/sx.h> 86 87 #include <vm/vm.h> 88 #include <vm/vm_param.h> 89 #include <vm/pmap.h> 90 #include <vm/vm_map.h> 91 #include <vm/vm_object.h> 92 #include <vm/vm_page.h> 93 #include <vm/vm_pageout.h> 94 #include <vm/vm_pager.h> 95 #include <vm/swap_pager.h> 96 #include <vm/vm_kern.h> 97 #include <vm/vm_extern.h> 98 #include <vm/vm_radix.h> 99 #include <vm/vm_reserv.h> 100 #include <vm/uma.h> 101 102 static int old_msync; 103 SYSCTL_INT(_vm, OID_AUTO, old_msync, CTLFLAG_RW, &old_msync, 0, 104 "Use old (insecure) msync behavior"); 105 106 static int vm_object_page_collect_flush(vm_object_t object, vm_page_t p, 107 int pagerflags, int flags, boolean_t *clearobjflags, 108 boolean_t *eio); 109 static boolean_t vm_object_page_remove_write(vm_page_t p, int flags, 110 boolean_t *clearobjflags); 111 static void vm_object_qcollapse(vm_object_t object); 112 static void vm_object_vndeallocate(vm_object_t object); 113 114 /* 115 * Virtual memory objects maintain the actual data 116 * associated with allocated virtual memory. A given 117 * page of memory exists within exactly one object. 118 * 119 * An object is only deallocated when all "references" 120 * are given up. Only one "reference" to a given 121 * region of an object should be writeable. 122 * 123 * Associated with each object is a list of all resident 124 * memory pages belonging to that object; this list is 125 * maintained by the "vm_page" module, and locked by the object's 126 * lock. 127 * 128 * Each object also records a "pager" routine which is 129 * used to retrieve (and store) pages to the proper backing 130 * storage. In addition, objects may be backed by other 131 * objects from which they were virtual-copied. 132 * 133 * The only items within the object structure which are 134 * modified after time of creation are: 135 * reference count locked by object's lock 136 * pager routine locked by object's lock 137 * 138 */ 139 140 struct object_q vm_object_list; 141 struct mtx vm_object_list_mtx; /* lock for object list and count */ 142 143 struct vm_object kernel_object_store; 144 struct vm_object kmem_object_store; 145 146 static SYSCTL_NODE(_vm_stats, OID_AUTO, object, CTLFLAG_RD, 0, 147 "VM object stats"); 148 149 static long object_collapses; 150 SYSCTL_LONG(_vm_stats_object, OID_AUTO, collapses, CTLFLAG_RD, 151 &object_collapses, 0, "VM object collapses"); 152 153 static long object_bypasses; 154 SYSCTL_LONG(_vm_stats_object, OID_AUTO, bypasses, CTLFLAG_RD, 155 &object_bypasses, 0, "VM object bypasses"); 156 157 static uma_zone_t obj_zone; 158 159 static int vm_object_zinit(void *mem, int size, int flags); 160 161 #ifdef INVARIANTS 162 static void vm_object_zdtor(void *mem, int size, void *arg); 163 164 static void 165 vm_object_zdtor(void *mem, int size, void *arg) 166 { 167 vm_object_t object; 168 169 object = (vm_object_t)mem; 170 KASSERT(object->ref_count == 0, 171 ("object %p ref_count = %d", object, object->ref_count)); 172 KASSERT(TAILQ_EMPTY(&object->memq), 173 ("object %p has resident pages in its memq", object)); 174 KASSERT(vm_radix_is_empty(&object->rtree), 175 ("object %p has resident pages in its trie", object)); 176 #if VM_NRESERVLEVEL > 0 177 KASSERT(LIST_EMPTY(&object->rvq), 178 ("object %p has reservations", 179 object)); 180 #endif 181 KASSERT(object->paging_in_progress == 0, 182 ("object %p paging_in_progress = %d", 183 object, object->paging_in_progress)); 184 KASSERT(object->resident_page_count == 0, 185 ("object %p resident_page_count = %d", 186 object, object->resident_page_count)); 187 KASSERT(object->shadow_count == 0, 188 ("object %p shadow_count = %d", 189 object, object->shadow_count)); 190 KASSERT(object->type == OBJT_DEAD, 191 ("object %p has non-dead type %d", 192 object, object->type)); 193 } 194 #endif 195 196 static int 197 vm_object_zinit(void *mem, int size, int flags) 198 { 199 vm_object_t object; 200 201 object = (vm_object_t)mem; 202 rw_init_flags(&object->lock, "vm object", RW_DUPOK | RW_NEW); 203 204 /* These are true for any object that has been freed */ 205 object->type = OBJT_DEAD; 206 object->ref_count = 0; 207 object->rtree.rt_root = 0; 208 object->paging_in_progress = 0; 209 object->resident_page_count = 0; 210 object->shadow_count = 0; 211 212 mtx_lock(&vm_object_list_mtx); 213 TAILQ_INSERT_TAIL(&vm_object_list, object, object_list); 214 mtx_unlock(&vm_object_list_mtx); 215 return (0); 216 } 217 218 static void 219 _vm_object_allocate(objtype_t type, vm_pindex_t size, vm_object_t object) 220 { 221 222 TAILQ_INIT(&object->memq); 223 LIST_INIT(&object->shadow_head); 224 225 object->type = type; 226 switch (type) { 227 case OBJT_DEAD: 228 panic("_vm_object_allocate: can't create OBJT_DEAD"); 229 case OBJT_DEFAULT: 230 case OBJT_SWAP: 231 object->flags = OBJ_ONEMAPPING; 232 break; 233 case OBJT_DEVICE: 234 case OBJT_SG: 235 object->flags = OBJ_FICTITIOUS | OBJ_UNMANAGED; 236 break; 237 case OBJT_MGTDEVICE: 238 object->flags = OBJ_FICTITIOUS; 239 break; 240 case OBJT_PHYS: 241 object->flags = OBJ_UNMANAGED; 242 break; 243 case OBJT_VNODE: 244 object->flags = 0; 245 break; 246 default: 247 panic("_vm_object_allocate: type %d is undefined", type); 248 } 249 object->size = size; 250 object->generation = 1; 251 object->ref_count = 1; 252 object->memattr = VM_MEMATTR_DEFAULT; 253 object->cred = NULL; 254 object->charge = 0; 255 object->handle = NULL; 256 object->backing_object = NULL; 257 object->backing_object_offset = (vm_ooffset_t) 0; 258 #if VM_NRESERVLEVEL > 0 259 LIST_INIT(&object->rvq); 260 #endif 261 umtx_shm_object_init(object); 262 } 263 264 /* 265 * vm_object_init: 266 * 267 * Initialize the VM objects module. 268 */ 269 void 270 vm_object_init(void) 271 { 272 TAILQ_INIT(&vm_object_list); 273 mtx_init(&vm_object_list_mtx, "vm object_list", NULL, MTX_DEF); 274 275 rw_init(&kernel_object->lock, "kernel vm object"); 276 _vm_object_allocate(OBJT_PHYS, atop(VM_MAX_KERNEL_ADDRESS - 277 VM_MIN_KERNEL_ADDRESS), kernel_object); 278 #if VM_NRESERVLEVEL > 0 279 kernel_object->flags |= OBJ_COLORED; 280 kernel_object->pg_color = (u_short)atop(VM_MIN_KERNEL_ADDRESS); 281 #endif 282 283 rw_init(&kmem_object->lock, "kmem vm object"); 284 _vm_object_allocate(OBJT_PHYS, atop(VM_MAX_KERNEL_ADDRESS - 285 VM_MIN_KERNEL_ADDRESS), kmem_object); 286 #if VM_NRESERVLEVEL > 0 287 kmem_object->flags |= OBJ_COLORED; 288 kmem_object->pg_color = (u_short)atop(VM_MIN_KERNEL_ADDRESS); 289 #endif 290 291 /* 292 * The lock portion of struct vm_object must be type stable due 293 * to vm_pageout_fallback_object_lock locking a vm object 294 * without holding any references to it. 295 */ 296 obj_zone = uma_zcreate("VM OBJECT", sizeof (struct vm_object), NULL, 297 #ifdef INVARIANTS 298 vm_object_zdtor, 299 #else 300 NULL, 301 #endif 302 vm_object_zinit, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 303 304 vm_radix_init(); 305 } 306 307 void 308 vm_object_clear_flag(vm_object_t object, u_short bits) 309 { 310 311 VM_OBJECT_ASSERT_WLOCKED(object); 312 object->flags &= ~bits; 313 } 314 315 /* 316 * Sets the default memory attribute for the specified object. Pages 317 * that are allocated to this object are by default assigned this memory 318 * attribute. 319 * 320 * Presently, this function must be called before any pages are allocated 321 * to the object. In the future, this requirement may be relaxed for 322 * "default" and "swap" objects. 323 */ 324 int 325 vm_object_set_memattr(vm_object_t object, vm_memattr_t memattr) 326 { 327 328 VM_OBJECT_ASSERT_WLOCKED(object); 329 switch (object->type) { 330 case OBJT_DEFAULT: 331 case OBJT_DEVICE: 332 case OBJT_MGTDEVICE: 333 case OBJT_PHYS: 334 case OBJT_SG: 335 case OBJT_SWAP: 336 case OBJT_VNODE: 337 if (!TAILQ_EMPTY(&object->memq)) 338 return (KERN_FAILURE); 339 break; 340 case OBJT_DEAD: 341 return (KERN_INVALID_ARGUMENT); 342 default: 343 panic("vm_object_set_memattr: object %p is of undefined type", 344 object); 345 } 346 object->memattr = memattr; 347 return (KERN_SUCCESS); 348 } 349 350 void 351 vm_object_pip_add(vm_object_t object, short i) 352 { 353 354 VM_OBJECT_ASSERT_WLOCKED(object); 355 object->paging_in_progress += i; 356 } 357 358 void 359 vm_object_pip_subtract(vm_object_t object, short i) 360 { 361 362 VM_OBJECT_ASSERT_WLOCKED(object); 363 object->paging_in_progress -= i; 364 } 365 366 void 367 vm_object_pip_wakeup(vm_object_t object) 368 { 369 370 VM_OBJECT_ASSERT_WLOCKED(object); 371 object->paging_in_progress--; 372 if ((object->flags & OBJ_PIPWNT) && object->paging_in_progress == 0) { 373 vm_object_clear_flag(object, OBJ_PIPWNT); 374 wakeup(object); 375 } 376 } 377 378 void 379 vm_object_pip_wakeupn(vm_object_t object, short i) 380 { 381 382 VM_OBJECT_ASSERT_WLOCKED(object); 383 if (i) 384 object->paging_in_progress -= i; 385 if ((object->flags & OBJ_PIPWNT) && object->paging_in_progress == 0) { 386 vm_object_clear_flag(object, OBJ_PIPWNT); 387 wakeup(object); 388 } 389 } 390 391 void 392 vm_object_pip_wait(vm_object_t object, char *waitid) 393 { 394 395 VM_OBJECT_ASSERT_WLOCKED(object); 396 while (object->paging_in_progress) { 397 object->flags |= OBJ_PIPWNT; 398 VM_OBJECT_SLEEP(object, object, PVM, waitid, 0); 399 } 400 } 401 402 /* 403 * vm_object_allocate: 404 * 405 * Returns a new object with the given size. 406 */ 407 vm_object_t 408 vm_object_allocate(objtype_t type, vm_pindex_t size) 409 { 410 vm_object_t object; 411 412 object = (vm_object_t)uma_zalloc(obj_zone, M_WAITOK); 413 _vm_object_allocate(type, size, object); 414 return (object); 415 } 416 417 418 /* 419 * vm_object_reference: 420 * 421 * Gets another reference to the given object. Note: OBJ_DEAD 422 * objects can be referenced during final cleaning. 423 */ 424 void 425 vm_object_reference(vm_object_t object) 426 { 427 if (object == NULL) 428 return; 429 VM_OBJECT_WLOCK(object); 430 vm_object_reference_locked(object); 431 VM_OBJECT_WUNLOCK(object); 432 } 433 434 /* 435 * vm_object_reference_locked: 436 * 437 * Gets another reference to the given object. 438 * 439 * The object must be locked. 440 */ 441 void 442 vm_object_reference_locked(vm_object_t object) 443 { 444 struct vnode *vp; 445 446 VM_OBJECT_ASSERT_WLOCKED(object); 447 object->ref_count++; 448 if (object->type == OBJT_VNODE) { 449 vp = object->handle; 450 vref(vp); 451 } 452 } 453 454 /* 455 * Handle deallocating an object of type OBJT_VNODE. 456 */ 457 static void 458 vm_object_vndeallocate(vm_object_t object) 459 { 460 struct vnode *vp = (struct vnode *) object->handle; 461 462 VM_OBJECT_ASSERT_WLOCKED(object); 463 KASSERT(object->type == OBJT_VNODE, 464 ("vm_object_vndeallocate: not a vnode object")); 465 KASSERT(vp != NULL, ("vm_object_vndeallocate: missing vp")); 466 #ifdef INVARIANTS 467 if (object->ref_count == 0) { 468 vn_printf(vp, "vm_object_vndeallocate "); 469 panic("vm_object_vndeallocate: bad object reference count"); 470 } 471 #endif 472 473 if (!umtx_shm_vnobj_persistent && object->ref_count == 1) 474 umtx_shm_object_terminated(object); 475 476 /* 477 * The test for text of vp vnode does not need a bypass to 478 * reach right VV_TEXT there, since it is obtained from 479 * object->handle. 480 */ 481 if (object->ref_count > 1 || (vp->v_vflag & VV_TEXT) == 0) { 482 object->ref_count--; 483 VM_OBJECT_WUNLOCK(object); 484 /* vrele may need the vnode lock. */ 485 vrele(vp); 486 } else { 487 vhold(vp); 488 VM_OBJECT_WUNLOCK(object); 489 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 490 vdrop(vp); 491 VM_OBJECT_WLOCK(object); 492 object->ref_count--; 493 if (object->type == OBJT_DEAD) { 494 VM_OBJECT_WUNLOCK(object); 495 VOP_UNLOCK(vp, 0); 496 } else { 497 if (object->ref_count == 0) 498 VOP_UNSET_TEXT(vp); 499 VM_OBJECT_WUNLOCK(object); 500 vput(vp); 501 } 502 } 503 } 504 505 /* 506 * vm_object_deallocate: 507 * 508 * Release a reference to the specified object, 509 * gained either through a vm_object_allocate 510 * or a vm_object_reference call. When all references 511 * are gone, storage associated with this object 512 * may be relinquished. 513 * 514 * No object may be locked. 515 */ 516 void 517 vm_object_deallocate(vm_object_t object) 518 { 519 vm_object_t temp; 520 struct vnode *vp; 521 522 while (object != NULL) { 523 VM_OBJECT_WLOCK(object); 524 if (object->type == OBJT_VNODE) { 525 vm_object_vndeallocate(object); 526 return; 527 } 528 529 KASSERT(object->ref_count != 0, 530 ("vm_object_deallocate: object deallocated too many times: %d", object->type)); 531 532 /* 533 * If the reference count goes to 0 we start calling 534 * vm_object_terminate() on the object chain. 535 * A ref count of 1 may be a special case depending on the 536 * shadow count being 0 or 1. 537 */ 538 object->ref_count--; 539 if (object->ref_count > 1) { 540 VM_OBJECT_WUNLOCK(object); 541 return; 542 } else if (object->ref_count == 1) { 543 if (object->type == OBJT_SWAP && 544 (object->flags & OBJ_TMPFS) != 0) { 545 vp = object->un_pager.swp.swp_tmpfs; 546 vhold(vp); 547 VM_OBJECT_WUNLOCK(object); 548 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 549 VM_OBJECT_WLOCK(object); 550 if (object->type == OBJT_DEAD || 551 object->ref_count != 1) { 552 VM_OBJECT_WUNLOCK(object); 553 VOP_UNLOCK(vp, 0); 554 vdrop(vp); 555 return; 556 } 557 if ((object->flags & OBJ_TMPFS) != 0) 558 VOP_UNSET_TEXT(vp); 559 VOP_UNLOCK(vp, 0); 560 vdrop(vp); 561 } 562 if (object->shadow_count == 0 && 563 object->handle == NULL && 564 (object->type == OBJT_DEFAULT || 565 (object->type == OBJT_SWAP && 566 (object->flags & OBJ_TMPFS_NODE) == 0))) { 567 vm_object_set_flag(object, OBJ_ONEMAPPING); 568 } else if ((object->shadow_count == 1) && 569 (object->handle == NULL) && 570 (object->type == OBJT_DEFAULT || 571 object->type == OBJT_SWAP)) { 572 vm_object_t robject; 573 574 robject = LIST_FIRST(&object->shadow_head); 575 KASSERT(robject != NULL, 576 ("vm_object_deallocate: ref_count: %d, shadow_count: %d", 577 object->ref_count, 578 object->shadow_count)); 579 KASSERT((robject->flags & OBJ_TMPFS_NODE) == 0, 580 ("shadowed tmpfs v_object %p", object)); 581 if (!VM_OBJECT_TRYWLOCK(robject)) { 582 /* 583 * Avoid a potential deadlock. 584 */ 585 object->ref_count++; 586 VM_OBJECT_WUNLOCK(object); 587 /* 588 * More likely than not the thread 589 * holding robject's lock has lower 590 * priority than the current thread. 591 * Let the lower priority thread run. 592 */ 593 pause("vmo_de", 1); 594 continue; 595 } 596 /* 597 * Collapse object into its shadow unless its 598 * shadow is dead. In that case, object will 599 * be deallocated by the thread that is 600 * deallocating its shadow. 601 */ 602 if ((robject->flags & OBJ_DEAD) == 0 && 603 (robject->handle == NULL) && 604 (robject->type == OBJT_DEFAULT || 605 robject->type == OBJT_SWAP)) { 606 607 robject->ref_count++; 608 retry: 609 if (robject->paging_in_progress) { 610 VM_OBJECT_WUNLOCK(object); 611 vm_object_pip_wait(robject, 612 "objde1"); 613 temp = robject->backing_object; 614 if (object == temp) { 615 VM_OBJECT_WLOCK(object); 616 goto retry; 617 } 618 } else if (object->paging_in_progress) { 619 VM_OBJECT_WUNLOCK(robject); 620 object->flags |= OBJ_PIPWNT; 621 VM_OBJECT_SLEEP(object, object, 622 PDROP | PVM, "objde2", 0); 623 VM_OBJECT_WLOCK(robject); 624 temp = robject->backing_object; 625 if (object == temp) { 626 VM_OBJECT_WLOCK(object); 627 goto retry; 628 } 629 } else 630 VM_OBJECT_WUNLOCK(object); 631 632 if (robject->ref_count == 1) { 633 robject->ref_count--; 634 object = robject; 635 goto doterm; 636 } 637 object = robject; 638 vm_object_collapse(object); 639 VM_OBJECT_WUNLOCK(object); 640 continue; 641 } 642 VM_OBJECT_WUNLOCK(robject); 643 } 644 VM_OBJECT_WUNLOCK(object); 645 return; 646 } 647 doterm: 648 umtx_shm_object_terminated(object); 649 temp = object->backing_object; 650 if (temp != NULL) { 651 KASSERT((object->flags & OBJ_TMPFS_NODE) == 0, 652 ("shadowed tmpfs v_object 2 %p", object)); 653 VM_OBJECT_WLOCK(temp); 654 LIST_REMOVE(object, shadow_list); 655 temp->shadow_count--; 656 VM_OBJECT_WUNLOCK(temp); 657 object->backing_object = NULL; 658 } 659 /* 660 * Don't double-terminate, we could be in a termination 661 * recursion due to the terminate having to sync data 662 * to disk. 663 */ 664 if ((object->flags & OBJ_DEAD) == 0) 665 vm_object_terminate(object); 666 else 667 VM_OBJECT_WUNLOCK(object); 668 object = temp; 669 } 670 } 671 672 /* 673 * vm_object_destroy removes the object from the global object list 674 * and frees the space for the object. 675 */ 676 void 677 vm_object_destroy(vm_object_t object) 678 { 679 680 /* 681 * Release the allocation charge. 682 */ 683 if (object->cred != NULL) { 684 swap_release_by_cred(object->charge, object->cred); 685 object->charge = 0; 686 crfree(object->cred); 687 object->cred = NULL; 688 } 689 690 /* 691 * Free the space for the object. 692 */ 693 uma_zfree(obj_zone, object); 694 } 695 696 /* 697 * vm_object_terminate actually destroys the specified object, freeing 698 * up all previously used resources. 699 * 700 * The object must be locked. 701 * This routine may block. 702 */ 703 void 704 vm_object_terminate(vm_object_t object) 705 { 706 vm_page_t p, p_next; 707 708 VM_OBJECT_ASSERT_WLOCKED(object); 709 710 /* 711 * Make sure no one uses us. 712 */ 713 vm_object_set_flag(object, OBJ_DEAD); 714 715 /* 716 * wait for the pageout daemon to be done with the object 717 */ 718 vm_object_pip_wait(object, "objtrm"); 719 720 KASSERT(!object->paging_in_progress, 721 ("vm_object_terminate: pageout in progress")); 722 723 /* 724 * Clean and free the pages, as appropriate. All references to the 725 * object are gone, so we don't need to lock it. 726 */ 727 if (object->type == OBJT_VNODE) { 728 struct vnode *vp = (struct vnode *)object->handle; 729 730 /* 731 * Clean pages and flush buffers. 732 */ 733 vm_object_page_clean(object, 0, 0, OBJPC_SYNC); 734 VM_OBJECT_WUNLOCK(object); 735 736 vinvalbuf(vp, V_SAVE, 0, 0); 737 738 BO_LOCK(&vp->v_bufobj); 739 vp->v_bufobj.bo_flag |= BO_DEAD; 740 BO_UNLOCK(&vp->v_bufobj); 741 742 VM_OBJECT_WLOCK(object); 743 } 744 745 KASSERT(object->ref_count == 0, 746 ("vm_object_terminate: object with references, ref_count=%d", 747 object->ref_count)); 748 749 /* 750 * Free any remaining pageable pages. This also removes them from the 751 * paging queues. However, don't free wired pages, just remove them 752 * from the object. Rather than incrementally removing each page from 753 * the object, the page and object are reset to any empty state. 754 */ 755 TAILQ_FOREACH_SAFE(p, &object->memq, listq, p_next) { 756 vm_page_assert_unbusied(p); 757 vm_page_lock(p); 758 /* 759 * Optimize the page's removal from the object by resetting 760 * its "object" field. Specifically, if the page is not 761 * wired, then the effect of this assignment is that 762 * vm_page_free()'s call to vm_page_remove() will return 763 * immediately without modifying the page or the object. 764 */ 765 p->object = NULL; 766 if (p->wire_count == 0) { 767 vm_page_free(p); 768 PCPU_INC(cnt.v_pfree); 769 } 770 vm_page_unlock(p); 771 } 772 /* 773 * If the object contained any pages, then reset it to an empty state. 774 * None of the object's fields, including "resident_page_count", were 775 * modified by the preceding loop. 776 */ 777 if (object->resident_page_count != 0) { 778 vm_radix_reclaim_allnodes(&object->rtree); 779 TAILQ_INIT(&object->memq); 780 object->resident_page_count = 0; 781 if (object->type == OBJT_VNODE) 782 vdrop(object->handle); 783 } 784 785 #if VM_NRESERVLEVEL > 0 786 if (__predict_false(!LIST_EMPTY(&object->rvq))) 787 vm_reserv_break_all(object); 788 #endif 789 790 KASSERT(object->cred == NULL || object->type == OBJT_DEFAULT || 791 object->type == OBJT_SWAP, 792 ("%s: non-swap obj %p has cred", __func__, object)); 793 794 /* 795 * Let the pager know object is dead. 796 */ 797 vm_pager_deallocate(object); 798 VM_OBJECT_WUNLOCK(object); 799 800 vm_object_destroy(object); 801 } 802 803 /* 804 * Make the page read-only so that we can clear the object flags. However, if 805 * this is a nosync mmap then the object is likely to stay dirty so do not 806 * mess with the page and do not clear the object flags. Returns TRUE if the 807 * page should be flushed, and FALSE otherwise. 808 */ 809 static boolean_t 810 vm_object_page_remove_write(vm_page_t p, int flags, boolean_t *clearobjflags) 811 { 812 813 /* 814 * If we have been asked to skip nosync pages and this is a 815 * nosync page, skip it. Note that the object flags were not 816 * cleared in this case so we do not have to set them. 817 */ 818 if ((flags & OBJPC_NOSYNC) != 0 && (p->oflags & VPO_NOSYNC) != 0) { 819 *clearobjflags = FALSE; 820 return (FALSE); 821 } else { 822 pmap_remove_write(p); 823 return (p->dirty != 0); 824 } 825 } 826 827 /* 828 * vm_object_page_clean 829 * 830 * Clean all dirty pages in the specified range of object. Leaves page 831 * on whatever queue it is currently on. If NOSYNC is set then do not 832 * write out pages with VPO_NOSYNC set (originally comes from MAP_NOSYNC), 833 * leaving the object dirty. 834 * 835 * When stuffing pages asynchronously, allow clustering. XXX we need a 836 * synchronous clustering mode implementation. 837 * 838 * Odd semantics: if start == end, we clean everything. 839 * 840 * The object must be locked. 841 * 842 * Returns FALSE if some page from the range was not written, as 843 * reported by the pager, and TRUE otherwise. 844 */ 845 boolean_t 846 vm_object_page_clean(vm_object_t object, vm_ooffset_t start, vm_ooffset_t end, 847 int flags) 848 { 849 vm_page_t np, p; 850 vm_pindex_t pi, tend, tstart; 851 int curgeneration, n, pagerflags; 852 boolean_t clearobjflags, eio, res; 853 854 VM_OBJECT_ASSERT_WLOCKED(object); 855 856 /* 857 * The OBJ_MIGHTBEDIRTY flag is only set for OBJT_VNODE 858 * objects. The check below prevents the function from 859 * operating on non-vnode objects. 860 */ 861 if ((object->flags & OBJ_MIGHTBEDIRTY) == 0 || 862 object->resident_page_count == 0) 863 return (TRUE); 864 865 pagerflags = (flags & (OBJPC_SYNC | OBJPC_INVAL)) != 0 ? 866 VM_PAGER_PUT_SYNC : VM_PAGER_CLUSTER_OK; 867 pagerflags |= (flags & OBJPC_INVAL) != 0 ? VM_PAGER_PUT_INVAL : 0; 868 869 tstart = OFF_TO_IDX(start); 870 tend = (end == 0) ? object->size : OFF_TO_IDX(end + PAGE_MASK); 871 clearobjflags = tstart == 0 && tend >= object->size; 872 res = TRUE; 873 874 rescan: 875 curgeneration = object->generation; 876 877 for (p = vm_page_find_least(object, tstart); p != NULL; p = np) { 878 pi = p->pindex; 879 if (pi >= tend) 880 break; 881 np = TAILQ_NEXT(p, listq); 882 if (p->valid == 0) 883 continue; 884 if (vm_page_sleep_if_busy(p, "vpcwai")) { 885 if (object->generation != curgeneration) { 886 if ((flags & OBJPC_SYNC) != 0) 887 goto rescan; 888 else 889 clearobjflags = FALSE; 890 } 891 np = vm_page_find_least(object, pi); 892 continue; 893 } 894 if (!vm_object_page_remove_write(p, flags, &clearobjflags)) 895 continue; 896 897 n = vm_object_page_collect_flush(object, p, pagerflags, 898 flags, &clearobjflags, &eio); 899 if (eio) { 900 res = FALSE; 901 clearobjflags = FALSE; 902 } 903 if (object->generation != curgeneration) { 904 if ((flags & OBJPC_SYNC) != 0) 905 goto rescan; 906 else 907 clearobjflags = FALSE; 908 } 909 910 /* 911 * If the VOP_PUTPAGES() did a truncated write, so 912 * that even the first page of the run is not fully 913 * written, vm_pageout_flush() returns 0 as the run 914 * length. Since the condition that caused truncated 915 * write may be permanent, e.g. exhausted free space, 916 * accepting n == 0 would cause an infinite loop. 917 * 918 * Forwarding the iterator leaves the unwritten page 919 * behind, but there is not much we can do there if 920 * filesystem refuses to write it. 921 */ 922 if (n == 0) { 923 n = 1; 924 clearobjflags = FALSE; 925 } 926 np = vm_page_find_least(object, pi + n); 927 } 928 #if 0 929 VOP_FSYNC(vp, (pagerflags & VM_PAGER_PUT_SYNC) ? MNT_WAIT : 0); 930 #endif 931 932 if (clearobjflags) 933 vm_object_clear_flag(object, OBJ_MIGHTBEDIRTY); 934 return (res); 935 } 936 937 static int 938 vm_object_page_collect_flush(vm_object_t object, vm_page_t p, int pagerflags, 939 int flags, boolean_t *clearobjflags, boolean_t *eio) 940 { 941 vm_page_t ma[vm_pageout_page_count], p_first, tp; 942 int count, i, mreq, runlen; 943 944 vm_page_lock_assert(p, MA_NOTOWNED); 945 VM_OBJECT_ASSERT_WLOCKED(object); 946 947 count = 1; 948 mreq = 0; 949 950 for (tp = p; count < vm_pageout_page_count; count++) { 951 tp = vm_page_next(tp); 952 if (tp == NULL || vm_page_busied(tp)) 953 break; 954 if (!vm_object_page_remove_write(tp, flags, clearobjflags)) 955 break; 956 } 957 958 for (p_first = p; count < vm_pageout_page_count; count++) { 959 tp = vm_page_prev(p_first); 960 if (tp == NULL || vm_page_busied(tp)) 961 break; 962 if (!vm_object_page_remove_write(tp, flags, clearobjflags)) 963 break; 964 p_first = tp; 965 mreq++; 966 } 967 968 for (tp = p_first, i = 0; i < count; tp = TAILQ_NEXT(tp, listq), i++) 969 ma[i] = tp; 970 971 vm_pageout_flush(ma, count, pagerflags, mreq, &runlen, eio); 972 return (runlen); 973 } 974 975 /* 976 * Note that there is absolutely no sense in writing out 977 * anonymous objects, so we track down the vnode object 978 * to write out. 979 * We invalidate (remove) all pages from the address space 980 * for semantic correctness. 981 * 982 * If the backing object is a device object with unmanaged pages, then any 983 * mappings to the specified range of pages must be removed before this 984 * function is called. 985 * 986 * Note: certain anonymous maps, such as MAP_NOSYNC maps, 987 * may start out with a NULL object. 988 */ 989 boolean_t 990 vm_object_sync(vm_object_t object, vm_ooffset_t offset, vm_size_t size, 991 boolean_t syncio, boolean_t invalidate) 992 { 993 vm_object_t backing_object; 994 struct vnode *vp; 995 struct mount *mp; 996 int error, flags, fsync_after; 997 boolean_t res; 998 999 if (object == NULL) 1000 return (TRUE); 1001 res = TRUE; 1002 error = 0; 1003 VM_OBJECT_WLOCK(object); 1004 while ((backing_object = object->backing_object) != NULL) { 1005 VM_OBJECT_WLOCK(backing_object); 1006 offset += object->backing_object_offset; 1007 VM_OBJECT_WUNLOCK(object); 1008 object = backing_object; 1009 if (object->size < OFF_TO_IDX(offset + size)) 1010 size = IDX_TO_OFF(object->size) - offset; 1011 } 1012 /* 1013 * Flush pages if writing is allowed, invalidate them 1014 * if invalidation requested. Pages undergoing I/O 1015 * will be ignored by vm_object_page_remove(). 1016 * 1017 * We cannot lock the vnode and then wait for paging 1018 * to complete without deadlocking against vm_fault. 1019 * Instead we simply call vm_object_page_remove() and 1020 * allow it to block internally on a page-by-page 1021 * basis when it encounters pages undergoing async 1022 * I/O. 1023 */ 1024 if (object->type == OBJT_VNODE && 1025 (object->flags & OBJ_MIGHTBEDIRTY) != 0) { 1026 vp = object->handle; 1027 VM_OBJECT_WUNLOCK(object); 1028 (void) vn_start_write(vp, &mp, V_WAIT); 1029 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1030 if (syncio && !invalidate && offset == 0 && 1031 atop(size) == object->size) { 1032 /* 1033 * If syncing the whole mapping of the file, 1034 * it is faster to schedule all the writes in 1035 * async mode, also allowing the clustering, 1036 * and then wait for i/o to complete. 1037 */ 1038 flags = 0; 1039 fsync_after = TRUE; 1040 } else { 1041 flags = (syncio || invalidate) ? OBJPC_SYNC : 0; 1042 flags |= invalidate ? (OBJPC_SYNC | OBJPC_INVAL) : 0; 1043 fsync_after = FALSE; 1044 } 1045 VM_OBJECT_WLOCK(object); 1046 res = vm_object_page_clean(object, offset, offset + size, 1047 flags); 1048 VM_OBJECT_WUNLOCK(object); 1049 if (fsync_after) 1050 error = VOP_FSYNC(vp, MNT_WAIT, curthread); 1051 VOP_UNLOCK(vp, 0); 1052 vn_finished_write(mp); 1053 if (error != 0) 1054 res = FALSE; 1055 VM_OBJECT_WLOCK(object); 1056 } 1057 if ((object->type == OBJT_VNODE || 1058 object->type == OBJT_DEVICE) && invalidate) { 1059 if (object->type == OBJT_DEVICE) 1060 /* 1061 * The option OBJPR_NOTMAPPED must be passed here 1062 * because vm_object_page_remove() cannot remove 1063 * unmanaged mappings. 1064 */ 1065 flags = OBJPR_NOTMAPPED; 1066 else if (old_msync) 1067 flags = 0; 1068 else 1069 flags = OBJPR_CLEANONLY; 1070 vm_object_page_remove(object, OFF_TO_IDX(offset), 1071 OFF_TO_IDX(offset + size + PAGE_MASK), flags); 1072 } 1073 VM_OBJECT_WUNLOCK(object); 1074 return (res); 1075 } 1076 1077 /* 1078 * vm_object_madvise: 1079 * 1080 * Implements the madvise function at the object/page level. 1081 * 1082 * MADV_WILLNEED (any object) 1083 * 1084 * Activate the specified pages if they are resident. 1085 * 1086 * MADV_DONTNEED (any object) 1087 * 1088 * Deactivate the specified pages if they are resident. 1089 * 1090 * MADV_FREE (OBJT_DEFAULT/OBJT_SWAP objects, 1091 * OBJ_ONEMAPPING only) 1092 * 1093 * Deactivate and clean the specified pages if they are 1094 * resident. This permits the process to reuse the pages 1095 * without faulting or the kernel to reclaim the pages 1096 * without I/O. 1097 */ 1098 void 1099 vm_object_madvise(vm_object_t object, vm_pindex_t pindex, vm_pindex_t end, 1100 int advise) 1101 { 1102 vm_pindex_t tpindex; 1103 vm_object_t backing_object, tobject; 1104 vm_page_t m; 1105 1106 if (object == NULL) 1107 return; 1108 VM_OBJECT_WLOCK(object); 1109 /* 1110 * Locate and adjust resident pages 1111 */ 1112 for (; pindex < end; pindex += 1) { 1113 relookup: 1114 tobject = object; 1115 tpindex = pindex; 1116 shadowlookup: 1117 /* 1118 * MADV_FREE only operates on OBJT_DEFAULT or OBJT_SWAP pages 1119 * and those pages must be OBJ_ONEMAPPING. 1120 */ 1121 if (advise == MADV_FREE) { 1122 if ((tobject->type != OBJT_DEFAULT && 1123 tobject->type != OBJT_SWAP) || 1124 (tobject->flags & OBJ_ONEMAPPING) == 0) { 1125 goto unlock_tobject; 1126 } 1127 } else if ((tobject->flags & OBJ_UNMANAGED) != 0) 1128 goto unlock_tobject; 1129 m = vm_page_lookup(tobject, tpindex); 1130 if (m == NULL) { 1131 /* 1132 * There may be swap even if there is no backing page 1133 */ 1134 if (advise == MADV_FREE && tobject->type == OBJT_SWAP) 1135 swap_pager_freespace(tobject, tpindex, 1); 1136 /* 1137 * next object 1138 */ 1139 backing_object = tobject->backing_object; 1140 if (backing_object == NULL) 1141 goto unlock_tobject; 1142 VM_OBJECT_WLOCK(backing_object); 1143 tpindex += OFF_TO_IDX(tobject->backing_object_offset); 1144 if (tobject != object) 1145 VM_OBJECT_WUNLOCK(tobject); 1146 tobject = backing_object; 1147 goto shadowlookup; 1148 } else if (m->valid != VM_PAGE_BITS_ALL) 1149 goto unlock_tobject; 1150 /* 1151 * If the page is not in a normal state, skip it. 1152 */ 1153 vm_page_lock(m); 1154 if (m->hold_count != 0 || m->wire_count != 0) { 1155 vm_page_unlock(m); 1156 goto unlock_tobject; 1157 } 1158 KASSERT((m->flags & PG_FICTITIOUS) == 0, 1159 ("vm_object_madvise: page %p is fictitious", m)); 1160 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 1161 ("vm_object_madvise: page %p is not managed", m)); 1162 if (vm_page_busied(m)) { 1163 if (advise == MADV_WILLNEED) { 1164 /* 1165 * Reference the page before unlocking and 1166 * sleeping so that the page daemon is less 1167 * likely to reclaim it. 1168 */ 1169 vm_page_aflag_set(m, PGA_REFERENCED); 1170 } 1171 if (object != tobject) 1172 VM_OBJECT_WUNLOCK(object); 1173 VM_OBJECT_WUNLOCK(tobject); 1174 vm_page_busy_sleep(m, "madvpo", false); 1175 VM_OBJECT_WLOCK(object); 1176 goto relookup; 1177 } 1178 if (advise == MADV_WILLNEED) { 1179 vm_page_activate(m); 1180 } else { 1181 vm_page_advise(m, advise); 1182 } 1183 vm_page_unlock(m); 1184 if (advise == MADV_FREE && tobject->type == OBJT_SWAP) 1185 swap_pager_freespace(tobject, tpindex, 1); 1186 unlock_tobject: 1187 if (tobject != object) 1188 VM_OBJECT_WUNLOCK(tobject); 1189 } 1190 VM_OBJECT_WUNLOCK(object); 1191 } 1192 1193 /* 1194 * vm_object_shadow: 1195 * 1196 * Create a new object which is backed by the 1197 * specified existing object range. The source 1198 * object reference is deallocated. 1199 * 1200 * The new object and offset into that object 1201 * are returned in the source parameters. 1202 */ 1203 void 1204 vm_object_shadow( 1205 vm_object_t *object, /* IN/OUT */ 1206 vm_ooffset_t *offset, /* IN/OUT */ 1207 vm_size_t length) 1208 { 1209 vm_object_t source; 1210 vm_object_t result; 1211 1212 source = *object; 1213 1214 /* 1215 * Don't create the new object if the old object isn't shared. 1216 */ 1217 if (source != NULL) { 1218 VM_OBJECT_WLOCK(source); 1219 if (source->ref_count == 1 && 1220 source->handle == NULL && 1221 (source->type == OBJT_DEFAULT || 1222 source->type == OBJT_SWAP)) { 1223 VM_OBJECT_WUNLOCK(source); 1224 return; 1225 } 1226 VM_OBJECT_WUNLOCK(source); 1227 } 1228 1229 /* 1230 * Allocate a new object with the given length. 1231 */ 1232 result = vm_object_allocate(OBJT_DEFAULT, atop(length)); 1233 1234 /* 1235 * The new object shadows the source object, adding a reference to it. 1236 * Our caller changes his reference to point to the new object, 1237 * removing a reference to the source object. Net result: no change 1238 * of reference count. 1239 * 1240 * Try to optimize the result object's page color when shadowing 1241 * in order to maintain page coloring consistency in the combined 1242 * shadowed object. 1243 */ 1244 result->backing_object = source; 1245 /* 1246 * Store the offset into the source object, and fix up the offset into 1247 * the new object. 1248 */ 1249 result->backing_object_offset = *offset; 1250 if (source != NULL) { 1251 VM_OBJECT_WLOCK(source); 1252 LIST_INSERT_HEAD(&source->shadow_head, result, shadow_list); 1253 source->shadow_count++; 1254 #if VM_NRESERVLEVEL > 0 1255 result->flags |= source->flags & OBJ_COLORED; 1256 result->pg_color = (source->pg_color + OFF_TO_IDX(*offset)) & 1257 ((1 << (VM_NFREEORDER - 1)) - 1); 1258 #endif 1259 VM_OBJECT_WUNLOCK(source); 1260 } 1261 1262 1263 /* 1264 * Return the new things 1265 */ 1266 *offset = 0; 1267 *object = result; 1268 } 1269 1270 /* 1271 * vm_object_split: 1272 * 1273 * Split the pages in a map entry into a new object. This affords 1274 * easier removal of unused pages, and keeps object inheritance from 1275 * being a negative impact on memory usage. 1276 */ 1277 void 1278 vm_object_split(vm_map_entry_t entry) 1279 { 1280 vm_page_t m, m_next; 1281 vm_object_t orig_object, new_object, source; 1282 vm_pindex_t idx, offidxstart; 1283 vm_size_t size; 1284 1285 orig_object = entry->object.vm_object; 1286 if (orig_object->type != OBJT_DEFAULT && orig_object->type != OBJT_SWAP) 1287 return; 1288 if (orig_object->ref_count <= 1) 1289 return; 1290 VM_OBJECT_WUNLOCK(orig_object); 1291 1292 offidxstart = OFF_TO_IDX(entry->offset); 1293 size = atop(entry->end - entry->start); 1294 1295 /* 1296 * If swap_pager_copy() is later called, it will convert new_object 1297 * into a swap object. 1298 */ 1299 new_object = vm_object_allocate(OBJT_DEFAULT, size); 1300 1301 /* 1302 * At this point, the new object is still private, so the order in 1303 * which the original and new objects are locked does not matter. 1304 */ 1305 VM_OBJECT_WLOCK(new_object); 1306 VM_OBJECT_WLOCK(orig_object); 1307 source = orig_object->backing_object; 1308 if (source != NULL) { 1309 VM_OBJECT_WLOCK(source); 1310 if ((source->flags & OBJ_DEAD) != 0) { 1311 VM_OBJECT_WUNLOCK(source); 1312 VM_OBJECT_WUNLOCK(orig_object); 1313 VM_OBJECT_WUNLOCK(new_object); 1314 vm_object_deallocate(new_object); 1315 VM_OBJECT_WLOCK(orig_object); 1316 return; 1317 } 1318 LIST_INSERT_HEAD(&source->shadow_head, 1319 new_object, shadow_list); 1320 source->shadow_count++; 1321 vm_object_reference_locked(source); /* for new_object */ 1322 vm_object_clear_flag(source, OBJ_ONEMAPPING); 1323 VM_OBJECT_WUNLOCK(source); 1324 new_object->backing_object_offset = 1325 orig_object->backing_object_offset + entry->offset; 1326 new_object->backing_object = source; 1327 } 1328 if (orig_object->cred != NULL) { 1329 new_object->cred = orig_object->cred; 1330 crhold(orig_object->cred); 1331 new_object->charge = ptoa(size); 1332 KASSERT(orig_object->charge >= ptoa(size), 1333 ("orig_object->charge < 0")); 1334 orig_object->charge -= ptoa(size); 1335 } 1336 retry: 1337 m = vm_page_find_least(orig_object, offidxstart); 1338 for (; m != NULL && (idx = m->pindex - offidxstart) < size; 1339 m = m_next) { 1340 m_next = TAILQ_NEXT(m, listq); 1341 1342 /* 1343 * We must wait for pending I/O to complete before we can 1344 * rename the page. 1345 * 1346 * We do not have to VM_PROT_NONE the page as mappings should 1347 * not be changed by this operation. 1348 */ 1349 if (vm_page_busied(m)) { 1350 VM_OBJECT_WUNLOCK(new_object); 1351 vm_page_lock(m); 1352 VM_OBJECT_WUNLOCK(orig_object); 1353 vm_page_busy_sleep(m, "spltwt", false); 1354 VM_OBJECT_WLOCK(orig_object); 1355 VM_OBJECT_WLOCK(new_object); 1356 goto retry; 1357 } 1358 1359 /* vm_page_rename() will dirty the page. */ 1360 if (vm_page_rename(m, new_object, idx)) { 1361 VM_OBJECT_WUNLOCK(new_object); 1362 VM_OBJECT_WUNLOCK(orig_object); 1363 VM_WAIT; 1364 VM_OBJECT_WLOCK(orig_object); 1365 VM_OBJECT_WLOCK(new_object); 1366 goto retry; 1367 } 1368 #if VM_NRESERVLEVEL > 0 1369 /* 1370 * If some of the reservation's allocated pages remain with 1371 * the original object, then transferring the reservation to 1372 * the new object is neither particularly beneficial nor 1373 * particularly harmful as compared to leaving the reservation 1374 * with the original object. If, however, all of the 1375 * reservation's allocated pages are transferred to the new 1376 * object, then transferring the reservation is typically 1377 * beneficial. Determining which of these two cases applies 1378 * would be more costly than unconditionally renaming the 1379 * reservation. 1380 */ 1381 vm_reserv_rename(m, new_object, orig_object, offidxstart); 1382 #endif 1383 if (orig_object->type == OBJT_SWAP) 1384 vm_page_xbusy(m); 1385 } 1386 if (orig_object->type == OBJT_SWAP) { 1387 /* 1388 * swap_pager_copy() can sleep, in which case the orig_object's 1389 * and new_object's locks are released and reacquired. 1390 */ 1391 swap_pager_copy(orig_object, new_object, offidxstart, 0); 1392 TAILQ_FOREACH(m, &new_object->memq, listq) 1393 vm_page_xunbusy(m); 1394 } 1395 VM_OBJECT_WUNLOCK(orig_object); 1396 VM_OBJECT_WUNLOCK(new_object); 1397 entry->object.vm_object = new_object; 1398 entry->offset = 0LL; 1399 vm_object_deallocate(orig_object); 1400 VM_OBJECT_WLOCK(new_object); 1401 } 1402 1403 #define OBSC_COLLAPSE_NOWAIT 0x0002 1404 #define OBSC_COLLAPSE_WAIT 0x0004 1405 1406 static vm_page_t 1407 vm_object_collapse_scan_wait(vm_object_t object, vm_page_t p, vm_page_t next, 1408 int op) 1409 { 1410 vm_object_t backing_object; 1411 1412 VM_OBJECT_ASSERT_WLOCKED(object); 1413 backing_object = object->backing_object; 1414 VM_OBJECT_ASSERT_WLOCKED(backing_object); 1415 1416 KASSERT(p == NULL || vm_page_busied(p), ("unbusy page %p", p)); 1417 KASSERT(p == NULL || p->object == object || p->object == backing_object, 1418 ("invalid ownership %p %p %p", p, object, backing_object)); 1419 if ((op & OBSC_COLLAPSE_NOWAIT) != 0) 1420 return (next); 1421 if (p != NULL) 1422 vm_page_lock(p); 1423 VM_OBJECT_WUNLOCK(object); 1424 VM_OBJECT_WUNLOCK(backing_object); 1425 if (p == NULL) 1426 VM_WAIT; 1427 else 1428 vm_page_busy_sleep(p, "vmocol", false); 1429 VM_OBJECT_WLOCK(object); 1430 VM_OBJECT_WLOCK(backing_object); 1431 return (TAILQ_FIRST(&backing_object->memq)); 1432 } 1433 1434 static bool 1435 vm_object_scan_all_shadowed(vm_object_t object) 1436 { 1437 vm_object_t backing_object; 1438 vm_page_t p, pp; 1439 vm_pindex_t backing_offset_index, new_pindex, pi, ps; 1440 1441 VM_OBJECT_ASSERT_WLOCKED(object); 1442 VM_OBJECT_ASSERT_WLOCKED(object->backing_object); 1443 1444 backing_object = object->backing_object; 1445 1446 /* 1447 * Initial conditions: 1448 * 1449 * We do not want to have to test for the existence of swap 1450 * pages in the backing object. XXX but with the new swapper this 1451 * would be pretty easy to do. 1452 */ 1453 if (backing_object->type != OBJT_DEFAULT && 1454 backing_object->type != OBJT_SWAP) 1455 return (false); 1456 1457 pi = backing_offset_index = OFF_TO_IDX(object->backing_object_offset); 1458 p = vm_page_find_least(backing_object, pi); 1459 ps = swap_pager_find_least(backing_object, pi); 1460 1461 /* 1462 * Only check pages inside the parent object's range and 1463 * inside the parent object's mapping of the backing object. 1464 */ 1465 for (;; pi++) { 1466 if (p != NULL && p->pindex < pi) 1467 p = TAILQ_NEXT(p, listq); 1468 if (ps < pi) 1469 ps = swap_pager_find_least(backing_object, pi); 1470 if (p == NULL && ps >= backing_object->size) 1471 break; 1472 else if (p == NULL) 1473 pi = ps; 1474 else 1475 pi = MIN(p->pindex, ps); 1476 1477 new_pindex = pi - backing_offset_index; 1478 if (new_pindex >= object->size) 1479 break; 1480 1481 /* 1482 * See if the parent has the page or if the parent's object 1483 * pager has the page. If the parent has the page but the page 1484 * is not valid, the parent's object pager must have the page. 1485 * 1486 * If this fails, the parent does not completely shadow the 1487 * object and we might as well give up now. 1488 */ 1489 pp = vm_page_lookup(object, new_pindex); 1490 if ((pp == NULL || pp->valid == 0) && 1491 !vm_pager_has_page(object, new_pindex, NULL, NULL)) 1492 return (false); 1493 } 1494 return (true); 1495 } 1496 1497 static bool 1498 vm_object_collapse_scan(vm_object_t object, int op) 1499 { 1500 vm_object_t backing_object; 1501 vm_page_t next, p, pp; 1502 vm_pindex_t backing_offset_index, new_pindex; 1503 1504 VM_OBJECT_ASSERT_WLOCKED(object); 1505 VM_OBJECT_ASSERT_WLOCKED(object->backing_object); 1506 1507 backing_object = object->backing_object; 1508 backing_offset_index = OFF_TO_IDX(object->backing_object_offset); 1509 1510 /* 1511 * Initial conditions 1512 */ 1513 if ((op & OBSC_COLLAPSE_WAIT) != 0) 1514 vm_object_set_flag(backing_object, OBJ_DEAD); 1515 1516 /* 1517 * Our scan 1518 */ 1519 for (p = TAILQ_FIRST(&backing_object->memq); p != NULL; p = next) { 1520 next = TAILQ_NEXT(p, listq); 1521 new_pindex = p->pindex - backing_offset_index; 1522 1523 /* 1524 * Check for busy page 1525 */ 1526 if (vm_page_busied(p)) { 1527 next = vm_object_collapse_scan_wait(object, p, next, op); 1528 continue; 1529 } 1530 1531 KASSERT(p->object == backing_object, 1532 ("vm_object_collapse_scan: object mismatch")); 1533 1534 if (p->pindex < backing_offset_index || 1535 new_pindex >= object->size) { 1536 if (backing_object->type == OBJT_SWAP) 1537 swap_pager_freespace(backing_object, p->pindex, 1538 1); 1539 1540 /* 1541 * Page is out of the parent object's range, we can 1542 * simply destroy it. 1543 */ 1544 vm_page_lock(p); 1545 KASSERT(!pmap_page_is_mapped(p), 1546 ("freeing mapped page %p", p)); 1547 if (p->wire_count == 0) 1548 vm_page_free(p); 1549 else 1550 vm_page_remove(p); 1551 vm_page_unlock(p); 1552 continue; 1553 } 1554 1555 pp = vm_page_lookup(object, new_pindex); 1556 if (pp != NULL && vm_page_busied(pp)) { 1557 /* 1558 * The page in the parent is busy and possibly not 1559 * (yet) valid. Until its state is finalized by the 1560 * busy bit owner, we can't tell whether it shadows the 1561 * original page. Therefore, we must either skip it 1562 * and the original (backing_object) page or wait for 1563 * its state to be finalized. 1564 * 1565 * This is due to a race with vm_fault() where we must 1566 * unbusy the original (backing_obj) page before we can 1567 * (re)lock the parent. Hence we can get here. 1568 */ 1569 next = vm_object_collapse_scan_wait(object, pp, next, 1570 op); 1571 continue; 1572 } 1573 1574 KASSERT(pp == NULL || pp->valid != 0, 1575 ("unbusy invalid page %p", pp)); 1576 1577 if (pp != NULL || vm_pager_has_page(object, new_pindex, NULL, 1578 NULL)) { 1579 /* 1580 * The page already exists in the parent OR swap exists 1581 * for this location in the parent. Leave the parent's 1582 * page alone. Destroy the original page from the 1583 * backing object. 1584 */ 1585 if (backing_object->type == OBJT_SWAP) 1586 swap_pager_freespace(backing_object, p->pindex, 1587 1); 1588 vm_page_lock(p); 1589 KASSERT(!pmap_page_is_mapped(p), 1590 ("freeing mapped page %p", p)); 1591 if (p->wire_count == 0) 1592 vm_page_free(p); 1593 else 1594 vm_page_remove(p); 1595 vm_page_unlock(p); 1596 continue; 1597 } 1598 1599 /* 1600 * Page does not exist in parent, rename the page from the 1601 * backing object to the main object. 1602 * 1603 * If the page was mapped to a process, it can remain mapped 1604 * through the rename. vm_page_rename() will dirty the page. 1605 */ 1606 if (vm_page_rename(p, object, new_pindex)) { 1607 next = vm_object_collapse_scan_wait(object, NULL, next, 1608 op); 1609 continue; 1610 } 1611 1612 /* Use the old pindex to free the right page. */ 1613 if (backing_object->type == OBJT_SWAP) 1614 swap_pager_freespace(backing_object, 1615 new_pindex + backing_offset_index, 1); 1616 1617 #if VM_NRESERVLEVEL > 0 1618 /* 1619 * Rename the reservation. 1620 */ 1621 vm_reserv_rename(p, object, backing_object, 1622 backing_offset_index); 1623 #endif 1624 } 1625 return (true); 1626 } 1627 1628 1629 /* 1630 * this version of collapse allows the operation to occur earlier and 1631 * when paging_in_progress is true for an object... This is not a complete 1632 * operation, but should plug 99.9% of the rest of the leaks. 1633 */ 1634 static void 1635 vm_object_qcollapse(vm_object_t object) 1636 { 1637 vm_object_t backing_object = object->backing_object; 1638 1639 VM_OBJECT_ASSERT_WLOCKED(object); 1640 VM_OBJECT_ASSERT_WLOCKED(backing_object); 1641 1642 if (backing_object->ref_count != 1) 1643 return; 1644 1645 vm_object_collapse_scan(object, OBSC_COLLAPSE_NOWAIT); 1646 } 1647 1648 /* 1649 * vm_object_collapse: 1650 * 1651 * Collapse an object with the object backing it. 1652 * Pages in the backing object are moved into the 1653 * parent, and the backing object is deallocated. 1654 */ 1655 void 1656 vm_object_collapse(vm_object_t object) 1657 { 1658 vm_object_t backing_object, new_backing_object; 1659 1660 VM_OBJECT_ASSERT_WLOCKED(object); 1661 1662 while (TRUE) { 1663 /* 1664 * Verify that the conditions are right for collapse: 1665 * 1666 * The object exists and the backing object exists. 1667 */ 1668 if ((backing_object = object->backing_object) == NULL) 1669 break; 1670 1671 /* 1672 * we check the backing object first, because it is most likely 1673 * not collapsable. 1674 */ 1675 VM_OBJECT_WLOCK(backing_object); 1676 if (backing_object->handle != NULL || 1677 (backing_object->type != OBJT_DEFAULT && 1678 backing_object->type != OBJT_SWAP) || 1679 (backing_object->flags & OBJ_DEAD) || 1680 object->handle != NULL || 1681 (object->type != OBJT_DEFAULT && 1682 object->type != OBJT_SWAP) || 1683 (object->flags & OBJ_DEAD)) { 1684 VM_OBJECT_WUNLOCK(backing_object); 1685 break; 1686 } 1687 1688 if (object->paging_in_progress != 0 || 1689 backing_object->paging_in_progress != 0) { 1690 vm_object_qcollapse(object); 1691 VM_OBJECT_WUNLOCK(backing_object); 1692 break; 1693 } 1694 1695 /* 1696 * We know that we can either collapse the backing object (if 1697 * the parent is the only reference to it) or (perhaps) have 1698 * the parent bypass the object if the parent happens to shadow 1699 * all the resident pages in the entire backing object. 1700 * 1701 * This is ignoring pager-backed pages such as swap pages. 1702 * vm_object_collapse_scan fails the shadowing test in this 1703 * case. 1704 */ 1705 if (backing_object->ref_count == 1) { 1706 vm_object_pip_add(object, 1); 1707 vm_object_pip_add(backing_object, 1); 1708 1709 /* 1710 * If there is exactly one reference to the backing 1711 * object, we can collapse it into the parent. 1712 */ 1713 vm_object_collapse_scan(object, OBSC_COLLAPSE_WAIT); 1714 1715 #if VM_NRESERVLEVEL > 0 1716 /* 1717 * Break any reservations from backing_object. 1718 */ 1719 if (__predict_false(!LIST_EMPTY(&backing_object->rvq))) 1720 vm_reserv_break_all(backing_object); 1721 #endif 1722 1723 /* 1724 * Move the pager from backing_object to object. 1725 */ 1726 if (backing_object->type == OBJT_SWAP) { 1727 /* 1728 * swap_pager_copy() can sleep, in which case 1729 * the backing_object's and object's locks are 1730 * released and reacquired. 1731 * Since swap_pager_copy() is being asked to 1732 * destroy the source, it will change the 1733 * backing_object's type to OBJT_DEFAULT. 1734 */ 1735 swap_pager_copy( 1736 backing_object, 1737 object, 1738 OFF_TO_IDX(object->backing_object_offset), TRUE); 1739 } 1740 /* 1741 * Object now shadows whatever backing_object did. 1742 * Note that the reference to 1743 * backing_object->backing_object moves from within 1744 * backing_object to within object. 1745 */ 1746 LIST_REMOVE(object, shadow_list); 1747 backing_object->shadow_count--; 1748 if (backing_object->backing_object) { 1749 VM_OBJECT_WLOCK(backing_object->backing_object); 1750 LIST_REMOVE(backing_object, shadow_list); 1751 LIST_INSERT_HEAD( 1752 &backing_object->backing_object->shadow_head, 1753 object, shadow_list); 1754 /* 1755 * The shadow_count has not changed. 1756 */ 1757 VM_OBJECT_WUNLOCK(backing_object->backing_object); 1758 } 1759 object->backing_object = backing_object->backing_object; 1760 object->backing_object_offset += 1761 backing_object->backing_object_offset; 1762 1763 /* 1764 * Discard backing_object. 1765 * 1766 * Since the backing object has no pages, no pager left, 1767 * and no object references within it, all that is 1768 * necessary is to dispose of it. 1769 */ 1770 KASSERT(backing_object->ref_count == 1, ( 1771 "backing_object %p was somehow re-referenced during collapse!", 1772 backing_object)); 1773 vm_object_pip_wakeup(backing_object); 1774 backing_object->type = OBJT_DEAD; 1775 backing_object->ref_count = 0; 1776 VM_OBJECT_WUNLOCK(backing_object); 1777 vm_object_destroy(backing_object); 1778 1779 vm_object_pip_wakeup(object); 1780 object_collapses++; 1781 } else { 1782 /* 1783 * If we do not entirely shadow the backing object, 1784 * there is nothing we can do so we give up. 1785 */ 1786 if (object->resident_page_count != object->size && 1787 !vm_object_scan_all_shadowed(object)) { 1788 VM_OBJECT_WUNLOCK(backing_object); 1789 break; 1790 } 1791 1792 /* 1793 * Make the parent shadow the next object in the 1794 * chain. Deallocating backing_object will not remove 1795 * it, since its reference count is at least 2. 1796 */ 1797 LIST_REMOVE(object, shadow_list); 1798 backing_object->shadow_count--; 1799 1800 new_backing_object = backing_object->backing_object; 1801 if ((object->backing_object = new_backing_object) != NULL) { 1802 VM_OBJECT_WLOCK(new_backing_object); 1803 LIST_INSERT_HEAD( 1804 &new_backing_object->shadow_head, 1805 object, 1806 shadow_list 1807 ); 1808 new_backing_object->shadow_count++; 1809 vm_object_reference_locked(new_backing_object); 1810 VM_OBJECT_WUNLOCK(new_backing_object); 1811 object->backing_object_offset += 1812 backing_object->backing_object_offset; 1813 } 1814 1815 /* 1816 * Drop the reference count on backing_object. Since 1817 * its ref_count was at least 2, it will not vanish. 1818 */ 1819 backing_object->ref_count--; 1820 VM_OBJECT_WUNLOCK(backing_object); 1821 object_bypasses++; 1822 } 1823 1824 /* 1825 * Try again with this object's new backing object. 1826 */ 1827 } 1828 } 1829 1830 /* 1831 * vm_object_page_remove: 1832 * 1833 * For the given object, either frees or invalidates each of the 1834 * specified pages. In general, a page is freed. However, if a page is 1835 * wired for any reason other than the existence of a managed, wired 1836 * mapping, then it may be invalidated but not removed from the object. 1837 * Pages are specified by the given range ["start", "end") and the option 1838 * OBJPR_CLEANONLY. As a special case, if "end" is zero, then the range 1839 * extends from "start" to the end of the object. If the option 1840 * OBJPR_CLEANONLY is specified, then only the non-dirty pages within the 1841 * specified range are affected. If the option OBJPR_NOTMAPPED is 1842 * specified, then the pages within the specified range must have no 1843 * mappings. Otherwise, if this option is not specified, any mappings to 1844 * the specified pages are removed before the pages are freed or 1845 * invalidated. 1846 * 1847 * In general, this operation should only be performed on objects that 1848 * contain managed pages. There are, however, two exceptions. First, it 1849 * is performed on the kernel and kmem objects by vm_map_entry_delete(). 1850 * Second, it is used by msync(..., MS_INVALIDATE) to invalidate device- 1851 * backed pages. In both of these cases, the option OBJPR_CLEANONLY must 1852 * not be specified and the option OBJPR_NOTMAPPED must be specified. 1853 * 1854 * The object must be locked. 1855 */ 1856 void 1857 vm_object_page_remove(vm_object_t object, vm_pindex_t start, vm_pindex_t end, 1858 int options) 1859 { 1860 vm_page_t p, next; 1861 1862 VM_OBJECT_ASSERT_WLOCKED(object); 1863 KASSERT((object->flags & OBJ_UNMANAGED) == 0 || 1864 (options & (OBJPR_CLEANONLY | OBJPR_NOTMAPPED)) == OBJPR_NOTMAPPED, 1865 ("vm_object_page_remove: illegal options for object %p", object)); 1866 if (object->resident_page_count == 0) 1867 return; 1868 vm_object_pip_add(object, 1); 1869 again: 1870 p = vm_page_find_least(object, start); 1871 1872 /* 1873 * Here, the variable "p" is either (1) the page with the least pindex 1874 * greater than or equal to the parameter "start" or (2) NULL. 1875 */ 1876 for (; p != NULL && (p->pindex < end || end == 0); p = next) { 1877 next = TAILQ_NEXT(p, listq); 1878 1879 /* 1880 * If the page is wired for any reason besides the existence 1881 * of managed, wired mappings, then it cannot be freed. For 1882 * example, fictitious pages, which represent device memory, 1883 * are inherently wired and cannot be freed. They can, 1884 * however, be invalidated if the option OBJPR_CLEANONLY is 1885 * not specified. 1886 */ 1887 vm_page_lock(p); 1888 if (vm_page_xbusied(p)) { 1889 VM_OBJECT_WUNLOCK(object); 1890 vm_page_busy_sleep(p, "vmopax", true); 1891 VM_OBJECT_WLOCK(object); 1892 goto again; 1893 } 1894 if (p->wire_count != 0) { 1895 if ((options & OBJPR_NOTMAPPED) == 0) 1896 pmap_remove_all(p); 1897 if ((options & OBJPR_CLEANONLY) == 0) { 1898 p->valid = 0; 1899 vm_page_undirty(p); 1900 } 1901 goto next; 1902 } 1903 if (vm_page_busied(p)) { 1904 VM_OBJECT_WUNLOCK(object); 1905 vm_page_busy_sleep(p, "vmopar", false); 1906 VM_OBJECT_WLOCK(object); 1907 goto again; 1908 } 1909 KASSERT((p->flags & PG_FICTITIOUS) == 0, 1910 ("vm_object_page_remove: page %p is fictitious", p)); 1911 if ((options & OBJPR_CLEANONLY) != 0 && p->valid != 0) { 1912 if ((options & OBJPR_NOTMAPPED) == 0) 1913 pmap_remove_write(p); 1914 if (p->dirty) 1915 goto next; 1916 } 1917 if ((options & OBJPR_NOTMAPPED) == 0) 1918 pmap_remove_all(p); 1919 vm_page_free(p); 1920 next: 1921 vm_page_unlock(p); 1922 } 1923 vm_object_pip_wakeup(object); 1924 } 1925 1926 /* 1927 * vm_object_page_noreuse: 1928 * 1929 * For the given object, attempt to move the specified pages to 1930 * the head of the inactive queue. This bypasses regular LRU 1931 * operation and allows the pages to be reused quickly under memory 1932 * pressure. If a page is wired for any reason, then it will not 1933 * be queued. Pages are specified by the range ["start", "end"). 1934 * As a special case, if "end" is zero, then the range extends from 1935 * "start" to the end of the object. 1936 * 1937 * This operation should only be performed on objects that 1938 * contain non-fictitious, managed pages. 1939 * 1940 * The object must be locked. 1941 */ 1942 void 1943 vm_object_page_noreuse(vm_object_t object, vm_pindex_t start, vm_pindex_t end) 1944 { 1945 struct mtx *mtx, *new_mtx; 1946 vm_page_t p, next; 1947 1948 VM_OBJECT_ASSERT_LOCKED(object); 1949 KASSERT((object->flags & (OBJ_FICTITIOUS | OBJ_UNMANAGED)) == 0, 1950 ("vm_object_page_noreuse: illegal object %p", object)); 1951 if (object->resident_page_count == 0) 1952 return; 1953 p = vm_page_find_least(object, start); 1954 1955 /* 1956 * Here, the variable "p" is either (1) the page with the least pindex 1957 * greater than or equal to the parameter "start" or (2) NULL. 1958 */ 1959 mtx = NULL; 1960 for (; p != NULL && (p->pindex < end || end == 0); p = next) { 1961 next = TAILQ_NEXT(p, listq); 1962 1963 /* 1964 * Avoid releasing and reacquiring the same page lock. 1965 */ 1966 new_mtx = vm_page_lockptr(p); 1967 if (mtx != new_mtx) { 1968 if (mtx != NULL) 1969 mtx_unlock(mtx); 1970 mtx = new_mtx; 1971 mtx_lock(mtx); 1972 } 1973 vm_page_deactivate_noreuse(p); 1974 } 1975 if (mtx != NULL) 1976 mtx_unlock(mtx); 1977 } 1978 1979 /* 1980 * Populate the specified range of the object with valid pages. Returns 1981 * TRUE if the range is successfully populated and FALSE otherwise. 1982 * 1983 * Note: This function should be optimized to pass a larger array of 1984 * pages to vm_pager_get_pages() before it is applied to a non- 1985 * OBJT_DEVICE object. 1986 * 1987 * The object must be locked. 1988 */ 1989 boolean_t 1990 vm_object_populate(vm_object_t object, vm_pindex_t start, vm_pindex_t end) 1991 { 1992 vm_page_t m; 1993 vm_pindex_t pindex; 1994 int rv; 1995 1996 VM_OBJECT_ASSERT_WLOCKED(object); 1997 for (pindex = start; pindex < end; pindex++) { 1998 m = vm_page_grab(object, pindex, VM_ALLOC_NORMAL); 1999 if (m->valid != VM_PAGE_BITS_ALL) { 2000 rv = vm_pager_get_pages(object, &m, 1, NULL, NULL); 2001 if (rv != VM_PAGER_OK) { 2002 vm_page_lock(m); 2003 vm_page_free(m); 2004 vm_page_unlock(m); 2005 break; 2006 } 2007 } 2008 /* 2009 * Keep "m" busy because a subsequent iteration may unlock 2010 * the object. 2011 */ 2012 } 2013 if (pindex > start) { 2014 m = vm_page_lookup(object, start); 2015 while (m != NULL && m->pindex < pindex) { 2016 vm_page_xunbusy(m); 2017 m = TAILQ_NEXT(m, listq); 2018 } 2019 } 2020 return (pindex == end); 2021 } 2022 2023 /* 2024 * Routine: vm_object_coalesce 2025 * Function: Coalesces two objects backing up adjoining 2026 * regions of memory into a single object. 2027 * 2028 * returns TRUE if objects were combined. 2029 * 2030 * NOTE: Only works at the moment if the second object is NULL - 2031 * if it's not, which object do we lock first? 2032 * 2033 * Parameters: 2034 * prev_object First object to coalesce 2035 * prev_offset Offset into prev_object 2036 * prev_size Size of reference to prev_object 2037 * next_size Size of reference to the second object 2038 * reserved Indicator that extension region has 2039 * swap accounted for 2040 * 2041 * Conditions: 2042 * The object must *not* be locked. 2043 */ 2044 boolean_t 2045 vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset, 2046 vm_size_t prev_size, vm_size_t next_size, boolean_t reserved) 2047 { 2048 vm_pindex_t next_pindex; 2049 2050 if (prev_object == NULL) 2051 return (TRUE); 2052 VM_OBJECT_WLOCK(prev_object); 2053 if ((prev_object->type != OBJT_DEFAULT && 2054 prev_object->type != OBJT_SWAP) || 2055 (prev_object->flags & OBJ_TMPFS_NODE) != 0) { 2056 VM_OBJECT_WUNLOCK(prev_object); 2057 return (FALSE); 2058 } 2059 2060 /* 2061 * Try to collapse the object first 2062 */ 2063 vm_object_collapse(prev_object); 2064 2065 /* 2066 * Can't coalesce if: . more than one reference . paged out . shadows 2067 * another object . has a copy elsewhere (any of which mean that the 2068 * pages not mapped to prev_entry may be in use anyway) 2069 */ 2070 if (prev_object->backing_object != NULL) { 2071 VM_OBJECT_WUNLOCK(prev_object); 2072 return (FALSE); 2073 } 2074 2075 prev_size >>= PAGE_SHIFT; 2076 next_size >>= PAGE_SHIFT; 2077 next_pindex = OFF_TO_IDX(prev_offset) + prev_size; 2078 2079 if ((prev_object->ref_count > 1) && 2080 (prev_object->size != next_pindex)) { 2081 VM_OBJECT_WUNLOCK(prev_object); 2082 return (FALSE); 2083 } 2084 2085 /* 2086 * Account for the charge. 2087 */ 2088 if (prev_object->cred != NULL) { 2089 2090 /* 2091 * If prev_object was charged, then this mapping, 2092 * although not charged now, may become writable 2093 * later. Non-NULL cred in the object would prevent 2094 * swap reservation during enabling of the write 2095 * access, so reserve swap now. Failed reservation 2096 * cause allocation of the separate object for the map 2097 * entry, and swap reservation for this entry is 2098 * managed in appropriate time. 2099 */ 2100 if (!reserved && !swap_reserve_by_cred(ptoa(next_size), 2101 prev_object->cred)) { 2102 VM_OBJECT_WUNLOCK(prev_object); 2103 return (FALSE); 2104 } 2105 prev_object->charge += ptoa(next_size); 2106 } 2107 2108 /* 2109 * Remove any pages that may still be in the object from a previous 2110 * deallocation. 2111 */ 2112 if (next_pindex < prev_object->size) { 2113 vm_object_page_remove(prev_object, next_pindex, next_pindex + 2114 next_size, 0); 2115 if (prev_object->type == OBJT_SWAP) 2116 swap_pager_freespace(prev_object, 2117 next_pindex, next_size); 2118 #if 0 2119 if (prev_object->cred != NULL) { 2120 KASSERT(prev_object->charge >= 2121 ptoa(prev_object->size - next_pindex), 2122 ("object %p overcharged 1 %jx %jx", prev_object, 2123 (uintmax_t)next_pindex, (uintmax_t)next_size)); 2124 prev_object->charge -= ptoa(prev_object->size - 2125 next_pindex); 2126 } 2127 #endif 2128 } 2129 2130 /* 2131 * Extend the object if necessary. 2132 */ 2133 if (next_pindex + next_size > prev_object->size) 2134 prev_object->size = next_pindex + next_size; 2135 2136 VM_OBJECT_WUNLOCK(prev_object); 2137 return (TRUE); 2138 } 2139 2140 void 2141 vm_object_set_writeable_dirty(vm_object_t object) 2142 { 2143 2144 VM_OBJECT_ASSERT_WLOCKED(object); 2145 if (object->type != OBJT_VNODE) { 2146 if ((object->flags & OBJ_TMPFS_NODE) != 0) { 2147 KASSERT(object->type == OBJT_SWAP, ("non-swap tmpfs")); 2148 vm_object_set_flag(object, OBJ_TMPFS_DIRTY); 2149 } 2150 return; 2151 } 2152 object->generation++; 2153 if ((object->flags & OBJ_MIGHTBEDIRTY) != 0) 2154 return; 2155 vm_object_set_flag(object, OBJ_MIGHTBEDIRTY); 2156 } 2157 2158 /* 2159 * vm_object_unwire: 2160 * 2161 * For each page offset within the specified range of the given object, 2162 * find the highest-level page in the shadow chain and unwire it. A page 2163 * must exist at every page offset, and the highest-level page must be 2164 * wired. 2165 */ 2166 void 2167 vm_object_unwire(vm_object_t object, vm_ooffset_t offset, vm_size_t length, 2168 uint8_t queue) 2169 { 2170 vm_object_t tobject; 2171 vm_page_t m, tm; 2172 vm_pindex_t end_pindex, pindex, tpindex; 2173 int depth, locked_depth; 2174 2175 KASSERT((offset & PAGE_MASK) == 0, 2176 ("vm_object_unwire: offset is not page aligned")); 2177 KASSERT((length & PAGE_MASK) == 0, 2178 ("vm_object_unwire: length is not a multiple of PAGE_SIZE")); 2179 /* The wired count of a fictitious page never changes. */ 2180 if ((object->flags & OBJ_FICTITIOUS) != 0) 2181 return; 2182 pindex = OFF_TO_IDX(offset); 2183 end_pindex = pindex + atop(length); 2184 locked_depth = 1; 2185 VM_OBJECT_RLOCK(object); 2186 m = vm_page_find_least(object, pindex); 2187 while (pindex < end_pindex) { 2188 if (m == NULL || pindex < m->pindex) { 2189 /* 2190 * The first object in the shadow chain doesn't 2191 * contain a page at the current index. Therefore, 2192 * the page must exist in a backing object. 2193 */ 2194 tobject = object; 2195 tpindex = pindex; 2196 depth = 0; 2197 do { 2198 tpindex += 2199 OFF_TO_IDX(tobject->backing_object_offset); 2200 tobject = tobject->backing_object; 2201 KASSERT(tobject != NULL, 2202 ("vm_object_unwire: missing page")); 2203 if ((tobject->flags & OBJ_FICTITIOUS) != 0) 2204 goto next_page; 2205 depth++; 2206 if (depth == locked_depth) { 2207 locked_depth++; 2208 VM_OBJECT_RLOCK(tobject); 2209 } 2210 } while ((tm = vm_page_lookup(tobject, tpindex)) == 2211 NULL); 2212 } else { 2213 tm = m; 2214 m = TAILQ_NEXT(m, listq); 2215 } 2216 vm_page_lock(tm); 2217 vm_page_unwire(tm, queue); 2218 vm_page_unlock(tm); 2219 next_page: 2220 pindex++; 2221 } 2222 /* Release the accumulated object locks. */ 2223 for (depth = 0; depth < locked_depth; depth++) { 2224 tobject = object->backing_object; 2225 VM_OBJECT_RUNLOCK(object); 2226 object = tobject; 2227 } 2228 } 2229 2230 struct vnode * 2231 vm_object_vnode(vm_object_t object) 2232 { 2233 2234 VM_OBJECT_ASSERT_LOCKED(object); 2235 if (object->type == OBJT_VNODE) 2236 return (object->handle); 2237 if (object->type == OBJT_SWAP && (object->flags & OBJ_TMPFS) != 0) 2238 return (object->un_pager.swp.swp_tmpfs); 2239 return (NULL); 2240 } 2241 2242 static int 2243 sysctl_vm_object_list(SYSCTL_HANDLER_ARGS) 2244 { 2245 struct kinfo_vmobject kvo; 2246 char *fullpath, *freepath; 2247 struct vnode *vp; 2248 struct vattr va; 2249 vm_object_t obj; 2250 vm_page_t m; 2251 int count, error; 2252 2253 if (req->oldptr == NULL) { 2254 /* 2255 * If an old buffer has not been provided, generate an 2256 * estimate of the space needed for a subsequent call. 2257 */ 2258 mtx_lock(&vm_object_list_mtx); 2259 count = 0; 2260 TAILQ_FOREACH(obj, &vm_object_list, object_list) { 2261 if (obj->type == OBJT_DEAD) 2262 continue; 2263 count++; 2264 } 2265 mtx_unlock(&vm_object_list_mtx); 2266 return (SYSCTL_OUT(req, NULL, sizeof(struct kinfo_vmobject) * 2267 count * 11 / 10)); 2268 } 2269 2270 error = 0; 2271 2272 /* 2273 * VM objects are type stable and are never removed from the 2274 * list once added. This allows us to safely read obj->object_list 2275 * after reacquiring the VM object lock. 2276 */ 2277 mtx_lock(&vm_object_list_mtx); 2278 TAILQ_FOREACH(obj, &vm_object_list, object_list) { 2279 if (obj->type == OBJT_DEAD) 2280 continue; 2281 VM_OBJECT_RLOCK(obj); 2282 if (obj->type == OBJT_DEAD) { 2283 VM_OBJECT_RUNLOCK(obj); 2284 continue; 2285 } 2286 mtx_unlock(&vm_object_list_mtx); 2287 kvo.kvo_size = ptoa(obj->size); 2288 kvo.kvo_resident = obj->resident_page_count; 2289 kvo.kvo_ref_count = obj->ref_count; 2290 kvo.kvo_shadow_count = obj->shadow_count; 2291 kvo.kvo_memattr = obj->memattr; 2292 kvo.kvo_active = 0; 2293 kvo.kvo_inactive = 0; 2294 TAILQ_FOREACH(m, &obj->memq, listq) { 2295 /* 2296 * A page may belong to the object but be 2297 * dequeued and set to PQ_NONE while the 2298 * object lock is not held. This makes the 2299 * reads of m->queue below racy, and we do not 2300 * count pages set to PQ_NONE. However, this 2301 * sysctl is only meant to give an 2302 * approximation of the system anyway. 2303 */ 2304 if (vm_page_active(m)) 2305 kvo.kvo_active++; 2306 else if (vm_page_inactive(m)) 2307 kvo.kvo_inactive++; 2308 } 2309 2310 kvo.kvo_vn_fileid = 0; 2311 kvo.kvo_vn_fsid = 0; 2312 freepath = NULL; 2313 fullpath = ""; 2314 vp = NULL; 2315 switch (obj->type) { 2316 case OBJT_DEFAULT: 2317 kvo.kvo_type = KVME_TYPE_DEFAULT; 2318 break; 2319 case OBJT_VNODE: 2320 kvo.kvo_type = KVME_TYPE_VNODE; 2321 vp = obj->handle; 2322 vref(vp); 2323 break; 2324 case OBJT_SWAP: 2325 kvo.kvo_type = KVME_TYPE_SWAP; 2326 break; 2327 case OBJT_DEVICE: 2328 kvo.kvo_type = KVME_TYPE_DEVICE; 2329 break; 2330 case OBJT_PHYS: 2331 kvo.kvo_type = KVME_TYPE_PHYS; 2332 break; 2333 case OBJT_DEAD: 2334 kvo.kvo_type = KVME_TYPE_DEAD; 2335 break; 2336 case OBJT_SG: 2337 kvo.kvo_type = KVME_TYPE_SG; 2338 break; 2339 case OBJT_MGTDEVICE: 2340 kvo.kvo_type = KVME_TYPE_MGTDEVICE; 2341 break; 2342 default: 2343 kvo.kvo_type = KVME_TYPE_UNKNOWN; 2344 break; 2345 } 2346 VM_OBJECT_RUNLOCK(obj); 2347 if (vp != NULL) { 2348 vn_fullpath(curthread, vp, &fullpath, &freepath); 2349 vn_lock(vp, LK_SHARED | LK_RETRY); 2350 if (VOP_GETATTR(vp, &va, curthread->td_ucred) == 0) { 2351 kvo.kvo_vn_fileid = va.va_fileid; 2352 kvo.kvo_vn_fsid = va.va_fsid; 2353 } 2354 vput(vp); 2355 } 2356 2357 strlcpy(kvo.kvo_path, fullpath, sizeof(kvo.kvo_path)); 2358 if (freepath != NULL) 2359 free(freepath, M_TEMP); 2360 2361 /* Pack record size down */ 2362 kvo.kvo_structsize = offsetof(struct kinfo_vmobject, kvo_path) + 2363 strlen(kvo.kvo_path) + 1; 2364 kvo.kvo_structsize = roundup(kvo.kvo_structsize, 2365 sizeof(uint64_t)); 2366 error = SYSCTL_OUT(req, &kvo, kvo.kvo_structsize); 2367 mtx_lock(&vm_object_list_mtx); 2368 if (error) 2369 break; 2370 } 2371 mtx_unlock(&vm_object_list_mtx); 2372 return (error); 2373 } 2374 SYSCTL_PROC(_vm, OID_AUTO, objects, CTLTYPE_STRUCT | CTLFLAG_RW | CTLFLAG_SKIP | 2375 CTLFLAG_MPSAFE, NULL, 0, sysctl_vm_object_list, "S,kinfo_vmobject", 2376 "List of VM objects"); 2377 2378 #include "opt_ddb.h" 2379 #ifdef DDB 2380 #include <sys/kernel.h> 2381 2382 #include <sys/cons.h> 2383 2384 #include <ddb/ddb.h> 2385 2386 static int 2387 _vm_object_in_map(vm_map_t map, vm_object_t object, vm_map_entry_t entry) 2388 { 2389 vm_map_t tmpm; 2390 vm_map_entry_t tmpe; 2391 vm_object_t obj; 2392 int entcount; 2393 2394 if (map == 0) 2395 return 0; 2396 2397 if (entry == 0) { 2398 tmpe = map->header.next; 2399 entcount = map->nentries; 2400 while (entcount-- && (tmpe != &map->header)) { 2401 if (_vm_object_in_map(map, object, tmpe)) { 2402 return 1; 2403 } 2404 tmpe = tmpe->next; 2405 } 2406 } else if (entry->eflags & MAP_ENTRY_IS_SUB_MAP) { 2407 tmpm = entry->object.sub_map; 2408 tmpe = tmpm->header.next; 2409 entcount = tmpm->nentries; 2410 while (entcount-- && tmpe != &tmpm->header) { 2411 if (_vm_object_in_map(tmpm, object, tmpe)) { 2412 return 1; 2413 } 2414 tmpe = tmpe->next; 2415 } 2416 } else if ((obj = entry->object.vm_object) != NULL) { 2417 for (; obj; obj = obj->backing_object) 2418 if (obj == object) { 2419 return 1; 2420 } 2421 } 2422 return 0; 2423 } 2424 2425 static int 2426 vm_object_in_map(vm_object_t object) 2427 { 2428 struct proc *p; 2429 2430 /* sx_slock(&allproc_lock); */ 2431 FOREACH_PROC_IN_SYSTEM(p) { 2432 if (!p->p_vmspace /* || (p->p_flag & (P_SYSTEM|P_WEXIT)) */) 2433 continue; 2434 if (_vm_object_in_map(&p->p_vmspace->vm_map, object, 0)) { 2435 /* sx_sunlock(&allproc_lock); */ 2436 return 1; 2437 } 2438 } 2439 /* sx_sunlock(&allproc_lock); */ 2440 if (_vm_object_in_map(kernel_map, object, 0)) 2441 return 1; 2442 return 0; 2443 } 2444 2445 DB_SHOW_COMMAND(vmochk, vm_object_check) 2446 { 2447 vm_object_t object; 2448 2449 /* 2450 * make sure that internal objs are in a map somewhere 2451 * and none have zero ref counts. 2452 */ 2453 TAILQ_FOREACH(object, &vm_object_list, object_list) { 2454 if (object->handle == NULL && 2455 (object->type == OBJT_DEFAULT || object->type == OBJT_SWAP)) { 2456 if (object->ref_count == 0) { 2457 db_printf("vmochk: internal obj has zero ref count: %ld\n", 2458 (long)object->size); 2459 } 2460 if (!vm_object_in_map(object)) { 2461 db_printf( 2462 "vmochk: internal obj is not in a map: " 2463 "ref: %d, size: %lu: 0x%lx, backing_object: %p\n", 2464 object->ref_count, (u_long)object->size, 2465 (u_long)object->size, 2466 (void *)object->backing_object); 2467 } 2468 } 2469 } 2470 } 2471 2472 /* 2473 * vm_object_print: [ debug ] 2474 */ 2475 DB_SHOW_COMMAND(object, vm_object_print_static) 2476 { 2477 /* XXX convert args. */ 2478 vm_object_t object = (vm_object_t)addr; 2479 boolean_t full = have_addr; 2480 2481 vm_page_t p; 2482 2483 /* XXX count is an (unused) arg. Avoid shadowing it. */ 2484 #define count was_count 2485 2486 int count; 2487 2488 if (object == NULL) 2489 return; 2490 2491 db_iprintf( 2492 "Object %p: type=%d, size=0x%jx, res=%d, ref=%d, flags=0x%x ruid %d charge %jx\n", 2493 object, (int)object->type, (uintmax_t)object->size, 2494 object->resident_page_count, object->ref_count, object->flags, 2495 object->cred ? object->cred->cr_ruid : -1, (uintmax_t)object->charge); 2496 db_iprintf(" sref=%d, backing_object(%d)=(%p)+0x%jx\n", 2497 object->shadow_count, 2498 object->backing_object ? object->backing_object->ref_count : 0, 2499 object->backing_object, (uintmax_t)object->backing_object_offset); 2500 2501 if (!full) 2502 return; 2503 2504 db_indent += 2; 2505 count = 0; 2506 TAILQ_FOREACH(p, &object->memq, listq) { 2507 if (count == 0) 2508 db_iprintf("memory:="); 2509 else if (count == 6) { 2510 db_printf("\n"); 2511 db_iprintf(" ..."); 2512 count = 0; 2513 } else 2514 db_printf(","); 2515 count++; 2516 2517 db_printf("(off=0x%jx,page=0x%jx)", 2518 (uintmax_t)p->pindex, (uintmax_t)VM_PAGE_TO_PHYS(p)); 2519 } 2520 if (count != 0) 2521 db_printf("\n"); 2522 db_indent -= 2; 2523 } 2524 2525 /* XXX. */ 2526 #undef count 2527 2528 /* XXX need this non-static entry for calling from vm_map_print. */ 2529 void 2530 vm_object_print( 2531 /* db_expr_t */ long addr, 2532 boolean_t have_addr, 2533 /* db_expr_t */ long count, 2534 char *modif) 2535 { 2536 vm_object_print_static(addr, have_addr, count, modif); 2537 } 2538 2539 DB_SHOW_COMMAND(vmopag, vm_object_print_pages) 2540 { 2541 vm_object_t object; 2542 vm_pindex_t fidx; 2543 vm_paddr_t pa; 2544 vm_page_t m, prev_m; 2545 int rcount, nl, c; 2546 2547 nl = 0; 2548 TAILQ_FOREACH(object, &vm_object_list, object_list) { 2549 db_printf("new object: %p\n", (void *)object); 2550 if (nl > 18) { 2551 c = cngetc(); 2552 if (c != ' ') 2553 return; 2554 nl = 0; 2555 } 2556 nl++; 2557 rcount = 0; 2558 fidx = 0; 2559 pa = -1; 2560 TAILQ_FOREACH(m, &object->memq, listq) { 2561 if (m->pindex > 128) 2562 break; 2563 if ((prev_m = TAILQ_PREV(m, pglist, listq)) != NULL && 2564 prev_m->pindex + 1 != m->pindex) { 2565 if (rcount) { 2566 db_printf(" index(%ld)run(%d)pa(0x%lx)\n", 2567 (long)fidx, rcount, (long)pa); 2568 if (nl > 18) { 2569 c = cngetc(); 2570 if (c != ' ') 2571 return; 2572 nl = 0; 2573 } 2574 nl++; 2575 rcount = 0; 2576 } 2577 } 2578 if (rcount && 2579 (VM_PAGE_TO_PHYS(m) == pa + rcount * PAGE_SIZE)) { 2580 ++rcount; 2581 continue; 2582 } 2583 if (rcount) { 2584 db_printf(" index(%ld)run(%d)pa(0x%lx)\n", 2585 (long)fidx, rcount, (long)pa); 2586 if (nl > 18) { 2587 c = cngetc(); 2588 if (c != ' ') 2589 return; 2590 nl = 0; 2591 } 2592 nl++; 2593 } 2594 fidx = m->pindex; 2595 pa = VM_PAGE_TO_PHYS(m); 2596 rcount = 1; 2597 } 2598 if (rcount) { 2599 db_printf(" index(%ld)run(%d)pa(0x%lx)\n", 2600 (long)fidx, rcount, (long)pa); 2601 if (nl > 18) { 2602 c = cngetc(); 2603 if (c != ' ') 2604 return; 2605 nl = 0; 2606 } 2607 nl++; 2608 } 2609 } 2610 } 2611 #endif /* DDB */
Cache object: cc5606ba3df00e2daf23096bc22600bc
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]