2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
12 * Copyright (c) 2014 Andrew Turner
13 * All rights reserved.
14 * Copyright (c) 2014-2016 The FreeBSD Foundation
15 * All rights reserved.
17 * This code is derived from software contributed to Berkeley by
18 * the Systems Programming Group of the University of Utah Computer
19 * Science Department and William Jolitz of UUNET Technologies Inc.
21 * This software was developed by Andrew Turner under sponsorship from
22 * the FreeBSD Foundation.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in the
31 * documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 * must display the following acknowledgement:
34 * This product includes software developed by the University of
35 * California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
55 * Copyright (c) 2003 Networks Associates Technology, Inc.
56 * All rights reserved.
58 * This software was developed for the FreeBSD Project by Jake Burkholder,
59 * Safeport Network Services, and Network Associates Laboratories, the
60 * Security Research Division of Network Associates, Inc. under
61 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
62 * CHATS research program.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #include <sys/cdefs.h>
87 __FBSDID("$FreeBSD$");
90 * Manages physical address maps.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
110 #include <sys/param.h>
111 #include <sys/bitstring.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
116 #include <sys/limits.h>
117 #include <sys/lock.h>
118 #include <sys/malloc.h>
119 #include <sys/mman.h>
120 #include <sys/msgbuf.h>
121 #include <sys/mutex.h>
122 #include <sys/physmem.h>
123 #include <sys/proc.h>
124 #include <sys/rwlock.h>
125 #include <sys/sbuf.h>
127 #include <sys/vmem.h>
128 #include <sys/vmmeter.h>
129 #include <sys/sched.h>
130 #include <sys/sysctl.h>
131 #include <sys/_unrhdr.h>
135 #include <vm/vm_param.h>
136 #include <vm/vm_kern.h>
137 #include <vm/vm_page.h>
138 #include <vm/vm_map.h>
139 #include <vm/vm_object.h>
140 #include <vm/vm_extern.h>
141 #include <vm/vm_pageout.h>
142 #include <vm/vm_pager.h>
143 #include <vm/vm_phys.h>
144 #include <vm/vm_radix.h>
145 #include <vm/vm_reserv.h>
148 #include <machine/machdep.h>
149 #include <machine/md_var.h>
150 #include <machine/pcb.h>
152 #define PMAP_ASSERT_STAGE1(pmap) MPASS((pmap)->pm_stage == PM_STAGE1)
153 #define PMAP_ASSERT_STAGE2(pmap) MPASS((pmap)->pm_stage == PM_STAGE2)
155 #define NL0PG (PAGE_SIZE/(sizeof (pd_entry_t)))
156 #define NL1PG (PAGE_SIZE/(sizeof (pd_entry_t)))
157 #define NL2PG (PAGE_SIZE/(sizeof (pd_entry_t)))
158 #define NL3PG (PAGE_SIZE/(sizeof (pt_entry_t)))
160 #define NUL0E L0_ENTRIES
161 #define NUL1E (NUL0E * NL1PG)
162 #define NUL2E (NUL1E * NL2PG)
164 #if !defined(DIAGNOSTIC)
165 #ifdef __GNUC_GNU_INLINE__
166 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
168 #define PMAP_INLINE extern inline
175 #define PV_STAT(x) do { x ; } while (0)
177 #define PV_STAT(x) do { } while (0)
180 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
181 #define pa_to_pvh(pa) (&pv_table[pmap_l2_pindex(pa)])
183 #define NPV_LIST_LOCKS MAXCPU
185 #define PHYS_TO_PV_LIST_LOCK(pa) \
186 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
188 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
189 struct rwlock **_lockp = (lockp); \
190 struct rwlock *_new_lock; \
192 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
193 if (_new_lock != *_lockp) { \
194 if (*_lockp != NULL) \
195 rw_wunlock(*_lockp); \
196 *_lockp = _new_lock; \
201 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
202 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
204 #define RELEASE_PV_LIST_LOCK(lockp) do { \
205 struct rwlock **_lockp = (lockp); \
207 if (*_lockp != NULL) { \
208 rw_wunlock(*_lockp); \
213 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
214 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
217 * The presence of this flag indicates that the mapping is writeable.
218 * If the ATTR_S1_AP_RO bit is also set, then the mapping is clean, otherwise
219 * it is dirty. This flag may only be set on managed mappings.
221 * The DBM bit is reserved on ARMv8.0 but it seems we can safely treat it
222 * as a software managed bit.
224 #define ATTR_SW_DBM ATTR_DBM
226 struct pmap kernel_pmap_store;
228 /* Used for mapping ACPI memory before VM is initialized */
229 #define PMAP_PREINIT_MAPPING_COUNT 32
230 #define PMAP_PREINIT_MAPPING_SIZE (PMAP_PREINIT_MAPPING_COUNT * L2_SIZE)
231 static vm_offset_t preinit_map_va; /* Start VA of pre-init mapping space */
232 static int vm_initialized = 0; /* No need to use pre-init maps when set */
235 * Reserve a few L2 blocks starting from 'preinit_map_va' pointer.
236 * Always map entire L2 block for simplicity.
237 * VA of L2 block = preinit_map_va + i * L2_SIZE
239 static struct pmap_preinit_mapping {
243 } pmap_preinit_mapping[PMAP_PREINIT_MAPPING_COUNT];
245 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
246 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
247 vm_offset_t kernel_vm_end = 0;
250 * Data for the pv entry allocation mechanism.
252 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
253 static struct mtx pv_chunks_mutex;
254 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
255 static struct md_page *pv_table;
256 static struct md_page pv_dummy;
258 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
259 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
260 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
262 /* This code assumes all L1 DMAP entries will be used */
263 CTASSERT((DMAP_MIN_ADDRESS & ~L0_OFFSET) == DMAP_MIN_ADDRESS);
264 CTASSERT((DMAP_MAX_ADDRESS & ~L0_OFFSET) == DMAP_MAX_ADDRESS);
266 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
267 extern pt_entry_t pagetable_dmap[];
269 #define PHYSMAP_SIZE (2 * (VM_PHYSSEG_MAX - 1))
270 static vm_paddr_t physmap[PHYSMAP_SIZE];
271 static u_int physmap_idx;
273 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
274 "VM/pmap parameters");
277 * This ASID allocator uses a bit vector ("asid_set") to remember which ASIDs
278 * that it has currently allocated to a pmap, a cursor ("asid_next") to
279 * optimize its search for a free ASID in the bit vector, and an epoch number
280 * ("asid_epoch") to indicate when it has reclaimed all previously allocated
281 * ASIDs that are not currently active on a processor.
283 * The current epoch number is always in the range [0, INT_MAX). Negative
284 * numbers and INT_MAX are reserved for special cases that are described
293 struct mtx asid_set_mutex;
296 static struct asid_set asids;
297 static struct asid_set vmids;
299 static SYSCTL_NODE(_vm_pmap, OID_AUTO, asid, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
301 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, bits, CTLFLAG_RD, &asids.asid_bits, 0,
302 "The number of bits in an ASID");
303 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, next, CTLFLAG_RD, &asids.asid_next, 0,
304 "The last allocated ASID plus one");
305 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, epoch, CTLFLAG_RD, &asids.asid_epoch, 0,
306 "The current epoch number");
308 static SYSCTL_NODE(_vm_pmap, OID_AUTO, vmid, CTLFLAG_RD, 0, "VMID allocator");
309 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, bits, CTLFLAG_RD, &vmids.asid_bits, 0,
310 "The number of bits in an VMID");
311 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, next, CTLFLAG_RD, &vmids.asid_next, 0,
312 "The last allocated VMID plus one");
313 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, epoch, CTLFLAG_RD, &vmids.asid_epoch, 0,
314 "The current epoch number");
316 void (*pmap_clean_stage2_tlbi)(void);
317 void (*pmap_invalidate_vpipt_icache)(void);
320 * A pmap's cookie encodes an ASID and epoch number. Cookies for reserved
321 * ASIDs have a negative epoch number, specifically, INT_MIN. Cookies for
322 * dynamically allocated ASIDs have a non-negative epoch number.
324 * An invalid ASID is represented by -1.
326 * There are two special-case cookie values: (1) COOKIE_FROM(-1, INT_MIN),
327 * which indicates that an ASID should never be allocated to the pmap, and
328 * (2) COOKIE_FROM(-1, INT_MAX), which indicates that an ASID should be
329 * allocated when the pmap is next activated.
331 #define COOKIE_FROM(asid, epoch) ((long)((u_int)(asid) | \
332 ((u_long)(epoch) << 32)))
333 #define COOKIE_TO_ASID(cookie) ((int)(cookie))
334 #define COOKIE_TO_EPOCH(cookie) ((int)((u_long)(cookie) >> 32))
336 static int superpages_enabled = 1;
337 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
338 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &superpages_enabled, 0,
339 "Are large page mappings enabled?");
342 * Internal flags for pmap_enter()'s helper functions.
344 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
345 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
347 static void free_pv_chunk(struct pv_chunk *pc);
348 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
349 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
350 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
351 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
352 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
355 static void pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte);
356 static bool pmap_activate_int(pmap_t pmap);
357 static void pmap_alloc_asid(pmap_t pmap);
358 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode);
359 static pt_entry_t *pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va);
360 static pt_entry_t *pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2,
361 vm_offset_t va, struct rwlock **lockp);
362 static pt_entry_t *pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va);
363 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
364 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
365 static int pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2,
366 u_int flags, vm_page_t m, struct rwlock **lockp);
367 static int pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
368 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp);
369 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
370 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp);
371 static void pmap_reset_asid_set(pmap_t pmap);
372 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
373 vm_page_t m, struct rwlock **lockp);
375 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
376 struct rwlock **lockp);
378 static void _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m,
379 struct spglist *free);
380 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
381 static __inline vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
384 * These load the old table data and store the new value.
385 * They need to be atomic as the System MMU may write to the table at
386 * the same time as the CPU.
388 #define pmap_clear(table) atomic_store_64(table, 0)
389 #define pmap_clear_bits(table, bits) atomic_clear_64(table, bits)
390 #define pmap_load(table) (*table)
391 #define pmap_load_clear(table) atomic_swap_64(table, 0)
392 #define pmap_load_store(table, entry) atomic_swap_64(table, entry)
393 #define pmap_set_bits(table, bits) atomic_set_64(table, bits)
394 #define pmap_store(table, entry) atomic_store_64(table, entry)
396 /********************/
397 /* Inline functions */
398 /********************/
401 pagecopy(void *s, void *d)
404 memcpy(d, s, PAGE_SIZE);
407 static __inline pd_entry_t *
408 pmap_l0(pmap_t pmap, vm_offset_t va)
411 return (&pmap->pm_l0[pmap_l0_index(va)]);
414 static __inline pd_entry_t *
415 pmap_l0_to_l1(pd_entry_t *l0, vm_offset_t va)
419 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
420 return (&l1[pmap_l1_index(va)]);
423 static __inline pd_entry_t *
424 pmap_l1(pmap_t pmap, vm_offset_t va)
428 l0 = pmap_l0(pmap, va);
429 if ((pmap_load(l0) & ATTR_DESCR_MASK) != L0_TABLE)
432 return (pmap_l0_to_l1(l0, va));
435 static __inline pd_entry_t *
436 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
440 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
441 return (&l2[pmap_l2_index(va)]);
444 static __inline pd_entry_t *
445 pmap_l2(pmap_t pmap, vm_offset_t va)
449 l1 = pmap_l1(pmap, va);
450 if ((pmap_load(l1) & ATTR_DESCR_MASK) != L1_TABLE)
453 return (pmap_l1_to_l2(l1, va));
456 static __inline pt_entry_t *
457 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
461 l3 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l2) & ~ATTR_MASK);
462 return (&l3[pmap_l3_index(va)]);
466 * Returns the lowest valid pde for a given virtual address.
467 * The next level may or may not point to a valid page or block.
469 static __inline pd_entry_t *
470 pmap_pde(pmap_t pmap, vm_offset_t va, int *level)
472 pd_entry_t *l0, *l1, *l2, desc;
474 l0 = pmap_l0(pmap, va);
475 desc = pmap_load(l0) & ATTR_DESCR_MASK;
476 if (desc != L0_TABLE) {
481 l1 = pmap_l0_to_l1(l0, va);
482 desc = pmap_load(l1) & ATTR_DESCR_MASK;
483 if (desc != L1_TABLE) {
488 l2 = pmap_l1_to_l2(l1, va);
489 desc = pmap_load(l2) & ATTR_DESCR_MASK;
490 if (desc != L2_TABLE) {
500 * Returns the lowest valid pte block or table entry for a given virtual
501 * address. If there are no valid entries return NULL and set the level to
502 * the first invalid level.
504 static __inline pt_entry_t *
505 pmap_pte(pmap_t pmap, vm_offset_t va, int *level)
507 pd_entry_t *l1, *l2, desc;
510 l1 = pmap_l1(pmap, va);
515 desc = pmap_load(l1) & ATTR_DESCR_MASK;
516 if (desc == L1_BLOCK) {
521 if (desc != L1_TABLE) {
526 l2 = pmap_l1_to_l2(l1, va);
527 desc = pmap_load(l2) & ATTR_DESCR_MASK;
528 if (desc == L2_BLOCK) {
533 if (desc != L2_TABLE) {
539 l3 = pmap_l2_to_l3(l2, va);
540 if ((pmap_load(l3) & ATTR_DESCR_MASK) != L3_PAGE)
547 pmap_ps_enabled(pmap_t pmap __unused)
550 return (superpages_enabled != 0);
554 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l0, pd_entry_t **l1,
555 pd_entry_t **l2, pt_entry_t **l3)
557 pd_entry_t *l0p, *l1p, *l2p;
559 if (pmap->pm_l0 == NULL)
562 l0p = pmap_l0(pmap, va);
565 if ((pmap_load(l0p) & ATTR_DESCR_MASK) != L0_TABLE)
568 l1p = pmap_l0_to_l1(l0p, va);
571 if ((pmap_load(l1p) & ATTR_DESCR_MASK) == L1_BLOCK) {
577 if ((pmap_load(l1p) & ATTR_DESCR_MASK) != L1_TABLE)
580 l2p = pmap_l1_to_l2(l1p, va);
583 if ((pmap_load(l2p) & ATTR_DESCR_MASK) == L2_BLOCK) {
588 if ((pmap_load(l2p) & ATTR_DESCR_MASK) != L2_TABLE)
591 *l3 = pmap_l2_to_l3(l2p, va);
597 pmap_l3_valid(pt_entry_t l3)
600 return ((l3 & ATTR_DESCR_MASK) == L3_PAGE);
604 CTASSERT(L1_BLOCK == L2_BLOCK);
607 pmap_pte_memattr(pmap_t pmap, vm_memattr_t memattr)
611 if (pmap->pm_stage == PM_STAGE1) {
612 val = ATTR_S1_IDX(memattr);
613 if (memattr == VM_MEMATTR_DEVICE)
621 case VM_MEMATTR_DEVICE:
622 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_DEVICE_nGnRnE) |
623 ATTR_S2_XN(ATTR_S2_XN_ALL));
624 case VM_MEMATTR_UNCACHEABLE:
625 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_NC));
626 case VM_MEMATTR_WRITE_BACK:
627 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WB));
628 case VM_MEMATTR_WRITE_THROUGH:
629 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WT));
631 panic("%s: invalid memory attribute %x", __func__, memattr);
636 pmap_pte_prot(pmap_t pmap, vm_prot_t prot)
641 if (pmap->pm_stage == PM_STAGE1) {
642 if ((prot & VM_PROT_EXECUTE) == 0)
644 if ((prot & VM_PROT_WRITE) == 0)
645 val |= ATTR_S1_AP(ATTR_S1_AP_RO);
647 if ((prot & VM_PROT_WRITE) != 0)
648 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE);
649 if ((prot & VM_PROT_READ) != 0)
650 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_READ);
651 if ((prot & VM_PROT_EXECUTE) == 0)
652 val |= ATTR_S2_XN(ATTR_S2_XN_ALL);
659 * Checks if the PTE is dirty.
662 pmap_pte_dirty(pmap_t pmap, pt_entry_t pte)
665 PMAP_ASSERT_STAGE1(pmap);
666 KASSERT((pte & ATTR_SW_MANAGED) != 0, ("pte %#lx is unmanaged", pte));
667 KASSERT((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) != 0,
668 ("pte %#lx is writeable and missing ATTR_SW_DBM", pte));
670 return ((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
671 (ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_SW_DBM));
675 pmap_resident_count_inc(pmap_t pmap, int count)
678 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
679 pmap->pm_stats.resident_count += count;
683 pmap_resident_count_dec(pmap_t pmap, int count)
686 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
687 KASSERT(pmap->pm_stats.resident_count >= count,
688 ("pmap %p resident count underflow %ld %d", pmap,
689 pmap->pm_stats.resident_count, count));
690 pmap->pm_stats.resident_count -= count;
694 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
700 l1 = (pd_entry_t *)l1pt;
701 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
703 /* Check locore has used a table L1 map */
704 KASSERT((l1[*l1_slot] & ATTR_DESCR_MASK) == L1_TABLE,
705 ("Invalid bootstrap L1 table"));
706 /* Find the address of the L2 table */
707 l2 = (pt_entry_t *)init_pt_va;
708 *l2_slot = pmap_l2_index(va);
714 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
716 u_int l1_slot, l2_slot;
719 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
721 return ((l2[l2_slot] & ~ATTR_MASK) + (va & L2_OFFSET));
725 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa,
726 vm_offset_t freemempos)
730 vm_paddr_t l2_pa, pa;
731 u_int l1_slot, l2_slot, prev_l1_slot;
734 dmap_phys_base = min_pa & ~L1_OFFSET;
740 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
741 memset(pagetable_dmap, 0, PAGE_SIZE * DMAP_TABLES);
743 for (i = 0; i < (physmap_idx * 2); i += 2) {
744 pa = physmap[i] & ~L2_OFFSET;
745 va = pa - dmap_phys_base + DMAP_MIN_ADDRESS;
747 /* Create L2 mappings at the start of the region */
748 if ((pa & L1_OFFSET) != 0) {
749 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
750 if (l1_slot != prev_l1_slot) {
751 prev_l1_slot = l1_slot;
752 l2 = (pt_entry_t *)freemempos;
753 l2_pa = pmap_early_vtophys(kern_l1,
755 freemempos += PAGE_SIZE;
757 pmap_store(&pagetable_dmap[l1_slot],
758 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
760 memset(l2, 0, PAGE_SIZE);
763 ("pmap_bootstrap_dmap: NULL l2 map"));
764 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
765 pa += L2_SIZE, va += L2_SIZE) {
767 * We are on a boundary, stop to
768 * create a level 1 block
770 if ((pa & L1_OFFSET) == 0)
773 l2_slot = pmap_l2_index(va);
774 KASSERT(l2_slot != 0, ("..."));
775 pmap_store(&l2[l2_slot],
776 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
778 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
781 KASSERT(va == (pa - dmap_phys_base + DMAP_MIN_ADDRESS),
785 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1] &&
786 (physmap[i + 1] - pa) >= L1_SIZE;
787 pa += L1_SIZE, va += L1_SIZE) {
788 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
789 pmap_store(&pagetable_dmap[l1_slot],
790 (pa & ~L1_OFFSET) | ATTR_DEFAULT | ATTR_S1_XN |
791 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L1_BLOCK);
794 /* Create L2 mappings at the end of the region */
795 if (pa < physmap[i + 1]) {
796 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
797 if (l1_slot != prev_l1_slot) {
798 prev_l1_slot = l1_slot;
799 l2 = (pt_entry_t *)freemempos;
800 l2_pa = pmap_early_vtophys(kern_l1,
802 freemempos += PAGE_SIZE;
804 pmap_store(&pagetable_dmap[l1_slot],
805 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
807 memset(l2, 0, PAGE_SIZE);
810 ("pmap_bootstrap_dmap: NULL l2 map"));
811 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
812 pa += L2_SIZE, va += L2_SIZE) {
813 l2_slot = pmap_l2_index(va);
814 pmap_store(&l2[l2_slot],
815 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
817 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
822 if (pa > dmap_phys_max) {
834 pmap_bootstrap_l2(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l2_start)
841 KASSERT((va & L1_OFFSET) == 0, ("Invalid virtual address"));
843 l1 = (pd_entry_t *)l1pt;
844 l1_slot = pmap_l1_index(va);
847 for (; va < VM_MAX_KERNEL_ADDRESS; l1_slot++, va += L1_SIZE) {
848 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
850 pa = pmap_early_vtophys(l1pt, l2pt);
851 pmap_store(&l1[l1_slot],
852 (pa & ~Ln_TABLE_MASK) | L1_TABLE);
856 /* Clean the L2 page table */
857 memset((void *)l2_start, 0, l2pt - l2_start);
863 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
870 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
872 l2 = pmap_l2(kernel_pmap, va);
873 l2 = (pd_entry_t *)rounddown2((uintptr_t)l2, PAGE_SIZE);
874 l2_slot = pmap_l2_index(va);
877 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
878 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
880 pa = pmap_early_vtophys(l1pt, l3pt);
881 pmap_store(&l2[l2_slot],
882 (pa & ~Ln_TABLE_MASK) | ATTR_S1_UXN | L2_TABLE);
886 /* Clean the L2 page table */
887 memset((void *)l3_start, 0, l3pt - l3_start);
893 * Bootstrap the system enough to run with virtual memory.
896 pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
899 vm_offset_t freemempos;
900 vm_offset_t dpcpu, msgbufpv;
901 vm_paddr_t start_pa, pa, min_pa;
905 /* Verify that the ASID is set through TTBR0. */
906 KASSERT((READ_SPECIALREG(tcr_el1) & TCR_A1) == 0,
907 ("pmap_bootstrap: TCR_EL1.A1 != 0"));
909 kern_delta = KERNBASE - kernstart;
911 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
912 printf("%lx\n", l1pt);
913 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
915 /* Set this early so we can use the pagetable walking functions */
916 kernel_pmap_store.pm_l0 = (pd_entry_t *)l0pt;
917 PMAP_LOCK_INIT(kernel_pmap);
918 kernel_pmap->pm_l0_paddr = l0pt - kern_delta;
919 kernel_pmap->pm_cookie = COOKIE_FROM(-1, INT_MIN);
920 kernel_pmap->pm_stage = PM_STAGE1;
921 kernel_pmap->pm_asid_set = &asids;
923 /* Assume the address we were loaded to is a valid physical address */
924 min_pa = KERNBASE - kern_delta;
926 physmap_idx = physmem_avail(physmap, nitems(physmap));
930 * Find the minimum physical address. physmap is sorted,
931 * but may contain empty ranges.
933 for (i = 0; i < physmap_idx * 2; i += 2) {
934 if (physmap[i] == physmap[i + 1])
936 if (physmap[i] <= min_pa)
940 freemempos = KERNBASE + kernlen;
941 freemempos = roundup2(freemempos, PAGE_SIZE);
943 /* Create a direct map region early so we can use it for pa -> va */
944 freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos);
946 start_pa = pa = KERNBASE - kern_delta;
949 * Create the l2 tables up to VM_MAX_KERNEL_ADDRESS. We assume that the
950 * loader allocated the first and only l2 page table page used to map
951 * the kernel, preloaded files and module metadata.
953 freemempos = pmap_bootstrap_l2(l1pt, KERNBASE + L1_SIZE, freemempos);
954 /* And the l3 tables for the early devmap */
955 freemempos = pmap_bootstrap_l3(l1pt,
956 VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE), freemempos);
960 #define alloc_pages(var, np) \
961 (var) = freemempos; \
962 freemempos += (np * PAGE_SIZE); \
963 memset((char *)(var), 0, ((np) * PAGE_SIZE));
965 /* Allocate dynamic per-cpu area. */
966 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
967 dpcpu_init((void *)dpcpu, 0);
969 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
970 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
971 msgbufp = (void *)msgbufpv;
973 /* Reserve some VA space for early BIOS/ACPI mapping */
974 preinit_map_va = roundup2(freemempos, L2_SIZE);
976 virtual_avail = preinit_map_va + PMAP_PREINIT_MAPPING_SIZE;
977 virtual_avail = roundup2(virtual_avail, L1_SIZE);
978 virtual_end = VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE);
979 kernel_vm_end = virtual_avail;
981 pa = pmap_early_vtophys(l1pt, freemempos);
983 physmem_exclude_region(start_pa, pa - start_pa, EXFLAG_NOALLOC);
989 * Initialize a vm_page's machine-dependent fields.
992 pmap_page_init(vm_page_t m)
995 TAILQ_INIT(&m->md.pv_list);
996 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
1000 pmap_init_asids(struct asid_set *set, int bits)
1004 set->asid_bits = bits;
1007 * We may be too early in the overall initialization process to use
1010 set->asid_set_size = 1 << set->asid_bits;
1011 set->asid_set = (bitstr_t *)kmem_malloc(bitstr_size(set->asid_set_size),
1013 for (i = 0; i < ASID_FIRST_AVAILABLE; i++)
1014 bit_set(set->asid_set, i);
1015 set->asid_next = ASID_FIRST_AVAILABLE;
1016 mtx_init(&set->asid_set_mutex, "asid set", NULL, MTX_SPIN);
1020 * Initialize the pmap module.
1021 * Called by vm_init, to initialize any structures that the pmap
1022 * system needs to map virtual memory.
1029 int i, pv_npg, vmid_bits;
1032 * Are large page mappings enabled?
1034 TUNABLE_INT_FETCH("vm.pmap.superpages_enabled", &superpages_enabled);
1035 if (superpages_enabled) {
1036 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1037 ("pmap_init: can't assign to pagesizes[1]"));
1038 pagesizes[1] = L2_SIZE;
1042 * Initialize the ASID allocator.
1044 pmap_init_asids(&asids,
1045 (READ_SPECIALREG(tcr_el1) & TCR_ASID_16) != 0 ? 16 : 8);
1048 mmfr1 = READ_SPECIALREG(id_aa64mmfr1_el1);
1051 if (ID_AA64MMFR1_VMIDBits_VAL(mmfr1) ==
1052 ID_AA64MMFR1_VMIDBits_16)
1054 pmap_init_asids(&vmids, vmid_bits);
1058 * Initialize the pv chunk list mutex.
1060 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
1063 * Initialize the pool of pv list locks.
1065 for (i = 0; i < NPV_LIST_LOCKS; i++)
1066 rw_init(&pv_list_locks[i], "pmap pv list");
1069 * Calculate the size of the pv head table for superpages.
1071 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
1074 * Allocate memory for the pv head table for superpages.
1076 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1078 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
1079 for (i = 0; i < pv_npg; i++)
1080 TAILQ_INIT(&pv_table[i].pv_list);
1081 TAILQ_INIT(&pv_dummy.pv_list);
1086 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
1087 "2MB page mapping counters");
1089 static u_long pmap_l2_demotions;
1090 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
1091 &pmap_l2_demotions, 0, "2MB page demotions");
1093 static u_long pmap_l2_mappings;
1094 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, mappings, CTLFLAG_RD,
1095 &pmap_l2_mappings, 0, "2MB page mappings");
1097 static u_long pmap_l2_p_failures;
1098 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
1099 &pmap_l2_p_failures, 0, "2MB page promotion failures");
1101 static u_long pmap_l2_promotions;
1102 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
1103 &pmap_l2_promotions, 0, "2MB page promotions");
1106 * Invalidate a single TLB entry.
1108 static __inline void
1109 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
1113 PMAP_ASSERT_STAGE1(pmap);
1116 if (pmap == kernel_pmap) {
1118 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1120 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) | atop(va);
1121 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1127 static __inline void
1128 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1130 uint64_t end, r, start;
1132 PMAP_ASSERT_STAGE1(pmap);
1135 if (pmap == kernel_pmap) {
1138 for (r = start; r < end; r++)
1139 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1141 start = end = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1144 for (r = start; r < end; r++)
1145 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1151 static __inline void
1152 pmap_invalidate_all(pmap_t pmap)
1156 PMAP_ASSERT_STAGE1(pmap);
1159 if (pmap == kernel_pmap) {
1160 __asm __volatile("tlbi vmalle1is");
1162 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1163 __asm __volatile("tlbi aside1is, %0" : : "r" (r));
1170 * Routine: pmap_extract
1172 * Extract the physical page address associated
1173 * with the given map/virtual_address pair.
1176 pmap_extract(pmap_t pmap, vm_offset_t va)
1178 pt_entry_t *pte, tpte;
1185 * Find the block or page map for this virtual address. pmap_pte
1186 * will return either a valid block/page entry, or NULL.
1188 pte = pmap_pte(pmap, va, &lvl);
1190 tpte = pmap_load(pte);
1191 pa = tpte & ~ATTR_MASK;
1194 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1195 ("pmap_extract: Invalid L1 pte found: %lx",
1196 tpte & ATTR_DESCR_MASK));
1197 pa |= (va & L1_OFFSET);
1200 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1201 ("pmap_extract: Invalid L2 pte found: %lx",
1202 tpte & ATTR_DESCR_MASK));
1203 pa |= (va & L2_OFFSET);
1206 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1207 ("pmap_extract: Invalid L3 pte found: %lx",
1208 tpte & ATTR_DESCR_MASK));
1209 pa |= (va & L3_OFFSET);
1218 * Routine: pmap_extract_and_hold
1220 * Atomically extract and hold the physical page
1221 * with the given pmap and virtual address pair
1222 * if that mapping permits the given protection.
1225 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1227 pt_entry_t *pte, tpte;
1232 PMAP_ASSERT_STAGE1(pmap);
1236 pte = pmap_pte(pmap, va, &lvl);
1238 tpte = pmap_load(pte);
1240 KASSERT(lvl > 0 && lvl <= 3,
1241 ("pmap_extract_and_hold: Invalid level %d", lvl));
1242 CTASSERT(L1_BLOCK == L2_BLOCK);
1243 KASSERT((lvl == 3 && (tpte & ATTR_DESCR_MASK) == L3_PAGE) ||
1244 (lvl < 3 && (tpte & ATTR_DESCR_MASK) == L1_BLOCK),
1245 ("pmap_extract_and_hold: Invalid pte at L%d: %lx", lvl,
1246 tpte & ATTR_DESCR_MASK));
1247 if (((tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW)) ||
1248 ((prot & VM_PROT_WRITE) == 0)) {
1251 off = va & L1_OFFSET;
1254 off = va & L2_OFFSET;
1260 m = PHYS_TO_VM_PAGE((tpte & ~ATTR_MASK) | off);
1261 if (!vm_page_wire_mapped(m))
1270 pmap_kextract(vm_offset_t va)
1272 pt_entry_t *pte, tpte;
1274 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
1275 return (DMAP_TO_PHYS(va));
1276 pte = pmap_l1(kernel_pmap, va);
1281 * A concurrent pmap_update_entry() will clear the entry's valid bit
1282 * but leave the rest of the entry unchanged. Therefore, we treat a
1283 * non-zero entry as being valid, and we ignore the valid bit when
1284 * determining whether the entry maps a block, page, or table.
1286 tpte = pmap_load(pte);
1289 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK)
1290 return ((tpte & ~ATTR_MASK) | (va & L1_OFFSET));
1291 pte = pmap_l1_to_l2(&tpte, va);
1292 tpte = pmap_load(pte);
1295 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK)
1296 return ((tpte & ~ATTR_MASK) | (va & L2_OFFSET));
1297 pte = pmap_l2_to_l3(&tpte, va);
1298 tpte = pmap_load(pte);
1301 return ((tpte & ~ATTR_MASK) | (va & L3_OFFSET));
1304 /***************************************************
1305 * Low level mapping routines.....
1306 ***************************************************/
1309 pmap_kenter(vm_offset_t sva, vm_size_t size, vm_paddr_t pa, int mode)
1312 pt_entry_t *pte, attr;
1316 KASSERT((pa & L3_OFFSET) == 0,
1317 ("pmap_kenter: Invalid physical address"));
1318 KASSERT((sva & L3_OFFSET) == 0,
1319 ("pmap_kenter: Invalid virtual address"));
1320 KASSERT((size & PAGE_MASK) == 0,
1321 ("pmap_kenter: Mapping is not page-sized"));
1323 attr = ATTR_DEFAULT | ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1324 ATTR_S1_IDX(mode) | L3_PAGE;
1327 pde = pmap_pde(kernel_pmap, va, &lvl);
1328 KASSERT(pde != NULL,
1329 ("pmap_kenter: Invalid page entry, va: 0x%lx", va));
1330 KASSERT(lvl == 2, ("pmap_kenter: Invalid level %d", lvl));
1332 pte = pmap_l2_to_l3(pde, va);
1333 pmap_load_store(pte, (pa & ~L3_OFFSET) | attr);
1339 pmap_invalidate_range(kernel_pmap, sva, va);
1343 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
1346 pmap_kenter(sva, size, pa, VM_MEMATTR_DEVICE);
1350 * Remove a page from the kernel pagetables.
1353 pmap_kremove(vm_offset_t va)
1358 pte = pmap_pte(kernel_pmap, va, &lvl);
1359 KASSERT(pte != NULL, ("pmap_kremove: Invalid address"));
1360 KASSERT(lvl == 3, ("pmap_kremove: Invalid pte level %d", lvl));
1363 pmap_invalidate_page(kernel_pmap, va);
1367 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
1373 KASSERT((sva & L3_OFFSET) == 0,
1374 ("pmap_kremove_device: Invalid virtual address"));
1375 KASSERT((size & PAGE_MASK) == 0,
1376 ("pmap_kremove_device: Mapping is not page-sized"));
1380 pte = pmap_pte(kernel_pmap, va, &lvl);
1381 KASSERT(pte != NULL, ("Invalid page table, va: 0x%lx", va));
1383 ("Invalid device pagetable level: %d != 3", lvl));
1389 pmap_invalidate_range(kernel_pmap, sva, va);
1393 * Used to map a range of physical addresses into kernel
1394 * virtual address space.
1396 * The value passed in '*virt' is a suggested virtual address for
1397 * the mapping. Architectures which can support a direct-mapped
1398 * physical to virtual region can return the appropriate address
1399 * within that region, leaving '*virt' unchanged. Other
1400 * architectures should map the pages starting at '*virt' and
1401 * update '*virt' with the first usable address after the mapped
1405 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1407 return PHYS_TO_DMAP(start);
1412 * Add a list of wired pages to the kva
1413 * this routine is only used for temporary
1414 * kernel mappings that do not need to have
1415 * page modification or references recorded.
1416 * Note that old mappings are simply written
1417 * over. The page *must* be wired.
1418 * Note: SMP coherent. Uses a ranged shootdown IPI.
1421 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1424 pt_entry_t *pte, pa;
1430 for (i = 0; i < count; i++) {
1431 pde = pmap_pde(kernel_pmap, va, &lvl);
1432 KASSERT(pde != NULL,
1433 ("pmap_qenter: Invalid page entry, va: 0x%lx", va));
1435 ("pmap_qenter: Invalid level %d", lvl));
1438 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
1439 ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1440 ATTR_S1_IDX(m->md.pv_memattr) | L3_PAGE;
1441 pte = pmap_l2_to_l3(pde, va);
1442 pmap_load_store(pte, pa);
1446 pmap_invalidate_range(kernel_pmap, sva, va);
1450 * This routine tears out page mappings from the
1451 * kernel -- it is meant only for temporary mappings.
1454 pmap_qremove(vm_offset_t sva, int count)
1460 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1463 while (count-- > 0) {
1464 pte = pmap_pte(kernel_pmap, va, &lvl);
1466 ("Invalid device pagetable level: %d != 3", lvl));
1473 pmap_invalidate_range(kernel_pmap, sva, va);
1476 /***************************************************
1477 * Page table page management routines.....
1478 ***************************************************/
1480 * Schedule the specified unused page table page to be freed. Specifically,
1481 * add the page to the specified list of pages that will be released to the
1482 * physical memory manager after the TLB has been updated.
1484 static __inline void
1485 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1486 boolean_t set_PG_ZERO)
1490 m->flags |= PG_ZERO;
1492 m->flags &= ~PG_ZERO;
1493 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1497 * Decrements a page table page's reference count, which is used to record the
1498 * number of valid page table entries within the page. If the reference count
1499 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1500 * page table page was unmapped and FALSE otherwise.
1502 static inline boolean_t
1503 pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1507 if (m->ref_count == 0) {
1508 _pmap_unwire_l3(pmap, va, m, free);
1515 _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1518 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1520 * unmap the page table page
1522 if (m->pindex >= (NUL2E + NUL1E)) {
1526 l0 = pmap_l0(pmap, va);
1528 } else if (m->pindex >= NUL2E) {
1532 l1 = pmap_l1(pmap, va);
1538 l2 = pmap_l2(pmap, va);
1541 pmap_resident_count_dec(pmap, 1);
1542 if (m->pindex < NUL2E) {
1543 /* We just released an l3, unhold the matching l2 */
1544 pd_entry_t *l1, tl1;
1547 l1 = pmap_l1(pmap, va);
1548 tl1 = pmap_load(l1);
1549 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1550 pmap_unwire_l3(pmap, va, l2pg, free);
1551 } else if (m->pindex < (NUL2E + NUL1E)) {
1552 /* We just released an l2, unhold the matching l1 */
1553 pd_entry_t *l0, tl0;
1556 l0 = pmap_l0(pmap, va);
1557 tl0 = pmap_load(l0);
1558 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1559 pmap_unwire_l3(pmap, va, l1pg, free);
1561 pmap_invalidate_page(pmap, va);
1564 * Put page on a list so that it is released after
1565 * *ALL* TLB shootdown is done
1567 pmap_add_delayed_free_list(m, free, TRUE);
1571 * After removing a page table entry, this routine is used to
1572 * conditionally free the page, and manage the reference count.
1575 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1576 struct spglist *free)
1580 if (va >= VM_MAXUSER_ADDRESS)
1582 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1583 mpte = PHYS_TO_VM_PAGE(ptepde & ~ATTR_MASK);
1584 return (pmap_unwire_l3(pmap, va, mpte, free));
1588 * Release a page table page reference after a failed attempt to create a
1592 pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte)
1594 struct spglist free;
1597 if (pmap_unwire_l3(pmap, va, mpte, &free)) {
1599 * Although "va" was never mapped, the TLB could nonetheless
1600 * have intermediate entries that refer to the freed page
1601 * table pages. Invalidate those entries.
1603 * XXX redundant invalidation (See _pmap_unwire_l3().)
1605 pmap_invalidate_page(pmap, va);
1606 vm_page_free_pages_toq(&free, true);
1611 pmap_pinit0(pmap_t pmap)
1614 PMAP_LOCK_INIT(pmap);
1615 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1616 pmap->pm_l0_paddr = READ_SPECIALREG(ttbr0_el1);
1617 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1618 pmap->pm_root.rt_root = 0;
1619 pmap->pm_cookie = COOKIE_FROM(ASID_RESERVED_FOR_PID_0, INT_MIN);
1620 pmap->pm_stage = PM_STAGE1;
1621 pmap->pm_asid_set = &asids;
1623 PCPU_SET(curpmap, pmap);
1627 pmap_pinit_stage(pmap_t pmap, enum pmap_stage stage)
1632 * allocate the l0 page
1634 while ((l0pt = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
1635 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1638 pmap->pm_l0_paddr = VM_PAGE_TO_PHYS(l0pt);
1639 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1641 if ((l0pt->flags & PG_ZERO) == 0)
1642 pagezero(pmap->pm_l0);
1644 pmap->pm_root.rt_root = 0;
1645 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1646 pmap->pm_cookie = COOKIE_FROM(-1, INT_MAX);
1648 pmap->pm_stage = stage;
1651 pmap->pm_asid_set = &asids;
1654 pmap->pm_asid_set = &vmids;
1657 panic("%s: Invalid pmap type %d", __func__, stage);
1661 /* XXX Temporarily disable deferred ASID allocation. */
1662 pmap_alloc_asid(pmap);
1668 pmap_pinit(pmap_t pmap)
1671 return (pmap_pinit_stage(pmap, PM_STAGE1));
1675 * This routine is called if the desired page table page does not exist.
1677 * If page table page allocation fails, this routine may sleep before
1678 * returning NULL. It sleeps only if a lock pointer was given.
1680 * Note: If a page allocation fails at page table level two or three,
1681 * one or two pages may be held during the wait, only to be released
1682 * afterwards. This conservative approach is easily argued to avoid
1686 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1688 vm_page_t m, l1pg, l2pg;
1690 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1693 * Allocate a page table page.
1695 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1696 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1697 if (lockp != NULL) {
1698 RELEASE_PV_LIST_LOCK(lockp);
1705 * Indicate the need to retry. While waiting, the page table
1706 * page may have been allocated.
1710 if ((m->flags & PG_ZERO) == 0)
1714 * Because of AArch64's weak memory consistency model, we must have a
1715 * barrier here to ensure that the stores for zeroing "m", whether by
1716 * pmap_zero_page() or an earlier function, are visible before adding
1717 * "m" to the page table. Otherwise, a page table walk by another
1718 * processor's MMU could see the mapping to "m" and a stale, non-zero
1724 * Map the pagetable page into the process address space, if
1725 * it isn't already there.
1728 if (ptepindex >= (NUL2E + NUL1E)) {
1730 vm_pindex_t l0index;
1732 l0index = ptepindex - (NUL2E + NUL1E);
1733 l0 = &pmap->pm_l0[l0index];
1734 pmap_store(l0, VM_PAGE_TO_PHYS(m) | L0_TABLE);
1735 } else if (ptepindex >= NUL2E) {
1736 vm_pindex_t l0index, l1index;
1737 pd_entry_t *l0, *l1;
1740 l1index = ptepindex - NUL2E;
1741 l0index = l1index >> L0_ENTRIES_SHIFT;
1743 l0 = &pmap->pm_l0[l0index];
1744 tl0 = pmap_load(l0);
1746 /* recurse for allocating page dir */
1747 if (_pmap_alloc_l3(pmap, NUL2E + NUL1E + l0index,
1749 vm_page_unwire_noq(m);
1750 vm_page_free_zero(m);
1754 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1758 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
1759 l1 = &l1[ptepindex & Ln_ADDR_MASK];
1760 pmap_store(l1, VM_PAGE_TO_PHYS(m) | L1_TABLE);
1762 vm_pindex_t l0index, l1index;
1763 pd_entry_t *l0, *l1, *l2;
1764 pd_entry_t tl0, tl1;
1766 l1index = ptepindex >> Ln_ENTRIES_SHIFT;
1767 l0index = l1index >> L0_ENTRIES_SHIFT;
1769 l0 = &pmap->pm_l0[l0index];
1770 tl0 = pmap_load(l0);
1772 /* recurse for allocating page dir */
1773 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1775 vm_page_unwire_noq(m);
1776 vm_page_free_zero(m);
1779 tl0 = pmap_load(l0);
1780 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1781 l1 = &l1[l1index & Ln_ADDR_MASK];
1783 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1784 l1 = &l1[l1index & Ln_ADDR_MASK];
1785 tl1 = pmap_load(l1);
1787 /* recurse for allocating page dir */
1788 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1790 vm_page_unwire_noq(m);
1791 vm_page_free_zero(m);
1795 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1800 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
1801 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1802 pmap_store(l2, VM_PAGE_TO_PHYS(m) | L2_TABLE);
1805 pmap_resident_count_inc(pmap, 1);
1811 pmap_alloc_l2(pmap_t pmap, vm_offset_t va, vm_page_t *l2pgp,
1812 struct rwlock **lockp)
1814 pd_entry_t *l1, *l2;
1816 vm_pindex_t l2pindex;
1819 l1 = pmap_l1(pmap, va);
1820 if (l1 != NULL && (pmap_load(l1) & ATTR_DESCR_MASK) == L1_TABLE) {
1821 l2 = pmap_l1_to_l2(l1, va);
1822 if (va < VM_MAXUSER_ADDRESS) {
1823 /* Add a reference to the L2 page. */
1824 l2pg = PHYS_TO_VM_PAGE(pmap_load(l1) & ~ATTR_MASK);
1828 } else if (va < VM_MAXUSER_ADDRESS) {
1829 /* Allocate a L2 page. */
1830 l2pindex = pmap_l2_pindex(va) >> Ln_ENTRIES_SHIFT;
1831 l2pg = _pmap_alloc_l3(pmap, NUL2E + l2pindex, lockp);
1838 l2 = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(l2pg));
1839 l2 = &l2[pmap_l2_index(va)];
1841 panic("pmap_alloc_l2: missing page table page for va %#lx",
1848 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1850 vm_pindex_t ptepindex;
1851 pd_entry_t *pde, tpde;
1859 * Calculate pagetable page index
1861 ptepindex = pmap_l2_pindex(va);
1864 * Get the page directory entry
1866 pde = pmap_pde(pmap, va, &lvl);
1869 * If the page table page is mapped, we just increment the hold count,
1870 * and activate it. If we get a level 2 pde it will point to a level 3
1878 pte = pmap_l0_to_l1(pde, va);
1879 KASSERT(pmap_load(pte) == 0,
1880 ("pmap_alloc_l3: TODO: l0 superpages"));
1885 pte = pmap_l1_to_l2(pde, va);
1886 KASSERT(pmap_load(pte) == 0,
1887 ("pmap_alloc_l3: TODO: l1 superpages"));
1891 tpde = pmap_load(pde);
1893 m = PHYS_TO_VM_PAGE(tpde & ~ATTR_MASK);
1899 panic("pmap_alloc_l3: Invalid level %d", lvl);
1903 * Here if the pte page isn't mapped, or if it has been deallocated.
1905 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1906 if (m == NULL && lockp != NULL)
1912 /***************************************************
1913 * Pmap allocation/deallocation routines.
1914 ***************************************************/
1917 * Release any resources held by the given physical map.
1918 * Called when a pmap initialized by pmap_pinit is being released.
1919 * Should only be called if the map contains no valid mappings.
1922 pmap_release(pmap_t pmap)
1924 struct asid_set *set;
1928 KASSERT(pmap->pm_stats.resident_count == 0,
1929 ("pmap_release: pmap resident count %ld != 0",
1930 pmap->pm_stats.resident_count));
1931 KASSERT(vm_radix_is_empty(&pmap->pm_root),
1932 ("pmap_release: pmap has reserved page table page(s)"));
1933 PMAP_ASSERT_STAGE1(pmap);
1935 set = pmap->pm_asid_set;
1936 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
1938 mtx_lock_spin(&set->asid_set_mutex);
1939 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch) {
1940 asid = COOKIE_TO_ASID(pmap->pm_cookie);
1941 KASSERT(asid >= ASID_FIRST_AVAILABLE &&
1942 asid < set->asid_set_size,
1943 ("pmap_release: pmap cookie has out-of-range asid"));
1944 bit_clear(set->asid_set, asid);
1946 mtx_unlock_spin(&set->asid_set_mutex);
1948 m = PHYS_TO_VM_PAGE(pmap->pm_l0_paddr);
1949 vm_page_unwire_noq(m);
1950 vm_page_free_zero(m);
1954 kvm_size(SYSCTL_HANDLER_ARGS)
1956 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1958 return sysctl_handle_long(oidp, &ksize, 0, req);
1960 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1961 0, 0, kvm_size, "LU",
1965 kvm_free(SYSCTL_HANDLER_ARGS)
1967 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1969 return sysctl_handle_long(oidp, &kfree, 0, req);
1971 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1972 0, 0, kvm_free, "LU",
1973 "Amount of KVM free");
1976 * grow the number of kernel page table entries, if needed
1979 pmap_growkernel(vm_offset_t addr)
1983 pd_entry_t *l0, *l1, *l2;
1985 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1987 addr = roundup2(addr, L2_SIZE);
1988 if (addr - 1 >= vm_map_max(kernel_map))
1989 addr = vm_map_max(kernel_map);
1990 while (kernel_vm_end < addr) {
1991 l0 = pmap_l0(kernel_pmap, kernel_vm_end);
1992 KASSERT(pmap_load(l0) != 0,
1993 ("pmap_growkernel: No level 0 kernel entry"));
1995 l1 = pmap_l0_to_l1(l0, kernel_vm_end);
1996 if (pmap_load(l1) == 0) {
1997 /* We need a new PDP entry */
1998 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
1999 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
2000 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2002 panic("pmap_growkernel: no memory to grow kernel");
2003 if ((nkpg->flags & PG_ZERO) == 0)
2004 pmap_zero_page(nkpg);
2005 /* See the dmb() in _pmap_alloc_l3(). */
2007 paddr = VM_PAGE_TO_PHYS(nkpg);
2008 pmap_store(l1, paddr | L1_TABLE);
2009 continue; /* try again */
2011 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
2012 if (pmap_load(l2) != 0) {
2013 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2014 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2015 kernel_vm_end = vm_map_max(kernel_map);
2021 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
2022 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2025 panic("pmap_growkernel: no memory to grow kernel");
2026 if ((nkpg->flags & PG_ZERO) == 0)
2027 pmap_zero_page(nkpg);
2028 /* See the dmb() in _pmap_alloc_l3(). */
2030 paddr = VM_PAGE_TO_PHYS(nkpg);
2031 pmap_store(l2, paddr | L2_TABLE);
2033 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2034 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2035 kernel_vm_end = vm_map_max(kernel_map);
2042 /***************************************************
2043 * page management routines.
2044 ***************************************************/
2046 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2047 CTASSERT(_NPCM == 3);
2048 CTASSERT(_NPCPV == 168);
2050 static __inline struct pv_chunk *
2051 pv_to_chunk(pv_entry_t pv)
2054 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2057 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2059 #define PC_FREE0 0xfffffffffffffffful
2060 #define PC_FREE1 0xfffffffffffffffful
2061 #define PC_FREE2 0x000000fffffffffful
2063 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
2067 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2069 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2070 "Current number of pv entry chunks");
2071 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2072 "Current number of pv entry chunks allocated");
2073 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2074 "Current number of pv entry chunks frees");
2075 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2076 "Number of times tried to get a chunk page but failed.");
2078 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
2079 static int pv_entry_spare;
2081 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2082 "Current number of pv entry frees");
2083 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2084 "Current number of pv entry allocs");
2085 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2086 "Current number of pv entries");
2087 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2088 "Current number of spare pv entries");
2093 * We are in a serious low memory condition. Resort to
2094 * drastic measures to free some pages so we can allocate
2095 * another pv entry chunk.
2097 * Returns NULL if PV entries were reclaimed from the specified pmap.
2099 * We do not, however, unmap 2mpages because subsequent accesses will
2100 * allocate per-page pv entries until repromotion occurs, thereby
2101 * exacerbating the shortage of free pv entries.
2104 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
2106 struct pv_chunk *pc, *pc_marker, *pc_marker_end;
2107 struct pv_chunk_header pc_marker_b, pc_marker_end_b;
2108 struct md_page *pvh;
2110 pmap_t next_pmap, pmap;
2111 pt_entry_t *pte, tpte;
2115 struct spglist free;
2117 int bit, field, freed, lvl;
2118 static int active_reclaims = 0;
2120 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2121 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
2126 bzero(&pc_marker_b, sizeof(pc_marker_b));
2127 bzero(&pc_marker_end_b, sizeof(pc_marker_end_b));
2128 pc_marker = (struct pv_chunk *)&pc_marker_b;
2129 pc_marker_end = (struct pv_chunk *)&pc_marker_end_b;
2131 mtx_lock(&pv_chunks_mutex);
2133 TAILQ_INSERT_HEAD(&pv_chunks, pc_marker, pc_lru);
2134 TAILQ_INSERT_TAIL(&pv_chunks, pc_marker_end, pc_lru);
2135 while ((pc = TAILQ_NEXT(pc_marker, pc_lru)) != pc_marker_end &&
2136 SLIST_EMPTY(&free)) {
2137 next_pmap = pc->pc_pmap;
2138 if (next_pmap == NULL) {
2140 * The next chunk is a marker. However, it is
2141 * not our marker, so active_reclaims must be
2142 * > 1. Consequently, the next_chunk code
2143 * will not rotate the pv_chunks list.
2147 mtx_unlock(&pv_chunks_mutex);
2150 * A pv_chunk can only be removed from the pc_lru list
2151 * when both pv_chunks_mutex is owned and the
2152 * corresponding pmap is locked.
2154 if (pmap != next_pmap) {
2155 if (pmap != NULL && pmap != locked_pmap)
2158 /* Avoid deadlock and lock recursion. */
2159 if (pmap > locked_pmap) {
2160 RELEASE_PV_LIST_LOCK(lockp);
2162 mtx_lock(&pv_chunks_mutex);
2164 } else if (pmap != locked_pmap) {
2165 if (PMAP_TRYLOCK(pmap)) {
2166 mtx_lock(&pv_chunks_mutex);
2169 pmap = NULL; /* pmap is not locked */
2170 mtx_lock(&pv_chunks_mutex);
2171 pc = TAILQ_NEXT(pc_marker, pc_lru);
2173 pc->pc_pmap != next_pmap)
2181 * Destroy every non-wired, 4 KB page mapping in the chunk.
2184 for (field = 0; field < _NPCM; field++) {
2185 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2186 inuse != 0; inuse &= ~(1UL << bit)) {
2187 bit = ffsl(inuse) - 1;
2188 pv = &pc->pc_pventry[field * 64 + bit];
2190 pde = pmap_pde(pmap, va, &lvl);
2193 pte = pmap_l2_to_l3(pde, va);
2194 tpte = pmap_load(pte);
2195 if ((tpte & ATTR_SW_WIRED) != 0)
2197 tpte = pmap_load_clear(pte);
2198 m = PHYS_TO_VM_PAGE(tpte & ~ATTR_MASK);
2199 if (pmap_pte_dirty(pmap, tpte))
2201 if ((tpte & ATTR_AF) != 0) {
2202 pmap_invalidate_page(pmap, va);
2203 vm_page_aflag_set(m, PGA_REFERENCED);
2205 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2206 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2208 if (TAILQ_EMPTY(&m->md.pv_list) &&
2209 (m->flags & PG_FICTITIOUS) == 0) {
2210 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2211 if (TAILQ_EMPTY(&pvh->pv_list)) {
2212 vm_page_aflag_clear(m,
2216 pc->pc_map[field] |= 1UL << bit;
2217 pmap_unuse_pt(pmap, va, pmap_load(pde), &free);
2222 mtx_lock(&pv_chunks_mutex);
2225 /* Every freed mapping is for a 4 KB page. */
2226 pmap_resident_count_dec(pmap, freed);
2227 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
2228 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
2229 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
2230 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2231 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
2232 pc->pc_map[2] == PC_FREE2) {
2233 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2234 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2235 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2236 /* Entire chunk is free; return it. */
2237 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2238 dump_drop_page(m_pc->phys_addr);
2239 mtx_lock(&pv_chunks_mutex);
2240 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2243 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2244 mtx_lock(&pv_chunks_mutex);
2245 /* One freed pv entry in locked_pmap is sufficient. */
2246 if (pmap == locked_pmap)
2250 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2251 TAILQ_INSERT_AFTER(&pv_chunks, pc, pc_marker, pc_lru);
2252 if (active_reclaims == 1 && pmap != NULL) {
2254 * Rotate the pv chunks list so that we do not
2255 * scan the same pv chunks that could not be
2256 * freed (because they contained a wired
2257 * and/or superpage mapping) on every
2258 * invocation of reclaim_pv_chunk().
2260 while ((pc = TAILQ_FIRST(&pv_chunks)) != pc_marker) {
2261 MPASS(pc->pc_pmap != NULL);
2262 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2263 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2267 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2268 TAILQ_REMOVE(&pv_chunks, pc_marker_end, pc_lru);
2270 mtx_unlock(&pv_chunks_mutex);
2271 if (pmap != NULL && pmap != locked_pmap)
2273 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
2274 m_pc = SLIST_FIRST(&free);
2275 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
2276 /* Recycle a freed page table page. */
2277 m_pc->ref_count = 1;
2279 vm_page_free_pages_toq(&free, true);
2284 * free the pv_entry back to the free list
2287 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2289 struct pv_chunk *pc;
2290 int idx, field, bit;
2292 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2293 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
2294 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
2295 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
2296 pc = pv_to_chunk(pv);
2297 idx = pv - &pc->pc_pventry[0];
2300 pc->pc_map[field] |= 1ul << bit;
2301 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
2302 pc->pc_map[2] != PC_FREE2) {
2303 /* 98% of the time, pc is already at the head of the list. */
2304 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
2305 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2306 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2310 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2315 free_pv_chunk(struct pv_chunk *pc)
2319 mtx_lock(&pv_chunks_mutex);
2320 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2321 mtx_unlock(&pv_chunks_mutex);
2322 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2323 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2324 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2325 /* entire chunk is free, return it */
2326 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2327 dump_drop_page(m->phys_addr);
2328 vm_page_unwire_noq(m);
2333 * Returns a new PV entry, allocating a new PV chunk from the system when
2334 * needed. If this PV chunk allocation fails and a PV list lock pointer was
2335 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
2338 * The given PV list lock may be released.
2341 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
2345 struct pv_chunk *pc;
2348 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2349 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
2351 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2353 for (field = 0; field < _NPCM; field++) {
2354 if (pc->pc_map[field]) {
2355 bit = ffsl(pc->pc_map[field]) - 1;
2359 if (field < _NPCM) {
2360 pv = &pc->pc_pventry[field * 64 + bit];
2361 pc->pc_map[field] &= ~(1ul << bit);
2362 /* If this was the last item, move it to tail */
2363 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
2364 pc->pc_map[2] == 0) {
2365 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2366 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
2369 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2370 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
2374 /* No free items, allocate another chunk */
2375 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2378 if (lockp == NULL) {
2379 PV_STAT(pc_chunk_tryfail++);
2382 m = reclaim_pv_chunk(pmap, lockp);
2386 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2387 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2388 dump_add_page(m->phys_addr);
2389 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2391 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
2392 pc->pc_map[1] = PC_FREE1;
2393 pc->pc_map[2] = PC_FREE2;
2394 mtx_lock(&pv_chunks_mutex);
2395 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2396 mtx_unlock(&pv_chunks_mutex);
2397 pv = &pc->pc_pventry[0];
2398 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2399 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2400 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
2405 * Ensure that the number of spare PV entries in the specified pmap meets or
2406 * exceeds the given count, "needed".
2408 * The given PV list lock may be released.
2411 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
2413 struct pch new_tail;
2414 struct pv_chunk *pc;
2419 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2420 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
2423 * Newly allocated PV chunks must be stored in a private list until
2424 * the required number of PV chunks have been allocated. Otherwise,
2425 * reclaim_pv_chunk() could recycle one of these chunks. In
2426 * contrast, these chunks must be added to the pmap upon allocation.
2428 TAILQ_INIT(&new_tail);
2431 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
2432 bit_count((bitstr_t *)pc->pc_map, 0,
2433 sizeof(pc->pc_map) * NBBY, &free);
2437 if (avail >= needed)
2440 for (reclaimed = false; avail < needed; avail += _NPCPV) {
2441 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2444 m = reclaim_pv_chunk(pmap, lockp);
2449 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2450 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2451 dump_add_page(m->phys_addr);
2452 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2454 pc->pc_map[0] = PC_FREE0;
2455 pc->pc_map[1] = PC_FREE1;
2456 pc->pc_map[2] = PC_FREE2;
2457 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2458 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
2459 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
2462 * The reclaim might have freed a chunk from the current pmap.
2463 * If that chunk contained available entries, we need to
2464 * re-count the number of available entries.
2469 if (!TAILQ_EMPTY(&new_tail)) {
2470 mtx_lock(&pv_chunks_mutex);
2471 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
2472 mtx_unlock(&pv_chunks_mutex);
2477 * First find and then remove the pv entry for the specified pmap and virtual
2478 * address from the specified pv list. Returns the pv entry if found and NULL
2479 * otherwise. This operation can be performed on pv lists for either 4KB or
2480 * 2MB page mappings.
2482 static __inline pv_entry_t
2483 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2487 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2488 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2489 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2498 * After demotion from a 2MB page mapping to 512 4KB page mappings,
2499 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
2500 * entries for each of the 4KB page mappings.
2503 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2504 struct rwlock **lockp)
2506 struct md_page *pvh;
2507 struct pv_chunk *pc;
2509 vm_offset_t va_last;
2513 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2514 KASSERT((va & L2_OFFSET) == 0,
2515 ("pmap_pv_demote_l2: va is not 2mpage aligned"));
2516 KASSERT((pa & L2_OFFSET) == 0,
2517 ("pmap_pv_demote_l2: pa is not 2mpage aligned"));
2518 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2521 * Transfer the 2mpage's pv entry for this mapping to the first
2522 * page's pv list. Once this transfer begins, the pv list lock
2523 * must not be released until the last pv entry is reinstantiated.
2525 pvh = pa_to_pvh(pa);
2526 pv = pmap_pvh_remove(pvh, pmap, va);
2527 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
2528 m = PHYS_TO_VM_PAGE(pa);
2529 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2531 /* Instantiate the remaining Ln_ENTRIES - 1 pv entries. */
2532 PV_STAT(atomic_add_long(&pv_entry_allocs, Ln_ENTRIES - 1));
2533 va_last = va + L2_SIZE - PAGE_SIZE;
2535 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2536 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
2537 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
2538 for (field = 0; field < _NPCM; field++) {
2539 while (pc->pc_map[field]) {
2540 bit = ffsl(pc->pc_map[field]) - 1;
2541 pc->pc_map[field] &= ~(1ul << bit);
2542 pv = &pc->pc_pventry[field * 64 + bit];
2546 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2547 ("pmap_pv_demote_l2: page %p is not managed", m));
2548 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2554 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2555 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2558 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
2559 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2560 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2562 PV_STAT(atomic_add_long(&pv_entry_count, Ln_ENTRIES - 1));
2563 PV_STAT(atomic_subtract_int(&pv_entry_spare, Ln_ENTRIES - 1));
2567 * First find and then destroy the pv entry for the specified pmap and virtual
2568 * address. This operation can be performed on pv lists for either 4KB or 2MB
2572 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2576 pv = pmap_pvh_remove(pvh, pmap, va);
2577 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2578 free_pv_entry(pmap, pv);
2582 * Conditionally create the PV entry for a 4KB page mapping if the required
2583 * memory can be allocated without resorting to reclamation.
2586 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
2587 struct rwlock **lockp)
2591 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2592 /* Pass NULL instead of the lock pointer to disable reclamation. */
2593 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
2595 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2596 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2604 * Create the PV entry for a 2MB page mapping. Always returns true unless the
2605 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
2606 * false if the PV entry cannot be allocated without resorting to reclamation.
2609 pmap_pv_insert_l2(pmap_t pmap, vm_offset_t va, pd_entry_t l2e, u_int flags,
2610 struct rwlock **lockp)
2612 struct md_page *pvh;
2616 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2617 /* Pass NULL instead of the lock pointer to disable reclamation. */
2618 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
2619 NULL : lockp)) == NULL)
2622 pa = l2e & ~ATTR_MASK;
2623 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2624 pvh = pa_to_pvh(pa);
2625 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2631 pmap_remove_kernel_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
2633 pt_entry_t newl2, oldl2;
2637 KASSERT(!VIRT_IN_DMAP(va), ("removing direct mapping of %#lx", va));
2638 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
2639 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2641 ml3 = pmap_remove_pt_page(pmap, va);
2643 panic("pmap_remove_kernel_l2: Missing pt page");
2645 ml3pa = VM_PAGE_TO_PHYS(ml3);
2646 newl2 = ml3pa | L2_TABLE;
2649 * If this page table page was unmapped by a promotion, then it
2650 * contains valid mappings. Zero it to invalidate those mappings.
2652 if (ml3->valid != 0)
2653 pagezero((void *)PHYS_TO_DMAP(ml3pa));
2656 * Demote the mapping. The caller must have already invalidated the
2657 * mapping (i.e., the "break" in break-before-make).
2659 oldl2 = pmap_load_store(l2, newl2);
2660 KASSERT(oldl2 == 0, ("%s: found existing mapping at %p: %#lx",
2661 __func__, l2, oldl2));
2665 * pmap_remove_l2: Do the things to unmap a level 2 superpage.
2668 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2669 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2671 struct md_page *pvh;
2673 vm_offset_t eva, va;
2676 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2677 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2678 old_l2 = pmap_load_clear(l2);
2679 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
2680 ("pmap_remove_l2: L2e %lx is not a block mapping", old_l2));
2683 * Since a promotion must break the 4KB page mappings before making
2684 * the 2MB page mapping, a pmap_invalidate_page() suffices.
2686 pmap_invalidate_page(pmap, sva);
2688 if (old_l2 & ATTR_SW_WIRED)
2689 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2690 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2691 if (old_l2 & ATTR_SW_MANAGED) {
2692 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, old_l2 & ~ATTR_MASK);
2693 pvh = pa_to_pvh(old_l2 & ~ATTR_MASK);
2694 pmap_pvh_free(pvh, pmap, sva);
2695 eva = sva + L2_SIZE;
2696 for (va = sva, m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
2697 va < eva; va += PAGE_SIZE, m++) {
2698 if (pmap_pte_dirty(pmap, old_l2))
2700 if (old_l2 & ATTR_AF)
2701 vm_page_aflag_set(m, PGA_REFERENCED);
2702 if (TAILQ_EMPTY(&m->md.pv_list) &&
2703 TAILQ_EMPTY(&pvh->pv_list))
2704 vm_page_aflag_clear(m, PGA_WRITEABLE);
2707 if (pmap == kernel_pmap) {
2708 pmap_remove_kernel_l2(pmap, l2, sva);
2710 ml3 = pmap_remove_pt_page(pmap, sva);
2712 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
2713 ("pmap_remove_l2: l3 page not promoted"));
2714 pmap_resident_count_dec(pmap, 1);
2715 KASSERT(ml3->ref_count == NL3PG,
2716 ("pmap_remove_l2: l3 page ref count error"));
2718 pmap_add_delayed_free_list(ml3, free, FALSE);
2721 return (pmap_unuse_pt(pmap, sva, l1e, free));
2725 * pmap_remove_l3: do the things to unmap a page in a process
2728 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2729 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2731 struct md_page *pvh;
2735 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2736 old_l3 = pmap_load_clear(l3);
2737 pmap_invalidate_page(pmap, va);
2738 if (old_l3 & ATTR_SW_WIRED)
2739 pmap->pm_stats.wired_count -= 1;
2740 pmap_resident_count_dec(pmap, 1);
2741 if (old_l3 & ATTR_SW_MANAGED) {
2742 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2743 if (pmap_pte_dirty(pmap, old_l3))
2745 if (old_l3 & ATTR_AF)
2746 vm_page_aflag_set(m, PGA_REFERENCED);
2747 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2748 pmap_pvh_free(&m->md, pmap, va);
2749 if (TAILQ_EMPTY(&m->md.pv_list) &&
2750 (m->flags & PG_FICTITIOUS) == 0) {
2751 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2752 if (TAILQ_EMPTY(&pvh->pv_list))
2753 vm_page_aflag_clear(m, PGA_WRITEABLE);
2756 return (pmap_unuse_pt(pmap, va, l2e, free));
2760 * Remove the specified range of addresses from the L3 page table that is
2761 * identified by the given L2 entry.
2764 pmap_remove_l3_range(pmap_t pmap, pd_entry_t l2e, vm_offset_t sva,
2765 vm_offset_t eva, struct spglist *free, struct rwlock **lockp)
2767 struct md_page *pvh;
2768 struct rwlock *new_lock;
2769 pt_entry_t *l3, old_l3;
2773 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2774 KASSERT(rounddown2(sva, L2_SIZE) + L2_SIZE == roundup2(eva, L2_SIZE),
2775 ("pmap_remove_l3_range: range crosses an L3 page table boundary"));
2776 l3pg = sva < VM_MAXUSER_ADDRESS ? PHYS_TO_VM_PAGE(l2e & ~ATTR_MASK) :
2779 for (l3 = pmap_l2_to_l3(&l2e, sva); sva != eva; l3++, sva += L3_SIZE) {
2780 if (!pmap_l3_valid(pmap_load(l3))) {
2782 pmap_invalidate_range(pmap, va, sva);
2787 old_l3 = pmap_load_clear(l3);
2788 if ((old_l3 & ATTR_SW_WIRED) != 0)
2789 pmap->pm_stats.wired_count--;
2790 pmap_resident_count_dec(pmap, 1);
2791 if ((old_l3 & ATTR_SW_MANAGED) != 0) {
2792 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2793 if (pmap_pte_dirty(pmap, old_l3))
2795 if ((old_l3 & ATTR_AF) != 0)
2796 vm_page_aflag_set(m, PGA_REFERENCED);
2797 new_lock = PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m));
2798 if (new_lock != *lockp) {
2799 if (*lockp != NULL) {
2801 * Pending TLB invalidations must be
2802 * performed before the PV list lock is
2803 * released. Otherwise, a concurrent
2804 * pmap_remove_all() on a physical page
2805 * could return while a stale TLB entry
2806 * still provides access to that page.
2809 pmap_invalidate_range(pmap, va,
2818 pmap_pvh_free(&m->md, pmap, sva);
2819 if (TAILQ_EMPTY(&m->md.pv_list) &&
2820 (m->flags & PG_FICTITIOUS) == 0) {
2821 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2822 if (TAILQ_EMPTY(&pvh->pv_list))
2823 vm_page_aflag_clear(m, PGA_WRITEABLE);
2828 if (l3pg != NULL && pmap_unwire_l3(pmap, sva, l3pg, free)) {
2834 pmap_invalidate_range(pmap, va, sva);
2838 * Remove the given range of addresses from the specified map.
2840 * It is assumed that the start and end are properly
2841 * rounded to the page size.
2844 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2846 struct rwlock *lock;
2847 vm_offset_t va_next;
2848 pd_entry_t *l0, *l1, *l2;
2849 pt_entry_t l3_paddr;
2850 struct spglist free;
2853 * Perform an unsynchronized read. This is, however, safe.
2855 if (pmap->pm_stats.resident_count == 0)
2863 for (; sva < eva; sva = va_next) {
2865 if (pmap->pm_stats.resident_count == 0)
2868 l0 = pmap_l0(pmap, sva);
2869 if (pmap_load(l0) == 0) {
2870 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2876 l1 = pmap_l0_to_l1(l0, sva);
2877 if (pmap_load(l1) == 0) {
2878 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2885 * Calculate index for next page table.
2887 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2891 l2 = pmap_l1_to_l2(l1, sva);
2895 l3_paddr = pmap_load(l2);
2897 if ((l3_paddr & ATTR_DESCR_MASK) == L2_BLOCK) {
2898 if (sva + L2_SIZE == va_next && eva >= va_next) {
2899 pmap_remove_l2(pmap, l2, sva, pmap_load(l1),
2902 } else if (pmap_demote_l2_locked(pmap, l2, sva,
2905 l3_paddr = pmap_load(l2);
2909 * Weed out invalid mappings.
2911 if ((l3_paddr & ATTR_DESCR_MASK) != L2_TABLE)
2915 * Limit our scan to either the end of the va represented
2916 * by the current page table page, or to the end of the
2917 * range being removed.
2922 pmap_remove_l3_range(pmap, l3_paddr, sva, va_next, &free,
2928 vm_page_free_pages_toq(&free, true);
2932 * Routine: pmap_remove_all
2934 * Removes this physical page from
2935 * all physical maps in which it resides.
2936 * Reflects back modify bits to the pager.
2939 * Original versions of this routine were very
2940 * inefficient because they iteratively called
2941 * pmap_remove (slow...)
2945 pmap_remove_all(vm_page_t m)
2947 struct md_page *pvh;
2950 struct rwlock *lock;
2951 pd_entry_t *pde, tpde;
2952 pt_entry_t *pte, tpte;
2954 struct spglist free;
2955 int lvl, pvh_gen, md_gen;
2957 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2958 ("pmap_remove_all: page %p is not managed", m));
2960 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
2961 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2962 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2965 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2967 if (!PMAP_TRYLOCK(pmap)) {
2968 pvh_gen = pvh->pv_gen;
2972 if (pvh_gen != pvh->pv_gen) {
2979 pte = pmap_pte(pmap, va, &lvl);
2980 KASSERT(pte != NULL,
2981 ("pmap_remove_all: no page table entry found"));
2983 ("pmap_remove_all: invalid pte level %d", lvl));
2985 pmap_demote_l2_locked(pmap, pte, va, &lock);
2988 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2990 PMAP_ASSERT_STAGE1(pmap);
2991 if (!PMAP_TRYLOCK(pmap)) {
2992 pvh_gen = pvh->pv_gen;
2993 md_gen = m->md.pv_gen;
2997 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3003 pmap_resident_count_dec(pmap, 1);
3005 pde = pmap_pde(pmap, pv->pv_va, &lvl);
3006 KASSERT(pde != NULL,
3007 ("pmap_remove_all: no page directory entry found"));
3009 ("pmap_remove_all: invalid pde level %d", lvl));
3010 tpde = pmap_load(pde);
3012 pte = pmap_l2_to_l3(pde, pv->pv_va);
3013 tpte = pmap_load_clear(pte);
3014 if (tpte & ATTR_SW_WIRED)
3015 pmap->pm_stats.wired_count--;
3016 if ((tpte & ATTR_AF) != 0) {
3017 pmap_invalidate_page(pmap, pv->pv_va);
3018 vm_page_aflag_set(m, PGA_REFERENCED);
3022 * Update the vm_page_t clean and reference bits.
3024 if (pmap_pte_dirty(pmap, tpte))
3026 pmap_unuse_pt(pmap, pv->pv_va, tpde, &free);
3027 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3029 free_pv_entry(pmap, pv);
3032 vm_page_aflag_clear(m, PGA_WRITEABLE);
3034 vm_page_free_pages_toq(&free, true);
3038 * pmap_protect_l2: do the things to protect a 2MB page in a pmap
3041 pmap_protect_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva, pt_entry_t mask,
3047 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3048 PMAP_ASSERT_STAGE1(pmap);
3049 KASSERT((sva & L2_OFFSET) == 0,
3050 ("pmap_protect_l2: sva is not 2mpage aligned"));
3051 old_l2 = pmap_load(l2);
3052 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
3053 ("pmap_protect_l2: L2e %lx is not a block mapping", old_l2));
3056 * Return if the L2 entry already has the desired access restrictions
3060 if ((old_l2 & mask) == nbits)
3064 * When a dirty read/write superpage mapping is write protected,
3065 * update the dirty field of each of the superpage's constituent 4KB
3068 if ((old_l2 & ATTR_SW_MANAGED) != 0 &&
3069 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3070 pmap_pte_dirty(pmap, old_l2)) {
3071 m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
3072 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3076 if (!atomic_fcmpset_64(l2, &old_l2, (old_l2 & ~mask) | nbits))
3080 * Since a promotion must break the 4KB page mappings before making
3081 * the 2MB page mapping, a pmap_invalidate_page() suffices.
3083 pmap_invalidate_page(pmap, sva);
3087 * Set the physical protection on the
3088 * specified range of this map as requested.
3091 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3093 vm_offset_t va, va_next;
3094 pd_entry_t *l0, *l1, *l2;
3095 pt_entry_t *l3p, l3, mask, nbits;
3097 PMAP_ASSERT_STAGE1(pmap);
3098 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
3099 if (prot == VM_PROT_NONE) {
3100 pmap_remove(pmap, sva, eva);
3105 if ((prot & VM_PROT_WRITE) == 0) {
3106 mask |= ATTR_S1_AP_RW_BIT | ATTR_SW_DBM;
3107 nbits |= ATTR_S1_AP(ATTR_S1_AP_RO);
3109 if ((prot & VM_PROT_EXECUTE) == 0) {
3111 nbits |= ATTR_S1_XN;
3117 for (; sva < eva; sva = va_next) {
3119 l0 = pmap_l0(pmap, sva);
3120 if (pmap_load(l0) == 0) {
3121 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3127 l1 = pmap_l0_to_l1(l0, sva);
3128 if (pmap_load(l1) == 0) {
3129 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3135 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3139 l2 = pmap_l1_to_l2(l1, sva);
3140 if (pmap_load(l2) == 0)
3143 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
3144 if (sva + L2_SIZE == va_next && eva >= va_next) {
3145 pmap_protect_l2(pmap, l2, sva, mask, nbits);
3147 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
3150 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
3151 ("pmap_protect: Invalid L2 entry after demotion"));
3157 for (l3p = pmap_l2_to_l3(l2, sva); sva != va_next; l3p++,
3159 l3 = pmap_load(l3p);
3162 * Go to the next L3 entry if the current one is
3163 * invalid or already has the desired access
3164 * restrictions in place. (The latter case occurs
3165 * frequently. For example, in a "buildworld"
3166 * workload, almost 1 out of 4 L3 entries already
3167 * have the desired restrictions.)
3169 if (!pmap_l3_valid(l3) || (l3 & mask) == nbits) {
3170 if (va != va_next) {
3171 pmap_invalidate_range(pmap, va, sva);
3178 * When a dirty read/write mapping is write protected,
3179 * update the page's dirty field.
3181 if ((l3 & ATTR_SW_MANAGED) != 0 &&
3182 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3183 pmap_pte_dirty(pmap, l3))
3184 vm_page_dirty(PHYS_TO_VM_PAGE(l3 & ~ATTR_MASK));
3186 if (!atomic_fcmpset_64(l3p, &l3, (l3 & ~mask) | nbits))
3192 pmap_invalidate_range(pmap, va, sva);
3198 * Inserts the specified page table page into the specified pmap's collection
3199 * of idle page table pages. Each of a pmap's page table pages is responsible
3200 * for mapping a distinct range of virtual addresses. The pmap's collection is
3201 * ordered by this virtual address range.
3203 * If "promoted" is false, then the page table page "mpte" must be zero filled.
3206 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte, bool promoted)
3209 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3210 mpte->valid = promoted ? VM_PAGE_BITS_ALL : 0;
3211 return (vm_radix_insert(&pmap->pm_root, mpte));
3215 * Removes the page table page mapping the specified virtual address from the
3216 * specified pmap's collection of idle page table pages, and returns it.
3217 * Otherwise, returns NULL if there is no page table page corresponding to the
3218 * specified virtual address.
3220 static __inline vm_page_t
3221 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
3224 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3225 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
3229 * Performs a break-before-make update of a pmap entry. This is needed when
3230 * either promoting or demoting pages to ensure the TLB doesn't get into an
3231 * inconsistent state.
3234 pmap_update_entry(pmap_t pmap, pd_entry_t *pte, pd_entry_t newpte,
3235 vm_offset_t va, vm_size_t size)
3239 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3242 * Ensure we don't get switched out with the page table in an
3243 * inconsistent state. We also need to ensure no interrupts fire
3244 * as they may make use of an address we are about to invalidate.
3246 intr = intr_disable();
3249 * Clear the old mapping's valid bit, but leave the rest of the entry
3250 * unchanged, so that a lockless, concurrent pmap_kextract() can still
3251 * lookup the physical address.
3253 pmap_clear_bits(pte, ATTR_DESCR_VALID);
3254 pmap_invalidate_range(pmap, va, va + size);
3256 /* Create the new mapping */
3257 pmap_store(pte, newpte);
3263 #if VM_NRESERVLEVEL > 0
3265 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
3266 * replace the many pv entries for the 4KB page mappings by a single pv entry
3267 * for the 2MB page mapping.
3270 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
3271 struct rwlock **lockp)
3273 struct md_page *pvh;
3275 vm_offset_t va_last;
3278 KASSERT((pa & L2_OFFSET) == 0,
3279 ("pmap_pv_promote_l2: pa is not 2mpage aligned"));
3280 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
3283 * Transfer the first page's pv entry for this mapping to the 2mpage's
3284 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
3285 * a transfer avoids the possibility that get_pv_entry() calls
3286 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
3287 * mappings that is being promoted.
3289 m = PHYS_TO_VM_PAGE(pa);
3290 va = va & ~L2_OFFSET;
3291 pv = pmap_pvh_remove(&m->md, pmap, va);
3292 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv not found"));
3293 pvh = pa_to_pvh(pa);
3294 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
3296 /* Free the remaining NPTEPG - 1 pv entries. */
3297 va_last = va + L2_SIZE - PAGE_SIZE;
3301 pmap_pvh_free(&m->md, pmap, va);
3302 } while (va < va_last);
3306 * Tries to promote the 512, contiguous 4KB page mappings that are within a
3307 * single level 2 table entry to a single 2MB page mapping. For promotion
3308 * to occur, two conditions must be met: (1) the 4KB page mappings must map
3309 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
3310 * identical characteristics.
3313 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
3314 struct rwlock **lockp)
3316 pt_entry_t *firstl3, *l3, newl2, oldl3, pa;
3320 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3321 PMAP_ASSERT_STAGE1(pmap);
3323 sva = va & ~L2_OFFSET;
3324 firstl3 = pmap_l2_to_l3(l2, sva);
3325 newl2 = pmap_load(firstl3);
3328 if (((newl2 & (~ATTR_MASK | ATTR_AF)) & L2_OFFSET) != ATTR_AF) {
3329 atomic_add_long(&pmap_l2_p_failures, 1);
3330 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3331 " in pmap %p", va, pmap);
3335 if ((newl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3336 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3337 if (!atomic_fcmpset_64(l2, &newl2, newl2 & ~ATTR_SW_DBM))
3339 newl2 &= ~ATTR_SW_DBM;
3342 pa = newl2 + L2_SIZE - PAGE_SIZE;
3343 for (l3 = firstl3 + NL3PG - 1; l3 > firstl3; l3--) {
3344 oldl3 = pmap_load(l3);
3346 if ((oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3347 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3348 if (!atomic_fcmpset_64(l3, &oldl3, oldl3 &
3351 oldl3 &= ~ATTR_SW_DBM;
3354 atomic_add_long(&pmap_l2_p_failures, 1);
3355 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3356 " in pmap %p", va, pmap);
3363 * Save the page table page in its current state until the L2
3364 * mapping the superpage is demoted by pmap_demote_l2() or
3365 * destroyed by pmap_remove_l3().
3367 mpte = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
3368 KASSERT(mpte >= vm_page_array &&
3369 mpte < &vm_page_array[vm_page_array_size],
3370 ("pmap_promote_l2: page table page is out of range"));
3371 KASSERT(mpte->pindex == pmap_l2_pindex(va),
3372 ("pmap_promote_l2: page table page's pindex is wrong"));
3373 if (pmap_insert_pt_page(pmap, mpte, true)) {
3374 atomic_add_long(&pmap_l2_p_failures, 1);
3376 "pmap_promote_l2: failure for va %#lx in pmap %p", va,
3381 if ((newl2 & ATTR_SW_MANAGED) != 0)
3382 pmap_pv_promote_l2(pmap, va, newl2 & ~ATTR_MASK, lockp);
3384 newl2 &= ~ATTR_DESCR_MASK;
3387 pmap_update_entry(pmap, l2, newl2, sva, L2_SIZE);
3389 atomic_add_long(&pmap_l2_promotions, 1);
3390 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
3393 #endif /* VM_NRESERVLEVEL > 0 */
3396 * Insert the given physical page (p) at
3397 * the specified virtual address (v) in the
3398 * target physical map with the protection requested.
3400 * If specified, the page will be wired down, meaning
3401 * that the related pte can not be reclaimed.
3403 * NB: This is the only routine which MAY NOT lazy-evaluate
3404 * or lose information. That is, this routine must actually
3405 * insert this page into the given map NOW.
3408 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3409 u_int flags, int8_t psind)
3411 struct rwlock *lock;
3413 pt_entry_t new_l3, orig_l3;
3414 pt_entry_t *l2, *l3;
3421 va = trunc_page(va);
3422 if ((m->oflags & VPO_UNMANAGED) == 0)
3423 VM_PAGE_OBJECT_BUSY_ASSERT(m);
3424 pa = VM_PAGE_TO_PHYS(m);
3425 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT | L3_PAGE);
3426 new_l3 |= pmap_pte_memattr(pmap, m->md.pv_memattr);
3427 new_l3 |= pmap_pte_prot(pmap, prot);
3429 if ((flags & PMAP_ENTER_WIRED) != 0)
3430 new_l3 |= ATTR_SW_WIRED;
3431 if (pmap->pm_stage == PM_STAGE1) {
3432 if (va < VM_MAXUSER_ADDRESS)
3433 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
3435 new_l3 |= ATTR_S1_UXN;
3436 if (pmap != kernel_pmap)
3437 new_l3 |= ATTR_S1_nG;
3440 * Clear the access flag on executable mappings, this will be
3441 * set later when the page is accessed. The fault handler is
3442 * required to invalidate the I-cache.
3444 * TODO: Switch to the valid flag to allow hardware management
3445 * of the access flag. Much of the pmap code assumes the
3446 * valid flag is set and fails to destroy the old page tables
3447 * correctly if it is clear.
3449 if (prot & VM_PROT_EXECUTE)
3452 if ((m->oflags & VPO_UNMANAGED) == 0) {
3453 new_l3 |= ATTR_SW_MANAGED;
3454 if ((prot & VM_PROT_WRITE) != 0) {
3455 new_l3 |= ATTR_SW_DBM;
3456 if ((flags & VM_PROT_WRITE) == 0) {
3457 PMAP_ASSERT_STAGE1(pmap);
3458 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_RO);
3463 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
3468 /* Assert the required virtual and physical alignment. */
3469 KASSERT((va & L2_OFFSET) == 0, ("pmap_enter: va unaligned"));
3470 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
3471 rv = pmap_enter_l2(pmap, va, (new_l3 & ~L3_PAGE) | L2_BLOCK,
3478 * In the case that a page table page is not
3479 * resident, we are creating it here.
3482 pde = pmap_pde(pmap, va, &lvl);
3483 if (pde != NULL && lvl == 2) {
3484 l3 = pmap_l2_to_l3(pde, va);
3485 if (va < VM_MAXUSER_ADDRESS && mpte == NULL) {
3486 mpte = PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3490 } else if (pde != NULL && lvl == 1) {
3491 l2 = pmap_l1_to_l2(pde, va);
3492 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK &&
3493 (l3 = pmap_demote_l2_locked(pmap, l2, va, &lock)) != NULL) {
3494 l3 = &l3[pmap_l3_index(va)];
3495 if (va < VM_MAXUSER_ADDRESS) {
3496 mpte = PHYS_TO_VM_PAGE(
3497 pmap_load(l2) & ~ATTR_MASK);
3502 /* We need to allocate an L3 table. */
3504 if (va < VM_MAXUSER_ADDRESS) {
3505 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
3508 * We use _pmap_alloc_l3() instead of pmap_alloc_l3() in order
3509 * to handle the possibility that a superpage mapping for "va"
3510 * was created while we slept.
3512 mpte = _pmap_alloc_l3(pmap, pmap_l2_pindex(va),
3513 nosleep ? NULL : &lock);
3514 if (mpte == NULL && nosleep) {
3515 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
3516 rv = KERN_RESOURCE_SHORTAGE;
3521 panic("pmap_enter: missing L3 table for kernel va %#lx", va);
3524 orig_l3 = pmap_load(l3);
3525 opa = orig_l3 & ~ATTR_MASK;
3529 * Is the specified virtual address already mapped?
3531 if (pmap_l3_valid(orig_l3)) {
3533 * Only allow adding new entries on stage 2 tables for now.
3534 * This simplifies cache invalidation as we may need to call
3535 * into EL2 to perform such actions.
3537 PMAP_ASSERT_STAGE1(pmap);
3539 * Wiring change, just update stats. We don't worry about
3540 * wiring PT pages as they remain resident as long as there
3541 * are valid mappings in them. Hence, if a user page is wired,
3542 * the PT page will be also.
3544 if ((flags & PMAP_ENTER_WIRED) != 0 &&
3545 (orig_l3 & ATTR_SW_WIRED) == 0)
3546 pmap->pm_stats.wired_count++;
3547 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
3548 (orig_l3 & ATTR_SW_WIRED) != 0)
3549 pmap->pm_stats.wired_count--;
3552 * Remove the extra PT page reference.
3556 KASSERT(mpte->ref_count > 0,
3557 ("pmap_enter: missing reference to page table page,"
3562 * Has the physical page changed?
3566 * No, might be a protection or wiring change.
3568 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
3569 (new_l3 & ATTR_SW_DBM) != 0)
3570 vm_page_aflag_set(m, PGA_WRITEABLE);
3575 * The physical page has changed. Temporarily invalidate
3578 orig_l3 = pmap_load_clear(l3);
3579 KASSERT((orig_l3 & ~ATTR_MASK) == opa,
3580 ("pmap_enter: unexpected pa update for %#lx", va));
3581 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
3582 om = PHYS_TO_VM_PAGE(opa);
3585 * The pmap lock is sufficient to synchronize with
3586 * concurrent calls to pmap_page_test_mappings() and
3587 * pmap_ts_referenced().
3589 if (pmap_pte_dirty(pmap, orig_l3))
3591 if ((orig_l3 & ATTR_AF) != 0) {
3592 pmap_invalidate_page(pmap, va);
3593 vm_page_aflag_set(om, PGA_REFERENCED);
3595 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
3596 pv = pmap_pvh_remove(&om->md, pmap, va);
3597 if ((m->oflags & VPO_UNMANAGED) != 0)
3598 free_pv_entry(pmap, pv);
3599 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
3600 TAILQ_EMPTY(&om->md.pv_list) &&
3601 ((om->flags & PG_FICTITIOUS) != 0 ||
3602 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3603 vm_page_aflag_clear(om, PGA_WRITEABLE);
3605 KASSERT((orig_l3 & ATTR_AF) != 0,
3606 ("pmap_enter: unmanaged mapping lacks ATTR_AF"));
3607 pmap_invalidate_page(pmap, va);
3612 * Increment the counters.
3614 if ((new_l3 & ATTR_SW_WIRED) != 0)
3615 pmap->pm_stats.wired_count++;
3616 pmap_resident_count_inc(pmap, 1);
3619 * Enter on the PV list if part of our managed memory.
3621 if ((m->oflags & VPO_UNMANAGED) == 0) {
3623 pv = get_pv_entry(pmap, &lock);
3626 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
3627 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3629 if ((new_l3 & ATTR_SW_DBM) != 0)
3630 vm_page_aflag_set(m, PGA_WRITEABLE);
3634 if (pmap->pm_stage == PM_STAGE1) {
3636 * Sync icache if exec permission and attribute
3637 * VM_MEMATTR_WRITE_BACK is set. Do it now, before the mapping
3638 * is stored and made valid for hardware table walk. If done
3639 * later, then other can access this page before caches are
3640 * properly synced. Don't do it for kernel memory which is
3641 * mapped with exec permission even if the memory isn't going
3642 * to hold executable code. The only time when icache sync is
3643 * needed is after kernel module is loaded and the relocation
3644 * info is processed. And it's done in elf_cpu_load_file().
3646 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
3647 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK &&
3648 (opa != pa || (orig_l3 & ATTR_S1_XN))) {
3649 PMAP_ASSERT_STAGE1(pmap);
3650 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3653 cpu_dcache_wb_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3657 * Update the L3 entry
3659 if (pmap_l3_valid(orig_l3)) {
3660 PMAP_ASSERT_STAGE1(pmap);
3661 KASSERT(opa == pa, ("pmap_enter: invalid update"));
3662 if ((orig_l3 & ~ATTR_AF) != (new_l3 & ~ATTR_AF)) {
3663 /* same PA, different attributes */
3664 orig_l3 = pmap_load_store(l3, new_l3);
3665 pmap_invalidate_page(pmap, va);
3666 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
3667 pmap_pte_dirty(pmap, orig_l3))
3672 * This can happens if multiple threads simultaneously
3673 * access not yet mapped page. This bad for performance
3674 * since this can cause full demotion-NOP-promotion
3676 * Another possible reasons are:
3677 * - VM and pmap memory layout are diverged
3678 * - tlb flush is missing somewhere and CPU doesn't see
3681 CTR4(KTR_PMAP, "%s: already mapped page - "
3682 "pmap %p va 0x%#lx pte 0x%lx",
3683 __func__, pmap, va, new_l3);
3687 pmap_store(l3, new_l3);
3691 #if VM_NRESERVLEVEL > 0
3693 * Try to promote from level 3 pages to a level 2 superpage. This
3694 * currently only works on stage 1 pmaps as pmap_promote_l2 looks at
3695 * stage 1 specific fields and performs a break-before-make sequence
3696 * that is incorrect a stage 2 pmap.
3698 if ((mpte == NULL || mpte->ref_count == NL3PG) &&
3699 pmap_ps_enabled(pmap) && pmap->pm_stage == PM_STAGE1 &&
3700 (m->flags & PG_FICTITIOUS) == 0 &&
3701 vm_reserv_level_iffullpop(m) == 0) {
3702 pmap_promote_l2(pmap, pde, va, &lock);
3715 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
3716 * if successful. Returns false if (1) a page table page cannot be allocated
3717 * without sleeping, (2) a mapping already exists at the specified virtual
3718 * address, or (3) a PV entry cannot be allocated without reclaiming another
3722 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3723 struct rwlock **lockp)
3727 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3728 PMAP_ASSERT_STAGE1(pmap);
3730 new_l2 = (pd_entry_t)(VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
3731 ATTR_S1_IDX(m->md.pv_memattr) | ATTR_S1_AP(ATTR_S1_AP_RO) |
3733 if ((m->oflags & VPO_UNMANAGED) == 0) {
3734 new_l2 |= ATTR_SW_MANAGED;
3737 if ((prot & VM_PROT_EXECUTE) == 0 ||
3738 m->md.pv_memattr == VM_MEMATTR_DEVICE)
3739 new_l2 |= ATTR_S1_XN;
3740 if (va < VM_MAXUSER_ADDRESS)
3741 new_l2 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
3743 new_l2 |= ATTR_S1_UXN;
3744 if (pmap != kernel_pmap)
3745 new_l2 |= ATTR_S1_nG;
3746 return (pmap_enter_l2(pmap, va, new_l2, PMAP_ENTER_NOSLEEP |
3747 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
3752 * Returns true if every page table entry in the specified page table is
3756 pmap_every_pte_zero(vm_paddr_t pa)
3758 pt_entry_t *pt_end, *pte;
3760 KASSERT((pa & PAGE_MASK) == 0, ("pa is misaligned"));
3761 pte = (pt_entry_t *)PHYS_TO_DMAP(pa);
3762 for (pt_end = pte + Ln_ENTRIES; pte < pt_end; pte++) {
3770 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
3771 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
3772 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
3773 * a mapping already exists at the specified virtual address. Returns
3774 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
3775 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
3776 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
3778 * The parameter "m" is only used when creating a managed, writeable mapping.
3781 pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2, u_int flags,
3782 vm_page_t m, struct rwlock **lockp)
3784 struct spglist free;
3785 pd_entry_t *l2, old_l2;
3788 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3790 if ((l2 = pmap_alloc_l2(pmap, va, &l2pg, (flags &
3791 PMAP_ENTER_NOSLEEP) != 0 ? NULL : lockp)) == NULL) {
3792 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx in pmap %p",
3794 return (KERN_RESOURCE_SHORTAGE);
3798 * If there are existing mappings, either abort or remove them.
3800 if ((old_l2 = pmap_load(l2)) != 0) {
3801 KASSERT(l2pg == NULL || l2pg->ref_count > 1,
3802 ("pmap_enter_l2: l2pg's ref count is too low"));
3803 if ((flags & PMAP_ENTER_NOREPLACE) != 0 && (va <
3804 VM_MAXUSER_ADDRESS || (old_l2 & ATTR_DESCR_MASK) ==
3805 L2_BLOCK || !pmap_every_pte_zero(old_l2 & ~ATTR_MASK))) {
3808 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx"
3809 " in pmap %p", va, pmap);
3810 return (KERN_FAILURE);
3813 if ((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK)
3814 (void)pmap_remove_l2(pmap, l2, va,
3815 pmap_load(pmap_l1(pmap, va)), &free, lockp);
3817 pmap_remove_l3_range(pmap, old_l2, va, va + L2_SIZE,
3819 if (va < VM_MAXUSER_ADDRESS) {
3820 vm_page_free_pages_toq(&free, true);
3821 KASSERT(pmap_load(l2) == 0,
3822 ("pmap_enter_l2: non-zero L2 entry %p", l2));
3824 KASSERT(SLIST_EMPTY(&free),
3825 ("pmap_enter_l2: freed kernel page table page"));
3828 * Both pmap_remove_l2() and pmap_remove_l3_range()
3829 * will leave the kernel page table page zero filled.
3830 * Nonetheless, the TLB could have an intermediate
3831 * entry for the kernel page table page.
3833 mt = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
3834 if (pmap_insert_pt_page(pmap, mt, false))
3835 panic("pmap_enter_l2: trie insert failed");
3837 pmap_invalidate_page(pmap, va);
3841 if ((new_l2 & ATTR_SW_MANAGED) != 0) {
3843 * Abort this mapping if its PV entry could not be created.
3845 if (!pmap_pv_insert_l2(pmap, va, new_l2, flags, lockp)) {
3847 pmap_abort_ptp(pmap, va, l2pg);
3849 "pmap_enter_l2: failure for va %#lx in pmap %p",
3851 return (KERN_RESOURCE_SHORTAGE);
3853 if ((new_l2 & ATTR_SW_DBM) != 0)
3854 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3855 vm_page_aflag_set(mt, PGA_WRITEABLE);
3859 * Increment counters.
3861 if ((new_l2 & ATTR_SW_WIRED) != 0)
3862 pmap->pm_stats.wired_count += L2_SIZE / PAGE_SIZE;
3863 pmap->pm_stats.resident_count += L2_SIZE / PAGE_SIZE;
3866 * Map the superpage.
3868 pmap_store(l2, new_l2);
3871 atomic_add_long(&pmap_l2_mappings, 1);
3872 CTR2(KTR_PMAP, "pmap_enter_l2: success for va %#lx in pmap %p",
3875 return (KERN_SUCCESS);
3879 * Maps a sequence of resident pages belonging to the same object.
3880 * The sequence begins with the given page m_start. This page is
3881 * mapped at the given virtual address start. Each subsequent page is
3882 * mapped at a virtual address that is offset from start by the same
3883 * amount as the page is offset from m_start within the object. The
3884 * last page in the sequence is the page with the largest offset from
3885 * m_start that can be mapped at a virtual address less than the given
3886 * virtual address end. Not every virtual page between start and end
3887 * is mapped; only those for which a resident page exists with the
3888 * corresponding offset from m_start are mapped.
3891 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3892 vm_page_t m_start, vm_prot_t prot)
3894 struct rwlock *lock;
3897 vm_pindex_t diff, psize;
3899 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3901 psize = atop(end - start);
3906 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3907 va = start + ptoa(diff);
3908 if ((va & L2_OFFSET) == 0 && va + L2_SIZE <= end &&
3909 m->psind == 1 && pmap_ps_enabled(pmap) &&
3910 pmap_enter_2mpage(pmap, va, m, prot, &lock))
3911 m = &m[L2_SIZE / PAGE_SIZE - 1];
3913 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte,
3915 m = TAILQ_NEXT(m, listq);
3923 * this code makes some *MAJOR* assumptions:
3924 * 1. Current pmap & pmap exists.
3927 * 4. No page table pages.
3928 * but is *MUCH* faster than pmap_enter...
3932 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3934 struct rwlock *lock;
3938 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3945 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3946 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3949 pt_entry_t *l2, *l3, l3_val;
3953 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3954 (m->oflags & VPO_UNMANAGED) != 0,
3955 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3956 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3957 PMAP_ASSERT_STAGE1(pmap);
3959 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3961 * In the case that a page table page is not
3962 * resident, we are creating it here.
3964 if (va < VM_MAXUSER_ADDRESS) {
3965 vm_pindex_t l2pindex;
3968 * Calculate pagetable page index
3970 l2pindex = pmap_l2_pindex(va);
3971 if (mpte && (mpte->pindex == l2pindex)) {
3977 pde = pmap_pde(pmap, va, &lvl);
3980 * If the page table page is mapped, we just increment
3981 * the hold count, and activate it. Otherwise, we
3982 * attempt to allocate a page table page. If this
3983 * attempt fails, we don't retry. Instead, we give up.
3986 l2 = pmap_l1_to_l2(pde, va);
3987 if ((pmap_load(l2) & ATTR_DESCR_MASK) ==
3991 if (lvl == 2 && pmap_load(pde) != 0) {
3993 PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3997 * Pass NULL instead of the PV list lock
3998 * pointer, because we don't intend to sleep.
4000 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
4005 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
4006 l3 = &l3[pmap_l3_index(va)];
4009 pde = pmap_pde(kernel_pmap, va, &lvl);
4010 KASSERT(pde != NULL,
4011 ("pmap_enter_quick_locked: Invalid page entry, va: 0x%lx",
4014 ("pmap_enter_quick_locked: Invalid level %d", lvl));
4015 l3 = pmap_l2_to_l3(pde, va);
4019 * Abort if a mapping already exists.
4021 if (pmap_load(l3) != 0) {
4028 * Enter on the PV list if part of our managed memory.
4030 if ((m->oflags & VPO_UNMANAGED) == 0 &&
4031 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
4033 pmap_abort_ptp(pmap, va, mpte);
4038 * Increment counters
4040 pmap_resident_count_inc(pmap, 1);
4042 pa = VM_PAGE_TO_PHYS(m);
4043 l3_val = pa | ATTR_DEFAULT | ATTR_S1_IDX(m->md.pv_memattr) |
4044 ATTR_S1_AP(ATTR_S1_AP_RO) | L3_PAGE;
4045 if ((prot & VM_PROT_EXECUTE) == 0 ||
4046 m->md.pv_memattr == VM_MEMATTR_DEVICE)
4047 l3_val |= ATTR_S1_XN;
4048 if (va < VM_MAXUSER_ADDRESS)
4049 l3_val |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
4051 l3_val |= ATTR_S1_UXN;
4052 if (pmap != kernel_pmap)
4053 l3_val |= ATTR_S1_nG;
4056 * Now validate mapping with RO protection
4058 if ((m->oflags & VPO_UNMANAGED) == 0) {
4059 l3_val |= ATTR_SW_MANAGED;
4063 /* Sync icache before the mapping is stored to PTE */
4064 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
4065 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK)
4066 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
4068 pmap_store(l3, l3_val);
4075 * This code maps large physical mmap regions into the
4076 * processor address space. Note that some shortcuts
4077 * are taken, but the code works.
4080 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
4081 vm_pindex_t pindex, vm_size_t size)
4084 VM_OBJECT_ASSERT_WLOCKED(object);
4085 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
4086 ("pmap_object_init_pt: non-device object"));
4090 * Clear the wired attribute from the mappings for the specified range of
4091 * addresses in the given pmap. Every valid mapping within that range
4092 * must have the wired attribute set. In contrast, invalid mappings
4093 * cannot have the wired attribute set, so they are ignored.
4095 * The wired attribute of the page table entry is not a hardware feature,
4096 * so there is no need to invalidate any TLB entries.
4099 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4101 vm_offset_t va_next;
4102 pd_entry_t *l0, *l1, *l2;
4106 for (; sva < eva; sva = va_next) {
4107 l0 = pmap_l0(pmap, sva);
4108 if (pmap_load(l0) == 0) {
4109 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
4115 l1 = pmap_l0_to_l1(l0, sva);
4116 if (pmap_load(l1) == 0) {
4117 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
4123 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
4127 l2 = pmap_l1_to_l2(l1, sva);
4128 if (pmap_load(l2) == 0)
4131 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
4132 if ((pmap_load(l2) & ATTR_SW_WIRED) == 0)
4133 panic("pmap_unwire: l2 %#jx is missing "
4134 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l2));
4137 * Are we unwiring the entire large page? If not,
4138 * demote the mapping and fall through.
4140 if (sva + L2_SIZE == va_next && eva >= va_next) {
4141 pmap_clear_bits(l2, ATTR_SW_WIRED);
4142 pmap->pm_stats.wired_count -= L2_SIZE /
4145 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
4146 panic("pmap_unwire: demotion failed");
4148 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
4149 ("pmap_unwire: Invalid l2 entry after demotion"));
4153 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
4155 if (pmap_load(l3) == 0)
4157 if ((pmap_load(l3) & ATTR_SW_WIRED) == 0)
4158 panic("pmap_unwire: l3 %#jx is missing "
4159 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l3));
4162 * ATTR_SW_WIRED must be cleared atomically. Although
4163 * the pmap lock synchronizes access to ATTR_SW_WIRED,
4164 * the System MMU may write to the entry concurrently.
4166 pmap_clear_bits(l3, ATTR_SW_WIRED);
4167 pmap->pm_stats.wired_count--;
4174 * Copy the range specified by src_addr/len
4175 * from the source map to the range dst_addr/len
4176 * in the destination map.
4178 * This routine is only advisory and need not do anything.
4180 * Because the executable mappings created by this routine are copied,
4181 * it should not have to flush the instruction cache.
4184 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
4185 vm_offset_t src_addr)
4187 struct rwlock *lock;
4188 pd_entry_t *l0, *l1, *l2, srcptepaddr;
4189 pt_entry_t *dst_pte, mask, nbits, ptetemp, *src_pte;
4190 vm_offset_t addr, end_addr, va_next;
4191 vm_page_t dst_l2pg, dstmpte, srcmpte;
4193 PMAP_ASSERT_STAGE1(dst_pmap);
4194 PMAP_ASSERT_STAGE1(src_pmap);
4196 if (dst_addr != src_addr)
4198 end_addr = src_addr + len;
4200 if (dst_pmap < src_pmap) {
4201 PMAP_LOCK(dst_pmap);
4202 PMAP_LOCK(src_pmap);
4204 PMAP_LOCK(src_pmap);
4205 PMAP_LOCK(dst_pmap);
4207 for (addr = src_addr; addr < end_addr; addr = va_next) {
4208 l0 = pmap_l0(src_pmap, addr);
4209 if (pmap_load(l0) == 0) {
4210 va_next = (addr + L0_SIZE) & ~L0_OFFSET;
4215 l1 = pmap_l0_to_l1(l0, addr);
4216 if (pmap_load(l1) == 0) {
4217 va_next = (addr + L1_SIZE) & ~L1_OFFSET;
4222 va_next = (addr + L2_SIZE) & ~L2_OFFSET;
4225 l2 = pmap_l1_to_l2(l1, addr);
4226 srcptepaddr = pmap_load(l2);
4227 if (srcptepaddr == 0)
4229 if ((srcptepaddr & ATTR_DESCR_MASK) == L2_BLOCK) {
4230 if ((addr & L2_OFFSET) != 0 ||
4231 addr + L2_SIZE > end_addr)
4233 l2 = pmap_alloc_l2(dst_pmap, addr, &dst_l2pg, NULL);
4236 if (pmap_load(l2) == 0 &&
4237 ((srcptepaddr & ATTR_SW_MANAGED) == 0 ||
4238 pmap_pv_insert_l2(dst_pmap, addr, srcptepaddr,
4239 PMAP_ENTER_NORECLAIM, &lock))) {
4240 mask = ATTR_AF | ATTR_SW_WIRED;
4242 if ((srcptepaddr & ATTR_SW_DBM) != 0)
4243 nbits |= ATTR_S1_AP_RW_BIT;
4244 pmap_store(l2, (srcptepaddr & ~mask) | nbits);
4245 pmap_resident_count_inc(dst_pmap, L2_SIZE /
4247 atomic_add_long(&pmap_l2_mappings, 1);
4249 pmap_abort_ptp(dst_pmap, addr, dst_l2pg);
4252 KASSERT((srcptepaddr & ATTR_DESCR_MASK) == L2_TABLE,
4253 ("pmap_copy: invalid L2 entry"));
4254 srcptepaddr &= ~ATTR_MASK;
4255 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr);
4256 KASSERT(srcmpte->ref_count > 0,
4257 ("pmap_copy: source page table page is unused"));
4258 if (va_next > end_addr)
4260 src_pte = (pt_entry_t *)PHYS_TO_DMAP(srcptepaddr);
4261 src_pte = &src_pte[pmap_l3_index(addr)];
4263 for (; addr < va_next; addr += PAGE_SIZE, src_pte++) {
4264 ptetemp = pmap_load(src_pte);
4267 * We only virtual copy managed pages.
4269 if ((ptetemp & ATTR_SW_MANAGED) == 0)
4272 if (dstmpte != NULL) {
4273 KASSERT(dstmpte->pindex == pmap_l2_pindex(addr),
4274 ("dstmpte pindex/addr mismatch"));
4275 dstmpte->ref_count++;
4276 } else if ((dstmpte = pmap_alloc_l3(dst_pmap, addr,
4279 dst_pte = (pt_entry_t *)
4280 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
4281 dst_pte = &dst_pte[pmap_l3_index(addr)];
4282 if (pmap_load(dst_pte) == 0 &&
4283 pmap_try_insert_pv_entry(dst_pmap, addr,
4284 PHYS_TO_VM_PAGE(ptetemp & ~ATTR_MASK), &lock)) {
4286 * Clear the wired, modified, and accessed
4287 * (referenced) bits during the copy.
4289 mask = ATTR_AF | ATTR_SW_WIRED;
4291 if ((ptetemp & ATTR_SW_DBM) != 0)
4292 nbits |= ATTR_S1_AP_RW_BIT;
4293 pmap_store(dst_pte, (ptetemp & ~mask) | nbits);
4294 pmap_resident_count_inc(dst_pmap, 1);
4296 pmap_abort_ptp(dst_pmap, addr, dstmpte);
4299 /* Have we copied all of the valid mappings? */
4300 if (dstmpte->ref_count >= srcmpte->ref_count)
4306 * XXX This barrier may not be needed because the destination pmap is
4313 PMAP_UNLOCK(src_pmap);
4314 PMAP_UNLOCK(dst_pmap);
4318 * pmap_zero_page zeros the specified hardware page by mapping
4319 * the page into KVM and using bzero to clear its contents.
4322 pmap_zero_page(vm_page_t m)
4324 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4326 pagezero((void *)va);
4330 * pmap_zero_page_area zeros the specified hardware page by mapping
4331 * the page into KVM and using bzero to clear its contents.
4333 * off and size may not cover an area beyond a single hardware page.
4336 pmap_zero_page_area(vm_page_t m, int off, int size)
4338 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4340 if (off == 0 && size == PAGE_SIZE)
4341 pagezero((void *)va);
4343 bzero((char *)va + off, size);
4347 * pmap_copy_page copies the specified (machine independent)
4348 * page by mapping the page into virtual memory and using
4349 * bcopy to copy the page, one machine dependent page at a
4353 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
4355 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
4356 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
4358 pagecopy((void *)src, (void *)dst);
4361 int unmapped_buf_allowed = 1;
4364 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
4365 vm_offset_t b_offset, int xfersize)
4369 vm_paddr_t p_a, p_b;
4370 vm_offset_t a_pg_offset, b_pg_offset;
4373 while (xfersize > 0) {
4374 a_pg_offset = a_offset & PAGE_MASK;
4375 m_a = ma[a_offset >> PAGE_SHIFT];
4376 p_a = m_a->phys_addr;
4377 b_pg_offset = b_offset & PAGE_MASK;
4378 m_b = mb[b_offset >> PAGE_SHIFT];
4379 p_b = m_b->phys_addr;
4380 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
4381 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
4382 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
4383 panic("!DMAP a %lx", p_a);
4385 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
4387 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
4388 panic("!DMAP b %lx", p_b);
4390 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
4392 bcopy(a_cp, b_cp, cnt);
4400 pmap_quick_enter_page(vm_page_t m)
4403 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
4407 pmap_quick_remove_page(vm_offset_t addr)
4412 * Returns true if the pmap's pv is one of the first
4413 * 16 pvs linked to from this page. This count may
4414 * be changed upwards or downwards in the future; it
4415 * is only necessary that true be returned for a small
4416 * subset of pmaps for proper page aging.
4419 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4421 struct md_page *pvh;
4422 struct rwlock *lock;
4427 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4428 ("pmap_page_exists_quick: page %p is not managed", m));
4430 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4432 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4433 if (PV_PMAP(pv) == pmap) {
4441 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4442 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4443 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4444 if (PV_PMAP(pv) == pmap) {
4458 * pmap_page_wired_mappings:
4460 * Return the number of managed mappings to the given physical page
4464 pmap_page_wired_mappings(vm_page_t m)
4466 struct rwlock *lock;
4467 struct md_page *pvh;
4471 int count, lvl, md_gen, pvh_gen;
4473 if ((m->oflags & VPO_UNMANAGED) != 0)
4475 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4479 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4481 if (!PMAP_TRYLOCK(pmap)) {
4482 md_gen = m->md.pv_gen;
4486 if (md_gen != m->md.pv_gen) {
4491 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4492 if (pte != NULL && (pmap_load(pte) & ATTR_SW_WIRED) != 0)
4496 if ((m->flags & PG_FICTITIOUS) == 0) {
4497 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4498 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4500 if (!PMAP_TRYLOCK(pmap)) {
4501 md_gen = m->md.pv_gen;
4502 pvh_gen = pvh->pv_gen;
4506 if (md_gen != m->md.pv_gen ||
4507 pvh_gen != pvh->pv_gen) {
4512 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4514 (pmap_load(pte) & ATTR_SW_WIRED) != 0)
4524 * Returns true if the given page is mapped individually or as part of
4525 * a 2mpage. Otherwise, returns false.
4528 pmap_page_is_mapped(vm_page_t m)
4530 struct rwlock *lock;
4533 if ((m->oflags & VPO_UNMANAGED) != 0)
4535 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4537 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
4538 ((m->flags & PG_FICTITIOUS) == 0 &&
4539 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
4545 * Destroy all managed, non-wired mappings in the given user-space
4546 * pmap. This pmap cannot be active on any processor besides the
4549 * This function cannot be applied to the kernel pmap. Moreover, it
4550 * is not intended for general use. It is only to be used during
4551 * process termination. Consequently, it can be implemented in ways
4552 * that make it faster than pmap_remove(). First, it can more quickly
4553 * destroy mappings by iterating over the pmap's collection of PV
4554 * entries, rather than searching the page table. Second, it doesn't
4555 * have to test and clear the page table entries atomically, because
4556 * no processor is currently accessing the user address space. In
4557 * particular, a page table entry's dirty bit won't change state once
4558 * this function starts.
4561 pmap_remove_pages(pmap_t pmap)
4564 pt_entry_t *pte, tpte;
4565 struct spglist free;
4566 vm_page_t m, ml3, mt;
4568 struct md_page *pvh;
4569 struct pv_chunk *pc, *npc;
4570 struct rwlock *lock;
4572 uint64_t inuse, bitmask;
4573 int allfree, field, freed, idx, lvl;
4576 KASSERT(pmap == PCPU_GET(curpmap), ("non-current pmap %p", pmap));
4582 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
4585 for (field = 0; field < _NPCM; field++) {
4586 inuse = ~pc->pc_map[field] & pc_freemask[field];
4587 while (inuse != 0) {
4588 bit = ffsl(inuse) - 1;
4589 bitmask = 1UL << bit;
4590 idx = field * 64 + bit;
4591 pv = &pc->pc_pventry[idx];
4594 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4595 KASSERT(pde != NULL,
4596 ("Attempting to remove an unmapped page"));
4600 pte = pmap_l1_to_l2(pde, pv->pv_va);
4601 tpte = pmap_load(pte);
4602 KASSERT((tpte & ATTR_DESCR_MASK) ==
4604 ("Attempting to remove an invalid "
4605 "block: %lx", tpte));
4608 pte = pmap_l2_to_l3(pde, pv->pv_va);
4609 tpte = pmap_load(pte);
4610 KASSERT((tpte & ATTR_DESCR_MASK) ==
4612 ("Attempting to remove an invalid "
4613 "page: %lx", tpte));
4617 "Invalid page directory level: %d",
4622 * We cannot remove wired pages from a process' mapping at this time
4624 if (tpte & ATTR_SW_WIRED) {
4629 pa = tpte & ~ATTR_MASK;
4631 m = PHYS_TO_VM_PAGE(pa);
4632 KASSERT(m->phys_addr == pa,
4633 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
4634 m, (uintmax_t)m->phys_addr,
4637 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4638 m < &vm_page_array[vm_page_array_size],
4639 ("pmap_remove_pages: bad pte %#jx",
4643 * Because this pmap is not active on other
4644 * processors, the dirty bit cannot have
4645 * changed state since we last loaded pte.
4650 * Update the vm_page_t clean/reference bits.
4652 if (pmap_pte_dirty(pmap, tpte)) {
4655 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
4664 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
4667 pc->pc_map[field] |= bitmask;
4670 pmap_resident_count_dec(pmap,
4671 L2_SIZE / PAGE_SIZE);
4672 pvh = pa_to_pvh(tpte & ~ATTR_MASK);
4673 TAILQ_REMOVE(&pvh->pv_list, pv,pv_next);
4675 if (TAILQ_EMPTY(&pvh->pv_list)) {
4676 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
4677 if ((mt->a.flags & PGA_WRITEABLE) != 0 &&
4678 TAILQ_EMPTY(&mt->md.pv_list))
4679 vm_page_aflag_clear(mt, PGA_WRITEABLE);
4681 ml3 = pmap_remove_pt_page(pmap,
4684 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
4685 ("pmap_remove_pages: l3 page not promoted"));
4686 pmap_resident_count_dec(pmap,1);
4687 KASSERT(ml3->ref_count == NL3PG,
4688 ("pmap_remove_pages: l3 page ref count error"));
4690 pmap_add_delayed_free_list(ml3,
4695 pmap_resident_count_dec(pmap, 1);
4696 TAILQ_REMOVE(&m->md.pv_list, pv,
4699 if ((m->a.flags & PGA_WRITEABLE) != 0 &&
4700 TAILQ_EMPTY(&m->md.pv_list) &&
4701 (m->flags & PG_FICTITIOUS) == 0) {
4703 VM_PAGE_TO_PHYS(m));
4704 if (TAILQ_EMPTY(&pvh->pv_list))
4705 vm_page_aflag_clear(m,
4710 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(pde),
4715 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
4716 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
4717 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
4719 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4725 pmap_invalidate_all(pmap);
4727 vm_page_free_pages_toq(&free, true);
4731 * This is used to check if a page has been accessed or modified.
4734 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
4736 struct rwlock *lock;
4738 struct md_page *pvh;
4739 pt_entry_t *pte, mask, value;
4741 int lvl, md_gen, pvh_gen;
4745 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4748 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4750 PMAP_ASSERT_STAGE1(pmap);
4751 if (!PMAP_TRYLOCK(pmap)) {
4752 md_gen = m->md.pv_gen;
4756 if (md_gen != m->md.pv_gen) {
4761 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4763 ("pmap_page_test_mappings: Invalid level %d", lvl));
4767 mask |= ATTR_S1_AP_RW_BIT;
4768 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
4771 mask |= ATTR_AF | ATTR_DESCR_MASK;
4772 value |= ATTR_AF | L3_PAGE;
4774 rv = (pmap_load(pte) & mask) == value;
4779 if ((m->flags & PG_FICTITIOUS) == 0) {
4780 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4781 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4783 PMAP_ASSERT_STAGE1(pmap);
4784 if (!PMAP_TRYLOCK(pmap)) {
4785 md_gen = m->md.pv_gen;
4786 pvh_gen = pvh->pv_gen;
4790 if (md_gen != m->md.pv_gen ||
4791 pvh_gen != pvh->pv_gen) {
4796 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4798 ("pmap_page_test_mappings: Invalid level %d", lvl));
4802 mask |= ATTR_S1_AP_RW_BIT;
4803 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
4806 mask |= ATTR_AF | ATTR_DESCR_MASK;
4807 value |= ATTR_AF | L2_BLOCK;
4809 rv = (pmap_load(pte) & mask) == value;
4823 * Return whether or not the specified physical page was modified
4824 * in any physical maps.
4827 pmap_is_modified(vm_page_t m)
4830 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4831 ("pmap_is_modified: page %p is not managed", m));
4834 * If the page is not busied then this check is racy.
4836 if (!pmap_page_is_write_mapped(m))
4838 return (pmap_page_test_mappings(m, FALSE, TRUE));
4842 * pmap_is_prefaultable:
4844 * Return whether or not the specified virtual address is eligible
4848 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
4856 pte = pmap_pte(pmap, addr, &lvl);
4857 if (pte != NULL && pmap_load(pte) != 0) {
4865 * pmap_is_referenced:
4867 * Return whether or not the specified physical page was referenced
4868 * in any physical maps.
4871 pmap_is_referenced(vm_page_t m)
4874 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4875 ("pmap_is_referenced: page %p is not managed", m));
4876 return (pmap_page_test_mappings(m, TRUE, FALSE));
4880 * Clear the write and modified bits in each of the given page's mappings.
4883 pmap_remove_write(vm_page_t m)
4885 struct md_page *pvh;
4887 struct rwlock *lock;
4888 pv_entry_t next_pv, pv;
4889 pt_entry_t oldpte, *pte;
4891 int lvl, md_gen, pvh_gen;
4893 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4894 ("pmap_remove_write: page %p is not managed", m));
4895 vm_page_assert_busied(m);
4897 if (!pmap_page_is_write_mapped(m))
4899 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4900 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
4901 pa_to_pvh(VM_PAGE_TO_PHYS(m));
4904 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
4906 PMAP_ASSERT_STAGE1(pmap);
4907 if (!PMAP_TRYLOCK(pmap)) {
4908 pvh_gen = pvh->pv_gen;
4912 if (pvh_gen != pvh->pv_gen) {
4919 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4920 if ((pmap_load(pte) & ATTR_SW_DBM) != 0)
4921 (void)pmap_demote_l2_locked(pmap, pte, va, &lock);
4922 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4923 ("inconsistent pv lock %p %p for page %p",
4924 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4927 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4929 PMAP_ASSERT_STAGE1(pmap);
4930 if (!PMAP_TRYLOCK(pmap)) {
4931 pvh_gen = pvh->pv_gen;
4932 md_gen = m->md.pv_gen;
4936 if (pvh_gen != pvh->pv_gen ||
4937 md_gen != m->md.pv_gen) {
4943 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4944 oldpte = pmap_load(pte);
4946 if ((oldpte & ATTR_SW_DBM) != 0) {
4947 if (!atomic_fcmpset_long(pte, &oldpte,
4948 (oldpte | ATTR_S1_AP_RW_BIT) & ~ATTR_SW_DBM))
4950 if ((oldpte & ATTR_S1_AP_RW_BIT) ==
4951 ATTR_S1_AP(ATTR_S1_AP_RW))
4953 pmap_invalidate_page(pmap, pv->pv_va);
4958 vm_page_aflag_clear(m, PGA_WRITEABLE);
4962 * pmap_ts_referenced:
4964 * Return a count of reference bits for a page, clearing those bits.
4965 * It is not necessary for every reference bit to be cleared, but it
4966 * is necessary that 0 only be returned when there are truly no
4967 * reference bits set.
4969 * As an optimization, update the page's dirty field if a modified bit is
4970 * found while counting reference bits. This opportunistic update can be
4971 * performed at low cost and can eliminate the need for some future calls
4972 * to pmap_is_modified(). However, since this function stops after
4973 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
4974 * dirty pages. Those dirty pages will only be detected by a future call
4975 * to pmap_is_modified().
4978 pmap_ts_referenced(vm_page_t m)
4980 struct md_page *pvh;
4983 struct rwlock *lock;
4984 pd_entry_t *pde, tpde;
4985 pt_entry_t *pte, tpte;
4988 int cleared, lvl, md_gen, not_cleared, pvh_gen;
4989 struct spglist free;
4991 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4992 ("pmap_ts_referenced: page %p is not managed", m));
4995 pa = VM_PAGE_TO_PHYS(m);
4996 lock = PHYS_TO_PV_LIST_LOCK(pa);
4997 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
5001 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
5002 goto small_mappings;
5008 if (!PMAP_TRYLOCK(pmap)) {
5009 pvh_gen = pvh->pv_gen;
5013 if (pvh_gen != pvh->pv_gen) {
5019 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5020 KASSERT(pde != NULL, ("pmap_ts_referenced: no l1 table found"));
5022 ("pmap_ts_referenced: invalid pde level %d", lvl));
5023 tpde = pmap_load(pde);
5024 KASSERT((tpde & ATTR_DESCR_MASK) == L1_TABLE,
5025 ("pmap_ts_referenced: found an invalid l1 table"));
5026 pte = pmap_l1_to_l2(pde, pv->pv_va);
5027 tpte = pmap_load(pte);
5028 if (pmap_pte_dirty(pmap, tpte)) {
5030 * Although "tpte" is mapping a 2MB page, because
5031 * this function is called at a 4KB page granularity,
5032 * we only update the 4KB page under test.
5037 if ((tpte & ATTR_AF) != 0) {
5039 * Since this reference bit is shared by 512 4KB pages,
5040 * it should not be cleared every time it is tested.
5041 * Apply a simple "hash" function on the physical page
5042 * number, the virtual superpage number, and the pmap
5043 * address to select one 4KB page out of the 512 on
5044 * which testing the reference bit will result in
5045 * clearing that reference bit. This function is
5046 * designed to avoid the selection of the same 4KB page
5047 * for every 2MB page mapping.
5049 * On demotion, a mapping that hasn't been referenced
5050 * is simply destroyed. To avoid the possibility of a
5051 * subsequent page fault on a demoted wired mapping,
5052 * always leave its reference bit set. Moreover,
5053 * since the superpage is wired, the current state of
5054 * its reference bit won't affect page replacement.
5056 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
5057 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
5058 (tpte & ATTR_SW_WIRED) == 0) {
5059 pmap_clear_bits(pte, ATTR_AF);
5060 pmap_invalidate_page(pmap, pv->pv_va);
5066 /* Rotate the PV list if it has more than one entry. */
5067 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5068 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
5069 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
5072 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
5074 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
5076 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
5083 if (!PMAP_TRYLOCK(pmap)) {
5084 pvh_gen = pvh->pv_gen;
5085 md_gen = m->md.pv_gen;
5089 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5094 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5095 KASSERT(pde != NULL, ("pmap_ts_referenced: no l2 table found"));
5097 ("pmap_ts_referenced: invalid pde level %d", lvl));
5098 tpde = pmap_load(pde);
5099 KASSERT((tpde & ATTR_DESCR_MASK) == L2_TABLE,
5100 ("pmap_ts_referenced: found an invalid l2 table"));
5101 pte = pmap_l2_to_l3(pde, pv->pv_va);
5102 tpte = pmap_load(pte);
5103 if (pmap_pte_dirty(pmap, tpte))
5105 if ((tpte & ATTR_AF) != 0) {
5106 if ((tpte & ATTR_SW_WIRED) == 0) {
5107 pmap_clear_bits(pte, ATTR_AF);
5108 pmap_invalidate_page(pmap, pv->pv_va);
5114 /* Rotate the PV list if it has more than one entry. */
5115 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5116 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
5117 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
5120 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
5121 not_cleared < PMAP_TS_REFERENCED_MAX);
5124 vm_page_free_pages_toq(&free, true);
5125 return (cleared + not_cleared);
5129 * Apply the given advice to the specified range of addresses within the
5130 * given pmap. Depending on the advice, clear the referenced and/or
5131 * modified flags in each mapping and set the mapped page's dirty field.
5134 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
5136 struct rwlock *lock;
5137 vm_offset_t va, va_next;
5139 pd_entry_t *l0, *l1, *l2, oldl2;
5140 pt_entry_t *l3, oldl3;
5142 PMAP_ASSERT_STAGE1(pmap);
5144 if (advice != MADV_DONTNEED && advice != MADV_FREE)
5148 for (; sva < eva; sva = va_next) {
5149 l0 = pmap_l0(pmap, sva);
5150 if (pmap_load(l0) == 0) {
5151 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
5156 l1 = pmap_l0_to_l1(l0, sva);
5157 if (pmap_load(l1) == 0) {
5158 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
5163 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
5166 l2 = pmap_l1_to_l2(l1, sva);
5167 oldl2 = pmap_load(l2);
5170 if ((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK) {
5171 if ((oldl2 & ATTR_SW_MANAGED) == 0)
5174 if (!pmap_demote_l2_locked(pmap, l2, sva, &lock)) {
5179 * The 2MB page mapping was destroyed.
5185 * Unless the page mappings are wired, remove the
5186 * mapping to a single page so that a subsequent
5187 * access may repromote. Choosing the last page
5188 * within the address range [sva, min(va_next, eva))
5189 * generally results in more repromotions. Since the
5190 * underlying page table page is fully populated, this
5191 * removal never frees a page table page.
5193 if ((oldl2 & ATTR_SW_WIRED) == 0) {
5199 ("pmap_advise: no address gap"));
5200 l3 = pmap_l2_to_l3(l2, va);
5201 KASSERT(pmap_load(l3) != 0,
5202 ("pmap_advise: invalid PTE"));
5203 pmap_remove_l3(pmap, l3, va, pmap_load(l2),
5209 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
5210 ("pmap_advise: invalid L2 entry after demotion"));
5214 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
5216 oldl3 = pmap_load(l3);
5217 if ((oldl3 & (ATTR_SW_MANAGED | ATTR_DESCR_MASK)) !=
5218 (ATTR_SW_MANAGED | L3_PAGE))
5220 else if (pmap_pte_dirty(pmap, oldl3)) {
5221 if (advice == MADV_DONTNEED) {
5223 * Future calls to pmap_is_modified()
5224 * can be avoided by making the page
5227 m = PHYS_TO_VM_PAGE(oldl3 & ~ATTR_MASK);
5230 while (!atomic_fcmpset_long(l3, &oldl3,
5231 (oldl3 & ~ATTR_AF) |
5232 ATTR_S1_AP(ATTR_S1_AP_RO)))
5234 } else if ((oldl3 & ATTR_AF) != 0)
5235 pmap_clear_bits(l3, ATTR_AF);
5242 if (va != va_next) {
5243 pmap_invalidate_range(pmap, va, sva);
5248 pmap_invalidate_range(pmap, va, sva);
5254 * Clear the modify bits on the specified physical page.
5257 pmap_clear_modify(vm_page_t m)
5259 struct md_page *pvh;
5260 struct rwlock *lock;
5262 pv_entry_t next_pv, pv;
5263 pd_entry_t *l2, oldl2;
5264 pt_entry_t *l3, oldl3;
5266 int md_gen, pvh_gen;
5268 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5269 ("pmap_clear_modify: page %p is not managed", m));
5270 vm_page_assert_busied(m);
5272 if (!pmap_page_is_write_mapped(m))
5274 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
5275 pa_to_pvh(VM_PAGE_TO_PHYS(m));
5276 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5279 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5281 PMAP_ASSERT_STAGE1(pmap);
5282 if (!PMAP_TRYLOCK(pmap)) {
5283 pvh_gen = pvh->pv_gen;
5287 if (pvh_gen != pvh->pv_gen) {
5293 l2 = pmap_l2(pmap, va);
5294 oldl2 = pmap_load(l2);
5295 /* If oldl2 has ATTR_SW_DBM set, then it is also dirty. */
5296 if ((oldl2 & ATTR_SW_DBM) != 0 &&
5297 pmap_demote_l2_locked(pmap, l2, va, &lock) &&
5298 (oldl2 & ATTR_SW_WIRED) == 0) {
5300 * Write protect the mapping to a single page so that
5301 * a subsequent write access may repromote.
5303 va += VM_PAGE_TO_PHYS(m) - (oldl2 & ~ATTR_MASK);
5304 l3 = pmap_l2_to_l3(l2, va);
5305 oldl3 = pmap_load(l3);
5306 while (!atomic_fcmpset_long(l3, &oldl3,
5307 (oldl3 & ~ATTR_SW_DBM) | ATTR_S1_AP(ATTR_S1_AP_RO)))
5310 pmap_invalidate_page(pmap, va);
5314 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5316 PMAP_ASSERT_STAGE1(pmap);
5317 if (!PMAP_TRYLOCK(pmap)) {
5318 md_gen = m->md.pv_gen;
5319 pvh_gen = pvh->pv_gen;
5323 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5328 l2 = pmap_l2(pmap, pv->pv_va);
5329 l3 = pmap_l2_to_l3(l2, pv->pv_va);
5330 oldl3 = pmap_load(l3);
5331 if (pmap_l3_valid(oldl3) &&
5332 (oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) == ATTR_SW_DBM){
5333 pmap_set_bits(l3, ATTR_S1_AP(ATTR_S1_AP_RO));
5334 pmap_invalidate_page(pmap, pv->pv_va);
5342 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5344 struct pmap_preinit_mapping *ppim;
5345 vm_offset_t va, offset;
5348 int i, lvl, l2_blocks, free_l2_count, start_idx;
5350 if (!vm_initialized) {
5352 * No L3 ptables so map entire L2 blocks where start VA is:
5353 * preinit_map_va + start_idx * L2_SIZE
5354 * There may be duplicate mappings (multiple VA -> same PA) but
5355 * ARM64 dcache is always PIPT so that's acceptable.
5360 /* Calculate how many L2 blocks are needed for the mapping */
5361 l2_blocks = (roundup2(pa + size, L2_SIZE) -
5362 rounddown2(pa, L2_SIZE)) >> L2_SHIFT;
5364 offset = pa & L2_OFFSET;
5366 if (preinit_map_va == 0)
5369 /* Map 2MiB L2 blocks from reserved VA space */
5373 /* Find enough free contiguous VA space */
5374 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
5375 ppim = pmap_preinit_mapping + i;
5376 if (free_l2_count > 0 && ppim->pa != 0) {
5377 /* Not enough space here */
5383 if (ppim->pa == 0) {
5385 if (start_idx == -1)
5388 if (free_l2_count == l2_blocks)
5392 if (free_l2_count != l2_blocks)
5393 panic("%s: too many preinit mappings", __func__);
5395 va = preinit_map_va + (start_idx * L2_SIZE);
5396 for (i = start_idx; i < start_idx + l2_blocks; i++) {
5397 /* Mark entries as allocated */
5398 ppim = pmap_preinit_mapping + i;
5400 ppim->va = va + offset;
5405 pa = rounddown2(pa, L2_SIZE);
5406 for (i = 0; i < l2_blocks; i++) {
5407 pde = pmap_pde(kernel_pmap, va, &lvl);
5408 KASSERT(pde != NULL,
5409 ("pmap_mapbios: Invalid page entry, va: 0x%lx",
5412 ("pmap_mapbios: Invalid level %d", lvl));
5414 /* Insert L2_BLOCK */
5415 l2 = pmap_l1_to_l2(pde, va);
5417 pa | ATTR_DEFAULT | ATTR_S1_XN |
5418 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L2_BLOCK);
5423 pmap_invalidate_all(kernel_pmap);
5425 va = preinit_map_va + (start_idx * L2_SIZE);
5428 /* kva_alloc may be used to map the pages */
5429 offset = pa & PAGE_MASK;
5430 size = round_page(offset + size);
5432 va = kva_alloc(size);
5434 panic("%s: Couldn't allocate KVA", __func__);
5436 pde = pmap_pde(kernel_pmap, va, &lvl);
5437 KASSERT(lvl == 2, ("pmap_mapbios: Invalid level %d", lvl));
5439 /* L3 table is linked */
5440 va = trunc_page(va);
5441 pa = trunc_page(pa);
5442 pmap_kenter(va, size, pa, VM_MEMATTR_WRITE_BACK);
5445 return ((void *)(va + offset));
5449 pmap_unmapbios(vm_offset_t va, vm_size_t size)
5451 struct pmap_preinit_mapping *ppim;
5452 vm_offset_t offset, tmpsize, va_trunc;
5455 int i, lvl, l2_blocks, block;
5459 (roundup2(va + size, L2_SIZE) - rounddown2(va, L2_SIZE)) >> L2_SHIFT;
5460 KASSERT(l2_blocks > 0, ("pmap_unmapbios: invalid size %lx", size));
5462 /* Remove preinit mapping */
5463 preinit_map = false;
5465 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
5466 ppim = pmap_preinit_mapping + i;
5467 if (ppim->va == va) {
5468 KASSERT(ppim->size == size,
5469 ("pmap_unmapbios: size mismatch"));
5474 offset = block * L2_SIZE;
5475 va_trunc = rounddown2(va, L2_SIZE) + offset;
5477 /* Remove L2_BLOCK */
5478 pde = pmap_pde(kernel_pmap, va_trunc, &lvl);
5479 KASSERT(pde != NULL,
5480 ("pmap_unmapbios: Invalid page entry, va: 0x%lx",
5482 l2 = pmap_l1_to_l2(pde, va_trunc);
5485 if (block == (l2_blocks - 1))
5491 pmap_invalidate_all(kernel_pmap);
5495 /* Unmap the pages reserved with kva_alloc. */
5496 if (vm_initialized) {
5497 offset = va & PAGE_MASK;
5498 size = round_page(offset + size);
5499 va = trunc_page(va);
5501 pde = pmap_pde(kernel_pmap, va, &lvl);
5502 KASSERT(pde != NULL,
5503 ("pmap_unmapbios: Invalid page entry, va: 0x%lx", va));
5504 KASSERT(lvl == 2, ("pmap_unmapbios: Invalid level %d", lvl));
5506 /* Unmap and invalidate the pages */
5507 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
5508 pmap_kremove(va + tmpsize);
5515 * Sets the memory attribute for the specified page.
5518 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5521 m->md.pv_memattr = ma;
5524 * If "m" is a normal page, update its direct mapping. This update
5525 * can be relied upon to perform any cache operations that are
5526 * required for data coherence.
5528 if ((m->flags & PG_FICTITIOUS) == 0 &&
5529 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
5530 m->md.pv_memattr) != 0)
5531 panic("memory attribute change on the direct map failed");
5535 * Changes the specified virtual address range's memory type to that given by
5536 * the parameter "mode". The specified virtual address range must be
5537 * completely contained within either the direct map or the kernel map. If
5538 * the virtual address range is contained within the kernel map, then the
5539 * memory type for each of the corresponding ranges of the direct map is also
5540 * changed. (The corresponding ranges of the direct map are those ranges that
5541 * map the same physical pages as the specified virtual address range.) These
5542 * changes to the direct map are necessary because Intel describes the
5543 * behavior of their processors as "undefined" if two or more mappings to the
5544 * same physical page have different memory types.
5546 * Returns zero if the change completed successfully, and either EINVAL or
5547 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
5548 * of the virtual address range was not mapped, and ENOMEM is returned if
5549 * there was insufficient memory available to complete the change. In the
5550 * latter case, the memory type may have been changed on some part of the
5551 * virtual address range or the direct map.
5554 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
5558 PMAP_LOCK(kernel_pmap);
5559 error = pmap_change_attr_locked(va, size, mode);
5560 PMAP_UNLOCK(kernel_pmap);
5565 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode)
5567 vm_offset_t base, offset, tmpva;
5568 pt_entry_t l3, *pte, *newpte;
5571 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
5572 base = trunc_page(va);
5573 offset = va & PAGE_MASK;
5574 size = round_page(offset + size);
5576 if (!VIRT_IN_DMAP(base) &&
5577 !(base >= VM_MIN_KERNEL_ADDRESS && base < VM_MAX_KERNEL_ADDRESS))
5580 for (tmpva = base; tmpva < base + size; ) {
5581 pte = pmap_pte(kernel_pmap, tmpva, &lvl);
5585 if ((pmap_load(pte) & ATTR_S1_IDX_MASK) == ATTR_S1_IDX(mode)) {
5587 * We already have the correct attribute,
5588 * ignore this entry.
5592 panic("Invalid DMAP table level: %d\n", lvl);
5594 tmpva = (tmpva & ~L1_OFFSET) + L1_SIZE;
5597 tmpva = (tmpva & ~L2_OFFSET) + L2_SIZE;
5605 * Split the entry to an level 3 table, then
5606 * set the new attribute.
5610 panic("Invalid DMAP table level: %d\n", lvl);
5612 newpte = pmap_demote_l1(kernel_pmap, pte,
5613 tmpva & ~L1_OFFSET);
5616 pte = pmap_l1_to_l2(pte, tmpva);
5618 newpte = pmap_demote_l2(kernel_pmap, pte,
5622 pte = pmap_l2_to_l3(pte, tmpva);
5624 /* Update the entry */
5625 l3 = pmap_load(pte);
5626 l3 &= ~ATTR_S1_IDX_MASK;
5627 l3 |= ATTR_S1_IDX(mode);
5628 if (mode == VM_MEMATTR_DEVICE)
5631 pmap_update_entry(kernel_pmap, pte, l3, tmpva,
5635 * If moving to a non-cacheable entry flush
5638 if (mode == VM_MEMATTR_UNCACHEABLE)
5639 cpu_dcache_wbinv_range(tmpva, L3_SIZE);
5651 * Create an L2 table to map all addresses within an L1 mapping.
5654 pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va)
5656 pt_entry_t *l2, newl2, oldl1;
5658 vm_paddr_t l2phys, phys;
5662 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5663 oldl1 = pmap_load(l1);
5664 KASSERT((oldl1 & ATTR_DESCR_MASK) == L1_BLOCK,
5665 ("pmap_demote_l1: Demoting a non-block entry"));
5666 KASSERT((va & L1_OFFSET) == 0,
5667 ("pmap_demote_l1: Invalid virtual address %#lx", va));
5668 KASSERT((oldl1 & ATTR_SW_MANAGED) == 0,
5669 ("pmap_demote_l1: Level 1 table shouldn't be managed"));
5672 if (va <= (vm_offset_t)l1 && va + L1_SIZE > (vm_offset_t)l1) {
5673 tmpl1 = kva_alloc(PAGE_SIZE);
5678 if ((ml2 = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
5679 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
5680 CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx"
5681 " in pmap %p", va, pmap);
5685 l2phys = VM_PAGE_TO_PHYS(ml2);
5686 l2 = (pt_entry_t *)PHYS_TO_DMAP(l2phys);
5688 /* Address the range points at */
5689 phys = oldl1 & ~ATTR_MASK;
5690 /* The attributed from the old l1 table to be copied */
5691 newl2 = oldl1 & ATTR_MASK;
5693 /* Create the new entries */
5694 for (i = 0; i < Ln_ENTRIES; i++) {
5695 l2[i] = newl2 | phys;
5698 KASSERT(l2[0] == ((oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK),
5699 ("Invalid l2 page (%lx != %lx)", l2[0],
5700 (oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK));
5703 pmap_kenter(tmpl1, PAGE_SIZE,
5704 DMAP_TO_PHYS((vm_offset_t)l1) & ~L3_OFFSET,
5705 VM_MEMATTR_WRITE_BACK);
5706 l1 = (pt_entry_t *)(tmpl1 + ((vm_offset_t)l1 & PAGE_MASK));
5709 pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE);
5712 pmap_kremove(tmpl1);
5713 kva_free(tmpl1, PAGE_SIZE);
5720 pmap_fill_l3(pt_entry_t *firstl3, pt_entry_t newl3)
5724 for (l3 = firstl3; l3 - firstl3 < Ln_ENTRIES; l3++) {
5731 pmap_demote_l2_abort(pmap_t pmap, vm_offset_t va, pt_entry_t *l2,
5732 struct rwlock **lockp)
5734 struct spglist free;
5737 (void)pmap_remove_l2(pmap, l2, va, pmap_load(pmap_l1(pmap, va)), &free,
5739 vm_page_free_pages_toq(&free, true);
5743 * Create an L3 table to map all addresses within an L2 mapping.
5746 pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va,
5747 struct rwlock **lockp)
5749 pt_entry_t *l3, newl3, oldl2;
5754 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5755 PMAP_ASSERT_STAGE1(pmap);
5757 oldl2 = pmap_load(l2);
5758 KASSERT((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK,
5759 ("pmap_demote_l2: Demoting a non-block entry"));
5763 if (va <= (vm_offset_t)l2 && va + L2_SIZE > (vm_offset_t)l2) {
5764 tmpl2 = kva_alloc(PAGE_SIZE);
5770 * Invalidate the 2MB page mapping and return "failure" if the
5771 * mapping was never accessed.
5773 if ((oldl2 & ATTR_AF) == 0) {
5774 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
5775 ("pmap_demote_l2: a wired mapping is missing ATTR_AF"));
5776 pmap_demote_l2_abort(pmap, va, l2, lockp);
5777 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx in pmap %p",
5782 if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) {
5783 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
5784 ("pmap_demote_l2: page table page for a wired mapping"
5788 * If the page table page is missing and the mapping
5789 * is for a kernel address, the mapping must belong to
5790 * the direct map. Page table pages are preallocated
5791 * for every other part of the kernel address space,
5792 * so the direct map region is the only part of the
5793 * kernel address space that must be handled here.
5795 KASSERT(va < VM_MAXUSER_ADDRESS || VIRT_IN_DMAP(va),
5796 ("pmap_demote_l2: No saved mpte for va %#lx", va));
5799 * If the 2MB page mapping belongs to the direct map
5800 * region of the kernel's address space, then the page
5801 * allocation request specifies the highest possible
5802 * priority (VM_ALLOC_INTERRUPT). Otherwise, the
5803 * priority is normal.
5805 ml3 = vm_page_alloc(NULL, pmap_l2_pindex(va),
5806 (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
5807 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
5810 * If the allocation of the new page table page fails,
5811 * invalidate the 2MB page mapping and return "failure".
5814 pmap_demote_l2_abort(pmap, va, l2, lockp);
5815 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx"
5816 " in pmap %p", va, pmap);
5820 if (va < VM_MAXUSER_ADDRESS) {
5821 ml3->ref_count = NL3PG;
5822 pmap_resident_count_inc(pmap, 1);
5825 l3phys = VM_PAGE_TO_PHYS(ml3);
5826 l3 = (pt_entry_t *)PHYS_TO_DMAP(l3phys);
5827 newl3 = (oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE;
5828 KASSERT((oldl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) !=
5829 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM),
5830 ("pmap_demote_l2: L2 entry is writeable but not dirty"));
5833 * If the page table page is not leftover from an earlier promotion,
5834 * or the mapping attributes have changed, (re)initialize the L3 table.
5836 * When pmap_update_entry() clears the old L2 mapping, it (indirectly)
5837 * performs a dsb(). That dsb() ensures that the stores for filling
5838 * "l3" are visible before "l3" is added to the page table.
5840 if (ml3->valid == 0 || (l3[0] & ATTR_MASK) != (newl3 & ATTR_MASK))
5841 pmap_fill_l3(l3, newl3);
5844 * Map the temporary page so we don't lose access to the l2 table.
5847 pmap_kenter(tmpl2, PAGE_SIZE,
5848 DMAP_TO_PHYS((vm_offset_t)l2) & ~L3_OFFSET,
5849 VM_MEMATTR_WRITE_BACK);
5850 l2 = (pt_entry_t *)(tmpl2 + ((vm_offset_t)l2 & PAGE_MASK));
5854 * The spare PV entries must be reserved prior to demoting the
5855 * mapping, that is, prior to changing the PDE. Otherwise, the state
5856 * of the L2 and the PV lists will be inconsistent, which can result
5857 * in reclaim_pv_chunk() attempting to remove a PV entry from the
5858 * wrong PV list and pmap_pv_demote_l2() failing to find the expected
5859 * PV entry for the 2MB page mapping that is being demoted.
5861 if ((oldl2 & ATTR_SW_MANAGED) != 0)
5862 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
5865 * Pass PAGE_SIZE so that a single TLB invalidation is performed on
5866 * the 2MB page mapping.
5868 pmap_update_entry(pmap, l2, l3phys | L2_TABLE, va, PAGE_SIZE);
5871 * Demote the PV entry.
5873 if ((oldl2 & ATTR_SW_MANAGED) != 0)
5874 pmap_pv_demote_l2(pmap, va, oldl2 & ~ATTR_MASK, lockp);
5876 atomic_add_long(&pmap_l2_demotions, 1);
5877 CTR3(KTR_PMAP, "pmap_demote_l2: success for va %#lx"
5878 " in pmap %p %lx", va, pmap, l3[0]);
5882 pmap_kremove(tmpl2);
5883 kva_free(tmpl2, PAGE_SIZE);
5891 pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
5893 struct rwlock *lock;
5897 l3 = pmap_demote_l2_locked(pmap, l2, va, &lock);
5904 * Perform the pmap work for mincore(2). If the page is not both referenced and
5905 * modified by this pmap, returns its physical address so that the caller can
5906 * find other mappings.
5909 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
5911 pt_entry_t *pte, tpte;
5912 vm_paddr_t mask, pa;
5916 PMAP_ASSERT_STAGE1(pmap);
5918 pte = pmap_pte(pmap, addr, &lvl);
5920 tpte = pmap_load(pte);
5933 panic("pmap_mincore: invalid level %d", lvl);
5936 managed = (tpte & ATTR_SW_MANAGED) != 0;
5937 val = MINCORE_INCORE;
5939 val |= MINCORE_SUPER;
5940 if ((managed && pmap_pte_dirty(pmap, tpte)) || (!managed &&
5941 (tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW)))
5942 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5943 if ((tpte & ATTR_AF) == ATTR_AF)
5944 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
5946 pa = (tpte & ~ATTR_MASK) | (addr & mask);
5952 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5953 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
5961 * Garbage collect every ASID that is neither active on a processor nor
5965 pmap_reset_asid_set(pmap_t pmap)
5968 int asid, cpuid, epoch;
5969 struct asid_set *set;
5970 enum pmap_stage stage;
5972 set = pmap->pm_asid_set;
5973 stage = pmap->pm_stage;
5975 set = pmap->pm_asid_set;
5976 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
5977 mtx_assert(&set->asid_set_mutex, MA_OWNED);
5980 * Ensure that the store to asid_epoch is globally visible before the
5981 * loads from pc_curpmap are performed.
5983 epoch = set->asid_epoch + 1;
5984 if (epoch == INT_MAX)
5986 set->asid_epoch = epoch;
5988 if (stage == PM_STAGE1) {
5989 __asm __volatile("tlbi vmalle1is");
5991 KASSERT(pmap_clean_stage2_tlbi != NULL,
5992 ("%s: Unset stage 2 tlb invalidation callback\n",
5994 pmap_clean_stage2_tlbi();
5997 bit_nclear(set->asid_set, ASID_FIRST_AVAILABLE,
5998 set->asid_set_size - 1);
5999 CPU_FOREACH(cpuid) {
6000 if (cpuid == curcpu)
6002 if (stage == PM_STAGE1) {
6003 curpmap = pcpu_find(cpuid)->pc_curpmap;
6004 PMAP_ASSERT_STAGE1(pmap);
6006 curpmap = pcpu_find(cpuid)->pc_curvmpmap;
6007 if (curpmap == NULL)
6009 PMAP_ASSERT_STAGE2(pmap);
6011 KASSERT(curpmap->pm_asid_set == set, ("Incorrect set"));
6012 asid = COOKIE_TO_ASID(curpmap->pm_cookie);
6015 bit_set(set->asid_set, asid);
6016 curpmap->pm_cookie = COOKIE_FROM(asid, epoch);
6021 * Allocate a new ASID for the specified pmap.
6024 pmap_alloc_asid(pmap_t pmap)
6026 struct asid_set *set;
6029 set = pmap->pm_asid_set;
6030 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6032 mtx_lock_spin(&set->asid_set_mutex);
6035 * While this processor was waiting to acquire the asid set mutex,
6036 * pmap_reset_asid_set() running on another processor might have
6037 * updated this pmap's cookie to the current epoch. In which case, we
6038 * don't need to allocate a new ASID.
6040 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch)
6043 bit_ffc_at(set->asid_set, set->asid_next, set->asid_set_size,
6045 if (new_asid == -1) {
6046 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6047 set->asid_next, &new_asid);
6048 if (new_asid == -1) {
6049 pmap_reset_asid_set(pmap);
6050 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6051 set->asid_set_size, &new_asid);
6052 KASSERT(new_asid != -1, ("ASID allocation failure"));
6055 bit_set(set->asid_set, new_asid);
6056 set->asid_next = new_asid + 1;
6057 pmap->pm_cookie = COOKIE_FROM(new_asid, set->asid_epoch);
6059 mtx_unlock_spin(&set->asid_set_mutex);
6063 * Compute the value that should be stored in ttbr0 to activate the specified
6064 * pmap. This value may change from time to time.
6067 pmap_to_ttbr0(pmap_t pmap)
6070 return (ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) |
6075 pmap_activate_int(pmap_t pmap)
6077 struct asid_set *set;
6080 KASSERT(PCPU_GET(curpmap) != NULL, ("no active pmap"));
6081 KASSERT(pmap != kernel_pmap, ("kernel pmap activation"));
6083 if ((pmap->pm_stage == PM_STAGE1 && pmap == PCPU_GET(curpmap)) ||
6084 (pmap->pm_stage == PM_STAGE2 && pmap == PCPU_GET(curvmpmap))) {
6086 * Handle the possibility that the old thread was preempted
6087 * after an "ic" or "tlbi" instruction but before it performed
6088 * a "dsb" instruction. If the old thread migrates to a new
6089 * processor, its completion of a "dsb" instruction on that
6090 * new processor does not guarantee that the "ic" or "tlbi"
6091 * instructions performed on the old processor have completed.
6097 set = pmap->pm_asid_set;
6098 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6101 * Ensure that the store to curpmap is globally visible before the
6102 * load from asid_epoch is performed.
6104 if (pmap->pm_stage == PM_STAGE1)
6105 PCPU_SET(curpmap, pmap);
6107 PCPU_SET(curvmpmap, pmap);
6109 epoch = COOKIE_TO_EPOCH(pmap->pm_cookie);
6110 if (epoch >= 0 && epoch != set->asid_epoch)
6111 pmap_alloc_asid(pmap);
6113 if (pmap->pm_stage == PM_STAGE1) {
6114 set_ttbr0(pmap_to_ttbr0(pmap));
6115 if (PCPU_GET(bcast_tlbi_workaround) != 0)
6116 invalidate_local_icache();
6122 pmap_activate_vm(pmap_t pmap)
6125 PMAP_ASSERT_STAGE2(pmap);
6127 (void)pmap_activate_int(pmap);
6131 pmap_activate(struct thread *td)
6135 pmap = vmspace_pmap(td->td_proc->p_vmspace);
6136 PMAP_ASSERT_STAGE1(pmap);
6138 (void)pmap_activate_int(pmap);
6143 * To eliminate the unused parameter "old", we would have to add an instruction
6147 pmap_switch(struct thread *old __unused, struct thread *new)
6149 pcpu_bp_harden bp_harden;
6152 /* Store the new curthread */
6153 PCPU_SET(curthread, new);
6155 /* And the new pcb */
6157 PCPU_SET(curpcb, pcb);
6160 * TODO: We may need to flush the cache here if switching
6161 * to a user process.
6164 if (pmap_activate_int(vmspace_pmap(new->td_proc->p_vmspace))) {
6166 * Stop userspace from training the branch predictor against
6167 * other processes. This will call into a CPU specific
6168 * function that clears the branch predictor state.
6170 bp_harden = PCPU_GET(bp_harden);
6171 if (bp_harden != NULL)
6179 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
6182 PMAP_ASSERT_STAGE1(pmap);
6183 if (va >= VM_MIN_KERNEL_ADDRESS) {
6184 cpu_icache_sync_range(va, sz);
6189 /* Find the length of data in this page to flush */
6190 offset = va & PAGE_MASK;
6191 len = imin(PAGE_SIZE - offset, sz);
6194 /* Extract the physical address & find it in the DMAP */
6195 pa = pmap_extract(pmap, va);
6197 cpu_icache_sync_range(PHYS_TO_DMAP(pa), len);
6199 /* Move to the next page */
6202 /* Set the length for the next iteration */
6203 len = imin(PAGE_SIZE, sz);
6209 pmap_stage2_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6212 pt_entry_t *ptep, pte;
6215 PMAP_ASSERT_STAGE2(pmap);
6218 /* Data and insn aborts use same encoding for FSC field. */
6219 dfsc = esr & ISS_DATA_DFSC_MASK;
6221 case ISS_DATA_DFSC_TF_L0:
6222 case ISS_DATA_DFSC_TF_L1:
6223 case ISS_DATA_DFSC_TF_L2:
6224 case ISS_DATA_DFSC_TF_L3:
6226 pdep = pmap_pde(pmap, far, &lvl);
6227 if (pdep == NULL || lvl != (dfsc - ISS_DATA_DFSC_TF_L1)) {
6234 ptep = pmap_l0_to_l1(pdep, far);
6237 ptep = pmap_l1_to_l2(pdep, far);
6240 ptep = pmap_l2_to_l3(pdep, far);
6243 panic("%s: Invalid pde level %d", __func__,lvl);
6247 case ISS_DATA_DFSC_AFF_L1:
6248 case ISS_DATA_DFSC_AFF_L2:
6249 case ISS_DATA_DFSC_AFF_L3:
6251 ptep = pmap_pte(pmap, far, &lvl);
6253 if (ptep != NULL && (pte = pmap_load(ptep)) != 0) {
6255 pmap_invalidate_vpipt_icache();
6258 * If accessing an executable page invalidate
6259 * the I-cache so it will be valid when we
6260 * continue execution in the guest. The D-cache
6261 * is assumed to already be clean to the Point
6264 if ((pte & ATTR_S2_XN_MASK) !=
6265 ATTR_S2_XN(ATTR_S2_XN_NONE)) {
6266 invalidate_icache();
6269 pmap_set_bits(ptep, ATTR_AF | ATTR_DESCR_VALID);
6280 pmap_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6282 pt_entry_t pte, *ptep;
6289 ec = ESR_ELx_EXCEPTION(esr);
6291 case EXCP_INSN_ABORT_L:
6292 case EXCP_INSN_ABORT:
6293 case EXCP_DATA_ABORT_L:
6294 case EXCP_DATA_ABORT:
6300 if (pmap->pm_stage == PM_STAGE2)
6301 return (pmap_stage2_fault(pmap, esr, far));
6303 /* Data and insn aborts use same encoding for FSC field. */
6304 switch (esr & ISS_DATA_DFSC_MASK) {
6305 case ISS_DATA_DFSC_AFF_L1:
6306 case ISS_DATA_DFSC_AFF_L2:
6307 case ISS_DATA_DFSC_AFF_L3:
6309 ptep = pmap_pte(pmap, far, &lvl);
6311 pmap_set_bits(ptep, ATTR_AF);
6314 * XXXMJ as an optimization we could mark the entry
6315 * dirty if this is a write fault.
6320 case ISS_DATA_DFSC_PF_L1:
6321 case ISS_DATA_DFSC_PF_L2:
6322 case ISS_DATA_DFSC_PF_L3:
6323 if ((ec != EXCP_DATA_ABORT_L && ec != EXCP_DATA_ABORT) ||
6324 (esr & ISS_DATA_WnR) == 0)
6327 ptep = pmap_pte(pmap, far, &lvl);
6329 ((pte = pmap_load(ptep)) & ATTR_SW_DBM) != 0) {
6330 if ((pte & ATTR_S1_AP_RW_BIT) ==
6331 ATTR_S1_AP(ATTR_S1_AP_RO)) {
6332 pmap_clear_bits(ptep, ATTR_S1_AP_RW_BIT);
6333 pmap_invalidate_page(pmap, far);
6339 case ISS_DATA_DFSC_TF_L0:
6340 case ISS_DATA_DFSC_TF_L1:
6341 case ISS_DATA_DFSC_TF_L2:
6342 case ISS_DATA_DFSC_TF_L3:
6344 * Retry the translation. A break-before-make sequence can
6345 * produce a transient fault.
6347 if (pmap == kernel_pmap) {
6349 * The translation fault may have occurred within a
6350 * critical section. Therefore, we must check the
6351 * address without acquiring the kernel pmap's lock.
6353 if (pmap_kextract(far) != 0)
6357 /* Ask the MMU to check the address. */
6358 intr = intr_disable();
6359 par = arm64_address_translate_s1e0r(far);
6364 * If the translation was successful, then we can
6365 * return success to the trap handler.
6367 if (PAR_SUCCESS(par))
6377 * Increase the starting virtual address of the given mapping if a
6378 * different alignment might result in more superpage mappings.
6381 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
6382 vm_offset_t *addr, vm_size_t size)
6384 vm_offset_t superpage_offset;
6388 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
6389 offset += ptoa(object->pg_color);
6390 superpage_offset = offset & L2_OFFSET;
6391 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
6392 (*addr & L2_OFFSET) == superpage_offset)
6394 if ((*addr & L2_OFFSET) < superpage_offset)
6395 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
6397 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
6401 * Get the kernel virtual address of a set of physical pages. If there are
6402 * physical addresses not covered by the DMAP perform a transient mapping
6403 * that will be removed when calling pmap_unmap_io_transient.
6405 * \param page The pages the caller wishes to obtain the virtual
6406 * address on the kernel memory map.
6407 * \param vaddr On return contains the kernel virtual memory address
6408 * of the pages passed in the page parameter.
6409 * \param count Number of pages passed in.
6410 * \param can_fault TRUE if the thread using the mapped pages can take
6411 * page faults, FALSE otherwise.
6413 * \returns TRUE if the caller must call pmap_unmap_io_transient when
6414 * finished or FALSE otherwise.
6418 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
6419 boolean_t can_fault)
6422 boolean_t needs_mapping;
6426 * Allocate any KVA space that we need, this is done in a separate
6427 * loop to prevent calling vmem_alloc while pinned.
6429 needs_mapping = FALSE;
6430 for (i = 0; i < count; i++) {
6431 paddr = VM_PAGE_TO_PHYS(page[i]);
6432 if (__predict_false(!PHYS_IN_DMAP(paddr))) {
6433 error = vmem_alloc(kernel_arena, PAGE_SIZE,
6434 M_BESTFIT | M_WAITOK, &vaddr[i]);
6435 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
6436 needs_mapping = TRUE;
6438 vaddr[i] = PHYS_TO_DMAP(paddr);
6442 /* Exit early if everything is covered by the DMAP */
6448 for (i = 0; i < count; i++) {
6449 paddr = VM_PAGE_TO_PHYS(page[i]);
6450 if (!PHYS_IN_DMAP(paddr)) {
6452 "pmap_map_io_transient: TODO: Map out of DMAP data");
6456 return (needs_mapping);
6460 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
6461 boolean_t can_fault)
6468 for (i = 0; i < count; i++) {
6469 paddr = VM_PAGE_TO_PHYS(page[i]);
6470 if (!PHYS_IN_DMAP(paddr)) {
6471 panic("ARM64TODO: pmap_unmap_io_transient: Unmap data");
6477 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
6480 return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_THROUGH);
6484 * Track a range of the kernel's virtual address space that is contiguous
6485 * in various mapping attributes.
6487 struct pmap_kernel_map_range {
6497 sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range,
6503 if (eva <= range->sva)
6506 index = range->attrs & ATTR_S1_IDX_MASK;
6508 case ATTR_S1_IDX(VM_MEMATTR_DEVICE):
6511 case ATTR_S1_IDX(VM_MEMATTR_UNCACHEABLE):
6514 case ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK):
6517 case ATTR_S1_IDX(VM_MEMATTR_WRITE_THROUGH):
6522 "%s: unknown memory type %x for range 0x%016lx-0x%016lx\n",
6523 __func__, index, range->sva, eva);
6528 sbuf_printf(sb, "0x%016lx-0x%016lx r%c%c%c %3s %d %d %d %d\n",
6530 (range->attrs & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP_RW ? 'w' : '-',
6531 (range->attrs & ATTR_S1_PXN) != 0 ? '-' : 'x',
6532 (range->attrs & ATTR_S1_AP_USER) != 0 ? 'u' : 's',
6533 mode, range->l1blocks, range->l2blocks, range->l3contig,
6536 /* Reset to sentinel value. */
6537 range->sva = 0xfffffffffffffffful;
6541 * Determine whether the attributes specified by a page table entry match those
6542 * being tracked by the current range.
6545 sysctl_kmaps_match(struct pmap_kernel_map_range *range, pt_entry_t attrs)
6548 return (range->attrs == attrs);
6552 sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va,
6556 memset(range, 0, sizeof(*range));
6558 range->attrs = attrs;
6562 * Given a leaf PTE, derive the mapping's attributes. If they do not match
6563 * those of the current run, dump the address range and its attributes, and
6567 sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range,
6568 vm_offset_t va, pd_entry_t l0e, pd_entry_t l1e, pd_entry_t l2e,
6573 attrs = l0e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6574 attrs |= l1e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6575 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK)
6576 attrs |= l1e & ATTR_S1_IDX_MASK;
6577 attrs |= l2e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6578 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK)
6579 attrs |= l2e & ATTR_S1_IDX_MASK;
6580 attrs |= l3e & (ATTR_S1_AP_MASK | ATTR_S1_XN | ATTR_S1_IDX_MASK);
6582 if (range->sva > va || !sysctl_kmaps_match(range, attrs)) {
6583 sysctl_kmaps_dump(sb, range, va);
6584 sysctl_kmaps_reinit(range, va, attrs);
6589 sysctl_kmaps(SYSCTL_HANDLER_ARGS)
6591 struct pmap_kernel_map_range range;
6592 struct sbuf sbuf, *sb;
6593 pd_entry_t l0e, *l1, l1e, *l2, l2e;
6594 pt_entry_t *l3, l3e;
6597 int error, i, j, k, l;
6599 error = sysctl_wire_old_buffer(req, 0);
6603 sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req);
6605 /* Sentinel value. */
6606 range.sva = 0xfffffffffffffffful;
6609 * Iterate over the kernel page tables without holding the kernel pmap
6610 * lock. Kernel page table pages are never freed, so at worst we will
6611 * observe inconsistencies in the output.
6613 for (sva = 0xffff000000000000ul, i = pmap_l0_index(sva); i < Ln_ENTRIES;
6615 if (i == pmap_l0_index(DMAP_MIN_ADDRESS))
6616 sbuf_printf(sb, "\nDirect map:\n");
6617 else if (i == pmap_l0_index(VM_MIN_KERNEL_ADDRESS))
6618 sbuf_printf(sb, "\nKernel map:\n");
6620 l0e = kernel_pmap->pm_l0[i];
6621 if ((l0e & ATTR_DESCR_VALID) == 0) {
6622 sysctl_kmaps_dump(sb, &range, sva);
6626 pa = l0e & ~ATTR_MASK;
6627 l1 = (pd_entry_t *)PHYS_TO_DMAP(pa);
6629 for (j = pmap_l1_index(sva); j < Ln_ENTRIES; j++) {
6631 if ((l1e & ATTR_DESCR_VALID) == 0) {
6632 sysctl_kmaps_dump(sb, &range, sva);
6636 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK) {
6637 sysctl_kmaps_check(sb, &range, sva, l0e, l1e,
6643 pa = l1e & ~ATTR_MASK;
6644 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa);
6646 for (k = pmap_l2_index(sva); k < Ln_ENTRIES; k++) {
6648 if ((l2e & ATTR_DESCR_VALID) == 0) {
6649 sysctl_kmaps_dump(sb, &range, sva);
6653 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK) {
6654 sysctl_kmaps_check(sb, &range, sva,
6660 pa = l2e & ~ATTR_MASK;
6661 l3 = (pt_entry_t *)PHYS_TO_DMAP(pa);
6663 for (l = pmap_l3_index(sva); l < Ln_ENTRIES;
6664 l++, sva += L3_SIZE) {
6666 if ((l3e & ATTR_DESCR_VALID) == 0) {
6667 sysctl_kmaps_dump(sb, &range,
6671 sysctl_kmaps_check(sb, &range, sva,
6672 l0e, l1e, l2e, l3e);
6673 if ((l3e & ATTR_CONTIGUOUS) != 0)
6674 range.l3contig += l % 16 == 0 ?
6683 error = sbuf_finish(sb);
6687 SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
6688 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
6689 NULL, 0, sysctl_kmaps, "A",
6690 "Dump kernel address layout");
projects / FreeBSD / FreeBSD.git / blob