Make PV entries dynamic on amd64. i386 has a pre-reserved block of kva

[FreeBSD/FreeBSD.git] / sys / amd64 / amd64 / pmap.c

/*-
 * Copyright (c) 1991 Regents of the University of California.
 * All rights reserved.
 * Copyright (c) 1994 John S. Dyson
 * All rights reserved.
 * Copyright (c) 1994 David Greenman
 * All rights reserved.
 * Copyright (c) 2003 Peter Wemm
 * All rights reserved.
 * Copyright (c) 2005 Alan L. Cox <alc@cs.rice.edu>
 * All rights reserved.
 *
 * This code is derived from software contributed to Berkeley by
 * the Systems Programming Group of the University of Utah Computer
 * Science Department and William Jolitz of UUNET Technologies Inc.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by the University of
 *      California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *      from:   @(#)pmap.c      7.7 (Berkeley)  5/12/91
 */
/*-
 * Copyright (c) 2003 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by Jake Burkholder,
 * Safeport Network Services, and Network Associates Laboratories, the
 * Security Research Division of Network Associates, Inc. under
 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
 * CHATS research program.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

/*
 *      Manages physical address maps.
 *
 *      In addition to hardware address maps, this
 *      module is called upon to provide software-use-only
 *      maps which may or may not be stored in the same
 *      form as hardware maps.  These pseudo-maps are
 *      used to store intermediate results from copy
 *      operations to and from address spaces.
 *
 *      Since the information managed by this module is
 *      also stored by the logical address mapping module,
 *      this module may throw away valid virtual-to-physical
 *      mappings at almost any time.  However, invalidations
 *      of virtual-to-physical mappings must be done as
 *      requested.
 *
 *      In order to cope with hardware architectures which
 *      make virtual-to-physical map invalidates expensive,
 *      this module may delay invalidate or reduced protection
 *      operations until such time as they are actually
 *      necessary.  This module is given full information as
 *      to which processors are currently using which maps,
 *      and to when physical maps must be made correct.
 */

#include "opt_msgbuf.h"

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mman.h>
#include <sys/msgbuf.h>
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/sx.h>
#include <sys/vmmeter.h>
#include <sys/sched.h>
#include <sys/sysctl.h>
#ifdef SMP
#include <sys/smp.h>
#endif

#include <vm/vm.h>
#include <vm/vm_param.h>
#include <vm/vm_kern.h>
#include <vm/vm_page.h>
#include <vm/vm_map.h>
#include <vm/vm_object.h>
#include <vm/vm_extern.h>
#include <vm/vm_pageout.h>
#include <vm/vm_pager.h>
#include <vm/uma.h>

#include <machine/cpu.h>
#include <machine/cputypes.h>
#include <machine/md_var.h>
#include <machine/pcb.h>
#include <machine/specialreg.h>
#ifdef SMP
#include <machine/smp.h>
#endif

#ifndef PMAP_SHPGPERPROC
#define PMAP_SHPGPERPROC 200
#endif

#if defined(DIAGNOSTIC)
#define PMAP_DIAGNOSTIC
#endif

#if !defined(PMAP_DIAGNOSTIC)
#define PMAP_INLINE __inline
#else
#define PMAP_INLINE
#endif

struct pmap kernel_pmap_store;

vm_paddr_t avail_start;         /* PA of first available physical page */
vm_paddr_t avail_end;           /* PA of last available physical page */
vm_offset_t virtual_avail;      /* VA of first avail page (after kernel bss) */
vm_offset_t virtual_end;        /* VA of last avail page (end of kernel AS) */

static int nkpt;
static int ndmpdp;
static vm_paddr_t dmaplimit;
vm_offset_t kernel_vm_end;
pt_entry_t pg_nx;

static u_int64_t        KPTphys;        /* phys addr of kernel level 1 */
static u_int64_t        KPDphys;        /* phys addr of kernel level 2 */
static u_int64_t        KPDPphys;       /* phys addr of kernel level 3 */
u_int64_t               KPML4phys;      /* phys addr of kernel level 4 */

static u_int64_t        DMPDphys;       /* phys addr of direct mapped level 2 */
static u_int64_t        DMPDPphys;      /* phys addr of direct mapped level 3 */

/*
 * Data for the pv entry allocation mechanism
 */
static uma_zone_t pvzone;
static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
static int shpgperproc = PMAP_SHPGPERPROC;

/*
 * All those kernel PT submaps that BSD is so fond of
 */
pt_entry_t *CMAP1 = 0;
caddr_t CADDR1 = 0;
struct msgbuf *msgbufp = 0;

/*
 * Crashdump maps.
 */
static caddr_t crashdumpmap;

static PMAP_INLINE void free_pv_entry(pv_entry_t pv);
static pv_entry_t get_pv_entry(pmap_t locked_pmap);
static void     pmap_clear_ptes(vm_page_t m, long bit);

static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq,
                vm_offset_t sva, pd_entry_t ptepde);
static void pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde);
static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
                vm_offset_t va);
static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);

static vm_page_t pmap_allocpde(pmap_t pmap, vm_offset_t va, int flags);
static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);

static vm_page_t _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, int flags);
static int _pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m);
static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t);
static vm_offset_t pmap_kmem_choose(vm_offset_t addr);

CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));

/*
 * Move the kernel virtual free pointer to the next
 * 2MB.  This is used to help improve performance
 * by using a large (2MB) page for much of the kernel
 * (.text, .data, .bss)
 */
static vm_offset_t
pmap_kmem_choose(vm_offset_t addr)
{
        vm_offset_t newaddr = addr;

        newaddr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
        return newaddr;
}

/********************/
/* Inline functions */
/********************/

/* Return a non-clipped PD index for a given VA */
static __inline vm_pindex_t
pmap_pde_pindex(vm_offset_t va)
{
        return va >> PDRSHIFT;
}


/* Return various clipped indexes for a given VA */
static __inline vm_pindex_t
pmap_pte_index(vm_offset_t va)
{

        return ((va >> PAGE_SHIFT) & ((1ul << NPTEPGSHIFT) - 1));
}

static __inline vm_pindex_t
pmap_pde_index(vm_offset_t va)
{

        return ((va >> PDRSHIFT) & ((1ul << NPDEPGSHIFT) - 1));
}

static __inline vm_pindex_t
pmap_pdpe_index(vm_offset_t va)
{

        return ((va >> PDPSHIFT) & ((1ul << NPDPEPGSHIFT) - 1));
}

static __inline vm_pindex_t
pmap_pml4e_index(vm_offset_t va)
{

        return ((va >> PML4SHIFT) & ((1ul << NPML4EPGSHIFT) - 1));
}

/* Return a pointer to the PML4 slot that corresponds to a VA */
static __inline pml4_entry_t *
pmap_pml4e(pmap_t pmap, vm_offset_t va)
{

        if (!pmap)
                return NULL;
        return (&pmap->pm_pml4[pmap_pml4e_index(va)]);
}

/* Return a pointer to the PDP slot that corresponds to a VA */
static __inline pdp_entry_t *
pmap_pml4e_to_pdpe(pml4_entry_t *pml4e, vm_offset_t va)
{
        pdp_entry_t *pdpe;

        pdpe = (pdp_entry_t *)PHYS_TO_DMAP(*pml4e & PG_FRAME);
        return (&pdpe[pmap_pdpe_index(va)]);
}

/* Return a pointer to the PDP slot that corresponds to a VA */
static __inline pdp_entry_t *
pmap_pdpe(pmap_t pmap, vm_offset_t va)
{
        pml4_entry_t *pml4e;

        pml4e = pmap_pml4e(pmap, va);
        if (pml4e == NULL || (*pml4e & PG_V) == 0)
                return NULL;
        return (pmap_pml4e_to_pdpe(pml4e, va));
}

/* Return a pointer to the PD slot that corresponds to a VA */
static __inline pd_entry_t *
pmap_pdpe_to_pde(pdp_entry_t *pdpe, vm_offset_t va)
{
        pd_entry_t *pde;

        pde = (pd_entry_t *)PHYS_TO_DMAP(*pdpe & PG_FRAME);
        return (&pde[pmap_pde_index(va)]);
}

/* Return a pointer to the PD slot that corresponds to a VA */
static __inline pd_entry_t *
pmap_pde(pmap_t pmap, vm_offset_t va)
{
        pdp_entry_t *pdpe;

        pdpe = pmap_pdpe(pmap, va);
        if (pdpe == NULL || (*pdpe & PG_V) == 0)
                 return NULL;
        return (pmap_pdpe_to_pde(pdpe, va));
}

/* Return a pointer to the PT slot that corresponds to a VA */
static __inline pt_entry_t *
pmap_pde_to_pte(pd_entry_t *pde, vm_offset_t va)
{
        pt_entry_t *pte;

        pte = (pt_entry_t *)PHYS_TO_DMAP(*pde & PG_FRAME);
        return (&pte[pmap_pte_index(va)]);
}

/* Return a pointer to the PT slot that corresponds to a VA */
static __inline pt_entry_t *
pmap_pte(pmap_t pmap, vm_offset_t va)
{
        pd_entry_t *pde;

        pde = pmap_pde(pmap, va);
        if (pde == NULL || (*pde & PG_V) == 0)
                return NULL;
        if ((*pde & PG_PS) != 0)        /* compat with i386 pmap_pte() */
                return ((pt_entry_t *)pde);
        return (pmap_pde_to_pte(pde, va));
}


static __inline pt_entry_t *
pmap_pte_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *ptepde)
{
        pd_entry_t *pde;

        pde = pmap_pde(pmap, va);
        if (pde == NULL || (*pde & PG_V) == 0)
                return NULL;
        *ptepde = *pde;
        if ((*pde & PG_PS) != 0)        /* compat with i386 pmap_pte() */
                return ((pt_entry_t *)pde);
        return (pmap_pde_to_pte(pde, va));
}


PMAP_INLINE pt_entry_t *
vtopte(vm_offset_t va)
{
        u_int64_t mask = ((1ul << (NPTEPGSHIFT + NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);

        return (PTmap + ((va >> PAGE_SHIFT) & mask));
}

static __inline pd_entry_t *
vtopde(vm_offset_t va)
{
        u_int64_t mask = ((1ul << (NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);

        return (PDmap + ((va >> PDRSHIFT) & mask));
}

static u_int64_t
allocpages(int n)
{
        u_int64_t ret;

        ret = avail_start;
        bzero((void *)ret, n * PAGE_SIZE);
        avail_start += n * PAGE_SIZE;
        return (ret);
}

static void
create_pagetables(void)
{
        int i;

        /* Allocate pages */
        KPTphys = allocpages(NKPT);
        KPML4phys = allocpages(1);
        KPDPphys = allocpages(NKPML4E);
        KPDphys = allocpages(NKPDPE);

        ndmpdp = (ptoa(Maxmem) + NBPDP - 1) >> PDPSHIFT;
        if (ndmpdp < 4)         /* Minimum 4GB of dirmap */
                ndmpdp = 4;
        DMPDPphys = allocpages(NDMPML4E);
        DMPDphys = allocpages(ndmpdp);
        dmaplimit = (vm_paddr_t)ndmpdp << PDPSHIFT;

        /* Fill in the underlying page table pages */
        /* Read-only from zero to physfree */
        /* XXX not fully used, underneath 2M pages */
        for (i = 0; (i << PAGE_SHIFT) < avail_start; i++) {
                ((pt_entry_t *)KPTphys)[i] = i << PAGE_SHIFT;
                ((pt_entry_t *)KPTphys)[i] |= PG_RW | PG_V | PG_G;
        }

        /* Now map the page tables at their location within PTmap */
        for (i = 0; i < NKPT; i++) {
                ((pd_entry_t *)KPDphys)[i] = KPTphys + (i << PAGE_SHIFT);
                ((pd_entry_t *)KPDphys)[i] |= PG_RW | PG_V;
        }

        /* Map from zero to end of allocations under 2M pages */
        /* This replaces some of the KPTphys entries above */
        for (i = 0; (i << PDRSHIFT) < avail_start; i++) {
                ((pd_entry_t *)KPDphys)[i] = i << PDRSHIFT;
                ((pd_entry_t *)KPDphys)[i] |= PG_RW | PG_V | PG_PS | PG_G;
        }

        /* And connect up the PD to the PDP */
        for (i = 0; i < NKPDPE; i++) {
                ((pdp_entry_t *)KPDPphys)[i + KPDPI] = KPDphys + (i << PAGE_SHIFT);
                ((pdp_entry_t *)KPDPphys)[i + KPDPI] |= PG_RW | PG_V | PG_U;
        }


        /* Now set up the direct map space using 2MB pages */
        for (i = 0; i < NPDEPG * ndmpdp; i++) {
                ((pd_entry_t *)DMPDphys)[i] = (vm_paddr_t)i << PDRSHIFT;
                ((pd_entry_t *)DMPDphys)[i] |= PG_RW | PG_V | PG_PS | PG_G;
        }

        /* And the direct map space's PDP */
        for (i = 0; i < ndmpdp; i++) {
                ((pdp_entry_t *)DMPDPphys)[i] = DMPDphys + (i << PAGE_SHIFT);
                ((pdp_entry_t *)DMPDPphys)[i] |= PG_RW | PG_V | PG_U;
        }

        /* And recursively map PML4 to itself in order to get PTmap */
        ((pdp_entry_t *)KPML4phys)[PML4PML4I] = KPML4phys;
        ((pdp_entry_t *)KPML4phys)[PML4PML4I] |= PG_RW | PG_V | PG_U;

        /* Connect the Direct Map slot up to the PML4 */
        ((pdp_entry_t *)KPML4phys)[DMPML4I] = DMPDPphys;
        ((pdp_entry_t *)KPML4phys)[DMPML4I] |= PG_RW | PG_V | PG_U;

        /* Connect the KVA slot up to the PML4 */
        ((pdp_entry_t *)KPML4phys)[KPML4I] = KPDPphys;
        ((pdp_entry_t *)KPML4phys)[KPML4I] |= PG_RW | PG_V | PG_U;
}

/*
 *      Bootstrap the system enough to run with virtual memory.
 *
 *      On amd64 this is called after mapping has already been enabled
 *      and just syncs the pmap module with what has already been done.
 *      [We can't call it easily with mapping off since the kernel is not
 *      mapped with PA == VA, hence we would have to relocate every address
 *      from the linked base (virtual) address "KERNBASE" to the actual
 *      (physical) address starting relative to 0]
 */
void
pmap_bootstrap(firstaddr)
        vm_paddr_t *firstaddr;
{
        vm_offset_t va;
        pt_entry_t *pte, *unused;

        avail_start = *firstaddr;

        /*
         * Create an initial set of page tables to run the kernel in.
         */
        create_pagetables();
        *firstaddr = avail_start;

        virtual_avail = (vm_offset_t) KERNBASE + avail_start;
        virtual_avail = pmap_kmem_choose(virtual_avail);

        virtual_end = VM_MAX_KERNEL_ADDRESS;


        /* XXX do %cr0 as well */
        load_cr4(rcr4() | CR4_PGE | CR4_PSE);
        load_cr3(KPML4phys);

        /*
         * Initialize the kernel pmap (which is statically allocated).
         */
        PMAP_LOCK_INIT(kernel_pmap);
        kernel_pmap->pm_pml4 = (pdp_entry_t *) (KERNBASE + KPML4phys);
        kernel_pmap->pm_active = -1;    /* don't allow deactivation */
        TAILQ_INIT(&kernel_pmap->pm_pvlist);
        nkpt = NKPT;

        /*
         * Reserve some special page table entries/VA space for temporary
         * mapping of pages.
         */
#define SYSMAP(c, p, v, n)      \
        v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);

        va = virtual_avail;
        pte = vtopte(va);

        /*
         * CMAP1 is only used for the memory test.
         */
        SYSMAP(caddr_t, CMAP1, CADDR1, 1)

        /*
         * Crashdump maps.
         */
        SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)

        /*
         * msgbufp is used to map the system message buffer.
         */
        SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(MSGBUF_SIZE)))

        virtual_avail = va;

        *CMAP1 = 0;

        invltlb();
}

/*
 *      Initialize a vm_page's machine-dependent fields.
 */
void
pmap_page_init(vm_page_t m)
{

        TAILQ_INIT(&m->md.pv_list);
        m->md.pv_list_count = 0;
}

/*
 *      Initialize the pmap module.
 *      Called by vm_init, to initialize any structures that the pmap
 *      system needs to map virtual memory.
 */
void
pmap_init(void)
{

        /*
         * Initialize the address space (zone) for the pv entries.  Set a
         * high water mark so that the system can recover from excessive
         * numbers of pv entries.
         */
        pvzone = uma_zcreate("PV ENTRY", sizeof(struct pv_entry), NULL, NULL, 
            NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM);
        TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
        pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
        TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
        pv_entry_high_water = 9 * (pv_entry_max / 10);
}

SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
static int
pmap_pventry_proc(SYSCTL_HANDLER_ARGS)
{
        int error;

        error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
        if (error == 0 && req->newptr) {
                shpgperproc = (pv_entry_max - cnt.v_page_count) / maxproc;
                pv_entry_high_water = 9 * (pv_entry_max / 10);
        }
        return (error);
}
SYSCTL_PROC(_vm_pmap, OID_AUTO, pv_entry_max, CTLTYPE_INT|CTLFLAG_RW, 
    &pv_entry_max, 0, pmap_pventry_proc, "IU", "Max number of PV entries");

static int
pmap_shpgperproc_proc(SYSCTL_HANDLER_ARGS)
{
        int error;

        error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
        if (error == 0 && req->newptr) {
                pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
                pv_entry_high_water = 9 * (pv_entry_max / 10);
        }
        return (error);
}
SYSCTL_PROC(_vm_pmap, OID_AUTO, shpgperproc, CTLTYPE_INT|CTLFLAG_RW, 
    &shpgperproc, 0, pmap_shpgperproc_proc, "IU", "Page share factor per proc");


/***************************************************
 * Low level helper routines.....
 ***************************************************/


/*
 * this routine defines the region(s) of memory that should
 * not be tested for the modified bit.
 */
static PMAP_INLINE int
pmap_track_modified(vm_offset_t va)
{
        if ((va < kmi.clean_sva) || (va >= kmi.clean_eva)) 
                return 1;
        else
                return 0;
}

#ifdef SMP
/*
 * For SMP, these functions have to use the IPI mechanism for coherence.
 */
void
pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
{
        u_int cpumask;
        u_int other_cpus;

        if (smp_started) {
                if (!(read_rflags() & PSL_I))
                        panic("%s: interrupts disabled", __func__);
                mtx_lock_spin(&smp_ipi_mtx);
        } else
                critical_enter();
        /*
         * We need to disable interrupt preemption but MUST NOT have
         * interrupts disabled here.
         * XXX we may need to hold schedlock to get a coherent pm_active
         * XXX critical sections disable interrupts again
         */
        if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
                invlpg(va);
                smp_invlpg(va);
        } else {
                cpumask = PCPU_GET(cpumask);
                other_cpus = PCPU_GET(other_cpus);
                if (pmap->pm_active & cpumask)
                        invlpg(va);
                if (pmap->pm_active & other_cpus)
                        smp_masked_invlpg(pmap->pm_active & other_cpus, va);
        }
        if (smp_started)
                mtx_unlock_spin(&smp_ipi_mtx);
        else
                critical_exit();
}

void
pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
{
        u_int cpumask;
        u_int other_cpus;
        vm_offset_t addr;

        if (smp_started) {
                if (!(read_rflags() & PSL_I))
                        panic("%s: interrupts disabled", __func__);
                mtx_lock_spin(&smp_ipi_mtx);
        } else
                critical_enter();
        /*
         * We need to disable interrupt preemption but MUST NOT have
         * interrupts disabled here.
         * XXX we may need to hold schedlock to get a coherent pm_active
         * XXX critical sections disable interrupts again
         */
        if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
                for (addr = sva; addr < eva; addr += PAGE_SIZE)
                        invlpg(addr);
                smp_invlpg_range(sva, eva);
        } else {
                cpumask = PCPU_GET(cpumask);
                other_cpus = PCPU_GET(other_cpus);
                if (pmap->pm_active & cpumask)
                        for (addr = sva; addr < eva; addr += PAGE_SIZE)
                                invlpg(addr);
                if (pmap->pm_active & other_cpus)
                        smp_masked_invlpg_range(pmap->pm_active & other_cpus,
                            sva, eva);
        }
        if (smp_started)
                mtx_unlock_spin(&smp_ipi_mtx);
        else
                critical_exit();
}

void
pmap_invalidate_all(pmap_t pmap)
{
        u_int cpumask;
        u_int other_cpus;

        if (smp_started) {
                if (!(read_rflags() & PSL_I))
                        panic("%s: interrupts disabled", __func__);
                mtx_lock_spin(&smp_ipi_mtx);
        } else
                critical_enter();
        /*
         * We need to disable interrupt preemption but MUST NOT have
         * interrupts disabled here.
         * XXX we may need to hold schedlock to get a coherent pm_active
         * XXX critical sections disable interrupts again
         */
        if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
                invltlb();
                smp_invltlb();
        } else {
                cpumask = PCPU_GET(cpumask);
                other_cpus = PCPU_GET(other_cpus);
                if (pmap->pm_active & cpumask)
                        invltlb();
                if (pmap->pm_active & other_cpus)
                        smp_masked_invltlb(pmap->pm_active & other_cpus);
        }
        if (smp_started)
                mtx_unlock_spin(&smp_ipi_mtx);
        else
                critical_exit();
}
#else /* !SMP */
/*
 * Normal, non-SMP, invalidation functions.
 * We inline these within pmap.c for speed.
 */
PMAP_INLINE void
pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
{

        if (pmap == kernel_pmap || pmap->pm_active)
                invlpg(va);
}

PMAP_INLINE void
pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
{
        vm_offset_t addr;

        if (pmap == kernel_pmap || pmap->pm_active)
                for (addr = sva; addr < eva; addr += PAGE_SIZE)
                        invlpg(addr);
}

PMAP_INLINE void
pmap_invalidate_all(pmap_t pmap)
{

        if (pmap == kernel_pmap || pmap->pm_active)
                invltlb();
}
#endif /* !SMP */

/*
 * Are we current address space or kernel?
 */
static __inline int
pmap_is_current(pmap_t pmap)
{
        return (pmap == kernel_pmap ||
            (pmap->pm_pml4[PML4PML4I] & PG_FRAME) == (PML4pml4e[0] & PG_FRAME));
}

/*
 *      Routine:        pmap_extract
 *      Function:
 *              Extract the physical page address associated
 *              with the given map/virtual_address pair.
 */
vm_paddr_t 
pmap_extract(pmap_t pmap, vm_offset_t va)
{
        vm_paddr_t rtval;
        pt_entry_t *pte;
        pd_entry_t pde, *pdep;

        rtval = 0;
        PMAP_LOCK(pmap);
        pdep = pmap_pde(pmap, va);
        if (pdep != NULL) {
                pde = *pdep;
                if (pde) {
                        if ((pde & PG_PS) != 0) {
                                KASSERT((pde & PG_FRAME & PDRMASK) == 0,
                                    ("pmap_extract: bad pde"));
                                rtval = (pde & PG_FRAME) | (va & PDRMASK);
                                PMAP_UNLOCK(pmap);
                                return rtval;
                        }
                        pte = pmap_pde_to_pte(pdep, va);
                        rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
                }
        }
        PMAP_UNLOCK(pmap);
        return (rtval);
}

/*
 *      Routine:        pmap_extract_and_hold
 *      Function:
 *              Atomically extract and hold the physical page
 *              with the given pmap and virtual address pair
 *              if that mapping permits the given protection.
 */
vm_page_t
pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
{
        pd_entry_t pde, *pdep;
        pt_entry_t pte;
        vm_page_t m;

        m = NULL;
        vm_page_lock_queues();
        PMAP_LOCK(pmap);
        pdep = pmap_pde(pmap, va);
        if (pdep != NULL && (pde = *pdep)) {
                if (pde & PG_PS) {
                        if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
                                KASSERT((pde & PG_FRAME & PDRMASK) == 0,
                                    ("pmap_extract_and_hold: bad pde"));
                                m = PHYS_TO_VM_PAGE((pde & PG_FRAME) |
                                    (va & PDRMASK));
                                vm_page_hold(m);
                        }
                } else {
                        pte = *pmap_pde_to_pte(pdep, va);
                        if ((pte & PG_V) &&
                            ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
                                m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
                                vm_page_hold(m);
                        }
                }
        }
        vm_page_unlock_queues();
        PMAP_UNLOCK(pmap);
        return (m);
}

vm_paddr_t
pmap_kextract(vm_offset_t va)
{
        pd_entry_t *pde;
        vm_paddr_t pa;

        if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
                pa = DMAP_TO_PHYS(va);
        } else {
                pde = vtopde(va);
                if (*pde & PG_PS) {
                        pa = (*pde & ~(NBPDR - 1)) | (va & (NBPDR - 1));
                } else {
                        pa = *vtopte(va);
                        pa = (pa & PG_FRAME) | (va & PAGE_MASK);
                }
        }
        return pa;
}

/***************************************************
 * Low level mapping routines.....
 ***************************************************/

/*
 * Add a wired page to the kva.
 * Note: not SMP coherent.
 */
PMAP_INLINE void 
pmap_kenter(vm_offset_t va, vm_paddr_t pa)
{
        pt_entry_t *pte;

        pte = vtopte(va);
        pte_store(pte, pa | PG_RW | PG_V | PG_G);
}

/*
 * Remove a page from the kernel pagetables.
 * Note: not SMP coherent.
 */
PMAP_INLINE void
pmap_kremove(vm_offset_t va)
{
        pt_entry_t *pte;

        pte = vtopte(va);
        pte_clear(pte);
}

/*
 *      Used to map a range of physical addresses into kernel
 *      virtual address space.
 *
 *      The value passed in '*virt' is a suggested virtual address for
 *      the mapping. Architectures which can support a direct-mapped
 *      physical to virtual region can return the appropriate address
 *      within that region, leaving '*virt' unchanged. Other
 *      architectures should map the pages starting at '*virt' and
 *      update '*virt' with the first usable address after the mapped
 *      region.
 */
vm_offset_t
pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
{
        return PHYS_TO_DMAP(start);
}


/*
 * Add a list of wired pages to the kva
 * this routine is only used for temporary
 * kernel mappings that do not need to have
 * page modification or references recorded.
 * Note that old mappings are simply written
 * over.  The page *must* be wired.
 * Note: SMP coherent.  Uses a ranged shootdown IPI.
 */
void
pmap_qenter(vm_offset_t sva, vm_page_t *m, int count)
{
        vm_offset_t va;

        va = sva;
        while (count-- > 0) {
                pmap_kenter(va, VM_PAGE_TO_PHYS(*m));
                va += PAGE_SIZE;
                m++;
        }
        pmap_invalidate_range(kernel_pmap, sva, va);
}

/*
 * This routine tears out page mappings from the
 * kernel -- it is meant only for temporary mappings.
 * Note: SMP coherent.  Uses a ranged shootdown IPI.
 */
void
pmap_qremove(vm_offset_t sva, int count)
{
        vm_offset_t va;

        va = sva;
        while (count-- > 0) {
                pmap_kremove(va);
                va += PAGE_SIZE;
        }
        pmap_invalidate_range(kernel_pmap, sva, va);
}

/***************************************************
 * Page table page management routines.....
 ***************************************************/

/*
 * This routine unholds page table pages, and if the hold count
 * drops to zero, then it decrements the wire count.
 */
static PMAP_INLINE int
pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m)
{

        --m->wire_count;
        if (m->wire_count == 0)
                return _pmap_unwire_pte_hold(pmap, va, m);
        else
                return 0;
}

static int 
_pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m)
{
        vm_offset_t pteva;

        /*
         * unmap the page table page
         */
        if (m->pindex >= (NUPDE + NUPDPE)) {
                /* PDP page */
                pml4_entry_t *pml4;
                pml4 = pmap_pml4e(pmap, va);
                pteva = (vm_offset_t) PDPmap + amd64_ptob(m->pindex - (NUPDE + NUPDPE));
                *pml4 = 0;
        } else if (m->pindex >= NUPDE) {
                /* PD page */
                pdp_entry_t *pdp;
                pdp = pmap_pdpe(pmap, va);
                pteva = (vm_offset_t) PDmap + amd64_ptob(m->pindex - NUPDE);
                *pdp = 0;
        } else {
                /* PTE page */
                pd_entry_t *pd;
                pd = pmap_pde(pmap, va);
                pteva = (vm_offset_t) PTmap + amd64_ptob(m->pindex);
                *pd = 0;
        }
        --pmap->pm_stats.resident_count;
        if (m->pindex < NUPDE) {
                /* We just released a PT, unhold the matching PD */
                vm_page_t pdpg;

                pdpg = PHYS_TO_VM_PAGE(*pmap_pdpe(pmap, va) & PG_FRAME);
                pmap_unwire_pte_hold(pmap, va, pdpg);
        }
        if (m->pindex >= NUPDE && m->pindex < (NUPDE + NUPDPE)) {
                /* We just released a PD, unhold the matching PDP */
                vm_page_t pdppg;

                pdppg = PHYS_TO_VM_PAGE(*pmap_pml4e(pmap, va) & PG_FRAME);
                pmap_unwire_pte_hold(pmap, va, pdppg);
        }

        /*
         * Do an invltlb to make the invalidated mapping
         * take effect immediately.
         */
        pmap_invalidate_page(pmap, pteva);

        vm_page_free_zero(m);
        atomic_subtract_int(&cnt.v_wire_count, 1);
        return 1;
}

/*
 * After removing a page table entry, this routine is used to
 * conditionally free the page, and manage the hold/wire counts.
 */
static int
pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde)
{
        vm_page_t mpte;

        if (va >= VM_MAXUSER_ADDRESS)
                return 0;
        KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
        mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
        return pmap_unwire_pte_hold(pmap, va, mpte);
}

void
pmap_pinit0(pmap)
        struct pmap *pmap;
{

        PMAP_LOCK_INIT(pmap);
        pmap->pm_pml4 = (pml4_entry_t *)(KERNBASE + KPML4phys);
        pmap->pm_active = 0;
        TAILQ_INIT(&pmap->pm_pvlist);
        bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
}

/*
 * Initialize a preallocated and zeroed pmap structure,
 * such as one in a vmspace structure.
 */
void
pmap_pinit(pmap)
        register struct pmap *pmap;
{
        vm_page_t pml4pg;
        static vm_pindex_t color;

        PMAP_LOCK_INIT(pmap);

        /*
         * allocate the page directory page
         */
        while ((pml4pg = vm_page_alloc(NULL, color++, VM_ALLOC_NOOBJ |
            VM_ALLOC_NORMAL | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
                VM_WAIT;

        pmap->pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pml4pg));

        if ((pml4pg->flags & PG_ZERO) == 0)
                pagezero(pmap->pm_pml4);

        /* Wire in kernel global address entries. */
        pmap->pm_pml4[KPML4I] = KPDPphys | PG_RW | PG_V | PG_U;
        pmap->pm_pml4[DMPML4I] = DMPDPphys | PG_RW | PG_V | PG_U;

        /* install self-referential address mapping entry(s) */
        pmap->pm_pml4[PML4PML4I] = VM_PAGE_TO_PHYS(pml4pg) | PG_V | PG_RW | PG_A | PG_M;

        pmap->pm_active = 0;
        TAILQ_INIT(&pmap->pm_pvlist);
        bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
}

/*
 * this routine is called if the page table page is not
 * mapped correctly.
 *
 * Note: If a page allocation fails at page table level two or three,
 * one or two pages may be held during the wait, only to be released
 * afterwards.  This conservative approach is easily argued to avoid
 * race conditions.
 */
static vm_page_t
_pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, int flags)
{
        vm_page_t m, pdppg, pdpg;

        KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
            (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
            ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));

        /*
         * Allocate a page table page.
         */
        if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
            VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
                if (flags & M_WAITOK) {
                        PMAP_UNLOCK(pmap);
                        vm_page_unlock_queues();
                        VM_WAIT;
                        vm_page_lock_queues();
                        PMAP_LOCK(pmap);
                }

                /*
                 * Indicate the need to retry.  While waiting, the page table
                 * page may have been allocated.
                 */
                return (NULL);
        }
        if ((m->flags & PG_ZERO) == 0)
                pmap_zero_page(m);

        /*
         * Map the pagetable page into the process address space, if
         * it isn't already there.
         */

        pmap->pm_stats.resident_count++;

        if (ptepindex >= (NUPDE + NUPDPE)) {
                pml4_entry_t *pml4;
                vm_pindex_t pml4index;

                /* Wire up a new PDPE page */
                pml4index = ptepindex - (NUPDE + NUPDPE);
                pml4 = &pmap->pm_pml4[pml4index];
                *pml4 = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;

        } else if (ptepindex >= NUPDE) {
                vm_pindex_t pml4index;
                vm_pindex_t pdpindex;
                pml4_entry_t *pml4;
                pdp_entry_t *pdp;

                /* Wire up a new PDE page */
                pdpindex = ptepindex - NUPDE;
                pml4index = pdpindex >> NPML4EPGSHIFT;

                pml4 = &pmap->pm_pml4[pml4index];
                if ((*pml4 & PG_V) == 0) {
                        /* Have to allocate a new pdp, recurse */
                        if (_pmap_allocpte(pmap, NUPDE + NUPDPE + pml4index,
                            flags) == NULL) {
                                --m->wire_count;
                                vm_page_free(m);
                                return (NULL);
                        }
                } else {
                        /* Add reference to pdp page */
                        pdppg = PHYS_TO_VM_PAGE(*pml4 & PG_FRAME);
                        pdppg->wire_count++;
                }
                pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);

                /* Now find the pdp page */
                pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
                *pdp = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;

        } else {
                vm_pindex_t pml4index;
                vm_pindex_t pdpindex;
                pml4_entry_t *pml4;
                pdp_entry_t *pdp;
                pd_entry_t *pd;

                /* Wire up a new PTE page */
                pdpindex = ptepindex >> NPDPEPGSHIFT;
                pml4index = pdpindex >> NPML4EPGSHIFT;

                /* First, find the pdp and check that its valid. */
                pml4 = &pmap->pm_pml4[pml4index];
                if ((*pml4 & PG_V) == 0) {
                        /* Have to allocate a new pd, recurse */
                        if (_pmap_allocpte(pmap, NUPDE + pdpindex,
                            flags) == NULL) {
                                --m->wire_count;
                                vm_page_free(m);
                                return (NULL);
                        }
                        pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
                        pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
                } else {
                        pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
                        pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
                        if ((*pdp & PG_V) == 0) {
                                /* Have to allocate a new pd, recurse */
                                if (_pmap_allocpte(pmap, NUPDE + pdpindex,
                                    flags) == NULL) {
                                        --m->wire_count;
                                        vm_page_free(m);
                                        return (NULL);
                                }
                        } else {
                                /* Add reference to the pd page */
                                pdpg = PHYS_TO_VM_PAGE(*pdp & PG_FRAME);
                                pdpg->wire_count++;
                        }
                }
                pd = (pd_entry_t *)PHYS_TO_DMAP(*pdp & PG_FRAME);

                /* Now we know where the page directory page is */
                pd = &pd[ptepindex & ((1ul << NPDEPGSHIFT) - 1)];
                *pd = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
        }

        return m;
}

static vm_page_t
pmap_allocpde(pmap_t pmap, vm_offset_t va, int flags)
{
        vm_pindex_t pdpindex, ptepindex;
        pdp_entry_t *pdpe;
        vm_page_t pdpg;

        KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
            (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
            ("pmap_allocpde: flags is neither M_NOWAIT nor M_WAITOK"));
retry:
        pdpe = pmap_pdpe(pmap, va);
        if (pdpe != NULL && (*pdpe & PG_V) != 0) {
                /* Add a reference to the pd page. */
                pdpg = PHYS_TO_VM_PAGE(*pdpe & PG_FRAME);
                pdpg->wire_count++;
        } else {
                /* Allocate a pd page. */
                ptepindex = pmap_pde_pindex(va);
                pdpindex = ptepindex >> NPDPEPGSHIFT;
                pdpg = _pmap_allocpte(pmap, NUPDE + pdpindex, flags);
                if (pdpg == NULL && (flags & M_WAITOK))
                        goto retry;
        }
        return (pdpg);
}

static vm_page_t
pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
{
        vm_pindex_t ptepindex;
        pd_entry_t *pd;
        vm_page_t m;

        KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
            (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
            ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));

        /*
         * Calculate pagetable page index
         */
        ptepindex = pmap_pde_pindex(va);
retry:
        /*
         * Get the page directory entry
         */
        pd = pmap_pde(pmap, va);

        /*
         * This supports switching from a 2MB page to a
         * normal 4K page.
         */
        if (pd != 0 && (*pd & (PG_PS | PG_V)) == (PG_PS | PG_V)) {
                *pd = 0;
                pd = 0;
                pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
                pmap_unuse_pt(pmap, va, *pmap_pdpe(pmap, va));
                pmap_invalidate_all(kernel_pmap);
        }

        /*
         * If the page table page is mapped, we just increment the
         * hold count, and activate it.
         */
        if (pd != 0 && (*pd & PG_V) != 0) {
                m = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
                m->wire_count++;
        } else {
                /*
                 * Here if the pte page isn't mapped, or if it has been
                 * deallocated.
                 */
                m = _pmap_allocpte(pmap, ptepindex, flags);
                if (m == NULL && (flags & M_WAITOK))
                        goto retry;
        }
        return (m);
}


/***************************************************
 * Pmap allocation/deallocation routines.
 ***************************************************/

/*
 * Release any resources held by the given physical map.
 * Called when a pmap initialized by pmap_pinit is being released.
 * Should only be called if the map contains no valid mappings.
 */
void
pmap_release(pmap_t pmap)
{
        vm_page_t m;

        KASSERT(pmap->pm_stats.resident_count == 0,
            ("pmap_release: pmap resident count %ld != 0",
            pmap->pm_stats.resident_count));

        m = PHYS_TO_VM_PAGE(pmap->pm_pml4[PML4PML4I] & PG_FRAME);

        pmap->pm_pml4[KPML4I] = 0;      /* KVA */
        pmap->pm_pml4[DMPML4I] = 0;     /* Direct Map */
        pmap->pm_pml4[PML4PML4I] = 0;   /* Recursive Mapping */

        vm_page_lock_queues();
        m->wire_count--;
        atomic_subtract_int(&cnt.v_wire_count, 1);
        vm_page_free_zero(m);
        vm_page_unlock_queues();
        PMAP_LOCK_DESTROY(pmap);
}
\f
static int
kvm_size(SYSCTL_HANDLER_ARGS)
{
        unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;

        return sysctl_handle_long(oidp, &ksize, 0, req);
}
SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD, 
    0, 0, kvm_size, "IU", "Size of KVM");

static int
kvm_free(SYSCTL_HANDLER_ARGS)
{
        unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;

        return sysctl_handle_long(oidp, &kfree, 0, req);
}
SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD, 
    0, 0, kvm_free, "IU", "Amount of KVM free");

/*
 * grow the number of kernel page table entries, if needed
 */
void
pmap_growkernel(vm_offset_t addr)
{
        vm_paddr_t paddr;
        vm_page_t nkpg;
        pd_entry_t *pde, newpdir;
        pdp_entry_t newpdp;

        mtx_assert(&kernel_map->system_mtx, MA_OWNED);
        if (kernel_vm_end == 0) {
                kernel_vm_end = KERNBASE;
                nkpt = 0;
                while ((*pmap_pde(kernel_pmap, kernel_vm_end) & PG_V) != 0) {
                        kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
                        nkpt++;
                }
        }
        addr = roundup2(addr, PAGE_SIZE * NPTEPG);
        while (kernel_vm_end < addr) {
                pde = pmap_pde(kernel_pmap, kernel_vm_end);
                if (pde == NULL) {
                        /* We need a new PDP entry */
                        nkpg = vm_page_alloc(NULL, nkpt,
                            VM_ALLOC_NOOBJ | VM_ALLOC_SYSTEM | VM_ALLOC_WIRED);
                        if (!nkpg)
                                panic("pmap_growkernel: no memory to grow kernel");
                        pmap_zero_page(nkpg);
                        paddr = VM_PAGE_TO_PHYS(nkpg);
                        newpdp = (pdp_entry_t)
                                (paddr | PG_V | PG_RW | PG_A | PG_M);
                        *pmap_pdpe(kernel_pmap, kernel_vm_end) = newpdp;
                        continue; /* try again */
                }
                if ((*pde & PG_V) != 0) {
                        kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
                        continue;
                }

                /*
                 * This index is bogus, but out of the way
                 */
                nkpg = vm_page_alloc(NULL, nkpt,
                    VM_ALLOC_NOOBJ | VM_ALLOC_SYSTEM | VM_ALLOC_WIRED);
                if (!nkpg)
                        panic("pmap_growkernel: no memory to grow kernel");

                nkpt++;

                pmap_zero_page(nkpg);
                paddr = VM_PAGE_TO_PHYS(nkpg);
                newpdir = (pd_entry_t) (paddr | PG_V | PG_RW | PG_A | PG_M);
                *pmap_pde(kernel_pmap, kernel_vm_end) = newpdir;

                kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
        }
}


/***************************************************
 * page management routines.
 ***************************************************/

/*
 * free the pv_entry back to the free list
 */
static PMAP_INLINE void
free_pv_entry(pv_entry_t pv)
{
        pv_entry_count--;
        uma_zfree(pvzone, pv);
}

/*
 * get a new pv_entry, allocating a block from the system
 * when needed.
 */
static pv_entry_t
get_pv_entry(pmap_t locked_pmap)
{
        static const struct timeval printinterval = { 60, 0 };
        static struct timeval lastprint;
        struct vpgqueues *vpq;
        pd_entry_t ptepde;
        pmap_t pmap;
        pt_entry_t *pte, tpte;
        pv_entry_t allocated_pv, next_pv, pv;
        vm_offset_t va;
        vm_page_t m;

        PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        allocated_pv = uma_zalloc(pvzone, M_NOWAIT);
        if (allocated_pv != NULL) {
                pv_entry_count++;
                if (pv_entry_count > pv_entry_high_water)
                        pagedaemon_wakeup();
                else
                        return (allocated_pv);
        }

        /*
         * Reclaim pv entries: At first, destroy mappings to inactive
         * pages.  After that, if a pv entry is still needed, destroy
         * mappings to active pages.
         */
        if (ratecheck(&lastprint, &printinterval))
                printf("Approaching the limit on PV entries, consider "
                    "increasing sysctl vm.pmap.shpgperproc or "
                    "vm.pmap.pv_entry_max\n");
        vpq = &vm_page_queues[PQ_INACTIVE];
retry:
        TAILQ_FOREACH(m, &vpq->pl, pageq) {
                if (m->hold_count || m->busy || (m->flags & PG_BUSY))
                        continue;
                TAILQ_FOREACH_SAFE(pv, &m->md.pv_list, pv_list, next_pv) {
                        va = pv->pv_va;
                        pmap = pv->pv_pmap;
                        /* Avoid deadlock and lock recursion. */
                        if (pmap > locked_pmap)
                                PMAP_LOCK(pmap);
                        else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap))
                                continue;
                        pmap->pm_stats.resident_count--;
                        pte = pmap_pte_pde(pmap, va, &ptepde);
                        tpte = pte_load_clear(pte);
                        KASSERT((tpte & PG_W) == 0,
                            ("get_pv_entry: wired pte %#lx", tpte));
                        if (tpte & PG_A)
                                vm_page_flag_set(m, PG_REFERENCED);
                        if (tpte & PG_M) {
                                KASSERT((tpte & PG_RW),
        ("get_pv_entry: modified page not writable: va: %#lx, pte: %#lx",
                                    va, tpte));
                                if (pmap_track_modified(va))
                                        vm_page_dirty(m);
                        }
                        pmap_invalidate_page(pmap, va);
                        TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
                        TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
                        if (TAILQ_EMPTY(&m->md.pv_list))
                                vm_page_flag_clear(m, PG_WRITEABLE);
                        m->md.pv_list_count--;
                        pmap_unuse_pt(pmap, va, ptepde);
                        if (pmap != locked_pmap)
                                PMAP_UNLOCK(pmap);
                        if (allocated_pv == NULL)
                                allocated_pv = pv;
                        else
                                free_pv_entry(pv);
                }
        }
        if (allocated_pv == NULL) {
                if (vpq == &vm_page_queues[PQ_INACTIVE]) {
                        vpq = &vm_page_queues[PQ_ACTIVE];
                        goto retry;
                }
                panic("get_pv_entry: increase the vm.pmap.shpgperproc tunable");
        }
        return (allocated_pv);
}

static void
pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
{
        pv_entry_t pv;

        PMAP_LOCK_ASSERT(pmap, MA_OWNED);
        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        if (m->md.pv_list_count < pmap->pm_stats.resident_count) {
                TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
                        if (pmap == pv->pv_pmap && va == pv->pv_va) 
                                break;
                }
        } else {
                TAILQ_FOREACH(pv, &pmap->pm_pvlist, pv_plist) {
                        if (va == pv->pv_va) 
                                break;
                }
        }
        KASSERT(pv != NULL, ("pmap_remove_entry: pv not found"));
        TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
        m->md.pv_list_count--;
        if (TAILQ_EMPTY(&m->md.pv_list))
                vm_page_flag_clear(m, PG_WRITEABLE);
        TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
        free_pv_entry(pv);
}

/*
 * Create a pv entry for page at pa for
 * (pmap, va).
 */
static void
pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
{
        pv_entry_t pv;

        pv = get_pv_entry(pmap);
        pv->pv_va = va;
        pv->pv_pmap = pmap;

        PMAP_LOCK_ASSERT(pmap, MA_OWNED);
        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        TAILQ_INSERT_TAIL(&pmap->pm_pvlist, pv, pv_plist);
        TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
        m->md.pv_list_count++;
}

/*
 * pmap_remove_pte: do the things to unmap a page in a process
 */
static int
pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va, pd_entry_t ptepde)
{
        pt_entry_t oldpte;
        vm_page_t m;

        PMAP_LOCK_ASSERT(pmap, MA_OWNED);
        oldpte = pte_load_clear(ptq);
        if (oldpte & PG_W)
                pmap->pm_stats.wired_count -= 1;
        /*
         * Machines that don't support invlpg, also don't support
         * PG_G.
         */
        if (oldpte & PG_G)
                pmap_invalidate_page(kernel_pmap, va);
        pmap->pm_stats.resident_count -= 1;
        if (oldpte & PG_MANAGED) {
                m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
                if (oldpte & PG_M) {
                        KASSERT((oldpte & PG_RW),
        ("pmap_remove_pte: modified page not writable: va: %#lx, pte: %#lx",
                            va, oldpte));
                        if (pmap_track_modified(va))
                                vm_page_dirty(m);
                }
                if (oldpte & PG_A)
                        vm_page_flag_set(m, PG_REFERENCED);
                pmap_remove_entry(pmap, m, va);
        }
        return (pmap_unuse_pt(pmap, va, ptepde));
}

/*
 * Remove a single page from a process address space
 */
static void
pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde)
{
        pt_entry_t *pte;

        PMAP_LOCK_ASSERT(pmap, MA_OWNED);
        if ((*pde & PG_V) == 0)
                return;
        pte = pmap_pde_to_pte(pde, va);
        if ((*pte & PG_V) == 0)
                return;
        pmap_remove_pte(pmap, pte, va, *pde);
        pmap_invalidate_page(pmap, va);
}

/*
 *      Remove the given range of addresses from the specified map.
 *
 *      It is assumed that the start and end are properly
 *      rounded to the page size.
 */
void
pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
{
        vm_offset_t va_next;
        pml4_entry_t *pml4e;
        pdp_entry_t *pdpe;
        pd_entry_t ptpaddr, *pde;
        pt_entry_t *pte;
        int anyvalid;

        /*
         * Perform an unsynchronized read.  This is, however, safe.
         */
        if (pmap->pm_stats.resident_count == 0)
                return;

        anyvalid = 0;

        vm_page_lock_queues();
        PMAP_LOCK(pmap);

        /*
         * special handling of removing one page.  a very
         * common operation and easy to short circuit some
         * code.
         */
        if (sva + PAGE_SIZE == eva) {
                pde = pmap_pde(pmap, sva);
                if (pde && (*pde & PG_PS) == 0) {
                        pmap_remove_page(pmap, sva, pde);
                        goto out;
                }
        }

        for (; sva < eva; sva = va_next) {

                if (pmap->pm_stats.resident_count == 0)
                        break;

                pml4e = pmap_pml4e(pmap, sva);
                if ((*pml4e & PG_V) == 0) {
                        va_next = (sva + NBPML4) & ~PML4MASK;
                        continue;
                }

                pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
                if ((*pdpe & PG_V) == 0) {
                        va_next = (sva + NBPDP) & ~PDPMASK;
                        continue;
                }

                /*
                 * Calculate index for next page table.
                 */
                va_next = (sva + NBPDR) & ~PDRMASK;

                pde = pmap_pdpe_to_pde(pdpe, sva);
                ptpaddr = *pde;

                /*
                 * Weed out invalid mappings.
                 */
                if (ptpaddr == 0)
                        continue;

                /*
                 * Check for large page.
                 */
                if ((ptpaddr & PG_PS) != 0) {
                        *pde = 0;
                        pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
                        pmap_unuse_pt(pmap, sva, *pdpe);
                        anyvalid = 1;
                        continue;
                }

                /*
                 * Limit our scan to either the end of the va represented
                 * by the current page table page, or to the end of the
                 * range being removed.
                 */
                if (va_next > eva)
                        va_next = eva;

                for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
                    sva += PAGE_SIZE) {
                        if (*pte == 0)
                                continue;
                        anyvalid = 1;
                        if (pmap_remove_pte(pmap, pte, sva, ptpaddr))
                                break;
                }
        }
out:
        vm_page_unlock_queues();
        if (anyvalid)
                pmap_invalidate_all(pmap);
        PMAP_UNLOCK(pmap);
}

/*
 *      Routine:        pmap_remove_all
 *      Function:
 *              Removes this physical page from
 *              all physical maps in which it resides.
 *              Reflects back modify bits to the pager.
 *
 *      Notes:
 *              Original versions of this routine were very
 *              inefficient because they iteratively called
 *              pmap_remove (slow...)
 */

void
pmap_remove_all(vm_page_t m)
{
        register pv_entry_t pv;
        pt_entry_t *pte, tpte;
        pd_entry_t ptepde;

#if defined(PMAP_DIAGNOSTIC)
        /*
         * XXX This makes pmap_remove_all() illegal for non-managed pages!
         */
        if (m->flags & PG_FICTITIOUS) {
                panic("pmap_remove_all: illegal for unmanaged page, va: 0x%lx",
                    VM_PAGE_TO_PHYS(m));
        }
#endif
        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
                PMAP_LOCK(pv->pv_pmap);
                pv->pv_pmap->pm_stats.resident_count--;
                pte = pmap_pte_pde(pv->pv_pmap, pv->pv_va, &ptepde);
                tpte = pte_load_clear(pte);
                if (tpte & PG_W)
                        pv->pv_pmap->pm_stats.wired_count--;
                if (tpte & PG_A)
                        vm_page_flag_set(m, PG_REFERENCED);

                /*
                 * Update the vm_page_t clean and reference bits.
                 */
                if (tpte & PG_M) {
                        KASSERT((tpte & PG_RW),
        ("pmap_remove_all: modified page not writable: va: %#lx, pte: %#lx",
                            pv->pv_va, tpte));
                        if (pmap_track_modified(pv->pv_va))
                                vm_page_dirty(m);
                }
                pmap_invalidate_page(pv->pv_pmap, pv->pv_va);
                TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
                TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
                m->md.pv_list_count--;
                pmap_unuse_pt(pv->pv_pmap, pv->pv_va, ptepde);
                PMAP_UNLOCK(pv->pv_pmap);
                free_pv_entry(pv);
        }
        vm_page_flag_clear(m, PG_WRITEABLE);
}

/*
 *      Set the physical protection on the
 *      specified range of this map as requested.
 */
void
pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
{
        vm_offset_t va_next;
        pml4_entry_t *pml4e;
        pdp_entry_t *pdpe;
        pd_entry_t ptpaddr, *pde;
        pt_entry_t *pte;
        int anychanged;

        if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
                pmap_remove(pmap, sva, eva);
                return;
        }

        if (prot & VM_PROT_WRITE)
                return;

        anychanged = 0;

        vm_page_lock_queues();
        PMAP_LOCK(pmap);
        for (; sva < eva; sva = va_next) {

                pml4e = pmap_pml4e(pmap, sva);
                if ((*pml4e & PG_V) == 0) {
                        va_next = (sva + NBPML4) & ~PML4MASK;
                        continue;
                }

                pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
                if ((*pdpe & PG_V) == 0) {
                        va_next = (sva + NBPDP) & ~PDPMASK;
                        continue;
                }

                va_next = (sva + NBPDR) & ~PDRMASK;

                pde = pmap_pdpe_to_pde(pdpe, sva);
                ptpaddr = *pde;

                /*
                 * Weed out invalid mappings.
                 */
                if (ptpaddr == 0)
                        continue;

                /*
                 * Check for large page.
                 */
                if ((ptpaddr & PG_PS) != 0) {
                        *pde &= ~(PG_M|PG_RW);
                        anychanged = 1;
                        continue;
                }

                if (va_next > eva)
                        va_next = eva;

                for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
                    sva += PAGE_SIZE) {
                        pt_entry_t obits, pbits;
                        vm_page_t m;

retry:
                        obits = pbits = *pte;
                        if (pbits & PG_MANAGED) {
                                m = NULL;
                                if (pbits & PG_A) {
                                        m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
                                        vm_page_flag_set(m, PG_REFERENCED);
                                        pbits &= ~PG_A;
                                }
                                if ((pbits & PG_M) != 0 &&
                                    pmap_track_modified(sva)) {
                                        if (m == NULL)
                                                m = PHYS_TO_VM_PAGE(pbits &
                                                    PG_FRAME);
                                        vm_page_dirty(m);
                                }
                        }

                        pbits &= ~(PG_RW | PG_M);

                        if (pbits != obits) {
                                if (!atomic_cmpset_long(pte, obits, pbits))
                                        goto retry;
                                if (obits & PG_G)
                                        pmap_invalidate_page(pmap, sva);
                                else
                                        anychanged = 1;
                        }
                }
        }
        vm_page_unlock_queues();
        if (anychanged)
                pmap_invalidate_all(pmap);
        PMAP_UNLOCK(pmap);
}

/*
 *      Insert the given physical page (p) at
 *      the specified virtual address (v) in the
 *      target physical map with the protection requested.
 *
 *      If specified, the page will be wired down, meaning
 *      that the related pte can not be reclaimed.
 *
 *      NB:  This is the only routine which MAY NOT lazy-evaluate
 *      or lose information.  That is, this routine must actually
 *      insert this page into the given map NOW.
 */
void
pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
           boolean_t wired)
{
        vm_paddr_t pa;
        register pt_entry_t *pte;
        vm_paddr_t opa;
        pt_entry_t origpte, newpte;
        vm_page_t mpte, om;
        boolean_t invlva;

        va = trunc_page(va);
#ifdef PMAP_DIAGNOSTIC
        if (va > VM_MAX_KERNEL_ADDRESS)
                panic("pmap_enter: toobig");
        if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
                panic("pmap_enter: invalid to pmap_enter page table pages (va: 0x%lx)", va);
#endif

        mpte = NULL;

        vm_page_lock_queues();
        PMAP_LOCK(pmap);

        /*
         * In the case that a page table page is not
         * resident, we are creating it here.
         */
        if (va < VM_MAXUSER_ADDRESS) {
                mpte = pmap_allocpte(pmap, va, M_WAITOK);
        }
#if 0 && defined(PMAP_DIAGNOSTIC)
        else {
                pd_entry_t *pdeaddr = pmap_pde(pmap, va);
                origpte = *pdeaddr;
                if ((origpte & PG_V) == 0) { 
                        panic("pmap_enter: invalid kernel page table page, pde=%p, va=%p\n",
                                origpte, va);
                }
        }
#endif

        pte = pmap_pte(pmap, va);

        /*
         * Page Directory table entry not valid, we need a new PT page
         */
        if (pte == NULL)
                panic("pmap_enter: invalid page directory va=%#lx\n", va);

        pa = VM_PAGE_TO_PHYS(m);
        om = NULL;
        origpte = *pte;
        opa = origpte & PG_FRAME;

        if (origpte & PG_PS)
                panic("pmap_enter: attempted pmap_enter on 2MB page");

        /*
         * Mapping has not changed, must be protection or wiring change.
         */
        if (origpte && (opa == pa)) {
                /*
                 * Wiring change, just update stats. We don't worry about
                 * wiring PT pages as they remain resident as long as there
                 * are valid mappings in them. Hence, if a user page is wired,
                 * the PT page will be also.
                 */
                if (wired && ((origpte & PG_W) == 0))
                        pmap->pm_stats.wired_count++;
                else if (!wired && (origpte & PG_W))
                        pmap->pm_stats.wired_count--;

                /*
                 * Remove extra pte reference
                 */
                if (mpte)
                        mpte->wire_count--;

                /*
                 * We might be turning off write access to the page,
                 * so we go ahead and sense modify status.
                 */
                if (origpte & PG_MANAGED) {
                        om = m;
                        pa |= PG_MANAGED;
                }
                goto validate;
        } 
        /*
         * Mapping has changed, invalidate old range and fall through to
         * handle validating new mapping.
         */
        if (opa) {
                if (origpte & PG_W)
                        pmap->pm_stats.wired_count--;
                if (origpte & PG_MANAGED) {
                        om = PHYS_TO_VM_PAGE(opa);
                        pmap_remove_entry(pmap, om, va);
                }
                if (mpte != NULL) {
                        mpte->wire_count--;
                        KASSERT(mpte->wire_count > 0,
                            ("pmap_enter: missing reference to page table page,"
                             " va: 0x%lx", va));
                }
        } else
                pmap->pm_stats.resident_count++;

        /*
         * Enter on the PV list if part of our managed memory.
         */
        if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0) {
                pmap_insert_entry(pmap, va, m);
                pa |= PG_MANAGED;
        }

        /*
         * Increment counters
         */
        if (wired)
                pmap->pm_stats.wired_count++;

validate:
        /*
         * Now validate mapping with desired protection/wiring.
         */
        newpte = (pt_entry_t)(pa | PG_V);
        if ((prot & VM_PROT_WRITE) != 0)
                newpte |= PG_RW;
        if ((prot & VM_PROT_EXECUTE) == 0)
                newpte |= pg_nx;
        if (wired)
                newpte |= PG_W;
        if (va < VM_MAXUSER_ADDRESS)
                newpte |= PG_U;
        if (pmap == kernel_pmap)
                newpte |= PG_G;

        /*
         * if the mapping or permission bits are different, we need
         * to update the pte.
         */
        if ((origpte & ~(PG_M|PG_A)) != newpte) {
                if (origpte & PG_V) {
                        invlva = FALSE;
                        origpte = pte_load_store(pte, newpte | PG_A);
                        if (origpte & PG_A) {
                                if (origpte & PG_MANAGED)
                                        vm_page_flag_set(om, PG_REFERENCED);
                                if (opa != VM_PAGE_TO_PHYS(m) || ((origpte &
                                    PG_NX) == 0 && (newpte & PG_NX)))
                                        invlva = TRUE;
                        }
                        if (origpte & PG_M) {
                                KASSERT((origpte & PG_RW),
        ("pmap_enter: modified page not writable: va: %#lx, pte: %#lx",
                                    va, origpte));
                                if ((origpte & PG_MANAGED) &&
                                    pmap_track_modified(va))
                                        vm_page_dirty(om);
                                if ((newpte & PG_RW) == 0)
                                        invlva = TRUE;
                        }
                        if (invlva)
                                pmap_invalidate_page(pmap, va);
                } else
                        pte_store(pte, newpte | PG_A);
        }
        vm_page_unlock_queues();
        PMAP_UNLOCK(pmap);
}

/*
 * this code makes some *MAJOR* assumptions:
 * 1. Current pmap & pmap exists.
 * 2. Not wired.
 * 3. Read access.
 * 4. No page table pages.
 * but is *MUCH* faster than pmap_enter...
 */

vm_page_t
pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
    vm_page_t mpte)
{
        pt_entry_t *pte;
        vm_paddr_t pa;

        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        VM_OBJECT_LOCK_ASSERT(m->object, MA_OWNED);
        PMAP_LOCK(pmap);

        /*
         * In the case that a page table page is not
         * resident, we are creating it here.
         */
        if (va < VM_MAXUSER_ADDRESS) {
                vm_pindex_t ptepindex;
                pd_entry_t *ptepa;

                /*
                 * Calculate pagetable page index
                 */
                ptepindex = pmap_pde_pindex(va);
                if (mpte && (mpte->pindex == ptepindex)) {
                        mpte->wire_count++;
                } else {
        retry:
                        /*
                         * Get the page directory entry
                         */
                        ptepa = pmap_pde(pmap, va);

                        /*
                         * If the page table page is mapped, we just increment
                         * the hold count, and activate it.
                         */
                        if (ptepa && (*ptepa & PG_V) != 0) {
                                if (*ptepa & PG_PS)
                                        panic("pmap_enter_quick: unexpected mapping into 2MB page");
                                mpte = PHYS_TO_VM_PAGE(*ptepa & PG_FRAME);
                                mpte->wire_count++;
                        } else {
                                mpte = _pmap_allocpte(pmap, ptepindex,
                                    M_NOWAIT);
                                if (mpte == NULL) {
                                        PMAP_UNLOCK(pmap);
                                        vm_page_busy(m);
                                        vm_page_unlock_queues();
                                        VM_OBJECT_UNLOCK(m->object);
                                        VM_WAIT;
                                        VM_OBJECT_LOCK(m->object);
                                        vm_page_lock_queues();
                                        vm_page_wakeup(m);
                                        PMAP_LOCK(pmap);
                                        goto retry;
                                }
                        }
                }
        } else {
                mpte = NULL;
        }

        /*
         * This call to vtopte makes the assumption that we are
         * entering the page into the current pmap.  In order to support
         * quick entry into any pmap, one would likely use pmap_pte.
         * But that isn't as quick as vtopte.
         */
        pte = vtopte(va);
        if (*pte) {
                if (mpte != NULL) {
                        pmap_unwire_pte_hold(pmap, va, mpte);
                        mpte = NULL;
                }
                goto out;
        }

        /*
         * Enter on the PV list if part of our managed memory. Note that we
         * raise IPL while manipulating pv_table since pmap_enter can be
         * called at interrupt time.
         */
        if ((m->flags & (PG_FICTITIOUS|PG_UNMANAGED)) == 0)
                pmap_insert_entry(pmap, va, m);

        /*
         * Increment counters
         */
        pmap->pm_stats.resident_count++;

        pa = VM_PAGE_TO_PHYS(m);
        if ((prot & VM_PROT_EXECUTE) == 0)
                pa |= pg_nx;

        /*
         * Now validate mapping with RO protection
         */
        if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
                pte_store(pte, pa | PG_V | PG_U);
        else
                pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
out:
        PMAP_UNLOCK(pmap);
        return mpte;
}

/*
 * Make a temporary mapping for a physical address.  This is only intended
 * to be used for panic dumps.
 */
void *
pmap_kenter_temporary(vm_paddr_t pa, int i)
{
        vm_offset_t va;

        va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
        pmap_kenter(va, pa);
        invlpg(va);
        return ((void *)crashdumpmap);
}

/*
 * This code maps large physical mmap regions into the
 * processor address space.  Note that some shortcuts
 * are taken, but the code works.
 */
void
pmap_object_init_pt(pmap_t pmap, vm_offset_t addr,
                    vm_object_t object, vm_pindex_t pindex,
                    vm_size_t size)
{
        vm_offset_t va;
        vm_page_t p, pdpg;

        VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
        KASSERT(object->type == OBJT_DEVICE,
            ("pmap_object_init_pt: non-device object"));
        if (((addr & (NBPDR - 1)) == 0) && ((size & (NBPDR - 1)) == 0)) {
                vm_page_t m[1];
                pd_entry_t ptepa, *pde;

                PMAP_LOCK(pmap);
                pde = pmap_pde(pmap, addr);
                if (pde != 0 && (*pde & PG_V) != 0)
                        goto out;
                PMAP_UNLOCK(pmap);
retry:
                p = vm_page_lookup(object, pindex);
                if (p != NULL) {
                        vm_page_lock_queues();
                        if (vm_page_sleep_if_busy(p, FALSE, "init4p"))
                                goto retry;
                } else {
                        p = vm_page_alloc(object, pindex, VM_ALLOC_NORMAL);
                        if (p == NULL)
                                return;
                        m[0] = p;

                        if (vm_pager_get_pages(object, m, 1, 0) != VM_PAGER_OK) {
                                vm_page_lock_queues();
                                vm_page_free(p);
                                vm_page_unlock_queues();
                                return;
                        }

                        p = vm_page_lookup(object, pindex);
                        vm_page_lock_queues();
                        vm_page_wakeup(p);
                }
                vm_page_unlock_queues();

                ptepa = VM_PAGE_TO_PHYS(p);
                if (ptepa & (NBPDR - 1))
                        return;

                p->valid = VM_PAGE_BITS_ALL;

                PMAP_LOCK(pmap);
                for (va = addr; va < addr + size; va += NBPDR) {
                        while ((pdpg =
                            pmap_allocpde(pmap, va, M_NOWAIT)) == NULL) {
                                PMAP_UNLOCK(pmap);
                                vm_page_lock_queues();
                                vm_page_busy(p);
                                vm_page_unlock_queues();
                                VM_OBJECT_UNLOCK(object);
                                VM_WAIT;
                                VM_OBJECT_LOCK(object);
                                vm_page_lock_queues();
                                vm_page_wakeup(p);
                                vm_page_unlock_queues();
                                PMAP_LOCK(pmap);
                        }
                        pde = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
                        pde = &pde[pmap_pde_index(va)];
                        if ((*pde & PG_V) == 0) {
                                pde_store(pde, ptepa | PG_PS | PG_M | PG_A |
                                    PG_U | PG_RW | PG_V);
                                pmap->pm_stats.resident_count +=
                                    NBPDR / PAGE_SIZE;
                        } else {
                                pdpg->wire_count--;
                                KASSERT(pdpg->wire_count > 0,
                                    ("pmap_object_init_pt: missing reference "
                                     "to page directory page, va: 0x%lx", va));
                        }
                        ptepa += NBPDR;
                }
                pmap_invalidate_all(pmap);
out:
                PMAP_UNLOCK(pmap);
        }
}

/*
 *      Routine:        pmap_change_wiring
 *      Function:       Change the wiring attribute for a map/virtual-address
 *                      pair.
 *      In/out conditions:
 *                      The mapping must already exist in the pmap.
 */
void
pmap_change_wiring(pmap, va, wired)
        register pmap_t pmap;
        vm_offset_t va;
        boolean_t wired;
{
        register pt_entry_t *pte;

        /*
         * Wiring is not a hardware characteristic so there is no need to
         * invalidate TLB.
         */
        PMAP_LOCK(pmap);
        pte = pmap_pte(pmap, va);
        if (wired && (*pte & PG_W) == 0) {
                pmap->pm_stats.wired_count++;
                atomic_set_long(pte, PG_W);
        } else if (!wired && (*pte & PG_W) != 0) {
                pmap->pm_stats.wired_count--;
                atomic_clear_long(pte, PG_W);
        }
        PMAP_UNLOCK(pmap);
}



/*
 *      Copy the range specified by src_addr/len
 *      from the source map to the range dst_addr/len
 *      in the destination map.
 *
 *      This routine is only advisory and need not do anything.
 */

void
pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
          vm_offset_t src_addr)
{
        vm_offset_t addr;
        vm_offset_t end_addr = src_addr + len;
        vm_offset_t va_next;
        vm_page_t m;

        if (dst_addr != src_addr)
                return;

        if (!pmap_is_current(src_pmap))
                return;

        vm_page_lock_queues();
        if (dst_pmap < src_pmap) {
                PMAP_LOCK(dst_pmap);
                PMAP_LOCK(src_pmap);
        } else {
                PMAP_LOCK(src_pmap);
                PMAP_LOCK(dst_pmap);
        }
        for (addr = src_addr; addr < end_addr; addr = va_next) {
                pt_entry_t *src_pte, *dst_pte;
                vm_page_t dstmpde, dstmpte, srcmpte;
                pml4_entry_t *pml4e;
                pdp_entry_t *pdpe;
                pd_entry_t srcptepaddr, *pde;

                if (addr >= UPT_MIN_ADDRESS)
                        panic("pmap_copy: invalid to pmap_copy page tables");

                /*
                 * Don't let optional prefaulting of pages make us go
                 * way below the low water mark of free pages or way
                 * above high water mark of used pv entries.
                 */
                if (cnt.v_free_count < cnt.v_free_reserved ||
                    pv_entry_count > pv_entry_high_water)
                        break;
                
                pml4e = pmap_pml4e(src_pmap, addr);
                if ((*pml4e & PG_V) == 0) {
                        va_next = (addr + NBPML4) & ~PML4MASK;
                        continue;
                }

                pdpe = pmap_pml4e_to_pdpe(pml4e, addr);
                if ((*pdpe & PG_V) == 0) {
                        va_next = (addr + NBPDP) & ~PDPMASK;
                        continue;
                }

                va_next = (addr + NBPDR) & ~PDRMASK;

                pde = pmap_pdpe_to_pde(pdpe, addr);
                srcptepaddr = *pde;
                if (srcptepaddr == 0)
                        continue;
                        
                if (srcptepaddr & PG_PS) {
                        dstmpde = pmap_allocpde(dst_pmap, addr, M_NOWAIT);
                        if (dstmpde == NULL)
                                break;
                        pde = (pd_entry_t *)
                            PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpde));
                        pde = &pde[pmap_pde_index(addr)];
                        if (*pde == 0) {
                                *pde = srcptepaddr;
                                dst_pmap->pm_stats.resident_count +=
                                    NBPDR / PAGE_SIZE;
                        } else
                                pmap_unwire_pte_hold(dst_pmap, addr, dstmpde);
                        continue;
                }

                srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
                if (srcmpte->wire_count == 0)
                        panic("pmap_copy: source page table page is unused");

                if (va_next > end_addr)
                        va_next = end_addr;

                src_pte = vtopte(addr);
                while (addr < va_next) {
                        pt_entry_t ptetemp;
                        ptetemp = *src_pte;
                        /*
                         * we only virtual copy managed pages
                         */
                        if ((ptetemp & PG_MANAGED) != 0) {
                                /*
                                 * We have to check after allocpte for the
                                 * pte still being around...  allocpte can
                                 * block.
                                 */
                                dstmpte = pmap_allocpte(dst_pmap, addr,
                                    M_NOWAIT);
                                if (dstmpte == NULL)
                                        break;
                                dst_pte = (pt_entry_t *)
                                    PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
                                dst_pte = &dst_pte[pmap_pte_index(addr)];
                                if (*dst_pte == 0) {
                                        /*
                                         * Clear the modified and
                                         * accessed (referenced) bits
                                         * during the copy.
                                         */
                                        m = PHYS_TO_VM_PAGE(ptetemp & PG_FRAME);
                                        *dst_pte = ptetemp & ~(PG_M | PG_A);
                                        dst_pmap->pm_stats.resident_count++;
                                        pmap_insert_entry(dst_pmap, addr, m);
                                } else
                                        pmap_unwire_pte_hold(dst_pmap, addr, dstmpte);
                                if (dstmpte->wire_count >= srcmpte->wire_count)
                                        break;
                        }
                        addr += PAGE_SIZE;
                        src_pte++;
                }
        }
        vm_page_unlock_queues();
        PMAP_UNLOCK(src_pmap);
        PMAP_UNLOCK(dst_pmap);
}       

/*
 *      pmap_zero_page zeros the specified hardware page by mapping 
 *      the page into KVM and using bzero to clear its contents.
 */
void
pmap_zero_page(vm_page_t m)
{
        vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));

        pagezero((void *)va);
}

/*
 *      pmap_zero_page_area zeros the specified hardware page by mapping 
 *      the page into KVM and using bzero to clear its contents.
 *
 *      off and size may not cover an area beyond a single hardware page.
 */
void
pmap_zero_page_area(vm_page_t m, int off, int size)
{
        vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));

        if (off == 0 && size == PAGE_SIZE)
                pagezero((void *)va);
        else
                bzero((char *)va + off, size);
}

/*
 *      pmap_zero_page_idle zeros the specified hardware page by mapping 
 *      the page into KVM and using bzero to clear its contents.  This
 *      is intended to be called from the vm_pagezero process only and
 *      outside of Giant.
 */
void
pmap_zero_page_idle(vm_page_t m)
{
        vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));

        pagezero((void *)va);
}

/*
 *      pmap_copy_page copies the specified (machine independent)
 *      page by mapping the page into virtual memory and using
 *      bcopy to copy the page, one machine dependent page at a
 *      time.
 */
void
pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
{
        vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
        vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));

        pagecopy((void *)src, (void *)dst);
}

/*
 * Returns true if the pmap's pv is one of the first
 * 16 pvs linked to from this page.  This count may
 * be changed upwards or downwards in the future; it
 * is only necessary that true be returned for a small
 * subset of pmaps for proper page aging.
 */
boolean_t
pmap_page_exists_quick(pmap, m)
        pmap_t pmap;
        vm_page_t m;
{
        pv_entry_t pv;
        int loops = 0;

        if (m->flags & PG_FICTITIOUS)
                return FALSE;

        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
                if (pv->pv_pmap == pmap) {
                        return TRUE;
                }
                loops++;
                if (loops >= 16)
                        break;
        }
        return (FALSE);
}

#define PMAP_REMOVE_PAGES_CURPROC_ONLY
/*
 * Remove all pages from specified address space
 * this aids process exit speeds.  Also, this code
 * is special cased for current process only, but
 * can have the more generic (and slightly slower)
 * mode enabled.  This is much faster than pmap_remove
 * in the case of running down an entire address space.
 */
void
pmap_remove_pages(pmap, sva, eva)
        pmap_t pmap;
        vm_offset_t sva, eva;
{
        pt_entry_t *pte, tpte;
        vm_page_t m;
        pv_entry_t pv, npv;

#ifdef PMAP_REMOVE_PAGES_CURPROC_ONLY
        if (pmap != vmspace_pmap(curthread->td_proc->p_vmspace)) {
                printf("warning: pmap_remove_pages called with non-current pmap\n");
                return;
        }
#endif
        vm_page_lock_queues();
        PMAP_LOCK(pmap);
        for (pv = TAILQ_FIRST(&pmap->pm_pvlist); pv; pv = npv) {

                if (pv->pv_va >= eva || pv->pv_va < sva) {
                        npv = TAILQ_NEXT(pv, pv_plist);
                        continue;
                }

#ifdef PMAP_REMOVE_PAGES_CURPROC_ONLY
                pte = vtopte(pv->pv_va);
#else
                pte = pmap_pte(pmap, pv->pv_va);
#endif
                tpte = *pte;

                if (tpte == 0) {
                        printf("TPTE at %p  IS ZERO @ VA %08lx\n",
                                                        pte, pv->pv_va);
                        panic("bad pte");
                }

/*
 * We cannot remove wired pages from a process' mapping at this time
 */
                if (tpte & PG_W) {
                        npv = TAILQ_NEXT(pv, pv_plist);
                        continue;
                }

                m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
                KASSERT(m->phys_addr == (tpte & PG_FRAME),
                    ("vm_page_t %p phys_addr mismatch %016jx %016jx",
                    m, (uintmax_t)m->phys_addr, (uintmax_t)tpte));

                KASSERT(m < &vm_page_array[vm_page_array_size],
                        ("pmap_remove_pages: bad tpte %#jx", (uintmax_t)tpte));

                pmap->pm_stats.resident_count--;

                pte_clear(pte);

                /*
                 * Update the vm_page_t clean and reference bits.
                 */
                if (tpte & PG_M) {
                        vm_page_dirty(m);
                }

                npv = TAILQ_NEXT(pv, pv_plist);
                TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);

                m->md.pv_list_count--;
                TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
                if (TAILQ_EMPTY(&m->md.pv_list))
                        vm_page_flag_clear(m, PG_WRITEABLE);

                pmap_unuse_pt(pmap, pv->pv_va, *vtopde(pv->pv_va));
                free_pv_entry(pv);
        }
        pmap_invalidate_all(pmap);
        PMAP_UNLOCK(pmap);
        vm_page_unlock_queues();
}

/*
 *      pmap_is_modified:
 *
 *      Return whether or not the specified physical page was modified
 *      in any physical maps.
 */
boolean_t
pmap_is_modified(vm_page_t m)
{
        pv_entry_t pv;
        pt_entry_t *pte;
        boolean_t rv;

        rv = FALSE;
        if (m->flags & PG_FICTITIOUS)
                return (rv);

        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
                /*
                 * if the bit being tested is the modified bit, then
                 * mark clean_map and ptes as never
                 * modified.
                 */
                if (!pmap_track_modified(pv->pv_va))
                        continue;
                PMAP_LOCK(pv->pv_pmap);
                pte = pmap_pte(pv->pv_pmap, pv->pv_va);
                rv = (*pte & PG_M) != 0;
                PMAP_UNLOCK(pv->pv_pmap);
                if (rv)
                        break;
        }
        return (rv);
}

/*
 *      pmap_is_prefaultable:
 *
 *      Return whether or not the specified virtual address is elgible
 *      for prefault.
 */
boolean_t
pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
{
        pd_entry_t *pde;
        pt_entry_t *pte;
        boolean_t rv;

        rv = FALSE;
        PMAP_LOCK(pmap);
        pde = pmap_pde(pmap, addr);
        if (pde != NULL && (*pde & PG_V)) {
                pte = vtopte(addr);
                rv = (*pte & PG_V) == 0;
        }
        PMAP_UNLOCK(pmap);
        return (rv);
}

/*
 *      Clear the given bit in each of the given page's ptes.
 */
static __inline void
pmap_clear_ptes(vm_page_t m, long bit)
{
        register pv_entry_t pv;
        pt_entry_t pbits, *pte;

        if ((m->flags & PG_FICTITIOUS) ||
            (bit == PG_RW && (m->flags & PG_WRITEABLE) == 0))
                return;

        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        /*
         * Loop over all current mappings setting/clearing as appropos If
         * setting RO do we need to clear the VAC?
         */
        TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
                /*
                 * don't write protect pager mappings
                 */
                if (bit == PG_RW) {
                        if (!pmap_track_modified(pv->pv_va))
                                continue;
                }

                PMAP_LOCK(pv->pv_pmap);
                pte = pmap_pte(pv->pv_pmap, pv->pv_va);
retry:
                pbits = *pte;
                if (pbits & bit) {
                        if (bit == PG_RW) {
                                if (!atomic_cmpset_long(pte, pbits,
                                    pbits & ~(PG_RW | PG_M)))
                                        goto retry;
                                if (pbits & PG_M) {
                                        vm_page_dirty(m);
                                }
                        } else {
                                atomic_clear_long(pte, bit);
                        }
                        pmap_invalidate_page(pv->pv_pmap, pv->pv_va);
                }
                PMAP_UNLOCK(pv->pv_pmap);
        }
        if (bit == PG_RW)
                vm_page_flag_clear(m, PG_WRITEABLE);
}

/*
 *      pmap_page_protect:
 *
 *      Lower the permission for all mappings to a given page.
 */
void
pmap_page_protect(vm_page_t m, vm_prot_t prot)
{
        if ((prot & VM_PROT_WRITE) == 0) {
                if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
                        pmap_clear_ptes(m, PG_RW);
                } else {
                        pmap_remove_all(m);
                }
        }
}

/*
 *      pmap_ts_referenced:
 *
 *      Return a count of reference bits for a page, clearing those bits.
 *      It is not necessary for every reference bit to be cleared, but it
 *      is necessary that 0 only be returned when there are truly no
 *      reference bits set.
 *
 *      XXX: The exact number of bits to check and clear is a matter that
 *      should be tested and standardized at some point in the future for
 *      optimal aging of shared pages.
 */
int
pmap_ts_referenced(vm_page_t m)
{
        register pv_entry_t pv, pvf, pvn;
        pt_entry_t *pte;
        pt_entry_t v;
        int rtval = 0;

        if (m->flags & PG_FICTITIOUS)
                return (rtval);

        mtx_assert(&vm_page_queue_mtx, MA_OWNED);
        if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {

                pvf = pv;

                do {
                        pvn = TAILQ_NEXT(pv, pv_list);

                        TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);

                        TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);

                        if (!pmap_track_modified(pv->pv_va))
                                continue;

                        PMAP_LOCK(pv->pv_pmap);
                        pte = pmap_pte(pv->pv_pmap, pv->pv_va);

                        if (pte && ((v = pte_load(pte)) & PG_A) != 0) {
                                atomic_clear_long(pte, PG_A);
                                pmap_invalidate_page(pv->pv_pmap, pv->pv_va);

                                rtval++;
                                if (rtval > 4) {
                                        PMAP_UNLOCK(pv->pv_pmap);
                                        break;
                                }
                        }
                        PMAP_UNLOCK(pv->pv_pmap);
                } while ((pv = pvn) != NULL && pv != pvf);
        }

        return (rtval);
}

/*
 *      Clear the modify bits on the specified physical page.
 */
void
pmap_clear_modify(vm_page_t m)
{
        pmap_clear_ptes(m, PG_M);
}

/*
 *      pmap_clear_reference:
 *
 *      Clear the reference bit on the specified physical page.
 */
void
pmap_clear_reference(vm_page_t m)
{
        pmap_clear_ptes(m, PG_A);
}

/*
 * Miscellaneous support routines follow
 */

/*
 * Map a set of physical memory pages into the kernel virtual
 * address space. Return a pointer to where it is mapped. This
 * routine is intended to be used for mapping device memory,
 * NOT real memory.
 */
void *
pmap_mapdev(pa, size)
        vm_paddr_t pa;
        vm_size_t size;
{
        vm_offset_t va, tmpva, offset;

        /* If this fits within the direct map window, use it */
        if (pa < dmaplimit && (pa + size) < dmaplimit)
                return ((void *)PHYS_TO_DMAP(pa));
        offset = pa & PAGE_MASK;
        size = roundup(offset + size, PAGE_SIZE);
        va = kmem_alloc_nofault(kernel_map, size);
        if (!va)
                panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
        pa = trunc_page(pa);
        for (tmpva = va; size > 0; ) {
                pmap_kenter(tmpva, pa);
                size -= PAGE_SIZE;
                tmpva += PAGE_SIZE;
                pa += PAGE_SIZE;
        }
        pmap_invalidate_range(kernel_pmap, va, tmpva);
        return ((void *)(va + offset));
}

void
pmap_unmapdev(va, size)
        vm_offset_t va;
        vm_size_t size;
{
        vm_offset_t base, offset, tmpva;

        /* If we gave a direct map region in pmap_mapdev, do nothing */
        if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
                return;
        base = trunc_page(va);
        offset = va & PAGE_MASK;
        size = roundup(offset + size, PAGE_SIZE);
        for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE)
                pmap_kremove(tmpva);
        pmap_invalidate_range(kernel_pmap, va, tmpva);
        kmem_free(kernel_map, base, size);
}

/*
 * perform the pmap work for mincore
 */
int
pmap_mincore(pmap, addr)
        pmap_t pmap;
        vm_offset_t addr;
{
        pt_entry_t *ptep, pte;
        vm_page_t m;
        int val = 0;
        
        PMAP_LOCK(pmap);
        ptep = pmap_pte(pmap, addr);
        pte = (ptep != NULL) ? *ptep : 0;
        PMAP_UNLOCK(pmap);

        if (pte != 0) {
                vm_paddr_t pa;

                val = MINCORE_INCORE;
                if ((pte & PG_MANAGED) == 0)
                        return val;

                pa = pte & PG_FRAME;

                m = PHYS_TO_VM_PAGE(pa);

                /*
                 * Modified by us
                 */
                if (pte & PG_M)
                        val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
                else {
                        /*
                         * Modified by someone else
                         */
                        vm_page_lock_queues();
                        if (m->dirty || pmap_is_modified(m))
                                val |= MINCORE_MODIFIED_OTHER;
                        vm_page_unlock_queues();
                }
                /*
                 * Referenced by us
                 */
                if (pte & PG_A)
                        val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
                else {
                        /*
                         * Referenced by someone else
                         */
                        vm_page_lock_queues();
                        if ((m->flags & PG_REFERENCED) ||
                            pmap_ts_referenced(m)) {
                                val |= MINCORE_REFERENCED_OTHER;
                                vm_page_flag_set(m, PG_REFERENCED);
                        }
                        vm_page_unlock_queues();
                }
        } 
        return val;
}

void
pmap_activate(struct thread *td)
{
        struct proc *p = td->td_proc;
        pmap_t  pmap, oldpmap;
        u_int64_t  cr3;

        critical_enter();
        pmap = vmspace_pmap(td->td_proc->p_vmspace);
        oldpmap = PCPU_GET(curpmap);
#ifdef SMP
if (oldpmap)    /* XXX FIXME */
        atomic_clear_int(&oldpmap->pm_active, PCPU_GET(cpumask));
        atomic_set_int(&pmap->pm_active, PCPU_GET(cpumask));
#else
if (oldpmap)    /* XXX FIXME */
        oldpmap->pm_active &= ~PCPU_GET(cpumask);
        pmap->pm_active |= PCPU_GET(cpumask);
#endif
        cr3 = vtophys(pmap->pm_pml4);
        /* XXXKSE this is wrong.
         * pmap_activate is for the current thread on the current cpu
         */
        if (p->p_flag & P_SA) {
                /* Make sure all other cr3 entries are updated. */
                /* what if they are running?  XXXKSE (maybe abort them) */
                FOREACH_THREAD_IN_PROC(p, td) {
                        td->td_pcb->pcb_cr3 = cr3;
                }
        } else {
                td->td_pcb->pcb_cr3 = cr3;
        }
        load_cr3(cr3);
        critical_exit();
}

vm_offset_t
pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
{

        if ((obj == NULL) || (size < NBPDR) || (obj->type != OBJT_DEVICE)) {
                return addr;
        }

        addr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
        return addr;
}