2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1991 Regents of the University of California.
6 * Copyright (c) 1994 John S. Dyson
8 * Copyright (c) 1994 David Greenman
10 * Copyright (c) 2003 Peter Wemm
11 * All rights reserved.
12 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
13 * All rights reserved.
15 * This code is derived from software contributed to Berkeley by
16 * the Systems Programming Group of the University of Utah Computer
17 * Science Department and William Jolitz of UUNET Technologies Inc.
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 * 3. All advertising materials mentioning features or use of this software
28 * must display the following acknowledgement:
29 * This product includes software developed by the University of
30 * California, Berkeley and its contributors.
31 * 4. Neither the name of the University nor the names of its contributors
32 * may be used to endorse or promote products derived from this software
33 * without specific prior written permission.
35 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
36 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
38 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
39 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
40 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
41 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
42 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
43 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
44 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
50 * Copyright (c) 2003 Networks Associates Technology, Inc.
51 * Copyright (c) 2014-2019 The FreeBSD Foundation
52 * All rights reserved.
54 * This software was developed for the FreeBSD Project by Jake Burkholder,
55 * Safeport Network Services, and Network Associates Laboratories, the
56 * Security Research Division of Network Associates, Inc. under
57 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
58 * CHATS research program.
60 * Portions of this software were developed by
61 * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
62 * the FreeBSD Foundation.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #define AMD64_NPT_AWARE
88 #include <sys/cdefs.h>
89 __FBSDID("$FreeBSD$");
92 * Manages physical address maps.
94 * Since the information managed by this module is
95 * also stored by the logical address mapping module,
96 * this module may throw away valid virtual-to-physical
97 * mappings at almost any time. However, invalidations
98 * of virtual-to-physical mappings must be done as
101 * In order to cope with hardware architectures which
102 * make virtual-to-physical map invalidates expensive,
103 * this module may delay invalidate or reduced protection
104 * operations until such time as they are actually
105 * necessary. This module is given full information as
106 * to which processors are currently using which maps,
107 * and to when physical maps must be made correct.
111 #include "opt_pmap.h"
114 #include <sys/param.h>
115 #include <sys/bitstring.h>
117 #include <sys/systm.h>
118 #include <sys/kernel.h>
120 #include <sys/lock.h>
121 #include <sys/malloc.h>
122 #include <sys/mman.h>
123 #include <sys/mutex.h>
124 #include <sys/proc.h>
125 #include <sys/rangeset.h>
126 #include <sys/rwlock.h>
128 #include <sys/turnstile.h>
129 #include <sys/vmem.h>
130 #include <sys/vmmeter.h>
131 #include <sys/sched.h>
132 #include <sys/sysctl.h>
140 #include <vm/vm_param.h>
141 #include <vm/vm_kern.h>
142 #include <vm/vm_page.h>
143 #include <vm/vm_map.h>
144 #include <vm/vm_object.h>
145 #include <vm/vm_extern.h>
146 #include <vm/vm_pageout.h>
147 #include <vm/vm_pager.h>
148 #include <vm/vm_phys.h>
149 #include <vm/vm_radix.h>
150 #include <vm/vm_reserv.h>
153 #include <machine/intr_machdep.h>
154 #include <x86/apicvar.h>
155 #include <x86/ifunc.h>
156 #include <machine/cpu.h>
157 #include <machine/cputypes.h>
158 #include <machine/md_var.h>
159 #include <machine/pcb.h>
160 #include <machine/specialreg.h>
162 #include <machine/smp.h>
164 #include <machine/sysarch.h>
165 #include <machine/tss.h>
167 static __inline boolean_t
168 pmap_type_guest(pmap_t pmap)
171 return ((pmap->pm_type == PT_EPT) || (pmap->pm_type == PT_RVI));
174 static __inline boolean_t
175 pmap_emulate_ad_bits(pmap_t pmap)
178 return ((pmap->pm_flags & PMAP_EMULATE_AD_BITS) != 0);
181 static __inline pt_entry_t
182 pmap_valid_bit(pmap_t pmap)
186 switch (pmap->pm_type) {
192 if (pmap_emulate_ad_bits(pmap))
193 mask = EPT_PG_EMUL_V;
198 panic("pmap_valid_bit: invalid pm_type %d", pmap->pm_type);
204 static __inline pt_entry_t
205 pmap_rw_bit(pmap_t pmap)
209 switch (pmap->pm_type) {
215 if (pmap_emulate_ad_bits(pmap))
216 mask = EPT_PG_EMUL_RW;
221 panic("pmap_rw_bit: invalid pm_type %d", pmap->pm_type);
227 static pt_entry_t pg_g;
229 static __inline pt_entry_t
230 pmap_global_bit(pmap_t pmap)
234 switch (pmap->pm_type) {
243 panic("pmap_global_bit: invalid pm_type %d", pmap->pm_type);
249 static __inline pt_entry_t
250 pmap_accessed_bit(pmap_t pmap)
254 switch (pmap->pm_type) {
260 if (pmap_emulate_ad_bits(pmap))
266 panic("pmap_accessed_bit: invalid pm_type %d", pmap->pm_type);
272 static __inline pt_entry_t
273 pmap_modified_bit(pmap_t pmap)
277 switch (pmap->pm_type) {
283 if (pmap_emulate_ad_bits(pmap))
289 panic("pmap_modified_bit: invalid pm_type %d", pmap->pm_type);
295 static __inline pt_entry_t
296 pmap_pku_mask_bit(pmap_t pmap)
299 return (pmap->pm_type == PT_X86 ? X86_PG_PKU_MASK : 0);
302 #if !defined(DIAGNOSTIC)
303 #ifdef __GNUC_GNU_INLINE__
304 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
306 #define PMAP_INLINE extern inline
313 #define PV_STAT(x) do { x ; } while (0)
315 #define PV_STAT(x) do { } while (0)
318 #define pa_index(pa) ((pa) >> PDRSHIFT)
319 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
321 #define NPV_LIST_LOCKS MAXCPU
323 #define PHYS_TO_PV_LIST_LOCK(pa) \
324 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
326 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
327 struct rwlock **_lockp = (lockp); \
328 struct rwlock *_new_lock; \
330 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
331 if (_new_lock != *_lockp) { \
332 if (*_lockp != NULL) \
333 rw_wunlock(*_lockp); \
334 *_lockp = _new_lock; \
339 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
340 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
342 #define RELEASE_PV_LIST_LOCK(lockp) do { \
343 struct rwlock **_lockp = (lockp); \
345 if (*_lockp != NULL) { \
346 rw_wunlock(*_lockp); \
351 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
352 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
354 struct pmap kernel_pmap_store;
356 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
357 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
360 SYSCTL_INT(_machdep, OID_AUTO, nkpt, CTLFLAG_RD, &nkpt, 0,
361 "Number of kernel page table pages allocated on bootup");
364 vm_paddr_t dmaplimit;
365 vm_offset_t kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
368 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
370 static int pg_ps_enabled = 1;
371 SYSCTL_INT(_vm_pmap, OID_AUTO, pg_ps_enabled, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
372 &pg_ps_enabled, 0, "Are large page mappings enabled?");
374 #define PAT_INDEX_SIZE 8
375 static int pat_index[PAT_INDEX_SIZE]; /* cache mode to PAT index conversion */
377 static u_int64_t KPTphys; /* phys addr of kernel level 1 */
378 static u_int64_t KPDphys; /* phys addr of kernel level 2 */
379 u_int64_t KPDPphys; /* phys addr of kernel level 3 */
380 u_int64_t KPML4phys; /* phys addr of kernel level 4 */
382 static u_int64_t DMPDphys; /* phys addr of direct mapped level 2 */
383 static u_int64_t DMPDPphys; /* phys addr of direct mapped level 3 */
384 static int ndmpdpphys; /* number of DMPDPphys pages */
386 static vm_paddr_t KERNend; /* phys addr of end of bootstrap data */
389 * pmap_mapdev support pre initialization (i.e. console)
391 #define PMAP_PREINIT_MAPPING_COUNT 8
392 static struct pmap_preinit_mapping {
397 } pmap_preinit_mapping[PMAP_PREINIT_MAPPING_COUNT];
398 static int pmap_initialized;
401 * Data for the pv entry allocation mechanism.
402 * Updates to pv_invl_gen are protected by the pv_list_locks[]
403 * elements, but reads are not.
405 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
406 static struct mtx __exclusive_cache_line pv_chunks_mutex;
407 static struct rwlock __exclusive_cache_line pv_list_locks[NPV_LIST_LOCKS];
408 static u_long pv_invl_gen[NPV_LIST_LOCKS];
409 static struct md_page *pv_table;
410 static struct md_page pv_dummy;
413 * All those kernel PT submaps that BSD is so fond of
415 pt_entry_t *CMAP1 = NULL;
417 static vm_offset_t qframe = 0;
418 static struct mtx qframe_mtx;
420 static int pmap_flags = PMAP_PDE_SUPERPAGE; /* flags for x86 pmaps */
422 static vmem_t *large_vmem;
423 static u_int lm_ents;
424 #define PMAP_LARGEMAP_MAX_ADDRESS() \
425 (LARGEMAP_MIN_ADDRESS + NBPML4 * (u_long)lm_ents)
427 int pmap_pcid_enabled = 1;
428 SYSCTL_INT(_vm_pmap, OID_AUTO, pcid_enabled, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
429 &pmap_pcid_enabled, 0, "Is TLB Context ID enabled ?");
430 int invpcid_works = 0;
431 SYSCTL_INT(_vm_pmap, OID_AUTO, invpcid_works, CTLFLAG_RD, &invpcid_works, 0,
432 "Is the invpcid instruction available ?");
434 int __read_frequently pti = 0;
435 SYSCTL_INT(_vm_pmap, OID_AUTO, pti, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
437 "Page Table Isolation enabled");
438 static vm_object_t pti_obj;
439 static pml4_entry_t *pti_pml4;
440 static vm_pindex_t pti_pg_idx;
441 static bool pti_finalized;
443 struct pmap_pkru_range {
444 struct rs_el pkru_rs_el;
449 static uma_zone_t pmap_pkru_ranges_zone;
450 static bool pmap_pkru_same(pmap_t pmap, vm_offset_t sva, vm_offset_t eva);
451 static pt_entry_t pmap_pkru_get(pmap_t pmap, vm_offset_t va);
452 static void pmap_pkru_on_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva);
453 static void *pkru_dup_range(void *ctx, void *data);
454 static void pkru_free_range(void *ctx, void *node);
455 static int pmap_pkru_copy(pmap_t dst_pmap, pmap_t src_pmap);
456 static int pmap_pkru_deassign(pmap_t pmap, vm_offset_t sva, vm_offset_t eva);
457 static void pmap_pkru_deassign_all(pmap_t pmap);
460 pmap_pcid_save_cnt_proc(SYSCTL_HANDLER_ARGS)
467 res += cpuid_to_pcpu[i]->pc_pm_save_cnt;
469 return (sysctl_handle_64(oidp, &res, 0, req));
471 SYSCTL_PROC(_vm_pmap, OID_AUTO, pcid_save_cnt, CTLTYPE_U64 | CTLFLAG_RD |
472 CTLFLAG_MPSAFE, NULL, 0, pmap_pcid_save_cnt_proc, "QU",
473 "Count of saved TLB context on switch");
475 static LIST_HEAD(, pmap_invl_gen) pmap_invl_gen_tracker =
476 LIST_HEAD_INITIALIZER(&pmap_invl_gen_tracker);
477 static struct mtx invl_gen_mtx;
478 /* Fake lock object to satisfy turnstiles interface. */
479 static struct lock_object invl_gen_ts = {
482 static struct pmap_invl_gen pmap_invl_gen_head = {
486 static u_long pmap_invl_gen = 1;
488 #define PMAP_ASSERT_NOT_IN_DI() \
489 KASSERT(pmap_not_in_di(), ("DI already started"))
496 if ((cpu_feature2 & CPUID2_CX16) == 0)
499 TUNABLE_INT_FETCH("vm.pmap.di_locked", &tun);
504 sysctl_pmap_di_locked(SYSCTL_HANDLER_ARGS)
508 locked = pmap_di_locked();
509 return (sysctl_handle_int(oidp, &locked, 0, req));
511 SYSCTL_PROC(_vm_pmap, OID_AUTO, di_locked, CTLTYPE_INT | CTLFLAG_RDTUN |
512 CTLFLAG_MPSAFE, 0, 0, sysctl_pmap_di_locked, "",
513 "Locked delayed invalidation");
515 static bool pmap_not_in_di_l(void);
516 static bool pmap_not_in_di_u(void);
517 DEFINE_IFUNC(, bool, pmap_not_in_di, (void))
520 return (pmap_di_locked() ? pmap_not_in_di_l : pmap_not_in_di_u);
524 pmap_not_in_di_l(void)
526 struct pmap_invl_gen *invl_gen;
528 invl_gen = &curthread->td_md.md_invl_gen;
529 return (invl_gen->gen == 0);
533 pmap_thread_init_invl_gen_l(struct thread *td)
535 struct pmap_invl_gen *invl_gen;
537 invl_gen = &td->td_md.md_invl_gen;
542 * Start a new Delayed Invalidation (DI) block of code, executed by
543 * the current thread. Within a DI block, the current thread may
544 * destroy both the page table and PV list entries for a mapping and
545 * then release the corresponding PV list lock before ensuring that
546 * the mapping is flushed from the TLBs of any processors with the
550 pmap_delayed_invl_start_l(void)
552 struct pmap_invl_gen *invl_gen;
555 invl_gen = &curthread->td_md.md_invl_gen;
556 PMAP_ASSERT_NOT_IN_DI();
557 mtx_lock(&invl_gen_mtx);
558 if (LIST_EMPTY(&pmap_invl_gen_tracker))
559 currgen = pmap_invl_gen;
561 currgen = LIST_FIRST(&pmap_invl_gen_tracker)->gen;
562 invl_gen->gen = currgen + 1;
563 LIST_INSERT_HEAD(&pmap_invl_gen_tracker, invl_gen, link);
564 mtx_unlock(&invl_gen_mtx);
568 * Finish the DI block, previously started by the current thread. All
569 * required TLB flushes for the pages marked by
570 * pmap_delayed_invl_page() must be finished before this function is
573 * This function works by bumping the global DI generation number to
574 * the generation number of the current thread's DI, unless there is a
575 * pending DI that started earlier. In the latter case, bumping the
576 * global DI generation number would incorrectly signal that the
577 * earlier DI had finished. Instead, this function bumps the earlier
578 * DI's generation number to match the generation number of the
579 * current thread's DI.
582 pmap_delayed_invl_finish_l(void)
584 struct pmap_invl_gen *invl_gen, *next;
585 struct turnstile *ts;
587 invl_gen = &curthread->td_md.md_invl_gen;
588 KASSERT(invl_gen->gen != 0, ("missed invl_start"));
589 mtx_lock(&invl_gen_mtx);
590 next = LIST_NEXT(invl_gen, link);
592 turnstile_chain_lock(&invl_gen_ts);
593 ts = turnstile_lookup(&invl_gen_ts);
594 pmap_invl_gen = invl_gen->gen;
596 turnstile_broadcast(ts, TS_SHARED_QUEUE);
597 turnstile_unpend(ts);
599 turnstile_chain_unlock(&invl_gen_ts);
601 next->gen = invl_gen->gen;
603 LIST_REMOVE(invl_gen, link);
604 mtx_unlock(&invl_gen_mtx);
609 pmap_not_in_di_u(void)
611 struct pmap_invl_gen *invl_gen;
613 invl_gen = &curthread->td_md.md_invl_gen;
614 return (((uintptr_t)invl_gen->next & PMAP_INVL_GEN_NEXT_INVALID) != 0);
618 pmap_thread_init_invl_gen_u(struct thread *td)
620 struct pmap_invl_gen *invl_gen;
622 invl_gen = &td->td_md.md_invl_gen;
624 invl_gen->next = (void *)PMAP_INVL_GEN_NEXT_INVALID;
628 pmap_di_load_invl(struct pmap_invl_gen *ptr, struct pmap_invl_gen *out)
630 uint64_t new_high, new_low, old_high, old_low;
633 old_low = new_low = 0;
634 old_high = new_high = (uintptr_t)0;
636 __asm volatile("lock;cmpxchg16b\t%1;sete\t%0"
637 : "=r" (res), "+m" (*ptr), "+a" (old_low), "+d" (old_high)
638 : "b"(new_low), "c" (new_high)
641 if ((old_high & PMAP_INVL_GEN_NEXT_INVALID) != 0)
644 out->next = (void *)old_high;
647 out->next = (void *)new_high;
653 pmap_di_store_invl(struct pmap_invl_gen *ptr, struct pmap_invl_gen *old_val,
654 struct pmap_invl_gen *new_val)
656 uint64_t new_high, new_low, old_high, old_low;
659 new_low = new_val->gen;
660 new_high = (uintptr_t)new_val->next;
661 old_low = old_val->gen;
662 old_high = (uintptr_t)old_val->next;
664 __asm volatile("lock;cmpxchg16b\t%1;sete\t%0"
665 : "=r" (res), "+m" (*ptr), "+a" (old_low), "+d" (old_high)
666 : "b"(new_low), "c" (new_high)
672 static long invl_start_restart;
673 SYSCTL_LONG(_vm_pmap, OID_AUTO, invl_start_restart, CTLFLAG_RD,
674 &invl_start_restart, 0,
676 static long invl_finish_restart;
677 SYSCTL_LONG(_vm_pmap, OID_AUTO, invl_finish_restart, CTLFLAG_RD,
678 &invl_finish_restart, 0,
680 static int invl_max_qlen;
681 SYSCTL_INT(_vm_pmap, OID_AUTO, invl_max_qlen, CTLFLAG_RD,
686 static struct lock_delay_config __read_frequently di_delay;
687 LOCK_DELAY_SYSINIT_DEFAULT(di_delay);
690 pmap_delayed_invl_start_u(void)
692 struct pmap_invl_gen *invl_gen, *p, prev, new_prev;
694 struct lock_delay_arg lda;
702 invl_gen = &td->td_md.md_invl_gen;
703 PMAP_ASSERT_NOT_IN_DI();
704 lock_delay_arg_init(&lda, &di_delay);
705 invl_gen->saved_pri = 0;
706 pri = td->td_base_pri;
709 pri = td->td_base_pri;
711 invl_gen->saved_pri = pri;
718 for (p = &pmap_invl_gen_head;; p = prev.next) {
720 prevl = atomic_load_ptr(&p->next);
721 if ((prevl & PMAP_INVL_GEN_NEXT_INVALID) != 0) {
722 PV_STAT(atomic_add_long(&invl_start_restart, 1));
728 prev.next = (void *)prevl;
731 if ((ii = invl_max_qlen) < i)
732 atomic_cmpset_int(&invl_max_qlen, ii, i);
735 if (!pmap_di_load_invl(p, &prev) || prev.next != NULL) {
736 PV_STAT(atomic_add_long(&invl_start_restart, 1));
741 new_prev.gen = prev.gen;
742 new_prev.next = invl_gen;
743 invl_gen->gen = prev.gen + 1;
745 /* Formal fence between store to invl->gen and updating *p. */
746 atomic_thread_fence_rel();
749 * After inserting an invl_gen element with invalid bit set,
750 * this thread blocks any other thread trying to enter the
751 * delayed invalidation block. Do not allow to remove us from
752 * the CPU, because it causes starvation for other threads.
757 * ABA for *p is not possible there, since p->gen can only
758 * increase. So if the *p thread finished its di, then
759 * started a new one and got inserted into the list at the
760 * same place, its gen will appear greater than the previously
763 if (!pmap_di_store_invl(p, &prev, &new_prev)) {
765 PV_STAT(atomic_add_long(&invl_start_restart, 1));
771 * There we clear PMAP_INVL_GEN_NEXT_INVALID in
772 * invl_gen->next, allowing other threads to iterate past us.
773 * pmap_di_store_invl() provides fence between the generation
774 * write and the update of next.
776 invl_gen->next = NULL;
781 pmap_delayed_invl_finish_u_crit(struct pmap_invl_gen *invl_gen,
782 struct pmap_invl_gen *p)
784 struct pmap_invl_gen prev, new_prev;
788 * Load invl_gen->gen after setting invl_gen->next
789 * PMAP_INVL_GEN_NEXT_INVALID. This prevents larger
790 * generations to propagate to our invl_gen->gen. Lock prefix
791 * in atomic_set_ptr() worked as seq_cst fence.
793 mygen = atomic_load_long(&invl_gen->gen);
795 if (!pmap_di_load_invl(p, &prev) || prev.next != invl_gen)
798 KASSERT(prev.gen < mygen,
799 ("invalid di gen sequence %lu %lu", prev.gen, mygen));
800 new_prev.gen = mygen;
801 new_prev.next = (void *)((uintptr_t)invl_gen->next &
802 ~PMAP_INVL_GEN_NEXT_INVALID);
804 /* Formal fence between load of prev and storing update to it. */
805 atomic_thread_fence_rel();
807 return (pmap_di_store_invl(p, &prev, &new_prev));
811 pmap_delayed_invl_finish_u(void)
813 struct pmap_invl_gen *invl_gen, *p;
815 struct lock_delay_arg lda;
819 invl_gen = &td->td_md.md_invl_gen;
820 KASSERT(invl_gen->gen != 0, ("missed invl_start: gen 0"));
821 KASSERT(((uintptr_t)invl_gen->next & PMAP_INVL_GEN_NEXT_INVALID) == 0,
822 ("missed invl_start: INVALID"));
823 lock_delay_arg_init(&lda, &di_delay);
826 for (p = &pmap_invl_gen_head; p != NULL; p = (void *)prevl) {
827 prevl = atomic_load_ptr(&p->next);
828 if ((prevl & PMAP_INVL_GEN_NEXT_INVALID) != 0) {
829 PV_STAT(atomic_add_long(&invl_finish_restart, 1));
833 if ((void *)prevl == invl_gen)
838 * It is legitimate to not find ourself on the list if a
839 * thread before us finished its DI and started it again.
841 if (__predict_false(p == NULL)) {
842 PV_STAT(atomic_add_long(&invl_finish_restart, 1));
848 atomic_set_ptr((uintptr_t *)&invl_gen->next,
849 PMAP_INVL_GEN_NEXT_INVALID);
850 if (!pmap_delayed_invl_finish_u_crit(invl_gen, p)) {
851 atomic_clear_ptr((uintptr_t *)&invl_gen->next,
852 PMAP_INVL_GEN_NEXT_INVALID);
854 PV_STAT(atomic_add_long(&invl_finish_restart, 1));
859 if (invl_gen->saved_pri != 0) {
861 sched_prio(td, invl_gen->saved_pri);
867 DB_SHOW_COMMAND(di_queue, pmap_di_queue)
869 struct pmap_invl_gen *p, *pn;
874 for (p = &pmap_invl_gen_head, first = true; p != NULL; p = pn,
876 nextl = atomic_load_ptr(&p->next);
877 pn = (void *)(nextl & ~PMAP_INVL_GEN_NEXT_INVALID);
878 td = first ? NULL : __containerof(p, struct thread,
880 db_printf("gen %lu inv %d td %p tid %d\n", p->gen,
881 (nextl & PMAP_INVL_GEN_NEXT_INVALID) != 0, td,
882 td != NULL ? td->td_tid : -1);
888 static long invl_wait;
889 SYSCTL_LONG(_vm_pmap, OID_AUTO, invl_wait, CTLFLAG_RD, &invl_wait, 0,
890 "Number of times DI invalidation blocked pmap_remove_all/write");
894 pmap_delayed_invl_genp(vm_page_t m)
897 return (&pv_invl_gen[pa_index(VM_PAGE_TO_PHYS(m)) % NPV_LIST_LOCKS]);
901 * Ensure that all currently executing DI blocks, that need to flush
902 * TLB for the given page m, actually flushed the TLB at the time the
903 * function returned. If the page m has an empty PV list and we call
904 * pmap_delayed_invl_wait(), upon its return we know that no CPU has a
905 * valid mapping for the page m in either its page table or TLB.
907 * This function works by blocking until the global DI generation
908 * number catches up with the generation number associated with the
909 * given page m and its PV list. Since this function's callers
910 * typically own an object lock and sometimes own a page lock, it
911 * cannot sleep. Instead, it blocks on a turnstile to relinquish the
915 pmap_delayed_invl_wait_l(vm_page_t m)
917 struct turnstile *ts;
920 bool accounted = false;
923 m_gen = pmap_delayed_invl_genp(m);
924 while (*m_gen > pmap_invl_gen) {
927 atomic_add_long(&invl_wait, 1);
931 ts = turnstile_trywait(&invl_gen_ts);
932 if (*m_gen > pmap_invl_gen)
933 turnstile_wait(ts, NULL, TS_SHARED_QUEUE);
935 turnstile_cancel(ts);
940 pmap_delayed_invl_wait_u(vm_page_t m)
944 bool accounted = false;
947 m_gen = pmap_delayed_invl_genp(m);
948 while (*m_gen > atomic_load_long(&pmap_invl_gen_head.gen)) {
951 atomic_add_long(&invl_wait, 1);
955 kern_yield(PRI_USER);
959 DEFINE_IFUNC(, void, pmap_thread_init_invl_gen, (struct thread *))
962 return (pmap_di_locked() ? pmap_thread_init_invl_gen_l :
963 pmap_thread_init_invl_gen_u);
966 DEFINE_IFUNC(static, void, pmap_delayed_invl_start, (void))
969 return (pmap_di_locked() ? pmap_delayed_invl_start_l :
970 pmap_delayed_invl_start_u);
973 DEFINE_IFUNC(static, void, pmap_delayed_invl_finish, (void))
976 return (pmap_di_locked() ? pmap_delayed_invl_finish_l :
977 pmap_delayed_invl_finish_u);
980 DEFINE_IFUNC(static, void, pmap_delayed_invl_wait, (vm_page_t))
983 return (pmap_di_locked() ? pmap_delayed_invl_wait_l :
984 pmap_delayed_invl_wait_u);
988 * Mark the page m's PV list as participating in the current thread's
989 * DI block. Any threads concurrently using m's PV list to remove or
990 * restrict all mappings to m will wait for the current thread's DI
991 * block to complete before proceeding.
993 * The function works by setting the DI generation number for m's PV
994 * list to at least the DI generation number of the current thread.
995 * This forces a caller of pmap_delayed_invl_wait() to block until
996 * current thread calls pmap_delayed_invl_finish().
999 pmap_delayed_invl_page(vm_page_t m)
1003 rw_assert(VM_PAGE_TO_PV_LIST_LOCK(m), RA_WLOCKED);
1004 gen = curthread->td_md.md_invl_gen.gen;
1007 m_gen = pmap_delayed_invl_genp(m);
1015 static caddr_t crashdumpmap;
1018 * Internal flags for pmap_enter()'s helper functions.
1020 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
1021 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
1023 static void free_pv_chunk(struct pv_chunk *pc);
1024 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
1025 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
1026 static int popcnt_pc_map_pq(uint64_t *map);
1027 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
1028 static void reserve_pv_entries(pmap_t pmap, int needed,
1029 struct rwlock **lockp);
1030 static void pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1031 struct rwlock **lockp);
1032 static bool pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, pd_entry_t pde,
1033 u_int flags, struct rwlock **lockp);
1034 #if VM_NRESERVLEVEL > 0
1035 static void pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1036 struct rwlock **lockp);
1038 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
1039 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
1042 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode,
1044 static boolean_t pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va);
1045 static boolean_t pmap_demote_pde_locked(pmap_t pmap, pd_entry_t *pde,
1046 vm_offset_t va, struct rwlock **lockp);
1047 static boolean_t pmap_demote_pdpe(pmap_t pmap, pdp_entry_t *pdpe,
1049 static bool pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m,
1050 vm_prot_t prot, struct rwlock **lockp);
1051 static int pmap_enter_pde(pmap_t pmap, vm_offset_t va, pd_entry_t newpde,
1052 u_int flags, vm_page_t m, struct rwlock **lockp);
1053 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
1054 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
1055 static void pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte);
1056 static int pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte, bool promoted);
1057 static void pmap_invalidate_cache_range_selfsnoop(vm_offset_t sva,
1059 static void pmap_invalidate_cache_range_all(vm_offset_t sva,
1061 static void pmap_invalidate_pde_page(pmap_t pmap, vm_offset_t va,
1063 static void pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode);
1064 static vm_page_t pmap_large_map_getptp_unlocked(void);
1065 static vm_paddr_t pmap_large_map_kextract(vm_offset_t va);
1066 static void pmap_pde_attr(pd_entry_t *pde, int cache_bits, int mask);
1067 #if VM_NRESERVLEVEL > 0
1068 static void pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va,
1069 struct rwlock **lockp);
1071 static boolean_t pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva,
1073 static void pmap_pte_attr(pt_entry_t *pte, int cache_bits, int mask);
1074 static void pmap_pti_add_kva_locked(vm_offset_t sva, vm_offset_t eva,
1076 static pdp_entry_t *pmap_pti_pdpe(vm_offset_t va);
1077 static pd_entry_t *pmap_pti_pde(vm_offset_t va);
1078 static void pmap_pti_wire_pte(void *pte);
1079 static int pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
1080 struct spglist *free, struct rwlock **lockp);
1081 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
1082 pd_entry_t ptepde, struct spglist *free, struct rwlock **lockp);
1083 static vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
1084 static void pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
1085 struct spglist *free);
1086 static bool pmap_remove_ptes(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
1087 pd_entry_t *pde, struct spglist *free,
1088 struct rwlock **lockp);
1089 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
1090 vm_page_t m, struct rwlock **lockp);
1091 static void pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
1093 static void pmap_update_pde_invalidate(pmap_t, vm_offset_t va, pd_entry_t pde);
1095 static vm_page_t _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex,
1096 struct rwlock **lockp);
1097 static vm_page_t pmap_allocpde(pmap_t pmap, vm_offset_t va,
1098 struct rwlock **lockp);
1099 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va,
1100 struct rwlock **lockp);
1102 static void _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m,
1103 struct spglist *free);
1104 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
1106 /********************/
1107 /* Inline functions */
1108 /********************/
1110 /* Return a non-clipped PD index for a given VA */
1111 static __inline vm_pindex_t
1112 pmap_pde_pindex(vm_offset_t va)
1114 return (va >> PDRSHIFT);
1118 /* Return a pointer to the PML4 slot that corresponds to a VA */
1119 static __inline pml4_entry_t *
1120 pmap_pml4e(pmap_t pmap, vm_offset_t va)
1123 return (&pmap->pm_pml4[pmap_pml4e_index(va)]);
1126 /* Return a pointer to the PDP slot that corresponds to a VA */
1127 static __inline pdp_entry_t *
1128 pmap_pml4e_to_pdpe(pml4_entry_t *pml4e, vm_offset_t va)
1132 pdpe = (pdp_entry_t *)PHYS_TO_DMAP(*pml4e & PG_FRAME);
1133 return (&pdpe[pmap_pdpe_index(va)]);
1136 /* Return a pointer to the PDP slot that corresponds to a VA */
1137 static __inline pdp_entry_t *
1138 pmap_pdpe(pmap_t pmap, vm_offset_t va)
1140 pml4_entry_t *pml4e;
1143 PG_V = pmap_valid_bit(pmap);
1144 pml4e = pmap_pml4e(pmap, va);
1145 if ((*pml4e & PG_V) == 0)
1147 return (pmap_pml4e_to_pdpe(pml4e, va));
1150 /* Return a pointer to the PD slot that corresponds to a VA */
1151 static __inline pd_entry_t *
1152 pmap_pdpe_to_pde(pdp_entry_t *pdpe, vm_offset_t va)
1156 pde = (pd_entry_t *)PHYS_TO_DMAP(*pdpe & PG_FRAME);
1157 return (&pde[pmap_pde_index(va)]);
1160 /* Return a pointer to the PD slot that corresponds to a VA */
1161 static __inline pd_entry_t *
1162 pmap_pde(pmap_t pmap, vm_offset_t va)
1167 PG_V = pmap_valid_bit(pmap);
1168 pdpe = pmap_pdpe(pmap, va);
1169 if (pdpe == NULL || (*pdpe & PG_V) == 0)
1171 return (pmap_pdpe_to_pde(pdpe, va));
1174 /* Return a pointer to the PT slot that corresponds to a VA */
1175 static __inline pt_entry_t *
1176 pmap_pde_to_pte(pd_entry_t *pde, vm_offset_t va)
1180 pte = (pt_entry_t *)PHYS_TO_DMAP(*pde & PG_FRAME);
1181 return (&pte[pmap_pte_index(va)]);
1184 /* Return a pointer to the PT slot that corresponds to a VA */
1185 static __inline pt_entry_t *
1186 pmap_pte(pmap_t pmap, vm_offset_t va)
1191 PG_V = pmap_valid_bit(pmap);
1192 pde = pmap_pde(pmap, va);
1193 if (pde == NULL || (*pde & PG_V) == 0)
1195 if ((*pde & PG_PS) != 0) /* compat with i386 pmap_pte() */
1196 return ((pt_entry_t *)pde);
1197 return (pmap_pde_to_pte(pde, va));
1200 static __inline void
1201 pmap_resident_count_inc(pmap_t pmap, int count)
1204 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1205 pmap->pm_stats.resident_count += count;
1208 static __inline void
1209 pmap_resident_count_dec(pmap_t pmap, int count)
1212 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1213 KASSERT(pmap->pm_stats.resident_count >= count,
1214 ("pmap %p resident count underflow %ld %d", pmap,
1215 pmap->pm_stats.resident_count, count));
1216 pmap->pm_stats.resident_count -= count;
1219 PMAP_INLINE pt_entry_t *
1220 vtopte(vm_offset_t va)
1222 u_int64_t mask = ((1ul << (NPTEPGSHIFT + NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
1224 KASSERT(va >= VM_MAXUSER_ADDRESS, ("vtopte on a uva/gpa 0x%0lx", va));
1226 return (PTmap + ((va >> PAGE_SHIFT) & mask));
1229 static __inline pd_entry_t *
1230 vtopde(vm_offset_t va)
1232 u_int64_t mask = ((1ul << (NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
1234 KASSERT(va >= VM_MAXUSER_ADDRESS, ("vtopde on a uva/gpa 0x%0lx", va));
1236 return (PDmap + ((va >> PDRSHIFT) & mask));
1240 allocpages(vm_paddr_t *firstaddr, int n)
1245 bzero((void *)ret, n * PAGE_SIZE);
1246 *firstaddr += n * PAGE_SIZE;
1250 CTASSERT(powerof2(NDMPML4E));
1252 /* number of kernel PDP slots */
1253 #define NKPDPE(ptpgs) howmany(ptpgs, NPDEPG)
1256 nkpt_init(vm_paddr_t addr)
1263 pt_pages = howmany(addr, 1 << PDRSHIFT);
1264 pt_pages += NKPDPE(pt_pages);
1267 * Add some slop beyond the bare minimum required for bootstrapping
1270 * This is quite important when allocating KVA for kernel modules.
1271 * The modules are required to be linked in the negative 2GB of
1272 * the address space. If we run out of KVA in this region then
1273 * pmap_growkernel() will need to allocate page table pages to map
1274 * the entire 512GB of KVA space which is an unnecessary tax on
1277 * Secondly, device memory mapped as part of setting up the low-
1278 * level console(s) is taken from KVA, starting at virtual_avail.
1279 * This is because cninit() is called after pmap_bootstrap() but
1280 * before vm_init() and pmap_init(). 20MB for a frame buffer is
1283 pt_pages += 32; /* 64MB additional slop. */
1289 * Returns the proper write/execute permission for a physical page that is
1290 * part of the initial boot allocations.
1292 * If the page has kernel text, it is marked as read-only. If the page has
1293 * kernel read-only data, it is marked as read-only/not-executable. If the
1294 * page has only read-write data, it is marked as read-write/not-executable.
1295 * If the page is below/above the kernel range, it is marked as read-write.
1297 * This function operates on 2M pages, since we map the kernel space that
1300 * Note that this doesn't currently provide any protection for modules.
1302 static inline pt_entry_t
1303 bootaddr_rwx(vm_paddr_t pa)
1307 * Everything in the same 2M page as the start of the kernel
1308 * should be static. On the other hand, things in the same 2M
1309 * page as the end of the kernel could be read-write/executable,
1310 * as the kernel image is not guaranteed to end on a 2M boundary.
1312 if (pa < trunc_2mpage(btext - KERNBASE) ||
1313 pa >= trunc_2mpage(_end - KERNBASE))
1316 * The linker should ensure that the read-only and read-write
1317 * portions don't share the same 2M page, so this shouldn't
1318 * impact read-only data. However, in any case, any page with
1319 * read-write data needs to be read-write.
1321 if (pa >= trunc_2mpage(brwsection - KERNBASE))
1322 return (X86_PG_RW | pg_nx);
1324 * Mark any 2M page containing kernel text as read-only. Mark
1325 * other pages with read-only data as read-only and not executable.
1326 * (It is likely a small portion of the read-only data section will
1327 * be marked as read-only, but executable. This should be acceptable
1328 * since the read-only protection will keep the data from changing.)
1329 * Note that fixups to the .text section will still work until we
1332 if (pa < round_2mpage(etext - KERNBASE))
1338 create_pagetables(vm_paddr_t *firstaddr)
1340 int i, j, ndm1g, nkpdpe, nkdmpde;
1344 uint64_t DMPDkernphys;
1346 /* Allocate page table pages for the direct map */
1347 ndmpdp = howmany(ptoa(Maxmem), NBPDP);
1348 if (ndmpdp < 4) /* Minimum 4GB of dirmap */
1350 ndmpdpphys = howmany(ndmpdp, NPDPEPG);
1351 if (ndmpdpphys > NDMPML4E) {
1353 * Each NDMPML4E allows 512 GB, so limit to that,
1354 * and then readjust ndmpdp and ndmpdpphys.
1356 printf("NDMPML4E limits system to %d GB\n", NDMPML4E * 512);
1357 Maxmem = atop(NDMPML4E * NBPML4);
1358 ndmpdpphys = NDMPML4E;
1359 ndmpdp = NDMPML4E * NPDEPG;
1361 DMPDPphys = allocpages(firstaddr, ndmpdpphys);
1363 if ((amd_feature & AMDID_PAGE1GB) != 0) {
1365 * Calculate the number of 1G pages that will fully fit in
1368 ndm1g = ptoa(Maxmem) >> PDPSHIFT;
1371 * Allocate 2M pages for the kernel. These will be used in
1372 * place of the first one or more 1G pages from ndm1g.
1374 nkdmpde = howmany((vm_offset_t)(brwsection - KERNBASE), NBPDP);
1375 DMPDkernphys = allocpages(firstaddr, nkdmpde);
1378 DMPDphys = allocpages(firstaddr, ndmpdp - ndm1g);
1379 dmaplimit = (vm_paddr_t)ndmpdp << PDPSHIFT;
1381 /* Allocate pages */
1382 KPML4phys = allocpages(firstaddr, 1);
1383 KPDPphys = allocpages(firstaddr, NKPML4E);
1386 * Allocate the initial number of kernel page table pages required to
1387 * bootstrap. We defer this until after all memory-size dependent
1388 * allocations are done (e.g. direct map), so that we don't have to
1389 * build in too much slop in our estimate.
1391 * Note that when NKPML4E > 1, we have an empty page underneath
1392 * all but the KPML4I'th one, so we need NKPML4E-1 extra (zeroed)
1393 * pages. (pmap_enter requires a PD page to exist for each KPML4E.)
1395 nkpt_init(*firstaddr);
1396 nkpdpe = NKPDPE(nkpt);
1398 KPTphys = allocpages(firstaddr, nkpt);
1399 KPDphys = allocpages(firstaddr, nkpdpe);
1402 * Connect the zero-filled PT pages to their PD entries. This
1403 * implicitly maps the PT pages at their correct locations within
1406 pd_p = (pd_entry_t *)KPDphys;
1407 for (i = 0; i < nkpt; i++)
1408 pd_p[i] = (KPTphys + ptoa(i)) | X86_PG_RW | X86_PG_V;
1411 * Map from physical address zero to the end of loader preallocated
1412 * memory using 2MB pages. This replaces some of the PD entries
1415 for (i = 0; (i << PDRSHIFT) < KERNend; i++)
1416 /* Preset PG_M and PG_A because demotion expects it. */
1417 pd_p[i] = (i << PDRSHIFT) | X86_PG_V | PG_PS | pg_g |
1418 X86_PG_M | X86_PG_A | bootaddr_rwx(i << PDRSHIFT);
1421 * Because we map the physical blocks in 2M pages, adjust firstaddr
1422 * to record the physical blocks we've actually mapped into kernel
1423 * virtual address space.
1425 if (*firstaddr < round_2mpage(KERNend))
1426 *firstaddr = round_2mpage(KERNend);
1428 /* And connect up the PD to the PDP (leaving room for L4 pages) */
1429 pdp_p = (pdp_entry_t *)(KPDPphys + ptoa(KPML4I - KPML4BASE));
1430 for (i = 0; i < nkpdpe; i++)
1431 pdp_p[i + KPDPI] = (KPDphys + ptoa(i)) | X86_PG_RW | X86_PG_V;
1434 * Now, set up the direct map region using 2MB and/or 1GB pages. If
1435 * the end of physical memory is not aligned to a 1GB page boundary,
1436 * then the residual physical memory is mapped with 2MB pages. Later,
1437 * if pmap_mapdev{_attr}() uses the direct map for non-write-back
1438 * memory, pmap_change_attr() will demote any 2MB or 1GB page mappings
1439 * that are partially used.
1441 pd_p = (pd_entry_t *)DMPDphys;
1442 for (i = NPDEPG * ndm1g, j = 0; i < NPDEPG * ndmpdp; i++, j++) {
1443 pd_p[j] = (vm_paddr_t)i << PDRSHIFT;
1444 /* Preset PG_M and PG_A because demotion expects it. */
1445 pd_p[j] |= X86_PG_RW | X86_PG_V | PG_PS | pg_g |
1446 X86_PG_M | X86_PG_A | pg_nx;
1448 pdp_p = (pdp_entry_t *)DMPDPphys;
1449 for (i = 0; i < ndm1g; i++) {
1450 pdp_p[i] = (vm_paddr_t)i << PDPSHIFT;
1451 /* Preset PG_M and PG_A because demotion expects it. */
1452 pdp_p[i] |= X86_PG_RW | X86_PG_V | PG_PS | pg_g |
1453 X86_PG_M | X86_PG_A | pg_nx;
1455 for (j = 0; i < ndmpdp; i++, j++) {
1456 pdp_p[i] = DMPDphys + ptoa(j);
1457 pdp_p[i] |= X86_PG_RW | X86_PG_V;
1461 * Instead of using a 1G page for the memory containing the kernel,
1462 * use 2M pages with appropriate permissions. (If using 1G pages,
1463 * this will partially overwrite the PDPEs above.)
1466 pd_p = (pd_entry_t *)DMPDkernphys;
1467 for (i = 0; i < (NPDEPG * nkdmpde); i++)
1468 pd_p[i] = (i << PDRSHIFT) | X86_PG_V | PG_PS | pg_g |
1469 X86_PG_M | X86_PG_A | pg_nx |
1470 bootaddr_rwx(i << PDRSHIFT);
1471 for (i = 0; i < nkdmpde; i++)
1472 pdp_p[i] = (DMPDkernphys + ptoa(i)) | X86_PG_RW |
1476 /* And recursively map PML4 to itself in order to get PTmap */
1477 p4_p = (pml4_entry_t *)KPML4phys;
1478 p4_p[PML4PML4I] = KPML4phys;
1479 p4_p[PML4PML4I] |= X86_PG_RW | X86_PG_V | pg_nx;
1481 /* Connect the Direct Map slot(s) up to the PML4. */
1482 for (i = 0; i < ndmpdpphys; i++) {
1483 p4_p[DMPML4I + i] = DMPDPphys + ptoa(i);
1484 p4_p[DMPML4I + i] |= X86_PG_RW | X86_PG_V;
1487 /* Connect the KVA slots up to the PML4 */
1488 for (i = 0; i < NKPML4E; i++) {
1489 p4_p[KPML4BASE + i] = KPDPphys + ptoa(i);
1490 p4_p[KPML4BASE + i] |= X86_PG_RW | X86_PG_V;
1495 * Bootstrap the system enough to run with virtual memory.
1497 * On amd64 this is called after mapping has already been enabled
1498 * and just syncs the pmap module with what has already been done.
1499 * [We can't call it easily with mapping off since the kernel is not
1500 * mapped with PA == VA, hence we would have to relocate every address
1501 * from the linked base (virtual) address "KERNBASE" to the actual
1502 * (physical) address starting relative to 0]
1505 pmap_bootstrap(vm_paddr_t *firstaddr)
1513 KERNend = *firstaddr;
1514 res = atop(KERNend - (vm_paddr_t)kernphys);
1520 * Create an initial set of page tables to run the kernel in.
1522 create_pagetables(firstaddr);
1525 * Add a physical memory segment (vm_phys_seg) corresponding to the
1526 * preallocated kernel page table pages so that vm_page structures
1527 * representing these pages will be created. The vm_page structures
1528 * are required for promotion of the corresponding kernel virtual
1529 * addresses to superpage mappings.
1531 vm_phys_add_seg(KPTphys, KPTphys + ptoa(nkpt));
1534 * Account for the virtual addresses mapped by create_pagetables().
1536 virtual_avail = (vm_offset_t)KERNBASE + round_2mpage(KERNend);
1537 virtual_end = VM_MAX_KERNEL_ADDRESS;
1540 * Enable PG_G global pages, then switch to the kernel page
1541 * table from the bootstrap page table. After the switch, it
1542 * is possible to enable SMEP and SMAP since PG_U bits are
1548 load_cr3(KPML4phys);
1549 if (cpu_stdext_feature & CPUID_STDEXT_SMEP)
1551 if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
1556 * Initialize the kernel pmap (which is statically allocated).
1557 * Count bootstrap data as being resident in case any of this data is
1558 * later unmapped (using pmap_remove()) and freed.
1560 PMAP_LOCK_INIT(kernel_pmap);
1561 kernel_pmap->pm_pml4 = (pdp_entry_t *)PHYS_TO_DMAP(KPML4phys);
1562 kernel_pmap->pm_cr3 = KPML4phys;
1563 kernel_pmap->pm_ucr3 = PMAP_NO_CR3;
1564 CPU_FILL(&kernel_pmap->pm_active); /* don't allow deactivation */
1565 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
1566 kernel_pmap->pm_stats.resident_count = res;
1567 kernel_pmap->pm_flags = pmap_flags;
1570 * Initialize the TLB invalidations generation number lock.
1572 mtx_init(&invl_gen_mtx, "invlgn", NULL, MTX_DEF);
1575 * Reserve some special page table entries/VA space for temporary
1578 #define SYSMAP(c, p, v, n) \
1579 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
1585 * Crashdump maps. The first page is reused as CMAP1 for the
1588 SYSMAP(caddr_t, CMAP1, crashdumpmap, MAXDUMPPGS)
1589 CADDR1 = crashdumpmap;
1594 * Initialize the PAT MSR.
1595 * pmap_init_pat() clears and sets CR4_PGE, which, as a
1596 * side-effect, invalidates stale PG_G TLB entries that might
1597 * have been created in our pre-boot environment.
1601 /* Initialize TLB Context Id. */
1602 if (pmap_pcid_enabled) {
1603 for (i = 0; i < MAXCPU; i++) {
1604 kernel_pmap->pm_pcids[i].pm_pcid = PMAP_PCID_KERN;
1605 kernel_pmap->pm_pcids[i].pm_gen = 1;
1609 * PMAP_PCID_KERN + 1 is used for initialization of
1610 * proc0 pmap. The pmap' pcid state might be used by
1611 * EFIRT entry before first context switch, so it
1612 * needs to be valid.
1614 PCPU_SET(pcid_next, PMAP_PCID_KERN + 2);
1615 PCPU_SET(pcid_gen, 1);
1618 * pcpu area for APs is zeroed during AP startup.
1619 * pc_pcid_next and pc_pcid_gen are initialized by AP
1620 * during pcpu setup.
1622 load_cr4(rcr4() | CR4_PCIDE);
1627 * Setup the PAT MSR.
1636 /* Bail if this CPU doesn't implement PAT. */
1637 if ((cpu_feature & CPUID_PAT) == 0)
1640 /* Set default PAT index table. */
1641 for (i = 0; i < PAT_INDEX_SIZE; i++)
1643 pat_index[PAT_WRITE_BACK] = 0;
1644 pat_index[PAT_WRITE_THROUGH] = 1;
1645 pat_index[PAT_UNCACHEABLE] = 3;
1646 pat_index[PAT_WRITE_COMBINING] = 6;
1647 pat_index[PAT_WRITE_PROTECTED] = 5;
1648 pat_index[PAT_UNCACHED] = 2;
1651 * Initialize default PAT entries.
1652 * Leave the indices 0-3 at the default of WB, WT, UC-, and UC.
1653 * Program 5 and 6 as WP and WC.
1655 * Leave 4 and 7 as WB and UC. Note that a recursive page table
1656 * mapping for a 2M page uses a PAT value with the bit 3 set due
1657 * to its overload with PG_PS.
1659 pat_msr = PAT_VALUE(0, PAT_WRITE_BACK) |
1660 PAT_VALUE(1, PAT_WRITE_THROUGH) |
1661 PAT_VALUE(2, PAT_UNCACHED) |
1662 PAT_VALUE(3, PAT_UNCACHEABLE) |
1663 PAT_VALUE(4, PAT_WRITE_BACK) |
1664 PAT_VALUE(5, PAT_WRITE_PROTECTED) |
1665 PAT_VALUE(6, PAT_WRITE_COMBINING) |
1666 PAT_VALUE(7, PAT_UNCACHEABLE);
1670 load_cr4(cr4 & ~CR4_PGE);
1672 /* Disable caches (CD = 1, NW = 0). */
1674 load_cr0((cr0 & ~CR0_NW) | CR0_CD);
1676 /* Flushes caches and TLBs. */
1680 /* Update PAT and index table. */
1681 wrmsr(MSR_PAT, pat_msr);
1683 /* Flush caches and TLBs again. */
1687 /* Restore caches and PGE. */
1693 * Initialize a vm_page's machine-dependent fields.
1696 pmap_page_init(vm_page_t m)
1699 TAILQ_INIT(&m->md.pv_list);
1700 m->md.pat_mode = PAT_WRITE_BACK;
1704 * Initialize the pmap module.
1705 * Called by vm_init, to initialize any structures that the pmap
1706 * system needs to map virtual memory.
1711 struct pmap_preinit_mapping *ppim;
1714 int error, i, pv_npg, ret, skz63;
1716 /* L1TF, reserve page @0 unconditionally */
1717 vm_page_blacklist_add(0, bootverbose);
1719 /* Detect bare-metal Skylake Server and Skylake-X. */
1720 if (vm_guest == VM_GUEST_NO && cpu_vendor_id == CPU_VENDOR_INTEL &&
1721 CPUID_TO_FAMILY(cpu_id) == 0x6 && CPUID_TO_MODEL(cpu_id) == 0x55) {
1723 * Skylake-X errata SKZ63. Processor May Hang When
1724 * Executing Code In an HLE Transaction Region between
1725 * 40000000H and 403FFFFFH.
1727 * Mark the pages in the range as preallocated. It
1728 * seems to be impossible to distinguish between
1729 * Skylake Server and Skylake X.
1732 TUNABLE_INT_FETCH("hw.skz63_enable", &skz63);
1735 printf("SKZ63: skipping 4M RAM starting "
1736 "at physical 1G\n");
1737 for (i = 0; i < atop(0x400000); i++) {
1738 ret = vm_page_blacklist_add(0x40000000 +
1740 if (!ret && bootverbose)
1741 printf("page at %#lx already used\n",
1742 0x40000000 + ptoa(i));
1748 * Initialize the vm page array entries for the kernel pmap's
1751 PMAP_LOCK(kernel_pmap);
1752 for (i = 0; i < nkpt; i++) {
1753 mpte = PHYS_TO_VM_PAGE(KPTphys + (i << PAGE_SHIFT));
1754 KASSERT(mpte >= vm_page_array &&
1755 mpte < &vm_page_array[vm_page_array_size],
1756 ("pmap_init: page table page is out of range"));
1757 mpte->pindex = pmap_pde_pindex(KERNBASE) + i;
1758 mpte->phys_addr = KPTphys + (i << PAGE_SHIFT);
1759 mpte->wire_count = 1;
1762 * Collect the page table pages that were replaced by a 2MB
1763 * page in create_pagetables(). They are zero filled.
1765 if (i << PDRSHIFT < KERNend &&
1766 pmap_insert_pt_page(kernel_pmap, mpte, false))
1767 panic("pmap_init: pmap_insert_pt_page failed");
1769 PMAP_UNLOCK(kernel_pmap);
1773 * If the kernel is running on a virtual machine, then it must assume
1774 * that MCA is enabled by the hypervisor. Moreover, the kernel must
1775 * be prepared for the hypervisor changing the vendor and family that
1776 * are reported by CPUID. Consequently, the workaround for AMD Family
1777 * 10h Erratum 383 is enabled if the processor's feature set does not
1778 * include at least one feature that is only supported by older Intel
1779 * or newer AMD processors.
1781 if (vm_guest != VM_GUEST_NO && (cpu_feature & CPUID_SS) == 0 &&
1782 (cpu_feature2 & (CPUID2_SSSE3 | CPUID2_SSE41 | CPUID2_AESNI |
1783 CPUID2_AVX | CPUID2_XSAVE)) == 0 && (amd_feature2 & (AMDID2_XOP |
1785 workaround_erratum383 = 1;
1788 * Are large page mappings enabled?
1790 TUNABLE_INT_FETCH("vm.pmap.pg_ps_enabled", &pg_ps_enabled);
1791 if (pg_ps_enabled) {
1792 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1793 ("pmap_init: can't assign to pagesizes[1]"));
1794 pagesizes[1] = NBPDR;
1798 * Initialize the pv chunk list mutex.
1800 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
1803 * Initialize the pool of pv list locks.
1805 for (i = 0; i < NPV_LIST_LOCKS; i++)
1806 rw_init(&pv_list_locks[i], "pmap pv list");
1809 * Calculate the size of the pv head table for superpages.
1811 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, NBPDR);
1814 * Allocate memory for the pv head table for superpages.
1816 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1818 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
1819 for (i = 0; i < pv_npg; i++)
1820 TAILQ_INIT(&pv_table[i].pv_list);
1821 TAILQ_INIT(&pv_dummy.pv_list);
1823 pmap_initialized = 1;
1824 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
1825 ppim = pmap_preinit_mapping + i;
1828 /* Make the direct map consistent */
1829 if (ppim->pa < dmaplimit && ppim->pa + ppim->sz <= dmaplimit) {
1830 (void)pmap_change_attr(PHYS_TO_DMAP(ppim->pa),
1831 ppim->sz, ppim->mode);
1835 printf("PPIM %u: PA=%#lx, VA=%#lx, size=%#lx, mode=%#x\n", i,
1836 ppim->pa, ppim->va, ppim->sz, ppim->mode);
1839 mtx_init(&qframe_mtx, "qfrmlk", NULL, MTX_SPIN);
1840 error = vmem_alloc(kernel_arena, PAGE_SIZE, M_BESTFIT | M_WAITOK,
1841 (vmem_addr_t *)&qframe);
1843 panic("qframe allocation failed");
1846 TUNABLE_INT_FETCH("vm.pmap.large_map_pml4_entries", &lm_ents);
1847 if (lm_ents > LMEPML4I - LMSPML4I + 1)
1848 lm_ents = LMEPML4I - LMSPML4I + 1;
1850 printf("pmap: large map %u PML4 slots (%lu Gb)\n",
1851 lm_ents, (u_long)lm_ents * (NBPML4 / 1024 / 1024 / 1024));
1853 large_vmem = vmem_create("large", LARGEMAP_MIN_ADDRESS,
1854 (vmem_size_t)lm_ents * NBPML4, PAGE_SIZE, 0, M_WAITOK);
1855 if (large_vmem == NULL) {
1856 printf("pmap: cannot create large map\n");
1859 for (i = 0; i < lm_ents; i++) {
1860 m = pmap_large_map_getptp_unlocked();
1861 kernel_pmap->pm_pml4[LMSPML4I + i] = X86_PG_V |
1862 X86_PG_RW | X86_PG_A | X86_PG_M | pg_nx |
1868 static SYSCTL_NODE(_vm_pmap, OID_AUTO, pde, CTLFLAG_RD, 0,
1869 "2MB page mapping counters");
1871 static u_long pmap_pde_demotions;
1872 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, demotions, CTLFLAG_RD,
1873 &pmap_pde_demotions, 0, "2MB page demotions");
1875 static u_long pmap_pde_mappings;
1876 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, mappings, CTLFLAG_RD,
1877 &pmap_pde_mappings, 0, "2MB page mappings");
1879 static u_long pmap_pde_p_failures;
1880 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, p_failures, CTLFLAG_RD,
1881 &pmap_pde_p_failures, 0, "2MB page promotion failures");
1883 static u_long pmap_pde_promotions;
1884 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, promotions, CTLFLAG_RD,
1885 &pmap_pde_promotions, 0, "2MB page promotions");
1887 static SYSCTL_NODE(_vm_pmap, OID_AUTO, pdpe, CTLFLAG_RD, 0,
1888 "1GB page mapping counters");
1890 static u_long pmap_pdpe_demotions;
1891 SYSCTL_ULONG(_vm_pmap_pdpe, OID_AUTO, demotions, CTLFLAG_RD,
1892 &pmap_pdpe_demotions, 0, "1GB page demotions");
1894 /***************************************************
1895 * Low level helper routines.....
1896 ***************************************************/
1899 pmap_swap_pat(pmap_t pmap, pt_entry_t entry)
1901 int x86_pat_bits = X86_PG_PTE_PAT | X86_PG_PDE_PAT;
1903 switch (pmap->pm_type) {
1906 /* Verify that both PAT bits are not set at the same time */
1907 KASSERT((entry & x86_pat_bits) != x86_pat_bits,
1908 ("Invalid PAT bits in entry %#lx", entry));
1910 /* Swap the PAT bits if one of them is set */
1911 if ((entry & x86_pat_bits) != 0)
1912 entry ^= x86_pat_bits;
1916 * Nothing to do - the memory attributes are represented
1917 * the same way for regular pages and superpages.
1921 panic("pmap_switch_pat_bits: bad pm_type %d", pmap->pm_type);
1928 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
1931 return (mode >= 0 && mode < PAT_INDEX_SIZE &&
1932 pat_index[(int)mode] >= 0);
1936 * Determine the appropriate bits to set in a PTE or PDE for a specified
1940 pmap_cache_bits(pmap_t pmap, int mode, boolean_t is_pde)
1942 int cache_bits, pat_flag, pat_idx;
1944 if (!pmap_is_valid_memattr(pmap, mode))
1945 panic("Unknown caching mode %d\n", mode);
1947 switch (pmap->pm_type) {
1950 /* The PAT bit is different for PTE's and PDE's. */
1951 pat_flag = is_pde ? X86_PG_PDE_PAT : X86_PG_PTE_PAT;
1953 /* Map the caching mode to a PAT index. */
1954 pat_idx = pat_index[mode];
1956 /* Map the 3-bit index value into the PAT, PCD, and PWT bits. */
1959 cache_bits |= pat_flag;
1961 cache_bits |= PG_NC_PCD;
1963 cache_bits |= PG_NC_PWT;
1967 cache_bits = EPT_PG_IGNORE_PAT | EPT_PG_MEMORY_TYPE(mode);
1971 panic("unsupported pmap type %d", pmap->pm_type);
1974 return (cache_bits);
1978 pmap_cache_mask(pmap_t pmap, boolean_t is_pde)
1982 switch (pmap->pm_type) {
1985 mask = is_pde ? X86_PG_PDE_CACHE : X86_PG_PTE_CACHE;
1988 mask = EPT_PG_IGNORE_PAT | EPT_PG_MEMORY_TYPE(0x7);
1991 panic("pmap_cache_mask: invalid pm_type %d", pmap->pm_type);
1998 pmap_ps_enabled(pmap_t pmap)
2001 return (pg_ps_enabled && (pmap->pm_flags & PMAP_PDE_SUPERPAGE) != 0);
2005 pmap_update_pde_store(pmap_t pmap, pd_entry_t *pde, pd_entry_t newpde)
2008 switch (pmap->pm_type) {
2015 * This is a little bogus since the generation number is
2016 * supposed to be bumped up when a region of the address
2017 * space is invalidated in the page tables.
2019 * In this case the old PDE entry is valid but yet we want
2020 * to make sure that any mappings using the old entry are
2021 * invalidated in the TLB.
2023 * The reason this works as expected is because we rendezvous
2024 * "all" host cpus and force any vcpu context to exit as a
2027 atomic_add_acq_long(&pmap->pm_eptgen, 1);
2030 panic("pmap_update_pde_store: bad pm_type %d", pmap->pm_type);
2032 pde_store(pde, newpde);
2036 * After changing the page size for the specified virtual address in the page
2037 * table, flush the corresponding entries from the processor's TLB. Only the
2038 * calling processor's TLB is affected.
2040 * The calling thread must be pinned to a processor.
2043 pmap_update_pde_invalidate(pmap_t pmap, vm_offset_t va, pd_entry_t newpde)
2047 if (pmap_type_guest(pmap))
2050 KASSERT(pmap->pm_type == PT_X86,
2051 ("pmap_update_pde_invalidate: invalid type %d", pmap->pm_type));
2053 PG_G = pmap_global_bit(pmap);
2055 if ((newpde & PG_PS) == 0)
2056 /* Demotion: flush a specific 2MB page mapping. */
2058 else if ((newpde & PG_G) == 0)
2060 * Promotion: flush every 4KB page mapping from the TLB
2061 * because there are too many to flush individually.
2066 * Promotion: flush every 4KB page mapping from the TLB,
2067 * including any global (PG_G) mappings.
2075 * For SMP, these functions have to use the IPI mechanism for coherence.
2077 * N.B.: Before calling any of the following TLB invalidation functions,
2078 * the calling processor must ensure that all stores updating a non-
2079 * kernel page table are globally performed. Otherwise, another
2080 * processor could cache an old, pre-update entry without being
2081 * invalidated. This can happen one of two ways: (1) The pmap becomes
2082 * active on another processor after its pm_active field is checked by
2083 * one of the following functions but before a store updating the page
2084 * table is globally performed. (2) The pmap becomes active on another
2085 * processor before its pm_active field is checked but due to
2086 * speculative loads one of the following functions stills reads the
2087 * pmap as inactive on the other processor.
2089 * The kernel page table is exempt because its pm_active field is
2090 * immutable. The kernel page table is always active on every
2095 * Interrupt the cpus that are executing in the guest context.
2096 * This will force the vcpu to exit and the cached EPT mappings
2097 * will be invalidated by the host before the next vmresume.
2099 static __inline void
2100 pmap_invalidate_ept(pmap_t pmap)
2105 KASSERT(!CPU_ISSET(curcpu, &pmap->pm_active),
2106 ("pmap_invalidate_ept: absurd pm_active"));
2109 * The TLB mappings associated with a vcpu context are not
2110 * flushed each time a different vcpu is chosen to execute.
2112 * This is in contrast with a process's vtop mappings that
2113 * are flushed from the TLB on each context switch.
2115 * Therefore we need to do more than just a TLB shootdown on
2116 * the active cpus in 'pmap->pm_active'. To do this we keep
2117 * track of the number of invalidations performed on this pmap.
2119 * Each vcpu keeps a cache of this counter and compares it
2120 * just before a vmresume. If the counter is out-of-date an
2121 * invept will be done to flush stale mappings from the TLB.
2123 atomic_add_acq_long(&pmap->pm_eptgen, 1);
2126 * Force the vcpu to exit and trap back into the hypervisor.
2128 ipinum = pmap->pm_flags & PMAP_NESTED_IPIMASK;
2129 ipi_selected(pmap->pm_active, ipinum);
2134 pmap_invalidate_cpu_mask(pmap_t pmap)
2137 return (pmap == kernel_pmap ? all_cpus : pmap->pm_active);
2141 pmap_invalidate_page_pcid(pmap_t pmap, vm_offset_t va,
2142 const bool invpcid_works1)
2144 struct invpcid_descr d;
2145 uint64_t kcr3, ucr3;
2149 cpuid = PCPU_GET(cpuid);
2150 if (pmap == PCPU_GET(curpmap)) {
2151 if (pmap->pm_ucr3 != PMAP_NO_CR3) {
2153 * Because pm_pcid is recalculated on a
2154 * context switch, we must disable switching.
2155 * Otherwise, we might use a stale value
2159 pcid = pmap->pm_pcids[cpuid].pm_pcid;
2160 if (invpcid_works1) {
2161 d.pcid = pcid | PMAP_PCID_USER_PT;
2164 invpcid(&d, INVPCID_ADDR);
2166 kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
2167 ucr3 = pmap->pm_ucr3 | pcid |
2168 PMAP_PCID_USER_PT | CR3_PCID_SAVE;
2169 pmap_pti_pcid_invlpg(ucr3, kcr3, va);
2174 pmap->pm_pcids[cpuid].pm_gen = 0;
2178 pmap->pm_pcids[i].pm_gen = 0;
2182 * The fence is between stores to pm_gen and the read of the
2183 * pm_active mask. We need to ensure that it is impossible
2184 * for us to miss the bit update in pm_active and
2185 * simultaneously observe a non-zero pm_gen in
2186 * pmap_activate_sw(), otherwise TLB update is missed.
2187 * Without the fence, IA32 allows such an outcome. Note that
2188 * pm_active is updated by a locked operation, which provides
2189 * the reciprocal fence.
2191 atomic_thread_fence_seq_cst();
2195 pmap_invalidate_page_pcid_invpcid(pmap_t pmap, vm_offset_t va)
2198 pmap_invalidate_page_pcid(pmap, va, true);
2202 pmap_invalidate_page_pcid_noinvpcid(pmap_t pmap, vm_offset_t va)
2205 pmap_invalidate_page_pcid(pmap, va, false);
2209 pmap_invalidate_page_nopcid(pmap_t pmap, vm_offset_t va)
2213 DEFINE_IFUNC(static, void, pmap_invalidate_page_mode, (pmap_t, vm_offset_t))
2216 if (pmap_pcid_enabled)
2217 return (invpcid_works ? pmap_invalidate_page_pcid_invpcid :
2218 pmap_invalidate_page_pcid_noinvpcid);
2219 return (pmap_invalidate_page_nopcid);
2223 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
2226 if (pmap_type_guest(pmap)) {
2227 pmap_invalidate_ept(pmap);
2231 KASSERT(pmap->pm_type == PT_X86,
2232 ("pmap_invalidate_page: invalid type %d", pmap->pm_type));
2235 if (pmap == kernel_pmap) {
2238 if (pmap == PCPU_GET(curpmap))
2240 pmap_invalidate_page_mode(pmap, va);
2242 smp_masked_invlpg(pmap_invalidate_cpu_mask(pmap), va, pmap);
2246 /* 4k PTEs -- Chosen to exceed the total size of Broadwell L2 TLB */
2247 #define PMAP_INVLPG_THRESHOLD (4 * 1024 * PAGE_SIZE)
2250 pmap_invalidate_range_pcid(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
2251 const bool invpcid_works1)
2253 struct invpcid_descr d;
2254 uint64_t kcr3, ucr3;
2258 cpuid = PCPU_GET(cpuid);
2259 if (pmap == PCPU_GET(curpmap)) {
2260 if (pmap->pm_ucr3 != PMAP_NO_CR3) {
2262 pcid = pmap->pm_pcids[cpuid].pm_pcid;
2263 if (invpcid_works1) {
2264 d.pcid = pcid | PMAP_PCID_USER_PT;
2267 for (; d.addr < eva; d.addr += PAGE_SIZE)
2268 invpcid(&d, INVPCID_ADDR);
2270 kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
2271 ucr3 = pmap->pm_ucr3 | pcid |
2272 PMAP_PCID_USER_PT | CR3_PCID_SAVE;
2273 pmap_pti_pcid_invlrng(ucr3, kcr3, sva, eva);
2278 pmap->pm_pcids[cpuid].pm_gen = 0;
2282 pmap->pm_pcids[i].pm_gen = 0;
2284 /* See the comment in pmap_invalidate_page_pcid(). */
2285 atomic_thread_fence_seq_cst();
2289 pmap_invalidate_range_pcid_invpcid(pmap_t pmap, vm_offset_t sva,
2293 pmap_invalidate_range_pcid(pmap, sva, eva, true);
2297 pmap_invalidate_range_pcid_noinvpcid(pmap_t pmap, vm_offset_t sva,
2301 pmap_invalidate_range_pcid(pmap, sva, eva, false);
2305 pmap_invalidate_range_nopcid(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2309 DEFINE_IFUNC(static, void, pmap_invalidate_range_mode, (pmap_t, vm_offset_t,
2313 if (pmap_pcid_enabled)
2314 return (invpcid_works ? pmap_invalidate_range_pcid_invpcid :
2315 pmap_invalidate_range_pcid_noinvpcid);
2316 return (pmap_invalidate_range_nopcid);
2320 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2324 if (eva - sva >= PMAP_INVLPG_THRESHOLD) {
2325 pmap_invalidate_all(pmap);
2329 if (pmap_type_guest(pmap)) {
2330 pmap_invalidate_ept(pmap);
2334 KASSERT(pmap->pm_type == PT_X86,
2335 ("pmap_invalidate_range: invalid type %d", pmap->pm_type));
2338 if (pmap == kernel_pmap) {
2339 for (addr = sva; addr < eva; addr += PAGE_SIZE)
2342 if (pmap == PCPU_GET(curpmap)) {
2343 for (addr = sva; addr < eva; addr += PAGE_SIZE)
2346 pmap_invalidate_range_mode(pmap, sva, eva);
2348 smp_masked_invlpg_range(pmap_invalidate_cpu_mask(pmap), sva, eva, pmap);
2353 pmap_invalidate_all_pcid(pmap_t pmap, bool invpcid_works1)
2355 struct invpcid_descr d;
2356 uint64_t kcr3, ucr3;
2360 if (pmap == kernel_pmap) {
2361 if (invpcid_works1) {
2362 bzero(&d, sizeof(d));
2363 invpcid(&d, INVPCID_CTXGLOB);
2368 cpuid = PCPU_GET(cpuid);
2369 if (pmap == PCPU_GET(curpmap)) {
2371 pcid = pmap->pm_pcids[cpuid].pm_pcid;
2372 if (invpcid_works1) {
2376 invpcid(&d, INVPCID_CTX);
2377 if (pmap->pm_ucr3 != PMAP_NO_CR3) {
2378 d.pcid |= PMAP_PCID_USER_PT;
2379 invpcid(&d, INVPCID_CTX);
2382 kcr3 = pmap->pm_cr3 | pcid;
2383 ucr3 = pmap->pm_ucr3;
2384 if (ucr3 != PMAP_NO_CR3) {
2385 ucr3 |= pcid | PMAP_PCID_USER_PT;
2386 pmap_pti_pcid_invalidate(ucr3, kcr3);
2393 pmap->pm_pcids[cpuid].pm_gen = 0;
2396 pmap->pm_pcids[i].pm_gen = 0;
2399 /* See the comment in pmap_invalidate_page_pcid(). */
2400 atomic_thread_fence_seq_cst();
2404 pmap_invalidate_all_pcid_invpcid(pmap_t pmap)
2407 pmap_invalidate_all_pcid(pmap, true);
2411 pmap_invalidate_all_pcid_noinvpcid(pmap_t pmap)
2414 pmap_invalidate_all_pcid(pmap, false);
2418 pmap_invalidate_all_nopcid(pmap_t pmap)
2421 if (pmap == kernel_pmap)
2423 else if (pmap == PCPU_GET(curpmap))
2427 DEFINE_IFUNC(static, void, pmap_invalidate_all_mode, (pmap_t))
2430 if (pmap_pcid_enabled)
2431 return (invpcid_works ? pmap_invalidate_all_pcid_invpcid :
2432 pmap_invalidate_all_pcid_noinvpcid);
2433 return (pmap_invalidate_all_nopcid);
2437 pmap_invalidate_all(pmap_t pmap)
2440 if (pmap_type_guest(pmap)) {
2441 pmap_invalidate_ept(pmap);
2445 KASSERT(pmap->pm_type == PT_X86,
2446 ("pmap_invalidate_all: invalid type %d", pmap->pm_type));
2449 pmap_invalidate_all_mode(pmap);
2450 smp_masked_invltlb(pmap_invalidate_cpu_mask(pmap), pmap);
2455 pmap_invalidate_cache(void)
2465 cpuset_t invalidate; /* processors that invalidate their TLB */
2470 u_int store; /* processor that updates the PDE */
2474 pmap_update_pde_action(void *arg)
2476 struct pde_action *act = arg;
2478 if (act->store == PCPU_GET(cpuid))
2479 pmap_update_pde_store(act->pmap, act->pde, act->newpde);
2483 pmap_update_pde_teardown(void *arg)
2485 struct pde_action *act = arg;
2487 if (CPU_ISSET(PCPU_GET(cpuid), &act->invalidate))
2488 pmap_update_pde_invalidate(act->pmap, act->va, act->newpde);
2492 * Change the page size for the specified virtual address in a way that
2493 * prevents any possibility of the TLB ever having two entries that map the
2494 * same virtual address using different page sizes. This is the recommended
2495 * workaround for Erratum 383 on AMD Family 10h processors. It prevents a
2496 * machine check exception for a TLB state that is improperly diagnosed as a
2500 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
2502 struct pde_action act;
2503 cpuset_t active, other_cpus;
2507 cpuid = PCPU_GET(cpuid);
2508 other_cpus = all_cpus;
2509 CPU_CLR(cpuid, &other_cpus);
2510 if (pmap == kernel_pmap || pmap_type_guest(pmap))
2513 active = pmap->pm_active;
2515 if (CPU_OVERLAP(&active, &other_cpus)) {
2517 act.invalidate = active;
2521 act.newpde = newpde;
2522 CPU_SET(cpuid, &active);
2523 smp_rendezvous_cpus(active,
2524 smp_no_rendezvous_barrier, pmap_update_pde_action,
2525 pmap_update_pde_teardown, &act);
2527 pmap_update_pde_store(pmap, pde, newpde);
2528 if (CPU_ISSET(cpuid, &active))
2529 pmap_update_pde_invalidate(pmap, va, newpde);
2535 * Normal, non-SMP, invalidation functions.
2538 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
2540 struct invpcid_descr d;
2541 uint64_t kcr3, ucr3;
2544 if (pmap->pm_type == PT_RVI || pmap->pm_type == PT_EPT) {
2548 KASSERT(pmap->pm_type == PT_X86,
2549 ("pmap_invalidate_range: unknown type %d", pmap->pm_type));
2551 if (pmap == kernel_pmap || pmap == PCPU_GET(curpmap)) {
2553 if (pmap == PCPU_GET(curpmap) && pmap_pcid_enabled &&
2554 pmap->pm_ucr3 != PMAP_NO_CR3) {
2556 pcid = pmap->pm_pcids[0].pm_pcid;
2557 if (invpcid_works) {
2558 d.pcid = pcid | PMAP_PCID_USER_PT;
2561 invpcid(&d, INVPCID_ADDR);
2563 kcr3 = pmap->pm_cr3 | pcid | CR3_PCID_SAVE;
2564 ucr3 = pmap->pm_ucr3 | pcid |
2565 PMAP_PCID_USER_PT | CR3_PCID_SAVE;
2566 pmap_pti_pcid_invlpg(ucr3, kcr3, va);
2570 } else if (pmap_pcid_enabled)
2571 pmap->pm_pcids[0].pm_gen = 0;
2575 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2577 struct invpcid_descr d;
2579 uint64_t kcr3, ucr3;
2581 if (pmap->pm_type == PT_RVI || pmap->pm_type == PT_EPT) {
2585 KASSERT(pmap->pm_type == PT_X86,
2586 ("pmap_invalidate_range: unknown type %d", pmap->pm_type));
2588 if (pmap == kernel_pmap || pmap == PCPU_GET(curpmap)) {
2589 for (addr = sva; addr < eva; addr += PAGE_SIZE)
2591 if (pmap == PCPU_GET(curpmap) && pmap_pcid_enabled &&
2592 pmap->pm_ucr3 != PMAP_NO_CR3) {
2594 if (invpcid_works) {
2595 d.pcid = pmap->pm_pcids[0].pm_pcid |
2599 for (; d.addr < eva; d.addr += PAGE_SIZE)
2600 invpcid(&d, INVPCID_ADDR);
2602 kcr3 = pmap->pm_cr3 | pmap->pm_pcids[0].
2603 pm_pcid | CR3_PCID_SAVE;
2604 ucr3 = pmap->pm_ucr3 | pmap->pm_pcids[0].
2605 pm_pcid | PMAP_PCID_USER_PT | CR3_PCID_SAVE;
2606 pmap_pti_pcid_invlrng(ucr3, kcr3, sva, eva);
2610 } else if (pmap_pcid_enabled) {
2611 pmap->pm_pcids[0].pm_gen = 0;
2616 pmap_invalidate_all(pmap_t pmap)
2618 struct invpcid_descr d;
2619 uint64_t kcr3, ucr3;
2621 if (pmap->pm_type == PT_RVI || pmap->pm_type == PT_EPT) {
2625 KASSERT(pmap->pm_type == PT_X86,
2626 ("pmap_invalidate_all: unknown type %d", pmap->pm_type));
2628 if (pmap == kernel_pmap) {
2629 if (pmap_pcid_enabled && invpcid_works) {
2630 bzero(&d, sizeof(d));
2631 invpcid(&d, INVPCID_CTXGLOB);
2635 } else if (pmap == PCPU_GET(curpmap)) {
2636 if (pmap_pcid_enabled) {
2638 if (invpcid_works) {
2639 d.pcid = pmap->pm_pcids[0].pm_pcid;
2642 invpcid(&d, INVPCID_CTX);
2643 if (pmap->pm_ucr3 != PMAP_NO_CR3) {
2644 d.pcid |= PMAP_PCID_USER_PT;
2645 invpcid(&d, INVPCID_CTX);
2648 kcr3 = pmap->pm_cr3 | pmap->pm_pcids[0].pm_pcid;
2649 if (pmap->pm_ucr3 != PMAP_NO_CR3) {
2650 ucr3 = pmap->pm_ucr3 | pmap->pm_pcids[
2651 0].pm_pcid | PMAP_PCID_USER_PT;
2652 pmap_pti_pcid_invalidate(ucr3, kcr3);
2660 } else if (pmap_pcid_enabled) {
2661 pmap->pm_pcids[0].pm_gen = 0;
2666 pmap_invalidate_cache(void)
2673 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
2676 pmap_update_pde_store(pmap, pde, newpde);
2677 if (pmap == kernel_pmap || pmap == PCPU_GET(curpmap))
2678 pmap_update_pde_invalidate(pmap, va, newpde);
2680 pmap->pm_pcids[0].pm_gen = 0;
2685 pmap_invalidate_pde_page(pmap_t pmap, vm_offset_t va, pd_entry_t pde)
2689 * When the PDE has PG_PROMOTED set, the 2MB page mapping was created
2690 * by a promotion that did not invalidate the 512 4KB page mappings
2691 * that might exist in the TLB. Consequently, at this point, the TLB
2692 * may hold both 4KB and 2MB page mappings for the address range [va,
2693 * va + NBPDR). Therefore, the entire range must be invalidated here.
2694 * In contrast, when PG_PROMOTED is clear, the TLB will not hold any
2695 * 4KB page mappings for the address range [va, va + NBPDR), and so a
2696 * single INVLPG suffices to invalidate the 2MB page mapping from the
2699 if ((pde & PG_PROMOTED) != 0)
2700 pmap_invalidate_range(pmap, va, va + NBPDR - 1);
2702 pmap_invalidate_page(pmap, va);
2705 DEFINE_IFUNC(, void, pmap_invalidate_cache_range,
2706 (vm_offset_t sva, vm_offset_t eva))
2709 if ((cpu_feature & CPUID_SS) != 0)
2710 return (pmap_invalidate_cache_range_selfsnoop);
2711 if ((cpu_feature & CPUID_CLFSH) != 0)
2712 return (pmap_force_invalidate_cache_range);
2713 return (pmap_invalidate_cache_range_all);
2716 #define PMAP_CLFLUSH_THRESHOLD (2 * 1024 * 1024)
2719 pmap_invalidate_cache_range_check_align(vm_offset_t sva, vm_offset_t eva)
2722 KASSERT((sva & PAGE_MASK) == 0,
2723 ("pmap_invalidate_cache_range: sva not page-aligned"));
2724 KASSERT((eva & PAGE_MASK) == 0,
2725 ("pmap_invalidate_cache_range: eva not page-aligned"));
2729 pmap_invalidate_cache_range_selfsnoop(vm_offset_t sva, vm_offset_t eva)
2732 pmap_invalidate_cache_range_check_align(sva, eva);
2736 pmap_force_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
2739 sva &= ~(vm_offset_t)(cpu_clflush_line_size - 1);
2742 * XXX: Some CPUs fault, hang, or trash the local APIC
2743 * registers if we use CLFLUSH on the local APIC range. The
2744 * local APIC is always uncached, so we don't need to flush
2745 * for that range anyway.
2747 if (pmap_kextract(sva) == lapic_paddr)
2750 if ((cpu_stdext_feature & CPUID_STDEXT_CLFLUSHOPT) != 0) {
2752 * Do per-cache line flush. Use the sfence
2753 * instruction to insure that previous stores are
2754 * included in the write-back. The processor
2755 * propagates flush to other processors in the cache
2759 for (; sva < eva; sva += cpu_clflush_line_size)
2764 * Writes are ordered by CLFLUSH on Intel CPUs.
2766 if (cpu_vendor_id != CPU_VENDOR_INTEL)
2768 for (; sva < eva; sva += cpu_clflush_line_size)
2770 if (cpu_vendor_id != CPU_VENDOR_INTEL)
2776 pmap_invalidate_cache_range_all(vm_offset_t sva, vm_offset_t eva)
2779 pmap_invalidate_cache_range_check_align(sva, eva);
2780 pmap_invalidate_cache();
2784 * Remove the specified set of pages from the data and instruction caches.
2786 * In contrast to pmap_invalidate_cache_range(), this function does not
2787 * rely on the CPU's self-snoop feature, because it is intended for use
2788 * when moving pages into a different cache domain.
2791 pmap_invalidate_cache_pages(vm_page_t *pages, int count)
2793 vm_offset_t daddr, eva;
2797 useclflushopt = (cpu_stdext_feature & CPUID_STDEXT_CLFLUSHOPT) != 0;
2798 if (count >= PMAP_CLFLUSH_THRESHOLD / PAGE_SIZE ||
2799 ((cpu_feature & CPUID_CLFSH) == 0 && !useclflushopt))
2800 pmap_invalidate_cache();
2804 else if (cpu_vendor_id != CPU_VENDOR_INTEL)
2806 for (i = 0; i < count; i++) {
2807 daddr = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pages[i]));
2808 eva = daddr + PAGE_SIZE;
2809 for (; daddr < eva; daddr += cpu_clflush_line_size) {
2818 else if (cpu_vendor_id != CPU_VENDOR_INTEL)
2824 pmap_flush_cache_range(vm_offset_t sva, vm_offset_t eva)
2827 pmap_invalidate_cache_range_check_align(sva, eva);
2829 if ((cpu_stdext_feature & CPUID_STDEXT_CLWB) == 0) {
2830 pmap_force_invalidate_cache_range(sva, eva);
2834 /* See comment in pmap_force_invalidate_cache_range(). */
2835 if (pmap_kextract(sva) == lapic_paddr)
2839 for (; sva < eva; sva += cpu_clflush_line_size)
2845 pmap_flush_cache_phys_range(vm_paddr_t spa, vm_paddr_t epa, vm_memattr_t mattr)
2849 int error, pte_bits;
2851 KASSERT((spa & PAGE_MASK) == 0,
2852 ("pmap_flush_cache_phys_range: spa not page-aligned"));
2853 KASSERT((epa & PAGE_MASK) == 0,
2854 ("pmap_flush_cache_phys_range: epa not page-aligned"));
2856 if (spa < dmaplimit) {
2857 pmap_flush_cache_range(PHYS_TO_DMAP(spa), PHYS_TO_DMAP(MIN(
2859 if (dmaplimit >= epa)
2864 pte_bits = pmap_cache_bits(kernel_pmap, mattr, 0) | X86_PG_RW |
2866 error = vmem_alloc(kernel_arena, PAGE_SIZE, M_BESTFIT | M_WAITOK,
2868 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
2869 pte = vtopte(vaddr);
2870 for (; spa < epa; spa += PAGE_SIZE) {
2872 pte_store(pte, spa | pte_bits);
2874 /* XXXKIB sfences inside flush_cache_range are excessive */
2875 pmap_flush_cache_range(vaddr, vaddr + PAGE_SIZE);
2878 vmem_free(kernel_arena, vaddr, PAGE_SIZE);
2882 * Routine: pmap_extract
2884 * Extract the physical page address associated
2885 * with the given map/virtual_address pair.
2888 pmap_extract(pmap_t pmap, vm_offset_t va)
2892 pt_entry_t *pte, PG_V;
2896 PG_V = pmap_valid_bit(pmap);
2898 pdpe = pmap_pdpe(pmap, va);
2899 if (pdpe != NULL && (*pdpe & PG_V) != 0) {
2900 if ((*pdpe & PG_PS) != 0)
2901 pa = (*pdpe & PG_PS_FRAME) | (va & PDPMASK);
2903 pde = pmap_pdpe_to_pde(pdpe, va);
2904 if ((*pde & PG_V) != 0) {
2905 if ((*pde & PG_PS) != 0) {
2906 pa = (*pde & PG_PS_FRAME) |
2909 pte = pmap_pde_to_pte(pde, va);
2910 pa = (*pte & PG_FRAME) |
2921 * Routine: pmap_extract_and_hold
2923 * Atomically extract and hold the physical page
2924 * with the given pmap and virtual address pair
2925 * if that mapping permits the given protection.
2928 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
2930 pd_entry_t pde, *pdep;
2931 pt_entry_t pte, PG_RW, PG_V;
2937 PG_RW = pmap_rw_bit(pmap);
2938 PG_V = pmap_valid_bit(pmap);
2941 pdep = pmap_pde(pmap, va);
2942 if (pdep != NULL && (pde = *pdep)) {
2944 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
2945 if (vm_page_pa_tryrelock(pmap, (pde &
2946 PG_PS_FRAME) | (va & PDRMASK), &pa))
2948 m = PHYS_TO_VM_PAGE(pa);
2951 pte = *pmap_pde_to_pte(pdep, va);
2953 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
2954 if (vm_page_pa_tryrelock(pmap, pte & PG_FRAME,
2957 m = PHYS_TO_VM_PAGE(pa);
2969 pmap_kextract(vm_offset_t va)
2974 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
2975 pa = DMAP_TO_PHYS(va);
2976 } else if (LARGEMAP_MIN_ADDRESS <= va &&
2977 va < PMAP_LARGEMAP_MAX_ADDRESS()) {
2978 pa = pmap_large_map_kextract(va);
2982 pa = (pde & PG_PS_FRAME) | (va & PDRMASK);
2985 * Beware of a concurrent promotion that changes the
2986 * PDE at this point! For example, vtopte() must not
2987 * be used to access the PTE because it would use the
2988 * new PDE. It is, however, safe to use the old PDE
2989 * because the page table page is preserved by the
2992 pa = *pmap_pde_to_pte(&pde, va);
2993 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
2999 /***************************************************
3000 * Low level mapping routines.....
3001 ***************************************************/
3004 * Add a wired page to the kva.
3005 * Note: not SMP coherent.
3008 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
3013 pte_store(pte, pa | X86_PG_RW | X86_PG_V | pg_g);
3016 static __inline void
3017 pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode)
3023 cache_bits = pmap_cache_bits(kernel_pmap, mode, 0);
3024 pte_store(pte, pa | X86_PG_RW | X86_PG_V | pg_g | cache_bits);
3028 * Remove a page from the kernel pagetables.
3029 * Note: not SMP coherent.
3032 pmap_kremove(vm_offset_t va)
3041 * Used to map a range of physical addresses into kernel
3042 * virtual address space.
3044 * The value passed in '*virt' is a suggested virtual address for
3045 * the mapping. Architectures which can support a direct-mapped
3046 * physical to virtual region can return the appropriate address
3047 * within that region, leaving '*virt' unchanged. Other
3048 * architectures should map the pages starting at '*virt' and
3049 * update '*virt' with the first usable address after the mapped
3053 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
3055 return PHYS_TO_DMAP(start);
3060 * Add a list of wired pages to the kva
3061 * this routine is only used for temporary
3062 * kernel mappings that do not need to have
3063 * page modification or references recorded.
3064 * Note that old mappings are simply written
3065 * over. The page *must* be wired.
3066 * Note: SMP coherent. Uses a ranged shootdown IPI.
3069 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
3071 pt_entry_t *endpte, oldpte, pa, *pte;
3077 endpte = pte + count;
3078 while (pte < endpte) {
3080 cache_bits = pmap_cache_bits(kernel_pmap, m->md.pat_mode, 0);
3081 pa = VM_PAGE_TO_PHYS(m) | cache_bits;
3082 if ((*pte & (PG_FRAME | X86_PG_PTE_CACHE)) != pa) {
3084 pte_store(pte, pa | pg_g | pg_nx | X86_PG_RW | X86_PG_V);
3088 if (__predict_false((oldpte & X86_PG_V) != 0))
3089 pmap_invalidate_range(kernel_pmap, sva, sva + count *
3094 * This routine tears out page mappings from the
3095 * kernel -- it is meant only for temporary mappings.
3096 * Note: SMP coherent. Uses a ranged shootdown IPI.
3099 pmap_qremove(vm_offset_t sva, int count)
3104 while (count-- > 0) {
3105 KASSERT(va >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", va));
3109 pmap_invalidate_range(kernel_pmap, sva, va);
3112 /***************************************************
3113 * Page table page management routines.....
3114 ***************************************************/
3116 * Schedule the specified unused page table page to be freed. Specifically,
3117 * add the page to the specified list of pages that will be released to the
3118 * physical memory manager after the TLB has been updated.
3120 static __inline void
3121 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
3122 boolean_t set_PG_ZERO)
3126 m->flags |= PG_ZERO;
3128 m->flags &= ~PG_ZERO;
3129 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
3133 * Inserts the specified page table page into the specified pmap's collection
3134 * of idle page table pages. Each of a pmap's page table pages is responsible
3135 * for mapping a distinct range of virtual addresses. The pmap's collection is
3136 * ordered by this virtual address range.
3138 * If "promoted" is false, then the page table page "mpte" must be zero filled.
3141 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte, bool promoted)
3144 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3145 mpte->valid = promoted ? VM_PAGE_BITS_ALL : 0;
3146 return (vm_radix_insert(&pmap->pm_root, mpte));
3150 * Removes the page table page mapping the specified virtual address from the
3151 * specified pmap's collection of idle page table pages, and returns it.
3152 * Otherwise, returns NULL if there is no page table page corresponding to the
3153 * specified virtual address.
3155 static __inline vm_page_t
3156 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
3159 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3160 return (vm_radix_remove(&pmap->pm_root, pmap_pde_pindex(va)));
3164 * Decrements a page table page's wire count, which is used to record the
3165 * number of valid page table entries within the page. If the wire count
3166 * drops to zero, then the page table page is unmapped. Returns TRUE if the
3167 * page table page was unmapped and FALSE otherwise.
3169 static inline boolean_t
3170 pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
3174 if (m->wire_count == 0) {
3175 _pmap_unwire_ptp(pmap, va, m, free);
3182 _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
3185 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3187 * unmap the page table page
3189 if (m->pindex >= (NUPDE + NUPDPE)) {
3192 pml4 = pmap_pml4e(pmap, va);
3194 if (pmap->pm_pml4u != NULL && va <= VM_MAXUSER_ADDRESS) {
3195 pml4 = &pmap->pm_pml4u[pmap_pml4e_index(va)];
3198 } else if (m->pindex >= NUPDE) {
3201 pdp = pmap_pdpe(pmap, va);
3206 pd = pmap_pde(pmap, va);
3209 pmap_resident_count_dec(pmap, 1);
3210 if (m->pindex < NUPDE) {
3211 /* We just released a PT, unhold the matching PD */
3214 pdpg = PHYS_TO_VM_PAGE(*pmap_pdpe(pmap, va) & PG_FRAME);
3215 pmap_unwire_ptp(pmap, va, pdpg, free);
3217 if (m->pindex >= NUPDE && m->pindex < (NUPDE + NUPDPE)) {
3218 /* We just released a PD, unhold the matching PDP */
3221 pdppg = PHYS_TO_VM_PAGE(*pmap_pml4e(pmap, va) & PG_FRAME);
3222 pmap_unwire_ptp(pmap, va, pdppg, free);
3226 * Put page on a list so that it is released after
3227 * *ALL* TLB shootdown is done
3229 pmap_add_delayed_free_list(m, free, TRUE);
3233 * After removing a page table entry, this routine is used to
3234 * conditionally free the page, and manage the hold/wire counts.
3237 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
3238 struct spglist *free)
3242 if (va >= VM_MAXUSER_ADDRESS)
3244 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
3245 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
3246 return (pmap_unwire_ptp(pmap, va, mpte, free));
3250 pmap_pinit0(pmap_t pmap)
3256 PMAP_LOCK_INIT(pmap);
3257 pmap->pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(KPML4phys);
3258 pmap->pm_pml4u = NULL;
3259 pmap->pm_cr3 = KPML4phys;
3260 /* hack to keep pmap_pti_pcid_invalidate() alive */
3261 pmap->pm_ucr3 = PMAP_NO_CR3;
3262 pmap->pm_root.rt_root = 0;
3263 CPU_ZERO(&pmap->pm_active);
3264 TAILQ_INIT(&pmap->pm_pvchunk);
3265 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
3266 pmap->pm_flags = pmap_flags;
3268 pmap->pm_pcids[i].pm_pcid = PMAP_PCID_KERN + 1;
3269 pmap->pm_pcids[i].pm_gen = 1;
3271 pmap_activate_boot(pmap);
3276 p->p_md.md_flags |= P_MD_KPTI;
3279 pmap_thread_init_invl_gen(td);
3281 if ((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0) {
3282 pmap_pkru_ranges_zone = uma_zcreate("pkru ranges",
3283 sizeof(struct pmap_pkru_range), NULL, NULL, NULL, NULL,
3289 pmap_pinit_pml4(vm_page_t pml4pg)
3291 pml4_entry_t *pm_pml4;
3294 pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pml4pg));
3296 /* Wire in kernel global address entries. */
3297 for (i = 0; i < NKPML4E; i++) {
3298 pm_pml4[KPML4BASE + i] = (KPDPphys + ptoa(i)) | X86_PG_RW |
3301 for (i = 0; i < ndmpdpphys; i++) {
3302 pm_pml4[DMPML4I + i] = (DMPDPphys + ptoa(i)) | X86_PG_RW |
3306 /* install self-referential address mapping entry(s) */
3307 pm_pml4[PML4PML4I] = VM_PAGE_TO_PHYS(pml4pg) | X86_PG_V | X86_PG_RW |
3308 X86_PG_A | X86_PG_M;
3310 /* install large map entries if configured */
3311 for (i = 0; i < lm_ents; i++)
3312 pm_pml4[LMSPML4I + i] = kernel_pmap->pm_pml4[LMSPML4I + i];
3316 pmap_pinit_pml4_pti(vm_page_t pml4pg)
3318 pml4_entry_t *pm_pml4;
3321 pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pml4pg));
3322 for (i = 0; i < NPML4EPG; i++)
3323 pm_pml4[i] = pti_pml4[i];
3327 * Initialize a preallocated and zeroed pmap structure,
3328 * such as one in a vmspace structure.
3331 pmap_pinit_type(pmap_t pmap, enum pmap_type pm_type, int flags)
3333 vm_page_t pml4pg, pml4pgu;
3334 vm_paddr_t pml4phys;
3338 * allocate the page directory page
3340 pml4pg = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
3341 VM_ALLOC_WIRED | VM_ALLOC_ZERO | VM_ALLOC_WAITOK);
3343 pml4phys = VM_PAGE_TO_PHYS(pml4pg);
3344 pmap->pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(pml4phys);
3346 pmap->pm_pcids[i].pm_pcid = PMAP_PCID_NONE;
3347 pmap->pm_pcids[i].pm_gen = 0;
3349 pmap->pm_cr3 = PMAP_NO_CR3; /* initialize to an invalid value */
3350 pmap->pm_ucr3 = PMAP_NO_CR3;
3351 pmap->pm_pml4u = NULL;
3353 pmap->pm_type = pm_type;
3354 if ((pml4pg->flags & PG_ZERO) == 0)
3355 pagezero(pmap->pm_pml4);
3358 * Do not install the host kernel mappings in the nested page
3359 * tables. These mappings are meaningless in the guest physical
3361 * Install minimal kernel mappings in PTI case.
3363 if (pm_type == PT_X86) {
3364 pmap->pm_cr3 = pml4phys;
3365 pmap_pinit_pml4(pml4pg);
3366 if ((curproc->p_md.md_flags & P_MD_KPTI) != 0) {
3367 pml4pgu = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
3368 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_WAITOK);
3369 pmap->pm_pml4u = (pml4_entry_t *)PHYS_TO_DMAP(
3370 VM_PAGE_TO_PHYS(pml4pgu));
3371 pmap_pinit_pml4_pti(pml4pgu);
3372 pmap->pm_ucr3 = VM_PAGE_TO_PHYS(pml4pgu);
3374 if ((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0) {
3375 rangeset_init(&pmap->pm_pkru, pkru_dup_range,
3376 pkru_free_range, pmap, M_NOWAIT);
3380 pmap->pm_root.rt_root = 0;
3381 CPU_ZERO(&pmap->pm_active);
3382 TAILQ_INIT(&pmap->pm_pvchunk);
3383 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
3384 pmap->pm_flags = flags;
3385 pmap->pm_eptgen = 0;
3391 pmap_pinit(pmap_t pmap)
3394 return (pmap_pinit_type(pmap, PT_X86, pmap_flags));
3398 * This routine is called if the desired page table page does not exist.
3400 * If page table page allocation fails, this routine may sleep before
3401 * returning NULL. It sleeps only if a lock pointer was given.
3403 * Note: If a page allocation fails at page table level two or three,
3404 * one or two pages may be held during the wait, only to be released
3405 * afterwards. This conservative approach is easily argued to avoid
3409 _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
3411 vm_page_t m, pdppg, pdpg;
3412 pt_entry_t PG_A, PG_M, PG_RW, PG_V;
3414 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3416 PG_A = pmap_accessed_bit(pmap);
3417 PG_M = pmap_modified_bit(pmap);
3418 PG_V = pmap_valid_bit(pmap);
3419 PG_RW = pmap_rw_bit(pmap);
3422 * Allocate a page table page.
3424 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
3425 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
3426 if (lockp != NULL) {
3427 RELEASE_PV_LIST_LOCK(lockp);
3429 PMAP_ASSERT_NOT_IN_DI();
3435 * Indicate the need to retry. While waiting, the page table
3436 * page may have been allocated.
3440 if ((m->flags & PG_ZERO) == 0)
3444 * Map the pagetable page into the process address space, if
3445 * it isn't already there.
3448 if (ptepindex >= (NUPDE + NUPDPE)) {
3449 pml4_entry_t *pml4, *pml4u;
3450 vm_pindex_t pml4index;
3452 /* Wire up a new PDPE page */
3453 pml4index = ptepindex - (NUPDE + NUPDPE);
3454 pml4 = &pmap->pm_pml4[pml4index];
3455 *pml4 = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
3456 if (pmap->pm_pml4u != NULL && pml4index < NUPML4E) {
3458 * PTI: Make all user-space mappings in the
3459 * kernel-mode page table no-execute so that
3460 * we detect any programming errors that leave
3461 * the kernel-mode page table active on return
3464 if (pmap->pm_ucr3 != PMAP_NO_CR3)
3467 pml4u = &pmap->pm_pml4u[pml4index];
3468 *pml4u = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V |
3472 } else if (ptepindex >= NUPDE) {
3473 vm_pindex_t pml4index;
3474 vm_pindex_t pdpindex;
3478 /* Wire up a new PDE page */
3479 pdpindex = ptepindex - NUPDE;
3480 pml4index = pdpindex >> NPML4EPGSHIFT;
3482 pml4 = &pmap->pm_pml4[pml4index];
3483 if ((*pml4 & PG_V) == 0) {
3484 /* Have to allocate a new pdp, recurse */
3485 if (_pmap_allocpte(pmap, NUPDE + NUPDPE + pml4index,
3487 vm_page_unwire_noq(m);
3488 vm_page_free_zero(m);
3492 /* Add reference to pdp page */
3493 pdppg = PHYS_TO_VM_PAGE(*pml4 & PG_FRAME);
3494 pdppg->wire_count++;
3496 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
3498 /* Now find the pdp page */
3499 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
3500 *pdp = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
3503 vm_pindex_t pml4index;
3504 vm_pindex_t pdpindex;
3509 /* Wire up a new PTE page */
3510 pdpindex = ptepindex >> NPDPEPGSHIFT;
3511 pml4index = pdpindex >> NPML4EPGSHIFT;
3513 /* First, find the pdp and check that its valid. */
3514 pml4 = &pmap->pm_pml4[pml4index];
3515 if ((*pml4 & PG_V) == 0) {
3516 /* Have to allocate a new pd, recurse */
3517 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
3519 vm_page_unwire_noq(m);
3520 vm_page_free_zero(m);
3523 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
3524 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
3526 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
3527 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
3528 if ((*pdp & PG_V) == 0) {
3529 /* Have to allocate a new pd, recurse */
3530 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
3532 vm_page_unwire_noq(m);
3533 vm_page_free_zero(m);
3537 /* Add reference to the pd page */
3538 pdpg = PHYS_TO_VM_PAGE(*pdp & PG_FRAME);
3542 pd = (pd_entry_t *)PHYS_TO_DMAP(*pdp & PG_FRAME);
3544 /* Now we know where the page directory page is */
3545 pd = &pd[ptepindex & ((1ul << NPDEPGSHIFT) - 1)];
3546 *pd = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
3549 pmap_resident_count_inc(pmap, 1);
3555 pmap_allocpde(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
3557 vm_pindex_t pdpindex, ptepindex;
3558 pdp_entry_t *pdpe, PG_V;
3561 PG_V = pmap_valid_bit(pmap);
3564 pdpe = pmap_pdpe(pmap, va);
3565 if (pdpe != NULL && (*pdpe & PG_V) != 0) {
3566 /* Add a reference to the pd page. */
3567 pdpg = PHYS_TO_VM_PAGE(*pdpe & PG_FRAME);
3570 /* Allocate a pd page. */
3571 ptepindex = pmap_pde_pindex(va);
3572 pdpindex = ptepindex >> NPDPEPGSHIFT;
3573 pdpg = _pmap_allocpte(pmap, NUPDE + pdpindex, lockp);
3574 if (pdpg == NULL && lockp != NULL)
3581 pmap_allocpte(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
3583 vm_pindex_t ptepindex;
3584 pd_entry_t *pd, PG_V;
3587 PG_V = pmap_valid_bit(pmap);
3590 * Calculate pagetable page index
3592 ptepindex = pmap_pde_pindex(va);
3595 * Get the page directory entry
3597 pd = pmap_pde(pmap, va);
3600 * This supports switching from a 2MB page to a
3603 if (pd != NULL && (*pd & (PG_PS | PG_V)) == (PG_PS | PG_V)) {
3604 if (!pmap_demote_pde_locked(pmap, pd, va, lockp)) {
3606 * Invalidation of the 2MB page mapping may have caused
3607 * the deallocation of the underlying PD page.
3614 * If the page table page is mapped, we just increment the
3615 * hold count, and activate it.
3617 if (pd != NULL && (*pd & PG_V) != 0) {
3618 m = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
3622 * Here if the pte page isn't mapped, or if it has been
3625 m = _pmap_allocpte(pmap, ptepindex, lockp);
3626 if (m == NULL && lockp != NULL)
3633 /***************************************************
3634 * Pmap allocation/deallocation routines.
3635 ***************************************************/
3638 * Release any resources held by the given physical map.
3639 * Called when a pmap initialized by pmap_pinit is being released.
3640 * Should only be called if the map contains no valid mappings.
3643 pmap_release(pmap_t pmap)
3648 KASSERT(pmap->pm_stats.resident_count == 0,
3649 ("pmap_release: pmap resident count %ld != 0",
3650 pmap->pm_stats.resident_count));
3651 KASSERT(vm_radix_is_empty(&pmap->pm_root),
3652 ("pmap_release: pmap has reserved page table page(s)"));
3653 KASSERT(CPU_EMPTY(&pmap->pm_active),
3654 ("releasing active pmap %p", pmap));
3656 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_pml4));
3658 for (i = 0; i < NKPML4E; i++) /* KVA */
3659 pmap->pm_pml4[KPML4BASE + i] = 0;
3660 for (i = 0; i < ndmpdpphys; i++)/* Direct Map */
3661 pmap->pm_pml4[DMPML4I + i] = 0;
3662 pmap->pm_pml4[PML4PML4I] = 0; /* Recursive Mapping */
3663 for (i = 0; i < lm_ents; i++) /* Large Map */
3664 pmap->pm_pml4[LMSPML4I + i] = 0;
3666 vm_page_unwire_noq(m);
3667 vm_page_free_zero(m);
3669 if (pmap->pm_pml4u != NULL) {
3670 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_pml4u));
3671 vm_page_unwire_noq(m);
3674 if (pmap->pm_type == PT_X86 &&
3675 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0)
3676 rangeset_fini(&pmap->pm_pkru);
3680 kvm_size(SYSCTL_HANDLER_ARGS)
3682 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
3684 return sysctl_handle_long(oidp, &ksize, 0, req);
3686 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
3687 0, 0, kvm_size, "LU", "Size of KVM");
3690 kvm_free(SYSCTL_HANDLER_ARGS)
3692 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
3694 return sysctl_handle_long(oidp, &kfree, 0, req);
3696 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
3697 0, 0, kvm_free, "LU", "Amount of KVM free");
3700 * grow the number of kernel page table entries, if needed
3703 pmap_growkernel(vm_offset_t addr)
3707 pd_entry_t *pde, newpdir;
3710 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
3713 * Return if "addr" is within the range of kernel page table pages
3714 * that were preallocated during pmap bootstrap. Moreover, leave
3715 * "kernel_vm_end" and the kernel page table as they were.
3717 * The correctness of this action is based on the following
3718 * argument: vm_map_insert() allocates contiguous ranges of the
3719 * kernel virtual address space. It calls this function if a range
3720 * ends after "kernel_vm_end". If the kernel is mapped between
3721 * "kernel_vm_end" and "addr", then the range cannot begin at
3722 * "kernel_vm_end". In fact, its beginning address cannot be less
3723 * than the kernel. Thus, there is no immediate need to allocate
3724 * any new kernel page table pages between "kernel_vm_end" and
3727 if (KERNBASE < addr && addr <= KERNBASE + nkpt * NBPDR)
3730 addr = roundup2(addr, NBPDR);
3731 if (addr - 1 >= vm_map_max(kernel_map))
3732 addr = vm_map_max(kernel_map);
3733 while (kernel_vm_end < addr) {
3734 pdpe = pmap_pdpe(kernel_pmap, kernel_vm_end);
3735 if ((*pdpe & X86_PG_V) == 0) {
3736 /* We need a new PDP entry */
3737 nkpg = vm_page_alloc(NULL, kernel_vm_end >> PDPSHIFT,
3738 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
3739 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
3741 panic("pmap_growkernel: no memory to grow kernel");
3742 if ((nkpg->flags & PG_ZERO) == 0)
3743 pmap_zero_page(nkpg);
3744 paddr = VM_PAGE_TO_PHYS(nkpg);
3745 *pdpe = (pdp_entry_t)(paddr | X86_PG_V | X86_PG_RW |
3746 X86_PG_A | X86_PG_M);
3747 continue; /* try again */
3749 pde = pmap_pdpe_to_pde(pdpe, kernel_vm_end);
3750 if ((*pde & X86_PG_V) != 0) {
3751 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
3752 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
3753 kernel_vm_end = vm_map_max(kernel_map);
3759 nkpg = vm_page_alloc(NULL, pmap_pde_pindex(kernel_vm_end),
3760 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
3763 panic("pmap_growkernel: no memory to grow kernel");
3764 if ((nkpg->flags & PG_ZERO) == 0)
3765 pmap_zero_page(nkpg);
3766 paddr = VM_PAGE_TO_PHYS(nkpg);
3767 newpdir = paddr | X86_PG_V | X86_PG_RW | X86_PG_A | X86_PG_M;
3768 pde_store(pde, newpdir);
3770 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
3771 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
3772 kernel_vm_end = vm_map_max(kernel_map);
3779 /***************************************************
3780 * page management routines.
3781 ***************************************************/
3783 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
3784 CTASSERT(_NPCM == 3);
3785 CTASSERT(_NPCPV == 168);
3787 static __inline struct pv_chunk *
3788 pv_to_chunk(pv_entry_t pv)
3791 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
3794 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
3796 #define PC_FREE0 0xfffffffffffffffful
3797 #define PC_FREE1 0xfffffffffffffffful
3798 #define PC_FREE2 0x000000fffffffffful
3800 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
3803 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
3805 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
3806 "Current number of pv entry chunks");
3807 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
3808 "Current number of pv entry chunks allocated");
3809 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
3810 "Current number of pv entry chunks frees");
3811 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
3812 "Number of times tried to get a chunk page but failed.");
3814 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
3815 static int pv_entry_spare;
3817 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
3818 "Current number of pv entry frees");
3819 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
3820 "Current number of pv entry allocs");
3821 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
3822 "Current number of pv entries");
3823 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
3824 "Current number of spare pv entries");
3828 reclaim_pv_chunk_leave_pmap(pmap_t pmap, pmap_t locked_pmap, bool start_di)
3833 pmap_invalidate_all(pmap);
3834 if (pmap != locked_pmap)
3837 pmap_delayed_invl_finish();
3841 * We are in a serious low memory condition. Resort to
3842 * drastic measures to free some pages so we can allocate
3843 * another pv entry chunk.
3845 * Returns NULL if PV entries were reclaimed from the specified pmap.
3847 * We do not, however, unmap 2mpages because subsequent accesses will
3848 * allocate per-page pv entries until repromotion occurs, thereby
3849 * exacerbating the shortage of free pv entries.
3852 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
3854 struct pv_chunk *pc, *pc_marker, *pc_marker_end;
3855 struct pv_chunk_header pc_marker_b, pc_marker_end_b;
3856 struct md_page *pvh;
3858 pmap_t next_pmap, pmap;
3859 pt_entry_t *pte, tpte;
3860 pt_entry_t PG_G, PG_A, PG_M, PG_RW;
3864 struct spglist free;
3866 int bit, field, freed;
3868 static int active_reclaims = 0;
3870 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
3871 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
3874 PG_G = PG_A = PG_M = PG_RW = 0;
3876 bzero(&pc_marker_b, sizeof(pc_marker_b));
3877 bzero(&pc_marker_end_b, sizeof(pc_marker_end_b));
3878 pc_marker = (struct pv_chunk *)&pc_marker_b;
3879 pc_marker_end = (struct pv_chunk *)&pc_marker_end_b;
3882 * A delayed invalidation block should already be active if
3883 * pmap_advise() or pmap_remove() called this function by way
3884 * of pmap_demote_pde_locked().
3886 start_di = pmap_not_in_di();
3888 mtx_lock(&pv_chunks_mutex);
3890 TAILQ_INSERT_HEAD(&pv_chunks, pc_marker, pc_lru);
3891 TAILQ_INSERT_TAIL(&pv_chunks, pc_marker_end, pc_lru);
3892 while ((pc = TAILQ_NEXT(pc_marker, pc_lru)) != pc_marker_end &&
3893 SLIST_EMPTY(&free)) {
3894 next_pmap = pc->pc_pmap;
3895 if (next_pmap == NULL) {
3897 * The next chunk is a marker. However, it is
3898 * not our marker, so active_reclaims must be
3899 * > 1. Consequently, the next_chunk code
3900 * will not rotate the pv_chunks list.
3904 mtx_unlock(&pv_chunks_mutex);
3907 * A pv_chunk can only be removed from the pc_lru list
3908 * when both pc_chunks_mutex is owned and the
3909 * corresponding pmap is locked.
3911 if (pmap != next_pmap) {
3912 reclaim_pv_chunk_leave_pmap(pmap, locked_pmap,
3915 /* Avoid deadlock and lock recursion. */
3916 if (pmap > locked_pmap) {
3917 RELEASE_PV_LIST_LOCK(lockp);
3920 pmap_delayed_invl_start();
3921 mtx_lock(&pv_chunks_mutex);
3923 } else if (pmap != locked_pmap) {
3924 if (PMAP_TRYLOCK(pmap)) {
3926 pmap_delayed_invl_start();
3927 mtx_lock(&pv_chunks_mutex);
3930 pmap = NULL; /* pmap is not locked */
3931 mtx_lock(&pv_chunks_mutex);
3932 pc = TAILQ_NEXT(pc_marker, pc_lru);
3934 pc->pc_pmap != next_pmap)
3938 } else if (start_di)
3939 pmap_delayed_invl_start();
3940 PG_G = pmap_global_bit(pmap);
3941 PG_A = pmap_accessed_bit(pmap);
3942 PG_M = pmap_modified_bit(pmap);
3943 PG_RW = pmap_rw_bit(pmap);
3947 * Destroy every non-wired, 4 KB page mapping in the chunk.
3950 for (field = 0; field < _NPCM; field++) {
3951 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
3952 inuse != 0; inuse &= ~(1UL << bit)) {
3954 pv = &pc->pc_pventry[field * 64 + bit];
3956 pde = pmap_pde(pmap, va);
3957 if ((*pde & PG_PS) != 0)
3959 pte = pmap_pde_to_pte(pde, va);
3960 if ((*pte & PG_W) != 0)
3962 tpte = pte_load_clear(pte);
3963 if ((tpte & PG_G) != 0)
3964 pmap_invalidate_page(pmap, va);
3965 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
3966 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
3968 if ((tpte & PG_A) != 0)
3969 vm_page_aflag_set(m, PGA_REFERENCED);
3970 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
3971 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3973 if (TAILQ_EMPTY(&m->md.pv_list) &&
3974 (m->flags & PG_FICTITIOUS) == 0) {
3975 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3976 if (TAILQ_EMPTY(&pvh->pv_list)) {
3977 vm_page_aflag_clear(m,
3981 pmap_delayed_invl_page(m);
3982 pc->pc_map[field] |= 1UL << bit;
3983 pmap_unuse_pt(pmap, va, *pde, &free);
3988 mtx_lock(&pv_chunks_mutex);
3991 /* Every freed mapping is for a 4 KB page. */
3992 pmap_resident_count_dec(pmap, freed);
3993 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
3994 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
3995 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
3996 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3997 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
3998 pc->pc_map[2] == PC_FREE2) {
3999 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
4000 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
4001 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
4002 /* Entire chunk is free; return it. */
4003 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
4004 dump_drop_page(m_pc->phys_addr);
4005 mtx_lock(&pv_chunks_mutex);
4006 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
4009 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
4010 mtx_lock(&pv_chunks_mutex);
4011 /* One freed pv entry in locked_pmap is sufficient. */
4012 if (pmap == locked_pmap)
4015 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
4016 TAILQ_INSERT_AFTER(&pv_chunks, pc, pc_marker, pc_lru);
4017 if (active_reclaims == 1 && pmap != NULL) {
4019 * Rotate the pv chunks list so that we do not
4020 * scan the same pv chunks that could not be
4021 * freed (because they contained a wired
4022 * and/or superpage mapping) on every
4023 * invocation of reclaim_pv_chunk().
4025 while ((pc = TAILQ_FIRST(&pv_chunks)) != pc_marker) {
4026 MPASS(pc->pc_pmap != NULL);
4027 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
4028 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
4032 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
4033 TAILQ_REMOVE(&pv_chunks, pc_marker_end, pc_lru);
4035 mtx_unlock(&pv_chunks_mutex);
4036 reclaim_pv_chunk_leave_pmap(pmap, locked_pmap, start_di);
4037 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
4038 m_pc = SLIST_FIRST(&free);
4039 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
4040 /* Recycle a freed page table page. */
4041 m_pc->wire_count = 1;
4043 vm_page_free_pages_toq(&free, true);
4048 * free the pv_entry back to the free list
4051 free_pv_entry(pmap_t pmap, pv_entry_t pv)
4053 struct pv_chunk *pc;
4054 int idx, field, bit;
4056 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4057 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
4058 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
4059 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
4060 pc = pv_to_chunk(pv);
4061 idx = pv - &pc->pc_pventry[0];
4064 pc->pc_map[field] |= 1ul << bit;
4065 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
4066 pc->pc_map[2] != PC_FREE2) {
4067 /* 98% of the time, pc is already at the head of the list. */
4068 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
4069 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4070 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
4074 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4079 free_pv_chunk(struct pv_chunk *pc)
4083 mtx_lock(&pv_chunks_mutex);
4084 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
4085 mtx_unlock(&pv_chunks_mutex);
4086 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
4087 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
4088 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
4089 /* entire chunk is free, return it */
4090 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
4091 dump_drop_page(m->phys_addr);
4092 vm_page_unwire_noq(m);
4097 * Returns a new PV entry, allocating a new PV chunk from the system when
4098 * needed. If this PV chunk allocation fails and a PV list lock pointer was
4099 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
4102 * The given PV list lock may be released.
4105 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
4109 struct pv_chunk *pc;
4112 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4113 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
4115 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
4117 for (field = 0; field < _NPCM; field++) {
4118 if (pc->pc_map[field]) {
4119 bit = bsfq(pc->pc_map[field]);
4123 if (field < _NPCM) {
4124 pv = &pc->pc_pventry[field * 64 + bit];
4125 pc->pc_map[field] &= ~(1ul << bit);
4126 /* If this was the last item, move it to tail */
4127 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
4128 pc->pc_map[2] == 0) {
4129 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4130 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
4133 PV_STAT(atomic_add_long(&pv_entry_count, 1));
4134 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
4138 /* No free items, allocate another chunk */
4139 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
4142 if (lockp == NULL) {
4143 PV_STAT(pc_chunk_tryfail++);
4146 m = reclaim_pv_chunk(pmap, lockp);
4150 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
4151 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
4152 dump_add_page(m->phys_addr);
4153 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
4155 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
4156 pc->pc_map[1] = PC_FREE1;
4157 pc->pc_map[2] = PC_FREE2;
4158 mtx_lock(&pv_chunks_mutex);
4159 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
4160 mtx_unlock(&pv_chunks_mutex);
4161 pv = &pc->pc_pventry[0];
4162 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
4163 PV_STAT(atomic_add_long(&pv_entry_count, 1));
4164 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
4169 * Returns the number of one bits within the given PV chunk map.
4171 * The erratas for Intel processors state that "POPCNT Instruction May
4172 * Take Longer to Execute Than Expected". It is believed that the
4173 * issue is the spurious dependency on the destination register.
4174 * Provide a hint to the register rename logic that the destination
4175 * value is overwritten, by clearing it, as suggested in the
4176 * optimization manual. It should be cheap for unaffected processors
4179 * Reference numbers for erratas are
4180 * 4th Gen Core: HSD146
4181 * 5th Gen Core: BDM85
4182 * 6th Gen Core: SKL029
4185 popcnt_pc_map_pq(uint64_t *map)
4189 __asm __volatile("xorl %k0,%k0;popcntq %2,%0;"
4190 "xorl %k1,%k1;popcntq %3,%1;addl %k1,%k0;"
4191 "xorl %k1,%k1;popcntq %4,%1;addl %k1,%k0"
4192 : "=&r" (result), "=&r" (tmp)
4193 : "m" (map[0]), "m" (map[1]), "m" (map[2]));
4198 * Ensure that the number of spare PV entries in the specified pmap meets or
4199 * exceeds the given count, "needed".
4201 * The given PV list lock may be released.
4204 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
4206 struct pch new_tail;
4207 struct pv_chunk *pc;
4212 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4213 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
4216 * Newly allocated PV chunks must be stored in a private list until
4217 * the required number of PV chunks have been allocated. Otherwise,
4218 * reclaim_pv_chunk() could recycle one of these chunks. In
4219 * contrast, these chunks must be added to the pmap upon allocation.
4221 TAILQ_INIT(&new_tail);
4224 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
4226 if ((cpu_feature2 & CPUID2_POPCNT) == 0)
4227 bit_count((bitstr_t *)pc->pc_map, 0,
4228 sizeof(pc->pc_map) * NBBY, &free);
4231 free = popcnt_pc_map_pq(pc->pc_map);
4235 if (avail >= needed)
4238 for (reclaimed = false; avail < needed; avail += _NPCPV) {
4239 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
4242 m = reclaim_pv_chunk(pmap, lockp);
4247 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
4248 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
4249 dump_add_page(m->phys_addr);
4250 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
4252 pc->pc_map[0] = PC_FREE0;
4253 pc->pc_map[1] = PC_FREE1;
4254 pc->pc_map[2] = PC_FREE2;
4255 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
4256 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
4257 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
4260 * The reclaim might have freed a chunk from the current pmap.
4261 * If that chunk contained available entries, we need to
4262 * re-count the number of available entries.
4267 if (!TAILQ_EMPTY(&new_tail)) {
4268 mtx_lock(&pv_chunks_mutex);
4269 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
4270 mtx_unlock(&pv_chunks_mutex);
4275 * First find and then remove the pv entry for the specified pmap and virtual
4276 * address from the specified pv list. Returns the pv entry if found and NULL
4277 * otherwise. This operation can be performed on pv lists for either 4KB or
4278 * 2MB page mappings.
4280 static __inline pv_entry_t
4281 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
4285 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4286 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
4287 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4296 * After demotion from a 2MB page mapping to 512 4KB page mappings,
4297 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
4298 * entries for each of the 4KB page mappings.
4301 pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
4302 struct rwlock **lockp)
4304 struct md_page *pvh;
4305 struct pv_chunk *pc;
4307 vm_offset_t va_last;
4311 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4312 KASSERT((pa & PDRMASK) == 0,
4313 ("pmap_pv_demote_pde: pa is not 2mpage aligned"));
4314 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
4317 * Transfer the 2mpage's pv entry for this mapping to the first
4318 * page's pv list. Once this transfer begins, the pv list lock
4319 * must not be released until the last pv entry is reinstantiated.
4321 pvh = pa_to_pvh(pa);
4322 va = trunc_2mpage(va);
4323 pv = pmap_pvh_remove(pvh, pmap, va);
4324 KASSERT(pv != NULL, ("pmap_pv_demote_pde: pv not found"));
4325 m = PHYS_TO_VM_PAGE(pa);
4326 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4328 /* Instantiate the remaining NPTEPG - 1 pv entries. */
4329 PV_STAT(atomic_add_long(&pv_entry_allocs, NPTEPG - 1));
4330 va_last = va + NBPDR - PAGE_SIZE;
4332 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
4333 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
4334 pc->pc_map[2] != 0, ("pmap_pv_demote_pde: missing spare"));
4335 for (field = 0; field < _NPCM; field++) {
4336 while (pc->pc_map[field]) {
4337 bit = bsfq(pc->pc_map[field]);
4338 pc->pc_map[field] &= ~(1ul << bit);
4339 pv = &pc->pc_pventry[field * 64 + bit];
4343 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4344 ("pmap_pv_demote_pde: page %p is not managed", m));
4345 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4351 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4352 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
4355 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
4356 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4357 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
4359 PV_STAT(atomic_add_long(&pv_entry_count, NPTEPG - 1));
4360 PV_STAT(atomic_subtract_int(&pv_entry_spare, NPTEPG - 1));
4363 #if VM_NRESERVLEVEL > 0
4365 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
4366 * replace the many pv entries for the 4KB page mappings by a single pv entry
4367 * for the 2MB page mapping.
4370 pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
4371 struct rwlock **lockp)
4373 struct md_page *pvh;
4375 vm_offset_t va_last;
4378 KASSERT((pa & PDRMASK) == 0,
4379 ("pmap_pv_promote_pde: pa is not 2mpage aligned"));
4380 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
4383 * Transfer the first page's pv entry for this mapping to the 2mpage's
4384 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
4385 * a transfer avoids the possibility that get_pv_entry() calls
4386 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
4387 * mappings that is being promoted.
4389 m = PHYS_TO_VM_PAGE(pa);
4390 va = trunc_2mpage(va);
4391 pv = pmap_pvh_remove(&m->md, pmap, va);
4392 KASSERT(pv != NULL, ("pmap_pv_promote_pde: pv not found"));
4393 pvh = pa_to_pvh(pa);
4394 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4396 /* Free the remaining NPTEPG - 1 pv entries. */
4397 va_last = va + NBPDR - PAGE_SIZE;
4401 pmap_pvh_free(&m->md, pmap, va);
4402 } while (va < va_last);
4404 #endif /* VM_NRESERVLEVEL > 0 */
4407 * First find and then destroy the pv entry for the specified pmap and virtual
4408 * address. This operation can be performed on pv lists for either 4KB or 2MB
4412 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
4416 pv = pmap_pvh_remove(pvh, pmap, va);
4417 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
4418 free_pv_entry(pmap, pv);
4422 * Conditionally create the PV entry for a 4KB page mapping if the required
4423 * memory can be allocated without resorting to reclamation.
4426 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
4427 struct rwlock **lockp)
4431 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4432 /* Pass NULL instead of the lock pointer to disable reclamation. */
4433 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
4435 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
4436 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4444 * Create the PV entry for a 2MB page mapping. Always returns true unless the
4445 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
4446 * false if the PV entry cannot be allocated without resorting to reclamation.
4449 pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, pd_entry_t pde, u_int flags,
4450 struct rwlock **lockp)
4452 struct md_page *pvh;
4456 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4457 /* Pass NULL instead of the lock pointer to disable reclamation. */
4458 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
4459 NULL : lockp)) == NULL)
4462 pa = pde & PG_PS_FRAME;
4463 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
4464 pvh = pa_to_pvh(pa);
4465 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4471 * Fills a page table page with mappings to consecutive physical pages.
4474 pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte)
4478 for (pte = firstpte; pte < firstpte + NPTEPG; pte++) {
4480 newpte += PAGE_SIZE;
4485 * Tries to demote a 2MB page mapping. If demotion fails, the 2MB page
4486 * mapping is invalidated.
4489 pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
4491 struct rwlock *lock;
4495 rv = pmap_demote_pde_locked(pmap, pde, va, &lock);
4502 pmap_demote_pde_check(pt_entry_t *firstpte __unused, pt_entry_t newpte __unused)
4506 pt_entry_t *xpte, *ypte;
4508 for (xpte = firstpte; xpte < firstpte + NPTEPG;
4509 xpte++, newpte += PAGE_SIZE) {
4510 if ((*xpte & PG_FRAME) != (newpte & PG_FRAME)) {
4511 printf("pmap_demote_pde: xpte %zd and newpte map "
4512 "different pages: found %#lx, expected %#lx\n",
4513 xpte - firstpte, *xpte, newpte);
4514 printf("page table dump\n");
4515 for (ypte = firstpte; ypte < firstpte + NPTEPG; ypte++)
4516 printf("%zd %#lx\n", ypte - firstpte, *ypte);
4521 KASSERT((*firstpte & PG_FRAME) == (newpte & PG_FRAME),
4522 ("pmap_demote_pde: firstpte and newpte map different physical"
4529 pmap_demote_pde_abort(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
4530 pd_entry_t oldpde, struct rwlock **lockp)
4532 struct spglist free;
4536 sva = trunc_2mpage(va);
4537 pmap_remove_pde(pmap, pde, sva, &free, lockp);
4538 if ((oldpde & pmap_global_bit(pmap)) == 0)
4539 pmap_invalidate_pde_page(pmap, sva, oldpde);
4540 vm_page_free_pages_toq(&free, true);
4541 CTR2(KTR_PMAP, "pmap_demote_pde: failure for va %#lx in pmap %p",
4546 pmap_demote_pde_locked(pmap_t pmap, pd_entry_t *pde, vm_offset_t va,
4547 struct rwlock **lockp)
4549 pd_entry_t newpde, oldpde;
4550 pt_entry_t *firstpte, newpte;
4551 pt_entry_t PG_A, PG_G, PG_M, PG_PKU_MASK, PG_RW, PG_V;
4557 PG_A = pmap_accessed_bit(pmap);
4558 PG_G = pmap_global_bit(pmap);
4559 PG_M = pmap_modified_bit(pmap);
4560 PG_RW = pmap_rw_bit(pmap);
4561 PG_V = pmap_valid_bit(pmap);
4562 PG_PTE_CACHE = pmap_cache_mask(pmap, 0);
4563 PG_PKU_MASK = pmap_pku_mask_bit(pmap);
4565 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4566 in_kernel = va >= VM_MAXUSER_ADDRESS;
4568 KASSERT((oldpde & (PG_PS | PG_V)) == (PG_PS | PG_V),
4569 ("pmap_demote_pde: oldpde is missing PG_PS and/or PG_V"));
4572 * Invalidate the 2MB page mapping and return "failure" if the
4573 * mapping was never accessed.
4575 if ((oldpde & PG_A) == 0) {
4576 KASSERT((oldpde & PG_W) == 0,
4577 ("pmap_demote_pde: a wired mapping is missing PG_A"));
4578 pmap_demote_pde_abort(pmap, va, pde, oldpde, lockp);
4582 mpte = pmap_remove_pt_page(pmap, va);
4584 KASSERT((oldpde & PG_W) == 0,
4585 ("pmap_demote_pde: page table page for a wired mapping"
4589 * If the page table page is missing and the mapping
4590 * is for a kernel address, the mapping must belong to
4591 * the direct map. Page table pages are preallocated
4592 * for every other part of the kernel address space,
4593 * so the direct map region is the only part of the
4594 * kernel address space that must be handled here.
4596 KASSERT(!in_kernel || (va >= DMAP_MIN_ADDRESS &&
4597 va < DMAP_MAX_ADDRESS),
4598 ("pmap_demote_pde: No saved mpte for va %#lx", va));
4601 * If the 2MB page mapping belongs to the direct map
4602 * region of the kernel's address space, then the page
4603 * allocation request specifies the highest possible
4604 * priority (VM_ALLOC_INTERRUPT). Otherwise, the
4605 * priority is normal.
4607 mpte = vm_page_alloc(NULL, pmap_pde_pindex(va),
4608 (in_kernel ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
4609 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
4612 * If the allocation of the new page table page fails,
4613 * invalidate the 2MB page mapping and return "failure".
4616 pmap_demote_pde_abort(pmap, va, pde, oldpde, lockp);
4621 mpte->wire_count = NPTEPG;
4622 pmap_resident_count_inc(pmap, 1);
4625 mptepa = VM_PAGE_TO_PHYS(mpte);
4626 firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa);
4627 newpde = mptepa | PG_M | PG_A | (oldpde & PG_U) | PG_RW | PG_V;
4628 KASSERT((oldpde & (PG_M | PG_RW)) != PG_RW,
4629 ("pmap_demote_pde: oldpde is missing PG_M"));
4630 newpte = oldpde & ~PG_PS;
4631 newpte = pmap_swap_pat(pmap, newpte);
4634 * If the page table page is not leftover from an earlier promotion,
4637 if (mpte->valid == 0)
4638 pmap_fill_ptp(firstpte, newpte);
4640 pmap_demote_pde_check(firstpte, newpte);
4643 * If the mapping has changed attributes, update the page table
4646 if ((*firstpte & PG_PTE_PROMOTE) != (newpte & PG_PTE_PROMOTE))
4647 pmap_fill_ptp(firstpte, newpte);
4650 * The spare PV entries must be reserved prior to demoting the
4651 * mapping, that is, prior to changing the PDE. Otherwise, the state
4652 * of the PDE and the PV lists will be inconsistent, which can result
4653 * in reclaim_pv_chunk() attempting to remove a PV entry from the
4654 * wrong PV list and pmap_pv_demote_pde() failing to find the expected
4655 * PV entry for the 2MB page mapping that is being demoted.
4657 if ((oldpde & PG_MANAGED) != 0)
4658 reserve_pv_entries(pmap, NPTEPG - 1, lockp);
4661 * Demote the mapping. This pmap is locked. The old PDE has
4662 * PG_A set. If the old PDE has PG_RW set, it also has PG_M
4663 * set. Thus, there is no danger of a race with another
4664 * processor changing the setting of PG_A and/or PG_M between
4665 * the read above and the store below.
4667 if (workaround_erratum383)
4668 pmap_update_pde(pmap, va, pde, newpde);
4670 pde_store(pde, newpde);
4673 * Invalidate a stale recursive mapping of the page table page.
4676 pmap_invalidate_page(pmap, (vm_offset_t)vtopte(va));
4679 * Demote the PV entry.
4681 if ((oldpde & PG_MANAGED) != 0)
4682 pmap_pv_demote_pde(pmap, va, oldpde & PG_PS_FRAME, lockp);
4684 atomic_add_long(&pmap_pde_demotions, 1);
4685 CTR2(KTR_PMAP, "pmap_demote_pde: success for va %#lx in pmap %p",
4691 * pmap_remove_kernel_pde: Remove a kernel superpage mapping.
4694 pmap_remove_kernel_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
4700 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
4701 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4702 mpte = pmap_remove_pt_page(pmap, va);
4704 panic("pmap_remove_kernel_pde: Missing pt page.");
4706 mptepa = VM_PAGE_TO_PHYS(mpte);
4707 newpde = mptepa | X86_PG_M | X86_PG_A | X86_PG_RW | X86_PG_V;
4710 * If this page table page was unmapped by a promotion, then it
4711 * contains valid mappings. Zero it to invalidate those mappings.
4713 if (mpte->valid != 0)
4714 pagezero((void *)PHYS_TO_DMAP(mptepa));
4717 * Demote the mapping.
4719 if (workaround_erratum383)
4720 pmap_update_pde(pmap, va, pde, newpde);
4722 pde_store(pde, newpde);
4725 * Invalidate a stale recursive mapping of the page table page.
4727 pmap_invalidate_page(pmap, (vm_offset_t)vtopte(va));
4731 * pmap_remove_pde: do the things to unmap a superpage in a process
4734 pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
4735 struct spglist *free, struct rwlock **lockp)
4737 struct md_page *pvh;
4739 vm_offset_t eva, va;
4741 pt_entry_t PG_G, PG_A, PG_M, PG_RW;
4743 PG_G = pmap_global_bit(pmap);
4744 PG_A = pmap_accessed_bit(pmap);
4745 PG_M = pmap_modified_bit(pmap);
4746 PG_RW = pmap_rw_bit(pmap);
4748 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4749 KASSERT((sva & PDRMASK) == 0,
4750 ("pmap_remove_pde: sva is not 2mpage aligned"));
4751 oldpde = pte_load_clear(pdq);
4753 pmap->pm_stats.wired_count -= NBPDR / PAGE_SIZE;
4754 if ((oldpde & PG_G) != 0)
4755 pmap_invalidate_pde_page(kernel_pmap, sva, oldpde);
4756 pmap_resident_count_dec(pmap, NBPDR / PAGE_SIZE);
4757 if (oldpde & PG_MANAGED) {
4758 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, oldpde & PG_PS_FRAME);
4759 pvh = pa_to_pvh(oldpde & PG_PS_FRAME);
4760 pmap_pvh_free(pvh, pmap, sva);
4762 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
4763 va < eva; va += PAGE_SIZE, m++) {
4764 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
4767 vm_page_aflag_set(m, PGA_REFERENCED);
4768 if (TAILQ_EMPTY(&m->md.pv_list) &&
4769 TAILQ_EMPTY(&pvh->pv_list))
4770 vm_page_aflag_clear(m, PGA_WRITEABLE);
4771 pmap_delayed_invl_page(m);
4774 if (pmap == kernel_pmap) {
4775 pmap_remove_kernel_pde(pmap, pdq, sva);
4777 mpte = pmap_remove_pt_page(pmap, sva);
4779 KASSERT(mpte->valid == VM_PAGE_BITS_ALL,
4780 ("pmap_remove_pde: pte page not promoted"));
4781 pmap_resident_count_dec(pmap, 1);
4782 KASSERT(mpte->wire_count == NPTEPG,
4783 ("pmap_remove_pde: pte page wire count error"));
4784 mpte->wire_count = 0;
4785 pmap_add_delayed_free_list(mpte, free, FALSE);
4788 return (pmap_unuse_pt(pmap, sva, *pmap_pdpe(pmap, sva), free));
4792 * pmap_remove_pte: do the things to unmap a page in a process
4795 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va,
4796 pd_entry_t ptepde, struct spglist *free, struct rwlock **lockp)
4798 struct md_page *pvh;
4799 pt_entry_t oldpte, PG_A, PG_M, PG_RW;
4802 PG_A = pmap_accessed_bit(pmap);
4803 PG_M = pmap_modified_bit(pmap);
4804 PG_RW = pmap_rw_bit(pmap);
4806 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4807 oldpte = pte_load_clear(ptq);
4809 pmap->pm_stats.wired_count -= 1;
4810 pmap_resident_count_dec(pmap, 1);
4811 if (oldpte & PG_MANAGED) {
4812 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
4813 if ((oldpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
4816 vm_page_aflag_set(m, PGA_REFERENCED);
4817 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
4818 pmap_pvh_free(&m->md, pmap, va);
4819 if (TAILQ_EMPTY(&m->md.pv_list) &&
4820 (m->flags & PG_FICTITIOUS) == 0) {
4821 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4822 if (TAILQ_EMPTY(&pvh->pv_list))
4823 vm_page_aflag_clear(m, PGA_WRITEABLE);
4825 pmap_delayed_invl_page(m);
4827 return (pmap_unuse_pt(pmap, va, ptepde, free));
4831 * Remove a single page from a process address space
4834 pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
4835 struct spglist *free)
4837 struct rwlock *lock;
4838 pt_entry_t *pte, PG_V;
4840 PG_V = pmap_valid_bit(pmap);
4841 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4842 if ((*pde & PG_V) == 0)
4844 pte = pmap_pde_to_pte(pde, va);
4845 if ((*pte & PG_V) == 0)
4848 pmap_remove_pte(pmap, pte, va, *pde, free, &lock);
4851 pmap_invalidate_page(pmap, va);
4855 * Removes the specified range of addresses from the page table page.
4858 pmap_remove_ptes(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
4859 pd_entry_t *pde, struct spglist *free, struct rwlock **lockp)
4861 pt_entry_t PG_G, *pte;
4865 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4866 PG_G = pmap_global_bit(pmap);
4869 for (pte = pmap_pde_to_pte(pde, sva); sva != eva; pte++,
4873 pmap_invalidate_range(pmap, va, sva);
4878 if ((*pte & PG_G) == 0)
4882 if (pmap_remove_pte(pmap, pte, sva, *pde, free, lockp)) {
4888 pmap_invalidate_range(pmap, va, sva);
4893 * Remove the given range of addresses from the specified map.
4895 * It is assumed that the start and end are properly
4896 * rounded to the page size.
4899 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4901 struct rwlock *lock;
4902 vm_offset_t va_next;
4903 pml4_entry_t *pml4e;
4905 pd_entry_t ptpaddr, *pde;
4906 pt_entry_t PG_G, PG_V;
4907 struct spglist free;
4910 PG_G = pmap_global_bit(pmap);
4911 PG_V = pmap_valid_bit(pmap);
4914 * Perform an unsynchronized read. This is, however, safe.
4916 if (pmap->pm_stats.resident_count == 0)
4922 pmap_delayed_invl_start();
4926 * special handling of removing one page. a very
4927 * common operation and easy to short circuit some
4930 if (sva + PAGE_SIZE == eva) {
4931 pde = pmap_pde(pmap, sva);
4932 if (pde && (*pde & PG_PS) == 0) {
4933 pmap_remove_page(pmap, sva, pde, &free);
4939 for (; sva < eva; sva = va_next) {
4941 if (pmap->pm_stats.resident_count == 0)
4944 pml4e = pmap_pml4e(pmap, sva);
4945 if ((*pml4e & PG_V) == 0) {
4946 va_next = (sva + NBPML4) & ~PML4MASK;
4952 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
4953 if ((*pdpe & PG_V) == 0) {
4954 va_next = (sva + NBPDP) & ~PDPMASK;
4961 * Calculate index for next page table.
4963 va_next = (sva + NBPDR) & ~PDRMASK;
4967 pde = pmap_pdpe_to_pde(pdpe, sva);
4971 * Weed out invalid mappings.
4977 * Check for large page.
4979 if ((ptpaddr & PG_PS) != 0) {
4981 * Are we removing the entire large page? If not,
4982 * demote the mapping and fall through.
4984 if (sva + NBPDR == va_next && eva >= va_next) {
4986 * The TLB entry for a PG_G mapping is
4987 * invalidated by pmap_remove_pde().
4989 if ((ptpaddr & PG_G) == 0)
4991 pmap_remove_pde(pmap, pde, sva, &free, &lock);
4993 } else if (!pmap_demote_pde_locked(pmap, pde, sva,
4995 /* The large page mapping was destroyed. */
5002 * Limit our scan to either the end of the va represented
5003 * by the current page table page, or to the end of the
5004 * range being removed.
5009 if (pmap_remove_ptes(pmap, sva, va_next, pde, &free, &lock))
5016 pmap_invalidate_all(pmap);
5017 pmap_pkru_on_remove(pmap, sva, eva);
5019 pmap_delayed_invl_finish();
5020 vm_page_free_pages_toq(&free, true);
5024 * Routine: pmap_remove_all
5026 * Removes this physical page from
5027 * all physical maps in which it resides.
5028 * Reflects back modify bits to the pager.
5031 * Original versions of this routine were very
5032 * inefficient because they iteratively called
5033 * pmap_remove (slow...)
5037 pmap_remove_all(vm_page_t m)
5039 struct md_page *pvh;
5042 struct rwlock *lock;
5043 pt_entry_t *pte, tpte, PG_A, PG_M, PG_RW;
5046 struct spglist free;
5047 int pvh_gen, md_gen;
5049 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5050 ("pmap_remove_all: page %p is not managed", m));
5052 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5053 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
5054 pa_to_pvh(VM_PAGE_TO_PHYS(m));
5057 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
5059 if (!PMAP_TRYLOCK(pmap)) {
5060 pvh_gen = pvh->pv_gen;
5064 if (pvh_gen != pvh->pv_gen) {
5071 pde = pmap_pde(pmap, va);
5072 (void)pmap_demote_pde_locked(pmap, pde, va, &lock);
5075 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
5077 if (!PMAP_TRYLOCK(pmap)) {
5078 pvh_gen = pvh->pv_gen;
5079 md_gen = m->md.pv_gen;
5083 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5089 PG_A = pmap_accessed_bit(pmap);
5090 PG_M = pmap_modified_bit(pmap);
5091 PG_RW = pmap_rw_bit(pmap);
5092 pmap_resident_count_dec(pmap, 1);
5093 pde = pmap_pde(pmap, pv->pv_va);
5094 KASSERT((*pde & PG_PS) == 0, ("pmap_remove_all: found"
5095 " a 2mpage in page %p's pv list", m));
5096 pte = pmap_pde_to_pte(pde, pv->pv_va);
5097 tpte = pte_load_clear(pte);
5099 pmap->pm_stats.wired_count--;
5101 vm_page_aflag_set(m, PGA_REFERENCED);
5104 * Update the vm_page_t clean and reference bits.
5106 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5108 pmap_unuse_pt(pmap, pv->pv_va, *pde, &free);
5109 pmap_invalidate_page(pmap, pv->pv_va);
5110 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
5112 free_pv_entry(pmap, pv);
5115 vm_page_aflag_clear(m, PGA_WRITEABLE);
5117 pmap_delayed_invl_wait(m);
5118 vm_page_free_pages_toq(&free, true);
5122 * pmap_protect_pde: do the things to protect a 2mpage in a process
5125 pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva, vm_prot_t prot)
5127 pd_entry_t newpde, oldpde;
5128 vm_offset_t eva, va;
5130 boolean_t anychanged;
5131 pt_entry_t PG_G, PG_M, PG_RW;
5133 PG_G = pmap_global_bit(pmap);
5134 PG_M = pmap_modified_bit(pmap);
5135 PG_RW = pmap_rw_bit(pmap);
5137 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5138 KASSERT((sva & PDRMASK) == 0,
5139 ("pmap_protect_pde: sva is not 2mpage aligned"));
5142 oldpde = newpde = *pde;
5143 if ((oldpde & (PG_MANAGED | PG_M | PG_RW)) ==
5144 (PG_MANAGED | PG_M | PG_RW)) {
5146 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
5147 va < eva; va += PAGE_SIZE, m++)
5150 if ((prot & VM_PROT_WRITE) == 0)
5151 newpde &= ~(PG_RW | PG_M);
5152 if ((prot & VM_PROT_EXECUTE) == 0)
5154 if (newpde != oldpde) {
5156 * As an optimization to future operations on this PDE, clear
5157 * PG_PROMOTED. The impending invalidation will remove any
5158 * lingering 4KB page mappings from the TLB.
5160 if (!atomic_cmpset_long(pde, oldpde, newpde & ~PG_PROMOTED))
5162 if ((oldpde & PG_G) != 0)
5163 pmap_invalidate_pde_page(kernel_pmap, sva, oldpde);
5167 return (anychanged);
5171 * Set the physical protection on the
5172 * specified range of this map as requested.
5175 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
5177 vm_offset_t va_next;
5178 pml4_entry_t *pml4e;
5180 pd_entry_t ptpaddr, *pde;
5181 pt_entry_t *pte, PG_G, PG_M, PG_RW, PG_V;
5182 boolean_t anychanged;
5184 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
5185 if (prot == VM_PROT_NONE) {
5186 pmap_remove(pmap, sva, eva);
5190 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
5191 (VM_PROT_WRITE|VM_PROT_EXECUTE))
5194 PG_G = pmap_global_bit(pmap);
5195 PG_M = pmap_modified_bit(pmap);
5196 PG_V = pmap_valid_bit(pmap);
5197 PG_RW = pmap_rw_bit(pmap);
5201 * Although this function delays and batches the invalidation
5202 * of stale TLB entries, it does not need to call
5203 * pmap_delayed_invl_start() and
5204 * pmap_delayed_invl_finish(), because it does not
5205 * ordinarily destroy mappings. Stale TLB entries from
5206 * protection-only changes need only be invalidated before the
5207 * pmap lock is released, because protection-only changes do
5208 * not destroy PV entries. Even operations that iterate over
5209 * a physical page's PV list of mappings, like
5210 * pmap_remove_write(), acquire the pmap lock for each
5211 * mapping. Consequently, for protection-only changes, the
5212 * pmap lock suffices to synchronize both page table and TLB
5215 * This function only destroys a mapping if pmap_demote_pde()
5216 * fails. In that case, stale TLB entries are immediately
5221 for (; sva < eva; sva = va_next) {
5223 pml4e = pmap_pml4e(pmap, sva);
5224 if ((*pml4e & PG_V) == 0) {
5225 va_next = (sva + NBPML4) & ~PML4MASK;
5231 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
5232 if ((*pdpe & PG_V) == 0) {
5233 va_next = (sva + NBPDP) & ~PDPMASK;
5239 va_next = (sva + NBPDR) & ~PDRMASK;
5243 pde = pmap_pdpe_to_pde(pdpe, sva);
5247 * Weed out invalid mappings.
5253 * Check for large page.
5255 if ((ptpaddr & PG_PS) != 0) {
5257 * Are we protecting the entire large page? If not,
5258 * demote the mapping and fall through.
5260 if (sva + NBPDR == va_next && eva >= va_next) {
5262 * The TLB entry for a PG_G mapping is
5263 * invalidated by pmap_protect_pde().
5265 if (pmap_protect_pde(pmap, pde, sva, prot))
5268 } else if (!pmap_demote_pde(pmap, pde, sva)) {
5270 * The large page mapping was destroyed.
5279 for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
5281 pt_entry_t obits, pbits;
5285 obits = pbits = *pte;
5286 if ((pbits & PG_V) == 0)
5289 if ((prot & VM_PROT_WRITE) == 0) {
5290 if ((pbits & (PG_MANAGED | PG_M | PG_RW)) ==
5291 (PG_MANAGED | PG_M | PG_RW)) {
5292 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
5295 pbits &= ~(PG_RW | PG_M);
5297 if ((prot & VM_PROT_EXECUTE) == 0)
5300 if (pbits != obits) {
5301 if (!atomic_cmpset_long(pte, obits, pbits))
5304 pmap_invalidate_page(pmap, sva);
5311 pmap_invalidate_all(pmap);
5315 #if VM_NRESERVLEVEL > 0
5317 * Tries to promote the 512, contiguous 4KB page mappings that are within a
5318 * single page table page (PTP) to a single 2MB page mapping. For promotion
5319 * to occur, two conditions must be met: (1) the 4KB page mappings must map
5320 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
5321 * identical characteristics.
5324 pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va,
5325 struct rwlock **lockp)
5328 pt_entry_t *firstpte, oldpte, pa, *pte;
5329 pt_entry_t PG_G, PG_A, PG_M, PG_RW, PG_V, PG_PKU_MASK;
5333 PG_A = pmap_accessed_bit(pmap);
5334 PG_G = pmap_global_bit(pmap);
5335 PG_M = pmap_modified_bit(pmap);
5336 PG_V = pmap_valid_bit(pmap);
5337 PG_RW = pmap_rw_bit(pmap);
5338 PG_PKU_MASK = pmap_pku_mask_bit(pmap);
5339 PG_PTE_CACHE = pmap_cache_mask(pmap, 0);
5341 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5344 * Examine the first PTE in the specified PTP. Abort if this PTE is
5345 * either invalid, unused, or does not map the first 4KB physical page
5346 * within a 2MB page.
5348 firstpte = (pt_entry_t *)PHYS_TO_DMAP(*pde & PG_FRAME);
5351 if ((newpde & ((PG_FRAME & PDRMASK) | PG_A | PG_V)) != (PG_A | PG_V)) {
5352 atomic_add_long(&pmap_pde_p_failures, 1);
5353 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#lx"
5354 " in pmap %p", va, pmap);
5357 if ((newpde & (PG_M | PG_RW)) == PG_RW) {
5359 * When PG_M is already clear, PG_RW can be cleared without
5360 * a TLB invalidation.
5362 if (!atomic_cmpset_long(firstpte, newpde, newpde & ~PG_RW))
5368 * Examine each of the other PTEs in the specified PTP. Abort if this
5369 * PTE maps an unexpected 4KB physical page or does not have identical
5370 * characteristics to the first PTE.
5372 pa = (newpde & (PG_PS_FRAME | PG_A | PG_V)) + NBPDR - PAGE_SIZE;
5373 for (pte = firstpte + NPTEPG - 1; pte > firstpte; pte--) {
5376 if ((oldpte & (PG_FRAME | PG_A | PG_V)) != pa) {
5377 atomic_add_long(&pmap_pde_p_failures, 1);
5378 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#lx"
5379 " in pmap %p", va, pmap);
5382 if ((oldpte & (PG_M | PG_RW)) == PG_RW) {
5384 * When PG_M is already clear, PG_RW can be cleared
5385 * without a TLB invalidation.
5387 if (!atomic_cmpset_long(pte, oldpte, oldpte & ~PG_RW))
5390 CTR2(KTR_PMAP, "pmap_promote_pde: protect for va %#lx"
5391 " in pmap %p", (oldpte & PG_FRAME & PDRMASK) |
5392 (va & ~PDRMASK), pmap);
5394 if ((oldpte & PG_PTE_PROMOTE) != (newpde & PG_PTE_PROMOTE)) {
5395 atomic_add_long(&pmap_pde_p_failures, 1);
5396 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#lx"
5397 " in pmap %p", va, pmap);
5404 * Save the page table page in its current state until the PDE
5405 * mapping the superpage is demoted by pmap_demote_pde() or
5406 * destroyed by pmap_remove_pde().
5408 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
5409 KASSERT(mpte >= vm_page_array &&
5410 mpte < &vm_page_array[vm_page_array_size],
5411 ("pmap_promote_pde: page table page is out of range"));
5412 KASSERT(mpte->pindex == pmap_pde_pindex(va),
5413 ("pmap_promote_pde: page table page's pindex is wrong"));
5414 if (pmap_insert_pt_page(pmap, mpte, true)) {
5415 atomic_add_long(&pmap_pde_p_failures, 1);
5417 "pmap_promote_pde: failure for va %#lx in pmap %p", va,
5423 * Promote the pv entries.
5425 if ((newpde & PG_MANAGED) != 0)
5426 pmap_pv_promote_pde(pmap, va, newpde & PG_PS_FRAME, lockp);
5429 * Propagate the PAT index to its proper position.
5431 newpde = pmap_swap_pat(pmap, newpde);
5434 * Map the superpage.
5436 if (workaround_erratum383)
5437 pmap_update_pde(pmap, va, pde, PG_PS | newpde);
5439 pde_store(pde, PG_PROMOTED | PG_PS | newpde);
5441 atomic_add_long(&pmap_pde_promotions, 1);
5442 CTR2(KTR_PMAP, "pmap_promote_pde: success for va %#lx"
5443 " in pmap %p", va, pmap);
5445 #endif /* VM_NRESERVLEVEL > 0 */
5448 * Insert the given physical page (p) at
5449 * the specified virtual address (v) in the
5450 * target physical map with the protection requested.
5452 * If specified, the page will be wired down, meaning
5453 * that the related pte can not be reclaimed.
5455 * NB: This is the only routine which MAY NOT lazy-evaluate
5456 * or lose information. That is, this routine must actually
5457 * insert this page into the given map NOW.
5459 * When destroying both a page table and PV entry, this function
5460 * performs the TLB invalidation before releasing the PV list
5461 * lock, so we do not need pmap_delayed_invl_page() calls here.
5464 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
5465 u_int flags, int8_t psind)
5467 struct rwlock *lock;
5469 pt_entry_t *pte, PG_G, PG_A, PG_M, PG_RW, PG_V;
5470 pt_entry_t newpte, origpte;
5477 PG_A = pmap_accessed_bit(pmap);
5478 PG_G = pmap_global_bit(pmap);
5479 PG_M = pmap_modified_bit(pmap);
5480 PG_V = pmap_valid_bit(pmap);
5481 PG_RW = pmap_rw_bit(pmap);
5483 va = trunc_page(va);
5484 KASSERT(va <= VM_MAX_KERNEL_ADDRESS, ("pmap_enter: toobig"));
5485 KASSERT(va < UPT_MIN_ADDRESS || va >= UPT_MAX_ADDRESS,
5486 ("pmap_enter: invalid to pmap_enter page table pages (va: 0x%lx)",
5488 KASSERT((m->oflags & VPO_UNMANAGED) != 0 || va < kmi.clean_sva ||
5489 va >= kmi.clean_eva,
5490 ("pmap_enter: managed mapping within the clean submap"));
5491 if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
5492 VM_OBJECT_ASSERT_LOCKED(m->object);
5493 KASSERT((flags & PMAP_ENTER_RESERVED) == 0,
5494 ("pmap_enter: flags %u has reserved bits set", flags));
5495 pa = VM_PAGE_TO_PHYS(m);
5496 newpte = (pt_entry_t)(pa | PG_A | PG_V);
5497 if ((flags & VM_PROT_WRITE) != 0)
5499 if ((prot & VM_PROT_WRITE) != 0)
5501 KASSERT((newpte & (PG_M | PG_RW)) != PG_M,
5502 ("pmap_enter: flags includes VM_PROT_WRITE but prot doesn't"));
5503 if ((prot & VM_PROT_EXECUTE) == 0)
5505 if ((flags & PMAP_ENTER_WIRED) != 0)
5507 if (va < VM_MAXUSER_ADDRESS)
5509 if (pmap == kernel_pmap)
5511 newpte |= pmap_cache_bits(pmap, m->md.pat_mode, psind > 0);
5514 * Set modified bit gratuitously for writeable mappings if
5515 * the page is unmanaged. We do not want to take a fault
5516 * to do the dirty bit accounting for these mappings.
5518 if ((m->oflags & VPO_UNMANAGED) != 0) {
5519 if ((newpte & PG_RW) != 0)
5522 newpte |= PG_MANAGED;
5527 /* Assert the required virtual and physical alignment. */
5528 KASSERT((va & PDRMASK) == 0, ("pmap_enter: va unaligned"));
5529 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
5530 rv = pmap_enter_pde(pmap, va, newpte | PG_PS, flags, m, &lock);
5536 * In the case that a page table page is not
5537 * resident, we are creating it here.
5540 pde = pmap_pde(pmap, va);
5541 if (pde != NULL && (*pde & PG_V) != 0 && ((*pde & PG_PS) == 0 ||
5542 pmap_demote_pde_locked(pmap, pde, va, &lock))) {
5543 pte = pmap_pde_to_pte(pde, va);
5544 if (va < VM_MAXUSER_ADDRESS && mpte == NULL) {
5545 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
5548 } else if (va < VM_MAXUSER_ADDRESS) {
5550 * Here if the pte page isn't mapped, or if it has been
5553 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
5554 mpte = _pmap_allocpte(pmap, pmap_pde_pindex(va),
5555 nosleep ? NULL : &lock);
5556 if (mpte == NULL && nosleep) {
5557 rv = KERN_RESOURCE_SHORTAGE;
5562 panic("pmap_enter: invalid page directory va=%#lx", va);
5566 if (va < VM_MAXUSER_ADDRESS && pmap->pm_type == PT_X86)
5567 newpte |= pmap_pkru_get(pmap, va);
5570 * Is the specified virtual address already mapped?
5572 if ((origpte & PG_V) != 0) {
5574 * Wiring change, just update stats. We don't worry about
5575 * wiring PT pages as they remain resident as long as there
5576 * are valid mappings in them. Hence, if a user page is wired,
5577 * the PT page will be also.
5579 if ((newpte & PG_W) != 0 && (origpte & PG_W) == 0)
5580 pmap->pm_stats.wired_count++;
5581 else if ((newpte & PG_W) == 0 && (origpte & PG_W) != 0)
5582 pmap->pm_stats.wired_count--;
5585 * Remove the extra PT page reference.
5589 KASSERT(mpte->wire_count > 0,
5590 ("pmap_enter: missing reference to page table page,"
5595 * Has the physical page changed?
5597 opa = origpte & PG_FRAME;
5600 * No, might be a protection or wiring change.
5602 if ((origpte & PG_MANAGED) != 0 &&
5603 (newpte & PG_RW) != 0)
5604 vm_page_aflag_set(m, PGA_WRITEABLE);
5605 if (((origpte ^ newpte) & ~(PG_M | PG_A)) == 0)
5611 * The physical page has changed. Temporarily invalidate
5612 * the mapping. This ensures that all threads sharing the
5613 * pmap keep a consistent view of the mapping, which is
5614 * necessary for the correct handling of COW faults. It
5615 * also permits reuse of the old mapping's PV entry,
5616 * avoiding an allocation.
5618 * For consistency, handle unmanaged mappings the same way.
5620 origpte = pte_load_clear(pte);
5621 KASSERT((origpte & PG_FRAME) == opa,
5622 ("pmap_enter: unexpected pa update for %#lx", va));
5623 if ((origpte & PG_MANAGED) != 0) {
5624 om = PHYS_TO_VM_PAGE(opa);
5627 * The pmap lock is sufficient to synchronize with
5628 * concurrent calls to pmap_page_test_mappings() and
5629 * pmap_ts_referenced().
5631 if ((origpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5633 if ((origpte & PG_A) != 0)
5634 vm_page_aflag_set(om, PGA_REFERENCED);
5635 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
5636 pv = pmap_pvh_remove(&om->md, pmap, va);
5638 ("pmap_enter: no PV entry for %#lx", va));
5639 if ((newpte & PG_MANAGED) == 0)
5640 free_pv_entry(pmap, pv);
5641 if ((om->aflags & PGA_WRITEABLE) != 0 &&
5642 TAILQ_EMPTY(&om->md.pv_list) &&
5643 ((om->flags & PG_FICTITIOUS) != 0 ||
5644 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
5645 vm_page_aflag_clear(om, PGA_WRITEABLE);
5647 if ((origpte & PG_A) != 0)
5648 pmap_invalidate_page(pmap, va);
5652 * Increment the counters.
5654 if ((newpte & PG_W) != 0)
5655 pmap->pm_stats.wired_count++;
5656 pmap_resident_count_inc(pmap, 1);
5660 * Enter on the PV list if part of our managed memory.
5662 if ((newpte & PG_MANAGED) != 0) {
5664 pv = get_pv_entry(pmap, &lock);
5667 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
5668 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
5670 if ((newpte & PG_RW) != 0)
5671 vm_page_aflag_set(m, PGA_WRITEABLE);
5677 if ((origpte & PG_V) != 0) {
5679 origpte = pte_load_store(pte, newpte);
5680 KASSERT((origpte & PG_FRAME) == pa,
5681 ("pmap_enter: unexpected pa update for %#lx", va));
5682 if ((newpte & PG_M) == 0 && (origpte & (PG_M | PG_RW)) ==
5684 if ((origpte & PG_MANAGED) != 0)
5688 * Although the PTE may still have PG_RW set, TLB
5689 * invalidation may nonetheless be required because
5690 * the PTE no longer has PG_M set.
5692 } else if ((origpte & PG_NX) != 0 || (newpte & PG_NX) == 0) {
5694 * This PTE change does not require TLB invalidation.
5698 if ((origpte & PG_A) != 0)
5699 pmap_invalidate_page(pmap, va);
5701 pte_store(pte, newpte);
5705 #if VM_NRESERVLEVEL > 0
5707 * If both the page table page and the reservation are fully
5708 * populated, then attempt promotion.
5710 if ((mpte == NULL || mpte->wire_count == NPTEPG) &&
5711 pmap_ps_enabled(pmap) &&
5712 (m->flags & PG_FICTITIOUS) == 0 &&
5713 vm_reserv_level_iffullpop(m) == 0)
5714 pmap_promote_pde(pmap, pde, va, &lock);
5726 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
5727 * if successful. Returns false if (1) a page table page cannot be allocated
5728 * without sleeping, (2) a mapping already exists at the specified virtual
5729 * address, or (3) a PV entry cannot be allocated without reclaiming another
5733 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
5734 struct rwlock **lockp)
5739 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5740 PG_V = pmap_valid_bit(pmap);
5741 newpde = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(pmap, m->md.pat_mode, 1) |
5743 if ((m->oflags & VPO_UNMANAGED) == 0)
5744 newpde |= PG_MANAGED;
5745 if ((prot & VM_PROT_EXECUTE) == 0)
5747 if (va < VM_MAXUSER_ADDRESS)
5749 return (pmap_enter_pde(pmap, va, newpde, PMAP_ENTER_NOSLEEP |
5750 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
5755 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
5756 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
5757 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
5758 * a mapping already exists at the specified virtual address. Returns
5759 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
5760 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
5761 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
5763 * The parameter "m" is only used when creating a managed, writeable mapping.
5766 pmap_enter_pde(pmap_t pmap, vm_offset_t va, pd_entry_t newpde, u_int flags,
5767 vm_page_t m, struct rwlock **lockp)
5769 struct spglist free;
5770 pd_entry_t oldpde, *pde;
5771 pt_entry_t PG_G, PG_RW, PG_V;
5774 KASSERT(pmap == kernel_pmap || (newpde & PG_W) == 0,
5775 ("pmap_enter_pde: cannot create wired user mapping"));
5776 PG_G = pmap_global_bit(pmap);
5777 PG_RW = pmap_rw_bit(pmap);
5778 KASSERT((newpde & (pmap_modified_bit(pmap) | PG_RW)) != PG_RW,
5779 ("pmap_enter_pde: newpde is missing PG_M"));
5780 PG_V = pmap_valid_bit(pmap);
5781 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5783 if ((pdpg = pmap_allocpde(pmap, va, (flags & PMAP_ENTER_NOSLEEP) != 0 ?
5784 NULL : lockp)) == NULL) {
5785 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
5786 " in pmap %p", va, pmap);
5787 return (KERN_RESOURCE_SHORTAGE);
5791 * If pkru is not same for the whole pde range, return failure
5792 * and let vm_fault() cope. Check after pde allocation, since
5795 if (!pmap_pkru_same(pmap, va, va + NBPDR)) {
5797 if (pmap_unwire_ptp(pmap, va, pdpg, &free)) {
5798 pmap_invalidate_page(pmap, va);
5799 vm_page_free_pages_toq(&free, true);
5801 return (KERN_FAILURE);
5803 if (va < VM_MAXUSER_ADDRESS && pmap->pm_type == PT_X86) {
5804 newpde &= ~X86_PG_PKU_MASK;
5805 newpde |= pmap_pkru_get(pmap, va);
5808 pde = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
5809 pde = &pde[pmap_pde_index(va)];
5811 if ((oldpde & PG_V) != 0) {
5812 KASSERT(pdpg->wire_count > 1,
5813 ("pmap_enter_pde: pdpg's wire count is too low"));
5814 if ((flags & PMAP_ENTER_NOREPLACE) != 0) {
5816 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
5817 " in pmap %p", va, pmap);
5818 return (KERN_FAILURE);
5820 /* Break the existing mapping(s). */
5822 if ((oldpde & PG_PS) != 0) {
5824 * The reference to the PD page that was acquired by
5825 * pmap_allocpde() ensures that it won't be freed.
5826 * However, if the PDE resulted from a promotion, then
5827 * a reserved PT page could be freed.
5829 (void)pmap_remove_pde(pmap, pde, va, &free, lockp);
5830 if ((oldpde & PG_G) == 0)
5831 pmap_invalidate_pde_page(pmap, va, oldpde);
5833 pmap_delayed_invl_start();
5834 if (pmap_remove_ptes(pmap, va, va + NBPDR, pde, &free,
5836 pmap_invalidate_all(pmap);
5837 pmap_delayed_invl_finish();
5839 vm_page_free_pages_toq(&free, true);
5840 if (va >= VM_MAXUSER_ADDRESS) {
5842 * Both pmap_remove_pde() and pmap_remove_ptes() will
5843 * leave the kernel page table page zero filled.
5845 mt = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
5846 if (pmap_insert_pt_page(pmap, mt, false))
5847 panic("pmap_enter_pde: trie insert failed");
5849 KASSERT(*pde == 0, ("pmap_enter_pde: non-zero pde %p",
5852 if ((newpde & PG_MANAGED) != 0) {
5854 * Abort this mapping if its PV entry could not be created.
5856 if (!pmap_pv_insert_pde(pmap, va, newpde, flags, lockp)) {
5858 if (pmap_unwire_ptp(pmap, va, pdpg, &free)) {
5860 * Although "va" is not mapped, paging-
5861 * structure caches could nonetheless have
5862 * entries that refer to the freed page table
5863 * pages. Invalidate those entries.
5865 pmap_invalidate_page(pmap, va);
5866 vm_page_free_pages_toq(&free, true);
5868 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
5869 " in pmap %p", va, pmap);
5870 return (KERN_RESOURCE_SHORTAGE);
5872 if ((newpde & PG_RW) != 0) {
5873 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
5874 vm_page_aflag_set(mt, PGA_WRITEABLE);
5879 * Increment counters.
5881 if ((newpde & PG_W) != 0)
5882 pmap->pm_stats.wired_count += NBPDR / PAGE_SIZE;
5883 pmap_resident_count_inc(pmap, NBPDR / PAGE_SIZE);
5886 * Map the superpage. (This is not a promoted mapping; there will not
5887 * be any lingering 4KB page mappings in the TLB.)
5889 pde_store(pde, newpde);
5891 atomic_add_long(&pmap_pde_mappings, 1);
5892 CTR2(KTR_PMAP, "pmap_enter_pde: success for va %#lx"
5893 " in pmap %p", va, pmap);
5894 return (KERN_SUCCESS);
5898 * Maps a sequence of resident pages belonging to the same object.
5899 * The sequence begins with the given page m_start. This page is
5900 * mapped at the given virtual address start. Each subsequent page is
5901 * mapped at a virtual address that is offset from start by the same
5902 * amount as the page is offset from m_start within the object. The
5903 * last page in the sequence is the page with the largest offset from
5904 * m_start that can be mapped at a virtual address less than the given
5905 * virtual address end. Not every virtual page between start and end
5906 * is mapped; only those for which a resident page exists with the
5907 * corresponding offset from m_start are mapped.
5910 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
5911 vm_page_t m_start, vm_prot_t prot)
5913 struct rwlock *lock;
5916 vm_pindex_t diff, psize;
5918 VM_OBJECT_ASSERT_LOCKED(m_start->object);
5920 psize = atop(end - start);
5925 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
5926 va = start + ptoa(diff);
5927 if ((va & PDRMASK) == 0 && va + NBPDR <= end &&
5928 m->psind == 1 && pmap_ps_enabled(pmap) &&
5929 pmap_enter_2mpage(pmap, va, m, prot, &lock))
5930 m = &m[NBPDR / PAGE_SIZE - 1];
5932 mpte = pmap_enter_quick_locked(pmap, va, m, prot,
5934 m = TAILQ_NEXT(m, listq);
5942 * this code makes some *MAJOR* assumptions:
5943 * 1. Current pmap & pmap exists.
5946 * 4. No page table pages.
5947 * but is *MUCH* faster than pmap_enter...
5951 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
5953 struct rwlock *lock;
5957 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
5964 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
5965 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
5967 struct spglist free;
5968 pt_entry_t newpte, *pte, PG_V;
5970 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
5971 (m->oflags & VPO_UNMANAGED) != 0,
5972 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
5973 PG_V = pmap_valid_bit(pmap);
5974 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5977 * In the case that a page table page is not
5978 * resident, we are creating it here.
5980 if (va < VM_MAXUSER_ADDRESS) {
5981 vm_pindex_t ptepindex;
5985 * Calculate pagetable page index
5987 ptepindex = pmap_pde_pindex(va);
5988 if (mpte && (mpte->pindex == ptepindex)) {
5992 * Get the page directory entry
5994 ptepa = pmap_pde(pmap, va);
5997 * If the page table page is mapped, we just increment
5998 * the hold count, and activate it. Otherwise, we
5999 * attempt to allocate a page table page. If this
6000 * attempt fails, we don't retry. Instead, we give up.
6002 if (ptepa && (*ptepa & PG_V) != 0) {
6005 mpte = PHYS_TO_VM_PAGE(*ptepa & PG_FRAME);
6009 * Pass NULL instead of the PV list lock
6010 * pointer, because we don't intend to sleep.
6012 mpte = _pmap_allocpte(pmap, ptepindex, NULL);
6017 pte = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
6018 pte = &pte[pmap_pte_index(va)];
6032 * Enter on the PV list if part of our managed memory.
6034 if ((m->oflags & VPO_UNMANAGED) == 0 &&
6035 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
6038 if (pmap_unwire_ptp(pmap, va, mpte, &free)) {
6040 * Although "va" is not mapped, paging-
6041 * structure caches could nonetheless have
6042 * entries that refer to the freed page table
6043 * pages. Invalidate those entries.
6045 pmap_invalidate_page(pmap, va);
6046 vm_page_free_pages_toq(&free, true);
6054 * Increment counters
6056 pmap_resident_count_inc(pmap, 1);
6058 newpte = VM_PAGE_TO_PHYS(m) | PG_V |
6059 pmap_cache_bits(pmap, m->md.pat_mode, 0);
6060 if ((m->oflags & VPO_UNMANAGED) == 0)
6061 newpte |= PG_MANAGED;
6062 if ((prot & VM_PROT_EXECUTE) == 0)
6064 if (va < VM_MAXUSER_ADDRESS)
6065 newpte |= PG_U | pmap_pkru_get(pmap, va);
6066 pte_store(pte, newpte);
6071 * Make a temporary mapping for a physical address. This is only intended
6072 * to be used for panic dumps.
6075 pmap_kenter_temporary(vm_paddr_t pa, int i)
6079 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
6080 pmap_kenter(va, pa);
6082 return ((void *)crashdumpmap);
6086 * This code maps large physical mmap regions into the
6087 * processor address space. Note that some shortcuts
6088 * are taken, but the code works.
6091 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
6092 vm_pindex_t pindex, vm_size_t size)
6095 pt_entry_t PG_A, PG_M, PG_RW, PG_V;
6096 vm_paddr_t pa, ptepa;
6100 PG_A = pmap_accessed_bit(pmap);
6101 PG_M = pmap_modified_bit(pmap);
6102 PG_V = pmap_valid_bit(pmap);
6103 PG_RW = pmap_rw_bit(pmap);
6105 VM_OBJECT_ASSERT_WLOCKED(object);
6106 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
6107 ("pmap_object_init_pt: non-device object"));
6108 if ((addr & (NBPDR - 1)) == 0 && (size & (NBPDR - 1)) == 0) {
6109 if (!pmap_ps_enabled(pmap))
6111 if (!vm_object_populate(object, pindex, pindex + atop(size)))
6113 p = vm_page_lookup(object, pindex);
6114 KASSERT(p->valid == VM_PAGE_BITS_ALL,
6115 ("pmap_object_init_pt: invalid page %p", p));
6116 pat_mode = p->md.pat_mode;
6119 * Abort the mapping if the first page is not physically
6120 * aligned to a 2MB page boundary.
6122 ptepa = VM_PAGE_TO_PHYS(p);
6123 if (ptepa & (NBPDR - 1))
6127 * Skip the first page. Abort the mapping if the rest of
6128 * the pages are not physically contiguous or have differing
6129 * memory attributes.
6131 p = TAILQ_NEXT(p, listq);
6132 for (pa = ptepa + PAGE_SIZE; pa < ptepa + size;
6134 KASSERT(p->valid == VM_PAGE_BITS_ALL,
6135 ("pmap_object_init_pt: invalid page %p", p));
6136 if (pa != VM_PAGE_TO_PHYS(p) ||
6137 pat_mode != p->md.pat_mode)
6139 p = TAILQ_NEXT(p, listq);
6143 * Map using 2MB pages. Since "ptepa" is 2M aligned and
6144 * "size" is a multiple of 2M, adding the PAT setting to "pa"
6145 * will not affect the termination of this loop.
6148 for (pa = ptepa | pmap_cache_bits(pmap, pat_mode, 1);
6149 pa < ptepa + size; pa += NBPDR) {
6150 pdpg = pmap_allocpde(pmap, addr, NULL);
6153 * The creation of mappings below is only an
6154 * optimization. If a page directory page
6155 * cannot be allocated without blocking,
6156 * continue on to the next mapping rather than
6162 pde = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
6163 pde = &pde[pmap_pde_index(addr)];
6164 if ((*pde & PG_V) == 0) {
6165 pde_store(pde, pa | PG_PS | PG_M | PG_A |
6166 PG_U | PG_RW | PG_V);
6167 pmap_resident_count_inc(pmap, NBPDR / PAGE_SIZE);
6168 atomic_add_long(&pmap_pde_mappings, 1);
6170 /* Continue on if the PDE is already valid. */
6172 KASSERT(pdpg->wire_count > 0,
6173 ("pmap_object_init_pt: missing reference "
6174 "to page directory page, va: 0x%lx", addr));
6183 * Clear the wired attribute from the mappings for the specified range of
6184 * addresses in the given pmap. Every valid mapping within that range
6185 * must have the wired attribute set. In contrast, invalid mappings
6186 * cannot have the wired attribute set, so they are ignored.
6188 * The wired attribute of the page table entry is not a hardware
6189 * feature, so there is no need to invalidate any TLB entries.
6190 * Since pmap_demote_pde() for the wired entry must never fail,
6191 * pmap_delayed_invl_start()/finish() calls around the
6192 * function are not needed.
6195 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
6197 vm_offset_t va_next;
6198 pml4_entry_t *pml4e;
6201 pt_entry_t *pte, PG_V;
6203 PG_V = pmap_valid_bit(pmap);
6205 for (; sva < eva; sva = va_next) {
6206 pml4e = pmap_pml4e(pmap, sva);
6207 if ((*pml4e & PG_V) == 0) {
6208 va_next = (sva + NBPML4) & ~PML4MASK;
6213 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
6214 if ((*pdpe & PG_V) == 0) {
6215 va_next = (sva + NBPDP) & ~PDPMASK;
6220 va_next = (sva + NBPDR) & ~PDRMASK;
6223 pde = pmap_pdpe_to_pde(pdpe, sva);
6224 if ((*pde & PG_V) == 0)
6226 if ((*pde & PG_PS) != 0) {
6227 if ((*pde & PG_W) == 0)
6228 panic("pmap_unwire: pde %#jx is missing PG_W",
6232 * Are we unwiring the entire large page? If not,
6233 * demote the mapping and fall through.
6235 if (sva + NBPDR == va_next && eva >= va_next) {
6236 atomic_clear_long(pde, PG_W);
6237 pmap->pm_stats.wired_count -= NBPDR /
6240 } else if (!pmap_demote_pde(pmap, pde, sva))
6241 panic("pmap_unwire: demotion failed");
6245 for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
6247 if ((*pte & PG_V) == 0)
6249 if ((*pte & PG_W) == 0)
6250 panic("pmap_unwire: pte %#jx is missing PG_W",
6254 * PG_W must be cleared atomically. Although the pmap
6255 * lock synchronizes access to PG_W, another processor
6256 * could be setting PG_M and/or PG_A concurrently.
6258 atomic_clear_long(pte, PG_W);
6259 pmap->pm_stats.wired_count--;
6266 * Copy the range specified by src_addr/len
6267 * from the source map to the range dst_addr/len
6268 * in the destination map.
6270 * This routine is only advisory and need not do anything.
6274 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
6275 vm_offset_t src_addr)
6277 struct rwlock *lock;
6278 struct spglist free;
6280 vm_offset_t end_addr = src_addr + len;
6281 vm_offset_t va_next;
6282 vm_page_t dst_pdpg, dstmpte, srcmpte;
6283 pt_entry_t PG_A, PG_M, PG_V;
6285 if (dst_addr != src_addr)
6288 if (dst_pmap->pm_type != src_pmap->pm_type)
6292 * EPT page table entries that require emulation of A/D bits are
6293 * sensitive to clearing the PG_A bit (aka EPT_PG_READ). Although
6294 * we clear PG_M (aka EPT_PG_WRITE) concomitantly, the PG_U bit
6295 * (aka EPT_PG_EXECUTE) could still be set. Since some EPT
6296 * implementations flag an EPT misconfiguration for exec-only
6297 * mappings we skip this function entirely for emulated pmaps.
6299 if (pmap_emulate_ad_bits(dst_pmap))
6303 if (dst_pmap < src_pmap) {
6304 PMAP_LOCK(dst_pmap);
6305 PMAP_LOCK(src_pmap);
6307 PMAP_LOCK(src_pmap);
6308 PMAP_LOCK(dst_pmap);
6311 PG_A = pmap_accessed_bit(dst_pmap);
6312 PG_M = pmap_modified_bit(dst_pmap);
6313 PG_V = pmap_valid_bit(dst_pmap);
6315 for (addr = src_addr; addr < end_addr; addr = va_next) {
6316 pt_entry_t *src_pte, *dst_pte;
6317 pml4_entry_t *pml4e;
6319 pd_entry_t srcptepaddr, *pde;
6321 KASSERT(addr < UPT_MIN_ADDRESS,
6322 ("pmap_copy: invalid to pmap_copy page tables"));
6324 pml4e = pmap_pml4e(src_pmap, addr);
6325 if ((*pml4e & PG_V) == 0) {
6326 va_next = (addr + NBPML4) & ~PML4MASK;
6332 pdpe = pmap_pml4e_to_pdpe(pml4e, addr);
6333 if ((*pdpe & PG_V) == 0) {
6334 va_next = (addr + NBPDP) & ~PDPMASK;
6340 va_next = (addr + NBPDR) & ~PDRMASK;
6344 pde = pmap_pdpe_to_pde(pdpe, addr);
6346 if (srcptepaddr == 0)
6349 if (srcptepaddr & PG_PS) {
6350 if ((addr & PDRMASK) != 0 || addr + NBPDR > end_addr)
6352 dst_pdpg = pmap_allocpde(dst_pmap, addr, NULL);
6353 if (dst_pdpg == NULL)
6355 pde = (pd_entry_t *)
6356 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dst_pdpg));
6357 pde = &pde[pmap_pde_index(addr)];
6358 if (*pde == 0 && ((srcptepaddr & PG_MANAGED) == 0 ||
6359 pmap_pv_insert_pde(dst_pmap, addr, srcptepaddr,
6360 PMAP_ENTER_NORECLAIM, &lock))) {
6361 *pde = srcptepaddr & ~PG_W;
6362 pmap_resident_count_inc(dst_pmap, NBPDR / PAGE_SIZE);
6363 atomic_add_long(&pmap_pde_mappings, 1);
6365 dst_pdpg->wire_count--;
6369 srcptepaddr &= PG_FRAME;
6370 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr);
6371 KASSERT(srcmpte->wire_count > 0,
6372 ("pmap_copy: source page table page is unused"));
6374 if (va_next > end_addr)
6377 src_pte = (pt_entry_t *)PHYS_TO_DMAP(srcptepaddr);
6378 src_pte = &src_pte[pmap_pte_index(addr)];
6380 while (addr < va_next) {
6384 * we only virtual copy managed pages
6386 if ((ptetemp & PG_MANAGED) != 0) {
6387 if (dstmpte != NULL &&
6388 dstmpte->pindex == pmap_pde_pindex(addr))
6389 dstmpte->wire_count++;
6390 else if ((dstmpte = pmap_allocpte(dst_pmap,
6391 addr, NULL)) == NULL)
6393 dst_pte = (pt_entry_t *)
6394 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
6395 dst_pte = &dst_pte[pmap_pte_index(addr)];
6396 if (*dst_pte == 0 &&
6397 pmap_try_insert_pv_entry(dst_pmap, addr,
6398 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME),
6401 * Clear the wired, modified, and
6402 * accessed (referenced) bits
6405 *dst_pte = ptetemp & ~(PG_W | PG_M |
6407 pmap_resident_count_inc(dst_pmap, 1);
6410 if (pmap_unwire_ptp(dst_pmap, addr,
6413 * Although "addr" is not
6414 * mapped, paging-structure
6415 * caches could nonetheless
6416 * have entries that refer to
6417 * the freed page table pages.
6418 * Invalidate those entries.
6420 pmap_invalidate_page(dst_pmap,
6422 vm_page_free_pages_toq(&free,
6427 if (dstmpte->wire_count >= srcmpte->wire_count)
6437 PMAP_UNLOCK(src_pmap);
6438 PMAP_UNLOCK(dst_pmap);
6442 pmap_vmspace_copy(pmap_t dst_pmap, pmap_t src_pmap)
6446 if (dst_pmap->pm_type != src_pmap->pm_type ||
6447 dst_pmap->pm_type != PT_X86 ||
6448 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) == 0)
6451 if (dst_pmap < src_pmap) {
6452 PMAP_LOCK(dst_pmap);
6453 PMAP_LOCK(src_pmap);
6455 PMAP_LOCK(src_pmap);
6456 PMAP_LOCK(dst_pmap);
6458 error = pmap_pkru_copy(dst_pmap, src_pmap);
6459 /* Clean up partial copy on failure due to no memory. */
6460 if (error == ENOMEM)
6461 pmap_pkru_deassign_all(dst_pmap);
6462 PMAP_UNLOCK(src_pmap);
6463 PMAP_UNLOCK(dst_pmap);
6464 if (error != ENOMEM)
6472 * Zero the specified hardware page.
6475 pmap_zero_page(vm_page_t m)
6477 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
6479 pagezero((void *)va);
6483 * Zero an an area within a single hardware page. off and size must not
6484 * cover an area beyond a single hardware page.
6487 pmap_zero_page_area(vm_page_t m, int off, int size)
6489 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
6491 if (off == 0 && size == PAGE_SIZE)
6492 pagezero((void *)va);
6494 bzero((char *)va + off, size);
6498 * Copy 1 specified hardware page to another.
6501 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
6503 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
6504 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
6506 pagecopy((void *)src, (void *)dst);
6509 int unmapped_buf_allowed = 1;
6512 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
6513 vm_offset_t b_offset, int xfersize)
6517 vm_offset_t vaddr[2], a_pg_offset, b_pg_offset;
6521 while (xfersize > 0) {
6522 a_pg_offset = a_offset & PAGE_MASK;
6523 pages[0] = ma[a_offset >> PAGE_SHIFT];
6524 b_pg_offset = b_offset & PAGE_MASK;
6525 pages[1] = mb[b_offset >> PAGE_SHIFT];
6526 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
6527 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
6528 mapped = pmap_map_io_transient(pages, vaddr, 2, FALSE);
6529 a_cp = (char *)vaddr[0] + a_pg_offset;
6530 b_cp = (char *)vaddr[1] + b_pg_offset;
6531 bcopy(a_cp, b_cp, cnt);
6532 if (__predict_false(mapped))
6533 pmap_unmap_io_transient(pages, vaddr, 2, FALSE);
6541 * Returns true if the pmap's pv is one of the first
6542 * 16 pvs linked to from this page. This count may
6543 * be changed upwards or downwards in the future; it
6544 * is only necessary that true be returned for a small
6545 * subset of pmaps for proper page aging.
6548 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
6550 struct md_page *pvh;
6551 struct rwlock *lock;
6556 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
6557 ("pmap_page_exists_quick: page %p is not managed", m));
6559 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
6561 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
6562 if (PV_PMAP(pv) == pmap) {
6570 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
6571 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
6572 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
6573 if (PV_PMAP(pv) == pmap) {
6587 * pmap_page_wired_mappings:
6589 * Return the number of managed mappings to the given physical page
6593 pmap_page_wired_mappings(vm_page_t m)
6595 struct rwlock *lock;
6596 struct md_page *pvh;
6600 int count, md_gen, pvh_gen;
6602 if ((m->oflags & VPO_UNMANAGED) != 0)
6604 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
6608 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
6610 if (!PMAP_TRYLOCK(pmap)) {
6611 md_gen = m->md.pv_gen;
6615 if (md_gen != m->md.pv_gen) {
6620 pte = pmap_pte(pmap, pv->pv_va);
6621 if ((*pte & PG_W) != 0)
6625 if ((m->flags & PG_FICTITIOUS) == 0) {
6626 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
6627 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
6629 if (!PMAP_TRYLOCK(pmap)) {
6630 md_gen = m->md.pv_gen;
6631 pvh_gen = pvh->pv_gen;
6635 if (md_gen != m->md.pv_gen ||
6636 pvh_gen != pvh->pv_gen) {
6641 pte = pmap_pde(pmap, pv->pv_va);
6642 if ((*pte & PG_W) != 0)
6652 * Returns TRUE if the given page is mapped individually or as part of
6653 * a 2mpage. Otherwise, returns FALSE.
6656 pmap_page_is_mapped(vm_page_t m)
6658 struct rwlock *lock;
6661 if ((m->oflags & VPO_UNMANAGED) != 0)
6663 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
6665 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
6666 ((m->flags & PG_FICTITIOUS) == 0 &&
6667 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
6673 * Destroy all managed, non-wired mappings in the given user-space
6674 * pmap. This pmap cannot be active on any processor besides the
6677 * This function cannot be applied to the kernel pmap. Moreover, it
6678 * is not intended for general use. It is only to be used during
6679 * process termination. Consequently, it can be implemented in ways
6680 * that make it faster than pmap_remove(). First, it can more quickly
6681 * destroy mappings by iterating over the pmap's collection of PV
6682 * entries, rather than searching the page table. Second, it doesn't
6683 * have to test and clear the page table entries atomically, because
6684 * no processor is currently accessing the user address space. In
6685 * particular, a page table entry's dirty bit won't change state once
6686 * this function starts.
6688 * Although this function destroys all of the pmap's managed,
6689 * non-wired mappings, it can delay and batch the invalidation of TLB
6690 * entries without calling pmap_delayed_invl_start() and
6691 * pmap_delayed_invl_finish(). Because the pmap is not active on
6692 * any other processor, none of these TLB entries will ever be used
6693 * before their eventual invalidation. Consequently, there is no need
6694 * for either pmap_remove_all() or pmap_remove_write() to wait for
6695 * that eventual TLB invalidation.
6698 pmap_remove_pages(pmap_t pmap)
6701 pt_entry_t *pte, tpte;
6702 pt_entry_t PG_M, PG_RW, PG_V;
6703 struct spglist free;
6704 vm_page_t m, mpte, mt;
6706 struct md_page *pvh;
6707 struct pv_chunk *pc, *npc;
6708 struct rwlock *lock;
6710 uint64_t inuse, bitmask;
6711 int allfree, field, freed, idx;
6712 boolean_t superpage;
6716 * Assert that the given pmap is only active on the current
6717 * CPU. Unfortunately, we cannot block another CPU from
6718 * activating the pmap while this function is executing.
6720 KASSERT(pmap == PCPU_GET(curpmap), ("non-current pmap %p", pmap));
6723 cpuset_t other_cpus;
6725 other_cpus = all_cpus;
6727 CPU_CLR(PCPU_GET(cpuid), &other_cpus);
6728 CPU_AND(&other_cpus, &pmap->pm_active);
6730 KASSERT(CPU_EMPTY(&other_cpus), ("pmap active %p", pmap));
6735 PG_M = pmap_modified_bit(pmap);
6736 PG_V = pmap_valid_bit(pmap);
6737 PG_RW = pmap_rw_bit(pmap);
6741 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
6744 for (field = 0; field < _NPCM; field++) {
6745 inuse = ~pc->pc_map[field] & pc_freemask[field];
6746 while (inuse != 0) {
6748 bitmask = 1UL << bit;
6749 idx = field * 64 + bit;
6750 pv = &pc->pc_pventry[idx];
6753 pte = pmap_pdpe(pmap, pv->pv_va);
6755 pte = pmap_pdpe_to_pde(pte, pv->pv_va);
6757 if ((tpte & (PG_PS | PG_V)) == PG_V) {
6760 pte = (pt_entry_t *)PHYS_TO_DMAP(tpte &
6762 pte = &pte[pmap_pte_index(pv->pv_va)];
6766 * Keep track whether 'tpte' is a
6767 * superpage explicitly instead of
6768 * relying on PG_PS being set.
6770 * This is because PG_PS is numerically
6771 * identical to PG_PTE_PAT and thus a
6772 * regular page could be mistaken for
6778 if ((tpte & PG_V) == 0) {
6779 panic("bad pte va %lx pte %lx",
6784 * We cannot remove wired pages from a process' mapping at this time
6792 pa = tpte & PG_PS_FRAME;
6794 pa = tpte & PG_FRAME;
6796 m = PHYS_TO_VM_PAGE(pa);
6797 KASSERT(m->phys_addr == pa,
6798 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
6799 m, (uintmax_t)m->phys_addr,
6802 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
6803 m < &vm_page_array[vm_page_array_size],
6804 ("pmap_remove_pages: bad tpte %#jx",
6810 * Update the vm_page_t clean/reference bits.
6812 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
6814 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
6820 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
6823 pc->pc_map[field] |= bitmask;
6825 pmap_resident_count_dec(pmap, NBPDR / PAGE_SIZE);
6826 pvh = pa_to_pvh(tpte & PG_PS_FRAME);
6827 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
6829 if (TAILQ_EMPTY(&pvh->pv_list)) {
6830 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
6831 if ((mt->aflags & PGA_WRITEABLE) != 0 &&
6832 TAILQ_EMPTY(&mt->md.pv_list))
6833 vm_page_aflag_clear(mt, PGA_WRITEABLE);
6835 mpte = pmap_remove_pt_page(pmap, pv->pv_va);
6837 KASSERT(mpte->valid == VM_PAGE_BITS_ALL,
6838 ("pmap_remove_pages: pte page not promoted"));
6839 pmap_resident_count_dec(pmap, 1);
6840 KASSERT(mpte->wire_count == NPTEPG,
6841 ("pmap_remove_pages: pte page wire count error"));
6842 mpte->wire_count = 0;
6843 pmap_add_delayed_free_list(mpte, &free, FALSE);
6846 pmap_resident_count_dec(pmap, 1);
6847 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
6849 if ((m->aflags & PGA_WRITEABLE) != 0 &&
6850 TAILQ_EMPTY(&m->md.pv_list) &&
6851 (m->flags & PG_FICTITIOUS) == 0) {
6852 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
6853 if (TAILQ_EMPTY(&pvh->pv_list))
6854 vm_page_aflag_clear(m, PGA_WRITEABLE);
6857 pmap_unuse_pt(pmap, pv->pv_va, ptepde, &free);
6861 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
6862 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
6863 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
6865 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
6871 pmap_invalidate_all(pmap);
6872 pmap_pkru_deassign_all(pmap);
6874 vm_page_free_pages_toq(&free, true);
6878 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
6880 struct rwlock *lock;
6882 struct md_page *pvh;
6883 pt_entry_t *pte, mask;
6884 pt_entry_t PG_A, PG_M, PG_RW, PG_V;
6886 int md_gen, pvh_gen;
6890 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
6893 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
6895 if (!PMAP_TRYLOCK(pmap)) {
6896 md_gen = m->md.pv_gen;
6900 if (md_gen != m->md.pv_gen) {
6905 pte = pmap_pte(pmap, pv->pv_va);
6908 PG_M = pmap_modified_bit(pmap);
6909 PG_RW = pmap_rw_bit(pmap);
6910 mask |= PG_RW | PG_M;
6913 PG_A = pmap_accessed_bit(pmap);
6914 PG_V = pmap_valid_bit(pmap);
6915 mask |= PG_V | PG_A;
6917 rv = (*pte & mask) == mask;
6922 if ((m->flags & PG_FICTITIOUS) == 0) {
6923 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
6924 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
6926 if (!PMAP_TRYLOCK(pmap)) {
6927 md_gen = m->md.pv_gen;
6928 pvh_gen = pvh->pv_gen;
6932 if (md_gen != m->md.pv_gen ||
6933 pvh_gen != pvh->pv_gen) {
6938 pte = pmap_pde(pmap, pv->pv_va);
6941 PG_M = pmap_modified_bit(pmap);
6942 PG_RW = pmap_rw_bit(pmap);
6943 mask |= PG_RW | PG_M;
6946 PG_A = pmap_accessed_bit(pmap);
6947 PG_V = pmap_valid_bit(pmap);
6948 mask |= PG_V | PG_A;
6950 rv = (*pte & mask) == mask;
6964 * Return whether or not the specified physical page was modified
6965 * in any physical maps.
6968 pmap_is_modified(vm_page_t m)
6971 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
6972 ("pmap_is_modified: page %p is not managed", m));
6975 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
6976 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
6977 * is clear, no PTEs can have PG_M set.
6979 VM_OBJECT_ASSERT_WLOCKED(m->object);
6980 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
6982 return (pmap_page_test_mappings(m, FALSE, TRUE));
6986 * pmap_is_prefaultable:
6988 * Return whether or not the specified virtual address is eligible
6992 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
6995 pt_entry_t *pte, PG_V;
6998 PG_V = pmap_valid_bit(pmap);
7001 pde = pmap_pde(pmap, addr);
7002 if (pde != NULL && (*pde & (PG_PS | PG_V)) == PG_V) {
7003 pte = pmap_pde_to_pte(pde, addr);
7004 rv = (*pte & PG_V) == 0;
7011 * pmap_is_referenced:
7013 * Return whether or not the specified physical page was referenced
7014 * in any physical maps.
7017 pmap_is_referenced(vm_page_t m)
7020 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
7021 ("pmap_is_referenced: page %p is not managed", m));
7022 return (pmap_page_test_mappings(m, TRUE, FALSE));
7026 * Clear the write and modified bits in each of the given page's mappings.
7029 pmap_remove_write(vm_page_t m)
7031 struct md_page *pvh;
7033 struct rwlock *lock;
7034 pv_entry_t next_pv, pv;
7036 pt_entry_t oldpte, *pte, PG_M, PG_RW;
7038 int pvh_gen, md_gen;
7040 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
7041 ("pmap_remove_write: page %p is not managed", m));
7044 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
7045 * set by another thread while the object is locked. Thus,
7046 * if PGA_WRITEABLE is clear, no page table entries need updating.
7048 VM_OBJECT_ASSERT_WLOCKED(m->object);
7049 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
7051 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
7052 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
7053 pa_to_pvh(VM_PAGE_TO_PHYS(m));
7056 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
7058 if (!PMAP_TRYLOCK(pmap)) {
7059 pvh_gen = pvh->pv_gen;
7063 if (pvh_gen != pvh->pv_gen) {
7069 PG_RW = pmap_rw_bit(pmap);
7071 pde = pmap_pde(pmap, va);
7072 if ((*pde & PG_RW) != 0)
7073 (void)pmap_demote_pde_locked(pmap, pde, va, &lock);
7074 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
7075 ("inconsistent pv lock %p %p for page %p",
7076 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
7079 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
7081 if (!PMAP_TRYLOCK(pmap)) {
7082 pvh_gen = pvh->pv_gen;
7083 md_gen = m->md.pv_gen;
7087 if (pvh_gen != pvh->pv_gen ||
7088 md_gen != m->md.pv_gen) {
7094 PG_M = pmap_modified_bit(pmap);
7095 PG_RW = pmap_rw_bit(pmap);
7096 pde = pmap_pde(pmap, pv->pv_va);
7097 KASSERT((*pde & PG_PS) == 0,
7098 ("pmap_remove_write: found a 2mpage in page %p's pv list",
7100 pte = pmap_pde_to_pte(pde, pv->pv_va);
7103 if (oldpte & PG_RW) {
7104 if (!atomic_cmpset_long(pte, oldpte, oldpte &
7107 if ((oldpte & PG_M) != 0)
7109 pmap_invalidate_page(pmap, pv->pv_va);
7114 vm_page_aflag_clear(m, PGA_WRITEABLE);
7115 pmap_delayed_invl_wait(m);
7118 static __inline boolean_t
7119 safe_to_clear_referenced(pmap_t pmap, pt_entry_t pte)
7122 if (!pmap_emulate_ad_bits(pmap))
7125 KASSERT(pmap->pm_type == PT_EPT, ("invalid pm_type %d", pmap->pm_type));
7128 * XWR = 010 or 110 will cause an unconditional EPT misconfiguration
7129 * so we don't let the referenced (aka EPT_PG_READ) bit to be cleared
7130 * if the EPT_PG_WRITE bit is set.
7132 if ((pte & EPT_PG_WRITE) != 0)
7136 * XWR = 100 is allowed only if the PMAP_SUPPORTS_EXEC_ONLY is set.
7138 if ((pte & EPT_PG_EXECUTE) == 0 ||
7139 ((pmap->pm_flags & PMAP_SUPPORTS_EXEC_ONLY) != 0))
7146 * pmap_ts_referenced:
7148 * Return a count of reference bits for a page, clearing those bits.
7149 * It is not necessary for every reference bit to be cleared, but it
7150 * is necessary that 0 only be returned when there are truly no
7151 * reference bits set.
7153 * As an optimization, update the page's dirty field if a modified bit is
7154 * found while counting reference bits. This opportunistic update can be
7155 * performed at low cost and can eliminate the need for some future calls
7156 * to pmap_is_modified(). However, since this function stops after
7157 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
7158 * dirty pages. Those dirty pages will only be detected by a future call
7159 * to pmap_is_modified().
7161 * A DI block is not needed within this function, because
7162 * invalidations are performed before the PV list lock is
7166 pmap_ts_referenced(vm_page_t m)
7168 struct md_page *pvh;
7171 struct rwlock *lock;
7172 pd_entry_t oldpde, *pde;
7173 pt_entry_t *pte, PG_A, PG_M, PG_RW;
7176 int cleared, md_gen, not_cleared, pvh_gen;
7177 struct spglist free;
7180 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
7181 ("pmap_ts_referenced: page %p is not managed", m));
7184 pa = VM_PAGE_TO_PHYS(m);
7185 lock = PHYS_TO_PV_LIST_LOCK(pa);
7186 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
7190 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
7191 goto small_mappings;
7197 if (!PMAP_TRYLOCK(pmap)) {
7198 pvh_gen = pvh->pv_gen;
7202 if (pvh_gen != pvh->pv_gen) {
7207 PG_A = pmap_accessed_bit(pmap);
7208 PG_M = pmap_modified_bit(pmap);
7209 PG_RW = pmap_rw_bit(pmap);
7211 pde = pmap_pde(pmap, pv->pv_va);
7213 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
7215 * Although "oldpde" is mapping a 2MB page, because
7216 * this function is called at a 4KB page granularity,
7217 * we only update the 4KB page under test.
7221 if ((oldpde & PG_A) != 0) {
7223 * Since this reference bit is shared by 512 4KB
7224 * pages, it should not be cleared every time it is
7225 * tested. Apply a simple "hash" function on the
7226 * physical page number, the virtual superpage number,
7227 * and the pmap address to select one 4KB page out of
7228 * the 512 on which testing the reference bit will
7229 * result in clearing that reference bit. This
7230 * function is designed to avoid the selection of the
7231 * same 4KB page for every 2MB page mapping.
7233 * On demotion, a mapping that hasn't been referenced
7234 * is simply destroyed. To avoid the possibility of a
7235 * subsequent page fault on a demoted wired mapping,
7236 * always leave its reference bit set. Moreover,
7237 * since the superpage is wired, the current state of
7238 * its reference bit won't affect page replacement.
7240 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> PDRSHIFT) ^
7241 (uintptr_t)pmap) & (NPTEPG - 1)) == 0 &&
7242 (oldpde & PG_W) == 0) {
7243 if (safe_to_clear_referenced(pmap, oldpde)) {
7244 atomic_clear_long(pde, PG_A);
7245 pmap_invalidate_page(pmap, pv->pv_va);
7247 } else if (pmap_demote_pde_locked(pmap, pde,
7248 pv->pv_va, &lock)) {
7250 * Remove the mapping to a single page
7251 * so that a subsequent access may
7252 * repromote. Since the underlying
7253 * page table page is fully populated,
7254 * this removal never frees a page
7258 va += VM_PAGE_TO_PHYS(m) - (oldpde &
7260 pte = pmap_pde_to_pte(pde, va);
7261 pmap_remove_pte(pmap, pte, va, *pde,
7263 pmap_invalidate_page(pmap, va);
7269 * The superpage mapping was removed
7270 * entirely and therefore 'pv' is no
7278 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
7279 ("inconsistent pv lock %p %p for page %p",
7280 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
7285 /* Rotate the PV list if it has more than one entry. */
7286 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
7287 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
7288 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
7291 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
7293 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
7295 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
7302 if (!PMAP_TRYLOCK(pmap)) {
7303 pvh_gen = pvh->pv_gen;
7304 md_gen = m->md.pv_gen;
7308 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
7313 PG_A = pmap_accessed_bit(pmap);
7314 PG_M = pmap_modified_bit(pmap);
7315 PG_RW = pmap_rw_bit(pmap);
7316 pde = pmap_pde(pmap, pv->pv_va);
7317 KASSERT((*pde & PG_PS) == 0,
7318 ("pmap_ts_referenced: found a 2mpage in page %p's pv list",
7320 pte = pmap_pde_to_pte(pde, pv->pv_va);
7321 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
7323 if ((*pte & PG_A) != 0) {
7324 if (safe_to_clear_referenced(pmap, *pte)) {
7325 atomic_clear_long(pte, PG_A);
7326 pmap_invalidate_page(pmap, pv->pv_va);
7328 } else if ((*pte & PG_W) == 0) {
7330 * Wired pages cannot be paged out so
7331 * doing accessed bit emulation for
7332 * them is wasted effort. We do the
7333 * hard work for unwired pages only.
7335 pmap_remove_pte(pmap, pte, pv->pv_va,
7336 *pde, &free, &lock);
7337 pmap_invalidate_page(pmap, pv->pv_va);
7342 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
7343 ("inconsistent pv lock %p %p for page %p",
7344 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
7349 /* Rotate the PV list if it has more than one entry. */
7350 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
7351 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
7352 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
7355 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
7356 not_cleared < PMAP_TS_REFERENCED_MAX);
7359 vm_page_free_pages_toq(&free, true);
7360 return (cleared + not_cleared);
7364 * Apply the given advice to the specified range of addresses within the
7365 * given pmap. Depending on the advice, clear the referenced and/or
7366 * modified flags in each mapping and set the mapped page's dirty field.
7369 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
7371 struct rwlock *lock;
7372 pml4_entry_t *pml4e;
7374 pd_entry_t oldpde, *pde;
7375 pt_entry_t *pte, PG_A, PG_G, PG_M, PG_RW, PG_V;
7376 vm_offset_t va, va_next;
7378 boolean_t anychanged;
7380 if (advice != MADV_DONTNEED && advice != MADV_FREE)
7384 * A/D bit emulation requires an alternate code path when clearing
7385 * the modified and accessed bits below. Since this function is
7386 * advisory in nature we skip it entirely for pmaps that require
7387 * A/D bit emulation.
7389 if (pmap_emulate_ad_bits(pmap))
7392 PG_A = pmap_accessed_bit(pmap);
7393 PG_G = pmap_global_bit(pmap);
7394 PG_M = pmap_modified_bit(pmap);
7395 PG_V = pmap_valid_bit(pmap);
7396 PG_RW = pmap_rw_bit(pmap);
7398 pmap_delayed_invl_start();
7400 for (; sva < eva; sva = va_next) {
7401 pml4e = pmap_pml4e(pmap, sva);
7402 if ((*pml4e & PG_V) == 0) {
7403 va_next = (sva + NBPML4) & ~PML4MASK;
7408 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
7409 if ((*pdpe & PG_V) == 0) {
7410 va_next = (sva + NBPDP) & ~PDPMASK;
7415 va_next = (sva + NBPDR) & ~PDRMASK;
7418 pde = pmap_pdpe_to_pde(pdpe, sva);
7420 if ((oldpde & PG_V) == 0)
7422 else if ((oldpde & PG_PS) != 0) {
7423 if ((oldpde & PG_MANAGED) == 0)
7426 if (!pmap_demote_pde_locked(pmap, pde, sva, &lock)) {
7431 * The large page mapping was destroyed.
7437 * Unless the page mappings are wired, remove the
7438 * mapping to a single page so that a subsequent
7439 * access may repromote. Since the underlying page
7440 * table page is fully populated, this removal never
7441 * frees a page table page.
7443 if ((oldpde & PG_W) == 0) {
7444 pte = pmap_pde_to_pte(pde, sva);
7445 KASSERT((*pte & PG_V) != 0,
7446 ("pmap_advise: invalid PTE"));
7447 pmap_remove_pte(pmap, pte, sva, *pde, NULL,
7457 for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
7459 if ((*pte & (PG_MANAGED | PG_V)) != (PG_MANAGED | PG_V))
7461 else if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
7462 if (advice == MADV_DONTNEED) {
7464 * Future calls to pmap_is_modified()
7465 * can be avoided by making the page
7468 m = PHYS_TO_VM_PAGE(*pte & PG_FRAME);
7471 atomic_clear_long(pte, PG_M | PG_A);
7472 } else if ((*pte & PG_A) != 0)
7473 atomic_clear_long(pte, PG_A);
7477 if ((*pte & PG_G) != 0) {
7484 if (va != va_next) {
7485 pmap_invalidate_range(pmap, va, sva);
7490 pmap_invalidate_range(pmap, va, sva);
7493 pmap_invalidate_all(pmap);
7495 pmap_delayed_invl_finish();
7499 * Clear the modify bits on the specified physical page.
7502 pmap_clear_modify(vm_page_t m)
7504 struct md_page *pvh;
7506 pv_entry_t next_pv, pv;
7507 pd_entry_t oldpde, *pde;
7508 pt_entry_t oldpte, *pte, PG_M, PG_RW, PG_V;
7509 struct rwlock *lock;
7511 int md_gen, pvh_gen;
7513 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
7514 ("pmap_clear_modify: page %p is not managed", m));
7515 VM_OBJECT_ASSERT_WLOCKED(m->object);
7516 KASSERT(!vm_page_xbusied(m),
7517 ("pmap_clear_modify: page %p is exclusive busied", m));
7520 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
7521 * If the object containing the page is locked and the page is not
7522 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
7524 if ((m->aflags & PGA_WRITEABLE) == 0)
7526 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
7527 pa_to_pvh(VM_PAGE_TO_PHYS(m));
7528 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
7531 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
7533 if (!PMAP_TRYLOCK(pmap)) {
7534 pvh_gen = pvh->pv_gen;
7538 if (pvh_gen != pvh->pv_gen) {
7543 PG_M = pmap_modified_bit(pmap);
7544 PG_V = pmap_valid_bit(pmap);
7545 PG_RW = pmap_rw_bit(pmap);
7547 pde = pmap_pde(pmap, va);
7549 if ((oldpde & PG_RW) != 0) {
7550 if (pmap_demote_pde_locked(pmap, pde, va, &lock)) {
7551 if ((oldpde & PG_W) == 0) {
7553 * Write protect the mapping to a
7554 * single page so that a subsequent
7555 * write access may repromote.
7557 va += VM_PAGE_TO_PHYS(m) - (oldpde &
7559 pte = pmap_pde_to_pte(pde, va);
7561 if ((oldpte & PG_V) != 0) {
7562 while (!atomic_cmpset_long(pte,
7564 oldpte & ~(PG_M | PG_RW)))
7567 pmap_invalidate_page(pmap, va);
7574 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
7576 if (!PMAP_TRYLOCK(pmap)) {
7577 md_gen = m->md.pv_gen;
7578 pvh_gen = pvh->pv_gen;
7582 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
7587 PG_M = pmap_modified_bit(pmap);
7588 PG_RW = pmap_rw_bit(pmap);
7589 pde = pmap_pde(pmap, pv->pv_va);
7590 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_modify: found"
7591 " a 2mpage in page %p's pv list", m));
7592 pte = pmap_pde_to_pte(pde, pv->pv_va);
7593 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
7594 atomic_clear_long(pte, PG_M);
7595 pmap_invalidate_page(pmap, pv->pv_va);
7603 * Miscellaneous support routines follow
7606 /* Adjust the cache mode for a 4KB page mapped via a PTE. */
7607 static __inline void
7608 pmap_pte_attr(pt_entry_t *pte, int cache_bits, int mask)
7613 * The cache mode bits are all in the low 32-bits of the
7614 * PTE, so we can just spin on updating the low 32-bits.
7617 opte = *(u_int *)pte;
7618 npte = opte & ~mask;
7620 } while (npte != opte && !atomic_cmpset_int((u_int *)pte, opte, npte));
7623 /* Adjust the cache mode for a 2MB page mapped via a PDE. */
7624 static __inline void
7625 pmap_pde_attr(pd_entry_t *pde, int cache_bits, int mask)
7630 * The cache mode bits are all in the low 32-bits of the
7631 * PDE, so we can just spin on updating the low 32-bits.
7634 opde = *(u_int *)pde;
7635 npde = opde & ~mask;
7637 } while (npde != opde && !atomic_cmpset_int((u_int *)pde, opde, npde));
7641 * Map a set of physical memory pages into the kernel virtual
7642 * address space. Return a pointer to where it is mapped. This
7643 * routine is intended to be used for mapping device memory,
7647 pmap_mapdev_internal(vm_paddr_t pa, vm_size_t size, int mode, bool noflush)
7649 struct pmap_preinit_mapping *ppim;
7650 vm_offset_t va, offset;
7654 offset = pa & PAGE_MASK;
7655 size = round_page(offset + size);
7656 pa = trunc_page(pa);
7658 if (!pmap_initialized) {
7660 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
7661 ppim = pmap_preinit_mapping + i;
7662 if (ppim->va == 0) {
7666 ppim->va = virtual_avail;
7667 virtual_avail += size;
7673 panic("%s: too many preinit mappings", __func__);
7676 * If we have a preinit mapping, re-use it.
7678 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
7679 ppim = pmap_preinit_mapping + i;
7680 if (ppim->pa == pa && ppim->sz == size &&
7682 return ((void *)(ppim->va + offset));
7685 * If the specified range of physical addresses fits within
7686 * the direct map window, use the direct map.
7688 if (pa < dmaplimit && pa + size <= dmaplimit) {
7689 va = PHYS_TO_DMAP(pa);
7690 PMAP_LOCK(kernel_pmap);
7691 i = pmap_change_attr_locked(va, size, mode, noflush);
7692 PMAP_UNLOCK(kernel_pmap);
7694 return ((void *)(va + offset));
7696 va = kva_alloc(size);
7698 panic("%s: Couldn't allocate KVA", __func__);
7700 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
7701 pmap_kenter_attr(va + tmpsize, pa + tmpsize, mode);
7702 pmap_invalidate_range(kernel_pmap, va, va + tmpsize);
7704 pmap_invalidate_cache_range(va, va + tmpsize);
7705 return ((void *)(va + offset));
7709 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
7712 return (pmap_mapdev_internal(pa, size, mode, false));
7716 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
7719 return (pmap_mapdev_internal(pa, size, PAT_UNCACHEABLE, false));
7723 pmap_mapdev_pciecfg(vm_paddr_t pa, vm_size_t size)
7726 return (pmap_mapdev_internal(pa, size, PAT_UNCACHEABLE, true));
7730 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
7733 return (pmap_mapdev_internal(pa, size, PAT_WRITE_BACK, false));
7737 pmap_unmapdev(vm_offset_t va, vm_size_t size)
7739 struct pmap_preinit_mapping *ppim;
7743 /* If we gave a direct map region in pmap_mapdev, do nothing */
7744 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
7746 offset = va & PAGE_MASK;
7747 size = round_page(offset + size);
7748 va = trunc_page(va);
7749 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
7750 ppim = pmap_preinit_mapping + i;
7751 if (ppim->va == va && ppim->sz == size) {
7752 if (pmap_initialized)
7758 if (va + size == virtual_avail)
7763 if (pmap_initialized)
7768 * Tries to demote a 1GB page mapping.
7771 pmap_demote_pdpe(pmap_t pmap, pdp_entry_t *pdpe, vm_offset_t va)
7773 pdp_entry_t newpdpe, oldpdpe;
7774 pd_entry_t *firstpde, newpde, *pde;
7775 pt_entry_t PG_A, PG_M, PG_RW, PG_V;
7779 PG_A = pmap_accessed_bit(pmap);
7780 PG_M = pmap_modified_bit(pmap);
7781 PG_V = pmap_valid_bit(pmap);
7782 PG_RW = pmap_rw_bit(pmap);
7784 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
7786 KASSERT((oldpdpe & (PG_PS | PG_V)) == (PG_PS | PG_V),
7787 ("pmap_demote_pdpe: oldpdpe is missing PG_PS and/or PG_V"));
7788 if ((pdpg = vm_page_alloc(NULL, va >> PDPSHIFT, VM_ALLOC_INTERRUPT |
7789 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
7790 CTR2(KTR_PMAP, "pmap_demote_pdpe: failure for va %#lx"
7791 " in pmap %p", va, pmap);
7794 pdpgpa = VM_PAGE_TO_PHYS(pdpg);
7795 firstpde = (pd_entry_t *)PHYS_TO_DMAP(pdpgpa);
7796 newpdpe = pdpgpa | PG_M | PG_A | (oldpdpe & PG_U) | PG_RW | PG_V;
7797 KASSERT((oldpdpe & PG_A) != 0,
7798 ("pmap_demote_pdpe: oldpdpe is missing PG_A"));
7799 KASSERT((oldpdpe & (PG_M | PG_RW)) != PG_RW,
7800 ("pmap_demote_pdpe: oldpdpe is missing PG_M"));
7804 * Initialize the page directory page.
7806 for (pde = firstpde; pde < firstpde + NPDEPG; pde++) {
7812 * Demote the mapping.
7817 * Invalidate a stale recursive mapping of the page directory page.
7819 pmap_invalidate_page(pmap, (vm_offset_t)vtopde(va));
7821 pmap_pdpe_demotions++;
7822 CTR2(KTR_PMAP, "pmap_demote_pdpe: success for va %#lx"
7823 " in pmap %p", va, pmap);
7828 * Sets the memory attribute for the specified page.
7831 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
7834 m->md.pat_mode = ma;
7837 * If "m" is a normal page, update its direct mapping. This update
7838 * can be relied upon to perform any cache operations that are
7839 * required for data coherence.
7841 if ((m->flags & PG_FICTITIOUS) == 0 &&
7842 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
7844 panic("memory attribute change on the direct map failed");
7848 * Changes the specified virtual address range's memory type to that given by
7849 * the parameter "mode". The specified virtual address range must be
7850 * completely contained within either the direct map or the kernel map. If
7851 * the virtual address range is contained within the kernel map, then the
7852 * memory type for each of the corresponding ranges of the direct map is also
7853 * changed. (The corresponding ranges of the direct map are those ranges that
7854 * map the same physical pages as the specified virtual address range.) These
7855 * changes to the direct map are necessary because Intel describes the
7856 * behavior of their processors as "undefined" if two or more mappings to the
7857 * same physical page have different memory types.
7859 * Returns zero if the change completed successfully, and either EINVAL or
7860 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
7861 * of the virtual address range was not mapped, and ENOMEM is returned if
7862 * there was insufficient memory available to complete the change. In the
7863 * latter case, the memory type may have been changed on some part of the
7864 * virtual address range or the direct map.
7867 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
7871 PMAP_LOCK(kernel_pmap);
7872 error = pmap_change_attr_locked(va, size, mode, false);
7873 PMAP_UNLOCK(kernel_pmap);
7878 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode, bool noflush)
7880 vm_offset_t base, offset, tmpva;
7881 vm_paddr_t pa_start, pa_end, pa_end1;
7885 int cache_bits_pte, cache_bits_pde, error;
7888 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
7889 base = trunc_page(va);
7890 offset = va & PAGE_MASK;
7891 size = round_page(offset + size);
7894 * Only supported on kernel virtual addresses, including the direct
7895 * map but excluding the recursive map.
7897 if (base < DMAP_MIN_ADDRESS)
7900 cache_bits_pde = pmap_cache_bits(kernel_pmap, mode, 1);
7901 cache_bits_pte = pmap_cache_bits(kernel_pmap, mode, 0);
7905 * Pages that aren't mapped aren't supported. Also break down 2MB pages
7906 * into 4KB pages if required.
7908 for (tmpva = base; tmpva < base + size; ) {
7909 pdpe = pmap_pdpe(kernel_pmap, tmpva);
7910 if (pdpe == NULL || *pdpe == 0)
7912 if (*pdpe & PG_PS) {
7914 * If the current 1GB page already has the required
7915 * memory type, then we need not demote this page. Just
7916 * increment tmpva to the next 1GB page frame.
7918 if ((*pdpe & X86_PG_PDE_CACHE) == cache_bits_pde) {
7919 tmpva = trunc_1gpage(tmpva) + NBPDP;
7924 * If the current offset aligns with a 1GB page frame
7925 * and there is at least 1GB left within the range, then
7926 * we need not break down this page into 2MB pages.
7928 if ((tmpva & PDPMASK) == 0 &&
7929 tmpva + PDPMASK < base + size) {
7933 if (!pmap_demote_pdpe(kernel_pmap, pdpe, tmpva))
7936 pde = pmap_pdpe_to_pde(pdpe, tmpva);
7941 * If the current 2MB page already has the required
7942 * memory type, then we need not demote this page. Just
7943 * increment tmpva to the next 2MB page frame.
7945 if ((*pde & X86_PG_PDE_CACHE) == cache_bits_pde) {
7946 tmpva = trunc_2mpage(tmpva) + NBPDR;
7951 * If the current offset aligns with a 2MB page frame
7952 * and there is at least 2MB left within the range, then
7953 * we need not break down this page into 4KB pages.
7955 if ((tmpva & PDRMASK) == 0 &&
7956 tmpva + PDRMASK < base + size) {
7960 if (!pmap_demote_pde(kernel_pmap, pde, tmpva))
7963 pte = pmap_pde_to_pte(pde, tmpva);
7971 * Ok, all the pages exist, so run through them updating their
7972 * cache mode if required.
7974 pa_start = pa_end = 0;
7975 for (tmpva = base; tmpva < base + size; ) {
7976 pdpe = pmap_pdpe(kernel_pmap, tmpva);
7977 if (*pdpe & PG_PS) {
7978 if ((*pdpe & X86_PG_PDE_CACHE) != cache_bits_pde) {
7979 pmap_pde_attr(pdpe, cache_bits_pde,
7983 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
7984 (*pdpe & PG_PS_FRAME) < dmaplimit) {
7985 if (pa_start == pa_end) {
7986 /* Start physical address run. */
7987 pa_start = *pdpe & PG_PS_FRAME;
7988 pa_end = pa_start + NBPDP;
7989 } else if (pa_end == (*pdpe & PG_PS_FRAME))
7992 /* Run ended, update direct map. */
7993 error = pmap_change_attr_locked(
7994 PHYS_TO_DMAP(pa_start),
7995 pa_end - pa_start, mode, noflush);
7998 /* Start physical address run. */
7999 pa_start = *pdpe & PG_PS_FRAME;
8000 pa_end = pa_start + NBPDP;
8003 tmpva = trunc_1gpage(tmpva) + NBPDP;
8006 pde = pmap_pdpe_to_pde(pdpe, tmpva);
8008 if ((*pde & X86_PG_PDE_CACHE) != cache_bits_pde) {
8009 pmap_pde_attr(pde, cache_bits_pde,
8013 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
8014 (*pde & PG_PS_FRAME) < dmaplimit) {
8015 if (pa_start == pa_end) {
8016 /* Start physical address run. */
8017 pa_start = *pde & PG_PS_FRAME;
8018 pa_end = pa_start + NBPDR;
8019 } else if (pa_end == (*pde & PG_PS_FRAME))
8022 /* Run ended, update direct map. */
8023 error = pmap_change_attr_locked(
8024 PHYS_TO_DMAP(pa_start),
8025 pa_end - pa_start, mode, noflush);
8028 /* Start physical address run. */
8029 pa_start = *pde & PG_PS_FRAME;
8030 pa_end = pa_start + NBPDR;
8033 tmpva = trunc_2mpage(tmpva) + NBPDR;
8035 pte = pmap_pde_to_pte(pde, tmpva);
8036 if ((*pte & X86_PG_PTE_CACHE) != cache_bits_pte) {
8037 pmap_pte_attr(pte, cache_bits_pte,
8041 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
8042 (*pte & PG_FRAME) < dmaplimit) {
8043 if (pa_start == pa_end) {
8044 /* Start physical address run. */
8045 pa_start = *pte & PG_FRAME;
8046 pa_end = pa_start + PAGE_SIZE;
8047 } else if (pa_end == (*pte & PG_FRAME))
8048 pa_end += PAGE_SIZE;
8050 /* Run ended, update direct map. */
8051 error = pmap_change_attr_locked(
8052 PHYS_TO_DMAP(pa_start),
8053 pa_end - pa_start, mode, noflush);
8056 /* Start physical address run. */
8057 pa_start = *pte & PG_FRAME;
8058 pa_end = pa_start + PAGE_SIZE;
8064 if (error == 0 && pa_start != pa_end && pa_start < dmaplimit) {
8065 pa_end1 = MIN(pa_end, dmaplimit);
8066 if (pa_start != pa_end1)
8067 error = pmap_change_attr_locked(PHYS_TO_DMAP(pa_start),
8068 pa_end1 - pa_start, mode, noflush);
8072 * Flush CPU caches if required to make sure any data isn't cached that
8073 * shouldn't be, etc.
8076 pmap_invalidate_range(kernel_pmap, base, tmpva);
8078 pmap_invalidate_cache_range(base, tmpva);
8084 * Demotes any mapping within the direct map region that covers more than the
8085 * specified range of physical addresses. This range's size must be a power
8086 * of two and its starting address must be a multiple of its size. Since the
8087 * demotion does not change any attributes of the mapping, a TLB invalidation
8088 * is not mandatory. The caller may, however, request a TLB invalidation.
8091 pmap_demote_DMAP(vm_paddr_t base, vm_size_t len, boolean_t invalidate)
8100 KASSERT(powerof2(len), ("pmap_demote_DMAP: len is not a power of 2"));
8101 KASSERT((base & (len - 1)) == 0,
8102 ("pmap_demote_DMAP: base is not a multiple of len"));
8103 if (len < NBPDP && base < dmaplimit) {
8104 va = PHYS_TO_DMAP(base);
8106 PMAP_LOCK(kernel_pmap);
8107 pdpe = pmap_pdpe(kernel_pmap, va);
8108 if ((*pdpe & X86_PG_V) == 0)
8109 panic("pmap_demote_DMAP: invalid PDPE");
8110 if ((*pdpe & PG_PS) != 0) {
8111 if (!pmap_demote_pdpe(kernel_pmap, pdpe, va))
8112 panic("pmap_demote_DMAP: PDPE failed");
8116 pde = pmap_pdpe_to_pde(pdpe, va);
8117 if ((*pde & X86_PG_V) == 0)
8118 panic("pmap_demote_DMAP: invalid PDE");
8119 if ((*pde & PG_PS) != 0) {
8120 if (!pmap_demote_pde(kernel_pmap, pde, va))
8121 panic("pmap_demote_DMAP: PDE failed");
8125 if (changed && invalidate)
8126 pmap_invalidate_page(kernel_pmap, va);
8127 PMAP_UNLOCK(kernel_pmap);
8132 * perform the pmap work for mincore
8135 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
8138 pt_entry_t pte, PG_A, PG_M, PG_RW, PG_V;
8142 PG_A = pmap_accessed_bit(pmap);
8143 PG_M = pmap_modified_bit(pmap);
8144 PG_V = pmap_valid_bit(pmap);
8145 PG_RW = pmap_rw_bit(pmap);
8149 pdep = pmap_pde(pmap, addr);
8150 if (pdep != NULL && (*pdep & PG_V)) {
8151 if (*pdep & PG_PS) {
8153 /* Compute the physical address of the 4KB page. */
8154 pa = ((*pdep & PG_PS_FRAME) | (addr & PDRMASK)) &
8156 val = MINCORE_SUPER;
8158 pte = *pmap_pde_to_pte(pdep, addr);
8159 pa = pte & PG_FRAME;
8167 if ((pte & PG_V) != 0) {
8168 val |= MINCORE_INCORE;
8169 if ((pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
8170 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
8171 if ((pte & PG_A) != 0)
8172 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
8174 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
8175 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) &&
8176 (pte & (PG_MANAGED | PG_V)) == (PG_MANAGED | PG_V)) {
8177 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
8178 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
8181 PA_UNLOCK_COND(*locked_pa);
8187 pmap_pcid_alloc(pmap_t pmap, u_int cpuid)
8189 uint32_t gen, new_gen, pcid_next;
8191 CRITICAL_ASSERT(curthread);
8192 gen = PCPU_GET(pcid_gen);
8193 if (pmap->pm_pcids[cpuid].pm_pcid == PMAP_PCID_KERN)
8194 return (pti ? 0 : CR3_PCID_SAVE);
8195 if (pmap->pm_pcids[cpuid].pm_gen == gen)
8196 return (CR3_PCID_SAVE);
8197 pcid_next = PCPU_GET(pcid_next);
8198 KASSERT((!pti && pcid_next <= PMAP_PCID_OVERMAX) ||
8199 (pti && pcid_next <= PMAP_PCID_OVERMAX_KERN),
8200 ("cpu %d pcid_next %#x", cpuid, pcid_next));
8201 if ((!pti && pcid_next == PMAP_PCID_OVERMAX) ||
8202 (pti && pcid_next == PMAP_PCID_OVERMAX_KERN)) {
8206 PCPU_SET(pcid_gen, new_gen);
8207 pcid_next = PMAP_PCID_KERN + 1;
8211 pmap->pm_pcids[cpuid].pm_pcid = pcid_next;
8212 pmap->pm_pcids[cpuid].pm_gen = new_gen;
8213 PCPU_SET(pcid_next, pcid_next + 1);
8218 pmap_pcid_alloc_checked(pmap_t pmap, u_int cpuid)
8222 cached = pmap_pcid_alloc(pmap, cpuid);
8223 KASSERT(pmap->pm_pcids[cpuid].pm_pcid < PMAP_PCID_OVERMAX,
8224 ("pmap %p cpu %d pcid %#x", pmap, cpuid,
8225 pmap->pm_pcids[cpuid].pm_pcid));
8226 KASSERT(pmap->pm_pcids[cpuid].pm_pcid != PMAP_PCID_KERN ||
8227 pmap == kernel_pmap,
8228 ("non-kernel pmap pmap %p cpu %d pcid %#x",
8229 pmap, cpuid, pmap->pm_pcids[cpuid].pm_pcid));
8234 pmap_activate_sw_pti_post(struct thread *td, pmap_t pmap)
8237 PCPU_GET(tssp)->tss_rsp0 = pmap->pm_ucr3 != PMAP_NO_CR3 ?
8238 PCPU_GET(pti_rsp0) : (uintptr_t)td->td_pcb;
8242 pmap_activate_sw_pcid_pti(pmap_t pmap, u_int cpuid, const bool invpcid_works1)
8244 struct invpcid_descr d;
8245 uint64_t cached, cr3, kcr3, ucr3;
8247 cached = pmap_pcid_alloc_checked(pmap, cpuid);
8249 if ((cr3 & ~CR3_PCID_MASK) != pmap->pm_cr3)
8250 load_cr3(pmap->pm_cr3 | pmap->pm_pcids[cpuid].pm_pcid);
8251 PCPU_SET(curpmap, pmap);
8252 kcr3 = pmap->pm_cr3 | pmap->pm_pcids[cpuid].pm_pcid;
8253 ucr3 = pmap->pm_ucr3 | pmap->pm_pcids[cpuid].pm_pcid |
8256 if (!cached && pmap->pm_ucr3 != PMAP_NO_CR3) {
8258 * Explicitly invalidate translations cached from the
8259 * user page table. They are not automatically
8260 * flushed by reload of cr3 with the kernel page table
8263 * Note that the if() condition is resolved statically
8264 * by using the function argument instead of
8265 * runtime-evaluated invpcid_works value.
8267 if (invpcid_works1) {
8268 d.pcid = PMAP_PCID_USER_PT |
8269 pmap->pm_pcids[cpuid].pm_pcid;
8272 invpcid(&d, INVPCID_CTX);
8274 pmap_pti_pcid_invalidate(ucr3, kcr3);
8278 PCPU_SET(kcr3, kcr3 | CR3_PCID_SAVE);
8279 PCPU_SET(ucr3, ucr3 | CR3_PCID_SAVE);
8281 PCPU_INC(pm_save_cnt);
8285 pmap_activate_sw_pcid_invpcid_pti(struct thread *td, pmap_t pmap, u_int cpuid)
8288 pmap_activate_sw_pcid_pti(pmap, cpuid, true);
8289 pmap_activate_sw_pti_post(td, pmap);
8293 pmap_activate_sw_pcid_noinvpcid_pti(struct thread *td, pmap_t pmap,
8299 * If the INVPCID instruction is not available,
8300 * invltlb_pcid_handler() is used to handle an invalidate_all
8301 * IPI, which checks for curpmap == smp_tlb_pmap. The below
8302 * sequence of operations has a window where %CR3 is loaded
8303 * with the new pmap's PML4 address, but the curpmap value has
8304 * not yet been updated. This causes the invltlb IPI handler,
8305 * which is called between the updates, to execute as a NOP,
8306 * which leaves stale TLB entries.
8308 * Note that the most typical use of pmap_activate_sw(), from
8309 * the context switch, is immune to this race, because
8310 * interrupts are disabled (while the thread lock is owned),
8311 * and the IPI happens after curpmap is updated. Protect
8312 * other callers in a similar way, by disabling interrupts
8313 * around the %cr3 register reload and curpmap assignment.
8315 rflags = intr_disable();
8316 pmap_activate_sw_pcid_pti(pmap, cpuid, false);
8317 intr_restore(rflags);
8318 pmap_activate_sw_pti_post(td, pmap);
8322 pmap_activate_sw_pcid_nopti(struct thread *td __unused, pmap_t pmap,
8325 uint64_t cached, cr3;
8327 cached = pmap_pcid_alloc_checked(pmap, cpuid);
8329 if (!cached || (cr3 & ~CR3_PCID_MASK) != pmap->pm_cr3)
8330 load_cr3(pmap->pm_cr3 | pmap->pm_pcids[cpuid].pm_pcid |
8332 PCPU_SET(curpmap, pmap);
8334 PCPU_INC(pm_save_cnt);
8338 pmap_activate_sw_pcid_noinvpcid_nopti(struct thread *td __unused, pmap_t pmap,
8343 rflags = intr_disable();
8344 pmap_activate_sw_pcid_nopti(td, pmap, cpuid);
8345 intr_restore(rflags);
8349 pmap_activate_sw_nopcid_nopti(struct thread *td __unused, pmap_t pmap,
8350 u_int cpuid __unused)
8353 load_cr3(pmap->pm_cr3);
8354 PCPU_SET(curpmap, pmap);
8358 pmap_activate_sw_nopcid_pti(struct thread *td, pmap_t pmap,
8359 u_int cpuid __unused)
8362 pmap_activate_sw_nopcid_nopti(td, pmap, cpuid);
8363 PCPU_SET(kcr3, pmap->pm_cr3);
8364 PCPU_SET(ucr3, pmap->pm_ucr3);
8365 pmap_activate_sw_pti_post(td, pmap);
8368 DEFINE_IFUNC(static, void, pmap_activate_sw_mode, (struct thread *, pmap_t,
8372 if (pmap_pcid_enabled && pti && invpcid_works)
8373 return (pmap_activate_sw_pcid_invpcid_pti);
8374 else if (pmap_pcid_enabled && pti && !invpcid_works)
8375 return (pmap_activate_sw_pcid_noinvpcid_pti);
8376 else if (pmap_pcid_enabled && !pti && invpcid_works)
8377 return (pmap_activate_sw_pcid_nopti);
8378 else if (pmap_pcid_enabled && !pti && !invpcid_works)
8379 return (pmap_activate_sw_pcid_noinvpcid_nopti);
8380 else if (!pmap_pcid_enabled && pti)
8381 return (pmap_activate_sw_nopcid_pti);
8382 else /* if (!pmap_pcid_enabled && !pti) */
8383 return (pmap_activate_sw_nopcid_nopti);
8387 pmap_activate_sw(struct thread *td)
8389 pmap_t oldpmap, pmap;
8392 oldpmap = PCPU_GET(curpmap);
8393 pmap = vmspace_pmap(td->td_proc->p_vmspace);
8394 if (oldpmap == pmap)
8396 cpuid = PCPU_GET(cpuid);
8398 CPU_SET_ATOMIC(cpuid, &pmap->pm_active);
8400 CPU_SET(cpuid, &pmap->pm_active);
8402 pmap_activate_sw_mode(td, pmap, cpuid);
8404 CPU_CLR_ATOMIC(cpuid, &oldpmap->pm_active);
8406 CPU_CLR(cpuid, &oldpmap->pm_active);
8411 pmap_activate(struct thread *td)
8415 pmap_activate_sw(td);
8420 pmap_activate_boot(pmap_t pmap)
8426 * kernel_pmap must be never deactivated, and we ensure that
8427 * by never activating it at all.
8429 MPASS(pmap != kernel_pmap);
8431 cpuid = PCPU_GET(cpuid);
8433 CPU_SET_ATOMIC(cpuid, &pmap->pm_active);
8435 CPU_SET(cpuid, &pmap->pm_active);
8437 PCPU_SET(curpmap, pmap);
8439 kcr3 = pmap->pm_cr3;
8440 if (pmap_pcid_enabled)
8441 kcr3 |= pmap->pm_pcids[cpuid].pm_pcid | CR3_PCID_SAVE;
8445 PCPU_SET(kcr3, kcr3);
8446 PCPU_SET(ucr3, PMAP_NO_CR3);
8450 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
8455 * Increase the starting virtual address of the given mapping if a
8456 * different alignment might result in more superpage mappings.
8459 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
8460 vm_offset_t *addr, vm_size_t size)
8462 vm_offset_t superpage_offset;
8466 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
8467 offset += ptoa(object->pg_color);
8468 superpage_offset = offset & PDRMASK;
8469 if (size - ((NBPDR - superpage_offset) & PDRMASK) < NBPDR ||
8470 (*addr & PDRMASK) == superpage_offset)
8472 if ((*addr & PDRMASK) < superpage_offset)
8473 *addr = (*addr & ~PDRMASK) + superpage_offset;
8475 *addr = ((*addr + PDRMASK) & ~PDRMASK) + superpage_offset;
8479 static unsigned long num_dirty_emulations;
8480 SYSCTL_ULONG(_vm_pmap, OID_AUTO, num_dirty_emulations, CTLFLAG_RW,
8481 &num_dirty_emulations, 0, NULL);
8483 static unsigned long num_accessed_emulations;
8484 SYSCTL_ULONG(_vm_pmap, OID_AUTO, num_accessed_emulations, CTLFLAG_RW,
8485 &num_accessed_emulations, 0, NULL);
8487 static unsigned long num_superpage_accessed_emulations;
8488 SYSCTL_ULONG(_vm_pmap, OID_AUTO, num_superpage_accessed_emulations, CTLFLAG_RW,
8489 &num_superpage_accessed_emulations, 0, NULL);
8491 static unsigned long ad_emulation_superpage_promotions;
8492 SYSCTL_ULONG(_vm_pmap, OID_AUTO, ad_emulation_superpage_promotions, CTLFLAG_RW,
8493 &ad_emulation_superpage_promotions, 0, NULL);
8494 #endif /* INVARIANTS */
8497 pmap_emulate_accessed_dirty(pmap_t pmap, vm_offset_t va, int ftype)
8500 struct rwlock *lock;
8501 #if VM_NRESERVLEVEL > 0
8505 pt_entry_t *pte, PG_A, PG_M, PG_RW, PG_V;
8507 KASSERT(ftype == VM_PROT_READ || ftype == VM_PROT_WRITE,
8508 ("pmap_emulate_accessed_dirty: invalid fault type %d", ftype));
8510 if (!pmap_emulate_ad_bits(pmap))
8513 PG_A = pmap_accessed_bit(pmap);
8514 PG_M = pmap_modified_bit(pmap);
8515 PG_V = pmap_valid_bit(pmap);
8516 PG_RW = pmap_rw_bit(pmap);
8522 pde = pmap_pde(pmap, va);
8523 if (pde == NULL || (*pde & PG_V) == 0)
8526 if ((*pde & PG_PS) != 0) {
8527 if (ftype == VM_PROT_READ) {
8529 atomic_add_long(&num_superpage_accessed_emulations, 1);
8537 pte = pmap_pde_to_pte(pde, va);
8538 if ((*pte & PG_V) == 0)
8541 if (ftype == VM_PROT_WRITE) {
8542 if ((*pte & PG_RW) == 0)
8545 * Set the modified and accessed bits simultaneously.
8547 * Intel EPT PTEs that do software emulation of A/D bits map
8548 * PG_A and PG_M to EPT_PG_READ and EPT_PG_WRITE respectively.
8549 * An EPT misconfiguration is triggered if the PTE is writable
8550 * but not readable (WR=10). This is avoided by setting PG_A
8551 * and PG_M simultaneously.
8553 *pte |= PG_M | PG_A;
8558 #if VM_NRESERVLEVEL > 0
8559 /* try to promote the mapping */
8560 if (va < VM_MAXUSER_ADDRESS)
8561 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
8565 m = PHYS_TO_VM_PAGE(*pte & PG_FRAME);
8567 if ((mpte == NULL || mpte->wire_count == NPTEPG) &&
8568 pmap_ps_enabled(pmap) &&
8569 (m->flags & PG_FICTITIOUS) == 0 &&
8570 vm_reserv_level_iffullpop(m) == 0) {
8571 pmap_promote_pde(pmap, pde, va, &lock);
8573 atomic_add_long(&ad_emulation_superpage_promotions, 1);
8579 if (ftype == VM_PROT_WRITE)
8580 atomic_add_long(&num_dirty_emulations, 1);
8582 atomic_add_long(&num_accessed_emulations, 1);
8584 rv = 0; /* success */
8593 pmap_get_mapping(pmap_t pmap, vm_offset_t va, uint64_t *ptr, int *num)
8598 pt_entry_t *pte, PG_V;
8602 PG_V = pmap_valid_bit(pmap);
8605 pml4 = pmap_pml4e(pmap, va);
8607 if ((*pml4 & PG_V) == 0)
8610 pdp = pmap_pml4e_to_pdpe(pml4, va);
8612 if ((*pdp & PG_V) == 0 || (*pdp & PG_PS) != 0)
8615 pde = pmap_pdpe_to_pde(pdp, va);
8617 if ((*pde & PG_V) == 0 || (*pde & PG_PS) != 0)
8620 pte = pmap_pde_to_pte(pde, va);
8629 * Get the kernel virtual address of a set of physical pages. If there are
8630 * physical addresses not covered by the DMAP perform a transient mapping
8631 * that will be removed when calling pmap_unmap_io_transient.
8633 * \param page The pages the caller wishes to obtain the virtual
8634 * address on the kernel memory map.
8635 * \param vaddr On return contains the kernel virtual memory address
8636 * of the pages passed in the page parameter.
8637 * \param count Number of pages passed in.
8638 * \param can_fault TRUE if the thread using the mapped pages can take
8639 * page faults, FALSE otherwise.
8641 * \returns TRUE if the caller must call pmap_unmap_io_transient when
8642 * finished or FALSE otherwise.
8646 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
8647 boolean_t can_fault)
8650 boolean_t needs_mapping;
8652 int cache_bits, error __unused, i;
8655 * Allocate any KVA space that we need, this is done in a separate
8656 * loop to prevent calling vmem_alloc while pinned.
8658 needs_mapping = FALSE;
8659 for (i = 0; i < count; i++) {
8660 paddr = VM_PAGE_TO_PHYS(page[i]);
8661 if (__predict_false(paddr >= dmaplimit)) {
8662 error = vmem_alloc(kernel_arena, PAGE_SIZE,
8663 M_BESTFIT | M_WAITOK, &vaddr[i]);
8664 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
8665 needs_mapping = TRUE;
8667 vaddr[i] = PHYS_TO_DMAP(paddr);
8671 /* Exit early if everything is covered by the DMAP */
8676 * NB: The sequence of updating a page table followed by accesses
8677 * to the corresponding pages used in the !DMAP case is subject to
8678 * the situation described in the "AMD64 Architecture Programmer's
8679 * Manual Volume 2: System Programming" rev. 3.23, "7.3.1 Special
8680 * Coherency Considerations". Therefore, issuing the INVLPG right
8681 * after modifying the PTE bits is crucial.
8685 for (i = 0; i < count; i++) {
8686 paddr = VM_PAGE_TO_PHYS(page[i]);
8687 if (paddr >= dmaplimit) {
8690 * Slow path, since we can get page faults
8691 * while mappings are active don't pin the
8692 * thread to the CPU and instead add a global
8693 * mapping visible to all CPUs.
8695 pmap_qenter(vaddr[i], &page[i], 1);
8697 pte = vtopte(vaddr[i]);
8698 cache_bits = pmap_cache_bits(kernel_pmap,
8699 page[i]->md.pat_mode, 0);
8700 pte_store(pte, paddr | X86_PG_RW | X86_PG_V |
8707 return (needs_mapping);
8711 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
8712 boolean_t can_fault)
8719 for (i = 0; i < count; i++) {
8720 paddr = VM_PAGE_TO_PHYS(page[i]);
8721 if (paddr >= dmaplimit) {
8723 pmap_qremove(vaddr[i], 1);
8724 vmem_free(kernel_arena, vaddr[i], PAGE_SIZE);
8730 pmap_quick_enter_page(vm_page_t m)
8734 paddr = VM_PAGE_TO_PHYS(m);
8735 if (paddr < dmaplimit)
8736 return (PHYS_TO_DMAP(paddr));
8737 mtx_lock_spin(&qframe_mtx);
8738 KASSERT(*vtopte(qframe) == 0, ("qframe busy"));
8739 pte_store(vtopte(qframe), paddr | X86_PG_RW | X86_PG_V | X86_PG_A |
8740 X86_PG_M | pmap_cache_bits(kernel_pmap, m->md.pat_mode, 0));
8745 pmap_quick_remove_page(vm_offset_t addr)
8750 pte_store(vtopte(qframe), 0);
8752 mtx_unlock_spin(&qframe_mtx);
8756 * Pdp pages from the large map are managed differently from either
8757 * kernel or user page table pages. They are permanently allocated at
8758 * initialization time, and their wire count is permanently set to
8759 * zero. The pml4 entries pointing to those pages are copied into
8760 * each allocated pmap.
8762 * In contrast, pd and pt pages are managed like user page table
8763 * pages. They are dynamically allocated, and their wire count
8764 * represents the number of valid entries within the page.
8767 pmap_large_map_getptp_unlocked(void)
8771 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
8773 if (m != NULL && (m->flags & PG_ZERO) == 0)
8779 pmap_large_map_getptp(void)
8783 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
8784 m = pmap_large_map_getptp_unlocked();
8786 PMAP_UNLOCK(kernel_pmap);
8788 PMAP_LOCK(kernel_pmap);
8789 /* Callers retry. */
8794 static pdp_entry_t *
8795 pmap_large_map_pdpe(vm_offset_t va)
8797 vm_pindex_t pml4_idx;
8800 pml4_idx = pmap_pml4e_index(va);
8801 KASSERT(LMSPML4I <= pml4_idx && pml4_idx < LMSPML4I + lm_ents,
8802 ("pmap_large_map_pdpe: va %#jx out of range idx %#jx LMSPML4I "
8804 (uintmax_t)va, (uintmax_t)pml4_idx, LMSPML4I, lm_ents));
8805 KASSERT((kernel_pmap->pm_pml4[pml4_idx] & X86_PG_V) != 0,
8806 ("pmap_large_map_pdpe: invalid pml4 for va %#jx idx %#jx "
8807 "LMSPML4I %#jx lm_ents %d",
8808 (uintmax_t)va, (uintmax_t)pml4_idx, LMSPML4I, lm_ents));
8809 mphys = kernel_pmap->pm_pml4[pml4_idx] & PG_FRAME;
8810 return ((pdp_entry_t *)PHYS_TO_DMAP(mphys) + pmap_pdpe_index(va));
8814 pmap_large_map_pde(vm_offset_t va)
8821 pdpe = pmap_large_map_pdpe(va);
8823 m = pmap_large_map_getptp();
8826 mphys = VM_PAGE_TO_PHYS(m);
8827 *pdpe = mphys | X86_PG_A | X86_PG_RW | X86_PG_V | pg_nx;
8829 MPASS((*pdpe & X86_PG_PS) == 0);
8830 mphys = *pdpe & PG_FRAME;
8832 return ((pd_entry_t *)PHYS_TO_DMAP(mphys) + pmap_pde_index(va));
8836 pmap_large_map_pte(vm_offset_t va)
8843 pde = pmap_large_map_pde(va);
8845 m = pmap_large_map_getptp();
8848 mphys = VM_PAGE_TO_PHYS(m);
8849 *pde = mphys | X86_PG_A | X86_PG_RW | X86_PG_V | pg_nx;
8850 PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pde))->wire_count++;
8852 MPASS((*pde & X86_PG_PS) == 0);
8853 mphys = *pde & PG_FRAME;
8855 return ((pt_entry_t *)PHYS_TO_DMAP(mphys) + pmap_pte_index(va));
8859 pmap_large_map_kextract(vm_offset_t va)
8861 pdp_entry_t *pdpe, pdp;
8862 pd_entry_t *pde, pd;
8863 pt_entry_t *pte, pt;
8865 KASSERT(LARGEMAP_MIN_ADDRESS <= va && va < PMAP_LARGEMAP_MAX_ADDRESS(),
8866 ("not largemap range %#lx", (u_long)va));
8867 pdpe = pmap_large_map_pdpe(va);
8869 KASSERT((pdp & X86_PG_V) != 0,
8870 ("invalid pdp va %#lx pdpe %#lx pdp %#lx", va,
8871 (u_long)pdpe, pdp));
8872 if ((pdp & X86_PG_PS) != 0) {
8873 KASSERT((amd_feature & AMDID_PAGE1GB) != 0,
8874 ("no 1G pages, va %#lx pdpe %#lx pdp %#lx", va,
8875 (u_long)pdpe, pdp));
8876 return ((pdp & PG_PS_PDP_FRAME) | (va & PDPMASK));
8878 pde = pmap_pdpe_to_pde(pdpe, va);
8880 KASSERT((pd & X86_PG_V) != 0,
8881 ("invalid pd va %#lx pde %#lx pd %#lx", va, (u_long)pde, pd));
8882 if ((pd & X86_PG_PS) != 0)
8883 return ((pd & PG_PS_FRAME) | (va & PDRMASK));
8884 pte = pmap_pde_to_pte(pde, va);
8886 KASSERT((pt & X86_PG_V) != 0,
8887 ("invalid pte va %#lx pte %#lx pt %#lx", va, (u_long)pte, pt));
8888 return ((pt & PG_FRAME) | (va & PAGE_MASK));
8892 pmap_large_map_getva(vm_size_t len, vm_offset_t align, vm_offset_t phase,
8893 vmem_addr_t *vmem_res)
8897 * Large mappings are all but static. Consequently, there
8898 * is no point in waiting for an earlier allocation to be
8901 return (vmem_xalloc(large_vmem, len, align, phase, 0, VMEM_ADDR_MIN,
8902 VMEM_ADDR_MAX, M_NOWAIT | M_BESTFIT, vmem_res));
8906 pmap_large_map(vm_paddr_t spa, vm_size_t len, void **addr,
8912 vm_offset_t va, inc;
8913 vmem_addr_t vmem_res;
8917 if (len == 0 || spa + len < spa)
8920 /* See if DMAP can serve. */
8921 if (spa + len <= dmaplimit) {
8922 va = PHYS_TO_DMAP(spa);
8924 return (pmap_change_attr(va, len, mattr));
8928 * No, allocate KVA. Fit the address with best possible
8929 * alignment for superpages. Fall back to worse align if
8933 if ((amd_feature & AMDID_PAGE1GB) != 0 && rounddown2(spa + len,
8934 NBPDP) >= roundup2(spa, NBPDP) + NBPDP)
8935 error = pmap_large_map_getva(len, NBPDP, spa & PDPMASK,
8937 if (error != 0 && rounddown2(spa + len, NBPDR) >= roundup2(spa,
8939 error = pmap_large_map_getva(len, NBPDR, spa & PDRMASK,
8942 error = pmap_large_map_getva(len, PAGE_SIZE, 0, &vmem_res);
8947 * Fill pagetable. PG_M is not pre-set, we scan modified bits
8948 * in the pagetable to minimize flushing. No need to
8949 * invalidate TLB, since we only update invalid entries.
8951 PMAP_LOCK(kernel_pmap);
8952 for (pa = spa, va = vmem_res; len > 0; pa += inc, va += inc,
8954 if ((amd_feature & AMDID_PAGE1GB) != 0 && len >= NBPDP &&
8955 (pa & PDPMASK) == 0 && (va & PDPMASK) == 0) {
8956 pdpe = pmap_large_map_pdpe(va);
8958 *pdpe = pa | pg_g | X86_PG_PS | X86_PG_RW |
8959 X86_PG_V | X86_PG_A | pg_nx |
8960 pmap_cache_bits(kernel_pmap, mattr, TRUE);
8962 } else if (len >= NBPDR && (pa & PDRMASK) == 0 &&
8963 (va & PDRMASK) == 0) {
8964 pde = pmap_large_map_pde(va);
8966 *pde = pa | pg_g | X86_PG_PS | X86_PG_RW |
8967 X86_PG_V | X86_PG_A | pg_nx |
8968 pmap_cache_bits(kernel_pmap, mattr, TRUE);
8969 PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pde))->
8973 pte = pmap_large_map_pte(va);
8975 *pte = pa | pg_g | X86_PG_RW | X86_PG_V |
8976 X86_PG_A | pg_nx | pmap_cache_bits(kernel_pmap,
8978 PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pte))->
8983 PMAP_UNLOCK(kernel_pmap);
8986 *addr = (void *)vmem_res;
8991 pmap_large_unmap(void *svaa, vm_size_t len)
8993 vm_offset_t sva, va;
8995 pdp_entry_t *pdpe, pdp;
8996 pd_entry_t *pde, pd;
8999 struct spglist spgf;
9001 sva = (vm_offset_t)svaa;
9002 if (len == 0 || sva + len < sva || (sva >= DMAP_MIN_ADDRESS &&
9003 sva + len <= DMAP_MIN_ADDRESS + dmaplimit))
9007 KASSERT(LARGEMAP_MIN_ADDRESS <= sva &&
9008 sva + len <= PMAP_LARGEMAP_MAX_ADDRESS(),
9009 ("not largemap range %#lx %#lx", (u_long)svaa, (u_long)svaa + len));
9010 PMAP_LOCK(kernel_pmap);
9011 for (va = sva; va < sva + len; va += inc) {
9012 pdpe = pmap_large_map_pdpe(va);
9014 KASSERT((pdp & X86_PG_V) != 0,
9015 ("invalid pdp va %#lx pdpe %#lx pdp %#lx", va,
9016 (u_long)pdpe, pdp));
9017 if ((pdp & X86_PG_PS) != 0) {
9018 KASSERT((amd_feature & AMDID_PAGE1GB) != 0,
9019 ("no 1G pages, va %#lx pdpe %#lx pdp %#lx", va,
9020 (u_long)pdpe, pdp));
9021 KASSERT((va & PDPMASK) == 0,
9022 ("PDPMASK bit set, va %#lx pdpe %#lx pdp %#lx", va,
9023 (u_long)pdpe, pdp));
9024 KASSERT(va + NBPDP <= sva + len,
9025 ("unmap covers partial 1GB page, sva %#lx va %#lx "
9026 "pdpe %#lx pdp %#lx len %#lx", sva, va,
9027 (u_long)pdpe, pdp, len));
9032 pde = pmap_pdpe_to_pde(pdpe, va);
9034 KASSERT((pd & X86_PG_V) != 0,
9035 ("invalid pd va %#lx pde %#lx pd %#lx", va,
9037 if ((pd & X86_PG_PS) != 0) {
9038 KASSERT((va & PDRMASK) == 0,
9039 ("PDRMASK bit set, va %#lx pde %#lx pd %#lx", va,
9041 KASSERT(va + NBPDR <= sva + len,
9042 ("unmap covers partial 2MB page, sva %#lx va %#lx "
9043 "pde %#lx pd %#lx len %#lx", sva, va, (u_long)pde,
9047 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pde));
9049 if (m->wire_count == 0) {
9051 SLIST_INSERT_HEAD(&spgf, m, plinks.s.ss);
9055 pte = pmap_pde_to_pte(pde, va);
9056 KASSERT((*pte & X86_PG_V) != 0,
9057 ("invalid pte va %#lx pte %#lx pt %#lx", va,
9058 (u_long)pte, *pte));
9061 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pte));
9063 if (m->wire_count == 0) {
9065 SLIST_INSERT_HEAD(&spgf, m, plinks.s.ss);
9066 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pde));
9068 if (m->wire_count == 0) {
9070 SLIST_INSERT_HEAD(&spgf, m, plinks.s.ss);
9074 pmap_invalidate_range(kernel_pmap, sva, sva + len);
9075 PMAP_UNLOCK(kernel_pmap);
9076 vm_page_free_pages_toq(&spgf, false);
9077 vmem_free(large_vmem, sva, len);
9081 pmap_large_map_wb_fence_mfence(void)
9088 pmap_large_map_wb_fence_sfence(void)
9095 pmap_large_map_wb_fence_nop(void)
9099 DEFINE_IFUNC(static, void, pmap_large_map_wb_fence, (void))
9102 if (cpu_vendor_id != CPU_VENDOR_INTEL)
9103 return (pmap_large_map_wb_fence_mfence);
9104 else if ((cpu_stdext_feature & (CPUID_STDEXT_CLWB |
9105 CPUID_STDEXT_CLFLUSHOPT)) == 0)
9106 return (pmap_large_map_wb_fence_sfence);
9108 /* clflush is strongly enough ordered */
9109 return (pmap_large_map_wb_fence_nop);
9113 pmap_large_map_flush_range_clwb(vm_offset_t va, vm_size_t len)
9116 for (; len > 0; len -= cpu_clflush_line_size,
9117 va += cpu_clflush_line_size)
9122 pmap_large_map_flush_range_clflushopt(vm_offset_t va, vm_size_t len)
9125 for (; len > 0; len -= cpu_clflush_line_size,
9126 va += cpu_clflush_line_size)
9131 pmap_large_map_flush_range_clflush(vm_offset_t va, vm_size_t len)
9134 for (; len > 0; len -= cpu_clflush_line_size,
9135 va += cpu_clflush_line_size)
9140 pmap_large_map_flush_range_nop(vm_offset_t sva __unused, vm_size_t len __unused)
9144 DEFINE_IFUNC(static, void, pmap_large_map_flush_range, (vm_offset_t, vm_size_t))
9147 if ((cpu_stdext_feature & CPUID_STDEXT_CLWB) != 0)
9148 return (pmap_large_map_flush_range_clwb);
9149 else if ((cpu_stdext_feature & CPUID_STDEXT_CLFLUSHOPT) != 0)
9150 return (pmap_large_map_flush_range_clflushopt);
9151 else if ((cpu_feature & CPUID_CLFSH) != 0)
9152 return (pmap_large_map_flush_range_clflush);
9154 return (pmap_large_map_flush_range_nop);
9158 pmap_large_map_wb_large(vm_offset_t sva, vm_offset_t eva)
9160 volatile u_long *pe;
9166 for (va = sva; va < eva; va += inc) {
9168 if ((amd_feature & AMDID_PAGE1GB) != 0) {
9169 pe = (volatile u_long *)pmap_large_map_pdpe(va);
9171 if ((p & X86_PG_PS) != 0)
9175 pe = (volatile u_long *)pmap_large_map_pde(va);
9177 if ((p & X86_PG_PS) != 0)
9181 pe = (volatile u_long *)pmap_large_map_pte(va);
9187 if ((p & X86_PG_AVAIL1) != 0) {
9189 * Spin-wait for the end of a parallel
9196 * If we saw other write-back
9197 * occuring, we cannot rely on PG_M to
9198 * indicate state of the cache. The
9199 * PG_M bit is cleared before the
9200 * flush to avoid ignoring new writes,
9201 * and writes which are relevant for
9202 * us might happen after.
9208 if ((p & X86_PG_M) != 0 || seen_other) {
9209 if (!atomic_fcmpset_long(pe, &p,
9210 (p & ~X86_PG_M) | X86_PG_AVAIL1))
9212 * If we saw PG_M without
9213 * PG_AVAIL1, and then on the
9214 * next attempt we do not
9215 * observe either PG_M or
9216 * PG_AVAIL1, the other
9217 * write-back started after us
9218 * and finished before us. We
9219 * can rely on it doing our
9223 pmap_large_map_flush_range(va, inc);
9224 atomic_clear_long(pe, X86_PG_AVAIL1);
9233 * Write-back cache lines for the given address range.
9235 * Must be called only on the range or sub-range returned from
9236 * pmap_large_map(). Must not be called on the coalesced ranges.
9238 * Does nothing on CPUs without CLWB, CLFLUSHOPT, or CLFLUSH
9239 * instructions support.
9242 pmap_large_map_wb(void *svap, vm_size_t len)
9244 vm_offset_t eva, sva;
9246 sva = (vm_offset_t)svap;
9248 pmap_large_map_wb_fence();
9249 if (sva >= DMAP_MIN_ADDRESS && eva <= DMAP_MIN_ADDRESS + dmaplimit) {
9250 pmap_large_map_flush_range(sva, len);
9252 KASSERT(sva >= LARGEMAP_MIN_ADDRESS &&
9253 eva <= LARGEMAP_MIN_ADDRESS + lm_ents * NBPML4,
9254 ("pmap_large_map_wb: not largemap %#lx %#lx", sva, len));
9255 pmap_large_map_wb_large(sva, eva);
9257 pmap_large_map_wb_fence();
9261 pmap_pti_alloc_page(void)
9265 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9266 m = vm_page_grab(pti_obj, pti_pg_idx++, VM_ALLOC_NOBUSY |
9267 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
9272 pmap_pti_free_page(vm_page_t m)
9275 KASSERT(m->wire_count > 0, ("page %p not wired", m));
9276 if (!vm_page_unwire_noq(m))
9278 vm_page_free_zero(m);
9292 pti_obj = vm_pager_allocate(OBJT_PHYS, NULL, 0, VM_PROT_ALL, 0, NULL);
9293 VM_OBJECT_WLOCK(pti_obj);
9294 pml4_pg = pmap_pti_alloc_page();
9295 pti_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pml4_pg));
9296 for (va = VM_MIN_KERNEL_ADDRESS; va <= VM_MAX_KERNEL_ADDRESS &&
9297 va >= VM_MIN_KERNEL_ADDRESS && va > NBPML4; va += NBPML4) {
9298 pdpe = pmap_pti_pdpe(va);
9299 pmap_pti_wire_pte(pdpe);
9301 pmap_pti_add_kva_locked((vm_offset_t)&__pcpu[0],
9302 (vm_offset_t)&__pcpu[0] + sizeof(__pcpu[0]) * MAXCPU, false);
9303 pmap_pti_add_kva_locked((vm_offset_t)gdt, (vm_offset_t)gdt +
9304 sizeof(struct user_segment_descriptor) * NGDT * MAXCPU, false);
9305 pmap_pti_add_kva_locked((vm_offset_t)idt, (vm_offset_t)idt +
9306 sizeof(struct gate_descriptor) * NIDT, false);
9307 pmap_pti_add_kva_locked((vm_offset_t)common_tss,
9308 (vm_offset_t)common_tss + sizeof(struct amd64tss) * MAXCPU, false);
9310 /* Doublefault stack IST 1 */
9311 va = common_tss[i].tss_ist1;
9312 pmap_pti_add_kva_locked(va - PAGE_SIZE, va, false);
9313 /* NMI stack IST 2 */
9314 va = common_tss[i].tss_ist2 + sizeof(struct nmi_pcpu);
9315 pmap_pti_add_kva_locked(va - PAGE_SIZE, va, false);
9316 /* MC# stack IST 3 */
9317 va = common_tss[i].tss_ist3 + sizeof(struct nmi_pcpu);
9318 pmap_pti_add_kva_locked(va - PAGE_SIZE, va, false);
9319 /* DB# stack IST 4 */
9320 va = common_tss[i].tss_ist4 + sizeof(struct nmi_pcpu);
9321 pmap_pti_add_kva_locked(va - PAGE_SIZE, va, false);
9323 pmap_pti_add_kva_locked((vm_offset_t)kernphys + KERNBASE,
9324 (vm_offset_t)etext, true);
9325 pti_finalized = true;
9326 VM_OBJECT_WUNLOCK(pti_obj);
9328 SYSINIT(pmap_pti, SI_SUB_CPU + 1, SI_ORDER_ANY, pmap_pti_init, NULL);
9330 static pdp_entry_t *
9331 pmap_pti_pdpe(vm_offset_t va)
9333 pml4_entry_t *pml4e;
9336 vm_pindex_t pml4_idx;
9339 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9341 pml4_idx = pmap_pml4e_index(va);
9342 pml4e = &pti_pml4[pml4_idx];
9346 panic("pml4 alloc after finalization\n");
9347 m = pmap_pti_alloc_page();
9349 pmap_pti_free_page(m);
9350 mphys = *pml4e & ~PAGE_MASK;
9352 mphys = VM_PAGE_TO_PHYS(m);
9353 *pml4e = mphys | X86_PG_RW | X86_PG_V;
9356 mphys = *pml4e & ~PAGE_MASK;
9358 pdpe = (pdp_entry_t *)PHYS_TO_DMAP(mphys) + pmap_pdpe_index(va);
9363 pmap_pti_wire_pte(void *pte)
9367 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9368 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pte));
9373 pmap_pti_unwire_pde(void *pde, bool only_ref)
9377 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9378 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pde));
9379 MPASS(m->wire_count > 0);
9380 MPASS(only_ref || m->wire_count > 1);
9381 pmap_pti_free_page(m);
9385 pmap_pti_unwire_pte(void *pte, vm_offset_t va)
9390 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9391 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((uintptr_t)pte));
9392 MPASS(m->wire_count > 0);
9393 if (pmap_pti_free_page(m)) {
9394 pde = pmap_pti_pde(va);
9395 MPASS((*pde & (X86_PG_PS | X86_PG_V)) == X86_PG_V);
9397 pmap_pti_unwire_pde(pde, false);
9402 pmap_pti_pde(vm_offset_t va)
9410 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9412 pdpe = pmap_pti_pdpe(va);
9414 m = pmap_pti_alloc_page();
9416 pmap_pti_free_page(m);
9417 MPASS((*pdpe & X86_PG_PS) == 0);
9418 mphys = *pdpe & ~PAGE_MASK;
9420 mphys = VM_PAGE_TO_PHYS(m);
9421 *pdpe = mphys | X86_PG_RW | X86_PG_V;
9424 MPASS((*pdpe & X86_PG_PS) == 0);
9425 mphys = *pdpe & ~PAGE_MASK;
9428 pde = (pd_entry_t *)PHYS_TO_DMAP(mphys);
9429 pd_idx = pmap_pde_index(va);
9435 pmap_pti_pte(vm_offset_t va, bool *unwire_pde)
9442 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9444 pde = pmap_pti_pde(va);
9445 if (unwire_pde != NULL) {
9447 pmap_pti_wire_pte(pde);
9450 m = pmap_pti_alloc_page();
9452 pmap_pti_free_page(m);
9453 MPASS((*pde & X86_PG_PS) == 0);
9454 mphys = *pde & ~(PAGE_MASK | pg_nx);
9456 mphys = VM_PAGE_TO_PHYS(m);
9457 *pde = mphys | X86_PG_RW | X86_PG_V;
9458 if (unwire_pde != NULL)
9459 *unwire_pde = false;
9462 MPASS((*pde & X86_PG_PS) == 0);
9463 mphys = *pde & ~(PAGE_MASK | pg_nx);
9466 pte = (pt_entry_t *)PHYS_TO_DMAP(mphys);
9467 pte += pmap_pte_index(va);
9473 pmap_pti_add_kva_locked(vm_offset_t sva, vm_offset_t eva, bool exec)
9477 pt_entry_t *pte, ptev;
9480 VM_OBJECT_ASSERT_WLOCKED(pti_obj);
9482 sva = trunc_page(sva);
9483 MPASS(sva > VM_MAXUSER_ADDRESS);
9484 eva = round_page(eva);
9486 for (; sva < eva; sva += PAGE_SIZE) {
9487 pte = pmap_pti_pte(sva, &unwire_pde);
9488 pa = pmap_kextract(sva);
9489 ptev = pa | X86_PG_RW | X86_PG_V | X86_PG_A | X86_PG_G |
9490 (exec ? 0 : pg_nx) | pmap_cache_bits(kernel_pmap,
9491 VM_MEMATTR_DEFAULT, FALSE);
9493 pte_store(pte, ptev);
9494 pmap_pti_wire_pte(pte);
9496 KASSERT(!pti_finalized,
9497 ("pti overlap after fin %#lx %#lx %#lx",
9499 KASSERT(*pte == ptev,
9500 ("pti non-identical pte after fin %#lx %#lx %#lx",
9504 pde = pmap_pti_pde(sva);
9505 pmap_pti_unwire_pde(pde, true);
9511 pmap_pti_add_kva(vm_offset_t sva, vm_offset_t eva, bool exec)
9516 VM_OBJECT_WLOCK(pti_obj);
9517 pmap_pti_add_kva_locked(sva, eva, exec);
9518 VM_OBJECT_WUNLOCK(pti_obj);
9522 pmap_pti_remove_kva(vm_offset_t sva, vm_offset_t eva)
9529 sva = rounddown2(sva, PAGE_SIZE);
9530 MPASS(sva > VM_MAXUSER_ADDRESS);
9531 eva = roundup2(eva, PAGE_SIZE);
9533 VM_OBJECT_WLOCK(pti_obj);
9534 for (va = sva; va < eva; va += PAGE_SIZE) {
9535 pte = pmap_pti_pte(va, NULL);
9536 KASSERT((*pte & X86_PG_V) != 0,
9537 ("invalid pte va %#lx pte %#lx pt %#lx", va,
9538 (u_long)pte, *pte));
9540 pmap_pti_unwire_pte(pte, va);
9542 pmap_invalidate_range(kernel_pmap, sva, eva);
9543 VM_OBJECT_WUNLOCK(pti_obj);
9547 pkru_dup_range(void *ctx __unused, void *data)
9549 struct pmap_pkru_range *node, *new_node;
9551 new_node = uma_zalloc(pmap_pkru_ranges_zone, M_NOWAIT);
9552 if (new_node == NULL)
9555 memcpy(new_node, node, sizeof(*node));
9560 pkru_free_range(void *ctx __unused, void *node)
9563 uma_zfree(pmap_pkru_ranges_zone, node);
9567 pmap_pkru_assign(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, u_int keyidx,
9570 struct pmap_pkru_range *ppr;
9573 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9574 MPASS(pmap->pm_type == PT_X86);
9575 MPASS((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0);
9576 if ((flags & AMD64_PKRU_EXCL) != 0 &&
9577 !rangeset_check_empty(&pmap->pm_pkru, sva, eva))
9579 ppr = uma_zalloc(pmap_pkru_ranges_zone, M_NOWAIT);
9582 ppr->pkru_keyidx = keyidx;
9583 ppr->pkru_flags = flags & AMD64_PKRU_PERSIST;
9584 error = rangeset_insert(&pmap->pm_pkru, sva, eva, ppr);
9586 uma_zfree(pmap_pkru_ranges_zone, ppr);
9591 pmap_pkru_deassign(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
9594 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9595 MPASS(pmap->pm_type == PT_X86);
9596 MPASS((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0);
9597 return (rangeset_remove(&pmap->pm_pkru, sva, eva));
9601 pmap_pkru_deassign_all(pmap_t pmap)
9604 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9605 if (pmap->pm_type == PT_X86 &&
9606 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0)
9607 rangeset_remove_all(&pmap->pm_pkru);
9611 pmap_pkru_same(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
9613 struct pmap_pkru_range *ppr, *prev_ppr;
9616 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9617 if (pmap->pm_type != PT_X86 ||
9618 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) == 0 ||
9619 sva >= VM_MAXUSER_ADDRESS)
9621 MPASS(eva <= VM_MAXUSER_ADDRESS);
9622 for (va = sva, prev_ppr = NULL; va < eva;) {
9623 ppr = rangeset_lookup(&pmap->pm_pkru, va);
9624 if ((ppr == NULL) ^ (prev_ppr == NULL))
9630 if (prev_ppr->pkru_keyidx != ppr->pkru_keyidx)
9632 va = ppr->pkru_rs_el.re_end;
9638 pmap_pkru_get(pmap_t pmap, vm_offset_t va)
9640 struct pmap_pkru_range *ppr;
9642 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9643 if (pmap->pm_type != PT_X86 ||
9644 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) == 0 ||
9645 va >= VM_MAXUSER_ADDRESS)
9647 ppr = rangeset_lookup(&pmap->pm_pkru, va);
9649 return (X86_PG_PKU(ppr->pkru_keyidx));
9654 pred_pkru_on_remove(void *ctx __unused, void *r)
9656 struct pmap_pkru_range *ppr;
9659 return ((ppr->pkru_flags & AMD64_PKRU_PERSIST) == 0);
9663 pmap_pkru_on_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
9666 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9667 if (pmap->pm_type == PT_X86 &&
9668 (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0) {
9669 rangeset_remove_pred(&pmap->pm_pkru, sva, eva,
9670 pred_pkru_on_remove);
9675 pmap_pkru_copy(pmap_t dst_pmap, pmap_t src_pmap)
9678 PMAP_LOCK_ASSERT(dst_pmap, MA_OWNED);
9679 PMAP_LOCK_ASSERT(src_pmap, MA_OWNED);
9680 MPASS(dst_pmap->pm_type == PT_X86);
9681 MPASS(src_pmap->pm_type == PT_X86);
9682 MPASS((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0);
9683 if (src_pmap->pm_pkru.rs_data_ctx == NULL)
9685 return (rangeset_copy(&dst_pmap->pm_pkru, &src_pmap->pm_pkru));
9689 pmap_pkru_update_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
9692 pml4_entry_t *pml4e;
9694 pd_entry_t newpde, ptpaddr, *pde;
9695 pt_entry_t newpte, *ptep, pte;
9696 vm_offset_t va, va_next;
9699 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
9700 MPASS(pmap->pm_type == PT_X86);
9701 MPASS(keyidx <= PMAP_MAX_PKRU_IDX);
9703 for (changed = false, va = sva; va < eva; va = va_next) {
9704 pml4e = pmap_pml4e(pmap, va);
9705 if ((*pml4e & X86_PG_V) == 0) {
9706 va_next = (va + NBPML4) & ~PML4MASK;
9712 pdpe = pmap_pml4e_to_pdpe(pml4e, va);
9713 if ((*pdpe & X86_PG_V) == 0) {
9714 va_next = (va + NBPDP) & ~PDPMASK;
9720 va_next = (va + NBPDR) & ~PDRMASK;
9724 pde = pmap_pdpe_to_pde(pdpe, va);
9729 MPASS((ptpaddr & X86_PG_V) != 0);
9730 if ((ptpaddr & PG_PS) != 0) {
9731 if (va + NBPDR == va_next && eva >= va_next) {
9732 newpde = (ptpaddr & ~X86_PG_PKU_MASK) |
9734 if (newpde != ptpaddr) {
9739 } else if (!pmap_demote_pde(pmap, pde, va)) {
9747 for (ptep = pmap_pde_to_pte(pde, va); va != va_next;
9748 ptep++, va += PAGE_SIZE) {
9750 if ((pte & X86_PG_V) == 0)
9752 newpte = (pte & ~X86_PG_PKU_MASK) | X86_PG_PKU(keyidx);
9753 if (newpte != pte) {
9760 pmap_invalidate_range(pmap, sva, eva);
9764 pmap_pkru_check_uargs(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
9765 u_int keyidx, int flags)
9768 if (pmap->pm_type != PT_X86 || keyidx > PMAP_MAX_PKRU_IDX ||
9769 (flags & ~(AMD64_PKRU_PERSIST | AMD64_PKRU_EXCL)) != 0)
9771 if (eva <= sva || eva > VM_MAXUSER_ADDRESS)
9773 if ((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) == 0)
9779 pmap_pkru_set(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, u_int keyidx,
9784 sva = trunc_page(sva);
9785 eva = round_page(eva);
9786 error = pmap_pkru_check_uargs(pmap, sva, eva, keyidx, flags);
9791 error = pmap_pkru_assign(pmap, sva, eva, keyidx, flags);
9793 pmap_pkru_update_range(pmap, sva, eva, keyidx);
9795 if (error != ENOMEM)
9803 pmap_pkru_clear(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
9807 sva = trunc_page(sva);
9808 eva = round_page(eva);
9809 error = pmap_pkru_check_uargs(pmap, sva, eva, 0, 0);
9814 error = pmap_pkru_deassign(pmap, sva, eva);
9816 pmap_pkru_update_range(pmap, sva, eva, 0);
9818 if (error != ENOMEM)
9826 DB_SHOW_COMMAND(pte, pmap_print_pte)
9832 pt_entry_t *pte, PG_V;
9836 db_printf("show pte addr\n");
9839 va = (vm_offset_t)addr;
9841 if (kdb_thread != NULL)
9842 pmap = vmspace_pmap(kdb_thread->td_proc->p_vmspace);
9844 pmap = PCPU_GET(curpmap);
9846 PG_V = pmap_valid_bit(pmap);
9847 pml4 = pmap_pml4e(pmap, va);
9848 db_printf("VA %#016lx pml4e %#016lx", va, *pml4);
9849 if ((*pml4 & PG_V) == 0) {
9853 pdp = pmap_pml4e_to_pdpe(pml4, va);
9854 db_printf(" pdpe %#016lx", *pdp);
9855 if ((*pdp & PG_V) == 0 || (*pdp & PG_PS) != 0) {
9859 pde = pmap_pdpe_to_pde(pdp, va);
9860 db_printf(" pde %#016lx", *pde);
9861 if ((*pde & PG_V) == 0 || (*pde & PG_PS) != 0) {
9865 pte = pmap_pde_to_pte(pde, va);
9866 db_printf(" pte %#016lx\n", *pte);
9869 DB_SHOW_COMMAND(phys2dmap, pmap_phys2dmap)
9874 a = (vm_paddr_t)addr;
9875 db_printf("0x%jx\n", (uintmax_t)PHYS_TO_DMAP(a));
9877 db_printf("show phys2dmap addr\n");
projects / FreeBSD / FreeBSD.git / blob