2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
13 * This code is derived from software contributed to Berkeley by
14 * the Systems Programming Group of the University of Utah Computer
15 * Science Department and William Jolitz of UUNET Technologies Inc.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 * 3. All advertising materials mentioning features or use of this software
26 * must display the following acknowledgement:
27 * This product includes software developed by the University of
28 * California, Berkeley and its contributors.
29 * 4. Neither the name of the University nor the names of its contributors
30 * may be used to endorse or promote products derived from this software
31 * without specific prior written permission.
33 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
48 * Copyright (c) 2003 Networks Associates Technology, Inc.
49 * All rights reserved.
51 * This software was developed for the FreeBSD Project by Jake Burkholder,
52 * Safeport Network Services, and Network Associates Laboratories, the
53 * Security Research Division of Network Associates, Inc. under
54 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
55 * CHATS research program.
57 * Redistribution and use in source and binary forms, with or without
58 * modification, are permitted provided that the following conditions
60 * 1. Redistributions of source code must retain the above copyright
61 * notice, this list of conditions and the following disclaimer.
62 * 2. Redistributions in binary form must reproduce the above copyright
63 * notice, this list of conditions and the following disclaimer in the
64 * documentation and/or other materials provided with the distribution.
66 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
67 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
68 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
69 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
70 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
71 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
72 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
73 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
74 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
75 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
79 #include <sys/cdefs.h>
80 __FBSDID("$FreeBSD$");
83 * Manages physical address maps.
85 * In addition to hardware address maps, this
86 * module is called upon to provide software-use-only
87 * maps which may or may not be stored in the same
88 * form as hardware maps. These pseudo-maps are
89 * used to store intermediate results from copy
90 * operations to and from address spaces.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
108 #include "opt_msgbuf.h"
109 #include "opt_pmap.h"
111 #include <sys/param.h>
112 #include <sys/systm.h>
113 #include <sys/kernel.h>
114 #include <sys/lock.h>
115 #include <sys/malloc.h>
116 #include <sys/mman.h>
117 #include <sys/msgbuf.h>
118 #include <sys/mutex.h>
119 #include <sys/proc.h>
121 #include <sys/vmmeter.h>
122 #include <sys/sched.h>
123 #include <sys/sysctl.h>
129 #include <vm/vm_param.h>
130 #include <vm/vm_kern.h>
131 #include <vm/vm_page.h>
132 #include <vm/vm_map.h>
133 #include <vm/vm_object.h>
134 #include <vm/vm_extern.h>
135 #include <vm/vm_pageout.h>
136 #include <vm/vm_pager.h>
139 #include <machine/cpu.h>
140 #include <machine/cputypes.h>
141 #include <machine/md_var.h>
142 #include <machine/pcb.h>
143 #include <machine/specialreg.h>
145 #include <machine/smp.h>
148 #ifndef PMAP_SHPGPERPROC
149 #define PMAP_SHPGPERPROC 200
152 #if defined(DIAGNOSTIC)
153 #define PMAP_DIAGNOSTIC
156 #if !defined(PMAP_DIAGNOSTIC)
157 #define PMAP_INLINE __inline
164 #define PV_STAT(x) do { x ; } while (0)
166 #define PV_STAT(x) do { } while (0)
169 struct pmap kernel_pmap_store;
171 vm_paddr_t avail_start; /* PA of first available physical page */
172 vm_paddr_t avail_end; /* PA of last available physical page */
173 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
174 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
178 static vm_paddr_t dmaplimit;
179 vm_offset_t kernel_vm_end;
182 static u_int64_t KPTphys; /* phys addr of kernel level 1 */
183 static u_int64_t KPDphys; /* phys addr of kernel level 2 */
184 u_int64_t KPDPphys; /* phys addr of kernel level 3 */
185 u_int64_t KPML4phys; /* phys addr of kernel level 4 */
187 static u_int64_t DMPDphys; /* phys addr of direct mapped level 2 */
188 static u_int64_t DMPDPphys; /* phys addr of direct mapped level 3 */
191 * Data for the pv entry allocation mechanism
193 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
194 static int shpgperproc = PMAP_SHPGPERPROC;
197 * All those kernel PT submaps that BSD is so fond of
199 pt_entry_t *CMAP1 = 0;
201 struct msgbuf *msgbufp = 0;
206 static caddr_t crashdumpmap;
208 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
209 static pv_entry_t get_pv_entry(pmap_t locked_pmap, int try);
210 static void pmap_clear_ptes(vm_page_t m, long bit);
212 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
213 vm_page_t m, vm_prot_t prot, vm_page_t mpte);
214 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq,
215 vm_offset_t sva, pd_entry_t ptepde);
216 static void pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde);
217 static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
219 static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);
220 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
223 static vm_page_t pmap_allocpde(pmap_t pmap, vm_offset_t va, int flags);
224 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);
226 static vm_page_t _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, int flags);
227 static int _pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m);
228 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t);
229 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
231 CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
232 CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));
235 * Move the kernel virtual free pointer to the next
236 * 2MB. This is used to help improve performance
237 * by using a large (2MB) page for much of the kernel
238 * (.text, .data, .bss)
241 pmap_kmem_choose(vm_offset_t addr)
243 vm_offset_t newaddr = addr;
245 newaddr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
249 /********************/
250 /* Inline functions */
251 /********************/
253 /* Return a non-clipped PD index for a given VA */
254 static __inline vm_pindex_t
255 pmap_pde_pindex(vm_offset_t va)
257 return va >> PDRSHIFT;
261 /* Return various clipped indexes for a given VA */
262 static __inline vm_pindex_t
263 pmap_pte_index(vm_offset_t va)
266 return ((va >> PAGE_SHIFT) & ((1ul << NPTEPGSHIFT) - 1));
269 static __inline vm_pindex_t
270 pmap_pde_index(vm_offset_t va)
273 return ((va >> PDRSHIFT) & ((1ul << NPDEPGSHIFT) - 1));
276 static __inline vm_pindex_t
277 pmap_pdpe_index(vm_offset_t va)
280 return ((va >> PDPSHIFT) & ((1ul << NPDPEPGSHIFT) - 1));
283 static __inline vm_pindex_t
284 pmap_pml4e_index(vm_offset_t va)
287 return ((va >> PML4SHIFT) & ((1ul << NPML4EPGSHIFT) - 1));
290 /* Return a pointer to the PML4 slot that corresponds to a VA */
291 static __inline pml4_entry_t *
292 pmap_pml4e(pmap_t pmap, vm_offset_t va)
297 return (&pmap->pm_pml4[pmap_pml4e_index(va)]);
300 /* Return a pointer to the PDP slot that corresponds to a VA */
301 static __inline pdp_entry_t *
302 pmap_pml4e_to_pdpe(pml4_entry_t *pml4e, vm_offset_t va)
306 pdpe = (pdp_entry_t *)PHYS_TO_DMAP(*pml4e & PG_FRAME);
307 return (&pdpe[pmap_pdpe_index(va)]);
310 /* Return a pointer to the PDP slot that corresponds to a VA */
311 static __inline pdp_entry_t *
312 pmap_pdpe(pmap_t pmap, vm_offset_t va)
316 pml4e = pmap_pml4e(pmap, va);
317 if (pml4e == NULL || (*pml4e & PG_V) == 0)
319 return (pmap_pml4e_to_pdpe(pml4e, va));
322 /* Return a pointer to the PD slot that corresponds to a VA */
323 static __inline pd_entry_t *
324 pmap_pdpe_to_pde(pdp_entry_t *pdpe, vm_offset_t va)
328 pde = (pd_entry_t *)PHYS_TO_DMAP(*pdpe & PG_FRAME);
329 return (&pde[pmap_pde_index(va)]);
332 /* Return a pointer to the PD slot that corresponds to a VA */
333 static __inline pd_entry_t *
334 pmap_pde(pmap_t pmap, vm_offset_t va)
338 pdpe = pmap_pdpe(pmap, va);
339 if (pdpe == NULL || (*pdpe & PG_V) == 0)
341 return (pmap_pdpe_to_pde(pdpe, va));
344 /* Return a pointer to the PT slot that corresponds to a VA */
345 static __inline pt_entry_t *
346 pmap_pde_to_pte(pd_entry_t *pde, vm_offset_t va)
350 pte = (pt_entry_t *)PHYS_TO_DMAP(*pde & PG_FRAME);
351 return (&pte[pmap_pte_index(va)]);
354 /* Return a pointer to the PT slot that corresponds to a VA */
355 static __inline pt_entry_t *
356 pmap_pte(pmap_t pmap, vm_offset_t va)
360 pde = pmap_pde(pmap, va);
361 if (pde == NULL || (*pde & PG_V) == 0)
363 if ((*pde & PG_PS) != 0) /* compat with i386 pmap_pte() */
364 return ((pt_entry_t *)pde);
365 return (pmap_pde_to_pte(pde, va));
369 static __inline pt_entry_t *
370 pmap_pte_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *ptepde)
374 pde = pmap_pde(pmap, va);
375 if (pde == NULL || (*pde & PG_V) == 0)
378 if ((*pde & PG_PS) != 0) /* compat with i386 pmap_pte() */
379 return ((pt_entry_t *)pde);
380 return (pmap_pde_to_pte(pde, va));
384 PMAP_INLINE pt_entry_t *
385 vtopte(vm_offset_t va)
387 u_int64_t mask = ((1ul << (NPTEPGSHIFT + NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
389 return (PTmap + ((va >> PAGE_SHIFT) & mask));
392 static __inline pd_entry_t *
393 vtopde(vm_offset_t va)
395 u_int64_t mask = ((1ul << (NPDEPGSHIFT + NPDPEPGSHIFT + NPML4EPGSHIFT)) - 1);
397 return (PDmap + ((va >> PDRSHIFT) & mask));
406 bzero((void *)ret, n * PAGE_SIZE);
407 avail_start += n * PAGE_SIZE;
412 create_pagetables(void)
417 KPTphys = allocpages(NKPT);
418 KPML4phys = allocpages(1);
419 KPDPphys = allocpages(NKPML4E);
420 KPDphys = allocpages(NKPDPE);
422 ndmpdp = (ptoa(Maxmem) + NBPDP - 1) >> PDPSHIFT;
423 if (ndmpdp < 4) /* Minimum 4GB of dirmap */
425 DMPDPphys = allocpages(NDMPML4E);
426 DMPDphys = allocpages(ndmpdp);
427 dmaplimit = (vm_paddr_t)ndmpdp << PDPSHIFT;
429 /* Fill in the underlying page table pages */
430 /* Read-only from zero to physfree */
431 /* XXX not fully used, underneath 2M pages */
432 for (i = 0; (i << PAGE_SHIFT) < avail_start; i++) {
433 ((pt_entry_t *)KPTphys)[i] = i << PAGE_SHIFT;
434 ((pt_entry_t *)KPTphys)[i] |= PG_RW | PG_V | PG_G;
437 /* Now map the page tables at their location within PTmap */
438 for (i = 0; i < NKPT; i++) {
439 ((pd_entry_t *)KPDphys)[i] = KPTphys + (i << PAGE_SHIFT);
440 ((pd_entry_t *)KPDphys)[i] |= PG_RW | PG_V;
443 /* Map from zero to end of allocations under 2M pages */
444 /* This replaces some of the KPTphys entries above */
445 for (i = 0; (i << PDRSHIFT) < avail_start; i++) {
446 ((pd_entry_t *)KPDphys)[i] = i << PDRSHIFT;
447 ((pd_entry_t *)KPDphys)[i] |= PG_RW | PG_V | PG_PS | PG_G;
450 /* And connect up the PD to the PDP */
451 for (i = 0; i < NKPDPE; i++) {
452 ((pdp_entry_t *)KPDPphys)[i + KPDPI] = KPDphys + (i << PAGE_SHIFT);
453 ((pdp_entry_t *)KPDPphys)[i + KPDPI] |= PG_RW | PG_V | PG_U;
457 /* Now set up the direct map space using 2MB pages */
458 for (i = 0; i < NPDEPG * ndmpdp; i++) {
459 ((pd_entry_t *)DMPDphys)[i] = (vm_paddr_t)i << PDRSHIFT;
460 ((pd_entry_t *)DMPDphys)[i] |= PG_RW | PG_V | PG_PS | PG_G;
463 /* And the direct map space's PDP */
464 for (i = 0; i < ndmpdp; i++) {
465 ((pdp_entry_t *)DMPDPphys)[i] = DMPDphys + (i << PAGE_SHIFT);
466 ((pdp_entry_t *)DMPDPphys)[i] |= PG_RW | PG_V | PG_U;
469 /* And recursively map PML4 to itself in order to get PTmap */
470 ((pdp_entry_t *)KPML4phys)[PML4PML4I] = KPML4phys;
471 ((pdp_entry_t *)KPML4phys)[PML4PML4I] |= PG_RW | PG_V | PG_U;
473 /* Connect the Direct Map slot up to the PML4 */
474 ((pdp_entry_t *)KPML4phys)[DMPML4I] = DMPDPphys;
475 ((pdp_entry_t *)KPML4phys)[DMPML4I] |= PG_RW | PG_V | PG_U;
477 /* Connect the KVA slot up to the PML4 */
478 ((pdp_entry_t *)KPML4phys)[KPML4I] = KPDPphys;
479 ((pdp_entry_t *)KPML4phys)[KPML4I] |= PG_RW | PG_V | PG_U;
483 * Bootstrap the system enough to run with virtual memory.
485 * On amd64 this is called after mapping has already been enabled
486 * and just syncs the pmap module with what has already been done.
487 * [We can't call it easily with mapping off since the kernel is not
488 * mapped with PA == VA, hence we would have to relocate every address
489 * from the linked base (virtual) address "KERNBASE" to the actual
490 * (physical) address starting relative to 0]
493 pmap_bootstrap(firstaddr)
494 vm_paddr_t *firstaddr;
497 pt_entry_t *pte, *unused;
499 avail_start = *firstaddr;
502 * Create an initial set of page tables to run the kernel in.
505 *firstaddr = avail_start;
507 virtual_avail = (vm_offset_t) KERNBASE + avail_start;
508 virtual_avail = pmap_kmem_choose(virtual_avail);
510 virtual_end = VM_MAX_KERNEL_ADDRESS;
513 /* XXX do %cr0 as well */
514 load_cr4(rcr4() | CR4_PGE | CR4_PSE);
518 * Initialize the kernel pmap (which is statically allocated).
520 PMAP_LOCK_INIT(kernel_pmap);
521 kernel_pmap->pm_pml4 = (pdp_entry_t *) (KERNBASE + KPML4phys);
522 kernel_pmap->pm_active = -1; /* don't allow deactivation */
523 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
527 * Reserve some special page table entries/VA space for temporary
530 #define SYSMAP(c, p, v, n) \
531 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
537 * CMAP1 is only used for the memory test.
539 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
544 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)
547 * msgbufp is used to map the system message buffer.
549 SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(MSGBUF_SIZE)))
557 /* Initialize the PAT MSR. */
569 /* Bail if this CPU doesn't implement PAT. */
570 if (!(cpu_feature & CPUID_PAT))
575 * Leave the indices 0-3 at the default of WB, WT, UC, and UC-.
576 * Program 4 and 5 as WP and WC.
577 * Leave 6 and 7 as UC and UC-.
579 pat_msr = rdmsr(MSR_PAT);
580 pat_msr &= ~(PAT_MASK(4) | PAT_MASK(5));
581 pat_msr |= PAT_VALUE(4, PAT_WRITE_PROTECTED) |
582 PAT_VALUE(5, PAT_WRITE_COMBINING);
585 * Due to some Intel errata, we can only safely use the lower 4
586 * PAT entries. Thus, just replace PAT Index 2 with WC instead
589 * Intel Pentium III Processor Specification Update
590 * Errata E.27 (Upper Four PAT Entries Not Usable With Mode B
593 * Intel Pentium IV Processor Specification Update
594 * Errata N46 (PAT Index MSB May Be Calculated Incorrectly)
596 pat_msr = rdmsr(MSR_PAT);
597 pat_msr &= ~PAT_MASK(2);
598 pat_msr |= PAT_VALUE(2, PAT_WRITE_COMBINING);
600 wrmsr(MSR_PAT, pat_msr);
604 * Initialize a vm_page's machine-dependent fields.
607 pmap_page_init(vm_page_t m)
610 TAILQ_INIT(&m->md.pv_list);
611 m->md.pv_list_count = 0;
615 * Initialize the pmap module.
616 * Called by vm_init, to initialize any structures that the pmap
617 * system needs to map virtual memory.
624 * Initialize the address space (zone) for the pv entries. Set a
625 * high water mark so that the system can recover from excessive
626 * numbers of pv entries.
628 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
629 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
630 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
631 pv_entry_high_water = 9 * (pv_entry_max / 10);
634 SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
636 pmap_pventry_proc(SYSCTL_HANDLER_ARGS)
640 error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
641 if (error == 0 && req->newptr) {
642 shpgperproc = (pv_entry_max - cnt.v_page_count) / maxproc;
643 pv_entry_high_water = 9 * (pv_entry_max / 10);
647 SYSCTL_PROC(_vm_pmap, OID_AUTO, pv_entry_max, CTLTYPE_INT|CTLFLAG_RW,
648 &pv_entry_max, 0, pmap_pventry_proc, "IU", "Max number of PV entries");
651 pmap_shpgperproc_proc(SYSCTL_HANDLER_ARGS)
655 error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
656 if (error == 0 && req->newptr) {
657 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
658 pv_entry_high_water = 9 * (pv_entry_max / 10);
662 SYSCTL_PROC(_vm_pmap, OID_AUTO, shpgperproc, CTLTYPE_INT|CTLFLAG_RW,
663 &shpgperproc, 0, pmap_shpgperproc_proc, "IU", "Page share factor per proc");
666 /***************************************************
667 * Low level helper routines.....
668 ***************************************************/
672 * For SMP, these functions have to use the IPI mechanism for coherence.
675 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
681 if (!(read_rflags() & PSL_I))
682 panic("%s: interrupts disabled", __func__);
683 mtx_lock_spin(&smp_ipi_mtx);
687 * We need to disable interrupt preemption but MUST NOT have
688 * interrupts disabled here.
689 * XXX we may need to hold schedlock to get a coherent pm_active
690 * XXX critical sections disable interrupts again
692 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
696 cpumask = PCPU_GET(cpumask);
697 other_cpus = PCPU_GET(other_cpus);
698 if (pmap->pm_active & cpumask)
700 if (pmap->pm_active & other_cpus)
701 smp_masked_invlpg(pmap->pm_active & other_cpus, va);
704 mtx_unlock_spin(&smp_ipi_mtx);
710 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
717 if (!(read_rflags() & PSL_I))
718 panic("%s: interrupts disabled", __func__);
719 mtx_lock_spin(&smp_ipi_mtx);
723 * We need to disable interrupt preemption but MUST NOT have
724 * interrupts disabled here.
725 * XXX we may need to hold schedlock to get a coherent pm_active
726 * XXX critical sections disable interrupts again
728 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
729 for (addr = sva; addr < eva; addr += PAGE_SIZE)
731 smp_invlpg_range(sva, eva);
733 cpumask = PCPU_GET(cpumask);
734 other_cpus = PCPU_GET(other_cpus);
735 if (pmap->pm_active & cpumask)
736 for (addr = sva; addr < eva; addr += PAGE_SIZE)
738 if (pmap->pm_active & other_cpus)
739 smp_masked_invlpg_range(pmap->pm_active & other_cpus,
743 mtx_unlock_spin(&smp_ipi_mtx);
749 pmap_invalidate_all(pmap_t pmap)
755 if (!(read_rflags() & PSL_I))
756 panic("%s: interrupts disabled", __func__);
757 mtx_lock_spin(&smp_ipi_mtx);
761 * We need to disable interrupt preemption but MUST NOT have
762 * interrupts disabled here.
763 * XXX we may need to hold schedlock to get a coherent pm_active
764 * XXX critical sections disable interrupts again
766 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
770 cpumask = PCPU_GET(cpumask);
771 other_cpus = PCPU_GET(other_cpus);
772 if (pmap->pm_active & cpumask)
774 if (pmap->pm_active & other_cpus)
775 smp_masked_invltlb(pmap->pm_active & other_cpus);
778 mtx_unlock_spin(&smp_ipi_mtx);
784 pmap_invalidate_cache(void)
788 if (!(read_rflags() & PSL_I))
789 panic("%s: interrupts disabled", __func__);
790 mtx_lock_spin(&smp_ipi_mtx);
794 * We need to disable interrupt preemption but MUST NOT have
795 * interrupts disabled here.
796 * XXX we may need to hold schedlock to get a coherent pm_active
797 * XXX critical sections disable interrupts again
802 mtx_unlock_spin(&smp_ipi_mtx);
808 * Normal, non-SMP, invalidation functions.
809 * We inline these within pmap.c for speed.
812 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
815 if (pmap == kernel_pmap || pmap->pm_active)
820 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
824 if (pmap == kernel_pmap || pmap->pm_active)
825 for (addr = sva; addr < eva; addr += PAGE_SIZE)
830 pmap_invalidate_all(pmap_t pmap)
833 if (pmap == kernel_pmap || pmap->pm_active)
838 pmap_invalidate_cache(void)
846 * Are we current address space or kernel?
849 pmap_is_current(pmap_t pmap)
851 return (pmap == kernel_pmap ||
852 (pmap->pm_pml4[PML4PML4I] & PG_FRAME) == (PML4pml4e[0] & PG_FRAME));
856 * Routine: pmap_extract
858 * Extract the physical page address associated
859 * with the given map/virtual_address pair.
862 pmap_extract(pmap_t pmap, vm_offset_t va)
866 pd_entry_t pde, *pdep;
870 pdep = pmap_pde(pmap, va);
874 if ((pde & PG_PS) != 0) {
875 KASSERT((pde & PG_FRAME & PDRMASK) == 0,
876 ("pmap_extract: bad pde"));
877 rtval = (pde & PG_FRAME) | (va & PDRMASK);
881 pte = pmap_pde_to_pte(pdep, va);
882 rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
890 * Routine: pmap_extract_and_hold
892 * Atomically extract and hold the physical page
893 * with the given pmap and virtual address pair
894 * if that mapping permits the given protection.
897 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
899 pd_entry_t pde, *pdep;
904 vm_page_lock_queues();
906 pdep = pmap_pde(pmap, va);
907 if (pdep != NULL && (pde = *pdep)) {
909 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
910 KASSERT((pde & PG_FRAME & PDRMASK) == 0,
911 ("pmap_extract_and_hold: bad pde"));
912 m = PHYS_TO_VM_PAGE((pde & PG_FRAME) |
917 pte = *pmap_pde_to_pte(pdep, va);
919 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
920 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
925 vm_page_unlock_queues();
931 pmap_kextract(vm_offset_t va)
936 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
937 pa = DMAP_TO_PHYS(va);
941 pa = (*pde & ~(NBPDR - 1)) | (va & (NBPDR - 1));
944 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
950 /***************************************************
951 * Low level mapping routines.....
952 ***************************************************/
955 * Add a wired page to the kva.
956 * Note: not SMP coherent.
959 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
964 pte_store(pte, pa | PG_RW | PG_V | PG_G);
968 * Remove a page from the kernel pagetables.
969 * Note: not SMP coherent.
972 pmap_kremove(vm_offset_t va)
981 * Used to map a range of physical addresses into kernel
982 * virtual address space.
984 * The value passed in '*virt' is a suggested virtual address for
985 * the mapping. Architectures which can support a direct-mapped
986 * physical to virtual region can return the appropriate address
987 * within that region, leaving '*virt' unchanged. Other
988 * architectures should map the pages starting at '*virt' and
989 * update '*virt' with the first usable address after the mapped
993 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
995 return PHYS_TO_DMAP(start);
1000 * Add a list of wired pages to the kva
1001 * this routine is only used for temporary
1002 * kernel mappings that do not need to have
1003 * page modification or references recorded.
1004 * Note that old mappings are simply written
1005 * over. The page *must* be wired.
1006 * Note: SMP coherent. Uses a ranged shootdown IPI.
1009 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1011 pt_entry_t *endpte, oldpte, *pte;
1015 endpte = pte + count;
1016 while (pte < endpte) {
1018 pte_store(pte, VM_PAGE_TO_PHYS(*ma) | PG_G | PG_RW | PG_V);
1022 if ((oldpte & PG_V) != 0)
1023 pmap_invalidate_range(kernel_pmap, sva, sva + count *
1028 * This routine tears out page mappings from the
1029 * kernel -- it is meant only for temporary mappings.
1030 * Note: SMP coherent. Uses a ranged shootdown IPI.
1033 pmap_qremove(vm_offset_t sva, int count)
1038 while (count-- > 0) {
1042 pmap_invalidate_range(kernel_pmap, sva, va);
1045 /***************************************************
1046 * Page table page management routines.....
1047 ***************************************************/
1050 * This routine unholds page table pages, and if the hold count
1051 * drops to zero, then it decrements the wire count.
1053 static PMAP_INLINE int
1054 pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m)
1058 if (m->wire_count == 0)
1059 return _pmap_unwire_pte_hold(pmap, va, m);
1065 _pmap_unwire_pte_hold(pmap_t pmap, vm_offset_t va, vm_page_t m)
1070 * unmap the page table page
1072 if (m->pindex >= (NUPDE + NUPDPE)) {
1075 pml4 = pmap_pml4e(pmap, va);
1076 pteva = (vm_offset_t) PDPmap + amd64_ptob(m->pindex - (NUPDE + NUPDPE));
1078 } else if (m->pindex >= NUPDE) {
1081 pdp = pmap_pdpe(pmap, va);
1082 pteva = (vm_offset_t) PDmap + amd64_ptob(m->pindex - NUPDE);
1087 pd = pmap_pde(pmap, va);
1088 pteva = (vm_offset_t) PTmap + amd64_ptob(m->pindex);
1091 --pmap->pm_stats.resident_count;
1092 if (m->pindex < NUPDE) {
1093 /* We just released a PT, unhold the matching PD */
1096 pdpg = PHYS_TO_VM_PAGE(*pmap_pdpe(pmap, va) & PG_FRAME);
1097 pmap_unwire_pte_hold(pmap, va, pdpg);
1099 if (m->pindex >= NUPDE && m->pindex < (NUPDE + NUPDPE)) {
1100 /* We just released a PD, unhold the matching PDP */
1103 pdppg = PHYS_TO_VM_PAGE(*pmap_pml4e(pmap, va) & PG_FRAME);
1104 pmap_unwire_pte_hold(pmap, va, pdppg);
1108 * Do an invltlb to make the invalidated mapping
1109 * take effect immediately.
1111 pmap_invalidate_page(pmap, pteva);
1113 vm_page_free_zero(m);
1114 atomic_subtract_int(&cnt.v_wire_count, 1);
1119 * After removing a page table entry, this routine is used to
1120 * conditionally free the page, and manage the hold/wire counts.
1123 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde)
1127 if (va >= VM_MAXUSER_ADDRESS)
1129 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1130 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
1131 return pmap_unwire_pte_hold(pmap, va, mpte);
1139 PMAP_LOCK_INIT(pmap);
1140 pmap->pm_pml4 = (pml4_entry_t *)(KERNBASE + KPML4phys);
1141 pmap->pm_active = 0;
1142 TAILQ_INIT(&pmap->pm_pvchunk);
1143 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1147 * Initialize a preallocated and zeroed pmap structure,
1148 * such as one in a vmspace structure.
1152 register struct pmap *pmap;
1155 static vm_pindex_t color;
1157 PMAP_LOCK_INIT(pmap);
1160 * allocate the page directory page
1162 while ((pml4pg = vm_page_alloc(NULL, color++, VM_ALLOC_NOOBJ |
1163 VM_ALLOC_NORMAL | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1166 pmap->pm_pml4 = (pml4_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pml4pg));
1168 if ((pml4pg->flags & PG_ZERO) == 0)
1169 pagezero(pmap->pm_pml4);
1171 /* Wire in kernel global address entries. */
1172 pmap->pm_pml4[KPML4I] = KPDPphys | PG_RW | PG_V | PG_U;
1173 pmap->pm_pml4[DMPML4I] = DMPDPphys | PG_RW | PG_V | PG_U;
1175 /* install self-referential address mapping entry(s) */
1176 pmap->pm_pml4[PML4PML4I] = VM_PAGE_TO_PHYS(pml4pg) | PG_V | PG_RW | PG_A | PG_M;
1178 pmap->pm_active = 0;
1179 TAILQ_INIT(&pmap->pm_pvchunk);
1180 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1184 * this routine is called if the page table page is not
1187 * Note: If a page allocation fails at page table level two or three,
1188 * one or two pages may be held during the wait, only to be released
1189 * afterwards. This conservative approach is easily argued to avoid
1193 _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, int flags)
1195 vm_page_t m, pdppg, pdpg;
1197 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1198 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1199 ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1202 * Allocate a page table page.
1204 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1205 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1206 if (flags & M_WAITOK) {
1208 vm_page_unlock_queues();
1210 vm_page_lock_queues();
1215 * Indicate the need to retry. While waiting, the page table
1216 * page may have been allocated.
1220 if ((m->flags & PG_ZERO) == 0)
1224 * Map the pagetable page into the process address space, if
1225 * it isn't already there.
1228 pmap->pm_stats.resident_count++;
1230 if (ptepindex >= (NUPDE + NUPDPE)) {
1232 vm_pindex_t pml4index;
1234 /* Wire up a new PDPE page */
1235 pml4index = ptepindex - (NUPDE + NUPDPE);
1236 pml4 = &pmap->pm_pml4[pml4index];
1237 *pml4 = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
1239 } else if (ptepindex >= NUPDE) {
1240 vm_pindex_t pml4index;
1241 vm_pindex_t pdpindex;
1245 /* Wire up a new PDE page */
1246 pdpindex = ptepindex - NUPDE;
1247 pml4index = pdpindex >> NPML4EPGSHIFT;
1249 pml4 = &pmap->pm_pml4[pml4index];
1250 if ((*pml4 & PG_V) == 0) {
1251 /* Have to allocate a new pdp, recurse */
1252 if (_pmap_allocpte(pmap, NUPDE + NUPDPE + pml4index,
1259 /* Add reference to pdp page */
1260 pdppg = PHYS_TO_VM_PAGE(*pml4 & PG_FRAME);
1261 pdppg->wire_count++;
1263 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
1265 /* Now find the pdp page */
1266 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
1267 *pdp = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
1270 vm_pindex_t pml4index;
1271 vm_pindex_t pdpindex;
1276 /* Wire up a new PTE page */
1277 pdpindex = ptepindex >> NPDPEPGSHIFT;
1278 pml4index = pdpindex >> NPML4EPGSHIFT;
1280 /* First, find the pdp and check that its valid. */
1281 pml4 = &pmap->pm_pml4[pml4index];
1282 if ((*pml4 & PG_V) == 0) {
1283 /* Have to allocate a new pd, recurse */
1284 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
1290 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
1291 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
1293 pdp = (pdp_entry_t *)PHYS_TO_DMAP(*pml4 & PG_FRAME);
1294 pdp = &pdp[pdpindex & ((1ul << NPDPEPGSHIFT) - 1)];
1295 if ((*pdp & PG_V) == 0) {
1296 /* Have to allocate a new pd, recurse */
1297 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
1304 /* Add reference to the pd page */
1305 pdpg = PHYS_TO_VM_PAGE(*pdp & PG_FRAME);
1309 pd = (pd_entry_t *)PHYS_TO_DMAP(*pdp & PG_FRAME);
1311 /* Now we know where the page directory page is */
1312 pd = &pd[ptepindex & ((1ul << NPDEPGSHIFT) - 1)];
1313 *pd = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
1320 pmap_allocpde(pmap_t pmap, vm_offset_t va, int flags)
1322 vm_pindex_t pdpindex, ptepindex;
1326 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1327 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1328 ("pmap_allocpde: flags is neither M_NOWAIT nor M_WAITOK"));
1330 pdpe = pmap_pdpe(pmap, va);
1331 if (pdpe != NULL && (*pdpe & PG_V) != 0) {
1332 /* Add a reference to the pd page. */
1333 pdpg = PHYS_TO_VM_PAGE(*pdpe & PG_FRAME);
1336 /* Allocate a pd page. */
1337 ptepindex = pmap_pde_pindex(va);
1338 pdpindex = ptepindex >> NPDPEPGSHIFT;
1339 pdpg = _pmap_allocpte(pmap, NUPDE + pdpindex, flags);
1340 if (pdpg == NULL && (flags & M_WAITOK))
1347 pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
1349 vm_pindex_t ptepindex;
1353 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1354 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1355 ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1358 * Calculate pagetable page index
1360 ptepindex = pmap_pde_pindex(va);
1363 * Get the page directory entry
1365 pd = pmap_pde(pmap, va);
1368 * This supports switching from a 2MB page to a
1371 if (pd != 0 && (*pd & (PG_PS | PG_V)) == (PG_PS | PG_V)) {
1374 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
1375 pmap_unuse_pt(pmap, va, *pmap_pdpe(pmap, va));
1376 pmap_invalidate_all(kernel_pmap);
1380 * If the page table page is mapped, we just increment the
1381 * hold count, and activate it.
1383 if (pd != 0 && (*pd & PG_V) != 0) {
1384 m = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
1388 * Here if the pte page isn't mapped, or if it has been
1391 m = _pmap_allocpte(pmap, ptepindex, flags);
1392 if (m == NULL && (flags & M_WAITOK))
1399 /***************************************************
1400 * Pmap allocation/deallocation routines.
1401 ***************************************************/
1404 * Release any resources held by the given physical map.
1405 * Called when a pmap initialized by pmap_pinit is being released.
1406 * Should only be called if the map contains no valid mappings.
1409 pmap_release(pmap_t pmap)
1413 KASSERT(pmap->pm_stats.resident_count == 0,
1414 ("pmap_release: pmap resident count %ld != 0",
1415 pmap->pm_stats.resident_count));
1417 m = PHYS_TO_VM_PAGE(pmap->pm_pml4[PML4PML4I] & PG_FRAME);
1419 pmap->pm_pml4[KPML4I] = 0; /* KVA */
1420 pmap->pm_pml4[DMPML4I] = 0; /* Direct Map */
1421 pmap->pm_pml4[PML4PML4I] = 0; /* Recursive Mapping */
1423 vm_page_lock_queues();
1425 atomic_subtract_int(&cnt.v_wire_count, 1);
1426 vm_page_free_zero(m);
1427 vm_page_unlock_queues();
1428 PMAP_LOCK_DESTROY(pmap);
1432 kvm_size(SYSCTL_HANDLER_ARGS)
1434 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;
1436 return sysctl_handle_long(oidp, &ksize, 0, req);
1438 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
1439 0, 0, kvm_size, "LU", "Size of KVM");
1442 kvm_free(SYSCTL_HANDLER_ARGS)
1444 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1446 return sysctl_handle_long(oidp, &kfree, 0, req);
1448 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
1449 0, 0, kvm_free, "LU", "Amount of KVM free");
1452 * grow the number of kernel page table entries, if needed
1455 pmap_growkernel(vm_offset_t addr)
1459 pd_entry_t *pde, newpdir;
1462 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1463 if (kernel_vm_end == 0) {
1464 kernel_vm_end = KERNBASE;
1466 while ((*pmap_pde(kernel_pmap, kernel_vm_end) & PG_V) != 0) {
1467 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1471 addr = roundup2(addr, PAGE_SIZE * NPTEPG);
1472 while (kernel_vm_end < addr) {
1473 pde = pmap_pde(kernel_pmap, kernel_vm_end);
1475 /* We need a new PDP entry */
1476 nkpg = vm_page_alloc(NULL, nkpt,
1477 VM_ALLOC_NOOBJ | VM_ALLOC_SYSTEM | VM_ALLOC_WIRED);
1479 panic("pmap_growkernel: no memory to grow kernel");
1480 pmap_zero_page(nkpg);
1481 paddr = VM_PAGE_TO_PHYS(nkpg);
1482 newpdp = (pdp_entry_t)
1483 (paddr | PG_V | PG_RW | PG_A | PG_M);
1484 *pmap_pdpe(kernel_pmap, kernel_vm_end) = newpdp;
1485 continue; /* try again */
1487 if ((*pde & PG_V) != 0) {
1488 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1493 * This index is bogus, but out of the way
1495 nkpg = vm_page_alloc(NULL, nkpt,
1496 VM_ALLOC_NOOBJ | VM_ALLOC_SYSTEM | VM_ALLOC_WIRED);
1498 panic("pmap_growkernel: no memory to grow kernel");
1502 pmap_zero_page(nkpg);
1503 paddr = VM_PAGE_TO_PHYS(nkpg);
1504 newpdir = (pd_entry_t) (paddr | PG_V | PG_RW | PG_A | PG_M);
1505 *pmap_pde(kernel_pmap, kernel_vm_end) = newpdir;
1507 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1512 /***************************************************
1513 * page management routines.
1514 ***************************************************/
1516 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1517 CTASSERT(_NPCM == 3);
1518 CTASSERT(_NPCPV == 168);
1520 static __inline struct pv_chunk *
1521 pv_to_chunk(pv_entry_t pv)
1524 return (struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK);
1527 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1529 #define PC_FREE0 0xfffffffffffffffful
1530 #define PC_FREE1 0xfffffffffffffffful
1531 #define PC_FREE2 0x000000fffffffffful
1533 static uint64_t pc_freemask[3] = { PC_FREE0, PC_FREE1, PC_FREE2 };
1535 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1536 "Current number of pv entries");
1539 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1541 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1542 "Current number of pv entry chunks");
1543 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1544 "Current number of pv entry chunks allocated");
1545 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1546 "Current number of pv entry chunks frees");
1547 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1548 "Number of times tried to get a chunk page but failed.");
1550 static long pv_entry_frees, pv_entry_allocs;
1551 static int pv_entry_spare;
1553 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1554 "Current number of pv entry frees");
1555 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1556 "Current number of pv entry allocs");
1557 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1558 "Current number of spare pv entries");
1560 static int pmap_collect_inactive, pmap_collect_active;
1562 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_inactive, CTLFLAG_RD, &pmap_collect_inactive, 0,
1563 "Current number times pmap_collect called on inactive queue");
1564 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_active, CTLFLAG_RD, &pmap_collect_active, 0,
1565 "Current number times pmap_collect called on active queue");
1569 * We are in a serious low memory condition. Resort to
1570 * drastic measures to free some pages so we can allocate
1571 * another pv entry chunk. This is normally called to
1572 * unmap inactive pages, and if necessary, active pages.
1575 pmap_collect(pmap_t locked_pmap, struct vpgqueues *vpq)
1579 pt_entry_t *pte, tpte;
1580 pv_entry_t next_pv, pv;
1584 TAILQ_FOREACH(m, &vpq->pl, pageq) {
1585 if (m->hold_count || m->busy || (m->flags & PG_BUSY))
1587 TAILQ_FOREACH_SAFE(pv, &m->md.pv_list, pv_list, next_pv) {
1590 /* Avoid deadlock and lock recursion. */
1591 if (pmap > locked_pmap)
1593 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap))
1595 pmap->pm_stats.resident_count--;
1596 pte = pmap_pte_pde(pmap, va, &ptepde);
1597 tpte = pte_load_clear(pte);
1598 KASSERT((tpte & PG_W) == 0,
1599 ("pmap_collect: wired pte %#lx", tpte));
1601 vm_page_flag_set(m, PG_REFERENCED);
1603 KASSERT((tpte & PG_RW),
1604 ("pmap_collect: modified page not writable: va: %#lx, pte: %#lx",
1608 pmap_invalidate_page(pmap, va);
1609 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1610 if (TAILQ_EMPTY(&m->md.pv_list))
1611 vm_page_flag_clear(m, PG_WRITEABLE);
1612 m->md.pv_list_count--;
1613 pmap_unuse_pt(pmap, va, ptepde);
1614 if (pmap != locked_pmap)
1616 free_pv_entry(locked_pmap, pv);
1623 * free the pv_entry back to the free list
1626 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1629 struct pv_chunk *pc;
1630 int idx, field, bit;
1632 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1633 PV_STAT(pv_entry_frees++);
1634 PV_STAT(pv_entry_spare++);
1636 pc = pv_to_chunk(pv);
1637 idx = pv - &pc->pc_pventry[0];
1640 pc->pc_map[field] |= 1ul << bit;
1641 /* move to head of list */
1642 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1643 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1644 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
1645 pc->pc_map[2] != PC_FREE2)
1647 PV_STAT(pv_entry_spare -= _NPCPV);
1648 PV_STAT(pc_chunk_count--);
1649 PV_STAT(pc_chunk_frees++);
1650 /* entire chunk is free, return it */
1651 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1652 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1653 dump_drop_page(m->phys_addr);
1658 * get a new pv_entry, allocating a block from the system
1662 get_pv_entry(pmap_t pmap, int try)
1664 static const struct timeval printinterval = { 60, 0 };
1665 static struct timeval lastprint;
1666 static vm_pindex_t colour;
1669 struct pv_chunk *pc;
1672 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1673 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1674 PV_STAT(pv_entry_allocs++);
1676 if (pv_entry_count > pv_entry_high_water)
1677 pagedaemon_wakeup();
1678 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1680 for (field = 0; field < _NPCM; field++) {
1681 if (pc->pc_map[field]) {
1682 bit = bsfq(pc->pc_map[field]);
1686 if (field < _NPCM) {
1687 pv = &pc->pc_pventry[field * 64 + bit];
1688 pc->pc_map[field] &= ~(1ul << bit);
1689 /* If this was the last item, move it to tail */
1690 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
1691 pc->pc_map[2] == 0) {
1692 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1693 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1695 PV_STAT(pv_entry_spare--);
1699 /* No free items, allocate another chunk */
1700 m = vm_page_alloc(NULL, colour, VM_ALLOC_SYSTEM | VM_ALLOC_NOOBJ);
1704 PV_STAT(pc_chunk_tryfail++);
1708 * Reclaim pv entries: At first, destroy mappings to inactive
1709 * pages. After that, if a pv chunk entry is still needed,
1710 * destroy mappings to active pages.
1712 if (ratecheck(&lastprint, &printinterval))
1713 printf("Approaching the limit on PV entries, consider "
1714 "increasing sysctl vm.pmap.shpgperproc or "
1715 "vm.pmap.pv_entry_max\n");
1716 PV_STAT(pmap_collect_inactive++);
1717 pmap_collect(pmap, &vm_page_queues[PQ_INACTIVE]);
1718 m = vm_page_alloc(NULL, colour,
1719 VM_ALLOC_SYSTEM | VM_ALLOC_NOOBJ);
1721 PV_STAT(pmap_collect_active++);
1722 pmap_collect(pmap, &vm_page_queues[PQ_ACTIVE]);
1723 m = vm_page_alloc(NULL, colour,
1724 VM_ALLOC_SYSTEM | VM_ALLOC_NOOBJ);
1726 panic("get_pv_entry: increase vm.pmap.shpgperproc");
1729 PV_STAT(pc_chunk_count++);
1730 PV_STAT(pc_chunk_allocs++);
1732 dump_add_page(m->phys_addr);
1733 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1735 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
1736 pc->pc_map[1] = PC_FREE1;
1737 pc->pc_map[2] = PC_FREE2;
1738 pv = &pc->pc_pventry[0];
1739 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1740 PV_STAT(pv_entry_spare += _NPCPV - 1);
1745 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
1749 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1750 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1751 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
1752 if (pmap == PV_PMAP(pv) && va == pv->pv_va)
1755 KASSERT(pv != NULL, ("pmap_remove_entry: pv not found"));
1756 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
1757 m->md.pv_list_count--;
1758 if (TAILQ_EMPTY(&m->md.pv_list))
1759 vm_page_flag_clear(m, PG_WRITEABLE);
1760 free_pv_entry(pmap, pv);
1764 * Create a pv entry for page at pa for
1768 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
1772 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1773 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1774 pv = get_pv_entry(pmap, FALSE);
1776 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1777 m->md.pv_list_count++;
1781 * Conditionally create a pv entry.
1784 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
1788 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1789 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1790 if (pv_entry_count < pv_entry_high_water &&
1791 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
1793 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
1794 m->md.pv_list_count++;
1801 * pmap_remove_pte: do the things to unmap a page in a process
1804 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va, pd_entry_t ptepde)
1809 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1810 oldpte = pte_load_clear(ptq);
1812 pmap->pm_stats.wired_count -= 1;
1814 * Machines that don't support invlpg, also don't support
1818 pmap_invalidate_page(kernel_pmap, va);
1819 pmap->pm_stats.resident_count -= 1;
1820 if (oldpte & PG_MANAGED) {
1821 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
1822 if (oldpte & PG_M) {
1823 KASSERT((oldpte & PG_RW),
1824 ("pmap_remove_pte: modified page not writable: va: %#lx, pte: %#lx",
1829 vm_page_flag_set(m, PG_REFERENCED);
1830 pmap_remove_entry(pmap, m, va);
1832 return (pmap_unuse_pt(pmap, va, ptepde));
1836 * Remove a single page from a process address space
1839 pmap_remove_page(pmap_t pmap, vm_offset_t va, pd_entry_t *pde)
1843 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1844 if ((*pde & PG_V) == 0)
1846 pte = pmap_pde_to_pte(pde, va);
1847 if ((*pte & PG_V) == 0)
1849 pmap_remove_pte(pmap, pte, va, *pde);
1850 pmap_invalidate_page(pmap, va);
1854 * Remove the given range of addresses from the specified map.
1856 * It is assumed that the start and end are properly
1857 * rounded to the page size.
1860 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1862 vm_offset_t va_next;
1863 pml4_entry_t *pml4e;
1865 pd_entry_t ptpaddr, *pde;
1870 * Perform an unsynchronized read. This is, however, safe.
1872 if (pmap->pm_stats.resident_count == 0)
1877 vm_page_lock_queues();
1881 * special handling of removing one page. a very
1882 * common operation and easy to short circuit some
1885 if (sva + PAGE_SIZE == eva) {
1886 pde = pmap_pde(pmap, sva);
1887 if (pde && (*pde & PG_PS) == 0) {
1888 pmap_remove_page(pmap, sva, pde);
1893 for (; sva < eva; sva = va_next) {
1895 if (pmap->pm_stats.resident_count == 0)
1898 pml4e = pmap_pml4e(pmap, sva);
1899 if ((*pml4e & PG_V) == 0) {
1900 va_next = (sva + NBPML4) & ~PML4MASK;
1904 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
1905 if ((*pdpe & PG_V) == 0) {
1906 va_next = (sva + NBPDP) & ~PDPMASK;
1911 * Calculate index for next page table.
1913 va_next = (sva + NBPDR) & ~PDRMASK;
1915 pde = pmap_pdpe_to_pde(pdpe, sva);
1919 * Weed out invalid mappings.
1925 * Check for large page.
1927 if ((ptpaddr & PG_PS) != 0) {
1929 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
1930 pmap_unuse_pt(pmap, sva, *pdpe);
1936 * Limit our scan to either the end of the va represented
1937 * by the current page table page, or to the end of the
1938 * range being removed.
1943 for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
1949 * The TLB entry for a PG_G mapping is invalidated
1950 * by pmap_remove_pte().
1952 if ((*pte & PG_G) == 0)
1954 if (pmap_remove_pte(pmap, pte, sva, ptpaddr))
1959 vm_page_unlock_queues();
1961 pmap_invalidate_all(pmap);
1966 * Routine: pmap_remove_all
1968 * Removes this physical page from
1969 * all physical maps in which it resides.
1970 * Reflects back modify bits to the pager.
1973 * Original versions of this routine were very
1974 * inefficient because they iteratively called
1975 * pmap_remove (slow...)
1979 pmap_remove_all(vm_page_t m)
1981 register pv_entry_t pv;
1983 pt_entry_t *pte, tpte;
1986 #if defined(PMAP_DIAGNOSTIC)
1988 * XXX This makes pmap_remove_all() illegal for non-managed pages!
1990 if (m->flags & PG_FICTITIOUS) {
1991 panic("pmap_remove_all: illegal for unmanaged page, va: 0x%lx",
1992 VM_PAGE_TO_PHYS(m));
1995 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1996 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
1999 pmap->pm_stats.resident_count--;
2000 pte = pmap_pte_pde(pmap, pv->pv_va, &ptepde);
2001 tpte = pte_load_clear(pte);
2003 pmap->pm_stats.wired_count--;
2005 vm_page_flag_set(m, PG_REFERENCED);
2008 * Update the vm_page_t clean and reference bits.
2011 KASSERT((tpte & PG_RW),
2012 ("pmap_remove_all: modified page not writable: va: %#lx, pte: %#lx",
2016 pmap_invalidate_page(pmap, pv->pv_va);
2017 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2018 m->md.pv_list_count--;
2019 pmap_unuse_pt(pmap, pv->pv_va, ptepde);
2021 free_pv_entry(pmap, pv);
2023 vm_page_flag_clear(m, PG_WRITEABLE);
2027 * Set the physical protection on the
2028 * specified range of this map as requested.
2031 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2033 vm_offset_t va_next;
2034 pml4_entry_t *pml4e;
2036 pd_entry_t ptpaddr, *pde;
2040 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2041 pmap_remove(pmap, sva, eva);
2045 if (prot & VM_PROT_WRITE)
2050 vm_page_lock_queues();
2052 for (; sva < eva; sva = va_next) {
2054 pml4e = pmap_pml4e(pmap, sva);
2055 if ((*pml4e & PG_V) == 0) {
2056 va_next = (sva + NBPML4) & ~PML4MASK;
2060 pdpe = pmap_pml4e_to_pdpe(pml4e, sva);
2061 if ((*pdpe & PG_V) == 0) {
2062 va_next = (sva + NBPDP) & ~PDPMASK;
2066 va_next = (sva + NBPDR) & ~PDRMASK;
2068 pde = pmap_pdpe_to_pde(pdpe, sva);
2072 * Weed out invalid mappings.
2078 * Check for large page.
2080 if ((ptpaddr & PG_PS) != 0) {
2081 *pde &= ~(PG_M|PG_RW);
2089 for (pte = pmap_pde_to_pte(pde, sva); sva != va_next; pte++,
2091 pt_entry_t obits, pbits;
2095 obits = pbits = *pte;
2096 if (pbits & PG_MANAGED) {
2099 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
2100 vm_page_flag_set(m, PG_REFERENCED);
2103 if ((pbits & PG_M) != 0) {
2105 m = PHYS_TO_VM_PAGE(pbits &
2111 pbits &= ~(PG_RW | PG_M);
2113 if (pbits != obits) {
2114 if (!atomic_cmpset_long(pte, obits, pbits))
2117 pmap_invalidate_page(pmap, sva);
2123 vm_page_unlock_queues();
2125 pmap_invalidate_all(pmap);
2130 * Insert the given physical page (p) at
2131 * the specified virtual address (v) in the
2132 * target physical map with the protection requested.
2134 * If specified, the page will be wired down, meaning
2135 * that the related pte can not be reclaimed.
2137 * NB: This is the only routine which MAY NOT lazy-evaluate
2138 * or lose information. That is, this routine must actually
2139 * insert this page into the given map NOW.
2142 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2147 register pt_entry_t *pte;
2149 pt_entry_t origpte, newpte;
2153 va = trunc_page(va);
2154 #ifdef PMAP_DIAGNOSTIC
2155 if (va > VM_MAX_KERNEL_ADDRESS)
2156 panic("pmap_enter: toobig");
2157 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
2158 panic("pmap_enter: invalid to pmap_enter page table pages (va: 0x%lx)", va);
2163 vm_page_lock_queues();
2167 * In the case that a page table page is not
2168 * resident, we are creating it here.
2170 if (va < VM_MAXUSER_ADDRESS) {
2171 mpte = pmap_allocpte(pmap, va, M_WAITOK);
2173 #if 0 && defined(PMAP_DIAGNOSTIC)
2175 pd_entry_t *pdeaddr = pmap_pde(pmap, va);
2177 if ((origpte & PG_V) == 0) {
2178 panic("pmap_enter: invalid kernel page table page, pde=%p, va=%p\n",
2184 pde = pmap_pde(pmap, va);
2186 if ((*pde & PG_PS) != 0)
2187 panic("pmap_enter: attempted pmap_enter on 2MB page");
2188 pte = pmap_pde_to_pte(pde, va);
2193 * Page Directory table entry not valid, we need a new PT page
2196 panic("pmap_enter: invalid page directory va=%#lx\n", va);
2198 pa = VM_PAGE_TO_PHYS(m);
2201 opa = origpte & PG_FRAME;
2204 * Mapping has not changed, must be protection or wiring change.
2206 if (origpte && (opa == pa)) {
2208 * Wiring change, just update stats. We don't worry about
2209 * wiring PT pages as they remain resident as long as there
2210 * are valid mappings in them. Hence, if a user page is wired,
2211 * the PT page will be also.
2213 if (wired && ((origpte & PG_W) == 0))
2214 pmap->pm_stats.wired_count++;
2215 else if (!wired && (origpte & PG_W))
2216 pmap->pm_stats.wired_count--;
2219 * Remove extra pte reference
2225 * We might be turning off write access to the page,
2226 * so we go ahead and sense modify status.
2228 if (origpte & PG_MANAGED) {
2235 * Mapping has changed, invalidate old range and fall through to
2236 * handle validating new mapping.
2240 pmap->pm_stats.wired_count--;
2241 if (origpte & PG_MANAGED) {
2242 om = PHYS_TO_VM_PAGE(opa);
2243 pmap_remove_entry(pmap, om, va);
2247 KASSERT(mpte->wire_count > 0,
2248 ("pmap_enter: missing reference to page table page,"
2252 pmap->pm_stats.resident_count++;
2255 * Enter on the PV list if part of our managed memory.
2257 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0) {
2258 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
2259 ("pmap_enter: managed mapping within the clean submap"));
2260 pmap_insert_entry(pmap, va, m);
2265 * Increment counters
2268 pmap->pm_stats.wired_count++;
2272 * Now validate mapping with desired protection/wiring.
2274 newpte = (pt_entry_t)(pa | PG_V);
2275 if ((prot & VM_PROT_WRITE) != 0)
2277 if ((prot & VM_PROT_EXECUTE) == 0)
2281 if (va < VM_MAXUSER_ADDRESS)
2283 if (pmap == kernel_pmap)
2287 * if the mapping or permission bits are different, we need
2288 * to update the pte.
2290 if ((origpte & ~(PG_M|PG_A)) != newpte) {
2291 if (origpte & PG_V) {
2293 origpte = pte_load_store(pte, newpte | PG_A);
2294 if (origpte & PG_A) {
2295 if (origpte & PG_MANAGED)
2296 vm_page_flag_set(om, PG_REFERENCED);
2297 if (opa != VM_PAGE_TO_PHYS(m) || ((origpte &
2298 PG_NX) == 0 && (newpte & PG_NX)))
2301 if (origpte & PG_M) {
2302 KASSERT((origpte & PG_RW),
2303 ("pmap_enter: modified page not writable: va: %#lx, pte: %#lx",
2305 if ((origpte & PG_MANAGED) != 0)
2307 if ((newpte & PG_RW) == 0)
2311 pmap_invalidate_page(pmap, va);
2313 pte_store(pte, newpte | PG_A);
2315 vm_page_unlock_queues();
2320 * Maps a sequence of resident pages belonging to the same object.
2321 * The sequence begins with the given page m_start. This page is
2322 * mapped at the given virtual address start. Each subsequent page is
2323 * mapped at a virtual address that is offset from start by the same
2324 * amount as the page is offset from m_start within the object. The
2325 * last page in the sequence is the page with the largest offset from
2326 * m_start that can be mapped at a virtual address less than the given
2327 * virtual address end. Not every virtual page between start and end
2328 * is mapped; only those for which a resident page exists with the
2329 * corresponding offset from m_start are mapped.
2332 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
2333 vm_page_t m_start, vm_prot_t prot)
2336 vm_pindex_t diff, psize;
2338 psize = atop(end - start);
2342 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
2343 mpte = pmap_enter_quick_locked(pmap, start + ptoa(diff), m,
2345 m = TAILQ_NEXT(m, listq);
2351 * this code makes some *MAJOR* assumptions:
2352 * 1. Current pmap & pmap exists.
2355 * 4. No page table pages.
2356 * but is *MUCH* faster than pmap_enter...
2360 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2365 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte);
2371 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
2372 vm_prot_t prot, vm_page_t mpte)
2377 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
2378 (m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) != 0,
2379 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
2380 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2381 VM_OBJECT_LOCK_ASSERT(m->object, MA_OWNED);
2382 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2385 * In the case that a page table page is not
2386 * resident, we are creating it here.
2388 if (va < VM_MAXUSER_ADDRESS) {
2389 vm_pindex_t ptepindex;
2393 * Calculate pagetable page index
2395 ptepindex = pmap_pde_pindex(va);
2396 if (mpte && (mpte->pindex == ptepindex)) {
2401 * Get the page directory entry
2403 ptepa = pmap_pde(pmap, va);
2406 * If the page table page is mapped, we just increment
2407 * the hold count, and activate it.
2409 if (ptepa && (*ptepa & PG_V) != 0) {
2411 panic("pmap_enter_quick: unexpected mapping into 2MB page");
2412 mpte = PHYS_TO_VM_PAGE(*ptepa & PG_FRAME);
2415 mpte = _pmap_allocpte(pmap, ptepindex,
2420 vm_page_unlock_queues();
2421 VM_OBJECT_UNLOCK(m->object);
2423 VM_OBJECT_LOCK(m->object);
2424 vm_page_lock_queues();
2436 * This call to vtopte makes the assumption that we are
2437 * entering the page into the current pmap. In order to support
2438 * quick entry into any pmap, one would likely use pmap_pte.
2439 * But that isn't as quick as vtopte.
2444 pmap_unwire_pte_hold(pmap, va, mpte);
2451 * Enter on the PV list if part of our managed memory. Note that we
2452 * raise IPL while manipulating pv_table since pmap_enter can be
2453 * called at interrupt time.
2455 if ((m->flags & (PG_FICTITIOUS|PG_UNMANAGED)) == 0)
2456 pmap_insert_entry(pmap, va, m);
2459 * Increment counters
2461 pmap->pm_stats.resident_count++;
2463 pa = VM_PAGE_TO_PHYS(m);
2464 if ((prot & VM_PROT_EXECUTE) == 0)
2468 * Now validate mapping with RO protection
2470 if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
2471 pte_store(pte, pa | PG_V | PG_U);
2473 pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
2478 * Make a temporary mapping for a physical address. This is only intended
2479 * to be used for panic dumps.
2482 pmap_kenter_temporary(vm_paddr_t pa, int i)
2486 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
2487 pmap_kenter(va, pa);
2489 return ((void *)crashdumpmap);
2493 * This code maps large physical mmap regions into the
2494 * processor address space. Note that some shortcuts
2495 * are taken, but the code works.
2498 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr,
2499 vm_object_t object, vm_pindex_t pindex,
2505 VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
2506 KASSERT(object->type == OBJT_DEVICE,
2507 ("pmap_object_init_pt: non-device object"));
2508 if (((addr & (NBPDR - 1)) == 0) && ((size & (NBPDR - 1)) == 0)) {
2510 pd_entry_t ptepa, *pde;
2513 pde = pmap_pde(pmap, addr);
2514 if (pde != 0 && (*pde & PG_V) != 0)
2518 p = vm_page_lookup(object, pindex);
2520 vm_page_lock_queues();
2521 if (vm_page_sleep_if_busy(p, FALSE, "init4p"))
2524 p = vm_page_alloc(object, pindex, VM_ALLOC_NORMAL);
2529 if (vm_pager_get_pages(object, m, 1, 0) != VM_PAGER_OK) {
2530 vm_page_lock_queues();
2532 vm_page_unlock_queues();
2536 p = vm_page_lookup(object, pindex);
2537 vm_page_lock_queues();
2540 vm_page_unlock_queues();
2542 ptepa = VM_PAGE_TO_PHYS(p);
2543 if (ptepa & (NBPDR - 1))
2546 p->valid = VM_PAGE_BITS_ALL;
2549 for (va = addr; va < addr + size; va += NBPDR) {
2551 pmap_allocpde(pmap, va, M_NOWAIT)) == NULL) {
2553 vm_page_lock_queues();
2555 vm_page_unlock_queues();
2556 VM_OBJECT_UNLOCK(object);
2558 VM_OBJECT_LOCK(object);
2559 vm_page_lock_queues();
2561 vm_page_unlock_queues();
2564 pde = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
2565 pde = &pde[pmap_pde_index(va)];
2566 if ((*pde & PG_V) == 0) {
2567 pde_store(pde, ptepa | PG_PS | PG_M | PG_A |
2568 PG_U | PG_RW | PG_V);
2569 pmap->pm_stats.resident_count +=
2573 KASSERT(pdpg->wire_count > 0,
2574 ("pmap_object_init_pt: missing reference "
2575 "to page directory page, va: 0x%lx", va));
2579 pmap_invalidate_all(pmap);
2586 * Routine: pmap_change_wiring
2587 * Function: Change the wiring attribute for a map/virtual-address
2589 * In/out conditions:
2590 * The mapping must already exist in the pmap.
2593 pmap_change_wiring(pmap, va, wired)
2594 register pmap_t pmap;
2598 register pt_entry_t *pte;
2601 * Wiring is not a hardware characteristic so there is no need to
2605 pte = pmap_pte(pmap, va);
2606 if (wired && (*pte & PG_W) == 0) {
2607 pmap->pm_stats.wired_count++;
2608 atomic_set_long(pte, PG_W);
2609 } else if (!wired && (*pte & PG_W) != 0) {
2610 pmap->pm_stats.wired_count--;
2611 atomic_clear_long(pte, PG_W);
2619 * Copy the range specified by src_addr/len
2620 * from the source map to the range dst_addr/len
2621 * in the destination map.
2623 * This routine is only advisory and need not do anything.
2627 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
2628 vm_offset_t src_addr)
2631 vm_offset_t end_addr = src_addr + len;
2632 vm_offset_t va_next;
2634 if (dst_addr != src_addr)
2637 if (!pmap_is_current(src_pmap))
2640 vm_page_lock_queues();
2641 if (dst_pmap < src_pmap) {
2642 PMAP_LOCK(dst_pmap);
2643 PMAP_LOCK(src_pmap);
2645 PMAP_LOCK(src_pmap);
2646 PMAP_LOCK(dst_pmap);
2648 for (addr = src_addr; addr < end_addr; addr = va_next) {
2649 pt_entry_t *src_pte, *dst_pte;
2650 vm_page_t dstmpde, dstmpte, srcmpte;
2651 pml4_entry_t *pml4e;
2653 pd_entry_t srcptepaddr, *pde;
2655 if (addr >= UPT_MIN_ADDRESS)
2656 panic("pmap_copy: invalid to pmap_copy page tables");
2658 pml4e = pmap_pml4e(src_pmap, addr);
2659 if ((*pml4e & PG_V) == 0) {
2660 va_next = (addr + NBPML4) & ~PML4MASK;
2664 pdpe = pmap_pml4e_to_pdpe(pml4e, addr);
2665 if ((*pdpe & PG_V) == 0) {
2666 va_next = (addr + NBPDP) & ~PDPMASK;
2670 va_next = (addr + NBPDR) & ~PDRMASK;
2672 pde = pmap_pdpe_to_pde(pdpe, addr);
2674 if (srcptepaddr == 0)
2677 if (srcptepaddr & PG_PS) {
2678 dstmpde = pmap_allocpde(dst_pmap, addr, M_NOWAIT);
2679 if (dstmpde == NULL)
2681 pde = (pd_entry_t *)
2682 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpde));
2683 pde = &pde[pmap_pde_index(addr)];
2686 dst_pmap->pm_stats.resident_count +=
2689 pmap_unwire_pte_hold(dst_pmap, addr, dstmpde);
2693 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
2694 if (srcmpte->wire_count == 0)
2695 panic("pmap_copy: source page table page is unused");
2697 if (va_next > end_addr)
2700 src_pte = vtopte(addr);
2701 while (addr < va_next) {
2705 * we only virtual copy managed pages
2707 if ((ptetemp & PG_MANAGED) != 0) {
2709 * We have to check after allocpte for the
2710 * pte still being around... allocpte can
2713 dstmpte = pmap_allocpte(dst_pmap, addr,
2715 if (dstmpte == NULL)
2717 dst_pte = (pt_entry_t *)
2718 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
2719 dst_pte = &dst_pte[pmap_pte_index(addr)];
2720 if (*dst_pte == 0 &&
2721 pmap_try_insert_pv_entry(dst_pmap, addr,
2722 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME))) {
2724 * Clear the modified and
2725 * accessed (referenced) bits
2728 *dst_pte = ptetemp & ~(PG_M | PG_A);
2729 dst_pmap->pm_stats.resident_count++;
2731 pmap_unwire_pte_hold(dst_pmap, addr, dstmpte);
2732 if (dstmpte->wire_count >= srcmpte->wire_count)
2739 vm_page_unlock_queues();
2740 PMAP_UNLOCK(src_pmap);
2741 PMAP_UNLOCK(dst_pmap);
2745 * pmap_zero_page zeros the specified hardware page by mapping
2746 * the page into KVM and using bzero to clear its contents.
2749 pmap_zero_page(vm_page_t m)
2751 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
2753 pagezero((void *)va);
2757 * pmap_zero_page_area zeros the specified hardware page by mapping
2758 * the page into KVM and using bzero to clear its contents.
2760 * off and size may not cover an area beyond a single hardware page.
2763 pmap_zero_page_area(vm_page_t m, int off, int size)
2765 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
2767 if (off == 0 && size == PAGE_SIZE)
2768 pagezero((void *)va);
2770 bzero((char *)va + off, size);
2774 * pmap_zero_page_idle zeros the specified hardware page by mapping
2775 * the page into KVM and using bzero to clear its contents. This
2776 * is intended to be called from the vm_pagezero process only and
2780 pmap_zero_page_idle(vm_page_t m)
2782 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
2784 pagezero((void *)va);
2788 * pmap_copy_page copies the specified (machine independent)
2789 * page by mapping the page into virtual memory and using
2790 * bcopy to copy the page, one machine dependent page at a
2794 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
2796 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
2797 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
2799 pagecopy((void *)src, (void *)dst);
2803 * Returns true if the pmap's pv is one of the first
2804 * 16 pvs linked to from this page. This count may
2805 * be changed upwards or downwards in the future; it
2806 * is only necessary that true be returned for a small
2807 * subset of pmaps for proper page aging.
2810 pmap_page_exists_quick(pmap, m)
2817 if (m->flags & PG_FICTITIOUS)
2820 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2821 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
2822 if (PV_PMAP(pv) == pmap) {
2833 * Remove all pages from specified address space
2834 * this aids process exit speeds. Also, this code
2835 * is special cased for current process only, but
2836 * can have the more generic (and slightly slower)
2837 * mode enabled. This is much faster than pmap_remove
2838 * in the case of running down an entire address space.
2841 pmap_remove_pages(pmap_t pmap)
2843 pt_entry_t *pte, tpte;
2846 struct pv_chunk *pc, *npc;
2849 uint64_t inuse, bitmask;
2852 if (pmap != vmspace_pmap(curthread->td_proc->p_vmspace)) {
2853 printf("warning: pmap_remove_pages called with non-current pmap\n");
2856 vm_page_lock_queues();
2858 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
2860 for (field = 0; field < _NPCM; field++) {
2861 inuse = (~(pc->pc_map[field])) & pc_freemask[field];
2862 while (inuse != 0) {
2864 bitmask = 1UL << bit;
2865 idx = field * 64 + bit;
2866 pv = &pc->pc_pventry[idx];
2869 pte = vtopte(pv->pv_va);
2874 "TPTE at %p IS ZERO @ VA %08lx\n",
2880 * We cannot remove wired pages from a process' mapping at this time
2887 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
2888 KASSERT(m->phys_addr == (tpte & PG_FRAME),
2889 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
2890 m, (uintmax_t)m->phys_addr,
2893 KASSERT(m < &vm_page_array[vm_page_array_size],
2894 ("pmap_remove_pages: bad tpte %#jx",
2897 pmap->pm_stats.resident_count--;
2902 * Update the vm_page_t clean/reference bits.
2908 PV_STAT(pv_entry_frees++);
2909 PV_STAT(pv_entry_spare++);
2911 pc->pc_map[field] |= bitmask;
2912 m->md.pv_list_count--;
2913 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2914 if (TAILQ_EMPTY(&m->md.pv_list))
2915 vm_page_flag_clear(m, PG_WRITEABLE);
2916 pmap_unuse_pt(pmap, pv->pv_va,
2917 *vtopde(pv->pv_va));
2921 PV_STAT(pv_entry_spare -= _NPCPV);
2922 PV_STAT(pc_chunk_count--);
2923 PV_STAT(pc_chunk_frees++);
2924 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2925 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2926 dump_drop_page(m->phys_addr);
2930 vm_page_unlock_queues();
2931 pmap_invalidate_all(pmap);
2938 * Return whether or not the specified physical page was modified
2939 * in any physical maps.
2942 pmap_is_modified(vm_page_t m)
2950 if (m->flags & PG_FICTITIOUS)
2953 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2954 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
2957 pte = pmap_pte(pmap, pv->pv_va);
2958 rv = (*pte & PG_M) != 0;
2967 * pmap_is_prefaultable:
2969 * Return whether or not the specified virtual address is elgible
2973 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
2981 pde = pmap_pde(pmap, addr);
2982 if (pde != NULL && (*pde & PG_V)) {
2984 rv = (*pte & PG_V) == 0;
2991 * Clear the given bit in each of the given page's ptes.
2993 static __inline void
2994 pmap_clear_ptes(vm_page_t m, long bit)
2996 register pv_entry_t pv;
2998 pt_entry_t pbits, *pte;
3000 if ((m->flags & PG_FICTITIOUS) ||
3001 (bit == PG_RW && (m->flags & PG_WRITEABLE) == 0))
3004 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3006 * Loop over all current mappings setting/clearing as appropos If
3007 * setting RO do we need to clear the VAC?
3009 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3012 pte = pmap_pte(pmap, pv->pv_va);
3017 if (!atomic_cmpset_long(pte, pbits,
3018 pbits & ~(PG_RW | PG_M)))
3024 atomic_clear_long(pte, bit);
3026 pmap_invalidate_page(pmap, pv->pv_va);
3031 vm_page_flag_clear(m, PG_WRITEABLE);
3035 * pmap_page_protect:
3037 * Lower the permission for all mappings to a given page.
3040 pmap_page_protect(vm_page_t m, vm_prot_t prot)
3042 if ((prot & VM_PROT_WRITE) == 0) {
3043 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
3044 pmap_clear_ptes(m, PG_RW);
3052 * pmap_ts_referenced:
3054 * Return a count of reference bits for a page, clearing those bits.
3055 * It is not necessary for every reference bit to be cleared, but it
3056 * is necessary that 0 only be returned when there are truly no
3057 * reference bits set.
3059 * XXX: The exact number of bits to check and clear is a matter that
3060 * should be tested and standardized at some point in the future for
3061 * optimal aging of shared pages.
3064 pmap_ts_referenced(vm_page_t m)
3066 register pv_entry_t pv, pvf, pvn;
3072 if (m->flags & PG_FICTITIOUS)
3075 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3076 if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3081 pvn = TAILQ_NEXT(pv, pv_list);
3083 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3085 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
3089 pte = pmap_pte(pmap, pv->pv_va);
3091 if (pte && ((v = pte_load(pte)) & PG_A) != 0) {
3092 atomic_clear_long(pte, PG_A);
3093 pmap_invalidate_page(pmap, pv->pv_va);
3102 } while ((pv = pvn) != NULL && pv != pvf);
3109 * Clear the modify bits on the specified physical page.
3112 pmap_clear_modify(vm_page_t m)
3114 pmap_clear_ptes(m, PG_M);
3118 * pmap_clear_reference:
3120 * Clear the reference bit on the specified physical page.
3123 pmap_clear_reference(vm_page_t m)
3125 pmap_clear_ptes(m, PG_A);
3129 * Miscellaneous support routines follow
3133 * Map a set of physical memory pages into the kernel virtual
3134 * address space. Return a pointer to where it is mapped. This
3135 * routine is intended to be used for mapping device memory,
3139 pmap_mapdev(pa, size)
3143 vm_offset_t va, tmpva, offset;
3145 /* If this fits within the direct map window, use it */
3146 if (pa < dmaplimit && (pa + size) < dmaplimit)
3147 return ((void *)PHYS_TO_DMAP(pa));
3148 offset = pa & PAGE_MASK;
3149 size = roundup(offset + size, PAGE_SIZE);
3150 va = kmem_alloc_nofault(kernel_map, size);
3152 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3153 pa = trunc_page(pa);
3154 for (tmpva = va; size > 0; ) {
3155 pmap_kenter(tmpva, pa);
3160 pmap_invalidate_range(kernel_pmap, va, tmpva);
3161 return ((void *)(va + offset));
3165 pmap_unmapdev(va, size)
3169 vm_offset_t base, offset, tmpva;
3171 /* If we gave a direct map region in pmap_mapdev, do nothing */
3172 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
3174 base = trunc_page(va);
3175 offset = va & PAGE_MASK;
3176 size = roundup(offset + size, PAGE_SIZE);
3177 for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE)
3178 pmap_kremove(tmpva);
3179 pmap_invalidate_range(kernel_pmap, va, tmpva);
3180 kmem_free(kernel_map, base, size);
3184 * perform the pmap work for mincore
3187 pmap_mincore(pmap, addr)
3191 pt_entry_t *ptep, pte;
3196 ptep = pmap_pte(pmap, addr);
3197 pte = (ptep != NULL) ? *ptep : 0;
3203 val = MINCORE_INCORE;
3204 if ((pte & PG_MANAGED) == 0)
3207 pa = pte & PG_FRAME;
3209 m = PHYS_TO_VM_PAGE(pa);
3215 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
3218 * Modified by someone else
3220 vm_page_lock_queues();
3221 if (m->dirty || pmap_is_modified(m))
3222 val |= MINCORE_MODIFIED_OTHER;
3223 vm_page_unlock_queues();
3229 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
3232 * Referenced by someone else
3234 vm_page_lock_queues();
3235 if ((m->flags & PG_REFERENCED) ||
3236 pmap_ts_referenced(m)) {
3237 val |= MINCORE_REFERENCED_OTHER;
3238 vm_page_flag_set(m, PG_REFERENCED);
3240 vm_page_unlock_queues();
3247 pmap_activate(struct thread *td)
3249 pmap_t pmap, oldpmap;
3253 pmap = vmspace_pmap(td->td_proc->p_vmspace);
3254 oldpmap = PCPU_GET(curpmap);
3256 if (oldpmap) /* XXX FIXME */
3257 atomic_clear_int(&oldpmap->pm_active, PCPU_GET(cpumask));
3258 atomic_set_int(&pmap->pm_active, PCPU_GET(cpumask));
3260 if (oldpmap) /* XXX FIXME */
3261 oldpmap->pm_active &= ~PCPU_GET(cpumask);
3262 pmap->pm_active |= PCPU_GET(cpumask);
3264 cr3 = vtophys(pmap->pm_pml4);
3265 td->td_pcb->pcb_cr3 = cr3;
3271 pmap_addr_hint(vm_object_t obj, vm_offset_t addr, vm_size_t size)
3274 if ((obj == NULL) || (size < NBPDR) || (obj->type != OBJT_DEVICE)) {
3278 addr = (addr + (NBPDR - 1)) & ~(NBPDR - 1);
projects / FreeBSD / FreeBSD.git / blob