1 /* From: $NetBSD: pmap.c,v 1.148 2004/04/03 04:35:48 bsh Exp $ */
3 * Copyright 2004 Olivier Houchard.
4 * Copyright 2003 Wasabi Systems, Inc.
7 * Written by Steve C. Woodford for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 2002-2003 Wasabi Systems, Inc.
40 * Copyright (c) 2001 Richard Earnshaw
41 * Copyright (c) 2001-2002 Christopher Gilbert
42 * All rights reserved.
44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in the
48 * documentation and/or other materials provided with the distribution.
49 * 3. The name of the company nor the name of the author may be used to
50 * endorse or promote products derived from this software without specific
51 * prior written permission.
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
54 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
55 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
56 * IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
57 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
58 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
59 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66 * Copyright (c) 1999 The NetBSD Foundation, Inc.
67 * All rights reserved.
69 * This code is derived from software contributed to The NetBSD Foundation
70 * by Charles M. Hannum.
72 * Redistribution and use in source and binary forms, with or without
73 * modification, are permitted provided that the following conditions
75 * 1. Redistributions of source code must retain the above copyright
76 * notice, this list of conditions and the following disclaimer.
77 * 2. Redistributions in binary form must reproduce the above copyright
78 * notice, this list of conditions and the following disclaimer in the
79 * documentation and/or other materials provided with the distribution.
81 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
82 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
83 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
84 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
85 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
86 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
87 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
88 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
89 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
90 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
91 * POSSIBILITY OF SUCH DAMAGE.
95 * Copyright (c) 1994-1998 Mark Brinicombe.
96 * Copyright (c) 1994 Brini.
97 * All rights reserved.
99 * This code is derived from software written for Brini by Mark Brinicombe
101 * Redistribution and use in source and binary forms, with or without
102 * modification, are permitted provided that the following conditions
104 * 1. Redistributions of source code must retain the above copyright
105 * notice, this list of conditions and the following disclaimer.
106 * 2. Redistributions in binary form must reproduce the above copyright
107 * notice, this list of conditions and the following disclaimer in the
108 * documentation and/or other materials provided with the distribution.
109 * 3. All advertising materials mentioning features or use of this software
110 * must display the following acknowledgement:
111 * This product includes software developed by Mark Brinicombe.
112 * 4. The name of the author may not be used to endorse or promote products
113 * derived from this software without specific prior written permission.
115 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
116 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
117 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
118 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
119 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
120 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
121 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
122 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
123 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
125 * RiscBSD kernel project
129 * Machine dependent vm stuff
135 * Special compilation symbols
136 * PMAP_DEBUG - Build in pmap_debug_level code
138 * Note that pmap_mapdev() and pmap_unmapdev() are implemented in arm/devmap.c
140 /* Include header files */
144 #include <sys/cdefs.h>
145 __FBSDID("$FreeBSD$");
146 #include <sys/param.h>
147 #include <sys/systm.h>
148 #include <sys/kernel.h>
150 #include <sys/lock.h>
151 #include <sys/proc.h>
152 #include <sys/malloc.h>
153 #include <sys/msgbuf.h>
154 #include <sys/mutex.h>
155 #include <sys/vmmeter.h>
156 #include <sys/mman.h>
157 #include <sys/rwlock.h>
159 #include <sys/sched.h>
162 #include <vm/vm_param.h>
165 #include <vm/vm_kern.h>
166 #include <vm/vm_object.h>
167 #include <vm/vm_map.h>
168 #include <vm/vm_page.h>
169 #include <vm/vm_pageout.h>
170 #include <vm/vm_phys.h>
171 #include <vm/vm_pagequeue.h>
172 #include <vm/vm_extern.h>
174 #include <machine/md_var.h>
175 #include <machine/cpu.h>
176 #include <machine/cpufunc.h>
177 #include <machine/pcb.h>
180 #define PDEBUG(_lev_,_stat_) \
181 if (pmap_debug_level >= (_lev_)) \
183 #define dprintf printf
185 int pmap_debug_level = 0;
187 #else /* PMAP_DEBUG */
188 #define PDEBUG(_lev_,_stat_) /* Nothing */
189 #define dprintf(x, arg...)
190 #define PMAP_INLINE __inline
191 #endif /* PMAP_DEBUG */
193 extern struct pv_addr systempage;
195 extern int last_fault_code;
197 #define l1pte_section_p(pde) (((pde) & L1_TYPE_MASK) == L1_TYPE_S)
198 #define l2pte_index(v) (((v) & L1_S_OFFSET) >> L2_S_SHIFT)
199 #define l2pte_valid(pte) ((pte) != 0)
200 #define l2pte_pa(pte) ((pte) & L2_S_FRAME)
203 * Internal function prototypes
205 static void pmap_free_pv_entry (pv_entry_t);
206 static pv_entry_t pmap_get_pv_entry(void);
208 static int pmap_enter_locked(pmap_t, vm_offset_t, vm_page_t,
210 static vm_paddr_t pmap_extract_locked(pmap_t pmap, vm_offset_t va);
211 static void pmap_fix_cache(struct vm_page *, pmap_t, vm_offset_t);
212 static void pmap_alloc_l1(pmap_t);
213 static void pmap_free_l1(pmap_t);
215 static int pmap_clearbit(struct vm_page *, u_int);
217 static struct l2_bucket *pmap_get_l2_bucket(pmap_t, vm_offset_t);
218 static struct l2_bucket *pmap_alloc_l2_bucket(pmap_t, vm_offset_t);
219 static void pmap_free_l2_bucket(pmap_t, struct l2_bucket *, u_int);
220 static vm_offset_t kernel_pt_lookup(vm_paddr_t);
222 static MALLOC_DEFINE(M_VMPMAP, "pmap", "PMAP L1");
224 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
225 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
226 vm_offset_t pmap_curmaxkvaddr;
227 vm_paddr_t kernel_l1pa;
229 vm_offset_t kernel_vm_end = 0;
231 vm_offset_t vm_max_kernel_address;
233 struct pmap kernel_pmap_store;
235 static pt_entry_t *csrc_pte, *cdst_pte;
236 static vm_offset_t csrcp, cdstp, qmap_addr;
237 static struct mtx cmtx, qmap_mtx;
239 static void pmap_init_l1(struct l1_ttable *, pd_entry_t *);
241 * These routines are called when the CPU type is identified to set up
242 * the PTE prototypes, cache modes, etc.
244 * The variables are always here, just in case LKMs need to reference
245 * them (though, they shouldn't).
248 static pt_entry_t pte_l1_s_cache_mode;
249 static pt_entry_t pte_l1_s_cache_mode_pt;
250 static pt_entry_t pte_l1_s_cache_mask;
252 static pt_entry_t pte_l2_l_cache_mode;
253 static pt_entry_t pte_l2_l_cache_mode_pt;
254 static pt_entry_t pte_l2_l_cache_mask;
256 static pt_entry_t pte_l2_s_cache_mode;
257 static pt_entry_t pte_l2_s_cache_mode_pt;
258 static pt_entry_t pte_l2_s_cache_mask;
263 static caddr_t crashdumpmap;
265 extern void bcopy_page(vm_offset_t, vm_offset_t);
266 extern void bzero_page(vm_offset_t);
268 extern vm_offset_t alloc_firstaddr;
273 * Metadata for L1 translation tables.
276 /* Entry on the L1 Table list */
277 SLIST_ENTRY(l1_ttable) l1_link;
279 /* Entry on the L1 Least Recently Used list */
280 TAILQ_ENTRY(l1_ttable) l1_lru;
282 /* Track how many domains are allocated from this L1 */
283 volatile u_int l1_domain_use_count;
286 * A free-list of domain numbers for this L1.
287 * We avoid using ffs() and a bitmap to track domains since ffs()
290 u_int8_t l1_domain_first;
291 u_int8_t l1_domain_free[PMAP_DOMAINS];
293 /* Physical address of this L1 page table */
294 vm_paddr_t l1_physaddr;
296 /* KVA of this L1 page table */
301 * Convert a virtual address into its L1 table index. That is, the
302 * index used to locate the L2 descriptor table pointer in an L1 table.
303 * This is basically used to index l1->l1_kva[].
305 * Each L2 descriptor table represents 1MB of VA space.
307 #define L1_IDX(va) (((vm_offset_t)(va)) >> L1_S_SHIFT)
310 * L1 Page Tables are tracked using a Least Recently Used list.
311 * - New L1s are allocated from the HEAD.
312 * - Freed L1s are added to the TAIl.
313 * - Recently accessed L1s (where an 'access' is some change to one of
314 * the userland pmaps which owns this L1) are moved to the TAIL.
316 static TAILQ_HEAD(, l1_ttable) l1_lru_list;
318 * A list of all L1 tables
320 static SLIST_HEAD(, l1_ttable) l1_list;
321 static struct mtx l1_lru_lock;
324 * The l2_dtable tracks L2_BUCKET_SIZE worth of L1 slots.
326 * This is normally 16MB worth L2 page descriptors for any given pmap.
327 * Reference counts are maintained for L2 descriptors so they can be
331 /* The number of L2 page descriptors allocated to this l2_dtable */
334 /* List of L2 page descriptors */
336 pt_entry_t *l2b_kva; /* KVA of L2 Descriptor Table */
337 vm_paddr_t l2b_phys; /* Physical address of same */
338 u_short l2b_l1idx; /* This L2 table's L1 index */
339 u_short l2b_occupancy; /* How many active descriptors */
340 } l2_bucket[L2_BUCKET_SIZE];
343 /* pmap_kenter_internal flags */
344 #define KENTER_CACHE 0x1
345 #define KENTER_USER 0x2
348 * Given an L1 table index, calculate the corresponding l2_dtable index
349 * and bucket index within the l2_dtable.
351 #define L2_IDX(l1idx) (((l1idx) >> L2_BUCKET_LOG2) & \
353 #define L2_BUCKET(l1idx) ((l1idx) & (L2_BUCKET_SIZE - 1))
356 * Given a virtual address, this macro returns the
357 * virtual address required to drop into the next L2 bucket.
359 #define L2_NEXT_BUCKET(va) (((va) & L1_S_FRAME) + L1_S_SIZE)
362 * We try to map the page tables write-through, if possible. However, not
363 * all CPUs have a write-through cache mode, so on those we have to sync
364 * the cache when we frob page tables.
366 * We try to evaluate this at compile time, if possible. However, it's
367 * not always possible to do that, hence this run-time var.
369 int pmap_needs_pte_sync;
372 * Macro to determine if a mapping might be resident in the
373 * instruction cache and/or TLB
375 #define PV_BEEN_EXECD(f) (((f) & (PVF_REF | PVF_EXEC)) == (PVF_REF | PVF_EXEC))
378 * Macro to determine if a mapping might be resident in the
379 * data cache and/or TLB
381 #define PV_BEEN_REFD(f) (((f) & PVF_REF) != 0)
383 #ifndef PMAP_SHPGPERPROC
384 #define PMAP_SHPGPERPROC 200
387 #define pmap_is_current(pm) ((pm) == kernel_pmap || \
388 curproc->p_vmspace->vm_map.pmap == (pm))
389 static uma_zone_t pvzone = NULL;
391 static uma_zone_t l2table_zone;
392 static vm_offset_t pmap_kernel_l2dtable_kva;
393 static vm_offset_t pmap_kernel_l2ptp_kva;
394 static vm_paddr_t pmap_kernel_l2ptp_phys;
395 static int pv_entry_count=0, pv_entry_max=0, pv_entry_high_water=0;
396 static struct rwlock pvh_global_lock;
398 void pmap_copy_page_offs_generic(vm_paddr_t a_phys, vm_offset_t a_offs,
399 vm_paddr_t b_phys, vm_offset_t b_offs, int cnt);
402 * This list exists for the benefit of pmap_map_chunk(). It keeps track
403 * of the kernel L2 tables during bootstrap, so that pmap_map_chunk() can
404 * find them as necessary.
406 * Note that the data on this list MUST remain valid after initarm() returns,
407 * as pmap_bootstrap() uses it to contruct L2 table metadata.
409 SLIST_HEAD(, pv_addr) kernel_pt_list = SLIST_HEAD_INITIALIZER(kernel_pt_list);
412 pmap_init_l1(struct l1_ttable *l1, pd_entry_t *l1pt)
417 l1->l1_domain_use_count = 0;
418 l1->l1_domain_first = 0;
420 for (i = 0; i < PMAP_DOMAINS; i++)
421 l1->l1_domain_free[i] = i + 1;
424 * Copy the kernel's L1 entries to each new L1.
426 if (l1pt != kernel_pmap->pm_l1->l1_kva)
427 memcpy(l1pt, kernel_pmap->pm_l1->l1_kva, L1_TABLE_SIZE);
429 if ((l1->l1_physaddr = pmap_extract(kernel_pmap, (vm_offset_t)l1pt)) == 0)
430 panic("pmap_init_l1: can't get PA of L1 at %p", l1pt);
431 SLIST_INSERT_HEAD(&l1_list, l1, l1_link);
432 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
436 kernel_pt_lookup(vm_paddr_t pa)
440 SLIST_FOREACH(pv, &kernel_pt_list, pv_list) {
448 pmap_pte_init_generic(void)
451 pte_l1_s_cache_mode = L1_S_B|L1_S_C;
452 pte_l1_s_cache_mask = L1_S_CACHE_MASK;
454 pte_l2_l_cache_mode = L2_B|L2_C;
455 pte_l2_l_cache_mask = L2_L_CACHE_MASK;
457 pte_l2_s_cache_mode = L2_B|L2_C;
458 pte_l2_s_cache_mask = L2_S_CACHE_MASK;
461 * If we have a write-through cache, set B and C. If
462 * we have a write-back cache, then we assume setting
463 * only C will make those pages write-through.
465 if (cpufuncs.cf_dcache_wb_range == (void *) cpufunc_nullop) {
466 pte_l1_s_cache_mode_pt = L1_S_B|L1_S_C;
467 pte_l2_l_cache_mode_pt = L2_B|L2_C;
468 pte_l2_s_cache_mode_pt = L2_B|L2_C;
470 pte_l1_s_cache_mode_pt = L1_S_C;
471 pte_l2_l_cache_mode_pt = L2_C;
472 pte_l2_s_cache_mode_pt = L2_C;
477 * Allocate an L1 translation table for the specified pmap.
478 * This is called at pmap creation time.
481 pmap_alloc_l1(pmap_t pm)
483 struct l1_ttable *l1;
487 * Remove the L1 at the head of the LRU list
489 mtx_lock(&l1_lru_lock);
490 l1 = TAILQ_FIRST(&l1_lru_list);
491 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
494 * Pick the first available domain number, and update
495 * the link to the next number.
497 domain = l1->l1_domain_first;
498 l1->l1_domain_first = l1->l1_domain_free[domain];
501 * If there are still free domain numbers in this L1,
502 * put it back on the TAIL of the LRU list.
504 if (++l1->l1_domain_use_count < PMAP_DOMAINS)
505 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
507 mtx_unlock(&l1_lru_lock);
510 * Fix up the relevant bits in the pmap structure
513 pm->pm_domain = domain + 1;
517 * Free an L1 translation table.
518 * This is called at pmap destruction time.
521 pmap_free_l1(pmap_t pm)
523 struct l1_ttable *l1 = pm->pm_l1;
525 mtx_lock(&l1_lru_lock);
528 * If this L1 is currently on the LRU list, remove it.
530 if (l1->l1_domain_use_count < PMAP_DOMAINS)
531 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
534 * Free up the domain number which was allocated to the pmap
536 l1->l1_domain_free[pm->pm_domain - 1] = l1->l1_domain_first;
537 l1->l1_domain_first = pm->pm_domain - 1;
538 l1->l1_domain_use_count--;
541 * The L1 now must have at least 1 free domain, so add
542 * it back to the LRU list. If the use count is zero,
543 * put it at the head of the list, otherwise it goes
546 if (l1->l1_domain_use_count == 0) {
547 TAILQ_INSERT_HEAD(&l1_lru_list, l1, l1_lru);
549 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
551 mtx_unlock(&l1_lru_lock);
555 * Returns a pointer to the L2 bucket associated with the specified pmap
556 * and VA, or NULL if no L2 bucket exists for the address.
558 static PMAP_INLINE struct l2_bucket *
559 pmap_get_l2_bucket(pmap_t pm, vm_offset_t va)
561 struct l2_dtable *l2;
562 struct l2_bucket *l2b;
567 if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL ||
568 (l2b = &l2->l2_bucket[L2_BUCKET(l1idx)])->l2b_kva == NULL)
575 * Returns a pointer to the L2 bucket associated with the specified pmap
578 * If no L2 bucket exists, perform the necessary allocations to put an L2
579 * bucket/page table in place.
581 * Note that if a new L2 bucket/page was allocated, the caller *must*
582 * increment the bucket occupancy counter appropriately *before*
583 * releasing the pmap's lock to ensure no other thread or cpu deallocates
584 * the bucket/page in the meantime.
586 static struct l2_bucket *
587 pmap_alloc_l2_bucket(pmap_t pm, vm_offset_t va)
589 struct l2_dtable *l2;
590 struct l2_bucket *l2b;
595 PMAP_ASSERT_LOCKED(pm);
596 rw_assert(&pvh_global_lock, RA_WLOCKED);
597 if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL) {
599 * No mapping at this address, as there is
600 * no entry in the L1 table.
601 * Need to allocate a new l2_dtable.
604 rw_wunlock(&pvh_global_lock);
605 if ((l2 = uma_zalloc(l2table_zone, M_NOWAIT)) == NULL) {
606 rw_wlock(&pvh_global_lock);
610 rw_wlock(&pvh_global_lock);
612 if (pm->pm_l2[L2_IDX(l1idx)] != NULL) {
614 * Someone already allocated the l2_dtable while
615 * we were doing the same.
617 uma_zfree(l2table_zone, l2);
618 l2 = pm->pm_l2[L2_IDX(l1idx)];
620 bzero(l2, sizeof(*l2));
622 * Link it into the parent pmap
624 pm->pm_l2[L2_IDX(l1idx)] = l2;
628 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
631 * Fetch pointer to the L2 page table associated with the address.
633 if (l2b->l2b_kva == NULL) {
637 * No L2 page table has been allocated. Chances are, this
638 * is because we just allocated the l2_dtable, above.
642 rw_wunlock(&pvh_global_lock);
643 ptep = uma_zalloc(l2zone, M_NOWAIT);
644 rw_wlock(&pvh_global_lock);
646 if (l2b->l2b_kva != NULL) {
647 /* We lost the race. */
649 uma_zfree(l2zone, ptep);
652 l2b->l2b_phys = vtophys(ptep);
655 * Oops, no more L2 page tables available at this
656 * time. We may need to deallocate the l2_dtable
657 * if we allocated a new one above.
660 if (l2->l2_occupancy == 0) {
661 pm->pm_l2[L2_IDX(l1idx)] = NULL;
662 uma_zfree(l2table_zone, l2);
668 l2b->l2b_l1idx = l1idx;
674 static PMAP_INLINE void
675 #ifndef PMAP_INCLUDE_PTE_SYNC
676 pmap_free_l2_ptp(pt_entry_t *l2)
678 pmap_free_l2_ptp(boolean_t need_sync, pt_entry_t *l2)
681 #ifdef PMAP_INCLUDE_PTE_SYNC
683 * Note: With a write-back cache, we may need to sync this
684 * L2 table before re-using it.
685 * This is because it may have belonged to a non-current
686 * pmap, in which case the cache syncs would have been
687 * skipped when the pages were being unmapped. If the
688 * L2 table were then to be immediately re-allocated to
689 * the *current* pmap, it may well contain stale mappings
690 * which have not yet been cleared by a cache write-back
691 * and so would still be visible to the mmu.
694 PTE_SYNC_RANGE(l2, L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
696 uma_zfree(l2zone, l2);
699 * One or more mappings in the specified L2 descriptor table have just been
702 * Garbage collect the metadata and descriptor table itself if necessary.
704 * The pmap lock must be acquired when this is called (not necessary
705 * for the kernel pmap).
708 pmap_free_l2_bucket(pmap_t pm, struct l2_bucket *l2b, u_int count)
710 struct l2_dtable *l2;
711 pd_entry_t *pl1pd, l1pd;
716 * Update the bucket's reference count according to how many
717 * PTEs the caller has just invalidated.
719 l2b->l2b_occupancy -= count;
724 * Level 2 page tables allocated to the kernel pmap are never freed
725 * as that would require checking all Level 1 page tables and
726 * removing any references to the Level 2 page table. See also the
727 * comment elsewhere about never freeing bootstrap L2 descriptors.
729 * We make do with just invalidating the mapping in the L2 table.
731 * This isn't really a big deal in practice and, in fact, leads
732 * to a performance win over time as we don't need to continually
735 if (l2b->l2b_occupancy > 0 || pm == kernel_pmap)
739 * There are no more valid mappings in this level 2 page table.
740 * Go ahead and NULL-out the pointer in the bucket, then
741 * free the page table.
743 l1idx = l2b->l2b_l1idx;
747 pl1pd = &pm->pm_l1->l1_kva[l1idx];
750 * If the L1 slot matches the pmap's domain
751 * number, then invalidate it.
753 l1pd = *pl1pd & (L1_TYPE_MASK | L1_C_DOM_MASK);
754 if (l1pd == (L1_C_DOM(pm->pm_domain) | L1_TYPE_C)) {
760 * Release the L2 descriptor table back to the pool cache.
762 #ifndef PMAP_INCLUDE_PTE_SYNC
763 pmap_free_l2_ptp(ptep);
765 pmap_free_l2_ptp(!pmap_is_current(pm), ptep);
769 * Update the reference count in the associated l2_dtable
771 l2 = pm->pm_l2[L2_IDX(l1idx)];
772 if (--l2->l2_occupancy > 0)
776 * There are no more valid mappings in any of the Level 1
777 * slots managed by this l2_dtable. Go ahead and NULL-out
778 * the pointer in the parent pmap and free the l2_dtable.
780 pm->pm_l2[L2_IDX(l1idx)] = NULL;
781 uma_zfree(l2table_zone, l2);
785 * Pool cache constructors for L2 descriptor tables, metadata and pmap
789 pmap_l2ptp_ctor(void *mem, int size, void *arg, int flags)
791 #ifndef PMAP_INCLUDE_PTE_SYNC
792 struct l2_bucket *l2b;
793 pt_entry_t *ptep, pte;
795 vm_offset_t va = (vm_offset_t)mem & ~PAGE_MASK;
798 * The mappings for these page tables were initially made using
799 * pmap_kenter() by the pool subsystem. Therefore, the cache-
800 * mode will not be right for page table mappings. To avoid
801 * polluting the pmap_kenter() code with a special case for
802 * page tables, we simply fix up the cache-mode here if it's not
805 l2b = pmap_get_l2_bucket(kernel_pmap, va);
806 ptep = &l2b->l2b_kva[l2pte_index(va)];
809 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
811 * Page tables must have the cache-mode set to
814 *ptep = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
816 cpu_tlb_flushD_SE(va);
820 memset(mem, 0, L2_TABLE_SIZE_REAL);
821 PTE_SYNC_RANGE(mem, L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
826 * A bunch of routines to conditionally flush the caches/TLB depending
827 * on whether the specified pmap actually needs to be flushed at any
830 static PMAP_INLINE void
831 pmap_tlb_flushID_SE(pmap_t pm, vm_offset_t va)
834 if (pmap_is_current(pm))
835 cpu_tlb_flushID_SE(va);
838 static PMAP_INLINE void
839 pmap_tlb_flushD_SE(pmap_t pm, vm_offset_t va)
842 if (pmap_is_current(pm))
843 cpu_tlb_flushD_SE(va);
846 static PMAP_INLINE void
847 pmap_tlb_flushID(pmap_t pm)
850 if (pmap_is_current(pm))
853 static PMAP_INLINE void
854 pmap_tlb_flushD(pmap_t pm)
857 if (pmap_is_current(pm))
862 pmap_has_valid_mapping(pmap_t pm, vm_offset_t va)
867 if (pmap_get_pde_pte(pm, va, &pde, &ptep) &&
868 ptep && ((*ptep & L2_TYPE_MASK) != L2_TYPE_INV))
874 static PMAP_INLINE void
875 pmap_idcache_wbinv_range(pmap_t pm, vm_offset_t va, vm_size_t len)
879 CTR4(KTR_PMAP, "pmap_dcache_wbinv_range: pmap %p is_kernel %d va 0x%08x"
880 " len 0x%x ", pm, pm == kernel_pmap, va, len);
882 if (pmap_is_current(pm) || pm == kernel_pmap) {
883 rest = MIN(PAGE_SIZE - (va & PAGE_MASK), len);
885 if (pmap_has_valid_mapping(pm, va)) {
886 cpu_idcache_wbinv_range(va, rest);
887 cpu_l2cache_wbinv_range(va, rest);
891 rest = MIN(PAGE_SIZE, len);
896 static PMAP_INLINE void
897 pmap_dcache_wb_range(pmap_t pm, vm_offset_t va, vm_size_t len, boolean_t do_inv,
902 CTR4(KTR_PMAP, "pmap_dcache_wb_range: pmap %p is_kernel %d va 0x%08x "
903 "len 0x%x ", pm, pm == kernel_pmap, va, len);
904 CTR2(KTR_PMAP, " do_inv %d rd_only %d", do_inv, rd_only);
906 if (pmap_is_current(pm)) {
907 rest = MIN(PAGE_SIZE - (va & PAGE_MASK), len);
909 if (pmap_has_valid_mapping(pm, va)) {
910 if (do_inv && rd_only) {
911 cpu_dcache_inv_range(va, rest);
912 cpu_l2cache_inv_range(va, rest);
914 cpu_dcache_wbinv_range(va, rest);
915 cpu_l2cache_wbinv_range(va, rest);
916 } else if (!rd_only) {
917 cpu_dcache_wb_range(va, rest);
918 cpu_l2cache_wb_range(va, rest);
924 rest = MIN(PAGE_SIZE, len);
929 static PMAP_INLINE void
930 pmap_idcache_wbinv_all(pmap_t pm)
933 if (pmap_is_current(pm)) {
934 cpu_idcache_wbinv_all();
935 cpu_l2cache_wbinv_all();
940 static PMAP_INLINE void
941 pmap_dcache_wbinv_all(pmap_t pm)
944 if (pmap_is_current(pm)) {
945 cpu_dcache_wbinv_all();
946 cpu_l2cache_wbinv_all();
954 * Make sure the pte is written out to RAM.
955 * We need to do this for one of two cases:
956 * - We're dealing with the kernel pmap
957 * - There is no pmap active in the cache/tlb.
958 * - The specified pmap is 'active' in the cache/tlb.
960 #ifdef PMAP_INCLUDE_PTE_SYNC
961 #define PTE_SYNC_CURRENT(pm, ptep) \
963 if (PMAP_NEEDS_PTE_SYNC && \
964 pmap_is_current(pm)) \
966 } while (/*CONSTCOND*/0)
968 #define PTE_SYNC_CURRENT(pm, ptep) /* nothing */
972 * cacheable == -1 means we must make the entry uncacheable, 1 means
976 pmap_set_cache_entry(pv_entry_t pv, pmap_t pm, vm_offset_t va, int cacheable)
978 struct l2_bucket *l2b;
979 pt_entry_t *ptep, pte;
981 l2b = pmap_get_l2_bucket(pv->pv_pmap, pv->pv_va);
982 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
984 if (cacheable == 1) {
985 pte = (*ptep & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode;
986 if (l2pte_valid(pte)) {
987 if (PV_BEEN_EXECD(pv->pv_flags)) {
988 pmap_tlb_flushID_SE(pv->pv_pmap, pv->pv_va);
989 } else if (PV_BEEN_REFD(pv->pv_flags)) {
990 pmap_tlb_flushD_SE(pv->pv_pmap, pv->pv_va);
994 pte = *ptep &~ L2_S_CACHE_MASK;
995 if ((va != pv->pv_va || pm != pv->pv_pmap) &&
997 if (PV_BEEN_EXECD(pv->pv_flags)) {
998 pmap_idcache_wbinv_range(pv->pv_pmap,
999 pv->pv_va, PAGE_SIZE);
1000 pmap_tlb_flushID_SE(pv->pv_pmap, pv->pv_va);
1001 } else if (PV_BEEN_REFD(pv->pv_flags)) {
1002 pmap_dcache_wb_range(pv->pv_pmap,
1003 pv->pv_va, PAGE_SIZE, TRUE,
1004 (pv->pv_flags & PVF_WRITE) == 0);
1005 pmap_tlb_flushD_SE(pv->pv_pmap,
1011 PTE_SYNC_CURRENT(pv->pv_pmap, ptep);
1015 pmap_fix_cache(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1018 int writable = 0, kwritable = 0, uwritable = 0;
1019 int entries = 0, kentries = 0, uentries = 0;
1020 struct pv_entry *pv;
1022 rw_assert(&pvh_global_lock, RA_WLOCKED);
1024 /* the cache gets written back/invalidated on context switch.
1025 * therefore, if a user page shares an entry in the same page or
1026 * with the kernel map and at least one is writable, then the
1027 * cache entry must be set write-through.
1030 TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1031 /* generate a count of the pv_entry uses */
1032 if (pv->pv_flags & PVF_WRITE) {
1033 if (pv->pv_pmap == kernel_pmap)
1035 else if (pv->pv_pmap == pm)
1039 if (pv->pv_pmap == kernel_pmap)
1042 if (pv->pv_pmap == pm)
1048 * check if the user duplicate mapping has
1051 if ((pm != kernel_pmap) && (((uentries > 1) && uwritable) ||
1055 TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1056 /* check for user uncachable conditions - order is important */
1057 if (pm != kernel_pmap &&
1058 (pv->pv_pmap == pm || pv->pv_pmap == kernel_pmap)) {
1059 if ((uentries > 1 && uwritable) || uwritable > 1) {
1060 /* user duplicate mapping */
1061 if (pv->pv_pmap != kernel_pmap)
1062 pv->pv_flags |= PVF_MWC;
1064 if (!(pv->pv_flags & PVF_NC)) {
1065 pv->pv_flags |= PVF_NC;
1066 pmap_set_cache_entry(pv, pm, va, -1);
1069 } else /* no longer a duplicate user */
1070 pv->pv_flags &= ~PVF_MWC;
1074 * check for kernel uncachable conditions
1075 * kernel writable or kernel readable with writable user entry
1077 if ((kwritable && (entries || kentries > 1)) ||
1079 ((kwritable != writable) && kentries &&
1080 (pv->pv_pmap == kernel_pmap ||
1081 (pv->pv_flags & PVF_WRITE) ||
1082 (pv->pv_flags & PVF_MWC)))) {
1083 if (!(pv->pv_flags & PVF_NC)) {
1084 pv->pv_flags |= PVF_NC;
1085 pmap_set_cache_entry(pv, pm, va, -1);
1090 /* kernel and user are cachable */
1091 if ((pm == kernel_pmap) && !(pv->pv_flags & PVF_MWC) &&
1092 (pv->pv_flags & PVF_NC)) {
1093 pv->pv_flags &= ~PVF_NC;
1094 if (pg->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
1095 pmap_set_cache_entry(pv, pm, va, 1);
1098 /* user is no longer sharable and writable */
1099 if (pm != kernel_pmap &&
1100 (pv->pv_pmap == pm || pv->pv_pmap == kernel_pmap) &&
1101 !pmwc && (pv->pv_flags & PVF_NC)) {
1102 pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1103 if (pg->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
1104 pmap_set_cache_entry(pv, pm, va, 1);
1108 if ((kwritable == 0) && (writable == 0)) {
1109 pg->md.pvh_attrs &= ~PVF_MOD;
1110 vm_page_aflag_clear(pg, PGA_WRITEABLE);
1116 * Modify pte bits for all ptes corresponding to the given physical address.
1117 * We use `maskbits' rather than `clearbits' because we're always passing
1118 * constants and the latter would require an extra inversion at run-time.
1121 pmap_clearbit(struct vm_page *pg, u_int maskbits)
1123 struct l2_bucket *l2b;
1124 struct pv_entry *pv;
1125 pt_entry_t *ptep, npte, opte;
1131 rw_wlock(&pvh_global_lock);
1133 if (maskbits & PVF_WRITE)
1134 maskbits |= PVF_MOD;
1136 * Clear saved attributes (modify, reference)
1138 pg->md.pvh_attrs &= ~(maskbits & (PVF_MOD | PVF_REF));
1140 if (TAILQ_EMPTY(&pg->md.pv_list)) {
1141 rw_wunlock(&pvh_global_lock);
1146 * Loop over all current mappings setting/clearing as appropos
1148 TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1151 oflags = pv->pv_flags;
1153 if (!(oflags & maskbits)) {
1154 if ((maskbits & PVF_WRITE) && (pv->pv_flags & PVF_NC)) {
1155 if (pg->md.pv_memattr !=
1156 VM_MEMATTR_UNCACHEABLE) {
1158 l2b = pmap_get_l2_bucket(pm, va);
1159 ptep = &l2b->l2b_kva[l2pte_index(va)];
1160 *ptep |= pte_l2_s_cache_mode;
1164 pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1168 pv->pv_flags &= ~maskbits;
1172 l2b = pmap_get_l2_bucket(pm, va);
1174 ptep = &l2b->l2b_kva[l2pte_index(va)];
1175 npte = opte = *ptep;
1177 if (maskbits & (PVF_WRITE|PVF_MOD)) {
1178 if ((pv->pv_flags & PVF_NC)) {
1180 * Entry is not cacheable:
1182 * Don't turn caching on again if this is a
1183 * modified emulation. This would be
1184 * inconsistent with the settings created by
1185 * pmap_fix_cache(). Otherwise, it's safe
1186 * to re-enable caching.
1188 * There's no need to call pmap_fix_cache()
1189 * here: all pages are losing their write
1192 if (maskbits & PVF_WRITE) {
1193 if (pg->md.pv_memattr !=
1194 VM_MEMATTR_UNCACHEABLE)
1195 npte |= pte_l2_s_cache_mode;
1196 pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1199 if (opte & L2_S_PROT_W) {
1202 * Entry is writable/cacheable: check if pmap
1203 * is current if it is flush it, otherwise it
1204 * won't be in the cache
1206 if (PV_BEEN_EXECD(oflags))
1207 pmap_idcache_wbinv_range(pm, pv->pv_va,
1210 if (PV_BEEN_REFD(oflags))
1211 pmap_dcache_wb_range(pm, pv->pv_va,
1213 (maskbits & PVF_REF) ? TRUE : FALSE,
1217 /* make the pte read only */
1218 npte &= ~L2_S_PROT_W;
1221 if (maskbits & PVF_REF) {
1222 if ((pv->pv_flags & PVF_NC) == 0 &&
1223 (maskbits & (PVF_WRITE|PVF_MOD)) == 0) {
1225 * Check npte here; we may have already
1226 * done the wbinv above, and the validity
1227 * of the PTE is the same for opte and
1230 if (npte & L2_S_PROT_W) {
1231 if (PV_BEEN_EXECD(oflags))
1232 pmap_idcache_wbinv_range(pm,
1233 pv->pv_va, PAGE_SIZE);
1235 if (PV_BEEN_REFD(oflags))
1236 pmap_dcache_wb_range(pm,
1237 pv->pv_va, PAGE_SIZE,
1240 if ((npte & L2_TYPE_MASK) != L2_TYPE_INV) {
1241 /* XXXJRT need idcache_inv_range */
1242 if (PV_BEEN_EXECD(oflags))
1243 pmap_idcache_wbinv_range(pm,
1244 pv->pv_va, PAGE_SIZE);
1246 if (PV_BEEN_REFD(oflags))
1247 pmap_dcache_wb_range(pm,
1248 pv->pv_va, PAGE_SIZE,
1254 * Make the PTE invalid so that we will take a
1255 * page fault the next time the mapping is
1258 npte &= ~L2_TYPE_MASK;
1259 npte |= L2_TYPE_INV;
1266 /* Flush the TLB entry if a current pmap. */
1267 if (PV_BEEN_EXECD(oflags))
1268 pmap_tlb_flushID_SE(pm, pv->pv_va);
1270 if (PV_BEEN_REFD(oflags))
1271 pmap_tlb_flushD_SE(pm, pv->pv_va);
1277 if (maskbits & PVF_WRITE)
1278 vm_page_aflag_clear(pg, PGA_WRITEABLE);
1279 rw_wunlock(&pvh_global_lock);
1284 * main pv_entry manipulation functions:
1285 * pmap_enter_pv: enter a mapping onto a vm_page list
1286 * pmap_remove_pv: remove a mappiing from a vm_page list
1288 * NOTE: pmap_enter_pv expects to lock the pvh itself
1289 * pmap_remove_pv expects the caller to lock the pvh before calling
1293 * pmap_enter_pv: enter a mapping onto a vm_page's PV list
1295 * => caller should hold the proper lock on pvh_global_lock
1296 * => caller should have pmap locked
1297 * => we will (someday) gain the lock on the vm_page's PV list
1298 * => caller should adjust ptp's wire_count before calling
1299 * => caller should not adjust pmap's wire_count
1302 pmap_enter_pv(struct vm_page *pg, struct pv_entry *pve, pmap_t pm,
1303 vm_offset_t va, u_int flags)
1306 rw_assert(&pvh_global_lock, RA_WLOCKED);
1307 PMAP_ASSERT_LOCKED(pm);
1308 if (pg->md.pv_kva != 0) {
1309 pve->pv_pmap = kernel_pmap;
1310 pve->pv_va = pg->md.pv_kva;
1311 pve->pv_flags = PVF_WRITE | PVF_UNMAN;
1312 if (pm != kernel_pmap)
1313 PMAP_LOCK(kernel_pmap);
1314 TAILQ_INSERT_HEAD(&pg->md.pv_list, pve, pv_list);
1315 TAILQ_INSERT_HEAD(&kernel_pmap->pm_pvlist, pve, pv_plist);
1316 if (pm != kernel_pmap)
1317 PMAP_UNLOCK(kernel_pmap);
1319 if ((pve = pmap_get_pv_entry()) == NULL)
1320 panic("pmap_kenter_pv: no pv entries");
1324 pve->pv_flags = flags;
1325 TAILQ_INSERT_HEAD(&pg->md.pv_list, pve, pv_list);
1326 TAILQ_INSERT_HEAD(&pm->pm_pvlist, pve, pv_plist);
1327 pg->md.pvh_attrs |= flags & (PVF_REF | PVF_MOD);
1328 if (pve->pv_flags & PVF_WIRED)
1329 ++pm->pm_stats.wired_count;
1330 vm_page_aflag_set(pg, PGA_REFERENCED);
1335 * pmap_find_pv: Find a pv entry
1337 * => caller should hold lock on vm_page
1339 static PMAP_INLINE struct pv_entry *
1340 pmap_find_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1342 struct pv_entry *pv;
1344 rw_assert(&pvh_global_lock, RA_WLOCKED);
1345 TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list)
1346 if (pm == pv->pv_pmap && va == pv->pv_va)
1352 * vector_page_setprot:
1354 * Manipulate the protection of the vector page.
1357 vector_page_setprot(int prot)
1359 struct l2_bucket *l2b;
1362 l2b = pmap_get_l2_bucket(kernel_pmap, vector_page);
1364 ptep = &l2b->l2b_kva[l2pte_index(vector_page)];
1366 *ptep = (*ptep & ~L1_S_PROT_MASK) | L2_S_PROT(PTE_KERNEL, prot);
1368 cpu_tlb_flushD_SE(vector_page);
1373 * pmap_remove_pv: try to remove a mapping from a pv_list
1375 * => caller should hold proper lock on pmap_main_lock
1376 * => pmap should be locked
1377 * => caller should hold lock on vm_page [so that attrs can be adjusted]
1378 * => caller should adjust ptp's wire_count and free PTP if needed
1379 * => caller should NOT adjust pmap's wire_count
1380 * => we return the removed pve
1384 pmap_nuke_pv(struct vm_page *pg, pmap_t pm, struct pv_entry *pve)
1387 struct pv_entry *pv;
1388 rw_assert(&pvh_global_lock, RA_WLOCKED);
1389 PMAP_ASSERT_LOCKED(pm);
1390 TAILQ_REMOVE(&pg->md.pv_list, pve, pv_list);
1391 TAILQ_REMOVE(&pm->pm_pvlist, pve, pv_plist);
1392 if (pve->pv_flags & PVF_WIRED)
1393 --pm->pm_stats.wired_count;
1394 if (pg->md.pvh_attrs & PVF_MOD)
1396 if (TAILQ_FIRST(&pg->md.pv_list) == NULL)
1397 pg->md.pvh_attrs &= ~PVF_REF;
1399 vm_page_aflag_set(pg, PGA_REFERENCED);
1400 if ((pve->pv_flags & PVF_NC) && ((pm == kernel_pmap) ||
1401 (pve->pv_flags & PVF_WRITE) || !(pve->pv_flags & PVF_MWC)))
1402 pmap_fix_cache(pg, pm, 0);
1403 else if (pve->pv_flags & PVF_WRITE) {
1404 TAILQ_FOREACH(pve, &pg->md.pv_list, pv_list)
1405 if (pve->pv_flags & PVF_WRITE)
1408 pg->md.pvh_attrs &= ~PVF_MOD;
1409 vm_page_aflag_clear(pg, PGA_WRITEABLE);
1412 pv = TAILQ_FIRST(&pg->md.pv_list);
1413 if (pv != NULL && (pv->pv_flags & PVF_UNMAN) &&
1414 TAILQ_NEXT(pv, pv_list) == NULL) {
1416 pg->md.pv_kva = pv->pv_va;
1417 /* a recursive pmap_nuke_pv */
1418 TAILQ_REMOVE(&pg->md.pv_list, pv, pv_list);
1419 TAILQ_REMOVE(&pm->pm_pvlist, pv, pv_plist);
1420 if (pv->pv_flags & PVF_WIRED)
1421 --pm->pm_stats.wired_count;
1422 pg->md.pvh_attrs &= ~PVF_REF;
1423 pg->md.pvh_attrs &= ~PVF_MOD;
1424 vm_page_aflag_clear(pg, PGA_WRITEABLE);
1425 pmap_free_pv_entry(pv);
1429 static struct pv_entry *
1430 pmap_remove_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1432 struct pv_entry *pve;
1434 rw_assert(&pvh_global_lock, RA_WLOCKED);
1435 pve = TAILQ_FIRST(&pg->md.pv_list);
1438 if (pve->pv_pmap == pm && pve->pv_va == va) { /* match? */
1439 pmap_nuke_pv(pg, pm, pve);
1442 pve = TAILQ_NEXT(pve, pv_list);
1445 if (pve == NULL && pg->md.pv_kva == va)
1448 return(pve); /* return removed pve */
1452 * pmap_modify_pv: Update pv flags
1454 * => caller should hold lock on vm_page [so that attrs can be adjusted]
1455 * => caller should NOT adjust pmap's wire_count
1456 * => we return the old flags
1458 * Modify a physical-virtual mapping in the pv table
1461 pmap_modify_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va,
1462 u_int clr_mask, u_int set_mask)
1464 struct pv_entry *npv;
1465 u_int flags, oflags;
1467 PMAP_ASSERT_LOCKED(pm);
1468 rw_assert(&pvh_global_lock, RA_WLOCKED);
1469 if ((npv = pmap_find_pv(pg, pm, va)) == NULL)
1473 * There is at least one VA mapping this page.
1476 if (clr_mask & (PVF_REF | PVF_MOD))
1477 pg->md.pvh_attrs |= set_mask & (PVF_REF | PVF_MOD);
1479 oflags = npv->pv_flags;
1480 npv->pv_flags = flags = (oflags & ~clr_mask) | set_mask;
1482 if ((flags ^ oflags) & PVF_WIRED) {
1483 if (flags & PVF_WIRED)
1484 ++pm->pm_stats.wired_count;
1486 --pm->pm_stats.wired_count;
1489 if ((flags ^ oflags) & PVF_WRITE)
1490 pmap_fix_cache(pg, pm, 0);
1495 /* Function to set the debug level of the pmap code */
1498 pmap_debug(int level)
1500 pmap_debug_level = level;
1501 dprintf("pmap_debug: level=%d\n", pmap_debug_level);
1503 #endif /* PMAP_DEBUG */
1506 pmap_pinit0(struct pmap *pmap)
1508 PDEBUG(1, printf("pmap_pinit0: pmap = %08x\n", (u_int32_t) pmap));
1510 bcopy(kernel_pmap, pmap, sizeof(*pmap));
1511 bzero(&pmap->pm_mtx, sizeof(pmap->pm_mtx));
1512 PMAP_LOCK_INIT(pmap);
1516 * Initialize a vm_page's machine-dependent fields.
1519 pmap_page_init(vm_page_t m)
1522 TAILQ_INIT(&m->md.pv_list);
1523 m->md.pv_memattr = VM_MEMATTR_DEFAULT;
1524 m->md.pvh_attrs = 0;
1529 * Initialize the pmap module.
1530 * Called by vm_init, to initialize any structures that the pmap
1531 * system needs to map virtual memory.
1536 int shpgperproc = PMAP_SHPGPERPROC;
1538 l2zone = uma_zcreate("L2 Table", L2_TABLE_SIZE_REAL, pmap_l2ptp_ctor,
1539 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1540 l2table_zone = uma_zcreate("L2 Table", sizeof(struct l2_dtable), NULL,
1541 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1544 * Initialize the PV entry allocator.
1546 pvzone = uma_zcreate("PV ENTRY", sizeof (struct pv_entry), NULL, NULL,
1547 NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1548 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
1549 pv_entry_max = shpgperproc * maxproc + vm_cnt.v_page_count;
1550 uma_zone_reserve_kva(pvzone, pv_entry_max);
1551 pv_entry_high_water = 9 * (pv_entry_max / 10);
1554 * Now it is safe to enable pv_table recording.
1556 PDEBUG(1, printf("pmap_init: done!\n"));
1560 pmap_fault_fixup(pmap_t pm, vm_offset_t va, vm_prot_t ftype, int user)
1562 struct l2_dtable *l2;
1563 struct l2_bucket *l2b;
1564 pd_entry_t *pl1pd, l1pd;
1565 pt_entry_t *ptep, pte;
1571 rw_wlock(&pvh_global_lock);
1575 * If there is no l2_dtable for this address, then the process
1576 * has no business accessing it.
1578 * Note: This will catch userland processes trying to access
1581 l2 = pm->pm_l2[L2_IDX(l1idx)];
1586 * Likewise if there is no L2 descriptor table
1588 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
1589 if (l2b->l2b_kva == NULL)
1593 * Check the PTE itself.
1595 ptep = &l2b->l2b_kva[l2pte_index(va)];
1601 * Catch a userland access to the vector page mapped at 0x0
1603 if (user && (pte & L2_S_PROT_U) == 0)
1605 if (va == vector_page)
1610 if ((ftype & VM_PROT_WRITE) && (pte & L2_S_PROT_W) == 0) {
1612 * This looks like a good candidate for "page modified"
1615 struct pv_entry *pv;
1618 /* Extract the physical address of the page */
1619 if ((pg = PHYS_TO_VM_PAGE(pa)) == NULL) {
1622 /* Get the current flags for this page. */
1624 pv = pmap_find_pv(pg, pm, va);
1630 * Do the flags say this page is writable? If not then it
1631 * is a genuine write fault. If yes then the write fault is
1632 * our fault as we did not reflect the write access in the
1633 * PTE. Now we know a write has occurred we can correct this
1634 * and also set the modified bit
1636 if ((pv->pv_flags & PVF_WRITE) == 0) {
1640 pg->md.pvh_attrs |= PVF_REF | PVF_MOD;
1642 pv->pv_flags |= PVF_REF | PVF_MOD;
1645 * Re-enable write permissions for the page. No need to call
1646 * pmap_fix_cache(), since this is just a
1647 * modified-emulation fault, and the PVF_WRITE bit isn't
1648 * changing. We've already set the cacheable bits based on
1649 * the assumption that we can write to this page.
1651 *ptep = (pte & ~L2_TYPE_MASK) | L2_S_PROTO | L2_S_PROT_W;
1655 if ((pte & L2_TYPE_MASK) == L2_TYPE_INV) {
1657 * This looks like a good candidate for "page referenced"
1660 struct pv_entry *pv;
1663 /* Extract the physical address of the page */
1664 if ((pg = PHYS_TO_VM_PAGE(pa)) == NULL)
1666 /* Get the current flags for this page. */
1668 pv = pmap_find_pv(pg, pm, va);
1672 pg->md.pvh_attrs |= PVF_REF;
1673 pv->pv_flags |= PVF_REF;
1675 *ptep = (pte & ~L2_TYPE_MASK) | L2_S_PROTO;
1681 * We know there is a valid mapping here, so simply
1682 * fix up the L1 if necessary.
1684 pl1pd = &pm->pm_l1->l1_kva[l1idx];
1685 l1pd = l2b->l2b_phys | L1_C_DOM(pm->pm_domain) | L1_C_PROTO;
1686 if (*pl1pd != l1pd) {
1694 * If 'rv == 0' at this point, it generally indicates that there is a
1695 * stale TLB entry for the faulting address. This happens when two or
1696 * more processes are sharing an L1. Since we don't flush the TLB on
1697 * a context switch between such processes, we can take domain faults
1698 * for mappings which exist at the same VA in both processes. EVEN IF
1699 * WE'VE RECENTLY FIXED UP THE CORRESPONDING L1 in pmap_enter(), for
1702 * This is extremely likely to happen if pmap_enter() updated the L1
1703 * entry for a recently entered mapping. In this case, the TLB is
1704 * flushed for the new mapping, but there may still be TLB entries for
1705 * other mappings belonging to other processes in the 1MB range
1706 * covered by the L1 entry.
1708 * Since 'rv == 0', we know that the L1 already contains the correct
1709 * value, so the fault must be due to a stale TLB entry.
1711 * Since we always need to flush the TLB anyway in the case where we
1712 * fixed up the L1, or frobbed the L2 PTE, we effectively deal with
1713 * stale TLB entries dynamically.
1715 * However, the above condition can ONLY happen if the current L1 is
1716 * being shared. If it happens when the L1 is unshared, it indicates
1717 * that other parts of the pmap are not doing their job WRT managing
1720 if (rv == 0 && pm->pm_l1->l1_domain_use_count == 1) {
1721 printf("fixup: pm %p, va 0x%lx, ftype %d - nothing to do!\n",
1722 pm, (u_long)va, ftype);
1723 printf("fixup: l2 %p, l2b %p, ptep %p, pl1pd %p\n",
1724 l2, l2b, ptep, pl1pd);
1725 printf("fixup: pte 0x%x, l1pd 0x%x, last code 0x%x\n",
1726 pte, l1pd, last_fault_code);
1733 cpu_tlb_flushID_SE(va);
1739 rw_wunlock(&pvh_global_lock);
1747 struct l2_bucket *l2b;
1748 struct l1_ttable *l1;
1750 pt_entry_t *ptep, pte;
1751 vm_offset_t va, eva;
1754 needed = (maxproc / PMAP_DOMAINS) + ((maxproc % PMAP_DOMAINS) ? 1 : 0);
1756 l1 = malloc(sizeof(*l1) * needed, M_VMPMAP, M_WAITOK);
1758 for (loop = 0; loop < needed; loop++, l1++) {
1759 /* Allocate a L1 page table */
1760 va = (vm_offset_t)contigmalloc(L1_TABLE_SIZE, M_VMPMAP, 0, 0x0,
1761 0xffffffff, L1_TABLE_SIZE, 0);
1764 panic("Cannot allocate L1 KVM");
1766 eva = va + L1_TABLE_SIZE;
1767 pl1pt = (pd_entry_t *)va;
1770 l2b = pmap_get_l2_bucket(kernel_pmap, va);
1771 ptep = &l2b->l2b_kva[l2pte_index(va)];
1773 pte = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
1776 cpu_tlb_flushD_SE(va);
1780 pmap_init_l1(l1, pl1pt);
1784 printf("pmap_postinit: Allocated %d static L1 descriptor tables\n",
1790 * This is used to stuff certain critical values into the PCB where they
1791 * can be accessed quickly from cpu_switch() et al.
1794 pmap_set_pcb_pagedir(pmap_t pm, struct pcb *pcb)
1796 struct l2_bucket *l2b;
1798 pcb->pcb_pagedir = pm->pm_l1->l1_physaddr;
1799 pcb->pcb_dacr = (DOMAIN_CLIENT << (PMAP_DOMAIN_KERNEL * 2)) |
1800 (DOMAIN_CLIENT << (pm->pm_domain * 2));
1802 if (vector_page < KERNBASE) {
1803 pcb->pcb_pl1vec = &pm->pm_l1->l1_kva[L1_IDX(vector_page)];
1804 l2b = pmap_get_l2_bucket(pm, vector_page);
1805 pcb->pcb_l1vec = l2b->l2b_phys | L1_C_PROTO |
1806 L1_C_DOM(pm->pm_domain) | L1_C_DOM(PMAP_DOMAIN_KERNEL);
1808 pcb->pcb_pl1vec = NULL;
1812 pmap_activate(struct thread *td)
1817 pm = vmspace_pmap(td->td_proc->p_vmspace);
1821 pmap_set_pcb_pagedir(pm, pcb);
1823 if (td == curthread) {
1824 u_int cur_dacr, cur_ttb;
1826 __asm __volatile("mrc p15, 0, %0, c2, c0, 0" : "=r"(cur_ttb));
1827 __asm __volatile("mrc p15, 0, %0, c3, c0, 0" : "=r"(cur_dacr));
1829 cur_ttb &= ~(L1_TABLE_SIZE - 1);
1831 if (cur_ttb == (u_int)pcb->pcb_pagedir &&
1832 cur_dacr == pcb->pcb_dacr) {
1834 * No need to switch address spaces.
1841 * We MUST, I repeat, MUST fix up the L1 entry corresponding
1842 * to 'vector_page' in the incoming L1 table before switching
1843 * to it otherwise subsequent interrupts/exceptions (including
1844 * domain faults!) will jump into hyperspace.
1846 if (pcb->pcb_pl1vec) {
1847 *pcb->pcb_pl1vec = pcb->pcb_l1vec;
1849 * Don't need to PTE_SYNC() at this point since
1850 * cpu_setttb() is about to flush both the cache
1855 cpu_domains(pcb->pcb_dacr);
1856 cpu_setttb(pcb->pcb_pagedir);
1862 pmap_set_pt_cache_mode(pd_entry_t *kl1, vm_offset_t va)
1864 pd_entry_t *pdep, pde;
1865 pt_entry_t *ptep, pte;
1870 * Make sure the descriptor itself has the correct cache mode
1872 pdep = &kl1[L1_IDX(va)];
1875 if (l1pte_section_p(pde)) {
1876 if ((pde & L1_S_CACHE_MASK) != pte_l1_s_cache_mode_pt) {
1877 *pdep = (pde & ~L1_S_CACHE_MASK) |
1878 pte_l1_s_cache_mode_pt;
1880 cpu_dcache_wbinv_range((vm_offset_t)pdep,
1882 cpu_l2cache_wbinv_range((vm_offset_t)pdep,
1887 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1888 ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1890 panic("pmap_bootstrap: No L2 for L2 @ va %p\n", ptep);
1892 ptep = &ptep[l2pte_index(va)];
1894 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
1895 *ptep = (pte & ~L2_S_CACHE_MASK) |
1896 pte_l2_s_cache_mode_pt;
1898 cpu_dcache_wbinv_range((vm_offset_t)ptep,
1900 cpu_l2cache_wbinv_range((vm_offset_t)ptep,
1910 pmap_alloc_specials(vm_offset_t *availp, int pages, vm_offset_t *vap,
1913 vm_offset_t va = *availp;
1914 struct l2_bucket *l2b;
1917 l2b = pmap_get_l2_bucket(kernel_pmap, va);
1919 panic("pmap_alloc_specials: no l2b for 0x%x", va);
1921 *ptep = &l2b->l2b_kva[l2pte_index(va)];
1925 *availp = va + (PAGE_SIZE * pages);
1929 * Bootstrap the system enough to run with virtual memory.
1931 * On the arm this is called after mapping has already been enabled
1932 * and just syncs the pmap module with what has already been done.
1933 * [We can't call it easily with mapping off since the kernel is not
1934 * mapped with PA == VA, hence we would have to relocate every address
1935 * from the linked base (virtual) address "KERNBASE" to the actual
1936 * (physical) address starting relative to 0]
1938 #define PMAP_STATIC_L2_SIZE 16
1940 pmap_bootstrap(vm_offset_t firstaddr, struct pv_addr *l1pt)
1942 static struct l1_ttable static_l1;
1943 static struct l2_dtable static_l2[PMAP_STATIC_L2_SIZE];
1944 struct l1_ttable *l1 = &static_l1;
1945 struct l2_dtable *l2;
1946 struct l2_bucket *l2b;
1948 pd_entry_t *kernel_l1pt = (pd_entry_t *)l1pt->pv_va;
1950 pt_entry_t *qmap_pte;
1954 int l1idx, l2idx, l2next = 0;
1956 PDEBUG(1, printf("firstaddr = %08x, lastaddr = %08x\n",
1957 firstaddr, vm_max_kernel_address));
1959 virtual_avail = firstaddr;
1960 kernel_pmap->pm_l1 = l1;
1961 kernel_l1pa = l1pt->pv_pa;
1964 * Scan the L1 translation table created by initarm() and create
1965 * the required metadata for all valid mappings found in it.
1967 for (l1idx = 0; l1idx < (L1_TABLE_SIZE / sizeof(pd_entry_t)); l1idx++) {
1968 pde = kernel_l1pt[l1idx];
1971 * We're only interested in Coarse mappings.
1972 * pmap_extract() can deal with section mappings without
1973 * recourse to checking L2 metadata.
1975 if ((pde & L1_TYPE_MASK) != L1_TYPE_C)
1979 * Lookup the KVA of this L2 descriptor table
1981 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1982 ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1985 panic("pmap_bootstrap: No L2 for va 0x%x, pa 0x%lx",
1986 (u_int)l1idx << L1_S_SHIFT, (long unsigned int)pa);
1990 * Fetch the associated L2 metadata structure.
1991 * Allocate a new one if necessary.
1993 if ((l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)]) == NULL) {
1994 if (l2next == PMAP_STATIC_L2_SIZE)
1995 panic("pmap_bootstrap: out of static L2s");
1996 kernel_pmap->pm_l2[L2_IDX(l1idx)] = l2 =
1997 &static_l2[l2next++];
2001 * One more L1 slot tracked...
2006 * Fill in the details of the L2 descriptor in the
2007 * appropriate bucket.
2009 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
2010 l2b->l2b_kva = ptep;
2012 l2b->l2b_l1idx = l1idx;
2015 * Establish an initial occupancy count for this descriptor
2018 l2idx < (L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
2020 if ((ptep[l2idx] & L2_TYPE_MASK) != L2_TYPE_INV) {
2021 l2b->l2b_occupancy++;
2026 * Make sure the descriptor itself has the correct cache mode.
2027 * If not, fix it, but whine about the problem. Port-meisters
2028 * should consider this a clue to fix up their initarm()
2031 if (pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)ptep)) {
2032 printf("pmap_bootstrap: WARNING! wrong cache mode for "
2033 "L2 pte @ %p\n", ptep);
2038 * Ensure the primary (kernel) L1 has the correct cache mode for
2039 * a page table. Bitch if it is not correctly set.
2041 for (va = (vm_offset_t)kernel_l1pt;
2042 va < ((vm_offset_t)kernel_l1pt + L1_TABLE_SIZE); va += PAGE_SIZE) {
2043 if (pmap_set_pt_cache_mode(kernel_l1pt, va))
2044 printf("pmap_bootstrap: WARNING! wrong cache mode for "
2045 "primary L1 @ 0x%x\n", va);
2048 cpu_dcache_wbinv_all();
2049 cpu_l2cache_wbinv_all();
2053 PMAP_LOCK_INIT(kernel_pmap);
2054 CPU_FILL(&kernel_pmap->pm_active);
2055 kernel_pmap->pm_domain = PMAP_DOMAIN_KERNEL;
2056 TAILQ_INIT(&kernel_pmap->pm_pvlist);
2059 * Initialize the global pv list lock.
2061 rw_init_flags(&pvh_global_lock, "pmap pv global", RW_RECURSE);
2064 * Reserve some special page table entries/VA space for temporary
2067 pmap_alloc_specials(&virtual_avail, 1, &csrcp, &csrc_pte);
2068 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)csrc_pte);
2069 pmap_alloc_specials(&virtual_avail, 1, &cdstp, &cdst_pte);
2070 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)cdst_pte);
2071 pmap_alloc_specials(&virtual_avail, 1, &qmap_addr, &qmap_pte);
2072 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)qmap_pte);
2073 size = ((vm_max_kernel_address - pmap_curmaxkvaddr) + L1_S_OFFSET) /
2075 pmap_alloc_specials(&virtual_avail,
2076 round_page(size * L2_TABLE_SIZE_REAL) / PAGE_SIZE,
2077 &pmap_kernel_l2ptp_kva, NULL);
2079 size = howmany(size, L2_BUCKET_SIZE);
2080 pmap_alloc_specials(&virtual_avail,
2081 round_page(size * sizeof(struct l2_dtable)) / PAGE_SIZE,
2082 &pmap_kernel_l2dtable_kva, NULL);
2084 pmap_alloc_specials(&virtual_avail,
2085 1, (vm_offset_t*)&_tmppt, NULL);
2086 pmap_alloc_specials(&virtual_avail,
2087 MAXDUMPPGS, (vm_offset_t *)&crashdumpmap, NULL);
2088 SLIST_INIT(&l1_list);
2089 TAILQ_INIT(&l1_lru_list);
2090 mtx_init(&l1_lru_lock, "l1 list lock", NULL, MTX_DEF);
2091 pmap_init_l1(l1, kernel_l1pt);
2092 cpu_dcache_wbinv_all();
2093 cpu_l2cache_wbinv_all();
2095 virtual_avail = round_page(virtual_avail);
2096 virtual_end = vm_max_kernel_address;
2097 kernel_vm_end = pmap_curmaxkvaddr;
2098 mtx_init(&cmtx, "TMP mappings mtx", NULL, MTX_DEF);
2099 mtx_init(&qmap_mtx, "quick mapping mtx", NULL, MTX_DEF);
2101 pmap_set_pcb_pagedir(kernel_pmap, thread0.td_pcb);
2104 /***************************************************
2105 * Pmap allocation/deallocation routines.
2106 ***************************************************/
2109 * Release any resources held by the given physical map.
2110 * Called when a pmap initialized by pmap_pinit is being released.
2111 * Should only be called if the map contains no valid mappings.
2114 pmap_release(pmap_t pmap)
2118 pmap_idcache_wbinv_all(pmap);
2119 cpu_l2cache_wbinv_all();
2120 pmap_tlb_flushID(pmap);
2122 if (vector_page < KERNBASE) {
2123 struct pcb *curpcb = PCPU_GET(curpcb);
2124 pcb = thread0.td_pcb;
2125 if (pmap_is_current(pmap)) {
2127 * Frob the L1 entry corresponding to the vector
2128 * page so that it contains the kernel pmap's domain
2129 * number. This will ensure pmap_remove() does not
2130 * pull the current vector page out from under us.
2133 *pcb->pcb_pl1vec = pcb->pcb_l1vec;
2134 cpu_domains(pcb->pcb_dacr);
2135 cpu_setttb(pcb->pcb_pagedir);
2138 pmap_remove(pmap, vector_page, vector_page + PAGE_SIZE);
2140 * Make sure cpu_switch(), et al, DTRT. This is safe to do
2141 * since this process has no remaining mappings of its own.
2143 curpcb->pcb_pl1vec = pcb->pcb_pl1vec;
2144 curpcb->pcb_l1vec = pcb->pcb_l1vec;
2145 curpcb->pcb_dacr = pcb->pcb_dacr;
2146 curpcb->pcb_pagedir = pcb->pcb_pagedir;
2150 dprintf("pmap_release()\n");
2154 * Helper function for pmap_grow_l2_bucket()
2157 pmap_grow_map(vm_offset_t va, pt_entry_t cache_mode, vm_paddr_t *pap)
2159 struct l2_bucket *l2b;
2164 pg = vm_page_alloc(NULL, 0, VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
2167 pa = VM_PAGE_TO_PHYS(pg);
2172 l2b = pmap_get_l2_bucket(kernel_pmap, va);
2174 ptep = &l2b->l2b_kva[l2pte_index(va)];
2175 *ptep = L2_S_PROTO | pa | cache_mode |
2176 L2_S_PROT(PTE_KERNEL, VM_PROT_READ | VM_PROT_WRITE);
2182 * This is the same as pmap_alloc_l2_bucket(), except that it is only
2183 * used by pmap_growkernel().
2185 static __inline struct l2_bucket *
2186 pmap_grow_l2_bucket(pmap_t pm, vm_offset_t va)
2188 struct l2_dtable *l2;
2189 struct l2_bucket *l2b;
2190 struct l1_ttable *l1;
2197 if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL) {
2199 * No mapping at this address, as there is
2200 * no entry in the L1 table.
2201 * Need to allocate a new l2_dtable.
2203 nva = pmap_kernel_l2dtable_kva;
2204 if ((nva & PAGE_MASK) == 0) {
2206 * Need to allocate a backing page
2208 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2212 l2 = (struct l2_dtable *)nva;
2213 nva += sizeof(struct l2_dtable);
2215 if ((nva & PAGE_MASK) < (pmap_kernel_l2dtable_kva &
2218 * The new l2_dtable straddles a page boundary.
2219 * Map in another page to cover it.
2221 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2225 pmap_kernel_l2dtable_kva = nva;
2228 * Link it into the parent pmap
2230 pm->pm_l2[L2_IDX(l1idx)] = l2;
2231 memset(l2, 0, sizeof(*l2));
2234 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
2237 * Fetch pointer to the L2 page table associated with the address.
2239 if (l2b->l2b_kva == NULL) {
2243 * No L2 page table has been allocated. Chances are, this
2244 * is because we just allocated the l2_dtable, above.
2246 nva = pmap_kernel_l2ptp_kva;
2247 ptep = (pt_entry_t *)nva;
2248 if ((nva & PAGE_MASK) == 0) {
2250 * Need to allocate a backing page
2252 if (pmap_grow_map(nva, pte_l2_s_cache_mode_pt,
2253 &pmap_kernel_l2ptp_phys))
2255 PTE_SYNC_RANGE(ptep, PAGE_SIZE / sizeof(pt_entry_t));
2257 memset(ptep, 0, L2_TABLE_SIZE_REAL);
2259 l2b->l2b_kva = ptep;
2260 l2b->l2b_l1idx = l1idx;
2261 l2b->l2b_phys = pmap_kernel_l2ptp_phys;
2263 pmap_kernel_l2ptp_kva += L2_TABLE_SIZE_REAL;
2264 pmap_kernel_l2ptp_phys += L2_TABLE_SIZE_REAL;
2267 /* Distribute new L1 entry to all other L1s */
2268 SLIST_FOREACH(l1, &l1_list, l1_link) {
2269 pl1pd = &l1->l1_kva[L1_IDX(va)];
2270 *pl1pd = l2b->l2b_phys | L1_C_DOM(PMAP_DOMAIN_KERNEL) |
2279 * grow the number of kernel page table entries, if needed
2282 pmap_growkernel(vm_offset_t addr)
2284 pmap_t kpm = kernel_pmap;
2286 if (addr <= pmap_curmaxkvaddr)
2287 return; /* we are OK */
2290 * whoops! we need to add kernel PTPs
2293 /* Map 1MB at a time */
2294 for (; pmap_curmaxkvaddr < addr; pmap_curmaxkvaddr += L1_S_SIZE)
2295 pmap_grow_l2_bucket(kpm, pmap_curmaxkvaddr);
2298 * flush out the cache, expensive but growkernel will happen so
2301 cpu_dcache_wbinv_all();
2302 cpu_l2cache_wbinv_all();
2305 kernel_vm_end = pmap_curmaxkvaddr;
2309 * Remove all pages from specified address space
2310 * this aids process exit speeds. Also, this code
2311 * is special cased for current process only, but
2312 * can have the more generic (and slightly slower)
2313 * mode enabled. This is much faster than pmap_remove
2314 * in the case of running down an entire address space.
2317 pmap_remove_pages(pmap_t pmap)
2319 struct pv_entry *pv, *npv;
2320 struct l2_bucket *l2b = NULL;
2324 rw_wlock(&pvh_global_lock);
2326 cpu_idcache_wbinv_all();
2327 cpu_l2cache_wbinv_all();
2328 for (pv = TAILQ_FIRST(&pmap->pm_pvlist); pv; pv = npv) {
2329 if (pv->pv_flags & PVF_WIRED || pv->pv_flags & PVF_UNMAN) {
2330 /* Cannot remove wired or unmanaged pages now. */
2331 npv = TAILQ_NEXT(pv, pv_plist);
2334 pmap->pm_stats.resident_count--;
2335 l2b = pmap_get_l2_bucket(pmap, pv->pv_va);
2336 KASSERT(l2b != NULL, ("No L2 bucket in pmap_remove_pages"));
2337 pt = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
2338 m = PHYS_TO_VM_PAGE(*pt & L2_S_FRAME);
2339 KASSERT((vm_offset_t)m >= KERNBASE, ("Trying to access non-existent page va %x pte %x", pv->pv_va, *pt));
2342 npv = TAILQ_NEXT(pv, pv_plist);
2343 pmap_nuke_pv(m, pmap, pv);
2344 if (TAILQ_EMPTY(&m->md.pv_list))
2345 vm_page_aflag_clear(m, PGA_WRITEABLE);
2346 pmap_free_pv_entry(pv);
2347 pmap_free_l2_bucket(pmap, l2b, 1);
2349 rw_wunlock(&pvh_global_lock);
2355 /***************************************************
2356 * Low level mapping routines.....
2357 ***************************************************/
2359 /* Map a section into the KVA. */
2362 * Make a temporary mapping for a physical address. This is only intended
2363 * to be used for panic dumps.
2366 pmap_kenter_temporary(vm_paddr_t pa, int i)
2370 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
2371 pmap_kenter(va, pa);
2372 return ((void *)crashdumpmap);
2376 * add a wired page to the kva
2377 * note that in order for the mapping to take effect -- you
2378 * should do a invltlb after doing the pmap_kenter...
2380 static PMAP_INLINE void
2381 pmap_kenter_internal(vm_offset_t va, vm_offset_t pa, int flags)
2383 struct l2_bucket *l2b;
2386 struct pv_entry *pve;
2389 PDEBUG(1, printf("pmap_kenter: va = %08x, pa = %08x\n",
2390 (uint32_t) va, (uint32_t) pa));
2392 l2b = pmap_get_l2_bucket(kernel_pmap, va);
2394 l2b = pmap_grow_l2_bucket(kernel_pmap, va);
2395 KASSERT(l2b != NULL, ("No L2 Bucket"));
2396 pte = &l2b->l2b_kva[l2pte_index(va)];
2398 PDEBUG(1, printf("pmap_kenter: pte = %08x, opte = %08x, npte = %08x\n",
2399 (uint32_t) pte, opte, *pte));
2400 if (l2pte_valid(opte)) {
2404 l2b->l2b_occupancy++;
2406 *pte = L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL,
2407 VM_PROT_READ | VM_PROT_WRITE);
2408 if (flags & KENTER_CACHE)
2409 *pte |= pte_l2_s_cache_mode;
2410 if (flags & KENTER_USER)
2411 *pte |= L2_S_PROT_U;
2415 * A kernel mapping may not be the page's only mapping, so create a PV
2416 * entry to ensure proper caching.
2418 * The existence test for the pvzone is used to delay the recording of
2419 * kernel mappings until the VM system is fully initialized.
2421 * This expects the physical memory to have a vm_page_array entry.
2423 if (pvzone != NULL && (m = vm_phys_paddr_to_vm_page(pa)) != NULL) {
2424 rw_wlock(&pvh_global_lock);
2425 if (!TAILQ_EMPTY(&m->md.pv_list) || m->md.pv_kva != 0) {
2426 if ((pve = pmap_get_pv_entry()) == NULL)
2427 panic("pmap_kenter_internal: no pv entries");
2428 PMAP_LOCK(kernel_pmap);
2429 pmap_enter_pv(m, pve, kernel_pmap, va,
2430 PVF_WRITE | PVF_UNMAN);
2431 pmap_fix_cache(m, kernel_pmap, va);
2432 PMAP_UNLOCK(kernel_pmap);
2436 rw_wunlock(&pvh_global_lock);
2441 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
2443 pmap_kenter_internal(va, pa, KENTER_CACHE);
2447 pmap_kenter_nocache(vm_offset_t va, vm_paddr_t pa)
2450 pmap_kenter_internal(va, pa, 0);
2454 pmap_kenter_device(vm_offset_t va, vm_size_t size, vm_paddr_t pa)
2458 KASSERT((size & PAGE_MASK) == 0,
2459 ("%s: device mapping not page-sized", __func__));
2463 pmap_kenter_internal(va, pa, 0);
2471 pmap_kremove_device(vm_offset_t va, vm_size_t size)
2475 KASSERT((size & PAGE_MASK) == 0,
2476 ("%s: device mapping not page-sized", __func__));
2487 pmap_kenter_user(vm_offset_t va, vm_paddr_t pa)
2490 pmap_kenter_internal(va, pa, KENTER_CACHE|KENTER_USER);
2492 * Call pmap_fault_fixup now, to make sure we'll have no exception
2493 * at the first use of the new address, or bad things will happen,
2494 * as we use one of these addresses in the exception handlers.
2496 pmap_fault_fixup(kernel_pmap, va, VM_PROT_READ|VM_PROT_WRITE, 1);
2500 pmap_kextract(vm_offset_t va)
2503 return (pmap_extract_locked(kernel_pmap, va));
2507 * remove a page from the kernel pagetables
2510 pmap_kremove(vm_offset_t va)
2512 struct l2_bucket *l2b;
2513 pt_entry_t *pte, opte;
2514 struct pv_entry *pve;
2518 l2b = pmap_get_l2_bucket(kernel_pmap, va);
2521 KASSERT(l2b != NULL, ("No L2 Bucket"));
2522 pte = &l2b->l2b_kva[l2pte_index(va)];
2524 if (l2pte_valid(opte)) {
2525 /* pa = vtophs(va) taken from pmap_extract() */
2526 if ((opte & L2_TYPE_MASK) == L2_TYPE_L)
2527 pa = (opte & L2_L_FRAME) | (va & L2_L_OFFSET);
2529 pa = (opte & L2_S_FRAME) | (va & L2_S_OFFSET);
2530 /* note: should never have to remove an allocation
2531 * before the pvzone is initialized.
2533 rw_wlock(&pvh_global_lock);
2534 PMAP_LOCK(kernel_pmap);
2535 if (pvzone != NULL && (m = vm_phys_paddr_to_vm_page(pa)) &&
2536 (pve = pmap_remove_pv(m, kernel_pmap, va)))
2537 pmap_free_pv_entry(pve);
2538 PMAP_UNLOCK(kernel_pmap);
2539 rw_wunlock(&pvh_global_lock);
2540 va = va & ~PAGE_MASK;
2541 cpu_dcache_wbinv_range(va, PAGE_SIZE);
2542 cpu_l2cache_wbinv_range(va, PAGE_SIZE);
2543 cpu_tlb_flushD_SE(va);
2550 * Used to map a range of physical addresses into kernel
2551 * virtual address space.
2553 * The value passed in '*virt' is a suggested virtual address for
2554 * the mapping. Architectures which can support a direct-mapped
2555 * physical to virtual region can return the appropriate address
2556 * within that region, leaving '*virt' unchanged. Other
2557 * architectures should map the pages starting at '*virt' and
2558 * update '*virt' with the first usable address after the mapped
2562 pmap_map(vm_offset_t *virt, vm_offset_t start, vm_offset_t end, int prot)
2564 vm_offset_t sva = *virt;
2565 vm_offset_t va = sva;
2567 PDEBUG(1, printf("pmap_map: virt = %08x, start = %08x, end = %08x, "
2568 "prot = %d\n", (uint32_t) *virt, (uint32_t) start, (uint32_t) end,
2571 while (start < end) {
2572 pmap_kenter(va, start);
2581 pmap_wb_page(vm_page_t m)
2583 struct pv_entry *pv;
2585 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
2586 pmap_dcache_wb_range(pv->pv_pmap, pv->pv_va, PAGE_SIZE, FALSE,
2587 (pv->pv_flags & PVF_WRITE) == 0);
2591 pmap_inv_page(vm_page_t m)
2593 struct pv_entry *pv;
2595 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
2596 pmap_dcache_wb_range(pv->pv_pmap, pv->pv_va, PAGE_SIZE, TRUE, TRUE);
2599 * Add a list of wired pages to the kva
2600 * this routine is only used for temporary
2601 * kernel mappings that do not need to have
2602 * page modification or references recorded.
2603 * Note that old mappings are simply written
2604 * over. The page *must* be wired.
2607 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
2611 for (i = 0; i < count; i++) {
2613 pmap_kenter_internal(va, VM_PAGE_TO_PHYS(m[i]),
2620 * this routine jerks page mappings from the
2621 * kernel -- it is meant only for temporary mappings.
2624 pmap_qremove(vm_offset_t va, int count)
2629 for (i = 0; i < count; i++) {
2632 pmap_inv_page(PHYS_TO_VM_PAGE(pa));
2640 * pmap_object_init_pt preloads the ptes for a given object
2641 * into the specified pmap. This eliminates the blast of soft
2642 * faults on process startup and immediately after an mmap.
2645 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
2646 vm_pindex_t pindex, vm_size_t size)
2649 VM_OBJECT_ASSERT_WLOCKED(object);
2650 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
2651 ("pmap_object_init_pt: non-device object"));
2655 * pmap_is_prefaultable:
2657 * Return whether or not the specified virtual address is elgible
2661 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
2666 if (!pmap_get_pde_pte(pmap, addr, &pde, &pte))
2668 KASSERT(pte != NULL, ("Valid mapping but no pte ?"));
2675 * Fetch pointers to the PDE/PTE for the given pmap/VA pair.
2676 * Returns TRUE if the mapping exists, else FALSE.
2678 * NOTE: This function is only used by a couple of arm-specific modules.
2679 * It is not safe to take any pmap locks here, since we could be right
2680 * in the middle of debugging the pmap anyway...
2682 * It is possible for this routine to return FALSE even though a valid
2683 * mapping does exist. This is because we don't lock, so the metadata
2684 * state may be inconsistent.
2686 * NOTE: We can return a NULL *ptp in the case where the L1 pde is
2687 * a "section" mapping.
2690 pmap_get_pde_pte(pmap_t pm, vm_offset_t va, pd_entry_t **pdp, pt_entry_t **ptp)
2692 struct l2_dtable *l2;
2693 pd_entry_t *pl1pd, l1pd;
2697 if (pm->pm_l1 == NULL)
2701 *pdp = pl1pd = &pm->pm_l1->l1_kva[l1idx];
2704 if (l1pte_section_p(l1pd)) {
2709 if (pm->pm_l2 == NULL)
2712 l2 = pm->pm_l2[L2_IDX(l1idx)];
2715 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
2719 *ptp = &ptep[l2pte_index(va)];
2724 * Routine: pmap_remove_all
2726 * Removes this physical page from
2727 * all physical maps in which it resides.
2728 * Reflects back modify bits to the pager.
2731 * Original versions of this routine were very
2732 * inefficient because they iteratively called
2733 * pmap_remove (slow...)
2736 pmap_remove_all(vm_page_t m)
2740 struct l2_bucket *l2b;
2741 boolean_t flush = FALSE;
2745 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2746 ("pmap_remove_all: page %p is not managed", m));
2747 if (TAILQ_EMPTY(&m->md.pv_list))
2749 rw_wlock(&pvh_global_lock);
2752 * XXX This call shouldn't exist. Iterating over the PV list twice,
2753 * once in pmap_clearbit() and again below, is both unnecessary and
2754 * inefficient. The below code should itself write back the cache
2755 * entry before it destroys the mapping.
2757 pmap_clearbit(m, PVF_WRITE);
2758 curpm = vmspace_pmap(curproc->p_vmspace);
2759 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2760 if (flush == FALSE && (pv->pv_pmap == curpm ||
2761 pv->pv_pmap == kernel_pmap))
2764 PMAP_LOCK(pv->pv_pmap);
2766 * Cached contents were written-back in pmap_clearbit(),
2767 * but we still have to invalidate the cache entry to make
2768 * sure stale data are not retrieved when another page will be
2769 * mapped under this virtual address.
2771 if (pmap_is_current(pv->pv_pmap)) {
2772 cpu_dcache_inv_range(pv->pv_va, PAGE_SIZE);
2773 if (pmap_has_valid_mapping(pv->pv_pmap, pv->pv_va))
2774 cpu_l2cache_inv_range(pv->pv_va, PAGE_SIZE);
2777 if (pv->pv_flags & PVF_UNMAN) {
2778 /* remove the pv entry, but do not remove the mapping
2779 * and remember this is a kernel mapped page
2781 m->md.pv_kva = pv->pv_va;
2783 /* remove the mapping and pv entry */
2784 l2b = pmap_get_l2_bucket(pv->pv_pmap, pv->pv_va);
2785 KASSERT(l2b != NULL, ("No l2 bucket"));
2786 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
2788 PTE_SYNC_CURRENT(pv->pv_pmap, ptep);
2789 pmap_free_l2_bucket(pv->pv_pmap, l2b, 1);
2790 pv->pv_pmap->pm_stats.resident_count--;
2791 flags |= pv->pv_flags;
2793 pmap_nuke_pv(m, pv->pv_pmap, pv);
2794 PMAP_UNLOCK(pv->pv_pmap);
2795 pmap_free_pv_entry(pv);
2799 if (PV_BEEN_EXECD(flags))
2800 pmap_tlb_flushID(curpm);
2802 pmap_tlb_flushD(curpm);
2804 vm_page_aflag_clear(m, PGA_WRITEABLE);
2805 rw_wunlock(&pvh_global_lock);
2809 * Set the physical protection on the
2810 * specified range of this map as requested.
2813 pmap_protect(pmap_t pm, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2815 struct l2_bucket *l2b;
2816 pt_entry_t *ptep, pte;
2817 vm_offset_t next_bucket;
2821 CTR4(KTR_PMAP, "pmap_protect: pmap %p sva 0x%08x eva 0x%08x prot %x",
2822 pm, sva, eva, prot);
2824 if ((prot & VM_PROT_READ) == 0) {
2825 pmap_remove(pm, sva, eva);
2829 if (prot & VM_PROT_WRITE) {
2831 * If this is a read->write transition, just ignore it and let
2832 * vm_fault() take care of it later.
2837 rw_wlock(&pvh_global_lock);
2841 * OK, at this point, we know we're doing write-protect operation.
2842 * If the pmap is active, write-back the range.
2844 pmap_dcache_wb_range(pm, sva, eva - sva, FALSE, FALSE);
2846 flush = ((eva - sva) >= (PAGE_SIZE * 4)) ? 0 : -1;
2850 next_bucket = L2_NEXT_BUCKET(sva);
2851 if (next_bucket > eva)
2854 l2b = pmap_get_l2_bucket(pm, sva);
2860 ptep = &l2b->l2b_kva[l2pte_index(sva)];
2862 while (sva < next_bucket) {
2863 if ((pte = *ptep) != 0 && (pte & L2_S_PROT_W) != 0) {
2867 pg = PHYS_TO_VM_PAGE(l2pte_pa(pte));
2868 pte &= ~L2_S_PROT_W;
2872 if (!(pg->oflags & VPO_UNMANAGED)) {
2873 f = pmap_modify_pv(pg, pm, sva,
2884 if (PV_BEEN_EXECD(f))
2885 pmap_tlb_flushID_SE(pm, sva);
2887 if (PV_BEEN_REFD(f))
2888 pmap_tlb_flushD_SE(pm, sva);
2897 if (PV_BEEN_EXECD(flags))
2898 pmap_tlb_flushID(pm);
2900 if (PV_BEEN_REFD(flags))
2901 pmap_tlb_flushD(pm);
2903 rw_wunlock(&pvh_global_lock);
2909 * Insert the given physical page (p) at
2910 * the specified virtual address (v) in the
2911 * target physical map with the protection requested.
2913 * If specified, the page will be wired down, meaning
2914 * that the related pte can not be reclaimed.
2916 * NB: This is the only routine which MAY NOT lazy-evaluate
2917 * or lose information. That is, this routine must actually
2918 * insert this page into the given map NOW.
2922 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2923 u_int flags, int8_t psind __unused)
2927 rw_wlock(&pvh_global_lock);
2929 rv = pmap_enter_locked(pmap, va, m, prot, flags);
2930 rw_wunlock(&pvh_global_lock);
2936 * The pvh global and pmap locks must be held.
2939 pmap_enter_locked(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2942 struct l2_bucket *l2b = NULL;
2943 struct vm_page *opg;
2944 struct pv_entry *pve = NULL;
2945 pt_entry_t *ptep, npte, opte;
2950 PMAP_ASSERT_LOCKED(pmap);
2951 rw_assert(&pvh_global_lock, RA_WLOCKED);
2952 if (va == vector_page) {
2953 pa = systempage.pv_pa;
2956 if ((m->oflags & VPO_UNMANAGED) == 0) {
2957 if ((flags & PMAP_ENTER_QUICK_LOCKED) == 0)
2958 VM_PAGE_OBJECT_BUSY_ASSERT(m);
2960 VM_OBJECT_ASSERT_LOCKED(m->object);
2962 pa = VM_PAGE_TO_PHYS(m);
2965 if (prot & VM_PROT_WRITE)
2966 nflags |= PVF_WRITE;
2967 if (prot & VM_PROT_EXECUTE)
2969 if ((flags & PMAP_ENTER_WIRED) != 0)
2970 nflags |= PVF_WIRED;
2971 PDEBUG(1, printf("pmap_enter: pmap = %08x, va = %08x, m = %08x, prot = %x, "
2972 "flags = %x\n", (uint32_t) pmap, va, (uint32_t) m, prot, flags));
2974 if (pmap == kernel_pmap) {
2975 l2b = pmap_get_l2_bucket(pmap, va);
2977 l2b = pmap_grow_l2_bucket(pmap, va);
2980 l2b = pmap_alloc_l2_bucket(pmap, va);
2982 if ((flags & PMAP_ENTER_NOSLEEP) == 0) {
2984 rw_wunlock(&pvh_global_lock);
2986 rw_wlock(&pvh_global_lock);
2990 return (KERN_RESOURCE_SHORTAGE);
2994 ptep = &l2b->l2b_kva[l2pte_index(va)];
3001 * There is already a mapping at this address.
3002 * If the physical address is different, lookup the
3005 if (l2pte_pa(opte) != pa)
3006 opg = PHYS_TO_VM_PAGE(l2pte_pa(opte));
3012 if ((prot & (VM_PROT_ALL)) ||
3013 (!m || m->md.pvh_attrs & PVF_REF)) {
3015 * - The access type indicates that we don't need
3016 * to do referenced emulation.
3018 * - The physical page has already been referenced
3019 * so no need to re-do referenced emulation here.
3025 if (m && ((prot & VM_PROT_WRITE) != 0 ||
3026 (m->md.pvh_attrs & PVF_MOD))) {
3028 * This is a writable mapping, and the
3029 * page's mod state indicates it has
3030 * already been modified. Make it
3031 * writable from the outset.
3034 if (!(m->md.pvh_attrs & PVF_MOD))
3038 vm_page_aflag_set(m, PGA_REFERENCED);
3041 * Need to do page referenced emulation.
3043 npte |= L2_TYPE_INV;
3046 if (prot & VM_PROT_WRITE) {
3047 npte |= L2_S_PROT_W;
3049 (m->oflags & VPO_UNMANAGED) == 0)
3050 vm_page_aflag_set(m, PGA_WRITEABLE);
3052 if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
3053 npte |= pte_l2_s_cache_mode;
3054 if (m && m == opg) {
3056 * We're changing the attrs of an existing mapping.
3058 oflags = pmap_modify_pv(m, pmap, va,
3059 PVF_WRITE | PVF_EXEC | PVF_WIRED |
3060 PVF_MOD | PVF_REF, nflags);
3063 * We may need to flush the cache if we're
3066 if (pmap_is_current(pmap) &&
3067 (oflags & PVF_NC) == 0 &&
3068 (opte & L2_S_PROT_W) != 0 &&
3069 (prot & VM_PROT_WRITE) == 0 &&
3070 (opte & L2_TYPE_MASK) != L2_TYPE_INV) {
3071 cpu_dcache_wb_range(va, PAGE_SIZE);
3072 cpu_l2cache_wb_range(va, PAGE_SIZE);
3076 * New mapping, or changing the backing page
3077 * of an existing mapping.
3081 * Replacing an existing mapping with a new one.
3082 * It is part of our managed memory so we
3083 * must remove it from the PV list
3085 if ((pve = pmap_remove_pv(opg, pmap, va))) {
3086 /* note for patch: the oflags/invalidation was moved
3087 * because PG_FICTITIOUS pages could free the pve
3089 oflags = pve->pv_flags;
3091 * If the old mapping was valid (ref/mod
3092 * emulation creates 'invalid' mappings
3093 * initially) then make sure to frob
3096 if ((oflags & PVF_NC) == 0 && l2pte_valid(opte)) {
3097 if (PV_BEEN_EXECD(oflags)) {
3098 pmap_idcache_wbinv_range(pmap, va,
3101 if (PV_BEEN_REFD(oflags)) {
3102 pmap_dcache_wb_range(pmap, va,
3104 (oflags & PVF_WRITE) == 0);
3108 /* free/allocate a pv_entry for UNMANAGED pages if
3109 * this physical page is not/is already mapped.
3112 if (m && (m->oflags & VPO_UNMANAGED) &&
3114 TAILQ_EMPTY(&m->md.pv_list)) {
3115 pmap_free_pv_entry(pve);
3119 (!(m->oflags & VPO_UNMANAGED) || m->md.pv_kva ||
3120 !TAILQ_EMPTY(&m->md.pv_list)))
3121 pve = pmap_get_pv_entry();
3123 (!(m->oflags & VPO_UNMANAGED) || m->md.pv_kva ||
3124 !TAILQ_EMPTY(&m->md.pv_list)))
3125 pve = pmap_get_pv_entry();
3128 if ((m->oflags & VPO_UNMANAGED)) {
3129 if (!TAILQ_EMPTY(&m->md.pv_list) ||
3131 KASSERT(pve != NULL, ("No pv"));
3132 nflags |= PVF_UNMAN;
3133 pmap_enter_pv(m, pve, pmap, va, nflags);
3137 KASSERT(va < kmi.clean_sva ||
3138 va >= kmi.clean_eva,
3139 ("pmap_enter: managed mapping within the clean submap"));
3140 KASSERT(pve != NULL, ("No pv"));
3141 pmap_enter_pv(m, pve, pmap, va, nflags);
3146 * Make sure userland mappings get the right permissions
3148 if (pmap != kernel_pmap && va != vector_page) {
3149 npte |= L2_S_PROT_U;
3153 * Keep the stats up to date
3156 l2b->l2b_occupancy++;
3157 pmap->pm_stats.resident_count++;
3161 * If this is just a wiring change, the two PTEs will be
3162 * identical, so there's no need to update the page table.
3165 boolean_t is_cached = pmap_is_current(pmap);
3170 * We only need to frob the cache/tlb if this pmap
3174 if (L1_IDX(va) != L1_IDX(vector_page) &&
3175 l2pte_valid(npte)) {
3177 * This mapping is likely to be accessed as
3178 * soon as we return to userland. Fix up the
3179 * L1 entry to avoid taking another
3180 * page/domain fault.
3182 pd_entry_t *pl1pd, l1pd;
3184 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3185 l1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) |
3187 if (*pl1pd != l1pd) {
3194 if (PV_BEEN_EXECD(oflags))
3195 pmap_tlb_flushID_SE(pmap, va);
3196 else if (PV_BEEN_REFD(oflags))
3197 pmap_tlb_flushD_SE(pmap, va);
3200 pmap_fix_cache(m, pmap, va);
3202 return (KERN_SUCCESS);
3206 * Maps a sequence of resident pages belonging to the same object.
3207 * The sequence begins with the given page m_start. This page is
3208 * mapped at the given virtual address start. Each subsequent page is
3209 * mapped at a virtual address that is offset from start by the same
3210 * amount as the page is offset from m_start within the object. The
3211 * last page in the sequence is the page with the largest offset from
3212 * m_start that can be mapped at a virtual address less than the given
3213 * virtual address end. Not every virtual page between start and end
3214 * is mapped; only those for which a resident page exists with the
3215 * corresponding offset from m_start are mapped.
3218 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3219 vm_page_t m_start, vm_prot_t prot)
3222 vm_pindex_t diff, psize;
3224 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3226 psize = atop(end - start);
3228 rw_wlock(&pvh_global_lock);
3230 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3231 pmap_enter_locked(pmap, start + ptoa(diff), m, prot &
3232 (VM_PROT_READ | VM_PROT_EXECUTE), PMAP_ENTER_NOSLEEP |
3233 PMAP_ENTER_QUICK_LOCKED);
3234 m = TAILQ_NEXT(m, listq);
3236 rw_wunlock(&pvh_global_lock);
3241 * this code makes some *MAJOR* assumptions:
3242 * 1. Current pmap & pmap exists.
3245 * 4. No page table pages.
3246 * but is *MUCH* faster than pmap_enter...
3250 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3253 rw_wlock(&pvh_global_lock);
3255 pmap_enter_locked(pmap, va, m, prot & (VM_PROT_READ | VM_PROT_EXECUTE),
3256 PMAP_ENTER_NOSLEEP | PMAP_ENTER_QUICK_LOCKED);
3257 rw_wunlock(&pvh_global_lock);
3262 * Clear the wired attribute from the mappings for the specified range of
3263 * addresses in the given pmap. Every valid mapping within that range
3264 * must have the wired attribute set. In contrast, invalid mappings
3265 * cannot have the wired attribute set, so they are ignored.
3267 * XXX Wired mappings of unmanaged pages cannot be counted by this pmap
3271 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3273 struct l2_bucket *l2b;
3274 pt_entry_t *ptep, pte;
3276 vm_offset_t next_bucket;
3279 rw_wlock(&pvh_global_lock);
3282 next_bucket = L2_NEXT_BUCKET(sva);
3283 if (next_bucket > eva)
3285 l2b = pmap_get_l2_bucket(pmap, sva);
3290 for (ptep = &l2b->l2b_kva[l2pte_index(sva)]; sva < next_bucket;
3291 sva += PAGE_SIZE, ptep++) {
3292 if ((pte = *ptep) == 0 ||
3293 (m = PHYS_TO_VM_PAGE(l2pte_pa(pte))) == NULL ||
3294 (m->oflags & VPO_UNMANAGED) != 0)
3296 pv = pmap_find_pv(m, pmap, sva);
3297 if ((pv->pv_flags & PVF_WIRED) == 0)
3298 panic("pmap_unwire: pv %p isn't wired", pv);
3299 pv->pv_flags &= ~PVF_WIRED;
3300 pmap->pm_stats.wired_count--;
3303 rw_wunlock(&pvh_global_lock);
3308 * Copy the range specified by src_addr/len
3309 * from the source map to the range dst_addr/len
3310 * in the destination map.
3312 * This routine is only advisory and need not do anything.
3315 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
3316 vm_size_t len, vm_offset_t src_addr)
3321 * Routine: pmap_extract
3323 * Extract the physical page address associated
3324 * with the given map/virtual_address pair.
3327 pmap_extract(pmap_t pmap, vm_offset_t va)
3332 pa = pmap_extract_locked(pmap, va);
3338 pmap_extract_locked(pmap_t pmap, vm_offset_t va)
3340 struct l2_dtable *l2;
3342 pt_entry_t *ptep, pte;
3346 if (pmap != kernel_pmap)
3347 PMAP_ASSERT_LOCKED(pmap);
3349 l1pd = pmap->pm_l1->l1_kva[l1idx];
3350 if (l1pte_section_p(l1pd)) {
3352 * These should only happen for the kernel pmap.
3354 KASSERT(pmap == kernel_pmap, ("unexpected section"));
3355 /* XXX: what to do about the bits > 32 ? */
3356 if (l1pd & L1_S_SUPERSEC)
3357 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3359 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3362 * Note that we can't rely on the validity of the L1
3363 * descriptor as an indication that a mapping exists.
3364 * We have to look it up in the L2 dtable.
3366 l2 = pmap->pm_l2[L2_IDX(l1idx)];
3368 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL)
3370 pte = ptep[l2pte_index(va)];
3373 if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3374 pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3376 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3382 * Atomically extract and hold the physical page with the given
3383 * pmap and virtual address pair if that mapping permits the given
3388 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
3390 struct l2_dtable *l2;
3392 pt_entry_t *ptep, pte;
3401 l1pd = pmap->pm_l1->l1_kva[l1idx];
3402 if (l1pte_section_p(l1pd)) {
3404 * These should only happen for kernel_pmap
3406 KASSERT(pmap == kernel_pmap, ("huh"));
3407 /* XXX: what to do about the bits > 32 ? */
3408 if (l1pd & L1_S_SUPERSEC)
3409 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3411 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3412 if (l1pd & L1_S_PROT_W || (prot & VM_PROT_WRITE) == 0) {
3413 m = PHYS_TO_VM_PAGE(pa);
3414 if (!vm_page_wire_mapped(m))
3419 * Note that we can't rely on the validity of the L1
3420 * descriptor as an indication that a mapping exists.
3421 * We have to look it up in the L2 dtable.
3423 l2 = pmap->pm_l2[L2_IDX(l1idx)];
3426 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
3431 ptep = &ptep[l2pte_index(va)];
3438 if (pte & L2_S_PROT_W || (prot & VM_PROT_WRITE) == 0) {
3439 if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3440 pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3442 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3443 m = PHYS_TO_VM_PAGE(pa);
3444 if (!vm_page_wire_mapped(m))
3453 pmap_dump_kextract(vm_offset_t va, pt2_entry_t *pte2p)
3455 struct l2_dtable *l2;
3457 pt_entry_t *ptep, pte;
3462 l1pd = kernel_pmap->pm_l1->l1_kva[l1idx];
3463 if (l1pte_section_p(l1pd)) {
3464 if (l1pd & L1_S_SUPERSEC)
3465 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3467 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3468 pte = L2_S_PROTO | pa |
3469 L2_S_PROT(PTE_KERNEL, VM_PROT_READ | VM_PROT_WRITE);
3471 l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)];
3473 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
3478 pte = ptep[l2pte_index(va)];
3483 if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3484 pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3486 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3495 * Initialize a preallocated and zeroed pmap structure,
3496 * such as one in a vmspace structure.
3500 pmap_pinit(pmap_t pmap)
3502 PDEBUG(1, printf("pmap_pinit: pmap = %08x\n", (uint32_t) pmap));
3504 pmap_alloc_l1(pmap);
3505 bzero(pmap->pm_l2, sizeof(pmap->pm_l2));
3507 CPU_ZERO(&pmap->pm_active);
3509 TAILQ_INIT(&pmap->pm_pvlist);
3510 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
3511 pmap->pm_stats.resident_count = 1;
3512 if (vector_page < KERNBASE) {
3513 pmap_enter(pmap, vector_page, PHYS_TO_VM_PAGE(systempage.pv_pa),
3514 VM_PROT_READ, PMAP_ENTER_WIRED | VM_PROT_READ, 0);
3519 /***************************************************
3520 * page management routines.
3521 ***************************************************/
3524 pmap_free_pv_entry(pv_entry_t pv)
3527 uma_zfree(pvzone, pv);
3531 * get a new pv_entry, allocating a block from the system
3533 * the memory allocation is performed bypassing the malloc code
3534 * because of the possibility of allocations at interrupt time.
3537 pmap_get_pv_entry(void)
3539 pv_entry_t ret_value;
3542 if (pv_entry_count > pv_entry_high_water)
3543 pagedaemon_wakeup(0); /* XXX ARM NUMA */
3544 ret_value = uma_zalloc(pvzone, M_NOWAIT);
3549 * Remove the given range of addresses from the specified map.
3551 * It is assumed that the start and end are properly
3552 * rounded to the page size.
3554 #define PMAP_REMOVE_CLEAN_LIST_SIZE 3
3556 pmap_remove(pmap_t pm, vm_offset_t sva, vm_offset_t eva)
3558 struct l2_bucket *l2b;
3559 vm_offset_t next_bucket;
3562 u_int mappings, is_exec, is_refd;
3566 * we lock in the pmap => pv_head direction
3569 rw_wlock(&pvh_global_lock);
3574 * Do one L2 bucket's worth at a time.
3576 next_bucket = L2_NEXT_BUCKET(sva);
3577 if (next_bucket > eva)
3580 l2b = pmap_get_l2_bucket(pm, sva);
3586 ptep = &l2b->l2b_kva[l2pte_index(sva)];
3589 while (sva < next_bucket) {
3598 * Nothing here, move along
3605 pm->pm_stats.resident_count--;
3611 * Update flags. In a number of circumstances,
3612 * we could cluster a lot of these and do a
3613 * number of sequential pages in one go.
3615 if ((pg = PHYS_TO_VM_PAGE(pa)) != NULL) {
3616 struct pv_entry *pve;
3618 pve = pmap_remove_pv(pg, pm, sva);
3620 is_exec = PV_BEEN_EXECD(pve->pv_flags);
3621 is_refd = PV_BEEN_REFD(pve->pv_flags);
3622 pmap_free_pv_entry(pve);
3626 if (l2pte_valid(pte) && pmap_is_current(pm)) {
3627 if (total < PMAP_REMOVE_CLEAN_LIST_SIZE) {
3630 cpu_idcache_wbinv_range(sva,
3632 cpu_l2cache_wbinv_range(sva,
3634 cpu_tlb_flushID_SE(sva);
3635 } else if (is_refd) {
3636 cpu_dcache_wbinv_range(sva,
3638 cpu_l2cache_wbinv_range(sva,
3640 cpu_tlb_flushD_SE(sva);
3642 } else if (total == PMAP_REMOVE_CLEAN_LIST_SIZE) {
3643 /* flushall will also only get set for
3644 * for a current pmap
3646 cpu_idcache_wbinv_all();
3647 cpu_l2cache_wbinv_all();
3660 pmap_free_l2_bucket(pm, l2b, mappings);
3663 rw_wunlock(&pvh_global_lock);
3672 * Zero a given physical page by mapping it at a page hook point.
3673 * In doing the zero page op, the page we zero is mapped cachable, as with
3674 * StrongARM accesses to non-cached pages are non-burst making writing
3675 * _any_ bulk data very slow.
3678 pmap_zero_page_generic(vm_paddr_t phys, int off, int size)
3681 if (_arm_bzero && size >= _min_bzero_size &&
3682 _arm_bzero((void *)(phys + off), size, IS_PHYSICAL) == 0)
3687 * Hook in the page, zero it, invalidate the TLB as needed.
3689 * Note the temporary zero-page mapping must be a non-cached page in
3690 * order to work without corruption when write-allocate is enabled.
3692 *cdst_pte = L2_S_PROTO | phys | L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE);
3694 cpu_tlb_flushD_SE(cdstp);
3696 if (off || size != PAGE_SIZE)
3697 bzero((void *)(cdstp + off), size);
3705 * pmap_zero_page zeros the specified hardware page by mapping
3706 * the page into KVM and using bzero to clear its contents.
3709 pmap_zero_page(vm_page_t m)
3711 pmap_zero_page_generic(VM_PAGE_TO_PHYS(m), 0, PAGE_SIZE);
3715 * pmap_zero_page_area zeros the specified hardware page by mapping
3716 * the page into KVM and using bzero to clear its contents.
3718 * off and size may not cover an area beyond a single hardware page.
3721 pmap_zero_page_area(vm_page_t m, int off, int size)
3724 pmap_zero_page_generic(VM_PAGE_TO_PHYS(m), off, size);
3731 * This is a local function used to work out the best strategy to clean
3732 * a single page referenced by its entry in the PV table. It should be used by
3733 * pmap_copy_page, pmap_zero page and maybe some others later on.
3735 * Its policy is effectively:
3736 * o If there are no mappings, we don't bother doing anything with the cache.
3737 * o If there is one mapping, we clean just that page.
3738 * o If there are multiple mappings, we clean the entire cache.
3740 * So that some functions can be further optimised, it returns 0 if it didn't
3741 * clean the entire cache, or 1 if it did.
3743 * XXX One bug in this routine is that if the pv_entry has a single page
3744 * mapped at 0x00000000 a whole cache clean will be performed rather than
3745 * just the 1 page. Since this should not occur in everyday use and if it does
3746 * it will just result in not the most efficient clean for the page.
3748 * We don't yet use this function but may want to.
3751 pmap_clean_page(struct pv_entry *pv, boolean_t is_src)
3753 pmap_t pm, pm_to_clean = NULL;
3754 struct pv_entry *npv;
3755 u_int cache_needs_cleaning = 0;
3757 vm_offset_t page_to_clean = 0;
3760 /* nothing mapped in so nothing to flush */
3765 * Since we flush the cache each time we change to a different
3766 * user vmspace, we only need to flush the page if it is in the
3770 pm = vmspace_pmap(curproc->p_vmspace);
3774 for (npv = pv; npv; npv = TAILQ_NEXT(npv, pv_list)) {
3775 if (npv->pv_pmap == kernel_pmap || npv->pv_pmap == pm) {
3776 flags |= npv->pv_flags;
3778 * The page is mapped non-cacheable in
3779 * this map. No need to flush the cache.
3781 if (npv->pv_flags & PVF_NC) {
3783 if (cache_needs_cleaning)
3784 panic("pmap_clean_page: "
3785 "cache inconsistency");
3788 } else if (is_src && (npv->pv_flags & PVF_WRITE) == 0)
3790 if (cache_needs_cleaning) {
3794 page_to_clean = npv->pv_va;
3795 pm_to_clean = npv->pv_pmap;
3797 cache_needs_cleaning = 1;
3800 if (page_to_clean) {
3801 if (PV_BEEN_EXECD(flags))
3802 pmap_idcache_wbinv_range(pm_to_clean, page_to_clean,
3805 pmap_dcache_wb_range(pm_to_clean, page_to_clean,
3806 PAGE_SIZE, !is_src, (flags & PVF_WRITE) == 0);
3807 } else if (cache_needs_cleaning) {
3808 if (PV_BEEN_EXECD(flags))
3809 pmap_idcache_wbinv_all(pm);
3811 pmap_dcache_wbinv_all(pm);
3819 * pmap_copy_page copies the specified (machine independent)
3820 * page by mapping the page into virtual memory and using
3821 * bcopy to copy the page, one machine dependent page at a
3828 * Copy one physical page into another, by mapping the pages into
3829 * hook points. The same comment regarding cachability as in
3830 * pmap_zero_page also applies here.
3833 pmap_copy_page_generic(vm_paddr_t src, vm_paddr_t dst)
3836 struct vm_page *src_pg = PHYS_TO_VM_PAGE(src);
3840 * Clean the source page. Hold the source page's lock for
3841 * the duration of the copy so that no other mappings can
3842 * be created while we have a potentially aliased mapping.
3846 * XXX: Not needed while we call cpu_dcache_wbinv_all() in
3849 (void) pmap_clean_page(TAILQ_FIRST(&src_pg->md.pv_list), TRUE);
3852 * Map the pages into the page hook points, copy them, and purge
3853 * the cache for the appropriate page. Invalidate the TLB
3857 *csrc_pte = L2_S_PROTO | src |
3858 L2_S_PROT(PTE_KERNEL, VM_PROT_READ) | pte_l2_s_cache_mode;
3860 *cdst_pte = L2_S_PROTO | dst |
3861 L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE) | pte_l2_s_cache_mode;
3863 cpu_tlb_flushD_SE(csrcp);
3864 cpu_tlb_flushD_SE(cdstp);
3866 bcopy_page(csrcp, cdstp);
3868 cpu_dcache_inv_range(csrcp, PAGE_SIZE);
3869 cpu_dcache_wbinv_range(cdstp, PAGE_SIZE);
3870 cpu_l2cache_inv_range(csrcp, PAGE_SIZE);
3871 cpu_l2cache_wbinv_range(cdstp, PAGE_SIZE);
3875 pmap_copy_page_offs_generic(vm_paddr_t a_phys, vm_offset_t a_offs,
3876 vm_paddr_t b_phys, vm_offset_t b_offs, int cnt)
3880 *csrc_pte = L2_S_PROTO | a_phys |
3881 L2_S_PROT(PTE_KERNEL, VM_PROT_READ) | pte_l2_s_cache_mode;
3883 *cdst_pte = L2_S_PROTO | b_phys |
3884 L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE) | pte_l2_s_cache_mode;
3886 cpu_tlb_flushD_SE(csrcp);
3887 cpu_tlb_flushD_SE(cdstp);
3889 bcopy((char *)csrcp + a_offs, (char *)cdstp + b_offs, cnt);
3891 cpu_dcache_inv_range(csrcp + a_offs, cnt);
3892 cpu_dcache_wbinv_range(cdstp + b_offs, cnt);
3893 cpu_l2cache_inv_range(csrcp + a_offs, cnt);
3894 cpu_l2cache_wbinv_range(cdstp + b_offs, cnt);
3898 pmap_copy_page(vm_page_t src, vm_page_t dst)
3901 cpu_dcache_wbinv_all();
3902 cpu_l2cache_wbinv_all();
3903 if (_arm_memcpy && PAGE_SIZE >= _min_memcpy_size &&
3904 _arm_memcpy((void *)VM_PAGE_TO_PHYS(dst),
3905 (void *)VM_PAGE_TO_PHYS(src), PAGE_SIZE, IS_PHYSICAL) == 0)
3907 pmap_copy_page_generic(VM_PAGE_TO_PHYS(src), VM_PAGE_TO_PHYS(dst));
3911 * We have code to do unmapped I/O. However, it isn't quite right and
3912 * causes un-page-aligned I/O to devices to fail (most notably newfs
3913 * or fsck). We give up a little performance to not allow unmapped I/O
3914 * to gain stability.
3916 int unmapped_buf_allowed = 0;
3919 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3920 vm_offset_t b_offset, int xfersize)
3922 vm_page_t a_pg, b_pg;
3923 vm_offset_t a_pg_offset, b_pg_offset;
3926 cpu_dcache_wbinv_all();
3927 cpu_l2cache_wbinv_all();
3928 while (xfersize > 0) {
3929 a_pg = ma[a_offset >> PAGE_SHIFT];
3930 a_pg_offset = a_offset & PAGE_MASK;
3931 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3932 b_pg = mb[b_offset >> PAGE_SHIFT];
3933 b_pg_offset = b_offset & PAGE_MASK;
3934 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3935 pmap_copy_page_offs_generic(VM_PAGE_TO_PHYS(a_pg), a_pg_offset,
3936 VM_PAGE_TO_PHYS(b_pg), b_pg_offset, cnt);
3944 pmap_quick_enter_page(vm_page_t m)
3947 * Don't bother with a PCPU pageframe, since we don't support
3948 * SMP for anything pre-armv7. Use pmap_kenter() to ensure
3949 * caching is handled correctly for multiple mappings of the
3950 * same physical page.
3953 mtx_assert(&qmap_mtx, MA_NOTOWNED);
3954 mtx_lock(&qmap_mtx);
3956 pmap_kenter(qmap_addr, VM_PAGE_TO_PHYS(m));
3962 pmap_quick_remove_page(vm_offset_t addr)
3964 KASSERT(addr == qmap_addr,
3965 ("pmap_quick_remove_page: invalid address"));
3966 mtx_assert(&qmap_mtx, MA_OWNED);
3968 mtx_unlock(&qmap_mtx);
3972 * this routine returns true if a physical page resides
3973 * in the given pmap.
3976 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3982 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3983 ("pmap_page_exists_quick: page %p is not managed", m));
3985 rw_wlock(&pvh_global_lock);
3986 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3987 if (pv->pv_pmap == pmap) {
3995 rw_wunlock(&pvh_global_lock);
4000 * pmap_page_wired_mappings:
4002 * Return the number of managed mappings to the given physical page
4006 pmap_page_wired_mappings(vm_page_t m)
4012 if ((m->oflags & VPO_UNMANAGED) != 0)
4014 rw_wlock(&pvh_global_lock);
4015 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
4016 if ((pv->pv_flags & PVF_WIRED) != 0)
4018 rw_wunlock(&pvh_global_lock);
4023 * This function is advisory.
4026 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4031 * pmap_ts_referenced:
4033 * Return the count of reference bits for a page, clearing all of them.
4036 pmap_ts_referenced(vm_page_t m)
4039 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4040 ("pmap_ts_referenced: page %p is not managed", m));
4041 return (pmap_clearbit(m, PVF_REF));
4045 pmap_is_modified(vm_page_t m)
4048 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4049 ("pmap_is_modified: page %p is not managed", m));
4050 if (m->md.pvh_attrs & PVF_MOD)
4057 * Clear the modify bits on the specified physical page.
4060 pmap_clear_modify(vm_page_t m)
4063 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4064 ("pmap_clear_modify: page %p is not managed", m));
4065 vm_page_assert_busied(m);
4067 if (!pmap_page_is_write_mapped(m))
4069 if (m->md.pvh_attrs & PVF_MOD)
4070 pmap_clearbit(m, PVF_MOD);
4074 * pmap_is_referenced:
4076 * Return whether or not the specified physical page was referenced
4077 * in any physical maps.
4080 pmap_is_referenced(vm_page_t m)
4083 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4084 ("pmap_is_referenced: page %p is not managed", m));
4085 return ((m->md.pvh_attrs & PVF_REF) != 0);
4089 * Clear the write and modified bits in each of the given page's mappings.
4092 pmap_remove_write(vm_page_t m)
4095 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4096 ("pmap_remove_write: page %p is not managed", m));
4097 vm_page_assert_busied(m);
4099 if (pmap_page_is_write_mapped(m))
4100 pmap_clearbit(m, PVF_WRITE);
4104 * Perform the pmap work for mincore(2). If the page is not both referenced and
4105 * modified by this pmap, returns its physical address so that the caller can
4106 * find other mappings.
4109 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
4111 struct l2_bucket *l2b;
4112 pt_entry_t *ptep, pte;
4119 l2b = pmap_get_l2_bucket(pmap, addr);
4124 ptep = &l2b->l2b_kva[l2pte_index(addr)];
4126 if (!l2pte_valid(pte)) {
4130 val = MINCORE_INCORE;
4131 if (pte & L2_S_PROT_W)
4132 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4135 m = PHYS_TO_VM_PAGE(pa);
4136 if (m != NULL && !(m->oflags & VPO_UNMANAGED))
4140 * The ARM pmap tries to maintain a per-mapping
4141 * reference bit. The trouble is that it's kept in
4142 * the PV entry, not the PTE, so it's costly to access
4143 * here. You would need to acquire the pvh global
4144 * lock, call pmap_find_pv(), and introduce a custom
4145 * version of vm_page_pa_tryrelock() that releases and
4146 * reacquires the pvh global lock. In the end, I
4147 * doubt it's worthwhile. This may falsely report
4148 * the given address as referenced.
4150 if ((m->md.pvh_attrs & PVF_REF) != 0)
4151 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4153 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4154 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4162 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
4167 * Increase the starting virtual address of the given mapping if a
4168 * different alignment might result in more superpage mappings.
4171 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4172 vm_offset_t *addr, vm_size_t size)
4176 #define BOOTSTRAP_DEBUG
4181 * Create a single section mapping.
4184 pmap_map_section(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa,
4185 int prot, int cache)
4187 pd_entry_t *pde = (pd_entry_t *) l1pt;
4190 KASSERT(((va | pa) & L1_S_OFFSET) == 0, ("ouin2"));
4199 fl = pte_l1_s_cache_mode;
4203 fl = pte_l1_s_cache_mode_pt;
4207 pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa |
4208 L1_S_PROT(PTE_KERNEL, prot) | fl | L1_S_DOM(PMAP_DOMAIN_KERNEL);
4209 PTE_SYNC(&pde[va >> L1_S_SHIFT]);
4216 * Link the L2 page table specified by l2pv.pv_pa into the L1
4217 * page table at the slot for "va".
4220 pmap_link_l2pt(vm_offset_t l1pt, vm_offset_t va, struct pv_addr *l2pv)
4222 pd_entry_t *pde = (pd_entry_t *) l1pt, proto;
4223 u_int slot = va >> L1_S_SHIFT;
4225 proto = L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_C_PROTO;
4227 #ifdef VERBOSE_INIT_ARM
4228 printf("pmap_link_l2pt: pa=0x%x va=0x%x\n", l2pv->pv_pa, l2pv->pv_va);
4231 pde[slot + 0] = proto | (l2pv->pv_pa + 0x000);
4233 PTE_SYNC(&pde[slot]);
4235 SLIST_INSERT_HEAD(&kernel_pt_list, l2pv, pv_list);
4242 * Create a single page mapping.
4245 pmap_map_entry(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa, int prot,
4248 pd_entry_t *pde = (pd_entry_t *) l1pt;
4252 KASSERT(((va | pa) & PAGE_MASK) == 0, ("ouin"));
4261 fl = pte_l2_s_cache_mode;
4265 fl = pte_l2_s_cache_mode_pt;
4269 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
4270 panic("pmap_map_entry: no L2 table for VA 0x%08x", va);
4272 pte = (pt_entry_t *) kernel_pt_lookup(pde[L1_IDX(va)] & L1_C_ADDR_MASK);
4275 panic("pmap_map_entry: can't find L2 table for VA 0x%08x", va);
4277 pte[l2pte_index(va)] =
4278 L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL, prot) | fl;
4279 PTE_SYNC(&pte[l2pte_index(va)]);
4285 * Map a chunk of memory using the most efficient mappings
4286 * possible (section. large page, small page) into the
4287 * provided L1 and L2 tables at the specified virtual address.
4290 pmap_map_chunk(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa,
4291 vm_size_t size, int prot, int cache)
4293 pd_entry_t *pde = (pd_entry_t *) l1pt;
4294 pt_entry_t *pte, f1, f2s, f2l;
4298 resid = roundup2(size, PAGE_SIZE);
4301 panic("pmap_map_chunk: no L1 table provided");
4303 #ifdef VERBOSE_INIT_ARM
4304 printf("pmap_map_chunk: pa=0x%x va=0x%x size=0x%x resid=0x%x "
4305 "prot=0x%x cache=%d\n", pa, va, size, resid, prot, cache);
4317 f1 = pte_l1_s_cache_mode;
4318 f2l = pte_l2_l_cache_mode;
4319 f2s = pte_l2_s_cache_mode;
4323 f1 = pte_l1_s_cache_mode_pt;
4324 f2l = pte_l2_l_cache_mode_pt;
4325 f2s = pte_l2_s_cache_mode_pt;
4332 /* See if we can use a section mapping. */
4333 if (L1_S_MAPPABLE_P(va, pa, resid)) {
4334 #ifdef VERBOSE_INIT_ARM
4337 pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa |
4338 L1_S_PROT(PTE_KERNEL, prot) | f1 |
4339 L1_S_DOM(PMAP_DOMAIN_KERNEL);
4340 PTE_SYNC(&pde[va >> L1_S_SHIFT]);
4348 * Ok, we're going to use an L2 table. Make sure
4349 * one is actually in the corresponding L1 slot
4350 * for the current VA.
4352 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
4353 panic("pmap_map_chunk: no L2 table for VA 0x%08x", va);
4355 pte = (pt_entry_t *) kernel_pt_lookup(
4356 pde[L1_IDX(va)] & L1_C_ADDR_MASK);
4358 panic("pmap_map_chunk: can't find L2 table for VA"
4360 /* See if we can use a L2 large page mapping. */
4361 if (L2_L_MAPPABLE_P(va, pa, resid)) {
4362 #ifdef VERBOSE_INIT_ARM
4365 for (i = 0; i < 16; i++) {
4366 pte[l2pte_index(va) + i] =
4368 L2_L_PROT(PTE_KERNEL, prot) | f2l;
4369 PTE_SYNC(&pte[l2pte_index(va) + i]);
4377 /* Use a small page mapping. */
4378 #ifdef VERBOSE_INIT_ARM
4381 pte[l2pte_index(va)] =
4382 L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL, prot) | f2s;
4383 PTE_SYNC(&pte[l2pte_index(va)]);
4388 #ifdef VERBOSE_INIT_ARM
4396 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4399 * Remember the memattr in a field that gets used to set the appropriate
4400 * bits in the PTEs as mappings are established.
4402 m->md.pv_memattr = ma;
4405 * It appears that this function can only be called before any mappings
4406 * for the page are established on ARM. If this ever changes, this code
4407 * will need to walk the pv_list and make each of the existing mappings
4408 * uncacheable, being careful to sync caches and PTEs (and maybe
4409 * invalidate TLB?) for any current mapping it modifies.
4411 if (m->md.pv_kva != 0 || TAILQ_FIRST(&m->md.pv_list) != NULL)
4412 panic("Can't change memattr on page with existing mappings");
4416 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
4419 return (mode == VM_MEMATTR_DEFAULT || mode == VM_MEMATTR_UNCACHEABLE);
projects / FreeBSD / FreeBSD.git / blob