1 /* From: $NetBSD: pmap.c,v 1.148 2004/04/03 04:35:48 bsh Exp $ */
3 * Copyright 2011 Semihalf
4 * Copyright 2004 Olivier Houchard.
5 * Copyright 2003 Wasabi Systems, Inc.
8 * Written by Steve C. Woodford for Wasabi Systems, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed for the NetBSD Project by
21 * Wasabi Systems, Inc.
22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
23 * or promote products derived from this software without specific prior
26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
38 * From: FreeBSD: src/sys/arm/arm/pmap.c,v 1.113 2009/07/24 13:50:29
42 * Copyright (c) 2002-2003 Wasabi Systems, Inc.
43 * Copyright (c) 2001 Richard Earnshaw
44 * Copyright (c) 2001-2002 Christopher Gilbert
45 * All rights reserved.
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 * 3. The name of the company nor the name of the author may be used to
53 * endorse or promote products derived from this software without specific
54 * prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
57 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
58 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
59 * IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
69 * Copyright (c) 1999 The NetBSD Foundation, Inc.
70 * All rights reserved.
72 * This code is derived from software contributed to The NetBSD Foundation
73 * by Charles M. Hannum.
75 * Redistribution and use in source and binary forms, with or without
76 * modification, are permitted provided that the following conditions
78 * 1. Redistributions of source code must retain the above copyright
79 * notice, this list of conditions and the following disclaimer.
80 * 2. Redistributions in binary form must reproduce the above copyright
81 * notice, this list of conditions and the following disclaimer in the
82 * documentation and/or other materials provided with the distribution.
84 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
85 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
86 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
87 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
88 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
89 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
90 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
91 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
92 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
93 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
94 * POSSIBILITY OF SUCH DAMAGE.
98 * Copyright (c) 1994-1998 Mark Brinicombe.
99 * Copyright (c) 1994 Brini.
100 * All rights reserved.
102 * This code is derived from software written for Brini by Mark Brinicombe
104 * Redistribution and use in source and binary forms, with or without
105 * modification, are permitted provided that the following conditions
107 * 1. Redistributions of source code must retain the above copyright
108 * notice, this list of conditions and the following disclaimer.
109 * 2. Redistributions in binary form must reproduce the above copyright
110 * notice, this list of conditions and the following disclaimer in the
111 * documentation and/or other materials provided with the distribution.
112 * 3. All advertising materials mentioning features or use of this software
113 * must display the following acknowledgement:
114 * This product includes software developed by Mark Brinicombe.
115 * 4. The name of the author may not be used to endorse or promote products
116 * derived from this software without specific prior written permission.
118 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
119 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
120 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
121 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
122 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
123 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
124 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
125 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
126 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
128 * RiscBSD kernel project
132 * Machine dependant vm stuff
138 * Special compilation symbols
139 * PMAP_DEBUG - Build in pmap_debug_level code
141 * Note that pmap_mapdev() and pmap_unmapdev() are implemented in arm/devmap.c
143 /* Include header files */
146 #include "opt_pmap.h"
148 #include <sys/cdefs.h>
149 __FBSDID("$FreeBSD$");
150 #include <sys/param.h>
151 #include <sys/systm.h>
152 #include <sys/kernel.h>
154 #include <sys/lock.h>
155 #include <sys/proc.h>
156 #include <sys/malloc.h>
157 #include <sys/msgbuf.h>
158 #include <sys/mutex.h>
159 #include <sys/vmmeter.h>
160 #include <sys/mman.h>
161 #include <sys/rwlock.h>
163 #include <sys/sched.h>
164 #include <sys/sysctl.h>
167 #include <vm/vm_param.h>
170 #include <vm/vm_kern.h>
171 #include <vm/vm_object.h>
172 #include <vm/vm_map.h>
173 #include <vm/vm_page.h>
174 #include <vm/vm_pageout.h>
175 #include <vm/vm_extern.h>
176 #include <vm/vm_reserv.h>
178 #include <machine/md_var.h>
179 #include <machine/cpu.h>
180 #include <machine/cpufunc.h>
181 #include <machine/pcb.h>
184 extern int last_fault_code;
188 #define PDEBUG(_lev_,_stat_) \
189 if (pmap_debug_level >= (_lev_)) \
191 #define dprintf printf
193 int pmap_debug_level = 0;
195 #else /* PMAP_DEBUG */
196 #define PDEBUG(_lev_,_stat_) /* Nothing */
197 #define dprintf(x, arg...)
198 #define PMAP_INLINE __inline
199 #endif /* PMAP_DEBUG */
202 #define PV_STAT(x) do { x ; } while (0)
204 #define PV_STAT(x) do { } while (0)
207 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
210 #define pmap_l2cache_wbinv_range(va, pa, size) cpu_l2cache_wbinv_range((pa), (size))
211 #define pmap_l2cache_inv_range(va, pa, size) cpu_l2cache_inv_range((pa), (size))
213 #define pmap_l2cache_wbinv_range(va, pa, size) cpu_l2cache_wbinv_range((va), (size))
214 #define pmap_l2cache_inv_range(va, pa, size) cpu_l2cache_inv_range((va), (size))
217 extern struct pv_addr systempage;
220 * Internal function prototypes
224 struct pv_entry *pmap_find_pv(struct md_page *, pmap_t, vm_offset_t);
225 static void pmap_free_pv_chunk(struct pv_chunk *pc);
226 static void pmap_free_pv_entry(pmap_t pmap, pv_entry_t pv);
227 static pv_entry_t pmap_get_pv_entry(pmap_t pmap, boolean_t try);
228 static vm_page_t pmap_pv_reclaim(pmap_t locked_pmap);
229 static boolean_t pmap_pv_insert_section(pmap_t, vm_offset_t,
231 static struct pv_entry *pmap_remove_pv(struct vm_page *, pmap_t, vm_offset_t);
232 static int pmap_pvh_wired_mappings(struct md_page *, int);
234 static void pmap_enter_locked(pmap_t, vm_offset_t, vm_prot_t,
235 vm_page_t, vm_prot_t, boolean_t, int);
236 static vm_paddr_t pmap_extract_locked(pmap_t pmap, vm_offset_t va);
237 static void pmap_alloc_l1(pmap_t);
238 static void pmap_free_l1(pmap_t);
240 static void pmap_map_section(pmap_t, vm_offset_t, vm_offset_t,
241 vm_prot_t, boolean_t);
242 static void pmap_promote_section(pmap_t, vm_offset_t);
243 static boolean_t pmap_demote_section(pmap_t, vm_offset_t);
244 static boolean_t pmap_enter_section(pmap_t, vm_offset_t, vm_page_t,
246 static void pmap_remove_section(pmap_t, vm_offset_t);
248 static int pmap_clearbit(struct vm_page *, u_int);
250 static struct l2_bucket *pmap_get_l2_bucket(pmap_t, vm_offset_t);
251 static struct l2_bucket *pmap_alloc_l2_bucket(pmap_t, vm_offset_t);
252 static void pmap_free_l2_bucket(pmap_t, struct l2_bucket *, u_int);
253 static vm_offset_t kernel_pt_lookup(vm_paddr_t);
255 static MALLOC_DEFINE(M_VMPMAP, "pmap", "PMAP L1");
257 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
258 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
259 vm_offset_t pmap_curmaxkvaddr;
260 vm_paddr_t kernel_l1pa;
262 vm_offset_t kernel_vm_end = 0;
264 vm_offset_t vm_max_kernel_address;
266 struct pmap kernel_pmap_store;
269 * Resources for quickly copying and zeroing pages using virtual address space
270 * and page table entries that are pre-allocated per-CPU by pmap_init().
279 static struct czpages cpu_czpages[MAXCPU];
281 static void pmap_init_l1(struct l1_ttable *, pd_entry_t *);
283 * These routines are called when the CPU type is identified to set up
284 * the PTE prototypes, cache modes, etc.
286 * The variables are always here, just in case LKMs need to reference
287 * them (though, they shouldn't).
289 static void pmap_set_prot(pt_entry_t *pte, vm_prot_t prot, uint8_t user);
290 pt_entry_t pte_l1_s_cache_mode;
291 pt_entry_t pte_l1_s_cache_mode_pt;
293 pt_entry_t pte_l2_l_cache_mode;
294 pt_entry_t pte_l2_l_cache_mode_pt;
296 pt_entry_t pte_l2_s_cache_mode;
297 pt_entry_t pte_l2_s_cache_mode_pt;
299 struct msgbuf *msgbufp = 0;
304 static caddr_t crashdumpmap;
306 extern void bcopy_page(vm_offset_t, vm_offset_t);
307 extern void bzero_page(vm_offset_t);
312 * Metadata for L1 translation tables.
315 /* Entry on the L1 Table list */
316 SLIST_ENTRY(l1_ttable) l1_link;
318 /* Entry on the L1 Least Recently Used list */
319 TAILQ_ENTRY(l1_ttable) l1_lru;
321 /* Track how many domains are allocated from this L1 */
322 volatile u_int l1_domain_use_count;
325 * A free-list of domain numbers for this L1.
326 * We avoid using ffs() and a bitmap to track domains since ffs()
329 u_int8_t l1_domain_first;
330 u_int8_t l1_domain_free[PMAP_DOMAINS];
332 /* Physical address of this L1 page table */
333 vm_paddr_t l1_physaddr;
335 /* KVA of this L1 page table */
340 * Convert a virtual address into its L1 table index. That is, the
341 * index used to locate the L2 descriptor table pointer in an L1 table.
342 * This is basically used to index l1->l1_kva[].
344 * Each L2 descriptor table represents 1MB of VA space.
346 #define L1_IDX(va) (((vm_offset_t)(va)) >> L1_S_SHIFT)
349 * L1 Page Tables are tracked using a Least Recently Used list.
350 * - New L1s are allocated from the HEAD.
351 * - Freed L1s are added to the TAIl.
352 * - Recently accessed L1s (where an 'access' is some change to one of
353 * the userland pmaps which owns this L1) are moved to the TAIL.
355 static TAILQ_HEAD(, l1_ttable) l1_lru_list;
357 * A list of all L1 tables
359 static SLIST_HEAD(, l1_ttable) l1_list;
360 static struct mtx l1_lru_lock;
363 * The l2_dtable tracks L2_BUCKET_SIZE worth of L1 slots.
365 * This is normally 16MB worth L2 page descriptors for any given pmap.
366 * Reference counts are maintained for L2 descriptors so they can be
370 /* The number of L2 page descriptors allocated to this l2_dtable */
373 /* List of L2 page descriptors */
375 pt_entry_t *l2b_kva; /* KVA of L2 Descriptor Table */
376 vm_paddr_t l2b_phys; /* Physical address of same */
377 u_short l2b_l1idx; /* This L2 table's L1 index */
378 u_short l2b_occupancy; /* How many active descriptors */
379 } l2_bucket[L2_BUCKET_SIZE];
382 /* pmap_kenter_internal flags */
383 #define KENTER_CACHE 0x1
384 #define KENTER_DEVICE 0x2
385 #define KENTER_USER 0x4
388 * Given an L1 table index, calculate the corresponding l2_dtable index
389 * and bucket index within the l2_dtable.
391 #define L2_IDX(l1idx) (((l1idx) >> L2_BUCKET_LOG2) & \
393 #define L2_BUCKET(l1idx) ((l1idx) & (L2_BUCKET_SIZE - 1))
396 * Given a virtual address, this macro returns the
397 * virtual address required to drop into the next L2 bucket.
399 #define L2_NEXT_BUCKET(va) (((va) & L1_S_FRAME) + L1_S_SIZE)
402 * We try to map the page tables write-through, if possible. However, not
403 * all CPUs have a write-through cache mode, so on those we have to sync
404 * the cache when we frob page tables.
406 * We try to evaluate this at compile time, if possible. However, it's
407 * not always possible to do that, hence this run-time var.
409 int pmap_needs_pte_sync;
412 * Macro to determine if a mapping might be resident in the
413 * instruction cache and/or TLB
415 #define PTE_BEEN_EXECD(pte) (L2_S_EXECUTABLE(pte) && L2_S_REFERENCED(pte))
418 * Macro to determine if a mapping might be resident in the
419 * data cache and/or TLB
421 #define PTE_BEEN_REFD(pte) (L2_S_REFERENCED(pte))
423 #ifndef PMAP_SHPGPERPROC
424 #define PMAP_SHPGPERPROC 200
427 #define pmap_is_current(pm) ((pm) == pmap_kernel() || \
428 curproc->p_vmspace->vm_map.pmap == (pm))
431 * Data for the pv entry allocation mechanism
433 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
434 static int pv_entry_count, pv_entry_max, pv_entry_high_water;
435 static struct md_page *pv_table;
436 static int shpgperproc = PMAP_SHPGPERPROC;
438 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
439 int pv_maxchunks; /* How many chunks we have KVA for */
440 vm_offset_t pv_vafree; /* Freelist stored in the PTE */
442 static __inline struct pv_chunk *
443 pv_to_chunk(pv_entry_t pv)
446 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
449 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
451 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
452 CTASSERT(_NPCM == 8);
453 CTASSERT(_NPCPV == 252);
455 #define PC_FREE0_6 0xfffffffful /* Free values for index 0 through 6 */
456 #define PC_FREE7 0x0ffffffful /* Free values for index 7 */
458 static const uint32_t pc_freemask[_NPCM] = {
459 PC_FREE0_6, PC_FREE0_6, PC_FREE0_6,
460 PC_FREE0_6, PC_FREE0_6, PC_FREE0_6,
464 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
466 /* Superpages utilization enabled = 1 / disabled = 0 */
467 static int sp_enabled = 0;
468 SYSCTL_INT(_vm_pmap, OID_AUTO, sp_enabled, CTLFLAG_RDTUN, &sp_enabled, 0,
469 "Are large page mappings enabled?");
471 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
472 "Current number of pv entries");
475 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
477 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
478 "Current number of pv entry chunks");
479 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
480 "Current number of pv entry chunks allocated");
481 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
482 "Current number of pv entry chunks frees");
483 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
484 "Number of times tried to get a chunk page but failed.");
486 static long pv_entry_frees, pv_entry_allocs;
487 static int pv_entry_spare;
489 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
490 "Current number of pv entry frees");
491 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
492 "Current number of pv entry allocs");
493 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
494 "Current number of spare pv entries");
498 static uma_zone_t l2table_zone;
499 static vm_offset_t pmap_kernel_l2dtable_kva;
500 static vm_offset_t pmap_kernel_l2ptp_kva;
501 static vm_paddr_t pmap_kernel_l2ptp_phys;
502 static struct rwlock pvh_global_lock;
504 int l1_mem_types[] = {
506 ARM_L1S_DEVICE_NOSHARE,
507 ARM_L1S_DEVICE_SHARE,
508 ARM_L1S_NRML_NOCACHE,
509 ARM_L1S_NRML_IWT_OWT,
510 ARM_L1S_NRML_IWB_OWB,
511 ARM_L1S_NRML_IWBA_OWBA
514 int l2l_mem_types[] = {
516 ARM_L2L_DEVICE_NOSHARE,
517 ARM_L2L_DEVICE_SHARE,
518 ARM_L2L_NRML_NOCACHE,
519 ARM_L2L_NRML_IWT_OWT,
520 ARM_L2L_NRML_IWB_OWB,
521 ARM_L2L_NRML_IWBA_OWBA
524 int l2s_mem_types[] = {
526 ARM_L2S_DEVICE_NOSHARE,
527 ARM_L2S_DEVICE_SHARE,
528 ARM_L2S_NRML_NOCACHE,
529 ARM_L2S_NRML_IWT_OWT,
530 ARM_L2S_NRML_IWB_OWB,
531 ARM_L2S_NRML_IWBA_OWBA
535 * This list exists for the benefit of pmap_map_chunk(). It keeps track
536 * of the kernel L2 tables during bootstrap, so that pmap_map_chunk() can
537 * find them as necessary.
539 * Note that the data on this list MUST remain valid after initarm() returns,
540 * as pmap_bootstrap() uses it to contruct L2 table metadata.
542 SLIST_HEAD(, pv_addr) kernel_pt_list = SLIST_HEAD_INITIALIZER(kernel_pt_list);
545 pmap_init_l1(struct l1_ttable *l1, pd_entry_t *l1pt)
550 l1->l1_domain_use_count = 0;
551 l1->l1_domain_first = 0;
553 for (i = 0; i < PMAP_DOMAINS; i++)
554 l1->l1_domain_free[i] = i + 1;
557 * Copy the kernel's L1 entries to each new L1.
559 if (l1pt != pmap_kernel()->pm_l1->l1_kva)
560 memcpy(l1pt, pmap_kernel()->pm_l1->l1_kva, L1_TABLE_SIZE);
562 if ((l1->l1_physaddr = pmap_extract(pmap_kernel(), (vm_offset_t)l1pt)) == 0)
563 panic("pmap_init_l1: can't get PA of L1 at %p", l1pt);
564 SLIST_INSERT_HEAD(&l1_list, l1, l1_link);
565 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
569 kernel_pt_lookup(vm_paddr_t pa)
573 SLIST_FOREACH(pv, &kernel_pt_list, pv_list) {
581 pmap_pte_init_mmu_v6(void)
584 if (PTE_PAGETABLE >= 3)
585 pmap_needs_pte_sync = 1;
586 pte_l1_s_cache_mode = l1_mem_types[PTE_CACHE];
587 pte_l2_l_cache_mode = l2l_mem_types[PTE_CACHE];
588 pte_l2_s_cache_mode = l2s_mem_types[PTE_CACHE];
590 pte_l1_s_cache_mode_pt = l1_mem_types[PTE_PAGETABLE];
591 pte_l2_l_cache_mode_pt = l2l_mem_types[PTE_PAGETABLE];
592 pte_l2_s_cache_mode_pt = l2s_mem_types[PTE_PAGETABLE];
597 * Allocate an L1 translation table for the specified pmap.
598 * This is called at pmap creation time.
601 pmap_alloc_l1(pmap_t pmap)
603 struct l1_ttable *l1;
607 * Remove the L1 at the head of the LRU list
609 mtx_lock(&l1_lru_lock);
610 l1 = TAILQ_FIRST(&l1_lru_list);
611 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
614 * Pick the first available domain number, and update
615 * the link to the next number.
617 domain = l1->l1_domain_first;
618 l1->l1_domain_first = l1->l1_domain_free[domain];
621 * If there are still free domain numbers in this L1,
622 * put it back on the TAIL of the LRU list.
624 if (++l1->l1_domain_use_count < PMAP_DOMAINS)
625 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
627 mtx_unlock(&l1_lru_lock);
630 * Fix up the relevant bits in the pmap structure
633 pmap->pm_domain = domain + 1;
637 * Free an L1 translation table.
638 * This is called at pmap destruction time.
641 pmap_free_l1(pmap_t pmap)
643 struct l1_ttable *l1 = pmap->pm_l1;
645 mtx_lock(&l1_lru_lock);
648 * If this L1 is currently on the LRU list, remove it.
650 if (l1->l1_domain_use_count < PMAP_DOMAINS)
651 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
654 * Free up the domain number which was allocated to the pmap
656 l1->l1_domain_free[pmap->pm_domain - 1] = l1->l1_domain_first;
657 l1->l1_domain_first = pmap->pm_domain - 1;
658 l1->l1_domain_use_count--;
661 * The L1 now must have at least 1 free domain, so add
662 * it back to the LRU list. If the use count is zero,
663 * put it at the head of the list, otherwise it goes
666 if (l1->l1_domain_use_count == 0) {
667 TAILQ_INSERT_HEAD(&l1_lru_list, l1, l1_lru);
669 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
671 mtx_unlock(&l1_lru_lock);
675 * Returns a pointer to the L2 bucket associated with the specified pmap
676 * and VA, or NULL if no L2 bucket exists for the address.
678 static PMAP_INLINE struct l2_bucket *
679 pmap_get_l2_bucket(pmap_t pmap, vm_offset_t va)
681 struct l2_dtable *l2;
682 struct l2_bucket *l2b;
687 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL ||
688 (l2b = &l2->l2_bucket[L2_BUCKET(l1idx)])->l2b_kva == NULL)
695 * Returns a pointer to the L2 bucket associated with the specified pmap
698 * If no L2 bucket exists, perform the necessary allocations to put an L2
699 * bucket/page table in place.
701 * Note that if a new L2 bucket/page was allocated, the caller *must*
702 * increment the bucket occupancy counter appropriately *before*
703 * releasing the pmap's lock to ensure no other thread or cpu deallocates
704 * the bucket/page in the meantime.
706 static struct l2_bucket *
707 pmap_alloc_l2_bucket(pmap_t pmap, vm_offset_t va)
709 struct l2_dtable *l2;
710 struct l2_bucket *l2b;
715 PMAP_ASSERT_LOCKED(pmap);
716 rw_assert(&pvh_global_lock, RA_WLOCKED);
717 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL) {
719 * No mapping at this address, as there is
720 * no entry in the L1 table.
721 * Need to allocate a new l2_dtable.
724 rw_wunlock(&pvh_global_lock);
725 if ((l2 = uma_zalloc(l2table_zone, M_NOWAIT)) == NULL) {
726 rw_wlock(&pvh_global_lock);
730 rw_wlock(&pvh_global_lock);
732 if (pmap->pm_l2[L2_IDX(l1idx)] != NULL) {
734 * Someone already allocated the l2_dtable while
735 * we were doing the same.
737 uma_zfree(l2table_zone, l2);
738 l2 = pmap->pm_l2[L2_IDX(l1idx)];
740 bzero(l2, sizeof(*l2));
742 * Link it into the parent pmap
744 pmap->pm_l2[L2_IDX(l1idx)] = l2;
748 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
751 * Fetch pointer to the L2 page table associated with the address.
753 if (l2b->l2b_kva == NULL) {
757 * No L2 page table has been allocated. Chances are, this
758 * is because we just allocated the l2_dtable, above.
761 rw_wunlock(&pvh_global_lock);
762 ptep = uma_zalloc(l2zone, M_NOWAIT);
763 rw_wlock(&pvh_global_lock);
765 if (l2b->l2b_kva != 0) {
766 /* We lost the race. */
767 uma_zfree(l2zone, ptep);
770 l2b->l2b_phys = vtophys(ptep);
773 * Oops, no more L2 page tables available at this
774 * time. We may need to deallocate the l2_dtable
775 * if we allocated a new one above.
777 if (l2->l2_occupancy == 0) {
778 pmap->pm_l2[L2_IDX(l1idx)] = NULL;
779 uma_zfree(l2table_zone, l2);
786 l2b->l2b_l1idx = l1idx;
792 static PMAP_INLINE void
793 pmap_free_l2_ptp(pt_entry_t *l2)
795 uma_zfree(l2zone, l2);
798 * One or more mappings in the specified L2 descriptor table have just been
801 * Garbage collect the metadata and descriptor table itself if necessary.
803 * The pmap lock must be acquired when this is called (not necessary
804 * for the kernel pmap).
807 pmap_free_l2_bucket(pmap_t pmap, struct l2_bucket *l2b, u_int count)
809 struct l2_dtable *l2;
810 pd_entry_t *pl1pd, l1pd;
816 * Update the bucket's reference count according to how many
817 * PTEs the caller has just invalidated.
819 l2b->l2b_occupancy -= count;
824 * Level 2 page tables allocated to the kernel pmap are never freed
825 * as that would require checking all Level 1 page tables and
826 * removing any references to the Level 2 page table. See also the
827 * comment elsewhere about never freeing bootstrap L2 descriptors.
829 * We make do with just invalidating the mapping in the L2 table.
831 * This isn't really a big deal in practice and, in fact, leads
832 * to a performance win over time as we don't need to continually
835 if (l2b->l2b_occupancy > 0 || pmap == pmap_kernel())
839 * There are no more valid mappings in this level 2 page table.
840 * Go ahead and NULL-out the pointer in the bucket, then
841 * free the page table.
843 l1idx = l2b->l2b_l1idx;
847 pl1pd = &pmap->pm_l1->l1_kva[l1idx];
850 * If the L1 slot matches the pmap's domain
851 * number, then invalidate it.
853 l1pd = *pl1pd & (L1_TYPE_MASK | L1_C_DOM_MASK);
854 if (l1pd == (L1_C_DOM(pmap->pm_domain) | L1_TYPE_C)) {
857 cpu_tlb_flushD_SE((vm_offset_t)ptep);
862 * Release the L2 descriptor table back to the pool cache.
864 pmap_free_l2_ptp(ptep);
867 * Update the reference count in the associated l2_dtable
869 l2 = pmap->pm_l2[L2_IDX(l1idx)];
870 if (--l2->l2_occupancy > 0)
874 * There are no more valid mappings in any of the Level 1
875 * slots managed by this l2_dtable. Go ahead and NULL-out
876 * the pointer in the parent pmap and free the l2_dtable.
878 pmap->pm_l2[L2_IDX(l1idx)] = NULL;
879 uma_zfree(l2table_zone, l2);
883 * Pool cache constructors for L2 descriptor tables, metadata and pmap
887 pmap_l2ptp_ctor(void *mem, int size, void *arg, int flags)
889 struct l2_bucket *l2b;
890 pt_entry_t *ptep, pte;
891 vm_offset_t va = (vm_offset_t)mem & ~PAGE_MASK;
894 * The mappings for these page tables were initially made using
895 * pmap_kenter() by the pool subsystem. Therefore, the cache-
896 * mode will not be right for page table mappings. To avoid
897 * polluting the pmap_kenter() code with a special case for
898 * page tables, we simply fix up the cache-mode here if it's not
901 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
902 ptep = &l2b->l2b_kva[l2pte_index(va)];
905 cpu_idcache_wbinv_range(va, PAGE_SIZE);
906 pmap_l2cache_wbinv_range(va, pte & L2_S_FRAME, PAGE_SIZE);
907 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
909 * Page tables must have the cache-mode set to
912 *ptep = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
914 cpu_tlb_flushD_SE(va);
918 memset(mem, 0, L2_TABLE_SIZE_REAL);
923 * Modify pte bits for all ptes corresponding to the given physical address.
924 * We use `maskbits' rather than `clearbits' because we're always passing
925 * constants and the latter would require an extra inversion at run-time.
928 pmap_clearbit(struct vm_page *m, u_int maskbits)
930 struct l2_bucket *l2b;
931 struct pv_entry *pv, *pve, *next_pv;
934 pt_entry_t *ptep, npte, opte;
940 rw_wlock(&pvh_global_lock);
941 if ((m->flags & PG_FICTITIOUS) != 0)
944 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
945 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, next_pv) {
949 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
950 KASSERT((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO,
951 ("pmap_clearbit: valid section mapping expected"));
952 if ((maskbits & PVF_WRITE) && (pv->pv_flags & PVF_WRITE))
953 (void)pmap_demote_section(pmap, va);
954 else if ((maskbits & PVF_REF) && L1_S_REFERENCED(*pl1pd)) {
955 if (pmap_demote_section(pmap, va)) {
956 if ((pv->pv_flags & PVF_WIRED) == 0) {
958 * Remove the mapping to a single page
959 * so that a subsequent access may
960 * repromote. Since the underlying
961 * l2_bucket is fully populated, this
962 * removal never frees an entire
965 va += (VM_PAGE_TO_PHYS(m) &
967 l2b = pmap_get_l2_bucket(pmap, va);
969 ("pmap_clearbit: no l2 bucket for "
970 "va 0x%#x, pmap 0x%p", va, pmap));
971 ptep = &l2b->l2b_kva[l2pte_index(va)];
974 pmap_free_l2_bucket(pmap, l2b, 1);
975 pve = pmap_remove_pv(m, pmap, va);
976 KASSERT(pve != NULL, ("pmap_clearbit: "
977 "no PV entry for managed mapping"));
978 pmap_free_pv_entry(pmap, pve);
982 } else if ((maskbits & PVF_MOD) && L1_S_WRITABLE(*pl1pd)) {
983 if (pmap_demote_section(pmap, va)) {
984 if ((pv->pv_flags & PVF_WIRED) == 0) {
986 * Write protect the mapping to a
987 * single page so that a subsequent
988 * write access may repromote.
990 va += (VM_PAGE_TO_PHYS(m) &
992 l2b = pmap_get_l2_bucket(pmap, va);
994 ("pmap_clearbit: no l2 bucket for "
995 "va 0x%#x, pmap 0x%p", va, pmap));
996 ptep = &l2b->l2b_kva[l2pte_index(va)];
997 if ((*ptep & L2_S_PROTO) != 0) {
998 pve = pmap_find_pv(&m->md,
1000 KASSERT(pve != NULL,
1001 ("pmap_clearbit: no PV "
1002 "entry for managed mapping"));
1003 pve->pv_flags &= ~PVF_WRITE;
1014 if (TAILQ_EMPTY(&m->md.pv_list)) {
1015 rw_wunlock(&pvh_global_lock);
1020 * Loop over all current mappings setting/clearing as appropos
1022 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
1025 oflags = pv->pv_flags;
1026 pv->pv_flags &= ~maskbits;
1030 l2b = pmap_get_l2_bucket(pmap, va);
1031 KASSERT(l2b != NULL, ("pmap_clearbit: no l2 bucket for "
1032 "va 0x%#x, pmap 0x%p", va, pmap));
1034 ptep = &l2b->l2b_kva[l2pte_index(va)];
1035 npte = opte = *ptep;
1037 if (maskbits & (PVF_WRITE | PVF_MOD)) {
1038 /* make the pte read only */
1042 if (maskbits & PVF_REF) {
1044 * Clear referenced flag in PTE so that we
1045 * will take a flag fault the next time the mapping
1051 CTR4(KTR_PMAP,"clearbit: pmap:%p bits:%x pte:%x->%x",
1052 pmap, maskbits, opte, npte);
1057 /* Flush the TLB entry if a current pmap. */
1058 if (PTE_BEEN_EXECD(opte))
1059 cpu_tlb_flushID_SE(pv->pv_va);
1060 else if (PTE_BEEN_REFD(opte))
1061 cpu_tlb_flushD_SE(pv->pv_va);
1069 if (maskbits & PVF_WRITE)
1070 vm_page_aflag_clear(m, PGA_WRITEABLE);
1071 rw_wunlock(&pvh_global_lock);
1076 * main pv_entry manipulation functions:
1077 * pmap_enter_pv: enter a mapping onto a vm_page list
1078 * pmap_remove_pv: remove a mappiing from a vm_page list
1080 * NOTE: pmap_enter_pv expects to lock the pvh itself
1081 * pmap_remove_pv expects the caller to lock the pvh before calling
1085 * pmap_enter_pv: enter a mapping onto a vm_page's PV list
1087 * => caller should hold the proper lock on pvh_global_lock
1088 * => caller should have pmap locked
1089 * => we will (someday) gain the lock on the vm_page's PV list
1090 * => caller should adjust ptp's wire_count before calling
1091 * => caller should not adjust pmap's wire_count
1094 pmap_enter_pv(struct vm_page *m, struct pv_entry *pve, pmap_t pmap,
1095 vm_offset_t va, u_int flags)
1098 rw_assert(&pvh_global_lock, RA_WLOCKED);
1100 PMAP_ASSERT_LOCKED(pmap);
1102 pve->pv_flags = flags;
1104 TAILQ_INSERT_HEAD(&m->md.pv_list, pve, pv_list);
1105 if (pve->pv_flags & PVF_WIRED)
1106 ++pmap->pm_stats.wired_count;
1111 * pmap_find_pv: Find a pv entry
1113 * => caller should hold lock on vm_page
1115 static PMAP_INLINE struct pv_entry *
1116 pmap_find_pv(struct md_page *md, pmap_t pmap, vm_offset_t va)
1118 struct pv_entry *pv;
1120 rw_assert(&pvh_global_lock, RA_WLOCKED);
1121 TAILQ_FOREACH(pv, &md->pv_list, pv_list)
1122 if (pmap == PV_PMAP(pv) && va == pv->pv_va)
1129 * vector_page_setprot:
1131 * Manipulate the protection of the vector page.
1134 vector_page_setprot(int prot)
1136 struct l2_bucket *l2b;
1139 l2b = pmap_get_l2_bucket(pmap_kernel(), vector_page);
1141 ptep = &l2b->l2b_kva[l2pte_index(vector_page)];
1143 * Set referenced flag.
1144 * Vectors' page is always desired
1145 * to be allowed to reside in TLB.
1149 pmap_set_prot(ptep, prot|VM_PROT_EXECUTE, 0);
1151 cpu_tlb_flushID_SE(vector_page);
1156 pmap_set_prot(pt_entry_t *ptep, vm_prot_t prot, uint8_t user)
1159 *ptep &= ~(L2_S_PROT_MASK | L2_XN);
1161 if (!(prot & VM_PROT_EXECUTE))
1164 /* Set defaults first - kernel read access */
1166 *ptep |= L2_S_PROT_R;
1167 /* Now tune APs as desired */
1169 *ptep |= L2_S_PROT_U;
1171 if (prot & VM_PROT_WRITE)
1176 * pmap_remove_pv: try to remove a mapping from a pv_list
1178 * => caller should hold proper lock on pmap_main_lock
1179 * => pmap should be locked
1180 * => caller should hold lock on vm_page [so that attrs can be adjusted]
1181 * => caller should adjust ptp's wire_count and free PTP if needed
1182 * => caller should NOT adjust pmap's wire_count
1183 * => we return the removed pve
1185 static struct pv_entry *
1186 pmap_remove_pv(struct vm_page *m, pmap_t pmap, vm_offset_t va)
1188 struct pv_entry *pve;
1190 rw_assert(&pvh_global_lock, RA_WLOCKED);
1191 PMAP_ASSERT_LOCKED(pmap);
1193 pve = pmap_find_pv(&m->md, pmap, va); /* find corresponding pve */
1195 TAILQ_REMOVE(&m->md.pv_list, pve, pv_list);
1196 if (pve->pv_flags & PVF_WIRED)
1197 --pmap->pm_stats.wired_count;
1199 if (TAILQ_EMPTY(&m->md.pv_list))
1200 vm_page_aflag_clear(m, PGA_WRITEABLE);
1202 return(pve); /* return removed pve */
1207 * pmap_modify_pv: Update pv flags
1209 * => caller should hold lock on vm_page [so that attrs can be adjusted]
1210 * => caller should NOT adjust pmap's wire_count
1211 * => we return the old flags
1213 * Modify a physical-virtual mapping in the pv table
1216 pmap_modify_pv(struct vm_page *m, pmap_t pmap, vm_offset_t va,
1217 u_int clr_mask, u_int set_mask)
1219 struct pv_entry *npv;
1220 u_int flags, oflags;
1222 PMAP_ASSERT_LOCKED(pmap);
1223 rw_assert(&pvh_global_lock, RA_WLOCKED);
1224 if ((npv = pmap_find_pv(&m->md, pmap, va)) == NULL)
1228 * There is at least one VA mapping this page.
1230 oflags = npv->pv_flags;
1231 npv->pv_flags = flags = (oflags & ~clr_mask) | set_mask;
1233 if ((flags ^ oflags) & PVF_WIRED) {
1234 if (flags & PVF_WIRED)
1235 ++pmap->pm_stats.wired_count;
1237 --pmap->pm_stats.wired_count;
1243 /* Function to set the debug level of the pmap code */
1246 pmap_debug(int level)
1248 pmap_debug_level = level;
1249 dprintf("pmap_debug: level=%d\n", pmap_debug_level);
1251 #endif /* PMAP_DEBUG */
1254 pmap_pinit0(struct pmap *pmap)
1256 PDEBUG(1, printf("pmap_pinit0: pmap = %08x\n", (u_int32_t) pmap));
1258 bcopy(kernel_pmap, pmap, sizeof(*pmap));
1259 bzero(&pmap->pm_mtx, sizeof(pmap->pm_mtx));
1260 PMAP_LOCK_INIT(pmap);
1261 TAILQ_INIT(&pmap->pm_pvchunk);
1265 * Initialize a vm_page's machine-dependent fields.
1268 pmap_page_init(vm_page_t m)
1271 TAILQ_INIT(&m->md.pv_list);
1272 m->md.pv_memattr = VM_MEMATTR_DEFAULT;
1276 pmap_ptelist_alloc(vm_offset_t *head)
1283 return (va); /* Out of memory */
1286 if ((*head & L2_TYPE_MASK) != L2_TYPE_INV)
1287 panic("%s: va is not L2_TYPE_INV!", __func__);
1293 pmap_ptelist_free(vm_offset_t *head, vm_offset_t va)
1297 if ((va & L2_TYPE_MASK) != L2_TYPE_INV)
1298 panic("%s: freeing va that is not L2_TYPE INV!", __func__);
1300 *pte = *head; /* virtual! L2_TYPE is L2_TYPE_INV though */
1305 pmap_ptelist_init(vm_offset_t *head, void *base, int npages)
1311 for (i = npages - 1; i >= 0; i--) {
1312 va = (vm_offset_t)base + i * PAGE_SIZE;
1313 pmap_ptelist_free(head, va);
1318 * Initialize the pmap module.
1319 * Called by vm_init, to initialize any structures that the pmap
1320 * system needs to map virtual memory.
1328 l2zone = uma_zcreate("L2 Table", L2_TABLE_SIZE_REAL, pmap_l2ptp_ctor,
1329 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1330 l2table_zone = uma_zcreate("L2 Table", sizeof(struct l2_dtable), NULL,
1331 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1334 * Are large page mappings supported and enabled?
1336 TUNABLE_INT_FETCH("vm.pmap.sp_enabled", &sp_enabled);
1338 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1339 ("pmap_init: can't assign to pagesizes[1]"));
1340 pagesizes[1] = NBPDR;
1344 * Calculate the size of the pv head table for superpages.
1346 for (i = 0; phys_avail[i + 1]; i += 2);
1347 pv_npg = round_1mpage(phys_avail[(i - 2) + 1]) / NBPDR;
1350 * Allocate memory for the pv head table for superpages.
1352 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1354 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s,
1356 for (i = 0; i < pv_npg; i++)
1357 TAILQ_INIT(&pv_table[i].pv_list);
1360 * Initialize the address space for the pv chunks.
1363 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
1364 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
1365 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
1366 pv_entry_max = roundup(pv_entry_max, _NPCPV);
1367 pv_entry_high_water = 9 * (pv_entry_max / 10);
1369 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
1370 pv_chunkbase = (struct pv_chunk *)kva_alloc(PAGE_SIZE * pv_maxchunks);
1372 if (pv_chunkbase == NULL)
1373 panic("pmap_init: not enough kvm for pv chunks");
1375 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
1378 * Now it is safe to enable pv_table recording.
1380 PDEBUG(1, printf("pmap_init: done!\n"));
1383 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
1384 "Max number of PV entries");
1385 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
1386 "Page share factor per proc");
1388 static SYSCTL_NODE(_vm_pmap, OID_AUTO, section, CTLFLAG_RD, 0,
1389 "1MB page mapping counters");
1391 static u_long pmap_section_demotions;
1392 SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, demotions, CTLFLAG_RD,
1393 &pmap_section_demotions, 0, "1MB page demotions");
1395 static u_long pmap_section_mappings;
1396 SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, mappings, CTLFLAG_RD,
1397 &pmap_section_mappings, 0, "1MB page mappings");
1399 static u_long pmap_section_p_failures;
1400 SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, p_failures, CTLFLAG_RD,
1401 &pmap_section_p_failures, 0, "1MB page promotion failures");
1403 static u_long pmap_section_promotions;
1404 SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, promotions, CTLFLAG_RD,
1405 &pmap_section_promotions, 0, "1MB page promotions");
1408 pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t ftype, int user)
1410 struct l2_dtable *l2;
1411 struct l2_bucket *l2b;
1412 pd_entry_t *pl1pd, l1pd;
1413 pt_entry_t *ptep, pte;
1419 rw_wlock(&pvh_global_lock);
1422 * Check and possibly fix-up L1 section mapping
1423 * only when superpage mappings are enabled to speed up.
1426 pl1pd = &pmap->pm_l1->l1_kva[l1idx];
1428 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
1429 /* Catch an access to the vectors section */
1430 if (l1idx == L1_IDX(vector_page))
1433 * Stay away from the kernel mappings.
1434 * None of them should fault from L1 entry.
1436 if (pmap == pmap_kernel())
1439 * Catch a forbidden userland access
1441 if (user && !(l1pd & L1_S_PROT_U))
1444 * Superpage is always either mapped read only
1445 * or it is modified and permitted to be written
1446 * by default. Therefore, process only reference
1447 * flag fault and demote page in case of write fault.
1449 if ((ftype & VM_PROT_WRITE) && !L1_S_WRITABLE(l1pd) &&
1450 L1_S_REFERENCED(l1pd)) {
1451 (void)pmap_demote_section(pmap, va);
1453 } else if (!L1_S_REFERENCED(l1pd)) {
1454 /* Mark the page "referenced" */
1455 *pl1pd = l1pd | L1_S_REF;
1457 goto l1_section_out;
1463 * If there is no l2_dtable for this address, then the process
1464 * has no business accessing it.
1466 * Note: This will catch userland processes trying to access
1469 l2 = pmap->pm_l2[L2_IDX(l1idx)];
1474 * Likewise if there is no L2 descriptor table
1476 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
1477 if (l2b->l2b_kva == NULL)
1481 * Check the PTE itself.
1483 ptep = &l2b->l2b_kva[l2pte_index(va)];
1489 * Catch a userland access to the vector page mapped at 0x0
1491 if (user && !(pte & L2_S_PROT_U))
1493 if (va == vector_page)
1497 CTR5(KTR_PMAP, "pmap_fault_fix: pmap:%p va:%x pte:0x%x ftype:%x user:%x",
1498 pmap, va, pte, ftype, user);
1499 if ((ftype & VM_PROT_WRITE) && !(L2_S_WRITABLE(pte)) &&
1500 L2_S_REFERENCED(pte)) {
1502 * This looks like a good candidate for "page modified"
1505 struct pv_entry *pv;
1508 /* Extract the physical address of the page */
1509 if ((m = PHYS_TO_VM_PAGE(pa)) == NULL) {
1512 /* Get the current flags for this page. */
1514 pv = pmap_find_pv(&m->md, pmap, va);
1520 * Do the flags say this page is writable? If not then it
1521 * is a genuine write fault. If yes then the write fault is
1522 * our fault as we did not reflect the write access in the
1523 * PTE. Now we know a write has occurred we can correct this
1524 * and also set the modified bit
1526 if ((pv->pv_flags & PVF_WRITE) == 0) {
1532 /* Re-enable write permissions for the page */
1533 *ptep = (pte & ~L2_APX);
1536 CTR1(KTR_PMAP, "pmap_fault_fix: new pte:0x%x", *ptep);
1537 } else if (!L2_S_REFERENCED(pte)) {
1539 * This looks like a good candidate for "page referenced"
1542 struct pv_entry *pv;
1545 /* Extract the physical address of the page */
1546 if ((m = PHYS_TO_VM_PAGE(pa)) == NULL)
1548 /* Get the current flags for this page. */
1549 pv = pmap_find_pv(&m->md, pmap, va);
1553 vm_page_aflag_set(m, PGA_REFERENCED);
1555 /* Mark the page "referenced" */
1556 *ptep = pte | L2_S_REF;
1559 CTR1(KTR_PMAP, "pmap_fault_fix: new pte:0x%x", *ptep);
1563 * We know there is a valid mapping here, so simply
1564 * fix up the L1 if necessary.
1566 pl1pd = &pmap->pm_l1->l1_kva[l1idx];
1567 l1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) | L1_C_PROTO;
1568 if (*pl1pd != l1pd) {
1576 * If 'rv == 0' at this point, it generally indicates that there is a
1577 * stale TLB entry for the faulting address. This happens when two or
1578 * more processes are sharing an L1. Since we don't flush the TLB on
1579 * a context switch between such processes, we can take domain faults
1580 * for mappings which exist at the same VA in both processes. EVEN IF
1581 * WE'VE RECENTLY FIXED UP THE CORRESPONDING L1 in pmap_enter(), for
1584 * This is extremely likely to happen if pmap_enter() updated the L1
1585 * entry for a recently entered mapping. In this case, the TLB is
1586 * flushed for the new mapping, but there may still be TLB entries for
1587 * other mappings belonging to other processes in the 1MB range
1588 * covered by the L1 entry.
1590 * Since 'rv == 0', we know that the L1 already contains the correct
1591 * value, so the fault must be due to a stale TLB entry.
1593 * Since we always need to flush the TLB anyway in the case where we
1594 * fixed up the L1, or frobbed the L2 PTE, we effectively deal with
1595 * stale TLB entries dynamically.
1597 * However, the above condition can ONLY happen if the current L1 is
1598 * being shared. If it happens when the L1 is unshared, it indicates
1599 * that other parts of the pmap are not doing their job WRT managing
1602 if (rv == 0 && pmap->pm_l1->l1_domain_use_count == 1) {
1603 printf("fixup: pmap %p, va 0x%08x, ftype %d - nothing to do!\n",
1605 printf("fixup: l2 %p, l2b %p, ptep %p, pl1pd %p\n",
1606 l2, l2b, ptep, pl1pd);
1607 printf("fixup: pte 0x%x, l1pd 0x%x, last code 0x%x\n",
1608 pte, l1pd, last_fault_code);
1616 cpu_tlb_flushID_SE(va);
1622 rw_wunlock(&pvh_global_lock);
1630 struct l2_bucket *l2b;
1631 struct l1_ttable *l1;
1633 pt_entry_t *ptep, pte;
1634 vm_offset_t va, eva;
1637 needed = (maxproc / PMAP_DOMAINS) + ((maxproc % PMAP_DOMAINS) ? 1 : 0);
1639 l1 = malloc(sizeof(*l1) * needed, M_VMPMAP, M_WAITOK);
1641 for (loop = 0; loop < needed; loop++, l1++) {
1642 /* Allocate a L1 page table */
1643 va = (vm_offset_t)contigmalloc(L1_TABLE_SIZE, M_VMPMAP, 0, 0x0,
1644 0xffffffff, L1_TABLE_SIZE, 0);
1647 panic("Cannot allocate L1 KVM");
1649 eva = va + L1_TABLE_SIZE;
1650 pl1pt = (pd_entry_t *)va;
1653 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
1654 ptep = &l2b->l2b_kva[l2pte_index(va)];
1656 pte = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
1659 cpu_tlb_flushID_SE(va);
1663 pmap_init_l1(l1, pl1pt);
1666 printf("pmap_postinit: Allocated %d static L1 descriptor tables\n",
1672 * This is used to stuff certain critical values into the PCB where they
1673 * can be accessed quickly from cpu_switch() et al.
1676 pmap_set_pcb_pagedir(pmap_t pmap, struct pcb *pcb)
1678 struct l2_bucket *l2b;
1680 pcb->pcb_pagedir = pmap->pm_l1->l1_physaddr;
1681 pcb->pcb_dacr = (DOMAIN_CLIENT << (PMAP_DOMAIN_KERNEL * 2)) |
1682 (DOMAIN_CLIENT << (pmap->pm_domain * 2));
1684 if (vector_page < KERNBASE) {
1685 pcb->pcb_pl1vec = &pmap->pm_l1->l1_kva[L1_IDX(vector_page)];
1686 l2b = pmap_get_l2_bucket(pmap, vector_page);
1687 pcb->pcb_l1vec = l2b->l2b_phys | L1_C_PROTO |
1688 L1_C_DOM(pmap->pm_domain) | L1_C_DOM(PMAP_DOMAIN_KERNEL);
1690 pcb->pcb_pl1vec = NULL;
1694 pmap_activate(struct thread *td)
1699 pmap = vmspace_pmap(td->td_proc->p_vmspace);
1703 pmap_set_pcb_pagedir(pmap, pcb);
1705 if (td == curthread) {
1706 u_int cur_dacr, cur_ttb;
1708 __asm __volatile("mrc p15, 0, %0, c2, c0, 0" : "=r"(cur_ttb));
1709 __asm __volatile("mrc p15, 0, %0, c3, c0, 0" : "=r"(cur_dacr));
1711 cur_ttb &= ~(L1_TABLE_SIZE - 1);
1713 if (cur_ttb == (u_int)pcb->pcb_pagedir &&
1714 cur_dacr == pcb->pcb_dacr) {
1716 * No need to switch address spaces.
1724 * We MUST, I repeat, MUST fix up the L1 entry corresponding
1725 * to 'vector_page' in the incoming L1 table before switching
1726 * to it otherwise subsequent interrupts/exceptions (including
1727 * domain faults!) will jump into hyperspace.
1729 if (pcb->pcb_pl1vec) {
1730 *pcb->pcb_pl1vec = pcb->pcb_l1vec;
1733 cpu_domains(pcb->pcb_dacr);
1734 cpu_setttb(pcb->pcb_pagedir);
1740 pmap_set_pt_cache_mode(pd_entry_t *kl1, vm_offset_t va)
1742 pd_entry_t *pdep, pde;
1743 pt_entry_t *ptep, pte;
1748 * Make sure the descriptor itself has the correct cache mode
1750 pdep = &kl1[L1_IDX(va)];
1753 if (l1pte_section_p(pde)) {
1754 if ((pde & L1_S_CACHE_MASK) != pte_l1_s_cache_mode_pt) {
1755 *pdep = (pde & ~L1_S_CACHE_MASK) |
1756 pte_l1_s_cache_mode_pt;
1761 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1762 ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1764 panic("pmap_bootstrap: No L2 for L2 @ va %p\n", ptep);
1766 ptep = &ptep[l2pte_index(va)];
1768 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
1769 *ptep = (pte & ~L2_S_CACHE_MASK) |
1770 pte_l2_s_cache_mode_pt;
1780 pmap_alloc_specials(vm_offset_t *availp, int pages, vm_offset_t *vap,
1783 vm_offset_t va = *availp;
1784 struct l2_bucket *l2b;
1787 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
1789 panic("pmap_alloc_specials: no l2b for 0x%x", va);
1791 *ptep = &l2b->l2b_kva[l2pte_index(va)];
1795 *availp = va + (PAGE_SIZE * pages);
1799 * Bootstrap the system enough to run with virtual memory.
1801 * On the arm this is called after mapping has already been enabled
1802 * and just syncs the pmap module with what has already been done.
1803 * [We can't call it easily with mapping off since the kernel is not
1804 * mapped with PA == VA, hence we would have to relocate every address
1805 * from the linked base (virtual) address "KERNBASE" to the actual
1806 * (physical) address starting relative to 0]
1808 #define PMAP_STATIC_L2_SIZE 16
1811 pmap_bootstrap(vm_offset_t firstaddr, struct pv_addr *l1pt)
1813 static struct l1_ttable static_l1;
1814 static struct l2_dtable static_l2[PMAP_STATIC_L2_SIZE];
1815 struct l1_ttable *l1 = &static_l1;
1816 struct l2_dtable *l2;
1817 struct l2_bucket *l2b;
1818 struct czpages *czp;
1820 pd_entry_t *kernel_l1pt = (pd_entry_t *)l1pt->pv_va;
1825 int i, l1idx, l2idx, l2next = 0;
1827 PDEBUG(1, printf("firstaddr = %08x, lastaddr = %08x\n",
1828 firstaddr, vm_max_kernel_address));
1830 virtual_avail = firstaddr;
1831 kernel_pmap->pm_l1 = l1;
1832 kernel_l1pa = l1pt->pv_pa;
1835 * Scan the L1 translation table created by initarm() and create
1836 * the required metadata for all valid mappings found in it.
1838 for (l1idx = 0; l1idx < (L1_TABLE_SIZE / sizeof(pd_entry_t)); l1idx++) {
1839 pde = kernel_l1pt[l1idx];
1842 * We're only interested in Coarse mappings.
1843 * pmap_extract() can deal with section mappings without
1844 * recourse to checking L2 metadata.
1846 if ((pde & L1_TYPE_MASK) != L1_TYPE_C)
1850 * Lookup the KVA of this L2 descriptor table
1852 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1853 ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1856 panic("pmap_bootstrap: No L2 for va 0x%x, pa 0x%lx",
1857 (u_int)l1idx << L1_S_SHIFT, (long unsigned int)pa);
1861 * Fetch the associated L2 metadata structure.
1862 * Allocate a new one if necessary.
1864 if ((l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)]) == NULL) {
1865 if (l2next == PMAP_STATIC_L2_SIZE)
1866 panic("pmap_bootstrap: out of static L2s");
1867 kernel_pmap->pm_l2[L2_IDX(l1idx)] = l2 =
1868 &static_l2[l2next++];
1872 * One more L1 slot tracked...
1877 * Fill in the details of the L2 descriptor in the
1878 * appropriate bucket.
1880 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
1881 l2b->l2b_kva = ptep;
1883 l2b->l2b_l1idx = l1idx;
1886 * Establish an initial occupancy count for this descriptor
1889 l2idx < (L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
1891 if ((ptep[l2idx] & L2_TYPE_MASK) != L2_TYPE_INV) {
1892 l2b->l2b_occupancy++;
1897 * Make sure the descriptor itself has the correct cache mode.
1898 * If not, fix it, but whine about the problem. Port-meisters
1899 * should consider this a clue to fix up their initarm()
1902 if (pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)ptep)) {
1903 printf("pmap_bootstrap: WARNING! wrong cache mode for "
1904 "L2 pte @ %p\n", ptep);
1910 * Ensure the primary (kernel) L1 has the correct cache mode for
1911 * a page table. Bitch if it is not correctly set.
1913 for (va = (vm_offset_t)kernel_l1pt;
1914 va < ((vm_offset_t)kernel_l1pt + L1_TABLE_SIZE); va += PAGE_SIZE) {
1915 if (pmap_set_pt_cache_mode(kernel_l1pt, va))
1916 printf("pmap_bootstrap: WARNING! wrong cache mode for "
1917 "primary L1 @ 0x%x\n", va);
1920 cpu_dcache_wbinv_all();
1921 cpu_l2cache_wbinv_all();
1925 PMAP_LOCK_INIT(kernel_pmap);
1926 CPU_FILL(&kernel_pmap->pm_active);
1927 kernel_pmap->pm_domain = PMAP_DOMAIN_KERNEL;
1928 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
1931 * Initialize the global pv list lock.
1933 rw_init(&pvh_global_lock, "pmap pv global");
1936 * Reserve some special page table entries/VA space for temporary
1937 * mapping of pages that are being copied or zeroed.
1939 for (czp = cpu_czpages, i = 0; i < MAXCPU; ++i, ++czp) {
1940 mtx_init(&czp->lock, "czpages", NULL, MTX_DEF);
1941 pmap_alloc_specials(&virtual_avail, 1, &czp->srcva, &czp->srcptep);
1942 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)czp->srcptep);
1943 pmap_alloc_specials(&virtual_avail, 1, &czp->dstva, &czp->dstptep);
1944 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)czp->dstptep);
1947 size = ((vm_max_kernel_address - pmap_curmaxkvaddr) + L1_S_OFFSET) /
1949 pmap_alloc_specials(&virtual_avail,
1950 round_page(size * L2_TABLE_SIZE_REAL) / PAGE_SIZE,
1951 &pmap_kernel_l2ptp_kva, NULL);
1953 size = (size + (L2_BUCKET_SIZE - 1)) / L2_BUCKET_SIZE;
1954 pmap_alloc_specials(&virtual_avail,
1955 round_page(size * sizeof(struct l2_dtable)) / PAGE_SIZE,
1956 &pmap_kernel_l2dtable_kva, NULL);
1958 pmap_alloc_specials(&virtual_avail,
1959 1, (vm_offset_t*)&_tmppt, NULL);
1960 pmap_alloc_specials(&virtual_avail,
1961 MAXDUMPPGS, (vm_offset_t *)&crashdumpmap, NULL);
1962 SLIST_INIT(&l1_list);
1963 TAILQ_INIT(&l1_lru_list);
1964 mtx_init(&l1_lru_lock, "l1 list lock", NULL, MTX_DEF);
1965 pmap_init_l1(l1, kernel_l1pt);
1966 cpu_dcache_wbinv_all();
1967 cpu_l2cache_wbinv_all();
1971 virtual_avail = round_page(virtual_avail);
1972 virtual_end = vm_max_kernel_address;
1973 kernel_vm_end = pmap_curmaxkvaddr;
1975 pmap_set_pcb_pagedir(kernel_pmap, thread0.td_pcb);
1978 /***************************************************
1979 * Pmap allocation/deallocation routines.
1980 ***************************************************/
1983 * Release any resources held by the given physical map.
1984 * Called when a pmap initialized by pmap_pinit is being released.
1985 * Should only be called if the map contains no valid mappings.
1988 pmap_release(pmap_t pmap)
1994 if (vector_page < KERNBASE) {
1995 struct pcb *curpcb = PCPU_GET(curpcb);
1996 pcb = thread0.td_pcb;
1997 if (pmap_is_current(pmap)) {
1999 * Frob the L1 entry corresponding to the vector
2000 * page so that it contains the kernel pmap's domain
2001 * number. This will ensure pmap_remove() does not
2002 * pull the current vector page out from under us.
2005 *pcb->pcb_pl1vec = pcb->pcb_l1vec;
2006 cpu_domains(pcb->pcb_dacr);
2007 cpu_setttb(pcb->pcb_pagedir);
2010 pmap_remove(pmap, vector_page, vector_page + PAGE_SIZE);
2012 * Make sure cpu_switch(), et al, DTRT. This is safe to do
2013 * since this process has no remaining mappings of its own.
2015 curpcb->pcb_pl1vec = pcb->pcb_pl1vec;
2016 curpcb->pcb_l1vec = pcb->pcb_l1vec;
2017 curpcb->pcb_dacr = pcb->pcb_dacr;
2018 curpcb->pcb_pagedir = pcb->pcb_pagedir;
2023 dprintf("pmap_release()\n");
2029 * Helper function for pmap_grow_l2_bucket()
2032 pmap_grow_map(vm_offset_t va, pt_entry_t cache_mode, vm_paddr_t *pap)
2034 struct l2_bucket *l2b;
2039 m = vm_page_alloc(NULL, 0, VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
2042 pa = VM_PAGE_TO_PHYS(m);
2047 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
2049 ptep = &l2b->l2b_kva[l2pte_index(va)];
2050 *ptep = L2_S_PROTO | pa | cache_mode | L2_S_REF;
2051 pmap_set_prot(ptep, VM_PROT_READ | VM_PROT_WRITE, 0);
2053 cpu_tlb_flushD_SE(va);
2060 * This is the same as pmap_alloc_l2_bucket(), except that it is only
2061 * used by pmap_growkernel().
2063 static __inline struct l2_bucket *
2064 pmap_grow_l2_bucket(pmap_t pmap, vm_offset_t va)
2066 struct l2_dtable *l2;
2067 struct l2_bucket *l2b;
2068 struct l1_ttable *l1;
2075 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL) {
2077 * No mapping at this address, as there is
2078 * no entry in the L1 table.
2079 * Need to allocate a new l2_dtable.
2081 nva = pmap_kernel_l2dtable_kva;
2082 if ((nva & PAGE_MASK) == 0) {
2084 * Need to allocate a backing page
2086 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2090 l2 = (struct l2_dtable *)nva;
2091 nva += sizeof(struct l2_dtable);
2093 if ((nva & PAGE_MASK) < (pmap_kernel_l2dtable_kva &
2096 * The new l2_dtable straddles a page boundary.
2097 * Map in another page to cover it.
2099 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2103 pmap_kernel_l2dtable_kva = nva;
2106 * Link it into the parent pmap
2108 pmap->pm_l2[L2_IDX(l1idx)] = l2;
2109 memset(l2, 0, sizeof(*l2));
2112 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
2115 * Fetch pointer to the L2 page table associated with the address.
2117 if (l2b->l2b_kva == NULL) {
2121 * No L2 page table has been allocated. Chances are, this
2122 * is because we just allocated the l2_dtable, above.
2124 nva = pmap_kernel_l2ptp_kva;
2125 ptep = (pt_entry_t *)nva;
2126 if ((nva & PAGE_MASK) == 0) {
2128 * Need to allocate a backing page
2130 if (pmap_grow_map(nva, pte_l2_s_cache_mode_pt,
2131 &pmap_kernel_l2ptp_phys))
2134 memset(ptep, 0, L2_TABLE_SIZE_REAL);
2136 l2b->l2b_kva = ptep;
2137 l2b->l2b_l1idx = l1idx;
2138 l2b->l2b_phys = pmap_kernel_l2ptp_phys;
2140 pmap_kernel_l2ptp_kva += L2_TABLE_SIZE_REAL;
2141 pmap_kernel_l2ptp_phys += L2_TABLE_SIZE_REAL;
2144 /* Distribute new L1 entry to all other L1s */
2145 SLIST_FOREACH(l1, &l1_list, l1_link) {
2146 pl1pd = &l1->l1_kva[L1_IDX(va)];
2147 *pl1pd = l2b->l2b_phys | L1_C_DOM(PMAP_DOMAIN_KERNEL) |
2151 cpu_tlb_flushID_SE(va);
2159 * grow the number of kernel page table entries, if needed
2162 pmap_growkernel(vm_offset_t addr)
2164 pmap_t kpmap = pmap_kernel();
2166 if (addr <= pmap_curmaxkvaddr)
2167 return; /* we are OK */
2170 * whoops! we need to add kernel PTPs
2173 /* Map 1MB at a time */
2174 for (; pmap_curmaxkvaddr < addr; pmap_curmaxkvaddr += L1_S_SIZE)
2175 pmap_grow_l2_bucket(kpmap, pmap_curmaxkvaddr);
2177 kernel_vm_end = pmap_curmaxkvaddr;
2181 * Returns TRUE if the given page is mapped individually or as part of
2182 * a 1MB section. Otherwise, returns FALSE.
2185 pmap_page_is_mapped(vm_page_t m)
2189 if ((m->oflags & VPO_UNMANAGED) != 0)
2191 rw_wlock(&pvh_global_lock);
2192 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
2193 ((m->flags & PG_FICTITIOUS) == 0 &&
2194 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
2195 rw_wunlock(&pvh_global_lock);
2200 * Remove all pages from specified address space
2201 * this aids process exit speeds. Also, this code
2202 * is special cased for current process only, but
2203 * can have the more generic (and slightly slower)
2204 * mode enabled. This is much faster than pmap_remove
2205 * in the case of running down an entire address space.
2208 pmap_remove_pages(pmap_t pmap)
2210 struct pv_entry *pv;
2211 struct l2_bucket *l2b = NULL;
2212 struct pv_chunk *pc, *npc;
2213 struct md_page *pvh;
2214 pd_entry_t *pl1pd, l1pd;
2218 uint32_t inuse, bitmask;
2219 int allfree, bit, field, idx;
2221 rw_wlock(&pvh_global_lock);
2224 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
2226 for (field = 0; field < _NPCM; field++) {
2227 inuse = ~pc->pc_map[field] & pc_freemask[field];
2228 while (inuse != 0) {
2229 bit = ffs(inuse) - 1;
2230 bitmask = 1ul << bit;
2231 idx = field * sizeof(inuse) * NBBY + bit;
2232 pv = &pc->pc_pventry[idx];
2235 if (pv->pv_flags & PVF_WIRED) {
2236 /* Cannot remove wired pages now. */
2240 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
2242 l2b = pmap_get_l2_bucket(pmap, va);
2243 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
2244 pvh = pa_to_pvh(l1pd & L1_S_FRAME);
2245 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list);
2246 if (TAILQ_EMPTY(&pvh->pv_list)) {
2247 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME);
2248 KASSERT((vm_offset_t)m >= KERNBASE,
2249 ("Trying to access non-existent page "
2250 "va %x l1pd %x", trunc_1mpage(va), l1pd));
2251 for (mt = m; mt < &m[L2_PTE_NUM_TOTAL]; mt++) {
2252 if (TAILQ_EMPTY(&mt->md.pv_list))
2253 vm_page_aflag_clear(mt, PGA_WRITEABLE);
2257 KASSERT(l2b->l2b_occupancy == L2_PTE_NUM_TOTAL,
2258 ("pmap_remove_pages: l2_bucket occupancy error"));
2259 pmap_free_l2_bucket(pmap, l2b, L2_PTE_NUM_TOTAL);
2261 pmap->pm_stats.resident_count -= L2_PTE_NUM_TOTAL;
2265 KASSERT(l2b != NULL,
2266 ("No L2 bucket in pmap_remove_pages"));
2267 ptep = &l2b->l2b_kva[l2pte_index(va)];
2268 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep));
2269 KASSERT((vm_offset_t)m >= KERNBASE,
2270 ("Trying to access non-existent page "
2271 "va %x pte %x", va, *ptep));
2272 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2273 if (TAILQ_EMPTY(&m->md.pv_list) &&
2274 (m->flags & PG_FICTITIOUS) == 0) {
2275 pvh = pa_to_pvh(l2pte_pa(*ptep));
2276 if (TAILQ_EMPTY(&pvh->pv_list))
2277 vm_page_aflag_clear(m, PGA_WRITEABLE);
2281 pmap_free_l2_bucket(pmap, l2b, 1);
2282 pmap->pm_stats.resident_count--;
2286 PV_STAT(pv_entry_frees++);
2287 PV_STAT(pv_entry_spare++);
2289 pc->pc_map[field] |= bitmask;
2293 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2294 pmap_free_pv_chunk(pc);
2299 rw_wunlock(&pvh_global_lock);
2306 /***************************************************
2307 * Low level mapping routines.....
2308 ***************************************************/
2310 #ifdef ARM_HAVE_SUPERSECTIONS
2311 /* Map a super section into the KVA. */
2314 pmap_kenter_supersection(vm_offset_t va, uint64_t pa, int flags)
2316 pd_entry_t pd = L1_S_PROTO | L1_S_SUPERSEC | (pa & L1_SUP_FRAME) |
2317 (((pa >> 32) & 0xf) << 20) | L1_S_PROT(PTE_KERNEL,
2318 VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) |
2319 L1_S_DOM(PMAP_DOMAIN_KERNEL);
2320 struct l1_ttable *l1;
2321 vm_offset_t va0, va_end;
2323 KASSERT(((va | pa) & L1_SUP_OFFSET) == 0,
2324 ("Not a valid super section mapping"));
2325 if (flags & SECTION_CACHE)
2326 pd |= pte_l1_s_cache_mode;
2327 else if (flags & SECTION_PT)
2328 pd |= pte_l1_s_cache_mode_pt;
2330 va0 = va & L1_SUP_FRAME;
2331 va_end = va + L1_SUP_SIZE;
2332 SLIST_FOREACH(l1, &l1_list, l1_link) {
2334 for (; va < va_end; va += L1_S_SIZE) {
2335 l1->l1_kva[L1_IDX(va)] = pd;
2336 PTE_SYNC(&l1->l1_kva[L1_IDX(va)]);
2342 /* Map a section into the KVA. */
2345 pmap_kenter_section(vm_offset_t va, vm_offset_t pa, int flags)
2347 pd_entry_t pd = L1_S_PROTO | pa | L1_S_PROT(PTE_KERNEL,
2348 VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) | L1_S_REF |
2349 L1_S_DOM(PMAP_DOMAIN_KERNEL);
2350 struct l1_ttable *l1;
2352 KASSERT(((va | pa) & L1_S_OFFSET) == 0,
2353 ("Not a valid section mapping"));
2354 if (flags & SECTION_CACHE)
2355 pd |= pte_l1_s_cache_mode;
2356 else if (flags & SECTION_PT)
2357 pd |= pte_l1_s_cache_mode_pt;
2359 SLIST_FOREACH(l1, &l1_list, l1_link) {
2360 l1->l1_kva[L1_IDX(va)] = pd;
2361 PTE_SYNC(&l1->l1_kva[L1_IDX(va)]);
2363 cpu_tlb_flushID_SE(va);
2368 * Make a temporary mapping for a physical address. This is only intended
2369 * to be used for panic dumps.
2372 pmap_kenter_temp(vm_paddr_t pa, int i)
2376 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
2377 pmap_kenter(va, pa);
2378 return ((void *)crashdumpmap);
2382 * add a wired page to the kva
2383 * note that in order for the mapping to take effect -- you
2384 * should do a invltlb after doing the pmap_kenter...
2386 static PMAP_INLINE void
2387 pmap_kenter_internal(vm_offset_t va, vm_offset_t pa, int flags)
2389 struct l2_bucket *l2b;
2393 PDEBUG(1, printf("pmap_kenter: va = %08x, pa = %08x\n",
2394 (uint32_t) va, (uint32_t) pa));
2397 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
2399 l2b = pmap_grow_l2_bucket(pmap_kernel(), va);
2400 KASSERT(l2b != NULL, ("No L2 Bucket"));
2402 ptep = &l2b->l2b_kva[l2pte_index(va)];
2405 if (flags & KENTER_CACHE)
2406 *ptep = L2_S_PROTO | l2s_mem_types[PTE_CACHE] | pa | L2_S_REF;
2407 else if (flags & KENTER_DEVICE)
2408 *ptep = L2_S_PROTO | l2s_mem_types[PTE_DEVICE] | pa | L2_S_REF;
2410 *ptep = L2_S_PROTO | l2s_mem_types[PTE_NOCACHE] | pa | L2_S_REF;
2412 if (flags & KENTER_CACHE) {
2413 pmap_set_prot(ptep, VM_PROT_READ | VM_PROT_WRITE,
2414 flags & KENTER_USER);
2416 pmap_set_prot(ptep, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE,
2421 if (l2pte_valid(opte)) {
2422 if (L2_S_EXECUTABLE(opte) || L2_S_EXECUTABLE(*ptep))
2423 cpu_tlb_flushID_SE(va);
2425 cpu_tlb_flushD_SE(va);
2428 l2b->l2b_occupancy++;
2432 PDEBUG(1, printf("pmap_kenter: pte = %08x, opte = %08x, npte = %08x\n",
2433 (uint32_t) ptep, opte, *ptep));
2437 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
2439 pmap_kenter_internal(va, pa, KENTER_CACHE);
2443 pmap_kenter_nocache(vm_offset_t va, vm_paddr_t pa)
2446 pmap_kenter_internal(va, pa, 0);
2450 pmap_kenter_device(vm_offset_t va, vm_paddr_t pa)
2453 pmap_kenter_internal(va, pa, KENTER_DEVICE);
2457 pmap_kenter_user(vm_offset_t va, vm_paddr_t pa)
2460 pmap_kenter_internal(va, pa, KENTER_CACHE|KENTER_USER);
2462 * Call pmap_fault_fixup now, to make sure we'll have no exception
2463 * at the first use of the new address, or bad things will happen,
2464 * as we use one of these addresses in the exception handlers.
2466 pmap_fault_fixup(pmap_kernel(), va, VM_PROT_READ|VM_PROT_WRITE, 1);
2470 pmap_kextract(vm_offset_t va)
2473 if (kernel_vm_end == 0)
2475 return (pmap_extract_locked(kernel_pmap, va));
2479 * remove a page from the kernel pagetables
2482 pmap_kremove(vm_offset_t va)
2484 struct l2_bucket *l2b;
2485 pt_entry_t *ptep, opte;
2487 l2b = pmap_get_l2_bucket(pmap_kernel(), va);
2490 KASSERT(l2b != NULL, ("No L2 Bucket"));
2491 ptep = &l2b->l2b_kva[l2pte_index(va)];
2493 if (l2pte_valid(opte)) {
2494 va = va & ~PAGE_MASK;
2497 if (L2_S_EXECUTABLE(opte))
2498 cpu_tlb_flushID_SE(va);
2500 cpu_tlb_flushD_SE(va);
2507 * Used to map a range of physical addresses into kernel
2508 * virtual address space.
2510 * The value passed in '*virt' is a suggested virtual address for
2511 * the mapping. Architectures which can support a direct-mapped
2512 * physical to virtual region can return the appropriate address
2513 * within that region, leaving '*virt' unchanged. Other
2514 * architectures should map the pages starting at '*virt' and
2515 * update '*virt' with the first usable address after the mapped
2519 pmap_map(vm_offset_t *virt, vm_offset_t start, vm_offset_t end, int prot)
2521 vm_offset_t sva = *virt;
2522 vm_offset_t va = sva;
2524 PDEBUG(1, printf("pmap_map: virt = %08x, start = %08x, end = %08x, "
2525 "prot = %d\n", (uint32_t) *virt, (uint32_t) start, (uint32_t) end,
2528 while (start < end) {
2529 pmap_kenter(va, start);
2538 * Add a list of wired pages to the kva
2539 * this routine is only used for temporary
2540 * kernel mappings that do not need to have
2541 * page modification or references recorded.
2542 * Note that old mappings are simply written
2543 * over. The page *must* be wired.
2546 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
2550 for (i = 0; i < count; i++) {
2551 pmap_kenter_internal(va, VM_PAGE_TO_PHYS(m[i]),
2559 * this routine jerks page mappings from the
2560 * kernel -- it is meant only for temporary mappings.
2563 pmap_qremove(vm_offset_t va, int count)
2567 for (i = 0; i < count; i++) {
2577 * pmap_object_init_pt preloads the ptes for a given object
2578 * into the specified pmap. This eliminates the blast of soft
2579 * faults on process startup and immediately after an mmap.
2582 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
2583 vm_pindex_t pindex, vm_size_t size)
2586 VM_OBJECT_ASSERT_WLOCKED(object);
2587 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
2588 ("pmap_object_init_pt: non-device object"));
2593 * pmap_is_prefaultable:
2595 * Return whether or not the specified virtual address is elgible
2599 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
2604 if (!pmap_get_pde_pte(pmap, addr, &pdep, &ptep))
2606 KASSERT((pdep != NULL && (l1pte_section_p(*pdep) || ptep != NULL)),
2607 ("Valid mapping but no pte ?"));
2608 if (*pdep != 0 && !l1pte_section_p(*pdep))
2615 * Fetch pointers to the PDE/PTE for the given pmap/VA pair.
2616 * Returns TRUE if the mapping exists, else FALSE.
2618 * NOTE: This function is only used by a couple of arm-specific modules.
2619 * It is not safe to take any pmap locks here, since we could be right
2620 * in the middle of debugging the pmap anyway...
2622 * It is possible for this routine to return FALSE even though a valid
2623 * mapping does exist. This is because we don't lock, so the metadata
2624 * state may be inconsistent.
2626 * NOTE: We can return a NULL *ptp in the case where the L1 pde is
2627 * a "section" mapping.
2630 pmap_get_pde_pte(pmap_t pmap, vm_offset_t va, pd_entry_t **pdp,
2633 struct l2_dtable *l2;
2634 pd_entry_t *pl1pd, l1pd;
2638 if (pmap->pm_l1 == NULL)
2642 *pdp = pl1pd = &pmap->pm_l1->l1_kva[l1idx];
2645 if (l1pte_section_p(l1pd)) {
2650 if (pmap->pm_l2 == NULL)
2653 l2 = pmap->pm_l2[L2_IDX(l1idx)];
2656 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
2660 *ptp = &ptep[l2pte_index(va)];
2665 * Routine: pmap_remove_all
2667 * Removes this physical page from
2668 * all physical maps in which it resides.
2669 * Reflects back modify bits to the pager.
2672 * Original versions of this routine were very
2673 * inefficient because they iteratively called
2674 * pmap_remove (slow...)
2677 pmap_remove_all(vm_page_t m)
2679 struct md_page *pvh;
2683 struct l2_bucket *l2b;
2684 boolean_t flush = FALSE;
2688 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2689 ("pmap_remove_all: page %p is not managed", m));
2690 rw_wlock(&pvh_global_lock);
2691 if ((m->flags & PG_FICTITIOUS) != 0)
2692 goto small_mappings;
2693 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2694 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2698 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)];
2699 KASSERT((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO,
2700 ("pmap_remove_all: valid section mapping expected"));
2701 (void)pmap_demote_section(pmap, pv->pv_va);
2705 curpmap = vmspace_pmap(curproc->p_vmspace);
2706 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2708 if (flush == FALSE && (pmap == curpmap ||
2709 pmap == pmap_kernel()))
2713 l2b = pmap_get_l2_bucket(pmap, pv->pv_va);
2714 KASSERT(l2b != NULL, ("No l2 bucket"));
2715 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
2716 is_exec |= PTE_BEEN_EXECD(*ptep);
2718 if (pmap_is_current(pmap))
2720 pmap_free_l2_bucket(pmap, l2b, 1);
2721 pmap->pm_stats.resident_count--;
2722 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2723 if (pv->pv_flags & PVF_WIRED)
2724 pmap->pm_stats.wired_count--;
2725 pmap_free_pv_entry(pmap, pv);
2736 vm_page_aflag_clear(m, PGA_WRITEABLE);
2737 rw_wunlock(&pvh_global_lock);
2741 pmap_change_attr(vm_offset_t sva, vm_size_t len, int mode)
2743 vm_offset_t base, offset, tmpva;
2745 struct l2_bucket *l2b;
2746 pt_entry_t *ptep, pte;
2747 vm_offset_t next_bucket;
2749 PMAP_LOCK(kernel_pmap);
2751 base = trunc_page(sva);
2752 offset = sva & PAGE_MASK;
2753 size = roundup(offset + len, PAGE_SIZE);
2757 * Only supported on kernel virtual addresses, including the direct
2758 * map but excluding the recursive map.
2760 if (base < DMAP_MIN_ADDRESS) {
2761 PMAP_UNLOCK(kernel_pmap);
2765 for (tmpva = base; tmpva < base + size; ) {
2766 next_bucket = L2_NEXT_BUCKET(tmpva);
2767 if (next_bucket > base + size)
2768 next_bucket = base + size;
2770 l2b = pmap_get_l2_bucket(kernel_pmap, tmpva);
2772 tmpva = next_bucket;
2776 ptep = &l2b->l2b_kva[l2pte_index(tmpva)];
2779 PMAP_UNLOCK(kernel_pmap);
2783 pte = *ptep &~ L2_S_CACHE_MASK;
2784 cpu_idcache_wbinv_range(tmpva, PAGE_SIZE);
2785 pmap_l2cache_wbinv_range(tmpva, pte & L2_S_FRAME, PAGE_SIZE);
2787 cpu_tlb_flushID_SE(tmpva);
2790 dprintf("%s: for va:%x ptep:%x pte:%x\n",
2791 __func__, tmpva, (uint32_t)ptep, pte);
2795 PMAP_UNLOCK(kernel_pmap);
2801 * Set the physical protection on the
2802 * specified range of this map as requested.
2805 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2807 struct l2_bucket *l2b;
2808 struct md_page *pvh;
2809 struct pv_entry *pve;
2810 pd_entry_t *pl1pd, l1pd;
2811 pt_entry_t *ptep, pte;
2812 vm_offset_t next_bucket;
2813 u_int is_exec, is_refd;
2816 if ((prot & VM_PROT_READ) == 0) {
2817 pmap_remove(pmap, sva, eva);
2821 if (prot & VM_PROT_WRITE) {
2823 * If this is a read->write transition, just ignore it and let
2824 * vm_fault() take care of it later.
2829 rw_wlock(&pvh_global_lock);
2833 * OK, at this point, we know we're doing write-protect operation.
2834 * If the pmap is active, write-back the range.
2837 flush = ((eva - sva) >= (PAGE_SIZE * 4)) ? 0 : -1;
2838 is_exec = is_refd = 0;
2841 next_bucket = L2_NEXT_BUCKET(sva);
2843 * Check for large page.
2845 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)];
2847 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
2848 KASSERT(pmap != pmap_kernel(),
2849 ("pmap_protect: trying to modify "
2850 "kernel section protections"));
2852 * Are we protecting the entire large page? If not,
2853 * demote the mapping and fall through.
2855 if (sva + L1_S_SIZE == L2_NEXT_BUCKET(sva) &&
2856 eva >= L2_NEXT_BUCKET(sva)) {
2857 l1pd &= ~(L1_S_PROT_MASK | L1_S_XN);
2858 if (!(prot & VM_PROT_EXECUTE))
2861 * At this point we are always setting
2862 * write-protect bit.
2865 /* All managed superpages are user pages. */
2866 l1pd |= L1_S_PROT_U;
2869 pvh = pa_to_pvh(l1pd & L1_S_FRAME);
2870 pve = pmap_find_pv(pvh, pmap,
2872 pve->pv_flags &= ~PVF_WRITE;
2875 } else if (!pmap_demote_section(pmap, sva)) {
2876 /* The large page mapping was destroyed. */
2881 if (next_bucket > eva)
2883 l2b = pmap_get_l2_bucket(pmap, sva);
2889 ptep = &l2b->l2b_kva[l2pte_index(sva)];
2891 while (sva < next_bucket) {
2892 if ((pte = *ptep) != 0 && L2_S_WRITABLE(pte)) {
2895 m = PHYS_TO_VM_PAGE(l2pte_pa(pte));
2896 pmap_set_prot(ptep, prot,
2897 !(pmap == pmap_kernel()));
2900 pmap_modify_pv(m, pmap, sva, PVF_WRITE, 0);
2904 is_exec |= PTE_BEEN_EXECD(pte);
2905 is_refd |= PTE_BEEN_REFD(pte);
2907 if (PTE_BEEN_EXECD(pte))
2908 cpu_tlb_flushID_SE(sva);
2909 else if (PTE_BEEN_REFD(pte))
2910 cpu_tlb_flushD_SE(sva);
2928 rw_wunlock(&pvh_global_lock);
2935 * Insert the given physical page (p) at
2936 * the specified virtual address (v) in the
2937 * target physical map with the protection requested.
2939 * If specified, the page will be wired down, meaning
2940 * that the related pte can not be reclaimed.
2942 * NB: This is the only routine which MAY NOT lazy-evaluate
2943 * or lose information. That is, this routine must actually
2944 * insert this page into the given map NOW.
2948 pmap_enter(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m,
2949 vm_prot_t prot, boolean_t wired)
2951 struct l2_bucket *l2b;
2953 rw_wlock(&pvh_global_lock);
2955 pmap_enter_locked(pmap, va, access, m, prot, wired, M_WAITOK);
2957 * If both the l2b_occupancy and the reservation are fully
2958 * populated, then attempt promotion.
2960 l2b = pmap_get_l2_bucket(pmap, va);
2961 if ((l2b != NULL) && (l2b->l2b_occupancy == L2_PTE_NUM_TOTAL) &&
2962 sp_enabled && (m->flags & PG_FICTITIOUS) == 0 &&
2963 vm_reserv_level_iffullpop(m) == 0)
2964 pmap_promote_section(pmap, va);
2967 rw_wunlock(&pvh_global_lock);
2971 * The pvh global and pmap locks must be held.
2974 pmap_enter_locked(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m,
2975 vm_prot_t prot, boolean_t wired, int flags)
2977 struct l2_bucket *l2b = NULL;
2979 struct pv_entry *pve = NULL;
2980 pd_entry_t *pl1pd, l1pd;
2981 pt_entry_t *ptep, npte, opte;
2983 u_int is_exec, is_refd;
2987 PMAP_ASSERT_LOCKED(pmap);
2988 rw_assert(&pvh_global_lock, RA_WLOCKED);
2989 if (va == vector_page) {
2990 pa = systempage.pv_pa;
2993 KASSERT((m->oflags & VPO_UNMANAGED) != 0 ||
2994 vm_page_xbusied(m) || (flags & M_NOWAIT) != 0,
2995 ("pmap_enter_locked: page %p is not busy", m));
2996 pa = VM_PAGE_TO_PHYS(m);
2999 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3000 if ((va < VM_MAXUSER_ADDRESS) &&
3001 (*pl1pd & L1_TYPE_MASK) == L1_S_PROTO) {
3002 (void)pmap_demote_section(pmap, va);
3007 * Make sure userland mappings get the right permissions
3009 if (pmap != pmap_kernel() && va != vector_page)
3014 if (prot & VM_PROT_WRITE)
3015 nflags |= PVF_WRITE;
3017 nflags |= PVF_WIRED;
3019 PDEBUG(1, printf("pmap_enter: pmap = %08x, va = %08x, m = %08x, "
3020 "prot = %x, wired = %x\n", (uint32_t) pmap, va, (uint32_t) m,
3023 if (pmap == pmap_kernel()) {
3024 l2b = pmap_get_l2_bucket(pmap, va);
3026 l2b = pmap_grow_l2_bucket(pmap, va);
3029 l2b = pmap_alloc_l2_bucket(pmap, va);
3031 if (flags & M_WAITOK) {
3033 rw_wunlock(&pvh_global_lock);
3035 rw_wlock(&pvh_global_lock);
3043 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3044 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO)
3045 panic("pmap_enter: attempt to enter on 1MB page, va: %#x", va);
3047 ptep = &l2b->l2b_kva[l2pte_index(va)];
3051 is_exec = is_refd = 0;
3054 if (l2pte_pa(opte) == pa) {
3056 * We're changing the attrs of an existing mapping.
3059 pmap_modify_pv(m, pmap, va,
3060 PVF_WRITE | PVF_WIRED, nflags);
3061 is_exec |= PTE_BEEN_EXECD(opte);
3062 is_refd |= PTE_BEEN_REFD(opte);
3065 if ((om = PHYS_TO_VM_PAGE(l2pte_pa(opte)))) {
3067 * Replacing an existing mapping with a new one.
3068 * It is part of our managed memory so we
3069 * must remove it from the PV list
3071 if ((pve = pmap_remove_pv(om, pmap, va))) {
3072 is_exec |= PTE_BEEN_EXECD(opte);
3073 is_refd |= PTE_BEEN_REFD(opte);
3075 if (m && ((m->oflags & VPO_UNMANAGED)))
3076 pmap_free_pv_entry(pmap, pve);
3082 * Keep the stats up to date
3084 l2b->l2b_occupancy++;
3085 pmap->pm_stats.resident_count++;
3089 * Enter on the PV list if part of our managed memory.
3091 if ((m && !(m->oflags & VPO_UNMANAGED))) {
3092 if ((!pve) && (pve = pmap_get_pv_entry(pmap, FALSE)) == NULL)
3093 panic("pmap_enter: no pv entries");
3095 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
3096 ("pmap_enter: managed mapping within the clean submap"));
3097 KASSERT(pve != NULL, ("No pv"));
3098 pmap_enter_pv(m, pve, pmap, va, nflags);
3102 /* Make the new PTE valid */
3107 /* Set defaults first - kernel read access */
3109 npte |= L2_S_PROT_R;
3110 /* Set "referenced" flag */
3113 /* Now tune APs as desired */
3115 npte |= L2_S_PROT_U;
3117 * If this is not a vector_page
3118 * then continue setting mapping parameters
3121 if ((m->oflags & VPO_UNMANAGED) == 0) {
3122 if (prot & (VM_PROT_ALL)) {
3123 vm_page_aflag_set(m, PGA_REFERENCED);
3126 * Need to do page referenced emulation.
3132 if (prot & VM_PROT_WRITE) {
3133 if ((m->oflags & VPO_UNMANAGED) == 0) {
3134 vm_page_aflag_set(m, PGA_WRITEABLE);
3136 * XXX: Skip modified bit emulation for now.
3137 * The emulation reveals problems
3138 * that result in random failures
3139 * during memory allocation on some
3141 * Therefore, the page is marked RW
3149 if (!(prot & VM_PROT_EXECUTE))
3152 if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
3153 npte |= pte_l2_s_cache_mode;
3156 CTR5(KTR_PMAP,"enter: pmap:%p va:%x prot:%x pte:%x->%x",
3157 pmap, va, prot, opte, npte);
3159 * If this is just a wiring change, the two PTEs will be
3160 * identical, so there's no need to update the page table.
3163 boolean_t is_cached = pmap_is_current(pmap);
3169 * We only need to frob the cache/tlb if this pmap
3172 if (L1_IDX(va) != L1_IDX(vector_page) &&
3173 l2pte_valid(npte)) {
3175 * This mapping is likely to be accessed as
3176 * soon as we return to userland. Fix up the
3177 * L1 entry to avoid taking another
3178 * page/domain fault.
3180 l1pd = l2b->l2b_phys |
3181 L1_C_DOM(pmap->pm_domain) | L1_C_PROTO;
3182 if (*pl1pd != l1pd) {
3190 cpu_tlb_flushID_SE(va);
3192 cpu_tlb_flushD_SE(va);
3196 if ((pmap != pmap_kernel()) && (pmap == &curproc->p_vmspace->vm_pmap))
3197 cpu_icache_sync_range(va, PAGE_SIZE);
3201 * Maps a sequence of resident pages belonging to the same object.
3202 * The sequence begins with the given page m_start. This page is
3203 * mapped at the given virtual address start. Each subsequent page is
3204 * mapped at a virtual address that is offset from start by the same
3205 * amount as the page is offset from m_start within the object. The
3206 * last page in the sequence is the page with the largest offset from
3207 * m_start that can be mapped at a virtual address less than the given
3208 * virtual address end. Not every virtual page between start and end
3209 * is mapped; only those for which a resident page exists with the
3210 * corresponding offset from m_start are mapped.
3213 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3214 vm_page_t m_start, vm_prot_t prot)
3218 vm_pindex_t diff, psize;
3221 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3223 psize = atop(end - start);
3225 access = prot = prot & (VM_PROT_READ | VM_PROT_EXECUTE);
3226 rw_wlock(&pvh_global_lock);
3228 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3229 va = start + ptoa(diff);
3230 if ((va & L1_S_OFFSET) == 0 && L2_NEXT_BUCKET(va) <= end &&
3231 m->psind == 1 && sp_enabled &&
3232 pmap_enter_section(pmap, va, m, prot))
3233 m = &m[L1_S_SIZE / PAGE_SIZE - 1];
3235 pmap_enter_locked(pmap, va, access, m, prot,
3237 m = TAILQ_NEXT(m, listq);
3240 rw_wunlock(&pvh_global_lock);
3244 * this code makes some *MAJOR* assumptions:
3245 * 1. Current pmap & pmap exists.
3248 * 4. No page table pages.
3249 * but is *MUCH* faster than pmap_enter...
3253 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3257 access = prot = prot & (VM_PROT_READ | VM_PROT_EXECUTE);
3258 rw_wlock(&pvh_global_lock);
3260 pmap_enter_locked(pmap, va, access, m, prot, FALSE, M_NOWAIT);
3262 rw_wunlock(&pvh_global_lock);
3266 * Routine: pmap_change_wiring
3267 * Function: Change the wiring attribute for a map/virtual-address
3269 * In/out conditions:
3270 * The mapping must already exist in the pmap.
3273 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
3275 struct l2_bucket *l2b;
3276 struct md_page *pvh;
3277 struct pv_entry *pve;
3278 pd_entry_t *pl1pd, l1pd;
3279 pt_entry_t *ptep, pte;
3282 rw_wlock(&pvh_global_lock);
3284 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3286 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
3287 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME);
3288 KASSERT((m != NULL) && ((m->oflags & VPO_UNMANAGED) == 0),
3289 ("pmap_change_wiring: unmanaged superpage should not "
3291 KASSERT(pmap != pmap_kernel(),
3292 ("pmap_change_wiring: managed kernel superpage "
3293 "should not exist"));
3294 pvh = pa_to_pvh(l1pd & L1_S_FRAME);
3295 pve = pmap_find_pv(pvh, pmap, trunc_1mpage(va));
3296 if (!wired != ((pve->pv_flags & PVF_WIRED) == 0)) {
3297 if (!pmap_demote_section(pmap, va))
3298 panic("pmap_change_wiring: demotion failed");
3302 l2b = pmap_get_l2_bucket(pmap, va);
3303 KASSERT(l2b, ("No l2b bucket in pmap_change_wiring"));
3304 ptep = &l2b->l2b_kva[l2pte_index(va)];
3306 m = PHYS_TO_VM_PAGE(l2pte_pa(pte));
3308 pmap_modify_pv(m, pmap, va, PVF_WIRED,
3309 wired == TRUE ? PVF_WIRED : 0);
3311 rw_wunlock(&pvh_global_lock);
3317 * Copy the range specified by src_addr/len
3318 * from the source map to the range dst_addr/len
3319 * in the destination map.
3321 * This routine is only advisory and need not do anything.
3324 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
3325 vm_size_t len, vm_offset_t src_addr)
3331 * Routine: pmap_extract
3333 * Extract the physical page address associated
3334 * with the given map/virtual_address pair.
3337 pmap_extract(pmap_t pmap, vm_offset_t va)
3341 if (kernel_vm_end != 0)
3343 pa = pmap_extract_locked(pmap, va);
3344 if (kernel_vm_end != 0)
3350 pmap_extract_locked(pmap_t pmap, vm_offset_t va)
3352 struct l2_dtable *l2;
3354 pt_entry_t *ptep, pte;
3358 if (kernel_vm_end != 0 && pmap != kernel_pmap)
3359 PMAP_ASSERT_LOCKED(pmap);
3361 l1pd = pmap->pm_l1->l1_kva[l1idx];
3362 if (l1pte_section_p(l1pd)) {
3363 /* XXX: what to do about the bits > 32 ? */
3364 if (l1pd & L1_S_SUPERSEC)
3365 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3367 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3370 * Note that we can't rely on the validity of the L1
3371 * descriptor as an indication that a mapping exists.
3372 * We have to look it up in the L2 dtable.
3374 l2 = pmap->pm_l2[L2_IDX(l1idx)];
3376 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL)
3378 pte = ptep[l2pte_index(va)];
3381 switch (pte & L2_TYPE_MASK) {
3383 pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3386 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3394 * Atomically extract and hold the physical page with the given
3395 * pmap and virtual address pair if that mapping permits the given
3400 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
3402 struct l2_dtable *l2;
3404 pt_entry_t *ptep, pte;
3405 vm_paddr_t pa, paddr;
3413 l1pd = pmap->pm_l1->l1_kva[l1idx];
3414 if (l1pte_section_p(l1pd)) {
3415 /* XXX: what to do about the bits > 32 ? */
3416 if (l1pd & L1_S_SUPERSEC)
3417 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3419 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3420 if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr))
3422 if (L1_S_WRITABLE(l1pd) || (prot & VM_PROT_WRITE) == 0) {
3423 m = PHYS_TO_VM_PAGE(pa);
3428 * Note that we can't rely on the validity of the L1
3429 * descriptor as an indication that a mapping exists.
3430 * We have to look it up in the L2 dtable.
3432 l2 = pmap->pm_l2[L2_IDX(l1idx)];
3435 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
3440 ptep = &ptep[l2pte_index(va)];
3446 } else if ((prot & VM_PROT_WRITE) && (pte & L2_APX)) {
3450 switch (pte & L2_TYPE_MASK) {
3452 panic("extract and hold section mapping");
3455 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3458 if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr))
3460 m = PHYS_TO_VM_PAGE(pa);
3467 PA_UNLOCK_COND(paddr);
3472 * Initialize a preallocated and zeroed pmap structure,
3473 * such as one in a vmspace structure.
3477 pmap_pinit(pmap_t pmap)
3479 PDEBUG(1, printf("pmap_pinit: pmap = %08x\n", (uint32_t) pmap));
3481 pmap_alloc_l1(pmap);
3482 bzero(pmap->pm_l2, sizeof(pmap->pm_l2));
3484 CPU_ZERO(&pmap->pm_active);
3486 TAILQ_INIT(&pmap->pm_pvchunk);
3487 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
3488 pmap->pm_stats.resident_count = 1;
3489 if (vector_page < KERNBASE) {
3490 pmap_enter(pmap, vector_page,
3491 VM_PROT_READ, PHYS_TO_VM_PAGE(systempage.pv_pa),
3498 /***************************************************
3499 * Superpage management routines.
3500 ***************************************************/
3502 static PMAP_INLINE struct pv_entry *
3503 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
3507 rw_assert(&pvh_global_lock, RA_WLOCKED);
3509 pv = pmap_find_pv(pvh, pmap, va);
3511 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list);
3517 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
3521 pv = pmap_pvh_remove(pvh, pmap, va);
3522 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
3523 pmap_free_pv_entry(pmap, pv);
3527 pmap_pv_insert_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3529 struct md_page *pvh;
3532 rw_assert(&pvh_global_lock, RA_WLOCKED);
3533 if (pv_entry_count < pv_entry_high_water &&
3534 (pv = pmap_get_pv_entry(pmap, TRUE)) != NULL) {
3536 pvh = pa_to_pvh(pa);
3537 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list);
3544 * Create the pv entries for each of the pages within a superpage.
3547 pmap_pv_demote_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3549 struct md_page *pvh;
3551 vm_offset_t va_last;
3554 rw_assert(&pvh_global_lock, RA_WLOCKED);
3555 KASSERT((pa & L1_S_OFFSET) == 0,
3556 ("pmap_pv_demote_section: pa is not 1mpage aligned"));
3559 * Transfer the 1mpage's pv entry for this mapping to the first
3562 pvh = pa_to_pvh(pa);
3563 va = trunc_1mpage(va);
3564 pv = pmap_pvh_remove(pvh, pmap, va);
3565 KASSERT(pv != NULL, ("pmap_pv_demote_section: pv not found"));
3566 m = PHYS_TO_VM_PAGE(pa);
3567 TAILQ_INSERT_HEAD(&m->md.pv_list, pv, pv_list);
3568 /* Instantiate the remaining pv entries. */
3569 va_last = L2_NEXT_BUCKET(va) - PAGE_SIZE;
3572 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3573 ("pmap_pv_demote_section: page %p is not managed", m));
3575 pve = pmap_get_pv_entry(pmap, FALSE);
3576 pmap_enter_pv(m, pve, pmap, va, pv->pv_flags);
3577 } while (va < va_last);
3581 pmap_pv_promote_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3583 struct md_page *pvh;
3585 vm_offset_t va_last;
3588 rw_assert(&pvh_global_lock, RA_WLOCKED);
3589 KASSERT((pa & L1_S_OFFSET) == 0,
3590 ("pmap_pv_promote_section: pa is not 1mpage aligned"));
3593 * Transfer the first page's pv entry for this mapping to the
3594 * 1mpage's pv list. Aside from avoiding the cost of a call
3595 * to get_pv_entry(), a transfer avoids the possibility that
3596 * get_pv_entry() calls pmap_pv_reclaim() and that pmap_pv_reclaim()
3597 * removes one of the mappings that is being promoted.
3599 m = PHYS_TO_VM_PAGE(pa);
3600 va = trunc_1mpage(va);
3601 pv = pmap_pvh_remove(&m->md, pmap, va);
3602 KASSERT(pv != NULL, ("pmap_pv_promote_section: pv not found"));
3603 pvh = pa_to_pvh(pa);
3604 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list);
3605 /* Free the remaining pv entries in the newly mapped section pages */
3606 va_last = L2_NEXT_BUCKET(va) - PAGE_SIZE;
3611 * Don't care the flags, first pv contains sufficient
3612 * information for all of the pages so nothing is really lost.
3614 pmap_pvh_free(&m->md, pmap, va);
3615 } while (va < va_last);
3619 * Tries to create a 1MB page mapping. Returns TRUE if successful and
3620 * FALSE otherwise. Fails if (1) page is unmanageg, kernel pmap or vectors
3621 * page, (2) a mapping already exists at the specified virtual address, or
3622 * (3) a pv entry cannot be allocated without reclaiming another pv entry.
3625 pmap_enter_section(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3629 struct l2_bucket *l2b;
3631 rw_assert(&pvh_global_lock, RA_WLOCKED);
3632 PMAP_ASSERT_LOCKED(pmap);
3634 /* Skip kernel, vectors page and unmanaged mappings */
3635 if ((pmap == pmap_kernel()) || (L1_IDX(va) == L1_IDX(vector_page)) ||
3636 ((m->oflags & VPO_UNMANAGED) != 0)) {
3637 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx"
3638 " in pmap %p", va, pmap);
3642 * Check whether this is a valid section superpage entry or
3643 * there is a l2_bucket associated with that L1 page directory.
3645 va = trunc_1mpage(va);
3646 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3647 l2b = pmap_get_l2_bucket(pmap, va);
3648 if ((*pl1pd & L1_S_PROTO) || (l2b != NULL)) {
3649 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx"
3650 " in pmap %p", va, pmap);
3653 pa = VM_PAGE_TO_PHYS(m);
3655 * Abort this mapping if its PV entry could not be created.
3657 if (!pmap_pv_insert_section(pmap, va, VM_PAGE_TO_PHYS(m))) {
3658 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx"
3659 " in pmap %p", va, pmap);
3663 * Increment counters.
3665 pmap->pm_stats.resident_count += L2_PTE_NUM_TOTAL;
3667 * Despite permissions, mark the superpage read-only.
3669 prot &= ~VM_PROT_WRITE;
3671 * Map the superpage.
3673 pmap_map_section(pmap, va, pa, prot, FALSE);
3675 pmap_section_mappings++;
3676 CTR2(KTR_PMAP, "pmap_enter_section: success for va %#lx"
3677 " in pmap %p", va, pmap);
3682 * pmap_remove_section: do the things to unmap a superpage in a process
3685 pmap_remove_section(pmap_t pmap, vm_offset_t sva)
3687 struct md_page *pvh;
3688 struct l2_bucket *l2b;
3689 pd_entry_t *pl1pd, l1pd;
3690 vm_offset_t eva, va;
3693 PMAP_ASSERT_LOCKED(pmap);
3694 if ((pmap == pmap_kernel()) || (L1_IDX(sva) == L1_IDX(vector_page)))
3697 KASSERT((sva & L1_S_OFFSET) == 0,
3698 ("pmap_remove_section: sva is not 1mpage aligned"));
3700 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)];
3703 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME);
3704 KASSERT((m != NULL && ((m->oflags & VPO_UNMANAGED) == 0)),
3705 ("pmap_remove_section: no corresponding vm_page or "
3708 pmap->pm_stats.resident_count -= L2_PTE_NUM_TOTAL;
3709 pvh = pa_to_pvh(l1pd & L1_S_FRAME);
3710 pmap_pvh_free(pvh, pmap, sva);
3711 eva = L2_NEXT_BUCKET(sva);
3712 for (va = sva, m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME);
3713 va < eva; va += PAGE_SIZE, m++) {
3715 * Mark base pages referenced but skip marking them dirty.
3716 * If the superpage is writeable, hence all base pages were
3717 * already marked as dirty in pmap_fault_fixup() before
3718 * promotion. Reference bit however, might not have been set
3719 * for each base page when the superpage was created at once,
3720 * not as a result of promotion.
3722 if (L1_S_REFERENCED(l1pd))
3723 vm_page_aflag_set(m, PGA_REFERENCED);
3724 if (TAILQ_EMPTY(&m->md.pv_list) &&
3725 TAILQ_EMPTY(&pvh->pv_list))
3726 vm_page_aflag_clear(m, PGA_WRITEABLE);
3729 l2b = pmap_get_l2_bucket(pmap, sva);
3731 KASSERT(l2b->l2b_occupancy == L2_PTE_NUM_TOTAL,
3732 ("pmap_remove_section: l2_bucket occupancy error"));
3733 pmap_free_l2_bucket(pmap, l2b, L2_PTE_NUM_TOTAL);
3735 /* Now invalidate L1 slot */
3738 if (L1_S_EXECUTABLE(l1pd))
3739 cpu_tlb_flushID_SE(sva);
3741 cpu_tlb_flushD_SE(sva);
3746 * Tries to promote the 256, contiguous 4KB page mappings that are
3747 * within a single l2_bucket to a single 1MB section mapping.
3748 * For promotion to occur, two conditions must be met: (1) the 4KB page
3749 * mappings must map aligned, contiguous physical memory and (2) the 4KB page
3750 * mappings must have identical characteristics.
3753 pmap_promote_section(pmap_t pmap, vm_offset_t va)
3755 pt_entry_t *firstptep, firstpte, oldpte, pa, *pte;
3757 vm_offset_t first_va, old_va;
3758 struct l2_bucket *l2b = NULL;
3760 struct pv_entry *pve, *first_pve;
3762 PMAP_ASSERT_LOCKED(pmap);
3766 * Skip promoting kernel pages. This is justified by following:
3767 * 1. Kernel is already mapped using section mappings in each pmap
3768 * 2. Managed mappings within the kernel are not to be promoted anyway
3770 if (pmap == pmap_kernel()) {
3771 pmap_section_p_failures++;
3772 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x"
3773 " in pmap %p", va, pmap);
3776 /* Do not attemp to promote vectors pages */
3777 if (L1_IDX(va) == L1_IDX(vector_page)) {
3778 pmap_section_p_failures++;
3779 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x"
3780 " in pmap %p", va, pmap);
3784 * Examine the first PTE in the specified l2_bucket. Abort if this PTE
3785 * is either invalid, unused, or does not map the first 4KB physical
3786 * page within 1MB page.
3788 first_va = trunc_1mpage(va);
3789 l2b = pmap_get_l2_bucket(pmap, first_va);
3790 KASSERT(l2b != NULL, ("pmap_promote_section: trying to promote "
3791 "not existing l2 bucket"));
3792 firstptep = &l2b->l2b_kva[0];
3794 firstpte = *firstptep;
3795 if ((l2pte_pa(firstpte) & L1_S_OFFSET) != 0) {
3796 pmap_section_p_failures++;
3797 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x"
3798 " in pmap %p", va, pmap);
3802 if ((firstpte & (L2_S_PROTO | L2_S_REF)) != (L2_S_PROTO | L2_S_REF)) {
3803 pmap_section_p_failures++;
3804 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x"
3805 " in pmap %p", va, pmap);
3809 * ARM uses pv_entry to mark particular mapping WIRED so don't promote
3810 * unmanaged pages since it is impossible to determine, whether the
3811 * page is wired or not if there is no corresponding pv_entry.
3813 m = PHYS_TO_VM_PAGE(l2pte_pa(firstpte));
3814 if (m && ((m->oflags & VPO_UNMANAGED) != 0)) {
3815 pmap_section_p_failures++;
3816 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x"
3817 " in pmap %p", va, pmap);
3820 first_pve = pmap_find_pv(&m->md, pmap, first_va);
3822 * PTE is modified only on write due to modified bit
3823 * emulation. If the entry is referenced and writable
3824 * then it is modified and we don't clear write enable.
3825 * Otherwise, writing is disabled in PTE anyway and
3826 * we just configure protections for the section mapping
3827 * that is going to be created.
3829 if ((first_pve->pv_flags & PVF_WRITE) != 0) {
3830 if (!L2_S_WRITABLE(firstpte)) {
3831 first_pve->pv_flags &= ~PVF_WRITE;
3832 prot &= ~VM_PROT_WRITE;
3835 prot &= ~VM_PROT_WRITE;
3837 if (!L2_S_EXECUTABLE(firstpte))
3838 prot &= ~VM_PROT_EXECUTE;
3841 * Examine each of the other PTEs in the specified l2_bucket.
3842 * Abort if this PTE maps an unexpected 4KB physical page or
3843 * does not have identical characteristics to the first PTE.
3845 pa = l2pte_pa(firstpte) + ((L2_PTE_NUM_TOTAL - 1) * PAGE_SIZE);
3846 old_va = L2_NEXT_BUCKET(first_va) - PAGE_SIZE;
3848 for (pte = (firstptep + L2_PTE_NUM_TOTAL - 1); pte > firstptep; pte--) {
3850 if (l2pte_pa(oldpte) != pa) {
3851 pmap_section_p_failures++;
3852 CTR2(KTR_PMAP, "pmap_promote_section: failure for "
3853 "va %#x in pmap %p", va, pmap);
3856 if ((oldpte & L2_S_PROMOTE) != (firstpte & L2_S_PROMOTE)) {
3857 pmap_section_p_failures++;
3858 CTR2(KTR_PMAP, "pmap_promote_section: failure for "
3859 "va %#x in pmap %p", va, pmap);
3862 oldm = PHYS_TO_VM_PAGE(l2pte_pa(oldpte));
3863 if (oldm && ((oldm->oflags & VPO_UNMANAGED) != 0)) {
3864 pmap_section_p_failures++;
3865 CTR2(KTR_PMAP, "pmap_promote_section: failure for "
3866 "va %#x in pmap %p", va, pmap);
3870 pve = pmap_find_pv(&oldm->md, pmap, old_va);
3872 pmap_section_p_failures++;
3873 CTR2(KTR_PMAP, "pmap_promote_section: failure for "
3874 "va %#x old_va %x - no pve", va, old_va);
3878 if (!L2_S_WRITABLE(oldpte) && (pve->pv_flags & PVF_WRITE))
3879 pve->pv_flags &= ~PVF_WRITE;
3880 if (pve->pv_flags != first_pve->pv_flags) {
3881 pmap_section_p_failures++;
3882 CTR2(KTR_PMAP, "pmap_promote_section: failure for "
3883 "va %#x in pmap %p", va, pmap);
3887 old_va -= PAGE_SIZE;
3891 * Promote the pv entries.
3893 pmap_pv_promote_section(pmap, first_va, l2pte_pa(firstpte));
3895 * Map the superpage.
3897 pmap_map_section(pmap, first_va, l2pte_pa(firstpte), prot, TRUE);
3899 * Invalidate all possible TLB mappings for small
3900 * pages within the newly created superpage.
3901 * Rely on the first PTE's attributes since they
3902 * have to be consistent across all of the base pages
3903 * within the superpage. If page is not executable it
3904 * is at least referenced.
3905 * The fastest way to do that is to invalidate whole
3906 * TLB at once instead of executing 256 CP15 TLB
3907 * invalidations by single entry. TLBs usually maintain
3908 * several dozen entries so loss of unrelated entries is
3909 * still a less agresive approach.
3911 if (L2_S_EXECUTABLE(firstpte))
3917 pmap_section_promotions++;
3918 CTR2(KTR_PMAP, "pmap_promote_section: success for va %#x"
3919 " in pmap %p", first_va, pmap);
3923 * Fills a l2_bucket with mappings to consecutive physical pages.
3926 pmap_fill_l2b(struct l2_bucket *l2b, pt_entry_t newpte)
3931 for (i = 0; i < L2_PTE_NUM_TOTAL; i++) {
3932 ptep = &l2b->l2b_kva[i];
3936 newpte += PAGE_SIZE;
3939 l2b->l2b_occupancy = L2_PTE_NUM_TOTAL;
3943 * Tries to demote a 1MB section mapping. If demotion fails, the
3944 * 1MB section mapping is invalidated.
3947 pmap_demote_section(pmap_t pmap, vm_offset_t va)
3949 struct l2_bucket *l2b;
3950 struct pv_entry *l1pdpve;
3951 struct md_page *pvh;
3952 pd_entry_t *pl1pd, l1pd, newl1pd;
3953 pt_entry_t *firstptep, newpte;
3957 PMAP_ASSERT_LOCKED(pmap);
3959 * According to assumptions described in pmap_promote_section,
3960 * kernel is and always should be mapped using 1MB section mappings.
3961 * What more, managed kernel pages were not to be promoted.
3963 KASSERT(pmap != pmap_kernel() && L1_IDX(va) != L1_IDX(vector_page),
3964 ("pmap_demote_section: forbidden section mapping"));
3966 va = trunc_1mpage(va);
3967 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3969 KASSERT((l1pd & L1_TYPE_MASK) == L1_S_PROTO,
3970 ("pmap_demote_section: not section or invalid section"));
3972 pa = l1pd & L1_S_FRAME;
3973 m = PHYS_TO_VM_PAGE(pa);
3974 KASSERT((m != NULL && (m->oflags & VPO_UNMANAGED) == 0),
3975 ("pmap_demote_section: no vm_page for selected superpage or"
3978 pvh = pa_to_pvh(pa);
3979 l1pdpve = pmap_find_pv(pvh, pmap, va);
3980 KASSERT(l1pdpve != NULL, ("pmap_demote_section: no pv entry for "
3983 l2b = pmap_get_l2_bucket(pmap, va);
3985 KASSERT((l1pdpve->pv_flags & PVF_WIRED) == 0,
3986 ("pmap_demote_section: No l2_bucket for wired mapping"));
3988 * Invalidate the 1MB section mapping and return
3989 * "failure" if the mapping was never accessed or the
3990 * allocation of the new l2_bucket fails.
3992 if (!L1_S_REFERENCED(l1pd) ||
3993 (l2b = pmap_alloc_l2_bucket(pmap, va)) == NULL) {
3994 /* Unmap and invalidate superpage. */
3995 pmap_remove_section(pmap, trunc_1mpage(va));
3996 CTR2(KTR_PMAP, "pmap_demote_section: failure for "
3997 "va %#x in pmap %p", va, pmap);
4003 * Now we should have corresponding l2_bucket available.
4004 * Let's process it to recreate 256 PTEs for each base page
4007 newpte = pa | L1_S_DEMOTE(l1pd);
4008 if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
4009 newpte |= pte_l2_s_cache_mode;
4012 * If the l2_bucket is new, initialize it.
4014 if (l2b->l2b_occupancy == 0)
4015 pmap_fill_l2b(l2b, newpte);
4017 firstptep = &l2b->l2b_kva[0];
4018 KASSERT(l2pte_pa(*firstptep) == (pa),
4019 ("pmap_demote_section: firstpte and newpte map different "
4020 "physical addresses"));
4022 * If the mapping has changed attributes, update the page table
4025 if ((*firstptep & L2_S_PROMOTE) != (L1_S_DEMOTE(l1pd)))
4026 pmap_fill_l2b(l2b, newpte);
4028 /* Demote PV entry */
4029 pmap_pv_demote_section(pmap, va, pa);
4032 newl1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) | L1_C_PROTO;
4035 /* Invalidate old TLB mapping */
4036 if (L1_S_EXECUTABLE(l1pd))
4037 cpu_tlb_flushID_SE(va);
4038 else if (L1_S_REFERENCED(l1pd))
4039 cpu_tlb_flushD_SE(va);
4042 pmap_section_demotions++;
4043 CTR2(KTR_PMAP, "pmap_demote_section: success for va %#x"
4044 " in pmap %p", va, pmap);
4048 /***************************************************
4049 * page management routines.
4050 ***************************************************/
4053 * We are in a serious low memory condition. Resort to
4054 * drastic measures to free some pages so we can allocate
4055 * another pv entry chunk.
4058 pmap_pv_reclaim(pmap_t locked_pmap)
4061 struct pv_chunk *pc;
4062 struct l2_bucket *l2b = NULL;
4068 vm_page_t free, m, m_pc;
4070 int bit, field, freed, idx;
4072 PMAP_ASSERT_LOCKED(locked_pmap);
4075 TAILQ_INIT(&newtail);
4076 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && (pv_vafree == 0 ||
4078 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
4079 if (pmap != pc->pc_pmap) {
4083 if (pmap != locked_pmap)
4087 /* Avoid deadlock and lock recursion. */
4088 if (pmap > locked_pmap)
4090 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap)) {
4092 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
4098 * Destroy every non-wired, 4 KB page mapping in the chunk.
4101 for (field = 0; field < _NPCM; field++) {
4102 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
4103 inuse != 0; inuse &= ~(1UL << bit)) {
4104 bit = ffs(inuse) - 1;
4105 idx = field * sizeof(inuse) * NBBY + bit;
4106 pv = &pc->pc_pventry[idx];
4109 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
4110 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO)
4112 if (pv->pv_flags & PVF_WIRED)
4115 l2b = pmap_get_l2_bucket(pmap, va);
4116 KASSERT(l2b != NULL, ("No l2 bucket"));
4117 ptep = &l2b->l2b_kva[l2pte_index(va)];
4118 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep));
4119 KASSERT((vm_offset_t)m >= KERNBASE,
4120 ("Trying to access non-existent page "
4121 "va %x pte %x", va, *ptep));
4124 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
4125 if (TAILQ_EMPTY(&m->md.pv_list))
4126 vm_page_aflag_clear(m, PGA_WRITEABLE);
4127 pc->pc_map[field] |= 1UL << bit;
4133 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
4136 /* Every freed mapping is for a 4 KB page. */
4137 pmap->pm_stats.resident_count -= freed;
4138 PV_STAT(pv_entry_frees += freed);
4139 PV_STAT(pv_entry_spare += freed);
4140 pv_entry_count -= freed;
4141 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4142 for (field = 0; field < _NPCM; field++)
4143 if (pc->pc_map[field] != pc_freemask[field]) {
4144 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
4146 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
4149 * One freed pv entry in locked_pmap is
4152 if (pmap == locked_pmap)
4156 if (field == _NPCM) {
4157 PV_STAT(pv_entry_spare -= _NPCPV);
4158 PV_STAT(pc_chunk_count--);
4159 PV_STAT(pc_chunk_frees++);
4160 /* Entire chunk is free; return it. */
4161 m_pc = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
4162 pmap_qremove((vm_offset_t)pc, 1);
4163 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
4168 TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru);
4172 if (pmap != locked_pmap)
4179 * free the pv_entry back to the free list
4182 pmap_free_pv_entry(pmap_t pmap, pv_entry_t pv)
4184 struct pv_chunk *pc;
4185 int bit, field, idx;
4187 rw_assert(&pvh_global_lock, RA_WLOCKED);
4188 PMAP_ASSERT_LOCKED(pmap);
4189 PV_STAT(pv_entry_frees++);
4190 PV_STAT(pv_entry_spare++);
4192 pc = pv_to_chunk(pv);
4193 idx = pv - &pc->pc_pventry[0];
4194 field = idx / (sizeof(u_long) * NBBY);
4195 bit = idx % (sizeof(u_long) * NBBY);
4196 pc->pc_map[field] |= 1ul << bit;
4197 for (idx = 0; idx < _NPCM; idx++)
4198 if (pc->pc_map[idx] != pc_freemask[idx]) {
4200 * 98% of the time, pc is already at the head of the
4201 * list. If it isn't already, move it to the head.
4203 if (__predict_false(TAILQ_FIRST(&pmap->pm_pvchunk) !=
4205 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4206 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
4211 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4212 pmap_free_pv_chunk(pc);
4216 pmap_free_pv_chunk(struct pv_chunk *pc)
4220 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
4221 PV_STAT(pv_entry_spare -= _NPCPV);
4222 PV_STAT(pc_chunk_count--);
4223 PV_STAT(pc_chunk_frees++);
4224 /* entire chunk is free, return it */
4225 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
4226 pmap_qremove((vm_offset_t)pc, 1);
4227 vm_page_unwire(m, 0);
4229 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
4234 pmap_get_pv_entry(pmap_t pmap, boolean_t try)
4236 static const struct timeval printinterval = { 60, 0 };
4237 static struct timeval lastprint;
4238 struct pv_chunk *pc;
4241 int bit, field, idx;
4243 rw_assert(&pvh_global_lock, RA_WLOCKED);
4244 PMAP_ASSERT_LOCKED(pmap);
4245 PV_STAT(pv_entry_allocs++);
4248 if (pv_entry_count > pv_entry_high_water)
4249 if (ratecheck(&lastprint, &printinterval))
4250 printf("%s: Approaching the limit on PV entries.\n",
4253 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
4255 for (field = 0; field < _NPCM; field++) {
4256 if (pc->pc_map[field]) {
4257 bit = ffs(pc->pc_map[field]) - 1;
4261 if (field < _NPCM) {
4262 idx = field * sizeof(pc->pc_map[field]) * NBBY + bit;
4263 pv = &pc->pc_pventry[idx];
4264 pc->pc_map[field] &= ~(1ul << bit);
4265 /* If this was the last item, move it to tail */
4266 for (field = 0; field < _NPCM; field++)
4267 if (pc->pc_map[field] != 0) {
4268 PV_STAT(pv_entry_spare--);
4269 return (pv); /* not full, return */
4271 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4272 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
4273 PV_STAT(pv_entry_spare--);
4278 * Access to the ptelist "pv_vafree" is synchronized by the pvh
4279 * global lock. If "pv_vafree" is currently non-empty, it will
4280 * remain non-empty until pmap_ptelist_alloc() completes.
4282 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
4283 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
4286 PV_STAT(pc_chunk_tryfail++);
4289 m = pmap_pv_reclaim(pmap);
4293 PV_STAT(pc_chunk_count++);
4294 PV_STAT(pc_chunk_allocs++);
4295 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree);
4296 pmap_qenter((vm_offset_t)pc, &m, 1);
4298 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
4299 for (field = 1; field < _NPCM; field++)
4300 pc->pc_map[field] = pc_freemask[field];
4301 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
4302 pv = &pc->pc_pventry[0];
4303 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
4304 PV_STAT(pv_entry_spare += _NPCPV - 1);
4309 * Remove the given range of addresses from the specified map.
4311 * It is assumed that the start and end are properly
4312 * rounded to the page size.
4314 #define PMAP_REMOVE_CLEAN_LIST_SIZE 3
4316 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4318 struct l2_bucket *l2b;
4319 vm_offset_t next_bucket;
4320 pd_entry_t *pl1pd, l1pd;
4323 u_int mappings, is_exec, is_refd;
4328 * we lock in the pmap => pv_head direction
4331 rw_wlock(&pvh_global_lock);
4336 * Check for large page.
4338 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)];
4340 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
4341 KASSERT((l1pd & L1_S_DOM_MASK) !=
4342 L1_S_DOM(PMAP_DOMAIN_KERNEL), ("pmap_remove: "
4343 "Trying to remove kernel section mapping"));
4345 * Are we removing the entire large page? If not,
4346 * demote the mapping and fall through.
4348 if (sva + L1_S_SIZE == L2_NEXT_BUCKET(sva) &&
4349 eva >= L2_NEXT_BUCKET(sva)) {
4350 pmap_remove_section(pmap, sva);
4351 sva = L2_NEXT_BUCKET(sva);
4353 } else if (!pmap_demote_section(pmap, sva)) {
4354 /* The large page mapping was destroyed. */
4355 sva = L2_NEXT_BUCKET(sva);
4360 * Do one L2 bucket's worth at a time.
4362 next_bucket = L2_NEXT_BUCKET(sva);
4363 if (next_bucket > eva)
4366 l2b = pmap_get_l2_bucket(pmap, sva);
4372 ptep = &l2b->l2b_kva[l2pte_index(sva)];
4375 while (sva < next_bucket) {
4384 * Nothing here, move along
4391 pmap->pm_stats.resident_count--;
4397 * Update flags. In a number of circumstances,
4398 * we could cluster a lot of these and do a
4399 * number of sequential pages in one go.
4401 if ((m = PHYS_TO_VM_PAGE(pa)) != NULL) {
4402 struct pv_entry *pve;
4404 pve = pmap_remove_pv(m, pmap, sva);
4406 is_exec = PTE_BEEN_EXECD(pte);
4407 is_refd = PTE_BEEN_REFD(pte);
4408 pmap_free_pv_entry(pmap, pve);
4414 if (pmap_is_current(pmap)) {
4416 if (total < PMAP_REMOVE_CLEAN_LIST_SIZE) {
4418 cpu_tlb_flushID_SE(sva);
4420 cpu_tlb_flushD_SE(sva);
4421 } else if (total == PMAP_REMOVE_CLEAN_LIST_SIZE)
4430 pmap_free_l2_bucket(pmap, l2b, mappings);
4433 rw_wunlock(&pvh_global_lock);
4444 * Zero a given physical page by mapping it at a page hook point.
4445 * In doing the zero page op, the page we zero is mapped cachable, as with
4446 * StrongARM accesses to non-cached pages are non-burst making writing
4447 * _any_ bulk data very slow.
4450 pmap_zero_page_gen(vm_page_t m, int off, int size)
4452 struct czpages *czp;
4454 KASSERT(TAILQ_EMPTY(&m->md.pv_list),
4455 ("pmap_zero_page_gen: page has mappings"));
4457 vm_paddr_t phys = VM_PAGE_TO_PHYS(m);
4460 czp = &cpu_czpages[PCPU_GET(cpuid)];
4461 mtx_lock(&czp->lock);
4464 * Hook in the page, zero it.
4466 *czp->dstptep = L2_S_PROTO | phys | pte_l2_s_cache_mode | L2_S_REF;
4467 pmap_set_prot(czp->dstptep, VM_PROT_WRITE, 0);
4468 PTE_SYNC(czp->dstptep);
4469 cpu_tlb_flushD_SE(czp->dstva);
4472 if (off || size != PAGE_SIZE)
4473 bzero((void *)(czp->dstva + off), size);
4475 bzero_page(czp->dstva);
4478 * Although aliasing is not possible, if we use temporary mappings with
4479 * memory that will be mapped later as non-cached or with write-through
4480 * caches, we might end up overwriting it when calling wbinv_all. So
4481 * make sure caches are clean after the operation.
4483 cpu_idcache_wbinv_range(czp->dstva, size);
4484 pmap_l2cache_wbinv_range(czp->dstva, phys, size);
4486 mtx_unlock(&czp->lock);
4491 * pmap_zero_page zeros the specified hardware page by mapping
4492 * the page into KVM and using bzero to clear its contents.
4495 pmap_zero_page(vm_page_t m)
4497 pmap_zero_page_gen(m, 0, PAGE_SIZE);
4502 * pmap_zero_page_area zeros the specified hardware page by mapping
4503 * the page into KVM and using bzero to clear its contents.
4505 * off and size may not cover an area beyond a single hardware page.
4508 pmap_zero_page_area(vm_page_t m, int off, int size)
4511 pmap_zero_page_gen(m, off, size);
4516 * pmap_zero_page_idle zeros the specified hardware page by mapping
4517 * the page into KVM and using bzero to clear its contents. This
4518 * is intended to be called from the vm_pagezero process only and
4522 pmap_zero_page_idle(vm_page_t m)
4529 * pmap_copy_page copies the specified (machine independent)
4530 * page by mapping the page into virtual memory and using
4531 * bcopy to copy the page, one machine dependent page at a
4538 * Copy one physical page into another, by mapping the pages into
4539 * hook points. The same comment regarding cachability as in
4540 * pmap_zero_page also applies here.
4543 pmap_copy_page_generic(vm_paddr_t src, vm_paddr_t dst)
4545 struct czpages *czp;
4548 czp = &cpu_czpages[PCPU_GET(cpuid)];
4549 mtx_lock(&czp->lock);
4552 * Map the pages into the page hook points, copy them, and purge the
4553 * cache for the appropriate page.
4555 *czp->srcptep = L2_S_PROTO | src | pte_l2_s_cache_mode | L2_S_REF;
4556 pmap_set_prot(czp->srcptep, VM_PROT_READ, 0);
4557 PTE_SYNC(czp->srcptep);
4558 cpu_tlb_flushD_SE(czp->srcva);
4559 *czp->dstptep = L2_S_PROTO | dst | pte_l2_s_cache_mode | L2_S_REF;
4560 pmap_set_prot(czp->dstptep, VM_PROT_READ | VM_PROT_WRITE, 0);
4561 PTE_SYNC(czp->dstptep);
4562 cpu_tlb_flushD_SE(czp->dstva);
4565 bcopy_page(czp->srcva, czp->dstva);
4568 * Although aliasing is not possible, if we use temporary mappings with
4569 * memory that will be mapped later as non-cached or with write-through
4570 * caches, we might end up overwriting it when calling wbinv_all. So
4571 * make sure caches are clean after the operation.
4573 cpu_idcache_wbinv_range(czp->dstva, PAGE_SIZE);
4574 pmap_l2cache_wbinv_range(czp->dstva, dst, PAGE_SIZE);
4576 mtx_unlock(&czp->lock);
4580 int unmapped_buf_allowed = 1;
4583 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
4584 vm_offset_t b_offset, int xfersize)
4586 vm_page_t a_pg, b_pg;
4587 vm_offset_t a_pg_offset, b_pg_offset;
4589 struct czpages *czp;
4592 czp = &cpu_czpages[PCPU_GET(cpuid)];
4593 mtx_lock(&czp->lock);
4595 while (xfersize > 0) {
4596 a_pg = ma[a_offset >> PAGE_SHIFT];
4597 a_pg_offset = a_offset & PAGE_MASK;
4598 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
4599 b_pg = mb[b_offset >> PAGE_SHIFT];
4600 b_pg_offset = b_offset & PAGE_MASK;
4601 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
4602 *czp->srcptep = L2_S_PROTO | VM_PAGE_TO_PHYS(a_pg) |
4603 pte_l2_s_cache_mode | L2_S_REF;
4604 pmap_set_prot(czp->srcptep, VM_PROT_READ, 0);
4605 PTE_SYNC(czp->srcptep);
4606 cpu_tlb_flushD_SE(czp->srcva);
4607 *czp->dstptep = L2_S_PROTO | VM_PAGE_TO_PHYS(b_pg) |
4608 pte_l2_s_cache_mode | L2_S_REF;
4609 pmap_set_prot(czp->dstptep, VM_PROT_READ | VM_PROT_WRITE, 0);
4610 PTE_SYNC(czp->dstptep);
4611 cpu_tlb_flushD_SE(czp->dstva);
4613 bcopy((char *)czp->srcva + a_pg_offset, (char *)czp->dstva + b_pg_offset,
4615 cpu_idcache_wbinv_range(czp->dstva + b_pg_offset, cnt);
4616 pmap_l2cache_wbinv_range(czp->dstva + b_pg_offset,
4617 VM_PAGE_TO_PHYS(b_pg) + b_pg_offset, cnt);
4623 mtx_unlock(&czp->lock);
4628 pmap_copy_page(vm_page_t src, vm_page_t dst)
4631 if (_arm_memcpy && PAGE_SIZE >= _min_memcpy_size &&
4632 _arm_memcpy((void *)VM_PAGE_TO_PHYS(dst),
4633 (void *)VM_PAGE_TO_PHYS(src), PAGE_SIZE, IS_PHYSICAL) == 0)
4636 pmap_copy_page_generic(VM_PAGE_TO_PHYS(src), VM_PAGE_TO_PHYS(dst));
4640 * this routine returns true if a physical page resides
4641 * in the given pmap.
4644 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4646 struct md_page *pvh;
4651 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4652 ("pmap_page_exists_quick: page %p is not managed", m));
4654 rw_wlock(&pvh_global_lock);
4655 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4656 if (PV_PMAP(pv) == pmap) {
4664 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4665 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4666 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4667 if (PV_PMAP(pv) == pmap) {
4676 rw_wunlock(&pvh_global_lock);
4681 * pmap_page_wired_mappings:
4683 * Return the number of managed mappings to the given physical page
4687 pmap_page_wired_mappings(vm_page_t m)
4692 if ((m->oflags & VPO_UNMANAGED) != 0)
4694 rw_wlock(&pvh_global_lock);
4695 count = pmap_pvh_wired_mappings(&m->md, count);
4696 if ((m->flags & PG_FICTITIOUS) == 0) {
4697 count = pmap_pvh_wired_mappings(pa_to_pvh(VM_PAGE_TO_PHYS(m)),
4700 rw_wunlock(&pvh_global_lock);
4705 * pmap_pvh_wired_mappings:
4707 * Return the updated number "count" of managed mappings that are wired.
4710 pmap_pvh_wired_mappings(struct md_page *pvh, int count)
4714 rw_assert(&pvh_global_lock, RA_WLOCKED);
4715 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4716 if ((pv->pv_flags & PVF_WIRED) != 0)
4723 * Returns TRUE if any of the given mappings were referenced and FALSE
4724 * otherwise. Both page and section mappings are supported.
4727 pmap_is_referenced_pvh(struct md_page *pvh)
4729 struct l2_bucket *l2b;
4736 rw_assert(&pvh_global_lock, RA_WLOCKED);
4738 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4741 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)];
4742 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO)
4743 rv = L1_S_REFERENCED(*pl1pd);
4745 l2b = pmap_get_l2_bucket(pmap, pv->pv_va);
4746 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
4747 rv = L2_S_REFERENCED(*ptep);
4757 * pmap_is_referenced:
4759 * Return whether or not the specified physical page was referenced
4760 * in any physical maps.
4763 pmap_is_referenced(vm_page_t m)
4767 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4768 ("pmap_is_referenced: page %p is not managed", m));
4769 rw_wlock(&pvh_global_lock);
4770 rv = pmap_is_referenced_pvh(&m->md) ||
4771 ((m->flags & PG_FICTITIOUS) == 0 &&
4772 pmap_is_referenced_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4773 rw_wunlock(&pvh_global_lock);
4778 * pmap_ts_referenced:
4780 * Return the count of reference bits for a page, clearing all of them.
4783 pmap_ts_referenced(vm_page_t m)
4786 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4787 ("pmap_ts_referenced: page %p is not managed", m));
4788 return (pmap_clearbit(m, PVF_REF));
4792 * Returns TRUE if any of the given mappings were used to modify
4793 * physical memory. Otherwise, returns FALSE. Both page and 1MB section
4794 * mappings are supported.
4797 pmap_is_modified_pvh(struct md_page *pvh)
4800 struct l2_bucket *l2b;
4806 rw_assert(&pvh_global_lock, RA_WLOCKED);
4809 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4812 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)];
4813 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO)
4814 rv = L1_S_WRITABLE(*pl1pd);
4816 l2b = pmap_get_l2_bucket(pmap, pv->pv_va);
4817 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
4818 rv = L2_S_WRITABLE(*ptep);
4829 pmap_is_modified(vm_page_t m)
4833 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4834 ("pmap_is_modified: page %p is not managed", m));
4836 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
4837 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
4838 * is clear, no PTEs can have APX cleared.
4840 VM_OBJECT_ASSERT_WLOCKED(m->object);
4841 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
4843 rw_wlock(&pvh_global_lock);
4844 rv = pmap_is_modified_pvh(&m->md) ||
4845 ((m->flags & PG_FICTITIOUS) == 0 &&
4846 pmap_is_modified_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4847 rw_wunlock(&pvh_global_lock);
4852 * Apply the given advice to the specified range of addresses within the
4853 * given pmap. Depending on the advice, clear the referenced and/or
4854 * modified flags in each mapping.
4857 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4859 struct l2_bucket *l2b;
4860 struct pv_entry *pve;
4861 pd_entry_t *pl1pd, l1pd;
4862 pt_entry_t *ptep, opte, pte;
4863 vm_offset_t next_bucket;
4866 if (advice != MADV_DONTNEED && advice != MADV_FREE)
4868 rw_wlock(&pvh_global_lock);
4870 for (; sva < eva; sva = next_bucket) {
4871 next_bucket = L2_NEXT_BUCKET(sva);
4872 if (next_bucket < sva)
4874 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)];
4876 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
4877 if (pmap == pmap_kernel())
4879 if (!pmap_demote_section(pmap, sva)) {
4881 * The large page mapping was destroyed.
4886 * Unless the page mappings are wired, remove the
4887 * mapping to a single page so that a subsequent
4888 * access may repromote. Since the underlying
4889 * l2_bucket is fully populated, this removal
4890 * never frees an entire l2_bucket.
4892 l2b = pmap_get_l2_bucket(pmap, sva);
4893 KASSERT(l2b != NULL,
4894 ("pmap_advise: no l2 bucket for "
4895 "va 0x%#x, pmap 0x%p", sva, pmap));
4896 ptep = &l2b->l2b_kva[l2pte_index(sva)];
4898 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep));
4900 ("pmap_advise: no vm_page for demoted superpage"));
4901 pve = pmap_find_pv(&m->md, pmap, sva);
4902 KASSERT(pve != NULL,
4903 ("pmap_advise: no PV entry for managed mapping"));
4904 if ((pve->pv_flags & PVF_WIRED) == 0) {
4905 pmap_free_l2_bucket(pmap, l2b, 1);
4906 pve = pmap_remove_pv(m, pmap, sva);
4907 pmap_free_pv_entry(pmap, pve);
4910 if (pmap_is_current(pmap)) {
4911 if (PTE_BEEN_EXECD(opte))
4912 cpu_tlb_flushID_SE(sva);
4913 else if (PTE_BEEN_REFD(opte))
4914 cpu_tlb_flushD_SE(sva);
4918 if (next_bucket > eva)
4920 l2b = pmap_get_l2_bucket(pmap, sva);
4923 for (ptep = &l2b->l2b_kva[l2pte_index(sva)];
4924 sva != next_bucket; ptep++, sva += PAGE_SIZE) {
4926 if ((opte & L2_S_PROTO) == 0)
4928 m = PHYS_TO_VM_PAGE(l2pte_pa(opte));
4929 if (m == NULL || (m->oflags & VPO_UNMANAGED) != 0)
4931 else if (L2_S_WRITABLE(opte)) {
4932 if (advice == MADV_DONTNEED) {
4934 * Don't need to mark the page
4935 * dirty as it was already marked as
4936 * such in pmap_fault_fixup() or
4937 * pmap_enter_locked().
4938 * Just clear the state.
4946 } else if (L2_S_REFERENCED(opte)) {
4952 if (pmap_is_current(pmap)) {
4953 if (PTE_BEEN_EXECD(opte))
4954 cpu_tlb_flushID_SE(sva);
4955 else if (PTE_BEEN_REFD(opte))
4956 cpu_tlb_flushD_SE(sva);
4961 rw_wunlock(&pvh_global_lock);
4966 * Clear the modify bits on the specified physical page.
4969 pmap_clear_modify(vm_page_t m)
4972 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4973 ("pmap_clear_modify: page %p is not managed", m));
4974 VM_OBJECT_ASSERT_WLOCKED(m->object);
4975 KASSERT(!vm_page_xbusied(m),
4976 ("pmap_clear_modify: page %p is exclusive busied", m));
4979 * If the page is not PGA_WRITEABLE, then no mappings can be modified.
4980 * If the object containing the page is locked and the page is not
4981 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4983 if ((m->aflags & PGA_WRITEABLE) == 0)
4985 if (pmap_is_modified(m))
4986 pmap_clearbit(m, PVF_MOD);
4991 * Clear the write and modified bits in each of the given page's mappings.
4994 pmap_remove_write(vm_page_t m)
4996 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4997 ("pmap_remove_write: page %p is not managed", m));
5000 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
5001 * set by another thread while the object is locked. Thus,
5002 * if PGA_WRITEABLE is clear, no page table entries need updating.
5004 VM_OBJECT_ASSERT_WLOCKED(m->object);
5005 if (vm_page_xbusied(m) || (m->aflags & PGA_WRITEABLE) != 0)
5006 pmap_clearbit(m, PVF_WRITE);
5011 * perform the pmap work for mincore
5014 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
5016 struct l2_bucket *l2b;
5017 pd_entry_t *pl1pd, l1pd;
5018 pt_entry_t *ptep, pte;
5026 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(addr)];
5028 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) {
5029 pa = (l1pd & L1_S_FRAME);
5030 val = MINCORE_SUPER | MINCORE_INCORE;
5031 if (L1_S_WRITABLE(l1pd))
5032 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5034 m = PHYS_TO_VM_PAGE(pa);
5035 if (m != NULL && (m->oflags & VPO_UNMANAGED) == 0)
5038 if (L1_S_REFERENCED(l1pd))
5039 val |= MINCORE_REFERENCED |
5040 MINCORE_REFERENCED_OTHER;
5043 l2b = pmap_get_l2_bucket(pmap, addr);
5048 ptep = &l2b->l2b_kva[l2pte_index(addr)];
5050 if (!l2pte_valid(pte)) {
5054 val = MINCORE_INCORE;
5055 if (L2_S_WRITABLE(pte))
5056 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5059 m = PHYS_TO_VM_PAGE(pa);
5060 if (m != NULL && (m->oflags & VPO_UNMANAGED) == 0)
5063 if (L2_S_REFERENCED(pte))
5064 val |= MINCORE_REFERENCED |
5065 MINCORE_REFERENCED_OTHER;
5068 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5069 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
5070 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
5071 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
5075 PA_UNLOCK_COND(*locked_pa);
5081 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
5086 * Increase the starting virtual address of the given mapping if a
5087 * different alignment might result in more superpage mappings.
5090 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
5091 vm_offset_t *addr, vm_size_t size)
5093 vm_offset_t superpage_offset;
5097 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
5098 offset += ptoa(object->pg_color);
5099 superpage_offset = offset & PDRMASK;
5100 if (size - ((NBPDR - superpage_offset) & PDRMASK) < NBPDR ||
5101 (*addr & PDRMASK) == superpage_offset)
5103 if ((*addr & PDRMASK) < superpage_offset)
5104 *addr = (*addr & ~PDRMASK) + superpage_offset;
5106 *addr = ((*addr + PDRMASK) & ~PDRMASK) + superpage_offset;
5112 * Create a single section mapping.
5115 pmap_map_section(pmap_t pmap, vm_offset_t va, vm_offset_t pa, vm_prot_t prot,
5118 pd_entry_t *pl1pd, l1pd;
5121 KASSERT(((va | pa) & L1_S_OFFSET) == 0,
5122 ("Not a valid section mapping"));
5124 fl = pte_l1_s_cache_mode;
5126 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
5127 l1pd = L1_S_PROTO | pa | L1_S_PROT(PTE_USER, prot) | fl |
5128 L1_S_DOM(pmap->pm_domain);
5130 /* Mark page referenced if this section is a result of a promotion. */
5143 * Link the L2 page table specified by l2pv.pv_pa into the L1
5144 * page table at the slot for "va".
5147 pmap_link_l2pt(vm_offset_t l1pt, vm_offset_t va, struct pv_addr *l2pv)
5149 pd_entry_t *pde = (pd_entry_t *) l1pt, proto;
5150 u_int slot = va >> L1_S_SHIFT;
5152 proto = L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_C_PROTO;
5154 #ifdef VERBOSE_INIT_ARM
5155 printf("pmap_link_l2pt: pa=0x%x va=0x%x\n", l2pv->pv_pa, l2pv->pv_va);
5158 pde[slot + 0] = proto | (l2pv->pv_pa + 0x000);
5159 PTE_SYNC(&pde[slot]);
5161 SLIST_INSERT_HEAD(&kernel_pt_list, l2pv, pv_list);
5168 * Create a single page mapping.
5171 pmap_map_entry(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa, int prot,
5174 pd_entry_t *pde = (pd_entry_t *) l1pt;
5178 KASSERT(((va | pa) & PAGE_MASK) == 0, ("ouin"));
5180 fl = l2s_mem_types[cache];
5182 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
5183 panic("pmap_map_entry: no L2 table for VA 0x%08x", va);
5185 ptep = (pt_entry_t *)kernel_pt_lookup(pde[L1_IDX(va)] & L1_C_ADDR_MASK);
5188 panic("pmap_map_entry: can't find L2 table for VA 0x%08x", va);
5190 ptep[l2pte_index(va)] = L2_S_PROTO | pa | fl | L2_S_REF;
5191 pmap_set_prot(&ptep[l2pte_index(va)], prot, 0);
5192 PTE_SYNC(&ptep[l2pte_index(va)]);
5198 * Map a chunk of memory using the most efficient mappings
5199 * possible (section. large page, small page) into the
5200 * provided L1 and L2 tables at the specified virtual address.
5203 pmap_map_chunk(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa,
5204 vm_size_t size, int prot, int type)
5206 pd_entry_t *pde = (pd_entry_t *) l1pt;
5207 pt_entry_t *ptep, f1, f2s, f2l;
5211 resid = (size + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1);
5214 panic("pmap_map_chunk: no L1 table provided");
5216 #ifdef VERBOSE_INIT_ARM
5217 printf("pmap_map_chunk: pa=0x%x va=0x%x size=0x%x resid=0x%x "
5218 "prot=0x%x type=%d\n", pa, va, size, resid, prot, type);
5221 f1 = l1_mem_types[type];
5222 f2l = l2l_mem_types[type];
5223 f2s = l2s_mem_types[type];
5228 /* See if we can use a section mapping. */
5229 if (L1_S_MAPPABLE_P(va, pa, resid)) {
5230 #ifdef VERBOSE_INIT_ARM
5233 pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa |
5234 L1_S_PROT(PTE_KERNEL, prot | VM_PROT_EXECUTE) |
5235 f1 | L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_S_REF;
5236 PTE_SYNC(&pde[va >> L1_S_SHIFT]);
5244 * Ok, we're going to use an L2 table. Make sure
5245 * one is actually in the corresponding L1 slot
5246 * for the current VA.
5248 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
5249 panic("pmap_map_chunk: no L2 table for VA 0x%08x", va);
5251 ptep = (pt_entry_t *) kernel_pt_lookup(
5252 pde[L1_IDX(va)] & L1_C_ADDR_MASK);
5254 panic("pmap_map_chunk: can't find L2 table for VA"
5256 /* See if we can use a L2 large page mapping. */
5257 if (L2_L_MAPPABLE_P(va, pa, resid)) {
5258 #ifdef VERBOSE_INIT_ARM
5261 for (i = 0; i < 16; i++) {
5262 ptep[l2pte_index(va) + i] =
5264 L2_L_PROT(PTE_KERNEL, prot) | f2l;
5265 PTE_SYNC(&ptep[l2pte_index(va) + i]);
5273 /* Use a small page mapping. */
5274 #ifdef VERBOSE_INIT_ARM
5277 ptep[l2pte_index(va)] = L2_S_PROTO | pa | f2s | L2_S_REF;
5278 pmap_set_prot(&ptep[l2pte_index(va)], prot, 0);
5279 PTE_SYNC(&ptep[l2pte_index(va)]);
5284 #ifdef VERBOSE_INIT_ARM
5292 pmap_dmap_iscurrent(pmap_t pmap)
5294 return(pmap_is_current(pmap));
5298 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5301 * Remember the memattr in a field that gets used to set the appropriate
5302 * bits in the PTEs as mappings are established.
5304 m->md.pv_memattr = ma;
5307 * It appears that this function can only be called before any mappings
5308 * for the page are established on ARM. If this ever changes, this code
5309 * will need to walk the pv_list and make each of the existing mappings
5310 * uncacheable, being careful to sync caches and PTEs (and maybe
5311 * invalidate TLB?) for any current mapping it modifies.
5313 if (TAILQ_FIRST(&m->md.pv_list) != NULL)
5314 panic("Can't change memattr on page with existing mappings");
projects / FreeBSD / stable / 10.git / blob