2 * Copyright (c) 1991 Regents of the University of California.
3 * Copyright (c) 1994 John S. Dyson
4 * Copyright (c) 1994 David Greenman
5 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
6 * Copyright (c) 2014-2016 Svatopluk Kraus <skra@FreeBSD.org>
7 * Copyright (c) 2014-2016 Michal Meloun <mmel@FreeBSD.org>
10 * This code is derived from software contributed to Berkeley by
11 * the Systems Programming Group of the University of Utah Computer
12 * Science Department and William Jolitz of UUNET Technologies Inc.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
41 * Copyright (c) 2003 Networks Associates Technology, Inc.
42 * All rights reserved.
44 * This software was developed for the FreeBSD Project by Jake Burkholder,
45 * Safeport Network Services, and Network Associates Laboratories, the
46 * Security Research Division of Network Associates, Inc. under
47 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
48 * CHATS research program.
50 * Redistribution and use in source and binary forms, with or without
51 * modification, are permitted provided that the following conditions
53 * 1. Redistributions of source code must retain the above copyright
54 * notice, this list of conditions and the following disclaimer.
55 * 2. Redistributions in binary form must reproduce the above copyright
56 * notice, this list of conditions and the following disclaimer in the
57 * documentation and/or other materials provided with the distribution.
59 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
60 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
61 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
62 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
63 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
64 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
65 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
66 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
67 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
68 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
72 #include <sys/cdefs.h>
73 __FBSDID("$FreeBSD$");
76 * Manages physical address maps.
78 * Since the information managed by this module is
79 * also stored by the logical address mapping module,
80 * this module may throw away valid virtual-to-physical
81 * mappings at almost any time. However, invalidations
82 * of virtual-to-physical mappings must be done as
85 * In order to cope with hardware architectures which
86 * make virtual-to-physical map invalidates expensive,
87 * this module may delay invalidate or reduced protection
88 * operations until such time as they are actually
89 * necessary. This module is given full information as
90 * to which processors are currently using which maps,
91 * and to when physical maps must be made correct.
98 #include <sys/param.h>
99 #include <sys/systm.h>
100 #include <sys/kernel.h>
102 #include <sys/lock.h>
103 #include <sys/proc.h>
104 #include <sys/rwlock.h>
105 #include <sys/malloc.h>
106 #include <sys/vmmeter.h>
107 #include <sys/malloc.h>
108 #include <sys/mman.h>
109 #include <sys/sf_buf.h>
111 #include <sys/sched.h>
112 #include <sys/sysctl.h>
116 #include <sys/cpuset.h>
123 #include <machine/physmem.h>
128 #include <vm/vm_param.h>
129 #include <vm/vm_kern.h>
130 #include <vm/vm_object.h>
131 #include <vm/vm_map.h>
132 #include <vm/vm_page.h>
133 #include <vm/vm_pageout.h>
134 #include <vm/vm_phys.h>
135 #include <vm/vm_extern.h>
136 #include <vm/vm_reserv.h>
137 #include <sys/lock.h>
138 #include <sys/mutex.h>
140 #include <machine/md_var.h>
141 #include <machine/pmap_var.h>
142 #include <machine/cpu.h>
143 #include <machine/pcb.h>
144 #include <machine/sf_buf.h>
146 #include <machine/smp.h>
149 #ifndef PMAP_SHPGPERPROC
150 #define PMAP_SHPGPERPROC 200
154 #define PMAP_INLINE __inline
160 static void pmap_zero_page_check(vm_page_t m);
161 void pmap_debug(int level);
162 int pmap_pid_dump(int pid);
164 #define PDEBUG(_lev_,_stat_) \
165 if (pmap_debug_level >= (_lev_)) \
167 #define dprintf printf
168 int pmap_debug_level = 1;
169 #else /* PMAP_DEBUG */
170 #define PDEBUG(_lev_,_stat_) /* Nothing */
171 #define dprintf(x, arg...)
172 #endif /* PMAP_DEBUG */
175 * Level 2 page tables map definion ('max' is excluded).
178 #define PT2V_MIN_ADDRESS ((vm_offset_t)PT2MAP)
179 #define PT2V_MAX_ADDRESS ((vm_offset_t)PT2MAP + PT2MAP_SIZE)
181 #define UPT2V_MIN_ADDRESS ((vm_offset_t)PT2MAP)
182 #define UPT2V_MAX_ADDRESS \
183 ((vm_offset_t)(PT2MAP + (KERNBASE >> PT2MAP_SHIFT)))
186 * Promotion to a 1MB (PTE1) page mapping requires that the corresponding
187 * 4KB (PTE2) page mappings have identical settings for the following fields:
189 #define PTE2_PROMOTE (PTE2_V | PTE2_A | PTE2_NM | PTE2_S | PTE2_NG | \
190 PTE2_NX | PTE2_RO | PTE2_U | PTE2_W | \
193 #define PTE1_PROMOTE (PTE1_V | PTE1_A | PTE1_NM | PTE1_S | PTE1_NG | \
194 PTE1_NX | PTE1_RO | PTE1_U | PTE1_W | \
197 #define ATTR_TO_L1(l2_attr) ((((l2_attr) & L2_TEX0) ? L1_S_TEX0 : 0) | \
198 (((l2_attr) & L2_C) ? L1_S_C : 0) | \
199 (((l2_attr) & L2_B) ? L1_S_B : 0) | \
200 (((l2_attr) & PTE2_A) ? PTE1_A : 0) | \
201 (((l2_attr) & PTE2_NM) ? PTE1_NM : 0) | \
202 (((l2_attr) & PTE2_S) ? PTE1_S : 0) | \
203 (((l2_attr) & PTE2_NG) ? PTE1_NG : 0) | \
204 (((l2_attr) & PTE2_NX) ? PTE1_NX : 0) | \
205 (((l2_attr) & PTE2_RO) ? PTE1_RO : 0) | \
206 (((l2_attr) & PTE2_U) ? PTE1_U : 0) | \
207 (((l2_attr) & PTE2_W) ? PTE1_W : 0))
209 #define ATTR_TO_L2(l1_attr) ((((l1_attr) & L1_S_TEX0) ? L2_TEX0 : 0) | \
210 (((l1_attr) & L1_S_C) ? L2_C : 0) | \
211 (((l1_attr) & L1_S_B) ? L2_B : 0) | \
212 (((l1_attr) & PTE1_A) ? PTE2_A : 0) | \
213 (((l1_attr) & PTE1_NM) ? PTE2_NM : 0) | \
214 (((l1_attr) & PTE1_S) ? PTE2_S : 0) | \
215 (((l1_attr) & PTE1_NG) ? PTE2_NG : 0) | \
216 (((l1_attr) & PTE1_NX) ? PTE2_NX : 0) | \
217 (((l1_attr) & PTE1_RO) ? PTE2_RO : 0) | \
218 (((l1_attr) & PTE1_U) ? PTE2_U : 0) | \
219 (((l1_attr) & PTE1_W) ? PTE2_W : 0))
222 * PTE2 descriptors creation macros.
224 #define PTE2_ATTR_DEFAULT vm_memattr_to_pte2(VM_MEMATTR_DEFAULT)
225 #define PTE2_ATTR_PT vm_memattr_to_pte2(pt_memattr)
227 #define PTE2_KPT(pa) PTE2_KERN(pa, PTE2_AP_KRW, PTE2_ATTR_PT)
228 #define PTE2_KPT_NG(pa) PTE2_KERN_NG(pa, PTE2_AP_KRW, PTE2_ATTR_PT)
230 #define PTE2_KRW(pa) PTE2_KERN(pa, PTE2_AP_KRW, PTE2_ATTR_DEFAULT)
231 #define PTE2_KRO(pa) PTE2_KERN(pa, PTE2_AP_KR, PTE2_ATTR_DEFAULT)
235 #define PV_STAT(x) do { x ; } while (0)
237 #define PV_STAT(x) do { } while (0)
241 * The boot_pt1 is used temporary in very early boot stage as L1 page table.
242 * We can init many things with no memory allocation thanks to its static
243 * allocation and this brings two main advantages:
244 * (1) other cores can be started very simply,
245 * (2) various boot loaders can be supported as its arguments can be processed
246 * in virtual address space and can be moved to safe location before
247 * first allocation happened.
248 * Only disadvantage is that boot_pt1 is used only in very early boot stage.
249 * However, the table is uninitialized and so lays in bss. Therefore kernel
250 * image size is not influenced.
252 * QQQ: In the future, maybe, boot_pt1 can be used for soft reset and
253 * CPU suspend/resume game.
255 extern pt1_entry_t boot_pt1[];
258 pt1_entry_t *kern_pt1;
259 pt2_entry_t *kern_pt2tab;
262 static uint32_t ttb_flags;
263 static vm_memattr_t pt_memattr;
264 ttb_entry_t pmap_kern_ttb;
266 struct pmap kernel_pmap_store;
267 LIST_HEAD(pmaplist, pmap);
268 static struct pmaplist allpmaps;
269 static struct mtx allpmaps_lock;
271 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
272 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
274 static vm_offset_t kernel_vm_end_new;
275 vm_offset_t kernel_vm_end = KERNBASE + NKPT2PG * NPT2_IN_PG * PTE1_SIZE;
276 vm_offset_t vm_max_kernel_address;
277 vm_paddr_t kernel_l1pa;
279 static struct rwlock __aligned(CACHE_LINE_SIZE) pvh_global_lock;
282 * Data for the pv entry allocation mechanism
284 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
285 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
286 static struct md_page *pv_table; /* XXX: Is it used only the list in md_page? */
287 static int shpgperproc = PMAP_SHPGPERPROC;
289 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
290 int pv_maxchunks; /* How many chunks we have KVA for */
291 vm_offset_t pv_vafree; /* freelist stored in the PTE */
293 vm_paddr_t first_managed_pa;
294 #define pa_to_pvh(pa) (&pv_table[pte1_index(pa - first_managed_pa)])
297 * All those kernel PT submaps that BSD is so fond of
308 static struct sysmaps sysmaps_pcpu[MAXCPU];
311 struct msgbuf *msgbufp = NULL; /* XXX move it to machdep.c */
316 static caddr_t crashdumpmap;
318 static pt2_entry_t *PMAP1 = NULL, *PMAP2;
319 static pt2_entry_t *PADDR1 = NULL, *PADDR2;
321 static pt2_entry_t *PMAP3;
322 static pt2_entry_t *PADDR3;
323 static int PMAP3cpu __unused; /* for SMP only */
327 static int PMAP1changedcpu;
328 SYSCTL_INT(_debug, OID_AUTO, PMAP1changedcpu, CTLFLAG_RD,
330 "Number of times pmap_pte2_quick changed CPU with same PMAP1");
332 static int PMAP1changed;
333 SYSCTL_INT(_debug, OID_AUTO, PMAP1changed, CTLFLAG_RD,
335 "Number of times pmap_pte2_quick changed PMAP1");
336 static int PMAP1unchanged;
337 SYSCTL_INT(_debug, OID_AUTO, PMAP1unchanged, CTLFLAG_RD,
339 "Number of times pmap_pte2_quick didn't change PMAP1");
340 static struct mtx PMAP2mutex;
342 static __inline void pt2_wirecount_init(vm_page_t m);
343 static boolean_t pmap_demote_pte1(pmap_t pmap, pt1_entry_t *pte1p,
345 void cache_icache_sync_fresh(vm_offset_t va, vm_paddr_t pa, vm_size_t size);
348 * Function to set the debug level of the pmap code.
352 pmap_debug(int level)
355 pmap_debug_level = level;
356 dprintf("pmap_debug: level=%d\n", pmap_debug_level);
358 #endif /* PMAP_DEBUG */
361 * This table must corespond with memory attribute configuration in vm.h.
362 * First entry is used for normal system mapping.
364 * Device memory is always marked as shared.
365 * Normal memory is shared only in SMP .
366 * Not outer shareable bits are not used yet.
367 * Class 6 cannot be used on ARM11.
369 #define TEXDEF_TYPE_SHIFT 0
370 #define TEXDEF_TYPE_MASK 0x3
371 #define TEXDEF_INNER_SHIFT 2
372 #define TEXDEF_INNER_MASK 0x3
373 #define TEXDEF_OUTER_SHIFT 4
374 #define TEXDEF_OUTER_MASK 0x3
375 #define TEXDEF_NOS_SHIFT 6
376 #define TEXDEF_NOS_MASK 0x1
378 #define TEX(t, i, o, s) \
379 ((t) << TEXDEF_TYPE_SHIFT) | \
380 ((i) << TEXDEF_INNER_SHIFT) | \
381 ((o) << TEXDEF_OUTER_SHIFT | \
382 ((s) << TEXDEF_NOS_SHIFT))
384 static uint32_t tex_class[8] = {
385 /* type inner cache outer cache */
386 TEX(PRRR_MEM, NMRR_WB_WA, NMRR_WB_WA, 0), /* 0 - ATTR_WB_WA */
387 TEX(PRRR_MEM, NMRR_NC, NMRR_NC, 0), /* 1 - ATTR_NOCACHE */
388 TEX(PRRR_DEV, NMRR_NC, NMRR_NC, 0), /* 2 - ATTR_DEVICE */
389 TEX(PRRR_SO, NMRR_NC, NMRR_NC, 0), /* 3 - ATTR_SO */
390 TEX(PRRR_MEM, NMRR_WT, NMRR_WT, 0), /* 4 - ATTR_WT */
391 TEX(PRRR_MEM, NMRR_NC, NMRR_NC, 0), /* 5 - NOT USED YET */
392 TEX(PRRR_MEM, NMRR_NC, NMRR_NC, 0), /* 6 - NOT USED YET */
393 TEX(PRRR_MEM, NMRR_NC, NMRR_NC, 0), /* 7 - NOT USED YET */
397 static uint32_t pte2_attr_tab[8] = {
398 PTE2_ATTR_WB_WA, /* 0 - VM_MEMATTR_WB_WA */
399 PTE2_ATTR_NOCACHE, /* 1 - VM_MEMATTR_NOCACHE */
400 PTE2_ATTR_DEVICE, /* 2 - VM_MEMATTR_DEVICE */
401 PTE2_ATTR_SO, /* 3 - VM_MEMATTR_SO */
402 PTE2_ATTR_WT, /* 4 - VM_MEMATTR_WRITE_THROUGH */
403 0, /* 5 - NOT USED YET */
404 0, /* 6 - NOT USED YET */
405 0 /* 7 - NOT USED YET */
407 CTASSERT(VM_MEMATTR_WB_WA == 0);
408 CTASSERT(VM_MEMATTR_NOCACHE == 1);
409 CTASSERT(VM_MEMATTR_DEVICE == 2);
410 CTASSERT(VM_MEMATTR_SO == 3);
411 CTASSERT(VM_MEMATTR_WRITE_THROUGH == 4);
413 static inline uint32_t
414 vm_memattr_to_pte2(vm_memattr_t ma)
417 KASSERT((u_int)ma < 5, ("%s: bad vm_memattr_t %d", __func__, ma));
418 return (pte2_attr_tab[(u_int)ma]);
421 static inline uint32_t
422 vm_page_pte2_attr(vm_page_t m)
425 return (vm_memattr_to_pte2(m->md.pat_mode));
429 * Convert TEX definition entry to TTB flags.
432 encode_ttb_flags(int idx)
434 uint32_t inner, outer, nos, reg;
436 inner = (tex_class[idx] >> TEXDEF_INNER_SHIFT) &
438 outer = (tex_class[idx] >> TEXDEF_OUTER_SHIFT) &
440 nos = (tex_class[idx] >> TEXDEF_NOS_SHIFT) &
445 if (cpuinfo.coherent_walk)
446 reg |= (inner & 0x1) << 6;
447 reg |= (inner & 0x2) >> 1;
455 * Set TEX remapping registers in current CPU.
461 uint32_t type, inner, outer, nos;
464 #ifdef PMAP_PTE_NOCACHE
466 if (cpuinfo.coherent_walk) {
467 pt_memattr = VM_MEMATTR_WB_WA;
468 ttb_flags = encode_ttb_flags(0);
471 pt_memattr = VM_MEMATTR_NOCACHE;
472 ttb_flags = encode_ttb_flags(1);
475 pt_memattr = VM_MEMATTR_WB_WA;
476 ttb_flags = encode_ttb_flags(0);
482 /* Build remapping register from TEX classes. */
483 for (i = 0; i < 8; i++) {
484 type = (tex_class[i] >> TEXDEF_TYPE_SHIFT) &
486 inner = (tex_class[i] >> TEXDEF_INNER_SHIFT) &
488 outer = (tex_class[i] >> TEXDEF_OUTER_SHIFT) &
490 nos = (tex_class[i] >> TEXDEF_NOS_SHIFT) &
493 prrr |= type << (i * 2);
494 prrr |= nos << (i + 24);
495 nmrr |= inner << (i * 2);
496 nmrr |= outer << (i * 2 + 16);
498 /* Add shareable bits for device memory. */
499 prrr |= PRRR_DS0 | PRRR_DS1;
501 /* Add shareable bits for normal memory in SMP case. */
508 /* Caches are disabled, so full TLB flush should be enough. */
509 tlb_flush_all_local();
513 * KERNBASE must be multiple of NPT2_IN_PG * PTE1_SIZE. In other words,
514 * KERNBASE is mapped by first L2 page table in L2 page table page. It
515 * meets same constrain due to PT2MAP being placed just under KERNBASE.
517 CTASSERT((KERNBASE & (NPT2_IN_PG * PTE1_SIZE - 1)) == 0);
518 CTASSERT((KERNBASE - VM_MAXUSER_ADDRESS) >= PT2MAP_SIZE);
521 * In crazy dreams, PAGE_SIZE could be a multiple of PTE2_SIZE in general.
522 * For now, anyhow, the following check must be fulfilled.
524 CTASSERT(PAGE_SIZE == PTE2_SIZE);
526 * We don't want to mess up MI code with all MMU and PMAP definitions,
527 * so some things, which depend on other ones, are defined independently.
528 * Now, it is time to check that we don't screw up something.
530 CTASSERT(PDRSHIFT == PTE1_SHIFT);
532 * Check L1 and L2 page table entries definitions consistency.
534 CTASSERT(NB_IN_PT1 == (sizeof(pt1_entry_t) * NPTE1_IN_PT1));
535 CTASSERT(NB_IN_PT2 == (sizeof(pt2_entry_t) * NPTE2_IN_PT2));
537 * Check L2 page tables page consistency.
539 CTASSERT(PAGE_SIZE == (NPT2_IN_PG * NB_IN_PT2));
540 CTASSERT((1 << PT2PG_SHIFT) == NPT2_IN_PG);
542 * Check PT2TAB consistency.
543 * PT2TAB_ENTRIES is defined as a division of NPTE1_IN_PT1 by NPT2_IN_PG.
544 * This should be done without remainder.
546 CTASSERT(NPTE1_IN_PT1 == (PT2TAB_ENTRIES * NPT2_IN_PG));
551 * All level 2 page tables (PT2s) are mapped continuously and accordingly
552 * into PT2MAP address space. As PT2 size is less than PAGE_SIZE, this can
553 * be done only if PAGE_SIZE is a multiple of PT2 size. All PT2s in one page
554 * must be used together, but not necessary at once. The first PT2 in a page
555 * must map things on correctly aligned address and the others must follow
558 #define NB_IN_PT2TAB (PT2TAB_ENTRIES * sizeof(pt2_entry_t))
559 #define NPT2_IN_PT2TAB (NB_IN_PT2TAB / NB_IN_PT2)
560 #define NPG_IN_PT2TAB (NB_IN_PT2TAB / PAGE_SIZE)
563 * Check PT2TAB consistency.
564 * NPT2_IN_PT2TAB is defined as a division of NB_IN_PT2TAB by NB_IN_PT2.
565 * NPG_IN_PT2TAB is defined as a division of NB_IN_PT2TAB by PAGE_SIZE.
566 * The both should be done without remainder.
568 CTASSERT(NB_IN_PT2TAB == (NPT2_IN_PT2TAB * NB_IN_PT2));
569 CTASSERT(NB_IN_PT2TAB == (NPG_IN_PT2TAB * PAGE_SIZE));
571 * The implementation was made general, however, with the assumption
572 * bellow in mind. In case of another value of NPG_IN_PT2TAB,
573 * the code should be once more rechecked.
575 CTASSERT(NPG_IN_PT2TAB == 1);
578 * Get offset of PT2 in a page
579 * associated with given PT1 index.
581 static __inline u_int
582 page_pt2off(u_int pt1_idx)
585 return ((pt1_idx & PT2PG_MASK) * NB_IN_PT2);
589 * Get physical address of PT2
590 * associated with given PT2s page and PT1 index.
592 static __inline vm_paddr_t
593 page_pt2pa(vm_paddr_t pgpa, u_int pt1_idx)
596 return (pgpa + page_pt2off(pt1_idx));
600 * Get first entry of PT2
601 * associated with given PT2s page and PT1 index.
603 static __inline pt2_entry_t *
604 page_pt2(vm_offset_t pgva, u_int pt1_idx)
607 return ((pt2_entry_t *)(pgva + page_pt2off(pt1_idx)));
611 * Get virtual address of PT2s page (mapped in PT2MAP)
612 * which holds PT2 which holds entry which maps given virtual address.
614 static __inline vm_offset_t
615 pt2map_pt2pg(vm_offset_t va)
618 va &= ~(NPT2_IN_PG * PTE1_SIZE - 1);
619 return ((vm_offset_t)pt2map_entry(va));
622 /*****************************************************************************
624 * THREE pmap initialization milestones exist:
627 * -> fundamental init (including MMU) in ASM
630 * -> fundamental init continues in C
631 * -> first available physical address is known
633 * pmap_bootstrap_prepare() -> FIRST PMAP MILESTONE (first epoch begins)
634 * -> basic (safe) interface for physical address allocation is made
635 * -> basic (safe) interface for virtual mapping is made
636 * -> limited not SMP coherent work is possible
638 * -> more fundamental init continues in C
639 * -> locks and some more things are available
640 * -> all fundamental allocations and mappings are done
642 * pmap_bootstrap() -> SECOND PMAP MILESTONE (second epoch begins)
643 * -> phys_avail[] and virtual_avail is set
644 * -> control is passed to vm subsystem
645 * -> physical and virtual address allocation are off limit
646 * -> low level mapping functions, some SMP coherent,
647 * are available, which cannot be used before vm subsystem
651 * -> vm subsystem is being inited
653 * pmap_init() -> THIRD PMAP MILESTONE (third epoch begins)
654 * -> pmap is fully inited
656 *****************************************************************************/
658 /*****************************************************************************
660 * PMAP first stage initialization and utility functions
661 * for pre-bootstrap epoch.
663 * After pmap_bootstrap_prepare() is called, the following functions
666 * (1) strictly only for this stage functions for physical page allocations,
667 * virtual space allocations, and mappings:
669 * vm_paddr_t pmap_preboot_get_pages(u_int num);
670 * void pmap_preboot_map_pages(vm_paddr_t pa, vm_offset_t va, u_int num);
671 * vm_offset_t pmap_preboot_reserve_pages(u_int num);
672 * vm_offset_t pmap_preboot_get_vpages(u_int num);
673 * void pmap_preboot_map_attr(vm_paddr_t pa, vm_offset_t va, vm_size_t size,
674 * vm_prot_t prot, vm_memattr_t attr);
676 * (2) for all stages:
678 * vm_paddr_t pmap_kextract(vm_offset_t va);
680 * NOTE: This is not SMP coherent stage.
682 *****************************************************************************/
684 #define KERNEL_P2V(pa) \
685 ((vm_offset_t)((pa) - arm_physmem_kernaddr + KERNVIRTADDR))
686 #define KERNEL_V2P(va) \
687 ((vm_paddr_t)((va) - KERNVIRTADDR + arm_physmem_kernaddr))
689 static vm_paddr_t last_paddr;
692 * Pre-bootstrap epoch page allocator.
695 pmap_preboot_get_pages(u_int num)
700 last_paddr += num * PAGE_SIZE;
706 * The fundamental initialization of PMAP stuff.
708 * Some things already happened in locore.S and some things could happen
709 * before pmap_bootstrap_prepare() is called, so let's recall what is done:
710 * 1. Caches are disabled.
711 * 2. We are running on virtual addresses already with 'boot_pt1'
713 * 3. So far, all virtual addresses can be converted to physical ones and
714 * vice versa by the following macros:
715 * KERNEL_P2V(pa) .... physical to virtual ones,
716 * KERNEL_V2P(va) .... virtual to physical ones.
718 * What is done herein:
719 * 1. The 'boot_pt1' is replaced by real kernel L1 page table 'kern_pt1'.
720 * 2. PT2MAP magic is brought to live.
721 * 3. Basic preboot functions for page allocations and mappings can be used.
722 * 4. Everything is prepared for L1 cache enabling.
725 * 1. To use second TTB register, so kernel and users page tables will be
726 * separated. This way process forking - pmap_pinit() - could be faster,
727 * it saves physical pages and KVA per a process, and it's simple change.
728 * However, it will lead, due to hardware matter, to the following:
729 * (a) 2G space for kernel and 2G space for users.
730 * (b) 1G space for kernel in low addresses and 3G for users above it.
731 * A question is: Is the case (b) really an option? Note that case (b)
732 * does save neither physical memory and KVA.
735 pmap_bootstrap_prepare(vm_paddr_t last)
737 vm_paddr_t pt2pg_pa, pt2tab_pa, pa, size;
738 vm_offset_t pt2pg_va;
742 uint32_t actlr_mask, actlr_set, l1_attr;
745 * Now, we are going to make real kernel mapping. Note that we are
746 * already running on some mapping made in locore.S and we expect
747 * that it's large enough to ensure nofault access to physical memory
748 * allocated herein before switch.
750 * As kernel image and everything needed before are and will be mapped
751 * by section mappings, we align last physical address to PTE1_SIZE.
753 last_paddr = pte1_roundup(last);
756 * Allocate and zero page(s) for kernel L1 page table.
758 * Note that it's first allocation on space which was PTE1_SIZE
759 * aligned and as such base_pt1 is aligned to NB_IN_PT1 too.
761 base_pt1 = pmap_preboot_get_pages(NPG_IN_PT1);
762 kern_pt1 = (pt1_entry_t *)KERNEL_P2V(base_pt1);
763 bzero((void*)kern_pt1, NB_IN_PT1);
764 pte1_sync_range(kern_pt1, NB_IN_PT1);
766 /* Allocate and zero page(s) for kernel PT2TAB. */
767 pt2tab_pa = pmap_preboot_get_pages(NPG_IN_PT2TAB);
768 kern_pt2tab = (pt2_entry_t *)KERNEL_P2V(pt2tab_pa);
769 bzero(kern_pt2tab, NB_IN_PT2TAB);
770 pte2_sync_range(kern_pt2tab, NB_IN_PT2TAB);
772 /* Allocate and zero page(s) for kernel L2 page tables. */
773 pt2pg_pa = pmap_preboot_get_pages(NKPT2PG);
774 pt2pg_va = KERNEL_P2V(pt2pg_pa);
775 size = NKPT2PG * PAGE_SIZE;
776 bzero((void*)pt2pg_va, size);
777 pte2_sync_range((pt2_entry_t *)pt2pg_va, size);
780 * Add a physical memory segment (vm_phys_seg) corresponding to the
781 * preallocated pages for kernel L2 page tables so that vm_page
782 * structures representing these pages will be created. The vm_page
783 * structures are required for promotion of the corresponding kernel
784 * virtual addresses to section mappings.
786 vm_phys_add_seg(pt2tab_pa, pmap_preboot_get_pages(0));
789 * Insert allocated L2 page table pages to PT2TAB and make
790 * link to all PT2s in L1 page table. See how kernel_vm_end
793 * We play simple and safe. So every KVA will have underlaying
794 * L2 page table, even kernel image mapped by sections.
796 pte2p = kern_pt2tab_entry(KERNBASE);
797 for (pa = pt2pg_pa; pa < pt2pg_pa + size; pa += PTE2_SIZE)
798 pt2tab_store(pte2p++, PTE2_KPT(pa));
800 pte1p = kern_pte1(KERNBASE);
801 for (pa = pt2pg_pa; pa < pt2pg_pa + size; pa += NB_IN_PT2)
802 pte1_store(pte1p++, PTE1_LINK(pa));
804 /* Make section mappings for kernel. */
805 l1_attr = ATTR_TO_L1(PTE2_ATTR_DEFAULT);
806 pte1p = kern_pte1(KERNBASE);
807 for (pa = KERNEL_V2P(KERNBASE); pa < last; pa += PTE1_SIZE)
808 pte1_store(pte1p++, PTE1_KERN(pa, PTE1_AP_KRW, l1_attr));
811 * Get free and aligned space for PT2MAP and make L1 page table links
812 * to L2 page tables held in PT2TAB.
814 * Note that pages holding PT2s are stored in PT2TAB as pt2_entry_t
815 * descriptors and PT2TAB page(s) itself is(are) used as PT2s. Thus
816 * each entry in PT2TAB maps all PT2s in a page. This implies that
817 * virtual address of PT2MAP must be aligned to NPT2_IN_PG * PTE1_SIZE.
819 PT2MAP = (pt2_entry_t *)(KERNBASE - PT2MAP_SIZE);
820 pte1p = kern_pte1((vm_offset_t)PT2MAP);
821 for (pa = pt2tab_pa, i = 0; i < NPT2_IN_PT2TAB; i++, pa += NB_IN_PT2) {
822 pte1_store(pte1p++, PTE1_LINK(pa));
826 * Store PT2TAB in PT2TAB itself, i.e. self reference mapping.
827 * Each pmap will hold own PT2TAB, so the mapping should be not global.
829 pte2p = kern_pt2tab_entry((vm_offset_t)PT2MAP);
830 for (pa = pt2tab_pa, i = 0; i < NPG_IN_PT2TAB; i++, pa += PTE2_SIZE) {
831 pt2tab_store(pte2p++, PTE2_KPT_NG(pa));
835 * Choose correct L2 page table and make mappings for allocations
836 * made herein which replaces temporary locore.S mappings after a while.
837 * Note that PT2MAP cannot be used until we switch to kern_pt1.
839 * Note, that these allocations started aligned on 1M section and
840 * kernel PT1 was allocated first. Making of mappings must follow
841 * order of physical allocations as we've used KERNEL_P2V() macro
842 * for virtual addresses resolution.
844 pte2p = kern_pt2tab_entry((vm_offset_t)kern_pt1);
845 pt2pg_va = KERNEL_P2V(pte2_pa(pte2_load(pte2p)));
847 pte2p = page_pt2(pt2pg_va, pte1_index((vm_offset_t)kern_pt1));
849 /* Make mapping for kernel L1 page table. */
850 for (pa = base_pt1, i = 0; i < NPG_IN_PT1; i++, pa += PTE2_SIZE)
851 pte2_store(pte2p++, PTE2_KPT(pa));
853 /* Make mapping for kernel PT2TAB. */
854 for (pa = pt2tab_pa, i = 0; i < NPG_IN_PT2TAB; i++, pa += PTE2_SIZE)
855 pte2_store(pte2p++, PTE2_KPT(pa));
857 /* Finally, switch from 'boot_pt1' to 'kern_pt1'. */
858 pmap_kern_ttb = base_pt1 | ttb_flags;
859 cpuinfo_get_actlr_modifier(&actlr_mask, &actlr_set);
860 reinit_mmu(pmap_kern_ttb, actlr_mask, actlr_set);
862 * Initialize the first available KVA. As kernel image is mapped by
863 * sections, we are leaving some gap behind.
865 virtual_avail = (vm_offset_t)kern_pt2tab + NPG_IN_PT2TAB * PAGE_SIZE;
869 * Setup L2 page table page for given KVA.
870 * Used in pre-bootstrap epoch.
872 * Note that we have allocated NKPT2PG pages for L2 page tables in advance
873 * and used them for mapping KVA starting from KERNBASE. However, this is not
874 * enough. Vectors and devices need L2 page tables too. Note that they are
875 * even above VM_MAX_KERNEL_ADDRESS.
877 static __inline vm_paddr_t
878 pmap_preboot_pt2pg_setup(vm_offset_t va)
880 pt2_entry_t *pte2p, pte2;
883 /* Get associated entry in PT2TAB. */
884 pte2p = kern_pt2tab_entry(va);
886 /* Just return, if PT2s page exists already. */
887 pte2 = pt2tab_load(pte2p);
888 if (pte2_is_valid(pte2))
889 return (pte2_pa(pte2));
891 KASSERT(va >= VM_MAX_KERNEL_ADDRESS,
892 ("%s: NKPT2PG too small", __func__));
895 * Allocate page for PT2s and insert it to PT2TAB.
896 * In other words, map it into PT2MAP space.
898 pt2pg_pa = pmap_preboot_get_pages(1);
899 pt2tab_store(pte2p, PTE2_KPT(pt2pg_pa));
901 /* Zero all PT2s in allocated page. */
902 bzero((void*)pt2map_pt2pg(va), PAGE_SIZE);
903 pte2_sync_range((pt2_entry_t *)pt2map_pt2pg(va), PAGE_SIZE);
909 * Setup L2 page table for given KVA.
910 * Used in pre-bootstrap epoch.
913 pmap_preboot_pt2_setup(vm_offset_t va)
916 vm_paddr_t pt2pg_pa, pt2_pa;
918 /* Setup PT2's page. */
919 pt2pg_pa = pmap_preboot_pt2pg_setup(va);
920 pt2_pa = page_pt2pa(pt2pg_pa, pte1_index(va));
922 /* Insert PT2 to PT1. */
923 pte1p = kern_pte1(va);
924 pte1_store(pte1p, PTE1_LINK(pt2_pa));
928 * Get L2 page entry associated with given KVA.
929 * Used in pre-bootstrap epoch.
931 static __inline pt2_entry_t*
932 pmap_preboot_vtopte2(vm_offset_t va)
936 /* Setup PT2 if needed. */
937 pte1p = kern_pte1(va);
938 if (!pte1_is_valid(pte1_load(pte1p))) /* XXX - sections ?! */
939 pmap_preboot_pt2_setup(va);
941 return (pt2map_entry(va));
945 * Pre-bootstrap epoch page(s) mapping(s).
948 pmap_preboot_map_pages(vm_paddr_t pa, vm_offset_t va, u_int num)
953 /* Map all the pages. */
954 for (i = 0; i < num; i++) {
955 pte2p = pmap_preboot_vtopte2(va);
956 pte2_store(pte2p, PTE2_KRW(pa));
963 * Pre-bootstrap epoch virtual space alocator.
966 pmap_preboot_reserve_pages(u_int num)
969 vm_offset_t start, va;
972 /* Allocate virtual space. */
973 start = va = virtual_avail;
974 virtual_avail += num * PAGE_SIZE;
976 /* Zero the mapping. */
977 for (i = 0; i < num; i++) {
978 pte2p = pmap_preboot_vtopte2(va);
979 pte2_store(pte2p, 0);
987 * Pre-bootstrap epoch page(s) allocation and mapping(s).
990 pmap_preboot_get_vpages(u_int num)
995 /* Allocate physical page(s). */
996 pa = pmap_preboot_get_pages(num);
998 /* Allocate virtual space. */
1000 virtual_avail += num * PAGE_SIZE;
1002 /* Map and zero all. */
1003 pmap_preboot_map_pages(pa, va, num);
1004 bzero((void *)va, num * PAGE_SIZE);
1010 * Pre-bootstrap epoch page mapping(s) with attributes.
1013 pmap_preboot_map_attr(vm_paddr_t pa, vm_offset_t va, vm_size_t size,
1014 vm_prot_t prot, vm_memattr_t attr)
1017 u_int l1_attr, l1_prot, l2_prot, l2_attr;
1021 l2_prot = prot & VM_PROT_WRITE ? PTE2_AP_KRW : PTE2_AP_KR;
1022 l2_prot |= (prot & VM_PROT_EXECUTE) ? PTE2_X : PTE2_NX;
1023 l2_attr = vm_memattr_to_pte2(attr);
1024 l1_prot = ATTR_TO_L1(l2_prot);
1025 l1_attr = ATTR_TO_L1(l2_attr);
1027 /* Map all the pages. */
1028 num = round_page(size);
1030 if ((((va | pa) & PTE1_OFFSET) == 0) && (num >= PTE1_SIZE)) {
1031 pte1p = kern_pte1(va);
1032 pte1_store(pte1p, PTE1_KERN(pa, l1_prot, l1_attr));
1037 pte2p = pmap_preboot_vtopte2(va);
1038 pte2_store(pte2p, PTE2_KERN(pa, l2_prot, l2_attr));
1047 * Extract from the kernel page table the physical address
1048 * that is mapped by the given virtual address "va".
1051 pmap_kextract(vm_offset_t va)
1057 pte1 = pte1_load(kern_pte1(va));
1058 if (pte1_is_section(pte1)) {
1059 pa = pte1_pa(pte1) | (va & PTE1_OFFSET);
1060 } else if (pte1_is_link(pte1)) {
1062 * We should beware of concurrent promotion that changes
1063 * pte1 at this point. However, it's not a problem as PT2
1064 * page is preserved by promotion in PT2TAB. So even if
1065 * it happens, using of PT2MAP is still safe.
1067 * QQQ: However, concurrent removing is a problem which
1068 * ends in abort on PT2MAP space. Locking must be used
1069 * to deal with this.
1071 pte2 = pte2_load(pt2map_entry(va));
1072 pa = pte2_pa(pte2) | (va & PTE2_OFFSET);
1075 panic("%s: va %#x pte1 %#x", __func__, va, pte1);
1081 * Extract from the kernel page table the physical address
1082 * that is mapped by the given virtual address "va". Also
1083 * return L2 page table entry which maps the address.
1085 * This is only intended to be used for panic dumps.
1088 pmap_dump_kextract(vm_offset_t va, pt2_entry_t *pte2p)
1094 pte1 = pte1_load(kern_pte1(va));
1095 if (pte1_is_section(pte1)) {
1096 pa = pte1_pa(pte1) | (va & PTE1_OFFSET);
1097 pte2 = pa | ATTR_TO_L2(pte1) | PTE2_V;
1098 } else if (pte1_is_link(pte1)) {
1099 pte2 = pte2_load(pt2map_entry(va));
1110 /*****************************************************************************
1112 * PMAP second stage initialization and utility functions
1113 * for bootstrap epoch.
1115 * After pmap_bootstrap() is called, the following functions for
1116 * mappings can be used:
1118 * void pmap_kenter(vm_offset_t va, vm_paddr_t pa);
1119 * void pmap_kremove(vm_offset_t va);
1120 * vm_offset_t pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end,
1123 * NOTE: This is not SMP coherent stage. And physical page allocation is not
1124 * allowed during this stage.
1126 *****************************************************************************/
1129 * Initialize kernel PMAP locks and lists, kernel_pmap itself, and
1130 * reserve various virtual spaces for temporary mappings.
1133 pmap_bootstrap(vm_offset_t firstaddr)
1135 pt2_entry_t *unused __unused;
1136 struct sysmaps *sysmaps;
1140 * Initialize the kernel pmap (which is statically allocated).
1142 PMAP_LOCK_INIT(kernel_pmap);
1143 kernel_l1pa = (vm_paddr_t)kern_pt1; /* for libkvm */
1144 kernel_pmap->pm_pt1 = kern_pt1;
1145 kernel_pmap->pm_pt2tab = kern_pt2tab;
1146 CPU_FILL(&kernel_pmap->pm_active); /* don't allow deactivation */
1147 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
1150 * Initialize the global pv list lock.
1152 rw_init(&pvh_global_lock, "pmap pv global");
1154 LIST_INIT(&allpmaps);
1157 * Request a spin mutex so that changes to allpmaps cannot be
1158 * preempted by smp_rendezvous_cpus().
1160 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_SPIN);
1161 mtx_lock_spin(&allpmaps_lock);
1162 LIST_INSERT_HEAD(&allpmaps, kernel_pmap, pm_list);
1163 mtx_unlock_spin(&allpmaps_lock);
1166 * Reserve some special page table entries/VA space for temporary
1169 #define SYSMAP(c, p, v, n) do { \
1170 v = (c)pmap_preboot_reserve_pages(n); \
1171 p = pt2map_entry((vm_offset_t)v); \
1175 * Local CMAP1/CMAP2 are used for zeroing and copying pages.
1176 * Local CMAP3 is used for data cache cleaning.
1178 for (i = 0; i < MAXCPU; i++) {
1179 sysmaps = &sysmaps_pcpu[i];
1180 mtx_init(&sysmaps->lock, "SYSMAPS", NULL, MTX_DEF);
1181 SYSMAP(caddr_t, sysmaps->CMAP1, sysmaps->CADDR1, 1);
1182 SYSMAP(caddr_t, sysmaps->CMAP2, sysmaps->CADDR2, 1);
1183 SYSMAP(caddr_t, sysmaps->CMAP3, sysmaps->CADDR3, 1);
1189 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS);
1192 * _tmppt is used for reading arbitrary physical pages via /dev/mem.
1194 SYSMAP(caddr_t, unused, _tmppt, 1);
1197 * PADDR1 and PADDR2 are used by pmap_pte2_quick() and pmap_pte2(),
1198 * respectively. PADDR3 is used by pmap_pte2_ddb().
1200 SYSMAP(pt2_entry_t *, PMAP1, PADDR1, 1);
1201 SYSMAP(pt2_entry_t *, PMAP2, PADDR2, 1);
1203 SYSMAP(pt2_entry_t *, PMAP3, PADDR3, 1);
1205 mtx_init(&PMAP2mutex, "PMAP2", NULL, MTX_DEF);
1208 * Note that in very short time in initarm(), we are going to
1209 * initialize phys_avail[] array and no further page allocation
1210 * can happen after that until vm subsystem will be initialized.
1212 kernel_vm_end_new = kernel_vm_end;
1213 virtual_end = vm_max_kernel_address;
1217 pmap_init_qpages(void)
1224 pc->pc_qmap_addr = kva_alloc(PAGE_SIZE);
1225 if (pc->pc_qmap_addr == 0)
1226 panic("%s: unable to allocate KVA", __func__);
1229 SYSINIT(qpages_init, SI_SUB_CPU, SI_ORDER_ANY, pmap_init_qpages, NULL);
1232 * The function can already be use in second initialization stage.
1233 * As such, the function DOES NOT call pmap_growkernel() where PT2
1234 * allocation can happen. So if used, be sure that PT2 for given
1235 * virtual address is allocated already!
1237 * Add a wired page to the kva.
1238 * Note: not SMP coherent.
1240 static __inline void
1241 pmap_kenter_prot_attr(vm_offset_t va, vm_paddr_t pa, uint32_t prot,
1247 pte1p = kern_pte1(va);
1248 if (!pte1_is_valid(pte1_load(pte1p))) { /* XXX - sections ?! */
1250 * This is a very low level function, so PT2 and particularly
1251 * PT2PG associated with given virtual address must be already
1252 * allocated. It's a pain mainly during pmap initialization
1253 * stage. However, called after pmap initialization with
1254 * virtual address not under kernel_vm_end will lead to
1257 if (!pte2_is_valid(pte2_load(kern_pt2tab_entry(va))))
1258 panic("%s: kernel PT2 not allocated!", __func__);
1261 pte2p = pt2map_entry(va);
1262 pte2_store(pte2p, PTE2_KERN(pa, prot, attr));
1266 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1269 pmap_kenter_prot_attr(va, pa, PTE2_AP_KRW, PTE2_ATTR_DEFAULT);
1273 * Remove a page from the kernel pagetables.
1274 * Note: not SMP coherent.
1277 pmap_kremove(vm_offset_t va)
1281 pte2p = pt2map_entry(va);
1286 * Share new kernel PT2PG with all pmaps.
1287 * The caller is responsible for maintaining TLB consistency.
1290 pmap_kenter_pt2tab(vm_offset_t va, pt2_entry_t npte2)
1295 mtx_lock_spin(&allpmaps_lock);
1296 LIST_FOREACH(pmap, &allpmaps, pm_list) {
1297 pte2p = pmap_pt2tab_entry(pmap, va);
1298 pt2tab_store(pte2p, npte2);
1300 mtx_unlock_spin(&allpmaps_lock);
1304 * Share new kernel PTE1 with all pmaps.
1305 * The caller is responsible for maintaining TLB consistency.
1308 pmap_kenter_pte1(vm_offset_t va, pt1_entry_t npte1)
1313 mtx_lock_spin(&allpmaps_lock);
1314 LIST_FOREACH(pmap, &allpmaps, pm_list) {
1315 pte1p = pmap_pte1(pmap, va);
1316 pte1_store(pte1p, npte1);
1318 mtx_unlock_spin(&allpmaps_lock);
1322 * Used to map a range of physical addresses into kernel
1323 * virtual address space.
1325 * The value passed in '*virt' is a suggested virtual address for
1326 * the mapping. Architectures which can support a direct-mapped
1327 * physical to virtual region can return the appropriate address
1328 * within that region, leaving '*virt' unchanged. Other
1329 * architectures should map the pages starting at '*virt' and
1330 * update '*virt' with the first usable address after the mapped
1333 * NOTE: Read the comments above pmap_kenter_prot_attr() as
1334 * the function is used herein!
1337 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1339 vm_offset_t va, sva;
1340 vm_paddr_t pte1_offset;
1342 uint32_t l1prot, l2prot;
1343 uint32_t l1attr, l2attr;
1345 PDEBUG(1, printf("%s: virt = %#x, start = %#x, end = %#x (size = %#x),"
1346 " prot = %d\n", __func__, *virt, start, end, end - start, prot));
1348 l2prot = (prot & VM_PROT_WRITE) ? PTE2_AP_KRW : PTE2_AP_KR;
1349 l2prot |= (prot & VM_PROT_EXECUTE) ? PTE2_X : PTE2_NX;
1350 l1prot = ATTR_TO_L1(l2prot);
1352 l2attr = PTE2_ATTR_DEFAULT;
1353 l1attr = ATTR_TO_L1(l2attr);
1357 * Does the physical address range's size and alignment permit at
1358 * least one section mapping to be created?
1360 pte1_offset = start & PTE1_OFFSET;
1361 if ((end - start) - ((PTE1_SIZE - pte1_offset) & PTE1_OFFSET) >=
1364 * Increase the starting virtual address so that its alignment
1365 * does not preclude the use of section mappings.
1367 if ((va & PTE1_OFFSET) < pte1_offset)
1368 va = pte1_trunc(va) + pte1_offset;
1369 else if ((va & PTE1_OFFSET) > pte1_offset)
1370 va = pte1_roundup(va) + pte1_offset;
1373 while (start < end) {
1374 if ((start & PTE1_OFFSET) == 0 && end - start >= PTE1_SIZE) {
1375 KASSERT((va & PTE1_OFFSET) == 0,
1376 ("%s: misaligned va %#x", __func__, va));
1377 npte1 = PTE1_KERN(start, l1prot, l1attr);
1378 pmap_kenter_pte1(va, npte1);
1382 pmap_kenter_prot_attr(va, start, l2prot, l2attr);
1387 tlb_flush_range(sva, va - sva);
1393 * Make a temporary mapping for a physical address.
1394 * This is only intended to be used for panic dumps.
1397 pmap_kenter_temporary(vm_paddr_t pa, int i)
1401 /* QQQ: 'i' should be less or equal to MAXDUMPPGS. */
1403 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
1404 pmap_kenter(va, pa);
1405 tlb_flush_local(va);
1406 return ((void *)crashdumpmap);
1410 /*************************************
1412 * TLB & cache maintenance routines.
1414 *************************************/
1417 * We inline these within pmap.c for speed.
1420 pmap_tlb_flush(pmap_t pmap, vm_offset_t va)
1423 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1428 pmap_tlb_flush_range(pmap_t pmap, vm_offset_t sva, vm_size_t size)
1431 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1432 tlb_flush_range(sva, size);
1436 * Abuse the pte2 nodes for unmapped kva to thread a kva freelist through.
1438 * - Must deal with pages in order to ensure that none of the PTE2_* bits
1439 * are ever set, PTE2_V in particular.
1440 * - Assumes we can write to pte2s without pte2_store() atomic ops.
1441 * - Assumes nothing will ever test these addresses for 0 to indicate
1442 * no mapping instead of correctly checking PTE2_V.
1443 * - Assumes a vm_offset_t will fit in a pte2 (true for arm).
1444 * Because PTE2_V is never set, there can be no mappings to invalidate.
1447 pmap_pte2list_alloc(vm_offset_t *head)
1454 panic("pmap_ptelist_alloc: exhausted ptelist KVA");
1455 pte2p = pt2map_entry(va);
1458 panic("%s: va with PTE2_V set!", __func__);
1464 pmap_pte2list_free(vm_offset_t *head, vm_offset_t va)
1469 panic("%s: freeing va with PTE2_V set!", __func__);
1470 pte2p = pt2map_entry(va);
1471 *pte2p = *head; /* virtual! PTE2_V is 0 though */
1476 pmap_pte2list_init(vm_offset_t *head, void *base, int npages)
1482 for (i = npages - 1; i >= 0; i--) {
1483 va = (vm_offset_t)base + i * PAGE_SIZE;
1484 pmap_pte2list_free(head, va);
1488 /*****************************************************************************
1490 * PMAP third and final stage initialization.
1492 * After pmap_init() is called, PMAP subsystem is fully initialized.
1494 *****************************************************************************/
1496 SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
1498 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
1499 "Max number of PV entries");
1500 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
1501 "Page share factor per proc");
1503 static u_long nkpt2pg = NKPT2PG;
1504 SYSCTL_ULONG(_vm_pmap, OID_AUTO, nkpt2pg, CTLFLAG_RD,
1505 &nkpt2pg, 0, "Pre-allocated pages for kernel PT2s");
1507 static int sp_enabled = 1;
1508 SYSCTL_INT(_vm_pmap, OID_AUTO, sp_enabled, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
1509 &sp_enabled, 0, "Are large page mappings enabled?");
1511 static SYSCTL_NODE(_vm_pmap, OID_AUTO, pte1, CTLFLAG_RD, 0,
1512 "1MB page mapping counters");
1514 static u_long pmap_pte1_demotions;
1515 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, demotions, CTLFLAG_RD,
1516 &pmap_pte1_demotions, 0, "1MB page demotions");
1518 static u_long pmap_pte1_mappings;
1519 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, mappings, CTLFLAG_RD,
1520 &pmap_pte1_mappings, 0, "1MB page mappings");
1522 static u_long pmap_pte1_p_failures;
1523 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, p_failures, CTLFLAG_RD,
1524 &pmap_pte1_p_failures, 0, "1MB page promotion failures");
1526 static u_long pmap_pte1_promotions;
1527 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, promotions, CTLFLAG_RD,
1528 &pmap_pte1_promotions, 0, "1MB page promotions");
1530 static u_long pmap_pte1_kern_demotions;
1531 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, kern_demotions, CTLFLAG_RD,
1532 &pmap_pte1_kern_demotions, 0, "1MB page kernel demotions");
1534 static u_long pmap_pte1_kern_promotions;
1535 SYSCTL_ULONG(_vm_pmap_pte1, OID_AUTO, kern_promotions, CTLFLAG_RD,
1536 &pmap_pte1_kern_promotions, 0, "1MB page kernel promotions");
1538 static __inline ttb_entry_t
1539 pmap_ttb_get(pmap_t pmap)
1542 return (vtophys(pmap->pm_pt1) | ttb_flags);
1546 * Initialize a vm_page's machine-dependent fields.
1549 * 1. Pages for L2 page tables are always not managed. So, pv_list and
1550 * pt2_wirecount can share same physical space. However, proper
1551 * initialization on a page alloc for page tables and reinitialization
1552 * on the page free must be ensured.
1555 pmap_page_init(vm_page_t m)
1558 TAILQ_INIT(&m->md.pv_list);
1559 pt2_wirecount_init(m);
1560 m->md.pat_mode = VM_MEMATTR_DEFAULT;
1564 * Virtualization for faster way how to zero whole page.
1566 static __inline void
1567 pagezero(void *page)
1570 bzero(page, PAGE_SIZE);
1574 * Zero L2 page table page.
1575 * Use same KVA as in pmap_zero_page().
1577 static __inline vm_paddr_t
1578 pmap_pt2pg_zero(vm_page_t m)
1581 struct sysmaps *sysmaps;
1583 pa = VM_PAGE_TO_PHYS(m);
1586 * XXX: For now, we map whole page even if it's already zero,
1587 * to sync it even if the sync is only DSB.
1590 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
1591 mtx_lock(&sysmaps->lock);
1592 if (pte2_load(sysmaps->CMAP2) != 0)
1593 panic("%s: CMAP2 busy", __func__);
1594 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(pa, PTE2_AP_KRW,
1595 vm_page_pte2_attr(m)));
1596 /* Even VM_ALLOC_ZERO request is only advisory. */
1597 if ((m->flags & PG_ZERO) == 0)
1598 pagezero(sysmaps->CADDR2);
1599 pte2_sync_range((pt2_entry_t *)sysmaps->CADDR2, PAGE_SIZE);
1600 pte2_clear(sysmaps->CMAP2);
1601 tlb_flush((vm_offset_t)sysmaps->CADDR2);
1603 mtx_unlock(&sysmaps->lock);
1609 * Init just allocated page as L2 page table(s) holder
1610 * and return its physical address.
1612 static __inline vm_paddr_t
1613 pmap_pt2pg_init(pmap_t pmap, vm_offset_t va, vm_page_t m)
1618 /* Check page attributes. */
1619 if (m->md.pat_mode != pt_memattr)
1620 pmap_page_set_memattr(m, pt_memattr);
1622 /* Zero page and init wire counts. */
1623 pa = pmap_pt2pg_zero(m);
1624 pt2_wirecount_init(m);
1627 * Map page to PT2MAP address space for given pmap.
1628 * Note that PT2MAP space is shared with all pmaps.
1630 if (pmap == kernel_pmap)
1631 pmap_kenter_pt2tab(va, PTE2_KPT(pa));
1633 pte2p = pmap_pt2tab_entry(pmap, va);
1634 pt2tab_store(pte2p, PTE2_KPT_NG(pa));
1641 * Initialize the pmap module.
1642 * Called by vm_init, to initialize any structures that the pmap
1643 * system needs to map virtual memory.
1649 pt2_entry_t *pte2p, pte2;
1650 u_int i, pte1_idx, pv_npg;
1652 PDEBUG(1, printf("%s: phys_start = %#x\n", __func__, PHYSADDR));
1655 * Initialize the vm page array entries for kernel pmap's
1656 * L2 page table pages allocated in advance.
1658 pte1_idx = pte1_index(KERNBASE - PT2MAP_SIZE);
1659 pte2p = kern_pt2tab_entry(KERNBASE - PT2MAP_SIZE);
1660 for (i = 0; i < nkpt2pg + NPG_IN_PT2TAB; i++, pte2p++) {
1664 pte2 = pte2_load(pte2p);
1665 KASSERT(pte2_is_valid(pte2), ("%s: no valid entry", __func__));
1668 m = PHYS_TO_VM_PAGE(pa);
1669 KASSERT(m >= vm_page_array &&
1670 m < &vm_page_array[vm_page_array_size],
1671 ("%s: L2 page table page is out of range", __func__));
1673 m->pindex = pte1_idx;
1675 pte1_idx += NPT2_IN_PG;
1679 * Initialize the address space (zone) for the pv entries. Set a
1680 * high water mark so that the system can recover from excessive
1681 * numbers of pv entries.
1683 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
1684 pv_entry_max = shpgperproc * maxproc + vm_cnt.v_page_count;
1685 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
1686 pv_entry_max = roundup(pv_entry_max, _NPCPV);
1687 pv_entry_high_water = 9 * (pv_entry_max / 10);
1690 * Are large page mappings enabled?
1692 TUNABLE_INT_FETCH("vm.pmap.sp_enabled", &sp_enabled);
1694 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1695 ("%s: can't assign to pagesizes[1]", __func__));
1696 pagesizes[1] = PTE1_SIZE;
1700 * Calculate the size of the pv head table for sections.
1701 * Handle the possibility that "vm_phys_segs[...].end" is zero.
1702 * Note that the table is only for sections which could be promoted.
1704 first_managed_pa = pte1_trunc(vm_phys_segs[0].start);
1705 pv_npg = (pte1_trunc(vm_phys_segs[vm_phys_nsegs - 1].end - PAGE_SIZE)
1706 - first_managed_pa) / PTE1_SIZE + 1;
1709 * Allocate memory for the pv head table for sections.
1711 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1713 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s,
1715 for (i = 0; i < pv_npg; i++)
1716 TAILQ_INIT(&pv_table[i].pv_list);
1718 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
1719 pv_chunkbase = (struct pv_chunk *)kva_alloc(PAGE_SIZE * pv_maxchunks);
1720 if (pv_chunkbase == NULL)
1721 panic("%s: not enough kvm for pv chunks", __func__);
1722 pmap_pte2list_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
1726 * Add a list of wired pages to the kva
1727 * this routine is only used for temporary
1728 * kernel mappings that do not need to have
1729 * page modification or references recorded.
1730 * Note that old mappings are simply written
1731 * over. The page *must* be wired.
1732 * Note: SMP coherent. Uses a ranged shootdown IPI.
1735 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1738 pt2_entry_t *epte2p, *pte2p, pte2;
1743 pte2p = pt2map_entry(sva);
1744 epte2p = pte2p + count;
1745 while (pte2p < epte2p) {
1747 pa = VM_PAGE_TO_PHYS(m);
1748 pte2 = pte2_load(pte2p);
1749 if ((pte2_pa(pte2) != pa) ||
1750 (pte2_attr(pte2) != vm_page_pte2_attr(m))) {
1752 pte2_store(pte2p, PTE2_KERN(pa, PTE2_AP_KRW,
1753 vm_page_pte2_attr(m)));
1757 if (__predict_false(anychanged))
1758 tlb_flush_range(sva, count * PAGE_SIZE);
1762 * This routine tears out page mappings from the
1763 * kernel -- it is meant only for temporary mappings.
1764 * Note: SMP coherent. Uses a ranged shootdown IPI.
1767 pmap_qremove(vm_offset_t sva, int count)
1772 while (count-- > 0) {
1776 tlb_flush_range(sva, va - sva);
1780 * Are we current address space or kernel?
1783 pmap_is_current(pmap_t pmap)
1786 return (pmap == kernel_pmap ||
1787 (pmap == vmspace_pmap(curthread->td_proc->p_vmspace)));
1791 * If the given pmap is not the current or kernel pmap, the returned
1792 * pte2 must be released by passing it to pmap_pte2_release().
1794 static pt2_entry_t *
1795 pmap_pte2(pmap_t pmap, vm_offset_t va)
1798 vm_paddr_t pt2pg_pa;
1800 pte1 = pte1_load(pmap_pte1(pmap, va));
1801 if (pte1_is_section(pte1))
1802 panic("%s: attempt to map PTE1", __func__);
1803 if (pte1_is_link(pte1)) {
1804 /* Are we current address space or kernel? */
1805 if (pmap_is_current(pmap))
1806 return (pt2map_entry(va));
1807 /* Note that L2 page table size is not equal to PAGE_SIZE. */
1808 pt2pg_pa = trunc_page(pte1_link_pa(pte1));
1809 mtx_lock(&PMAP2mutex);
1810 if (pte2_pa(pte2_load(PMAP2)) != pt2pg_pa) {
1811 pte2_store(PMAP2, PTE2_KPT(pt2pg_pa));
1812 tlb_flush((vm_offset_t)PADDR2);
1814 return (PADDR2 + (arm32_btop(va) & (NPTE2_IN_PG - 1)));
1820 * Releases a pte2 that was obtained from pmap_pte2().
1821 * Be prepared for the pte2p being NULL.
1823 static __inline void
1824 pmap_pte2_release(pt2_entry_t *pte2p)
1827 if ((pt2_entry_t *)(trunc_page((vm_offset_t)pte2p)) == PADDR2) {
1828 mtx_unlock(&PMAP2mutex);
1833 * Super fast pmap_pte2 routine best used when scanning
1834 * the pv lists. This eliminates many coarse-grained
1835 * invltlb calls. Note that many of the pv list
1836 * scans are across different pmaps. It is very wasteful
1837 * to do an entire tlb flush for checking a single mapping.
1839 * If the given pmap is not the current pmap, pvh_global_lock
1840 * must be held and curthread pinned to a CPU.
1842 static pt2_entry_t *
1843 pmap_pte2_quick(pmap_t pmap, vm_offset_t va)
1846 vm_paddr_t pt2pg_pa;
1848 pte1 = pte1_load(pmap_pte1(pmap, va));
1849 if (pte1_is_section(pte1))
1850 panic("%s: attempt to map PTE1", __func__);
1851 if (pte1_is_link(pte1)) {
1852 /* Are we current address space or kernel? */
1853 if (pmap_is_current(pmap))
1854 return (pt2map_entry(va));
1855 rw_assert(&pvh_global_lock, RA_WLOCKED);
1856 KASSERT(curthread->td_pinned > 0,
1857 ("%s: curthread not pinned", __func__));
1858 /* Note that L2 page table size is not equal to PAGE_SIZE. */
1859 pt2pg_pa = trunc_page(pte1_link_pa(pte1));
1860 if (pte2_pa(pte2_load(PMAP1)) != pt2pg_pa) {
1861 pte2_store(PMAP1, PTE2_KPT(pt2pg_pa));
1863 PMAP1cpu = PCPU_GET(cpuid);
1865 tlb_flush_local((vm_offset_t)PADDR1);
1869 if (PMAP1cpu != PCPU_GET(cpuid)) {
1870 PMAP1cpu = PCPU_GET(cpuid);
1871 tlb_flush_local((vm_offset_t)PADDR1);
1876 return (PADDR1 + (arm32_btop(va) & (NPTE2_IN_PG - 1)));
1882 * Routine: pmap_extract
1884 * Extract the physical page address associated
1885 * with the given map/virtual_address pair.
1888 pmap_extract(pmap_t pmap, vm_offset_t va)
1895 pte1 = pte1_load(pmap_pte1(pmap, va));
1896 if (pte1_is_section(pte1))
1897 pa = pte1_pa(pte1) | (va & PTE1_OFFSET);
1898 else if (pte1_is_link(pte1)) {
1899 pte2p = pmap_pte2(pmap, va);
1900 pa = pte2_pa(pte2_load(pte2p)) | (va & PTE2_OFFSET);
1901 pmap_pte2_release(pte2p);
1909 * Routine: pmap_extract_and_hold
1911 * Atomically extract and hold the physical page
1912 * with the given pmap and virtual address pair
1913 * if that mapping permits the given protection.
1916 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1918 vm_paddr_t pa, lockpa;
1920 pt2_entry_t pte2, *pte2p;
1927 pte1 = pte1_load(pmap_pte1(pmap, va));
1928 if (pte1_is_section(pte1)) {
1929 if (!(pte1 & PTE1_RO) || !(prot & VM_PROT_WRITE)) {
1930 pa = pte1_pa(pte1) | (va & PTE1_OFFSET);
1931 if (vm_page_pa_tryrelock(pmap, pa, &lockpa))
1933 m = PHYS_TO_VM_PAGE(pa);
1936 } else if (pte1_is_link(pte1)) {
1937 pte2p = pmap_pte2(pmap, va);
1938 pte2 = pte2_load(pte2p);
1939 pmap_pte2_release(pte2p);
1940 if (pte2_is_valid(pte2) &&
1941 (!(pte2 & PTE2_RO) || !(prot & VM_PROT_WRITE))) {
1943 if (vm_page_pa_tryrelock(pmap, pa, &lockpa))
1945 m = PHYS_TO_VM_PAGE(pa);
1949 PA_UNLOCK_COND(lockpa);
1955 * Grow the number of kernel L2 page table entries, if needed.
1958 pmap_growkernel(vm_offset_t addr)
1961 vm_paddr_t pt2pg_pa, pt2_pa;
1965 PDEBUG(1, printf("%s: addr = %#x\n", __func__, addr));
1967 * All the time kernel_vm_end is first KVA for which underlying
1968 * L2 page table is either not allocated or linked from L1 page table
1969 * (not considering sections). Except for two possible cases:
1971 * (1) in the very beginning as long as pmap_growkernel() was
1972 * not called, it could be first unused KVA (which is not
1973 * rounded up to PTE1_SIZE),
1975 * (2) when all KVA space is mapped and kernel_map->max_offset
1976 * address is not rounded up to PTE1_SIZE. (For example,
1977 * it could be 0xFFFFFFFF.)
1979 kernel_vm_end = pte1_roundup(kernel_vm_end);
1980 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1981 addr = roundup2(addr, PTE1_SIZE);
1982 if (addr - 1 >= kernel_map->max_offset)
1983 addr = kernel_map->max_offset;
1984 while (kernel_vm_end < addr) {
1985 pte1 = pte1_load(kern_pte1(kernel_vm_end));
1986 if (pte1_is_valid(pte1)) {
1987 kernel_vm_end += PTE1_SIZE;
1988 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1989 kernel_vm_end = kernel_map->max_offset;
1996 * kernel_vm_end_new is used in pmap_pinit() when kernel
1997 * mappings are entered to new pmap all at once to avoid race
1998 * between pmap_kenter_pte1() and kernel_vm_end increase.
1999 * The same aplies to pmap_kenter_pt2tab().
2001 kernel_vm_end_new = kernel_vm_end + PTE1_SIZE;
2003 pte2 = pt2tab_load(kern_pt2tab_entry(kernel_vm_end));
2004 if (!pte2_is_valid(pte2)) {
2006 * Install new PT2s page into kernel PT2TAB.
2008 m = vm_page_alloc(NULL,
2009 pte1_index(kernel_vm_end) & ~PT2PG_MASK,
2010 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
2011 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2013 panic("%s: no memory to grow kernel", __func__);
2015 * QQQ: To link all new L2 page tables from L1 page
2016 * table now and so pmap_kenter_pte1() them
2017 * at once together with pmap_kenter_pt2tab()
2018 * could be nice speed up. However,
2019 * pmap_growkernel() does not happen so often...
2020 * QQQ: The other TTBR is another option.
2022 pt2pg_pa = pmap_pt2pg_init(kernel_pmap, kernel_vm_end,
2025 pt2pg_pa = pte2_pa(pte2);
2027 pt2_pa = page_pt2pa(pt2pg_pa, pte1_index(kernel_vm_end));
2028 pmap_kenter_pte1(kernel_vm_end, PTE1_LINK(pt2_pa));
2030 kernel_vm_end = kernel_vm_end_new;
2031 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
2032 kernel_vm_end = kernel_map->max_offset;
2039 kvm_size(SYSCTL_HANDLER_ARGS)
2041 unsigned long ksize = vm_max_kernel_address - KERNBASE;
2043 return (sysctl_handle_long(oidp, &ksize, 0, req));
2045 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
2046 0, 0, kvm_size, "IU", "Size of KVM");
2049 kvm_free(SYSCTL_HANDLER_ARGS)
2051 unsigned long kfree = vm_max_kernel_address - kernel_vm_end;
2053 return (sysctl_handle_long(oidp, &kfree, 0, req));
2055 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
2056 0, 0, kvm_free, "IU", "Amount of KVM free");
2058 /***********************************************
2060 * Pmap allocation/deallocation routines.
2062 ***********************************************/
2065 * Initialize the pmap for the swapper process.
2068 pmap_pinit0(pmap_t pmap)
2070 PDEBUG(1, printf("%s: pmap = %p\n", __func__, pmap));
2072 PMAP_LOCK_INIT(pmap);
2075 * Kernel page table directory and pmap stuff around is already
2076 * initialized, we are using it right now and here. So, finish
2077 * only PMAP structures initialization for process0 ...
2079 * Since the L1 page table and PT2TAB is shared with the kernel pmap,
2080 * which is already included in the list "allpmaps", this pmap does
2081 * not need to be inserted into that list.
2083 pmap->pm_pt1 = kern_pt1;
2084 pmap->pm_pt2tab = kern_pt2tab;
2085 CPU_ZERO(&pmap->pm_active);
2086 PCPU_SET(curpmap, pmap);
2087 TAILQ_INIT(&pmap->pm_pvchunk);
2088 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
2089 CPU_SET(0, &pmap->pm_active);
2092 static __inline void
2093 pte1_copy_nosync(pt1_entry_t *spte1p, pt1_entry_t *dpte1p, vm_offset_t sva,
2098 idx = pte1_index(sva);
2099 count = (pte1_index(eva) - idx + 1) * sizeof(pt1_entry_t);
2100 bcopy(spte1p + idx, dpte1p + idx, count);
2103 static __inline void
2104 pt2tab_copy_nosync(pt2_entry_t *spte2p, pt2_entry_t *dpte2p, vm_offset_t sva,
2109 idx = pt2tab_index(sva);
2110 count = (pt2tab_index(eva) - idx + 1) * sizeof(pt2_entry_t);
2111 bcopy(spte2p + idx, dpte2p + idx, count);
2115 * Initialize a preallocated and zeroed pmap structure,
2116 * such as one in a vmspace structure.
2119 pmap_pinit(pmap_t pmap)
2123 vm_paddr_t pa, pt2tab_pa;
2126 PDEBUG(6, printf("%s: pmap = %p, pm_pt1 = %p\n", __func__, pmap,
2130 * No need to allocate L2 page table space yet but we do need
2131 * a valid L1 page table and PT2TAB table.
2133 * Install shared kernel mappings to these tables. It's a little
2134 * tricky as some parts of KVA are reserved for vectors, devices,
2135 * and whatever else. These parts are supposed to be above
2136 * vm_max_kernel_address. Thus two regions should be installed:
2138 * (1) <KERNBASE, kernel_vm_end),
2139 * (2) <vm_max_kernel_address, 0xFFFFFFFF>.
2141 * QQQ: The second region should be stable enough to be installed
2142 * only once in time when the tables are allocated.
2143 * QQQ: Maybe copy of both regions at once could be faster ...
2144 * QQQ: Maybe the other TTBR is an option.
2146 * Finally, install own PT2TAB table to these tables.
2149 if (pmap->pm_pt1 == NULL) {
2150 pmap->pm_pt1 = (pt1_entry_t *)kmem_alloc_contig(kernel_arena,
2151 NB_IN_PT1, M_NOWAIT | M_ZERO, 0, -1UL, NB_IN_PT1, 0,
2153 if (pmap->pm_pt1 == NULL)
2156 if (pmap->pm_pt2tab == NULL) {
2158 * QQQ: (1) PT2TAB must be contiguous. If PT2TAB is one page
2159 * only, what should be the only size for 32 bit systems,
2160 * then we could allocate it with vm_page_alloc() and all
2161 * the stuff needed as other L2 page table pages.
2162 * (2) Note that a process PT2TAB is special L2 page table
2163 * page. Its mapping in kernel_arena is permanent and can
2164 * be used no matter which process is current. Its mapping
2165 * in PT2MAP can be used only for current process.
2167 pmap->pm_pt2tab = (pt2_entry_t *)kmem_alloc_attr(kernel_arena,
2168 NB_IN_PT2TAB, M_NOWAIT | M_ZERO, 0, -1UL, pt_memattr);
2169 if (pmap->pm_pt2tab == NULL) {
2171 * QQQ: As struct pmap is allocated from UMA with
2172 * UMA_ZONE_NOFREE flag, it's important to leave
2173 * no allocation in pmap if initialization failed.
2175 kmem_free(kernel_arena, (vm_offset_t)pmap->pm_pt1,
2177 pmap->pm_pt1 = NULL;
2181 * QQQ: Each L2 page table page vm_page_t has pindex set to
2182 * pte1 index of virtual address mapped by this page.
2183 * It's not valid for non kernel PT2TABs themselves.
2184 * The pindex of these pages can not be altered because
2185 * of the way how they are allocated now. However, it
2186 * should not be a problem.
2190 mtx_lock_spin(&allpmaps_lock);
2192 * To avoid race with pmap_kenter_pte1() and pmap_kenter_pt2tab(),
2193 * kernel_vm_end_new is used here instead of kernel_vm_end.
2195 pte1_copy_nosync(kern_pt1, pmap->pm_pt1, KERNBASE,
2196 kernel_vm_end_new - 1);
2197 pte1_copy_nosync(kern_pt1, pmap->pm_pt1, vm_max_kernel_address,
2199 pt2tab_copy_nosync(kern_pt2tab, pmap->pm_pt2tab, KERNBASE,
2200 kernel_vm_end_new - 1);
2201 pt2tab_copy_nosync(kern_pt2tab, pmap->pm_pt2tab, vm_max_kernel_address,
2203 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
2204 mtx_unlock_spin(&allpmaps_lock);
2207 * Store PT2MAP PT2 pages (a.k.a. PT2TAB) in PT2TAB itself.
2208 * I.e. self reference mapping. The PT2TAB is private, however mapped
2209 * into shared PT2MAP space, so the mapping should be not global.
2211 pt2tab_pa = vtophys(pmap->pm_pt2tab);
2212 pte2p = pmap_pt2tab_entry(pmap, (vm_offset_t)PT2MAP);
2213 for (pa = pt2tab_pa, i = 0; i < NPG_IN_PT2TAB; i++, pa += PTE2_SIZE) {
2214 pt2tab_store(pte2p++, PTE2_KPT_NG(pa));
2217 /* Insert PT2MAP PT2s into pmap PT1. */
2218 pte1p = pmap_pte1(pmap, (vm_offset_t)PT2MAP);
2219 for (pa = pt2tab_pa, i = 0; i < NPT2_IN_PT2TAB; i++, pa += NB_IN_PT2) {
2220 pte1_store(pte1p++, PTE1_LINK(pa));
2224 * Now synchronize new mapping which was made above.
2226 pte1_sync_range(pmap->pm_pt1, NB_IN_PT1);
2227 pte2_sync_range(pmap->pm_pt2tab, NB_IN_PT2TAB);
2229 CPU_ZERO(&pmap->pm_active);
2230 TAILQ_INIT(&pmap->pm_pvchunk);
2231 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
2238 pt2tab_user_is_empty(pt2_entry_t *tab)
2242 end = pt2tab_index(VM_MAXUSER_ADDRESS);
2243 for (i = 0; i < end; i++)
2244 if (tab[i] != 0) return (FALSE);
2249 * Release any resources held by the given physical map.
2250 * Called when a pmap initialized by pmap_pinit is being released.
2251 * Should only be called if the map contains no valid mappings.
2254 pmap_release(pmap_t pmap)
2257 vm_offset_t start, end;
2259 KASSERT(pmap->pm_stats.resident_count == 0,
2260 ("%s: pmap resident count %ld != 0", __func__,
2261 pmap->pm_stats.resident_count));
2262 KASSERT(pt2tab_user_is_empty(pmap->pm_pt2tab),
2263 ("%s: has allocated user PT2(s)", __func__));
2264 KASSERT(CPU_EMPTY(&pmap->pm_active),
2265 ("%s: pmap %p is active on some CPU(s)", __func__, pmap));
2267 mtx_lock_spin(&allpmaps_lock);
2268 LIST_REMOVE(pmap, pm_list);
2269 mtx_unlock_spin(&allpmaps_lock);
2272 start = pte1_index(KERNBASE) * sizeof(pt1_entry_t);
2273 end = (pte1_index(0xFFFFFFFF) + 1) * sizeof(pt1_entry_t);
2274 bzero((char *)pmap->pm_pt1 + start, end - start);
2276 start = pt2tab_index(KERNBASE) * sizeof(pt2_entry_t);
2277 end = (pt2tab_index(0xFFFFFFFF) + 1) * sizeof(pt2_entry_t);
2278 bzero((char *)pmap->pm_pt2tab + start, end - start);
2281 * We are leaving PT1 and PT2TAB allocated on released pmap,
2282 * so hopefully UMA vmspace_zone will always be inited with
2283 * UMA_ZONE_NOFREE flag.
2287 /*********************************************************
2289 * L2 table pages and their pages management routines.
2291 *********************************************************/
2294 * Virtual interface for L2 page table wire counting.
2296 * Each L2 page table in a page has own counter which counts a number of
2297 * valid mappings in a table. Global page counter counts mappings in all
2298 * tables in a page plus a single itself mapping in PT2TAB.
2300 * During a promotion we leave the associated L2 page table counter
2301 * untouched, so the table (strictly speaking a page which holds it)
2302 * is never freed if promoted.
2304 * If a page m->wire_count == 1 then no valid mappings exist in any L2 page
2305 * table in the page and the page itself is only mapped in PT2TAB.
2308 static __inline void
2309 pt2_wirecount_init(vm_page_t m)
2314 * Note: A page m is allocated with VM_ALLOC_WIRED flag and
2315 * m->wire_count should be already set correctly.
2316 * So, there is no need to set it again herein.
2318 for (i = 0; i < NPT2_IN_PG; i++)
2319 m->md.pt2_wirecount[i] = 0;
2322 static __inline void
2323 pt2_wirecount_inc(vm_page_t m, uint32_t pte1_idx)
2327 * Note: A just modificated pte2 (i.e. already allocated)
2328 * is acquiring one extra reference which must be
2329 * explicitly cleared. It influences the KASSERTs herein.
2330 * All L2 page tables in a page always belong to the same
2331 * pmap, so we allow only one extra reference for the page.
2333 KASSERT(m->md.pt2_wirecount[pte1_idx & PT2PG_MASK] < (NPTE2_IN_PT2 + 1),
2334 ("%s: PT2 is overflowing ...", __func__));
2335 KASSERT(m->wire_count <= (NPTE2_IN_PG + 1),
2336 ("%s: PT2PG is overflowing ...", __func__));
2339 m->md.pt2_wirecount[pte1_idx & PT2PG_MASK]++;
2342 static __inline void
2343 pt2_wirecount_dec(vm_page_t m, uint32_t pte1_idx)
2346 KASSERT(m->md.pt2_wirecount[pte1_idx & PT2PG_MASK] != 0,
2347 ("%s: PT2 is underflowing ...", __func__));
2348 KASSERT(m->wire_count > 1,
2349 ("%s: PT2PG is underflowing ...", __func__));
2352 m->md.pt2_wirecount[pte1_idx & PT2PG_MASK]--;
2355 static __inline void
2356 pt2_wirecount_set(vm_page_t m, uint32_t pte1_idx, uint16_t count)
2359 KASSERT(count <= NPTE2_IN_PT2,
2360 ("%s: invalid count %u", __func__, count));
2361 KASSERT(m->wire_count > m->md.pt2_wirecount[pte1_idx & PT2PG_MASK],
2362 ("%s: PT2PG corrupting (%u, %u) ...", __func__, m->wire_count,
2363 m->md.pt2_wirecount[pte1_idx & PT2PG_MASK]));
2365 m->wire_count -= m->md.pt2_wirecount[pte1_idx & PT2PG_MASK];
2366 m->wire_count += count;
2367 m->md.pt2_wirecount[pte1_idx & PT2PG_MASK] = count;
2369 KASSERT(m->wire_count <= (NPTE2_IN_PG + 1),
2370 ("%s: PT2PG is overflowed (%u) ...", __func__, m->wire_count));
2373 static __inline uint32_t
2374 pt2_wirecount_get(vm_page_t m, uint32_t pte1_idx)
2377 return (m->md.pt2_wirecount[pte1_idx & PT2PG_MASK]);
2380 static __inline boolean_t
2381 pt2_is_empty(vm_page_t m, vm_offset_t va)
2384 return (m->md.pt2_wirecount[pte1_index(va) & PT2PG_MASK] == 0);
2387 static __inline boolean_t
2388 pt2_is_full(vm_page_t m, vm_offset_t va)
2391 return (m->md.pt2_wirecount[pte1_index(va) & PT2PG_MASK] ==
2395 static __inline boolean_t
2396 pt2pg_is_empty(vm_page_t m)
2399 return (m->wire_count == 1);
2403 * This routine is called if the L2 page table
2404 * is not mapped correctly.
2407 _pmap_allocpte2(pmap_t pmap, vm_offset_t va, u_int flags)
2413 vm_paddr_t pt2pg_pa, pt2_pa;
2415 pte1_idx = pte1_index(va);
2416 pte1p = pmap->pm_pt1 + pte1_idx;
2418 KASSERT(pte1_load(pte1p) == 0,
2419 ("%s: pm_pt1[%#x] is not zero: %#x", __func__, pte1_idx,
2422 pte2 = pt2tab_load(pmap_pt2tab_entry(pmap, va));
2423 if (!pte2_is_valid(pte2)) {
2425 * Install new PT2s page into pmap PT2TAB.
2427 m = vm_page_alloc(NULL, pte1_idx & ~PT2PG_MASK,
2428 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2430 if ((flags & PMAP_ENTER_NOSLEEP) == 0) {
2432 rw_wunlock(&pvh_global_lock);
2434 rw_wlock(&pvh_global_lock);
2439 * Indicate the need to retry. While waiting,
2440 * the L2 page table page may have been allocated.
2444 pmap->pm_stats.resident_count++;
2445 pt2pg_pa = pmap_pt2pg_init(pmap, va, m);
2447 pt2pg_pa = pte2_pa(pte2);
2448 m = PHYS_TO_VM_PAGE(pt2pg_pa);
2451 pt2_wirecount_inc(m, pte1_idx);
2452 pt2_pa = page_pt2pa(pt2pg_pa, pte1_idx);
2453 pte1_store(pte1p, PTE1_LINK(pt2_pa));
2459 pmap_allocpte2(pmap_t pmap, vm_offset_t va, u_int flags)
2462 pt1_entry_t *pte1p, pte1;
2465 pte1_idx = pte1_index(va);
2467 pte1p = pmap->pm_pt1 + pte1_idx;
2468 pte1 = pte1_load(pte1p);
2471 * This supports switching from a 1MB page to a
2474 if (pte1_is_section(pte1)) {
2475 (void)pmap_demote_pte1(pmap, pte1p, va);
2477 * Reload pte1 after demotion.
2479 * Note: Demotion can even fail as either PT2 is not find for
2480 * the virtual address or PT2PG can not be allocated.
2482 pte1 = pte1_load(pte1p);
2486 * If the L2 page table page is mapped, we just increment the
2487 * hold count, and activate it.
2489 if (pte1_is_link(pte1)) {
2490 m = PHYS_TO_VM_PAGE(pte1_link_pa(pte1));
2491 pt2_wirecount_inc(m, pte1_idx);
2494 * Here if the PT2 isn't mapped, or if it has
2497 m = _pmap_allocpte2(pmap, va, flags);
2498 if (m == NULL && (flags & PMAP_ENTER_NOSLEEP) == 0)
2505 static __inline void
2506 pmap_free_zero_pages(struct spglist *free)
2510 while ((m = SLIST_FIRST(free)) != NULL) {
2511 SLIST_REMOVE_HEAD(free, plinks.s.ss);
2512 /* Preserve the page's PG_ZERO setting. */
2513 vm_page_free_toq(m);
2518 * Schedule the specified unused L2 page table page to be freed. Specifically,
2519 * add the page to the specified list of pages that will be released to the
2520 * physical memory manager after the TLB has been updated.
2522 static __inline void
2523 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free)
2527 * Put page on a list so that it is released after
2528 * *ALL* TLB shootdown is done
2531 pmap_zero_page_check(m);
2533 m->flags |= PG_ZERO;
2534 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
2538 * Unwire L2 page tables page.
2541 pmap_unwire_pt2pg(pmap_t pmap, vm_offset_t va, vm_page_t m)
2543 pt1_entry_t *pte1p, opte1 __unused;
2547 KASSERT(pt2pg_is_empty(m),
2548 ("%s: pmap %p PT2PG %p wired", __func__, pmap, m));
2551 * Unmap all L2 page tables in the page from L1 page table.
2553 * QQQ: Individual L2 page tables (except the last one) can be unmapped
2554 * earlier. However, we are doing that this way.
2556 KASSERT(m->pindex == (pte1_index(va) & ~PT2PG_MASK),
2557 ("%s: pmap %p va %#x PT2PG %p bad index", __func__, pmap, va, m));
2558 pte1p = pmap->pm_pt1 + m->pindex;
2559 for (i = 0; i < NPT2_IN_PG; i++, pte1p++) {
2560 KASSERT(m->md.pt2_wirecount[i] == 0,
2561 ("%s: pmap %p PT2 %u (PG %p) wired", __func__, pmap, i, m));
2562 opte1 = pte1_load(pte1p);
2563 if (pte1_is_link(opte1)) {
2566 * Flush intermediate TLB cache.
2568 pmap_tlb_flush(pmap, (m->pindex + i) << PTE1_SHIFT);
2572 KASSERT((opte1 == 0) || pte1_is_section(opte1),
2573 ("%s: pmap %p va %#x bad pte1 %x at %u", __func__,
2574 pmap, va, opte1, i));
2579 * Unmap the page from PT2TAB.
2581 pte2p = pmap_pt2tab_entry(pmap, va);
2582 (void)pt2tab_load_clear(pte2p);
2583 pmap_tlb_flush(pmap, pt2map_pt2pg(va));
2586 pmap->pm_stats.resident_count--;
2589 * This is a release store so that the ordinary store unmapping
2590 * the L2 page table page is globally performed before TLB shoot-
2593 atomic_subtract_rel_int(&vm_cnt.v_wire_count, 1);
2597 * Decrements a L2 page table page's wire count, which is used to record the
2598 * number of valid page table entries within the page. If the wire count
2599 * drops to zero, then the page table page is unmapped. Returns TRUE if the
2600 * page table page was unmapped and FALSE otherwise.
2602 static __inline boolean_t
2603 pmap_unwire_pt2(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
2605 pt2_wirecount_dec(m, pte1_index(va));
2606 if (pt2pg_is_empty(m)) {
2608 * QQQ: Wire count is zero, so whole page should be zero and
2609 * we can set PG_ZERO flag to it.
2610 * Note that when promotion is enabled, it takes some
2611 * more efforts. See pmap_unwire_pt2_all() below.
2613 pmap_unwire_pt2pg(pmap, va, m);
2614 pmap_add_delayed_free_list(m, free);
2621 * Drop a L2 page table page's wire count at once, which is used to record
2622 * the number of valid L2 page table entries within the page. If the wire
2623 * count drops to zero, then the L2 page table page is unmapped.
2625 static __inline void
2626 pmap_unwire_pt2_all(pmap_t pmap, vm_offset_t va, vm_page_t m,
2627 struct spglist *free)
2629 u_int pte1_idx = pte1_index(va);
2631 KASSERT(m->pindex == (pte1_idx & ~PT2PG_MASK),
2632 ("%s: PT2 page's pindex is wrong", __func__));
2633 KASSERT(m->wire_count > pt2_wirecount_get(m, pte1_idx),
2634 ("%s: bad pt2 wire count %u > %u", __func__, m->wire_count,
2635 pt2_wirecount_get(m, pte1_idx)));
2638 * It's possible that the L2 page table was never used.
2639 * It happened in case that a section was created without promotion.
2641 if (pt2_is_full(m, va)) {
2642 pt2_wirecount_set(m, pte1_idx, 0);
2645 * QQQ: We clear L2 page table now, so when L2 page table page
2646 * is going to be freed, we can set it PG_ZERO flag ...
2647 * This function is called only on section mappings, so
2648 * hopefully it's not to big overload.
2650 * XXX: If pmap is current, existing PT2MAP mapping could be
2653 pmap_zero_page_area(m, page_pt2off(pte1_idx), NB_IN_PT2);
2657 KASSERT(pt2_is_empty(m, va), ("%s: PT2 is not empty (%u)",
2658 __func__, pt2_wirecount_get(m, pte1_idx)));
2660 if (pt2pg_is_empty(m)) {
2661 pmap_unwire_pt2pg(pmap, va, m);
2662 pmap_add_delayed_free_list(m, free);
2667 * After removing a L2 page table entry, this routine is used to
2668 * conditionally free the page, and manage the hold/wire counts.
2671 pmap_unuse_pt2(pmap_t pmap, vm_offset_t va, struct spglist *free)
2676 if (va >= VM_MAXUSER_ADDRESS)
2678 pte1 = pte1_load(pmap_pte1(pmap, va));
2679 mpte = PHYS_TO_VM_PAGE(pte1_link_pa(pte1));
2680 return (pmap_unwire_pt2(pmap, va, mpte, free));
2683 /*************************************
2685 * Page management routines.
2687 *************************************/
2689 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2690 CTASSERT(_NPCM == 11);
2691 CTASSERT(_NPCPV == 336);
2693 static __inline struct pv_chunk *
2694 pv_to_chunk(pv_entry_t pv)
2697 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2700 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2702 #define PC_FREE0_9 0xfffffffful /* Free values for index 0 through 9 */
2703 #define PC_FREE10 0x0000fffful /* Free values for index 10 */
2705 static const uint32_t pc_freemask[_NPCM] = {
2706 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2707 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2708 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2709 PC_FREE0_9, PC_FREE10
2712 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2713 "Current number of pv entries");
2716 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2718 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2719 "Current number of pv entry chunks");
2720 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2721 "Current number of pv entry chunks allocated");
2722 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2723 "Current number of pv entry chunks frees");
2724 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail,
2725 0, "Number of times tried to get a chunk page but failed.");
2727 static long pv_entry_frees, pv_entry_allocs;
2728 static int pv_entry_spare;
2730 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2731 "Current number of pv entry frees");
2732 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs,
2733 0, "Current number of pv entry allocs");
2734 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2735 "Current number of spare pv entries");
2739 * Is given page managed?
2741 static __inline boolean_t
2742 is_managed(vm_paddr_t pa)
2748 if (pgnum >= first_page) {
2749 m = PHYS_TO_VM_PAGE(pa);
2752 if ((m->oflags & VPO_UNMANAGED) == 0)
2758 static __inline boolean_t
2759 pte1_is_managed(pt1_entry_t pte1)
2762 return (is_managed(pte1_pa(pte1)));
2765 static __inline boolean_t
2766 pte2_is_managed(pt2_entry_t pte2)
2769 return (is_managed(pte2_pa(pte2)));
2773 * We are in a serious low memory condition. Resort to
2774 * drastic measures to free some pages so we can allocate
2775 * another pv entry chunk.
2778 pmap_pv_reclaim(pmap_t locked_pmap)
2781 struct pv_chunk *pc;
2782 struct md_page *pvh;
2785 pt2_entry_t *pte2p, tpte2;
2789 struct spglist free;
2791 int bit, field, freed;
2793 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2797 TAILQ_INIT(&newtail);
2798 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && (pv_vafree == 0 ||
2799 SLIST_EMPTY(&free))) {
2800 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2801 if (pmap != pc->pc_pmap) {
2803 if (pmap != locked_pmap)
2807 /* Avoid deadlock and lock recursion. */
2808 if (pmap > locked_pmap)
2810 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap)) {
2812 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2818 * Destroy every non-wired, 4 KB page mapping in the chunk.
2821 for (field = 0; field < _NPCM; field++) {
2822 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2823 inuse != 0; inuse &= ~(1UL << bit)) {
2824 bit = ffs(inuse) - 1;
2825 pv = &pc->pc_pventry[field * 32 + bit];
2827 pte1p = pmap_pte1(pmap, va);
2828 if (pte1_is_section(pte1_load(pte1p)))
2830 pte2p = pmap_pte2(pmap, va);
2831 tpte2 = pte2_load(pte2p);
2832 if ((tpte2 & PTE2_W) == 0)
2833 tpte2 = pte2_load_clear(pte2p);
2834 pmap_pte2_release(pte2p);
2835 if ((tpte2 & PTE2_W) != 0)
2838 ("pmap_pv_reclaim: pmap %p va %#x zero pte",
2840 pmap_tlb_flush(pmap, va);
2841 m = PHYS_TO_VM_PAGE(pte2_pa(tpte2));
2842 if (pte2_is_dirty(tpte2))
2844 if ((tpte2 & PTE2_A) != 0)
2845 vm_page_aflag_set(m, PGA_REFERENCED);
2846 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2847 if (TAILQ_EMPTY(&m->md.pv_list) &&
2848 (m->flags & PG_FICTITIOUS) == 0) {
2849 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2850 if (TAILQ_EMPTY(&pvh->pv_list)) {
2851 vm_page_aflag_clear(m,
2855 pc->pc_map[field] |= 1UL << bit;
2856 pmap_unuse_pt2(pmap, va, &free);
2861 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2864 /* Every freed mapping is for a 4 KB page. */
2865 pmap->pm_stats.resident_count -= freed;
2866 PV_STAT(pv_entry_frees += freed);
2867 PV_STAT(pv_entry_spare += freed);
2868 pv_entry_count -= freed;
2869 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2870 for (field = 0; field < _NPCM; field++)
2871 if (pc->pc_map[field] != pc_freemask[field]) {
2872 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2874 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2877 * One freed pv entry in locked_pmap is
2880 if (pmap == locked_pmap)
2884 if (field == _NPCM) {
2885 PV_STAT(pv_entry_spare -= _NPCPV);
2886 PV_STAT(pc_chunk_count--);
2887 PV_STAT(pc_chunk_frees++);
2888 /* Entire chunk is free; return it. */
2889 m_pc = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2890 pmap_qremove((vm_offset_t)pc, 1);
2891 pmap_pte2list_free(&pv_vafree, (vm_offset_t)pc);
2896 TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru);
2898 if (pmap != locked_pmap)
2901 if (m_pc == NULL && pv_vafree != 0 && SLIST_EMPTY(&free)) {
2902 m_pc = SLIST_FIRST(&free);
2903 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
2904 /* Recycle a freed page table page. */
2905 m_pc->wire_count = 1;
2906 atomic_add_int(&vm_cnt.v_wire_count, 1);
2908 pmap_free_zero_pages(&free);
2913 free_pv_chunk(struct pv_chunk *pc)
2917 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2918 PV_STAT(pv_entry_spare -= _NPCPV);
2919 PV_STAT(pc_chunk_count--);
2920 PV_STAT(pc_chunk_frees++);
2921 /* entire chunk is free, return it */
2922 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2923 pmap_qremove((vm_offset_t)pc, 1);
2924 vm_page_unwire(m, PQ_NONE);
2926 pmap_pte2list_free(&pv_vafree, (vm_offset_t)pc);
2930 * Free the pv_entry back to the free list.
2933 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2935 struct pv_chunk *pc;
2936 int idx, field, bit;
2938 rw_assert(&pvh_global_lock, RA_WLOCKED);
2939 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2940 PV_STAT(pv_entry_frees++);
2941 PV_STAT(pv_entry_spare++);
2943 pc = pv_to_chunk(pv);
2944 idx = pv - &pc->pc_pventry[0];
2947 pc->pc_map[field] |= 1ul << bit;
2948 for (idx = 0; idx < _NPCM; idx++)
2949 if (pc->pc_map[idx] != pc_freemask[idx]) {
2951 * 98% of the time, pc is already at the head of the
2952 * list. If it isn't already, move it to the head.
2954 if (__predict_false(TAILQ_FIRST(&pmap->pm_pvchunk) !=
2956 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2957 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2962 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2967 * Get a new pv_entry, allocating a block from the system
2971 get_pv_entry(pmap_t pmap, boolean_t try)
2973 static const struct timeval printinterval = { 60, 0 };
2974 static struct timeval lastprint;
2977 struct pv_chunk *pc;
2980 rw_assert(&pvh_global_lock, RA_WLOCKED);
2981 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2982 PV_STAT(pv_entry_allocs++);
2984 if (pv_entry_count > pv_entry_high_water)
2985 if (ratecheck(&lastprint, &printinterval))
2986 printf("Approaching the limit on PV entries, consider "
2987 "increasing either the vm.pmap.shpgperproc or the "
2988 "vm.pmap.pv_entry_max tunable.\n");
2990 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2992 for (field = 0; field < _NPCM; field++) {
2993 if (pc->pc_map[field]) {
2994 bit = ffs(pc->pc_map[field]) - 1;
2998 if (field < _NPCM) {
2999 pv = &pc->pc_pventry[field * 32 + bit];
3000 pc->pc_map[field] &= ~(1ul << bit);
3001 /* If this was the last item, move it to tail */
3002 for (field = 0; field < _NPCM; field++)
3003 if (pc->pc_map[field] != 0) {
3004 PV_STAT(pv_entry_spare--);
3005 return (pv); /* not full, return */
3007 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3008 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
3009 PV_STAT(pv_entry_spare--);
3014 * Access to the pte2list "pv_vafree" is synchronized by the pvh
3015 * global lock. If "pv_vafree" is currently non-empty, it will
3016 * remain non-empty until pmap_pte2list_alloc() completes.
3018 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
3019 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
3022 PV_STAT(pc_chunk_tryfail++);
3025 m = pmap_pv_reclaim(pmap);
3029 PV_STAT(pc_chunk_count++);
3030 PV_STAT(pc_chunk_allocs++);
3031 pc = (struct pv_chunk *)pmap_pte2list_alloc(&pv_vafree);
3032 pmap_qenter((vm_offset_t)pc, &m, 1);
3034 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
3035 for (field = 1; field < _NPCM; field++)
3036 pc->pc_map[field] = pc_freemask[field];
3037 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
3038 pv = &pc->pc_pventry[0];
3039 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
3040 PV_STAT(pv_entry_spare += _NPCPV - 1);
3045 * Create a pv entry for page at pa for
3049 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
3053 rw_assert(&pvh_global_lock, RA_WLOCKED);
3054 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3055 pv = get_pv_entry(pmap, FALSE);
3057 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3060 static __inline pv_entry_t
3061 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
3065 rw_assert(&pvh_global_lock, RA_WLOCKED);
3066 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3067 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
3068 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
3076 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
3080 pv = pmap_pvh_remove(pvh, pmap, va);
3081 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
3082 free_pv_entry(pmap, pv);
3086 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
3088 struct md_page *pvh;
3090 rw_assert(&pvh_global_lock, RA_WLOCKED);
3091 pmap_pvh_free(&m->md, pmap, va);
3092 if (TAILQ_EMPTY(&m->md.pv_list) && (m->flags & PG_FICTITIOUS) == 0) {
3093 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3094 if (TAILQ_EMPTY(&pvh->pv_list))
3095 vm_page_aflag_clear(m, PGA_WRITEABLE);
3100 pmap_pv_demote_pte1(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3102 struct md_page *pvh;
3104 vm_offset_t va_last;
3107 rw_assert(&pvh_global_lock, RA_WLOCKED);
3108 KASSERT((pa & PTE1_OFFSET) == 0,
3109 ("pmap_pv_demote_pte1: pa is not 1mpage aligned"));
3112 * Transfer the 1mpage's pv entry for this mapping to the first
3115 pvh = pa_to_pvh(pa);
3116 va = pte1_trunc(va);
3117 pv = pmap_pvh_remove(pvh, pmap, va);
3118 KASSERT(pv != NULL, ("pmap_pv_demote_pte1: pv not found"));
3119 m = PHYS_TO_VM_PAGE(pa);
3120 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3121 /* Instantiate the remaining NPTE2_IN_PT2 - 1 pv entries. */
3122 va_last = va + PTE1_SIZE - PAGE_SIZE;
3125 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3126 ("pmap_pv_demote_pte1: page %p is not managed", m));
3128 pmap_insert_entry(pmap, va, m);
3129 } while (va < va_last);
3133 pmap_pv_promote_pte1(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3135 struct md_page *pvh;
3137 vm_offset_t va_last;
3140 rw_assert(&pvh_global_lock, RA_WLOCKED);
3141 KASSERT((pa & PTE1_OFFSET) == 0,
3142 ("pmap_pv_promote_pte1: pa is not 1mpage aligned"));
3145 * Transfer the first page's pv entry for this mapping to the
3146 * 1mpage's pv list. Aside from avoiding the cost of a call
3147 * to get_pv_entry(), a transfer avoids the possibility that
3148 * get_pv_entry() calls pmap_pv_reclaim() and that pmap_pv_reclaim()
3149 * removes one of the mappings that is being promoted.
3151 m = PHYS_TO_VM_PAGE(pa);
3152 va = pte1_trunc(va);
3153 pv = pmap_pvh_remove(&m->md, pmap, va);
3154 KASSERT(pv != NULL, ("pmap_pv_promote_pte1: pv not found"));
3155 pvh = pa_to_pvh(pa);
3156 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
3157 /* Free the remaining NPTE2_IN_PT2 - 1 pv entries. */
3158 va_last = va + PTE1_SIZE - PAGE_SIZE;
3162 pmap_pvh_free(&m->md, pmap, va);
3163 } while (va < va_last);
3167 * Conditionally create a pv entry.
3170 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
3174 rw_assert(&pvh_global_lock, RA_WLOCKED);
3175 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3176 if (pv_entry_count < pv_entry_high_water &&
3177 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
3179 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3186 * Create the pv entries for each of the pages within a section.
3189 pmap_pv_insert_pte1(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
3191 struct md_page *pvh;
3194 rw_assert(&pvh_global_lock, RA_WLOCKED);
3195 if (pv_entry_count < pv_entry_high_water &&
3196 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
3198 pvh = pa_to_pvh(pa);
3199 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
3206 pmap_tlb_flush_pte1(pmap_t pmap, vm_offset_t va, pt1_entry_t npte1)
3209 /* Kill all the small mappings or the big one only. */
3210 if (pte1_is_section(npte1))
3211 pmap_tlb_flush_range(pmap, pte1_trunc(va), PTE1_SIZE);
3213 pmap_tlb_flush(pmap, pte1_trunc(va));
3217 * Update kernel pte1 on all pmaps.
3219 * The following function is called only on one cpu with disabled interrupts.
3220 * In SMP case, smp_rendezvous_cpus() is used to stop other cpus. This way
3221 * nobody can invoke explicit hardware table walk during the update of pte1.
3222 * Unsolicited hardware table walk can still happen, invoked by speculative
3223 * data or instruction prefetch or even by speculative hardware table walk.
3225 * The break-before-make approach should be implemented here. However, it's
3226 * not so easy to do that for kernel mappings as it would be unhappy to unmap
3227 * itself unexpectedly but voluntarily.
3230 pmap_update_pte1_kernel(vm_offset_t va, pt1_entry_t npte1)
3236 * Get current pmap. Interrupts should be disabled here
3237 * so PCPU_GET() is done atomically.
3239 pmap = PCPU_GET(curpmap);
3244 * (1) Change pte1 on current pmap.
3245 * (2) Flush all obsolete TLB entries on current CPU.
3246 * (3) Change pte1 on all pmaps.
3247 * (4) Flush all obsolete TLB entries on all CPUs in SMP case.
3250 pte1p = pmap_pte1(pmap, va);
3251 pte1_store(pte1p, npte1);
3253 /* Kill all the small mappings or the big one only. */
3254 if (pte1_is_section(npte1)) {
3255 pmap_pte1_kern_promotions++;
3256 tlb_flush_range_local(pte1_trunc(va), PTE1_SIZE);
3258 pmap_pte1_kern_demotions++;
3259 tlb_flush_local(pte1_trunc(va));
3263 * In SMP case, this function is called when all cpus are at smp
3264 * rendezvous, so there is no need to use 'allpmaps_lock' lock here.
3265 * In UP case, the function is called with this lock locked.
3267 LIST_FOREACH(pmap, &allpmaps, pm_list) {
3268 pte1p = pmap_pte1(pmap, va);
3269 pte1_store(pte1p, npte1);
3273 /* Kill all the small mappings or the big one only. */
3274 if (pte1_is_section(npte1))
3275 tlb_flush_range(pte1_trunc(va), PTE1_SIZE);
3277 tlb_flush(pte1_trunc(va));
3282 struct pte1_action {
3285 u_int update; /* CPU that updates the PTE1 */
3289 pmap_update_pte1_action(void *arg)
3291 struct pte1_action *act = arg;
3293 if (act->update == PCPU_GET(cpuid))
3294 pmap_update_pte1_kernel(act->va, act->npte1);
3298 * Change pte1 on current pmap.
3299 * Note that kernel pte1 must be changed on all pmaps.
3301 * According to the architecture reference manual published by ARM,
3302 * the behaviour is UNPREDICTABLE when two or more TLB entries map the same VA.
3303 * According to this manual, UNPREDICTABLE behaviours must never happen in
3304 * a viable system. In contrast, on x86 processors, it is not specified which
3305 * TLB entry mapping the virtual address will be used, but the MMU doesn't
3306 * generate a bogus translation the way it does on Cortex-A8 rev 2 (Beaglebone
3309 * It's a problem when either promotion or demotion is being done. The pte1
3310 * update and appropriate TLB flush must be done atomically in general.
3313 pmap_change_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va,
3317 if (pmap == kernel_pmap) {
3318 struct pte1_action act;
3323 act.update = PCPU_GET(cpuid);
3324 smp_rendezvous_cpus(all_cpus, smp_no_rendevous_barrier,
3325 pmap_update_pte1_action, NULL, &act);
3331 * Use break-before-make approach for changing userland
3332 * mappings. It can cause L1 translation aborts on other
3333 * cores in SMP case. So, special treatment is implemented
3334 * in pmap_fault(). To reduce the likelihood that another core
3335 * will be affected by the broken mapping, disable interrupts
3336 * until the mapping change is completed.
3338 cspr = disable_interrupts(PSR_I | PSR_F);
3340 pmap_tlb_flush_pte1(pmap, va, npte1);
3341 pte1_store(pte1p, npte1);
3342 restore_interrupts(cspr);
3347 pmap_change_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va,
3351 if (pmap == kernel_pmap) {
3352 mtx_lock_spin(&allpmaps_lock);
3353 pmap_update_pte1_kernel(va, npte1);
3354 mtx_unlock_spin(&allpmaps_lock);
3359 * Use break-before-make approach for changing userland
3360 * mappings. It's absolutely safe in UP case when interrupts
3363 cspr = disable_interrupts(PSR_I | PSR_F);
3365 pmap_tlb_flush_pte1(pmap, va, npte1);
3366 pte1_store(pte1p, npte1);
3367 restore_interrupts(cspr);
3373 * Tries to promote the NPTE2_IN_PT2, contiguous 4KB page mappings that are
3374 * within a single page table page (PT2) to a single 1MB page mapping.
3375 * For promotion to occur, two conditions must be met: (1) the 4KB page
3376 * mappings must map aligned, contiguous physical memory and (2) the 4KB page
3377 * mappings must have identical characteristics.
3379 * Managed (PG_MANAGED) mappings within the kernel address space are not
3380 * promoted. The reason is that kernel PTE1s are replicated in each pmap but
3381 * pmap_remove_write(), pmap_clear_modify(), and pmap_clear_reference() only
3382 * read the PTE1 from the kernel pmap.
3385 pmap_promote_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va)
3388 pt2_entry_t *fpte2p, fpte2, fpte2_fav;
3389 pt2_entry_t *pte2p, pte2;
3390 vm_offset_t pteva __unused;
3391 vm_page_t m __unused;
3393 PDEBUG(6, printf("%s(%p): try for va %#x pte1 %#x at %p\n", __func__,
3394 pmap, va, pte1_load(pte1p), pte1p));
3396 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3399 * Examine the first PTE2 in the specified PT2. Abort if this PTE2 is
3400 * either invalid, unused, or does not map the first 4KB physical page
3401 * within a 1MB page.
3403 fpte2p = pmap_pte2_quick(pmap, pte1_trunc(va));
3404 fpte2 = pte2_load(fpte2p);
3405 if ((fpte2 & ((PTE2_FRAME & PTE1_OFFSET) | PTE2_A | PTE2_V)) !=
3406 (PTE2_A | PTE2_V)) {
3407 pmap_pte1_p_failures++;
3408 CTR3(KTR_PMAP, "%s: failure(1) for va %#x in pmap %p",
3409 __func__, va, pmap);
3412 if (pte2_is_managed(fpte2) && pmap == kernel_pmap) {
3413 pmap_pte1_p_failures++;
3414 CTR3(KTR_PMAP, "%s: failure(2) for va %#x in pmap %p",
3415 __func__, va, pmap);
3418 if ((fpte2 & (PTE2_NM | PTE2_RO)) == PTE2_NM) {
3420 * When page is not modified, PTE2_RO can be set without
3421 * a TLB invalidation.
3424 pte2_store(fpte2p, fpte2);
3428 * Examine each of the other PTE2s in the specified PT2. Abort if this
3429 * PTE2 maps an unexpected 4KB physical page or does not have identical
3430 * characteristics to the first PTE2.
3432 fpte2_fav = (fpte2 & (PTE2_FRAME | PTE2_A | PTE2_V));
3433 fpte2_fav += PTE1_SIZE - PTE2_SIZE; /* examine from the end */
3434 for (pte2p = fpte2p + NPTE2_IN_PT2 - 1; pte2p > fpte2p; pte2p--) {
3435 pte2 = pte2_load(pte2p);
3436 if ((pte2 & (PTE2_FRAME | PTE2_A | PTE2_V)) != fpte2_fav) {
3437 pmap_pte1_p_failures++;
3438 CTR3(KTR_PMAP, "%s: failure(3) for va %#x in pmap %p",
3439 __func__, va, pmap);
3442 if ((pte2 & (PTE2_NM | PTE2_RO)) == PTE2_NM) {
3444 * When page is not modified, PTE2_RO can be set
3445 * without a TLB invalidation. See note above.
3448 pte2_store(pte2p, pte2);
3449 pteva = pte1_trunc(va) | (pte2 & PTE1_OFFSET &
3451 CTR3(KTR_PMAP, "%s: protect for va %#x in pmap %p",
3452 __func__, pteva, pmap);
3454 if ((pte2 & PTE2_PROMOTE) != (fpte2 & PTE2_PROMOTE)) {
3455 pmap_pte1_p_failures++;
3456 CTR3(KTR_PMAP, "%s: failure(4) for va %#x in pmap %p",
3457 __func__, va, pmap);
3461 fpte2_fav -= PTE2_SIZE;
3464 * The page table page in its current state will stay in PT2TAB
3465 * until the PTE1 mapping the section is demoted by pmap_demote_pte1()
3466 * or destroyed by pmap_remove_pte1().
3468 * Note that L2 page table size is not equal to PAGE_SIZE.
3470 m = PHYS_TO_VM_PAGE(trunc_page(pte1_link_pa(pte1_load(pte1p))));
3471 KASSERT(m >= vm_page_array && m < &vm_page_array[vm_page_array_size],
3472 ("%s: PT2 page is out of range", __func__));
3473 KASSERT(m->pindex == (pte1_index(va) & ~PT2PG_MASK),
3474 ("%s: PT2 page's pindex is wrong", __func__));
3477 * Get pte1 from pte2 format.
3479 npte1 = (fpte2 & PTE1_FRAME) | ATTR_TO_L1(fpte2) | PTE1_V;
3482 * Promote the pv entries.
3484 if (pte2_is_managed(fpte2))
3485 pmap_pv_promote_pte1(pmap, va, pte1_pa(npte1));
3488 * Promote the mappings.
3490 pmap_change_pte1(pmap, pte1p, va, npte1);
3492 pmap_pte1_promotions++;
3493 CTR3(KTR_PMAP, "%s: success for va %#x in pmap %p",
3494 __func__, va, pmap);
3496 PDEBUG(6, printf("%s(%p): success for va %#x pte1 %#x(%#x) at %p\n",
3497 __func__, pmap, va, npte1, pte1_load(pte1p), pte1p));
3501 * Zero L2 page table page.
3503 static __inline void
3504 pmap_clear_pt2(pt2_entry_t *fpte2p)
3508 for (pte2p = fpte2p; pte2p < fpte2p + NPTE2_IN_PT2; pte2p++)
3514 * Removes a 1MB page mapping from the kernel pmap.
3517 pmap_remove_kernel_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va)
3521 pt2_entry_t *fpte2p;
3524 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3525 m = pmap_pt2_page(pmap, va);
3528 * QQQ: Is this function called only on promoted pte1?
3529 * We certainly do section mappings directly
3530 * (without promotion) in kernel !!!
3532 panic("%s: missing pt2 page", __func__);
3534 pte1_idx = pte1_index(va);
3537 * Initialize the L2 page table.
3539 fpte2p = page_pt2(pt2map_pt2pg(va), pte1_idx);
3540 pmap_clear_pt2(fpte2p);
3543 * Remove the mapping.
3545 pt2_pa = page_pt2pa(VM_PAGE_TO_PHYS(m), pte1_idx);
3546 pmap_kenter_pte1(va, PTE1_LINK(pt2_pa));
3549 * QQQ: We do not need to invalidate PT2MAP mapping
3550 * as we did not change it. I.e. the L2 page table page
3551 * was and still is mapped the same way.
3556 * Do the things to unmap a section in a process
3559 pmap_remove_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t sva,
3560 struct spglist *free)
3563 struct md_page *pvh;
3564 vm_offset_t eva, va;
3567 PDEBUG(6, printf("%s(%p): va %#x pte1 %#x at %p\n", __func__, pmap, sva,
3568 pte1_load(pte1p), pte1p));
3570 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3571 KASSERT((sva & PTE1_OFFSET) == 0,
3572 ("%s: sva is not 1mpage aligned", __func__));
3575 * Clear and invalidate the mapping. It should occupy one and only TLB
3576 * entry. So, pmap_tlb_flush() called with aligned address should be
3579 opte1 = pte1_load_clear(pte1p);
3580 pmap_tlb_flush(pmap, sva);
3582 if (pte1_is_wired(opte1))
3583 pmap->pm_stats.wired_count -= PTE1_SIZE / PAGE_SIZE;
3584 pmap->pm_stats.resident_count -= PTE1_SIZE / PAGE_SIZE;
3585 if (pte1_is_managed(opte1)) {
3586 pvh = pa_to_pvh(pte1_pa(opte1));
3587 pmap_pvh_free(pvh, pmap, sva);
3588 eva = sva + PTE1_SIZE;
3589 for (va = sva, m = PHYS_TO_VM_PAGE(pte1_pa(opte1));
3590 va < eva; va += PAGE_SIZE, m++) {
3591 if (pte1_is_dirty(opte1))
3594 vm_page_aflag_set(m, PGA_REFERENCED);
3595 if (TAILQ_EMPTY(&m->md.pv_list) &&
3596 TAILQ_EMPTY(&pvh->pv_list))
3597 vm_page_aflag_clear(m, PGA_WRITEABLE);
3600 if (pmap == kernel_pmap) {
3602 * L2 page table(s) can't be removed from kernel map as
3603 * kernel counts on it (stuff around pmap_growkernel()).
3605 pmap_remove_kernel_pte1(pmap, pte1p, sva);
3608 * Get associated L2 page table page.
3609 * It's possible that the page was never allocated.
3611 m = pmap_pt2_page(pmap, sva);
3613 pmap_unwire_pt2_all(pmap, sva, m, free);
3618 * Fills L2 page table page with mappings to consecutive physical pages.
3620 static __inline void
3621 pmap_fill_pt2(pt2_entry_t *fpte2p, pt2_entry_t npte2)
3625 for (pte2p = fpte2p; pte2p < fpte2p + NPTE2_IN_PT2; pte2p++) {
3626 pte2_store(pte2p, npte2);
3632 * Tries to demote a 1MB page mapping. If demotion fails, the
3633 * 1MB page mapping is invalidated.
3636 pmap_demote_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va)
3638 pt1_entry_t opte1, npte1;
3639 pt2_entry_t *fpte2p, npte2;
3640 vm_paddr_t pt2pg_pa, pt2_pa;
3642 struct spglist free;
3643 uint32_t pte1_idx, isnew = 0;
3645 PDEBUG(6, printf("%s(%p): try for va %#x pte1 %#x at %p\n", __func__,
3646 pmap, va, pte1_load(pte1p), pte1p));
3648 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3650 opte1 = pte1_load(pte1p);
3651 KASSERT(pte1_is_section(opte1), ("%s: opte1 not a section", __func__));
3653 if ((opte1 & PTE1_A) == 0 || (m = pmap_pt2_page(pmap, va)) == NULL) {
3654 KASSERT(!pte1_is_wired(opte1),
3655 ("%s: PT2 page for a wired mapping is missing", __func__));
3658 * Invalidate the 1MB page mapping and return
3659 * "failure" if the mapping was never accessed or the
3660 * allocation of the new page table page fails.
3662 if ((opte1 & PTE1_A) == 0 || (m = vm_page_alloc(NULL,
3663 pte1_index(va) & ~PT2PG_MASK, VM_ALLOC_NOOBJ |
3664 VM_ALLOC_NORMAL | VM_ALLOC_WIRED)) == NULL) {
3666 pmap_remove_pte1(pmap, pte1p, pte1_trunc(va), &free);
3667 pmap_free_zero_pages(&free);
3668 CTR3(KTR_PMAP, "%s: failure for va %#x in pmap %p",
3669 __func__, va, pmap);
3672 if (va < VM_MAXUSER_ADDRESS)
3673 pmap->pm_stats.resident_count++;
3678 * We init all L2 page tables in the page even if
3679 * we are going to change everything for one L2 page
3682 pt2pg_pa = pmap_pt2pg_init(pmap, va, m);
3684 if (va < VM_MAXUSER_ADDRESS) {
3685 if (pt2_is_empty(m, va))
3686 isnew = 1; /* Demoting section w/o promotion. */
3689 KASSERT(pt2_is_full(m, va), ("%s: bad PT2 wire"
3690 " count %u", __func__,
3691 pt2_wirecount_get(m, pte1_index(va))));
3696 pt2pg_pa = VM_PAGE_TO_PHYS(m);
3697 pte1_idx = pte1_index(va);
3699 * If the pmap is current, then the PT2MAP can provide access to
3700 * the page table page (promoted L2 page tables are not unmapped).
3701 * Otherwise, temporarily map the L2 page table page (m) into
3702 * the kernel's address space at either PADDR1 or PADDR2.
3704 * Note that L2 page table size is not equal to PAGE_SIZE.
3706 if (pmap_is_current(pmap))
3707 fpte2p = page_pt2(pt2map_pt2pg(va), pte1_idx);
3708 else if (curthread->td_pinned > 0 && rw_wowned(&pvh_global_lock)) {
3709 if (pte2_pa(pte2_load(PMAP1)) != pt2pg_pa) {
3710 pte2_store(PMAP1, PTE2_KPT(pt2pg_pa));
3712 PMAP1cpu = PCPU_GET(cpuid);
3714 tlb_flush_local((vm_offset_t)PADDR1);
3718 if (PMAP1cpu != PCPU_GET(cpuid)) {
3719 PMAP1cpu = PCPU_GET(cpuid);
3720 tlb_flush_local((vm_offset_t)PADDR1);
3725 fpte2p = page_pt2((vm_offset_t)PADDR1, pte1_idx);
3727 mtx_lock(&PMAP2mutex);
3728 if (pte2_pa(pte2_load(PMAP2)) != pt2pg_pa) {
3729 pte2_store(PMAP2, PTE2_KPT(pt2pg_pa));
3730 tlb_flush((vm_offset_t)PADDR2);
3732 fpte2p = page_pt2((vm_offset_t)PADDR2, pte1_idx);
3734 pt2_pa = page_pt2pa(pt2pg_pa, pte1_idx);
3735 npte1 = PTE1_LINK(pt2_pa);
3737 KASSERT((opte1 & PTE1_A) != 0,
3738 ("%s: opte1 is missing PTE1_A", __func__));
3739 KASSERT((opte1 & (PTE1_NM | PTE1_RO)) != PTE1_NM,
3740 ("%s: opte1 has PTE1_NM", __func__));
3743 * Get pte2 from pte1 format.
3745 npte2 = pte1_pa(opte1) | ATTR_TO_L2(opte1) | PTE2_V;
3748 * If the L2 page table page is new, initialize it. If the mapping
3749 * has changed attributes, update the page table entries.
3752 pt2_wirecount_set(m, pte1_idx, NPTE2_IN_PT2);
3753 pmap_fill_pt2(fpte2p, npte2);
3754 } else if ((pte2_load(fpte2p) & PTE2_PROMOTE) !=
3755 (npte2 & PTE2_PROMOTE))
3756 pmap_fill_pt2(fpte2p, npte2);
3758 KASSERT(pte2_pa(pte2_load(fpte2p)) == pte2_pa(npte2),
3759 ("%s: fpte2p and npte2 map different physical addresses",
3762 if (fpte2p == PADDR2)
3763 mtx_unlock(&PMAP2mutex);
3766 * Demote the mapping. This pmap is locked. The old PTE1 has
3767 * PTE1_A set. If the old PTE1 has not PTE1_RO set, it also
3768 * has not PTE1_NM set. Thus, there is no danger of a race with
3769 * another processor changing the setting of PTE1_A and/or PTE1_NM
3770 * between the read above and the store below.
3772 pmap_change_pte1(pmap, pte1p, va, npte1);
3775 * Demote the pv entry. This depends on the earlier demotion
3776 * of the mapping. Specifically, the (re)creation of a per-
3777 * page pv entry might trigger the execution of pmap_pv_reclaim(),
3778 * which might reclaim a newly (re)created per-page pv entry
3779 * and destroy the associated mapping. In order to destroy
3780 * the mapping, the PTE1 must have already changed from mapping
3781 * the 1mpage to referencing the page table page.
3783 if (pte1_is_managed(opte1))
3784 pmap_pv_demote_pte1(pmap, va, pte1_pa(opte1));
3786 pmap_pte1_demotions++;
3787 CTR3(KTR_PMAP, "%s: success for va %#x in pmap %p",
3788 __func__, va, pmap);
3790 PDEBUG(6, printf("%s(%p): success for va %#x pte1 %#x(%#x) at %p\n",
3791 __func__, pmap, va, npte1, pte1_load(pte1p), pte1p));
3796 * Insert the given physical page (p) at
3797 * the specified virtual address (v) in the
3798 * target physical map with the protection requested.
3800 * If specified, the page will be wired down, meaning
3801 * that the related pte can not be reclaimed.
3803 * NB: This is the only routine which MAY NOT lazy-evaluate
3804 * or lose information. That is, this routine must actually
3805 * insert this page into the given map NOW.
3808 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3809 u_int flags, int8_t psind)
3813 pt2_entry_t npte2, opte2;
3816 vm_page_t mpte2, om;
3819 va = trunc_page(va);
3821 wired = (flags & PMAP_ENTER_WIRED) != 0;
3823 KASSERT(va <= vm_max_kernel_address, ("%s: toobig", __func__));
3824 KASSERT(va < UPT2V_MIN_ADDRESS || va >= UPT2V_MAX_ADDRESS,
3825 ("%s: invalid to pmap_enter page table pages (va: 0x%x)", __func__,
3827 if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
3828 VM_OBJECT_ASSERT_LOCKED(m->object);
3830 rw_wlock(&pvh_global_lock);
3835 * In the case that a page table page is not
3836 * resident, we are creating it here.
3838 if (va < VM_MAXUSER_ADDRESS) {
3839 mpte2 = pmap_allocpte2(pmap, va, flags);
3840 if (mpte2 == NULL) {
3841 KASSERT((flags & PMAP_ENTER_NOSLEEP) != 0,
3842 ("pmap_allocpte2 failed with sleep allowed"));
3844 rw_wunlock(&pvh_global_lock);
3846 return (KERN_RESOURCE_SHORTAGE);
3849 pte1p = pmap_pte1(pmap, va);
3850 if (pte1_is_section(pte1_load(pte1p)))
3851 panic("%s: attempted on 1MB page", __func__);
3852 pte2p = pmap_pte2_quick(pmap, va);
3854 panic("%s: invalid L1 page table entry va=%#x", __func__, va);
3857 pa = VM_PAGE_TO_PHYS(m);
3858 opte2 = pte2_load(pte2p);
3859 opa = pte2_pa(opte2);
3861 * Mapping has not changed, must be protection or wiring change.
3863 if (pte2_is_valid(opte2) && (opa == pa)) {
3865 * Wiring change, just update stats. We don't worry about
3866 * wiring PT2 pages as they remain resident as long as there
3867 * are valid mappings in them. Hence, if a user page is wired,
3868 * the PT2 page will be also.
3870 if (wired && !pte2_is_wired(opte2))
3871 pmap->pm_stats.wired_count++;
3872 else if (!wired && pte2_is_wired(opte2))
3873 pmap->pm_stats.wired_count--;
3876 * Remove extra pte2 reference
3879 pt2_wirecount_dec(mpte2, pte1_index(va));
3880 if (pte2_is_managed(opte2))
3886 * QQQ: We think that changing physical address on writeable mapping
3887 * is not safe. Well, maybe on kernel address space with correct
3888 * locking, it can make a sense. However, we have no idea why
3889 * anyone should do that on user address space. Are we wrong?
3891 KASSERT((opa == 0) || (opa == pa) ||
3892 !pte2_is_valid(opte2) || ((opte2 & PTE2_RO) != 0),
3893 ("%s: pmap %p va %#x(%#x) opa %#x pa %#x - gotcha %#x %#x!",
3894 __func__, pmap, va, opte2, opa, pa, flags, prot));
3899 * Mapping has changed, invalidate old range and fall through to
3900 * handle validating new mapping.
3903 if (pte2_is_wired(opte2))
3904 pmap->pm_stats.wired_count--;
3905 if (pte2_is_managed(opte2)) {
3906 om = PHYS_TO_VM_PAGE(opa);
3907 pv = pmap_pvh_remove(&om->md, pmap, va);
3910 * Remove extra pte2 reference
3913 pt2_wirecount_dec(mpte2, va >> PTE1_SHIFT);
3915 pmap->pm_stats.resident_count++;
3918 * Enter on the PV list if part of our managed memory.
3920 if ((m->oflags & VPO_UNMANAGED) == 0) {
3921 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
3922 ("%s: managed mapping within the clean submap", __func__));
3924 pv = get_pv_entry(pmap, FALSE);
3926 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3927 } else if (pv != NULL)
3928 free_pv_entry(pmap, pv);
3931 * Increment counters
3934 pmap->pm_stats.wired_count++;
3938 * Now validate mapping with desired protection/wiring.
3940 npte2 = PTE2(pa, PTE2_NM, vm_page_pte2_attr(m));
3941 if (prot & VM_PROT_WRITE) {
3942 if (pte2_is_managed(npte2))
3943 vm_page_aflag_set(m, PGA_WRITEABLE);
3947 if ((prot & VM_PROT_EXECUTE) == 0)
3951 if (va < VM_MAXUSER_ADDRESS)
3953 if (pmap != kernel_pmap)
3957 * If the mapping or permission bits are different, we need
3958 * to update the pte2.
3960 * QQQ: Think again and again what to do
3961 * if the mapping is going to be changed!
3963 if ((opte2 & ~(PTE2_NM | PTE2_A)) != (npte2 & ~(PTE2_NM | PTE2_A))) {
3965 * Sync icache if exec permission and attribute VM_MEMATTR_WB_WA
3966 * is set. Do it now, before the mapping is stored and made
3967 * valid for hardware table walk. If done later, there is a race
3968 * for other threads of current process in lazy loading case.
3969 * Don't do it for kernel memory which is mapped with exec
3970 * permission even if the memory isn't going to hold executable
3971 * code. The only time when icache sync is needed is after
3972 * kernel module is loaded and the relocation info is processed.
3973 * And it's done in elf_cpu_load_file().
3975 * QQQ: (1) Does it exist any better way where
3976 * or how to sync icache?
3977 * (2) Now, we do it on a page basis.
3979 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
3980 m->md.pat_mode == VM_MEMATTR_WB_WA &&
3981 (opa != pa || (opte2 & PTE2_NX)))
3982 cache_icache_sync_fresh(va, pa, PAGE_SIZE);
3985 if (flags & VM_PROT_WRITE)
3987 if (opte2 & PTE2_V) {
3988 /* Change mapping with break-before-make approach. */
3989 opte2 = pte2_load_clear(pte2p);
3990 pmap_tlb_flush(pmap, va);
3991 pte2_store(pte2p, npte2);
3992 if (opte2 & PTE2_A) {
3993 if (pte2_is_managed(opte2))
3994 vm_page_aflag_set(om, PGA_REFERENCED);
3996 if (pte2_is_dirty(opte2)) {
3997 if (pte2_is_managed(opte2))
4000 if (pte2_is_managed(opte2) &&
4001 TAILQ_EMPTY(&om->md.pv_list) &&
4002 ((om->flags & PG_FICTITIOUS) != 0 ||
4003 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
4004 vm_page_aflag_clear(om, PGA_WRITEABLE);
4006 pte2_store(pte2p, npte2);
4011 * QQQ: In time when both access and not mofified bits are
4012 * emulated by software, this should not happen. Some
4013 * analysis is need, if this really happen. Missing
4014 * tlb flush somewhere could be the reason.
4016 panic("%s: pmap %p va %#x opte2 %x npte2 %x !!", __func__, pmap,
4021 * If both the L2 page table page and the reservation are fully
4022 * populated, then attempt promotion.
4024 if ((mpte2 == NULL || pt2_is_full(mpte2, va)) &&
4025 sp_enabled && (m->flags & PG_FICTITIOUS) == 0 &&
4026 vm_reserv_level_iffullpop(m) == 0)
4027 pmap_promote_pte1(pmap, pte1p, va);
4029 rw_wunlock(&pvh_global_lock);
4031 return (KERN_SUCCESS);
4035 * Do the things to unmap a page in a process.
4038 pmap_remove_pte2(pmap_t pmap, pt2_entry_t *pte2p, vm_offset_t va,
4039 struct spglist *free)
4044 rw_assert(&pvh_global_lock, RA_WLOCKED);
4045 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4047 /* Clear and invalidate the mapping. */
4048 opte2 = pte2_load_clear(pte2p);
4049 pmap_tlb_flush(pmap, va);
4051 KASSERT(pte2_is_valid(opte2), ("%s: pmap %p va %#x not link pte2 %#x",
4052 __func__, pmap, va, opte2));
4055 pmap->pm_stats.wired_count -= 1;
4056 pmap->pm_stats.resident_count -= 1;
4057 if (pte2_is_managed(opte2)) {
4058 m = PHYS_TO_VM_PAGE(pte2_pa(opte2));
4059 if (pte2_is_dirty(opte2))
4062 vm_page_aflag_set(m, PGA_REFERENCED);
4063 pmap_remove_entry(pmap, m, va);
4065 return (pmap_unuse_pt2(pmap, va, free));
4069 * Remove a single page from a process address space.
4072 pmap_remove_page(pmap_t pmap, vm_offset_t va, struct spglist *free)
4076 rw_assert(&pvh_global_lock, RA_WLOCKED);
4077 KASSERT(curthread->td_pinned > 0,
4078 ("%s: curthread not pinned", __func__));
4079 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4080 if ((pte2p = pmap_pte2_quick(pmap, va)) == NULL ||
4081 !pte2_is_valid(pte2_load(pte2p)))
4083 pmap_remove_pte2(pmap, pte2p, va, free);
4087 * Remove the given range of addresses from the specified map.
4089 * It is assumed that the start and end are properly
4090 * rounded to the page size.
4093 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4096 pt1_entry_t *pte1p, pte1;
4097 pt2_entry_t *pte2p, pte2;
4098 struct spglist free;
4101 * Perform an unsynchronized read. This is, however, safe.
4103 if (pmap->pm_stats.resident_count == 0)
4108 rw_wlock(&pvh_global_lock);
4113 * Special handling of removing one page. A very common
4114 * operation and easy to short circuit some code.
4116 if (sva + PAGE_SIZE == eva) {
4117 pte1 = pte1_load(pmap_pte1(pmap, sva));
4118 if (pte1_is_link(pte1)) {
4119 pmap_remove_page(pmap, sva, &free);
4124 for (; sva < eva; sva = nextva) {
4126 * Calculate address for next L2 page table.
4128 nextva = pte1_trunc(sva + PTE1_SIZE);
4131 if (pmap->pm_stats.resident_count == 0)
4134 pte1p = pmap_pte1(pmap, sva);
4135 pte1 = pte1_load(pte1p);
4138 * Weed out invalid mappings. Note: we assume that the L1 page
4139 * table is always allocated, and in kernel virtual.
4144 if (pte1_is_section(pte1)) {
4146 * Are we removing the entire large page? If not,
4147 * demote the mapping and fall through.
4149 if (sva + PTE1_SIZE == nextva && eva >= nextva) {
4150 pmap_remove_pte1(pmap, pte1p, sva, &free);
4152 } else if (!pmap_demote_pte1(pmap, pte1p, sva)) {
4153 /* The large page mapping was destroyed. */
4158 /* Update pte1 after demotion. */
4159 pte1 = pte1_load(pte1p);
4164 KASSERT(pte1_is_link(pte1), ("%s: pmap %p va %#x pte1 %#x at %p"
4165 " is not link", __func__, pmap, sva, pte1, pte1p));
4168 * Limit our scan to either the end of the va represented
4169 * by the current L2 page table page, or to the end of the
4170 * range being removed.
4175 for (pte2p = pmap_pte2_quick(pmap, sva); sva != nextva;
4176 pte2p++, sva += PAGE_SIZE) {
4177 pte2 = pte2_load(pte2p);
4178 if (!pte2_is_valid(pte2))
4180 if (pmap_remove_pte2(pmap, pte2p, sva, &free))
4186 rw_wunlock(&pvh_global_lock);
4188 pmap_free_zero_pages(&free);
4192 * Routine: pmap_remove_all
4194 * Removes this physical page from
4195 * all physical maps in which it resides.
4196 * Reflects back modify bits to the pager.
4199 * Original versions of this routine were very
4200 * inefficient because they iteratively called
4201 * pmap_remove (slow...)
4205 pmap_remove_all(vm_page_t m)
4207 struct md_page *pvh;
4210 pt2_entry_t *pte2p, opte2;
4213 struct spglist free;
4215 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4216 ("%s: page %p is not managed", __func__, m));
4218 rw_wlock(&pvh_global_lock);
4220 if ((m->flags & PG_FICTITIOUS) != 0)
4221 goto small_mappings;
4222 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4223 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
4227 pte1p = pmap_pte1(pmap, va);
4228 (void)pmap_demote_pte1(pmap, pte1p, va);
4232 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
4235 pmap->pm_stats.resident_count--;
4236 pte1p = pmap_pte1(pmap, pv->pv_va);
4237 KASSERT(!pte1_is_section(pte1_load(pte1p)), ("%s: found "
4238 "a 1mpage in page %p's pv list", __func__, m));
4239 pte2p = pmap_pte2_quick(pmap, pv->pv_va);
4240 opte2 = pte2_load_clear(pte2p);
4241 pmap_tlb_flush(pmap, pv->pv_va);
4242 KASSERT(pte2_is_valid(opte2), ("%s: pmap %p va %x zero pte2",
4243 __func__, pmap, pv->pv_va));
4244 if (pte2_is_wired(opte2))
4245 pmap->pm_stats.wired_count--;
4247 vm_page_aflag_set(m, PGA_REFERENCED);
4250 * Update the vm_page_t clean and reference bits.
4252 if (pte2_is_dirty(opte2))
4254 pmap_unuse_pt2(pmap, pv->pv_va, &free);
4255 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4256 free_pv_entry(pmap, pv);
4259 vm_page_aflag_clear(m, PGA_WRITEABLE);
4261 rw_wunlock(&pvh_global_lock);
4262 pmap_free_zero_pages(&free);
4266 * Just subroutine for pmap_remove_pages() to reasonably satisfy
4267 * good coding style, a.k.a. 80 character line width limit hell.
4269 static __inline void
4270 pmap_remove_pte1_quick(pmap_t pmap, pt1_entry_t pte1, pv_entry_t pv,
4271 struct spglist *free)
4274 vm_page_t m, mt, mpt2pg;
4275 struct md_page *pvh;
4278 m = PHYS_TO_VM_PAGE(pa);
4280 KASSERT(m->phys_addr == pa, ("%s: vm_page_t %p addr mismatch %#x %#x",
4281 __func__, m, m->phys_addr, pa));
4282 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4283 m < &vm_page_array[vm_page_array_size],
4284 ("%s: bad pte1 %#x", __func__, pte1));
4286 if (pte1_is_dirty(pte1)) {
4287 for (mt = m; mt < &m[PTE1_SIZE / PAGE_SIZE]; mt++)
4291 pmap->pm_stats.resident_count -= PTE1_SIZE / PAGE_SIZE;
4292 pvh = pa_to_pvh(pa);
4293 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4294 if (TAILQ_EMPTY(&pvh->pv_list)) {
4295 for (mt = m; mt < &m[PTE1_SIZE / PAGE_SIZE]; mt++)
4296 if (TAILQ_EMPTY(&mt->md.pv_list))
4297 vm_page_aflag_clear(mt, PGA_WRITEABLE);
4299 mpt2pg = pmap_pt2_page(pmap, pv->pv_va);
4301 pmap_unwire_pt2_all(pmap, pv->pv_va, mpt2pg, free);
4305 * Just subroutine for pmap_remove_pages() to reasonably satisfy
4306 * good coding style, a.k.a. 80 character line width limit hell.
4308 static __inline void
4309 pmap_remove_pte2_quick(pmap_t pmap, pt2_entry_t pte2, pv_entry_t pv,
4310 struct spglist *free)
4314 struct md_page *pvh;
4317 m = PHYS_TO_VM_PAGE(pa);
4319 KASSERT(m->phys_addr == pa, ("%s: vm_page_t %p addr mismatch %#x %#x",
4320 __func__, m, m->phys_addr, pa));
4321 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4322 m < &vm_page_array[vm_page_array_size],
4323 ("%s: bad pte2 %#x", __func__, pte2));
4325 if (pte2_is_dirty(pte2))
4328 pmap->pm_stats.resident_count--;
4329 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4330 if (TAILQ_EMPTY(&m->md.pv_list) && (m->flags & PG_FICTITIOUS) == 0) {
4331 pvh = pa_to_pvh(pa);
4332 if (TAILQ_EMPTY(&pvh->pv_list))
4333 vm_page_aflag_clear(m, PGA_WRITEABLE);
4335 pmap_unuse_pt2(pmap, pv->pv_va, free);
4339 * Remove all pages from specified address space this aids process
4340 * exit speeds. Also, this code is special cased for current process
4341 * only, but can have the more generic (and slightly slower) mode enabled.
4342 * This is much faster than pmap_remove in the case of running down
4343 * an entire address space.
4346 pmap_remove_pages(pmap_t pmap)
4348 pt1_entry_t *pte1p, pte1;
4349 pt2_entry_t *pte2p, pte2;
4351 struct pv_chunk *pc, *npc;
4352 struct spglist free;
4355 uint32_t inuse, bitmask;
4359 * Assert that the given pmap is only active on the current
4360 * CPU. Unfortunately, we cannot block another CPU from
4361 * activating the pmap while this function is executing.
4363 KASSERT(pmap == vmspace_pmap(curthread->td_proc->p_vmspace),
4364 ("%s: non-current pmap %p", __func__, pmap));
4365 #if defined(SMP) && defined(INVARIANTS)
4367 cpuset_t other_cpus;
4370 other_cpus = pmap->pm_active;
4371 CPU_CLR(PCPU_GET(cpuid), &other_cpus);
4373 KASSERT(CPU_EMPTY(&other_cpus),
4374 ("%s: pmap %p active on other cpus", __func__, pmap));
4378 rw_wlock(&pvh_global_lock);
4381 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
4382 KASSERT(pc->pc_pmap == pmap, ("%s: wrong pmap %p %p",
4383 __func__, pmap, pc->pc_pmap));
4385 for (field = 0; field < _NPCM; field++) {
4386 inuse = (~(pc->pc_map[field])) & pc_freemask[field];
4387 while (inuse != 0) {
4388 bit = ffs(inuse) - 1;
4389 bitmask = 1UL << bit;
4390 idx = field * 32 + bit;
4391 pv = &pc->pc_pventry[idx];
4395 * Note that we cannot remove wired pages
4396 * from a process' mapping at this time
4398 pte1p = pmap_pte1(pmap, pv->pv_va);
4399 pte1 = pte1_load(pte1p);
4400 if (pte1_is_section(pte1)) {
4401 if (pte1_is_wired(pte1)) {
4406 pmap_remove_pte1_quick(pmap, pte1, pv,
4409 else if (pte1_is_link(pte1)) {
4410 pte2p = pt2map_entry(pv->pv_va);
4411 pte2 = pte2_load(pte2p);
4413 if (!pte2_is_valid(pte2)) {
4414 printf("%s: pmap %p va %#x "
4415 "pte2 %#x\n", __func__,
4416 pmap, pv->pv_va, pte2);
4420 if (pte2_is_wired(pte2)) {
4425 pmap_remove_pte2_quick(pmap, pte2, pv,
4428 printf("%s: pmap %p va %#x pte1 %#x\n",
4429 __func__, pmap, pv->pv_va, pte1);
4434 PV_STAT(pv_entry_frees++);
4435 PV_STAT(pv_entry_spare++);
4437 pc->pc_map[field] |= bitmask;
4441 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4445 tlb_flush_all_ng_local();
4447 rw_wunlock(&pvh_global_lock);
4449 pmap_free_zero_pages(&free);
4453 * This code makes some *MAJOR* assumptions:
4454 * 1. Current pmap & pmap exists.
4457 * 4. No L2 page table pages.
4458 * but is *MUCH* faster than pmap_enter...
4461 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
4462 vm_prot_t prot, vm_page_t mpt2pg)
4464 pt2_entry_t *pte2p, pte2;
4466 struct spglist free;
4469 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
4470 (m->oflags & VPO_UNMANAGED) != 0,
4471 ("%s: managed mapping within the clean submap", __func__));
4472 rw_assert(&pvh_global_lock, RA_WLOCKED);
4473 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4476 * In the case that a L2 page table page is not
4477 * resident, we are creating it here.
4479 if (va < VM_MAXUSER_ADDRESS) {
4481 pt1_entry_t pte1, *pte1p;
4485 * Get L1 page table things.
4487 pte1_idx = pte1_index(va);
4488 pte1p = pmap_pte1(pmap, va);
4489 pte1 = pte1_load(pte1p);
4491 if (mpt2pg && (mpt2pg->pindex == (pte1_idx & ~PT2PG_MASK))) {
4493 * Each of NPT2_IN_PG L2 page tables on the page can
4494 * come here. Make sure that associated L1 page table
4495 * link is established.
4497 * QQQ: It comes that we don't establish all links to
4498 * L2 page tables for newly allocated L2 page
4501 KASSERT(!pte1_is_section(pte1),
4502 ("%s: pte1 %#x is section", __func__, pte1));
4503 if (!pte1_is_link(pte1)) {
4504 pt2_pa = page_pt2pa(VM_PAGE_TO_PHYS(mpt2pg),
4506 pte1_store(pte1p, PTE1_LINK(pt2_pa));
4508 pt2_wirecount_inc(mpt2pg, pte1_idx);
4511 * If the L2 page table page is mapped, we just
4512 * increment the hold count, and activate it.
4514 if (pte1_is_section(pte1)) {
4516 } else if (pte1_is_link(pte1)) {
4517 mpt2pg = PHYS_TO_VM_PAGE(pte1_link_pa(pte1));
4518 pt2_wirecount_inc(mpt2pg, pte1_idx);
4520 mpt2pg = _pmap_allocpte2(pmap, va,
4521 PMAP_ENTER_NOSLEEP);
4531 * This call to pt2map_entry() makes the assumption that we are
4532 * entering the page into the current pmap. In order to support
4533 * quick entry into any pmap, one would likely use pmap_pte2_quick().
4534 * But that isn't as quick as pt2map_entry().
4536 pte2p = pt2map_entry(va);
4537 pte2 = pte2_load(pte2p);
4538 if (pte2_is_valid(pte2)) {
4539 if (mpt2pg != NULL) {
4541 * Remove extra pte2 reference
4543 pt2_wirecount_dec(mpt2pg, pte1_index(va));
4550 * Enter on the PV list if part of our managed memory.
4552 if ((m->oflags & VPO_UNMANAGED) == 0 &&
4553 !pmap_try_insert_pv_entry(pmap, va, m)) {
4554 if (mpt2pg != NULL) {
4556 if (pmap_unwire_pt2(pmap, va, mpt2pg, &free)) {
4557 pmap_tlb_flush(pmap, va);
4558 pmap_free_zero_pages(&free);
4567 * Increment counters
4569 pmap->pm_stats.resident_count++;
4572 * Now validate mapping with RO protection
4574 pa = VM_PAGE_TO_PHYS(m);
4575 l2prot = PTE2_RO | PTE2_NM;
4576 if (va < VM_MAXUSER_ADDRESS)
4577 l2prot |= PTE2_U | PTE2_NG;
4578 if ((prot & VM_PROT_EXECUTE) == 0)
4580 else if (m->md.pat_mode == VM_MEMATTR_WB_WA && pmap != kernel_pmap) {
4582 * Sync icache if exec permission and attribute VM_MEMATTR_WB_WA
4583 * is set. QQQ: For more info, see comments in pmap_enter().
4585 cache_icache_sync_fresh(va, pa, PAGE_SIZE);
4587 pte2_store(pte2p, PTE2(pa, l2prot, vm_page_pte2_attr(m)));
4593 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
4596 rw_wlock(&pvh_global_lock);
4598 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL);
4599 rw_wunlock(&pvh_global_lock);
4604 * Tries to create 1MB page mapping. Returns TRUE if successful and
4605 * FALSE otherwise. Fails if (1) a page table page cannot be allocated without
4606 * blocking, (2) a mapping already exists at the specified virtual address, or
4607 * (3) a pv entry cannot be allocated without reclaiming another pv entry.
4610 pmap_enter_pte1(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
4616 rw_assert(&pvh_global_lock, RA_WLOCKED);
4617 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4618 pte1p = pmap_pte1(pmap, va);
4619 if (pte1_is_valid(pte1_load(pte1p))) {
4620 CTR3(KTR_PMAP, "%s: failure for va %#lx in pmap %p", __func__,
4624 if ((m->oflags & VPO_UNMANAGED) == 0) {
4626 * Abort this mapping if its PV entry could not be created.
4628 if (!pmap_pv_insert_pte1(pmap, va, VM_PAGE_TO_PHYS(m))) {
4629 CTR3(KTR_PMAP, "%s: failure for va %#lx in pmap %p",
4630 __func__, va, pmap);
4635 * Increment counters.
4637 pmap->pm_stats.resident_count += PTE1_SIZE / PAGE_SIZE;
4642 * QQQ: Why VM_PROT_WRITE is not evaluated and the mapping is
4645 pa = VM_PAGE_TO_PHYS(m);
4646 l1prot = PTE1_RO | PTE1_NM;
4647 if (va < VM_MAXUSER_ADDRESS)
4648 l1prot |= PTE1_U | PTE1_NG;
4649 if ((prot & VM_PROT_EXECUTE) == 0)
4651 else if (m->md.pat_mode == VM_MEMATTR_WB_WA && pmap != kernel_pmap) {
4653 * Sync icache if exec permission and attribute VM_MEMATTR_WB_WA
4654 * is set. QQQ: For more info, see comments in pmap_enter().
4656 cache_icache_sync_fresh(va, pa, PTE1_SIZE);
4658 pte1_store(pte1p, PTE1(pa, l1prot, ATTR_TO_L1(vm_page_pte2_attr(m))));
4660 pmap_pte1_mappings++;
4661 CTR3(KTR_PMAP, "%s: success for va %#lx in pmap %p", __func__, va,
4667 * Maps a sequence of resident pages belonging to the same object.
4668 * The sequence begins with the given page m_start. This page is
4669 * mapped at the given virtual address start. Each subsequent page is
4670 * mapped at a virtual address that is offset from start by the same
4671 * amount as the page is offset from m_start within the object. The
4672 * last page in the sequence is the page with the largest offset from
4673 * m_start that can be mapped at a virtual address less than the given
4674 * virtual address end. Not every virtual page between start and end
4675 * is mapped; only those for which a resident page exists with the
4676 * corresponding offset from m_start are mapped.
4679 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
4680 vm_page_t m_start, vm_prot_t prot)
4683 vm_page_t m, mpt2pg;
4684 vm_pindex_t diff, psize;
4686 PDEBUG(6, printf("%s: pmap %p start %#x end %#x m %p prot %#x\n",
4687 __func__, pmap, start, end, m_start, prot));
4689 VM_OBJECT_ASSERT_LOCKED(m_start->object);
4690 psize = atop(end - start);
4693 rw_wlock(&pvh_global_lock);
4695 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
4696 va = start + ptoa(diff);
4697 if ((va & PTE1_OFFSET) == 0 && va + PTE1_SIZE <= end &&
4698 m->psind == 1 && sp_enabled &&
4699 pmap_enter_pte1(pmap, va, m, prot))
4700 m = &m[PTE1_SIZE / PAGE_SIZE - 1];
4702 mpt2pg = pmap_enter_quick_locked(pmap, va, m, prot,
4704 m = TAILQ_NEXT(m, listq);
4706 rw_wunlock(&pvh_global_lock);
4711 * This code maps large physical mmap regions into the
4712 * processor address space. Note that some shortcuts
4713 * are taken, but the code works.
4716 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
4717 vm_pindex_t pindex, vm_size_t size)
4720 vm_paddr_t pa, pte2_pa;
4722 vm_memattr_t pat_mode;
4723 u_int l1attr, l1prot;
4725 VM_OBJECT_ASSERT_WLOCKED(object);
4726 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
4727 ("%s: non-device object", __func__));
4728 if ((addr & PTE1_OFFSET) == 0 && (size & PTE1_OFFSET) == 0) {
4729 if (!vm_object_populate(object, pindex, pindex + atop(size)))
4731 p = vm_page_lookup(object, pindex);
4732 KASSERT(p->valid == VM_PAGE_BITS_ALL,
4733 ("%s: invalid page %p", __func__, p));
4734 pat_mode = p->md.pat_mode;
4737 * Abort the mapping if the first page is not physically
4738 * aligned to a 1MB page boundary.
4740 pte2_pa = VM_PAGE_TO_PHYS(p);
4741 if (pte2_pa & PTE1_OFFSET)
4745 * Skip the first page. Abort the mapping if the rest of
4746 * the pages are not physically contiguous or have differing
4747 * memory attributes.
4749 p = TAILQ_NEXT(p, listq);
4750 for (pa = pte2_pa + PAGE_SIZE; pa < pte2_pa + size;
4752 KASSERT(p->valid == VM_PAGE_BITS_ALL,
4753 ("%s: invalid page %p", __func__, p));
4754 if (pa != VM_PAGE_TO_PHYS(p) ||
4755 pat_mode != p->md.pat_mode)
4757 p = TAILQ_NEXT(p, listq);
4761 * Map using 1MB pages.
4763 * QQQ: Well, we are mapping a section, so same condition must
4764 * be hold like during promotion. It looks that only RW mapping
4765 * is done here, so readonly mapping must be done elsewhere.
4767 l1prot = PTE1_U | PTE1_NG | PTE1_RW | PTE1_M | PTE1_A;
4768 l1attr = ATTR_TO_L1(vm_memattr_to_pte2(pat_mode));
4770 for (pa = pte2_pa; pa < pte2_pa + size; pa += PTE1_SIZE) {
4771 pte1p = pmap_pte1(pmap, addr);
4772 if (!pte1_is_valid(pte1_load(pte1p))) {
4773 pte1_store(pte1p, PTE1(pa, l1prot, l1attr));
4774 pmap->pm_stats.resident_count += PTE1_SIZE /
4776 pmap_pte1_mappings++;
4778 /* Else continue on if the PTE1 is already valid. */
4786 * Do the things to protect a 1mpage in a process.
4789 pmap_protect_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t sva,
4792 pt1_entry_t npte1, opte1;
4793 vm_offset_t eva, va;
4796 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4797 KASSERT((sva & PTE1_OFFSET) == 0,
4798 ("%s: sva is not 1mpage aligned", __func__));
4800 opte1 = npte1 = pte1_load(pte1p);
4801 if (pte1_is_managed(opte1)) {
4802 eva = sva + PTE1_SIZE;
4803 for (va = sva, m = PHYS_TO_VM_PAGE(pte1_pa(opte1));
4804 va < eva; va += PAGE_SIZE, m++)
4805 if (pte1_is_dirty(opte1))
4808 if ((prot & VM_PROT_WRITE) == 0)
4809 npte1 |= PTE1_RO | PTE1_NM;
4810 if ((prot & VM_PROT_EXECUTE) == 0)
4814 * QQQ: Herein, execute permission is never set.
4815 * It only can be cleared. So, no icache
4816 * syncing is needed.
4819 if (npte1 != opte1) {
4820 pte1_store(pte1p, npte1);
4821 pmap_tlb_flush(pmap, sva);
4826 * Set the physical protection on the
4827 * specified range of this map as requested.
4830 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
4832 boolean_t pv_lists_locked;
4834 pt1_entry_t *pte1p, pte1;
4835 pt2_entry_t *pte2p, opte2, npte2;
4837 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
4838 if (prot == VM_PROT_NONE) {
4839 pmap_remove(pmap, sva, eva);
4843 if ((prot & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ==
4844 (VM_PROT_WRITE | VM_PROT_EXECUTE))
4847 if (pmap_is_current(pmap))
4848 pv_lists_locked = FALSE;
4850 pv_lists_locked = TRUE;
4852 rw_wlock(&pvh_global_lock);
4857 for (; sva < eva; sva = nextva) {
4859 * Calculate address for next L2 page table.
4861 nextva = pte1_trunc(sva + PTE1_SIZE);
4865 pte1p = pmap_pte1(pmap, sva);
4866 pte1 = pte1_load(pte1p);
4869 * Weed out invalid mappings. Note: we assume that L1 page
4870 * page table is always allocated, and in kernel virtual.
4875 if (pte1_is_section(pte1)) {
4877 * Are we protecting the entire large page? If not,
4878 * demote the mapping and fall through.
4880 if (sva + PTE1_SIZE == nextva && eva >= nextva) {
4881 pmap_protect_pte1(pmap, pte1p, sva, prot);
4884 if (!pv_lists_locked) {
4885 pv_lists_locked = TRUE;
4886 if (!rw_try_wlock(&pvh_global_lock)) {
4892 if (!pmap_demote_pte1(pmap, pte1p, sva)) {
4894 * The large page mapping
4901 /* Update pte1 after demotion */
4902 pte1 = pte1_load(pte1p);
4908 KASSERT(pte1_is_link(pte1), ("%s: pmap %p va %#x pte1 %#x at %p"
4909 " is not link", __func__, pmap, sva, pte1, pte1p));
4912 * Limit our scan to either the end of the va represented
4913 * by the current L2 page table page, or to the end of the
4914 * range being protected.
4919 for (pte2p = pmap_pte2_quick(pmap, sva); sva != nextva; pte2p++,
4923 opte2 = npte2 = pte2_load(pte2p);
4924 if (!pte2_is_valid(opte2))
4927 if ((prot & VM_PROT_WRITE) == 0) {
4928 if (pte2_is_managed(opte2) &&
4929 pte2_is_dirty(opte2)) {
4930 m = PHYS_TO_VM_PAGE(pte2_pa(opte2));
4933 npte2 |= PTE2_RO | PTE2_NM;
4936 if ((prot & VM_PROT_EXECUTE) == 0)
4940 * QQQ: Herein, execute permission is never set.
4941 * It only can be cleared. So, no icache
4942 * syncing is needed.
4945 if (npte2 != opte2) {
4946 pte2_store(pte2p, npte2);
4947 pmap_tlb_flush(pmap, sva);
4951 if (pv_lists_locked) {
4953 rw_wunlock(&pvh_global_lock);
4959 * pmap_pvh_wired_mappings:
4961 * Return the updated number "count" of managed mappings that are wired.
4964 pmap_pvh_wired_mappings(struct md_page *pvh, int count)
4971 rw_assert(&pvh_global_lock, RA_WLOCKED);
4973 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4976 pte1 = pte1_load(pmap_pte1(pmap, pv->pv_va));
4977 if (pte1_is_section(pte1)) {
4978 if (pte1_is_wired(pte1))
4981 KASSERT(pte1_is_link(pte1),
4982 ("%s: pte1 %#x is not link", __func__, pte1));
4983 pte2 = pte2_load(pmap_pte2_quick(pmap, pv->pv_va));
4984 if (pte2_is_wired(pte2))
4994 * pmap_page_wired_mappings:
4996 * Return the number of managed mappings to the given physical page
5000 pmap_page_wired_mappings(vm_page_t m)
5005 if ((m->oflags & VPO_UNMANAGED) != 0)
5007 rw_wlock(&pvh_global_lock);
5008 count = pmap_pvh_wired_mappings(&m->md, count);
5009 if ((m->flags & PG_FICTITIOUS) == 0) {
5010 count = pmap_pvh_wired_mappings(pa_to_pvh(VM_PAGE_TO_PHYS(m)),
5013 rw_wunlock(&pvh_global_lock);
5018 * Returns TRUE if any of the given mappings were used to modify
5019 * physical memory. Otherwise, returns FALSE. Both page and 1mpage
5020 * mappings are supported.
5023 pmap_is_modified_pvh(struct md_page *pvh)
5031 rw_assert(&pvh_global_lock, RA_WLOCKED);
5034 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5037 pte1 = pte1_load(pmap_pte1(pmap, pv->pv_va));
5038 if (pte1_is_section(pte1)) {
5039 rv = pte1_is_dirty(pte1);
5041 KASSERT(pte1_is_link(pte1),
5042 ("%s: pte1 %#x is not link", __func__, pte1));
5043 pte2 = pte2_load(pmap_pte2_quick(pmap, pv->pv_va));
5044 rv = pte2_is_dirty(pte2);
5057 * Return whether or not the specified physical page was modified
5058 * in any physical maps.
5061 pmap_is_modified(vm_page_t m)
5065 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5066 ("%s: page %p is not managed", __func__, m));
5069 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
5070 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
5071 * is clear, no PTE2s can have PG_M set.
5073 VM_OBJECT_ASSERT_WLOCKED(m->object);
5074 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
5076 rw_wlock(&pvh_global_lock);
5077 rv = pmap_is_modified_pvh(&m->md) ||
5078 ((m->flags & PG_FICTITIOUS) == 0 &&
5079 pmap_is_modified_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
5080 rw_wunlock(&pvh_global_lock);
5085 * pmap_is_prefaultable:
5087 * Return whether or not the specified virtual address is eligible
5091 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
5099 pte1 = pte1_load(pmap_pte1(pmap, addr));
5100 if (pte1_is_link(pte1)) {
5101 pte2 = pte2_load(pt2map_entry(addr));
5102 rv = !pte2_is_valid(pte2) ;
5109 * Returns TRUE if any of the given mappings were referenced and FALSE
5110 * otherwise. Both page and 1mpage mappings are supported.
5113 pmap_is_referenced_pvh(struct md_page *pvh)
5122 rw_assert(&pvh_global_lock, RA_WLOCKED);
5125 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5128 pte1 = pte1_load(pmap_pte1(pmap, pv->pv_va));
5129 if (pte1_is_section(pte1)) {
5130 rv = (pte1 & (PTE1_A | PTE1_V)) == (PTE1_A | PTE1_V);
5132 pte2 = pte2_load(pmap_pte2_quick(pmap, pv->pv_va));
5133 rv = (pte2 & (PTE2_A | PTE2_V)) == (PTE2_A | PTE2_V);
5144 * pmap_is_referenced:
5146 * Return whether or not the specified physical page was referenced
5147 * in any physical maps.
5150 pmap_is_referenced(vm_page_t m)
5154 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5155 ("%s: page %p is not managed", __func__, m));
5156 rw_wlock(&pvh_global_lock);
5157 rv = pmap_is_referenced_pvh(&m->md) ||
5158 ((m->flags & PG_FICTITIOUS) == 0 &&
5159 pmap_is_referenced_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
5160 rw_wunlock(&pvh_global_lock);
5165 * pmap_ts_referenced:
5167 * Return a count of reference bits for a page, clearing those bits.
5168 * It is not necessary for every reference bit to be cleared, but it
5169 * is necessary that 0 only be returned when there are truly no
5170 * reference bits set.
5172 * As an optimization, update the page's dirty field if a modified bit is
5173 * found while counting reference bits. This opportunistic update can be
5174 * performed at low cost and can eliminate the need for some future calls
5175 * to pmap_is_modified(). However, since this function stops after
5176 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
5177 * dirty pages. Those dirty pages will only be detected by a future call
5178 * to pmap_is_modified().
5181 pmap_ts_referenced(vm_page_t m)
5183 struct md_page *pvh;
5186 pt1_entry_t *pte1p, opte1;
5187 pt2_entry_t *pte2p, opte2;
5191 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5192 ("%s: page %p is not managed", __func__, m));
5193 pa = VM_PAGE_TO_PHYS(m);
5194 pvh = pa_to_pvh(pa);
5195 rw_wlock(&pvh_global_lock);
5197 if ((m->flags & PG_FICTITIOUS) != 0 ||
5198 (pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
5199 goto small_mappings;
5204 pte1p = pmap_pte1(pmap, pv->pv_va);
5205 opte1 = pte1_load(pte1p);
5206 if (pte1_is_dirty(opte1)) {
5208 * Although "opte1" is mapping a 1MB page, because
5209 * this function is called at a 4KB page granularity,
5210 * we only update the 4KB page under test.
5214 if ((opte1 & PTE1_A) != 0) {
5216 * Since this reference bit is shared by 256 4KB pages,
5217 * it should not be cleared every time it is tested.
5218 * Apply a simple "hash" function on the physical page
5219 * number, the virtual section number, and the pmap
5220 * address to select one 4KB page out of the 256
5221 * on which testing the reference bit will result
5222 * in clearing that bit. This function is designed
5223 * to avoid the selection of the same 4KB page
5224 * for every 1MB page mapping.
5226 * On demotion, a mapping that hasn't been referenced
5227 * is simply destroyed. To avoid the possibility of a
5228 * subsequent page fault on a demoted wired mapping,
5229 * always leave its reference bit set. Moreover,
5230 * since the section is wired, the current state of
5231 * its reference bit won't affect page replacement.
5233 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> PTE1_SHIFT) ^
5234 (uintptr_t)pmap) & (NPTE2_IN_PG - 1)) == 0 &&
5235 !pte1_is_wired(opte1)) {
5236 pte1_clear_bit(pte1p, PTE1_A);
5237 pmap_tlb_flush(pmap, pv->pv_va);
5242 /* Rotate the PV list if it has more than one entry. */
5243 if (TAILQ_NEXT(pv, pv_next) != NULL) {
5244 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
5245 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
5247 if (rtval >= PMAP_TS_REFERENCED_MAX)
5249 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
5251 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
5257 pte1p = pmap_pte1(pmap, pv->pv_va);
5258 KASSERT(pte1_is_link(pte1_load(pte1p)),
5259 ("%s: not found a link in page %p's pv list", __func__, m));
5261 pte2p = pmap_pte2_quick(pmap, pv->pv_va);
5262 opte2 = pte2_load(pte2p);
5263 if (pte2_is_dirty(opte2))
5265 if ((opte2 & PTE2_A) != 0) {
5266 pte2_clear_bit(pte2p, PTE2_A);
5267 pmap_tlb_flush(pmap, pv->pv_va);
5271 /* Rotate the PV list if it has more than one entry. */
5272 if (TAILQ_NEXT(pv, pv_next) != NULL) {
5273 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
5274 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
5276 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && rtval <
5277 PMAP_TS_REFERENCED_MAX);
5280 rw_wunlock(&pvh_global_lock);
5285 * Clear the wired attribute from the mappings for the specified range of
5286 * addresses in the given pmap. Every valid mapping within that range
5287 * must have the wired attribute set. In contrast, invalid mappings
5288 * cannot have the wired attribute set, so they are ignored.
5290 * The wired attribute of the page table entry is not a hardware feature,
5291 * so there is no need to invalidate any TLB entries.
5294 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
5297 pt1_entry_t *pte1p, pte1;
5298 pt2_entry_t *pte2p, pte2;
5299 boolean_t pv_lists_locked;
5301 if (pmap_is_current(pmap))
5302 pv_lists_locked = FALSE;
5304 pv_lists_locked = TRUE;
5306 rw_wlock(&pvh_global_lock);
5310 for (; sva < eva; sva = nextva) {
5311 nextva = pte1_trunc(sva + PTE1_SIZE);
5315 pte1p = pmap_pte1(pmap, sva);
5316 pte1 = pte1_load(pte1p);
5319 * Weed out invalid mappings. Note: we assume that L1 page
5320 * page table is always allocated, and in kernel virtual.
5325 if (pte1_is_section(pte1)) {
5326 if (!pte1_is_wired(pte1))
5327 panic("%s: pte1 %#x not wired", __func__, pte1);
5330 * Are we unwiring the entire large page? If not,
5331 * demote the mapping and fall through.
5333 if (sva + PTE1_SIZE == nextva && eva >= nextva) {
5334 pte1_clear_bit(pte1p, PTE1_W);
5335 pmap->pm_stats.wired_count -= PTE1_SIZE /
5339 if (!pv_lists_locked) {
5340 pv_lists_locked = TRUE;
5341 if (!rw_try_wlock(&pvh_global_lock)) {
5348 if (!pmap_demote_pte1(pmap, pte1p, sva))
5349 panic("%s: demotion failed", __func__);
5352 /* Update pte1 after demotion */
5353 pte1 = pte1_load(pte1p);
5359 KASSERT(pte1_is_link(pte1), ("%s: pmap %p va %#x pte1 %#x at %p"
5360 " is not link", __func__, pmap, sva, pte1, pte1p));
5363 * Limit our scan to either the end of the va represented
5364 * by the current L2 page table page, or to the end of the
5365 * range being protected.
5370 for (pte2p = pmap_pte2_quick(pmap, sva); sva != nextva; pte2p++,
5372 pte2 = pte2_load(pte2p);
5373 if (!pte2_is_valid(pte2))
5375 if (!pte2_is_wired(pte2))
5376 panic("%s: pte2 %#x is missing PTE2_W",
5380 * PTE2_W must be cleared atomically. Although the pmap
5381 * lock synchronizes access to PTE2_W, another processor
5382 * could be changing PTE2_NM and/or PTE2_A concurrently.
5384 pte2_clear_bit(pte2p, PTE2_W);
5385 pmap->pm_stats.wired_count--;
5388 if (pv_lists_locked) {
5390 rw_wunlock(&pvh_global_lock);
5396 * Clear the write and modified bits in each of the given page's mappings.
5399 pmap_remove_write(vm_page_t m)
5401 struct md_page *pvh;
5402 pv_entry_t next_pv, pv;
5405 pt2_entry_t *pte2p, opte2;
5408 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5409 ("%s: page %p is not managed", __func__, m));
5412 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
5413 * set by another thread while the object is locked. Thus,
5414 * if PGA_WRITEABLE is clear, no page table entries need updating.
5416 VM_OBJECT_ASSERT_WLOCKED(m->object);
5417 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
5419 rw_wlock(&pvh_global_lock);
5421 if ((m->flags & PG_FICTITIOUS) != 0)
5422 goto small_mappings;
5423 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
5424 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5428 pte1p = pmap_pte1(pmap, va);
5429 if (!(pte1_load(pte1p) & PTE1_RO))
5430 (void)pmap_demote_pte1(pmap, pte1p, va);
5434 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5437 pte1p = pmap_pte1(pmap, pv->pv_va);
5438 KASSERT(!pte1_is_section(pte1_load(pte1p)), ("%s: found"
5439 " a section in page %p's pv list", __func__, m));
5440 pte2p = pmap_pte2_quick(pmap, pv->pv_va);
5441 opte2 = pte2_load(pte2p);
5442 if (!(opte2 & PTE2_RO)) {
5443 pte2_store(pte2p, opte2 | PTE2_RO | PTE2_NM);
5444 if (pte2_is_dirty(opte2))
5446 pmap_tlb_flush(pmap, pv->pv_va);
5450 vm_page_aflag_clear(m, PGA_WRITEABLE);
5452 rw_wunlock(&pvh_global_lock);
5456 * Apply the given advice to the specified range of addresses within the
5457 * given pmap. Depending on the advice, clear the referenced and/or
5458 * modified flags in each mapping and set the mapped page's dirty field.
5461 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
5463 pt1_entry_t *pte1p, opte1;
5464 pt2_entry_t *pte2p, pte2;
5467 boolean_t pv_lists_locked;
5469 if (advice != MADV_DONTNEED && advice != MADV_FREE)
5471 if (pmap_is_current(pmap))
5472 pv_lists_locked = FALSE;
5474 pv_lists_locked = TRUE;
5476 rw_wlock(&pvh_global_lock);
5480 for (; sva < eva; sva = pdnxt) {
5481 pdnxt = pte1_trunc(sva + PTE1_SIZE);
5484 pte1p = pmap_pte1(pmap, sva);
5485 opte1 = pte1_load(pte1p);
5486 if (!pte1_is_valid(opte1)) /* XXX */
5488 else if (pte1_is_section(opte1)) {
5489 if (!pte1_is_managed(opte1))
5491 if (!pv_lists_locked) {
5492 pv_lists_locked = TRUE;
5493 if (!rw_try_wlock(&pvh_global_lock)) {
5499 if (!pmap_demote_pte1(pmap, pte1p, sva)) {
5501 * The large page mapping was destroyed.
5507 * Unless the page mappings are wired, remove the
5508 * mapping to a single page so that a subsequent
5509 * access may repromote. Since the underlying L2 page
5510 * table is fully populated, this removal never
5511 * frees a L2 page table page.
5513 if (!pte1_is_wired(opte1)) {
5514 pte2p = pmap_pte2_quick(pmap, sva);
5515 KASSERT(pte2_is_valid(pte2_load(pte2p)),
5516 ("%s: invalid PTE2", __func__));
5517 pmap_remove_pte2(pmap, pte2p, sva, NULL);
5522 for (pte2p = pmap_pte2_quick(pmap, sva); sva != pdnxt; pte2p++,
5524 pte2 = pte2_load(pte2p);
5525 if (!pte2_is_valid(pte2) || !pte2_is_managed(pte2))
5527 else if (pte2_is_dirty(pte2)) {
5528 if (advice == MADV_DONTNEED) {
5530 * Future calls to pmap_is_modified()
5531 * can be avoided by making the page
5534 m = PHYS_TO_VM_PAGE(pte2_pa(pte2));
5537 pte2_set_bit(pte2p, PTE2_NM);
5538 pte2_clear_bit(pte2p, PTE2_A);
5539 } else if ((pte2 & PTE2_A) != 0)
5540 pte2_clear_bit(pte2p, PTE2_A);
5543 pmap_tlb_flush(pmap, sva);
5546 if (pv_lists_locked) {
5548 rw_wunlock(&pvh_global_lock);
5554 * Clear the modify bits on the specified physical page.
5557 pmap_clear_modify(vm_page_t m)
5559 struct md_page *pvh;
5560 pv_entry_t next_pv, pv;
5562 pt1_entry_t *pte1p, opte1;
5563 pt2_entry_t *pte2p, opte2;
5566 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5567 ("%s: page %p is not managed", __func__, m));
5568 VM_OBJECT_ASSERT_WLOCKED(m->object);
5569 KASSERT(!vm_page_xbusied(m),
5570 ("%s: page %p is exclusive busy", __func__, m));
5573 * If the page is not PGA_WRITEABLE, then no PTE2s can have PTE2_NM
5574 * cleared. If the object containing the page is locked and the page
5575 * is not exclusive busied, then PGA_WRITEABLE cannot be concurrently
5578 if ((m->flags & PGA_WRITEABLE) == 0)
5580 rw_wlock(&pvh_global_lock);
5582 if ((m->flags & PG_FICTITIOUS) != 0)
5583 goto small_mappings;
5584 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
5585 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5589 pte1p = pmap_pte1(pmap, va);
5590 opte1 = pte1_load(pte1p);
5591 if (!(opte1 & PTE1_RO)) {
5592 if (pmap_demote_pte1(pmap, pte1p, va) &&
5593 !pte1_is_wired(opte1)) {
5595 * Write protect the mapping to a
5596 * single page so that a subsequent
5597 * write access may repromote.
5599 va += VM_PAGE_TO_PHYS(m) - pte1_pa(opte1);
5600 pte2p = pmap_pte2_quick(pmap, va);
5601 opte2 = pte2_load(pte2p);
5602 if ((opte2 & PTE2_V)) {
5603 pte2_set_bit(pte2p, PTE2_NM | PTE2_RO);
5605 pmap_tlb_flush(pmap, va);
5612 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5615 pte1p = pmap_pte1(pmap, pv->pv_va);
5616 KASSERT(!pte1_is_section(pte1_load(pte1p)), ("%s: found"
5617 " a section in page %p's pv list", __func__, m));
5618 pte2p = pmap_pte2_quick(pmap, pv->pv_va);
5619 if (pte2_is_dirty(pte2_load(pte2p))) {
5620 pte2_set_bit(pte2p, PTE2_NM);
5621 pmap_tlb_flush(pmap, pv->pv_va);
5626 rw_wunlock(&pvh_global_lock);
5631 * Sets the memory attribute for the specified page.
5634 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5636 struct sysmaps *sysmaps;
5640 oma = m->md.pat_mode;
5641 m->md.pat_mode = ma;
5643 CTR5(KTR_PMAP, "%s: page %p - 0x%08X oma: %d, ma: %d", __func__, m,
5644 VM_PAGE_TO_PHYS(m), oma, ma);
5645 if ((m->flags & PG_FICTITIOUS) != 0)
5649 * If "m" is a normal page, flush it from the cache.
5651 * First, try to find an existing mapping of the page by sf
5652 * buffer. sf_buf_invalidate_cache() modifies mapping and
5653 * flushes the cache.
5655 if (sf_buf_invalidate_cache(m, oma))
5659 * If page is not mapped by sf buffer, map the page
5660 * transient and do invalidation.
5663 pa = VM_PAGE_TO_PHYS(m);
5665 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5666 mtx_lock(&sysmaps->lock);
5667 if (*sysmaps->CMAP2)
5668 panic("%s: CMAP2 busy", __func__);
5669 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(pa, PTE2_AP_KRW,
5670 vm_memattr_to_pte2(ma)));
5671 dcache_wbinv_poc((vm_offset_t)sysmaps->CADDR2, pa, PAGE_SIZE);
5672 pte2_clear(sysmaps->CMAP2);
5673 tlb_flush((vm_offset_t)sysmaps->CADDR2);
5675 mtx_unlock(&sysmaps->lock);
5680 * Miscellaneous support routines follow
5684 * Returns TRUE if the given page is mapped individually or as part of
5685 * a 1mpage. Otherwise, returns FALSE.
5688 pmap_page_is_mapped(vm_page_t m)
5692 if ((m->oflags & VPO_UNMANAGED) != 0)
5694 rw_wlock(&pvh_global_lock);
5695 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
5696 ((m->flags & PG_FICTITIOUS) == 0 &&
5697 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
5698 rw_wunlock(&pvh_global_lock);
5703 * Returns true if the pmap's pv is one of the first
5704 * 16 pvs linked to from this page. This count may
5705 * be changed upwards or downwards in the future; it
5706 * is only necessary that true be returned for a small
5707 * subset of pmaps for proper page aging.
5710 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
5712 struct md_page *pvh;
5717 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5718 ("%s: page %p is not managed", __func__, m));
5720 rw_wlock(&pvh_global_lock);
5721 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5722 if (PV_PMAP(pv) == pmap) {
5730 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
5731 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
5732 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5733 if (PV_PMAP(pv) == pmap) {
5742 rw_wunlock(&pvh_global_lock);
5747 * pmap_zero_page zeros the specified hardware page by mapping
5748 * the page into KVM and using bzero to clear its contents.
5751 pmap_zero_page(vm_page_t m)
5753 struct sysmaps *sysmaps;
5756 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5757 mtx_lock(&sysmaps->lock);
5758 if (pte2_load(sysmaps->CMAP2) != 0)
5759 panic("%s: CMAP2 busy", __func__);
5760 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(VM_PAGE_TO_PHYS(m), PTE2_AP_KRW,
5761 vm_page_pte2_attr(m)));
5762 pagezero(sysmaps->CADDR2);
5763 pte2_clear(sysmaps->CMAP2);
5764 tlb_flush((vm_offset_t)sysmaps->CADDR2);
5766 mtx_unlock(&sysmaps->lock);
5770 * pmap_zero_page_area zeros the specified hardware page by mapping
5771 * the page into KVM and using bzero to clear its contents.
5773 * off and size may not cover an area beyond a single hardware page.
5776 pmap_zero_page_area(vm_page_t m, int off, int size)
5778 struct sysmaps *sysmaps;
5781 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5782 mtx_lock(&sysmaps->lock);
5783 if (pte2_load(sysmaps->CMAP2) != 0)
5784 panic("%s: CMAP2 busy", __func__);
5785 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(VM_PAGE_TO_PHYS(m), PTE2_AP_KRW,
5786 vm_page_pte2_attr(m)));
5787 if (off == 0 && size == PAGE_SIZE)
5788 pagezero(sysmaps->CADDR2);
5790 bzero(sysmaps->CADDR2 + off, size);
5791 pte2_clear(sysmaps->CMAP2);
5792 tlb_flush((vm_offset_t)sysmaps->CADDR2);
5794 mtx_unlock(&sysmaps->lock);
5798 * pmap_copy_page copies the specified (machine independent)
5799 * page by mapping the page into virtual memory and using
5800 * bcopy to copy the page, one machine dependent page at a
5804 pmap_copy_page(vm_page_t src, vm_page_t dst)
5806 struct sysmaps *sysmaps;
5809 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5810 mtx_lock(&sysmaps->lock);
5811 if (pte2_load(sysmaps->CMAP1) != 0)
5812 panic("%s: CMAP1 busy", __func__);
5813 if (pte2_load(sysmaps->CMAP2) != 0)
5814 panic("%s: CMAP2 busy", __func__);
5815 pte2_store(sysmaps->CMAP1, PTE2_KERN_NG(VM_PAGE_TO_PHYS(src),
5816 PTE2_AP_KR | PTE2_NM, vm_page_pte2_attr(src)));
5817 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(VM_PAGE_TO_PHYS(dst),
5818 PTE2_AP_KRW, vm_page_pte2_attr(dst)));
5819 bcopy(sysmaps->CADDR1, sysmaps->CADDR2, PAGE_SIZE);
5820 pte2_clear(sysmaps->CMAP1);
5821 tlb_flush((vm_offset_t)sysmaps->CADDR1);
5822 pte2_clear(sysmaps->CMAP2);
5823 tlb_flush((vm_offset_t)sysmaps->CADDR2);
5825 mtx_unlock(&sysmaps->lock);
5828 int unmapped_buf_allowed = 1;
5831 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
5832 vm_offset_t b_offset, int xfersize)
5834 struct sysmaps *sysmaps;
5835 vm_page_t a_pg, b_pg;
5837 vm_offset_t a_pg_offset, b_pg_offset;
5841 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5842 mtx_lock(&sysmaps->lock);
5843 if (*sysmaps->CMAP1 != 0)
5844 panic("pmap_copy_pages: CMAP1 busy");
5845 if (*sysmaps->CMAP2 != 0)
5846 panic("pmap_copy_pages: CMAP2 busy");
5847 while (xfersize > 0) {
5848 a_pg = ma[a_offset >> PAGE_SHIFT];
5849 a_pg_offset = a_offset & PAGE_MASK;
5850 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
5851 b_pg = mb[b_offset >> PAGE_SHIFT];
5852 b_pg_offset = b_offset & PAGE_MASK;
5853 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
5854 pte2_store(sysmaps->CMAP1, PTE2_KERN_NG(VM_PAGE_TO_PHYS(a_pg),
5855 PTE2_AP_KR | PTE2_NM, vm_page_pte2_attr(a_pg)));
5856 tlb_flush_local((vm_offset_t)sysmaps->CADDR1);
5857 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(VM_PAGE_TO_PHYS(b_pg),
5858 PTE2_AP_KRW, vm_page_pte2_attr(b_pg)));
5859 tlb_flush_local((vm_offset_t)sysmaps->CADDR2);
5860 a_cp = sysmaps->CADDR1 + a_pg_offset;
5861 b_cp = sysmaps->CADDR2 + b_pg_offset;
5862 bcopy(a_cp, b_cp, cnt);
5867 pte2_clear(sysmaps->CMAP1);
5868 tlb_flush((vm_offset_t)sysmaps->CADDR1);
5869 pte2_clear(sysmaps->CMAP2);
5870 tlb_flush((vm_offset_t)sysmaps->CADDR2);
5872 mtx_unlock(&sysmaps->lock);
5876 pmap_quick_enter_page(vm_page_t m)
5879 vm_offset_t qmap_addr;
5882 qmap_addr = PCPU_GET(qmap_addr);
5883 pte2p = pt2map_entry(qmap_addr);
5885 KASSERT(pte2_load(pte2p) == 0, ("%s: PTE2 busy", __func__));
5887 pte2_store(pte2p, PTE2_KERN_NG(VM_PAGE_TO_PHYS(m), PTE2_AP_KRW,
5888 vm_page_pte2_attr(m)));
5893 pmap_quick_remove_page(vm_offset_t addr)
5896 vm_offset_t qmap_addr;
5898 qmap_addr = PCPU_GET(qmap_addr);
5899 pte2p = pt2map_entry(qmap_addr);
5901 KASSERT(addr == qmap_addr, ("%s: invalid address", __func__));
5902 KASSERT(pte2_load(pte2p) != 0, ("%s: PTE2 not in use", __func__));
5905 tlb_flush(qmap_addr);
5910 * Copy the range specified by src_addr/len
5911 * from the source map to the range dst_addr/len
5912 * in the destination map.
5914 * This routine is only advisory and need not do anything.
5917 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
5918 vm_offset_t src_addr)
5920 struct spglist free;
5922 vm_offset_t end_addr = src_addr + len;
5925 if (dst_addr != src_addr)
5928 if (!pmap_is_current(src_pmap))
5931 rw_wlock(&pvh_global_lock);
5932 if (dst_pmap < src_pmap) {
5933 PMAP_LOCK(dst_pmap);
5934 PMAP_LOCK(src_pmap);
5936 PMAP_LOCK(src_pmap);
5937 PMAP_LOCK(dst_pmap);
5940 for (addr = src_addr; addr < end_addr; addr = nextva) {
5941 pt2_entry_t *src_pte2p, *dst_pte2p;
5942 vm_page_t dst_mpt2pg, src_mpt2pg;
5943 pt1_entry_t src_pte1;
5946 KASSERT(addr < VM_MAXUSER_ADDRESS,
5947 ("%s: invalid to pmap_copy page tables", __func__));
5949 nextva = pte1_trunc(addr + PTE1_SIZE);
5953 pte1_idx = pte1_index(addr);
5954 src_pte1 = src_pmap->pm_pt1[pte1_idx];
5955 if (pte1_is_section(src_pte1)) {
5956 if ((addr & PTE1_OFFSET) != 0 ||
5957 (addr + PTE1_SIZE) > end_addr)
5959 if (dst_pmap->pm_pt1[pte1_idx] == 0 &&
5960 (!pte1_is_managed(src_pte1) ||
5961 pmap_pv_insert_pte1(dst_pmap, addr,
5962 pte1_pa(src_pte1)))) {
5963 dst_pmap->pm_pt1[pte1_idx] = src_pte1 &
5965 dst_pmap->pm_stats.resident_count +=
5966 PTE1_SIZE / PAGE_SIZE;
5967 pmap_pte1_mappings++;
5970 } else if (!pte1_is_link(src_pte1))
5973 src_mpt2pg = PHYS_TO_VM_PAGE(pte1_link_pa(src_pte1));
5976 * We leave PT2s to be linked from PT1 even if they are not
5977 * referenced until all PT2s in a page are without reference.
5979 * QQQ: It could be changed ...
5981 #if 0 /* single_pt2_link_is_cleared */
5982 KASSERT(pt2_wirecount_get(src_mpt2pg, pte1_idx) > 0,
5983 ("%s: source page table page is unused", __func__));
5985 if (pt2_wirecount_get(src_mpt2pg, pte1_idx) == 0)
5988 if (nextva > end_addr)
5991 src_pte2p = pt2map_entry(addr);
5992 while (addr < nextva) {
5993 pt2_entry_t temp_pte2;
5994 temp_pte2 = pte2_load(src_pte2p);
5996 * we only virtual copy managed pages
5998 if (pte2_is_managed(temp_pte2)) {
5999 dst_mpt2pg = pmap_allocpte2(dst_pmap, addr,
6000 PMAP_ENTER_NOSLEEP);
6001 if (dst_mpt2pg == NULL)
6003 dst_pte2p = pmap_pte2_quick(dst_pmap, addr);
6004 if (!pte2_is_valid(pte2_load(dst_pte2p)) &&
6005 pmap_try_insert_pv_entry(dst_pmap, addr,
6006 PHYS_TO_VM_PAGE(pte2_pa(temp_pte2)))) {
6008 * Clear the wired, modified, and
6009 * accessed (referenced) bits
6012 temp_pte2 &= ~(PTE2_W | PTE2_A);
6013 temp_pte2 |= PTE2_NM;
6014 pte2_store(dst_pte2p, temp_pte2);
6015 dst_pmap->pm_stats.resident_count++;
6018 if (pmap_unwire_pt2(dst_pmap, addr,
6019 dst_mpt2pg, &free)) {
6020 pmap_tlb_flush(dst_pmap, addr);
6021 pmap_free_zero_pages(&free);
6025 if (pt2_wirecount_get(dst_mpt2pg, pte1_idx) >=
6026 pt2_wirecount_get(src_mpt2pg, pte1_idx))
6035 rw_wunlock(&pvh_global_lock);
6036 PMAP_UNLOCK(src_pmap);
6037 PMAP_UNLOCK(dst_pmap);
6041 * Increase the starting virtual address of the given mapping if a
6042 * different alignment might result in more section mappings.
6045 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
6046 vm_offset_t *addr, vm_size_t size)
6048 vm_offset_t pte1_offset;
6050 if (size < PTE1_SIZE)
6052 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
6053 offset += ptoa(object->pg_color);
6054 pte1_offset = offset & PTE1_OFFSET;
6055 if (size - ((PTE1_SIZE - pte1_offset) & PTE1_OFFSET) < PTE1_SIZE ||
6056 (*addr & PTE1_OFFSET) == pte1_offset)
6058 if ((*addr & PTE1_OFFSET) < pte1_offset)
6059 *addr = pte1_trunc(*addr) + pte1_offset;
6061 *addr = pte1_roundup(*addr) + pte1_offset;
6065 pmap_activate(struct thread *td)
6067 pmap_t pmap, oldpmap;
6070 PDEBUG(9, printf("%s: td = %08x\n", __func__, (uint32_t)td));
6073 pmap = vmspace_pmap(td->td_proc->p_vmspace);
6074 oldpmap = PCPU_GET(curpmap);
6075 cpuid = PCPU_GET(cpuid);
6078 CPU_CLR_ATOMIC(cpuid, &oldpmap->pm_active);
6079 CPU_SET_ATOMIC(cpuid, &pmap->pm_active);
6081 CPU_CLR(cpuid, &oldpmap->pm_active);
6082 CPU_SET(cpuid, &pmap->pm_active);
6085 ttb = pmap_ttb_get(pmap);
6088 * pmap_activate is for the current thread on the current cpu
6090 td->td_pcb->pcb_pagedir = ttb;
6092 PCPU_SET(curpmap, pmap);
6097 * Perform the pmap work for mincore.
6100 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
6102 pt1_entry_t *pte1p, pte1;
6103 pt2_entry_t *pte2p, pte2;
6110 pte1p = pmap_pte1(pmap, addr);
6111 pte1 = pte1_load(pte1p);
6112 if (pte1_is_section(pte1)) {
6113 pa = trunc_page(pte1_pa(pte1) | (addr & PTE1_OFFSET));
6114 managed = pte1_is_managed(pte1);
6115 val = MINCORE_SUPER | MINCORE_INCORE;
6116 if (pte1_is_dirty(pte1))
6117 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
6119 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
6120 } else if (pte1_is_link(pte1)) {
6121 pte2p = pmap_pte2(pmap, addr);
6122 pte2 = pte2_load(pte2p);
6123 pmap_pte2_release(pte2p);
6125 managed = pte2_is_managed(pte2);
6126 val = MINCORE_INCORE;
6127 if (pte2_is_dirty(pte2))
6128 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
6130 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
6135 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
6136 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
6137 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
6138 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
6141 PA_UNLOCK_COND(*locked_pa);
6147 pmap_kenter_device(vm_offset_t va, vm_size_t size, vm_paddr_t pa)
6152 KASSERT((size & PAGE_MASK) == 0,
6153 ("%s: device mapping not page-sized", __func__));
6156 l2attr = vm_memattr_to_pte2(VM_MEMATTR_DEVICE);
6158 pmap_kenter_prot_attr(va, pa, PTE2_AP_KRW, l2attr);
6163 tlb_flush_range(sva, va - sva);
6167 pmap_kremove_device(vm_offset_t va, vm_size_t size)
6171 KASSERT((size & PAGE_MASK) == 0,
6172 ("%s: device mapping not page-sized", __func__));
6180 tlb_flush_range(sva, va - sva);
6184 pmap_set_pcb_pagedir(pmap_t pmap, struct pcb *pcb)
6187 pcb->pcb_pagedir = pmap_ttb_get(pmap);
6192 * Clean L1 data cache range by physical address.
6193 * The range must be within a single page.
6196 pmap_dcache_wb_pou(vm_paddr_t pa, vm_size_t size, uint32_t attr)
6198 struct sysmaps *sysmaps;
6200 KASSERT(((pa & PAGE_MASK) + size) <= PAGE_SIZE,
6201 ("%s: not on single page", __func__));
6204 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
6205 mtx_lock(&sysmaps->lock);
6206 if (*sysmaps->CMAP3)
6207 panic("%s: CMAP3 busy", __func__);
6208 pte2_store(sysmaps->CMAP3, PTE2_KERN_NG(pa, PTE2_AP_KRW, attr));
6209 dcache_wb_pou((vm_offset_t)sysmaps->CADDR3 + (pa & PAGE_MASK), size);
6210 pte2_clear(sysmaps->CMAP3);
6211 tlb_flush((vm_offset_t)sysmaps->CADDR3);
6213 mtx_unlock(&sysmaps->lock);
6217 * Sync instruction cache range which is not mapped yet.
6220 cache_icache_sync_fresh(vm_offset_t va, vm_paddr_t pa, vm_size_t size)
6222 uint32_t len, offset;
6225 /* Write back d-cache on given address range. */
6226 offset = pa & PAGE_MASK;
6227 for ( ; size != 0; size -= len, pa += len, offset = 0) {
6228 len = min(PAGE_SIZE - offset, size);
6229 m = PHYS_TO_VM_PAGE(pa);
6230 KASSERT(m != NULL, ("%s: vm_page_t is null for %#x",
6232 pmap_dcache_wb_pou(pa, len, vm_page_pte2_attr(m));
6235 * I-cache is VIPT. Only way how to flush all virtual mappings
6236 * on given physical address is to invalidate all i-cache.
6242 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t size)
6245 /* Write back d-cache on given address range. */
6246 if (va >= VM_MIN_KERNEL_ADDRESS) {
6247 dcache_wb_pou(va, size);
6249 uint32_t len, offset;
6253 offset = va & PAGE_MASK;
6254 for ( ; size != 0; size -= len, va += len, offset = 0) {
6255 pa = pmap_extract(pmap, va); /* offset is preserved */
6256 len = min(PAGE_SIZE - offset, size);
6257 m = PHYS_TO_VM_PAGE(pa);
6258 KASSERT(m != NULL, ("%s: vm_page_t is null for %#x",
6260 pmap_dcache_wb_pou(pa, len, vm_page_pte2_attr(m));
6264 * I-cache is VIPT. Only way how to flush all virtual mappings
6265 * on given physical address is to invalidate all i-cache.
6271 * The implementation of pmap_fault() uses IN_RANGE2() macro which
6272 * depends on the fact that given range size is a power of 2.
6274 CTASSERT(powerof2(NB_IN_PT1));
6275 CTASSERT(powerof2(PT2MAP_SIZE));
6277 #define IN_RANGE2(addr, start, size) \
6278 ((vm_offset_t)(start) == ((vm_offset_t)(addr) & ~((size) - 1)))
6281 * Handle access and R/W emulation faults.
6284 pmap_fault(pmap_t pmap, vm_offset_t far, uint32_t fsr, int idx, bool usermode)
6286 pt1_entry_t *pte1p, pte1;
6287 pt2_entry_t *pte2p, pte2;
6293 * In kernel, we should never get abort with FAR which is in range of
6294 * pmap->pm_pt1 or PT2MAP address spaces. If it happens, stop here
6295 * and print out a useful abort message and even get to the debugger
6296 * otherwise it likely ends with never ending loop of aborts.
6298 if (__predict_false(IN_RANGE2(far, pmap->pm_pt1, NB_IN_PT1))) {
6300 * All L1 tables should always be mapped and present.
6301 * However, we check only current one herein. For user mode,
6302 * only permission abort from malicious user is not fatal.
6303 * And alignment abort as it may have higher priority.
6305 if (!usermode || (idx != FAULT_ALIGN && idx != FAULT_PERM_L2)) {
6306 CTR4(KTR_PMAP, "%s: pmap %#x pm_pt1 %#x far %#x",
6307 __func__, pmap, pmap->pm_pt1, far);
6308 panic("%s: pm_pt1 abort", __func__);
6310 return (KERN_INVALID_ADDRESS);
6312 if (__predict_false(IN_RANGE2(far, PT2MAP, PT2MAP_SIZE))) {
6314 * PT2MAP should be always mapped and present in current
6315 * L1 table. However, only existing L2 tables are mapped
6316 * in PT2MAP. For user mode, only L2 translation abort and
6317 * permission abort from malicious user is not fatal.
6318 * And alignment abort as it may have higher priority.
6320 if (!usermode || (idx != FAULT_ALIGN &&
6321 idx != FAULT_TRAN_L2 && idx != FAULT_PERM_L2)) {
6322 CTR4(KTR_PMAP, "%s: pmap %#x PT2MAP %#x far %#x",
6323 __func__, pmap, PT2MAP, far);
6324 panic("%s: PT2MAP abort", __func__);
6326 return (KERN_INVALID_ADDRESS);
6330 * A pmap lock is used below for handling of access and R/W emulation
6331 * aborts. They were handled by atomic operations before so some
6332 * analysis of new situation is needed to answer the following question:
6333 * Is it safe to use the lock even for these aborts?
6335 * There may happen two cases in general:
6337 * (1) Aborts while the pmap lock is locked already - this should not
6338 * happen as pmap lock is not recursive. However, under pmap lock only
6339 * internal kernel data should be accessed and such data should be
6340 * mapped with A bit set and NM bit cleared. If double abort happens,
6341 * then a mapping of data which has caused it must be fixed. Further,
6342 * all new mappings are always made with A bit set and the bit can be
6343 * cleared only on managed mappings.
6345 * (2) Aborts while another lock(s) is/are locked - this already can
6346 * happen. However, there is no difference here if it's either access or
6347 * R/W emulation abort, or if it's some other abort.
6353 * Special treatment is due to break-before-make approach done when
6354 * pte1 is updated for userland mapping during section promotion or
6355 * demotion. If not caught here, pmap_enter() can find a section
6356 * mapping on faulting address. That is not allowed.
6358 if (idx == FAULT_TRAN_L1 && usermode && cp15_ats1cur_check(far) == 0) {
6360 return (KERN_SUCCESS);
6364 * Accesss bits for page and section. Note that the entry
6365 * is not in TLB yet, so TLB flush is not necessary.
6367 * QQQ: This is hardware emulation, we do not call userret()
6368 * for aborts from user mode.
6370 if (idx == FAULT_ACCESS_L2) {
6371 pte2p = pt2map_entry(far);
6372 pte2 = pte2_load(pte2p);
6373 if (pte2_is_valid(pte2)) {
6374 pte2_store(pte2p, pte2 | PTE2_A);
6376 return (KERN_SUCCESS);
6379 if (idx == FAULT_ACCESS_L1) {
6380 pte1p = pmap_pte1(pmap, far);
6381 pte1 = pte1_load(pte1p);
6382 if (pte1_is_section(pte1)) {
6383 pte1_store(pte1p, pte1 | PTE1_A);
6385 return (KERN_SUCCESS);
6390 * Handle modify bits for page and section. Note that the modify
6391 * bit is emulated by software. So PTEx_RO is software read only
6392 * bit and PTEx_NM flag is real hardware read only bit.
6394 * QQQ: This is hardware emulation, we do not call userret()
6395 * for aborts from user mode.
6397 if ((fsr & FSR_WNR) && (idx == FAULT_PERM_L2)) {
6398 pte2p = pt2map_entry(far);
6399 pte2 = pte2_load(pte2p);
6400 if (pte2_is_valid(pte2) && !(pte2 & PTE2_RO) &&
6402 pte2_store(pte2p, pte2 & ~PTE2_NM);
6403 tlb_flush(trunc_page(far));
6405 return (KERN_SUCCESS);
6408 if ((fsr & FSR_WNR) && (idx == FAULT_PERM_L1)) {
6409 pte1p = pmap_pte1(pmap, far);
6410 pte1 = pte1_load(pte1p);
6411 if (pte1_is_section(pte1) && !(pte1 & PTE1_RO) &&
6413 pte1_store(pte1p, pte1 & ~PTE1_NM);
6414 tlb_flush(pte1_trunc(far));
6416 return (KERN_SUCCESS);
6421 * QQQ: The previous code, mainly fast handling of access and
6422 * modify bits aborts, could be moved to ASM. Now we are
6423 * starting to deal with not fast aborts.
6428 * Read an entry in PT2TAB associated with both pmap and far.
6429 * It's safe because PT2TAB is always mapped.
6431 pte2 = pt2tab_load(pmap_pt2tab_entry(pmap, far));
6432 if (pte2_is_valid(pte2)) {
6434 * Now, when we know that L2 page table is allocated,
6435 * we can use PT2MAP to get L2 page table entry.
6437 pte2 = pte2_load(pt2map_entry(far));
6438 if (pte2_is_valid(pte2)) {
6440 * If L2 page table entry is valid, make sure that
6441 * L1 page table entry is valid too. Note that we
6442 * leave L2 page entries untouched when promoted.
6444 pte1 = pte1_load(pmap_pte1(pmap, far));
6445 if (!pte1_is_valid(pte1)) {
6446 panic("%s: missing L1 page entry (%p, %#x)",
6447 __func__, pmap, far);
6453 return (KERN_FAILURE);
6456 #if defined(PMAP_DEBUG)
6458 * Reusing of KVA used in pmap_zero_page function !!!
6461 pmap_zero_page_check(vm_page_t m)
6464 struct sysmaps *sysmaps;
6467 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
6468 mtx_lock(&sysmaps->lock);
6469 if (pte2_load(sysmaps->CMAP2) != 0)
6470 panic("%s: CMAP2 busy", __func__);
6471 pte2_store(sysmaps->CMAP2, PTE2_KERN_NG(VM_PAGE_TO_PHYS(m), PTE2_AP_KRW,
6472 vm_page_pte2_attr(m)));
6473 end = (uint32_t*)(sysmaps->CADDR2 + PAGE_SIZE);
6474 for (p = (uint32_t*)sysmaps->CADDR2; p < end; p++)
6476 panic("%s: page %p not zero, va: %p", __func__, m,
6478 pte2_clear(sysmaps->CMAP2);
6479 tlb_flush((vm_offset_t)sysmaps->CADDR2);
6481 mtx_unlock(&sysmaps->lock);
6485 pmap_pid_dump(int pid)
6492 sx_slock(&allproc_lock);
6493 FOREACH_PROC_IN_SYSTEM(p) {
6494 if (p->p_pid != pid || p->p_vmspace == NULL)
6497 pmap = vmspace_pmap(p->p_vmspace);
6498 for (i = 0; i < NPTE1_IN_PT1; i++) {
6500 pt2_entry_t *pte2p, pte2;
6501 vm_offset_t base, va;
6505 base = i << PTE1_SHIFT;
6506 pte1 = pte1_load(&pmap->pm_pt1[i]);
6508 if (pte1_is_section(pte1)) {
6510 * QQQ: Do something here!
6512 } else if (pte1_is_link(pte1)) {
6513 for (j = 0; j < NPTE2_IN_PT2; j++) {
6514 va = base + (j << PAGE_SHIFT);
6515 if (va >= VM_MIN_KERNEL_ADDRESS) {
6520 sx_sunlock(&allproc_lock);
6523 pte2p = pmap_pte2(pmap, va);
6524 pte2 = pte2_load(pte2p);
6525 pmap_pte2_release(pte2p);
6526 if (!pte2_is_valid(pte2))
6530 m = PHYS_TO_VM_PAGE(pa);
6531 printf("va: 0x%x, pa: 0x%x, h: %d, w:"
6532 " %d, f: 0x%x", va, pa,
6533 m->hold_count, m->wire_count,
6547 sx_sunlock(&allproc_lock);
6554 static pt2_entry_t *
6555 pmap_pte2_ddb(pmap_t pmap, vm_offset_t va)
6558 vm_paddr_t pt2pg_pa;
6560 pte1 = pte1_load(pmap_pte1(pmap, va));
6561 if (!pte1_is_link(pte1))
6564 if (pmap_is_current(pmap))
6565 return (pt2map_entry(va));
6567 /* Note that L2 page table size is not equal to PAGE_SIZE. */
6568 pt2pg_pa = trunc_page(pte1_link_pa(pte1));
6569 if (pte2_pa(pte2_load(PMAP3)) != pt2pg_pa) {
6570 pte2_store(PMAP3, PTE2_KPT(pt2pg_pa));
6572 PMAP3cpu = PCPU_GET(cpuid);
6574 tlb_flush_local((vm_offset_t)PADDR3);
6577 else if (PMAP3cpu != PCPU_GET(cpuid)) {
6578 PMAP3cpu = PCPU_GET(cpuid);
6579 tlb_flush_local((vm_offset_t)PADDR3);
6582 return (PADDR3 + (arm32_btop(va) & (NPTE2_IN_PG - 1)));
6586 dump_pmap(pmap_t pmap)
6589 printf("pmap %p\n", pmap);
6590 printf(" pm_pt1: %p\n", pmap->pm_pt1);
6591 printf(" pm_pt2tab: %p\n", pmap->pm_pt2tab);
6592 printf(" pm_active: 0x%08lX\n", pmap->pm_active.__bits[0]);
6595 DB_SHOW_COMMAND(pmaps, pmap_list_pmaps)
6599 LIST_FOREACH(pmap, &allpmaps, pm_list) {
6605 pte2_class(pt2_entry_t pte2)
6609 cls = (pte2 >> 2) & 0x03;
6610 cls |= (pte2 >> 4) & 0x04;
6615 dump_section(pmap_t pmap, uint32_t pte1_idx)
6620 dump_link(pmap_t pmap, uint32_t pte1_idx, boolean_t invalid_ok)
6624 pt2_entry_t *pte2p, pte2;
6627 va = pte1_idx << PTE1_SHIFT;
6628 pte2p = pmap_pte2_ddb(pmap, va);
6629 for (i = 0; i < NPTE2_IN_PT2; i++, pte2p++, va += PAGE_SIZE) {
6630 pte2 = pte2_load(pte2p);
6633 if (!pte2_is_valid(pte2)) {
6634 printf(" 0x%08X: 0x%08X", va, pte2);
6636 printf(" - not valid !!!");
6640 m = PHYS_TO_VM_PAGE(pte2_pa(pte2));
6641 printf(" 0x%08X: 0x%08X, TEX%d, s:%d, g:%d, m:%p", va , pte2,
6642 pte2_class(pte2), !!(pte2 & PTE2_S), !(pte2 & PTE2_NG), m);
6644 printf(" v:%d h:%d w:%d f:0x%04X\n", m->valid,
6645 m->hold_count, m->wire_count, m->flags);
6652 static __inline boolean_t
6653 is_pv_chunk_space(vm_offset_t va)
6656 if ((((vm_offset_t)pv_chunkbase) <= va) &&
6657 (va < ((vm_offset_t)pv_chunkbase + PAGE_SIZE * pv_maxchunks)))
6662 DB_SHOW_COMMAND(pmap, pmap_pmap_print)
6664 /* XXX convert args. */
6665 pmap_t pmap = (pmap_t)addr;
6668 vm_offset_t va, eva;
6671 boolean_t invalid_ok, dump_link_ok, dump_pv_chunk;
6676 LIST_FOREACH(pm, &allpmaps, pm_list)
6677 if (pm == pmap) break;
6679 printf("given pmap %p is not in allpmaps list\n", pmap);
6683 pmap = PCPU_GET(curpmap);
6685 eva = (modif[0] == 'u') ? VM_MAXUSER_ADDRESS : 0xFFFFFFFF;
6686 dump_pv_chunk = FALSE; /* XXX evaluate from modif[] */
6688 printf("pmap: 0x%08X\n", (uint32_t)pmap);
6689 printf("PT2MAP: 0x%08X\n", (uint32_t)PT2MAP);
6690 printf("pt2tab: 0x%08X\n", (uint32_t)pmap->pm_pt2tab);
6692 for(i = 0; i < NPTE1_IN_PT1; i++) {
6693 pte1 = pte1_load(&pmap->pm_pt1[i]);
6696 va = i << PTE1_SHIFT;
6700 if (pte1_is_section(pte1)) {
6701 printf("0x%08X: Section 0x%08X, s:%d g:%d\n", va, pte1,
6702 !!(pte1 & PTE1_S), !(pte1 & PTE1_NG));
6703 dump_section(pmap, i);
6704 } else if (pte1_is_link(pte1)) {
6705 dump_link_ok = TRUE;
6707 pte2 = pte2_load(pmap_pt2tab_entry(pmap, va));
6708 m = PHYS_TO_VM_PAGE(pte1_link_pa(pte1));
6709 printf("0x%08X: Link 0x%08X, pt2tab: 0x%08X m: %p",
6711 if (is_pv_chunk_space(va)) {
6712 printf(" - pv_chunk space");
6716 dump_link_ok = FALSE;
6719 printf(" w:%d w2:%u", m->wire_count,
6720 pt2_wirecount_get(m, pte1_index(va)));
6722 printf(" !!! pt2tab entry is ZERO");
6723 else if (pte2_pa(pte1) != pte2_pa(pte2))
6724 printf(" !!! pt2tab entry is DIFFERENT - m: %p",
6725 PHYS_TO_VM_PAGE(pte2_pa(pte2)));
6728 dump_link(pmap, i, invalid_ok);
6730 printf("0x%08X: Invalid entry 0x%08X\n", va, pte1);
6735 dump_pt2tab(pmap_t pmap)
6743 printf("PT2TAB:\n");
6744 for (i = 0; i < PT2TAB_ENTRIES; i++) {
6745 pte2 = pte2_load(&pmap->pm_pt2tab[i]);
6746 if (!pte2_is_valid(pte2))
6748 va = i << PT2TAB_SHIFT;
6750 m = PHYS_TO_VM_PAGE(pa);
6751 printf(" 0x%08X: 0x%08X, TEX%d, s:%d, m:%p", va, pte2,
6752 pte2_class(pte2), !!(pte2 & PTE2_S), m);
6754 printf(" , h: %d, w: %d, f: 0x%04X pidx: %lld",
6755 m->hold_count, m->wire_count, m->flags, m->pindex);
6760 DB_SHOW_COMMAND(pmap_pt2tab, pmap_pt2tab_print)
6762 /* XXX convert args. */
6763 pmap_t pmap = (pmap_t)addr;
6770 printf("supported only on current pmap\n");
6774 pmap = PCPU_GET(curpmap);
6775 printf("curpmap: 0x%08X\n", (uint32_t)pmap);
6776 printf("PT2MAP: 0x%08X\n", (uint32_t)PT2MAP);
6777 printf("pt2tab: 0x%08X\n", (uint32_t)pmap->pm_pt2tab);
6779 start = pte1_index((vm_offset_t)PT2MAP);
6780 for (i = start; i < (start + NPT2_IN_PT2TAB); i++) {
6781 pte1 = pte1_load(&pmap->pm_pt1[i]);
6784 va = i << PTE1_SHIFT;
6785 if (pte1_is_section(pte1)) {
6786 printf("0x%08X: Section 0x%08X, s:%d\n", va, pte1,
6788 dump_section(pmap, i);
6789 } else if (pte1_is_link(pte1)) {
6790 pte2 = pte2_load(pmap_pt2tab_entry(pmap, va));
6791 printf("0x%08X: Link 0x%08X, pt2tab: 0x%08X\n", va,
6794 printf(" !!! pt2tab entry is ZERO\n");
6796 printf("0x%08X: Invalid entry 0x%08X\n", va, pte1);
projects / FreeBSD / FreeBSD.git / blob