2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
12 * Copyright (c) 2014 Andrew Turner
13 * All rights reserved.
14 * Copyright (c) 2014-2016 The FreeBSD Foundation
15 * All rights reserved.
17 * This code is derived from software contributed to Berkeley by
18 * the Systems Programming Group of the University of Utah Computer
19 * Science Department and William Jolitz of UUNET Technologies Inc.
21 * This software was developed by Andrew Turner under sponsorship from
22 * the FreeBSD Foundation.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in the
31 * documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 * must display the following acknowledgement:
34 * This product includes software developed by the University of
35 * California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
55 * Copyright (c) 2003 Networks Associates Technology, Inc.
56 * All rights reserved.
58 * This software was developed for the FreeBSD Project by Jake Burkholder,
59 * Safeport Network Services, and Network Associates Laboratories, the
60 * Security Research Division of Network Associates, Inc. under
61 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
62 * CHATS research program.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #include <sys/cdefs.h>
87 __FBSDID("$FreeBSD$");
90 * Manages physical address maps.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
110 #include <sys/param.h>
111 #include <sys/bitstring.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
116 #include <sys/lock.h>
117 #include <sys/malloc.h>
118 #include <sys/mman.h>
119 #include <sys/msgbuf.h>
120 #include <sys/mutex.h>
121 #include <sys/proc.h>
122 #include <sys/rwlock.h>
124 #include <sys/vmem.h>
125 #include <sys/vmmeter.h>
126 #include <sys/sched.h>
127 #include <sys/sysctl.h>
128 #include <sys/_unrhdr.h>
132 #include <vm/vm_param.h>
133 #include <vm/vm_kern.h>
134 #include <vm/vm_page.h>
135 #include <vm/vm_map.h>
136 #include <vm/vm_object.h>
137 #include <vm/vm_extern.h>
138 #include <vm/vm_pageout.h>
139 #include <vm/vm_pager.h>
140 #include <vm/vm_phys.h>
141 #include <vm/vm_radix.h>
142 #include <vm/vm_reserv.h>
145 #include <machine/machdep.h>
146 #include <machine/md_var.h>
147 #include <machine/pcb.h>
149 #include <arm/include/physmem.h>
151 #define NL0PG (PAGE_SIZE/(sizeof (pd_entry_t)))
152 #define NL1PG (PAGE_SIZE/(sizeof (pd_entry_t)))
153 #define NL2PG (PAGE_SIZE/(sizeof (pd_entry_t)))
154 #define NL3PG (PAGE_SIZE/(sizeof (pt_entry_t)))
156 #define NUL0E L0_ENTRIES
157 #define NUL1E (NUL0E * NL1PG)
158 #define NUL2E (NUL1E * NL2PG)
160 #if !defined(DIAGNOSTIC)
161 #ifdef __GNUC_GNU_INLINE__
162 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
164 #define PMAP_INLINE extern inline
171 * These are configured by the mair_el1 register. This is set up in locore.S
173 #define DEVICE_MEMORY 0
174 #define UNCACHED_MEMORY 1
175 #define CACHED_MEMORY 2
179 #define PV_STAT(x) do { x ; } while (0)
181 #define PV_STAT(x) do { } while (0)
184 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
185 #define pa_to_pvh(pa) (&pv_table[pmap_l2_pindex(pa)])
187 #define NPV_LIST_LOCKS MAXCPU
189 #define PHYS_TO_PV_LIST_LOCK(pa) \
190 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
192 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
193 struct rwlock **_lockp = (lockp); \
194 struct rwlock *_new_lock; \
196 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
197 if (_new_lock != *_lockp) { \
198 if (*_lockp != NULL) \
199 rw_wunlock(*_lockp); \
200 *_lockp = _new_lock; \
205 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
206 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
208 #define RELEASE_PV_LIST_LOCK(lockp) do { \
209 struct rwlock **_lockp = (lockp); \
211 if (*_lockp != NULL) { \
212 rw_wunlock(*_lockp); \
217 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
218 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
220 struct pmap kernel_pmap_store;
222 /* Used for mapping ACPI memory before VM is initialized */
223 #define PMAP_PREINIT_MAPPING_COUNT 32
224 #define PMAP_PREINIT_MAPPING_SIZE (PMAP_PREINIT_MAPPING_COUNT * L2_SIZE)
225 static vm_offset_t preinit_map_va; /* Start VA of pre-init mapping space */
226 static int vm_initialized = 0; /* No need to use pre-init maps when set */
229 * Reserve a few L2 blocks starting from 'preinit_map_va' pointer.
230 * Always map entire L2 block for simplicity.
231 * VA of L2 block = preinit_map_va + i * L2_SIZE
233 static struct pmap_preinit_mapping {
237 } pmap_preinit_mapping[PMAP_PREINIT_MAPPING_COUNT];
239 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
240 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
241 vm_offset_t kernel_vm_end = 0;
244 * Data for the pv entry allocation mechanism.
245 * Updates to pv_invl_gen are protected by the pv_list_locks[]
246 * elements, but reads are not.
248 static struct md_page *pv_table;
249 static struct md_page pv_dummy;
251 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
252 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
253 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
255 /* This code assumes all L1 DMAP entries will be used */
256 CTASSERT((DMAP_MIN_ADDRESS & ~L0_OFFSET) == DMAP_MIN_ADDRESS);
257 CTASSERT((DMAP_MAX_ADDRESS & ~L0_OFFSET) == DMAP_MAX_ADDRESS);
259 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
260 extern pt_entry_t pagetable_dmap[];
262 #define PHYSMAP_SIZE (2 * (VM_PHYSSEG_MAX - 1))
263 static vm_paddr_t physmap[PHYSMAP_SIZE];
264 static u_int physmap_idx;
266 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
268 static int superpages_enabled = 1;
269 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
270 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &superpages_enabled, 0,
271 "Are large page mappings enabled?");
274 * Data for the pv entry allocation mechanism
276 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
277 static struct mtx pv_chunks_mutex;
278 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
280 static void free_pv_chunk(struct pv_chunk *pc);
281 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
282 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
283 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
284 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
285 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
288 static int pmap_change_attr(vm_offset_t va, vm_size_t size, int mode);
289 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode);
290 static pt_entry_t *pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va);
291 static pt_entry_t *pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2,
292 vm_offset_t va, struct rwlock **lockp);
293 static pt_entry_t *pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va);
294 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
295 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
296 static int pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
297 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp);
298 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
299 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp);
300 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
301 vm_page_t m, struct rwlock **lockp);
303 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
304 struct rwlock **lockp);
306 static void _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m,
307 struct spglist *free);
308 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
309 static __inline vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
312 * These load the old table data and store the new value.
313 * They need to be atomic as the System MMU may write to the table at
314 * the same time as the CPU.
316 #define pmap_load_store(table, entry) atomic_swap_64(table, entry)
317 #define pmap_set(table, mask) atomic_set_64(table, mask)
318 #define pmap_load_clear(table) atomic_swap_64(table, 0)
319 #define pmap_load(table) (*table)
321 /********************/
322 /* Inline functions */
323 /********************/
326 pagecopy(void *s, void *d)
329 memcpy(d, s, PAGE_SIZE);
332 static __inline pd_entry_t *
333 pmap_l0(pmap_t pmap, vm_offset_t va)
336 return (&pmap->pm_l0[pmap_l0_index(va)]);
339 static __inline pd_entry_t *
340 pmap_l0_to_l1(pd_entry_t *l0, vm_offset_t va)
344 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
345 return (&l1[pmap_l1_index(va)]);
348 static __inline pd_entry_t *
349 pmap_l1(pmap_t pmap, vm_offset_t va)
353 l0 = pmap_l0(pmap, va);
354 if ((pmap_load(l0) & ATTR_DESCR_MASK) != L0_TABLE)
357 return (pmap_l0_to_l1(l0, va));
360 static __inline pd_entry_t *
361 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
365 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
366 return (&l2[pmap_l2_index(va)]);
369 static __inline pd_entry_t *
370 pmap_l2(pmap_t pmap, vm_offset_t va)
374 l1 = pmap_l1(pmap, va);
375 if ((pmap_load(l1) & ATTR_DESCR_MASK) != L1_TABLE)
378 return (pmap_l1_to_l2(l1, va));
381 static __inline pt_entry_t *
382 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
386 l3 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l2) & ~ATTR_MASK);
387 return (&l3[pmap_l3_index(va)]);
391 * Returns the lowest valid pde for a given virtual address.
392 * The next level may or may not point to a valid page or block.
394 static __inline pd_entry_t *
395 pmap_pde(pmap_t pmap, vm_offset_t va, int *level)
397 pd_entry_t *l0, *l1, *l2, desc;
399 l0 = pmap_l0(pmap, va);
400 desc = pmap_load(l0) & ATTR_DESCR_MASK;
401 if (desc != L0_TABLE) {
406 l1 = pmap_l0_to_l1(l0, va);
407 desc = pmap_load(l1) & ATTR_DESCR_MASK;
408 if (desc != L1_TABLE) {
413 l2 = pmap_l1_to_l2(l1, va);
414 desc = pmap_load(l2) & ATTR_DESCR_MASK;
415 if (desc != L2_TABLE) {
425 * Returns the lowest valid pte block or table entry for a given virtual
426 * address. If there are no valid entries return NULL and set the level to
427 * the first invalid level.
429 static __inline pt_entry_t *
430 pmap_pte(pmap_t pmap, vm_offset_t va, int *level)
432 pd_entry_t *l1, *l2, desc;
435 l1 = pmap_l1(pmap, va);
440 desc = pmap_load(l1) & ATTR_DESCR_MASK;
441 if (desc == L1_BLOCK) {
446 if (desc != L1_TABLE) {
451 l2 = pmap_l1_to_l2(l1, va);
452 desc = pmap_load(l2) & ATTR_DESCR_MASK;
453 if (desc == L2_BLOCK) {
458 if (desc != L2_TABLE) {
464 l3 = pmap_l2_to_l3(l2, va);
465 if ((pmap_load(l3) & ATTR_DESCR_MASK) != L3_PAGE)
472 pmap_superpages_enabled(void)
475 return (superpages_enabled != 0);
479 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l0, pd_entry_t **l1,
480 pd_entry_t **l2, pt_entry_t **l3)
482 pd_entry_t *l0p, *l1p, *l2p;
484 if (pmap->pm_l0 == NULL)
487 l0p = pmap_l0(pmap, va);
490 if ((pmap_load(l0p) & ATTR_DESCR_MASK) != L0_TABLE)
493 l1p = pmap_l0_to_l1(l0p, va);
496 if ((pmap_load(l1p) & ATTR_DESCR_MASK) == L1_BLOCK) {
502 if ((pmap_load(l1p) & ATTR_DESCR_MASK) != L1_TABLE)
505 l2p = pmap_l1_to_l2(l1p, va);
508 if ((pmap_load(l2p) & ATTR_DESCR_MASK) == L2_BLOCK) {
513 if ((pmap_load(l2p) & ATTR_DESCR_MASK) != L2_TABLE)
516 *l3 = pmap_l2_to_l3(l2p, va);
522 pmap_l3_valid(pt_entry_t l3)
525 return ((l3 & ATTR_DESCR_MASK) == L3_PAGE);
529 CTASSERT(L1_BLOCK == L2_BLOCK);
532 * Checks if the page is dirty. We currently lack proper tracking of this on
533 * arm64 so for now assume is a page mapped as rw was accessed it is.
536 pmap_page_dirty(pt_entry_t pte)
539 return ((pte & (ATTR_AF | ATTR_AP_RW_BIT)) ==
540 (ATTR_AF | ATTR_AP(ATTR_AP_RW)));
544 pmap_resident_count_inc(pmap_t pmap, int count)
547 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
548 pmap->pm_stats.resident_count += count;
552 pmap_resident_count_dec(pmap_t pmap, int count)
555 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
556 KASSERT(pmap->pm_stats.resident_count >= count,
557 ("pmap %p resident count underflow %ld %d", pmap,
558 pmap->pm_stats.resident_count, count));
559 pmap->pm_stats.resident_count -= count;
563 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
569 l1 = (pd_entry_t *)l1pt;
570 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
572 /* Check locore has used a table L1 map */
573 KASSERT((l1[*l1_slot] & ATTR_DESCR_MASK) == L1_TABLE,
574 ("Invalid bootstrap L1 table"));
575 /* Find the address of the L2 table */
576 l2 = (pt_entry_t *)init_pt_va;
577 *l2_slot = pmap_l2_index(va);
583 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
585 u_int l1_slot, l2_slot;
588 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
590 return ((l2[l2_slot] & ~ATTR_MASK) + (va & L2_OFFSET));
594 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa,
595 vm_offset_t freemempos)
599 vm_paddr_t l2_pa, pa;
600 u_int l1_slot, l2_slot, prev_l1_slot;
603 dmap_phys_base = min_pa & ~L1_OFFSET;
609 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
610 memset(pagetable_dmap, 0, PAGE_SIZE * DMAP_TABLES);
612 for (i = 0; i < (physmap_idx * 2); i += 2) {
613 pa = physmap[i] & ~L2_OFFSET;
614 va = pa - dmap_phys_base + DMAP_MIN_ADDRESS;
616 /* Create L2 mappings at the start of the region */
617 if ((pa & L1_OFFSET) != 0) {
618 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
619 if (l1_slot != prev_l1_slot) {
620 prev_l1_slot = l1_slot;
621 l2 = (pt_entry_t *)freemempos;
622 l2_pa = pmap_early_vtophys(kern_l1,
624 freemempos += PAGE_SIZE;
626 pmap_load_store(&pagetable_dmap[l1_slot],
627 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
629 memset(l2, 0, PAGE_SIZE);
632 ("pmap_bootstrap_dmap: NULL l2 map"));
633 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
634 pa += L2_SIZE, va += L2_SIZE) {
636 * We are on a boundary, stop to
637 * create a level 1 block
639 if ((pa & L1_OFFSET) == 0)
642 l2_slot = pmap_l2_index(va);
643 KASSERT(l2_slot != 0, ("..."));
644 pmap_load_store(&l2[l2_slot],
645 (pa & ~L2_OFFSET) | ATTR_DEFAULT | ATTR_XN |
646 ATTR_IDX(CACHED_MEMORY) | L2_BLOCK);
648 KASSERT(va == (pa - dmap_phys_base + DMAP_MIN_ADDRESS),
652 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1] &&
653 (physmap[i + 1] - pa) >= L1_SIZE;
654 pa += L1_SIZE, va += L1_SIZE) {
655 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
656 pmap_load_store(&pagetable_dmap[l1_slot],
657 (pa & ~L1_OFFSET) | ATTR_DEFAULT | ATTR_XN |
658 ATTR_IDX(CACHED_MEMORY) | L1_BLOCK);
661 /* Create L2 mappings at the end of the region */
662 if (pa < physmap[i + 1]) {
663 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
664 if (l1_slot != prev_l1_slot) {
665 prev_l1_slot = l1_slot;
666 l2 = (pt_entry_t *)freemempos;
667 l2_pa = pmap_early_vtophys(kern_l1,
669 freemempos += PAGE_SIZE;
671 pmap_load_store(&pagetable_dmap[l1_slot],
672 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
674 memset(l2, 0, PAGE_SIZE);
677 ("pmap_bootstrap_dmap: NULL l2 map"));
678 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
679 pa += L2_SIZE, va += L2_SIZE) {
680 l2_slot = pmap_l2_index(va);
681 pmap_load_store(&l2[l2_slot],
682 (pa & ~L2_OFFSET) | ATTR_DEFAULT | ATTR_XN |
683 ATTR_IDX(CACHED_MEMORY) | L2_BLOCK);
687 if (pa > dmap_phys_max) {
699 pmap_bootstrap_l2(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l2_start)
706 KASSERT((va & L1_OFFSET) == 0, ("Invalid virtual address"));
708 l1 = (pd_entry_t *)l1pt;
709 l1_slot = pmap_l1_index(va);
712 for (; va < VM_MAX_KERNEL_ADDRESS; l1_slot++, va += L1_SIZE) {
713 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
715 pa = pmap_early_vtophys(l1pt, l2pt);
716 pmap_load_store(&l1[l1_slot],
717 (pa & ~Ln_TABLE_MASK) | L1_TABLE);
721 /* Clean the L2 page table */
722 memset((void *)l2_start, 0, l2pt - l2_start);
728 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
735 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
737 l2 = pmap_l2(kernel_pmap, va);
738 l2 = (pd_entry_t *)rounddown2((uintptr_t)l2, PAGE_SIZE);
739 l2_slot = pmap_l2_index(va);
742 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
743 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
745 pa = pmap_early_vtophys(l1pt, l3pt);
746 pmap_load_store(&l2[l2_slot],
747 (pa & ~Ln_TABLE_MASK) | L2_TABLE);
751 /* Clean the L2 page table */
752 memset((void *)l3_start, 0, l3pt - l3_start);
758 * Bootstrap the system enough to run with virtual memory.
761 pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
764 u_int l1_slot, l2_slot;
767 vm_offset_t va, freemempos;
768 vm_offset_t dpcpu, msgbufpv;
769 vm_paddr_t start_pa, pa, min_pa;
772 kern_delta = KERNBASE - kernstart;
774 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
775 printf("%lx\n", l1pt);
776 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
778 /* Set this early so we can use the pagetable walking functions */
779 kernel_pmap_store.pm_l0 = (pd_entry_t *)l0pt;
780 PMAP_LOCK_INIT(kernel_pmap);
782 /* Assume the address we were loaded to is a valid physical address */
783 min_pa = KERNBASE - kern_delta;
785 physmap_idx = arm_physmem_avail(physmap, nitems(physmap));
789 * Find the minimum physical address. physmap is sorted,
790 * but may contain empty ranges.
792 for (i = 0; i < (physmap_idx * 2); i += 2) {
793 if (physmap[i] == physmap[i + 1])
795 if (physmap[i] <= min_pa)
799 freemempos = KERNBASE + kernlen;
800 freemempos = roundup2(freemempos, PAGE_SIZE);
802 /* Create a direct map region early so we can use it for pa -> va */
803 freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos);
806 start_pa = pa = KERNBASE - kern_delta;
809 * Read the page table to find out what is already mapped.
810 * This assumes we have mapped a block of memory from KERNBASE
811 * using a single L1 entry.
813 l2 = pmap_early_page_idx(l1pt, KERNBASE, &l1_slot, &l2_slot);
815 /* Sanity check the index, KERNBASE should be the first VA */
816 KASSERT(l2_slot == 0, ("The L2 index is non-zero"));
818 /* Find how many pages we have mapped */
819 for (; l2_slot < Ln_ENTRIES; l2_slot++) {
820 if ((l2[l2_slot] & ATTR_DESCR_MASK) == 0)
823 /* Check locore used L2 blocks */
824 KASSERT((l2[l2_slot] & ATTR_DESCR_MASK) == L2_BLOCK,
825 ("Invalid bootstrap L2 table"));
826 KASSERT((l2[l2_slot] & ~ATTR_MASK) == pa,
827 ("Incorrect PA in L2 table"));
833 va = roundup2(va, L1_SIZE);
835 /* Create the l2 tables up to VM_MAX_KERNEL_ADDRESS */
836 freemempos = pmap_bootstrap_l2(l1pt, va, freemempos);
837 /* And the l3 tables for the early devmap */
838 freemempos = pmap_bootstrap_l3(l1pt,
839 VM_MAX_KERNEL_ADDRESS - L2_SIZE, freemempos);
843 #define alloc_pages(var, np) \
844 (var) = freemempos; \
845 freemempos += (np * PAGE_SIZE); \
846 memset((char *)(var), 0, ((np) * PAGE_SIZE));
848 /* Allocate dynamic per-cpu area. */
849 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
850 dpcpu_init((void *)dpcpu, 0);
852 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
853 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
854 msgbufp = (void *)msgbufpv;
856 /* Reserve some VA space for early BIOS/ACPI mapping */
857 preinit_map_va = roundup2(freemempos, L2_SIZE);
859 virtual_avail = preinit_map_va + PMAP_PREINIT_MAPPING_SIZE;
860 virtual_avail = roundup2(virtual_avail, L1_SIZE);
861 virtual_end = VM_MAX_KERNEL_ADDRESS - L2_SIZE;
862 kernel_vm_end = virtual_avail;
864 pa = pmap_early_vtophys(l1pt, freemempos);
866 arm_physmem_exclude_region(start_pa, pa - start_pa, EXFLAG_NOALLOC);
872 * Initialize a vm_page's machine-dependent fields.
875 pmap_page_init(vm_page_t m)
878 TAILQ_INIT(&m->md.pv_list);
879 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
883 * Initialize the pmap module.
884 * Called by vm_init, to initialize any structures that the pmap
885 * system needs to map virtual memory.
894 * Are large page mappings enabled?
896 TUNABLE_INT_FETCH("vm.pmap.superpages_enabled", &superpages_enabled);
899 * Initialize the pv chunk list mutex.
901 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
904 * Initialize the pool of pv list locks.
906 for (i = 0; i < NPV_LIST_LOCKS; i++)
907 rw_init(&pv_list_locks[i], "pmap pv list");
910 * Calculate the size of the pv head table for superpages.
912 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
915 * Allocate memory for the pv head table for superpages.
917 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
919 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s,
921 for (i = 0; i < pv_npg; i++)
922 TAILQ_INIT(&pv_table[i].pv_list);
923 TAILQ_INIT(&pv_dummy.pv_list);
928 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD, 0,
929 "2MB page mapping counters");
931 static u_long pmap_l2_demotions;
932 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
933 &pmap_l2_demotions, 0, "2MB page demotions");
935 static u_long pmap_l2_p_failures;
936 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
937 &pmap_l2_p_failures, 0, "2MB page promotion failures");
939 static u_long pmap_l2_promotions;
940 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
941 &pmap_l2_promotions, 0, "2MB page promotions");
944 * Invalidate a single TLB entry.
947 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
953 "tlbi vaae1is, %0 \n"
956 : : "r"(va >> PAGE_SHIFT));
961 pmap_invalidate_range_nopin(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
966 for (addr = sva; addr < eva; addr += PAGE_SIZE) {
968 "tlbi vaae1is, %0" : : "r"(addr >> PAGE_SHIFT));
976 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
980 pmap_invalidate_range_nopin(pmap, sva, eva);
985 pmap_invalidate_all(pmap_t pmap)
998 * Routine: pmap_extract
1000 * Extract the physical page address associated
1001 * with the given map/virtual_address pair.
1004 pmap_extract(pmap_t pmap, vm_offset_t va)
1006 pt_entry_t *pte, tpte;
1013 * Find the block or page map for this virtual address. pmap_pte
1014 * will return either a valid block/page entry, or NULL.
1016 pte = pmap_pte(pmap, va, &lvl);
1018 tpte = pmap_load(pte);
1019 pa = tpte & ~ATTR_MASK;
1022 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1023 ("pmap_extract: Invalid L1 pte found: %lx",
1024 tpte & ATTR_DESCR_MASK));
1025 pa |= (va & L1_OFFSET);
1028 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1029 ("pmap_extract: Invalid L2 pte found: %lx",
1030 tpte & ATTR_DESCR_MASK));
1031 pa |= (va & L2_OFFSET);
1034 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1035 ("pmap_extract: Invalid L3 pte found: %lx",
1036 tpte & ATTR_DESCR_MASK));
1037 pa |= (va & L3_OFFSET);
1046 * Routine: pmap_extract_and_hold
1048 * Atomically extract and hold the physical page
1049 * with the given pmap and virtual address pair
1050 * if that mapping permits the given protection.
1053 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1055 pt_entry_t *pte, tpte;
1065 pte = pmap_pte(pmap, va, &lvl);
1067 tpte = pmap_load(pte);
1069 KASSERT(lvl > 0 && lvl <= 3,
1070 ("pmap_extract_and_hold: Invalid level %d", lvl));
1071 CTASSERT(L1_BLOCK == L2_BLOCK);
1072 KASSERT((lvl == 3 && (tpte & ATTR_DESCR_MASK) == L3_PAGE) ||
1073 (lvl < 3 && (tpte & ATTR_DESCR_MASK) == L1_BLOCK),
1074 ("pmap_extract_and_hold: Invalid pte at L%d: %lx", lvl,
1075 tpte & ATTR_DESCR_MASK));
1076 if (((tpte & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW)) ||
1077 ((prot & VM_PROT_WRITE) == 0)) {
1080 off = va & L1_OFFSET;
1083 off = va & L2_OFFSET;
1089 if (vm_page_pa_tryrelock(pmap,
1090 (tpte & ~ATTR_MASK) | off, &pa))
1092 m = PHYS_TO_VM_PAGE((tpte & ~ATTR_MASK) | off);
1102 pmap_kextract(vm_offset_t va)
1104 pt_entry_t *pte, tpte;
1108 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
1109 pa = DMAP_TO_PHYS(va);
1112 pte = pmap_pte(kernel_pmap, va, &lvl);
1114 tpte = pmap_load(pte);
1115 pa = tpte & ~ATTR_MASK;
1118 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1119 ("pmap_kextract: Invalid L1 pte found: %lx",
1120 tpte & ATTR_DESCR_MASK));
1121 pa |= (va & L1_OFFSET);
1124 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1125 ("pmap_kextract: Invalid L2 pte found: %lx",
1126 tpte & ATTR_DESCR_MASK));
1127 pa |= (va & L2_OFFSET);
1130 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1131 ("pmap_kextract: Invalid L3 pte found: %lx",
1132 tpte & ATTR_DESCR_MASK));
1133 pa |= (va & L3_OFFSET);
1141 /***************************************************
1142 * Low level mapping routines.....
1143 ***************************************************/
1146 pmap_kenter(vm_offset_t sva, vm_size_t size, vm_paddr_t pa, int mode)
1149 pt_entry_t *pte, attr;
1153 KASSERT((pa & L3_OFFSET) == 0,
1154 ("pmap_kenter: Invalid physical address"));
1155 KASSERT((sva & L3_OFFSET) == 0,
1156 ("pmap_kenter: Invalid virtual address"));
1157 KASSERT((size & PAGE_MASK) == 0,
1158 ("pmap_kenter: Mapping is not page-sized"));
1160 attr = ATTR_DEFAULT | ATTR_IDX(mode) | L3_PAGE;
1161 if (mode == DEVICE_MEMORY)
1166 pde = pmap_pde(kernel_pmap, va, &lvl);
1167 KASSERT(pde != NULL,
1168 ("pmap_kenter: Invalid page entry, va: 0x%lx", va));
1169 KASSERT(lvl == 2, ("pmap_kenter: Invalid level %d", lvl));
1171 pte = pmap_l2_to_l3(pde, va);
1172 pmap_load_store(pte, (pa & ~L3_OFFSET) | attr);
1178 pmap_invalidate_range(kernel_pmap, sva, va);
1182 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
1185 pmap_kenter(sva, size, pa, DEVICE_MEMORY);
1189 * Remove a page from the kernel pagetables.
1192 pmap_kremove(vm_offset_t va)
1197 pte = pmap_pte(kernel_pmap, va, &lvl);
1198 KASSERT(pte != NULL, ("pmap_kremove: Invalid address"));
1199 KASSERT(lvl == 3, ("pmap_kremove: Invalid pte level %d", lvl));
1201 pmap_load_clear(pte);
1202 pmap_invalidate_page(kernel_pmap, va);
1206 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
1212 KASSERT((sva & L3_OFFSET) == 0,
1213 ("pmap_kremove_device: Invalid virtual address"));
1214 KASSERT((size & PAGE_MASK) == 0,
1215 ("pmap_kremove_device: Mapping is not page-sized"));
1219 pte = pmap_pte(kernel_pmap, va, &lvl);
1220 KASSERT(pte != NULL, ("Invalid page table, va: 0x%lx", va));
1222 ("Invalid device pagetable level: %d != 3", lvl));
1223 pmap_load_clear(pte);
1228 pmap_invalidate_range(kernel_pmap, sva, va);
1232 * Used to map a range of physical addresses into kernel
1233 * virtual address space.
1235 * The value passed in '*virt' is a suggested virtual address for
1236 * the mapping. Architectures which can support a direct-mapped
1237 * physical to virtual region can return the appropriate address
1238 * within that region, leaving '*virt' unchanged. Other
1239 * architectures should map the pages starting at '*virt' and
1240 * update '*virt' with the first usable address after the mapped
1244 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1246 return PHYS_TO_DMAP(start);
1251 * Add a list of wired pages to the kva
1252 * this routine is only used for temporary
1253 * kernel mappings that do not need to have
1254 * page modification or references recorded.
1255 * Note that old mappings are simply written
1256 * over. The page *must* be wired.
1257 * Note: SMP coherent. Uses a ranged shootdown IPI.
1260 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1263 pt_entry_t *pte, pa;
1269 for (i = 0; i < count; i++) {
1270 pde = pmap_pde(kernel_pmap, va, &lvl);
1271 KASSERT(pde != NULL,
1272 ("pmap_qenter: Invalid page entry, va: 0x%lx", va));
1274 ("pmap_qenter: Invalid level %d", lvl));
1277 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT | ATTR_AP(ATTR_AP_RW) |
1278 ATTR_IDX(m->md.pv_memattr) | L3_PAGE;
1279 if (m->md.pv_memattr == DEVICE_MEMORY)
1281 pte = pmap_l2_to_l3(pde, va);
1282 pmap_load_store(pte, pa);
1286 pmap_invalidate_range(kernel_pmap, sva, va);
1290 * This routine tears out page mappings from the
1291 * kernel -- it is meant only for temporary mappings.
1294 pmap_qremove(vm_offset_t sva, int count)
1300 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1303 while (count-- > 0) {
1304 pte = pmap_pte(kernel_pmap, va, &lvl);
1306 ("Invalid device pagetable level: %d != 3", lvl));
1308 pmap_load_clear(pte);
1313 pmap_invalidate_range(kernel_pmap, sva, va);
1316 /***************************************************
1317 * Page table page management routines.....
1318 ***************************************************/
1320 * Schedule the specified unused page table page to be freed. Specifically,
1321 * add the page to the specified list of pages that will be released to the
1322 * physical memory manager after the TLB has been updated.
1324 static __inline void
1325 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1326 boolean_t set_PG_ZERO)
1330 m->flags |= PG_ZERO;
1332 m->flags &= ~PG_ZERO;
1333 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1337 * Decrements a page table page's wire count, which is used to record the
1338 * number of valid page table entries within the page. If the wire count
1339 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1340 * page table page was unmapped and FALSE otherwise.
1342 static inline boolean_t
1343 pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1347 if (m->wire_count == 0) {
1348 _pmap_unwire_l3(pmap, va, m, free);
1355 _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1358 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1360 * unmap the page table page
1362 if (m->pindex >= (NUL2E + NUL1E)) {
1366 l0 = pmap_l0(pmap, va);
1367 pmap_load_clear(l0);
1368 } else if (m->pindex >= NUL2E) {
1372 l1 = pmap_l1(pmap, va);
1373 pmap_load_clear(l1);
1378 l2 = pmap_l2(pmap, va);
1379 pmap_load_clear(l2);
1381 pmap_resident_count_dec(pmap, 1);
1382 if (m->pindex < NUL2E) {
1383 /* We just released an l3, unhold the matching l2 */
1384 pd_entry_t *l1, tl1;
1387 l1 = pmap_l1(pmap, va);
1388 tl1 = pmap_load(l1);
1389 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1390 pmap_unwire_l3(pmap, va, l2pg, free);
1391 } else if (m->pindex < (NUL2E + NUL1E)) {
1392 /* We just released an l2, unhold the matching l1 */
1393 pd_entry_t *l0, tl0;
1396 l0 = pmap_l0(pmap, va);
1397 tl0 = pmap_load(l0);
1398 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1399 pmap_unwire_l3(pmap, va, l1pg, free);
1401 pmap_invalidate_page(pmap, va);
1406 * Put page on a list so that it is released after
1407 * *ALL* TLB shootdown is done
1409 pmap_add_delayed_free_list(m, free, TRUE);
1413 * After removing a page table entry, this routine is used to
1414 * conditionally free the page, and manage the hold/wire counts.
1417 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1418 struct spglist *free)
1422 if (va >= VM_MAXUSER_ADDRESS)
1424 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1425 mpte = PHYS_TO_VM_PAGE(ptepde & ~ATTR_MASK);
1426 return (pmap_unwire_l3(pmap, va, mpte, free));
1430 pmap_pinit0(pmap_t pmap)
1433 PMAP_LOCK_INIT(pmap);
1434 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1435 pmap->pm_l0 = kernel_pmap->pm_l0;
1436 pmap->pm_root.rt_root = 0;
1440 pmap_pinit(pmap_t pmap)
1446 * allocate the l0 page
1448 while ((l0pt = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
1449 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1452 l0phys = VM_PAGE_TO_PHYS(l0pt);
1453 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(l0phys);
1455 if ((l0pt->flags & PG_ZERO) == 0)
1456 pagezero(pmap->pm_l0);
1458 pmap->pm_root.rt_root = 0;
1459 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1465 * This routine is called if the desired page table page does not exist.
1467 * If page table page allocation fails, this routine may sleep before
1468 * returning NULL. It sleeps only if a lock pointer was given.
1470 * Note: If a page allocation fails at page table level two or three,
1471 * one or two pages may be held during the wait, only to be released
1472 * afterwards. This conservative approach is easily argued to avoid
1476 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1478 vm_page_t m, l1pg, l2pg;
1480 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1483 * Allocate a page table page.
1485 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1486 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1487 if (lockp != NULL) {
1488 RELEASE_PV_LIST_LOCK(lockp);
1495 * Indicate the need to retry. While waiting, the page table
1496 * page may have been allocated.
1500 if ((m->flags & PG_ZERO) == 0)
1504 * Map the pagetable page into the process address space, if
1505 * it isn't already there.
1508 if (ptepindex >= (NUL2E + NUL1E)) {
1510 vm_pindex_t l0index;
1512 l0index = ptepindex - (NUL2E + NUL1E);
1513 l0 = &pmap->pm_l0[l0index];
1514 pmap_load_store(l0, VM_PAGE_TO_PHYS(m) | L0_TABLE);
1515 } else if (ptepindex >= NUL2E) {
1516 vm_pindex_t l0index, l1index;
1517 pd_entry_t *l0, *l1;
1520 l1index = ptepindex - NUL2E;
1521 l0index = l1index >> L0_ENTRIES_SHIFT;
1523 l0 = &pmap->pm_l0[l0index];
1524 tl0 = pmap_load(l0);
1526 /* recurse for allocating page dir */
1527 if (_pmap_alloc_l3(pmap, NUL2E + NUL1E + l0index,
1529 vm_page_unwire_noq(m);
1530 vm_page_free_zero(m);
1534 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1538 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
1539 l1 = &l1[ptepindex & Ln_ADDR_MASK];
1540 pmap_load_store(l1, VM_PAGE_TO_PHYS(m) | L1_TABLE);
1542 vm_pindex_t l0index, l1index;
1543 pd_entry_t *l0, *l1, *l2;
1544 pd_entry_t tl0, tl1;
1546 l1index = ptepindex >> Ln_ENTRIES_SHIFT;
1547 l0index = l1index >> L0_ENTRIES_SHIFT;
1549 l0 = &pmap->pm_l0[l0index];
1550 tl0 = pmap_load(l0);
1552 /* recurse for allocating page dir */
1553 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1555 vm_page_unwire_noq(m);
1556 vm_page_free_zero(m);
1559 tl0 = pmap_load(l0);
1560 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1561 l1 = &l1[l1index & Ln_ADDR_MASK];
1563 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1564 l1 = &l1[l1index & Ln_ADDR_MASK];
1565 tl1 = pmap_load(l1);
1567 /* recurse for allocating page dir */
1568 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1570 vm_page_unwire_noq(m);
1571 vm_page_free_zero(m);
1575 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1580 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
1581 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1582 pmap_load_store(l2, VM_PAGE_TO_PHYS(m) | L2_TABLE);
1585 pmap_resident_count_inc(pmap, 1);
1591 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1593 vm_pindex_t ptepindex;
1594 pd_entry_t *pde, tpde;
1602 * Calculate pagetable page index
1604 ptepindex = pmap_l2_pindex(va);
1607 * Get the page directory entry
1609 pde = pmap_pde(pmap, va, &lvl);
1612 * If the page table page is mapped, we just increment the hold count,
1613 * and activate it. If we get a level 2 pde it will point to a level 3
1621 pte = pmap_l0_to_l1(pde, va);
1622 KASSERT(pmap_load(pte) == 0,
1623 ("pmap_alloc_l3: TODO: l0 superpages"));
1628 pte = pmap_l1_to_l2(pde, va);
1629 KASSERT(pmap_load(pte) == 0,
1630 ("pmap_alloc_l3: TODO: l1 superpages"));
1634 tpde = pmap_load(pde);
1636 m = PHYS_TO_VM_PAGE(tpde & ~ATTR_MASK);
1642 panic("pmap_alloc_l3: Invalid level %d", lvl);
1646 * Here if the pte page isn't mapped, or if it has been deallocated.
1648 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1649 if (m == NULL && lockp != NULL)
1656 /***************************************************
1657 * Pmap allocation/deallocation routines.
1658 ***************************************************/
1661 * Release any resources held by the given physical map.
1662 * Called when a pmap initialized by pmap_pinit is being released.
1663 * Should only be called if the map contains no valid mappings.
1666 pmap_release(pmap_t pmap)
1670 KASSERT(pmap->pm_stats.resident_count == 0,
1671 ("pmap_release: pmap resident count %ld != 0",
1672 pmap->pm_stats.resident_count));
1673 KASSERT(vm_radix_is_empty(&pmap->pm_root),
1674 ("pmap_release: pmap has reserved page table page(s)"));
1676 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l0));
1678 vm_page_unwire_noq(m);
1679 vm_page_free_zero(m);
1683 kvm_size(SYSCTL_HANDLER_ARGS)
1685 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1687 return sysctl_handle_long(oidp, &ksize, 0, req);
1689 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
1690 0, 0, kvm_size, "LU", "Size of KVM");
1693 kvm_free(SYSCTL_HANDLER_ARGS)
1695 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1697 return sysctl_handle_long(oidp, &kfree, 0, req);
1699 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
1700 0, 0, kvm_free, "LU", "Amount of KVM free");
1703 * grow the number of kernel page table entries, if needed
1706 pmap_growkernel(vm_offset_t addr)
1710 pd_entry_t *l0, *l1, *l2;
1712 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1714 addr = roundup2(addr, L2_SIZE);
1715 if (addr - 1 >= kernel_map->max_offset)
1716 addr = kernel_map->max_offset;
1717 while (kernel_vm_end < addr) {
1718 l0 = pmap_l0(kernel_pmap, kernel_vm_end);
1719 KASSERT(pmap_load(l0) != 0,
1720 ("pmap_growkernel: No level 0 kernel entry"));
1722 l1 = pmap_l0_to_l1(l0, kernel_vm_end);
1723 if (pmap_load(l1) == 0) {
1724 /* We need a new PDP entry */
1725 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
1726 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
1727 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1729 panic("pmap_growkernel: no memory to grow kernel");
1730 if ((nkpg->flags & PG_ZERO) == 0)
1731 pmap_zero_page(nkpg);
1732 paddr = VM_PAGE_TO_PHYS(nkpg);
1733 pmap_load_store(l1, paddr | L1_TABLE);
1734 continue; /* try again */
1736 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
1737 if ((pmap_load(l2) & ATTR_AF) != 0) {
1738 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1739 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1740 kernel_vm_end = kernel_map->max_offset;
1746 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
1747 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1750 panic("pmap_growkernel: no memory to grow kernel");
1751 if ((nkpg->flags & PG_ZERO) == 0)
1752 pmap_zero_page(nkpg);
1753 paddr = VM_PAGE_TO_PHYS(nkpg);
1754 pmap_load_store(l2, paddr | L2_TABLE);
1755 pmap_invalidate_page(kernel_pmap, kernel_vm_end);
1757 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1758 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1759 kernel_vm_end = kernel_map->max_offset;
1766 /***************************************************
1767 * page management routines.
1768 ***************************************************/
1770 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1771 CTASSERT(_NPCM == 3);
1772 CTASSERT(_NPCPV == 168);
1774 static __inline struct pv_chunk *
1775 pv_to_chunk(pv_entry_t pv)
1778 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
1781 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1783 #define PC_FREE0 0xfffffffffffffffful
1784 #define PC_FREE1 0xfffffffffffffffful
1785 #define PC_FREE2 0x000000fffffffffful
1787 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
1791 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1793 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1794 "Current number of pv entry chunks");
1795 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1796 "Current number of pv entry chunks allocated");
1797 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1798 "Current number of pv entry chunks frees");
1799 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1800 "Number of times tried to get a chunk page but failed.");
1802 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
1803 static int pv_entry_spare;
1805 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1806 "Current number of pv entry frees");
1807 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1808 "Current number of pv entry allocs");
1809 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1810 "Current number of pv entries");
1811 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1812 "Current number of spare pv entries");
1817 * We are in a serious low memory condition. Resort to
1818 * drastic measures to free some pages so we can allocate
1819 * another pv entry chunk.
1821 * Returns NULL if PV entries were reclaimed from the specified pmap.
1823 * We do not, however, unmap 2mpages because subsequent accesses will
1824 * allocate per-page pv entries until repromotion occurs, thereby
1825 * exacerbating the shortage of free pv entries.
1828 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
1830 struct pch new_tail;
1831 struct pv_chunk *pc;
1832 struct md_page *pvh;
1835 pt_entry_t *pte, tpte;
1839 struct spglist free;
1841 int bit, field, freed, lvl;
1843 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
1844 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
1848 TAILQ_INIT(&new_tail);
1849 mtx_lock(&pv_chunks_mutex);
1850 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && SLIST_EMPTY(&free)) {
1851 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1852 mtx_unlock(&pv_chunks_mutex);
1853 if (pmap != pc->pc_pmap) {
1854 if (pmap != NULL && pmap != locked_pmap)
1857 /* Avoid deadlock and lock recursion. */
1858 if (pmap > locked_pmap) {
1859 RELEASE_PV_LIST_LOCK(lockp);
1861 } else if (pmap != locked_pmap &&
1862 !PMAP_TRYLOCK(pmap)) {
1864 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1865 mtx_lock(&pv_chunks_mutex);
1871 * Destroy every non-wired, 4 KB page mapping in the chunk.
1874 for (field = 0; field < _NPCM; field++) {
1875 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
1876 inuse != 0; inuse &= ~(1UL << bit)) {
1877 bit = ffsl(inuse) - 1;
1878 pv = &pc->pc_pventry[field * 64 + bit];
1880 pde = pmap_pde(pmap, va, &lvl);
1883 pte = pmap_l2_to_l3(pde, va);
1884 tpte = pmap_load(pte);
1885 if ((tpte & ATTR_SW_WIRED) != 0)
1887 tpte = pmap_load_clear(pte);
1888 pmap_invalidate_page(pmap, va);
1889 m = PHYS_TO_VM_PAGE(tpte & ~ATTR_MASK);
1890 if (pmap_page_dirty(tpte))
1892 if ((tpte & ATTR_AF) != 0)
1893 vm_page_aflag_set(m, PGA_REFERENCED);
1894 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1895 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
1897 if (TAILQ_EMPTY(&m->md.pv_list) &&
1898 (m->flags & PG_FICTITIOUS) == 0) {
1899 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
1900 if (TAILQ_EMPTY(&pvh->pv_list)) {
1901 vm_page_aflag_clear(m,
1905 pc->pc_map[field] |= 1UL << bit;
1906 pmap_unuse_pt(pmap, va, pmap_load(pde), &free);
1911 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1912 mtx_lock(&pv_chunks_mutex);
1915 /* Every freed mapping is for a 4 KB page. */
1916 pmap_resident_count_dec(pmap, freed);
1917 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
1918 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
1919 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
1920 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1921 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
1922 pc->pc_map[2] == PC_FREE2) {
1923 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1924 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1925 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1926 /* Entire chunk is free; return it. */
1927 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1928 dump_drop_page(m_pc->phys_addr);
1929 mtx_lock(&pv_chunks_mutex);
1932 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1933 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1934 mtx_lock(&pv_chunks_mutex);
1935 /* One freed pv entry in locked_pmap is sufficient. */
1936 if (pmap == locked_pmap)
1939 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
1940 mtx_unlock(&pv_chunks_mutex);
1941 if (pmap != NULL && pmap != locked_pmap)
1943 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
1944 m_pc = SLIST_FIRST(&free);
1945 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
1946 /* Recycle a freed page table page. */
1947 m_pc->wire_count = 1;
1950 vm_page_free_pages_toq(&free, false);
1955 * free the pv_entry back to the free list
1958 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1960 struct pv_chunk *pc;
1961 int idx, field, bit;
1963 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1964 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
1965 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
1966 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
1967 pc = pv_to_chunk(pv);
1968 idx = pv - &pc->pc_pventry[0];
1971 pc->pc_map[field] |= 1ul << bit;
1972 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
1973 pc->pc_map[2] != PC_FREE2) {
1974 /* 98% of the time, pc is already at the head of the list. */
1975 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
1976 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1977 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1981 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1986 free_pv_chunk(struct pv_chunk *pc)
1990 mtx_lock(&pv_chunks_mutex);
1991 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1992 mtx_unlock(&pv_chunks_mutex);
1993 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1994 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1995 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1996 /* entire chunk is free, return it */
1997 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1998 dump_drop_page(m->phys_addr);
1999 vm_page_unwire_noq(m);
2004 * Returns a new PV entry, allocating a new PV chunk from the system when
2005 * needed. If this PV chunk allocation fails and a PV list lock pointer was
2006 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
2009 * The given PV list lock may be released.
2012 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
2016 struct pv_chunk *pc;
2019 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2020 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
2022 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2024 for (field = 0; field < _NPCM; field++) {
2025 if (pc->pc_map[field]) {
2026 bit = ffsl(pc->pc_map[field]) - 1;
2030 if (field < _NPCM) {
2031 pv = &pc->pc_pventry[field * 64 + bit];
2032 pc->pc_map[field] &= ~(1ul << bit);
2033 /* If this was the last item, move it to tail */
2034 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
2035 pc->pc_map[2] == 0) {
2036 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2037 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
2040 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2041 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
2045 /* No free items, allocate another chunk */
2046 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2049 if (lockp == NULL) {
2050 PV_STAT(pc_chunk_tryfail++);
2053 m = reclaim_pv_chunk(pmap, lockp);
2057 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2058 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2059 dump_add_page(m->phys_addr);
2060 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2062 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
2063 pc->pc_map[1] = PC_FREE1;
2064 pc->pc_map[2] = PC_FREE2;
2065 mtx_lock(&pv_chunks_mutex);
2066 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2067 mtx_unlock(&pv_chunks_mutex);
2068 pv = &pc->pc_pventry[0];
2069 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2070 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2071 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
2076 * Ensure that the number of spare PV entries in the specified pmap meets or
2077 * exceeds the given count, "needed".
2079 * The given PV list lock may be released.
2082 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
2084 struct pch new_tail;
2085 struct pv_chunk *pc;
2090 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2091 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
2094 * Newly allocated PV chunks must be stored in a private list until
2095 * the required number of PV chunks have been allocated. Otherwise,
2096 * reclaim_pv_chunk() could recycle one of these chunks. In
2097 * contrast, these chunks must be added to the pmap upon allocation.
2099 TAILQ_INIT(&new_tail);
2102 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
2103 bit_count((bitstr_t *)pc->pc_map, 0,
2104 sizeof(pc->pc_map) * NBBY, &free);
2108 if (avail >= needed)
2111 for (reclaimed = false; avail < needed; avail += _NPCPV) {
2112 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2115 m = reclaim_pv_chunk(pmap, lockp);
2120 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2121 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2122 dump_add_page(m->phys_addr);
2123 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2125 pc->pc_map[0] = PC_FREE0;
2126 pc->pc_map[1] = PC_FREE1;
2127 pc->pc_map[2] = PC_FREE2;
2128 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2129 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
2130 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
2133 * The reclaim might have freed a chunk from the current pmap.
2134 * If that chunk contained available entries, we need to
2135 * re-count the number of available entries.
2140 if (!TAILQ_EMPTY(&new_tail)) {
2141 mtx_lock(&pv_chunks_mutex);
2142 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
2143 mtx_unlock(&pv_chunks_mutex);
2148 * First find and then remove the pv entry for the specified pmap and virtual
2149 * address from the specified pv list. Returns the pv entry if found and NULL
2150 * otherwise. This operation can be performed on pv lists for either 4KB or
2151 * 2MB page mappings.
2153 static __inline pv_entry_t
2154 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2158 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2159 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2160 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2169 * After demotion from a 2MB page mapping to 512 4KB page mappings,
2170 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
2171 * entries for each of the 4KB page mappings.
2174 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2175 struct rwlock **lockp)
2177 struct md_page *pvh;
2178 struct pv_chunk *pc;
2180 vm_offset_t va_last;
2184 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2185 KASSERT((pa & L2_OFFSET) == 0,
2186 ("pmap_pv_demote_l2: pa is not 2mpage aligned"));
2187 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2190 * Transfer the 2mpage's pv entry for this mapping to the first
2191 * page's pv list. Once this transfer begins, the pv list lock
2192 * must not be released until the last pv entry is reinstantiated.
2194 pvh = pa_to_pvh(pa);
2195 va = va & ~L2_OFFSET;
2196 pv = pmap_pvh_remove(pvh, pmap, va);
2197 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
2198 m = PHYS_TO_VM_PAGE(pa);
2199 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2201 /* Instantiate the remaining Ln_ENTRIES - 1 pv entries. */
2202 PV_STAT(atomic_add_long(&pv_entry_allocs, Ln_ENTRIES - 1));
2203 va_last = va + L2_SIZE - PAGE_SIZE;
2205 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2206 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
2207 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
2208 for (field = 0; field < _NPCM; field++) {
2209 while (pc->pc_map[field]) {
2210 bit = ffsl(pc->pc_map[field]) - 1;
2211 pc->pc_map[field] &= ~(1ul << bit);
2212 pv = &pc->pc_pventry[field * 64 + bit];
2216 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2217 ("pmap_pv_demote_l2: page %p is not managed", m));
2218 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2224 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2225 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2228 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
2229 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2230 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2232 PV_STAT(atomic_add_long(&pv_entry_count, Ln_ENTRIES - 1));
2233 PV_STAT(atomic_subtract_int(&pv_entry_spare, Ln_ENTRIES - 1));
2237 * First find and then destroy the pv entry for the specified pmap and virtual
2238 * address. This operation can be performed on pv lists for either 4KB or 2MB
2242 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2246 pv = pmap_pvh_remove(pvh, pmap, va);
2247 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2248 free_pv_entry(pmap, pv);
2252 * Conditionally create the PV entry for a 4KB page mapping if the required
2253 * memory can be allocated without resorting to reclamation.
2256 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
2257 struct rwlock **lockp)
2261 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2262 /* Pass NULL instead of the lock pointer to disable reclamation. */
2263 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
2265 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2266 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2274 * pmap_remove_l2: do the things to unmap a level 2 superpage in a process
2277 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2278 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2280 struct md_page *pvh;
2282 vm_offset_t eva, va;
2285 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2286 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2287 old_l2 = pmap_load_clear(l2);
2288 pmap_invalidate_range(pmap, sva, sva + L2_SIZE);
2289 if (old_l2 & ATTR_SW_WIRED)
2290 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2291 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2292 if (old_l2 & ATTR_SW_MANAGED) {
2293 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, old_l2 & ~ATTR_MASK);
2294 pvh = pa_to_pvh(old_l2 & ~ATTR_MASK);
2295 pmap_pvh_free(pvh, pmap, sva);
2296 eva = sva + L2_SIZE;
2297 for (va = sva, m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
2298 va < eva; va += PAGE_SIZE, m++) {
2299 if (pmap_page_dirty(old_l2))
2301 if (old_l2 & ATTR_AF)
2302 vm_page_aflag_set(m, PGA_REFERENCED);
2303 if (TAILQ_EMPTY(&m->md.pv_list) &&
2304 TAILQ_EMPTY(&pvh->pv_list))
2305 vm_page_aflag_clear(m, PGA_WRITEABLE);
2308 KASSERT(pmap != kernel_pmap,
2309 ("Attempting to remove an l2 kernel page"));
2310 ml3 = pmap_remove_pt_page(pmap, sva);
2312 pmap_resident_count_dec(pmap, 1);
2313 KASSERT(ml3->wire_count == NL3PG,
2314 ("pmap_remove_pages: l3 page wire count error"));
2315 ml3->wire_count = 1;
2316 vm_page_unwire_noq(ml3);
2317 pmap_add_delayed_free_list(ml3, free, FALSE);
2319 return (pmap_unuse_pt(pmap, sva, l1e, free));
2323 * pmap_remove_l3: do the things to unmap a page in a process
2326 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2327 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2329 struct md_page *pvh;
2333 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2334 old_l3 = pmap_load_clear(l3);
2335 pmap_invalidate_page(pmap, va);
2336 if (old_l3 & ATTR_SW_WIRED)
2337 pmap->pm_stats.wired_count -= 1;
2338 pmap_resident_count_dec(pmap, 1);
2339 if (old_l3 & ATTR_SW_MANAGED) {
2340 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2341 if (pmap_page_dirty(old_l3))
2343 if (old_l3 & ATTR_AF)
2344 vm_page_aflag_set(m, PGA_REFERENCED);
2345 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2346 pmap_pvh_free(&m->md, pmap, va);
2347 if (TAILQ_EMPTY(&m->md.pv_list) &&
2348 (m->flags & PG_FICTITIOUS) == 0) {
2349 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2350 if (TAILQ_EMPTY(&pvh->pv_list))
2351 vm_page_aflag_clear(m, PGA_WRITEABLE);
2354 return (pmap_unuse_pt(pmap, va, l2e, free));
2358 * Remove the given range of addresses from the specified map.
2360 * It is assumed that the start and end are properly
2361 * rounded to the page size.
2364 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2366 struct rwlock *lock;
2367 vm_offset_t va, va_next;
2368 pd_entry_t *l0, *l1, *l2;
2369 pt_entry_t l3_paddr, *l3;
2370 struct spglist free;
2373 * Perform an unsynchronized read. This is, however, safe.
2375 if (pmap->pm_stats.resident_count == 0)
2383 for (; sva < eva; sva = va_next) {
2385 if (pmap->pm_stats.resident_count == 0)
2388 l0 = pmap_l0(pmap, sva);
2389 if (pmap_load(l0) == 0) {
2390 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2396 l1 = pmap_l0_to_l1(l0, sva);
2397 if (pmap_load(l1) == 0) {
2398 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2405 * Calculate index for next page table.
2407 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2411 l2 = pmap_l1_to_l2(l1, sva);
2415 l3_paddr = pmap_load(l2);
2417 if ((l3_paddr & ATTR_DESCR_MASK) == L2_BLOCK) {
2418 if (sva + L2_SIZE == va_next && eva >= va_next) {
2419 pmap_remove_l2(pmap, l2, sva, pmap_load(l1),
2422 } else if (pmap_demote_l2_locked(pmap, l2,
2423 sva &~L2_OFFSET, &lock) == NULL)
2425 l3_paddr = pmap_load(l2);
2429 * Weed out invalid mappings.
2431 if ((l3_paddr & ATTR_DESCR_MASK) != L2_TABLE)
2435 * Limit our scan to either the end of the va represented
2436 * by the current page table page, or to the end of the
2437 * range being removed.
2443 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2446 panic("l3 == NULL");
2447 if (pmap_load(l3) == 0) {
2448 if (va != va_next) {
2449 pmap_invalidate_range(pmap, va, sva);
2456 if (pmap_remove_l3(pmap, l3, sva, l3_paddr, &free,
2463 pmap_invalidate_range(pmap, va, sva);
2468 vm_page_free_pages_toq(&free, false);
2472 * Routine: pmap_remove_all
2474 * Removes this physical page from
2475 * all physical maps in which it resides.
2476 * Reflects back modify bits to the pager.
2479 * Original versions of this routine were very
2480 * inefficient because they iteratively called
2481 * pmap_remove (slow...)
2485 pmap_remove_all(vm_page_t m)
2487 struct md_page *pvh;
2490 struct rwlock *lock;
2491 pd_entry_t *pde, tpde;
2492 pt_entry_t *pte, tpte;
2494 struct spglist free;
2495 int lvl, pvh_gen, md_gen;
2497 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2498 ("pmap_remove_all: page %p is not managed", m));
2500 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
2501 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2502 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2505 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2507 if (!PMAP_TRYLOCK(pmap)) {
2508 pvh_gen = pvh->pv_gen;
2512 if (pvh_gen != pvh->pv_gen) {
2519 pte = pmap_pte(pmap, va, &lvl);
2520 KASSERT(pte != NULL,
2521 ("pmap_remove_all: no page table entry found"));
2523 ("pmap_remove_all: invalid pte level %d", lvl));
2525 pmap_demote_l2_locked(pmap, pte, va, &lock);
2528 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2530 if (!PMAP_TRYLOCK(pmap)) {
2531 pvh_gen = pvh->pv_gen;
2532 md_gen = m->md.pv_gen;
2536 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
2542 pmap_resident_count_dec(pmap, 1);
2544 pde = pmap_pde(pmap, pv->pv_va, &lvl);
2545 KASSERT(pde != NULL,
2546 ("pmap_remove_all: no page directory entry found"));
2548 ("pmap_remove_all: invalid pde level %d", lvl));
2549 tpde = pmap_load(pde);
2551 pte = pmap_l2_to_l3(pde, pv->pv_va);
2552 tpte = pmap_load(pte);
2553 pmap_load_clear(pte);
2554 pmap_invalidate_page(pmap, pv->pv_va);
2555 if (tpte & ATTR_SW_WIRED)
2556 pmap->pm_stats.wired_count--;
2557 if ((tpte & ATTR_AF) != 0)
2558 vm_page_aflag_set(m, PGA_REFERENCED);
2561 * Update the vm_page_t clean and reference bits.
2563 if (pmap_page_dirty(tpte))
2565 pmap_unuse_pt(pmap, pv->pv_va, tpde, &free);
2566 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2568 free_pv_entry(pmap, pv);
2571 vm_page_aflag_clear(m, PGA_WRITEABLE);
2573 vm_page_free_pages_toq(&free, false);
2577 * Set the physical protection on the
2578 * specified range of this map as requested.
2581 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2583 vm_offset_t va, va_next;
2584 pd_entry_t *l0, *l1, *l2;
2585 pt_entry_t *l3p, l3, nbits;
2587 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
2588 if (prot == VM_PROT_NONE) {
2589 pmap_remove(pmap, sva, eva);
2593 if ((prot & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ==
2594 (VM_PROT_WRITE | VM_PROT_EXECUTE))
2598 for (; sva < eva; sva = va_next) {
2600 l0 = pmap_l0(pmap, sva);
2601 if (pmap_load(l0) == 0) {
2602 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2608 l1 = pmap_l0_to_l1(l0, sva);
2609 if (pmap_load(l1) == 0) {
2610 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2616 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2620 l2 = pmap_l1_to_l2(l1, sva);
2621 if (pmap_load(l2) == 0)
2624 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
2625 l3p = pmap_demote_l2(pmap, l2, sva);
2629 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
2630 ("pmap_protect: Invalid L2 entry after demotion"));
2636 for (l3p = pmap_l2_to_l3(l2, sva); sva != va_next; l3p++,
2638 l3 = pmap_load(l3p);
2639 if (!pmap_l3_valid(l3))
2643 if ((prot & VM_PROT_WRITE) == 0) {
2644 if ((l3 & ATTR_SW_MANAGED) &&
2645 pmap_page_dirty(l3)) {
2646 vm_page_dirty(PHYS_TO_VM_PAGE(l3 &
2649 nbits |= ATTR_AP(ATTR_AP_RO);
2651 if ((prot & VM_PROT_EXECUTE) == 0)
2654 pmap_set(l3p, nbits);
2655 /* XXX: Use pmap_invalidate_range */
2656 pmap_invalidate_page(pmap, sva);
2663 * Inserts the specified page table page into the specified pmap's collection
2664 * of idle page table pages. Each of a pmap's page table pages is responsible
2665 * for mapping a distinct range of virtual addresses. The pmap's collection is
2666 * ordered by this virtual address range.
2669 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte)
2672 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2673 return (vm_radix_insert(&pmap->pm_root, mpte));
2677 * Removes the page table page mapping the specified virtual address from the
2678 * specified pmap's collection of idle page table pages, and returns it.
2679 * Otherwise, returns NULL if there is no page table page corresponding to the
2680 * specified virtual address.
2682 static __inline vm_page_t
2683 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
2686 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2687 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
2691 * Performs a break-before-make update of a pmap entry. This is needed when
2692 * either promoting or demoting pages to ensure the TLB doesn't get into an
2693 * inconsistent state.
2696 pmap_update_entry(pmap_t pmap, pd_entry_t *pte, pd_entry_t newpte,
2697 vm_offset_t va, vm_size_t size)
2701 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2704 * Ensure we don't get switched out with the page table in an
2705 * inconsistent state. We also need to ensure no interrupts fire
2706 * as they may make use of an address we are about to invalidate.
2708 intr = intr_disable();
2711 /* Clear the old mapping */
2712 pmap_load_clear(pte);
2713 pmap_invalidate_range_nopin(pmap, va, va + size);
2715 /* Create the new mapping */
2716 pmap_load_store(pte, newpte);
2722 #if VM_NRESERVLEVEL > 0
2724 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
2725 * replace the many pv entries for the 4KB page mappings by a single pv entry
2726 * for the 2MB page mapping.
2729 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2730 struct rwlock **lockp)
2732 struct md_page *pvh;
2734 vm_offset_t va_last;
2737 KASSERT((pa & L2_OFFSET) == 0,
2738 ("pmap_pv_promote_l2: pa is not 2mpage aligned"));
2739 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2742 * Transfer the first page's pv entry for this mapping to the 2mpage's
2743 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
2744 * a transfer avoids the possibility that get_pv_entry() calls
2745 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
2746 * mappings that is being promoted.
2748 m = PHYS_TO_VM_PAGE(pa);
2749 va = va & ~L2_OFFSET;
2750 pv = pmap_pvh_remove(&m->md, pmap, va);
2751 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv not found"));
2752 pvh = pa_to_pvh(pa);
2753 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2755 /* Free the remaining NPTEPG - 1 pv entries. */
2756 va_last = va + L2_SIZE - PAGE_SIZE;
2760 pmap_pvh_free(&m->md, pmap, va);
2761 } while (va < va_last);
2765 * Tries to promote the 512, contiguous 4KB page mappings that are within a
2766 * single level 2 table entry to a single 2MB page mapping. For promotion
2767 * to occur, two conditions must be met: (1) the 4KB page mappings must map
2768 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
2769 * identical characteristics.
2772 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2773 struct rwlock **lockp)
2775 pt_entry_t *firstl3, *l3, newl2, oldl3, pa;
2779 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2781 sva = va & ~L2_OFFSET;
2782 firstl3 = pmap_l2_to_l3(l2, sva);
2783 newl2 = pmap_load(firstl3);
2785 /* Check the alingment is valid */
2786 if (((newl2 & ~ATTR_MASK) & L2_OFFSET) != 0) {
2787 atomic_add_long(&pmap_l2_p_failures, 1);
2788 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
2789 " in pmap %p", va, pmap);
2793 pa = newl2 + L2_SIZE - PAGE_SIZE;
2794 for (l3 = firstl3 + NL3PG - 1; l3 > firstl3; l3--) {
2795 oldl3 = pmap_load(l3);
2797 atomic_add_long(&pmap_l2_p_failures, 1);
2798 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
2799 " in pmap %p", va, pmap);
2806 * Save the page table page in its current state until the L2
2807 * mapping the superpage is demoted by pmap_demote_l2() or
2808 * destroyed by pmap_remove_l3().
2810 mpte = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
2811 KASSERT(mpte >= vm_page_array &&
2812 mpte < &vm_page_array[vm_page_array_size],
2813 ("pmap_promote_l2: page table page is out of range"));
2814 KASSERT(mpte->pindex == pmap_l2_pindex(va),
2815 ("pmap_promote_l2: page table page's pindex is wrong"));
2816 if (pmap_insert_pt_page(pmap, mpte)) {
2817 atomic_add_long(&pmap_l2_p_failures, 1);
2819 "pmap_promote_l2: failure for va %#lx in pmap %p", va,
2824 if ((newl2 & ATTR_SW_MANAGED) != 0)
2825 pmap_pv_promote_l2(pmap, va, newl2 & ~ATTR_MASK, lockp);
2827 newl2 &= ~ATTR_DESCR_MASK;
2830 pmap_update_entry(pmap, l2, newl2, sva, L2_SIZE);
2832 atomic_add_long(&pmap_l2_promotions, 1);
2833 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
2836 #endif /* VM_NRESERVLEVEL > 0 */
2839 * Insert the given physical page (p) at
2840 * the specified virtual address (v) in the
2841 * target physical map with the protection requested.
2843 * If specified, the page will be wired down, meaning
2844 * that the related pte can not be reclaimed.
2846 * NB: This is the only routine which MAY NOT lazy-evaluate
2847 * or lose information. That is, this routine must actually
2848 * insert this page into the given map NOW.
2851 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2852 u_int flags, int8_t psind __unused)
2854 struct rwlock *lock;
2856 pt_entry_t new_l3, orig_l3;
2857 pt_entry_t *l2, *l3;
2859 vm_paddr_t opa, pa, l1_pa, l2_pa, l3_pa;
2860 vm_page_t mpte, om, l1_m, l2_m, l3_m;
2864 va = trunc_page(va);
2865 if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
2866 VM_OBJECT_ASSERT_LOCKED(m->object);
2867 pa = VM_PAGE_TO_PHYS(m);
2868 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT | ATTR_IDX(m->md.pv_memattr) |
2870 if ((prot & VM_PROT_WRITE) == 0)
2871 new_l3 |= ATTR_AP(ATTR_AP_RO);
2872 if ((prot & VM_PROT_EXECUTE) == 0 || m->md.pv_memattr == DEVICE_MEMORY)
2874 if ((flags & PMAP_ENTER_WIRED) != 0)
2875 new_l3 |= ATTR_SW_WIRED;
2876 if (va < VM_MAXUSER_ADDRESS)
2877 new_l3 |= ATTR_AP(ATTR_AP_USER) | ATTR_PXN;
2879 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
2886 pde = pmap_pde(pmap, va, &lvl);
2887 if (pde != NULL && lvl == 1) {
2888 l2 = pmap_l1_to_l2(pde, va);
2889 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK &&
2890 (l3 = pmap_demote_l2_locked(pmap, l2, va & ~L2_OFFSET,
2892 l3 = &l3[pmap_l3_index(va)];
2893 if (va < VM_MAXUSER_ADDRESS) {
2894 mpte = PHYS_TO_VM_PAGE(
2895 pmap_load(l2) & ~ATTR_MASK);
2902 if (va < VM_MAXUSER_ADDRESS) {
2903 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
2904 mpte = pmap_alloc_l3(pmap, va, nosleep ? NULL : &lock);
2905 if (mpte == NULL && nosleep) {
2906 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
2910 return (KERN_RESOURCE_SHORTAGE);
2912 pde = pmap_pde(pmap, va, &lvl);
2913 KASSERT(pde != NULL,
2914 ("pmap_enter: Invalid page entry, va: 0x%lx", va));
2916 ("pmap_enter: Invalid level %d", lvl));
2919 * If we get a level 2 pde it must point to a level 3 entry
2920 * otherwise we will need to create the intermediate tables
2926 /* Get the l0 pde to update */
2927 pde = pmap_l0(pmap, va);
2928 KASSERT(pde != NULL, ("..."));
2930 l1_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2931 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2934 panic("pmap_enter: l1 pte_m == NULL");
2935 if ((l1_m->flags & PG_ZERO) == 0)
2936 pmap_zero_page(l1_m);
2938 l1_pa = VM_PAGE_TO_PHYS(l1_m);
2939 pmap_load_store(pde, l1_pa | L0_TABLE);
2942 /* Get the l1 pde to update */
2943 pde = pmap_l1_to_l2(pde, va);
2944 KASSERT(pde != NULL, ("..."));
2946 l2_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2947 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2950 panic("pmap_enter: l2 pte_m == NULL");
2951 if ((l2_m->flags & PG_ZERO) == 0)
2952 pmap_zero_page(l2_m);
2954 l2_pa = VM_PAGE_TO_PHYS(l2_m);
2955 pmap_load_store(pde, l2_pa | L1_TABLE);
2958 /* Get the l2 pde to update */
2959 pde = pmap_l1_to_l2(pde, va);
2960 KASSERT(pde != NULL, ("..."));
2962 l3_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2963 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2966 panic("pmap_enter: l3 pte_m == NULL");
2967 if ((l3_m->flags & PG_ZERO) == 0)
2968 pmap_zero_page(l3_m);
2970 l3_pa = VM_PAGE_TO_PHYS(l3_m);
2971 pmap_load_store(pde, l3_pa | L2_TABLE);
2976 l3 = pmap_l2_to_l3(pde, va);
2980 orig_l3 = pmap_load(l3);
2981 opa = orig_l3 & ~ATTR_MASK;
2984 * Is the specified virtual address already mapped?
2986 if (pmap_l3_valid(orig_l3)) {
2988 * Wiring change, just update stats. We don't worry about
2989 * wiring PT pages as they remain resident as long as there
2990 * are valid mappings in them. Hence, if a user page is wired,
2991 * the PT page will be also.
2993 if ((flags & PMAP_ENTER_WIRED) != 0 &&
2994 (orig_l3 & ATTR_SW_WIRED) == 0)
2995 pmap->pm_stats.wired_count++;
2996 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
2997 (orig_l3 & ATTR_SW_WIRED) != 0)
2998 pmap->pm_stats.wired_count--;
3001 * Remove the extra PT page reference.
3005 KASSERT(mpte->wire_count > 0,
3006 ("pmap_enter: missing reference to page table page,"
3011 * Has the physical page changed?
3015 * No, might be a protection or wiring change.
3017 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
3018 new_l3 |= ATTR_SW_MANAGED;
3019 if ((new_l3 & ATTR_AP(ATTR_AP_RW)) ==
3020 ATTR_AP(ATTR_AP_RW)) {
3021 vm_page_aflag_set(m, PGA_WRITEABLE);
3028 * Increment the counters.
3030 if ((new_l3 & ATTR_SW_WIRED) != 0)
3031 pmap->pm_stats.wired_count++;
3032 pmap_resident_count_inc(pmap, 1);
3035 * Enter on the PV list if part of our managed memory.
3037 if ((m->oflags & VPO_UNMANAGED) == 0) {
3038 new_l3 |= ATTR_SW_MANAGED;
3039 pv = get_pv_entry(pmap, &lock);
3041 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
3042 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3044 if ((new_l3 & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW))
3045 vm_page_aflag_set(m, PGA_WRITEABLE);
3050 * Sync icache if exec permission and attribute VM_MEMATTR_WRITE_BACK
3051 * is set. Do it now, before the mapping is stored and made
3052 * valid for hardware table walk. If done later, then other can
3053 * access this page before caches are properly synced.
3054 * Don't do it for kernel memory which is mapped with exec
3055 * permission even if the memory isn't going to hold executable
3056 * code. The only time when icache sync is needed is after
3057 * kernel module is loaded and the relocation info is processed.
3058 * And it's done in elf_cpu_load_file().
3060 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
3061 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK &&
3062 (opa != pa || (orig_l3 & ATTR_XN)))
3063 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3066 * Update the L3 entry
3068 if (pmap_l3_valid(orig_l3)) {
3071 pmap_update_entry(pmap, l3, new_l3, va, PAGE_SIZE);
3072 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
3073 om = PHYS_TO_VM_PAGE(opa);
3074 if (pmap_page_dirty(orig_l3))
3076 if ((orig_l3 & ATTR_AF) != 0)
3077 vm_page_aflag_set(om, PGA_REFERENCED);
3078 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
3079 pmap_pvh_free(&om->md, pmap, va);
3080 if ((om->aflags & PGA_WRITEABLE) != 0 &&
3081 TAILQ_EMPTY(&om->md.pv_list) &&
3082 ((om->flags & PG_FICTITIOUS) != 0 ||
3083 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3084 vm_page_aflag_clear(om, PGA_WRITEABLE);
3086 } else if ((orig_l3 & ~ATTR_AF) != (new_l3 & ~ATTR_AF)) {
3087 /* same PA, different attributes */
3088 pmap_load_store(l3, new_l3);
3089 pmap_invalidate_page(pmap, va);
3090 if (pmap_page_dirty(orig_l3) &&
3091 (orig_l3 & ATTR_SW_MANAGED) != 0)
3096 * This can happens if multiple threads simultaneously
3097 * access not yet mapped page. This bad for performance
3098 * since this can cause full demotion-NOP-promotion
3100 * Another possible reasons are:
3101 * - VM and pmap memory layout are diverged
3102 * - tlb flush is missing somewhere and CPU doesn't see
3105 CTR4(KTR_PMAP, "%s: already mapped page - "
3106 "pmap %p va 0x%#lx pte 0x%lx",
3107 __func__, pmap, va, new_l3);
3111 pmap_load_store(l3, new_l3);
3114 #if VM_NRESERVLEVEL > 0
3115 if (pmap != pmap_kernel() &&
3116 (mpte == NULL || mpte->wire_count == NL3PG) &&
3117 pmap_superpages_enabled() &&
3118 (m->flags & PG_FICTITIOUS) == 0 &&
3119 vm_reserv_level_iffullpop(m) == 0) {
3120 pmap_promote_l2(pmap, pde, va, &lock);
3127 return (KERN_SUCCESS);
3131 * Maps a sequence of resident pages belonging to the same object.
3132 * The sequence begins with the given page m_start. This page is
3133 * mapped at the given virtual address start. Each subsequent page is
3134 * mapped at a virtual address that is offset from start by the same
3135 * amount as the page is offset from m_start within the object. The
3136 * last page in the sequence is the page with the largest offset from
3137 * m_start that can be mapped at a virtual address less than the given
3138 * virtual address end. Not every virtual page between start and end
3139 * is mapped; only those for which a resident page exists with the
3140 * corresponding offset from m_start are mapped.
3143 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3144 vm_page_t m_start, vm_prot_t prot)
3146 struct rwlock *lock;
3149 vm_pindex_t diff, psize;
3151 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3153 psize = atop(end - start);
3158 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3159 va = start + ptoa(diff);
3160 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte, &lock);
3161 m = TAILQ_NEXT(m, listq);
3169 * this code makes some *MAJOR* assumptions:
3170 * 1. Current pmap & pmap exists.
3173 * 4. No page table pages.
3174 * but is *MUCH* faster than pmap_enter...
3178 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3180 struct rwlock *lock;
3184 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3191 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3192 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3194 struct spglist free;
3196 pt_entry_t *l2, *l3, l3_val;
3200 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3201 (m->oflags & VPO_UNMANAGED) != 0,
3202 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3203 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3205 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3207 * In the case that a page table page is not
3208 * resident, we are creating it here.
3210 if (va < VM_MAXUSER_ADDRESS) {
3211 vm_pindex_t l2pindex;
3214 * Calculate pagetable page index
3216 l2pindex = pmap_l2_pindex(va);
3217 if (mpte && (mpte->pindex == l2pindex)) {
3223 pde = pmap_pde(pmap, va, &lvl);
3226 * If the page table page is mapped, we just increment
3227 * the hold count, and activate it. Otherwise, we
3228 * attempt to allocate a page table page. If this
3229 * attempt fails, we don't retry. Instead, we give up.
3232 l2 = pmap_l1_to_l2(pde, va);
3233 if ((pmap_load(l2) & ATTR_DESCR_MASK) ==
3237 if (lvl == 2 && pmap_load(pde) != 0) {
3239 PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3243 * Pass NULL instead of the PV list lock
3244 * pointer, because we don't intend to sleep.
3246 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
3251 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
3252 l3 = &l3[pmap_l3_index(va)];
3255 pde = pmap_pde(kernel_pmap, va, &lvl);
3256 KASSERT(pde != NULL,
3257 ("pmap_enter_quick_locked: Invalid page entry, va: 0x%lx",
3260 ("pmap_enter_quick_locked: Invalid level %d", lvl));
3261 l3 = pmap_l2_to_l3(pde, va);
3264 if (pmap_load(l3) != 0) {
3273 * Enter on the PV list if part of our managed memory.
3275 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3276 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
3279 if (pmap_unwire_l3(pmap, va, mpte, &free)) {
3280 pmap_invalidate_page(pmap, va);
3281 vm_page_free_pages_toq(&free, false);
3289 * Increment counters
3291 pmap_resident_count_inc(pmap, 1);
3293 pa = VM_PAGE_TO_PHYS(m);
3294 l3_val = pa | ATTR_DEFAULT | ATTR_IDX(m->md.pv_memattr) |
3295 ATTR_AP(ATTR_AP_RO) | L3_PAGE;
3296 if ((prot & VM_PROT_EXECUTE) == 0 || m->md.pv_memattr == DEVICE_MEMORY)
3298 else if (va < VM_MAXUSER_ADDRESS)
3302 * Now validate mapping with RO protection
3304 if ((m->oflags & VPO_UNMANAGED) == 0)
3305 l3_val |= ATTR_SW_MANAGED;
3307 /* Sync icache before the mapping is stored to PTE */
3308 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
3309 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK)
3310 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3312 pmap_load_store(l3, l3_val);
3313 pmap_invalidate_page(pmap, va);
3318 * This code maps large physical mmap regions into the
3319 * processor address space. Note that some shortcuts
3320 * are taken, but the code works.
3323 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3324 vm_pindex_t pindex, vm_size_t size)
3327 VM_OBJECT_ASSERT_WLOCKED(object);
3328 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3329 ("pmap_object_init_pt: non-device object"));
3333 * Clear the wired attribute from the mappings for the specified range of
3334 * addresses in the given pmap. Every valid mapping within that range
3335 * must have the wired attribute set. In contrast, invalid mappings
3336 * cannot have the wired attribute set, so they are ignored.
3338 * The wired attribute of the page table entry is not a hardware feature,
3339 * so there is no need to invalidate any TLB entries.
3342 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3344 vm_offset_t va_next;
3345 pd_entry_t *l0, *l1, *l2;
3349 for (; sva < eva; sva = va_next) {
3350 l0 = pmap_l0(pmap, sva);
3351 if (pmap_load(l0) == 0) {
3352 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3358 l1 = pmap_l0_to_l1(l0, sva);
3359 if (pmap_load(l1) == 0) {
3360 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3366 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3370 l2 = pmap_l1_to_l2(l1, sva);
3371 if (pmap_load(l2) == 0)
3374 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
3375 l3 = pmap_demote_l2(pmap, l2, sva);
3379 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
3380 ("pmap_unwire: Invalid l2 entry after demotion"));
3384 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
3386 if (pmap_load(l3) == 0)
3388 if ((pmap_load(l3) & ATTR_SW_WIRED) == 0)
3389 panic("pmap_unwire: l3 %#jx is missing "
3390 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l3));
3393 * PG_W must be cleared atomically. Although the pmap
3394 * lock synchronizes access to PG_W, another processor
3395 * could be setting PG_M and/or PG_A concurrently.
3397 atomic_clear_long(l3, ATTR_SW_WIRED);
3398 pmap->pm_stats.wired_count--;
3405 * Copy the range specified by src_addr/len
3406 * from the source map to the range dst_addr/len
3407 * in the destination map.
3409 * This routine is only advisory and need not do anything.
3413 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
3414 vm_offset_t src_addr)
3419 * pmap_zero_page zeros the specified hardware page by mapping
3420 * the page into KVM and using bzero to clear its contents.
3423 pmap_zero_page(vm_page_t m)
3425 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3427 pagezero((void *)va);
3431 * pmap_zero_page_area zeros the specified hardware page by mapping
3432 * the page into KVM and using bzero to clear its contents.
3434 * off and size may not cover an area beyond a single hardware page.
3437 pmap_zero_page_area(vm_page_t m, int off, int size)
3439 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3441 if (off == 0 && size == PAGE_SIZE)
3442 pagezero((void *)va);
3444 bzero((char *)va + off, size);
3448 * pmap_copy_page copies the specified (machine independent)
3449 * page by mapping the page into virtual memory and using
3450 * bcopy to copy the page, one machine dependent page at a
3454 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
3456 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
3457 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
3459 pagecopy((void *)src, (void *)dst);
3462 int unmapped_buf_allowed = 1;
3465 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3466 vm_offset_t b_offset, int xfersize)
3470 vm_paddr_t p_a, p_b;
3471 vm_offset_t a_pg_offset, b_pg_offset;
3474 while (xfersize > 0) {
3475 a_pg_offset = a_offset & PAGE_MASK;
3476 m_a = ma[a_offset >> PAGE_SHIFT];
3477 p_a = m_a->phys_addr;
3478 b_pg_offset = b_offset & PAGE_MASK;
3479 m_b = mb[b_offset >> PAGE_SHIFT];
3480 p_b = m_b->phys_addr;
3481 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3482 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3483 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
3484 panic("!DMAP a %lx", p_a);
3486 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
3488 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
3489 panic("!DMAP b %lx", p_b);
3491 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
3493 bcopy(a_cp, b_cp, cnt);
3501 pmap_quick_enter_page(vm_page_t m)
3504 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
3508 pmap_quick_remove_page(vm_offset_t addr)
3513 * Returns true if the pmap's pv is one of the first
3514 * 16 pvs linked to from this page. This count may
3515 * be changed upwards or downwards in the future; it
3516 * is only necessary that true be returned for a small
3517 * subset of pmaps for proper page aging.
3520 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3522 struct md_page *pvh;
3523 struct rwlock *lock;
3528 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3529 ("pmap_page_exists_quick: page %p is not managed", m));
3531 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3533 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3534 if (PV_PMAP(pv) == pmap) {
3542 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
3543 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3544 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3545 if (PV_PMAP(pv) == pmap) {
3559 * pmap_page_wired_mappings:
3561 * Return the number of managed mappings to the given physical page
3565 pmap_page_wired_mappings(vm_page_t m)
3567 struct rwlock *lock;
3568 struct md_page *pvh;
3572 int count, lvl, md_gen, pvh_gen;
3574 if ((m->oflags & VPO_UNMANAGED) != 0)
3576 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3580 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3582 if (!PMAP_TRYLOCK(pmap)) {
3583 md_gen = m->md.pv_gen;
3587 if (md_gen != m->md.pv_gen) {
3592 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3593 if (pte != NULL && (pmap_load(pte) & ATTR_SW_WIRED) != 0)
3597 if ((m->flags & PG_FICTITIOUS) == 0) {
3598 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3599 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3601 if (!PMAP_TRYLOCK(pmap)) {
3602 md_gen = m->md.pv_gen;
3603 pvh_gen = pvh->pv_gen;
3607 if (md_gen != m->md.pv_gen ||
3608 pvh_gen != pvh->pv_gen) {
3613 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3615 (pmap_load(pte) & ATTR_SW_WIRED) != 0)
3625 * Destroy all managed, non-wired mappings in the given user-space
3626 * pmap. This pmap cannot be active on any processor besides the
3629 * This function cannot be applied to the kernel pmap. Moreover, it
3630 * is not intended for general use. It is only to be used during
3631 * process termination. Consequently, it can be implemented in ways
3632 * that make it faster than pmap_remove(). First, it can more quickly
3633 * destroy mappings by iterating over the pmap's collection of PV
3634 * entries, rather than searching the page table. Second, it doesn't
3635 * have to test and clear the page table entries atomically, because
3636 * no processor is currently accessing the user address space. In
3637 * particular, a page table entry's dirty bit won't change state once
3638 * this function starts.
3641 pmap_remove_pages(pmap_t pmap)
3644 pt_entry_t *pte, tpte;
3645 struct spglist free;
3646 vm_page_t m, ml3, mt;
3648 struct md_page *pvh;
3649 struct pv_chunk *pc, *npc;
3650 struct rwlock *lock;
3652 uint64_t inuse, bitmask;
3653 int allfree, field, freed, idx, lvl;
3660 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3663 for (field = 0; field < _NPCM; field++) {
3664 inuse = ~pc->pc_map[field] & pc_freemask[field];
3665 while (inuse != 0) {
3666 bit = ffsl(inuse) - 1;
3667 bitmask = 1UL << bit;
3668 idx = field * 64 + bit;
3669 pv = &pc->pc_pventry[idx];
3672 pde = pmap_pde(pmap, pv->pv_va, &lvl);
3673 KASSERT(pde != NULL,
3674 ("Attempting to remove an unmapped page"));
3678 pte = pmap_l1_to_l2(pde, pv->pv_va);
3679 tpte = pmap_load(pte);
3680 KASSERT((tpte & ATTR_DESCR_MASK) ==
3682 ("Attempting to remove an invalid "
3683 "block: %lx", tpte));
3684 tpte = pmap_load(pte);
3687 pte = pmap_l2_to_l3(pde, pv->pv_va);
3688 tpte = pmap_load(pte);
3689 KASSERT((tpte & ATTR_DESCR_MASK) ==
3691 ("Attempting to remove an invalid "
3692 "page: %lx", tpte));
3696 "Invalid page directory level: %d",
3701 * We cannot remove wired pages from a process' mapping at this time
3703 if (tpte & ATTR_SW_WIRED) {
3708 pa = tpte & ~ATTR_MASK;
3710 m = PHYS_TO_VM_PAGE(pa);
3711 KASSERT(m->phys_addr == pa,
3712 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
3713 m, (uintmax_t)m->phys_addr,
3716 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
3717 m < &vm_page_array[vm_page_array_size],
3718 ("pmap_remove_pages: bad pte %#jx",
3721 pmap_load_clear(pte);
3724 * Update the vm_page_t clean/reference bits.
3726 if ((tpte & ATTR_AP_RW_BIT) ==
3727 ATTR_AP(ATTR_AP_RW)) {
3730 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3739 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
3742 pc->pc_map[field] |= bitmask;
3745 pmap_resident_count_dec(pmap,
3746 L2_SIZE / PAGE_SIZE);
3747 pvh = pa_to_pvh(tpte & ~ATTR_MASK);
3748 TAILQ_REMOVE(&pvh->pv_list, pv,pv_next);
3750 if (TAILQ_EMPTY(&pvh->pv_list)) {
3751 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3752 if ((mt->aflags & PGA_WRITEABLE) != 0 &&
3753 TAILQ_EMPTY(&mt->md.pv_list))
3754 vm_page_aflag_clear(mt, PGA_WRITEABLE);
3756 ml3 = pmap_remove_pt_page(pmap,
3759 pmap_resident_count_dec(pmap,1);
3760 KASSERT(ml3->wire_count == NL3PG,
3761 ("pmap_remove_pages: l3 page wire count error"));
3762 ml3->wire_count = 1;
3763 vm_page_unwire_noq(ml3);
3764 pmap_add_delayed_free_list(ml3,
3769 pmap_resident_count_dec(pmap, 1);
3770 TAILQ_REMOVE(&m->md.pv_list, pv,
3773 if ((m->aflags & PGA_WRITEABLE) != 0 &&
3774 TAILQ_EMPTY(&m->md.pv_list) &&
3775 (m->flags & PG_FICTITIOUS) == 0) {
3777 VM_PAGE_TO_PHYS(m));
3778 if (TAILQ_EMPTY(&pvh->pv_list))
3779 vm_page_aflag_clear(m,
3784 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(pde),
3789 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
3790 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
3791 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
3793 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3797 pmap_invalidate_all(pmap);
3801 vm_page_free_pages_toq(&free, false);
3805 * This is used to check if a page has been accessed or modified. As we
3806 * don't have a bit to see if it has been modified we have to assume it
3807 * has been if the page is read/write.
3810 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
3812 struct rwlock *lock;
3814 struct md_page *pvh;
3815 pt_entry_t *pte, mask, value;
3817 int lvl, md_gen, pvh_gen;
3821 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3824 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3826 if (!PMAP_TRYLOCK(pmap)) {
3827 md_gen = m->md.pv_gen;
3831 if (md_gen != m->md.pv_gen) {
3836 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3838 ("pmap_page_test_mappings: Invalid level %d", lvl));
3842 mask |= ATTR_AP_RW_BIT;
3843 value |= ATTR_AP(ATTR_AP_RW);
3846 mask |= ATTR_AF | ATTR_DESCR_MASK;
3847 value |= ATTR_AF | L3_PAGE;
3849 rv = (pmap_load(pte) & mask) == value;
3854 if ((m->flags & PG_FICTITIOUS) == 0) {
3855 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3856 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3858 if (!PMAP_TRYLOCK(pmap)) {
3859 md_gen = m->md.pv_gen;
3860 pvh_gen = pvh->pv_gen;
3864 if (md_gen != m->md.pv_gen ||
3865 pvh_gen != pvh->pv_gen) {
3870 pte = pmap_pte(pmap, pv->pv_va, &lvl);
3872 ("pmap_page_test_mappings: Invalid level %d", lvl));
3876 mask |= ATTR_AP_RW_BIT;
3877 value |= ATTR_AP(ATTR_AP_RW);
3880 mask |= ATTR_AF | ATTR_DESCR_MASK;
3881 value |= ATTR_AF | L2_BLOCK;
3883 rv = (pmap_load(pte) & mask) == value;
3897 * Return whether or not the specified physical page was modified
3898 * in any physical maps.
3901 pmap_is_modified(vm_page_t m)
3904 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3905 ("pmap_is_modified: page %p is not managed", m));
3908 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
3909 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
3910 * is clear, no PTEs can have PG_M set.
3912 VM_OBJECT_ASSERT_WLOCKED(m->object);
3913 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
3915 return (pmap_page_test_mappings(m, FALSE, TRUE));
3919 * pmap_is_prefaultable:
3921 * Return whether or not the specified virtual address is eligible
3925 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3933 pte = pmap_pte(pmap, addr, &lvl);
3934 if (pte != NULL && pmap_load(pte) != 0) {
3942 * pmap_is_referenced:
3944 * Return whether or not the specified physical page was referenced
3945 * in any physical maps.
3948 pmap_is_referenced(vm_page_t m)
3951 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3952 ("pmap_is_referenced: page %p is not managed", m));
3953 return (pmap_page_test_mappings(m, TRUE, FALSE));
3957 * Clear the write and modified bits in each of the given page's mappings.
3960 pmap_remove_write(vm_page_t m)
3962 struct md_page *pvh;
3964 struct rwlock *lock;
3965 pv_entry_t next_pv, pv;
3966 pt_entry_t oldpte, *pte;
3968 int lvl, md_gen, pvh_gen;
3970 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3971 ("pmap_remove_write: page %p is not managed", m));
3974 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
3975 * set by another thread while the object is locked. Thus,
3976 * if PGA_WRITEABLE is clear, no page table entries need updating.
3978 VM_OBJECT_ASSERT_WLOCKED(m->object);
3979 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
3981 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3982 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
3983 pa_to_pvh(VM_PAGE_TO_PHYS(m));
3986 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
3988 if (!PMAP_TRYLOCK(pmap)) {
3989 pvh_gen = pvh->pv_gen;
3993 if (pvh_gen != pvh->pv_gen) {
4000 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4001 if ((pmap_load(pte) & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW))
4002 pmap_demote_l2_locked(pmap, pte, va & ~L2_OFFSET,
4004 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4005 ("inconsistent pv lock %p %p for page %p",
4006 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4009 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4011 if (!PMAP_TRYLOCK(pmap)) {
4012 pvh_gen = pvh->pv_gen;
4013 md_gen = m->md.pv_gen;
4017 if (pvh_gen != pvh->pv_gen ||
4018 md_gen != m->md.pv_gen) {
4024 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4026 oldpte = pmap_load(pte);
4027 if ((oldpte & ATTR_AP_RW_BIT) == ATTR_AP(ATTR_AP_RW)) {
4028 if (!atomic_cmpset_long(pte, oldpte,
4029 oldpte | ATTR_AP(ATTR_AP_RO)))
4031 if ((oldpte & ATTR_AF) != 0)
4033 pmap_invalidate_page(pmap, pv->pv_va);
4038 vm_page_aflag_clear(m, PGA_WRITEABLE);
4041 static __inline boolean_t
4042 safe_to_clear_referenced(pmap_t pmap, pt_entry_t pte)
4049 * pmap_ts_referenced:
4051 * Return a count of reference bits for a page, clearing those bits.
4052 * It is not necessary for every reference bit to be cleared, but it
4053 * is necessary that 0 only be returned when there are truly no
4054 * reference bits set.
4056 * As an optimization, update the page's dirty field if a modified bit is
4057 * found while counting reference bits. This opportunistic update can be
4058 * performed at low cost and can eliminate the need for some future calls
4059 * to pmap_is_modified(). However, since this function stops after
4060 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
4061 * dirty pages. Those dirty pages will only be detected by a future call
4062 * to pmap_is_modified().
4065 pmap_ts_referenced(vm_page_t m)
4067 struct md_page *pvh;
4070 struct rwlock *lock;
4071 pd_entry_t *pde, tpde;
4072 pt_entry_t *pte, tpte;
4076 int cleared, md_gen, not_cleared, lvl, pvh_gen;
4077 struct spglist free;
4080 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4081 ("pmap_ts_referenced: page %p is not managed", m));
4084 pa = VM_PAGE_TO_PHYS(m);
4085 lock = PHYS_TO_PV_LIST_LOCK(pa);
4086 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
4090 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
4091 goto small_mappings;
4097 if (!PMAP_TRYLOCK(pmap)) {
4098 pvh_gen = pvh->pv_gen;
4102 if (pvh_gen != pvh->pv_gen) {
4108 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4109 KASSERT(pde != NULL, ("pmap_ts_referenced: no l1 table found"));
4111 ("pmap_ts_referenced: invalid pde level %d", lvl));
4112 tpde = pmap_load(pde);
4113 KASSERT((tpde & ATTR_DESCR_MASK) == L1_TABLE,
4114 ("pmap_ts_referenced: found an invalid l1 table"));
4115 pte = pmap_l1_to_l2(pde, pv->pv_va);
4116 tpte = pmap_load(pte);
4117 if (pmap_page_dirty(tpte)) {
4119 * Although "tpte" is mapping a 2MB page, because
4120 * this function is called at a 4KB page granularity,
4121 * we only update the 4KB page under test.
4125 if ((tpte & ATTR_AF) != 0) {
4127 * Since this reference bit is shared by 512 4KB
4128 * pages, it should not be cleared every time it is
4129 * tested. Apply a simple "hash" function on the
4130 * physical page number, the virtual superpage number,
4131 * and the pmap address to select one 4KB page out of
4132 * the 512 on which testing the reference bit will
4133 * result in clearing that reference bit. This
4134 * function is designed to avoid the selection of the
4135 * same 4KB page for every 2MB page mapping.
4137 * On demotion, a mapping that hasn't been referenced
4138 * is simply destroyed. To avoid the possibility of a
4139 * subsequent page fault on a demoted wired mapping,
4140 * always leave its reference bit set. Moreover,
4141 * since the superpage is wired, the current state of
4142 * its reference bit won't affect page replacement.
4144 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
4145 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
4146 (tpte & ATTR_SW_WIRED) == 0) {
4147 if (safe_to_clear_referenced(pmap, tpte)) {
4149 * TODO: We don't handle the access
4150 * flag at all. We need to be able
4151 * to set it in the exception handler.
4154 "safe_to_clear_referenced\n");
4155 } else if (pmap_demote_l2_locked(pmap, pte,
4156 pv->pv_va, &lock) != NULL) {
4158 va += VM_PAGE_TO_PHYS(m) -
4159 (tpte & ~ATTR_MASK);
4160 l3 = pmap_l2_to_l3(pte, va);
4161 pmap_remove_l3(pmap, l3, va,
4162 pmap_load(pte), NULL, &lock);
4168 * The superpage mapping was removed
4169 * entirely and therefore 'pv' is no
4177 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4178 ("inconsistent pv lock %p %p for page %p",
4179 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4184 /* Rotate the PV list if it has more than one entry. */
4185 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4186 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4187 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4190 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
4192 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
4194 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
4201 if (!PMAP_TRYLOCK(pmap)) {
4202 pvh_gen = pvh->pv_gen;
4203 md_gen = m->md.pv_gen;
4207 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4212 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4213 KASSERT(pde != NULL, ("pmap_ts_referenced: no l2 table found"));
4215 ("pmap_ts_referenced: invalid pde level %d", lvl));
4216 tpde = pmap_load(pde);
4217 KASSERT((tpde & ATTR_DESCR_MASK) == L2_TABLE,
4218 ("pmap_ts_referenced: found an invalid l2 table"));
4219 pte = pmap_l2_to_l3(pde, pv->pv_va);
4220 tpte = pmap_load(pte);
4221 if (pmap_page_dirty(tpte))
4223 if ((tpte & ATTR_AF) != 0) {
4224 if (safe_to_clear_referenced(pmap, tpte)) {
4226 * TODO: We don't handle the access flag
4227 * at all. We need to be able to set it in
4228 * the exception handler.
4230 panic("ARM64TODO: safe_to_clear_referenced\n");
4231 } else if ((tpte & ATTR_SW_WIRED) == 0) {
4233 * Wired pages cannot be paged out so
4234 * doing accessed bit emulation for
4235 * them is wasted effort. We do the
4236 * hard work for unwired pages only.
4238 pmap_remove_l3(pmap, pte, pv->pv_va, tpde,
4240 pmap_invalidate_page(pmap, pv->pv_va);
4245 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4246 ("inconsistent pv lock %p %p for page %p",
4247 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4252 /* Rotate the PV list if it has more than one entry. */
4253 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4254 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4255 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4258 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
4259 not_cleared < PMAP_TS_REFERENCED_MAX);
4262 vm_page_free_pages_toq(&free, false);
4263 return (cleared + not_cleared);
4267 * Apply the given advice to the specified range of addresses within the
4268 * given pmap. Depending on the advice, clear the referenced and/or
4269 * modified flags in each mapping and set the mapped page's dirty field.
4272 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4277 * Clear the modify bits on the specified physical page.
4280 pmap_clear_modify(vm_page_t m)
4283 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4284 ("pmap_clear_modify: page %p is not managed", m));
4285 VM_OBJECT_ASSERT_WLOCKED(m->object);
4286 KASSERT(!vm_page_xbusied(m),
4287 ("pmap_clear_modify: page %p is exclusive busied", m));
4290 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4291 * If the object containing the page is locked and the page is not
4292 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4294 if ((m->aflags & PGA_WRITEABLE) == 0)
4297 /* ARM64TODO: We lack support for tracking if a page is modified */
4301 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
4303 struct pmap_preinit_mapping *ppim;
4304 vm_offset_t va, offset;
4307 int i, lvl, l2_blocks, free_l2_count, start_idx;
4309 if (!vm_initialized) {
4311 * No L3 ptables so map entire L2 blocks where start VA is:
4312 * preinit_map_va + start_idx * L2_SIZE
4313 * There may be duplicate mappings (multiple VA -> same PA) but
4314 * ARM64 dcache is always PIPT so that's acceptable.
4319 /* Calculate how many full L2 blocks are needed for the mapping */
4320 l2_blocks = (roundup2(pa + size, L2_SIZE) - rounddown2(pa, L2_SIZE)) >> L2_SHIFT;
4322 offset = pa & L2_OFFSET;
4324 if (preinit_map_va == 0)
4327 /* Map 2MiB L2 blocks from reserved VA space */
4331 /* Find enough free contiguous VA space */
4332 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
4333 ppim = pmap_preinit_mapping + i;
4334 if (free_l2_count > 0 && ppim->pa != 0) {
4335 /* Not enough space here */
4341 if (ppim->pa == 0) {
4343 if (start_idx == -1)
4346 if (free_l2_count == l2_blocks)
4350 if (free_l2_count != l2_blocks)
4351 panic("%s: too many preinit mappings", __func__);
4353 va = preinit_map_va + (start_idx * L2_SIZE);
4354 for (i = start_idx; i < start_idx + l2_blocks; i++) {
4355 /* Mark entries as allocated */
4356 ppim = pmap_preinit_mapping + i;
4358 ppim->va = va + offset;
4363 pa = rounddown2(pa, L2_SIZE);
4364 for (i = 0; i < l2_blocks; i++) {
4365 pde = pmap_pde(kernel_pmap, va, &lvl);
4366 KASSERT(pde != NULL,
4367 ("pmap_mapbios: Invalid page entry, va: 0x%lx", va));
4368 KASSERT(lvl == 1, ("pmap_mapbios: Invalid level %d", lvl));
4370 /* Insert L2_BLOCK */
4371 l2 = pmap_l1_to_l2(pde, va);
4373 pa | ATTR_DEFAULT | ATTR_XN |
4374 ATTR_IDX(CACHED_MEMORY) | L2_BLOCK);
4375 pmap_invalidate_range(kernel_pmap, va, va + L2_SIZE);
4381 va = preinit_map_va + (start_idx * L2_SIZE);
4384 /* kva_alloc may be used to map the pages */
4385 offset = pa & PAGE_MASK;
4386 size = round_page(offset + size);
4388 va = kva_alloc(size);
4390 panic("%s: Couldn't allocate KVA", __func__);
4392 pde = pmap_pde(kernel_pmap, va, &lvl);
4393 KASSERT(lvl == 2, ("pmap_mapbios: Invalid level %d", lvl));
4395 /* L3 table is linked */
4396 va = trunc_page(va);
4397 pa = trunc_page(pa);
4398 pmap_kenter(va, size, pa, CACHED_MEMORY);
4401 return ((void *)(va + offset));
4405 pmap_unmapbios(vm_offset_t va, vm_size_t size)
4407 struct pmap_preinit_mapping *ppim;
4408 vm_offset_t offset, tmpsize, va_trunc;
4411 int i, lvl, l2_blocks, block;
4413 l2_blocks = (roundup2(va + size, L2_SIZE) - rounddown2(va, L2_SIZE)) >> L2_SHIFT;
4414 KASSERT(l2_blocks > 0, ("pmap_unmapbios: invalid size %lx", size));
4416 /* Remove preinit mapping */
4418 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
4419 ppim = pmap_preinit_mapping + i;
4420 if (ppim->va == va) {
4421 KASSERT(ppim->size == size, ("pmap_unmapbios: size mismatch"));
4425 offset = block * L2_SIZE;
4426 va_trunc = rounddown2(va, L2_SIZE) + offset;
4428 /* Remove L2_BLOCK */
4429 pde = pmap_pde(kernel_pmap, va_trunc, &lvl);
4430 KASSERT(pde != NULL,
4431 ("pmap_unmapbios: Invalid page entry, va: 0x%lx", va_trunc));
4432 l2 = pmap_l1_to_l2(pde, va_trunc);
4433 pmap_load_clear(l2);
4434 pmap_invalidate_range(kernel_pmap, va_trunc, va_trunc + L2_SIZE);
4436 if (block == (l2_blocks - 1))
4442 /* Unmap the pages reserved with kva_alloc. */
4443 if (vm_initialized) {
4444 offset = va & PAGE_MASK;
4445 size = round_page(offset + size);
4446 va = trunc_page(va);
4448 pde = pmap_pde(kernel_pmap, va, &lvl);
4449 KASSERT(pde != NULL,
4450 ("pmap_unmapbios: Invalid page entry, va: 0x%lx", va));
4451 KASSERT(lvl == 2, ("pmap_unmapbios: Invalid level %d", lvl));
4453 /* Unmap and invalidate the pages */
4454 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
4455 pmap_kremove(va + tmpsize);
4462 * Sets the memory attribute for the specified page.
4465 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4468 m->md.pv_memattr = ma;
4471 * If "m" is a normal page, update its direct mapping. This update
4472 * can be relied upon to perform any cache operations that are
4473 * required for data coherence.
4475 if ((m->flags & PG_FICTITIOUS) == 0 &&
4476 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
4477 m->md.pv_memattr) != 0)
4478 panic("memory attribute change on the direct map failed");
4482 * Changes the specified virtual address range's memory type to that given by
4483 * the parameter "mode". The specified virtual address range must be
4484 * completely contained within either the direct map or the kernel map. If
4485 * the virtual address range is contained within the kernel map, then the
4486 * memory type for each of the corresponding ranges of the direct map is also
4487 * changed. (The corresponding ranges of the direct map are those ranges that
4488 * map the same physical pages as the specified virtual address range.) These
4489 * changes to the direct map are necessary because Intel describes the
4490 * behavior of their processors as "undefined" if two or more mappings to the
4491 * same physical page have different memory types.
4493 * Returns zero if the change completed successfully, and either EINVAL or
4494 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
4495 * of the virtual address range was not mapped, and ENOMEM is returned if
4496 * there was insufficient memory available to complete the change. In the
4497 * latter case, the memory type may have been changed on some part of the
4498 * virtual address range or the direct map.
4501 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
4505 PMAP_LOCK(kernel_pmap);
4506 error = pmap_change_attr_locked(va, size, mode);
4507 PMAP_UNLOCK(kernel_pmap);
4512 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode)
4514 vm_offset_t base, offset, tmpva;
4515 pt_entry_t l3, *pte, *newpte;
4518 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
4519 base = trunc_page(va);
4520 offset = va & PAGE_MASK;
4521 size = round_page(offset + size);
4523 if (!VIRT_IN_DMAP(base))
4526 for (tmpva = base; tmpva < base + size; ) {
4527 pte = pmap_pte(kernel_pmap, va, &lvl);
4531 if ((pmap_load(pte) & ATTR_IDX_MASK) == ATTR_IDX(mode)) {
4533 * We already have the correct attribute,
4534 * ignore this entry.
4538 panic("Invalid DMAP table level: %d\n", lvl);
4540 tmpva = (tmpva & ~L1_OFFSET) + L1_SIZE;
4543 tmpva = (tmpva & ~L2_OFFSET) + L2_SIZE;
4551 * Split the entry to an level 3 table, then
4552 * set the new attribute.
4556 panic("Invalid DMAP table level: %d\n", lvl);
4558 newpte = pmap_demote_l1(kernel_pmap, pte,
4559 tmpva & ~L1_OFFSET);
4562 pte = pmap_l1_to_l2(pte, tmpva);
4564 newpte = pmap_demote_l2(kernel_pmap, pte,
4565 tmpva & ~L2_OFFSET);
4568 pte = pmap_l2_to_l3(pte, tmpva);
4570 /* Update the entry */
4571 l3 = pmap_load(pte);
4572 l3 &= ~ATTR_IDX_MASK;
4573 l3 |= ATTR_IDX(mode);
4574 if (mode == DEVICE_MEMORY)
4577 pmap_update_entry(kernel_pmap, pte, l3, tmpva,
4581 * If moving to a non-cacheable entry flush
4584 if (mode == VM_MEMATTR_UNCACHEABLE)
4585 cpu_dcache_wbinv_range(tmpva, L3_SIZE);
4597 * Create an L2 table to map all addresses within an L1 mapping.
4600 pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va)
4602 pt_entry_t *l2, newl2, oldl1;
4604 vm_paddr_t l2phys, phys;
4608 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4609 oldl1 = pmap_load(l1);
4610 KASSERT((oldl1 & ATTR_DESCR_MASK) == L1_BLOCK,
4611 ("pmap_demote_l1: Demoting a non-block entry"));
4612 KASSERT((va & L1_OFFSET) == 0,
4613 ("pmap_demote_l1: Invalid virtual address %#lx", va));
4614 KASSERT((oldl1 & ATTR_SW_MANAGED) == 0,
4615 ("pmap_demote_l1: Level 1 table shouldn't be managed"));
4618 if (va <= (vm_offset_t)l1 && va + L1_SIZE > (vm_offset_t)l1) {
4619 tmpl1 = kva_alloc(PAGE_SIZE);
4624 if ((ml2 = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
4625 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
4626 CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx"
4627 " in pmap %p", va, pmap);
4631 l2phys = VM_PAGE_TO_PHYS(ml2);
4632 l2 = (pt_entry_t *)PHYS_TO_DMAP(l2phys);
4634 /* Address the range points at */
4635 phys = oldl1 & ~ATTR_MASK;
4636 /* The attributed from the old l1 table to be copied */
4637 newl2 = oldl1 & ATTR_MASK;
4639 /* Create the new entries */
4640 for (i = 0; i < Ln_ENTRIES; i++) {
4641 l2[i] = newl2 | phys;
4644 KASSERT(l2[0] == ((oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK),
4645 ("Invalid l2 page (%lx != %lx)", l2[0],
4646 (oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK));
4649 pmap_kenter(tmpl1, PAGE_SIZE,
4650 DMAP_TO_PHYS((vm_offset_t)l1) & ~L3_OFFSET, CACHED_MEMORY);
4651 l1 = (pt_entry_t *)(tmpl1 + ((vm_offset_t)l1 & PAGE_MASK));
4654 pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE);
4657 pmap_kremove(tmpl1);
4658 kva_free(tmpl1, PAGE_SIZE);
4665 * Create an L3 table to map all addresses within an L2 mapping.
4668 pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va,
4669 struct rwlock **lockp)
4671 pt_entry_t *l3, newl3, oldl2;
4673 vm_paddr_t l3phys, phys;
4677 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4679 oldl2 = pmap_load(l2);
4680 KASSERT((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK,
4681 ("pmap_demote_l2: Demoting a non-block entry"));
4682 KASSERT((va & L2_OFFSET) == 0,
4683 ("pmap_demote_l2: Invalid virtual address %#lx", va));
4686 if (va <= (vm_offset_t)l2 && va + L2_SIZE > (vm_offset_t)l2) {
4687 tmpl2 = kva_alloc(PAGE_SIZE);
4692 if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) {
4693 ml3 = vm_page_alloc(NULL, pmap_l2_pindex(va),
4694 (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
4695 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
4697 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx"
4698 " in pmap %p", va, pmap);
4701 if (va < VM_MAXUSER_ADDRESS)
4702 pmap_resident_count_inc(pmap, 1);
4705 l3phys = VM_PAGE_TO_PHYS(ml3);
4706 l3 = (pt_entry_t *)PHYS_TO_DMAP(l3phys);
4708 /* Address the range points at */
4709 phys = oldl2 & ~ATTR_MASK;
4710 /* The attributed from the old l2 table to be copied */
4711 newl3 = (oldl2 & (ATTR_MASK & ~ATTR_DESCR_MASK)) | L3_PAGE;
4714 * If the page table page is new, initialize it.
4716 if (ml3->wire_count == 1) {
4717 for (i = 0; i < Ln_ENTRIES; i++) {
4718 l3[i] = newl3 | phys;
4722 KASSERT(l3[0] == ((oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE),
4723 ("Invalid l3 page (%lx != %lx)", l3[0],
4724 (oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE));
4727 * Map the temporary page so we don't lose access to the l2 table.
4730 pmap_kenter(tmpl2, PAGE_SIZE,
4731 DMAP_TO_PHYS((vm_offset_t)l2) & ~L3_OFFSET, CACHED_MEMORY);
4732 l2 = (pt_entry_t *)(tmpl2 + ((vm_offset_t)l2 & PAGE_MASK));
4736 * The spare PV entries must be reserved prior to demoting the
4737 * mapping, that is, prior to changing the PDE. Otherwise, the state
4738 * of the L2 and the PV lists will be inconsistent, which can result
4739 * in reclaim_pv_chunk() attempting to remove a PV entry from the
4740 * wrong PV list and pmap_pv_demote_l2() failing to find the expected
4741 * PV entry for the 2MB page mapping that is being demoted.
4743 if ((oldl2 & ATTR_SW_MANAGED) != 0)
4744 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
4746 pmap_update_entry(pmap, l2, l3phys | L2_TABLE, va, PAGE_SIZE);
4749 * Demote the PV entry.
4751 if ((oldl2 & ATTR_SW_MANAGED) != 0)
4752 pmap_pv_demote_l2(pmap, va, oldl2 & ~ATTR_MASK, lockp);
4754 atomic_add_long(&pmap_l2_demotions, 1);
4755 CTR3(KTR_PMAP, "pmap_demote_l2: success for va %#lx"
4756 " in pmap %p %lx", va, pmap, l3[0]);
4760 pmap_kremove(tmpl2);
4761 kva_free(tmpl2, PAGE_SIZE);
4769 pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
4771 struct rwlock *lock;
4775 l3 = pmap_demote_l2_locked(pmap, l2, va, &lock);
4782 * perform the pmap work for mincore
4785 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
4787 pd_entry_t *l1p, l1;
4788 pd_entry_t *l2p, l2;
4789 pt_entry_t *l3p, l3;
4800 l1p = pmap_l1(pmap, addr);
4801 if (l1p == NULL) /* No l1 */
4804 l1 = pmap_load(l1p);
4805 if ((l1 & ATTR_DESCR_MASK) == L1_INVAL)
4808 if ((l1 & ATTR_DESCR_MASK) == L1_BLOCK) {
4809 pa = (l1 & ~ATTR_MASK) | (addr & L1_OFFSET);
4810 managed = (l1 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4811 val = MINCORE_SUPER | MINCORE_INCORE;
4812 if (pmap_page_dirty(l1))
4813 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4814 if ((l1 & ATTR_AF) == ATTR_AF)
4815 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4819 l2p = pmap_l1_to_l2(l1p, addr);
4820 if (l2p == NULL) /* No l2 */
4823 l2 = pmap_load(l2p);
4824 if ((l2 & ATTR_DESCR_MASK) == L2_INVAL)
4827 if ((l2 & ATTR_DESCR_MASK) == L2_BLOCK) {
4828 pa = (l2 & ~ATTR_MASK) | (addr & L2_OFFSET);
4829 managed = (l2 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4830 val = MINCORE_SUPER | MINCORE_INCORE;
4831 if (pmap_page_dirty(l2))
4832 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4833 if ((l2 & ATTR_AF) == ATTR_AF)
4834 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4838 l3p = pmap_l2_to_l3(l2p, addr);
4839 if (l3p == NULL) /* No l3 */
4842 l3 = pmap_load(l2p);
4843 if ((l3 & ATTR_DESCR_MASK) == L3_INVAL)
4846 if ((l3 & ATTR_DESCR_MASK) == L3_PAGE) {
4847 pa = (l3 & ~ATTR_MASK) | (addr & L3_OFFSET);
4848 managed = (l3 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
4849 val = MINCORE_INCORE;
4850 if (pmap_page_dirty(l3))
4851 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4852 if ((l3 & ATTR_AF) == ATTR_AF)
4853 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4857 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4858 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4859 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
4860 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
4863 PA_UNLOCK_COND(*locked_pa);
4870 pmap_activate(struct thread *td)
4875 pmap = vmspace_pmap(td->td_proc->p_vmspace);
4876 td->td_proc->p_md.md_l0addr = vtophys(pmap->pm_l0);
4877 __asm __volatile("msr ttbr0_el1, %0" : :
4878 "r"(td->td_proc->p_md.md_l0addr));
4879 pmap_invalidate_all(pmap);
4884 pmap_switch(struct thread *old, struct thread *new)
4886 pcpu_bp_harden bp_harden;
4889 /* Store the new curthread */
4890 PCPU_SET(curthread, new);
4892 /* And the new pcb */
4894 PCPU_SET(curpcb, pcb);
4897 * TODO: We may need to flush the cache here if switching
4898 * to a user process.
4902 old->td_proc->p_md.md_l0addr != new->td_proc->p_md.md_l0addr) {
4904 /* Switch to the new pmap */
4905 "msr ttbr0_el1, %0 \n"
4908 /* Invalidate the TLB */
4913 : : "r"(new->td_proc->p_md.md_l0addr));
4916 * Stop userspace from training the branch predictor against
4917 * other processes. This will call into a CPU specific
4918 * function that clears the branch predictor state.
4920 bp_harden = PCPU_GET(bp_harden);
4921 if (bp_harden != NULL)
4929 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
4932 if (va >= VM_MIN_KERNEL_ADDRESS) {
4933 cpu_icache_sync_range(va, sz);
4938 /* Find the length of data in this page to flush */
4939 offset = va & PAGE_MASK;
4940 len = imin(PAGE_SIZE - offset, sz);
4943 /* Extract the physical address & find it in the DMAP */
4944 pa = pmap_extract(pmap, va);
4946 cpu_icache_sync_range(PHYS_TO_DMAP(pa), len);
4948 /* Move to the next page */
4951 /* Set the length for the next iteration */
4952 len = imin(PAGE_SIZE, sz);
4958 pmap_fault(pmap_t pmap, uint64_t esr, uint64_t far)
4964 switch (ESR_ELx_EXCEPTION(esr)) {
4965 case EXCP_INSN_ABORT_L:
4966 case EXCP_INSN_ABORT:
4967 case EXCP_DATA_ABORT_L:
4968 case EXCP_DATA_ABORT:
4971 return (KERN_FAILURE);
4974 /* Data and insn aborts use same encoding for FCS field. */
4975 switch (esr & ISS_DATA_DFSC_MASK) {
4976 case ISS_DATA_DFSC_TF_L0:
4977 case ISS_DATA_DFSC_TF_L1:
4978 case ISS_DATA_DFSC_TF_L2:
4979 case ISS_DATA_DFSC_TF_L3:
4981 /* Ask the MMU to check the address */
4982 intr = intr_disable();
4983 if (pmap == kernel_pmap)
4984 par = arm64_address_translate_s1e1r(far);
4986 par = arm64_address_translate_s1e0r(far);
4991 * If the translation was successful the address was invalid
4992 * due to a break-before-make sequence. We can unlock and
4993 * return success to the trap handler.
4995 if (PAR_SUCCESS(par))
4996 return (KERN_SUCCESS);
5003 return (KERN_FAILURE);
5007 * Increase the starting virtual address of the given mapping if a
5008 * different alignment might result in more superpage mappings.
5011 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
5012 vm_offset_t *addr, vm_size_t size)
5014 vm_offset_t superpage_offset;
5018 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
5019 offset += ptoa(object->pg_color);
5020 superpage_offset = offset & L2_OFFSET;
5021 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
5022 (*addr & L2_OFFSET) == superpage_offset)
5024 if ((*addr & L2_OFFSET) < superpage_offset)
5025 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
5027 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
5031 * Get the kernel virtual address of a set of physical pages. If there are
5032 * physical addresses not covered by the DMAP perform a transient mapping
5033 * that will be removed when calling pmap_unmap_io_transient.
5035 * \param page The pages the caller wishes to obtain the virtual
5036 * address on the kernel memory map.
5037 * \param vaddr On return contains the kernel virtual memory address
5038 * of the pages passed in the page parameter.
5039 * \param count Number of pages passed in.
5040 * \param can_fault TRUE if the thread using the mapped pages can take
5041 * page faults, FALSE otherwise.
5043 * \returns TRUE if the caller must call pmap_unmap_io_transient when
5044 * finished or FALSE otherwise.
5048 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
5049 boolean_t can_fault)
5052 boolean_t needs_mapping;
5056 * Allocate any KVA space that we need, this is done in a separate
5057 * loop to prevent calling vmem_alloc while pinned.
5059 needs_mapping = FALSE;
5060 for (i = 0; i < count; i++) {
5061 paddr = VM_PAGE_TO_PHYS(page[i]);
5062 if (__predict_false(!PHYS_IN_DMAP(paddr))) {
5063 error = vmem_alloc(kernel_arena, PAGE_SIZE,
5064 M_BESTFIT | M_WAITOK, &vaddr[i]);
5065 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
5066 needs_mapping = TRUE;
5068 vaddr[i] = PHYS_TO_DMAP(paddr);
5072 /* Exit early if everything is covered by the DMAP */
5078 for (i = 0; i < count; i++) {
5079 paddr = VM_PAGE_TO_PHYS(page[i]);
5080 if (!PHYS_IN_DMAP(paddr)) {
5082 "pmap_map_io_transient: TODO: Map out of DMAP data");
5086 return (needs_mapping);
5090 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
5091 boolean_t can_fault)
5098 for (i = 0; i < count; i++) {
5099 paddr = VM_PAGE_TO_PHYS(page[i]);
5100 if (!PHYS_IN_DMAP(paddr)) {
5101 panic("ARM64TODO: pmap_unmap_io_transient: Unmap data");
projects / FreeBSD / FreeBSD.git / blob