2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
12 * Copyright (c) 2014 Andrew Turner
13 * All rights reserved.
14 * Copyright (c) 2014-2016 The FreeBSD Foundation
15 * All rights reserved.
17 * This code is derived from software contributed to Berkeley by
18 * the Systems Programming Group of the University of Utah Computer
19 * Science Department and William Jolitz of UUNET Technologies Inc.
21 * This software was developed by Andrew Turner under sponsorship from
22 * the FreeBSD Foundation.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in the
31 * documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 * must display the following acknowledgement:
34 * This product includes software developed by the University of
35 * California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
55 * Copyright (c) 2003 Networks Associates Technology, Inc.
56 * All rights reserved.
58 * This software was developed for the FreeBSD Project by Jake Burkholder,
59 * Safeport Network Services, and Network Associates Laboratories, the
60 * Security Research Division of Network Associates, Inc. under
61 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
62 * CHATS research program.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #include <sys/cdefs.h>
87 __FBSDID("$FreeBSD$");
90 * Manages physical address maps.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
110 #include <sys/param.h>
111 #include <sys/bitstring.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
116 #include <sys/limits.h>
117 #include <sys/lock.h>
118 #include <sys/malloc.h>
119 #include <sys/mman.h>
120 #include <sys/msgbuf.h>
121 #include <sys/mutex.h>
122 #include <sys/physmem.h>
123 #include <sys/proc.h>
124 #include <sys/rwlock.h>
125 #include <sys/sbuf.h>
127 #include <sys/vmem.h>
128 #include <sys/vmmeter.h>
129 #include <sys/sched.h>
130 #include <sys/sysctl.h>
131 #include <sys/_unrhdr.h>
135 #include <vm/vm_param.h>
136 #include <vm/vm_kern.h>
137 #include <vm/vm_page.h>
138 #include <vm/vm_map.h>
139 #include <vm/vm_object.h>
140 #include <vm/vm_extern.h>
141 #include <vm/vm_pageout.h>
142 #include <vm/vm_pager.h>
143 #include <vm/vm_phys.h>
144 #include <vm/vm_radix.h>
145 #include <vm/vm_reserv.h>
146 #include <vm/vm_dumpset.h>
149 #include <machine/machdep.h>
150 #include <machine/md_var.h>
151 #include <machine/pcb.h>
153 #define PMAP_ASSERT_STAGE1(pmap) MPASS((pmap)->pm_stage == PM_STAGE1)
154 #define PMAP_ASSERT_STAGE2(pmap) MPASS((pmap)->pm_stage == PM_STAGE2)
156 #define NL0PG (PAGE_SIZE/(sizeof (pd_entry_t)))
157 #define NL1PG (PAGE_SIZE/(sizeof (pd_entry_t)))
158 #define NL2PG (PAGE_SIZE/(sizeof (pd_entry_t)))
159 #define NL3PG (PAGE_SIZE/(sizeof (pt_entry_t)))
161 #define NUL0E L0_ENTRIES
162 #define NUL1E (NUL0E * NL1PG)
163 #define NUL2E (NUL1E * NL2PG)
165 #if !defined(DIAGNOSTIC)
166 #ifdef __GNUC_GNU_INLINE__
167 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
169 #define PMAP_INLINE extern inline
176 #define PV_STAT(x) do { x ; } while (0)
178 #define PV_STAT(x) do { } while (0)
181 #define pmap_l0_pindex(v) (NUL2E + NUL1E + ((v) >> L0_SHIFT))
182 #define pmap_l1_pindex(v) (NUL2E + ((v) >> L1_SHIFT))
183 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
185 static struct md_page *
186 pa_to_pvh(vm_paddr_t pa)
188 struct vm_phys_seg *seg;
191 for (segind = 0; segind < vm_phys_nsegs; segind++) {
192 seg = &vm_phys_segs[segind];
193 if (pa >= seg->start && pa < seg->end)
194 return ((struct md_page *)seg->md_first +
195 pmap_l2_pindex(pa) - pmap_l2_pindex(seg->start));
197 panic("pa 0x%jx not within vm_phys_segs", (uintmax_t)pa);
200 static struct md_page *
201 page_to_pvh(vm_page_t m)
203 struct vm_phys_seg *seg;
205 seg = &vm_phys_segs[m->segind];
206 return ((struct md_page *)seg->md_first +
207 pmap_l2_pindex(VM_PAGE_TO_PHYS(m)) - pmap_l2_pindex(seg->start));
210 #define NPV_LIST_LOCKS MAXCPU
212 #define PHYS_TO_PV_LIST_LOCK(pa) \
213 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
215 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
216 struct rwlock **_lockp = (lockp); \
217 struct rwlock *_new_lock; \
219 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
220 if (_new_lock != *_lockp) { \
221 if (*_lockp != NULL) \
222 rw_wunlock(*_lockp); \
223 *_lockp = _new_lock; \
228 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
229 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
231 #define RELEASE_PV_LIST_LOCK(lockp) do { \
232 struct rwlock **_lockp = (lockp); \
234 if (*_lockp != NULL) { \
235 rw_wunlock(*_lockp); \
240 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
241 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
244 * The presence of this flag indicates that the mapping is writeable.
245 * If the ATTR_S1_AP_RO bit is also set, then the mapping is clean, otherwise
246 * it is dirty. This flag may only be set on managed mappings.
248 * The DBM bit is reserved on ARMv8.0 but it seems we can safely treat it
249 * as a software managed bit.
251 #define ATTR_SW_DBM ATTR_DBM
253 struct pmap kernel_pmap_store;
255 /* Used for mapping ACPI memory before VM is initialized */
256 #define PMAP_PREINIT_MAPPING_COUNT 32
257 #define PMAP_PREINIT_MAPPING_SIZE (PMAP_PREINIT_MAPPING_COUNT * L2_SIZE)
258 static vm_offset_t preinit_map_va; /* Start VA of pre-init mapping space */
259 static int vm_initialized = 0; /* No need to use pre-init maps when set */
262 * Reserve a few L2 blocks starting from 'preinit_map_va' pointer.
263 * Always map entire L2 block for simplicity.
264 * VA of L2 block = preinit_map_va + i * L2_SIZE
266 static struct pmap_preinit_mapping {
270 } pmap_preinit_mapping[PMAP_PREINIT_MAPPING_COUNT];
272 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
273 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
274 vm_offset_t kernel_vm_end = 0;
277 * Data for the pv entry allocation mechanism.
279 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
280 static struct mtx pv_chunks_mutex;
281 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
282 static struct md_page *pv_table;
283 static struct md_page pv_dummy;
285 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
286 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
287 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
289 /* This code assumes all L1 DMAP entries will be used */
290 CTASSERT((DMAP_MIN_ADDRESS & ~L0_OFFSET) == DMAP_MIN_ADDRESS);
291 CTASSERT((DMAP_MAX_ADDRESS & ~L0_OFFSET) == DMAP_MAX_ADDRESS);
293 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
294 extern pt_entry_t pagetable_dmap[];
296 #define PHYSMAP_SIZE (2 * (VM_PHYSSEG_MAX - 1))
297 static vm_paddr_t physmap[PHYSMAP_SIZE];
298 static u_int physmap_idx;
300 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
301 "VM/pmap parameters");
304 * This ASID allocator uses a bit vector ("asid_set") to remember which ASIDs
305 * that it has currently allocated to a pmap, a cursor ("asid_next") to
306 * optimize its search for a free ASID in the bit vector, and an epoch number
307 * ("asid_epoch") to indicate when it has reclaimed all previously allocated
308 * ASIDs that are not currently active on a processor.
310 * The current epoch number is always in the range [0, INT_MAX). Negative
311 * numbers and INT_MAX are reserved for special cases that are described
320 struct mtx asid_set_mutex;
323 static struct asid_set asids;
324 static struct asid_set vmids;
326 static SYSCTL_NODE(_vm_pmap, OID_AUTO, asid, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
328 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, bits, CTLFLAG_RD, &asids.asid_bits, 0,
329 "The number of bits in an ASID");
330 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, next, CTLFLAG_RD, &asids.asid_next, 0,
331 "The last allocated ASID plus one");
332 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, epoch, CTLFLAG_RD, &asids.asid_epoch, 0,
333 "The current epoch number");
335 static SYSCTL_NODE(_vm_pmap, OID_AUTO, vmid, CTLFLAG_RD, 0, "VMID allocator");
336 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, bits, CTLFLAG_RD, &vmids.asid_bits, 0,
337 "The number of bits in an VMID");
338 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, next, CTLFLAG_RD, &vmids.asid_next, 0,
339 "The last allocated VMID plus one");
340 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, epoch, CTLFLAG_RD, &vmids.asid_epoch, 0,
341 "The current epoch number");
343 void (*pmap_clean_stage2_tlbi)(void);
344 void (*pmap_invalidate_vpipt_icache)(void);
347 * A pmap's cookie encodes an ASID and epoch number. Cookies for reserved
348 * ASIDs have a negative epoch number, specifically, INT_MIN. Cookies for
349 * dynamically allocated ASIDs have a non-negative epoch number.
351 * An invalid ASID is represented by -1.
353 * There are two special-case cookie values: (1) COOKIE_FROM(-1, INT_MIN),
354 * which indicates that an ASID should never be allocated to the pmap, and
355 * (2) COOKIE_FROM(-1, INT_MAX), which indicates that an ASID should be
356 * allocated when the pmap is next activated.
358 #define COOKIE_FROM(asid, epoch) ((long)((u_int)(asid) | \
359 ((u_long)(epoch) << 32)))
360 #define COOKIE_TO_ASID(cookie) ((int)(cookie))
361 #define COOKIE_TO_EPOCH(cookie) ((int)((u_long)(cookie) >> 32))
363 static int superpages_enabled = 1;
364 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
365 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &superpages_enabled, 0,
366 "Are large page mappings enabled?");
369 * Internal flags for pmap_enter()'s helper functions.
371 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
372 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
374 static void free_pv_chunk(struct pv_chunk *pc);
375 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
376 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
377 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
378 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
379 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
382 static void pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte);
383 static bool pmap_activate_int(pmap_t pmap);
384 static void pmap_alloc_asid(pmap_t pmap);
385 static int pmap_change_props_locked(vm_offset_t va, vm_size_t size,
386 vm_prot_t prot, int mode);
387 static pt_entry_t *pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va);
388 static pt_entry_t *pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2,
389 vm_offset_t va, struct rwlock **lockp);
390 static pt_entry_t *pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va);
391 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
392 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
393 static int pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2,
394 u_int flags, vm_page_t m, struct rwlock **lockp);
395 static int pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
396 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp);
397 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
398 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp);
399 static void pmap_reset_asid_set(pmap_t pmap);
400 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
401 vm_page_t m, struct rwlock **lockp);
403 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
404 struct rwlock **lockp);
406 static void _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m,
407 struct spglist *free);
408 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
409 static __inline vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
412 * These load the old table data and store the new value.
413 * They need to be atomic as the System MMU may write to the table at
414 * the same time as the CPU.
416 #define pmap_clear(table) atomic_store_64(table, 0)
417 #define pmap_clear_bits(table, bits) atomic_clear_64(table, bits)
418 #define pmap_load(table) (*table)
419 #define pmap_load_clear(table) atomic_swap_64(table, 0)
420 #define pmap_load_store(table, entry) atomic_swap_64(table, entry)
421 #define pmap_set_bits(table, bits) atomic_set_64(table, bits)
422 #define pmap_store(table, entry) atomic_store_64(table, entry)
424 /********************/
425 /* Inline functions */
426 /********************/
429 pagecopy(void *s, void *d)
432 memcpy(d, s, PAGE_SIZE);
435 static __inline pd_entry_t *
436 pmap_l0(pmap_t pmap, vm_offset_t va)
439 return (&pmap->pm_l0[pmap_l0_index(va)]);
442 static __inline pd_entry_t *
443 pmap_l0_to_l1(pd_entry_t *l0, vm_offset_t va)
447 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
448 return (&l1[pmap_l1_index(va)]);
451 static __inline pd_entry_t *
452 pmap_l1(pmap_t pmap, vm_offset_t va)
456 l0 = pmap_l0(pmap, va);
457 if ((pmap_load(l0) & ATTR_DESCR_MASK) != L0_TABLE)
460 return (pmap_l0_to_l1(l0, va));
463 static __inline pd_entry_t *
464 pmap_l1_to_l2(pd_entry_t *l1p, vm_offset_t va)
470 KASSERT(ADDR_IS_CANONICAL(va),
471 ("%s: Address not in canonical form: %lx", __func__, va));
473 * The valid bit may be clear if pmap_update_entry() is concurrently
474 * modifying the entry, so for KVA only the entry type may be checked.
476 KASSERT(ADDR_IS_KERNEL(va) || (l1 & ATTR_DESCR_VALID) != 0,
477 ("%s: L1 entry %#lx for %#lx is invalid", __func__, l1, va));
478 KASSERT((l1 & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_TABLE,
479 ("%s: L1 entry %#lx for %#lx is a leaf", __func__, l1, va));
480 l2p = (pd_entry_t *)PHYS_TO_DMAP(l1 & ~ATTR_MASK);
481 return (&l2p[pmap_l2_index(va)]);
484 static __inline pd_entry_t *
485 pmap_l2(pmap_t pmap, vm_offset_t va)
489 l1 = pmap_l1(pmap, va);
490 if ((pmap_load(l1) & ATTR_DESCR_MASK) != L1_TABLE)
493 return (pmap_l1_to_l2(l1, va));
496 static __inline pt_entry_t *
497 pmap_l2_to_l3(pd_entry_t *l2p, vm_offset_t va)
504 KASSERT(ADDR_IS_CANONICAL(va),
505 ("%s: Address not in canonical form: %lx", __func__, va));
507 * The valid bit may be clear if pmap_update_entry() is concurrently
508 * modifying the entry, so for KVA only the entry type may be checked.
510 KASSERT(ADDR_IS_KERNEL(va) || (l2 & ATTR_DESCR_VALID) != 0,
511 ("%s: L2 entry %#lx for %#lx is invalid", __func__, l2, va));
512 KASSERT((l2 & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_TABLE,
513 ("%s: L2 entry %#lx for %#lx is a leaf", __func__, l2, va));
514 l3p = (pt_entry_t *)PHYS_TO_DMAP(l2 & ~ATTR_MASK);
515 return (&l3p[pmap_l3_index(va)]);
519 * Returns the lowest valid pde for a given virtual address.
520 * The next level may or may not point to a valid page or block.
522 static __inline pd_entry_t *
523 pmap_pde(pmap_t pmap, vm_offset_t va, int *level)
525 pd_entry_t *l0, *l1, *l2, desc;
527 l0 = pmap_l0(pmap, va);
528 desc = pmap_load(l0) & ATTR_DESCR_MASK;
529 if (desc != L0_TABLE) {
534 l1 = pmap_l0_to_l1(l0, va);
535 desc = pmap_load(l1) & ATTR_DESCR_MASK;
536 if (desc != L1_TABLE) {
541 l2 = pmap_l1_to_l2(l1, va);
542 desc = pmap_load(l2) & ATTR_DESCR_MASK;
543 if (desc != L2_TABLE) {
553 * Returns the lowest valid pte block or table entry for a given virtual
554 * address. If there are no valid entries return NULL and set the level to
555 * the first invalid level.
557 static __inline pt_entry_t *
558 pmap_pte(pmap_t pmap, vm_offset_t va, int *level)
560 pd_entry_t *l1, *l2, desc;
563 l1 = pmap_l1(pmap, va);
568 desc = pmap_load(l1) & ATTR_DESCR_MASK;
569 if (desc == L1_BLOCK) {
574 if (desc != L1_TABLE) {
579 l2 = pmap_l1_to_l2(l1, va);
580 desc = pmap_load(l2) & ATTR_DESCR_MASK;
581 if (desc == L2_BLOCK) {
586 if (desc != L2_TABLE) {
592 l3 = pmap_l2_to_l3(l2, va);
593 if ((pmap_load(l3) & ATTR_DESCR_MASK) != L3_PAGE)
600 pmap_ps_enabled(pmap_t pmap __unused)
603 return (superpages_enabled != 0);
607 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l0, pd_entry_t **l1,
608 pd_entry_t **l2, pt_entry_t **l3)
610 pd_entry_t *l0p, *l1p, *l2p;
612 if (pmap->pm_l0 == NULL)
615 l0p = pmap_l0(pmap, va);
618 if ((pmap_load(l0p) & ATTR_DESCR_MASK) != L0_TABLE)
621 l1p = pmap_l0_to_l1(l0p, va);
624 if ((pmap_load(l1p) & ATTR_DESCR_MASK) == L1_BLOCK) {
630 if ((pmap_load(l1p) & ATTR_DESCR_MASK) != L1_TABLE)
633 l2p = pmap_l1_to_l2(l1p, va);
636 if ((pmap_load(l2p) & ATTR_DESCR_MASK) == L2_BLOCK) {
641 if ((pmap_load(l2p) & ATTR_DESCR_MASK) != L2_TABLE)
644 *l3 = pmap_l2_to_l3(l2p, va);
650 pmap_l3_valid(pt_entry_t l3)
653 return ((l3 & ATTR_DESCR_MASK) == L3_PAGE);
656 CTASSERT(L1_BLOCK == L2_BLOCK);
659 pmap_pte_memattr(pmap_t pmap, vm_memattr_t memattr)
663 if (pmap->pm_stage == PM_STAGE1) {
664 val = ATTR_S1_IDX(memattr);
665 if (memattr == VM_MEMATTR_DEVICE)
673 case VM_MEMATTR_DEVICE:
674 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_DEVICE_nGnRnE) |
675 ATTR_S2_XN(ATTR_S2_XN_ALL));
676 case VM_MEMATTR_UNCACHEABLE:
677 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_NC));
678 case VM_MEMATTR_WRITE_BACK:
679 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WB));
680 case VM_MEMATTR_WRITE_THROUGH:
681 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WT));
683 panic("%s: invalid memory attribute %x", __func__, memattr);
688 pmap_pte_prot(pmap_t pmap, vm_prot_t prot)
693 if (pmap->pm_stage == PM_STAGE1) {
694 if ((prot & VM_PROT_EXECUTE) == 0)
696 if ((prot & VM_PROT_WRITE) == 0)
697 val |= ATTR_S1_AP(ATTR_S1_AP_RO);
699 if ((prot & VM_PROT_WRITE) != 0)
700 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE);
701 if ((prot & VM_PROT_READ) != 0)
702 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_READ);
703 if ((prot & VM_PROT_EXECUTE) == 0)
704 val |= ATTR_S2_XN(ATTR_S2_XN_ALL);
711 * Checks if the PTE is dirty.
714 pmap_pte_dirty(pmap_t pmap, pt_entry_t pte)
717 KASSERT((pte & ATTR_SW_MANAGED) != 0, ("pte %#lx is unmanaged", pte));
719 if (pmap->pm_stage == PM_STAGE1) {
720 KASSERT((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) != 0,
721 ("pte %#lx is writeable and missing ATTR_SW_DBM", pte));
723 return ((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
724 (ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_SW_DBM));
727 return ((pte & ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE)) ==
728 ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE));
732 pmap_resident_count_inc(pmap_t pmap, int count)
735 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
736 pmap->pm_stats.resident_count += count;
740 pmap_resident_count_dec(pmap_t pmap, int count)
743 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
744 KASSERT(pmap->pm_stats.resident_count >= count,
745 ("pmap %p resident count underflow %ld %d", pmap,
746 pmap->pm_stats.resident_count, count));
747 pmap->pm_stats.resident_count -= count;
751 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
755 pa_page = arm64_address_translate_s1e1r(va) & PAR_PA_MASK;
756 return (pa_page | (va & PAR_LOW_MASK));
760 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa,
761 vm_offset_t freemempos)
765 vm_paddr_t l2_pa, pa;
766 u_int l1_slot, l2_slot, prev_l1_slot;
769 dmap_phys_base = min_pa & ~L1_OFFSET;
775 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
776 memset(pagetable_dmap, 0, PAGE_SIZE * DMAP_TABLES);
778 for (i = 0; i < (physmap_idx * 2); i += 2) {
779 pa = physmap[i] & ~L2_OFFSET;
780 va = pa - dmap_phys_base + DMAP_MIN_ADDRESS;
782 /* Create L2 mappings at the start of the region */
783 if ((pa & L1_OFFSET) != 0) {
784 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
785 if (l1_slot != prev_l1_slot) {
786 prev_l1_slot = l1_slot;
787 l2 = (pt_entry_t *)freemempos;
788 l2_pa = pmap_early_vtophys(kern_l1,
790 freemempos += PAGE_SIZE;
792 pmap_store(&pagetable_dmap[l1_slot],
793 (l2_pa & ~Ln_TABLE_MASK) |
794 TATTR_PXN_TABLE | L1_TABLE);
796 memset(l2, 0, PAGE_SIZE);
799 ("pmap_bootstrap_dmap: NULL l2 map"));
800 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
801 pa += L2_SIZE, va += L2_SIZE) {
803 * We are on a boundary, stop to
804 * create a level 1 block
806 if ((pa & L1_OFFSET) == 0)
809 l2_slot = pmap_l2_index(va);
810 KASSERT(l2_slot != 0, ("..."));
811 pmap_store(&l2[l2_slot],
812 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
814 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
817 KASSERT(va == (pa - dmap_phys_base + DMAP_MIN_ADDRESS),
821 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1] &&
822 (physmap[i + 1] - pa) >= L1_SIZE;
823 pa += L1_SIZE, va += L1_SIZE) {
824 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
825 pmap_store(&pagetable_dmap[l1_slot],
826 (pa & ~L1_OFFSET) | ATTR_DEFAULT | ATTR_S1_XN |
827 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L1_BLOCK);
830 /* Create L2 mappings at the end of the region */
831 if (pa < physmap[i + 1]) {
832 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
833 if (l1_slot != prev_l1_slot) {
834 prev_l1_slot = l1_slot;
835 l2 = (pt_entry_t *)freemempos;
836 l2_pa = pmap_early_vtophys(kern_l1,
838 freemempos += PAGE_SIZE;
840 pmap_store(&pagetable_dmap[l1_slot],
841 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
843 memset(l2, 0, PAGE_SIZE);
846 ("pmap_bootstrap_dmap: NULL l2 map"));
847 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
848 pa += L2_SIZE, va += L2_SIZE) {
849 l2_slot = pmap_l2_index(va);
850 pmap_store(&l2[l2_slot],
851 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
853 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
858 if (pa > dmap_phys_max) {
870 pmap_bootstrap_l2(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l2_start)
877 KASSERT((va & L1_OFFSET) == 0, ("Invalid virtual address"));
879 l1 = (pd_entry_t *)l1pt;
880 l1_slot = pmap_l1_index(va);
883 for (; va < VM_MAX_KERNEL_ADDRESS; l1_slot++, va += L1_SIZE) {
884 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
886 pa = pmap_early_vtophys(l1pt, l2pt);
887 pmap_store(&l1[l1_slot],
888 (pa & ~Ln_TABLE_MASK) | L1_TABLE);
892 /* Clean the L2 page table */
893 memset((void *)l2_start, 0, l2pt - l2_start);
899 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
906 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
908 l2 = pmap_l2(kernel_pmap, va);
909 l2 = (pd_entry_t *)rounddown2((uintptr_t)l2, PAGE_SIZE);
910 l2_slot = pmap_l2_index(va);
913 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
914 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
916 pa = pmap_early_vtophys(l1pt, l3pt);
917 pmap_store(&l2[l2_slot],
918 (pa & ~Ln_TABLE_MASK) | ATTR_S1_UXN | L2_TABLE);
922 /* Clean the L2 page table */
923 memset((void *)l3_start, 0, l3pt - l3_start);
929 * Bootstrap the system enough to run with virtual memory.
932 pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
935 vm_offset_t freemempos;
936 vm_offset_t dpcpu, msgbufpv;
937 vm_paddr_t start_pa, pa, min_pa;
941 /* Verify that the ASID is set through TTBR0. */
942 KASSERT((READ_SPECIALREG(tcr_el1) & TCR_A1) == 0,
943 ("pmap_bootstrap: TCR_EL1.A1 != 0"));
945 kern_delta = KERNBASE - kernstart;
947 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
948 printf("%lx\n", l1pt);
949 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
951 /* Set this early so we can use the pagetable walking functions */
952 kernel_pmap_store.pm_l0 = (pd_entry_t *)l0pt;
953 PMAP_LOCK_INIT(kernel_pmap);
954 kernel_pmap->pm_l0_paddr = l0pt - kern_delta;
955 kernel_pmap->pm_cookie = COOKIE_FROM(-1, INT_MIN);
956 kernel_pmap->pm_stage = PM_STAGE1;
957 kernel_pmap->pm_levels = 4;
958 kernel_pmap->pm_ttbr = kernel_pmap->pm_l0_paddr;
959 kernel_pmap->pm_asid_set = &asids;
961 /* Assume the address we were loaded to is a valid physical address */
962 min_pa = KERNBASE - kern_delta;
964 physmap_idx = physmem_avail(physmap, nitems(physmap));
968 * Find the minimum physical address. physmap is sorted,
969 * but may contain empty ranges.
971 for (i = 0; i < physmap_idx * 2; i += 2) {
972 if (physmap[i] == physmap[i + 1])
974 if (physmap[i] <= min_pa)
978 freemempos = KERNBASE + kernlen;
979 freemempos = roundup2(freemempos, PAGE_SIZE);
981 /* Create a direct map region early so we can use it for pa -> va */
982 freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos);
984 start_pa = pa = KERNBASE - kern_delta;
987 * Create the l2 tables up to VM_MAX_KERNEL_ADDRESS. We assume that the
988 * loader allocated the first and only l2 page table page used to map
989 * the kernel, preloaded files and module metadata.
991 freemempos = pmap_bootstrap_l2(l1pt, KERNBASE + L1_SIZE, freemempos);
992 /* And the l3 tables for the early devmap */
993 freemempos = pmap_bootstrap_l3(l1pt,
994 VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE), freemempos);
998 #define alloc_pages(var, np) \
999 (var) = freemempos; \
1000 freemempos += (np * PAGE_SIZE); \
1001 memset((char *)(var), 0, ((np) * PAGE_SIZE));
1003 /* Allocate dynamic per-cpu area. */
1004 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
1005 dpcpu_init((void *)dpcpu, 0);
1007 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
1008 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
1009 msgbufp = (void *)msgbufpv;
1011 /* Reserve some VA space for early BIOS/ACPI mapping */
1012 preinit_map_va = roundup2(freemempos, L2_SIZE);
1014 virtual_avail = preinit_map_va + PMAP_PREINIT_MAPPING_SIZE;
1015 virtual_avail = roundup2(virtual_avail, L1_SIZE);
1016 virtual_end = VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE);
1017 kernel_vm_end = virtual_avail;
1019 pa = pmap_early_vtophys(l1pt, freemempos);
1021 physmem_exclude_region(start_pa, pa - start_pa, EXFLAG_NOALLOC);
1027 * Initialize a vm_page's machine-dependent fields.
1030 pmap_page_init(vm_page_t m)
1033 TAILQ_INIT(&m->md.pv_list);
1034 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
1038 pmap_init_asids(struct asid_set *set, int bits)
1042 set->asid_bits = bits;
1045 * We may be too early in the overall initialization process to use
1048 set->asid_set_size = 1 << set->asid_bits;
1049 set->asid_set = (bitstr_t *)kmem_malloc(bitstr_size(set->asid_set_size),
1051 for (i = 0; i < ASID_FIRST_AVAILABLE; i++)
1052 bit_set(set->asid_set, i);
1053 set->asid_next = ASID_FIRST_AVAILABLE;
1054 mtx_init(&set->asid_set_mutex, "asid set", NULL, MTX_SPIN);
1058 * Initialize the pmap module.
1059 * Called by vm_init, to initialize any structures that the pmap
1060 * system needs to map virtual memory.
1065 struct vm_phys_seg *seg, *next_seg;
1066 struct md_page *pvh;
1069 int i, pv_npg, vmid_bits;
1072 * Are large page mappings enabled?
1074 TUNABLE_INT_FETCH("vm.pmap.superpages_enabled", &superpages_enabled);
1075 if (superpages_enabled) {
1076 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1077 ("pmap_init: can't assign to pagesizes[1]"));
1078 pagesizes[1] = L2_SIZE;
1079 KASSERT(MAXPAGESIZES > 2 && pagesizes[2] == 0,
1080 ("pmap_init: can't assign to pagesizes[2]"));
1081 pagesizes[2] = L1_SIZE;
1085 * Initialize the ASID allocator.
1087 pmap_init_asids(&asids,
1088 (READ_SPECIALREG(tcr_el1) & TCR_ASID_16) != 0 ? 16 : 8);
1091 mmfr1 = READ_SPECIALREG(id_aa64mmfr1_el1);
1094 if (ID_AA64MMFR1_VMIDBits_VAL(mmfr1) ==
1095 ID_AA64MMFR1_VMIDBits_16)
1097 pmap_init_asids(&vmids, vmid_bits);
1101 * Initialize the pv chunk list mutex.
1103 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
1106 * Initialize the pool of pv list locks.
1108 for (i = 0; i < NPV_LIST_LOCKS; i++)
1109 rw_init(&pv_list_locks[i], "pmap pv list");
1112 * Calculate the size of the pv head table for superpages.
1115 for (i = 0; i < vm_phys_nsegs; i++) {
1116 seg = &vm_phys_segs[i];
1117 pv_npg += pmap_l2_pindex(roundup2(seg->end, L2_SIZE)) -
1118 pmap_l2_pindex(seg->start);
1122 * Allocate memory for the pv head table for superpages.
1124 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1126 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
1127 for (i = 0; i < pv_npg; i++)
1128 TAILQ_INIT(&pv_table[i].pv_list);
1129 TAILQ_INIT(&pv_dummy.pv_list);
1132 * Set pointers from vm_phys_segs to pv_table.
1134 for (i = 0, pvh = pv_table; i < vm_phys_nsegs; i++) {
1135 seg = &vm_phys_segs[i];
1136 seg->md_first = pvh;
1137 pvh += pmap_l2_pindex(roundup2(seg->end, L2_SIZE)) -
1138 pmap_l2_pindex(seg->start);
1141 * If there is a following segment, and the final
1142 * superpage of this segment and the initial superpage
1143 * of the next segment are the same then adjust the
1144 * pv_table entry for that next segment down by one so
1145 * that the pv_table entries will be shared.
1147 if (i + 1 < vm_phys_nsegs) {
1148 next_seg = &vm_phys_segs[i + 1];
1149 if (pmap_l2_pindex(roundup2(seg->end, L2_SIZE)) - 1 ==
1150 pmap_l2_pindex(next_seg->start)) {
1159 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
1160 "2MB page mapping counters");
1162 static u_long pmap_l2_demotions;
1163 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
1164 &pmap_l2_demotions, 0, "2MB page demotions");
1166 static u_long pmap_l2_mappings;
1167 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, mappings, CTLFLAG_RD,
1168 &pmap_l2_mappings, 0, "2MB page mappings");
1170 static u_long pmap_l2_p_failures;
1171 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
1172 &pmap_l2_p_failures, 0, "2MB page promotion failures");
1174 static u_long pmap_l2_promotions;
1175 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
1176 &pmap_l2_promotions, 0, "2MB page promotions");
1179 * Invalidate a single TLB entry.
1181 static __inline void
1182 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
1186 PMAP_ASSERT_STAGE1(pmap);
1189 if (pmap == kernel_pmap) {
1191 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1193 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) | atop(va);
1194 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1200 static __inline void
1201 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1203 uint64_t end, r, start;
1205 PMAP_ASSERT_STAGE1(pmap);
1208 if (pmap == kernel_pmap) {
1211 for (r = start; r < end; r++)
1212 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1214 start = end = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1217 for (r = start; r < end; r++)
1218 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1224 static __inline void
1225 pmap_invalidate_all(pmap_t pmap)
1229 PMAP_ASSERT_STAGE1(pmap);
1232 if (pmap == kernel_pmap) {
1233 __asm __volatile("tlbi vmalle1is");
1235 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1236 __asm __volatile("tlbi aside1is, %0" : : "r" (r));
1243 * Routine: pmap_extract
1245 * Extract the physical page address associated
1246 * with the given map/virtual_address pair.
1249 pmap_extract(pmap_t pmap, vm_offset_t va)
1251 pt_entry_t *pte, tpte;
1258 * Find the block or page map for this virtual address. pmap_pte
1259 * will return either a valid block/page entry, or NULL.
1261 pte = pmap_pte(pmap, va, &lvl);
1263 tpte = pmap_load(pte);
1264 pa = tpte & ~ATTR_MASK;
1267 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1268 ("pmap_extract: Invalid L1 pte found: %lx",
1269 tpte & ATTR_DESCR_MASK));
1270 pa |= (va & L1_OFFSET);
1273 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1274 ("pmap_extract: Invalid L2 pte found: %lx",
1275 tpte & ATTR_DESCR_MASK));
1276 pa |= (va & L2_OFFSET);
1279 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1280 ("pmap_extract: Invalid L3 pte found: %lx",
1281 tpte & ATTR_DESCR_MASK));
1282 pa |= (va & L3_OFFSET);
1291 * Routine: pmap_extract_and_hold
1293 * Atomically extract and hold the physical page
1294 * with the given pmap and virtual address pair
1295 * if that mapping permits the given protection.
1298 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1300 pt_entry_t *pte, tpte;
1308 pte = pmap_pte(pmap, va, &lvl);
1310 tpte = pmap_load(pte);
1312 KASSERT(lvl > 0 && lvl <= 3,
1313 ("pmap_extract_and_hold: Invalid level %d", lvl));
1314 CTASSERT(L1_BLOCK == L2_BLOCK);
1315 KASSERT((lvl == 3 && (tpte & ATTR_DESCR_MASK) == L3_PAGE) ||
1316 (lvl < 3 && (tpte & ATTR_DESCR_MASK) == L1_BLOCK),
1317 ("pmap_extract_and_hold: Invalid pte at L%d: %lx", lvl,
1318 tpte & ATTR_DESCR_MASK));
1321 if ((prot & VM_PROT_WRITE) == 0)
1323 else if (pmap->pm_stage == PM_STAGE1 &&
1324 (tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW))
1326 else if (pmap->pm_stage == PM_STAGE2 &&
1327 ((tpte & ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE)) ==
1328 ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE)))
1334 off = va & L1_OFFSET;
1337 off = va & L2_OFFSET;
1343 m = PHYS_TO_VM_PAGE((tpte & ~ATTR_MASK) | off);
1344 if (m != NULL && !vm_page_wire_mapped(m))
1353 * Walks the page tables to translate a kernel virtual address to a
1354 * physical address. Returns true if the kva is valid and stores the
1355 * physical address in pa if it is not NULL.
1358 pmap_klookup(vm_offset_t va, vm_paddr_t *pa)
1360 pt_entry_t *pte, tpte;
1365 * Disable interrupts so we don't get interrupted between asking
1366 * for address translation, and getting the result back.
1368 intr = intr_disable();
1369 par = arm64_address_translate_s1e1r(va);
1372 if (PAR_SUCCESS(par)) {
1374 *pa = (par & PAR_PA_MASK) | (va & PAR_LOW_MASK);
1379 * Fall back to walking the page table. The address translation
1380 * instruction may fail when the page is in a break-before-make
1381 * sequence. As we only clear the valid bit in said sequence we
1382 * can walk the page table to find the physical address.
1385 pte = pmap_l1(kernel_pmap, va);
1390 * A concurrent pmap_update_entry() will clear the entry's valid bit
1391 * but leave the rest of the entry unchanged. Therefore, we treat a
1392 * non-zero entry as being valid, and we ignore the valid bit when
1393 * determining whether the entry maps a block, page, or table.
1395 tpte = pmap_load(pte);
1398 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK) {
1400 *pa = (tpte & ~ATTR_MASK) | (va & L1_OFFSET);
1403 pte = pmap_l1_to_l2(&tpte, va);
1404 tpte = pmap_load(pte);
1407 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK) {
1409 *pa = (tpte & ~ATTR_MASK) | (va & L2_OFFSET);
1412 pte = pmap_l2_to_l3(&tpte, va);
1413 tpte = pmap_load(pte);
1417 *pa = (tpte & ~ATTR_MASK) | (va & L3_OFFSET);
1422 pmap_kextract(vm_offset_t va)
1426 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
1427 return (DMAP_TO_PHYS(va));
1429 if (pmap_klookup(va, &pa) == false)
1434 /***************************************************
1435 * Low level mapping routines.....
1436 ***************************************************/
1439 pmap_kenter(vm_offset_t sva, vm_size_t size, vm_paddr_t pa, int mode)
1442 pt_entry_t *pte, attr;
1446 KASSERT((pa & L3_OFFSET) == 0,
1447 ("pmap_kenter: Invalid physical address"));
1448 KASSERT((sva & L3_OFFSET) == 0,
1449 ("pmap_kenter: Invalid virtual address"));
1450 KASSERT((size & PAGE_MASK) == 0,
1451 ("pmap_kenter: Mapping is not page-sized"));
1453 attr = ATTR_DEFAULT | ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1454 ATTR_S1_IDX(mode) | L3_PAGE;
1457 pde = pmap_pde(kernel_pmap, va, &lvl);
1458 KASSERT(pde != NULL,
1459 ("pmap_kenter: Invalid page entry, va: 0x%lx", va));
1460 KASSERT(lvl == 2, ("pmap_kenter: Invalid level %d", lvl));
1462 pte = pmap_l2_to_l3(pde, va);
1463 pmap_load_store(pte, (pa & ~L3_OFFSET) | attr);
1469 pmap_invalidate_range(kernel_pmap, sva, va);
1473 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
1476 pmap_kenter(sva, size, pa, VM_MEMATTR_DEVICE);
1480 * Remove a page from the kernel pagetables.
1483 pmap_kremove(vm_offset_t va)
1488 pte = pmap_pte(kernel_pmap, va, &lvl);
1489 KASSERT(pte != NULL, ("pmap_kremove: Invalid address"));
1490 KASSERT(lvl == 3, ("pmap_kremove: Invalid pte level %d", lvl));
1493 pmap_invalidate_page(kernel_pmap, va);
1497 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
1503 KASSERT((sva & L3_OFFSET) == 0,
1504 ("pmap_kremove_device: Invalid virtual address"));
1505 KASSERT((size & PAGE_MASK) == 0,
1506 ("pmap_kremove_device: Mapping is not page-sized"));
1510 pte = pmap_pte(kernel_pmap, va, &lvl);
1511 KASSERT(pte != NULL, ("Invalid page table, va: 0x%lx", va));
1513 ("Invalid device pagetable level: %d != 3", lvl));
1519 pmap_invalidate_range(kernel_pmap, sva, va);
1523 * Used to map a range of physical addresses into kernel
1524 * virtual address space.
1526 * The value passed in '*virt' is a suggested virtual address for
1527 * the mapping. Architectures which can support a direct-mapped
1528 * physical to virtual region can return the appropriate address
1529 * within that region, leaving '*virt' unchanged. Other
1530 * architectures should map the pages starting at '*virt' and
1531 * update '*virt' with the first usable address after the mapped
1535 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1537 return PHYS_TO_DMAP(start);
1541 * Add a list of wired pages to the kva
1542 * this routine is only used for temporary
1543 * kernel mappings that do not need to have
1544 * page modification or references recorded.
1545 * Note that old mappings are simply written
1546 * over. The page *must* be wired.
1547 * Note: SMP coherent. Uses a ranged shootdown IPI.
1550 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1553 pt_entry_t *pte, pa;
1559 for (i = 0; i < count; i++) {
1560 pde = pmap_pde(kernel_pmap, va, &lvl);
1561 KASSERT(pde != NULL,
1562 ("pmap_qenter: Invalid page entry, va: 0x%lx", va));
1564 ("pmap_qenter: Invalid level %d", lvl));
1567 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
1568 ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1569 ATTR_S1_IDX(m->md.pv_memattr) | L3_PAGE;
1570 pte = pmap_l2_to_l3(pde, va);
1571 pmap_load_store(pte, pa);
1575 pmap_invalidate_range(kernel_pmap, sva, va);
1579 * This routine tears out page mappings from the
1580 * kernel -- it is meant only for temporary mappings.
1583 pmap_qremove(vm_offset_t sva, int count)
1589 KASSERT(ADDR_IS_CANONICAL(sva),
1590 ("%s: Address not in canonical form: %lx", __func__, sva));
1591 KASSERT(ADDR_IS_KERNEL(sva), ("usermode va %lx", sva));
1594 while (count-- > 0) {
1595 pte = pmap_pte(kernel_pmap, va, &lvl);
1597 ("Invalid device pagetable level: %d != 3", lvl));
1604 pmap_invalidate_range(kernel_pmap, sva, va);
1607 /***************************************************
1608 * Page table page management routines.....
1609 ***************************************************/
1611 * Schedule the specified unused page table page to be freed. Specifically,
1612 * add the page to the specified list of pages that will be released to the
1613 * physical memory manager after the TLB has been updated.
1615 static __inline void
1616 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1617 boolean_t set_PG_ZERO)
1621 m->flags |= PG_ZERO;
1623 m->flags &= ~PG_ZERO;
1624 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1628 * Decrements a page table page's reference count, which is used to record the
1629 * number of valid page table entries within the page. If the reference count
1630 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1631 * page table page was unmapped and FALSE otherwise.
1633 static inline boolean_t
1634 pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1638 if (m->ref_count == 0) {
1639 _pmap_unwire_l3(pmap, va, m, free);
1646 _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1649 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1651 * unmap the page table page
1653 if (m->pindex >= (NUL2E + NUL1E)) {
1657 l0 = pmap_l0(pmap, va);
1659 } else if (m->pindex >= NUL2E) {
1663 l1 = pmap_l1(pmap, va);
1669 l2 = pmap_l2(pmap, va);
1672 pmap_resident_count_dec(pmap, 1);
1673 if (m->pindex < NUL2E) {
1674 /* We just released an l3, unhold the matching l2 */
1675 pd_entry_t *l1, tl1;
1678 l1 = pmap_l1(pmap, va);
1679 tl1 = pmap_load(l1);
1680 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1681 pmap_unwire_l3(pmap, va, l2pg, free);
1682 } else if (m->pindex < (NUL2E + NUL1E)) {
1683 /* We just released an l2, unhold the matching l1 */
1684 pd_entry_t *l0, tl0;
1687 l0 = pmap_l0(pmap, va);
1688 tl0 = pmap_load(l0);
1689 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1690 pmap_unwire_l3(pmap, va, l1pg, free);
1692 pmap_invalidate_page(pmap, va);
1695 * Put page on a list so that it is released after
1696 * *ALL* TLB shootdown is done
1698 pmap_add_delayed_free_list(m, free, TRUE);
1702 * After removing a page table entry, this routine is used to
1703 * conditionally free the page, and manage the reference count.
1706 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1707 struct spglist *free)
1711 KASSERT(ADDR_IS_CANONICAL(va),
1712 ("%s: Address not in canonical form: %lx", __func__, va));
1713 if (ADDR_IS_KERNEL(va))
1715 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1716 mpte = PHYS_TO_VM_PAGE(ptepde & ~ATTR_MASK);
1717 return (pmap_unwire_l3(pmap, va, mpte, free));
1721 * Release a page table page reference after a failed attempt to create a
1725 pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte)
1727 struct spglist free;
1730 if (pmap_unwire_l3(pmap, va, mpte, &free)) {
1732 * Although "va" was never mapped, the TLB could nonetheless
1733 * have intermediate entries that refer to the freed page
1734 * table pages. Invalidate those entries.
1736 * XXX redundant invalidation (See _pmap_unwire_l3().)
1738 pmap_invalidate_page(pmap, va);
1739 vm_page_free_pages_toq(&free, true);
1744 pmap_pinit0(pmap_t pmap)
1747 PMAP_LOCK_INIT(pmap);
1748 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1749 pmap->pm_l0_paddr = READ_SPECIALREG(ttbr0_el1);
1750 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1751 pmap->pm_root.rt_root = 0;
1752 pmap->pm_cookie = COOKIE_FROM(ASID_RESERVED_FOR_PID_0, INT_MIN);
1753 pmap->pm_stage = PM_STAGE1;
1754 pmap->pm_levels = 4;
1755 pmap->pm_ttbr = pmap->pm_l0_paddr;
1756 pmap->pm_asid_set = &asids;
1758 PCPU_SET(curpmap, pmap);
1762 pmap_pinit_stage(pmap_t pmap, enum pmap_stage stage, int levels)
1767 * allocate the l0 page
1769 while ((m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
1770 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1773 pmap->pm_l0_paddr = VM_PAGE_TO_PHYS(m);
1774 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1776 if ((m->flags & PG_ZERO) == 0)
1777 pagezero(pmap->pm_l0);
1779 pmap->pm_root.rt_root = 0;
1780 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1781 pmap->pm_cookie = COOKIE_FROM(-1, INT_MAX);
1783 MPASS(levels == 3 || levels == 4);
1784 pmap->pm_levels = levels;
1785 pmap->pm_stage = stage;
1788 pmap->pm_asid_set = &asids;
1791 pmap->pm_asid_set = &vmids;
1794 panic("%s: Invalid pmap type %d", __func__, stage);
1798 /* XXX Temporarily disable deferred ASID allocation. */
1799 pmap_alloc_asid(pmap);
1802 * Allocate the level 1 entry to use as the root. This will increase
1803 * the refcount on the level 1 page so it won't be removed until
1804 * pmap_release() is called.
1806 if (pmap->pm_levels == 3) {
1808 m = _pmap_alloc_l3(pmap, NUL2E + NUL1E, NULL);
1811 pmap->pm_ttbr = VM_PAGE_TO_PHYS(m);
1817 pmap_pinit(pmap_t pmap)
1820 return (pmap_pinit_stage(pmap, PM_STAGE1, 4));
1824 * This routine is called if the desired page table page does not exist.
1826 * If page table page allocation fails, this routine may sleep before
1827 * returning NULL. It sleeps only if a lock pointer was given.
1829 * Note: If a page allocation fails at page table level two or three,
1830 * one or two pages may be held during the wait, only to be released
1831 * afterwards. This conservative approach is easily argued to avoid
1835 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1837 vm_page_t m, l1pg, l2pg;
1839 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1842 * Allocate a page table page.
1844 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1845 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1846 if (lockp != NULL) {
1847 RELEASE_PV_LIST_LOCK(lockp);
1854 * Indicate the need to retry. While waiting, the page table
1855 * page may have been allocated.
1859 if ((m->flags & PG_ZERO) == 0)
1863 * Because of AArch64's weak memory consistency model, we must have a
1864 * barrier here to ensure that the stores for zeroing "m", whether by
1865 * pmap_zero_page() or an earlier function, are visible before adding
1866 * "m" to the page table. Otherwise, a page table walk by another
1867 * processor's MMU could see the mapping to "m" and a stale, non-zero
1873 * Map the pagetable page into the process address space, if
1874 * it isn't already there.
1877 if (ptepindex >= (NUL2E + NUL1E)) {
1878 pd_entry_t *l0p, l0e;
1879 vm_pindex_t l0index;
1881 l0index = ptepindex - (NUL2E + NUL1E);
1882 l0p = &pmap->pm_l0[l0index];
1883 KASSERT((pmap_load(l0p) & ATTR_DESCR_VALID) == 0,
1884 ("%s: L0 entry %#lx is valid", __func__, pmap_load(l0p)));
1885 l0e = VM_PAGE_TO_PHYS(m) | L0_TABLE;
1888 * Mark all kernel memory as not accessible from userspace
1889 * and userspace memory as not executable from the kernel.
1890 * This has been done for the bootstrap L0 entries in
1893 if (pmap == kernel_pmap)
1894 l0e |= TATTR_UXN_TABLE | TATTR_AP_TABLE_NO_EL0;
1896 l0e |= TATTR_PXN_TABLE;
1897 pmap_store(l0p, l0e);
1898 } else if (ptepindex >= NUL2E) {
1899 vm_pindex_t l0index, l1index;
1900 pd_entry_t *l0, *l1;
1903 l1index = ptepindex - NUL2E;
1904 l0index = l1index >> L0_ENTRIES_SHIFT;
1906 l0 = &pmap->pm_l0[l0index];
1907 tl0 = pmap_load(l0);
1909 /* recurse for allocating page dir */
1910 if (_pmap_alloc_l3(pmap, NUL2E + NUL1E + l0index,
1912 vm_page_unwire_noq(m);
1913 vm_page_free_zero(m);
1917 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1921 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
1922 l1 = &l1[ptepindex & Ln_ADDR_MASK];
1923 KASSERT((pmap_load(l1) & ATTR_DESCR_VALID) == 0,
1924 ("%s: L1 entry %#lx is valid", __func__, pmap_load(l1)));
1925 pmap_store(l1, VM_PAGE_TO_PHYS(m) | L1_TABLE);
1927 vm_pindex_t l0index, l1index;
1928 pd_entry_t *l0, *l1, *l2;
1929 pd_entry_t tl0, tl1;
1931 l1index = ptepindex >> Ln_ENTRIES_SHIFT;
1932 l0index = l1index >> L0_ENTRIES_SHIFT;
1934 l0 = &pmap->pm_l0[l0index];
1935 tl0 = pmap_load(l0);
1937 /* recurse for allocating page dir */
1938 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1940 vm_page_unwire_noq(m);
1941 vm_page_free_zero(m);
1944 tl0 = pmap_load(l0);
1945 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1946 l1 = &l1[l1index & Ln_ADDR_MASK];
1948 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1949 l1 = &l1[l1index & Ln_ADDR_MASK];
1950 tl1 = pmap_load(l1);
1952 /* recurse for allocating page dir */
1953 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1955 vm_page_unwire_noq(m);
1956 vm_page_free_zero(m);
1960 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1965 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
1966 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1967 KASSERT((pmap_load(l2) & ATTR_DESCR_VALID) == 0,
1968 ("%s: L2 entry %#lx is valid", __func__, pmap_load(l2)));
1969 pmap_store(l2, VM_PAGE_TO_PHYS(m) | L2_TABLE);
1972 pmap_resident_count_inc(pmap, 1);
1978 pmap_alloc_l2(pmap_t pmap, vm_offset_t va, vm_page_t *l2pgp,
1979 struct rwlock **lockp)
1981 pd_entry_t *l1, *l2;
1983 vm_pindex_t l2pindex;
1985 KASSERT(ADDR_IS_CANONICAL(va),
1986 ("%s: Address not in canonical form: %lx", __func__, va));
1989 l1 = pmap_l1(pmap, va);
1990 if (l1 != NULL && (pmap_load(l1) & ATTR_DESCR_MASK) == L1_TABLE) {
1991 l2 = pmap_l1_to_l2(l1, va);
1992 if (!ADDR_IS_KERNEL(va)) {
1993 /* Add a reference to the L2 page. */
1994 l2pg = PHYS_TO_VM_PAGE(pmap_load(l1) & ~ATTR_MASK);
1998 } else if (!ADDR_IS_KERNEL(va)) {
1999 /* Allocate a L2 page. */
2000 l2pindex = pmap_l2_pindex(va) >> Ln_ENTRIES_SHIFT;
2001 l2pg = _pmap_alloc_l3(pmap, NUL2E + l2pindex, lockp);
2008 l2 = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(l2pg));
2009 l2 = &l2[pmap_l2_index(va)];
2011 panic("pmap_alloc_l2: missing page table page for va %#lx",
2018 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
2020 vm_pindex_t ptepindex;
2021 pd_entry_t *pde, tpde;
2029 * Calculate pagetable page index
2031 ptepindex = pmap_l2_pindex(va);
2034 * Get the page directory entry
2036 pde = pmap_pde(pmap, va, &lvl);
2039 * If the page table page is mapped, we just increment the hold count,
2040 * and activate it. If we get a level 2 pde it will point to a level 3
2048 pte = pmap_l0_to_l1(pde, va);
2049 KASSERT(pmap_load(pte) == 0,
2050 ("pmap_alloc_l3: TODO: l0 superpages"));
2055 pte = pmap_l1_to_l2(pde, va);
2056 KASSERT(pmap_load(pte) == 0,
2057 ("pmap_alloc_l3: TODO: l1 superpages"));
2061 tpde = pmap_load(pde);
2063 m = PHYS_TO_VM_PAGE(tpde & ~ATTR_MASK);
2069 panic("pmap_alloc_l3: Invalid level %d", lvl);
2073 * Here if the pte page isn't mapped, or if it has been deallocated.
2075 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
2076 if (m == NULL && lockp != NULL)
2082 /***************************************************
2083 * Pmap allocation/deallocation routines.
2084 ***************************************************/
2087 * Release any resources held by the given physical map.
2088 * Called when a pmap initialized by pmap_pinit is being released.
2089 * Should only be called if the map contains no valid mappings.
2092 pmap_release(pmap_t pmap)
2095 struct spglist free;
2096 struct asid_set *set;
2100 if (pmap->pm_levels != 4) {
2101 PMAP_ASSERT_STAGE2(pmap);
2102 KASSERT(pmap->pm_stats.resident_count == 1,
2103 ("pmap_release: pmap resident count %ld != 0",
2104 pmap->pm_stats.resident_count));
2105 KASSERT((pmap->pm_l0[0] & ATTR_DESCR_VALID) == ATTR_DESCR_VALID,
2106 ("pmap_release: Invalid l0 entry: %lx", pmap->pm_l0[0]));
2109 m = PHYS_TO_VM_PAGE(pmap->pm_ttbr);
2111 rv = pmap_unwire_l3(pmap, 0, m, &free);
2114 vm_page_free_pages_toq(&free, true);
2117 KASSERT(pmap->pm_stats.resident_count == 0,
2118 ("pmap_release: pmap resident count %ld != 0",
2119 pmap->pm_stats.resident_count));
2120 KASSERT(vm_radix_is_empty(&pmap->pm_root),
2121 ("pmap_release: pmap has reserved page table page(s)"));
2123 set = pmap->pm_asid_set;
2124 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
2127 * Allow the ASID to be reused. In stage 2 VMIDs we don't invalidate
2128 * the entries when removing them so rely on a later tlb invalidation.
2129 * this will happen when updating the VMID generation. Because of this
2130 * we don't reuse VMIDs within a generation.
2132 if (pmap->pm_stage == PM_STAGE1) {
2133 mtx_lock_spin(&set->asid_set_mutex);
2134 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch) {
2135 asid = COOKIE_TO_ASID(pmap->pm_cookie);
2136 KASSERT(asid >= ASID_FIRST_AVAILABLE &&
2137 asid < set->asid_set_size,
2138 ("pmap_release: pmap cookie has out-of-range asid"));
2139 bit_clear(set->asid_set, asid);
2141 mtx_unlock_spin(&set->asid_set_mutex);
2144 m = PHYS_TO_VM_PAGE(pmap->pm_l0_paddr);
2145 vm_page_unwire_noq(m);
2146 vm_page_free_zero(m);
2150 kvm_size(SYSCTL_HANDLER_ARGS)
2152 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
2154 return sysctl_handle_long(oidp, &ksize, 0, req);
2156 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
2157 0, 0, kvm_size, "LU",
2161 kvm_free(SYSCTL_HANDLER_ARGS)
2163 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
2165 return sysctl_handle_long(oidp, &kfree, 0, req);
2167 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
2168 0, 0, kvm_free, "LU",
2169 "Amount of KVM free");
2172 * grow the number of kernel page table entries, if needed
2175 pmap_growkernel(vm_offset_t addr)
2179 pd_entry_t *l0, *l1, *l2;
2181 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
2183 addr = roundup2(addr, L2_SIZE);
2184 if (addr - 1 >= vm_map_max(kernel_map))
2185 addr = vm_map_max(kernel_map);
2186 while (kernel_vm_end < addr) {
2187 l0 = pmap_l0(kernel_pmap, kernel_vm_end);
2188 KASSERT(pmap_load(l0) != 0,
2189 ("pmap_growkernel: No level 0 kernel entry"));
2191 l1 = pmap_l0_to_l1(l0, kernel_vm_end);
2192 if (pmap_load(l1) == 0) {
2193 /* We need a new PDP entry */
2194 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
2195 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
2196 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2198 panic("pmap_growkernel: no memory to grow kernel");
2199 if ((nkpg->flags & PG_ZERO) == 0)
2200 pmap_zero_page(nkpg);
2201 /* See the dmb() in _pmap_alloc_l3(). */
2203 paddr = VM_PAGE_TO_PHYS(nkpg);
2204 pmap_store(l1, paddr | L1_TABLE);
2205 continue; /* try again */
2207 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
2208 if (pmap_load(l2) != 0) {
2209 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2210 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2211 kernel_vm_end = vm_map_max(kernel_map);
2217 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
2218 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2221 panic("pmap_growkernel: no memory to grow kernel");
2222 if ((nkpg->flags & PG_ZERO) == 0)
2223 pmap_zero_page(nkpg);
2224 /* See the dmb() in _pmap_alloc_l3(). */
2226 paddr = VM_PAGE_TO_PHYS(nkpg);
2227 pmap_store(l2, paddr | L2_TABLE);
2229 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2230 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2231 kernel_vm_end = vm_map_max(kernel_map);
2237 /***************************************************
2238 * page management routines.
2239 ***************************************************/
2241 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2242 CTASSERT(_NPCM == 3);
2243 CTASSERT(_NPCPV == 168);
2245 static __inline struct pv_chunk *
2246 pv_to_chunk(pv_entry_t pv)
2249 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2252 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2254 #define PC_FREE0 0xfffffffffffffffful
2255 #define PC_FREE1 0xfffffffffffffffful
2256 #define PC_FREE2 0x000000fffffffffful
2258 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
2261 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2263 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2264 "Current number of pv entry chunks");
2265 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2266 "Current number of pv entry chunks allocated");
2267 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2268 "Current number of pv entry chunks frees");
2269 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2270 "Number of times tried to get a chunk page but failed.");
2272 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
2273 static int pv_entry_spare;
2275 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2276 "Current number of pv entry frees");
2277 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2278 "Current number of pv entry allocs");
2279 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2280 "Current number of pv entries");
2281 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2282 "Current number of spare pv entries");
2286 * We are in a serious low memory condition. Resort to
2287 * drastic measures to free some pages so we can allocate
2288 * another pv entry chunk.
2290 * Returns NULL if PV entries were reclaimed from the specified pmap.
2292 * We do not, however, unmap 2mpages because subsequent accesses will
2293 * allocate per-page pv entries until repromotion occurs, thereby
2294 * exacerbating the shortage of free pv entries.
2297 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
2299 struct pv_chunk *pc, *pc_marker, *pc_marker_end;
2300 struct pv_chunk_header pc_marker_b, pc_marker_end_b;
2301 struct md_page *pvh;
2303 pmap_t next_pmap, pmap;
2304 pt_entry_t *pte, tpte;
2308 struct spglist free;
2310 int bit, field, freed, lvl;
2311 static int active_reclaims = 0;
2313 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2314 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
2319 bzero(&pc_marker_b, sizeof(pc_marker_b));
2320 bzero(&pc_marker_end_b, sizeof(pc_marker_end_b));
2321 pc_marker = (struct pv_chunk *)&pc_marker_b;
2322 pc_marker_end = (struct pv_chunk *)&pc_marker_end_b;
2324 mtx_lock(&pv_chunks_mutex);
2326 TAILQ_INSERT_HEAD(&pv_chunks, pc_marker, pc_lru);
2327 TAILQ_INSERT_TAIL(&pv_chunks, pc_marker_end, pc_lru);
2328 while ((pc = TAILQ_NEXT(pc_marker, pc_lru)) != pc_marker_end &&
2329 SLIST_EMPTY(&free)) {
2330 next_pmap = pc->pc_pmap;
2331 if (next_pmap == NULL) {
2333 * The next chunk is a marker. However, it is
2334 * not our marker, so active_reclaims must be
2335 * > 1. Consequently, the next_chunk code
2336 * will not rotate the pv_chunks list.
2340 mtx_unlock(&pv_chunks_mutex);
2343 * A pv_chunk can only be removed from the pc_lru list
2344 * when both pv_chunks_mutex is owned and the
2345 * corresponding pmap is locked.
2347 if (pmap != next_pmap) {
2348 if (pmap != NULL && pmap != locked_pmap)
2351 /* Avoid deadlock and lock recursion. */
2352 if (pmap > locked_pmap) {
2353 RELEASE_PV_LIST_LOCK(lockp);
2355 mtx_lock(&pv_chunks_mutex);
2357 } else if (pmap != locked_pmap) {
2358 if (PMAP_TRYLOCK(pmap)) {
2359 mtx_lock(&pv_chunks_mutex);
2362 pmap = NULL; /* pmap is not locked */
2363 mtx_lock(&pv_chunks_mutex);
2364 pc = TAILQ_NEXT(pc_marker, pc_lru);
2366 pc->pc_pmap != next_pmap)
2374 * Destroy every non-wired, 4 KB page mapping in the chunk.
2377 for (field = 0; field < _NPCM; field++) {
2378 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2379 inuse != 0; inuse &= ~(1UL << bit)) {
2380 bit = ffsl(inuse) - 1;
2381 pv = &pc->pc_pventry[field * 64 + bit];
2383 pde = pmap_pde(pmap, va, &lvl);
2386 pte = pmap_l2_to_l3(pde, va);
2387 tpte = pmap_load(pte);
2388 if ((tpte & ATTR_SW_WIRED) != 0)
2390 tpte = pmap_load_clear(pte);
2391 m = PHYS_TO_VM_PAGE(tpte & ~ATTR_MASK);
2392 if (pmap_pte_dirty(pmap, tpte))
2394 if ((tpte & ATTR_AF) != 0) {
2395 pmap_invalidate_page(pmap, va);
2396 vm_page_aflag_set(m, PGA_REFERENCED);
2398 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2399 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2401 if (TAILQ_EMPTY(&m->md.pv_list) &&
2402 (m->flags & PG_FICTITIOUS) == 0) {
2403 pvh = page_to_pvh(m);
2404 if (TAILQ_EMPTY(&pvh->pv_list)) {
2405 vm_page_aflag_clear(m,
2409 pc->pc_map[field] |= 1UL << bit;
2410 pmap_unuse_pt(pmap, va, pmap_load(pde), &free);
2415 mtx_lock(&pv_chunks_mutex);
2418 /* Every freed mapping is for a 4 KB page. */
2419 pmap_resident_count_dec(pmap, freed);
2420 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
2421 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
2422 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
2423 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2424 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
2425 pc->pc_map[2] == PC_FREE2) {
2426 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2427 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2428 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2429 /* Entire chunk is free; return it. */
2430 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2431 dump_drop_page(m_pc->phys_addr);
2432 mtx_lock(&pv_chunks_mutex);
2433 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2436 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2437 mtx_lock(&pv_chunks_mutex);
2438 /* One freed pv entry in locked_pmap is sufficient. */
2439 if (pmap == locked_pmap)
2443 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2444 TAILQ_INSERT_AFTER(&pv_chunks, pc, pc_marker, pc_lru);
2445 if (active_reclaims == 1 && pmap != NULL) {
2447 * Rotate the pv chunks list so that we do not
2448 * scan the same pv chunks that could not be
2449 * freed (because they contained a wired
2450 * and/or superpage mapping) on every
2451 * invocation of reclaim_pv_chunk().
2453 while ((pc = TAILQ_FIRST(&pv_chunks)) != pc_marker) {
2454 MPASS(pc->pc_pmap != NULL);
2455 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2456 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2460 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2461 TAILQ_REMOVE(&pv_chunks, pc_marker_end, pc_lru);
2463 mtx_unlock(&pv_chunks_mutex);
2464 if (pmap != NULL && pmap != locked_pmap)
2466 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
2467 m_pc = SLIST_FIRST(&free);
2468 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
2469 /* Recycle a freed page table page. */
2470 m_pc->ref_count = 1;
2472 vm_page_free_pages_toq(&free, true);
2477 * free the pv_entry back to the free list
2480 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2482 struct pv_chunk *pc;
2483 int idx, field, bit;
2485 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2486 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
2487 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
2488 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
2489 pc = pv_to_chunk(pv);
2490 idx = pv - &pc->pc_pventry[0];
2493 pc->pc_map[field] |= 1ul << bit;
2494 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
2495 pc->pc_map[2] != PC_FREE2) {
2496 /* 98% of the time, pc is already at the head of the list. */
2497 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
2498 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2499 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2503 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2508 free_pv_chunk(struct pv_chunk *pc)
2512 mtx_lock(&pv_chunks_mutex);
2513 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2514 mtx_unlock(&pv_chunks_mutex);
2515 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2516 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2517 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2518 /* entire chunk is free, return it */
2519 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2520 dump_drop_page(m->phys_addr);
2521 vm_page_unwire_noq(m);
2526 * Returns a new PV entry, allocating a new PV chunk from the system when
2527 * needed. If this PV chunk allocation fails and a PV list lock pointer was
2528 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
2531 * The given PV list lock may be released.
2534 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
2538 struct pv_chunk *pc;
2541 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2542 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
2544 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2546 for (field = 0; field < _NPCM; field++) {
2547 if (pc->pc_map[field]) {
2548 bit = ffsl(pc->pc_map[field]) - 1;
2552 if (field < _NPCM) {
2553 pv = &pc->pc_pventry[field * 64 + bit];
2554 pc->pc_map[field] &= ~(1ul << bit);
2555 /* If this was the last item, move it to tail */
2556 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
2557 pc->pc_map[2] == 0) {
2558 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2559 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
2562 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2563 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
2567 /* No free items, allocate another chunk */
2568 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2571 if (lockp == NULL) {
2572 PV_STAT(pc_chunk_tryfail++);
2575 m = reclaim_pv_chunk(pmap, lockp);
2579 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2580 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2581 dump_add_page(m->phys_addr);
2582 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2584 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
2585 pc->pc_map[1] = PC_FREE1;
2586 pc->pc_map[2] = PC_FREE2;
2587 mtx_lock(&pv_chunks_mutex);
2588 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2589 mtx_unlock(&pv_chunks_mutex);
2590 pv = &pc->pc_pventry[0];
2591 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2592 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2593 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
2598 * Ensure that the number of spare PV entries in the specified pmap meets or
2599 * exceeds the given count, "needed".
2601 * The given PV list lock may be released.
2604 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
2606 struct pch new_tail;
2607 struct pv_chunk *pc;
2612 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2613 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
2616 * Newly allocated PV chunks must be stored in a private list until
2617 * the required number of PV chunks have been allocated. Otherwise,
2618 * reclaim_pv_chunk() could recycle one of these chunks. In
2619 * contrast, these chunks must be added to the pmap upon allocation.
2621 TAILQ_INIT(&new_tail);
2624 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
2625 bit_count((bitstr_t *)pc->pc_map, 0,
2626 sizeof(pc->pc_map) * NBBY, &free);
2630 if (avail >= needed)
2633 for (reclaimed = false; avail < needed; avail += _NPCPV) {
2634 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2637 m = reclaim_pv_chunk(pmap, lockp);
2642 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2643 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2644 dump_add_page(m->phys_addr);
2645 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2647 pc->pc_map[0] = PC_FREE0;
2648 pc->pc_map[1] = PC_FREE1;
2649 pc->pc_map[2] = PC_FREE2;
2650 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2651 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
2652 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
2655 * The reclaim might have freed a chunk from the current pmap.
2656 * If that chunk contained available entries, we need to
2657 * re-count the number of available entries.
2662 if (!TAILQ_EMPTY(&new_tail)) {
2663 mtx_lock(&pv_chunks_mutex);
2664 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
2665 mtx_unlock(&pv_chunks_mutex);
2670 * First find and then remove the pv entry for the specified pmap and virtual
2671 * address from the specified pv list. Returns the pv entry if found and NULL
2672 * otherwise. This operation can be performed on pv lists for either 4KB or
2673 * 2MB page mappings.
2675 static __inline pv_entry_t
2676 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2680 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2681 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2682 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2691 * After demotion from a 2MB page mapping to 512 4KB page mappings,
2692 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
2693 * entries for each of the 4KB page mappings.
2696 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2697 struct rwlock **lockp)
2699 struct md_page *pvh;
2700 struct pv_chunk *pc;
2702 vm_offset_t va_last;
2706 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2707 KASSERT((va & L2_OFFSET) == 0,
2708 ("pmap_pv_demote_l2: va is not 2mpage aligned"));
2709 KASSERT((pa & L2_OFFSET) == 0,
2710 ("pmap_pv_demote_l2: pa is not 2mpage aligned"));
2711 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2714 * Transfer the 2mpage's pv entry for this mapping to the first
2715 * page's pv list. Once this transfer begins, the pv list lock
2716 * must not be released until the last pv entry is reinstantiated.
2718 pvh = pa_to_pvh(pa);
2719 pv = pmap_pvh_remove(pvh, pmap, va);
2720 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
2721 m = PHYS_TO_VM_PAGE(pa);
2722 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2724 /* Instantiate the remaining Ln_ENTRIES - 1 pv entries. */
2725 PV_STAT(atomic_add_long(&pv_entry_allocs, Ln_ENTRIES - 1));
2726 va_last = va + L2_SIZE - PAGE_SIZE;
2728 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2729 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
2730 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
2731 for (field = 0; field < _NPCM; field++) {
2732 while (pc->pc_map[field]) {
2733 bit = ffsl(pc->pc_map[field]) - 1;
2734 pc->pc_map[field] &= ~(1ul << bit);
2735 pv = &pc->pc_pventry[field * 64 + bit];
2739 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2740 ("pmap_pv_demote_l2: page %p is not managed", m));
2741 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2747 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2748 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2751 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
2752 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2753 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2755 PV_STAT(atomic_add_long(&pv_entry_count, Ln_ENTRIES - 1));
2756 PV_STAT(atomic_subtract_int(&pv_entry_spare, Ln_ENTRIES - 1));
2760 * First find and then destroy the pv entry for the specified pmap and virtual
2761 * address. This operation can be performed on pv lists for either 4KB or 2MB
2765 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2769 pv = pmap_pvh_remove(pvh, pmap, va);
2770 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2771 free_pv_entry(pmap, pv);
2775 * Conditionally create the PV entry for a 4KB page mapping if the required
2776 * memory can be allocated without resorting to reclamation.
2779 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
2780 struct rwlock **lockp)
2784 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2785 /* Pass NULL instead of the lock pointer to disable reclamation. */
2786 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
2788 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2789 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2797 * Create the PV entry for a 2MB page mapping. Always returns true unless the
2798 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
2799 * false if the PV entry cannot be allocated without resorting to reclamation.
2802 pmap_pv_insert_l2(pmap_t pmap, vm_offset_t va, pd_entry_t l2e, u_int flags,
2803 struct rwlock **lockp)
2805 struct md_page *pvh;
2809 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2810 /* Pass NULL instead of the lock pointer to disable reclamation. */
2811 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
2812 NULL : lockp)) == NULL)
2815 pa = l2e & ~ATTR_MASK;
2816 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2817 pvh = pa_to_pvh(pa);
2818 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2824 pmap_remove_kernel_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
2826 pt_entry_t newl2, oldl2;
2830 KASSERT(!VIRT_IN_DMAP(va), ("removing direct mapping of %#lx", va));
2831 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
2832 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2834 ml3 = pmap_remove_pt_page(pmap, va);
2836 panic("pmap_remove_kernel_l2: Missing pt page");
2838 ml3pa = VM_PAGE_TO_PHYS(ml3);
2839 newl2 = ml3pa | L2_TABLE;
2842 * If this page table page was unmapped by a promotion, then it
2843 * contains valid mappings. Zero it to invalidate those mappings.
2845 if (ml3->valid != 0)
2846 pagezero((void *)PHYS_TO_DMAP(ml3pa));
2849 * Demote the mapping. The caller must have already invalidated the
2850 * mapping (i.e., the "break" in break-before-make).
2852 oldl2 = pmap_load_store(l2, newl2);
2853 KASSERT(oldl2 == 0, ("%s: found existing mapping at %p: %#lx",
2854 __func__, l2, oldl2));
2858 * pmap_remove_l2: Do the things to unmap a level 2 superpage.
2861 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2862 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2864 struct md_page *pvh;
2866 vm_page_t m, ml3, mt;
2868 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2869 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2870 old_l2 = pmap_load_clear(l2);
2871 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
2872 ("pmap_remove_l2: L2e %lx is not a block mapping", old_l2));
2875 * Since a promotion must break the 4KB page mappings before making
2876 * the 2MB page mapping, a pmap_invalidate_page() suffices.
2878 pmap_invalidate_page(pmap, sva);
2880 if (old_l2 & ATTR_SW_WIRED)
2881 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2882 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2883 if (old_l2 & ATTR_SW_MANAGED) {
2884 m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
2885 pvh = page_to_pvh(m);
2886 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, old_l2 & ~ATTR_MASK);
2887 pmap_pvh_free(pvh, pmap, sva);
2888 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++) {
2889 if (pmap_pte_dirty(pmap, old_l2))
2891 if (old_l2 & ATTR_AF)
2892 vm_page_aflag_set(mt, PGA_REFERENCED);
2893 if (TAILQ_EMPTY(&mt->md.pv_list) &&
2894 TAILQ_EMPTY(&pvh->pv_list))
2895 vm_page_aflag_clear(mt, PGA_WRITEABLE);
2898 if (pmap == kernel_pmap) {
2899 pmap_remove_kernel_l2(pmap, l2, sva);
2901 ml3 = pmap_remove_pt_page(pmap, sva);
2903 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
2904 ("pmap_remove_l2: l3 page not promoted"));
2905 pmap_resident_count_dec(pmap, 1);
2906 KASSERT(ml3->ref_count == NL3PG,
2907 ("pmap_remove_l2: l3 page ref count error"));
2909 pmap_add_delayed_free_list(ml3, free, FALSE);
2912 return (pmap_unuse_pt(pmap, sva, l1e, free));
2916 * pmap_remove_l3: do the things to unmap a page in a process
2919 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2920 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2922 struct md_page *pvh;
2926 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2927 old_l3 = pmap_load_clear(l3);
2928 pmap_invalidate_page(pmap, va);
2929 if (old_l3 & ATTR_SW_WIRED)
2930 pmap->pm_stats.wired_count -= 1;
2931 pmap_resident_count_dec(pmap, 1);
2932 if (old_l3 & ATTR_SW_MANAGED) {
2933 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2934 if (pmap_pte_dirty(pmap, old_l3))
2936 if (old_l3 & ATTR_AF)
2937 vm_page_aflag_set(m, PGA_REFERENCED);
2938 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2939 pmap_pvh_free(&m->md, pmap, va);
2940 if (TAILQ_EMPTY(&m->md.pv_list) &&
2941 (m->flags & PG_FICTITIOUS) == 0) {
2942 pvh = page_to_pvh(m);
2943 if (TAILQ_EMPTY(&pvh->pv_list))
2944 vm_page_aflag_clear(m, PGA_WRITEABLE);
2947 return (pmap_unuse_pt(pmap, va, l2e, free));
2951 * Remove the specified range of addresses from the L3 page table that is
2952 * identified by the given L2 entry.
2955 pmap_remove_l3_range(pmap_t pmap, pd_entry_t l2e, vm_offset_t sva,
2956 vm_offset_t eva, struct spglist *free, struct rwlock **lockp)
2958 struct md_page *pvh;
2959 struct rwlock *new_lock;
2960 pt_entry_t *l3, old_l3;
2964 KASSERT(ADDR_IS_CANONICAL(sva),
2965 ("%s: Start address not in canonical form: %lx", __func__, sva));
2966 KASSERT(ADDR_IS_CANONICAL(eva) || eva == VM_MAX_USER_ADDRESS,
2967 ("%s: End address not in canonical form: %lx", __func__, eva));
2969 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2970 KASSERT(rounddown2(sva, L2_SIZE) + L2_SIZE == roundup2(eva, L2_SIZE),
2971 ("pmap_remove_l3_range: range crosses an L3 page table boundary"));
2972 l3pg = !ADDR_IS_KERNEL(sva) ? PHYS_TO_VM_PAGE(l2e & ~ATTR_MASK) : NULL;
2974 for (l3 = pmap_l2_to_l3(&l2e, sva); sva != eva; l3++, sva += L3_SIZE) {
2975 if (!pmap_l3_valid(pmap_load(l3))) {
2977 pmap_invalidate_range(pmap, va, sva);
2982 old_l3 = pmap_load_clear(l3);
2983 if ((old_l3 & ATTR_SW_WIRED) != 0)
2984 pmap->pm_stats.wired_count--;
2985 pmap_resident_count_dec(pmap, 1);
2986 if ((old_l3 & ATTR_SW_MANAGED) != 0) {
2987 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2988 if (pmap_pte_dirty(pmap, old_l3))
2990 if ((old_l3 & ATTR_AF) != 0)
2991 vm_page_aflag_set(m, PGA_REFERENCED);
2992 new_lock = PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m));
2993 if (new_lock != *lockp) {
2994 if (*lockp != NULL) {
2996 * Pending TLB invalidations must be
2997 * performed before the PV list lock is
2998 * released. Otherwise, a concurrent
2999 * pmap_remove_all() on a physical page
3000 * could return while a stale TLB entry
3001 * still provides access to that page.
3004 pmap_invalidate_range(pmap, va,
3013 pmap_pvh_free(&m->md, pmap, sva);
3014 if (TAILQ_EMPTY(&m->md.pv_list) &&
3015 (m->flags & PG_FICTITIOUS) == 0) {
3016 pvh = page_to_pvh(m);
3017 if (TAILQ_EMPTY(&pvh->pv_list))
3018 vm_page_aflag_clear(m, PGA_WRITEABLE);
3023 if (l3pg != NULL && pmap_unwire_l3(pmap, sva, l3pg, free)) {
3029 pmap_invalidate_range(pmap, va, sva);
3033 * Remove the given range of addresses from the specified map.
3035 * It is assumed that the start and end are properly
3036 * rounded to the page size.
3039 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3041 struct rwlock *lock;
3042 vm_offset_t va_next;
3043 pd_entry_t *l0, *l1, *l2;
3044 pt_entry_t l3_paddr;
3045 struct spglist free;
3048 * Perform an unsynchronized read. This is, however, safe.
3050 if (pmap->pm_stats.resident_count == 0)
3058 for (; sva < eva; sva = va_next) {
3059 if (pmap->pm_stats.resident_count == 0)
3062 l0 = pmap_l0(pmap, sva);
3063 if (pmap_load(l0) == 0) {
3064 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3070 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3073 l1 = pmap_l0_to_l1(l0, sva);
3074 if (pmap_load(l1) == 0)
3076 if ((pmap_load(l1) & ATTR_DESCR_MASK) == L1_BLOCK) {
3077 KASSERT(va_next <= eva,
3078 ("partial update of non-transparent 1G page "
3079 "l1 %#lx sva %#lx eva %#lx va_next %#lx",
3080 pmap_load(l1), sva, eva, va_next));
3081 MPASS(pmap != kernel_pmap);
3082 MPASS((pmap_load(l1) & ATTR_SW_MANAGED) == 0);
3084 pmap_invalidate_page(pmap, sva);
3085 pmap_resident_count_dec(pmap, L1_SIZE / PAGE_SIZE);
3086 pmap_unuse_pt(pmap, sva, pmap_load(l0), &free);
3091 * Calculate index for next page table.
3093 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3097 l2 = pmap_l1_to_l2(l1, sva);
3101 l3_paddr = pmap_load(l2);
3103 if ((l3_paddr & ATTR_DESCR_MASK) == L2_BLOCK) {
3104 if (sva + L2_SIZE == va_next && eva >= va_next) {
3105 pmap_remove_l2(pmap, l2, sva, pmap_load(l1),
3108 } else if (pmap_demote_l2_locked(pmap, l2, sva,
3111 l3_paddr = pmap_load(l2);
3115 * Weed out invalid mappings.
3117 if ((l3_paddr & ATTR_DESCR_MASK) != L2_TABLE)
3121 * Limit our scan to either the end of the va represented
3122 * by the current page table page, or to the end of the
3123 * range being removed.
3128 pmap_remove_l3_range(pmap, l3_paddr, sva, va_next, &free,
3134 vm_page_free_pages_toq(&free, true);
3138 * Routine: pmap_remove_all
3140 * Removes this physical page from
3141 * all physical maps in which it resides.
3142 * Reflects back modify bits to the pager.
3145 * Original versions of this routine were very
3146 * inefficient because they iteratively called
3147 * pmap_remove (slow...)
3151 pmap_remove_all(vm_page_t m)
3153 struct md_page *pvh;
3156 struct rwlock *lock;
3157 pd_entry_t *pde, tpde;
3158 pt_entry_t *pte, tpte;
3160 struct spglist free;
3161 int lvl, pvh_gen, md_gen;
3163 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3164 ("pmap_remove_all: page %p is not managed", m));
3166 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3167 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : page_to_pvh(m);
3170 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
3172 if (!PMAP_TRYLOCK(pmap)) {
3173 pvh_gen = pvh->pv_gen;
3177 if (pvh_gen != pvh->pv_gen) {
3183 pte = pmap_pte(pmap, va, &lvl);
3184 KASSERT(pte != NULL,
3185 ("pmap_remove_all: no page table entry found"));
3187 ("pmap_remove_all: invalid pte level %d", lvl));
3188 pmap_demote_l2_locked(pmap, pte, va, &lock);
3191 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3193 PMAP_ASSERT_STAGE1(pmap);
3194 if (!PMAP_TRYLOCK(pmap)) {
3195 pvh_gen = pvh->pv_gen;
3196 md_gen = m->md.pv_gen;
3200 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3205 pmap_resident_count_dec(pmap, 1);
3207 pde = pmap_pde(pmap, pv->pv_va, &lvl);
3208 KASSERT(pde != NULL,
3209 ("pmap_remove_all: no page directory entry found"));
3211 ("pmap_remove_all: invalid pde level %d", lvl));
3212 tpde = pmap_load(pde);
3214 pte = pmap_l2_to_l3(pde, pv->pv_va);
3215 tpte = pmap_load_clear(pte);
3216 if (tpte & ATTR_SW_WIRED)
3217 pmap->pm_stats.wired_count--;
3218 if ((tpte & ATTR_AF) != 0) {
3219 pmap_invalidate_page(pmap, pv->pv_va);
3220 vm_page_aflag_set(m, PGA_REFERENCED);
3224 * Update the vm_page_t clean and reference bits.
3226 if (pmap_pte_dirty(pmap, tpte))
3228 pmap_unuse_pt(pmap, pv->pv_va, tpde, &free);
3229 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3231 free_pv_entry(pmap, pv);
3234 vm_page_aflag_clear(m, PGA_WRITEABLE);
3236 vm_page_free_pages_toq(&free, true);
3240 * pmap_protect_l2: do the things to protect a 2MB page in a pmap
3243 pmap_protect_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva, pt_entry_t mask,
3249 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3250 PMAP_ASSERT_STAGE1(pmap);
3251 KASSERT((sva & L2_OFFSET) == 0,
3252 ("pmap_protect_l2: sva is not 2mpage aligned"));
3253 old_l2 = pmap_load(l2);
3254 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
3255 ("pmap_protect_l2: L2e %lx is not a block mapping", old_l2));
3258 * Return if the L2 entry already has the desired access restrictions
3261 if ((old_l2 & mask) == nbits)
3264 while (!atomic_fcmpset_64(l2, &old_l2, (old_l2 & ~mask) | nbits))
3268 * When a dirty read/write superpage mapping is write protected,
3269 * update the dirty field of each of the superpage's constituent 4KB
3272 if ((old_l2 & ATTR_SW_MANAGED) != 0 &&
3273 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3274 pmap_pte_dirty(pmap, old_l2)) {
3275 m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
3276 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3281 * Since a promotion must break the 4KB page mappings before making
3282 * the 2MB page mapping, a pmap_invalidate_page() suffices.
3284 pmap_invalidate_page(pmap, sva);
3288 * Set the physical protection on the
3289 * specified range of this map as requested.
3292 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3294 vm_offset_t va, va_next;
3295 pd_entry_t *l0, *l1, *l2;
3296 pt_entry_t *l3p, l3, mask, nbits;
3298 PMAP_ASSERT_STAGE1(pmap);
3299 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
3300 if (prot == VM_PROT_NONE) {
3301 pmap_remove(pmap, sva, eva);
3306 if ((prot & VM_PROT_WRITE) == 0) {
3307 mask |= ATTR_S1_AP_RW_BIT | ATTR_SW_DBM;
3308 nbits |= ATTR_S1_AP(ATTR_S1_AP_RO);
3310 if ((prot & VM_PROT_EXECUTE) == 0) {
3312 nbits |= ATTR_S1_XN;
3318 for (; sva < eva; sva = va_next) {
3319 l0 = pmap_l0(pmap, sva);
3320 if (pmap_load(l0) == 0) {
3321 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3327 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3330 l1 = pmap_l0_to_l1(l0, sva);
3331 if (pmap_load(l1) == 0)
3333 if ((pmap_load(l1) & ATTR_DESCR_MASK) == L1_BLOCK) {
3334 KASSERT(va_next <= eva,
3335 ("partial update of non-transparent 1G page "
3336 "l1 %#lx sva %#lx eva %#lx va_next %#lx",
3337 pmap_load(l1), sva, eva, va_next));
3338 MPASS((pmap_load(l1) & ATTR_SW_MANAGED) == 0);
3339 if ((pmap_load(l1) & mask) != nbits) {
3340 pmap_store(l1, (pmap_load(l1) & ~mask) | nbits);
3341 pmap_invalidate_page(pmap, sva);
3346 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3350 l2 = pmap_l1_to_l2(l1, sva);
3351 if (pmap_load(l2) == 0)
3354 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
3355 if (sva + L2_SIZE == va_next && eva >= va_next) {
3356 pmap_protect_l2(pmap, l2, sva, mask, nbits);
3358 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
3361 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
3362 ("pmap_protect: Invalid L2 entry after demotion"));
3368 for (l3p = pmap_l2_to_l3(l2, sva); sva != va_next; l3p++,
3370 l3 = pmap_load(l3p);
3373 * Go to the next L3 entry if the current one is
3374 * invalid or already has the desired access
3375 * restrictions in place. (The latter case occurs
3376 * frequently. For example, in a "buildworld"
3377 * workload, almost 1 out of 4 L3 entries already
3378 * have the desired restrictions.)
3380 if (!pmap_l3_valid(l3) || (l3 & mask) == nbits) {
3381 if (va != va_next) {
3382 pmap_invalidate_range(pmap, va, sva);
3388 while (!atomic_fcmpset_64(l3p, &l3, (l3 & ~mask) |
3393 * When a dirty read/write mapping is write protected,
3394 * update the page's dirty field.
3396 if ((l3 & ATTR_SW_MANAGED) != 0 &&
3397 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3398 pmap_pte_dirty(pmap, l3))
3399 vm_page_dirty(PHYS_TO_VM_PAGE(l3 & ~ATTR_MASK));
3405 pmap_invalidate_range(pmap, va, sva);
3411 * Inserts the specified page table page into the specified pmap's collection
3412 * of idle page table pages. Each of a pmap's page table pages is responsible
3413 * for mapping a distinct range of virtual addresses. The pmap's collection is
3414 * ordered by this virtual address range.
3416 * If "promoted" is false, then the page table page "mpte" must be zero filled.
3419 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte, bool promoted)
3422 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3423 mpte->valid = promoted ? VM_PAGE_BITS_ALL : 0;
3424 return (vm_radix_insert(&pmap->pm_root, mpte));
3428 * Removes the page table page mapping the specified virtual address from the
3429 * specified pmap's collection of idle page table pages, and returns it.
3430 * Otherwise, returns NULL if there is no page table page corresponding to the
3431 * specified virtual address.
3433 static __inline vm_page_t
3434 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
3437 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3438 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
3442 * Performs a break-before-make update of a pmap entry. This is needed when
3443 * either promoting or demoting pages to ensure the TLB doesn't get into an
3444 * inconsistent state.
3447 pmap_update_entry(pmap_t pmap, pd_entry_t *pte, pd_entry_t newpte,
3448 vm_offset_t va, vm_size_t size)
3452 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3455 * Ensure we don't get switched out with the page table in an
3456 * inconsistent state. We also need to ensure no interrupts fire
3457 * as they may make use of an address we are about to invalidate.
3459 intr = intr_disable();
3462 * Clear the old mapping's valid bit, but leave the rest of the entry
3463 * unchanged, so that a lockless, concurrent pmap_kextract() can still
3464 * lookup the physical address.
3466 pmap_clear_bits(pte, ATTR_DESCR_VALID);
3467 pmap_invalidate_range(pmap, va, va + size);
3469 /* Create the new mapping */
3470 pmap_store(pte, newpte);
3476 #if VM_NRESERVLEVEL > 0
3478 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
3479 * replace the many pv entries for the 4KB page mappings by a single pv entry
3480 * for the 2MB page mapping.
3483 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
3484 struct rwlock **lockp)
3486 struct md_page *pvh;
3488 vm_offset_t va_last;
3491 KASSERT((pa & L2_OFFSET) == 0,
3492 ("pmap_pv_promote_l2: pa is not 2mpage aligned"));
3493 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
3496 * Transfer the first page's pv entry for this mapping to the 2mpage's
3497 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
3498 * a transfer avoids the possibility that get_pv_entry() calls
3499 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
3500 * mappings that is being promoted.
3502 m = PHYS_TO_VM_PAGE(pa);
3503 va = va & ~L2_OFFSET;
3504 pv = pmap_pvh_remove(&m->md, pmap, va);
3505 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv not found"));
3506 pvh = page_to_pvh(m);
3507 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
3509 /* Free the remaining NPTEPG - 1 pv entries. */
3510 va_last = va + L2_SIZE - PAGE_SIZE;
3514 pmap_pvh_free(&m->md, pmap, va);
3515 } while (va < va_last);
3519 * Tries to promote the 512, contiguous 4KB page mappings that are within a
3520 * single level 2 table entry to a single 2MB page mapping. For promotion
3521 * to occur, two conditions must be met: (1) the 4KB page mappings must map
3522 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
3523 * identical characteristics.
3526 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
3527 struct rwlock **lockp)
3529 pt_entry_t *firstl3, *l3, newl2, oldl3, pa;
3533 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3534 PMAP_ASSERT_STAGE1(pmap);
3536 sva = va & ~L2_OFFSET;
3537 firstl3 = pmap_l2_to_l3(l2, sva);
3538 newl2 = pmap_load(firstl3);
3540 if (((newl2 & (~ATTR_MASK | ATTR_AF)) & L2_OFFSET) != ATTR_AF) {
3541 atomic_add_long(&pmap_l2_p_failures, 1);
3542 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3543 " in pmap %p", va, pmap);
3548 if ((newl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3549 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3551 * When the mapping is clean, i.e., ATTR_S1_AP_RO is set,
3552 * ATTR_SW_DBM can be cleared without a TLB invalidation.
3554 if (!atomic_fcmpset_64(firstl3, &newl2, newl2 & ~ATTR_SW_DBM))
3556 newl2 &= ~ATTR_SW_DBM;
3559 pa = newl2 + L2_SIZE - PAGE_SIZE;
3560 for (l3 = firstl3 + NL3PG - 1; l3 > firstl3; l3--) {
3561 oldl3 = pmap_load(l3);
3563 if ((oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3564 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3566 * When the mapping is clean, i.e., ATTR_S1_AP_RO is
3567 * set, ATTR_SW_DBM can be cleared without a TLB
3570 if (!atomic_fcmpset_64(l3, &oldl3, oldl3 &
3573 oldl3 &= ~ATTR_SW_DBM;
3576 atomic_add_long(&pmap_l2_p_failures, 1);
3577 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3578 " in pmap %p", va, pmap);
3585 * Save the page table page in its current state until the L2
3586 * mapping the superpage is demoted by pmap_demote_l2() or
3587 * destroyed by pmap_remove_l3().
3589 mpte = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
3590 KASSERT(mpte >= vm_page_array &&
3591 mpte < &vm_page_array[vm_page_array_size],
3592 ("pmap_promote_l2: page table page is out of range"));
3593 KASSERT(mpte->pindex == pmap_l2_pindex(va),
3594 ("pmap_promote_l2: page table page's pindex is wrong"));
3595 if (pmap_insert_pt_page(pmap, mpte, true)) {
3596 atomic_add_long(&pmap_l2_p_failures, 1);
3598 "pmap_promote_l2: failure for va %#lx in pmap %p", va,
3603 if ((newl2 & ATTR_SW_MANAGED) != 0)
3604 pmap_pv_promote_l2(pmap, va, newl2 & ~ATTR_MASK, lockp);
3606 newl2 &= ~ATTR_DESCR_MASK;
3609 pmap_update_entry(pmap, l2, newl2, sva, L2_SIZE);
3611 atomic_add_long(&pmap_l2_promotions, 1);
3612 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
3615 #endif /* VM_NRESERVLEVEL > 0 */
3618 pmap_enter_largepage(pmap_t pmap, vm_offset_t va, pt_entry_t newpte, int flags,
3621 pd_entry_t *l0p, *l1p, *l2p, origpte;
3624 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3625 KASSERT(psind > 0 && psind < MAXPAGESIZES,
3626 ("psind %d unexpected", psind));
3627 KASSERT(((newpte & ~ATTR_MASK) & (pagesizes[psind] - 1)) == 0,
3628 ("unaligned phys address %#lx newpte %#lx psind %d",
3629 (newpte & ~ATTR_MASK), newpte, psind));
3633 l0p = pmap_l0(pmap, va);
3634 if ((pmap_load(l0p) & ATTR_DESCR_VALID) == 0) {
3635 mp = _pmap_alloc_l3(pmap, pmap_l0_pindex(va), NULL);
3637 if ((flags & PMAP_ENTER_NOSLEEP) != 0)
3638 return (KERN_RESOURCE_SHORTAGE);
3644 l1p = pmap_l0_to_l1(l0p, va);
3645 KASSERT(l1p != NULL, ("va %#lx lost l1 entry", va));
3646 origpte = pmap_load(l1p);
3648 l1p = pmap_l0_to_l1(l0p, va);
3649 KASSERT(l1p != NULL, ("va %#lx lost l1 entry", va));
3650 origpte = pmap_load(l1p);
3651 if ((origpte & ATTR_DESCR_VALID) == 0) {
3652 mp = PHYS_TO_VM_PAGE(pmap_load(l0p) &
3657 KASSERT((origpte & ATTR_DESCR_VALID) == 0 ||
3658 ((origpte & ATTR_DESCR_MASK) == L1_BLOCK &&
3659 (origpte & ~ATTR_MASK) == (newpte & ~ATTR_MASK)),
3660 ("va %#lx changing 1G phys page l1 %#lx newpte %#lx",
3661 va, origpte, newpte));
3662 pmap_store(l1p, newpte);
3663 } else /* (psind == 1) */ {
3664 l2p = pmap_l2(pmap, va);
3666 mp = _pmap_alloc_l3(pmap, pmap_l1_pindex(va), NULL);
3668 if ((flags & PMAP_ENTER_NOSLEEP) != 0)
3669 return (KERN_RESOURCE_SHORTAGE);
3675 l2p = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mp));
3676 l2p = &l2p[pmap_l2_index(va)];
3677 origpte = pmap_load(l2p);
3679 l1p = pmap_l1(pmap, va);
3680 origpte = pmap_load(l2p);
3681 if ((origpte & ATTR_DESCR_VALID) == 0) {
3682 mp = PHYS_TO_VM_PAGE(pmap_load(l1p) &
3687 KASSERT((origpte & ATTR_DESCR_VALID) == 0 ||
3688 ((origpte & ATTR_DESCR_MASK) == L2_BLOCK &&
3689 (origpte & ~ATTR_MASK) == (newpte & ~ATTR_MASK)),
3690 ("va %#lx changing 2M phys page l2 %#lx newpte %#lx",
3691 va, origpte, newpte));
3692 pmap_store(l2p, newpte);
3696 if ((origpte & ATTR_DESCR_VALID) == 0)
3697 pmap_resident_count_inc(pmap, pagesizes[psind] / PAGE_SIZE);
3698 if ((newpte & ATTR_SW_WIRED) != 0 && (origpte & ATTR_SW_WIRED) == 0)
3699 pmap->pm_stats.wired_count += pagesizes[psind] / PAGE_SIZE;
3700 else if ((newpte & ATTR_SW_WIRED) == 0 &&
3701 (origpte & ATTR_SW_WIRED) != 0)
3702 pmap->pm_stats.wired_count -= pagesizes[psind] / PAGE_SIZE;
3704 return (KERN_SUCCESS);
3708 * Add a single SMMU entry. This function does not sleep.
3711 pmap_senter(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
3712 vm_prot_t prot, u_int flags)
3715 pt_entry_t new_l3, orig_l3;
3721 PMAP_ASSERT_STAGE1(pmap);
3722 KASSERT(va < VM_MAXUSER_ADDRESS, ("wrong address space"));
3724 va = trunc_page(va);
3725 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT |
3726 ATTR_S1_IDX(VM_MEMATTR_DEVICE) | L3_PAGE);
3727 if ((prot & VM_PROT_WRITE) == 0)
3728 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_RO);
3729 new_l3 |= ATTR_S1_XN; /* Execute never. */
3730 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_USER);
3731 new_l3 |= ATTR_S1_nG; /* Non global. */
3733 CTR2(KTR_PMAP, "pmap_senter: %.16lx -> %.16lx", va, pa);
3738 * In the case that a page table page is not
3739 * resident, we are creating it here.
3742 pde = pmap_pde(pmap, va, &lvl);
3743 if (pde != NULL && lvl == 2) {
3744 l3 = pmap_l2_to_l3(pde, va);
3746 mpte = _pmap_alloc_l3(pmap, pmap_l2_pindex(va), NULL);
3748 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
3749 rv = KERN_RESOURCE_SHORTAGE;
3755 orig_l3 = pmap_load(l3);
3756 KASSERT(!pmap_l3_valid(orig_l3), ("l3 is valid"));
3759 pmap_store(l3, new_l3);
3760 pmap_resident_count_inc(pmap, 1);
3771 * Remove a single SMMU entry.
3774 pmap_sremove(pmap_t pmap, vm_offset_t va)
3782 pte = pmap_pte(pmap, va, &lvl);
3784 ("Invalid SMMU pagetable level: %d != 3", lvl));
3787 pmap_resident_count_dec(pmap, 1);
3799 * Remove all the allocated L1, L2 pages from SMMU pmap.
3800 * All the L3 entires must be cleared in advance, otherwise
3801 * this function panics.
3804 pmap_sremove_pages(pmap_t pmap)
3806 pd_entry_t l0e, *l1, l1e, *l2, l2e;
3807 pt_entry_t *l3, l3e;
3808 vm_page_t m, m0, m1;
3817 for (sva = VM_MINUSER_ADDRESS, i = pmap_l0_index(sva);
3818 (i < Ln_ENTRIES && sva < VM_MAXUSER_ADDRESS); i++) {
3819 l0e = pmap->pm_l0[i];
3820 if ((l0e & ATTR_DESCR_VALID) == 0) {
3824 pa0 = l0e & ~ATTR_MASK;
3825 m0 = PHYS_TO_VM_PAGE(pa0);
3826 l1 = (pd_entry_t *)PHYS_TO_DMAP(pa0);
3828 for (j = pmap_l1_index(sva); j < Ln_ENTRIES; j++) {
3830 if ((l1e & ATTR_DESCR_VALID) == 0) {
3834 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK) {
3838 pa1 = l1e & ~ATTR_MASK;
3839 m1 = PHYS_TO_VM_PAGE(pa1);
3840 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa1);
3842 for (k = pmap_l2_index(sva); k < Ln_ENTRIES; k++) {
3844 if ((l2e & ATTR_DESCR_VALID) == 0) {
3848 pa = l2e & ~ATTR_MASK;
3849 m = PHYS_TO_VM_PAGE(pa);
3850 l3 = (pt_entry_t *)PHYS_TO_DMAP(pa);
3852 for (l = pmap_l3_index(sva); l < Ln_ENTRIES;
3853 l++, sva += L3_SIZE) {
3855 if ((l3e & ATTR_DESCR_VALID) == 0)
3857 panic("%s: l3e found for va %jx\n",
3861 vm_page_unwire_noq(m1);
3862 vm_page_unwire_noq(m);
3863 pmap_resident_count_dec(pmap, 1);
3868 vm_page_unwire_noq(m0);
3869 pmap_resident_count_dec(pmap, 1);
3874 pmap_resident_count_dec(pmap, 1);
3876 pmap_clear(&pmap->pm_l0[i]);
3879 KASSERT(pmap->pm_stats.resident_count == 0,
3880 ("Invalid resident count %jd", pmap->pm_stats.resident_count));
3886 * Insert the given physical page (p) at
3887 * the specified virtual address (v) in the
3888 * target physical map with the protection requested.
3890 * If specified, the page will be wired down, meaning
3891 * that the related pte can not be reclaimed.
3893 * NB: This is the only routine which MAY NOT lazy-evaluate
3894 * or lose information. That is, this routine must actually
3895 * insert this page into the given map NOW.
3898 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3899 u_int flags, int8_t psind)
3901 struct rwlock *lock;
3903 pt_entry_t new_l3, orig_l3;
3904 pt_entry_t *l2, *l3;
3911 KASSERT(ADDR_IS_CANONICAL(va),
3912 ("%s: Address not in canonical form: %lx", __func__, va));
3914 va = trunc_page(va);
3915 if ((m->oflags & VPO_UNMANAGED) == 0)
3916 VM_PAGE_OBJECT_BUSY_ASSERT(m);
3917 pa = VM_PAGE_TO_PHYS(m);
3918 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT | L3_PAGE);
3919 new_l3 |= pmap_pte_memattr(pmap, m->md.pv_memattr);
3920 new_l3 |= pmap_pte_prot(pmap, prot);
3922 if ((flags & PMAP_ENTER_WIRED) != 0)
3923 new_l3 |= ATTR_SW_WIRED;
3924 if (pmap->pm_stage == PM_STAGE1) {
3925 if (!ADDR_IS_KERNEL(va))
3926 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
3928 new_l3 |= ATTR_S1_UXN;
3929 if (pmap != kernel_pmap)
3930 new_l3 |= ATTR_S1_nG;
3933 * Clear the access flag on executable mappings, this will be
3934 * set later when the page is accessed. The fault handler is
3935 * required to invalidate the I-cache.
3937 * TODO: Switch to the valid flag to allow hardware management
3938 * of the access flag. Much of the pmap code assumes the
3939 * valid flag is set and fails to destroy the old page tables
3940 * correctly if it is clear.
3942 if (prot & VM_PROT_EXECUTE)
3945 if ((m->oflags & VPO_UNMANAGED) == 0) {
3946 new_l3 |= ATTR_SW_MANAGED;
3947 if ((prot & VM_PROT_WRITE) != 0) {
3948 new_l3 |= ATTR_SW_DBM;
3949 if ((flags & VM_PROT_WRITE) == 0) {
3950 if (pmap->pm_stage == PM_STAGE1)
3951 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_RO);
3954 ~ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE);
3959 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
3963 if ((flags & PMAP_ENTER_LARGEPAGE) != 0) {
3964 KASSERT((m->oflags & VPO_UNMANAGED) != 0,
3965 ("managed largepage va %#lx flags %#x", va, flags));
3969 else /* (psind == 1) */
3971 rv = pmap_enter_largepage(pmap, va, new_l3, flags, psind);
3975 /* Assert the required virtual and physical alignment. */
3976 KASSERT((va & L2_OFFSET) == 0, ("pmap_enter: va unaligned"));
3977 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
3978 rv = pmap_enter_l2(pmap, va, (new_l3 & ~L3_PAGE) | L2_BLOCK,
3985 * In the case that a page table page is not
3986 * resident, we are creating it here.
3989 pde = pmap_pde(pmap, va, &lvl);
3990 if (pde != NULL && lvl == 2) {
3991 l3 = pmap_l2_to_l3(pde, va);
3992 if (!ADDR_IS_KERNEL(va) && mpte == NULL) {
3993 mpte = PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3997 } else if (pde != NULL && lvl == 1) {
3998 l2 = pmap_l1_to_l2(pde, va);
3999 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK &&
4000 (l3 = pmap_demote_l2_locked(pmap, l2, va, &lock)) != NULL) {
4001 l3 = &l3[pmap_l3_index(va)];
4002 if (!ADDR_IS_KERNEL(va)) {
4003 mpte = PHYS_TO_VM_PAGE(
4004 pmap_load(l2) & ~ATTR_MASK);
4009 /* We need to allocate an L3 table. */
4011 if (!ADDR_IS_KERNEL(va)) {
4012 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
4015 * We use _pmap_alloc_l3() instead of pmap_alloc_l3() in order
4016 * to handle the possibility that a superpage mapping for "va"
4017 * was created while we slept.
4019 mpte = _pmap_alloc_l3(pmap, pmap_l2_pindex(va),
4020 nosleep ? NULL : &lock);
4021 if (mpte == NULL && nosleep) {
4022 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
4023 rv = KERN_RESOURCE_SHORTAGE;
4028 panic("pmap_enter: missing L3 table for kernel va %#lx", va);
4031 orig_l3 = pmap_load(l3);
4032 opa = orig_l3 & ~ATTR_MASK;
4036 * Is the specified virtual address already mapped?
4038 if (pmap_l3_valid(orig_l3)) {
4040 * Only allow adding new entries on stage 2 tables for now.
4041 * This simplifies cache invalidation as we may need to call
4042 * into EL2 to perform such actions.
4044 PMAP_ASSERT_STAGE1(pmap);
4046 * Wiring change, just update stats. We don't worry about
4047 * wiring PT pages as they remain resident as long as there
4048 * are valid mappings in them. Hence, if a user page is wired,
4049 * the PT page will be also.
4051 if ((flags & PMAP_ENTER_WIRED) != 0 &&
4052 (orig_l3 & ATTR_SW_WIRED) == 0)
4053 pmap->pm_stats.wired_count++;
4054 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
4055 (orig_l3 & ATTR_SW_WIRED) != 0)
4056 pmap->pm_stats.wired_count--;
4059 * Remove the extra PT page reference.
4063 KASSERT(mpte->ref_count > 0,
4064 ("pmap_enter: missing reference to page table page,"
4069 * Has the physical page changed?
4073 * No, might be a protection or wiring change.
4075 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
4076 (new_l3 & ATTR_SW_DBM) != 0)
4077 vm_page_aflag_set(m, PGA_WRITEABLE);
4082 * The physical page has changed. Temporarily invalidate
4085 orig_l3 = pmap_load_clear(l3);
4086 KASSERT((orig_l3 & ~ATTR_MASK) == opa,
4087 ("pmap_enter: unexpected pa update for %#lx", va));
4088 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
4089 om = PHYS_TO_VM_PAGE(opa);
4092 * The pmap lock is sufficient to synchronize with
4093 * concurrent calls to pmap_page_test_mappings() and
4094 * pmap_ts_referenced().
4096 if (pmap_pte_dirty(pmap, orig_l3))
4098 if ((orig_l3 & ATTR_AF) != 0) {
4099 pmap_invalidate_page(pmap, va);
4100 vm_page_aflag_set(om, PGA_REFERENCED);
4102 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
4103 pv = pmap_pvh_remove(&om->md, pmap, va);
4104 if ((m->oflags & VPO_UNMANAGED) != 0)
4105 free_pv_entry(pmap, pv);
4106 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
4107 TAILQ_EMPTY(&om->md.pv_list) &&
4108 ((om->flags & PG_FICTITIOUS) != 0 ||
4109 TAILQ_EMPTY(&page_to_pvh(om)->pv_list)))
4110 vm_page_aflag_clear(om, PGA_WRITEABLE);
4112 KASSERT((orig_l3 & ATTR_AF) != 0,
4113 ("pmap_enter: unmanaged mapping lacks ATTR_AF"));
4114 pmap_invalidate_page(pmap, va);
4119 * Increment the counters.
4121 if ((new_l3 & ATTR_SW_WIRED) != 0)
4122 pmap->pm_stats.wired_count++;
4123 pmap_resident_count_inc(pmap, 1);
4126 * Enter on the PV list if part of our managed memory.
4128 if ((m->oflags & VPO_UNMANAGED) == 0) {
4130 pv = get_pv_entry(pmap, &lock);
4133 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
4134 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4136 if ((new_l3 & ATTR_SW_DBM) != 0)
4137 vm_page_aflag_set(m, PGA_WRITEABLE);
4141 if (pmap->pm_stage == PM_STAGE1) {
4143 * Sync icache if exec permission and attribute
4144 * VM_MEMATTR_WRITE_BACK is set. Do it now, before the mapping
4145 * is stored and made valid for hardware table walk. If done
4146 * later, then other can access this page before caches are
4147 * properly synced. Don't do it for kernel memory which is
4148 * mapped with exec permission even if the memory isn't going
4149 * to hold executable code. The only time when icache sync is
4150 * needed is after kernel module is loaded and the relocation
4151 * info is processed. And it's done in elf_cpu_load_file().
4153 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
4154 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK &&
4155 (opa != pa || (orig_l3 & ATTR_S1_XN))) {
4156 PMAP_ASSERT_STAGE1(pmap);
4157 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
4160 cpu_dcache_wb_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
4164 * Update the L3 entry
4166 if (pmap_l3_valid(orig_l3)) {
4167 PMAP_ASSERT_STAGE1(pmap);
4168 KASSERT(opa == pa, ("pmap_enter: invalid update"));
4169 if ((orig_l3 & ~ATTR_AF) != (new_l3 & ~ATTR_AF)) {
4170 /* same PA, different attributes */
4171 orig_l3 = pmap_load_store(l3, new_l3);
4172 pmap_invalidate_page(pmap, va);
4173 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
4174 pmap_pte_dirty(pmap, orig_l3))
4179 * This can happens if multiple threads simultaneously
4180 * access not yet mapped page. This bad for performance
4181 * since this can cause full demotion-NOP-promotion
4183 * Another possible reasons are:
4184 * - VM and pmap memory layout are diverged
4185 * - tlb flush is missing somewhere and CPU doesn't see
4188 CTR4(KTR_PMAP, "%s: already mapped page - "
4189 "pmap %p va 0x%#lx pte 0x%lx",
4190 __func__, pmap, va, new_l3);
4194 pmap_store(l3, new_l3);
4198 #if VM_NRESERVLEVEL > 0
4200 * Try to promote from level 3 pages to a level 2 superpage. This
4201 * currently only works on stage 1 pmaps as pmap_promote_l2 looks at
4202 * stage 1 specific fields and performs a break-before-make sequence
4203 * that is incorrect a stage 2 pmap.
4205 if ((mpte == NULL || mpte->ref_count == NL3PG) &&
4206 pmap_ps_enabled(pmap) && pmap->pm_stage == PM_STAGE1 &&
4207 (m->flags & PG_FICTITIOUS) == 0 &&
4208 vm_reserv_level_iffullpop(m) == 0) {
4209 pmap_promote_l2(pmap, pde, va, &lock);
4222 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
4223 * if successful. Returns false if (1) a page table page cannot be allocated
4224 * without sleeping, (2) a mapping already exists at the specified virtual
4225 * address, or (3) a PV entry cannot be allocated without reclaiming another
4229 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
4230 struct rwlock **lockp)
4234 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4235 PMAP_ASSERT_STAGE1(pmap);
4236 KASSERT(ADDR_IS_CANONICAL(va),
4237 ("%s: Address not in canonical form: %lx", __func__, va));
4239 new_l2 = (pd_entry_t)(VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
4240 ATTR_S1_IDX(m->md.pv_memattr) | ATTR_S1_AP(ATTR_S1_AP_RO) |
4242 if ((m->oflags & VPO_UNMANAGED) == 0) {
4243 new_l2 |= ATTR_SW_MANAGED;
4246 if ((prot & VM_PROT_EXECUTE) == 0 ||
4247 m->md.pv_memattr == VM_MEMATTR_DEVICE)
4248 new_l2 |= ATTR_S1_XN;
4249 if (!ADDR_IS_KERNEL(va))
4250 new_l2 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
4252 new_l2 |= ATTR_S1_UXN;
4253 if (pmap != kernel_pmap)
4254 new_l2 |= ATTR_S1_nG;
4255 return (pmap_enter_l2(pmap, va, new_l2, PMAP_ENTER_NOSLEEP |
4256 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, m, lockp) ==
4261 * Returns true if every page table entry in the specified page table is
4265 pmap_every_pte_zero(vm_paddr_t pa)
4267 pt_entry_t *pt_end, *pte;
4269 KASSERT((pa & PAGE_MASK) == 0, ("pa is misaligned"));
4270 pte = (pt_entry_t *)PHYS_TO_DMAP(pa);
4271 for (pt_end = pte + Ln_ENTRIES; pte < pt_end; pte++) {
4279 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
4280 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
4281 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
4282 * a mapping already exists at the specified virtual address. Returns
4283 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
4284 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
4285 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
4288 pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2, u_int flags,
4289 vm_page_t m, struct rwlock **lockp)
4291 struct spglist free;
4292 pd_entry_t *l2, old_l2;
4295 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4296 KASSERT(ADDR_IS_CANONICAL(va),
4297 ("%s: Address not in canonical form: %lx", __func__, va));
4299 if ((l2 = pmap_alloc_l2(pmap, va, &l2pg, (flags &
4300 PMAP_ENTER_NOSLEEP) != 0 ? NULL : lockp)) == NULL) {
4301 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx in pmap %p",
4303 return (KERN_RESOURCE_SHORTAGE);
4307 * If there are existing mappings, either abort or remove them.
4309 if ((old_l2 = pmap_load(l2)) != 0) {
4310 KASSERT(l2pg == NULL || l2pg->ref_count > 1,
4311 ("pmap_enter_l2: l2pg's ref count is too low"));
4312 if ((flags & PMAP_ENTER_NOREPLACE) != 0 &&
4313 (!ADDR_IS_KERNEL(va) ||
4314 (old_l2 & ATTR_DESCR_MASK) == L2_BLOCK ||
4315 !pmap_every_pte_zero(old_l2 & ~ATTR_MASK))) {
4318 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx"
4319 " in pmap %p", va, pmap);
4320 return (KERN_FAILURE);
4323 if ((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK)
4324 (void)pmap_remove_l2(pmap, l2, va,
4325 pmap_load(pmap_l1(pmap, va)), &free, lockp);
4327 pmap_remove_l3_range(pmap, old_l2, va, va + L2_SIZE,
4329 if (!ADDR_IS_KERNEL(va)) {
4330 vm_page_free_pages_toq(&free, true);
4331 KASSERT(pmap_load(l2) == 0,
4332 ("pmap_enter_l2: non-zero L2 entry %p", l2));
4334 KASSERT(SLIST_EMPTY(&free),
4335 ("pmap_enter_l2: freed kernel page table page"));
4338 * Both pmap_remove_l2() and pmap_remove_l3_range()
4339 * will leave the kernel page table page zero filled.
4340 * Nonetheless, the TLB could have an intermediate
4341 * entry for the kernel page table page.
4343 mt = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
4344 if (pmap_insert_pt_page(pmap, mt, false))
4345 panic("pmap_enter_l2: trie insert failed");
4347 pmap_invalidate_page(pmap, va);
4351 if ((new_l2 & ATTR_SW_MANAGED) != 0) {
4353 * Abort this mapping if its PV entry could not be created.
4355 if (!pmap_pv_insert_l2(pmap, va, new_l2, flags, lockp)) {
4357 pmap_abort_ptp(pmap, va, l2pg);
4359 "pmap_enter_l2: failure for va %#lx in pmap %p",
4361 return (KERN_RESOURCE_SHORTAGE);
4363 if ((new_l2 & ATTR_SW_DBM) != 0)
4364 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
4365 vm_page_aflag_set(mt, PGA_WRITEABLE);
4369 * Increment counters.
4371 if ((new_l2 & ATTR_SW_WIRED) != 0)
4372 pmap->pm_stats.wired_count += L2_SIZE / PAGE_SIZE;
4373 pmap->pm_stats.resident_count += L2_SIZE / PAGE_SIZE;
4376 * Conditionally sync the icache. See pmap_enter() for details.
4378 if ((new_l2 & ATTR_S1_XN) == 0 && ((new_l2 & ~ATTR_MASK) !=
4379 (old_l2 & ~ATTR_MASK) || (old_l2 & ATTR_S1_XN) != 0) &&
4380 pmap != kernel_pmap && m->md.pv_memattr == VM_MEMATTR_WRITE_BACK) {
4381 cpu_icache_sync_range(PHYS_TO_DMAP(new_l2 & ~ATTR_MASK),
4386 * Map the superpage.
4388 pmap_store(l2, new_l2);
4391 atomic_add_long(&pmap_l2_mappings, 1);
4392 CTR2(KTR_PMAP, "pmap_enter_l2: success for va %#lx in pmap %p",
4395 return (KERN_SUCCESS);
4399 * Maps a sequence of resident pages belonging to the same object.
4400 * The sequence begins with the given page m_start. This page is
4401 * mapped at the given virtual address start. Each subsequent page is
4402 * mapped at a virtual address that is offset from start by the same
4403 * amount as the page is offset from m_start within the object. The
4404 * last page in the sequence is the page with the largest offset from
4405 * m_start that can be mapped at a virtual address less than the given
4406 * virtual address end. Not every virtual page between start and end
4407 * is mapped; only those for which a resident page exists with the
4408 * corresponding offset from m_start are mapped.
4411 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
4412 vm_page_t m_start, vm_prot_t prot)
4414 struct rwlock *lock;
4417 vm_pindex_t diff, psize;
4419 VM_OBJECT_ASSERT_LOCKED(m_start->object);
4421 psize = atop(end - start);
4426 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
4427 va = start + ptoa(diff);
4428 if ((va & L2_OFFSET) == 0 && va + L2_SIZE <= end &&
4429 m->psind == 1 && pmap_ps_enabled(pmap) &&
4430 pmap_enter_2mpage(pmap, va, m, prot, &lock))
4431 m = &m[L2_SIZE / PAGE_SIZE - 1];
4433 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte,
4435 m = TAILQ_NEXT(m, listq);
4443 * this code makes some *MAJOR* assumptions:
4444 * 1. Current pmap & pmap exists.
4447 * 4. No page table pages.
4448 * but is *MUCH* faster than pmap_enter...
4452 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
4454 struct rwlock *lock;
4458 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
4465 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
4466 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
4469 pt_entry_t *l2, *l3, l3_val;
4473 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
4474 (m->oflags & VPO_UNMANAGED) != 0,
4475 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
4476 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4477 PMAP_ASSERT_STAGE1(pmap);
4478 KASSERT(ADDR_IS_CANONICAL(va),
4479 ("%s: Address not in canonical form: %lx", __func__, va));
4481 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
4483 * In the case that a page table page is not
4484 * resident, we are creating it here.
4486 if (!ADDR_IS_KERNEL(va)) {
4487 vm_pindex_t l2pindex;
4490 * Calculate pagetable page index
4492 l2pindex = pmap_l2_pindex(va);
4493 if (mpte && (mpte->pindex == l2pindex)) {
4499 pde = pmap_pde(pmap, va, &lvl);
4502 * If the page table page is mapped, we just increment
4503 * the hold count, and activate it. Otherwise, we
4504 * attempt to allocate a page table page. If this
4505 * attempt fails, we don't retry. Instead, we give up.
4508 l2 = pmap_l1_to_l2(pde, va);
4509 if ((pmap_load(l2) & ATTR_DESCR_MASK) ==
4513 if (lvl == 2 && pmap_load(pde) != 0) {
4515 PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
4519 * Pass NULL instead of the PV list lock
4520 * pointer, because we don't intend to sleep.
4522 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
4527 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
4528 l3 = &l3[pmap_l3_index(va)];
4531 pde = pmap_pde(kernel_pmap, va, &lvl);
4532 KASSERT(pde != NULL,
4533 ("pmap_enter_quick_locked: Invalid page entry, va: 0x%lx",
4536 ("pmap_enter_quick_locked: Invalid level %d", lvl));
4537 l3 = pmap_l2_to_l3(pde, va);
4541 * Abort if a mapping already exists.
4543 if (pmap_load(l3) != 0) {
4550 * Enter on the PV list if part of our managed memory.
4552 if ((m->oflags & VPO_UNMANAGED) == 0 &&
4553 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
4555 pmap_abort_ptp(pmap, va, mpte);
4560 * Increment counters
4562 pmap_resident_count_inc(pmap, 1);
4564 pa = VM_PAGE_TO_PHYS(m);
4565 l3_val = pa | ATTR_DEFAULT | ATTR_S1_IDX(m->md.pv_memattr) |
4566 ATTR_S1_AP(ATTR_S1_AP_RO) | L3_PAGE;
4567 if ((prot & VM_PROT_EXECUTE) == 0 ||
4568 m->md.pv_memattr == VM_MEMATTR_DEVICE)
4569 l3_val |= ATTR_S1_XN;
4570 if (!ADDR_IS_KERNEL(va))
4571 l3_val |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
4573 l3_val |= ATTR_S1_UXN;
4574 if (pmap != kernel_pmap)
4575 l3_val |= ATTR_S1_nG;
4578 * Now validate mapping with RO protection
4580 if ((m->oflags & VPO_UNMANAGED) == 0) {
4581 l3_val |= ATTR_SW_MANAGED;
4585 /* Sync icache before the mapping is stored to PTE */
4586 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
4587 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK)
4588 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
4590 pmap_store(l3, l3_val);
4597 * This code maps large physical mmap regions into the
4598 * processor address space. Note that some shortcuts
4599 * are taken, but the code works.
4602 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
4603 vm_pindex_t pindex, vm_size_t size)
4606 VM_OBJECT_ASSERT_WLOCKED(object);
4607 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
4608 ("pmap_object_init_pt: non-device object"));
4612 * Clear the wired attribute from the mappings for the specified range of
4613 * addresses in the given pmap. Every valid mapping within that range
4614 * must have the wired attribute set. In contrast, invalid mappings
4615 * cannot have the wired attribute set, so they are ignored.
4617 * The wired attribute of the page table entry is not a hardware feature,
4618 * so there is no need to invalidate any TLB entries.
4621 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4623 vm_offset_t va_next;
4624 pd_entry_t *l0, *l1, *l2;
4628 for (; sva < eva; sva = va_next) {
4629 l0 = pmap_l0(pmap, sva);
4630 if (pmap_load(l0) == 0) {
4631 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
4637 l1 = pmap_l0_to_l1(l0, sva);
4638 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
4641 if (pmap_load(l1) == 0)
4644 if ((pmap_load(l1) & ATTR_DESCR_MASK) == L1_BLOCK) {
4645 KASSERT(va_next <= eva,
4646 ("partial update of non-transparent 1G page "
4647 "l1 %#lx sva %#lx eva %#lx va_next %#lx",
4648 pmap_load(l1), sva, eva, va_next));
4649 MPASS(pmap != kernel_pmap);
4650 MPASS((pmap_load(l1) & (ATTR_SW_MANAGED |
4651 ATTR_SW_WIRED)) == ATTR_SW_WIRED);
4652 pmap_clear_bits(l1, ATTR_SW_WIRED);
4653 pmap->pm_stats.wired_count -= L1_SIZE / PAGE_SIZE;
4657 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
4661 l2 = pmap_l1_to_l2(l1, sva);
4662 if (pmap_load(l2) == 0)
4665 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
4666 if ((pmap_load(l2) & ATTR_SW_WIRED) == 0)
4667 panic("pmap_unwire: l2 %#jx is missing "
4668 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l2));
4671 * Are we unwiring the entire large page? If not,
4672 * demote the mapping and fall through.
4674 if (sva + L2_SIZE == va_next && eva >= va_next) {
4675 pmap_clear_bits(l2, ATTR_SW_WIRED);
4676 pmap->pm_stats.wired_count -= L2_SIZE /
4679 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
4680 panic("pmap_unwire: demotion failed");
4682 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
4683 ("pmap_unwire: Invalid l2 entry after demotion"));
4687 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
4689 if (pmap_load(l3) == 0)
4691 if ((pmap_load(l3) & ATTR_SW_WIRED) == 0)
4692 panic("pmap_unwire: l3 %#jx is missing "
4693 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l3));
4696 * ATTR_SW_WIRED must be cleared atomically. Although
4697 * the pmap lock synchronizes access to ATTR_SW_WIRED,
4698 * the System MMU may write to the entry concurrently.
4700 pmap_clear_bits(l3, ATTR_SW_WIRED);
4701 pmap->pm_stats.wired_count--;
4708 * Copy the range specified by src_addr/len
4709 * from the source map to the range dst_addr/len
4710 * in the destination map.
4712 * This routine is only advisory and need not do anything.
4714 * Because the executable mappings created by this routine are copied,
4715 * it should not have to flush the instruction cache.
4718 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
4719 vm_offset_t src_addr)
4721 struct rwlock *lock;
4722 pd_entry_t *l0, *l1, *l2, srcptepaddr;
4723 pt_entry_t *dst_pte, mask, nbits, ptetemp, *src_pte;
4724 vm_offset_t addr, end_addr, va_next;
4725 vm_page_t dst_m, dstmpte, srcmpte;
4727 PMAP_ASSERT_STAGE1(dst_pmap);
4728 PMAP_ASSERT_STAGE1(src_pmap);
4730 if (dst_addr != src_addr)
4732 end_addr = src_addr + len;
4734 if (dst_pmap < src_pmap) {
4735 PMAP_LOCK(dst_pmap);
4736 PMAP_LOCK(src_pmap);
4738 PMAP_LOCK(src_pmap);
4739 PMAP_LOCK(dst_pmap);
4741 for (addr = src_addr; addr < end_addr; addr = va_next) {
4742 l0 = pmap_l0(src_pmap, addr);
4743 if (pmap_load(l0) == 0) {
4744 va_next = (addr + L0_SIZE) & ~L0_OFFSET;
4750 va_next = (addr + L1_SIZE) & ~L1_OFFSET;
4753 l1 = pmap_l0_to_l1(l0, addr);
4754 if (pmap_load(l1) == 0)
4756 if ((pmap_load(l1) & ATTR_DESCR_MASK) == L1_BLOCK) {
4757 KASSERT(va_next <= end_addr,
4758 ("partial update of non-transparent 1G page "
4759 "l1 %#lx addr %#lx end_addr %#lx va_next %#lx",
4760 pmap_load(l1), addr, end_addr, va_next));
4761 srcptepaddr = pmap_load(l1);
4762 l1 = pmap_l1(dst_pmap, addr);
4764 if (_pmap_alloc_l3(dst_pmap,
4765 pmap_l0_pindex(addr), NULL) == NULL)
4767 l1 = pmap_l1(dst_pmap, addr);
4769 l0 = pmap_l0(dst_pmap, addr);
4770 dst_m = PHYS_TO_VM_PAGE(pmap_load(l0) &
4774 KASSERT(pmap_load(l1) == 0,
4775 ("1G mapping present in dst pmap "
4776 "l1 %#lx addr %#lx end_addr %#lx va_next %#lx",
4777 pmap_load(l1), addr, end_addr, va_next));
4778 pmap_store(l1, srcptepaddr & ~ATTR_SW_WIRED);
4779 pmap_resident_count_inc(dst_pmap, L1_SIZE / PAGE_SIZE);
4783 va_next = (addr + L2_SIZE) & ~L2_OFFSET;
4786 l2 = pmap_l1_to_l2(l1, addr);
4787 srcptepaddr = pmap_load(l2);
4788 if (srcptepaddr == 0)
4790 if ((srcptepaddr & ATTR_DESCR_MASK) == L2_BLOCK) {
4792 * We can only virtual copy whole superpages.
4794 if ((addr & L2_OFFSET) != 0 ||
4795 addr + L2_SIZE > end_addr)
4797 l2 = pmap_alloc_l2(dst_pmap, addr, &dst_m, NULL);
4800 if (pmap_load(l2) == 0 &&
4801 ((srcptepaddr & ATTR_SW_MANAGED) == 0 ||
4802 pmap_pv_insert_l2(dst_pmap, addr, srcptepaddr,
4803 PMAP_ENTER_NORECLAIM, &lock))) {
4805 * We leave the dirty bit unchanged because
4806 * managed read/write superpage mappings are
4807 * required to be dirty. However, managed
4808 * superpage mappings are not required to
4809 * have their accessed bit set, so we clear
4810 * it because we don't know if this mapping
4813 srcptepaddr &= ~ATTR_SW_WIRED;
4814 if ((srcptepaddr & ATTR_SW_MANAGED) != 0)
4815 srcptepaddr &= ~ATTR_AF;
4816 pmap_store(l2, srcptepaddr);
4817 pmap_resident_count_inc(dst_pmap, L2_SIZE /
4819 atomic_add_long(&pmap_l2_mappings, 1);
4821 pmap_abort_ptp(dst_pmap, addr, dst_m);
4824 KASSERT((srcptepaddr & ATTR_DESCR_MASK) == L2_TABLE,
4825 ("pmap_copy: invalid L2 entry"));
4826 srcptepaddr &= ~ATTR_MASK;
4827 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr);
4828 KASSERT(srcmpte->ref_count > 0,
4829 ("pmap_copy: source page table page is unused"));
4830 if (va_next > end_addr)
4832 src_pte = (pt_entry_t *)PHYS_TO_DMAP(srcptepaddr);
4833 src_pte = &src_pte[pmap_l3_index(addr)];
4835 for (; addr < va_next; addr += PAGE_SIZE, src_pte++) {
4836 ptetemp = pmap_load(src_pte);
4839 * We only virtual copy managed pages.
4841 if ((ptetemp & ATTR_SW_MANAGED) == 0)
4844 if (dstmpte != NULL) {
4845 KASSERT(dstmpte->pindex == pmap_l2_pindex(addr),
4846 ("dstmpte pindex/addr mismatch"));
4847 dstmpte->ref_count++;
4848 } else if ((dstmpte = pmap_alloc_l3(dst_pmap, addr,
4851 dst_pte = (pt_entry_t *)
4852 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
4853 dst_pte = &dst_pte[pmap_l3_index(addr)];
4854 if (pmap_load(dst_pte) == 0 &&
4855 pmap_try_insert_pv_entry(dst_pmap, addr,
4856 PHYS_TO_VM_PAGE(ptetemp & ~ATTR_MASK), &lock)) {
4858 * Clear the wired, modified, and accessed
4859 * (referenced) bits during the copy.
4861 mask = ATTR_AF | ATTR_SW_WIRED;
4863 if ((ptetemp & ATTR_SW_DBM) != 0)
4864 nbits |= ATTR_S1_AP_RW_BIT;
4865 pmap_store(dst_pte, (ptetemp & ~mask) | nbits);
4866 pmap_resident_count_inc(dst_pmap, 1);
4868 pmap_abort_ptp(dst_pmap, addr, dstmpte);
4871 /* Have we copied all of the valid mappings? */
4872 if (dstmpte->ref_count >= srcmpte->ref_count)
4878 * XXX This barrier may not be needed because the destination pmap is
4885 PMAP_UNLOCK(src_pmap);
4886 PMAP_UNLOCK(dst_pmap);
4890 * pmap_zero_page zeros the specified hardware page by mapping
4891 * the page into KVM and using bzero to clear its contents.
4894 pmap_zero_page(vm_page_t m)
4896 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4898 pagezero((void *)va);
4902 * pmap_zero_page_area zeros the specified hardware page by mapping
4903 * the page into KVM and using bzero to clear its contents.
4905 * off and size may not cover an area beyond a single hardware page.
4908 pmap_zero_page_area(vm_page_t m, int off, int size)
4910 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4912 if (off == 0 && size == PAGE_SIZE)
4913 pagezero((void *)va);
4915 bzero((char *)va + off, size);
4919 * pmap_copy_page copies the specified (machine independent)
4920 * page by mapping the page into virtual memory and using
4921 * bcopy to copy the page, one machine dependent page at a
4925 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
4927 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
4928 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
4930 pagecopy((void *)src, (void *)dst);
4933 int unmapped_buf_allowed = 1;
4936 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
4937 vm_offset_t b_offset, int xfersize)
4941 vm_paddr_t p_a, p_b;
4942 vm_offset_t a_pg_offset, b_pg_offset;
4945 while (xfersize > 0) {
4946 a_pg_offset = a_offset & PAGE_MASK;
4947 m_a = ma[a_offset >> PAGE_SHIFT];
4948 p_a = m_a->phys_addr;
4949 b_pg_offset = b_offset & PAGE_MASK;
4950 m_b = mb[b_offset >> PAGE_SHIFT];
4951 p_b = m_b->phys_addr;
4952 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
4953 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
4954 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
4955 panic("!DMAP a %lx", p_a);
4957 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
4959 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
4960 panic("!DMAP b %lx", p_b);
4962 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
4964 bcopy(a_cp, b_cp, cnt);
4972 pmap_quick_enter_page(vm_page_t m)
4975 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
4979 pmap_quick_remove_page(vm_offset_t addr)
4984 * Returns true if the pmap's pv is one of the first
4985 * 16 pvs linked to from this page. This count may
4986 * be changed upwards or downwards in the future; it
4987 * is only necessary that true be returned for a small
4988 * subset of pmaps for proper page aging.
4991 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4993 struct md_page *pvh;
4994 struct rwlock *lock;
4999 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5000 ("pmap_page_exists_quick: page %p is not managed", m));
5002 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5004 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5005 if (PV_PMAP(pv) == pmap) {
5013 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
5014 pvh = page_to_pvh(m);
5015 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5016 if (PV_PMAP(pv) == pmap) {
5030 * pmap_page_wired_mappings:
5032 * Return the number of managed mappings to the given physical page
5036 pmap_page_wired_mappings(vm_page_t m)
5038 struct rwlock *lock;
5039 struct md_page *pvh;
5043 int count, lvl, md_gen, pvh_gen;
5045 if ((m->oflags & VPO_UNMANAGED) != 0)
5047 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5051 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5053 if (!PMAP_TRYLOCK(pmap)) {
5054 md_gen = m->md.pv_gen;
5058 if (md_gen != m->md.pv_gen) {
5063 pte = pmap_pte(pmap, pv->pv_va, &lvl);
5064 if (pte != NULL && (pmap_load(pte) & ATTR_SW_WIRED) != 0)
5068 if ((m->flags & PG_FICTITIOUS) == 0) {
5069 pvh = page_to_pvh(m);
5070 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5072 if (!PMAP_TRYLOCK(pmap)) {
5073 md_gen = m->md.pv_gen;
5074 pvh_gen = pvh->pv_gen;
5078 if (md_gen != m->md.pv_gen ||
5079 pvh_gen != pvh->pv_gen) {
5084 pte = pmap_pte(pmap, pv->pv_va, &lvl);
5086 (pmap_load(pte) & ATTR_SW_WIRED) != 0)
5096 * Returns true if the given page is mapped individually or as part of
5097 * a 2mpage. Otherwise, returns false.
5100 pmap_page_is_mapped(vm_page_t m)
5102 struct rwlock *lock;
5105 if ((m->oflags & VPO_UNMANAGED) != 0)
5107 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5109 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
5110 ((m->flags & PG_FICTITIOUS) == 0 &&
5111 !TAILQ_EMPTY(&page_to_pvh(m)->pv_list));
5117 * Destroy all managed, non-wired mappings in the given user-space
5118 * pmap. This pmap cannot be active on any processor besides the
5121 * This function cannot be applied to the kernel pmap. Moreover, it
5122 * is not intended for general use. It is only to be used during
5123 * process termination. Consequently, it can be implemented in ways
5124 * that make it faster than pmap_remove(). First, it can more quickly
5125 * destroy mappings by iterating over the pmap's collection of PV
5126 * entries, rather than searching the page table. Second, it doesn't
5127 * have to test and clear the page table entries atomically, because
5128 * no processor is currently accessing the user address space. In
5129 * particular, a page table entry's dirty bit won't change state once
5130 * this function starts.
5133 pmap_remove_pages(pmap_t pmap)
5136 pt_entry_t *pte, tpte;
5137 struct spglist free;
5138 vm_page_t m, ml3, mt;
5140 struct md_page *pvh;
5141 struct pv_chunk *pc, *npc;
5142 struct rwlock *lock;
5144 uint64_t inuse, bitmask;
5145 int allfree, field, freed, idx, lvl;
5152 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
5155 for (field = 0; field < _NPCM; field++) {
5156 inuse = ~pc->pc_map[field] & pc_freemask[field];
5157 while (inuse != 0) {
5158 bit = ffsl(inuse) - 1;
5159 bitmask = 1UL << bit;
5160 idx = field * 64 + bit;
5161 pv = &pc->pc_pventry[idx];
5164 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5165 KASSERT(pde != NULL,
5166 ("Attempting to remove an unmapped page"));
5170 pte = pmap_l1_to_l2(pde, pv->pv_va);
5171 tpte = pmap_load(pte);
5172 KASSERT((tpte & ATTR_DESCR_MASK) ==
5174 ("Attempting to remove an invalid "
5175 "block: %lx", tpte));
5178 pte = pmap_l2_to_l3(pde, pv->pv_va);
5179 tpte = pmap_load(pte);
5180 KASSERT((tpte & ATTR_DESCR_MASK) ==
5182 ("Attempting to remove an invalid "
5183 "page: %lx", tpte));
5187 "Invalid page directory level: %d",
5192 * We cannot remove wired pages from a process' mapping at this time
5194 if (tpte & ATTR_SW_WIRED) {
5200 pc->pc_map[field] |= bitmask;
5203 * Because this pmap is not active on other
5204 * processors, the dirty bit cannot have
5205 * changed state since we last loaded pte.
5209 pa = tpte & ~ATTR_MASK;
5211 m = PHYS_TO_VM_PAGE(pa);
5212 KASSERT(m->phys_addr == pa,
5213 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
5214 m, (uintmax_t)m->phys_addr,
5217 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
5218 m < &vm_page_array[vm_page_array_size],
5219 ("pmap_remove_pages: bad pte %#jx",
5223 * Update the vm_page_t clean/reference bits.
5225 if (pmap_pte_dirty(pmap, tpte)) {
5228 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
5237 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
5241 pmap_resident_count_dec(pmap,
5242 L2_SIZE / PAGE_SIZE);
5243 pvh = page_to_pvh(m);
5244 TAILQ_REMOVE(&pvh->pv_list, pv,pv_next);
5246 if (TAILQ_EMPTY(&pvh->pv_list)) {
5247 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
5248 if ((mt->a.flags & PGA_WRITEABLE) != 0 &&
5249 TAILQ_EMPTY(&mt->md.pv_list))
5250 vm_page_aflag_clear(mt, PGA_WRITEABLE);
5252 ml3 = pmap_remove_pt_page(pmap,
5255 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
5256 ("pmap_remove_pages: l3 page not promoted"));
5257 pmap_resident_count_dec(pmap,1);
5258 KASSERT(ml3->ref_count == NL3PG,
5259 ("pmap_remove_pages: l3 page ref count error"));
5261 pmap_add_delayed_free_list(ml3,
5266 pmap_resident_count_dec(pmap, 1);
5267 TAILQ_REMOVE(&m->md.pv_list, pv,
5270 if ((m->a.flags & PGA_WRITEABLE) != 0 &&
5271 TAILQ_EMPTY(&m->md.pv_list) &&
5272 (m->flags & PG_FICTITIOUS) == 0) {
5273 pvh = page_to_pvh(m);
5274 if (TAILQ_EMPTY(&pvh->pv_list))
5275 vm_page_aflag_clear(m,
5280 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(pde),
5285 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
5286 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
5287 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
5289 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
5295 pmap_invalidate_all(pmap);
5297 vm_page_free_pages_toq(&free, true);
5301 * This is used to check if a page has been accessed or modified.
5304 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
5306 struct rwlock *lock;
5308 struct md_page *pvh;
5309 pt_entry_t *pte, mask, value;
5311 int lvl, md_gen, pvh_gen;
5315 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5318 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5320 PMAP_ASSERT_STAGE1(pmap);
5321 if (!PMAP_TRYLOCK(pmap)) {
5322 md_gen = m->md.pv_gen;
5326 if (md_gen != m->md.pv_gen) {
5331 pte = pmap_pte(pmap, pv->pv_va, &lvl);
5333 ("pmap_page_test_mappings: Invalid level %d", lvl));
5337 mask |= ATTR_S1_AP_RW_BIT;
5338 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
5341 mask |= ATTR_AF | ATTR_DESCR_MASK;
5342 value |= ATTR_AF | L3_PAGE;
5344 rv = (pmap_load(pte) & mask) == value;
5349 if ((m->flags & PG_FICTITIOUS) == 0) {
5350 pvh = page_to_pvh(m);
5351 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
5353 PMAP_ASSERT_STAGE1(pmap);
5354 if (!PMAP_TRYLOCK(pmap)) {
5355 md_gen = m->md.pv_gen;
5356 pvh_gen = pvh->pv_gen;
5360 if (md_gen != m->md.pv_gen ||
5361 pvh_gen != pvh->pv_gen) {
5366 pte = pmap_pte(pmap, pv->pv_va, &lvl);
5368 ("pmap_page_test_mappings: Invalid level %d", lvl));
5372 mask |= ATTR_S1_AP_RW_BIT;
5373 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
5376 mask |= ATTR_AF | ATTR_DESCR_MASK;
5377 value |= ATTR_AF | L2_BLOCK;
5379 rv = (pmap_load(pte) & mask) == value;
5393 * Return whether or not the specified physical page was modified
5394 * in any physical maps.
5397 pmap_is_modified(vm_page_t m)
5400 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5401 ("pmap_is_modified: page %p is not managed", m));
5404 * If the page is not busied then this check is racy.
5406 if (!pmap_page_is_write_mapped(m))
5408 return (pmap_page_test_mappings(m, FALSE, TRUE));
5412 * pmap_is_prefaultable:
5414 * Return whether or not the specified virtual address is eligible
5418 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
5426 pte = pmap_pte(pmap, addr, &lvl);
5427 if (pte != NULL && pmap_load(pte) != 0) {
5435 * pmap_is_referenced:
5437 * Return whether or not the specified physical page was referenced
5438 * in any physical maps.
5441 pmap_is_referenced(vm_page_t m)
5444 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5445 ("pmap_is_referenced: page %p is not managed", m));
5446 return (pmap_page_test_mappings(m, TRUE, FALSE));
5450 * Clear the write and modified bits in each of the given page's mappings.
5453 pmap_remove_write(vm_page_t m)
5455 struct md_page *pvh;
5457 struct rwlock *lock;
5458 pv_entry_t next_pv, pv;
5459 pt_entry_t oldpte, *pte;
5461 int lvl, md_gen, pvh_gen;
5463 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5464 ("pmap_remove_write: page %p is not managed", m));
5465 vm_page_assert_busied(m);
5467 if (!pmap_page_is_write_mapped(m))
5469 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5470 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : page_to_pvh(m);
5473 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5475 PMAP_ASSERT_STAGE1(pmap);
5476 if (!PMAP_TRYLOCK(pmap)) {
5477 pvh_gen = pvh->pv_gen;
5481 if (pvh_gen != pvh->pv_gen) {
5487 pte = pmap_pte(pmap, va, &lvl);
5488 if ((pmap_load(pte) & ATTR_SW_DBM) != 0)
5489 (void)pmap_demote_l2_locked(pmap, pte, va, &lock);
5490 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
5491 ("inconsistent pv lock %p %p for page %p",
5492 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
5495 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5497 PMAP_ASSERT_STAGE1(pmap);
5498 if (!PMAP_TRYLOCK(pmap)) {
5499 pvh_gen = pvh->pv_gen;
5500 md_gen = m->md.pv_gen;
5504 if (pvh_gen != pvh->pv_gen ||
5505 md_gen != m->md.pv_gen) {
5510 pte = pmap_pte(pmap, pv->pv_va, &lvl);
5511 oldpte = pmap_load(pte);
5512 if ((oldpte & ATTR_SW_DBM) != 0) {
5513 while (!atomic_fcmpset_64(pte, &oldpte,
5514 (oldpte | ATTR_S1_AP_RW_BIT) & ~ATTR_SW_DBM))
5516 if ((oldpte & ATTR_S1_AP_RW_BIT) ==
5517 ATTR_S1_AP(ATTR_S1_AP_RW))
5519 pmap_invalidate_page(pmap, pv->pv_va);
5524 vm_page_aflag_clear(m, PGA_WRITEABLE);
5528 * pmap_ts_referenced:
5530 * Return a count of reference bits for a page, clearing those bits.
5531 * It is not necessary for every reference bit to be cleared, but it
5532 * is necessary that 0 only be returned when there are truly no
5533 * reference bits set.
5535 * As an optimization, update the page's dirty field if a modified bit is
5536 * found while counting reference bits. This opportunistic update can be
5537 * performed at low cost and can eliminate the need for some future calls
5538 * to pmap_is_modified(). However, since this function stops after
5539 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
5540 * dirty pages. Those dirty pages will only be detected by a future call
5541 * to pmap_is_modified().
5544 pmap_ts_referenced(vm_page_t m)
5546 struct md_page *pvh;
5549 struct rwlock *lock;
5550 pd_entry_t *pde, tpde;
5551 pt_entry_t *pte, tpte;
5554 int cleared, lvl, md_gen, not_cleared, pvh_gen;
5555 struct spglist free;
5557 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5558 ("pmap_ts_referenced: page %p is not managed", m));
5561 pa = VM_PAGE_TO_PHYS(m);
5562 lock = PHYS_TO_PV_LIST_LOCK(pa);
5563 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : page_to_pvh(m);
5567 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
5568 goto small_mappings;
5574 if (!PMAP_TRYLOCK(pmap)) {
5575 pvh_gen = pvh->pv_gen;
5579 if (pvh_gen != pvh->pv_gen) {
5585 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5586 KASSERT(pde != NULL, ("pmap_ts_referenced: no l1 table found"));
5588 ("pmap_ts_referenced: invalid pde level %d", lvl));
5589 tpde = pmap_load(pde);
5590 KASSERT((tpde & ATTR_DESCR_MASK) == L1_TABLE,
5591 ("pmap_ts_referenced: found an invalid l1 table"));
5592 pte = pmap_l1_to_l2(pde, pv->pv_va);
5593 tpte = pmap_load(pte);
5594 if (pmap_pte_dirty(pmap, tpte)) {
5596 * Although "tpte" is mapping a 2MB page, because
5597 * this function is called at a 4KB page granularity,
5598 * we only update the 4KB page under test.
5603 if ((tpte & ATTR_AF) != 0) {
5605 * Since this reference bit is shared by 512 4KB pages,
5606 * it should not be cleared every time it is tested.
5607 * Apply a simple "hash" function on the physical page
5608 * number, the virtual superpage number, and the pmap
5609 * address to select one 4KB page out of the 512 on
5610 * which testing the reference bit will result in
5611 * clearing that reference bit. This function is
5612 * designed to avoid the selection of the same 4KB page
5613 * for every 2MB page mapping.
5615 * On demotion, a mapping that hasn't been referenced
5616 * is simply destroyed. To avoid the possibility of a
5617 * subsequent page fault on a demoted wired mapping,
5618 * always leave its reference bit set. Moreover,
5619 * since the superpage is wired, the current state of
5620 * its reference bit won't affect page replacement.
5622 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
5623 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
5624 (tpte & ATTR_SW_WIRED) == 0) {
5625 pmap_clear_bits(pte, ATTR_AF);
5626 pmap_invalidate_page(pmap, pv->pv_va);
5632 /* Rotate the PV list if it has more than one entry. */
5633 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5634 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
5635 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
5638 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
5640 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
5642 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
5649 if (!PMAP_TRYLOCK(pmap)) {
5650 pvh_gen = pvh->pv_gen;
5651 md_gen = m->md.pv_gen;
5655 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5660 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5661 KASSERT(pde != NULL, ("pmap_ts_referenced: no l2 table found"));
5663 ("pmap_ts_referenced: invalid pde level %d", lvl));
5664 tpde = pmap_load(pde);
5665 KASSERT((tpde & ATTR_DESCR_MASK) == L2_TABLE,
5666 ("pmap_ts_referenced: found an invalid l2 table"));
5667 pte = pmap_l2_to_l3(pde, pv->pv_va);
5668 tpte = pmap_load(pte);
5669 if (pmap_pte_dirty(pmap, tpte))
5671 if ((tpte & ATTR_AF) != 0) {
5672 if ((tpte & ATTR_SW_WIRED) == 0) {
5673 pmap_clear_bits(pte, ATTR_AF);
5674 pmap_invalidate_page(pmap, pv->pv_va);
5680 /* Rotate the PV list if it has more than one entry. */
5681 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5682 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
5683 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
5686 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
5687 not_cleared < PMAP_TS_REFERENCED_MAX);
5690 vm_page_free_pages_toq(&free, true);
5691 return (cleared + not_cleared);
5695 * Apply the given advice to the specified range of addresses within the
5696 * given pmap. Depending on the advice, clear the referenced and/or
5697 * modified flags in each mapping and set the mapped page's dirty field.
5700 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
5702 struct rwlock *lock;
5703 vm_offset_t va, va_next;
5705 pd_entry_t *l0, *l1, *l2, oldl2;
5706 pt_entry_t *l3, oldl3;
5708 PMAP_ASSERT_STAGE1(pmap);
5710 if (advice != MADV_DONTNEED && advice != MADV_FREE)
5714 for (; sva < eva; sva = va_next) {
5715 l0 = pmap_l0(pmap, sva);
5716 if (pmap_load(l0) == 0) {
5717 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
5723 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
5726 l1 = pmap_l0_to_l1(l0, sva);
5727 if (pmap_load(l1) == 0)
5729 if ((pmap_load(l1) & ATTR_DESCR_MASK) == L1_BLOCK) {
5730 KASSERT(va_next <= eva,
5731 ("partial update of non-transparent 1G page "
5732 "l1 %#lx sva %#lx eva %#lx va_next %#lx",
5733 pmap_load(l1), sva, eva, va_next));
5737 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
5740 l2 = pmap_l1_to_l2(l1, sva);
5741 oldl2 = pmap_load(l2);
5744 if ((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK) {
5745 if ((oldl2 & ATTR_SW_MANAGED) == 0)
5748 if (!pmap_demote_l2_locked(pmap, l2, sva, &lock)) {
5753 * The 2MB page mapping was destroyed.
5759 * Unless the page mappings are wired, remove the
5760 * mapping to a single page so that a subsequent
5761 * access may repromote. Choosing the last page
5762 * within the address range [sva, min(va_next, eva))
5763 * generally results in more repromotions. Since the
5764 * underlying page table page is fully populated, this
5765 * removal never frees a page table page.
5767 if ((oldl2 & ATTR_SW_WIRED) == 0) {
5773 ("pmap_advise: no address gap"));
5774 l3 = pmap_l2_to_l3(l2, va);
5775 KASSERT(pmap_load(l3) != 0,
5776 ("pmap_advise: invalid PTE"));
5777 pmap_remove_l3(pmap, l3, va, pmap_load(l2),
5783 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
5784 ("pmap_advise: invalid L2 entry after demotion"));
5788 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
5790 oldl3 = pmap_load(l3);
5791 if ((oldl3 & (ATTR_SW_MANAGED | ATTR_DESCR_MASK)) !=
5792 (ATTR_SW_MANAGED | L3_PAGE))
5794 else if (pmap_pte_dirty(pmap, oldl3)) {
5795 if (advice == MADV_DONTNEED) {
5797 * Future calls to pmap_is_modified()
5798 * can be avoided by making the page
5801 m = PHYS_TO_VM_PAGE(oldl3 & ~ATTR_MASK);
5804 while (!atomic_fcmpset_long(l3, &oldl3,
5805 (oldl3 & ~ATTR_AF) |
5806 ATTR_S1_AP(ATTR_S1_AP_RO)))
5808 } else if ((oldl3 & ATTR_AF) != 0)
5809 pmap_clear_bits(l3, ATTR_AF);
5816 if (va != va_next) {
5817 pmap_invalidate_range(pmap, va, sva);
5822 pmap_invalidate_range(pmap, va, sva);
5828 * Clear the modify bits on the specified physical page.
5831 pmap_clear_modify(vm_page_t m)
5833 struct md_page *pvh;
5834 struct rwlock *lock;
5836 pv_entry_t next_pv, pv;
5837 pd_entry_t *l2, oldl2;
5838 pt_entry_t *l3, oldl3;
5840 int md_gen, pvh_gen;
5842 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5843 ("pmap_clear_modify: page %p is not managed", m));
5844 vm_page_assert_busied(m);
5846 if (!pmap_page_is_write_mapped(m))
5848 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : page_to_pvh(m);
5849 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5852 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5854 PMAP_ASSERT_STAGE1(pmap);
5855 if (!PMAP_TRYLOCK(pmap)) {
5856 pvh_gen = pvh->pv_gen;
5860 if (pvh_gen != pvh->pv_gen) {
5866 l2 = pmap_l2(pmap, va);
5867 oldl2 = pmap_load(l2);
5868 /* If oldl2 has ATTR_SW_DBM set, then it is also dirty. */
5869 if ((oldl2 & ATTR_SW_DBM) != 0 &&
5870 pmap_demote_l2_locked(pmap, l2, va, &lock) &&
5871 (oldl2 & ATTR_SW_WIRED) == 0) {
5873 * Write protect the mapping to a single page so that
5874 * a subsequent write access may repromote.
5876 va += VM_PAGE_TO_PHYS(m) - (oldl2 & ~ATTR_MASK);
5877 l3 = pmap_l2_to_l3(l2, va);
5878 oldl3 = pmap_load(l3);
5879 while (!atomic_fcmpset_long(l3, &oldl3,
5880 (oldl3 & ~ATTR_SW_DBM) | ATTR_S1_AP(ATTR_S1_AP_RO)))
5883 pmap_invalidate_page(pmap, va);
5887 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5889 PMAP_ASSERT_STAGE1(pmap);
5890 if (!PMAP_TRYLOCK(pmap)) {
5891 md_gen = m->md.pv_gen;
5892 pvh_gen = pvh->pv_gen;
5896 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5901 l2 = pmap_l2(pmap, pv->pv_va);
5902 l3 = pmap_l2_to_l3(l2, pv->pv_va);
5903 oldl3 = pmap_load(l3);
5904 if ((oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) == ATTR_SW_DBM){
5905 pmap_set_bits(l3, ATTR_S1_AP(ATTR_S1_AP_RO));
5906 pmap_invalidate_page(pmap, pv->pv_va);
5914 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5916 struct pmap_preinit_mapping *ppim;
5917 vm_offset_t va, offset;
5920 int i, lvl, l2_blocks, free_l2_count, start_idx;
5922 if (!vm_initialized) {
5924 * No L3 ptables so map entire L2 blocks where start VA is:
5925 * preinit_map_va + start_idx * L2_SIZE
5926 * There may be duplicate mappings (multiple VA -> same PA) but
5927 * ARM64 dcache is always PIPT so that's acceptable.
5932 /* Calculate how many L2 blocks are needed for the mapping */
5933 l2_blocks = (roundup2(pa + size, L2_SIZE) -
5934 rounddown2(pa, L2_SIZE)) >> L2_SHIFT;
5936 offset = pa & L2_OFFSET;
5938 if (preinit_map_va == 0)
5941 /* Map 2MiB L2 blocks from reserved VA space */
5945 /* Find enough free contiguous VA space */
5946 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
5947 ppim = pmap_preinit_mapping + i;
5948 if (free_l2_count > 0 && ppim->pa != 0) {
5949 /* Not enough space here */
5955 if (ppim->pa == 0) {
5957 if (start_idx == -1)
5960 if (free_l2_count == l2_blocks)
5964 if (free_l2_count != l2_blocks)
5965 panic("%s: too many preinit mappings", __func__);
5967 va = preinit_map_va + (start_idx * L2_SIZE);
5968 for (i = start_idx; i < start_idx + l2_blocks; i++) {
5969 /* Mark entries as allocated */
5970 ppim = pmap_preinit_mapping + i;
5972 ppim->va = va + offset;
5977 pa = rounddown2(pa, L2_SIZE);
5978 for (i = 0; i < l2_blocks; i++) {
5979 pde = pmap_pde(kernel_pmap, va, &lvl);
5980 KASSERT(pde != NULL,
5981 ("pmap_mapbios: Invalid page entry, va: 0x%lx",
5984 ("pmap_mapbios: Invalid level %d", lvl));
5986 /* Insert L2_BLOCK */
5987 l2 = pmap_l1_to_l2(pde, va);
5989 pa | ATTR_DEFAULT | ATTR_S1_XN |
5990 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L2_BLOCK);
5995 pmap_invalidate_all(kernel_pmap);
5997 va = preinit_map_va + (start_idx * L2_SIZE);
6000 /* kva_alloc may be used to map the pages */
6001 offset = pa & PAGE_MASK;
6002 size = round_page(offset + size);
6004 va = kva_alloc(size);
6006 panic("%s: Couldn't allocate KVA", __func__);
6008 pde = pmap_pde(kernel_pmap, va, &lvl);
6009 KASSERT(lvl == 2, ("pmap_mapbios: Invalid level %d", lvl));
6011 /* L3 table is linked */
6012 va = trunc_page(va);
6013 pa = trunc_page(pa);
6014 pmap_kenter(va, size, pa, memory_mapping_mode(pa));
6017 return ((void *)(va + offset));
6021 pmap_unmapbios(vm_offset_t va, vm_size_t size)
6023 struct pmap_preinit_mapping *ppim;
6024 vm_offset_t offset, tmpsize, va_trunc;
6027 int i, lvl, l2_blocks, block;
6031 (roundup2(va + size, L2_SIZE) - rounddown2(va, L2_SIZE)) >> L2_SHIFT;
6032 KASSERT(l2_blocks > 0, ("pmap_unmapbios: invalid size %lx", size));
6034 /* Remove preinit mapping */
6035 preinit_map = false;
6037 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
6038 ppim = pmap_preinit_mapping + i;
6039 if (ppim->va == va) {
6040 KASSERT(ppim->size == size,
6041 ("pmap_unmapbios: size mismatch"));
6046 offset = block * L2_SIZE;
6047 va_trunc = rounddown2(va, L2_SIZE) + offset;
6049 /* Remove L2_BLOCK */
6050 pde = pmap_pde(kernel_pmap, va_trunc, &lvl);
6051 KASSERT(pde != NULL,
6052 ("pmap_unmapbios: Invalid page entry, va: 0x%lx",
6054 l2 = pmap_l1_to_l2(pde, va_trunc);
6057 if (block == (l2_blocks - 1))
6063 pmap_invalidate_all(kernel_pmap);
6067 /* Unmap the pages reserved with kva_alloc. */
6068 if (vm_initialized) {
6069 offset = va & PAGE_MASK;
6070 size = round_page(offset + size);
6071 va = trunc_page(va);
6073 pde = pmap_pde(kernel_pmap, va, &lvl);
6074 KASSERT(pde != NULL,
6075 ("pmap_unmapbios: Invalid page entry, va: 0x%lx", va));
6076 KASSERT(lvl == 2, ("pmap_unmapbios: Invalid level %d", lvl));
6078 /* Unmap and invalidate the pages */
6079 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
6080 pmap_kremove(va + tmpsize);
6087 * Sets the memory attribute for the specified page.
6090 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
6093 m->md.pv_memattr = ma;
6096 * If "m" is a normal page, update its direct mapping. This update
6097 * can be relied upon to perform any cache operations that are
6098 * required for data coherence.
6100 if ((m->flags & PG_FICTITIOUS) == 0 &&
6101 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
6102 m->md.pv_memattr) != 0)
6103 panic("memory attribute change on the direct map failed");
6107 * Changes the specified virtual address range's memory type to that given by
6108 * the parameter "mode". The specified virtual address range must be
6109 * completely contained within either the direct map or the kernel map. If
6110 * the virtual address range is contained within the kernel map, then the
6111 * memory type for each of the corresponding ranges of the direct map is also
6112 * changed. (The corresponding ranges of the direct map are those ranges that
6113 * map the same physical pages as the specified virtual address range.) These
6114 * changes to the direct map are necessary because Intel describes the
6115 * behavior of their processors as "undefined" if two or more mappings to the
6116 * same physical page have different memory types.
6118 * Returns zero if the change completed successfully, and either EINVAL or
6119 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
6120 * of the virtual address range was not mapped, and ENOMEM is returned if
6121 * there was insufficient memory available to complete the change. In the
6122 * latter case, the memory type may have been changed on some part of the
6123 * virtual address range or the direct map.
6126 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
6130 PMAP_LOCK(kernel_pmap);
6131 error = pmap_change_props_locked(va, size, PROT_NONE, mode);
6132 PMAP_UNLOCK(kernel_pmap);
6137 * Changes the specified virtual address range's protections to those
6138 * specified by "prot". Like pmap_change_attr(), protections for aliases
6139 * in the direct map are updated as well. Protections on aliasing mappings may
6140 * be a subset of the requested protections; for example, mappings in the direct
6141 * map are never executable.
6144 pmap_change_prot(vm_offset_t va, vm_size_t size, vm_prot_t prot)
6148 /* Only supported within the kernel map. */
6149 if (va < VM_MIN_KERNEL_ADDRESS)
6152 PMAP_LOCK(kernel_pmap);
6153 error = pmap_change_props_locked(va, size, prot, -1);
6154 PMAP_UNLOCK(kernel_pmap);
6159 pmap_change_props_locked(vm_offset_t va, vm_size_t size, vm_prot_t prot,
6162 vm_offset_t base, offset, tmpva;
6163 pt_entry_t l3, *pte, *newpte;
6164 pt_entry_t bits, mask;
6167 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
6168 base = trunc_page(va);
6169 offset = va & PAGE_MASK;
6170 size = round_page(offset + size);
6172 if (!VIRT_IN_DMAP(base) &&
6173 !(base >= VM_MIN_KERNEL_ADDRESS && base < VM_MAX_KERNEL_ADDRESS))
6179 bits = ATTR_S1_IDX(mode);
6180 mask = ATTR_S1_IDX_MASK;
6181 if (mode == VM_MEMATTR_DEVICE) {
6186 if (prot != VM_PROT_NONE) {
6187 /* Don't mark the DMAP as executable. It never is on arm64. */
6188 if (VIRT_IN_DMAP(base)) {
6189 prot &= ~VM_PROT_EXECUTE;
6191 * XXX Mark the DMAP as writable for now. We rely
6192 * on this in ddb & dtrace to insert breakpoint
6195 prot |= VM_PROT_WRITE;
6198 if ((prot & VM_PROT_WRITE) == 0) {
6199 bits |= ATTR_S1_AP(ATTR_S1_AP_RO);
6201 if ((prot & VM_PROT_EXECUTE) == 0) {
6202 bits |= ATTR_S1_PXN;
6204 bits |= ATTR_S1_UXN;
6205 mask |= ATTR_S1_AP_MASK | ATTR_S1_XN;
6208 for (tmpva = base; tmpva < base + size; ) {
6209 pte = pmap_pte(kernel_pmap, tmpva, &lvl);
6213 if ((pmap_load(pte) & mask) == bits) {
6215 * We already have the correct attribute,
6216 * ignore this entry.
6220 panic("Invalid DMAP table level: %d\n", lvl);
6222 tmpva = (tmpva & ~L1_OFFSET) + L1_SIZE;
6225 tmpva = (tmpva & ~L2_OFFSET) + L2_SIZE;
6233 * Split the entry to an level 3 table, then
6234 * set the new attribute.
6238 panic("Invalid DMAP table level: %d\n", lvl);
6240 newpte = pmap_demote_l1(kernel_pmap, pte,
6241 tmpva & ~L1_OFFSET);
6244 pte = pmap_l1_to_l2(pte, tmpva);
6246 newpte = pmap_demote_l2(kernel_pmap, pte,
6250 pte = pmap_l2_to_l3(pte, tmpva);
6252 /* Update the entry */
6253 l3 = pmap_load(pte);
6257 pmap_update_entry(kernel_pmap, pte, l3, tmpva,
6260 if (!VIRT_IN_DMAP(tmpva)) {
6262 * Keep the DMAP memory in sync.
6264 rv = pmap_change_props_locked(
6265 PHYS_TO_DMAP(l3 & ~ATTR_MASK),
6266 L3_SIZE, prot, mode);
6272 * If moving to a non-cacheable entry flush
6275 if (mode == VM_MEMATTR_UNCACHEABLE)
6276 cpu_dcache_wbinv_range(tmpva, L3_SIZE);
6288 * Create an L2 table to map all addresses within an L1 mapping.
6291 pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va)
6293 pt_entry_t *l2, newl2, oldl1;
6295 vm_paddr_t l2phys, phys;
6299 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
6300 oldl1 = pmap_load(l1);
6301 KASSERT((oldl1 & ATTR_DESCR_MASK) == L1_BLOCK,
6302 ("pmap_demote_l1: Demoting a non-block entry"));
6303 KASSERT((va & L1_OFFSET) == 0,
6304 ("pmap_demote_l1: Invalid virtual address %#lx", va));
6305 KASSERT((oldl1 & ATTR_SW_MANAGED) == 0,
6306 ("pmap_demote_l1: Level 1 table shouldn't be managed"));
6309 if (va <= (vm_offset_t)l1 && va + L1_SIZE > (vm_offset_t)l1) {
6310 tmpl1 = kva_alloc(PAGE_SIZE);
6315 if ((ml2 = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
6316 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
6317 CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx"
6318 " in pmap %p", va, pmap);
6323 l2phys = VM_PAGE_TO_PHYS(ml2);
6324 l2 = (pt_entry_t *)PHYS_TO_DMAP(l2phys);
6326 /* Address the range points at */
6327 phys = oldl1 & ~ATTR_MASK;
6328 /* The attributed from the old l1 table to be copied */
6329 newl2 = oldl1 & ATTR_MASK;
6331 /* Create the new entries */
6332 for (i = 0; i < Ln_ENTRIES; i++) {
6333 l2[i] = newl2 | phys;
6336 KASSERT(l2[0] == ((oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK),
6337 ("Invalid l2 page (%lx != %lx)", l2[0],
6338 (oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK));
6341 pmap_kenter(tmpl1, PAGE_SIZE,
6342 DMAP_TO_PHYS((vm_offset_t)l1) & ~L3_OFFSET,
6343 VM_MEMATTR_WRITE_BACK);
6344 l1 = (pt_entry_t *)(tmpl1 + ((vm_offset_t)l1 & PAGE_MASK));
6347 pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE);
6351 pmap_kremove(tmpl1);
6352 kva_free(tmpl1, PAGE_SIZE);
6359 pmap_fill_l3(pt_entry_t *firstl3, pt_entry_t newl3)
6363 for (l3 = firstl3; l3 - firstl3 < Ln_ENTRIES; l3++) {
6370 pmap_demote_l2_abort(pmap_t pmap, vm_offset_t va, pt_entry_t *l2,
6371 struct rwlock **lockp)
6373 struct spglist free;
6376 (void)pmap_remove_l2(pmap, l2, va, pmap_load(pmap_l1(pmap, va)), &free,
6378 vm_page_free_pages_toq(&free, true);
6382 * Create an L3 table to map all addresses within an L2 mapping.
6385 pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va,
6386 struct rwlock **lockp)
6388 pt_entry_t *l3, newl3, oldl2;
6393 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
6394 PMAP_ASSERT_STAGE1(pmap);
6395 KASSERT(ADDR_IS_CANONICAL(va),
6396 ("%s: Address not in canonical form: %lx", __func__, va));
6399 oldl2 = pmap_load(l2);
6400 KASSERT((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK,
6401 ("pmap_demote_l2: Demoting a non-block entry"));
6405 if (va <= (vm_offset_t)l2 && va + L2_SIZE > (vm_offset_t)l2) {
6406 tmpl2 = kva_alloc(PAGE_SIZE);
6412 * Invalidate the 2MB page mapping and return "failure" if the
6413 * mapping was never accessed.
6415 if ((oldl2 & ATTR_AF) == 0) {
6416 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
6417 ("pmap_demote_l2: a wired mapping is missing ATTR_AF"));
6418 pmap_demote_l2_abort(pmap, va, l2, lockp);
6419 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx in pmap %p",
6424 if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) {
6425 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
6426 ("pmap_demote_l2: page table page for a wired mapping"
6430 * If the page table page is missing and the mapping
6431 * is for a kernel address, the mapping must belong to
6432 * either the direct map or the early kernel memory.
6433 * Page table pages are preallocated for every other
6434 * part of the kernel address space, so the direct map
6435 * region and early kernel memory are the only parts of the
6436 * kernel address space that must be handled here.
6438 KASSERT(!ADDR_IS_KERNEL(va) || VIRT_IN_DMAP(va) ||
6439 (va >= VM_MIN_KERNEL_ADDRESS && va < kernel_vm_end),
6440 ("pmap_demote_l2: No saved mpte for va %#lx", va));
6443 * If the 2MB page mapping belongs to the direct map
6444 * region of the kernel's address space, then the page
6445 * allocation request specifies the highest possible
6446 * priority (VM_ALLOC_INTERRUPT). Otherwise, the
6447 * priority is normal.
6449 ml3 = vm_page_alloc(NULL, pmap_l2_pindex(va),
6450 (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
6451 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
6454 * If the allocation of the new page table page fails,
6455 * invalidate the 2MB page mapping and return "failure".
6458 pmap_demote_l2_abort(pmap, va, l2, lockp);
6459 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx"
6460 " in pmap %p", va, pmap);
6464 if (!ADDR_IS_KERNEL(va)) {
6465 ml3->ref_count = NL3PG;
6466 pmap_resident_count_inc(pmap, 1);
6469 l3phys = VM_PAGE_TO_PHYS(ml3);
6470 l3 = (pt_entry_t *)PHYS_TO_DMAP(l3phys);
6471 newl3 = (oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE;
6472 KASSERT((oldl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) !=
6473 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM),
6474 ("pmap_demote_l2: L2 entry is writeable but not dirty"));
6477 * If the page table page is not leftover from an earlier promotion,
6478 * or the mapping attributes have changed, (re)initialize the L3 table.
6480 * When pmap_update_entry() clears the old L2 mapping, it (indirectly)
6481 * performs a dsb(). That dsb() ensures that the stores for filling
6482 * "l3" are visible before "l3" is added to the page table.
6484 if (ml3->valid == 0 || (l3[0] & ATTR_MASK) != (newl3 & ATTR_MASK))
6485 pmap_fill_l3(l3, newl3);
6488 * Map the temporary page so we don't lose access to the l2 table.
6491 pmap_kenter(tmpl2, PAGE_SIZE,
6492 DMAP_TO_PHYS((vm_offset_t)l2) & ~L3_OFFSET,
6493 VM_MEMATTR_WRITE_BACK);
6494 l2 = (pt_entry_t *)(tmpl2 + ((vm_offset_t)l2 & PAGE_MASK));
6498 * The spare PV entries must be reserved prior to demoting the
6499 * mapping, that is, prior to changing the PDE. Otherwise, the state
6500 * of the L2 and the PV lists will be inconsistent, which can result
6501 * in reclaim_pv_chunk() attempting to remove a PV entry from the
6502 * wrong PV list and pmap_pv_demote_l2() failing to find the expected
6503 * PV entry for the 2MB page mapping that is being demoted.
6505 if ((oldl2 & ATTR_SW_MANAGED) != 0)
6506 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
6509 * Pass PAGE_SIZE so that a single TLB invalidation is performed on
6510 * the 2MB page mapping.
6512 pmap_update_entry(pmap, l2, l3phys | L2_TABLE, va, PAGE_SIZE);
6515 * Demote the PV entry.
6517 if ((oldl2 & ATTR_SW_MANAGED) != 0)
6518 pmap_pv_demote_l2(pmap, va, oldl2 & ~ATTR_MASK, lockp);
6520 atomic_add_long(&pmap_l2_demotions, 1);
6521 CTR3(KTR_PMAP, "pmap_demote_l2: success for va %#lx"
6522 " in pmap %p %lx", va, pmap, l3[0]);
6526 pmap_kremove(tmpl2);
6527 kva_free(tmpl2, PAGE_SIZE);
6535 pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
6537 struct rwlock *lock;
6541 l3 = pmap_demote_l2_locked(pmap, l2, va, &lock);
6548 * Perform the pmap work for mincore(2). If the page is not both referenced and
6549 * modified by this pmap, returns its physical address so that the caller can
6550 * find other mappings.
6553 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
6555 pt_entry_t *pte, tpte;
6556 vm_paddr_t mask, pa;
6560 PMAP_ASSERT_STAGE1(pmap);
6562 pte = pmap_pte(pmap, addr, &lvl);
6564 tpte = pmap_load(pte);
6577 panic("pmap_mincore: invalid level %d", lvl);
6580 managed = (tpte & ATTR_SW_MANAGED) != 0;
6581 val = MINCORE_INCORE;
6583 val |= MINCORE_PSIND(3 - lvl);
6584 if ((managed && pmap_pte_dirty(pmap, tpte)) || (!managed &&
6585 (tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW)))
6586 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
6587 if ((tpte & ATTR_AF) == ATTR_AF)
6588 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
6590 pa = (tpte & ~ATTR_MASK) | (addr & mask);
6596 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
6597 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
6605 * Garbage collect every ASID that is neither active on a processor nor
6609 pmap_reset_asid_set(pmap_t pmap)
6612 int asid, cpuid, epoch;
6613 struct asid_set *set;
6614 enum pmap_stage stage;
6616 set = pmap->pm_asid_set;
6617 stage = pmap->pm_stage;
6619 set = pmap->pm_asid_set;
6620 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6621 mtx_assert(&set->asid_set_mutex, MA_OWNED);
6624 * Ensure that the store to asid_epoch is globally visible before the
6625 * loads from pc_curpmap are performed.
6627 epoch = set->asid_epoch + 1;
6628 if (epoch == INT_MAX)
6630 set->asid_epoch = epoch;
6632 if (stage == PM_STAGE1) {
6633 __asm __volatile("tlbi vmalle1is");
6635 KASSERT(pmap_clean_stage2_tlbi != NULL,
6636 ("%s: Unset stage 2 tlb invalidation callback\n",
6638 pmap_clean_stage2_tlbi();
6641 bit_nclear(set->asid_set, ASID_FIRST_AVAILABLE,
6642 set->asid_set_size - 1);
6643 CPU_FOREACH(cpuid) {
6644 if (cpuid == curcpu)
6646 if (stage == PM_STAGE1) {
6647 curpmap = pcpu_find(cpuid)->pc_curpmap;
6648 PMAP_ASSERT_STAGE1(pmap);
6650 curpmap = pcpu_find(cpuid)->pc_curvmpmap;
6651 if (curpmap == NULL)
6653 PMAP_ASSERT_STAGE2(pmap);
6655 KASSERT(curpmap->pm_asid_set == set, ("Incorrect set"));
6656 asid = COOKIE_TO_ASID(curpmap->pm_cookie);
6659 bit_set(set->asid_set, asid);
6660 curpmap->pm_cookie = COOKIE_FROM(asid, epoch);
6665 * Allocate a new ASID for the specified pmap.
6668 pmap_alloc_asid(pmap_t pmap)
6670 struct asid_set *set;
6673 set = pmap->pm_asid_set;
6674 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6676 mtx_lock_spin(&set->asid_set_mutex);
6679 * While this processor was waiting to acquire the asid set mutex,
6680 * pmap_reset_asid_set() running on another processor might have
6681 * updated this pmap's cookie to the current epoch. In which case, we
6682 * don't need to allocate a new ASID.
6684 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch)
6687 bit_ffc_at(set->asid_set, set->asid_next, set->asid_set_size,
6689 if (new_asid == -1) {
6690 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6691 set->asid_next, &new_asid);
6692 if (new_asid == -1) {
6693 pmap_reset_asid_set(pmap);
6694 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6695 set->asid_set_size, &new_asid);
6696 KASSERT(new_asid != -1, ("ASID allocation failure"));
6699 bit_set(set->asid_set, new_asid);
6700 set->asid_next = new_asid + 1;
6701 pmap->pm_cookie = COOKIE_FROM(new_asid, set->asid_epoch);
6703 mtx_unlock_spin(&set->asid_set_mutex);
6707 * Compute the value that should be stored in ttbr0 to activate the specified
6708 * pmap. This value may change from time to time.
6711 pmap_to_ttbr0(pmap_t pmap)
6714 return (ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) |
6719 pmap_activate_int(pmap_t pmap)
6721 struct asid_set *set;
6724 KASSERT(PCPU_GET(curpmap) != NULL, ("no active pmap"));
6725 KASSERT(pmap != kernel_pmap, ("kernel pmap activation"));
6727 if ((pmap->pm_stage == PM_STAGE1 && pmap == PCPU_GET(curpmap)) ||
6728 (pmap->pm_stage == PM_STAGE2 && pmap == PCPU_GET(curvmpmap))) {
6730 * Handle the possibility that the old thread was preempted
6731 * after an "ic" or "tlbi" instruction but before it performed
6732 * a "dsb" instruction. If the old thread migrates to a new
6733 * processor, its completion of a "dsb" instruction on that
6734 * new processor does not guarantee that the "ic" or "tlbi"
6735 * instructions performed on the old processor have completed.
6741 set = pmap->pm_asid_set;
6742 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6745 * Ensure that the store to curpmap is globally visible before the
6746 * load from asid_epoch is performed.
6748 if (pmap->pm_stage == PM_STAGE1)
6749 PCPU_SET(curpmap, pmap);
6751 PCPU_SET(curvmpmap, pmap);
6753 epoch = COOKIE_TO_EPOCH(pmap->pm_cookie);
6754 if (epoch >= 0 && epoch != set->asid_epoch)
6755 pmap_alloc_asid(pmap);
6757 if (pmap->pm_stage == PM_STAGE1) {
6758 set_ttbr0(pmap_to_ttbr0(pmap));
6759 if (PCPU_GET(bcast_tlbi_workaround) != 0)
6760 invalidate_local_icache();
6766 pmap_activate_vm(pmap_t pmap)
6769 PMAP_ASSERT_STAGE2(pmap);
6771 (void)pmap_activate_int(pmap);
6775 pmap_activate(struct thread *td)
6779 pmap = vmspace_pmap(td->td_proc->p_vmspace);
6780 PMAP_ASSERT_STAGE1(pmap);
6782 (void)pmap_activate_int(pmap);
6787 * To eliminate the unused parameter "old", we would have to add an instruction
6791 pmap_switch(struct thread *old __unused, struct thread *new)
6793 pcpu_bp_harden bp_harden;
6796 /* Store the new curthread */
6797 PCPU_SET(curthread, new);
6799 /* And the new pcb */
6801 PCPU_SET(curpcb, pcb);
6804 * TODO: We may need to flush the cache here if switching
6805 * to a user process.
6808 if (pmap_activate_int(vmspace_pmap(new->td_proc->p_vmspace))) {
6810 * Stop userspace from training the branch predictor against
6811 * other processes. This will call into a CPU specific
6812 * function that clears the branch predictor state.
6814 bp_harden = PCPU_GET(bp_harden);
6815 if (bp_harden != NULL)
6823 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
6826 PMAP_ASSERT_STAGE1(pmap);
6827 KASSERT(ADDR_IS_CANONICAL(va),
6828 ("%s: Address not in canonical form: %lx", __func__, va));
6830 if (ADDR_IS_KERNEL(va)) {
6831 cpu_icache_sync_range(va, sz);
6836 /* Find the length of data in this page to flush */
6837 offset = va & PAGE_MASK;
6838 len = imin(PAGE_SIZE - offset, sz);
6841 /* Extract the physical address & find it in the DMAP */
6842 pa = pmap_extract(pmap, va);
6844 cpu_icache_sync_range(PHYS_TO_DMAP(pa), len);
6846 /* Move to the next page */
6849 /* Set the length for the next iteration */
6850 len = imin(PAGE_SIZE, sz);
6856 pmap_stage2_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6859 pt_entry_t *ptep, pte;
6862 PMAP_ASSERT_STAGE2(pmap);
6865 /* Data and insn aborts use same encoding for FSC field. */
6866 dfsc = esr & ISS_DATA_DFSC_MASK;
6868 case ISS_DATA_DFSC_TF_L0:
6869 case ISS_DATA_DFSC_TF_L1:
6870 case ISS_DATA_DFSC_TF_L2:
6871 case ISS_DATA_DFSC_TF_L3:
6873 pdep = pmap_pde(pmap, far, &lvl);
6874 if (pdep == NULL || lvl != (dfsc - ISS_DATA_DFSC_TF_L1)) {
6881 ptep = pmap_l0_to_l1(pdep, far);
6884 ptep = pmap_l1_to_l2(pdep, far);
6887 ptep = pmap_l2_to_l3(pdep, far);
6890 panic("%s: Invalid pde level %d", __func__,lvl);
6894 case ISS_DATA_DFSC_AFF_L1:
6895 case ISS_DATA_DFSC_AFF_L2:
6896 case ISS_DATA_DFSC_AFF_L3:
6898 ptep = pmap_pte(pmap, far, &lvl);
6900 if (ptep != NULL && (pte = pmap_load(ptep)) != 0) {
6902 pmap_invalidate_vpipt_icache();
6905 * If accessing an executable page invalidate
6906 * the I-cache so it will be valid when we
6907 * continue execution in the guest. The D-cache
6908 * is assumed to already be clean to the Point
6911 if ((pte & ATTR_S2_XN_MASK) !=
6912 ATTR_S2_XN(ATTR_S2_XN_NONE)) {
6913 invalidate_icache();
6916 pmap_set_bits(ptep, ATTR_AF | ATTR_DESCR_VALID);
6927 pmap_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6929 pt_entry_t pte, *ptep;
6936 ec = ESR_ELx_EXCEPTION(esr);
6938 case EXCP_INSN_ABORT_L:
6939 case EXCP_INSN_ABORT:
6940 case EXCP_DATA_ABORT_L:
6941 case EXCP_DATA_ABORT:
6947 if (pmap->pm_stage == PM_STAGE2)
6948 return (pmap_stage2_fault(pmap, esr, far));
6950 /* Data and insn aborts use same encoding for FSC field. */
6951 switch (esr & ISS_DATA_DFSC_MASK) {
6952 case ISS_DATA_DFSC_AFF_L1:
6953 case ISS_DATA_DFSC_AFF_L2:
6954 case ISS_DATA_DFSC_AFF_L3:
6956 ptep = pmap_pte(pmap, far, &lvl);
6958 pmap_set_bits(ptep, ATTR_AF);
6961 * XXXMJ as an optimization we could mark the entry
6962 * dirty if this is a write fault.
6967 case ISS_DATA_DFSC_PF_L1:
6968 case ISS_DATA_DFSC_PF_L2:
6969 case ISS_DATA_DFSC_PF_L3:
6970 if ((ec != EXCP_DATA_ABORT_L && ec != EXCP_DATA_ABORT) ||
6971 (esr & ISS_DATA_WnR) == 0)
6974 ptep = pmap_pte(pmap, far, &lvl);
6976 ((pte = pmap_load(ptep)) & ATTR_SW_DBM) != 0) {
6977 if ((pte & ATTR_S1_AP_RW_BIT) ==
6978 ATTR_S1_AP(ATTR_S1_AP_RO)) {
6979 pmap_clear_bits(ptep, ATTR_S1_AP_RW_BIT);
6980 pmap_invalidate_page(pmap, far);
6986 case ISS_DATA_DFSC_TF_L0:
6987 case ISS_DATA_DFSC_TF_L1:
6988 case ISS_DATA_DFSC_TF_L2:
6989 case ISS_DATA_DFSC_TF_L3:
6991 * Retry the translation. A break-before-make sequence can
6992 * produce a transient fault.
6994 if (pmap == kernel_pmap) {
6996 * The translation fault may have occurred within a
6997 * critical section. Therefore, we must check the
6998 * address without acquiring the kernel pmap's lock.
7000 if (pmap_klookup(far, NULL))
7004 /* Ask the MMU to check the address. */
7005 intr = intr_disable();
7006 par = arm64_address_translate_s1e0r(far);
7011 * If the translation was successful, then we can
7012 * return success to the trap handler.
7014 if (PAR_SUCCESS(par))
7024 * Increase the starting virtual address of the given mapping if a
7025 * different alignment might result in more superpage mappings.
7028 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
7029 vm_offset_t *addr, vm_size_t size)
7031 vm_offset_t superpage_offset;
7035 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
7036 offset += ptoa(object->pg_color);
7037 superpage_offset = offset & L2_OFFSET;
7038 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
7039 (*addr & L2_OFFSET) == superpage_offset)
7041 if ((*addr & L2_OFFSET) < superpage_offset)
7042 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
7044 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
7048 * Get the kernel virtual address of a set of physical pages. If there are
7049 * physical addresses not covered by the DMAP perform a transient mapping
7050 * that will be removed when calling pmap_unmap_io_transient.
7052 * \param page The pages the caller wishes to obtain the virtual
7053 * address on the kernel memory map.
7054 * \param vaddr On return contains the kernel virtual memory address
7055 * of the pages passed in the page parameter.
7056 * \param count Number of pages passed in.
7057 * \param can_fault TRUE if the thread using the mapped pages can take
7058 * page faults, FALSE otherwise.
7060 * \returns TRUE if the caller must call pmap_unmap_io_transient when
7061 * finished or FALSE otherwise.
7065 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
7066 boolean_t can_fault)
7069 boolean_t needs_mapping;
7073 * Allocate any KVA space that we need, this is done in a separate
7074 * loop to prevent calling vmem_alloc while pinned.
7076 needs_mapping = FALSE;
7077 for (i = 0; i < count; i++) {
7078 paddr = VM_PAGE_TO_PHYS(page[i]);
7079 if (__predict_false(!PHYS_IN_DMAP(paddr))) {
7080 error = vmem_alloc(kernel_arena, PAGE_SIZE,
7081 M_BESTFIT | M_WAITOK, &vaddr[i]);
7082 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
7083 needs_mapping = TRUE;
7085 vaddr[i] = PHYS_TO_DMAP(paddr);
7089 /* Exit early if everything is covered by the DMAP */
7095 for (i = 0; i < count; i++) {
7096 paddr = VM_PAGE_TO_PHYS(page[i]);
7097 if (!PHYS_IN_DMAP(paddr)) {
7099 "pmap_map_io_transient: TODO: Map out of DMAP data");
7103 return (needs_mapping);
7107 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
7108 boolean_t can_fault)
7115 for (i = 0; i < count; i++) {
7116 paddr = VM_PAGE_TO_PHYS(page[i]);
7117 if (!PHYS_IN_DMAP(paddr)) {
7118 panic("ARM64TODO: pmap_unmap_io_transient: Unmap data");
7124 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
7127 return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_THROUGH);
7131 * Track a range of the kernel's virtual address space that is contiguous
7132 * in various mapping attributes.
7134 struct pmap_kernel_map_range {
7144 sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range,
7150 if (eva <= range->sva)
7153 index = range->attrs & ATTR_S1_IDX_MASK;
7155 case ATTR_S1_IDX(VM_MEMATTR_DEVICE):
7158 case ATTR_S1_IDX(VM_MEMATTR_UNCACHEABLE):
7161 case ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK):
7164 case ATTR_S1_IDX(VM_MEMATTR_WRITE_THROUGH):
7169 "%s: unknown memory type %x for range 0x%016lx-0x%016lx\n",
7170 __func__, index, range->sva, eva);
7175 sbuf_printf(sb, "0x%016lx-0x%016lx r%c%c%c %3s %d %d %d %d\n",
7177 (range->attrs & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP_RW ? 'w' : '-',
7178 (range->attrs & ATTR_S1_PXN) != 0 ? '-' : 'x',
7179 (range->attrs & ATTR_S1_AP_USER) != 0 ? 'u' : 's',
7180 mode, range->l1blocks, range->l2blocks, range->l3contig,
7183 /* Reset to sentinel value. */
7184 range->sva = 0xfffffffffffffffful;
7188 * Determine whether the attributes specified by a page table entry match those
7189 * being tracked by the current range.
7192 sysctl_kmaps_match(struct pmap_kernel_map_range *range, pt_entry_t attrs)
7195 return (range->attrs == attrs);
7199 sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va,
7203 memset(range, 0, sizeof(*range));
7205 range->attrs = attrs;
7209 * Given a leaf PTE, derive the mapping's attributes. If they do not match
7210 * those of the current run, dump the address range and its attributes, and
7214 sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range,
7215 vm_offset_t va, pd_entry_t l0e, pd_entry_t l1e, pd_entry_t l2e,
7220 attrs = l0e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
7221 attrs |= l1e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
7222 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK)
7223 attrs |= l1e & ATTR_S1_IDX_MASK;
7224 attrs |= l2e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
7225 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK)
7226 attrs |= l2e & ATTR_S1_IDX_MASK;
7227 attrs |= l3e & (ATTR_S1_AP_MASK | ATTR_S1_XN | ATTR_S1_IDX_MASK);
7229 if (range->sva > va || !sysctl_kmaps_match(range, attrs)) {
7230 sysctl_kmaps_dump(sb, range, va);
7231 sysctl_kmaps_reinit(range, va, attrs);
7236 sysctl_kmaps(SYSCTL_HANDLER_ARGS)
7238 struct pmap_kernel_map_range range;
7239 struct sbuf sbuf, *sb;
7240 pd_entry_t l0e, *l1, l1e, *l2, l2e;
7241 pt_entry_t *l3, l3e;
7244 int error, i, j, k, l;
7246 error = sysctl_wire_old_buffer(req, 0);
7250 sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req);
7252 /* Sentinel value. */
7253 range.sva = 0xfffffffffffffffful;
7256 * Iterate over the kernel page tables without holding the kernel pmap
7257 * lock. Kernel page table pages are never freed, so at worst we will
7258 * observe inconsistencies in the output.
7260 for (sva = 0xffff000000000000ul, i = pmap_l0_index(sva); i < Ln_ENTRIES;
7262 if (i == pmap_l0_index(DMAP_MIN_ADDRESS))
7263 sbuf_printf(sb, "\nDirect map:\n");
7264 else if (i == pmap_l0_index(VM_MIN_KERNEL_ADDRESS))
7265 sbuf_printf(sb, "\nKernel map:\n");
7267 l0e = kernel_pmap->pm_l0[i];
7268 if ((l0e & ATTR_DESCR_VALID) == 0) {
7269 sysctl_kmaps_dump(sb, &range, sva);
7273 pa = l0e & ~ATTR_MASK;
7274 l1 = (pd_entry_t *)PHYS_TO_DMAP(pa);
7276 for (j = pmap_l1_index(sva); j < Ln_ENTRIES; j++) {
7278 if ((l1e & ATTR_DESCR_VALID) == 0) {
7279 sysctl_kmaps_dump(sb, &range, sva);
7283 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK) {
7284 sysctl_kmaps_check(sb, &range, sva, l0e, l1e,
7290 pa = l1e & ~ATTR_MASK;
7291 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa);
7293 for (k = pmap_l2_index(sva); k < Ln_ENTRIES; k++) {
7295 if ((l2e & ATTR_DESCR_VALID) == 0) {
7296 sysctl_kmaps_dump(sb, &range, sva);
7300 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK) {
7301 sysctl_kmaps_check(sb, &range, sva,
7307 pa = l2e & ~ATTR_MASK;
7308 l3 = (pt_entry_t *)PHYS_TO_DMAP(pa);
7310 for (l = pmap_l3_index(sva); l < Ln_ENTRIES;
7311 l++, sva += L3_SIZE) {
7313 if ((l3e & ATTR_DESCR_VALID) == 0) {
7314 sysctl_kmaps_dump(sb, &range,
7318 sysctl_kmaps_check(sb, &range, sva,
7319 l0e, l1e, l2e, l3e);
7320 if ((l3e & ATTR_CONTIGUOUS) != 0)
7321 range.l3contig += l % 16 == 0 ?
7330 error = sbuf_finish(sb);
7334 SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
7335 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_SKIP,
7336 NULL, 0, sysctl_kmaps, "A",
7337 "Dump kernel address layout");
projects / FreeBSD / FreeBSD.git / blob