2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * This code is derived from software contributed to Berkeley by
12 * the Systems Programming Group of the University of Utah Computer
13 * Science Department and William Jolitz of UUNET Technologies Inc.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. All advertising materials mentioning features or use of this software
24 * must display the following acknowledgement:
25 * This product includes software developed by the University of
26 * California, Berkeley and its contributors.
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
46 * Copyright (c) 2003 Networks Associates Technology, Inc.
47 * All rights reserved.
49 * This software was developed for the FreeBSD Project by Jake Burkholder,
50 * Safeport Network Services, and Network Associates Laboratories, the
51 * Security Research Division of Network Associates, Inc. under
52 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
53 * CHATS research program.
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
58 * 1. Redistributions of source code must retain the above copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
64 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
65 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
66 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
67 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
68 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
69 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
70 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
71 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
72 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
73 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
77 #include <sys/cdefs.h>
78 __FBSDID("$FreeBSD$");
81 * Manages physical address maps.
83 * Since the information managed by this module is
84 * also stored by the logical address mapping module,
85 * this module may throw away valid virtual-to-physical
86 * mappings at almost any time. However, invalidations
87 * of virtual-to-physical mappings must be done as
90 * In order to cope with hardware architectures which
91 * make virtual-to-physical map invalidates expensive,
92 * this module may delay invalidate or reduced protection
93 * operations until such time as they are actually
94 * necessary. This module is given full information as
95 * to which processors are currently using which maps,
96 * and to when physical maps must be made correct.
101 #include "opt_pmap.h"
103 #include "opt_xbox.h"
105 #include <sys/param.h>
106 #include <sys/systm.h>
107 #include <sys/kernel.h>
109 #include <sys/lock.h>
110 #include <sys/malloc.h>
111 #include <sys/mman.h>
112 #include <sys/msgbuf.h>
113 #include <sys/mutex.h>
114 #include <sys/proc.h>
115 #include <sys/rwlock.h>
116 #include <sys/sf_buf.h>
118 #include <sys/vmmeter.h>
119 #include <sys/sched.h>
120 #include <sys/sysctl.h>
124 #include <sys/cpuset.h>
128 #include <vm/vm_param.h>
129 #include <vm/vm_kern.h>
130 #include <vm/vm_page.h>
131 #include <vm/vm_map.h>
132 #include <vm/vm_object.h>
133 #include <vm/vm_extern.h>
134 #include <vm/vm_pageout.h>
135 #include <vm/vm_pager.h>
136 #include <vm/vm_radix.h>
137 #include <vm/vm_reserv.h>
142 #include <machine/intr_machdep.h>
143 #include <machine/apicvar.h>
145 #include <machine/cpu.h>
146 #include <machine/cputypes.h>
147 #include <machine/md_var.h>
148 #include <machine/pcb.h>
149 #include <machine/specialreg.h>
151 #include <machine/smp.h>
155 #include <machine/xbox.h>
158 #if !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
159 #define CPU_ENABLE_SSE
162 #ifndef PMAP_SHPGPERPROC
163 #define PMAP_SHPGPERPROC 200
166 #if !defined(DIAGNOSTIC)
167 #ifdef __GNUC_GNU_INLINE__
168 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
170 #define PMAP_INLINE extern inline
177 #define PV_STAT(x) do { x ; } while (0)
179 #define PV_STAT(x) do { } while (0)
182 #define pa_index(pa) ((pa) >> PDRSHIFT)
183 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
186 * Get PDEs and PTEs for user/kernel address space
188 #define pmap_pde(m, v) (&((m)->pm_pdir[(vm_offset_t)(v) >> PDRSHIFT]))
189 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
191 #define pmap_pde_v(pte) ((*(int *)pte & PG_V) != 0)
192 #define pmap_pte_w(pte) ((*(int *)pte & PG_W) != 0)
193 #define pmap_pte_m(pte) ((*(int *)pte & PG_M) != 0)
194 #define pmap_pte_u(pte) ((*(int *)pte & PG_A) != 0)
195 #define pmap_pte_v(pte) ((*(int *)pte & PG_V) != 0)
197 #define pmap_pte_set_w(pte, v) ((v) ? atomic_set_int((u_int *)(pte), PG_W) : \
198 atomic_clear_int((u_int *)(pte), PG_W))
199 #define pmap_pte_set_prot(pte, v) ((*(int *)pte &= ~PG_PROT), (*(int *)pte |= (v)))
201 struct pmap kernel_pmap_store;
202 LIST_HEAD(pmaplist, pmap);
203 static struct pmaplist allpmaps;
204 static struct mtx allpmaps_lock;
206 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
207 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
208 int pgeflag = 0; /* PG_G or-in */
209 int pseflag = 0; /* PG_PS or-in */
211 static int nkpt = NKPT;
212 vm_offset_t kernel_vm_end = KERNBASE + NKPT * NBPDR;
213 extern u_int32_t KERNend;
214 extern u_int32_t KPTphys;
218 static uma_zone_t pdptzone;
221 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
223 static int pat_works = 1;
224 SYSCTL_INT(_vm_pmap, OID_AUTO, pat_works, CTLFLAG_RD, &pat_works, 1,
225 "Is page attribute table fully functional?");
227 static int pg_ps_enabled = 1;
228 SYSCTL_INT(_vm_pmap, OID_AUTO, pg_ps_enabled, CTLFLAG_RDTUN, &pg_ps_enabled, 0,
229 "Are large page mappings enabled?");
231 #define PAT_INDEX_SIZE 8
232 static int pat_index[PAT_INDEX_SIZE]; /* cache mode to PAT index conversion */
234 static struct rwlock_padalign pvh_global_lock;
237 * Data for the pv entry allocation mechanism
239 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
240 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
241 static struct md_page *pv_table;
242 static int shpgperproc = PMAP_SHPGPERPROC;
244 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
245 int pv_maxchunks; /* How many chunks we have KVA for */
246 vm_offset_t pv_vafree; /* freelist stored in the PTE */
249 * All those kernel PT submaps that BSD is so fond of
258 static struct sysmaps sysmaps_pcpu[MAXCPU];
259 pt_entry_t *CMAP1 = 0;
260 static pt_entry_t *CMAP3;
261 static pd_entry_t *KPTD;
262 caddr_t CADDR1 = 0, ptvmmap = 0;
263 static caddr_t CADDR3;
264 struct msgbuf *msgbufp = 0;
269 static caddr_t crashdumpmap;
271 static pt_entry_t *PMAP1 = 0, *PMAP2;
272 static pt_entry_t *PADDR1 = 0, *PADDR2;
275 static int PMAP1changedcpu;
276 SYSCTL_INT(_debug, OID_AUTO, PMAP1changedcpu, CTLFLAG_RD,
278 "Number of times pmap_pte_quick changed CPU with same PMAP1");
280 static int PMAP1changed;
281 SYSCTL_INT(_debug, OID_AUTO, PMAP1changed, CTLFLAG_RD,
283 "Number of times pmap_pte_quick changed PMAP1");
284 static int PMAP1unchanged;
285 SYSCTL_INT(_debug, OID_AUTO, PMAP1unchanged, CTLFLAG_RD,
287 "Number of times pmap_pte_quick didn't change PMAP1");
288 static struct mtx PMAP2mutex;
290 static void free_pv_chunk(struct pv_chunk *pc);
291 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
292 static pv_entry_t get_pv_entry(pmap_t pmap, boolean_t try);
293 static void pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
294 static boolean_t pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
295 static void pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
296 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
297 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
299 static int pmap_pvh_wired_mappings(struct md_page *pvh, int count);
301 static boolean_t pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va);
302 static boolean_t pmap_enter_pde(pmap_t pmap, vm_offset_t va, vm_page_t m,
304 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
305 vm_page_t m, vm_prot_t prot, vm_page_t mpte);
306 static void pmap_flush_page(vm_page_t m);
307 static int pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte);
308 static void pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte);
309 static boolean_t pmap_is_modified_pvh(struct md_page *pvh);
310 static boolean_t pmap_is_referenced_pvh(struct md_page *pvh);
311 static void pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode);
312 static void pmap_kenter_pde(vm_offset_t va, pd_entry_t newpde);
313 static vm_page_t pmap_lookup_pt_page(pmap_t pmap, vm_offset_t va);
314 static void pmap_pde_attr(pd_entry_t *pde, int cache_bits);
315 static void pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va);
316 static boolean_t pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva,
318 static void pmap_pte_attr(pt_entry_t *pte, int cache_bits);
319 static void pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
320 struct spglist *free);
321 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
322 struct spglist *free);
323 static void pmap_remove_pt_page(pmap_t pmap, vm_page_t mpte);
324 static void pmap_remove_page(struct pmap *pmap, vm_offset_t va,
325 struct spglist *free);
326 static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
328 static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);
329 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
331 static void pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
333 static void pmap_update_pde_invalidate(vm_offset_t va, pd_entry_t newpde);
335 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);
337 static vm_page_t _pmap_allocpte(pmap_t pmap, u_int ptepindex, int flags);
338 static void _pmap_unwire_ptp(pmap_t pmap, vm_page_t m, struct spglist *free);
339 static pt_entry_t *pmap_pte_quick(pmap_t pmap, vm_offset_t va);
340 static void pmap_pte_release(pt_entry_t *pte);
341 static int pmap_unuse_pt(pmap_t, vm_offset_t, struct spglist *);
343 static void *pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait);
345 static void pmap_set_pg(void);
347 static __inline void pagezero(void *page);
349 CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
350 CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));
353 * If you get an error here, then you set KVA_PAGES wrong! See the
354 * description of KVA_PAGES in sys/i386/include/pmap.h. It must be
355 * multiple of 4 for a normal kernel, or a multiple of 8 for a PAE.
357 CTASSERT(KERNBASE % (1 << 24) == 0);
360 * Bootstrap the system enough to run with virtual memory.
362 * On the i386 this is called after mapping has already been enabled
363 * and just syncs the pmap module with what has already been done.
364 * [We can't call it easily with mapping off since the kernel is not
365 * mapped with PA == VA, hence we would have to relocate every address
366 * from the linked base (virtual) address "KERNBASE" to the actual
367 * (physical) address starting relative to 0]
370 pmap_bootstrap(vm_paddr_t firstaddr)
373 pt_entry_t *pte, *unused;
374 struct sysmaps *sysmaps;
378 * Initialize the first available kernel virtual address. However,
379 * using "firstaddr" may waste a few pages of the kernel virtual
380 * address space, because locore may not have mapped every physical
381 * page that it allocated. Preferably, locore would provide a first
382 * unused virtual address in addition to "firstaddr".
384 virtual_avail = (vm_offset_t) KERNBASE + firstaddr;
386 virtual_end = VM_MAX_KERNEL_ADDRESS;
389 * Initialize the kernel pmap (which is statically allocated).
391 PMAP_LOCK_INIT(kernel_pmap);
392 kernel_pmap->pm_pdir = (pd_entry_t *) (KERNBASE + (u_int)IdlePTD);
394 kernel_pmap->pm_pdpt = (pdpt_entry_t *) (KERNBASE + (u_int)IdlePDPT);
396 CPU_FILL(&kernel_pmap->pm_active); /* don't allow deactivation */
397 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
400 * Initialize the global pv list lock.
402 rw_init(&pvh_global_lock, "pmap pv global");
404 LIST_INIT(&allpmaps);
407 * Request a spin mutex so that changes to allpmaps cannot be
408 * preempted by smp_rendezvous_cpus(). Otherwise,
409 * pmap_update_pde_kernel() could access allpmaps while it is
412 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_SPIN);
413 mtx_lock_spin(&allpmaps_lock);
414 LIST_INSERT_HEAD(&allpmaps, kernel_pmap, pm_list);
415 mtx_unlock_spin(&allpmaps_lock);
418 * Reserve some special page table entries/VA space for temporary
421 #define SYSMAP(c, p, v, n) \
422 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
428 * CMAP1/CMAP2 are used for zeroing and copying pages.
429 * CMAP3 is used for the idle process page zeroing.
431 for (i = 0; i < MAXCPU; i++) {
432 sysmaps = &sysmaps_pcpu[i];
433 mtx_init(&sysmaps->lock, "SYSMAPS", NULL, MTX_DEF);
434 SYSMAP(caddr_t, sysmaps->CMAP1, sysmaps->CADDR1, 1)
435 SYSMAP(caddr_t, sysmaps->CMAP2, sysmaps->CADDR2, 1)
437 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
438 SYSMAP(caddr_t, CMAP3, CADDR3, 1)
443 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)
446 * ptvmmap is used for reading arbitrary physical pages via /dev/mem.
448 SYSMAP(caddr_t, unused, ptvmmap, 1)
451 * msgbufp is used to map the system message buffer.
453 SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(msgbufsize)))
456 * KPTmap is used by pmap_kextract().
458 * KPTmap is first initialized by locore. However, that initial
459 * KPTmap can only support NKPT page table pages. Here, a larger
460 * KPTmap is created that can support KVA_PAGES page table pages.
462 SYSMAP(pt_entry_t *, KPTD, KPTmap, KVA_PAGES)
464 for (i = 0; i < NKPT; i++)
465 KPTD[i] = (KPTphys + (i << PAGE_SHIFT)) | pgeflag | PG_RW | PG_V;
468 * Adjust the start of the KPTD and KPTmap so that the implementation
469 * of pmap_kextract() and pmap_growkernel() can be made simpler.
472 KPTmap -= i386_btop(KPTDI << PDRSHIFT);
475 * PADDR1 and PADDR2 are used by pmap_pte_quick() and pmap_pte(),
478 SYSMAP(pt_entry_t *, PMAP1, PADDR1, 1)
479 SYSMAP(pt_entry_t *, PMAP2, PADDR2, 1)
481 mtx_init(&PMAP2mutex, "PMAP2", NULL, MTX_DEF);
486 * Leave in place an identity mapping (virt == phys) for the low 1 MB
487 * physical memory region that is used by the ACPI wakeup code. This
488 * mapping must not have PG_G set.
491 /* FIXME: This is gross, but needed for the XBOX. Since we are in such
492 * an early stadium, we cannot yet neatly map video memory ... :-(
493 * Better fixes are very welcome! */
494 if (!arch_i386_is_xbox)
496 for (i = 1; i < NKPT; i++)
499 /* Initialize the PAT MSR if present. */
502 /* Turn on PG_G on kernel page(s) */
512 int pat_table[PAT_INDEX_SIZE];
517 /* Set default PAT index table. */
518 for (i = 0; i < PAT_INDEX_SIZE; i++)
520 pat_table[PAT_WRITE_BACK] = 0;
521 pat_table[PAT_WRITE_THROUGH] = 1;
522 pat_table[PAT_UNCACHEABLE] = 3;
523 pat_table[PAT_WRITE_COMBINING] = 3;
524 pat_table[PAT_WRITE_PROTECTED] = 3;
525 pat_table[PAT_UNCACHED] = 3;
527 /* Bail if this CPU doesn't implement PAT. */
528 if ((cpu_feature & CPUID_PAT) == 0) {
529 for (i = 0; i < PAT_INDEX_SIZE; i++)
530 pat_index[i] = pat_table[i];
536 * Due to some Intel errata, we can only safely use the lower 4
539 * Intel Pentium III Processor Specification Update
540 * Errata E.27 (Upper Four PAT Entries Not Usable With Mode B
543 * Intel Pentium IV Processor Specification Update
544 * Errata N46 (PAT Index MSB May Be Calculated Incorrectly)
546 if (cpu_vendor_id == CPU_VENDOR_INTEL &&
547 !(CPUID_TO_FAMILY(cpu_id) == 6 && CPUID_TO_MODEL(cpu_id) >= 0xe))
550 /* Initialize default PAT entries. */
551 pat_msr = PAT_VALUE(0, PAT_WRITE_BACK) |
552 PAT_VALUE(1, PAT_WRITE_THROUGH) |
553 PAT_VALUE(2, PAT_UNCACHED) |
554 PAT_VALUE(3, PAT_UNCACHEABLE) |
555 PAT_VALUE(4, PAT_WRITE_BACK) |
556 PAT_VALUE(5, PAT_WRITE_THROUGH) |
557 PAT_VALUE(6, PAT_UNCACHED) |
558 PAT_VALUE(7, PAT_UNCACHEABLE);
562 * Leave the indices 0-3 at the default of WB, WT, UC-, and UC.
563 * Program 5 and 6 as WP and WC.
564 * Leave 4 and 7 as WB and UC.
566 pat_msr &= ~(PAT_MASK(5) | PAT_MASK(6));
567 pat_msr |= PAT_VALUE(5, PAT_WRITE_PROTECTED) |
568 PAT_VALUE(6, PAT_WRITE_COMBINING);
569 pat_table[PAT_UNCACHED] = 2;
570 pat_table[PAT_WRITE_PROTECTED] = 5;
571 pat_table[PAT_WRITE_COMBINING] = 6;
574 * Just replace PAT Index 2 with WC instead of UC-.
576 pat_msr &= ~PAT_MASK(2);
577 pat_msr |= PAT_VALUE(2, PAT_WRITE_COMBINING);
578 pat_table[PAT_WRITE_COMBINING] = 2;
583 load_cr4(cr4 & ~CR4_PGE);
585 /* Disable caches (CD = 1, NW = 0). */
587 load_cr0((cr0 & ~CR0_NW) | CR0_CD);
589 /* Flushes caches and TLBs. */
593 /* Update PAT and index table. */
594 wrmsr(MSR_PAT, pat_msr);
595 for (i = 0; i < PAT_INDEX_SIZE; i++)
596 pat_index[i] = pat_table[i];
598 /* Flush caches and TLBs again. */
602 /* Restore caches and PGE. */
608 * Set PG_G on kernel pages. Only the BSP calls this when SMP is turned on.
614 vm_offset_t va, endva;
619 endva = KERNBASE + KERNend;
622 va = KERNBASE + KERNLOAD;
624 pdir_pde(PTD, va) |= pgeflag;
625 invltlb(); /* Play it safe, invltlb() every time */
629 va = (vm_offset_t)btext;
634 invltlb(); /* Play it safe, invltlb() every time */
641 * Initialize a vm_page's machine-dependent fields.
644 pmap_page_init(vm_page_t m)
647 TAILQ_INIT(&m->md.pv_list);
648 m->md.pat_mode = PAT_WRITE_BACK;
653 pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
656 /* Inform UMA that this allocator uses kernel_map/object. */
657 *flags = UMA_SLAB_KERNEL;
658 return ((void *)kmem_alloc_contig(kernel_arena, bytes, wait, 0x0ULL,
659 0xffffffffULL, 1, 0, VM_MEMATTR_DEFAULT));
664 * ABuse the pte nodes for unmapped kva to thread a kva freelist through.
666 * - Must deal with pages in order to ensure that none of the PG_* bits
667 * are ever set, PG_V in particular.
668 * - Assumes we can write to ptes without pte_store() atomic ops, even
669 * on PAE systems. This should be ok.
670 * - Assumes nothing will ever test these addresses for 0 to indicate
671 * no mapping instead of correctly checking PG_V.
672 * - Assumes a vm_offset_t will fit in a pte (true for i386).
673 * Because PG_V is never set, there can be no mappings to invalidate.
676 pmap_ptelist_alloc(vm_offset_t *head)
683 panic("pmap_ptelist_alloc: exhausted ptelist KVA");
687 panic("pmap_ptelist_alloc: va with PG_V set!");
693 pmap_ptelist_free(vm_offset_t *head, vm_offset_t va)
698 panic("pmap_ptelist_free: freeing va with PG_V set!");
700 *pte = *head; /* virtual! PG_V is 0 though */
705 pmap_ptelist_init(vm_offset_t *head, void *base, int npages)
711 for (i = npages - 1; i >= 0; i--) {
712 va = (vm_offset_t)base + i * PAGE_SIZE;
713 pmap_ptelist_free(head, va);
719 * Initialize the pmap module.
720 * Called by vm_init, to initialize any structures that the pmap
721 * system needs to map virtual memory.
731 * Initialize the vm page array entries for the kernel pmap's
734 for (i = 0; i < NKPT; i++) {
735 mpte = PHYS_TO_VM_PAGE(KPTphys + (i << PAGE_SHIFT));
736 KASSERT(mpte >= vm_page_array &&
737 mpte < &vm_page_array[vm_page_array_size],
738 ("pmap_init: page table page is out of range"));
739 mpte->pindex = i + KPTDI;
740 mpte->phys_addr = KPTphys + (i << PAGE_SHIFT);
744 * Initialize the address space (zone) for the pv entries. Set a
745 * high water mark so that the system can recover from excessive
746 * numbers of pv entries.
748 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
749 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
750 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
751 pv_entry_max = roundup(pv_entry_max, _NPCPV);
752 pv_entry_high_water = 9 * (pv_entry_max / 10);
755 * If the kernel is running on a virtual machine, then it must assume
756 * that MCA is enabled by the hypervisor. Moreover, the kernel must
757 * be prepared for the hypervisor changing the vendor and family that
758 * are reported by CPUID. Consequently, the workaround for AMD Family
759 * 10h Erratum 383 is enabled if the processor's feature set does not
760 * include at least one feature that is only supported by older Intel
761 * or newer AMD processors.
763 if (vm_guest == VM_GUEST_VM && (cpu_feature & CPUID_SS) == 0 &&
764 (cpu_feature2 & (CPUID2_SSSE3 | CPUID2_SSE41 | CPUID2_AESNI |
765 CPUID2_AVX | CPUID2_XSAVE)) == 0 && (amd_feature2 & (AMDID2_XOP |
767 workaround_erratum383 = 1;
770 * Are large page mappings supported and enabled?
772 TUNABLE_INT_FETCH("vm.pmap.pg_ps_enabled", &pg_ps_enabled);
775 else if (pg_ps_enabled) {
776 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
777 ("pmap_init: can't assign to pagesizes[1]"));
778 pagesizes[1] = NBPDR;
782 * Calculate the size of the pv head table for superpages.
784 for (i = 0; phys_avail[i + 1]; i += 2);
785 pv_npg = round_4mpage(phys_avail[(i - 2) + 1]) / NBPDR;
788 * Allocate memory for the pv head table for superpages.
790 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
792 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s,
794 for (i = 0; i < pv_npg; i++)
795 TAILQ_INIT(&pv_table[i].pv_list);
797 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
798 pv_chunkbase = (struct pv_chunk *)kva_alloc(PAGE_SIZE * pv_maxchunks);
799 if (pv_chunkbase == NULL)
800 panic("pmap_init: not enough kvm for pv chunks");
801 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
803 pdptzone = uma_zcreate("PDPT", NPGPTD * sizeof(pdpt_entry_t), NULL,
804 NULL, NULL, NULL, (NPGPTD * sizeof(pdpt_entry_t)) - 1,
805 UMA_ZONE_VM | UMA_ZONE_NOFREE);
806 uma_zone_set_allocf(pdptzone, pmap_pdpt_allocf);
811 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
812 "Max number of PV entries");
813 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
814 "Page share factor per proc");
816 static SYSCTL_NODE(_vm_pmap, OID_AUTO, pde, CTLFLAG_RD, 0,
817 "2/4MB page mapping counters");
819 static u_long pmap_pde_demotions;
820 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, demotions, CTLFLAG_RD,
821 &pmap_pde_demotions, 0, "2/4MB page demotions");
823 static u_long pmap_pde_mappings;
824 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, mappings, CTLFLAG_RD,
825 &pmap_pde_mappings, 0, "2/4MB page mappings");
827 static u_long pmap_pde_p_failures;
828 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, p_failures, CTLFLAG_RD,
829 &pmap_pde_p_failures, 0, "2/4MB page promotion failures");
831 static u_long pmap_pde_promotions;
832 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, promotions, CTLFLAG_RD,
833 &pmap_pde_promotions, 0, "2/4MB page promotions");
835 /***************************************************
836 * Low level helper routines.....
837 ***************************************************/
840 * Determine the appropriate bits to set in a PTE or PDE for a specified
844 pmap_cache_bits(int mode, boolean_t is_pde)
846 int cache_bits, pat_flag, pat_idx;
848 if (mode < 0 || mode >= PAT_INDEX_SIZE || pat_index[mode] < 0)
849 panic("Unknown caching mode %d\n", mode);
851 /* The PAT bit is different for PTE's and PDE's. */
852 pat_flag = is_pde ? PG_PDE_PAT : PG_PTE_PAT;
854 /* Map the caching mode to a PAT index. */
855 pat_idx = pat_index[mode];
857 /* Map the 3-bit index value into the PAT, PCD, and PWT bits. */
860 cache_bits |= pat_flag;
862 cache_bits |= PG_NC_PCD;
864 cache_bits |= PG_NC_PWT;
869 * The caller is responsible for maintaining TLB consistency.
872 pmap_kenter_pde(vm_offset_t va, pd_entry_t newpde)
876 boolean_t PTD_updated;
879 mtx_lock_spin(&allpmaps_lock);
880 LIST_FOREACH(pmap, &allpmaps, pm_list) {
881 if ((pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] &
884 pde = pmap_pde(pmap, va);
885 pde_store(pde, newpde);
887 mtx_unlock_spin(&allpmaps_lock);
889 ("pmap_kenter_pde: current page table is not in allpmaps"));
893 * After changing the page size for the specified virtual address in the page
894 * table, flush the corresponding entries from the processor's TLB. Only the
895 * calling processor's TLB is affected.
897 * The calling thread must be pinned to a processor.
900 pmap_update_pde_invalidate(vm_offset_t va, pd_entry_t newpde)
904 if ((newpde & PG_PS) == 0)
905 /* Demotion: flush a specific 2MB page mapping. */
907 else if ((newpde & PG_G) == 0)
909 * Promotion: flush every 4KB page mapping from the TLB
910 * because there are too many to flush individually.
915 * Promotion: flush every 4KB page mapping from the TLB,
916 * including any global (PG_G) mappings.
919 load_cr4(cr4 & ~CR4_PGE);
921 * Although preemption at this point could be detrimental to
922 * performance, it would not lead to an error. PG_G is simply
923 * ignored if CR4.PGE is clear. Moreover, in case this block
924 * is re-entered, the load_cr4() either above or below will
925 * modify CR4.PGE flushing the TLB.
927 load_cr4(cr4 | CR4_PGE);
932 * For SMP, these functions have to use the IPI mechanism for coherence.
934 * N.B.: Before calling any of the following TLB invalidation functions,
935 * the calling processor must ensure that all stores updating a non-
936 * kernel page table are globally performed. Otherwise, another
937 * processor could cache an old, pre-update entry without being
938 * invalidated. This can happen one of two ways: (1) The pmap becomes
939 * active on another processor after its pm_active field is checked by
940 * one of the following functions but before a store updating the page
941 * table is globally performed. (2) The pmap becomes active on another
942 * processor before its pm_active field is checked but due to
943 * speculative loads one of the following functions stills reads the
944 * pmap as inactive on the other processor.
946 * The kernel page table is exempt because its pm_active field is
947 * immutable. The kernel page table is always active on every
951 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
957 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
961 cpuid = PCPU_GET(cpuid);
962 other_cpus = all_cpus;
963 CPU_CLR(cpuid, &other_cpus);
964 if (CPU_ISSET(cpuid, &pmap->pm_active))
966 CPU_AND(&other_cpus, &pmap->pm_active);
967 if (!CPU_EMPTY(&other_cpus))
968 smp_masked_invlpg(other_cpus, va);
974 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
981 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
982 for (addr = sva; addr < eva; addr += PAGE_SIZE)
984 smp_invlpg_range(sva, eva);
986 cpuid = PCPU_GET(cpuid);
987 other_cpus = all_cpus;
988 CPU_CLR(cpuid, &other_cpus);
989 if (CPU_ISSET(cpuid, &pmap->pm_active))
990 for (addr = sva; addr < eva; addr += PAGE_SIZE)
992 CPU_AND(&other_cpus, &pmap->pm_active);
993 if (!CPU_EMPTY(&other_cpus))
994 smp_masked_invlpg_range(other_cpus, sva, eva);
1000 pmap_invalidate_all(pmap_t pmap)
1002 cpuset_t other_cpus;
1006 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
1010 cpuid = PCPU_GET(cpuid);
1011 other_cpus = all_cpus;
1012 CPU_CLR(cpuid, &other_cpus);
1013 if (CPU_ISSET(cpuid, &pmap->pm_active))
1015 CPU_AND(&other_cpus, &pmap->pm_active);
1016 if (!CPU_EMPTY(&other_cpus))
1017 smp_masked_invltlb(other_cpus);
1023 pmap_invalidate_cache(void)
1033 cpuset_t invalidate; /* processors that invalidate their TLB */
1037 u_int store; /* processor that updates the PDE */
1041 pmap_update_pde_kernel(void *arg)
1043 struct pde_action *act = arg;
1047 if (act->store == PCPU_GET(cpuid)) {
1050 * Elsewhere, this operation requires allpmaps_lock for
1051 * synchronization. Here, it does not because it is being
1052 * performed in the context of an all_cpus rendezvous.
1054 LIST_FOREACH(pmap, &allpmaps, pm_list) {
1055 pde = pmap_pde(pmap, act->va);
1056 pde_store(pde, act->newpde);
1062 pmap_update_pde_user(void *arg)
1064 struct pde_action *act = arg;
1066 if (act->store == PCPU_GET(cpuid))
1067 pde_store(act->pde, act->newpde);
1071 pmap_update_pde_teardown(void *arg)
1073 struct pde_action *act = arg;
1075 if (CPU_ISSET(PCPU_GET(cpuid), &act->invalidate))
1076 pmap_update_pde_invalidate(act->va, act->newpde);
1080 * Change the page size for the specified virtual address in a way that
1081 * prevents any possibility of the TLB ever having two entries that map the
1082 * same virtual address using different page sizes. This is the recommended
1083 * workaround for Erratum 383 on AMD Family 10h processors. It prevents a
1084 * machine check exception for a TLB state that is improperly diagnosed as a
1088 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
1090 struct pde_action act;
1091 cpuset_t active, other_cpus;
1095 cpuid = PCPU_GET(cpuid);
1096 other_cpus = all_cpus;
1097 CPU_CLR(cpuid, &other_cpus);
1098 if (pmap == kernel_pmap)
1101 active = pmap->pm_active;
1102 if (CPU_OVERLAP(&active, &other_cpus)) {
1104 act.invalidate = active;
1107 act.newpde = newpde;
1108 CPU_SET(cpuid, &active);
1109 smp_rendezvous_cpus(active,
1110 smp_no_rendevous_barrier, pmap == kernel_pmap ?
1111 pmap_update_pde_kernel : pmap_update_pde_user,
1112 pmap_update_pde_teardown, &act);
1114 if (pmap == kernel_pmap)
1115 pmap_kenter_pde(va, newpde);
1117 pde_store(pde, newpde);
1118 if (CPU_ISSET(cpuid, &active))
1119 pmap_update_pde_invalidate(va, newpde);
1125 * Normal, non-SMP, 486+ invalidation functions.
1126 * We inline these within pmap.c for speed.
1129 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
1132 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1137 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1141 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1142 for (addr = sva; addr < eva; addr += PAGE_SIZE)
1147 pmap_invalidate_all(pmap_t pmap)
1150 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1155 pmap_invalidate_cache(void)
1162 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
1165 if (pmap == kernel_pmap)
1166 pmap_kenter_pde(va, newpde);
1168 pde_store(pde, newpde);
1169 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1170 pmap_update_pde_invalidate(va, newpde);
1174 #define PMAP_CLFLUSH_THRESHOLD (2 * 1024 * 1024)
1177 pmap_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
1180 KASSERT((sva & PAGE_MASK) == 0,
1181 ("pmap_invalidate_cache_range: sva not page-aligned"));
1182 KASSERT((eva & PAGE_MASK) == 0,
1183 ("pmap_invalidate_cache_range: eva not page-aligned"));
1185 if (cpu_feature & CPUID_SS)
1186 ; /* If "Self Snoop" is supported, do nothing. */
1187 else if ((cpu_feature & CPUID_CLFSH) != 0 &&
1188 eva - sva < PMAP_CLFLUSH_THRESHOLD) {
1192 * XXX: Some CPUs fault, hang, or trash the local APIC
1193 * registers if we use CLFLUSH on the local APIC
1194 * range. The local APIC is always uncached, so we
1195 * don't need to flush for that range anyway.
1197 if (pmap_kextract(sva) == lapic_paddr)
1201 * Otherwise, do per-cache line flush. Use the mfence
1202 * instruction to insure that previous stores are
1203 * included in the write-back. The processor
1204 * propagates flush to other processors in the cache
1208 for (; sva < eva; sva += cpu_clflush_line_size)
1214 * No targeted cache flush methods are supported by CPU,
1215 * or the supplied range is bigger than 2MB.
1216 * Globally invalidate cache.
1218 pmap_invalidate_cache();
1223 pmap_invalidate_cache_pages(vm_page_t *pages, int count)
1227 if (count >= PMAP_CLFLUSH_THRESHOLD / PAGE_SIZE ||
1228 (cpu_feature & CPUID_CLFSH) == 0) {
1229 pmap_invalidate_cache();
1231 for (i = 0; i < count; i++)
1232 pmap_flush_page(pages[i]);
1237 * Are we current address space or kernel? N.B. We return FALSE when
1238 * a pmap's page table is in use because a kernel thread is borrowing
1239 * it. The borrowed page table can change spontaneously, making any
1240 * dependence on its continued use subject to a race condition.
1243 pmap_is_current(pmap_t pmap)
1246 return (pmap == kernel_pmap ||
1247 (pmap == vmspace_pmap(curthread->td_proc->p_vmspace) &&
1248 (pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] & PG_FRAME)));
1252 * If the given pmap is not the current or kernel pmap, the returned pte must
1253 * be released by passing it to pmap_pte_release().
1256 pmap_pte(pmap_t pmap, vm_offset_t va)
1261 pde = pmap_pde(pmap, va);
1265 /* are we current address space or kernel? */
1266 if (pmap_is_current(pmap))
1267 return (vtopte(va));
1268 mtx_lock(&PMAP2mutex);
1269 newpf = *pde & PG_FRAME;
1270 if ((*PMAP2 & PG_FRAME) != newpf) {
1271 *PMAP2 = newpf | PG_RW | PG_V | PG_A | PG_M;
1272 pmap_invalidate_page(kernel_pmap, (vm_offset_t)PADDR2);
1274 return (PADDR2 + (i386_btop(va) & (NPTEPG - 1)));
1280 * Releases a pte that was obtained from pmap_pte(). Be prepared for the pte
1283 static __inline void
1284 pmap_pte_release(pt_entry_t *pte)
1287 if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2)
1288 mtx_unlock(&PMAP2mutex);
1291 static __inline void
1292 invlcaddr(void *caddr)
1295 invlpg((u_int)caddr);
1299 * Super fast pmap_pte routine best used when scanning
1300 * the pv lists. This eliminates many coarse-grained
1301 * invltlb calls. Note that many of the pv list
1302 * scans are across different pmaps. It is very wasteful
1303 * to do an entire invltlb for checking a single mapping.
1305 * If the given pmap is not the current pmap, pvh_global_lock
1306 * must be held and curthread pinned to a CPU.
1309 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
1314 pde = pmap_pde(pmap, va);
1318 /* are we current address space or kernel? */
1319 if (pmap_is_current(pmap))
1320 return (vtopte(va));
1321 rw_assert(&pvh_global_lock, RA_WLOCKED);
1322 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
1323 newpf = *pde & PG_FRAME;
1324 if ((*PMAP1 & PG_FRAME) != newpf) {
1325 *PMAP1 = newpf | PG_RW | PG_V | PG_A | PG_M;
1327 PMAP1cpu = PCPU_GET(cpuid);
1333 if (PMAP1cpu != PCPU_GET(cpuid)) {
1334 PMAP1cpu = PCPU_GET(cpuid);
1340 return (PADDR1 + (i386_btop(va) & (NPTEPG - 1)));
1346 * Routine: pmap_extract
1348 * Extract the physical page address associated
1349 * with the given map/virtual_address pair.
1352 pmap_extract(pmap_t pmap, vm_offset_t va)
1360 pde = pmap->pm_pdir[va >> PDRSHIFT];
1362 if ((pde & PG_PS) != 0)
1363 rtval = (pde & PG_PS_FRAME) | (va & PDRMASK);
1365 pte = pmap_pte(pmap, va);
1366 rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
1367 pmap_pte_release(pte);
1375 * Routine: pmap_extract_and_hold
1377 * Atomically extract and hold the physical page
1378 * with the given pmap and virtual address pair
1379 * if that mapping permits the given protection.
1382 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1385 pt_entry_t pte, *ptep;
1393 pde = *pmap_pde(pmap, va);
1396 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
1397 if (vm_page_pa_tryrelock(pmap, (pde &
1398 PG_PS_FRAME) | (va & PDRMASK), &pa))
1400 m = PHYS_TO_VM_PAGE((pde & PG_PS_FRAME) |
1405 ptep = pmap_pte(pmap, va);
1407 pmap_pte_release(ptep);
1409 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
1410 if (vm_page_pa_tryrelock(pmap, pte & PG_FRAME,
1413 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
1423 /***************************************************
1424 * Low level mapping routines.....
1425 ***************************************************/
1428 * Add a wired page to the kva.
1429 * Note: not SMP coherent.
1431 * This function may be used before pmap_bootstrap() is called.
1434 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1439 pte_store(pte, pa | PG_RW | PG_V | pgeflag);
1442 static __inline void
1443 pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode)
1448 pte_store(pte, pa | PG_RW | PG_V | pgeflag | pmap_cache_bits(mode, 0));
1452 * Remove a page from the kernel pagetables.
1453 * Note: not SMP coherent.
1455 * This function may be used before pmap_bootstrap() is called.
1458 pmap_kremove(vm_offset_t va)
1467 * Used to map a range of physical addresses into kernel
1468 * virtual address space.
1470 * The value passed in '*virt' is a suggested virtual address for
1471 * the mapping. Architectures which can support a direct-mapped
1472 * physical to virtual region can return the appropriate address
1473 * within that region, leaving '*virt' unchanged. Other
1474 * architectures should map the pages starting at '*virt' and
1475 * update '*virt' with the first usable address after the mapped
1479 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1481 vm_offset_t va, sva;
1482 vm_paddr_t superpage_offset;
1487 * Does the physical address range's size and alignment permit at
1488 * least one superpage mapping to be created?
1490 superpage_offset = start & PDRMASK;
1491 if ((end - start) - ((NBPDR - superpage_offset) & PDRMASK) >= NBPDR) {
1493 * Increase the starting virtual address so that its alignment
1494 * does not preclude the use of superpage mappings.
1496 if ((va & PDRMASK) < superpage_offset)
1497 va = (va & ~PDRMASK) + superpage_offset;
1498 else if ((va & PDRMASK) > superpage_offset)
1499 va = ((va + PDRMASK) & ~PDRMASK) + superpage_offset;
1502 while (start < end) {
1503 if ((start & PDRMASK) == 0 && end - start >= NBPDR &&
1505 KASSERT((va & PDRMASK) == 0,
1506 ("pmap_map: misaligned va %#x", va));
1507 newpde = start | PG_PS | pgeflag | PG_RW | PG_V;
1508 pmap_kenter_pde(va, newpde);
1512 pmap_kenter(va, start);
1517 pmap_invalidate_range(kernel_pmap, sva, va);
1524 * Add a list of wired pages to the kva
1525 * this routine is only used for temporary
1526 * kernel mappings that do not need to have
1527 * page modification or references recorded.
1528 * Note that old mappings are simply written
1529 * over. The page *must* be wired.
1530 * Note: SMP coherent. Uses a ranged shootdown IPI.
1533 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1535 pt_entry_t *endpte, oldpte, pa, *pte;
1540 endpte = pte + count;
1541 while (pte < endpte) {
1543 pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 0);
1544 if ((*pte & (PG_FRAME | PG_PTE_CACHE)) != pa) {
1546 pte_store(pte, pa | pgeflag | PG_RW | PG_V);
1550 if (__predict_false((oldpte & PG_V) != 0))
1551 pmap_invalidate_range(kernel_pmap, sva, sva + count *
1556 * This routine tears out page mappings from the
1557 * kernel -- it is meant only for temporary mappings.
1558 * Note: SMP coherent. Uses a ranged shootdown IPI.
1561 pmap_qremove(vm_offset_t sva, int count)
1566 while (count-- > 0) {
1570 pmap_invalidate_range(kernel_pmap, sva, va);
1573 /***************************************************
1574 * Page table page management routines.....
1575 ***************************************************/
1576 static __inline void
1577 pmap_free_zero_pages(struct spglist *free)
1581 while ((m = SLIST_FIRST(free)) != NULL) {
1582 SLIST_REMOVE_HEAD(free, plinks.s.ss);
1583 /* Preserve the page's PG_ZERO setting. */
1584 vm_page_free_toq(m);
1589 * Schedule the specified unused page table page to be freed. Specifically,
1590 * add the page to the specified list of pages that will be released to the
1591 * physical memory manager after the TLB has been updated.
1593 static __inline void
1594 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1595 boolean_t set_PG_ZERO)
1599 m->flags |= PG_ZERO;
1601 m->flags &= ~PG_ZERO;
1602 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1606 * Inserts the specified page table page into the specified pmap's collection
1607 * of idle page table pages. Each of a pmap's page table pages is responsible
1608 * for mapping a distinct range of virtual addresses. The pmap's collection is
1609 * ordered by this virtual address range.
1612 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte)
1615 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1616 return (vm_radix_insert(&pmap->pm_root, mpte));
1620 * Looks for a page table page mapping the specified virtual address in the
1621 * specified pmap's collection of idle page table pages. Returns NULL if there
1622 * is no page table page corresponding to the specified virtual address.
1624 static __inline vm_page_t
1625 pmap_lookup_pt_page(pmap_t pmap, vm_offset_t va)
1628 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1629 return (vm_radix_lookup(&pmap->pm_root, va >> PDRSHIFT));
1633 * Removes the specified page table page from the specified pmap's collection
1634 * of idle page table pages. The specified page table page must be a member of
1635 * the pmap's collection.
1637 static __inline void
1638 pmap_remove_pt_page(pmap_t pmap, vm_page_t mpte)
1641 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1642 vm_radix_remove(&pmap->pm_root, mpte->pindex);
1646 * Decrements a page table page's wire count, which is used to record the
1647 * number of valid page table entries within the page. If the wire count
1648 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1649 * page table page was unmapped and FALSE otherwise.
1651 static inline boolean_t
1652 pmap_unwire_ptp(pmap_t pmap, vm_page_t m, struct spglist *free)
1656 if (m->wire_count == 0) {
1657 _pmap_unwire_ptp(pmap, m, free);
1664 _pmap_unwire_ptp(pmap_t pmap, vm_page_t m, struct spglist *free)
1669 * unmap the page table page
1671 pmap->pm_pdir[m->pindex] = 0;
1672 --pmap->pm_stats.resident_count;
1675 * This is a release store so that the ordinary store unmapping
1676 * the page table page is globally performed before TLB shoot-
1679 atomic_subtract_rel_int(&cnt.v_wire_count, 1);
1682 * Do an invltlb to make the invalidated mapping
1683 * take effect immediately.
1685 pteva = VM_MAXUSER_ADDRESS + i386_ptob(m->pindex);
1686 pmap_invalidate_page(pmap, pteva);
1689 * Put page on a list so that it is released after
1690 * *ALL* TLB shootdown is done
1692 pmap_add_delayed_free_list(m, free, TRUE);
1696 * After removing a page table entry, this routine is used to
1697 * conditionally free the page, and manage the hold/wire counts.
1700 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, struct spglist *free)
1705 if (va >= VM_MAXUSER_ADDRESS)
1707 ptepde = *pmap_pde(pmap, va);
1708 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
1709 return (pmap_unwire_ptp(pmap, mpte, free));
1713 * Initialize the pmap for the swapper process.
1716 pmap_pinit0(pmap_t pmap)
1719 PMAP_LOCK_INIT(pmap);
1721 * Since the page table directory is shared with the kernel pmap,
1722 * which is already included in the list "allpmaps", this pmap does
1723 * not need to be inserted into that list.
1725 pmap->pm_pdir = (pd_entry_t *)(KERNBASE + (vm_offset_t)IdlePTD);
1727 pmap->pm_pdpt = (pdpt_entry_t *)(KERNBASE + (vm_offset_t)IdlePDPT);
1729 pmap->pm_root.rt_root = 0;
1730 CPU_ZERO(&pmap->pm_active);
1731 PCPU_SET(curpmap, pmap);
1732 TAILQ_INIT(&pmap->pm_pvchunk);
1733 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1737 * Initialize a preallocated and zeroed pmap structure,
1738 * such as one in a vmspace structure.
1741 pmap_pinit(pmap_t pmap)
1743 vm_page_t m, ptdpg[NPGPTD];
1748 * No need to allocate page table space yet but we do need a valid
1749 * page directory table.
1751 if (pmap->pm_pdir == NULL) {
1752 pmap->pm_pdir = (pd_entry_t *)kva_alloc(NBPTD);
1753 if (pmap->pm_pdir == NULL) {
1754 PMAP_LOCK_DESTROY(pmap);
1758 pmap->pm_pdpt = uma_zalloc(pdptzone, M_WAITOK | M_ZERO);
1759 KASSERT(((vm_offset_t)pmap->pm_pdpt &
1760 ((NPGPTD * sizeof(pdpt_entry_t)) - 1)) == 0,
1761 ("pmap_pinit: pdpt misaligned"));
1762 KASSERT(pmap_kextract((vm_offset_t)pmap->pm_pdpt) < (4ULL<<30),
1763 ("pmap_pinit: pdpt above 4g"));
1765 pmap->pm_root.rt_root = 0;
1767 KASSERT(vm_radix_is_empty(&pmap->pm_root),
1768 ("pmap_pinit: pmap has reserved page table page(s)"));
1771 * allocate the page directory page(s)
1773 for (i = 0; i < NPGPTD;) {
1774 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1775 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1783 pmap_qenter((vm_offset_t)pmap->pm_pdir, ptdpg, NPGPTD);
1785 for (i = 0; i < NPGPTD; i++)
1786 if ((ptdpg[i]->flags & PG_ZERO) == 0)
1787 pagezero(pmap->pm_pdir + (i * NPDEPG));
1789 mtx_lock_spin(&allpmaps_lock);
1790 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1791 /* Copy the kernel page table directory entries. */
1792 bcopy(PTD + KPTDI, pmap->pm_pdir + KPTDI, nkpt * sizeof(pd_entry_t));
1793 mtx_unlock_spin(&allpmaps_lock);
1795 /* install self-referential address mapping entry(s) */
1796 for (i = 0; i < NPGPTD; i++) {
1797 pa = VM_PAGE_TO_PHYS(ptdpg[i]);
1798 pmap->pm_pdir[PTDPTDI + i] = pa | PG_V | PG_RW | PG_A | PG_M;
1800 pmap->pm_pdpt[i] = pa | PG_V;
1804 CPU_ZERO(&pmap->pm_active);
1805 TAILQ_INIT(&pmap->pm_pvchunk);
1806 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1812 * this routine is called if the page table page is not
1816 _pmap_allocpte(pmap_t pmap, u_int ptepindex, int flags)
1821 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1822 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1823 ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1826 * Allocate a page table page.
1828 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1829 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1830 if (flags & M_WAITOK) {
1832 rw_wunlock(&pvh_global_lock);
1834 rw_wlock(&pvh_global_lock);
1839 * Indicate the need to retry. While waiting, the page table
1840 * page may have been allocated.
1844 if ((m->flags & PG_ZERO) == 0)
1848 * Map the pagetable page into the process address space, if
1849 * it isn't already there.
1852 pmap->pm_stats.resident_count++;
1854 ptepa = VM_PAGE_TO_PHYS(m);
1855 pmap->pm_pdir[ptepindex] =
1856 (pd_entry_t) (ptepa | PG_U | PG_RW | PG_V | PG_A | PG_M);
1862 pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
1868 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1869 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1870 ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1873 * Calculate pagetable page index
1875 ptepindex = va >> PDRSHIFT;
1878 * Get the page directory entry
1880 ptepa = pmap->pm_pdir[ptepindex];
1883 * This supports switching from a 4MB page to a
1886 if (ptepa & PG_PS) {
1887 (void)pmap_demote_pde(pmap, &pmap->pm_pdir[ptepindex], va);
1888 ptepa = pmap->pm_pdir[ptepindex];
1892 * If the page table page is mapped, we just increment the
1893 * hold count, and activate it.
1896 m = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
1900 * Here if the pte page isn't mapped, or if it has
1903 m = _pmap_allocpte(pmap, ptepindex, flags);
1904 if (m == NULL && (flags & M_WAITOK))
1911 /***************************************************
1912 * Pmap allocation/deallocation routines.
1913 ***************************************************/
1917 * Deal with a SMP shootdown of other users of the pmap that we are
1918 * trying to dispose of. This can be a bit hairy.
1920 static cpuset_t *lazymask;
1921 static u_int lazyptd;
1922 static volatile u_int lazywait;
1924 void pmap_lazyfix_action(void);
1927 pmap_lazyfix_action(void)
1931 (*ipi_lazypmap_counts[PCPU_GET(cpuid)])++;
1933 if (rcr3() == lazyptd)
1934 load_cr3(curpcb->pcb_cr3);
1935 CPU_CLR_ATOMIC(PCPU_GET(cpuid), lazymask);
1936 atomic_store_rel_int(&lazywait, 1);
1940 pmap_lazyfix_self(u_int cpuid)
1943 if (rcr3() == lazyptd)
1944 load_cr3(curpcb->pcb_cr3);
1945 CPU_CLR_ATOMIC(cpuid, lazymask);
1950 pmap_lazyfix(pmap_t pmap)
1952 cpuset_t mymask, mask;
1956 mask = pmap->pm_active;
1957 while (!CPU_EMPTY(&mask)) {
1960 /* Find least significant set bit. */
1961 lsb = CPU_FFS(&mask);
1964 CPU_SETOF(lsb, &mask);
1965 mtx_lock_spin(&smp_ipi_mtx);
1967 lazyptd = vtophys(pmap->pm_pdpt);
1969 lazyptd = vtophys(pmap->pm_pdir);
1971 cpuid = PCPU_GET(cpuid);
1973 /* Use a cpuset just for having an easy check. */
1974 CPU_SETOF(cpuid, &mymask);
1975 if (!CPU_CMP(&mask, &mymask)) {
1976 lazymask = &pmap->pm_active;
1977 pmap_lazyfix_self(cpuid);
1979 atomic_store_rel_int((u_int *)&lazymask,
1980 (u_int)&pmap->pm_active);
1981 atomic_store_rel_int(&lazywait, 0);
1982 ipi_selected(mask, IPI_LAZYPMAP);
1983 while (lazywait == 0) {
1989 mtx_unlock_spin(&smp_ipi_mtx);
1991 printf("pmap_lazyfix: spun for 50000000\n");
1992 mask = pmap->pm_active;
1999 * Cleaning up on uniprocessor is easy. For various reasons, we're
2000 * unlikely to have to even execute this code, including the fact
2001 * that the cleanup is deferred until the parent does a wait(2), which
2002 * means that another userland process has run.
2005 pmap_lazyfix(pmap_t pmap)
2009 cr3 = vtophys(pmap->pm_pdir);
2010 if (cr3 == rcr3()) {
2011 load_cr3(curpcb->pcb_cr3);
2012 CPU_CLR(PCPU_GET(cpuid), &pmap->pm_active);
2018 * Release any resources held by the given physical map.
2019 * Called when a pmap initialized by pmap_pinit is being released.
2020 * Should only be called if the map contains no valid mappings.
2023 pmap_release(pmap_t pmap)
2025 vm_page_t m, ptdpg[NPGPTD];
2028 KASSERT(pmap->pm_stats.resident_count == 0,
2029 ("pmap_release: pmap resident count %ld != 0",
2030 pmap->pm_stats.resident_count));
2031 KASSERT(vm_radix_is_empty(&pmap->pm_root),
2032 ("pmap_release: pmap has reserved page table page(s)"));
2035 mtx_lock_spin(&allpmaps_lock);
2036 LIST_REMOVE(pmap, pm_list);
2037 mtx_unlock_spin(&allpmaps_lock);
2039 for (i = 0; i < NPGPTD; i++)
2040 ptdpg[i] = PHYS_TO_VM_PAGE(pmap->pm_pdir[PTDPTDI + i] &
2043 bzero(pmap->pm_pdir + PTDPTDI, (nkpt + NPGPTD) *
2044 sizeof(*pmap->pm_pdir));
2046 pmap_qremove((vm_offset_t)pmap->pm_pdir, NPGPTD);
2048 for (i = 0; i < NPGPTD; i++) {
2051 KASSERT(VM_PAGE_TO_PHYS(m) == (pmap->pm_pdpt[i] & PG_FRAME),
2052 ("pmap_release: got wrong ptd page"));
2055 atomic_subtract_int(&cnt.v_wire_count, 1);
2056 vm_page_free_zero(m);
2061 kvm_size(SYSCTL_HANDLER_ARGS)
2063 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;
2065 return (sysctl_handle_long(oidp, &ksize, 0, req));
2067 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
2068 0, 0, kvm_size, "IU", "Size of KVM");
2071 kvm_free(SYSCTL_HANDLER_ARGS)
2073 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
2075 return (sysctl_handle_long(oidp, &kfree, 0, req));
2077 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
2078 0, 0, kvm_free, "IU", "Amount of KVM free");
2081 * grow the number of kernel page table entries, if needed
2084 pmap_growkernel(vm_offset_t addr)
2086 vm_paddr_t ptppaddr;
2090 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
2091 addr = roundup2(addr, NBPDR);
2092 if (addr - 1 >= kernel_map->max_offset)
2093 addr = kernel_map->max_offset;
2094 while (kernel_vm_end < addr) {
2095 if (pdir_pde(PTD, kernel_vm_end)) {
2096 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
2097 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
2098 kernel_vm_end = kernel_map->max_offset;
2104 nkpg = vm_page_alloc(NULL, kernel_vm_end >> PDRSHIFT,
2105 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2108 panic("pmap_growkernel: no memory to grow kernel");
2112 if ((nkpg->flags & PG_ZERO) == 0)
2113 pmap_zero_page(nkpg);
2114 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
2115 newpdir = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
2116 pdir_pde(KPTD, kernel_vm_end) = pgeflag | newpdir;
2118 pmap_kenter_pde(kernel_vm_end, newpdir);
2119 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
2120 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
2121 kernel_vm_end = kernel_map->max_offset;
2128 /***************************************************
2129 * page management routines.
2130 ***************************************************/
2132 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2133 CTASSERT(_NPCM == 11);
2134 CTASSERT(_NPCPV == 336);
2136 static __inline struct pv_chunk *
2137 pv_to_chunk(pv_entry_t pv)
2140 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2143 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2145 #define PC_FREE0_9 0xfffffffful /* Free values for index 0 through 9 */
2146 #define PC_FREE10 0x0000fffful /* Free values for index 10 */
2148 static const uint32_t pc_freemask[_NPCM] = {
2149 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2150 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2151 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2152 PC_FREE0_9, PC_FREE10
2155 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2156 "Current number of pv entries");
2159 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2161 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2162 "Current number of pv entry chunks");
2163 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2164 "Current number of pv entry chunks allocated");
2165 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2166 "Current number of pv entry chunks frees");
2167 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2168 "Number of times tried to get a chunk page but failed.");
2170 static long pv_entry_frees, pv_entry_allocs;
2171 static int pv_entry_spare;
2173 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2174 "Current number of pv entry frees");
2175 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2176 "Current number of pv entry allocs");
2177 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2178 "Current number of spare pv entries");
2182 * We are in a serious low memory condition. Resort to
2183 * drastic measures to free some pages so we can allocate
2184 * another pv entry chunk.
2187 pmap_pv_reclaim(pmap_t locked_pmap)
2190 struct pv_chunk *pc;
2191 struct md_page *pvh;
2194 pt_entry_t *pte, tpte;
2198 struct spglist free;
2200 int bit, field, freed;
2202 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2206 TAILQ_INIT(&newtail);
2207 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && (pv_vafree == 0 ||
2208 SLIST_EMPTY(&free))) {
2209 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2210 if (pmap != pc->pc_pmap) {
2212 pmap_invalidate_all(pmap);
2213 if (pmap != locked_pmap)
2217 /* Avoid deadlock and lock recursion. */
2218 if (pmap > locked_pmap)
2220 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap)) {
2222 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2228 * Destroy every non-wired, 4 KB page mapping in the chunk.
2231 for (field = 0; field < _NPCM; field++) {
2232 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2233 inuse != 0; inuse &= ~(1UL << bit)) {
2235 pv = &pc->pc_pventry[field * 32 + bit];
2237 pde = pmap_pde(pmap, va);
2238 if ((*pde & PG_PS) != 0)
2240 pte = pmap_pte(pmap, va);
2242 if ((tpte & PG_W) == 0)
2243 tpte = pte_load_clear(pte);
2244 pmap_pte_release(pte);
2245 if ((tpte & PG_W) != 0)
2248 ("pmap_pv_reclaim: pmap %p va %x zero pte",
2250 if ((tpte & PG_G) != 0)
2251 pmap_invalidate_page(pmap, va);
2252 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
2253 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
2255 if ((tpte & PG_A) != 0)
2256 vm_page_aflag_set(m, PGA_REFERENCED);
2257 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2258 if (TAILQ_EMPTY(&m->md.pv_list) &&
2259 (m->flags & PG_FICTITIOUS) == 0) {
2260 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2261 if (TAILQ_EMPTY(&pvh->pv_list)) {
2262 vm_page_aflag_clear(m,
2266 pc->pc_map[field] |= 1UL << bit;
2267 pmap_unuse_pt(pmap, va, &free);
2272 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2275 /* Every freed mapping is for a 4 KB page. */
2276 pmap->pm_stats.resident_count -= freed;
2277 PV_STAT(pv_entry_frees += freed);
2278 PV_STAT(pv_entry_spare += freed);
2279 pv_entry_count -= freed;
2280 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2281 for (field = 0; field < _NPCM; field++)
2282 if (pc->pc_map[field] != pc_freemask[field]) {
2283 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2285 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2288 * One freed pv entry in locked_pmap is
2291 if (pmap == locked_pmap)
2295 if (field == _NPCM) {
2296 PV_STAT(pv_entry_spare -= _NPCPV);
2297 PV_STAT(pc_chunk_count--);
2298 PV_STAT(pc_chunk_frees++);
2299 /* Entire chunk is free; return it. */
2300 m_pc = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2301 pmap_qremove((vm_offset_t)pc, 1);
2302 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
2307 TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru);
2309 pmap_invalidate_all(pmap);
2310 if (pmap != locked_pmap)
2313 if (m_pc == NULL && pv_vafree != 0 && SLIST_EMPTY(&free)) {
2314 m_pc = SLIST_FIRST(&free);
2315 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
2316 /* Recycle a freed page table page. */
2317 m_pc->wire_count = 1;
2318 atomic_add_int(&cnt.v_wire_count, 1);
2320 pmap_free_zero_pages(&free);
2325 * free the pv_entry back to the free list
2328 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2330 struct pv_chunk *pc;
2331 int idx, field, bit;
2333 rw_assert(&pvh_global_lock, RA_WLOCKED);
2334 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2335 PV_STAT(pv_entry_frees++);
2336 PV_STAT(pv_entry_spare++);
2338 pc = pv_to_chunk(pv);
2339 idx = pv - &pc->pc_pventry[0];
2342 pc->pc_map[field] |= 1ul << bit;
2343 for (idx = 0; idx < _NPCM; idx++)
2344 if (pc->pc_map[idx] != pc_freemask[idx]) {
2346 * 98% of the time, pc is already at the head of the
2347 * list. If it isn't already, move it to the head.
2349 if (__predict_false(TAILQ_FIRST(&pmap->pm_pvchunk) !=
2351 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2352 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2357 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2362 free_pv_chunk(struct pv_chunk *pc)
2366 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2367 PV_STAT(pv_entry_spare -= _NPCPV);
2368 PV_STAT(pc_chunk_count--);
2369 PV_STAT(pc_chunk_frees++);
2370 /* entire chunk is free, return it */
2371 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2372 pmap_qremove((vm_offset_t)pc, 1);
2373 vm_page_unwire(m, 0);
2375 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
2379 * get a new pv_entry, allocating a block from the system
2383 get_pv_entry(pmap_t pmap, boolean_t try)
2385 static const struct timeval printinterval = { 60, 0 };
2386 static struct timeval lastprint;
2389 struct pv_chunk *pc;
2392 rw_assert(&pvh_global_lock, RA_WLOCKED);
2393 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2394 PV_STAT(pv_entry_allocs++);
2396 if (pv_entry_count > pv_entry_high_water)
2397 if (ratecheck(&lastprint, &printinterval))
2398 printf("Approaching the limit on PV entries, consider "
2399 "increasing either the vm.pmap.shpgperproc or the "
2400 "vm.pmap.pv_entry_max tunable.\n");
2402 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2404 for (field = 0; field < _NPCM; field++) {
2405 if (pc->pc_map[field]) {
2406 bit = bsfl(pc->pc_map[field]);
2410 if (field < _NPCM) {
2411 pv = &pc->pc_pventry[field * 32 + bit];
2412 pc->pc_map[field] &= ~(1ul << bit);
2413 /* If this was the last item, move it to tail */
2414 for (field = 0; field < _NPCM; field++)
2415 if (pc->pc_map[field] != 0) {
2416 PV_STAT(pv_entry_spare--);
2417 return (pv); /* not full, return */
2419 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2420 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2421 PV_STAT(pv_entry_spare--);
2426 * Access to the ptelist "pv_vafree" is synchronized by the pvh
2427 * global lock. If "pv_vafree" is currently non-empty, it will
2428 * remain non-empty until pmap_ptelist_alloc() completes.
2430 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2431 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
2434 PV_STAT(pc_chunk_tryfail++);
2437 m = pmap_pv_reclaim(pmap);
2441 PV_STAT(pc_chunk_count++);
2442 PV_STAT(pc_chunk_allocs++);
2443 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree);
2444 pmap_qenter((vm_offset_t)pc, &m, 1);
2446 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
2447 for (field = 1; field < _NPCM; field++)
2448 pc->pc_map[field] = pc_freemask[field];
2449 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2450 pv = &pc->pc_pventry[0];
2451 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2452 PV_STAT(pv_entry_spare += _NPCPV - 1);
2456 static __inline pv_entry_t
2457 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2461 rw_assert(&pvh_global_lock, RA_WLOCKED);
2462 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2463 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2464 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2472 pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2474 struct md_page *pvh;
2476 vm_offset_t va_last;
2479 rw_assert(&pvh_global_lock, RA_WLOCKED);
2480 KASSERT((pa & PDRMASK) == 0,
2481 ("pmap_pv_demote_pde: pa is not 4mpage aligned"));
2484 * Transfer the 4mpage's pv entry for this mapping to the first
2487 pvh = pa_to_pvh(pa);
2488 va = trunc_4mpage(va);
2489 pv = pmap_pvh_remove(pvh, pmap, va);
2490 KASSERT(pv != NULL, ("pmap_pv_demote_pde: pv not found"));
2491 m = PHYS_TO_VM_PAGE(pa);
2492 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2493 /* Instantiate the remaining NPTEPG - 1 pv entries. */
2494 va_last = va + NBPDR - PAGE_SIZE;
2497 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2498 ("pmap_pv_demote_pde: page %p is not managed", m));
2500 pmap_insert_entry(pmap, va, m);
2501 } while (va < va_last);
2505 pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2507 struct md_page *pvh;
2509 vm_offset_t va_last;
2512 rw_assert(&pvh_global_lock, RA_WLOCKED);
2513 KASSERT((pa & PDRMASK) == 0,
2514 ("pmap_pv_promote_pde: pa is not 4mpage aligned"));
2517 * Transfer the first page's pv entry for this mapping to the
2518 * 4mpage's pv list. Aside from avoiding the cost of a call
2519 * to get_pv_entry(), a transfer avoids the possibility that
2520 * get_pv_entry() calls pmap_collect() and that pmap_collect()
2521 * removes one of the mappings that is being promoted.
2523 m = PHYS_TO_VM_PAGE(pa);
2524 va = trunc_4mpage(va);
2525 pv = pmap_pvh_remove(&m->md, pmap, va);
2526 KASSERT(pv != NULL, ("pmap_pv_promote_pde: pv not found"));
2527 pvh = pa_to_pvh(pa);
2528 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2529 /* Free the remaining NPTEPG - 1 pv entries. */
2530 va_last = va + NBPDR - PAGE_SIZE;
2534 pmap_pvh_free(&m->md, pmap, va);
2535 } while (va < va_last);
2539 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2543 pv = pmap_pvh_remove(pvh, pmap, va);
2544 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2545 free_pv_entry(pmap, pv);
2549 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
2551 struct md_page *pvh;
2553 rw_assert(&pvh_global_lock, RA_WLOCKED);
2554 pmap_pvh_free(&m->md, pmap, va);
2555 if (TAILQ_EMPTY(&m->md.pv_list) && (m->flags & PG_FICTITIOUS) == 0) {
2556 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2557 if (TAILQ_EMPTY(&pvh->pv_list))
2558 vm_page_aflag_clear(m, PGA_WRITEABLE);
2563 * Create a pv entry for page at pa for
2567 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2571 rw_assert(&pvh_global_lock, RA_WLOCKED);
2572 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2573 pv = get_pv_entry(pmap, FALSE);
2575 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2579 * Conditionally create a pv entry.
2582 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2586 rw_assert(&pvh_global_lock, RA_WLOCKED);
2587 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2588 if (pv_entry_count < pv_entry_high_water &&
2589 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
2591 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2598 * Create the pv entries for each of the pages within a superpage.
2601 pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2603 struct md_page *pvh;
2606 rw_assert(&pvh_global_lock, RA_WLOCKED);
2607 if (pv_entry_count < pv_entry_high_water &&
2608 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
2610 pvh = pa_to_pvh(pa);
2611 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2618 * Fills a page table page with mappings to consecutive physical pages.
2621 pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte)
2625 for (pte = firstpte; pte < firstpte + NPTEPG; pte++) {
2627 newpte += PAGE_SIZE;
2632 * Tries to demote a 2- or 4MB page mapping. If demotion fails, the
2633 * 2- or 4MB page mapping is invalidated.
2636 pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
2638 pd_entry_t newpde, oldpde;
2639 pt_entry_t *firstpte, newpte;
2642 struct spglist free;
2644 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2646 KASSERT((oldpde & (PG_PS | PG_V)) == (PG_PS | PG_V),
2647 ("pmap_demote_pde: oldpde is missing PG_PS and/or PG_V"));
2648 if ((oldpde & PG_A) != 0 && (mpte = pmap_lookup_pt_page(pmap, va)) !=
2650 pmap_remove_pt_page(pmap, mpte);
2652 KASSERT((oldpde & PG_W) == 0,
2653 ("pmap_demote_pde: page table page for a wired mapping"
2657 * Invalidate the 2- or 4MB page mapping and return
2658 * "failure" if the mapping was never accessed or the
2659 * allocation of the new page table page fails.
2661 if ((oldpde & PG_A) == 0 || (mpte = vm_page_alloc(NULL,
2662 va >> PDRSHIFT, VM_ALLOC_NOOBJ | VM_ALLOC_NORMAL |
2663 VM_ALLOC_WIRED)) == NULL) {
2665 pmap_remove_pde(pmap, pde, trunc_4mpage(va), &free);
2666 pmap_invalidate_page(pmap, trunc_4mpage(va));
2667 pmap_free_zero_pages(&free);
2668 CTR2(KTR_PMAP, "pmap_demote_pde: failure for va %#x"
2669 " in pmap %p", va, pmap);
2672 if (va < VM_MAXUSER_ADDRESS)
2673 pmap->pm_stats.resident_count++;
2675 mptepa = VM_PAGE_TO_PHYS(mpte);
2678 * If the page mapping is in the kernel's address space, then the
2679 * KPTmap can provide access to the page table page. Otherwise,
2680 * temporarily map the page table page (mpte) into the kernel's
2681 * address space at either PADDR1 or PADDR2.
2684 firstpte = &KPTmap[i386_btop(trunc_4mpage(va))];
2685 else if (curthread->td_pinned > 0 && rw_wowned(&pvh_global_lock)) {
2686 if ((*PMAP1 & PG_FRAME) != mptepa) {
2687 *PMAP1 = mptepa | PG_RW | PG_V | PG_A | PG_M;
2689 PMAP1cpu = PCPU_GET(cpuid);
2695 if (PMAP1cpu != PCPU_GET(cpuid)) {
2696 PMAP1cpu = PCPU_GET(cpuid);
2704 mtx_lock(&PMAP2mutex);
2705 if ((*PMAP2 & PG_FRAME) != mptepa) {
2706 *PMAP2 = mptepa | PG_RW | PG_V | PG_A | PG_M;
2707 pmap_invalidate_page(kernel_pmap, (vm_offset_t)PADDR2);
2711 newpde = mptepa | PG_M | PG_A | (oldpde & PG_U) | PG_RW | PG_V;
2712 KASSERT((oldpde & PG_A) != 0,
2713 ("pmap_demote_pde: oldpde is missing PG_A"));
2714 KASSERT((oldpde & (PG_M | PG_RW)) != PG_RW,
2715 ("pmap_demote_pde: oldpde is missing PG_M"));
2716 newpte = oldpde & ~PG_PS;
2717 if ((newpte & PG_PDE_PAT) != 0)
2718 newpte ^= PG_PDE_PAT | PG_PTE_PAT;
2721 * If the page table page is new, initialize it.
2723 if (mpte->wire_count == 1) {
2724 mpte->wire_count = NPTEPG;
2725 pmap_fill_ptp(firstpte, newpte);
2727 KASSERT((*firstpte & PG_FRAME) == (newpte & PG_FRAME),
2728 ("pmap_demote_pde: firstpte and newpte map different physical"
2732 * If the mapping has changed attributes, update the page table
2735 if ((*firstpte & PG_PTE_PROMOTE) != (newpte & PG_PTE_PROMOTE))
2736 pmap_fill_ptp(firstpte, newpte);
2739 * Demote the mapping. This pmap is locked. The old PDE has
2740 * PG_A set. If the old PDE has PG_RW set, it also has PG_M
2741 * set. Thus, there is no danger of a race with another
2742 * processor changing the setting of PG_A and/or PG_M between
2743 * the read above and the store below.
2745 if (workaround_erratum383)
2746 pmap_update_pde(pmap, va, pde, newpde);
2747 else if (pmap == kernel_pmap)
2748 pmap_kenter_pde(va, newpde);
2750 pde_store(pde, newpde);
2751 if (firstpte == PADDR2)
2752 mtx_unlock(&PMAP2mutex);
2755 * Invalidate the recursive mapping of the page table page.
2757 pmap_invalidate_page(pmap, (vm_offset_t)vtopte(va));
2760 * Demote the pv entry. This depends on the earlier demotion
2761 * of the mapping. Specifically, the (re)creation of a per-
2762 * page pv entry might trigger the execution of pmap_collect(),
2763 * which might reclaim a newly (re)created per-page pv entry
2764 * and destroy the associated mapping. In order to destroy
2765 * the mapping, the PDE must have already changed from mapping
2766 * the 2mpage to referencing the page table page.
2768 if ((oldpde & PG_MANAGED) != 0)
2769 pmap_pv_demote_pde(pmap, va, oldpde & PG_PS_FRAME);
2771 pmap_pde_demotions++;
2772 CTR2(KTR_PMAP, "pmap_demote_pde: success for va %#x"
2773 " in pmap %p", va, pmap);
2778 * Removes a 2- or 4MB page mapping from the kernel pmap.
2781 pmap_remove_kernel_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
2787 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2788 mpte = pmap_lookup_pt_page(pmap, va);
2790 panic("pmap_remove_kernel_pde: Missing pt page.");
2792 pmap_remove_pt_page(pmap, mpte);
2793 mptepa = VM_PAGE_TO_PHYS(mpte);
2794 newpde = mptepa | PG_M | PG_A | PG_RW | PG_V;
2797 * Initialize the page table page.
2799 pagezero((void *)&KPTmap[i386_btop(trunc_4mpage(va))]);
2802 * Remove the mapping.
2804 if (workaround_erratum383)
2805 pmap_update_pde(pmap, va, pde, newpde);
2807 pmap_kenter_pde(va, newpde);
2810 * Invalidate the recursive mapping of the page table page.
2812 pmap_invalidate_page(pmap, (vm_offset_t)vtopte(va));
2816 * pmap_remove_pde: do the things to unmap a superpage in a process
2819 pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
2820 struct spglist *free)
2822 struct md_page *pvh;
2824 vm_offset_t eva, va;
2827 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2828 KASSERT((sva & PDRMASK) == 0,
2829 ("pmap_remove_pde: sva is not 4mpage aligned"));
2830 oldpde = pte_load_clear(pdq);
2832 pmap->pm_stats.wired_count -= NBPDR / PAGE_SIZE;
2835 * Machines that don't support invlpg, also don't support
2839 pmap_invalidate_page(kernel_pmap, sva);
2840 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
2841 if (oldpde & PG_MANAGED) {
2842 pvh = pa_to_pvh(oldpde & PG_PS_FRAME);
2843 pmap_pvh_free(pvh, pmap, sva);
2845 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
2846 va < eva; va += PAGE_SIZE, m++) {
2847 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
2850 vm_page_aflag_set(m, PGA_REFERENCED);
2851 if (TAILQ_EMPTY(&m->md.pv_list) &&
2852 TAILQ_EMPTY(&pvh->pv_list))
2853 vm_page_aflag_clear(m, PGA_WRITEABLE);
2856 if (pmap == kernel_pmap) {
2857 pmap_remove_kernel_pde(pmap, pdq, sva);
2859 mpte = pmap_lookup_pt_page(pmap, sva);
2861 pmap_remove_pt_page(pmap, mpte);
2862 pmap->pm_stats.resident_count--;
2863 KASSERT(mpte->wire_count == NPTEPG,
2864 ("pmap_remove_pde: pte page wire count error"));
2865 mpte->wire_count = 0;
2866 pmap_add_delayed_free_list(mpte, free, FALSE);
2867 atomic_subtract_int(&cnt.v_wire_count, 1);
2873 * pmap_remove_pte: do the things to unmap a page in a process
2876 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va,
2877 struct spglist *free)
2882 rw_assert(&pvh_global_lock, RA_WLOCKED);
2883 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2884 oldpte = pte_load_clear(ptq);
2885 KASSERT(oldpte != 0,
2886 ("pmap_remove_pte: pmap %p va %x zero pte", pmap, va));
2888 pmap->pm_stats.wired_count -= 1;
2890 * Machines that don't support invlpg, also don't support
2894 pmap_invalidate_page(kernel_pmap, va);
2895 pmap->pm_stats.resident_count -= 1;
2896 if (oldpte & PG_MANAGED) {
2897 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
2898 if ((oldpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
2901 vm_page_aflag_set(m, PGA_REFERENCED);
2902 pmap_remove_entry(pmap, m, va);
2904 return (pmap_unuse_pt(pmap, va, free));
2908 * Remove a single page from a process address space
2911 pmap_remove_page(pmap_t pmap, vm_offset_t va, struct spglist *free)
2915 rw_assert(&pvh_global_lock, RA_WLOCKED);
2916 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
2917 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2918 if ((pte = pmap_pte_quick(pmap, va)) == NULL || *pte == 0)
2920 pmap_remove_pte(pmap, pte, va, free);
2921 pmap_invalidate_page(pmap, va);
2925 * Remove the given range of addresses from the specified map.
2927 * It is assumed that the start and end are properly
2928 * rounded to the page size.
2931 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2936 struct spglist free;
2940 * Perform an unsynchronized read. This is, however, safe.
2942 if (pmap->pm_stats.resident_count == 0)
2948 rw_wlock(&pvh_global_lock);
2953 * special handling of removing one page. a very
2954 * common operation and easy to short circuit some
2957 if ((sva + PAGE_SIZE == eva) &&
2958 ((pmap->pm_pdir[(sva >> PDRSHIFT)] & PG_PS) == 0)) {
2959 pmap_remove_page(pmap, sva, &free);
2963 for (; sva < eva; sva = pdnxt) {
2967 * Calculate index for next page table.
2969 pdnxt = (sva + NBPDR) & ~PDRMASK;
2972 if (pmap->pm_stats.resident_count == 0)
2975 pdirindex = sva >> PDRSHIFT;
2976 ptpaddr = pmap->pm_pdir[pdirindex];
2979 * Weed out invalid mappings. Note: we assume that the page
2980 * directory table is always allocated, and in kernel virtual.
2986 * Check for large page.
2988 if ((ptpaddr & PG_PS) != 0) {
2990 * Are we removing the entire large page? If not,
2991 * demote the mapping and fall through.
2993 if (sva + NBPDR == pdnxt && eva >= pdnxt) {
2995 * The TLB entry for a PG_G mapping is
2996 * invalidated by pmap_remove_pde().
2998 if ((ptpaddr & PG_G) == 0)
3000 pmap_remove_pde(pmap,
3001 &pmap->pm_pdir[pdirindex], sva, &free);
3003 } else if (!pmap_demote_pde(pmap,
3004 &pmap->pm_pdir[pdirindex], sva)) {
3005 /* The large page mapping was destroyed. */
3011 * Limit our scan to either the end of the va represented
3012 * by the current page table page, or to the end of the
3013 * range being removed.
3018 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
3024 * The TLB entry for a PG_G mapping is invalidated
3025 * by pmap_remove_pte().
3027 if ((*pte & PG_G) == 0)
3029 if (pmap_remove_pte(pmap, pte, sva, &free))
3036 pmap_invalidate_all(pmap);
3037 rw_wunlock(&pvh_global_lock);
3039 pmap_free_zero_pages(&free);
3043 * Routine: pmap_remove_all
3045 * Removes this physical page from
3046 * all physical maps in which it resides.
3047 * Reflects back modify bits to the pager.
3050 * Original versions of this routine were very
3051 * inefficient because they iteratively called
3052 * pmap_remove (slow...)
3056 pmap_remove_all(vm_page_t m)
3058 struct md_page *pvh;
3061 pt_entry_t *pte, tpte;
3064 struct spglist free;
3066 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3067 ("pmap_remove_all: page %p is not managed", m));
3069 rw_wlock(&pvh_global_lock);
3071 if ((m->flags & PG_FICTITIOUS) != 0)
3072 goto small_mappings;
3073 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3074 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
3078 pde = pmap_pde(pmap, va);
3079 (void)pmap_demote_pde(pmap, pde, va);
3083 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3086 pmap->pm_stats.resident_count--;
3087 pde = pmap_pde(pmap, pv->pv_va);
3088 KASSERT((*pde & PG_PS) == 0, ("pmap_remove_all: found"
3089 " a 4mpage in page %p's pv list", m));
3090 pte = pmap_pte_quick(pmap, pv->pv_va);
3091 tpte = pte_load_clear(pte);
3092 KASSERT(tpte != 0, ("pmap_remove_all: pmap %p va %x zero pte",
3095 pmap->pm_stats.wired_count--;
3097 vm_page_aflag_set(m, PGA_REFERENCED);
3100 * Update the vm_page_t clean and reference bits.
3102 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
3104 pmap_unuse_pt(pmap, pv->pv_va, &free);
3105 pmap_invalidate_page(pmap, pv->pv_va);
3106 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3107 free_pv_entry(pmap, pv);
3110 vm_page_aflag_clear(m, PGA_WRITEABLE);
3112 rw_wunlock(&pvh_global_lock);
3113 pmap_free_zero_pages(&free);
3117 * pmap_protect_pde: do the things to protect a 4mpage in a process
3120 pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva, vm_prot_t prot)
3122 pd_entry_t newpde, oldpde;
3123 vm_offset_t eva, va;
3125 boolean_t anychanged;
3127 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3128 KASSERT((sva & PDRMASK) == 0,
3129 ("pmap_protect_pde: sva is not 4mpage aligned"));
3132 oldpde = newpde = *pde;
3133 if (oldpde & PG_MANAGED) {
3135 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
3136 va < eva; va += PAGE_SIZE, m++)
3137 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
3140 if ((prot & VM_PROT_WRITE) == 0)
3141 newpde &= ~(PG_RW | PG_M);
3143 if ((prot & VM_PROT_EXECUTE) == 0)
3146 if (newpde != oldpde) {
3147 if (!pde_cmpset(pde, oldpde, newpde))
3150 pmap_invalidate_page(pmap, sva);
3154 return (anychanged);
3158 * Set the physical protection on the
3159 * specified range of this map as requested.
3162 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3167 boolean_t anychanged, pv_lists_locked;
3169 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
3170 pmap_remove(pmap, sva, eva);
3175 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
3176 (VM_PROT_WRITE|VM_PROT_EXECUTE))
3179 if (prot & VM_PROT_WRITE)
3183 if (pmap_is_current(pmap))
3184 pv_lists_locked = FALSE;
3186 pv_lists_locked = TRUE;
3188 rw_wlock(&pvh_global_lock);
3194 for (; sva < eva; sva = pdnxt) {
3195 pt_entry_t obits, pbits;
3198 pdnxt = (sva + NBPDR) & ~PDRMASK;
3202 pdirindex = sva >> PDRSHIFT;
3203 ptpaddr = pmap->pm_pdir[pdirindex];
3206 * Weed out invalid mappings. Note: we assume that the page
3207 * directory table is always allocated, and in kernel virtual.
3213 * Check for large page.
3215 if ((ptpaddr & PG_PS) != 0) {
3217 * Are we protecting the entire large page? If not,
3218 * demote the mapping and fall through.
3220 if (sva + NBPDR == pdnxt && eva >= pdnxt) {
3222 * The TLB entry for a PG_G mapping is
3223 * invalidated by pmap_protect_pde().
3225 if (pmap_protect_pde(pmap,
3226 &pmap->pm_pdir[pdirindex], sva, prot))
3230 if (!pv_lists_locked) {
3231 pv_lists_locked = TRUE;
3232 if (!rw_try_wlock(&pvh_global_lock)) {
3234 pmap_invalidate_all(
3241 if (!pmap_demote_pde(pmap,
3242 &pmap->pm_pdir[pdirindex], sva)) {
3244 * The large page mapping was
3255 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
3261 * Regardless of whether a pte is 32 or 64 bits in
3262 * size, PG_RW, PG_A, and PG_M are among the least
3263 * significant 32 bits.
3265 obits = pbits = *pte;
3266 if ((pbits & PG_V) == 0)
3269 if ((prot & VM_PROT_WRITE) == 0) {
3270 if ((pbits & (PG_MANAGED | PG_M | PG_RW)) ==
3271 (PG_MANAGED | PG_M | PG_RW)) {
3272 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
3275 pbits &= ~(PG_RW | PG_M);
3278 if ((prot & VM_PROT_EXECUTE) == 0)
3282 if (pbits != obits) {
3284 if (!atomic_cmpset_64(pte, obits, pbits))
3287 if (!atomic_cmpset_int((u_int *)pte, obits,
3292 pmap_invalidate_page(pmap, sva);
3299 pmap_invalidate_all(pmap);
3300 if (pv_lists_locked) {
3302 rw_wunlock(&pvh_global_lock);
3308 * Tries to promote the 512 or 1024, contiguous 4KB page mappings that are
3309 * within a single page table page (PTP) to a single 2- or 4MB page mapping.
3310 * For promotion to occur, two conditions must be met: (1) the 4KB page
3311 * mappings must map aligned, contiguous physical memory and (2) the 4KB page
3312 * mappings must have identical characteristics.
3314 * Managed (PG_MANAGED) mappings within the kernel address space are not
3315 * promoted. The reason is that kernel PDEs are replicated in each pmap but
3316 * pmap_clear_ptes() and pmap_ts_referenced() only read the PDE from the kernel
3320 pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
3323 pt_entry_t *firstpte, oldpte, pa, *pte;
3324 vm_offset_t oldpteva;
3327 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3330 * Examine the first PTE in the specified PTP. Abort if this PTE is
3331 * either invalid, unused, or does not map the first 4KB physical page
3332 * within a 2- or 4MB page.
3334 firstpte = pmap_pte_quick(pmap, trunc_4mpage(va));
3337 if ((newpde & ((PG_FRAME & PDRMASK) | PG_A | PG_V)) != (PG_A | PG_V)) {
3338 pmap_pde_p_failures++;
3339 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3340 " in pmap %p", va, pmap);
3343 if ((*firstpte & PG_MANAGED) != 0 && pmap == kernel_pmap) {
3344 pmap_pde_p_failures++;
3345 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3346 " in pmap %p", va, pmap);
3349 if ((newpde & (PG_M | PG_RW)) == PG_RW) {
3351 * When PG_M is already clear, PG_RW can be cleared without
3352 * a TLB invalidation.
3354 if (!atomic_cmpset_int((u_int *)firstpte, newpde, newpde &
3361 * Examine each of the other PTEs in the specified PTP. Abort if this
3362 * PTE maps an unexpected 4KB physical page or does not have identical
3363 * characteristics to the first PTE.
3365 pa = (newpde & (PG_PS_FRAME | PG_A | PG_V)) + NBPDR - PAGE_SIZE;
3366 for (pte = firstpte + NPTEPG - 1; pte > firstpte; pte--) {
3369 if ((oldpte & (PG_FRAME | PG_A | PG_V)) != pa) {
3370 pmap_pde_p_failures++;
3371 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3372 " in pmap %p", va, pmap);
3375 if ((oldpte & (PG_M | PG_RW)) == PG_RW) {
3377 * When PG_M is already clear, PG_RW can be cleared
3378 * without a TLB invalidation.
3380 if (!atomic_cmpset_int((u_int *)pte, oldpte,
3384 oldpteva = (oldpte & PG_FRAME & PDRMASK) |
3386 CTR2(KTR_PMAP, "pmap_promote_pde: protect for va %#x"
3387 " in pmap %p", oldpteva, pmap);
3389 if ((oldpte & PG_PTE_PROMOTE) != (newpde & PG_PTE_PROMOTE)) {
3390 pmap_pde_p_failures++;
3391 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3392 " in pmap %p", va, pmap);
3399 * Save the page table page in its current state until the PDE
3400 * mapping the superpage is demoted by pmap_demote_pde() or
3401 * destroyed by pmap_remove_pde().
3403 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
3404 KASSERT(mpte >= vm_page_array &&
3405 mpte < &vm_page_array[vm_page_array_size],
3406 ("pmap_promote_pde: page table page is out of range"));
3407 KASSERT(mpte->pindex == va >> PDRSHIFT,
3408 ("pmap_promote_pde: page table page's pindex is wrong"));
3409 if (pmap_insert_pt_page(pmap, mpte)) {
3410 pmap_pde_p_failures++;
3412 "pmap_promote_pde: failure for va %#x in pmap %p", va,
3418 * Promote the pv entries.
3420 if ((newpde & PG_MANAGED) != 0)
3421 pmap_pv_promote_pde(pmap, va, newpde & PG_PS_FRAME);
3424 * Propagate the PAT index to its proper position.
3426 if ((newpde & PG_PTE_PAT) != 0)
3427 newpde ^= PG_PDE_PAT | PG_PTE_PAT;
3430 * Map the superpage.
3432 if (workaround_erratum383)
3433 pmap_update_pde(pmap, va, pde, PG_PS | newpde);
3434 else if (pmap == kernel_pmap)
3435 pmap_kenter_pde(va, PG_PS | newpde);
3437 pde_store(pde, PG_PS | newpde);
3439 pmap_pde_promotions++;
3440 CTR2(KTR_PMAP, "pmap_promote_pde: success for va %#x"
3441 " in pmap %p", va, pmap);
3445 * Insert the given physical page (p) at
3446 * the specified virtual address (v) in the
3447 * target physical map with the protection requested.
3449 * If specified, the page will be wired down, meaning
3450 * that the related pte can not be reclaimed.
3452 * NB: This is the only routine which MAY NOT lazy-evaluate
3453 * or lose information. That is, this routine must actually
3454 * insert this page into the given map NOW.
3457 pmap_enter(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m,
3458 vm_prot_t prot, boolean_t wired)
3462 pt_entry_t newpte, origpte;
3468 va = trunc_page(va);
3469 KASSERT(va <= VM_MAX_KERNEL_ADDRESS, ("pmap_enter: toobig"));
3470 KASSERT(va < UPT_MIN_ADDRESS || va >= UPT_MAX_ADDRESS,
3471 ("pmap_enter: invalid to pmap_enter page table pages (va: 0x%x)",
3473 if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
3474 VM_OBJECT_ASSERT_WLOCKED(m->object);
3478 rw_wlock(&pvh_global_lock);
3483 * In the case that a page table page is not
3484 * resident, we are creating it here.
3486 if (va < VM_MAXUSER_ADDRESS) {
3487 mpte = pmap_allocpte(pmap, va, M_WAITOK);
3490 pde = pmap_pde(pmap, va);
3491 if ((*pde & PG_PS) != 0)
3492 panic("pmap_enter: attempted pmap_enter on 4MB page");
3493 pte = pmap_pte_quick(pmap, va);
3496 * Page Directory table entry not valid, we need a new PT page
3499 panic("pmap_enter: invalid page directory pdir=%#jx, va=%#x",
3500 (uintmax_t)pmap->pm_pdir[PTDPTDI], va);
3503 pa = VM_PAGE_TO_PHYS(m);
3506 opa = origpte & PG_FRAME;
3509 * Mapping has not changed, must be protection or wiring change.
3511 if (origpte && (opa == pa)) {
3513 * Wiring change, just update stats. We don't worry about
3514 * wiring PT pages as they remain resident as long as there
3515 * are valid mappings in them. Hence, if a user page is wired,
3516 * the PT page will be also.
3518 if (wired && ((origpte & PG_W) == 0))
3519 pmap->pm_stats.wired_count++;
3520 else if (!wired && (origpte & PG_W))
3521 pmap->pm_stats.wired_count--;
3524 * Remove extra pte reference
3529 if (origpte & PG_MANAGED) {
3539 * Mapping has changed, invalidate old range and fall through to
3540 * handle validating new mapping.
3544 pmap->pm_stats.wired_count--;
3545 if (origpte & PG_MANAGED) {
3546 om = PHYS_TO_VM_PAGE(opa);
3547 pv = pmap_pvh_remove(&om->md, pmap, va);
3551 KASSERT(mpte->wire_count > 0,
3552 ("pmap_enter: missing reference to page table page,"
3556 pmap->pm_stats.resident_count++;
3559 * Enter on the PV list if part of our managed memory.
3561 if ((m->oflags & VPO_UNMANAGED) == 0) {
3562 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
3563 ("pmap_enter: managed mapping within the clean submap"));
3565 pv = get_pv_entry(pmap, FALSE);
3567 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3569 } else if (pv != NULL)
3570 free_pv_entry(pmap, pv);
3573 * Increment counters
3576 pmap->pm_stats.wired_count++;
3580 * Now validate mapping with desired protection/wiring.
3582 newpte = (pt_entry_t)(pa | pmap_cache_bits(m->md.pat_mode, 0) | PG_V);
3583 if ((prot & VM_PROT_WRITE) != 0) {
3585 if ((newpte & PG_MANAGED) != 0)
3586 vm_page_aflag_set(m, PGA_WRITEABLE);
3589 if ((prot & VM_PROT_EXECUTE) == 0)
3594 if (va < VM_MAXUSER_ADDRESS)
3596 if (pmap == kernel_pmap)
3600 * if the mapping or permission bits are different, we need
3601 * to update the pte.
3603 if ((origpte & ~(PG_M|PG_A)) != newpte) {
3605 if ((access & VM_PROT_WRITE) != 0)
3607 if (origpte & PG_V) {
3609 origpte = pte_load_store(pte, newpte);
3610 if (origpte & PG_A) {
3611 if (origpte & PG_MANAGED)
3612 vm_page_aflag_set(om, PGA_REFERENCED);
3613 if (opa != VM_PAGE_TO_PHYS(m))
3616 if ((origpte & PG_NX) == 0 &&
3617 (newpte & PG_NX) != 0)
3621 if ((origpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
3622 if ((origpte & PG_MANAGED) != 0)
3624 if ((prot & VM_PROT_WRITE) == 0)
3627 if ((origpte & PG_MANAGED) != 0 &&
3628 TAILQ_EMPTY(&om->md.pv_list) &&
3629 ((om->flags & PG_FICTITIOUS) != 0 ||
3630 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3631 vm_page_aflag_clear(om, PGA_WRITEABLE);
3633 pmap_invalidate_page(pmap, va);
3635 pte_store(pte, newpte);
3639 * If both the page table page and the reservation are fully
3640 * populated, then attempt promotion.
3642 if ((mpte == NULL || mpte->wire_count == NPTEPG) &&
3643 pg_ps_enabled && (m->flags & PG_FICTITIOUS) == 0 &&
3644 vm_reserv_level_iffullpop(m) == 0)
3645 pmap_promote_pde(pmap, pde, va);
3648 rw_wunlock(&pvh_global_lock);
3653 * Tries to create a 2- or 4MB page mapping. Returns TRUE if successful and
3654 * FALSE otherwise. Fails if (1) a page table page cannot be allocated without
3655 * blocking, (2) a mapping already exists at the specified virtual address, or
3656 * (3) a pv entry cannot be allocated without reclaiming another pv entry.
3659 pmap_enter_pde(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3661 pd_entry_t *pde, newpde;
3663 rw_assert(&pvh_global_lock, RA_WLOCKED);
3664 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3665 pde = pmap_pde(pmap, va);
3667 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3668 " in pmap %p", va, pmap);
3671 newpde = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 1) |
3673 if ((m->oflags & VPO_UNMANAGED) == 0) {
3674 newpde |= PG_MANAGED;
3677 * Abort this mapping if its PV entry could not be created.
3679 if (!pmap_pv_insert_pde(pmap, va, VM_PAGE_TO_PHYS(m))) {
3680 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3681 " in pmap %p", va, pmap);
3686 if ((prot & VM_PROT_EXECUTE) == 0)
3689 if (va < VM_MAXUSER_ADDRESS)
3693 * Increment counters.
3695 pmap->pm_stats.resident_count += NBPDR / PAGE_SIZE;
3698 * Map the superpage.
3700 pde_store(pde, newpde);
3702 pmap_pde_mappings++;
3703 CTR2(KTR_PMAP, "pmap_enter_pde: success for va %#lx"
3704 " in pmap %p", va, pmap);
3709 * Maps a sequence of resident pages belonging to the same object.
3710 * The sequence begins with the given page m_start. This page is
3711 * mapped at the given virtual address start. Each subsequent page is
3712 * mapped at a virtual address that is offset from start by the same
3713 * amount as the page is offset from m_start within the object. The
3714 * last page in the sequence is the page with the largest offset from
3715 * m_start that can be mapped at a virtual address less than the given
3716 * virtual address end. Not every virtual page between start and end
3717 * is mapped; only those for which a resident page exists with the
3718 * corresponding offset from m_start are mapped.
3721 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3722 vm_page_t m_start, vm_prot_t prot)
3726 vm_pindex_t diff, psize;
3728 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3730 psize = atop(end - start);
3733 rw_wlock(&pvh_global_lock);
3735 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3736 va = start + ptoa(diff);
3737 if ((va & PDRMASK) == 0 && va + NBPDR <= end &&
3738 (VM_PAGE_TO_PHYS(m) & PDRMASK) == 0 &&
3739 pg_ps_enabled && vm_reserv_level_iffullpop(m) == 0 &&
3740 pmap_enter_pde(pmap, va, m, prot))
3741 m = &m[NBPDR / PAGE_SIZE - 1];
3743 mpte = pmap_enter_quick_locked(pmap, va, m, prot,
3745 m = TAILQ_NEXT(m, listq);
3747 rw_wunlock(&pvh_global_lock);
3752 * this code makes some *MAJOR* assumptions:
3753 * 1. Current pmap & pmap exists.
3756 * 4. No page table pages.
3757 * but is *MUCH* faster than pmap_enter...
3761 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3764 rw_wlock(&pvh_global_lock);
3766 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL);
3767 rw_wunlock(&pvh_global_lock);
3772 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3773 vm_prot_t prot, vm_page_t mpte)
3777 struct spglist free;
3779 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3780 (m->oflags & VPO_UNMANAGED) != 0,
3781 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3782 rw_assert(&pvh_global_lock, RA_WLOCKED);
3783 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3786 * In the case that a page table page is not
3787 * resident, we are creating it here.
3789 if (va < VM_MAXUSER_ADDRESS) {
3794 * Calculate pagetable page index
3796 ptepindex = va >> PDRSHIFT;
3797 if (mpte && (mpte->pindex == ptepindex)) {
3801 * Get the page directory entry
3803 ptepa = pmap->pm_pdir[ptepindex];
3806 * If the page table page is mapped, we just increment
3807 * the hold count, and activate it.
3812 mpte = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
3815 mpte = _pmap_allocpte(pmap, ptepindex,
3826 * This call to vtopte makes the assumption that we are
3827 * entering the page into the current pmap. In order to support
3828 * quick entry into any pmap, one would likely use pmap_pte_quick.
3829 * But that isn't as quick as vtopte.
3841 * Enter on the PV list if part of our managed memory.
3843 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3844 !pmap_try_insert_pv_entry(pmap, va, m)) {
3847 if (pmap_unwire_ptp(pmap, mpte, &free)) {
3848 pmap_invalidate_page(pmap, va);
3849 pmap_free_zero_pages(&free);
3858 * Increment counters
3860 pmap->pm_stats.resident_count++;
3862 pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 0);
3864 if ((prot & VM_PROT_EXECUTE) == 0)
3869 * Now validate mapping with RO protection
3871 if ((m->oflags & VPO_UNMANAGED) != 0)
3872 pte_store(pte, pa | PG_V | PG_U);
3874 pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
3879 * Make a temporary mapping for a physical address. This is only intended
3880 * to be used for panic dumps.
3883 pmap_kenter_temporary(vm_paddr_t pa, int i)
3887 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
3888 pmap_kenter(va, pa);
3890 return ((void *)crashdumpmap);
3894 * This code maps large physical mmap regions into the
3895 * processor address space. Note that some shortcuts
3896 * are taken, but the code works.
3899 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3900 vm_pindex_t pindex, vm_size_t size)
3903 vm_paddr_t pa, ptepa;
3907 VM_OBJECT_ASSERT_WLOCKED(object);
3908 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3909 ("pmap_object_init_pt: non-device object"));
3911 (addr & (NBPDR - 1)) == 0 && (size & (NBPDR - 1)) == 0) {
3912 if (!vm_object_populate(object, pindex, pindex + atop(size)))
3914 p = vm_page_lookup(object, pindex);
3915 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3916 ("pmap_object_init_pt: invalid page %p", p));
3917 pat_mode = p->md.pat_mode;
3920 * Abort the mapping if the first page is not physically
3921 * aligned to a 2/4MB page boundary.
3923 ptepa = VM_PAGE_TO_PHYS(p);
3924 if (ptepa & (NBPDR - 1))
3928 * Skip the first page. Abort the mapping if the rest of
3929 * the pages are not physically contiguous or have differing
3930 * memory attributes.
3932 p = TAILQ_NEXT(p, listq);
3933 for (pa = ptepa + PAGE_SIZE; pa < ptepa + size;
3935 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3936 ("pmap_object_init_pt: invalid page %p", p));
3937 if (pa != VM_PAGE_TO_PHYS(p) ||
3938 pat_mode != p->md.pat_mode)
3940 p = TAILQ_NEXT(p, listq);
3944 * Map using 2/4MB pages. Since "ptepa" is 2/4M aligned and
3945 * "size" is a multiple of 2/4M, adding the PAT setting to
3946 * "pa" will not affect the termination of this loop.
3949 for (pa = ptepa | pmap_cache_bits(pat_mode, 1); pa < ptepa +
3950 size; pa += NBPDR) {
3951 pde = pmap_pde(pmap, addr);
3953 pde_store(pde, pa | PG_PS | PG_M | PG_A |
3954 PG_U | PG_RW | PG_V);
3955 pmap->pm_stats.resident_count += NBPDR /
3957 pmap_pde_mappings++;
3959 /* Else continue on if the PDE is already valid. */
3967 * Routine: pmap_change_wiring
3968 * Function: Change the wiring attribute for a map/virtual-address
3970 * In/out conditions:
3971 * The mapping must already exist in the pmap.
3974 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
3978 boolean_t are_queues_locked;
3980 are_queues_locked = FALSE;
3983 pde = pmap_pde(pmap, va);
3984 if ((*pde & PG_PS) != 0) {
3985 if (!wired != ((*pde & PG_W) == 0)) {
3986 if (!are_queues_locked) {
3987 are_queues_locked = TRUE;
3988 if (!rw_try_wlock(&pvh_global_lock)) {
3990 rw_wlock(&pvh_global_lock);
3994 if (!pmap_demote_pde(pmap, pde, va))
3995 panic("pmap_change_wiring: demotion failed");
3999 pte = pmap_pte(pmap, va);
4001 if (wired && !pmap_pte_w(pte))
4002 pmap->pm_stats.wired_count++;
4003 else if (!wired && pmap_pte_w(pte))
4004 pmap->pm_stats.wired_count--;
4007 * Wiring is not a hardware characteristic so there is no need to
4010 pmap_pte_set_w(pte, wired);
4011 pmap_pte_release(pte);
4013 if (are_queues_locked)
4014 rw_wunlock(&pvh_global_lock);
4021 * Copy the range specified by src_addr/len
4022 * from the source map to the range dst_addr/len
4023 * in the destination map.
4025 * This routine is only advisory and need not do anything.
4029 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
4030 vm_offset_t src_addr)
4032 struct spglist free;
4034 vm_offset_t end_addr = src_addr + len;
4037 if (dst_addr != src_addr)
4040 if (!pmap_is_current(src_pmap))
4043 rw_wlock(&pvh_global_lock);
4044 if (dst_pmap < src_pmap) {
4045 PMAP_LOCK(dst_pmap);
4046 PMAP_LOCK(src_pmap);
4048 PMAP_LOCK(src_pmap);
4049 PMAP_LOCK(dst_pmap);
4052 for (addr = src_addr; addr < end_addr; addr = pdnxt) {
4053 pt_entry_t *src_pte, *dst_pte;
4054 vm_page_t dstmpte, srcmpte;
4055 pd_entry_t srcptepaddr;
4058 KASSERT(addr < UPT_MIN_ADDRESS,
4059 ("pmap_copy: invalid to pmap_copy page tables"));
4061 pdnxt = (addr + NBPDR) & ~PDRMASK;
4064 ptepindex = addr >> PDRSHIFT;
4066 srcptepaddr = src_pmap->pm_pdir[ptepindex];
4067 if (srcptepaddr == 0)
4070 if (srcptepaddr & PG_PS) {
4071 if ((addr & PDRMASK) != 0 || addr + NBPDR > end_addr)
4073 if (dst_pmap->pm_pdir[ptepindex] == 0 &&
4074 ((srcptepaddr & PG_MANAGED) == 0 ||
4075 pmap_pv_insert_pde(dst_pmap, addr, srcptepaddr &
4077 dst_pmap->pm_pdir[ptepindex] = srcptepaddr &
4079 dst_pmap->pm_stats.resident_count +=
4085 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
4086 KASSERT(srcmpte->wire_count > 0,
4087 ("pmap_copy: source page table page is unused"));
4089 if (pdnxt > end_addr)
4092 src_pte = vtopte(addr);
4093 while (addr < pdnxt) {
4097 * we only virtual copy managed pages
4099 if ((ptetemp & PG_MANAGED) != 0) {
4100 dstmpte = pmap_allocpte(dst_pmap, addr,
4102 if (dstmpte == NULL)
4104 dst_pte = pmap_pte_quick(dst_pmap, addr);
4105 if (*dst_pte == 0 &&
4106 pmap_try_insert_pv_entry(dst_pmap, addr,
4107 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME))) {
4109 * Clear the wired, modified, and
4110 * accessed (referenced) bits
4113 *dst_pte = ptetemp & ~(PG_W | PG_M |
4115 dst_pmap->pm_stats.resident_count++;
4118 if (pmap_unwire_ptp(dst_pmap, dstmpte,
4120 pmap_invalidate_page(dst_pmap,
4122 pmap_free_zero_pages(&free);
4126 if (dstmpte->wire_count >= srcmpte->wire_count)
4135 rw_wunlock(&pvh_global_lock);
4136 PMAP_UNLOCK(src_pmap);
4137 PMAP_UNLOCK(dst_pmap);
4140 static __inline void
4141 pagezero(void *page)
4143 #if defined(I686_CPU)
4144 if (cpu_class == CPUCLASS_686) {
4145 #if defined(CPU_ENABLE_SSE)
4146 if (cpu_feature & CPUID_SSE2)
4147 sse2_pagezero(page);
4150 i686_pagezero(page);
4153 bzero(page, PAGE_SIZE);
4157 * pmap_zero_page zeros the specified hardware page by mapping
4158 * the page into KVM and using bzero to clear its contents.
4161 pmap_zero_page(vm_page_t m)
4163 struct sysmaps *sysmaps;
4165 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4166 mtx_lock(&sysmaps->lock);
4167 if (*sysmaps->CMAP2)
4168 panic("pmap_zero_page: CMAP2 busy");
4170 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4171 pmap_cache_bits(m->md.pat_mode, 0);
4172 invlcaddr(sysmaps->CADDR2);
4173 pagezero(sysmaps->CADDR2);
4174 *sysmaps->CMAP2 = 0;
4176 mtx_unlock(&sysmaps->lock);
4180 * pmap_zero_page_area zeros the specified hardware page by mapping
4181 * the page into KVM and using bzero to clear its contents.
4183 * off and size may not cover an area beyond a single hardware page.
4186 pmap_zero_page_area(vm_page_t m, int off, int size)
4188 struct sysmaps *sysmaps;
4190 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4191 mtx_lock(&sysmaps->lock);
4192 if (*sysmaps->CMAP2)
4193 panic("pmap_zero_page_area: CMAP2 busy");
4195 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4196 pmap_cache_bits(m->md.pat_mode, 0);
4197 invlcaddr(sysmaps->CADDR2);
4198 if (off == 0 && size == PAGE_SIZE)
4199 pagezero(sysmaps->CADDR2);
4201 bzero((char *)sysmaps->CADDR2 + off, size);
4202 *sysmaps->CMAP2 = 0;
4204 mtx_unlock(&sysmaps->lock);
4208 * pmap_zero_page_idle zeros the specified hardware page by mapping
4209 * the page into KVM and using bzero to clear its contents. This
4210 * is intended to be called from the vm_pagezero process only and
4214 pmap_zero_page_idle(vm_page_t m)
4218 panic("pmap_zero_page_idle: CMAP3 busy");
4220 *CMAP3 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4221 pmap_cache_bits(m->md.pat_mode, 0);
4229 * pmap_copy_page copies the specified (machine independent)
4230 * page by mapping the page into virtual memory and using
4231 * bcopy to copy the page, one machine dependent page at a
4235 pmap_copy_page(vm_page_t src, vm_page_t dst)
4237 struct sysmaps *sysmaps;
4239 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4240 mtx_lock(&sysmaps->lock);
4241 if (*sysmaps->CMAP1)
4242 panic("pmap_copy_page: CMAP1 busy");
4243 if (*sysmaps->CMAP2)
4244 panic("pmap_copy_page: CMAP2 busy");
4246 invlpg((u_int)sysmaps->CADDR1);
4247 invlpg((u_int)sysmaps->CADDR2);
4248 *sysmaps->CMAP1 = PG_V | VM_PAGE_TO_PHYS(src) | PG_A |
4249 pmap_cache_bits(src->md.pat_mode, 0);
4250 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(dst) | PG_A | PG_M |
4251 pmap_cache_bits(dst->md.pat_mode, 0);
4252 bcopy(sysmaps->CADDR1, sysmaps->CADDR2, PAGE_SIZE);
4253 *sysmaps->CMAP1 = 0;
4254 *sysmaps->CMAP2 = 0;
4256 mtx_unlock(&sysmaps->lock);
4259 int unmapped_buf_allowed = 1;
4262 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
4263 vm_offset_t b_offset, int xfersize)
4265 struct sysmaps *sysmaps;
4266 vm_page_t a_pg, b_pg;
4268 vm_offset_t a_pg_offset, b_pg_offset;
4271 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4272 mtx_lock(&sysmaps->lock);
4273 if (*sysmaps->CMAP1 != 0)
4274 panic("pmap_copy_pages: CMAP1 busy");
4275 if (*sysmaps->CMAP2 != 0)
4276 panic("pmap_copy_pages: CMAP2 busy");
4278 while (xfersize > 0) {
4279 invlpg((u_int)sysmaps->CADDR1);
4280 invlpg((u_int)sysmaps->CADDR2);
4281 a_pg = ma[a_offset >> PAGE_SHIFT];
4282 a_pg_offset = a_offset & PAGE_MASK;
4283 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
4284 b_pg = mb[b_offset >> PAGE_SHIFT];
4285 b_pg_offset = b_offset & PAGE_MASK;
4286 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
4287 *sysmaps->CMAP1 = PG_V | VM_PAGE_TO_PHYS(a_pg) | PG_A |
4288 pmap_cache_bits(b_pg->md.pat_mode, 0);
4289 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(b_pg) | PG_A |
4290 PG_M | pmap_cache_bits(b_pg->md.pat_mode, 0);
4291 a_cp = sysmaps->CADDR1 + a_pg_offset;
4292 b_cp = sysmaps->CADDR2 + b_pg_offset;
4293 bcopy(a_cp, b_cp, cnt);
4298 *sysmaps->CMAP1 = 0;
4299 *sysmaps->CMAP2 = 0;
4301 mtx_unlock(&sysmaps->lock);
4305 * Returns true if the pmap's pv is one of the first
4306 * 16 pvs linked to from this page. This count may
4307 * be changed upwards or downwards in the future; it
4308 * is only necessary that true be returned for a small
4309 * subset of pmaps for proper page aging.
4312 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4314 struct md_page *pvh;
4319 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4320 ("pmap_page_exists_quick: page %p is not managed", m));
4322 rw_wlock(&pvh_global_lock);
4323 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4324 if (PV_PMAP(pv) == pmap) {
4332 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4333 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4334 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4335 if (PV_PMAP(pv) == pmap) {
4344 rw_wunlock(&pvh_global_lock);
4349 * pmap_page_wired_mappings:
4351 * Return the number of managed mappings to the given physical page
4355 pmap_page_wired_mappings(vm_page_t m)
4360 if ((m->oflags & VPO_UNMANAGED) != 0)
4362 rw_wlock(&pvh_global_lock);
4363 count = pmap_pvh_wired_mappings(&m->md, count);
4364 if ((m->flags & PG_FICTITIOUS) == 0) {
4365 count = pmap_pvh_wired_mappings(pa_to_pvh(VM_PAGE_TO_PHYS(m)),
4368 rw_wunlock(&pvh_global_lock);
4373 * pmap_pvh_wired_mappings:
4375 * Return the updated number "count" of managed mappings that are wired.
4378 pmap_pvh_wired_mappings(struct md_page *pvh, int count)
4384 rw_assert(&pvh_global_lock, RA_WLOCKED);
4386 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4389 pte = pmap_pte_quick(pmap, pv->pv_va);
4390 if ((*pte & PG_W) != 0)
4399 * Returns TRUE if the given page is mapped individually or as part of
4400 * a 4mpage. Otherwise, returns FALSE.
4403 pmap_page_is_mapped(vm_page_t m)
4407 if ((m->oflags & VPO_UNMANAGED) != 0)
4409 rw_wlock(&pvh_global_lock);
4410 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
4411 ((m->flags & PG_FICTITIOUS) == 0 &&
4412 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
4413 rw_wunlock(&pvh_global_lock);
4418 * Remove all pages from specified address space
4419 * this aids process exit speeds. Also, this code
4420 * is special cased for current process only, but
4421 * can have the more generic (and slightly slower)
4422 * mode enabled. This is much faster than pmap_remove
4423 * in the case of running down an entire address space.
4426 pmap_remove_pages(pmap_t pmap)
4428 pt_entry_t *pte, tpte;
4429 vm_page_t m, mpte, mt;
4431 struct md_page *pvh;
4432 struct pv_chunk *pc, *npc;
4433 struct spglist free;
4436 uint32_t inuse, bitmask;
4439 if (pmap != PCPU_GET(curpmap)) {
4440 printf("warning: pmap_remove_pages called with non-current pmap\n");
4444 rw_wlock(&pvh_global_lock);
4447 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
4448 KASSERT(pc->pc_pmap == pmap, ("Wrong pmap %p %p", pmap,
4451 for (field = 0; field < _NPCM; field++) {
4452 inuse = ~pc->pc_map[field] & pc_freemask[field];
4453 while (inuse != 0) {
4455 bitmask = 1UL << bit;
4456 idx = field * 32 + bit;
4457 pv = &pc->pc_pventry[idx];
4460 pte = pmap_pde(pmap, pv->pv_va);
4462 if ((tpte & PG_PS) == 0) {
4463 pte = vtopte(pv->pv_va);
4464 tpte = *pte & ~PG_PTE_PAT;
4469 "TPTE at %p IS ZERO @ VA %08x\n",
4475 * We cannot remove wired pages from a process' mapping at this time
4482 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
4483 KASSERT(m->phys_addr == (tpte & PG_FRAME),
4484 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
4485 m, (uintmax_t)m->phys_addr,
4488 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4489 m < &vm_page_array[vm_page_array_size],
4490 ("pmap_remove_pages: bad tpte %#jx",
4496 * Update the vm_page_t clean/reference bits.
4498 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
4499 if ((tpte & PG_PS) != 0) {
4500 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
4507 PV_STAT(pv_entry_frees++);
4508 PV_STAT(pv_entry_spare++);
4510 pc->pc_map[field] |= bitmask;
4511 if ((tpte & PG_PS) != 0) {
4512 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
4513 pvh = pa_to_pvh(tpte & PG_PS_FRAME);
4514 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4515 if (TAILQ_EMPTY(&pvh->pv_list)) {
4516 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
4517 if (TAILQ_EMPTY(&mt->md.pv_list))
4518 vm_page_aflag_clear(mt, PGA_WRITEABLE);
4520 mpte = pmap_lookup_pt_page(pmap, pv->pv_va);
4522 pmap_remove_pt_page(pmap, mpte);
4523 pmap->pm_stats.resident_count--;
4524 KASSERT(mpte->wire_count == NPTEPG,
4525 ("pmap_remove_pages: pte page wire count error"));
4526 mpte->wire_count = 0;
4527 pmap_add_delayed_free_list(mpte, &free, FALSE);
4528 atomic_subtract_int(&cnt.v_wire_count, 1);
4531 pmap->pm_stats.resident_count--;
4532 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4533 if (TAILQ_EMPTY(&m->md.pv_list) &&
4534 (m->flags & PG_FICTITIOUS) == 0) {
4535 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4536 if (TAILQ_EMPTY(&pvh->pv_list))
4537 vm_page_aflag_clear(m, PGA_WRITEABLE);
4539 pmap_unuse_pt(pmap, pv->pv_va, &free);
4544 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4549 pmap_invalidate_all(pmap);
4550 rw_wunlock(&pvh_global_lock);
4552 pmap_free_zero_pages(&free);
4558 * Return whether or not the specified physical page was modified
4559 * in any physical maps.
4562 pmap_is_modified(vm_page_t m)
4566 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4567 ("pmap_is_modified: page %p is not managed", m));
4570 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
4571 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
4572 * is clear, no PTEs can have PG_M set.
4574 VM_OBJECT_ASSERT_WLOCKED(m->object);
4575 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
4577 rw_wlock(&pvh_global_lock);
4578 rv = pmap_is_modified_pvh(&m->md) ||
4579 ((m->flags & PG_FICTITIOUS) == 0 &&
4580 pmap_is_modified_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4581 rw_wunlock(&pvh_global_lock);
4586 * Returns TRUE if any of the given mappings were used to modify
4587 * physical memory. Otherwise, returns FALSE. Both page and 2mpage
4588 * mappings are supported.
4591 pmap_is_modified_pvh(struct md_page *pvh)
4598 rw_assert(&pvh_global_lock, RA_WLOCKED);
4601 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4604 pte = pmap_pte_quick(pmap, pv->pv_va);
4605 rv = (*pte & (PG_M | PG_RW)) == (PG_M | PG_RW);
4615 * pmap_is_prefaultable:
4617 * Return whether or not the specified virtual address is elgible
4621 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
4629 pde = pmap_pde(pmap, addr);
4630 if (*pde != 0 && (*pde & PG_PS) == 0) {
4639 * pmap_is_referenced:
4641 * Return whether or not the specified physical page was referenced
4642 * in any physical maps.
4645 pmap_is_referenced(vm_page_t m)
4649 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4650 ("pmap_is_referenced: page %p is not managed", m));
4651 rw_wlock(&pvh_global_lock);
4652 rv = pmap_is_referenced_pvh(&m->md) ||
4653 ((m->flags & PG_FICTITIOUS) == 0 &&
4654 pmap_is_referenced_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4655 rw_wunlock(&pvh_global_lock);
4660 * Returns TRUE if any of the given mappings were referenced and FALSE
4661 * otherwise. Both page and 4mpage mappings are supported.
4664 pmap_is_referenced_pvh(struct md_page *pvh)
4671 rw_assert(&pvh_global_lock, RA_WLOCKED);
4674 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4677 pte = pmap_pte_quick(pmap, pv->pv_va);
4678 rv = (*pte & (PG_A | PG_V)) == (PG_A | PG_V);
4688 * Clear the write and modified bits in each of the given page's mappings.
4691 pmap_remove_write(vm_page_t m)
4693 struct md_page *pvh;
4694 pv_entry_t next_pv, pv;
4697 pt_entry_t oldpte, *pte;
4700 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4701 ("pmap_remove_write: page %p is not managed", m));
4704 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
4705 * set by another thread while the object is locked. Thus,
4706 * if PGA_WRITEABLE is clear, no page table entries need updating.
4708 VM_OBJECT_ASSERT_WLOCKED(m->object);
4709 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0)
4711 rw_wlock(&pvh_global_lock);
4713 if ((m->flags & PG_FICTITIOUS) != 0)
4714 goto small_mappings;
4715 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4716 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
4720 pde = pmap_pde(pmap, va);
4721 if ((*pde & PG_RW) != 0)
4722 (void)pmap_demote_pde(pmap, pde, va);
4726 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4729 pde = pmap_pde(pmap, pv->pv_va);
4730 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_write: found"
4731 " a 4mpage in page %p's pv list", m));
4732 pte = pmap_pte_quick(pmap, pv->pv_va);
4735 if ((oldpte & PG_RW) != 0) {
4737 * Regardless of whether a pte is 32 or 64 bits
4738 * in size, PG_RW and PG_M are among the least
4739 * significant 32 bits.
4741 if (!atomic_cmpset_int((u_int *)pte, oldpte,
4742 oldpte & ~(PG_RW | PG_M)))
4744 if ((oldpte & PG_M) != 0)
4746 pmap_invalidate_page(pmap, pv->pv_va);
4750 vm_page_aflag_clear(m, PGA_WRITEABLE);
4752 rw_wunlock(&pvh_global_lock);
4755 #define PMAP_TS_REFERENCED_MAX 5
4758 * pmap_ts_referenced:
4760 * Return a count of reference bits for a page, clearing those bits.
4761 * It is not necessary for every reference bit to be cleared, but it
4762 * is necessary that 0 only be returned when there are truly no
4763 * reference bits set.
4765 * XXX: The exact number of bits to check and clear is a matter that
4766 * should be tested and standardized at some point in the future for
4767 * optimal aging of shared pages.
4770 pmap_ts_referenced(vm_page_t m)
4772 struct md_page *pvh;
4780 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4781 ("pmap_ts_referenced: page %p is not managed", m));
4782 pa = VM_PAGE_TO_PHYS(m);
4783 pvh = pa_to_pvh(pa);
4784 rw_wlock(&pvh_global_lock);
4786 if ((m->flags & PG_FICTITIOUS) != 0 ||
4787 (pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
4788 goto small_mappings;
4793 pde = pmap_pde(pmap, pv->pv_va);
4794 if ((*pde & PG_A) != 0) {
4796 * Since this reference bit is shared by either 1024
4797 * or 512 4KB pages, it should not be cleared every
4798 * time it is tested. Apply a simple "hash" function
4799 * on the physical page number, the virtual superpage
4800 * number, and the pmap address to select one 4KB page
4801 * out of the 1024 or 512 on which testing the
4802 * reference bit will result in clearing that bit.
4803 * This function is designed to avoid the selection of
4804 * the same 4KB page for every 2- or 4MB page mapping.
4806 * On demotion, a mapping that hasn't been referenced
4807 * is simply destroyed. To avoid the possibility of a
4808 * subsequent page fault on a demoted wired mapping,
4809 * always leave its reference bit set. Moreover,
4810 * since the superpage is wired, the current state of
4811 * its reference bit won't affect page replacement.
4813 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> PDRSHIFT) ^
4814 (uintptr_t)pmap) & (NPTEPG - 1)) == 0 &&
4815 (*pde & PG_W) == 0) {
4816 atomic_clear_int((u_int *)pde, PG_A);
4817 pmap_invalidate_page(pmap, pv->pv_va);
4822 /* Rotate the PV list if it has more than one entry. */
4823 if (TAILQ_NEXT(pv, pv_next) != NULL) {
4824 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4825 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4827 if (rtval >= PMAP_TS_REFERENCED_MAX)
4829 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
4831 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
4837 pde = pmap_pde(pmap, pv->pv_va);
4838 KASSERT((*pde & PG_PS) == 0,
4839 ("pmap_ts_referenced: found a 4mpage in page %p's pv list",
4841 pte = pmap_pte_quick(pmap, pv->pv_va);
4842 if ((*pte & PG_A) != 0) {
4843 atomic_clear_int((u_int *)pte, PG_A);
4844 pmap_invalidate_page(pmap, pv->pv_va);
4848 /* Rotate the PV list if it has more than one entry. */
4849 if (TAILQ_NEXT(pv, pv_next) != NULL) {
4850 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4851 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4853 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && rtval <
4854 PMAP_TS_REFERENCED_MAX);
4857 rw_wunlock(&pvh_global_lock);
4862 * Apply the given advice to the specified range of addresses within the
4863 * given pmap. Depending on the advice, clear the referenced and/or
4864 * modified flags in each mapping and set the mapped page's dirty field.
4867 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4869 pd_entry_t oldpde, *pde;
4873 boolean_t anychanged, pv_lists_locked;
4875 if (advice != MADV_DONTNEED && advice != MADV_FREE)
4877 if (pmap_is_current(pmap))
4878 pv_lists_locked = FALSE;
4880 pv_lists_locked = TRUE;
4882 rw_wlock(&pvh_global_lock);
4887 for (; sva < eva; sva = pdnxt) {
4888 pdnxt = (sva + NBPDR) & ~PDRMASK;
4891 pde = pmap_pde(pmap, sva);
4893 if ((oldpde & PG_V) == 0)
4895 else if ((oldpde & PG_PS) != 0) {
4896 if ((oldpde & PG_MANAGED) == 0)
4898 if (!pv_lists_locked) {
4899 pv_lists_locked = TRUE;
4900 if (!rw_try_wlock(&pvh_global_lock)) {
4902 pmap_invalidate_all(pmap);
4908 if (!pmap_demote_pde(pmap, pde, sva)) {
4910 * The large page mapping was destroyed.
4916 * Unless the page mappings are wired, remove the
4917 * mapping to a single page so that a subsequent
4918 * access may repromote. Since the underlying page
4919 * table page is fully populated, this removal never
4920 * frees a page table page.
4922 if ((oldpde & PG_W) == 0) {
4923 pte = pmap_pte_quick(pmap, sva);
4924 KASSERT((*pte & PG_V) != 0,
4925 ("pmap_advise: invalid PTE"));
4926 pmap_remove_pte(pmap, pte, sva, NULL);
4932 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
4934 if ((*pte & (PG_MANAGED | PG_V)) != (PG_MANAGED |
4937 else if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
4938 if (advice == MADV_DONTNEED) {
4940 * Future calls to pmap_is_modified()
4941 * can be avoided by making the page
4944 m = PHYS_TO_VM_PAGE(*pte & PG_FRAME);
4947 atomic_clear_int((u_int *)pte, PG_M | PG_A);
4948 } else if ((*pte & PG_A) != 0)
4949 atomic_clear_int((u_int *)pte, PG_A);
4952 if ((*pte & PG_G) != 0)
4953 pmap_invalidate_page(pmap, sva);
4959 pmap_invalidate_all(pmap);
4960 if (pv_lists_locked) {
4962 rw_wunlock(&pvh_global_lock);
4968 * Clear the modify bits on the specified physical page.
4971 pmap_clear_modify(vm_page_t m)
4973 struct md_page *pvh;
4974 pv_entry_t next_pv, pv;
4976 pd_entry_t oldpde, *pde;
4977 pt_entry_t oldpte, *pte;
4980 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4981 ("pmap_clear_modify: page %p is not managed", m));
4982 VM_OBJECT_ASSERT_WLOCKED(m->object);
4983 KASSERT(!vm_page_xbusied(m),
4984 ("pmap_clear_modify: page %p is exclusive busied", m));
4987 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4988 * If the object containing the page is locked and the page is not
4989 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4991 if ((m->aflags & PGA_WRITEABLE) == 0)
4993 rw_wlock(&pvh_global_lock);
4995 if ((m->flags & PG_FICTITIOUS) != 0)
4996 goto small_mappings;
4997 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4998 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5002 pde = pmap_pde(pmap, va);
5004 if ((oldpde & PG_RW) != 0) {
5005 if (pmap_demote_pde(pmap, pde, va)) {
5006 if ((oldpde & PG_W) == 0) {
5008 * Write protect the mapping to a
5009 * single page so that a subsequent
5010 * write access may repromote.
5012 va += VM_PAGE_TO_PHYS(m) - (oldpde &
5014 pte = pmap_pte_quick(pmap, va);
5016 if ((oldpte & PG_V) != 0) {
5018 * Regardless of whether a pte is 32 or 64 bits
5019 * in size, PG_RW and PG_M are among the least
5020 * significant 32 bits.
5022 while (!atomic_cmpset_int((u_int *)pte,
5024 oldpte & ~(PG_M | PG_RW)))
5027 pmap_invalidate_page(pmap, va);
5035 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5038 pde = pmap_pde(pmap, pv->pv_va);
5039 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_modify: found"
5040 " a 4mpage in page %p's pv list", m));
5041 pte = pmap_pte_quick(pmap, pv->pv_va);
5042 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
5044 * Regardless of whether a pte is 32 or 64 bits
5045 * in size, PG_M is among the least significant
5048 atomic_clear_int((u_int *)pte, PG_M);
5049 pmap_invalidate_page(pmap, pv->pv_va);
5054 rw_wunlock(&pvh_global_lock);
5058 * Miscellaneous support routines follow
5061 /* Adjust the cache mode for a 4KB page mapped via a PTE. */
5062 static __inline void
5063 pmap_pte_attr(pt_entry_t *pte, int cache_bits)
5068 * The cache mode bits are all in the low 32-bits of the
5069 * PTE, so we can just spin on updating the low 32-bits.
5072 opte = *(u_int *)pte;
5073 npte = opte & ~PG_PTE_CACHE;
5075 } while (npte != opte && !atomic_cmpset_int((u_int *)pte, opte, npte));
5078 /* Adjust the cache mode for a 2/4MB page mapped via a PDE. */
5079 static __inline void
5080 pmap_pde_attr(pd_entry_t *pde, int cache_bits)
5085 * The cache mode bits are all in the low 32-bits of the
5086 * PDE, so we can just spin on updating the low 32-bits.
5089 opde = *(u_int *)pde;
5090 npde = opde & ~PG_PDE_CACHE;
5092 } while (npde != opde && !atomic_cmpset_int((u_int *)pde, opde, npde));
5096 * Map a set of physical memory pages into the kernel virtual
5097 * address space. Return a pointer to where it is mapped. This
5098 * routine is intended to be used for mapping device memory,
5102 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
5104 vm_offset_t va, offset;
5107 offset = pa & PAGE_MASK;
5108 size = round_page(offset + size);
5111 if (pa < KERNLOAD && pa + size <= KERNLOAD)
5114 va = kva_alloc(size);
5116 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
5118 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
5119 pmap_kenter_attr(va + tmpsize, pa + tmpsize, mode);
5120 pmap_invalidate_range(kernel_pmap, va, va + tmpsize);
5121 pmap_invalidate_cache_range(va, va + size);
5122 return ((void *)(va + offset));
5126 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
5129 return (pmap_mapdev_attr(pa, size, PAT_UNCACHEABLE));
5133 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5136 return (pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
5140 pmap_unmapdev(vm_offset_t va, vm_size_t size)
5142 vm_offset_t base, offset;
5144 if (va >= KERNBASE && va + size <= KERNBASE + KERNLOAD)
5146 base = trunc_page(va);
5147 offset = va & PAGE_MASK;
5148 size = round_page(offset + size);
5149 kva_free(base, size);
5153 * Sets the memory attribute for the specified page.
5156 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5159 m->md.pat_mode = ma;
5160 if ((m->flags & PG_FICTITIOUS) != 0)
5164 * If "m" is a normal page, flush it from the cache.
5165 * See pmap_invalidate_cache_range().
5167 * First, try to find an existing mapping of the page by sf
5168 * buffer. sf_buf_invalidate_cache() modifies mapping and
5169 * flushes the cache.
5171 if (sf_buf_invalidate_cache(m))
5175 * If page is not mapped by sf buffer, but CPU does not
5176 * support self snoop, map the page transient and do
5177 * invalidation. In the worst case, whole cache is flushed by
5178 * pmap_invalidate_cache_range().
5180 if ((cpu_feature & CPUID_SS) == 0)
5185 pmap_flush_page(vm_page_t m)
5187 struct sysmaps *sysmaps;
5188 vm_offset_t sva, eva;
5190 if ((cpu_feature & CPUID_CLFSH) != 0) {
5191 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5192 mtx_lock(&sysmaps->lock);
5193 if (*sysmaps->CMAP2)
5194 panic("pmap_flush_page: CMAP2 busy");
5196 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) |
5197 PG_A | PG_M | pmap_cache_bits(m->md.pat_mode, 0);
5198 invlcaddr(sysmaps->CADDR2);
5199 sva = (vm_offset_t)sysmaps->CADDR2;
5200 eva = sva + PAGE_SIZE;
5203 * Use mfence despite the ordering implied by
5204 * mtx_{un,}lock() because clflush is not guaranteed
5205 * to be ordered by any other instruction.
5208 for (; sva < eva; sva += cpu_clflush_line_size)
5211 *sysmaps->CMAP2 = 0;
5213 mtx_unlock(&sysmaps->lock);
5215 pmap_invalidate_cache();
5219 * Changes the specified virtual address range's memory type to that given by
5220 * the parameter "mode". The specified virtual address range must be
5221 * completely contained within either the kernel map.
5223 * Returns zero if the change completed successfully, and either EINVAL or
5224 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
5225 * of the virtual address range was not mapped, and ENOMEM is returned if
5226 * there was insufficient memory available to complete the change.
5229 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
5231 vm_offset_t base, offset, tmpva;
5234 int cache_bits_pte, cache_bits_pde;
5237 base = trunc_page(va);
5238 offset = va & PAGE_MASK;
5239 size = round_page(offset + size);
5242 * Only supported on kernel virtual addresses above the recursive map.
5244 if (base < VM_MIN_KERNEL_ADDRESS)
5247 cache_bits_pde = pmap_cache_bits(mode, 1);
5248 cache_bits_pte = pmap_cache_bits(mode, 0);
5252 * Pages that aren't mapped aren't supported. Also break down
5253 * 2/4MB pages into 4KB pages if required.
5255 PMAP_LOCK(kernel_pmap);
5256 for (tmpva = base; tmpva < base + size; ) {
5257 pde = pmap_pde(kernel_pmap, tmpva);
5259 PMAP_UNLOCK(kernel_pmap);
5264 * If the current 2/4MB page already has
5265 * the required memory type, then we need not
5266 * demote this page. Just increment tmpva to
5267 * the next 2/4MB page frame.
5269 if ((*pde & PG_PDE_CACHE) == cache_bits_pde) {
5270 tmpva = trunc_4mpage(tmpva) + NBPDR;
5275 * If the current offset aligns with a 2/4MB
5276 * page frame and there is at least 2/4MB left
5277 * within the range, then we need not break
5278 * down this page into 4KB pages.
5280 if ((tmpva & PDRMASK) == 0 &&
5281 tmpva + PDRMASK < base + size) {
5285 if (!pmap_demote_pde(kernel_pmap, pde, tmpva)) {
5286 PMAP_UNLOCK(kernel_pmap);
5290 pte = vtopte(tmpva);
5292 PMAP_UNLOCK(kernel_pmap);
5297 PMAP_UNLOCK(kernel_pmap);
5300 * Ok, all the pages exist, so run through them updating their
5301 * cache mode if required.
5303 for (tmpva = base; tmpva < base + size; ) {
5304 pde = pmap_pde(kernel_pmap, tmpva);
5306 if ((*pde & PG_PDE_CACHE) != cache_bits_pde) {
5307 pmap_pde_attr(pde, cache_bits_pde);
5310 tmpva = trunc_4mpage(tmpva) + NBPDR;
5312 pte = vtopte(tmpva);
5313 if ((*pte & PG_PTE_CACHE) != cache_bits_pte) {
5314 pmap_pte_attr(pte, cache_bits_pte);
5322 * Flush CPU caches to make sure any data isn't cached that
5323 * shouldn't be, etc.
5326 pmap_invalidate_range(kernel_pmap, base, tmpva);
5327 pmap_invalidate_cache_range(base, tmpva);
5333 * perform the pmap work for mincore
5336 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
5339 pt_entry_t *ptep, pte;
5345 pdep = pmap_pde(pmap, addr);
5347 if (*pdep & PG_PS) {
5349 /* Compute the physical address of the 4KB page. */
5350 pa = ((*pdep & PG_PS_FRAME) | (addr & PDRMASK)) &
5352 val = MINCORE_SUPER;
5354 ptep = pmap_pte(pmap, addr);
5356 pmap_pte_release(ptep);
5357 pa = pte & PG_FRAME;
5365 if ((pte & PG_V) != 0) {
5366 val |= MINCORE_INCORE;
5367 if ((pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5368 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5369 if ((pte & PG_A) != 0)
5370 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
5372 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5373 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) &&
5374 (pte & (PG_MANAGED | PG_V)) == (PG_MANAGED | PG_V)) {
5375 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
5376 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
5379 PA_UNLOCK_COND(*locked_pa);
5385 pmap_activate(struct thread *td)
5387 pmap_t pmap, oldpmap;
5392 pmap = vmspace_pmap(td->td_proc->p_vmspace);
5393 oldpmap = PCPU_GET(curpmap);
5394 cpuid = PCPU_GET(cpuid);
5396 CPU_CLR_ATOMIC(cpuid, &oldpmap->pm_active);
5397 CPU_SET_ATOMIC(cpuid, &pmap->pm_active);
5399 CPU_CLR(cpuid, &oldpmap->pm_active);
5400 CPU_SET(cpuid, &pmap->pm_active);
5403 cr3 = vtophys(pmap->pm_pdpt);
5405 cr3 = vtophys(pmap->pm_pdir);
5408 * pmap_activate is for the current thread on the current cpu
5410 td->td_pcb->pcb_cr3 = cr3;
5412 PCPU_SET(curpmap, pmap);
5417 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
5422 * Increase the starting virtual address of the given mapping if a
5423 * different alignment might result in more superpage mappings.
5426 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
5427 vm_offset_t *addr, vm_size_t size)
5429 vm_offset_t superpage_offset;
5433 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
5434 offset += ptoa(object->pg_color);
5435 superpage_offset = offset & PDRMASK;
5436 if (size - ((NBPDR - superpage_offset) & PDRMASK) < NBPDR ||
5437 (*addr & PDRMASK) == superpage_offset)
5439 if ((*addr & PDRMASK) < superpage_offset)
5440 *addr = (*addr & ~PDRMASK) + superpage_offset;
5442 *addr = ((*addr + PDRMASK) & ~PDRMASK) + superpage_offset;
5446 #if defined(PMAP_DEBUG)
5447 pmap_pid_dump(int pid)
5454 sx_slock(&allproc_lock);
5455 FOREACH_PROC_IN_SYSTEM(p) {
5456 if (p->p_pid != pid)
5462 pmap = vmspace_pmap(p->p_vmspace);
5463 for (i = 0; i < NPDEPTD; i++) {
5466 vm_offset_t base = i << PDRSHIFT;
5468 pde = &pmap->pm_pdir[i];
5469 if (pde && pmap_pde_v(pde)) {
5470 for (j = 0; j < NPTEPG; j++) {
5471 vm_offset_t va = base + (j << PAGE_SHIFT);
5472 if (va >= (vm_offset_t) VM_MIN_KERNEL_ADDRESS) {
5477 sx_sunlock(&allproc_lock);
5480 pte = pmap_pte(pmap, va);
5481 if (pte && pmap_pte_v(pte)) {
5485 m = PHYS_TO_VM_PAGE(pa & PG_FRAME);
5486 printf("va: 0x%x, pt: 0x%x, h: %d, w: %d, f: 0x%x",
5487 va, pa, m->hold_count, m->wire_count, m->flags);
5502 sx_sunlock(&allproc_lock);
5509 static void pads(pmap_t pm);
5510 void pmap_pvdump(vm_paddr_t pa);
5512 /* print address space of pmap*/
5520 if (pm == kernel_pmap)
5522 for (i = 0; i < NPDEPTD; i++)
5524 for (j = 0; j < NPTEPG; j++) {
5525 va = (i << PDRSHIFT) + (j << PAGE_SHIFT);
5526 if (pm == kernel_pmap && va < KERNBASE)
5528 if (pm != kernel_pmap && va > UPT_MAX_ADDRESS)
5530 ptep = pmap_pte(pm, va);
5531 if (pmap_pte_v(ptep))
5532 printf("%x:%x ", va, *ptep);
5538 pmap_pvdump(vm_paddr_t pa)
5544 printf("pa %x", pa);
5545 m = PHYS_TO_VM_PAGE(pa);
5546 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5548 printf(" -> pmap %p, va %x", (void *)pmap, pv->pv_va);
projects / FreeBSD / stable / 10.git / blob