2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2005 Alan L. Cox <alc@cs.rice.edu>
11 * This code is derived from software contributed to Berkeley by
12 * the Systems Programming Group of the University of Utah Computer
13 * Science Department and William Jolitz of UUNET Technologies Inc.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. All advertising materials mentioning features or use of this software
24 * must display the following acknowledgement:
25 * This product includes software developed by the University of
26 * California, Berkeley and its contributors.
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
46 * Copyright (c) 2003 Networks Associates Technology, Inc.
47 * All rights reserved.
49 * This software was developed for the FreeBSD Project by Jake Burkholder,
50 * Safeport Network Services, and Network Associates Laboratories, the
51 * Security Research Division of Network Associates, Inc. under
52 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
53 * CHATS research program.
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
58 * 1. Redistributions of source code must retain the above copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
64 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
65 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
66 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
67 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
68 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
69 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
70 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
71 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
72 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
73 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
77 #include <sys/cdefs.h>
78 __FBSDID("$FreeBSD$");
81 * Manages physical address maps.
83 * In addition to hardware address maps, this
84 * module is called upon to provide software-use-only
85 * maps which may or may not be stored in the same
86 * form as hardware maps. These pseudo-maps are
87 * used to store intermediate results from copy
88 * operations to and from address spaces.
90 * Since the information managed by this module is
91 * also stored by the logical address mapping module,
92 * this module may throw away valid virtual-to-physical
93 * mappings at almost any time. However, invalidations
94 * of virtual-to-physical mappings must be done as
97 * In order to cope with hardware architectures which
98 * make virtual-to-physical map invalidates expensive,
99 * this module may delay invalidate or reduced protection
100 * operations until such time as they are actually
101 * necessary. This module is given full information as
102 * to which processors are currently using which maps,
103 * and to when physical maps must be made correct.
106 #define PMAP_DIAGNOSTIC
109 #include "opt_pmap.h"
111 #include "opt_xbox.h"
113 #include <sys/param.h>
114 #include <sys/systm.h>
115 #include <sys/kernel.h>
117 #include <sys/lock.h>
118 #include <sys/malloc.h>
119 #include <sys/mman.h>
120 #include <sys/msgbuf.h>
121 #include <sys/mutex.h>
122 #include <sys/proc.h>
123 #include <sys/sf_buf.h>
125 #include <sys/vmmeter.h>
126 #include <sys/sched.h>
127 #include <sys/sysctl.h>
133 #include <vm/vm_param.h>
134 #include <vm/vm_kern.h>
135 #include <vm/vm_page.h>
136 #include <vm/vm_map.h>
137 #include <vm/vm_object.h>
138 #include <vm/vm_extern.h>
139 #include <vm/vm_pageout.h>
140 #include <vm/vm_pager.h>
143 #include <machine/cpu.h>
144 #include <machine/cputypes.h>
145 #include <machine/md_var.h>
146 #include <machine/pcb.h>
147 #include <machine/specialreg.h>
149 #include <machine/smp.h>
153 #include <machine/xbox.h>
156 #include <xen/interface/xen.h>
157 #include <xen/hypervisor.h>
158 #include <machine/xen/hypercall.h>
159 #include <machine/xen/xenvar.h>
160 #include <machine/xen/xenfunc.h>
162 #if !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
163 #define CPU_ENABLE_SSE
166 #ifndef PMAP_SHPGPERPROC
167 #define PMAP_SHPGPERPROC 200
170 #if defined(DIAGNOSTIC)
171 #define PMAP_DIAGNOSTIC
174 #if !defined(PMAP_DIAGNOSTIC)
175 #define PMAP_INLINE __gnu89_inline
182 #define PV_STAT(x) do { x ; } while (0)
184 #define PV_STAT(x) do { } while (0)
187 #define pa_index(pa) ((pa) >> PDRSHIFT)
188 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
191 * Get PDEs and PTEs for user/kernel address space
193 #define pmap_pde(m, v) (&((m)->pm_pdir[(vm_offset_t)(v) >> PDRSHIFT]))
194 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
196 #define pmap_pde_v(pte) ((*(int *)pte & PG_V) != 0)
197 #define pmap_pte_w(pte) ((*(int *)pte & PG_W) != 0)
198 #define pmap_pte_m(pte) ((*(int *)pte & PG_M) != 0)
199 #define pmap_pte_u(pte) ((*(int *)pte & PG_A) != 0)
200 #define pmap_pte_v(pte) ((*(int *)pte & PG_V) != 0)
202 #define pmap_pte_set_prot(pte, v) ((*(int *)pte &= ~PG_PROT), (*(int *)pte |= (v)))
204 #define HAMFISTED_LOCKING
205 #ifdef HAMFISTED_LOCKING
206 static struct mtx createdelete_lock;
209 struct pmap kernel_pmap_store;
210 LIST_HEAD(pmaplist, pmap);
211 static struct pmaplist allpmaps;
212 static struct mtx allpmaps_lock;
214 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
215 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
216 int pgeflag = 0; /* PG_G or-in */
217 int pseflag = 0; /* PG_PS or-in */
220 vm_offset_t kernel_vm_end;
221 extern u_int32_t KERNend;
226 static uma_zone_t pdptzone;
230 static int pat_works; /* Is page attribute table sane? */
233 * Data for the pv entry allocation mechanism
235 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
236 static struct md_page *pv_table;
237 static int shpgperproc = PMAP_SHPGPERPROC;
239 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
240 int pv_maxchunks; /* How many chunks we have KVA for */
241 vm_offset_t pv_vafree; /* freelist stored in the PTE */
244 * All those kernel PT submaps that BSD is so fond of
253 static struct sysmaps sysmaps_pcpu[MAXCPU];
254 pt_entry_t *CMAP1 = 0;
255 static pt_entry_t *CMAP3;
256 caddr_t CADDR1 = 0, ptvmmap = 0;
257 static caddr_t CADDR3;
258 struct msgbuf *msgbufp = 0;
263 static caddr_t crashdumpmap;
265 static pt_entry_t *PMAP1 = 0, *PMAP2;
266 static pt_entry_t *PADDR1 = 0, *PADDR2;
269 static int PMAP1changedcpu;
270 SYSCTL_INT(_debug, OID_AUTO, PMAP1changedcpu, CTLFLAG_RD,
272 "Number of times pmap_pte_quick changed CPU with same PMAP1");
274 static int PMAP1changed;
275 SYSCTL_INT(_debug, OID_AUTO, PMAP1changed, CTLFLAG_RD,
277 "Number of times pmap_pte_quick changed PMAP1");
278 static int PMAP1unchanged;
279 SYSCTL_INT(_debug, OID_AUTO, PMAP1unchanged, CTLFLAG_RD,
281 "Number of times pmap_pte_quick didn't change PMAP1");
282 static struct mtx PMAP2mutex;
284 SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
285 static int pg_ps_enabled;
286 SYSCTL_INT(_vm_pmap, OID_AUTO, pg_ps_enabled, CTLFLAG_RDTUN, &pg_ps_enabled, 0,
287 "Are large page mappings enabled?");
289 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
290 "Max number of PV entries");
291 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
292 "Page share factor per proc");
294 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
295 static pv_entry_t get_pv_entry(pmap_t locked_pmap, int try);
297 static vm_page_t pmap_enter_quick_locked(multicall_entry_t **mcl, int *count, pmap_t pmap, vm_offset_t va,
298 vm_page_t m, vm_prot_t prot, vm_page_t mpte);
299 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
301 static void pmap_remove_page(struct pmap *pmap, vm_offset_t va,
303 static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
305 static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);
306 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
309 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);
311 static vm_page_t _pmap_allocpte(pmap_t pmap, unsigned ptepindex, int flags);
312 static int _pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free);
313 static pt_entry_t *pmap_pte_quick(pmap_t pmap, vm_offset_t va);
314 static void pmap_pte_release(pt_entry_t *pte);
315 static int pmap_unuse_pt(pmap_t, vm_offset_t, vm_page_t *);
316 static vm_offset_t pmap_kmem_choose(vm_offset_t addr);
317 static boolean_t pmap_is_prefaultable_locked(pmap_t pmap, vm_offset_t addr);
318 static void pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode);
320 static __inline void pagezero(void *page);
322 #if defined(PAE) && !defined(XEN)
323 static void *pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait);
326 CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
327 CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));
330 * If you get an error here, then you set KVA_PAGES wrong! See the
331 * description of KVA_PAGES in sys/i386/include/pmap.h. It must be
332 * multiple of 4 for a normal kernel, or a multiple of 8 for a PAE.
334 CTASSERT(KERNBASE % (1 << 24) == 0);
339 pd_set(struct pmap *pmap, int ptepindex, vm_paddr_t val, int type)
341 vm_paddr_t pdir_ma = vtomach(&pmap->pm_pdir[ptepindex]);
346 xen_queue_pt_update(shadow_pdir_ma,
347 xpmap_ptom(val & ~(PG_RW)));
349 xen_queue_pt_update(pdir_ma,
352 case SH_PD_SET_VA_MA:
354 xen_queue_pt_update(shadow_pdir_ma,
357 xen_queue_pt_update(pdir_ma, val);
359 case SH_PD_SET_VA_CLEAR:
361 xen_queue_pt_update(shadow_pdir_ma, 0);
363 xen_queue_pt_update(pdir_ma, 0);
369 * Move the kernel virtual free pointer to the next
370 * 4MB. This is used to help improve performance
371 * by using a large (4MB) page for much of the kernel
372 * (.text, .data, .bss)
375 pmap_kmem_choose(vm_offset_t addr)
377 vm_offset_t newaddr = addr;
380 if (cpu_feature & CPUID_PSE)
381 newaddr = (addr + PDRMASK) & ~PDRMASK;
387 * Bootstrap the system enough to run with virtual memory.
389 * On the i386 this is called after mapping has already been enabled
390 * and just syncs the pmap module with what has already been done.
391 * [We can't call it easily with mapping off since the kernel is not
392 * mapped with PA == VA, hence we would have to relocate every address
393 * from the linked base (virtual) address "KERNBASE" to the actual
394 * (physical) address starting relative to 0]
397 pmap_bootstrap(vm_paddr_t firstaddr)
400 pt_entry_t *pte, *unused;
401 struct sysmaps *sysmaps;
405 * XXX The calculation of virtual_avail is wrong. It's NKPT*PAGE_SIZE too
406 * large. It should instead be correctly calculated in locore.s and
407 * not based on 'first' (which is a physical address, not a virtual
408 * address, for the start of unused physical memory). The kernel
409 * page tables are NOT double mapped and thus should not be included
410 * in this calculation.
412 virtual_avail = (vm_offset_t) KERNBASE + firstaddr;
413 virtual_avail = pmap_kmem_choose(virtual_avail);
415 virtual_end = VM_MAX_KERNEL_ADDRESS;
418 * Initialize the kernel pmap (which is statically allocated).
420 PMAP_LOCK_INIT(kernel_pmap);
421 kernel_pmap->pm_pdir = (pd_entry_t *) (KERNBASE + (u_int)IdlePTD);
423 kernel_pmap->pm_pdpt = (pdpt_entry_t *) (KERNBASE + (u_int)IdlePDPT);
425 kernel_pmap->pm_active = -1; /* don't allow deactivation */
426 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
427 LIST_INIT(&allpmaps);
428 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_SPIN);
429 mtx_lock_spin(&allpmaps_lock);
430 LIST_INSERT_HEAD(&allpmaps, kernel_pmap, pm_list);
431 mtx_unlock_spin(&allpmaps_lock);
436 * Reserve some special page table entries/VA space for temporary
439 #define SYSMAP(c, p, v, n) \
440 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
446 * CMAP1/CMAP2 are used for zeroing and copying pages.
447 * CMAP3 is used for the idle process page zeroing.
449 for (i = 0; i < MAXCPU; i++) {
450 sysmaps = &sysmaps_pcpu[i];
451 mtx_init(&sysmaps->lock, "SYSMAPS", NULL, MTX_DEF);
452 SYSMAP(caddr_t, sysmaps->CMAP1, sysmaps->CADDR1, 1)
453 SYSMAP(caddr_t, sysmaps->CMAP2, sysmaps->CADDR2, 1)
455 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
456 SYSMAP(caddr_t, CMAP3, CADDR3, 1)
457 PT_SET_MA(CADDR3, 0);
462 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)
465 * ptvmmap is used for reading arbitrary physical pages via /dev/mem.
467 SYSMAP(caddr_t, unused, ptvmmap, 1)
470 * msgbufp is used to map the system message buffer.
472 SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(msgbufsize)))
475 * ptemap is used for pmap_pte_quick
477 SYSMAP(pt_entry_t *, PMAP1, PADDR1, 1);
478 SYSMAP(pt_entry_t *, PMAP2, PADDR2, 1);
480 mtx_init(&PMAP2mutex, "PMAP2", NULL, MTX_DEF);
483 PT_SET_MA(CADDR1, 0);
486 * Leave in place an identity mapping (virt == phys) for the low 1 MB
487 * physical memory region that is used by the ACPI wakeup code. This
488 * mapping must not have PG_G set.
492 * leave here deliberately to show that this is not supported
495 /* FIXME: This is gross, but needed for the XBOX. Since we are in such
496 * an early stadium, we cannot yet neatly map video memory ... :-(
497 * Better fixes are very welcome! */
498 if (!arch_i386_is_xbox)
500 for (i = 1; i < NKPT; i++)
503 /* Initialize the PAT MSR if present. */
506 /* Turn on PG_G on kernel page(s) */
510 #ifdef HAMFISTED_LOCKING
511 mtx_init(&createdelete_lock, "pmap create/delete", NULL, MTX_DEF);
523 /* Bail if this CPU doesn't implement PAT. */
524 if (!(cpu_feature & CPUID_PAT))
527 if (cpu_vendor_id != CPU_VENDOR_INTEL ||
528 (CPUID_TO_FAMILY(cpu_id) == 6 && CPUID_TO_MODEL(cpu_id) >= 0xe)) {
530 * Leave the indices 0-3 at the default of WB, WT, UC, and UC-.
531 * Program 4 and 5 as WP and WC.
532 * Leave 6 and 7 as UC and UC-.
534 pat_msr = rdmsr(MSR_PAT);
535 pat_msr &= ~(PAT_MASK(4) | PAT_MASK(5));
536 pat_msr |= PAT_VALUE(4, PAT_WRITE_PROTECTED) |
537 PAT_VALUE(5, PAT_WRITE_COMBINING);
541 * Due to some Intel errata, we can only safely use the lower 4
542 * PAT entries. Thus, just replace PAT Index 2 with WC instead
545 * Intel Pentium III Processor Specification Update
546 * Errata E.27 (Upper Four PAT Entries Not Usable With Mode B
549 * Intel Pentium IV Processor Specification Update
550 * Errata N46 (PAT Index MSB May Be Calculated Incorrectly)
552 pat_msr = rdmsr(MSR_PAT);
553 pat_msr &= ~PAT_MASK(2);
554 pat_msr |= PAT_VALUE(2, PAT_WRITE_COMBINING);
557 wrmsr(MSR_PAT, pat_msr);
561 * Set PG_G on kernel pages. Only the BSP calls this when SMP is turned on.
568 vm_offset_t va, endva;
575 endva = KERNBASE + KERNend;
578 va = KERNBASE + KERNLOAD;
580 pdir = kernel_pmap->pm_pdir[KPTDI+i];
582 kernel_pmap->pm_pdir[KPTDI+i] = PTD[KPTDI+i] = pdir;
583 invltlb(); /* Play it safe, invltlb() every time */
588 va = (vm_offset_t)btext;
593 invltlb(); /* Play it safe, invltlb() every time */
600 * Initialize a vm_page's machine-dependent fields.
603 pmap_page_init(vm_page_t m)
606 TAILQ_INIT(&m->md.pv_list);
607 m->md.pat_mode = PAT_WRITE_BACK;
610 #if defined(PAE) && !defined(XEN)
612 pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
615 /* Inform UMA that this allocator uses kernel_map/object. */
616 *flags = UMA_SLAB_KERNEL;
617 return ((void *)kmem_alloc_contig(kernel_map, bytes, wait, 0x0ULL,
618 0xffffffffULL, 1, 0, VM_MEMATTR_DEFAULT));
623 * ABuse the pte nodes for unmapped kva to thread a kva freelist through.
625 * - Must deal with pages in order to ensure that none of the PG_* bits
626 * are ever set, PG_V in particular.
627 * - Assumes we can write to ptes without pte_store() atomic ops, even
628 * on PAE systems. This should be ok.
629 * - Assumes nothing will ever test these addresses for 0 to indicate
630 * no mapping instead of correctly checking PG_V.
631 * - Assumes a vm_offset_t will fit in a pte (true for i386).
632 * Because PG_V is never set, there can be no mappings to invalidate.
634 static int ptelist_count = 0;
636 pmap_ptelist_alloc(vm_offset_t *head)
639 vm_offset_t *phead = (vm_offset_t *)*head;
641 if (ptelist_count == 0) {
642 printf("out of memory!!!!!!\n");
643 return (0); /* Out of memory */
646 va = phead[ptelist_count];
651 pmap_ptelist_free(vm_offset_t *head, vm_offset_t va)
653 vm_offset_t *phead = (vm_offset_t *)*head;
655 phead[ptelist_count++] = va;
659 pmap_ptelist_init(vm_offset_t *head, void *base, int npages)
665 nstackpages = (npages + PAGE_SIZE/sizeof(vm_offset_t) - 1)/ (PAGE_SIZE/sizeof(vm_offset_t));
666 for (i = 0; i < nstackpages; i++) {
667 va = (vm_offset_t)base + i * PAGE_SIZE;
668 m = vm_page_alloc(NULL, i,
669 VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
671 pmap_qenter(va, &m, 1);
674 *head = (vm_offset_t)base;
675 for (i = npages - 1; i >= nstackpages; i--) {
676 va = (vm_offset_t)base + i * PAGE_SIZE;
677 pmap_ptelist_free(head, va);
683 * Initialize the pmap module.
684 * Called by vm_init, to initialize any structures that the pmap
685 * system needs to map virtual memory.
695 * Initialize the vm page array entries for the kernel pmap's
698 for (i = 0; i < nkpt; i++) {
699 mpte = PHYS_TO_VM_PAGE(xpmap_mtop(PTD[i + KPTDI] & PG_FRAME));
700 KASSERT(mpte >= vm_page_array &&
701 mpte < &vm_page_array[vm_page_array_size],
702 ("pmap_init: page table page is out of range"));
703 mpte->pindex = i + KPTDI;
704 mpte->phys_addr = xpmap_mtop(PTD[i + KPTDI] & PG_FRAME);
708 * Initialize the address space (zone) for the pv entries. Set a
709 * high water mark so that the system can recover from excessive
710 * numbers of pv entries.
712 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
713 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
714 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
715 pv_entry_max = roundup(pv_entry_max, _NPCPV);
716 pv_entry_high_water = 9 * (pv_entry_max / 10);
719 * Are large page mappings enabled?
721 TUNABLE_INT_FETCH("vm.pmap.pg_ps_enabled", &pg_ps_enabled);
724 * Calculate the size of the pv head table for superpages.
726 for (i = 0; phys_avail[i + 1]; i += 2);
727 pv_npg = round_4mpage(phys_avail[(i - 2) + 1]) / NBPDR;
730 * Allocate memory for the pv head table for superpages.
732 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
734 pv_table = (struct md_page *)kmem_alloc(kernel_map, s);
735 for (i = 0; i < pv_npg; i++)
736 TAILQ_INIT(&pv_table[i].pv_list);
738 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
739 pv_chunkbase = (struct pv_chunk *)kmem_alloc_nofault(kernel_map,
740 PAGE_SIZE * pv_maxchunks);
741 if (pv_chunkbase == NULL)
742 panic("pmap_init: not enough kvm for pv chunks");
743 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
744 #if defined(PAE) && !defined(XEN)
745 pdptzone = uma_zcreate("PDPT", NPGPTD * sizeof(pdpt_entry_t), NULL,
746 NULL, NULL, NULL, (NPGPTD * sizeof(pdpt_entry_t)) - 1,
747 UMA_ZONE_VM | UMA_ZONE_NOFREE);
748 uma_zone_set_allocf(pdptzone, pmap_pdpt_allocf);
753 /***************************************************
754 * Low level helper routines.....
755 ***************************************************/
758 * Determine the appropriate bits to set in a PTE or PDE for a specified
762 pmap_cache_bits(int mode, boolean_t is_pde)
764 int pat_flag, pat_index, cache_bits;
766 /* The PAT bit is different for PTE's and PDE's. */
767 pat_flag = is_pde ? PG_PDE_PAT : PG_PTE_PAT;
769 /* If we don't support PAT, map extended modes to older ones. */
770 if (!(cpu_feature & CPUID_PAT)) {
772 case PAT_UNCACHEABLE:
773 case PAT_WRITE_THROUGH:
777 case PAT_WRITE_COMBINING:
778 case PAT_WRITE_PROTECTED:
779 mode = PAT_UNCACHEABLE;
784 /* Map the caching mode to a PAT index. */
787 case PAT_UNCACHEABLE:
790 case PAT_WRITE_THROUGH:
799 case PAT_WRITE_COMBINING:
802 case PAT_WRITE_PROTECTED:
806 panic("Unknown caching mode %d\n", mode);
811 case PAT_UNCACHEABLE:
812 case PAT_WRITE_PROTECTED:
815 case PAT_WRITE_THROUGH:
821 case PAT_WRITE_COMBINING:
825 panic("Unknown caching mode %d\n", mode);
829 /* Map the 3-bit index value into the PAT, PCD, and PWT bits. */
832 cache_bits |= pat_flag;
834 cache_bits |= PG_NC_PCD;
836 cache_bits |= PG_NC_PWT;
841 * For SMP, these functions have to use the IPI mechanism for coherence.
843 * N.B.: Before calling any of the following TLB invalidation functions,
844 * the calling processor must ensure that all stores updating a non-
845 * kernel page table are globally performed. Otherwise, another
846 * processor could cache an old, pre-update entry without being
847 * invalidated. This can happen one of two ways: (1) The pmap becomes
848 * active on another processor after its pm_active field is checked by
849 * one of the following functions but before a store updating the page
850 * table is globally performed. (2) The pmap becomes active on another
851 * processor before its pm_active field is checked but due to
852 * speculative loads one of the following functions stills reads the
853 * pmap as inactive on the other processor.
855 * The kernel page table is exempt because its pm_active field is
856 * immutable. The kernel page table is always active on every
860 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
862 cpumask_t cpumask, other_cpus;
864 CTR2(KTR_PMAP, "pmap_invalidate_page: pmap=%p va=0x%x",
868 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
872 cpumask = PCPU_GET(cpumask);
873 other_cpus = PCPU_GET(other_cpus);
874 if (pmap->pm_active & cpumask)
876 if (pmap->pm_active & other_cpus)
877 smp_masked_invlpg(pmap->pm_active & other_cpus, va);
884 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
886 cpumask_t cpumask, other_cpus;
889 CTR3(KTR_PMAP, "pmap_invalidate_page: pmap=%p eva=0x%x sva=0x%x",
893 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
894 for (addr = sva; addr < eva; addr += PAGE_SIZE)
896 smp_invlpg_range(sva, eva);
898 cpumask = PCPU_GET(cpumask);
899 other_cpus = PCPU_GET(other_cpus);
900 if (pmap->pm_active & cpumask)
901 for (addr = sva; addr < eva; addr += PAGE_SIZE)
903 if (pmap->pm_active & other_cpus)
904 smp_masked_invlpg_range(pmap->pm_active & other_cpus,
912 pmap_invalidate_all(pmap_t pmap)
914 cpumask_t cpumask, other_cpus;
916 CTR1(KTR_PMAP, "pmap_invalidate_page: pmap=%p", pmap);
919 if (pmap == kernel_pmap || pmap->pm_active == all_cpus) {
923 cpumask = PCPU_GET(cpumask);
924 other_cpus = PCPU_GET(other_cpus);
925 if (pmap->pm_active & cpumask)
927 if (pmap->pm_active & other_cpus)
928 smp_masked_invltlb(pmap->pm_active & other_cpus);
934 pmap_invalidate_cache(void)
944 * Normal, non-SMP, 486+ invalidation functions.
945 * We inline these within pmap.c for speed.
948 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
950 CTR2(KTR_PMAP, "pmap_invalidate_page: pmap=%p va=0x%x",
953 if (pmap == kernel_pmap || pmap->pm_active)
959 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
963 if (eva - sva > PAGE_SIZE)
964 CTR3(KTR_PMAP, "pmap_invalidate_range: pmap=%p sva=0x%x eva=0x%x",
967 if (pmap == kernel_pmap || pmap->pm_active)
968 for (addr = sva; addr < eva; addr += PAGE_SIZE)
974 pmap_invalidate_all(pmap_t pmap)
977 CTR1(KTR_PMAP, "pmap_invalidate_all: pmap=%p", pmap);
979 if (pmap == kernel_pmap || pmap->pm_active)
984 pmap_invalidate_cache(void)
992 pmap_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
995 KASSERT((sva & PAGE_MASK) == 0,
996 ("pmap_invalidate_cache_range: sva not page-aligned"));
997 KASSERT((eva & PAGE_MASK) == 0,
998 ("pmap_invalidate_cache_range: eva not page-aligned"));
1000 if (cpu_feature & CPUID_SS)
1001 ; /* If "Self Snoop" is supported, do nothing. */
1002 else if (cpu_feature & CPUID_CLFSH) {
1005 * Otherwise, do per-cache line flush. Use the mfence
1006 * instruction to insure that previous stores are
1007 * included in the write-back. The processor
1008 * propagates flush to other processors in the cache
1012 for (; sva < eva; sva += cpu_clflush_line_size)
1018 * No targeted cache flush methods are supported by CPU,
1019 * globally invalidate cache as a last resort.
1021 pmap_invalidate_cache();
1026 * Are we current address space or kernel? N.B. We return FALSE when
1027 * a pmap's page table is in use because a kernel thread is borrowing
1028 * it. The borrowed page table can change spontaneously, making any
1029 * dependence on its continued use subject to a race condition.
1032 pmap_is_current(pmap_t pmap)
1035 return (pmap == kernel_pmap ||
1036 (pmap == vmspace_pmap(curthread->td_proc->p_vmspace) &&
1037 (pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] & PG_FRAME)));
1041 * If the given pmap is not the current or kernel pmap, the returned pte must
1042 * be released by passing it to pmap_pte_release().
1045 pmap_pte(pmap_t pmap, vm_offset_t va)
1050 pde = pmap_pde(pmap, va);
1054 /* are we current address space or kernel? */
1055 if (pmap_is_current(pmap))
1056 return (vtopte(va));
1057 mtx_lock(&PMAP2mutex);
1058 newpf = *pde & PG_FRAME;
1059 if ((*PMAP2 & PG_FRAME) != newpf) {
1060 PT_SET_MA(PADDR2, newpf | PG_V | PG_A | PG_M);
1061 CTR3(KTR_PMAP, "pmap_pte: pmap=%p va=0x%x newpte=0x%08x",
1062 pmap, va, (*PMAP2 & 0xffffffff));
1065 return (PADDR2 + (i386_btop(va) & (NPTEPG - 1)));
1071 * Releases a pte that was obtained from pmap_pte(). Be prepared for the pte
1074 static __inline void
1075 pmap_pte_release(pt_entry_t *pte)
1078 if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2) {
1079 CTR1(KTR_PMAP, "pmap_pte_release: pte=0x%jx",
1081 vm_page_lock_queues();
1082 PT_SET_VA(PMAP2, 0, TRUE);
1083 vm_page_unlock_queues();
1084 mtx_unlock(&PMAP2mutex);
1088 static __inline void
1089 invlcaddr(void *caddr)
1092 invlpg((u_int)caddr);
1097 * Super fast pmap_pte routine best used when scanning
1098 * the pv lists. This eliminates many coarse-grained
1099 * invltlb calls. Note that many of the pv list
1100 * scans are across different pmaps. It is very wasteful
1101 * to do an entire invltlb for checking a single mapping.
1103 * If the given pmap is not the current pmap, vm_page_queue_mtx
1104 * must be held and curthread pinned to a CPU.
1107 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
1112 pde = pmap_pde(pmap, va);
1116 /* are we current address space or kernel? */
1117 if (pmap_is_current(pmap))
1118 return (vtopte(va));
1119 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
1120 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
1121 newpf = *pde & PG_FRAME;
1122 if ((*PMAP1 & PG_FRAME) != newpf) {
1123 PT_SET_MA(PADDR1, newpf | PG_V | PG_A | PG_M);
1124 CTR3(KTR_PMAP, "pmap_pte_quick: pmap=%p va=0x%x newpte=0x%08x",
1125 pmap, va, (u_long)*PMAP1);
1128 PMAP1cpu = PCPU_GET(cpuid);
1133 if (PMAP1cpu != PCPU_GET(cpuid)) {
1134 PMAP1cpu = PCPU_GET(cpuid);
1140 return (PADDR1 + (i386_btop(va) & (NPTEPG - 1)));
1146 * Routine: pmap_extract
1148 * Extract the physical page address associated
1149 * with the given map/virtual_address pair.
1152 pmap_extract(pmap_t pmap, vm_offset_t va)
1161 pde = pmap->pm_pdir[va >> PDRSHIFT];
1163 if ((pde & PG_PS) != 0) {
1164 rtval = xpmap_mtop(pde & PG_PS_FRAME) | (va & PDRMASK);
1168 pte = pmap_pte(pmap, va);
1169 pteval = *pte ? xpmap_mtop(*pte) : 0;
1170 rtval = (pteval & PG_FRAME) | (va & PAGE_MASK);
1171 pmap_pte_release(pte);
1178 * Routine: pmap_extract_ma
1180 * Like pmap_extract, but returns machine address
1183 pmap_extract_ma(pmap_t pmap, vm_offset_t va)
1191 pde = pmap->pm_pdir[va >> PDRSHIFT];
1193 if ((pde & PG_PS) != 0) {
1194 rtval = (pde & ~PDRMASK) | (va & PDRMASK);
1198 pte = pmap_pte(pmap, va);
1199 rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
1200 pmap_pte_release(pte);
1207 * Routine: pmap_extract_and_hold
1209 * Atomically extract and hold the physical page
1210 * with the given pmap and virtual address pair
1211 * if that mapping permits the given protection.
1214 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1221 vm_page_lock_queues();
1223 pde = PT_GET(pmap_pde(pmap, va));
1226 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
1227 m = PHYS_TO_VM_PAGE((pde & PG_PS_FRAME) |
1233 pte = PT_GET(pmap_pte_quick(pmap, va));
1235 PT_SET_MA(PADDR1, 0);
1237 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
1238 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
1244 vm_page_unlock_queues();
1249 /***************************************************
1250 * Low level mapping routines.....
1251 ***************************************************/
1254 * Add a wired page to the kva.
1255 * Note: not SMP coherent.
1258 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1260 PT_SET_MA(va, xpmap_ptom(pa)| PG_RW | PG_V | pgeflag);
1264 pmap_kenter_ma(vm_offset_t va, vm_paddr_t ma)
1269 pte_store_ma(pte, ma | PG_RW | PG_V | pgeflag);
1273 static __inline void
1274 pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode)
1276 PT_SET_MA(va, pa | PG_RW | PG_V | pgeflag | pmap_cache_bits(mode, 0));
1280 * Remove a page from the kernel pagetables.
1281 * Note: not SMP coherent.
1284 pmap_kremove(vm_offset_t va)
1289 PT_CLEAR_VA(pte, FALSE);
1293 * Used to map a range of physical addresses into kernel
1294 * virtual address space.
1296 * The value passed in '*virt' is a suggested virtual address for
1297 * the mapping. Architectures which can support a direct-mapped
1298 * physical to virtual region can return the appropriate address
1299 * within that region, leaving '*virt' unchanged. Other
1300 * architectures should map the pages starting at '*virt' and
1301 * update '*virt' with the first usable address after the mapped
1305 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1307 vm_offset_t va, sva;
1310 CTR4(KTR_PMAP, "pmap_map: va=0x%x start=0x%jx end=0x%jx prot=0x%x",
1311 va, start, end, prot);
1312 while (start < end) {
1313 pmap_kenter(va, start);
1317 pmap_invalidate_range(kernel_pmap, sva, va);
1324 * Add a list of wired pages to the kva
1325 * this routine is only used for temporary
1326 * kernel mappings that do not need to have
1327 * page modification or references recorded.
1328 * Note that old mappings are simply written
1329 * over. The page *must* be wired.
1330 * Note: SMP coherent. Uses a ranged shootdown IPI.
1333 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1335 pt_entry_t *endpte, *pte;
1337 vm_offset_t va = sva;
1339 multicall_entry_t mcl[16];
1340 multicall_entry_t *mclp = mcl;
1343 CTR2(KTR_PMAP, "pmap_qenter:sva=0x%x count=%d", va, count);
1345 endpte = pte + count;
1346 while (pte < endpte) {
1347 pa = xpmap_ptom(VM_PAGE_TO_PHYS(*ma)) | pgeflag | PG_RW | PG_V | PG_M | PG_A;
1349 mclp->op = __HYPERVISOR_update_va_mapping;
1351 mclp->args[1] = (uint32_t)(pa & 0xffffffff);
1352 mclp->args[2] = (uint32_t)(pa >> 32);
1353 mclp->args[3] = (*pte & PG_V) ? UVMF_INVLPG|UVMF_ALL : 0;
1360 if (mclcount == 16) {
1361 error = HYPERVISOR_multicall(mcl, mclcount);
1364 KASSERT(error == 0, ("bad multicall %d", error));
1368 error = HYPERVISOR_multicall(mcl, mclcount);
1369 KASSERT(error == 0, ("bad multicall %d", error));
1373 for (pte = vtopte(sva), mclcount = 0; mclcount < count; mclcount++, pte++)
1374 KASSERT(*pte, ("pte not set for va=0x%x", sva + mclcount*PAGE_SIZE));
1380 * This routine tears out page mappings from the
1381 * kernel -- it is meant only for temporary mappings.
1382 * Note: SMP coherent. Uses a ranged shootdown IPI.
1385 pmap_qremove(vm_offset_t sva, int count)
1389 CTR2(KTR_PMAP, "pmap_qremove: sva=0x%x count=%d", sva, count);
1391 vm_page_lock_queues();
1393 while (count-- > 0) {
1398 pmap_invalidate_range(kernel_pmap, sva, va);
1400 vm_page_unlock_queues();
1403 /***************************************************
1404 * Page table page management routines.....
1405 ***************************************************/
1406 static __inline void
1407 pmap_free_zero_pages(vm_page_t free)
1411 while (free != NULL) {
1414 vm_page_free_zero(m);
1419 * This routine unholds page table pages, and if the hold count
1420 * drops to zero, then it decrements the wire count.
1423 pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free)
1427 if (m->wire_count == 0)
1428 return _pmap_unwire_pte_hold(pmap, m, free);
1434 _pmap_unwire_pte_hold(pmap_t pmap, vm_page_t m, vm_page_t *free)
1440 * unmap the page table page
1442 xen_pt_unpin(pmap->pm_pdir[m->pindex]);
1444 * page *might* contain residual mapping :-/
1446 PD_CLEAR_VA(pmap, m->pindex, TRUE);
1448 --pmap->pm_stats.resident_count;
1451 * This is a release store so that the ordinary store unmapping
1452 * the page table page is globally performed before TLB shoot-
1455 atomic_subtract_rel_int(&cnt.v_wire_count, 1);
1458 * Do an invltlb to make the invalidated mapping
1459 * take effect immediately.
1461 pteva = VM_MAXUSER_ADDRESS + i386_ptob(m->pindex);
1462 pmap_invalidate_page(pmap, pteva);
1465 * Put page on a list so that it is released after
1466 * *ALL* TLB shootdown is done
1475 * After removing a page table entry, this routine is used to
1476 * conditionally free the page, and manage the hold/wire counts.
1479 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, vm_page_t *free)
1484 if (va >= VM_MAXUSER_ADDRESS)
1486 ptepde = PT_GET(pmap_pde(pmap, va));
1487 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
1488 return pmap_unwire_pte_hold(pmap, mpte, free);
1492 pmap_pinit0(pmap_t pmap)
1495 PMAP_LOCK_INIT(pmap);
1496 pmap->pm_pdir = (pd_entry_t *)(KERNBASE + (vm_offset_t)IdlePTD);
1498 pmap->pm_pdpt = (pdpt_entry_t *)(KERNBASE + (vm_offset_t)IdlePDPT);
1500 pmap->pm_active = 0;
1501 PCPU_SET(curpmap, pmap);
1502 TAILQ_INIT(&pmap->pm_pvchunk);
1503 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1504 mtx_lock_spin(&allpmaps_lock);
1505 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1506 mtx_unlock_spin(&allpmaps_lock);
1510 * Initialize a preallocated and zeroed pmap structure,
1511 * such as one in a vmspace structure.
1514 pmap_pinit(pmap_t pmap)
1516 vm_page_t m, ptdpg[NPGPTD + 1];
1517 int npgptd = NPGPTD + 1;
1521 #ifdef HAMFISTED_LOCKING
1522 mtx_lock(&createdelete_lock);
1525 PMAP_LOCK_INIT(pmap);
1528 * No need to allocate page table space yet but we do need a valid
1529 * page directory table.
1531 if (pmap->pm_pdir == NULL) {
1532 pmap->pm_pdir = (pd_entry_t *)kmem_alloc_nofault(kernel_map,
1534 if (pmap->pm_pdir == NULL) {
1535 PMAP_LOCK_DESTROY(pmap);
1536 #ifdef HAMFISTED_LOCKING
1537 mtx_unlock(&createdelete_lock);
1541 #if defined(XEN) && defined(PAE)
1542 pmap->pm_pdpt = (pd_entry_t *)kmem_alloc_nofault(kernel_map, 1);
1545 #if defined(PAE) && !defined(XEN)
1546 pmap->pm_pdpt = uma_zalloc(pdptzone, M_WAITOK | M_ZERO);
1547 KASSERT(((vm_offset_t)pmap->pm_pdpt &
1548 ((NPGPTD * sizeof(pdpt_entry_t)) - 1)) == 0,
1549 ("pmap_pinit: pdpt misaligned"));
1550 KASSERT(pmap_kextract((vm_offset_t)pmap->pm_pdpt) < (4ULL<<30),
1551 ("pmap_pinit: pdpt above 4g"));
1556 * allocate the page directory page(s)
1558 for (i = 0; i < npgptd;) {
1559 m = vm_page_alloc(NULL, color++,
1560 VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1568 pmap_qenter((vm_offset_t)pmap->pm_pdir, ptdpg, NPGPTD);
1569 for (i = 0; i < NPGPTD; i++) {
1570 if ((ptdpg[i]->flags & PG_ZERO) == 0)
1571 pagezero(&pmap->pm_pdir[i*NPTEPG]);
1574 mtx_lock_spin(&allpmaps_lock);
1575 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1576 mtx_unlock_spin(&allpmaps_lock);
1577 /* Wire in kernel global address entries. */
1579 bcopy(PTD + KPTDI, pmap->pm_pdir + KPTDI, nkpt * sizeof(pd_entry_t));
1582 pmap_qenter((vm_offset_t)pmap->pm_pdpt, &ptdpg[NPGPTD], 1);
1583 if ((ptdpg[NPGPTD]->flags & PG_ZERO) == 0)
1584 bzero(pmap->pm_pdpt, PAGE_SIZE);
1586 for (i = 0; i < NPGPTD; i++) {
1589 ma = xpmap_ptom(VM_PAGE_TO_PHYS(ptdpg[i]));
1590 pmap->pm_pdpt[i] = ma | PG_V;
1595 for (i = 0; i < NPGPTD; i++) {
1599 ma = xpmap_ptom(VM_PAGE_TO_PHYS(ptdpg[i]));
1600 pd = pmap->pm_pdir + (i * NPDEPG);
1601 PT_SET_MA(pd, *vtopte((vm_offset_t)pd) & ~(PG_M|PG_A|PG_U|PG_RW));
1608 PT_SET_MA(pmap->pm_pdpt, *vtopte((vm_offset_t)pmap->pm_pdpt) & ~PG_RW);
1610 vm_page_lock_queues();
1612 xen_pgdpt_pin(xpmap_ptom(VM_PAGE_TO_PHYS(ptdpg[NPGPTD])));
1613 for (i = 0; i < NPGPTD; i++) {
1614 vm_paddr_t ma = xpmap_ptom(VM_PAGE_TO_PHYS(ptdpg[i]));
1615 PT_SET_VA_MA(&pmap->pm_pdir[PTDPTDI + i], ma | PG_V | PG_A, FALSE);
1618 vm_page_unlock_queues();
1620 pmap->pm_active = 0;
1621 TAILQ_INIT(&pmap->pm_pvchunk);
1622 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1624 #ifdef HAMFISTED_LOCKING
1625 mtx_unlock(&createdelete_lock);
1631 * this routine is called if the page table page is not
1635 _pmap_allocpte(pmap_t pmap, unsigned int ptepindex, int flags)
1640 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1641 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1642 ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1645 * Allocate a page table page.
1647 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1648 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1649 if (flags & M_WAITOK) {
1651 vm_page_unlock_queues();
1653 vm_page_lock_queues();
1658 * Indicate the need to retry. While waiting, the page table
1659 * page may have been allocated.
1663 if ((m->flags & PG_ZERO) == 0)
1667 * Map the pagetable page into the process address space, if
1668 * it isn't already there.
1670 pmap->pm_stats.resident_count++;
1672 ptema = xpmap_ptom(VM_PAGE_TO_PHYS(m));
1674 PT_SET_VA_MA(&pmap->pm_pdir[ptepindex],
1675 (ptema | PG_U | PG_RW | PG_V | PG_A | PG_M), TRUE);
1677 KASSERT(pmap->pm_pdir[ptepindex],
1678 ("_pmap_allocpte: ptepindex=%d did not get mapped", ptepindex));
1683 pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
1689 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1690 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1691 ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1694 * Calculate pagetable page index
1696 ptepindex = va >> PDRSHIFT;
1699 * Get the page directory entry
1701 ptema = pmap->pm_pdir[ptepindex];
1704 * This supports switching from a 4MB page to a
1707 if (ptema & PG_PS) {
1711 pmap->pm_pdir[ptepindex] = 0;
1713 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
1714 pmap_invalidate_all(kernel_pmap);
1718 * If the page table page is mapped, we just increment the
1719 * hold count, and activate it.
1722 m = PHYS_TO_VM_PAGE(xpmap_mtop(ptema) & PG_FRAME);
1726 * Here if the pte page isn't mapped, or if it has
1729 CTR3(KTR_PMAP, "pmap_allocpte: pmap=%p va=0x%08x flags=0x%x",
1731 m = _pmap_allocpte(pmap, ptepindex, flags);
1732 if (m == NULL && (flags & M_WAITOK))
1735 KASSERT(pmap->pm_pdir[ptepindex], ("ptepindex=%d did not get mapped", ptepindex));
1741 /***************************************************
1742 * Pmap allocation/deallocation routines.
1743 ***************************************************/
1747 * Deal with a SMP shootdown of other users of the pmap that we are
1748 * trying to dispose of. This can be a bit hairy.
1750 static cpumask_t *lazymask;
1751 static u_int lazyptd;
1752 static volatile u_int lazywait;
1754 void pmap_lazyfix_action(void);
1757 pmap_lazyfix_action(void)
1759 cpumask_t mymask = PCPU_GET(cpumask);
1762 (*ipi_lazypmap_counts[PCPU_GET(cpuid)])++;
1764 if (rcr3() == lazyptd)
1765 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1766 atomic_clear_int(lazymask, mymask);
1767 atomic_store_rel_int(&lazywait, 1);
1771 pmap_lazyfix_self(cpumask_t mymask)
1774 if (rcr3() == lazyptd)
1775 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1776 atomic_clear_int(lazymask, mymask);
1781 pmap_lazyfix(pmap_t pmap)
1783 cpumask_t mymask, mask;
1786 while ((mask = pmap->pm_active) != 0) {
1788 mask = mask & -mask; /* Find least significant set bit */
1789 mtx_lock_spin(&smp_ipi_mtx);
1791 lazyptd = vtophys(pmap->pm_pdpt);
1793 lazyptd = vtophys(pmap->pm_pdir);
1795 mymask = PCPU_GET(cpumask);
1796 if (mask == mymask) {
1797 lazymask = &pmap->pm_active;
1798 pmap_lazyfix_self(mymask);
1800 atomic_store_rel_int((u_int *)&lazymask,
1801 (u_int)&pmap->pm_active);
1802 atomic_store_rel_int(&lazywait, 0);
1803 ipi_selected(mask, IPI_LAZYPMAP);
1804 while (lazywait == 0) {
1810 mtx_unlock_spin(&smp_ipi_mtx);
1812 printf("pmap_lazyfix: spun for 50000000\n");
1819 * Cleaning up on uniprocessor is easy. For various reasons, we're
1820 * unlikely to have to even execute this code, including the fact
1821 * that the cleanup is deferred until the parent does a wait(2), which
1822 * means that another userland process has run.
1825 pmap_lazyfix(pmap_t pmap)
1829 cr3 = vtophys(pmap->pm_pdir);
1830 if (cr3 == rcr3()) {
1831 load_cr3(PCPU_GET(curpcb)->pcb_cr3);
1832 pmap->pm_active &= ~(PCPU_GET(cpumask));
1838 * Release any resources held by the given physical map.
1839 * Called when a pmap initialized by pmap_pinit is being released.
1840 * Should only be called if the map contains no valid mappings.
1843 pmap_release(pmap_t pmap)
1845 vm_page_t m, ptdpg[2*NPGPTD+1];
1850 int npgptd = NPGPTD + 1;
1852 int npgptd = NPGPTD;
1855 int npgptd = NPGPTD;
1857 KASSERT(pmap->pm_stats.resident_count == 0,
1858 ("pmap_release: pmap resident count %ld != 0",
1859 pmap->pm_stats.resident_count));
1862 #ifdef HAMFISTED_LOCKING
1863 mtx_lock(&createdelete_lock);
1867 mtx_lock_spin(&allpmaps_lock);
1868 LIST_REMOVE(pmap, pm_list);
1869 mtx_unlock_spin(&allpmaps_lock);
1871 for (i = 0; i < NPGPTD; i++)
1872 ptdpg[i] = PHYS_TO_VM_PAGE(vtophys(pmap->pm_pdir + (i*NPDEPG)) & PG_FRAME);
1873 pmap_qremove((vm_offset_t)pmap->pm_pdir, NPGPTD);
1874 #if defined(PAE) && defined(XEN)
1875 ptdpg[NPGPTD] = PHYS_TO_VM_PAGE(vtophys(pmap->pm_pdpt));
1878 for (i = 0; i < npgptd; i++) {
1880 ma = xpmap_ptom(VM_PAGE_TO_PHYS(m));
1881 /* unpinning L1 and L2 treated the same */
1890 KASSERT(xpmap_ptom(VM_PAGE_TO_PHYS(m)) == (pmap->pm_pdpt[i] & PG_FRAME),
1891 ("pmap_release: got wrong ptd page"));
1894 atomic_subtract_int(&cnt.v_wire_count, 1);
1898 pmap_qremove((vm_offset_t)pmap->pm_pdpt, 1);
1900 PMAP_LOCK_DESTROY(pmap);
1902 #ifdef HAMFISTED_LOCKING
1903 mtx_unlock(&createdelete_lock);
1908 kvm_size(SYSCTL_HANDLER_ARGS)
1910 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;
1912 return sysctl_handle_long(oidp, &ksize, 0, req);
1914 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
1915 0, 0, kvm_size, "IU", "Size of KVM");
1918 kvm_free(SYSCTL_HANDLER_ARGS)
1920 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1922 return sysctl_handle_long(oidp, &kfree, 0, req);
1924 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
1925 0, 0, kvm_free, "IU", "Amount of KVM free");
1928 * grow the number of kernel page table entries, if needed
1931 pmap_growkernel(vm_offset_t addr)
1934 vm_paddr_t ptppaddr;
1938 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1939 if (kernel_vm_end == 0) {
1940 kernel_vm_end = KERNBASE;
1942 while (pdir_pde(PTD, kernel_vm_end)) {
1943 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1945 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1946 kernel_vm_end = kernel_map->max_offset;
1951 addr = roundup2(addr, PAGE_SIZE * NPTEPG);
1952 if (addr - 1 >= kernel_map->max_offset)
1953 addr = kernel_map->max_offset;
1954 while (kernel_vm_end < addr) {
1955 if (pdir_pde(PTD, kernel_vm_end)) {
1956 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1957 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1958 kernel_vm_end = kernel_map->max_offset;
1965 * This index is bogus, but out of the way
1967 nkpg = vm_page_alloc(NULL, nkpt,
1968 VM_ALLOC_NOOBJ | VM_ALLOC_SYSTEM | VM_ALLOC_WIRED);
1970 panic("pmap_growkernel: no memory to grow kernel");
1974 pmap_zero_page(nkpg);
1975 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
1976 newpdir = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
1977 vm_page_lock_queues();
1978 PD_SET_VA(kernel_pmap, (kernel_vm_end >> PDRSHIFT), newpdir, TRUE);
1979 mtx_lock_spin(&allpmaps_lock);
1980 LIST_FOREACH(pmap, &allpmaps, pm_list)
1981 PD_SET_VA(pmap, (kernel_vm_end >> PDRSHIFT), newpdir, TRUE);
1983 mtx_unlock_spin(&allpmaps_lock);
1984 vm_page_unlock_queues();
1986 kernel_vm_end = (kernel_vm_end + PAGE_SIZE * NPTEPG) & ~(PAGE_SIZE * NPTEPG - 1);
1987 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
1988 kernel_vm_end = kernel_map->max_offset;
1995 /***************************************************
1996 * page management routines.
1997 ***************************************************/
1999 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2000 CTASSERT(_NPCM == 11);
2002 static __inline struct pv_chunk *
2003 pv_to_chunk(pv_entry_t pv)
2006 return (struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK);
2009 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2011 #define PC_FREE0_9 0xfffffffful /* Free values for index 0 through 9 */
2012 #define PC_FREE10 0x0000fffful /* Free values for index 10 */
2014 static uint32_t pc_freemask[11] = {
2015 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2016 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2017 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2018 PC_FREE0_9, PC_FREE10
2021 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2022 "Current number of pv entries");
2025 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2027 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2028 "Current number of pv entry chunks");
2029 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2030 "Current number of pv entry chunks allocated");
2031 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2032 "Current number of pv entry chunks frees");
2033 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2034 "Number of times tried to get a chunk page but failed.");
2036 static long pv_entry_frees, pv_entry_allocs;
2037 static int pv_entry_spare;
2039 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2040 "Current number of pv entry frees");
2041 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2042 "Current number of pv entry allocs");
2043 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2044 "Current number of spare pv entries");
2046 static int pmap_collect_inactive, pmap_collect_active;
2048 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_inactive, CTLFLAG_RD, &pmap_collect_inactive, 0,
2049 "Current number times pmap_collect called on inactive queue");
2050 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_collect_active, CTLFLAG_RD, &pmap_collect_active, 0,
2051 "Current number times pmap_collect called on active queue");
2055 * We are in a serious low memory condition. Resort to
2056 * drastic measures to free some pages so we can allocate
2057 * another pv entry chunk. This is normally called to
2058 * unmap inactive pages, and if necessary, active pages.
2061 pmap_collect(pmap_t locked_pmap, struct vpgqueues *vpq)
2064 pt_entry_t *pte, tpte;
2065 pv_entry_t next_pv, pv;
2070 TAILQ_FOREACH(m, &vpq->pl, pageq) {
2071 if (m->hold_count || m->busy)
2073 TAILQ_FOREACH_SAFE(pv, &m->md.pv_list, pv_list, next_pv) {
2076 /* Avoid deadlock and lock recursion. */
2077 if (pmap > locked_pmap)
2079 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap))
2081 pmap->pm_stats.resident_count--;
2082 pte = pmap_pte_quick(pmap, va);
2083 tpte = pte_load_clear(pte);
2084 KASSERT((tpte & PG_W) == 0,
2085 ("pmap_collect: wired pte %#jx", (uintmax_t)tpte));
2087 vm_page_flag_set(m, PG_REFERENCED);
2089 KASSERT((tpte & PG_RW),
2090 ("pmap_collect: modified page not writable: va: %#x, pte: %#jx",
2091 va, (uintmax_t)tpte));
2095 pmap_unuse_pt(pmap, va, &free);
2096 pmap_invalidate_page(pmap, va);
2097 pmap_free_zero_pages(free);
2098 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2099 if (TAILQ_EMPTY(&m->md.pv_list))
2100 vm_page_flag_clear(m, PG_WRITEABLE);
2101 free_pv_entry(pmap, pv);
2102 if (pmap != locked_pmap)
2111 * free the pv_entry back to the free list
2114 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2117 struct pv_chunk *pc;
2118 int idx, field, bit;
2120 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2121 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2122 PV_STAT(pv_entry_frees++);
2123 PV_STAT(pv_entry_spare++);
2125 pc = pv_to_chunk(pv);
2126 idx = pv - &pc->pc_pventry[0];
2129 pc->pc_map[field] |= 1ul << bit;
2130 /* move to head of list */
2131 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2132 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2133 for (idx = 0; idx < _NPCM; idx++)
2134 if (pc->pc_map[idx] != pc_freemask[idx])
2136 PV_STAT(pv_entry_spare -= _NPCPV);
2137 PV_STAT(pc_chunk_count--);
2138 PV_STAT(pc_chunk_frees++);
2139 /* entire chunk is free, return it */
2140 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2141 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2142 pmap_qremove((vm_offset_t)pc, 1);
2143 vm_page_unwire(m, 0);
2145 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
2149 * get a new pv_entry, allocating a block from the system
2153 get_pv_entry(pmap_t pmap, int try)
2155 static const struct timeval printinterval = { 60, 0 };
2156 static struct timeval lastprint;
2157 static vm_pindex_t colour;
2158 struct vpgqueues *pq;
2161 struct pv_chunk *pc;
2164 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2165 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2166 PV_STAT(pv_entry_allocs++);
2168 if (pv_entry_count > pv_entry_high_water)
2169 if (ratecheck(&lastprint, &printinterval))
2170 printf("Approaching the limit on PV entries, consider "
2171 "increasing either the vm.pmap.shpgperproc or the "
2172 "vm.pmap.pv_entry_max tunable.\n");
2175 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2177 for (field = 0; field < _NPCM; field++) {
2178 if (pc->pc_map[field]) {
2179 bit = bsfl(pc->pc_map[field]);
2183 if (field < _NPCM) {
2184 pv = &pc->pc_pventry[field * 32 + bit];
2185 pc->pc_map[field] &= ~(1ul << bit);
2186 /* If this was the last item, move it to tail */
2187 for (field = 0; field < _NPCM; field++)
2188 if (pc->pc_map[field] != 0) {
2189 PV_STAT(pv_entry_spare--);
2190 return (pv); /* not full, return */
2192 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2193 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2194 PV_STAT(pv_entry_spare--);
2199 * Access to the ptelist "pv_vafree" is synchronized by the page
2200 * queues lock. If "pv_vafree" is currently non-empty, it will
2201 * remain non-empty until pmap_ptelist_alloc() completes.
2203 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, colour, (pq ==
2204 &vm_page_queues[PQ_ACTIVE] ? VM_ALLOC_SYSTEM : VM_ALLOC_NORMAL) |
2205 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
2208 PV_STAT(pc_chunk_tryfail++);
2212 * Reclaim pv entries: At first, destroy mappings to
2213 * inactive pages. After that, if a pv chunk entry
2214 * is still needed, destroy mappings to active pages.
2217 PV_STAT(pmap_collect_inactive++);
2218 pq = &vm_page_queues[PQ_INACTIVE];
2219 } else if (pq == &vm_page_queues[PQ_INACTIVE]) {
2220 PV_STAT(pmap_collect_active++);
2221 pq = &vm_page_queues[PQ_ACTIVE];
2223 panic("get_pv_entry: increase vm.pmap.shpgperproc");
2224 pmap_collect(pmap, pq);
2227 PV_STAT(pc_chunk_count++);
2228 PV_STAT(pc_chunk_allocs++);
2230 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree);
2231 pmap_qenter((vm_offset_t)pc, &m, 1);
2232 if ((m->flags & PG_ZERO) == 0)
2235 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
2236 for (field = 1; field < _NPCM; field++)
2237 pc->pc_map[field] = pc_freemask[field];
2238 pv = &pc->pc_pventry[0];
2239 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2240 PV_STAT(pv_entry_spare += _NPCPV - 1);
2245 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
2249 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2250 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2251 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
2252 if (pmap == PV_PMAP(pv) && va == pv->pv_va)
2255 KASSERT(pv != NULL, ("pmap_remove_entry: pv not found"));
2256 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2257 if (TAILQ_EMPTY(&m->md.pv_list))
2258 vm_page_flag_clear(m, PG_WRITEABLE);
2259 free_pv_entry(pmap, pv);
2263 * Create a pv entry for page at pa for
2267 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2271 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2272 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2273 pv = get_pv_entry(pmap, FALSE);
2275 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
2279 * Conditionally create a pv entry.
2282 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2286 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2287 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2288 if (pv_entry_count < pv_entry_high_water &&
2289 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
2291 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
2298 * pmap_remove_pte: do the things to unmap a page in a process
2301 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va, vm_page_t *free)
2306 CTR3(KTR_PMAP, "pmap_remove_pte: pmap=%p *ptq=0x%x va=0x%x",
2307 pmap, (u_long)*ptq, va);
2309 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2310 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2312 PT_SET_VA_MA(ptq, 0, TRUE);
2314 pmap->pm_stats.wired_count -= 1;
2316 * Machines that don't support invlpg, also don't support
2320 pmap_invalidate_page(kernel_pmap, va);
2321 pmap->pm_stats.resident_count -= 1;
2322 if (oldpte & PG_MANAGED) {
2323 m = PHYS_TO_VM_PAGE(xpmap_mtop(oldpte) & PG_FRAME);
2324 if (oldpte & PG_M) {
2325 KASSERT((oldpte & PG_RW),
2326 ("pmap_remove_pte: modified page not writable: va: %#x, pte: %#jx",
2327 va, (uintmax_t)oldpte));
2331 vm_page_flag_set(m, PG_REFERENCED);
2332 pmap_remove_entry(pmap, m, va);
2334 return (pmap_unuse_pt(pmap, va, free));
2338 * Remove a single page from a process address space
2341 pmap_remove_page(pmap_t pmap, vm_offset_t va, vm_page_t *free)
2345 CTR2(KTR_PMAP, "pmap_remove_page: pmap=%p va=0x%x",
2348 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2349 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
2350 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2351 if ((pte = pmap_pte_quick(pmap, va)) == NULL || (*pte & PG_V) == 0)
2353 pmap_remove_pte(pmap, pte, va, free);
2354 pmap_invalidate_page(pmap, va);
2356 PT_SET_MA(PADDR1, 0);
2361 * Remove the given range of addresses from the specified map.
2363 * It is assumed that the start and end are properly
2364 * rounded to the page size.
2367 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2372 vm_page_t free = NULL;
2375 CTR3(KTR_PMAP, "pmap_remove: pmap=%p sva=0x%x eva=0x%x",
2379 * Perform an unsynchronized read. This is, however, safe.
2381 if (pmap->pm_stats.resident_count == 0)
2386 vm_page_lock_queues();
2391 * special handling of removing one page. a very
2392 * common operation and easy to short circuit some
2395 if ((sva + PAGE_SIZE == eva) &&
2396 ((pmap->pm_pdir[(sva >> PDRSHIFT)] & PG_PS) == 0)) {
2397 pmap_remove_page(pmap, sva, &free);
2401 for (; sva < eva; sva = pdnxt) {
2405 * Calculate index for next page table.
2407 pdnxt = (sva + NBPDR) & ~PDRMASK;
2408 if (pmap->pm_stats.resident_count == 0)
2411 pdirindex = sva >> PDRSHIFT;
2412 ptpaddr = pmap->pm_pdir[pdirindex];
2415 * Weed out invalid mappings. Note: we assume that the page
2416 * directory table is always allocated, and in kernel virtual.
2422 * Check for large page.
2424 if ((ptpaddr & PG_PS) != 0) {
2425 PD_CLEAR_VA(pmap, pdirindex, TRUE);
2426 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
2432 * Limit our scan to either the end of the va represented
2433 * by the current page table page, or to the end of the
2434 * range being removed.
2439 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
2441 if ((*pte & PG_V) == 0)
2445 * The TLB entry for a PG_G mapping is invalidated
2446 * by pmap_remove_pte().
2448 if ((*pte & PG_G) == 0)
2450 if (pmap_remove_pte(pmap, pte, sva, &free))
2456 PT_SET_VA_MA(PMAP1, 0, TRUE);
2459 pmap_invalidate_all(pmap);
2461 vm_page_unlock_queues();
2463 pmap_free_zero_pages(free);
2467 * Routine: pmap_remove_all
2469 * Removes this physical page from
2470 * all physical maps in which it resides.
2471 * Reflects back modify bits to the pager.
2474 * Original versions of this routine were very
2475 * inefficient because they iteratively called
2476 * pmap_remove (slow...)
2480 pmap_remove_all(vm_page_t m)
2484 pt_entry_t *pte, tpte;
2487 #if defined(PMAP_DIAGNOSTIC)
2489 * XXX This makes pmap_remove_all() illegal for non-managed pages!
2491 if (m->flags & PG_FICTITIOUS) {
2492 panic("pmap_remove_all: illegal for unmanaged page, va: 0x%jx",
2493 VM_PAGE_TO_PHYS(m) & 0xffffffff);
2496 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
2498 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2501 pmap->pm_stats.resident_count--;
2502 pte = pmap_pte_quick(pmap, pv->pv_va);
2505 PT_SET_VA_MA(pte, 0, TRUE);
2507 pmap->pm_stats.wired_count--;
2509 vm_page_flag_set(m, PG_REFERENCED);
2512 * Update the vm_page_t clean and reference bits.
2515 KASSERT((tpte & PG_RW),
2516 ("pmap_remove_all: modified page not writable: va: %#x, pte: %#jx",
2517 pv->pv_va, (uintmax_t)tpte));
2521 pmap_unuse_pt(pmap, pv->pv_va, &free);
2522 pmap_invalidate_page(pmap, pv->pv_va);
2523 pmap_free_zero_pages(free);
2524 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2525 free_pv_entry(pmap, pv);
2528 vm_page_flag_clear(m, PG_WRITEABLE);
2531 PT_SET_MA(PADDR1, 0);
2536 * Set the physical protection on the
2537 * specified range of this map as requested.
2540 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2547 CTR4(KTR_PMAP, "pmap_protect: pmap=%p sva=0x%x eva=0x%x prot=0x%x",
2548 pmap, sva, eva, prot);
2550 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2551 pmap_remove(pmap, sva, eva);
2556 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
2557 (VM_PROT_WRITE|VM_PROT_EXECUTE))
2560 if (prot & VM_PROT_WRITE)
2566 vm_page_lock_queues();
2569 for (; sva < eva; sva = pdnxt) {
2570 pt_entry_t obits, pbits;
2573 pdnxt = (sva + NBPDR) & ~PDRMASK;
2575 pdirindex = sva >> PDRSHIFT;
2576 ptpaddr = pmap->pm_pdir[pdirindex];
2579 * Weed out invalid mappings. Note: we assume that the page
2580 * directory table is always allocated, and in kernel virtual.
2586 * Check for large page.
2588 if ((ptpaddr & PG_PS) != 0) {
2589 if ((prot & VM_PROT_WRITE) == 0)
2590 pmap->pm_pdir[pdirindex] &= ~(PG_M|PG_RW);
2592 if ((prot & VM_PROT_EXECUTE) == 0)
2593 pmap->pm_pdir[pdirindex] |= pg_nx;
2602 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
2608 * Regardless of whether a pte is 32 or 64 bits in
2609 * size, PG_RW, PG_A, and PG_M are among the least
2610 * significant 32 bits.
2612 obits = pbits = *pte;
2613 if ((pbits & PG_V) == 0)
2615 if (pbits & PG_MANAGED) {
2618 m = PHYS_TO_VM_PAGE(xpmap_mtop(pbits) & PG_FRAME);
2619 vm_page_flag_set(m, PG_REFERENCED);
2622 if ((pbits & PG_M) != 0) {
2624 m = PHYS_TO_VM_PAGE(xpmap_mtop(pbits) & PG_FRAME);
2629 if ((prot & VM_PROT_WRITE) == 0)
2630 pbits &= ~(PG_RW | PG_M);
2632 if ((prot & VM_PROT_EXECUTE) == 0)
2636 if (pbits != obits) {
2639 PT_SET_VA_MA(pte, pbits, TRUE);
2644 if (!atomic_cmpset_64(pte, obits, pbits))
2647 if (!atomic_cmpset_int((u_int *)pte, obits,
2653 pmap_invalidate_page(pmap, sva);
2661 PT_SET_VA_MA(PMAP1, 0, TRUE);
2663 pmap_invalidate_all(pmap);
2665 vm_page_unlock_queues();
2670 * Insert the given physical page (p) at
2671 * the specified virtual address (v) in the
2672 * target physical map with the protection requested.
2674 * If specified, the page will be wired down, meaning
2675 * that the related pte can not be reclaimed.
2677 * NB: This is the only routine which MAY NOT lazy-evaluate
2678 * or lose information. That is, this routine must actually
2679 * insert this page into the given map NOW.
2682 pmap_enter(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m,
2683 vm_prot_t prot, boolean_t wired)
2689 pt_entry_t origpte, newpte;
2693 CTR6(KTR_PMAP, "pmap_enter: pmap=%08p va=0x%08x access=0x%x ma=0x%08x prot=0x%x wired=%d",
2694 pmap, va, access, xpmap_ptom(VM_PAGE_TO_PHYS(m)), prot, wired);
2695 va = trunc_page(va);
2696 #ifdef PMAP_DIAGNOSTIC
2697 if (va > VM_MAX_KERNEL_ADDRESS)
2698 panic("pmap_enter: toobig");
2699 if ((va >= UPT_MIN_ADDRESS) && (va < UPT_MAX_ADDRESS))
2700 panic("pmap_enter: invalid to pmap_enter page table pages (va: 0x%x)", va);
2705 vm_page_lock_queues();
2710 * In the case that a page table page is not
2711 * resident, we are creating it here.
2713 if (va < VM_MAXUSER_ADDRESS) {
2714 mpte = pmap_allocpte(pmap, va, M_WAITOK);
2716 #if 0 && defined(PMAP_DIAGNOSTIC)
2718 pd_entry_t *pdeaddr = pmap_pde(pmap, va);
2720 if ((origpte & PG_V) == 0) {
2721 panic("pmap_enter: invalid kernel page table page, pdir=%p, pde=%p, va=%p\n",
2722 pmap->pm_pdir[PTDPTDI], origpte, va);
2727 pde = pmap_pde(pmap, va);
2728 if ((*pde & PG_PS) != 0)
2729 panic("pmap_enter: attempted pmap_enter on 4MB page");
2730 pte = pmap_pte_quick(pmap, va);
2733 * Page Directory table entry not valid, we need a new PT page
2736 panic("pmap_enter: invalid page directory pdir=%#jx, va=%#x\n",
2737 (uintmax_t)pmap->pm_pdir[va >> PDRSHIFT], va);
2740 pa = VM_PAGE_TO_PHYS(m);
2745 KASSERT((*pte & PG_V) || (*pte == 0), ("address set but not valid pte=%p *pte=0x%016jx",
2750 origpte = xpmap_mtop(origpte);
2751 opa = origpte & PG_FRAME;
2754 * Mapping has not changed, must be protection or wiring change.
2756 if (origpte && (opa == pa)) {
2758 * Wiring change, just update stats. We don't worry about
2759 * wiring PT pages as they remain resident as long as there
2760 * are valid mappings in them. Hence, if a user page is wired,
2761 * the PT page will be also.
2763 if (wired && ((origpte & PG_W) == 0))
2764 pmap->pm_stats.wired_count++;
2765 else if (!wired && (origpte & PG_W))
2766 pmap->pm_stats.wired_count--;
2769 * Remove extra pte reference
2775 * We might be turning off write access to the page,
2776 * so we go ahead and sense modify status.
2778 if (origpte & PG_MANAGED) {
2785 * Mapping has changed, invalidate old range and fall through to
2786 * handle validating new mapping.
2790 pmap->pm_stats.wired_count--;
2791 if (origpte & PG_MANAGED) {
2792 om = PHYS_TO_VM_PAGE(opa);
2793 pmap_remove_entry(pmap, om, va);
2794 } else if (va < VM_MAXUSER_ADDRESS)
2795 printf("va=0x%x is unmanaged :-( \n", va);
2799 KASSERT(mpte->wire_count > 0,
2800 ("pmap_enter: missing reference to page table page,"
2804 pmap->pm_stats.resident_count++;
2807 * Enter on the PV list if part of our managed memory.
2809 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0) {
2810 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
2811 ("pmap_enter: managed mapping within the clean submap"));
2812 pmap_insert_entry(pmap, va, m);
2817 * Increment counters
2820 pmap->pm_stats.wired_count++;
2824 * Now validate mapping with desired protection/wiring.
2826 newpte = (pt_entry_t)(pa | PG_V);
2827 if ((prot & VM_PROT_WRITE) != 0) {
2829 vm_page_flag_set(m, PG_WRITEABLE);
2832 if ((prot & VM_PROT_EXECUTE) == 0)
2837 if (va < VM_MAXUSER_ADDRESS)
2839 if (pmap == kernel_pmap)
2844 * if the mapping or permission bits are different, we need
2845 * to update the pte.
2847 if ((origpte & ~(PG_M|PG_A)) != newpte) {
2851 PT_SET_VA(pte, newpte | PG_A, FALSE);
2852 if (origpte & PG_A) {
2853 if (origpte & PG_MANAGED)
2854 vm_page_flag_set(om, PG_REFERENCED);
2855 if (opa != VM_PAGE_TO_PHYS(m))
2858 if ((origpte & PG_NX) == 0 &&
2859 (newpte & PG_NX) != 0)
2863 if (origpte & PG_M) {
2864 KASSERT((origpte & PG_RW),
2865 ("pmap_enter: modified page not writable: va: %#x, pte: %#jx",
2866 va, (uintmax_t)origpte));
2867 if ((origpte & PG_MANAGED) != 0)
2869 if ((prot & VM_PROT_WRITE) == 0)
2873 pmap_invalidate_page(pmap, va);
2875 PT_SET_VA(pte, newpte | PG_A, FALSE);
2882 PT_SET_VA_MA(PMAP1, 0, TRUE);
2884 vm_page_unlock_queues();
2889 * Maps a sequence of resident pages belonging to the same object.
2890 * The sequence begins with the given page m_start. This page is
2891 * mapped at the given virtual address start. Each subsequent page is
2892 * mapped at a virtual address that is offset from start by the same
2893 * amount as the page is offset from m_start within the object. The
2894 * last page in the sequence is the page with the largest offset from
2895 * m_start that can be mapped at a virtual address less than the given
2896 * virtual address end. Not every virtual page between start and end
2897 * is mapped; only those for which a resident page exists with the
2898 * corresponding offset from m_start are mapped.
2901 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
2902 vm_page_t m_start, vm_prot_t prot)
2905 vm_pindex_t diff, psize;
2906 multicall_entry_t mcl[16];
2907 multicall_entry_t *mclp = mcl;
2908 int error, count = 0;
2910 VM_OBJECT_LOCK_ASSERT(m_start->object, MA_OWNED);
2911 psize = atop(end - start);
2916 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
2917 mpte = pmap_enter_quick_locked(&mclp, &count, pmap, start + ptoa(diff), m,
2919 m = TAILQ_NEXT(m, listq);
2921 error = HYPERVISOR_multicall(mcl, count);
2922 KASSERT(error == 0, ("bad multicall %d", error));
2928 error = HYPERVISOR_multicall(mcl, count);
2929 KASSERT(error == 0, ("bad multicall %d", error));
2936 * this code makes some *MAJOR* assumptions:
2937 * 1. Current pmap & pmap exists.
2940 * 4. No page table pages.
2941 * but is *MUCH* faster than pmap_enter...
2945 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
2947 multicall_entry_t mcl, *mclp;
2951 CTR4(KTR_PMAP, "pmap_enter_quick: pmap=%p va=0x%x m=%p prot=0x%x",
2955 (void) pmap_enter_quick_locked(&mclp, &count, pmap, va, m, prot, NULL);
2957 HYPERVISOR_multicall(&mcl, count);
2963 pmap_enter_quick_range(pmap_t pmap, vm_offset_t *addrs, vm_page_t *pages, vm_prot_t *prots, int count)
2965 int i, error, index = 0;
2966 multicall_entry_t mcl[16];
2967 multicall_entry_t *mclp = mcl;
2970 for (i = 0; i < count; i++, addrs++, pages++, prots++) {
2971 if (!pmap_is_prefaultable_locked(pmap, *addrs))
2974 (void) pmap_enter_quick_locked(&mclp, &index, pmap, *addrs, *pages, *prots, NULL);
2976 error = HYPERVISOR_multicall(mcl, index);
2979 KASSERT(error == 0, ("bad multicall %d", error));
2983 error = HYPERVISOR_multicall(mcl, index);
2984 KASSERT(error == 0, ("bad multicall %d", error));
2992 pmap_enter_quick_locked(multicall_entry_t **mclpp, int *count, pmap_t pmap, vm_offset_t va, vm_page_t m,
2993 vm_prot_t prot, vm_page_t mpte)
2998 multicall_entry_t *mcl = *mclpp;
3000 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3001 (m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) != 0,
3002 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3003 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3004 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3007 * In the case that a page table page is not
3008 * resident, we are creating it here.
3010 if (va < VM_MAXUSER_ADDRESS) {
3015 * Calculate pagetable page index
3017 ptepindex = va >> PDRSHIFT;
3018 if (mpte && (mpte->pindex == ptepindex)) {
3022 * Get the page directory entry
3024 ptema = pmap->pm_pdir[ptepindex];
3027 * If the page table page is mapped, we just increment
3028 * the hold count, and activate it.
3032 panic("pmap_enter_quick: unexpected mapping into 4MB page");
3033 mpte = PHYS_TO_VM_PAGE(xpmap_mtop(ptema) & PG_FRAME);
3036 mpte = _pmap_allocpte(pmap, ptepindex,
3047 * This call to vtopte makes the assumption that we are
3048 * entering the page into the current pmap. In order to support
3049 * quick entry into any pmap, one would likely use pmap_pte_quick.
3050 * But that isn't as quick as vtopte.
3052 KASSERT(pmap_is_current(pmap), ("entering pages in non-current pmap"));
3063 * Enter on the PV list if part of our managed memory.
3065 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) == 0 &&
3066 !pmap_try_insert_pv_entry(pmap, va, m)) {
3069 if (pmap_unwire_pte_hold(pmap, mpte, &free)) {
3070 pmap_invalidate_page(pmap, va);
3071 pmap_free_zero_pages(free);
3080 * Increment counters
3082 pmap->pm_stats.resident_count++;
3084 pa = VM_PAGE_TO_PHYS(m);
3086 if ((prot & VM_PROT_EXECUTE) == 0)
3092 * Now validate mapping with RO protection
3094 if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
3095 pte_store(pte, pa | PG_V | PG_U);
3097 pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
3100 * Now validate mapping with RO protection
3102 if (m->flags & (PG_FICTITIOUS|PG_UNMANAGED))
3103 pa = xpmap_ptom(pa | PG_V | PG_U);
3105 pa = xpmap_ptom(pa | PG_V | PG_U | PG_MANAGED);
3107 mcl->op = __HYPERVISOR_update_va_mapping;
3109 mcl->args[1] = (uint32_t)(pa & 0xffffffff);
3110 mcl->args[2] = (uint32_t)(pa >> 32);
3113 *count = *count + 1;
3119 * Make a temporary mapping for a physical address. This is only intended
3120 * to be used for panic dumps.
3123 pmap_kenter_temporary(vm_paddr_t pa, int i)
3126 vm_paddr_t ma = xpmap_ptom(pa);
3128 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
3129 PT_SET_MA(va, (ma & ~PAGE_MASK) | PG_V | pgeflag);
3131 return ((void *)crashdumpmap);
3135 * This code maps large physical mmap regions into the
3136 * processor address space. Note that some shortcuts
3137 * are taken, but the code works.
3140 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr,
3141 vm_object_t object, vm_pindex_t pindex,
3146 VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
3147 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3148 ("pmap_object_init_pt: non-device object"));
3150 ((addr & (NBPDR - 1)) == 0) && ((size & (NBPDR - 1)) == 0)) {
3153 unsigned int ptepindex;
3158 if (pmap->pm_pdir[ptepindex = (addr >> PDRSHIFT)])
3162 p = vm_page_lookup(object, pindex);
3164 if (vm_page_sleep_if_busy(p, FALSE, "init4p"))
3167 p = vm_page_alloc(object, pindex, VM_ALLOC_NORMAL);
3172 if (vm_pager_get_pages(object, m, 1, 0) != VM_PAGER_OK) {
3173 vm_page_lock_queues();
3175 vm_page_unlock_queues();
3179 p = vm_page_lookup(object, pindex);
3183 ptepa = VM_PAGE_TO_PHYS(p);
3184 if (ptepa & (NBPDR - 1))
3187 p->valid = VM_PAGE_BITS_ALL;
3190 pmap->pm_stats.resident_count += size >> PAGE_SHIFT;
3191 npdes = size >> PDRSHIFT;
3193 for(i = 0; i < npdes; i++) {
3194 PD_SET_VA(pmap, ptepindex,
3195 ptepa | PG_U | PG_M | PG_RW | PG_V | PG_PS, FALSE);
3199 pmap_invalidate_all(pmap);
3207 * Routine: pmap_change_wiring
3208 * Function: Change the wiring attribute for a map/virtual-address
3210 * In/out conditions:
3211 * The mapping must already exist in the pmap.
3214 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
3218 vm_page_lock_queues();
3220 pte = pmap_pte(pmap, va);
3222 if (wired && !pmap_pte_w(pte)) {
3223 PT_SET_VA_MA((pte), *(pte) | PG_W, TRUE);
3224 pmap->pm_stats.wired_count++;
3225 } else if (!wired && pmap_pte_w(pte)) {
3226 PT_SET_VA_MA((pte), *(pte) & ~PG_W, TRUE);
3227 pmap->pm_stats.wired_count--;
3231 * Wiring is not a hardware characteristic so there is no need to
3234 pmap_pte_release(pte);
3236 vm_page_unlock_queues();
3242 * Copy the range specified by src_addr/len
3243 * from the source map to the range dst_addr/len
3244 * in the destination map.
3246 * This routine is only advisory and need not do anything.
3250 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
3251 vm_offset_t src_addr)
3255 vm_offset_t end_addr = src_addr + len;
3258 if (dst_addr != src_addr)
3261 if (!pmap_is_current(src_pmap)) {
3263 "pmap_copy, skipping: pdir[PTDPTDI]=0x%jx PTDpde[0]=0x%jx",
3264 (src_pmap->pm_pdir[PTDPTDI] & PG_FRAME), (PTDpde[0] & PG_FRAME));
3268 CTR5(KTR_PMAP, "pmap_copy: dst_pmap=%p src_pmap=%p dst_addr=0x%x len=%d src_addr=0x%x",
3269 dst_pmap, src_pmap, dst_addr, len, src_addr);
3271 #ifdef HAMFISTED_LOCKING
3272 mtx_lock(&createdelete_lock);
3275 vm_page_lock_queues();
3276 if (dst_pmap < src_pmap) {
3277 PMAP_LOCK(dst_pmap);
3278 PMAP_LOCK(src_pmap);
3280 PMAP_LOCK(src_pmap);
3281 PMAP_LOCK(dst_pmap);
3284 for (addr = src_addr; addr < end_addr; addr = pdnxt) {
3285 pt_entry_t *src_pte, *dst_pte;
3286 vm_page_t dstmpte, srcmpte;
3287 pd_entry_t srcptepaddr;
3290 if (addr >= UPT_MIN_ADDRESS)
3291 panic("pmap_copy: invalid to pmap_copy page tables");
3293 pdnxt = (addr + NBPDR) & ~PDRMASK;
3294 ptepindex = addr >> PDRSHIFT;
3296 srcptepaddr = PT_GET(&src_pmap->pm_pdir[ptepindex]);
3297 if (srcptepaddr == 0)
3300 if (srcptepaddr & PG_PS) {
3301 if (dst_pmap->pm_pdir[ptepindex] == 0) {
3302 PD_SET_VA(dst_pmap, ptepindex, srcptepaddr & ~PG_W, TRUE);
3303 dst_pmap->pm_stats.resident_count +=
3309 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
3310 if (srcmpte->wire_count == 0)
3311 panic("pmap_copy: source page table page is unused");
3313 if (pdnxt > end_addr)
3316 src_pte = vtopte(addr);
3317 while (addr < pdnxt) {
3321 * we only virtual copy managed pages
3323 if ((ptetemp & PG_MANAGED) != 0) {
3324 dstmpte = pmap_allocpte(dst_pmap, addr,
3326 if (dstmpte == NULL)
3328 dst_pte = pmap_pte_quick(dst_pmap, addr);
3329 if (*dst_pte == 0 &&
3330 pmap_try_insert_pv_entry(dst_pmap, addr,
3331 PHYS_TO_VM_PAGE(xpmap_mtop(ptetemp) & PG_FRAME))) {
3333 * Clear the wired, modified, and
3334 * accessed (referenced) bits
3337 KASSERT(ptetemp != 0, ("src_pte not set"));
3338 PT_SET_VA_MA(dst_pte, ptetemp & ~(PG_W | PG_M | PG_A), TRUE /* XXX debug */);
3339 KASSERT(*dst_pte == (ptetemp & ~(PG_W | PG_M | PG_A)),
3340 ("no pmap copy expected: 0x%jx saw: 0x%jx",
3341 ptetemp & ~(PG_W | PG_M | PG_A), *dst_pte));
3342 dst_pmap->pm_stats.resident_count++;
3345 if (pmap_unwire_pte_hold(dst_pmap,
3347 pmap_invalidate_page(dst_pmap,
3349 pmap_free_zero_pages(free);
3352 if (dstmpte->wire_count >= srcmpte->wire_count)
3361 vm_page_unlock_queues();
3362 PMAP_UNLOCK(src_pmap);
3363 PMAP_UNLOCK(dst_pmap);
3365 #ifdef HAMFISTED_LOCKING
3366 mtx_unlock(&createdelete_lock);
3370 static __inline void
3371 pagezero(void *page)
3373 #if defined(I686_CPU)
3374 if (cpu_class == CPUCLASS_686) {
3375 #if defined(CPU_ENABLE_SSE)
3376 if (cpu_feature & CPUID_SSE2)
3377 sse2_pagezero(page);
3380 i686_pagezero(page);
3383 bzero(page, PAGE_SIZE);
3387 * pmap_zero_page zeros the specified hardware page by mapping
3388 * the page into KVM and using bzero to clear its contents.
3391 pmap_zero_page(vm_page_t m)
3393 struct sysmaps *sysmaps;
3395 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
3396 mtx_lock(&sysmaps->lock);
3397 if (*sysmaps->CMAP2)
3398 panic("pmap_zero_page: CMAP2 busy");
3400 PT_SET_MA(sysmaps->CADDR2, PG_V | PG_RW | xpmap_ptom(VM_PAGE_TO_PHYS(m)) | PG_A | PG_M);
3401 pagezero(sysmaps->CADDR2);
3402 PT_SET_MA(sysmaps->CADDR2, 0);
3404 mtx_unlock(&sysmaps->lock);
3408 * pmap_zero_page_area zeros the specified hardware page by mapping
3409 * the page into KVM and using bzero to clear its contents.
3411 * off and size may not cover an area beyond a single hardware page.
3414 pmap_zero_page_area(vm_page_t m, int off, int size)
3416 struct sysmaps *sysmaps;
3418 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
3419 mtx_lock(&sysmaps->lock);
3420 if (*sysmaps->CMAP2)
3421 panic("pmap_zero_page: CMAP2 busy");
3423 PT_SET_MA(sysmaps->CADDR2, PG_V | PG_RW | xpmap_ptom(VM_PAGE_TO_PHYS(m)) | PG_A | PG_M);
3425 if (off == 0 && size == PAGE_SIZE)
3426 pagezero(sysmaps->CADDR2);
3428 bzero((char *)sysmaps->CADDR2 + off, size);
3429 PT_SET_MA(sysmaps->CADDR2, 0);
3431 mtx_unlock(&sysmaps->lock);
3435 * pmap_zero_page_idle zeros the specified hardware page by mapping
3436 * the page into KVM and using bzero to clear its contents. This
3437 * is intended to be called from the vm_pagezero process only and
3441 pmap_zero_page_idle(vm_page_t m)
3445 panic("pmap_zero_page: CMAP3 busy");
3447 PT_SET_MA(CADDR3, PG_V | PG_RW | xpmap_ptom(VM_PAGE_TO_PHYS(m)) | PG_A | PG_M);
3449 PT_SET_MA(CADDR3, 0);
3454 * pmap_copy_page copies the specified (machine independent)
3455 * page by mapping the page into virtual memory and using
3456 * bcopy to copy the page, one machine dependent page at a
3460 pmap_copy_page(vm_page_t src, vm_page_t dst)
3462 struct sysmaps *sysmaps;
3464 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
3465 mtx_lock(&sysmaps->lock);
3466 if (*sysmaps->CMAP1)
3467 panic("pmap_copy_page: CMAP1 busy");
3468 if (*sysmaps->CMAP2)
3469 panic("pmap_copy_page: CMAP2 busy");
3471 PT_SET_MA(sysmaps->CADDR1, PG_V | xpmap_ptom(VM_PAGE_TO_PHYS(src)) | PG_A);
3472 PT_SET_MA(sysmaps->CADDR2, PG_V | PG_RW | xpmap_ptom(VM_PAGE_TO_PHYS(dst)) | PG_A | PG_M);
3473 bcopy(sysmaps->CADDR1, sysmaps->CADDR2, PAGE_SIZE);
3474 PT_SET_MA(sysmaps->CADDR1, 0);
3475 PT_SET_MA(sysmaps->CADDR2, 0);
3477 mtx_unlock(&sysmaps->lock);
3481 * Returns true if the pmap's pv is one of the first
3482 * 16 pvs linked to from this page. This count may
3483 * be changed upwards or downwards in the future; it
3484 * is only necessary that true be returned for a small
3485 * subset of pmaps for proper page aging.
3488 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3493 if (m->flags & PG_FICTITIOUS)
3496 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3497 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3498 if (PV_PMAP(pv) == pmap) {
3509 * pmap_page_wired_mappings:
3511 * Return the number of managed mappings to the given physical page
3515 pmap_page_wired_mappings(vm_page_t m)
3523 if ((m->flags & PG_FICTITIOUS) != 0)
3525 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3527 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3530 pte = pmap_pte_quick(pmap, pv->pv_va);
3531 if ((*pte & PG_W) != 0)
3540 * Returns TRUE if the given page is mapped individually or as part of
3541 * a 4mpage. Otherwise, returns FALSE.
3544 pmap_page_is_mapped(vm_page_t m)
3546 struct md_page *pvh;
3548 if ((m->flags & (PG_FICTITIOUS | PG_UNMANAGED)) != 0)
3550 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3551 if (TAILQ_EMPTY(&m->md.pv_list)) {
3552 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3553 return (!TAILQ_EMPTY(&pvh->pv_list));
3559 * Remove all pages from specified address space
3560 * this aids process exit speeds. Also, this code
3561 * is special cased for current process only, but
3562 * can have the more generic (and slightly slower)
3563 * mode enabled. This is much faster than pmap_remove
3564 * in the case of running down an entire address space.
3567 pmap_remove_pages(pmap_t pmap)
3569 pt_entry_t *pte, tpte;
3570 vm_page_t m, free = NULL;
3572 struct pv_chunk *pc, *npc;
3575 uint32_t inuse, bitmask;
3578 CTR1(KTR_PMAP, "pmap_remove_pages: pmap=%p", pmap);
3580 if (pmap != vmspace_pmap(curthread->td_proc->p_vmspace)) {
3581 printf("warning: pmap_remove_pages called with non-current pmap\n");
3584 vm_page_lock_queues();
3585 KASSERT(pmap_is_current(pmap), ("removing pages from non-current pmap"));
3588 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3590 for (field = 0; field < _NPCM; field++) {
3591 inuse = (~(pc->pc_map[field])) & pc_freemask[field];
3592 while (inuse != 0) {
3594 bitmask = 1UL << bit;
3595 idx = field * 32 + bit;
3596 pv = &pc->pc_pventry[idx];
3599 pte = vtopte(pv->pv_va);
3600 tpte = *pte ? xpmap_mtop(*pte) : 0;
3604 "TPTE at %p IS ZERO @ VA %08x\n",
3610 * We cannot remove wired pages from a process' mapping at this time
3617 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
3618 KASSERT(m->phys_addr == (tpte & PG_FRAME),
3619 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
3620 m, (uintmax_t)m->phys_addr,
3623 KASSERT(m < &vm_page_array[vm_page_array_size],
3624 ("pmap_remove_pages: bad tpte %#jx",
3628 PT_CLEAR_VA(pte, FALSE);
3631 * Update the vm_page_t clean/reference bits.
3636 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3637 if (TAILQ_EMPTY(&m->md.pv_list))
3638 vm_page_flag_clear(m, PG_WRITEABLE);
3640 pmap_unuse_pt(pmap, pv->pv_va, &free);
3643 PV_STAT(pv_entry_frees++);
3644 PV_STAT(pv_entry_spare++);
3646 pc->pc_map[field] |= bitmask;
3647 pmap->pm_stats.resident_count--;
3652 PV_STAT(pv_entry_spare -= _NPCPV);
3653 PV_STAT(pc_chunk_count--);
3654 PV_STAT(pc_chunk_frees++);
3655 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3656 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
3657 pmap_qremove((vm_offset_t)pc, 1);
3658 vm_page_unwire(m, 0);
3660 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
3665 PT_SET_MA(PADDR1, 0);
3668 pmap_invalidate_all(pmap);
3669 vm_page_unlock_queues();
3671 pmap_free_zero_pages(free);
3677 * Return whether or not the specified physical page was modified
3678 * in any physical maps.
3681 pmap_is_modified(vm_page_t m)
3689 if (m->flags & PG_FICTITIOUS)
3693 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3694 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3697 pte = pmap_pte_quick(pmap, pv->pv_va);
3698 rv = (*pte & PG_M) != 0;
3704 PT_SET_MA(PADDR1, 0);
3710 * pmap_is_prefaultable:
3712 * Return whether or not the specified virtual address is elgible
3716 pmap_is_prefaultable_locked(pmap_t pmap, vm_offset_t addr)
3719 boolean_t rv = FALSE;
3723 if (pmap_is_current(pmap) && *pmap_pde(pmap, addr)) {
3731 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3736 rv = pmap_is_prefaultable_locked(pmap, addr);
3742 pmap_map_readonly(pmap_t pmap, vm_offset_t va, int len)
3744 int i, npages = round_page(len) >> PAGE_SHIFT;
3745 for (i = 0; i < npages; i++) {
3747 pte = pmap_pte(pmap, (vm_offset_t)(va + i*PAGE_SIZE));
3748 vm_page_lock_queues();
3749 pte_store(pte, xpmap_mtop(*pte & ~(PG_RW|PG_M)));
3750 vm_page_unlock_queues();
3751 PMAP_MARK_PRIV(xpmap_mtop(*pte));
3752 pmap_pte_release(pte);
3757 pmap_map_readwrite(pmap_t pmap, vm_offset_t va, int len)
3759 int i, npages = round_page(len) >> PAGE_SHIFT;
3760 for (i = 0; i < npages; i++) {
3762 pte = pmap_pte(pmap, (vm_offset_t)(va + i*PAGE_SIZE));
3763 PMAP_MARK_UNPRIV(xpmap_mtop(*pte));
3764 vm_page_lock_queues();
3765 pte_store(pte, xpmap_mtop(*pte) | (PG_RW|PG_M));
3766 vm_page_unlock_queues();
3767 pmap_pte_release(pte);
3772 * Clear the write and modified bits in each of the given page's mappings.
3775 pmap_remove_write(vm_page_t m)
3779 pt_entry_t oldpte, *pte;
3781 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3782 if ((m->flags & PG_FICTITIOUS) != 0 ||
3783 (m->flags & PG_WRITEABLE) == 0)
3786 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3789 pte = pmap_pte_quick(pmap, pv->pv_va);
3792 if ((oldpte & PG_RW) != 0) {
3793 vm_paddr_t newpte = oldpte & ~(PG_RW | PG_M);
3796 * Regardless of whether a pte is 32 or 64 bits
3797 * in size, PG_RW and PG_M are among the least
3798 * significant 32 bits.
3800 PT_SET_VA_MA(pte, newpte, TRUE);
3804 if ((oldpte & PG_M) != 0)
3806 pmap_invalidate_page(pmap, pv->pv_va);
3810 vm_page_flag_clear(m, PG_WRITEABLE);
3813 PT_SET_MA(PADDR1, 0);
3818 * pmap_ts_referenced:
3820 * Return a count of reference bits for a page, clearing those bits.
3821 * It is not necessary for every reference bit to be cleared, but it
3822 * is necessary that 0 only be returned when there are truly no
3823 * reference bits set.
3825 * XXX: The exact number of bits to check and clear is a matter that
3826 * should be tested and standardized at some point in the future for
3827 * optimal aging of shared pages.
3830 pmap_ts_referenced(vm_page_t m)
3832 pv_entry_t pv, pvf, pvn;
3837 if (m->flags & PG_FICTITIOUS)
3840 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3841 if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3844 pvn = TAILQ_NEXT(pv, pv_list);
3845 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3846 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
3849 pte = pmap_pte_quick(pmap, pv->pv_va);
3850 if ((*pte & PG_A) != 0) {
3851 PT_SET_VA_MA(pte, *pte & ~PG_A, FALSE);
3852 pmap_invalidate_page(pmap, pv->pv_va);
3858 } while ((pv = pvn) != NULL && pv != pvf);
3862 PT_SET_MA(PADDR1, 0);
3869 * Clear the modify bits on the specified physical page.
3872 pmap_clear_modify(vm_page_t m)
3878 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3879 if ((m->flags & PG_FICTITIOUS) != 0)
3882 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3885 pte = pmap_pte_quick(pmap, pv->pv_va);
3886 if ((*pte & PG_M) != 0) {
3888 * Regardless of whether a pte is 32 or 64 bits
3889 * in size, PG_M is among the least significant
3892 PT_SET_VA_MA(pte, *pte & ~PG_M, FALSE);
3893 pmap_invalidate_page(pmap, pv->pv_va);
3901 * pmap_clear_reference:
3903 * Clear the reference bit on the specified physical page.
3906 pmap_clear_reference(vm_page_t m)
3912 mtx_assert(&vm_page_queue_mtx, MA_OWNED);
3913 if ((m->flags & PG_FICTITIOUS) != 0)
3916 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
3919 pte = pmap_pte_quick(pmap, pv->pv_va);
3920 if ((*pte & PG_A) != 0) {
3922 * Regardless of whether a pte is 32 or 64 bits
3923 * in size, PG_A is among the least significant
3926 PT_SET_VA_MA(pte, *pte & ~PG_A, FALSE);
3927 pmap_invalidate_page(pmap, pv->pv_va);
3935 * Miscellaneous support routines follow
3939 * Map a set of physical memory pages into the kernel virtual
3940 * address space. Return a pointer to where it is mapped. This
3941 * routine is intended to be used for mapping device memory,
3945 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
3947 vm_offset_t va, offset;
3950 offset = pa & PAGE_MASK;
3951 size = roundup(offset + size, PAGE_SIZE);
3954 if (pa < KERNLOAD && pa + size <= KERNLOAD)
3957 va = kmem_alloc_nofault(kernel_map, size);
3959 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
3961 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
3962 pmap_kenter_attr(va + tmpsize, pa + tmpsize, mode);
3963 pmap_invalidate_range(kernel_pmap, va, va + tmpsize);
3964 pmap_invalidate_cache_range(va, va + size);
3965 return ((void *)(va + offset));
3969 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
3972 return (pmap_mapdev_attr(pa, size, PAT_UNCACHEABLE));
3976 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
3979 return (pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
3983 pmap_unmapdev(vm_offset_t va, vm_size_t size)
3985 vm_offset_t base, offset, tmpva;
3987 if (va >= KERNBASE && va + size <= KERNBASE + KERNLOAD)
3989 base = trunc_page(va);
3990 offset = va & PAGE_MASK;
3991 size = roundup(offset + size, PAGE_SIZE);
3993 for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE)
3994 pmap_kremove(tmpva);
3995 pmap_invalidate_range(kernel_pmap, va, tmpva);
3997 kmem_free(kernel_map, base, size);
4001 * Sets the memory attribute for the specified page.
4004 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4006 struct sysmaps *sysmaps;
4007 vm_offset_t sva, eva;
4009 m->md.pat_mode = ma;
4010 if ((m->flags & PG_FICTITIOUS) != 0)
4014 * If "m" is a normal page, flush it from the cache.
4015 * See pmap_invalidate_cache_range().
4017 * First, try to find an existing mapping of the page by sf
4018 * buffer. sf_buf_invalidate_cache() modifies mapping and
4019 * flushes the cache.
4021 if (sf_buf_invalidate_cache(m))
4025 * If page is not mapped by sf buffer, but CPU does not
4026 * support self snoop, map the page transient and do
4027 * invalidation. In the worst case, whole cache is flushed by
4028 * pmap_invalidate_cache_range().
4030 if ((cpu_feature & (CPUID_SS|CPUID_CLFSH)) == CPUID_CLFSH) {
4031 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4032 mtx_lock(&sysmaps->lock);
4033 if (*sysmaps->CMAP2)
4034 panic("pmap_page_set_memattr: CMAP2 busy");
4036 PT_SET_MA(sysmaps->CADDR2, PG_V | PG_RW |
4037 xpmap_ptom(VM_PAGE_TO_PHYS(m)) | PG_A | PG_M |
4038 pmap_cache_bits(m->md.pat_mode, 0));
4039 invlcaddr(sysmaps->CADDR2);
4040 sva = (vm_offset_t)sysmaps->CADDR2;
4041 eva = sva + PAGE_SIZE;
4043 sva = eva = 0; /* gcc */
4044 pmap_invalidate_cache_range(sva, eva);
4046 PT_SET_MA(sysmaps->CADDR2, 0);
4048 mtx_unlock(&sysmaps->lock);
4053 pmap_change_attr(va, size, mode)
4058 vm_offset_t base, offset, tmpva;
4064 base = trunc_page(va);
4065 offset = va & PAGE_MASK;
4066 size = roundup(offset + size, PAGE_SIZE);
4068 /* Only supported on kernel virtual addresses. */
4069 if (base <= VM_MAXUSER_ADDRESS)
4072 /* 4MB pages and pages that aren't mapped aren't supported. */
4073 for (tmpva = base; tmpva < (base + size); tmpva += PAGE_SIZE) {
4074 pde = pmap_pde(kernel_pmap, tmpva);
4077 if ((*pde & PG_V) == 0)
4080 if ((*pte & PG_V) == 0)
4087 * Ok, all the pages exist and are 4k, so run through them updating
4090 for (tmpva = base; size > 0; ) {
4091 pte = vtopte(tmpva);
4094 * The cache mode bits are all in the low 32-bits of the
4095 * PTE, so we can just spin on updating the low 32-bits.
4098 opte = *(u_int *)pte;
4099 npte = opte & ~(PG_PTE_PAT | PG_NC_PCD | PG_NC_PWT);
4100 npte |= pmap_cache_bits(mode, 0);
4101 PT_SET_VA_MA(pte, npte, TRUE);
4102 } while (npte != opte && (*pte != npte));
4110 * Flush CPU caches to make sure any data isn't cached that shouldn't
4114 pmap_invalidate_range(kernel_pmap, base, tmpva);
4115 pmap_invalidate_cache_range(base, tmpva);
4121 * perform the pmap work for mincore
4124 pmap_mincore(pmap_t pmap, vm_offset_t addr)
4126 pt_entry_t *ptep, pte;
4131 ptep = pmap_pte(pmap, addr);
4132 pte = (ptep != NULL) ? PT_GET(ptep) : 0;
4133 pmap_pte_release(ptep);
4139 val = MINCORE_INCORE;
4140 if ((pte & PG_MANAGED) == 0)
4143 pa = pte & PG_FRAME;
4145 m = PHYS_TO_VM_PAGE(pa);
4151 val |= MINCORE_MODIFIED|MINCORE_MODIFIED_OTHER;
4154 * Modified by someone else
4156 vm_page_lock_queues();
4157 if (m->dirty || pmap_is_modified(m))
4158 val |= MINCORE_MODIFIED_OTHER;
4159 vm_page_unlock_queues();
4165 val |= MINCORE_REFERENCED|MINCORE_REFERENCED_OTHER;
4168 * Referenced by someone else
4170 vm_page_lock_queues();
4171 if ((m->flags & PG_REFERENCED) ||
4172 pmap_ts_referenced(m)) {
4173 val |= MINCORE_REFERENCED_OTHER;
4174 vm_page_flag_set(m, PG_REFERENCED);
4176 vm_page_unlock_queues();
4183 pmap_activate(struct thread *td)
4185 pmap_t pmap, oldpmap;
4189 pmap = vmspace_pmap(td->td_proc->p_vmspace);
4190 oldpmap = PCPU_GET(curpmap);
4192 atomic_clear_int(&oldpmap->pm_active, PCPU_GET(cpumask));
4193 atomic_set_int(&pmap->pm_active, PCPU_GET(cpumask));
4195 oldpmap->pm_active &= ~1;
4196 pmap->pm_active |= 1;
4199 cr3 = vtophys(pmap->pm_pdpt);
4201 cr3 = vtophys(pmap->pm_pdir);
4204 * pmap_activate is for the current thread on the current cpu
4206 td->td_pcb->pcb_cr3 = cr3;
4209 PCPU_SET(curpmap, pmap);
4214 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
4219 * Increase the starting virtual address of the given mapping if a
4220 * different alignment might result in more superpage mappings.
4223 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4224 vm_offset_t *addr, vm_size_t size)
4226 vm_offset_t superpage_offset;
4230 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
4231 offset += ptoa(object->pg_color);
4232 superpage_offset = offset & PDRMASK;
4233 if (size - ((NBPDR - superpage_offset) & PDRMASK) < NBPDR ||
4234 (*addr & PDRMASK) == superpage_offset)
4236 if ((*addr & PDRMASK) < superpage_offset)
4237 *addr = (*addr & ~PDRMASK) + superpage_offset;
4239 *addr = ((*addr + PDRMASK) & ~PDRMASK) + superpage_offset;
4248 int i, pdir, offset;
4253 * We need to remove the recursive mapping structure from all
4254 * our pmaps so that Xen doesn't get confused when it restores
4255 * the page tables. The recursive map lives at page directory
4256 * index PTDPTDI. We assume that the suspend code has stopped
4257 * the other vcpus (if any).
4259 LIST_FOREACH(pmap, &allpmaps, pm_list) {
4260 for (i = 0; i < 4; i++) {
4262 * Figure out which page directory (L2) page
4263 * contains this bit of the recursive map and
4264 * the offset within that page of the map
4267 pdir = (PTDPTDI + i) / NPDEPG;
4268 offset = (PTDPTDI + i) % NPDEPG;
4269 pdirma = pmap->pm_pdpt[pdir] & PG_FRAME;
4270 mu[i].ptr = pdirma + offset * sizeof(pd_entry_t);
4273 HYPERVISOR_mmu_update(mu, 4, NULL, DOMID_SELF);
4281 int i, pdir, offset;
4286 * Restore the recursive map that we removed on suspend.
4288 LIST_FOREACH(pmap, &allpmaps, pm_list) {
4289 for (i = 0; i < 4; i++) {
4291 * Figure out which page directory (L2) page
4292 * contains this bit of the recursive map and
4293 * the offset within that page of the map
4296 pdir = (PTDPTDI + i) / NPDEPG;
4297 offset = (PTDPTDI + i) % NPDEPG;
4298 pdirma = pmap->pm_pdpt[pdir] & PG_FRAME;
4299 mu[i].ptr = pdirma + offset * sizeof(pd_entry_t);
4300 mu[i].val = (pmap->pm_pdpt[i] & PG_FRAME) | PG_V;
4302 HYPERVISOR_mmu_update(mu, 4, NULL, DOMID_SELF);
4308 #if defined(PMAP_DEBUG)
4309 pmap_pid_dump(int pid)
4316 sx_slock(&allproc_lock);
4317 FOREACH_PROC_IN_SYSTEM(p) {
4318 if (p->p_pid != pid)
4324 pmap = vmspace_pmap(p->p_vmspace);
4325 for (i = 0; i < NPDEPTD; i++) {
4328 vm_offset_t base = i << PDRSHIFT;
4330 pde = &pmap->pm_pdir[i];
4331 if (pde && pmap_pde_v(pde)) {
4332 for (j = 0; j < NPTEPG; j++) {
4333 vm_offset_t va = base + (j << PAGE_SHIFT);
4334 if (va >= (vm_offset_t) VM_MIN_KERNEL_ADDRESS) {
4339 sx_sunlock(&allproc_lock);
4342 pte = pmap_pte(pmap, va);
4343 if (pte && pmap_pte_v(pte)) {
4347 m = PHYS_TO_VM_PAGE(pa & PG_FRAME);
4348 printf("va: 0x%x, pt: 0x%x, h: %d, w: %d, f: 0x%x",
4349 va, pa, m->hold_count, m->wire_count, m->flags);
4364 sx_sunlock(&allproc_lock);
4371 static void pads(pmap_t pm);
4372 void pmap_pvdump(vm_paddr_t pa);
4374 /* print address space of pmap*/
4382 if (pm == kernel_pmap)
4384 for (i = 0; i < NPDEPTD; i++)
4386 for (j = 0; j < NPTEPG; j++) {
4387 va = (i << PDRSHIFT) + (j << PAGE_SHIFT);
4388 if (pm == kernel_pmap && va < KERNBASE)
4390 if (pm != kernel_pmap && va > UPT_MAX_ADDRESS)
4392 ptep = pmap_pte(pm, va);
4393 if (pmap_pte_v(ptep))
4394 printf("%x:%x ", va, *ptep);
4400 pmap_pvdump(vm_paddr_t pa)
4406 printf("pa %x", pa);
4407 m = PHYS_TO_VM_PAGE(pa);
4408 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4410 printf(" -> pmap %p, va %x", (void *)pmap, pv->pv_va);
projects / FreeBSD / stable / 8.git / blob