2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2018 Matthew Macy
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #include <sys/param.h>
32 #include <sys/kernel.h>
33 #include <sys/systm.h>
35 #include <sys/bitstring.h>
36 #include <sys/queue.h>
37 #include <sys/cpuset.h>
38 #include <sys/endian.h>
39 #include <sys/kerneldump.h>
42 #include <sys/syslog.h>
43 #include <sys/msgbuf.h>
44 #include <sys/malloc.h>
46 #include <sys/mutex.h>
48 #include <sys/rwlock.h>
49 #include <sys/sched.h>
50 #include <sys/sysctl.h>
51 #include <sys/systm.h>
53 #include <sys/vmmeter.h>
58 #include <dev/ofw/openfirm.h>
62 #include <vm/vm_param.h>
63 #include <vm/vm_kern.h>
64 #include <vm/vm_page.h>
65 #include <vm/vm_map.h>
66 #include <vm/vm_object.h>
67 #include <vm/vm_extern.h>
68 #include <vm/vm_pageout.h>
69 #include <vm/vm_phys.h>
70 #include <vm/vm_reserv.h>
73 #include <machine/_inttypes.h>
74 #include <machine/cpu.h>
75 #include <machine/platform.h>
76 #include <machine/frame.h>
77 #include <machine/md_var.h>
78 #include <machine/psl.h>
79 #include <machine/bat.h>
80 #include <machine/hid.h>
81 #include <machine/pte.h>
82 #include <machine/sr.h>
83 #include <machine/trap.h>
84 #include <machine/mmuvar.h>
87 #include <vm/uma_dbg.h>
90 #define PPC_BITLSHIFT(bit) (sizeof(long)*NBBY - 1 - (bit))
91 #define PPC_BIT(bit) (1UL << PPC_BITLSHIFT(bit))
92 #define PPC_BITLSHIFT_VAL(val, bit) ((val) << PPC_BITLSHIFT(bit))
96 static void pmap_pte_walk(pml1_entry_t *l1, vm_offset_t va);
99 #define PG_W RPTE_WIRED
100 #define PG_V RPTE_VALID
101 #define PG_MANAGED RPTE_MANAGED
102 #define PG_PROMOTED RPTE_PROMOTED
105 #define PG_X RPTE_EAA_X
106 #define PG_RW RPTE_EAA_W
107 #define PG_PTE_CACHE RPTE_ATTR_MASK
110 #define NLS_MASK ((1UL<<5)-1)
111 #define RPTE_ENTRIES (1UL<<RPTE_SHIFT)
112 #define RPTE_MASK (RPTE_ENTRIES-1)
115 #define NLB_MASK (((1UL<<52)-1) << 8)
118 extern caddr_t crashdumpmap;
120 #define RIC_FLUSH_TLB 0
121 #define RIC_FLUSH_PWC 1
122 #define RIC_FLUSH_ALL 2
124 #define POWER9_TLB_SETS_RADIX 128 /* # sets in POWER9 TLB Radix mode */
126 #define PPC_INST_TLBIE 0x7c000264
127 #define PPC_INST_TLBIEL 0x7c000224
128 #define PPC_INST_SLBIA 0x7c0003e4
130 #define ___PPC_RA(a) (((a) & 0x1f) << 16)
131 #define ___PPC_RB(b) (((b) & 0x1f) << 11)
132 #define ___PPC_RS(s) (((s) & 0x1f) << 21)
133 #define ___PPC_RT(t) ___PPC_RS(t)
134 #define ___PPC_R(r) (((r) & 0x1) << 16)
135 #define ___PPC_PRS(prs) (((prs) & 0x1) << 17)
136 #define ___PPC_RIC(ric) (((ric) & 0x3) << 18)
138 #define PPC_SLBIA(IH) __XSTRING(.long PPC_INST_SLBIA | \
140 #define PPC_TLBIE_5(rb,rs,ric,prs,r) \
141 __XSTRING(.long PPC_INST_TLBIE | \
142 ___PPC_RB(rb) | ___PPC_RS(rs) | \
143 ___PPC_RIC(ric) | ___PPC_PRS(prs) | \
146 #define PPC_TLBIEL(rb,rs,ric,prs,r) \
147 __XSTRING(.long PPC_INST_TLBIEL | \
148 ___PPC_RB(rb) | ___PPC_RS(rs) | \
149 ___PPC_RIC(ric) | ___PPC_PRS(prs) | \
152 #define PPC_INVALIDATE_ERAT PPC_SLBIA(7)
157 __asm __volatile("eieio; tlbsync; ptesync" ::: "memory");
160 #define TLBIEL_INVAL_SEL_MASK 0xc00 /* invalidation selector */
161 #define TLBIEL_INVAL_PAGE 0x000 /* invalidate a single page */
162 #define TLBIEL_INVAL_SET_PID 0x400 /* invalidate a set for the current PID */
163 #define TLBIEL_INVAL_SET_LPID 0x800 /* invalidate a set for current LPID */
164 #define TLBIEL_INVAL_SET 0xc00 /* invalidate a set for all LPIDs */
166 #define TLBIE_ACTUAL_PAGE_MASK 0xe0
167 #define TLBIE_ACTUAL_PAGE_4K 0x00
168 #define TLBIE_ACTUAL_PAGE_64K 0xa0
169 #define TLBIE_ACTUAL_PAGE_2M 0x20
170 #define TLBIE_ACTUAL_PAGE_1G 0x40
172 #define TLBIE_PRS_PARTITION_SCOPE 0x0
173 #define TLBIE_PRS_PROCESS_SCOPE 0x1
175 #define TLBIE_RIC_INVALIDATE_TLB 0x0 /* Invalidate just TLB */
176 #define TLBIE_RIC_INVALIDATE_PWC 0x1 /* Invalidate just PWC */
177 #define TLBIE_RIC_INVALIDATE_ALL 0x2 /* Invalidate TLB, PWC,
178 * cached {proc, part}tab entries
180 #define TLBIE_RIC_INVALIDATE_SEQ 0x3 /* HPT - only:
181 * Invalidate a range of translations
184 static __always_inline void
185 radix_tlbie(uint8_t ric, uint8_t prs, uint16_t is, uint32_t pid, uint32_t lpid,
186 vm_offset_t va, uint16_t ap)
190 MPASS((va & PAGE_MASK) == 0);
192 rs = ((uint64_t)pid << 32) | lpid;
194 __asm __volatile(PPC_TLBIE_5(%0, %1, %2, %3, 1) : :
195 "r" (rb), "r" (rs), "i" (ric), "i" (prs));
199 radix_tlbie_invlpg_user_4k(uint32_t pid, vm_offset_t va)
202 radix_tlbie(TLBIE_RIC_INVALIDATE_TLB, TLBIE_PRS_PROCESS_SCOPE,
203 TLBIEL_INVAL_PAGE, pid, 0, va, TLBIE_ACTUAL_PAGE_4K);
207 radix_tlbie_invlpg_user_2m(uint32_t pid, vm_offset_t va)
210 radix_tlbie(TLBIE_RIC_INVALIDATE_TLB, TLBIE_PRS_PROCESS_SCOPE,
211 TLBIEL_INVAL_PAGE, pid, 0, va, TLBIE_ACTUAL_PAGE_2M);
215 radix_tlbie_invlpwc_user(uint32_t pid)
218 radix_tlbie(TLBIE_RIC_INVALIDATE_PWC, TLBIE_PRS_PROCESS_SCOPE,
219 TLBIEL_INVAL_SET_PID, pid, 0, 0, 0);
223 radix_tlbie_flush_user(uint32_t pid)
226 radix_tlbie(TLBIE_RIC_INVALIDATE_ALL, TLBIE_PRS_PROCESS_SCOPE,
227 TLBIEL_INVAL_SET_PID, pid, 0, 0, 0);
231 radix_tlbie_invlpg_kernel_4k(vm_offset_t va)
234 radix_tlbie(TLBIE_RIC_INVALIDATE_TLB, TLBIE_PRS_PROCESS_SCOPE,
235 TLBIEL_INVAL_PAGE, 0, 0, va, TLBIE_ACTUAL_PAGE_4K);
239 radix_tlbie_invlpg_kernel_2m(vm_offset_t va)
242 radix_tlbie(TLBIE_RIC_INVALIDATE_TLB, TLBIE_PRS_PROCESS_SCOPE,
243 TLBIEL_INVAL_PAGE, 0, 0, va, TLBIE_ACTUAL_PAGE_2M);
246 /* 1GB pages aren't currently supported. */
247 static __inline __unused void
248 radix_tlbie_invlpg_kernel_1g(vm_offset_t va)
251 radix_tlbie(TLBIE_RIC_INVALIDATE_TLB, TLBIE_PRS_PROCESS_SCOPE,
252 TLBIEL_INVAL_PAGE, 0, 0, va, TLBIE_ACTUAL_PAGE_1G);
256 radix_tlbie_invlpwc_kernel(void)
259 radix_tlbie(TLBIE_RIC_INVALIDATE_PWC, TLBIE_PRS_PROCESS_SCOPE,
260 TLBIEL_INVAL_SET_LPID, 0, 0, 0, 0);
264 radix_tlbie_flush_kernel(void)
267 radix_tlbie(TLBIE_RIC_INVALIDATE_ALL, TLBIE_PRS_PROCESS_SCOPE,
268 TLBIEL_INVAL_SET_LPID, 0, 0, 0, 0);
271 static __inline vm_pindex_t
272 pmap_l3e_pindex(vm_offset_t va)
274 return ((va & PG_FRAME) >> L3_PAGE_SIZE_SHIFT);
277 static __inline vm_pindex_t
278 pmap_pml3e_index(vm_offset_t va)
281 return ((va >> L3_PAGE_SIZE_SHIFT) & RPTE_MASK);
284 static __inline vm_pindex_t
285 pmap_pml2e_index(vm_offset_t va)
287 return ((va >> L2_PAGE_SIZE_SHIFT) & RPTE_MASK);
290 static __inline vm_pindex_t
291 pmap_pml1e_index(vm_offset_t va)
293 return ((va & PG_FRAME) >> L1_PAGE_SIZE_SHIFT);
296 /* Return various clipped indexes for a given VA */
297 static __inline vm_pindex_t
298 pmap_pte_index(vm_offset_t va)
301 return ((va >> PAGE_SHIFT) & RPTE_MASK);
304 /* Return a pointer to the PT slot that corresponds to a VA */
305 static __inline pt_entry_t *
306 pmap_l3e_to_pte(pt_entry_t *l3e, vm_offset_t va)
311 ptepa = (*l3e & NLB_MASK);
312 pte = (pt_entry_t *)PHYS_TO_DMAP(ptepa);
313 return (&pte[pmap_pte_index(va)]);
316 /* Return a pointer to the PD slot that corresponds to a VA */
317 static __inline pt_entry_t *
318 pmap_l2e_to_l3e(pt_entry_t *l2e, vm_offset_t va)
323 l3pa = (*l2e & NLB_MASK);
324 l3e = (pml3_entry_t *)PHYS_TO_DMAP(l3pa);
325 return (&l3e[pmap_pml3e_index(va)]);
328 /* Return a pointer to the PD slot that corresponds to a VA */
329 static __inline pt_entry_t *
330 pmap_l1e_to_l2e(pt_entry_t *l1e, vm_offset_t va)
335 l2pa = (*l1e & NLB_MASK);
337 l2e = (pml2_entry_t *)PHYS_TO_DMAP(l2pa);
338 return (&l2e[pmap_pml2e_index(va)]);
341 static __inline pml1_entry_t *
342 pmap_pml1e(pmap_t pmap, vm_offset_t va)
345 return (&pmap->pm_pml1[pmap_pml1e_index(va)]);
349 pmap_pml2e(pmap_t pmap, vm_offset_t va)
353 l1e = pmap_pml1e(pmap, va);
354 if (l1e == NULL || (*l1e & RPTE_VALID) == 0)
356 return (pmap_l1e_to_l2e(l1e, va));
359 static __inline pt_entry_t *
360 pmap_pml3e(pmap_t pmap, vm_offset_t va)
364 l2e = pmap_pml2e(pmap, va);
365 if (l2e == NULL || (*l2e & RPTE_VALID) == 0)
367 return (pmap_l2e_to_l3e(l2e, va));
370 static __inline pt_entry_t *
371 pmap_pte(pmap_t pmap, vm_offset_t va)
375 l3e = pmap_pml3e(pmap, va);
376 if (l3e == NULL || (*l3e & RPTE_VALID) == 0)
378 return (pmap_l3e_to_pte(l3e, va));
382 SYSCTL_INT(_machdep, OID_AUTO, nkpt, CTLFLAG_RD, &nkpt, 0,
383 "Number of kernel page table pages allocated on bootup");
385 vm_paddr_t dmaplimit;
387 SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
389 static int pg_ps_enabled = 1;
390 SYSCTL_INT(_vm_pmap, OID_AUTO, pg_ps_enabled, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
391 &pg_ps_enabled, 0, "Are large page mappings enabled?");
393 #define VERBOSE_PMAP 0
394 #define VERBOSE_PROTECT 0
395 static int pmap_logging;
396 SYSCTL_INT(_vm_pmap, OID_AUTO, pmap_logging, CTLFLAG_RWTUN,
397 &pmap_logging, 0, "verbose debug logging");
400 static u_int64_t KPTphys; /* phys addr of kernel level 1 */
402 //static vm_paddr_t KERNend; /* phys addr of end of bootstrap data */
404 static vm_offset_t qframe = 0;
405 static struct mtx qframe_mtx;
407 void mmu_radix_activate(struct thread *);
408 void mmu_radix_advise(pmap_t, vm_offset_t, vm_offset_t, int);
409 void mmu_radix_align_superpage(vm_object_t, vm_ooffset_t, vm_offset_t *,
411 void mmu_radix_clear_modify(vm_page_t);
412 void mmu_radix_copy(pmap_t, pmap_t, vm_offset_t, vm_size_t, vm_offset_t);
413 int mmu_radix_decode_kernel_ptr(vm_offset_t, int *, vm_offset_t *);
414 int mmu_radix_enter(pmap_t, vm_offset_t, vm_page_t, vm_prot_t, u_int, int8_t);
415 void mmu_radix_enter_object(pmap_t, vm_offset_t, vm_offset_t, vm_page_t,
417 void mmu_radix_enter_quick(pmap_t, vm_offset_t, vm_page_t, vm_prot_t);
418 vm_paddr_t mmu_radix_extract(pmap_t pmap, vm_offset_t va);
419 vm_page_t mmu_radix_extract_and_hold(pmap_t, vm_offset_t, vm_prot_t);
420 void mmu_radix_kenter(vm_offset_t, vm_paddr_t);
421 vm_paddr_t mmu_radix_kextract(vm_offset_t);
422 void mmu_radix_kremove(vm_offset_t);
423 boolean_t mmu_radix_is_modified(vm_page_t);
424 boolean_t mmu_radix_is_prefaultable(pmap_t, vm_offset_t);
425 boolean_t mmu_radix_is_referenced(vm_page_t);
426 void mmu_radix_object_init_pt(pmap_t, vm_offset_t, vm_object_t,
427 vm_pindex_t, vm_size_t);
428 boolean_t mmu_radix_page_exists_quick(pmap_t, vm_page_t);
429 void mmu_radix_page_init(vm_page_t);
430 boolean_t mmu_radix_page_is_mapped(vm_page_t m);
431 void mmu_radix_page_set_memattr(vm_page_t, vm_memattr_t);
432 int mmu_radix_page_wired_mappings(vm_page_t);
433 int mmu_radix_pinit(pmap_t);
434 void mmu_radix_protect(pmap_t, vm_offset_t, vm_offset_t, vm_prot_t);
435 bool mmu_radix_ps_enabled(pmap_t);
436 void mmu_radix_qenter(vm_offset_t, vm_page_t *, int);
437 void mmu_radix_qremove(vm_offset_t, int);
438 vm_offset_t mmu_radix_quick_enter_page(vm_page_t);
439 void mmu_radix_quick_remove_page(vm_offset_t);
440 boolean_t mmu_radix_ts_referenced(vm_page_t);
441 void mmu_radix_release(pmap_t);
442 void mmu_radix_remove(pmap_t, vm_offset_t, vm_offset_t);
443 void mmu_radix_remove_all(vm_page_t);
444 void mmu_radix_remove_pages(pmap_t);
445 void mmu_radix_remove_write(vm_page_t);
446 void mmu_radix_unwire(pmap_t, vm_offset_t, vm_offset_t);
447 void mmu_radix_zero_page(vm_page_t);
448 void mmu_radix_zero_page_area(vm_page_t, int, int);
449 int mmu_radix_change_attr(vm_offset_t, vm_size_t, vm_memattr_t);
450 void mmu_radix_page_array_startup(long pages);
452 #include "mmu_oea64.h"
455 * Kernel MMU interface
458 static void mmu_radix_bootstrap(vm_offset_t, vm_offset_t);
460 static void mmu_radix_copy_page(vm_page_t, vm_page_t);
461 static void mmu_radix_copy_pages(vm_page_t *ma, vm_offset_t a_offset,
462 vm_page_t *mb, vm_offset_t b_offset, int xfersize);
463 static void mmu_radix_growkernel(vm_offset_t);
464 static void mmu_radix_init(void);
465 static int mmu_radix_mincore(pmap_t, vm_offset_t, vm_paddr_t *);
466 static vm_offset_t mmu_radix_map(vm_offset_t *, vm_paddr_t, vm_paddr_t, int);
467 static void mmu_radix_pinit0(pmap_t);
469 static void *mmu_radix_mapdev(vm_paddr_t, vm_size_t);
470 static void *mmu_radix_mapdev_attr(vm_paddr_t, vm_size_t, vm_memattr_t);
471 static void mmu_radix_unmapdev(vm_offset_t, vm_size_t);
472 static void mmu_radix_kenter_attr(vm_offset_t, vm_paddr_t, vm_memattr_t ma);
473 static boolean_t mmu_radix_dev_direct_mapped(vm_paddr_t, vm_size_t);
474 static void mmu_radix_dumpsys_map(vm_paddr_t pa, size_t sz, void **va);
475 static void mmu_radix_scan_init(void);
476 static void mmu_radix_cpu_bootstrap(int ap);
477 static void mmu_radix_tlbie_all(void);
479 static struct pmap_funcs mmu_radix_methods = {
480 .bootstrap = mmu_radix_bootstrap,
481 .copy_page = mmu_radix_copy_page,
482 .copy_pages = mmu_radix_copy_pages,
483 .cpu_bootstrap = mmu_radix_cpu_bootstrap,
484 .growkernel = mmu_radix_growkernel,
485 .init = mmu_radix_init,
486 .map = mmu_radix_map,
487 .mincore = mmu_radix_mincore,
488 .pinit = mmu_radix_pinit,
489 .pinit0 = mmu_radix_pinit0,
491 .mapdev = mmu_radix_mapdev,
492 .mapdev_attr = mmu_radix_mapdev_attr,
493 .unmapdev = mmu_radix_unmapdev,
494 .kenter_attr = mmu_radix_kenter_attr,
495 .dev_direct_mapped = mmu_radix_dev_direct_mapped,
496 .dumpsys_pa_init = mmu_radix_scan_init,
497 .dumpsys_map_chunk = mmu_radix_dumpsys_map,
498 .page_is_mapped = mmu_radix_page_is_mapped,
499 .ps_enabled = mmu_radix_ps_enabled,
500 .object_init_pt = mmu_radix_object_init_pt,
501 .protect = mmu_radix_protect,
502 /* pmap dispatcher interface */
503 .clear_modify = mmu_radix_clear_modify,
504 .copy = mmu_radix_copy,
505 .enter = mmu_radix_enter,
506 .enter_object = mmu_radix_enter_object,
507 .enter_quick = mmu_radix_enter_quick,
508 .extract = mmu_radix_extract,
509 .extract_and_hold = mmu_radix_extract_and_hold,
510 .is_modified = mmu_radix_is_modified,
511 .is_prefaultable = mmu_radix_is_prefaultable,
512 .is_referenced = mmu_radix_is_referenced,
513 .ts_referenced = mmu_radix_ts_referenced,
514 .page_exists_quick = mmu_radix_page_exists_quick,
515 .page_init = mmu_radix_page_init,
516 .page_wired_mappings = mmu_radix_page_wired_mappings,
517 .qenter = mmu_radix_qenter,
518 .qremove = mmu_radix_qremove,
519 .release = mmu_radix_release,
520 .remove = mmu_radix_remove,
521 .remove_all = mmu_radix_remove_all,
522 .remove_write = mmu_radix_remove_write,
523 .unwire = mmu_radix_unwire,
524 .zero_page = mmu_radix_zero_page,
525 .zero_page_area = mmu_radix_zero_page_area,
526 .activate = mmu_radix_activate,
527 .quick_enter_page = mmu_radix_quick_enter_page,
528 .quick_remove_page = mmu_radix_quick_remove_page,
529 .page_set_memattr = mmu_radix_page_set_memattr,
530 .page_array_startup = mmu_radix_page_array_startup,
532 /* Internal interfaces */
533 .kenter = mmu_radix_kenter,
534 .kextract = mmu_radix_kextract,
535 .kremove = mmu_radix_kremove,
536 .change_attr = mmu_radix_change_attr,
537 .decode_kernel_ptr = mmu_radix_decode_kernel_ptr,
539 .tlbie_all = mmu_radix_tlbie_all,
542 MMU_DEF(mmu_radix, MMU_TYPE_RADIX, mmu_radix_methods);
544 static boolean_t pmap_demote_l3e_locked(pmap_t pmap, pml3_entry_t *l3e, vm_offset_t va,
545 struct rwlock **lockp);
546 static boolean_t pmap_demote_l3e(pmap_t pmap, pml3_entry_t *pde, vm_offset_t va);
547 static int pmap_unuse_pt(pmap_t, vm_offset_t, pml3_entry_t, struct spglist *);
548 static int pmap_remove_l3e(pmap_t pmap, pml3_entry_t *pdq, vm_offset_t sva,
549 struct spglist *free, struct rwlock **lockp);
550 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
551 pml3_entry_t ptepde, struct spglist *free, struct rwlock **lockp);
552 static vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
553 static bool pmap_remove_page(pmap_t pmap, vm_offset_t va, pml3_entry_t *pde,
554 struct spglist *free);
555 static bool pmap_remove_ptes(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
556 pml3_entry_t *l3e, struct spglist *free, struct rwlock **lockp);
558 static bool pmap_pv_insert_l3e(pmap_t pmap, vm_offset_t va, pml3_entry_t l3e,
559 u_int flags, struct rwlock **lockp);
560 #if VM_NRESERVLEVEL > 0
561 static void pmap_pv_promote_l3e(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
562 struct rwlock **lockp);
564 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
565 static int pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte);
566 static vm_page_t mmu_radix_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
567 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp, bool *invalidate);
569 static bool pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m,
570 vm_prot_t prot, struct rwlock **lockp);
571 static int pmap_enter_l3e(pmap_t pmap, vm_offset_t va, pml3_entry_t newpde,
572 u_int flags, vm_page_t m, struct rwlock **lockp);
574 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
575 static void free_pv_chunk(struct pv_chunk *pc);
576 static vm_page_t _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp);
577 static vm_page_t pmap_allocl3e(pmap_t pmap, vm_offset_t va,
578 struct rwlock **lockp);
579 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va,
580 struct rwlock **lockp);
581 static void _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m,
582 struct spglist *free);
583 static boolean_t pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free);
585 static void pmap_invalidate_page(pmap_t pmap, vm_offset_t start);
586 static void pmap_invalidate_all(pmap_t pmap);
587 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode, bool flush);
590 * Internal flags for pmap_enter()'s helper functions.
592 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
593 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
595 #define UNIMPLEMENTED() panic("%s not implemented", __func__)
596 #define UNTESTED() panic("%s not yet tested", __func__)
598 /* Number of supported PID bits */
599 static unsigned int isa3_pid_bits;
601 /* PID to start allocating from */
602 static unsigned int isa3_base_pid;
604 #define PROCTAB_SIZE_SHIFT (isa3_pid_bits + 4)
605 #define PROCTAB_ENTRIES (1ul << isa3_pid_bits)
608 * Map of physical memory regions.
610 static struct mem_region *regions, *pregions;
611 static struct numa_mem_region *numa_pregions;
612 static u_int phys_avail_count;
613 static int regions_sz, pregions_sz, numa_pregions_sz;
614 static struct pate *isa3_parttab;
615 static struct prte *isa3_proctab;
616 static vmem_t *asid_arena;
618 extern void bs_remap_earlyboot(void);
620 #define RADIX_PGD_SIZE_SHIFT 16
621 #define RADIX_PGD_SIZE (1UL << RADIX_PGD_SIZE_SHIFT)
623 #define RADIX_PGD_INDEX_SHIFT (RADIX_PGD_SIZE_SHIFT-3)
624 #define NL2EPG (PAGE_SIZE/sizeof(pml2_entry_t))
625 #define NL3EPG (PAGE_SIZE/sizeof(pml3_entry_t))
627 #define NUPML1E (RADIX_PGD_SIZE/sizeof(uint64_t)) /* number of userland PML1 pages */
628 #define NUPDPE (NUPML1E * NL2EPG)/* number of userland PDP pages */
629 #define NUPDE (NUPDPE * NL3EPG) /* number of userland PD entries */
631 /* POWER9 only permits a 64k partition table size. */
632 #define PARTTAB_SIZE_SHIFT 16
633 #define PARTTAB_SIZE (1UL << PARTTAB_SIZE_SHIFT)
635 #define PARTTAB_HR (1UL << 63) /* host uses radix */
636 #define PARTTAB_GR (1UL << 63) /* guest uses radix must match host */
638 /* TLB flush actions. Used as argument to tlbiel_all() */
640 TLB_INVAL_SCOPE_LPID = 0, /* invalidate TLBs for current LPID */
641 TLB_INVAL_SCOPE_GLOBAL = 1, /* invalidate all TLBs */
644 #define NPV_LIST_LOCKS MAXCPU
645 static int pmap_initialized;
646 static vm_paddr_t proctab0pa;
647 static vm_paddr_t parttab_phys;
648 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
651 * Data for the pv entry allocation mechanism.
652 * Updates to pv_invl_gen are protected by the pv_list_locks[]
653 * elements, but reads are not.
655 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
656 static struct mtx __exclusive_cache_line pv_chunks_mutex;
657 static struct rwlock __exclusive_cache_line pv_list_locks[NPV_LIST_LOCKS];
658 static struct md_page *pv_table;
659 static struct md_page pv_dummy;
662 #define PV_STAT(x) do { x ; } while (0)
664 #define PV_STAT(x) do { } while (0)
667 #define pa_radix_index(pa) ((pa) >> L3_PAGE_SIZE_SHIFT)
668 #define pa_to_pvh(pa) (&pv_table[pa_radix_index(pa)])
670 #define PHYS_TO_PV_LIST_LOCK(pa) \
671 (&pv_list_locks[pa_radix_index(pa) % NPV_LIST_LOCKS])
673 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
674 struct rwlock **_lockp = (lockp); \
675 struct rwlock *_new_lock; \
677 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
678 if (_new_lock != *_lockp) { \
679 if (*_lockp != NULL) \
680 rw_wunlock(*_lockp); \
681 *_lockp = _new_lock; \
686 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
687 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
689 #define RELEASE_PV_LIST_LOCK(lockp) do { \
690 struct rwlock **_lockp = (lockp); \
692 if (*_lockp != NULL) { \
693 rw_wunlock(*_lockp); \
698 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
699 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
702 * We support 52 bits, hence:
703 * bits 52 - 31 = 21, 0b10101
704 * RTS encoding details
705 * bits 0 - 3 of rts -> bits 6 - 8 unsigned long
706 * bits 4 - 5 of rts -> bits 62 - 63 of unsigned long
708 #define RTS_SIZE ((0x2UL << 61) | (0x5UL << 5))
710 static int powernv_enabled = 1;
712 static __always_inline void
713 tlbiel_radix_set_isa300(uint32_t set, uint32_t is,
714 uint32_t pid, uint32_t ric, uint32_t prs)
719 rb = PPC_BITLSHIFT_VAL(set, 51) | PPC_BITLSHIFT_VAL(is, 53);
720 rs = PPC_BITLSHIFT_VAL((uint64_t)pid, 31);
722 __asm __volatile(PPC_TLBIEL(%0, %1, %2, %3, 1)
723 : : "r"(rb), "r"(rs), "i"(ric), "i"(prs)
728 tlbiel_flush_isa3(uint32_t num_sets, uint32_t is)
732 __asm __volatile("ptesync": : :"memory");
735 * Flush the first set of the TLB, and the entire Page Walk Cache
736 * and partition table entries. Then flush the remaining sets of the
739 tlbiel_radix_set_isa300(0, is, 0, RIC_FLUSH_ALL, 0);
740 for (set = 1; set < num_sets; set++)
741 tlbiel_radix_set_isa300(set, is, 0, RIC_FLUSH_TLB, 0);
743 /* Do the same for process scoped entries. */
744 tlbiel_radix_set_isa300(0, is, 0, RIC_FLUSH_ALL, 1);
745 for (set = 1; set < num_sets; set++)
746 tlbiel_radix_set_isa300(set, is, 0, RIC_FLUSH_TLB, 1);
748 __asm __volatile("ptesync": : :"memory");
752 mmu_radix_tlbiel_flush(int scope)
756 MPASS(scope == TLB_INVAL_SCOPE_LPID ||
757 scope == TLB_INVAL_SCOPE_GLOBAL);
760 tlbiel_flush_isa3(POWER9_TLB_SETS_RADIX, is);
761 __asm __volatile(PPC_INVALIDATE_ERAT "; isync" : : :"memory");
765 mmu_radix_tlbie_all()
767 /* TODO: LPID invalidate */
768 mmu_radix_tlbiel_flush(TLB_INVAL_SCOPE_GLOBAL);
772 mmu_radix_init_amor(void)
775 * In HV mode, we init AMOR (Authority Mask Override Register) so that
776 * the hypervisor and guest can setup IAMR (Instruction Authority Mask
777 * Register), enable key 0 and set it to 1.
779 * AMOR = 0b1100 .... 0000 (Mask for key 0 is 11)
781 mtspr(SPR_AMOR, (3ul << 62));
785 mmu_radix_init_iamr(void)
788 * Radix always uses key0 of the IAMR to determine if an access is
789 * allowed. We set bit 0 (IBM bit 1) of key0, to prevent instruction
792 mtspr(SPR_IAMR, (1ul << 62));
796 mmu_radix_pid_set(pmap_t pmap)
799 mtspr(SPR_PID, pmap->pm_pid);
803 /* Quick sort callout for comparing physical addresses. */
805 pa_cmp(const void *a, const void *b)
807 const vm_paddr_t *pa = a, *pb = b;
817 #define pte_load_store(ptep, pte) atomic_swap_long(ptep, pte)
818 #define pte_load_clear(ptep) atomic_swap_long(ptep, 0)
819 #define pte_store(ptep, pte) do { \
820 MPASS((pte) & (RPTE_EAA_R | RPTE_EAA_W | RPTE_EAA_X)); \
821 *(u_long *)(ptep) = (u_long)((pte) | PG_V | RPTE_LEAF); \
824 * NB: should only be used for adding directories - not for direct mappings
826 #define pde_store(ptep, pa) do { \
827 *(u_long *)(ptep) = (u_long)(pa|RPTE_VALID|RPTE_SHIFT); \
830 #define pte_clear(ptep) do { \
831 *(u_long *)(ptep) = (u_long)(0); \
834 #define PMAP_PDE_SUPERPAGE (1 << 8) /* supports 2MB superpages */
837 * Promotion to a 2MB (PDE) page mapping requires that the corresponding 4KB
838 * (PTE) page mappings have identical settings for the following fields:
840 #define PG_PTE_PROMOTE (PG_X | PG_MANAGED | PG_W | PG_PTE_CACHE | \
841 PG_M | PG_A | RPTE_EAA_MASK | PG_V)
844 pmap_resident_count_inc(pmap_t pmap, int count)
847 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
848 pmap->pm_stats.resident_count += count;
852 pmap_resident_count_dec(pmap_t pmap, int count)
855 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
856 KASSERT(pmap->pm_stats.resident_count >= count,
857 ("pmap %p resident count underflow %ld %d", pmap,
858 pmap->pm_stats.resident_count, count));
859 pmap->pm_stats.resident_count -= count;
863 pagezero(vm_offset_t va)
867 bzero((void *)va, PAGE_SIZE);
875 ret = moea64_bootstrap_alloc(n * PAGE_SIZE, PAGE_SIZE);
876 for (int i = 0; i < n; i++)
877 pagezero(PHYS_TO_DMAP(ret + i * PAGE_SIZE));
882 kvtopte(vm_offset_t va)
886 l3e = pmap_pml3e(kernel_pmap, va);
887 if ((*l3e & RPTE_VALID) == 0)
889 return (pmap_l3e_to_pte(l3e, va));
893 mmu_radix_kenter(vm_offset_t va, vm_paddr_t pa)
899 *pte = pa | RPTE_VALID | RPTE_LEAF | RPTE_EAA_R | RPTE_EAA_W | \
900 RPTE_EAA_P | PG_M | PG_A;
904 mmu_radix_ps_enabled(pmap_t pmap)
906 return (pg_ps_enabled && (pmap->pm_flags & PMAP_PDE_SUPERPAGE) != 0);
910 pmap_nofault_pte(pmap_t pmap, vm_offset_t va, int *is_l3e)
916 l3e = pmap_pml3e(pmap, va);
917 if (l3e == NULL || (*l3e & PG_V) == 0)
920 if (*l3e & RPTE_LEAF) {
926 pte = pmap_l3e_to_pte(l3e, va);
927 if (pte == NULL || (*pte & PG_V) == 0)
933 pmap_nofault(pmap_t pmap, vm_offset_t va, vm_prot_t flags)
936 pt_entry_t startpte, origpte, newpte;
942 if ((pte = pmap_nofault_pte(pmap, va, &is_l3e)) == NULL)
943 return (KERN_INVALID_ADDRESS);
944 origpte = newpte = *pte;
947 if (((flags & VM_PROT_WRITE) && (startpte & PG_M)) ||
948 ((flags & VM_PROT_READ) && (startpte & PG_A))) {
949 pmap_invalidate_all(pmap);
951 if (VERBOSE_PMAP || pmap_logging)
952 printf("%s(%p, %#lx, %#x) (%#lx) -- invalidate all\n",
953 __func__, pmap, va, flags, origpte);
955 return (KERN_FAILURE);
959 if (VERBOSE_PMAP || pmap_logging)
960 printf("%s(%p, %#lx, %#x) (%#lx)\n", __func__, pmap, va,
964 if ((pte = pmap_nofault_pte(pmap, va, &is_l3e)) == NULL ||
967 return (KERN_FAILURE);
969 m = PHYS_TO_VM_PAGE(newpte & PG_FRAME);
973 if ((newpte & (RPTE_EAA_R|RPTE_EAA_X)) == 0)
976 vm_page_aflag_set(m, PGA_REFERENCED);
979 if ((newpte & RPTE_EAA_W) == 0)
986 case VM_PROT_EXECUTE:
987 if ((newpte & RPTE_EAA_X) == 0)
990 vm_page_aflag_set(m, PGA_REFERENCED);
994 if (!atomic_cmpset_long(pte, origpte, newpte))
998 if (startpte == newpte)
999 return (KERN_FAILURE);
1003 return (KERN_PROTECTION_FAILURE);
1007 * Returns TRUE if the given page is mapped individually or as part of
1008 * a 2mpage. Otherwise, returns FALSE.
1011 mmu_radix_page_is_mapped(vm_page_t m)
1013 struct rwlock *lock;
1016 if ((m->oflags & VPO_UNMANAGED) != 0)
1018 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
1020 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
1021 ((m->flags & PG_FICTITIOUS) == 0 &&
1022 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
1028 * Determine the appropriate bits to set in a PTE or PDE for a specified
1032 pmap_cache_bits(vm_memattr_t ma)
1034 if (ma != VM_MEMATTR_DEFAULT) {
1036 case VM_MEMATTR_UNCACHEABLE:
1037 return (RPTE_ATTR_GUARDEDIO);
1038 case VM_MEMATTR_CACHEABLE:
1039 return (RPTE_ATTR_MEM);
1040 case VM_MEMATTR_WRITE_BACK:
1041 case VM_MEMATTR_PREFETCHABLE:
1042 case VM_MEMATTR_WRITE_COMBINING:
1043 return (RPTE_ATTR_UNGUARDEDIO);
1050 pmap_invalidate_page(pmap_t pmap, vm_offset_t start)
1053 if (pmap == kernel_pmap)
1054 radix_tlbie_invlpg_kernel_4k(start);
1056 radix_tlbie_invlpg_user_4k(pmap->pm_pid, start);
1061 pmap_invalidate_page_2m(pmap_t pmap, vm_offset_t start)
1064 if (pmap == kernel_pmap)
1065 radix_tlbie_invlpg_kernel_2m(start);
1067 radix_tlbie_invlpg_user_2m(pmap->pm_pid, start);
1072 pmap_invalidate_pwc(pmap_t pmap)
1075 if (pmap == kernel_pmap)
1076 radix_tlbie_invlpwc_kernel();
1078 radix_tlbie_invlpwc_user(pmap->pm_pid);
1083 pmap_invalidate_range(pmap_t pmap, vm_offset_t start, vm_offset_t end)
1085 if (((start - end) >> PAGE_SHIFT) > 8) {
1086 pmap_invalidate_all(pmap);
1090 if (pmap == kernel_pmap) {
1091 while (start < end) {
1092 radix_tlbie_invlpg_kernel_4k(start);
1096 while (start < end) {
1097 radix_tlbie_invlpg_user_4k(pmap->pm_pid, start);
1105 pmap_invalidate_all(pmap_t pmap)
1108 if (pmap == kernel_pmap)
1109 radix_tlbie_flush_kernel();
1111 radix_tlbie_flush_user(pmap->pm_pid);
1116 pmap_invalidate_l3e_page(pmap_t pmap, vm_offset_t va, pml3_entry_t l3e)
1120 * When the PDE has PG_PROMOTED set, the 2MB page mapping was created
1121 * by a promotion that did not invalidate the 512 4KB page mappings
1122 * that might exist in the TLB. Consequently, at this point, the TLB
1123 * may hold both 4KB and 2MB page mappings for the address range [va,
1124 * va + L3_PAGE_SIZE). Therefore, the entire range must be invalidated here.
1125 * In contrast, when PG_PROMOTED is clear, the TLB will not hold any
1126 * 4KB page mappings for the address range [va, va + L3_PAGE_SIZE), and so a
1127 * single INVLPG suffices to invalidate the 2MB page mapping from the
1131 if ((l3e & PG_PROMOTED) != 0)
1132 pmap_invalidate_range(pmap, va, va + L3_PAGE_SIZE - 1);
1134 pmap_invalidate_page_2m(pmap, va);
1136 pmap_invalidate_pwc(pmap);
1139 static __inline struct pv_chunk *
1140 pv_to_chunk(pv_entry_t pv)
1143 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
1146 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1148 #define PC_FREE0 0xfffffffffffffffful
1149 #define PC_FREE1 0x3ffffffffffffffful
1151 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1 };
1154 * Ensure that the number of spare PV entries in the specified pmap meets or
1155 * exceeds the given count, "needed".
1157 * The given PV list lock may be released.
1160 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
1162 struct pch new_tail;
1163 struct pv_chunk *pc;
1168 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1169 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
1172 * Newly allocated PV chunks must be stored in a private list until
1173 * the required number of PV chunks have been allocated. Otherwise,
1174 * reclaim_pv_chunk() could recycle one of these chunks. In
1175 * contrast, these chunks must be added to the pmap upon allocation.
1177 TAILQ_INIT(&new_tail);
1180 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
1181 // if ((cpu_feature2 & CPUID2_POPCNT) == 0)
1182 bit_count((bitstr_t *)pc->pc_map, 0,
1183 sizeof(pc->pc_map) * NBBY, &free);
1185 free = popcnt_pc_map_pq(pc->pc_map);
1190 if (avail >= needed)
1193 for (reclaimed = false; avail < needed; avail += _NPCPV) {
1194 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1197 m = reclaim_pv_chunk(pmap, lockp);
1202 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
1203 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
1204 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1206 pc->pc_map[0] = PC_FREE0;
1207 pc->pc_map[1] = PC_FREE1;
1208 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1209 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1210 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
1213 * The reclaim might have freed a chunk from the current pmap.
1214 * If that chunk contained available entries, we need to
1215 * re-count the number of available entries.
1220 if (!TAILQ_EMPTY(&new_tail)) {
1221 mtx_lock(&pv_chunks_mutex);
1222 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
1223 mtx_unlock(&pv_chunks_mutex);
1228 * First find and then remove the pv entry for the specified pmap and virtual
1229 * address from the specified pv list. Returns the pv entry if found and NULL
1230 * otherwise. This operation can be performed on pv lists for either 4KB or
1231 * 2MB page mappings.
1233 static __inline pv_entry_t
1234 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1238 TAILQ_FOREACH(pv, &pvh->pv_list, pv_link) {
1240 if (PV_PMAP(pv) == NULL) {
1241 printf("corrupted pv_chunk/pv %p\n", pv);
1242 printf("pv_chunk: %64D\n", pv_to_chunk(pv), ":");
1244 MPASS(PV_PMAP(pv) != NULL);
1245 MPASS(pv->pv_va != 0);
1247 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
1248 TAILQ_REMOVE(&pvh->pv_list, pv, pv_link);
1257 * After demotion from a 2MB page mapping to 512 4KB page mappings,
1258 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
1259 * entries for each of the 4KB page mappings.
1262 pmap_pv_demote_l3e(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1263 struct rwlock **lockp)
1265 struct md_page *pvh;
1266 struct pv_chunk *pc;
1268 vm_offset_t va_last;
1272 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1273 KASSERT((pa & L3_PAGE_MASK) == 0,
1274 ("pmap_pv_demote_pde: pa is not 2mpage aligned"));
1275 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1278 * Transfer the 2mpage's pv entry for this mapping to the first
1279 * page's pv list. Once this transfer begins, the pv list lock
1280 * must not be released until the last pv entry is reinstantiated.
1282 pvh = pa_to_pvh(pa);
1283 va = trunc_2mpage(va);
1284 pv = pmap_pvh_remove(pvh, pmap, va);
1285 KASSERT(pv != NULL, ("pmap_pv_demote_pde: pv not found"));
1286 m = PHYS_TO_VM_PAGE(pa);
1287 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_link);
1290 /* Instantiate the remaining NPTEPG - 1 pv entries. */
1291 PV_STAT(atomic_add_long(&pv_entry_allocs, NPTEPG - 1));
1292 va_last = va + L3_PAGE_SIZE - PAGE_SIZE;
1294 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1295 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0
1296 , ("pmap_pv_demote_pde: missing spare"));
1297 for (field = 0; field < _NPCM; field++) {
1298 while (pc->pc_map[field]) {
1299 bit = cnttzd(pc->pc_map[field]);
1300 pc->pc_map[field] &= ~(1ul << bit);
1301 pv = &pc->pc_pventry[field * 64 + bit];
1305 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
1306 ("pmap_pv_demote_pde: page %p is not managed", m));
1307 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_link);
1314 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1315 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1318 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0) {
1319 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1320 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1322 PV_STAT(atomic_add_long(&pv_entry_count, NPTEPG - 1));
1323 PV_STAT(atomic_subtract_int(&pv_entry_spare, NPTEPG - 1));
1327 reclaim_pv_chunk_leave_pmap(pmap_t pmap, pmap_t locked_pmap)
1332 pmap_invalidate_all(pmap);
1333 if (pmap != locked_pmap)
1338 * We are in a serious low memory condition. Resort to
1339 * drastic measures to free some pages so we can allocate
1340 * another pv entry chunk.
1342 * Returns NULL if PV entries were reclaimed from the specified pmap.
1344 * We do not, however, unmap 2mpages because subsequent accesses will
1345 * allocate per-page pv entries until repromotion occurs, thereby
1346 * exacerbating the shortage of free pv entries.
1348 static int active_reclaims = 0;
1350 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
1352 struct pv_chunk *pc, *pc_marker, *pc_marker_end;
1353 struct pv_chunk_header pc_marker_b, pc_marker_end_b;
1354 struct md_page *pvh;
1356 pmap_t next_pmap, pmap;
1357 pt_entry_t *pte, tpte;
1361 struct spglist free;
1363 int bit, field, freed;
1365 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
1366 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
1370 bzero(&pc_marker_b, sizeof(pc_marker_b));
1371 bzero(&pc_marker_end_b, sizeof(pc_marker_end_b));
1372 pc_marker = (struct pv_chunk *)&pc_marker_b;
1373 pc_marker_end = (struct pv_chunk *)&pc_marker_end_b;
1375 mtx_lock(&pv_chunks_mutex);
1377 TAILQ_INSERT_HEAD(&pv_chunks, pc_marker, pc_lru);
1378 TAILQ_INSERT_TAIL(&pv_chunks, pc_marker_end, pc_lru);
1379 while ((pc = TAILQ_NEXT(pc_marker, pc_lru)) != pc_marker_end &&
1380 SLIST_EMPTY(&free)) {
1381 next_pmap = pc->pc_pmap;
1382 if (next_pmap == NULL) {
1384 * The next chunk is a marker. However, it is
1385 * not our marker, so active_reclaims must be
1386 * > 1. Consequently, the next_chunk code
1387 * will not rotate the pv_chunks list.
1391 mtx_unlock(&pv_chunks_mutex);
1394 * A pv_chunk can only be removed from the pc_lru list
1395 * when both pc_chunks_mutex is owned and the
1396 * corresponding pmap is locked.
1398 if (pmap != next_pmap) {
1399 reclaim_pv_chunk_leave_pmap(pmap, locked_pmap);
1401 /* Avoid deadlock and lock recursion. */
1402 if (pmap > locked_pmap) {
1403 RELEASE_PV_LIST_LOCK(lockp);
1405 mtx_lock(&pv_chunks_mutex);
1407 } else if (pmap != locked_pmap) {
1408 if (PMAP_TRYLOCK(pmap)) {
1409 mtx_lock(&pv_chunks_mutex);
1412 pmap = NULL; /* pmap is not locked */
1413 mtx_lock(&pv_chunks_mutex);
1414 pc = TAILQ_NEXT(pc_marker, pc_lru);
1416 pc->pc_pmap != next_pmap)
1424 * Destroy every non-wired, 4 KB page mapping in the chunk.
1427 for (field = 0; field < _NPCM; field++) {
1428 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
1429 inuse != 0; inuse &= ~(1UL << bit)) {
1430 bit = cnttzd(inuse);
1431 pv = &pc->pc_pventry[field * 64 + bit];
1433 l3e = pmap_pml3e(pmap, va);
1434 if ((*l3e & RPTE_LEAF) != 0)
1436 pte = pmap_l3e_to_pte(l3e, va);
1437 if ((*pte & PG_W) != 0)
1439 tpte = pte_load_clear(pte);
1440 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
1441 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
1443 if ((tpte & PG_A) != 0)
1444 vm_page_aflag_set(m, PGA_REFERENCED);
1445 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1446 TAILQ_REMOVE(&m->md.pv_list, pv, pv_link);
1449 if (TAILQ_EMPTY(&m->md.pv_list) &&
1450 (m->flags & PG_FICTITIOUS) == 0) {
1451 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
1452 if (TAILQ_EMPTY(&pvh->pv_list)) {
1453 vm_page_aflag_clear(m,
1457 pc->pc_map[field] |= 1UL << bit;
1458 pmap_unuse_pt(pmap, va, *l3e, &free);
1463 mtx_lock(&pv_chunks_mutex);
1466 /* Every freed mapping is for a 4 KB page. */
1467 pmap_resident_count_dec(pmap, freed);
1468 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
1469 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
1470 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
1471 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1472 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1) {
1473 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1474 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1475 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1476 /* Entire chunk is free; return it. */
1477 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1478 mtx_lock(&pv_chunks_mutex);
1479 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1482 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1483 mtx_lock(&pv_chunks_mutex);
1484 /* One freed pv entry in locked_pmap is sufficient. */
1485 if (pmap == locked_pmap)
1488 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
1489 TAILQ_INSERT_AFTER(&pv_chunks, pc, pc_marker, pc_lru);
1490 if (active_reclaims == 1 && pmap != NULL) {
1492 * Rotate the pv chunks list so that we do not
1493 * scan the same pv chunks that could not be
1494 * freed (because they contained a wired
1495 * and/or superpage mapping) on every
1496 * invocation of reclaim_pv_chunk().
1498 while ((pc = TAILQ_FIRST(&pv_chunks)) != pc_marker) {
1499 MPASS(pc->pc_pmap != NULL);
1500 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1501 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
1505 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
1506 TAILQ_REMOVE(&pv_chunks, pc_marker_end, pc_lru);
1508 mtx_unlock(&pv_chunks_mutex);
1509 reclaim_pv_chunk_leave_pmap(pmap, locked_pmap);
1510 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
1511 m_pc = SLIST_FIRST(&free);
1512 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
1513 /* Recycle a freed page table page. */
1514 m_pc->ref_count = 1;
1516 vm_page_free_pages_toq(&free, true);
1521 * free the pv_entry back to the free list
1524 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1526 struct pv_chunk *pc;
1527 int idx, field, bit;
1530 if (pmap != kernel_pmap)
1531 printf("%s(%p, %p)\n", __func__, pmap, pv);
1533 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1534 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
1535 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
1536 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
1537 pc = pv_to_chunk(pv);
1538 idx = pv - &pc->pc_pventry[0];
1541 pc->pc_map[field] |= 1ul << bit;
1542 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1) {
1543 /* 98% of the time, pc is already at the head of the list. */
1544 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
1545 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1546 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1550 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1555 free_pv_chunk(struct pv_chunk *pc)
1559 mtx_lock(&pv_chunks_mutex);
1560 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1561 mtx_unlock(&pv_chunks_mutex);
1562 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1563 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1564 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1565 /* entire chunk is free, return it */
1566 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1567 vm_page_unwire_noq(m);
1572 * Returns a new PV entry, allocating a new PV chunk from the system when
1573 * needed. If this PV chunk allocation fails and a PV list lock pointer was
1574 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
1577 * The given PV list lock may be released.
1580 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
1584 struct pv_chunk *pc;
1587 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1588 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
1590 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1592 for (field = 0; field < _NPCM; field++) {
1593 if (pc->pc_map[field]) {
1594 bit = cnttzd(pc->pc_map[field]);
1598 if (field < _NPCM) {
1599 pv = &pc->pc_pventry[field * 64 + bit];
1600 pc->pc_map[field] &= ~(1ul << bit);
1601 /* If this was the last item, move it to tail */
1602 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0) {
1603 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1604 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
1607 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1608 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
1609 MPASS(PV_PMAP(pv) != NULL);
1613 /* No free items, allocate another chunk */
1614 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1617 if (lockp == NULL) {
1618 PV_STAT(pc_chunk_tryfail++);
1621 m = reclaim_pv_chunk(pmap, lockp);
1625 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
1626 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
1627 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1629 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
1630 pc->pc_map[1] = PC_FREE1;
1631 mtx_lock(&pv_chunks_mutex);
1632 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
1633 mtx_unlock(&pv_chunks_mutex);
1634 pv = &pc->pc_pventry[0];
1635 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1636 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1637 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
1638 MPASS(PV_PMAP(pv) != NULL);
1642 #if VM_NRESERVLEVEL > 0
1644 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
1645 * replace the many pv entries for the 4KB page mappings by a single pv entry
1646 * for the 2MB page mapping.
1649 pmap_pv_promote_l3e(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1650 struct rwlock **lockp)
1652 struct md_page *pvh;
1654 vm_offset_t va_last;
1657 KASSERT((pa & L3_PAGE_MASK) == 0,
1658 ("pmap_pv_promote_pde: pa is not 2mpage aligned"));
1659 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1662 * Transfer the first page's pv entry for this mapping to the 2mpage's
1663 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
1664 * a transfer avoids the possibility that get_pv_entry() calls
1665 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
1666 * mappings that is being promoted.
1668 m = PHYS_TO_VM_PAGE(pa);
1669 va = trunc_2mpage(va);
1670 pv = pmap_pvh_remove(&m->md, pmap, va);
1671 KASSERT(pv != NULL, ("pmap_pv_promote_pde: pv not found"));
1672 pvh = pa_to_pvh(pa);
1673 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_link);
1675 /* Free the remaining NPTEPG - 1 pv entries. */
1676 va_last = va + L3_PAGE_SIZE - PAGE_SIZE;
1680 pmap_pvh_free(&m->md, pmap, va);
1681 } while (va < va_last);
1683 #endif /* VM_NRESERVLEVEL > 0 */
1686 * First find and then destroy the pv entry for the specified pmap and virtual
1687 * address. This operation can be performed on pv lists for either 4KB or 2MB
1691 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1695 pv = pmap_pvh_remove(pvh, pmap, va);
1696 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
1697 free_pv_entry(pmap, pv);
1701 * Conditionally create the PV entry for a 4KB page mapping if the required
1702 * memory can be allocated without resorting to reclamation.
1705 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
1706 struct rwlock **lockp)
1710 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1711 /* Pass NULL instead of the lock pointer to disable reclamation. */
1712 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
1714 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1715 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_link);
1722 vm_paddr_t phys_avail_debug[2 * VM_PHYSSEG_MAX];
1725 validate_addr(vm_paddr_t addr, vm_size_t size)
1727 vm_paddr_t end = addr + size;
1730 for (int i = 0; i < 2 * phys_avail_count; i += 2) {
1731 if (addr >= phys_avail_debug[i] &&
1732 end <= phys_avail_debug[i + 1]) {
1737 KASSERT(found, ("%#lx-%#lx outside of initial phys_avail array",
1741 static void validate_addr(vm_paddr_t addr, vm_size_t size) {}
1743 #define DMAP_PAGE_BITS (RPTE_VALID | RPTE_LEAF | RPTE_EAA_MASK | PG_M | PG_A)
1750 page = allocpages(1);
1751 pagezero(PHYS_TO_DMAP(page));
1756 mmu_radix_dmap_range(vm_paddr_t start, vm_paddr_t end)
1758 pt_entry_t *pte, pteval;
1762 printf("%s %lx -> %lx\n", __func__, start, end);
1763 while (start < end) {
1764 pteval = start | DMAP_PAGE_BITS;
1765 pte = pmap_pml1e(kernel_pmap, PHYS_TO_DMAP(start));
1766 if ((*pte & RPTE_VALID) == 0) {
1767 page = alloc_pt_page();
1768 pde_store(pte, page);
1770 pte = pmap_l1e_to_l2e(pte, PHYS_TO_DMAP(start));
1771 if ((start & L2_PAGE_MASK) == 0 &&
1772 end - start >= L2_PAGE_SIZE) {
1773 start += L2_PAGE_SIZE;
1775 } else if ((*pte & RPTE_VALID) == 0) {
1776 page = alloc_pt_page();
1777 pde_store(pte, page);
1780 pte = pmap_l2e_to_l3e(pte, PHYS_TO_DMAP(start));
1781 if ((start & L3_PAGE_MASK) == 0 &&
1782 end - start >= L3_PAGE_SIZE) {
1783 start += L3_PAGE_SIZE;
1785 } else if ((*pte & RPTE_VALID) == 0) {
1786 page = alloc_pt_page();
1787 pde_store(pte, page);
1789 pte = pmap_l3e_to_pte(pte, PHYS_TO_DMAP(start));
1792 pte_store(pte, pteval);
1797 mmu_radix_dmap_populate(vm_size_t hwphyssz)
1799 vm_paddr_t start, end;
1801 for (int i = 0; i < pregions_sz; i++) {
1802 start = pregions[i].mr_start;
1803 end = start + pregions[i].mr_size;
1804 if (hwphyssz && start >= hwphyssz)
1806 if (hwphyssz && hwphyssz < end)
1808 mmu_radix_dmap_range(start, end);
1813 mmu_radix_setup_pagetables(vm_size_t hwphyssz)
1815 vm_paddr_t ptpages, pages;
1819 bzero(kernel_pmap, sizeof(struct pmap));
1820 PMAP_LOCK_INIT(kernel_pmap);
1822 ptpages = allocpages(2);
1823 l1phys = moea64_bootstrap_alloc(RADIX_PGD_SIZE, RADIX_PGD_SIZE);
1824 validate_addr(l1phys, RADIX_PGD_SIZE);
1826 printf("l1phys=%lx\n", l1phys);
1827 MPASS((l1phys & (RADIX_PGD_SIZE-1)) == 0);
1828 for (int i = 0; i < RADIX_PGD_SIZE/PAGE_SIZE; i++)
1829 pagezero(PHYS_TO_DMAP(l1phys + i * PAGE_SIZE));
1830 kernel_pmap->pm_pml1 = (pml1_entry_t *)PHYS_TO_DMAP(l1phys);
1832 mmu_radix_dmap_populate(hwphyssz);
1835 * Create page tables for first 128MB of KVA
1838 pte = pmap_pml1e(kernel_pmap, VM_MIN_KERNEL_ADDRESS);
1839 *pte = (pages | RPTE_VALID | RPTE_SHIFT);
1841 pte = pmap_l1e_to_l2e(pte, VM_MIN_KERNEL_ADDRESS);
1842 *pte = (pages | RPTE_VALID | RPTE_SHIFT);
1844 pte = pmap_l2e_to_l3e(pte, VM_MIN_KERNEL_ADDRESS);
1846 * the kernel page table pages need to be preserved in
1847 * phys_avail and not overlap with previous allocations
1849 pages = allocpages(nkpt);
1851 printf("phys_avail after dmap populate and nkpt allocation\n");
1852 for (int j = 0; j < 2 * phys_avail_count; j+=2)
1853 printf("phys_avail[%d]=%08lx - phys_avail[%d]=%08lx\n",
1854 j, phys_avail[j], j + 1, phys_avail[j + 1]);
1857 for (int i = 0; i < nkpt; i++, pte++, pages += PAGE_SIZE)
1858 *pte = (pages | RPTE_VALID | RPTE_SHIFT);
1859 kernel_vm_end = VM_MIN_KERNEL_ADDRESS + nkpt * L3_PAGE_SIZE;
1861 printf("kernel_pmap pml1 %p\n", kernel_pmap->pm_pml1);
1863 * Add a physical memory segment (vm_phys_seg) corresponding to the
1864 * preallocated kernel page table pages so that vm_page structures
1865 * representing these pages will be created. The vm_page structures
1866 * are required for promotion of the corresponding kernel virtual
1867 * addresses to superpage mappings.
1869 vm_phys_add_seg(KPTphys, KPTphys + ptoa(nkpt));
1873 mmu_radix_early_bootstrap(vm_offset_t start, vm_offset_t end)
1875 vm_paddr_t kpstart, kpend;
1876 vm_size_t physsz, hwphyssz;
1878 int rm_pavail, proctab_size;
1881 kpstart = start & ~DMAP_BASE_ADDRESS;
1882 kpend = end & ~DMAP_BASE_ADDRESS;
1884 /* Get physical memory regions from firmware */
1885 mem_regions(&pregions, &pregions_sz, ®ions, ®ions_sz);
1886 CTR0(KTR_PMAP, "mmu_radix_early_bootstrap: physical memory");
1888 if (2 * VM_PHYSSEG_MAX < regions_sz)
1889 panic("mmu_radix_early_bootstrap: phys_avail too small");
1892 for (int i = 0; i < regions_sz; i++)
1893 printf("regions[%d].mr_start=%lx regions[%d].mr_size=%lx\n",
1894 i, regions[i].mr_start, i, regions[i].mr_size);
1896 * XXX workaround a simulator bug
1898 for (int i = 0; i < regions_sz; i++)
1899 if (regions[i].mr_start & PAGE_MASK) {
1900 regions[i].mr_start += PAGE_MASK;
1901 regions[i].mr_start &= ~PAGE_MASK;
1902 regions[i].mr_size &= ~PAGE_MASK;
1905 for (int i = 0; i < pregions_sz; i++)
1906 printf("pregions[%d].mr_start=%lx pregions[%d].mr_size=%lx\n",
1907 i, pregions[i].mr_start, i, pregions[i].mr_size);
1909 phys_avail_count = 0;
1912 TUNABLE_ULONG_FETCH("hw.physmem", (u_long *) &hwphyssz);
1913 for (i = 0, j = 0; i < regions_sz; i++) {
1915 printf("regions[%d].mr_start=%016lx regions[%d].mr_size=%016lx\n",
1916 i, regions[i].mr_start, i, regions[i].mr_size);
1918 if (regions[i].mr_size < PAGE_SIZE)
1921 if (hwphyssz != 0 &&
1922 (physsz + regions[i].mr_size) >= hwphyssz) {
1923 if (physsz < hwphyssz) {
1924 phys_avail[j] = regions[i].mr_start;
1925 phys_avail[j + 1] = regions[i].mr_start +
1926 (hwphyssz - physsz);
1929 dump_avail[j] = phys_avail[j];
1930 dump_avail[j + 1] = phys_avail[j + 1];
1934 phys_avail[j] = regions[i].mr_start;
1935 phys_avail[j + 1] = regions[i].mr_start + regions[i].mr_size;
1936 dump_avail[j] = phys_avail[j];
1937 dump_avail[j + 1] = phys_avail[j + 1];
1940 physsz += regions[i].mr_size;
1944 /* Check for overlap with the kernel and exception vectors */
1946 for (j = 0; j < 2 * phys_avail_count; j+=2) {
1947 if (phys_avail[j] < EXC_LAST)
1948 phys_avail[j] += EXC_LAST;
1950 if (phys_avail[j] >= kpstart &&
1951 phys_avail[j + 1] <= kpend) {
1952 phys_avail[j] = phys_avail[j + 1] = ~0;
1957 if (kpstart >= phys_avail[j] &&
1958 kpstart < phys_avail[j + 1]) {
1959 if (kpend < phys_avail[j + 1]) {
1960 phys_avail[2 * phys_avail_count] =
1961 (kpend & ~PAGE_MASK) + PAGE_SIZE;
1962 phys_avail[2 * phys_avail_count + 1] =
1967 phys_avail[j + 1] = kpstart & ~PAGE_MASK;
1970 if (kpend >= phys_avail[j] &&
1971 kpend < phys_avail[j + 1]) {
1972 if (kpstart > phys_avail[j]) {
1973 phys_avail[2 * phys_avail_count] = phys_avail[j];
1974 phys_avail[2 * phys_avail_count + 1] =
1975 kpstart & ~PAGE_MASK;
1979 phys_avail[j] = (kpend & ~PAGE_MASK) +
1983 qsort(phys_avail, 2 * phys_avail_count, sizeof(phys_avail[0]), pa_cmp);
1984 for (i = 0; i < 2 * phys_avail_count; i++)
1985 phys_avail_debug[i] = phys_avail[i];
1987 /* Remove physical available regions marked for removal (~0) */
1989 phys_avail_count -= rm_pavail;
1990 for (i = 2 * phys_avail_count;
1991 i < 2*(phys_avail_count + rm_pavail); i+=2)
1992 phys_avail[i] = phys_avail[i + 1] = 0;
1995 printf("phys_avail ranges after filtering:\n");
1996 for (j = 0; j < 2 * phys_avail_count; j+=2)
1997 printf("phys_avail[%d]=%08lx - phys_avail[%d]=%08lx\n",
1998 j, phys_avail[j], j + 1, phys_avail[j + 1]);
2000 physmem = btoc(physsz);
2002 /* XXX assume we're running non-virtualized and
2003 * we don't support BHYVE
2005 if (isa3_pid_bits == 0)
2007 parttab_phys = moea64_bootstrap_alloc(PARTTAB_SIZE, PARTTAB_SIZE);
2008 validate_addr(parttab_phys, PARTTAB_SIZE);
2009 for (int i = 0; i < PARTTAB_SIZE/PAGE_SIZE; i++)
2010 pagezero(PHYS_TO_DMAP(parttab_phys + i * PAGE_SIZE));
2012 proctab_size = 1UL << PROCTAB_SIZE_SHIFT;
2013 proctab0pa = moea64_bootstrap_alloc(proctab_size, proctab_size);
2014 validate_addr(proctab0pa, proctab_size);
2015 for (int i = 0; i < proctab_size/PAGE_SIZE; i++)
2016 pagezero(PHYS_TO_DMAP(proctab0pa + i * PAGE_SIZE));
2018 mmu_radix_setup_pagetables(hwphyssz);
2022 mmu_radix_late_bootstrap(vm_offset_t start, vm_offset_t end)
2030 * Set up the Open Firmware pmap and add its mappings if not in real
2034 printf("%s enter\n", __func__);
2037 * Calculate the last available physical address, and reserve the
2038 * vm_page_array (upper bound).
2041 for (i = 0; phys_avail[i + 2] != 0; i += 2)
2042 Maxmem = MAX(Maxmem, powerpc_btop(phys_avail[i + 1]));
2045 * Set the start and end of kva.
2047 virtual_avail = VM_MIN_KERNEL_ADDRESS;
2048 virtual_end = VM_MAX_SAFE_KERNEL_ADDRESS;
2051 * Remap any early IO mappings (console framebuffer, etc.)
2053 bs_remap_earlyboot();
2056 * Allocate a kernel stack with a guard page for thread0 and map it
2057 * into the kernel page map.
2059 pa = allocpages(kstack_pages);
2060 va = virtual_avail + KSTACK_GUARD_PAGES * PAGE_SIZE;
2061 virtual_avail = va + kstack_pages * PAGE_SIZE;
2062 CTR2(KTR_PMAP, "moea64_bootstrap: kstack0 at %#x (%#x)", pa, va);
2063 thread0.td_kstack = va;
2064 for (i = 0; i < kstack_pages; i++) {
2065 mmu_radix_kenter(va, pa);
2069 thread0.td_kstack_pages = kstack_pages;
2072 * Allocate virtual address space for the message buffer.
2074 pa = msgbuf_phys = allocpages((msgbufsize + PAGE_MASK) >> PAGE_SHIFT);
2075 msgbufp = (struct msgbuf *)PHYS_TO_DMAP(pa);
2078 * Allocate virtual address space for the dynamic percpu area.
2080 pa = allocpages(DPCPU_SIZE >> PAGE_SHIFT);
2081 dpcpu = (void *)PHYS_TO_DMAP(pa);
2082 dpcpu_init(dpcpu, curcpu);
2084 * Reserve some special page table entries/VA space for temporary
2090 mmu_parttab_init(void)
2094 isa3_parttab = (struct pate *)PHYS_TO_DMAP(parttab_phys);
2097 printf("%s parttab: %p\n", __func__, isa3_parttab);
2098 ptcr = parttab_phys | (PARTTAB_SIZE_SHIFT-12);
2100 printf("setting ptcr %lx\n", ptcr);
2101 mtspr(SPR_PTCR, ptcr);
2105 mmu_parttab_update(uint64_t lpid, uint64_t pagetab, uint64_t proctab)
2110 printf("%s isa3_parttab %p lpid %lx pagetab %lx proctab %lx\n", __func__, isa3_parttab,
2111 lpid, pagetab, proctab);
2112 prev = be64toh(isa3_parttab[lpid].pagetab);
2113 isa3_parttab[lpid].pagetab = htobe64(pagetab);
2114 isa3_parttab[lpid].proctab = htobe64(proctab);
2116 if (prev & PARTTAB_HR) {
2117 __asm __volatile(PPC_TLBIE_5(%0,%1,2,0,1) : :
2118 "r" (TLBIEL_INVAL_SET_LPID), "r" (lpid));
2119 __asm __volatile(PPC_TLBIE_5(%0,%1,2,1,1) : :
2120 "r" (TLBIEL_INVAL_SET_LPID), "r" (lpid));
2122 __asm __volatile(PPC_TLBIE_5(%0,%1,2,0,0) : :
2123 "r" (TLBIEL_INVAL_SET_LPID), "r" (lpid));
2129 mmu_radix_parttab_init(void)
2134 pagetab = RTS_SIZE | DMAP_TO_PHYS((vm_offset_t)kernel_pmap->pm_pml1) | \
2135 RADIX_PGD_INDEX_SHIFT | PARTTAB_HR;
2136 mmu_parttab_update(0, pagetab, 0);
2140 mmu_radix_proctab_register(vm_paddr_t proctabpa, uint64_t table_size)
2142 uint64_t pagetab, proctab;
2144 pagetab = be64toh(isa3_parttab[0].pagetab);
2145 proctab = proctabpa | table_size | PARTTAB_GR;
2146 mmu_parttab_update(0, pagetab, proctab);
2150 mmu_radix_proctab_init(void)
2155 isa3_proctab = (void*)PHYS_TO_DMAP(proctab0pa);
2156 isa3_proctab->proctab0 =
2157 htobe64(RTS_SIZE | DMAP_TO_PHYS((vm_offset_t)kernel_pmap->pm_pml1) |
2158 RADIX_PGD_INDEX_SHIFT);
2160 mmu_radix_proctab_register(proctab0pa, PROCTAB_SIZE_SHIFT - 12);
2162 __asm __volatile("ptesync" : : : "memory");
2163 __asm __volatile(PPC_TLBIE_5(%0,%1,2,1,1) : :
2164 "r" (TLBIEL_INVAL_SET_LPID), "r" (0));
2165 __asm __volatile("eieio; tlbsync; ptesync" : : : "memory");
2167 printf("process table %p and kernel radix PDE: %p\n",
2168 isa3_proctab, kernel_pmap->pm_pml1);
2169 mtmsr(mfmsr() | PSL_DR );
2170 mtmsr(mfmsr() & ~PSL_DR);
2171 kernel_pmap->pm_pid = isa3_base_pid;
2176 mmu_radix_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
2179 struct rwlock *lock;
2182 pml3_entry_t oldl3e, *l3e;
2184 vm_offset_t va, va_next;
2186 boolean_t anychanged;
2188 if (advice != MADV_DONTNEED && advice != MADV_FREE)
2192 for (; sva < eva; sva = va_next) {
2193 l1e = pmap_pml1e(pmap, sva);
2194 if ((*l1e & PG_V) == 0) {
2195 va_next = (sva + L1_PAGE_SIZE) & ~L1_PAGE_MASK;
2200 l2e = pmap_l1e_to_l2e(l1e, sva);
2201 if ((*l2e & PG_V) == 0) {
2202 va_next = (sva + L2_PAGE_SIZE) & ~L2_PAGE_MASK;
2207 va_next = (sva + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
2210 l3e = pmap_l2e_to_l3e(l2e, sva);
2212 if ((oldl3e & PG_V) == 0)
2214 else if ((oldl3e & RPTE_LEAF) != 0) {
2215 if ((oldl3e & PG_MANAGED) == 0)
2218 if (!pmap_demote_l3e_locked(pmap, l3e, sva, &lock)) {
2223 * The large page mapping was destroyed.
2229 * Unless the page mappings are wired, remove the
2230 * mapping to a single page so that a subsequent
2231 * access may repromote. Since the underlying page
2232 * table page is fully populated, this removal never
2233 * frees a page table page.
2235 if ((oldl3e & PG_W) == 0) {
2236 pte = pmap_l3e_to_pte(l3e, sva);
2237 KASSERT((*pte & PG_V) != 0,
2238 ("pmap_advise: invalid PTE"));
2239 pmap_remove_pte(pmap, pte, sva, *l3e, NULL,
2249 for (pte = pmap_l3e_to_pte(l3e, sva); sva != va_next;
2250 pte++, sva += PAGE_SIZE) {
2251 MPASS(pte == pmap_pte(pmap, sva));
2253 if ((*pte & (PG_MANAGED | PG_V)) != (PG_MANAGED | PG_V))
2255 else if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
2256 if (advice == MADV_DONTNEED) {
2258 * Future calls to pmap_is_modified()
2259 * can be avoided by making the page
2262 m = PHYS_TO_VM_PAGE(*pte & PG_FRAME);
2265 atomic_clear_long(pte, PG_M | PG_A);
2266 } else if ((*pte & PG_A) != 0)
2267 atomic_clear_long(pte, PG_A);
2273 if (va != va_next) {
2282 pmap_invalidate_all(pmap);
2287 * Routines used in machine-dependent code
2290 mmu_radix_bootstrap(vm_offset_t start, vm_offset_t end)
2295 printf("%s\n", __func__);
2297 mmu_radix_early_bootstrap(start, end);
2299 printf("early bootstrap complete\n");
2300 if (powernv_enabled) {
2301 lpcr = mfspr(SPR_LPCR);
2302 mtspr(SPR_LPCR, lpcr | LPCR_UPRT | LPCR_HR);
2303 mmu_radix_parttab_init();
2304 mmu_radix_init_amor();
2306 printf("powernv init complete\n");
2308 mmu_radix_init_iamr();
2309 mmu_radix_proctab_init();
2310 mmu_radix_pid_set(kernel_pmap);
2311 /* XXX assume CPU_FTR_HVMODE */
2312 mmu_radix_tlbiel_flush(TLB_INVAL_SCOPE_GLOBAL);
2314 mmu_radix_late_bootstrap(start, end);
2315 numa_mem_regions(&numa_pregions, &numa_pregions_sz);
2317 printf("%s done\n", __func__);
2318 pmap_bootstrapped = 1;
2319 dmaplimit = roundup2(powerpc_ptob(Maxmem), L2_PAGE_SIZE);
2320 PCPU_SET(flags, PCPU_GET(flags) | PC_FLAG_NOSRS);
2324 mmu_radix_cpu_bootstrap(int ap)
2329 if (powernv_enabled) {
2330 lpcr = mfspr(SPR_LPCR);
2331 mtspr(SPR_LPCR, lpcr | LPCR_UPRT | LPCR_HR);
2333 ptcr = parttab_phys | (PARTTAB_SIZE_SHIFT-12);
2334 mtspr(SPR_PTCR, ptcr);
2335 mmu_radix_init_amor();
2337 mmu_radix_init_iamr();
2338 mmu_radix_pid_set(kernel_pmap);
2339 mmu_radix_tlbiel_flush(TLB_INVAL_SCOPE_GLOBAL);
2342 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l3e, CTLFLAG_RD, 0,
2343 "2MB page mapping counters");
2345 static u_long pmap_l3e_demotions;
2346 SYSCTL_ULONG(_vm_pmap_l3e, OID_AUTO, demotions, CTLFLAG_RD,
2347 &pmap_l3e_demotions, 0, "2MB page demotions");
2349 static u_long pmap_l3e_mappings;
2350 SYSCTL_ULONG(_vm_pmap_l3e, OID_AUTO, mappings, CTLFLAG_RD,
2351 &pmap_l3e_mappings, 0, "2MB page mappings");
2353 static u_long pmap_l3e_p_failures;
2354 SYSCTL_ULONG(_vm_pmap_l3e, OID_AUTO, p_failures, CTLFLAG_RD,
2355 &pmap_l3e_p_failures, 0, "2MB page promotion failures");
2357 static u_long pmap_l3e_promotions;
2358 SYSCTL_ULONG(_vm_pmap_l3e, OID_AUTO, promotions, CTLFLAG_RD,
2359 &pmap_l3e_promotions, 0, "2MB page promotions");
2361 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2e, CTLFLAG_RD, 0,
2362 "1GB page mapping counters");
2364 static u_long pmap_l2e_demotions;
2365 SYSCTL_ULONG(_vm_pmap_l2e, OID_AUTO, demotions, CTLFLAG_RD,
2366 &pmap_l2e_demotions, 0, "1GB page demotions");
2369 mmu_radix_clear_modify(vm_page_t m)
2371 struct md_page *pvh;
2373 pv_entry_t next_pv, pv;
2374 pml3_entry_t oldl3e, *l3e;
2375 pt_entry_t oldpte, *pte;
2376 struct rwlock *lock;
2378 int md_gen, pvh_gen;
2380 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2381 ("pmap_clear_modify: page %p is not managed", m));
2382 vm_page_assert_busied(m);
2383 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
2386 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
2387 * If the object containing the page is locked and the page is not
2388 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
2390 if ((m->a.flags & PGA_WRITEABLE) == 0)
2392 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2393 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2394 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
2397 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_link, next_pv) {
2399 if (!PMAP_TRYLOCK(pmap)) {
2400 pvh_gen = pvh->pv_gen;
2404 if (pvh_gen != pvh->pv_gen) {
2410 l3e = pmap_pml3e(pmap, va);
2412 if ((oldl3e & PG_RW) != 0) {
2413 if (pmap_demote_l3e_locked(pmap, l3e, va, &lock)) {
2414 if ((oldl3e & PG_W) == 0) {
2416 * Write protect the mapping to a
2417 * single page so that a subsequent
2418 * write access may repromote.
2420 va += VM_PAGE_TO_PHYS(m) - (oldl3e &
2422 pte = pmap_l3e_to_pte(l3e, va);
2424 if ((oldpte & PG_V) != 0) {
2425 while (!atomic_cmpset_long(pte,
2427 (oldpte | RPTE_EAA_R) & ~(PG_M | PG_RW)))
2430 pmap_invalidate_page(pmap, va);
2437 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
2439 if (!PMAP_TRYLOCK(pmap)) {
2440 md_gen = m->md.pv_gen;
2441 pvh_gen = pvh->pv_gen;
2445 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
2450 l3e = pmap_pml3e(pmap, pv->pv_va);
2451 KASSERT((*l3e & RPTE_LEAF) == 0, ("pmap_clear_modify: found"
2452 " a 2mpage in page %p's pv list", m));
2453 pte = pmap_l3e_to_pte(l3e, pv->pv_va);
2454 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
2455 atomic_clear_long(pte, PG_M);
2456 pmap_invalidate_page(pmap, pv->pv_va);
2464 mmu_radix_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
2465 vm_size_t len, vm_offset_t src_addr)
2467 struct rwlock *lock;
2468 struct spglist free;
2470 vm_offset_t end_addr = src_addr + len;
2471 vm_offset_t va_next;
2472 vm_page_t dst_pdpg, dstmpte, srcmpte;
2473 bool invalidate_all;
2476 "%s(dst_pmap=%p, src_pmap=%p, dst_addr=%lx, len=%lu, src_addr=%lx)\n",
2477 __func__, dst_pmap, src_pmap, dst_addr, len, src_addr);
2479 if (dst_addr != src_addr)
2482 invalidate_all = false;
2483 if (dst_pmap < src_pmap) {
2484 PMAP_LOCK(dst_pmap);
2485 PMAP_LOCK(src_pmap);
2487 PMAP_LOCK(src_pmap);
2488 PMAP_LOCK(dst_pmap);
2491 for (addr = src_addr; addr < end_addr; addr = va_next) {
2494 pml3_entry_t srcptepaddr, *l3e;
2495 pt_entry_t *src_pte, *dst_pte;
2497 l1e = pmap_pml1e(src_pmap, addr);
2498 if ((*l1e & PG_V) == 0) {
2499 va_next = (addr + L1_PAGE_SIZE) & ~L1_PAGE_MASK;
2505 l2e = pmap_l1e_to_l2e(l1e, addr);
2506 if ((*l2e & PG_V) == 0) {
2507 va_next = (addr + L2_PAGE_SIZE) & ~L2_PAGE_MASK;
2513 va_next = (addr + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
2517 l3e = pmap_l2e_to_l3e(l2e, addr);
2519 if (srcptepaddr == 0)
2522 if (srcptepaddr & RPTE_LEAF) {
2523 if ((addr & L3_PAGE_MASK) != 0 ||
2524 addr + L3_PAGE_SIZE > end_addr)
2526 dst_pdpg = pmap_allocl3e(dst_pmap, addr, NULL);
2527 if (dst_pdpg == NULL)
2529 l3e = (pml3_entry_t *)
2530 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dst_pdpg));
2531 l3e = &l3e[pmap_pml3e_index(addr)];
2532 if (*l3e == 0 && ((srcptepaddr & PG_MANAGED) == 0 ||
2533 pmap_pv_insert_l3e(dst_pmap, addr, srcptepaddr,
2534 PMAP_ENTER_NORECLAIM, &lock))) {
2535 *l3e = srcptepaddr & ~PG_W;
2536 pmap_resident_count_inc(dst_pmap,
2537 L3_PAGE_SIZE / PAGE_SIZE);
2538 atomic_add_long(&pmap_l3e_mappings, 1);
2540 dst_pdpg->ref_count--;
2544 srcptepaddr &= PG_FRAME;
2545 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr);
2546 KASSERT(srcmpte->ref_count > 0,
2547 ("pmap_copy: source page table page is unused"));
2549 if (va_next > end_addr)
2552 src_pte = (pt_entry_t *)PHYS_TO_DMAP(srcptepaddr);
2553 src_pte = &src_pte[pmap_pte_index(addr)];
2555 while (addr < va_next) {
2559 * we only virtual copy managed pages
2561 if ((ptetemp & PG_MANAGED) != 0) {
2562 if (dstmpte != NULL &&
2563 dstmpte->pindex == pmap_l3e_pindex(addr))
2564 dstmpte->ref_count++;
2565 else if ((dstmpte = pmap_allocpte(dst_pmap,
2566 addr, NULL)) == NULL)
2568 dst_pte = (pt_entry_t *)
2569 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
2570 dst_pte = &dst_pte[pmap_pte_index(addr)];
2571 if (*dst_pte == 0 &&
2572 pmap_try_insert_pv_entry(dst_pmap, addr,
2573 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME),
2576 * Clear the wired, modified, and
2577 * accessed (referenced) bits
2580 *dst_pte = ptetemp & ~(PG_W | PG_M |
2582 pmap_resident_count_inc(dst_pmap, 1);
2585 if (pmap_unwire_ptp(dst_pmap, addr,
2588 * Although "addr" is not
2589 * mapped, paging-structure
2590 * caches could nonetheless
2591 * have entries that refer to
2592 * the freed page table pages.
2593 * Invalidate those entries.
2595 invalidate_all = true;
2596 vm_page_free_pages_toq(&free,
2601 if (dstmpte->ref_count >= srcmpte->ref_count)
2605 if (__predict_false((addr & L3_PAGE_MASK) == 0))
2606 src_pte = pmap_pte(src_pmap, addr);
2613 pmap_invalidate_all(dst_pmap);
2616 PMAP_UNLOCK(src_pmap);
2617 PMAP_UNLOCK(dst_pmap);
2621 mmu_radix_copy_page(vm_page_t msrc, vm_page_t mdst)
2623 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
2624 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
2626 CTR3(KTR_PMAP, "%s(%p, %p)", __func__, src, dst);
2630 bcopy((void *)src, (void *)dst, PAGE_SIZE);
2634 mmu_radix_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
2635 vm_offset_t b_offset, int xfersize)
2638 CTR6(KTR_PMAP, "%s(%p, %#x, %p, %#x, %#x)", __func__, ma,
2639 a_offset, mb, b_offset, xfersize);
2643 #if VM_NRESERVLEVEL > 0
2645 * Tries to promote the 512, contiguous 4KB page mappings that are within a
2646 * single page table page (PTP) to a single 2MB page mapping. For promotion
2647 * to occur, two conditions must be met: (1) the 4KB page mappings must map
2648 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
2649 * identical characteristics.
2652 pmap_promote_l3e(pmap_t pmap, pml3_entry_t *pde, vm_offset_t va,
2653 struct rwlock **lockp)
2655 pml3_entry_t newpde;
2656 pt_entry_t *firstpte, oldpte, pa, *pte;
2659 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2662 * Examine the first PTE in the specified PTP. Abort if this PTE is
2663 * either invalid, unused, or does not map the first 4KB physical page
2664 * within a 2MB page.
2666 firstpte = (pt_entry_t *)PHYS_TO_DMAP(*pde & PG_FRAME);
2669 if ((newpde & ((PG_FRAME & L3_PAGE_MASK) | PG_A | PG_V)) != (PG_A | PG_V)) {
2670 CTR2(KTR_PMAP, "pmap_promote_l3e: failure for va %#lx"
2671 " in pmap %p", va, pmap);
2674 if ((newpde & (PG_M | PG_RW)) == PG_RW) {
2676 * When PG_M is already clear, PG_RW can be cleared without
2677 * a TLB invalidation.
2679 if (!atomic_cmpset_long(firstpte, newpde, (newpde | RPTE_EAA_R) & ~RPTE_EAA_W))
2681 newpde &= ~RPTE_EAA_W;
2685 * Examine each of the other PTEs in the specified PTP. Abort if this
2686 * PTE maps an unexpected 4KB physical page or does not have identical
2687 * characteristics to the first PTE.
2689 pa = (newpde & (PG_PS_FRAME | PG_A | PG_V)) + L3_PAGE_SIZE - PAGE_SIZE;
2690 for (pte = firstpte + NPTEPG - 1; pte > firstpte; pte--) {
2693 if ((oldpte & (PG_FRAME | PG_A | PG_V)) != pa) {
2694 CTR2(KTR_PMAP, "pmap_promote_l3e: failure for va %#lx"
2695 " in pmap %p", va, pmap);
2698 if ((oldpte & (PG_M | PG_RW)) == PG_RW) {
2700 * When PG_M is already clear, PG_RW can be cleared
2701 * without a TLB invalidation.
2703 if (!atomic_cmpset_long(pte, oldpte, (oldpte | RPTE_EAA_R) & ~RPTE_EAA_W))
2705 oldpte &= ~RPTE_EAA_W;
2706 CTR2(KTR_PMAP, "pmap_promote_l3e: protect for va %#lx"
2707 " in pmap %p", (oldpte & PG_FRAME & L3_PAGE_MASK) |
2708 (va & ~L3_PAGE_MASK), pmap);
2710 if ((oldpte & PG_PTE_PROMOTE) != (newpde & PG_PTE_PROMOTE)) {
2711 CTR2(KTR_PMAP, "pmap_promote_l3e: failure for va %#lx"
2712 " in pmap %p", va, pmap);
2719 * Save the page table page in its current state until the PDE
2720 * mapping the superpage is demoted by pmap_demote_pde() or
2721 * destroyed by pmap_remove_pde().
2723 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
2724 KASSERT(mpte >= vm_page_array &&
2725 mpte < &vm_page_array[vm_page_array_size],
2726 ("pmap_promote_l3e: page table page is out of range"));
2727 KASSERT(mpte->pindex == pmap_l3e_pindex(va),
2728 ("pmap_promote_l3e: page table page's pindex is wrong"));
2729 if (pmap_insert_pt_page(pmap, mpte)) {
2731 "pmap_promote_l3e: failure for va %#lx in pmap %p", va,
2737 * Promote the pv entries.
2739 if ((newpde & PG_MANAGED) != 0)
2740 pmap_pv_promote_l3e(pmap, va, newpde & PG_PS_FRAME, lockp);
2742 pte_store(pde, PG_PROMOTED | newpde);
2743 atomic_add_long(&pmap_l3e_promotions, 1);
2744 CTR2(KTR_PMAP, "pmap_promote_l3e: success for va %#lx"
2745 " in pmap %p", va, pmap);
2748 atomic_add_long(&pmap_l3e_p_failures, 1);
2749 return (KERN_FAILURE);
2751 #endif /* VM_NRESERVLEVEL > 0 */
2754 mmu_radix_enter(pmap_t pmap, vm_offset_t va, vm_page_t m,
2755 vm_prot_t prot, u_int flags, int8_t psind)
2757 struct rwlock *lock;
2760 pt_entry_t newpte, origpte;
2765 boolean_t nosleep, invalidate_all, invalidate_page;
2767 va = trunc_page(va);
2769 invalidate_page = invalidate_all = false;
2770 CTR6(KTR_PMAP, "pmap_enter(%p, %#lx, %p, %#x, %#x, %d)", pmap, va,
2771 m, prot, flags, psind);
2772 KASSERT(va <= VM_MAX_KERNEL_ADDRESS, ("pmap_enter: toobig"));
2773 KASSERT((m->oflags & VPO_UNMANAGED) != 0 || va < kmi.clean_sva ||
2774 va >= kmi.clean_eva,
2775 ("pmap_enter: managed mapping within the clean submap"));
2776 if ((m->oflags & VPO_UNMANAGED) == 0)
2777 VM_PAGE_OBJECT_BUSY_ASSERT(m);
2779 KASSERT((flags & PMAP_ENTER_RESERVED) == 0,
2780 ("pmap_enter: flags %u has reserved bits set", flags));
2781 pa = VM_PAGE_TO_PHYS(m);
2782 newpte = (pt_entry_t)(pa | PG_A | PG_V | RPTE_LEAF);
2783 if ((flags & VM_PROT_WRITE) != 0)
2785 if ((flags & VM_PROT_READ) != 0)
2787 if (prot & VM_PROT_READ)
2788 newpte |= RPTE_EAA_R;
2789 if ((prot & VM_PROT_WRITE) != 0)
2790 newpte |= RPTE_EAA_W;
2791 KASSERT((newpte & (PG_M | PG_RW)) != PG_M,
2792 ("pmap_enter: flags includes VM_PROT_WRITE but prot doesn't"));
2794 if (prot & VM_PROT_EXECUTE)
2796 if ((flags & PMAP_ENTER_WIRED) != 0)
2798 if (va >= DMAP_MIN_ADDRESS)
2799 newpte |= RPTE_EAA_P;
2800 newpte |= pmap_cache_bits(m->md.mdpg_cache_attrs);
2802 * Set modified bit gratuitously for writeable mappings if
2803 * the page is unmanaged. We do not want to take a fault
2804 * to do the dirty bit accounting for these mappings.
2806 if ((m->oflags & VPO_UNMANAGED) != 0) {
2807 if ((newpte & PG_RW) != 0)
2810 newpte |= PG_MANAGED;
2815 /* Assert the required virtual and physical alignment. */
2816 KASSERT((va & L3_PAGE_MASK) == 0, ("pmap_enter: va unaligned"));
2817 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
2818 rv = pmap_enter_l3e(pmap, va, newpte | RPTE_LEAF, flags, m, &lock);
2824 * In the case that a page table page is not
2825 * resident, we are creating it here.
2828 l3e = pmap_pml3e(pmap, va);
2829 if (l3e != NULL && (*l3e & PG_V) != 0 && ((*l3e & RPTE_LEAF) == 0 ||
2830 pmap_demote_l3e_locked(pmap, l3e, va, &lock))) {
2831 pte = pmap_l3e_to_pte(l3e, va);
2832 if (va < VM_MAXUSER_ADDRESS && mpte == NULL) {
2833 mpte = PHYS_TO_VM_PAGE(*l3e & PG_FRAME);
2836 } else if (va < VM_MAXUSER_ADDRESS) {
2838 * Here if the pte page isn't mapped, or if it has been
2841 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
2842 mpte = _pmap_allocpte(pmap, pmap_l3e_pindex(va),
2843 nosleep ? NULL : &lock);
2844 if (mpte == NULL && nosleep) {
2845 rv = KERN_RESOURCE_SHORTAGE;
2848 if (__predict_false(retrycount++ == 6))
2849 panic("too many retries");
2850 invalidate_all = true;
2853 panic("pmap_enter: invalid page directory va=%#lx", va);
2859 * Is the specified virtual address already mapped?
2861 if ((origpte & PG_V) != 0) {
2863 if (VERBOSE_PMAP || pmap_logging) {
2864 printf("cow fault pmap_enter(%p, %#lx, %p, %#x, %x, %d) --"
2865 " asid=%lu curpid=%d name=%s origpte0x%lx\n",
2866 pmap, va, m, prot, flags, psind, pmap->pm_pid,
2867 curproc->p_pid, curproc->p_comm, origpte);
2868 pmap_pte_walk(pmap->pm_pml1, va);
2872 * Wiring change, just update stats. We don't worry about
2873 * wiring PT pages as they remain resident as long as there
2874 * are valid mappings in them. Hence, if a user page is wired,
2875 * the PT page will be also.
2877 if ((newpte & PG_W) != 0 && (origpte & PG_W) == 0)
2878 pmap->pm_stats.wired_count++;
2879 else if ((newpte & PG_W) == 0 && (origpte & PG_W) != 0)
2880 pmap->pm_stats.wired_count--;
2883 * Remove the extra PT page reference.
2887 KASSERT(mpte->ref_count > 0,
2888 ("pmap_enter: missing reference to page table page,"
2893 * Has the physical page changed?
2895 opa = origpte & PG_FRAME;
2898 * No, might be a protection or wiring change.
2900 if ((origpte & PG_MANAGED) != 0 &&
2901 (newpte & PG_RW) != 0)
2902 vm_page_aflag_set(m, PGA_WRITEABLE);
2903 if (((origpte ^ newpte) & ~(PG_M | PG_A)) == 0) {
2904 if ((newpte & (PG_A|PG_M)) != (origpte & (PG_A|PG_M))) {
2905 if (!atomic_cmpset_long(pte, origpte, newpte))
2907 if ((newpte & PG_M) != (origpte & PG_M))
2909 if ((newpte & PG_A) != (origpte & PG_A))
2910 vm_page_aflag_set(m, PGA_REFERENCED);
2913 invalidate_all = true;
2914 if (((origpte ^ newpte) & ~(PG_M | PG_A)) == 0)
2921 * The physical page has changed. Temporarily invalidate
2922 * the mapping. This ensures that all threads sharing the
2923 * pmap keep a consistent view of the mapping, which is
2924 * necessary for the correct handling of COW faults. It
2925 * also permits reuse of the old mapping's PV entry,
2926 * avoiding an allocation.
2928 * For consistency, handle unmanaged mappings the same way.
2930 origpte = pte_load_clear(pte);
2931 KASSERT((origpte & PG_FRAME) == opa,
2932 ("pmap_enter: unexpected pa update for %#lx", va));
2933 if ((origpte & PG_MANAGED) != 0) {
2934 om = PHYS_TO_VM_PAGE(opa);
2937 * The pmap lock is sufficient to synchronize with
2938 * concurrent calls to pmap_page_test_mappings() and
2939 * pmap_ts_referenced().
2941 if ((origpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
2943 if ((origpte & PG_A) != 0)
2944 vm_page_aflag_set(om, PGA_REFERENCED);
2945 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
2946 pv = pmap_pvh_remove(&om->md, pmap, va);
2947 if ((newpte & PG_MANAGED) == 0)
2948 free_pv_entry(pmap, pv);
2950 else if (origpte & PG_MANAGED) {
2952 pmap_page_print_mappings(om);
2957 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
2958 TAILQ_EMPTY(&om->md.pv_list) &&
2959 ((om->flags & PG_FICTITIOUS) != 0 ||
2960 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
2961 vm_page_aflag_clear(om, PGA_WRITEABLE);
2963 if ((origpte & PG_A) != 0)
2964 invalidate_page = true;
2967 if (pmap != kernel_pmap) {
2969 if (VERBOSE_PMAP || pmap_logging)
2970 printf("pmap_enter(%p, %#lx, %p, %#x, %x, %d) -- asid=%lu curpid=%d name=%s\n",
2971 pmap, va, m, prot, flags, psind,
2972 pmap->pm_pid, curproc->p_pid,
2978 * Increment the counters.
2980 if ((newpte & PG_W) != 0)
2981 pmap->pm_stats.wired_count++;
2982 pmap_resident_count_inc(pmap, 1);
2986 * Enter on the PV list if part of our managed memory.
2988 if ((newpte & PG_MANAGED) != 0) {
2990 pv = get_pv_entry(pmap, &lock);
2995 printf("reassigning pv: %p to pmap: %p\n",
2998 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
2999 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_link);
3001 if ((newpte & PG_RW) != 0)
3002 vm_page_aflag_set(m, PGA_WRITEABLE);
3008 if ((origpte & PG_V) != 0) {
3010 origpte = pte_load_store(pte, newpte);
3011 KASSERT((origpte & PG_FRAME) == pa,
3012 ("pmap_enter: unexpected pa update for %#lx", va));
3013 if ((newpte & PG_M) == 0 && (origpte & (PG_M | PG_RW)) ==
3015 if ((origpte & PG_MANAGED) != 0)
3017 invalidate_page = true;
3020 * Although the PTE may still have PG_RW set, TLB
3021 * invalidation may nonetheless be required because
3022 * the PTE no longer has PG_M set.
3024 } else if ((origpte & PG_X) != 0 || (newpte & PG_X) == 0) {
3026 * Removing capabilities requires invalidation on POWER
3028 invalidate_page = true;
3031 if ((origpte & PG_A) != 0)
3032 invalidate_page = true;
3034 pte_store(pte, newpte);
3039 #if VM_NRESERVLEVEL > 0
3041 * If both the page table page and the reservation are fully
3042 * populated, then attempt promotion.
3044 if ((mpte == NULL || mpte->ref_count == NPTEPG) &&
3045 mmu_radix_ps_enabled(pmap) &&
3046 (m->flags & PG_FICTITIOUS) == 0 &&
3047 vm_reserv_level_iffullpop(m) == 0 &&
3048 pmap_promote_l3e(pmap, l3e, va, &lock) == 0)
3049 invalidate_all = true;
3052 pmap_invalidate_all(pmap);
3053 else if (invalidate_page)
3054 pmap_invalidate_page(pmap, va);
3066 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
3067 * if successful. Returns false if (1) a page table page cannot be allocated
3068 * without sleeping, (2) a mapping already exists at the specified virtual
3069 * address, or (3) a PV entry cannot be allocated without reclaiming another
3073 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3074 struct rwlock **lockp)
3076 pml3_entry_t newpde;
3078 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3079 newpde = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.mdpg_cache_attrs) |
3081 if ((m->oflags & VPO_UNMANAGED) == 0)
3082 newpde |= PG_MANAGED;
3083 if (prot & VM_PROT_EXECUTE)
3085 if (prot & VM_PROT_READ)
3086 newpde |= RPTE_EAA_R;
3087 if (va >= DMAP_MIN_ADDRESS)
3088 newpde |= RPTE_EAA_P;
3089 return (pmap_enter_l3e(pmap, va, newpde, PMAP_ENTER_NOSLEEP |
3090 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
3095 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
3096 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
3097 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
3098 * a mapping already exists at the specified virtual address. Returns
3099 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
3100 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
3101 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
3103 * The parameter "m" is only used when creating a managed, writeable mapping.
3106 pmap_enter_l3e(pmap_t pmap, vm_offset_t va, pml3_entry_t newpde, u_int flags,
3107 vm_page_t m, struct rwlock **lockp)
3109 struct spglist free;
3110 pml3_entry_t oldl3e, *l3e;
3113 KASSERT((newpde & (PG_M | PG_RW)) != PG_RW,
3114 ("pmap_enter_pde: newpde is missing PG_M"));
3115 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3117 if ((pdpg = pmap_allocl3e(pmap, va, (flags & PMAP_ENTER_NOSLEEP) != 0 ?
3118 NULL : lockp)) == NULL) {
3119 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3120 " in pmap %p", va, pmap);
3121 return (KERN_RESOURCE_SHORTAGE);
3123 l3e = (pml3_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
3124 l3e = &l3e[pmap_pml3e_index(va)];
3126 if ((oldl3e & PG_V) != 0) {
3127 KASSERT(pdpg->ref_count > 1,
3128 ("pmap_enter_pde: pdpg's wire count is too low"));
3129 if ((flags & PMAP_ENTER_NOREPLACE) != 0) {
3131 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3132 " in pmap %p", va, pmap);
3133 return (KERN_FAILURE);
3135 /* Break the existing mapping(s). */
3137 if ((oldl3e & RPTE_LEAF) != 0) {
3139 * The reference to the PD page that was acquired by
3140 * pmap_allocl3e() ensures that it won't be freed.
3141 * However, if the PDE resulted from a promotion, then
3142 * a reserved PT page could be freed.
3144 (void)pmap_remove_l3e(pmap, l3e, va, &free, lockp);
3146 if (pmap_remove_ptes(pmap, va, va + L3_PAGE_SIZE, l3e,
3148 pmap_invalidate_all(pmap);
3150 vm_page_free_pages_toq(&free, true);
3151 if (va >= VM_MAXUSER_ADDRESS) {
3152 mt = PHYS_TO_VM_PAGE(*l3e & PG_FRAME);
3153 if (pmap_insert_pt_page(pmap, mt)) {
3155 * XXX Currently, this can't happen because
3156 * we do not perform pmap_enter(psind == 1)
3157 * on the kernel pmap.
3159 panic("pmap_enter_pde: trie insert failed");
3162 KASSERT(*l3e == 0, ("pmap_enter_pde: non-zero pde %p",
3165 if ((newpde & PG_MANAGED) != 0) {
3167 * Abort this mapping if its PV entry could not be created.
3169 if (!pmap_pv_insert_l3e(pmap, va, newpde, flags, lockp)) {
3171 if (pmap_unwire_ptp(pmap, va, pdpg, &free)) {
3173 * Although "va" is not mapped, paging-
3174 * structure caches could nonetheless have
3175 * entries that refer to the freed page table
3176 * pages. Invalidate those entries.
3178 pmap_invalidate_page(pmap, va);
3179 vm_page_free_pages_toq(&free, true);
3181 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3182 " in pmap %p", va, pmap);
3183 return (KERN_RESOURCE_SHORTAGE);
3185 if ((newpde & PG_RW) != 0) {
3186 for (mt = m; mt < &m[L3_PAGE_SIZE / PAGE_SIZE]; mt++)
3187 vm_page_aflag_set(mt, PGA_WRITEABLE);
3192 * Increment counters.
3194 if ((newpde & PG_W) != 0)
3195 pmap->pm_stats.wired_count += L3_PAGE_SIZE / PAGE_SIZE;
3196 pmap_resident_count_inc(pmap, L3_PAGE_SIZE / PAGE_SIZE);
3199 * Map the superpage. (This is not a promoted mapping; there will not
3200 * be any lingering 4KB page mappings in the TLB.)
3202 pte_store(l3e, newpde);
3204 atomic_add_long(&pmap_l3e_mappings, 1);
3205 CTR2(KTR_PMAP, "pmap_enter_pde: success for va %#lx"
3206 " in pmap %p", va, pmap);
3207 return (KERN_SUCCESS);
3211 mmu_radix_enter_object(pmap_t pmap, vm_offset_t start,
3212 vm_offset_t end, vm_page_t m_start, vm_prot_t prot)
3215 struct rwlock *lock;
3218 vm_pindex_t diff, psize;
3220 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3222 CTR6(KTR_PMAP, "%s(%p, %#x, %#x, %p, %#x)", __func__, pmap, start,
3223 end, m_start, prot);
3226 psize = atop(end - start);
3231 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3232 va = start + ptoa(diff);
3233 if ((va & L3_PAGE_MASK) == 0 && va + L3_PAGE_SIZE <= end &&
3234 m->psind == 1 && mmu_radix_ps_enabled(pmap) &&
3235 pmap_enter_2mpage(pmap, va, m, prot, &lock))
3236 m = &m[L3_PAGE_SIZE / PAGE_SIZE - 1];
3238 mpte = mmu_radix_enter_quick_locked(pmap, va, m, prot,
3239 mpte, &lock, &invalidate);
3240 m = TAILQ_NEXT(m, listq);
3246 pmap_invalidate_all(pmap);
3251 mmu_radix_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3252 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp, bool *invalidate)
3254 struct spglist free;
3258 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3259 (m->oflags & VPO_UNMANAGED) != 0,
3260 ("mmu_radix_enter_quick_locked: managed mapping within the clean submap"));
3261 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3264 * In the case that a page table page is not
3265 * resident, we are creating it here.
3267 if (va < VM_MAXUSER_ADDRESS) {
3268 vm_pindex_t ptepindex;
3269 pml3_entry_t *ptepa;
3272 * Calculate pagetable page index
3274 ptepindex = pmap_l3e_pindex(va);
3275 if (mpte && (mpte->pindex == ptepindex)) {
3279 * Get the page directory entry
3281 ptepa = pmap_pml3e(pmap, va);
3284 * If the page table page is mapped, we just increment
3285 * the hold count, and activate it. Otherwise, we
3286 * attempt to allocate a page table page. If this
3287 * attempt fails, we don't retry. Instead, we give up.
3289 if (ptepa && (*ptepa & PG_V) != 0) {
3290 if (*ptepa & RPTE_LEAF)
3292 mpte = PHYS_TO_VM_PAGE(*ptepa & PG_FRAME);
3296 * Pass NULL instead of the PV list lock
3297 * pointer, because we don't intend to sleep.
3299 mpte = _pmap_allocpte(pmap, ptepindex, NULL);
3304 pte = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
3305 pte = &pte[pmap_pte_index(va)];
3308 pte = pmap_pte(pmap, va);
3319 * Enter on the PV list if part of our managed memory.
3321 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3322 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
3325 if (pmap_unwire_ptp(pmap, va, mpte, &free)) {
3327 * Although "va" is not mapped, paging-
3328 * structure caches could nonetheless have
3329 * entries that refer to the freed page table
3330 * pages. Invalidate those entries.
3333 vm_page_free_pages_toq(&free, true);
3341 * Increment counters
3343 pmap_resident_count_inc(pmap, 1);
3345 pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.mdpg_cache_attrs);
3346 if (prot & VM_PROT_EXECUTE)
3350 if ((m->oflags & VPO_UNMANAGED) == 0)
3358 mmu_radix_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m,
3361 struct rwlock *lock;
3367 mmu_radix_enter_quick_locked(pmap, va, m, prot, NULL, &lock,
3373 pmap_invalidate_all(pmap);
3378 mmu_radix_extract(pmap_t pmap, vm_offset_t va)
3384 l3e = pmap_pml3e(pmap, va);
3385 if (__predict_false(l3e == NULL))
3387 if (*l3e & RPTE_LEAF) {
3388 pa = (*l3e & PG_PS_FRAME) | (va & L3_PAGE_MASK);
3389 pa |= (va & L3_PAGE_MASK);
3392 * Beware of a concurrent promotion that changes the
3393 * PDE at this point! For example, vtopte() must not
3394 * be used to access the PTE because it would use the
3395 * new PDE. It is, however, safe to use the old PDE
3396 * because the page table page is preserved by the
3399 pte = pmap_l3e_to_pte(l3e, va);
3400 if (__predict_false(pte == NULL))
3403 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
3404 pa |= (va & PAGE_MASK);
3410 mmu_radix_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
3412 pml3_entry_t l3e, *l3ep;
3419 CTR4(KTR_PMAP, "%s(%p, %#x, %#x)", __func__, pmap, va, prot);
3421 l3ep = pmap_pml3e(pmap, va);
3422 if (l3ep != NULL && (l3e = *l3ep)) {
3423 if (l3e & RPTE_LEAF) {
3424 if ((l3e & PG_RW) || (prot & VM_PROT_WRITE) == 0)
3425 m = PHYS_TO_VM_PAGE((l3e & PG_PS_FRAME) |
3426 (va & L3_PAGE_MASK));
3428 pte = *pmap_l3e_to_pte(l3ep, va);
3430 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0))
3431 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
3433 if (m != NULL && !vm_page_wire_mapped(m))
3441 mmu_radix_growkernel(vm_offset_t addr)
3448 CTR2(KTR_PMAP, "%s(%#x)", __func__, addr);
3449 if (VM_MIN_KERNEL_ADDRESS < addr &&
3450 addr < (VM_MIN_KERNEL_ADDRESS + nkpt * L3_PAGE_SIZE))
3453 addr = roundup2(addr, L3_PAGE_SIZE);
3454 if (addr - 1 >= vm_map_max(kernel_map))
3455 addr = vm_map_max(kernel_map);
3456 while (kernel_vm_end < addr) {
3457 l2e = pmap_pml2e(kernel_pmap, kernel_vm_end);
3458 if ((*l2e & PG_V) == 0) {
3459 /* We need a new PDP entry */
3460 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_PAGE_SIZE_SHIFT,
3461 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
3462 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
3464 panic("pmap_growkernel: no memory to grow kernel");
3465 if ((nkpg->flags & PG_ZERO) == 0)
3466 mmu_radix_zero_page(nkpg);
3467 paddr = VM_PAGE_TO_PHYS(nkpg);
3468 pde_store(l2e, paddr);
3469 continue; /* try again */
3471 l3e = pmap_l2e_to_l3e(l2e, kernel_vm_end);
3472 if ((*l3e & PG_V) != 0) {
3473 kernel_vm_end = (kernel_vm_end + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
3474 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
3475 kernel_vm_end = vm_map_max(kernel_map);
3481 nkpg = vm_page_alloc(NULL, pmap_l3e_pindex(kernel_vm_end),
3482 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
3485 panic("pmap_growkernel: no memory to grow kernel");
3486 if ((nkpg->flags & PG_ZERO) == 0)
3487 mmu_radix_zero_page(nkpg);
3488 paddr = VM_PAGE_TO_PHYS(nkpg);
3489 pde_store(l3e, paddr);
3491 kernel_vm_end = (kernel_vm_end + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
3492 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
3493 kernel_vm_end = vm_map_max(kernel_map);
3500 static MALLOC_DEFINE(M_RADIX_PGD, "radix_pgd", "radix page table root directory");
3501 static uma_zone_t zone_radix_pgd;
3504 radix_pgd_import(void *arg __unused, void **store, int count, int domain __unused,
3508 for (int i = 0; i < count; i++) {
3509 vm_page_t m = vm_page_alloc_contig(NULL, 0,
3510 VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
3511 VM_ALLOC_ZERO | VM_ALLOC_WAITOK, RADIX_PGD_SIZE/PAGE_SIZE,
3512 0, (vm_paddr_t)-1, RADIX_PGD_SIZE, L1_PAGE_SIZE,
3513 VM_MEMATTR_DEFAULT);
3514 /* XXX zero on alloc here so we don't have to later */
3515 store[i] = (void *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3521 radix_pgd_release(void *arg __unused, void **store, int count)
3524 struct spglist free;
3528 page_count = RADIX_PGD_SIZE/PAGE_SIZE;
3530 for (int i = 0; i < count; i++) {
3532 * XXX selectively remove dmap and KVA entries so we don't
3535 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)store[i]));
3536 for (int j = page_count-1; j >= 0; j--) {
3537 vm_page_unwire_noq(&m[j]);
3538 SLIST_INSERT_HEAD(&free, &m[j], plinks.s.ss);
3540 vm_page_free_pages_toq(&free, false);
3549 int error, i, pv_npg;
3551 /* L1TF, reserve page @0 unconditionally */
3552 vm_page_blacklist_add(0, bootverbose);
3554 zone_radix_pgd = uma_zcache_create("radix_pgd_cache",
3555 RADIX_PGD_SIZE, NULL, NULL,
3557 trash_init, trash_fini,
3561 radix_pgd_import, radix_pgd_release,
3562 NULL, UMA_ZONE_NOBUCKET);
3565 * Initialize the vm page array entries for the kernel pmap's
3568 PMAP_LOCK(kernel_pmap);
3569 for (i = 0; i < nkpt; i++) {
3570 mpte = PHYS_TO_VM_PAGE(KPTphys + (i << PAGE_SHIFT));
3571 KASSERT(mpte >= vm_page_array &&
3572 mpte < &vm_page_array[vm_page_array_size],
3573 ("pmap_init: page table page is out of range size: %lu",
3574 vm_page_array_size));
3575 mpte->pindex = pmap_l3e_pindex(VM_MIN_KERNEL_ADDRESS) + i;
3576 mpte->phys_addr = KPTphys + (i << PAGE_SHIFT);
3577 MPASS(PHYS_TO_VM_PAGE(mpte->phys_addr) == mpte);
3578 //pmap_insert_pt_page(kernel_pmap, mpte);
3579 mpte->ref_count = 1;
3581 PMAP_UNLOCK(kernel_pmap);
3584 CTR1(KTR_PMAP, "%s()", __func__);
3585 TAILQ_INIT(&pv_dummy.pv_list);
3588 * Are large page mappings enabled?
3590 TUNABLE_INT_FETCH("vm.pmap.pg_ps_enabled", &pg_ps_enabled);
3591 if (pg_ps_enabled) {
3592 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
3593 ("pmap_init: can't assign to pagesizes[1]"));
3594 pagesizes[1] = L3_PAGE_SIZE;
3598 * Initialize the pv chunk list mutex.
3600 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
3603 * Initialize the pool of pv list locks.
3605 for (i = 0; i < NPV_LIST_LOCKS; i++)
3606 rw_init(&pv_list_locks[i], "pmap pv list");
3609 * Calculate the size of the pv head table for superpages.
3611 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L3_PAGE_SIZE);
3614 * Allocate memory for the pv head table for superpages.
3616 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
3618 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
3619 for (i = 0; i < pv_npg; i++)
3620 TAILQ_INIT(&pv_table[i].pv_list);
3621 TAILQ_INIT(&pv_dummy.pv_list);
3623 pmap_initialized = 1;
3624 mtx_init(&qframe_mtx, "qfrmlk", NULL, MTX_SPIN);
3625 error = vmem_alloc(kernel_arena, PAGE_SIZE, M_BESTFIT | M_WAITOK,
3626 (vmem_addr_t *)&qframe);
3629 panic("qframe allocation failed");
3630 asid_arena = vmem_create("ASID", isa3_base_pid + 1, (1<<isa3_pid_bits),
3635 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
3637 struct rwlock *lock;
3639 struct md_page *pvh;
3640 pt_entry_t *pte, mask;
3642 int md_gen, pvh_gen;
3646 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3649 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
3651 if (!PMAP_TRYLOCK(pmap)) {
3652 md_gen = m->md.pv_gen;
3656 if (md_gen != m->md.pv_gen) {
3661 pte = pmap_pte(pmap, pv->pv_va);
3664 mask |= PG_RW | PG_M;
3666 mask |= PG_V | PG_A;
3667 rv = (*pte & mask) == mask;
3672 if ((m->flags & PG_FICTITIOUS) == 0) {
3673 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3674 TAILQ_FOREACH(pv, &pvh->pv_list, pv_link) {
3676 if (!PMAP_TRYLOCK(pmap)) {
3677 md_gen = m->md.pv_gen;
3678 pvh_gen = pvh->pv_gen;
3682 if (md_gen != m->md.pv_gen ||
3683 pvh_gen != pvh->pv_gen) {
3688 pte = pmap_pml3e(pmap, pv->pv_va);
3691 mask |= PG_RW | PG_M;
3693 mask |= PG_V | PG_A;
3694 rv = (*pte & mask) == mask;
3708 * Return whether or not the specified physical page was modified
3709 * in any physical maps.
3712 mmu_radix_is_modified(vm_page_t m)
3715 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3716 ("pmap_is_modified: page %p is not managed", m));
3718 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
3720 * If the page is not busied then this check is racy.
3722 if (!pmap_page_is_write_mapped(m))
3724 return (pmap_page_test_mappings(m, FALSE, TRUE));
3728 mmu_radix_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3734 CTR3(KTR_PMAP, "%s(%p, %#x)", __func__, pmap, addr);
3737 l3e = pmap_pml3e(pmap, addr);
3738 if (l3e != NULL && (*l3e & (RPTE_LEAF | PG_V)) == PG_V) {
3739 pte = pmap_l3e_to_pte(l3e, addr);
3740 rv = (*pte & PG_V) == 0;
3747 mmu_radix_is_referenced(vm_page_t m)
3749 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3750 ("pmap_is_referenced: page %p is not managed", m));
3751 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
3752 return (pmap_page_test_mappings(m, TRUE, FALSE));
3756 * pmap_ts_referenced:
3758 * Return a count of reference bits for a page, clearing those bits.
3759 * It is not necessary for every reference bit to be cleared, but it
3760 * is necessary that 0 only be returned when there are truly no
3761 * reference bits set.
3763 * As an optimization, update the page's dirty field if a modified bit is
3764 * found while counting reference bits. This opportunistic update can be
3765 * performed at low cost and can eliminate the need for some future calls
3766 * to pmap_is_modified(). However, since this function stops after
3767 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
3768 * dirty pages. Those dirty pages will only be detected by a future call
3769 * to pmap_is_modified().
3771 * A DI block is not needed within this function, because
3772 * invalidations are performed before the PV list lock is
3776 mmu_radix_ts_referenced(vm_page_t m)
3778 struct md_page *pvh;
3781 struct rwlock *lock;
3782 pml3_entry_t oldl3e, *l3e;
3785 int cleared, md_gen, not_cleared, pvh_gen;
3786 struct spglist free;
3788 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
3789 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3790 ("pmap_ts_referenced: page %p is not managed", m));
3793 pa = VM_PAGE_TO_PHYS(m);
3794 lock = PHYS_TO_PV_LIST_LOCK(pa);
3795 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
3799 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
3800 goto small_mappings;
3806 if (!PMAP_TRYLOCK(pmap)) {
3807 pvh_gen = pvh->pv_gen;
3811 if (pvh_gen != pvh->pv_gen) {
3816 l3e = pmap_pml3e(pmap, pv->pv_va);
3818 if ((oldl3e & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
3820 * Although "oldpde" is mapping a 2MB page, because
3821 * this function is called at a 4KB page granularity,
3822 * we only update the 4KB page under test.
3826 if ((oldl3e & PG_A) != 0) {
3828 * Since this reference bit is shared by 512 4KB
3829 * pages, it should not be cleared every time it is
3830 * tested. Apply a simple "hash" function on the
3831 * physical page number, the virtual superpage number,
3832 * and the pmap address to select one 4KB page out of
3833 * the 512 on which testing the reference bit will
3834 * result in clearing that reference bit. This
3835 * function is designed to avoid the selection of the
3836 * same 4KB page for every 2MB page mapping.
3838 * On demotion, a mapping that hasn't been referenced
3839 * is simply destroyed. To avoid the possibility of a
3840 * subsequent page fault on a demoted wired mapping,
3841 * always leave its reference bit set. Moreover,
3842 * since the superpage is wired, the current state of
3843 * its reference bit won't affect page replacement.
3845 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L3_PAGE_SIZE_SHIFT) ^
3846 (uintptr_t)pmap) & (NPTEPG - 1)) == 0 &&
3847 (oldl3e & PG_W) == 0) {
3848 atomic_clear_long(l3e, PG_A);
3849 pmap_invalidate_page(pmap, pv->pv_va);
3851 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
3852 ("inconsistent pv lock %p %p for page %p",
3853 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
3858 /* Rotate the PV list if it has more than one entry. */
3859 if (pv != NULL && TAILQ_NEXT(pv, pv_link) != NULL) {
3860 TAILQ_REMOVE(&pvh->pv_list, pv, pv_link);
3861 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_link);
3864 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
3866 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
3868 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
3875 if (!PMAP_TRYLOCK(pmap)) {
3876 pvh_gen = pvh->pv_gen;
3877 md_gen = m->md.pv_gen;
3881 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3886 l3e = pmap_pml3e(pmap, pv->pv_va);
3887 KASSERT((*l3e & RPTE_LEAF) == 0,
3888 ("pmap_ts_referenced: found a 2mpage in page %p's pv list",
3890 pte = pmap_l3e_to_pte(l3e, pv->pv_va);
3891 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
3893 if ((*pte & PG_A) != 0) {
3894 atomic_clear_long(pte, PG_A);
3895 pmap_invalidate_page(pmap, pv->pv_va);
3899 /* Rotate the PV list if it has more than one entry. */
3900 if (pv != NULL && TAILQ_NEXT(pv, pv_link) != NULL) {
3901 TAILQ_REMOVE(&m->md.pv_list, pv, pv_link);
3902 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_link);
3905 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
3906 not_cleared < PMAP_TS_REFERENCED_MAX);
3909 vm_page_free_pages_toq(&free, true);
3910 return (cleared + not_cleared);
3914 mmu_radix_map(vm_offset_t *virt __unused, vm_paddr_t start,
3915 vm_paddr_t end, int prot __unused)
3918 CTR5(KTR_PMAP, "%s(%p, %#x, %#x, %#x)", __func__, virt, start, end,
3920 return (PHYS_TO_DMAP(start));
3924 mmu_radix_object_init_pt(pmap_t pmap, vm_offset_t addr,
3925 vm_object_t object, vm_pindex_t pindex, vm_size_t size)
3928 vm_paddr_t pa, ptepa;
3932 CTR6(KTR_PMAP, "%s(%p, %#x, %p, %u, %#x)", __func__, pmap, addr,
3933 object, pindex, size);
3934 VM_OBJECT_ASSERT_WLOCKED(object);
3935 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3936 ("pmap_object_init_pt: non-device object"));
3937 /* NB: size can be logically ored with addr here */
3938 if ((addr & L3_PAGE_MASK) == 0 && (size & L3_PAGE_MASK) == 0) {
3939 if (!mmu_radix_ps_enabled(pmap))
3941 if (!vm_object_populate(object, pindex, pindex + atop(size)))
3943 p = vm_page_lookup(object, pindex);
3944 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3945 ("pmap_object_init_pt: invalid page %p", p));
3946 ma = p->md.mdpg_cache_attrs;
3949 * Abort the mapping if the first page is not physically
3950 * aligned to a 2MB page boundary.
3952 ptepa = VM_PAGE_TO_PHYS(p);
3953 if (ptepa & L3_PAGE_MASK)
3957 * Skip the first page. Abort the mapping if the rest of
3958 * the pages are not physically contiguous or have differing
3959 * memory attributes.
3961 p = TAILQ_NEXT(p, listq);
3962 for (pa = ptepa + PAGE_SIZE; pa < ptepa + size;
3964 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3965 ("pmap_object_init_pt: invalid page %p", p));
3966 if (pa != VM_PAGE_TO_PHYS(p) ||
3967 ma != p->md.mdpg_cache_attrs)
3969 p = TAILQ_NEXT(p, listq);
3973 for (pa = ptepa | pmap_cache_bits(ma);
3974 pa < ptepa + size; pa += L3_PAGE_SIZE) {
3975 pdpg = pmap_allocl3e(pmap, addr, NULL);
3978 * The creation of mappings below is only an
3979 * optimization. If a page directory page
3980 * cannot be allocated without blocking,
3981 * continue on to the next mapping rather than
3984 addr += L3_PAGE_SIZE;
3987 l3e = (pml3_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(pdpg));
3988 l3e = &l3e[pmap_pml3e_index(addr)];
3989 if ((*l3e & PG_V) == 0) {
3990 pa |= PG_M | PG_A | PG_RW;
3992 pmap_resident_count_inc(pmap, L3_PAGE_SIZE / PAGE_SIZE);
3993 atomic_add_long(&pmap_l3e_mappings, 1);
3995 /* Continue on if the PDE is already valid. */
3997 KASSERT(pdpg->ref_count > 0,
3998 ("pmap_object_init_pt: missing reference "
3999 "to page directory page, va: 0x%lx", addr));
4001 addr += L3_PAGE_SIZE;
4009 mmu_radix_page_exists_quick(pmap_t pmap, vm_page_t m)
4011 struct md_page *pvh;
4012 struct rwlock *lock;
4017 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4018 ("pmap_page_exists_quick: page %p is not managed", m));
4019 CTR3(KTR_PMAP, "%s(%p, %p)", __func__, pmap, m);
4021 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4023 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
4024 if (PV_PMAP(pv) == pmap) {
4032 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4033 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4034 TAILQ_FOREACH(pv, &pvh->pv_list, pv_link) {
4035 if (PV_PMAP(pv) == pmap) {
4049 mmu_radix_page_init(vm_page_t m)
4052 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
4053 TAILQ_INIT(&m->md.pv_list);
4054 m->md.mdpg_cache_attrs = VM_MEMATTR_DEFAULT;
4058 mmu_radix_page_wired_mappings(vm_page_t m)
4060 struct rwlock *lock;
4061 struct md_page *pvh;
4065 int count, md_gen, pvh_gen;
4067 if ((m->oflags & VPO_UNMANAGED) != 0)
4069 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
4070 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4074 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
4076 if (!PMAP_TRYLOCK(pmap)) {
4077 md_gen = m->md.pv_gen;
4081 if (md_gen != m->md.pv_gen) {
4086 pte = pmap_pte(pmap, pv->pv_va);
4087 if ((*pte & PG_W) != 0)
4091 if ((m->flags & PG_FICTITIOUS) == 0) {
4092 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4093 TAILQ_FOREACH(pv, &pvh->pv_list, pv_link) {
4095 if (!PMAP_TRYLOCK(pmap)) {
4096 md_gen = m->md.pv_gen;
4097 pvh_gen = pvh->pv_gen;
4101 if (md_gen != m->md.pv_gen ||
4102 pvh_gen != pvh->pv_gen) {
4107 pte = pmap_pml3e(pmap, pv->pv_va);
4108 if ((*pte & PG_W) != 0)
4118 mmu_radix_update_proctab(int pid, pml1_entry_t l1pa)
4120 isa3_proctab[pid].proctab0 = htobe64(RTS_SIZE | l1pa | RADIX_PGD_INDEX_SHIFT);
4124 mmu_radix_pinit(pmap_t pmap)
4129 CTR2(KTR_PMAP, "%s(%p)", __func__, pmap);
4132 * allocate the page directory page
4134 pmap->pm_pml1 = uma_zalloc(zone_radix_pgd, M_WAITOK);
4136 for (int j = 0; j < RADIX_PGD_SIZE_SHIFT; j++)
4137 pagezero((vm_offset_t)pmap->pm_pml1 + j * PAGE_SIZE);
4138 pmap->pm_radix.rt_root = 0;
4139 TAILQ_INIT(&pmap->pm_pvchunk);
4140 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
4141 pmap->pm_flags = PMAP_PDE_SUPERPAGE;
4142 vmem_alloc(asid_arena, 1, M_FIRSTFIT|M_WAITOK, &pid);
4145 l1pa = DMAP_TO_PHYS((vm_offset_t)pmap->pm_pml1);
4146 mmu_radix_update_proctab(pid, l1pa);
4147 __asm __volatile("ptesync;isync" : : : "memory");
4153 * This routine is called if the desired page table page does not exist.
4155 * If page table page allocation fails, this routine may sleep before
4156 * returning NULL. It sleeps only if a lock pointer was given.
4158 * Note: If a page allocation fails at page table level two or three,
4159 * one or two pages may be held during the wait, only to be released
4160 * afterwards. This conservative approach is easily argued to avoid
4164 _pmap_allocpte(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
4166 vm_page_t m, pdppg, pdpg;
4168 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4171 * Allocate a page table page.
4173 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
4174 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
4175 if (lockp != NULL) {
4176 RELEASE_PV_LIST_LOCK(lockp);
4182 * Indicate the need to retry. While waiting, the page table
4183 * page may have been allocated.
4187 if ((m->flags & PG_ZERO) == 0)
4188 mmu_radix_zero_page(m);
4191 * Map the pagetable page into the process address space, if
4192 * it isn't already there.
4195 if (ptepindex >= (NUPDE + NUPDPE)) {
4197 vm_pindex_t pml1index;
4199 /* Wire up a new PDPE page */
4200 pml1index = ptepindex - (NUPDE + NUPDPE);
4201 l1e = &pmap->pm_pml1[pml1index];
4202 pde_store(l1e, VM_PAGE_TO_PHYS(m));
4204 } else if (ptepindex >= NUPDE) {
4205 vm_pindex_t pml1index;
4206 vm_pindex_t pdpindex;
4210 /* Wire up a new l2e page */
4211 pdpindex = ptepindex - NUPDE;
4212 pml1index = pdpindex >> RPTE_SHIFT;
4214 l1e = &pmap->pm_pml1[pml1index];
4215 if ((*l1e & PG_V) == 0) {
4216 /* Have to allocate a new pdp, recurse */
4217 if (_pmap_allocpte(pmap, NUPDE + NUPDPE + pml1index,
4219 vm_page_unwire_noq(m);
4220 vm_page_free_zero(m);
4224 /* Add reference to l2e page */
4225 pdppg = PHYS_TO_VM_PAGE(*l1e & PG_FRAME);
4228 l2e = (pml2_entry_t *)PHYS_TO_DMAP(*l1e & PG_FRAME);
4230 /* Now find the pdp page */
4231 l2e = &l2e[pdpindex & RPTE_MASK];
4232 pde_store(l2e, VM_PAGE_TO_PHYS(m));
4235 vm_pindex_t pml1index;
4236 vm_pindex_t pdpindex;
4241 /* Wire up a new PTE page */
4242 pdpindex = ptepindex >> RPTE_SHIFT;
4243 pml1index = pdpindex >> RPTE_SHIFT;
4245 /* First, find the pdp and check that its valid. */
4246 l1e = &pmap->pm_pml1[pml1index];
4247 if ((*l1e & PG_V) == 0) {
4248 /* Have to allocate a new pd, recurse */
4249 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
4251 vm_page_unwire_noq(m);
4252 vm_page_free_zero(m);
4255 l2e = (pml2_entry_t *)PHYS_TO_DMAP(*l1e & PG_FRAME);
4256 l2e = &l2e[pdpindex & RPTE_MASK];
4258 l2e = (pml2_entry_t *)PHYS_TO_DMAP(*l1e & PG_FRAME);
4259 l2e = &l2e[pdpindex & RPTE_MASK];
4260 if ((*l2e & PG_V) == 0) {
4261 /* Have to allocate a new pd, recurse */
4262 if (_pmap_allocpte(pmap, NUPDE + pdpindex,
4264 vm_page_unwire_noq(m);
4265 vm_page_free_zero(m);
4269 /* Add reference to the pd page */
4270 pdpg = PHYS_TO_VM_PAGE(*l2e & PG_FRAME);
4274 l3e = (pml3_entry_t *)PHYS_TO_DMAP(*l2e & PG_FRAME);
4276 /* Now we know where the page directory page is */
4277 l3e = &l3e[ptepindex & RPTE_MASK];
4278 pde_store(l3e, VM_PAGE_TO_PHYS(m));
4281 pmap_resident_count_inc(pmap, 1);
4285 pmap_allocl3e(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
4287 vm_pindex_t pdpindex, ptepindex;
4292 pdpe = pmap_pml2e(pmap, va);
4293 if (pdpe != NULL && (*pdpe & PG_V) != 0) {
4294 /* Add a reference to the pd page. */
4295 pdpg = PHYS_TO_VM_PAGE(*pdpe & PG_FRAME);
4298 /* Allocate a pd page. */
4299 ptepindex = pmap_l3e_pindex(va);
4300 pdpindex = ptepindex >> RPTE_SHIFT;
4301 pdpg = _pmap_allocpte(pmap, NUPDE + pdpindex, lockp);
4302 if (pdpg == NULL && lockp != NULL)
4309 pmap_allocpte(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
4311 vm_pindex_t ptepindex;
4316 * Calculate pagetable page index
4318 ptepindex = pmap_l3e_pindex(va);
4321 * Get the page directory entry
4323 pd = pmap_pml3e(pmap, va);
4326 * This supports switching from a 2MB page to a
4329 if (pd != NULL && (*pd & (RPTE_LEAF | PG_V)) == (RPTE_LEAF | PG_V)) {
4330 if (!pmap_demote_l3e_locked(pmap, pd, va, lockp)) {
4332 * Invalidation of the 2MB page mapping may have caused
4333 * the deallocation of the underlying PD page.
4340 * If the page table page is mapped, we just increment the
4341 * hold count, and activate it.
4343 if (pd != NULL && (*pd & PG_V) != 0) {
4344 m = PHYS_TO_VM_PAGE(*pd & PG_FRAME);
4348 * Here if the pte page isn't mapped, or if it has been
4351 m = _pmap_allocpte(pmap, ptepindex, lockp);
4352 if (m == NULL && lockp != NULL)
4359 mmu_radix_pinit0(pmap_t pmap)
4362 CTR2(KTR_PMAP, "%s(%p)", __func__, pmap);
4363 PMAP_LOCK_INIT(pmap);
4364 pmap->pm_pml1 = kernel_pmap->pm_pml1;
4365 pmap->pm_pid = kernel_pmap->pm_pid;
4367 pmap->pm_radix.rt_root = 0;
4368 TAILQ_INIT(&pmap->pm_pvchunk);
4369 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
4370 kernel_pmap->pm_flags =
4371 pmap->pm_flags = PMAP_PDE_SUPERPAGE;
4374 * pmap_protect_l3e: do the things to protect a 2mpage in a process
4377 pmap_protect_l3e(pmap_t pmap, pt_entry_t *l3e, vm_offset_t sva, vm_prot_t prot)
4379 pt_entry_t newpde, oldpde;
4380 vm_offset_t eva, va;
4382 boolean_t anychanged;
4384 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4385 KASSERT((sva & L3_PAGE_MASK) == 0,
4386 ("pmap_protect_l3e: sva is not 2mpage aligned"));
4389 oldpde = newpde = *l3e;
4390 if ((oldpde & (PG_MANAGED | PG_M | PG_RW)) ==
4391 (PG_MANAGED | PG_M | PG_RW)) {
4392 eva = sva + L3_PAGE_SIZE;
4393 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
4394 va < eva; va += PAGE_SIZE, m++)
4397 if ((prot & VM_PROT_WRITE) == 0) {
4398 newpde &= ~(PG_RW | PG_M);
4399 newpde |= RPTE_EAA_R;
4401 if (prot & VM_PROT_EXECUTE)
4403 if (newpde != oldpde) {
4405 * As an optimization to future operations on this PDE, clear
4406 * PG_PROMOTED. The impending invalidation will remove any
4407 * lingering 4KB page mappings from the TLB.
4409 if (!atomic_cmpset_long(l3e, oldpde, newpde & ~PG_PROMOTED))
4413 return (anychanged);
4417 mmu_radix_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
4420 vm_offset_t va_next;
4423 pml3_entry_t ptpaddr, *l3e;
4425 boolean_t anychanged;
4427 CTR5(KTR_PMAP, "%s(%p, %#x, %#x, %#x)", __func__, pmap, sva, eva,
4430 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
4431 if (prot == VM_PROT_NONE) {
4432 mmu_radix_remove(pmap, sva, eva);
4436 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
4437 (VM_PROT_WRITE|VM_PROT_EXECUTE))
4441 if (VERBOSE_PROTECT || pmap_logging)
4442 printf("pmap_protect(%p, %#lx, %#lx, %x) - asid: %lu\n",
4443 pmap, sva, eva, prot, pmap->pm_pid);
4448 for (; sva < eva; sva = va_next) {
4449 l1e = pmap_pml1e(pmap, sva);
4450 if ((*l1e & PG_V) == 0) {
4451 va_next = (sva + L1_PAGE_SIZE) & ~L1_PAGE_MASK;
4457 l2e = pmap_l1e_to_l2e(l1e, sva);
4458 if ((*l2e & PG_V) == 0) {
4459 va_next = (sva + L2_PAGE_SIZE) & ~L2_PAGE_MASK;
4465 va_next = (sva + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
4469 l3e = pmap_l2e_to_l3e(l2e, sva);
4473 * Weed out invalid mappings.
4479 * Check for large page.
4481 if ((ptpaddr & RPTE_LEAF) != 0) {
4483 * Are we protecting the entire large page? If not,
4484 * demote the mapping and fall through.
4486 if (sva + L3_PAGE_SIZE == va_next && eva >= va_next) {
4487 if (pmap_protect_l3e(pmap, l3e, sva, prot))
4490 } else if (!pmap_demote_l3e(pmap, l3e, sva)) {
4492 * The large page mapping was destroyed.
4501 for (pte = pmap_l3e_to_pte(l3e, sva); sva != va_next; pte++,
4503 pt_entry_t obits, pbits;
4507 MPASS(pte == pmap_pte(pmap, sva));
4508 obits = pbits = *pte;
4509 if ((pbits & PG_V) == 0)
4512 if ((prot & VM_PROT_WRITE) == 0) {
4513 if ((pbits & (PG_MANAGED | PG_M | PG_RW)) ==
4514 (PG_MANAGED | PG_M | PG_RW)) {
4515 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
4518 pbits &= ~(PG_RW | PG_M);
4519 pbits |= RPTE_EAA_R;
4521 if (prot & VM_PROT_EXECUTE)
4524 if (pbits != obits) {
4525 if (!atomic_cmpset_long(pte, obits, pbits))
4527 if (obits & (PG_A|PG_M)) {
4530 if (VERBOSE_PROTECT || pmap_logging)
4531 printf("%#lx %#lx -> %#lx\n",
4539 pmap_invalidate_all(pmap);
4544 mmu_radix_qenter(vm_offset_t sva, vm_page_t *ma, int count)
4547 CTR4(KTR_PMAP, "%s(%#x, %p, %d)", __func__, sva, ma, count);
4548 pt_entry_t oldpte, pa, *pte;
4550 uint64_t cache_bits, attr_bits;
4554 attr_bits = RPTE_EAA_R | RPTE_EAA_W | RPTE_EAA_P | PG_M | PG_A;
4557 while (va < sva + PAGE_SIZE * count) {
4558 if (__predict_false((va & L3_PAGE_MASK) == 0))
4560 MPASS(pte == pmap_pte(kernel_pmap, va));
4563 * XXX there has to be a more efficient way than traversing
4564 * the page table every time - but go for correctness for
4569 cache_bits = pmap_cache_bits(m->md.mdpg_cache_attrs);
4570 pa = VM_PAGE_TO_PHYS(m) | cache_bits | attr_bits;
4578 if (__predict_false((oldpte & RPTE_VALID) != 0))
4579 pmap_invalidate_range(kernel_pmap, sva, sva + count *
4586 mmu_radix_qremove(vm_offset_t sva, int count)
4591 CTR3(KTR_PMAP, "%s(%#x, %d)", __func__, sva, count);
4592 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode or dmap va %lx", sva));
4596 while (va < sva + PAGE_SIZE * count) {
4597 if (__predict_false((va & L3_PAGE_MASK) == 0))
4603 pmap_invalidate_range(kernel_pmap, sva, va);
4606 /***************************************************
4607 * Page table page management routines.....
4608 ***************************************************/
4610 * Schedule the specified unused page table page to be freed. Specifically,
4611 * add the page to the specified list of pages that will be released to the
4612 * physical memory manager after the TLB has been updated.
4614 static __inline void
4615 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
4616 boolean_t set_PG_ZERO)
4620 m->flags |= PG_ZERO;
4622 m->flags &= ~PG_ZERO;
4623 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
4627 * Inserts the specified page table page into the specified pmap's collection
4628 * of idle page table pages. Each of a pmap's page table pages is responsible
4629 * for mapping a distinct range of virtual addresses. The pmap's collection is
4630 * ordered by this virtual address range.
4633 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte)
4636 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4637 return (vm_radix_insert(&pmap->pm_radix, mpte));
4641 * Removes the page table page mapping the specified virtual address from the
4642 * specified pmap's collection of idle page table pages, and returns it.
4643 * Otherwise, returns NULL if there is no page table page corresponding to the
4644 * specified virtual address.
4646 static __inline vm_page_t
4647 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
4650 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4651 return (vm_radix_remove(&pmap->pm_radix, pmap_l3e_pindex(va)));
4655 * Decrements a page table page's wire count, which is used to record the
4656 * number of valid page table entries within the page. If the wire count
4657 * drops to zero, then the page table page is unmapped. Returns TRUE if the
4658 * page table page was unmapped and FALSE otherwise.
4660 static inline boolean_t
4661 pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
4665 if (m->ref_count == 0) {
4666 _pmap_unwire_ptp(pmap, va, m, free);
4673 _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
4676 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4678 * unmap the page table page
4680 if (m->pindex >= (NUPDE + NUPDPE)) {
4683 pml1 = pmap_pml1e(pmap, va);
4685 } else if (m->pindex >= NUPDE) {
4688 l2e = pmap_pml2e(pmap, va);
4693 l3e = pmap_pml3e(pmap, va);
4696 pmap_resident_count_dec(pmap, 1);
4697 if (m->pindex < NUPDE) {
4698 /* We just released a PT, unhold the matching PD */
4701 pdpg = PHYS_TO_VM_PAGE(*pmap_pml2e(pmap, va) & PG_FRAME);
4702 pmap_unwire_ptp(pmap, va, pdpg, free);
4704 if (m->pindex >= NUPDE && m->pindex < (NUPDE + NUPDPE)) {
4705 /* We just released a PD, unhold the matching PDP */
4708 pdppg = PHYS_TO_VM_PAGE(*pmap_pml1e(pmap, va) & PG_FRAME);
4709 pmap_unwire_ptp(pmap, va, pdppg, free);
4713 * Put page on a list so that it is released after
4714 * *ALL* TLB shootdown is done
4716 pmap_add_delayed_free_list(m, free, TRUE);
4720 * After removing a page table entry, this routine is used to
4721 * conditionally free the page, and manage the hold/wire counts.
4724 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pml3_entry_t ptepde,
4725 struct spglist *free)
4729 if (va >= VM_MAXUSER_ADDRESS)
4731 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
4732 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
4733 return (pmap_unwire_ptp(pmap, va, mpte, free));
4737 mmu_radix_release(pmap_t pmap)
4740 CTR2(KTR_PMAP, "%s(%p)", __func__, pmap);
4741 KASSERT(pmap->pm_stats.resident_count == 0,
4742 ("pmap_release: pmap resident count %ld != 0",
4743 pmap->pm_stats.resident_count));
4744 KASSERT(vm_radix_is_empty(&pmap->pm_radix),
4745 ("pmap_release: pmap has reserved page table page(s)"));
4747 pmap_invalidate_all(pmap);
4748 isa3_proctab[pmap->pm_pid].proctab0 = 0;
4749 uma_zfree(zone_radix_pgd, pmap->pm_pml1);
4750 vmem_free(asid_arena, pmap->pm_pid, 1);
4754 * Create the PV entry for a 2MB page mapping. Always returns true unless the
4755 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
4756 * false if the PV entry cannot be allocated without resorting to reclamation.
4759 pmap_pv_insert_l3e(pmap_t pmap, vm_offset_t va, pml3_entry_t pde, u_int flags,
4760 struct rwlock **lockp)
4762 struct md_page *pvh;
4766 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4767 /* Pass NULL instead of the lock pointer to disable reclamation. */
4768 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
4769 NULL : lockp)) == NULL)
4772 pa = pde & PG_PS_FRAME;
4773 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
4774 pvh = pa_to_pvh(pa);
4775 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_link);
4781 * Fills a page table page with mappings to consecutive physical pages.
4784 pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte)
4788 for (pte = firstpte; pte < firstpte + NPTEPG; pte++) {
4790 newpte += PAGE_SIZE;
4795 pmap_demote_l3e(pmap_t pmap, pml3_entry_t *pde, vm_offset_t va)
4797 struct rwlock *lock;
4801 rv = pmap_demote_l3e_locked(pmap, pde, va, &lock);
4808 pmap_demote_l3e_locked(pmap_t pmap, pml3_entry_t *l3e, vm_offset_t va,
4809 struct rwlock **lockp)
4811 pml3_entry_t oldpde;
4812 pt_entry_t *firstpte;
4815 struct spglist free;
4818 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4820 KASSERT((oldpde & (RPTE_LEAF | PG_V)) == (RPTE_LEAF | PG_V),
4821 ("pmap_demote_l3e: oldpde is missing RPTE_LEAF and/or PG_V %lx",
4823 if ((oldpde & PG_A) == 0 || (mpte = pmap_remove_pt_page(pmap, va)) ==
4825 KASSERT((oldpde & PG_W) == 0,
4826 ("pmap_demote_l3e: page table page for a wired mapping"
4830 * Invalidate the 2MB page mapping and return "failure" if the
4831 * mapping was never accessed or the allocation of the new
4832 * page table page fails. If the 2MB page mapping belongs to
4833 * the direct map region of the kernel's address space, then
4834 * the page allocation request specifies the highest possible
4835 * priority (VM_ALLOC_INTERRUPT). Otherwise, the priority is
4836 * normal. Page table pages are preallocated for every other
4837 * part of the kernel address space, so the direct map region
4838 * is the only part of the kernel address space that must be
4841 if ((oldpde & PG_A) == 0 || (mpte = vm_page_alloc(NULL,
4842 pmap_l3e_pindex(va), (va >= DMAP_MIN_ADDRESS && va <
4843 DMAP_MAX_ADDRESS ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
4844 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
4846 sva = trunc_2mpage(va);
4847 pmap_remove_l3e(pmap, l3e, sva, &free, lockp);
4848 pmap_invalidate_l3e_page(pmap, sva, oldpde);
4849 vm_page_free_pages_toq(&free, true);
4850 CTR2(KTR_PMAP, "pmap_demote_l3e: failure for va %#lx"
4851 " in pmap %p", va, pmap);
4854 if (va < VM_MAXUSER_ADDRESS)
4855 pmap_resident_count_inc(pmap, 1);
4857 mptepa = VM_PAGE_TO_PHYS(mpte);
4858 firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa);
4859 KASSERT((oldpde & PG_A) != 0,
4860 ("pmap_demote_l3e: oldpde is missing PG_A"));
4861 KASSERT((oldpde & (PG_M | PG_RW)) != PG_RW,
4862 ("pmap_demote_l3e: oldpde is missing PG_M"));
4865 * If the page table page is new, initialize it.
4867 if (mpte->ref_count == 1) {
4868 mpte->ref_count = NPTEPG;
4869 pmap_fill_ptp(firstpte, oldpde);
4872 KASSERT((*firstpte & PG_FRAME) == (oldpde & PG_FRAME),
4873 ("pmap_demote_l3e: firstpte and newpte map different physical"
4877 * If the mapping has changed attributes, update the page table
4880 if ((*firstpte & PG_PTE_PROMOTE) != (oldpde & PG_PTE_PROMOTE))
4881 pmap_fill_ptp(firstpte, oldpde);
4884 * The spare PV entries must be reserved prior to demoting the
4885 * mapping, that is, prior to changing the PDE. Otherwise, the state
4886 * of the PDE and the PV lists will be inconsistent, which can result
4887 * in reclaim_pv_chunk() attempting to remove a PV entry from the
4888 * wrong PV list and pmap_pv_demote_l3e() failing to find the expected
4889 * PV entry for the 2MB page mapping that is being demoted.
4891 if ((oldpde & PG_MANAGED) != 0)
4892 reserve_pv_entries(pmap, NPTEPG - 1, lockp);
4895 * Demote the mapping. This pmap is locked. The old PDE has
4896 * PG_A set. If the old PDE has PG_RW set, it also has PG_M
4897 * set. Thus, there is no danger of a race with another
4898 * processor changing the setting of PG_A and/or PG_M between
4899 * the read above and the store below.
4901 pde_store(l3e, mptepa);
4904 * Demote the PV entry.
4906 if ((oldpde & PG_MANAGED) != 0)
4907 pmap_pv_demote_l3e(pmap, va, oldpde & PG_PS_FRAME, lockp);
4909 atomic_add_long(&pmap_l3e_demotions, 1);
4910 CTR2(KTR_PMAP, "pmap_demote_l3e: success for va %#lx"
4911 " in pmap %p", va, pmap);
4916 * pmap_remove_kernel_pde: Remove a kernel superpage mapping.
4919 pmap_remove_kernel_l3e(pmap_t pmap, pml3_entry_t *l3e, vm_offset_t va)
4924 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
4925 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4926 mpte = pmap_remove_pt_page(pmap, va);
4928 panic("pmap_remove_kernel_pde: Missing pt page.");
4930 mptepa = VM_PAGE_TO_PHYS(mpte);
4933 * Initialize the page table page.
4935 pagezero(PHYS_TO_DMAP(mptepa));
4938 * Demote the mapping.
4940 pde_store(l3e, mptepa);
4945 * pmap_remove_l3e: do the things to unmap a superpage in a process
4948 pmap_remove_l3e(pmap_t pmap, pml3_entry_t *pdq, vm_offset_t sva,
4949 struct spglist *free, struct rwlock **lockp)
4951 struct md_page *pvh;
4952 pml3_entry_t oldpde;
4953 vm_offset_t eva, va;
4956 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
4957 KASSERT((sva & L3_PAGE_MASK) == 0,
4958 ("pmap_remove_l3e: sva is not 2mpage aligned"));
4959 oldpde = pte_load_clear(pdq);
4961 pmap->pm_stats.wired_count -= (L3_PAGE_SIZE / PAGE_SIZE);
4962 pmap_resident_count_dec(pmap, L3_PAGE_SIZE / PAGE_SIZE);
4963 if (oldpde & PG_MANAGED) {
4964 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, oldpde & PG_PS_FRAME);
4965 pvh = pa_to_pvh(oldpde & PG_PS_FRAME);
4966 pmap_pvh_free(pvh, pmap, sva);
4967 eva = sva + L3_PAGE_SIZE;
4968 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
4969 va < eva; va += PAGE_SIZE, m++) {
4970 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
4973 vm_page_aflag_set(m, PGA_REFERENCED);
4974 if (TAILQ_EMPTY(&m->md.pv_list) &&
4975 TAILQ_EMPTY(&pvh->pv_list))
4976 vm_page_aflag_clear(m, PGA_WRITEABLE);
4979 if (pmap == kernel_pmap) {
4980 pmap_remove_kernel_l3e(pmap, pdq, sva);
4982 mpte = pmap_remove_pt_page(pmap, sva);
4984 pmap_resident_count_dec(pmap, 1);
4985 KASSERT(mpte->ref_count == NPTEPG,
4986 ("pmap_remove_l3e: pte page wire count error"));
4987 mpte->ref_count = 0;
4988 pmap_add_delayed_free_list(mpte, free, FALSE);
4991 return (pmap_unuse_pt(pmap, sva, *pmap_pml2e(pmap, sva), free));
4995 * pmap_remove_pte: do the things to unmap a page in a process
4998 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va,
4999 pml3_entry_t ptepde, struct spglist *free, struct rwlock **lockp)
5001 struct md_page *pvh;
5005 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5006 oldpte = pte_load_clear(ptq);
5007 if (oldpte & RPTE_WIRED)
5008 pmap->pm_stats.wired_count -= 1;
5009 pmap_resident_count_dec(pmap, 1);
5010 if (oldpte & RPTE_MANAGED) {
5011 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
5012 if ((oldpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5015 vm_page_aflag_set(m, PGA_REFERENCED);
5016 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
5017 pmap_pvh_free(&m->md, pmap, va);
5018 if (TAILQ_EMPTY(&m->md.pv_list) &&
5019 (m->flags & PG_FICTITIOUS) == 0) {
5020 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
5021 if (TAILQ_EMPTY(&pvh->pv_list))
5022 vm_page_aflag_clear(m, PGA_WRITEABLE);
5025 return (pmap_unuse_pt(pmap, va, ptepde, free));
5029 * Remove a single page from a process address space
5032 pmap_remove_page(pmap_t pmap, vm_offset_t va, pml3_entry_t *l3e,
5033 struct spglist *free)
5035 struct rwlock *lock;
5037 bool invalidate_all;
5039 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5040 if ((*l3e & RPTE_VALID) == 0) {
5043 pte = pmap_l3e_to_pte(l3e, va);
5044 if ((*pte & RPTE_VALID) == 0) {
5049 invalidate_all = pmap_remove_pte(pmap, pte, va, *l3e, free, &lock);
5052 if (!invalidate_all)
5053 pmap_invalidate_page(pmap, va);
5054 return (invalidate_all);
5058 * Removes the specified range of addresses from the page table page.
5061 pmap_remove_ptes(pmap_t pmap, vm_offset_t sva, vm_offset_t eva,
5062 pml3_entry_t *l3e, struct spglist *free, struct rwlock **lockp)
5068 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5071 for (pte = pmap_l3e_to_pte(l3e, sva); sva != eva; pte++,
5073 MPASS(pte == pmap_pte(pmap, sva));
5083 if (pmap_remove_pte(pmap, pte, sva, *l3e, free, lockp)) {
5090 pmap_invalidate_all(pmap);
5092 pmap_invalidate_range(pmap, va, sva);
5097 mmu_radix_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
5099 struct rwlock *lock;
5100 vm_offset_t va_next;
5103 pml3_entry_t ptpaddr, *l3e;
5104 struct spglist free;
5107 CTR4(KTR_PMAP, "%s(%p, %#x, %#x)", __func__, pmap, sva, eva);
5110 * Perform an unsynchronized read. This is, however, safe.
5112 if (pmap->pm_stats.resident_count == 0)
5118 /* XXX something fishy here */
5119 sva = (sva + PAGE_MASK) & ~PAGE_MASK;
5120 eva = (eva + PAGE_MASK) & ~PAGE_MASK;
5125 * special handling of removing one page. a very
5126 * common operation and easy to short circuit some
5129 if (sva + PAGE_SIZE == eva) {
5130 l3e = pmap_pml3e(pmap, sva);
5131 if (l3e && (*l3e & RPTE_LEAF) == 0) {
5132 anyvalid = pmap_remove_page(pmap, sva, l3e, &free);
5138 for (; sva < eva; sva = va_next) {
5139 if (pmap->pm_stats.resident_count == 0)
5141 l1e = pmap_pml1e(pmap, sva);
5142 if (l1e == NULL || (*l1e & PG_V) == 0) {
5143 va_next = (sva + L1_PAGE_SIZE) & ~L1_PAGE_MASK;
5149 l2e = pmap_l1e_to_l2e(l1e, sva);
5150 if (l2e == NULL || (*l2e & PG_V) == 0) {
5151 va_next = (sva + L2_PAGE_SIZE) & ~L2_PAGE_MASK;
5158 * Calculate index for next page table.
5160 va_next = (sva + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
5164 l3e = pmap_l2e_to_l3e(l2e, sva);
5168 * Weed out invalid mappings.
5174 * Check for large page.
5176 if ((ptpaddr & RPTE_LEAF) != 0) {
5178 * Are we removing the entire large page? If not,
5179 * demote the mapping and fall through.
5181 if (sva + L3_PAGE_SIZE == va_next && eva >= va_next) {
5182 pmap_remove_l3e(pmap, l3e, sva, &free, &lock);
5184 } else if (!pmap_demote_l3e_locked(pmap, l3e, sva,
5186 /* The large page mapping was destroyed. */
5193 * Limit our scan to either the end of the va represented
5194 * by the current page table page, or to the end of the
5195 * range being removed.
5200 if (pmap_remove_ptes(pmap, sva, va_next, l3e, &free, &lock))
5207 pmap_invalidate_all(pmap);
5209 vm_page_free_pages_toq(&free, true);
5213 mmu_radix_remove_all(vm_page_t m)
5215 struct md_page *pvh;
5218 struct rwlock *lock;
5219 pt_entry_t *pte, tpte;
5222 struct spglist free;
5223 int pvh_gen, md_gen;
5225 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
5226 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5227 ("pmap_remove_all: page %p is not managed", m));
5229 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5230 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
5231 pa_to_pvh(VM_PAGE_TO_PHYS(m));
5234 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
5236 if (!PMAP_TRYLOCK(pmap)) {
5237 pvh_gen = pvh->pv_gen;
5241 if (pvh_gen != pvh->pv_gen) {
5248 l3e = pmap_pml3e(pmap, va);
5249 (void)pmap_demote_l3e_locked(pmap, l3e, va, &lock);
5252 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
5254 if (!PMAP_TRYLOCK(pmap)) {
5255 pvh_gen = pvh->pv_gen;
5256 md_gen = m->md.pv_gen;
5260 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5266 pmap_resident_count_dec(pmap, 1);
5267 l3e = pmap_pml3e(pmap, pv->pv_va);
5268 KASSERT((*l3e & RPTE_LEAF) == 0, ("pmap_remove_all: found"
5269 " a 2mpage in page %p's pv list", m));
5270 pte = pmap_l3e_to_pte(l3e, pv->pv_va);
5271 tpte = pte_load_clear(pte);
5273 pmap->pm_stats.wired_count--;
5275 vm_page_aflag_set(m, PGA_REFERENCED);
5278 * Update the vm_page_t clean and reference bits.
5280 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5282 pmap_unuse_pt(pmap, pv->pv_va, *l3e, &free);
5283 pmap_invalidate_page(pmap, pv->pv_va);
5284 TAILQ_REMOVE(&m->md.pv_list, pv, pv_link);
5286 free_pv_entry(pmap, pv);
5289 vm_page_aflag_clear(m, PGA_WRITEABLE);
5291 vm_page_free_pages_toq(&free, true);
5295 * Destroy all managed, non-wired mappings in the given user-space
5296 * pmap. This pmap cannot be active on any processor besides the
5299 * This function cannot be applied to the kernel pmap. Moreover, it
5300 * is not intended for general use. It is only to be used during
5301 * process termination. Consequently, it can be implemented in ways
5302 * that make it faster than pmap_remove(). First, it can more quickly
5303 * destroy mappings by iterating over the pmap's collection of PV
5304 * entries, rather than searching the page table. Second, it doesn't
5305 * have to test and clear the page table entries atomically, because
5306 * no processor is currently accessing the user address space. In
5307 * particular, a page table entry's dirty bit won't change state once
5308 * this function starts.
5310 * Although this function destroys all of the pmap's managed,
5311 * non-wired mappings, it can delay and batch the invalidation of TLB
5312 * entries without calling pmap_delayed_invl_started() and
5313 * pmap_delayed_invl_finished(). Because the pmap is not active on
5314 * any other processor, none of these TLB entries will ever be used
5315 * before their eventual invalidation. Consequently, there is no need
5316 * for either pmap_remove_all() or pmap_remove_write() to wait for
5317 * that eventual TLB invalidation.
5321 mmu_radix_remove_pages(pmap_t pmap)
5324 CTR2(KTR_PMAP, "%s(%p)", __func__, pmap);
5325 pml3_entry_t ptel3e;
5326 pt_entry_t *pte, tpte;
5327 struct spglist free;
5328 vm_page_t m, mpte, mt;
5330 struct md_page *pvh;
5331 struct pv_chunk *pc, *npc;
5332 struct rwlock *lock;
5334 uint64_t inuse, bitmask;
5335 int allfree, field, freed, idx;
5336 boolean_t superpage;
5340 * Assert that the given pmap is only active on the current
5341 * CPU. Unfortunately, we cannot block another CPU from
5342 * activating the pmap while this function is executing.
5344 KASSERT(pmap->pm_pid == mfspr(SPR_PID),
5345 ("non-current asid %lu - expected %lu", pmap->pm_pid,
5352 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
5355 for (field = 0; field < _NPCM; field++) {
5356 inuse = ~pc->pc_map[field] & pc_freemask[field];
5357 while (inuse != 0) {
5358 bit = cnttzd(inuse);
5359 bitmask = 1UL << bit;
5360 idx = field * 64 + bit;
5361 pv = &pc->pc_pventry[idx];
5364 pte = pmap_pml2e(pmap, pv->pv_va);
5366 pte = pmap_l2e_to_l3e(pte, pv->pv_va);
5368 if ((tpte & (RPTE_LEAF | PG_V)) == PG_V) {
5371 pte = (pt_entry_t *)PHYS_TO_DMAP(tpte &
5373 pte = &pte[pmap_pte_index(pv->pv_va)];
5377 * Keep track whether 'tpte' is a
5378 * superpage explicitly instead of
5379 * relying on RPTE_LEAF being set.
5381 * This is because RPTE_LEAF is numerically
5382 * identical to PG_PTE_PAT and thus a
5383 * regular page could be mistaken for
5389 if ((tpte & PG_V) == 0) {
5390 panic("bad pte va %lx pte %lx",
5395 * We cannot remove wired pages from a process' mapping at this time
5403 pa = tpte & PG_PS_FRAME;
5405 pa = tpte & PG_FRAME;
5407 m = PHYS_TO_VM_PAGE(pa);
5408 KASSERT(m->phys_addr == pa,
5409 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
5410 m, (uintmax_t)m->phys_addr,
5413 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
5414 m < &vm_page_array[vm_page_array_size],
5415 ("pmap_remove_pages: bad tpte %#jx",
5421 * Update the vm_page_t clean/reference bits.
5423 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
5425 for (mt = m; mt < &m[L3_PAGE_SIZE / PAGE_SIZE]; mt++)
5431 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
5434 pc->pc_map[field] |= bitmask;
5436 pmap_resident_count_dec(pmap, L3_PAGE_SIZE / PAGE_SIZE);
5437 pvh = pa_to_pvh(tpte & PG_PS_FRAME);
5438 TAILQ_REMOVE(&pvh->pv_list, pv, pv_link);
5440 if (TAILQ_EMPTY(&pvh->pv_list)) {
5441 for (mt = m; mt < &m[L3_PAGE_SIZE / PAGE_SIZE]; mt++)
5442 if ((mt->a.flags & PGA_WRITEABLE) != 0 &&
5443 TAILQ_EMPTY(&mt->md.pv_list))
5444 vm_page_aflag_clear(mt, PGA_WRITEABLE);
5446 mpte = pmap_remove_pt_page(pmap, pv->pv_va);
5448 pmap_resident_count_dec(pmap, 1);
5449 KASSERT(mpte->ref_count == NPTEPG,
5450 ("pmap_remove_pages: pte page wire count error"));
5451 mpte->ref_count = 0;
5452 pmap_add_delayed_free_list(mpte, &free, FALSE);
5455 pmap_resident_count_dec(pmap, 1);
5457 printf("freeing pv (%p, %p)\n",
5460 TAILQ_REMOVE(&m->md.pv_list, pv, pv_link);
5462 if ((m->a.flags & PGA_WRITEABLE) != 0 &&
5463 TAILQ_EMPTY(&m->md.pv_list) &&
5464 (m->flags & PG_FICTITIOUS) == 0) {
5465 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
5466 if (TAILQ_EMPTY(&pvh->pv_list))
5467 vm_page_aflag_clear(m, PGA_WRITEABLE);
5470 pmap_unuse_pt(pmap, pv->pv_va, ptel3e, &free);
5474 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
5475 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
5476 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
5478 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
5484 pmap_invalidate_all(pmap);
5486 vm_page_free_pages_toq(&free, true);
5490 mmu_radix_remove_write(vm_page_t m)
5492 struct md_page *pvh;
5494 struct rwlock *lock;
5495 pv_entry_t next_pv, pv;
5497 pt_entry_t oldpte, *pte;
5498 int pvh_gen, md_gen;
5500 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
5501 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5502 ("pmap_remove_write: page %p is not managed", m));
5503 vm_page_assert_busied(m);
5505 if (!pmap_page_is_write_mapped(m))
5507 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5508 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
5509 pa_to_pvh(VM_PAGE_TO_PHYS(m));
5512 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_link, next_pv) {
5514 if (!PMAP_TRYLOCK(pmap)) {
5515 pvh_gen = pvh->pv_gen;
5519 if (pvh_gen != pvh->pv_gen) {
5525 l3e = pmap_pml3e(pmap, pv->pv_va);
5526 if ((*l3e & PG_RW) != 0)
5527 (void)pmap_demote_l3e_locked(pmap, l3e, pv->pv_va, &lock);
5528 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
5529 ("inconsistent pv lock %p %p for page %p",
5530 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
5533 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
5535 if (!PMAP_TRYLOCK(pmap)) {
5536 pvh_gen = pvh->pv_gen;
5537 md_gen = m->md.pv_gen;
5541 if (pvh_gen != pvh->pv_gen ||
5542 md_gen != m->md.pv_gen) {
5548 l3e = pmap_pml3e(pmap, pv->pv_va);
5549 KASSERT((*l3e & RPTE_LEAF) == 0,
5550 ("pmap_remove_write: found a 2mpage in page %p's pv list",
5552 pte = pmap_l3e_to_pte(l3e, pv->pv_va);
5555 if (oldpte & PG_RW) {
5556 if (!atomic_cmpset_long(pte, oldpte,
5557 (oldpte | RPTE_EAA_R) & ~(PG_RW | PG_M)))
5559 if ((oldpte & PG_M) != 0)
5561 pmap_invalidate_page(pmap, pv->pv_va);
5566 vm_page_aflag_clear(m, PGA_WRITEABLE);
5570 * Clear the wired attribute from the mappings for the specified range of
5571 * addresses in the given pmap. Every valid mapping within that range
5572 * must have the wired attribute set. In contrast, invalid mappings
5573 * cannot have the wired attribute set, so they are ignored.
5575 * The wired attribute of the page table entry is not a hardware
5576 * feature, so there is no need to invalidate any TLB entries.
5577 * Since pmap_demote_l3e() for the wired entry must never fail,
5578 * pmap_delayed_invl_started()/finished() calls around the
5579 * function are not needed.
5582 mmu_radix_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
5584 vm_offset_t va_next;
5590 CTR4(KTR_PMAP, "%s(%p, %#x, %#x)", __func__, pmap, sva, eva);
5592 for (; sva < eva; sva = va_next) {
5593 l1e = pmap_pml1e(pmap, sva);
5594 if ((*l1e & PG_V) == 0) {
5595 va_next = (sva + L1_PAGE_SIZE) & ~L1_PAGE_MASK;
5600 l2e = pmap_l1e_to_l2e(l1e, sva);
5601 if ((*l2e & PG_V) == 0) {
5602 va_next = (sva + L2_PAGE_SIZE) & ~L2_PAGE_MASK;
5607 va_next = (sva + L3_PAGE_SIZE) & ~L3_PAGE_MASK;
5610 l3e = pmap_l2e_to_l3e(l2e, sva);
5611 if ((*l3e & PG_V) == 0)
5613 if ((*l3e & RPTE_LEAF) != 0) {
5614 if ((*l3e & PG_W) == 0)
5615 panic("pmap_unwire: pde %#jx is missing PG_W",
5619 * Are we unwiring the entire large page? If not,
5620 * demote the mapping and fall through.
5622 if (sva + L3_PAGE_SIZE == va_next && eva >= va_next) {
5623 atomic_clear_long(l3e, PG_W);
5624 pmap->pm_stats.wired_count -= L3_PAGE_SIZE /
5627 } else if (!pmap_demote_l3e(pmap, l3e, sva))
5628 panic("pmap_unwire: demotion failed");
5632 for (pte = pmap_l3e_to_pte(l3e, sva); sva != va_next; pte++,
5634 MPASS(pte == pmap_pte(pmap, sva));
5635 if ((*pte & PG_V) == 0)
5637 if ((*pte & PG_W) == 0)
5638 panic("pmap_unwire: pte %#jx is missing PG_W",
5642 * PG_W must be cleared atomically. Although the pmap
5643 * lock synchronizes access to PG_W, another processor
5644 * could be setting PG_M and/or PG_A concurrently.
5646 atomic_clear_long(pte, PG_W);
5647 pmap->pm_stats.wired_count--;
5654 mmu_radix_zero_page(vm_page_t m)
5658 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
5659 addr = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
5664 mmu_radix_zero_page_area(vm_page_t m, int off, int size)
5668 CTR4(KTR_PMAP, "%s(%p, %d, %d)", __func__, m, off, size);
5669 MPASS(off + size <= PAGE_SIZE);
5670 addr = (caddr_t)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
5671 memset(addr + off, 0, size);
5675 mmu_radix_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
5682 CTR3(KTR_PMAP, "%s(%p, %#x)", __func__, pmap, addr);
5685 l3ep = pmap_pml3e(pmap, addr);
5686 if (l3ep != NULL && (*l3ep & PG_V)) {
5687 if (*l3ep & RPTE_LEAF) {
5689 /* Compute the physical address of the 4KB page. */
5690 pa = ((*l3ep & PG_PS_FRAME) | (addr & L3_PAGE_MASK)) &
5692 val = MINCORE_PSIND(1);
5694 pte = *pmap_l3e_to_pte(l3ep, addr);
5695 pa = pte & PG_FRAME;
5703 if ((pte & PG_V) != 0) {
5704 val |= MINCORE_INCORE;
5705 if ((pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5706 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5707 if ((pte & PG_A) != 0)
5708 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
5710 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5711 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) &&
5712 (pte & (PG_MANAGED | PG_V)) == (PG_MANAGED | PG_V)) {
5720 mmu_radix_activate(struct thread *td)
5725 CTR2(KTR_PMAP, "%s(%p)", __func__, td);
5727 pmap = vmspace_pmap(td->td_proc->p_vmspace);
5728 curpid = mfspr(SPR_PID);
5729 if (pmap->pm_pid > isa3_base_pid &&
5730 curpid != pmap->pm_pid) {
5731 mmu_radix_pid_set(pmap);
5737 * Increase the starting virtual address of the given mapping if a
5738 * different alignment might result in more superpage mappings.
5741 mmu_radix_align_superpage(vm_object_t object, vm_ooffset_t offset,
5742 vm_offset_t *addr, vm_size_t size)
5745 CTR5(KTR_PMAP, "%s(%p, %#x, %p, %#x)", __func__, object, offset, addr,
5747 vm_offset_t superpage_offset;
5749 if (size < L3_PAGE_SIZE)
5751 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
5752 offset += ptoa(object->pg_color);
5753 superpage_offset = offset & L3_PAGE_MASK;
5754 if (size - ((L3_PAGE_SIZE - superpage_offset) & L3_PAGE_MASK) < L3_PAGE_SIZE ||
5755 (*addr & L3_PAGE_MASK) == superpage_offset)
5757 if ((*addr & L3_PAGE_MASK) < superpage_offset)
5758 *addr = (*addr & ~L3_PAGE_MASK) + superpage_offset;
5760 *addr = ((*addr + L3_PAGE_MASK) & ~L3_PAGE_MASK) + superpage_offset;
5764 mmu_radix_mapdev_attr(vm_paddr_t pa, vm_size_t size, vm_memattr_t attr)
5766 vm_offset_t va, tmpva, ppa, offset;
5768 ppa = trunc_page(pa);
5769 offset = pa & PAGE_MASK;
5770 size = roundup2(offset + size, PAGE_SIZE);
5771 if (pa < powerpc_ptob(Maxmem))
5772 panic("bad pa: %#lx less than Maxmem %#lx\n",
5773 pa, powerpc_ptob(Maxmem));
5774 va = kva_alloc(size);
5776 printf("%s(%#lx, %lu, %d)\n", __func__, pa, size, attr);
5777 KASSERT(size > 0, ("%s(%#lx, %lu, %d)", __func__, pa, size, attr));
5780 panic("%s: Couldn't alloc kernel virtual memory", __func__);
5782 for (tmpva = va; size > 0;) {
5783 mmu_radix_kenter_attr(tmpva, ppa, attr);
5790 return ((void *)(va + offset));
5794 mmu_radix_mapdev(vm_paddr_t pa, vm_size_t size)
5797 CTR3(KTR_PMAP, "%s(%#x, %#x)", __func__, pa, size);
5799 return (mmu_radix_mapdev_attr(pa, size, VM_MEMATTR_DEFAULT));
5803 mmu_radix_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5806 CTR3(KTR_PMAP, "%s(%p, %#x)", __func__, m, ma);
5807 m->md.mdpg_cache_attrs = ma;
5810 * If "m" is a normal page, update its direct mapping. This update
5811 * can be relied upon to perform any cache operations that are
5812 * required for data coherence.
5814 if ((m->flags & PG_FICTITIOUS) == 0 &&
5815 mmu_radix_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)),
5816 PAGE_SIZE, m->md.mdpg_cache_attrs))
5817 panic("memory attribute change on the direct map failed");
5821 mmu_radix_unmapdev(vm_offset_t va, vm_size_t size)
5825 CTR3(KTR_PMAP, "%s(%#x, %#x)", __func__, va, size);
5826 /* If we gave a direct map region in pmap_mapdev, do nothing */
5827 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
5830 offset = va & PAGE_MASK;
5831 size = round_page(offset + size);
5832 va = trunc_page(va);
5834 if (pmap_initialized) {
5835 mmu_radix_qremove(va, atop(size));
5840 static __inline void
5841 pmap_pte_attr(pt_entry_t *pte, uint64_t cache_bits, uint64_t mask)
5843 uint64_t opte, npte;
5846 * The cache mode bits are all in the low 32-bits of the
5847 * PTE, so we can just spin on updating the low 32-bits.
5851 npte = opte & ~mask;
5853 } while (npte != opte && !atomic_cmpset_long(pte, opte, npte));
5857 * Tries to demote a 1GB page mapping.
5860 pmap_demote_l2e(pmap_t pmap, pml2_entry_t *l2e, vm_offset_t va)
5862 pml2_entry_t oldpdpe;
5863 pml3_entry_t *firstpde, newpde, *pde;
5867 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5869 KASSERT((oldpdpe & (RPTE_LEAF | PG_V)) == (RPTE_LEAF | PG_V),
5870 ("pmap_demote_pdpe: oldpdpe is missing PG_PS and/or PG_V"));
5871 pdpg = vm_page_alloc(NULL, va >> L2_PAGE_SIZE_SHIFT,
5872 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
5874 CTR2(KTR_PMAP, "pmap_demote_pdpe: failure for va %#lx"
5875 " in pmap %p", va, pmap);
5878 pdpgpa = VM_PAGE_TO_PHYS(pdpg);
5879 firstpde = (pml3_entry_t *)PHYS_TO_DMAP(pdpgpa);
5880 KASSERT((oldpdpe & PG_A) != 0,
5881 ("pmap_demote_pdpe: oldpdpe is missing PG_A"));
5882 KASSERT((oldpdpe & (PG_M | PG_RW)) != PG_RW,
5883 ("pmap_demote_pdpe: oldpdpe is missing PG_M"));
5887 * Initialize the page directory page.
5889 for (pde = firstpde; pde < firstpde + NPDEPG; pde++) {
5891 newpde += L3_PAGE_SIZE;
5895 * Demote the mapping.
5897 pde_store(l2e, pdpgpa);
5900 * Flush PWC --- XXX revisit
5902 pmap_invalidate_all(pmap);
5904 pmap_l2e_demotions++;
5905 CTR2(KTR_PMAP, "pmap_demote_pdpe: success for va %#lx"
5906 " in pmap %p", va, pmap);
5911 mmu_radix_kextract(vm_offset_t va)
5916 CTR2(KTR_PMAP, "%s(%#x)", __func__, va);
5917 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
5918 pa = DMAP_TO_PHYS(va);
5920 l3e = *pmap_pml3e(kernel_pmap, va);
5921 if (l3e & RPTE_LEAF) {
5922 pa = (l3e & PG_PS_FRAME) | (va & L3_PAGE_MASK);
5923 pa |= (va & L3_PAGE_MASK);
5926 * Beware of a concurrent promotion that changes the
5927 * PDE at this point! For example, vtopte() must not
5928 * be used to access the PTE because it would use the
5929 * new PDE. It is, however, safe to use the old PDE
5930 * because the page table page is preserved by the
5933 pa = *pmap_l3e_to_pte(&l3e, va);
5934 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
5935 pa |= (va & PAGE_MASK);
5942 mmu_radix_calc_wimg(vm_paddr_t pa, vm_memattr_t ma)
5945 if (ma != VM_MEMATTR_DEFAULT) {
5946 return pmap_cache_bits(ma);
5950 * Assume the page is cache inhibited and access is guarded unless
5951 * it's in our available memory array.
5953 for (int i = 0; i < pregions_sz; i++) {
5954 if ((pa >= pregions[i].mr_start) &&
5955 (pa < (pregions[i].mr_start + pregions[i].mr_size)))
5956 return (RPTE_ATTR_MEM);
5958 return (RPTE_ATTR_GUARDEDIO);
5962 mmu_radix_kenter_attr(vm_offset_t va, vm_paddr_t pa, vm_memattr_t ma)
5964 pt_entry_t *pte, pteval;
5965 uint64_t cache_bits;
5969 pteval = pa | RPTE_EAA_R | RPTE_EAA_W | RPTE_EAA_P | PG_M | PG_A;
5970 cache_bits = mmu_radix_calc_wimg(pa, ma);
5971 pte_store(pte, pteval | cache_bits);
5975 mmu_radix_kremove(vm_offset_t va)
5979 CTR2(KTR_PMAP, "%s(%#x)", __func__, va);
5986 mmu_radix_decode_kernel_ptr(vm_offset_t addr,
5987 int *is_user, vm_offset_t *decoded)
5990 CTR2(KTR_PMAP, "%s(%#jx)", __func__, (uintmax_t)addr);
5992 *is_user = (addr < VM_MAXUSER_ADDRESS);
5997 mmu_radix_dev_direct_mapped(vm_paddr_t pa, vm_size_t size)
6000 CTR3(KTR_PMAP, "%s(%#x, %#x)", __func__, pa, size);
6001 return (mem_valid(pa, size));
6005 mmu_radix_scan_init()
6008 CTR1(KTR_PMAP, "%s()", __func__);
6013 mmu_radix_dumpsys_map(vm_paddr_t pa, size_t sz,
6016 CTR4(KTR_PMAP, "%s(%#jx, %#zx, %p)", __func__, (uintmax_t)pa, sz, va);
6021 mmu_radix_quick_enter_page(vm_page_t m)
6025 CTR2(KTR_PMAP, "%s(%p)", __func__, m);
6026 paddr = VM_PAGE_TO_PHYS(m);
6027 return (PHYS_TO_DMAP(paddr));
6031 mmu_radix_quick_remove_page(vm_offset_t addr __unused)
6033 /* no work to do here */
6034 CTR2(KTR_PMAP, "%s(%#x)", __func__, addr);
6038 pmap_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
6040 cpu_flush_dcache((void *)sva, eva - sva);
6044 mmu_radix_change_attr(vm_offset_t va, vm_size_t size,
6049 CTR4(KTR_PMAP, "%s(%#x, %#zx, %d)", __func__, va, size, mode);
6050 PMAP_LOCK(kernel_pmap);
6051 error = pmap_change_attr_locked(va, size, mode, true);
6052 PMAP_UNLOCK(kernel_pmap);
6057 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode, bool flush)
6059 vm_offset_t base, offset, tmpva;
6060 vm_paddr_t pa_start, pa_end, pa_end1;
6064 int cache_bits, error;
6067 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
6068 base = trunc_page(va);
6069 offset = va & PAGE_MASK;
6070 size = round_page(offset + size);
6073 * Only supported on kernel virtual addresses, including the direct
6074 * map but excluding the recursive map.
6076 if (base < DMAP_MIN_ADDRESS)
6079 cache_bits = pmap_cache_bits(mode);
6083 * Pages that aren't mapped aren't supported. Also break down 2MB pages
6084 * into 4KB pages if required.
6086 for (tmpva = base; tmpva < base + size; ) {
6087 l2e = pmap_pml2e(kernel_pmap, tmpva);
6088 if (l2e == NULL || *l2e == 0)
6090 if (*l2e & RPTE_LEAF) {
6092 * If the current 1GB page already has the required
6093 * memory type, then we need not demote this page. Just
6094 * increment tmpva to the next 1GB page frame.
6096 if ((*l2e & RPTE_ATTR_MASK) == cache_bits) {
6097 tmpva = trunc_1gpage(tmpva) + L2_PAGE_SIZE;
6102 * If the current offset aligns with a 1GB page frame
6103 * and there is at least 1GB left within the range, then
6104 * we need not break down this page into 2MB pages.
6106 if ((tmpva & L2_PAGE_MASK) == 0 &&
6107 tmpva + L2_PAGE_MASK < base + size) {
6108 tmpva += L2_PAGE_MASK;
6111 if (!pmap_demote_l2e(kernel_pmap, l2e, tmpva))
6114 l3e = pmap_l2e_to_l3e(l2e, tmpva);
6115 KASSERT(l3e != NULL, ("no l3e entry for %#lx in %p\n",
6119 if (*l3e & RPTE_LEAF) {
6121 * If the current 2MB page already has the required
6122 * memory type, then we need not demote this page. Just
6123 * increment tmpva to the next 2MB page frame.
6125 if ((*l3e & RPTE_ATTR_MASK) == cache_bits) {
6126 tmpva = trunc_2mpage(tmpva) + L3_PAGE_SIZE;
6131 * If the current offset aligns with a 2MB page frame
6132 * and there is at least 2MB left within the range, then
6133 * we need not break down this page into 4KB pages.
6135 if ((tmpva & L3_PAGE_MASK) == 0 &&
6136 tmpva + L3_PAGE_MASK < base + size) {
6137 tmpva += L3_PAGE_SIZE;
6140 if (!pmap_demote_l3e(kernel_pmap, l3e, tmpva))
6143 pte = pmap_l3e_to_pte(l3e, tmpva);
6151 * Ok, all the pages exist, so run through them updating their
6152 * cache mode if required.
6154 pa_start = pa_end = 0;
6155 for (tmpva = base; tmpva < base + size; ) {
6156 l2e = pmap_pml2e(kernel_pmap, tmpva);
6157 if (*l2e & RPTE_LEAF) {
6158 if ((*l2e & RPTE_ATTR_MASK) != cache_bits) {
6159 pmap_pte_attr(l2e, cache_bits,
6163 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
6164 (*l2e & PG_PS_FRAME) < dmaplimit) {
6165 if (pa_start == pa_end) {
6166 /* Start physical address run. */
6167 pa_start = *l2e & PG_PS_FRAME;
6168 pa_end = pa_start + L2_PAGE_SIZE;
6169 } else if (pa_end == (*l2e & PG_PS_FRAME))
6170 pa_end += L2_PAGE_SIZE;
6172 /* Run ended, update direct map. */
6173 error = pmap_change_attr_locked(
6174 PHYS_TO_DMAP(pa_start),
6175 pa_end - pa_start, mode, flush);
6178 /* Start physical address run. */
6179 pa_start = *l2e & PG_PS_FRAME;
6180 pa_end = pa_start + L2_PAGE_SIZE;
6183 tmpva = trunc_1gpage(tmpva) + L2_PAGE_SIZE;
6186 l3e = pmap_l2e_to_l3e(l2e, tmpva);
6187 if (*l3e & RPTE_LEAF) {
6188 if ((*l3e & RPTE_ATTR_MASK) != cache_bits) {
6189 pmap_pte_attr(l3e, cache_bits,
6193 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
6194 (*l3e & PG_PS_FRAME) < dmaplimit) {
6195 if (pa_start == pa_end) {
6196 /* Start physical address run. */
6197 pa_start = *l3e & PG_PS_FRAME;
6198 pa_end = pa_start + L3_PAGE_SIZE;
6199 } else if (pa_end == (*l3e & PG_PS_FRAME))
6200 pa_end += L3_PAGE_SIZE;
6202 /* Run ended, update direct map. */
6203 error = pmap_change_attr_locked(
6204 PHYS_TO_DMAP(pa_start),
6205 pa_end - pa_start, mode, flush);
6208 /* Start physical address run. */
6209 pa_start = *l3e & PG_PS_FRAME;
6210 pa_end = pa_start + L3_PAGE_SIZE;
6213 tmpva = trunc_2mpage(tmpva) + L3_PAGE_SIZE;
6215 pte = pmap_l3e_to_pte(l3e, tmpva);
6216 if ((*pte & RPTE_ATTR_MASK) != cache_bits) {
6217 pmap_pte_attr(pte, cache_bits,
6221 if (tmpva >= VM_MIN_KERNEL_ADDRESS &&
6222 (*pte & PG_FRAME) < dmaplimit) {
6223 if (pa_start == pa_end) {
6224 /* Start physical address run. */
6225 pa_start = *pte & PG_FRAME;
6226 pa_end = pa_start + PAGE_SIZE;
6227 } else if (pa_end == (*pte & PG_FRAME))
6228 pa_end += PAGE_SIZE;
6230 /* Run ended, update direct map. */
6231 error = pmap_change_attr_locked(
6232 PHYS_TO_DMAP(pa_start),
6233 pa_end - pa_start, mode, flush);
6236 /* Start physical address run. */
6237 pa_start = *pte & PG_FRAME;
6238 pa_end = pa_start + PAGE_SIZE;
6244 if (error == 0 && pa_start != pa_end && pa_start < dmaplimit) {
6245 pa_end1 = MIN(pa_end, dmaplimit);
6246 if (pa_start != pa_end1)
6247 error = pmap_change_attr_locked(PHYS_TO_DMAP(pa_start),
6248 pa_end1 - pa_start, mode, flush);
6252 * Flush CPU caches if required to make sure any data isn't cached that
6253 * shouldn't be, etc.
6256 pmap_invalidate_all(kernel_pmap);
6259 pmap_invalidate_cache_range(base, tmpva);
6265 * Allocate physical memory for the vm_page array and map it into KVA,
6266 * attempting to back the vm_pages with domain-local memory.
6269 mmu_radix_page_array_startup(long pages)
6280 vm_offset_t start, end;
6282 vm_page_array_size = pages;
6284 start = VM_MIN_KERNEL_ADDRESS;
6285 end = start + pages * sizeof(struct vm_page);
6287 pa = vm_phys_early_alloc(0, end - start);
6289 start = mmu_radix_map(&start, pa, end - start, VM_MEMATTR_DEFAULT);
6291 /* TODO: NUMA vm_page_array. Blocked out until then (copied from amd64). */
6292 for (va = start; va < end; va += L3_PAGE_SIZE) {
6293 pfn = first_page + (va - start) / sizeof(struct vm_page);
6294 domain = _vm_phys_domain(ptoa(pfn));
6295 l2e = pmap_pml2e(kernel_pmap, va);
6296 if ((*l2e & PG_V) == 0) {
6297 pa = vm_phys_early_alloc(domain, PAGE_SIZE);
6299 pagezero(PHYS_TO_DMAP(pa));
6300 pde_store(l2e, (pml2_entry_t)pa);
6302 pde = pmap_l2e_to_l3e(l2e, va);
6303 if ((*pde & PG_V) != 0)
6304 panic("Unexpected pde %p", pde);
6305 pa = vm_phys_early_alloc(domain, L3_PAGE_SIZE);
6306 for (i = 0; i < NPDEPG; i++)
6307 dump_add_page(pa + i * PAGE_SIZE);
6308 newl3 = (pml3_entry_t)(pa | RPTE_EAA_P | RPTE_EAA_R | RPTE_EAA_W);
6309 pte_store(pde, newl3);
6312 vm_page_array = (vm_page_t)start;
6316 #include <sys/kdb.h>
6317 #include <ddb/ddb.h>
6320 pmap_pte_walk(pml1_entry_t *l1, vm_offset_t va)
6327 l1e = &l1[pmap_pml1e_index(va)];
6328 db_printf("VA %#016lx l1e %#016lx", va, *l1e);
6329 if ((*l1e & PG_V) == 0) {
6333 l2e = pmap_l1e_to_l2e(l1e, va);
6334 db_printf(" l2e %#016lx", *l2e);
6335 if ((*l2e & PG_V) == 0 || (*l2e & RPTE_LEAF) != 0) {
6339 l3e = pmap_l2e_to_l3e(l2e, va);
6340 db_printf(" l3e %#016lx", *l3e);
6341 if ((*l3e & PG_V) == 0 || (*l3e & RPTE_LEAF) != 0) {
6345 pte = pmap_l3e_to_pte(l3e, va);
6346 db_printf(" pte %#016lx\n", *pte);
6350 pmap_page_print_mappings(vm_page_t m)
6355 db_printf("page %p(%lx)\n", m, m->phys_addr);
6356 /* need to elide locks if running in ddb */
6357 TAILQ_FOREACH(pv, &m->md.pv_list, pv_link) {
6358 db_printf("pv: %p ", pv);
6359 db_printf("va: %#016lx ", pv->pv_va);
6361 db_printf("pmap %p ", pmap);
6363 db_printf("asid: %lu\n", pmap->pm_pid);
6364 pmap_pte_walk(pmap->pm_pml1, pv->pv_va);
6369 DB_SHOW_COMMAND(pte, pmap_print_pte)
6375 db_printf("show pte addr\n");
6378 va = (vm_offset_t)addr;
6380 if (va >= DMAP_MIN_ADDRESS)
6382 else if (kdb_thread != NULL)
6383 pmap = vmspace_pmap(kdb_thread->td_proc->p_vmspace);
6385 pmap = vmspace_pmap(curthread->td_proc->p_vmspace);
6387 pmap_pte_walk(pmap->pm_pml1, va);
projects / FreeBSD / FreeBSD.git / blob