2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2003 Peter Wemm
10 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * All rights reserved.
12 * Copyright (c) 2014 Andrew Turner
13 * All rights reserved.
14 * Copyright (c) 2014-2016 The FreeBSD Foundation
15 * All rights reserved.
17 * This code is derived from software contributed to Berkeley by
18 * the Systems Programming Group of the University of Utah Computer
19 * Science Department and William Jolitz of UUNET Technologies Inc.
21 * This software was developed by Andrew Turner under sponsorship from
22 * the FreeBSD Foundation.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in the
31 * documentation and/or other materials provided with the distribution.
32 * 3. All advertising materials mentioning features or use of this software
33 * must display the following acknowledgement:
34 * This product includes software developed by the University of
35 * California, Berkeley and its contributors.
36 * 4. Neither the name of the University nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
55 * Copyright (c) 2003 Networks Associates Technology, Inc.
56 * All rights reserved.
58 * This software was developed for the FreeBSD Project by Jake Burkholder,
59 * Safeport Network Services, and Network Associates Laboratories, the
60 * Security Research Division of Network Associates, Inc. under
61 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
62 * CHATS research program.
64 * Redistribution and use in source and binary forms, with or without
65 * modification, are permitted provided that the following conditions
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * 2. Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in the
71 * documentation and/or other materials provided with the distribution.
73 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86 #include <sys/cdefs.h>
87 __FBSDID("$FreeBSD$");
90 * Manages physical address maps.
92 * Since the information managed by this module is
93 * also stored by the logical address mapping module,
94 * this module may throw away valid virtual-to-physical
95 * mappings at almost any time. However, invalidations
96 * of virtual-to-physical mappings must be done as
99 * In order to cope with hardware architectures which
100 * make virtual-to-physical map invalidates expensive,
101 * this module may delay invalidate or reduced protection
102 * operations until such time as they are actually
103 * necessary. This module is given full information as
104 * to which processors are currently using which maps,
105 * and to when physical maps must be made correct.
110 #include <sys/param.h>
111 #include <sys/bitstring.h>
113 #include <sys/systm.h>
114 #include <sys/kernel.h>
116 #include <sys/limits.h>
117 #include <sys/lock.h>
118 #include <sys/malloc.h>
119 #include <sys/mman.h>
120 #include <sys/msgbuf.h>
121 #include <sys/mutex.h>
122 #include <sys/physmem.h>
123 #include <sys/proc.h>
124 #include <sys/rwlock.h>
125 #include <sys/sbuf.h>
127 #include <sys/vmem.h>
128 #include <sys/vmmeter.h>
129 #include <sys/sched.h>
130 #include <sys/sysctl.h>
131 #include <sys/_unrhdr.h>
135 #include <vm/vm_param.h>
136 #include <vm/vm_kern.h>
137 #include <vm/vm_page.h>
138 #include <vm/vm_map.h>
139 #include <vm/vm_object.h>
140 #include <vm/vm_extern.h>
141 #include <vm/vm_pageout.h>
142 #include <vm/vm_pager.h>
143 #include <vm/vm_phys.h>
144 #include <vm/vm_radix.h>
145 #include <vm/vm_reserv.h>
148 #include <machine/machdep.h>
149 #include <machine/md_var.h>
150 #include <machine/pcb.h>
152 #define PMAP_ASSERT_STAGE1(pmap) MPASS((pmap)->pm_stage == PM_STAGE1)
153 #define PMAP_ASSERT_STAGE2(pmap) MPASS((pmap)->pm_stage == PM_STAGE2)
155 #define NL0PG (PAGE_SIZE/(sizeof (pd_entry_t)))
156 #define NL1PG (PAGE_SIZE/(sizeof (pd_entry_t)))
157 #define NL2PG (PAGE_SIZE/(sizeof (pd_entry_t)))
158 #define NL3PG (PAGE_SIZE/(sizeof (pt_entry_t)))
160 #define NUL0E L0_ENTRIES
161 #define NUL1E (NUL0E * NL1PG)
162 #define NUL2E (NUL1E * NL2PG)
164 #if !defined(DIAGNOSTIC)
165 #ifdef __GNUC_GNU_INLINE__
166 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
168 #define PMAP_INLINE extern inline
175 #define PV_STAT(x) do { x ; } while (0)
177 #define PV_STAT(x) do { } while (0)
180 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
181 #define pa_to_pvh(pa) (&pv_table[pmap_l2_pindex(pa)])
183 #define NPV_LIST_LOCKS MAXCPU
185 #define PHYS_TO_PV_LIST_LOCK(pa) \
186 (&pv_list_locks[pa_index(pa) % NPV_LIST_LOCKS])
188 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
189 struct rwlock **_lockp = (lockp); \
190 struct rwlock *_new_lock; \
192 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
193 if (_new_lock != *_lockp) { \
194 if (*_lockp != NULL) \
195 rw_wunlock(*_lockp); \
196 *_lockp = _new_lock; \
201 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
202 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
204 #define RELEASE_PV_LIST_LOCK(lockp) do { \
205 struct rwlock **_lockp = (lockp); \
207 if (*_lockp != NULL) { \
208 rw_wunlock(*_lockp); \
213 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
214 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
217 * The presence of this flag indicates that the mapping is writeable.
218 * If the ATTR_S1_AP_RO bit is also set, then the mapping is clean, otherwise
219 * it is dirty. This flag may only be set on managed mappings.
221 * The DBM bit is reserved on ARMv8.0 but it seems we can safely treat it
222 * as a software managed bit.
224 #define ATTR_SW_DBM ATTR_DBM
226 struct pmap kernel_pmap_store;
228 /* Used for mapping ACPI memory before VM is initialized */
229 #define PMAP_PREINIT_MAPPING_COUNT 32
230 #define PMAP_PREINIT_MAPPING_SIZE (PMAP_PREINIT_MAPPING_COUNT * L2_SIZE)
231 static vm_offset_t preinit_map_va; /* Start VA of pre-init mapping space */
232 static int vm_initialized = 0; /* No need to use pre-init maps when set */
235 * Reserve a few L2 blocks starting from 'preinit_map_va' pointer.
236 * Always map entire L2 block for simplicity.
237 * VA of L2 block = preinit_map_va + i * L2_SIZE
239 static struct pmap_preinit_mapping {
243 } pmap_preinit_mapping[PMAP_PREINIT_MAPPING_COUNT];
245 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
246 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
247 vm_offset_t kernel_vm_end = 0;
250 * Data for the pv entry allocation mechanism.
252 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
253 static struct mtx pv_chunks_mutex;
254 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
255 static struct md_page *pv_table;
256 static struct md_page pv_dummy;
258 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
259 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
260 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
262 /* This code assumes all L1 DMAP entries will be used */
263 CTASSERT((DMAP_MIN_ADDRESS & ~L0_OFFSET) == DMAP_MIN_ADDRESS);
264 CTASSERT((DMAP_MAX_ADDRESS & ~L0_OFFSET) == DMAP_MAX_ADDRESS);
266 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
267 extern pt_entry_t pagetable_dmap[];
269 #define PHYSMAP_SIZE (2 * (VM_PHYSSEG_MAX - 1))
270 static vm_paddr_t physmap[PHYSMAP_SIZE];
271 static u_int physmap_idx;
273 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
274 "VM/pmap parameters");
277 * This ASID allocator uses a bit vector ("asid_set") to remember which ASIDs
278 * that it has currently allocated to a pmap, a cursor ("asid_next") to
279 * optimize its search for a free ASID in the bit vector, and an epoch number
280 * ("asid_epoch") to indicate when it has reclaimed all previously allocated
281 * ASIDs that are not currently active on a processor.
283 * The current epoch number is always in the range [0, INT_MAX). Negative
284 * numbers and INT_MAX are reserved for special cases that are described
293 struct mtx asid_set_mutex;
296 static struct asid_set asids;
297 static struct asid_set vmids;
299 static SYSCTL_NODE(_vm_pmap, OID_AUTO, asid, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
301 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, bits, CTLFLAG_RD, &asids.asid_bits, 0,
302 "The number of bits in an ASID");
303 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, next, CTLFLAG_RD, &asids.asid_next, 0,
304 "The last allocated ASID plus one");
305 SYSCTL_INT(_vm_pmap_asid, OID_AUTO, epoch, CTLFLAG_RD, &asids.asid_epoch, 0,
306 "The current epoch number");
308 static SYSCTL_NODE(_vm_pmap, OID_AUTO, vmid, CTLFLAG_RD, 0, "VMID allocator");
309 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, bits, CTLFLAG_RD, &vmids.asid_bits, 0,
310 "The number of bits in an VMID");
311 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, next, CTLFLAG_RD, &vmids.asid_next, 0,
312 "The last allocated VMID plus one");
313 SYSCTL_INT(_vm_pmap_vmid, OID_AUTO, epoch, CTLFLAG_RD, &vmids.asid_epoch, 0,
314 "The current epoch number");
316 void (*pmap_clean_stage2_tlbi)(void);
317 void (*pmap_invalidate_vpipt_icache)(void);
320 * A pmap's cookie encodes an ASID and epoch number. Cookies for reserved
321 * ASIDs have a negative epoch number, specifically, INT_MIN. Cookies for
322 * dynamically allocated ASIDs have a non-negative epoch number.
324 * An invalid ASID is represented by -1.
326 * There are two special-case cookie values: (1) COOKIE_FROM(-1, INT_MIN),
327 * which indicates that an ASID should never be allocated to the pmap, and
328 * (2) COOKIE_FROM(-1, INT_MAX), which indicates that an ASID should be
329 * allocated when the pmap is next activated.
331 #define COOKIE_FROM(asid, epoch) ((long)((u_int)(asid) | \
332 ((u_long)(epoch) << 32)))
333 #define COOKIE_TO_ASID(cookie) ((int)(cookie))
334 #define COOKIE_TO_EPOCH(cookie) ((int)((u_long)(cookie) >> 32))
336 static int superpages_enabled = 1;
337 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
338 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &superpages_enabled, 0,
339 "Are large page mappings enabled?");
342 * Internal flags for pmap_enter()'s helper functions.
344 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
345 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
347 static void free_pv_chunk(struct pv_chunk *pc);
348 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
349 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
350 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
351 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
352 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
355 static void pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte);
356 static bool pmap_activate_int(pmap_t pmap);
357 static void pmap_alloc_asid(pmap_t pmap);
358 static int pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode);
359 static pt_entry_t *pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va);
360 static pt_entry_t *pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2,
361 vm_offset_t va, struct rwlock **lockp);
362 static pt_entry_t *pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va);
363 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
364 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
365 static int pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2,
366 u_int flags, vm_page_t m, struct rwlock **lockp);
367 static int pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
368 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp);
369 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
370 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp);
371 static void pmap_reset_asid_set(pmap_t pmap);
372 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
373 vm_page_t m, struct rwlock **lockp);
375 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
376 struct rwlock **lockp);
378 static void _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m,
379 struct spglist *free);
380 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
381 static __inline vm_page_t pmap_remove_pt_page(pmap_t pmap, vm_offset_t va);
384 * These load the old table data and store the new value.
385 * They need to be atomic as the System MMU may write to the table at
386 * the same time as the CPU.
388 #define pmap_clear(table) atomic_store_64(table, 0)
389 #define pmap_clear_bits(table, bits) atomic_clear_64(table, bits)
390 #define pmap_load(table) (*table)
391 #define pmap_load_clear(table) atomic_swap_64(table, 0)
392 #define pmap_load_store(table, entry) atomic_swap_64(table, entry)
393 #define pmap_set_bits(table, bits) atomic_set_64(table, bits)
394 #define pmap_store(table, entry) atomic_store_64(table, entry)
396 /********************/
397 /* Inline functions */
398 /********************/
401 pagecopy(void *s, void *d)
404 memcpy(d, s, PAGE_SIZE);
407 static __inline pd_entry_t *
408 pmap_l0(pmap_t pmap, vm_offset_t va)
411 return (&pmap->pm_l0[pmap_l0_index(va)]);
414 static __inline pd_entry_t *
415 pmap_l0_to_l1(pd_entry_t *l0, vm_offset_t va)
419 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
420 return (&l1[pmap_l1_index(va)]);
423 static __inline pd_entry_t *
424 pmap_l1(pmap_t pmap, vm_offset_t va)
428 l0 = pmap_l0(pmap, va);
429 if ((pmap_load(l0) & ATTR_DESCR_MASK) != L0_TABLE)
432 return (pmap_l0_to_l1(l0, va));
435 static __inline pd_entry_t *
436 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
440 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
441 return (&l2[pmap_l2_index(va)]);
444 static __inline pd_entry_t *
445 pmap_l2(pmap_t pmap, vm_offset_t va)
449 l1 = pmap_l1(pmap, va);
450 if ((pmap_load(l1) & ATTR_DESCR_MASK) != L1_TABLE)
453 return (pmap_l1_to_l2(l1, va));
456 static __inline pt_entry_t *
457 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
461 l3 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l2) & ~ATTR_MASK);
462 return (&l3[pmap_l3_index(va)]);
466 * Returns the lowest valid pde for a given virtual address.
467 * The next level may or may not point to a valid page or block.
469 static __inline pd_entry_t *
470 pmap_pde(pmap_t pmap, vm_offset_t va, int *level)
472 pd_entry_t *l0, *l1, *l2, desc;
474 l0 = pmap_l0(pmap, va);
475 desc = pmap_load(l0) & ATTR_DESCR_MASK;
476 if (desc != L0_TABLE) {
481 l1 = pmap_l0_to_l1(l0, va);
482 desc = pmap_load(l1) & ATTR_DESCR_MASK;
483 if (desc != L1_TABLE) {
488 l2 = pmap_l1_to_l2(l1, va);
489 desc = pmap_load(l2) & ATTR_DESCR_MASK;
490 if (desc != L2_TABLE) {
500 * Returns the lowest valid pte block or table entry for a given virtual
501 * address. If there are no valid entries return NULL and set the level to
502 * the first invalid level.
504 static __inline pt_entry_t *
505 pmap_pte(pmap_t pmap, vm_offset_t va, int *level)
507 pd_entry_t *l1, *l2, desc;
510 l1 = pmap_l1(pmap, va);
515 desc = pmap_load(l1) & ATTR_DESCR_MASK;
516 if (desc == L1_BLOCK) {
521 if (desc != L1_TABLE) {
526 l2 = pmap_l1_to_l2(l1, va);
527 desc = pmap_load(l2) & ATTR_DESCR_MASK;
528 if (desc == L2_BLOCK) {
533 if (desc != L2_TABLE) {
539 l3 = pmap_l2_to_l3(l2, va);
540 if ((pmap_load(l3) & ATTR_DESCR_MASK) != L3_PAGE)
547 pmap_ps_enabled(pmap_t pmap __unused)
550 return (superpages_enabled != 0);
554 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l0, pd_entry_t **l1,
555 pd_entry_t **l2, pt_entry_t **l3)
557 pd_entry_t *l0p, *l1p, *l2p;
559 if (pmap->pm_l0 == NULL)
562 l0p = pmap_l0(pmap, va);
565 if ((pmap_load(l0p) & ATTR_DESCR_MASK) != L0_TABLE)
568 l1p = pmap_l0_to_l1(l0p, va);
571 if ((pmap_load(l1p) & ATTR_DESCR_MASK) == L1_BLOCK) {
577 if ((pmap_load(l1p) & ATTR_DESCR_MASK) != L1_TABLE)
580 l2p = pmap_l1_to_l2(l1p, va);
583 if ((pmap_load(l2p) & ATTR_DESCR_MASK) == L2_BLOCK) {
588 if ((pmap_load(l2p) & ATTR_DESCR_MASK) != L2_TABLE)
591 *l3 = pmap_l2_to_l3(l2p, va);
597 pmap_l3_valid(pt_entry_t l3)
600 return ((l3 & ATTR_DESCR_MASK) == L3_PAGE);
604 CTASSERT(L1_BLOCK == L2_BLOCK);
607 pmap_pte_memattr(pmap_t pmap, vm_memattr_t memattr)
611 if (pmap->pm_stage == PM_STAGE1) {
612 val = ATTR_S1_IDX(memattr);
613 if (memattr == VM_MEMATTR_DEVICE)
621 case VM_MEMATTR_DEVICE:
622 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_DEVICE_nGnRnE) |
623 ATTR_S2_XN(ATTR_S2_XN_ALL));
624 case VM_MEMATTR_UNCACHEABLE:
625 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_NC));
626 case VM_MEMATTR_WRITE_BACK:
627 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WB));
628 case VM_MEMATTR_WRITE_THROUGH:
629 return (ATTR_S2_MEMATTR(ATTR_S2_MEMATTR_WT));
631 panic("%s: invalid memory attribute %x", __func__, memattr);
636 pmap_pte_prot(pmap_t pmap, vm_prot_t prot)
641 if (pmap->pm_stage == PM_STAGE1) {
642 if ((prot & VM_PROT_EXECUTE) == 0)
644 if ((prot & VM_PROT_WRITE) == 0)
645 val |= ATTR_S1_AP(ATTR_S1_AP_RO);
647 if ((prot & VM_PROT_WRITE) != 0)
648 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE);
649 if ((prot & VM_PROT_READ) != 0)
650 val |= ATTR_S2_S2AP(ATTR_S2_S2AP_READ);
651 if ((prot & VM_PROT_EXECUTE) == 0)
652 val |= ATTR_S2_XN(ATTR_S2_XN_ALL);
659 * Checks if the PTE is dirty.
662 pmap_pte_dirty(pmap_t pmap, pt_entry_t pte)
665 PMAP_ASSERT_STAGE1(pmap);
666 KASSERT((pte & ATTR_SW_MANAGED) != 0, ("pte %#lx is unmanaged", pte));
667 KASSERT((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) != 0,
668 ("pte %#lx is writeable and missing ATTR_SW_DBM", pte));
670 return ((pte & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
671 (ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_SW_DBM));
675 pmap_resident_count_inc(pmap_t pmap, int count)
678 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
679 pmap->pm_stats.resident_count += count;
683 pmap_resident_count_dec(pmap_t pmap, int count)
686 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
687 KASSERT(pmap->pm_stats.resident_count >= count,
688 ("pmap %p resident count underflow %ld %d", pmap,
689 pmap->pm_stats.resident_count, count));
690 pmap->pm_stats.resident_count -= count;
694 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
700 l1 = (pd_entry_t *)l1pt;
701 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
703 /* Check locore has used a table L1 map */
704 KASSERT((l1[*l1_slot] & ATTR_DESCR_MASK) == L1_TABLE,
705 ("Invalid bootstrap L1 table"));
706 /* Find the address of the L2 table */
707 l2 = (pt_entry_t *)init_pt_va;
708 *l2_slot = pmap_l2_index(va);
714 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
716 u_int l1_slot, l2_slot;
719 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
721 return ((l2[l2_slot] & ~ATTR_MASK) + (va & L2_OFFSET));
725 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa,
726 vm_offset_t freemempos)
730 vm_paddr_t l2_pa, pa;
731 u_int l1_slot, l2_slot, prev_l1_slot;
734 dmap_phys_base = min_pa & ~L1_OFFSET;
740 #define DMAP_TABLES ((DMAP_MAX_ADDRESS - DMAP_MIN_ADDRESS) >> L0_SHIFT)
741 memset(pagetable_dmap, 0, PAGE_SIZE * DMAP_TABLES);
743 for (i = 0; i < (physmap_idx * 2); i += 2) {
744 pa = physmap[i] & ~L2_OFFSET;
745 va = pa - dmap_phys_base + DMAP_MIN_ADDRESS;
747 /* Create L2 mappings at the start of the region */
748 if ((pa & L1_OFFSET) != 0) {
749 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
750 if (l1_slot != prev_l1_slot) {
751 prev_l1_slot = l1_slot;
752 l2 = (pt_entry_t *)freemempos;
753 l2_pa = pmap_early_vtophys(kern_l1,
755 freemempos += PAGE_SIZE;
757 pmap_store(&pagetable_dmap[l1_slot],
758 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
760 memset(l2, 0, PAGE_SIZE);
763 ("pmap_bootstrap_dmap: NULL l2 map"));
764 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
765 pa += L2_SIZE, va += L2_SIZE) {
767 * We are on a boundary, stop to
768 * create a level 1 block
770 if ((pa & L1_OFFSET) == 0)
773 l2_slot = pmap_l2_index(va);
774 KASSERT(l2_slot != 0, ("..."));
775 pmap_store(&l2[l2_slot],
776 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
778 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
781 KASSERT(va == (pa - dmap_phys_base + DMAP_MIN_ADDRESS),
785 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1] &&
786 (physmap[i + 1] - pa) >= L1_SIZE;
787 pa += L1_SIZE, va += L1_SIZE) {
788 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
789 pmap_store(&pagetable_dmap[l1_slot],
790 (pa & ~L1_OFFSET) | ATTR_DEFAULT | ATTR_S1_XN |
791 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L1_BLOCK);
794 /* Create L2 mappings at the end of the region */
795 if (pa < physmap[i + 1]) {
796 l1_slot = ((va - DMAP_MIN_ADDRESS) >> L1_SHIFT);
797 if (l1_slot != prev_l1_slot) {
798 prev_l1_slot = l1_slot;
799 l2 = (pt_entry_t *)freemempos;
800 l2_pa = pmap_early_vtophys(kern_l1,
802 freemempos += PAGE_SIZE;
804 pmap_store(&pagetable_dmap[l1_slot],
805 (l2_pa & ~Ln_TABLE_MASK) | L1_TABLE);
807 memset(l2, 0, PAGE_SIZE);
810 ("pmap_bootstrap_dmap: NULL l2 map"));
811 for (; va < DMAP_MAX_ADDRESS && pa < physmap[i + 1];
812 pa += L2_SIZE, va += L2_SIZE) {
813 l2_slot = pmap_l2_index(va);
814 pmap_store(&l2[l2_slot],
815 (pa & ~L2_OFFSET) | ATTR_DEFAULT |
817 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) |
822 if (pa > dmap_phys_max) {
834 pmap_bootstrap_l2(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l2_start)
841 KASSERT((va & L1_OFFSET) == 0, ("Invalid virtual address"));
843 l1 = (pd_entry_t *)l1pt;
844 l1_slot = pmap_l1_index(va);
847 for (; va < VM_MAX_KERNEL_ADDRESS; l1_slot++, va += L1_SIZE) {
848 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
850 pa = pmap_early_vtophys(l1pt, l2pt);
851 pmap_store(&l1[l1_slot],
852 (pa & ~Ln_TABLE_MASK) | L1_TABLE);
856 /* Clean the L2 page table */
857 memset((void *)l2_start, 0, l2pt - l2_start);
863 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
870 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
872 l2 = pmap_l2(kernel_pmap, va);
873 l2 = (pd_entry_t *)rounddown2((uintptr_t)l2, PAGE_SIZE);
874 l2_slot = pmap_l2_index(va);
877 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
878 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
880 pa = pmap_early_vtophys(l1pt, l3pt);
881 pmap_store(&l2[l2_slot],
882 (pa & ~Ln_TABLE_MASK) | ATTR_S1_UXN | L2_TABLE);
886 /* Clean the L2 page table */
887 memset((void *)l3_start, 0, l3pt - l3_start);
893 * Bootstrap the system enough to run with virtual memory.
896 pmap_bootstrap(vm_offset_t l0pt, vm_offset_t l1pt, vm_paddr_t kernstart,
899 vm_offset_t freemempos;
900 vm_offset_t dpcpu, msgbufpv;
901 vm_paddr_t start_pa, pa, min_pa;
905 /* Verify that the ASID is set through TTBR0. */
906 KASSERT((READ_SPECIALREG(tcr_el1) & TCR_A1) == 0,
907 ("pmap_bootstrap: TCR_EL1.A1 != 0"));
909 kern_delta = KERNBASE - kernstart;
911 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
912 printf("%lx\n", l1pt);
913 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
915 /* Set this early so we can use the pagetable walking functions */
916 kernel_pmap_store.pm_l0 = (pd_entry_t *)l0pt;
917 PMAP_LOCK_INIT(kernel_pmap);
918 kernel_pmap->pm_l0_paddr = l0pt - kern_delta;
919 kernel_pmap->pm_cookie = COOKIE_FROM(-1, INT_MIN);
920 kernel_pmap->pm_stage = PM_STAGE1;
921 kernel_pmap->pm_asid_set = &asids;
923 /* Assume the address we were loaded to is a valid physical address */
924 min_pa = KERNBASE - kern_delta;
926 physmap_idx = physmem_avail(physmap, nitems(physmap));
930 * Find the minimum physical address. physmap is sorted,
931 * but may contain empty ranges.
933 for (i = 0; i < physmap_idx * 2; i += 2) {
934 if (physmap[i] == physmap[i + 1])
936 if (physmap[i] <= min_pa)
940 freemempos = KERNBASE + kernlen;
941 freemempos = roundup2(freemempos, PAGE_SIZE);
943 /* Create a direct map region early so we can use it for pa -> va */
944 freemempos = pmap_bootstrap_dmap(l1pt, min_pa, freemempos);
946 start_pa = pa = KERNBASE - kern_delta;
949 * Create the l2 tables up to VM_MAX_KERNEL_ADDRESS. We assume that the
950 * loader allocated the first and only l2 page table page used to map
951 * the kernel, preloaded files and module metadata.
953 freemempos = pmap_bootstrap_l2(l1pt, KERNBASE + L1_SIZE, freemempos);
954 /* And the l3 tables for the early devmap */
955 freemempos = pmap_bootstrap_l3(l1pt,
956 VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE), freemempos);
960 #define alloc_pages(var, np) \
961 (var) = freemempos; \
962 freemempos += (np * PAGE_SIZE); \
963 memset((char *)(var), 0, ((np) * PAGE_SIZE));
965 /* Allocate dynamic per-cpu area. */
966 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
967 dpcpu_init((void *)dpcpu, 0);
969 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
970 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
971 msgbufp = (void *)msgbufpv;
973 /* Reserve some VA space for early BIOS/ACPI mapping */
974 preinit_map_va = roundup2(freemempos, L2_SIZE);
976 virtual_avail = preinit_map_va + PMAP_PREINIT_MAPPING_SIZE;
977 virtual_avail = roundup2(virtual_avail, L1_SIZE);
978 virtual_end = VM_MAX_KERNEL_ADDRESS - (PMAP_MAPDEV_EARLY_SIZE);
979 kernel_vm_end = virtual_avail;
981 pa = pmap_early_vtophys(l1pt, freemempos);
983 physmem_exclude_region(start_pa, pa - start_pa, EXFLAG_NOALLOC);
989 * Initialize a vm_page's machine-dependent fields.
992 pmap_page_init(vm_page_t m)
995 TAILQ_INIT(&m->md.pv_list);
996 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
1000 pmap_init_asids(struct asid_set *set, int bits)
1004 set->asid_bits = bits;
1007 * We may be too early in the overall initialization process to use
1010 set->asid_set_size = 1 << set->asid_bits;
1011 set->asid_set = (bitstr_t *)kmem_malloc(bitstr_size(set->asid_set_size),
1013 for (i = 0; i < ASID_FIRST_AVAILABLE; i++)
1014 bit_set(set->asid_set, i);
1015 set->asid_next = ASID_FIRST_AVAILABLE;
1016 mtx_init(&set->asid_set_mutex, "asid set", NULL, MTX_SPIN);
1020 * Initialize the pmap module.
1021 * Called by vm_init, to initialize any structures that the pmap
1022 * system needs to map virtual memory.
1029 int i, pv_npg, vmid_bits;
1032 * Are large page mappings enabled?
1034 TUNABLE_INT_FETCH("vm.pmap.superpages_enabled", &superpages_enabled);
1035 if (superpages_enabled) {
1036 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
1037 ("pmap_init: can't assign to pagesizes[1]"));
1038 pagesizes[1] = L2_SIZE;
1042 * Initialize the ASID allocator.
1044 pmap_init_asids(&asids,
1045 (READ_SPECIALREG(tcr_el1) & TCR_ASID_16) != 0 ? 16 : 8);
1048 mmfr1 = READ_SPECIALREG(id_aa64mmfr1_el1);
1051 if (ID_AA64MMFR1_VMIDBits_VAL(mmfr1) ==
1052 ID_AA64MMFR1_VMIDBits_16)
1054 pmap_init_asids(&vmids, vmid_bits);
1058 * Initialize the pv chunk list mutex.
1060 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
1063 * Initialize the pool of pv list locks.
1065 for (i = 0; i < NPV_LIST_LOCKS; i++)
1066 rw_init(&pv_list_locks[i], "pmap pv list");
1069 * Calculate the size of the pv head table for superpages.
1071 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
1074 * Allocate memory for the pv head table for superpages.
1076 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
1078 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
1079 for (i = 0; i < pv_npg; i++)
1080 TAILQ_INIT(&pv_table[i].pv_list);
1081 TAILQ_INIT(&pv_dummy.pv_list);
1086 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
1087 "2MB page mapping counters");
1089 static u_long pmap_l2_demotions;
1090 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
1091 &pmap_l2_demotions, 0, "2MB page demotions");
1093 static u_long pmap_l2_mappings;
1094 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, mappings, CTLFLAG_RD,
1095 &pmap_l2_mappings, 0, "2MB page mappings");
1097 static u_long pmap_l2_p_failures;
1098 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
1099 &pmap_l2_p_failures, 0, "2MB page promotion failures");
1101 static u_long pmap_l2_promotions;
1102 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
1103 &pmap_l2_promotions, 0, "2MB page promotions");
1106 * Invalidate a single TLB entry.
1108 static __inline void
1109 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
1113 PMAP_ASSERT_STAGE1(pmap);
1116 if (pmap == kernel_pmap) {
1118 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1120 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) | atop(va);
1121 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1127 static __inline void
1128 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1130 uint64_t end, r, start;
1132 PMAP_ASSERT_STAGE1(pmap);
1135 if (pmap == kernel_pmap) {
1138 for (r = start; r < end; r++)
1139 __asm __volatile("tlbi vaae1is, %0" : : "r" (r));
1141 start = end = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1144 for (r = start; r < end; r++)
1145 __asm __volatile("tlbi vae1is, %0" : : "r" (r));
1151 static __inline void
1152 pmap_invalidate_all(pmap_t pmap)
1156 PMAP_ASSERT_STAGE1(pmap);
1159 if (pmap == kernel_pmap) {
1160 __asm __volatile("tlbi vmalle1is");
1162 r = ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie));
1163 __asm __volatile("tlbi aside1is, %0" : : "r" (r));
1170 * Routine: pmap_extract
1172 * Extract the physical page address associated
1173 * with the given map/virtual_address pair.
1176 pmap_extract(pmap_t pmap, vm_offset_t va)
1178 pt_entry_t *pte, tpte;
1185 * Find the block or page map for this virtual address. pmap_pte
1186 * will return either a valid block/page entry, or NULL.
1188 pte = pmap_pte(pmap, va, &lvl);
1190 tpte = pmap_load(pte);
1191 pa = tpte & ~ATTR_MASK;
1194 KASSERT((tpte & ATTR_DESCR_MASK) == L1_BLOCK,
1195 ("pmap_extract: Invalid L1 pte found: %lx",
1196 tpte & ATTR_DESCR_MASK));
1197 pa |= (va & L1_OFFSET);
1200 KASSERT((tpte & ATTR_DESCR_MASK) == L2_BLOCK,
1201 ("pmap_extract: Invalid L2 pte found: %lx",
1202 tpte & ATTR_DESCR_MASK));
1203 pa |= (va & L2_OFFSET);
1206 KASSERT((tpte & ATTR_DESCR_MASK) == L3_PAGE,
1207 ("pmap_extract: Invalid L3 pte found: %lx",
1208 tpte & ATTR_DESCR_MASK));
1209 pa |= (va & L3_OFFSET);
1218 * Routine: pmap_extract_and_hold
1220 * Atomically extract and hold the physical page
1221 * with the given pmap and virtual address pair
1222 * if that mapping permits the given protection.
1225 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1227 pt_entry_t *pte, tpte;
1235 pte = pmap_pte(pmap, va, &lvl);
1237 tpte = pmap_load(pte);
1239 KASSERT(lvl > 0 && lvl <= 3,
1240 ("pmap_extract_and_hold: Invalid level %d", lvl));
1241 CTASSERT(L1_BLOCK == L2_BLOCK);
1242 KASSERT((lvl == 3 && (tpte & ATTR_DESCR_MASK) == L3_PAGE) ||
1243 (lvl < 3 && (tpte & ATTR_DESCR_MASK) == L1_BLOCK),
1244 ("pmap_extract_and_hold: Invalid pte at L%d: %lx", lvl,
1245 tpte & ATTR_DESCR_MASK));
1248 if ((prot & VM_PROT_WRITE) == 0)
1250 else if (pmap->pm_stage == PM_STAGE1 &&
1251 (tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW))
1253 else if (pmap->pm_stage == PM_STAGE2 &&
1254 ((tpte & ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE)) ==
1255 ATTR_S2_S2AP(ATTR_S2_S2AP_WRITE)))
1261 off = va & L1_OFFSET;
1264 off = va & L2_OFFSET;
1270 m = PHYS_TO_VM_PAGE((tpte & ~ATTR_MASK) | off);
1271 if (!vm_page_wire_mapped(m))
1280 pmap_kextract(vm_offset_t va)
1282 pt_entry_t *pte, tpte;
1284 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS)
1285 return (DMAP_TO_PHYS(va));
1286 pte = pmap_l1(kernel_pmap, va);
1291 * A concurrent pmap_update_entry() will clear the entry's valid bit
1292 * but leave the rest of the entry unchanged. Therefore, we treat a
1293 * non-zero entry as being valid, and we ignore the valid bit when
1294 * determining whether the entry maps a block, page, or table.
1296 tpte = pmap_load(pte);
1299 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK)
1300 return ((tpte & ~ATTR_MASK) | (va & L1_OFFSET));
1301 pte = pmap_l1_to_l2(&tpte, va);
1302 tpte = pmap_load(pte);
1305 if ((tpte & ATTR_DESCR_TYPE_MASK) == ATTR_DESCR_TYPE_BLOCK)
1306 return ((tpte & ~ATTR_MASK) | (va & L2_OFFSET));
1307 pte = pmap_l2_to_l3(&tpte, va);
1308 tpte = pmap_load(pte);
1311 return ((tpte & ~ATTR_MASK) | (va & L3_OFFSET));
1314 /***************************************************
1315 * Low level mapping routines.....
1316 ***************************************************/
1319 pmap_kenter(vm_offset_t sva, vm_size_t size, vm_paddr_t pa, int mode)
1322 pt_entry_t *pte, attr;
1326 KASSERT((pa & L3_OFFSET) == 0,
1327 ("pmap_kenter: Invalid physical address"));
1328 KASSERT((sva & L3_OFFSET) == 0,
1329 ("pmap_kenter: Invalid virtual address"));
1330 KASSERT((size & PAGE_MASK) == 0,
1331 ("pmap_kenter: Mapping is not page-sized"));
1333 attr = ATTR_DEFAULT | ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1334 ATTR_S1_IDX(mode) | L3_PAGE;
1337 pde = pmap_pde(kernel_pmap, va, &lvl);
1338 KASSERT(pde != NULL,
1339 ("pmap_kenter: Invalid page entry, va: 0x%lx", va));
1340 KASSERT(lvl == 2, ("pmap_kenter: Invalid level %d", lvl));
1342 pte = pmap_l2_to_l3(pde, va);
1343 pmap_load_store(pte, (pa & ~L3_OFFSET) | attr);
1349 pmap_invalidate_range(kernel_pmap, sva, va);
1353 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
1356 pmap_kenter(sva, size, pa, VM_MEMATTR_DEVICE);
1360 * Remove a page from the kernel pagetables.
1363 pmap_kremove(vm_offset_t va)
1368 pte = pmap_pte(kernel_pmap, va, &lvl);
1369 KASSERT(pte != NULL, ("pmap_kremove: Invalid address"));
1370 KASSERT(lvl == 3, ("pmap_kremove: Invalid pte level %d", lvl));
1373 pmap_invalidate_page(kernel_pmap, va);
1377 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
1383 KASSERT((sva & L3_OFFSET) == 0,
1384 ("pmap_kremove_device: Invalid virtual address"));
1385 KASSERT((size & PAGE_MASK) == 0,
1386 ("pmap_kremove_device: Mapping is not page-sized"));
1390 pte = pmap_pte(kernel_pmap, va, &lvl);
1391 KASSERT(pte != NULL, ("Invalid page table, va: 0x%lx", va));
1393 ("Invalid device pagetable level: %d != 3", lvl));
1399 pmap_invalidate_range(kernel_pmap, sva, va);
1403 * Used to map a range of physical addresses into kernel
1404 * virtual address space.
1406 * The value passed in '*virt' is a suggested virtual address for
1407 * the mapping. Architectures which can support a direct-mapped
1408 * physical to virtual region can return the appropriate address
1409 * within that region, leaving '*virt' unchanged. Other
1410 * architectures should map the pages starting at '*virt' and
1411 * update '*virt' with the first usable address after the mapped
1415 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1417 return PHYS_TO_DMAP(start);
1422 * Add a list of wired pages to the kva
1423 * this routine is only used for temporary
1424 * kernel mappings that do not need to have
1425 * page modification or references recorded.
1426 * Note that old mappings are simply written
1427 * over. The page *must* be wired.
1428 * Note: SMP coherent. Uses a ranged shootdown IPI.
1431 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1434 pt_entry_t *pte, pa;
1440 for (i = 0; i < count; i++) {
1441 pde = pmap_pde(kernel_pmap, va, &lvl);
1442 KASSERT(pde != NULL,
1443 ("pmap_qenter: Invalid page entry, va: 0x%lx", va));
1445 ("pmap_qenter: Invalid level %d", lvl));
1448 pa = VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
1449 ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_XN |
1450 ATTR_S1_IDX(m->md.pv_memattr) | L3_PAGE;
1451 pte = pmap_l2_to_l3(pde, va);
1452 pmap_load_store(pte, pa);
1456 pmap_invalidate_range(kernel_pmap, sva, va);
1460 * This routine tears out page mappings from the
1461 * kernel -- it is meant only for temporary mappings.
1464 pmap_qremove(vm_offset_t sva, int count)
1470 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1473 while (count-- > 0) {
1474 pte = pmap_pte(kernel_pmap, va, &lvl);
1476 ("Invalid device pagetable level: %d != 3", lvl));
1483 pmap_invalidate_range(kernel_pmap, sva, va);
1486 /***************************************************
1487 * Page table page management routines.....
1488 ***************************************************/
1490 * Schedule the specified unused page table page to be freed. Specifically,
1491 * add the page to the specified list of pages that will be released to the
1492 * physical memory manager after the TLB has been updated.
1494 static __inline void
1495 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1496 boolean_t set_PG_ZERO)
1500 m->flags |= PG_ZERO;
1502 m->flags &= ~PG_ZERO;
1503 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1507 * Decrements a page table page's reference count, which is used to record the
1508 * number of valid page table entries within the page. If the reference count
1509 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1510 * page table page was unmapped and FALSE otherwise.
1512 static inline boolean_t
1513 pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1517 if (m->ref_count == 0) {
1518 _pmap_unwire_l3(pmap, va, m, free);
1525 _pmap_unwire_l3(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1528 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1530 * unmap the page table page
1532 if (m->pindex >= (NUL2E + NUL1E)) {
1536 l0 = pmap_l0(pmap, va);
1538 } else if (m->pindex >= NUL2E) {
1542 l1 = pmap_l1(pmap, va);
1548 l2 = pmap_l2(pmap, va);
1551 pmap_resident_count_dec(pmap, 1);
1552 if (m->pindex < NUL2E) {
1553 /* We just released an l3, unhold the matching l2 */
1554 pd_entry_t *l1, tl1;
1557 l1 = pmap_l1(pmap, va);
1558 tl1 = pmap_load(l1);
1559 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1560 pmap_unwire_l3(pmap, va, l2pg, free);
1561 } else if (m->pindex < (NUL2E + NUL1E)) {
1562 /* We just released an l2, unhold the matching l1 */
1563 pd_entry_t *l0, tl0;
1566 l0 = pmap_l0(pmap, va);
1567 tl0 = pmap_load(l0);
1568 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1569 pmap_unwire_l3(pmap, va, l1pg, free);
1571 pmap_invalidate_page(pmap, va);
1574 * Put page on a list so that it is released after
1575 * *ALL* TLB shootdown is done
1577 pmap_add_delayed_free_list(m, free, TRUE);
1581 * After removing a page table entry, this routine is used to
1582 * conditionally free the page, and manage the reference count.
1585 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1586 struct spglist *free)
1590 if (va >= VM_MAXUSER_ADDRESS)
1592 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1593 mpte = PHYS_TO_VM_PAGE(ptepde & ~ATTR_MASK);
1594 return (pmap_unwire_l3(pmap, va, mpte, free));
1598 * Release a page table page reference after a failed attempt to create a
1602 pmap_abort_ptp(pmap_t pmap, vm_offset_t va, vm_page_t mpte)
1604 struct spglist free;
1607 if (pmap_unwire_l3(pmap, va, mpte, &free)) {
1609 * Although "va" was never mapped, the TLB could nonetheless
1610 * have intermediate entries that refer to the freed page
1611 * table pages. Invalidate those entries.
1613 * XXX redundant invalidation (See _pmap_unwire_l3().)
1615 pmap_invalidate_page(pmap, va);
1616 vm_page_free_pages_toq(&free, true);
1621 pmap_pinit0(pmap_t pmap)
1624 PMAP_LOCK_INIT(pmap);
1625 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1626 pmap->pm_l0_paddr = READ_SPECIALREG(ttbr0_el1);
1627 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1628 pmap->pm_root.rt_root = 0;
1629 pmap->pm_cookie = COOKIE_FROM(ASID_RESERVED_FOR_PID_0, INT_MIN);
1630 pmap->pm_stage = PM_STAGE1;
1631 pmap->pm_asid_set = &asids;
1633 PCPU_SET(curpmap, pmap);
1637 pmap_pinit_stage(pmap_t pmap, enum pmap_stage stage)
1642 * allocate the l0 page
1644 while ((l0pt = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
1645 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1648 pmap->pm_l0_paddr = VM_PAGE_TO_PHYS(l0pt);
1649 pmap->pm_l0 = (pd_entry_t *)PHYS_TO_DMAP(pmap->pm_l0_paddr);
1651 if ((l0pt->flags & PG_ZERO) == 0)
1652 pagezero(pmap->pm_l0);
1654 pmap->pm_root.rt_root = 0;
1655 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1656 pmap->pm_cookie = COOKIE_FROM(-1, INT_MAX);
1658 pmap->pm_stage = stage;
1661 pmap->pm_asid_set = &asids;
1664 pmap->pm_asid_set = &vmids;
1667 panic("%s: Invalid pmap type %d", __func__, stage);
1671 /* XXX Temporarily disable deferred ASID allocation. */
1672 pmap_alloc_asid(pmap);
1678 pmap_pinit(pmap_t pmap)
1681 return (pmap_pinit_stage(pmap, PM_STAGE1));
1685 * This routine is called if the desired page table page does not exist.
1687 * If page table page allocation fails, this routine may sleep before
1688 * returning NULL. It sleeps only if a lock pointer was given.
1690 * Note: If a page allocation fails at page table level two or three,
1691 * one or two pages may be held during the wait, only to be released
1692 * afterwards. This conservative approach is easily argued to avoid
1696 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1698 vm_page_t m, l1pg, l2pg;
1700 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1703 * Allocate a page table page.
1705 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1706 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1707 if (lockp != NULL) {
1708 RELEASE_PV_LIST_LOCK(lockp);
1715 * Indicate the need to retry. While waiting, the page table
1716 * page may have been allocated.
1720 if ((m->flags & PG_ZERO) == 0)
1724 * Because of AArch64's weak memory consistency model, we must have a
1725 * barrier here to ensure that the stores for zeroing "m", whether by
1726 * pmap_zero_page() or an earlier function, are visible before adding
1727 * "m" to the page table. Otherwise, a page table walk by another
1728 * processor's MMU could see the mapping to "m" and a stale, non-zero
1734 * Map the pagetable page into the process address space, if
1735 * it isn't already there.
1738 if (ptepindex >= (NUL2E + NUL1E)) {
1740 vm_pindex_t l0index;
1742 l0index = ptepindex - (NUL2E + NUL1E);
1743 l0 = &pmap->pm_l0[l0index];
1744 pmap_store(l0, VM_PAGE_TO_PHYS(m) | L0_TABLE);
1745 } else if (ptepindex >= NUL2E) {
1746 vm_pindex_t l0index, l1index;
1747 pd_entry_t *l0, *l1;
1750 l1index = ptepindex - NUL2E;
1751 l0index = l1index >> L0_ENTRIES_SHIFT;
1753 l0 = &pmap->pm_l0[l0index];
1754 tl0 = pmap_load(l0);
1756 /* recurse for allocating page dir */
1757 if (_pmap_alloc_l3(pmap, NUL2E + NUL1E + l0index,
1759 vm_page_unwire_noq(m);
1760 vm_page_free_zero(m);
1764 l1pg = PHYS_TO_VM_PAGE(tl0 & ~ATTR_MASK);
1768 l1 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l0) & ~ATTR_MASK);
1769 l1 = &l1[ptepindex & Ln_ADDR_MASK];
1770 pmap_store(l1, VM_PAGE_TO_PHYS(m) | L1_TABLE);
1772 vm_pindex_t l0index, l1index;
1773 pd_entry_t *l0, *l1, *l2;
1774 pd_entry_t tl0, tl1;
1776 l1index = ptepindex >> Ln_ENTRIES_SHIFT;
1777 l0index = l1index >> L0_ENTRIES_SHIFT;
1779 l0 = &pmap->pm_l0[l0index];
1780 tl0 = pmap_load(l0);
1782 /* recurse for allocating page dir */
1783 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1785 vm_page_unwire_noq(m);
1786 vm_page_free_zero(m);
1789 tl0 = pmap_load(l0);
1790 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1791 l1 = &l1[l1index & Ln_ADDR_MASK];
1793 l1 = (pd_entry_t *)PHYS_TO_DMAP(tl0 & ~ATTR_MASK);
1794 l1 = &l1[l1index & Ln_ADDR_MASK];
1795 tl1 = pmap_load(l1);
1797 /* recurse for allocating page dir */
1798 if (_pmap_alloc_l3(pmap, NUL2E + l1index,
1800 vm_page_unwire_noq(m);
1801 vm_page_free_zero(m);
1805 l2pg = PHYS_TO_VM_PAGE(tl1 & ~ATTR_MASK);
1810 l2 = (pd_entry_t *)PHYS_TO_DMAP(pmap_load(l1) & ~ATTR_MASK);
1811 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1812 pmap_store(l2, VM_PAGE_TO_PHYS(m) | L2_TABLE);
1815 pmap_resident_count_inc(pmap, 1);
1821 pmap_alloc_l2(pmap_t pmap, vm_offset_t va, vm_page_t *l2pgp,
1822 struct rwlock **lockp)
1824 pd_entry_t *l1, *l2;
1826 vm_pindex_t l2pindex;
1829 l1 = pmap_l1(pmap, va);
1830 if (l1 != NULL && (pmap_load(l1) & ATTR_DESCR_MASK) == L1_TABLE) {
1831 l2 = pmap_l1_to_l2(l1, va);
1832 if (va < VM_MAXUSER_ADDRESS) {
1833 /* Add a reference to the L2 page. */
1834 l2pg = PHYS_TO_VM_PAGE(pmap_load(l1) & ~ATTR_MASK);
1838 } else if (va < VM_MAXUSER_ADDRESS) {
1839 /* Allocate a L2 page. */
1840 l2pindex = pmap_l2_pindex(va) >> Ln_ENTRIES_SHIFT;
1841 l2pg = _pmap_alloc_l3(pmap, NUL2E + l2pindex, lockp);
1848 l2 = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(l2pg));
1849 l2 = &l2[pmap_l2_index(va)];
1851 panic("pmap_alloc_l2: missing page table page for va %#lx",
1858 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1860 vm_pindex_t ptepindex;
1861 pd_entry_t *pde, tpde;
1869 * Calculate pagetable page index
1871 ptepindex = pmap_l2_pindex(va);
1874 * Get the page directory entry
1876 pde = pmap_pde(pmap, va, &lvl);
1879 * If the page table page is mapped, we just increment the hold count,
1880 * and activate it. If we get a level 2 pde it will point to a level 3
1888 pte = pmap_l0_to_l1(pde, va);
1889 KASSERT(pmap_load(pte) == 0,
1890 ("pmap_alloc_l3: TODO: l0 superpages"));
1895 pte = pmap_l1_to_l2(pde, va);
1896 KASSERT(pmap_load(pte) == 0,
1897 ("pmap_alloc_l3: TODO: l1 superpages"));
1901 tpde = pmap_load(pde);
1903 m = PHYS_TO_VM_PAGE(tpde & ~ATTR_MASK);
1909 panic("pmap_alloc_l3: Invalid level %d", lvl);
1913 * Here if the pte page isn't mapped, or if it has been deallocated.
1915 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1916 if (m == NULL && lockp != NULL)
1922 /***************************************************
1923 * Pmap allocation/deallocation routines.
1924 ***************************************************/
1927 * Release any resources held by the given physical map.
1928 * Called when a pmap initialized by pmap_pinit is being released.
1929 * Should only be called if the map contains no valid mappings.
1932 pmap_release(pmap_t pmap)
1934 struct asid_set *set;
1938 KASSERT(pmap->pm_stats.resident_count == 0,
1939 ("pmap_release: pmap resident count %ld != 0",
1940 pmap->pm_stats.resident_count));
1941 KASSERT(vm_radix_is_empty(&pmap->pm_root),
1942 ("pmap_release: pmap has reserved page table page(s)"));
1943 PMAP_ASSERT_STAGE1(pmap);
1945 set = pmap->pm_asid_set;
1946 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
1948 mtx_lock_spin(&set->asid_set_mutex);
1949 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch) {
1950 asid = COOKIE_TO_ASID(pmap->pm_cookie);
1951 KASSERT(asid >= ASID_FIRST_AVAILABLE &&
1952 asid < set->asid_set_size,
1953 ("pmap_release: pmap cookie has out-of-range asid"));
1954 bit_clear(set->asid_set, asid);
1956 mtx_unlock_spin(&set->asid_set_mutex);
1958 m = PHYS_TO_VM_PAGE(pmap->pm_l0_paddr);
1959 vm_page_unwire_noq(m);
1960 vm_page_free_zero(m);
1964 kvm_size(SYSCTL_HANDLER_ARGS)
1966 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1968 return sysctl_handle_long(oidp, &ksize, 0, req);
1970 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1971 0, 0, kvm_size, "LU",
1975 kvm_free(SYSCTL_HANDLER_ARGS)
1977 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1979 return sysctl_handle_long(oidp, &kfree, 0, req);
1981 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1982 0, 0, kvm_free, "LU",
1983 "Amount of KVM free");
1986 * grow the number of kernel page table entries, if needed
1989 pmap_growkernel(vm_offset_t addr)
1993 pd_entry_t *l0, *l1, *l2;
1995 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1997 addr = roundup2(addr, L2_SIZE);
1998 if (addr - 1 >= vm_map_max(kernel_map))
1999 addr = vm_map_max(kernel_map);
2000 while (kernel_vm_end < addr) {
2001 l0 = pmap_l0(kernel_pmap, kernel_vm_end);
2002 KASSERT(pmap_load(l0) != 0,
2003 ("pmap_growkernel: No level 0 kernel entry"));
2005 l1 = pmap_l0_to_l1(l0, kernel_vm_end);
2006 if (pmap_load(l1) == 0) {
2007 /* We need a new PDP entry */
2008 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
2009 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
2010 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2012 panic("pmap_growkernel: no memory to grow kernel");
2013 if ((nkpg->flags & PG_ZERO) == 0)
2014 pmap_zero_page(nkpg);
2015 /* See the dmb() in _pmap_alloc_l3(). */
2017 paddr = VM_PAGE_TO_PHYS(nkpg);
2018 pmap_store(l1, paddr | L1_TABLE);
2019 continue; /* try again */
2021 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
2022 if (pmap_load(l2) != 0) {
2023 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2024 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2025 kernel_vm_end = vm_map_max(kernel_map);
2031 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
2032 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2035 panic("pmap_growkernel: no memory to grow kernel");
2036 if ((nkpg->flags & PG_ZERO) == 0)
2037 pmap_zero_page(nkpg);
2038 /* See the dmb() in _pmap_alloc_l3(). */
2040 paddr = VM_PAGE_TO_PHYS(nkpg);
2041 pmap_store(l2, paddr | L2_TABLE);
2043 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
2044 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
2045 kernel_vm_end = vm_map_max(kernel_map);
2052 /***************************************************
2053 * page management routines.
2054 ***************************************************/
2056 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2057 CTASSERT(_NPCM == 3);
2058 CTASSERT(_NPCPV == 168);
2060 static __inline struct pv_chunk *
2061 pv_to_chunk(pv_entry_t pv)
2064 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2067 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2069 #define PC_FREE0 0xfffffffffffffffful
2070 #define PC_FREE1 0xfffffffffffffffful
2071 #define PC_FREE2 0x000000fffffffffful
2073 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
2077 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2079 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2080 "Current number of pv entry chunks");
2081 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2082 "Current number of pv entry chunks allocated");
2083 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2084 "Current number of pv entry chunks frees");
2085 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2086 "Number of times tried to get a chunk page but failed.");
2088 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
2089 static int pv_entry_spare;
2091 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2092 "Current number of pv entry frees");
2093 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2094 "Current number of pv entry allocs");
2095 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2096 "Current number of pv entries");
2097 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2098 "Current number of spare pv entries");
2103 * We are in a serious low memory condition. Resort to
2104 * drastic measures to free some pages so we can allocate
2105 * another pv entry chunk.
2107 * Returns NULL if PV entries were reclaimed from the specified pmap.
2109 * We do not, however, unmap 2mpages because subsequent accesses will
2110 * allocate per-page pv entries until repromotion occurs, thereby
2111 * exacerbating the shortage of free pv entries.
2114 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
2116 struct pv_chunk *pc, *pc_marker, *pc_marker_end;
2117 struct pv_chunk_header pc_marker_b, pc_marker_end_b;
2118 struct md_page *pvh;
2120 pmap_t next_pmap, pmap;
2121 pt_entry_t *pte, tpte;
2125 struct spglist free;
2127 int bit, field, freed, lvl;
2128 static int active_reclaims = 0;
2130 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2131 KASSERT(lockp != NULL, ("reclaim_pv_chunk: lockp is NULL"));
2136 bzero(&pc_marker_b, sizeof(pc_marker_b));
2137 bzero(&pc_marker_end_b, sizeof(pc_marker_end_b));
2138 pc_marker = (struct pv_chunk *)&pc_marker_b;
2139 pc_marker_end = (struct pv_chunk *)&pc_marker_end_b;
2141 mtx_lock(&pv_chunks_mutex);
2143 TAILQ_INSERT_HEAD(&pv_chunks, pc_marker, pc_lru);
2144 TAILQ_INSERT_TAIL(&pv_chunks, pc_marker_end, pc_lru);
2145 while ((pc = TAILQ_NEXT(pc_marker, pc_lru)) != pc_marker_end &&
2146 SLIST_EMPTY(&free)) {
2147 next_pmap = pc->pc_pmap;
2148 if (next_pmap == NULL) {
2150 * The next chunk is a marker. However, it is
2151 * not our marker, so active_reclaims must be
2152 * > 1. Consequently, the next_chunk code
2153 * will not rotate the pv_chunks list.
2157 mtx_unlock(&pv_chunks_mutex);
2160 * A pv_chunk can only be removed from the pc_lru list
2161 * when both pv_chunks_mutex is owned and the
2162 * corresponding pmap is locked.
2164 if (pmap != next_pmap) {
2165 if (pmap != NULL && pmap != locked_pmap)
2168 /* Avoid deadlock and lock recursion. */
2169 if (pmap > locked_pmap) {
2170 RELEASE_PV_LIST_LOCK(lockp);
2172 mtx_lock(&pv_chunks_mutex);
2174 } else if (pmap != locked_pmap) {
2175 if (PMAP_TRYLOCK(pmap)) {
2176 mtx_lock(&pv_chunks_mutex);
2179 pmap = NULL; /* pmap is not locked */
2180 mtx_lock(&pv_chunks_mutex);
2181 pc = TAILQ_NEXT(pc_marker, pc_lru);
2183 pc->pc_pmap != next_pmap)
2191 * Destroy every non-wired, 4 KB page mapping in the chunk.
2194 for (field = 0; field < _NPCM; field++) {
2195 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2196 inuse != 0; inuse &= ~(1UL << bit)) {
2197 bit = ffsl(inuse) - 1;
2198 pv = &pc->pc_pventry[field * 64 + bit];
2200 pde = pmap_pde(pmap, va, &lvl);
2203 pte = pmap_l2_to_l3(pde, va);
2204 tpte = pmap_load(pte);
2205 if ((tpte & ATTR_SW_WIRED) != 0)
2207 tpte = pmap_load_clear(pte);
2208 m = PHYS_TO_VM_PAGE(tpte & ~ATTR_MASK);
2209 if (pmap_pte_dirty(pmap, tpte))
2211 if ((tpte & ATTR_AF) != 0) {
2212 pmap_invalidate_page(pmap, va);
2213 vm_page_aflag_set(m, PGA_REFERENCED);
2215 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2216 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2218 if (TAILQ_EMPTY(&m->md.pv_list) &&
2219 (m->flags & PG_FICTITIOUS) == 0) {
2220 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2221 if (TAILQ_EMPTY(&pvh->pv_list)) {
2222 vm_page_aflag_clear(m,
2226 pc->pc_map[field] |= 1UL << bit;
2227 pmap_unuse_pt(pmap, va, pmap_load(pde), &free);
2232 mtx_lock(&pv_chunks_mutex);
2235 /* Every freed mapping is for a 4 KB page. */
2236 pmap_resident_count_dec(pmap, freed);
2237 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
2238 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
2239 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
2240 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2241 if (pc->pc_map[0] == PC_FREE0 && pc->pc_map[1] == PC_FREE1 &&
2242 pc->pc_map[2] == PC_FREE2) {
2243 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2244 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2245 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2246 /* Entire chunk is free; return it. */
2247 m_pc = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2248 dump_drop_page(m_pc->phys_addr);
2249 mtx_lock(&pv_chunks_mutex);
2250 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2253 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2254 mtx_lock(&pv_chunks_mutex);
2255 /* One freed pv entry in locked_pmap is sufficient. */
2256 if (pmap == locked_pmap)
2260 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2261 TAILQ_INSERT_AFTER(&pv_chunks, pc, pc_marker, pc_lru);
2262 if (active_reclaims == 1 && pmap != NULL) {
2264 * Rotate the pv chunks list so that we do not
2265 * scan the same pv chunks that could not be
2266 * freed (because they contained a wired
2267 * and/or superpage mapping) on every
2268 * invocation of reclaim_pv_chunk().
2270 while ((pc = TAILQ_FIRST(&pv_chunks)) != pc_marker) {
2271 MPASS(pc->pc_pmap != NULL);
2272 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2273 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2277 TAILQ_REMOVE(&pv_chunks, pc_marker, pc_lru);
2278 TAILQ_REMOVE(&pv_chunks, pc_marker_end, pc_lru);
2280 mtx_unlock(&pv_chunks_mutex);
2281 if (pmap != NULL && pmap != locked_pmap)
2283 if (m_pc == NULL && !SLIST_EMPTY(&free)) {
2284 m_pc = SLIST_FIRST(&free);
2285 SLIST_REMOVE_HEAD(&free, plinks.s.ss);
2286 /* Recycle a freed page table page. */
2287 m_pc->ref_count = 1;
2289 vm_page_free_pages_toq(&free, true);
2294 * free the pv_entry back to the free list
2297 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2299 struct pv_chunk *pc;
2300 int idx, field, bit;
2302 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2303 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
2304 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
2305 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
2306 pc = pv_to_chunk(pv);
2307 idx = pv - &pc->pc_pventry[0];
2310 pc->pc_map[field] |= 1ul << bit;
2311 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
2312 pc->pc_map[2] != PC_FREE2) {
2313 /* 98% of the time, pc is already at the head of the list. */
2314 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
2315 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2316 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2320 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2325 free_pv_chunk(struct pv_chunk *pc)
2329 mtx_lock(&pv_chunks_mutex);
2330 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2331 mtx_unlock(&pv_chunks_mutex);
2332 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
2333 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
2334 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
2335 /* entire chunk is free, return it */
2336 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
2337 dump_drop_page(m->phys_addr);
2338 vm_page_unwire_noq(m);
2343 * Returns a new PV entry, allocating a new PV chunk from the system when
2344 * needed. If this PV chunk allocation fails and a PV list lock pointer was
2345 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
2348 * The given PV list lock may be released.
2351 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
2355 struct pv_chunk *pc;
2358 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2359 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
2361 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2363 for (field = 0; field < _NPCM; field++) {
2364 if (pc->pc_map[field]) {
2365 bit = ffsl(pc->pc_map[field]) - 1;
2369 if (field < _NPCM) {
2370 pv = &pc->pc_pventry[field * 64 + bit];
2371 pc->pc_map[field] &= ~(1ul << bit);
2372 /* If this was the last item, move it to tail */
2373 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
2374 pc->pc_map[2] == 0) {
2375 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2376 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
2379 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2380 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
2384 /* No free items, allocate another chunk */
2385 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2388 if (lockp == NULL) {
2389 PV_STAT(pc_chunk_tryfail++);
2392 m = reclaim_pv_chunk(pmap, lockp);
2396 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2397 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2398 dump_add_page(m->phys_addr);
2399 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2401 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
2402 pc->pc_map[1] = PC_FREE1;
2403 pc->pc_map[2] = PC_FREE2;
2404 mtx_lock(&pv_chunks_mutex);
2405 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2406 mtx_unlock(&pv_chunks_mutex);
2407 pv = &pc->pc_pventry[0];
2408 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2409 PV_STAT(atomic_add_long(&pv_entry_count, 1));
2410 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
2415 * Ensure that the number of spare PV entries in the specified pmap meets or
2416 * exceeds the given count, "needed".
2418 * The given PV list lock may be released.
2421 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
2423 struct pch new_tail;
2424 struct pv_chunk *pc;
2429 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2430 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
2433 * Newly allocated PV chunks must be stored in a private list until
2434 * the required number of PV chunks have been allocated. Otherwise,
2435 * reclaim_pv_chunk() could recycle one of these chunks. In
2436 * contrast, these chunks must be added to the pmap upon allocation.
2438 TAILQ_INIT(&new_tail);
2441 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
2442 bit_count((bitstr_t *)pc->pc_map, 0,
2443 sizeof(pc->pc_map) * NBBY, &free);
2447 if (avail >= needed)
2450 for (reclaimed = false; avail < needed; avail += _NPCPV) {
2451 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
2454 m = reclaim_pv_chunk(pmap, lockp);
2459 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
2460 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
2461 dump_add_page(m->phys_addr);
2462 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
2464 pc->pc_map[0] = PC_FREE0;
2465 pc->pc_map[1] = PC_FREE1;
2466 pc->pc_map[2] = PC_FREE2;
2467 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2468 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
2469 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV));
2472 * The reclaim might have freed a chunk from the current pmap.
2473 * If that chunk contained available entries, we need to
2474 * re-count the number of available entries.
2479 if (!TAILQ_EMPTY(&new_tail)) {
2480 mtx_lock(&pv_chunks_mutex);
2481 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
2482 mtx_unlock(&pv_chunks_mutex);
2487 * First find and then remove the pv entry for the specified pmap and virtual
2488 * address from the specified pv list. Returns the pv entry if found and NULL
2489 * otherwise. This operation can be performed on pv lists for either 4KB or
2490 * 2MB page mappings.
2492 static __inline pv_entry_t
2493 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2497 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
2498 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2499 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
2508 * After demotion from a 2MB page mapping to 512 4KB page mappings,
2509 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
2510 * entries for each of the 4KB page mappings.
2513 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
2514 struct rwlock **lockp)
2516 struct md_page *pvh;
2517 struct pv_chunk *pc;
2519 vm_offset_t va_last;
2523 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2524 KASSERT((va & L2_OFFSET) == 0,
2525 ("pmap_pv_demote_l2: va is not 2mpage aligned"));
2526 KASSERT((pa & L2_OFFSET) == 0,
2527 ("pmap_pv_demote_l2: pa is not 2mpage aligned"));
2528 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2531 * Transfer the 2mpage's pv entry for this mapping to the first
2532 * page's pv list. Once this transfer begins, the pv list lock
2533 * must not be released until the last pv entry is reinstantiated.
2535 pvh = pa_to_pvh(pa);
2536 pv = pmap_pvh_remove(pvh, pmap, va);
2537 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
2538 m = PHYS_TO_VM_PAGE(pa);
2539 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2541 /* Instantiate the remaining Ln_ENTRIES - 1 pv entries. */
2542 PV_STAT(atomic_add_long(&pv_entry_allocs, Ln_ENTRIES - 1));
2543 va_last = va + L2_SIZE - PAGE_SIZE;
2545 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2546 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
2547 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
2548 for (field = 0; field < _NPCM; field++) {
2549 while (pc->pc_map[field]) {
2550 bit = ffsl(pc->pc_map[field]) - 1;
2551 pc->pc_map[field] &= ~(1ul << bit);
2552 pv = &pc->pc_pventry[field * 64 + bit];
2556 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2557 ("pmap_pv_demote_l2: page %p is not managed", m));
2558 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2564 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2565 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2568 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
2569 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2570 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2572 PV_STAT(atomic_add_long(&pv_entry_count, Ln_ENTRIES - 1));
2573 PV_STAT(atomic_subtract_int(&pv_entry_spare, Ln_ENTRIES - 1));
2577 * First find and then destroy the pv entry for the specified pmap and virtual
2578 * address. This operation can be performed on pv lists for either 4KB or 2MB
2582 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2586 pv = pmap_pvh_remove(pvh, pmap, va);
2587 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2588 free_pv_entry(pmap, pv);
2592 * Conditionally create the PV entry for a 4KB page mapping if the required
2593 * memory can be allocated without resorting to reclamation.
2596 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
2597 struct rwlock **lockp)
2601 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2602 /* Pass NULL instead of the lock pointer to disable reclamation. */
2603 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
2605 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2606 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2614 * Create the PV entry for a 2MB page mapping. Always returns true unless the
2615 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
2616 * false if the PV entry cannot be allocated without resorting to reclamation.
2619 pmap_pv_insert_l2(pmap_t pmap, vm_offset_t va, pd_entry_t l2e, u_int flags,
2620 struct rwlock **lockp)
2622 struct md_page *pvh;
2626 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2627 /* Pass NULL instead of the lock pointer to disable reclamation. */
2628 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
2629 NULL : lockp)) == NULL)
2632 pa = l2e & ~ATTR_MASK;
2633 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
2634 pvh = pa_to_pvh(pa);
2635 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
2641 pmap_remove_kernel_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
2643 pt_entry_t newl2, oldl2;
2647 KASSERT(!VIRT_IN_DMAP(va), ("removing direct mapping of %#lx", va));
2648 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
2649 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2651 ml3 = pmap_remove_pt_page(pmap, va);
2653 panic("pmap_remove_kernel_l2: Missing pt page");
2655 ml3pa = VM_PAGE_TO_PHYS(ml3);
2656 newl2 = ml3pa | L2_TABLE;
2659 * If this page table page was unmapped by a promotion, then it
2660 * contains valid mappings. Zero it to invalidate those mappings.
2662 if (ml3->valid != 0)
2663 pagezero((void *)PHYS_TO_DMAP(ml3pa));
2666 * Demote the mapping. The caller must have already invalidated the
2667 * mapping (i.e., the "break" in break-before-make).
2669 oldl2 = pmap_load_store(l2, newl2);
2670 KASSERT(oldl2 == 0, ("%s: found existing mapping at %p: %#lx",
2671 __func__, l2, oldl2));
2675 * pmap_remove_l2: Do the things to unmap a level 2 superpage.
2678 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2679 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2681 struct md_page *pvh;
2683 vm_offset_t eva, va;
2686 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2687 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2688 old_l2 = pmap_load_clear(l2);
2689 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
2690 ("pmap_remove_l2: L2e %lx is not a block mapping", old_l2));
2693 * Since a promotion must break the 4KB page mappings before making
2694 * the 2MB page mapping, a pmap_invalidate_page() suffices.
2696 pmap_invalidate_page(pmap, sva);
2698 if (old_l2 & ATTR_SW_WIRED)
2699 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2700 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2701 if (old_l2 & ATTR_SW_MANAGED) {
2702 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, old_l2 & ~ATTR_MASK);
2703 pvh = pa_to_pvh(old_l2 & ~ATTR_MASK);
2704 pmap_pvh_free(pvh, pmap, sva);
2705 eva = sva + L2_SIZE;
2706 for (va = sva, m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
2707 va < eva; va += PAGE_SIZE, m++) {
2708 if (pmap_pte_dirty(pmap, old_l2))
2710 if (old_l2 & ATTR_AF)
2711 vm_page_aflag_set(m, PGA_REFERENCED);
2712 if (TAILQ_EMPTY(&m->md.pv_list) &&
2713 TAILQ_EMPTY(&pvh->pv_list))
2714 vm_page_aflag_clear(m, PGA_WRITEABLE);
2717 if (pmap == kernel_pmap) {
2718 pmap_remove_kernel_l2(pmap, l2, sva);
2720 ml3 = pmap_remove_pt_page(pmap, sva);
2722 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
2723 ("pmap_remove_l2: l3 page not promoted"));
2724 pmap_resident_count_dec(pmap, 1);
2725 KASSERT(ml3->ref_count == NL3PG,
2726 ("pmap_remove_l2: l3 page ref count error"));
2728 pmap_add_delayed_free_list(ml3, free, FALSE);
2731 return (pmap_unuse_pt(pmap, sva, l1e, free));
2735 * pmap_remove_l3: do the things to unmap a page in a process
2738 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2739 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2741 struct md_page *pvh;
2745 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2746 old_l3 = pmap_load_clear(l3);
2747 pmap_invalidate_page(pmap, va);
2748 if (old_l3 & ATTR_SW_WIRED)
2749 pmap->pm_stats.wired_count -= 1;
2750 pmap_resident_count_dec(pmap, 1);
2751 if (old_l3 & ATTR_SW_MANAGED) {
2752 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2753 if (pmap_pte_dirty(pmap, old_l3))
2755 if (old_l3 & ATTR_AF)
2756 vm_page_aflag_set(m, PGA_REFERENCED);
2757 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2758 pmap_pvh_free(&m->md, pmap, va);
2759 if (TAILQ_EMPTY(&m->md.pv_list) &&
2760 (m->flags & PG_FICTITIOUS) == 0) {
2761 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2762 if (TAILQ_EMPTY(&pvh->pv_list))
2763 vm_page_aflag_clear(m, PGA_WRITEABLE);
2766 return (pmap_unuse_pt(pmap, va, l2e, free));
2770 * Remove the specified range of addresses from the L3 page table that is
2771 * identified by the given L2 entry.
2774 pmap_remove_l3_range(pmap_t pmap, pd_entry_t l2e, vm_offset_t sva,
2775 vm_offset_t eva, struct spglist *free, struct rwlock **lockp)
2777 struct md_page *pvh;
2778 struct rwlock *new_lock;
2779 pt_entry_t *l3, old_l3;
2783 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2784 KASSERT(rounddown2(sva, L2_SIZE) + L2_SIZE == roundup2(eva, L2_SIZE),
2785 ("pmap_remove_l3_range: range crosses an L3 page table boundary"));
2786 l3pg = sva < VM_MAXUSER_ADDRESS ? PHYS_TO_VM_PAGE(l2e & ~ATTR_MASK) :
2789 for (l3 = pmap_l2_to_l3(&l2e, sva); sva != eva; l3++, sva += L3_SIZE) {
2790 if (!pmap_l3_valid(pmap_load(l3))) {
2792 pmap_invalidate_range(pmap, va, sva);
2797 old_l3 = pmap_load_clear(l3);
2798 if ((old_l3 & ATTR_SW_WIRED) != 0)
2799 pmap->pm_stats.wired_count--;
2800 pmap_resident_count_dec(pmap, 1);
2801 if ((old_l3 & ATTR_SW_MANAGED) != 0) {
2802 m = PHYS_TO_VM_PAGE(old_l3 & ~ATTR_MASK);
2803 if (pmap_pte_dirty(pmap, old_l3))
2805 if ((old_l3 & ATTR_AF) != 0)
2806 vm_page_aflag_set(m, PGA_REFERENCED);
2807 new_lock = PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m));
2808 if (new_lock != *lockp) {
2809 if (*lockp != NULL) {
2811 * Pending TLB invalidations must be
2812 * performed before the PV list lock is
2813 * released. Otherwise, a concurrent
2814 * pmap_remove_all() on a physical page
2815 * could return while a stale TLB entry
2816 * still provides access to that page.
2819 pmap_invalidate_range(pmap, va,
2828 pmap_pvh_free(&m->md, pmap, sva);
2829 if (TAILQ_EMPTY(&m->md.pv_list) &&
2830 (m->flags & PG_FICTITIOUS) == 0) {
2831 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2832 if (TAILQ_EMPTY(&pvh->pv_list))
2833 vm_page_aflag_clear(m, PGA_WRITEABLE);
2838 if (l3pg != NULL && pmap_unwire_l3(pmap, sva, l3pg, free)) {
2844 pmap_invalidate_range(pmap, va, sva);
2848 * Remove the given range of addresses from the specified map.
2850 * It is assumed that the start and end are properly
2851 * rounded to the page size.
2854 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2856 struct rwlock *lock;
2857 vm_offset_t va_next;
2858 pd_entry_t *l0, *l1, *l2;
2859 pt_entry_t l3_paddr;
2860 struct spglist free;
2863 * Perform an unsynchronized read. This is, however, safe.
2865 if (pmap->pm_stats.resident_count == 0)
2873 for (; sva < eva; sva = va_next) {
2875 if (pmap->pm_stats.resident_count == 0)
2878 l0 = pmap_l0(pmap, sva);
2879 if (pmap_load(l0) == 0) {
2880 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
2886 l1 = pmap_l0_to_l1(l0, sva);
2887 if (pmap_load(l1) == 0) {
2888 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2895 * Calculate index for next page table.
2897 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2901 l2 = pmap_l1_to_l2(l1, sva);
2905 l3_paddr = pmap_load(l2);
2907 if ((l3_paddr & ATTR_DESCR_MASK) == L2_BLOCK) {
2908 if (sva + L2_SIZE == va_next && eva >= va_next) {
2909 pmap_remove_l2(pmap, l2, sva, pmap_load(l1),
2912 } else if (pmap_demote_l2_locked(pmap, l2, sva,
2915 l3_paddr = pmap_load(l2);
2919 * Weed out invalid mappings.
2921 if ((l3_paddr & ATTR_DESCR_MASK) != L2_TABLE)
2925 * Limit our scan to either the end of the va represented
2926 * by the current page table page, or to the end of the
2927 * range being removed.
2932 pmap_remove_l3_range(pmap, l3_paddr, sva, va_next, &free,
2938 vm_page_free_pages_toq(&free, true);
2942 * Routine: pmap_remove_all
2944 * Removes this physical page from
2945 * all physical maps in which it resides.
2946 * Reflects back modify bits to the pager.
2949 * Original versions of this routine were very
2950 * inefficient because they iteratively called
2951 * pmap_remove (slow...)
2955 pmap_remove_all(vm_page_t m)
2957 struct md_page *pvh;
2960 struct rwlock *lock;
2961 pd_entry_t *pde, tpde;
2962 pt_entry_t *pte, tpte;
2964 struct spglist free;
2965 int lvl, pvh_gen, md_gen;
2967 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2968 ("pmap_remove_all: page %p is not managed", m));
2970 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
2971 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2972 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2975 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2977 if (!PMAP_TRYLOCK(pmap)) {
2978 pvh_gen = pvh->pv_gen;
2982 if (pvh_gen != pvh->pv_gen) {
2989 pte = pmap_pte(pmap, va, &lvl);
2990 KASSERT(pte != NULL,
2991 ("pmap_remove_all: no page table entry found"));
2993 ("pmap_remove_all: invalid pte level %d", lvl));
2995 pmap_demote_l2_locked(pmap, pte, va, &lock);
2998 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3000 PMAP_ASSERT_STAGE1(pmap);
3001 if (!PMAP_TRYLOCK(pmap)) {
3002 pvh_gen = pvh->pv_gen;
3003 md_gen = m->md.pv_gen;
3007 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3013 pmap_resident_count_dec(pmap, 1);
3015 pde = pmap_pde(pmap, pv->pv_va, &lvl);
3016 KASSERT(pde != NULL,
3017 ("pmap_remove_all: no page directory entry found"));
3019 ("pmap_remove_all: invalid pde level %d", lvl));
3020 tpde = pmap_load(pde);
3022 pte = pmap_l2_to_l3(pde, pv->pv_va);
3023 tpte = pmap_load_clear(pte);
3024 if (tpte & ATTR_SW_WIRED)
3025 pmap->pm_stats.wired_count--;
3026 if ((tpte & ATTR_AF) != 0) {
3027 pmap_invalidate_page(pmap, pv->pv_va);
3028 vm_page_aflag_set(m, PGA_REFERENCED);
3032 * Update the vm_page_t clean and reference bits.
3034 if (pmap_pte_dirty(pmap, tpte))
3036 pmap_unuse_pt(pmap, pv->pv_va, tpde, &free);
3037 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3039 free_pv_entry(pmap, pv);
3042 vm_page_aflag_clear(m, PGA_WRITEABLE);
3044 vm_page_free_pages_toq(&free, true);
3048 * pmap_protect_l2: do the things to protect a 2MB page in a pmap
3051 pmap_protect_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva, pt_entry_t mask,
3057 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3058 PMAP_ASSERT_STAGE1(pmap);
3059 KASSERT((sva & L2_OFFSET) == 0,
3060 ("pmap_protect_l2: sva is not 2mpage aligned"));
3061 old_l2 = pmap_load(l2);
3062 KASSERT((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK,
3063 ("pmap_protect_l2: L2e %lx is not a block mapping", old_l2));
3066 * Return if the L2 entry already has the desired access restrictions
3070 if ((old_l2 & mask) == nbits)
3074 * When a dirty read/write superpage mapping is write protected,
3075 * update the dirty field of each of the superpage's constituent 4KB
3078 if ((old_l2 & ATTR_SW_MANAGED) != 0 &&
3079 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3080 pmap_pte_dirty(pmap, old_l2)) {
3081 m = PHYS_TO_VM_PAGE(old_l2 & ~ATTR_MASK);
3082 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3086 if (!atomic_fcmpset_64(l2, &old_l2, (old_l2 & ~mask) | nbits))
3090 * Since a promotion must break the 4KB page mappings before making
3091 * the 2MB page mapping, a pmap_invalidate_page() suffices.
3093 pmap_invalidate_page(pmap, sva);
3097 * Set the physical protection on the
3098 * specified range of this map as requested.
3101 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3103 vm_offset_t va, va_next;
3104 pd_entry_t *l0, *l1, *l2;
3105 pt_entry_t *l3p, l3, mask, nbits;
3107 PMAP_ASSERT_STAGE1(pmap);
3108 KASSERT((prot & ~VM_PROT_ALL) == 0, ("invalid prot %x", prot));
3109 if (prot == VM_PROT_NONE) {
3110 pmap_remove(pmap, sva, eva);
3115 if ((prot & VM_PROT_WRITE) == 0) {
3116 mask |= ATTR_S1_AP_RW_BIT | ATTR_SW_DBM;
3117 nbits |= ATTR_S1_AP(ATTR_S1_AP_RO);
3119 if ((prot & VM_PROT_EXECUTE) == 0) {
3121 nbits |= ATTR_S1_XN;
3127 for (; sva < eva; sva = va_next) {
3129 l0 = pmap_l0(pmap, sva);
3130 if (pmap_load(l0) == 0) {
3131 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
3137 l1 = pmap_l0_to_l1(l0, sva);
3138 if (pmap_load(l1) == 0) {
3139 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3145 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3149 l2 = pmap_l1_to_l2(l1, sva);
3150 if (pmap_load(l2) == 0)
3153 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
3154 if (sva + L2_SIZE == va_next && eva >= va_next) {
3155 pmap_protect_l2(pmap, l2, sva, mask, nbits);
3157 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
3160 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
3161 ("pmap_protect: Invalid L2 entry after demotion"));
3167 for (l3p = pmap_l2_to_l3(l2, sva); sva != va_next; l3p++,
3169 l3 = pmap_load(l3p);
3172 * Go to the next L3 entry if the current one is
3173 * invalid or already has the desired access
3174 * restrictions in place. (The latter case occurs
3175 * frequently. For example, in a "buildworld"
3176 * workload, almost 1 out of 4 L3 entries already
3177 * have the desired restrictions.)
3179 if (!pmap_l3_valid(l3) || (l3 & mask) == nbits) {
3180 if (va != va_next) {
3181 pmap_invalidate_range(pmap, va, sva);
3188 * When a dirty read/write mapping is write protected,
3189 * update the page's dirty field.
3191 if ((l3 & ATTR_SW_MANAGED) != 0 &&
3192 (nbits & ATTR_S1_AP(ATTR_S1_AP_RO)) != 0 &&
3193 pmap_pte_dirty(pmap, l3))
3194 vm_page_dirty(PHYS_TO_VM_PAGE(l3 & ~ATTR_MASK));
3196 if (!atomic_fcmpset_64(l3p, &l3, (l3 & ~mask) | nbits))
3202 pmap_invalidate_range(pmap, va, sva);
3208 * Inserts the specified page table page into the specified pmap's collection
3209 * of idle page table pages. Each of a pmap's page table pages is responsible
3210 * for mapping a distinct range of virtual addresses. The pmap's collection is
3211 * ordered by this virtual address range.
3213 * If "promoted" is false, then the page table page "mpte" must be zero filled.
3216 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte, bool promoted)
3219 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3220 mpte->valid = promoted ? VM_PAGE_BITS_ALL : 0;
3221 return (vm_radix_insert(&pmap->pm_root, mpte));
3225 * Removes the page table page mapping the specified virtual address from the
3226 * specified pmap's collection of idle page table pages, and returns it.
3227 * Otherwise, returns NULL if there is no page table page corresponding to the
3228 * specified virtual address.
3230 static __inline vm_page_t
3231 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
3234 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3235 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
3239 * Performs a break-before-make update of a pmap entry. This is needed when
3240 * either promoting or demoting pages to ensure the TLB doesn't get into an
3241 * inconsistent state.
3244 pmap_update_entry(pmap_t pmap, pd_entry_t *pte, pd_entry_t newpte,
3245 vm_offset_t va, vm_size_t size)
3249 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3252 * Ensure we don't get switched out with the page table in an
3253 * inconsistent state. We also need to ensure no interrupts fire
3254 * as they may make use of an address we are about to invalidate.
3256 intr = intr_disable();
3259 * Clear the old mapping's valid bit, but leave the rest of the entry
3260 * unchanged, so that a lockless, concurrent pmap_kextract() can still
3261 * lookup the physical address.
3263 pmap_clear_bits(pte, ATTR_DESCR_VALID);
3264 pmap_invalidate_range(pmap, va, va + size);
3266 /* Create the new mapping */
3267 pmap_store(pte, newpte);
3273 #if VM_NRESERVLEVEL > 0
3275 * After promotion from 512 4KB page mappings to a single 2MB page mapping,
3276 * replace the many pv entries for the 4KB page mappings by a single pv entry
3277 * for the 2MB page mapping.
3280 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
3281 struct rwlock **lockp)
3283 struct md_page *pvh;
3285 vm_offset_t va_last;
3288 KASSERT((pa & L2_OFFSET) == 0,
3289 ("pmap_pv_promote_l2: pa is not 2mpage aligned"));
3290 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
3293 * Transfer the first page's pv entry for this mapping to the 2mpage's
3294 * pv list. Aside from avoiding the cost of a call to get_pv_entry(),
3295 * a transfer avoids the possibility that get_pv_entry() calls
3296 * reclaim_pv_chunk() and that reclaim_pv_chunk() removes one of the
3297 * mappings that is being promoted.
3299 m = PHYS_TO_VM_PAGE(pa);
3300 va = va & ~L2_OFFSET;
3301 pv = pmap_pvh_remove(&m->md, pmap, va);
3302 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv not found"));
3303 pvh = pa_to_pvh(pa);
3304 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
3306 /* Free the remaining NPTEPG - 1 pv entries. */
3307 va_last = va + L2_SIZE - PAGE_SIZE;
3311 pmap_pvh_free(&m->md, pmap, va);
3312 } while (va < va_last);
3316 * Tries to promote the 512, contiguous 4KB page mappings that are within a
3317 * single level 2 table entry to a single 2MB page mapping. For promotion
3318 * to occur, two conditions must be met: (1) the 4KB page mappings must map
3319 * aligned, contiguous physical memory and (2) the 4KB page mappings must have
3320 * identical characteristics.
3323 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
3324 struct rwlock **lockp)
3326 pt_entry_t *firstl3, *l3, newl2, oldl3, pa;
3330 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3331 PMAP_ASSERT_STAGE1(pmap);
3333 sva = va & ~L2_OFFSET;
3334 firstl3 = pmap_l2_to_l3(l2, sva);
3335 newl2 = pmap_load(firstl3);
3338 if (((newl2 & (~ATTR_MASK | ATTR_AF)) & L2_OFFSET) != ATTR_AF) {
3339 atomic_add_long(&pmap_l2_p_failures, 1);
3340 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3341 " in pmap %p", va, pmap);
3345 if ((newl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3346 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3347 if (!atomic_fcmpset_64(l2, &newl2, newl2 & ~ATTR_SW_DBM))
3349 newl2 &= ~ATTR_SW_DBM;
3352 pa = newl2 + L2_SIZE - PAGE_SIZE;
3353 for (l3 = firstl3 + NL3PG - 1; l3 > firstl3; l3--) {
3354 oldl3 = pmap_load(l3);
3356 if ((oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) ==
3357 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM)) {
3358 if (!atomic_fcmpset_64(l3, &oldl3, oldl3 &
3361 oldl3 &= ~ATTR_SW_DBM;
3364 atomic_add_long(&pmap_l2_p_failures, 1);
3365 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx"
3366 " in pmap %p", va, pmap);
3373 * Save the page table page in its current state until the L2
3374 * mapping the superpage is demoted by pmap_demote_l2() or
3375 * destroyed by pmap_remove_l3().
3377 mpte = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
3378 KASSERT(mpte >= vm_page_array &&
3379 mpte < &vm_page_array[vm_page_array_size],
3380 ("pmap_promote_l2: page table page is out of range"));
3381 KASSERT(mpte->pindex == pmap_l2_pindex(va),
3382 ("pmap_promote_l2: page table page's pindex is wrong"));
3383 if (pmap_insert_pt_page(pmap, mpte, true)) {
3384 atomic_add_long(&pmap_l2_p_failures, 1);
3386 "pmap_promote_l2: failure for va %#lx in pmap %p", va,
3391 if ((newl2 & ATTR_SW_MANAGED) != 0)
3392 pmap_pv_promote_l2(pmap, va, newl2 & ~ATTR_MASK, lockp);
3394 newl2 &= ~ATTR_DESCR_MASK;
3397 pmap_update_entry(pmap, l2, newl2, sva, L2_SIZE);
3399 atomic_add_long(&pmap_l2_promotions, 1);
3400 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
3403 #endif /* VM_NRESERVLEVEL > 0 */
3406 * Insert the given physical page (p) at
3407 * the specified virtual address (v) in the
3408 * target physical map with the protection requested.
3410 * If specified, the page will be wired down, meaning
3411 * that the related pte can not be reclaimed.
3413 * NB: This is the only routine which MAY NOT lazy-evaluate
3414 * or lose information. That is, this routine must actually
3415 * insert this page into the given map NOW.
3418 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3419 u_int flags, int8_t psind)
3421 struct rwlock *lock;
3423 pt_entry_t new_l3, orig_l3;
3424 pt_entry_t *l2, *l3;
3431 va = trunc_page(va);
3432 if ((m->oflags & VPO_UNMANAGED) == 0)
3433 VM_PAGE_OBJECT_BUSY_ASSERT(m);
3434 pa = VM_PAGE_TO_PHYS(m);
3435 new_l3 = (pt_entry_t)(pa | ATTR_DEFAULT | L3_PAGE);
3436 new_l3 |= pmap_pte_memattr(pmap, m->md.pv_memattr);
3437 new_l3 |= pmap_pte_prot(pmap, prot);
3439 if ((flags & PMAP_ENTER_WIRED) != 0)
3440 new_l3 |= ATTR_SW_WIRED;
3441 if (pmap->pm_stage == PM_STAGE1) {
3442 if (va < VM_MAXUSER_ADDRESS)
3443 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
3445 new_l3 |= ATTR_S1_UXN;
3446 if (pmap != kernel_pmap)
3447 new_l3 |= ATTR_S1_nG;
3450 * Clear the access flag on executable mappings, this will be
3451 * set later when the page is accessed. The fault handler is
3452 * required to invalidate the I-cache.
3454 * TODO: Switch to the valid flag to allow hardware management
3455 * of the access flag. Much of the pmap code assumes the
3456 * valid flag is set and fails to destroy the old page tables
3457 * correctly if it is clear.
3459 if (prot & VM_PROT_EXECUTE)
3462 if ((m->oflags & VPO_UNMANAGED) == 0) {
3463 new_l3 |= ATTR_SW_MANAGED;
3464 if ((prot & VM_PROT_WRITE) != 0) {
3465 new_l3 |= ATTR_SW_DBM;
3466 if ((flags & VM_PROT_WRITE) == 0) {
3467 PMAP_ASSERT_STAGE1(pmap);
3468 new_l3 |= ATTR_S1_AP(ATTR_S1_AP_RO);
3473 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
3478 /* Assert the required virtual and physical alignment. */
3479 KASSERT((va & L2_OFFSET) == 0, ("pmap_enter: va unaligned"));
3480 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
3481 rv = pmap_enter_l2(pmap, va, (new_l3 & ~L3_PAGE) | L2_BLOCK,
3488 * In the case that a page table page is not
3489 * resident, we are creating it here.
3492 pde = pmap_pde(pmap, va, &lvl);
3493 if (pde != NULL && lvl == 2) {
3494 l3 = pmap_l2_to_l3(pde, va);
3495 if (va < VM_MAXUSER_ADDRESS && mpte == NULL) {
3496 mpte = PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
3500 } else if (pde != NULL && lvl == 1) {
3501 l2 = pmap_l1_to_l2(pde, va);
3502 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK &&
3503 (l3 = pmap_demote_l2_locked(pmap, l2, va, &lock)) != NULL) {
3504 l3 = &l3[pmap_l3_index(va)];
3505 if (va < VM_MAXUSER_ADDRESS) {
3506 mpte = PHYS_TO_VM_PAGE(
3507 pmap_load(l2) & ~ATTR_MASK);
3512 /* We need to allocate an L3 table. */
3514 if (va < VM_MAXUSER_ADDRESS) {
3515 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
3518 * We use _pmap_alloc_l3() instead of pmap_alloc_l3() in order
3519 * to handle the possibility that a superpage mapping for "va"
3520 * was created while we slept.
3522 mpte = _pmap_alloc_l3(pmap, pmap_l2_pindex(va),
3523 nosleep ? NULL : &lock);
3524 if (mpte == NULL && nosleep) {
3525 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
3526 rv = KERN_RESOURCE_SHORTAGE;
3531 panic("pmap_enter: missing L3 table for kernel va %#lx", va);
3534 orig_l3 = pmap_load(l3);
3535 opa = orig_l3 & ~ATTR_MASK;
3539 * Is the specified virtual address already mapped?
3541 if (pmap_l3_valid(orig_l3)) {
3543 * Only allow adding new entries on stage 2 tables for now.
3544 * This simplifies cache invalidation as we may need to call
3545 * into EL2 to perform such actions.
3547 PMAP_ASSERT_STAGE1(pmap);
3549 * Wiring change, just update stats. We don't worry about
3550 * wiring PT pages as they remain resident as long as there
3551 * are valid mappings in them. Hence, if a user page is wired,
3552 * the PT page will be also.
3554 if ((flags & PMAP_ENTER_WIRED) != 0 &&
3555 (orig_l3 & ATTR_SW_WIRED) == 0)
3556 pmap->pm_stats.wired_count++;
3557 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
3558 (orig_l3 & ATTR_SW_WIRED) != 0)
3559 pmap->pm_stats.wired_count--;
3562 * Remove the extra PT page reference.
3566 KASSERT(mpte->ref_count > 0,
3567 ("pmap_enter: missing reference to page table page,"
3572 * Has the physical page changed?
3576 * No, might be a protection or wiring change.
3578 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
3579 (new_l3 & ATTR_SW_DBM) != 0)
3580 vm_page_aflag_set(m, PGA_WRITEABLE);
3585 * The physical page has changed. Temporarily invalidate
3588 orig_l3 = pmap_load_clear(l3);
3589 KASSERT((orig_l3 & ~ATTR_MASK) == opa,
3590 ("pmap_enter: unexpected pa update for %#lx", va));
3591 if ((orig_l3 & ATTR_SW_MANAGED) != 0) {
3592 om = PHYS_TO_VM_PAGE(opa);
3595 * The pmap lock is sufficient to synchronize with
3596 * concurrent calls to pmap_page_test_mappings() and
3597 * pmap_ts_referenced().
3599 if (pmap_pte_dirty(pmap, orig_l3))
3601 if ((orig_l3 & ATTR_AF) != 0) {
3602 pmap_invalidate_page(pmap, va);
3603 vm_page_aflag_set(om, PGA_REFERENCED);
3605 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
3606 pv = pmap_pvh_remove(&om->md, pmap, va);
3607 if ((m->oflags & VPO_UNMANAGED) != 0)
3608 free_pv_entry(pmap, pv);
3609 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
3610 TAILQ_EMPTY(&om->md.pv_list) &&
3611 ((om->flags & PG_FICTITIOUS) != 0 ||
3612 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3613 vm_page_aflag_clear(om, PGA_WRITEABLE);
3615 KASSERT((orig_l3 & ATTR_AF) != 0,
3616 ("pmap_enter: unmanaged mapping lacks ATTR_AF"));
3617 pmap_invalidate_page(pmap, va);
3622 * Increment the counters.
3624 if ((new_l3 & ATTR_SW_WIRED) != 0)
3625 pmap->pm_stats.wired_count++;
3626 pmap_resident_count_inc(pmap, 1);
3629 * Enter on the PV list if part of our managed memory.
3631 if ((m->oflags & VPO_UNMANAGED) == 0) {
3633 pv = get_pv_entry(pmap, &lock);
3636 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
3637 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
3639 if ((new_l3 & ATTR_SW_DBM) != 0)
3640 vm_page_aflag_set(m, PGA_WRITEABLE);
3644 if (pmap->pm_stage == PM_STAGE1) {
3646 * Sync icache if exec permission and attribute
3647 * VM_MEMATTR_WRITE_BACK is set. Do it now, before the mapping
3648 * is stored and made valid for hardware table walk. If done
3649 * later, then other can access this page before caches are
3650 * properly synced. Don't do it for kernel memory which is
3651 * mapped with exec permission even if the memory isn't going
3652 * to hold executable code. The only time when icache sync is
3653 * needed is after kernel module is loaded and the relocation
3654 * info is processed. And it's done in elf_cpu_load_file().
3656 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
3657 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK &&
3658 (opa != pa || (orig_l3 & ATTR_S1_XN))) {
3659 PMAP_ASSERT_STAGE1(pmap);
3660 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3663 cpu_dcache_wb_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
3667 * Update the L3 entry
3669 if (pmap_l3_valid(orig_l3)) {
3670 PMAP_ASSERT_STAGE1(pmap);
3671 KASSERT(opa == pa, ("pmap_enter: invalid update"));
3672 if ((orig_l3 & ~ATTR_AF) != (new_l3 & ~ATTR_AF)) {
3673 /* same PA, different attributes */
3674 orig_l3 = pmap_load_store(l3, new_l3);
3675 pmap_invalidate_page(pmap, va);
3676 if ((orig_l3 & ATTR_SW_MANAGED) != 0 &&
3677 pmap_pte_dirty(pmap, orig_l3))
3682 * This can happens if multiple threads simultaneously
3683 * access not yet mapped page. This bad for performance
3684 * since this can cause full demotion-NOP-promotion
3686 * Another possible reasons are:
3687 * - VM and pmap memory layout are diverged
3688 * - tlb flush is missing somewhere and CPU doesn't see
3691 CTR4(KTR_PMAP, "%s: already mapped page - "
3692 "pmap %p va 0x%#lx pte 0x%lx",
3693 __func__, pmap, va, new_l3);
3697 pmap_store(l3, new_l3);
3701 #if VM_NRESERVLEVEL > 0
3703 * Try to promote from level 3 pages to a level 2 superpage. This
3704 * currently only works on stage 1 pmaps as pmap_promote_l2 looks at
3705 * stage 1 specific fields and performs a break-before-make sequence
3706 * that is incorrect a stage 2 pmap.
3708 if ((mpte == NULL || mpte->ref_count == NL3PG) &&
3709 pmap_ps_enabled(pmap) && pmap->pm_stage == PM_STAGE1 &&
3710 (m->flags & PG_FICTITIOUS) == 0 &&
3711 vm_reserv_level_iffullpop(m) == 0) {
3712 pmap_promote_l2(pmap, pde, va, &lock);
3725 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
3726 * if successful. Returns false if (1) a page table page cannot be allocated
3727 * without sleeping, (2) a mapping already exists at the specified virtual
3728 * address, or (3) a PV entry cannot be allocated without reclaiming another
3732 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
3733 struct rwlock **lockp)
3737 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3738 PMAP_ASSERT_STAGE1(pmap);
3740 new_l2 = (pd_entry_t)(VM_PAGE_TO_PHYS(m) | ATTR_DEFAULT |
3741 ATTR_S1_IDX(m->md.pv_memattr) | ATTR_S1_AP(ATTR_S1_AP_RO) |
3743 if ((m->oflags & VPO_UNMANAGED) == 0) {
3744 new_l2 |= ATTR_SW_MANAGED;
3747 if ((prot & VM_PROT_EXECUTE) == 0 ||
3748 m->md.pv_memattr == VM_MEMATTR_DEVICE)
3749 new_l2 |= ATTR_S1_XN;
3750 if (va < VM_MAXUSER_ADDRESS)
3751 new_l2 |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
3753 new_l2 |= ATTR_S1_UXN;
3754 if (pmap != kernel_pmap)
3755 new_l2 |= ATTR_S1_nG;
3756 return (pmap_enter_l2(pmap, va, new_l2, PMAP_ENTER_NOSLEEP |
3757 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
3762 * Returns true if every page table entry in the specified page table is
3766 pmap_every_pte_zero(vm_paddr_t pa)
3768 pt_entry_t *pt_end, *pte;
3770 KASSERT((pa & PAGE_MASK) == 0, ("pa is misaligned"));
3771 pte = (pt_entry_t *)PHYS_TO_DMAP(pa);
3772 for (pt_end = pte + Ln_ENTRIES; pte < pt_end; pte++) {
3780 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
3781 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
3782 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
3783 * a mapping already exists at the specified virtual address. Returns
3784 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
3785 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
3786 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
3788 * The parameter "m" is only used when creating a managed, writeable mapping.
3791 pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2, u_int flags,
3792 vm_page_t m, struct rwlock **lockp)
3794 struct spglist free;
3795 pd_entry_t *l2, old_l2;
3798 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3800 if ((l2 = pmap_alloc_l2(pmap, va, &l2pg, (flags &
3801 PMAP_ENTER_NOSLEEP) != 0 ? NULL : lockp)) == NULL) {
3802 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx in pmap %p",
3804 return (KERN_RESOURCE_SHORTAGE);
3808 * If there are existing mappings, either abort or remove them.
3810 if ((old_l2 = pmap_load(l2)) != 0) {
3811 KASSERT(l2pg == NULL || l2pg->ref_count > 1,
3812 ("pmap_enter_l2: l2pg's ref count is too low"));
3813 if ((flags & PMAP_ENTER_NOREPLACE) != 0 && (va <
3814 VM_MAXUSER_ADDRESS || (old_l2 & ATTR_DESCR_MASK) ==
3815 L2_BLOCK || !pmap_every_pte_zero(old_l2 & ~ATTR_MASK))) {
3818 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx"
3819 " in pmap %p", va, pmap);
3820 return (KERN_FAILURE);
3823 if ((old_l2 & ATTR_DESCR_MASK) == L2_BLOCK)
3824 (void)pmap_remove_l2(pmap, l2, va,
3825 pmap_load(pmap_l1(pmap, va)), &free, lockp);
3827 pmap_remove_l3_range(pmap, old_l2, va, va + L2_SIZE,
3829 if (va < VM_MAXUSER_ADDRESS) {
3830 vm_page_free_pages_toq(&free, true);
3831 KASSERT(pmap_load(l2) == 0,
3832 ("pmap_enter_l2: non-zero L2 entry %p", l2));
3834 KASSERT(SLIST_EMPTY(&free),
3835 ("pmap_enter_l2: freed kernel page table page"));
3838 * Both pmap_remove_l2() and pmap_remove_l3_range()
3839 * will leave the kernel page table page zero filled.
3840 * Nonetheless, the TLB could have an intermediate
3841 * entry for the kernel page table page.
3843 mt = PHYS_TO_VM_PAGE(pmap_load(l2) & ~ATTR_MASK);
3844 if (pmap_insert_pt_page(pmap, mt, false))
3845 panic("pmap_enter_l2: trie insert failed");
3847 pmap_invalidate_page(pmap, va);
3851 if ((new_l2 & ATTR_SW_MANAGED) != 0) {
3853 * Abort this mapping if its PV entry could not be created.
3855 if (!pmap_pv_insert_l2(pmap, va, new_l2, flags, lockp)) {
3857 pmap_abort_ptp(pmap, va, l2pg);
3859 "pmap_enter_l2: failure for va %#lx in pmap %p",
3861 return (KERN_RESOURCE_SHORTAGE);
3863 if ((new_l2 & ATTR_SW_DBM) != 0)
3864 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3865 vm_page_aflag_set(mt, PGA_WRITEABLE);
3869 * Increment counters.
3871 if ((new_l2 & ATTR_SW_WIRED) != 0)
3872 pmap->pm_stats.wired_count += L2_SIZE / PAGE_SIZE;
3873 pmap->pm_stats.resident_count += L2_SIZE / PAGE_SIZE;
3876 * Map the superpage.
3878 pmap_store(l2, new_l2);
3881 atomic_add_long(&pmap_l2_mappings, 1);
3882 CTR2(KTR_PMAP, "pmap_enter_l2: success for va %#lx in pmap %p",
3885 return (KERN_SUCCESS);
3889 * Maps a sequence of resident pages belonging to the same object.
3890 * The sequence begins with the given page m_start. This page is
3891 * mapped at the given virtual address start. Each subsequent page is
3892 * mapped at a virtual address that is offset from start by the same
3893 * amount as the page is offset from m_start within the object. The
3894 * last page in the sequence is the page with the largest offset from
3895 * m_start that can be mapped at a virtual address less than the given
3896 * virtual address end. Not every virtual page between start and end
3897 * is mapped; only those for which a resident page exists with the
3898 * corresponding offset from m_start are mapped.
3901 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3902 vm_page_t m_start, vm_prot_t prot)
3904 struct rwlock *lock;
3907 vm_pindex_t diff, psize;
3909 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3911 psize = atop(end - start);
3916 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3917 va = start + ptoa(diff);
3918 if ((va & L2_OFFSET) == 0 && va + L2_SIZE <= end &&
3919 m->psind == 1 && pmap_ps_enabled(pmap) &&
3920 pmap_enter_2mpage(pmap, va, m, prot, &lock))
3921 m = &m[L2_SIZE / PAGE_SIZE - 1];
3923 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte,
3925 m = TAILQ_NEXT(m, listq);
3933 * this code makes some *MAJOR* assumptions:
3934 * 1. Current pmap & pmap exists.
3937 * 4. No page table pages.
3938 * but is *MUCH* faster than pmap_enter...
3942 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3944 struct rwlock *lock;
3948 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3955 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3956 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3959 pt_entry_t *l2, *l3, l3_val;
3963 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3964 (m->oflags & VPO_UNMANAGED) != 0,
3965 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3966 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3967 PMAP_ASSERT_STAGE1(pmap);
3969 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3971 * In the case that a page table page is not
3972 * resident, we are creating it here.
3974 if (va < VM_MAXUSER_ADDRESS) {
3975 vm_pindex_t l2pindex;
3978 * Calculate pagetable page index
3980 l2pindex = pmap_l2_pindex(va);
3981 if (mpte && (mpte->pindex == l2pindex)) {
3987 pde = pmap_pde(pmap, va, &lvl);
3990 * If the page table page is mapped, we just increment
3991 * the hold count, and activate it. Otherwise, we
3992 * attempt to allocate a page table page. If this
3993 * attempt fails, we don't retry. Instead, we give up.
3996 l2 = pmap_l1_to_l2(pde, va);
3997 if ((pmap_load(l2) & ATTR_DESCR_MASK) ==
4001 if (lvl == 2 && pmap_load(pde) != 0) {
4003 PHYS_TO_VM_PAGE(pmap_load(pde) & ~ATTR_MASK);
4007 * Pass NULL instead of the PV list lock
4008 * pointer, because we don't intend to sleep.
4010 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
4015 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
4016 l3 = &l3[pmap_l3_index(va)];
4019 pde = pmap_pde(kernel_pmap, va, &lvl);
4020 KASSERT(pde != NULL,
4021 ("pmap_enter_quick_locked: Invalid page entry, va: 0x%lx",
4024 ("pmap_enter_quick_locked: Invalid level %d", lvl));
4025 l3 = pmap_l2_to_l3(pde, va);
4029 * Abort if a mapping already exists.
4031 if (pmap_load(l3) != 0) {
4038 * Enter on the PV list if part of our managed memory.
4040 if ((m->oflags & VPO_UNMANAGED) == 0 &&
4041 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
4043 pmap_abort_ptp(pmap, va, mpte);
4048 * Increment counters
4050 pmap_resident_count_inc(pmap, 1);
4052 pa = VM_PAGE_TO_PHYS(m);
4053 l3_val = pa | ATTR_DEFAULT | ATTR_S1_IDX(m->md.pv_memattr) |
4054 ATTR_S1_AP(ATTR_S1_AP_RO) | L3_PAGE;
4055 if ((prot & VM_PROT_EXECUTE) == 0 ||
4056 m->md.pv_memattr == VM_MEMATTR_DEVICE)
4057 l3_val |= ATTR_S1_XN;
4058 if (va < VM_MAXUSER_ADDRESS)
4059 l3_val |= ATTR_S1_AP(ATTR_S1_AP_USER) | ATTR_S1_PXN;
4061 l3_val |= ATTR_S1_UXN;
4062 if (pmap != kernel_pmap)
4063 l3_val |= ATTR_S1_nG;
4066 * Now validate mapping with RO protection
4068 if ((m->oflags & VPO_UNMANAGED) == 0) {
4069 l3_val |= ATTR_SW_MANAGED;
4073 /* Sync icache before the mapping is stored to PTE */
4074 if ((prot & VM_PROT_EXECUTE) && pmap != kernel_pmap &&
4075 m->md.pv_memattr == VM_MEMATTR_WRITE_BACK)
4076 cpu_icache_sync_range(PHYS_TO_DMAP(pa), PAGE_SIZE);
4078 pmap_store(l3, l3_val);
4085 * This code maps large physical mmap regions into the
4086 * processor address space. Note that some shortcuts
4087 * are taken, but the code works.
4090 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
4091 vm_pindex_t pindex, vm_size_t size)
4094 VM_OBJECT_ASSERT_WLOCKED(object);
4095 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
4096 ("pmap_object_init_pt: non-device object"));
4100 * Clear the wired attribute from the mappings for the specified range of
4101 * addresses in the given pmap. Every valid mapping within that range
4102 * must have the wired attribute set. In contrast, invalid mappings
4103 * cannot have the wired attribute set, so they are ignored.
4105 * The wired attribute of the page table entry is not a hardware feature,
4106 * so there is no need to invalidate any TLB entries.
4109 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
4111 vm_offset_t va_next;
4112 pd_entry_t *l0, *l1, *l2;
4116 for (; sva < eva; sva = va_next) {
4117 l0 = pmap_l0(pmap, sva);
4118 if (pmap_load(l0) == 0) {
4119 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
4125 l1 = pmap_l0_to_l1(l0, sva);
4126 if (pmap_load(l1) == 0) {
4127 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
4133 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
4137 l2 = pmap_l1_to_l2(l1, sva);
4138 if (pmap_load(l2) == 0)
4141 if ((pmap_load(l2) & ATTR_DESCR_MASK) == L2_BLOCK) {
4142 if ((pmap_load(l2) & ATTR_SW_WIRED) == 0)
4143 panic("pmap_unwire: l2 %#jx is missing "
4144 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l2));
4147 * Are we unwiring the entire large page? If not,
4148 * demote the mapping and fall through.
4150 if (sva + L2_SIZE == va_next && eva >= va_next) {
4151 pmap_clear_bits(l2, ATTR_SW_WIRED);
4152 pmap->pm_stats.wired_count -= L2_SIZE /
4155 } else if (pmap_demote_l2(pmap, l2, sva) == NULL)
4156 panic("pmap_unwire: demotion failed");
4158 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
4159 ("pmap_unwire: Invalid l2 entry after demotion"));
4163 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
4165 if (pmap_load(l3) == 0)
4167 if ((pmap_load(l3) & ATTR_SW_WIRED) == 0)
4168 panic("pmap_unwire: l3 %#jx is missing "
4169 "ATTR_SW_WIRED", (uintmax_t)pmap_load(l3));
4172 * ATTR_SW_WIRED must be cleared atomically. Although
4173 * the pmap lock synchronizes access to ATTR_SW_WIRED,
4174 * the System MMU may write to the entry concurrently.
4176 pmap_clear_bits(l3, ATTR_SW_WIRED);
4177 pmap->pm_stats.wired_count--;
4184 * Copy the range specified by src_addr/len
4185 * from the source map to the range dst_addr/len
4186 * in the destination map.
4188 * This routine is only advisory and need not do anything.
4190 * Because the executable mappings created by this routine are copied,
4191 * it should not have to flush the instruction cache.
4194 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
4195 vm_offset_t src_addr)
4197 struct rwlock *lock;
4198 pd_entry_t *l0, *l1, *l2, srcptepaddr;
4199 pt_entry_t *dst_pte, mask, nbits, ptetemp, *src_pte;
4200 vm_offset_t addr, end_addr, va_next;
4201 vm_page_t dst_l2pg, dstmpte, srcmpte;
4203 PMAP_ASSERT_STAGE1(dst_pmap);
4204 PMAP_ASSERT_STAGE1(src_pmap);
4206 if (dst_addr != src_addr)
4208 end_addr = src_addr + len;
4210 if (dst_pmap < src_pmap) {
4211 PMAP_LOCK(dst_pmap);
4212 PMAP_LOCK(src_pmap);
4214 PMAP_LOCK(src_pmap);
4215 PMAP_LOCK(dst_pmap);
4217 for (addr = src_addr; addr < end_addr; addr = va_next) {
4218 l0 = pmap_l0(src_pmap, addr);
4219 if (pmap_load(l0) == 0) {
4220 va_next = (addr + L0_SIZE) & ~L0_OFFSET;
4225 l1 = pmap_l0_to_l1(l0, addr);
4226 if (pmap_load(l1) == 0) {
4227 va_next = (addr + L1_SIZE) & ~L1_OFFSET;
4232 va_next = (addr + L2_SIZE) & ~L2_OFFSET;
4235 l2 = pmap_l1_to_l2(l1, addr);
4236 srcptepaddr = pmap_load(l2);
4237 if (srcptepaddr == 0)
4239 if ((srcptepaddr & ATTR_DESCR_MASK) == L2_BLOCK) {
4240 if ((addr & L2_OFFSET) != 0 ||
4241 addr + L2_SIZE > end_addr)
4243 l2 = pmap_alloc_l2(dst_pmap, addr, &dst_l2pg, NULL);
4246 if (pmap_load(l2) == 0 &&
4247 ((srcptepaddr & ATTR_SW_MANAGED) == 0 ||
4248 pmap_pv_insert_l2(dst_pmap, addr, srcptepaddr,
4249 PMAP_ENTER_NORECLAIM, &lock))) {
4250 mask = ATTR_AF | ATTR_SW_WIRED;
4252 if ((srcptepaddr & ATTR_SW_DBM) != 0)
4253 nbits |= ATTR_S1_AP_RW_BIT;
4254 pmap_store(l2, (srcptepaddr & ~mask) | nbits);
4255 pmap_resident_count_inc(dst_pmap, L2_SIZE /
4257 atomic_add_long(&pmap_l2_mappings, 1);
4259 pmap_abort_ptp(dst_pmap, addr, dst_l2pg);
4262 KASSERT((srcptepaddr & ATTR_DESCR_MASK) == L2_TABLE,
4263 ("pmap_copy: invalid L2 entry"));
4264 srcptepaddr &= ~ATTR_MASK;
4265 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr);
4266 KASSERT(srcmpte->ref_count > 0,
4267 ("pmap_copy: source page table page is unused"));
4268 if (va_next > end_addr)
4270 src_pte = (pt_entry_t *)PHYS_TO_DMAP(srcptepaddr);
4271 src_pte = &src_pte[pmap_l3_index(addr)];
4273 for (; addr < va_next; addr += PAGE_SIZE, src_pte++) {
4274 ptetemp = pmap_load(src_pte);
4277 * We only virtual copy managed pages.
4279 if ((ptetemp & ATTR_SW_MANAGED) == 0)
4282 if (dstmpte != NULL) {
4283 KASSERT(dstmpte->pindex == pmap_l2_pindex(addr),
4284 ("dstmpte pindex/addr mismatch"));
4285 dstmpte->ref_count++;
4286 } else if ((dstmpte = pmap_alloc_l3(dst_pmap, addr,
4289 dst_pte = (pt_entry_t *)
4290 PHYS_TO_DMAP(VM_PAGE_TO_PHYS(dstmpte));
4291 dst_pte = &dst_pte[pmap_l3_index(addr)];
4292 if (pmap_load(dst_pte) == 0 &&
4293 pmap_try_insert_pv_entry(dst_pmap, addr,
4294 PHYS_TO_VM_PAGE(ptetemp & ~ATTR_MASK), &lock)) {
4296 * Clear the wired, modified, and accessed
4297 * (referenced) bits during the copy.
4299 mask = ATTR_AF | ATTR_SW_WIRED;
4301 if ((ptetemp & ATTR_SW_DBM) != 0)
4302 nbits |= ATTR_S1_AP_RW_BIT;
4303 pmap_store(dst_pte, (ptetemp & ~mask) | nbits);
4304 pmap_resident_count_inc(dst_pmap, 1);
4306 pmap_abort_ptp(dst_pmap, addr, dstmpte);
4309 /* Have we copied all of the valid mappings? */
4310 if (dstmpte->ref_count >= srcmpte->ref_count)
4316 * XXX This barrier may not be needed because the destination pmap is
4323 PMAP_UNLOCK(src_pmap);
4324 PMAP_UNLOCK(dst_pmap);
4328 * pmap_zero_page zeros the specified hardware page by mapping
4329 * the page into KVM and using bzero to clear its contents.
4332 pmap_zero_page(vm_page_t m)
4334 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4336 pagezero((void *)va);
4340 * pmap_zero_page_area zeros the specified hardware page by mapping
4341 * the page into KVM and using bzero to clear its contents.
4343 * off and size may not cover an area beyond a single hardware page.
4346 pmap_zero_page_area(vm_page_t m, int off, int size)
4348 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
4350 if (off == 0 && size == PAGE_SIZE)
4351 pagezero((void *)va);
4353 bzero((char *)va + off, size);
4357 * pmap_copy_page copies the specified (machine independent)
4358 * page by mapping the page into virtual memory and using
4359 * bcopy to copy the page, one machine dependent page at a
4363 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
4365 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
4366 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
4368 pagecopy((void *)src, (void *)dst);
4371 int unmapped_buf_allowed = 1;
4374 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
4375 vm_offset_t b_offset, int xfersize)
4379 vm_paddr_t p_a, p_b;
4380 vm_offset_t a_pg_offset, b_pg_offset;
4383 while (xfersize > 0) {
4384 a_pg_offset = a_offset & PAGE_MASK;
4385 m_a = ma[a_offset >> PAGE_SHIFT];
4386 p_a = m_a->phys_addr;
4387 b_pg_offset = b_offset & PAGE_MASK;
4388 m_b = mb[b_offset >> PAGE_SHIFT];
4389 p_b = m_b->phys_addr;
4390 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
4391 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
4392 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
4393 panic("!DMAP a %lx", p_a);
4395 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
4397 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
4398 panic("!DMAP b %lx", p_b);
4400 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
4402 bcopy(a_cp, b_cp, cnt);
4410 pmap_quick_enter_page(vm_page_t m)
4413 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
4417 pmap_quick_remove_page(vm_offset_t addr)
4422 * Returns true if the pmap's pv is one of the first
4423 * 16 pvs linked to from this page. This count may
4424 * be changed upwards or downwards in the future; it
4425 * is only necessary that true be returned for a small
4426 * subset of pmaps for proper page aging.
4429 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4431 struct md_page *pvh;
4432 struct rwlock *lock;
4437 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4438 ("pmap_page_exists_quick: page %p is not managed", m));
4440 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4442 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4443 if (PV_PMAP(pv) == pmap) {
4451 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4452 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4453 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4454 if (PV_PMAP(pv) == pmap) {
4468 * pmap_page_wired_mappings:
4470 * Return the number of managed mappings to the given physical page
4474 pmap_page_wired_mappings(vm_page_t m)
4476 struct rwlock *lock;
4477 struct md_page *pvh;
4481 int count, lvl, md_gen, pvh_gen;
4483 if ((m->oflags & VPO_UNMANAGED) != 0)
4485 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4489 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4491 if (!PMAP_TRYLOCK(pmap)) {
4492 md_gen = m->md.pv_gen;
4496 if (md_gen != m->md.pv_gen) {
4501 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4502 if (pte != NULL && (pmap_load(pte) & ATTR_SW_WIRED) != 0)
4506 if ((m->flags & PG_FICTITIOUS) == 0) {
4507 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4508 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4510 if (!PMAP_TRYLOCK(pmap)) {
4511 md_gen = m->md.pv_gen;
4512 pvh_gen = pvh->pv_gen;
4516 if (md_gen != m->md.pv_gen ||
4517 pvh_gen != pvh->pv_gen) {
4522 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4524 (pmap_load(pte) & ATTR_SW_WIRED) != 0)
4534 * Returns true if the given page is mapped individually or as part of
4535 * a 2mpage. Otherwise, returns false.
4538 pmap_page_is_mapped(vm_page_t m)
4540 struct rwlock *lock;
4543 if ((m->oflags & VPO_UNMANAGED) != 0)
4545 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4547 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
4548 ((m->flags & PG_FICTITIOUS) == 0 &&
4549 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
4555 * Destroy all managed, non-wired mappings in the given user-space
4556 * pmap. This pmap cannot be active on any processor besides the
4559 * This function cannot be applied to the kernel pmap. Moreover, it
4560 * is not intended for general use. It is only to be used during
4561 * process termination. Consequently, it can be implemented in ways
4562 * that make it faster than pmap_remove(). First, it can more quickly
4563 * destroy mappings by iterating over the pmap's collection of PV
4564 * entries, rather than searching the page table. Second, it doesn't
4565 * have to test and clear the page table entries atomically, because
4566 * no processor is currently accessing the user address space. In
4567 * particular, a page table entry's dirty bit won't change state once
4568 * this function starts.
4571 pmap_remove_pages(pmap_t pmap)
4574 pt_entry_t *pte, tpte;
4575 struct spglist free;
4576 vm_page_t m, ml3, mt;
4578 struct md_page *pvh;
4579 struct pv_chunk *pc, *npc;
4580 struct rwlock *lock;
4582 uint64_t inuse, bitmask;
4583 int allfree, field, freed, idx, lvl;
4586 KASSERT(pmap == PCPU_GET(curpmap), ("non-current pmap %p", pmap));
4592 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
4595 for (field = 0; field < _NPCM; field++) {
4596 inuse = ~pc->pc_map[field] & pc_freemask[field];
4597 while (inuse != 0) {
4598 bit = ffsl(inuse) - 1;
4599 bitmask = 1UL << bit;
4600 idx = field * 64 + bit;
4601 pv = &pc->pc_pventry[idx];
4604 pde = pmap_pde(pmap, pv->pv_va, &lvl);
4605 KASSERT(pde != NULL,
4606 ("Attempting to remove an unmapped page"));
4610 pte = pmap_l1_to_l2(pde, pv->pv_va);
4611 tpte = pmap_load(pte);
4612 KASSERT((tpte & ATTR_DESCR_MASK) ==
4614 ("Attempting to remove an invalid "
4615 "block: %lx", tpte));
4618 pte = pmap_l2_to_l3(pde, pv->pv_va);
4619 tpte = pmap_load(pte);
4620 KASSERT((tpte & ATTR_DESCR_MASK) ==
4622 ("Attempting to remove an invalid "
4623 "page: %lx", tpte));
4627 "Invalid page directory level: %d",
4632 * We cannot remove wired pages from a process' mapping at this time
4634 if (tpte & ATTR_SW_WIRED) {
4639 pa = tpte & ~ATTR_MASK;
4641 m = PHYS_TO_VM_PAGE(pa);
4642 KASSERT(m->phys_addr == pa,
4643 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
4644 m, (uintmax_t)m->phys_addr,
4647 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4648 m < &vm_page_array[vm_page_array_size],
4649 ("pmap_remove_pages: bad pte %#jx",
4653 * Because this pmap is not active on other
4654 * processors, the dirty bit cannot have
4655 * changed state since we last loaded pte.
4660 * Update the vm_page_t clean/reference bits.
4662 if (pmap_pte_dirty(pmap, tpte)) {
4665 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
4674 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
4677 pc->pc_map[field] |= bitmask;
4680 pmap_resident_count_dec(pmap,
4681 L2_SIZE / PAGE_SIZE);
4682 pvh = pa_to_pvh(tpte & ~ATTR_MASK);
4683 TAILQ_REMOVE(&pvh->pv_list, pv,pv_next);
4685 if (TAILQ_EMPTY(&pvh->pv_list)) {
4686 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
4687 if ((mt->a.flags & PGA_WRITEABLE) != 0 &&
4688 TAILQ_EMPTY(&mt->md.pv_list))
4689 vm_page_aflag_clear(mt, PGA_WRITEABLE);
4691 ml3 = pmap_remove_pt_page(pmap,
4694 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
4695 ("pmap_remove_pages: l3 page not promoted"));
4696 pmap_resident_count_dec(pmap,1);
4697 KASSERT(ml3->ref_count == NL3PG,
4698 ("pmap_remove_pages: l3 page ref count error"));
4700 pmap_add_delayed_free_list(ml3,
4705 pmap_resident_count_dec(pmap, 1);
4706 TAILQ_REMOVE(&m->md.pv_list, pv,
4709 if ((m->a.flags & PGA_WRITEABLE) != 0 &&
4710 TAILQ_EMPTY(&m->md.pv_list) &&
4711 (m->flags & PG_FICTITIOUS) == 0) {
4713 VM_PAGE_TO_PHYS(m));
4714 if (TAILQ_EMPTY(&pvh->pv_list))
4715 vm_page_aflag_clear(m,
4720 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(pde),
4725 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
4726 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
4727 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
4729 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4735 pmap_invalidate_all(pmap);
4737 vm_page_free_pages_toq(&free, true);
4741 * This is used to check if a page has been accessed or modified.
4744 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
4746 struct rwlock *lock;
4748 struct md_page *pvh;
4749 pt_entry_t *pte, mask, value;
4751 int lvl, md_gen, pvh_gen;
4755 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4758 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4760 PMAP_ASSERT_STAGE1(pmap);
4761 if (!PMAP_TRYLOCK(pmap)) {
4762 md_gen = m->md.pv_gen;
4766 if (md_gen != m->md.pv_gen) {
4771 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4773 ("pmap_page_test_mappings: Invalid level %d", lvl));
4777 mask |= ATTR_S1_AP_RW_BIT;
4778 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
4781 mask |= ATTR_AF | ATTR_DESCR_MASK;
4782 value |= ATTR_AF | L3_PAGE;
4784 rv = (pmap_load(pte) & mask) == value;
4789 if ((m->flags & PG_FICTITIOUS) == 0) {
4790 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4791 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
4793 PMAP_ASSERT_STAGE1(pmap);
4794 if (!PMAP_TRYLOCK(pmap)) {
4795 md_gen = m->md.pv_gen;
4796 pvh_gen = pvh->pv_gen;
4800 if (md_gen != m->md.pv_gen ||
4801 pvh_gen != pvh->pv_gen) {
4806 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4808 ("pmap_page_test_mappings: Invalid level %d", lvl));
4812 mask |= ATTR_S1_AP_RW_BIT;
4813 value |= ATTR_S1_AP(ATTR_S1_AP_RW);
4816 mask |= ATTR_AF | ATTR_DESCR_MASK;
4817 value |= ATTR_AF | L2_BLOCK;
4819 rv = (pmap_load(pte) & mask) == value;
4833 * Return whether or not the specified physical page was modified
4834 * in any physical maps.
4837 pmap_is_modified(vm_page_t m)
4840 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4841 ("pmap_is_modified: page %p is not managed", m));
4844 * If the page is not busied then this check is racy.
4846 if (!pmap_page_is_write_mapped(m))
4848 return (pmap_page_test_mappings(m, FALSE, TRUE));
4852 * pmap_is_prefaultable:
4854 * Return whether or not the specified virtual address is eligible
4858 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
4866 pte = pmap_pte(pmap, addr, &lvl);
4867 if (pte != NULL && pmap_load(pte) != 0) {
4875 * pmap_is_referenced:
4877 * Return whether or not the specified physical page was referenced
4878 * in any physical maps.
4881 pmap_is_referenced(vm_page_t m)
4884 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4885 ("pmap_is_referenced: page %p is not managed", m));
4886 return (pmap_page_test_mappings(m, TRUE, FALSE));
4890 * Clear the write and modified bits in each of the given page's mappings.
4893 pmap_remove_write(vm_page_t m)
4895 struct md_page *pvh;
4897 struct rwlock *lock;
4898 pv_entry_t next_pv, pv;
4899 pt_entry_t oldpte, *pte;
4901 int lvl, md_gen, pvh_gen;
4903 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4904 ("pmap_remove_write: page %p is not managed", m));
4905 vm_page_assert_busied(m);
4907 if (!pmap_page_is_write_mapped(m))
4909 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4910 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
4911 pa_to_pvh(VM_PAGE_TO_PHYS(m));
4914 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
4916 PMAP_ASSERT_STAGE1(pmap);
4917 if (!PMAP_TRYLOCK(pmap)) {
4918 pvh_gen = pvh->pv_gen;
4922 if (pvh_gen != pvh->pv_gen) {
4929 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4930 if ((pmap_load(pte) & ATTR_SW_DBM) != 0)
4931 (void)pmap_demote_l2_locked(pmap, pte, va, &lock);
4932 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
4933 ("inconsistent pv lock %p %p for page %p",
4934 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
4937 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4939 PMAP_ASSERT_STAGE1(pmap);
4940 if (!PMAP_TRYLOCK(pmap)) {
4941 pvh_gen = pvh->pv_gen;
4942 md_gen = m->md.pv_gen;
4946 if (pvh_gen != pvh->pv_gen ||
4947 md_gen != m->md.pv_gen) {
4953 pte = pmap_pte(pmap, pv->pv_va, &lvl);
4954 oldpte = pmap_load(pte);
4956 if ((oldpte & ATTR_SW_DBM) != 0) {
4957 if (!atomic_fcmpset_long(pte, &oldpte,
4958 (oldpte | ATTR_S1_AP_RW_BIT) & ~ATTR_SW_DBM))
4960 if ((oldpte & ATTR_S1_AP_RW_BIT) ==
4961 ATTR_S1_AP(ATTR_S1_AP_RW))
4963 pmap_invalidate_page(pmap, pv->pv_va);
4968 vm_page_aflag_clear(m, PGA_WRITEABLE);
4972 * pmap_ts_referenced:
4974 * Return a count of reference bits for a page, clearing those bits.
4975 * It is not necessary for every reference bit to be cleared, but it
4976 * is necessary that 0 only be returned when there are truly no
4977 * reference bits set.
4979 * As an optimization, update the page's dirty field if a modified bit is
4980 * found while counting reference bits. This opportunistic update can be
4981 * performed at low cost and can eliminate the need for some future calls
4982 * to pmap_is_modified(). However, since this function stops after
4983 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
4984 * dirty pages. Those dirty pages will only be detected by a future call
4985 * to pmap_is_modified().
4988 pmap_ts_referenced(vm_page_t m)
4990 struct md_page *pvh;
4993 struct rwlock *lock;
4994 pd_entry_t *pde, tpde;
4995 pt_entry_t *pte, tpte;
4998 int cleared, lvl, md_gen, not_cleared, pvh_gen;
4999 struct spglist free;
5001 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5002 ("pmap_ts_referenced: page %p is not managed", m));
5005 pa = VM_PAGE_TO_PHYS(m);
5006 lock = PHYS_TO_PV_LIST_LOCK(pa);
5007 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
5011 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
5012 goto small_mappings;
5018 if (!PMAP_TRYLOCK(pmap)) {
5019 pvh_gen = pvh->pv_gen;
5023 if (pvh_gen != pvh->pv_gen) {
5029 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5030 KASSERT(pde != NULL, ("pmap_ts_referenced: no l1 table found"));
5032 ("pmap_ts_referenced: invalid pde level %d", lvl));
5033 tpde = pmap_load(pde);
5034 KASSERT((tpde & ATTR_DESCR_MASK) == L1_TABLE,
5035 ("pmap_ts_referenced: found an invalid l1 table"));
5036 pte = pmap_l1_to_l2(pde, pv->pv_va);
5037 tpte = pmap_load(pte);
5038 if (pmap_pte_dirty(pmap, tpte)) {
5040 * Although "tpte" is mapping a 2MB page, because
5041 * this function is called at a 4KB page granularity,
5042 * we only update the 4KB page under test.
5047 if ((tpte & ATTR_AF) != 0) {
5049 * Since this reference bit is shared by 512 4KB pages,
5050 * it should not be cleared every time it is tested.
5051 * Apply a simple "hash" function on the physical page
5052 * number, the virtual superpage number, and the pmap
5053 * address to select one 4KB page out of the 512 on
5054 * which testing the reference bit will result in
5055 * clearing that reference bit. This function is
5056 * designed to avoid the selection of the same 4KB page
5057 * for every 2MB page mapping.
5059 * On demotion, a mapping that hasn't been referenced
5060 * is simply destroyed. To avoid the possibility of a
5061 * subsequent page fault on a demoted wired mapping,
5062 * always leave its reference bit set. Moreover,
5063 * since the superpage is wired, the current state of
5064 * its reference bit won't affect page replacement.
5066 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
5067 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
5068 (tpte & ATTR_SW_WIRED) == 0) {
5069 pmap_clear_bits(pte, ATTR_AF);
5070 pmap_invalidate_page(pmap, pv->pv_va);
5076 /* Rotate the PV list if it has more than one entry. */
5077 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5078 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
5079 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
5082 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
5084 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
5086 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
5093 if (!PMAP_TRYLOCK(pmap)) {
5094 pvh_gen = pvh->pv_gen;
5095 md_gen = m->md.pv_gen;
5099 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5104 pde = pmap_pde(pmap, pv->pv_va, &lvl);
5105 KASSERT(pde != NULL, ("pmap_ts_referenced: no l2 table found"));
5107 ("pmap_ts_referenced: invalid pde level %d", lvl));
5108 tpde = pmap_load(pde);
5109 KASSERT((tpde & ATTR_DESCR_MASK) == L2_TABLE,
5110 ("pmap_ts_referenced: found an invalid l2 table"));
5111 pte = pmap_l2_to_l3(pde, pv->pv_va);
5112 tpte = pmap_load(pte);
5113 if (pmap_pte_dirty(pmap, tpte))
5115 if ((tpte & ATTR_AF) != 0) {
5116 if ((tpte & ATTR_SW_WIRED) == 0) {
5117 pmap_clear_bits(pte, ATTR_AF);
5118 pmap_invalidate_page(pmap, pv->pv_va);
5124 /* Rotate the PV list if it has more than one entry. */
5125 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
5126 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
5127 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
5130 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
5131 not_cleared < PMAP_TS_REFERENCED_MAX);
5134 vm_page_free_pages_toq(&free, true);
5135 return (cleared + not_cleared);
5139 * Apply the given advice to the specified range of addresses within the
5140 * given pmap. Depending on the advice, clear the referenced and/or
5141 * modified flags in each mapping and set the mapped page's dirty field.
5144 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
5146 struct rwlock *lock;
5147 vm_offset_t va, va_next;
5149 pd_entry_t *l0, *l1, *l2, oldl2;
5150 pt_entry_t *l3, oldl3;
5152 PMAP_ASSERT_STAGE1(pmap);
5154 if (advice != MADV_DONTNEED && advice != MADV_FREE)
5158 for (; sva < eva; sva = va_next) {
5159 l0 = pmap_l0(pmap, sva);
5160 if (pmap_load(l0) == 0) {
5161 va_next = (sva + L0_SIZE) & ~L0_OFFSET;
5166 l1 = pmap_l0_to_l1(l0, sva);
5167 if (pmap_load(l1) == 0) {
5168 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
5173 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
5176 l2 = pmap_l1_to_l2(l1, sva);
5177 oldl2 = pmap_load(l2);
5180 if ((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK) {
5181 if ((oldl2 & ATTR_SW_MANAGED) == 0)
5184 if (!pmap_demote_l2_locked(pmap, l2, sva, &lock)) {
5189 * The 2MB page mapping was destroyed.
5195 * Unless the page mappings are wired, remove the
5196 * mapping to a single page so that a subsequent
5197 * access may repromote. Choosing the last page
5198 * within the address range [sva, min(va_next, eva))
5199 * generally results in more repromotions. Since the
5200 * underlying page table page is fully populated, this
5201 * removal never frees a page table page.
5203 if ((oldl2 & ATTR_SW_WIRED) == 0) {
5209 ("pmap_advise: no address gap"));
5210 l3 = pmap_l2_to_l3(l2, va);
5211 KASSERT(pmap_load(l3) != 0,
5212 ("pmap_advise: invalid PTE"));
5213 pmap_remove_l3(pmap, l3, va, pmap_load(l2),
5219 KASSERT((pmap_load(l2) & ATTR_DESCR_MASK) == L2_TABLE,
5220 ("pmap_advise: invalid L2 entry after demotion"));
5224 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
5226 oldl3 = pmap_load(l3);
5227 if ((oldl3 & (ATTR_SW_MANAGED | ATTR_DESCR_MASK)) !=
5228 (ATTR_SW_MANAGED | L3_PAGE))
5230 else if (pmap_pte_dirty(pmap, oldl3)) {
5231 if (advice == MADV_DONTNEED) {
5233 * Future calls to pmap_is_modified()
5234 * can be avoided by making the page
5237 m = PHYS_TO_VM_PAGE(oldl3 & ~ATTR_MASK);
5240 while (!atomic_fcmpset_long(l3, &oldl3,
5241 (oldl3 & ~ATTR_AF) |
5242 ATTR_S1_AP(ATTR_S1_AP_RO)))
5244 } else if ((oldl3 & ATTR_AF) != 0)
5245 pmap_clear_bits(l3, ATTR_AF);
5252 if (va != va_next) {
5253 pmap_invalidate_range(pmap, va, sva);
5258 pmap_invalidate_range(pmap, va, sva);
5264 * Clear the modify bits on the specified physical page.
5267 pmap_clear_modify(vm_page_t m)
5269 struct md_page *pvh;
5270 struct rwlock *lock;
5272 pv_entry_t next_pv, pv;
5273 pd_entry_t *l2, oldl2;
5274 pt_entry_t *l3, oldl3;
5276 int md_gen, pvh_gen;
5278 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
5279 ("pmap_clear_modify: page %p is not managed", m));
5280 vm_page_assert_busied(m);
5282 if (!pmap_page_is_write_mapped(m))
5284 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
5285 pa_to_pvh(VM_PAGE_TO_PHYS(m));
5286 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
5289 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
5291 PMAP_ASSERT_STAGE1(pmap);
5292 if (!PMAP_TRYLOCK(pmap)) {
5293 pvh_gen = pvh->pv_gen;
5297 if (pvh_gen != pvh->pv_gen) {
5303 l2 = pmap_l2(pmap, va);
5304 oldl2 = pmap_load(l2);
5305 /* If oldl2 has ATTR_SW_DBM set, then it is also dirty. */
5306 if ((oldl2 & ATTR_SW_DBM) != 0 &&
5307 pmap_demote_l2_locked(pmap, l2, va, &lock) &&
5308 (oldl2 & ATTR_SW_WIRED) == 0) {
5310 * Write protect the mapping to a single page so that
5311 * a subsequent write access may repromote.
5313 va += VM_PAGE_TO_PHYS(m) - (oldl2 & ~ATTR_MASK);
5314 l3 = pmap_l2_to_l3(l2, va);
5315 oldl3 = pmap_load(l3);
5316 while (!atomic_fcmpset_long(l3, &oldl3,
5317 (oldl3 & ~ATTR_SW_DBM) | ATTR_S1_AP(ATTR_S1_AP_RO)))
5320 pmap_invalidate_page(pmap, va);
5324 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
5326 PMAP_ASSERT_STAGE1(pmap);
5327 if (!PMAP_TRYLOCK(pmap)) {
5328 md_gen = m->md.pv_gen;
5329 pvh_gen = pvh->pv_gen;
5333 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
5338 l2 = pmap_l2(pmap, pv->pv_va);
5339 l3 = pmap_l2_to_l3(l2, pv->pv_va);
5340 oldl3 = pmap_load(l3);
5341 if (pmap_l3_valid(oldl3) &&
5342 (oldl3 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) == ATTR_SW_DBM){
5343 pmap_set_bits(l3, ATTR_S1_AP(ATTR_S1_AP_RO));
5344 pmap_invalidate_page(pmap, pv->pv_va);
5352 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5354 struct pmap_preinit_mapping *ppim;
5355 vm_offset_t va, offset;
5358 int i, lvl, l2_blocks, free_l2_count, start_idx;
5360 if (!vm_initialized) {
5362 * No L3 ptables so map entire L2 blocks where start VA is:
5363 * preinit_map_va + start_idx * L2_SIZE
5364 * There may be duplicate mappings (multiple VA -> same PA) but
5365 * ARM64 dcache is always PIPT so that's acceptable.
5370 /* Calculate how many L2 blocks are needed for the mapping */
5371 l2_blocks = (roundup2(pa + size, L2_SIZE) -
5372 rounddown2(pa, L2_SIZE)) >> L2_SHIFT;
5374 offset = pa & L2_OFFSET;
5376 if (preinit_map_va == 0)
5379 /* Map 2MiB L2 blocks from reserved VA space */
5383 /* Find enough free contiguous VA space */
5384 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
5385 ppim = pmap_preinit_mapping + i;
5386 if (free_l2_count > 0 && ppim->pa != 0) {
5387 /* Not enough space here */
5393 if (ppim->pa == 0) {
5395 if (start_idx == -1)
5398 if (free_l2_count == l2_blocks)
5402 if (free_l2_count != l2_blocks)
5403 panic("%s: too many preinit mappings", __func__);
5405 va = preinit_map_va + (start_idx * L2_SIZE);
5406 for (i = start_idx; i < start_idx + l2_blocks; i++) {
5407 /* Mark entries as allocated */
5408 ppim = pmap_preinit_mapping + i;
5410 ppim->va = va + offset;
5415 pa = rounddown2(pa, L2_SIZE);
5416 for (i = 0; i < l2_blocks; i++) {
5417 pde = pmap_pde(kernel_pmap, va, &lvl);
5418 KASSERT(pde != NULL,
5419 ("pmap_mapbios: Invalid page entry, va: 0x%lx",
5422 ("pmap_mapbios: Invalid level %d", lvl));
5424 /* Insert L2_BLOCK */
5425 l2 = pmap_l1_to_l2(pde, va);
5427 pa | ATTR_DEFAULT | ATTR_S1_XN |
5428 ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK) | L2_BLOCK);
5433 pmap_invalidate_all(kernel_pmap);
5435 va = preinit_map_va + (start_idx * L2_SIZE);
5438 /* kva_alloc may be used to map the pages */
5439 offset = pa & PAGE_MASK;
5440 size = round_page(offset + size);
5442 va = kva_alloc(size);
5444 panic("%s: Couldn't allocate KVA", __func__);
5446 pde = pmap_pde(kernel_pmap, va, &lvl);
5447 KASSERT(lvl == 2, ("pmap_mapbios: Invalid level %d", lvl));
5449 /* L3 table is linked */
5450 va = trunc_page(va);
5451 pa = trunc_page(pa);
5452 pmap_kenter(va, size, pa, memory_mapping_mode(pa));
5455 return ((void *)(va + offset));
5459 pmap_unmapbios(vm_offset_t va, vm_size_t size)
5461 struct pmap_preinit_mapping *ppim;
5462 vm_offset_t offset, tmpsize, va_trunc;
5465 int i, lvl, l2_blocks, block;
5469 (roundup2(va + size, L2_SIZE) - rounddown2(va, L2_SIZE)) >> L2_SHIFT;
5470 KASSERT(l2_blocks > 0, ("pmap_unmapbios: invalid size %lx", size));
5472 /* Remove preinit mapping */
5473 preinit_map = false;
5475 for (i = 0; i < PMAP_PREINIT_MAPPING_COUNT; i++) {
5476 ppim = pmap_preinit_mapping + i;
5477 if (ppim->va == va) {
5478 KASSERT(ppim->size == size,
5479 ("pmap_unmapbios: size mismatch"));
5484 offset = block * L2_SIZE;
5485 va_trunc = rounddown2(va, L2_SIZE) + offset;
5487 /* Remove L2_BLOCK */
5488 pde = pmap_pde(kernel_pmap, va_trunc, &lvl);
5489 KASSERT(pde != NULL,
5490 ("pmap_unmapbios: Invalid page entry, va: 0x%lx",
5492 l2 = pmap_l1_to_l2(pde, va_trunc);
5495 if (block == (l2_blocks - 1))
5501 pmap_invalidate_all(kernel_pmap);
5505 /* Unmap the pages reserved with kva_alloc. */
5506 if (vm_initialized) {
5507 offset = va & PAGE_MASK;
5508 size = round_page(offset + size);
5509 va = trunc_page(va);
5511 pde = pmap_pde(kernel_pmap, va, &lvl);
5512 KASSERT(pde != NULL,
5513 ("pmap_unmapbios: Invalid page entry, va: 0x%lx", va));
5514 KASSERT(lvl == 2, ("pmap_unmapbios: Invalid level %d", lvl));
5516 /* Unmap and invalidate the pages */
5517 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
5518 pmap_kremove(va + tmpsize);
5525 * Sets the memory attribute for the specified page.
5528 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5531 m->md.pv_memattr = ma;
5534 * If "m" is a normal page, update its direct mapping. This update
5535 * can be relied upon to perform any cache operations that are
5536 * required for data coherence.
5538 if ((m->flags & PG_FICTITIOUS) == 0 &&
5539 pmap_change_attr(PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)), PAGE_SIZE,
5540 m->md.pv_memattr) != 0)
5541 panic("memory attribute change on the direct map failed");
5545 * Changes the specified virtual address range's memory type to that given by
5546 * the parameter "mode". The specified virtual address range must be
5547 * completely contained within either the direct map or the kernel map. If
5548 * the virtual address range is contained within the kernel map, then the
5549 * memory type for each of the corresponding ranges of the direct map is also
5550 * changed. (The corresponding ranges of the direct map are those ranges that
5551 * map the same physical pages as the specified virtual address range.) These
5552 * changes to the direct map are necessary because Intel describes the
5553 * behavior of their processors as "undefined" if two or more mappings to the
5554 * same physical page have different memory types.
5556 * Returns zero if the change completed successfully, and either EINVAL or
5557 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
5558 * of the virtual address range was not mapped, and ENOMEM is returned if
5559 * there was insufficient memory available to complete the change. In the
5560 * latter case, the memory type may have been changed on some part of the
5561 * virtual address range or the direct map.
5564 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
5568 PMAP_LOCK(kernel_pmap);
5569 error = pmap_change_attr_locked(va, size, mode);
5570 PMAP_UNLOCK(kernel_pmap);
5575 pmap_change_attr_locked(vm_offset_t va, vm_size_t size, int mode)
5577 vm_offset_t base, offset, tmpva;
5578 pt_entry_t l3, *pte, *newpte;
5581 PMAP_LOCK_ASSERT(kernel_pmap, MA_OWNED);
5582 base = trunc_page(va);
5583 offset = va & PAGE_MASK;
5584 size = round_page(offset + size);
5586 if (!VIRT_IN_DMAP(base) &&
5587 !(base >= VM_MIN_KERNEL_ADDRESS && base < VM_MAX_KERNEL_ADDRESS))
5590 for (tmpva = base; tmpva < base + size; ) {
5591 pte = pmap_pte(kernel_pmap, tmpva, &lvl);
5595 if ((pmap_load(pte) & ATTR_S1_IDX_MASK) == ATTR_S1_IDX(mode)) {
5597 * We already have the correct attribute,
5598 * ignore this entry.
5602 panic("Invalid DMAP table level: %d\n", lvl);
5604 tmpva = (tmpva & ~L1_OFFSET) + L1_SIZE;
5607 tmpva = (tmpva & ~L2_OFFSET) + L2_SIZE;
5615 * Split the entry to an level 3 table, then
5616 * set the new attribute.
5620 panic("Invalid DMAP table level: %d\n", lvl);
5622 newpte = pmap_demote_l1(kernel_pmap, pte,
5623 tmpva & ~L1_OFFSET);
5626 pte = pmap_l1_to_l2(pte, tmpva);
5628 newpte = pmap_demote_l2(kernel_pmap, pte,
5632 pte = pmap_l2_to_l3(pte, tmpva);
5634 /* Update the entry */
5635 l3 = pmap_load(pte);
5636 l3 &= ~ATTR_S1_IDX_MASK;
5637 l3 |= ATTR_S1_IDX(mode);
5638 if (mode == VM_MEMATTR_DEVICE)
5641 pmap_update_entry(kernel_pmap, pte, l3, tmpva,
5645 * If moving to a non-cacheable entry flush
5648 if (mode == VM_MEMATTR_UNCACHEABLE)
5649 cpu_dcache_wbinv_range(tmpva, L3_SIZE);
5661 * Create an L2 table to map all addresses within an L1 mapping.
5664 pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va)
5666 pt_entry_t *l2, newl2, oldl1;
5668 vm_paddr_t l2phys, phys;
5672 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5673 oldl1 = pmap_load(l1);
5674 KASSERT((oldl1 & ATTR_DESCR_MASK) == L1_BLOCK,
5675 ("pmap_demote_l1: Demoting a non-block entry"));
5676 KASSERT((va & L1_OFFSET) == 0,
5677 ("pmap_demote_l1: Invalid virtual address %#lx", va));
5678 KASSERT((oldl1 & ATTR_SW_MANAGED) == 0,
5679 ("pmap_demote_l1: Level 1 table shouldn't be managed"));
5682 if (va <= (vm_offset_t)l1 && va + L1_SIZE > (vm_offset_t)l1) {
5683 tmpl1 = kva_alloc(PAGE_SIZE);
5688 if ((ml2 = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
5689 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
5690 CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx"
5691 " in pmap %p", va, pmap);
5695 l2phys = VM_PAGE_TO_PHYS(ml2);
5696 l2 = (pt_entry_t *)PHYS_TO_DMAP(l2phys);
5698 /* Address the range points at */
5699 phys = oldl1 & ~ATTR_MASK;
5700 /* The attributed from the old l1 table to be copied */
5701 newl2 = oldl1 & ATTR_MASK;
5703 /* Create the new entries */
5704 for (i = 0; i < Ln_ENTRIES; i++) {
5705 l2[i] = newl2 | phys;
5708 KASSERT(l2[0] == ((oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK),
5709 ("Invalid l2 page (%lx != %lx)", l2[0],
5710 (oldl1 & ~ATTR_DESCR_MASK) | L2_BLOCK));
5713 pmap_kenter(tmpl1, PAGE_SIZE,
5714 DMAP_TO_PHYS((vm_offset_t)l1) & ~L3_OFFSET,
5715 VM_MEMATTR_WRITE_BACK);
5716 l1 = (pt_entry_t *)(tmpl1 + ((vm_offset_t)l1 & PAGE_MASK));
5719 pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE);
5722 pmap_kremove(tmpl1);
5723 kva_free(tmpl1, PAGE_SIZE);
5730 pmap_fill_l3(pt_entry_t *firstl3, pt_entry_t newl3)
5734 for (l3 = firstl3; l3 - firstl3 < Ln_ENTRIES; l3++) {
5741 pmap_demote_l2_abort(pmap_t pmap, vm_offset_t va, pt_entry_t *l2,
5742 struct rwlock **lockp)
5744 struct spglist free;
5747 (void)pmap_remove_l2(pmap, l2, va, pmap_load(pmap_l1(pmap, va)), &free,
5749 vm_page_free_pages_toq(&free, true);
5753 * Create an L3 table to map all addresses within an L2 mapping.
5756 pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va,
5757 struct rwlock **lockp)
5759 pt_entry_t *l3, newl3, oldl2;
5764 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
5765 PMAP_ASSERT_STAGE1(pmap);
5767 oldl2 = pmap_load(l2);
5768 KASSERT((oldl2 & ATTR_DESCR_MASK) == L2_BLOCK,
5769 ("pmap_demote_l2: Demoting a non-block entry"));
5773 if (va <= (vm_offset_t)l2 && va + L2_SIZE > (vm_offset_t)l2) {
5774 tmpl2 = kva_alloc(PAGE_SIZE);
5780 * Invalidate the 2MB page mapping and return "failure" if the
5781 * mapping was never accessed.
5783 if ((oldl2 & ATTR_AF) == 0) {
5784 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
5785 ("pmap_demote_l2: a wired mapping is missing ATTR_AF"));
5786 pmap_demote_l2_abort(pmap, va, l2, lockp);
5787 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx in pmap %p",
5792 if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) {
5793 KASSERT((oldl2 & ATTR_SW_WIRED) == 0,
5794 ("pmap_demote_l2: page table page for a wired mapping"
5798 * If the page table page is missing and the mapping
5799 * is for a kernel address, the mapping must belong to
5800 * the direct map. Page table pages are preallocated
5801 * for every other part of the kernel address space,
5802 * so the direct map region is the only part of the
5803 * kernel address space that must be handled here.
5805 KASSERT(va < VM_MAXUSER_ADDRESS || VIRT_IN_DMAP(va),
5806 ("pmap_demote_l2: No saved mpte for va %#lx", va));
5809 * If the 2MB page mapping belongs to the direct map
5810 * region of the kernel's address space, then the page
5811 * allocation request specifies the highest possible
5812 * priority (VM_ALLOC_INTERRUPT). Otherwise, the
5813 * priority is normal.
5815 ml3 = vm_page_alloc(NULL, pmap_l2_pindex(va),
5816 (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT : VM_ALLOC_NORMAL) |
5817 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
5820 * If the allocation of the new page table page fails,
5821 * invalidate the 2MB page mapping and return "failure".
5824 pmap_demote_l2_abort(pmap, va, l2, lockp);
5825 CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx"
5826 " in pmap %p", va, pmap);
5830 if (va < VM_MAXUSER_ADDRESS) {
5831 ml3->ref_count = NL3PG;
5832 pmap_resident_count_inc(pmap, 1);
5835 l3phys = VM_PAGE_TO_PHYS(ml3);
5836 l3 = (pt_entry_t *)PHYS_TO_DMAP(l3phys);
5837 newl3 = (oldl2 & ~ATTR_DESCR_MASK) | L3_PAGE;
5838 KASSERT((oldl2 & (ATTR_S1_AP_RW_BIT | ATTR_SW_DBM)) !=
5839 (ATTR_S1_AP(ATTR_S1_AP_RO) | ATTR_SW_DBM),
5840 ("pmap_demote_l2: L2 entry is writeable but not dirty"));
5843 * If the page table page is not leftover from an earlier promotion,
5844 * or the mapping attributes have changed, (re)initialize the L3 table.
5846 * When pmap_update_entry() clears the old L2 mapping, it (indirectly)
5847 * performs a dsb(). That dsb() ensures that the stores for filling
5848 * "l3" are visible before "l3" is added to the page table.
5850 if (ml3->valid == 0 || (l3[0] & ATTR_MASK) != (newl3 & ATTR_MASK))
5851 pmap_fill_l3(l3, newl3);
5854 * Map the temporary page so we don't lose access to the l2 table.
5857 pmap_kenter(tmpl2, PAGE_SIZE,
5858 DMAP_TO_PHYS((vm_offset_t)l2) & ~L3_OFFSET,
5859 VM_MEMATTR_WRITE_BACK);
5860 l2 = (pt_entry_t *)(tmpl2 + ((vm_offset_t)l2 & PAGE_MASK));
5864 * The spare PV entries must be reserved prior to demoting the
5865 * mapping, that is, prior to changing the PDE. Otherwise, the state
5866 * of the L2 and the PV lists will be inconsistent, which can result
5867 * in reclaim_pv_chunk() attempting to remove a PV entry from the
5868 * wrong PV list and pmap_pv_demote_l2() failing to find the expected
5869 * PV entry for the 2MB page mapping that is being demoted.
5871 if ((oldl2 & ATTR_SW_MANAGED) != 0)
5872 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
5875 * Pass PAGE_SIZE so that a single TLB invalidation is performed on
5876 * the 2MB page mapping.
5878 pmap_update_entry(pmap, l2, l3phys | L2_TABLE, va, PAGE_SIZE);
5881 * Demote the PV entry.
5883 if ((oldl2 & ATTR_SW_MANAGED) != 0)
5884 pmap_pv_demote_l2(pmap, va, oldl2 & ~ATTR_MASK, lockp);
5886 atomic_add_long(&pmap_l2_demotions, 1);
5887 CTR3(KTR_PMAP, "pmap_demote_l2: success for va %#lx"
5888 " in pmap %p %lx", va, pmap, l3[0]);
5892 pmap_kremove(tmpl2);
5893 kva_free(tmpl2, PAGE_SIZE);
5901 pmap_demote_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
5903 struct rwlock *lock;
5907 l3 = pmap_demote_l2_locked(pmap, l2, va, &lock);
5914 * Perform the pmap work for mincore(2). If the page is not both referenced and
5915 * modified by this pmap, returns its physical address so that the caller can
5916 * find other mappings.
5919 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
5921 pt_entry_t *pte, tpte;
5922 vm_paddr_t mask, pa;
5926 PMAP_ASSERT_STAGE1(pmap);
5928 pte = pmap_pte(pmap, addr, &lvl);
5930 tpte = pmap_load(pte);
5943 panic("pmap_mincore: invalid level %d", lvl);
5946 managed = (tpte & ATTR_SW_MANAGED) != 0;
5947 val = MINCORE_INCORE;
5949 val |= MINCORE_SUPER;
5950 if ((managed && pmap_pte_dirty(pmap, tpte)) || (!managed &&
5951 (tpte & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP(ATTR_S1_AP_RW)))
5952 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5953 if ((tpte & ATTR_AF) == ATTR_AF)
5954 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
5956 pa = (tpte & ~ATTR_MASK) | (addr & mask);
5962 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5963 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
5971 * Garbage collect every ASID that is neither active on a processor nor
5975 pmap_reset_asid_set(pmap_t pmap)
5978 int asid, cpuid, epoch;
5979 struct asid_set *set;
5980 enum pmap_stage stage;
5982 set = pmap->pm_asid_set;
5983 stage = pmap->pm_stage;
5985 set = pmap->pm_asid_set;
5986 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
5987 mtx_assert(&set->asid_set_mutex, MA_OWNED);
5990 * Ensure that the store to asid_epoch is globally visible before the
5991 * loads from pc_curpmap are performed.
5993 epoch = set->asid_epoch + 1;
5994 if (epoch == INT_MAX)
5996 set->asid_epoch = epoch;
5998 if (stage == PM_STAGE1) {
5999 __asm __volatile("tlbi vmalle1is");
6001 KASSERT(pmap_clean_stage2_tlbi != NULL,
6002 ("%s: Unset stage 2 tlb invalidation callback\n",
6004 pmap_clean_stage2_tlbi();
6007 bit_nclear(set->asid_set, ASID_FIRST_AVAILABLE,
6008 set->asid_set_size - 1);
6009 CPU_FOREACH(cpuid) {
6010 if (cpuid == curcpu)
6012 if (stage == PM_STAGE1) {
6013 curpmap = pcpu_find(cpuid)->pc_curpmap;
6014 PMAP_ASSERT_STAGE1(pmap);
6016 curpmap = pcpu_find(cpuid)->pc_curvmpmap;
6017 if (curpmap == NULL)
6019 PMAP_ASSERT_STAGE2(pmap);
6021 KASSERT(curpmap->pm_asid_set == set, ("Incorrect set"));
6022 asid = COOKIE_TO_ASID(curpmap->pm_cookie);
6025 bit_set(set->asid_set, asid);
6026 curpmap->pm_cookie = COOKIE_FROM(asid, epoch);
6031 * Allocate a new ASID for the specified pmap.
6034 pmap_alloc_asid(pmap_t pmap)
6036 struct asid_set *set;
6039 set = pmap->pm_asid_set;
6040 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6042 mtx_lock_spin(&set->asid_set_mutex);
6045 * While this processor was waiting to acquire the asid set mutex,
6046 * pmap_reset_asid_set() running on another processor might have
6047 * updated this pmap's cookie to the current epoch. In which case, we
6048 * don't need to allocate a new ASID.
6050 if (COOKIE_TO_EPOCH(pmap->pm_cookie) == set->asid_epoch)
6053 bit_ffc_at(set->asid_set, set->asid_next, set->asid_set_size,
6055 if (new_asid == -1) {
6056 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6057 set->asid_next, &new_asid);
6058 if (new_asid == -1) {
6059 pmap_reset_asid_set(pmap);
6060 bit_ffc_at(set->asid_set, ASID_FIRST_AVAILABLE,
6061 set->asid_set_size, &new_asid);
6062 KASSERT(new_asid != -1, ("ASID allocation failure"));
6065 bit_set(set->asid_set, new_asid);
6066 set->asid_next = new_asid + 1;
6067 pmap->pm_cookie = COOKIE_FROM(new_asid, set->asid_epoch);
6069 mtx_unlock_spin(&set->asid_set_mutex);
6073 * Compute the value that should be stored in ttbr0 to activate the specified
6074 * pmap. This value may change from time to time.
6077 pmap_to_ttbr0(pmap_t pmap)
6080 return (ASID_TO_OPERAND(COOKIE_TO_ASID(pmap->pm_cookie)) |
6085 pmap_activate_int(pmap_t pmap)
6087 struct asid_set *set;
6090 KASSERT(PCPU_GET(curpmap) != NULL, ("no active pmap"));
6091 KASSERT(pmap != kernel_pmap, ("kernel pmap activation"));
6093 if ((pmap->pm_stage == PM_STAGE1 && pmap == PCPU_GET(curpmap)) ||
6094 (pmap->pm_stage == PM_STAGE2 && pmap == PCPU_GET(curvmpmap))) {
6096 * Handle the possibility that the old thread was preempted
6097 * after an "ic" or "tlbi" instruction but before it performed
6098 * a "dsb" instruction. If the old thread migrates to a new
6099 * processor, its completion of a "dsb" instruction on that
6100 * new processor does not guarantee that the "ic" or "tlbi"
6101 * instructions performed on the old processor have completed.
6107 set = pmap->pm_asid_set;
6108 KASSERT(set != NULL, ("%s: NULL asid set", __func__));
6111 * Ensure that the store to curpmap is globally visible before the
6112 * load from asid_epoch is performed.
6114 if (pmap->pm_stage == PM_STAGE1)
6115 PCPU_SET(curpmap, pmap);
6117 PCPU_SET(curvmpmap, pmap);
6119 epoch = COOKIE_TO_EPOCH(pmap->pm_cookie);
6120 if (epoch >= 0 && epoch != set->asid_epoch)
6121 pmap_alloc_asid(pmap);
6123 if (pmap->pm_stage == PM_STAGE1) {
6124 set_ttbr0(pmap_to_ttbr0(pmap));
6125 if (PCPU_GET(bcast_tlbi_workaround) != 0)
6126 invalidate_local_icache();
6132 pmap_activate_vm(pmap_t pmap)
6135 PMAP_ASSERT_STAGE2(pmap);
6137 (void)pmap_activate_int(pmap);
6141 pmap_activate(struct thread *td)
6145 pmap = vmspace_pmap(td->td_proc->p_vmspace);
6146 PMAP_ASSERT_STAGE1(pmap);
6148 (void)pmap_activate_int(pmap);
6153 * To eliminate the unused parameter "old", we would have to add an instruction
6157 pmap_switch(struct thread *old __unused, struct thread *new)
6159 pcpu_bp_harden bp_harden;
6162 /* Store the new curthread */
6163 PCPU_SET(curthread, new);
6165 /* And the new pcb */
6167 PCPU_SET(curpcb, pcb);
6170 * TODO: We may need to flush the cache here if switching
6171 * to a user process.
6174 if (pmap_activate_int(vmspace_pmap(new->td_proc->p_vmspace))) {
6176 * Stop userspace from training the branch predictor against
6177 * other processes. This will call into a CPU specific
6178 * function that clears the branch predictor state.
6180 bp_harden = PCPU_GET(bp_harden);
6181 if (bp_harden != NULL)
6189 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
6192 PMAP_ASSERT_STAGE1(pmap);
6193 if (va >= VM_MIN_KERNEL_ADDRESS) {
6194 cpu_icache_sync_range(va, sz);
6199 /* Find the length of data in this page to flush */
6200 offset = va & PAGE_MASK;
6201 len = imin(PAGE_SIZE - offset, sz);
6204 /* Extract the physical address & find it in the DMAP */
6205 pa = pmap_extract(pmap, va);
6207 cpu_icache_sync_range(PHYS_TO_DMAP(pa), len);
6209 /* Move to the next page */
6212 /* Set the length for the next iteration */
6213 len = imin(PAGE_SIZE, sz);
6219 pmap_stage2_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6222 pt_entry_t *ptep, pte;
6225 PMAP_ASSERT_STAGE2(pmap);
6228 /* Data and insn aborts use same encoding for FSC field. */
6229 dfsc = esr & ISS_DATA_DFSC_MASK;
6231 case ISS_DATA_DFSC_TF_L0:
6232 case ISS_DATA_DFSC_TF_L1:
6233 case ISS_DATA_DFSC_TF_L2:
6234 case ISS_DATA_DFSC_TF_L3:
6236 pdep = pmap_pde(pmap, far, &lvl);
6237 if (pdep == NULL || lvl != (dfsc - ISS_DATA_DFSC_TF_L1)) {
6244 ptep = pmap_l0_to_l1(pdep, far);
6247 ptep = pmap_l1_to_l2(pdep, far);
6250 ptep = pmap_l2_to_l3(pdep, far);
6253 panic("%s: Invalid pde level %d", __func__,lvl);
6257 case ISS_DATA_DFSC_AFF_L1:
6258 case ISS_DATA_DFSC_AFF_L2:
6259 case ISS_DATA_DFSC_AFF_L3:
6261 ptep = pmap_pte(pmap, far, &lvl);
6263 if (ptep != NULL && (pte = pmap_load(ptep)) != 0) {
6265 pmap_invalidate_vpipt_icache();
6268 * If accessing an executable page invalidate
6269 * the I-cache so it will be valid when we
6270 * continue execution in the guest. The D-cache
6271 * is assumed to already be clean to the Point
6274 if ((pte & ATTR_S2_XN_MASK) !=
6275 ATTR_S2_XN(ATTR_S2_XN_NONE)) {
6276 invalidate_icache();
6279 pmap_set_bits(ptep, ATTR_AF | ATTR_DESCR_VALID);
6290 pmap_fault(pmap_t pmap, uint64_t esr, uint64_t far)
6292 pt_entry_t pte, *ptep;
6299 ec = ESR_ELx_EXCEPTION(esr);
6301 case EXCP_INSN_ABORT_L:
6302 case EXCP_INSN_ABORT:
6303 case EXCP_DATA_ABORT_L:
6304 case EXCP_DATA_ABORT:
6310 if (pmap->pm_stage == PM_STAGE2)
6311 return (pmap_stage2_fault(pmap, esr, far));
6313 /* Data and insn aborts use same encoding for FSC field. */
6314 switch (esr & ISS_DATA_DFSC_MASK) {
6315 case ISS_DATA_DFSC_AFF_L1:
6316 case ISS_DATA_DFSC_AFF_L2:
6317 case ISS_DATA_DFSC_AFF_L3:
6319 ptep = pmap_pte(pmap, far, &lvl);
6321 pmap_set_bits(ptep, ATTR_AF);
6324 * XXXMJ as an optimization we could mark the entry
6325 * dirty if this is a write fault.
6330 case ISS_DATA_DFSC_PF_L1:
6331 case ISS_DATA_DFSC_PF_L2:
6332 case ISS_DATA_DFSC_PF_L3:
6333 if ((ec != EXCP_DATA_ABORT_L && ec != EXCP_DATA_ABORT) ||
6334 (esr & ISS_DATA_WnR) == 0)
6337 ptep = pmap_pte(pmap, far, &lvl);
6339 ((pte = pmap_load(ptep)) & ATTR_SW_DBM) != 0) {
6340 if ((pte & ATTR_S1_AP_RW_BIT) ==
6341 ATTR_S1_AP(ATTR_S1_AP_RO)) {
6342 pmap_clear_bits(ptep, ATTR_S1_AP_RW_BIT);
6343 pmap_invalidate_page(pmap, far);
6349 case ISS_DATA_DFSC_TF_L0:
6350 case ISS_DATA_DFSC_TF_L1:
6351 case ISS_DATA_DFSC_TF_L2:
6352 case ISS_DATA_DFSC_TF_L3:
6354 * Retry the translation. A break-before-make sequence can
6355 * produce a transient fault.
6357 if (pmap == kernel_pmap) {
6359 * The translation fault may have occurred within a
6360 * critical section. Therefore, we must check the
6361 * address without acquiring the kernel pmap's lock.
6363 if (pmap_kextract(far) != 0)
6367 /* Ask the MMU to check the address. */
6368 intr = intr_disable();
6369 par = arm64_address_translate_s1e0r(far);
6374 * If the translation was successful, then we can
6375 * return success to the trap handler.
6377 if (PAR_SUCCESS(par))
6387 * Increase the starting virtual address of the given mapping if a
6388 * different alignment might result in more superpage mappings.
6391 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
6392 vm_offset_t *addr, vm_size_t size)
6394 vm_offset_t superpage_offset;
6398 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
6399 offset += ptoa(object->pg_color);
6400 superpage_offset = offset & L2_OFFSET;
6401 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
6402 (*addr & L2_OFFSET) == superpage_offset)
6404 if ((*addr & L2_OFFSET) < superpage_offset)
6405 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
6407 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
6411 * Get the kernel virtual address of a set of physical pages. If there are
6412 * physical addresses not covered by the DMAP perform a transient mapping
6413 * that will be removed when calling pmap_unmap_io_transient.
6415 * \param page The pages the caller wishes to obtain the virtual
6416 * address on the kernel memory map.
6417 * \param vaddr On return contains the kernel virtual memory address
6418 * of the pages passed in the page parameter.
6419 * \param count Number of pages passed in.
6420 * \param can_fault TRUE if the thread using the mapped pages can take
6421 * page faults, FALSE otherwise.
6423 * \returns TRUE if the caller must call pmap_unmap_io_transient when
6424 * finished or FALSE otherwise.
6428 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
6429 boolean_t can_fault)
6432 boolean_t needs_mapping;
6436 * Allocate any KVA space that we need, this is done in a separate
6437 * loop to prevent calling vmem_alloc while pinned.
6439 needs_mapping = FALSE;
6440 for (i = 0; i < count; i++) {
6441 paddr = VM_PAGE_TO_PHYS(page[i]);
6442 if (__predict_false(!PHYS_IN_DMAP(paddr))) {
6443 error = vmem_alloc(kernel_arena, PAGE_SIZE,
6444 M_BESTFIT | M_WAITOK, &vaddr[i]);
6445 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
6446 needs_mapping = TRUE;
6448 vaddr[i] = PHYS_TO_DMAP(paddr);
6452 /* Exit early if everything is covered by the DMAP */
6458 for (i = 0; i < count; i++) {
6459 paddr = VM_PAGE_TO_PHYS(page[i]);
6460 if (!PHYS_IN_DMAP(paddr)) {
6462 "pmap_map_io_transient: TODO: Map out of DMAP data");
6466 return (needs_mapping);
6470 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
6471 boolean_t can_fault)
6478 for (i = 0; i < count; i++) {
6479 paddr = VM_PAGE_TO_PHYS(page[i]);
6480 if (!PHYS_IN_DMAP(paddr)) {
6481 panic("ARM64TODO: pmap_unmap_io_transient: Unmap data");
6487 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
6490 return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_THROUGH);
6494 * Track a range of the kernel's virtual address space that is contiguous
6495 * in various mapping attributes.
6497 struct pmap_kernel_map_range {
6507 sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range,
6513 if (eva <= range->sva)
6516 index = range->attrs & ATTR_S1_IDX_MASK;
6518 case ATTR_S1_IDX(VM_MEMATTR_DEVICE):
6521 case ATTR_S1_IDX(VM_MEMATTR_UNCACHEABLE):
6524 case ATTR_S1_IDX(VM_MEMATTR_WRITE_BACK):
6527 case ATTR_S1_IDX(VM_MEMATTR_WRITE_THROUGH):
6532 "%s: unknown memory type %x for range 0x%016lx-0x%016lx\n",
6533 __func__, index, range->sva, eva);
6538 sbuf_printf(sb, "0x%016lx-0x%016lx r%c%c%c %3s %d %d %d %d\n",
6540 (range->attrs & ATTR_S1_AP_RW_BIT) == ATTR_S1_AP_RW ? 'w' : '-',
6541 (range->attrs & ATTR_S1_PXN) != 0 ? '-' : 'x',
6542 (range->attrs & ATTR_S1_AP_USER) != 0 ? 'u' : 's',
6543 mode, range->l1blocks, range->l2blocks, range->l3contig,
6546 /* Reset to sentinel value. */
6547 range->sva = 0xfffffffffffffffful;
6551 * Determine whether the attributes specified by a page table entry match those
6552 * being tracked by the current range.
6555 sysctl_kmaps_match(struct pmap_kernel_map_range *range, pt_entry_t attrs)
6558 return (range->attrs == attrs);
6562 sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va,
6566 memset(range, 0, sizeof(*range));
6568 range->attrs = attrs;
6572 * Given a leaf PTE, derive the mapping's attributes. If they do not match
6573 * those of the current run, dump the address range and its attributes, and
6577 sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range,
6578 vm_offset_t va, pd_entry_t l0e, pd_entry_t l1e, pd_entry_t l2e,
6583 attrs = l0e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6584 attrs |= l1e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6585 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK)
6586 attrs |= l1e & ATTR_S1_IDX_MASK;
6587 attrs |= l2e & (ATTR_S1_AP_MASK | ATTR_S1_XN);
6588 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK)
6589 attrs |= l2e & ATTR_S1_IDX_MASK;
6590 attrs |= l3e & (ATTR_S1_AP_MASK | ATTR_S1_XN | ATTR_S1_IDX_MASK);
6592 if (range->sva > va || !sysctl_kmaps_match(range, attrs)) {
6593 sysctl_kmaps_dump(sb, range, va);
6594 sysctl_kmaps_reinit(range, va, attrs);
6599 sysctl_kmaps(SYSCTL_HANDLER_ARGS)
6601 struct pmap_kernel_map_range range;
6602 struct sbuf sbuf, *sb;
6603 pd_entry_t l0e, *l1, l1e, *l2, l2e;
6604 pt_entry_t *l3, l3e;
6607 int error, i, j, k, l;
6609 error = sysctl_wire_old_buffer(req, 0);
6613 sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req);
6615 /* Sentinel value. */
6616 range.sva = 0xfffffffffffffffful;
6619 * Iterate over the kernel page tables without holding the kernel pmap
6620 * lock. Kernel page table pages are never freed, so at worst we will
6621 * observe inconsistencies in the output.
6623 for (sva = 0xffff000000000000ul, i = pmap_l0_index(sva); i < Ln_ENTRIES;
6625 if (i == pmap_l0_index(DMAP_MIN_ADDRESS))
6626 sbuf_printf(sb, "\nDirect map:\n");
6627 else if (i == pmap_l0_index(VM_MIN_KERNEL_ADDRESS))
6628 sbuf_printf(sb, "\nKernel map:\n");
6630 l0e = kernel_pmap->pm_l0[i];
6631 if ((l0e & ATTR_DESCR_VALID) == 0) {
6632 sysctl_kmaps_dump(sb, &range, sva);
6636 pa = l0e & ~ATTR_MASK;
6637 l1 = (pd_entry_t *)PHYS_TO_DMAP(pa);
6639 for (j = pmap_l1_index(sva); j < Ln_ENTRIES; j++) {
6641 if ((l1e & ATTR_DESCR_VALID) == 0) {
6642 sysctl_kmaps_dump(sb, &range, sva);
6646 if ((l1e & ATTR_DESCR_MASK) == L1_BLOCK) {
6647 sysctl_kmaps_check(sb, &range, sva, l0e, l1e,
6653 pa = l1e & ~ATTR_MASK;
6654 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa);
6656 for (k = pmap_l2_index(sva); k < Ln_ENTRIES; k++) {
6658 if ((l2e & ATTR_DESCR_VALID) == 0) {
6659 sysctl_kmaps_dump(sb, &range, sva);
6663 if ((l2e & ATTR_DESCR_MASK) == L2_BLOCK) {
6664 sysctl_kmaps_check(sb, &range, sva,
6670 pa = l2e & ~ATTR_MASK;
6671 l3 = (pt_entry_t *)PHYS_TO_DMAP(pa);
6673 for (l = pmap_l3_index(sva); l < Ln_ENTRIES;
6674 l++, sva += L3_SIZE) {
6676 if ((l3e & ATTR_DESCR_VALID) == 0) {
6677 sysctl_kmaps_dump(sb, &range,
6681 sysctl_kmaps_check(sb, &range, sva,
6682 l0e, l1e, l2e, l3e);
6683 if ((l3e & ATTR_CONTIGUOUS) != 0)
6684 range.l3contig += l % 16 == 0 ?
6693 error = sbuf_finish(sb);
6697 SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
6698 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
6699 NULL, 0, sysctl_kmaps, "A",
6700 "Dump kernel address layout");
projects / FreeBSD / FreeBSD.git / blob