2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1991 Regents of the University of California.
6 * Copyright (c) 1994 John S. Dyson
8 * Copyright (c) 1994 David Greenman
10 * Copyright (c) 2003 Peter Wemm
11 * All rights reserved.
12 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
13 * All rights reserved.
14 * Copyright (c) 2014 Andrew Turner
15 * All rights reserved.
16 * Copyright (c) 2014 The FreeBSD Foundation
17 * All rights reserved.
18 * Copyright (c) 2015-2018 Ruslan Bukin <br@bsdpad.com>
19 * All rights reserved.
21 * This code is derived from software contributed to Berkeley by
22 * the Systems Programming Group of the University of Utah Computer
23 * Science Department and William Jolitz of UUNET Technologies Inc.
25 * Portions of this software were developed by Andrew Turner under
26 * sponsorship from The FreeBSD Foundation.
28 * Portions of this software were developed by SRI International and the
29 * University of Cambridge Computer Laboratory under DARPA/AFRL contract
30 * FA8750-10-C-0237 ("CTSRD"), as part of the DARPA CRASH research programme.
32 * Portions of this software were developed by the University of Cambridge
33 * Computer Laboratory as part of the CTSRD Project, with support from the
34 * UK Higher Education Innovation Fund (HEIF).
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. All advertising materials mentioning features or use of this software
45 * must display the following acknowledgement:
46 * This product includes software developed by the University of
47 * California, Berkeley and its contributors.
48 * 4. Neither the name of the University nor the names of its contributors
49 * may be used to endorse or promote products derived from this software
50 * without specific prior written permission.
52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
67 * Copyright (c) 2003 Networks Associates Technology, Inc.
68 * All rights reserved.
70 * This software was developed for the FreeBSD Project by Jake Burkholder,
71 * Safeport Network Services, and Network Associates Laboratories, the
72 * Security Research Division of Network Associates, Inc. under
73 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
74 * CHATS research program.
76 * Redistribution and use in source and binary forms, with or without
77 * modification, are permitted provided that the following conditions
79 * 1. Redistributions of source code must retain the above copyright
80 * notice, this list of conditions and the following disclaimer.
81 * 2. Redistributions in binary form must reproduce the above copyright
82 * notice, this list of conditions and the following disclaimer in the
83 * documentation and/or other materials provided with the distribution.
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
98 #include <sys/cdefs.h>
99 __FBSDID("$FreeBSD$");
102 * Manages physical address maps.
104 * Since the information managed by this module is
105 * also stored by the logical address mapping module,
106 * this module may throw away valid virtual-to-physical
107 * mappings at almost any time. However, invalidations
108 * of virtual-to-physical mappings must be done as
111 * In order to cope with hardware architectures which
112 * make virtual-to-physical map invalidates expensive,
113 * this module may delay invalidate or reduced protection
114 * operations until such time as they are actually
115 * necessary. This module is given full information as
116 * to which processors are currently using which maps,
117 * and to when physical maps must be made correct.
120 #include <sys/param.h>
121 #include <sys/systm.h>
122 #include <sys/bitstring.h>
124 #include <sys/cpuset.h>
125 #include <sys/kernel.h>
127 #include <sys/lock.h>
128 #include <sys/malloc.h>
129 #include <sys/mman.h>
130 #include <sys/msgbuf.h>
131 #include <sys/mutex.h>
132 #include <sys/proc.h>
133 #include <sys/rwlock.h>
134 #include <sys/sbuf.h>
136 #include <sys/vmem.h>
137 #include <sys/vmmeter.h>
138 #include <sys/sched.h>
139 #include <sys/sysctl.h>
143 #include <vm/vm_param.h>
144 #include <vm/vm_kern.h>
145 #include <vm/vm_page.h>
146 #include <vm/vm_map.h>
147 #include <vm/vm_object.h>
148 #include <vm/vm_extern.h>
149 #include <vm/vm_pageout.h>
150 #include <vm/vm_pager.h>
151 #include <vm/vm_phys.h>
152 #include <vm/vm_radix.h>
153 #include <vm/vm_reserv.h>
156 #include <machine/machdep.h>
157 #include <machine/md_var.h>
158 #include <machine/pcb.h>
159 #include <machine/sbi.h>
161 #define NUL1E (Ln_ENTRIES * Ln_ENTRIES)
162 #define NUL2E (Ln_ENTRIES * NUL1E)
164 #if !defined(DIAGNOSTIC)
165 #ifdef __GNUC_GNU_INLINE__
166 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
168 #define PMAP_INLINE extern inline
175 #define PV_STAT(x) do { x ; } while (0)
177 #define PV_STAT(x) do { } while (0)
180 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
181 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
183 #define NPV_LIST_LOCKS MAXCPU
185 #define PHYS_TO_PV_LIST_LOCK(pa) \
186 (&pv_list_locks[pmap_l2_pindex(pa) % NPV_LIST_LOCKS])
188 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
189 struct rwlock **_lockp = (lockp); \
190 struct rwlock *_new_lock; \
192 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
193 if (_new_lock != *_lockp) { \
194 if (*_lockp != NULL) \
195 rw_wunlock(*_lockp); \
196 *_lockp = _new_lock; \
201 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
202 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
204 #define RELEASE_PV_LIST_LOCK(lockp) do { \
205 struct rwlock **_lockp = (lockp); \
207 if (*_lockp != NULL) { \
208 rw_wunlock(*_lockp); \
213 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
214 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
216 /* The list of all the user pmaps */
217 LIST_HEAD(pmaplist, pmap);
218 static struct pmaplist allpmaps = LIST_HEAD_INITIALIZER();
220 struct pmap kernel_pmap_store;
222 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
223 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
224 vm_offset_t kernel_vm_end = 0;
226 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
227 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
228 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
230 /* This code assumes all L1 DMAP entries will be used */
231 CTASSERT((DMAP_MIN_ADDRESS & ~L1_OFFSET) == DMAP_MIN_ADDRESS);
232 CTASSERT((DMAP_MAX_ADDRESS & ~L1_OFFSET) == DMAP_MAX_ADDRESS);
234 static struct rwlock_padalign pvh_global_lock;
235 static struct mtx_padalign allpmaps_lock;
237 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
238 "VM/pmap parameters");
240 static int superpages_enabled = 1;
241 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
242 CTLFLAG_RDTUN, &superpages_enabled, 0,
243 "Enable support for transparent superpages");
245 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
246 "2MB page mapping counters");
248 static u_long pmap_l2_demotions;
249 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
250 &pmap_l2_demotions, 0,
251 "2MB page demotions");
253 static u_long pmap_l2_mappings;
254 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, mappings, CTLFLAG_RD,
255 &pmap_l2_mappings, 0,
256 "2MB page mappings");
258 static u_long pmap_l2_p_failures;
259 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
260 &pmap_l2_p_failures, 0,
261 "2MB page promotion failures");
263 static u_long pmap_l2_promotions;
264 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
265 &pmap_l2_promotions, 0,
266 "2MB page promotions");
269 * Data for the pv entry allocation mechanism
271 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
272 static struct mtx pv_chunks_mutex;
273 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
274 static struct md_page *pv_table;
275 static struct md_page pv_dummy;
277 extern cpuset_t all_harts;
280 * Internal flags for pmap_enter()'s helper functions.
282 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
283 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
285 static void free_pv_chunk(struct pv_chunk *pc);
286 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
287 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
288 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
289 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
290 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
292 static bool pmap_demote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va);
293 static bool pmap_demote_l2_locked(pmap_t pmap, pd_entry_t *l2,
294 vm_offset_t va, struct rwlock **lockp);
295 static int pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2,
296 u_int flags, vm_page_t m, struct rwlock **lockp);
297 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
298 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
299 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
300 pd_entry_t ptepde, struct spglist *free, struct rwlock **lockp);
301 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
302 vm_page_t m, struct rwlock **lockp);
304 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
305 struct rwlock **lockp);
307 static void _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m,
308 struct spglist *free);
309 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
311 #define pmap_clear(pte) pmap_store(pte, 0)
312 #define pmap_clear_bits(pte, bits) atomic_clear_64(pte, bits)
313 #define pmap_load_store(pte, entry) atomic_swap_64(pte, entry)
314 #define pmap_load_clear(pte) pmap_load_store(pte, 0)
315 #define pmap_load(pte) atomic_load_64(pte)
316 #define pmap_store(pte, entry) atomic_store_64(pte, entry)
317 #define pmap_store_bits(pte, bits) atomic_set_64(pte, bits)
319 /********************/
320 /* Inline functions */
321 /********************/
324 pagecopy(void *s, void *d)
327 memcpy(d, s, PAGE_SIZE);
337 #define pmap_l1_index(va) (((va) >> L1_SHIFT) & Ln_ADDR_MASK)
338 #define pmap_l2_index(va) (((va) >> L2_SHIFT) & Ln_ADDR_MASK)
339 #define pmap_l3_index(va) (((va) >> L3_SHIFT) & Ln_ADDR_MASK)
341 #define PTE_TO_PHYS(pte) ((pte >> PTE_PPN0_S) * PAGE_SIZE)
343 static __inline pd_entry_t *
344 pmap_l1(pmap_t pmap, vm_offset_t va)
347 return (&pmap->pm_l1[pmap_l1_index(va)]);
350 static __inline pd_entry_t *
351 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
356 phys = PTE_TO_PHYS(pmap_load(l1));
357 l2 = (pd_entry_t *)PHYS_TO_DMAP(phys);
359 return (&l2[pmap_l2_index(va)]);
362 static __inline pd_entry_t *
363 pmap_l2(pmap_t pmap, vm_offset_t va)
367 l1 = pmap_l1(pmap, va);
368 if ((pmap_load(l1) & PTE_V) == 0)
370 if ((pmap_load(l1) & PTE_RX) != 0)
373 return (pmap_l1_to_l2(l1, va));
376 static __inline pt_entry_t *
377 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
382 phys = PTE_TO_PHYS(pmap_load(l2));
383 l3 = (pd_entry_t *)PHYS_TO_DMAP(phys);
385 return (&l3[pmap_l3_index(va)]);
388 static __inline pt_entry_t *
389 pmap_l3(pmap_t pmap, vm_offset_t va)
393 l2 = pmap_l2(pmap, va);
396 if ((pmap_load(l2) & PTE_V) == 0)
398 if ((pmap_load(l2) & PTE_RX) != 0)
401 return (pmap_l2_to_l3(l2, va));
405 pmap_resident_count_inc(pmap_t pmap, int count)
408 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
409 pmap->pm_stats.resident_count += count;
413 pmap_resident_count_dec(pmap_t pmap, int count)
416 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
417 KASSERT(pmap->pm_stats.resident_count >= count,
418 ("pmap %p resident count underflow %ld %d", pmap,
419 pmap->pm_stats.resident_count, count));
420 pmap->pm_stats.resident_count -= count;
424 pmap_distribute_l1(struct pmap *pmap, vm_pindex_t l1index,
427 struct pmap *user_pmap;
430 /* Distribute new kernel L1 entry to all the user pmaps */
431 if (pmap != kernel_pmap)
434 mtx_lock(&allpmaps_lock);
435 LIST_FOREACH(user_pmap, &allpmaps, pm_list) {
436 l1 = &user_pmap->pm_l1[l1index];
437 pmap_store(l1, entry);
439 mtx_unlock(&allpmaps_lock);
443 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
449 l1 = (pd_entry_t *)l1pt;
450 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
452 /* Check locore has used a table L1 map */
453 KASSERT((l1[*l1_slot] & PTE_RX) == 0,
454 ("Invalid bootstrap L1 table"));
456 /* Find the address of the L2 table */
457 l2 = (pt_entry_t *)init_pt_va;
458 *l2_slot = pmap_l2_index(va);
464 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
466 u_int l1_slot, l2_slot;
470 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
472 /* Check locore has used L2 superpages */
473 KASSERT((l2[l2_slot] & PTE_RX) != 0,
474 ("Invalid bootstrap L2 table"));
476 /* L2 is superpages */
477 ret = (l2[l2_slot] >> PTE_PPN1_S) << L2_SHIFT;
478 ret += (va & L2_OFFSET);
484 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa, vm_paddr_t max_pa)
493 pa = dmap_phys_base = min_pa & ~L1_OFFSET;
494 va = DMAP_MIN_ADDRESS;
495 l1 = (pd_entry_t *)kern_l1;
496 l1_slot = pmap_l1_index(DMAP_MIN_ADDRESS);
498 for (; va < DMAP_MAX_ADDRESS && pa < max_pa;
499 pa += L1_SIZE, va += L1_SIZE, l1_slot++) {
500 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
503 pn = (pa / PAGE_SIZE);
505 entry |= (pn << PTE_PPN0_S);
506 pmap_store(&l1[l1_slot], entry);
509 /* Set the upper limit of the DMAP region */
517 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
526 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
528 l2 = pmap_l2(kernel_pmap, va);
529 l2 = (pd_entry_t *)((uintptr_t)l2 & ~(PAGE_SIZE - 1));
530 l2_slot = pmap_l2_index(va);
533 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
534 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
536 pa = pmap_early_vtophys(l1pt, l3pt);
537 pn = (pa / PAGE_SIZE);
539 entry |= (pn << PTE_PPN0_S);
540 pmap_store(&l2[l2_slot], entry);
545 /* Clean the L2 page table */
546 memset((void *)l3_start, 0, l3pt - l3_start);
552 * Bootstrap the system enough to run with virtual memory.
555 pmap_bootstrap(vm_offset_t l1pt, vm_paddr_t kernstart, vm_size_t kernlen)
557 u_int l1_slot, l2_slot, avail_slot, map_slot;
558 vm_offset_t freemempos;
559 vm_offset_t dpcpu, msgbufpv;
560 vm_paddr_t end, max_pa, min_pa, pa, start;
563 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
564 printf("%lx\n", l1pt);
565 printf("%lx\n", (KERNBASE >> L1_SHIFT) & Ln_ADDR_MASK);
567 /* Set this early so we can use the pagetable walking functions */
568 kernel_pmap_store.pm_l1 = (pd_entry_t *)l1pt;
569 PMAP_LOCK_INIT(kernel_pmap);
571 rw_init(&pvh_global_lock, "pmap pv global");
573 CPU_FILL(&kernel_pmap->pm_active);
575 /* Assume the address we were loaded to is a valid physical address. */
576 min_pa = max_pa = kernstart;
579 * Find the minimum physical address. physmap is sorted,
580 * but may contain empty ranges.
582 for (i = 0; i < physmap_idx * 2; i += 2) {
583 if (physmap[i] == physmap[i + 1])
585 if (physmap[i] <= min_pa)
587 if (physmap[i + 1] > max_pa)
588 max_pa = physmap[i + 1];
590 printf("physmap_idx %lx\n", physmap_idx);
591 printf("min_pa %lx\n", min_pa);
592 printf("max_pa %lx\n", max_pa);
594 /* Create a direct map region early so we can use it for pa -> va */
595 pmap_bootstrap_dmap(l1pt, min_pa, max_pa);
598 * Read the page table to find out what is already mapped.
599 * This assumes we have mapped a block of memory from KERNBASE
600 * using a single L1 entry.
602 (void)pmap_early_page_idx(l1pt, KERNBASE, &l1_slot, &l2_slot);
604 /* Sanity check the index, KERNBASE should be the first VA */
605 KASSERT(l2_slot == 0, ("The L2 index is non-zero"));
607 freemempos = roundup2(KERNBASE + kernlen, PAGE_SIZE);
609 /* Create the l3 tables for the early devmap */
610 freemempos = pmap_bootstrap_l3(l1pt,
611 VM_MAX_KERNEL_ADDRESS - L2_SIZE, freemempos);
615 #define alloc_pages(var, np) \
616 (var) = freemempos; \
617 freemempos += (np * PAGE_SIZE); \
618 memset((char *)(var), 0, ((np) * PAGE_SIZE));
620 /* Allocate dynamic per-cpu area. */
621 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
622 dpcpu_init((void *)dpcpu, 0);
624 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
625 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
626 msgbufp = (void *)msgbufpv;
628 virtual_avail = roundup2(freemempos, L2_SIZE);
629 virtual_end = VM_MAX_KERNEL_ADDRESS - L2_SIZE;
630 kernel_vm_end = virtual_avail;
632 pa = pmap_early_vtophys(l1pt, freemempos);
634 /* Initialize phys_avail and dump_avail. */
635 for (avail_slot = map_slot = physmem = 0; map_slot < physmap_idx * 2;
637 start = physmap[map_slot];
638 end = physmap[map_slot + 1];
642 dump_avail[map_slot] = start;
643 dump_avail[map_slot + 1] = end;
644 realmem += atop((vm_offset_t)(end - start));
646 if (start >= kernstart && end <= pa)
649 if (start < kernstart && end > kernstart)
651 else if (start < pa && end > pa)
653 phys_avail[avail_slot] = start;
654 phys_avail[avail_slot + 1] = end;
655 physmem += (end - start) >> PAGE_SHIFT;
658 if (end != physmap[map_slot + 1] && end > pa) {
659 phys_avail[avail_slot] = pa;
660 phys_avail[avail_slot + 1] = physmap[map_slot + 1];
661 physmem += (physmap[map_slot + 1] - pa) >> PAGE_SHIFT;
665 phys_avail[avail_slot] = 0;
666 phys_avail[avail_slot + 1] = 0;
669 * Maxmem isn't the "maximum memory", it's one larger than the
670 * highest page of the physical address space. It should be
671 * called something like "Maxphyspage".
673 Maxmem = atop(phys_avail[avail_slot - 1]);
677 * Initialize a vm_page's machine-dependent fields.
680 pmap_page_init(vm_page_t m)
683 TAILQ_INIT(&m->md.pv_list);
684 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
688 * Initialize the pmap module.
689 * Called by vm_init, to initialize any structures that the pmap
690 * system needs to map virtual memory.
699 * Initialize the pv chunk and pmap list mutexes.
701 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
702 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_DEF);
705 * Initialize the pool of pv list locks.
707 for (i = 0; i < NPV_LIST_LOCKS; i++)
708 rw_init(&pv_list_locks[i], "pmap pv list");
711 * Calculate the size of the pv head table for superpages.
713 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
716 * Allocate memory for the pv head table for superpages.
718 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
720 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
721 for (i = 0; i < pv_npg; i++)
722 TAILQ_INIT(&pv_table[i].pv_list);
723 TAILQ_INIT(&pv_dummy.pv_list);
725 if (superpages_enabled)
726 pagesizes[1] = L2_SIZE;
731 * For SMP, these functions have to use IPIs for coherence.
733 * In general, the calling thread uses a plain fence to order the
734 * writes to the page tables before invoking an SBI callback to invoke
735 * sfence_vma() on remote CPUs.
738 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
743 mask = pmap->pm_active;
744 CPU_CLR(PCPU_GET(hart), &mask);
746 if (!CPU_EMPTY(&mask) && smp_started)
747 sbi_remote_sfence_vma(mask.__bits, va, 1);
753 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
758 mask = pmap->pm_active;
759 CPU_CLR(PCPU_GET(hart), &mask);
761 if (!CPU_EMPTY(&mask) && smp_started)
762 sbi_remote_sfence_vma(mask.__bits, sva, eva - sva + 1);
765 * Might consider a loop of sfence_vma_page() for a small
766 * number of pages in the future.
773 pmap_invalidate_all(pmap_t pmap)
778 mask = pmap->pm_active;
779 CPU_CLR(PCPU_GET(hart), &mask);
782 * XXX: The SBI doc doesn't detail how to specify x0 as the
783 * address to perform a global fence. BBL currently treats
784 * all sfence_vma requests as global however.
787 if (!CPU_EMPTY(&mask) && smp_started)
788 sbi_remote_sfence_vma(mask.__bits, 0, 0);
794 * Normal, non-SMP, invalidation functions.
795 * We inline these within pmap.c for speed.
798 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
805 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
809 * Might consider a loop of sfence_vma_page() for a small
810 * number of pages in the future.
816 pmap_invalidate_all(pmap_t pmap)
824 * Routine: pmap_extract
826 * Extract the physical page address associated
827 * with the given map/virtual_address pair.
830 pmap_extract(pmap_t pmap, vm_offset_t va)
839 * Start with the l2 tabel. We are unable to allocate
840 * pages in the l1 table.
842 l2p = pmap_l2(pmap, va);
845 if ((l2 & PTE_RX) == 0) {
846 l3p = pmap_l2_to_l3(l2p, va);
849 pa = PTE_TO_PHYS(l3);
850 pa |= (va & L3_OFFSET);
853 /* L2 is superpages */
854 pa = (l2 >> PTE_PPN1_S) << L2_SHIFT;
855 pa |= (va & L2_OFFSET);
863 * Routine: pmap_extract_and_hold
865 * Atomically extract and hold the physical page
866 * with the given pmap and virtual address pair
867 * if that mapping permits the given protection.
870 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
878 l3p = pmap_l3(pmap, va);
879 if (l3p != NULL && (l3 = pmap_load(l3p)) != 0) {
880 if ((l3 & PTE_W) != 0 || (prot & VM_PROT_WRITE) == 0) {
881 phys = PTE_TO_PHYS(l3);
882 m = PHYS_TO_VM_PAGE(phys);
883 if (!vm_page_wire_mapped(m))
892 pmap_kextract(vm_offset_t va)
898 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
899 pa = DMAP_TO_PHYS(va);
901 l2 = pmap_l2(kernel_pmap, va);
903 panic("pmap_kextract: No l2");
904 if ((pmap_load(l2) & PTE_RX) != 0) {
906 pa = (pmap_load(l2) >> PTE_PPN1_S) << L2_SHIFT;
907 pa |= (va & L2_OFFSET);
911 l3 = pmap_l2_to_l3(l2, va);
913 panic("pmap_kextract: No l3...");
914 pa = PTE_TO_PHYS(pmap_load(l3));
915 pa |= (va & PAGE_MASK);
920 /***************************************************
921 * Low level mapping routines.....
922 ***************************************************/
925 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
932 KASSERT((pa & L3_OFFSET) == 0,
933 ("pmap_kenter_device: Invalid physical address"));
934 KASSERT((sva & L3_OFFSET) == 0,
935 ("pmap_kenter_device: Invalid virtual address"));
936 KASSERT((size & PAGE_MASK) == 0,
937 ("pmap_kenter_device: Mapping is not page-sized"));
941 l3 = pmap_l3(kernel_pmap, va);
942 KASSERT(l3 != NULL, ("Invalid page table, va: 0x%lx", va));
944 pn = (pa / PAGE_SIZE);
946 entry |= (pn << PTE_PPN0_S);
947 pmap_store(l3, entry);
953 pmap_invalidate_range(kernel_pmap, sva, va);
957 * Remove a page from the kernel pagetables.
958 * Note: not SMP coherent.
961 pmap_kremove(vm_offset_t va)
965 l3 = pmap_l3(kernel_pmap, va);
966 KASSERT(l3 != NULL, ("pmap_kremove: Invalid address"));
973 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
978 KASSERT((sva & L3_OFFSET) == 0,
979 ("pmap_kremove_device: Invalid virtual address"));
980 KASSERT((size & PAGE_MASK) == 0,
981 ("pmap_kremove_device: Mapping is not page-sized"));
985 l3 = pmap_l3(kernel_pmap, va);
986 KASSERT(l3 != NULL, ("Invalid page table, va: 0x%lx", va));
993 pmap_invalidate_range(kernel_pmap, sva, va);
997 * Used to map a range of physical addresses into kernel
998 * virtual address space.
1000 * The value passed in '*virt' is a suggested virtual address for
1001 * the mapping. Architectures which can support a direct-mapped
1002 * physical to virtual region can return the appropriate address
1003 * within that region, leaving '*virt' unchanged. Other
1004 * architectures should map the pages starting at '*virt' and
1005 * update '*virt' with the first usable address after the mapped
1009 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1012 return PHYS_TO_DMAP(start);
1017 * Add a list of wired pages to the kva
1018 * this routine is only used for temporary
1019 * kernel mappings that do not need to have
1020 * page modification or references recorded.
1021 * Note that old mappings are simply written
1022 * over. The page *must* be wired.
1023 * Note: SMP coherent. Uses a ranged shootdown IPI.
1026 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1036 for (i = 0; i < count; i++) {
1038 pa = VM_PAGE_TO_PHYS(m);
1039 pn = (pa / PAGE_SIZE);
1040 l3 = pmap_l3(kernel_pmap, va);
1043 entry |= (pn << PTE_PPN0_S);
1044 pmap_store(l3, entry);
1048 pmap_invalidate_range(kernel_pmap, sva, va);
1052 * This routine tears out page mappings from the
1053 * kernel -- it is meant only for temporary mappings.
1054 * Note: SMP coherent. Uses a ranged shootdown IPI.
1057 pmap_qremove(vm_offset_t sva, int count)
1062 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1064 for (va = sva; count-- > 0; va += PAGE_SIZE) {
1065 l3 = pmap_l3(kernel_pmap, va);
1066 KASSERT(l3 != NULL, ("pmap_kremove: Invalid address"));
1069 pmap_invalidate_range(kernel_pmap, sva, va);
1073 pmap_ps_enabled(pmap_t pmap __unused)
1076 return (superpages_enabled);
1079 /***************************************************
1080 * Page table page management routines.....
1081 ***************************************************/
1083 * Schedule the specified unused page table page to be freed. Specifically,
1084 * add the page to the specified list of pages that will be released to the
1085 * physical memory manager after the TLB has been updated.
1087 static __inline void
1088 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1089 boolean_t set_PG_ZERO)
1093 m->flags |= PG_ZERO;
1095 m->flags &= ~PG_ZERO;
1096 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1100 * Inserts the specified page table page into the specified pmap's collection
1101 * of idle page table pages. Each of a pmap's page table pages is responsible
1102 * for mapping a distinct range of virtual addresses. The pmap's collection is
1103 * ordered by this virtual address range.
1105 * If "promoted" is false, then the page table page "ml3" must be zero filled.
1108 pmap_insert_pt_page(pmap_t pmap, vm_page_t ml3, bool promoted)
1111 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1112 ml3->valid = promoted ? VM_PAGE_BITS_ALL : 0;
1113 return (vm_radix_insert(&pmap->pm_root, ml3));
1117 * Removes the page table page mapping the specified virtual address from the
1118 * specified pmap's collection of idle page table pages, and returns it.
1119 * Otherwise, returns NULL if there is no page table page corresponding to the
1120 * specified virtual address.
1122 static __inline vm_page_t
1123 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
1126 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1127 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
1131 * Decrements a page table page's reference count, which is used to record the
1132 * number of valid page table entries within the page. If the reference count
1133 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1134 * page table page was unmapped and FALSE otherwise.
1136 static inline boolean_t
1137 pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1141 if (m->ref_count == 0) {
1142 _pmap_unwire_ptp(pmap, va, m, free);
1150 _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1154 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1155 if (m->pindex >= NUL1E) {
1157 l1 = pmap_l1(pmap, va);
1159 pmap_distribute_l1(pmap, pmap_l1_index(va), 0);
1162 l2 = pmap_l2(pmap, va);
1165 pmap_resident_count_dec(pmap, 1);
1166 if (m->pindex < NUL1E) {
1170 l1 = pmap_l1(pmap, va);
1171 phys = PTE_TO_PHYS(pmap_load(l1));
1172 pdpg = PHYS_TO_VM_PAGE(phys);
1173 pmap_unwire_ptp(pmap, va, pdpg, free);
1175 pmap_invalidate_page(pmap, va);
1180 * Put page on a list so that it is released after
1181 * *ALL* TLB shootdown is done
1183 pmap_add_delayed_free_list(m, free, TRUE);
1187 * After removing a page table entry, this routine is used to
1188 * conditionally free the page, and manage the reference count.
1191 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1192 struct spglist *free)
1196 if (va >= VM_MAXUSER_ADDRESS)
1198 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1199 mpte = PHYS_TO_VM_PAGE(PTE_TO_PHYS(ptepde));
1200 return (pmap_unwire_ptp(pmap, va, mpte, free));
1204 pmap_pinit0(pmap_t pmap)
1207 PMAP_LOCK_INIT(pmap);
1208 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1209 pmap->pm_l1 = kernel_pmap->pm_l1;
1210 pmap->pm_satp = SATP_MODE_SV39 | (vtophys(pmap->pm_l1) >> PAGE_SHIFT);
1211 CPU_ZERO(&pmap->pm_active);
1212 pmap_activate_boot(pmap);
1216 pmap_pinit(pmap_t pmap)
1222 * allocate the l1 page
1224 while ((l1pt = vm_page_alloc(NULL, 0xdeadbeef, VM_ALLOC_NORMAL |
1225 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1228 l1phys = VM_PAGE_TO_PHYS(l1pt);
1229 pmap->pm_l1 = (pd_entry_t *)PHYS_TO_DMAP(l1phys);
1230 pmap->pm_satp = SATP_MODE_SV39 | (l1phys >> PAGE_SHIFT);
1232 if ((l1pt->flags & PG_ZERO) == 0)
1233 pagezero(pmap->pm_l1);
1235 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1237 CPU_ZERO(&pmap->pm_active);
1239 /* Install kernel pagetables */
1240 memcpy(pmap->pm_l1, kernel_pmap->pm_l1, PAGE_SIZE);
1242 /* Add to the list of all user pmaps */
1243 mtx_lock(&allpmaps_lock);
1244 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1245 mtx_unlock(&allpmaps_lock);
1247 vm_radix_init(&pmap->pm_root);
1253 * This routine is called if the desired page table page does not exist.
1255 * If page table page allocation fails, this routine may sleep before
1256 * returning NULL. It sleeps only if a lock pointer was given.
1258 * Note: If a page allocation fails at page table level two or three,
1259 * one or two pages may be held during the wait, only to be released
1260 * afterwards. This conservative approach is easily argued to avoid
1264 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1266 vm_page_t m, /*pdppg, */pdpg;
1271 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1274 * Allocate a page table page.
1276 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1277 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1278 if (lockp != NULL) {
1279 RELEASE_PV_LIST_LOCK(lockp);
1281 rw_runlock(&pvh_global_lock);
1283 rw_rlock(&pvh_global_lock);
1288 * Indicate the need to retry. While waiting, the page table
1289 * page may have been allocated.
1294 if ((m->flags & PG_ZERO) == 0)
1298 * Map the pagetable page into the process address space, if
1299 * it isn't already there.
1302 if (ptepindex >= NUL1E) {
1304 vm_pindex_t l1index;
1306 l1index = ptepindex - NUL1E;
1307 l1 = &pmap->pm_l1[l1index];
1309 pn = (VM_PAGE_TO_PHYS(m) / PAGE_SIZE);
1311 entry |= (pn << PTE_PPN0_S);
1312 pmap_store(l1, entry);
1313 pmap_distribute_l1(pmap, l1index, entry);
1315 vm_pindex_t l1index;
1316 pd_entry_t *l1, *l2;
1318 l1index = ptepindex >> (L1_SHIFT - L2_SHIFT);
1319 l1 = &pmap->pm_l1[l1index];
1320 if (pmap_load(l1) == 0) {
1321 /* recurse for allocating page dir */
1322 if (_pmap_alloc_l3(pmap, NUL1E + l1index,
1324 vm_page_unwire_noq(m);
1325 vm_page_free_zero(m);
1329 phys = PTE_TO_PHYS(pmap_load(l1));
1330 pdpg = PHYS_TO_VM_PAGE(phys);
1334 phys = PTE_TO_PHYS(pmap_load(l1));
1335 l2 = (pd_entry_t *)PHYS_TO_DMAP(phys);
1336 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1338 pn = (VM_PAGE_TO_PHYS(m) / PAGE_SIZE);
1340 entry |= (pn << PTE_PPN0_S);
1341 pmap_store(l2, entry);
1344 pmap_resident_count_inc(pmap, 1);
1350 pmap_alloc_l2(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1354 vm_pindex_t l2pindex;
1357 l1 = pmap_l1(pmap, va);
1358 if (l1 != NULL && (pmap_load(l1) & PTE_RWX) == 0) {
1359 /* Add a reference to the L2 page. */
1360 l2pg = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l1)));
1363 /* Allocate a L2 page. */
1364 l2pindex = pmap_l2_pindex(va) >> Ln_ENTRIES_SHIFT;
1365 l2pg = _pmap_alloc_l3(pmap, NUL2E + l2pindex, lockp);
1366 if (l2pg == NULL && lockp != NULL)
1373 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1375 vm_pindex_t ptepindex;
1381 * Calculate pagetable page index
1383 ptepindex = pmap_l2_pindex(va);
1386 * Get the page directory entry
1388 l2 = pmap_l2(pmap, va);
1391 * If the page table page is mapped, we just increment the
1392 * hold count, and activate it.
1394 if (l2 != NULL && pmap_load(l2) != 0) {
1395 phys = PTE_TO_PHYS(pmap_load(l2));
1396 m = PHYS_TO_VM_PAGE(phys);
1400 * Here if the pte page isn't mapped, or if it has been
1403 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1404 if (m == NULL && lockp != NULL)
1411 /***************************************************
1412 * Pmap allocation/deallocation routines.
1413 ***************************************************/
1416 * Release any resources held by the given physical map.
1417 * Called when a pmap initialized by pmap_pinit is being released.
1418 * Should only be called if the map contains no valid mappings.
1421 pmap_release(pmap_t pmap)
1425 KASSERT(pmap->pm_stats.resident_count == 0,
1426 ("pmap_release: pmap resident count %ld != 0",
1427 pmap->pm_stats.resident_count));
1428 KASSERT(CPU_EMPTY(&pmap->pm_active),
1429 ("releasing active pmap %p", pmap));
1431 mtx_lock(&allpmaps_lock);
1432 LIST_REMOVE(pmap, pm_list);
1433 mtx_unlock(&allpmaps_lock);
1435 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l1));
1436 vm_page_unwire_noq(m);
1441 kvm_size(SYSCTL_HANDLER_ARGS)
1443 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1445 return sysctl_handle_long(oidp, &ksize, 0, req);
1447 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1448 0, 0, kvm_size, "LU",
1452 kvm_free(SYSCTL_HANDLER_ARGS)
1454 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1456 return sysctl_handle_long(oidp, &kfree, 0, req);
1458 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1459 0, 0, kvm_free, "LU",
1460 "Amount of KVM free");
1463 * grow the number of kernel page table entries, if needed
1466 pmap_growkernel(vm_offset_t addr)
1470 pd_entry_t *l1, *l2;
1474 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1476 addr = roundup2(addr, L2_SIZE);
1477 if (addr - 1 >= vm_map_max(kernel_map))
1478 addr = vm_map_max(kernel_map);
1479 while (kernel_vm_end < addr) {
1480 l1 = pmap_l1(kernel_pmap, kernel_vm_end);
1481 if (pmap_load(l1) == 0) {
1482 /* We need a new PDP entry */
1483 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
1484 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
1485 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1487 panic("pmap_growkernel: no memory to grow kernel");
1488 if ((nkpg->flags & PG_ZERO) == 0)
1489 pmap_zero_page(nkpg);
1490 paddr = VM_PAGE_TO_PHYS(nkpg);
1492 pn = (paddr / PAGE_SIZE);
1494 entry |= (pn << PTE_PPN0_S);
1495 pmap_store(l1, entry);
1496 pmap_distribute_l1(kernel_pmap,
1497 pmap_l1_index(kernel_vm_end), entry);
1498 continue; /* try again */
1500 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
1501 if ((pmap_load(l2) & PTE_V) != 0 &&
1502 (pmap_load(l2) & PTE_RWX) == 0) {
1503 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1504 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
1505 kernel_vm_end = vm_map_max(kernel_map);
1511 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
1512 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1515 panic("pmap_growkernel: no memory to grow kernel");
1516 if ((nkpg->flags & PG_ZERO) == 0) {
1517 pmap_zero_page(nkpg);
1519 paddr = VM_PAGE_TO_PHYS(nkpg);
1521 pn = (paddr / PAGE_SIZE);
1523 entry |= (pn << PTE_PPN0_S);
1524 pmap_store(l2, entry);
1526 pmap_invalidate_page(kernel_pmap, kernel_vm_end);
1528 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1529 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
1530 kernel_vm_end = vm_map_max(kernel_map);
1537 /***************************************************
1538 * page management routines.
1539 ***************************************************/
1541 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1542 CTASSERT(_NPCM == 3);
1543 CTASSERT(_NPCPV == 168);
1545 static __inline struct pv_chunk *
1546 pv_to_chunk(pv_entry_t pv)
1549 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
1552 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1554 #define PC_FREE0 0xfffffffffffffffful
1555 #define PC_FREE1 0xfffffffffffffffful
1556 #define PC_FREE2 0x000000fffffffffful
1558 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
1562 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1564 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1565 "Current number of pv entry chunks");
1566 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1567 "Current number of pv entry chunks allocated");
1568 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1569 "Current number of pv entry chunks frees");
1570 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1571 "Number of times tried to get a chunk page but failed.");
1573 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
1574 static int pv_entry_spare;
1576 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1577 "Current number of pv entry frees");
1578 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1579 "Current number of pv entry allocs");
1580 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1581 "Current number of pv entries");
1582 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1583 "Current number of spare pv entries");
1588 * We are in a serious low memory condition. Resort to
1589 * drastic measures to free some pages so we can allocate
1590 * another pv entry chunk.
1592 * Returns NULL if PV entries were reclaimed from the specified pmap.
1594 * We do not, however, unmap 2mpages because subsequent accesses will
1595 * allocate per-page pv entries until repromotion occurs, thereby
1596 * exacerbating the shortage of free pv entries.
1599 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
1602 panic("RISCVTODO: reclaim_pv_chunk");
1606 * free the pv_entry back to the free list
1609 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1611 struct pv_chunk *pc;
1612 int idx, field, bit;
1614 rw_assert(&pvh_global_lock, RA_LOCKED);
1615 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1616 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
1617 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
1618 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
1619 pc = pv_to_chunk(pv);
1620 idx = pv - &pc->pc_pventry[0];
1623 pc->pc_map[field] |= 1ul << bit;
1624 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
1625 pc->pc_map[2] != PC_FREE2) {
1626 /* 98% of the time, pc is already at the head of the list. */
1627 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
1628 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1629 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1633 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1638 free_pv_chunk(struct pv_chunk *pc)
1642 mtx_lock(&pv_chunks_mutex);
1643 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1644 mtx_unlock(&pv_chunks_mutex);
1645 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1646 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1647 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1648 /* entire chunk is free, return it */
1649 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1650 dump_drop_page(m->phys_addr);
1651 vm_page_unwire_noq(m);
1656 * Returns a new PV entry, allocating a new PV chunk from the system when
1657 * needed. If this PV chunk allocation fails and a PV list lock pointer was
1658 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
1661 * The given PV list lock may be released.
1664 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
1668 struct pv_chunk *pc;
1671 rw_assert(&pvh_global_lock, RA_LOCKED);
1672 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1673 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
1675 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1677 for (field = 0; field < _NPCM; field++) {
1678 if (pc->pc_map[field]) {
1679 bit = ffsl(pc->pc_map[field]) - 1;
1683 if (field < _NPCM) {
1684 pv = &pc->pc_pventry[field * 64 + bit];
1685 pc->pc_map[field] &= ~(1ul << bit);
1686 /* If this was the last item, move it to tail */
1687 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
1688 pc->pc_map[2] == 0) {
1689 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1690 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
1693 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1694 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
1698 /* No free items, allocate another chunk */
1699 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1702 if (lockp == NULL) {
1703 PV_STAT(pc_chunk_tryfail++);
1706 m = reclaim_pv_chunk(pmap, lockp);
1710 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
1711 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
1712 dump_add_page(m->phys_addr);
1713 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1715 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
1716 pc->pc_map[1] = PC_FREE1;
1717 pc->pc_map[2] = PC_FREE2;
1718 mtx_lock(&pv_chunks_mutex);
1719 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
1720 mtx_unlock(&pv_chunks_mutex);
1721 pv = &pc->pc_pventry[0];
1722 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1723 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1724 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
1729 * Ensure that the number of spare PV entries in the specified pmap meets or
1730 * exceeds the given count, "needed".
1732 * The given PV list lock may be released.
1735 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
1737 struct pch new_tail;
1738 struct pv_chunk *pc;
1743 rw_assert(&pvh_global_lock, RA_LOCKED);
1744 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1745 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
1748 * Newly allocated PV chunks must be stored in a private list until
1749 * the required number of PV chunks have been allocated. Otherwise,
1750 * reclaim_pv_chunk() could recycle one of these chunks. In
1751 * contrast, these chunks must be added to the pmap upon allocation.
1753 TAILQ_INIT(&new_tail);
1756 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
1757 bit_count((bitstr_t *)pc->pc_map, 0,
1758 sizeof(pc->pc_map) * NBBY, &free);
1762 if (avail >= needed)
1765 for (reclaimed = false; avail < needed; avail += _NPCPV) {
1766 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1769 m = reclaim_pv_chunk(pmap, lockp);
1776 dump_add_page(m->phys_addr);
1778 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1780 pc->pc_map[0] = PC_FREE0;
1781 pc->pc_map[1] = PC_FREE1;
1782 pc->pc_map[2] = PC_FREE2;
1783 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1784 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1787 * The reclaim might have freed a chunk from the current pmap.
1788 * If that chunk contained available entries, we need to
1789 * re-count the number of available entries.
1794 if (!TAILQ_EMPTY(&new_tail)) {
1795 mtx_lock(&pv_chunks_mutex);
1796 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
1797 mtx_unlock(&pv_chunks_mutex);
1802 * First find and then remove the pv entry for the specified pmap and virtual
1803 * address from the specified pv list. Returns the pv entry if found and NULL
1804 * otherwise. This operation can be performed on pv lists for either 4KB or
1805 * 2MB page mappings.
1807 static __inline pv_entry_t
1808 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1812 rw_assert(&pvh_global_lock, RA_LOCKED);
1813 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
1814 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
1815 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
1824 * First find and then destroy the pv entry for the specified pmap and virtual
1825 * address. This operation can be performed on pv lists for either 4KB or 2MB
1829 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1833 pv = pmap_pvh_remove(pvh, pmap, va);
1835 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found for %#lx", va));
1836 free_pv_entry(pmap, pv);
1840 * Conditionally create the PV entry for a 4KB page mapping if the required
1841 * memory can be allocated without resorting to reclamation.
1844 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
1845 struct rwlock **lockp)
1849 rw_assert(&pvh_global_lock, RA_LOCKED);
1850 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1851 /* Pass NULL instead of the lock pointer to disable reclamation. */
1852 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
1854 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1855 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1863 * After demotion from a 2MB page mapping to 512 4KB page mappings,
1864 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
1865 * entries for each of the 4KB page mappings.
1867 static void __unused
1868 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1869 struct rwlock **lockp)
1871 struct md_page *pvh;
1872 struct pv_chunk *pc;
1875 vm_offset_t va_last;
1878 rw_assert(&pvh_global_lock, RA_LOCKED);
1879 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1880 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1883 * Transfer the 2mpage's pv entry for this mapping to the first
1884 * page's pv list. Once this transfer begins, the pv list lock
1885 * must not be released until the last pv entry is reinstantiated.
1887 pvh = pa_to_pvh(pa);
1889 pv = pmap_pvh_remove(pvh, pmap, va);
1890 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
1891 m = PHYS_TO_VM_PAGE(pa);
1892 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1894 /* Instantiate the remaining 511 pv entries. */
1895 va_last = va + L2_SIZE - PAGE_SIZE;
1897 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1898 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
1899 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
1900 for (field = 0; field < _NPCM; field++) {
1901 while (pc->pc_map[field] != 0) {
1902 bit = ffsl(pc->pc_map[field]) - 1;
1903 pc->pc_map[field] &= ~(1ul << bit);
1904 pv = &pc->pc_pventry[field * 64 + bit];
1908 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
1909 ("pmap_pv_demote_l2: page %p is not managed", m));
1910 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1916 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1917 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1920 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
1921 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1922 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1927 #if VM_NRESERVLEVEL > 0
1929 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1930 struct rwlock **lockp)
1932 struct md_page *pvh;
1935 vm_offset_t va_last;
1937 rw_assert(&pvh_global_lock, RA_LOCKED);
1938 KASSERT((va & L2_OFFSET) == 0,
1939 ("pmap_pv_promote_l2: misaligned va %#lx", va));
1941 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1943 m = PHYS_TO_VM_PAGE(pa);
1944 pv = pmap_pvh_remove(&m->md, pmap, va);
1945 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv for %#lx not found", va));
1946 pvh = pa_to_pvh(pa);
1947 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
1950 va_last = va + L2_SIZE - PAGE_SIZE;
1954 pmap_pvh_free(&m->md, pmap, va);
1955 } while (va < va_last);
1957 #endif /* VM_NRESERVLEVEL > 0 */
1960 * Create the PV entry for a 2MB page mapping. Always returns true unless the
1961 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
1962 * false if the PV entry cannot be allocated without resorting to reclamation.
1965 pmap_pv_insert_l2(pmap_t pmap, vm_offset_t va, pd_entry_t l2e, u_int flags,
1966 struct rwlock **lockp)
1968 struct md_page *pvh;
1972 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1973 /* Pass NULL instead of the lock pointer to disable reclamation. */
1974 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
1975 NULL : lockp)) == NULL)
1978 pa = PTE_TO_PHYS(l2e);
1979 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1980 pvh = pa_to_pvh(pa);
1981 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
1987 pmap_remove_kernel_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
1989 pt_entry_t newl2, oldl2;
1993 KASSERT(!VIRT_IN_DMAP(va), ("removing direct mapping of %#lx", va));
1994 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
1995 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1997 ml3 = pmap_remove_pt_page(pmap, va);
1999 panic("pmap_remove_kernel_l2: Missing pt page");
2001 ml3pa = VM_PAGE_TO_PHYS(ml3);
2002 newl2 = ml3pa | PTE_V;
2005 * If this page table page was unmapped by a promotion, then it
2006 * contains valid mappings. Zero it to invalidate those mappings.
2008 if (ml3->valid != 0)
2009 pagezero((void *)PHYS_TO_DMAP(ml3pa));
2012 * Demote the mapping.
2014 oldl2 = pmap_load_store(l2, newl2);
2015 KASSERT(oldl2 == 0, ("%s: found existing mapping at %p: %#lx",
2016 __func__, l2, oldl2));
2020 * pmap_remove_l2: Do the things to unmap a level 2 superpage.
2023 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
2024 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
2026 struct md_page *pvh;
2028 vm_offset_t eva, va;
2031 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2032 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2033 oldl2 = pmap_load_clear(l2);
2034 KASSERT((oldl2 & PTE_RWX) != 0,
2035 ("pmap_remove_l2: L2e %lx is not a superpage mapping", oldl2));
2038 * The sfence.vma documentation states that it is sufficient to specify
2039 * a single address within a superpage mapping. However, since we do
2040 * not perform any invalidation upon promotion, TLBs may still be
2041 * caching 4KB mappings within the superpage, so we must invalidate the
2044 pmap_invalidate_range(pmap, sva, sva + L2_SIZE);
2045 if ((oldl2 & PTE_SW_WIRED) != 0)
2046 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2047 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2048 if ((oldl2 & PTE_SW_MANAGED) != 0) {
2049 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, PTE_TO_PHYS(oldl2));
2050 pvh = pa_to_pvh(PTE_TO_PHYS(oldl2));
2051 pmap_pvh_free(pvh, pmap, sva);
2052 eva = sva + L2_SIZE;
2053 for (va = sva, m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(oldl2));
2054 va < eva; va += PAGE_SIZE, m++) {
2055 if ((oldl2 & PTE_D) != 0)
2057 if ((oldl2 & PTE_A) != 0)
2058 vm_page_aflag_set(m, PGA_REFERENCED);
2059 if (TAILQ_EMPTY(&m->md.pv_list) &&
2060 TAILQ_EMPTY(&pvh->pv_list))
2061 vm_page_aflag_clear(m, PGA_WRITEABLE);
2064 if (pmap == kernel_pmap) {
2065 pmap_remove_kernel_l2(pmap, l2, sva);
2067 ml3 = pmap_remove_pt_page(pmap, sva);
2069 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
2070 ("pmap_remove_l2: l3 page not promoted"));
2071 pmap_resident_count_dec(pmap, 1);
2072 KASSERT(ml3->ref_count == Ln_ENTRIES,
2073 ("pmap_remove_l2: l3 page ref count error"));
2075 vm_page_unwire_noq(ml3);
2076 pmap_add_delayed_free_list(ml3, free, FALSE);
2079 return (pmap_unuse_pt(pmap, sva, l1e, free));
2083 * pmap_remove_l3: do the things to unmap a page in a process
2086 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2087 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2089 struct md_page *pvh;
2094 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2095 old_l3 = pmap_load_clear(l3);
2096 pmap_invalidate_page(pmap, va);
2097 if (old_l3 & PTE_SW_WIRED)
2098 pmap->pm_stats.wired_count -= 1;
2099 pmap_resident_count_dec(pmap, 1);
2100 if (old_l3 & PTE_SW_MANAGED) {
2101 phys = PTE_TO_PHYS(old_l3);
2102 m = PHYS_TO_VM_PAGE(phys);
2103 if ((old_l3 & PTE_D) != 0)
2106 vm_page_aflag_set(m, PGA_REFERENCED);
2107 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2108 pmap_pvh_free(&m->md, pmap, va);
2109 if (TAILQ_EMPTY(&m->md.pv_list) &&
2110 (m->flags & PG_FICTITIOUS) == 0) {
2111 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2112 if (TAILQ_EMPTY(&pvh->pv_list))
2113 vm_page_aflag_clear(m, PGA_WRITEABLE);
2117 return (pmap_unuse_pt(pmap, va, l2e, free));
2121 * Remove the given range of addresses from the specified map.
2123 * It is assumed that the start and end are properly
2124 * rounded to the page size.
2127 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2129 struct spglist free;
2130 struct rwlock *lock;
2131 vm_offset_t va, va_next;
2132 pd_entry_t *l1, *l2, l2e;
2136 * Perform an unsynchronized read. This is, however, safe.
2138 if (pmap->pm_stats.resident_count == 0)
2143 rw_rlock(&pvh_global_lock);
2147 for (; sva < eva; sva = va_next) {
2148 if (pmap->pm_stats.resident_count == 0)
2151 l1 = pmap_l1(pmap, sva);
2152 if (pmap_load(l1) == 0) {
2153 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2160 * Calculate index for next page table.
2162 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2166 l2 = pmap_l1_to_l2(l1, sva);
2169 if ((l2e = pmap_load(l2)) == 0)
2171 if ((l2e & PTE_RWX) != 0) {
2172 if (sva + L2_SIZE == va_next && eva >= va_next) {
2173 (void)pmap_remove_l2(pmap, l2, sva,
2174 pmap_load(l1), &free, &lock);
2176 } else if (!pmap_demote_l2_locked(pmap, l2, sva,
2179 * The large page mapping was destroyed.
2183 l2e = pmap_load(l2);
2187 * Limit our scan to either the end of the va represented
2188 * by the current page table page, or to the end of the
2189 * range being removed.
2195 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2197 if (pmap_load(l3) == 0) {
2198 if (va != va_next) {
2199 pmap_invalidate_range(pmap, va, sva);
2206 if (pmap_remove_l3(pmap, l3, sva, l2e, &free, &lock)) {
2212 pmap_invalidate_range(pmap, va, sva);
2216 rw_runlock(&pvh_global_lock);
2218 vm_page_free_pages_toq(&free, false);
2222 * Routine: pmap_remove_all
2224 * Removes this physical page from
2225 * all physical maps in which it resides.
2226 * Reflects back modify bits to the pager.
2229 * Original versions of this routine were very
2230 * inefficient because they iteratively called
2231 * pmap_remove (slow...)
2235 pmap_remove_all(vm_page_t m)
2237 struct spglist free;
2238 struct md_page *pvh;
2240 pt_entry_t *l3, l3e;
2241 pd_entry_t *l2, l2e;
2245 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2246 ("pmap_remove_all: page %p is not managed", m));
2248 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2249 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2251 rw_wlock(&pvh_global_lock);
2252 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2256 l2 = pmap_l2(pmap, va);
2257 (void)pmap_demote_l2(pmap, l2, va);
2260 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2263 pmap_resident_count_dec(pmap, 1);
2264 l2 = pmap_l2(pmap, pv->pv_va);
2265 KASSERT(l2 != NULL, ("pmap_remove_all: no l2 table found"));
2266 l2e = pmap_load(l2);
2268 KASSERT((l2e & PTE_RX) == 0,
2269 ("pmap_remove_all: found a superpage in %p's pv list", m));
2271 l3 = pmap_l2_to_l3(l2, pv->pv_va);
2272 l3e = pmap_load_clear(l3);
2273 pmap_invalidate_page(pmap, pv->pv_va);
2274 if (l3e & PTE_SW_WIRED)
2275 pmap->pm_stats.wired_count--;
2276 if ((l3e & PTE_A) != 0)
2277 vm_page_aflag_set(m, PGA_REFERENCED);
2280 * Update the vm_page_t clean and reference bits.
2282 if ((l3e & PTE_D) != 0)
2284 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(l2), &free);
2285 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2287 free_pv_entry(pmap, pv);
2290 vm_page_aflag_clear(m, PGA_WRITEABLE);
2291 rw_wunlock(&pvh_global_lock);
2292 vm_page_free_pages_toq(&free, false);
2296 * Set the physical protection on the
2297 * specified range of this map as requested.
2300 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2302 pd_entry_t *l1, *l2, l2e;
2303 pt_entry_t *l3, l3e, mask;
2306 vm_offset_t va_next;
2307 bool anychanged, pv_lists_locked;
2309 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2310 pmap_remove(pmap, sva, eva);
2314 if ((prot & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ==
2315 (VM_PROT_WRITE | VM_PROT_EXECUTE))
2319 pv_lists_locked = false;
2321 if ((prot & VM_PROT_WRITE) == 0)
2322 mask |= PTE_W | PTE_D;
2323 if ((prot & VM_PROT_EXECUTE) == 0)
2327 for (; sva < eva; sva = va_next) {
2328 l1 = pmap_l1(pmap, sva);
2329 if (pmap_load(l1) == 0) {
2330 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2336 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2340 l2 = pmap_l1_to_l2(l1, sva);
2341 if (l2 == NULL || (l2e = pmap_load(l2)) == 0)
2343 if ((l2e & PTE_RWX) != 0) {
2344 if (sva + L2_SIZE == va_next && eva >= va_next) {
2346 if ((prot & VM_PROT_WRITE) == 0 &&
2347 (l2e & (PTE_SW_MANAGED | PTE_D)) ==
2348 (PTE_SW_MANAGED | PTE_D)) {
2349 pa = PTE_TO_PHYS(l2e);
2350 m = PHYS_TO_VM_PAGE(pa);
2351 for (mt = m; mt < &m[Ln_ENTRIES]; mt++)
2354 if (!atomic_fcmpset_long(l2, &l2e, l2e & ~mask))
2358 if (!pv_lists_locked) {
2359 pv_lists_locked = true;
2360 if (!rw_try_rlock(&pvh_global_lock)) {
2362 pmap_invalidate_all(
2365 rw_rlock(&pvh_global_lock);
2369 if (!pmap_demote_l2(pmap, l2, sva)) {
2371 * The large page mapping was destroyed.
2381 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2383 l3e = pmap_load(l3);
2385 if ((l3e & PTE_V) == 0)
2387 if ((prot & VM_PROT_WRITE) == 0 &&
2388 (l3e & (PTE_SW_MANAGED | PTE_D)) ==
2389 (PTE_SW_MANAGED | PTE_D)) {
2390 m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(l3e));
2393 if (!atomic_fcmpset_long(l3, &l3e, l3e & ~mask))
2399 pmap_invalidate_all(pmap);
2400 if (pv_lists_locked)
2401 rw_runlock(&pvh_global_lock);
2406 pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t ftype)
2408 pd_entry_t *l2, l2e;
2409 pt_entry_t bits, *pte, oldpte;
2414 l2 = pmap_l2(pmap, va);
2415 if (l2 == NULL || ((l2e = pmap_load(l2)) & PTE_V) == 0)
2417 if ((l2e & PTE_RWX) == 0) {
2418 pte = pmap_l2_to_l3(l2, va);
2419 if (pte == NULL || ((oldpte = pmap_load(pte) & PTE_V)) == 0)
2426 if ((pmap != kernel_pmap && (oldpte & PTE_U) == 0) ||
2427 (ftype == VM_PROT_WRITE && (oldpte & PTE_W) == 0) ||
2428 (ftype == VM_PROT_EXECUTE && (oldpte & PTE_X) == 0) ||
2429 (ftype == VM_PROT_READ && (oldpte & PTE_R) == 0))
2433 if (ftype == VM_PROT_WRITE)
2437 * Spurious faults can occur if the implementation caches invalid
2438 * entries in the TLB, or if simultaneous accesses on multiple CPUs
2439 * race with each other.
2441 if ((oldpte & bits) != bits)
2442 pmap_store_bits(pte, bits);
2451 pmap_demote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va)
2453 struct rwlock *lock;
2457 rv = pmap_demote_l2_locked(pmap, l2, va, &lock);
2464 * Tries to demote a 2MB page mapping. If demotion fails, the 2MB page
2465 * mapping is invalidated.
2468 pmap_demote_l2_locked(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2469 struct rwlock **lockp)
2471 struct spglist free;
2473 pd_entry_t newl2, oldl2;
2474 pt_entry_t *firstl3, newl3;
2478 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2480 oldl2 = pmap_load(l2);
2481 KASSERT((oldl2 & PTE_RWX) != 0,
2482 ("pmap_demote_l2_locked: oldl2 is not a leaf entry"));
2483 if ((oldl2 & PTE_A) == 0 || (mpte = pmap_remove_pt_page(pmap, va)) ==
2485 if ((oldl2 & PTE_A) == 0 || (mpte = vm_page_alloc(NULL,
2486 pmap_l2_pindex(va), (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT :
2487 VM_ALLOC_NORMAL) | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) ==
2490 (void)pmap_remove_l2(pmap, l2, va & ~L2_OFFSET,
2491 pmap_load(pmap_l1(pmap, va)), &free, lockp);
2492 vm_page_free_pages_toq(&free, true);
2493 CTR2(KTR_PMAP, "pmap_demote_l2_locked: "
2494 "failure for va %#lx in pmap %p", va, pmap);
2497 if (va < VM_MAXUSER_ADDRESS) {
2498 mpte->ref_count = Ln_ENTRIES;
2499 pmap_resident_count_inc(pmap, 1);
2502 mptepa = VM_PAGE_TO_PHYS(mpte);
2503 firstl3 = (pt_entry_t *)PHYS_TO_DMAP(mptepa);
2504 newl2 = ((mptepa / PAGE_SIZE) << PTE_PPN0_S) | PTE_V;
2505 KASSERT((oldl2 & PTE_A) != 0,
2506 ("pmap_demote_l2_locked: oldl2 is missing PTE_A"));
2507 KASSERT((oldl2 & (PTE_D | PTE_W)) != PTE_W,
2508 ("pmap_demote_l2_locked: oldl2 is missing PTE_D"));
2512 * If the page table page is not leftover from an earlier promotion,
2515 if (mpte->valid == 0) {
2516 for (i = 0; i < Ln_ENTRIES; i++)
2517 pmap_store(firstl3 + i, newl3 + (i << PTE_PPN0_S));
2519 KASSERT(PTE_TO_PHYS(pmap_load(firstl3)) == PTE_TO_PHYS(newl3),
2520 ("pmap_demote_l2_locked: firstl3 and newl3 map different physical "
2524 * If the mapping has changed attributes, update the page table
2527 if ((pmap_load(firstl3) & PTE_PROMOTE) != (newl3 & PTE_PROMOTE))
2528 for (i = 0; i < Ln_ENTRIES; i++)
2529 pmap_store(firstl3 + i, newl3 + (i << PTE_PPN0_S));
2532 * The spare PV entries must be reserved prior to demoting the
2533 * mapping, that is, prior to changing the L2 entry. Otherwise, the
2534 * state of the L2 entry and the PV lists will be inconsistent, which
2535 * can result in reclaim_pv_chunk() attempting to remove a PV entry from
2536 * the wrong PV list and pmap_pv_demote_l2() failing to find the
2537 * expected PV entry for the 2MB page mapping that is being demoted.
2539 if ((oldl2 & PTE_SW_MANAGED) != 0)
2540 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
2543 * Demote the mapping.
2545 pmap_store(l2, newl2);
2548 * Demote the PV entry.
2550 if ((oldl2 & PTE_SW_MANAGED) != 0)
2551 pmap_pv_demote_l2(pmap, va, PTE_TO_PHYS(oldl2), lockp);
2553 atomic_add_long(&pmap_l2_demotions, 1);
2554 CTR2(KTR_PMAP, "pmap_demote_l2_locked: success for va %#lx in pmap %p",
2559 #if VM_NRESERVLEVEL > 0
2561 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2562 struct rwlock **lockp)
2564 pt_entry_t *firstl3, *l3;
2568 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2571 KASSERT((pmap_load(l2) & PTE_RWX) == 0,
2572 ("pmap_promote_l2: invalid l2 entry %p", l2));
2574 firstl3 = (pt_entry_t *)PHYS_TO_DMAP(PTE_TO_PHYS(pmap_load(l2)));
2575 pa = PTE_TO_PHYS(pmap_load(firstl3));
2576 if ((pa & L2_OFFSET) != 0) {
2577 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx pmap %p",
2579 atomic_add_long(&pmap_l2_p_failures, 1);
2584 for (l3 = firstl3 + 1; l3 < firstl3 + Ln_ENTRIES; l3++) {
2585 if (PTE_TO_PHYS(pmap_load(l3)) != pa) {
2587 "pmap_promote_l2: failure for va %#lx pmap %p",
2589 atomic_add_long(&pmap_l2_p_failures, 1);
2592 if ((pmap_load(l3) & PTE_PROMOTE) !=
2593 (pmap_load(firstl3) & PTE_PROMOTE)) {
2595 "pmap_promote_l2: failure for va %#lx pmap %p",
2597 atomic_add_long(&pmap_l2_p_failures, 1);
2603 ml3 = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2604 KASSERT(ml3->pindex == pmap_l2_pindex(va),
2605 ("pmap_promote_l2: page table page's pindex is wrong"));
2606 if (pmap_insert_pt_page(pmap, ml3, true)) {
2607 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx pmap %p",
2609 atomic_add_long(&pmap_l2_p_failures, 1);
2613 if ((pmap_load(firstl3) & PTE_SW_MANAGED) != 0)
2614 pmap_pv_promote_l2(pmap, va, PTE_TO_PHYS(pmap_load(firstl3)),
2617 pmap_store(l2, pmap_load(firstl3));
2619 atomic_add_long(&pmap_l2_promotions, 1);
2620 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
2626 * Insert the given physical page (p) at
2627 * the specified virtual address (v) in the
2628 * target physical map with the protection requested.
2630 * If specified, the page will be wired down, meaning
2631 * that the related pte can not be reclaimed.
2633 * NB: This is the only routine which MAY NOT lazy-evaluate
2634 * or lose information. That is, this routine must actually
2635 * insert this page into the given map NOW.
2638 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2639 u_int flags, int8_t psind)
2641 struct rwlock *lock;
2642 pd_entry_t *l1, *l2, l2e;
2643 pt_entry_t new_l3, orig_l3;
2646 vm_paddr_t opa, pa, l2_pa, l3_pa;
2647 vm_page_t mpte, om, l2_m, l3_m;
2649 pn_t l2_pn, l3_pn, pn;
2653 va = trunc_page(va);
2654 if ((m->oflags & VPO_UNMANAGED) == 0)
2655 VM_PAGE_OBJECT_BUSY_ASSERT(m);
2656 pa = VM_PAGE_TO_PHYS(m);
2657 pn = (pa / PAGE_SIZE);
2659 new_l3 = PTE_V | PTE_R | PTE_A;
2660 if (prot & VM_PROT_EXECUTE)
2662 if (flags & VM_PROT_WRITE)
2664 if (prot & VM_PROT_WRITE)
2666 if (va < VM_MAX_USER_ADDRESS)
2669 new_l3 |= (pn << PTE_PPN0_S);
2670 if ((flags & PMAP_ENTER_WIRED) != 0)
2671 new_l3 |= PTE_SW_WIRED;
2674 * Set modified bit gratuitously for writeable mappings if
2675 * the page is unmanaged. We do not want to take a fault
2676 * to do the dirty bit accounting for these mappings.
2678 if ((m->oflags & VPO_UNMANAGED) != 0) {
2679 if (prot & VM_PROT_WRITE)
2682 new_l3 |= PTE_SW_MANAGED;
2684 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
2688 rw_rlock(&pvh_global_lock);
2691 /* Assert the required virtual and physical alignment. */
2692 KASSERT((va & L2_OFFSET) == 0,
2693 ("pmap_enter: va %#lx unaligned", va));
2694 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
2695 rv = pmap_enter_l2(pmap, va, new_l3, flags, m, &lock);
2699 l2 = pmap_l2(pmap, va);
2700 if (l2 != NULL && ((l2e = pmap_load(l2)) & PTE_V) != 0 &&
2701 ((l2e & PTE_RWX) == 0 || pmap_demote_l2_locked(pmap, l2,
2703 l3 = pmap_l2_to_l3(l2, va);
2704 if (va < VM_MAXUSER_ADDRESS) {
2705 mpte = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2708 } else if (va < VM_MAXUSER_ADDRESS) {
2709 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
2710 mpte = pmap_alloc_l3(pmap, va, nosleep ? NULL : &lock);
2711 if (mpte == NULL && nosleep) {
2712 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
2715 rw_runlock(&pvh_global_lock);
2717 return (KERN_RESOURCE_SHORTAGE);
2719 l3 = pmap_l3(pmap, va);
2721 l3 = pmap_l3(pmap, va);
2722 /* TODO: This is not optimal, but should mostly work */
2725 l2_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2726 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2729 panic("pmap_enter: l2 pte_m == NULL");
2730 if ((l2_m->flags & PG_ZERO) == 0)
2731 pmap_zero_page(l2_m);
2733 l2_pa = VM_PAGE_TO_PHYS(l2_m);
2734 l2_pn = (l2_pa / PAGE_SIZE);
2736 l1 = pmap_l1(pmap, va);
2738 entry |= (l2_pn << PTE_PPN0_S);
2739 pmap_store(l1, entry);
2740 pmap_distribute_l1(pmap, pmap_l1_index(va), entry);
2741 l2 = pmap_l1_to_l2(l1, va);
2744 l3_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2745 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2747 panic("pmap_enter: l3 pte_m == NULL");
2748 if ((l3_m->flags & PG_ZERO) == 0)
2749 pmap_zero_page(l3_m);
2751 l3_pa = VM_PAGE_TO_PHYS(l3_m);
2752 l3_pn = (l3_pa / PAGE_SIZE);
2754 entry |= (l3_pn << PTE_PPN0_S);
2755 pmap_store(l2, entry);
2756 l3 = pmap_l2_to_l3(l2, va);
2758 pmap_invalidate_page(pmap, va);
2761 orig_l3 = pmap_load(l3);
2762 opa = PTE_TO_PHYS(orig_l3);
2766 * Is the specified virtual address already mapped?
2768 if ((orig_l3 & PTE_V) != 0) {
2770 * Wiring change, just update stats. We don't worry about
2771 * wiring PT pages as they remain resident as long as there
2772 * are valid mappings in them. Hence, if a user page is wired,
2773 * the PT page will be also.
2775 if ((flags & PMAP_ENTER_WIRED) != 0 &&
2776 (orig_l3 & PTE_SW_WIRED) == 0)
2777 pmap->pm_stats.wired_count++;
2778 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
2779 (orig_l3 & PTE_SW_WIRED) != 0)
2780 pmap->pm_stats.wired_count--;
2783 * Remove the extra PT page reference.
2787 KASSERT(mpte->ref_count > 0,
2788 ("pmap_enter: missing reference to page table page,"
2793 * Has the physical page changed?
2797 * No, might be a protection or wiring change.
2799 if ((orig_l3 & PTE_SW_MANAGED) != 0 &&
2800 (new_l3 & PTE_W) != 0)
2801 vm_page_aflag_set(m, PGA_WRITEABLE);
2806 * The physical page has changed. Temporarily invalidate
2807 * the mapping. This ensures that all threads sharing the
2808 * pmap keep a consistent view of the mapping, which is
2809 * necessary for the correct handling of COW faults. It
2810 * also permits reuse of the old mapping's PV entry,
2811 * avoiding an allocation.
2813 * For consistency, handle unmanaged mappings the same way.
2815 orig_l3 = pmap_load_clear(l3);
2816 KASSERT(PTE_TO_PHYS(orig_l3) == opa,
2817 ("pmap_enter: unexpected pa update for %#lx", va));
2818 if ((orig_l3 & PTE_SW_MANAGED) != 0) {
2819 om = PHYS_TO_VM_PAGE(opa);
2822 * The pmap lock is sufficient to synchronize with
2823 * concurrent calls to pmap_page_test_mappings() and
2824 * pmap_ts_referenced().
2826 if ((orig_l3 & PTE_D) != 0)
2828 if ((orig_l3 & PTE_A) != 0)
2829 vm_page_aflag_set(om, PGA_REFERENCED);
2830 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
2831 pv = pmap_pvh_remove(&om->md, pmap, va);
2833 ("pmap_enter: no PV entry for %#lx", va));
2834 if ((new_l3 & PTE_SW_MANAGED) == 0)
2835 free_pv_entry(pmap, pv);
2836 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
2837 TAILQ_EMPTY(&om->md.pv_list) &&
2838 ((om->flags & PG_FICTITIOUS) != 0 ||
2839 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
2840 vm_page_aflag_clear(om, PGA_WRITEABLE);
2842 pmap_invalidate_page(pmap, va);
2846 * Increment the counters.
2848 if ((new_l3 & PTE_SW_WIRED) != 0)
2849 pmap->pm_stats.wired_count++;
2850 pmap_resident_count_inc(pmap, 1);
2853 * Enter on the PV list if part of our managed memory.
2855 if ((new_l3 & PTE_SW_MANAGED) != 0) {
2857 pv = get_pv_entry(pmap, &lock);
2860 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
2861 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2863 if ((new_l3 & PTE_W) != 0)
2864 vm_page_aflag_set(m, PGA_WRITEABLE);
2869 * Sync the i-cache on all harts before updating the PTE
2870 * if the new PTE is executable.
2872 if (prot & VM_PROT_EXECUTE)
2873 pmap_sync_icache(pmap, va, PAGE_SIZE);
2876 * Update the L3 entry.
2879 orig_l3 = pmap_load_store(l3, new_l3);
2880 pmap_invalidate_page(pmap, va);
2881 KASSERT(PTE_TO_PHYS(orig_l3) == pa,
2882 ("pmap_enter: invalid update"));
2883 if ((orig_l3 & (PTE_D | PTE_SW_MANAGED)) ==
2884 (PTE_D | PTE_SW_MANAGED))
2887 pmap_store(l3, new_l3);
2890 #if VM_NRESERVLEVEL > 0
2891 if (mpte != NULL && mpte->ref_count == Ln_ENTRIES &&
2892 pmap_ps_enabled(pmap) &&
2893 (m->flags & PG_FICTITIOUS) == 0 &&
2894 vm_reserv_level_iffullpop(m) == 0)
2895 pmap_promote_l2(pmap, l2, va, &lock);
2902 rw_runlock(&pvh_global_lock);
2908 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
2909 * if successful. Returns false if (1) a page table page cannot be allocated
2910 * without sleeping, (2) a mapping already exists at the specified virtual
2911 * address, or (3) a PV entry cannot be allocated without reclaiming another
2915 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2916 struct rwlock **lockp)
2921 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2923 pn = VM_PAGE_TO_PHYS(m) / PAGE_SIZE;
2924 new_l2 = (pd_entry_t)((pn << PTE_PPN0_S) | PTE_R | PTE_V);
2925 if ((m->oflags & VPO_UNMANAGED) == 0)
2926 new_l2 |= PTE_SW_MANAGED;
2927 if ((prot & VM_PROT_EXECUTE) != 0)
2929 if (va < VM_MAXUSER_ADDRESS)
2931 return (pmap_enter_l2(pmap, va, new_l2, PMAP_ENTER_NOSLEEP |
2932 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
2937 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
2938 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
2939 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
2940 * a mapping already exists at the specified virtual address. Returns
2941 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
2942 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
2943 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
2945 * The parameter "m" is only used when creating a managed, writeable mapping.
2948 pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2, u_int flags,
2949 vm_page_t m, struct rwlock **lockp)
2951 struct spglist free;
2952 pd_entry_t *l2, *l3, oldl2;
2956 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2958 if ((l2pg = pmap_alloc_l2(pmap, va, (flags & PMAP_ENTER_NOSLEEP) != 0 ?
2959 NULL : lockp)) == NULL) {
2960 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx in pmap %p",
2962 return (KERN_RESOURCE_SHORTAGE);
2965 l2 = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(l2pg));
2966 l2 = &l2[pmap_l2_index(va)];
2967 if ((oldl2 = pmap_load(l2)) != 0) {
2968 KASSERT(l2pg->ref_count > 1,
2969 ("pmap_enter_l2: l2pg's ref count is too low"));
2970 if ((flags & PMAP_ENTER_NOREPLACE) != 0) {
2973 "pmap_enter_l2: failure for va %#lx in pmap %p",
2975 return (KERN_FAILURE);
2978 if ((oldl2 & PTE_RWX) != 0)
2979 (void)pmap_remove_l2(pmap, l2, va,
2980 pmap_load(pmap_l1(pmap, va)), &free, lockp);
2982 for (sva = va; sva < va + L2_SIZE; sva += PAGE_SIZE) {
2983 l3 = pmap_l2_to_l3(l2, sva);
2984 if ((pmap_load(l3) & PTE_V) != 0 &&
2985 pmap_remove_l3(pmap, l3, sva, oldl2, &free,
2989 vm_page_free_pages_toq(&free, true);
2990 if (va >= VM_MAXUSER_ADDRESS) {
2992 * Both pmap_remove_l2() and pmap_remove_l3() will
2993 * leave the kernel page table page zero filled.
2995 mt = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2996 if (pmap_insert_pt_page(pmap, mt, false))
2997 panic("pmap_enter_l2: trie insert failed");
2999 KASSERT(pmap_load(l2) == 0,
3000 ("pmap_enter_l2: non-zero L2 entry %p", l2));
3003 if ((new_l2 & PTE_SW_MANAGED) != 0) {
3005 * Abort this mapping if its PV entry could not be created.
3007 if (!pmap_pv_insert_l2(pmap, va, new_l2, flags, lockp)) {
3009 if (pmap_unwire_ptp(pmap, va, l2pg, &free)) {
3011 * Although "va" is not mapped, paging-structure
3012 * caches could nonetheless have entries that
3013 * refer to the freed page table pages.
3014 * Invalidate those entries.
3016 pmap_invalidate_page(pmap, va);
3017 vm_page_free_pages_toq(&free, true);
3020 "pmap_enter_l2: failure for va %#lx in pmap %p",
3022 return (KERN_RESOURCE_SHORTAGE);
3024 if ((new_l2 & PTE_W) != 0)
3025 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3026 vm_page_aflag_set(mt, PGA_WRITEABLE);
3030 * Increment counters.
3032 if ((new_l2 & PTE_SW_WIRED) != 0)
3033 pmap->pm_stats.wired_count += L2_SIZE / PAGE_SIZE;
3034 pmap->pm_stats.resident_count += L2_SIZE / PAGE_SIZE;
3037 * Map the superpage.
3039 pmap_store(l2, new_l2);
3041 atomic_add_long(&pmap_l2_mappings, 1);
3042 CTR2(KTR_PMAP, "pmap_enter_l2: success for va %#lx in pmap %p",
3045 return (KERN_SUCCESS);
3049 * Maps a sequence of resident pages belonging to the same object.
3050 * The sequence begins with the given page m_start. This page is
3051 * mapped at the given virtual address start. Each subsequent page is
3052 * mapped at a virtual address that is offset from start by the same
3053 * amount as the page is offset from m_start within the object. The
3054 * last page in the sequence is the page with the largest offset from
3055 * m_start that can be mapped at a virtual address less than the given
3056 * virtual address end. Not every virtual page between start and end
3057 * is mapped; only those for which a resident page exists with the
3058 * corresponding offset from m_start are mapped.
3061 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3062 vm_page_t m_start, vm_prot_t prot)
3064 struct rwlock *lock;
3067 vm_pindex_t diff, psize;
3069 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3071 psize = atop(end - start);
3075 rw_rlock(&pvh_global_lock);
3077 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3078 va = start + ptoa(diff);
3079 if ((va & L2_OFFSET) == 0 && va + L2_SIZE <= end &&
3080 m->psind == 1 && pmap_ps_enabled(pmap) &&
3081 pmap_enter_2mpage(pmap, va, m, prot, &lock))
3082 m = &m[L2_SIZE / PAGE_SIZE - 1];
3084 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte,
3086 m = TAILQ_NEXT(m, listq);
3090 rw_runlock(&pvh_global_lock);
3095 * this code makes some *MAJOR* assumptions:
3096 * 1. Current pmap & pmap exists.
3099 * 4. No page table pages.
3100 * but is *MUCH* faster than pmap_enter...
3104 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3106 struct rwlock *lock;
3109 rw_rlock(&pvh_global_lock);
3111 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3114 rw_runlock(&pvh_global_lock);
3119 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3120 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3122 struct spglist free;
3125 pt_entry_t *l3, newl3;
3127 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3128 (m->oflags & VPO_UNMANAGED) != 0,
3129 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3130 rw_assert(&pvh_global_lock, RA_LOCKED);
3131 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3133 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3135 * In the case that a page table page is not
3136 * resident, we are creating it here.
3138 if (va < VM_MAXUSER_ADDRESS) {
3139 vm_pindex_t l2pindex;
3142 * Calculate pagetable page index
3144 l2pindex = pmap_l2_pindex(va);
3145 if (mpte && (mpte->pindex == l2pindex)) {
3151 l2 = pmap_l2(pmap, va);
3154 * If the page table page is mapped, we just increment
3155 * the hold count, and activate it. Otherwise, we
3156 * attempt to allocate a page table page. If this
3157 * attempt fails, we don't retry. Instead, we give up.
3159 if (l2 != NULL && pmap_load(l2) != 0) {
3160 phys = PTE_TO_PHYS(pmap_load(l2));
3161 mpte = PHYS_TO_VM_PAGE(phys);
3165 * Pass NULL instead of the PV list lock
3166 * pointer, because we don't intend to sleep.
3168 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
3173 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
3174 l3 = &l3[pmap_l3_index(va)];
3177 l3 = pmap_l3(kernel_pmap, va);
3180 panic("pmap_enter_quick_locked: No l3");
3181 if (pmap_load(l3) != 0) {
3190 * Enter on the PV list if part of our managed memory.
3192 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3193 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
3196 if (pmap_unwire_ptp(pmap, va, mpte, &free)) {
3197 pmap_invalidate_page(pmap, va);
3198 vm_page_free_pages_toq(&free, false);
3206 * Increment counters
3208 pmap_resident_count_inc(pmap, 1);
3210 newl3 = ((VM_PAGE_TO_PHYS(m) / PAGE_SIZE) << PTE_PPN0_S) |
3212 if ((prot & VM_PROT_EXECUTE) != 0)
3214 if ((m->oflags & VPO_UNMANAGED) == 0)
3215 newl3 |= PTE_SW_MANAGED;
3216 if (va < VM_MAX_USER_ADDRESS)
3220 * Sync the i-cache on all harts before updating the PTE
3221 * if the new PTE is executable.
3223 if (prot & VM_PROT_EXECUTE)
3224 pmap_sync_icache(pmap, va, PAGE_SIZE);
3226 pmap_store(l3, newl3);
3228 pmap_invalidate_page(pmap, va);
3233 * This code maps large physical mmap regions into the
3234 * processor address space. Note that some shortcuts
3235 * are taken, but the code works.
3238 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3239 vm_pindex_t pindex, vm_size_t size)
3242 VM_OBJECT_ASSERT_WLOCKED(object);
3243 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3244 ("pmap_object_init_pt: non-device object"));
3248 * Clear the wired attribute from the mappings for the specified range of
3249 * addresses in the given pmap. Every valid mapping within that range
3250 * must have the wired attribute set. In contrast, invalid mappings
3251 * cannot have the wired attribute set, so they are ignored.
3253 * The wired attribute of the page table entry is not a hardware feature,
3254 * so there is no need to invalidate any TLB entries.
3257 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3259 vm_offset_t va_next;
3260 pd_entry_t *l1, *l2, l2e;
3261 pt_entry_t *l3, l3e;
3262 bool pv_lists_locked;
3264 pv_lists_locked = false;
3267 for (; sva < eva; sva = va_next) {
3268 l1 = pmap_l1(pmap, sva);
3269 if (pmap_load(l1) == 0) {
3270 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3276 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3280 l2 = pmap_l1_to_l2(l1, sva);
3281 if ((l2e = pmap_load(l2)) == 0)
3283 if ((l2e & PTE_RWX) != 0) {
3284 if (sva + L2_SIZE == va_next && eva >= va_next) {
3285 if ((l2e & PTE_SW_WIRED) == 0)
3286 panic("pmap_unwire: l2 %#jx is missing "
3287 "PTE_SW_WIRED", (uintmax_t)l2e);
3288 pmap_clear_bits(l2, PTE_SW_WIRED);
3291 if (!pv_lists_locked) {
3292 pv_lists_locked = true;
3293 if (!rw_try_rlock(&pvh_global_lock)) {
3295 rw_rlock(&pvh_global_lock);
3300 if (!pmap_demote_l2(pmap, l2, sva))
3301 panic("pmap_unwire: demotion failed");
3307 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
3309 if ((l3e = pmap_load(l3)) == 0)
3311 if ((l3e & PTE_SW_WIRED) == 0)
3312 panic("pmap_unwire: l3 %#jx is missing "
3313 "PTE_SW_WIRED", (uintmax_t)l3e);
3316 * PG_W must be cleared atomically. Although the pmap
3317 * lock synchronizes access to PG_W, another processor
3318 * could be setting PG_M and/or PG_A concurrently.
3320 pmap_clear_bits(l3, PTE_SW_WIRED);
3321 pmap->pm_stats.wired_count--;
3324 if (pv_lists_locked)
3325 rw_runlock(&pvh_global_lock);
3330 * Copy the range specified by src_addr/len
3331 * from the source map to the range dst_addr/len
3332 * in the destination map.
3334 * This routine is only advisory and need not do anything.
3338 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
3339 vm_offset_t src_addr)
3345 * pmap_zero_page zeros the specified hardware page by mapping
3346 * the page into KVM and using bzero to clear its contents.
3349 pmap_zero_page(vm_page_t m)
3351 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3353 pagezero((void *)va);
3357 * pmap_zero_page_area zeros the specified hardware page by mapping
3358 * the page into KVM and using bzero to clear its contents.
3360 * off and size may not cover an area beyond a single hardware page.
3363 pmap_zero_page_area(vm_page_t m, int off, int size)
3365 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3367 if (off == 0 && size == PAGE_SIZE)
3368 pagezero((void *)va);
3370 bzero((char *)va + off, size);
3374 * pmap_copy_page copies the specified (machine independent)
3375 * page by mapping the page into virtual memory and using
3376 * bcopy to copy the page, one machine dependent page at a
3380 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
3382 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
3383 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
3385 pagecopy((void *)src, (void *)dst);
3388 int unmapped_buf_allowed = 1;
3391 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3392 vm_offset_t b_offset, int xfersize)
3396 vm_paddr_t p_a, p_b;
3397 vm_offset_t a_pg_offset, b_pg_offset;
3400 while (xfersize > 0) {
3401 a_pg_offset = a_offset & PAGE_MASK;
3402 m_a = ma[a_offset >> PAGE_SHIFT];
3403 p_a = m_a->phys_addr;
3404 b_pg_offset = b_offset & PAGE_MASK;
3405 m_b = mb[b_offset >> PAGE_SHIFT];
3406 p_b = m_b->phys_addr;
3407 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3408 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3409 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
3410 panic("!DMAP a %lx", p_a);
3412 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
3414 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
3415 panic("!DMAP b %lx", p_b);
3417 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
3419 bcopy(a_cp, b_cp, cnt);
3427 pmap_quick_enter_page(vm_page_t m)
3430 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
3434 pmap_quick_remove_page(vm_offset_t addr)
3439 * Returns true if the pmap's pv is one of the first
3440 * 16 pvs linked to from this page. This count may
3441 * be changed upwards or downwards in the future; it
3442 * is only necessary that true be returned for a small
3443 * subset of pmaps for proper page aging.
3446 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3448 struct md_page *pvh;
3449 struct rwlock *lock;
3454 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3455 ("pmap_page_exists_quick: page %p is not managed", m));
3457 rw_rlock(&pvh_global_lock);
3458 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3460 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3461 if (PV_PMAP(pv) == pmap) {
3469 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
3470 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3471 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3472 if (PV_PMAP(pv) == pmap) {
3482 rw_runlock(&pvh_global_lock);
3487 * pmap_page_wired_mappings:
3489 * Return the number of managed mappings to the given physical page
3493 pmap_page_wired_mappings(vm_page_t m)
3495 struct md_page *pvh;
3496 struct rwlock *lock;
3501 int count, md_gen, pvh_gen;
3503 if ((m->oflags & VPO_UNMANAGED) != 0)
3505 rw_rlock(&pvh_global_lock);
3506 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3510 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3512 if (!PMAP_TRYLOCK(pmap)) {
3513 md_gen = m->md.pv_gen;
3517 if (md_gen != m->md.pv_gen) {
3522 l3 = pmap_l3(pmap, pv->pv_va);
3523 if ((pmap_load(l3) & PTE_SW_WIRED) != 0)
3527 if ((m->flags & PG_FICTITIOUS) == 0) {
3528 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3529 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3531 if (!PMAP_TRYLOCK(pmap)) {
3532 md_gen = m->md.pv_gen;
3533 pvh_gen = pvh->pv_gen;
3537 if (md_gen != m->md.pv_gen ||
3538 pvh_gen != pvh->pv_gen) {
3543 l2 = pmap_l2(pmap, pv->pv_va);
3544 if ((pmap_load(l2) & PTE_SW_WIRED) != 0)
3550 rw_runlock(&pvh_global_lock);
3555 * Returns true if the given page is mapped individually or as part of
3556 * a 2mpage. Otherwise, returns false.
3559 pmap_page_is_mapped(vm_page_t m)
3561 struct rwlock *lock;
3564 if ((m->oflags & VPO_UNMANAGED) != 0)
3566 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3568 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
3569 ((m->flags & PG_FICTITIOUS) == 0 &&
3570 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
3576 pmap_remove_pages_pv(pmap_t pmap, vm_page_t m, pv_entry_t pv,
3577 struct spglist *free, bool superpage)
3579 struct md_page *pvh;
3583 pmap_resident_count_dec(pmap, Ln_ENTRIES);
3584 pvh = pa_to_pvh(m->phys_addr);
3585 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
3587 if (TAILQ_EMPTY(&pvh->pv_list)) {
3588 for (mt = m; mt < &m[Ln_ENTRIES]; mt++)
3589 if (TAILQ_EMPTY(&mt->md.pv_list) &&
3590 (mt->a.flags & PGA_WRITEABLE) != 0)
3591 vm_page_aflag_clear(mt, PGA_WRITEABLE);
3593 mpte = pmap_remove_pt_page(pmap, pv->pv_va);
3595 KASSERT(mpte->valid == VM_PAGE_BITS_ALL,
3596 ("pmap_remove_pages: pte page not promoted"));
3597 pmap_resident_count_dec(pmap, 1);
3598 KASSERT(mpte->ref_count == Ln_ENTRIES,
3599 ("pmap_remove_pages: pte page ref count error"));
3600 mpte->ref_count = 0;
3601 pmap_add_delayed_free_list(mpte, free, FALSE);
3604 pmap_resident_count_dec(pmap, 1);
3605 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3607 if (TAILQ_EMPTY(&m->md.pv_list) &&
3608 (m->a.flags & PGA_WRITEABLE) != 0) {
3609 pvh = pa_to_pvh(m->phys_addr);
3610 if (TAILQ_EMPTY(&pvh->pv_list))
3611 vm_page_aflag_clear(m, PGA_WRITEABLE);
3617 * Destroy all managed, non-wired mappings in the given user-space
3618 * pmap. This pmap cannot be active on any processor besides the
3621 * This function cannot be applied to the kernel pmap. Moreover, it
3622 * is not intended for general use. It is only to be used during
3623 * process termination. Consequently, it can be implemented in ways
3624 * that make it faster than pmap_remove(). First, it can more quickly
3625 * destroy mappings by iterating over the pmap's collection of PV
3626 * entries, rather than searching the page table. Second, it doesn't
3627 * have to test and clear the page table entries atomically, because
3628 * no processor is currently accessing the user address space. In
3629 * particular, a page table entry's dirty bit won't change state once
3630 * this function starts.
3633 pmap_remove_pages(pmap_t pmap)
3635 struct spglist free;
3637 pt_entry_t *pte, tpte;
3640 struct pv_chunk *pc, *npc;
3641 struct rwlock *lock;
3643 uint64_t inuse, bitmask;
3644 int allfree, field, freed, idx;
3650 rw_rlock(&pvh_global_lock);
3652 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3655 for (field = 0; field < _NPCM; field++) {
3656 inuse = ~pc->pc_map[field] & pc_freemask[field];
3657 while (inuse != 0) {
3658 bit = ffsl(inuse) - 1;
3659 bitmask = 1UL << bit;
3660 idx = field * 64 + bit;
3661 pv = &pc->pc_pventry[idx];
3664 pte = pmap_l1(pmap, pv->pv_va);
3665 ptepde = pmap_load(pte);
3666 pte = pmap_l1_to_l2(pte, pv->pv_va);
3667 tpte = pmap_load(pte);
3668 if ((tpte & PTE_RWX) != 0) {
3672 pte = pmap_l2_to_l3(pte, pv->pv_va);
3673 tpte = pmap_load(pte);
3678 * We cannot remove wired pages from a
3679 * process' mapping at this time.
3681 if (tpte & PTE_SW_WIRED) {
3686 m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(tpte));
3687 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
3688 m < &vm_page_array[vm_page_array_size],
3689 ("pmap_remove_pages: bad pte %#jx",
3695 * Update the vm_page_t clean/reference bits.
3697 if ((tpte & (PTE_D | PTE_W)) ==
3701 mt < &m[Ln_ENTRIES]; mt++)
3707 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
3710 pc->pc_map[field] |= bitmask;
3712 pmap_remove_pages_pv(pmap, m, pv, &free,
3714 pmap_unuse_pt(pmap, pv->pv_va, ptepde, &free);
3718 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
3719 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
3720 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
3722 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3728 pmap_invalidate_all(pmap);
3729 rw_runlock(&pvh_global_lock);
3731 vm_page_free_pages_toq(&free, false);
3735 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
3737 struct md_page *pvh;
3738 struct rwlock *lock;
3740 pt_entry_t *l3, mask;
3743 int md_gen, pvh_gen;
3753 rw_rlock(&pvh_global_lock);
3754 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3757 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3759 if (!PMAP_TRYLOCK(pmap)) {
3760 md_gen = m->md.pv_gen;
3764 if (md_gen != m->md.pv_gen) {
3769 l3 = pmap_l3(pmap, pv->pv_va);
3770 rv = (pmap_load(l3) & mask) == mask;
3775 if ((m->flags & PG_FICTITIOUS) == 0) {
3776 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3777 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3779 if (!PMAP_TRYLOCK(pmap)) {
3780 md_gen = m->md.pv_gen;
3781 pvh_gen = pvh->pv_gen;
3785 if (md_gen != m->md.pv_gen ||
3786 pvh_gen != pvh->pv_gen) {
3791 l2 = pmap_l2(pmap, pv->pv_va);
3792 rv = (pmap_load(l2) & mask) == mask;
3800 rw_runlock(&pvh_global_lock);
3807 * Return whether or not the specified physical page was modified
3808 * in any physical maps.
3811 pmap_is_modified(vm_page_t m)
3814 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3815 ("pmap_is_modified: page %p is not managed", m));
3818 * If the page is not busied then this check is racy.
3820 if (!pmap_page_is_write_mapped(m))
3822 return (pmap_page_test_mappings(m, FALSE, TRUE));
3826 * pmap_is_prefaultable:
3828 * Return whether or not the specified virtual address is eligible
3832 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3839 l3 = pmap_l3(pmap, addr);
3840 if (l3 != NULL && pmap_load(l3) != 0) {
3848 * pmap_is_referenced:
3850 * Return whether or not the specified physical page was referenced
3851 * in any physical maps.
3854 pmap_is_referenced(vm_page_t m)
3857 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3858 ("pmap_is_referenced: page %p is not managed", m));
3859 return (pmap_page_test_mappings(m, TRUE, FALSE));
3863 * Clear the write and modified bits in each of the given page's mappings.
3866 pmap_remove_write(vm_page_t m)
3868 struct md_page *pvh;
3869 struct rwlock *lock;
3872 pt_entry_t *l3, oldl3, newl3;
3873 pv_entry_t next_pv, pv;
3875 int md_gen, pvh_gen;
3877 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3878 ("pmap_remove_write: page %p is not managed", m));
3879 vm_page_assert_busied(m);
3881 if (!pmap_page_is_write_mapped(m))
3883 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3884 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
3885 pa_to_pvh(VM_PAGE_TO_PHYS(m));
3886 rw_rlock(&pvh_global_lock);
3889 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
3891 if (!PMAP_TRYLOCK(pmap)) {
3892 pvh_gen = pvh->pv_gen;
3896 if (pvh_gen != pvh->pv_gen) {
3903 l2 = pmap_l2(pmap, va);
3904 if ((pmap_load(l2) & PTE_W) != 0)
3905 (void)pmap_demote_l2_locked(pmap, l2, va, &lock);
3906 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
3907 ("inconsistent pv lock %p %p for page %p",
3908 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
3911 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3913 if (!PMAP_TRYLOCK(pmap)) {
3914 pvh_gen = pvh->pv_gen;
3915 md_gen = m->md.pv_gen;
3919 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3925 l3 = pmap_l3(pmap, pv->pv_va);
3926 oldl3 = pmap_load(l3);
3928 if ((oldl3 & PTE_W) != 0) {
3929 newl3 = oldl3 & ~(PTE_D | PTE_W);
3930 if (!atomic_fcmpset_long(l3, &oldl3, newl3))
3932 if ((oldl3 & PTE_D) != 0)
3934 pmap_invalidate_page(pmap, pv->pv_va);
3939 vm_page_aflag_clear(m, PGA_WRITEABLE);
3940 rw_runlock(&pvh_global_lock);
3944 * pmap_ts_referenced:
3946 * Return a count of reference bits for a page, clearing those bits.
3947 * It is not necessary for every reference bit to be cleared, but it
3948 * is necessary that 0 only be returned when there are truly no
3949 * reference bits set.
3951 * As an optimization, update the page's dirty field if a modified bit is
3952 * found while counting reference bits. This opportunistic update can be
3953 * performed at low cost and can eliminate the need for some future calls
3954 * to pmap_is_modified(). However, since this function stops after
3955 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
3956 * dirty pages. Those dirty pages will only be detected by a future call
3957 * to pmap_is_modified().
3960 pmap_ts_referenced(vm_page_t m)
3962 struct spglist free;
3963 struct md_page *pvh;
3964 struct rwlock *lock;
3967 pd_entry_t *l2, l2e;
3968 pt_entry_t *l3, l3e;
3971 int cleared, md_gen, not_cleared, pvh_gen;
3973 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3974 ("pmap_ts_referenced: page %p is not managed", m));
3977 pa = VM_PAGE_TO_PHYS(m);
3978 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
3980 lock = PHYS_TO_PV_LIST_LOCK(pa);
3981 rw_rlock(&pvh_global_lock);
3985 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
3986 goto small_mappings;
3990 if (!PMAP_TRYLOCK(pmap)) {
3991 pvh_gen = pvh->pv_gen;
3995 if (pvh_gen != pvh->pv_gen) {
4001 l2 = pmap_l2(pmap, va);
4002 l2e = pmap_load(l2);
4003 if ((l2e & (PTE_W | PTE_D)) == (PTE_W | PTE_D)) {
4005 * Although l2e is mapping a 2MB page, because
4006 * this function is called at a 4KB page granularity,
4007 * we only update the 4KB page under test.
4011 if ((l2e & PTE_A) != 0) {
4013 * Since this reference bit is shared by 512 4KB
4014 * pages, it should not be cleared every time it is
4015 * tested. Apply a simple "hash" function on the
4016 * physical page number, the virtual superpage number,
4017 * and the pmap address to select one 4KB page out of
4018 * the 512 on which testing the reference bit will
4019 * result in clearing that reference bit. This
4020 * function is designed to avoid the selection of the
4021 * same 4KB page for every 2MB page mapping.
4023 * On demotion, a mapping that hasn't been referenced
4024 * is simply destroyed. To avoid the possibility of a
4025 * subsequent page fault on a demoted wired mapping,
4026 * always leave its reference bit set. Moreover,
4027 * since the superpage is wired, the current state of
4028 * its reference bit won't affect page replacement.
4030 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
4031 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
4032 (l2e & PTE_SW_WIRED) == 0) {
4033 pmap_clear_bits(l2, PTE_A);
4034 pmap_invalidate_page(pmap, va);
4040 /* Rotate the PV list if it has more than one entry. */
4041 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4042 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4043 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4046 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
4048 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
4050 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
4055 if (!PMAP_TRYLOCK(pmap)) {
4056 pvh_gen = pvh->pv_gen;
4057 md_gen = m->md.pv_gen;
4061 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4066 l2 = pmap_l2(pmap, pv->pv_va);
4068 KASSERT((pmap_load(l2) & PTE_RX) == 0,
4069 ("pmap_ts_referenced: found an invalid l2 table"));
4071 l3 = pmap_l2_to_l3(l2, pv->pv_va);
4072 l3e = pmap_load(l3);
4073 if ((l3e & PTE_D) != 0)
4075 if ((l3e & PTE_A) != 0) {
4076 if ((l3e & PTE_SW_WIRED) == 0) {
4078 * Wired pages cannot be paged out so
4079 * doing accessed bit emulation for
4080 * them is wasted effort. We do the
4081 * hard work for unwired pages only.
4083 pmap_clear_bits(l3, PTE_A);
4084 pmap_invalidate_page(pmap, pv->pv_va);
4090 /* Rotate the PV list if it has more than one entry. */
4091 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4092 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4093 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4096 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
4097 not_cleared < PMAP_TS_REFERENCED_MAX);
4100 rw_runlock(&pvh_global_lock);
4101 vm_page_free_pages_toq(&free, false);
4102 return (cleared + not_cleared);
4106 * Apply the given advice to the specified range of addresses within the
4107 * given pmap. Depending on the advice, clear the referenced and/or
4108 * modified flags in each mapping and set the mapped page's dirty field.
4111 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4116 * Clear the modify bits on the specified physical page.
4119 pmap_clear_modify(vm_page_t m)
4121 struct md_page *pvh;
4122 struct rwlock *lock;
4124 pv_entry_t next_pv, pv;
4125 pd_entry_t *l2, oldl2;
4128 int md_gen, pvh_gen;
4130 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4131 ("pmap_clear_modify: page %p is not managed", m));
4132 vm_page_assert_busied(m);
4134 if (!pmap_page_is_write_mapped(m))
4138 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4139 * If the object containing the page is locked and the page is not
4140 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4142 if ((m->a.flags & PGA_WRITEABLE) == 0)
4144 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
4145 pa_to_pvh(VM_PAGE_TO_PHYS(m));
4146 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4147 rw_rlock(&pvh_global_lock);
4150 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
4152 if (!PMAP_TRYLOCK(pmap)) {
4153 pvh_gen = pvh->pv_gen;
4157 if (pvh_gen != pvh->pv_gen) {
4163 l2 = pmap_l2(pmap, va);
4164 oldl2 = pmap_load(l2);
4165 /* If oldl2 has PTE_W set, then it also has PTE_D set. */
4166 if ((oldl2 & PTE_W) != 0 &&
4167 pmap_demote_l2_locked(pmap, l2, va, &lock) &&
4168 (oldl2 & PTE_SW_WIRED) == 0) {
4170 * Write protect the mapping to a single page so that
4171 * a subsequent write access may repromote.
4173 va += VM_PAGE_TO_PHYS(m) - PTE_TO_PHYS(oldl2);
4174 l3 = pmap_l2_to_l3(l2, va);
4175 pmap_clear_bits(l3, PTE_D | PTE_W);
4177 pmap_invalidate_page(pmap, va);
4181 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4183 if (!PMAP_TRYLOCK(pmap)) {
4184 md_gen = m->md.pv_gen;
4185 pvh_gen = pvh->pv_gen;
4189 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4194 l2 = pmap_l2(pmap, pv->pv_va);
4195 KASSERT((pmap_load(l2) & PTE_RWX) == 0,
4196 ("pmap_clear_modify: found a 2mpage in page %p's pv list",
4198 l3 = pmap_l2_to_l3(l2, pv->pv_va);
4199 if ((pmap_load(l3) & (PTE_D | PTE_W)) == (PTE_D | PTE_W)) {
4200 pmap_clear_bits(l3, PTE_D | PTE_W);
4201 pmap_invalidate_page(pmap, pv->pv_va);
4206 rw_runlock(&pvh_global_lock);
4210 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
4213 return ((void *)PHYS_TO_DMAP(pa));
4217 pmap_unmapbios(vm_paddr_t pa, vm_size_t size)
4222 * Sets the memory attribute for the specified page.
4225 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4228 m->md.pv_memattr = ma;
4232 * Perform the pmap work for mincore(2). If the page is not both referenced and
4233 * modified by this pmap, returns its physical address so that the caller can
4234 * find other mappings.
4237 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
4239 pt_entry_t *l2, *l3, tpte;
4245 l2 = pmap_l2(pmap, addr);
4246 if (l2 != NULL && ((tpte = pmap_load(l2)) & PTE_V) != 0) {
4247 if ((tpte & PTE_RWX) != 0) {
4248 pa = PTE_TO_PHYS(tpte) | (addr & L2_OFFSET);
4249 val = MINCORE_INCORE | MINCORE_SUPER;
4251 l3 = pmap_l2_to_l3(l2, addr);
4252 tpte = pmap_load(l3);
4253 if ((tpte & PTE_V) == 0) {
4257 pa = PTE_TO_PHYS(tpte) | (addr & L3_OFFSET);
4258 val = MINCORE_INCORE;
4261 if ((tpte & PTE_D) != 0)
4262 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4263 if ((tpte & PTE_A) != 0)
4264 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4265 managed = (tpte & PTE_SW_MANAGED) == PTE_SW_MANAGED;
4270 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4271 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4279 pmap_activate_sw(struct thread *td)
4281 pmap_t oldpmap, pmap;
4284 oldpmap = PCPU_GET(curpmap);
4285 pmap = vmspace_pmap(td->td_proc->p_vmspace);
4286 if (pmap == oldpmap)
4288 load_satp(pmap->pm_satp);
4290 hart = PCPU_GET(hart);
4292 CPU_SET_ATOMIC(hart, &pmap->pm_active);
4293 CPU_CLR_ATOMIC(hart, &oldpmap->pm_active);
4295 CPU_SET(hart, &pmap->pm_active);
4296 CPU_CLR(hart, &oldpmap->pm_active);
4298 PCPU_SET(curpmap, pmap);
4304 pmap_activate(struct thread *td)
4308 pmap_activate_sw(td);
4313 pmap_activate_boot(pmap_t pmap)
4317 hart = PCPU_GET(hart);
4319 CPU_SET_ATOMIC(hart, &pmap->pm_active);
4321 CPU_SET(hart, &pmap->pm_active);
4323 PCPU_SET(curpmap, pmap);
4327 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
4332 * From the RISC-V User-Level ISA V2.2:
4334 * "To make a store to instruction memory visible to all
4335 * RISC-V harts, the writing hart has to execute a data FENCE
4336 * before requesting that all remote RISC-V harts execute a
4341 CPU_CLR(PCPU_GET(hart), &mask);
4343 if (!CPU_EMPTY(&mask) && smp_started)
4344 sbi_remote_fence_i(mask.__bits);
4349 * Increase the starting virtual address of the given mapping if a
4350 * different alignment might result in more superpage mappings.
4353 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4354 vm_offset_t *addr, vm_size_t size)
4356 vm_offset_t superpage_offset;
4360 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
4361 offset += ptoa(object->pg_color);
4362 superpage_offset = offset & L2_OFFSET;
4363 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
4364 (*addr & L2_OFFSET) == superpage_offset)
4366 if ((*addr & L2_OFFSET) < superpage_offset)
4367 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
4369 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
4373 * Get the kernel virtual address of a set of physical pages. If there are
4374 * physical addresses not covered by the DMAP perform a transient mapping
4375 * that will be removed when calling pmap_unmap_io_transient.
4377 * \param page The pages the caller wishes to obtain the virtual
4378 * address on the kernel memory map.
4379 * \param vaddr On return contains the kernel virtual memory address
4380 * of the pages passed in the page parameter.
4381 * \param count Number of pages passed in.
4382 * \param can_fault TRUE if the thread using the mapped pages can take
4383 * page faults, FALSE otherwise.
4385 * \returns TRUE if the caller must call pmap_unmap_io_transient when
4386 * finished or FALSE otherwise.
4390 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4391 boolean_t can_fault)
4394 boolean_t needs_mapping;
4398 * Allocate any KVA space that we need, this is done in a separate
4399 * loop to prevent calling vmem_alloc while pinned.
4401 needs_mapping = FALSE;
4402 for (i = 0; i < count; i++) {
4403 paddr = VM_PAGE_TO_PHYS(page[i]);
4404 if (__predict_false(paddr >= DMAP_MAX_PHYSADDR)) {
4405 error = vmem_alloc(kernel_arena, PAGE_SIZE,
4406 M_BESTFIT | M_WAITOK, &vaddr[i]);
4407 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
4408 needs_mapping = TRUE;
4410 vaddr[i] = PHYS_TO_DMAP(paddr);
4414 /* Exit early if everything is covered by the DMAP */
4420 for (i = 0; i < count; i++) {
4421 paddr = VM_PAGE_TO_PHYS(page[i]);
4422 if (paddr >= DMAP_MAX_PHYSADDR) {
4424 "pmap_map_io_transient: TODO: Map out of DMAP data");
4428 return (needs_mapping);
4432 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4433 boolean_t can_fault)
4440 for (i = 0; i < count; i++) {
4441 paddr = VM_PAGE_TO_PHYS(page[i]);
4442 if (paddr >= DMAP_MAX_PHYSADDR) {
4443 panic("RISCVTODO: pmap_unmap_io_transient: Unmap data");
4449 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
4452 return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_BACK);
4456 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l1, pd_entry_t **l2,
4459 pd_entry_t *l1p, *l2p;
4461 /* Get l1 directory entry. */
4462 l1p = pmap_l1(pmap, va);
4465 if (l1p == NULL || (pmap_load(l1p) & PTE_V) == 0)
4468 if ((pmap_load(l1p) & PTE_RX) != 0) {
4474 /* Get l2 directory entry. */
4475 l2p = pmap_l1_to_l2(l1p, va);
4478 if (l2p == NULL || (pmap_load(l2p) & PTE_V) == 0)
4481 if ((pmap_load(l2p) & PTE_RX) != 0) {
4486 /* Get l3 page table entry. */
4487 *l3 = pmap_l2_to_l3(l2p, va);
4493 * Track a range of the kernel's virtual address space that is contiguous
4494 * in various mapping attributes.
4496 struct pmap_kernel_map_range {
4505 sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range,
4509 if (eva <= range->sva)
4512 sbuf_printf(sb, "0x%016lx-0x%016lx r%c%c%c%c %d %d %d\n",
4514 (range->attrs & PTE_W) == PTE_W ? 'w' : '-',
4515 (range->attrs & PTE_X) == PTE_X ? 'x' : '-',
4516 (range->attrs & PTE_U) == PTE_U ? 'u' : 's',
4517 (range->attrs & PTE_G) == PTE_G ? 'g' : '-',
4518 range->l1pages, range->l2pages, range->l3pages);
4520 /* Reset to sentinel value. */
4521 range->sva = 0xfffffffffffffffful;
4525 * Determine whether the attributes specified by a page table entry match those
4526 * being tracked by the current range.
4529 sysctl_kmaps_match(struct pmap_kernel_map_range *range, pt_entry_t attrs)
4532 return (range->attrs == attrs);
4536 sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va,
4540 memset(range, 0, sizeof(*range));
4542 range->attrs = attrs;
4546 * Given a leaf PTE, derive the mapping's attributes. If they do not match
4547 * those of the current run, dump the address range and its attributes, and
4551 sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range,
4552 vm_offset_t va, pd_entry_t l1e, pd_entry_t l2e, pt_entry_t l3e)
4556 /* The PTE global bit is inherited by lower levels. */
4557 attrs = l1e & PTE_G;
4558 if ((l1e & PTE_RWX) != 0)
4559 attrs |= l1e & (PTE_RWX | PTE_U);
4561 attrs |= l2e & PTE_G;
4562 if ((l2e & PTE_RWX) != 0)
4563 attrs |= l2e & (PTE_RWX | PTE_U);
4565 attrs |= l3e & (PTE_RWX | PTE_U | PTE_G);
4567 if (range->sva > va || !sysctl_kmaps_match(range, attrs)) {
4568 sysctl_kmaps_dump(sb, range, va);
4569 sysctl_kmaps_reinit(range, va, attrs);
4574 sysctl_kmaps(SYSCTL_HANDLER_ARGS)
4576 struct pmap_kernel_map_range range;
4577 struct sbuf sbuf, *sb;
4578 pd_entry_t l1e, *l2, l2e;
4579 pt_entry_t *l3, l3e;
4584 error = sysctl_wire_old_buffer(req, 0);
4588 sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req);
4590 /* Sentinel value. */
4591 range.sva = 0xfffffffffffffffful;
4594 * Iterate over the kernel page tables without holding the kernel pmap
4595 * lock. Kernel page table pages are never freed, so at worst we will
4596 * observe inconsistencies in the output.
4598 sva = VM_MIN_KERNEL_ADDRESS;
4599 for (i = pmap_l1_index(sva); i < Ln_ENTRIES; i++) {
4600 if (i == pmap_l1_index(DMAP_MIN_ADDRESS))
4601 sbuf_printf(sb, "\nDirect map:\n");
4602 else if (i == pmap_l1_index(VM_MIN_KERNEL_ADDRESS))
4603 sbuf_printf(sb, "\nKernel map:\n");
4605 l1e = kernel_pmap->pm_l1[i];
4606 if ((l1e & PTE_V) == 0) {
4607 sysctl_kmaps_dump(sb, &range, sva);
4611 if ((l1e & PTE_RWX) != 0) {
4612 sysctl_kmaps_check(sb, &range, sva, l1e, 0, 0);
4617 pa = PTE_TO_PHYS(l1e);
4618 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa);
4620 for (j = pmap_l2_index(sva); j < Ln_ENTRIES; j++) {
4622 if ((l2e & PTE_V) == 0) {
4623 sysctl_kmaps_dump(sb, &range, sva);
4627 if ((l2e & PTE_RWX) != 0) {
4628 sysctl_kmaps_check(sb, &range, sva, l1e, l2e, 0);
4633 pa = PTE_TO_PHYS(l2e);
4634 l3 = (pd_entry_t *)PHYS_TO_DMAP(pa);
4636 for (k = pmap_l3_index(sva); k < Ln_ENTRIES; k++,
4639 if ((l3e & PTE_V) == 0) {
4640 sysctl_kmaps_dump(sb, &range, sva);
4643 sysctl_kmaps_check(sb, &range, sva,
4650 error = sbuf_finish(sb);
4654 SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
4655 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
4656 NULL, 0, sysctl_kmaps, "A",
4657 "Dump kernel address layout");
projects / FreeBSD / FreeBSD.git / blob