2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1991 Regents of the University of California.
6 * Copyright (c) 1994 John S. Dyson
8 * Copyright (c) 1994 David Greenman
10 * Copyright (c) 2003 Peter Wemm
11 * All rights reserved.
12 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
13 * All rights reserved.
14 * Copyright (c) 2014 Andrew Turner
15 * All rights reserved.
16 * Copyright (c) 2014 The FreeBSD Foundation
17 * All rights reserved.
18 * Copyright (c) 2015-2018 Ruslan Bukin <br@bsdpad.com>
19 * All rights reserved.
21 * This code is derived from software contributed to Berkeley by
22 * the Systems Programming Group of the University of Utah Computer
23 * Science Department and William Jolitz of UUNET Technologies Inc.
25 * Portions of this software were developed by Andrew Turner under
26 * sponsorship from The FreeBSD Foundation.
28 * Portions of this software were developed by SRI International and the
29 * University of Cambridge Computer Laboratory under DARPA/AFRL contract
30 * FA8750-10-C-0237 ("CTSRD"), as part of the DARPA CRASH research programme.
32 * Portions of this software were developed by the University of Cambridge
33 * Computer Laboratory as part of the CTSRD Project, with support from the
34 * UK Higher Education Innovation Fund (HEIF).
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. All advertising materials mentioning features or use of this software
45 * must display the following acknowledgement:
46 * This product includes software developed by the University of
47 * California, Berkeley and its contributors.
48 * 4. Neither the name of the University nor the names of its contributors
49 * may be used to endorse or promote products derived from this software
50 * without specific prior written permission.
52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
67 * Copyright (c) 2003 Networks Associates Technology, Inc.
68 * All rights reserved.
70 * This software was developed for the FreeBSD Project by Jake Burkholder,
71 * Safeport Network Services, and Network Associates Laboratories, the
72 * Security Research Division of Network Associates, Inc. under
73 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
74 * CHATS research program.
76 * Redistribution and use in source and binary forms, with or without
77 * modification, are permitted provided that the following conditions
79 * 1. Redistributions of source code must retain the above copyright
80 * notice, this list of conditions and the following disclaimer.
81 * 2. Redistributions in binary form must reproduce the above copyright
82 * notice, this list of conditions and the following disclaimer in the
83 * documentation and/or other materials provided with the distribution.
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
98 #include <sys/cdefs.h>
99 __FBSDID("$FreeBSD$");
102 * Manages physical address maps.
104 * Since the information managed by this module is
105 * also stored by the logical address mapping module,
106 * this module may throw away valid virtual-to-physical
107 * mappings at almost any time. However, invalidations
108 * of virtual-to-physical mappings must be done as
111 * In order to cope with hardware architectures which
112 * make virtual-to-physical map invalidates expensive,
113 * this module may delay invalidate or reduced protection
114 * operations until such time as they are actually
115 * necessary. This module is given full information as
116 * to which processors are currently using which maps,
117 * and to when physical maps must be made correct.
120 #include <sys/param.h>
121 #include <sys/systm.h>
122 #include <sys/bitstring.h>
124 #include <sys/cpuset.h>
125 #include <sys/kernel.h>
127 #include <sys/lock.h>
128 #include <sys/malloc.h>
129 #include <sys/mman.h>
130 #include <sys/msgbuf.h>
131 #include <sys/mutex.h>
132 #include <sys/physmem.h>
133 #include <sys/proc.h>
134 #include <sys/rwlock.h>
135 #include <sys/sbuf.h>
137 #include <sys/vmem.h>
138 #include <sys/vmmeter.h>
139 #include <sys/sched.h>
140 #include <sys/sysctl.h>
144 #include <vm/vm_param.h>
145 #include <vm/vm_kern.h>
146 #include <vm/vm_page.h>
147 #include <vm/vm_map.h>
148 #include <vm/vm_object.h>
149 #include <vm/vm_extern.h>
150 #include <vm/vm_pageout.h>
151 #include <vm/vm_pager.h>
152 #include <vm/vm_phys.h>
153 #include <vm/vm_radix.h>
154 #include <vm/vm_reserv.h>
157 #include <machine/machdep.h>
158 #include <machine/md_var.h>
159 #include <machine/pcb.h>
160 #include <machine/sbi.h>
162 #define NUL1E (Ln_ENTRIES * Ln_ENTRIES)
163 #define NUL2E (Ln_ENTRIES * NUL1E)
165 #if !defined(DIAGNOSTIC)
166 #ifdef __GNUC_GNU_INLINE__
167 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
169 #define PMAP_INLINE extern inline
176 #define PV_STAT(x) do { x ; } while (0)
178 #define PV_STAT(x) do { } while (0)
181 #define pmap_l2_pindex(v) ((v) >> L2_SHIFT)
182 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
184 #define NPV_LIST_LOCKS MAXCPU
186 #define PHYS_TO_PV_LIST_LOCK(pa) \
187 (&pv_list_locks[pmap_l2_pindex(pa) % NPV_LIST_LOCKS])
189 #define CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa) do { \
190 struct rwlock **_lockp = (lockp); \
191 struct rwlock *_new_lock; \
193 _new_lock = PHYS_TO_PV_LIST_LOCK(pa); \
194 if (_new_lock != *_lockp) { \
195 if (*_lockp != NULL) \
196 rw_wunlock(*_lockp); \
197 *_lockp = _new_lock; \
202 #define CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m) \
203 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, VM_PAGE_TO_PHYS(m))
205 #define RELEASE_PV_LIST_LOCK(lockp) do { \
206 struct rwlock **_lockp = (lockp); \
208 if (*_lockp != NULL) { \
209 rw_wunlock(*_lockp); \
214 #define VM_PAGE_TO_PV_LIST_LOCK(m) \
215 PHYS_TO_PV_LIST_LOCK(VM_PAGE_TO_PHYS(m))
217 /* The list of all the user pmaps */
218 LIST_HEAD(pmaplist, pmap);
219 static struct pmaplist allpmaps = LIST_HEAD_INITIALIZER();
221 struct pmap kernel_pmap_store;
223 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
224 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
225 vm_offset_t kernel_vm_end = 0;
227 vm_paddr_t dmap_phys_base; /* The start of the dmap region */
228 vm_paddr_t dmap_phys_max; /* The limit of the dmap region */
229 vm_offset_t dmap_max_addr; /* The virtual address limit of the dmap */
231 /* This code assumes all L1 DMAP entries will be used */
232 CTASSERT((DMAP_MIN_ADDRESS & ~L1_OFFSET) == DMAP_MIN_ADDRESS);
233 CTASSERT((DMAP_MAX_ADDRESS & ~L1_OFFSET) == DMAP_MAX_ADDRESS);
235 static struct rwlock_padalign pvh_global_lock;
236 static struct mtx_padalign allpmaps_lock;
238 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
239 "VM/pmap parameters");
241 static int superpages_enabled = 1;
242 SYSCTL_INT(_vm_pmap, OID_AUTO, superpages_enabled,
243 CTLFLAG_RDTUN, &superpages_enabled, 0,
244 "Enable support for transparent superpages");
246 static SYSCTL_NODE(_vm_pmap, OID_AUTO, l2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
247 "2MB page mapping counters");
249 static u_long pmap_l2_demotions;
250 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, demotions, CTLFLAG_RD,
251 &pmap_l2_demotions, 0,
252 "2MB page demotions");
254 static u_long pmap_l2_mappings;
255 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, mappings, CTLFLAG_RD,
256 &pmap_l2_mappings, 0,
257 "2MB page mappings");
259 static u_long pmap_l2_p_failures;
260 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, p_failures, CTLFLAG_RD,
261 &pmap_l2_p_failures, 0,
262 "2MB page promotion failures");
264 static u_long pmap_l2_promotions;
265 SYSCTL_ULONG(_vm_pmap_l2, OID_AUTO, promotions, CTLFLAG_RD,
266 &pmap_l2_promotions, 0,
267 "2MB page promotions");
270 * Data for the pv entry allocation mechanism
272 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
273 static struct mtx pv_chunks_mutex;
274 static struct rwlock pv_list_locks[NPV_LIST_LOCKS];
275 static struct md_page *pv_table;
276 static struct md_page pv_dummy;
278 extern cpuset_t all_harts;
281 * Internal flags for pmap_enter()'s helper functions.
283 #define PMAP_ENTER_NORECLAIM 0x1000000 /* Don't reclaim PV entries. */
284 #define PMAP_ENTER_NOREPLACE 0x2000000 /* Don't replace mappings. */
286 static void free_pv_chunk(struct pv_chunk *pc);
287 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
288 static pv_entry_t get_pv_entry(pmap_t pmap, struct rwlock **lockp);
289 static vm_page_t reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp);
290 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
291 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
293 static bool pmap_demote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va);
294 static bool pmap_demote_l2_locked(pmap_t pmap, pd_entry_t *l2,
295 vm_offset_t va, struct rwlock **lockp);
296 static int pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2,
297 u_int flags, vm_page_t m, struct rwlock **lockp);
298 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
299 vm_page_t m, vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp);
300 static int pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t sva,
301 pd_entry_t ptepde, struct spglist *free, struct rwlock **lockp);
302 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
303 vm_page_t m, struct rwlock **lockp);
305 static vm_page_t _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex,
306 struct rwlock **lockp);
308 static void _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m,
309 struct spglist *free);
310 static int pmap_unuse_pt(pmap_t, vm_offset_t, pd_entry_t, struct spglist *);
312 #define pmap_clear(pte) pmap_store(pte, 0)
313 #define pmap_clear_bits(pte, bits) atomic_clear_64(pte, bits)
314 #define pmap_load_store(pte, entry) atomic_swap_64(pte, entry)
315 #define pmap_load_clear(pte) pmap_load_store(pte, 0)
316 #define pmap_load(pte) atomic_load_64(pte)
317 #define pmap_store(pte, entry) atomic_store_64(pte, entry)
318 #define pmap_store_bits(pte, bits) atomic_set_64(pte, bits)
320 /********************/
321 /* Inline functions */
322 /********************/
325 pagecopy(void *s, void *d)
328 memcpy(d, s, PAGE_SIZE);
338 #define pmap_l1_index(va) (((va) >> L1_SHIFT) & Ln_ADDR_MASK)
339 #define pmap_l2_index(va) (((va) >> L2_SHIFT) & Ln_ADDR_MASK)
340 #define pmap_l3_index(va) (((va) >> L3_SHIFT) & Ln_ADDR_MASK)
342 #define PTE_TO_PHYS(pte) ((pte >> PTE_PPN0_S) * PAGE_SIZE)
344 static __inline pd_entry_t *
345 pmap_l1(pmap_t pmap, vm_offset_t va)
348 return (&pmap->pm_l1[pmap_l1_index(va)]);
351 static __inline pd_entry_t *
352 pmap_l1_to_l2(pd_entry_t *l1, vm_offset_t va)
357 phys = PTE_TO_PHYS(pmap_load(l1));
358 l2 = (pd_entry_t *)PHYS_TO_DMAP(phys);
360 return (&l2[pmap_l2_index(va)]);
363 static __inline pd_entry_t *
364 pmap_l2(pmap_t pmap, vm_offset_t va)
368 l1 = pmap_l1(pmap, va);
369 if ((pmap_load(l1) & PTE_V) == 0)
371 if ((pmap_load(l1) & PTE_RX) != 0)
374 return (pmap_l1_to_l2(l1, va));
377 static __inline pt_entry_t *
378 pmap_l2_to_l3(pd_entry_t *l2, vm_offset_t va)
383 phys = PTE_TO_PHYS(pmap_load(l2));
384 l3 = (pd_entry_t *)PHYS_TO_DMAP(phys);
386 return (&l3[pmap_l3_index(va)]);
389 static __inline pt_entry_t *
390 pmap_l3(pmap_t pmap, vm_offset_t va)
394 l2 = pmap_l2(pmap, va);
397 if ((pmap_load(l2) & PTE_V) == 0)
399 if ((pmap_load(l2) & PTE_RX) != 0)
402 return (pmap_l2_to_l3(l2, va));
406 pmap_resident_count_inc(pmap_t pmap, int count)
409 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
410 pmap->pm_stats.resident_count += count;
414 pmap_resident_count_dec(pmap_t pmap, int count)
417 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
418 KASSERT(pmap->pm_stats.resident_count >= count,
419 ("pmap %p resident count underflow %ld %d", pmap,
420 pmap->pm_stats.resident_count, count));
421 pmap->pm_stats.resident_count -= count;
425 pmap_distribute_l1(struct pmap *pmap, vm_pindex_t l1index,
428 struct pmap *user_pmap;
431 /* Distribute new kernel L1 entry to all the user pmaps */
432 if (pmap != kernel_pmap)
435 mtx_lock(&allpmaps_lock);
436 LIST_FOREACH(user_pmap, &allpmaps, pm_list) {
437 l1 = &user_pmap->pm_l1[l1index];
438 pmap_store(l1, entry);
440 mtx_unlock(&allpmaps_lock);
444 pmap_early_page_idx(vm_offset_t l1pt, vm_offset_t va, u_int *l1_slot,
450 l1 = (pd_entry_t *)l1pt;
451 *l1_slot = (va >> L1_SHIFT) & Ln_ADDR_MASK;
453 /* Check locore has used a table L1 map */
454 KASSERT((l1[*l1_slot] & PTE_RX) == 0,
455 ("Invalid bootstrap L1 table"));
457 /* Find the address of the L2 table */
458 l2 = (pt_entry_t *)init_pt_va;
459 *l2_slot = pmap_l2_index(va);
465 pmap_early_vtophys(vm_offset_t l1pt, vm_offset_t va)
467 u_int l1_slot, l2_slot;
471 l2 = pmap_early_page_idx(l1pt, va, &l1_slot, &l2_slot);
473 /* Check locore has used L2 superpages */
474 KASSERT((l2[l2_slot] & PTE_RX) != 0,
475 ("Invalid bootstrap L2 table"));
477 /* L2 is superpages */
478 ret = (l2[l2_slot] >> PTE_PPN1_S) << L2_SHIFT;
479 ret += (va & L2_OFFSET);
485 pmap_bootstrap_dmap(vm_offset_t kern_l1, vm_paddr_t min_pa, vm_paddr_t max_pa)
494 pa = dmap_phys_base = min_pa & ~L1_OFFSET;
495 va = DMAP_MIN_ADDRESS;
496 l1 = (pd_entry_t *)kern_l1;
497 l1_slot = pmap_l1_index(DMAP_MIN_ADDRESS);
499 for (; va < DMAP_MAX_ADDRESS && pa < max_pa;
500 pa += L1_SIZE, va += L1_SIZE, l1_slot++) {
501 KASSERT(l1_slot < Ln_ENTRIES, ("Invalid L1 index"));
504 pn = (pa / PAGE_SIZE);
506 entry |= (pn << PTE_PPN0_S);
507 pmap_store(&l1[l1_slot], entry);
510 /* Set the upper limit of the DMAP region */
518 pmap_bootstrap_l3(vm_offset_t l1pt, vm_offset_t va, vm_offset_t l3_start)
527 KASSERT((va & L2_OFFSET) == 0, ("Invalid virtual address"));
529 l2 = pmap_l2(kernel_pmap, va);
530 l2 = (pd_entry_t *)((uintptr_t)l2 & ~(PAGE_SIZE - 1));
531 l2_slot = pmap_l2_index(va);
534 for (; va < VM_MAX_KERNEL_ADDRESS; l2_slot++, va += L2_SIZE) {
535 KASSERT(l2_slot < Ln_ENTRIES, ("Invalid L2 index"));
537 pa = pmap_early_vtophys(l1pt, l3pt);
538 pn = (pa / PAGE_SIZE);
540 entry |= (pn << PTE_PPN0_S);
541 pmap_store(&l2[l2_slot], entry);
546 /* Clean the L2 page table */
547 memset((void *)l3_start, 0, l3pt - l3_start);
553 * Bootstrap the system enough to run with virtual memory.
556 pmap_bootstrap(vm_offset_t l1pt, vm_paddr_t kernstart, vm_size_t kernlen)
558 u_int l1_slot, l2_slot;
559 vm_offset_t freemempos;
560 vm_offset_t dpcpu, msgbufpv;
561 vm_paddr_t max_pa, min_pa, pa;
565 printf("pmap_bootstrap %lx %lx %lx\n", l1pt, kernstart, kernlen);
567 /* Set this early so we can use the pagetable walking functions */
568 kernel_pmap_store.pm_l1 = (pd_entry_t *)l1pt;
569 PMAP_LOCK_INIT(kernel_pmap);
571 rw_init(&pvh_global_lock, "pmap pv global");
573 CPU_FILL(&kernel_pmap->pm_active);
575 /* Assume the address we were loaded to is a valid physical address. */
576 min_pa = max_pa = kernstart;
578 physmap_idx = physmem_avail(physmap, nitems(physmap));
582 * Find the minimum physical address. physmap is sorted,
583 * but may contain empty ranges.
585 for (i = 0; i < physmap_idx * 2; i += 2) {
586 if (physmap[i] == physmap[i + 1])
588 if (physmap[i] <= min_pa)
590 if (physmap[i + 1] > max_pa)
591 max_pa = physmap[i + 1];
593 printf("physmap_idx %lx\n", physmap_idx);
594 printf("min_pa %lx\n", min_pa);
595 printf("max_pa %lx\n", max_pa);
597 /* Create a direct map region early so we can use it for pa -> va */
598 pmap_bootstrap_dmap(l1pt, min_pa, max_pa);
601 * Read the page table to find out what is already mapped.
602 * This assumes we have mapped a block of memory from KERNBASE
603 * using a single L1 entry.
605 (void)pmap_early_page_idx(l1pt, KERNBASE, &l1_slot, &l2_slot);
607 /* Sanity check the index, KERNBASE should be the first VA */
608 KASSERT(l2_slot == 0, ("The L2 index is non-zero"));
610 freemempos = roundup2(KERNBASE + kernlen, PAGE_SIZE);
612 /* Create the l3 tables for the early devmap */
613 freemempos = pmap_bootstrap_l3(l1pt,
614 VM_MAX_KERNEL_ADDRESS - L2_SIZE, freemempos);
617 * Invalidate the mapping we created for the DTB. At this point a copy
618 * has been created, and we no longer need it. We want to avoid the
619 * possibility of an aliased mapping in the future.
621 l2p = pmap_l2(kernel_pmap, VM_EARLY_DTB_ADDRESS);
622 if ((pmap_load(l2p) & PTE_V) != 0)
627 #define alloc_pages(var, np) \
628 (var) = freemempos; \
629 freemempos += (np * PAGE_SIZE); \
630 memset((char *)(var), 0, ((np) * PAGE_SIZE));
632 /* Allocate dynamic per-cpu area. */
633 alloc_pages(dpcpu, DPCPU_SIZE / PAGE_SIZE);
634 dpcpu_init((void *)dpcpu, 0);
636 /* Allocate memory for the msgbuf, e.g. for /sbin/dmesg */
637 alloc_pages(msgbufpv, round_page(msgbufsize) / PAGE_SIZE);
638 msgbufp = (void *)msgbufpv;
640 virtual_avail = roundup2(freemempos, L2_SIZE);
641 virtual_end = VM_MAX_KERNEL_ADDRESS - L2_SIZE;
642 kernel_vm_end = virtual_avail;
644 pa = pmap_early_vtophys(l1pt, freemempos);
646 physmem_exclude_region(kernstart, pa - kernstart, EXFLAG_NOALLOC);
650 * Initialize a vm_page's machine-dependent fields.
653 pmap_page_init(vm_page_t m)
656 TAILQ_INIT(&m->md.pv_list);
657 m->md.pv_memattr = VM_MEMATTR_WRITE_BACK;
661 * Initialize the pmap module.
662 * Called by vm_init, to initialize any structures that the pmap
663 * system needs to map virtual memory.
672 * Initialize the pv chunk and pmap list mutexes.
674 mtx_init(&pv_chunks_mutex, "pmap pv chunk list", NULL, MTX_DEF);
675 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_DEF);
678 * Initialize the pool of pv list locks.
680 for (i = 0; i < NPV_LIST_LOCKS; i++)
681 rw_init(&pv_list_locks[i], "pmap pv list");
684 * Calculate the size of the pv head table for superpages.
686 pv_npg = howmany(vm_phys_segs[vm_phys_nsegs - 1].end, L2_SIZE);
689 * Allocate memory for the pv head table for superpages.
691 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
693 pv_table = (struct md_page *)kmem_malloc(s, M_WAITOK | M_ZERO);
694 for (i = 0; i < pv_npg; i++)
695 TAILQ_INIT(&pv_table[i].pv_list);
696 TAILQ_INIT(&pv_dummy.pv_list);
698 if (superpages_enabled)
699 pagesizes[1] = L2_SIZE;
704 * For SMP, these functions have to use IPIs for coherence.
706 * In general, the calling thread uses a plain fence to order the
707 * writes to the page tables before invoking an SBI callback to invoke
708 * sfence_vma() on remote CPUs.
711 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
716 mask = pmap->pm_active;
717 CPU_CLR(PCPU_GET(hart), &mask);
719 if (!CPU_EMPTY(&mask) && smp_started)
720 sbi_remote_sfence_vma(mask.__bits, va, 1);
726 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
731 mask = pmap->pm_active;
732 CPU_CLR(PCPU_GET(hart), &mask);
734 if (!CPU_EMPTY(&mask) && smp_started)
735 sbi_remote_sfence_vma(mask.__bits, sva, eva - sva + 1);
738 * Might consider a loop of sfence_vma_page() for a small
739 * number of pages in the future.
746 pmap_invalidate_all(pmap_t pmap)
751 mask = pmap->pm_active;
752 CPU_CLR(PCPU_GET(hart), &mask);
755 * XXX: The SBI doc doesn't detail how to specify x0 as the
756 * address to perform a global fence. BBL currently treats
757 * all sfence_vma requests as global however.
760 if (!CPU_EMPTY(&mask) && smp_started)
761 sbi_remote_sfence_vma(mask.__bits, 0, 0);
767 * Normal, non-SMP, invalidation functions.
768 * We inline these within pmap.c for speed.
771 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
778 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
782 * Might consider a loop of sfence_vma_page() for a small
783 * number of pages in the future.
789 pmap_invalidate_all(pmap_t pmap)
797 * Routine: pmap_extract
799 * Extract the physical page address associated
800 * with the given map/virtual_address pair.
803 pmap_extract(pmap_t pmap, vm_offset_t va)
812 * Start with the l2 tabel. We are unable to allocate
813 * pages in the l1 table.
815 l2p = pmap_l2(pmap, va);
818 if ((l2 & PTE_RX) == 0) {
819 l3p = pmap_l2_to_l3(l2p, va);
822 pa = PTE_TO_PHYS(l3);
823 pa |= (va & L3_OFFSET);
826 /* L2 is superpages */
827 pa = (l2 >> PTE_PPN1_S) << L2_SHIFT;
828 pa |= (va & L2_OFFSET);
836 * Routine: pmap_extract_and_hold
838 * Atomically extract and hold the physical page
839 * with the given pmap and virtual address pair
840 * if that mapping permits the given protection.
843 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
851 l3p = pmap_l3(pmap, va);
852 if (l3p != NULL && (l3 = pmap_load(l3p)) != 0) {
853 if ((l3 & PTE_W) != 0 || (prot & VM_PROT_WRITE) == 0) {
854 phys = PTE_TO_PHYS(l3);
855 m = PHYS_TO_VM_PAGE(phys);
856 if (!vm_page_wire_mapped(m))
865 pmap_kextract(vm_offset_t va)
871 if (va >= DMAP_MIN_ADDRESS && va < DMAP_MAX_ADDRESS) {
872 pa = DMAP_TO_PHYS(va);
874 l2 = pmap_l2(kernel_pmap, va);
876 panic("pmap_kextract: No l2");
877 if ((pmap_load(l2) & PTE_RX) != 0) {
879 pa = (pmap_load(l2) >> PTE_PPN1_S) << L2_SHIFT;
880 pa |= (va & L2_OFFSET);
884 l3 = pmap_l2_to_l3(l2, va);
886 panic("pmap_kextract: No l3...");
887 pa = PTE_TO_PHYS(pmap_load(l3));
888 pa |= (va & PAGE_MASK);
893 /***************************************************
894 * Low level mapping routines.....
895 ***************************************************/
898 pmap_kenter_device(vm_offset_t sva, vm_size_t size, vm_paddr_t pa)
905 KASSERT((pa & L3_OFFSET) == 0,
906 ("pmap_kenter_device: Invalid physical address"));
907 KASSERT((sva & L3_OFFSET) == 0,
908 ("pmap_kenter_device: Invalid virtual address"));
909 KASSERT((size & PAGE_MASK) == 0,
910 ("pmap_kenter_device: Mapping is not page-sized"));
914 l3 = pmap_l3(kernel_pmap, va);
915 KASSERT(l3 != NULL, ("Invalid page table, va: 0x%lx", va));
917 pn = (pa / PAGE_SIZE);
919 entry |= (pn << PTE_PPN0_S);
920 pmap_store(l3, entry);
926 pmap_invalidate_range(kernel_pmap, sva, va);
930 * Remove a page from the kernel pagetables.
931 * Note: not SMP coherent.
934 pmap_kremove(vm_offset_t va)
938 l3 = pmap_l3(kernel_pmap, va);
939 KASSERT(l3 != NULL, ("pmap_kremove: Invalid address"));
946 pmap_kremove_device(vm_offset_t sva, vm_size_t size)
951 KASSERT((sva & L3_OFFSET) == 0,
952 ("pmap_kremove_device: Invalid virtual address"));
953 KASSERT((size & PAGE_MASK) == 0,
954 ("pmap_kremove_device: Mapping is not page-sized"));
958 l3 = pmap_l3(kernel_pmap, va);
959 KASSERT(l3 != NULL, ("Invalid page table, va: 0x%lx", va));
966 pmap_invalidate_range(kernel_pmap, sva, va);
970 * Used to map a range of physical addresses into kernel
971 * virtual address space.
973 * The value passed in '*virt' is a suggested virtual address for
974 * the mapping. Architectures which can support a direct-mapped
975 * physical to virtual region can return the appropriate address
976 * within that region, leaving '*virt' unchanged. Other
977 * architectures should map the pages starting at '*virt' and
978 * update '*virt' with the first usable address after the mapped
982 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
985 return PHYS_TO_DMAP(start);
990 * Add a list of wired pages to the kva
991 * this routine is only used for temporary
992 * kernel mappings that do not need to have
993 * page modification or references recorded.
994 * Note that old mappings are simply written
995 * over. The page *must* be wired.
996 * Note: SMP coherent. Uses a ranged shootdown IPI.
999 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1009 for (i = 0; i < count; i++) {
1011 pa = VM_PAGE_TO_PHYS(m);
1012 pn = (pa / PAGE_SIZE);
1013 l3 = pmap_l3(kernel_pmap, va);
1016 entry |= (pn << PTE_PPN0_S);
1017 pmap_store(l3, entry);
1021 pmap_invalidate_range(kernel_pmap, sva, va);
1025 * This routine tears out page mappings from the
1026 * kernel -- it is meant only for temporary mappings.
1027 * Note: SMP coherent. Uses a ranged shootdown IPI.
1030 pmap_qremove(vm_offset_t sva, int count)
1035 KASSERT(sva >= VM_MIN_KERNEL_ADDRESS, ("usermode va %lx", sva));
1037 for (va = sva; count-- > 0; va += PAGE_SIZE) {
1038 l3 = pmap_l3(kernel_pmap, va);
1039 KASSERT(l3 != NULL, ("pmap_kremove: Invalid address"));
1042 pmap_invalidate_range(kernel_pmap, sva, va);
1046 pmap_ps_enabled(pmap_t pmap __unused)
1049 return (superpages_enabled);
1052 /***************************************************
1053 * Page table page management routines.....
1054 ***************************************************/
1056 * Schedule the specified unused page table page to be freed. Specifically,
1057 * add the page to the specified list of pages that will be released to the
1058 * physical memory manager after the TLB has been updated.
1060 static __inline void
1061 pmap_add_delayed_free_list(vm_page_t m, struct spglist *free,
1062 boolean_t set_PG_ZERO)
1066 m->flags |= PG_ZERO;
1068 m->flags &= ~PG_ZERO;
1069 SLIST_INSERT_HEAD(free, m, plinks.s.ss);
1073 * Inserts the specified page table page into the specified pmap's collection
1074 * of idle page table pages. Each of a pmap's page table pages is responsible
1075 * for mapping a distinct range of virtual addresses. The pmap's collection is
1076 * ordered by this virtual address range.
1078 * If "promoted" is false, then the page table page "ml3" must be zero filled.
1081 pmap_insert_pt_page(pmap_t pmap, vm_page_t ml3, bool promoted)
1084 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1085 ml3->valid = promoted ? VM_PAGE_BITS_ALL : 0;
1086 return (vm_radix_insert(&pmap->pm_root, ml3));
1090 * Removes the page table page mapping the specified virtual address from the
1091 * specified pmap's collection of idle page table pages, and returns it.
1092 * Otherwise, returns NULL if there is no page table page corresponding to the
1093 * specified virtual address.
1095 static __inline vm_page_t
1096 pmap_remove_pt_page(pmap_t pmap, vm_offset_t va)
1099 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1100 return (vm_radix_remove(&pmap->pm_root, pmap_l2_pindex(va)));
1104 * Decrements a page table page's reference count, which is used to record the
1105 * number of valid page table entries within the page. If the reference count
1106 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1107 * page table page was unmapped and FALSE otherwise.
1109 static inline boolean_t
1110 pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1114 if (m->ref_count == 0) {
1115 _pmap_unwire_ptp(pmap, va, m, free);
1123 _pmap_unwire_ptp(pmap_t pmap, vm_offset_t va, vm_page_t m, struct spglist *free)
1127 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1128 if (m->pindex >= NUL1E) {
1130 l1 = pmap_l1(pmap, va);
1132 pmap_distribute_l1(pmap, pmap_l1_index(va), 0);
1135 l2 = pmap_l2(pmap, va);
1138 pmap_resident_count_dec(pmap, 1);
1139 if (m->pindex < NUL1E) {
1143 l1 = pmap_l1(pmap, va);
1144 phys = PTE_TO_PHYS(pmap_load(l1));
1145 pdpg = PHYS_TO_VM_PAGE(phys);
1146 pmap_unwire_ptp(pmap, va, pdpg, free);
1148 pmap_invalidate_page(pmap, va);
1153 * Put page on a list so that it is released after
1154 * *ALL* TLB shootdown is done
1156 pmap_add_delayed_free_list(m, free, TRUE);
1160 * After removing a page table entry, this routine is used to
1161 * conditionally free the page, and manage the reference count.
1164 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, pd_entry_t ptepde,
1165 struct spglist *free)
1169 if (va >= VM_MAXUSER_ADDRESS)
1171 KASSERT(ptepde != 0, ("pmap_unuse_pt: ptepde != 0"));
1172 mpte = PHYS_TO_VM_PAGE(PTE_TO_PHYS(ptepde));
1173 return (pmap_unwire_ptp(pmap, va, mpte, free));
1177 pmap_pinit0(pmap_t pmap)
1180 PMAP_LOCK_INIT(pmap);
1181 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1182 pmap->pm_l1 = kernel_pmap->pm_l1;
1183 pmap->pm_satp = SATP_MODE_SV39 | (vtophys(pmap->pm_l1) >> PAGE_SHIFT);
1184 CPU_ZERO(&pmap->pm_active);
1185 pmap_activate_boot(pmap);
1189 pmap_pinit(pmap_t pmap)
1195 * allocate the l1 page
1197 while ((l1pt = vm_page_alloc(NULL, 0xdeadbeef, VM_ALLOC_NORMAL |
1198 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL)
1201 l1phys = VM_PAGE_TO_PHYS(l1pt);
1202 pmap->pm_l1 = (pd_entry_t *)PHYS_TO_DMAP(l1phys);
1203 pmap->pm_satp = SATP_MODE_SV39 | (l1phys >> PAGE_SHIFT);
1205 if ((l1pt->flags & PG_ZERO) == 0)
1206 pagezero(pmap->pm_l1);
1208 bzero(&pmap->pm_stats, sizeof(pmap->pm_stats));
1210 CPU_ZERO(&pmap->pm_active);
1212 /* Install kernel pagetables */
1213 memcpy(pmap->pm_l1, kernel_pmap->pm_l1, PAGE_SIZE);
1215 /* Add to the list of all user pmaps */
1216 mtx_lock(&allpmaps_lock);
1217 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1218 mtx_unlock(&allpmaps_lock);
1220 vm_radix_init(&pmap->pm_root);
1226 * This routine is called if the desired page table page does not exist.
1228 * If page table page allocation fails, this routine may sleep before
1229 * returning NULL. It sleeps only if a lock pointer was given.
1231 * Note: If a page allocation fails at page table level two or three,
1232 * one or two pages may be held during the wait, only to be released
1233 * afterwards. This conservative approach is easily argued to avoid
1237 _pmap_alloc_l3(pmap_t pmap, vm_pindex_t ptepindex, struct rwlock **lockp)
1239 vm_page_t m, /*pdppg, */pdpg;
1244 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1247 * Allocate a page table page.
1249 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1250 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1251 if (lockp != NULL) {
1252 RELEASE_PV_LIST_LOCK(lockp);
1254 rw_runlock(&pvh_global_lock);
1256 rw_rlock(&pvh_global_lock);
1261 * Indicate the need to retry. While waiting, the page table
1262 * page may have been allocated.
1267 if ((m->flags & PG_ZERO) == 0)
1271 * Map the pagetable page into the process address space, if
1272 * it isn't already there.
1275 if (ptepindex >= NUL1E) {
1277 vm_pindex_t l1index;
1279 l1index = ptepindex - NUL1E;
1280 l1 = &pmap->pm_l1[l1index];
1282 pn = (VM_PAGE_TO_PHYS(m) / PAGE_SIZE);
1284 entry |= (pn << PTE_PPN0_S);
1285 pmap_store(l1, entry);
1286 pmap_distribute_l1(pmap, l1index, entry);
1288 vm_pindex_t l1index;
1289 pd_entry_t *l1, *l2;
1291 l1index = ptepindex >> (L1_SHIFT - L2_SHIFT);
1292 l1 = &pmap->pm_l1[l1index];
1293 if (pmap_load(l1) == 0) {
1294 /* recurse for allocating page dir */
1295 if (_pmap_alloc_l3(pmap, NUL1E + l1index,
1297 vm_page_unwire_noq(m);
1298 vm_page_free_zero(m);
1302 phys = PTE_TO_PHYS(pmap_load(l1));
1303 pdpg = PHYS_TO_VM_PAGE(phys);
1307 phys = PTE_TO_PHYS(pmap_load(l1));
1308 l2 = (pd_entry_t *)PHYS_TO_DMAP(phys);
1309 l2 = &l2[ptepindex & Ln_ADDR_MASK];
1311 pn = (VM_PAGE_TO_PHYS(m) / PAGE_SIZE);
1313 entry |= (pn << PTE_PPN0_S);
1314 pmap_store(l2, entry);
1317 pmap_resident_count_inc(pmap, 1);
1323 pmap_alloc_l2(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1327 vm_pindex_t l2pindex;
1330 l1 = pmap_l1(pmap, va);
1331 if (l1 != NULL && (pmap_load(l1) & PTE_RWX) == 0) {
1332 /* Add a reference to the L2 page. */
1333 l2pg = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l1)));
1336 /* Allocate a L2 page. */
1337 l2pindex = pmap_l2_pindex(va) >> Ln_ENTRIES_SHIFT;
1338 l2pg = _pmap_alloc_l3(pmap, NUL2E + l2pindex, lockp);
1339 if (l2pg == NULL && lockp != NULL)
1346 pmap_alloc_l3(pmap_t pmap, vm_offset_t va, struct rwlock **lockp)
1348 vm_pindex_t ptepindex;
1354 * Calculate pagetable page index
1356 ptepindex = pmap_l2_pindex(va);
1359 * Get the page directory entry
1361 l2 = pmap_l2(pmap, va);
1364 * If the page table page is mapped, we just increment the
1365 * hold count, and activate it.
1367 if (l2 != NULL && pmap_load(l2) != 0) {
1368 phys = PTE_TO_PHYS(pmap_load(l2));
1369 m = PHYS_TO_VM_PAGE(phys);
1373 * Here if the pte page isn't mapped, or if it has been
1376 m = _pmap_alloc_l3(pmap, ptepindex, lockp);
1377 if (m == NULL && lockp != NULL)
1384 /***************************************************
1385 * Pmap allocation/deallocation routines.
1386 ***************************************************/
1389 * Release any resources held by the given physical map.
1390 * Called when a pmap initialized by pmap_pinit is being released.
1391 * Should only be called if the map contains no valid mappings.
1394 pmap_release(pmap_t pmap)
1398 KASSERT(pmap->pm_stats.resident_count == 0,
1399 ("pmap_release: pmap resident count %ld != 0",
1400 pmap->pm_stats.resident_count));
1401 KASSERT(CPU_EMPTY(&pmap->pm_active),
1402 ("releasing active pmap %p", pmap));
1404 mtx_lock(&allpmaps_lock);
1405 LIST_REMOVE(pmap, pm_list);
1406 mtx_unlock(&allpmaps_lock);
1408 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l1));
1409 vm_page_unwire_noq(m);
1414 kvm_size(SYSCTL_HANDLER_ARGS)
1416 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS;
1418 return sysctl_handle_long(oidp, &ksize, 0, req);
1420 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1421 0, 0, kvm_size, "LU",
1425 kvm_free(SYSCTL_HANDLER_ARGS)
1427 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
1429 return sysctl_handle_long(oidp, &kfree, 0, req);
1431 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG | CTLFLAG_RD | CTLFLAG_MPSAFE,
1432 0, 0, kvm_free, "LU",
1433 "Amount of KVM free");
1436 * grow the number of kernel page table entries, if needed
1439 pmap_growkernel(vm_offset_t addr)
1443 pd_entry_t *l1, *l2;
1447 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
1449 addr = roundup2(addr, L2_SIZE);
1450 if (addr - 1 >= vm_map_max(kernel_map))
1451 addr = vm_map_max(kernel_map);
1452 while (kernel_vm_end < addr) {
1453 l1 = pmap_l1(kernel_pmap, kernel_vm_end);
1454 if (pmap_load(l1) == 0) {
1455 /* We need a new PDP entry */
1456 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L1_SHIFT,
1457 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ |
1458 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1460 panic("pmap_growkernel: no memory to grow kernel");
1461 if ((nkpg->flags & PG_ZERO) == 0)
1462 pmap_zero_page(nkpg);
1463 paddr = VM_PAGE_TO_PHYS(nkpg);
1465 pn = (paddr / PAGE_SIZE);
1467 entry |= (pn << PTE_PPN0_S);
1468 pmap_store(l1, entry);
1469 pmap_distribute_l1(kernel_pmap,
1470 pmap_l1_index(kernel_vm_end), entry);
1471 continue; /* try again */
1473 l2 = pmap_l1_to_l2(l1, kernel_vm_end);
1474 if ((pmap_load(l2) & PTE_V) != 0 &&
1475 (pmap_load(l2) & PTE_RWX) == 0) {
1476 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1477 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
1478 kernel_vm_end = vm_map_max(kernel_map);
1484 nkpg = vm_page_alloc(NULL, kernel_vm_end >> L2_SHIFT,
1485 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
1488 panic("pmap_growkernel: no memory to grow kernel");
1489 if ((nkpg->flags & PG_ZERO) == 0) {
1490 pmap_zero_page(nkpg);
1492 paddr = VM_PAGE_TO_PHYS(nkpg);
1494 pn = (paddr / PAGE_SIZE);
1496 entry |= (pn << PTE_PPN0_S);
1497 pmap_store(l2, entry);
1499 pmap_invalidate_page(kernel_pmap, kernel_vm_end);
1501 kernel_vm_end = (kernel_vm_end + L2_SIZE) & ~L2_OFFSET;
1502 if (kernel_vm_end - 1 >= vm_map_max(kernel_map)) {
1503 kernel_vm_end = vm_map_max(kernel_map);
1510 /***************************************************
1511 * page management routines.
1512 ***************************************************/
1514 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
1515 CTASSERT(_NPCM == 3);
1516 CTASSERT(_NPCPV == 168);
1518 static __inline struct pv_chunk *
1519 pv_to_chunk(pv_entry_t pv)
1522 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
1525 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
1527 #define PC_FREE0 0xfffffffffffffffful
1528 #define PC_FREE1 0xfffffffffffffffful
1529 #define PC_FREE2 0x000000fffffffffful
1531 static const uint64_t pc_freemask[_NPCM] = { PC_FREE0, PC_FREE1, PC_FREE2 };
1535 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
1537 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
1538 "Current number of pv entry chunks");
1539 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
1540 "Current number of pv entry chunks allocated");
1541 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
1542 "Current number of pv entry chunks frees");
1543 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
1544 "Number of times tried to get a chunk page but failed.");
1546 static long pv_entry_frees, pv_entry_allocs, pv_entry_count;
1547 static int pv_entry_spare;
1549 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
1550 "Current number of pv entry frees");
1551 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
1552 "Current number of pv entry allocs");
1553 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
1554 "Current number of pv entries");
1555 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
1556 "Current number of spare pv entries");
1561 * We are in a serious low memory condition. Resort to
1562 * drastic measures to free some pages so we can allocate
1563 * another pv entry chunk.
1565 * Returns NULL if PV entries were reclaimed from the specified pmap.
1567 * We do not, however, unmap 2mpages because subsequent accesses will
1568 * allocate per-page pv entries until repromotion occurs, thereby
1569 * exacerbating the shortage of free pv entries.
1572 reclaim_pv_chunk(pmap_t locked_pmap, struct rwlock **lockp)
1575 panic("RISCVTODO: reclaim_pv_chunk");
1579 * free the pv_entry back to the free list
1582 free_pv_entry(pmap_t pmap, pv_entry_t pv)
1584 struct pv_chunk *pc;
1585 int idx, field, bit;
1587 rw_assert(&pvh_global_lock, RA_LOCKED);
1588 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1589 PV_STAT(atomic_add_long(&pv_entry_frees, 1));
1590 PV_STAT(atomic_add_int(&pv_entry_spare, 1));
1591 PV_STAT(atomic_subtract_long(&pv_entry_count, 1));
1592 pc = pv_to_chunk(pv);
1593 idx = pv - &pc->pc_pventry[0];
1596 pc->pc_map[field] |= 1ul << bit;
1597 if (pc->pc_map[0] != PC_FREE0 || pc->pc_map[1] != PC_FREE1 ||
1598 pc->pc_map[2] != PC_FREE2) {
1599 /* 98% of the time, pc is already at the head of the list. */
1600 if (__predict_false(pc != TAILQ_FIRST(&pmap->pm_pvchunk))) {
1601 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1602 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1606 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1611 free_pv_chunk(struct pv_chunk *pc)
1615 mtx_lock(&pv_chunks_mutex);
1616 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
1617 mtx_unlock(&pv_chunks_mutex);
1618 PV_STAT(atomic_subtract_int(&pv_entry_spare, _NPCPV));
1619 PV_STAT(atomic_subtract_int(&pc_chunk_count, 1));
1620 PV_STAT(atomic_add_int(&pc_chunk_frees, 1));
1621 /* entire chunk is free, return it */
1622 m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pc));
1623 dump_drop_page(m->phys_addr);
1624 vm_page_unwire_noq(m);
1629 * Returns a new PV entry, allocating a new PV chunk from the system when
1630 * needed. If this PV chunk allocation fails and a PV list lock pointer was
1631 * given, a PV chunk is reclaimed from an arbitrary pmap. Otherwise, NULL is
1634 * The given PV list lock may be released.
1637 get_pv_entry(pmap_t pmap, struct rwlock **lockp)
1641 struct pv_chunk *pc;
1644 rw_assert(&pvh_global_lock, RA_LOCKED);
1645 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1646 PV_STAT(atomic_add_long(&pv_entry_allocs, 1));
1648 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1650 for (field = 0; field < _NPCM; field++) {
1651 if (pc->pc_map[field]) {
1652 bit = ffsl(pc->pc_map[field]) - 1;
1656 if (field < _NPCM) {
1657 pv = &pc->pc_pventry[field * 64 + bit];
1658 pc->pc_map[field] &= ~(1ul << bit);
1659 /* If this was the last item, move it to tail */
1660 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 &&
1661 pc->pc_map[2] == 0) {
1662 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1663 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc,
1666 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1667 PV_STAT(atomic_subtract_int(&pv_entry_spare, 1));
1671 /* No free items, allocate another chunk */
1672 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1675 if (lockp == NULL) {
1676 PV_STAT(pc_chunk_tryfail++);
1679 m = reclaim_pv_chunk(pmap, lockp);
1683 PV_STAT(atomic_add_int(&pc_chunk_count, 1));
1684 PV_STAT(atomic_add_int(&pc_chunk_allocs, 1));
1685 dump_add_page(m->phys_addr);
1686 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1688 pc->pc_map[0] = PC_FREE0 & ~1ul; /* preallocated bit 0 */
1689 pc->pc_map[1] = PC_FREE1;
1690 pc->pc_map[2] = PC_FREE2;
1691 mtx_lock(&pv_chunks_mutex);
1692 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
1693 mtx_unlock(&pv_chunks_mutex);
1694 pv = &pc->pc_pventry[0];
1695 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1696 PV_STAT(atomic_add_long(&pv_entry_count, 1));
1697 PV_STAT(atomic_add_int(&pv_entry_spare, _NPCPV - 1));
1702 * Ensure that the number of spare PV entries in the specified pmap meets or
1703 * exceeds the given count, "needed".
1705 * The given PV list lock may be released.
1708 reserve_pv_entries(pmap_t pmap, int needed, struct rwlock **lockp)
1710 struct pch new_tail;
1711 struct pv_chunk *pc;
1716 rw_assert(&pvh_global_lock, RA_LOCKED);
1717 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1718 KASSERT(lockp != NULL, ("reserve_pv_entries: lockp is NULL"));
1721 * Newly allocated PV chunks must be stored in a private list until
1722 * the required number of PV chunks have been allocated. Otherwise,
1723 * reclaim_pv_chunk() could recycle one of these chunks. In
1724 * contrast, these chunks must be added to the pmap upon allocation.
1726 TAILQ_INIT(&new_tail);
1729 TAILQ_FOREACH(pc, &pmap->pm_pvchunk, pc_list) {
1730 bit_count((bitstr_t *)pc->pc_map, 0,
1731 sizeof(pc->pc_map) * NBBY, &free);
1735 if (avail >= needed)
1738 for (reclaimed = false; avail < needed; avail += _NPCPV) {
1739 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1742 m = reclaim_pv_chunk(pmap, lockp);
1749 dump_add_page(m->phys_addr);
1751 pc = (void *)PHYS_TO_DMAP(m->phys_addr);
1753 pc->pc_map[0] = PC_FREE0;
1754 pc->pc_map[1] = PC_FREE1;
1755 pc->pc_map[2] = PC_FREE2;
1756 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
1757 TAILQ_INSERT_TAIL(&new_tail, pc, pc_lru);
1760 * The reclaim might have freed a chunk from the current pmap.
1761 * If that chunk contained available entries, we need to
1762 * re-count the number of available entries.
1767 if (!TAILQ_EMPTY(&new_tail)) {
1768 mtx_lock(&pv_chunks_mutex);
1769 TAILQ_CONCAT(&pv_chunks, &new_tail, pc_lru);
1770 mtx_unlock(&pv_chunks_mutex);
1775 * First find and then remove the pv entry for the specified pmap and virtual
1776 * address from the specified pv list. Returns the pv entry if found and NULL
1777 * otherwise. This operation can be performed on pv lists for either 4KB or
1778 * 2MB page mappings.
1780 static __inline pv_entry_t
1781 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1785 rw_assert(&pvh_global_lock, RA_LOCKED);
1786 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
1787 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
1788 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
1797 * First find and then destroy the pv entry for the specified pmap and virtual
1798 * address. This operation can be performed on pv lists for either 4KB or 2MB
1802 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
1806 pv = pmap_pvh_remove(pvh, pmap, va);
1808 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found for %#lx", va));
1809 free_pv_entry(pmap, pv);
1813 * Conditionally create the PV entry for a 4KB page mapping if the required
1814 * memory can be allocated without resorting to reclamation.
1817 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m,
1818 struct rwlock **lockp)
1822 rw_assert(&pvh_global_lock, RA_LOCKED);
1823 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1824 /* Pass NULL instead of the lock pointer to disable reclamation. */
1825 if ((pv = get_pv_entry(pmap, NULL)) != NULL) {
1827 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
1828 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1836 * After demotion from a 2MB page mapping to 512 4KB page mappings,
1837 * destroy the pv entry for the 2MB page mapping and reinstantiate the pv
1838 * entries for each of the 4KB page mappings.
1840 static void __unused
1841 pmap_pv_demote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1842 struct rwlock **lockp)
1844 struct md_page *pvh;
1845 struct pv_chunk *pc;
1848 vm_offset_t va_last;
1851 rw_assert(&pvh_global_lock, RA_LOCKED);
1852 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1853 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1856 * Transfer the 2mpage's pv entry for this mapping to the first
1857 * page's pv list. Once this transfer begins, the pv list lock
1858 * must not be released until the last pv entry is reinstantiated.
1860 pvh = pa_to_pvh(pa);
1862 pv = pmap_pvh_remove(pvh, pmap, va);
1863 KASSERT(pv != NULL, ("pmap_pv_demote_l2: pv not found"));
1864 m = PHYS_TO_VM_PAGE(pa);
1865 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1867 /* Instantiate the remaining 511 pv entries. */
1868 va_last = va + L2_SIZE - PAGE_SIZE;
1870 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
1871 KASSERT(pc->pc_map[0] != 0 || pc->pc_map[1] != 0 ||
1872 pc->pc_map[2] != 0, ("pmap_pv_demote_l2: missing spare"));
1873 for (field = 0; field < _NPCM; field++) {
1874 while (pc->pc_map[field] != 0) {
1875 bit = ffsl(pc->pc_map[field]) - 1;
1876 pc->pc_map[field] &= ~(1ul << bit);
1877 pv = &pc->pc_pventry[field * 64 + bit];
1881 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
1882 ("pmap_pv_demote_l2: page %p is not managed", m));
1883 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
1889 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1890 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1893 if (pc->pc_map[0] == 0 && pc->pc_map[1] == 0 && pc->pc_map[2] == 0) {
1894 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
1895 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
1900 #if VM_NRESERVLEVEL > 0
1902 pmap_pv_promote_l2(pmap_t pmap, vm_offset_t va, vm_paddr_t pa,
1903 struct rwlock **lockp)
1905 struct md_page *pvh;
1908 vm_offset_t va_last;
1910 rw_assert(&pvh_global_lock, RA_LOCKED);
1911 KASSERT((va & L2_OFFSET) == 0,
1912 ("pmap_pv_promote_l2: misaligned va %#lx", va));
1914 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1916 m = PHYS_TO_VM_PAGE(pa);
1917 pv = pmap_pvh_remove(&m->md, pmap, va);
1918 KASSERT(pv != NULL, ("pmap_pv_promote_l2: pv for %#lx not found", va));
1919 pvh = pa_to_pvh(pa);
1920 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
1923 va_last = va + L2_SIZE - PAGE_SIZE;
1927 pmap_pvh_free(&m->md, pmap, va);
1928 } while (va < va_last);
1930 #endif /* VM_NRESERVLEVEL > 0 */
1933 * Create the PV entry for a 2MB page mapping. Always returns true unless the
1934 * flag PMAP_ENTER_NORECLAIM is specified. If that flag is specified, returns
1935 * false if the PV entry cannot be allocated without resorting to reclamation.
1938 pmap_pv_insert_l2(pmap_t pmap, vm_offset_t va, pd_entry_t l2e, u_int flags,
1939 struct rwlock **lockp)
1941 struct md_page *pvh;
1945 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1946 /* Pass NULL instead of the lock pointer to disable reclamation. */
1947 if ((pv = get_pv_entry(pmap, (flags & PMAP_ENTER_NORECLAIM) != 0 ?
1948 NULL : lockp)) == NULL)
1951 pa = PTE_TO_PHYS(l2e);
1952 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, pa);
1953 pvh = pa_to_pvh(pa);
1954 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
1960 pmap_remove_kernel_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t va)
1962 pt_entry_t newl2, oldl2;
1966 KASSERT(!VIRT_IN_DMAP(va), ("removing direct mapping of %#lx", va));
1967 KASSERT(pmap == kernel_pmap, ("pmap %p is not kernel_pmap", pmap));
1968 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1970 ml3 = pmap_remove_pt_page(pmap, va);
1972 panic("pmap_remove_kernel_l2: Missing pt page");
1974 ml3pa = VM_PAGE_TO_PHYS(ml3);
1975 newl2 = ml3pa | PTE_V;
1978 * If this page table page was unmapped by a promotion, then it
1979 * contains valid mappings. Zero it to invalidate those mappings.
1981 if (ml3->valid != 0)
1982 pagezero((void *)PHYS_TO_DMAP(ml3pa));
1985 * Demote the mapping.
1987 oldl2 = pmap_load_store(l2, newl2);
1988 KASSERT(oldl2 == 0, ("%s: found existing mapping at %p: %#lx",
1989 __func__, l2, oldl2));
1993 * pmap_remove_l2: Do the things to unmap a level 2 superpage.
1996 pmap_remove_l2(pmap_t pmap, pt_entry_t *l2, vm_offset_t sva,
1997 pd_entry_t l1e, struct spglist *free, struct rwlock **lockp)
1999 struct md_page *pvh;
2001 vm_offset_t eva, va;
2004 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2005 KASSERT((sva & L2_OFFSET) == 0, ("pmap_remove_l2: sva is not aligned"));
2006 oldl2 = pmap_load_clear(l2);
2007 KASSERT((oldl2 & PTE_RWX) != 0,
2008 ("pmap_remove_l2: L2e %lx is not a superpage mapping", oldl2));
2011 * The sfence.vma documentation states that it is sufficient to specify
2012 * a single address within a superpage mapping. However, since we do
2013 * not perform any invalidation upon promotion, TLBs may still be
2014 * caching 4KB mappings within the superpage, so we must invalidate the
2017 pmap_invalidate_range(pmap, sva, sva + L2_SIZE);
2018 if ((oldl2 & PTE_SW_WIRED) != 0)
2019 pmap->pm_stats.wired_count -= L2_SIZE / PAGE_SIZE;
2020 pmap_resident_count_dec(pmap, L2_SIZE / PAGE_SIZE);
2021 if ((oldl2 & PTE_SW_MANAGED) != 0) {
2022 CHANGE_PV_LIST_LOCK_TO_PHYS(lockp, PTE_TO_PHYS(oldl2));
2023 pvh = pa_to_pvh(PTE_TO_PHYS(oldl2));
2024 pmap_pvh_free(pvh, pmap, sva);
2025 eva = sva + L2_SIZE;
2026 for (va = sva, m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(oldl2));
2027 va < eva; va += PAGE_SIZE, m++) {
2028 if ((oldl2 & PTE_D) != 0)
2030 if ((oldl2 & PTE_A) != 0)
2031 vm_page_aflag_set(m, PGA_REFERENCED);
2032 if (TAILQ_EMPTY(&m->md.pv_list) &&
2033 TAILQ_EMPTY(&pvh->pv_list))
2034 vm_page_aflag_clear(m, PGA_WRITEABLE);
2037 if (pmap == kernel_pmap) {
2038 pmap_remove_kernel_l2(pmap, l2, sva);
2040 ml3 = pmap_remove_pt_page(pmap, sva);
2042 KASSERT(ml3->valid == VM_PAGE_BITS_ALL,
2043 ("pmap_remove_l2: l3 page not promoted"));
2044 pmap_resident_count_dec(pmap, 1);
2045 KASSERT(ml3->ref_count == Ln_ENTRIES,
2046 ("pmap_remove_l2: l3 page ref count error"));
2048 vm_page_unwire_noq(ml3);
2049 pmap_add_delayed_free_list(ml3, free, FALSE);
2052 return (pmap_unuse_pt(pmap, sva, l1e, free));
2056 * pmap_remove_l3: do the things to unmap a page in a process
2059 pmap_remove_l3(pmap_t pmap, pt_entry_t *l3, vm_offset_t va,
2060 pd_entry_t l2e, struct spglist *free, struct rwlock **lockp)
2062 struct md_page *pvh;
2067 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2068 old_l3 = pmap_load_clear(l3);
2069 pmap_invalidate_page(pmap, va);
2070 if (old_l3 & PTE_SW_WIRED)
2071 pmap->pm_stats.wired_count -= 1;
2072 pmap_resident_count_dec(pmap, 1);
2073 if (old_l3 & PTE_SW_MANAGED) {
2074 phys = PTE_TO_PHYS(old_l3);
2075 m = PHYS_TO_VM_PAGE(phys);
2076 if ((old_l3 & PTE_D) != 0)
2079 vm_page_aflag_set(m, PGA_REFERENCED);
2080 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(lockp, m);
2081 pmap_pvh_free(&m->md, pmap, va);
2082 if (TAILQ_EMPTY(&m->md.pv_list) &&
2083 (m->flags & PG_FICTITIOUS) == 0) {
2084 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2085 if (TAILQ_EMPTY(&pvh->pv_list))
2086 vm_page_aflag_clear(m, PGA_WRITEABLE);
2090 return (pmap_unuse_pt(pmap, va, l2e, free));
2094 * Remove the given range of addresses from the specified map.
2096 * It is assumed that the start and end are properly
2097 * rounded to the page size.
2100 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2102 struct spglist free;
2103 struct rwlock *lock;
2104 vm_offset_t va, va_next;
2105 pd_entry_t *l1, *l2, l2e;
2109 * Perform an unsynchronized read. This is, however, safe.
2111 if (pmap->pm_stats.resident_count == 0)
2116 rw_rlock(&pvh_global_lock);
2120 for (; sva < eva; sva = va_next) {
2121 if (pmap->pm_stats.resident_count == 0)
2124 l1 = pmap_l1(pmap, sva);
2125 if (pmap_load(l1) == 0) {
2126 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2133 * Calculate index for next page table.
2135 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2139 l2 = pmap_l1_to_l2(l1, sva);
2142 if ((l2e = pmap_load(l2)) == 0)
2144 if ((l2e & PTE_RWX) != 0) {
2145 if (sva + L2_SIZE == va_next && eva >= va_next) {
2146 (void)pmap_remove_l2(pmap, l2, sva,
2147 pmap_load(l1), &free, &lock);
2149 } else if (!pmap_demote_l2_locked(pmap, l2, sva,
2152 * The large page mapping was destroyed.
2156 l2e = pmap_load(l2);
2160 * Limit our scan to either the end of the va represented
2161 * by the current page table page, or to the end of the
2162 * range being removed.
2168 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2170 if (pmap_load(l3) == 0) {
2171 if (va != va_next) {
2172 pmap_invalidate_range(pmap, va, sva);
2179 if (pmap_remove_l3(pmap, l3, sva, l2e, &free, &lock)) {
2185 pmap_invalidate_range(pmap, va, sva);
2189 rw_runlock(&pvh_global_lock);
2191 vm_page_free_pages_toq(&free, false);
2195 * Routine: pmap_remove_all
2197 * Removes this physical page from
2198 * all physical maps in which it resides.
2199 * Reflects back modify bits to the pager.
2202 * Original versions of this routine were very
2203 * inefficient because they iteratively called
2204 * pmap_remove (slow...)
2208 pmap_remove_all(vm_page_t m)
2210 struct spglist free;
2211 struct md_page *pvh;
2213 pt_entry_t *l3, l3e;
2214 pd_entry_t *l2, l2e;
2218 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2219 ("pmap_remove_all: page %p is not managed", m));
2221 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
2222 pa_to_pvh(VM_PAGE_TO_PHYS(m));
2224 rw_wlock(&pvh_global_lock);
2225 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
2229 l2 = pmap_l2(pmap, va);
2230 (void)pmap_demote_l2(pmap, l2, va);
2233 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2236 pmap_resident_count_dec(pmap, 1);
2237 l2 = pmap_l2(pmap, pv->pv_va);
2238 KASSERT(l2 != NULL, ("pmap_remove_all: no l2 table found"));
2239 l2e = pmap_load(l2);
2241 KASSERT((l2e & PTE_RX) == 0,
2242 ("pmap_remove_all: found a superpage in %p's pv list", m));
2244 l3 = pmap_l2_to_l3(l2, pv->pv_va);
2245 l3e = pmap_load_clear(l3);
2246 pmap_invalidate_page(pmap, pv->pv_va);
2247 if (l3e & PTE_SW_WIRED)
2248 pmap->pm_stats.wired_count--;
2249 if ((l3e & PTE_A) != 0)
2250 vm_page_aflag_set(m, PGA_REFERENCED);
2253 * Update the vm_page_t clean and reference bits.
2255 if ((l3e & PTE_D) != 0)
2257 pmap_unuse_pt(pmap, pv->pv_va, pmap_load(l2), &free);
2258 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
2260 free_pv_entry(pmap, pv);
2263 vm_page_aflag_clear(m, PGA_WRITEABLE);
2264 rw_wunlock(&pvh_global_lock);
2265 vm_page_free_pages_toq(&free, false);
2269 * Set the physical protection on the
2270 * specified range of this map as requested.
2273 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2275 pd_entry_t *l1, *l2, l2e;
2276 pt_entry_t *l3, l3e, mask;
2279 vm_offset_t va_next;
2280 bool anychanged, pv_lists_locked;
2282 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
2283 pmap_remove(pmap, sva, eva);
2287 if ((prot & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ==
2288 (VM_PROT_WRITE | VM_PROT_EXECUTE))
2292 pv_lists_locked = false;
2294 if ((prot & VM_PROT_WRITE) == 0)
2295 mask |= PTE_W | PTE_D;
2296 if ((prot & VM_PROT_EXECUTE) == 0)
2300 for (; sva < eva; sva = va_next) {
2301 l1 = pmap_l1(pmap, sva);
2302 if (pmap_load(l1) == 0) {
2303 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
2309 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
2313 l2 = pmap_l1_to_l2(l1, sva);
2314 if (l2 == NULL || (l2e = pmap_load(l2)) == 0)
2316 if ((l2e & PTE_RWX) != 0) {
2317 if (sva + L2_SIZE == va_next && eva >= va_next) {
2319 if ((prot & VM_PROT_WRITE) == 0 &&
2320 (l2e & (PTE_SW_MANAGED | PTE_D)) ==
2321 (PTE_SW_MANAGED | PTE_D)) {
2322 pa = PTE_TO_PHYS(l2e);
2323 m = PHYS_TO_VM_PAGE(pa);
2324 for (mt = m; mt < &m[Ln_ENTRIES]; mt++)
2327 if (!atomic_fcmpset_long(l2, &l2e, l2e & ~mask))
2332 if (!pv_lists_locked) {
2333 pv_lists_locked = true;
2334 if (!rw_try_rlock(&pvh_global_lock)) {
2336 pmap_invalidate_all(
2339 rw_rlock(&pvh_global_lock);
2343 if (!pmap_demote_l2(pmap, l2, sva)) {
2345 * The large page mapping was destroyed.
2355 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
2357 l3e = pmap_load(l3);
2359 if ((l3e & PTE_V) == 0)
2361 if ((prot & VM_PROT_WRITE) == 0 &&
2362 (l3e & (PTE_SW_MANAGED | PTE_D)) ==
2363 (PTE_SW_MANAGED | PTE_D)) {
2364 m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(l3e));
2367 if (!atomic_fcmpset_long(l3, &l3e, l3e & ~mask))
2373 pmap_invalidate_all(pmap);
2374 if (pv_lists_locked)
2375 rw_runlock(&pvh_global_lock);
2380 pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t ftype)
2382 pd_entry_t *l2, l2e;
2383 pt_entry_t bits, *pte, oldpte;
2388 l2 = pmap_l2(pmap, va);
2389 if (l2 == NULL || ((l2e = pmap_load(l2)) & PTE_V) == 0)
2391 if ((l2e & PTE_RWX) == 0) {
2392 pte = pmap_l2_to_l3(l2, va);
2393 if (pte == NULL || ((oldpte = pmap_load(pte)) & PTE_V) == 0)
2400 if ((pmap != kernel_pmap && (oldpte & PTE_U) == 0) ||
2401 (ftype == VM_PROT_WRITE && (oldpte & PTE_W) == 0) ||
2402 (ftype == VM_PROT_EXECUTE && (oldpte & PTE_X) == 0) ||
2403 (ftype == VM_PROT_READ && (oldpte & PTE_R) == 0))
2407 if (ftype == VM_PROT_WRITE)
2411 * Spurious faults can occur if the implementation caches invalid
2412 * entries in the TLB, or if simultaneous accesses on multiple CPUs
2413 * race with each other.
2415 if ((oldpte & bits) != bits)
2416 pmap_store_bits(pte, bits);
2425 pmap_demote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va)
2427 struct rwlock *lock;
2431 rv = pmap_demote_l2_locked(pmap, l2, va, &lock);
2438 * Tries to demote a 2MB page mapping. If demotion fails, the 2MB page
2439 * mapping is invalidated.
2442 pmap_demote_l2_locked(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2443 struct rwlock **lockp)
2445 struct spglist free;
2447 pd_entry_t newl2, oldl2;
2448 pt_entry_t *firstl3, newl3;
2452 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2454 oldl2 = pmap_load(l2);
2455 KASSERT((oldl2 & PTE_RWX) != 0,
2456 ("pmap_demote_l2_locked: oldl2 is not a leaf entry"));
2457 if ((oldl2 & PTE_A) == 0 || (mpte = pmap_remove_pt_page(pmap, va)) ==
2459 if ((oldl2 & PTE_A) == 0 || (mpte = vm_page_alloc(NULL,
2460 pmap_l2_pindex(va), (VIRT_IN_DMAP(va) ? VM_ALLOC_INTERRUPT :
2461 VM_ALLOC_NORMAL) | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) ==
2464 (void)pmap_remove_l2(pmap, l2, va & ~L2_OFFSET,
2465 pmap_load(pmap_l1(pmap, va)), &free, lockp);
2466 vm_page_free_pages_toq(&free, true);
2467 CTR2(KTR_PMAP, "pmap_demote_l2_locked: "
2468 "failure for va %#lx in pmap %p", va, pmap);
2471 if (va < VM_MAXUSER_ADDRESS) {
2472 mpte->ref_count = Ln_ENTRIES;
2473 pmap_resident_count_inc(pmap, 1);
2476 mptepa = VM_PAGE_TO_PHYS(mpte);
2477 firstl3 = (pt_entry_t *)PHYS_TO_DMAP(mptepa);
2478 newl2 = ((mptepa / PAGE_SIZE) << PTE_PPN0_S) | PTE_V;
2479 KASSERT((oldl2 & PTE_A) != 0,
2480 ("pmap_demote_l2_locked: oldl2 is missing PTE_A"));
2481 KASSERT((oldl2 & (PTE_D | PTE_W)) != PTE_W,
2482 ("pmap_demote_l2_locked: oldl2 is missing PTE_D"));
2486 * If the page table page is not leftover from an earlier promotion,
2489 if (mpte->valid == 0) {
2490 for (i = 0; i < Ln_ENTRIES; i++)
2491 pmap_store(firstl3 + i, newl3 + (i << PTE_PPN0_S));
2493 KASSERT(PTE_TO_PHYS(pmap_load(firstl3)) == PTE_TO_PHYS(newl3),
2494 ("pmap_demote_l2_locked: firstl3 and newl3 map different physical "
2498 * If the mapping has changed attributes, update the page table
2501 if ((pmap_load(firstl3) & PTE_PROMOTE) != (newl3 & PTE_PROMOTE))
2502 for (i = 0; i < Ln_ENTRIES; i++)
2503 pmap_store(firstl3 + i, newl3 + (i << PTE_PPN0_S));
2506 * The spare PV entries must be reserved prior to demoting the
2507 * mapping, that is, prior to changing the L2 entry. Otherwise, the
2508 * state of the L2 entry and the PV lists will be inconsistent, which
2509 * can result in reclaim_pv_chunk() attempting to remove a PV entry from
2510 * the wrong PV list and pmap_pv_demote_l2() failing to find the
2511 * expected PV entry for the 2MB page mapping that is being demoted.
2513 if ((oldl2 & PTE_SW_MANAGED) != 0)
2514 reserve_pv_entries(pmap, Ln_ENTRIES - 1, lockp);
2517 * Demote the mapping.
2519 pmap_store(l2, newl2);
2522 * Demote the PV entry.
2524 if ((oldl2 & PTE_SW_MANAGED) != 0)
2525 pmap_pv_demote_l2(pmap, va, PTE_TO_PHYS(oldl2), lockp);
2527 atomic_add_long(&pmap_l2_demotions, 1);
2528 CTR2(KTR_PMAP, "pmap_demote_l2_locked: success for va %#lx in pmap %p",
2533 #if VM_NRESERVLEVEL > 0
2535 pmap_promote_l2(pmap_t pmap, pd_entry_t *l2, vm_offset_t va,
2536 struct rwlock **lockp)
2538 pt_entry_t *firstl3, *l3;
2542 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2545 KASSERT((pmap_load(l2) & PTE_RWX) == 0,
2546 ("pmap_promote_l2: invalid l2 entry %p", l2));
2548 firstl3 = (pt_entry_t *)PHYS_TO_DMAP(PTE_TO_PHYS(pmap_load(l2)));
2549 pa = PTE_TO_PHYS(pmap_load(firstl3));
2550 if ((pa & L2_OFFSET) != 0) {
2551 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx pmap %p",
2553 atomic_add_long(&pmap_l2_p_failures, 1);
2558 for (l3 = firstl3 + 1; l3 < firstl3 + Ln_ENTRIES; l3++) {
2559 if (PTE_TO_PHYS(pmap_load(l3)) != pa) {
2561 "pmap_promote_l2: failure for va %#lx pmap %p",
2563 atomic_add_long(&pmap_l2_p_failures, 1);
2566 if ((pmap_load(l3) & PTE_PROMOTE) !=
2567 (pmap_load(firstl3) & PTE_PROMOTE)) {
2569 "pmap_promote_l2: failure for va %#lx pmap %p",
2571 atomic_add_long(&pmap_l2_p_failures, 1);
2577 ml3 = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2578 KASSERT(ml3->pindex == pmap_l2_pindex(va),
2579 ("pmap_promote_l2: page table page's pindex is wrong"));
2580 if (pmap_insert_pt_page(pmap, ml3, true)) {
2581 CTR2(KTR_PMAP, "pmap_promote_l2: failure for va %#lx pmap %p",
2583 atomic_add_long(&pmap_l2_p_failures, 1);
2587 if ((pmap_load(firstl3) & PTE_SW_MANAGED) != 0)
2588 pmap_pv_promote_l2(pmap, va, PTE_TO_PHYS(pmap_load(firstl3)),
2591 pmap_store(l2, pmap_load(firstl3));
2593 atomic_add_long(&pmap_l2_promotions, 1);
2594 CTR2(KTR_PMAP, "pmap_promote_l2: success for va %#lx in pmap %p", va,
2600 * Insert the given physical page (p) at
2601 * the specified virtual address (v) in the
2602 * target physical map with the protection requested.
2604 * If specified, the page will be wired down, meaning
2605 * that the related pte can not be reclaimed.
2607 * NB: This is the only routine which MAY NOT lazy-evaluate
2608 * or lose information. That is, this routine must actually
2609 * insert this page into the given map NOW.
2612 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2613 u_int flags, int8_t psind)
2615 struct rwlock *lock;
2616 pd_entry_t *l1, *l2, l2e;
2617 pt_entry_t new_l3, orig_l3;
2620 vm_paddr_t opa, pa, l2_pa, l3_pa;
2621 vm_page_t mpte, om, l2_m, l3_m;
2623 pn_t l2_pn, l3_pn, pn;
2627 va = trunc_page(va);
2628 if ((m->oflags & VPO_UNMANAGED) == 0)
2629 VM_PAGE_OBJECT_BUSY_ASSERT(m);
2630 pa = VM_PAGE_TO_PHYS(m);
2631 pn = (pa / PAGE_SIZE);
2633 new_l3 = PTE_V | PTE_R | PTE_A;
2634 if (prot & VM_PROT_EXECUTE)
2636 if (flags & VM_PROT_WRITE)
2638 if (prot & VM_PROT_WRITE)
2640 if (va < VM_MAX_USER_ADDRESS)
2643 new_l3 |= (pn << PTE_PPN0_S);
2644 if ((flags & PMAP_ENTER_WIRED) != 0)
2645 new_l3 |= PTE_SW_WIRED;
2648 * Set modified bit gratuitously for writeable mappings if
2649 * the page is unmanaged. We do not want to take a fault
2650 * to do the dirty bit accounting for these mappings.
2652 if ((m->oflags & VPO_UNMANAGED) != 0) {
2653 if (prot & VM_PROT_WRITE)
2656 new_l3 |= PTE_SW_MANAGED;
2658 CTR2(KTR_PMAP, "pmap_enter: %.16lx -> %.16lx", va, pa);
2662 rw_rlock(&pvh_global_lock);
2665 /* Assert the required virtual and physical alignment. */
2666 KASSERT((va & L2_OFFSET) == 0,
2667 ("pmap_enter: va %#lx unaligned", va));
2668 KASSERT(m->psind > 0, ("pmap_enter: m->psind < psind"));
2669 rv = pmap_enter_l2(pmap, va, new_l3, flags, m, &lock);
2673 l2 = pmap_l2(pmap, va);
2674 if (l2 != NULL && ((l2e = pmap_load(l2)) & PTE_V) != 0 &&
2675 ((l2e & PTE_RWX) == 0 || pmap_demote_l2_locked(pmap, l2,
2677 l3 = pmap_l2_to_l3(l2, va);
2678 if (va < VM_MAXUSER_ADDRESS) {
2679 mpte = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2682 } else if (va < VM_MAXUSER_ADDRESS) {
2683 nosleep = (flags & PMAP_ENTER_NOSLEEP) != 0;
2684 mpte = pmap_alloc_l3(pmap, va, nosleep ? NULL : &lock);
2685 if (mpte == NULL && nosleep) {
2686 CTR0(KTR_PMAP, "pmap_enter: mpte == NULL");
2689 rw_runlock(&pvh_global_lock);
2691 return (KERN_RESOURCE_SHORTAGE);
2693 l3 = pmap_l3(pmap, va);
2695 l3 = pmap_l3(pmap, va);
2696 /* TODO: This is not optimal, but should mostly work */
2699 l2_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2700 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2703 panic("pmap_enter: l2 pte_m == NULL");
2704 if ((l2_m->flags & PG_ZERO) == 0)
2705 pmap_zero_page(l2_m);
2707 l2_pa = VM_PAGE_TO_PHYS(l2_m);
2708 l2_pn = (l2_pa / PAGE_SIZE);
2710 l1 = pmap_l1(pmap, va);
2712 entry |= (l2_pn << PTE_PPN0_S);
2713 pmap_store(l1, entry);
2714 pmap_distribute_l1(pmap, pmap_l1_index(va), entry);
2715 l2 = pmap_l1_to_l2(l1, va);
2718 l3_m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2719 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_ZERO);
2721 panic("pmap_enter: l3 pte_m == NULL");
2722 if ((l3_m->flags & PG_ZERO) == 0)
2723 pmap_zero_page(l3_m);
2725 l3_pa = VM_PAGE_TO_PHYS(l3_m);
2726 l3_pn = (l3_pa / PAGE_SIZE);
2728 entry |= (l3_pn << PTE_PPN0_S);
2729 pmap_store(l2, entry);
2730 l3 = pmap_l2_to_l3(l2, va);
2732 pmap_invalidate_page(pmap, va);
2735 orig_l3 = pmap_load(l3);
2736 opa = PTE_TO_PHYS(orig_l3);
2740 * Is the specified virtual address already mapped?
2742 if ((orig_l3 & PTE_V) != 0) {
2744 * Wiring change, just update stats. We don't worry about
2745 * wiring PT pages as they remain resident as long as there
2746 * are valid mappings in them. Hence, if a user page is wired,
2747 * the PT page will be also.
2749 if ((flags & PMAP_ENTER_WIRED) != 0 &&
2750 (orig_l3 & PTE_SW_WIRED) == 0)
2751 pmap->pm_stats.wired_count++;
2752 else if ((flags & PMAP_ENTER_WIRED) == 0 &&
2753 (orig_l3 & PTE_SW_WIRED) != 0)
2754 pmap->pm_stats.wired_count--;
2757 * Remove the extra PT page reference.
2761 KASSERT(mpte->ref_count > 0,
2762 ("pmap_enter: missing reference to page table page,"
2767 * Has the physical page changed?
2771 * No, might be a protection or wiring change.
2773 if ((orig_l3 & PTE_SW_MANAGED) != 0 &&
2774 (new_l3 & PTE_W) != 0)
2775 vm_page_aflag_set(m, PGA_WRITEABLE);
2780 * The physical page has changed. Temporarily invalidate
2781 * the mapping. This ensures that all threads sharing the
2782 * pmap keep a consistent view of the mapping, which is
2783 * necessary for the correct handling of COW faults. It
2784 * also permits reuse of the old mapping's PV entry,
2785 * avoiding an allocation.
2787 * For consistency, handle unmanaged mappings the same way.
2789 orig_l3 = pmap_load_clear(l3);
2790 KASSERT(PTE_TO_PHYS(orig_l3) == opa,
2791 ("pmap_enter: unexpected pa update for %#lx", va));
2792 if ((orig_l3 & PTE_SW_MANAGED) != 0) {
2793 om = PHYS_TO_VM_PAGE(opa);
2796 * The pmap lock is sufficient to synchronize with
2797 * concurrent calls to pmap_page_test_mappings() and
2798 * pmap_ts_referenced().
2800 if ((orig_l3 & PTE_D) != 0)
2802 if ((orig_l3 & PTE_A) != 0)
2803 vm_page_aflag_set(om, PGA_REFERENCED);
2804 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, opa);
2805 pv = pmap_pvh_remove(&om->md, pmap, va);
2807 ("pmap_enter: no PV entry for %#lx", va));
2808 if ((new_l3 & PTE_SW_MANAGED) == 0)
2809 free_pv_entry(pmap, pv);
2810 if ((om->a.flags & PGA_WRITEABLE) != 0 &&
2811 TAILQ_EMPTY(&om->md.pv_list) &&
2812 ((om->flags & PG_FICTITIOUS) != 0 ||
2813 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
2814 vm_page_aflag_clear(om, PGA_WRITEABLE);
2816 pmap_invalidate_page(pmap, va);
2820 * Increment the counters.
2822 if ((new_l3 & PTE_SW_WIRED) != 0)
2823 pmap->pm_stats.wired_count++;
2824 pmap_resident_count_inc(pmap, 1);
2827 * Enter on the PV list if part of our managed memory.
2829 if ((new_l3 & PTE_SW_MANAGED) != 0) {
2831 pv = get_pv_entry(pmap, &lock);
2834 CHANGE_PV_LIST_LOCK_TO_PHYS(&lock, pa);
2835 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
2837 if ((new_l3 & PTE_W) != 0)
2838 vm_page_aflag_set(m, PGA_WRITEABLE);
2843 * Sync the i-cache on all harts before updating the PTE
2844 * if the new PTE is executable.
2846 if (prot & VM_PROT_EXECUTE)
2847 pmap_sync_icache(pmap, va, PAGE_SIZE);
2850 * Update the L3 entry.
2853 orig_l3 = pmap_load_store(l3, new_l3);
2854 pmap_invalidate_page(pmap, va);
2855 KASSERT(PTE_TO_PHYS(orig_l3) == pa,
2856 ("pmap_enter: invalid update"));
2857 if ((orig_l3 & (PTE_D | PTE_SW_MANAGED)) ==
2858 (PTE_D | PTE_SW_MANAGED))
2861 pmap_store(l3, new_l3);
2864 #if VM_NRESERVLEVEL > 0
2865 if (mpte != NULL && mpte->ref_count == Ln_ENTRIES &&
2866 pmap_ps_enabled(pmap) &&
2867 (m->flags & PG_FICTITIOUS) == 0 &&
2868 vm_reserv_level_iffullpop(m) == 0)
2869 pmap_promote_l2(pmap, l2, va, &lock);
2876 rw_runlock(&pvh_global_lock);
2882 * Tries to create a read- and/or execute-only 2MB page mapping. Returns true
2883 * if successful. Returns false if (1) a page table page cannot be allocated
2884 * without sleeping, (2) a mapping already exists at the specified virtual
2885 * address, or (3) a PV entry cannot be allocated without reclaiming another
2889 pmap_enter_2mpage(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2890 struct rwlock **lockp)
2895 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2897 pn = VM_PAGE_TO_PHYS(m) / PAGE_SIZE;
2898 new_l2 = (pd_entry_t)((pn << PTE_PPN0_S) | PTE_R | PTE_V);
2899 if ((m->oflags & VPO_UNMANAGED) == 0)
2900 new_l2 |= PTE_SW_MANAGED;
2901 if ((prot & VM_PROT_EXECUTE) != 0)
2903 if (va < VM_MAXUSER_ADDRESS)
2905 return (pmap_enter_l2(pmap, va, new_l2, PMAP_ENTER_NOSLEEP |
2906 PMAP_ENTER_NOREPLACE | PMAP_ENTER_NORECLAIM, NULL, lockp) ==
2911 * Tries to create the specified 2MB page mapping. Returns KERN_SUCCESS if
2912 * the mapping was created, and either KERN_FAILURE or KERN_RESOURCE_SHORTAGE
2913 * otherwise. Returns KERN_FAILURE if PMAP_ENTER_NOREPLACE was specified and
2914 * a mapping already exists at the specified virtual address. Returns
2915 * KERN_RESOURCE_SHORTAGE if PMAP_ENTER_NOSLEEP was specified and a page table
2916 * page allocation failed. Returns KERN_RESOURCE_SHORTAGE if
2917 * PMAP_ENTER_NORECLAIM was specified and a PV entry allocation failed.
2919 * The parameter "m" is only used when creating a managed, writeable mapping.
2922 pmap_enter_l2(pmap_t pmap, vm_offset_t va, pd_entry_t new_l2, u_int flags,
2923 vm_page_t m, struct rwlock **lockp)
2925 struct spglist free;
2926 pd_entry_t *l2, *l3, oldl2;
2930 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2932 if ((l2pg = pmap_alloc_l2(pmap, va, (flags & PMAP_ENTER_NOSLEEP) != 0 ?
2933 NULL : lockp)) == NULL) {
2934 CTR2(KTR_PMAP, "pmap_enter_l2: failure for va %#lx in pmap %p",
2936 return (KERN_RESOURCE_SHORTAGE);
2939 l2 = (pd_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(l2pg));
2940 l2 = &l2[pmap_l2_index(va)];
2941 if ((oldl2 = pmap_load(l2)) != 0) {
2942 KASSERT(l2pg->ref_count > 1,
2943 ("pmap_enter_l2: l2pg's ref count is too low"));
2944 if ((flags & PMAP_ENTER_NOREPLACE) != 0) {
2947 "pmap_enter_l2: failure for va %#lx in pmap %p",
2949 return (KERN_FAILURE);
2952 if ((oldl2 & PTE_RWX) != 0)
2953 (void)pmap_remove_l2(pmap, l2, va,
2954 pmap_load(pmap_l1(pmap, va)), &free, lockp);
2956 for (sva = va; sva < va + L2_SIZE; sva += PAGE_SIZE) {
2957 l3 = pmap_l2_to_l3(l2, sva);
2958 if ((pmap_load(l3) & PTE_V) != 0 &&
2959 pmap_remove_l3(pmap, l3, sva, oldl2, &free,
2963 vm_page_free_pages_toq(&free, true);
2964 if (va >= VM_MAXUSER_ADDRESS) {
2966 * Both pmap_remove_l2() and pmap_remove_l3() will
2967 * leave the kernel page table page zero filled.
2969 mt = PHYS_TO_VM_PAGE(PTE_TO_PHYS(pmap_load(l2)));
2970 if (pmap_insert_pt_page(pmap, mt, false))
2971 panic("pmap_enter_l2: trie insert failed");
2973 KASSERT(pmap_load(l2) == 0,
2974 ("pmap_enter_l2: non-zero L2 entry %p", l2));
2977 if ((new_l2 & PTE_SW_MANAGED) != 0) {
2979 * Abort this mapping if its PV entry could not be created.
2981 if (!pmap_pv_insert_l2(pmap, va, new_l2, flags, lockp)) {
2983 if (pmap_unwire_ptp(pmap, va, l2pg, &free)) {
2985 * Although "va" is not mapped, paging-structure
2986 * caches could nonetheless have entries that
2987 * refer to the freed page table pages.
2988 * Invalidate those entries.
2990 pmap_invalidate_page(pmap, va);
2991 vm_page_free_pages_toq(&free, true);
2994 "pmap_enter_l2: failure for va %#lx in pmap %p",
2996 return (KERN_RESOURCE_SHORTAGE);
2998 if ((new_l2 & PTE_W) != 0)
2999 for (mt = m; mt < &m[L2_SIZE / PAGE_SIZE]; mt++)
3000 vm_page_aflag_set(mt, PGA_WRITEABLE);
3004 * Increment counters.
3006 if ((new_l2 & PTE_SW_WIRED) != 0)
3007 pmap->pm_stats.wired_count += L2_SIZE / PAGE_SIZE;
3008 pmap->pm_stats.resident_count += L2_SIZE / PAGE_SIZE;
3011 * Map the superpage.
3013 pmap_store(l2, new_l2);
3015 atomic_add_long(&pmap_l2_mappings, 1);
3016 CTR2(KTR_PMAP, "pmap_enter_l2: success for va %#lx in pmap %p",
3019 return (KERN_SUCCESS);
3023 * Maps a sequence of resident pages belonging to the same object.
3024 * The sequence begins with the given page m_start. This page is
3025 * mapped at the given virtual address start. Each subsequent page is
3026 * mapped at a virtual address that is offset from start by the same
3027 * amount as the page is offset from m_start within the object. The
3028 * last page in the sequence is the page with the largest offset from
3029 * m_start that can be mapped at a virtual address less than the given
3030 * virtual address end. Not every virtual page between start and end
3031 * is mapped; only those for which a resident page exists with the
3032 * corresponding offset from m_start are mapped.
3035 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3036 vm_page_t m_start, vm_prot_t prot)
3038 struct rwlock *lock;
3041 vm_pindex_t diff, psize;
3043 VM_OBJECT_ASSERT_LOCKED(m_start->object);
3045 psize = atop(end - start);
3049 rw_rlock(&pvh_global_lock);
3051 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3052 va = start + ptoa(diff);
3053 if ((va & L2_OFFSET) == 0 && va + L2_SIZE <= end &&
3054 m->psind == 1 && pmap_ps_enabled(pmap) &&
3055 pmap_enter_2mpage(pmap, va, m, prot, &lock))
3056 m = &m[L2_SIZE / PAGE_SIZE - 1];
3058 mpte = pmap_enter_quick_locked(pmap, va, m, prot, mpte,
3060 m = TAILQ_NEXT(m, listq);
3064 rw_runlock(&pvh_global_lock);
3069 * this code makes some *MAJOR* assumptions:
3070 * 1. Current pmap & pmap exists.
3073 * 4. No page table pages.
3074 * but is *MUCH* faster than pmap_enter...
3078 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3080 struct rwlock *lock;
3083 rw_rlock(&pvh_global_lock);
3085 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL, &lock);
3088 rw_runlock(&pvh_global_lock);
3093 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3094 vm_prot_t prot, vm_page_t mpte, struct rwlock **lockp)
3096 struct spglist free;
3099 pt_entry_t *l3, newl3;
3101 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3102 (m->oflags & VPO_UNMANAGED) != 0,
3103 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3104 rw_assert(&pvh_global_lock, RA_LOCKED);
3105 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3107 CTR2(KTR_PMAP, "pmap_enter_quick_locked: %p %lx", pmap, va);
3109 * In the case that a page table page is not
3110 * resident, we are creating it here.
3112 if (va < VM_MAXUSER_ADDRESS) {
3113 vm_pindex_t l2pindex;
3116 * Calculate pagetable page index
3118 l2pindex = pmap_l2_pindex(va);
3119 if (mpte && (mpte->pindex == l2pindex)) {
3125 l2 = pmap_l2(pmap, va);
3128 * If the page table page is mapped, we just increment
3129 * the hold count, and activate it. Otherwise, we
3130 * attempt to allocate a page table page. If this
3131 * attempt fails, we don't retry. Instead, we give up.
3133 if (l2 != NULL && pmap_load(l2) != 0) {
3134 phys = PTE_TO_PHYS(pmap_load(l2));
3135 mpte = PHYS_TO_VM_PAGE(phys);
3139 * Pass NULL instead of the PV list lock
3140 * pointer, because we don't intend to sleep.
3142 mpte = _pmap_alloc_l3(pmap, l2pindex, NULL);
3147 l3 = (pt_entry_t *)PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mpte));
3148 l3 = &l3[pmap_l3_index(va)];
3151 l3 = pmap_l3(kernel_pmap, va);
3154 panic("pmap_enter_quick_locked: No l3");
3155 if (pmap_load(l3) != 0) {
3164 * Enter on the PV list if part of our managed memory.
3166 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3167 !pmap_try_insert_pv_entry(pmap, va, m, lockp)) {
3170 if (pmap_unwire_ptp(pmap, va, mpte, &free)) {
3171 pmap_invalidate_page(pmap, va);
3172 vm_page_free_pages_toq(&free, false);
3180 * Increment counters
3182 pmap_resident_count_inc(pmap, 1);
3184 newl3 = ((VM_PAGE_TO_PHYS(m) / PAGE_SIZE) << PTE_PPN0_S) |
3186 if ((prot & VM_PROT_EXECUTE) != 0)
3188 if ((m->oflags & VPO_UNMANAGED) == 0)
3189 newl3 |= PTE_SW_MANAGED;
3190 if (va < VM_MAX_USER_ADDRESS)
3194 * Sync the i-cache on all harts before updating the PTE
3195 * if the new PTE is executable.
3197 if (prot & VM_PROT_EXECUTE)
3198 pmap_sync_icache(pmap, va, PAGE_SIZE);
3200 pmap_store(l3, newl3);
3202 pmap_invalidate_page(pmap, va);
3207 * This code maps large physical mmap regions into the
3208 * processor address space. Note that some shortcuts
3209 * are taken, but the code works.
3212 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3213 vm_pindex_t pindex, vm_size_t size)
3216 VM_OBJECT_ASSERT_WLOCKED(object);
3217 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3218 ("pmap_object_init_pt: non-device object"));
3222 * Clear the wired attribute from the mappings for the specified range of
3223 * addresses in the given pmap. Every valid mapping within that range
3224 * must have the wired attribute set. In contrast, invalid mappings
3225 * cannot have the wired attribute set, so they are ignored.
3227 * The wired attribute of the page table entry is not a hardware feature,
3228 * so there is no need to invalidate any TLB entries.
3231 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3233 vm_offset_t va_next;
3234 pd_entry_t *l1, *l2, l2e;
3235 pt_entry_t *l3, l3e;
3236 bool pv_lists_locked;
3238 pv_lists_locked = false;
3241 for (; sva < eva; sva = va_next) {
3242 l1 = pmap_l1(pmap, sva);
3243 if (pmap_load(l1) == 0) {
3244 va_next = (sva + L1_SIZE) & ~L1_OFFSET;
3250 va_next = (sva + L2_SIZE) & ~L2_OFFSET;
3254 l2 = pmap_l1_to_l2(l1, sva);
3255 if ((l2e = pmap_load(l2)) == 0)
3257 if ((l2e & PTE_RWX) != 0) {
3258 if (sva + L2_SIZE == va_next && eva >= va_next) {
3259 if ((l2e & PTE_SW_WIRED) == 0)
3260 panic("pmap_unwire: l2 %#jx is missing "
3261 "PTE_SW_WIRED", (uintmax_t)l2e);
3262 pmap_clear_bits(l2, PTE_SW_WIRED);
3265 if (!pv_lists_locked) {
3266 pv_lists_locked = true;
3267 if (!rw_try_rlock(&pvh_global_lock)) {
3269 rw_rlock(&pvh_global_lock);
3274 if (!pmap_demote_l2(pmap, l2, sva))
3275 panic("pmap_unwire: demotion failed");
3281 for (l3 = pmap_l2_to_l3(l2, sva); sva != va_next; l3++,
3283 if ((l3e = pmap_load(l3)) == 0)
3285 if ((l3e & PTE_SW_WIRED) == 0)
3286 panic("pmap_unwire: l3 %#jx is missing "
3287 "PTE_SW_WIRED", (uintmax_t)l3e);
3290 * PG_W must be cleared atomically. Although the pmap
3291 * lock synchronizes access to PG_W, another processor
3292 * could be setting PG_M and/or PG_A concurrently.
3294 pmap_clear_bits(l3, PTE_SW_WIRED);
3295 pmap->pm_stats.wired_count--;
3298 if (pv_lists_locked)
3299 rw_runlock(&pvh_global_lock);
3304 * Copy the range specified by src_addr/len
3305 * from the source map to the range dst_addr/len
3306 * in the destination map.
3308 * This routine is only advisory and need not do anything.
3312 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
3313 vm_offset_t src_addr)
3319 * pmap_zero_page zeros the specified hardware page by mapping
3320 * the page into KVM and using bzero to clear its contents.
3323 pmap_zero_page(vm_page_t m)
3325 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3327 pagezero((void *)va);
3331 * pmap_zero_page_area zeros the specified hardware page by mapping
3332 * the page into KVM and using bzero to clear its contents.
3334 * off and size may not cover an area beyond a single hardware page.
3337 pmap_zero_page_area(vm_page_t m, int off, int size)
3339 vm_offset_t va = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m));
3341 if (off == 0 && size == PAGE_SIZE)
3342 pagezero((void *)va);
3344 bzero((char *)va + off, size);
3348 * pmap_copy_page copies the specified (machine independent)
3349 * page by mapping the page into virtual memory and using
3350 * bcopy to copy the page, one machine dependent page at a
3354 pmap_copy_page(vm_page_t msrc, vm_page_t mdst)
3356 vm_offset_t src = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(msrc));
3357 vm_offset_t dst = PHYS_TO_DMAP(VM_PAGE_TO_PHYS(mdst));
3359 pagecopy((void *)src, (void *)dst);
3362 int unmapped_buf_allowed = 1;
3365 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3366 vm_offset_t b_offset, int xfersize)
3370 vm_paddr_t p_a, p_b;
3371 vm_offset_t a_pg_offset, b_pg_offset;
3374 while (xfersize > 0) {
3375 a_pg_offset = a_offset & PAGE_MASK;
3376 m_a = ma[a_offset >> PAGE_SHIFT];
3377 p_a = m_a->phys_addr;
3378 b_pg_offset = b_offset & PAGE_MASK;
3379 m_b = mb[b_offset >> PAGE_SHIFT];
3380 p_b = m_b->phys_addr;
3381 cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3382 cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3383 if (__predict_false(!PHYS_IN_DMAP(p_a))) {
3384 panic("!DMAP a %lx", p_a);
3386 a_cp = (char *)PHYS_TO_DMAP(p_a) + a_pg_offset;
3388 if (__predict_false(!PHYS_IN_DMAP(p_b))) {
3389 panic("!DMAP b %lx", p_b);
3391 b_cp = (char *)PHYS_TO_DMAP(p_b) + b_pg_offset;
3393 bcopy(a_cp, b_cp, cnt);
3401 pmap_quick_enter_page(vm_page_t m)
3404 return (PHYS_TO_DMAP(VM_PAGE_TO_PHYS(m)));
3408 pmap_quick_remove_page(vm_offset_t addr)
3413 * Returns true if the pmap's pv is one of the first
3414 * 16 pvs linked to from this page. This count may
3415 * be changed upwards or downwards in the future; it
3416 * is only necessary that true be returned for a small
3417 * subset of pmaps for proper page aging.
3420 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
3422 struct md_page *pvh;
3423 struct rwlock *lock;
3428 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3429 ("pmap_page_exists_quick: page %p is not managed", m));
3431 rw_rlock(&pvh_global_lock);
3432 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3434 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3435 if (PV_PMAP(pv) == pmap) {
3443 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
3444 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3445 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3446 if (PV_PMAP(pv) == pmap) {
3456 rw_runlock(&pvh_global_lock);
3461 * pmap_page_wired_mappings:
3463 * Return the number of managed mappings to the given physical page
3467 pmap_page_wired_mappings(vm_page_t m)
3469 struct md_page *pvh;
3470 struct rwlock *lock;
3475 int count, md_gen, pvh_gen;
3477 if ((m->oflags & VPO_UNMANAGED) != 0)
3479 rw_rlock(&pvh_global_lock);
3480 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3484 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3486 if (!PMAP_TRYLOCK(pmap)) {
3487 md_gen = m->md.pv_gen;
3491 if (md_gen != m->md.pv_gen) {
3496 l3 = pmap_l3(pmap, pv->pv_va);
3497 if ((pmap_load(l3) & PTE_SW_WIRED) != 0)
3501 if ((m->flags & PG_FICTITIOUS) == 0) {
3502 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3503 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3505 if (!PMAP_TRYLOCK(pmap)) {
3506 md_gen = m->md.pv_gen;
3507 pvh_gen = pvh->pv_gen;
3511 if (md_gen != m->md.pv_gen ||
3512 pvh_gen != pvh->pv_gen) {
3517 l2 = pmap_l2(pmap, pv->pv_va);
3518 if ((pmap_load(l2) & PTE_SW_WIRED) != 0)
3524 rw_runlock(&pvh_global_lock);
3529 * Returns true if the given page is mapped individually or as part of
3530 * a 2mpage. Otherwise, returns false.
3533 pmap_page_is_mapped(vm_page_t m)
3535 struct rwlock *lock;
3538 if ((m->oflags & VPO_UNMANAGED) != 0)
3540 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3542 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
3543 ((m->flags & PG_FICTITIOUS) == 0 &&
3544 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
3550 pmap_remove_pages_pv(pmap_t pmap, vm_page_t m, pv_entry_t pv,
3551 struct spglist *free, bool superpage)
3553 struct md_page *pvh;
3557 pmap_resident_count_dec(pmap, Ln_ENTRIES);
3558 pvh = pa_to_pvh(m->phys_addr);
3559 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
3561 if (TAILQ_EMPTY(&pvh->pv_list)) {
3562 for (mt = m; mt < &m[Ln_ENTRIES]; mt++)
3563 if (TAILQ_EMPTY(&mt->md.pv_list) &&
3564 (mt->a.flags & PGA_WRITEABLE) != 0)
3565 vm_page_aflag_clear(mt, PGA_WRITEABLE);
3567 mpte = pmap_remove_pt_page(pmap, pv->pv_va);
3569 KASSERT(mpte->valid == VM_PAGE_BITS_ALL,
3570 ("pmap_remove_pages: pte page not promoted"));
3571 pmap_resident_count_dec(pmap, 1);
3572 KASSERT(mpte->ref_count == Ln_ENTRIES,
3573 ("pmap_remove_pages: pte page ref count error"));
3574 mpte->ref_count = 0;
3575 pmap_add_delayed_free_list(mpte, free, FALSE);
3578 pmap_resident_count_dec(pmap, 1);
3579 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
3581 if (TAILQ_EMPTY(&m->md.pv_list) &&
3582 (m->a.flags & PGA_WRITEABLE) != 0) {
3583 pvh = pa_to_pvh(m->phys_addr);
3584 if (TAILQ_EMPTY(&pvh->pv_list))
3585 vm_page_aflag_clear(m, PGA_WRITEABLE);
3591 * Destroy all managed, non-wired mappings in the given user-space
3592 * pmap. This pmap cannot be active on any processor besides the
3595 * This function cannot be applied to the kernel pmap. Moreover, it
3596 * is not intended for general use. It is only to be used during
3597 * process termination. Consequently, it can be implemented in ways
3598 * that make it faster than pmap_remove(). First, it can more quickly
3599 * destroy mappings by iterating over the pmap's collection of PV
3600 * entries, rather than searching the page table. Second, it doesn't
3601 * have to test and clear the page table entries atomically, because
3602 * no processor is currently accessing the user address space. In
3603 * particular, a page table entry's dirty bit won't change state once
3604 * this function starts.
3607 pmap_remove_pages(pmap_t pmap)
3609 struct spglist free;
3611 pt_entry_t *pte, tpte;
3614 struct pv_chunk *pc, *npc;
3615 struct rwlock *lock;
3617 uint64_t inuse, bitmask;
3618 int allfree, field, freed, idx;
3624 rw_rlock(&pvh_global_lock);
3626 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
3629 for (field = 0; field < _NPCM; field++) {
3630 inuse = ~pc->pc_map[field] & pc_freemask[field];
3631 while (inuse != 0) {
3632 bit = ffsl(inuse) - 1;
3633 bitmask = 1UL << bit;
3634 idx = field * 64 + bit;
3635 pv = &pc->pc_pventry[idx];
3638 pte = pmap_l1(pmap, pv->pv_va);
3639 ptepde = pmap_load(pte);
3640 pte = pmap_l1_to_l2(pte, pv->pv_va);
3641 tpte = pmap_load(pte);
3642 if ((tpte & PTE_RWX) != 0) {
3646 pte = pmap_l2_to_l3(pte, pv->pv_va);
3647 tpte = pmap_load(pte);
3652 * We cannot remove wired pages from a
3653 * process' mapping at this time.
3655 if (tpte & PTE_SW_WIRED) {
3660 m = PHYS_TO_VM_PAGE(PTE_TO_PHYS(tpte));
3661 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
3662 m < &vm_page_array[vm_page_array_size],
3663 ("pmap_remove_pages: bad pte %#jx",
3669 * Update the vm_page_t clean/reference bits.
3671 if ((tpte & (PTE_D | PTE_W)) ==
3675 mt < &m[Ln_ENTRIES]; mt++)
3681 CHANGE_PV_LIST_LOCK_TO_VM_PAGE(&lock, m);
3684 pc->pc_map[field] |= bitmask;
3686 pmap_remove_pages_pv(pmap, m, pv, &free,
3688 pmap_unuse_pt(pmap, pv->pv_va, ptepde, &free);
3692 PV_STAT(atomic_add_long(&pv_entry_frees, freed));
3693 PV_STAT(atomic_add_int(&pv_entry_spare, freed));
3694 PV_STAT(atomic_subtract_long(&pv_entry_count, freed));
3696 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
3702 pmap_invalidate_all(pmap);
3703 rw_runlock(&pvh_global_lock);
3705 vm_page_free_pages_toq(&free, false);
3709 pmap_page_test_mappings(vm_page_t m, boolean_t accessed, boolean_t modified)
3711 struct md_page *pvh;
3712 struct rwlock *lock;
3714 pt_entry_t *l3, mask;
3717 int md_gen, pvh_gen;
3727 rw_rlock(&pvh_global_lock);
3728 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3731 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3733 if (!PMAP_TRYLOCK(pmap)) {
3734 md_gen = m->md.pv_gen;
3738 if (md_gen != m->md.pv_gen) {
3743 l3 = pmap_l3(pmap, pv->pv_va);
3744 rv = (pmap_load(l3) & mask) == mask;
3749 if ((m->flags & PG_FICTITIOUS) == 0) {
3750 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3751 TAILQ_FOREACH(pv, &pvh->pv_list, pv_next) {
3753 if (!PMAP_TRYLOCK(pmap)) {
3754 md_gen = m->md.pv_gen;
3755 pvh_gen = pvh->pv_gen;
3759 if (md_gen != m->md.pv_gen ||
3760 pvh_gen != pvh->pv_gen) {
3765 l2 = pmap_l2(pmap, pv->pv_va);
3766 rv = (pmap_load(l2) & mask) == mask;
3774 rw_runlock(&pvh_global_lock);
3781 * Return whether or not the specified physical page was modified
3782 * in any physical maps.
3785 pmap_is_modified(vm_page_t m)
3788 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3789 ("pmap_is_modified: page %p is not managed", m));
3792 * If the page is not busied then this check is racy.
3794 if (!pmap_page_is_write_mapped(m))
3796 return (pmap_page_test_mappings(m, FALSE, TRUE));
3800 * pmap_is_prefaultable:
3802 * Return whether or not the specified virtual address is eligible
3806 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
3813 l3 = pmap_l3(pmap, addr);
3814 if (l3 != NULL && pmap_load(l3) != 0) {
3822 * pmap_is_referenced:
3824 * Return whether or not the specified physical page was referenced
3825 * in any physical maps.
3828 pmap_is_referenced(vm_page_t m)
3831 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3832 ("pmap_is_referenced: page %p is not managed", m));
3833 return (pmap_page_test_mappings(m, TRUE, FALSE));
3837 * Clear the write and modified bits in each of the given page's mappings.
3840 pmap_remove_write(vm_page_t m)
3842 struct md_page *pvh;
3843 struct rwlock *lock;
3846 pt_entry_t *l3, oldl3, newl3;
3847 pv_entry_t next_pv, pv;
3849 int md_gen, pvh_gen;
3851 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3852 ("pmap_remove_write: page %p is not managed", m));
3853 vm_page_assert_busied(m);
3855 if (!pmap_page_is_write_mapped(m))
3857 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
3858 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
3859 pa_to_pvh(VM_PAGE_TO_PHYS(m));
3860 rw_rlock(&pvh_global_lock);
3863 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
3865 if (!PMAP_TRYLOCK(pmap)) {
3866 pvh_gen = pvh->pv_gen;
3870 if (pvh_gen != pvh->pv_gen) {
3877 l2 = pmap_l2(pmap, va);
3878 if ((pmap_load(l2) & PTE_W) != 0)
3879 (void)pmap_demote_l2_locked(pmap, l2, va, &lock);
3880 KASSERT(lock == VM_PAGE_TO_PV_LIST_LOCK(m),
3881 ("inconsistent pv lock %p %p for page %p",
3882 lock, VM_PAGE_TO_PV_LIST_LOCK(m), m));
3885 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
3887 if (!PMAP_TRYLOCK(pmap)) {
3888 pvh_gen = pvh->pv_gen;
3889 md_gen = m->md.pv_gen;
3893 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
3899 l3 = pmap_l3(pmap, pv->pv_va);
3900 oldl3 = pmap_load(l3);
3902 if ((oldl3 & PTE_W) != 0) {
3903 newl3 = oldl3 & ~(PTE_D | PTE_W);
3904 if (!atomic_fcmpset_long(l3, &oldl3, newl3))
3906 if ((oldl3 & PTE_D) != 0)
3908 pmap_invalidate_page(pmap, pv->pv_va);
3913 vm_page_aflag_clear(m, PGA_WRITEABLE);
3914 rw_runlock(&pvh_global_lock);
3918 * pmap_ts_referenced:
3920 * Return a count of reference bits for a page, clearing those bits.
3921 * It is not necessary for every reference bit to be cleared, but it
3922 * is necessary that 0 only be returned when there are truly no
3923 * reference bits set.
3925 * As an optimization, update the page's dirty field if a modified bit is
3926 * found while counting reference bits. This opportunistic update can be
3927 * performed at low cost and can eliminate the need for some future calls
3928 * to pmap_is_modified(). However, since this function stops after
3929 * finding PMAP_TS_REFERENCED_MAX reference bits, it may not detect some
3930 * dirty pages. Those dirty pages will only be detected by a future call
3931 * to pmap_is_modified().
3934 pmap_ts_referenced(vm_page_t m)
3936 struct spglist free;
3937 struct md_page *pvh;
3938 struct rwlock *lock;
3941 pd_entry_t *l2, l2e;
3942 pt_entry_t *l3, l3e;
3945 int cleared, md_gen, not_cleared, pvh_gen;
3947 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3948 ("pmap_ts_referenced: page %p is not managed", m));
3951 pa = VM_PAGE_TO_PHYS(m);
3952 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy : pa_to_pvh(pa);
3954 lock = PHYS_TO_PV_LIST_LOCK(pa);
3955 rw_rlock(&pvh_global_lock);
3959 if ((pvf = TAILQ_FIRST(&pvh->pv_list)) == NULL)
3960 goto small_mappings;
3964 if (!PMAP_TRYLOCK(pmap)) {
3965 pvh_gen = pvh->pv_gen;
3969 if (pvh_gen != pvh->pv_gen) {
3975 l2 = pmap_l2(pmap, va);
3976 l2e = pmap_load(l2);
3977 if ((l2e & (PTE_W | PTE_D)) == (PTE_W | PTE_D)) {
3979 * Although l2e is mapping a 2MB page, because
3980 * this function is called at a 4KB page granularity,
3981 * we only update the 4KB page under test.
3985 if ((l2e & PTE_A) != 0) {
3987 * Since this reference bit is shared by 512 4KB
3988 * pages, it should not be cleared every time it is
3989 * tested. Apply a simple "hash" function on the
3990 * physical page number, the virtual superpage number,
3991 * and the pmap address to select one 4KB page out of
3992 * the 512 on which testing the reference bit will
3993 * result in clearing that reference bit. This
3994 * function is designed to avoid the selection of the
3995 * same 4KB page for every 2MB page mapping.
3997 * On demotion, a mapping that hasn't been referenced
3998 * is simply destroyed. To avoid the possibility of a
3999 * subsequent page fault on a demoted wired mapping,
4000 * always leave its reference bit set. Moreover,
4001 * since the superpage is wired, the current state of
4002 * its reference bit won't affect page replacement.
4004 if ((((pa >> PAGE_SHIFT) ^ (pv->pv_va >> L2_SHIFT) ^
4005 (uintptr_t)pmap) & (Ln_ENTRIES - 1)) == 0 &&
4006 (l2e & PTE_SW_WIRED) == 0) {
4007 pmap_clear_bits(l2, PTE_A);
4008 pmap_invalidate_page(pmap, va);
4014 /* Rotate the PV list if it has more than one entry. */
4015 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4016 TAILQ_REMOVE(&pvh->pv_list, pv, pv_next);
4017 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_next);
4020 if (cleared + not_cleared >= PMAP_TS_REFERENCED_MAX)
4022 } while ((pv = TAILQ_FIRST(&pvh->pv_list)) != pvf);
4024 if ((pvf = TAILQ_FIRST(&m->md.pv_list)) == NULL)
4029 if (!PMAP_TRYLOCK(pmap)) {
4030 pvh_gen = pvh->pv_gen;
4031 md_gen = m->md.pv_gen;
4035 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4040 l2 = pmap_l2(pmap, pv->pv_va);
4042 KASSERT((pmap_load(l2) & PTE_RX) == 0,
4043 ("pmap_ts_referenced: found an invalid l2 table"));
4045 l3 = pmap_l2_to_l3(l2, pv->pv_va);
4046 l3e = pmap_load(l3);
4047 if ((l3e & PTE_D) != 0)
4049 if ((l3e & PTE_A) != 0) {
4050 if ((l3e & PTE_SW_WIRED) == 0) {
4052 * Wired pages cannot be paged out so
4053 * doing accessed bit emulation for
4054 * them is wasted effort. We do the
4055 * hard work for unwired pages only.
4057 pmap_clear_bits(l3, PTE_A);
4058 pmap_invalidate_page(pmap, pv->pv_va);
4064 /* Rotate the PV list if it has more than one entry. */
4065 if (pv != NULL && TAILQ_NEXT(pv, pv_next) != NULL) {
4066 TAILQ_REMOVE(&m->md.pv_list, pv, pv_next);
4067 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_next);
4070 } while ((pv = TAILQ_FIRST(&m->md.pv_list)) != pvf && cleared +
4071 not_cleared < PMAP_TS_REFERENCED_MAX);
4074 rw_runlock(&pvh_global_lock);
4075 vm_page_free_pages_toq(&free, false);
4076 return (cleared + not_cleared);
4080 * Apply the given advice to the specified range of addresses within the
4081 * given pmap. Depending on the advice, clear the referenced and/or
4082 * modified flags in each mapping and set the mapped page's dirty field.
4085 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4090 * Clear the modify bits on the specified physical page.
4093 pmap_clear_modify(vm_page_t m)
4095 struct md_page *pvh;
4096 struct rwlock *lock;
4098 pv_entry_t next_pv, pv;
4099 pd_entry_t *l2, oldl2;
4102 int md_gen, pvh_gen;
4104 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4105 ("pmap_clear_modify: page %p is not managed", m));
4106 vm_page_assert_busied(m);
4108 if (!pmap_page_is_write_mapped(m))
4112 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4113 * If the object containing the page is locked and the page is not
4114 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4116 if ((m->a.flags & PGA_WRITEABLE) == 0)
4118 pvh = (m->flags & PG_FICTITIOUS) != 0 ? &pv_dummy :
4119 pa_to_pvh(VM_PAGE_TO_PHYS(m));
4120 lock = VM_PAGE_TO_PV_LIST_LOCK(m);
4121 rw_rlock(&pvh_global_lock);
4124 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_next, next_pv) {
4126 if (!PMAP_TRYLOCK(pmap)) {
4127 pvh_gen = pvh->pv_gen;
4131 if (pvh_gen != pvh->pv_gen) {
4137 l2 = pmap_l2(pmap, va);
4138 oldl2 = pmap_load(l2);
4139 /* If oldl2 has PTE_W set, then it also has PTE_D set. */
4140 if ((oldl2 & PTE_W) != 0 &&
4141 pmap_demote_l2_locked(pmap, l2, va, &lock) &&
4142 (oldl2 & PTE_SW_WIRED) == 0) {
4144 * Write protect the mapping to a single page so that
4145 * a subsequent write access may repromote.
4147 va += VM_PAGE_TO_PHYS(m) - PTE_TO_PHYS(oldl2);
4148 l3 = pmap_l2_to_l3(l2, va);
4149 pmap_clear_bits(l3, PTE_D | PTE_W);
4151 pmap_invalidate_page(pmap, va);
4155 TAILQ_FOREACH(pv, &m->md.pv_list, pv_next) {
4157 if (!PMAP_TRYLOCK(pmap)) {
4158 md_gen = m->md.pv_gen;
4159 pvh_gen = pvh->pv_gen;
4163 if (pvh_gen != pvh->pv_gen || md_gen != m->md.pv_gen) {
4168 l2 = pmap_l2(pmap, pv->pv_va);
4169 KASSERT((pmap_load(l2) & PTE_RWX) == 0,
4170 ("pmap_clear_modify: found a 2mpage in page %p's pv list",
4172 l3 = pmap_l2_to_l3(l2, pv->pv_va);
4173 if ((pmap_load(l3) & (PTE_D | PTE_W)) == (PTE_D | PTE_W)) {
4174 pmap_clear_bits(l3, PTE_D | PTE_W);
4175 pmap_invalidate_page(pmap, pv->pv_va);
4180 rw_runlock(&pvh_global_lock);
4184 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
4187 return ((void *)PHYS_TO_DMAP(pa));
4191 pmap_unmapbios(vm_paddr_t pa, vm_size_t size)
4196 * Sets the memory attribute for the specified page.
4199 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4202 m->md.pv_memattr = ma;
4206 * Perform the pmap work for mincore(2). If the page is not both referenced and
4207 * modified by this pmap, returns its physical address so that the caller can
4208 * find other mappings.
4211 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *pap)
4213 pt_entry_t *l2, *l3, tpte;
4219 l2 = pmap_l2(pmap, addr);
4220 if (l2 != NULL && ((tpte = pmap_load(l2)) & PTE_V) != 0) {
4221 if ((tpte & PTE_RWX) != 0) {
4222 pa = PTE_TO_PHYS(tpte) | (addr & L2_OFFSET);
4223 val = MINCORE_INCORE | MINCORE_SUPER;
4225 l3 = pmap_l2_to_l3(l2, addr);
4226 tpte = pmap_load(l3);
4227 if ((tpte & PTE_V) == 0) {
4231 pa = PTE_TO_PHYS(tpte) | (addr & L3_OFFSET);
4232 val = MINCORE_INCORE;
4235 if ((tpte & PTE_D) != 0)
4236 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4237 if ((tpte & PTE_A) != 0)
4238 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4239 managed = (tpte & PTE_SW_MANAGED) == PTE_SW_MANAGED;
4244 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4245 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4253 pmap_activate_sw(struct thread *td)
4255 pmap_t oldpmap, pmap;
4258 oldpmap = PCPU_GET(curpmap);
4259 pmap = vmspace_pmap(td->td_proc->p_vmspace);
4260 if (pmap == oldpmap)
4262 load_satp(pmap->pm_satp);
4264 hart = PCPU_GET(hart);
4266 CPU_SET_ATOMIC(hart, &pmap->pm_active);
4267 CPU_CLR_ATOMIC(hart, &oldpmap->pm_active);
4269 CPU_SET(hart, &pmap->pm_active);
4270 CPU_CLR(hart, &oldpmap->pm_active);
4272 PCPU_SET(curpmap, pmap);
4278 pmap_activate(struct thread *td)
4282 pmap_activate_sw(td);
4287 pmap_activate_boot(pmap_t pmap)
4291 hart = PCPU_GET(hart);
4293 CPU_SET_ATOMIC(hart, &pmap->pm_active);
4295 CPU_SET(hart, &pmap->pm_active);
4297 PCPU_SET(curpmap, pmap);
4301 pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz)
4306 * From the RISC-V User-Level ISA V2.2:
4308 * "To make a store to instruction memory visible to all
4309 * RISC-V harts, the writing hart has to execute a data FENCE
4310 * before requesting that all remote RISC-V harts execute a
4313 * However, this is slightly misleading; we still need to
4314 * perform a FENCE.I for the local hart, as FENCE does nothing
4315 * for its icache. FENCE.I alone is also sufficient for the
4320 CPU_CLR(PCPU_GET(hart), &mask);
4322 if (!CPU_EMPTY(&mask) && smp_started) {
4324 sbi_remote_fence_i(mask.__bits);
4330 * Increase the starting virtual address of the given mapping if a
4331 * different alignment might result in more superpage mappings.
4334 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4335 vm_offset_t *addr, vm_size_t size)
4337 vm_offset_t superpage_offset;
4341 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
4342 offset += ptoa(object->pg_color);
4343 superpage_offset = offset & L2_OFFSET;
4344 if (size - ((L2_SIZE - superpage_offset) & L2_OFFSET) < L2_SIZE ||
4345 (*addr & L2_OFFSET) == superpage_offset)
4347 if ((*addr & L2_OFFSET) < superpage_offset)
4348 *addr = (*addr & ~L2_OFFSET) + superpage_offset;
4350 *addr = ((*addr + L2_OFFSET) & ~L2_OFFSET) + superpage_offset;
4354 * Get the kernel virtual address of a set of physical pages. If there are
4355 * physical addresses not covered by the DMAP perform a transient mapping
4356 * that will be removed when calling pmap_unmap_io_transient.
4358 * \param page The pages the caller wishes to obtain the virtual
4359 * address on the kernel memory map.
4360 * \param vaddr On return contains the kernel virtual memory address
4361 * of the pages passed in the page parameter.
4362 * \param count Number of pages passed in.
4363 * \param can_fault TRUE if the thread using the mapped pages can take
4364 * page faults, FALSE otherwise.
4366 * \returns TRUE if the caller must call pmap_unmap_io_transient when
4367 * finished or FALSE otherwise.
4371 pmap_map_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4372 boolean_t can_fault)
4375 boolean_t needs_mapping;
4379 * Allocate any KVA space that we need, this is done in a separate
4380 * loop to prevent calling vmem_alloc while pinned.
4382 needs_mapping = FALSE;
4383 for (i = 0; i < count; i++) {
4384 paddr = VM_PAGE_TO_PHYS(page[i]);
4385 if (__predict_false(paddr >= DMAP_MAX_PHYSADDR)) {
4386 error = vmem_alloc(kernel_arena, PAGE_SIZE,
4387 M_BESTFIT | M_WAITOK, &vaddr[i]);
4388 KASSERT(error == 0, ("vmem_alloc failed: %d", error));
4389 needs_mapping = TRUE;
4391 vaddr[i] = PHYS_TO_DMAP(paddr);
4395 /* Exit early if everything is covered by the DMAP */
4401 for (i = 0; i < count; i++) {
4402 paddr = VM_PAGE_TO_PHYS(page[i]);
4403 if (paddr >= DMAP_MAX_PHYSADDR) {
4405 "pmap_map_io_transient: TODO: Map out of DMAP data");
4409 return (needs_mapping);
4413 pmap_unmap_io_transient(vm_page_t page[], vm_offset_t vaddr[], int count,
4414 boolean_t can_fault)
4421 for (i = 0; i < count; i++) {
4422 paddr = VM_PAGE_TO_PHYS(page[i]);
4423 if (paddr >= DMAP_MAX_PHYSADDR) {
4424 panic("RISCVTODO: pmap_unmap_io_transient: Unmap data");
4430 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
4433 return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_BACK);
4437 pmap_get_tables(pmap_t pmap, vm_offset_t va, pd_entry_t **l1, pd_entry_t **l2,
4440 pd_entry_t *l1p, *l2p;
4442 /* Get l1 directory entry. */
4443 l1p = pmap_l1(pmap, va);
4446 if (l1p == NULL || (pmap_load(l1p) & PTE_V) == 0)
4449 if ((pmap_load(l1p) & PTE_RX) != 0) {
4455 /* Get l2 directory entry. */
4456 l2p = pmap_l1_to_l2(l1p, va);
4459 if (l2p == NULL || (pmap_load(l2p) & PTE_V) == 0)
4462 if ((pmap_load(l2p) & PTE_RX) != 0) {
4467 /* Get l3 page table entry. */
4468 *l3 = pmap_l2_to_l3(l2p, va);
4474 * Track a range of the kernel's virtual address space that is contiguous
4475 * in various mapping attributes.
4477 struct pmap_kernel_map_range {
4486 sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range,
4490 if (eva <= range->sva)
4493 sbuf_printf(sb, "0x%016lx-0x%016lx r%c%c%c%c %d %d %d\n",
4495 (range->attrs & PTE_W) == PTE_W ? 'w' : '-',
4496 (range->attrs & PTE_X) == PTE_X ? 'x' : '-',
4497 (range->attrs & PTE_U) == PTE_U ? 'u' : 's',
4498 (range->attrs & PTE_G) == PTE_G ? 'g' : '-',
4499 range->l1pages, range->l2pages, range->l3pages);
4501 /* Reset to sentinel value. */
4502 range->sva = 0xfffffffffffffffful;
4506 * Determine whether the attributes specified by a page table entry match those
4507 * being tracked by the current range.
4510 sysctl_kmaps_match(struct pmap_kernel_map_range *range, pt_entry_t attrs)
4513 return (range->attrs == attrs);
4517 sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va,
4521 memset(range, 0, sizeof(*range));
4523 range->attrs = attrs;
4527 * Given a leaf PTE, derive the mapping's attributes. If they do not match
4528 * those of the current run, dump the address range and its attributes, and
4532 sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range,
4533 vm_offset_t va, pd_entry_t l1e, pd_entry_t l2e, pt_entry_t l3e)
4537 /* The PTE global bit is inherited by lower levels. */
4538 attrs = l1e & PTE_G;
4539 if ((l1e & PTE_RWX) != 0)
4540 attrs |= l1e & (PTE_RWX | PTE_U);
4542 attrs |= l2e & PTE_G;
4543 if ((l2e & PTE_RWX) != 0)
4544 attrs |= l2e & (PTE_RWX | PTE_U);
4546 attrs |= l3e & (PTE_RWX | PTE_U | PTE_G);
4548 if (range->sva > va || !sysctl_kmaps_match(range, attrs)) {
4549 sysctl_kmaps_dump(sb, range, va);
4550 sysctl_kmaps_reinit(range, va, attrs);
4555 sysctl_kmaps(SYSCTL_HANDLER_ARGS)
4557 struct pmap_kernel_map_range range;
4558 struct sbuf sbuf, *sb;
4559 pd_entry_t l1e, *l2, l2e;
4560 pt_entry_t *l3, l3e;
4565 error = sysctl_wire_old_buffer(req, 0);
4569 sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req);
4571 /* Sentinel value. */
4572 range.sva = 0xfffffffffffffffful;
4575 * Iterate over the kernel page tables without holding the kernel pmap
4576 * lock. Kernel page table pages are never freed, so at worst we will
4577 * observe inconsistencies in the output.
4579 sva = VM_MIN_KERNEL_ADDRESS;
4580 for (i = pmap_l1_index(sva); i < Ln_ENTRIES; i++) {
4581 if (i == pmap_l1_index(DMAP_MIN_ADDRESS))
4582 sbuf_printf(sb, "\nDirect map:\n");
4583 else if (i == pmap_l1_index(VM_MIN_KERNEL_ADDRESS))
4584 sbuf_printf(sb, "\nKernel map:\n");
4586 l1e = kernel_pmap->pm_l1[i];
4587 if ((l1e & PTE_V) == 0) {
4588 sysctl_kmaps_dump(sb, &range, sva);
4592 if ((l1e & PTE_RWX) != 0) {
4593 sysctl_kmaps_check(sb, &range, sva, l1e, 0, 0);
4598 pa = PTE_TO_PHYS(l1e);
4599 l2 = (pd_entry_t *)PHYS_TO_DMAP(pa);
4601 for (j = pmap_l2_index(sva); j < Ln_ENTRIES; j++) {
4603 if ((l2e & PTE_V) == 0) {
4604 sysctl_kmaps_dump(sb, &range, sva);
4608 if ((l2e & PTE_RWX) != 0) {
4609 sysctl_kmaps_check(sb, &range, sva, l1e, l2e, 0);
4614 pa = PTE_TO_PHYS(l2e);
4615 l3 = (pd_entry_t *)PHYS_TO_DMAP(pa);
4617 for (k = pmap_l3_index(sva); k < Ln_ENTRIES; k++,
4620 if ((l3e & PTE_V) == 0) {
4621 sysctl_kmaps_dump(sb, &range, sva);
4624 sysctl_kmaps_check(sb, &range, sva,
4631 error = sbuf_finish(sb);
4635 SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
4636 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
4637 NULL, 0, sysctl_kmaps, "A",
4638 "Dump kernel address layout");
projects / FreeBSD / FreeBSD.git / blob