2 * Copyright (c) 1988 University of Utah.
3 * Copyright (c) 1991, 1993
4 * The Regents of the University of California. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * the Systems Programming Group of the University of Utah Computer
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$
36 * @(#)vm_mmap.c 8.4 (Berkeley) 1/12/94
40 * Mapped file (mmap) interface to VM
43 #include <sys/cdefs.h>
44 __FBSDID("$FreeBSD$");
46 #include "opt_compat.h"
47 #include "opt_hwpmc_hooks.h"
49 #include <sys/param.h>
50 #include <sys/systm.h>
51 #include <sys/capsicum.h>
52 #include <sys/kernel.h>
54 #include <sys/mutex.h>
55 #include <sys/sysproto.h>
56 #include <sys/filedesc.h>
59 #include <sys/procctl.h>
60 #include <sys/racct.h>
61 #include <sys/resource.h>
62 #include <sys/resourcevar.h>
63 #include <sys/rwlock.h>
64 #include <sys/sysctl.h>
65 #include <sys/vnode.h>
66 #include <sys/fcntl.h>
69 #include <sys/mount.h>
72 #include <sys/syscallsubr.h>
73 #include <sys/sysent.h>
74 #include <sys/vmmeter.h>
76 #include <security/mac/mac_framework.h>
79 #include <vm/vm_param.h>
81 #include <vm/vm_map.h>
82 #include <vm/vm_object.h>
83 #include <vm/vm_page.h>
84 #include <vm/vm_pager.h>
85 #include <vm/vm_pageout.h>
86 #include <vm/vm_extern.h>
87 #include <vm/vm_page.h>
88 #include <vm/vnode_pager.h>
91 #include <sys/pmckern.h>
95 SYSCTL_INT(_vm, OID_AUTO, old_mlock, CTLFLAG_RW | CTLFLAG_TUN, &old_mlock, 0,
96 "Do not apply RLIMIT_MEMLOCK on mlockall");
97 TUNABLE_INT("vm.old_mlock", &old_mlock);
100 #define MAP_32BIT_MAX_ADDR ((vm_offset_t)1 << 31)
103 static int vm_mmap_vnode(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *,
104 int *, struct vnode *, vm_ooffset_t *, vm_object_t *, boolean_t *);
105 static int vm_mmap_cdev(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *,
106 int *, struct cdev *, vm_ooffset_t *, vm_object_t *);
107 static int vm_mmap_shm(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *,
108 int *, struct shmfd *, vm_ooffset_t, vm_object_t *);
110 #ifndef _SYS_SYSPROTO_H_
117 sys_sbrk(struct thread *td, struct sbrk_args *uap)
119 /* Not yet implemented */
123 #ifndef _SYS_SYSPROTO_H_
130 sys_sstk(struct thread *td, struct sstk_args *uap)
132 /* Not yet implemented */
136 #if defined(COMPAT_43)
137 #ifndef _SYS_SYSPROTO_H_
138 struct getpagesize_args {
144 ogetpagesize(struct thread *td, struct getpagesize_args *uap)
147 td->td_retval[0] = PAGE_SIZE;
150 #endif /* COMPAT_43 */
154 * Memory Map (mmap) system call. Note that the file offset
155 * and address are allowed to be NOT page aligned, though if
156 * the MAP_FIXED flag it set, both must have the same remainder
157 * modulo the PAGE_SIZE (POSIX 1003.1b). If the address is not
158 * page-aligned, the actual mapping starts at trunc_page(addr)
159 * and the return value is adjusted up by the page offset.
161 * Generally speaking, only character devices which are themselves
162 * memory-based, such as a video framebuffer, can be mmap'd. Otherwise
163 * there would be no cache coherency between a descriptor and a VM mapping
164 * both to the same character device.
166 #ifndef _SYS_SYSPROTO_H_
181 struct mmap_args *uap;
184 struct pmckern_map_in pkm;
189 vm_size_t size, pageoff;
190 vm_prot_t cap_maxprot, prot, maxprot;
192 objtype_t handle_type;
193 int align, error, flags;
195 struct vmspace *vms = td->td_proc->p_vmspace;
198 addr = (vm_offset_t) uap->addr;
200 prot = uap->prot & VM_PROT_ALL;
207 * Enforce the constraints.
208 * Mapping of length 0 is only allowed for old binaries.
209 * Anonymous mapping shall specify -1 as filedescriptor and
210 * zero position for new code. Be nice to ancient a.out
211 * binaries and correct pos for anonymous mapping, since old
212 * ld.so sometimes issues anonymous map requests with non-zero
215 if (!SV_CURPROC_FLAG(SV_AOUT)) {
216 if ((uap->len == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) ||
217 ((flags & MAP_ANON) != 0 && (uap->fd != -1 || pos != 0)))
220 if ((flags & MAP_ANON) != 0)
224 if (flags & MAP_STACK) {
225 if ((uap->fd != -1) ||
226 ((prot & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE)))
231 if ((flags & (MAP_EXCL | MAP_FIXED)) == MAP_EXCL)
233 if ((flags & MAP_GUARD) != 0 && (prot != PROT_NONE || uap->fd != -1 ||
234 pos != 0 || (flags & (MAP_SHARED | MAP_PRIVATE | MAP_PREFAULT |
235 MAP_PREFAULT_READ | MAP_ANON | MAP_STACK)) != 0))
239 * Align the file position to a page boundary,
240 * and save its page offset component.
242 pageoff = (pos & PAGE_MASK);
245 /* Adjust size for rounding (on both ends). */
246 size += pageoff; /* low end... */
247 size = (vm_size_t) round_page(size); /* hi end */
249 /* Ensure alignment is at least a page and fits in a pointer. */
250 align = flags & MAP_ALIGNMENT_MASK;
251 if (align != 0 && align != MAP_ALIGNED_SUPER &&
252 (align >> MAP_ALIGNMENT_SHIFT >= sizeof(void *) * NBBY ||
253 align >> MAP_ALIGNMENT_SHIFT < PAGE_SHIFT))
257 * Check for illegal addresses. Watch out for address wrap... Note
258 * that VM_*_ADDRESS are not constants due to casts (argh).
260 if (flags & MAP_FIXED) {
262 * The specified address must have the same remainder
263 * as the file offset taken modulo PAGE_SIZE, so it
264 * should be aligned after adjustment by pageoff.
267 if (addr & PAGE_MASK)
270 /* Address range must be all in user VM space. */
271 if (addr < vm_map_min(&vms->vm_map) ||
272 addr + size > vm_map_max(&vms->vm_map))
274 if (addr + size < addr)
277 if (flags & MAP_32BIT && addr + size > MAP_32BIT_MAX_ADDR)
279 } else if (flags & MAP_32BIT) {
281 * For MAP_32BIT, override the hint if it is too high and
282 * do not bother moving the mapping past the heap (since
283 * the heap is usually above 2GB).
285 if (addr + size > MAP_32BIT_MAX_ADDR)
290 * XXX for non-fixed mappings where no hint is provided or
291 * the hint would fall in the potential heap space,
292 * place it after the end of the largest possible heap.
294 * There should really be a pmap call to determine a reasonable
297 PROC_LOCK(td->td_proc);
299 (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
300 addr < round_page((vm_offset_t)vms->vm_daddr +
301 lim_max(td->td_proc, RLIMIT_DATA))))
302 addr = round_page((vm_offset_t)vms->vm_daddr +
303 lim_max(td->td_proc, RLIMIT_DATA));
304 PROC_UNLOCK(td->td_proc);
306 if ((flags & MAP_GUARD) != 0) {
308 handle_type = OBJT_DEFAULT;
309 maxprot = VM_PROT_NONE;
310 cap_maxprot = VM_PROT_NONE;
311 } else if ((flags & MAP_ANON) != 0) {
313 * Mapping blank space is trivial.
316 handle_type = OBJT_DEFAULT;
317 maxprot = VM_PROT_ALL;
318 cap_maxprot = VM_PROT_ALL;
321 * Mapping file, get fp for validation and don't let the
322 * descriptor disappear on us if we block. Check capability
323 * rights, but also return the maximum rights to be combined
324 * with maxprot later.
326 cap_rights_init(&rights, CAP_MMAP);
327 if (prot & PROT_READ)
328 cap_rights_set(&rights, CAP_MMAP_R);
329 if ((flags & MAP_SHARED) != 0) {
330 if (prot & PROT_WRITE)
331 cap_rights_set(&rights, CAP_MMAP_W);
333 if (prot & PROT_EXEC)
334 cap_rights_set(&rights, CAP_MMAP_X);
335 error = fget_mmap(td, uap->fd, &rights, &cap_maxprot, &fp);
338 if (fp->f_type == DTYPE_SHM) {
340 handle_type = OBJT_SWAP;
341 maxprot = VM_PROT_NONE;
343 /* FREAD should always be set. */
344 if (fp->f_flag & FREAD)
345 maxprot |= VM_PROT_EXECUTE | VM_PROT_READ;
346 if (fp->f_flag & FWRITE)
347 maxprot |= VM_PROT_WRITE;
350 if (fp->f_type != DTYPE_VNODE) {
354 #if defined(COMPAT_FREEBSD7) || defined(COMPAT_FREEBSD6) || \
355 defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4)
357 * POSIX shared-memory objects are defined to have
358 * kernel persistence, and are not defined to support
359 * read(2)/write(2) -- or even open(2). Thus, we can
360 * use MAP_ASYNC to trade on-disk coherence for speed.
361 * The shm_open(3) library routine turns on the FPOSIXSHM
362 * flag to request this behavior.
364 if (fp->f_flag & FPOSIXSHM)
369 * Ensure that file and memory protections are
370 * compatible. Note that we only worry about
371 * writability if mapping is shared; in this case,
372 * current and max prot are dictated by the open file.
373 * XXX use the vnode instead? Problem is: what
374 * credentials do we use for determination? What if
375 * proc does a setuid?
377 if (vp->v_mount != NULL && vp->v_mount->mnt_flag & MNT_NOEXEC)
378 maxprot = VM_PROT_NONE;
380 maxprot = VM_PROT_EXECUTE;
381 if (fp->f_flag & FREAD) {
382 maxprot |= VM_PROT_READ;
383 } else if (prot & PROT_READ) {
388 * If we are sharing potential changes (either via
389 * MAP_SHARED or via the implicit sharing of character
390 * device mappings), and we are trying to get write
391 * permission although we opened it without asking
394 if ((flags & MAP_SHARED) != 0) {
395 if ((fp->f_flag & FWRITE) != 0) {
396 maxprot |= VM_PROT_WRITE;
397 } else if ((prot & PROT_WRITE) != 0) {
401 } else if (vp->v_type != VCHR || (fp->f_flag & FWRITE) != 0) {
402 maxprot |= VM_PROT_WRITE;
403 cap_maxprot |= VM_PROT_WRITE;
406 handle_type = OBJT_VNODE;
410 maxprot &= cap_maxprot;
411 error = vm_mmap(&vms->vm_map, &addr, size, prot, maxprot,
412 flags, handle_type, handle, pos);
415 /* inform hwpmc(4) if an executable is being mapped */
416 if (error == 0 && handle_type == OBJT_VNODE &&
417 (prot & PROT_EXEC)) {
418 pkm.pm_file = handle;
419 pkm.pm_address = (uintptr_t) addr;
420 PMC_CALL_HOOK(td, PMC_FN_MMAP, (void *) &pkm);
424 td->td_retval[0] = (register_t) (addr + pageoff);
433 freebsd6_mmap(struct thread *td, struct freebsd6_mmap_args *uap)
435 struct mmap_args oargs;
437 oargs.addr = uap->addr;
438 oargs.len = uap->len;
439 oargs.prot = uap->prot;
440 oargs.flags = uap->flags;
442 oargs.pos = uap->pos;
443 return (sys_mmap(td, &oargs));
447 #ifndef _SYS_SYSPROTO_H_
460 struct ommap_args *uap;
462 struct mmap_args nargs;
463 static const char cvtbsdprot[8] = {
467 PROT_EXEC | PROT_WRITE,
469 PROT_EXEC | PROT_READ,
470 PROT_WRITE | PROT_READ,
471 PROT_EXEC | PROT_WRITE | PROT_READ,
474 #define OMAP_ANON 0x0002
475 #define OMAP_COPY 0x0020
476 #define OMAP_SHARED 0x0010
477 #define OMAP_FIXED 0x0100
479 nargs.addr = uap->addr;
480 nargs.len = uap->len;
481 nargs.prot = cvtbsdprot[uap->prot & 0x7];
482 #ifdef COMPAT_FREEBSD32
483 #if defined(__amd64__) || defined(__ia64__)
484 if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32) &&
486 nargs.prot |= PROT_EXEC;
490 if (uap->flags & OMAP_ANON)
491 nargs.flags |= MAP_ANON;
492 if (uap->flags & OMAP_COPY)
493 nargs.flags |= MAP_COPY;
494 if (uap->flags & OMAP_SHARED)
495 nargs.flags |= MAP_SHARED;
497 nargs.flags |= MAP_PRIVATE;
498 if (uap->flags & OMAP_FIXED)
499 nargs.flags |= MAP_FIXED;
501 nargs.pos = uap->pos;
502 return (sys_mmap(td, &nargs));
504 #endif /* COMPAT_43 */
507 #ifndef _SYS_SYSPROTO_H_
517 struct msync_args *uap;
520 vm_size_t size, pageoff;
525 addr = (vm_offset_t) uap->addr;
529 pageoff = (addr & PAGE_MASK);
532 size = (vm_size_t) round_page(size);
533 if (addr + size < addr)
536 if ((flags & (MS_ASYNC|MS_INVALIDATE)) == (MS_ASYNC|MS_INVALIDATE))
539 map = &td->td_proc->p_vmspace->vm_map;
542 * Clean the pages and interpret the return value.
544 rv = vm_map_sync(map, addr, addr + size, (flags & MS_ASYNC) == 0,
545 (flags & MS_INVALIDATE) != 0);
549 case KERN_INVALID_ADDRESS:
551 case KERN_INVALID_ARGUMENT:
560 #ifndef _SYS_SYSPROTO_H_
569 struct munmap_args *uap;
572 struct pmckern_map_out pkm;
573 vm_map_entry_t entry;
576 vm_size_t size, pageoff;
579 addr = (vm_offset_t) uap->addr;
584 pageoff = (addr & PAGE_MASK);
587 size = (vm_size_t) round_page(size);
588 if (addr + size < addr)
592 * Check for illegal addresses. Watch out for address wrap...
594 map = &td->td_proc->p_vmspace->vm_map;
595 if (addr < vm_map_min(map) || addr + size > vm_map_max(map))
600 * Inform hwpmc if the address range being unmapped contains
601 * an executable region.
603 pkm.pm_address = (uintptr_t) NULL;
604 if (vm_map_lookup_entry(map, addr, &entry)) {
606 entry != &map->header && entry->start < addr + size;
607 entry = entry->next) {
608 if (vm_map_check_protection(map, entry->start,
609 entry->end, VM_PROT_EXECUTE) == TRUE) {
610 pkm.pm_address = (uintptr_t) addr;
611 pkm.pm_size = (size_t) size;
617 vm_map_delete(map, addr, addr + size);
620 /* downgrade the lock to prevent a LOR with the pmc-sx lock */
621 vm_map_lock_downgrade(map);
622 if (pkm.pm_address != (uintptr_t) NULL)
623 PMC_CALL_HOOK(td, PMC_FN_MUNMAP, (void *) &pkm);
624 vm_map_unlock_read(map);
628 /* vm_map_delete returns nothing but KERN_SUCCESS anyway */
632 #ifndef _SYS_SYSPROTO_H_
633 struct mprotect_args {
640 sys_mprotect(td, uap)
642 struct mprotect_args *uap;
645 vm_size_t size, pageoff;
648 addr = (vm_offset_t) uap->addr;
650 prot = uap->prot & VM_PROT_ALL;
652 pageoff = (addr & PAGE_MASK);
655 size = (vm_size_t) round_page(size);
656 if (addr + size < addr)
659 switch (vm_map_protect(&td->td_proc->p_vmspace->vm_map, addr,
660 addr + size, prot, FALSE)) {
663 case KERN_PROTECTION_FAILURE:
665 case KERN_RESOURCE_SHORTAGE:
671 #ifndef _SYS_SYSPROTO_H_
672 struct minherit_args {
679 sys_minherit(struct thread *td, struct minherit_args *uap)
682 vm_size_t size, pageoff;
683 vm_inherit_t inherit;
685 addr = (vm_offset_t)uap->addr;
687 inherit = uap->inherit;
689 pageoff = (addr & PAGE_MASK);
692 size = (vm_size_t) round_page(size);
693 if (addr + size < addr)
696 switch (vm_map_inherit(&td->td_proc->p_vmspace->vm_map, addr,
697 addr + size, inherit)) {
700 case KERN_PROTECTION_FAILURE:
706 #ifndef _SYS_SYSPROTO_H_
707 struct madvise_args {
715 sys_madvise(struct thread *td, struct madvise_args *uap)
717 vm_offset_t start, end;
722 * Check for our special case, advising the swap pager we are
725 if (uap->behav == MADV_PROTECT) {
727 return (kern_procctl(td, P_PID, td->td_proc->p_pid,
728 PROC_SPROTECT, &flags));
732 * Check for illegal behavior
734 if (uap->behav < 0 || uap->behav > MADV_CORE)
737 * Check for illegal addresses. Watch out for address wrap... Note
738 * that VM_*_ADDRESS are not constants due to casts (argh).
740 map = &td->td_proc->p_vmspace->vm_map;
741 if ((vm_offset_t)uap->addr < vm_map_min(map) ||
742 (vm_offset_t)uap->addr + uap->len > vm_map_max(map))
744 if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr)
748 * Since this routine is only advisory, we default to conservative
751 start = trunc_page((vm_offset_t) uap->addr);
752 end = round_page((vm_offset_t) uap->addr + uap->len);
754 if (vm_map_madvise(map, start, end, uap->behav))
759 #ifndef _SYS_SYSPROTO_H_
760 struct mincore_args {
768 sys_mincore(struct thread *td, struct mincore_args *uap)
770 vm_offset_t addr, first_addr;
771 vm_offset_t end, cend;
776 int vecindex, lastvecindex;
777 vm_map_entry_t current;
778 vm_map_entry_t entry;
780 vm_paddr_t locked_pa;
784 unsigned int timestamp;
788 * Make sure that the addresses presented are valid for user
791 first_addr = addr = trunc_page((vm_offset_t) uap->addr);
792 end = addr + (vm_size_t)round_page(uap->len);
793 map = &td->td_proc->p_vmspace->vm_map;
794 if (end > vm_map_max(map) || end < addr)
798 * Address of byte vector
802 pmap = vmspace_pmap(td->td_proc->p_vmspace);
804 vm_map_lock_read(map);
806 timestamp = map->timestamp;
808 if (!vm_map_lookup_entry(map, addr, &entry)) {
809 vm_map_unlock_read(map);
814 * Do this on a map entry basis so that if the pages are not
815 * in the current processes address space, we can easily look
816 * up the pages elsewhere.
819 for (current = entry;
820 (current != &map->header) && (current->start < end);
821 current = current->next) {
824 * check for contiguity
826 if (current->end < end &&
827 (entry->next == &map->header ||
828 current->next->start > current->end)) {
829 vm_map_unlock_read(map);
834 * ignore submaps (for now) or null objects
836 if ((current->eflags & MAP_ENTRY_IS_SUB_MAP) ||
837 current->object.vm_object == NULL)
841 * limit this scan to the current map entry and the
842 * limits for the mincore call
844 if (addr < current->start)
845 addr = current->start;
851 * scan this entry one page at a time
853 while (addr < cend) {
855 * Check pmap first, it is likely faster, also
856 * it can provide info as to whether we are the
857 * one referencing or modifying the page.
863 mincoreinfo = pmap_mincore(pmap, addr, &locked_pa);
864 if (locked_pa != 0) {
866 * The page is mapped by this process but not
867 * both accessed and modified. It is also
868 * managed. Acquire the object lock so that
869 * other mappings might be examined.
871 m = PHYS_TO_VM_PAGE(locked_pa);
872 if (m->object != object) {
874 VM_OBJECT_WUNLOCK(object);
876 locked = VM_OBJECT_TRYWLOCK(object);
879 VM_OBJECT_WLOCK(object);
885 KASSERT(m->valid == VM_PAGE_BITS_ALL,
886 ("mincore: page %p is mapped but invalid",
888 } else if (mincoreinfo == 0) {
890 * The page is not mapped by this process. If
891 * the object implements managed pages, then
892 * determine if the page is resident so that
893 * the mappings might be examined.
895 if (current->object.vm_object != object) {
897 VM_OBJECT_WUNLOCK(object);
898 object = current->object.vm_object;
899 VM_OBJECT_WLOCK(object);
901 if (object->type == OBJT_DEFAULT ||
902 object->type == OBJT_SWAP ||
903 object->type == OBJT_VNODE) {
904 pindex = OFF_TO_IDX(current->offset +
905 (addr - current->start));
906 m = vm_page_lookup(object, pindex);
908 vm_page_is_cached(object, pindex))
909 mincoreinfo = MINCORE_INCORE;
910 if (m != NULL && m->valid == 0)
913 mincoreinfo = MINCORE_INCORE;
917 /* Examine other mappings to the page. */
918 if (m->dirty == 0 && pmap_is_modified(m))
921 mincoreinfo |= MINCORE_MODIFIED_OTHER;
923 * The first test for PGA_REFERENCED is an
924 * optimization. The second test is
925 * required because a concurrent pmap
926 * operation could clear the last reference
927 * and set PGA_REFERENCED before the call to
928 * pmap_is_referenced().
930 if ((m->aflags & PGA_REFERENCED) != 0 ||
931 pmap_is_referenced(m) ||
932 (m->aflags & PGA_REFERENCED) != 0)
933 mincoreinfo |= MINCORE_REFERENCED_OTHER;
936 VM_OBJECT_WUNLOCK(object);
939 * subyte may page fault. In case it needs to modify
940 * the map, we release the lock.
942 vm_map_unlock_read(map);
945 * calculate index into user supplied byte vector
947 vecindex = OFF_TO_IDX(addr - first_addr);
950 * If we have skipped map entries, we need to make sure that
951 * the byte vector is zeroed for those skipped entries.
953 while ((lastvecindex + 1) < vecindex) {
955 error = subyte(vec + lastvecindex, 0);
963 * Pass the page information to the user
965 error = subyte(vec + vecindex, mincoreinfo);
972 * If the map has changed, due to the subyte, the previous
973 * output may be invalid.
975 vm_map_lock_read(map);
976 if (timestamp != map->timestamp)
979 lastvecindex = vecindex;
985 * subyte may page fault. In case it needs to modify
986 * the map, we release the lock.
988 vm_map_unlock_read(map);
991 * Zero the last entries in the byte vector.
993 vecindex = OFF_TO_IDX(end - first_addr);
994 while ((lastvecindex + 1) < vecindex) {
996 error = subyte(vec + lastvecindex, 0);
1004 * If the map has changed, due to the subyte, the previous
1005 * output may be invalid.
1007 vm_map_lock_read(map);
1008 if (timestamp != map->timestamp)
1010 vm_map_unlock_read(map);
1015 #ifndef _SYS_SYSPROTO_H_
1022 sys_mlock(struct thread *td, struct mlock_args *uap)
1025 return (vm_mlock(td->td_proc, td->td_ucred, uap->addr, uap->len));
1029 vm_mlock(struct proc *proc, struct ucred *cred, const void *addr0, size_t len)
1031 vm_offset_t addr, end, last, start;
1032 vm_size_t npages, size;
1034 unsigned long nsize;
1037 error = priv_check_cred(cred, PRIV_VM_MLOCK, 0);
1040 addr = (vm_offset_t)addr0;
1043 start = trunc_page(addr);
1044 end = round_page(last);
1045 if (last < addr || end < addr)
1047 npages = atop(end - start);
1048 if (npages > vm_page_max_wired)
1050 map = &proc->p_vmspace->vm_map;
1052 nsize = ptoa(npages + pmap_wired_count(map->pmap));
1053 if (nsize > lim_cur(proc, RLIMIT_MEMLOCK)) {
1058 if (npages + cnt.v_wire_count > vm_page_max_wired)
1063 error = racct_set(proc, RACCT_MEMLOCK, nsize);
1069 error = vm_map_wire(map, start, end,
1070 VM_MAP_WIRE_USER | VM_MAP_WIRE_NOHOLES);
1072 if (racct_enable && error != KERN_SUCCESS) {
1074 racct_set(proc, RACCT_MEMLOCK,
1075 ptoa(pmap_wired_count(map->pmap)));
1079 return (error == KERN_SUCCESS ? 0 : ENOMEM);
1082 #ifndef _SYS_SYSPROTO_H_
1083 struct mlockall_args {
1089 sys_mlockall(struct thread *td, struct mlockall_args *uap)
1094 map = &td->td_proc->p_vmspace->vm_map;
1095 error = priv_check(td, PRIV_VM_MLOCK);
1099 if ((uap->how == 0) || ((uap->how & ~(MCL_CURRENT|MCL_FUTURE)) != 0))
1103 * If wiring all pages in the process would cause it to exceed
1104 * a hard resource limit, return ENOMEM.
1106 if (!old_mlock && uap->how & MCL_CURRENT) {
1107 PROC_LOCK(td->td_proc);
1108 if (map->size > lim_cur(td->td_proc, RLIMIT_MEMLOCK)) {
1109 PROC_UNLOCK(td->td_proc);
1112 PROC_UNLOCK(td->td_proc);
1116 PROC_LOCK(td->td_proc);
1117 error = racct_set(td->td_proc, RACCT_MEMLOCK, map->size);
1118 PROC_UNLOCK(td->td_proc);
1124 if (uap->how & MCL_FUTURE) {
1126 vm_map_modflags(map, MAP_WIREFUTURE, 0);
1131 if (uap->how & MCL_CURRENT) {
1133 * P1003.1-2001 mandates that all currently mapped pages
1134 * will be memory resident and locked (wired) upon return
1135 * from mlockall(). vm_map_wire() will wire pages, by
1136 * calling vm_fault_wire() for each page in the region.
1138 error = vm_map_wire(map, vm_map_min(map), vm_map_max(map),
1139 VM_MAP_WIRE_USER|VM_MAP_WIRE_HOLESOK);
1140 error = (error == KERN_SUCCESS ? 0 : EAGAIN);
1143 if (racct_enable && error != KERN_SUCCESS) {
1144 PROC_LOCK(td->td_proc);
1145 racct_set(td->td_proc, RACCT_MEMLOCK,
1146 ptoa(pmap_wired_count(map->pmap)));
1147 PROC_UNLOCK(td->td_proc);
1154 #ifndef _SYS_SYSPROTO_H_
1155 struct munlockall_args {
1161 sys_munlockall(struct thread *td, struct munlockall_args *uap)
1166 map = &td->td_proc->p_vmspace->vm_map;
1167 error = priv_check(td, PRIV_VM_MUNLOCK);
1171 /* Clear the MAP_WIREFUTURE flag from this vm_map. */
1173 vm_map_modflags(map, 0, MAP_WIREFUTURE);
1176 /* Forcibly unwire all pages. */
1177 error = vm_map_unwire(map, vm_map_min(map), vm_map_max(map),
1178 VM_MAP_WIRE_USER|VM_MAP_WIRE_HOLESOK);
1180 if (racct_enable && error == KERN_SUCCESS) {
1181 PROC_LOCK(td->td_proc);
1182 racct_set(td->td_proc, RACCT_MEMLOCK, 0);
1183 PROC_UNLOCK(td->td_proc);
1190 #ifndef _SYS_SYSPROTO_H_
1191 struct munlock_args {
1197 sys_munlock(td, uap)
1199 struct munlock_args *uap;
1201 vm_offset_t addr, end, last, start;
1208 error = priv_check(td, PRIV_VM_MUNLOCK);
1211 addr = (vm_offset_t)uap->addr;
1214 start = trunc_page(addr);
1215 end = round_page(last);
1216 if (last < addr || end < addr)
1218 error = vm_map_unwire(&td->td_proc->p_vmspace->vm_map, start, end,
1219 VM_MAP_WIRE_USER | VM_MAP_WIRE_NOHOLES);
1221 if (racct_enable && error == KERN_SUCCESS) {
1222 PROC_LOCK(td->td_proc);
1223 map = &td->td_proc->p_vmspace->vm_map;
1224 racct_set(td->td_proc, RACCT_MEMLOCK,
1225 ptoa(pmap_wired_count(map->pmap)));
1226 PROC_UNLOCK(td->td_proc);
1229 return (error == KERN_SUCCESS ? 0 : ENOMEM);
1235 * Helper function for vm_mmap. Perform sanity check specific for mmap
1236 * operations on vnodes.
1238 * For VCHR vnodes, the vnode lock is held over the call to
1239 * vm_mmap_cdev() to keep vp->v_rdev valid.
1242 vm_mmap_vnode(struct thread *td, vm_size_t objsize,
1243 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp,
1244 struct vnode *vp, vm_ooffset_t *foffp, vm_object_t *objp,
1245 boolean_t *writecounted)
1251 int error, flags, locktype;
1253 cred = td->td_ucred;
1254 if ((*maxprotp & VM_PROT_WRITE) && (*flagsp & MAP_SHARED))
1255 locktype = LK_EXCLUSIVE;
1257 locktype = LK_SHARED;
1258 if ((error = vget(vp, locktype, td)) != 0)
1263 if (vp->v_type == VREG) {
1265 * Get the proper underlying object
1271 if (obj->type == OBJT_VNODE && obj->handle != vp) {
1273 vp = (struct vnode *)obj->handle;
1275 * Bypass filesystems obey the mpsafety of the
1276 * underlying fs. Tmpfs never bypasses.
1278 error = vget(vp, locktype, td);
1282 if (locktype == LK_EXCLUSIVE) {
1283 *writecounted = TRUE;
1284 vnode_pager_update_writecount(obj, 0, objsize);
1286 } else if (vp->v_type == VCHR) {
1287 error = vm_mmap_cdev(td, objsize, prot, maxprotp, flagsp,
1288 vp->v_rdev, foffp, objp);
1296 if ((error = VOP_GETATTR(vp, &va, cred)))
1299 error = mac_vnode_check_mmap(cred, vp, prot, flags);
1303 if ((flags & MAP_SHARED) != 0) {
1304 if ((va.va_flags & (SF_SNAPSHOT|IMMUTABLE|APPEND)) != 0) {
1305 if (prot & PROT_WRITE) {
1309 *maxprotp &= ~VM_PROT_WRITE;
1313 * If it is a regular file without any references
1314 * we do not need to sync it.
1315 * Adjust object size to be the size of actual file.
1317 objsize = round_page(va.va_size);
1318 if (va.va_nlink == 0)
1319 flags |= MAP_NOSYNC;
1320 if (obj->type == OBJT_VNODE)
1321 obj = vm_pager_allocate(OBJT_VNODE, vp, objsize, prot, foff,
1324 KASSERT(obj->type == OBJT_DEFAULT || obj->type == OBJT_SWAP,
1325 ("wrong object type"));
1326 vm_object_reference(obj);
1336 vfs_mark_atime(vp, cred);
1339 if (error != 0 && *writecounted) {
1340 *writecounted = FALSE;
1341 vnode_pager_update_writecount(obj, objsize, 0);
1350 * Helper function for vm_mmap. Perform sanity check specific for mmap
1351 * operations on cdevs.
1354 vm_mmap_cdev(struct thread *td, vm_size_t objsize,
1355 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp,
1356 struct cdev *cdev, vm_ooffset_t *foff, vm_object_t *objp)
1360 int error, flags, ref;
1364 dsw = dev_refthread(cdev, &ref);
1367 if (dsw->d_flags & D_MMAP_ANON) {
1368 dev_relthread(cdev, ref);
1369 *maxprotp = VM_PROT_ALL;
1370 *flagsp |= MAP_ANON;
1374 * cdevs do not provide private mappings of any kind.
1376 if ((*maxprotp & VM_PROT_WRITE) == 0 &&
1377 (prot & PROT_WRITE) != 0) {
1378 dev_relthread(cdev, ref);
1381 if (flags & (MAP_PRIVATE|MAP_COPY)) {
1382 dev_relthread(cdev, ref);
1386 * Force device mappings to be shared.
1388 flags |= MAP_SHARED;
1390 error = mac_cdev_check_mmap(td->td_ucred, cdev, prot);
1392 dev_relthread(cdev, ref);
1397 * First, try d_mmap_single(). If that is not implemented
1398 * (returns ENODEV), fall back to using the device pager.
1399 * Note that d_mmap_single() must return a reference to the
1400 * object (it needs to bump the reference count of the object
1401 * it returns somehow).
1403 * XXX assumes VM_PROT_* == PROT_*
1405 error = dsw->d_mmap_single(cdev, foff, objsize, objp, (int)prot);
1406 dev_relthread(cdev, ref);
1407 if (error != ENODEV)
1409 obj = vm_pager_allocate(OBJT_DEVICE, cdev, objsize, prot, *foff,
1423 * Helper function for vm_mmap. Perform sanity check specific for mmap
1424 * operations on shm file descriptors.
1427 vm_mmap_shm(struct thread *td, vm_size_t objsize,
1428 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp,
1429 struct shmfd *shmfd, vm_ooffset_t foff, vm_object_t *objp)
1433 if ((*flagsp & MAP_SHARED) != 0 &&
1434 (*maxprotp & VM_PROT_WRITE) == 0 &&
1435 (prot & PROT_WRITE) != 0)
1438 error = mac_posixshm_check_mmap(td->td_ucred, shmfd, prot, *flagsp);
1442 error = shm_mmap(shmfd, objsize, foff, objp);
1453 * Internal version of mmap. Currently used by mmap, exec, and sys5
1454 * shared memory. Handle is either a vnode pointer or NULL for MAP_ANON.
1457 vm_mmap(vm_map_t map, vm_offset_t *addr, vm_size_t size, vm_prot_t prot,
1458 vm_prot_t maxprot, int flags,
1459 objtype_t handle_type, void *handle,
1462 boolean_t curmap, fitit;
1463 vm_offset_t max_addr;
1464 vm_object_t object = NULL;
1465 struct thread *td = curthread;
1466 int docow, error, findspace, rv;
1467 boolean_t writecounted;
1472 size = round_page(size);
1474 curmap = map == &td->td_proc->p_vmspace->vm_map;
1476 PROC_LOCK(td->td_proc);
1477 if (map->size + size > lim_cur(td->td_proc, RLIMIT_VMEM)) {
1478 PROC_UNLOCK(td->td_proc);
1481 if (racct_set(td->td_proc, RACCT_VMEM, map->size + size)) {
1482 PROC_UNLOCK(td->td_proc);
1485 if (!old_mlock && map->flags & MAP_WIREFUTURE) {
1486 if (ptoa(pmap_wired_count(map->pmap)) + size >
1487 lim_cur(td->td_proc, RLIMIT_MEMLOCK)) {
1488 racct_set_force(td->td_proc, RACCT_VMEM,
1490 PROC_UNLOCK(td->td_proc);
1493 error = racct_set(td->td_proc, RACCT_MEMLOCK,
1494 ptoa(pmap_wired_count(map->pmap)) + size);
1496 racct_set_force(td->td_proc, RACCT_VMEM,
1498 PROC_UNLOCK(td->td_proc);
1502 PROC_UNLOCK(td->td_proc);
1506 * We currently can only deal with page aligned file offsets.
1507 * The check is here rather than in the syscall because the
1508 * kernel calls this function internally for other mmaping
1509 * operations (such as in exec) and non-aligned offsets will
1510 * cause pmap inconsistencies...so we want to be sure to
1511 * disallow this in all cases.
1513 if (foff & PAGE_MASK)
1516 if ((flags & MAP_FIXED) == 0) {
1518 *addr = round_page(*addr);
1520 if (*addr != trunc_page(*addr))
1524 writecounted = FALSE;
1527 * Lookup/allocate object.
1529 switch (handle_type) {
1531 error = vm_mmap_cdev(td, size, prot, &maxprot, &flags,
1532 handle, &foff, &object);
1535 error = vm_mmap_vnode(td, size, prot, &maxprot, &flags,
1536 handle, &foff, &object, &writecounted);
1539 error = vm_mmap_shm(td, size, prot, &maxprot, &flags,
1540 handle, foff, &object);
1543 if (handle == NULL) {
1554 if (flags & MAP_ANON) {
1558 * Unnamed anonymous regions always start at 0.
1562 } else if (flags & MAP_PREFAULT_READ)
1563 docow = MAP_PREFAULT;
1565 docow = MAP_PREFAULT_PARTIAL;
1567 if ((flags & (MAP_ANON|MAP_SHARED)) == 0)
1568 docow |= MAP_COPY_ON_WRITE;
1569 if (flags & MAP_NOSYNC)
1570 docow |= MAP_DISABLE_SYNCER;
1571 if (flags & MAP_NOCORE)
1572 docow |= MAP_DISABLE_COREDUMP;
1573 /* Shared memory is also shared with children. */
1574 if (flags & MAP_SHARED)
1575 docow |= MAP_INHERIT_SHARE;
1577 docow |= MAP_VN_WRITECOUNT;
1578 if (flags & MAP_STACK) {
1581 docow |= MAP_STACK_GROWS_DOWN;
1583 if ((flags & MAP_EXCL) != 0)
1584 docow |= MAP_CHECK_EXCL;
1585 if ((flags & MAP_GUARD) != 0)
1586 docow |= MAP_CREATE_GUARD;
1589 if ((flags & MAP_ALIGNMENT_MASK) == MAP_ALIGNED_SUPER)
1590 findspace = VMFS_SUPER_SPACE;
1591 else if ((flags & MAP_ALIGNMENT_MASK) != 0)
1592 findspace = VMFS_ALIGNED_SPACE(flags >>
1593 MAP_ALIGNMENT_SHIFT);
1595 findspace = VMFS_OPTIMAL_SPACE;
1598 if ((flags & MAP_32BIT) != 0)
1599 max_addr = MAP_32BIT_MAX_ADDR;
1602 vm_offset_t min_addr;
1604 PROC_LOCK(td->td_proc);
1605 min_addr = round_page((vm_offset_t)td->td_proc->
1606 p_vmspace->vm_daddr + lim_max(td->td_proc,
1608 PROC_UNLOCK(td->td_proc);
1609 rv = vm_map_find_min(map, object, foff, addr, size,
1611 findspace, prot, maxprot, docow);
1613 rv = vm_map_find(map, object, foff, addr, size,
1614 max_addr, findspace, prot, maxprot, docow);
1617 rv = vm_map_fixed(map, object, foff, *addr, size,
1618 prot, maxprot, docow);
1621 if (rv == KERN_SUCCESS) {
1623 * If the process has requested that all future mappings
1624 * be wired, then heed this.
1626 if (map->flags & MAP_WIREFUTURE) {
1627 vm_map_wire(map, *addr, *addr + size,
1628 VM_MAP_WIRE_USER | ((flags & MAP_STACK) ?
1629 VM_MAP_WIRE_HOLESOK : VM_MAP_WIRE_NOHOLES));
1633 * If this mapping was accounted for in the vnode's
1634 * writecount, then undo that now.
1637 vnode_pager_release_writecount(object, 0, size);
1639 * Lose the object reference. Will destroy the
1640 * object if it's an unnamed anonymous mapping
1641 * or named anonymous without other references.
1643 vm_object_deallocate(object);
1645 return (vm_mmap_to_errno(rv));
1649 * Translate a Mach VM return code to zero on success or the appropriate errno
1653 vm_mmap_to_errno(int rv)
1659 case KERN_INVALID_ADDRESS:
1662 case KERN_PROTECTION_FAILURE:
projects / FreeBSD / stable / 10.git / blob