pmap-v6.c revision 266058
1/* From: $NetBSD: pmap.c,v 1.148 2004/04/03 04:35:48 bsh Exp $ */ 2/*- 3 * Copyright 2011 Semihalf 4 * Copyright 2004 Olivier Houchard. 5 * Copyright 2003 Wasabi Systems, Inc. 6 * All rights reserved. 7 * 8 * Written by Steve C. Woodford for Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed for the NetBSD Project by 21 * Wasabi Systems, Inc. 22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 23 * or promote products derived from this software without specific prior 24 * written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 * 38 * From: FreeBSD: src/sys/arm/arm/pmap.c,v 1.113 2009/07/24 13:50:29 39 */ 40 41/*- 42 * Copyright (c) 2002-2003 Wasabi Systems, Inc. 43 * Copyright (c) 2001 Richard Earnshaw 44 * Copyright (c) 2001-2002 Christopher Gilbert 45 * All rights reserved. 46 * 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. The name of the company nor the name of the author may be used to 53 * endorse or promote products derived from this software without specific 54 * prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 57 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 58 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 59 * IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 */ 68/*- 69 * Copyright (c) 1999 The NetBSD Foundation, Inc. 70 * All rights reserved. 71 * 72 * This code is derived from software contributed to The NetBSD Foundation 73 * by Charles M. Hannum. 74 * 75 * Redistribution and use in source and binary forms, with or without 76 * modification, are permitted provided that the following conditions 77 * are met: 78 * 1. Redistributions of source code must retain the above copyright 79 * notice, this list of conditions and the following disclaimer. 80 * 2. Redistributions in binary form must reproduce the above copyright 81 * notice, this list of conditions and the following disclaimer in the 82 * documentation and/or other materials provided with the distribution. 83 * 84 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 85 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 86 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 87 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 88 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 89 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 90 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 91 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 92 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 93 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 94 * POSSIBILITY OF SUCH DAMAGE. 95 */ 96 97/*- 98 * Copyright (c) 1994-1998 Mark Brinicombe. 99 * Copyright (c) 1994 Brini. 100 * All rights reserved. 101 * 102 * This code is derived from software written for Brini by Mark Brinicombe 103 * 104 * Redistribution and use in source and binary forms, with or without 105 * modification, are permitted provided that the following conditions 106 * are met: 107 * 1. Redistributions of source code must retain the above copyright 108 * notice, this list of conditions and the following disclaimer. 109 * 2. Redistributions in binary form must reproduce the above copyright 110 * notice, this list of conditions and the following disclaimer in the 111 * documentation and/or other materials provided with the distribution. 112 * 3. All advertising materials mentioning features or use of this software 113 * must display the following acknowledgement: 114 * This product includes software developed by Mark Brinicombe. 115 * 4. The name of the author may not be used to endorse or promote products 116 * derived from this software without specific prior written permission. 117 * 118 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 119 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 120 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 121 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 122 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 123 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 124 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 125 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 126 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 127 * 128 * RiscBSD kernel project 129 * 130 * pmap.c 131 * 132 * Machine dependant vm stuff 133 * 134 * Created : 20/09/94 135 */ 136 137/* 138 * Special compilation symbols 139 * PMAP_DEBUG - Build in pmap_debug_level code 140 * 141 * Note that pmap_mapdev() and pmap_unmapdev() are implemented in arm/devmap.c 142*/ 143/* Include header files */ 144 145#include "opt_vm.h" 146#include "opt_pmap.h" 147 148#include <sys/cdefs.h> 149__FBSDID("$FreeBSD: stable/10/sys/arm/arm/pmap-v6.c 266058 2014-05-14 17:40:18Z ian $"); 150#include <sys/param.h> 151#include <sys/systm.h> 152#include <sys/kernel.h> 153#include <sys/ktr.h> 154#include <sys/lock.h> 155#include <sys/proc.h> 156#include <sys/malloc.h> 157#include <sys/msgbuf.h> 158#include <sys/mutex.h> 159#include <sys/vmmeter.h> 160#include <sys/mman.h> 161#include <sys/rwlock.h> 162#include <sys/smp.h> 163#include <sys/sched.h> 164#include <sys/sysctl.h> 165 166#include <vm/vm.h> 167#include <vm/vm_param.h> 168#include <vm/uma.h> 169#include <vm/pmap.h> 170#include <vm/vm_kern.h> 171#include <vm/vm_object.h> 172#include <vm/vm_map.h> 173#include <vm/vm_page.h> 174#include <vm/vm_pageout.h> 175#include <vm/vm_extern.h> 176#include <vm/vm_reserv.h> 177 178#include <machine/md_var.h> 179#include <machine/cpu.h> 180#include <machine/cpufunc.h> 181#include <machine/pcb.h> 182 183#ifdef DEBUG 184extern int last_fault_code; 185#endif 186 187#ifdef PMAP_DEBUG 188#define PDEBUG(_lev_,_stat_) \ 189 if (pmap_debug_level >= (_lev_)) \ 190 ((_stat_)) 191#define dprintf printf 192 193int pmap_debug_level = 0; 194#define PMAP_INLINE 195#else /* PMAP_DEBUG */ 196#define PDEBUG(_lev_,_stat_) /* Nothing */ 197#define dprintf(x, arg...) 198#define PMAP_INLINE __inline 199#endif /* PMAP_DEBUG */ 200 201#ifdef PV_STATS 202#define PV_STAT(x) do { x ; } while (0) 203#else 204#define PV_STAT(x) do { } while (0) 205#endif 206 207#define pa_to_pvh(pa) (&pv_table[pa_index(pa)]) 208 209#ifdef ARM_L2_PIPT 210#define pmap_l2cache_wbinv_range(va, pa, size) cpu_l2cache_wbinv_range((pa), (size)) 211#define pmap_l2cache_inv_range(va, pa, size) cpu_l2cache_inv_range((pa), (size)) 212#else 213#define pmap_l2cache_wbinv_range(va, pa, size) cpu_l2cache_wbinv_range((va), (size)) 214#define pmap_l2cache_inv_range(va, pa, size) cpu_l2cache_inv_range((va), (size)) 215#endif 216 217extern struct pv_addr systempage; 218 219/* 220 * Internal function prototypes 221 */ 222 223static PMAP_INLINE 224struct pv_entry *pmap_find_pv(struct md_page *, pmap_t, vm_offset_t); 225static void pmap_free_pv_chunk(struct pv_chunk *pc); 226static void pmap_free_pv_entry(pmap_t pmap, pv_entry_t pv); 227static pv_entry_t pmap_get_pv_entry(pmap_t pmap, boolean_t try); 228static vm_page_t pmap_pv_reclaim(pmap_t locked_pmap); 229static boolean_t pmap_pv_insert_section(pmap_t, vm_offset_t, 230 vm_paddr_t); 231static struct pv_entry *pmap_remove_pv(struct vm_page *, pmap_t, vm_offset_t); 232static int pmap_pvh_wired_mappings(struct md_page *, int); 233 234static void pmap_enter_locked(pmap_t, vm_offset_t, vm_prot_t, 235 vm_page_t, vm_prot_t, boolean_t, int); 236static vm_paddr_t pmap_extract_locked(pmap_t pmap, vm_offset_t va); 237static void pmap_alloc_l1(pmap_t); 238static void pmap_free_l1(pmap_t); 239 240static void pmap_map_section(pmap_t, vm_offset_t, vm_offset_t, 241 vm_prot_t, boolean_t); 242static void pmap_promote_section(pmap_t, vm_offset_t); 243static boolean_t pmap_demote_section(pmap_t, vm_offset_t); 244static boolean_t pmap_enter_section(pmap_t, vm_offset_t, vm_page_t, 245 vm_prot_t); 246static void pmap_remove_section(pmap_t, vm_offset_t); 247 248static int pmap_clearbit(struct vm_page *, u_int); 249 250static struct l2_bucket *pmap_get_l2_bucket(pmap_t, vm_offset_t); 251static struct l2_bucket *pmap_alloc_l2_bucket(pmap_t, vm_offset_t); 252static void pmap_free_l2_bucket(pmap_t, struct l2_bucket *, u_int); 253static vm_offset_t kernel_pt_lookup(vm_paddr_t); 254 255static MALLOC_DEFINE(M_VMPMAP, "pmap", "PMAP L1"); 256 257vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */ 258vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */ 259vm_offset_t pmap_curmaxkvaddr; 260vm_paddr_t kernel_l1pa; 261 262vm_offset_t kernel_vm_end = 0; 263 264vm_offset_t vm_max_kernel_address; 265 266struct pmap kernel_pmap_store; 267 268static pt_entry_t *csrc_pte, *cdst_pte; 269static vm_offset_t csrcp, cdstp; 270static struct mtx cmtx; 271 272static void pmap_init_l1(struct l1_ttable *, pd_entry_t *); 273/* 274 * These routines are called when the CPU type is identified to set up 275 * the PTE prototypes, cache modes, etc. 276 * 277 * The variables are always here, just in case LKMs need to reference 278 * them (though, they shouldn't). 279 */ 280static void pmap_set_prot(pt_entry_t *pte, vm_prot_t prot, uint8_t user); 281pt_entry_t pte_l1_s_cache_mode; 282pt_entry_t pte_l1_s_cache_mode_pt; 283 284pt_entry_t pte_l2_l_cache_mode; 285pt_entry_t pte_l2_l_cache_mode_pt; 286 287pt_entry_t pte_l2_s_cache_mode; 288pt_entry_t pte_l2_s_cache_mode_pt; 289 290struct msgbuf *msgbufp = 0; 291 292/* 293 * Crashdump maps. 294 */ 295static caddr_t crashdumpmap; 296 297extern void bcopy_page(vm_offset_t, vm_offset_t); 298extern void bzero_page(vm_offset_t); 299 300char *_tmppt; 301 302/* 303 * Metadata for L1 translation tables. 304 */ 305struct l1_ttable { 306 /* Entry on the L1 Table list */ 307 SLIST_ENTRY(l1_ttable) l1_link; 308 309 /* Entry on the L1 Least Recently Used list */ 310 TAILQ_ENTRY(l1_ttable) l1_lru; 311 312 /* Track how many domains are allocated from this L1 */ 313 volatile u_int l1_domain_use_count; 314 315 /* 316 * A free-list of domain numbers for this L1. 317 * We avoid using ffs() and a bitmap to track domains since ffs() 318 * is slow on ARM. 319 */ 320 u_int8_t l1_domain_first; 321 u_int8_t l1_domain_free[PMAP_DOMAINS]; 322 323 /* Physical address of this L1 page table */ 324 vm_paddr_t l1_physaddr; 325 326 /* KVA of this L1 page table */ 327 pd_entry_t *l1_kva; 328}; 329 330/* 331 * Convert a virtual address into its L1 table index. That is, the 332 * index used to locate the L2 descriptor table pointer in an L1 table. 333 * This is basically used to index l1->l1_kva[]. 334 * 335 * Each L2 descriptor table represents 1MB of VA space. 336 */ 337#define L1_IDX(va) (((vm_offset_t)(va)) >> L1_S_SHIFT) 338 339/* 340 * L1 Page Tables are tracked using a Least Recently Used list. 341 * - New L1s are allocated from the HEAD. 342 * - Freed L1s are added to the TAIl. 343 * - Recently accessed L1s (where an 'access' is some change to one of 344 * the userland pmaps which owns this L1) are moved to the TAIL. 345 */ 346static TAILQ_HEAD(, l1_ttable) l1_lru_list; 347/* 348 * A list of all L1 tables 349 */ 350static SLIST_HEAD(, l1_ttable) l1_list; 351static struct mtx l1_lru_lock; 352 353/* 354 * The l2_dtable tracks L2_BUCKET_SIZE worth of L1 slots. 355 * 356 * This is normally 16MB worth L2 page descriptors for any given pmap. 357 * Reference counts are maintained for L2 descriptors so they can be 358 * freed when empty. 359 */ 360struct l2_dtable { 361 /* The number of L2 page descriptors allocated to this l2_dtable */ 362 u_int l2_occupancy; 363 364 /* List of L2 page descriptors */ 365 struct l2_bucket { 366 pt_entry_t *l2b_kva; /* KVA of L2 Descriptor Table */ 367 vm_paddr_t l2b_phys; /* Physical address of same */ 368 u_short l2b_l1idx; /* This L2 table's L1 index */ 369 u_short l2b_occupancy; /* How many active descriptors */ 370 } l2_bucket[L2_BUCKET_SIZE]; 371}; 372 373/* pmap_kenter_internal flags */ 374#define KENTER_CACHE 0x1 375#define KENTER_USER 0x2 376 377/* 378 * Given an L1 table index, calculate the corresponding l2_dtable index 379 * and bucket index within the l2_dtable. 380 */ 381#define L2_IDX(l1idx) (((l1idx) >> L2_BUCKET_LOG2) & \ 382 (L2_SIZE - 1)) 383#define L2_BUCKET(l1idx) ((l1idx) & (L2_BUCKET_SIZE - 1)) 384 385/* 386 * Given a virtual address, this macro returns the 387 * virtual address required to drop into the next L2 bucket. 388 */ 389#define L2_NEXT_BUCKET(va) (((va) & L1_S_FRAME) + L1_S_SIZE) 390 391/* 392 * We try to map the page tables write-through, if possible. However, not 393 * all CPUs have a write-through cache mode, so on those we have to sync 394 * the cache when we frob page tables. 395 * 396 * We try to evaluate this at compile time, if possible. However, it's 397 * not always possible to do that, hence this run-time var. 398 */ 399int pmap_needs_pte_sync; 400 401/* 402 * Macro to determine if a mapping might be resident in the 403 * instruction cache and/or TLB 404 */ 405#define PTE_BEEN_EXECD(pte) (L2_S_EXECUTABLE(pte) && L2_S_REFERENCED(pte)) 406 407/* 408 * Macro to determine if a mapping might be resident in the 409 * data cache and/or TLB 410 */ 411#define PTE_BEEN_REFD(pte) (L2_S_REFERENCED(pte)) 412 413#ifndef PMAP_SHPGPERPROC 414#define PMAP_SHPGPERPROC 200 415#endif 416 417#define pmap_is_current(pm) ((pm) == pmap_kernel() || \ 418 curproc->p_vmspace->vm_map.pmap == (pm)) 419 420/* 421 * Data for the pv entry allocation mechanism 422 */ 423static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks); 424static int pv_entry_count, pv_entry_max, pv_entry_high_water; 425static struct md_page *pv_table; 426static int shpgperproc = PMAP_SHPGPERPROC; 427 428struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */ 429int pv_maxchunks; /* How many chunks we have KVA for */ 430vm_offset_t pv_vafree; /* Freelist stored in the PTE */ 431 432static __inline struct pv_chunk * 433pv_to_chunk(pv_entry_t pv) 434{ 435 436 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK)); 437} 438 439#define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap) 440 441CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE); 442CTASSERT(_NPCM == 8); 443CTASSERT(_NPCPV == 252); 444 445#define PC_FREE0_6 0xfffffffful /* Free values for index 0 through 6 */ 446#define PC_FREE7 0x0ffffffful /* Free values for index 7 */ 447 448static const uint32_t pc_freemask[_NPCM] = { 449 PC_FREE0_6, PC_FREE0_6, PC_FREE0_6, 450 PC_FREE0_6, PC_FREE0_6, PC_FREE0_6, 451 PC_FREE0_6, PC_FREE7 452}; 453 454static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters"); 455 456/* Superpages utilization enabled = 1 / disabled = 0 */ 457static int sp_enabled = 0; 458SYSCTL_INT(_vm_pmap, OID_AUTO, sp_enabled, CTLFLAG_RDTUN, &sp_enabled, 0, 459 "Are large page mappings enabled?"); 460 461SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0, 462 "Current number of pv entries"); 463 464#ifdef PV_STATS 465static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail; 466 467SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0, 468 "Current number of pv entry chunks"); 469SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0, 470 "Current number of pv entry chunks allocated"); 471SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0, 472 "Current number of pv entry chunks frees"); 473SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0, 474 "Number of times tried to get a chunk page but failed."); 475 476static long pv_entry_frees, pv_entry_allocs; 477static int pv_entry_spare; 478 479SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0, 480 "Current number of pv entry frees"); 481SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0, 482 "Current number of pv entry allocs"); 483SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0, 484 "Current number of spare pv entries"); 485#endif 486 487uma_zone_t l2zone; 488static uma_zone_t l2table_zone; 489static vm_offset_t pmap_kernel_l2dtable_kva; 490static vm_offset_t pmap_kernel_l2ptp_kva; 491static vm_paddr_t pmap_kernel_l2ptp_phys; 492static struct rwlock pvh_global_lock; 493 494int l1_mem_types[] = { 495 ARM_L1S_STRONG_ORD, 496 ARM_L1S_DEVICE_NOSHARE, 497 ARM_L1S_DEVICE_SHARE, 498 ARM_L1S_NRML_NOCACHE, 499 ARM_L1S_NRML_IWT_OWT, 500 ARM_L1S_NRML_IWB_OWB, 501 ARM_L1S_NRML_IWBA_OWBA 502}; 503 504int l2l_mem_types[] = { 505 ARM_L2L_STRONG_ORD, 506 ARM_L2L_DEVICE_NOSHARE, 507 ARM_L2L_DEVICE_SHARE, 508 ARM_L2L_NRML_NOCACHE, 509 ARM_L2L_NRML_IWT_OWT, 510 ARM_L2L_NRML_IWB_OWB, 511 ARM_L2L_NRML_IWBA_OWBA 512}; 513 514int l2s_mem_types[] = { 515 ARM_L2S_STRONG_ORD, 516 ARM_L2S_DEVICE_NOSHARE, 517 ARM_L2S_DEVICE_SHARE, 518 ARM_L2S_NRML_NOCACHE, 519 ARM_L2S_NRML_IWT_OWT, 520 ARM_L2S_NRML_IWB_OWB, 521 ARM_L2S_NRML_IWBA_OWBA 522}; 523 524/* 525 * This list exists for the benefit of pmap_map_chunk(). It keeps track 526 * of the kernel L2 tables during bootstrap, so that pmap_map_chunk() can 527 * find them as necessary. 528 * 529 * Note that the data on this list MUST remain valid after initarm() returns, 530 * as pmap_bootstrap() uses it to contruct L2 table metadata. 531 */ 532SLIST_HEAD(, pv_addr) kernel_pt_list = SLIST_HEAD_INITIALIZER(kernel_pt_list); 533 534static void 535pmap_init_l1(struct l1_ttable *l1, pd_entry_t *l1pt) 536{ 537 int i; 538 539 l1->l1_kva = l1pt; 540 l1->l1_domain_use_count = 0; 541 l1->l1_domain_first = 0; 542 543 for (i = 0; i < PMAP_DOMAINS; i++) 544 l1->l1_domain_free[i] = i + 1; 545 546 /* 547 * Copy the kernel's L1 entries to each new L1. 548 */ 549 if (l1pt != pmap_kernel()->pm_l1->l1_kva) 550 memcpy(l1pt, pmap_kernel()->pm_l1->l1_kva, L1_TABLE_SIZE); 551 552 if ((l1->l1_physaddr = pmap_extract(pmap_kernel(), (vm_offset_t)l1pt)) == 0) 553 panic("pmap_init_l1: can't get PA of L1 at %p", l1pt); 554 SLIST_INSERT_HEAD(&l1_list, l1, l1_link); 555 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru); 556} 557 558static vm_offset_t 559kernel_pt_lookup(vm_paddr_t pa) 560{ 561 struct pv_addr *pv; 562 563 SLIST_FOREACH(pv, &kernel_pt_list, pv_list) { 564 if (pv->pv_pa == pa) 565 return (pv->pv_va); 566 } 567 return (0); 568} 569 570void 571pmap_pte_init_mmu_v6(void) 572{ 573 574 if (PTE_PAGETABLE >= 3) 575 pmap_needs_pte_sync = 1; 576 pte_l1_s_cache_mode = l1_mem_types[PTE_CACHE]; 577 pte_l2_l_cache_mode = l2l_mem_types[PTE_CACHE]; 578 pte_l2_s_cache_mode = l2s_mem_types[PTE_CACHE]; 579 580 pte_l1_s_cache_mode_pt = l1_mem_types[PTE_PAGETABLE]; 581 pte_l2_l_cache_mode_pt = l2l_mem_types[PTE_PAGETABLE]; 582 pte_l2_s_cache_mode_pt = l2s_mem_types[PTE_PAGETABLE]; 583 584} 585 586/* 587 * Allocate an L1 translation table for the specified pmap. 588 * This is called at pmap creation time. 589 */ 590static void 591pmap_alloc_l1(pmap_t pmap) 592{ 593 struct l1_ttable *l1; 594 u_int8_t domain; 595 596 /* 597 * Remove the L1 at the head of the LRU list 598 */ 599 mtx_lock(&l1_lru_lock); 600 l1 = TAILQ_FIRST(&l1_lru_list); 601 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru); 602 603 /* 604 * Pick the first available domain number, and update 605 * the link to the next number. 606 */ 607 domain = l1->l1_domain_first; 608 l1->l1_domain_first = l1->l1_domain_free[domain]; 609 610 /* 611 * If there are still free domain numbers in this L1, 612 * put it back on the TAIL of the LRU list. 613 */ 614 if (++l1->l1_domain_use_count < PMAP_DOMAINS) 615 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru); 616 617 mtx_unlock(&l1_lru_lock); 618 619 /* 620 * Fix up the relevant bits in the pmap structure 621 */ 622 pmap->pm_l1 = l1; 623 pmap->pm_domain = domain + 1; 624} 625 626/* 627 * Free an L1 translation table. 628 * This is called at pmap destruction time. 629 */ 630static void 631pmap_free_l1(pmap_t pmap) 632{ 633 struct l1_ttable *l1 = pmap->pm_l1; 634 635 mtx_lock(&l1_lru_lock); 636 637 /* 638 * If this L1 is currently on the LRU list, remove it. 639 */ 640 if (l1->l1_domain_use_count < PMAP_DOMAINS) 641 TAILQ_REMOVE(&l1_lru_list, l1, l1_lru); 642 643 /* 644 * Free up the domain number which was allocated to the pmap 645 */ 646 l1->l1_domain_free[pmap->pm_domain - 1] = l1->l1_domain_first; 647 l1->l1_domain_first = pmap->pm_domain - 1; 648 l1->l1_domain_use_count--; 649 650 /* 651 * The L1 now must have at least 1 free domain, so add 652 * it back to the LRU list. If the use count is zero, 653 * put it at the head of the list, otherwise it goes 654 * to the tail. 655 */ 656 if (l1->l1_domain_use_count == 0) { 657 TAILQ_INSERT_HEAD(&l1_lru_list, l1, l1_lru); 658 } else 659 TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru); 660 661 mtx_unlock(&l1_lru_lock); 662} 663 664/* 665 * Returns a pointer to the L2 bucket associated with the specified pmap 666 * and VA, or NULL if no L2 bucket exists for the address. 667 */ 668static PMAP_INLINE struct l2_bucket * 669pmap_get_l2_bucket(pmap_t pmap, vm_offset_t va) 670{ 671 struct l2_dtable *l2; 672 struct l2_bucket *l2b; 673 u_short l1idx; 674 675 l1idx = L1_IDX(va); 676 677 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL || 678 (l2b = &l2->l2_bucket[L2_BUCKET(l1idx)])->l2b_kva == NULL) 679 return (NULL); 680 681 return (l2b); 682} 683 684/* 685 * Returns a pointer to the L2 bucket associated with the specified pmap 686 * and VA. 687 * 688 * If no L2 bucket exists, perform the necessary allocations to put an L2 689 * bucket/page table in place. 690 * 691 * Note that if a new L2 bucket/page was allocated, the caller *must* 692 * increment the bucket occupancy counter appropriately *before* 693 * releasing the pmap's lock to ensure no other thread or cpu deallocates 694 * the bucket/page in the meantime. 695 */ 696static struct l2_bucket * 697pmap_alloc_l2_bucket(pmap_t pmap, vm_offset_t va) 698{ 699 struct l2_dtable *l2; 700 struct l2_bucket *l2b; 701 u_short l1idx; 702 703 l1idx = L1_IDX(va); 704 705 PMAP_ASSERT_LOCKED(pmap); 706 rw_assert(&pvh_global_lock, RA_WLOCKED); 707 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL) { 708 /* 709 * No mapping at this address, as there is 710 * no entry in the L1 table. 711 * Need to allocate a new l2_dtable. 712 */ 713 PMAP_UNLOCK(pmap); 714 rw_wunlock(&pvh_global_lock); 715 if ((l2 = uma_zalloc(l2table_zone, M_NOWAIT)) == NULL) { 716 rw_wlock(&pvh_global_lock); 717 PMAP_LOCK(pmap); 718 return (NULL); 719 } 720 rw_wlock(&pvh_global_lock); 721 PMAP_LOCK(pmap); 722 if (pmap->pm_l2[L2_IDX(l1idx)] != NULL) { 723 /* 724 * Someone already allocated the l2_dtable while 725 * we were doing the same. 726 */ 727 uma_zfree(l2table_zone, l2); 728 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 729 } else { 730 bzero(l2, sizeof(*l2)); 731 /* 732 * Link it into the parent pmap 733 */ 734 pmap->pm_l2[L2_IDX(l1idx)] = l2; 735 } 736 } 737 738 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)]; 739 740 /* 741 * Fetch pointer to the L2 page table associated with the address. 742 */ 743 if (l2b->l2b_kva == NULL) { 744 pt_entry_t *ptep; 745 746 /* 747 * No L2 page table has been allocated. Chances are, this 748 * is because we just allocated the l2_dtable, above. 749 */ 750 PMAP_UNLOCK(pmap); 751 rw_wunlock(&pvh_global_lock); 752 ptep = uma_zalloc(l2zone, M_NOWAIT); 753 rw_wlock(&pvh_global_lock); 754 PMAP_LOCK(pmap); 755 if (l2b->l2b_kva != 0) { 756 /* We lost the race. */ 757 uma_zfree(l2zone, ptep); 758 return (l2b); 759 } 760 l2b->l2b_phys = vtophys(ptep); 761 if (ptep == NULL) { 762 /* 763 * Oops, no more L2 page tables available at this 764 * time. We may need to deallocate the l2_dtable 765 * if we allocated a new one above. 766 */ 767 if (l2->l2_occupancy == 0) { 768 pmap->pm_l2[L2_IDX(l1idx)] = NULL; 769 uma_zfree(l2table_zone, l2); 770 } 771 return (NULL); 772 } 773 774 l2->l2_occupancy++; 775 l2b->l2b_kva = ptep; 776 l2b->l2b_l1idx = l1idx; 777 } 778 779 return (l2b); 780} 781 782static PMAP_INLINE void 783pmap_free_l2_ptp(pt_entry_t *l2) 784{ 785 uma_zfree(l2zone, l2); 786} 787/* 788 * One or more mappings in the specified L2 descriptor table have just been 789 * invalidated. 790 * 791 * Garbage collect the metadata and descriptor table itself if necessary. 792 * 793 * The pmap lock must be acquired when this is called (not necessary 794 * for the kernel pmap). 795 */ 796static void 797pmap_free_l2_bucket(pmap_t pmap, struct l2_bucket *l2b, u_int count) 798{ 799 struct l2_dtable *l2; 800 pd_entry_t *pl1pd, l1pd; 801 pt_entry_t *ptep; 802 u_short l1idx; 803 804 805 /* 806 * Update the bucket's reference count according to how many 807 * PTEs the caller has just invalidated. 808 */ 809 l2b->l2b_occupancy -= count; 810 811 /* 812 * Note: 813 * 814 * Level 2 page tables allocated to the kernel pmap are never freed 815 * as that would require checking all Level 1 page tables and 816 * removing any references to the Level 2 page table. See also the 817 * comment elsewhere about never freeing bootstrap L2 descriptors. 818 * 819 * We make do with just invalidating the mapping in the L2 table. 820 * 821 * This isn't really a big deal in practice and, in fact, leads 822 * to a performance win over time as we don't need to continually 823 * alloc/free. 824 */ 825 if (l2b->l2b_occupancy > 0 || pmap == pmap_kernel()) 826 return; 827 828 /* 829 * There are no more valid mappings in this level 2 page table. 830 * Go ahead and NULL-out the pointer in the bucket, then 831 * free the page table. 832 */ 833 l1idx = l2b->l2b_l1idx; 834 ptep = l2b->l2b_kva; 835 l2b->l2b_kva = NULL; 836 837 pl1pd = &pmap->pm_l1->l1_kva[l1idx]; 838 839 /* 840 * If the L1 slot matches the pmap's domain 841 * number, then invalidate it. 842 */ 843 l1pd = *pl1pd & (L1_TYPE_MASK | L1_C_DOM_MASK); 844 if (l1pd == (L1_C_DOM(pmap->pm_domain) | L1_TYPE_C)) { 845 *pl1pd = 0; 846 PTE_SYNC(pl1pd); 847 } 848 849 /* 850 * Release the L2 descriptor table back to the pool cache. 851 */ 852 pmap_free_l2_ptp(ptep); 853 854 /* 855 * Update the reference count in the associated l2_dtable 856 */ 857 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 858 if (--l2->l2_occupancy > 0) 859 return; 860 861 /* 862 * There are no more valid mappings in any of the Level 1 863 * slots managed by this l2_dtable. Go ahead and NULL-out 864 * the pointer in the parent pmap and free the l2_dtable. 865 */ 866 pmap->pm_l2[L2_IDX(l1idx)] = NULL; 867 uma_zfree(l2table_zone, l2); 868} 869 870/* 871 * Pool cache constructors for L2 descriptor tables, metadata and pmap 872 * structures. 873 */ 874static int 875pmap_l2ptp_ctor(void *mem, int size, void *arg, int flags) 876{ 877 struct l2_bucket *l2b; 878 pt_entry_t *ptep, pte; 879 vm_offset_t va = (vm_offset_t)mem & ~PAGE_MASK; 880 881 /* 882 * The mappings for these page tables were initially made using 883 * pmap_kenter() by the pool subsystem. Therefore, the cache- 884 * mode will not be right for page table mappings. To avoid 885 * polluting the pmap_kenter() code with a special case for 886 * page tables, we simply fix up the cache-mode here if it's not 887 * correct. 888 */ 889 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 890 ptep = &l2b->l2b_kva[l2pte_index(va)]; 891 pte = *ptep; 892 893 cpu_idcache_wbinv_range(va, PAGE_SIZE); 894 pmap_l2cache_wbinv_range(va, pte & L2_S_FRAME, PAGE_SIZE); 895 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) { 896 /* 897 * Page tables must have the cache-mode set to 898 * Write-Thru. 899 */ 900 *ptep = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt; 901 PTE_SYNC(ptep); 902 cpu_tlb_flushD_SE(va); 903 cpu_cpwait(); 904 } 905 906 memset(mem, 0, L2_TABLE_SIZE_REAL); 907 return (0); 908} 909 910/* 911 * Modify pte bits for all ptes corresponding to the given physical address. 912 * We use `maskbits' rather than `clearbits' because we're always passing 913 * constants and the latter would require an extra inversion at run-time. 914 */ 915static int 916pmap_clearbit(struct vm_page *m, u_int maskbits) 917{ 918 struct l2_bucket *l2b; 919 struct pv_entry *pv, *pve, *next_pv; 920 struct md_page *pvh; 921 pd_entry_t *pl1pd; 922 pt_entry_t *ptep, npte, opte; 923 pmap_t pmap; 924 vm_offset_t va; 925 u_int oflags; 926 int count = 0; 927 928 rw_wlock(&pvh_global_lock); 929 if ((m->flags & PG_FICTITIOUS) != 0) 930 goto small_mappings; 931 932 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m)); 933 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, next_pv) { 934 va = pv->pv_va; 935 pmap = PV_PMAP(pv); 936 PMAP_LOCK(pmap); 937 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 938 KASSERT((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO, 939 ("pmap_clearbit: valid section mapping expected")); 940 if ((maskbits & PVF_WRITE) && (pv->pv_flags & PVF_WRITE)) 941 (void)pmap_demote_section(pmap, va); 942 else if ((maskbits & PVF_REF) && L1_S_REFERENCED(*pl1pd)) { 943 if (pmap_demote_section(pmap, va)) { 944 if ((pv->pv_flags & PVF_WIRED) == 0) { 945 /* 946 * Remove the mapping to a single page 947 * so that a subsequent access may 948 * repromote. Since the underlying 949 * l2_bucket is fully populated, this 950 * removal never frees an entire 951 * l2_bucket. 952 */ 953 va += (VM_PAGE_TO_PHYS(m) & 954 L1_S_OFFSET); 955 l2b = pmap_get_l2_bucket(pmap, va); 956 KASSERT(l2b != NULL, 957 ("pmap_clearbit: no l2 bucket for " 958 "va 0x%#x, pmap 0x%p", va, pmap)); 959 ptep = &l2b->l2b_kva[l2pte_index(va)]; 960 *ptep = 0; 961 PTE_SYNC(ptep); 962 pmap_free_l2_bucket(pmap, l2b, 1); 963 pve = pmap_remove_pv(m, pmap, va); 964 KASSERT(pve != NULL, ("pmap_clearbit: " 965 "no PV entry for managed mapping")); 966 pmap_free_pv_entry(pmap, pve); 967 968 } 969 } 970 } else if ((maskbits & PVF_MOD) && L1_S_WRITABLE(*pl1pd)) { 971 if (pmap_demote_section(pmap, va)) { 972 if ((pv->pv_flags & PVF_WIRED) == 0) { 973 /* 974 * Write protect the mapping to a 975 * single page so that a subsequent 976 * write access may repromote. 977 */ 978 va += (VM_PAGE_TO_PHYS(m) & 979 L1_S_OFFSET); 980 l2b = pmap_get_l2_bucket(pmap, va); 981 KASSERT(l2b != NULL, 982 ("pmap_clearbit: no l2 bucket for " 983 "va 0x%#x, pmap 0x%p", va, pmap)); 984 ptep = &l2b->l2b_kva[l2pte_index(va)]; 985 if ((*ptep & L2_S_PROTO) != 0) { 986 pve = pmap_find_pv(&m->md, 987 pmap, va); 988 KASSERT(pve != NULL, 989 ("pmap_clearbit: no PV " 990 "entry for managed mapping")); 991 pve->pv_flags &= ~PVF_WRITE; 992 *ptep |= L2_APX; 993 PTE_SYNC(ptep); 994 } 995 } 996 } 997 } 998 PMAP_UNLOCK(pmap); 999 } 1000 1001small_mappings: 1002 if (TAILQ_EMPTY(&m->md.pv_list)) { 1003 rw_wunlock(&pvh_global_lock); 1004 return (0); 1005 } 1006 1007 /* 1008 * Loop over all current mappings setting/clearing as appropos 1009 */ 1010 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) { 1011 va = pv->pv_va; 1012 pmap = PV_PMAP(pv); 1013 oflags = pv->pv_flags; 1014 pv->pv_flags &= ~maskbits; 1015 1016 PMAP_LOCK(pmap); 1017 1018 l2b = pmap_get_l2_bucket(pmap, va); 1019 KASSERT(l2b != NULL, ("pmap_clearbit: no l2 bucket for " 1020 "va 0x%#x, pmap 0x%p", va, pmap)); 1021 1022 ptep = &l2b->l2b_kva[l2pte_index(va)]; 1023 npte = opte = *ptep; 1024 1025 if (maskbits & (PVF_WRITE | PVF_MOD)) { 1026 /* make the pte read only */ 1027 npte |= L2_APX; 1028 } 1029 1030 if (maskbits & PVF_REF) { 1031 /* 1032 * Clear referenced flag in PTE so that we 1033 * will take a flag fault the next time the mapping 1034 * is referenced. 1035 */ 1036 npte &= ~L2_S_REF; 1037 } 1038 1039 CTR4(KTR_PMAP,"clearbit: pmap:%p bits:%x pte:%x->%x", 1040 pmap, maskbits, opte, npte); 1041 if (npte != opte) { 1042 count++; 1043 *ptep = npte; 1044 PTE_SYNC(ptep); 1045 /* Flush the TLB entry if a current pmap. */ 1046 if (PTE_BEEN_EXECD(opte)) 1047 cpu_tlb_flushID_SE(pv->pv_va); 1048 else if (PTE_BEEN_REFD(opte)) 1049 cpu_tlb_flushD_SE(pv->pv_va); 1050 } 1051 1052 PMAP_UNLOCK(pmap); 1053 1054 } 1055 1056 if (maskbits & PVF_WRITE) 1057 vm_page_aflag_clear(m, PGA_WRITEABLE); 1058 rw_wunlock(&pvh_global_lock); 1059 return (count); 1060} 1061 1062/* 1063 * main pv_entry manipulation functions: 1064 * pmap_enter_pv: enter a mapping onto a vm_page list 1065 * pmap_remove_pv: remove a mappiing from a vm_page list 1066 * 1067 * NOTE: pmap_enter_pv expects to lock the pvh itself 1068 * pmap_remove_pv expects the caller to lock the pvh before calling 1069 */ 1070 1071/* 1072 * pmap_enter_pv: enter a mapping onto a vm_page's PV list 1073 * 1074 * => caller should hold the proper lock on pvh_global_lock 1075 * => caller should have pmap locked 1076 * => we will (someday) gain the lock on the vm_page's PV list 1077 * => caller should adjust ptp's wire_count before calling 1078 * => caller should not adjust pmap's wire_count 1079 */ 1080static void 1081pmap_enter_pv(struct vm_page *m, struct pv_entry *pve, pmap_t pmap, 1082 vm_offset_t va, u_int flags) 1083{ 1084 1085 rw_assert(&pvh_global_lock, RA_WLOCKED); 1086 1087 PMAP_ASSERT_LOCKED(pmap); 1088 pve->pv_va = va; 1089 pve->pv_flags = flags; 1090 1091 TAILQ_INSERT_HEAD(&m->md.pv_list, pve, pv_list); 1092 if (pve->pv_flags & PVF_WIRED) 1093 ++pmap->pm_stats.wired_count; 1094} 1095 1096/* 1097 * 1098 * pmap_find_pv: Find a pv entry 1099 * 1100 * => caller should hold lock on vm_page 1101 */ 1102static PMAP_INLINE struct pv_entry * 1103pmap_find_pv(struct md_page *md, pmap_t pmap, vm_offset_t va) 1104{ 1105 struct pv_entry *pv; 1106 1107 rw_assert(&pvh_global_lock, RA_WLOCKED); 1108 TAILQ_FOREACH(pv, &md->pv_list, pv_list) 1109 if (pmap == PV_PMAP(pv) && va == pv->pv_va) 1110 break; 1111 1112 return (pv); 1113} 1114 1115/* 1116 * vector_page_setprot: 1117 * 1118 * Manipulate the protection of the vector page. 1119 */ 1120void 1121vector_page_setprot(int prot) 1122{ 1123 struct l2_bucket *l2b; 1124 pt_entry_t *ptep; 1125 1126 l2b = pmap_get_l2_bucket(pmap_kernel(), vector_page); 1127 1128 ptep = &l2b->l2b_kva[l2pte_index(vector_page)]; 1129 /* 1130 * Set referenced flag. 1131 * Vectors' page is always desired 1132 * to be allowed to reside in TLB. 1133 */ 1134 *ptep |= L2_S_REF; 1135 1136 pmap_set_prot(ptep, prot|VM_PROT_EXECUTE, 0); 1137 1138 cpu_tlb_flushD_SE(vector_page); 1139 cpu_cpwait(); 1140} 1141 1142static void 1143pmap_set_prot(pt_entry_t *ptep, vm_prot_t prot, uint8_t user) 1144{ 1145 1146 *ptep &= ~(L2_S_PROT_MASK | L2_XN); 1147 1148 if (!(prot & VM_PROT_EXECUTE)) 1149 *ptep |= L2_XN; 1150 1151 /* Set defaults first - kernel read access */ 1152 *ptep |= L2_APX; 1153 *ptep |= L2_S_PROT_R; 1154 /* Now tune APs as desired */ 1155 if (user) 1156 *ptep |= L2_S_PROT_U; 1157 1158 if (prot & VM_PROT_WRITE) 1159 *ptep &= ~(L2_APX); 1160} 1161 1162/* 1163 * pmap_remove_pv: try to remove a mapping from a pv_list 1164 * 1165 * => caller should hold proper lock on pmap_main_lock 1166 * => pmap should be locked 1167 * => caller should hold lock on vm_page [so that attrs can be adjusted] 1168 * => caller should adjust ptp's wire_count and free PTP if needed 1169 * => caller should NOT adjust pmap's wire_count 1170 * => we return the removed pve 1171 */ 1172static struct pv_entry * 1173pmap_remove_pv(struct vm_page *m, pmap_t pmap, vm_offset_t va) 1174{ 1175 struct pv_entry *pve; 1176 1177 rw_assert(&pvh_global_lock, RA_WLOCKED); 1178 PMAP_ASSERT_LOCKED(pmap); 1179 1180 pve = pmap_find_pv(&m->md, pmap, va); /* find corresponding pve */ 1181 if (pve != NULL) { 1182 TAILQ_REMOVE(&m->md.pv_list, pve, pv_list); 1183 if (pve->pv_flags & PVF_WIRED) 1184 --pmap->pm_stats.wired_count; 1185 } 1186 if (TAILQ_EMPTY(&m->md.pv_list)) 1187 vm_page_aflag_clear(m, PGA_WRITEABLE); 1188 1189 return(pve); /* return removed pve */ 1190} 1191 1192/* 1193 * 1194 * pmap_modify_pv: Update pv flags 1195 * 1196 * => caller should hold lock on vm_page [so that attrs can be adjusted] 1197 * => caller should NOT adjust pmap's wire_count 1198 * => we return the old flags 1199 * 1200 * Modify a physical-virtual mapping in the pv table 1201 */ 1202static u_int 1203pmap_modify_pv(struct vm_page *m, pmap_t pmap, vm_offset_t va, 1204 u_int clr_mask, u_int set_mask) 1205{ 1206 struct pv_entry *npv; 1207 u_int flags, oflags; 1208 1209 PMAP_ASSERT_LOCKED(pmap); 1210 rw_assert(&pvh_global_lock, RA_WLOCKED); 1211 if ((npv = pmap_find_pv(&m->md, pmap, va)) == NULL) 1212 return (0); 1213 1214 /* 1215 * There is at least one VA mapping this page. 1216 */ 1217 oflags = npv->pv_flags; 1218 npv->pv_flags = flags = (oflags & ~clr_mask) | set_mask; 1219 1220 if ((flags ^ oflags) & PVF_WIRED) { 1221 if (flags & PVF_WIRED) 1222 ++pmap->pm_stats.wired_count; 1223 else 1224 --pmap->pm_stats.wired_count; 1225 } 1226 1227 return (oflags); 1228} 1229 1230/* Function to set the debug level of the pmap code */ 1231#ifdef PMAP_DEBUG 1232void 1233pmap_debug(int level) 1234{ 1235 pmap_debug_level = level; 1236 dprintf("pmap_debug: level=%d\n", pmap_debug_level); 1237} 1238#endif /* PMAP_DEBUG */ 1239 1240void 1241pmap_pinit0(struct pmap *pmap) 1242{ 1243 PDEBUG(1, printf("pmap_pinit0: pmap = %08x\n", (u_int32_t) pmap)); 1244 1245 bcopy(kernel_pmap, pmap, sizeof(*pmap)); 1246 bzero(&pmap->pm_mtx, sizeof(pmap->pm_mtx)); 1247 PMAP_LOCK_INIT(pmap); 1248 TAILQ_INIT(&pmap->pm_pvchunk); 1249} 1250 1251/* 1252 * Initialize a vm_page's machine-dependent fields. 1253 */ 1254void 1255pmap_page_init(vm_page_t m) 1256{ 1257 1258 TAILQ_INIT(&m->md.pv_list); 1259 m->md.pv_memattr = VM_MEMATTR_DEFAULT; 1260} 1261 1262static vm_offset_t 1263pmap_ptelist_alloc(vm_offset_t *head) 1264{ 1265 pt_entry_t *pte; 1266 vm_offset_t va; 1267 1268 va = *head; 1269 if (va == 0) 1270 return (va); /* Out of memory */ 1271 pte = vtopte(va); 1272 *head = *pte; 1273 if ((*head & L2_TYPE_MASK) != L2_TYPE_INV) 1274 panic("%s: va is not L2_TYPE_INV!", __func__); 1275 *pte = 0; 1276 return (va); 1277} 1278 1279static void 1280pmap_ptelist_free(vm_offset_t *head, vm_offset_t va) 1281{ 1282 pt_entry_t *pte; 1283 1284 if ((va & L2_TYPE_MASK) != L2_TYPE_INV) 1285 panic("%s: freeing va that is not L2_TYPE INV!", __func__); 1286 pte = vtopte(va); 1287 *pte = *head; /* virtual! L2_TYPE is L2_TYPE_INV though */ 1288 *head = va; 1289} 1290 1291static void 1292pmap_ptelist_init(vm_offset_t *head, void *base, int npages) 1293{ 1294 int i; 1295 vm_offset_t va; 1296 1297 *head = 0; 1298 for (i = npages - 1; i >= 0; i--) { 1299 va = (vm_offset_t)base + i * PAGE_SIZE; 1300 pmap_ptelist_free(head, va); 1301 } 1302} 1303 1304/* 1305 * Initialize the pmap module. 1306 * Called by vm_init, to initialize any structures that the pmap 1307 * system needs to map virtual memory. 1308 */ 1309void 1310pmap_init(void) 1311{ 1312 vm_size_t s; 1313 int i, pv_npg; 1314 1315 PDEBUG(1, printf("pmap_init: phys_start = %08x\n", PHYSADDR)); 1316 1317 l2zone = uma_zcreate("L2 Table", L2_TABLE_SIZE_REAL, pmap_l2ptp_ctor, 1318 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE); 1319 l2table_zone = uma_zcreate("L2 Table", sizeof(struct l2_dtable), NULL, 1320 NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE); 1321 1322 /* 1323 * Are large page mappings supported and enabled? 1324 */ 1325 TUNABLE_INT_FETCH("vm.pmap.sp_enabled", &sp_enabled); 1326 if (sp_enabled) { 1327 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0, 1328 ("pmap_init: can't assign to pagesizes[1]")); 1329 pagesizes[1] = NBPDR; 1330 } 1331 1332 /* 1333 * Calculate the size of the pv head table for superpages. 1334 */ 1335 for (i = 0; phys_avail[i + 1]; i += 2); 1336 pv_npg = round_1mpage(phys_avail[(i - 2) + 1]) / NBPDR; 1337 1338 /* 1339 * Allocate memory for the pv head table for superpages. 1340 */ 1341 s = (vm_size_t)(pv_npg * sizeof(struct md_page)); 1342 s = round_page(s); 1343 pv_table = (struct md_page *)kmem_malloc(kernel_arena, s, 1344 M_WAITOK | M_ZERO); 1345 for (i = 0; i < pv_npg; i++) 1346 TAILQ_INIT(&pv_table[i].pv_list); 1347 1348 /* 1349 * Initialize the address space for the pv chunks. 1350 */ 1351 1352 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc); 1353 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count; 1354 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max); 1355 pv_entry_max = roundup(pv_entry_max, _NPCPV); 1356 pv_entry_high_water = 9 * (pv_entry_max / 10); 1357 1358 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc); 1359 pv_chunkbase = (struct pv_chunk *)kva_alloc(PAGE_SIZE * pv_maxchunks); 1360 1361 if (pv_chunkbase == NULL) 1362 panic("pmap_init: not enough kvm for pv chunks"); 1363 1364 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks); 1365 1366 /* 1367 * Now it is safe to enable pv_table recording. 1368 */ 1369 PDEBUG(1, printf("pmap_init: done!\n")); 1370} 1371 1372SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0, 1373 "Max number of PV entries"); 1374SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0, 1375 "Page share factor per proc"); 1376 1377static SYSCTL_NODE(_vm_pmap, OID_AUTO, section, CTLFLAG_RD, 0, 1378 "1MB page mapping counters"); 1379 1380static u_long pmap_section_demotions; 1381SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, demotions, CTLFLAG_RD, 1382 &pmap_section_demotions, 0, "1MB page demotions"); 1383 1384static u_long pmap_section_mappings; 1385SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, mappings, CTLFLAG_RD, 1386 &pmap_section_mappings, 0, "1MB page mappings"); 1387 1388static u_long pmap_section_p_failures; 1389SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, p_failures, CTLFLAG_RD, 1390 &pmap_section_p_failures, 0, "1MB page promotion failures"); 1391 1392static u_long pmap_section_promotions; 1393SYSCTL_ULONG(_vm_pmap_section, OID_AUTO, promotions, CTLFLAG_RD, 1394 &pmap_section_promotions, 0, "1MB page promotions"); 1395 1396int 1397pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t ftype, int user) 1398{ 1399 struct l2_dtable *l2; 1400 struct l2_bucket *l2b; 1401 pd_entry_t *pl1pd, l1pd; 1402 pt_entry_t *ptep, pte; 1403 vm_paddr_t pa; 1404 u_int l1idx; 1405 int rv = 0; 1406 1407 l1idx = L1_IDX(va); 1408 rw_wlock(&pvh_global_lock); 1409 PMAP_LOCK(pmap); 1410 /* 1411 * Check and possibly fix-up L1 section mapping 1412 * only when superpage mappings are enabled to speed up. 1413 */ 1414 if (sp_enabled) { 1415 pl1pd = &pmap->pm_l1->l1_kva[l1idx]; 1416 l1pd = *pl1pd; 1417 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 1418 /* Catch an access to the vectors section */ 1419 if (l1idx == L1_IDX(vector_page)) 1420 goto out; 1421 /* 1422 * Stay away from the kernel mappings. 1423 * None of them should fault from L1 entry. 1424 */ 1425 if (pmap == pmap_kernel()) 1426 goto out; 1427 /* 1428 * Catch a forbidden userland access 1429 */ 1430 if (user && !(l1pd & L1_S_PROT_U)) 1431 goto out; 1432 /* 1433 * Superpage is always either mapped read only 1434 * or it is modified and permitted to be written 1435 * by default. Therefore, process only reference 1436 * flag fault and demote page in case of write fault. 1437 */ 1438 if ((ftype & VM_PROT_WRITE) && !L1_S_WRITABLE(l1pd) && 1439 L1_S_REFERENCED(l1pd)) { 1440 (void)pmap_demote_section(pmap, va); 1441 goto out; 1442 } else if (!L1_S_REFERENCED(l1pd)) { 1443 /* Mark the page "referenced" */ 1444 *pl1pd = l1pd | L1_S_REF; 1445 PTE_SYNC(pl1pd); 1446 goto l1_section_out; 1447 } else 1448 goto out; 1449 } 1450 } 1451 /* 1452 * If there is no l2_dtable for this address, then the process 1453 * has no business accessing it. 1454 * 1455 * Note: This will catch userland processes trying to access 1456 * kernel addresses. 1457 */ 1458 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 1459 if (l2 == NULL) 1460 goto out; 1461 1462 /* 1463 * Likewise if there is no L2 descriptor table 1464 */ 1465 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)]; 1466 if (l2b->l2b_kva == NULL) 1467 goto out; 1468 1469 /* 1470 * Check the PTE itself. 1471 */ 1472 ptep = &l2b->l2b_kva[l2pte_index(va)]; 1473 pte = *ptep; 1474 if (pte == 0) 1475 goto out; 1476 1477 /* 1478 * Catch a userland access to the vector page mapped at 0x0 1479 */ 1480 if (user && !(pte & L2_S_PROT_U)) 1481 goto out; 1482 if (va == vector_page) 1483 goto out; 1484 1485 pa = l2pte_pa(pte); 1486 CTR5(KTR_PMAP, "pmap_fault_fix: pmap:%p va:%x pte:0x%x ftype:%x user:%x", 1487 pmap, va, pte, ftype, user); 1488 if ((ftype & VM_PROT_WRITE) && !(L2_S_WRITABLE(pte)) && 1489 L2_S_REFERENCED(pte)) { 1490 /* 1491 * This looks like a good candidate for "page modified" 1492 * emulation... 1493 */ 1494 struct pv_entry *pv; 1495 struct vm_page *m; 1496 1497 /* Extract the physical address of the page */ 1498 if ((m = PHYS_TO_VM_PAGE(pa)) == NULL) { 1499 goto out; 1500 } 1501 /* Get the current flags for this page. */ 1502 1503 pv = pmap_find_pv(&m->md, pmap, va); 1504 if (pv == NULL) { 1505 goto out; 1506 } 1507 1508 /* 1509 * Do the flags say this page is writable? If not then it 1510 * is a genuine write fault. If yes then the write fault is 1511 * our fault as we did not reflect the write access in the 1512 * PTE. Now we know a write has occurred we can correct this 1513 * and also set the modified bit 1514 */ 1515 if ((pv->pv_flags & PVF_WRITE) == 0) { 1516 goto out; 1517 } 1518 1519 vm_page_dirty(m); 1520 1521 /* Re-enable write permissions for the page */ 1522 *ptep = (pte & ~L2_APX); 1523 PTE_SYNC(ptep); 1524 rv = 1; 1525 CTR1(KTR_PMAP, "pmap_fault_fix: new pte:0x%x", *ptep); 1526 } else if (!L2_S_REFERENCED(pte)) { 1527 /* 1528 * This looks like a good candidate for "page referenced" 1529 * emulation. 1530 */ 1531 struct pv_entry *pv; 1532 struct vm_page *m; 1533 1534 /* Extract the physical address of the page */ 1535 if ((m = PHYS_TO_VM_PAGE(pa)) == NULL) 1536 goto out; 1537 /* Get the current flags for this page. */ 1538 pv = pmap_find_pv(&m->md, pmap, va); 1539 if (pv == NULL) 1540 goto out; 1541 1542 vm_page_aflag_set(m, PGA_REFERENCED); 1543 1544 /* Mark the page "referenced" */ 1545 *ptep = pte | L2_S_REF; 1546 PTE_SYNC(ptep); 1547 rv = 1; 1548 CTR1(KTR_PMAP, "pmap_fault_fix: new pte:0x%x", *ptep); 1549 } 1550 1551 /* 1552 * We know there is a valid mapping here, so simply 1553 * fix up the L1 if necessary. 1554 */ 1555 pl1pd = &pmap->pm_l1->l1_kva[l1idx]; 1556 l1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) | L1_C_PROTO; 1557 if (*pl1pd != l1pd) { 1558 *pl1pd = l1pd; 1559 PTE_SYNC(pl1pd); 1560 rv = 1; 1561 } 1562 1563#ifdef DEBUG 1564 /* 1565 * If 'rv == 0' at this point, it generally indicates that there is a 1566 * stale TLB entry for the faulting address. This happens when two or 1567 * more processes are sharing an L1. Since we don't flush the TLB on 1568 * a context switch between such processes, we can take domain faults 1569 * for mappings which exist at the same VA in both processes. EVEN IF 1570 * WE'VE RECENTLY FIXED UP THE CORRESPONDING L1 in pmap_enter(), for 1571 * example. 1572 * 1573 * This is extremely likely to happen if pmap_enter() updated the L1 1574 * entry for a recently entered mapping. In this case, the TLB is 1575 * flushed for the new mapping, but there may still be TLB entries for 1576 * other mappings belonging to other processes in the 1MB range 1577 * covered by the L1 entry. 1578 * 1579 * Since 'rv == 0', we know that the L1 already contains the correct 1580 * value, so the fault must be due to a stale TLB entry. 1581 * 1582 * Since we always need to flush the TLB anyway in the case where we 1583 * fixed up the L1, or frobbed the L2 PTE, we effectively deal with 1584 * stale TLB entries dynamically. 1585 * 1586 * However, the above condition can ONLY happen if the current L1 is 1587 * being shared. If it happens when the L1 is unshared, it indicates 1588 * that other parts of the pmap are not doing their job WRT managing 1589 * the TLB. 1590 */ 1591 if (rv == 0 && pmap->pm_l1->l1_domain_use_count == 1) { 1592 printf("fixup: pmap %p, va 0x%08x, ftype %d - nothing to do!\n", 1593 pmap, va, ftype); 1594 printf("fixup: l2 %p, l2b %p, ptep %p, pl1pd %p\n", 1595 l2, l2b, ptep, pl1pd); 1596 printf("fixup: pte 0x%x, l1pd 0x%x, last code 0x%x\n", 1597 pte, l1pd, last_fault_code); 1598#ifdef DDB 1599 Debugger(); 1600#endif 1601 } 1602#endif 1603 1604l1_section_out: 1605 cpu_tlb_flushID_SE(va); 1606 cpu_cpwait(); 1607 1608 rv = 1; 1609 1610out: 1611 rw_wunlock(&pvh_global_lock); 1612 PMAP_UNLOCK(pmap); 1613 return (rv); 1614} 1615 1616void 1617pmap_postinit(void) 1618{ 1619 struct l2_bucket *l2b; 1620 struct l1_ttable *l1; 1621 pd_entry_t *pl1pt; 1622 pt_entry_t *ptep, pte; 1623 vm_offset_t va, eva; 1624 u_int loop, needed; 1625 1626 needed = (maxproc / PMAP_DOMAINS) + ((maxproc % PMAP_DOMAINS) ? 1 : 0); 1627 needed -= 1; 1628 l1 = malloc(sizeof(*l1) * needed, M_VMPMAP, M_WAITOK); 1629 1630 for (loop = 0; loop < needed; loop++, l1++) { 1631 /* Allocate a L1 page table */ 1632 va = (vm_offset_t)contigmalloc(L1_TABLE_SIZE, M_VMPMAP, 0, 0x0, 1633 0xffffffff, L1_TABLE_SIZE, 0); 1634 1635 if (va == 0) 1636 panic("Cannot allocate L1 KVM"); 1637 1638 eva = va + L1_TABLE_SIZE; 1639 pl1pt = (pd_entry_t *)va; 1640 1641 while (va < eva) { 1642 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 1643 ptep = &l2b->l2b_kva[l2pte_index(va)]; 1644 pte = *ptep; 1645 pte = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt; 1646 *ptep = pte; 1647 PTE_SYNC(ptep); 1648 cpu_tlb_flushD_SE(va); 1649 1650 va += PAGE_SIZE; 1651 } 1652 pmap_init_l1(l1, pl1pt); 1653 } 1654#ifdef DEBUG 1655 printf("pmap_postinit: Allocated %d static L1 descriptor tables\n", 1656 needed); 1657#endif 1658} 1659 1660/* 1661 * This is used to stuff certain critical values into the PCB where they 1662 * can be accessed quickly from cpu_switch() et al. 1663 */ 1664void 1665pmap_set_pcb_pagedir(pmap_t pmap, struct pcb *pcb) 1666{ 1667 struct l2_bucket *l2b; 1668 1669 pcb->pcb_pagedir = pmap->pm_l1->l1_physaddr; 1670 pcb->pcb_dacr = (DOMAIN_CLIENT << (PMAP_DOMAIN_KERNEL * 2)) | 1671 (DOMAIN_CLIENT << (pmap->pm_domain * 2)); 1672 1673 if (vector_page < KERNBASE) { 1674 pcb->pcb_pl1vec = &pmap->pm_l1->l1_kva[L1_IDX(vector_page)]; 1675 l2b = pmap_get_l2_bucket(pmap, vector_page); 1676 pcb->pcb_l1vec = l2b->l2b_phys | L1_C_PROTO | 1677 L1_C_DOM(pmap->pm_domain) | L1_C_DOM(PMAP_DOMAIN_KERNEL); 1678 } else 1679 pcb->pcb_pl1vec = NULL; 1680} 1681 1682void 1683pmap_activate(struct thread *td) 1684{ 1685 pmap_t pmap; 1686 struct pcb *pcb; 1687 1688 pmap = vmspace_pmap(td->td_proc->p_vmspace); 1689 pcb = td->td_pcb; 1690 1691 critical_enter(); 1692 pmap_set_pcb_pagedir(pmap, pcb); 1693 1694 if (td == curthread) { 1695 u_int cur_dacr, cur_ttb; 1696 1697 __asm __volatile("mrc p15, 0, %0, c2, c0, 0" : "=r"(cur_ttb)); 1698 __asm __volatile("mrc p15, 0, %0, c3, c0, 0" : "=r"(cur_dacr)); 1699 1700 cur_ttb &= ~(L1_TABLE_SIZE - 1); 1701 1702 if (cur_ttb == (u_int)pcb->pcb_pagedir && 1703 cur_dacr == pcb->pcb_dacr) { 1704 /* 1705 * No need to switch address spaces. 1706 */ 1707 critical_exit(); 1708 return; 1709 } 1710 1711 1712 /* 1713 * We MUST, I repeat, MUST fix up the L1 entry corresponding 1714 * to 'vector_page' in the incoming L1 table before switching 1715 * to it otherwise subsequent interrupts/exceptions (including 1716 * domain faults!) will jump into hyperspace. 1717 */ 1718 if (pcb->pcb_pl1vec) { 1719 *pcb->pcb_pl1vec = pcb->pcb_l1vec; 1720 } 1721 1722 cpu_domains(pcb->pcb_dacr); 1723 cpu_setttb(pcb->pcb_pagedir); 1724 } 1725 critical_exit(); 1726} 1727 1728static int 1729pmap_set_pt_cache_mode(pd_entry_t *kl1, vm_offset_t va) 1730{ 1731 pd_entry_t *pdep, pde; 1732 pt_entry_t *ptep, pte; 1733 vm_offset_t pa; 1734 int rv = 0; 1735 1736 /* 1737 * Make sure the descriptor itself has the correct cache mode 1738 */ 1739 pdep = &kl1[L1_IDX(va)]; 1740 pde = *pdep; 1741 1742 if (l1pte_section_p(pde)) { 1743 if ((pde & L1_S_CACHE_MASK) != pte_l1_s_cache_mode_pt) { 1744 *pdep = (pde & ~L1_S_CACHE_MASK) | 1745 pte_l1_s_cache_mode_pt; 1746 PTE_SYNC(pdep); 1747 rv = 1; 1748 } 1749 } else { 1750 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK); 1751 ptep = (pt_entry_t *)kernel_pt_lookup(pa); 1752 if (ptep == NULL) 1753 panic("pmap_bootstrap: No L2 for L2 @ va %p\n", ptep); 1754 1755 ptep = &ptep[l2pte_index(va)]; 1756 pte = *ptep; 1757 if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) { 1758 *ptep = (pte & ~L2_S_CACHE_MASK) | 1759 pte_l2_s_cache_mode_pt; 1760 PTE_SYNC(ptep); 1761 rv = 1; 1762 } 1763 } 1764 1765 return (rv); 1766} 1767 1768static void 1769pmap_alloc_specials(vm_offset_t *availp, int pages, vm_offset_t *vap, 1770 pt_entry_t **ptep) 1771{ 1772 vm_offset_t va = *availp; 1773 struct l2_bucket *l2b; 1774 1775 if (ptep) { 1776 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 1777 if (l2b == NULL) 1778 panic("pmap_alloc_specials: no l2b for 0x%x", va); 1779 1780 *ptep = &l2b->l2b_kva[l2pte_index(va)]; 1781 } 1782 1783 *vap = va; 1784 *availp = va + (PAGE_SIZE * pages); 1785} 1786 1787/* 1788 * Bootstrap the system enough to run with virtual memory. 1789 * 1790 * On the arm this is called after mapping has already been enabled 1791 * and just syncs the pmap module with what has already been done. 1792 * [We can't call it easily with mapping off since the kernel is not 1793 * mapped with PA == VA, hence we would have to relocate every address 1794 * from the linked base (virtual) address "KERNBASE" to the actual 1795 * (physical) address starting relative to 0] 1796 */ 1797#define PMAP_STATIC_L2_SIZE 16 1798 1799void 1800pmap_bootstrap(vm_offset_t firstaddr, struct pv_addr *l1pt) 1801{ 1802 static struct l1_ttable static_l1; 1803 static struct l2_dtable static_l2[PMAP_STATIC_L2_SIZE]; 1804 struct l1_ttable *l1 = &static_l1; 1805 struct l2_dtable *l2; 1806 struct l2_bucket *l2b; 1807 pd_entry_t pde; 1808 pd_entry_t *kernel_l1pt = (pd_entry_t *)l1pt->pv_va; 1809 pt_entry_t *ptep; 1810 vm_paddr_t pa; 1811 vm_offset_t va; 1812 vm_size_t size; 1813 int l1idx, l2idx, l2next = 0; 1814 1815 PDEBUG(1, printf("firstaddr = %08x, lastaddr = %08x\n", 1816 firstaddr, vm_max_kernel_address)); 1817 1818 virtual_avail = firstaddr; 1819 kernel_pmap->pm_l1 = l1; 1820 kernel_l1pa = l1pt->pv_pa; 1821 1822 /* 1823 * Scan the L1 translation table created by initarm() and create 1824 * the required metadata for all valid mappings found in it. 1825 */ 1826 for (l1idx = 0; l1idx < (L1_TABLE_SIZE / sizeof(pd_entry_t)); l1idx++) { 1827 pde = kernel_l1pt[l1idx]; 1828 1829 /* 1830 * We're only interested in Coarse mappings. 1831 * pmap_extract() can deal with section mappings without 1832 * recourse to checking L2 metadata. 1833 */ 1834 if ((pde & L1_TYPE_MASK) != L1_TYPE_C) 1835 continue; 1836 1837 /* 1838 * Lookup the KVA of this L2 descriptor table 1839 */ 1840 pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK); 1841 ptep = (pt_entry_t *)kernel_pt_lookup(pa); 1842 1843 if (ptep == NULL) { 1844 panic("pmap_bootstrap: No L2 for va 0x%x, pa 0x%lx", 1845 (u_int)l1idx << L1_S_SHIFT, (long unsigned int)pa); 1846 } 1847 1848 /* 1849 * Fetch the associated L2 metadata structure. 1850 * Allocate a new one if necessary. 1851 */ 1852 if ((l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)]) == NULL) { 1853 if (l2next == PMAP_STATIC_L2_SIZE) 1854 panic("pmap_bootstrap: out of static L2s"); 1855 kernel_pmap->pm_l2[L2_IDX(l1idx)] = l2 = 1856 &static_l2[l2next++]; 1857 } 1858 1859 /* 1860 * One more L1 slot tracked... 1861 */ 1862 l2->l2_occupancy++; 1863 1864 /* 1865 * Fill in the details of the L2 descriptor in the 1866 * appropriate bucket. 1867 */ 1868 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)]; 1869 l2b->l2b_kva = ptep; 1870 l2b->l2b_phys = pa; 1871 l2b->l2b_l1idx = l1idx; 1872 1873 /* 1874 * Establish an initial occupancy count for this descriptor 1875 */ 1876 for (l2idx = 0; 1877 l2idx < (L2_TABLE_SIZE_REAL / sizeof(pt_entry_t)); 1878 l2idx++) { 1879 if ((ptep[l2idx] & L2_TYPE_MASK) != L2_TYPE_INV) { 1880 l2b->l2b_occupancy++; 1881 } 1882 } 1883 1884 /* 1885 * Make sure the descriptor itself has the correct cache mode. 1886 * If not, fix it, but whine about the problem. Port-meisters 1887 * should consider this a clue to fix up their initarm() 1888 * function. :) 1889 */ 1890 if (pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)ptep)) { 1891 printf("pmap_bootstrap: WARNING! wrong cache mode for " 1892 "L2 pte @ %p\n", ptep); 1893 } 1894 } 1895 1896 1897 /* 1898 * Ensure the primary (kernel) L1 has the correct cache mode for 1899 * a page table. Bitch if it is not correctly set. 1900 */ 1901 for (va = (vm_offset_t)kernel_l1pt; 1902 va < ((vm_offset_t)kernel_l1pt + L1_TABLE_SIZE); va += PAGE_SIZE) { 1903 if (pmap_set_pt_cache_mode(kernel_l1pt, va)) 1904 printf("pmap_bootstrap: WARNING! wrong cache mode for " 1905 "primary L1 @ 0x%x\n", va); 1906 } 1907 1908 cpu_dcache_wbinv_all(); 1909 cpu_l2cache_wbinv_all(); 1910 cpu_tlb_flushID(); 1911 cpu_cpwait(); 1912 1913 PMAP_LOCK_INIT(kernel_pmap); 1914 CPU_FILL(&kernel_pmap->pm_active); 1915 kernel_pmap->pm_domain = PMAP_DOMAIN_KERNEL; 1916 TAILQ_INIT(&kernel_pmap->pm_pvchunk); 1917 1918 /* 1919 * Initialize the global pv list lock. 1920 */ 1921 rw_init(&pvh_global_lock, "pmap pv global"); 1922 1923 /* 1924 * Reserve some special page table entries/VA space for temporary 1925 * mapping of pages. 1926 */ 1927 1928 pmap_alloc_specials(&virtual_avail, 1, &csrcp, &csrc_pte); 1929 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)csrc_pte); 1930 pmap_alloc_specials(&virtual_avail, 1, &cdstp, &cdst_pte); 1931 pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)cdst_pte); 1932 size = ((vm_max_kernel_address - pmap_curmaxkvaddr) + L1_S_OFFSET) / 1933 L1_S_SIZE; 1934 pmap_alloc_specials(&virtual_avail, 1935 round_page(size * L2_TABLE_SIZE_REAL) / PAGE_SIZE, 1936 &pmap_kernel_l2ptp_kva, NULL); 1937 1938 size = (size + (L2_BUCKET_SIZE - 1)) / L2_BUCKET_SIZE; 1939 pmap_alloc_specials(&virtual_avail, 1940 round_page(size * sizeof(struct l2_dtable)) / PAGE_SIZE, 1941 &pmap_kernel_l2dtable_kva, NULL); 1942 1943 pmap_alloc_specials(&virtual_avail, 1944 1, (vm_offset_t*)&_tmppt, NULL); 1945 pmap_alloc_specials(&virtual_avail, 1946 MAXDUMPPGS, (vm_offset_t *)&crashdumpmap, NULL); 1947 SLIST_INIT(&l1_list); 1948 TAILQ_INIT(&l1_lru_list); 1949 mtx_init(&l1_lru_lock, "l1 list lock", NULL, MTX_DEF); 1950 pmap_init_l1(l1, kernel_l1pt); 1951 cpu_dcache_wbinv_all(); 1952 cpu_l2cache_wbinv_all(); 1953 1954 virtual_avail = round_page(virtual_avail); 1955 virtual_end = vm_max_kernel_address; 1956 kernel_vm_end = pmap_curmaxkvaddr; 1957 mtx_init(&cmtx, "TMP mappings mtx", NULL, MTX_DEF); 1958 1959 pmap_set_pcb_pagedir(kernel_pmap, thread0.td_pcb); 1960} 1961 1962/*************************************************** 1963 * Pmap allocation/deallocation routines. 1964 ***************************************************/ 1965 1966/* 1967 * Release any resources held by the given physical map. 1968 * Called when a pmap initialized by pmap_pinit is being released. 1969 * Should only be called if the map contains no valid mappings. 1970 */ 1971void 1972pmap_release(pmap_t pmap) 1973{ 1974 struct pcb *pcb; 1975 1976 cpu_idcache_wbinv_all(); 1977 cpu_l2cache_wbinv_all(); 1978 cpu_tlb_flushID(); 1979 cpu_cpwait(); 1980 if (vector_page < KERNBASE) { 1981 struct pcb *curpcb = PCPU_GET(curpcb); 1982 pcb = thread0.td_pcb; 1983 if (pmap_is_current(pmap)) { 1984 /* 1985 * Frob the L1 entry corresponding to the vector 1986 * page so that it contains the kernel pmap's domain 1987 * number. This will ensure pmap_remove() does not 1988 * pull the current vector page out from under us. 1989 */ 1990 critical_enter(); 1991 *pcb->pcb_pl1vec = pcb->pcb_l1vec; 1992 cpu_domains(pcb->pcb_dacr); 1993 cpu_setttb(pcb->pcb_pagedir); 1994 critical_exit(); 1995 } 1996 pmap_remove(pmap, vector_page, vector_page + PAGE_SIZE); 1997 /* 1998 * Make sure cpu_switch(), et al, DTRT. This is safe to do 1999 * since this process has no remaining mappings of its own. 2000 */ 2001 curpcb->pcb_pl1vec = pcb->pcb_pl1vec; 2002 curpcb->pcb_l1vec = pcb->pcb_l1vec; 2003 curpcb->pcb_dacr = pcb->pcb_dacr; 2004 curpcb->pcb_pagedir = pcb->pcb_pagedir; 2005 2006 } 2007 pmap_free_l1(pmap); 2008 2009 dprintf("pmap_release()\n"); 2010} 2011 2012 2013 2014/* 2015 * Helper function for pmap_grow_l2_bucket() 2016 */ 2017static __inline int 2018pmap_grow_map(vm_offset_t va, pt_entry_t cache_mode, vm_paddr_t *pap) 2019{ 2020 struct l2_bucket *l2b; 2021 pt_entry_t *ptep; 2022 vm_paddr_t pa; 2023 struct vm_page *m; 2024 2025 m = vm_page_alloc(NULL, 0, VM_ALLOC_NOOBJ | VM_ALLOC_WIRED); 2026 if (m == NULL) 2027 return (1); 2028 pa = VM_PAGE_TO_PHYS(m); 2029 2030 if (pap) 2031 *pap = pa; 2032 2033 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 2034 2035 ptep = &l2b->l2b_kva[l2pte_index(va)]; 2036 *ptep = L2_S_PROTO | pa | cache_mode | L2_S_REF; 2037 pmap_set_prot(ptep, VM_PROT_READ | VM_PROT_WRITE, 0); 2038 PTE_SYNC(ptep); 2039 2040 return (0); 2041} 2042 2043/* 2044 * This is the same as pmap_alloc_l2_bucket(), except that it is only 2045 * used by pmap_growkernel(). 2046 */ 2047static __inline struct l2_bucket * 2048pmap_grow_l2_bucket(pmap_t pmap, vm_offset_t va) 2049{ 2050 struct l2_dtable *l2; 2051 struct l2_bucket *l2b; 2052 struct l1_ttable *l1; 2053 pd_entry_t *pl1pd; 2054 u_short l1idx; 2055 vm_offset_t nva; 2056 2057 l1idx = L1_IDX(va); 2058 2059 if ((l2 = pmap->pm_l2[L2_IDX(l1idx)]) == NULL) { 2060 /* 2061 * No mapping at this address, as there is 2062 * no entry in the L1 table. 2063 * Need to allocate a new l2_dtable. 2064 */ 2065 nva = pmap_kernel_l2dtable_kva; 2066 if ((nva & PAGE_MASK) == 0) { 2067 /* 2068 * Need to allocate a backing page 2069 */ 2070 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL)) 2071 return (NULL); 2072 } 2073 2074 l2 = (struct l2_dtable *)nva; 2075 nva += sizeof(struct l2_dtable); 2076 2077 if ((nva & PAGE_MASK) < (pmap_kernel_l2dtable_kva & 2078 PAGE_MASK)) { 2079 /* 2080 * The new l2_dtable straddles a page boundary. 2081 * Map in another page to cover it. 2082 */ 2083 if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL)) 2084 return (NULL); 2085 } 2086 2087 pmap_kernel_l2dtable_kva = nva; 2088 2089 /* 2090 * Link it into the parent pmap 2091 */ 2092 pmap->pm_l2[L2_IDX(l1idx)] = l2; 2093 memset(l2, 0, sizeof(*l2)); 2094 } 2095 2096 l2b = &l2->l2_bucket[L2_BUCKET(l1idx)]; 2097 2098 /* 2099 * Fetch pointer to the L2 page table associated with the address. 2100 */ 2101 if (l2b->l2b_kva == NULL) { 2102 pt_entry_t *ptep; 2103 2104 /* 2105 * No L2 page table has been allocated. Chances are, this 2106 * is because we just allocated the l2_dtable, above. 2107 */ 2108 nva = pmap_kernel_l2ptp_kva; 2109 ptep = (pt_entry_t *)nva; 2110 if ((nva & PAGE_MASK) == 0) { 2111 /* 2112 * Need to allocate a backing page 2113 */ 2114 if (pmap_grow_map(nva, pte_l2_s_cache_mode_pt, 2115 &pmap_kernel_l2ptp_phys)) 2116 return (NULL); 2117 } 2118 memset(ptep, 0, L2_TABLE_SIZE_REAL); 2119 l2->l2_occupancy++; 2120 l2b->l2b_kva = ptep; 2121 l2b->l2b_l1idx = l1idx; 2122 l2b->l2b_phys = pmap_kernel_l2ptp_phys; 2123 2124 pmap_kernel_l2ptp_kva += L2_TABLE_SIZE_REAL; 2125 pmap_kernel_l2ptp_phys += L2_TABLE_SIZE_REAL; 2126 } 2127 2128 /* Distribute new L1 entry to all other L1s */ 2129 SLIST_FOREACH(l1, &l1_list, l1_link) { 2130 pl1pd = &l1->l1_kva[L1_IDX(va)]; 2131 *pl1pd = l2b->l2b_phys | L1_C_DOM(PMAP_DOMAIN_KERNEL) | 2132 L1_C_PROTO; 2133 PTE_SYNC(pl1pd); 2134 } 2135 2136 return (l2b); 2137} 2138 2139 2140/* 2141 * grow the number of kernel page table entries, if needed 2142 */ 2143void 2144pmap_growkernel(vm_offset_t addr) 2145{ 2146 pmap_t kpmap = pmap_kernel(); 2147 2148 if (addr <= pmap_curmaxkvaddr) 2149 return; /* we are OK */ 2150 2151 /* 2152 * whoops! we need to add kernel PTPs 2153 */ 2154 2155 /* Map 1MB at a time */ 2156 for (; pmap_curmaxkvaddr < addr; pmap_curmaxkvaddr += L1_S_SIZE) 2157 pmap_grow_l2_bucket(kpmap, pmap_curmaxkvaddr); 2158 2159 /* 2160 * flush out the cache, expensive but growkernel will happen so 2161 * rarely 2162 */ 2163 cpu_dcache_wbinv_all(); 2164 cpu_l2cache_wbinv_all(); 2165 cpu_tlb_flushD(); 2166 cpu_cpwait(); 2167 kernel_vm_end = pmap_curmaxkvaddr; 2168} 2169 2170/* 2171 * Returns TRUE if the given page is mapped individually or as part of 2172 * a 1MB section. Otherwise, returns FALSE. 2173 */ 2174boolean_t 2175pmap_page_is_mapped(vm_page_t m) 2176{ 2177 boolean_t rv; 2178 2179 if ((m->oflags & VPO_UNMANAGED) != 0) 2180 return (FALSE); 2181 rw_wlock(&pvh_global_lock); 2182 rv = !TAILQ_EMPTY(&m->md.pv_list) || 2183 ((m->flags & PG_FICTITIOUS) == 0 && 2184 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list)); 2185 rw_wunlock(&pvh_global_lock); 2186 return (rv); 2187} 2188 2189/* 2190 * Remove all pages from specified address space 2191 * this aids process exit speeds. Also, this code 2192 * is special cased for current process only, but 2193 * can have the more generic (and slightly slower) 2194 * mode enabled. This is much faster than pmap_remove 2195 * in the case of running down an entire address space. 2196 */ 2197void 2198pmap_remove_pages(pmap_t pmap) 2199{ 2200 struct pv_entry *pv; 2201 struct l2_bucket *l2b = NULL; 2202 struct pv_chunk *pc, *npc; 2203 struct md_page *pvh; 2204 pd_entry_t *pl1pd, l1pd; 2205 pt_entry_t *ptep; 2206 vm_page_t m, mt; 2207 vm_offset_t va; 2208 uint32_t inuse, bitmask; 2209 int allfree, bit, field, idx; 2210 2211 rw_wlock(&pvh_global_lock); 2212 PMAP_LOCK(pmap); 2213 2214 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) { 2215 allfree = 1; 2216 for (field = 0; field < _NPCM; field++) { 2217 inuse = ~pc->pc_map[field] & pc_freemask[field]; 2218 while (inuse != 0) { 2219 bit = ffs(inuse) - 1; 2220 bitmask = 1ul << bit; 2221 idx = field * sizeof(inuse) * NBBY + bit; 2222 pv = &pc->pc_pventry[idx]; 2223 va = pv->pv_va; 2224 inuse &= ~bitmask; 2225 if (pv->pv_flags & PVF_WIRED) { 2226 /* Cannot remove wired pages now. */ 2227 allfree = 0; 2228 continue; 2229 } 2230 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 2231 l1pd = *pl1pd; 2232 l2b = pmap_get_l2_bucket(pmap, va); 2233 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 2234 pvh = pa_to_pvh(l1pd & L1_S_FRAME); 2235 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list); 2236 if (TAILQ_EMPTY(&pvh->pv_list)) { 2237 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME); 2238 KASSERT((vm_offset_t)m >= KERNBASE, 2239 ("Trying to access non-existent page " 2240 "va %x l1pd %x", trunc_1mpage(va), l1pd)); 2241 for (mt = m; mt < &m[L2_PTE_NUM_TOTAL]; mt++) { 2242 if (TAILQ_EMPTY(&mt->md.pv_list)) 2243 vm_page_aflag_clear(mt, PGA_WRITEABLE); 2244 } 2245 } 2246 if (l2b != NULL) { 2247 KASSERT(l2b->l2b_occupancy == L2_PTE_NUM_TOTAL, 2248 ("pmap_remove_pages: l2_bucket occupancy error")); 2249 pmap_free_l2_bucket(pmap, l2b, L2_PTE_NUM_TOTAL); 2250 } 2251 pmap->pm_stats.resident_count -= L2_PTE_NUM_TOTAL; 2252 *pl1pd = 0; 2253 PTE_SYNC(pl1pd); 2254 } else { 2255 KASSERT(l2b != NULL, 2256 ("No L2 bucket in pmap_remove_pages")); 2257 ptep = &l2b->l2b_kva[l2pte_index(va)]; 2258 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep)); 2259 KASSERT((vm_offset_t)m >= KERNBASE, 2260 ("Trying to access non-existent page " 2261 "va %x pte %x", va, *ptep)); 2262 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list); 2263 if (TAILQ_EMPTY(&m->md.pv_list) && 2264 (m->flags & PG_FICTITIOUS) == 0) { 2265 pvh = pa_to_pvh(l2pte_pa(*ptep)); 2266 if (TAILQ_EMPTY(&pvh->pv_list)) 2267 vm_page_aflag_clear(m, PGA_WRITEABLE); 2268 } 2269 *ptep = 0; 2270 PTE_SYNC(ptep); 2271 pmap_free_l2_bucket(pmap, l2b, 1); 2272 pmap->pm_stats.resident_count--; 2273 } 2274 2275 /* Mark free */ 2276 PV_STAT(pv_entry_frees++); 2277 PV_STAT(pv_entry_spare++); 2278 pv_entry_count--; 2279 pc->pc_map[field] |= bitmask; 2280 } 2281 } 2282 if (allfree) { 2283 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list); 2284 pmap_free_pv_chunk(pc); 2285 } 2286 2287 } 2288 2289 rw_wunlock(&pvh_global_lock); 2290 cpu_tlb_flushID(); 2291 cpu_cpwait(); 2292 PMAP_UNLOCK(pmap); 2293} 2294 2295 2296/*************************************************** 2297 * Low level mapping routines..... 2298 ***************************************************/ 2299 2300#ifdef ARM_HAVE_SUPERSECTIONS 2301/* Map a super section into the KVA. */ 2302 2303void 2304pmap_kenter_supersection(vm_offset_t va, uint64_t pa, int flags) 2305{ 2306 pd_entry_t pd = L1_S_PROTO | L1_S_SUPERSEC | (pa & L1_SUP_FRAME) | 2307 (((pa >> 32) & 0xf) << 20) | L1_S_PROT(PTE_KERNEL, 2308 VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) | 2309 L1_S_DOM(PMAP_DOMAIN_KERNEL); 2310 struct l1_ttable *l1; 2311 vm_offset_t va0, va_end; 2312 2313 KASSERT(((va | pa) & L1_SUP_OFFSET) == 0, 2314 ("Not a valid super section mapping")); 2315 if (flags & SECTION_CACHE) 2316 pd |= pte_l1_s_cache_mode; 2317 else if (flags & SECTION_PT) 2318 pd |= pte_l1_s_cache_mode_pt; 2319 2320 va0 = va & L1_SUP_FRAME; 2321 va_end = va + L1_SUP_SIZE; 2322 SLIST_FOREACH(l1, &l1_list, l1_link) { 2323 va = va0; 2324 for (; va < va_end; va += L1_S_SIZE) { 2325 l1->l1_kva[L1_IDX(va)] = pd; 2326 PTE_SYNC(&l1->l1_kva[L1_IDX(va)]); 2327 } 2328 } 2329} 2330#endif 2331 2332/* Map a section into the KVA. */ 2333 2334void 2335pmap_kenter_section(vm_offset_t va, vm_offset_t pa, int flags) 2336{ 2337 pd_entry_t pd = L1_S_PROTO | pa | L1_S_PROT(PTE_KERNEL, 2338 VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) | L1_S_REF | 2339 L1_S_DOM(PMAP_DOMAIN_KERNEL); 2340 struct l1_ttable *l1; 2341 2342 KASSERT(((va | pa) & L1_S_OFFSET) == 0, 2343 ("Not a valid section mapping")); 2344 if (flags & SECTION_CACHE) 2345 pd |= pte_l1_s_cache_mode; 2346 else if (flags & SECTION_PT) 2347 pd |= pte_l1_s_cache_mode_pt; 2348 2349 SLIST_FOREACH(l1, &l1_list, l1_link) { 2350 l1->l1_kva[L1_IDX(va)] = pd; 2351 PTE_SYNC(&l1->l1_kva[L1_IDX(va)]); 2352 } 2353} 2354 2355/* 2356 * Make a temporary mapping for a physical address. This is only intended 2357 * to be used for panic dumps. 2358 */ 2359void * 2360pmap_kenter_temp(vm_paddr_t pa, int i) 2361{ 2362 vm_offset_t va; 2363 2364 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE); 2365 pmap_kenter(va, pa); 2366 return ((void *)crashdumpmap); 2367} 2368 2369/* 2370 * add a wired page to the kva 2371 * note that in order for the mapping to take effect -- you 2372 * should do a invltlb after doing the pmap_kenter... 2373 */ 2374static PMAP_INLINE void 2375pmap_kenter_internal(vm_offset_t va, vm_offset_t pa, int flags) 2376{ 2377 struct l2_bucket *l2b; 2378 pt_entry_t *ptep; 2379 pt_entry_t opte; 2380 2381 PDEBUG(1, printf("pmap_kenter: va = %08x, pa = %08x\n", 2382 (uint32_t) va, (uint32_t) pa)); 2383 2384 2385 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 2386 if (l2b == NULL) 2387 l2b = pmap_grow_l2_bucket(pmap_kernel(), va); 2388 KASSERT(l2b != NULL, ("No L2 Bucket")); 2389 2390 ptep = &l2b->l2b_kva[l2pte_index(va)]; 2391 opte = *ptep; 2392 if (l2pte_valid(opte)) { 2393 cpu_tlb_flushD_SE(va); 2394 cpu_cpwait(); 2395 } else { 2396 if (opte == 0) 2397 l2b->l2b_occupancy++; 2398 } 2399 2400 if (flags & KENTER_CACHE) { 2401 *ptep = L2_S_PROTO | pa | pte_l2_s_cache_mode | L2_S_REF; 2402 pmap_set_prot(ptep, VM_PROT_READ | VM_PROT_WRITE, 2403 flags & KENTER_USER); 2404 } else { 2405 *ptep = L2_S_PROTO | pa | L2_S_REF; 2406 pmap_set_prot(ptep, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE, 2407 0); 2408 } 2409 2410 PDEBUG(1, printf("pmap_kenter: pte = %08x, opte = %08x, npte = %08x\n", 2411 (uint32_t) ptep, opte, *ptep)); 2412 PTE_SYNC(ptep); 2413 cpu_cpwait(); 2414} 2415 2416void 2417pmap_kenter(vm_offset_t va, vm_paddr_t pa) 2418{ 2419 pmap_kenter_internal(va, pa, KENTER_CACHE); 2420} 2421 2422void 2423pmap_kenter_nocache(vm_offset_t va, vm_paddr_t pa) 2424{ 2425 2426 pmap_kenter_internal(va, pa, 0); 2427} 2428 2429void 2430pmap_kenter_device(vm_offset_t va, vm_paddr_t pa) 2431{ 2432 2433 /* 2434 * XXX - Need a way for kenter_internal to handle PTE_DEVICE mapping as 2435 * a potentially different thing than PTE_NOCACHE. 2436 */ 2437 pmap_kenter_internal(va, pa, 0); 2438} 2439 2440void 2441pmap_kenter_user(vm_offset_t va, vm_paddr_t pa) 2442{ 2443 2444 pmap_kenter_internal(va, pa, KENTER_CACHE|KENTER_USER); 2445 /* 2446 * Call pmap_fault_fixup now, to make sure we'll have no exception 2447 * at the first use of the new address, or bad things will happen, 2448 * as we use one of these addresses in the exception handlers. 2449 */ 2450 pmap_fault_fixup(pmap_kernel(), va, VM_PROT_READ|VM_PROT_WRITE, 1); 2451} 2452 2453vm_paddr_t 2454pmap_kextract(vm_offset_t va) 2455{ 2456 2457 if (kernel_vm_end == 0) 2458 return (0); 2459 return (pmap_extract_locked(kernel_pmap, va)); 2460} 2461 2462/* 2463 * remove a page from the kernel pagetables 2464 */ 2465void 2466pmap_kremove(vm_offset_t va) 2467{ 2468 struct l2_bucket *l2b; 2469 pt_entry_t *ptep, opte; 2470 2471 l2b = pmap_get_l2_bucket(pmap_kernel(), va); 2472 if (!l2b) 2473 return; 2474 KASSERT(l2b != NULL, ("No L2 Bucket")); 2475 ptep = &l2b->l2b_kva[l2pte_index(va)]; 2476 opte = *ptep; 2477 if (l2pte_valid(opte)) { 2478 va = va & ~PAGE_MASK; 2479 cpu_tlb_flushD_SE(va); 2480 cpu_cpwait(); 2481 *ptep = 0; 2482 PTE_SYNC(ptep); 2483 } 2484} 2485 2486 2487/* 2488 * Used to map a range of physical addresses into kernel 2489 * virtual address space. 2490 * 2491 * The value passed in '*virt' is a suggested virtual address for 2492 * the mapping. Architectures which can support a direct-mapped 2493 * physical to virtual region can return the appropriate address 2494 * within that region, leaving '*virt' unchanged. Other 2495 * architectures should map the pages starting at '*virt' and 2496 * update '*virt' with the first usable address after the mapped 2497 * region. 2498 */ 2499vm_offset_t 2500pmap_map(vm_offset_t *virt, vm_offset_t start, vm_offset_t end, int prot) 2501{ 2502 vm_offset_t sva = *virt; 2503 vm_offset_t va = sva; 2504 2505 PDEBUG(1, printf("pmap_map: virt = %08x, start = %08x, end = %08x, " 2506 "prot = %d\n", (uint32_t) *virt, (uint32_t) start, (uint32_t) end, 2507 prot)); 2508 2509 while (start < end) { 2510 pmap_kenter(va, start); 2511 va += PAGE_SIZE; 2512 start += PAGE_SIZE; 2513 } 2514 *virt = va; 2515 return (sva); 2516} 2517 2518/* 2519 * Add a list of wired pages to the kva 2520 * this routine is only used for temporary 2521 * kernel mappings that do not need to have 2522 * page modification or references recorded. 2523 * Note that old mappings are simply written 2524 * over. The page *must* be wired. 2525 */ 2526void 2527pmap_qenter(vm_offset_t va, vm_page_t *m, int count) 2528{ 2529 int i; 2530 2531 for (i = 0; i < count; i++) { 2532 pmap_kenter_internal(va, VM_PAGE_TO_PHYS(m[i]), 2533 KENTER_CACHE); 2534 va += PAGE_SIZE; 2535 } 2536} 2537 2538 2539/* 2540 * this routine jerks page mappings from the 2541 * kernel -- it is meant only for temporary mappings. 2542 */ 2543void 2544pmap_qremove(vm_offset_t va, int count) 2545{ 2546 int i; 2547 2548 for (i = 0; i < count; i++) { 2549 if (vtophys(va)) 2550 pmap_kremove(va); 2551 2552 va += PAGE_SIZE; 2553 } 2554} 2555 2556 2557/* 2558 * pmap_object_init_pt preloads the ptes for a given object 2559 * into the specified pmap. This eliminates the blast of soft 2560 * faults on process startup and immediately after an mmap. 2561 */ 2562void 2563pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object, 2564 vm_pindex_t pindex, vm_size_t size) 2565{ 2566 2567 VM_OBJECT_ASSERT_WLOCKED(object); 2568 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG, 2569 ("pmap_object_init_pt: non-device object")); 2570} 2571 2572 2573/* 2574 * pmap_is_prefaultable: 2575 * 2576 * Return whether or not the specified virtual address is elgible 2577 * for prefault. 2578 */ 2579boolean_t 2580pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr) 2581{ 2582 pd_entry_t *pdep; 2583 pt_entry_t *ptep; 2584 2585 if (!pmap_get_pde_pte(pmap, addr, &pdep, &ptep)) 2586 return (FALSE); 2587 KASSERT((pdep != NULL && (l1pte_section_p(*pdep) || ptep != NULL)), 2588 ("Valid mapping but no pte ?")); 2589 if (*pdep != 0 && !l1pte_section_p(*pdep)) 2590 if (*ptep == 0) 2591 return (TRUE); 2592 return (FALSE); 2593} 2594 2595/* 2596 * Fetch pointers to the PDE/PTE for the given pmap/VA pair. 2597 * Returns TRUE if the mapping exists, else FALSE. 2598 * 2599 * NOTE: This function is only used by a couple of arm-specific modules. 2600 * It is not safe to take any pmap locks here, since we could be right 2601 * in the middle of debugging the pmap anyway... 2602 * 2603 * It is possible for this routine to return FALSE even though a valid 2604 * mapping does exist. This is because we don't lock, so the metadata 2605 * state may be inconsistent. 2606 * 2607 * NOTE: We can return a NULL *ptp in the case where the L1 pde is 2608 * a "section" mapping. 2609 */ 2610boolean_t 2611pmap_get_pde_pte(pmap_t pmap, vm_offset_t va, pd_entry_t **pdp, 2612 pt_entry_t **ptp) 2613{ 2614 struct l2_dtable *l2; 2615 pd_entry_t *pl1pd, l1pd; 2616 pt_entry_t *ptep; 2617 u_short l1idx; 2618 2619 if (pmap->pm_l1 == NULL) 2620 return (FALSE); 2621 2622 l1idx = L1_IDX(va); 2623 *pdp = pl1pd = &pmap->pm_l1->l1_kva[l1idx]; 2624 l1pd = *pl1pd; 2625 2626 if (l1pte_section_p(l1pd)) { 2627 *ptp = NULL; 2628 return (TRUE); 2629 } 2630 2631 if (pmap->pm_l2 == NULL) 2632 return (FALSE); 2633 2634 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 2635 2636 if (l2 == NULL || 2637 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) { 2638 return (FALSE); 2639 } 2640 2641 *ptp = &ptep[l2pte_index(va)]; 2642 return (TRUE); 2643} 2644 2645/* 2646 * Routine: pmap_remove_all 2647 * Function: 2648 * Removes this physical page from 2649 * all physical maps in which it resides. 2650 * Reflects back modify bits to the pager. 2651 * 2652 * Notes: 2653 * Original versions of this routine were very 2654 * inefficient because they iteratively called 2655 * pmap_remove (slow...) 2656 */ 2657void 2658pmap_remove_all(vm_page_t m) 2659{ 2660 struct md_page *pvh; 2661 pv_entry_t pv; 2662 pmap_t pmap; 2663 pt_entry_t *ptep; 2664 struct l2_bucket *l2b; 2665 boolean_t flush = FALSE; 2666 pmap_t curpmap; 2667 u_int is_exec = 0; 2668 2669 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 2670 ("pmap_remove_all: page %p is not managed", m)); 2671 rw_wlock(&pvh_global_lock); 2672 if ((m->flags & PG_FICTITIOUS) != 0) 2673 goto small_mappings; 2674 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m)); 2675 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) { 2676 pmap = PV_PMAP(pv); 2677 PMAP_LOCK(pmap); 2678 pd_entry_t *pl1pd; 2679 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)]; 2680 KASSERT((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO, 2681 ("pmap_remove_all: valid section mapping expected")); 2682 (void)pmap_demote_section(pmap, pv->pv_va); 2683 PMAP_UNLOCK(pmap); 2684 } 2685small_mappings: 2686 curpmap = vmspace_pmap(curproc->p_vmspace); 2687 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) { 2688 pmap = PV_PMAP(pv); 2689 if (flush == FALSE && (pmap == curpmap || 2690 pmap == pmap_kernel())) 2691 flush = TRUE; 2692 2693 PMAP_LOCK(pmap); 2694 l2b = pmap_get_l2_bucket(pmap, pv->pv_va); 2695 KASSERT(l2b != NULL, ("No l2 bucket")); 2696 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)]; 2697 is_exec |= PTE_BEEN_EXECD(*ptep); 2698 *ptep = 0; 2699 if (pmap_is_current(pmap)) 2700 PTE_SYNC(ptep); 2701 pmap_free_l2_bucket(pmap, l2b, 1); 2702 pmap->pm_stats.resident_count--; 2703 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list); 2704 if (pv->pv_flags & PVF_WIRED) 2705 pmap->pm_stats.wired_count--; 2706 pmap_free_pv_entry(pmap, pv); 2707 PMAP_UNLOCK(pmap); 2708 } 2709 2710 if (flush) { 2711 if (is_exec) 2712 cpu_tlb_flushID(); 2713 else 2714 cpu_tlb_flushD(); 2715 } 2716 vm_page_aflag_clear(m, PGA_WRITEABLE); 2717 rw_wunlock(&pvh_global_lock); 2718} 2719 2720int 2721pmap_change_attr(vm_offset_t sva, vm_size_t len, int mode) 2722{ 2723 vm_offset_t base, offset, tmpva; 2724 vm_size_t size; 2725 struct l2_bucket *l2b; 2726 pt_entry_t *ptep, pte; 2727 vm_offset_t next_bucket; 2728 2729 PMAP_LOCK(kernel_pmap); 2730 2731 base = trunc_page(sva); 2732 offset = sva & PAGE_MASK; 2733 size = roundup(offset + len, PAGE_SIZE); 2734 2735#ifdef checkit 2736 /* 2737 * Only supported on kernel virtual addresses, including the direct 2738 * map but excluding the recursive map. 2739 */ 2740 if (base < DMAP_MIN_ADDRESS) { 2741 PMAP_UNLOCK(kernel_pmap); 2742 return (EINVAL); 2743 } 2744#endif 2745 for (tmpva = base; tmpva < base + size; ) { 2746 next_bucket = L2_NEXT_BUCKET(tmpva); 2747 if (next_bucket > base + size) 2748 next_bucket = base + size; 2749 2750 l2b = pmap_get_l2_bucket(kernel_pmap, tmpva); 2751 if (l2b == NULL) { 2752 tmpva = next_bucket; 2753 continue; 2754 } 2755 2756 ptep = &l2b->l2b_kva[l2pte_index(tmpva)]; 2757 2758 if (*ptep == 0) { 2759 PMAP_UNLOCK(kernel_pmap); 2760 return(EINVAL); 2761 } 2762 2763 pte = *ptep &~ L2_S_CACHE_MASK; 2764 cpu_idcache_wbinv_range(tmpva, PAGE_SIZE); 2765 pmap_l2cache_wbinv_range(tmpva, pte & L2_S_FRAME, PAGE_SIZE); 2766 *ptep = pte; 2767 cpu_tlb_flushID_SE(tmpva); 2768 2769 dprintf("%s: for va:%x ptep:%x pte:%x\n", 2770 __func__, tmpva, (uint32_t)ptep, pte); 2771 tmpva += PAGE_SIZE; 2772 } 2773 2774 PMAP_UNLOCK(kernel_pmap); 2775 2776 return (0); 2777} 2778 2779/* 2780 * Set the physical protection on the 2781 * specified range of this map as requested. 2782 */ 2783void 2784pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot) 2785{ 2786 struct l2_bucket *l2b; 2787 struct md_page *pvh; 2788 struct pv_entry *pve; 2789 pd_entry_t *pl1pd, l1pd; 2790 pt_entry_t *ptep, pte; 2791 vm_offset_t next_bucket; 2792 u_int is_exec, is_refd; 2793 int flush; 2794 2795 if ((prot & VM_PROT_READ) == 0) { 2796 pmap_remove(pmap, sva, eva); 2797 return; 2798 } 2799 2800 if (prot & VM_PROT_WRITE) { 2801 /* 2802 * If this is a read->write transition, just ignore it and let 2803 * vm_fault() take care of it later. 2804 */ 2805 return; 2806 } 2807 2808 rw_wlock(&pvh_global_lock); 2809 PMAP_LOCK(pmap); 2810 2811 /* 2812 * OK, at this point, we know we're doing write-protect operation. 2813 * If the pmap is active, write-back the range. 2814 */ 2815 2816 flush = ((eva - sva) >= (PAGE_SIZE * 4)) ? 0 : -1; 2817 is_exec = is_refd = 0; 2818 2819 while (sva < eva) { 2820 next_bucket = L2_NEXT_BUCKET(sva); 2821 /* 2822 * Check for large page. 2823 */ 2824 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)]; 2825 l1pd = *pl1pd; 2826 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 2827 KASSERT(pmap != pmap_kernel(), 2828 ("pmap_protect: trying to modify " 2829 "kernel section protections")); 2830 /* 2831 * Are we protecting the entire large page? If not, 2832 * demote the mapping and fall through. 2833 */ 2834 if (sva + L1_S_SIZE == L2_NEXT_BUCKET(sva) && 2835 eva >= L2_NEXT_BUCKET(sva)) { 2836 l1pd &= ~(L1_S_PROT_MASK | L1_S_XN); 2837 if (!(prot & VM_PROT_EXECUTE)) 2838 *pl1pd |= L1_S_XN; 2839 /* 2840 * At this point we are always setting 2841 * write-protect bit. 2842 */ 2843 l1pd |= L1_S_APX; 2844 /* All managed superpages are user pages. */ 2845 l1pd |= L1_S_PROT_U; 2846 *pl1pd = l1pd; 2847 PTE_SYNC(pl1pd); 2848 pvh = pa_to_pvh(l1pd & L1_S_FRAME); 2849 pve = pmap_find_pv(pvh, pmap, 2850 trunc_1mpage(sva)); 2851 pve->pv_flags &= ~PVF_WRITE; 2852 sva = next_bucket; 2853 continue; 2854 } else if (!pmap_demote_section(pmap, sva)) { 2855 /* The large page mapping was destroyed. */ 2856 sva = next_bucket; 2857 continue; 2858 } 2859 } 2860 if (next_bucket > eva) 2861 next_bucket = eva; 2862 l2b = pmap_get_l2_bucket(pmap, sva); 2863 if (l2b == NULL) { 2864 sva = next_bucket; 2865 continue; 2866 } 2867 2868 ptep = &l2b->l2b_kva[l2pte_index(sva)]; 2869 2870 while (sva < next_bucket) { 2871 if ((pte = *ptep) != 0 && L2_S_WRITABLE(pte)) { 2872 struct vm_page *m; 2873 2874 m = PHYS_TO_VM_PAGE(l2pte_pa(pte)); 2875 pmap_set_prot(ptep, prot, 2876 !(pmap == pmap_kernel())); 2877 PTE_SYNC(ptep); 2878 2879 pmap_modify_pv(m, pmap, sva, PVF_WRITE, 0); 2880 2881 if (flush >= 0) { 2882 flush++; 2883 is_exec |= PTE_BEEN_EXECD(pte); 2884 is_refd |= PTE_BEEN_REFD(pte); 2885 } else { 2886 if (PTE_BEEN_EXECD(pte)) 2887 cpu_tlb_flushID_SE(sva); 2888 else if (PTE_BEEN_REFD(pte)) 2889 cpu_tlb_flushD_SE(sva); 2890 } 2891 } 2892 2893 sva += PAGE_SIZE; 2894 ptep++; 2895 } 2896 } 2897 2898 2899 if (flush) { 2900 if (is_exec) 2901 cpu_tlb_flushID(); 2902 else 2903 if (is_refd) 2904 cpu_tlb_flushD(); 2905 } 2906 rw_wunlock(&pvh_global_lock); 2907 2908 PMAP_UNLOCK(pmap); 2909} 2910 2911 2912/* 2913 * Insert the given physical page (p) at 2914 * the specified virtual address (v) in the 2915 * target physical map with the protection requested. 2916 * 2917 * If specified, the page will be wired down, meaning 2918 * that the related pte can not be reclaimed. 2919 * 2920 * NB: This is the only routine which MAY NOT lazy-evaluate 2921 * or lose information. That is, this routine must actually 2922 * insert this page into the given map NOW. 2923 */ 2924 2925void 2926pmap_enter(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m, 2927 vm_prot_t prot, boolean_t wired) 2928{ 2929 2930 rw_wlock(&pvh_global_lock); 2931 PMAP_LOCK(pmap); 2932 pmap_enter_locked(pmap, va, access, m, prot, wired, M_WAITOK); 2933 PMAP_UNLOCK(pmap); 2934 rw_wunlock(&pvh_global_lock); 2935} 2936 2937/* 2938 * The pvh global and pmap locks must be held. 2939 */ 2940static void 2941pmap_enter_locked(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m, 2942 vm_prot_t prot, boolean_t wired, int flags) 2943{ 2944 struct l2_bucket *l2b = NULL; 2945 struct vm_page *om; 2946 struct pv_entry *pve = NULL; 2947 pd_entry_t *pl1pd, l1pd; 2948 pt_entry_t *ptep, npte, opte; 2949 u_int nflags; 2950 u_int is_exec, is_refd; 2951 vm_paddr_t pa; 2952 u_char user; 2953 2954 PMAP_ASSERT_LOCKED(pmap); 2955 rw_assert(&pvh_global_lock, RA_WLOCKED); 2956 if (va == vector_page) { 2957 pa = systempage.pv_pa; 2958 m = NULL; 2959 } else { 2960 KASSERT((m->oflags & VPO_UNMANAGED) != 0 || 2961 vm_page_xbusied(m) || (flags & M_NOWAIT) != 0, 2962 ("pmap_enter_locked: page %p is not busy", m)); 2963 pa = VM_PAGE_TO_PHYS(m); 2964 } 2965 2966 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 2967 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO) 2968 panic("pmap_enter_locked: attempt pmap_enter_on 1MB page"); 2969 2970 user = 0; 2971 /* 2972 * Make sure userland mappings get the right permissions 2973 */ 2974 if (pmap != pmap_kernel() && va != vector_page) 2975 user = 1; 2976 2977 nflags = 0; 2978 2979 if (prot & VM_PROT_WRITE) 2980 nflags |= PVF_WRITE; 2981 if (wired) 2982 nflags |= PVF_WIRED; 2983 2984 PDEBUG(1, printf("pmap_enter: pmap = %08x, va = %08x, m = %08x, " 2985 "prot = %x, wired = %x\n", (uint32_t) pmap, va, (uint32_t) m, 2986 prot, wired)); 2987 2988 if (pmap == pmap_kernel()) { 2989 l2b = pmap_get_l2_bucket(pmap, va); 2990 if (l2b == NULL) 2991 l2b = pmap_grow_l2_bucket(pmap, va); 2992 } else { 2993do_l2b_alloc: 2994 l2b = pmap_alloc_l2_bucket(pmap, va); 2995 if (l2b == NULL) { 2996 if (flags & M_WAITOK) { 2997 PMAP_UNLOCK(pmap); 2998 rw_wunlock(&pvh_global_lock); 2999 VM_WAIT; 3000 rw_wlock(&pvh_global_lock); 3001 PMAP_LOCK(pmap); 3002 goto do_l2b_alloc; 3003 } 3004 return; 3005 } 3006 } 3007 3008 ptep = &l2b->l2b_kva[l2pte_index(va)]; 3009 3010 opte = *ptep; 3011 npte = pa; 3012 is_exec = is_refd = 0; 3013 3014 if (opte) { 3015 if (l2pte_pa(opte) == pa) { 3016 /* 3017 * We're changing the attrs of an existing mapping. 3018 */ 3019 if (m != NULL) 3020 pmap_modify_pv(m, pmap, va, 3021 PVF_WRITE | PVF_WIRED, nflags); 3022 is_exec |= PTE_BEEN_EXECD(opte); 3023 is_refd |= PTE_BEEN_REFD(opte); 3024 goto validate; 3025 } 3026 if ((om = PHYS_TO_VM_PAGE(l2pte_pa(opte)))) { 3027 /* 3028 * Replacing an existing mapping with a new one. 3029 * It is part of our managed memory so we 3030 * must remove it from the PV list 3031 */ 3032 if ((pve = pmap_remove_pv(om, pmap, va))) { 3033 is_exec |= PTE_BEEN_EXECD(opte); 3034 is_refd |= PTE_BEEN_REFD(opte); 3035 3036 if (m && ((m->oflags & VPO_UNMANAGED))) 3037 pmap_free_pv_entry(pmap, pve); 3038 } 3039 } 3040 3041 } else { 3042 /* 3043 * Keep the stats up to date 3044 */ 3045 l2b->l2b_occupancy++; 3046 pmap->pm_stats.resident_count++; 3047 } 3048 3049 /* 3050 * Enter on the PV list if part of our managed memory. 3051 */ 3052 if ((m && !(m->oflags & VPO_UNMANAGED))) { 3053 if ((!pve) && (pve = pmap_get_pv_entry(pmap, FALSE)) == NULL) 3054 panic("pmap_enter: no pv entries"); 3055 3056 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva, 3057 ("pmap_enter: managed mapping within the clean submap")); 3058 KASSERT(pve != NULL, ("No pv")); 3059 pmap_enter_pv(m, pve, pmap, va, nflags); 3060 } 3061 3062validate: 3063 /* Make the new PTE valid */ 3064 npte |= L2_S_PROTO; 3065#ifdef SMP 3066 npte |= L2_SHARED; 3067#endif 3068 /* Set defaults first - kernel read access */ 3069 npte |= L2_APX; 3070 npte |= L2_S_PROT_R; 3071 /* Set "referenced" flag */ 3072 npte |= L2_S_REF; 3073 3074 /* Now tune APs as desired */ 3075 if (user) 3076 npte |= L2_S_PROT_U; 3077 /* 3078 * If this is not a vector_page 3079 * then continue setting mapping parameters 3080 */ 3081 if (m != NULL) { 3082 if ((m->oflags & VPO_UNMANAGED) == 0) { 3083 if (prot & (VM_PROT_ALL)) { 3084 vm_page_aflag_set(m, PGA_REFERENCED); 3085 } else { 3086 /* 3087 * Need to do page referenced emulation. 3088 */ 3089 npte &= ~L2_S_REF; 3090 } 3091 } 3092 3093 if (prot & VM_PROT_WRITE) { 3094 if ((m->oflags & VPO_UNMANAGED) == 0) { 3095 vm_page_aflag_set(m, PGA_WRITEABLE); 3096 /* 3097 * XXX: Skip modified bit emulation for now. 3098 * The emulation reveals problems 3099 * that result in random failures 3100 * during memory allocation on some 3101 * platforms. 3102 * Therefore, the page is marked RW 3103 * immediately. 3104 */ 3105 npte &= ~(L2_APX); 3106 vm_page_dirty(m); 3107 } else 3108 npte &= ~(L2_APX); 3109 } 3110 if (!(prot & VM_PROT_EXECUTE)) 3111 npte |= L2_XN; 3112 3113 if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE) 3114 npte |= pte_l2_s_cache_mode; 3115 } 3116 3117 CTR5(KTR_PMAP,"enter: pmap:%p va:%x prot:%x pte:%x->%x", 3118 pmap, va, prot, opte, npte); 3119 /* 3120 * If this is just a wiring change, the two PTEs will be 3121 * identical, so there's no need to update the page table. 3122 */ 3123 if (npte != opte) { 3124 boolean_t is_cached = pmap_is_current(pmap); 3125 3126 *ptep = npte; 3127 PTE_SYNC(ptep); 3128 if (is_cached) { 3129 /* 3130 * We only need to frob the cache/tlb if this pmap 3131 * is current 3132 */ 3133 if (L1_IDX(va) != L1_IDX(vector_page) && 3134 l2pte_valid(npte)) { 3135 /* 3136 * This mapping is likely to be accessed as 3137 * soon as we return to userland. Fix up the 3138 * L1 entry to avoid taking another 3139 * page/domain fault. 3140 */ 3141 l1pd = l2b->l2b_phys | 3142 L1_C_DOM(pmap->pm_domain) | L1_C_PROTO; 3143 if (*pl1pd != l1pd) { 3144 *pl1pd = l1pd; 3145 PTE_SYNC(pl1pd); 3146 } 3147 } 3148 } 3149 3150 if (is_exec) 3151 cpu_tlb_flushID_SE(va); 3152 else if (is_refd) 3153 cpu_tlb_flushD_SE(va); 3154 } 3155 3156 if ((pmap != pmap_kernel()) && (pmap == &curproc->p_vmspace->vm_pmap)) 3157 cpu_icache_sync_range(va, PAGE_SIZE); 3158 /* 3159 * If both the l2b_occupancy and the reservation are fully 3160 * populated, then attempt promotion. 3161 */ 3162 if ((l2b->l2b_occupancy == L2_PTE_NUM_TOTAL) && 3163 sp_enabled && (m->flags & PG_FICTITIOUS) == 0 && 3164 vm_reserv_level_iffullpop(m) == 0) 3165 pmap_promote_section(pmap, va); 3166} 3167 3168/* 3169 * Maps a sequence of resident pages belonging to the same object. 3170 * The sequence begins with the given page m_start. This page is 3171 * mapped at the given virtual address start. Each subsequent page is 3172 * mapped at a virtual address that is offset from start by the same 3173 * amount as the page is offset from m_start within the object. The 3174 * last page in the sequence is the page with the largest offset from 3175 * m_start that can be mapped at a virtual address less than the given 3176 * virtual address end. Not every virtual page between start and end 3177 * is mapped; only those for which a resident page exists with the 3178 * corresponding offset from m_start are mapped. 3179 */ 3180void 3181pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end, 3182 vm_page_t m_start, vm_prot_t prot) 3183{ 3184 vm_offset_t va; 3185 vm_page_t m; 3186 vm_pindex_t diff, psize; 3187 vm_prot_t access; 3188 3189 VM_OBJECT_ASSERT_LOCKED(m_start->object); 3190 3191 psize = atop(end - start); 3192 m = m_start; 3193 access = prot = prot & (VM_PROT_READ | VM_PROT_EXECUTE); 3194 rw_wlock(&pvh_global_lock); 3195 PMAP_LOCK(pmap); 3196 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) { 3197 va = start + ptoa(diff); 3198 if ((va & L1_S_OFFSET) == 0 && L2_NEXT_BUCKET(va) <= end && 3199 (VM_PAGE_TO_PHYS(m) & L1_S_OFFSET) == 0 && 3200 sp_enabled && vm_reserv_level_iffullpop(m) == 0 && 3201 pmap_enter_section(pmap, va, m, prot)) 3202 m = &m[L1_S_SIZE / PAGE_SIZE - 1]; 3203 else 3204 pmap_enter_locked(pmap, va, access, m, prot, 3205 FALSE, M_NOWAIT); 3206 m = TAILQ_NEXT(m, listq); 3207 } 3208 PMAP_UNLOCK(pmap); 3209 rw_wunlock(&pvh_global_lock); 3210} 3211 3212/* 3213 * this code makes some *MAJOR* assumptions: 3214 * 1. Current pmap & pmap exists. 3215 * 2. Not wired. 3216 * 3. Read access. 3217 * 4. No page table pages. 3218 * but is *MUCH* faster than pmap_enter... 3219 */ 3220 3221void 3222pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot) 3223{ 3224 vm_prot_t access; 3225 3226 access = prot = prot & (VM_PROT_READ | VM_PROT_EXECUTE); 3227 rw_wlock(&pvh_global_lock); 3228 PMAP_LOCK(pmap); 3229 pmap_enter_locked(pmap, va, access, m, prot, FALSE, M_NOWAIT); 3230 PMAP_UNLOCK(pmap); 3231 rw_wunlock(&pvh_global_lock); 3232} 3233 3234/* 3235 * Routine: pmap_change_wiring 3236 * Function: Change the wiring attribute for a map/virtual-address 3237 * pair. 3238 * In/out conditions: 3239 * The mapping must already exist in the pmap. 3240 */ 3241void 3242pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired) 3243{ 3244 struct l2_bucket *l2b; 3245 struct md_page *pvh; 3246 struct pv_entry *pve; 3247 pd_entry_t *pl1pd, l1pd; 3248 pt_entry_t *ptep, pte; 3249 vm_page_t m; 3250 3251 rw_wlock(&pvh_global_lock); 3252 PMAP_LOCK(pmap); 3253 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 3254 l1pd = *pl1pd; 3255 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 3256 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME); 3257 KASSERT((m != NULL) && ((m->oflags & VPO_UNMANAGED) == 0), 3258 ("pmap_change_wiring: unmanaged superpage should not " 3259 "be changed")); 3260 KASSERT(pmap != pmap_kernel(), 3261 ("pmap_change_wiring: managed kernel superpage " 3262 "should not exist")); 3263 pvh = pa_to_pvh(l1pd & L1_S_FRAME); 3264 pve = pmap_find_pv(pvh, pmap, trunc_1mpage(va)); 3265 if (!wired != ((pve->pv_flags & PVF_WIRED) == 0)) { 3266 if (!pmap_demote_section(pmap, va)) 3267 panic("pmap_change_wiring: demotion failed"); 3268 } else 3269 goto out; 3270 } 3271 l2b = pmap_get_l2_bucket(pmap, va); 3272 KASSERT(l2b, ("No l2b bucket in pmap_change_wiring")); 3273 ptep = &l2b->l2b_kva[l2pte_index(va)]; 3274 pte = *ptep; 3275 m = PHYS_TO_VM_PAGE(l2pte_pa(pte)); 3276 if (m != NULL) 3277 pmap_modify_pv(m, pmap, va, PVF_WIRED, 3278 wired == TRUE ? PVF_WIRED : 0); 3279out: 3280 rw_wunlock(&pvh_global_lock); 3281 PMAP_UNLOCK(pmap); 3282} 3283 3284 3285/* 3286 * Copy the range specified by src_addr/len 3287 * from the source map to the range dst_addr/len 3288 * in the destination map. 3289 * 3290 * This routine is only advisory and need not do anything. 3291 */ 3292void 3293pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, 3294 vm_size_t len, vm_offset_t src_addr) 3295{ 3296} 3297 3298 3299/* 3300 * Routine: pmap_extract 3301 * Function: 3302 * Extract the physical page address associated 3303 * with the given map/virtual_address pair. 3304 */ 3305vm_paddr_t 3306pmap_extract(pmap_t pmap, vm_offset_t va) 3307{ 3308 vm_paddr_t pa; 3309 3310 if (kernel_vm_end != 0) 3311 PMAP_LOCK(pmap); 3312 pa = pmap_extract_locked(pmap, va); 3313 if (kernel_vm_end != 0) 3314 PMAP_UNLOCK(pmap); 3315 return (pa); 3316} 3317 3318static vm_paddr_t 3319pmap_extract_locked(pmap_t pmap, vm_offset_t va) 3320{ 3321 struct l2_dtable *l2; 3322 pd_entry_t l1pd; 3323 pt_entry_t *ptep, pte; 3324 vm_paddr_t pa; 3325 u_int l1idx; 3326 3327 if (kernel_vm_end != 0 && pmap != kernel_pmap) 3328 PMAP_ASSERT_LOCKED(pmap); 3329 l1idx = L1_IDX(va); 3330 l1pd = pmap->pm_l1->l1_kva[l1idx]; 3331 if (l1pte_section_p(l1pd)) { 3332 /* 3333 * These should only happen for the kernel pmap. 3334 */ 3335 KASSERT(pmap == kernel_pmap, ("unexpected section")); 3336 /* XXX: what to do about the bits > 32 ? */ 3337 if (l1pd & L1_S_SUPERSEC) 3338 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET); 3339 else 3340 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET); 3341 } else { 3342 /* 3343 * Note that we can't rely on the validity of the L1 3344 * descriptor as an indication that a mapping exists. 3345 * We have to look it up in the L2 dtable. 3346 */ 3347 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 3348 if (l2 == NULL || 3349 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) 3350 return (0); 3351 pte = ptep[l2pte_index(va)]; 3352 if (pte == 0) 3353 return (0); 3354 switch (pte & L2_TYPE_MASK) { 3355 case L2_TYPE_L: 3356 pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET); 3357 break; 3358 default: 3359 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET); 3360 break; 3361 } 3362 } 3363 return (pa); 3364} 3365 3366/* 3367 * Atomically extract and hold the physical page with the given 3368 * pmap and virtual address pair if that mapping permits the given 3369 * protection. 3370 * 3371 */ 3372vm_page_t 3373pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot) 3374{ 3375 struct l2_dtable *l2; 3376 pd_entry_t l1pd; 3377 pt_entry_t *ptep, pte; 3378 vm_paddr_t pa, paddr; 3379 vm_page_t m = NULL; 3380 u_int l1idx; 3381 l1idx = L1_IDX(va); 3382 paddr = 0; 3383 3384 PMAP_LOCK(pmap); 3385retry: 3386 l1pd = pmap->pm_l1->l1_kva[l1idx]; 3387 if (l1pte_section_p(l1pd)) { 3388 /* XXX: what to do about the bits > 32 ? */ 3389 if (l1pd & L1_S_SUPERSEC) 3390 pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET); 3391 else 3392 pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET); 3393 if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr)) 3394 goto retry; 3395 if (L1_S_WRITABLE(l1pd) || (prot & VM_PROT_WRITE) == 0) { 3396 m = PHYS_TO_VM_PAGE(pa); 3397 vm_page_hold(m); 3398 } 3399 } else { 3400 /* 3401 * Note that we can't rely on the validity of the L1 3402 * descriptor as an indication that a mapping exists. 3403 * We have to look it up in the L2 dtable. 3404 */ 3405 l2 = pmap->pm_l2[L2_IDX(l1idx)]; 3406 3407 if (l2 == NULL || 3408 (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) { 3409 PMAP_UNLOCK(pmap); 3410 return (NULL); 3411 } 3412 3413 ptep = &ptep[l2pte_index(va)]; 3414 pte = *ptep; 3415 3416 if (pte == 0) { 3417 PMAP_UNLOCK(pmap); 3418 return (NULL); 3419 } else if ((prot & VM_PROT_WRITE) && (pte & L2_APX)) { 3420 PMAP_UNLOCK(pmap); 3421 return (NULL); 3422 } else { 3423 switch (pte & L2_TYPE_MASK) { 3424 case L2_TYPE_L: 3425 panic("extract and hold section mapping"); 3426 break; 3427 default: 3428 pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET); 3429 break; 3430 } 3431 if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr)) 3432 goto retry; 3433 m = PHYS_TO_VM_PAGE(pa); 3434 vm_page_hold(m); 3435 } 3436 3437 } 3438 3439 PMAP_UNLOCK(pmap); 3440 PA_UNLOCK_COND(paddr); 3441 return (m); 3442} 3443 3444/* 3445 * Initialize a preallocated and zeroed pmap structure, 3446 * such as one in a vmspace structure. 3447 */ 3448 3449int 3450pmap_pinit(pmap_t pmap) 3451{ 3452 PDEBUG(1, printf("pmap_pinit: pmap = %08x\n", (uint32_t) pmap)); 3453 3454 pmap_alloc_l1(pmap); 3455 bzero(pmap->pm_l2, sizeof(pmap->pm_l2)); 3456 3457 CPU_ZERO(&pmap->pm_active); 3458 3459 TAILQ_INIT(&pmap->pm_pvchunk); 3460 bzero(&pmap->pm_stats, sizeof pmap->pm_stats); 3461 pmap->pm_stats.resident_count = 1; 3462 if (vector_page < KERNBASE) { 3463 pmap_enter(pmap, vector_page, 3464 VM_PROT_READ, PHYS_TO_VM_PAGE(systempage.pv_pa), 3465 VM_PROT_READ, 1); 3466 } 3467 return (1); 3468} 3469 3470 3471/*************************************************** 3472 * Superpage management routines. 3473 ***************************************************/ 3474 3475static PMAP_INLINE struct pv_entry * 3476pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va) 3477{ 3478 pv_entry_t pv; 3479 3480 rw_assert(&pvh_global_lock, RA_WLOCKED); 3481 3482 pv = pmap_find_pv(pvh, pmap, va); 3483 if (pv != NULL) 3484 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list); 3485 3486 return (pv); 3487} 3488 3489static void 3490pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va) 3491{ 3492 pv_entry_t pv; 3493 3494 pv = pmap_pvh_remove(pvh, pmap, va); 3495 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found")); 3496 pmap_free_pv_entry(pmap, pv); 3497} 3498 3499static boolean_t 3500pmap_pv_insert_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa) 3501{ 3502 struct md_page *pvh; 3503 pv_entry_t pv; 3504 3505 rw_assert(&pvh_global_lock, RA_WLOCKED); 3506 if (pv_entry_count < pv_entry_high_water && 3507 (pv = pmap_get_pv_entry(pmap, TRUE)) != NULL) { 3508 pv->pv_va = va; 3509 pvh = pa_to_pvh(pa); 3510 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list); 3511 return (TRUE); 3512 } else 3513 return (FALSE); 3514} 3515 3516/* 3517 * Create the pv entries for each of the pages within a superpage. 3518 */ 3519static void 3520pmap_pv_demote_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa) 3521{ 3522 struct md_page *pvh; 3523 pv_entry_t pve, pv; 3524 vm_offset_t va_last; 3525 vm_page_t m; 3526 3527 rw_assert(&pvh_global_lock, RA_WLOCKED); 3528 KASSERT((pa & L1_S_OFFSET) == 0, 3529 ("pmap_pv_demote_section: pa is not 1mpage aligned")); 3530 3531 /* 3532 * Transfer the 1mpage's pv entry for this mapping to the first 3533 * page's pv list. 3534 */ 3535 pvh = pa_to_pvh(pa); 3536 va = trunc_1mpage(va); 3537 pv = pmap_pvh_remove(pvh, pmap, va); 3538 KASSERT(pv != NULL, ("pmap_pv_demote_section: pv not found")); 3539 m = PHYS_TO_VM_PAGE(pa); 3540 TAILQ_INSERT_HEAD(&m->md.pv_list, pv, pv_list); 3541 /* Instantiate the remaining pv entries. */ 3542 va_last = L2_NEXT_BUCKET(va) - PAGE_SIZE; 3543 do { 3544 m++; 3545 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 3546 ("pmap_pv_demote_section: page %p is not managed", m)); 3547 va += PAGE_SIZE; 3548 pve = pmap_get_pv_entry(pmap, FALSE); 3549 pmap_enter_pv(m, pve, pmap, va, pv->pv_flags); 3550 } while (va < va_last); 3551} 3552 3553static void 3554pmap_pv_promote_section(pmap_t pmap, vm_offset_t va, vm_paddr_t pa) 3555{ 3556 struct md_page *pvh; 3557 pv_entry_t pv; 3558 vm_offset_t va_last; 3559 vm_page_t m; 3560 3561 rw_assert(&pvh_global_lock, RA_WLOCKED); 3562 KASSERT((pa & L1_S_OFFSET) == 0, 3563 ("pmap_pv_promote_section: pa is not 1mpage aligned")); 3564 3565 /* 3566 * Transfer the first page's pv entry for this mapping to the 3567 * 1mpage's pv list. Aside from avoiding the cost of a call 3568 * to get_pv_entry(), a transfer avoids the possibility that 3569 * get_pv_entry() calls pmap_pv_reclaim() and that pmap_pv_reclaim() 3570 * removes one of the mappings that is being promoted. 3571 */ 3572 m = PHYS_TO_VM_PAGE(pa); 3573 va = trunc_1mpage(va); 3574 pv = pmap_pvh_remove(&m->md, pmap, va); 3575 KASSERT(pv != NULL, ("pmap_pv_promote_section: pv not found")); 3576 pvh = pa_to_pvh(pa); 3577 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list); 3578 /* Free the remaining pv entries in the newly mapped section pages */ 3579 va_last = L2_NEXT_BUCKET(va) - PAGE_SIZE; 3580 do { 3581 m++; 3582 va += PAGE_SIZE; 3583 /* 3584 * Don't care the flags, first pv contains sufficient 3585 * information for all of the pages so nothing is really lost. 3586 */ 3587 pmap_pvh_free(&m->md, pmap, va); 3588 } while (va < va_last); 3589} 3590 3591/* 3592 * Tries to create a 1MB page mapping. Returns TRUE if successful and 3593 * FALSE otherwise. Fails if (1) page is unmanageg, kernel pmap or vectors 3594 * page, (2) a mapping already exists at the specified virtual address, or 3595 * (3) a pv entry cannot be allocated without reclaiming another pv entry. 3596 */ 3597static boolean_t 3598pmap_enter_section(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot) 3599{ 3600 pd_entry_t *pl1pd; 3601 vm_offset_t pa; 3602 struct l2_bucket *l2b; 3603 3604 rw_assert(&pvh_global_lock, RA_WLOCKED); 3605 PMAP_ASSERT_LOCKED(pmap); 3606 3607 /* Skip kernel, vectors page and unmanaged mappings */ 3608 if ((pmap == pmap_kernel()) || (L1_IDX(va) == L1_IDX(vector_page)) || 3609 ((m->oflags & VPO_UNMANAGED) != 0)) { 3610 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx" 3611 " in pmap %p", va, pmap); 3612 return (FALSE); 3613 } 3614 /* 3615 * Check whether this is a valid section superpage entry or 3616 * there is a l2_bucket associated with that L1 page directory. 3617 */ 3618 va = trunc_1mpage(va); 3619 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 3620 l2b = pmap_get_l2_bucket(pmap, va); 3621 if ((*pl1pd & L1_S_PROTO) || (l2b != NULL)) { 3622 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx" 3623 " in pmap %p", va, pmap); 3624 return (FALSE); 3625 } 3626 pa = VM_PAGE_TO_PHYS(m); 3627 /* 3628 * Abort this mapping if its PV entry could not be created. 3629 */ 3630 if (!pmap_pv_insert_section(pmap, va, VM_PAGE_TO_PHYS(m))) { 3631 CTR2(KTR_PMAP, "pmap_enter_section: failure for va %#lx" 3632 " in pmap %p", va, pmap); 3633 return (FALSE); 3634 } 3635 /* 3636 * Increment counters. 3637 */ 3638 pmap->pm_stats.resident_count += L2_PTE_NUM_TOTAL; 3639 /* 3640 * Despite permissions, mark the superpage read-only. 3641 */ 3642 prot &= ~VM_PROT_WRITE; 3643 /* 3644 * Map the superpage. 3645 */ 3646 pmap_map_section(pmap, va, pa, prot, FALSE); 3647 3648 pmap_section_mappings++; 3649 CTR2(KTR_PMAP, "pmap_enter_section: success for va %#lx" 3650 " in pmap %p", va, pmap); 3651 return (TRUE); 3652} 3653 3654/* 3655 * pmap_remove_section: do the things to unmap a superpage in a process 3656 */ 3657static void 3658pmap_remove_section(pmap_t pmap, vm_offset_t sva) 3659{ 3660 struct md_page *pvh; 3661 struct l2_bucket *l2b; 3662 pd_entry_t *pl1pd, l1pd; 3663 vm_offset_t eva, va; 3664 vm_page_t m; 3665 3666 PMAP_ASSERT_LOCKED(pmap); 3667 if ((pmap == pmap_kernel()) || (L1_IDX(sva) == L1_IDX(vector_page))) 3668 return; 3669 3670 KASSERT((sva & L1_S_OFFSET) == 0, 3671 ("pmap_remove_section: sva is not 1mpage aligned")); 3672 3673 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)]; 3674 l1pd = *pl1pd; 3675 3676 m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME); 3677 KASSERT((m != NULL && ((m->oflags & VPO_UNMANAGED) == 0)), 3678 ("pmap_remove_section: no corresponding vm_page or " 3679 "page unmanaged")); 3680 3681 pmap->pm_stats.resident_count -= L2_PTE_NUM_TOTAL; 3682 pvh = pa_to_pvh(l1pd & L1_S_FRAME); 3683 pmap_pvh_free(pvh, pmap, sva); 3684 eva = L2_NEXT_BUCKET(sva); 3685 for (va = sva, m = PHYS_TO_VM_PAGE(l1pd & L1_S_FRAME); 3686 va < eva; va += PAGE_SIZE, m++) { 3687 /* 3688 * Mark base pages referenced but skip marking them dirty. 3689 * If the superpage is writeable, hence all base pages were 3690 * already marked as dirty in pmap_fault_fixup() before 3691 * promotion. Reference bit however, might not have been set 3692 * for each base page when the superpage was created at once, 3693 * not as a result of promotion. 3694 */ 3695 if (L1_S_REFERENCED(l1pd)) 3696 vm_page_aflag_set(m, PGA_REFERENCED); 3697 if (TAILQ_EMPTY(&m->md.pv_list) && 3698 TAILQ_EMPTY(&pvh->pv_list)) 3699 vm_page_aflag_clear(m, PGA_WRITEABLE); 3700 } 3701 3702 l2b = pmap_get_l2_bucket(pmap, sva); 3703 if (l2b != NULL) { 3704 KASSERT(l2b->l2b_occupancy == L2_PTE_NUM_TOTAL, 3705 ("pmap_remove_section: l2_bucket occupancy error")); 3706 pmap_free_l2_bucket(pmap, l2b, L2_PTE_NUM_TOTAL); 3707 /* 3708 * Now invalidate L1 slot as it was not invalidated in 3709 * pmap_free_l2_bucket() due to L1_TYPE mismatch. 3710 */ 3711 *pl1pd = 0; 3712 PTE_SYNC(pl1pd); 3713 } 3714} 3715 3716/* 3717 * Tries to promote the 256, contiguous 4KB page mappings that are 3718 * within a single l2_bucket to a single 1MB section mapping. 3719 * For promotion to occur, two conditions must be met: (1) the 4KB page 3720 * mappings must map aligned, contiguous physical memory and (2) the 4KB page 3721 * mappings must have identical characteristics. 3722 */ 3723static void 3724pmap_promote_section(pmap_t pmap, vm_offset_t va) 3725{ 3726 pt_entry_t *firstptep, firstpte, oldpte, pa, *pte; 3727 vm_page_t m, oldm; 3728 vm_offset_t first_va, old_va; 3729 struct l2_bucket *l2b = NULL; 3730 vm_prot_t prot; 3731 struct pv_entry *pve, *first_pve; 3732 3733 PMAP_ASSERT_LOCKED(pmap); 3734 3735 prot = VM_PROT_ALL; 3736 /* 3737 * Skip promoting kernel pages. This is justified by following: 3738 * 1. Kernel is already mapped using section mappings in each pmap 3739 * 2. Managed mappings within the kernel are not to be promoted anyway 3740 */ 3741 if (pmap == pmap_kernel()) { 3742 pmap_section_p_failures++; 3743 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x" 3744 " in pmap %p", va, pmap); 3745 return; 3746 } 3747 /* Do not attemp to promote vectors pages */ 3748 if (L1_IDX(va) == L1_IDX(vector_page)) { 3749 pmap_section_p_failures++; 3750 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x" 3751 " in pmap %p", va, pmap); 3752 return; 3753 } 3754 /* 3755 * Examine the first PTE in the specified l2_bucket. Abort if this PTE 3756 * is either invalid, unused, or does not map the first 4KB physical 3757 * page within 1MB page. 3758 */ 3759 first_va = trunc_1mpage(va); 3760 l2b = pmap_get_l2_bucket(pmap, first_va); 3761 KASSERT(l2b != NULL, ("pmap_promote_section: trying to promote " 3762 "not existing l2 bucket")); 3763 firstptep = &l2b->l2b_kva[0]; 3764 3765 firstpte = *firstptep; 3766 if ((l2pte_pa(firstpte) & L1_S_OFFSET) != 0) { 3767 pmap_section_p_failures++; 3768 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x" 3769 " in pmap %p", va, pmap); 3770 return; 3771 } 3772 3773 if ((firstpte & (L2_S_PROTO | L2_S_REF)) != (L2_S_PROTO | L2_S_REF)) { 3774 pmap_section_p_failures++; 3775 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x" 3776 " in pmap %p", va, pmap); 3777 return; 3778 } 3779 /* 3780 * ARM uses pv_entry to mark particular mapping WIRED so don't promote 3781 * unmanaged pages since it is impossible to determine, whether the 3782 * page is wired or not if there is no corresponding pv_entry. 3783 */ 3784 m = PHYS_TO_VM_PAGE(l2pte_pa(firstpte)); 3785 if (m && ((m->oflags & VPO_UNMANAGED) != 0)) { 3786 pmap_section_p_failures++; 3787 CTR2(KTR_PMAP, "pmap_promote_section: failure for va %#x" 3788 " in pmap %p", va, pmap); 3789 return; 3790 } 3791 first_pve = pmap_find_pv(&m->md, pmap, first_va); 3792 /* 3793 * PTE is modified only on write due to modified bit 3794 * emulation. If the entry is referenced and writable 3795 * then it is modified and we don't clear write enable. 3796 * Otherwise, writing is disabled in PTE anyway and 3797 * we just configure protections for the section mapping 3798 * that is going to be created. 3799 */ 3800 if (!L2_S_WRITABLE(firstpte) && (first_pve->pv_flags & PVF_WRITE)) { 3801 first_pve->pv_flags &= ~PVF_WRITE; 3802 prot &= ~VM_PROT_WRITE; 3803 } 3804 3805 if (!L2_S_EXECUTABLE(firstpte)) 3806 prot &= ~VM_PROT_EXECUTE; 3807 3808 /* 3809 * Examine each of the other PTEs in the specified l2_bucket. 3810 * Abort if this PTE maps an unexpected 4KB physical page or 3811 * does not have identical characteristics to the first PTE. 3812 */ 3813 pa = l2pte_pa(firstpte) + ((L2_PTE_NUM_TOTAL - 1) * PAGE_SIZE); 3814 old_va = L2_NEXT_BUCKET(first_va) - PAGE_SIZE; 3815 3816 for (pte = (firstptep + L2_PTE_NUM_TOTAL - 1); pte > firstptep; pte--) { 3817 oldpte = *pte; 3818 if (l2pte_pa(oldpte) != pa) { 3819 pmap_section_p_failures++; 3820 CTR2(KTR_PMAP, "pmap_promote_section: failure for " 3821 "va %#x in pmap %p", va, pmap); 3822 return; 3823 } 3824 if ((oldpte & L2_S_PROMOTE) != (firstpte & L2_S_PROMOTE)) { 3825 pmap_section_p_failures++; 3826 CTR2(KTR_PMAP, "pmap_promote_section: failure for " 3827 "va %#x in pmap %p", va, pmap); 3828 return; 3829 } 3830 oldm = PHYS_TO_VM_PAGE(l2pte_pa(oldpte)); 3831 if (oldm && ((oldm->oflags & VPO_UNMANAGED) != 0)) { 3832 pmap_section_p_failures++; 3833 CTR2(KTR_PMAP, "pmap_promote_section: failure for " 3834 "va %#x in pmap %p", va, pmap); 3835 return; 3836 } 3837 3838 pve = pmap_find_pv(&oldm->md, pmap, old_va); 3839 if (pve == NULL) { 3840 pmap_section_p_failures++; 3841 CTR2(KTR_PMAP, "pmap_promote_section: failure for " 3842 "va %#x old_va %x - no pve", va, old_va); 3843 return; 3844 } 3845 3846 if (!L2_S_WRITABLE(oldpte) && (pve->pv_flags & PVF_WRITE)) 3847 pve->pv_flags &= ~PVF_WRITE; 3848 3849 old_va -= PAGE_SIZE; 3850 pa -= PAGE_SIZE; 3851 } 3852 /* 3853 * Promote the pv entries. 3854 */ 3855 pmap_pv_promote_section(pmap, first_va, l2pte_pa(firstpte)); 3856 /* 3857 * Map the superpage. 3858 */ 3859 pmap_map_section(pmap, first_va, l2pte_pa(firstpte), prot, TRUE); 3860 pmap_section_promotions++; 3861 CTR2(KTR_PMAP, "pmap_promote_section: success for va %#x" 3862 " in pmap %p", first_va, pmap); 3863} 3864 3865/* 3866 * Fills a l2_bucket with mappings to consecutive physical pages. 3867 */ 3868static void 3869pmap_fill_l2b(struct l2_bucket *l2b, pt_entry_t newpte) 3870{ 3871 pt_entry_t *ptep; 3872 int i; 3873 3874 for (i = 0; i < L2_PTE_NUM_TOTAL; i++) { 3875 ptep = &l2b->l2b_kva[i]; 3876 *ptep = newpte; 3877 PTE_SYNC(ptep); 3878 3879 newpte += PAGE_SIZE; 3880 } 3881 3882 l2b->l2b_occupancy = L2_PTE_NUM_TOTAL; 3883} 3884 3885/* 3886 * Tries to demote a 1MB section mapping. If demotion fails, the 3887 * 1MB section mapping is invalidated. 3888 */ 3889static boolean_t 3890pmap_demote_section(pmap_t pmap, vm_offset_t va) 3891{ 3892 struct l2_bucket *l2b; 3893 struct pv_entry *l1pdpve; 3894 struct md_page *pvh; 3895 pd_entry_t *pl1pd, l1pd; 3896 pt_entry_t *firstptep, newpte; 3897 vm_offset_t pa; 3898 vm_page_t m; 3899 3900 PMAP_ASSERT_LOCKED(pmap); 3901 /* 3902 * According to assumptions described in pmap_promote_section, 3903 * kernel is and always should be mapped using 1MB section mappings. 3904 * What more, managed kernel pages were not to be promoted. 3905 */ 3906 KASSERT(pmap != pmap_kernel() && L1_IDX(va) != L1_IDX(vector_page), 3907 ("pmap_demote_section: forbidden section mapping")); 3908 3909 va = trunc_1mpage(va); 3910 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 3911 l1pd = *pl1pd; 3912 KASSERT((l1pd & L1_TYPE_MASK) == L1_S_PROTO, 3913 ("pmap_demote_section: not section or invalid section")); 3914 3915 pa = l1pd & L1_S_FRAME; 3916 m = PHYS_TO_VM_PAGE(pa); 3917 KASSERT((m != NULL && (m->oflags & VPO_UNMANAGED) == 0), 3918 ("pmap_demote_section: no vm_page for selected superpage or" 3919 "unmanaged")); 3920 3921 pvh = pa_to_pvh(pa); 3922 l1pdpve = pmap_find_pv(pvh, pmap, va); 3923 KASSERT(l1pdpve != NULL, ("pmap_demote_section: no pv entry for " 3924 "managed page")); 3925 3926 l2b = pmap_get_l2_bucket(pmap, va); 3927 if (l2b == NULL) { 3928 KASSERT((l1pdpve->pv_flags & PVF_WIRED) == 0, 3929 ("pmap_demote_section: No l2_bucket for wired mapping")); 3930 /* 3931 * Invalidate the 1MB section mapping and return 3932 * "failure" if the mapping was never accessed or the 3933 * allocation of the new l2_bucket fails. 3934 */ 3935 if (!L1_S_REFERENCED(l1pd) || 3936 (l2b = pmap_alloc_l2_bucket(pmap, va)) == NULL) { 3937 /* Unmap and invalidate superpage. */ 3938 pmap_remove_section(pmap, trunc_1mpage(va)); 3939 CTR2(KTR_PMAP, "pmap_demote_section: failure for " 3940 "va %#x in pmap %p", va, pmap); 3941 return (FALSE); 3942 } 3943 } 3944 3945 /* 3946 * Now we should have corresponding l2_bucket available. 3947 * Let's process it to recreate 256 PTEs for each base page 3948 * within superpage. 3949 */ 3950 newpte = pa | L1_S_DEMOTE(l1pd); 3951 if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE) 3952 newpte |= pte_l2_s_cache_mode; 3953 3954 /* 3955 * If the l2_bucket is new, initialize it. 3956 */ 3957 if (l2b->l2b_occupancy == 0) 3958 pmap_fill_l2b(l2b, newpte); 3959 else { 3960 firstptep = &l2b->l2b_kva[0]; 3961 KASSERT(l2pte_pa(*firstptep) == (pa), 3962 ("pmap_demote_section: firstpte and newpte map different " 3963 "physical addresses")); 3964 /* 3965 * If the mapping has changed attributes, update the page table 3966 * entries. 3967 */ 3968 if ((*firstptep & L2_S_PROMOTE) != (L1_S_DEMOTE(l1pd))) 3969 pmap_fill_l2b(l2b, newpte); 3970 } 3971 /* Demote PV entry */ 3972 pmap_pv_demote_section(pmap, va, pa); 3973 3974 /* Now fix-up L1 */ 3975 l1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) | L1_C_PROTO; 3976 *pl1pd = l1pd; 3977 PTE_SYNC(pl1pd); 3978 3979 pmap_section_demotions++; 3980 CTR2(KTR_PMAP, "pmap_demote_section: success for va %#x" 3981 " in pmap %p", va, pmap); 3982 return (TRUE); 3983} 3984 3985/*************************************************** 3986 * page management routines. 3987 ***************************************************/ 3988 3989/* 3990 * We are in a serious low memory condition. Resort to 3991 * drastic measures to free some pages so we can allocate 3992 * another pv entry chunk. 3993 */ 3994static vm_page_t 3995pmap_pv_reclaim(pmap_t locked_pmap) 3996{ 3997 struct pch newtail; 3998 struct pv_chunk *pc; 3999 struct l2_bucket *l2b = NULL; 4000 pmap_t pmap; 4001 pd_entry_t *pl1pd; 4002 pt_entry_t *ptep; 4003 pv_entry_t pv; 4004 vm_offset_t va; 4005 vm_page_t free, m, m_pc; 4006 uint32_t inuse; 4007 int bit, field, freed, idx; 4008 4009 PMAP_ASSERT_LOCKED(locked_pmap); 4010 pmap = NULL; 4011 free = m_pc = NULL; 4012 TAILQ_INIT(&newtail); 4013 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && (pv_vafree == 0 || 4014 free == NULL)) { 4015 TAILQ_REMOVE(&pv_chunks, pc, pc_lru); 4016 if (pmap != pc->pc_pmap) { 4017 if (pmap != NULL) { 4018 cpu_tlb_flushID(); 4019 cpu_cpwait(); 4020 if (pmap != locked_pmap) 4021 PMAP_UNLOCK(pmap); 4022 } 4023 pmap = pc->pc_pmap; 4024 /* Avoid deadlock and lock recursion. */ 4025 if (pmap > locked_pmap) 4026 PMAP_LOCK(pmap); 4027 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap)) { 4028 pmap = NULL; 4029 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru); 4030 continue; 4031 } 4032 } 4033 4034 /* 4035 * Destroy every non-wired, 4 KB page mapping in the chunk. 4036 */ 4037 freed = 0; 4038 for (field = 0; field < _NPCM; field++) { 4039 for (inuse = ~pc->pc_map[field] & pc_freemask[field]; 4040 inuse != 0; inuse &= ~(1UL << bit)) { 4041 bit = ffs(inuse) - 1; 4042 idx = field * sizeof(inuse) * NBBY + bit; 4043 pv = &pc->pc_pventry[idx]; 4044 va = pv->pv_va; 4045 4046 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 4047 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO) 4048 continue; 4049 if (pv->pv_flags & PVF_WIRED) 4050 continue; 4051 4052 l2b = pmap_get_l2_bucket(pmap, va); 4053 KASSERT(l2b != NULL, ("No l2 bucket")); 4054 ptep = &l2b->l2b_kva[l2pte_index(va)]; 4055 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep)); 4056 KASSERT((vm_offset_t)m >= KERNBASE, 4057 ("Trying to access non-existent page " 4058 "va %x pte %x", va, *ptep)); 4059 *ptep = 0; 4060 PTE_SYNC(ptep); 4061 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list); 4062 if (TAILQ_EMPTY(&m->md.pv_list)) 4063 vm_page_aflag_clear(m, PGA_WRITEABLE); 4064 pc->pc_map[field] |= 1UL << bit; 4065 freed++; 4066 } 4067 } 4068 4069 if (freed == 0) { 4070 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru); 4071 continue; 4072 } 4073 /* Every freed mapping is for a 4 KB page. */ 4074 pmap->pm_stats.resident_count -= freed; 4075 PV_STAT(pv_entry_frees += freed); 4076 PV_STAT(pv_entry_spare += freed); 4077 pv_entry_count -= freed; 4078 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list); 4079 for (field = 0; field < _NPCM; field++) 4080 if (pc->pc_map[field] != pc_freemask[field]) { 4081 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, 4082 pc_list); 4083 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru); 4084 4085 /* 4086 * One freed pv entry in locked_pmap is 4087 * sufficient. 4088 */ 4089 if (pmap == locked_pmap) 4090 goto out; 4091 break; 4092 } 4093 if (field == _NPCM) { 4094 PV_STAT(pv_entry_spare -= _NPCPV); 4095 PV_STAT(pc_chunk_count--); 4096 PV_STAT(pc_chunk_frees++); 4097 /* Entire chunk is free; return it. */ 4098 m_pc = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc)); 4099 pmap_qremove((vm_offset_t)pc, 1); 4100 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc); 4101 break; 4102 } 4103 } 4104out: 4105 TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru); 4106 if (pmap != NULL) { 4107 cpu_tlb_flushID(); 4108 cpu_cpwait(); 4109 if (pmap != locked_pmap) 4110 PMAP_UNLOCK(pmap); 4111 } 4112 return (m_pc); 4113} 4114 4115/* 4116 * free the pv_entry back to the free list 4117 */ 4118static void 4119pmap_free_pv_entry(pmap_t pmap, pv_entry_t pv) 4120{ 4121 struct pv_chunk *pc; 4122 int bit, field, idx; 4123 4124 rw_assert(&pvh_global_lock, RA_WLOCKED); 4125 PMAP_ASSERT_LOCKED(pmap); 4126 PV_STAT(pv_entry_frees++); 4127 PV_STAT(pv_entry_spare++); 4128 pv_entry_count--; 4129 pc = pv_to_chunk(pv); 4130 idx = pv - &pc->pc_pventry[0]; 4131 field = idx / (sizeof(u_long) * NBBY); 4132 bit = idx % (sizeof(u_long) * NBBY); 4133 pc->pc_map[field] |= 1ul << bit; 4134 for (idx = 0; idx < _NPCM; idx++) 4135 if (pc->pc_map[idx] != pc_freemask[idx]) { 4136 /* 4137 * 98% of the time, pc is already at the head of the 4138 * list. If it isn't already, move it to the head. 4139 */ 4140 if (__predict_false(TAILQ_FIRST(&pmap->pm_pvchunk) != 4141 pc)) { 4142 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list); 4143 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, 4144 pc_list); 4145 } 4146 return; 4147 } 4148 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list); 4149 pmap_free_pv_chunk(pc); 4150} 4151 4152static void 4153pmap_free_pv_chunk(struct pv_chunk *pc) 4154{ 4155 vm_page_t m; 4156 4157 TAILQ_REMOVE(&pv_chunks, pc, pc_lru); 4158 PV_STAT(pv_entry_spare -= _NPCPV); 4159 PV_STAT(pc_chunk_count--); 4160 PV_STAT(pc_chunk_frees++); 4161 /* entire chunk is free, return it */ 4162 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc)); 4163 pmap_qremove((vm_offset_t)pc, 1); 4164 vm_page_unwire(m, 0); 4165 vm_page_free(m); 4166 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc); 4167 4168} 4169 4170static pv_entry_t 4171pmap_get_pv_entry(pmap_t pmap, boolean_t try) 4172{ 4173 static const struct timeval printinterval = { 60, 0 }; 4174 static struct timeval lastprint; 4175 struct pv_chunk *pc; 4176 pv_entry_t pv; 4177 vm_page_t m; 4178 int bit, field, idx; 4179 4180 rw_assert(&pvh_global_lock, RA_WLOCKED); 4181 PMAP_ASSERT_LOCKED(pmap); 4182 PV_STAT(pv_entry_allocs++); 4183 pv_entry_count++; 4184 4185 if (pv_entry_count > pv_entry_high_water) 4186 if (ratecheck(&lastprint, &printinterval)) 4187 printf("%s: Approaching the limit on PV entries.\n", 4188 __func__); 4189retry: 4190 pc = TAILQ_FIRST(&pmap->pm_pvchunk); 4191 if (pc != NULL) { 4192 for (field = 0; field < _NPCM; field++) { 4193 if (pc->pc_map[field]) { 4194 bit = ffs(pc->pc_map[field]) - 1; 4195 break; 4196 } 4197 } 4198 if (field < _NPCM) { 4199 idx = field * sizeof(pc->pc_map[field]) * NBBY + bit; 4200 pv = &pc->pc_pventry[idx]; 4201 pc->pc_map[field] &= ~(1ul << bit); 4202 /* If this was the last item, move it to tail */ 4203 for (field = 0; field < _NPCM; field++) 4204 if (pc->pc_map[field] != 0) { 4205 PV_STAT(pv_entry_spare--); 4206 return (pv); /* not full, return */ 4207 } 4208 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list); 4209 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list); 4210 PV_STAT(pv_entry_spare--); 4211 return (pv); 4212 } 4213 } 4214 /* 4215 * Access to the ptelist "pv_vafree" is synchronized by the pvh 4216 * global lock. If "pv_vafree" is currently non-empty, it will 4217 * remain non-empty until pmap_ptelist_alloc() completes. 4218 */ 4219 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | 4220 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) { 4221 if (try) { 4222 pv_entry_count--; 4223 PV_STAT(pc_chunk_tryfail++); 4224 return (NULL); 4225 } 4226 m = pmap_pv_reclaim(pmap); 4227 if (m == NULL) 4228 goto retry; 4229 } 4230 PV_STAT(pc_chunk_count++); 4231 PV_STAT(pc_chunk_allocs++); 4232 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree); 4233 pmap_qenter((vm_offset_t)pc, &m, 1); 4234 pc->pc_pmap = pmap; 4235 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */ 4236 for (field = 1; field < _NPCM; field++) 4237 pc->pc_map[field] = pc_freemask[field]; 4238 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru); 4239 pv = &pc->pc_pventry[0]; 4240 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list); 4241 PV_STAT(pv_entry_spare += _NPCPV - 1); 4242 return (pv); 4243} 4244 4245/* 4246 * Remove the given range of addresses from the specified map. 4247 * 4248 * It is assumed that the start and end are properly 4249 * rounded to the page size. 4250 */ 4251#define PMAP_REMOVE_CLEAN_LIST_SIZE 3 4252void 4253pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) 4254{ 4255 struct l2_bucket *l2b; 4256 vm_offset_t next_bucket; 4257 pd_entry_t *pl1pd, l1pd; 4258 pt_entry_t *ptep; 4259 u_int total; 4260 u_int mappings, is_exec, is_refd; 4261 int flushall = 0; 4262 4263 4264 /* 4265 * we lock in the pmap => pv_head direction 4266 */ 4267 4268 rw_wlock(&pvh_global_lock); 4269 PMAP_LOCK(pmap); 4270 total = 0; 4271 while (sva < eva) { 4272 /* 4273 * Check for large page. 4274 */ 4275 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)]; 4276 l1pd = *pl1pd; 4277 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 4278 KASSERT((l1pd & L1_S_DOM_MASK) != 4279 L1_S_DOM(PMAP_DOMAIN_KERNEL), ("pmap_remove: " 4280 "Trying to remove kernel section mapping")); 4281 /* 4282 * Are we removing the entire large page? If not, 4283 * demote the mapping and fall through. 4284 */ 4285 if (sva + L1_S_SIZE == L2_NEXT_BUCKET(sva) && 4286 eva >= L2_NEXT_BUCKET(sva)) { 4287 pmap_remove_section(pmap, sva); 4288 sva = L2_NEXT_BUCKET(sva); 4289 continue; 4290 } else if (!pmap_demote_section(pmap, sva)) { 4291 /* The large page mapping was destroyed. */ 4292 sva = L2_NEXT_BUCKET(sva); 4293 continue; 4294 } 4295 } 4296 /* 4297 * Do one L2 bucket's worth at a time. 4298 */ 4299 next_bucket = L2_NEXT_BUCKET(sva); 4300 if (next_bucket > eva) 4301 next_bucket = eva; 4302 4303 l2b = pmap_get_l2_bucket(pmap, sva); 4304 if (l2b == NULL) { 4305 sva = next_bucket; 4306 continue; 4307 } 4308 4309 ptep = &l2b->l2b_kva[l2pte_index(sva)]; 4310 mappings = 0; 4311 4312 while (sva < next_bucket) { 4313 struct vm_page *m; 4314 pt_entry_t pte; 4315 vm_paddr_t pa; 4316 4317 pte = *ptep; 4318 4319 if (pte == 0) { 4320 /* 4321 * Nothing here, move along 4322 */ 4323 sva += PAGE_SIZE; 4324 ptep++; 4325 continue; 4326 } 4327 4328 pmap->pm_stats.resident_count--; 4329 pa = l2pte_pa(pte); 4330 is_exec = 0; 4331 is_refd = 1; 4332 4333 /* 4334 * Update flags. In a number of circumstances, 4335 * we could cluster a lot of these and do a 4336 * number of sequential pages in one go. 4337 */ 4338 if ((m = PHYS_TO_VM_PAGE(pa)) != NULL) { 4339 struct pv_entry *pve; 4340 4341 pve = pmap_remove_pv(m, pmap, sva); 4342 if (pve) { 4343 is_exec = PTE_BEEN_EXECD(pte); 4344 is_refd = PTE_BEEN_REFD(pte); 4345 pmap_free_pv_entry(pmap, pve); 4346 } 4347 } 4348 4349 if (pmap_is_current(pmap)) { 4350 total++; 4351 if (total < PMAP_REMOVE_CLEAN_LIST_SIZE) { 4352 if (is_exec) 4353 cpu_tlb_flushID_SE(sva); 4354 else if (is_refd) 4355 cpu_tlb_flushD_SE(sva); 4356 } else if (total == PMAP_REMOVE_CLEAN_LIST_SIZE) 4357 flushall = 1; 4358 } 4359 *ptep = 0; 4360 PTE_SYNC(ptep); 4361 4362 sva += PAGE_SIZE; 4363 ptep++; 4364 mappings++; 4365 } 4366 4367 pmap_free_l2_bucket(pmap, l2b, mappings); 4368 } 4369 4370 rw_wunlock(&pvh_global_lock); 4371 if (flushall) 4372 cpu_tlb_flushID(); 4373 PMAP_UNLOCK(pmap); 4374} 4375 4376/* 4377 * pmap_zero_page() 4378 * 4379 * Zero a given physical page by mapping it at a page hook point. 4380 * In doing the zero page op, the page we zero is mapped cachable, as with 4381 * StrongARM accesses to non-cached pages are non-burst making writing 4382 * _any_ bulk data very slow. 4383 */ 4384static void 4385pmap_zero_page_gen(vm_page_t m, int off, int size) 4386{ 4387 4388 vm_paddr_t phys = VM_PAGE_TO_PHYS(m); 4389 if (!TAILQ_EMPTY(&m->md.pv_list)) 4390 panic("pmap_zero_page: page has mappings"); 4391 4392 mtx_lock(&cmtx); 4393 /* 4394 * Hook in the page, zero it, invalidate the TLB as needed. 4395 * 4396 * Note the temporary zero-page mapping must be a non-cached page in 4397 * order to work without corruption when write-allocate is enabled. 4398 */ 4399 *cdst_pte = L2_S_PROTO | phys | pte_l2_s_cache_mode | L2_S_REF; 4400 pmap_set_prot(cdst_pte, VM_PROT_WRITE, 0); 4401 PTE_SYNC(cdst_pte); 4402 cpu_tlb_flushD_SE(cdstp); 4403 cpu_cpwait(); 4404 if (off || size != PAGE_SIZE) 4405 bzero((void *)(cdstp + off), size); 4406 else 4407 bzero_page(cdstp); 4408 4409 /* 4410 * Although aliasing is not possible if we use 4411 * cdstp temporary mappings with memory that 4412 * will be mapped later as non-cached or with write-through 4413 * caches we might end up overwriting it when calling wbinv_all 4414 * So make sure caches are clean after copy operation 4415 */ 4416 cpu_idcache_wbinv_range(cdstp, size); 4417 pmap_l2cache_wbinv_range(cdstp, phys, size); 4418 4419 mtx_unlock(&cmtx); 4420} 4421 4422/* 4423 * pmap_zero_page zeros the specified hardware page by mapping 4424 * the page into KVM and using bzero to clear its contents. 4425 */ 4426void 4427pmap_zero_page(vm_page_t m) 4428{ 4429 pmap_zero_page_gen(m, 0, PAGE_SIZE); 4430} 4431 4432 4433/* 4434 * pmap_zero_page_area zeros the specified hardware page by mapping 4435 * the page into KVM and using bzero to clear its contents. 4436 * 4437 * off and size may not cover an area beyond a single hardware page. 4438 */ 4439void 4440pmap_zero_page_area(vm_page_t m, int off, int size) 4441{ 4442 4443 pmap_zero_page_gen(m, off, size); 4444} 4445 4446 4447/* 4448 * pmap_zero_page_idle zeros the specified hardware page by mapping 4449 * the page into KVM and using bzero to clear its contents. This 4450 * is intended to be called from the vm_pagezero process only and 4451 * outside of Giant. 4452 */ 4453void 4454pmap_zero_page_idle(vm_page_t m) 4455{ 4456 4457 pmap_zero_page(m); 4458} 4459 4460/* 4461 * pmap_copy_page copies the specified (machine independent) 4462 * page by mapping the page into virtual memory and using 4463 * bcopy to copy the page, one machine dependent page at a 4464 * time. 4465 */ 4466 4467/* 4468 * pmap_copy_page() 4469 * 4470 * Copy one physical page into another, by mapping the pages into 4471 * hook points. The same comment regarding cachability as in 4472 * pmap_zero_page also applies here. 4473 */ 4474void 4475pmap_copy_page_generic(vm_paddr_t src, vm_paddr_t dst) 4476{ 4477 /* 4478 * Hold the source page's lock for the duration of the copy 4479 * so that no other mappings can be created while we have a 4480 * potentially aliased mapping. 4481 * Map the pages into the page hook points, copy them, and purge 4482 * the cache for the appropriate page. Invalidate the TLB 4483 * as required. 4484 */ 4485 mtx_lock(&cmtx); 4486 4487 /* For ARMv6 using System bit is deprecated and mapping with AP 4488 * bits set to 0x0 makes page not accessible. csrc_pte is mapped 4489 * read/write until proper mapping defines are created for ARMv6. 4490 */ 4491 *csrc_pte = L2_S_PROTO | src | pte_l2_s_cache_mode | L2_S_REF; 4492 pmap_set_prot(csrc_pte, VM_PROT_READ, 0); 4493 PTE_SYNC(csrc_pte); 4494 4495 *cdst_pte = L2_S_PROTO | dst | pte_l2_s_cache_mode | L2_S_REF; 4496 pmap_set_prot(cdst_pte, VM_PROT_READ | VM_PROT_WRITE, 0); 4497 PTE_SYNC(cdst_pte); 4498 4499 cpu_tlb_flushD_SE(csrcp); 4500 cpu_tlb_flushD_SE(cdstp); 4501 cpu_cpwait(); 4502 4503 /* 4504 * Although aliasing is not possible if we use 4505 * cdstp temporary mappings with memory that 4506 * will be mapped later as non-cached or with write-through 4507 * caches we might end up overwriting it when calling wbinv_all 4508 * So make sure caches are clean after copy operation 4509 */ 4510 bcopy_page(csrcp, cdstp); 4511 4512 cpu_idcache_wbinv_range(cdstp, PAGE_SIZE); 4513 pmap_l2cache_wbinv_range(cdstp, dst, PAGE_SIZE); 4514 4515 mtx_unlock(&cmtx); 4516} 4517 4518int unmapped_buf_allowed = 1; 4519 4520void 4521pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[], 4522 vm_offset_t b_offset, int xfersize) 4523{ 4524 vm_page_t a_pg, b_pg; 4525 vm_offset_t a_pg_offset, b_pg_offset; 4526 int cnt; 4527 4528 mtx_lock(&cmtx); 4529 while (xfersize > 0) { 4530 a_pg = ma[a_offset >> PAGE_SHIFT]; 4531 a_pg_offset = a_offset & PAGE_MASK; 4532 cnt = min(xfersize, PAGE_SIZE - a_pg_offset); 4533 b_pg = mb[b_offset >> PAGE_SHIFT]; 4534 b_pg_offset = b_offset & PAGE_MASK; 4535 cnt = min(cnt, PAGE_SIZE - b_pg_offset); 4536 *csrc_pte = L2_S_PROTO | VM_PAGE_TO_PHYS(a_pg) | 4537 pte_l2_s_cache_mode | L2_S_REF; 4538 pmap_set_prot(csrc_pte, VM_PROT_READ, 0); 4539 PTE_SYNC(csrc_pte); 4540 *cdst_pte = L2_S_PROTO | VM_PAGE_TO_PHYS(b_pg) | 4541 pte_l2_s_cache_mode | L2_S_REF; 4542 pmap_set_prot(cdst_pte, VM_PROT_READ | VM_PROT_WRITE, 0); 4543 PTE_SYNC(cdst_pte); 4544 cpu_tlb_flushD_SE(csrcp); 4545 cpu_tlb_flushD_SE(cdstp); 4546 cpu_cpwait(); 4547 bcopy((char *)csrcp + a_pg_offset, (char *)cdstp + b_pg_offset, 4548 cnt); 4549 cpu_idcache_wbinv_range(cdstp + b_pg_offset, cnt); 4550 pmap_l2cache_wbinv_range(cdstp + b_pg_offset, 4551 VM_PAGE_TO_PHYS(b_pg) + b_pg_offset, cnt); 4552 xfersize -= cnt; 4553 a_offset += cnt; 4554 b_offset += cnt; 4555 } 4556 mtx_unlock(&cmtx); 4557} 4558 4559void 4560pmap_copy_page(vm_page_t src, vm_page_t dst) 4561{ 4562 4563 if (_arm_memcpy && PAGE_SIZE >= _min_memcpy_size && 4564 _arm_memcpy((void *)VM_PAGE_TO_PHYS(dst), 4565 (void *)VM_PAGE_TO_PHYS(src), PAGE_SIZE, IS_PHYSICAL) == 0) 4566 return; 4567 4568 pmap_copy_page_generic(VM_PAGE_TO_PHYS(src), VM_PAGE_TO_PHYS(dst)); 4569} 4570 4571/* 4572 * this routine returns true if a physical page resides 4573 * in the given pmap. 4574 */ 4575boolean_t 4576pmap_page_exists_quick(pmap_t pmap, vm_page_t m) 4577{ 4578 struct md_page *pvh; 4579 pv_entry_t pv; 4580 int loops = 0; 4581 boolean_t rv; 4582 4583 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4584 ("pmap_page_exists_quick: page %p is not managed", m)); 4585 rv = FALSE; 4586 rw_wlock(&pvh_global_lock); 4587 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) { 4588 if (PV_PMAP(pv) == pmap) { 4589 rv = TRUE; 4590 break; 4591 } 4592 loops++; 4593 if (loops >= 16) 4594 break; 4595 } 4596 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) { 4597 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m)); 4598 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) { 4599 if (PV_PMAP(pv) == pmap) { 4600 rv = TRUE; 4601 break; 4602 } 4603 loops++; 4604 if (loops >= 16) 4605 break; 4606 } 4607 } 4608 rw_wunlock(&pvh_global_lock); 4609 return (rv); 4610} 4611 4612/* 4613 * pmap_page_wired_mappings: 4614 * 4615 * Return the number of managed mappings to the given physical page 4616 * that are wired. 4617 */ 4618int 4619pmap_page_wired_mappings(vm_page_t m) 4620{ 4621 int count; 4622 4623 count = 0; 4624 if ((m->oflags & VPO_UNMANAGED) != 0) 4625 return (count); 4626 rw_wlock(&pvh_global_lock); 4627 count = pmap_pvh_wired_mappings(&m->md, count); 4628 if ((m->flags & PG_FICTITIOUS) == 0) { 4629 count = pmap_pvh_wired_mappings(pa_to_pvh(VM_PAGE_TO_PHYS(m)), 4630 count); 4631 } 4632 rw_wunlock(&pvh_global_lock); 4633 return (count); 4634} 4635 4636/* 4637 * pmap_pvh_wired_mappings: 4638 * 4639 * Return the updated number "count" of managed mappings that are wired. 4640 */ 4641static int 4642pmap_pvh_wired_mappings(struct md_page *pvh, int count) 4643{ 4644 pv_entry_t pv; 4645 4646 rw_assert(&pvh_global_lock, RA_WLOCKED); 4647 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) { 4648 if ((pv->pv_flags & PVF_WIRED) != 0) 4649 count++; 4650 } 4651 return (count); 4652} 4653 4654/* 4655 * Returns TRUE if any of the given mappings were referenced and FALSE 4656 * otherwise. Both page and section mappings are supported. 4657 */ 4658static boolean_t 4659pmap_is_referenced_pvh(struct md_page *pvh) 4660{ 4661 struct l2_bucket *l2b; 4662 pv_entry_t pv; 4663 pd_entry_t *pl1pd; 4664 pt_entry_t *ptep; 4665 pmap_t pmap; 4666 boolean_t rv; 4667 4668 rw_assert(&pvh_global_lock, RA_WLOCKED); 4669 rv = FALSE; 4670 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) { 4671 pmap = PV_PMAP(pv); 4672 PMAP_LOCK(pmap); 4673 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)]; 4674 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO) 4675 rv = L1_S_REFERENCED(*pl1pd); 4676 else { 4677 l2b = pmap_get_l2_bucket(pmap, pv->pv_va); 4678 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)]; 4679 rv = L2_S_REFERENCED(*ptep); 4680 } 4681 PMAP_UNLOCK(pmap); 4682 if (rv) 4683 break; 4684 } 4685 return (rv); 4686} 4687 4688/* 4689 * pmap_is_referenced: 4690 * 4691 * Return whether or not the specified physical page was referenced 4692 * in any physical maps. 4693 */ 4694boolean_t 4695pmap_is_referenced(vm_page_t m) 4696{ 4697 boolean_t rv; 4698 4699 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4700 ("pmap_is_referenced: page %p is not managed", m)); 4701 rw_wlock(&pvh_global_lock); 4702 rv = pmap_is_referenced_pvh(&m->md) || 4703 ((m->flags & PG_FICTITIOUS) == 0 && 4704 pmap_is_referenced_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m)))); 4705 rw_wunlock(&pvh_global_lock); 4706 return (rv); 4707} 4708 4709/* 4710 * pmap_ts_referenced: 4711 * 4712 * Return the count of reference bits for a page, clearing all of them. 4713 */ 4714int 4715pmap_ts_referenced(vm_page_t m) 4716{ 4717 4718 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4719 ("pmap_ts_referenced: page %p is not managed", m)); 4720 return (pmap_clearbit(m, PVF_REF)); 4721} 4722 4723/* 4724 * Returns TRUE if any of the given mappings were used to modify 4725 * physical memory. Otherwise, returns FALSE. Both page and 1MB section 4726 * mappings are supported. 4727 */ 4728static boolean_t 4729pmap_is_modified_pvh(struct md_page *pvh) 4730{ 4731 pd_entry_t *pl1pd; 4732 struct l2_bucket *l2b; 4733 pv_entry_t pv; 4734 pt_entry_t *ptep; 4735 pmap_t pmap; 4736 boolean_t rv; 4737 4738 rw_assert(&pvh_global_lock, RA_WLOCKED); 4739 rv = FALSE; 4740 4741 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) { 4742 pmap = PV_PMAP(pv); 4743 PMAP_LOCK(pmap); 4744 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(pv->pv_va)]; 4745 if ((*pl1pd & L1_TYPE_MASK) == L1_S_PROTO) 4746 rv = L1_S_WRITABLE(*pl1pd); 4747 else { 4748 l2b = pmap_get_l2_bucket(pmap, pv->pv_va); 4749 ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)]; 4750 rv = L2_S_WRITABLE(*ptep); 4751 } 4752 PMAP_UNLOCK(pmap); 4753 if (rv) 4754 break; 4755 } 4756 4757 return (rv); 4758} 4759 4760boolean_t 4761pmap_is_modified(vm_page_t m) 4762{ 4763 boolean_t rv; 4764 4765 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4766 ("pmap_is_modified: page %p is not managed", m)); 4767 /* 4768 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be 4769 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE 4770 * is clear, no PTEs can have APX cleared. 4771 */ 4772 VM_OBJECT_ASSERT_WLOCKED(m->object); 4773 if (!vm_page_xbusied(m) && (m->aflags & PGA_WRITEABLE) == 0) 4774 return (FALSE); 4775 rw_wlock(&pvh_global_lock); 4776 rv = pmap_is_modified_pvh(&m->md) || 4777 ((m->flags & PG_FICTITIOUS) == 0 && 4778 pmap_is_modified_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m)))); 4779 rw_wunlock(&pvh_global_lock); 4780 return (rv); 4781} 4782 4783/* 4784 * Apply the given advice to the specified range of addresses within the 4785 * given pmap. Depending on the advice, clear the referenced and/or 4786 * modified flags in each mapping. 4787 */ 4788void 4789pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice) 4790{ 4791 struct l2_bucket *l2b; 4792 struct pv_entry *pve; 4793 pd_entry_t *pl1pd, l1pd; 4794 pt_entry_t *ptep, opte, pte; 4795 vm_offset_t next_bucket; 4796 vm_page_t m; 4797 4798 if (advice != MADV_DONTNEED && advice != MADV_FREE) 4799 return; 4800 rw_wlock(&pvh_global_lock); 4801 PMAP_LOCK(pmap); 4802 for (; sva < eva; sva = next_bucket) { 4803 next_bucket = L2_NEXT_BUCKET(sva); 4804 if (next_bucket < sva) 4805 next_bucket = eva; 4806 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(sva)]; 4807 l1pd = *pl1pd; 4808 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 4809 if (pmap == pmap_kernel()) 4810 continue; 4811 if (!pmap_demote_section(pmap, sva)) { 4812 /* 4813 * The large page mapping was destroyed. 4814 */ 4815 continue; 4816 } 4817 /* 4818 * Unless the page mappings are wired, remove the 4819 * mapping to a single page so that a subsequent 4820 * access may repromote. Since the underlying 4821 * l2_bucket is fully populated, this removal 4822 * never frees an entire l2_bucket. 4823 */ 4824 l2b = pmap_get_l2_bucket(pmap, sva); 4825 KASSERT(l2b != NULL, 4826 ("pmap_advise: no l2 bucket for " 4827 "va 0x%#x, pmap 0x%p", sva, pmap)); 4828 ptep = &l2b->l2b_kva[l2pte_index(sva)]; 4829 opte = *ptep; 4830 m = PHYS_TO_VM_PAGE(l2pte_pa(*ptep)); 4831 KASSERT(m != NULL, 4832 ("pmap_advise: no vm_page for demoted superpage")); 4833 pve = pmap_find_pv(&m->md, pmap, sva); 4834 KASSERT(pve != NULL, 4835 ("pmap_advise: no PV entry for managed mapping")); 4836 if ((pve->pv_flags & PVF_WIRED) == 0) { 4837 pmap_free_l2_bucket(pmap, l2b, 1); 4838 pve = pmap_remove_pv(m, pmap, sva); 4839 pmap_free_pv_entry(pmap, pve); 4840 *ptep = 0; 4841 PTE_SYNC(ptep); 4842 if (pmap_is_current(pmap)) { 4843 if (PTE_BEEN_EXECD(opte)) 4844 cpu_tlb_flushID_SE(sva); 4845 else if (PTE_BEEN_REFD(opte)) 4846 cpu_tlb_flushD_SE(sva); 4847 } 4848 } 4849 } 4850 if (next_bucket > eva) 4851 next_bucket = eva; 4852 l2b = pmap_get_l2_bucket(pmap, sva); 4853 if (l2b == NULL) 4854 continue; 4855 for (ptep = &l2b->l2b_kva[l2pte_index(sva)]; 4856 sva != next_bucket; ptep++, sva += PAGE_SIZE) { 4857 opte = pte = *ptep; 4858 if ((opte & L2_S_PROTO) == 0) 4859 continue; 4860 m = PHYS_TO_VM_PAGE(l2pte_pa(opte)); 4861 if (m == NULL || (m->oflags & VPO_UNMANAGED) != 0) 4862 continue; 4863 else if (L2_S_WRITABLE(opte)) { 4864 if (advice == MADV_DONTNEED) { 4865 /* 4866 * Don't need to mark the page 4867 * dirty as it was already marked as 4868 * such in pmap_fault_fixup() or 4869 * pmap_enter_locked(). 4870 * Just clear the state. 4871 */ 4872 } else 4873 pte |= L2_APX; 4874 4875 pte &= ~L2_S_REF; 4876 *ptep = pte; 4877 PTE_SYNC(ptep); 4878 } else if (L2_S_REFERENCED(opte)) { 4879 pte &= ~L2_S_REF; 4880 *ptep = pte; 4881 PTE_SYNC(ptep); 4882 } else 4883 continue; 4884 if (pmap_is_current(pmap)) { 4885 if (PTE_BEEN_EXECD(opte)) 4886 cpu_tlb_flushID_SE(sva); 4887 else if (PTE_BEEN_REFD(opte)) 4888 cpu_tlb_flushD_SE(sva); 4889 } 4890 } 4891 } 4892 rw_wunlock(&pvh_global_lock); 4893 PMAP_UNLOCK(pmap); 4894} 4895 4896/* 4897 * Clear the modify bits on the specified physical page. 4898 */ 4899void 4900pmap_clear_modify(vm_page_t m) 4901{ 4902 4903 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4904 ("pmap_clear_modify: page %p is not managed", m)); 4905 VM_OBJECT_ASSERT_WLOCKED(m->object); 4906 KASSERT(!vm_page_xbusied(m), 4907 ("pmap_clear_modify: page %p is exclusive busied", m)); 4908 4909 /* 4910 * If the page is not PGA_WRITEABLE, then no mappings can be modified. 4911 * If the object containing the page is locked and the page is not 4912 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set. 4913 */ 4914 if ((m->aflags & PGA_WRITEABLE) == 0) 4915 return; 4916 if (pmap_is_modified(m)) 4917 pmap_clearbit(m, PVF_MOD); 4918} 4919 4920 4921/* 4922 * Clear the write and modified bits in each of the given page's mappings. 4923 */ 4924void 4925pmap_remove_write(vm_page_t m) 4926{ 4927 KASSERT((m->oflags & VPO_UNMANAGED) == 0, 4928 ("pmap_remove_write: page %p is not managed", m)); 4929 4930 /* 4931 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be 4932 * set by another thread while the object is locked. Thus, 4933 * if PGA_WRITEABLE is clear, no page table entries need updating. 4934 */ 4935 VM_OBJECT_ASSERT_WLOCKED(m->object); 4936 if (vm_page_xbusied(m) || (m->aflags & PGA_WRITEABLE) != 0) 4937 pmap_clearbit(m, PVF_WRITE); 4938} 4939 4940 4941/* 4942 * perform the pmap work for mincore 4943 */ 4944int 4945pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa) 4946{ 4947 struct l2_bucket *l2b; 4948 pd_entry_t *pl1pd, l1pd; 4949 pt_entry_t *ptep, pte; 4950 vm_paddr_t pa; 4951 vm_page_t m; 4952 int val; 4953 boolean_t managed; 4954 4955 PMAP_LOCK(pmap); 4956retry: 4957 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(addr)]; 4958 l1pd = *pl1pd; 4959 if ((l1pd & L1_TYPE_MASK) == L1_S_PROTO) { 4960 pa = (l1pd & L1_S_FRAME); 4961 val = MINCORE_SUPER | MINCORE_INCORE; 4962 if (L1_S_WRITABLE(l1pd)) 4963 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER; 4964 managed = FALSE; 4965 m = PHYS_TO_VM_PAGE(pa); 4966 if (m != NULL && (m->oflags & VPO_UNMANAGED) == 0) 4967 managed = TRUE; 4968 if (managed) { 4969 if (L1_S_REFERENCED(l1pd)) 4970 val |= MINCORE_REFERENCED | 4971 MINCORE_REFERENCED_OTHER; 4972 } 4973 } else { 4974 l2b = pmap_get_l2_bucket(pmap, addr); 4975 if (l2b == NULL) { 4976 val = 0; 4977 goto out; 4978 } 4979 ptep = &l2b->l2b_kva[l2pte_index(addr)]; 4980 pte = *ptep; 4981 if (!l2pte_valid(pte)) { 4982 val = 0; 4983 goto out; 4984 } 4985 val = MINCORE_INCORE; 4986 if (L2_S_WRITABLE(pte)) 4987 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER; 4988 managed = FALSE; 4989 pa = l2pte_pa(pte); 4990 m = PHYS_TO_VM_PAGE(pa); 4991 if (m != NULL && (m->oflags & VPO_UNMANAGED) == 0) 4992 managed = TRUE; 4993 if (managed) { 4994 if (L2_S_REFERENCED(pte)) 4995 val |= MINCORE_REFERENCED | 4996 MINCORE_REFERENCED_OTHER; 4997 } 4998 } 4999 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) != 5000 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) { 5001 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */ 5002 if (vm_page_pa_tryrelock(pmap, pa, locked_pa)) 5003 goto retry; 5004 } else 5005out: 5006 PA_UNLOCK_COND(*locked_pa); 5007 PMAP_UNLOCK(pmap); 5008 return (val); 5009} 5010 5011void 5012pmap_sync_icache(pmap_t pmap, vm_offset_t va, vm_size_t sz) 5013{ 5014} 5015 5016/* 5017 * Increase the starting virtual address of the given mapping if a 5018 * different alignment might result in more superpage mappings. 5019 */ 5020void 5021pmap_align_superpage(vm_object_t object, vm_ooffset_t offset, 5022 vm_offset_t *addr, vm_size_t size) 5023{ 5024} 5025 5026/* 5027 * pmap_map_section: 5028 * 5029 * Create a single section mapping. 5030 */ 5031void 5032pmap_map_section(pmap_t pmap, vm_offset_t va, vm_offset_t pa, vm_prot_t prot, 5033 boolean_t ref) 5034{ 5035 pd_entry_t *pl1pd, l1pd; 5036 pd_entry_t fl; 5037 5038 KASSERT(((va | pa) & L1_S_OFFSET) == 0, 5039 ("Not a valid section mapping")); 5040 5041 fl = pte_l1_s_cache_mode; 5042 5043 pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)]; 5044 l1pd = L1_S_PROTO | pa | L1_S_PROT(PTE_USER, prot) | fl | 5045 L1_S_DOM(pmap->pm_domain); 5046 5047 /* Mark page referenced if this section is a result of a promotion. */ 5048 if (ref == TRUE) 5049 l1pd |= L1_S_REF; 5050#ifdef SMP 5051 l1pd |= L1_SHARED; 5052#endif 5053 *pl1pd = l1pd; 5054 PTE_SYNC(pl1pd); 5055} 5056 5057/* 5058 * pmap_link_l2pt: 5059 * 5060 * Link the L2 page table specified by l2pv.pv_pa into the L1 5061 * page table at the slot for "va". 5062 */ 5063void 5064pmap_link_l2pt(vm_offset_t l1pt, vm_offset_t va, struct pv_addr *l2pv) 5065{ 5066 pd_entry_t *pde = (pd_entry_t *) l1pt, proto; 5067 u_int slot = va >> L1_S_SHIFT; 5068 5069 proto = L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_C_PROTO; 5070 5071#ifdef VERBOSE_INIT_ARM 5072 printf("pmap_link_l2pt: pa=0x%x va=0x%x\n", l2pv->pv_pa, l2pv->pv_va); 5073#endif 5074 5075 pde[slot + 0] = proto | (l2pv->pv_pa + 0x000); 5076 PTE_SYNC(&pde[slot]); 5077 5078 SLIST_INSERT_HEAD(&kernel_pt_list, l2pv, pv_list); 5079 5080} 5081 5082/* 5083 * pmap_map_entry 5084 * 5085 * Create a single page mapping. 5086 */ 5087void 5088pmap_map_entry(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa, int prot, 5089 int cache) 5090{ 5091 pd_entry_t *pde = (pd_entry_t *) l1pt; 5092 pt_entry_t fl; 5093 pt_entry_t *ptep; 5094 5095 KASSERT(((va | pa) & PAGE_MASK) == 0, ("ouin")); 5096 5097 fl = l2s_mem_types[cache]; 5098 5099 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C) 5100 panic("pmap_map_entry: no L2 table for VA 0x%08x", va); 5101 5102 ptep = (pt_entry_t *)kernel_pt_lookup(pde[L1_IDX(va)] & L1_C_ADDR_MASK); 5103 5104 if (ptep == NULL) 5105 panic("pmap_map_entry: can't find L2 table for VA 0x%08x", va); 5106 5107 ptep[l2pte_index(va)] = L2_S_PROTO | pa | fl | L2_S_REF; 5108 pmap_set_prot(&ptep[l2pte_index(va)], prot, 0); 5109 PTE_SYNC(&ptep[l2pte_index(va)]); 5110} 5111 5112/* 5113 * pmap_map_chunk: 5114 * 5115 * Map a chunk of memory using the most efficient mappings 5116 * possible (section. large page, small page) into the 5117 * provided L1 and L2 tables at the specified virtual address. 5118 */ 5119vm_size_t 5120pmap_map_chunk(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa, 5121 vm_size_t size, int prot, int type) 5122{ 5123 pd_entry_t *pde = (pd_entry_t *) l1pt; 5124 pt_entry_t *ptep, f1, f2s, f2l; 5125 vm_size_t resid; 5126 int i; 5127 5128 resid = (size + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1); 5129 5130 if (l1pt == 0) 5131 panic("pmap_map_chunk: no L1 table provided"); 5132 5133#ifdef VERBOSE_INIT_ARM 5134 printf("pmap_map_chunk: pa=0x%x va=0x%x size=0x%x resid=0x%x " 5135 "prot=0x%x type=%d\n", pa, va, size, resid, prot, type); 5136#endif 5137 5138 f1 = l1_mem_types[type]; 5139 f2l = l2l_mem_types[type]; 5140 f2s = l2s_mem_types[type]; 5141 5142 size = resid; 5143 5144 while (resid > 0) { 5145 /* See if we can use a section mapping. */ 5146 if (L1_S_MAPPABLE_P(va, pa, resid)) { 5147#ifdef VERBOSE_INIT_ARM 5148 printf("S"); 5149#endif 5150 pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa | 5151 L1_S_PROT(PTE_KERNEL, prot | VM_PROT_EXECUTE) | 5152 f1 | L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_S_REF; 5153 PTE_SYNC(&pde[va >> L1_S_SHIFT]); 5154 va += L1_S_SIZE; 5155 pa += L1_S_SIZE; 5156 resid -= L1_S_SIZE; 5157 continue; 5158 } 5159 5160 /* 5161 * Ok, we're going to use an L2 table. Make sure 5162 * one is actually in the corresponding L1 slot 5163 * for the current VA. 5164 */ 5165 if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C) 5166 panic("pmap_map_chunk: no L2 table for VA 0x%08x", va); 5167 5168 ptep = (pt_entry_t *) kernel_pt_lookup( 5169 pde[L1_IDX(va)] & L1_C_ADDR_MASK); 5170 if (ptep == NULL) 5171 panic("pmap_map_chunk: can't find L2 table for VA" 5172 "0x%08x", va); 5173 /* See if we can use a L2 large page mapping. */ 5174 if (L2_L_MAPPABLE_P(va, pa, resid)) { 5175#ifdef VERBOSE_INIT_ARM 5176 printf("L"); 5177#endif 5178 for (i = 0; i < 16; i++) { 5179 ptep[l2pte_index(va) + i] = 5180 L2_L_PROTO | pa | 5181 L2_L_PROT(PTE_KERNEL, prot) | f2l; 5182 PTE_SYNC(&ptep[l2pte_index(va) + i]); 5183 } 5184 va += L2_L_SIZE; 5185 pa += L2_L_SIZE; 5186 resid -= L2_L_SIZE; 5187 continue; 5188 } 5189 5190 /* Use a small page mapping. */ 5191#ifdef VERBOSE_INIT_ARM 5192 printf("P"); 5193#endif 5194 ptep[l2pte_index(va)] = L2_S_PROTO | pa | f2s | L2_S_REF; 5195 pmap_set_prot(&ptep[l2pte_index(va)], prot, 0); 5196 PTE_SYNC(&ptep[l2pte_index(va)]); 5197 va += PAGE_SIZE; 5198 pa += PAGE_SIZE; 5199 resid -= PAGE_SIZE; 5200 } 5201#ifdef VERBOSE_INIT_ARM 5202 printf("\n"); 5203#endif 5204 return (size); 5205 5206} 5207 5208int 5209pmap_dmap_iscurrent(pmap_t pmap) 5210{ 5211 return(pmap_is_current(pmap)); 5212} 5213 5214void 5215pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma) 5216{ 5217 /* 5218 * Remember the memattr in a field that gets used to set the appropriate 5219 * bits in the PTEs as mappings are established. 5220 */ 5221 m->md.pv_memattr = ma; 5222 5223 /* 5224 * It appears that this function can only be called before any mappings 5225 * for the page are established on ARM. If this ever changes, this code 5226 * will need to walk the pv_list and make each of the existing mappings 5227 * uncacheable, being careful to sync caches and PTEs (and maybe 5228 * invalidate TLB?) for any current mapping it modifies. 5229 */ 5230 if (TAILQ_FIRST(&m->md.pv_list) != NULL) 5231 panic("Can't change memattr on page with existing mappings"); 5232} 5233