1 /* From: $NetBSD: pmap.c,v 1.148 2004/04/03 04:35:48 bsh Exp $ */
2 /*-
3  * Copyright 2004 Olivier Houchard.
4  * Copyright 2003 Wasabi Systems, Inc.
5  * All rights reserved.
6  *
7  * Written by Steve C. Woodford for Wasabi Systems, Inc.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. All advertising materials mentioning features or use of this software
18  *    must display the following acknowledgement:
19  *      This product includes software developed for the NetBSD Project by
20  *      Wasabi Systems, Inc.
21  * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22  *    or promote products derived from this software without specific prior
23  *    written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL WASABI SYSTEMS, INC
29  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35  * POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 /*-
39  * Copyright (c) 2002-2003 Wasabi Systems, Inc.
40  * Copyright (c) 2001 Richard Earnshaw
41  * Copyright (c) 2001-2002 Christopher Gilbert
42  * All rights reserved.
43  *
44  * 1. Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  * 2. Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in the
48  *    documentation and/or other materials provided with the distribution.
49  * 3. The name of the company nor the name of the author may be used to
50  *    endorse or promote products derived from this software without specific
51  *    prior written permission.
52  *
53  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
54  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
55  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
56  * IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
57  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
58  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
59  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63  * SUCH DAMAGE.
64  */
65 /*-
66  * Copyright (c) 1999 The NetBSD Foundation, Inc.
67  * All rights reserved.
68  *
69  * This code is derived from software contributed to The NetBSD Foundation
70  * by Charles M. Hannum.
71  *
72  * Redistribution and use in source and binary forms, with or without
73  * modification, are permitted provided that the following conditions
74  * are met:
75  * 1. Redistributions of source code must retain the above copyright
76  *    notice, this list of conditions and the following disclaimer.
77  * 2. Redistributions in binary form must reproduce the above copyright
78  *    notice, this list of conditions and the following disclaimer in the
79  *    documentation and/or other materials provided with the distribution.
80  *
81  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
82  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
83  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
84  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
85  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
86  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
87  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
88  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
89  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
90  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
91  * POSSIBILITY OF SUCH DAMAGE.
92  */
93 
94 /*-
95  * Copyright (c) 1994-1998 Mark Brinicombe.
96  * Copyright (c) 1994 Brini.
97  * All rights reserved.
98  *
99  * This code is derived from software written for Brini by Mark Brinicombe
100  *
101  * Redistribution and use in source and binary forms, with or without
102  * modification, are permitted provided that the following conditions
103  * are met:
104  * 1. Redistributions of source code must retain the above copyright
105  *    notice, this list of conditions and the following disclaimer.
106  * 2. Redistributions in binary form must reproduce the above copyright
107  *    notice, this list of conditions and the following disclaimer in the
108  *    documentation and/or other materials provided with the distribution.
109  * 3. All advertising materials mentioning features or use of this software
110  *    must display the following acknowledgement:
111  *      This product includes software developed by Mark Brinicombe.
112  * 4. The name of the author may not be used to endorse or promote products
113  *    derived from this software without specific prior written permission.
114  *
115  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
116  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
117  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
118  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
119  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
120  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
121  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
122  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
123  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
124  *
125  * RiscBSD kernel project
126  *
127  * pmap.c
128  *
129  * Machine dependent vm stuff
130  *
131  * Created      : 20/09/94
132  */
133 
134 /*
135  * Special compilation symbols
136  * PMAP_DEBUG           - Build in pmap_debug_level code
137  *
138  * Note that pmap_mapdev() and pmap_unmapdev() are implemented in arm/devmap.c
139  */
140 /* Include header files */
141 
142 #include "opt_vm.h"
143 
144 #include <sys/cdefs.h>
145 __FBSDID("$FreeBSD: stable/12/sys/arm/arm/pmap-v4.c 337903 2018-08-16 10:00:51Z andrew $");
146 #include <sys/param.h>
147 #include <sys/systm.h>
148 #include <sys/kernel.h>
149 #include <sys/ktr.h>
150 #include <sys/lock.h>
151 #include <sys/proc.h>
152 #include <sys/malloc.h>
153 #include <sys/msgbuf.h>
154 #include <sys/mutex.h>
155 #include <sys/vmmeter.h>
156 #include <sys/mman.h>
157 #include <sys/rwlock.h>
158 #include <sys/smp.h>
159 #include <sys/sched.h>
160 
161 #include <vm/vm.h>
162 #include <vm/vm_param.h>
163 #include <vm/uma.h>
164 #include <vm/pmap.h>
165 #include <vm/vm_kern.h>
166 #include <vm/vm_object.h>
167 #include <vm/vm_map.h>
168 #include <vm/vm_page.h>
169 #include <vm/vm_pageout.h>
170 #include <vm/vm_phys.h>
171 #include <vm/vm_pagequeue.h>
172 #include <vm/vm_extern.h>
173 
174 #include <machine/md_var.h>
175 #include <machine/cpu.h>
176 #include <machine/cpufunc.h>
177 #include <machine/pcb.h>
178 
179 #ifdef PMAP_DEBUG
180 #define PDEBUG(_lev_,_stat_) \
181         if (pmap_debug_level >= (_lev_)) \
182                 ((_stat_))
183 #define dprintf printf
184 
185 int pmap_debug_level = 0;
186 #define PMAP_INLINE
187 #else   /* PMAP_DEBUG */
188 #define PDEBUG(_lev_,_stat_) /* Nothing */
189 #define dprintf(x, arg...)
190 #define PMAP_INLINE __inline
191 #endif  /* PMAP_DEBUG */
192 
193 extern struct pv_addr systempage;
194 
195 extern int last_fault_code;
196 
197 #define	l1pte_section_p(pde)	(((pde) & L1_TYPE_MASK) == L1_TYPE_S)
198 #define	l2pte_index(v)		(((v) & L1_S_OFFSET) >> L2_S_SHIFT)
199 #define	l2pte_valid(pte)	((pte) != 0)
200 #define	l2pte_pa(pte)		((pte) & L2_S_FRAME)
201 
202 /*
203  * Internal function prototypes
204  */
205 static void pmap_free_pv_entry (pv_entry_t);
206 static pv_entry_t pmap_get_pv_entry(void);
207 
208 static int		pmap_enter_locked(pmap_t, vm_offset_t, vm_page_t,
209     vm_prot_t, u_int);
210 static vm_paddr_t	pmap_extract_locked(pmap_t pmap, vm_offset_t va);
211 static void		pmap_fix_cache(struct vm_page *, pmap_t, vm_offset_t);
212 static void		pmap_alloc_l1(pmap_t);
213 static void		pmap_free_l1(pmap_t);
214 
215 static int		pmap_clearbit(struct vm_page *, u_int);
216 
217 static struct l2_bucket *pmap_get_l2_bucket(pmap_t, vm_offset_t);
218 static struct l2_bucket *pmap_alloc_l2_bucket(pmap_t, vm_offset_t);
219 static void		pmap_free_l2_bucket(pmap_t, struct l2_bucket *, u_int);
220 static vm_offset_t	kernel_pt_lookup(vm_paddr_t);
221 
222 static MALLOC_DEFINE(M_VMPMAP, "pmap", "PMAP L1");
223 
224 vm_offset_t virtual_avail;	/* VA of first avail page (after kernel bss) */
225 vm_offset_t virtual_end;	/* VA of last avail page (end of kernel AS) */
226 vm_offset_t pmap_curmaxkvaddr;
227 vm_paddr_t kernel_l1pa;
228 
229 vm_offset_t kernel_vm_end = 0;
230 
231 vm_offset_t vm_max_kernel_address;
232 
233 struct pmap kernel_pmap_store;
234 
235 static pt_entry_t *csrc_pte, *cdst_pte;
236 static vm_offset_t csrcp, cdstp, qmap_addr;
237 static struct mtx cmtx, qmap_mtx;
238 
239 static void		pmap_init_l1(struct l1_ttable *, pd_entry_t *);
240 /*
241  * These routines are called when the CPU type is identified to set up
242  * the PTE prototypes, cache modes, etc.
243  *
244  * The variables are always here, just in case LKMs need to reference
245  * them (though, they shouldn't).
246  */
247 
248 static pt_entry_t	pte_l1_s_cache_mode;
249 static pt_entry_t	pte_l1_s_cache_mode_pt;
250 static pt_entry_t	pte_l1_s_cache_mask;
251 
252 static pt_entry_t	pte_l2_l_cache_mode;
253 static pt_entry_t	pte_l2_l_cache_mode_pt;
254 static pt_entry_t	pte_l2_l_cache_mask;
255 
256 static pt_entry_t	pte_l2_s_cache_mode;
257 static pt_entry_t	pte_l2_s_cache_mode_pt;
258 static pt_entry_t	pte_l2_s_cache_mask;
259 
260 /*
261  * Crashdump maps.
262  */
263 static caddr_t crashdumpmap;
264 
265 extern void bcopy_page(vm_offset_t, vm_offset_t);
266 extern void bzero_page(vm_offset_t);
267 
268 extern vm_offset_t alloc_firstaddr;
269 
270 char *_tmppt;
271 
272 /*
273  * Metadata for L1 translation tables.
274  */
275 struct l1_ttable {
276 	/* Entry on the L1 Table list */
277 	SLIST_ENTRY(l1_ttable) l1_link;
278 
279 	/* Entry on the L1 Least Recently Used list */
280 	TAILQ_ENTRY(l1_ttable) l1_lru;
281 
282 	/* Track how many domains are allocated from this L1 */
283 	volatile u_int l1_domain_use_count;
284 
285 	/*
286 	 * A free-list of domain numbers for this L1.
287 	 * We avoid using ffs() and a bitmap to track domains since ffs()
288 	 * is slow on ARM.
289 	 */
290 	u_int8_t l1_domain_first;
291 	u_int8_t l1_domain_free[PMAP_DOMAINS];
292 
293 	/* Physical address of this L1 page table */
294 	vm_paddr_t l1_physaddr;
295 
296 	/* KVA of this L1 page table */
297 	pd_entry_t *l1_kva;
298 };
299 
300 /*
301  * Convert a virtual address into its L1 table index. That is, the
302  * index used to locate the L2 descriptor table pointer in an L1 table.
303  * This is basically used to index l1->l1_kva[].
304  *
305  * Each L2 descriptor table represents 1MB of VA space.
306  */
307 #define	L1_IDX(va)		(((vm_offset_t)(va)) >> L1_S_SHIFT)
308 
309 /*
310  * L1 Page Tables are tracked using a Least Recently Used list.
311  *  - New L1s are allocated from the HEAD.
312  *  - Freed L1s are added to the TAIl.
313  *  - Recently accessed L1s (where an 'access' is some change to one of
314  *    the userland pmaps which owns this L1) are moved to the TAIL.
315  */
316 static TAILQ_HEAD(, l1_ttable) l1_lru_list;
317 /*
318  * A list of all L1 tables
319  */
320 static SLIST_HEAD(, l1_ttable) l1_list;
321 static struct mtx l1_lru_lock;
322 
323 /*
324  * The l2_dtable tracks L2_BUCKET_SIZE worth of L1 slots.
325  *
326  * This is normally 16MB worth L2 page descriptors for any given pmap.
327  * Reference counts are maintained for L2 descriptors so they can be
328  * freed when empty.
329  */
330 struct l2_dtable {
331 	/* The number of L2 page descriptors allocated to this l2_dtable */
332 	u_int l2_occupancy;
333 
334 	/* List of L2 page descriptors */
335 	struct l2_bucket {
336 		pt_entry_t *l2b_kva;	/* KVA of L2 Descriptor Table */
337 		vm_paddr_t l2b_phys;	/* Physical address of same */
338 		u_short l2b_l1idx;	/* This L2 table's L1 index */
339 		u_short l2b_occupancy;	/* How many active descriptors */
340 	} l2_bucket[L2_BUCKET_SIZE];
341 };
342 
343 /* pmap_kenter_internal flags */
344 #define KENTER_CACHE	0x1
345 #define KENTER_USER	0x2
346 
347 /*
348  * Given an L1 table index, calculate the corresponding l2_dtable index
349  * and bucket index within the l2_dtable.
350  */
351 #define	L2_IDX(l1idx)		(((l1idx) >> L2_BUCKET_LOG2) & \
352 				 (L2_SIZE - 1))
353 #define	L2_BUCKET(l1idx)	((l1idx) & (L2_BUCKET_SIZE - 1))
354 
355 /*
356  * Given a virtual address, this macro returns the
357  * virtual address required to drop into the next L2 bucket.
358  */
359 #define	L2_NEXT_BUCKET(va)	(((va) & L1_S_FRAME) + L1_S_SIZE)
360 
361 /*
362  * We try to map the page tables write-through, if possible.  However, not
363  * all CPUs have a write-through cache mode, so on those we have to sync
364  * the cache when we frob page tables.
365  *
366  * We try to evaluate this at compile time, if possible.  However, it's
367  * not always possible to do that, hence this run-time var.
368  */
369 int	pmap_needs_pte_sync;
370 
371 /*
372  * Macro to determine if a mapping might be resident in the
373  * instruction cache and/or TLB
374  */
375 #define	PV_BEEN_EXECD(f)  (((f) & (PVF_REF | PVF_EXEC)) == (PVF_REF | PVF_EXEC))
376 
377 /*
378  * Macro to determine if a mapping might be resident in the
379  * data cache and/or TLB
380  */
381 #define	PV_BEEN_REFD(f)   (((f) & PVF_REF) != 0)
382 
383 #ifndef PMAP_SHPGPERPROC
384 #define PMAP_SHPGPERPROC 200
385 #endif
386 
387 #define pmap_is_current(pm)	((pm) == kernel_pmap || \
388             curproc->p_vmspace->vm_map.pmap == (pm))
389 static uma_zone_t pvzone = NULL;
390 uma_zone_t l2zone;
391 static uma_zone_t l2table_zone;
392 static vm_offset_t pmap_kernel_l2dtable_kva;
393 static vm_offset_t pmap_kernel_l2ptp_kva;
394 static vm_paddr_t pmap_kernel_l2ptp_phys;
395 static int pv_entry_count=0, pv_entry_max=0, pv_entry_high_water=0;
396 static struct rwlock pvh_global_lock;
397 
398 void pmap_copy_page_offs_generic(vm_paddr_t a_phys, vm_offset_t a_offs,
399     vm_paddr_t b_phys, vm_offset_t b_offs, int cnt);
400 
401 /*
402  * This list exists for the benefit of pmap_map_chunk().  It keeps track
403  * of the kernel L2 tables during bootstrap, so that pmap_map_chunk() can
404  * find them as necessary.
405  *
406  * Note that the data on this list MUST remain valid after initarm() returns,
407  * as pmap_bootstrap() uses it to contruct L2 table metadata.
408  */
409 SLIST_HEAD(, pv_addr) kernel_pt_list = SLIST_HEAD_INITIALIZER(kernel_pt_list);
410 
411 static void
pmap_init_l1(struct l1_ttable * l1,pd_entry_t * l1pt)412 pmap_init_l1(struct l1_ttable *l1, pd_entry_t *l1pt)
413 {
414 	int i;
415 
416 	l1->l1_kva = l1pt;
417 	l1->l1_domain_use_count = 0;
418 	l1->l1_domain_first = 0;
419 
420 	for (i = 0; i < PMAP_DOMAINS; i++)
421 		l1->l1_domain_free[i] = i + 1;
422 
423 	/*
424 	 * Copy the kernel's L1 entries to each new L1.
425 	 */
426 	if (l1pt != kernel_pmap->pm_l1->l1_kva)
427 		memcpy(l1pt, kernel_pmap->pm_l1->l1_kva, L1_TABLE_SIZE);
428 
429 	if ((l1->l1_physaddr = pmap_extract(kernel_pmap, (vm_offset_t)l1pt)) == 0)
430 		panic("pmap_init_l1: can't get PA of L1 at %p", l1pt);
431 	SLIST_INSERT_HEAD(&l1_list, l1, l1_link);
432 	TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
433 }
434 
435 static vm_offset_t
kernel_pt_lookup(vm_paddr_t pa)436 kernel_pt_lookup(vm_paddr_t pa)
437 {
438 	struct pv_addr *pv;
439 
440 	SLIST_FOREACH(pv, &kernel_pt_list, pv_list) {
441 		if (pv->pv_pa == pa)
442 			return (pv->pv_va);
443 	}
444 	return (0);
445 }
446 
447 void
pmap_pte_init_generic(void)448 pmap_pte_init_generic(void)
449 {
450 
451 	pte_l1_s_cache_mode = L1_S_B|L1_S_C;
452 	pte_l1_s_cache_mask = L1_S_CACHE_MASK;
453 
454 	pte_l2_l_cache_mode = L2_B|L2_C;
455 	pte_l2_l_cache_mask = L2_L_CACHE_MASK;
456 
457 	pte_l2_s_cache_mode = L2_B|L2_C;
458 	pte_l2_s_cache_mask = L2_S_CACHE_MASK;
459 
460 	/*
461 	 * If we have a write-through cache, set B and C.  If
462 	 * we have a write-back cache, then we assume setting
463 	 * only C will make those pages write-through.
464 	 */
465 	if (cpufuncs.cf_dcache_wb_range == (void *) cpufunc_nullop) {
466 		pte_l1_s_cache_mode_pt = L1_S_B|L1_S_C;
467 		pte_l2_l_cache_mode_pt = L2_B|L2_C;
468 		pte_l2_s_cache_mode_pt = L2_B|L2_C;
469 	} else {
470 		pte_l1_s_cache_mode_pt = L1_S_C;
471 		pte_l2_l_cache_mode_pt = L2_C;
472 		pte_l2_s_cache_mode_pt = L2_C;
473 	}
474 }
475 
476 /*
477  * Allocate an L1 translation table for the specified pmap.
478  * This is called at pmap creation time.
479  */
480 static void
pmap_alloc_l1(pmap_t pm)481 pmap_alloc_l1(pmap_t pm)
482 {
483 	struct l1_ttable *l1;
484 	u_int8_t domain;
485 
486 	/*
487 	 * Remove the L1 at the head of the LRU list
488 	 */
489 	mtx_lock(&l1_lru_lock);
490 	l1 = TAILQ_FIRST(&l1_lru_list);
491 	TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
492 
493 	/*
494 	 * Pick the first available domain number, and update
495 	 * the link to the next number.
496 	 */
497 	domain = l1->l1_domain_first;
498 	l1->l1_domain_first = l1->l1_domain_free[domain];
499 
500 	/*
501 	 * If there are still free domain numbers in this L1,
502 	 * put it back on the TAIL of the LRU list.
503 	 */
504 	if (++l1->l1_domain_use_count < PMAP_DOMAINS)
505 		TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
506 
507 	mtx_unlock(&l1_lru_lock);
508 
509 	/*
510 	 * Fix up the relevant bits in the pmap structure
511 	 */
512 	pm->pm_l1 = l1;
513 	pm->pm_domain = domain + 1;
514 }
515 
516 /*
517  * Free an L1 translation table.
518  * This is called at pmap destruction time.
519  */
520 static void
pmap_free_l1(pmap_t pm)521 pmap_free_l1(pmap_t pm)
522 {
523 	struct l1_ttable *l1 = pm->pm_l1;
524 
525 	mtx_lock(&l1_lru_lock);
526 
527 	/*
528 	 * If this L1 is currently on the LRU list, remove it.
529 	 */
530 	if (l1->l1_domain_use_count < PMAP_DOMAINS)
531 		TAILQ_REMOVE(&l1_lru_list, l1, l1_lru);
532 
533 	/*
534 	 * Free up the domain number which was allocated to the pmap
535 	 */
536 	l1->l1_domain_free[pm->pm_domain - 1] = l1->l1_domain_first;
537 	l1->l1_domain_first = pm->pm_domain - 1;
538 	l1->l1_domain_use_count--;
539 
540 	/*
541 	 * The L1 now must have at least 1 free domain, so add
542 	 * it back to the LRU list. If the use count is zero,
543 	 * put it at the head of the list, otherwise it goes
544 	 * to the tail.
545 	 */
546 	if (l1->l1_domain_use_count == 0) {
547 		TAILQ_INSERT_HEAD(&l1_lru_list, l1, l1_lru);
548 	}	else
549 		TAILQ_INSERT_TAIL(&l1_lru_list, l1, l1_lru);
550 
551 	mtx_unlock(&l1_lru_lock);
552 }
553 
554 /*
555  * Returns a pointer to the L2 bucket associated with the specified pmap
556  * and VA, or NULL if no L2 bucket exists for the address.
557  */
558 static PMAP_INLINE struct l2_bucket *
pmap_get_l2_bucket(pmap_t pm,vm_offset_t va)559 pmap_get_l2_bucket(pmap_t pm, vm_offset_t va)
560 {
561 	struct l2_dtable *l2;
562 	struct l2_bucket *l2b;
563 	u_short l1idx;
564 
565 	l1idx = L1_IDX(va);
566 
567 	if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL ||
568 	    (l2b = &l2->l2_bucket[L2_BUCKET(l1idx)])->l2b_kva == NULL)
569 		return (NULL);
570 
571 	return (l2b);
572 }
573 
574 /*
575  * Returns a pointer to the L2 bucket associated with the specified pmap
576  * and VA.
577  *
578  * If no L2 bucket exists, perform the necessary allocations to put an L2
579  * bucket/page table in place.
580  *
581  * Note that if a new L2 bucket/page was allocated, the caller *must*
582  * increment the bucket occupancy counter appropriately *before*
583  * releasing the pmap's lock to ensure no other thread or cpu deallocates
584  * the bucket/page in the meantime.
585  */
586 static struct l2_bucket *
pmap_alloc_l2_bucket(pmap_t pm,vm_offset_t va)587 pmap_alloc_l2_bucket(pmap_t pm, vm_offset_t va)
588 {
589 	struct l2_dtable *l2;
590 	struct l2_bucket *l2b;
591 	u_short l1idx;
592 
593 	l1idx = L1_IDX(va);
594 
595 	PMAP_ASSERT_LOCKED(pm);
596 	rw_assert(&pvh_global_lock, RA_WLOCKED);
597 	if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL) {
598 		/*
599 		 * No mapping at this address, as there is
600 		 * no entry in the L1 table.
601 		 * Need to allocate a new l2_dtable.
602 		 */
603 		PMAP_UNLOCK(pm);
604 		rw_wunlock(&pvh_global_lock);
605 		if ((l2 = uma_zalloc(l2table_zone, M_NOWAIT)) == NULL) {
606 			rw_wlock(&pvh_global_lock);
607 			PMAP_LOCK(pm);
608 			return (NULL);
609 		}
610 		rw_wlock(&pvh_global_lock);
611 		PMAP_LOCK(pm);
612 		if (pm->pm_l2[L2_IDX(l1idx)] != NULL) {
613 			/*
614 			 * Someone already allocated the l2_dtable while
615 			 * we were doing the same.
616 			 */
617 			uma_zfree(l2table_zone, l2);
618 			l2 = pm->pm_l2[L2_IDX(l1idx)];
619 		} else {
620 			bzero(l2, sizeof(*l2));
621 			/*
622 			 * Link it into the parent pmap
623 			 */
624 			pm->pm_l2[L2_IDX(l1idx)] = l2;
625 		}
626 	}
627 
628 	l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
629 
630 	/*
631 	 * Fetch pointer to the L2 page table associated with the address.
632 	 */
633 	if (l2b->l2b_kva == NULL) {
634 		pt_entry_t *ptep;
635 
636 		/*
637 		 * No L2 page table has been allocated. Chances are, this
638 		 * is because we just allocated the l2_dtable, above.
639 		 */
640 		l2->l2_occupancy++;
641 		PMAP_UNLOCK(pm);
642 		rw_wunlock(&pvh_global_lock);
643 		ptep = uma_zalloc(l2zone, M_NOWAIT);
644 		rw_wlock(&pvh_global_lock);
645 		PMAP_LOCK(pm);
646 		if (l2b->l2b_kva != NULL) {
647 			/* We lost the race. */
648 			l2->l2_occupancy--;
649 			uma_zfree(l2zone, ptep);
650 			return (l2b);
651 		}
652 		l2b->l2b_phys = vtophys(ptep);
653 		if (ptep == NULL) {
654 			/*
655 			 * Oops, no more L2 page tables available at this
656 			 * time. We may need to deallocate the l2_dtable
657 			 * if we allocated a new one above.
658 			 */
659 			l2->l2_occupancy--;
660 			if (l2->l2_occupancy == 0) {
661 				pm->pm_l2[L2_IDX(l1idx)] = NULL;
662 				uma_zfree(l2table_zone, l2);
663 			}
664 			return (NULL);
665 		}
666 
667 		l2b->l2b_kva = ptep;
668 		l2b->l2b_l1idx = l1idx;
669 	}
670 
671 	return (l2b);
672 }
673 
674 static PMAP_INLINE void
675 #ifndef PMAP_INCLUDE_PTE_SYNC
pmap_free_l2_ptp(pt_entry_t * l2)676 pmap_free_l2_ptp(pt_entry_t *l2)
677 #else
678 pmap_free_l2_ptp(boolean_t need_sync, pt_entry_t *l2)
679 #endif
680 {
681 #ifdef PMAP_INCLUDE_PTE_SYNC
682 	/*
683 	 * Note: With a write-back cache, we may need to sync this
684 	 * L2 table before re-using it.
685 	 * This is because it may have belonged to a non-current
686 	 * pmap, in which case the cache syncs would have been
687 	 * skipped when the pages were being unmapped. If the
688 	 * L2 table were then to be immediately re-allocated to
689 	 * the *current* pmap, it may well contain stale mappings
690 	 * which have not yet been cleared by a cache write-back
691 	 * and so would still be visible to the mmu.
692 	 */
693 	if (need_sync)
694 		PTE_SYNC_RANGE(l2, L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
695 #endif
696 	uma_zfree(l2zone, l2);
697 }
698 /*
699  * One or more mappings in the specified L2 descriptor table have just been
700  * invalidated.
701  *
702  * Garbage collect the metadata and descriptor table itself if necessary.
703  *
704  * The pmap lock must be acquired when this is called (not necessary
705  * for the kernel pmap).
706  */
707 static void
pmap_free_l2_bucket(pmap_t pm,struct l2_bucket * l2b,u_int count)708 pmap_free_l2_bucket(pmap_t pm, struct l2_bucket *l2b, u_int count)
709 {
710 	struct l2_dtable *l2;
711 	pd_entry_t *pl1pd, l1pd;
712 	pt_entry_t *ptep;
713 	u_short l1idx;
714 
715 
716 	/*
717 	 * Update the bucket's reference count according to how many
718 	 * PTEs the caller has just invalidated.
719 	 */
720 	l2b->l2b_occupancy -= count;
721 
722 	/*
723 	 * Note:
724 	 *
725 	 * Level 2 page tables allocated to the kernel pmap are never freed
726 	 * as that would require checking all Level 1 page tables and
727 	 * removing any references to the Level 2 page table. See also the
728 	 * comment elsewhere about never freeing bootstrap L2 descriptors.
729 	 *
730 	 * We make do with just invalidating the mapping in the L2 table.
731 	 *
732 	 * This isn't really a big deal in practice and, in fact, leads
733 	 * to a performance win over time as we don't need to continually
734 	 * alloc/free.
735 	 */
736 	if (l2b->l2b_occupancy > 0 || pm == kernel_pmap)
737 		return;
738 
739 	/*
740 	 * There are no more valid mappings in this level 2 page table.
741 	 * Go ahead and NULL-out the pointer in the bucket, then
742 	 * free the page table.
743 	 */
744 	l1idx = l2b->l2b_l1idx;
745 	ptep = l2b->l2b_kva;
746 	l2b->l2b_kva = NULL;
747 
748 	pl1pd = &pm->pm_l1->l1_kva[l1idx];
749 
750 	/*
751 	 * If the L1 slot matches the pmap's domain
752 	 * number, then invalidate it.
753 	 */
754 	l1pd = *pl1pd & (L1_TYPE_MASK | L1_C_DOM_MASK);
755 	if (l1pd == (L1_C_DOM(pm->pm_domain) | L1_TYPE_C)) {
756 		*pl1pd = 0;
757 		PTE_SYNC(pl1pd);
758 	}
759 
760 	/*
761 	 * Release the L2 descriptor table back to the pool cache.
762 	 */
763 #ifndef PMAP_INCLUDE_PTE_SYNC
764 	pmap_free_l2_ptp(ptep);
765 #else
766 	pmap_free_l2_ptp(!pmap_is_current(pm), ptep);
767 #endif
768 
769 	/*
770 	 * Update the reference count in the associated l2_dtable
771 	 */
772 	l2 = pm->pm_l2[L2_IDX(l1idx)];
773 	if (--l2->l2_occupancy > 0)
774 		return;
775 
776 	/*
777 	 * There are no more valid mappings in any of the Level 1
778 	 * slots managed by this l2_dtable. Go ahead and NULL-out
779 	 * the pointer in the parent pmap and free the l2_dtable.
780 	 */
781 	pm->pm_l2[L2_IDX(l1idx)] = NULL;
782 	uma_zfree(l2table_zone, l2);
783 }
784 
785 /*
786  * Pool cache constructors for L2 descriptor tables, metadata and pmap
787  * structures.
788  */
789 static int
pmap_l2ptp_ctor(void * mem,int size,void * arg,int flags)790 pmap_l2ptp_ctor(void *mem, int size, void *arg, int flags)
791 {
792 #ifndef PMAP_INCLUDE_PTE_SYNC
793 	struct l2_bucket *l2b;
794 	pt_entry_t *ptep, pte;
795 
796 	vm_offset_t va = (vm_offset_t)mem & ~PAGE_MASK;
797 
798 	/*
799 	 * The mappings for these page tables were initially made using
800 	 * pmap_kenter() by the pool subsystem. Therefore, the cache-
801 	 * mode will not be right for page table mappings. To avoid
802 	 * polluting the pmap_kenter() code with a special case for
803 	 * page tables, we simply fix up the cache-mode here if it's not
804 	 * correct.
805 	 */
806 		l2b = pmap_get_l2_bucket(kernel_pmap, va);
807 		ptep = &l2b->l2b_kva[l2pte_index(va)];
808 		pte = *ptep;
809 
810 		if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
811 			/*
812 			 * Page tables must have the cache-mode set to
813 			 * Write-Thru.
814 			 */
815 			*ptep = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
816 			PTE_SYNC(ptep);
817 			cpu_tlb_flushD_SE(va);
818 			cpu_cpwait();
819 		}
820 #endif
821 	memset(mem, 0, L2_TABLE_SIZE_REAL);
822 	PTE_SYNC_RANGE(mem, L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
823 	return (0);
824 }
825 
826 /*
827  * A bunch of routines to conditionally flush the caches/TLB depending
828  * on whether the specified pmap actually needs to be flushed at any
829  * given time.
830  */
831 static PMAP_INLINE void
pmap_tlb_flushID_SE(pmap_t pm,vm_offset_t va)832 pmap_tlb_flushID_SE(pmap_t pm, vm_offset_t va)
833 {
834 
835 	if (pmap_is_current(pm))
836 		cpu_tlb_flushID_SE(va);
837 }
838 
839 static PMAP_INLINE void
pmap_tlb_flushD_SE(pmap_t pm,vm_offset_t va)840 pmap_tlb_flushD_SE(pmap_t pm, vm_offset_t va)
841 {
842 
843 	if (pmap_is_current(pm))
844 		cpu_tlb_flushD_SE(va);
845 }
846 
847 static PMAP_INLINE void
pmap_tlb_flushID(pmap_t pm)848 pmap_tlb_flushID(pmap_t pm)
849 {
850 
851 	if (pmap_is_current(pm))
852 		cpu_tlb_flushID();
853 }
854 static PMAP_INLINE void
pmap_tlb_flushD(pmap_t pm)855 pmap_tlb_flushD(pmap_t pm)
856 {
857 
858 	if (pmap_is_current(pm))
859 		cpu_tlb_flushD();
860 }
861 
862 static int
pmap_has_valid_mapping(pmap_t pm,vm_offset_t va)863 pmap_has_valid_mapping(pmap_t pm, vm_offset_t va)
864 {
865 	pd_entry_t *pde;
866 	pt_entry_t *ptep;
867 
868 	if (pmap_get_pde_pte(pm, va, &pde, &ptep) &&
869 	    ptep && ((*ptep & L2_TYPE_MASK) != L2_TYPE_INV))
870 		return (1);
871 
872 	return (0);
873 }
874 
875 static PMAP_INLINE void
pmap_idcache_wbinv_range(pmap_t pm,vm_offset_t va,vm_size_t len)876 pmap_idcache_wbinv_range(pmap_t pm, vm_offset_t va, vm_size_t len)
877 {
878 	vm_size_t rest;
879 
880 	CTR4(KTR_PMAP, "pmap_dcache_wbinv_range: pmap %p is_kernel %d va 0x%08x"
881 	    " len 0x%x ", pm, pm == kernel_pmap, va, len);
882 
883 	if (pmap_is_current(pm) || pm == kernel_pmap) {
884 		rest = MIN(PAGE_SIZE - (va & PAGE_MASK), len);
885 		while (len > 0) {
886 			if (pmap_has_valid_mapping(pm, va)) {
887 				cpu_idcache_wbinv_range(va, rest);
888 				cpu_l2cache_wbinv_range(va, rest);
889 			}
890 			len -= rest;
891 			va += rest;
892 			rest = MIN(PAGE_SIZE, len);
893 		}
894 	}
895 }
896 
897 static PMAP_INLINE void
pmap_dcache_wb_range(pmap_t pm,vm_offset_t va,vm_size_t len,boolean_t do_inv,boolean_t rd_only)898 pmap_dcache_wb_range(pmap_t pm, vm_offset_t va, vm_size_t len, boolean_t do_inv,
899     boolean_t rd_only)
900 {
901 	vm_size_t rest;
902 
903 	CTR4(KTR_PMAP, "pmap_dcache_wb_range: pmap %p is_kernel %d va 0x%08x "
904 	    "len 0x%x ", pm, pm == kernel_pmap, va, len);
905 	CTR2(KTR_PMAP, " do_inv %d rd_only %d", do_inv, rd_only);
906 
907 	if (pmap_is_current(pm)) {
908 		rest = MIN(PAGE_SIZE - (va & PAGE_MASK), len);
909 		while (len > 0) {
910 			if (pmap_has_valid_mapping(pm, va)) {
911 				if (do_inv && rd_only) {
912 					cpu_dcache_inv_range(va, rest);
913 					cpu_l2cache_inv_range(va, rest);
914 				} else if (do_inv) {
915 					cpu_dcache_wbinv_range(va, rest);
916 					cpu_l2cache_wbinv_range(va, rest);
917 				} else if (!rd_only) {
918 					cpu_dcache_wb_range(va, rest);
919 					cpu_l2cache_wb_range(va, rest);
920 				}
921 			}
922 			len -= rest;
923 			va += rest;
924 
925 			rest = MIN(PAGE_SIZE, len);
926 		}
927 	}
928 }
929 
930 static PMAP_INLINE void
pmap_idcache_wbinv_all(pmap_t pm)931 pmap_idcache_wbinv_all(pmap_t pm)
932 {
933 
934 	if (pmap_is_current(pm)) {
935 		cpu_idcache_wbinv_all();
936 		cpu_l2cache_wbinv_all();
937 	}
938 }
939 
940 #ifdef notyet
941 static PMAP_INLINE void
pmap_dcache_wbinv_all(pmap_t pm)942 pmap_dcache_wbinv_all(pmap_t pm)
943 {
944 
945 	if (pmap_is_current(pm)) {
946 		cpu_dcache_wbinv_all();
947 		cpu_l2cache_wbinv_all();
948 	}
949 }
950 #endif
951 
952 /*
953  * PTE_SYNC_CURRENT:
954  *
955  *     Make sure the pte is written out to RAM.
956  *     We need to do this for one of two cases:
957  *       - We're dealing with the kernel pmap
958  *       - There is no pmap active in the cache/tlb.
959  *       - The specified pmap is 'active' in the cache/tlb.
960  */
961 #ifdef PMAP_INCLUDE_PTE_SYNC
962 #define	PTE_SYNC_CURRENT(pm, ptep)	\
963 do {					\
964 	if (PMAP_NEEDS_PTE_SYNC && 	\
965 	    pmap_is_current(pm))	\
966 		PTE_SYNC(ptep);		\
967 } while (/*CONSTCOND*/0)
968 #else
969 #define	PTE_SYNC_CURRENT(pm, ptep)	/* nothing */
970 #endif
971 
972 /*
973  * cacheable == -1 means we must make the entry uncacheable, 1 means
974  * cacheable;
975  */
976 static __inline void
pmap_set_cache_entry(pv_entry_t pv,pmap_t pm,vm_offset_t va,int cacheable)977 pmap_set_cache_entry(pv_entry_t pv, pmap_t pm, vm_offset_t va, int cacheable)
978 {
979 	struct l2_bucket *l2b;
980 	pt_entry_t *ptep, pte;
981 
982 	l2b = pmap_get_l2_bucket(pv->pv_pmap, pv->pv_va);
983 	ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
984 
985 	if (cacheable == 1) {
986 		pte = (*ptep & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode;
987 		if (l2pte_valid(pte)) {
988 			if (PV_BEEN_EXECD(pv->pv_flags)) {
989 				pmap_tlb_flushID_SE(pv->pv_pmap, pv->pv_va);
990 			} else if (PV_BEEN_REFD(pv->pv_flags)) {
991 				pmap_tlb_flushD_SE(pv->pv_pmap, pv->pv_va);
992 			}
993 		}
994 	} else {
995 		pte = *ptep &~ L2_S_CACHE_MASK;
996 		if ((va != pv->pv_va || pm != pv->pv_pmap) &&
997 			    l2pte_valid(pte)) {
998 			if (PV_BEEN_EXECD(pv->pv_flags)) {
999 				pmap_idcache_wbinv_range(pv->pv_pmap,
1000 					    pv->pv_va, PAGE_SIZE);
1001 				pmap_tlb_flushID_SE(pv->pv_pmap, pv->pv_va);
1002 			} else if (PV_BEEN_REFD(pv->pv_flags)) {
1003 				pmap_dcache_wb_range(pv->pv_pmap,
1004 					    pv->pv_va, PAGE_SIZE, TRUE,
1005 					    (pv->pv_flags & PVF_WRITE) == 0);
1006 				pmap_tlb_flushD_SE(pv->pv_pmap,
1007 					    pv->pv_va);
1008 			}
1009 		}
1010 	}
1011 	*ptep = pte;
1012 	PTE_SYNC_CURRENT(pv->pv_pmap, ptep);
1013 }
1014 
1015 static void
pmap_fix_cache(struct vm_page * pg,pmap_t pm,vm_offset_t va)1016 pmap_fix_cache(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1017 {
1018 	int pmwc = 0;
1019 	int writable = 0, kwritable = 0, uwritable = 0;
1020 	int entries = 0, kentries = 0, uentries = 0;
1021 	struct pv_entry *pv;
1022 
1023 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1024 
1025 	/* the cache gets written back/invalidated on context switch.
1026 	 * therefore, if a user page shares an entry in the same page or
1027 	 * with the kernel map and at least one is writable, then the
1028 	 * cache entry must be set write-through.
1029 	 */
1030 
1031 	TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1032 			/* generate a count of the pv_entry uses */
1033 		if (pv->pv_flags & PVF_WRITE) {
1034 			if (pv->pv_pmap == kernel_pmap)
1035 				kwritable++;
1036 			else if (pv->pv_pmap == pm)
1037 				uwritable++;
1038 			writable++;
1039 		}
1040 		if (pv->pv_pmap == kernel_pmap)
1041 			kentries++;
1042 		else {
1043 			if (pv->pv_pmap == pm)
1044 				uentries++;
1045 			entries++;
1046 		}
1047 	}
1048 		/*
1049 		 * check if the user duplicate mapping has
1050 		 * been removed.
1051 		 */
1052 	if ((pm != kernel_pmap) && (((uentries > 1) && uwritable) ||
1053 	    (uwritable > 1)))
1054 			pmwc = 1;
1055 
1056 	TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1057 		/* check for user uncachable conditions - order is important */
1058 		if (pm != kernel_pmap &&
1059 		    (pv->pv_pmap == pm || pv->pv_pmap == kernel_pmap)) {
1060 
1061 			if ((uentries > 1 && uwritable) || uwritable > 1) {
1062 
1063 				/* user duplicate mapping */
1064 				if (pv->pv_pmap != kernel_pmap)
1065 					pv->pv_flags |= PVF_MWC;
1066 
1067 				if (!(pv->pv_flags & PVF_NC)) {
1068 					pv->pv_flags |= PVF_NC;
1069 					pmap_set_cache_entry(pv, pm, va, -1);
1070 				}
1071 				continue;
1072 			} else	/* no longer a duplicate user */
1073 				pv->pv_flags &= ~PVF_MWC;
1074 		}
1075 
1076 		/*
1077 		 * check for kernel uncachable conditions
1078 		 * kernel writable or kernel readable with writable user entry
1079 		 */
1080 		if ((kwritable && (entries || kentries > 1)) ||
1081 		    (kwritable > 1) ||
1082 		    ((kwritable != writable) && kentries &&
1083 		     (pv->pv_pmap == kernel_pmap ||
1084 		      (pv->pv_flags & PVF_WRITE) ||
1085 		      (pv->pv_flags & PVF_MWC)))) {
1086 
1087 			if (!(pv->pv_flags & PVF_NC)) {
1088 				pv->pv_flags |= PVF_NC;
1089 				pmap_set_cache_entry(pv, pm, va, -1);
1090 			}
1091 			continue;
1092 		}
1093 
1094 			/* kernel and user are cachable */
1095 		if ((pm == kernel_pmap) && !(pv->pv_flags & PVF_MWC) &&
1096 		    (pv->pv_flags & PVF_NC)) {
1097 
1098 			pv->pv_flags &= ~PVF_NC;
1099 			if (pg->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
1100 				pmap_set_cache_entry(pv, pm, va, 1);
1101 			continue;
1102 		}
1103 			/* user is no longer sharable and writable */
1104 		if (pm != kernel_pmap &&
1105 		    (pv->pv_pmap == pm || pv->pv_pmap == kernel_pmap) &&
1106 		    !pmwc && (pv->pv_flags & PVF_NC)) {
1107 
1108 			pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1109 			if (pg->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
1110 				pmap_set_cache_entry(pv, pm, va, 1);
1111 		}
1112 	}
1113 
1114 	if ((kwritable == 0) && (writable == 0)) {
1115 		pg->md.pvh_attrs &= ~PVF_MOD;
1116 		vm_page_aflag_clear(pg, PGA_WRITEABLE);
1117 		return;
1118 	}
1119 }
1120 
1121 /*
1122  * Modify pte bits for all ptes corresponding to the given physical address.
1123  * We use `maskbits' rather than `clearbits' because we're always passing
1124  * constants and the latter would require an extra inversion at run-time.
1125  */
1126 static int
pmap_clearbit(struct vm_page * pg,u_int maskbits)1127 pmap_clearbit(struct vm_page *pg, u_int maskbits)
1128 {
1129 	struct l2_bucket *l2b;
1130 	struct pv_entry *pv;
1131 	pt_entry_t *ptep, npte, opte;
1132 	pmap_t pm;
1133 	vm_offset_t va;
1134 	u_int oflags;
1135 	int count = 0;
1136 
1137 	rw_wlock(&pvh_global_lock);
1138 
1139 	if (maskbits & PVF_WRITE)
1140 		maskbits |= PVF_MOD;
1141 	/*
1142 	 * Clear saved attributes (modify, reference)
1143 	 */
1144 	pg->md.pvh_attrs &= ~(maskbits & (PVF_MOD | PVF_REF));
1145 
1146 	if (TAILQ_EMPTY(&pg->md.pv_list)) {
1147 		rw_wunlock(&pvh_global_lock);
1148 		return (0);
1149 	}
1150 
1151 	/*
1152 	 * Loop over all current mappings setting/clearing as appropos
1153 	 */
1154 	TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list) {
1155 		va = pv->pv_va;
1156 		pm = pv->pv_pmap;
1157 		oflags = pv->pv_flags;
1158 
1159 		if (!(oflags & maskbits)) {
1160 			if ((maskbits & PVF_WRITE) && (pv->pv_flags & PVF_NC)) {
1161 				if (pg->md.pv_memattr !=
1162 				    VM_MEMATTR_UNCACHEABLE) {
1163 					PMAP_LOCK(pm);
1164 					l2b = pmap_get_l2_bucket(pm, va);
1165 					ptep = &l2b->l2b_kva[l2pte_index(va)];
1166 					*ptep |= pte_l2_s_cache_mode;
1167 					PTE_SYNC(ptep);
1168 					PMAP_UNLOCK(pm);
1169 				}
1170 				pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1171 			}
1172 			continue;
1173 		}
1174 		pv->pv_flags &= ~maskbits;
1175 
1176 		PMAP_LOCK(pm);
1177 
1178 		l2b = pmap_get_l2_bucket(pm, va);
1179 
1180 		ptep = &l2b->l2b_kva[l2pte_index(va)];
1181 		npte = opte = *ptep;
1182 
1183 		if (maskbits & (PVF_WRITE|PVF_MOD)) {
1184 			if ((pv->pv_flags & PVF_NC)) {
1185 				/*
1186 				 * Entry is not cacheable:
1187 				 *
1188 				 * Don't turn caching on again if this is a
1189 				 * modified emulation. This would be
1190 				 * inconsistent with the settings created by
1191 				 * pmap_fix_cache(). Otherwise, it's safe
1192 				 * to re-enable caching.
1193 				 *
1194 				 * There's no need to call pmap_fix_cache()
1195 				 * here: all pages are losing their write
1196 				 * permission.
1197 				 */
1198 				if (maskbits & PVF_WRITE) {
1199 					if (pg->md.pv_memattr !=
1200 					    VM_MEMATTR_UNCACHEABLE)
1201 						npte |= pte_l2_s_cache_mode;
1202 					pv->pv_flags &= ~(PVF_NC | PVF_MWC);
1203 				}
1204 			} else
1205 			if (opte & L2_S_PROT_W) {
1206 				vm_page_dirty(pg);
1207 				/*
1208 				 * Entry is writable/cacheable: check if pmap
1209 				 * is current if it is flush it, otherwise it
1210 				 * won't be in the cache
1211 				 */
1212 				if (PV_BEEN_EXECD(oflags))
1213 					pmap_idcache_wbinv_range(pm, pv->pv_va,
1214 					    PAGE_SIZE);
1215 				else
1216 				if (PV_BEEN_REFD(oflags))
1217 					pmap_dcache_wb_range(pm, pv->pv_va,
1218 					    PAGE_SIZE,
1219 					    (maskbits & PVF_REF) ? TRUE : FALSE,
1220 					    FALSE);
1221 			}
1222 
1223 			/* make the pte read only */
1224 			npte &= ~L2_S_PROT_W;
1225 		}
1226 
1227 		if (maskbits & PVF_REF) {
1228 			if ((pv->pv_flags & PVF_NC) == 0 &&
1229 			    (maskbits & (PVF_WRITE|PVF_MOD)) == 0) {
1230 				/*
1231 				 * Check npte here; we may have already
1232 				 * done the wbinv above, and the validity
1233 				 * of the PTE is the same for opte and
1234 				 * npte.
1235 				 */
1236 				if (npte & L2_S_PROT_W) {
1237 					if (PV_BEEN_EXECD(oflags))
1238 						pmap_idcache_wbinv_range(pm,
1239 						    pv->pv_va, PAGE_SIZE);
1240 					else
1241 					if (PV_BEEN_REFD(oflags))
1242 						pmap_dcache_wb_range(pm,
1243 						    pv->pv_va, PAGE_SIZE,
1244 						    TRUE, FALSE);
1245 				} else
1246 				if ((npte & L2_TYPE_MASK) != L2_TYPE_INV) {
1247 					/* XXXJRT need idcache_inv_range */
1248 					if (PV_BEEN_EXECD(oflags))
1249 						pmap_idcache_wbinv_range(pm,
1250 						    pv->pv_va, PAGE_SIZE);
1251 					else
1252 					if (PV_BEEN_REFD(oflags))
1253 						pmap_dcache_wb_range(pm,
1254 						    pv->pv_va, PAGE_SIZE,
1255 						    TRUE, TRUE);
1256 				}
1257 			}
1258 
1259 			/*
1260 			 * Make the PTE invalid so that we will take a
1261 			 * page fault the next time the mapping is
1262 			 * referenced.
1263 			 */
1264 			npte &= ~L2_TYPE_MASK;
1265 			npte |= L2_TYPE_INV;
1266 		}
1267 
1268 		if (npte != opte) {
1269 			count++;
1270 			*ptep = npte;
1271 			PTE_SYNC(ptep);
1272 			/* Flush the TLB entry if a current pmap. */
1273 			if (PV_BEEN_EXECD(oflags))
1274 				pmap_tlb_flushID_SE(pm, pv->pv_va);
1275 			else
1276 			if (PV_BEEN_REFD(oflags))
1277 				pmap_tlb_flushD_SE(pm, pv->pv_va);
1278 		}
1279 
1280 		PMAP_UNLOCK(pm);
1281 
1282 	}
1283 
1284 	if (maskbits & PVF_WRITE)
1285 		vm_page_aflag_clear(pg, PGA_WRITEABLE);
1286 	rw_wunlock(&pvh_global_lock);
1287 	return (count);
1288 }
1289 
1290 /*
1291  * main pv_entry manipulation functions:
1292  *   pmap_enter_pv: enter a mapping onto a vm_page list
1293  *   pmap_remove_pv: remove a mappiing from a vm_page list
1294  *
1295  * NOTE: pmap_enter_pv expects to lock the pvh itself
1296  *       pmap_remove_pv expects the caller to lock the pvh before calling
1297  */
1298 
1299 /*
1300  * pmap_enter_pv: enter a mapping onto a vm_page's PV list
1301  *
1302  * => caller should hold the proper lock on pvh_global_lock
1303  * => caller should have pmap locked
1304  * => we will (someday) gain the lock on the vm_page's PV list
1305  * => caller should adjust ptp's wire_count before calling
1306  * => caller should not adjust pmap's wire_count
1307  */
1308 static void
pmap_enter_pv(struct vm_page * pg,struct pv_entry * pve,pmap_t pm,vm_offset_t va,u_int flags)1309 pmap_enter_pv(struct vm_page *pg, struct pv_entry *pve, pmap_t pm,
1310     vm_offset_t va, u_int flags)
1311 {
1312 
1313 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1314 	PMAP_ASSERT_LOCKED(pm);
1315 	if (pg->md.pv_kva != 0) {
1316 		pve->pv_pmap = kernel_pmap;
1317 		pve->pv_va = pg->md.pv_kva;
1318 		pve->pv_flags = PVF_WRITE | PVF_UNMAN;
1319 		if (pm != kernel_pmap)
1320 			PMAP_LOCK(kernel_pmap);
1321 		TAILQ_INSERT_HEAD(&pg->md.pv_list, pve, pv_list);
1322 		TAILQ_INSERT_HEAD(&kernel_pmap->pm_pvlist, pve, pv_plist);
1323 		if (pm != kernel_pmap)
1324 			PMAP_UNLOCK(kernel_pmap);
1325 		pg->md.pv_kva = 0;
1326 		if ((pve = pmap_get_pv_entry()) == NULL)
1327 			panic("pmap_kenter_pv: no pv entries");
1328 	}
1329 	pve->pv_pmap = pm;
1330 	pve->pv_va = va;
1331 	pve->pv_flags = flags;
1332 	TAILQ_INSERT_HEAD(&pg->md.pv_list, pve, pv_list);
1333 	TAILQ_INSERT_HEAD(&pm->pm_pvlist, pve, pv_plist);
1334 	pg->md.pvh_attrs |= flags & (PVF_REF | PVF_MOD);
1335 	if (pve->pv_flags & PVF_WIRED)
1336 		++pm->pm_stats.wired_count;
1337 	vm_page_aflag_set(pg, PGA_REFERENCED);
1338 }
1339 
1340 /*
1341  *
1342  * pmap_find_pv: Find a pv entry
1343  *
1344  * => caller should hold lock on vm_page
1345  */
1346 static PMAP_INLINE struct pv_entry *
pmap_find_pv(struct vm_page * pg,pmap_t pm,vm_offset_t va)1347 pmap_find_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1348 {
1349 	struct pv_entry *pv;
1350 
1351 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1352 	TAILQ_FOREACH(pv, &pg->md.pv_list, pv_list)
1353 	    if (pm == pv->pv_pmap && va == pv->pv_va)
1354 		    break;
1355 	return (pv);
1356 }
1357 
1358 /*
1359  * vector_page_setprot:
1360  *
1361  *	Manipulate the protection of the vector page.
1362  */
1363 void
vector_page_setprot(int prot)1364 vector_page_setprot(int prot)
1365 {
1366 	struct l2_bucket *l2b;
1367 	pt_entry_t *ptep;
1368 
1369 	l2b = pmap_get_l2_bucket(kernel_pmap, vector_page);
1370 
1371 	ptep = &l2b->l2b_kva[l2pte_index(vector_page)];
1372 
1373 	*ptep = (*ptep & ~L1_S_PROT_MASK) | L2_S_PROT(PTE_KERNEL, prot);
1374 	PTE_SYNC(ptep);
1375 	cpu_tlb_flushD_SE(vector_page);
1376 	cpu_cpwait();
1377 }
1378 
1379 /*
1380  * pmap_remove_pv: try to remove a mapping from a pv_list
1381  *
1382  * => caller should hold proper lock on pmap_main_lock
1383  * => pmap should be locked
1384  * => caller should hold lock on vm_page [so that attrs can be adjusted]
1385  * => caller should adjust ptp's wire_count and free PTP if needed
1386  * => caller should NOT adjust pmap's wire_count
1387  * => we return the removed pve
1388  */
1389 
1390 static void
pmap_nuke_pv(struct vm_page * pg,pmap_t pm,struct pv_entry * pve)1391 pmap_nuke_pv(struct vm_page *pg, pmap_t pm, struct pv_entry *pve)
1392 {
1393 
1394 	struct pv_entry *pv;
1395 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1396 	PMAP_ASSERT_LOCKED(pm);
1397 	TAILQ_REMOVE(&pg->md.pv_list, pve, pv_list);
1398 	TAILQ_REMOVE(&pm->pm_pvlist, pve, pv_plist);
1399 	if (pve->pv_flags & PVF_WIRED)
1400 		--pm->pm_stats.wired_count;
1401 	if (pg->md.pvh_attrs & PVF_MOD)
1402 		vm_page_dirty(pg);
1403 	if (TAILQ_FIRST(&pg->md.pv_list) == NULL)
1404 		pg->md.pvh_attrs &= ~PVF_REF;
1405        	else
1406 		vm_page_aflag_set(pg, PGA_REFERENCED);
1407 	if ((pve->pv_flags & PVF_NC) && ((pm == kernel_pmap) ||
1408 	     (pve->pv_flags & PVF_WRITE) || !(pve->pv_flags & PVF_MWC)))
1409 		pmap_fix_cache(pg, pm, 0);
1410 	else if (pve->pv_flags & PVF_WRITE) {
1411 		TAILQ_FOREACH(pve, &pg->md.pv_list, pv_list)
1412 		    if (pve->pv_flags & PVF_WRITE)
1413 			    break;
1414 		if (!pve) {
1415 			pg->md.pvh_attrs &= ~PVF_MOD;
1416 			vm_page_aflag_clear(pg, PGA_WRITEABLE);
1417 		}
1418 	}
1419 	pv = TAILQ_FIRST(&pg->md.pv_list);
1420 	if (pv != NULL && (pv->pv_flags & PVF_UNMAN) &&
1421 	    TAILQ_NEXT(pv, pv_list) == NULL) {
1422 		pm = kernel_pmap;
1423 		pg->md.pv_kva = pv->pv_va;
1424 			/* a recursive pmap_nuke_pv */
1425 		TAILQ_REMOVE(&pg->md.pv_list, pv, pv_list);
1426 		TAILQ_REMOVE(&pm->pm_pvlist, pv, pv_plist);
1427 		if (pv->pv_flags & PVF_WIRED)
1428 			--pm->pm_stats.wired_count;
1429 		pg->md.pvh_attrs &= ~PVF_REF;
1430 		pg->md.pvh_attrs &= ~PVF_MOD;
1431 		vm_page_aflag_clear(pg, PGA_WRITEABLE);
1432 		pmap_free_pv_entry(pv);
1433 	}
1434 }
1435 
1436 static struct pv_entry *
pmap_remove_pv(struct vm_page * pg,pmap_t pm,vm_offset_t va)1437 pmap_remove_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va)
1438 {
1439 	struct pv_entry *pve;
1440 
1441 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1442 	pve = TAILQ_FIRST(&pg->md.pv_list);
1443 
1444 	while (pve) {
1445 		if (pve->pv_pmap == pm && pve->pv_va == va) {	/* match? */
1446 			pmap_nuke_pv(pg, pm, pve);
1447 			break;
1448 		}
1449 		pve = TAILQ_NEXT(pve, pv_list);
1450 	}
1451 
1452 	if (pve == NULL && pg->md.pv_kva == va)
1453 		pg->md.pv_kva = 0;
1454 
1455 	return(pve);				/* return removed pve */
1456 }
1457 /*
1458  *
1459  * pmap_modify_pv: Update pv flags
1460  *
1461  * => caller should hold lock on vm_page [so that attrs can be adjusted]
1462  * => caller should NOT adjust pmap's wire_count
1463  * => we return the old flags
1464  *
1465  * Modify a physical-virtual mapping in the pv table
1466  */
1467 static u_int
pmap_modify_pv(struct vm_page * pg,pmap_t pm,vm_offset_t va,u_int clr_mask,u_int set_mask)1468 pmap_modify_pv(struct vm_page *pg, pmap_t pm, vm_offset_t va,
1469     u_int clr_mask, u_int set_mask)
1470 {
1471 	struct pv_entry *npv;
1472 	u_int flags, oflags;
1473 
1474 	PMAP_ASSERT_LOCKED(pm);
1475 	rw_assert(&pvh_global_lock, RA_WLOCKED);
1476 	if ((npv = pmap_find_pv(pg, pm, va)) == NULL)
1477 		return (0);
1478 
1479 	/*
1480 	 * There is at least one VA mapping this page.
1481 	 */
1482 
1483 	if (clr_mask & (PVF_REF | PVF_MOD))
1484 		pg->md.pvh_attrs |= set_mask & (PVF_REF | PVF_MOD);
1485 
1486 	oflags = npv->pv_flags;
1487 	npv->pv_flags = flags = (oflags & ~clr_mask) | set_mask;
1488 
1489 	if ((flags ^ oflags) & PVF_WIRED) {
1490 		if (flags & PVF_WIRED)
1491 			++pm->pm_stats.wired_count;
1492 		else
1493 			--pm->pm_stats.wired_count;
1494 	}
1495 
1496 	if ((flags ^ oflags) & PVF_WRITE)
1497 		pmap_fix_cache(pg, pm, 0);
1498 
1499 	return (oflags);
1500 }
1501 
1502 /* Function to set the debug level of the pmap code */
1503 #ifdef PMAP_DEBUG
1504 void
pmap_debug(int level)1505 pmap_debug(int level)
1506 {
1507 	pmap_debug_level = level;
1508 	dprintf("pmap_debug: level=%d\n", pmap_debug_level);
1509 }
1510 #endif  /* PMAP_DEBUG */
1511 
1512 void
pmap_pinit0(struct pmap * pmap)1513 pmap_pinit0(struct pmap *pmap)
1514 {
1515 	PDEBUG(1, printf("pmap_pinit0: pmap = %08x\n", (u_int32_t) pmap));
1516 
1517 	bcopy(kernel_pmap, pmap, sizeof(*pmap));
1518 	bzero(&pmap->pm_mtx, sizeof(pmap->pm_mtx));
1519 	PMAP_LOCK_INIT(pmap);
1520 }
1521 
1522 /*
1523  *	Initialize a vm_page's machine-dependent fields.
1524  */
1525 void
pmap_page_init(vm_page_t m)1526 pmap_page_init(vm_page_t m)
1527 {
1528 
1529 	TAILQ_INIT(&m->md.pv_list);
1530 	m->md.pv_memattr = VM_MEMATTR_DEFAULT;
1531 	m->md.pvh_attrs = 0;
1532 	m->md.pv_kva = 0;
1533 }
1534 
1535 /*
1536  *      Initialize the pmap module.
1537  *      Called by vm_init, to initialize any structures that the pmap
1538  *      system needs to map virtual memory.
1539  */
1540 void
pmap_init(void)1541 pmap_init(void)
1542 {
1543 	int shpgperproc = PMAP_SHPGPERPROC;
1544 
1545 	l2zone = uma_zcreate("L2 Table", L2_TABLE_SIZE_REAL, pmap_l2ptp_ctor,
1546 	    NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1547 	l2table_zone = uma_zcreate("L2 Table", sizeof(struct l2_dtable), NULL,
1548 	    NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1549 
1550 	/*
1551 	 * Initialize the PV entry allocator.
1552 	 */
1553 	pvzone = uma_zcreate("PV ENTRY", sizeof (struct pv_entry), NULL, NULL,
1554 	    NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
1555 	TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
1556 	pv_entry_max = shpgperproc * maxproc + vm_cnt.v_page_count;
1557 	uma_zone_reserve_kva(pvzone, pv_entry_max);
1558 	pv_entry_high_water = 9 * (pv_entry_max / 10);
1559 
1560 	/*
1561 	 * Now it is safe to enable pv_table recording.
1562 	 */
1563 	PDEBUG(1, printf("pmap_init: done!\n"));
1564 }
1565 
1566 int
pmap_fault_fixup(pmap_t pm,vm_offset_t va,vm_prot_t ftype,int user)1567 pmap_fault_fixup(pmap_t pm, vm_offset_t va, vm_prot_t ftype, int user)
1568 {
1569 	struct l2_dtable *l2;
1570 	struct l2_bucket *l2b;
1571 	pd_entry_t *pl1pd, l1pd;
1572 	pt_entry_t *ptep, pte;
1573 	vm_paddr_t pa;
1574 	u_int l1idx;
1575 	int rv = 0;
1576 
1577 	l1idx = L1_IDX(va);
1578 	rw_wlock(&pvh_global_lock);
1579 	PMAP_LOCK(pm);
1580 
1581 	/*
1582 	 * If there is no l2_dtable for this address, then the process
1583 	 * has no business accessing it.
1584 	 *
1585 	 * Note: This will catch userland processes trying to access
1586 	 * kernel addresses.
1587 	 */
1588 	l2 = pm->pm_l2[L2_IDX(l1idx)];
1589 	if (l2 == NULL)
1590 		goto out;
1591 
1592 	/*
1593 	 * Likewise if there is no L2 descriptor table
1594 	 */
1595 	l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
1596 	if (l2b->l2b_kva == NULL)
1597 		goto out;
1598 
1599 	/*
1600 	 * Check the PTE itself.
1601 	 */
1602 	ptep = &l2b->l2b_kva[l2pte_index(va)];
1603 	pte = *ptep;
1604 	if (pte == 0)
1605 		goto out;
1606 
1607 	/*
1608 	 * Catch a userland access to the vector page mapped at 0x0
1609 	 */
1610 	if (user && (pte & L2_S_PROT_U) == 0)
1611 		goto out;
1612 	if (va == vector_page)
1613 		goto out;
1614 
1615 	pa = l2pte_pa(pte);
1616 
1617 	if ((ftype & VM_PROT_WRITE) && (pte & L2_S_PROT_W) == 0) {
1618 		/*
1619 		 * This looks like a good candidate for "page modified"
1620 		 * emulation...
1621 		 */
1622 		struct pv_entry *pv;
1623 		struct vm_page *pg;
1624 
1625 		/* Extract the physical address of the page */
1626 		if ((pg = PHYS_TO_VM_PAGE(pa)) == NULL) {
1627 			goto out;
1628 		}
1629 		/* Get the current flags for this page. */
1630 
1631 		pv = pmap_find_pv(pg, pm, va);
1632 		if (pv == NULL) {
1633 			goto out;
1634 		}
1635 
1636 		/*
1637 		 * Do the flags say this page is writable? If not then it
1638 		 * is a genuine write fault. If yes then the write fault is
1639 		 * our fault as we did not reflect the write access in the
1640 		 * PTE. Now we know a write has occurred we can correct this
1641 		 * and also set the modified bit
1642 		 */
1643 		if ((pv->pv_flags & PVF_WRITE) == 0) {
1644 			goto out;
1645 		}
1646 
1647 		pg->md.pvh_attrs |= PVF_REF | PVF_MOD;
1648 		vm_page_dirty(pg);
1649 		pv->pv_flags |= PVF_REF | PVF_MOD;
1650 
1651 		/*
1652 		 * Re-enable write permissions for the page.  No need to call
1653 		 * pmap_fix_cache(), since this is just a
1654 		 * modified-emulation fault, and the PVF_WRITE bit isn't
1655 		 * changing. We've already set the cacheable bits based on
1656 		 * the assumption that we can write to this page.
1657 		 */
1658 		*ptep = (pte & ~L2_TYPE_MASK) | L2_S_PROTO | L2_S_PROT_W;
1659 		PTE_SYNC(ptep);
1660 		rv = 1;
1661 	} else
1662 	if ((pte & L2_TYPE_MASK) == L2_TYPE_INV) {
1663 		/*
1664 		 * This looks like a good candidate for "page referenced"
1665 		 * emulation.
1666 		 */
1667 		struct pv_entry *pv;
1668 		struct vm_page *pg;
1669 
1670 		/* Extract the physical address of the page */
1671 		if ((pg = PHYS_TO_VM_PAGE(pa)) == NULL)
1672 			goto out;
1673 		/* Get the current flags for this page. */
1674 
1675 		pv = pmap_find_pv(pg, pm, va);
1676 		if (pv == NULL)
1677 			goto out;
1678 
1679 		pg->md.pvh_attrs |= PVF_REF;
1680 		pv->pv_flags |= PVF_REF;
1681 
1682 
1683 		*ptep = (pte & ~L2_TYPE_MASK) | L2_S_PROTO;
1684 		PTE_SYNC(ptep);
1685 		rv = 1;
1686 	}
1687 
1688 	/*
1689 	 * We know there is a valid mapping here, so simply
1690 	 * fix up the L1 if necessary.
1691 	 */
1692 	pl1pd = &pm->pm_l1->l1_kva[l1idx];
1693 	l1pd = l2b->l2b_phys | L1_C_DOM(pm->pm_domain) | L1_C_PROTO;
1694 	if (*pl1pd != l1pd) {
1695 		*pl1pd = l1pd;
1696 		PTE_SYNC(pl1pd);
1697 		rv = 1;
1698 	}
1699 
1700 #ifdef DEBUG
1701 	/*
1702 	 * If 'rv == 0' at this point, it generally indicates that there is a
1703 	 * stale TLB entry for the faulting address. This happens when two or
1704 	 * more processes are sharing an L1. Since we don't flush the TLB on
1705 	 * a context switch between such processes, we can take domain faults
1706 	 * for mappings which exist at the same VA in both processes. EVEN IF
1707 	 * WE'VE RECENTLY FIXED UP THE CORRESPONDING L1 in pmap_enter(), for
1708 	 * example.
1709 	 *
1710 	 * This is extremely likely to happen if pmap_enter() updated the L1
1711 	 * entry for a recently entered mapping. In this case, the TLB is
1712 	 * flushed for the new mapping, but there may still be TLB entries for
1713 	 * other mappings belonging to other processes in the 1MB range
1714 	 * covered by the L1 entry.
1715 	 *
1716 	 * Since 'rv == 0', we know that the L1 already contains the correct
1717 	 * value, so the fault must be due to a stale TLB entry.
1718 	 *
1719 	 * Since we always need to flush the TLB anyway in the case where we
1720 	 * fixed up the L1, or frobbed the L2 PTE, we effectively deal with
1721 	 * stale TLB entries dynamically.
1722 	 *
1723 	 * However, the above condition can ONLY happen if the current L1 is
1724 	 * being shared. If it happens when the L1 is unshared, it indicates
1725 	 * that other parts of the pmap are not doing their job WRT managing
1726 	 * the TLB.
1727 	 */
1728 	if (rv == 0 && pm->pm_l1->l1_domain_use_count == 1) {
1729 		printf("fixup: pm %p, va 0x%lx, ftype %d - nothing to do!\n",
1730 		    pm, (u_long)va, ftype);
1731 		printf("fixup: l2 %p, l2b %p, ptep %p, pl1pd %p\n",
1732 		    l2, l2b, ptep, pl1pd);
1733 		printf("fixup: pte 0x%x, l1pd 0x%x, last code 0x%x\n",
1734 		    pte, l1pd, last_fault_code);
1735 #ifdef DDB
1736 		Debugger();
1737 #endif
1738 	}
1739 #endif
1740 
1741 	cpu_tlb_flushID_SE(va);
1742 	cpu_cpwait();
1743 
1744 	rv = 1;
1745 
1746 out:
1747 	rw_wunlock(&pvh_global_lock);
1748 	PMAP_UNLOCK(pm);
1749 	return (rv);
1750 }
1751 
1752 void
pmap_postinit(void)1753 pmap_postinit(void)
1754 {
1755 	struct l2_bucket *l2b;
1756 	struct l1_ttable *l1;
1757 	pd_entry_t *pl1pt;
1758 	pt_entry_t *ptep, pte;
1759 	vm_offset_t va, eva;
1760 	u_int loop, needed;
1761 
1762 	needed = (maxproc / PMAP_DOMAINS) + ((maxproc % PMAP_DOMAINS) ? 1 : 0);
1763 	needed -= 1;
1764 	l1 = malloc(sizeof(*l1) * needed, M_VMPMAP, M_WAITOK);
1765 
1766 	for (loop = 0; loop < needed; loop++, l1++) {
1767 		/* Allocate a L1 page table */
1768 		va = (vm_offset_t)contigmalloc(L1_TABLE_SIZE, M_VMPMAP, 0, 0x0,
1769 		    0xffffffff, L1_TABLE_SIZE, 0);
1770 
1771 		if (va == 0)
1772 			panic("Cannot allocate L1 KVM");
1773 
1774 		eva = va + L1_TABLE_SIZE;
1775 		pl1pt = (pd_entry_t *)va;
1776 
1777 		while (va < eva) {
1778 				l2b = pmap_get_l2_bucket(kernel_pmap, va);
1779 				ptep = &l2b->l2b_kva[l2pte_index(va)];
1780 				pte = *ptep;
1781 				pte = (pte & ~L2_S_CACHE_MASK) | pte_l2_s_cache_mode_pt;
1782 				*ptep = pte;
1783 				PTE_SYNC(ptep);
1784 				cpu_tlb_flushD_SE(va);
1785 
1786 				va += PAGE_SIZE;
1787 		}
1788 		pmap_init_l1(l1, pl1pt);
1789 	}
1790 
1791 
1792 #ifdef DEBUG
1793 	printf("pmap_postinit: Allocated %d static L1 descriptor tables\n",
1794 	    needed);
1795 #endif
1796 }
1797 
1798 /*
1799  * This is used to stuff certain critical values into the PCB where they
1800  * can be accessed quickly from cpu_switch() et al.
1801  */
1802 void
pmap_set_pcb_pagedir(pmap_t pm,struct pcb * pcb)1803 pmap_set_pcb_pagedir(pmap_t pm, struct pcb *pcb)
1804 {
1805 	struct l2_bucket *l2b;
1806 
1807 	pcb->pcb_pagedir = pm->pm_l1->l1_physaddr;
1808 	pcb->pcb_dacr = (DOMAIN_CLIENT << (PMAP_DOMAIN_KERNEL * 2)) |
1809 	    (DOMAIN_CLIENT << (pm->pm_domain * 2));
1810 
1811 	if (vector_page < KERNBASE) {
1812 		pcb->pcb_pl1vec = &pm->pm_l1->l1_kva[L1_IDX(vector_page)];
1813 		l2b = pmap_get_l2_bucket(pm, vector_page);
1814 		pcb->pcb_l1vec = l2b->l2b_phys | L1_C_PROTO |
1815 	 	    L1_C_DOM(pm->pm_domain) | L1_C_DOM(PMAP_DOMAIN_KERNEL);
1816 	} else
1817 		pcb->pcb_pl1vec = NULL;
1818 }
1819 
1820 void
pmap_activate(struct thread * td)1821 pmap_activate(struct thread *td)
1822 {
1823 	pmap_t pm;
1824 	struct pcb *pcb;
1825 
1826 	pm = vmspace_pmap(td->td_proc->p_vmspace);
1827 	pcb = td->td_pcb;
1828 
1829 	critical_enter();
1830 	pmap_set_pcb_pagedir(pm, pcb);
1831 
1832 	if (td == curthread) {
1833 		u_int cur_dacr, cur_ttb;
1834 
1835 		__asm __volatile("mrc p15, 0, %0, c2, c0, 0" : "=r"(cur_ttb));
1836 		__asm __volatile("mrc p15, 0, %0, c3, c0, 0" : "=r"(cur_dacr));
1837 
1838 		cur_ttb &= ~(L1_TABLE_SIZE - 1);
1839 
1840 		if (cur_ttb == (u_int)pcb->pcb_pagedir &&
1841 		    cur_dacr == pcb->pcb_dacr) {
1842 			/*
1843 			 * No need to switch address spaces.
1844 			 */
1845 			critical_exit();
1846 			return;
1847 		}
1848 
1849 
1850 		/*
1851 		 * We MUST, I repeat, MUST fix up the L1 entry corresponding
1852 		 * to 'vector_page' in the incoming L1 table before switching
1853 		 * to it otherwise subsequent interrupts/exceptions (including
1854 		 * domain faults!) will jump into hyperspace.
1855 		 */
1856 		if (pcb->pcb_pl1vec) {
1857 
1858 			*pcb->pcb_pl1vec = pcb->pcb_l1vec;
1859 			/*
1860 			 * Don't need to PTE_SYNC() at this point since
1861 			 * cpu_setttb() is about to flush both the cache
1862 			 * and the TLB.
1863 			 */
1864 		}
1865 
1866 		cpu_domains(pcb->pcb_dacr);
1867 		cpu_setttb(pcb->pcb_pagedir);
1868 	}
1869 	critical_exit();
1870 }
1871 
1872 static int
pmap_set_pt_cache_mode(pd_entry_t * kl1,vm_offset_t va)1873 pmap_set_pt_cache_mode(pd_entry_t *kl1, vm_offset_t va)
1874 {
1875 	pd_entry_t *pdep, pde;
1876 	pt_entry_t *ptep, pte;
1877 	vm_offset_t pa;
1878 	int rv = 0;
1879 
1880 	/*
1881 	 * Make sure the descriptor itself has the correct cache mode
1882 	 */
1883 	pdep = &kl1[L1_IDX(va)];
1884 	pde = *pdep;
1885 
1886 	if (l1pte_section_p(pde)) {
1887 		if ((pde & L1_S_CACHE_MASK) != pte_l1_s_cache_mode_pt) {
1888 			*pdep = (pde & ~L1_S_CACHE_MASK) |
1889 			    pte_l1_s_cache_mode_pt;
1890 			PTE_SYNC(pdep);
1891 			cpu_dcache_wbinv_range((vm_offset_t)pdep,
1892 			    sizeof(*pdep));
1893 			cpu_l2cache_wbinv_range((vm_offset_t)pdep,
1894 			    sizeof(*pdep));
1895 			rv = 1;
1896 		}
1897 	} else {
1898 		pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1899 		ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1900 		if (ptep == NULL)
1901 			panic("pmap_bootstrap: No L2 for L2 @ va %p\n", ptep);
1902 
1903 		ptep = &ptep[l2pte_index(va)];
1904 		pte = *ptep;
1905 		if ((pte & L2_S_CACHE_MASK) != pte_l2_s_cache_mode_pt) {
1906 			*ptep = (pte & ~L2_S_CACHE_MASK) |
1907 			    pte_l2_s_cache_mode_pt;
1908 			PTE_SYNC(ptep);
1909 			cpu_dcache_wbinv_range((vm_offset_t)ptep,
1910 			    sizeof(*ptep));
1911 			cpu_l2cache_wbinv_range((vm_offset_t)ptep,
1912 			    sizeof(*ptep));
1913 			rv = 1;
1914 		}
1915 	}
1916 
1917 	return (rv);
1918 }
1919 
1920 static void
pmap_alloc_specials(vm_offset_t * availp,int pages,vm_offset_t * vap,pt_entry_t ** ptep)1921 pmap_alloc_specials(vm_offset_t *availp, int pages, vm_offset_t *vap,
1922     pt_entry_t **ptep)
1923 {
1924 	vm_offset_t va = *availp;
1925 	struct l2_bucket *l2b;
1926 
1927 	if (ptep) {
1928 		l2b = pmap_get_l2_bucket(kernel_pmap, va);
1929 		if (l2b == NULL)
1930 			panic("pmap_alloc_specials: no l2b for 0x%x", va);
1931 
1932 		*ptep = &l2b->l2b_kva[l2pte_index(va)];
1933 	}
1934 
1935 	*vap = va;
1936 	*availp = va + (PAGE_SIZE * pages);
1937 }
1938 
1939 /*
1940  *	Bootstrap the system enough to run with virtual memory.
1941  *
1942  *	On the arm this is called after mapping has already been enabled
1943  *	and just syncs the pmap module with what has already been done.
1944  *	[We can't call it easily with mapping off since the kernel is not
1945  *	mapped with PA == VA, hence we would have to relocate every address
1946  *	from the linked base (virtual) address "KERNBASE" to the actual
1947  *	(physical) address starting relative to 0]
1948  */
1949 #define PMAP_STATIC_L2_SIZE 16
1950 void
pmap_bootstrap(vm_offset_t firstaddr,struct pv_addr * l1pt)1951 pmap_bootstrap(vm_offset_t firstaddr, struct pv_addr *l1pt)
1952 {
1953 	static struct l1_ttable static_l1;
1954 	static struct l2_dtable static_l2[PMAP_STATIC_L2_SIZE];
1955 	struct l1_ttable *l1 = &static_l1;
1956 	struct l2_dtable *l2;
1957 	struct l2_bucket *l2b;
1958 	pd_entry_t pde;
1959 	pd_entry_t *kernel_l1pt = (pd_entry_t *)l1pt->pv_va;
1960 	pt_entry_t *ptep;
1961 	pt_entry_t *qmap_pte;
1962 	vm_paddr_t pa;
1963 	vm_offset_t va;
1964 	vm_size_t size;
1965 	int l1idx, l2idx, l2next = 0;
1966 
1967 	PDEBUG(1, printf("firstaddr = %08x, lastaddr = %08x\n",
1968 	    firstaddr, vm_max_kernel_address));
1969 
1970 	virtual_avail = firstaddr;
1971 	kernel_pmap->pm_l1 = l1;
1972 	kernel_l1pa = l1pt->pv_pa;
1973 
1974 	/*
1975 	 * Scan the L1 translation table created by initarm() and create
1976 	 * the required metadata for all valid mappings found in it.
1977 	 */
1978 	for (l1idx = 0; l1idx < (L1_TABLE_SIZE / sizeof(pd_entry_t)); l1idx++) {
1979 		pde = kernel_l1pt[l1idx];
1980 
1981 		/*
1982 		 * We're only interested in Coarse mappings.
1983 		 * pmap_extract() can deal with section mappings without
1984 		 * recourse to checking L2 metadata.
1985 		 */
1986 		if ((pde & L1_TYPE_MASK) != L1_TYPE_C)
1987 			continue;
1988 
1989 		/*
1990 		 * Lookup the KVA of this L2 descriptor table
1991 		 */
1992 		pa = (vm_paddr_t)(pde & L1_C_ADDR_MASK);
1993 		ptep = (pt_entry_t *)kernel_pt_lookup(pa);
1994 
1995 		if (ptep == NULL) {
1996 			panic("pmap_bootstrap: No L2 for va 0x%x, pa 0x%lx",
1997 			    (u_int)l1idx << L1_S_SHIFT, (long unsigned int)pa);
1998 		}
1999 
2000 		/*
2001 		 * Fetch the associated L2 metadata structure.
2002 		 * Allocate a new one if necessary.
2003 		 */
2004 		if ((l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)]) == NULL) {
2005 			if (l2next == PMAP_STATIC_L2_SIZE)
2006 				panic("pmap_bootstrap: out of static L2s");
2007 			kernel_pmap->pm_l2[L2_IDX(l1idx)] = l2 =
2008 			    &static_l2[l2next++];
2009 		}
2010 
2011 		/*
2012 		 * One more L1 slot tracked...
2013 		 */
2014 		l2->l2_occupancy++;
2015 
2016 		/*
2017 		 * Fill in the details of the L2 descriptor in the
2018 		 * appropriate bucket.
2019 		 */
2020 		l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
2021 		l2b->l2b_kva = ptep;
2022 		l2b->l2b_phys = pa;
2023 		l2b->l2b_l1idx = l1idx;
2024 
2025 		/*
2026 		 * Establish an initial occupancy count for this descriptor
2027 		 */
2028 		for (l2idx = 0;
2029 		    l2idx < (L2_TABLE_SIZE_REAL / sizeof(pt_entry_t));
2030 		    l2idx++) {
2031 			if ((ptep[l2idx] & L2_TYPE_MASK) != L2_TYPE_INV) {
2032 				l2b->l2b_occupancy++;
2033 			}
2034 		}
2035 
2036 		/*
2037 		 * Make sure the descriptor itself has the correct cache mode.
2038 		 * If not, fix it, but whine about the problem. Port-meisters
2039 		 * should consider this a clue to fix up their initarm()
2040 		 * function. :)
2041 		 */
2042 		if (pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)ptep)) {
2043 			printf("pmap_bootstrap: WARNING! wrong cache mode for "
2044 			    "L2 pte @ %p\n", ptep);
2045 		}
2046 	}
2047 
2048 
2049 	/*
2050 	 * Ensure the primary (kernel) L1 has the correct cache mode for
2051 	 * a page table. Bitch if it is not correctly set.
2052 	 */
2053 	for (va = (vm_offset_t)kernel_l1pt;
2054 	    va < ((vm_offset_t)kernel_l1pt + L1_TABLE_SIZE); va += PAGE_SIZE) {
2055 		if (pmap_set_pt_cache_mode(kernel_l1pt, va))
2056 			printf("pmap_bootstrap: WARNING! wrong cache mode for "
2057 			    "primary L1 @ 0x%x\n", va);
2058 	}
2059 
2060 	cpu_dcache_wbinv_all();
2061 	cpu_l2cache_wbinv_all();
2062 	cpu_tlb_flushID();
2063 	cpu_cpwait();
2064 
2065 	PMAP_LOCK_INIT(kernel_pmap);
2066 	CPU_FILL(&kernel_pmap->pm_active);
2067 	kernel_pmap->pm_domain = PMAP_DOMAIN_KERNEL;
2068 	TAILQ_INIT(&kernel_pmap->pm_pvlist);
2069 
2070  	/*
2071 	 * Initialize the global pv list lock.
2072 	 */
2073 	rw_init_flags(&pvh_global_lock, "pmap pv global", RW_RECURSE);
2074 
2075 	/*
2076 	 * Reserve some special page table entries/VA space for temporary
2077 	 * mapping of pages.
2078 	 */
2079 	pmap_alloc_specials(&virtual_avail, 1, &csrcp, &csrc_pte);
2080 	pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)csrc_pte);
2081 	pmap_alloc_specials(&virtual_avail, 1, &cdstp, &cdst_pte);
2082 	pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)cdst_pte);
2083 	pmap_alloc_specials(&virtual_avail, 1, &qmap_addr, &qmap_pte);
2084 	pmap_set_pt_cache_mode(kernel_l1pt, (vm_offset_t)qmap_pte);
2085 	size = ((vm_max_kernel_address - pmap_curmaxkvaddr) + L1_S_OFFSET) /
2086 	    L1_S_SIZE;
2087 	pmap_alloc_specials(&virtual_avail,
2088 	    round_page(size * L2_TABLE_SIZE_REAL) / PAGE_SIZE,
2089 	    &pmap_kernel_l2ptp_kva, NULL);
2090 
2091 	size = howmany(size, L2_BUCKET_SIZE);
2092 	pmap_alloc_specials(&virtual_avail,
2093 	    round_page(size * sizeof(struct l2_dtable)) / PAGE_SIZE,
2094 	    &pmap_kernel_l2dtable_kva, NULL);
2095 
2096 	pmap_alloc_specials(&virtual_avail,
2097 	    1, (vm_offset_t*)&_tmppt, NULL);
2098 	pmap_alloc_specials(&virtual_avail,
2099 	    MAXDUMPPGS, (vm_offset_t *)&crashdumpmap, NULL);
2100 	SLIST_INIT(&l1_list);
2101 	TAILQ_INIT(&l1_lru_list);
2102 	mtx_init(&l1_lru_lock, "l1 list lock", NULL, MTX_DEF);
2103 	pmap_init_l1(l1, kernel_l1pt);
2104 	cpu_dcache_wbinv_all();
2105 	cpu_l2cache_wbinv_all();
2106 
2107 	virtual_avail = round_page(virtual_avail);
2108 	virtual_end = vm_max_kernel_address;
2109 	kernel_vm_end = pmap_curmaxkvaddr;
2110 	mtx_init(&cmtx, "TMP mappings mtx", NULL, MTX_DEF);
2111 	mtx_init(&qmap_mtx, "quick mapping mtx", NULL, MTX_DEF);
2112 
2113 	pmap_set_pcb_pagedir(kernel_pmap, thread0.td_pcb);
2114 }
2115 
2116 /***************************************************
2117  * Pmap allocation/deallocation routines.
2118  ***************************************************/
2119 
2120 /*
2121  * Release any resources held by the given physical map.
2122  * Called when a pmap initialized by pmap_pinit is being released.
2123  * Should only be called if the map contains no valid mappings.
2124  */
2125 void
pmap_release(pmap_t pmap)2126 pmap_release(pmap_t pmap)
2127 {
2128 	struct pcb *pcb;
2129 
2130 	pmap_idcache_wbinv_all(pmap);
2131 	cpu_l2cache_wbinv_all();
2132 	pmap_tlb_flushID(pmap);
2133 	cpu_cpwait();
2134 	if (vector_page < KERNBASE) {
2135 		struct pcb *curpcb = PCPU_GET(curpcb);
2136 		pcb = thread0.td_pcb;
2137 		if (pmap_is_current(pmap)) {
2138 			/*
2139  			 * Frob the L1 entry corresponding to the vector
2140 			 * page so that it contains the kernel pmap's domain
2141 			 * number. This will ensure pmap_remove() does not
2142 			 * pull the current vector page out from under us.
2143 			 */
2144 			critical_enter();
2145 			*pcb->pcb_pl1vec = pcb->pcb_l1vec;
2146 			cpu_domains(pcb->pcb_dacr);
2147 			cpu_setttb(pcb->pcb_pagedir);
2148 			critical_exit();
2149 		}
2150 		pmap_remove(pmap, vector_page, vector_page + PAGE_SIZE);
2151 		/*
2152 		 * Make sure cpu_switch(), et al, DTRT. This is safe to do
2153 		 * since this process has no remaining mappings of its own.
2154 		 */
2155 		curpcb->pcb_pl1vec = pcb->pcb_pl1vec;
2156 		curpcb->pcb_l1vec = pcb->pcb_l1vec;
2157 		curpcb->pcb_dacr = pcb->pcb_dacr;
2158 		curpcb->pcb_pagedir = pcb->pcb_pagedir;
2159 
2160 	}
2161 	pmap_free_l1(pmap);
2162 
2163 	dprintf("pmap_release()\n");
2164 }
2165 
2166 
2167 
2168 /*
2169  * Helper function for pmap_grow_l2_bucket()
2170  */
2171 static __inline int
pmap_grow_map(vm_offset_t va,pt_entry_t cache_mode,vm_paddr_t * pap)2172 pmap_grow_map(vm_offset_t va, pt_entry_t cache_mode, vm_paddr_t *pap)
2173 {
2174 	struct l2_bucket *l2b;
2175 	pt_entry_t *ptep;
2176 	vm_paddr_t pa;
2177 	struct vm_page *pg;
2178 
2179 	pg = vm_page_alloc(NULL, 0, VM_ALLOC_NOOBJ | VM_ALLOC_WIRED);
2180 	if (pg == NULL)
2181 		return (1);
2182 	pa = VM_PAGE_TO_PHYS(pg);
2183 
2184 	if (pap)
2185 		*pap = pa;
2186 
2187 	l2b = pmap_get_l2_bucket(kernel_pmap, va);
2188 
2189 	ptep = &l2b->l2b_kva[l2pte_index(va)];
2190 	*ptep = L2_S_PROTO | pa | cache_mode |
2191 	    L2_S_PROT(PTE_KERNEL, VM_PROT_READ | VM_PROT_WRITE);
2192 	PTE_SYNC(ptep);
2193 	return (0);
2194 }
2195 
2196 /*
2197  * This is the same as pmap_alloc_l2_bucket(), except that it is only
2198  * used by pmap_growkernel().
2199  */
2200 static __inline struct l2_bucket *
pmap_grow_l2_bucket(pmap_t pm,vm_offset_t va)2201 pmap_grow_l2_bucket(pmap_t pm, vm_offset_t va)
2202 {
2203 	struct l2_dtable *l2;
2204 	struct l2_bucket *l2b;
2205 	struct l1_ttable *l1;
2206 	pd_entry_t *pl1pd;
2207 	u_short l1idx;
2208 	vm_offset_t nva;
2209 
2210 	l1idx = L1_IDX(va);
2211 
2212 	if ((l2 = pm->pm_l2[L2_IDX(l1idx)]) == NULL) {
2213 		/*
2214 		 * No mapping at this address, as there is
2215 		 * no entry in the L1 table.
2216 		 * Need to allocate a new l2_dtable.
2217 		 */
2218 		nva = pmap_kernel_l2dtable_kva;
2219 		if ((nva & PAGE_MASK) == 0) {
2220 			/*
2221 			 * Need to allocate a backing page
2222 			 */
2223 			if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2224 				return (NULL);
2225 		}
2226 
2227 		l2 = (struct l2_dtable *)nva;
2228 		nva += sizeof(struct l2_dtable);
2229 
2230 		if ((nva & PAGE_MASK) < (pmap_kernel_l2dtable_kva &
2231 		    PAGE_MASK)) {
2232 			/*
2233 			 * The new l2_dtable straddles a page boundary.
2234 			 * Map in another page to cover it.
2235 			 */
2236 			if (pmap_grow_map(nva, pte_l2_s_cache_mode, NULL))
2237 				return (NULL);
2238 		}
2239 
2240 		pmap_kernel_l2dtable_kva = nva;
2241 
2242 		/*
2243 		 * Link it into the parent pmap
2244 		 */
2245 		pm->pm_l2[L2_IDX(l1idx)] = l2;
2246 		memset(l2, 0, sizeof(*l2));
2247 	}
2248 
2249 	l2b = &l2->l2_bucket[L2_BUCKET(l1idx)];
2250 
2251 	/*
2252 	 * Fetch pointer to the L2 page table associated with the address.
2253 	 */
2254 	if (l2b->l2b_kva == NULL) {
2255 		pt_entry_t *ptep;
2256 
2257 		/*
2258 		 * No L2 page table has been allocated. Chances are, this
2259 		 * is because we just allocated the l2_dtable, above.
2260 		 */
2261 		nva = pmap_kernel_l2ptp_kva;
2262 		ptep = (pt_entry_t *)nva;
2263 		if ((nva & PAGE_MASK) == 0) {
2264 			/*
2265 			 * Need to allocate a backing page
2266 			 */
2267 			if (pmap_grow_map(nva, pte_l2_s_cache_mode_pt,
2268 			    &pmap_kernel_l2ptp_phys))
2269 				return (NULL);
2270 			PTE_SYNC_RANGE(ptep, PAGE_SIZE / sizeof(pt_entry_t));
2271 		}
2272 		memset(ptep, 0, L2_TABLE_SIZE_REAL);
2273 		l2->l2_occupancy++;
2274 		l2b->l2b_kva = ptep;
2275 		l2b->l2b_l1idx = l1idx;
2276 		l2b->l2b_phys = pmap_kernel_l2ptp_phys;
2277 
2278 		pmap_kernel_l2ptp_kva += L2_TABLE_SIZE_REAL;
2279 		pmap_kernel_l2ptp_phys += L2_TABLE_SIZE_REAL;
2280 	}
2281 
2282 	/* Distribute new L1 entry to all other L1s */
2283 	SLIST_FOREACH(l1, &l1_list, l1_link) {
2284 			pl1pd = &l1->l1_kva[L1_IDX(va)];
2285 			*pl1pd = l2b->l2b_phys | L1_C_DOM(PMAP_DOMAIN_KERNEL) |
2286 			    L1_C_PROTO;
2287 			PTE_SYNC(pl1pd);
2288 	}
2289 
2290 	return (l2b);
2291 }
2292 
2293 
2294 /*
2295  * grow the number of kernel page table entries, if needed
2296  */
2297 void
pmap_growkernel(vm_offset_t addr)2298 pmap_growkernel(vm_offset_t addr)
2299 {
2300 	pmap_t kpm = kernel_pmap;
2301 
2302 	if (addr <= pmap_curmaxkvaddr)
2303 		return;		/* we are OK */
2304 
2305 	/*
2306 	 * whoops!   we need to add kernel PTPs
2307 	 */
2308 
2309 	/* Map 1MB at a time */
2310 	for (; pmap_curmaxkvaddr < addr; pmap_curmaxkvaddr += L1_S_SIZE)
2311 		pmap_grow_l2_bucket(kpm, pmap_curmaxkvaddr);
2312 
2313 	/*
2314 	 * flush out the cache, expensive but growkernel will happen so
2315 	 * rarely
2316 	 */
2317 	cpu_dcache_wbinv_all();
2318 	cpu_l2cache_wbinv_all();
2319 	cpu_tlb_flushD();
2320 	cpu_cpwait();
2321 	kernel_vm_end = pmap_curmaxkvaddr;
2322 }
2323 
2324 
2325 /*
2326  * Remove all pages from specified address space
2327  * this aids process exit speeds.  Also, this code
2328  * is special cased for current process only, but
2329  * can have the more generic (and slightly slower)
2330  * mode enabled.  This is much faster than pmap_remove
2331  * in the case of running down an entire address space.
2332  */
2333 void
pmap_remove_pages(pmap_t pmap)2334 pmap_remove_pages(pmap_t pmap)
2335 {
2336 	struct pv_entry *pv, *npv;
2337 	struct l2_bucket *l2b = NULL;
2338 	vm_page_t m;
2339 	pt_entry_t *pt;
2340 
2341 	rw_wlock(&pvh_global_lock);
2342 	PMAP_LOCK(pmap);
2343 	cpu_idcache_wbinv_all();
2344 	cpu_l2cache_wbinv_all();
2345 	for (pv = TAILQ_FIRST(&pmap->pm_pvlist); pv; pv = npv) {
2346 		if (pv->pv_flags & PVF_WIRED || pv->pv_flags & PVF_UNMAN) {
2347 			/* Cannot remove wired or unmanaged pages now. */
2348 			npv = TAILQ_NEXT(pv, pv_plist);
2349 			continue;
2350 		}
2351 		pmap->pm_stats.resident_count--;
2352 		l2b = pmap_get_l2_bucket(pmap, pv->pv_va);
2353 		KASSERT(l2b != NULL, ("No L2 bucket in pmap_remove_pages"));
2354 		pt = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
2355 		m = PHYS_TO_VM_PAGE(*pt & L2_S_FRAME);
2356 		KASSERT((vm_offset_t)m >= KERNBASE, ("Trying to access non-existent page va %x pte %x", pv->pv_va, *pt));
2357 		*pt = 0;
2358 		PTE_SYNC(pt);
2359 		npv = TAILQ_NEXT(pv, pv_plist);
2360 		pmap_nuke_pv(m, pmap, pv);
2361 		if (TAILQ_EMPTY(&m->md.pv_list))
2362 			vm_page_aflag_clear(m, PGA_WRITEABLE);
2363 		pmap_free_pv_entry(pv);
2364 		pmap_free_l2_bucket(pmap, l2b, 1);
2365 	}
2366 	rw_wunlock(&pvh_global_lock);
2367 	cpu_tlb_flushID();
2368 	cpu_cpwait();
2369 	PMAP_UNLOCK(pmap);
2370 }
2371 
2372 
2373 /***************************************************
2374  * Low level mapping routines.....
2375  ***************************************************/
2376 
2377 /* Map a section into the KVA. */
2378 
2379 /*
2380  * Make a temporary mapping for a physical address.  This is only intended
2381  * to be used for panic dumps.
2382  */
2383 void *
pmap_kenter_temporary(vm_paddr_t pa,int i)2384 pmap_kenter_temporary(vm_paddr_t pa, int i)
2385 {
2386 	vm_offset_t va;
2387 
2388 	va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
2389 	pmap_kenter(va, pa);
2390 	return ((void *)crashdumpmap);
2391 }
2392 
2393 /*
2394  * add a wired page to the kva
2395  * note that in order for the mapping to take effect -- you
2396  * should do a invltlb after doing the pmap_kenter...
2397  */
2398 static PMAP_INLINE void
pmap_kenter_internal(vm_offset_t va,vm_offset_t pa,int flags)2399 pmap_kenter_internal(vm_offset_t va, vm_offset_t pa, int flags)
2400 {
2401 	struct l2_bucket *l2b;
2402 	pt_entry_t *pte;
2403 	pt_entry_t opte;
2404 	struct pv_entry *pve;
2405 	vm_page_t m;
2406 
2407 	PDEBUG(1, printf("pmap_kenter: va = %08x, pa = %08x\n",
2408 	    (uint32_t) va, (uint32_t) pa));
2409 
2410 
2411 	l2b = pmap_get_l2_bucket(kernel_pmap, va);
2412 	if (l2b == NULL)
2413 		l2b = pmap_grow_l2_bucket(kernel_pmap, va);
2414 	KASSERT(l2b != NULL, ("No L2 Bucket"));
2415 	pte = &l2b->l2b_kva[l2pte_index(va)];
2416 	opte = *pte;
2417 	PDEBUG(1, printf("pmap_kenter: pte = %08x, opte = %08x, npte = %08x\n",
2418 	    (uint32_t) pte, opte, *pte));
2419 	if (l2pte_valid(opte)) {
2420 		pmap_kremove(va);
2421 	} else {
2422 		if (opte == 0)
2423 			l2b->l2b_occupancy++;
2424 	}
2425 	*pte = L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL,
2426 	    VM_PROT_READ | VM_PROT_WRITE);
2427 	if (flags & KENTER_CACHE)
2428 		*pte |= pte_l2_s_cache_mode;
2429 	if (flags & KENTER_USER)
2430 		*pte |= L2_S_PROT_U;
2431 	PTE_SYNC(pte);
2432 
2433 	/*
2434 	 * A kernel mapping may not be the page's only mapping, so create a PV
2435 	 * entry to ensure proper caching.
2436  	 *
2437 	 * The existence test for the pvzone is used to delay the recording of
2438 	 * kernel mappings until the VM system is fully initialized.
2439 	 *
2440 	 * This expects the physical memory to have a vm_page_array entry.
2441 	 */
2442 	if (pvzone != NULL && (m = vm_phys_paddr_to_vm_page(pa)) != NULL) {
2443 		rw_wlock(&pvh_global_lock);
2444 		if (!TAILQ_EMPTY(&m->md.pv_list) || m->md.pv_kva != 0) {
2445 			if ((pve = pmap_get_pv_entry()) == NULL)
2446 				panic("pmap_kenter_internal: no pv entries");
2447 			PMAP_LOCK(kernel_pmap);
2448 			pmap_enter_pv(m, pve, kernel_pmap, va,
2449 			    PVF_WRITE | PVF_UNMAN);
2450 			pmap_fix_cache(m, kernel_pmap, va);
2451 			PMAP_UNLOCK(kernel_pmap);
2452 		} else {
2453 			m->md.pv_kva = va;
2454 		}
2455 		rw_wunlock(&pvh_global_lock);
2456 	}
2457 }
2458 
2459 void
pmap_kenter(vm_offset_t va,vm_paddr_t pa)2460 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
2461 {
2462 	pmap_kenter_internal(va, pa, KENTER_CACHE);
2463 }
2464 
2465 void
pmap_kenter_nocache(vm_offset_t va,vm_paddr_t pa)2466 pmap_kenter_nocache(vm_offset_t va, vm_paddr_t pa)
2467 {
2468 
2469 	pmap_kenter_internal(va, pa, 0);
2470 }
2471 
2472 void
pmap_kenter_device(vm_offset_t va,vm_size_t size,vm_paddr_t pa)2473 pmap_kenter_device(vm_offset_t va, vm_size_t size, vm_paddr_t pa)
2474 {
2475 	vm_offset_t sva;
2476 
2477 	KASSERT((size & PAGE_MASK) == 0,
2478 	    ("%s: device mapping not page-sized", __func__));
2479 
2480 	sva = va;
2481 	while (size != 0) {
2482 		pmap_kenter_internal(va, pa, 0);
2483 		va += PAGE_SIZE;
2484 		pa += PAGE_SIZE;
2485 		size -= PAGE_SIZE;
2486 	}
2487 }
2488 
2489 void
pmap_kremove_device(vm_offset_t va,vm_size_t size)2490 pmap_kremove_device(vm_offset_t va, vm_size_t size)
2491 {
2492 	vm_offset_t sva;
2493 
2494 	KASSERT((size & PAGE_MASK) == 0,
2495 	    ("%s: device mapping not page-sized", __func__));
2496 
2497 	sva = va;
2498 	while (size != 0) {
2499 		pmap_kremove(va);
2500 		va += PAGE_SIZE;
2501 		size -= PAGE_SIZE;
2502 	}
2503 }
2504 
2505 void
pmap_kenter_user(vm_offset_t va,vm_paddr_t pa)2506 pmap_kenter_user(vm_offset_t va, vm_paddr_t pa)
2507 {
2508 
2509 	pmap_kenter_internal(va, pa, KENTER_CACHE|KENTER_USER);
2510 	/*
2511 	 * Call pmap_fault_fixup now, to make sure we'll have no exception
2512 	 * at the first use of the new address, or bad things will happen,
2513 	 * as we use one of these addresses in the exception handlers.
2514 	 */
2515 	pmap_fault_fixup(kernel_pmap, va, VM_PROT_READ|VM_PROT_WRITE, 1);
2516 }
2517 
2518 vm_paddr_t
pmap_kextract(vm_offset_t va)2519 pmap_kextract(vm_offset_t va)
2520 {
2521 
2522 	return (pmap_extract_locked(kernel_pmap, va));
2523 }
2524 
2525 /*
2526  * remove a page from the kernel pagetables
2527  */
2528 void
pmap_kremove(vm_offset_t va)2529 pmap_kremove(vm_offset_t va)
2530 {
2531 	struct l2_bucket *l2b;
2532 	pt_entry_t *pte, opte;
2533 	struct pv_entry *pve;
2534 	vm_page_t m;
2535 	vm_offset_t pa;
2536 
2537 	l2b = pmap_get_l2_bucket(kernel_pmap, va);
2538 	if (!l2b)
2539 		return;
2540 	KASSERT(l2b != NULL, ("No L2 Bucket"));
2541 	pte = &l2b->l2b_kva[l2pte_index(va)];
2542 	opte = *pte;
2543 	if (l2pte_valid(opte)) {
2544 		/* pa = vtophs(va) taken from pmap_extract() */
2545 		if ((opte & L2_TYPE_MASK) == L2_TYPE_L)
2546 			pa = (opte & L2_L_FRAME) | (va & L2_L_OFFSET);
2547 		else
2548 			pa = (opte & L2_S_FRAME) | (va & L2_S_OFFSET);
2549 		/* note: should never have to remove an allocation
2550 		 * before the pvzone is initialized.
2551 		 */
2552 		rw_wlock(&pvh_global_lock);
2553 		PMAP_LOCK(kernel_pmap);
2554 		if (pvzone != NULL && (m = vm_phys_paddr_to_vm_page(pa)) &&
2555 		    (pve = pmap_remove_pv(m, kernel_pmap, va)))
2556 			pmap_free_pv_entry(pve);
2557 		PMAP_UNLOCK(kernel_pmap);
2558 		rw_wunlock(&pvh_global_lock);
2559 		va = va & ~PAGE_MASK;
2560 		cpu_dcache_wbinv_range(va, PAGE_SIZE);
2561 		cpu_l2cache_wbinv_range(va, PAGE_SIZE);
2562 		cpu_tlb_flushD_SE(va);
2563 		cpu_cpwait();
2564 		*pte = 0;
2565 	}
2566 }
2567 
2568 
2569 /*
2570  *	Used to map a range of physical addresses into kernel
2571  *	virtual address space.
2572  *
2573  *	The value passed in '*virt' is a suggested virtual address for
2574  *	the mapping. Architectures which can support a direct-mapped
2575  *	physical to virtual region can return the appropriate address
2576  *	within that region, leaving '*virt' unchanged. Other
2577  *	architectures should map the pages starting at '*virt' and
2578  *	update '*virt' with the first usable address after the mapped
2579  *	region.
2580  */
2581 vm_offset_t
pmap_map(vm_offset_t * virt,vm_offset_t start,vm_offset_t end,int prot)2582 pmap_map(vm_offset_t *virt, vm_offset_t start, vm_offset_t end, int prot)
2583 {
2584 	vm_offset_t sva = *virt;
2585 	vm_offset_t va = sva;
2586 
2587 	PDEBUG(1, printf("pmap_map: virt = %08x, start = %08x, end = %08x, "
2588 	    "prot = %d\n", (uint32_t) *virt, (uint32_t) start, (uint32_t) end,
2589 	    prot));
2590 
2591 	while (start < end) {
2592 		pmap_kenter(va, start);
2593 		va += PAGE_SIZE;
2594 		start += PAGE_SIZE;
2595 	}
2596 	*virt = va;
2597 	return (sva);
2598 }
2599 
2600 static void
pmap_wb_page(vm_page_t m)2601 pmap_wb_page(vm_page_t m)
2602 {
2603 	struct pv_entry *pv;
2604 
2605 	TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
2606 	    pmap_dcache_wb_range(pv->pv_pmap, pv->pv_va, PAGE_SIZE, FALSE,
2607 		(pv->pv_flags & PVF_WRITE) == 0);
2608 }
2609 
2610 static void
pmap_inv_page(vm_page_t m)2611 pmap_inv_page(vm_page_t m)
2612 {
2613 	struct pv_entry *pv;
2614 
2615 	TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
2616 	    pmap_dcache_wb_range(pv->pv_pmap, pv->pv_va, PAGE_SIZE, TRUE, TRUE);
2617 }
2618 /*
2619  * Add a list of wired pages to the kva
2620  * this routine is only used for temporary
2621  * kernel mappings that do not need to have
2622  * page modification or references recorded.
2623  * Note that old mappings are simply written
2624  * over.  The page *must* be wired.
2625  */
2626 void
pmap_qenter(vm_offset_t va,vm_page_t * m,int count)2627 pmap_qenter(vm_offset_t va, vm_page_t *m, int count)
2628 {
2629 	int i;
2630 
2631 	for (i = 0; i < count; i++) {
2632 		pmap_wb_page(m[i]);
2633 		pmap_kenter_internal(va, VM_PAGE_TO_PHYS(m[i]),
2634 		    KENTER_CACHE);
2635 		va += PAGE_SIZE;
2636 	}
2637 }
2638 
2639 
2640 /*
2641  * this routine jerks page mappings from the
2642  * kernel -- it is meant only for temporary mappings.
2643  */
2644 void
pmap_qremove(vm_offset_t va,int count)2645 pmap_qremove(vm_offset_t va, int count)
2646 {
2647 	vm_paddr_t pa;
2648 	int i;
2649 
2650 	for (i = 0; i < count; i++) {
2651 		pa = vtophys(va);
2652 		if (pa) {
2653 			pmap_inv_page(PHYS_TO_VM_PAGE(pa));
2654 			pmap_kremove(va);
2655 		}
2656 		va += PAGE_SIZE;
2657 	}
2658 }
2659 
2660 
2661 /*
2662  * pmap_object_init_pt preloads the ptes for a given object
2663  * into the specified pmap.  This eliminates the blast of soft
2664  * faults on process startup and immediately after an mmap.
2665  */
2666 void
pmap_object_init_pt(pmap_t pmap,vm_offset_t addr,vm_object_t object,vm_pindex_t pindex,vm_size_t size)2667 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
2668     vm_pindex_t pindex, vm_size_t size)
2669 {
2670 
2671 	VM_OBJECT_ASSERT_WLOCKED(object);
2672 	KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
2673 	    ("pmap_object_init_pt: non-device object"));
2674 }
2675 
2676 
2677 /*
2678  *	pmap_is_prefaultable:
2679  *
2680  *	Return whether or not the specified virtual address is elgible
2681  *	for prefault.
2682  */
2683 boolean_t
pmap_is_prefaultable(pmap_t pmap,vm_offset_t addr)2684 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
2685 {
2686 	pd_entry_t *pde;
2687 	pt_entry_t *pte;
2688 
2689 	if (!pmap_get_pde_pte(pmap, addr, &pde, &pte))
2690 		return (FALSE);
2691 	KASSERT(pte != NULL, ("Valid mapping but no pte ?"));
2692 	if (*pte == 0)
2693 		return (TRUE);
2694 	return (FALSE);
2695 }
2696 
2697 /*
2698  * Fetch pointers to the PDE/PTE for the given pmap/VA pair.
2699  * Returns TRUE if the mapping exists, else FALSE.
2700  *
2701  * NOTE: This function is only used by a couple of arm-specific modules.
2702  * It is not safe to take any pmap locks here, since we could be right
2703  * in the middle of debugging the pmap anyway...
2704  *
2705  * It is possible for this routine to return FALSE even though a valid
2706  * mapping does exist. This is because we don't lock, so the metadata
2707  * state may be inconsistent.
2708  *
2709  * NOTE: We can return a NULL *ptp in the case where the L1 pde is
2710  * a "section" mapping.
2711  */
2712 boolean_t
pmap_get_pde_pte(pmap_t pm,vm_offset_t va,pd_entry_t ** pdp,pt_entry_t ** ptp)2713 pmap_get_pde_pte(pmap_t pm, vm_offset_t va, pd_entry_t **pdp, pt_entry_t **ptp)
2714 {
2715 	struct l2_dtable *l2;
2716 	pd_entry_t *pl1pd, l1pd;
2717 	pt_entry_t *ptep;
2718 	u_short l1idx;
2719 
2720 	if (pm->pm_l1 == NULL)
2721 		return (FALSE);
2722 
2723 	l1idx = L1_IDX(va);
2724 	*pdp = pl1pd = &pm->pm_l1->l1_kva[l1idx];
2725 	l1pd = *pl1pd;
2726 
2727 	if (l1pte_section_p(l1pd)) {
2728 		*ptp = NULL;
2729 		return (TRUE);
2730 	}
2731 
2732 	if (pm->pm_l2 == NULL)
2733 		return (FALSE);
2734 
2735 	l2 = pm->pm_l2[L2_IDX(l1idx)];
2736 
2737 	if (l2 == NULL ||
2738 	    (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
2739 		return (FALSE);
2740 	}
2741 
2742 	*ptp = &ptep[l2pte_index(va)];
2743 	return (TRUE);
2744 }
2745 
2746 /*
2747  *      Routine:        pmap_remove_all
2748  *      Function:
2749  *              Removes this physical page from
2750  *              all physical maps in which it resides.
2751  *              Reflects back modify bits to the pager.
2752  *
2753  *      Notes:
2754  *              Original versions of this routine were very
2755  *              inefficient because they iteratively called
2756  *              pmap_remove (slow...)
2757  */
2758 void
pmap_remove_all(vm_page_t m)2759 pmap_remove_all(vm_page_t m)
2760 {
2761 	pv_entry_t pv;
2762 	pt_entry_t *ptep;
2763 	struct l2_bucket *l2b;
2764 	boolean_t flush = FALSE;
2765 	pmap_t curpm;
2766 	int flags = 0;
2767 
2768 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2769 	    ("pmap_remove_all: page %p is not managed", m));
2770 	if (TAILQ_EMPTY(&m->md.pv_list))
2771 		return;
2772 	rw_wlock(&pvh_global_lock);
2773 
2774 	/*
2775 	 * XXX This call shouldn't exist.  Iterating over the PV list twice,
2776 	 * once in pmap_clearbit() and again below, is both unnecessary and
2777 	 * inefficient.  The below code should itself write back the cache
2778 	 * entry before it destroys the mapping.
2779 	 */
2780 	pmap_clearbit(m, PVF_WRITE);
2781 	curpm = vmspace_pmap(curproc->p_vmspace);
2782 	while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
2783 		if (flush == FALSE && (pv->pv_pmap == curpm ||
2784 		    pv->pv_pmap == kernel_pmap))
2785 			flush = TRUE;
2786 
2787 		PMAP_LOCK(pv->pv_pmap);
2788 		/*
2789 		 * Cached contents were written-back in pmap_clearbit(),
2790 		 * but we still have to invalidate the cache entry to make
2791 		 * sure stale data are not retrieved when another page will be
2792 		 * mapped under this virtual address.
2793 		 */
2794 		if (pmap_is_current(pv->pv_pmap)) {
2795 			cpu_dcache_inv_range(pv->pv_va, PAGE_SIZE);
2796 			if (pmap_has_valid_mapping(pv->pv_pmap, pv->pv_va))
2797 				cpu_l2cache_inv_range(pv->pv_va, PAGE_SIZE);
2798 		}
2799 
2800 		if (pv->pv_flags & PVF_UNMAN) {
2801 			/* remove the pv entry, but do not remove the mapping
2802 			 * and remember this is a kernel mapped page
2803 			 */
2804 			m->md.pv_kva = pv->pv_va;
2805 		} else {
2806 			/* remove the mapping and pv entry */
2807 			l2b = pmap_get_l2_bucket(pv->pv_pmap, pv->pv_va);
2808 			KASSERT(l2b != NULL, ("No l2 bucket"));
2809 			ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
2810 			*ptep = 0;
2811 			PTE_SYNC_CURRENT(pv->pv_pmap, ptep);
2812 			pmap_free_l2_bucket(pv->pv_pmap, l2b, 1);
2813 			pv->pv_pmap->pm_stats.resident_count--;
2814 			flags |= pv->pv_flags;
2815 		}
2816 		pmap_nuke_pv(m, pv->pv_pmap, pv);
2817 		PMAP_UNLOCK(pv->pv_pmap);
2818 		pmap_free_pv_entry(pv);
2819 	}
2820 
2821 	if (flush) {
2822 		if (PV_BEEN_EXECD(flags))
2823 			pmap_tlb_flushID(curpm);
2824 		else
2825 			pmap_tlb_flushD(curpm);
2826 	}
2827 	vm_page_aflag_clear(m, PGA_WRITEABLE);
2828 	rw_wunlock(&pvh_global_lock);
2829 }
2830 
2831 
2832 /*
2833  *	Set the physical protection on the
2834  *	specified range of this map as requested.
2835  */
2836 void
pmap_protect(pmap_t pm,vm_offset_t sva,vm_offset_t eva,vm_prot_t prot)2837 pmap_protect(pmap_t pm, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
2838 {
2839 	struct l2_bucket *l2b;
2840 	pt_entry_t *ptep, pte;
2841 	vm_offset_t next_bucket;
2842 	u_int flags;
2843 	int flush;
2844 
2845 	CTR4(KTR_PMAP, "pmap_protect: pmap %p sva 0x%08x eva 0x%08x prot %x",
2846 	    pm, sva, eva, prot);
2847 
2848 	if ((prot & VM_PROT_READ) == 0) {
2849 		pmap_remove(pm, sva, eva);
2850 		return;
2851 	}
2852 
2853 	if (prot & VM_PROT_WRITE) {
2854 		/*
2855 		 * If this is a read->write transition, just ignore it and let
2856 		 * vm_fault() take care of it later.
2857 		 */
2858 		return;
2859 	}
2860 
2861 	rw_wlock(&pvh_global_lock);
2862 	PMAP_LOCK(pm);
2863 
2864 	/*
2865 	 * OK, at this point, we know we're doing write-protect operation.
2866 	 * If the pmap is active, write-back the range.
2867 	 */
2868 	pmap_dcache_wb_range(pm, sva, eva - sva, FALSE, FALSE);
2869 
2870 	flush = ((eva - sva) >= (PAGE_SIZE * 4)) ? 0 : -1;
2871 	flags = 0;
2872 
2873 	while (sva < eva) {
2874 		next_bucket = L2_NEXT_BUCKET(sva);
2875 		if (next_bucket > eva)
2876 			next_bucket = eva;
2877 
2878 		l2b = pmap_get_l2_bucket(pm, sva);
2879 		if (l2b == NULL) {
2880 			sva = next_bucket;
2881 			continue;
2882 		}
2883 
2884 		ptep = &l2b->l2b_kva[l2pte_index(sva)];
2885 
2886 		while (sva < next_bucket) {
2887 			if ((pte = *ptep) != 0 && (pte & L2_S_PROT_W) != 0) {
2888 				struct vm_page *pg;
2889 				u_int f;
2890 
2891 				pg = PHYS_TO_VM_PAGE(l2pte_pa(pte));
2892 				pte &= ~L2_S_PROT_W;
2893 				*ptep = pte;
2894 				PTE_SYNC(ptep);
2895 
2896 				if (!(pg->oflags & VPO_UNMANAGED)) {
2897 					f = pmap_modify_pv(pg, pm, sva,
2898 					    PVF_WRITE, 0);
2899 					if (f & PVF_WRITE)
2900 						vm_page_dirty(pg);
2901 				} else
2902 					f = 0;
2903 
2904 				if (flush >= 0) {
2905 					flush++;
2906 					flags |= f;
2907 				} else
2908 				if (PV_BEEN_EXECD(f))
2909 					pmap_tlb_flushID_SE(pm, sva);
2910 				else
2911 				if (PV_BEEN_REFD(f))
2912 					pmap_tlb_flushD_SE(pm, sva);
2913 			}
2914 
2915 			sva += PAGE_SIZE;
2916 			ptep++;
2917 		}
2918 	}
2919 
2920 
2921 	if (flush) {
2922 		if (PV_BEEN_EXECD(flags))
2923 			pmap_tlb_flushID(pm);
2924 		else
2925 		if (PV_BEEN_REFD(flags))
2926 			pmap_tlb_flushD(pm);
2927 	}
2928 	rw_wunlock(&pvh_global_lock);
2929 
2930  	PMAP_UNLOCK(pm);
2931 }
2932 
2933 
2934 /*
2935  *	Insert the given physical page (p) at
2936  *	the specified virtual address (v) in the
2937  *	target physical map with the protection requested.
2938  *
2939  *	If specified, the page will be wired down, meaning
2940  *	that the related pte can not be reclaimed.
2941  *
2942  *	NB:  This is the only routine which MAY NOT lazy-evaluate
2943  *	or lose information.  That is, this routine must actually
2944  *	insert this page into the given map NOW.
2945  */
2946 
2947 int
pmap_enter(pmap_t pmap,vm_offset_t va,vm_page_t m,vm_prot_t prot,u_int flags,int8_t psind __unused)2948 pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2949     u_int flags, int8_t psind __unused)
2950 {
2951 	int rv;
2952 
2953 	rw_wlock(&pvh_global_lock);
2954 	PMAP_LOCK(pmap);
2955 	rv = pmap_enter_locked(pmap, va, m, prot, flags);
2956 	rw_wunlock(&pvh_global_lock);
2957  	PMAP_UNLOCK(pmap);
2958 	return (rv);
2959 }
2960 
2961 /*
2962  *	The pvh global and pmap locks must be held.
2963  */
2964 static int
pmap_enter_locked(pmap_t pmap,vm_offset_t va,vm_page_t m,vm_prot_t prot,u_int flags)2965 pmap_enter_locked(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot,
2966     u_int flags)
2967 {
2968 	struct l2_bucket *l2b = NULL;
2969 	struct vm_page *opg;
2970 	struct pv_entry *pve = NULL;
2971 	pt_entry_t *ptep, npte, opte;
2972 	u_int nflags;
2973 	u_int oflags;
2974 	vm_paddr_t pa;
2975 
2976 	PMAP_ASSERT_LOCKED(pmap);
2977 	rw_assert(&pvh_global_lock, RA_WLOCKED);
2978 	if (va == vector_page) {
2979 		pa = systempage.pv_pa;
2980 		m = NULL;
2981 	} else {
2982 		if ((m->oflags & VPO_UNMANAGED) == 0 && !vm_page_xbusied(m))
2983 			VM_OBJECT_ASSERT_LOCKED(m->object);
2984 		pa = VM_PAGE_TO_PHYS(m);
2985 	}
2986 	nflags = 0;
2987 	if (prot & VM_PROT_WRITE)
2988 		nflags |= PVF_WRITE;
2989 	if (prot & VM_PROT_EXECUTE)
2990 		nflags |= PVF_EXEC;
2991 	if ((flags & PMAP_ENTER_WIRED) != 0)
2992 		nflags |= PVF_WIRED;
2993 	PDEBUG(1, printf("pmap_enter: pmap = %08x, va = %08x, m = %08x, prot = %x, "
2994 	    "flags = %x\n", (uint32_t) pmap, va, (uint32_t) m, prot, flags));
2995 
2996 	if (pmap == kernel_pmap) {
2997 		l2b = pmap_get_l2_bucket(pmap, va);
2998 		if (l2b == NULL)
2999 			l2b = pmap_grow_l2_bucket(pmap, va);
3000 	} else {
3001 do_l2b_alloc:
3002 		l2b = pmap_alloc_l2_bucket(pmap, va);
3003 		if (l2b == NULL) {
3004 			if ((flags & PMAP_ENTER_NOSLEEP) == 0) {
3005 				PMAP_UNLOCK(pmap);
3006 				rw_wunlock(&pvh_global_lock);
3007 				vm_wait(NULL);
3008 				rw_wlock(&pvh_global_lock);
3009 				PMAP_LOCK(pmap);
3010 				goto do_l2b_alloc;
3011 			}
3012 			return (KERN_RESOURCE_SHORTAGE);
3013 		}
3014 	}
3015 
3016 	ptep = &l2b->l2b_kva[l2pte_index(va)];
3017 
3018 	opte = *ptep;
3019 	npte = pa;
3020 	oflags = 0;
3021 	if (opte) {
3022 		/*
3023 		 * There is already a mapping at this address.
3024 		 * If the physical address is different, lookup the
3025 		 * vm_page.
3026 		 */
3027 		if (l2pte_pa(opte) != pa)
3028 			opg = PHYS_TO_VM_PAGE(l2pte_pa(opte));
3029 		else
3030 			opg = m;
3031 	} else
3032 		opg = NULL;
3033 
3034 	if ((prot & (VM_PROT_ALL)) ||
3035 	    (!m || m->md.pvh_attrs & PVF_REF)) {
3036 		/*
3037 		 * - The access type indicates that we don't need
3038 		 *   to do referenced emulation.
3039 		 * OR
3040 		 * - The physical page has already been referenced
3041 		 *   so no need to re-do referenced emulation here.
3042 		 */
3043 		npte |= L2_S_PROTO;
3044 
3045 		nflags |= PVF_REF;
3046 
3047 		if (m && ((prot & VM_PROT_WRITE) != 0 ||
3048 		    (m->md.pvh_attrs & PVF_MOD))) {
3049 			/*
3050 			 * This is a writable mapping, and the
3051 			 * page's mod state indicates it has
3052 			 * already been modified. Make it
3053 			 * writable from the outset.
3054 			 */
3055 			nflags |= PVF_MOD;
3056 			if (!(m->md.pvh_attrs & PVF_MOD))
3057 				vm_page_dirty(m);
3058 		}
3059 		if (m && opte)
3060 			vm_page_aflag_set(m, PGA_REFERENCED);
3061 	} else {
3062 		/*
3063 		 * Need to do page referenced emulation.
3064 		 */
3065 		npte |= L2_TYPE_INV;
3066 	}
3067 
3068 	if (prot & VM_PROT_WRITE) {
3069 		npte |= L2_S_PROT_W;
3070 		if (m != NULL &&
3071 		    (m->oflags & VPO_UNMANAGED) == 0)
3072 			vm_page_aflag_set(m, PGA_WRITEABLE);
3073 	}
3074 	if (m->md.pv_memattr != VM_MEMATTR_UNCACHEABLE)
3075 		npte |= pte_l2_s_cache_mode;
3076 	if (m && m == opg) {
3077 		/*
3078 		 * We're changing the attrs of an existing mapping.
3079 		 */
3080 		oflags = pmap_modify_pv(m, pmap, va,
3081 		    PVF_WRITE | PVF_EXEC | PVF_WIRED |
3082 		    PVF_MOD | PVF_REF, nflags);
3083 
3084 		/*
3085 		 * We may need to flush the cache if we're
3086 		 * doing rw-ro...
3087 		 */
3088 		if (pmap_is_current(pmap) &&
3089 		    (oflags & PVF_NC) == 0 &&
3090 		    (opte & L2_S_PROT_W) != 0 &&
3091 		    (prot & VM_PROT_WRITE) == 0 &&
3092 		    (opte & L2_TYPE_MASK) != L2_TYPE_INV) {
3093 			cpu_dcache_wb_range(va, PAGE_SIZE);
3094 			cpu_l2cache_wb_range(va, PAGE_SIZE);
3095 		}
3096 	} else {
3097 		/*
3098 		 * New mapping, or changing the backing page
3099 		 * of an existing mapping.
3100 		 */
3101 		if (opg) {
3102 			/*
3103 			 * Replacing an existing mapping with a new one.
3104 			 * It is part of our managed memory so we
3105 			 * must remove it from the PV list
3106 			 */
3107 			if ((pve = pmap_remove_pv(opg, pmap, va))) {
3108 
3109 			/* note for patch: the oflags/invalidation was moved
3110 			 * because PG_FICTITIOUS pages could free the pve
3111 			 */
3112 			    oflags = pve->pv_flags;
3113 			/*
3114 			 * If the old mapping was valid (ref/mod
3115 			 * emulation creates 'invalid' mappings
3116 			 * initially) then make sure to frob
3117 			 * the cache.
3118 			 */
3119 			    if ((oflags & PVF_NC) == 0 && l2pte_valid(opte)) {
3120 				if (PV_BEEN_EXECD(oflags)) {
3121 					pmap_idcache_wbinv_range(pmap, va,
3122 					    PAGE_SIZE);
3123 				} else
3124 					if (PV_BEEN_REFD(oflags)) {
3125 						pmap_dcache_wb_range(pmap, va,
3126 						    PAGE_SIZE, TRUE,
3127 						    (oflags & PVF_WRITE) == 0);
3128 					}
3129 			    }
3130 
3131 			/* free/allocate a pv_entry for UNMANAGED pages if
3132 			 * this physical page is not/is already mapped.
3133 			 */
3134 
3135 			    if (m && (m->oflags & VPO_UNMANAGED) &&
3136 				  !m->md.pv_kva &&
3137 				 TAILQ_EMPTY(&m->md.pv_list)) {
3138 				pmap_free_pv_entry(pve);
3139 				pve = NULL;
3140 			    }
3141 			} else if (m &&
3142 				 (!(m->oflags & VPO_UNMANAGED) || m->md.pv_kva ||
3143 				  !TAILQ_EMPTY(&m->md.pv_list)))
3144 				pve = pmap_get_pv_entry();
3145 		} else if (m &&
3146 			   (!(m->oflags & VPO_UNMANAGED) || m->md.pv_kva ||
3147 			   !TAILQ_EMPTY(&m->md.pv_list)))
3148 			pve = pmap_get_pv_entry();
3149 
3150 		if (m) {
3151 			if ((m->oflags & VPO_UNMANAGED)) {
3152 				if (!TAILQ_EMPTY(&m->md.pv_list) ||
3153 				    m->md.pv_kva) {
3154 					KASSERT(pve != NULL, ("No pv"));
3155 					nflags |= PVF_UNMAN;
3156 					pmap_enter_pv(m, pve, pmap, va, nflags);
3157 				} else
3158 					m->md.pv_kva = va;
3159 			} else {
3160 				KASSERT(va < kmi.clean_sva ||
3161 				    va >= kmi.clean_eva,
3162 		("pmap_enter: managed mapping within the clean submap"));
3163  				KASSERT(pve != NULL, ("No pv"));
3164  				pmap_enter_pv(m, pve, pmap, va, nflags);
3165 			}
3166 		}
3167 	}
3168 	/*
3169 	 * Make sure userland mappings get the right permissions
3170 	 */
3171 	if (pmap != kernel_pmap && va != vector_page) {
3172 		npte |= L2_S_PROT_U;
3173 	}
3174 
3175 	/*
3176 	 * Keep the stats up to date
3177 	 */
3178 	if (opte == 0) {
3179 		l2b->l2b_occupancy++;
3180 		pmap->pm_stats.resident_count++;
3181 	}
3182 
3183 	/*
3184 	 * If this is just a wiring change, the two PTEs will be
3185 	 * identical, so there's no need to update the page table.
3186 	 */
3187 	if (npte != opte) {
3188 		boolean_t is_cached = pmap_is_current(pmap);
3189 
3190 		*ptep = npte;
3191 		if (is_cached) {
3192 			/*
3193 			 * We only need to frob the cache/tlb if this pmap
3194 			 * is current
3195 			 */
3196 			PTE_SYNC(ptep);
3197 			if (L1_IDX(va) != L1_IDX(vector_page) &&
3198 			    l2pte_valid(npte)) {
3199 				/*
3200 				 * This mapping is likely to be accessed as
3201 				 * soon as we return to userland. Fix up the
3202 				 * L1 entry to avoid taking another
3203 				 * page/domain fault.
3204 				 */
3205 				pd_entry_t *pl1pd, l1pd;
3206 
3207 				pl1pd = &pmap->pm_l1->l1_kva[L1_IDX(va)];
3208 				l1pd = l2b->l2b_phys | L1_C_DOM(pmap->pm_domain) |
3209 				    L1_C_PROTO;
3210 				if (*pl1pd != l1pd) {
3211 					*pl1pd = l1pd;
3212 					PTE_SYNC(pl1pd);
3213 				}
3214 			}
3215 		}
3216 
3217 		if (PV_BEEN_EXECD(oflags))
3218 			pmap_tlb_flushID_SE(pmap, va);
3219 		else if (PV_BEEN_REFD(oflags))
3220 			pmap_tlb_flushD_SE(pmap, va);
3221 
3222 
3223 		if (m)
3224 			pmap_fix_cache(m, pmap, va);
3225 	}
3226 	return (KERN_SUCCESS);
3227 }
3228 
3229 /*
3230  * Maps a sequence of resident pages belonging to the same object.
3231  * The sequence begins with the given page m_start.  This page is
3232  * mapped at the given virtual address start.  Each subsequent page is
3233  * mapped at a virtual address that is offset from start by the same
3234  * amount as the page is offset from m_start within the object.  The
3235  * last page in the sequence is the page with the largest offset from
3236  * m_start that can be mapped at a virtual address less than the given
3237  * virtual address end.  Not every virtual page between start and end
3238  * is mapped; only those for which a resident page exists with the
3239  * corresponding offset from m_start are mapped.
3240  */
3241 void
pmap_enter_object(pmap_t pmap,vm_offset_t start,vm_offset_t end,vm_page_t m_start,vm_prot_t prot)3242 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3243     vm_page_t m_start, vm_prot_t prot)
3244 {
3245 	vm_page_t m;
3246 	vm_pindex_t diff, psize;
3247 
3248 	VM_OBJECT_ASSERT_LOCKED(m_start->object);
3249 
3250 	psize = atop(end - start);
3251 	m = m_start;
3252 	rw_wlock(&pvh_global_lock);
3253 	PMAP_LOCK(pmap);
3254 	while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3255 		pmap_enter_locked(pmap, start + ptoa(diff), m, prot &
3256 		    (VM_PROT_READ | VM_PROT_EXECUTE), PMAP_ENTER_NOSLEEP);
3257 		m = TAILQ_NEXT(m, listq);
3258 	}
3259 	rw_wunlock(&pvh_global_lock);
3260  	PMAP_UNLOCK(pmap);
3261 }
3262 
3263 /*
3264  * this code makes some *MAJOR* assumptions:
3265  * 1. Current pmap & pmap exists.
3266  * 2. Not wired.
3267  * 3. Read access.
3268  * 4. No page table pages.
3269  * but is *MUCH* faster than pmap_enter...
3270  */
3271 
3272 void
pmap_enter_quick(pmap_t pmap,vm_offset_t va,vm_page_t m,vm_prot_t prot)3273 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3274 {
3275 
3276 	rw_wlock(&pvh_global_lock);
3277  	PMAP_LOCK(pmap);
3278 	pmap_enter_locked(pmap, va, m, prot & (VM_PROT_READ | VM_PROT_EXECUTE),
3279 	    PMAP_ENTER_NOSLEEP);
3280 	rw_wunlock(&pvh_global_lock);
3281  	PMAP_UNLOCK(pmap);
3282 }
3283 
3284 /*
3285  *	Clear the wired attribute from the mappings for the specified range of
3286  *	addresses in the given pmap.  Every valid mapping within that range
3287  *	must have the wired attribute set.  In contrast, invalid mappings
3288  *	cannot have the wired attribute set, so they are ignored.
3289  *
3290  *	XXX Wired mappings of unmanaged pages cannot be counted by this pmap
3291  *	implementation.
3292  */
3293 void
pmap_unwire(pmap_t pmap,vm_offset_t sva,vm_offset_t eva)3294 pmap_unwire(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
3295 {
3296 	struct l2_bucket *l2b;
3297 	pt_entry_t *ptep, pte;
3298 	pv_entry_t pv;
3299 	vm_offset_t next_bucket;
3300 	vm_page_t m;
3301 
3302 	rw_wlock(&pvh_global_lock);
3303 	PMAP_LOCK(pmap);
3304 	while (sva < eva) {
3305 		next_bucket = L2_NEXT_BUCKET(sva);
3306 		if (next_bucket > eva)
3307 			next_bucket = eva;
3308 		l2b = pmap_get_l2_bucket(pmap, sva);
3309 		if (l2b == NULL) {
3310 			sva = next_bucket;
3311 			continue;
3312 		}
3313 		for (ptep = &l2b->l2b_kva[l2pte_index(sva)]; sva < next_bucket;
3314 		    sva += PAGE_SIZE, ptep++) {
3315 			if ((pte = *ptep) == 0 ||
3316 			    (m = PHYS_TO_VM_PAGE(l2pte_pa(pte))) == NULL ||
3317 			    (m->oflags & VPO_UNMANAGED) != 0)
3318 				continue;
3319 			pv = pmap_find_pv(m, pmap, sva);
3320 			if ((pv->pv_flags & PVF_WIRED) == 0)
3321 				panic("pmap_unwire: pv %p isn't wired", pv);
3322 			pv->pv_flags &= ~PVF_WIRED;
3323 			pmap->pm_stats.wired_count--;
3324 		}
3325 	}
3326 	rw_wunlock(&pvh_global_lock);
3327  	PMAP_UNLOCK(pmap);
3328 }
3329 
3330 
3331 /*
3332  *	Copy the range specified by src_addr/len
3333  *	from the source map to the range dst_addr/len
3334  *	in the destination map.
3335  *
3336  *	This routine is only advisory and need not do anything.
3337  */
3338 void
pmap_copy(pmap_t dst_pmap,pmap_t src_pmap,vm_offset_t dst_addr,vm_size_t len,vm_offset_t src_addr)3339 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr,
3340     vm_size_t len, vm_offset_t src_addr)
3341 {
3342 }
3343 
3344 
3345 /*
3346  *	Routine:	pmap_extract
3347  *	Function:
3348  *		Extract the physical page address associated
3349  *		with the given map/virtual_address pair.
3350  */
3351 vm_paddr_t
pmap_extract(pmap_t pmap,vm_offset_t va)3352 pmap_extract(pmap_t pmap, vm_offset_t va)
3353 {
3354 	vm_paddr_t pa;
3355 
3356 	PMAP_LOCK(pmap);
3357 	pa = pmap_extract_locked(pmap, va);
3358 	PMAP_UNLOCK(pmap);
3359 	return (pa);
3360 }
3361 
3362 static vm_paddr_t
pmap_extract_locked(pmap_t pmap,vm_offset_t va)3363 pmap_extract_locked(pmap_t pmap, vm_offset_t va)
3364 {
3365 	struct l2_dtable *l2;
3366 	pd_entry_t l1pd;
3367 	pt_entry_t *ptep, pte;
3368 	vm_paddr_t pa;
3369 	u_int l1idx;
3370 
3371 	if (pmap != kernel_pmap)
3372 		PMAP_ASSERT_LOCKED(pmap);
3373 	l1idx = L1_IDX(va);
3374 	l1pd = pmap->pm_l1->l1_kva[l1idx];
3375 	if (l1pte_section_p(l1pd)) {
3376 		/*
3377 		 * These should only happen for the kernel pmap.
3378 		 */
3379 		KASSERT(pmap == kernel_pmap, ("unexpected section"));
3380 		/* XXX: what to do about the bits > 32 ? */
3381 		if (l1pd & L1_S_SUPERSEC)
3382 			pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3383 		else
3384 			pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3385 	} else {
3386 		/*
3387 		 * Note that we can't rely on the validity of the L1
3388 		 * descriptor as an indication that a mapping exists.
3389 		 * We have to look it up in the L2 dtable.
3390 		 */
3391 		l2 = pmap->pm_l2[L2_IDX(l1idx)];
3392 		if (l2 == NULL ||
3393 		    (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL)
3394 			return (0);
3395 		pte = ptep[l2pte_index(va)];
3396 		if (pte == 0)
3397 			return (0);
3398 		if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3399 			pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3400 		else
3401 			pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3402 	}
3403 	return (pa);
3404 }
3405 
3406 /*
3407  * Atomically extract and hold the physical page with the given
3408  * pmap and virtual address pair if that mapping permits the given
3409  * protection.
3410  *
3411  */
3412 vm_page_t
pmap_extract_and_hold(pmap_t pmap,vm_offset_t va,vm_prot_t prot)3413 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
3414 {
3415 	struct l2_dtable *l2;
3416 	pd_entry_t l1pd;
3417 	pt_entry_t *ptep, pte;
3418 	vm_paddr_t pa, paddr;
3419 	vm_page_t m = NULL;
3420 	u_int l1idx;
3421 	l1idx = L1_IDX(va);
3422 	paddr = 0;
3423 
3424  	PMAP_LOCK(pmap);
3425 retry:
3426 	l1pd = pmap->pm_l1->l1_kva[l1idx];
3427 	if (l1pte_section_p(l1pd)) {
3428 		/*
3429 		 * These should only happen for kernel_pmap
3430 		 */
3431 		KASSERT(pmap == kernel_pmap, ("huh"));
3432 		/* XXX: what to do about the bits > 32 ? */
3433 		if (l1pd & L1_S_SUPERSEC)
3434 			pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3435 		else
3436 			pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3437 		if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr))
3438 			goto retry;
3439 		if (l1pd & L1_S_PROT_W || (prot & VM_PROT_WRITE) == 0) {
3440 			m = PHYS_TO_VM_PAGE(pa);
3441 			vm_page_hold(m);
3442 		}
3443 
3444 	} else {
3445 		/*
3446 		 * Note that we can't rely on the validity of the L1
3447 		 * descriptor as an indication that a mapping exists.
3448 		 * We have to look it up in the L2 dtable.
3449 		 */
3450 		l2 = pmap->pm_l2[L2_IDX(l1idx)];
3451 
3452 		if (l2 == NULL ||
3453 		    (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
3454 		 	PMAP_UNLOCK(pmap);
3455 			return (NULL);
3456 		}
3457 
3458 		ptep = &ptep[l2pte_index(va)];
3459 		pte = *ptep;
3460 
3461 		if (pte == 0) {
3462 		 	PMAP_UNLOCK(pmap);
3463 			return (NULL);
3464 		}
3465 		if (pte & L2_S_PROT_W || (prot & VM_PROT_WRITE) == 0) {
3466 			if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3467 				pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3468 			else
3469 				pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3470 			if (vm_page_pa_tryrelock(pmap, pa & PG_FRAME, &paddr))
3471 				goto retry;
3472 			m = PHYS_TO_VM_PAGE(pa);
3473 			vm_page_hold(m);
3474 		}
3475 	}
3476 
3477  	PMAP_UNLOCK(pmap);
3478 	PA_UNLOCK_COND(paddr);
3479 	return (m);
3480 }
3481 
3482 vm_paddr_t
pmap_dump_kextract(vm_offset_t va,pt2_entry_t * pte2p)3483 pmap_dump_kextract(vm_offset_t va, pt2_entry_t *pte2p)
3484 {
3485 	struct l2_dtable *l2;
3486 	pd_entry_t l1pd;
3487 	pt_entry_t *ptep, pte;
3488 	vm_paddr_t pa;
3489 	u_int l1idx;
3490 
3491 	l1idx = L1_IDX(va);
3492 	l1pd = kernel_pmap->pm_l1->l1_kva[l1idx];
3493 	if (l1pte_section_p(l1pd)) {
3494 		if (l1pd & L1_S_SUPERSEC)
3495 			pa = (l1pd & L1_SUP_FRAME) | (va & L1_SUP_OFFSET);
3496 		else
3497 			pa = (l1pd & L1_S_FRAME) | (va & L1_S_OFFSET);
3498 		pte = L2_S_PROTO | pa |
3499 		    L2_S_PROT(PTE_KERNEL, VM_PROT_READ | VM_PROT_WRITE);
3500 	} else {
3501 		l2 = kernel_pmap->pm_l2[L2_IDX(l1idx)];
3502 		if (l2 == NULL ||
3503 		    (ptep = l2->l2_bucket[L2_BUCKET(l1idx)].l2b_kva) == NULL) {
3504 			pte = 0;
3505 			pa = 0;
3506 			goto out;
3507 		}
3508 		pte = ptep[l2pte_index(va)];
3509 		if (pte == 0) {
3510 			pa = 0;
3511 			goto out;
3512 		}
3513 		if ((pte & L2_TYPE_MASK) == L2_TYPE_L)
3514 			pa = (pte & L2_L_FRAME) | (va & L2_L_OFFSET);
3515 		else
3516 			pa = (pte & L2_S_FRAME) | (va & L2_S_OFFSET);
3517 	}
3518 out:
3519 	if (pte2p != NULL)
3520 		*pte2p = pte;
3521 	return (pa);
3522 }
3523 
3524 /*
3525  * Initialize a preallocated and zeroed pmap structure,
3526  * such as one in a vmspace structure.
3527  */
3528 
3529 int
pmap_pinit(pmap_t pmap)3530 pmap_pinit(pmap_t pmap)
3531 {
3532 	PDEBUG(1, printf("pmap_pinit: pmap = %08x\n", (uint32_t) pmap));
3533 
3534 	pmap_alloc_l1(pmap);
3535 	bzero(pmap->pm_l2, sizeof(pmap->pm_l2));
3536 
3537 	CPU_ZERO(&pmap->pm_active);
3538 
3539 	TAILQ_INIT(&pmap->pm_pvlist);
3540 	bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
3541 	pmap->pm_stats.resident_count = 1;
3542 	if (vector_page < KERNBASE) {
3543 		pmap_enter(pmap, vector_page, PHYS_TO_VM_PAGE(systempage.pv_pa),
3544 		    VM_PROT_READ, PMAP_ENTER_WIRED | VM_PROT_READ, 0);
3545 	}
3546 	return (1);
3547 }
3548 
3549 
3550 /***************************************************
3551  * page management routines.
3552  ***************************************************/
3553 
3554 
3555 static void
pmap_free_pv_entry(pv_entry_t pv)3556 pmap_free_pv_entry(pv_entry_t pv)
3557 {
3558 	pv_entry_count--;
3559 	uma_zfree(pvzone, pv);
3560 }
3561 
3562 
3563 /*
3564  * get a new pv_entry, allocating a block from the system
3565  * when needed.
3566  * the memory allocation is performed bypassing the malloc code
3567  * because of the possibility of allocations at interrupt time.
3568  */
3569 static pv_entry_t
pmap_get_pv_entry(void)3570 pmap_get_pv_entry(void)
3571 {
3572 	pv_entry_t ret_value;
3573 
3574 	pv_entry_count++;
3575 	if (pv_entry_count > pv_entry_high_water)
3576 		pagedaemon_wakeup(0); /* XXX ARM NUMA */
3577 	ret_value = uma_zalloc(pvzone, M_NOWAIT);
3578 	return ret_value;
3579 }
3580 
3581 /*
3582  *	Remove the given range of addresses from the specified map.
3583  *
3584  *	It is assumed that the start and end are properly
3585  *	rounded to the page size.
3586  */
3587 #define	PMAP_REMOVE_CLEAN_LIST_SIZE	3
3588 void
pmap_remove(pmap_t pm,vm_offset_t sva,vm_offset_t eva)3589 pmap_remove(pmap_t pm, vm_offset_t sva, vm_offset_t eva)
3590 {
3591 	struct l2_bucket *l2b;
3592 	vm_offset_t next_bucket;
3593 	pt_entry_t *ptep;
3594 	u_int total;
3595 	u_int mappings, is_exec, is_refd;
3596 	int flushall = 0;
3597 
3598 
3599 	/*
3600 	 * we lock in the pmap => pv_head direction
3601 	 */
3602 
3603 	rw_wlock(&pvh_global_lock);
3604 	PMAP_LOCK(pm);
3605 	total = 0;
3606 	while (sva < eva) {
3607 		/*
3608 		 * Do one L2 bucket's worth at a time.
3609 		 */
3610 		next_bucket = L2_NEXT_BUCKET(sva);
3611 		if (next_bucket > eva)
3612 			next_bucket = eva;
3613 
3614 		l2b = pmap_get_l2_bucket(pm, sva);
3615 		if (l2b == NULL) {
3616 			sva = next_bucket;
3617 			continue;
3618 		}
3619 
3620 		ptep = &l2b->l2b_kva[l2pte_index(sva)];
3621 		mappings = 0;
3622 
3623 		while (sva < next_bucket) {
3624 			struct vm_page *pg;
3625 			pt_entry_t pte;
3626 			vm_paddr_t pa;
3627 
3628 			pte = *ptep;
3629 
3630 			if (pte == 0) {
3631 				/*
3632 				 * Nothing here, move along
3633 				 */
3634 				sva += PAGE_SIZE;
3635 				ptep++;
3636 				continue;
3637 			}
3638 
3639 			pm->pm_stats.resident_count--;
3640 			pa = l2pte_pa(pte);
3641 			is_exec = 0;
3642 			is_refd = 1;
3643 
3644 			/*
3645 			 * Update flags. In a number of circumstances,
3646 			 * we could cluster a lot of these and do a
3647 			 * number of sequential pages in one go.
3648 			 */
3649 			if ((pg = PHYS_TO_VM_PAGE(pa)) != NULL) {
3650 				struct pv_entry *pve;
3651 
3652 				pve = pmap_remove_pv(pg, pm, sva);
3653 				if (pve) {
3654 					is_exec = PV_BEEN_EXECD(pve->pv_flags);
3655 					is_refd = PV_BEEN_REFD(pve->pv_flags);
3656 					pmap_free_pv_entry(pve);
3657 				}
3658 			}
3659 
3660 			if (l2pte_valid(pte) && pmap_is_current(pm)) {
3661 				if (total < PMAP_REMOVE_CLEAN_LIST_SIZE) {
3662 					total++;
3663 			   		if (is_exec) {
3664         					cpu_idcache_wbinv_range(sva,
3665 						    PAGE_SIZE);
3666 						cpu_l2cache_wbinv_range(sva,
3667 						    PAGE_SIZE);
3668 						cpu_tlb_flushID_SE(sva);
3669 			   		} else if (is_refd) {
3670 						cpu_dcache_wbinv_range(sva,
3671 						    PAGE_SIZE);
3672 						cpu_l2cache_wbinv_range(sva,
3673 						    PAGE_SIZE);
3674 						cpu_tlb_flushD_SE(sva);
3675 					}
3676 				} else if (total == PMAP_REMOVE_CLEAN_LIST_SIZE) {
3677 					/* flushall will also only get set for
3678 					 * for a current pmap
3679 					 */
3680 					cpu_idcache_wbinv_all();
3681 					cpu_l2cache_wbinv_all();
3682 					flushall = 1;
3683 					total++;
3684 				}
3685 			}
3686 			*ptep = 0;
3687 			PTE_SYNC(ptep);
3688 
3689 			sva += PAGE_SIZE;
3690 			ptep++;
3691 			mappings++;
3692 		}
3693 
3694 		pmap_free_l2_bucket(pm, l2b, mappings);
3695 	}
3696 
3697 	rw_wunlock(&pvh_global_lock);
3698 	if (flushall)
3699 		cpu_tlb_flushID();
3700  	PMAP_UNLOCK(pm);
3701 }
3702 
3703 /*
3704  * pmap_zero_page()
3705  *
3706  * Zero a given physical page by mapping it at a page hook point.
3707  * In doing the zero page op, the page we zero is mapped cachable, as with
3708  * StrongARM accesses to non-cached pages are non-burst making writing
3709  * _any_ bulk data very slow.
3710  */
3711 static void
pmap_zero_page_generic(vm_paddr_t phys,int off,int size)3712 pmap_zero_page_generic(vm_paddr_t phys, int off, int size)
3713 {
3714 
3715 	if (_arm_bzero && size >= _min_bzero_size &&
3716 	    _arm_bzero((void *)(phys + off), size, IS_PHYSICAL) == 0)
3717 		return;
3718 
3719 	mtx_lock(&cmtx);
3720 	/*
3721 	 * Hook in the page, zero it, invalidate the TLB as needed.
3722 	 *
3723 	 * Note the temporary zero-page mapping must be a non-cached page in
3724 	 * order to work without corruption when write-allocate is enabled.
3725 	 */
3726 	*cdst_pte = L2_S_PROTO | phys | L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE);
3727 	PTE_SYNC(cdst_pte);
3728 	cpu_tlb_flushD_SE(cdstp);
3729 	cpu_cpwait();
3730 	if (off || size != PAGE_SIZE)
3731 		bzero((void *)(cdstp + off), size);
3732 	else
3733 		bzero_page(cdstp);
3734 
3735 	mtx_unlock(&cmtx);
3736 }
3737 
3738 /*
3739  *	pmap_zero_page zeros the specified hardware page by mapping
3740  *	the page into KVM and using bzero to clear its contents.
3741  */
3742 void
pmap_zero_page(vm_page_t m)3743 pmap_zero_page(vm_page_t m)
3744 {
3745 	pmap_zero_page_generic(VM_PAGE_TO_PHYS(m), 0, PAGE_SIZE);
3746 }
3747 
3748 
3749 /*
3750  *	pmap_zero_page_area zeros the specified hardware page by mapping
3751  *	the page into KVM and using bzero to clear its contents.
3752  *
3753  *	off and size may not cover an area beyond a single hardware page.
3754  */
3755 void
pmap_zero_page_area(vm_page_t m,int off,int size)3756 pmap_zero_page_area(vm_page_t m, int off, int size)
3757 {
3758 
3759 	pmap_zero_page_generic(VM_PAGE_TO_PHYS(m), off, size);
3760 }
3761 
3762 
3763 #if 0
3764 /*
3765  * pmap_clean_page()
3766  *
3767  * This is a local function used to work out the best strategy to clean
3768  * a single page referenced by its entry in the PV table. It should be used by
3769  * pmap_copy_page, pmap_zero page and maybe some others later on.
3770  *
3771  * Its policy is effectively:
3772  *  o If there are no mappings, we don't bother doing anything with the cache.
3773  *  o If there is one mapping, we clean just that page.
3774  *  o If there are multiple mappings, we clean the entire cache.
3775  *
3776  * So that some functions can be further optimised, it returns 0 if it didn't
3777  * clean the entire cache, or 1 if it did.
3778  *
3779  * XXX One bug in this routine is that if the pv_entry has a single page
3780  * mapped at 0x00000000 a whole cache clean will be performed rather than
3781  * just the 1 page. Since this should not occur in everyday use and if it does
3782  * it will just result in not the most efficient clean for the page.
3783  *
3784  * We don't yet use this function but may want to.
3785  */
3786 static int
3787 pmap_clean_page(struct pv_entry *pv, boolean_t is_src)
3788 {
3789 	pmap_t pm, pm_to_clean = NULL;
3790 	struct pv_entry *npv;
3791 	u_int cache_needs_cleaning = 0;
3792 	u_int flags = 0;
3793 	vm_offset_t page_to_clean = 0;
3794 
3795 	if (pv == NULL) {
3796 		/* nothing mapped in so nothing to flush */
3797 		return (0);
3798 	}
3799 
3800 	/*
3801 	 * Since we flush the cache each time we change to a different
3802 	 * user vmspace, we only need to flush the page if it is in the
3803 	 * current pmap.
3804 	 */
3805 	if (curthread)
3806 		pm = vmspace_pmap(curproc->p_vmspace);
3807 	else
3808 		pm = kernel_pmap;
3809 
3810 	for (npv = pv; npv; npv = TAILQ_NEXT(npv, pv_list)) {
3811 		if (npv->pv_pmap == kernel_pmap || npv->pv_pmap == pm) {
3812 			flags |= npv->pv_flags;
3813 			/*
3814 			 * The page is mapped non-cacheable in
3815 			 * this map.  No need to flush the cache.
3816 			 */
3817 			if (npv->pv_flags & PVF_NC) {
3818 #ifdef DIAGNOSTIC
3819 				if (cache_needs_cleaning)
3820 					panic("pmap_clean_page: "
3821 					    "cache inconsistency");
3822 #endif
3823 				break;
3824 			} else if (is_src && (npv->pv_flags & PVF_WRITE) == 0)
3825 				continue;
3826 			if (cache_needs_cleaning) {
3827 				page_to_clean = 0;
3828 				break;
3829 			} else {
3830 				page_to_clean = npv->pv_va;
3831 				pm_to_clean = npv->pv_pmap;
3832 			}
3833 			cache_needs_cleaning = 1;
3834 		}
3835 	}
3836 	if (page_to_clean) {
3837 		if (PV_BEEN_EXECD(flags))
3838 			pmap_idcache_wbinv_range(pm_to_clean, page_to_clean,
3839 			    PAGE_SIZE);
3840 		else
3841 			pmap_dcache_wb_range(pm_to_clean, page_to_clean,
3842 			    PAGE_SIZE, !is_src, (flags & PVF_WRITE) == 0);
3843 	} else if (cache_needs_cleaning) {
3844 		if (PV_BEEN_EXECD(flags))
3845 			pmap_idcache_wbinv_all(pm);
3846 		else
3847 			pmap_dcache_wbinv_all(pm);
3848 		return (1);
3849 	}
3850 	return (0);
3851 }
3852 #endif
3853 
3854 /*
3855  *	pmap_copy_page copies the specified (machine independent)
3856  *	page by mapping the page into virtual memory and using
3857  *	bcopy to copy the page, one machine dependent page at a
3858  *	time.
3859  */
3860 
3861 /*
3862  * pmap_copy_page()
3863  *
3864  * Copy one physical page into another, by mapping the pages into
3865  * hook points. The same comment regarding cachability as in
3866  * pmap_zero_page also applies here.
3867  */
3868 static void
pmap_copy_page_generic(vm_paddr_t src,vm_paddr_t dst)3869 pmap_copy_page_generic(vm_paddr_t src, vm_paddr_t dst)
3870 {
3871 #if 0
3872 	struct vm_page *src_pg = PHYS_TO_VM_PAGE(src);
3873 #endif
3874 
3875 	/*
3876 	 * Clean the source page.  Hold the source page's lock for
3877 	 * the duration of the copy so that no other mappings can
3878 	 * be created while we have a potentially aliased mapping.
3879 	 */
3880 #if 0
3881 	/*
3882 	 * XXX: Not needed while we call cpu_dcache_wbinv_all() in
3883 	 * pmap_copy_page().
3884 	 */
3885 	(void) pmap_clean_page(TAILQ_FIRST(&src_pg->md.pv_list), TRUE);
3886 #endif
3887 	/*
3888 	 * Map the pages into the page hook points, copy them, and purge
3889 	 * the cache for the appropriate page. Invalidate the TLB
3890 	 * as required.
3891 	 */
3892 	mtx_lock(&cmtx);
3893 	*csrc_pte = L2_S_PROTO | src |
3894 	    L2_S_PROT(PTE_KERNEL, VM_PROT_READ) | pte_l2_s_cache_mode;
3895 	PTE_SYNC(csrc_pte);
3896 	*cdst_pte = L2_S_PROTO | dst |
3897 	    L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE) | pte_l2_s_cache_mode;
3898 	PTE_SYNC(cdst_pte);
3899 	cpu_tlb_flushD_SE(csrcp);
3900 	cpu_tlb_flushD_SE(cdstp);
3901 	cpu_cpwait();
3902 	bcopy_page(csrcp, cdstp);
3903 	mtx_unlock(&cmtx);
3904 	cpu_dcache_inv_range(csrcp, PAGE_SIZE);
3905 	cpu_dcache_wbinv_range(cdstp, PAGE_SIZE);
3906 	cpu_l2cache_inv_range(csrcp, PAGE_SIZE);
3907 	cpu_l2cache_wbinv_range(cdstp, PAGE_SIZE);
3908 }
3909 
3910 void
pmap_copy_page_offs_generic(vm_paddr_t a_phys,vm_offset_t a_offs,vm_paddr_t b_phys,vm_offset_t b_offs,int cnt)3911 pmap_copy_page_offs_generic(vm_paddr_t a_phys, vm_offset_t a_offs,
3912     vm_paddr_t b_phys, vm_offset_t b_offs, int cnt)
3913 {
3914 
3915 	mtx_lock(&cmtx);
3916 	*csrc_pte = L2_S_PROTO | a_phys |
3917 	    L2_S_PROT(PTE_KERNEL, VM_PROT_READ) | pte_l2_s_cache_mode;
3918 	PTE_SYNC(csrc_pte);
3919 	*cdst_pte = L2_S_PROTO | b_phys |
3920 	    L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE) | pte_l2_s_cache_mode;
3921 	PTE_SYNC(cdst_pte);
3922 	cpu_tlb_flushD_SE(csrcp);
3923 	cpu_tlb_flushD_SE(cdstp);
3924 	cpu_cpwait();
3925 	bcopy((char *)csrcp + a_offs, (char *)cdstp + b_offs, cnt);
3926 	mtx_unlock(&cmtx);
3927 	cpu_dcache_inv_range(csrcp + a_offs, cnt);
3928 	cpu_dcache_wbinv_range(cdstp + b_offs, cnt);
3929 	cpu_l2cache_inv_range(csrcp + a_offs, cnt);
3930 	cpu_l2cache_wbinv_range(cdstp + b_offs, cnt);
3931 }
3932 
3933 void
pmap_copy_page(vm_page_t src,vm_page_t dst)3934 pmap_copy_page(vm_page_t src, vm_page_t dst)
3935 {
3936 
3937 	cpu_dcache_wbinv_all();
3938 	cpu_l2cache_wbinv_all();
3939 	if (_arm_memcpy && PAGE_SIZE >= _min_memcpy_size &&
3940 	    _arm_memcpy((void *)VM_PAGE_TO_PHYS(dst),
3941 	    (void *)VM_PAGE_TO_PHYS(src), PAGE_SIZE, IS_PHYSICAL) == 0)
3942 		return;
3943 	pmap_copy_page_generic(VM_PAGE_TO_PHYS(src), VM_PAGE_TO_PHYS(dst));
3944 }
3945 
3946 /*
3947  * We have code to do unmapped I/O. However, it isn't quite right and
3948  * causes un-page-aligned I/O to devices to fail (most notably newfs
3949  * or fsck). We give up a little performance to not allow unmapped I/O
3950  * to gain stability.
3951  */
3952 int unmapped_buf_allowed = 0;
3953 
3954 void
pmap_copy_pages(vm_page_t ma[],vm_offset_t a_offset,vm_page_t mb[],vm_offset_t b_offset,int xfersize)3955 pmap_copy_pages(vm_page_t ma[], vm_offset_t a_offset, vm_page_t mb[],
3956     vm_offset_t b_offset, int xfersize)
3957 {
3958 	vm_page_t a_pg, b_pg;
3959 	vm_offset_t a_pg_offset, b_pg_offset;
3960 	int cnt;
3961 
3962 	cpu_dcache_wbinv_all();
3963 	cpu_l2cache_wbinv_all();
3964 	while (xfersize > 0) {
3965 		a_pg = ma[a_offset >> PAGE_SHIFT];
3966 		a_pg_offset = a_offset & PAGE_MASK;
3967 		cnt = min(xfersize, PAGE_SIZE - a_pg_offset);
3968 		b_pg = mb[b_offset >> PAGE_SHIFT];
3969 		b_pg_offset = b_offset & PAGE_MASK;
3970 		cnt = min(cnt, PAGE_SIZE - b_pg_offset);
3971 		pmap_copy_page_offs_generic(VM_PAGE_TO_PHYS(a_pg), a_pg_offset,
3972 		    VM_PAGE_TO_PHYS(b_pg), b_pg_offset, cnt);
3973 		xfersize -= cnt;
3974 		a_offset += cnt;
3975 		b_offset += cnt;
3976 	}
3977 }
3978 
3979 vm_offset_t
pmap_quick_enter_page(vm_page_t m)3980 pmap_quick_enter_page(vm_page_t m)
3981 {
3982 	/*
3983 	 * Don't bother with a PCPU pageframe, since we don't support
3984 	 * SMP for anything pre-armv7.  Use pmap_kenter() to ensure
3985 	 * caching is handled correctly for multiple mappings of the
3986 	 * same physical page.
3987 	 */
3988 
3989 	mtx_assert(&qmap_mtx, MA_NOTOWNED);
3990 	mtx_lock(&qmap_mtx);
3991 
3992 	pmap_kenter(qmap_addr, VM_PAGE_TO_PHYS(m));
3993 
3994 	return (qmap_addr);
3995 }
3996 
3997 void
pmap_quick_remove_page(vm_offset_t addr)3998 pmap_quick_remove_page(vm_offset_t addr)
3999 {
4000 	KASSERT(addr == qmap_addr,
4001 	    ("pmap_quick_remove_page: invalid address"));
4002 	mtx_assert(&qmap_mtx, MA_OWNED);
4003 	pmap_kremove(addr);
4004 	mtx_unlock(&qmap_mtx);
4005 }
4006 
4007 /*
4008  * this routine returns true if a physical page resides
4009  * in the given pmap.
4010  */
4011 boolean_t
pmap_page_exists_quick(pmap_t pmap,vm_page_t m)4012 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4013 {
4014 	pv_entry_t pv;
4015 	int loops = 0;
4016 	boolean_t rv;
4017 
4018 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4019 	    ("pmap_page_exists_quick: page %p is not managed", m));
4020 	rv = FALSE;
4021 	rw_wlock(&pvh_global_lock);
4022 	TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4023 	    	if (pv->pv_pmap == pmap) {
4024 			rv = TRUE;
4025 			break;
4026 	    	}
4027 		loops++;
4028 		if (loops >= 16)
4029 			break;
4030 	}
4031 	rw_wunlock(&pvh_global_lock);
4032 	return (rv);
4033 }
4034 
4035 /*
4036  *	pmap_page_wired_mappings:
4037  *
4038  *	Return the number of managed mappings to the given physical page
4039  *	that are wired.
4040  */
4041 int
pmap_page_wired_mappings(vm_page_t m)4042 pmap_page_wired_mappings(vm_page_t m)
4043 {
4044 	pv_entry_t pv;
4045 	int count;
4046 
4047 	count = 0;
4048 	if ((m->oflags & VPO_UNMANAGED) != 0)
4049 		return (count);
4050 	rw_wlock(&pvh_global_lock);
4051 	TAILQ_FOREACH(pv, &m->md.pv_list, pv_list)
4052 		if ((pv->pv_flags & PVF_WIRED) != 0)
4053 			count++;
4054 	rw_wunlock(&pvh_global_lock);
4055 	return (count);
4056 }
4057 
4058 /*
4059  *	This function is advisory.
4060  */
4061 void
pmap_advise(pmap_t pmap,vm_offset_t sva,vm_offset_t eva,int advice)4062 pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice)
4063 {
4064 }
4065 
4066 /*
4067  *	pmap_ts_referenced:
4068  *
4069  *	Return the count of reference bits for a page, clearing all of them.
4070  */
4071 int
pmap_ts_referenced(vm_page_t m)4072 pmap_ts_referenced(vm_page_t m)
4073 {
4074 
4075 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4076 	    ("pmap_ts_referenced: page %p is not managed", m));
4077 	return (pmap_clearbit(m, PVF_REF));
4078 }
4079 
4080 
4081 boolean_t
pmap_is_modified(vm_page_t m)4082 pmap_is_modified(vm_page_t m)
4083 {
4084 
4085 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4086 	    ("pmap_is_modified: page %p is not managed", m));
4087 	if (m->md.pvh_attrs & PVF_MOD)
4088 		return (TRUE);
4089 
4090 	return(FALSE);
4091 }
4092 
4093 
4094 /*
4095  *	Clear the modify bits on the specified physical page.
4096  */
4097 void
pmap_clear_modify(vm_page_t m)4098 pmap_clear_modify(vm_page_t m)
4099 {
4100 
4101 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4102 	    ("pmap_clear_modify: page %p is not managed", m));
4103 	VM_OBJECT_ASSERT_WLOCKED(m->object);
4104 	KASSERT(!vm_page_xbusied(m),
4105 	    ("pmap_clear_modify: page %p is exclusive busied", m));
4106 
4107 	/*
4108 	 * If the page is not PGA_WRITEABLE, then no mappings can be modified.
4109 	 * If the object containing the page is locked and the page is not
4110 	 * exclusive busied, then PGA_WRITEABLE cannot be concurrently set.
4111 	 */
4112 	if ((m->aflags & PGA_WRITEABLE) == 0)
4113 		return;
4114 	if (m->md.pvh_attrs & PVF_MOD)
4115 		pmap_clearbit(m, PVF_MOD);
4116 }
4117 
4118 
4119 /*
4120  *	pmap_is_referenced:
4121  *
4122  *	Return whether or not the specified physical page was referenced
4123  *	in any physical maps.
4124  */
4125 boolean_t
pmap_is_referenced(vm_page_t m)4126 pmap_is_referenced(vm_page_t m)
4127 {
4128 
4129 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4130 	    ("pmap_is_referenced: page %p is not managed", m));
4131 	return ((m->md.pvh_attrs & PVF_REF) != 0);
4132 }
4133 
4134 
4135 /*
4136  * Clear the write and modified bits in each of the given page's mappings.
4137  */
4138 void
pmap_remove_write(vm_page_t m)4139 pmap_remove_write(vm_page_t m)
4140 {
4141 
4142 	KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4143 	    ("pmap_remove_write: page %p is not managed", m));
4144 
4145 	/*
4146 	 * If the page is not exclusive busied, then PGA_WRITEABLE cannot be
4147 	 * set by another thread while the object is locked.  Thus,
4148 	 * if PGA_WRITEABLE is clear, no page table entries need updating.
4149 	 */
4150 	VM_OBJECT_ASSERT_WLOCKED(m->object);
4151 	if (vm_page_xbusied(m) || (m->aflags & PGA_WRITEABLE) != 0)
4152 		pmap_clearbit(m, PVF_WRITE);
4153 }
4154 
4155 
4156 /*
4157  * perform the pmap work for mincore
4158  */
4159 int
pmap_mincore(pmap_t pmap,vm_offset_t addr,vm_paddr_t * locked_pa)4160 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
4161 {
4162 	struct l2_bucket *l2b;
4163 	pt_entry_t *ptep, pte;
4164 	vm_paddr_t pa;
4165 	vm_page_t m;
4166 	int val;
4167 	boolean_t managed;
4168 
4169 	PMAP_LOCK(pmap);
4170 retry:
4171 	l2b = pmap_get_l2_bucket(pmap, addr);
4172         if (l2b == NULL) {
4173                 val = 0;
4174                 goto out;
4175         }
4176 	ptep = &l2b->l2b_kva[l2pte_index(addr)];
4177 	pte = *ptep;
4178 	if (!l2pte_valid(pte)) {
4179 		val = 0;
4180 		goto out;
4181 	}
4182 	val = MINCORE_INCORE;
4183 	if (pte & L2_S_PROT_W)
4184 		val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
4185         managed = false;
4186 	pa = l2pte_pa(pte);
4187         m = PHYS_TO_VM_PAGE(pa);
4188         if (m != NULL && !(m->oflags & VPO_UNMANAGED))
4189                 managed = true;
4190 	if (managed) {
4191 		/*
4192 		 * The ARM pmap tries to maintain a per-mapping
4193 		 * reference bit.  The trouble is that it's kept in
4194 		 * the PV entry, not the PTE, so it's costly to access
4195 		 * here.  You would need to acquire the pvh global
4196 		 * lock, call pmap_find_pv(), and introduce a custom
4197 		 * version of vm_page_pa_tryrelock() that releases and
4198 		 * reacquires the pvh global lock.  In the end, I
4199 		 * doubt it's worthwhile.  This may falsely report
4200 		 * the given address as referenced.
4201 		 */
4202 		if ((m->md.pvh_attrs & PVF_REF) != 0)
4203 			val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
4204 	}
4205 	if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
4206 	    (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) && managed) {
4207 		/* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
4208 		if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
4209 			goto retry;
4210 	} else
4211 out:
4212 		PA_UNLOCK_COND(*locked_pa);
4213 	PMAP_UNLOCK(pmap);
4214 	return (val);
4215 }
4216 
4217 
4218 void
pmap_sync_icache(pmap_t pm,vm_offset_t va,vm_size_t sz)4219 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
4220 {
4221 }
4222 
4223 
4224 /*
4225  *	Increase the starting virtual address of the given mapping if a
4226  *	different alignment might result in more superpage mappings.
4227  */
4228 void
pmap_align_superpage(vm_object_t object,vm_ooffset_t offset,vm_offset_t * addr,vm_size_t size)4229 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
4230     vm_offset_t *addr, vm_size_t size)
4231 {
4232 }
4233 
4234 #define BOOTSTRAP_DEBUG
4235 
4236 /*
4237  * pmap_map_section:
4238  *
4239  *	Create a single section mapping.
4240  */
4241 void
pmap_map_section(vm_offset_t l1pt,vm_offset_t va,vm_offset_t pa,int prot,int cache)4242 pmap_map_section(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa,
4243     int prot, int cache)
4244 {
4245 	pd_entry_t *pde = (pd_entry_t *) l1pt;
4246 	pd_entry_t fl;
4247 
4248 	KASSERT(((va | pa) & L1_S_OFFSET) == 0, ("ouin2"));
4249 
4250 	switch (cache) {
4251 	case PTE_NOCACHE:
4252 	default:
4253 		fl = 0;
4254 		break;
4255 
4256 	case PTE_CACHE:
4257 		fl = pte_l1_s_cache_mode;
4258 		break;
4259 
4260 	case PTE_PAGETABLE:
4261 		fl = pte_l1_s_cache_mode_pt;
4262 		break;
4263 	}
4264 
4265 	pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa |
4266 	    L1_S_PROT(PTE_KERNEL, prot) | fl | L1_S_DOM(PMAP_DOMAIN_KERNEL);
4267 	PTE_SYNC(&pde[va >> L1_S_SHIFT]);
4268 
4269 }
4270 
4271 /*
4272  * pmap_link_l2pt:
4273  *
4274  *	Link the L2 page table specified by l2pv.pv_pa into the L1
4275  *	page table at the slot for "va".
4276  */
4277 void
pmap_link_l2pt(vm_offset_t l1pt,vm_offset_t va,struct pv_addr * l2pv)4278 pmap_link_l2pt(vm_offset_t l1pt, vm_offset_t va, struct pv_addr *l2pv)
4279 {
4280 	pd_entry_t *pde = (pd_entry_t *) l1pt, proto;
4281 	u_int slot = va >> L1_S_SHIFT;
4282 
4283 	proto = L1_S_DOM(PMAP_DOMAIN_KERNEL) | L1_C_PROTO;
4284 
4285 #ifdef VERBOSE_INIT_ARM
4286 	printf("pmap_link_l2pt: pa=0x%x va=0x%x\n", l2pv->pv_pa, l2pv->pv_va);
4287 #endif
4288 
4289 	pde[slot + 0] = proto | (l2pv->pv_pa + 0x000);
4290 
4291 	PTE_SYNC(&pde[slot]);
4292 
4293 	SLIST_INSERT_HEAD(&kernel_pt_list, l2pv, pv_list);
4294 
4295 
4296 }
4297 
4298 /*
4299  * pmap_map_entry
4300  *
4301  * 	Create a single page mapping.
4302  */
4303 void
pmap_map_entry(vm_offset_t l1pt,vm_offset_t va,vm_offset_t pa,int prot,int cache)4304 pmap_map_entry(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa, int prot,
4305     int cache)
4306 {
4307 	pd_entry_t *pde = (pd_entry_t *) l1pt;
4308 	pt_entry_t fl;
4309 	pt_entry_t *pte;
4310 
4311 	KASSERT(((va | pa) & PAGE_MASK) == 0, ("ouin"));
4312 
4313 	switch (cache) {
4314 	case PTE_NOCACHE:
4315 	default:
4316 		fl = 0;
4317 		break;
4318 
4319 	case PTE_CACHE:
4320 		fl = pte_l2_s_cache_mode;
4321 		break;
4322 
4323 	case PTE_PAGETABLE:
4324 		fl = pte_l2_s_cache_mode_pt;
4325 		break;
4326 	}
4327 
4328 	if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
4329 		panic("pmap_map_entry: no L2 table for VA 0x%08x", va);
4330 
4331 	pte = (pt_entry_t *) kernel_pt_lookup(pde[L1_IDX(va)] & L1_C_ADDR_MASK);
4332 
4333 	if (pte == NULL)
4334 		panic("pmap_map_entry: can't find L2 table for VA 0x%08x", va);
4335 
4336 	pte[l2pte_index(va)] =
4337 	    L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL, prot) | fl;
4338 	PTE_SYNC(&pte[l2pte_index(va)]);
4339 }
4340 
4341 /*
4342  * pmap_map_chunk:
4343  *
4344  *	Map a chunk of memory using the most efficient mappings
4345  *	possible (section. large page, small page) into the
4346  *	provided L1 and L2 tables at the specified virtual address.
4347  */
4348 vm_size_t
pmap_map_chunk(vm_offset_t l1pt,vm_offset_t va,vm_offset_t pa,vm_size_t size,int prot,int cache)4349 pmap_map_chunk(vm_offset_t l1pt, vm_offset_t va, vm_offset_t pa,
4350     vm_size_t size, int prot, int cache)
4351 {
4352 	pd_entry_t *pde = (pd_entry_t *) l1pt;
4353 	pt_entry_t *pte, f1, f2s, f2l;
4354 	vm_size_t resid;
4355 	int i;
4356 
4357 	resid = roundup2(size, PAGE_SIZE);
4358 
4359 	if (l1pt == 0)
4360 		panic("pmap_map_chunk: no L1 table provided");
4361 
4362 #ifdef VERBOSE_INIT_ARM
4363 	printf("pmap_map_chunk: pa=0x%x va=0x%x size=0x%x resid=0x%x "
4364 	    "prot=0x%x cache=%d\n", pa, va, size, resid, prot, cache);
4365 #endif
4366 
4367 	switch (cache) {
4368 	case PTE_NOCACHE:
4369 	default:
4370 		f1 = 0;
4371 		f2l = 0;
4372 		f2s = 0;
4373 		break;
4374 
4375 	case PTE_CACHE:
4376 		f1 = pte_l1_s_cache_mode;
4377 		f2l = pte_l2_l_cache_mode;
4378 		f2s = pte_l2_s_cache_mode;
4379 		break;
4380 
4381 	case PTE_PAGETABLE:
4382 		f1 = pte_l1_s_cache_mode_pt;
4383 		f2l = pte_l2_l_cache_mode_pt;
4384 		f2s = pte_l2_s_cache_mode_pt;
4385 		break;
4386 	}
4387 
4388 	size = resid;
4389 
4390 	while (resid > 0) {
4391 		/* See if we can use a section mapping. */
4392 		if (L1_S_MAPPABLE_P(va, pa, resid)) {
4393 #ifdef VERBOSE_INIT_ARM
4394 			printf("S");
4395 #endif
4396 			pde[va >> L1_S_SHIFT] = L1_S_PROTO | pa |
4397 			    L1_S_PROT(PTE_KERNEL, prot) | f1 |
4398 			    L1_S_DOM(PMAP_DOMAIN_KERNEL);
4399 			PTE_SYNC(&pde[va >> L1_S_SHIFT]);
4400 			va += L1_S_SIZE;
4401 			pa += L1_S_SIZE;
4402 			resid -= L1_S_SIZE;
4403 			continue;
4404 		}
4405 
4406 		/*
4407 		 * Ok, we're going to use an L2 table.  Make sure
4408 		 * one is actually in the corresponding L1 slot
4409 		 * for the current VA.
4410 		 */
4411 		if ((pde[va >> L1_S_SHIFT] & L1_TYPE_MASK) != L1_TYPE_C)
4412 			panic("pmap_map_chunk: no L2 table for VA 0x%08x", va);
4413 
4414 		pte = (pt_entry_t *) kernel_pt_lookup(
4415 		    pde[L1_IDX(va)] & L1_C_ADDR_MASK);
4416 		if (pte == NULL)
4417 			panic("pmap_map_chunk: can't find L2 table for VA"
4418 			    "0x%08x", va);
4419 		/* See if we can use a L2 large page mapping. */
4420 		if (L2_L_MAPPABLE_P(va, pa, resid)) {
4421 #ifdef VERBOSE_INIT_ARM
4422 			printf("L");
4423 #endif
4424 			for (i = 0; i < 16; i++) {
4425 				pte[l2pte_index(va) + i] =
4426 				    L2_L_PROTO | pa |
4427 				    L2_L_PROT(PTE_KERNEL, prot) | f2l;
4428 				PTE_SYNC(&pte[l2pte_index(va) + i]);
4429 			}
4430 			va += L2_L_SIZE;
4431 			pa += L2_L_SIZE;
4432 			resid -= L2_L_SIZE;
4433 			continue;
4434 		}
4435 
4436 		/* Use a small page mapping. */
4437 #ifdef VERBOSE_INIT_ARM
4438 		printf("P");
4439 #endif
4440 		pte[l2pte_index(va)] =
4441 		    L2_S_PROTO | pa | L2_S_PROT(PTE_KERNEL, prot) | f2s;
4442 		PTE_SYNC(&pte[l2pte_index(va)]);
4443 		va += PAGE_SIZE;
4444 		pa += PAGE_SIZE;
4445 		resid -= PAGE_SIZE;
4446 	}
4447 #ifdef VERBOSE_INIT_ARM
4448 	printf("\n");
4449 #endif
4450 	return (size);
4451 
4452 }
4453 
4454 void
pmap_page_set_memattr(vm_page_t m,vm_memattr_t ma)4455 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
4456 {
4457 	/*
4458 	 * Remember the memattr in a field that gets used to set the appropriate
4459 	 * bits in the PTEs as mappings are established.
4460 	 */
4461 	m->md.pv_memattr = ma;
4462 
4463 	/*
4464 	 * It appears that this function can only be called before any mappings
4465 	 * for the page are established on ARM.  If this ever changes, this code
4466 	 * will need to walk the pv_list and make each of the existing mappings
4467 	 * uncacheable, being careful to sync caches and PTEs (and maybe
4468 	 * invalidate TLB?) for any current mapping it modifies.
4469 	 */
4470 	if (m->md.pv_kva != 0 || TAILQ_FIRST(&m->md.pv_list) != NULL)
4471 		panic("Can't change memattr on page with existing mappings");
4472 }
4473 
4474 boolean_t
pmap_is_valid_memattr(pmap_t pmap __unused,vm_memattr_t mode)4475 pmap_is_valid_memattr(pmap_t pmap __unused, vm_memattr_t mode)
4476 {
4477 
4478 	return (mode == VM_MEMATTR_DEFAULT || mode == VM_MEMATTR_UNCACHEABLE);
4479 }
4480