Print this page
8956 Implement KPTI
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
9208 hati_demap_func should take pagesize into account
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/i86pc/vm/hat_i86.c
+++ new/usr/src/uts/i86pc/vm/hat_i86.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
20 20 */
21 21 /*
22 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24 /*
25 25 * Copyright (c) 2010, Intel Corporation.
26 26 * All rights reserved.
27 27 */
28 28 /*
29 29 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
30 + * Copyright 2018 Joyent, Inc. All rights reserved.
30 31 * Copyright (c) 2014, 2015 by Delphix. All rights reserved.
31 32 */
32 33
33 34 /*
34 35 * VM - Hardware Address Translation management for i386 and amd64
35 36 *
36 37 * Implementation of the interfaces described in <common/vm/hat.h>
37 38 *
38 39 * Nearly all the details of how the hardware is managed should not be
39 40 * visible outside this layer except for misc. machine specific functions
40 41 * that work in conjunction with this code.
41 42 *
42 43 * Routines used only inside of i86pc/vm start with hati_ for HAT Internal.
43 44 */
44 45
46 +/*
47 + * amd64 HAT Design
48 + *
49 + * ----------
50 + * Background
51 + * ----------
52 + *
53 + * On x86, the address space is shared between a user process and the kernel.
54 + * This is different from SPARC. Conventionally, the kernel lives at the top of
55 + * the address space and the user process gets to enjoy the rest of it. If you
56 + * look at the image of the address map in uts/i86pc/os/startup.c, you'll get a
57 + * rough sense of how the address space is laid out and used.
58 + *
59 + * Every unique address space is represented by an instance of a HAT structure
60 + * called a 'hat_t'. In addition to a hat_t structure for each process, there is
61 + * also one that is used for the kernel (kas.a_hat), and each CPU ultimately
62 + * also has a HAT.
63 + *
64 + * Each HAT contains a pointer to its root page table. This root page table is
65 + * what we call an L3 page table in illumos and Intel calls the PML4. It is the
66 + * physical address of the L3 table that we place in the %cr3 register which the
67 + * processor uses.
68 + *
69 + * Each of the many layers of the page table is represented by a structure
70 + * called an htable_t. The htable_t manages a set of 512 8-byte entries. The
71 + * number of entries in a given page table is constant across all different
72 + * level page tables. Note, this is only true on amd64. This has not always been
73 + * the case on x86.
74 + *
75 + * Each entry in a page table, generally referred to as a PTE, may refer to
76 + * another page table or a memory location, depending on the level of the page
77 + * table and the use of large pages. Importantly, the top-level L3 page table
78 + * (PML4) only supports linking to further page tables. This is also true on
79 + * systems which support a 5th level page table (which we do not currently
80 + * support).
81 + *
82 + * Historically, on x86, when a process was running on CPU, the root of the page
83 + * table was inserted into %cr3 on each CPU on which it was currently running.
84 + * When processes would switch (by calling hat_switch()), then the value in %cr3
85 + * on that CPU would change to that of the new HAT. While this behavior is still
86 + * maintained in the xpv kernel, this is not what is done today.
87 + *
88 + * -------------------
89 + * Per-CPU Page Tables
90 + * -------------------
91 + *
92 + * Throughout the system the 64-bit kernel has a notion of what it calls a
93 + * per-CPU page table or PCP. The notion of a per-CPU page table was originally
94 + * introduced as part of the original work to support x86 PAE. On the 64-bit
95 + * kernel, it was originally used for 32-bit processes running on the 64-bit
96 + * kernel. The rationale behind this was that each 32-bit process could have all
97 + * of its memory represented in a single L2 page table as each L2 page table
98 + * entry represents 1 GbE of memory.
99 + *
100 + * Following on from this, the idea was that given that all of the L3 page table
101 + * entries for 32-bit processes are basically going to be identical with the
102 + * exception of the first entry in the page table, why not share those page
103 + * table entries. This gave rise to the idea of a per-CPU page table.
104 + *
105 + * The way this works is that we have a member in the machcpu_t called the
106 + * mcpu_hat_info. That structure contains two different 4k pages: one that
107 + * represents the L3 page table and one that represents an L2 page table. When
108 + * the CPU starts up, the L3 page table entries are copied in from the kernel's
109 + * page table. The L3 kernel entries do not change throughout the lifetime of
110 + * the kernel. The kernel portion of these L3 pages for each CPU have the same
111 + * records, meaning that they point to the same L2 page tables and thus see a
112 + * consistent view of the world.
113 + *
114 + * When a 32-bit process is loaded into this world, we copy the 32-bit process's
115 + * four top-level page table entries into the CPU's L2 page table and then set
116 + * the CPU's first L3 page table entry to point to the CPU's L2 page.
117 + * Specifically, in hat_pcp_update(), we're copying from the process's
118 + * HAT_COPIED_32 HAT into the page tables specific to this CPU.
119 + *
120 + * As part of the implementation of kernel page table isolation, this was also
121 + * extended to 64-bit processes. When a 64-bit process runs, we'll copy their L3
122 + * PTEs across into the current CPU's L3 page table. (As we can't do the
123 + * first-L3-entry trick for 64-bit processes, ->hci_pcp_l2ptes is unused in this
124 + * case.)
125 + *
126 + * The use of per-CPU page tables has a lot of implementation ramifications. A
127 + * HAT that runs a user process will be flagged with the HAT_COPIED flag to
128 + * indicate that it is using the per-CPU page table functionality. In tandem
129 + * with the HAT, the top-level htable_t will be flagged with the HTABLE_COPIED
130 + * flag. If the HAT represents a 32-bit process, then we will also set the
131 + * HAT_COPIED_32 flag on that hat_t.
132 + *
133 + * These two flags work together. The top-level htable_t when using per-CPU page
134 + * tables is 'virtual'. We never allocate a ptable for this htable_t (i.e.
135 + * ht->ht_pfn is PFN_INVALID). Instead, when we need to modify a PTE in an
136 + * HTABLE_COPIED ptable, x86pte_access_pagetable() will redirect any accesses to
137 + * ht_hat->hat_copied_ptes.
138 + *
139 + * Of course, such a modification won't actually modify the HAT_PCP page tables
140 + * that were copied from the HAT_COPIED htable. When we change the top level
141 + * page table entries (L2 PTEs for a 32-bit process and L3 PTEs for a 64-bit
142 + * process), we need to make sure to trigger hat_pcp_update() on all CPUs that
143 + * are currently tied to this HAT (including the current CPU).
144 + *
145 + * To do this, PCP piggy-backs on TLB invalidation, specifically via the
146 + * hat_tlb_inval() path from link_ptp() and unlink_ptp().
147 + *
148 + * (Importantly, in all such cases, when this is in operation, the top-level
149 + * entry should not be able to refer to an actual page table entry that can be
150 + * changed and consolidated into a large page. If large page consolidation is
151 + * required here, then there will be much that needs to be reconsidered.)
152 + *
153 + * -----------------------------------------------
154 + * Kernel Page Table Isolation and the Per-CPU HAT
155 + * -----------------------------------------------
156 + *
157 + * All Intel CPUs that support speculative execution and paging are subject to a
158 + * series of bugs that have been termed 'Meltdown'. These exploits allow a user
159 + * process to read kernel memory through cache side channels and speculative
160 + * execution. To mitigate this on vulnerable CPUs, we need to use a technique
161 + * called kernel page table isolation. What this requires is that we have two
162 + * different page table roots. When executing in kernel mode, we will use a %cr3
163 + * value that has both the user and kernel pages. However when executing in user
164 + * mode, we will need to have a %cr3 that has all of the user pages; however,
165 + * only a subset of the kernel pages required to operate.
166 + *
167 + * These kernel pages that we need mapped are:
168 + *
169 + * o Kernel Text that allows us to switch between the cr3 values.
170 + * o The current global descriptor table (GDT)
171 + * o The current interrupt descriptor table (IDT)
172 + * o The current task switching state (TSS)
173 + * o The current local descriptor table (LDT)
174 + * o Stacks and scratch space used by the interrupt handlers
175 + *
176 + * For more information on the stack switching techniques, construction of the
177 + * trampolines, and more, please see i86pc/ml/kpti_trampolines.s. The most
178 + * important part of these mappings are the following two constraints:
179 + *
180 + * o The mappings are all per-CPU (except for read-only text)
181 + * o The mappings are static. They are all established before the CPU is
182 + * started (with the exception of the boot CPU).
183 + *
184 + * To facilitate the kernel page table isolation we employ our per-CPU
185 + * page tables discussed in the previous section and add the notion of a per-CPU
186 + * HAT. Fundamentally we have a second page table root. There is both a kernel
187 + * page table (hci_pcp_l3ptes), and a user L3 page table (hci_user_l3ptes).
188 + * Both will have the user page table entries copied into them, the same way
189 + * that we discussed in the section 'Per-CPU Page Tables'.
190 + *
191 + * The complex part of this is how do we construct the set of kernel mappings
192 + * that should be present when running with the user page table. To answer that,
193 + * we add the notion of a per-CPU HAT. This HAT functions like a normal HAT,
194 + * except that it's not really associated with an address space the same way
195 + * that other HATs are.
196 + *
197 + * This HAT lives off of the 'struct hat_cpu_info' which is a member of the
198 + * machcpu in the member hci_user_hat. We use this per-CPU HAT to create the set
199 + * of kernel mappings that should be present on this CPU. The kernel mappings
200 + * are added to the per-CPU HAT through the function hati_cpu_punchin(). Once a
201 + * mapping has been punched in, it may not be punched out. The reason that we
202 + * opt to leverage a HAT structure is that it knows how to allocate and manage
203 + * all of the lower level page tables as required.
204 + *
205 + * Because all of the mappings are present at the beginning of time for this CPU
206 + * and none of the mappings are in the kernel pageable segment, we don't have to
207 + * worry about faulting on these HAT structures and thus the notion of the
208 + * current HAT that we're using is always the appropriate HAT for the process
209 + * (usually a user HAT or the kernel's HAT).
210 + *
211 + * A further constraint we place on the system with these per-CPU HATs is that
212 + * they are not subject to htable_steal(). Because each CPU will have a rather
213 + * fixed number of page tables, the same way that we don't steal from the
214 + * kernel's HAT, it was determined that we should not steal from this HAT due to
215 + * the complications involved and somewhat criminal nature of htable_steal().
216 + *
217 + * The per-CPU HAT is initialized in hat_pcp_setup() which is called as part of
218 + * onlining the CPU, but before the CPU is actually started. The per-CPU HAT is
219 + * removed in hat_pcp_teardown() which is called when a CPU is being offlined to
220 + * be removed from the system (which is different from what psradm usually
221 + * does).
222 + *
223 + * Finally, once the CPU has been onlined, the set of mappings in the per-CPU
224 + * HAT must not change. The HAT related functions that we call are not meant to
225 + * be called when we're switching between processes. For example, it is quite
226 + * possible that if they were, they would try to grab an htable mutex which
227 + * another thread might have. One needs to treat hat_switch() as though they
228 + * were above LOCK_LEVEL and therefore _must not_ block under any circumstance.
229 + */
230 +
45 231 #include <sys/machparam.h>
46 232 #include <sys/machsystm.h>
47 233 #include <sys/mman.h>
48 234 #include <sys/types.h>
49 235 #include <sys/systm.h>
50 236 #include <sys/cpuvar.h>
51 237 #include <sys/thread.h>
52 238 #include <sys/proc.h>
53 239 #include <sys/cpu.h>
54 240 #include <sys/kmem.h>
55 241 #include <sys/disp.h>
56 242 #include <sys/shm.h>
57 243 #include <sys/sysmacros.h>
58 244 #include <sys/machparam.h>
59 245 #include <sys/vmem.h>
60 246 #include <sys/vmsystm.h>
61 247 #include <sys/promif.h>
62 248 #include <sys/var.h>
63 249 #include <sys/x86_archext.h>
64 250 #include <sys/atomic.h>
65 251 #include <sys/bitmap.h>
66 252 #include <sys/controlregs.h>
67 253 #include <sys/bootconf.h>
68 254 #include <sys/bootsvcs.h>
69 255 #include <sys/bootinfo.h>
70 256 #include <sys/archsystm.h>
71 257
72 258 #include <vm/seg_kmem.h>
73 259 #include <vm/hat_i86.h>
74 260 #include <vm/as.h>
75 261 #include <vm/seg.h>
76 262 #include <vm/page.h>
77 263 #include <vm/seg_kp.h>
78 264 #include <vm/seg_kpm.h>
79 265 #include <vm/vm_dep.h>
80 266 #ifdef __xpv
81 267 #include <sys/hypervisor.h>
82 268 #endif
83 269 #include <vm/kboot_mmu.h>
84 270 #include <vm/seg_spt.h>
85 271
86 272 #include <sys/cmn_err.h>
87 273
|
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
88 274 /*
89 275 * Basic parameters for hat operation.
90 276 */
91 277 struct hat_mmu_info mmu;
92 278
93 279 /*
94 280 * The page that is the kernel's top level pagetable.
95 281 *
96 282 * For 32 bit PAE support on i86pc, the kernel hat will use the 1st 4 entries
97 283 * on this 4K page for its top level page table. The remaining groups of
98 - * 4 entries are used for per processor copies of user VLP pagetables for
284 + * 4 entries are used for per processor copies of user PCP pagetables for
99 285 * running threads. See hat_switch() and reload_pae32() for details.
100 286 *
101 - * vlp_page[0..3] - level==2 PTEs for kernel HAT
102 - * vlp_page[4..7] - level==2 PTEs for user thread on cpu 0
103 - * vlp_page[8..11] - level==2 PTE for user thread on cpu 1
287 + * pcp_page[0..3] - level==2 PTEs for kernel HAT
288 + * pcp_page[4..7] - level==2 PTEs for user thread on cpu 0
289 + * pcp_page[8..11] - level==2 PTE for user thread on cpu 1
104 290 * etc...
291 + *
292 + * On the 64-bit kernel, this is the normal root of the page table and there is
293 + * nothing special about it when used for other CPUs.
105 294 */
106 -static x86pte_t *vlp_page;
295 +static x86pte_t *pcp_page;
107 296
108 297 /*
109 298 * forward declaration of internal utility routines
110 299 */
111 300 static x86pte_t hati_update_pte(htable_t *ht, uint_t entry, x86pte_t expected,
112 301 x86pte_t new);
113 302
114 303 /*
115 - * The kernel address space exists in all HATs. To implement this the
116 - * kernel reserves a fixed number of entries in the topmost level(s) of page
117 - * tables. The values are setup during startup and then copied to every user
118 - * hat created by hat_alloc(). This means that kernelbase must be:
304 + * The kernel address space exists in all non-HAT_COPIED HATs. To implement this
305 + * the kernel reserves a fixed number of entries in the topmost level(s) of page
306 + * tables. The values are setup during startup and then copied to every user hat
307 + * created by hat_alloc(). This means that kernelbase must be:
119 308 *
120 309 * 4Meg aligned for 32 bit kernels
121 310 * 512Gig aligned for x86_64 64 bit kernel
122 311 *
123 312 * The hat_kernel_range_ts describe what needs to be copied from kernel hat
124 313 * to each user hat.
125 314 */
126 315 typedef struct hat_kernel_range {
127 316 level_t hkr_level;
128 317 uintptr_t hkr_start_va;
129 318 uintptr_t hkr_end_va; /* zero means to end of memory */
130 319 } hat_kernel_range_t;
131 320 #define NUM_KERNEL_RANGE 2
132 321 static hat_kernel_range_t kernel_ranges[NUM_KERNEL_RANGE];
133 322 static int num_kernel_ranges;
134 323
135 324 uint_t use_boot_reserve = 1; /* cleared after early boot process */
136 325 uint_t can_steal_post_boot = 0; /* set late in boot to enable stealing */
137 326
138 327 /*
139 328 * enable_1gpg: controls 1g page support for user applications.
140 329 * By default, 1g pages are exported to user applications. enable_1gpg can
141 330 * be set to 0 to not export.
142 331 */
143 332 int enable_1gpg = 1;
144 333
145 334 /*
146 335 * AMD shanghai processors provide better management of 1gb ptes in its tlb.
147 336 * By default, 1g page support will be disabled for pre-shanghai AMD
148 337 * processors that don't have optimal tlb support for the 1g page size.
149 338 * chk_optimal_1gtlb can be set to 0 to force 1g page support on sub-optimal
150 339 * processors.
151 340 */
152 341 int chk_optimal_1gtlb = 1;
153 342
154 343
155 344 #ifdef DEBUG
156 345 uint_t map1gcnt;
157 346 #endif
158 347
159 348
160 349 /*
161 350 * A cpuset for all cpus. This is used for kernel address cross calls, since
162 351 * the kernel addresses apply to all cpus.
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
163 352 */
164 353 cpuset_t khat_cpuset;
165 354
166 355 /*
167 356 * management stuff for hat structures
168 357 */
169 358 kmutex_t hat_list_lock;
170 359 kcondvar_t hat_list_cv;
171 360 kmem_cache_t *hat_cache;
172 361 kmem_cache_t *hat_hash_cache;
173 -kmem_cache_t *vlp_hash_cache;
362 +kmem_cache_t *hat32_hash_cache;
174 363
175 364 /*
176 365 * Simple statistics
177 366 */
178 367 struct hatstats hatstat;
179 368
180 369 /*
181 370 * Some earlier hypervisor versions do not emulate cmpxchg of PTEs
182 371 * correctly. For such hypervisors we must set PT_USER for kernel
183 372 * entries ourselves (normally the emulation would set PT_USER for
184 373 * kernel entries and PT_USER|PT_GLOBAL for user entries). pt_kern is
185 374 * thus set appropriately. Note that dboot/kbm is OK, as only the full
186 375 * HAT uses cmpxchg() and the other paths (hypercall etc.) were never
187 376 * incorrect.
188 377 */
189 378 int pt_kern;
190 379
191 -/*
192 - * useful stuff for atomic access/clearing/setting REF/MOD/RO bits in page_t's.
193 - */
194 -extern void atomic_orb(uchar_t *addr, uchar_t val);
195 -extern void atomic_andb(uchar_t *addr, uchar_t val);
196 -
197 380 #ifndef __xpv
198 381 extern pfn_t memseg_get_start(struct memseg *);
199 382 #endif
200 383
201 384 #define PP_GETRM(pp, rmmask) (pp->p_nrm & rmmask)
202 385 #define PP_ISMOD(pp) PP_GETRM(pp, P_MOD)
203 386 #define PP_ISREF(pp) PP_GETRM(pp, P_REF)
204 387 #define PP_ISRO(pp) PP_GETRM(pp, P_RO)
205 388
206 389 #define PP_SETRM(pp, rm) atomic_orb(&(pp->p_nrm), rm)
207 390 #define PP_SETMOD(pp) PP_SETRM(pp, P_MOD)
208 391 #define PP_SETREF(pp) PP_SETRM(pp, P_REF)
209 392 #define PP_SETRO(pp) PP_SETRM(pp, P_RO)
210 393
211 394 #define PP_CLRRM(pp, rm) atomic_andb(&(pp->p_nrm), ~(rm))
212 395 #define PP_CLRMOD(pp) PP_CLRRM(pp, P_MOD)
213 396 #define PP_CLRREF(pp) PP_CLRRM(pp, P_REF)
214 397 #define PP_CLRRO(pp) PP_CLRRM(pp, P_RO)
215 398 #define PP_CLRALL(pp) PP_CLRRM(pp, P_MOD | P_REF | P_RO)
216 399
217 400 /*
218 401 * kmem cache constructor for struct hat
219 402 */
220 403 /*ARGSUSED*/
221 404 static int
222 405 hati_constructor(void *buf, void *handle, int kmflags)
223 406 {
224 407 hat_t *hat = buf;
225 408
226 409 mutex_init(&hat->hat_mutex, NULL, MUTEX_DEFAULT, NULL);
227 410 bzero(hat->hat_pages_mapped,
228 411 sizeof (pgcnt_t) * (mmu.max_page_level + 1));
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
229 412 hat->hat_ism_pgcnt = 0;
230 413 hat->hat_stats = 0;
231 414 hat->hat_flags = 0;
232 415 CPUSET_ZERO(hat->hat_cpus);
233 416 hat->hat_htable = NULL;
234 417 hat->hat_ht_hash = NULL;
235 418 return (0);
236 419 }
237 420
238 421 /*
422 + * Put it at the start of the global list of all hats (used by stealing)
423 + *
424 + * kas.a_hat is not in the list but is instead used to find the
425 + * first and last items in the list.
426 + *
427 + * - kas.a_hat->hat_next points to the start of the user hats.
428 + * The list ends where hat->hat_next == NULL
429 + *
430 + * - kas.a_hat->hat_prev points to the last of the user hats.
431 + * The list begins where hat->hat_prev == NULL
432 + */
433 +static void
434 +hat_list_append(hat_t *hat)
435 +{
436 + mutex_enter(&hat_list_lock);
437 + hat->hat_prev = NULL;
438 + hat->hat_next = kas.a_hat->hat_next;
439 + if (hat->hat_next)
440 + hat->hat_next->hat_prev = hat;
441 + else
442 + kas.a_hat->hat_prev = hat;
443 + kas.a_hat->hat_next = hat;
444 + mutex_exit(&hat_list_lock);
445 +}
446 +
447 +/*
239 448 * Allocate a hat structure for as. We also create the top level
240 449 * htable and initialize it to contain the kernel hat entries.
241 450 */
242 451 hat_t *
243 452 hat_alloc(struct as *as)
244 453 {
245 454 hat_t *hat;
246 455 htable_t *ht; /* top level htable */
247 - uint_t use_vlp;
456 + uint_t use_copied;
248 457 uint_t r;
249 458 hat_kernel_range_t *rp;
250 459 uintptr_t va;
251 460 uintptr_t eva;
252 461 uint_t start;
253 462 uint_t cnt;
254 463 htable_t *src;
464 + boolean_t use_hat32_cache;
255 465
256 466 /*
257 467 * Once we start creating user process HATs we can enable
258 468 * the htable_steal() code.
259 469 */
260 470 if (can_steal_post_boot == 0)
261 471 can_steal_post_boot = 1;
262 472
263 473 ASSERT(AS_WRITE_HELD(as));
264 474 hat = kmem_cache_alloc(hat_cache, KM_SLEEP);
265 475 hat->hat_as = as;
266 476 mutex_init(&hat->hat_mutex, NULL, MUTEX_DEFAULT, NULL);
267 477 ASSERT(hat->hat_flags == 0);
268 478
269 479 #if defined(__xpv)
270 480 /*
271 - * No VLP stuff on the hypervisor due to the 64-bit split top level
481 + * No PCP stuff on the hypervisor due to the 64-bit split top level
272 482 * page tables. On 32-bit it's not needed as the hypervisor takes
273 483 * care of copying the top level PTEs to a below 4Gig page.
274 484 */
275 - use_vlp = 0;
485 + use_copied = 0;
486 + use_hat32_cache = B_FALSE;
487 + hat->hat_max_level = mmu.max_level;
488 + hat->hat_num_copied = 0;
489 + hat->hat_flags = 0;
276 490 #else /* __xpv */
277 - /* 32 bit processes uses a VLP style hat when running with PAE */
278 -#if defined(__amd64)
279 - use_vlp = (ttoproc(curthread)->p_model == DATAMODEL_ILP32);
280 -#elif defined(__i386)
281 - use_vlp = mmu.pae_hat;
282 -#endif
491 +
492 + /*
493 + * All processes use HAT_COPIED on the 64-bit kernel if KPTI is
494 + * turned on.
495 + */
496 + if (ttoproc(curthread)->p_model == DATAMODEL_ILP32) {
497 + use_copied = 1;
498 + hat->hat_max_level = mmu.max_level32;
499 + hat->hat_num_copied = mmu.num_copied_ents32;
500 + use_hat32_cache = B_TRUE;
501 + hat->hat_flags |= HAT_COPIED_32;
502 + HATSTAT_INC(hs_hat_copied32);
503 + } else if (kpti_enable == 1) {
504 + use_copied = 1;
505 + hat->hat_max_level = mmu.max_level;
506 + hat->hat_num_copied = mmu.num_copied_ents;
507 + use_hat32_cache = B_FALSE;
508 + HATSTAT_INC(hs_hat_copied64);
509 + } else {
510 + use_copied = 0;
511 + use_hat32_cache = B_FALSE;
512 + hat->hat_max_level = mmu.max_level;
513 + hat->hat_num_copied = 0;
514 + hat->hat_flags = 0;
515 + HATSTAT_INC(hs_hat_normal64);
516 + }
283 517 #endif /* __xpv */
284 - if (use_vlp) {
285 - hat->hat_flags = HAT_VLP;
286 - bzero(hat->hat_vlp_ptes, VLP_SIZE);
518 + if (use_copied) {
519 + hat->hat_flags |= HAT_COPIED;
520 + bzero(hat->hat_copied_ptes, sizeof (hat->hat_copied_ptes));
287 521 }
288 522
289 523 /*
290 - * Allocate the htable hash
524 + * Allocate the htable hash. For 32-bit PCP processes we use the
525 + * hat32_hash_cache. However, for 64-bit PCP processes we do not as the
526 + * number of entries that they have to handle is closer to
527 + * hat_hash_cache in count (though there will be more wastage when we
528 + * have more DRAM in the system and thus push down the user address
529 + * range).
291 530 */
292 - if ((hat->hat_flags & HAT_VLP)) {
293 - hat->hat_num_hash = mmu.vlp_hash_cnt;
294 - hat->hat_ht_hash = kmem_cache_alloc(vlp_hash_cache, KM_SLEEP);
531 + if (use_hat32_cache) {
532 + hat->hat_num_hash = mmu.hat32_hash_cnt;
533 + hat->hat_ht_hash = kmem_cache_alloc(hat32_hash_cache, KM_SLEEP);
295 534 } else {
296 535 hat->hat_num_hash = mmu.hash_cnt;
297 536 hat->hat_ht_hash = kmem_cache_alloc(hat_hash_cache, KM_SLEEP);
298 537 }
299 538 bzero(hat->hat_ht_hash, hat->hat_num_hash * sizeof (htable_t *));
300 539
301 540 /*
302 541 * Initialize Kernel HAT entries at the top of the top level page
303 542 * tables for the new hat.
304 543 */
305 544 hat->hat_htable = NULL;
306 545 hat->hat_ht_cached = NULL;
307 546 XPV_DISALLOW_MIGRATE();
308 547 ht = htable_create(hat, (uintptr_t)0, TOP_LEVEL(hat), NULL);
309 548 hat->hat_htable = ht;
310 549
311 550 #if defined(__amd64)
312 - if (hat->hat_flags & HAT_VLP)
551 + if (hat->hat_flags & HAT_COPIED)
313 552 goto init_done;
314 553 #endif
315 554
316 555 for (r = 0; r < num_kernel_ranges; ++r) {
317 556 rp = &kernel_ranges[r];
318 557 for (va = rp->hkr_start_va; va != rp->hkr_end_va;
319 558 va += cnt * LEVEL_SIZE(rp->hkr_level)) {
320 559
321 560 if (rp->hkr_level == TOP_LEVEL(hat))
322 561 ht = hat->hat_htable;
323 562 else
324 563 ht = htable_create(hat, va, rp->hkr_level,
325 564 NULL);
326 565
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
327 566 start = htable_va2entry(va, ht);
328 567 cnt = HTABLE_NUM_PTES(ht) - start;
329 568 eva = va +
330 569 ((uintptr_t)cnt << LEVEL_SHIFT(rp->hkr_level));
331 570 if (rp->hkr_end_va != 0 &&
332 571 (eva > rp->hkr_end_va || eva == 0))
333 572 cnt = htable_va2entry(rp->hkr_end_va, ht) -
334 573 start;
335 574
336 575 #if defined(__i386) && !defined(__xpv)
337 - if (ht->ht_flags & HTABLE_VLP) {
338 - bcopy(&vlp_page[start],
339 - &hat->hat_vlp_ptes[start],
576 + if (ht->ht_flags & HTABLE_COPIED) {
577 + bcopy(&pcp_page[start],
578 + &hat->hat_copied_ptes[start],
340 579 cnt * sizeof (x86pte_t));
341 580 continue;
342 581 }
343 582 #endif
344 583 src = htable_lookup(kas.a_hat, va, rp->hkr_level);
345 584 ASSERT(src != NULL);
346 585 x86pte_copy(src, ht, start, cnt);
347 586 htable_release(src);
348 587 }
349 588 }
350 589
351 590 init_done:
352 591
353 592 #if defined(__xpv)
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
354 593 /*
355 594 * Pin top level page tables after initializing them
356 595 */
357 596 xen_pin(hat->hat_htable->ht_pfn, mmu.max_level);
358 597 #if defined(__amd64)
359 598 xen_pin(hat->hat_user_ptable, mmu.max_level);
360 599 #endif
361 600 #endif
362 601 XPV_ALLOW_MIGRATE();
363 602
603 + hat_list_append(hat);
604 +
605 + return (hat);
606 +}
607 +
608 +#if !defined(__xpv)
609 +/*
610 + * Cons up a HAT for a CPU. This represents the user mappings. This will have
611 + * various kernel pages punched into it manually. Importantly, this hat is
612 + * ineligible for stealing. We really don't want to deal with this ever
613 + * faulting and figuring out that this is happening, much like we don't with
614 + * kas.
615 + */
616 +static hat_t *
617 +hat_cpu_alloc(cpu_t *cpu)
618 +{
619 + hat_t *hat;
620 + htable_t *ht;
621 +
622 + hat = kmem_cache_alloc(hat_cache, KM_SLEEP);
623 + hat->hat_as = NULL;
624 + mutex_init(&hat->hat_mutex, NULL, MUTEX_DEFAULT, NULL);
625 + hat->hat_max_level = mmu.max_level;
626 + hat->hat_num_copied = 0;
627 + hat->hat_flags = HAT_PCP;
628 +
629 + hat->hat_num_hash = mmu.hash_cnt;
630 + hat->hat_ht_hash = kmem_cache_alloc(hat_hash_cache, KM_SLEEP);
631 + bzero(hat->hat_ht_hash, hat->hat_num_hash * sizeof (htable_t *));
632 +
633 + hat->hat_next = hat->hat_prev = NULL;
634 +
364 635 /*
365 - * Put it at the start of the global list of all hats (used by stealing)
366 - *
367 - * kas.a_hat is not in the list but is instead used to find the
368 - * first and last items in the list.
369 - *
370 - * - kas.a_hat->hat_next points to the start of the user hats.
371 - * The list ends where hat->hat_next == NULL
372 - *
373 - * - kas.a_hat->hat_prev points to the last of the user hats.
374 - * The list begins where hat->hat_prev == NULL
636 + * Because this HAT will only ever be used by the current CPU, we'll go
637 + * ahead and set the CPUSET up to only point to the CPU in question.
375 638 */
376 - mutex_enter(&hat_list_lock);
377 - hat->hat_prev = NULL;
378 - hat->hat_next = kas.a_hat->hat_next;
379 - if (hat->hat_next)
380 - hat->hat_next->hat_prev = hat;
381 - else
382 - kas.a_hat->hat_prev = hat;
383 - kas.a_hat->hat_next = hat;
384 - mutex_exit(&hat_list_lock);
639 + CPUSET_ADD(hat->hat_cpus, cpu->cpu_id);
385 640
641 + hat->hat_htable = NULL;
642 + hat->hat_ht_cached = NULL;
643 + ht = htable_create(hat, (uintptr_t)0, TOP_LEVEL(hat), NULL);
644 + hat->hat_htable = ht;
645 +
646 + hat_list_append(hat);
647 +
386 648 return (hat);
387 649 }
650 +#endif /* !__xpv */
388 651
389 652 /*
390 653 * process has finished executing but as has not been cleaned up yet.
391 654 */
392 655 /*ARGSUSED*/
393 656 void
394 657 hat_free_start(hat_t *hat)
395 658 {
396 659 ASSERT(AS_WRITE_HELD(hat->hat_as));
397 660
398 661 /*
399 662 * If the hat is currently a stealing victim, wait for the stealing
400 663 * to finish. Once we mark it as HAT_FREEING, htable_steal()
401 664 * won't look at its pagetables anymore.
402 665 */
403 666 mutex_enter(&hat_list_lock);
404 667 while (hat->hat_flags & HAT_VICTIM)
405 668 cv_wait(&hat_list_cv, &hat_list_lock);
406 669 hat->hat_flags |= HAT_FREEING;
407 670 mutex_exit(&hat_list_lock);
408 671 }
409 672
410 673 /*
411 674 * An address space is being destroyed, so we destroy the associated hat.
412 675 */
413 676 void
414 677 hat_free_end(hat_t *hat)
415 678 {
416 679 kmem_cache_t *cache;
417 680
418 681 ASSERT(hat->hat_flags & HAT_FREEING);
419 682
420 683 /*
421 684 * must not be running on the given hat
422 685 */
423 686 ASSERT(CPU->cpu_current_hat != hat);
424 687
425 688 /*
426 689 * Remove it from the list of HATs
427 690 */
428 691 mutex_enter(&hat_list_lock);
429 692 if (hat->hat_prev)
430 693 hat->hat_prev->hat_next = hat->hat_next;
431 694 else
432 695 kas.a_hat->hat_next = hat->hat_next;
433 696 if (hat->hat_next)
|
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
434 697 hat->hat_next->hat_prev = hat->hat_prev;
435 698 else
436 699 kas.a_hat->hat_prev = hat->hat_prev;
437 700 mutex_exit(&hat_list_lock);
438 701 hat->hat_next = hat->hat_prev = NULL;
439 702
440 703 #if defined(__xpv)
441 704 /*
442 705 * On the hypervisor, unpin top level page table(s)
443 706 */
707 + VERIFY3U(hat->hat_flags & HAT_PCP, ==, 0);
444 708 xen_unpin(hat->hat_htable->ht_pfn);
445 709 #if defined(__amd64)
446 710 xen_unpin(hat->hat_user_ptable);
447 711 #endif
448 712 #endif
449 713
450 714 /*
451 715 * Make a pass through the htables freeing them all up.
452 716 */
453 717 htable_purge_hat(hat);
454 718
455 719 /*
456 720 * Decide which kmem cache the hash table came from, then free it.
457 721 */
458 - if (hat->hat_flags & HAT_VLP)
459 - cache = vlp_hash_cache;
460 - else
722 + if (hat->hat_flags & HAT_COPIED) {
723 +#if defined(__amd64)
724 + if (hat->hat_flags & HAT_COPIED_32) {
725 + cache = hat32_hash_cache;
726 + } else {
727 + cache = hat_hash_cache;
728 + }
729 +#else
730 + cache = hat32_hash_cache;
731 +#endif
732 + } else {
461 733 cache = hat_hash_cache;
734 + }
462 735 kmem_cache_free(cache, hat->hat_ht_hash);
463 736 hat->hat_ht_hash = NULL;
464 737
465 738 hat->hat_flags = 0;
739 + hat->hat_max_level = 0;
740 + hat->hat_num_copied = 0;
466 741 kmem_cache_free(hat_cache, hat);
467 742 }
468 743
469 744 /*
470 745 * round kernelbase down to a supported value to use for _userlimit
471 746 *
472 747 * userlimit must be aligned down to an entry in the top level htable.
473 748 * The one exception is for 32 bit HAT's running PAE.
474 749 */
475 750 uintptr_t
476 751 hat_kernelbase(uintptr_t va)
477 752 {
478 753 #if defined(__i386)
479 754 va &= LEVEL_MASK(1);
480 755 #endif
481 756 if (IN_VA_HOLE(va))
482 757 panic("_userlimit %p will fall in VA hole\n", (void *)va);
483 758 return (va);
484 759 }
485 760
486 761 /*
487 762 *
488 763 */
489 764 static void
490 765 set_max_page_level()
491 766 {
492 767 level_t lvl;
493 768
494 769 if (!kbm_largepage_support) {
495 770 lvl = 0;
496 771 } else {
497 772 if (is_x86_feature(x86_featureset, X86FSET_1GPG)) {
498 773 lvl = 2;
499 774 if (chk_optimal_1gtlb &&
500 775 cpuid_opteron_erratum(CPU, 6671130)) {
501 776 lvl = 1;
502 777 }
503 778 if (plat_mnode_xcheck(LEVEL_SIZE(2) >>
504 779 LEVEL_SHIFT(0))) {
505 780 lvl = 1;
506 781 }
507 782 } else {
508 783 lvl = 1;
509 784 }
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
510 785 }
511 786 mmu.max_page_level = lvl;
512 787
513 788 if ((lvl == 2) && (enable_1gpg == 0))
514 789 mmu.umax_page_level = 1;
515 790 else
516 791 mmu.umax_page_level = lvl;
517 792 }
518 793
519 794 /*
795 + * Determine the number of slots that are in used in the top-most level page
796 + * table for user memory. This is based on _userlimit. In effect this is similar
797 + * to htable_va2entry, but without the convenience of having an htable.
798 + */
799 +void
800 +mmu_calc_user_slots(void)
801 +{
802 + uint_t ent, nptes;
803 + uintptr_t shift;
804 +
805 + nptes = mmu.top_level_count;
806 + shift = _userlimit >> mmu.level_shift[mmu.max_level];
807 + ent = shift & (nptes - 1);
808 +
809 + /*
810 + * Ent tells us the slot that the page for _userlimit would fit in. We
811 + * need to add one to this to cover the total number of entries.
812 + */
813 + mmu.top_level_uslots = ent + 1;
814 +
815 + /*
816 + * When running 32-bit compatability processes on a 64-bit kernel, we
817 + * will only need to use one slot.
818 + */
819 + mmu.top_level_uslots32 = 1;
820 +
821 + /*
822 + * Record the number of PCP page table entries that we'll need to copy
823 + * around. For 64-bit processes this is the number of user slots. For
824 + * 32-bit proceses, this is 4 1 GiB pages.
825 + */
826 + mmu.num_copied_ents = mmu.top_level_uslots;
827 + mmu.num_copied_ents32 = 4;
828 +}
829 +
830 +/*
520 831 * Initialize hat data structures based on processor MMU information.
521 832 */
522 833 void
523 834 mmu_init(void)
524 835 {
525 836 uint_t max_htables;
526 837 uint_t pa_bits;
527 838 uint_t va_bits;
528 839 int i;
529 840
530 841 /*
531 842 * If CPU enabled the page table global bit, use it for the kernel
532 843 * This is bit 7 in CR4 (PGE - Page Global Enable).
533 844 */
534 845 if (is_x86_feature(x86_featureset, X86FSET_PGE) &&
535 846 (getcr4() & CR4_PGE) != 0)
536 847 mmu.pt_global = PT_GLOBAL;
537 848
849 +#if !defined(__xpv)
538 850 /*
851 + * The 64-bit x86 kernel has split user/kernel page tables. As such we
852 + * cannot have the global bit set. The simplest way for us to deal with
853 + * this is to just say that pt_global is zero, so the global bit isn't
854 + * present.
855 + */
856 + if (kpti_enable == 1)
857 + mmu.pt_global = 0;
858 +#endif
859 +
860 + /*
539 861 * Detect NX and PAE usage.
540 862 */
541 863 mmu.pae_hat = kbm_pae_support;
542 864 if (kbm_nx_support)
543 865 mmu.pt_nx = PT_NX;
544 866 else
545 867 mmu.pt_nx = 0;
546 868
547 869 /*
548 870 * Use CPU info to set various MMU parameters
549 871 */
550 872 cpuid_get_addrsize(CPU, &pa_bits, &va_bits);
551 873
552 874 if (va_bits < sizeof (void *) * NBBY) {
553 875 mmu.hole_start = (1ul << (va_bits - 1));
554 876 mmu.hole_end = 0ul - mmu.hole_start - 1;
555 877 } else {
556 878 mmu.hole_end = 0;
557 879 mmu.hole_start = mmu.hole_end - 1;
558 880 }
559 881 #if defined(OPTERON_ERRATUM_121)
560 882 /*
561 883 * If erratum 121 has already been detected at this time, hole_start
562 884 * contains the value to be subtracted from mmu.hole_start.
563 885 */
564 886 ASSERT(hole_start == 0 || opteron_erratum_121 != 0);
565 887 hole_start = mmu.hole_start - hole_start;
566 888 #else
567 889 hole_start = mmu.hole_start;
568 890 #endif
569 891 hole_end = mmu.hole_end;
570 892
571 893 mmu.highest_pfn = mmu_btop((1ull << pa_bits) - 1);
572 894 if (mmu.pae_hat == 0 && pa_bits > 32)
573 895 mmu.highest_pfn = PFN_4G - 1;
574 896
575 897 if (mmu.pae_hat) {
576 898 mmu.pte_size = 8; /* 8 byte PTEs */
577 899 mmu.pte_size_shift = 3;
578 900 } else {
579 901 mmu.pte_size = 4; /* 4 byte PTEs */
580 902 mmu.pte_size_shift = 2;
581 903 }
582 904
583 905 if (mmu.pae_hat && !is_x86_feature(x86_featureset, X86FSET_PAE))
584 906 panic("Processor does not support PAE");
585 907
|
↓ open down ↓ |
37 lines elided |
↑ open up ↑ |
586 908 if (!is_x86_feature(x86_featureset, X86FSET_CX8))
587 909 panic("Processor does not support cmpxchg8b instruction");
588 910
589 911 #if defined(__amd64)
590 912
591 913 mmu.num_level = 4;
592 914 mmu.max_level = 3;
593 915 mmu.ptes_per_table = 512;
594 916 mmu.top_level_count = 512;
595 917
918 + /*
919 + * 32-bit processes only use 1 GB ptes.
920 + */
921 + mmu.max_level32 = 2;
922 +
596 923 mmu.level_shift[0] = 12;
597 924 mmu.level_shift[1] = 21;
598 925 mmu.level_shift[2] = 30;
599 926 mmu.level_shift[3] = 39;
600 927
601 928 #elif defined(__i386)
602 929
603 930 if (mmu.pae_hat) {
604 931 mmu.num_level = 3;
605 932 mmu.max_level = 2;
606 933 mmu.ptes_per_table = 512;
607 934 mmu.top_level_count = 4;
608 935
609 936 mmu.level_shift[0] = 12;
610 937 mmu.level_shift[1] = 21;
611 938 mmu.level_shift[2] = 30;
612 939
613 940 } else {
614 941 mmu.num_level = 2;
615 942 mmu.max_level = 1;
616 943 mmu.ptes_per_table = 1024;
617 944 mmu.top_level_count = 1024;
618 945
619 946 mmu.level_shift[0] = 12;
620 947 mmu.level_shift[1] = 22;
621 948 }
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
622 949
623 950 #endif /* __i386 */
624 951
625 952 for (i = 0; i < mmu.num_level; ++i) {
626 953 mmu.level_size[i] = 1UL << mmu.level_shift[i];
627 954 mmu.level_offset[i] = mmu.level_size[i] - 1;
628 955 mmu.level_mask[i] = ~mmu.level_offset[i];
629 956 }
630 957
631 958 set_max_page_level();
959 + mmu_calc_user_slots();
632 960
633 961 mmu_page_sizes = mmu.max_page_level + 1;
634 962 mmu_exported_page_sizes = mmu.umax_page_level + 1;
635 963
636 964 /* restrict legacy applications from using pagesizes 1g and above */
637 965 mmu_legacy_page_sizes =
638 966 (mmu_exported_page_sizes > 2) ? 2 : mmu_exported_page_sizes;
639 967
640 968
641 969 for (i = 0; i <= mmu.max_page_level; ++i) {
642 970 mmu.pte_bits[i] = PT_VALID | pt_kern;
643 971 if (i > 0)
644 972 mmu.pte_bits[i] |= PT_PAGESIZE;
645 973 }
646 974
647 975 /*
648 976 * NOTE Legacy 32 bit PAE mode only has the P_VALID bit at top level.
649 977 */
650 978 for (i = 1; i < mmu.num_level; ++i)
651 979 mmu.ptp_bits[i] = PT_PTPBITS;
652 980
653 981 #if defined(__i386)
654 982 mmu.ptp_bits[2] = PT_VALID;
655 983 #endif
656 984
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
657 985 /*
658 986 * Compute how many hash table entries to have per process for htables.
659 987 * We start with 1 page's worth of entries.
660 988 *
661 989 * If physical memory is small, reduce the amount need to cover it.
662 990 */
663 991 max_htables = physmax / mmu.ptes_per_table;
664 992 mmu.hash_cnt = MMU_PAGESIZE / sizeof (htable_t *);
665 993 while (mmu.hash_cnt > 16 && mmu.hash_cnt >= max_htables)
666 994 mmu.hash_cnt >>= 1;
667 - mmu.vlp_hash_cnt = mmu.hash_cnt;
995 + mmu.hat32_hash_cnt = mmu.hash_cnt;
668 996
669 997 #if defined(__amd64)
670 998 /*
671 999 * If running in 64 bits and physical memory is large,
672 1000 * increase the size of the cache to cover all of memory for
673 1001 * a 64 bit process.
674 1002 */
675 1003 #define HASH_MAX_LENGTH 4
676 1004 while (mmu.hash_cnt * HASH_MAX_LENGTH < max_htables)
677 1005 mmu.hash_cnt <<= 1;
678 1006 #endif
679 1007 }
680 1008
681 1009
682 1010 /*
683 1011 * initialize hat data structures
684 1012 */
685 1013 void
686 1014 hat_init()
687 1015 {
688 1016 #if defined(__i386)
689 1017 /*
690 1018 * _userlimit must be aligned correctly
691 1019 */
692 1020 if ((_userlimit & LEVEL_MASK(1)) != _userlimit) {
693 1021 prom_printf("hat_init(): _userlimit=%p, not aligned at %p\n",
694 1022 (void *)_userlimit, (void *)LEVEL_SIZE(1));
695 1023 halt("hat_init(): Unable to continue");
696 1024 }
697 1025 #endif
698 1026
699 1027 cv_init(&hat_list_cv, NULL, CV_DEFAULT, NULL);
700 1028
701 1029 /*
702 1030 * initialize kmem caches
703 1031 */
704 1032 htable_init();
705 1033 hment_init();
|
↓ open down ↓ |
28 lines elided |
↑ open up ↑ |
706 1034
707 1035 hat_cache = kmem_cache_create("hat_t",
708 1036 sizeof (hat_t), 0, hati_constructor, NULL, NULL,
709 1037 NULL, 0, 0);
710 1038
711 1039 hat_hash_cache = kmem_cache_create("HatHash",
712 1040 mmu.hash_cnt * sizeof (htable_t *), 0, NULL, NULL, NULL,
713 1041 NULL, 0, 0);
714 1042
715 1043 /*
716 - * VLP hats can use a smaller hash table size on large memroy machines
1044 + * 32-bit PCP hats can use a smaller hash table size on large memory
1045 + * machines
717 1046 */
718 - if (mmu.hash_cnt == mmu.vlp_hash_cnt) {
719 - vlp_hash_cache = hat_hash_cache;
1047 + if (mmu.hash_cnt == mmu.hat32_hash_cnt) {
1048 + hat32_hash_cache = hat_hash_cache;
720 1049 } else {
721 - vlp_hash_cache = kmem_cache_create("HatVlpHash",
722 - mmu.vlp_hash_cnt * sizeof (htable_t *), 0, NULL, NULL, NULL,
723 - NULL, 0, 0);
1050 + hat32_hash_cache = kmem_cache_create("Hat32Hash",
1051 + mmu.hat32_hash_cnt * sizeof (htable_t *), 0, NULL, NULL,
1052 + NULL, NULL, 0, 0);
724 1053 }
725 1054
726 1055 /*
727 1056 * Set up the kernel's hat
728 1057 */
729 1058 AS_LOCK_ENTER(&kas, RW_WRITER);
730 1059 kas.a_hat = kmem_cache_alloc(hat_cache, KM_NOSLEEP);
731 1060 mutex_init(&kas.a_hat->hat_mutex, NULL, MUTEX_DEFAULT, NULL);
732 1061 kas.a_hat->hat_as = &kas;
733 1062 kas.a_hat->hat_flags = 0;
734 1063 AS_LOCK_EXIT(&kas);
735 1064
736 1065 CPUSET_ZERO(khat_cpuset);
737 1066 CPUSET_ADD(khat_cpuset, CPU->cpu_id);
738 1067
739 1068 /*
1069 + * The kernel HAT doesn't use PCP regardless of architectures.
1070 + */
1071 + ASSERT3U(mmu.max_level, >, 0);
1072 + kas.a_hat->hat_max_level = mmu.max_level;
1073 + kas.a_hat->hat_num_copied = 0;
1074 +
1075 + /*
740 1076 * The kernel hat's next pointer serves as the head of the hat list .
741 1077 * The kernel hat's prev pointer tracks the last hat on the list for
742 1078 * htable_steal() to use.
743 1079 */
744 1080 kas.a_hat->hat_next = NULL;
745 1081 kas.a_hat->hat_prev = NULL;
746 1082
747 1083 /*
748 1084 * Allocate an htable hash bucket for the kernel
749 1085 * XX64 - tune for 64 bit procs
750 1086 */
751 1087 kas.a_hat->hat_num_hash = mmu.hash_cnt;
752 1088 kas.a_hat->hat_ht_hash = kmem_cache_alloc(hat_hash_cache, KM_NOSLEEP);
753 1089 bzero(kas.a_hat->hat_ht_hash, mmu.hash_cnt * sizeof (htable_t *));
754 1090
755 1091 /*
756 1092 * zero out the top level and cached htable pointers
757 1093 */
758 1094 kas.a_hat->hat_ht_cached = NULL;
759 1095 kas.a_hat->hat_htable = NULL;
760 1096
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
761 1097 /*
762 1098 * Pre-allocate hrm_hashtab before enabling the collection of
763 1099 * refmod statistics. Allocating on the fly would mean us
764 1100 * running the risk of suffering recursive mutex enters or
765 1101 * deadlocks.
766 1102 */
767 1103 hrm_hashtab = kmem_zalloc(HRM_HASHSIZE * sizeof (struct hrmstat *),
768 1104 KM_SLEEP);
769 1105 }
770 1106
1107 +
1108 +extern void kpti_tramp_start();
1109 +extern void kpti_tramp_end();
1110 +
1111 +extern void kdi_isr_start();
1112 +extern void kdi_isr_end();
1113 +
1114 +extern gate_desc_t kdi_idt[NIDT];
1115 +
771 1116 /*
772 - * Prepare CPU specific pagetables for VLP processes on 64 bit kernels.
1117 + * Prepare per-CPU pagetables for all processes on the 64 bit kernel.
773 1118 *
774 1119 * Each CPU has a set of 2 pagetables that are reused for any 32 bit
775 - * process it runs. They are the top level pagetable, hci_vlp_l3ptes, and
776 - * the next to top level table for the bottom 512 Gig, hci_vlp_l2ptes.
1120 + * process it runs. They are the top level pagetable, hci_pcp_l3ptes, and
1121 + * the next to top level table for the bottom 512 Gig, hci_pcp_l2ptes.
777 1122 */
778 1123 /*ARGSUSED*/
779 1124 static void
780 -hat_vlp_setup(struct cpu *cpu)
1125 +hat_pcp_setup(struct cpu *cpu)
781 1126 {
782 -#if defined(__amd64) && !defined(__xpv)
1127 +#if !defined(__xpv)
783 1128 struct hat_cpu_info *hci = cpu->cpu_hat_info;
784 - pfn_t pfn;
1129 + uintptr_t va;
1130 + size_t len;
785 1131
786 1132 /*
787 1133 * allocate the level==2 page table for the bottom most
788 1134 * 512Gig of address space (this is where 32 bit apps live)
789 1135 */
790 1136 ASSERT(hci != NULL);
791 - hci->hci_vlp_l2ptes = kmem_zalloc(MMU_PAGESIZE, KM_SLEEP);
1137 + hci->hci_pcp_l2ptes = kmem_zalloc(MMU_PAGESIZE, KM_SLEEP);
792 1138
793 1139 /*
794 1140 * Allocate a top level pagetable and copy the kernel's
795 - * entries into it. Then link in hci_vlp_l2ptes in the 1st entry.
1141 + * entries into it. Then link in hci_pcp_l2ptes in the 1st entry.
796 1142 */
797 - hci->hci_vlp_l3ptes = kmem_zalloc(MMU_PAGESIZE, KM_SLEEP);
798 - hci->hci_vlp_pfn =
799 - hat_getpfnum(kas.a_hat, (caddr_t)hci->hci_vlp_l3ptes);
800 - ASSERT(hci->hci_vlp_pfn != PFN_INVALID);
801 - bcopy(vlp_page, hci->hci_vlp_l3ptes, MMU_PAGESIZE);
1143 + hci->hci_pcp_l3ptes = kmem_zalloc(MMU_PAGESIZE, KM_SLEEP);
1144 + hci->hci_pcp_l3pfn =
1145 + hat_getpfnum(kas.a_hat, (caddr_t)hci->hci_pcp_l3ptes);
1146 + ASSERT3U(hci->hci_pcp_l3pfn, !=, PFN_INVALID);
1147 + bcopy(pcp_page, hci->hci_pcp_l3ptes, MMU_PAGESIZE);
802 1148
803 - pfn = hat_getpfnum(kas.a_hat, (caddr_t)hci->hci_vlp_l2ptes);
804 - ASSERT(pfn != PFN_INVALID);
805 - hci->hci_vlp_l3ptes[0] = MAKEPTP(pfn, 2);
806 -#endif /* __amd64 && !__xpv */
1149 + hci->hci_pcp_l2pfn =
1150 + hat_getpfnum(kas.a_hat, (caddr_t)hci->hci_pcp_l2ptes);
1151 + ASSERT3U(hci->hci_pcp_l2pfn, !=, PFN_INVALID);
1152 +
1153 + /*
1154 + * Now go through and allocate the user version of these structures.
1155 + * Unlike with the kernel version, we allocate a hat to represent the
1156 + * top-level page table as that will make it much simpler when we need
1157 + * to patch through user entries.
1158 + */
1159 + hci->hci_user_hat = hat_cpu_alloc(cpu);
1160 + hci->hci_user_l3pfn = hci->hci_user_hat->hat_htable->ht_pfn;
1161 + ASSERT3U(hci->hci_user_l3pfn, !=, PFN_INVALID);
1162 + hci->hci_user_l3ptes =
1163 + (x86pte_t *)hat_kpm_mapin_pfn(hci->hci_user_l3pfn);
1164 +
1165 + /* Skip the rest of this if KPTI is switched off at boot. */
1166 + if (kpti_enable != 1)
1167 + return;
1168 +
1169 + /*
1170 + * OK, now that we have this we need to go through and punch the normal
1171 + * holes in the CPU's hat for this. At this point we'll punch in the
1172 + * following:
1173 + *
1174 + * o GDT
1175 + * o IDT
1176 + * o LDT
1177 + * o Trampoline Code
1178 + * o machcpu KPTI page
1179 + * o kmdb ISR code page (just trampolines)
1180 + *
1181 + * If this is cpu0, then we also can initialize the following because
1182 + * they'll have already been allocated.
1183 + *
1184 + * o TSS for CPU 0
1185 + * o Double Fault for CPU 0
1186 + *
1187 + * The following items have yet to be allocated and have not been
1188 + * punched in yet. They will be punched in later:
1189 + *
1190 + * o TSS (mach_cpucontext_alloc_tables())
1191 + * o Double Fault Stack (mach_cpucontext_alloc_tables())
1192 + */
1193 + hati_cpu_punchin(cpu, (uintptr_t)cpu->cpu_gdt, PROT_READ);
1194 + hati_cpu_punchin(cpu, (uintptr_t)cpu->cpu_idt, PROT_READ);
1195 +
1196 + /*
1197 + * As the KDI IDT is only active during kmdb sessions (including single
1198 + * stepping), typically we don't actually need this punched in (we
1199 + * consider the routines that switch to the user cr3 to be toxic). But
1200 + * if we ever accidentally end up on the user cr3 while on this IDT,
1201 + * we'd prefer not to triple fault.
1202 + */
1203 + hati_cpu_punchin(cpu, (uintptr_t)&kdi_idt, PROT_READ);
1204 +
1205 + CTASSERT(((uintptr_t)&kpti_tramp_start % MMU_PAGESIZE) == 0);
1206 + CTASSERT(((uintptr_t)&kpti_tramp_end % MMU_PAGESIZE) == 0);
1207 + for (va = (uintptr_t)&kpti_tramp_start;
1208 + va < (uintptr_t)&kpti_tramp_end; va += MMU_PAGESIZE) {
1209 + hati_cpu_punchin(cpu, va, PROT_READ | PROT_EXEC);
1210 + }
1211 +
1212 + VERIFY3U(((uintptr_t)cpu->cpu_m.mcpu_ldt) % MMU_PAGESIZE, ==, 0);
1213 + for (va = (uintptr_t)cpu->cpu_m.mcpu_ldt, len = LDT_CPU_SIZE;
1214 + len >= MMU_PAGESIZE; va += MMU_PAGESIZE, len -= MMU_PAGESIZE) {
1215 + hati_cpu_punchin(cpu, va, PROT_READ);
1216 + }
1217 +
1218 + /* mcpu_pad2 is the start of the page containing the kpti_frames. */
1219 + hati_cpu_punchin(cpu, (uintptr_t)&cpu->cpu_m.mcpu_pad2[0],
1220 + PROT_READ | PROT_WRITE);
1221 +
1222 + if (cpu == &cpus[0]) {
1223 + /*
1224 + * CPU0 uses a global for its double fault stack to deal with
1225 + * the chicken and egg problem. We need to punch it into its
1226 + * user HAT.
1227 + */
1228 + extern char dblfault_stack0[];
1229 +
1230 + hati_cpu_punchin(cpu, (uintptr_t)cpu->cpu_m.mcpu_tss,
1231 + PROT_READ);
1232 +
1233 + for (va = (uintptr_t)dblfault_stack0,
1234 + len = DEFAULTSTKSZ; len >= MMU_PAGESIZE;
1235 + va += MMU_PAGESIZE, len -= MMU_PAGESIZE) {
1236 + hati_cpu_punchin(cpu, va, PROT_READ | PROT_WRITE);
1237 + }
1238 + }
1239 +
1240 + CTASSERT(((uintptr_t)&kdi_isr_start % MMU_PAGESIZE) == 0);
1241 + CTASSERT(((uintptr_t)&kdi_isr_end % MMU_PAGESIZE) == 0);
1242 + for (va = (uintptr_t)&kdi_isr_start;
1243 + va < (uintptr_t)&kdi_isr_end; va += MMU_PAGESIZE) {
1244 + hati_cpu_punchin(cpu, va, PROT_READ | PROT_EXEC);
1245 + }
1246 +#endif /* !__xpv */
807 1247 }
808 1248
809 1249 /*ARGSUSED*/
810 1250 static void
811 -hat_vlp_teardown(cpu_t *cpu)
1251 +hat_pcp_teardown(cpu_t *cpu)
812 1252 {
813 -#if defined(__amd64) && !defined(__xpv)
1253 +#if !defined(__xpv)
814 1254 struct hat_cpu_info *hci;
815 1255
816 1256 if ((hci = cpu->cpu_hat_info) == NULL)
817 1257 return;
818 - if (hci->hci_vlp_l2ptes)
819 - kmem_free(hci->hci_vlp_l2ptes, MMU_PAGESIZE);
820 - if (hci->hci_vlp_l3ptes)
821 - kmem_free(hci->hci_vlp_l3ptes, MMU_PAGESIZE);
1258 + if (hci->hci_pcp_l2ptes != NULL)
1259 + kmem_free(hci->hci_pcp_l2ptes, MMU_PAGESIZE);
1260 + if (hci->hci_pcp_l3ptes != NULL)
1261 + kmem_free(hci->hci_pcp_l3ptes, MMU_PAGESIZE);
1262 + if (hci->hci_user_hat != NULL) {
1263 + hat_free_start(hci->hci_user_hat);
1264 + hat_free_end(hci->hci_user_hat);
1265 + }
822 1266 #endif
823 1267 }
824 1268
825 1269 #define NEXT_HKR(r, l, s, e) { \
826 1270 kernel_ranges[r].hkr_level = l; \
827 1271 kernel_ranges[r].hkr_start_va = s; \
828 1272 kernel_ranges[r].hkr_end_va = e; \
829 1273 ++r; \
830 1274 }
831 1275
832 1276 /*
833 1277 * Finish filling in the kernel hat.
834 1278 * Pre fill in all top level kernel page table entries for the kernel's
835 1279 * part of the address range. From this point on we can't use any new
836 1280 * kernel large pages if they need PTE's at max_level
837 1281 *
838 1282 * create the kmap mappings.
839 1283 */
840 1284 void
841 1285 hat_init_finish(void)
842 1286 {
843 1287 size_t size;
844 1288 uint_t r = 0;
845 1289 uintptr_t va;
846 1290 hat_kernel_range_t *rp;
847 1291
848 1292
849 1293 /*
850 1294 * We are now effectively running on the kernel hat.
851 1295 * Clearing use_boot_reserve shuts off using the pre-allocated boot
852 1296 * reserve for all HAT allocations. From here on, the reserves are
853 1297 * only used when avoiding recursion in kmem_alloc().
854 1298 */
855 1299 use_boot_reserve = 0;
856 1300 htable_adjust_reserve();
857 1301
858 1302 /*
859 1303 * User HATs are initialized with copies of all kernel mappings in
860 1304 * higher level page tables. Ensure that those entries exist.
861 1305 */
862 1306 #if defined(__amd64)
863 1307
864 1308 NEXT_HKR(r, 3, kernelbase, 0);
865 1309 #if defined(__xpv)
866 1310 NEXT_HKR(r, 3, HYPERVISOR_VIRT_START, HYPERVISOR_VIRT_END);
867 1311 #endif
868 1312
869 1313 #elif defined(__i386)
870 1314
871 1315 #if !defined(__xpv)
872 1316 if (mmu.pae_hat) {
873 1317 va = kernelbase;
874 1318 if ((va & LEVEL_MASK(2)) != va) {
875 1319 va = P2ROUNDUP(va, LEVEL_SIZE(2));
876 1320 NEXT_HKR(r, 1, kernelbase, va);
877 1321 }
878 1322 if (va != 0)
879 1323 NEXT_HKR(r, 2, va, 0);
880 1324 } else
881 1325 #endif /* __xpv */
882 1326 NEXT_HKR(r, 1, kernelbase, 0);
883 1327
884 1328 #endif /* __i386 */
885 1329
886 1330 num_kernel_ranges = r;
887 1331
888 1332 /*
889 1333 * Create all the kernel pagetables that will have entries
890 1334 * shared to user HATs.
891 1335 */
892 1336 for (r = 0; r < num_kernel_ranges; ++r) {
893 1337 rp = &kernel_ranges[r];
894 1338 for (va = rp->hkr_start_va; va != rp->hkr_end_va;
895 1339 va += LEVEL_SIZE(rp->hkr_level)) {
896 1340 htable_t *ht;
897 1341
898 1342 if (IN_HYPERVISOR_VA(va))
899 1343 continue;
900 1344
901 1345 /* can/must skip if a page mapping already exists */
902 1346 if (rp->hkr_level <= mmu.max_page_level &&
903 1347 (ht = htable_getpage(kas.a_hat, va, NULL)) !=
904 1348 NULL) {
905 1349 htable_release(ht);
906 1350 continue;
|
↓ open down ↓ |
75 lines elided |
↑ open up ↑ |
907 1351 }
908 1352
909 1353 (void) htable_create(kas.a_hat, va, rp->hkr_level - 1,
910 1354 NULL);
911 1355 }
912 1356 }
913 1357
914 1358 /*
915 1359 * 32 bit PAE metal kernels use only 4 of the 512 entries in the
916 1360 * page holding the top level pagetable. We use the remainder for
917 - * the "per CPU" page tables for VLP processes.
1361 + * the "per CPU" page tables for PCP processes.
918 1362 * Map the top level kernel pagetable into the kernel to make
919 1363 * it easy to use bcopy access these tables.
1364 + *
1365 + * PAE is required for the 64-bit kernel which uses this as well to
1366 + * perform the per-CPU pagetables. See the big theory statement.
920 1367 */
921 1368 if (mmu.pae_hat) {
922 - vlp_page = vmem_alloc(heap_arena, MMU_PAGESIZE, VM_SLEEP);
923 - hat_devload(kas.a_hat, (caddr_t)vlp_page, MMU_PAGESIZE,
1369 + pcp_page = vmem_alloc(heap_arena, MMU_PAGESIZE, VM_SLEEP);
1370 + hat_devload(kas.a_hat, (caddr_t)pcp_page, MMU_PAGESIZE,
924 1371 kas.a_hat->hat_htable->ht_pfn,
925 1372 #if !defined(__xpv)
926 1373 PROT_WRITE |
927 1374 #endif
928 1375 PROT_READ | HAT_NOSYNC | HAT_UNORDERED_OK,
929 1376 HAT_LOAD | HAT_LOAD_NOCONSIST);
930 1377 }
931 - hat_vlp_setup(CPU);
1378 + hat_pcp_setup(CPU);
932 1379
933 1380 /*
934 1381 * Create kmap (cached mappings of kernel PTEs)
935 1382 * for 32 bit we map from segmap_start .. ekernelheap
936 1383 * for 64 bit we map from segmap_start .. segmap_start + segmapsize;
937 1384 */
938 1385 #if defined(__i386)
939 1386 size = (uintptr_t)ekernelheap - segmap_start;
940 1387 #elif defined(__amd64)
941 1388 size = segmapsize;
942 1389 #endif
943 1390 hat_kmap_init((uintptr_t)segmap_start, size);
1391 +
1392 +#if !defined(__xpv)
1393 + ASSERT3U(kas.a_hat->hat_htable->ht_pfn, !=, PFN_INVALID);
1394 + ASSERT3U(kpti_safe_cr3, ==,
1395 + MAKECR3(kas.a_hat->hat_htable->ht_pfn, PCID_KERNEL));
1396 +#endif
944 1397 }
945 1398
946 1399 /*
947 1400 * On 32 bit PAE mode, PTE's are 64 bits, but ordinary atomic memory references
948 1401 * are 32 bit, so for safety we must use atomic_cas_64() to install these.
949 1402 */
950 1403 #ifdef __i386
951 1404 static void
952 1405 reload_pae32(hat_t *hat, cpu_t *cpu)
953 1406 {
954 1407 x86pte_t *src;
955 1408 x86pte_t *dest;
956 1409 x86pte_t pte;
957 1410 int i;
958 1411
959 1412 /*
960 1413 * Load the 4 entries of the level 2 page table into this
961 - * cpu's range of the vlp_page and point cr3 at them.
1414 + * cpu's range of the pcp_page and point cr3 at them.
962 1415 */
963 1416 ASSERT(mmu.pae_hat);
964 - src = hat->hat_vlp_ptes;
965 - dest = vlp_page + (cpu->cpu_id + 1) * VLP_NUM_PTES;
966 - for (i = 0; i < VLP_NUM_PTES; ++i) {
1417 + src = hat->hat_copied_ptes;
1418 + dest = pcp_page + (cpu->cpu_id + 1) * MAX_COPIED_PTES;
1419 + for (i = 0; i < MAX_COPIED_PTES; ++i) {
967 1420 for (;;) {
968 1421 pte = dest[i];
969 1422 if (pte == src[i])
970 1423 break;
971 1424 if (atomic_cas_64(dest + i, pte, src[i]) != src[i])
972 1425 break;
973 1426 }
974 1427 }
975 1428 }
976 1429 #endif
977 1430
978 1431 /*
1432 + * Update the PCP data on the CPU cpu to the one on the hat. If this is a 32-bit
1433 + * process, then we must update the L2 pages and then the L3. If this is a
1434 + * 64-bit process then we must update the L3 entries.
1435 + */
1436 +static void
1437 +hat_pcp_update(cpu_t *cpu, const hat_t *hat)
1438 +{
1439 + ASSERT3U(hat->hat_flags & HAT_COPIED, !=, 0);
1440 +
1441 + if ((hat->hat_flags & HAT_COPIED_32) != 0) {
1442 + const x86pte_t *l2src;
1443 + x86pte_t *l2dst, *l3ptes, *l3uptes;
1444 + /*
1445 + * This is a 32-bit process. To set this up, we need to do the
1446 + * following:
1447 + *
1448 + * - Copy the 4 L2 PTEs into the dedicated L2 table
1449 + * - Zero the user L3 PTEs in the user and kernel page table
1450 + * - Set the first L3 PTE to point to the CPU L2 table
1451 + */
1452 + l2src = hat->hat_copied_ptes;
1453 + l2dst = cpu->cpu_hat_info->hci_pcp_l2ptes;
1454 + l3ptes = cpu->cpu_hat_info->hci_pcp_l3ptes;
1455 + l3uptes = cpu->cpu_hat_info->hci_user_l3ptes;
1456 +
1457 + l2dst[0] = l2src[0];
1458 + l2dst[1] = l2src[1];
1459 + l2dst[2] = l2src[2];
1460 + l2dst[3] = l2src[3];
1461 +
1462 + /*
1463 + * Make sure to use the mmu to get the number of slots. The
1464 + * number of PLP entries that this has will always be less as
1465 + * it's a 32-bit process.
1466 + */
1467 + bzero(l3ptes, sizeof (x86pte_t) * mmu.top_level_uslots);
1468 + l3ptes[0] = MAKEPTP(cpu->cpu_hat_info->hci_pcp_l2pfn, 2);
1469 + bzero(l3uptes, sizeof (x86pte_t) * mmu.top_level_uslots);
1470 + l3uptes[0] = MAKEPTP(cpu->cpu_hat_info->hci_pcp_l2pfn, 2);
1471 + } else {
1472 + /*
1473 + * This is a 64-bit process. To set this up, we need to do the
1474 + * following:
1475 + *
1476 + * - Zero the 4 L2 PTEs in the CPU structure for safety
1477 + * - Copy over the new user L3 PTEs into the kernel page table
1478 + * - Copy over the new user L3 PTEs into the user page table
1479 + */
1480 + ASSERT3S(kpti_enable, ==, 1);
1481 + bzero(cpu->cpu_hat_info->hci_pcp_l2ptes, sizeof (x86pte_t) * 4);
1482 + bcopy(hat->hat_copied_ptes, cpu->cpu_hat_info->hci_pcp_l3ptes,
1483 + sizeof (x86pte_t) * mmu.top_level_uslots);
1484 + bcopy(hat->hat_copied_ptes, cpu->cpu_hat_info->hci_user_l3ptes,
1485 + sizeof (x86pte_t) * mmu.top_level_uslots);
1486 + }
1487 +}
1488 +
1489 +static void
1490 +reset_kpti(struct kpti_frame *fr, uint64_t kcr3, uint64_t ucr3)
1491 +{
1492 + ASSERT3U(fr->kf_tr_flag, ==, 0);
1493 +#if DEBUG
1494 + if (fr->kf_kernel_cr3 != 0) {
1495 + ASSERT3U(fr->kf_lower_redzone, ==, 0xdeadbeefdeadbeef);
1496 + ASSERT3U(fr->kf_middle_redzone, ==, 0xdeadbeefdeadbeef);
1497 + ASSERT3U(fr->kf_upper_redzone, ==, 0xdeadbeefdeadbeef);
1498 + }
1499 +#endif
1500 +
1501 + bzero(fr, offsetof(struct kpti_frame, kf_kernel_cr3));
1502 + bzero(&fr->kf_unused, sizeof (struct kpti_frame) -
1503 + offsetof(struct kpti_frame, kf_unused));
1504 +
1505 + fr->kf_kernel_cr3 = kcr3;
1506 + fr->kf_user_cr3 = ucr3;
1507 + fr->kf_tr_ret_rsp = (uintptr_t)&fr->kf_tr_rsp;
1508 +
1509 + fr->kf_lower_redzone = 0xdeadbeefdeadbeef;
1510 + fr->kf_middle_redzone = 0xdeadbeefdeadbeef;
1511 + fr->kf_upper_redzone = 0xdeadbeefdeadbeef;
1512 +}
1513 +
1514 +#ifdef __xpv
1515 +static void
1516 +hat_switch_xen(hat_t *hat)
1517 +{
1518 + struct mmuext_op t[2];
1519 + uint_t retcnt;
1520 + uint_t opcnt = 1;
1521 + uint64_t newcr3;
1522 +
1523 + ASSERT(!(hat->hat_flags & HAT_COPIED));
1524 + ASSERT(!(getcr4() & CR4_PCIDE));
1525 +
1526 + newcr3 = MAKECR3((uint64_t)hat->hat_htable->ht_pfn, PCID_NONE);
1527 +
1528 + t[0].cmd = MMUEXT_NEW_BASEPTR;
1529 + t[0].arg1.mfn = mmu_btop(pa_to_ma(newcr3));
1530 +
1531 + /*
1532 + * There's an interesting problem here, as to what to actually specify
1533 + * when switching to the kernel hat. For now we'll reuse the kernel hat
1534 + * again.
1535 + */
1536 + t[1].cmd = MMUEXT_NEW_USER_BASEPTR;
1537 + if (hat == kas.a_hat)
1538 + t[1].arg1.mfn = mmu_btop(pa_to_ma(newcr3));
1539 + else
1540 + t[1].arg1.mfn = pfn_to_mfn(hat->hat_user_ptable);
1541 + ++opcnt;
1542 +
1543 + if (HYPERVISOR_mmuext_op(t, opcnt, &retcnt, DOMID_SELF) < 0)
1544 + panic("HYPERVISOR_mmu_update() failed");
1545 + ASSERT(retcnt == opcnt);
1546 +}
1547 +#endif /* __xpv */
1548 +
1549 +/*
979 1550 * Switch to a new active hat, maintaining bit masks to track active CPUs.
980 1551 *
981 - * On the 32-bit PAE hypervisor, %cr3 is a 64-bit value, on metal it
982 - * remains a 32-bit value.
1552 + * With KPTI, all our HATs except kas should be using PCP. Thus, to switch
1553 + * HATs, we need to copy over the new user PTEs, then set our trampoline context
1554 + * as appropriate.
1555 + *
1556 + * If lacking PCID, we then load our new cr3, which will flush the TLB: we may
1557 + * have established userspace TLB entries via kernel accesses, and these are no
1558 + * longer valid. We have to do this eagerly, as we just deleted this CPU from
1559 + * ->hat_cpus, so would no longer see any TLB shootdowns.
1560 + *
1561 + * With PCID enabled, things get a little more complicated. We would like to
1562 + * keep TLB context around when entering and exiting the kernel, and to do this,
1563 + * we partition the TLB into two different spaces:
1564 + *
1565 + * PCID_KERNEL is defined as zero, and used both by kas and all other address
1566 + * spaces while in the kernel (post-trampoline).
1567 + *
1568 + * PCID_USER is used while in userspace. Therefore, userspace cannot use any
1569 + * lingering PCID_KERNEL entries to kernel addresses it should not be able to
1570 + * read.
1571 + *
1572 + * The trampoline cr3s are set not to invalidate on a mov to %cr3. This means if
1573 + * we take a journey through the kernel without switching HATs, we have some
1574 + * hope of keeping our TLB state around.
1575 + *
1576 + * On a hat switch, rather than deal with any necessary flushes on the way out
1577 + * of the trampolines, we do them upfront here. If we're switching from kas, we
1578 + * shouldn't need any invalidation.
1579 + *
1580 + * Otherwise, we can have stale userspace entries for both PCID_USER (what
1581 + * happened before we move onto the kcr3) and PCID_KERNEL (any subsequent
1582 + * userspace accesses such as ddi_copyin()). Since setcr3() won't do these
1583 + * flushes on its own in PCIDE, we'll do a non-flushing load and then
1584 + * invalidate everything.
983 1585 */
984 1586 void
985 1587 hat_switch(hat_t *hat)
986 1588 {
987 - uint64_t newcr3;
988 - cpu_t *cpu = CPU;
989 - hat_t *old = cpu->cpu_current_hat;
1589 + cpu_t *cpu = CPU;
1590 + hat_t *old = cpu->cpu_current_hat;
990 1591
991 1592 /*
992 1593 * set up this information first, so we don't miss any cross calls
993 1594 */
994 1595 if (old != NULL) {
995 1596 if (old == hat)
996 1597 return;
997 1598 if (old != kas.a_hat)
998 1599 CPUSET_ATOMIC_DEL(old->hat_cpus, cpu->cpu_id);
999 1600 }
1000 1601
1001 1602 /*
1002 1603 * Add this CPU to the active set for this HAT.
1003 1604 */
1004 1605 if (hat != kas.a_hat) {
1005 1606 CPUSET_ATOMIC_ADD(hat->hat_cpus, cpu->cpu_id);
1006 1607 }
1007 1608 cpu->cpu_current_hat = hat;
1008 1609
1009 - /*
1010 - * now go ahead and load cr3
1011 - */
1012 - if (hat->hat_flags & HAT_VLP) {
1013 -#if defined(__amd64)
1014 - x86pte_t *vlpptep = cpu->cpu_hat_info->hci_vlp_l2ptes;
1610 +#if defined(__xpv)
1611 + hat_switch_xen(hat);
1612 +#else
1613 + struct hat_cpu_info *info = cpu->cpu_m.mcpu_hat_info;
1614 + uint64_t pcide = getcr4() & CR4_PCIDE;
1615 + uint64_t kcr3, ucr3;
1616 + pfn_t tl_kpfn;
1617 + ulong_t flag;
1015 1618
1016 - VLP_COPY(hat->hat_vlp_ptes, vlpptep);
1017 - newcr3 = MAKECR3(cpu->cpu_hat_info->hci_vlp_pfn);
1018 -#elif defined(__i386)
1019 - reload_pae32(hat, cpu);
1020 - newcr3 = MAKECR3(kas.a_hat->hat_htable->ht_pfn) +
1021 - (cpu->cpu_id + 1) * VLP_SIZE;
1022 -#endif
1619 + EQUIV(kpti_enable, !mmu.pt_global);
1620 +
1621 + if (hat->hat_flags & HAT_COPIED) {
1622 + hat_pcp_update(cpu, hat);
1623 + tl_kpfn = info->hci_pcp_l3pfn;
1023 1624 } else {
1024 - newcr3 = MAKECR3((uint64_t)hat->hat_htable->ht_pfn);
1625 + IMPLY(kpti_enable, hat == kas.a_hat);
1626 + tl_kpfn = hat->hat_htable->ht_pfn;
1025 1627 }
1026 -#ifdef __xpv
1027 - {
1028 - struct mmuext_op t[2];
1029 - uint_t retcnt;
1030 - uint_t opcnt = 1;
1031 1628
1032 - t[0].cmd = MMUEXT_NEW_BASEPTR;
1033 - t[0].arg1.mfn = mmu_btop(pa_to_ma(newcr3));
1034 -#if defined(__amd64)
1035 - /*
1036 - * There's an interesting problem here, as to what to
1037 - * actually specify when switching to the kernel hat.
1038 - * For now we'll reuse the kernel hat again.
1039 - */
1040 - t[1].cmd = MMUEXT_NEW_USER_BASEPTR;
1041 - if (hat == kas.a_hat)
1042 - t[1].arg1.mfn = mmu_btop(pa_to_ma(newcr3));
1043 - else
1044 - t[1].arg1.mfn = pfn_to_mfn(hat->hat_user_ptable);
1045 - ++opcnt;
1046 -#endif /* __amd64 */
1047 - if (HYPERVISOR_mmuext_op(t, opcnt, &retcnt, DOMID_SELF) < 0)
1048 - panic("HYPERVISOR_mmu_update() failed");
1049 - ASSERT(retcnt == opcnt);
1629 + if (pcide) {
1630 + ASSERT(kpti_enable);
1050 1631
1632 + kcr3 = MAKECR3(tl_kpfn, PCID_KERNEL) | CR3_NOINVL_BIT;
1633 + ucr3 = MAKECR3(info->hci_user_l3pfn, PCID_USER) |
1634 + CR3_NOINVL_BIT;
1635 +
1636 + setcr3(kcr3);
1637 + if (old != kas.a_hat)
1638 + mmu_flush_tlb(FLUSH_TLB_ALL, NULL);
1639 + } else {
1640 + kcr3 = MAKECR3(tl_kpfn, PCID_NONE);
1641 + ucr3 = kpti_enable ?
1642 + MAKECR3(info->hci_user_l3pfn, PCID_NONE) :
1643 + 0;
1644 +
1645 + setcr3(kcr3);
1051 1646 }
1052 -#else
1053 - setcr3(newcr3);
1054 -#endif
1647 +
1648 + /*
1649 + * We will already be taking shootdowns for our new HAT, and as KPTI
1650 + * invpcid emulation needs to use kf_user_cr3, make sure we don't get
1651 + * any cross calls while we're inconsistent. Note that it's harmless to
1652 + * have a *stale* kf_user_cr3 (we just did a FLUSH_TLB_ALL), but a
1653 + * *zero* kf_user_cr3 is not going to go very well.
1654 + */
1655 + if (pcide)
1656 + flag = intr_clear();
1657 +
1658 + reset_kpti(&cpu->cpu_m.mcpu_kpti, kcr3, ucr3);
1659 + reset_kpti(&cpu->cpu_m.mcpu_kpti_flt, kcr3, ucr3);
1660 + reset_kpti(&cpu->cpu_m.mcpu_kpti_dbg, kcr3, ucr3);
1661 +
1662 + if (pcide)
1663 + intr_restore(flag);
1664 +
1665 +#endif /* !__xpv */
1666 +
1055 1667 ASSERT(cpu == CPU);
1056 1668 }
1057 1669
1058 1670 /*
1059 1671 * Utility to return a valid x86pte_t from protections, pfn, and level number
1060 1672 */
1061 1673 static x86pte_t
1062 1674 hati_mkpte(pfn_t pfn, uint_t attr, level_t level, uint_t flags)
1063 1675 {
1064 1676 x86pte_t pte;
1065 1677 uint_t cache_attr = attr & HAT_ORDER_MASK;
1066 1678
1067 1679 pte = MAKEPTE(pfn, level);
1068 1680
1069 1681 if (attr & PROT_WRITE)
1070 1682 PTE_SET(pte, PT_WRITABLE);
1071 1683
1072 1684 if (attr & PROT_USER)
1073 1685 PTE_SET(pte, PT_USER);
1074 1686
1075 1687 if (!(attr & PROT_EXEC))
1076 1688 PTE_SET(pte, mmu.pt_nx);
1077 1689
1078 1690 /*
1079 1691 * Set the software bits used track ref/mod sync's and hments.
1080 1692 * If not using REF/MOD, set them to avoid h/w rewriting PTEs.
1081 1693 */
1082 1694 if (flags & HAT_LOAD_NOCONSIST)
1083 1695 PTE_SET(pte, PT_NOCONSIST | PT_REF | PT_MOD);
1084 1696 else if (attr & HAT_NOSYNC)
1085 1697 PTE_SET(pte, PT_NOSYNC | PT_REF | PT_MOD);
1086 1698
1087 1699 /*
1088 1700 * Set the caching attributes in the PTE. The combination
1089 1701 * of attributes are poorly defined, so we pay attention
1090 1702 * to them in the given order.
1091 1703 *
1092 1704 * The test for HAT_STRICTORDER is different because it's defined
1093 1705 * as "0" - which was a stupid thing to do, but is too late to change!
1094 1706 */
1095 1707 if (cache_attr == HAT_STRICTORDER) {
1096 1708 PTE_SET(pte, PT_NOCACHE);
1097 1709 /*LINTED [Lint hates empty ifs, but it's the obvious way to do this] */
1098 1710 } else if (cache_attr & (HAT_UNORDERED_OK | HAT_STORECACHING_OK)) {
1099 1711 /* nothing to set */;
1100 1712 } else if (cache_attr & (HAT_MERGING_OK | HAT_LOADCACHING_OK)) {
1101 1713 PTE_SET(pte, PT_NOCACHE);
1102 1714 if (is_x86_feature(x86_featureset, X86FSET_PAT))
1103 1715 PTE_SET(pte, (level == 0) ? PT_PAT_4K : PT_PAT_LARGE);
1104 1716 else
1105 1717 PTE_SET(pte, PT_WRITETHRU);
1106 1718 } else {
1107 1719 panic("hati_mkpte(): bad caching attributes: %x\n", cache_attr);
1108 1720 }
1109 1721
1110 1722 return (pte);
1111 1723 }
1112 1724
1113 1725 /*
1114 1726 * Duplicate address translations of the parent to the child.
1115 1727 * This function really isn't used anymore.
1116 1728 */
1117 1729 /*ARGSUSED*/
1118 1730 int
1119 1731 hat_dup(hat_t *old, hat_t *new, caddr_t addr, size_t len, uint_t flag)
1120 1732 {
1121 1733 ASSERT((uintptr_t)addr < kernelbase);
1122 1734 ASSERT(new != kas.a_hat);
1123 1735 ASSERT(old != kas.a_hat);
1124 1736 return (0);
1125 1737 }
1126 1738
1127 1739 /*
1128 1740 * Allocate any hat resources required for a process being swapped in.
1129 1741 */
1130 1742 /*ARGSUSED*/
1131 1743 void
1132 1744 hat_swapin(hat_t *hat)
1133 1745 {
1134 1746 /* do nothing - we let everything fault back in */
1135 1747 }
1136 1748
1137 1749 /*
1138 1750 * Unload all translations associated with an address space of a process
1139 1751 * that is being swapped out.
1140 1752 */
1141 1753 void
1142 1754 hat_swapout(hat_t *hat)
1143 1755 {
1144 1756 uintptr_t vaddr = (uintptr_t)0;
1145 1757 uintptr_t eaddr = _userlimit;
1146 1758 htable_t *ht = NULL;
1147 1759 level_t l;
1148 1760
1149 1761 XPV_DISALLOW_MIGRATE();
1150 1762 /*
1151 1763 * We can't just call hat_unload(hat, 0, _userlimit...) here, because
1152 1764 * seg_spt and shared pagetables can't be swapped out.
1153 1765 * Take a look at segspt_shmswapout() - it's a big no-op.
1154 1766 *
1155 1767 * Instead we'll walk through all the address space and unload
1156 1768 * any mappings which we are sure are not shared, not locked.
1157 1769 */
1158 1770 ASSERT(IS_PAGEALIGNED(vaddr));
1159 1771 ASSERT(IS_PAGEALIGNED(eaddr));
1160 1772 ASSERT(AS_LOCK_HELD(hat->hat_as));
1161 1773 if ((uintptr_t)hat->hat_as->a_userlimit < eaddr)
1162 1774 eaddr = (uintptr_t)hat->hat_as->a_userlimit;
1163 1775
1164 1776 while (vaddr < eaddr) {
1165 1777 (void) htable_walk(hat, &ht, &vaddr, eaddr);
1166 1778 if (ht == NULL)
1167 1779 break;
1168 1780
1169 1781 ASSERT(!IN_VA_HOLE(vaddr));
1170 1782
1171 1783 /*
1172 1784 * If the page table is shared skip its entire range.
1173 1785 */
1174 1786 l = ht->ht_level;
1175 1787 if (ht->ht_flags & HTABLE_SHARED_PFN) {
1176 1788 vaddr = ht->ht_vaddr + LEVEL_SIZE(l + 1);
1177 1789 htable_release(ht);
1178 1790 ht = NULL;
1179 1791 continue;
1180 1792 }
1181 1793
1182 1794 /*
1183 1795 * If the page table has no locked entries, unload this one.
1184 1796 */
1185 1797 if (ht->ht_lock_cnt == 0)
1186 1798 hat_unload(hat, (caddr_t)vaddr, LEVEL_SIZE(l),
1187 1799 HAT_UNLOAD_UNMAP);
1188 1800
1189 1801 /*
1190 1802 * If we have a level 0 page table with locked entries,
1191 1803 * skip the entire page table, otherwise skip just one entry.
1192 1804 */
1193 1805 if (ht->ht_lock_cnt > 0 && l == 0)
1194 1806 vaddr = ht->ht_vaddr + LEVEL_SIZE(1);
1195 1807 else
1196 1808 vaddr += LEVEL_SIZE(l);
1197 1809 }
1198 1810 if (ht)
1199 1811 htable_release(ht);
1200 1812
1201 1813 /*
1202 1814 * We're in swapout because the system is low on memory, so
1203 1815 * go back and flush all the htables off the cached list.
1204 1816 */
1205 1817 htable_purge_hat(hat);
1206 1818 XPV_ALLOW_MIGRATE();
1207 1819 }
1208 1820
1209 1821 /*
1210 1822 * returns number of bytes that have valid mappings in hat.
1211 1823 */
1212 1824 size_t
1213 1825 hat_get_mapped_size(hat_t *hat)
1214 1826 {
1215 1827 size_t total = 0;
1216 1828 int l;
1217 1829
1218 1830 for (l = 0; l <= mmu.max_page_level; l++)
1219 1831 total += (hat->hat_pages_mapped[l] << LEVEL_SHIFT(l));
1220 1832 total += hat->hat_ism_pgcnt;
1221 1833
1222 1834 return (total);
1223 1835 }
1224 1836
1225 1837 /*
1226 1838 * enable/disable collection of stats for hat.
1227 1839 */
1228 1840 int
1229 1841 hat_stats_enable(hat_t *hat)
1230 1842 {
1231 1843 atomic_inc_32(&hat->hat_stats);
1232 1844 return (1);
1233 1845 }
1234 1846
1235 1847 void
1236 1848 hat_stats_disable(hat_t *hat)
1237 1849 {
1238 1850 atomic_dec_32(&hat->hat_stats);
1239 1851 }
1240 1852
1241 1853 /*
1242 1854 * Utility to sync the ref/mod bits from a page table entry to the page_t
1243 1855 * We must be holding the mapping list lock when this is called.
1244 1856 */
1245 1857 static void
1246 1858 hati_sync_pte_to_page(page_t *pp, x86pte_t pte, level_t level)
1247 1859 {
1248 1860 uint_t rm = 0;
1249 1861 pgcnt_t pgcnt;
1250 1862
1251 1863 if (PTE_GET(pte, PT_SOFTWARE) >= PT_NOSYNC)
1252 1864 return;
1253 1865
1254 1866 if (PTE_GET(pte, PT_REF))
1255 1867 rm |= P_REF;
1256 1868
1257 1869 if (PTE_GET(pte, PT_MOD))
1258 1870 rm |= P_MOD;
1259 1871
1260 1872 if (rm == 0)
1261 1873 return;
1262 1874
1263 1875 /*
1264 1876 * sync to all constituent pages of a large page
1265 1877 */
1266 1878 ASSERT(x86_hm_held(pp));
1267 1879 pgcnt = page_get_pagecnt(level);
1268 1880 ASSERT(IS_P2ALIGNED(pp->p_pagenum, pgcnt));
1269 1881 for (; pgcnt > 0; --pgcnt) {
1270 1882 /*
1271 1883 * hat_page_demote() can't decrease
1272 1884 * pszc below this mapping size
1273 1885 * since this large mapping existed after we
1274 1886 * took mlist lock.
1275 1887 */
1276 1888 ASSERT(pp->p_szc >= level);
1277 1889 hat_page_setattr(pp, rm);
1278 1890 ++pp;
1279 1891 }
1280 1892 }
1281 1893
1282 1894 /*
1283 1895 * This the set of PTE bits for PFN, permissions and caching
1284 1896 * that are allowed to change on a HAT_LOAD_REMAP
1285 1897 */
1286 1898 #define PT_REMAP_BITS \
1287 1899 (PT_PADDR | PT_NX | PT_WRITABLE | PT_WRITETHRU | \
1288 1900 PT_NOCACHE | PT_PAT_4K | PT_PAT_LARGE | PT_IGNORE | PT_REF | PT_MOD)
1289 1901
1290 1902 #define REMAPASSERT(EX) if (!(EX)) panic("hati_pte_map: " #EX)
1291 1903 /*
1292 1904 * Do the low-level work to get a mapping entered into a HAT's pagetables
1293 1905 * and in the mapping list of the associated page_t.
1294 1906 */
1295 1907 static int
1296 1908 hati_pte_map(
1297 1909 htable_t *ht,
1298 1910 uint_t entry,
1299 1911 page_t *pp,
1300 1912 x86pte_t pte,
1301 1913 int flags,
1302 1914 void *pte_ptr)
1303 1915 {
1304 1916 hat_t *hat = ht->ht_hat;
1305 1917 x86pte_t old_pte;
1306 1918 level_t l = ht->ht_level;
1307 1919 hment_t *hm;
1308 1920 uint_t is_consist;
1309 1921 uint_t is_locked;
1310 1922 int rv = 0;
1311 1923
1312 1924 /*
1313 1925 * Is this a consistent (ie. need mapping list lock) mapping?
1314 1926 */
1315 1927 is_consist = (pp != NULL && (flags & HAT_LOAD_NOCONSIST) == 0);
1316 1928
1317 1929 /*
1318 1930 * Track locked mapping count in the htable. Do this first,
1319 1931 * as we track locking even if there already is a mapping present.
1320 1932 */
1321 1933 is_locked = (flags & HAT_LOAD_LOCK) != 0 && hat != kas.a_hat;
1322 1934 if (is_locked)
1323 1935 HTABLE_LOCK_INC(ht);
1324 1936
1325 1937 /*
1326 1938 * Acquire the page's mapping list lock and get an hment to use.
1327 1939 * Note that hment_prepare() might return NULL.
1328 1940 */
1329 1941 if (is_consist) {
1330 1942 x86_hm_enter(pp);
1331 1943 hm = hment_prepare(ht, entry, pp);
1332 1944 }
1333 1945
1334 1946 /*
1335 1947 * Set the new pte, retrieving the old one at the same time.
1336 1948 */
1337 1949 old_pte = x86pte_set(ht, entry, pte, pte_ptr);
1338 1950
1339 1951 /*
1340 1952 * Did we get a large page / page table collision?
1341 1953 */
1342 1954 if (old_pte == LPAGE_ERROR) {
1343 1955 if (is_locked)
1344 1956 HTABLE_LOCK_DEC(ht);
1345 1957 rv = -1;
1346 1958 goto done;
1347 1959 }
1348 1960
1349 1961 /*
1350 1962 * If the mapping didn't change there is nothing more to do.
1351 1963 */
1352 1964 if (PTE_EQUIV(pte, old_pte))
1353 1965 goto done;
1354 1966
1355 1967 /*
|
↓ open down ↓ |
291 lines elided |
↑ open up ↑ |
1356 1968 * Install a new mapping in the page's mapping list
1357 1969 */
1358 1970 if (!PTE_ISVALID(old_pte)) {
1359 1971 if (is_consist) {
1360 1972 hment_assign(ht, entry, pp, hm);
1361 1973 x86_hm_exit(pp);
1362 1974 } else {
1363 1975 ASSERT(flags & HAT_LOAD_NOCONSIST);
1364 1976 }
1365 1977 #if defined(__amd64)
1366 - if (ht->ht_flags & HTABLE_VLP) {
1978 + if (ht->ht_flags & HTABLE_COPIED) {
1367 1979 cpu_t *cpu = CPU;
1368 - x86pte_t *vlpptep = cpu->cpu_hat_info->hci_vlp_l2ptes;
1369 - VLP_COPY(hat->hat_vlp_ptes, vlpptep);
1980 + hat_pcp_update(cpu, hat);
1370 1981 }
1371 1982 #endif
1372 1983 HTABLE_INC(ht->ht_valid_cnt);
1373 1984 PGCNT_INC(hat, l);
1374 1985 return (rv);
1375 1986 }
1376 1987
1377 1988 /*
1378 1989 * Remap's are more complicated:
1379 1990 * - HAT_LOAD_REMAP must be specified if changing the pfn.
1380 1991 * We also require that NOCONSIST be specified.
1381 1992 * - Otherwise only permission or caching bits may change.
1382 1993 */
1383 1994 if (!PTE_ISPAGE(old_pte, l))
1384 1995 panic("non-null/page mapping pte=" FMT_PTE, old_pte);
1385 1996
1386 1997 if (PTE2PFN(old_pte, l) != PTE2PFN(pte, l)) {
1387 1998 REMAPASSERT(flags & HAT_LOAD_REMAP);
1388 1999 REMAPASSERT(flags & HAT_LOAD_NOCONSIST);
1389 2000 REMAPASSERT(PTE_GET(old_pte, PT_SOFTWARE) >= PT_NOCONSIST);
1390 2001 REMAPASSERT(pf_is_memory(PTE2PFN(old_pte, l)) ==
1391 2002 pf_is_memory(PTE2PFN(pte, l)));
1392 2003 REMAPASSERT(!is_consist);
1393 2004 }
1394 2005
1395 2006 /*
1396 2007 * We only let remaps change the certain bits in the PTE.
1397 2008 */
1398 2009 if (PTE_GET(old_pte, ~PT_REMAP_BITS) != PTE_GET(pte, ~PT_REMAP_BITS))
1399 2010 panic("remap bits changed: old_pte="FMT_PTE", pte="FMT_PTE"\n",
1400 2011 old_pte, pte);
1401 2012
1402 2013 /*
1403 2014 * We don't create any mapping list entries on a remap, so release
1404 2015 * any allocated hment after we drop the mapping list lock.
1405 2016 */
1406 2017 done:
1407 2018 if (is_consist) {
1408 2019 x86_hm_exit(pp);
1409 2020 if (hm != NULL)
1410 2021 hment_free(hm);
1411 2022 }
1412 2023 return (rv);
1413 2024 }
1414 2025
1415 2026 /*
1416 2027 * Internal routine to load a single page table entry. This only fails if
1417 2028 * we attempt to overwrite a page table link with a large page.
1418 2029 */
1419 2030 static int
1420 2031 hati_load_common(
1421 2032 hat_t *hat,
1422 2033 uintptr_t va,
1423 2034 page_t *pp,
1424 2035 uint_t attr,
1425 2036 uint_t flags,
1426 2037 level_t level,
1427 2038 pfn_t pfn)
1428 2039 {
1429 2040 htable_t *ht;
1430 2041 uint_t entry;
|
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
1431 2042 x86pte_t pte;
1432 2043 int rv = 0;
1433 2044
1434 2045 /*
1435 2046 * The number 16 is arbitrary and here to catch a recursion problem
1436 2047 * early before we blow out the kernel stack.
1437 2048 */
1438 2049 ++curthread->t_hatdepth;
1439 2050 ASSERT(curthread->t_hatdepth < 16);
1440 2051
1441 - ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
2052 + ASSERT(hat == kas.a_hat || (hat->hat_flags & HAT_PCP) != 0 ||
2053 + AS_LOCK_HELD(hat->hat_as));
1442 2054
1443 2055 if (flags & HAT_LOAD_SHARE)
1444 2056 hat->hat_flags |= HAT_SHARED;
1445 2057
1446 2058 /*
1447 2059 * Find the page table that maps this page if it already exists.
1448 2060 */
1449 2061 ht = htable_lookup(hat, va, level);
1450 2062
1451 2063 /*
1452 2064 * We must have HAT_LOAD_NOCONSIST if page_t is NULL.
1453 2065 */
1454 2066 if (pp == NULL)
1455 2067 flags |= HAT_LOAD_NOCONSIST;
1456 2068
1457 2069 if (ht == NULL) {
1458 2070 ht = htable_create(hat, va, level, NULL);
1459 2071 ASSERT(ht != NULL);
1460 2072 }
2073 + /*
2074 + * htable_va2entry checks this condition as well, but it won't include
2075 + * much useful info in the panic. So we do it in advance here to include
2076 + * all the context.
2077 + */
2078 + if (ht->ht_vaddr > va || va > HTABLE_LAST_PAGE(ht)) {
2079 + panic("hati_load_common: bad htable: va=%p, last page=%p, "
2080 + "ht->ht_vaddr=%p, ht->ht_level=%d", (void *)va,
2081 + (void *)HTABLE_LAST_PAGE(ht), (void *)ht->ht_vaddr,
2082 + (int)ht->ht_level);
2083 + }
1461 2084 entry = htable_va2entry(va, ht);
1462 2085
1463 2086 /*
1464 2087 * a bunch of paranoid error checking
1465 2088 */
1466 2089 ASSERT(ht->ht_busy > 0);
1467 - if (ht->ht_vaddr > va || va > HTABLE_LAST_PAGE(ht))
1468 - panic("hati_load_common: bad htable %p, va %p",
1469 - (void *)ht, (void *)va);
1470 2090 ASSERT(ht->ht_level == level);
1471 2091
1472 2092 /*
1473 2093 * construct the new PTE
1474 2094 */
1475 2095 if (hat == kas.a_hat)
1476 2096 attr &= ~PROT_USER;
1477 2097 pte = hati_mkpte(pfn, attr, level, flags);
1478 2098 if (hat == kas.a_hat && va >= kernelbase)
1479 2099 PTE_SET(pte, mmu.pt_global);
1480 2100
1481 2101 /*
1482 2102 * establish the mapping
1483 2103 */
1484 2104 rv = hati_pte_map(ht, entry, pp, pte, flags, NULL);
1485 2105
1486 2106 /*
1487 2107 * release the htable and any reserves
1488 2108 */
1489 2109 htable_release(ht);
1490 2110 --curthread->t_hatdepth;
1491 2111 return (rv);
1492 2112 }
1493 2113
1494 2114 /*
1495 2115 * special case of hat_memload to deal with some kernel addrs for performance
1496 2116 */
1497 2117 static void
1498 2118 hat_kmap_load(
1499 2119 caddr_t addr,
1500 2120 page_t *pp,
1501 2121 uint_t attr,
1502 2122 uint_t flags)
1503 2123 {
1504 2124 uintptr_t va = (uintptr_t)addr;
1505 2125 x86pte_t pte;
1506 2126 pfn_t pfn = page_pptonum(pp);
1507 2127 pgcnt_t pg_off = mmu_btop(va - mmu.kmap_addr);
1508 2128 htable_t *ht;
1509 2129 uint_t entry;
1510 2130 void *pte_ptr;
1511 2131
1512 2132 /*
1513 2133 * construct the requested PTE
1514 2134 */
1515 2135 attr &= ~PROT_USER;
1516 2136 attr |= HAT_STORECACHING_OK;
1517 2137 pte = hati_mkpte(pfn, attr, 0, flags);
1518 2138 PTE_SET(pte, mmu.pt_global);
1519 2139
1520 2140 /*
1521 2141 * Figure out the pte_ptr and htable and use common code to finish up
1522 2142 */
1523 2143 if (mmu.pae_hat)
1524 2144 pte_ptr = mmu.kmap_ptes + pg_off;
1525 2145 else
1526 2146 pte_ptr = (x86pte32_t *)mmu.kmap_ptes + pg_off;
1527 2147 ht = mmu.kmap_htables[(va - mmu.kmap_htables[0]->ht_vaddr) >>
1528 2148 LEVEL_SHIFT(1)];
1529 2149 entry = htable_va2entry(va, ht);
1530 2150 ++curthread->t_hatdepth;
1531 2151 ASSERT(curthread->t_hatdepth < 16);
1532 2152 (void) hati_pte_map(ht, entry, pp, pte, flags, pte_ptr);
1533 2153 --curthread->t_hatdepth;
1534 2154 }
1535 2155
1536 2156 /*
1537 2157 * hat_memload() - load a translation to the given page struct
1538 2158 *
1539 2159 * Flags for hat_memload/hat_devload/hat_*attr.
1540 2160 *
1541 2161 * HAT_LOAD Default flags to load a translation to the page.
1542 2162 *
1543 2163 * HAT_LOAD_LOCK Lock down mapping resources; hat_map(), hat_memload(),
1544 2164 * and hat_devload().
1545 2165 *
1546 2166 * HAT_LOAD_NOCONSIST Do not add mapping to page_t mapping list.
1547 2167 * sets PT_NOCONSIST
1548 2168 *
1549 2169 * HAT_LOAD_SHARE A flag to hat_memload() to indicate h/w page tables
1550 2170 * that map some user pages (not kas) is shared by more
1551 2171 * than one process (eg. ISM).
1552 2172 *
1553 2173 * HAT_LOAD_REMAP Reload a valid pte with a different page frame.
1554 2174 *
1555 2175 * HAT_NO_KALLOC Do not kmem_alloc while creating the mapping; at this
1556 2176 * point, it's setting up mapping to allocate internal
1557 2177 * hat layer data structures. This flag forces hat layer
1558 2178 * to tap its reserves in order to prevent infinite
1559 2179 * recursion.
1560 2180 *
1561 2181 * The following is a protection attribute (like PROT_READ, etc.)
1562 2182 *
1563 2183 * HAT_NOSYNC set PT_NOSYNC - this mapping's ref/mod bits
1564 2184 * are never cleared.
1565 2185 *
1566 2186 * Installing new valid PTE's and creation of the mapping list
1567 2187 * entry are controlled under the same lock. It's derived from the
1568 2188 * page_t being mapped.
1569 2189 */
1570 2190 static uint_t supported_memload_flags =
1571 2191 HAT_LOAD | HAT_LOAD_LOCK | HAT_LOAD_ADV | HAT_LOAD_NOCONSIST |
1572 2192 HAT_LOAD_SHARE | HAT_NO_KALLOC | HAT_LOAD_REMAP | HAT_LOAD_TEXT;
1573 2193
1574 2194 void
1575 2195 hat_memload(
1576 2196 hat_t *hat,
1577 2197 caddr_t addr,
1578 2198 page_t *pp,
1579 2199 uint_t attr,
1580 2200 uint_t flags)
1581 2201 {
1582 2202 uintptr_t va = (uintptr_t)addr;
1583 2203 level_t level = 0;
1584 2204 pfn_t pfn = page_pptonum(pp);
1585 2205
1586 2206 XPV_DISALLOW_MIGRATE();
1587 2207 ASSERT(IS_PAGEALIGNED(va));
1588 2208 ASSERT(hat == kas.a_hat || va < _userlimit);
1589 2209 ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
1590 2210 ASSERT((flags & supported_memload_flags) == flags);
1591 2211
1592 2212 ASSERT(!IN_VA_HOLE(va));
1593 2213 ASSERT(!PP_ISFREE(pp));
1594 2214
1595 2215 /*
1596 2216 * kernel address special case for performance.
1597 2217 */
1598 2218 if (mmu.kmap_addr <= va && va < mmu.kmap_eaddr) {
1599 2219 ASSERT(hat == kas.a_hat);
1600 2220 hat_kmap_load(addr, pp, attr, flags);
1601 2221 XPV_ALLOW_MIGRATE();
1602 2222 return;
1603 2223 }
1604 2224
1605 2225 /*
1606 2226 * This is used for memory with normal caching enabled, so
1607 2227 * always set HAT_STORECACHING_OK.
1608 2228 */
1609 2229 attr |= HAT_STORECACHING_OK;
1610 2230 if (hati_load_common(hat, va, pp, attr, flags, level, pfn) != 0)
1611 2231 panic("unexpected hati_load_common() failure");
1612 2232 XPV_ALLOW_MIGRATE();
1613 2233 }
1614 2234
1615 2235 /* ARGSUSED */
1616 2236 void
1617 2237 hat_memload_region(struct hat *hat, caddr_t addr, struct page *pp,
1618 2238 uint_t attr, uint_t flags, hat_region_cookie_t rcookie)
1619 2239 {
1620 2240 hat_memload(hat, addr, pp, attr, flags);
1621 2241 }
1622 2242
1623 2243 /*
1624 2244 * Load the given array of page structs using large pages when possible
1625 2245 */
1626 2246 void
1627 2247 hat_memload_array(
1628 2248 hat_t *hat,
1629 2249 caddr_t addr,
1630 2250 size_t len,
1631 2251 page_t **pages,
1632 2252 uint_t attr,
1633 2253 uint_t flags)
1634 2254 {
1635 2255 uintptr_t va = (uintptr_t)addr;
1636 2256 uintptr_t eaddr = va + len;
1637 2257 level_t level;
1638 2258 size_t pgsize;
1639 2259 pgcnt_t pgindx = 0;
1640 2260 pfn_t pfn;
1641 2261 pgcnt_t i;
1642 2262
1643 2263 XPV_DISALLOW_MIGRATE();
1644 2264 ASSERT(IS_PAGEALIGNED(va));
1645 2265 ASSERT(hat == kas.a_hat || va + len <= _userlimit);
1646 2266 ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
1647 2267 ASSERT((flags & supported_memload_flags) == flags);
1648 2268
1649 2269 /*
1650 2270 * memload is used for memory with full caching enabled, so
1651 2271 * set HAT_STORECACHING_OK.
1652 2272 */
1653 2273 attr |= HAT_STORECACHING_OK;
1654 2274
1655 2275 /*
1656 2276 * handle all pages using largest possible pagesize
1657 2277 */
1658 2278 while (va < eaddr) {
1659 2279 /*
1660 2280 * decide what level mapping to use (ie. pagesize)
1661 2281 */
1662 2282 pfn = page_pptonum(pages[pgindx]);
1663 2283 for (level = mmu.max_page_level; ; --level) {
1664 2284 pgsize = LEVEL_SIZE(level);
1665 2285 if (level == 0)
1666 2286 break;
1667 2287
1668 2288 if (!IS_P2ALIGNED(va, pgsize) ||
1669 2289 (eaddr - va) < pgsize ||
1670 2290 !IS_P2ALIGNED(pfn_to_pa(pfn), pgsize))
1671 2291 continue;
1672 2292
1673 2293 /*
1674 2294 * To use a large mapping of this size, all the
1675 2295 * pages we are passed must be sequential subpages
1676 2296 * of the large page.
1677 2297 * hat_page_demote() can't change p_szc because
1678 2298 * all pages are locked.
1679 2299 */
1680 2300 if (pages[pgindx]->p_szc >= level) {
1681 2301 for (i = 0; i < mmu_btop(pgsize); ++i) {
1682 2302 if (pfn + i !=
1683 2303 page_pptonum(pages[pgindx + i]))
1684 2304 break;
1685 2305 ASSERT(pages[pgindx + i]->p_szc >=
1686 2306 level);
1687 2307 ASSERT(pages[pgindx] + i ==
1688 2308 pages[pgindx + i]);
1689 2309 }
1690 2310 if (i == mmu_btop(pgsize)) {
1691 2311 #ifdef DEBUG
1692 2312 if (level == 2)
1693 2313 map1gcnt++;
1694 2314 #endif
1695 2315 break;
1696 2316 }
1697 2317 }
1698 2318 }
1699 2319
1700 2320 /*
1701 2321 * Load this page mapping. If the load fails, try a smaller
1702 2322 * pagesize.
1703 2323 */
1704 2324 ASSERT(!IN_VA_HOLE(va));
1705 2325 while (hati_load_common(hat, va, pages[pgindx], attr,
1706 2326 flags, level, pfn) != 0) {
1707 2327 if (level == 0)
1708 2328 panic("unexpected hati_load_common() failure");
1709 2329 --level;
1710 2330 pgsize = LEVEL_SIZE(level);
1711 2331 }
1712 2332
1713 2333 /*
1714 2334 * move to next page
1715 2335 */
1716 2336 va += pgsize;
1717 2337 pgindx += mmu_btop(pgsize);
1718 2338 }
1719 2339 XPV_ALLOW_MIGRATE();
1720 2340 }
1721 2341
1722 2342 /* ARGSUSED */
1723 2343 void
1724 2344 hat_memload_array_region(struct hat *hat, caddr_t addr, size_t len,
1725 2345 struct page **pps, uint_t attr, uint_t flags,
1726 2346 hat_region_cookie_t rcookie)
1727 2347 {
1728 2348 hat_memload_array(hat, addr, len, pps, attr, flags);
1729 2349 }
1730 2350
1731 2351 /*
1732 2352 * void hat_devload(hat, addr, len, pf, attr, flags)
1733 2353 * load/lock the given page frame number
1734 2354 *
1735 2355 * Advisory ordering attributes. Apply only to device mappings.
1736 2356 *
1737 2357 * HAT_STRICTORDER: the CPU must issue the references in order, as the
1738 2358 * programmer specified. This is the default.
1739 2359 * HAT_UNORDERED_OK: the CPU may reorder the references (this is all kinds
1740 2360 * of reordering; store or load with store or load).
1741 2361 * HAT_MERGING_OK: merging and batching: the CPU may merge individual stores
1742 2362 * to consecutive locations (for example, turn two consecutive byte
1743 2363 * stores into one halfword store), and it may batch individual loads
1744 2364 * (for example, turn two consecutive byte loads into one halfword load).
1745 2365 * This also implies re-ordering.
1746 2366 * HAT_LOADCACHING_OK: the CPU may cache the data it fetches and reuse it
1747 2367 * until another store occurs. The default is to fetch new data
1748 2368 * on every load. This also implies merging.
1749 2369 * HAT_STORECACHING_OK: the CPU may keep the data in the cache and push it to
1750 2370 * the device (perhaps with other data) at a later time. The default is
1751 2371 * to push the data right away. This also implies load caching.
1752 2372 *
1753 2373 * Equivalent of hat_memload(), but can be used for device memory where
1754 2374 * there are no page_t's and we support additional flags (write merging, etc).
1755 2375 * Note that we can have large page mappings with this interface.
1756 2376 */
1757 2377 int supported_devload_flags = HAT_LOAD | HAT_LOAD_LOCK |
1758 2378 HAT_LOAD_NOCONSIST | HAT_STRICTORDER | HAT_UNORDERED_OK |
1759 2379 HAT_MERGING_OK | HAT_LOADCACHING_OK | HAT_STORECACHING_OK;
1760 2380
1761 2381 void
1762 2382 hat_devload(
1763 2383 hat_t *hat,
1764 2384 caddr_t addr,
1765 2385 size_t len,
1766 2386 pfn_t pfn,
1767 2387 uint_t attr,
1768 2388 int flags)
1769 2389 {
1770 2390 uintptr_t va = ALIGN2PAGE(addr);
1771 2391 uintptr_t eva = va + len;
1772 2392 level_t level;
1773 2393 size_t pgsize;
1774 2394 page_t *pp;
1775 2395 int f; /* per PTE copy of flags - maybe modified */
1776 2396 uint_t a; /* per PTE copy of attr */
1777 2397
1778 2398 XPV_DISALLOW_MIGRATE();
1779 2399 ASSERT(IS_PAGEALIGNED(va));
1780 2400 ASSERT(hat == kas.a_hat || eva <= _userlimit);
1781 2401 ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
1782 2402 ASSERT((flags & supported_devload_flags) == flags);
1783 2403
1784 2404 /*
1785 2405 * handle all pages
1786 2406 */
1787 2407 while (va < eva) {
1788 2408
1789 2409 /*
1790 2410 * decide what level mapping to use (ie. pagesize)
1791 2411 */
1792 2412 for (level = mmu.max_page_level; ; --level) {
1793 2413 pgsize = LEVEL_SIZE(level);
1794 2414 if (level == 0)
1795 2415 break;
1796 2416 if (IS_P2ALIGNED(va, pgsize) &&
1797 2417 (eva - va) >= pgsize &&
1798 2418 IS_P2ALIGNED(pfn, mmu_btop(pgsize))) {
1799 2419 #ifdef DEBUG
1800 2420 if (level == 2)
1801 2421 map1gcnt++;
1802 2422 #endif
1803 2423 break;
1804 2424 }
1805 2425 }
1806 2426
1807 2427 /*
1808 2428 * If this is just memory then allow caching (this happens
1809 2429 * for the nucleus pages) - though HAT_PLAT_NOCACHE can be used
1810 2430 * to override that. If we don't have a page_t then make sure
1811 2431 * NOCONSIST is set.
1812 2432 */
1813 2433 a = attr;
1814 2434 f = flags;
1815 2435 if (!pf_is_memory(pfn))
1816 2436 f |= HAT_LOAD_NOCONSIST;
1817 2437 else if (!(a & HAT_PLAT_NOCACHE))
1818 2438 a |= HAT_STORECACHING_OK;
1819 2439
1820 2440 if (f & HAT_LOAD_NOCONSIST)
1821 2441 pp = NULL;
1822 2442 else
1823 2443 pp = page_numtopp_nolock(pfn);
1824 2444
1825 2445 /*
1826 2446 * Check to make sure we are really trying to map a valid
1827 2447 * memory page. The caller wishing to intentionally map
1828 2448 * free memory pages will have passed the HAT_LOAD_NOCONSIST
1829 2449 * flag, then pp will be NULL.
1830 2450 */
1831 2451 if (pp != NULL) {
1832 2452 if (PP_ISFREE(pp)) {
1833 2453 panic("hat_devload: loading "
1834 2454 "a mapping to free page %p", (void *)pp);
1835 2455 }
1836 2456
1837 2457 if (!PAGE_LOCKED(pp) && !PP_ISNORELOC(pp)) {
1838 2458 panic("hat_devload: loading a mapping "
1839 2459 "to an unlocked page %p",
1840 2460 (void *)pp);
1841 2461 }
1842 2462 }
1843 2463
1844 2464 /*
1845 2465 * load this page mapping
1846 2466 */
1847 2467 ASSERT(!IN_VA_HOLE(va));
1848 2468 while (hati_load_common(hat, va, pp, a, f, level, pfn) != 0) {
1849 2469 if (level == 0)
1850 2470 panic("unexpected hati_load_common() failure");
1851 2471 --level;
1852 2472 pgsize = LEVEL_SIZE(level);
1853 2473 }
1854 2474
1855 2475 /*
1856 2476 * move to next page
1857 2477 */
1858 2478 va += pgsize;
1859 2479 pfn += mmu_btop(pgsize);
1860 2480 }
1861 2481 XPV_ALLOW_MIGRATE();
1862 2482 }
1863 2483
1864 2484 /*
1865 2485 * void hat_unlock(hat, addr, len)
1866 2486 * unlock the mappings to a given range of addresses
1867 2487 *
1868 2488 * Locks are tracked by ht_lock_cnt in the htable.
1869 2489 */
1870 2490 void
1871 2491 hat_unlock(hat_t *hat, caddr_t addr, size_t len)
1872 2492 {
1873 2493 uintptr_t vaddr = (uintptr_t)addr;
1874 2494 uintptr_t eaddr = vaddr + len;
1875 2495 htable_t *ht = NULL;
1876 2496
1877 2497 /*
1878 2498 * kernel entries are always locked, we don't track lock counts
1879 2499 */
1880 2500 ASSERT(hat == kas.a_hat || eaddr <= _userlimit);
1881 2501 ASSERT(IS_PAGEALIGNED(vaddr));
1882 2502 ASSERT(IS_PAGEALIGNED(eaddr));
1883 2503 if (hat == kas.a_hat)
1884 2504 return;
1885 2505 if (eaddr > _userlimit)
1886 2506 panic("hat_unlock() address out of range - above _userlimit");
1887 2507
1888 2508 XPV_DISALLOW_MIGRATE();
1889 2509 ASSERT(AS_LOCK_HELD(hat->hat_as));
1890 2510 while (vaddr < eaddr) {
1891 2511 (void) htable_walk(hat, &ht, &vaddr, eaddr);
1892 2512 if (ht == NULL)
1893 2513 break;
1894 2514
1895 2515 ASSERT(!IN_VA_HOLE(vaddr));
1896 2516
1897 2517 if (ht->ht_lock_cnt < 1)
1898 2518 panic("hat_unlock(): lock_cnt < 1, "
1899 2519 "htable=%p, vaddr=%p\n", (void *)ht, (void *)vaddr);
1900 2520 HTABLE_LOCK_DEC(ht);
1901 2521
1902 2522 vaddr += LEVEL_SIZE(ht->ht_level);
1903 2523 }
1904 2524 if (ht)
1905 2525 htable_release(ht);
1906 2526 XPV_ALLOW_MIGRATE();
1907 2527 }
1908 2528
|
↓ open down ↓ |
429 lines elided |
↑ open up ↑ |
1909 2529 /* ARGSUSED */
1910 2530 void
1911 2531 hat_unlock_region(struct hat *hat, caddr_t addr, size_t len,
1912 2532 hat_region_cookie_t rcookie)
1913 2533 {
1914 2534 panic("No shared region support on x86");
1915 2535 }
1916 2536
1917 2537 #if !defined(__xpv)
1918 2538 /*
1919 - * Cross call service routine to demap a virtual page on
1920 - * the current CPU or flush all mappings in TLB.
2539 + * Cross call service routine to demap a range of virtual
2540 + * pages on the current CPU or flush all mappings in TLB.
1921 2541 */
1922 -/*ARGSUSED*/
1923 2542 static int
1924 2543 hati_demap_func(xc_arg_t a1, xc_arg_t a2, xc_arg_t a3)
1925 2544 {
1926 - hat_t *hat = (hat_t *)a1;
1927 - caddr_t addr = (caddr_t)a2;
1928 - size_t len = (size_t)a3;
2545 + _NOTE(ARGUNUSED(a3));
2546 + hat_t *hat = (hat_t *)a1;
2547 + tlb_range_t *range = (tlb_range_t *)a2;
1929 2548
1930 2549 /*
1931 2550 * If the target hat isn't the kernel and this CPU isn't operating
1932 2551 * in the target hat, we can ignore the cross call.
1933 2552 */
1934 2553 if (hat != kas.a_hat && hat != CPU->cpu_current_hat)
1935 2554 return (0);
1936 2555
1937 - /*
1938 - * For a normal address, we flush a range of contiguous mappings
1939 - */
1940 - if ((uintptr_t)addr != DEMAP_ALL_ADDR) {
1941 - for (size_t i = 0; i < len; i += MMU_PAGESIZE)
1942 - mmu_tlbflush_entry(addr + i);
2556 + if (range->tr_va != DEMAP_ALL_ADDR) {
2557 + mmu_flush_tlb(FLUSH_TLB_RANGE, range);
1943 2558 return (0);
1944 2559 }
1945 2560
1946 2561 /*
1947 - * Otherwise we reload cr3 to effect a complete TLB flush.
2562 + * We are flushing all of userspace.
1948 2563 *
1949 - * A reload of cr3 on a VLP process also means we must also recopy in
1950 - * the pte values from the struct hat
2564 + * When using PCP, we first need to update this CPU's idea of the PCP
2565 + * PTEs.
1951 2566 */
1952 - if (hat->hat_flags & HAT_VLP) {
2567 + if (hat->hat_flags & HAT_COPIED) {
1953 2568 #if defined(__amd64)
1954 - x86pte_t *vlpptep = CPU->cpu_hat_info->hci_vlp_l2ptes;
1955 -
1956 - VLP_COPY(hat->hat_vlp_ptes, vlpptep);
2569 + hat_pcp_update(CPU, hat);
1957 2570 #elif defined(__i386)
1958 2571 reload_pae32(hat, CPU);
1959 2572 #endif
1960 2573 }
1961 - reload_cr3();
2574 +
2575 + mmu_flush_tlb(FLUSH_TLB_NONGLOBAL, NULL);
1962 2576 return (0);
1963 2577 }
1964 2578
1965 -/*
1966 - * Flush all TLB entries, including global (ie. kernel) ones.
1967 - */
1968 -static void
1969 -flush_all_tlb_entries(void)
1970 -{
1971 - ulong_t cr4 = getcr4();
1972 -
1973 - if (cr4 & CR4_PGE) {
1974 - setcr4(cr4 & ~(ulong_t)CR4_PGE);
1975 - setcr4(cr4);
1976 -
1977 - /*
1978 - * 32 bit PAE also needs to always reload_cr3()
1979 - */
1980 - if (mmu.max_level == 2)
1981 - reload_cr3();
1982 - } else {
1983 - reload_cr3();
1984 - }
1985 -}
1986 -
1987 -#define TLB_CPU_HALTED (01ul)
1988 -#define TLB_INVAL_ALL (02ul)
2579 +#define TLBIDLE_CPU_HALTED (0x1UL)
2580 +#define TLBIDLE_INVAL_ALL (0x2UL)
1989 2581 #define CAS_TLB_INFO(cpu, old, new) \
1990 2582 atomic_cas_ulong((ulong_t *)&(cpu)->cpu_m.mcpu_tlb_info, (old), (new))
1991 2583
1992 2584 /*
1993 2585 * Record that a CPU is going idle
1994 2586 */
1995 2587 void
1996 2588 tlb_going_idle(void)
1997 2589 {
1998 - atomic_or_ulong((ulong_t *)&CPU->cpu_m.mcpu_tlb_info, TLB_CPU_HALTED);
2590 + atomic_or_ulong((ulong_t *)&CPU->cpu_m.mcpu_tlb_info,
2591 + TLBIDLE_CPU_HALTED);
1999 2592 }
2000 2593
2001 2594 /*
2002 2595 * Service a delayed TLB flush if coming out of being idle.
2003 2596 * It will be called from cpu idle notification with interrupt disabled.
2004 2597 */
2005 2598 void
2006 2599 tlb_service(void)
2007 2600 {
2008 2601 ulong_t tlb_info;
2009 2602 ulong_t found;
2010 2603
2011 2604 /*
2012 2605 * We only have to do something if coming out of being idle.
2013 2606 */
2014 2607 tlb_info = CPU->cpu_m.mcpu_tlb_info;
2015 - if (tlb_info & TLB_CPU_HALTED) {
2608 + if (tlb_info & TLBIDLE_CPU_HALTED) {
2016 2609 ASSERT(CPU->cpu_current_hat == kas.a_hat);
2017 2610
2018 2611 /*
2019 2612 * Atomic clear and fetch of old state.
2020 2613 */
2021 2614 while ((found = CAS_TLB_INFO(CPU, tlb_info, 0)) != tlb_info) {
2022 - ASSERT(found & TLB_CPU_HALTED);
2615 + ASSERT(found & TLBIDLE_CPU_HALTED);
2023 2616 tlb_info = found;
2024 2617 SMT_PAUSE();
2025 2618 }
2026 - if (tlb_info & TLB_INVAL_ALL)
2027 - flush_all_tlb_entries();
2619 + if (tlb_info & TLBIDLE_INVAL_ALL)
2620 + mmu_flush_tlb(FLUSH_TLB_ALL, NULL);
2028 2621 }
2029 2622 }
2030 2623 #endif /* !__xpv */
2031 2624
2032 2625 /*
2033 2626 * Internal routine to do cross calls to invalidate a range of pages on
2034 2627 * all CPUs using a given hat.
2035 2628 */
2036 2629 void
2037 -hat_tlb_inval_range(hat_t *hat, uintptr_t va, size_t len)
2630 +hat_tlb_inval_range(hat_t *hat, tlb_range_t *in_range)
2038 2631 {
2039 2632 extern int flushes_require_xcalls; /* from mp_startup.c */
2040 2633 cpuset_t justme;
2041 2634 cpuset_t cpus_to_shootdown;
2635 + tlb_range_t range = *in_range;
2042 2636 #ifndef __xpv
2043 2637 cpuset_t check_cpus;
2044 2638 cpu_t *cpup;
2045 2639 int c;
2046 2640 #endif
2047 2641
2048 2642 /*
2049 2643 * If the hat is being destroyed, there are no more users, so
2050 2644 * demap need not do anything.
2051 2645 */
2052 2646 if (hat->hat_flags & HAT_FREEING)
2053 2647 return;
2054 2648
2055 2649 /*
2056 2650 * If demapping from a shared pagetable, we best demap the
2057 2651 * entire set of user TLBs, since we don't know what addresses
2058 2652 * these were shared at.
2059 2653 */
2060 2654 if (hat->hat_flags & HAT_SHARED) {
2061 2655 hat = kas.a_hat;
2062 - va = DEMAP_ALL_ADDR;
2656 + range.tr_va = DEMAP_ALL_ADDR;
2063 2657 }
2064 2658
2065 2659 /*
2066 2660 * if not running with multiple CPUs, don't use cross calls
2067 2661 */
2068 2662 if (panicstr || !flushes_require_xcalls) {
2069 2663 #ifdef __xpv
2070 - if (va == DEMAP_ALL_ADDR) {
2664 + if (range.tr_va == DEMAP_ALL_ADDR) {
2071 2665 xen_flush_tlb();
2072 2666 } else {
2073 - for (size_t i = 0; i < len; i += MMU_PAGESIZE)
2074 - xen_flush_va((caddr_t)(va + i));
2667 + for (size_t i = 0; i < TLB_RANGE_LEN(&range);
2668 + i += MMU_PAGESIZE) {
2669 + xen_flush_va((caddr_t)(range.tr_va + i));
2670 + }
2075 2671 }
2076 2672 #else
2077 - (void) hati_demap_func((xc_arg_t)hat,
2078 - (xc_arg_t)va, (xc_arg_t)len);
2673 + (void) hati_demap_func((xc_arg_t)hat, (xc_arg_t)&range, 0);
2079 2674 #endif
2080 2675 return;
2081 2676 }
2082 2677
2083 2678
2084 2679 /*
2085 2680 * Determine CPUs to shootdown. Kernel changes always do all CPUs.
2086 2681 * Otherwise it's just CPUs currently executing in this hat.
2087 2682 */
2088 2683 kpreempt_disable();
2089 2684 CPUSET_ONLY(justme, CPU->cpu_id);
2090 2685 if (hat == kas.a_hat)
2091 2686 cpus_to_shootdown = khat_cpuset;
2092 2687 else
2093 2688 cpus_to_shootdown = hat->hat_cpus;
2094 2689
2095 2690 #ifndef __xpv
2096 2691 /*
2097 2692 * If any CPUs in the set are idle, just request a delayed flush
2098 2693 * and avoid waking them up.
2099 2694 */
2100 2695 check_cpus = cpus_to_shootdown;
2101 2696 for (c = 0; c < NCPU && !CPUSET_ISNULL(check_cpus); ++c) {
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
2102 2697 ulong_t tlb_info;
2103 2698
2104 2699 if (!CPU_IN_SET(check_cpus, c))
2105 2700 continue;
2106 2701 CPUSET_DEL(check_cpus, c);
2107 2702 cpup = cpu[c];
2108 2703 if (cpup == NULL)
2109 2704 continue;
2110 2705
2111 2706 tlb_info = cpup->cpu_m.mcpu_tlb_info;
2112 - while (tlb_info == TLB_CPU_HALTED) {
2113 - (void) CAS_TLB_INFO(cpup, TLB_CPU_HALTED,
2114 - TLB_CPU_HALTED | TLB_INVAL_ALL);
2707 + while (tlb_info == TLBIDLE_CPU_HALTED) {
2708 + (void) CAS_TLB_INFO(cpup, TLBIDLE_CPU_HALTED,
2709 + TLBIDLE_CPU_HALTED | TLBIDLE_INVAL_ALL);
2115 2710 SMT_PAUSE();
2116 2711 tlb_info = cpup->cpu_m.mcpu_tlb_info;
2117 2712 }
2118 - if (tlb_info == (TLB_CPU_HALTED | TLB_INVAL_ALL)) {
2713 + if (tlb_info == (TLBIDLE_CPU_HALTED | TLBIDLE_INVAL_ALL)) {
2119 2714 HATSTAT_INC(hs_tlb_inval_delayed);
2120 2715 CPUSET_DEL(cpus_to_shootdown, c);
2121 2716 }
2122 2717 }
2123 2718 #endif
2124 2719
2125 2720 if (CPUSET_ISNULL(cpus_to_shootdown) ||
2126 2721 CPUSET_ISEQUAL(cpus_to_shootdown, justme)) {
2127 2722
2128 2723 #ifdef __xpv
2129 - if (va == DEMAP_ALL_ADDR) {
2724 + if (range.tr_va == DEMAP_ALL_ADDR) {
2130 2725 xen_flush_tlb();
2131 2726 } else {
2132 - for (size_t i = 0; i < len; i += MMU_PAGESIZE)
2133 - xen_flush_va((caddr_t)(va + i));
2727 + for (size_t i = 0; i < TLB_RANGE_LEN(&range);
2728 + i += MMU_PAGESIZE) {
2729 + xen_flush_va((caddr_t)(range.tr_va + i));
2730 + }
2134 2731 }
2135 2732 #else
2136 - (void) hati_demap_func((xc_arg_t)hat,
2137 - (xc_arg_t)va, (xc_arg_t)len);
2733 + (void) hati_demap_func((xc_arg_t)hat, (xc_arg_t)&range, 0);
2138 2734 #endif
2139 2735
2140 2736 } else {
2141 2737
2142 2738 CPUSET_ADD(cpus_to_shootdown, CPU->cpu_id);
2143 2739 #ifdef __xpv
2144 - if (va == DEMAP_ALL_ADDR) {
2740 + if (range.tr_va == DEMAP_ALL_ADDR) {
2145 2741 xen_gflush_tlb(cpus_to_shootdown);
2146 2742 } else {
2147 - for (size_t i = 0; i < len; i += MMU_PAGESIZE) {
2148 - xen_gflush_va((caddr_t)(va + i),
2743 + for (size_t i = 0; i < TLB_RANGE_LEN(&range);
2744 + i += MMU_PAGESIZE) {
2745 + xen_gflush_va((caddr_t)(range.tr_va + i),
2149 2746 cpus_to_shootdown);
2150 2747 }
2151 2748 }
2152 2749 #else
2153 - xc_call((xc_arg_t)hat, (xc_arg_t)va, (xc_arg_t)len,
2750 + xc_call((xc_arg_t)hat, (xc_arg_t)&range, 0,
2154 2751 CPUSET2BV(cpus_to_shootdown), hati_demap_func);
2155 2752 #endif
2156 2753
2157 2754 }
2158 2755 kpreempt_enable();
2159 2756 }
2160 2757
2161 2758 void
2162 2759 hat_tlb_inval(hat_t *hat, uintptr_t va)
2163 2760 {
2164 - hat_tlb_inval_range(hat, va, MMU_PAGESIZE);
2761 + /*
2762 + * Create range for a single page.
2763 + */
2764 + tlb_range_t range;
2765 + range.tr_va = va;
2766 + range.tr_cnt = 1; /* one page */
2767 + range.tr_level = MIN_PAGE_LEVEL; /* pages are MMU_PAGESIZE */
2768 +
2769 + hat_tlb_inval_range(hat, &range);
2165 2770 }
2166 2771
2167 2772 /*
2168 2773 * Interior routine for HAT_UNLOADs from hat_unload_callback(),
2169 2774 * hat_kmap_unload() OR from hat_steal() code. This routine doesn't
2170 2775 * handle releasing of the htables.
2171 2776 */
2172 2777 void
2173 2778 hat_pte_unmap(
2174 2779 htable_t *ht,
2175 2780 uint_t entry,
2176 2781 uint_t flags,
2177 2782 x86pte_t old_pte,
2178 2783 void *pte_ptr,
2179 2784 boolean_t tlb)
2180 2785 {
2181 2786 hat_t *hat = ht->ht_hat;
2182 2787 hment_t *hm = NULL;
2183 2788 page_t *pp = NULL;
2184 2789 level_t l = ht->ht_level;
2185 2790 pfn_t pfn;
2186 2791
2187 2792 /*
2188 2793 * We always track the locking counts, even if nothing is unmapped
2189 2794 */
2190 2795 if ((flags & HAT_UNLOAD_UNLOCK) != 0 && hat != kas.a_hat) {
2191 2796 ASSERT(ht->ht_lock_cnt > 0);
2192 2797 HTABLE_LOCK_DEC(ht);
2193 2798 }
2194 2799
2195 2800 /*
2196 2801 * Figure out which page's mapping list lock to acquire using the PFN
2197 2802 * passed in "old" PTE. We then attempt to invalidate the PTE.
2198 2803 * If another thread, probably a hat_pageunload, has asynchronously
2199 2804 * unmapped/remapped this address we'll loop here.
2200 2805 */
2201 2806 ASSERT(ht->ht_busy > 0);
2202 2807 while (PTE_ISVALID(old_pte)) {
2203 2808 pfn = PTE2PFN(old_pte, l);
2204 2809 if (PTE_GET(old_pte, PT_SOFTWARE) >= PT_NOCONSIST) {
2205 2810 pp = NULL;
2206 2811 } else {
2207 2812 #ifdef __xpv
2208 2813 if (pfn == PFN_INVALID)
2209 2814 panic("Invalid PFN, but not PT_NOCONSIST");
2210 2815 #endif
2211 2816 pp = page_numtopp_nolock(pfn);
2212 2817 if (pp == NULL) {
2213 2818 panic("no page_t, not NOCONSIST: old_pte="
2214 2819 FMT_PTE " ht=%lx entry=0x%x pte_ptr=%lx",
2215 2820 old_pte, (uintptr_t)ht, entry,
2216 2821 (uintptr_t)pte_ptr);
2217 2822 }
2218 2823 x86_hm_enter(pp);
2219 2824 }
2220 2825
2221 2826 old_pte = x86pte_inval(ht, entry, old_pte, pte_ptr, tlb);
2222 2827
2223 2828 /*
2224 2829 * If the page hadn't changed we've unmapped it and can proceed
2225 2830 */
2226 2831 if (PTE_ISVALID(old_pte) && PTE2PFN(old_pte, l) == pfn)
2227 2832 break;
2228 2833
2229 2834 /*
2230 2835 * Otherwise, we'll have to retry with the current old_pte.
2231 2836 * Drop the hment lock, since the pfn may have changed.
2232 2837 */
2233 2838 if (pp != NULL) {
2234 2839 x86_hm_exit(pp);
2235 2840 pp = NULL;
2236 2841 } else {
2237 2842 ASSERT(PTE_GET(old_pte, PT_SOFTWARE) >= PT_NOCONSIST);
2238 2843 }
2239 2844 }
2240 2845
2241 2846 /*
2242 2847 * If the old mapping wasn't valid, there's nothing more to do
2243 2848 */
2244 2849 if (!PTE_ISVALID(old_pte)) {
2245 2850 if (pp != NULL)
2246 2851 x86_hm_exit(pp);
2247 2852 return;
2248 2853 }
2249 2854
2250 2855 /*
2251 2856 * Take care of syncing any MOD/REF bits and removing the hment.
2252 2857 */
2253 2858 if (pp != NULL) {
2254 2859 if (!(flags & HAT_UNLOAD_NOSYNC))
2255 2860 hati_sync_pte_to_page(pp, old_pte, l);
2256 2861 hm = hment_remove(pp, ht, entry);
2257 2862 x86_hm_exit(pp);
2258 2863 if (hm != NULL)
2259 2864 hment_free(hm);
2260 2865 }
2261 2866
2262 2867 /*
2263 2868 * Handle book keeping in the htable and hat
2264 2869 */
2265 2870 ASSERT(ht->ht_valid_cnt > 0);
2266 2871 HTABLE_DEC(ht->ht_valid_cnt);
2267 2872 PGCNT_DEC(hat, l);
2268 2873 }
2269 2874
2270 2875 /*
2271 2876 * very cheap unload implementation to special case some kernel addresses
2272 2877 */
2273 2878 static void
2274 2879 hat_kmap_unload(caddr_t addr, size_t len, uint_t flags)
2275 2880 {
2276 2881 uintptr_t va = (uintptr_t)addr;
2277 2882 uintptr_t eva = va + len;
2278 2883 pgcnt_t pg_index;
2279 2884 htable_t *ht;
2280 2885 uint_t entry;
2281 2886 x86pte_t *pte_ptr;
2282 2887 x86pte_t old_pte;
2283 2888
2284 2889 for (; va < eva; va += MMU_PAGESIZE) {
2285 2890 /*
2286 2891 * Get the PTE
2287 2892 */
2288 2893 pg_index = mmu_btop(va - mmu.kmap_addr);
2289 2894 pte_ptr = PT_INDEX_PTR(mmu.kmap_ptes, pg_index);
2290 2895 old_pte = GET_PTE(pte_ptr);
2291 2896
2292 2897 /*
2293 2898 * get the htable / entry
2294 2899 */
2295 2900 ht = mmu.kmap_htables[(va - mmu.kmap_htables[0]->ht_vaddr)
2296 2901 >> LEVEL_SHIFT(1)];
2297 2902 entry = htable_va2entry(va, ht);
2298 2903
2299 2904 /*
2300 2905 * use mostly common code to unmap it.
2301 2906 */
2302 2907 hat_pte_unmap(ht, entry, flags, old_pte, pte_ptr, B_TRUE);
2303 2908 }
2304 2909 }
2305 2910
2306 2911
2307 2912 /*
2308 2913 * unload a range of virtual address space (no callback)
2309 2914 */
2310 2915 void
2311 2916 hat_unload(hat_t *hat, caddr_t addr, size_t len, uint_t flags)
2312 2917 {
2313 2918 uintptr_t va = (uintptr_t)addr;
2314 2919
2315 2920 XPV_DISALLOW_MIGRATE();
2316 2921 ASSERT(hat == kas.a_hat || va + len <= _userlimit);
2317 2922
2318 2923 /*
2319 2924 * special case for performance.
2320 2925 */
|
↓ open down ↓ |
146 lines elided |
↑ open up ↑ |
2321 2926 if (mmu.kmap_addr <= va && va < mmu.kmap_eaddr) {
2322 2927 ASSERT(hat == kas.a_hat);
2323 2928 hat_kmap_unload(addr, len, flags);
2324 2929 } else {
2325 2930 hat_unload_callback(hat, addr, len, flags, NULL);
2326 2931 }
2327 2932 XPV_ALLOW_MIGRATE();
2328 2933 }
2329 2934
2330 2935 /*
2331 - * Do the callbacks for ranges being unloaded.
2332 - */
2333 -typedef struct range_info {
2334 - uintptr_t rng_va;
2335 - ulong_t rng_cnt;
2336 - level_t rng_level;
2337 -} range_info_t;
2338 -
2339 -/*
2340 2936 * Invalidate the TLB, and perform the callback to the upper level VM system,
2341 2937 * for the specified ranges of contiguous pages.
2342 2938 */
2343 2939 static void
2344 -handle_ranges(hat_t *hat, hat_callback_t *cb, uint_t cnt, range_info_t *range)
2940 +handle_ranges(hat_t *hat, hat_callback_t *cb, uint_t cnt, tlb_range_t *range)
2345 2941 {
2346 2942 while (cnt > 0) {
2347 - size_t len;
2348 -
2349 2943 --cnt;
2350 - len = range[cnt].rng_cnt << LEVEL_SHIFT(range[cnt].rng_level);
2351 - hat_tlb_inval_range(hat, (uintptr_t)range[cnt].rng_va, len);
2944 + hat_tlb_inval_range(hat, &range[cnt]);
2352 2945
2353 2946 if (cb != NULL) {
2354 - cb->hcb_start_addr = (caddr_t)range[cnt].rng_va;
2947 + cb->hcb_start_addr = (caddr_t)range[cnt].tr_va;
2355 2948 cb->hcb_end_addr = cb->hcb_start_addr;
2356 - cb->hcb_end_addr += len;
2949 + cb->hcb_end_addr += range[cnt].tr_cnt <<
2950 + LEVEL_SHIFT(range[cnt].tr_level);
2357 2951 cb->hcb_function(cb);
2358 2952 }
2359 2953 }
2360 2954 }
2361 2955
2362 2956 /*
2363 2957 * Unload a given range of addresses (has optional callback)
2364 2958 *
2365 2959 * Flags:
2366 2960 * define HAT_UNLOAD 0x00
2367 2961 * define HAT_UNLOAD_NOSYNC 0x02
2368 2962 * define HAT_UNLOAD_UNLOCK 0x04
2369 2963 * define HAT_UNLOAD_OTHER 0x08 - not used
2370 2964 * define HAT_UNLOAD_UNMAP 0x10 - same as HAT_UNLOAD
2371 2965 */
2372 2966 #define MAX_UNLOAD_CNT (8)
2373 2967 void
2374 2968 hat_unload_callback(
2375 2969 hat_t *hat,
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
2376 2970 caddr_t addr,
2377 2971 size_t len,
2378 2972 uint_t flags,
2379 2973 hat_callback_t *cb)
2380 2974 {
2381 2975 uintptr_t vaddr = (uintptr_t)addr;
2382 2976 uintptr_t eaddr = vaddr + len;
2383 2977 htable_t *ht = NULL;
2384 2978 uint_t entry;
2385 2979 uintptr_t contig_va = (uintptr_t)-1L;
2386 - range_info_t r[MAX_UNLOAD_CNT];
2980 + tlb_range_t r[MAX_UNLOAD_CNT];
2387 2981 uint_t r_cnt = 0;
2388 2982 x86pte_t old_pte;
2389 2983
2390 2984 XPV_DISALLOW_MIGRATE();
2391 2985 ASSERT(hat == kas.a_hat || eaddr <= _userlimit);
2392 2986 ASSERT(IS_PAGEALIGNED(vaddr));
2393 2987 ASSERT(IS_PAGEALIGNED(eaddr));
2394 2988
2395 2989 /*
2396 2990 * Special case a single page being unloaded for speed. This happens
2397 2991 * quite frequently, COW faults after a fork() for example.
2398 2992 */
2399 2993 if (cb == NULL && len == MMU_PAGESIZE) {
2400 2994 ht = htable_getpte(hat, vaddr, &entry, &old_pte, 0);
2401 2995 if (ht != NULL) {
2402 2996 if (PTE_ISVALID(old_pte)) {
2403 2997 hat_pte_unmap(ht, entry, flags, old_pte,
2404 2998 NULL, B_TRUE);
2405 2999 }
2406 3000 htable_release(ht);
2407 3001 }
2408 3002 XPV_ALLOW_MIGRATE();
2409 3003 return;
2410 3004 }
2411 3005
2412 3006 while (vaddr < eaddr) {
2413 3007 old_pte = htable_walk(hat, &ht, &vaddr, eaddr);
2414 3008 if (ht == NULL)
2415 3009 break;
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
2416 3010
2417 3011 ASSERT(!IN_VA_HOLE(vaddr));
2418 3012
2419 3013 if (vaddr < (uintptr_t)addr)
2420 3014 panic("hat_unload_callback(): unmap inside large page");
2421 3015
2422 3016 /*
2423 3017 * We'll do the call backs for contiguous ranges
2424 3018 */
2425 3019 if (vaddr != contig_va ||
2426 - (r_cnt > 0 && r[r_cnt - 1].rng_level != ht->ht_level)) {
3020 + (r_cnt > 0 && r[r_cnt - 1].tr_level != ht->ht_level)) {
2427 3021 if (r_cnt == MAX_UNLOAD_CNT) {
2428 3022 handle_ranges(hat, cb, r_cnt, r);
2429 3023 r_cnt = 0;
2430 3024 }
2431 - r[r_cnt].rng_va = vaddr;
2432 - r[r_cnt].rng_cnt = 0;
2433 - r[r_cnt].rng_level = ht->ht_level;
3025 + r[r_cnt].tr_va = vaddr;
3026 + r[r_cnt].tr_cnt = 0;
3027 + r[r_cnt].tr_level = ht->ht_level;
2434 3028 ++r_cnt;
2435 3029 }
2436 3030
2437 3031 /*
2438 3032 * Unload one mapping (for a single page) from the page tables.
2439 3033 * Note that we do not remove the mapping from the TLB yet,
2440 3034 * as indicated by the tlb=FALSE argument to hat_pte_unmap().
2441 3035 * handle_ranges() will clear the TLB entries with one call to
2442 3036 * hat_tlb_inval_range() per contiguous range. This is
2443 3037 * safe because the page can not be reused until the
2444 3038 * callback is made (or we return).
2445 3039 */
2446 3040 entry = htable_va2entry(vaddr, ht);
2447 3041 hat_pte_unmap(ht, entry, flags, old_pte, NULL, B_FALSE);
2448 3042 ASSERT(ht->ht_level <= mmu.max_page_level);
2449 3043 vaddr += LEVEL_SIZE(ht->ht_level);
2450 3044 contig_va = vaddr;
2451 - ++r[r_cnt - 1].rng_cnt;
3045 + ++r[r_cnt - 1].tr_cnt;
2452 3046 }
2453 3047 if (ht)
2454 3048 htable_release(ht);
2455 3049
2456 3050 /*
2457 3051 * handle last range for callbacks
2458 3052 */
2459 3053 if (r_cnt > 0)
2460 3054 handle_ranges(hat, cb, r_cnt, r);
2461 3055 XPV_ALLOW_MIGRATE();
2462 3056 }
2463 3057
2464 3058 /*
2465 3059 * Invalidate a virtual address translation on a slave CPU during
2466 3060 * panic() dumps.
2467 3061 */
2468 3062 void
2469 3063 hat_flush_range(hat_t *hat, caddr_t va, size_t size)
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
2470 3064 {
2471 3065 ssize_t sz;
2472 3066 caddr_t endva = va + size;
2473 3067
2474 3068 while (va < endva) {
2475 3069 sz = hat_getpagesize(hat, va);
2476 3070 if (sz < 0) {
2477 3071 #ifdef __xpv
2478 3072 xen_flush_tlb();
2479 3073 #else
2480 - flush_all_tlb_entries();
3074 + mmu_flush_tlb(FLUSH_TLB_ALL, NULL);
2481 3075 #endif
2482 3076 break;
2483 3077 }
2484 3078 #ifdef __xpv
2485 3079 xen_flush_va(va);
2486 3080 #else
2487 - mmu_tlbflush_entry(va);
3081 + mmu_flush_tlb_kpage((uintptr_t)va);
2488 3082 #endif
2489 3083 va += sz;
2490 3084 }
2491 3085 }
2492 3086
2493 3087 /*
2494 3088 * synchronize mapping with software data structures
2495 3089 *
2496 3090 * This interface is currently only used by the working set monitor
2497 3091 * driver.
2498 3092 */
2499 3093 /*ARGSUSED*/
2500 3094 void
2501 3095 hat_sync(hat_t *hat, caddr_t addr, size_t len, uint_t flags)
2502 3096 {
2503 3097 uintptr_t vaddr = (uintptr_t)addr;
2504 3098 uintptr_t eaddr = vaddr + len;
2505 3099 htable_t *ht = NULL;
2506 3100 uint_t entry;
2507 3101 x86pte_t pte;
2508 3102 x86pte_t save_pte;
2509 3103 x86pte_t new;
2510 3104 page_t *pp;
2511 3105
2512 3106 ASSERT(!IN_VA_HOLE(vaddr));
2513 3107 ASSERT(IS_PAGEALIGNED(vaddr));
2514 3108 ASSERT(IS_PAGEALIGNED(eaddr));
2515 3109 ASSERT(hat == kas.a_hat || eaddr <= _userlimit);
2516 3110
2517 3111 XPV_DISALLOW_MIGRATE();
2518 3112 for (; vaddr < eaddr; vaddr += LEVEL_SIZE(ht->ht_level)) {
2519 3113 try_again:
2520 3114 pte = htable_walk(hat, &ht, &vaddr, eaddr);
2521 3115 if (ht == NULL)
2522 3116 break;
2523 3117 entry = htable_va2entry(vaddr, ht);
2524 3118
2525 3119 if (PTE_GET(pte, PT_SOFTWARE) >= PT_NOSYNC ||
2526 3120 PTE_GET(pte, PT_REF | PT_MOD) == 0)
2527 3121 continue;
2528 3122
2529 3123 /*
2530 3124 * We need to acquire the mapping list lock to protect
2531 3125 * against hat_pageunload(), hat_unload(), etc.
2532 3126 */
2533 3127 pp = page_numtopp_nolock(PTE2PFN(pte, ht->ht_level));
2534 3128 if (pp == NULL)
2535 3129 break;
2536 3130 x86_hm_enter(pp);
2537 3131 save_pte = pte;
2538 3132 pte = x86pte_get(ht, entry);
2539 3133 if (pte != save_pte) {
2540 3134 x86_hm_exit(pp);
2541 3135 goto try_again;
2542 3136 }
2543 3137 if (PTE_GET(pte, PT_SOFTWARE) >= PT_NOSYNC ||
2544 3138 PTE_GET(pte, PT_REF | PT_MOD) == 0) {
2545 3139 x86_hm_exit(pp);
2546 3140 continue;
2547 3141 }
2548 3142
2549 3143 /*
2550 3144 * Need to clear ref or mod bits. We may compete with
2551 3145 * hardware updating the R/M bits and have to try again.
2552 3146 */
2553 3147 if (flags == HAT_SYNC_ZERORM) {
2554 3148 new = pte;
2555 3149 PTE_CLR(new, PT_REF | PT_MOD);
2556 3150 pte = hati_update_pte(ht, entry, pte, new);
2557 3151 if (pte != 0) {
2558 3152 x86_hm_exit(pp);
2559 3153 goto try_again;
2560 3154 }
2561 3155 } else {
2562 3156 /*
2563 3157 * sync the PTE to the page_t
2564 3158 */
2565 3159 hati_sync_pte_to_page(pp, save_pte, ht->ht_level);
2566 3160 }
2567 3161 x86_hm_exit(pp);
2568 3162 }
2569 3163 if (ht)
2570 3164 htable_release(ht);
2571 3165 XPV_ALLOW_MIGRATE();
2572 3166 }
2573 3167
2574 3168 /*
2575 3169 * void hat_map(hat, addr, len, flags)
2576 3170 */
2577 3171 /*ARGSUSED*/
2578 3172 void
2579 3173 hat_map(hat_t *hat, caddr_t addr, size_t len, uint_t flags)
2580 3174 {
2581 3175 /* does nothing */
2582 3176 }
2583 3177
2584 3178 /*
2585 3179 * uint_t hat_getattr(hat, addr, *attr)
2586 3180 * returns attr for <hat,addr> in *attr. returns 0 if there was a
2587 3181 * mapping and *attr is valid, nonzero if there was no mapping and
2588 3182 * *attr is not valid.
2589 3183 */
2590 3184 uint_t
2591 3185 hat_getattr(hat_t *hat, caddr_t addr, uint_t *attr)
2592 3186 {
2593 3187 uintptr_t vaddr = ALIGN2PAGE(addr);
2594 3188 htable_t *ht = NULL;
2595 3189 x86pte_t pte;
2596 3190
2597 3191 ASSERT(hat == kas.a_hat || vaddr <= _userlimit);
2598 3192
2599 3193 if (IN_VA_HOLE(vaddr))
2600 3194 return ((uint_t)-1);
2601 3195
2602 3196 ht = htable_getpte(hat, vaddr, NULL, &pte, mmu.max_page_level);
2603 3197 if (ht == NULL)
2604 3198 return ((uint_t)-1);
2605 3199
2606 3200 if (!PTE_ISVALID(pte) || !PTE_ISPAGE(pte, ht->ht_level)) {
2607 3201 htable_release(ht);
2608 3202 return ((uint_t)-1);
2609 3203 }
2610 3204
2611 3205 *attr = PROT_READ;
2612 3206 if (PTE_GET(pte, PT_WRITABLE))
2613 3207 *attr |= PROT_WRITE;
2614 3208 if (PTE_GET(pte, PT_USER))
2615 3209 *attr |= PROT_USER;
2616 3210 if (!PTE_GET(pte, mmu.pt_nx))
2617 3211 *attr |= PROT_EXEC;
2618 3212 if (PTE_GET(pte, PT_SOFTWARE) >= PT_NOSYNC)
2619 3213 *attr |= HAT_NOSYNC;
2620 3214 htable_release(ht);
2621 3215 return (0);
2622 3216 }
2623 3217
2624 3218 /*
2625 3219 * hat_updateattr() applies the given attribute change to an existing mapping
2626 3220 */
2627 3221 #define HAT_LOAD_ATTR 1
2628 3222 #define HAT_SET_ATTR 2
2629 3223 #define HAT_CLR_ATTR 3
2630 3224
2631 3225 static void
2632 3226 hat_updateattr(hat_t *hat, caddr_t addr, size_t len, uint_t attr, int what)
2633 3227 {
2634 3228 uintptr_t vaddr = (uintptr_t)addr;
2635 3229 uintptr_t eaddr = (uintptr_t)addr + len;
2636 3230 htable_t *ht = NULL;
2637 3231 uint_t entry;
2638 3232 x86pte_t oldpte, newpte;
2639 3233 page_t *pp;
2640 3234
2641 3235 XPV_DISALLOW_MIGRATE();
2642 3236 ASSERT(IS_PAGEALIGNED(vaddr));
2643 3237 ASSERT(IS_PAGEALIGNED(eaddr));
2644 3238 ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
2645 3239 for (; vaddr < eaddr; vaddr += LEVEL_SIZE(ht->ht_level)) {
2646 3240 try_again:
2647 3241 oldpte = htable_walk(hat, &ht, &vaddr, eaddr);
2648 3242 if (ht == NULL)
2649 3243 break;
2650 3244 if (PTE_GET(oldpte, PT_SOFTWARE) >= PT_NOCONSIST)
2651 3245 continue;
2652 3246
2653 3247 pp = page_numtopp_nolock(PTE2PFN(oldpte, ht->ht_level));
2654 3248 if (pp == NULL)
2655 3249 continue;
2656 3250 x86_hm_enter(pp);
2657 3251
2658 3252 newpte = oldpte;
2659 3253 /*
2660 3254 * We found a page table entry in the desired range,
2661 3255 * figure out the new attributes.
2662 3256 */
2663 3257 if (what == HAT_SET_ATTR || what == HAT_LOAD_ATTR) {
2664 3258 if ((attr & PROT_WRITE) &&
2665 3259 !PTE_GET(oldpte, PT_WRITABLE))
2666 3260 newpte |= PT_WRITABLE;
2667 3261
2668 3262 if ((attr & HAT_NOSYNC) &&
2669 3263 PTE_GET(oldpte, PT_SOFTWARE) < PT_NOSYNC)
2670 3264 newpte |= PT_NOSYNC;
2671 3265
2672 3266 if ((attr & PROT_EXEC) && PTE_GET(oldpte, mmu.pt_nx))
2673 3267 newpte &= ~mmu.pt_nx;
2674 3268 }
2675 3269
2676 3270 if (what == HAT_LOAD_ATTR) {
2677 3271 if (!(attr & PROT_WRITE) &&
2678 3272 PTE_GET(oldpte, PT_WRITABLE))
2679 3273 newpte &= ~PT_WRITABLE;
2680 3274
2681 3275 if (!(attr & HAT_NOSYNC) &&
2682 3276 PTE_GET(oldpte, PT_SOFTWARE) >= PT_NOSYNC)
2683 3277 newpte &= ~PT_SOFTWARE;
2684 3278
2685 3279 if (!(attr & PROT_EXEC) && !PTE_GET(oldpte, mmu.pt_nx))
2686 3280 newpte |= mmu.pt_nx;
2687 3281 }
2688 3282
2689 3283 if (what == HAT_CLR_ATTR) {
2690 3284 if ((attr & PROT_WRITE) && PTE_GET(oldpte, PT_WRITABLE))
2691 3285 newpte &= ~PT_WRITABLE;
2692 3286
2693 3287 if ((attr & HAT_NOSYNC) &&
2694 3288 PTE_GET(oldpte, PT_SOFTWARE) >= PT_NOSYNC)
2695 3289 newpte &= ~PT_SOFTWARE;
2696 3290
2697 3291 if ((attr & PROT_EXEC) && !PTE_GET(oldpte, mmu.pt_nx))
2698 3292 newpte |= mmu.pt_nx;
2699 3293 }
2700 3294
2701 3295 /*
2702 3296 * Ensure NOSYNC/NOCONSIST mappings have REF and MOD set.
2703 3297 * x86pte_set() depends on this.
2704 3298 */
2705 3299 if (PTE_GET(newpte, PT_SOFTWARE) >= PT_NOSYNC)
2706 3300 newpte |= PT_REF | PT_MOD;
2707 3301
2708 3302 /*
2709 3303 * what about PROT_READ or others? this code only handles:
2710 3304 * EXEC, WRITE, NOSYNC
2711 3305 */
2712 3306
2713 3307 /*
2714 3308 * If new PTE really changed, update the table.
2715 3309 */
2716 3310 if (newpte != oldpte) {
2717 3311 entry = htable_va2entry(vaddr, ht);
2718 3312 oldpte = hati_update_pte(ht, entry, oldpte, newpte);
2719 3313 if (oldpte != 0) {
2720 3314 x86_hm_exit(pp);
2721 3315 goto try_again;
2722 3316 }
2723 3317 }
2724 3318 x86_hm_exit(pp);
2725 3319 }
2726 3320 if (ht)
2727 3321 htable_release(ht);
2728 3322 XPV_ALLOW_MIGRATE();
2729 3323 }
2730 3324
2731 3325 /*
2732 3326 * Various wrappers for hat_updateattr()
2733 3327 */
2734 3328 void
2735 3329 hat_setattr(hat_t *hat, caddr_t addr, size_t len, uint_t attr)
2736 3330 {
2737 3331 ASSERT(hat == kas.a_hat || (uintptr_t)addr + len <= _userlimit);
2738 3332 hat_updateattr(hat, addr, len, attr, HAT_SET_ATTR);
2739 3333 }
2740 3334
2741 3335 void
2742 3336 hat_clrattr(hat_t *hat, caddr_t addr, size_t len, uint_t attr)
2743 3337 {
2744 3338 ASSERT(hat == kas.a_hat || (uintptr_t)addr + len <= _userlimit);
2745 3339 hat_updateattr(hat, addr, len, attr, HAT_CLR_ATTR);
2746 3340 }
2747 3341
2748 3342 void
2749 3343 hat_chgattr(hat_t *hat, caddr_t addr, size_t len, uint_t attr)
2750 3344 {
2751 3345 ASSERT(hat == kas.a_hat || (uintptr_t)addr + len <= _userlimit);
2752 3346 hat_updateattr(hat, addr, len, attr, HAT_LOAD_ATTR);
2753 3347 }
2754 3348
2755 3349 void
2756 3350 hat_chgprot(hat_t *hat, caddr_t addr, size_t len, uint_t vprot)
2757 3351 {
2758 3352 ASSERT(hat == kas.a_hat || (uintptr_t)addr + len <= _userlimit);
2759 3353 hat_updateattr(hat, addr, len, vprot & HAT_PROT_MASK, HAT_LOAD_ATTR);
2760 3354 }
2761 3355
2762 3356 /*
2763 3357 * size_t hat_getpagesize(hat, addr)
2764 3358 * returns pagesize in bytes for <hat, addr>. returns -1 of there is
2765 3359 * no mapping. This is an advisory call.
2766 3360 */
2767 3361 ssize_t
2768 3362 hat_getpagesize(hat_t *hat, caddr_t addr)
2769 3363 {
2770 3364 uintptr_t vaddr = ALIGN2PAGE(addr);
2771 3365 htable_t *ht;
2772 3366 size_t pagesize;
2773 3367
2774 3368 ASSERT(hat == kas.a_hat || vaddr <= _userlimit);
2775 3369 if (IN_VA_HOLE(vaddr))
2776 3370 return (-1);
2777 3371 ht = htable_getpage(hat, vaddr, NULL);
2778 3372 if (ht == NULL)
2779 3373 return (-1);
2780 3374 pagesize = LEVEL_SIZE(ht->ht_level);
2781 3375 htable_release(ht);
2782 3376 return (pagesize);
2783 3377 }
2784 3378
2785 3379
2786 3380
2787 3381 /*
2788 3382 * pfn_t hat_getpfnum(hat, addr)
2789 3383 * returns pfn for <hat, addr> or PFN_INVALID if mapping is invalid.
2790 3384 */
2791 3385 pfn_t
2792 3386 hat_getpfnum(hat_t *hat, caddr_t addr)
2793 3387 {
2794 3388 uintptr_t vaddr = ALIGN2PAGE(addr);
2795 3389 htable_t *ht;
2796 3390 uint_t entry;
2797 3391 pfn_t pfn = PFN_INVALID;
2798 3392
2799 3393 ASSERT(hat == kas.a_hat || vaddr <= _userlimit);
2800 3394 if (khat_running == 0)
2801 3395 return (PFN_INVALID);
2802 3396
2803 3397 if (IN_VA_HOLE(vaddr))
2804 3398 return (PFN_INVALID);
2805 3399
2806 3400 XPV_DISALLOW_MIGRATE();
2807 3401 /*
2808 3402 * A very common use of hat_getpfnum() is from the DDI for kernel pages.
2809 3403 * Use the kmap_ptes (which also covers the 32 bit heap) to speed
2810 3404 * this up.
2811 3405 */
2812 3406 if (mmu.kmap_addr <= vaddr && vaddr < mmu.kmap_eaddr) {
2813 3407 x86pte_t pte;
2814 3408 pgcnt_t pg_index;
2815 3409
2816 3410 pg_index = mmu_btop(vaddr - mmu.kmap_addr);
2817 3411 pte = GET_PTE(PT_INDEX_PTR(mmu.kmap_ptes, pg_index));
2818 3412 if (PTE_ISVALID(pte))
2819 3413 /*LINTED [use of constant 0 causes a lint warning] */
2820 3414 pfn = PTE2PFN(pte, 0);
2821 3415 XPV_ALLOW_MIGRATE();
2822 3416 return (pfn);
2823 3417 }
2824 3418
2825 3419 ht = htable_getpage(hat, vaddr, &entry);
2826 3420 if (ht == NULL) {
2827 3421 XPV_ALLOW_MIGRATE();
2828 3422 return (PFN_INVALID);
2829 3423 }
2830 3424 ASSERT(vaddr >= ht->ht_vaddr);
2831 3425 ASSERT(vaddr <= HTABLE_LAST_PAGE(ht));
2832 3426 pfn = PTE2PFN(x86pte_get(ht, entry), ht->ht_level);
2833 3427 if (ht->ht_level > 0)
2834 3428 pfn += mmu_btop(vaddr & LEVEL_OFFSET(ht->ht_level));
2835 3429 htable_release(ht);
2836 3430 XPV_ALLOW_MIGRATE();
2837 3431 return (pfn);
2838 3432 }
2839 3433
2840 3434 /*
2841 3435 * int hat_probe(hat, addr)
2842 3436 * return 0 if no valid mapping is present. Faster version
2843 3437 * of hat_getattr in certain architectures.
2844 3438 */
2845 3439 int
2846 3440 hat_probe(hat_t *hat, caddr_t addr)
2847 3441 {
2848 3442 uintptr_t vaddr = ALIGN2PAGE(addr);
2849 3443 uint_t entry;
2850 3444 htable_t *ht;
2851 3445 pgcnt_t pg_off;
2852 3446
2853 3447 ASSERT(hat == kas.a_hat || vaddr <= _userlimit);
2854 3448 ASSERT(hat == kas.a_hat || AS_LOCK_HELD(hat->hat_as));
2855 3449 if (IN_VA_HOLE(vaddr))
2856 3450 return (0);
2857 3451
2858 3452 /*
2859 3453 * Most common use of hat_probe is from segmap. We special case it
2860 3454 * for performance.
2861 3455 */
2862 3456 if (mmu.kmap_addr <= vaddr && vaddr < mmu.kmap_eaddr) {
2863 3457 pg_off = mmu_btop(vaddr - mmu.kmap_addr);
2864 3458 if (mmu.pae_hat)
2865 3459 return (PTE_ISVALID(mmu.kmap_ptes[pg_off]));
2866 3460 else
2867 3461 return (PTE_ISVALID(
2868 3462 ((x86pte32_t *)mmu.kmap_ptes)[pg_off]));
2869 3463 }
2870 3464
2871 3465 ht = htable_getpage(hat, vaddr, &entry);
2872 3466 htable_release(ht);
2873 3467 return (ht != NULL);
2874 3468 }
2875 3469
2876 3470 /*
2877 3471 * Find out if the segment for hat_share()/hat_unshare() is DISM or locked ISM.
2878 3472 */
2879 3473 static int
2880 3474 is_it_dism(hat_t *hat, caddr_t va)
2881 3475 {
2882 3476 struct seg *seg;
2883 3477 struct shm_data *shmd;
2884 3478 struct spt_data *sptd;
2885 3479
2886 3480 seg = as_findseg(hat->hat_as, va, 0);
2887 3481 ASSERT(seg != NULL);
2888 3482 ASSERT(seg->s_base <= va);
2889 3483 shmd = (struct shm_data *)seg->s_data;
2890 3484 ASSERT(shmd != NULL);
2891 3485 sptd = (struct spt_data *)shmd->shm_sptseg->s_data;
2892 3486 ASSERT(sptd != NULL);
2893 3487 if (sptd->spt_flags & SHM_PAGEABLE)
2894 3488 return (1);
2895 3489 return (0);
2896 3490 }
2897 3491
2898 3492 /*
2899 3493 * Simple implementation of ISM. hat_share() is similar to hat_memload_array(),
2900 3494 * except that we use the ism_hat's existing mappings to determine the pages
2901 3495 * and protections to use for this hat. If we find a full properly aligned
2902 3496 * and sized pagetable, we will attempt to share the pagetable itself.
2903 3497 */
2904 3498 /*ARGSUSED*/
2905 3499 int
2906 3500 hat_share(
2907 3501 hat_t *hat,
2908 3502 caddr_t addr,
2909 3503 hat_t *ism_hat,
2910 3504 caddr_t src_addr,
2911 3505 size_t len, /* almost useless value, see below.. */
2912 3506 uint_t ismszc)
2913 3507 {
2914 3508 uintptr_t vaddr_start = (uintptr_t)addr;
2915 3509 uintptr_t vaddr;
2916 3510 uintptr_t eaddr = vaddr_start + len;
2917 3511 uintptr_t ism_addr_start = (uintptr_t)src_addr;
2918 3512 uintptr_t ism_addr = ism_addr_start;
2919 3513 uintptr_t e_ism_addr = ism_addr + len;
2920 3514 htable_t *ism_ht = NULL;
2921 3515 htable_t *ht;
2922 3516 x86pte_t pte;
2923 3517 page_t *pp;
2924 3518 pfn_t pfn;
2925 3519 level_t l;
2926 3520 pgcnt_t pgcnt;
2927 3521 uint_t prot;
2928 3522 int is_dism;
2929 3523 int flags;
2930 3524
2931 3525 /*
2932 3526 * We might be asked to share an empty DISM hat by as_dup()
2933 3527 */
2934 3528 ASSERT(hat != kas.a_hat);
2935 3529 ASSERT(eaddr <= _userlimit);
2936 3530 if (!(ism_hat->hat_flags & HAT_SHARED)) {
2937 3531 ASSERT(hat_get_mapped_size(ism_hat) == 0);
2938 3532 return (0);
2939 3533 }
2940 3534 XPV_DISALLOW_MIGRATE();
2941 3535
2942 3536 /*
2943 3537 * The SPT segment driver often passes us a size larger than there are
2944 3538 * valid mappings. That's because it rounds the segment size up to a
2945 3539 * large pagesize, even if the actual memory mapped by ism_hat is less.
2946 3540 */
2947 3541 ASSERT(IS_PAGEALIGNED(vaddr_start));
2948 3542 ASSERT(IS_PAGEALIGNED(ism_addr_start));
2949 3543 ASSERT(ism_hat->hat_flags & HAT_SHARED);
2950 3544 is_dism = is_it_dism(hat, addr);
2951 3545 while (ism_addr < e_ism_addr) {
2952 3546 /*
2953 3547 * use htable_walk to get the next valid ISM mapping
2954 3548 */
2955 3549 pte = htable_walk(ism_hat, &ism_ht, &ism_addr, e_ism_addr);
2956 3550 if (ism_ht == NULL)
2957 3551 break;
2958 3552
2959 3553 /*
2960 3554 * First check to see if we already share the page table.
2961 3555 */
2962 3556 l = ism_ht->ht_level;
2963 3557 vaddr = vaddr_start + (ism_addr - ism_addr_start);
2964 3558 ht = htable_lookup(hat, vaddr, l);
2965 3559 if (ht != NULL) {
2966 3560 if (ht->ht_flags & HTABLE_SHARED_PFN)
2967 3561 goto shared;
2968 3562 htable_release(ht);
2969 3563 goto not_shared;
2970 3564 }
2971 3565
2972 3566 /*
2973 3567 * Can't ever share top table.
2974 3568 */
2975 3569 if (l == mmu.max_level)
2976 3570 goto not_shared;
2977 3571
2978 3572 /*
2979 3573 * Avoid level mismatches later due to DISM faults.
2980 3574 */
2981 3575 if (is_dism && l > 0)
2982 3576 goto not_shared;
2983 3577
2984 3578 /*
2985 3579 * addresses and lengths must align
2986 3580 * table must be fully populated
2987 3581 * no lower level page tables
2988 3582 */
2989 3583 if (ism_addr != ism_ht->ht_vaddr ||
2990 3584 (vaddr & LEVEL_OFFSET(l + 1)) != 0)
2991 3585 goto not_shared;
2992 3586
2993 3587 /*
2994 3588 * The range of address space must cover a full table.
2995 3589 */
2996 3590 if (e_ism_addr - ism_addr < LEVEL_SIZE(l + 1))
2997 3591 goto not_shared;
2998 3592
2999 3593 /*
3000 3594 * All entries in the ISM page table must be leaf PTEs.
3001 3595 */
3002 3596 if (l > 0) {
3003 3597 int e;
3004 3598
3005 3599 /*
3006 3600 * We know the 0th is from htable_walk() above.
3007 3601 */
3008 3602 for (e = 1; e < HTABLE_NUM_PTES(ism_ht); ++e) {
3009 3603 x86pte_t pte;
3010 3604 pte = x86pte_get(ism_ht, e);
3011 3605 if (!PTE_ISPAGE(pte, l))
3012 3606 goto not_shared;
3013 3607 }
3014 3608 }
3015 3609
3016 3610 /*
3017 3611 * share the page table
3018 3612 */
3019 3613 ht = htable_create(hat, vaddr, l, ism_ht);
3020 3614 shared:
3021 3615 ASSERT(ht->ht_flags & HTABLE_SHARED_PFN);
3022 3616 ASSERT(ht->ht_shares == ism_ht);
3023 3617 hat->hat_ism_pgcnt +=
3024 3618 (ism_ht->ht_valid_cnt - ht->ht_valid_cnt) <<
3025 3619 (LEVEL_SHIFT(ht->ht_level) - MMU_PAGESHIFT);
3026 3620 ht->ht_valid_cnt = ism_ht->ht_valid_cnt;
3027 3621 htable_release(ht);
3028 3622 ism_addr = ism_ht->ht_vaddr + LEVEL_SIZE(l + 1);
3029 3623 htable_release(ism_ht);
3030 3624 ism_ht = NULL;
3031 3625 continue;
3032 3626
3033 3627 not_shared:
3034 3628 /*
3035 3629 * Unable to share the page table. Instead we will
3036 3630 * create new mappings from the values in the ISM mappings.
3037 3631 * Figure out what level size mappings to use;
3038 3632 */
3039 3633 for (l = ism_ht->ht_level; l > 0; --l) {
3040 3634 if (LEVEL_SIZE(l) <= eaddr - vaddr &&
3041 3635 (vaddr & LEVEL_OFFSET(l)) == 0)
3042 3636 break;
3043 3637 }
3044 3638
3045 3639 /*
3046 3640 * The ISM mapping might be larger than the share area,
3047 3641 * be careful to truncate it if needed.
3048 3642 */
3049 3643 if (eaddr - vaddr >= LEVEL_SIZE(ism_ht->ht_level)) {
3050 3644 pgcnt = mmu_btop(LEVEL_SIZE(ism_ht->ht_level));
3051 3645 } else {
3052 3646 pgcnt = mmu_btop(eaddr - vaddr);
3053 3647 l = 0;
3054 3648 }
3055 3649
3056 3650 pfn = PTE2PFN(pte, ism_ht->ht_level);
3057 3651 ASSERT(pfn != PFN_INVALID);
3058 3652 while (pgcnt > 0) {
3059 3653 /*
3060 3654 * Make a new pte for the PFN for this level.
3061 3655 * Copy protections for the pte from the ISM pte.
3062 3656 */
3063 3657 pp = page_numtopp_nolock(pfn);
3064 3658 ASSERT(pp != NULL);
3065 3659
3066 3660 prot = PROT_USER | PROT_READ | HAT_UNORDERED_OK;
3067 3661 if (PTE_GET(pte, PT_WRITABLE))
3068 3662 prot |= PROT_WRITE;
3069 3663 if (!PTE_GET(pte, PT_NX))
3070 3664 prot |= PROT_EXEC;
3071 3665
3072 3666 flags = HAT_LOAD;
3073 3667 if (!is_dism)
3074 3668 flags |= HAT_LOAD_LOCK | HAT_LOAD_NOCONSIST;
3075 3669 while (hati_load_common(hat, vaddr, pp, prot, flags,
3076 3670 l, pfn) != 0) {
3077 3671 if (l == 0)
3078 3672 panic("hati_load_common() failure");
3079 3673 --l;
3080 3674 }
3081 3675
3082 3676 vaddr += LEVEL_SIZE(l);
3083 3677 ism_addr += LEVEL_SIZE(l);
3084 3678 pfn += mmu_btop(LEVEL_SIZE(l));
3085 3679 pgcnt -= mmu_btop(LEVEL_SIZE(l));
3086 3680 }
3087 3681 }
3088 3682 if (ism_ht != NULL)
3089 3683 htable_release(ism_ht);
3090 3684 XPV_ALLOW_MIGRATE();
3091 3685 return (0);
3092 3686 }
3093 3687
3094 3688
3095 3689 /*
3096 3690 * hat_unshare() is similar to hat_unload_callback(), but
3097 3691 * we have to look for empty shared pagetables. Note that
3098 3692 * hat_unshare() is always invoked against an entire segment.
3099 3693 */
3100 3694 /*ARGSUSED*/
3101 3695 void
3102 3696 hat_unshare(hat_t *hat, caddr_t addr, size_t len, uint_t ismszc)
3103 3697 {
3104 3698 uint64_t vaddr = (uintptr_t)addr;
3105 3699 uintptr_t eaddr = vaddr + len;
3106 3700 htable_t *ht = NULL;
3107 3701 uint_t need_demaps = 0;
3108 3702 int flags = HAT_UNLOAD_UNMAP;
3109 3703 level_t l;
3110 3704
3111 3705 ASSERT(hat != kas.a_hat);
3112 3706 ASSERT(eaddr <= _userlimit);
3113 3707 ASSERT(IS_PAGEALIGNED(vaddr));
3114 3708 ASSERT(IS_PAGEALIGNED(eaddr));
3115 3709 XPV_DISALLOW_MIGRATE();
3116 3710
3117 3711 /*
3118 3712 * First go through and remove any shared pagetables.
3119 3713 *
3120 3714 * Note that it's ok to delay the TLB shootdown till the entire range is
3121 3715 * finished, because if hat_pageunload() were to unload a shared
3122 3716 * pagetable page, its hat_tlb_inval() will do a global TLB invalidate.
3123 3717 */
3124 3718 l = mmu.max_page_level;
3125 3719 if (l == mmu.max_level)
3126 3720 --l;
3127 3721 for (; l >= 0; --l) {
3128 3722 for (vaddr = (uintptr_t)addr; vaddr < eaddr;
3129 3723 vaddr = (vaddr & LEVEL_MASK(l + 1)) + LEVEL_SIZE(l + 1)) {
3130 3724 ASSERT(!IN_VA_HOLE(vaddr));
3131 3725 /*
3132 3726 * find a pagetable that maps the current address
3133 3727 */
3134 3728 ht = htable_lookup(hat, vaddr, l);
3135 3729 if (ht == NULL)
3136 3730 continue;
3137 3731 if (ht->ht_flags & HTABLE_SHARED_PFN) {
3138 3732 /*
3139 3733 * clear page count, set valid_cnt to 0,
3140 3734 * let htable_release() finish the job
3141 3735 */
3142 3736 hat->hat_ism_pgcnt -= ht->ht_valid_cnt <<
|
↓ open down ↓ |
645 lines elided |
↑ open up ↑ |
3143 3737 (LEVEL_SHIFT(ht->ht_level) - MMU_PAGESHIFT);
3144 3738 ht->ht_valid_cnt = 0;
3145 3739 need_demaps = 1;
3146 3740 }
3147 3741 htable_release(ht);
3148 3742 }
3149 3743 }
3150 3744
3151 3745 /*
3152 3746 * flush the TLBs - since we're probably dealing with MANY mappings
3153 - * we do just one CR3 reload.
3747 + * we just do a full invalidation.
3154 3748 */
3155 3749 if (!(hat->hat_flags & HAT_FREEING) && need_demaps)
3156 3750 hat_tlb_inval(hat, DEMAP_ALL_ADDR);
3157 3751
3158 3752 /*
3159 3753 * Now go back and clean up any unaligned mappings that
3160 3754 * couldn't share pagetables.
3161 3755 */
3162 3756 if (!is_it_dism(hat, addr))
3163 3757 flags |= HAT_UNLOAD_UNLOCK;
3164 3758 hat_unload(hat, addr, len, flags);
3165 3759 XPV_ALLOW_MIGRATE();
3166 3760 }
3167 3761
3168 3762
3169 3763 /*
3170 3764 * hat_reserve() does nothing
3171 3765 */
3172 3766 /*ARGSUSED*/
3173 3767 void
3174 3768 hat_reserve(struct as *as, caddr_t addr, size_t len)
3175 3769 {
3176 3770 }
3177 3771
3178 3772
3179 3773 /*
3180 3774 * Called when all mappings to a page should have write permission removed.
3181 3775 * Mostly stolen from hat_pagesync()
3182 3776 */
3183 3777 static void
3184 3778 hati_page_clrwrt(struct page *pp)
3185 3779 {
3186 3780 hment_t *hm = NULL;
3187 3781 htable_t *ht;
3188 3782 uint_t entry;
3189 3783 x86pte_t old;
3190 3784 x86pte_t new;
3191 3785 uint_t pszc = 0;
3192 3786
3193 3787 XPV_DISALLOW_MIGRATE();
3194 3788 next_size:
3195 3789 /*
3196 3790 * walk thru the mapping list clearing write permission
3197 3791 */
3198 3792 x86_hm_enter(pp);
3199 3793 while ((hm = hment_walk(pp, &ht, &entry, hm)) != NULL) {
3200 3794 if (ht->ht_level < pszc)
3201 3795 continue;
3202 3796 old = x86pte_get(ht, entry);
3203 3797
3204 3798 for (;;) {
3205 3799 /*
3206 3800 * Is this mapping of interest?
3207 3801 */
3208 3802 if (PTE2PFN(old, ht->ht_level) != pp->p_pagenum ||
3209 3803 PTE_GET(old, PT_WRITABLE) == 0)
3210 3804 break;
3211 3805
3212 3806 /*
3213 3807 * Clear ref/mod writable bits. This requires cross
3214 3808 * calls to ensure any executing TLBs see cleared bits.
3215 3809 */
3216 3810 new = old;
3217 3811 PTE_CLR(new, PT_REF | PT_MOD | PT_WRITABLE);
3218 3812 old = hati_update_pte(ht, entry, old, new);
3219 3813 if (old != 0)
3220 3814 continue;
3221 3815
3222 3816 break;
3223 3817 }
3224 3818 }
3225 3819 x86_hm_exit(pp);
3226 3820 while (pszc < pp->p_szc) {
3227 3821 page_t *tpp;
3228 3822 pszc++;
3229 3823 tpp = PP_GROUPLEADER(pp, pszc);
3230 3824 if (pp != tpp) {
3231 3825 pp = tpp;
3232 3826 goto next_size;
3233 3827 }
3234 3828 }
3235 3829 XPV_ALLOW_MIGRATE();
3236 3830 }
3237 3831
3238 3832 /*
3239 3833 * void hat_page_setattr(pp, flag)
3240 3834 * void hat_page_clrattr(pp, flag)
3241 3835 * used to set/clr ref/mod bits.
3242 3836 */
3243 3837 void
3244 3838 hat_page_setattr(struct page *pp, uint_t flag)
3245 3839 {
3246 3840 vnode_t *vp = pp->p_vnode;
3247 3841 kmutex_t *vphm = NULL;
3248 3842 page_t **listp;
3249 3843 int noshuffle;
3250 3844
3251 3845 noshuffle = flag & P_NSH;
3252 3846 flag &= ~P_NSH;
3253 3847
3254 3848 if (PP_GETRM(pp, flag) == flag)
3255 3849 return;
3256 3850
3257 3851 if ((flag & P_MOD) != 0 && vp != NULL && IS_VMODSORT(vp) &&
3258 3852 !noshuffle) {
3259 3853 vphm = page_vnode_mutex(vp);
3260 3854 mutex_enter(vphm);
3261 3855 }
3262 3856
3263 3857 PP_SETRM(pp, flag);
3264 3858
3265 3859 if (vphm != NULL) {
3266 3860
3267 3861 /*
3268 3862 * Some File Systems examine v_pages for NULL w/o
3269 3863 * grabbing the vphm mutex. Must not let it become NULL when
3270 3864 * pp is the only page on the list.
3271 3865 */
3272 3866 if (pp->p_vpnext != pp) {
3273 3867 page_vpsub(&vp->v_pages, pp);
3274 3868 if (vp->v_pages != NULL)
3275 3869 listp = &vp->v_pages->p_vpprev->p_vpnext;
3276 3870 else
3277 3871 listp = &vp->v_pages;
3278 3872 page_vpadd(listp, pp);
3279 3873 }
3280 3874 mutex_exit(vphm);
3281 3875 }
3282 3876 }
3283 3877
3284 3878 void
3285 3879 hat_page_clrattr(struct page *pp, uint_t flag)
3286 3880 {
3287 3881 vnode_t *vp = pp->p_vnode;
3288 3882 ASSERT(!(flag & ~(P_MOD | P_REF | P_RO)));
3289 3883
3290 3884 /*
3291 3885 * Caller is expected to hold page's io lock for VMODSORT to work
3292 3886 * correctly with pvn_vplist_dirty() and pvn_getdirty() when mod
3293 3887 * bit is cleared.
3294 3888 * We don't have assert to avoid tripping some existing third party
3295 3889 * code. The dirty page is moved back to top of the v_page list
3296 3890 * after IO is done in pvn_write_done().
3297 3891 */
3298 3892 PP_CLRRM(pp, flag);
3299 3893
3300 3894 if ((flag & P_MOD) != 0 && vp != NULL && IS_VMODSORT(vp)) {
3301 3895
3302 3896 /*
3303 3897 * VMODSORT works by removing write permissions and getting
3304 3898 * a fault when a page is made dirty. At this point
3305 3899 * we need to remove write permission from all mappings
3306 3900 * to this page.
3307 3901 */
3308 3902 hati_page_clrwrt(pp);
3309 3903 }
3310 3904 }
3311 3905
3312 3906 /*
3313 3907 * If flag is specified, returns 0 if attribute is disabled
3314 3908 * and non zero if enabled. If flag specifes multiple attributes
3315 3909 * then returns 0 if ALL attributes are disabled. This is an advisory
3316 3910 * call.
3317 3911 */
3318 3912 uint_t
3319 3913 hat_page_getattr(struct page *pp, uint_t flag)
3320 3914 {
3321 3915 return (PP_GETRM(pp, flag));
3322 3916 }
3323 3917
3324 3918
3325 3919 /*
3326 3920 * common code used by hat_pageunload() and hment_steal()
3327 3921 */
3328 3922 hment_t *
3329 3923 hati_page_unmap(page_t *pp, htable_t *ht, uint_t entry)
3330 3924 {
3331 3925 x86pte_t old_pte;
3332 3926 pfn_t pfn = pp->p_pagenum;
3333 3927 hment_t *hm;
3334 3928
3335 3929 /*
3336 3930 * We need to acquire a hold on the htable in order to
3337 3931 * do the invalidate. We know the htable must exist, since
3338 3932 * unmap's don't release the htable until after removing any
3339 3933 * hment. Having x86_hm_enter() keeps that from proceeding.
3340 3934 */
3341 3935 htable_acquire(ht);
3342 3936
3343 3937 /*
3344 3938 * Invalidate the PTE and remove the hment.
3345 3939 */
3346 3940 old_pte = x86pte_inval(ht, entry, 0, NULL, B_TRUE);
3347 3941 if (PTE2PFN(old_pte, ht->ht_level) != pfn) {
3348 3942 panic("x86pte_inval() failure found PTE = " FMT_PTE
3349 3943 " pfn being unmapped is %lx ht=0x%lx entry=0x%x",
3350 3944 old_pte, pfn, (uintptr_t)ht, entry);
3351 3945 }
3352 3946
3353 3947 /*
3354 3948 * Clean up all the htable information for this mapping
3355 3949 */
3356 3950 ASSERT(ht->ht_valid_cnt > 0);
3357 3951 HTABLE_DEC(ht->ht_valid_cnt);
3358 3952 PGCNT_DEC(ht->ht_hat, ht->ht_level);
3359 3953
3360 3954 /*
3361 3955 * sync ref/mod bits to the page_t
3362 3956 */
3363 3957 if (PTE_GET(old_pte, PT_SOFTWARE) < PT_NOSYNC)
3364 3958 hati_sync_pte_to_page(pp, old_pte, ht->ht_level);
3365 3959
3366 3960 /*
3367 3961 * Remove the mapping list entry for this page.
3368 3962 */
3369 3963 hm = hment_remove(pp, ht, entry);
3370 3964
3371 3965 /*
3372 3966 * drop the mapping list lock so that we might free the
3373 3967 * hment and htable.
3374 3968 */
3375 3969 x86_hm_exit(pp);
3376 3970 htable_release(ht);
3377 3971 return (hm);
3378 3972 }
3379 3973
3380 3974 extern int vpm_enable;
3381 3975 /*
3382 3976 * Unload all translations to a page. If the page is a subpage of a large
3383 3977 * page, the large page mappings are also removed.
3384 3978 *
3385 3979 * The forceflags are unused.
3386 3980 */
3387 3981
3388 3982 /*ARGSUSED*/
3389 3983 static int
3390 3984 hati_pageunload(struct page *pp, uint_t pg_szcd, uint_t forceflag)
3391 3985 {
3392 3986 page_t *cur_pp = pp;
3393 3987 hment_t *hm;
3394 3988 hment_t *prev;
3395 3989 htable_t *ht;
3396 3990 uint_t entry;
3397 3991 level_t level;
3398 3992
3399 3993 XPV_DISALLOW_MIGRATE();
3400 3994
3401 3995 /*
3402 3996 * prevent recursion due to kmem_free()
3403 3997 */
3404 3998 ++curthread->t_hatdepth;
3405 3999 ASSERT(curthread->t_hatdepth < 16);
3406 4000
3407 4001 #if defined(__amd64)
3408 4002 /*
3409 4003 * clear the vpm ref.
3410 4004 */
3411 4005 if (vpm_enable) {
3412 4006 pp->p_vpmref = 0;
3413 4007 }
3414 4008 #endif
3415 4009 /*
3416 4010 * The loop with next_size handles pages with multiple pagesize mappings
3417 4011 */
3418 4012 next_size:
3419 4013 for (;;) {
3420 4014
3421 4015 /*
3422 4016 * Get a mapping list entry
3423 4017 */
3424 4018 x86_hm_enter(cur_pp);
3425 4019 for (prev = NULL; ; prev = hm) {
3426 4020 hm = hment_walk(cur_pp, &ht, &entry, prev);
3427 4021 if (hm == NULL) {
3428 4022 x86_hm_exit(cur_pp);
3429 4023
3430 4024 /*
3431 4025 * If not part of a larger page, we're done.
3432 4026 */
3433 4027 if (cur_pp->p_szc <= pg_szcd) {
3434 4028 ASSERT(curthread->t_hatdepth > 0);
3435 4029 --curthread->t_hatdepth;
3436 4030 XPV_ALLOW_MIGRATE();
3437 4031 return (0);
3438 4032 }
3439 4033
3440 4034 /*
3441 4035 * Else check the next larger page size.
3442 4036 * hat_page_demote() may decrease p_szc
3443 4037 * but that's ok we'll just take an extra
3444 4038 * trip discover there're no larger mappings
3445 4039 * and return.
3446 4040 */
3447 4041 ++pg_szcd;
3448 4042 cur_pp = PP_GROUPLEADER(cur_pp, pg_szcd);
3449 4043 goto next_size;
3450 4044 }
3451 4045
3452 4046 /*
3453 4047 * If this mapping size matches, remove it.
3454 4048 */
3455 4049 level = ht->ht_level;
3456 4050 if (level == pg_szcd)
3457 4051 break;
3458 4052 }
3459 4053
3460 4054 /*
3461 4055 * Remove the mapping list entry for this page.
3462 4056 * Note this does the x86_hm_exit() for us.
3463 4057 */
3464 4058 hm = hati_page_unmap(cur_pp, ht, entry);
3465 4059 if (hm != NULL)
3466 4060 hment_free(hm);
3467 4061 }
3468 4062 }
3469 4063
3470 4064 int
3471 4065 hat_pageunload(struct page *pp, uint_t forceflag)
3472 4066 {
3473 4067 ASSERT(PAGE_EXCL(pp));
3474 4068 return (hati_pageunload(pp, 0, forceflag));
3475 4069 }
3476 4070
3477 4071 /*
3478 4072 * Unload all large mappings to pp and reduce by 1 p_szc field of every large
3479 4073 * page level that included pp.
3480 4074 *
3481 4075 * pp must be locked EXCL. Even though no other constituent pages are locked
3482 4076 * it's legal to unload large mappings to pp because all constituent pages of
3483 4077 * large locked mappings have to be locked SHARED. therefore if we have EXCL
3484 4078 * lock on one of constituent pages none of the large mappings to pp are
3485 4079 * locked.
3486 4080 *
3487 4081 * Change (always decrease) p_szc field starting from the last constituent
3488 4082 * page and ending with root constituent page so that root's pszc always shows
3489 4083 * the area where hat_page_demote() may be active.
3490 4084 *
3491 4085 * This mechanism is only used for file system pages where it's not always
3492 4086 * possible to get EXCL locks on all constituent pages to demote the size code
3493 4087 * (as is done for anonymous or kernel large pages).
3494 4088 */
3495 4089 void
3496 4090 hat_page_demote(page_t *pp)
3497 4091 {
3498 4092 uint_t pszc;
3499 4093 uint_t rszc;
3500 4094 uint_t szc;
3501 4095 page_t *rootpp;
3502 4096 page_t *firstpp;
3503 4097 page_t *lastpp;
3504 4098 pgcnt_t pgcnt;
3505 4099
3506 4100 ASSERT(PAGE_EXCL(pp));
3507 4101 ASSERT(!PP_ISFREE(pp));
3508 4102 ASSERT(page_szc_lock_assert(pp));
3509 4103
3510 4104 if (pp->p_szc == 0)
3511 4105 return;
3512 4106
3513 4107 rootpp = PP_GROUPLEADER(pp, 1);
3514 4108 (void) hati_pageunload(rootpp, 1, HAT_FORCE_PGUNLOAD);
3515 4109
3516 4110 /*
3517 4111 * all large mappings to pp are gone
3518 4112 * and no new can be setup since pp is locked exclusively.
3519 4113 *
3520 4114 * Lock the root to make sure there's only one hat_page_demote()
3521 4115 * outstanding within the area of this root's pszc.
3522 4116 *
3523 4117 * Second potential hat_page_demote() is already eliminated by upper
3524 4118 * VM layer via page_szc_lock() but we don't rely on it and use our
3525 4119 * own locking (so that upper layer locking can be changed without
3526 4120 * assumptions that hat depends on upper layer VM to prevent multiple
3527 4121 * hat_page_demote() to be issued simultaneously to the same large
3528 4122 * page).
3529 4123 */
3530 4124 again:
3531 4125 pszc = pp->p_szc;
3532 4126 if (pszc == 0)
3533 4127 return;
3534 4128 rootpp = PP_GROUPLEADER(pp, pszc);
3535 4129 x86_hm_enter(rootpp);
3536 4130 /*
3537 4131 * If root's p_szc is different from pszc we raced with another
3538 4132 * hat_page_demote(). Drop the lock and try to find the root again.
3539 4133 * If root's p_szc is greater than pszc previous hat_page_demote() is
3540 4134 * not done yet. Take and release mlist lock of root's root to wait
3541 4135 * for previous hat_page_demote() to complete.
3542 4136 */
3543 4137 if ((rszc = rootpp->p_szc) != pszc) {
3544 4138 x86_hm_exit(rootpp);
3545 4139 if (rszc > pszc) {
3546 4140 /* p_szc of a locked non free page can't increase */
3547 4141 ASSERT(pp != rootpp);
3548 4142
3549 4143 rootpp = PP_GROUPLEADER(rootpp, rszc);
3550 4144 x86_hm_enter(rootpp);
3551 4145 x86_hm_exit(rootpp);
3552 4146 }
3553 4147 goto again;
3554 4148 }
3555 4149 ASSERT(pp->p_szc == pszc);
3556 4150
3557 4151 /*
3558 4152 * Decrement by 1 p_szc of every constituent page of a region that
3559 4153 * covered pp. For example if original szc is 3 it gets changed to 2
3560 4154 * everywhere except in region 2 that covered pp. Region 2 that
3561 4155 * covered pp gets demoted to 1 everywhere except in region 1 that
3562 4156 * covered pp. The region 1 that covered pp is demoted to region
3563 4157 * 0. It's done this way because from region 3 we removed level 3
3564 4158 * mappings, from region 2 that covered pp we removed level 2 mappings
3565 4159 * and from region 1 that covered pp we removed level 1 mappings. All
3566 4160 * changes are done from from high pfn's to low pfn's so that roots
3567 4161 * are changed last allowing one to know the largest region where
3568 4162 * hat_page_demote() is stil active by only looking at the root page.
3569 4163 *
3570 4164 * This algorithm is implemented in 2 while loops. First loop changes
3571 4165 * p_szc of pages to the right of pp's level 1 region and second
3572 4166 * loop changes p_szc of pages of level 1 region that covers pp
3573 4167 * and all pages to the left of level 1 region that covers pp.
3574 4168 * In the first loop p_szc keeps dropping with every iteration
3575 4169 * and in the second loop it keeps increasing with every iteration.
3576 4170 *
3577 4171 * First loop description: Demote pages to the right of pp outside of
3578 4172 * level 1 region that covers pp. In every iteration of the while
3579 4173 * loop below find the last page of szc region and the first page of
3580 4174 * (szc - 1) region that is immediately to the right of (szc - 1)
3581 4175 * region that covers pp. From last such page to first such page
3582 4176 * change every page's szc to szc - 1. Decrement szc and continue
3583 4177 * looping until szc is 1. If pp belongs to the last (szc - 1) region
3584 4178 * of szc region skip to the next iteration.
3585 4179 */
3586 4180 szc = pszc;
3587 4181 while (szc > 1) {
3588 4182 lastpp = PP_GROUPLEADER(pp, szc);
3589 4183 pgcnt = page_get_pagecnt(szc);
3590 4184 lastpp += pgcnt - 1;
3591 4185 firstpp = PP_GROUPLEADER(pp, (szc - 1));
3592 4186 pgcnt = page_get_pagecnt(szc - 1);
3593 4187 if (lastpp - firstpp < pgcnt) {
3594 4188 szc--;
3595 4189 continue;
3596 4190 }
3597 4191 firstpp += pgcnt;
3598 4192 while (lastpp != firstpp) {
3599 4193 ASSERT(lastpp->p_szc == pszc);
3600 4194 lastpp->p_szc = szc - 1;
3601 4195 lastpp--;
3602 4196 }
3603 4197 firstpp->p_szc = szc - 1;
3604 4198 szc--;
3605 4199 }
3606 4200
3607 4201 /*
3608 4202 * Second loop description:
3609 4203 * First iteration changes p_szc to 0 of every
3610 4204 * page of level 1 region that covers pp.
3611 4205 * Subsequent iterations find last page of szc region
3612 4206 * immediately to the left of szc region that covered pp
3613 4207 * and first page of (szc + 1) region that covers pp.
3614 4208 * From last to first page change p_szc of every page to szc.
3615 4209 * Increment szc and continue looping until szc is pszc.
3616 4210 * If pp belongs to the fist szc region of (szc + 1) region
3617 4211 * skip to the next iteration.
3618 4212 *
3619 4213 */
3620 4214 szc = 0;
3621 4215 while (szc < pszc) {
3622 4216 firstpp = PP_GROUPLEADER(pp, (szc + 1));
3623 4217 if (szc == 0) {
3624 4218 pgcnt = page_get_pagecnt(1);
3625 4219 lastpp = firstpp + (pgcnt - 1);
3626 4220 } else {
3627 4221 lastpp = PP_GROUPLEADER(pp, szc);
3628 4222 if (firstpp == lastpp) {
3629 4223 szc++;
3630 4224 continue;
3631 4225 }
3632 4226 lastpp--;
3633 4227 pgcnt = page_get_pagecnt(szc);
3634 4228 }
3635 4229 while (lastpp != firstpp) {
3636 4230 ASSERT(lastpp->p_szc == pszc);
3637 4231 lastpp->p_szc = szc;
3638 4232 lastpp--;
3639 4233 }
3640 4234 firstpp->p_szc = szc;
3641 4235 if (firstpp == rootpp)
3642 4236 break;
3643 4237 szc++;
3644 4238 }
3645 4239 x86_hm_exit(rootpp);
3646 4240 }
3647 4241
3648 4242 /*
3649 4243 * get hw stats from hardware into page struct and reset hw stats
3650 4244 * returns attributes of page
3651 4245 * Flags for hat_pagesync, hat_getstat, hat_sync
3652 4246 *
3653 4247 * define HAT_SYNC_ZERORM 0x01
3654 4248 *
3655 4249 * Additional flags for hat_pagesync
3656 4250 *
3657 4251 * define HAT_SYNC_STOPON_REF 0x02
3658 4252 * define HAT_SYNC_STOPON_MOD 0x04
3659 4253 * define HAT_SYNC_STOPON_RM 0x06
3660 4254 * define HAT_SYNC_STOPON_SHARED 0x08
3661 4255 */
3662 4256 uint_t
3663 4257 hat_pagesync(struct page *pp, uint_t flags)
3664 4258 {
3665 4259 hment_t *hm = NULL;
3666 4260 htable_t *ht;
3667 4261 uint_t entry;
3668 4262 x86pte_t old, save_old;
3669 4263 x86pte_t new;
3670 4264 uchar_t nrmbits = P_REF|P_MOD|P_RO;
3671 4265 extern ulong_t po_share;
3672 4266 page_t *save_pp = pp;
3673 4267 uint_t pszc = 0;
3674 4268
3675 4269 ASSERT(PAGE_LOCKED(pp) || panicstr);
3676 4270
3677 4271 if (PP_ISRO(pp) && (flags & HAT_SYNC_STOPON_MOD))
3678 4272 return (pp->p_nrm & nrmbits);
3679 4273
3680 4274 if ((flags & HAT_SYNC_ZERORM) == 0) {
3681 4275
3682 4276 if ((flags & HAT_SYNC_STOPON_REF) != 0 && PP_ISREF(pp))
3683 4277 return (pp->p_nrm & nrmbits);
3684 4278
3685 4279 if ((flags & HAT_SYNC_STOPON_MOD) != 0 && PP_ISMOD(pp))
3686 4280 return (pp->p_nrm & nrmbits);
3687 4281
3688 4282 if ((flags & HAT_SYNC_STOPON_SHARED) != 0 &&
3689 4283 hat_page_getshare(pp) > po_share) {
3690 4284 if (PP_ISRO(pp))
3691 4285 PP_SETREF(pp);
3692 4286 return (pp->p_nrm & nrmbits);
3693 4287 }
3694 4288 }
3695 4289
3696 4290 XPV_DISALLOW_MIGRATE();
3697 4291 next_size:
3698 4292 /*
3699 4293 * walk thru the mapping list syncing (and clearing) ref/mod bits.
3700 4294 */
3701 4295 x86_hm_enter(pp);
3702 4296 while ((hm = hment_walk(pp, &ht, &entry, hm)) != NULL) {
3703 4297 if (ht->ht_level < pszc)
3704 4298 continue;
3705 4299 old = x86pte_get(ht, entry);
3706 4300 try_again:
3707 4301
3708 4302 ASSERT(PTE2PFN(old, ht->ht_level) == pp->p_pagenum);
3709 4303
3710 4304 if (PTE_GET(old, PT_REF | PT_MOD) == 0)
3711 4305 continue;
3712 4306
3713 4307 save_old = old;
3714 4308 if ((flags & HAT_SYNC_ZERORM) != 0) {
3715 4309
3716 4310 /*
3717 4311 * Need to clear ref or mod bits. Need to demap
3718 4312 * to make sure any executing TLBs see cleared bits.
3719 4313 */
3720 4314 new = old;
3721 4315 PTE_CLR(new, PT_REF | PT_MOD);
3722 4316 old = hati_update_pte(ht, entry, old, new);
3723 4317 if (old != 0)
3724 4318 goto try_again;
3725 4319
3726 4320 old = save_old;
3727 4321 }
3728 4322
3729 4323 /*
3730 4324 * Sync the PTE
3731 4325 */
3732 4326 if (!(flags & HAT_SYNC_ZERORM) &&
3733 4327 PTE_GET(old, PT_SOFTWARE) <= PT_NOSYNC)
3734 4328 hati_sync_pte_to_page(pp, old, ht->ht_level);
3735 4329
3736 4330 /*
3737 4331 * can stop short if we found a ref'd or mod'd page
3738 4332 */
3739 4333 if ((flags & HAT_SYNC_STOPON_MOD) && PP_ISMOD(save_pp) ||
3740 4334 (flags & HAT_SYNC_STOPON_REF) && PP_ISREF(save_pp)) {
3741 4335 x86_hm_exit(pp);
3742 4336 goto done;
3743 4337 }
3744 4338 }
3745 4339 x86_hm_exit(pp);
3746 4340 while (pszc < pp->p_szc) {
3747 4341 page_t *tpp;
3748 4342 pszc++;
3749 4343 tpp = PP_GROUPLEADER(pp, pszc);
3750 4344 if (pp != tpp) {
3751 4345 pp = tpp;
3752 4346 goto next_size;
3753 4347 }
3754 4348 }
3755 4349 done:
3756 4350 XPV_ALLOW_MIGRATE();
3757 4351 return (save_pp->p_nrm & nrmbits);
3758 4352 }
3759 4353
3760 4354 /*
3761 4355 * returns approx number of mappings to this pp. A return of 0 implies
3762 4356 * there are no mappings to the page.
3763 4357 */
3764 4358 ulong_t
3765 4359 hat_page_getshare(page_t *pp)
3766 4360 {
3767 4361 uint_t cnt;
3768 4362 cnt = hment_mapcnt(pp);
3769 4363 #if defined(__amd64)
3770 4364 if (vpm_enable && pp->p_vpmref) {
3771 4365 cnt += 1;
3772 4366 }
3773 4367 #endif
3774 4368 return (cnt);
3775 4369 }
3776 4370
3777 4371 /*
3778 4372 * Return 1 the number of mappings exceeds sh_thresh. Return 0
3779 4373 * otherwise.
3780 4374 */
3781 4375 int
3782 4376 hat_page_checkshare(page_t *pp, ulong_t sh_thresh)
3783 4377 {
3784 4378 return (hat_page_getshare(pp) > sh_thresh);
3785 4379 }
3786 4380
3787 4381 /*
3788 4382 * hat_softlock isn't supported anymore
3789 4383 */
3790 4384 /*ARGSUSED*/
3791 4385 faultcode_t
3792 4386 hat_softlock(
3793 4387 hat_t *hat,
3794 4388 caddr_t addr,
3795 4389 size_t *len,
3796 4390 struct page **page_array,
3797 4391 uint_t flags)
3798 4392 {
3799 4393 return (FC_NOSUPPORT);
3800 4394 }
3801 4395
3802 4396
3803 4397
3804 4398 /*
3805 4399 * Routine to expose supported HAT features to platform independent code.
3806 4400 */
3807 4401 /*ARGSUSED*/
3808 4402 int
3809 4403 hat_supported(enum hat_features feature, void *arg)
3810 4404 {
3811 4405 switch (feature) {
3812 4406
3813 4407 case HAT_SHARED_PT: /* this is really ISM */
3814 4408 return (1);
3815 4409
3816 4410 case HAT_DYNAMIC_ISM_UNMAP:
3817 4411 return (0);
3818 4412
3819 4413 case HAT_VMODSORT:
3820 4414 return (1);
3821 4415
3822 4416 case HAT_SHARED_REGIONS:
3823 4417 return (0);
3824 4418
3825 4419 default:
3826 4420 panic("hat_supported() - unknown feature");
3827 4421 }
3828 4422 return (0);
3829 4423 }
3830 4424
3831 4425 /*
3832 4426 * Called when a thread is exiting and has been switched to the kernel AS
3833 4427 */
3834 4428 void
3835 4429 hat_thread_exit(kthread_t *thd)
3836 4430 {
3837 4431 ASSERT(thd->t_procp->p_as == &kas);
3838 4432 XPV_DISALLOW_MIGRATE();
3839 4433 hat_switch(thd->t_procp->p_as->a_hat);
3840 4434 XPV_ALLOW_MIGRATE();
3841 4435 }
3842 4436
3843 4437 /*
3844 4438 * Setup the given brand new hat structure as the new HAT on this cpu's mmu.
3845 4439 */
3846 4440 /*ARGSUSED*/
3847 4441 void
3848 4442 hat_setup(hat_t *hat, int flags)
3849 4443 {
3850 4444 XPV_DISALLOW_MIGRATE();
3851 4445 kpreempt_disable();
3852 4446
3853 4447 hat_switch(hat);
3854 4448
3855 4449 kpreempt_enable();
3856 4450 XPV_ALLOW_MIGRATE();
3857 4451 }
3858 4452
3859 4453 /*
3860 4454 * Prepare for a CPU private mapping for the given address.
3861 4455 *
3862 4456 * The address can only be used from a single CPU and can be remapped
3863 4457 * using hat_mempte_remap(). Return the address of the PTE.
3864 4458 *
3865 4459 * We do the htable_create() if necessary and increment the valid count so
3866 4460 * the htable can't disappear. We also hat_devload() the page table into
3867 4461 * kernel so that the PTE is quickly accessed.
3868 4462 */
3869 4463 hat_mempte_t
3870 4464 hat_mempte_setup(caddr_t addr)
3871 4465 {
3872 4466 uintptr_t va = (uintptr_t)addr;
3873 4467 htable_t *ht;
3874 4468 uint_t entry;
3875 4469 x86pte_t oldpte;
3876 4470 hat_mempte_t p;
3877 4471
3878 4472 ASSERT(IS_PAGEALIGNED(va));
3879 4473 ASSERT(!IN_VA_HOLE(va));
3880 4474 ++curthread->t_hatdepth;
3881 4475 XPV_DISALLOW_MIGRATE();
3882 4476 ht = htable_getpte(kas.a_hat, va, &entry, &oldpte, 0);
3883 4477 if (ht == NULL) {
3884 4478 ht = htable_create(kas.a_hat, va, 0, NULL);
3885 4479 entry = htable_va2entry(va, ht);
3886 4480 ASSERT(ht->ht_level == 0);
3887 4481 oldpte = x86pte_get(ht, entry);
3888 4482 }
3889 4483 if (PTE_ISVALID(oldpte))
3890 4484 panic("hat_mempte_setup(): address already mapped"
3891 4485 "ht=%p, entry=%d, pte=" FMT_PTE, (void *)ht, entry, oldpte);
3892 4486
3893 4487 /*
3894 4488 * increment ht_valid_cnt so that the pagetable can't disappear
3895 4489 */
3896 4490 HTABLE_INC(ht->ht_valid_cnt);
3897 4491
3898 4492 /*
3899 4493 * return the PTE physical address to the caller.
3900 4494 */
3901 4495 htable_release(ht);
3902 4496 XPV_ALLOW_MIGRATE();
3903 4497 p = PT_INDEX_PHYSADDR(pfn_to_pa(ht->ht_pfn), entry);
3904 4498 --curthread->t_hatdepth;
3905 4499 return (p);
3906 4500 }
3907 4501
3908 4502 /*
3909 4503 * Release a CPU private mapping for the given address.
3910 4504 * We decrement the htable valid count so it might be destroyed.
3911 4505 */
3912 4506 /*ARGSUSED1*/
3913 4507 void
3914 4508 hat_mempte_release(caddr_t addr, hat_mempte_t pte_pa)
3915 4509 {
3916 4510 htable_t *ht;
3917 4511
3918 4512 XPV_DISALLOW_MIGRATE();
3919 4513 /*
3920 4514 * invalidate any left over mapping and decrement the htable valid count
3921 4515 */
3922 4516 #ifdef __xpv
3923 4517 if (HYPERVISOR_update_va_mapping((uintptr_t)addr, 0,
3924 4518 UVMF_INVLPG | UVMF_LOCAL))
3925 4519 panic("HYPERVISOR_update_va_mapping() failed");
|
↓ open down ↓ |
762 lines elided |
↑ open up ↑ |
3926 4520 #else
3927 4521 {
3928 4522 x86pte_t *pteptr;
3929 4523
3930 4524 pteptr = x86pte_mapin(mmu_btop(pte_pa),
3931 4525 (pte_pa & MMU_PAGEOFFSET) >> mmu.pte_size_shift, NULL);
3932 4526 if (mmu.pae_hat)
3933 4527 *pteptr = 0;
3934 4528 else
3935 4529 *(x86pte32_t *)pteptr = 0;
3936 - mmu_tlbflush_entry(addr);
4530 + mmu_flush_tlb_kpage((uintptr_t)addr);
3937 4531 x86pte_mapout();
3938 4532 }
3939 4533 #endif
3940 4534
3941 4535 ht = htable_getpte(kas.a_hat, ALIGN2PAGE(addr), NULL, NULL, 0);
3942 4536 if (ht == NULL)
3943 4537 panic("hat_mempte_release(): invalid address");
3944 4538 ASSERT(ht->ht_level == 0);
3945 4539 HTABLE_DEC(ht->ht_valid_cnt);
3946 4540 htable_release(ht);
3947 4541 XPV_ALLOW_MIGRATE();
3948 4542 }
3949 4543
3950 4544 /*
3951 4545 * Apply a temporary CPU private mapping to a page. We flush the TLB only
3952 4546 * on this CPU, so this ought to have been called with preemption disabled.
3953 4547 */
3954 4548 void
3955 4549 hat_mempte_remap(
3956 4550 pfn_t pfn,
3957 4551 caddr_t addr,
3958 4552 hat_mempte_t pte_pa,
3959 4553 uint_t attr,
3960 4554 uint_t flags)
3961 4555 {
3962 4556 uintptr_t va = (uintptr_t)addr;
3963 4557 x86pte_t pte;
3964 4558
3965 4559 /*
3966 4560 * Remap the given PTE to the new page's PFN. Invalidate only
3967 4561 * on this CPU.
3968 4562 */
3969 4563 #ifdef DEBUG
3970 4564 htable_t *ht;
3971 4565 uint_t entry;
3972 4566
3973 4567 ASSERT(IS_PAGEALIGNED(va));
3974 4568 ASSERT(!IN_VA_HOLE(va));
3975 4569 ht = htable_getpte(kas.a_hat, va, &entry, NULL, 0);
3976 4570 ASSERT(ht != NULL);
3977 4571 ASSERT(ht->ht_level == 0);
3978 4572 ASSERT(ht->ht_valid_cnt > 0);
3979 4573 ASSERT(ht->ht_pfn == mmu_btop(pte_pa));
3980 4574 htable_release(ht);
3981 4575 #endif
3982 4576 XPV_DISALLOW_MIGRATE();
3983 4577 pte = hati_mkpte(pfn, attr, 0, flags);
3984 4578 #ifdef __xpv
3985 4579 if (HYPERVISOR_update_va_mapping(va, pte, UVMF_INVLPG | UVMF_LOCAL))
3986 4580 panic("HYPERVISOR_update_va_mapping() failed");
|
↓ open down ↓ |
40 lines elided |
↑ open up ↑ |
3987 4581 #else
3988 4582 {
3989 4583 x86pte_t *pteptr;
3990 4584
3991 4585 pteptr = x86pte_mapin(mmu_btop(pte_pa),
3992 4586 (pte_pa & MMU_PAGEOFFSET) >> mmu.pte_size_shift, NULL);
3993 4587 if (mmu.pae_hat)
3994 4588 *(x86pte_t *)pteptr = pte;
3995 4589 else
3996 4590 *(x86pte32_t *)pteptr = (x86pte32_t)pte;
3997 - mmu_tlbflush_entry(addr);
4591 + mmu_flush_tlb_kpage((uintptr_t)addr);
3998 4592 x86pte_mapout();
3999 4593 }
4000 4594 #endif
4001 4595 XPV_ALLOW_MIGRATE();
4002 4596 }
4003 4597
4004 4598
4005 4599
4006 4600 /*
4007 4601 * Hat locking functions
4008 4602 * XXX - these two functions are currently being used by hatstats
4009 4603 * they can be removed by using a per-as mutex for hatstats.
4010 4604 */
4011 4605 void
4012 4606 hat_enter(hat_t *hat)
4013 4607 {
4014 4608 mutex_enter(&hat->hat_mutex);
4015 4609 }
4016 4610
4017 4611 void
4018 4612 hat_exit(hat_t *hat)
4019 4613 {
4020 4614 mutex_exit(&hat->hat_mutex);
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
4021 4615 }
4022 4616
4023 4617 /*
4024 4618 * HAT part of cpu initialization.
4025 4619 */
4026 4620 void
4027 4621 hat_cpu_online(struct cpu *cpup)
4028 4622 {
4029 4623 if (cpup != CPU) {
4030 4624 x86pte_cpu_init(cpup);
4031 - hat_vlp_setup(cpup);
4625 + hat_pcp_setup(cpup);
4032 4626 }
4033 4627 CPUSET_ATOMIC_ADD(khat_cpuset, cpup->cpu_id);
4034 4628 }
4035 4629
4036 4630 /*
4037 4631 * HAT part of cpu deletion.
4038 4632 * (currently, we only call this after the cpu is safely passivated.)
4039 4633 */
4040 4634 void
4041 4635 hat_cpu_offline(struct cpu *cpup)
4042 4636 {
4043 4637 ASSERT(cpup != CPU);
4044 4638
4045 4639 CPUSET_ATOMIC_DEL(khat_cpuset, cpup->cpu_id);
4046 - hat_vlp_teardown(cpup);
4640 + hat_pcp_teardown(cpup);
4047 4641 x86pte_cpu_fini(cpup);
4048 4642 }
4049 4643
4050 4644 /*
4051 4645 * Function called after all CPUs are brought online.
4052 4646 * Used to remove low address boot mappings.
4053 4647 */
4054 4648 void
4055 4649 clear_boot_mappings(uintptr_t low, uintptr_t high)
4056 4650 {
4057 4651 uintptr_t vaddr = low;
4058 4652 htable_t *ht = NULL;
4059 4653 level_t level;
4060 4654 uint_t entry;
4061 4655 x86pte_t pte;
4062 4656
4063 4657 /*
4064 4658 * On 1st CPU we can unload the prom mappings, basically we blow away
4065 4659 * all virtual mappings under _userlimit.
4066 4660 */
4067 4661 while (vaddr < high) {
4068 4662 pte = htable_walk(kas.a_hat, &ht, &vaddr, high);
4069 4663 if (ht == NULL)
4070 4664 break;
4071 4665
4072 4666 level = ht->ht_level;
4073 4667 entry = htable_va2entry(vaddr, ht);
4074 4668 ASSERT(level <= mmu.max_page_level);
4075 4669 ASSERT(PTE_ISPAGE(pte, level));
4076 4670
4077 4671 /*
4078 4672 * Unload the mapping from the page tables.
4079 4673 */
4080 4674 (void) x86pte_inval(ht, entry, 0, NULL, B_TRUE);
4081 4675 ASSERT(ht->ht_valid_cnt > 0);
4082 4676 HTABLE_DEC(ht->ht_valid_cnt);
4083 4677 PGCNT_DEC(ht->ht_hat, ht->ht_level);
4084 4678
4085 4679 vaddr += LEVEL_SIZE(ht->ht_level);
4086 4680 }
4087 4681 if (ht)
4088 4682 htable_release(ht);
4089 4683 }
4090 4684
4091 4685 /*
4092 4686 * Atomically update a new translation for a single page. If the
4093 4687 * currently installed PTE doesn't match the value we expect to find,
4094 4688 * it's not updated and we return the PTE we found.
4095 4689 *
4096 4690 * If activating nosync or NOWRITE and the page was modified we need to sync
4097 4691 * with the page_t. Also sync with page_t if clearing ref/mod bits.
4098 4692 */
4099 4693 static x86pte_t
4100 4694 hati_update_pte(htable_t *ht, uint_t entry, x86pte_t expected, x86pte_t new)
4101 4695 {
4102 4696 page_t *pp;
4103 4697 uint_t rm = 0;
4104 4698 x86pte_t replaced;
4105 4699
4106 4700 if (PTE_GET(expected, PT_SOFTWARE) < PT_NOSYNC &&
4107 4701 PTE_GET(expected, PT_MOD | PT_REF) &&
4108 4702 (PTE_GET(new, PT_NOSYNC) || !PTE_GET(new, PT_WRITABLE) ||
4109 4703 !PTE_GET(new, PT_MOD | PT_REF))) {
4110 4704
4111 4705 ASSERT(!pfn_is_foreign(PTE2PFN(expected, ht->ht_level)));
4112 4706 pp = page_numtopp_nolock(PTE2PFN(expected, ht->ht_level));
4113 4707 ASSERT(pp != NULL);
4114 4708 if (PTE_GET(expected, PT_MOD))
4115 4709 rm |= P_MOD;
4116 4710 if (PTE_GET(expected, PT_REF))
4117 4711 rm |= P_REF;
4118 4712 PTE_CLR(new, PT_MOD | PT_REF);
4119 4713 }
4120 4714
4121 4715 replaced = x86pte_update(ht, entry, expected, new);
4122 4716 if (replaced != expected)
4123 4717 return (replaced);
4124 4718
4125 4719 if (rm) {
4126 4720 /*
4127 4721 * sync to all constituent pages of a large page
4128 4722 */
4129 4723 pgcnt_t pgcnt = page_get_pagecnt(ht->ht_level);
4130 4724 ASSERT(IS_P2ALIGNED(pp->p_pagenum, pgcnt));
4131 4725 while (pgcnt-- > 0) {
4132 4726 /*
4133 4727 * hat_page_demote() can't decrease
4134 4728 * pszc below this mapping size
4135 4729 * since large mapping existed after we
4136 4730 * took mlist lock.
4137 4731 */
4138 4732 ASSERT(pp->p_szc >= ht->ht_level);
4139 4733 hat_page_setattr(pp, rm);
4140 4734 ++pp;
4141 4735 }
4142 4736 }
4143 4737
4144 4738 return (0);
4145 4739 }
4146 4740
4147 4741 /* ARGSUSED */
4148 4742 void
4149 4743 hat_join_srd(struct hat *hat, vnode_t *evp)
4150 4744 {
4151 4745 }
4152 4746
4153 4747 /* ARGSUSED */
4154 4748 hat_region_cookie_t
4155 4749 hat_join_region(struct hat *hat,
4156 4750 caddr_t r_saddr,
4157 4751 size_t r_size,
4158 4752 void *r_obj,
4159 4753 u_offset_t r_objoff,
4160 4754 uchar_t r_perm,
4161 4755 uchar_t r_pgszc,
4162 4756 hat_rgn_cb_func_t r_cb_function,
4163 4757 uint_t flags)
4164 4758 {
4165 4759 panic("No shared region support on x86");
4166 4760 return (HAT_INVALID_REGION_COOKIE);
4167 4761 }
4168 4762
4169 4763 /* ARGSUSED */
4170 4764 void
4171 4765 hat_leave_region(struct hat *hat, hat_region_cookie_t rcookie, uint_t flags)
4172 4766 {
4173 4767 panic("No shared region support on x86");
4174 4768 }
4175 4769
4176 4770 /* ARGSUSED */
4177 4771 void
4178 4772 hat_dup_region(struct hat *hat, hat_region_cookie_t rcookie)
4179 4773 {
4180 4774 panic("No shared region support on x86");
4181 4775 }
4182 4776
4183 4777
4184 4778 /*
4185 4779 * Kernel Physical Mapping (kpm) facility
4186 4780 *
4187 4781 * Most of the routines needed to support segkpm are almost no-ops on the
4188 4782 * x86 platform. We map in the entire segment when it is created and leave
4189 4783 * it mapped in, so there is no additional work required to set up and tear
4190 4784 * down individual mappings. All of these routines were created to support
4191 4785 * SPARC platforms that have to avoid aliasing in their virtually indexed
4192 4786 * caches.
4193 4787 *
4194 4788 * Most of the routines have sanity checks in them (e.g. verifying that the
4195 4789 * passed-in page is locked). We don't actually care about most of these
4196 4790 * checks on x86, but we leave them in place to identify problems in the
4197 4791 * upper levels.
4198 4792 */
4199 4793
4200 4794 /*
4201 4795 * Map in a locked page and return the vaddr.
4202 4796 */
4203 4797 /*ARGSUSED*/
4204 4798 caddr_t
4205 4799 hat_kpm_mapin(struct page *pp, struct kpme *kpme)
4206 4800 {
4207 4801 caddr_t vaddr;
4208 4802
4209 4803 #ifdef DEBUG
4210 4804 if (kpm_enable == 0) {
4211 4805 cmn_err(CE_WARN, "hat_kpm_mapin: kpm_enable not set\n");
4212 4806 return ((caddr_t)NULL);
4213 4807 }
4214 4808
4215 4809 if (pp == NULL || PAGE_LOCKED(pp) == 0) {
4216 4810 cmn_err(CE_WARN, "hat_kpm_mapin: pp zero or not locked\n");
4217 4811 return ((caddr_t)NULL);
4218 4812 }
4219 4813 #endif
4220 4814
4221 4815 vaddr = hat_kpm_page2va(pp, 1);
4222 4816
4223 4817 return (vaddr);
4224 4818 }
4225 4819
4226 4820 /*
4227 4821 * Mapout a locked page.
4228 4822 */
4229 4823 /*ARGSUSED*/
4230 4824 void
4231 4825 hat_kpm_mapout(struct page *pp, struct kpme *kpme, caddr_t vaddr)
4232 4826 {
4233 4827 #ifdef DEBUG
4234 4828 if (kpm_enable == 0) {
4235 4829 cmn_err(CE_WARN, "hat_kpm_mapout: kpm_enable not set\n");
4236 4830 return;
4237 4831 }
4238 4832
4239 4833 if (IS_KPM_ADDR(vaddr) == 0) {
4240 4834 cmn_err(CE_WARN, "hat_kpm_mapout: no kpm address\n");
4241 4835 return;
4242 4836 }
4243 4837
4244 4838 if (pp == NULL || PAGE_LOCKED(pp) == 0) {
4245 4839 cmn_err(CE_WARN, "hat_kpm_mapout: page zero or not locked\n");
4246 4840 return;
4247 4841 }
4248 4842 #endif
4249 4843 }
4250 4844
4251 4845 /*
4252 4846 * hat_kpm_mapin_pfn is used to obtain a kpm mapping for physical
4253 4847 * memory addresses that are not described by a page_t. It can
4254 4848 * also be used for normal pages that are not locked, but beware
4255 4849 * this is dangerous - no locking is performed, so the identity of
4256 4850 * the page could change. hat_kpm_mapin_pfn is not supported when
4257 4851 * vac_colors > 1, because the chosen va depends on the page identity,
4258 4852 * which could change.
4259 4853 * The caller must only pass pfn's for valid physical addresses; violation
4260 4854 * of this rule will cause panic.
4261 4855 */
4262 4856 caddr_t
4263 4857 hat_kpm_mapin_pfn(pfn_t pfn)
4264 4858 {
4265 4859 caddr_t paddr, vaddr;
4266 4860
4267 4861 if (kpm_enable == 0)
4268 4862 return ((caddr_t)NULL);
4269 4863
4270 4864 paddr = (caddr_t)ptob(pfn);
4271 4865 vaddr = (uintptr_t)kpm_vbase + paddr;
4272 4866
4273 4867 return ((caddr_t)vaddr);
4274 4868 }
4275 4869
4276 4870 /*ARGSUSED*/
4277 4871 void
4278 4872 hat_kpm_mapout_pfn(pfn_t pfn)
4279 4873 {
4280 4874 /* empty */
4281 4875 }
4282 4876
4283 4877 /*
4284 4878 * Return the kpm virtual address for a specific pfn
4285 4879 */
4286 4880 caddr_t
4287 4881 hat_kpm_pfn2va(pfn_t pfn)
4288 4882 {
4289 4883 uintptr_t vaddr = (uintptr_t)kpm_vbase + mmu_ptob(pfn);
4290 4884
4291 4885 ASSERT(!pfn_is_foreign(pfn));
4292 4886 return ((caddr_t)vaddr);
4293 4887 }
4294 4888
4295 4889 /*
4296 4890 * Return the kpm virtual address for the page at pp.
4297 4891 */
4298 4892 /*ARGSUSED*/
4299 4893 caddr_t
4300 4894 hat_kpm_page2va(struct page *pp, int checkswap)
4301 4895 {
4302 4896 return (hat_kpm_pfn2va(pp->p_pagenum));
4303 4897 }
4304 4898
4305 4899 /*
4306 4900 * Return the page frame number for the kpm virtual address vaddr.
4307 4901 */
4308 4902 pfn_t
4309 4903 hat_kpm_va2pfn(caddr_t vaddr)
4310 4904 {
4311 4905 pfn_t pfn;
4312 4906
4313 4907 ASSERT(IS_KPM_ADDR(vaddr));
4314 4908
4315 4909 pfn = (pfn_t)btop(vaddr - kpm_vbase);
4316 4910
4317 4911 return (pfn);
4318 4912 }
4319 4913
4320 4914
4321 4915 /*
4322 4916 * Return the page for the kpm virtual address vaddr.
4323 4917 */
4324 4918 page_t *
4325 4919 hat_kpm_vaddr2page(caddr_t vaddr)
4326 4920 {
4327 4921 pfn_t pfn;
4328 4922
4329 4923 ASSERT(IS_KPM_ADDR(vaddr));
4330 4924
4331 4925 pfn = hat_kpm_va2pfn(vaddr);
4332 4926
4333 4927 return (page_numtopp_nolock(pfn));
4334 4928 }
4335 4929
4336 4930 /*
4337 4931 * hat_kpm_fault is called from segkpm_fault when we take a page fault on a
4338 4932 * KPM page. This should never happen on x86
4339 4933 */
4340 4934 int
4341 4935 hat_kpm_fault(hat_t *hat, caddr_t vaddr)
4342 4936 {
4343 4937 panic("pagefault in seg_kpm. hat: 0x%p vaddr: 0x%p",
4344 4938 (void *)hat, (void *)vaddr);
4345 4939
4346 4940 return (0);
4347 4941 }
4348 4942
4349 4943 /*ARGSUSED*/
4350 4944 void
4351 4945 hat_kpm_mseghash_clear(int nentries)
|
↓ open down ↓ |
295 lines elided |
↑ open up ↑ |
4352 4946 {}
4353 4947
4354 4948 /*ARGSUSED*/
4355 4949 void
4356 4950 hat_kpm_mseghash_update(pgcnt_t inx, struct memseg *msp)
4357 4951 {}
4358 4952
4359 4953 #ifndef __xpv
4360 4954 void
4361 4955 hat_kpm_addmem_mseg_update(struct memseg *msp, pgcnt_t nkpmpgs,
4362 - offset_t kpm_pages_off)
4956 + offset_t kpm_pages_off)
4363 4957 {
4364 4958 _NOTE(ARGUNUSED(nkpmpgs, kpm_pages_off));
4365 4959 pfn_t base, end;
4366 4960
4367 4961 /*
4368 4962 * kphysm_add_memory_dynamic() does not set nkpmpgs
4369 4963 * when page_t memory is externally allocated. That
4370 4964 * code must properly calculate nkpmpgs in all cases
4371 4965 * if nkpmpgs needs to be used at some point.
4372 4966 */
4373 4967
4374 4968 /*
4375 4969 * The meta (page_t) pages for dynamically added memory are allocated
4376 4970 * either from the incoming memory itself or from existing memory.
4377 4971 * In the former case the base of the incoming pages will be different
4378 4972 * than the base of the dynamic segment so call memseg_get_start() to
4379 4973 * get the actual base of the incoming memory for each case.
4380 4974 */
4381 4975
4382 4976 base = memseg_get_start(msp);
4383 4977 end = msp->pages_end;
4384 4978
4385 4979 hat_devload(kas.a_hat, kpm_vbase + mmu_ptob(base),
4386 4980 mmu_ptob(end - base), base, PROT_READ | PROT_WRITE,
4387 4981 HAT_LOAD | HAT_LOAD_LOCK | HAT_LOAD_NOCONSIST);
4388 4982 }
4389 4983
4390 4984 void
4391 4985 hat_kpm_addmem_mseg_insert(struct memseg *msp)
4392 4986 {
4393 4987 _NOTE(ARGUNUSED(msp));
4394 4988 }
4395 4989
4396 4990 void
4397 4991 hat_kpm_addmem_memsegs_update(struct memseg *msp)
4398 4992 {
4399 4993 _NOTE(ARGUNUSED(msp));
4400 4994 }
4401 4995
4402 4996 /*
4403 4997 * Return end of metadata for an already setup memseg.
4404 4998 * X86 platforms don't need per-page meta data to support kpm.
4405 4999 */
4406 5000 caddr_t
4407 5001 hat_kpm_mseg_reuse(struct memseg *msp)
4408 5002 {
4409 5003 return ((caddr_t)msp->epages);
4410 5004 }
|
↓ open down ↓ |
38 lines elided |
↑ open up ↑ |
4411 5005
4412 5006 void
4413 5007 hat_kpm_delmem_mseg_update(struct memseg *msp, struct memseg **mspp)
4414 5008 {
4415 5009 _NOTE(ARGUNUSED(msp, mspp));
4416 5010 ASSERT(0);
4417 5011 }
4418 5012
4419 5013 void
4420 5014 hat_kpm_split_mseg_update(struct memseg *msp, struct memseg **mspp,
4421 - struct memseg *lo, struct memseg *mid, struct memseg *hi)
5015 + struct memseg *lo, struct memseg *mid, struct memseg *hi)
4422 5016 {
4423 5017 _NOTE(ARGUNUSED(msp, mspp, lo, mid, hi));
4424 5018 ASSERT(0);
4425 5019 }
4426 5020
4427 5021 /*
4428 5022 * Walk the memsegs chain, applying func to each memseg span.
4429 5023 */
4430 5024 void
4431 5025 hat_kpm_walk(void (*func)(void *, void *, size_t), void *arg)
4432 5026 {
4433 5027 pfn_t pbase, pend;
4434 5028 void *base;
4435 5029 size_t size;
4436 5030 struct memseg *msp;
4437 5031
4438 5032 for (msp = memsegs; msp; msp = msp->next) {
4439 5033 pbase = msp->pages_base;
4440 5034 pend = msp->pages_end;
4441 5035 base = ptob(pbase) + kpm_vbase;
4442 5036 size = ptob(pend - pbase);
4443 5037 func(arg, base, size);
4444 5038 }
4445 5039 }
4446 5040
4447 5041 #else /* __xpv */
4448 5042
4449 5043 /*
4450 5044 * There are specific Hypervisor calls to establish and remove mappings
4451 5045 * to grant table references and the privcmd driver. We have to ensure
4452 5046 * that a page table actually exists.
4453 5047 */
4454 5048 void
4455 5049 hat_prepare_mapping(hat_t *hat, caddr_t addr, uint64_t *pte_ma)
4456 5050 {
4457 5051 maddr_t base_ma;
4458 5052 htable_t *ht;
4459 5053 uint_t entry;
4460 5054
4461 5055 ASSERT(IS_P2ALIGNED((uintptr_t)addr, MMU_PAGESIZE));
4462 5056 XPV_DISALLOW_MIGRATE();
4463 5057 ht = htable_create(hat, (uintptr_t)addr, 0, NULL);
4464 5058
4465 5059 /*
4466 5060 * if an address for pte_ma is passed in, return the MA of the pte
4467 5061 * for this specific address. This address is only valid as long
4468 5062 * as the htable stays locked.
4469 5063 */
4470 5064 if (pte_ma != NULL) {
4471 5065 entry = htable_va2entry((uintptr_t)addr, ht);
4472 5066 base_ma = pa_to_ma(ptob(ht->ht_pfn));
4473 5067 *pte_ma = base_ma + (entry << mmu.pte_size_shift);
4474 5068 }
4475 5069 XPV_ALLOW_MIGRATE();
4476 5070 }
4477 5071
4478 5072 void
4479 5073 hat_release_mapping(hat_t *hat, caddr_t addr)
4480 5074 {
4481 5075 htable_t *ht;
4482 5076
|
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
4483 5077 ASSERT(IS_P2ALIGNED((uintptr_t)addr, MMU_PAGESIZE));
4484 5078 XPV_DISALLOW_MIGRATE();
4485 5079 ht = htable_lookup(hat, (uintptr_t)addr, 0);
4486 5080 ASSERT(ht != NULL);
4487 5081 ASSERT(ht->ht_busy >= 2);
4488 5082 htable_release(ht);
4489 5083 htable_release(ht);
4490 5084 XPV_ALLOW_MIGRATE();
4491 5085 }
4492 5086 #endif /* __xpv */
5087 +
5088 +/*
5089 + * Helper function to punch in a mapping that we need with the specified
5090 + * attributes.
5091 + */
5092 +void
5093 +hati_cpu_punchin(cpu_t *cpu, uintptr_t va, uint_t attrs)
5094 +{
5095 + int ret;
5096 + pfn_t pfn;
5097 + hat_t *cpu_hat = cpu->cpu_hat_info->hci_user_hat;
5098 +
5099 + ASSERT3S(kpti_enable, ==, 1);
5100 + ASSERT3P(cpu_hat, !=, NULL);
5101 + ASSERT3U(cpu_hat->hat_flags & HAT_PCP, ==, HAT_PCP);
5102 + ASSERT3U(va & MMU_PAGEOFFSET, ==, 0);
5103 +
5104 + pfn = hat_getpfnum(kas.a_hat, (caddr_t)va);
5105 + VERIFY3U(pfn, !=, PFN_INVALID);
5106 +
5107 + /*
5108 + * We purposefully don't try to find the page_t. This means that this
5109 + * will be marked PT_NOCONSIST; however, given that this is pretty much
5110 + * a static mapping that we're using we should be relatively OK.
5111 + */
5112 + attrs |= HAT_STORECACHING_OK;
5113 + ret = hati_load_common(cpu_hat, va, NULL, attrs, 0, 0, pfn);
5114 + VERIFY3S(ret, ==, 0);
5115 +}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX