1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2014 by Delphix. All rights reserved. 25 * Copyright 2015 Joyent, Inc. 26 */ 27 28 #include <sys/types.h> 29 #include <sys/sysmacros.h> 30 #include <sys/kmem.h> 31 #include <sys/atomic.h> 32 #include <sys/bitmap.h> 33 #include <sys/machparam.h> 34 #include <sys/machsystm.h> 35 #include <sys/mman.h> 36 #include <sys/systm.h> 37 #include <sys/cpuvar.h> 38 #include <sys/thread.h> 39 #include <sys/proc.h> 40 #include <sys/cpu.h> 41 #include <sys/kmem.h> 42 #include <sys/disp.h> 43 #include <sys/vmem.h> 44 #include <sys/vmsystm.h> 45 #include <sys/promif.h> 46 #include <sys/var.h> 47 #include <sys/x86_archext.h> 48 #include <sys/archsystm.h> 49 #include <sys/bootconf.h> 50 #include <sys/dumphdr.h> 51 #include <vm/seg_kmem.h> 52 #include <vm/seg_kpm.h> 53 #include <vm/hat.h> 54 #include <vm/hat_i86.h> 55 #include <sys/cmn_err.h> 56 #include <sys/panic.h> 57 58 #ifdef __xpv 59 #include <sys/hypervisor.h> 60 #include <sys/xpv_panic.h> 61 #endif 62 63 #include <sys/bootinfo.h> 64 #include <vm/kboot_mmu.h> 65 66 static void x86pte_zero(htable_t *dest, uint_t entry, uint_t count); 67 68 kmem_cache_t *htable_cache; 69 70 /* 71 * The variable htable_reserve_amount, rather than HTABLE_RESERVE_AMOUNT, 72 * is used in order to facilitate testing of the htable_steal() code. 73 * By resetting htable_reserve_amount to a lower value, we can force 74 * stealing to occur. The reserve amount is a guess to get us through boot. 75 */ 76 #define HTABLE_RESERVE_AMOUNT (200) 77 uint_t htable_reserve_amount = HTABLE_RESERVE_AMOUNT; 78 kmutex_t htable_reserve_mutex; 79 uint_t htable_reserve_cnt; 80 htable_t *htable_reserve_pool; 81 82 /* 83 * Used to hand test htable_steal(). 84 */ 85 #ifdef DEBUG 86 ulong_t force_steal = 0; 87 ulong_t ptable_cnt = 0; 88 #endif 89 90 /* 91 * This variable is so that we can tune this via /etc/system 92 * Any value works, but a power of two <= mmu.ptes_per_table is best. 93 */ 94 uint_t htable_steal_passes = 8; 95 96 /* 97 * mutex stuff for access to htable hash 98 */ 99 #define NUM_HTABLE_MUTEX 128 100 kmutex_t htable_mutex[NUM_HTABLE_MUTEX]; 101 #define HTABLE_MUTEX_HASH(h) ((h) & (NUM_HTABLE_MUTEX - 1)) 102 103 #define HTABLE_ENTER(h) mutex_enter(&htable_mutex[HTABLE_MUTEX_HASH(h)]); 104 #define HTABLE_EXIT(h) mutex_exit(&htable_mutex[HTABLE_MUTEX_HASH(h)]); 105 106 /* 107 * forward declarations 108 */ 109 static void link_ptp(htable_t *higher, htable_t *new, uintptr_t vaddr); 110 static void unlink_ptp(htable_t *higher, htable_t *old, uintptr_t vaddr); 111 static void htable_free(htable_t *ht); 112 static x86pte_t *x86pte_access_pagetable(htable_t *ht, uint_t index); 113 static void x86pte_release_pagetable(htable_t *ht); 114 static x86pte_t x86pte_cas(htable_t *ht, uint_t entry, x86pte_t old, 115 x86pte_t new); 116 117 /* 118 * A counter to track if we are stealing or reaping htables. When non-zero 119 * htable_free() will directly free htables (either to the reserve or kmem) 120 * instead of putting them in a hat's htable cache. 121 */ 122 uint32_t htable_dont_cache = 0; 123 124 /* 125 * Track the number of active pagetables, so we can know how many to reap 126 */ 127 static uint32_t active_ptables = 0; 128 129 #ifdef __xpv 130 /* 131 * Deal with hypervisor complications. 132 */ 133 void 134 xen_flush_va(caddr_t va) 135 { 136 struct mmuext_op t; 137 uint_t count; 138 139 if (IN_XPV_PANIC()) { 140 mmu_tlbflush_entry((caddr_t)va); 141 } else { 142 t.cmd = MMUEXT_INVLPG_LOCAL; 143 t.arg1.linear_addr = (uintptr_t)va; 144 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 145 panic("HYPERVISOR_mmuext_op() failed"); 146 ASSERT(count == 1); 147 } 148 } 149 150 void 151 xen_gflush_va(caddr_t va, cpuset_t cpus) 152 { 153 struct mmuext_op t; 154 uint_t count; 155 156 if (IN_XPV_PANIC()) { 157 mmu_tlbflush_entry((caddr_t)va); 158 return; 159 } 160 161 t.cmd = MMUEXT_INVLPG_MULTI; 162 t.arg1.linear_addr = (uintptr_t)va; 163 /*LINTED: constant in conditional context*/ 164 set_xen_guest_handle(t.arg2.vcpumask, &cpus); 165 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 166 panic("HYPERVISOR_mmuext_op() failed"); 167 ASSERT(count == 1); 168 } 169 170 void 171 xen_flush_tlb() 172 { 173 struct mmuext_op t; 174 uint_t count; 175 176 if (IN_XPV_PANIC()) { 177 xpv_panic_reload_cr3(); 178 } else { 179 t.cmd = MMUEXT_TLB_FLUSH_LOCAL; 180 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 181 panic("HYPERVISOR_mmuext_op() failed"); 182 ASSERT(count == 1); 183 } 184 } 185 186 void 187 xen_gflush_tlb(cpuset_t cpus) 188 { 189 struct mmuext_op t; 190 uint_t count; 191 192 ASSERT(!IN_XPV_PANIC()); 193 t.cmd = MMUEXT_TLB_FLUSH_MULTI; 194 /*LINTED: constant in conditional context*/ 195 set_xen_guest_handle(t.arg2.vcpumask, &cpus); 196 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 197 panic("HYPERVISOR_mmuext_op() failed"); 198 ASSERT(count == 1); 199 } 200 201 /* 202 * Install/Adjust a kpm mapping under the hypervisor. 203 * Value of "how" should be: 204 * PT_WRITABLE | PT_VALID - regular kpm mapping 205 * PT_VALID - make mapping read-only 206 * 0 - remove mapping 207 * 208 * returns 0 on success. non-zero for failure. 209 */ 210 int 211 xen_kpm_page(pfn_t pfn, uint_t how) 212 { 213 paddr_t pa = mmu_ptob((paddr_t)pfn); 214 x86pte_t pte = PT_NOCONSIST | PT_REF | PT_MOD; 215 216 if (kpm_vbase == NULL) 217 return (0); 218 219 if (how) 220 pte |= pa_to_ma(pa) | how; 221 else 222 pte = 0; 223 return (HYPERVISOR_update_va_mapping((uintptr_t)kpm_vbase + pa, 224 pte, UVMF_INVLPG | UVMF_ALL)); 225 } 226 227 void 228 xen_pin(pfn_t pfn, level_t lvl) 229 { 230 struct mmuext_op t; 231 uint_t count; 232 233 t.cmd = MMUEXT_PIN_L1_TABLE + lvl; 234 t.arg1.mfn = pfn_to_mfn(pfn); 235 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 236 panic("HYPERVISOR_mmuext_op() failed"); 237 ASSERT(count == 1); 238 } 239 240 void 241 xen_unpin(pfn_t pfn) 242 { 243 struct mmuext_op t; 244 uint_t count; 245 246 t.cmd = MMUEXT_UNPIN_TABLE; 247 t.arg1.mfn = pfn_to_mfn(pfn); 248 if (HYPERVISOR_mmuext_op(&t, 1, &count, DOMID_SELF) < 0) 249 panic("HYPERVISOR_mmuext_op() failed"); 250 ASSERT(count == 1); 251 } 252 253 static void 254 xen_map(uint64_t pte, caddr_t va) 255 { 256 if (HYPERVISOR_update_va_mapping((uintptr_t)va, pte, 257 UVMF_INVLPG | UVMF_LOCAL)) 258 panic("HYPERVISOR_update_va_mapping() failed"); 259 } 260 #endif /* __xpv */ 261 262 /* 263 * Allocate a memory page for a hardware page table. 264 * 265 * A wrapper around page_get_physical(), with some extra checks. 266 */ 267 static pfn_t 268 ptable_alloc(uintptr_t seed) 269 { 270 pfn_t pfn; 271 page_t *pp; 272 273 pfn = PFN_INVALID; 274 275 /* 276 * The first check is to see if there is memory in the system. If we 277 * drop to throttlefree, then fail the ptable_alloc() and let the 278 * stealing code kick in. Note that we have to do this test here, 279 * since the test in page_create_throttle() would let the NOSLEEP 280 * allocation go through and deplete the page reserves. 281 * 282 * The !NOMEMWAIT() lets pageout, fsflush, etc. skip this check. 283 */ 284 if (!NOMEMWAIT() && freemem <= throttlefree + 1) 285 return (PFN_INVALID); 286 287 #ifdef DEBUG 288 /* 289 * This code makes htable_steal() easier to test. By setting 290 * force_steal we force pagetable allocations to fall 291 * into the stealing code. Roughly 1 in ever "force_steal" 292 * page table allocations will fail. 293 */ 294 if (proc_pageout != NULL && force_steal > 1 && 295 ++ptable_cnt > force_steal) { 296 ptable_cnt = 0; 297 return (PFN_INVALID); 298 } 299 #endif /* DEBUG */ 300 301 pp = page_get_physical(seed); 302 if (pp == NULL) 303 return (PFN_INVALID); 304 ASSERT(PAGE_SHARED(pp)); 305 pfn = pp->p_pagenum; 306 if (pfn == PFN_INVALID) 307 panic("ptable_alloc(): Invalid PFN!!"); 308 atomic_inc_32(&active_ptables); 309 HATSTAT_INC(hs_ptable_allocs); 310 return (pfn); 311 } 312 313 /* 314 * Free an htable's associated page table page. See the comments 315 * for ptable_alloc(). 316 */ 317 static void 318 ptable_free(pfn_t pfn) 319 { 320 page_t *pp = page_numtopp_nolock(pfn); 321 322 /* 323 * need to destroy the page used for the pagetable 324 */ 325 ASSERT(pfn != PFN_INVALID); 326 HATSTAT_INC(hs_ptable_frees); 327 atomic_dec_32(&active_ptables); 328 if (pp == NULL) 329 panic("ptable_free(): no page for pfn!"); 330 ASSERT(PAGE_SHARED(pp)); 331 ASSERT(pfn == pp->p_pagenum); 332 ASSERT(!IN_XPV_PANIC()); 333 334 /* 335 * Get an exclusive lock, might have to wait for a kmem reader. 336 */ 337 if (!page_tryupgrade(pp)) { 338 u_offset_t off = pp->p_offset; 339 page_unlock(pp); 340 pp = page_lookup(&kvp, off, SE_EXCL); 341 if (pp == NULL) 342 panic("page not found"); 343 } 344 #ifdef __xpv 345 if (kpm_vbase && xen_kpm_page(pfn, PT_VALID | PT_WRITABLE) < 0) 346 panic("failure making kpm r/w pfn=0x%lx", pfn); 347 #endif 348 page_hashout(pp, NULL); 349 page_free(pp, 1); 350 page_unresv(1); 351 } 352 353 /* 354 * Put one htable on the reserve list. 355 */ 356 static void 357 htable_put_reserve(htable_t *ht) 358 { 359 ht->ht_hat = NULL; /* no longer tied to a hat */ 360 ASSERT(ht->ht_pfn == PFN_INVALID); 361 HATSTAT_INC(hs_htable_rputs); 362 mutex_enter(&htable_reserve_mutex); 363 ht->ht_next = htable_reserve_pool; 364 htable_reserve_pool = ht; 365 ++htable_reserve_cnt; 366 mutex_exit(&htable_reserve_mutex); 367 } 368 369 /* 370 * Take one htable from the reserve. 371 */ 372 static htable_t * 373 htable_get_reserve(void) 374 { 375 htable_t *ht = NULL; 376 377 mutex_enter(&htable_reserve_mutex); 378 if (htable_reserve_cnt != 0) { 379 ht = htable_reserve_pool; 380 ASSERT(ht != NULL); 381 ASSERT(ht->ht_pfn == PFN_INVALID); 382 htable_reserve_pool = ht->ht_next; 383 --htable_reserve_cnt; 384 HATSTAT_INC(hs_htable_rgets); 385 } 386 mutex_exit(&htable_reserve_mutex); 387 return (ht); 388 } 389 390 /* 391 * Allocate initial htables and put them on the reserve list 392 */ 393 void 394 htable_initial_reserve(uint_t count) 395 { 396 htable_t *ht; 397 398 count += HTABLE_RESERVE_AMOUNT; 399 while (count > 0) { 400 ht = kmem_cache_alloc(htable_cache, KM_NOSLEEP); 401 ASSERT(ht != NULL); 402 403 ASSERT(use_boot_reserve); 404 ht->ht_pfn = PFN_INVALID; 405 htable_put_reserve(ht); 406 --count; 407 } 408 } 409 410 /* 411 * Readjust the reserves after a thread finishes using them. 412 */ 413 void 414 htable_adjust_reserve() 415 { 416 htable_t *ht; 417 418 /* 419 * Free any excess htables in the reserve list 420 */ 421 while (htable_reserve_cnt > htable_reserve_amount && 422 !USE_HAT_RESERVES()) { 423 ht = htable_get_reserve(); 424 if (ht == NULL) 425 return; 426 ASSERT(ht->ht_pfn == PFN_INVALID); 427 kmem_cache_free(htable_cache, ht); 428 } 429 } 430 431 /* 432 * Search the active htables for one to steal. Start at a different hash 433 * bucket every time to help spread the pain of stealing 434 */ 435 static void 436 htable_steal_active(hat_t *hat, uint_t cnt, uint_t threshold, 437 uint_t *stolen, htable_t **list) 438 { 439 static uint_t h_seed = 0; 440 htable_t *higher, *ht; 441 uint_t h, e, h_start; 442 uintptr_t va; 443 x86pte_t pte; 444 445 h = h_start = h_seed++ % hat->hat_num_hash; 446 do { 447 higher = NULL; 448 HTABLE_ENTER(h); 449 for (ht = hat->hat_ht_hash[h]; ht; ht = ht->ht_next) { 450 451 /* 452 * Can we rule out reaping? 453 */ 454 if (ht->ht_busy != 0 || 455 (ht->ht_flags & HTABLE_SHARED_PFN) || 456 ht->ht_level > 0 || ht->ht_valid_cnt > threshold || 457 ht->ht_lock_cnt != 0) 458 continue; 459 460 /* 461 * Increment busy so the htable can't disappear. We 462 * drop the htable mutex to avoid deadlocks with 463 * hat_pageunload() and the hment mutex while we 464 * call hat_pte_unmap() 465 */ 466 ++ht->ht_busy; 467 HTABLE_EXIT(h); 468 469 /* 470 * Try stealing. 471 * - unload and invalidate all PTEs 472 */ 473 for (e = 0, va = ht->ht_vaddr; 474 e < HTABLE_NUM_PTES(ht) && ht->ht_valid_cnt > 0 && 475 ht->ht_busy == 1 && ht->ht_lock_cnt == 0; 476 ++e, va += MMU_PAGESIZE) { 477 pte = x86pte_get(ht, e); 478 if (!PTE_ISVALID(pte)) 479 continue; 480 hat_pte_unmap(ht, e, HAT_UNLOAD, pte, NULL, 481 B_TRUE); 482 } 483 484 /* 485 * Reacquire htable lock. If we didn't remove all 486 * mappings in the table, or another thread added a new 487 * mapping behind us, give up on this table. 488 */ 489 HTABLE_ENTER(h); 490 if (ht->ht_busy != 1 || ht->ht_valid_cnt != 0 || 491 ht->ht_lock_cnt != 0) { 492 --ht->ht_busy; 493 continue; 494 } 495 496 /* 497 * Steal it and unlink the page table. 498 */ 499 higher = ht->ht_parent; 500 unlink_ptp(higher, ht, ht->ht_vaddr); 501 502 /* 503 * remove from the hash list 504 */ 505 if (ht->ht_next) 506 ht->ht_next->ht_prev = ht->ht_prev; 507 508 if (ht->ht_prev) { 509 ht->ht_prev->ht_next = ht->ht_next; 510 } else { 511 ASSERT(hat->hat_ht_hash[h] == ht); 512 hat->hat_ht_hash[h] = ht->ht_next; 513 } 514 515 /* 516 * Break to outer loop to release the 517 * higher (ht_parent) pagetable. This 518 * spreads out the pain caused by 519 * pagefaults. 520 */ 521 ht->ht_next = *list; 522 *list = ht; 523 ++*stolen; 524 break; 525 } 526 HTABLE_EXIT(h); 527 if (higher != NULL) 528 htable_release(higher); 529 if (++h == hat->hat_num_hash) 530 h = 0; 531 } while (*stolen < cnt && h != h_start); 532 } 533 534 /* 535 * Move hat to the end of the kas list 536 */ 537 static void 538 move_victim(hat_t *hat) 539 { 540 ASSERT(MUTEX_HELD(&hat_list_lock)); 541 542 /* unlink victim hat */ 543 if (hat->hat_prev) 544 hat->hat_prev->hat_next = hat->hat_next; 545 else 546 kas.a_hat->hat_next = hat->hat_next; 547 548 if (hat->hat_next) 549 hat->hat_next->hat_prev = hat->hat_prev; 550 else 551 kas.a_hat->hat_prev = hat->hat_prev; 552 /* relink at end of hat list */ 553 hat->hat_next = NULL; 554 hat->hat_prev = kas.a_hat->hat_prev; 555 if (hat->hat_prev) 556 hat->hat_prev->hat_next = hat; 557 else 558 kas.a_hat->hat_next = hat; 559 560 kas.a_hat->hat_prev = hat; 561 } 562 563 /* 564 * This routine steals htables from user processes. Called by htable_reap 565 * (reap=TRUE) or htable_alloc (reap=FALSE). 566 */ 567 static htable_t * 568 htable_steal(uint_t cnt, boolean_t reap) 569 { 570 hat_t *hat = kas.a_hat; /* list starts with khat */ 571 htable_t *list = NULL; 572 htable_t *ht; 573 uint_t stolen = 0; 574 uint_t pass, passes; 575 uint_t threshold; 576 577 /* 578 * Limit htable_steal_passes to something reasonable 579 */ 580 if (htable_steal_passes == 0) 581 htable_steal_passes = 1; 582 if (htable_steal_passes > mmu.ptes_per_table) 583 htable_steal_passes = mmu.ptes_per_table; 584 585 /* 586 * If we're stealing merely as part of kmem reaping (versus stealing 587 * to assure forward progress), we don't want to actually steal any 588 * active htables. (Stealing active htables merely to give memory 589 * back to the system can inadvertently kick off an htable crime wave 590 * as active processes repeatedly steal htables from one another, 591 * plummeting the system into a kind of HAT lawlessness that can 592 * become so violent as to impede the one thing that can end it: the 593 * freeing of memory via ARC reclaim and other means.) So if we're 594 * reaping, we limit ourselves to the first pass that steals cached 595 * htables that aren't in use -- which gives memory back, but averts 596 * the entire breakdown of social order. 597 */ 598 passes = reap ? 0 : htable_steal_passes; 599 600 /* 601 * Loop through all user hats. The 1st pass takes cached htables that 602 * aren't in use. The later passes steal by removing mappings, too. 603 */ 604 atomic_inc_32(&htable_dont_cache); 605 for (pass = 0; pass <= passes && stolen < cnt; ++pass) { 606 threshold = pass * mmu.ptes_per_table / htable_steal_passes; 607 608 mutex_enter(&hat_list_lock); 609 610 /* skip the first hat (kernel) */ 611 hat = kas.a_hat->hat_next; 612 for (;;) { 613 /* 614 * Skip any hat that is already being stolen from. 615 * 616 * We skip SHARED hats, as these are dummy 617 * hats that host ISM shared page tables. 618 * 619 * We also skip if HAT_FREEING because hat_pte_unmap() 620 * won't zero out the PTE's. That would lead to hitting 621 * stale PTEs either here or under hat_unload() when we 622 * steal and unload the same page table in competing 623 * threads. 624 */ 625 while (hat != NULL && 626 (hat->hat_flags & 627 (HAT_VICTIM | HAT_SHARED | HAT_FREEING)) != 0) 628 hat = hat->hat_next; 629 630 if (hat == NULL) 631 break; 632 633 /* 634 * Mark the HAT as a stealing victim so that it is 635 * not freed from under us, e.g. in as_free() 636 */ 637 hat->hat_flags |= HAT_VICTIM; 638 mutex_exit(&hat_list_lock); 639 640 /* 641 * Take any htables from the hat's cached "free" list. 642 */ 643 hat_enter(hat); 644 while ((ht = hat->hat_ht_cached) != NULL && 645 stolen < cnt) { 646 hat->hat_ht_cached = ht->ht_next; 647 ht->ht_next = list; 648 list = ht; 649 ++stolen; 650 } 651 hat_exit(hat); 652 653 /* 654 * Don't steal active htables on first pass. 655 */ 656 if (pass != 0 && (stolen < cnt)) 657 htable_steal_active(hat, cnt, threshold, 658 &stolen, &list); 659 660 /* 661 * do synchronous teardown for the reap case so that 662 * we can forget hat; at this time, hat is 663 * guaranteed to be around because HAT_VICTIM is set 664 * (see htable_free() for similar code) 665 */ 666 for (ht = list; (ht) && (reap); ht = ht->ht_next) { 667 if (ht->ht_hat == NULL) 668 continue; 669 ASSERT(ht->ht_hat == hat); 670 #if defined(__xpv) && defined(__amd64) 671 if (!(ht->ht_flags & HTABLE_VLP) && 672 ht->ht_level == mmu.max_level) { 673 ptable_free(hat->hat_user_ptable); 674 hat->hat_user_ptable = PFN_INVALID; 675 } 676 #endif 677 /* 678 * forget the hat 679 */ 680 ht->ht_hat = NULL; 681 } 682 683 mutex_enter(&hat_list_lock); 684 685 /* 686 * Are we finished? 687 */ 688 if (stolen == cnt) { 689 /* 690 * Try to spread the pain of stealing, 691 * move victim HAT to the end of the HAT list. 692 */ 693 if (pass >= 1 && cnt == 1 && 694 kas.a_hat->hat_prev != hat) 695 move_victim(hat); 696 /* 697 * We are finished 698 */ 699 } 700 701 /* 702 * Clear the victim flag, hat can go away now (once 703 * the lock is dropped) 704 */ 705 if (hat->hat_flags & HAT_VICTIM) { 706 ASSERT(hat != kas.a_hat); 707 hat->hat_flags &= ~HAT_VICTIM; 708 cv_broadcast(&hat_list_cv); 709 } 710 711 /* move on to the next hat */ 712 hat = hat->hat_next; 713 } 714 715 mutex_exit(&hat_list_lock); 716 717 } 718 ASSERT(!MUTEX_HELD(&hat_list_lock)); 719 720 atomic_dec_32(&htable_dont_cache); 721 return (list); 722 } 723 724 /* 725 * This is invoked from kmem when the system is low on memory. We try 726 * to free hments, htables, and ptables to improve the memory situation. 727 */ 728 /*ARGSUSED*/ 729 static void 730 htable_reap(void *handle) 731 { 732 uint_t reap_cnt; 733 htable_t *list; 734 htable_t *ht; 735 736 HATSTAT_INC(hs_reap_attempts); 737 if (!can_steal_post_boot) 738 return; 739 740 /* 741 * Try to reap 5% of the page tables bounded by a maximum of 742 * 5% of physmem and a minimum of 10. 743 */ 744 reap_cnt = MAX(MIN(physmem / 20, active_ptables / 20), 10); 745 746 /* 747 * Note: htable_dont_cache should be set at the time of 748 * invoking htable_free() 749 */ 750 atomic_inc_32(&htable_dont_cache); 751 /* 752 * Let htable_steal() do the work, we just call htable_free() 753 */ 754 XPV_DISALLOW_MIGRATE(); 755 list = htable_steal(reap_cnt, B_TRUE); 756 XPV_ALLOW_MIGRATE(); 757 while ((ht = list) != NULL) { 758 list = ht->ht_next; 759 HATSTAT_INC(hs_reaped); 760 htable_free(ht); 761 } 762 atomic_dec_32(&htable_dont_cache); 763 764 /* 765 * Free up excess reserves 766 */ 767 htable_adjust_reserve(); 768 hment_adjust_reserve(); 769 } 770 771 /* 772 * Allocate an htable, stealing one or using the reserve if necessary 773 */ 774 static htable_t * 775 htable_alloc( 776 hat_t *hat, 777 uintptr_t vaddr, 778 level_t level, 779 htable_t *shared) 780 { 781 htable_t *ht = NULL; 782 uint_t is_vlp; 783 uint_t is_bare = 0; 784 uint_t need_to_zero = 1; 785 int kmflags = (can_steal_post_boot ? KM_NOSLEEP : KM_SLEEP); 786 787 if (level < 0 || level > TOP_LEVEL(hat)) 788 panic("htable_alloc(): level %d out of range\n", level); 789 790 is_vlp = (hat->hat_flags & HAT_VLP) && level == VLP_LEVEL; 791 if (is_vlp || shared != NULL) 792 is_bare = 1; 793 794 /* 795 * First reuse a cached htable from the hat_ht_cached field, this 796 * avoids unnecessary trips through kmem/page allocators. 797 */ 798 if (hat->hat_ht_cached != NULL && !is_bare) { 799 hat_enter(hat); 800 ht = hat->hat_ht_cached; 801 if (ht != NULL) { 802 hat->hat_ht_cached = ht->ht_next; 803 need_to_zero = 0; 804 /* XX64 ASSERT() they're all zero somehow */ 805 ASSERT(ht->ht_pfn != PFN_INVALID); 806 } 807 hat_exit(hat); 808 } 809 810 if (ht == NULL) { 811 /* 812 * Allocate an htable, possibly refilling the reserves. 813 */ 814 if (USE_HAT_RESERVES()) { 815 ht = htable_get_reserve(); 816 } else { 817 /* 818 * Donate successful htable allocations to the reserve. 819 */ 820 for (;;) { 821 ht = kmem_cache_alloc(htable_cache, kmflags); 822 if (ht == NULL) 823 break; 824 ht->ht_pfn = PFN_INVALID; 825 if (USE_HAT_RESERVES() || 826 htable_reserve_cnt >= htable_reserve_amount) 827 break; 828 htable_put_reserve(ht); 829 } 830 } 831 832 /* 833 * allocate a page for the hardware page table if needed 834 */ 835 if (ht != NULL && !is_bare) { 836 ht->ht_hat = hat; 837 ht->ht_pfn = ptable_alloc((uintptr_t)ht); 838 if (ht->ht_pfn == PFN_INVALID) { 839 if (USE_HAT_RESERVES()) 840 htable_put_reserve(ht); 841 else 842 kmem_cache_free(htable_cache, ht); 843 ht = NULL; 844 } 845 } 846 } 847 848 /* 849 * If allocations failed, kick off a kmem_reap() and resort to 850 * htable steal(). We may spin here if the system is very low on 851 * memory. If the kernel itself has consumed all memory and kmem_reap() 852 * can't free up anything, then we'll really get stuck here. 853 * That should only happen in a system where the administrator has 854 * misconfigured VM parameters via /etc/system. 855 */ 856 while (ht == NULL && can_steal_post_boot) { 857 kmem_reap(); 858 ht = htable_steal(1, B_FALSE); 859 HATSTAT_INC(hs_steals); 860 861 /* 862 * If we stole for a bare htable, release the pagetable page. 863 */ 864 if (ht != NULL) { 865 if (is_bare) { 866 ptable_free(ht->ht_pfn); 867 ht->ht_pfn = PFN_INVALID; 868 #if defined(__xpv) && defined(__amd64) 869 /* 870 * make stolen page table writable again in kpm 871 */ 872 } else if (kpm_vbase && xen_kpm_page(ht->ht_pfn, 873 PT_VALID | PT_WRITABLE) < 0) { 874 panic("failure making kpm r/w pfn=0x%lx", 875 ht->ht_pfn); 876 #endif 877 } 878 } 879 } 880 881 /* 882 * All attempts to allocate or steal failed. This should only happen 883 * if we run out of memory during boot, due perhaps to a huge 884 * boot_archive. At this point there's no way to continue. 885 */ 886 if (ht == NULL) 887 panic("htable_alloc(): couldn't steal\n"); 888 889 #if defined(__amd64) && defined(__xpv) 890 /* 891 * Under the 64-bit hypervisor, we have 2 top level page tables. 892 * If this allocation fails, we'll resort to stealing. 893 * We use the stolen page indirectly, by freeing the 894 * stolen htable first. 895 */ 896 if (level == mmu.max_level) { 897 for (;;) { 898 htable_t *stolen; 899 900 hat->hat_user_ptable = ptable_alloc((uintptr_t)ht + 1); 901 if (hat->hat_user_ptable != PFN_INVALID) 902 break; 903 stolen = htable_steal(1, B_FALSE); 904 if (stolen == NULL) 905 panic("2nd steal ptable failed\n"); 906 htable_free(stolen); 907 } 908 block_zero_no_xmm(kpm_vbase + pfn_to_pa(hat->hat_user_ptable), 909 MMU_PAGESIZE); 910 } 911 #endif 912 913 /* 914 * Shared page tables have all entries locked and entries may not 915 * be added or deleted. 916 */ 917 ht->ht_flags = 0; 918 if (shared != NULL) { 919 ASSERT(shared->ht_valid_cnt > 0); 920 ht->ht_flags |= HTABLE_SHARED_PFN; 921 ht->ht_pfn = shared->ht_pfn; 922 ht->ht_lock_cnt = 0; 923 ht->ht_valid_cnt = 0; /* updated in hat_share() */ 924 ht->ht_shares = shared; 925 need_to_zero = 0; 926 } else { 927 ht->ht_shares = NULL; 928 ht->ht_lock_cnt = 0; 929 ht->ht_valid_cnt = 0; 930 } 931 932 /* 933 * setup flags, etc. for VLP htables 934 */ 935 if (is_vlp) { 936 ht->ht_flags |= HTABLE_VLP; 937 ASSERT(ht->ht_pfn == PFN_INVALID); 938 need_to_zero = 0; 939 } 940 941 /* 942 * fill in the htable 943 */ 944 ht->ht_hat = hat; 945 ht->ht_parent = NULL; 946 ht->ht_vaddr = vaddr; 947 ht->ht_level = level; 948 ht->ht_busy = 1; 949 ht->ht_next = NULL; 950 ht->ht_prev = NULL; 951 952 /* 953 * Zero out any freshly allocated page table 954 */ 955 if (need_to_zero) 956 x86pte_zero(ht, 0, mmu.ptes_per_table); 957 958 #if defined(__amd64) && defined(__xpv) 959 if (!is_bare && kpm_vbase) { 960 (void) xen_kpm_page(ht->ht_pfn, PT_VALID); 961 if (level == mmu.max_level) 962 (void) xen_kpm_page(hat->hat_user_ptable, PT_VALID); 963 } 964 #endif 965 966 return (ht); 967 } 968 969 /* 970 * Free up an htable, either to a hat's cached list, the reserves or 971 * back to kmem. 972 */ 973 static void 974 htable_free(htable_t *ht) 975 { 976 hat_t *hat = ht->ht_hat; 977 978 /* 979 * If the process isn't exiting, cache the free htable in the hat 980 * structure. We always do this for the boot time reserve. We don't 981 * do this if the hat is exiting or we are stealing/reaping htables. 982 */ 983 if (hat != NULL && 984 !(ht->ht_flags & HTABLE_SHARED_PFN) && 985 (use_boot_reserve || 986 (!(hat->hat_flags & HAT_FREEING) && !htable_dont_cache))) { 987 ASSERT((ht->ht_flags & HTABLE_VLP) == 0); 988 ASSERT(ht->ht_pfn != PFN_INVALID); 989 hat_enter(hat); 990 ht->ht_next = hat->hat_ht_cached; 991 hat->hat_ht_cached = ht; 992 hat_exit(hat); 993 return; 994 } 995 996 /* 997 * If we have a hardware page table, free it. 998 * We don't free page tables that are accessed by sharing. 999 */ 1000 if (ht->ht_flags & HTABLE_SHARED_PFN) { 1001 ASSERT(ht->ht_pfn != PFN_INVALID); 1002 } else if (!(ht->ht_flags & HTABLE_VLP)) { 1003 ptable_free(ht->ht_pfn); 1004 #if defined(__amd64) && defined(__xpv) 1005 if (ht->ht_level == mmu.max_level && hat != NULL) { 1006 ptable_free(hat->hat_user_ptable); 1007 hat->hat_user_ptable = PFN_INVALID; 1008 } 1009 #endif 1010 } 1011 ht->ht_pfn = PFN_INVALID; 1012 1013 /* 1014 * Free it or put into reserves. 1015 */ 1016 if (USE_HAT_RESERVES() || htable_reserve_cnt < htable_reserve_amount) { 1017 htable_put_reserve(ht); 1018 } else { 1019 kmem_cache_free(htable_cache, ht); 1020 htable_adjust_reserve(); 1021 } 1022 } 1023 1024 1025 /* 1026 * This is called when a hat is being destroyed or swapped out. We reap all 1027 * the remaining htables in the hat cache. If destroying all left over 1028 * htables are also destroyed. 1029 * 1030 * We also don't need to invalidate any of the PTPs nor do any demapping. 1031 */ 1032 void 1033 htable_purge_hat(hat_t *hat) 1034 { 1035 htable_t *ht; 1036 int h; 1037 1038 /* 1039 * Purge the htable cache if just reaping. 1040 */ 1041 if (!(hat->hat_flags & HAT_FREEING)) { 1042 atomic_inc_32(&htable_dont_cache); 1043 for (;;) { 1044 hat_enter(hat); 1045 ht = hat->hat_ht_cached; 1046 if (ht == NULL) { 1047 hat_exit(hat); 1048 break; 1049 } 1050 hat->hat_ht_cached = ht->ht_next; 1051 hat_exit(hat); 1052 htable_free(ht); 1053 } 1054 atomic_dec_32(&htable_dont_cache); 1055 return; 1056 } 1057 1058 /* 1059 * if freeing, no locking is needed 1060 */ 1061 while ((ht = hat->hat_ht_cached) != NULL) { 1062 hat->hat_ht_cached = ht->ht_next; 1063 htable_free(ht); 1064 } 1065 1066 /* 1067 * walk thru the htable hash table and free all the htables in it. 1068 */ 1069 for (h = 0; h < hat->hat_num_hash; ++h) { 1070 while ((ht = hat->hat_ht_hash[h]) != NULL) { 1071 if (ht->ht_next) 1072 ht->ht_next->ht_prev = ht->ht_prev; 1073 1074 if (ht->ht_prev) { 1075 ht->ht_prev->ht_next = ht->ht_next; 1076 } else { 1077 ASSERT(hat->hat_ht_hash[h] == ht); 1078 hat->hat_ht_hash[h] = ht->ht_next; 1079 } 1080 htable_free(ht); 1081 } 1082 } 1083 } 1084 1085 /* 1086 * Unlink an entry for a table at vaddr and level out of the existing table 1087 * one level higher. We are always holding the HASH_ENTER() when doing this. 1088 */ 1089 static void 1090 unlink_ptp(htable_t *higher, htable_t *old, uintptr_t vaddr) 1091 { 1092 uint_t entry = htable_va2entry(vaddr, higher); 1093 x86pte_t expect = MAKEPTP(old->ht_pfn, old->ht_level); 1094 x86pte_t found; 1095 hat_t *hat = old->ht_hat; 1096 1097 ASSERT(higher->ht_busy > 0); 1098 ASSERT(higher->ht_valid_cnt > 0); 1099 ASSERT(old->ht_valid_cnt == 0); 1100 found = x86pte_cas(higher, entry, expect, 0); 1101 #ifdef __xpv 1102 /* 1103 * This is weird, but Xen apparently automatically unlinks empty 1104 * pagetables from the upper page table. So allow PTP to be 0 already. 1105 */ 1106 if (found != expect && found != 0) 1107 #else 1108 if (found != expect) 1109 #endif 1110 panic("Bad PTP found=" FMT_PTE ", expected=" FMT_PTE, 1111 found, expect); 1112 1113 /* 1114 * When a top level VLP page table entry changes, we must issue 1115 * a reload of cr3 on all processors. 1116 * 1117 * If we don't need do do that, then we still have to INVLPG against 1118 * an address covered by the inner page table, as the latest processors 1119 * have TLB-like caches for non-leaf page table entries. 1120 */ 1121 if (!(hat->hat_flags & HAT_FREEING)) { 1122 hat_tlb_inval(hat, (higher->ht_flags & HTABLE_VLP) ? 1123 DEMAP_ALL_ADDR : old->ht_vaddr); 1124 } 1125 1126 HTABLE_DEC(higher->ht_valid_cnt); 1127 } 1128 1129 /* 1130 * Link an entry for a new table at vaddr and level into the existing table 1131 * one level higher. We are always holding the HASH_ENTER() when doing this. 1132 */ 1133 static void 1134 link_ptp(htable_t *higher, htable_t *new, uintptr_t vaddr) 1135 { 1136 uint_t entry = htable_va2entry(vaddr, higher); 1137 x86pte_t newptp = MAKEPTP(new->ht_pfn, new->ht_level); 1138 x86pte_t found; 1139 1140 ASSERT(higher->ht_busy > 0); 1141 1142 ASSERT(new->ht_level != mmu.max_level); 1143 1144 HTABLE_INC(higher->ht_valid_cnt); 1145 1146 found = x86pte_cas(higher, entry, 0, newptp); 1147 if ((found & ~PT_REF) != 0) 1148 panic("HAT: ptp not 0, found=" FMT_PTE, found); 1149 1150 /* 1151 * When any top level VLP page table entry changes, we must issue 1152 * a reload of cr3 on all processors using it. 1153 * We also need to do this for the kernel hat on PAE 32 bit kernel. 1154 */ 1155 if ( 1156 #ifdef __i386 1157 (higher->ht_hat == kas.a_hat && higher->ht_level == VLP_LEVEL) || 1158 #endif 1159 (higher->ht_flags & HTABLE_VLP)) 1160 hat_tlb_inval(higher->ht_hat, DEMAP_ALL_ADDR); 1161 } 1162 1163 /* 1164 * Release of hold on an htable. If this is the last use and the pagetable 1165 * is empty we may want to free it, then recursively look at the pagetable 1166 * above it. The recursion is handled by the outer while() loop. 1167 * 1168 * On the metal, during process exit, we don't bother unlinking the tables from 1169 * upper level pagetables. They are instead handled in bulk by hat_free_end(). 1170 * We can't do this on the hypervisor as we need the page table to be 1171 * implicitly unpinnned before it goes to the free page lists. This can't 1172 * happen unless we fully unlink it from the page table hierarchy. 1173 */ 1174 void 1175 htable_release(htable_t *ht) 1176 { 1177 uint_t hashval; 1178 htable_t *shared; 1179 htable_t *higher; 1180 hat_t *hat; 1181 uintptr_t va; 1182 level_t level; 1183 1184 while (ht != NULL) { 1185 shared = NULL; 1186 for (;;) { 1187 hat = ht->ht_hat; 1188 va = ht->ht_vaddr; 1189 level = ht->ht_level; 1190 hashval = HTABLE_HASH(hat, va, level); 1191 1192 /* 1193 * The common case is that this isn't the last use of 1194 * an htable so we don't want to free the htable. 1195 */ 1196 HTABLE_ENTER(hashval); 1197 ASSERT(ht->ht_valid_cnt >= 0); 1198 ASSERT(ht->ht_busy > 0); 1199 if (ht->ht_valid_cnt > 0) 1200 break; 1201 if (ht->ht_busy > 1) 1202 break; 1203 ASSERT(ht->ht_lock_cnt == 0); 1204 1205 #if !defined(__xpv) 1206 /* 1207 * we always release empty shared htables 1208 */ 1209 if (!(ht->ht_flags & HTABLE_SHARED_PFN)) { 1210 1211 /* 1212 * don't release if in address space tear down 1213 */ 1214 if (hat->hat_flags & HAT_FREEING) 1215 break; 1216 1217 /* 1218 * At and above max_page_level, free if it's for 1219 * a boot-time kernel mapping below kernelbase. 1220 */ 1221 if (level >= mmu.max_page_level && 1222 (hat != kas.a_hat || va >= kernelbase)) 1223 break; 1224 } 1225 #endif /* __xpv */ 1226 1227 /* 1228 * Remember if we destroy an htable that shares its PFN 1229 * from elsewhere. 1230 */ 1231 if (ht->ht_flags & HTABLE_SHARED_PFN) { 1232 ASSERT(shared == NULL); 1233 shared = ht->ht_shares; 1234 HATSTAT_INC(hs_htable_unshared); 1235 } 1236 1237 /* 1238 * Handle release of a table and freeing the htable_t. 1239 * Unlink it from the table higher (ie. ht_parent). 1240 */ 1241 higher = ht->ht_parent; 1242 ASSERT(higher != NULL); 1243 1244 /* 1245 * Unlink the pagetable. 1246 */ 1247 unlink_ptp(higher, ht, va); 1248 1249 /* 1250 * remove this htable from its hash list 1251 */ 1252 if (ht->ht_next) 1253 ht->ht_next->ht_prev = ht->ht_prev; 1254 1255 if (ht->ht_prev) { 1256 ht->ht_prev->ht_next = ht->ht_next; 1257 } else { 1258 ASSERT(hat->hat_ht_hash[hashval] == ht); 1259 hat->hat_ht_hash[hashval] = ht->ht_next; 1260 } 1261 HTABLE_EXIT(hashval); 1262 htable_free(ht); 1263 ht = higher; 1264 } 1265 1266 ASSERT(ht->ht_busy >= 1); 1267 --ht->ht_busy; 1268 HTABLE_EXIT(hashval); 1269 1270 /* 1271 * If we released a shared htable, do a release on the htable 1272 * from which it shared 1273 */ 1274 ht = shared; 1275 } 1276 } 1277 1278 /* 1279 * Find the htable for the pagetable at the given level for the given address. 1280 * If found acquires a hold that eventually needs to be htable_release()d 1281 */ 1282 htable_t * 1283 htable_lookup(hat_t *hat, uintptr_t vaddr, level_t level) 1284 { 1285 uintptr_t base; 1286 uint_t hashval; 1287 htable_t *ht = NULL; 1288 1289 ASSERT(level >= 0); 1290 ASSERT(level <= TOP_LEVEL(hat)); 1291 1292 if (level == TOP_LEVEL(hat)) { 1293 #if defined(__amd64) 1294 /* 1295 * 32 bit address spaces on 64 bit kernels need to check 1296 * for overflow of the 32 bit address space 1297 */ 1298 if ((hat->hat_flags & HAT_VLP) && vaddr >= ((uint64_t)1 << 32)) 1299 return (NULL); 1300 #endif 1301 base = 0; 1302 } else { 1303 base = vaddr & LEVEL_MASK(level + 1); 1304 } 1305 1306 hashval = HTABLE_HASH(hat, base, level); 1307 HTABLE_ENTER(hashval); 1308 for (ht = hat->hat_ht_hash[hashval]; ht; ht = ht->ht_next) { 1309 if (ht->ht_hat == hat && 1310 ht->ht_vaddr == base && 1311 ht->ht_level == level) 1312 break; 1313 } 1314 if (ht) 1315 ++ht->ht_busy; 1316 1317 HTABLE_EXIT(hashval); 1318 return (ht); 1319 } 1320 1321 /* 1322 * Acquires a hold on a known htable (from a locked hment entry). 1323 */ 1324 void 1325 htable_acquire(htable_t *ht) 1326 { 1327 hat_t *hat = ht->ht_hat; 1328 level_t level = ht->ht_level; 1329 uintptr_t base = ht->ht_vaddr; 1330 uint_t hashval = HTABLE_HASH(hat, base, level); 1331 1332 HTABLE_ENTER(hashval); 1333 #ifdef DEBUG 1334 /* 1335 * make sure the htable is there 1336 */ 1337 { 1338 htable_t *h; 1339 1340 for (h = hat->hat_ht_hash[hashval]; 1341 h && h != ht; 1342 h = h->ht_next) 1343 ; 1344 ASSERT(h == ht); 1345 } 1346 #endif /* DEBUG */ 1347 ++ht->ht_busy; 1348 HTABLE_EXIT(hashval); 1349 } 1350 1351 /* 1352 * Find the htable for the pagetable at the given level for the given address. 1353 * If found acquires a hold that eventually needs to be htable_release()d 1354 * If not found the table is created. 1355 * 1356 * Since we can't hold a hash table mutex during allocation, we have to 1357 * drop it and redo the search on a create. Then we may have to free the newly 1358 * allocated htable if another thread raced in and created it ahead of us. 1359 */ 1360 htable_t * 1361 htable_create( 1362 hat_t *hat, 1363 uintptr_t vaddr, 1364 level_t level, 1365 htable_t *shared) 1366 { 1367 uint_t h; 1368 level_t l; 1369 uintptr_t base; 1370 htable_t *ht; 1371 htable_t *higher = NULL; 1372 htable_t *new = NULL; 1373 1374 if (level < 0 || level > TOP_LEVEL(hat)) 1375 panic("htable_create(): level %d out of range\n", level); 1376 1377 /* 1378 * Create the page tables in top down order. 1379 */ 1380 for (l = TOP_LEVEL(hat); l >= level; --l) { 1381 new = NULL; 1382 if (l == TOP_LEVEL(hat)) 1383 base = 0; 1384 else 1385 base = vaddr & LEVEL_MASK(l + 1); 1386 1387 h = HTABLE_HASH(hat, base, l); 1388 try_again: 1389 /* 1390 * look up the htable at this level 1391 */ 1392 HTABLE_ENTER(h); 1393 if (l == TOP_LEVEL(hat)) { 1394 ht = hat->hat_htable; 1395 } else { 1396 for (ht = hat->hat_ht_hash[h]; ht; ht = ht->ht_next) { 1397 ASSERT(ht->ht_hat == hat); 1398 if (ht->ht_vaddr == base && 1399 ht->ht_level == l) 1400 break; 1401 } 1402 } 1403 1404 /* 1405 * if we found the htable, increment its busy cnt 1406 * and if we had allocated a new htable, free it. 1407 */ 1408 if (ht != NULL) { 1409 /* 1410 * If we find a pre-existing shared table, it must 1411 * share from the same place. 1412 */ 1413 if (l == level && shared && ht->ht_shares && 1414 ht->ht_shares != shared) { 1415 panic("htable shared from wrong place " 1416 "found htable=%p shared=%p", 1417 (void *)ht, (void *)shared); 1418 } 1419 ++ht->ht_busy; 1420 HTABLE_EXIT(h); 1421 if (new) 1422 htable_free(new); 1423 if (higher != NULL) 1424 htable_release(higher); 1425 higher = ht; 1426 1427 /* 1428 * if we didn't find it on the first search 1429 * allocate a new one and search again 1430 */ 1431 } else if (new == NULL) { 1432 HTABLE_EXIT(h); 1433 new = htable_alloc(hat, base, l, 1434 l == level ? shared : NULL); 1435 goto try_again; 1436 1437 /* 1438 * 2nd search and still not there, use "new" table 1439 * Link new table into higher, when not at top level. 1440 */ 1441 } else { 1442 ht = new; 1443 if (higher != NULL) { 1444 link_ptp(higher, ht, base); 1445 ht->ht_parent = higher; 1446 } 1447 ht->ht_next = hat->hat_ht_hash[h]; 1448 ASSERT(ht->ht_prev == NULL); 1449 if (hat->hat_ht_hash[h]) 1450 hat->hat_ht_hash[h]->ht_prev = ht; 1451 hat->hat_ht_hash[h] = ht; 1452 HTABLE_EXIT(h); 1453 1454 /* 1455 * Note we don't do htable_release(higher). 1456 * That happens recursively when "new" is removed by 1457 * htable_release() or htable_steal(). 1458 */ 1459 higher = ht; 1460 1461 /* 1462 * If we just created a new shared page table we 1463 * increment the shared htable's busy count, so that 1464 * it can't be the victim of a steal even if it's empty. 1465 */ 1466 if (l == level && shared) { 1467 (void) htable_lookup(shared->ht_hat, 1468 shared->ht_vaddr, shared->ht_level); 1469 HATSTAT_INC(hs_htable_shared); 1470 } 1471 } 1472 } 1473 1474 return (ht); 1475 } 1476 1477 /* 1478 * Inherit initial pagetables from the boot program. On the 64-bit 1479 * hypervisor we also temporarily mark the p_index field of page table 1480 * pages, so we know not to try making them writable in seg_kpm. 1481 */ 1482 void 1483 htable_attach( 1484 hat_t *hat, 1485 uintptr_t base, 1486 level_t level, 1487 htable_t *parent, 1488 pfn_t pfn) 1489 { 1490 htable_t *ht; 1491 uint_t h; 1492 uint_t i; 1493 x86pte_t pte; 1494 x86pte_t *ptep; 1495 page_t *pp; 1496 extern page_t *boot_claim_page(pfn_t); 1497 1498 ht = htable_get_reserve(); 1499 if (level == mmu.max_level) 1500 kas.a_hat->hat_htable = ht; 1501 ht->ht_hat = hat; 1502 ht->ht_parent = parent; 1503 ht->ht_vaddr = base; 1504 ht->ht_level = level; 1505 ht->ht_busy = 1; 1506 ht->ht_next = NULL; 1507 ht->ht_prev = NULL; 1508 ht->ht_flags = 0; 1509 ht->ht_pfn = pfn; 1510 ht->ht_lock_cnt = 0; 1511 ht->ht_valid_cnt = 0; 1512 if (parent != NULL) 1513 ++parent->ht_busy; 1514 1515 h = HTABLE_HASH(hat, base, level); 1516 HTABLE_ENTER(h); 1517 ht->ht_next = hat->hat_ht_hash[h]; 1518 ASSERT(ht->ht_prev == NULL); 1519 if (hat->hat_ht_hash[h]) 1520 hat->hat_ht_hash[h]->ht_prev = ht; 1521 hat->hat_ht_hash[h] = ht; 1522 HTABLE_EXIT(h); 1523 1524 /* 1525 * make sure the page table physical page is not FREE 1526 */ 1527 if (page_resv(1, KM_NOSLEEP) == 0) 1528 panic("page_resv() failed in ptable alloc"); 1529 1530 pp = boot_claim_page(pfn); 1531 ASSERT(pp != NULL); 1532 1533 /* 1534 * Page table pages that were allocated by dboot or 1535 * in very early startup didn't go through boot_mapin() 1536 * and so won't have vnode/offsets. Fix that here. 1537 */ 1538 if (pp->p_vnode == NULL) { 1539 /* match offset calculation in page_get_physical() */ 1540 u_offset_t offset = (uintptr_t)ht; 1541 if (offset > kernelbase) 1542 offset -= kernelbase; 1543 offset <<= MMU_PAGESHIFT; 1544 #if defined(__amd64) 1545 offset += mmu.hole_start; /* something in VA hole */ 1546 #else 1547 offset += 1ULL << 40; /* something > 4 Gig */ 1548 #endif 1549 ASSERT(page_exists(&kvp, offset) == NULL); 1550 (void) page_hashin(pp, &kvp, offset, NULL); 1551 } 1552 page_downgrade(pp); 1553 #if defined(__xpv) && defined(__amd64) 1554 /* 1555 * Record in the page_t that is a pagetable for segkpm setup. 1556 */ 1557 if (kpm_vbase) 1558 pp->p_index = 1; 1559 #endif 1560 1561 /* 1562 * Count valid mappings and recursively attach lower level pagetables. 1563 */ 1564 ptep = kbm_remap_window(pfn_to_pa(pfn), 0); 1565 for (i = 0; i < HTABLE_NUM_PTES(ht); ++i) { 1566 if (mmu.pae_hat) 1567 pte = ptep[i]; 1568 else 1569 pte = ((x86pte32_t *)ptep)[i]; 1570 if (!IN_HYPERVISOR_VA(base) && PTE_ISVALID(pte)) { 1571 ++ht->ht_valid_cnt; 1572 if (!PTE_ISPAGE(pte, level)) { 1573 htable_attach(hat, base, level - 1, 1574 ht, PTE2PFN(pte, level)); 1575 ptep = kbm_remap_window(pfn_to_pa(pfn), 0); 1576 } 1577 } 1578 base += LEVEL_SIZE(level); 1579 if (base == mmu.hole_start) 1580 base = (mmu.hole_end + MMU_PAGEOFFSET) & MMU_PAGEMASK; 1581 } 1582 1583 /* 1584 * As long as all the mappings we had were below kernel base 1585 * we can release the htable. 1586 */ 1587 if (base < kernelbase) 1588 htable_release(ht); 1589 } 1590 1591 /* 1592 * Walk through a given htable looking for the first valid entry. This 1593 * routine takes both a starting and ending address. The starting address 1594 * is required to be within the htable provided by the caller, but there is 1595 * no such restriction on the ending address. 1596 * 1597 * If the routine finds a valid entry in the htable (at or beyond the 1598 * starting address), the PTE (and its address) will be returned. 1599 * This PTE may correspond to either a page or a pagetable - it is the 1600 * caller's responsibility to determine which. If no valid entry is 1601 * found, 0 (and invalid PTE) and the next unexamined address will be 1602 * returned. 1603 * 1604 * The loop has been carefully coded for optimization. 1605 */ 1606 static x86pte_t 1607 htable_scan(htable_t *ht, uintptr_t *vap, uintptr_t eaddr) 1608 { 1609 uint_t e; 1610 x86pte_t found_pte = (x86pte_t)0; 1611 caddr_t pte_ptr; 1612 caddr_t end_pte_ptr; 1613 int l = ht->ht_level; 1614 uintptr_t va = *vap & LEVEL_MASK(l); 1615 size_t pgsize = LEVEL_SIZE(l); 1616 1617 ASSERT(va >= ht->ht_vaddr); 1618 ASSERT(va <= HTABLE_LAST_PAGE(ht)); 1619 1620 /* 1621 * Compute the starting index and ending virtual address 1622 */ 1623 e = htable_va2entry(va, ht); 1624 1625 /* 1626 * The following page table scan code knows that the valid 1627 * bit of a PTE is in the lowest byte AND that x86 is little endian!! 1628 */ 1629 pte_ptr = (caddr_t)x86pte_access_pagetable(ht, 0); 1630 end_pte_ptr = (caddr_t)PT_INDEX_PTR(pte_ptr, HTABLE_NUM_PTES(ht)); 1631 pte_ptr = (caddr_t)PT_INDEX_PTR((x86pte_t *)pte_ptr, e); 1632 while (!PTE_ISVALID(*pte_ptr)) { 1633 va += pgsize; 1634 if (va >= eaddr) 1635 break; 1636 pte_ptr += mmu.pte_size; 1637 ASSERT(pte_ptr <= end_pte_ptr); 1638 if (pte_ptr == end_pte_ptr) 1639 break; 1640 } 1641 1642 /* 1643 * if we found a valid PTE, load the entire PTE 1644 */ 1645 if (va < eaddr && pte_ptr != end_pte_ptr) 1646 found_pte = GET_PTE((x86pte_t *)pte_ptr); 1647 x86pte_release_pagetable(ht); 1648 1649 #if defined(__amd64) 1650 /* 1651 * deal with VA hole on amd64 1652 */ 1653 if (l == mmu.max_level && va >= mmu.hole_start && va <= mmu.hole_end) 1654 va = mmu.hole_end + va - mmu.hole_start; 1655 #endif /* __amd64 */ 1656 1657 *vap = va; 1658 return (found_pte); 1659 } 1660 1661 /* 1662 * Find the address and htable for the first populated translation at or 1663 * above the given virtual address. The caller may also specify an upper 1664 * limit to the address range to search. Uses level information to quickly 1665 * skip unpopulated sections of virtual address spaces. 1666 * 1667 * If not found returns NULL. When found, returns the htable and virt addr 1668 * and has a hold on the htable. 1669 */ 1670 x86pte_t 1671 htable_walk( 1672 struct hat *hat, 1673 htable_t **htp, 1674 uintptr_t *vaddr, 1675 uintptr_t eaddr) 1676 { 1677 uintptr_t va = *vaddr; 1678 htable_t *ht; 1679 htable_t *prev = *htp; 1680 level_t l; 1681 level_t max_mapped_level; 1682 x86pte_t pte; 1683 1684 ASSERT(eaddr > va); 1685 1686 /* 1687 * If this is a user address, then we know we need not look beyond 1688 * kernelbase. 1689 */ 1690 ASSERT(hat == kas.a_hat || eaddr <= kernelbase || 1691 eaddr == HTABLE_WALK_TO_END); 1692 if (hat != kas.a_hat && eaddr == HTABLE_WALK_TO_END) 1693 eaddr = kernelbase; 1694 1695 /* 1696 * If we're coming in with a previous page table, search it first 1697 * without doing an htable_lookup(), this should be frequent. 1698 */ 1699 if (prev) { 1700 ASSERT(prev->ht_busy > 0); 1701 ASSERT(prev->ht_vaddr <= va); 1702 l = prev->ht_level; 1703 if (va <= HTABLE_LAST_PAGE(prev)) { 1704 pte = htable_scan(prev, &va, eaddr); 1705 1706 if (PTE_ISPAGE(pte, l)) { 1707 *vaddr = va; 1708 *htp = prev; 1709 return (pte); 1710 } 1711 } 1712 1713 /* 1714 * We found nothing in the htable provided by the caller, 1715 * so fall through and do the full search 1716 */ 1717 htable_release(prev); 1718 } 1719 1720 /* 1721 * Find the level of the largest pagesize used by this HAT. 1722 */ 1723 if (hat->hat_ism_pgcnt > 0) { 1724 max_mapped_level = mmu.umax_page_level; 1725 } else { 1726 max_mapped_level = 0; 1727 for (l = 1; l <= mmu.max_page_level; ++l) 1728 if (hat->hat_pages_mapped[l] != 0) 1729 max_mapped_level = l; 1730 } 1731 1732 while (va < eaddr && va >= *vaddr) { 1733 /* 1734 * Find lowest table with any entry for given address. 1735 */ 1736 for (l = 0; l <= TOP_LEVEL(hat); ++l) { 1737 ht = htable_lookup(hat, va, l); 1738 if (ht != NULL) { 1739 pte = htable_scan(ht, &va, eaddr); 1740 if (PTE_ISPAGE(pte, l)) { 1741 VERIFY(!IN_VA_HOLE(va)); 1742 *vaddr = va; 1743 *htp = ht; 1744 return (pte); 1745 } 1746 htable_release(ht); 1747 break; 1748 } 1749 1750 /* 1751 * No htable at this level for the address. If there 1752 * is no larger page size that could cover it, we can 1753 * skip right to the start of the next page table. 1754 */ 1755 ASSERT(l < TOP_LEVEL(hat)); 1756 if (l >= max_mapped_level) { 1757 va = NEXT_ENTRY_VA(va, l + 1); 1758 if (va >= eaddr) 1759 break; 1760 } 1761 } 1762 } 1763 1764 *vaddr = 0; 1765 *htp = NULL; 1766 return (0); 1767 } 1768 1769 /* 1770 * Find the htable and page table entry index of the given virtual address 1771 * with pagesize at or below given level. 1772 * If not found returns NULL. When found, returns the htable, sets 1773 * entry, and has a hold on the htable. 1774 */ 1775 htable_t * 1776 htable_getpte( 1777 struct hat *hat, 1778 uintptr_t vaddr, 1779 uint_t *entry, 1780 x86pte_t *pte, 1781 level_t level) 1782 { 1783 htable_t *ht; 1784 level_t l; 1785 uint_t e; 1786 1787 ASSERT(level <= mmu.max_page_level); 1788 1789 for (l = 0; l <= level; ++l) { 1790 ht = htable_lookup(hat, vaddr, l); 1791 if (ht == NULL) 1792 continue; 1793 e = htable_va2entry(vaddr, ht); 1794 if (entry != NULL) 1795 *entry = e; 1796 if (pte != NULL) 1797 *pte = x86pte_get(ht, e); 1798 return (ht); 1799 } 1800 return (NULL); 1801 } 1802 1803 /* 1804 * Find the htable and page table entry index of the given virtual address. 1805 * There must be a valid page mapped at the given address. 1806 * If not found returns NULL. When found, returns the htable, sets 1807 * entry, and has a hold on the htable. 1808 */ 1809 htable_t * 1810 htable_getpage(struct hat *hat, uintptr_t vaddr, uint_t *entry) 1811 { 1812 htable_t *ht; 1813 uint_t e; 1814 x86pte_t pte; 1815 1816 ht = htable_getpte(hat, vaddr, &e, &pte, mmu.max_page_level); 1817 if (ht == NULL) 1818 return (NULL); 1819 1820 if (entry) 1821 *entry = e; 1822 1823 if (PTE_ISPAGE(pte, ht->ht_level)) 1824 return (ht); 1825 htable_release(ht); 1826 return (NULL); 1827 } 1828 1829 1830 void 1831 htable_init() 1832 { 1833 /* 1834 * To save on kernel VA usage, we avoid debug information in 32 bit 1835 * kernels. 1836 */ 1837 #if defined(__amd64) 1838 int kmem_flags = KMC_NOHASH; 1839 #elif defined(__i386) 1840 int kmem_flags = KMC_NOHASH | KMC_NODEBUG; 1841 #endif 1842 1843 /* 1844 * initialize kmem caches 1845 */ 1846 htable_cache = kmem_cache_create("htable_t", 1847 sizeof (htable_t), 0, NULL, NULL, 1848 htable_reap, NULL, hat_memload_arena, kmem_flags); 1849 } 1850 1851 /* 1852 * get the pte index for the virtual address in the given htable's pagetable 1853 */ 1854 uint_t 1855 htable_va2entry(uintptr_t va, htable_t *ht) 1856 { 1857 level_t l = ht->ht_level; 1858 1859 ASSERT(va >= ht->ht_vaddr); 1860 ASSERT(va <= HTABLE_LAST_PAGE(ht)); 1861 return ((va >> LEVEL_SHIFT(l)) & (HTABLE_NUM_PTES(ht) - 1)); 1862 } 1863 1864 /* 1865 * Given an htable and the index of a pte in it, return the virtual address 1866 * of the page. 1867 */ 1868 uintptr_t 1869 htable_e2va(htable_t *ht, uint_t entry) 1870 { 1871 level_t l = ht->ht_level; 1872 uintptr_t va; 1873 1874 ASSERT(entry < HTABLE_NUM_PTES(ht)); 1875 va = ht->ht_vaddr + ((uintptr_t)entry << LEVEL_SHIFT(l)); 1876 1877 /* 1878 * Need to skip over any VA hole in top level table 1879 */ 1880 #if defined(__amd64) 1881 if (ht->ht_level == mmu.max_level && va >= mmu.hole_start) 1882 va += ((mmu.hole_end - mmu.hole_start) + 1); 1883 #endif 1884 1885 return (va); 1886 } 1887 1888 /* 1889 * The code uses compare and swap instructions to read/write PTE's to 1890 * avoid atomicity problems, since PTEs can be 8 bytes on 32 bit systems. 1891 * will naturally be atomic. 1892 * 1893 * The combination of using kpreempt_disable()/_enable() and the hci_mutex 1894 * are used to ensure that an interrupt won't overwrite a temporary mapping 1895 * while it's in use. If an interrupt thread tries to access a PTE, it will 1896 * yield briefly back to the pinned thread which holds the cpu's hci_mutex. 1897 */ 1898 void 1899 x86pte_cpu_init(cpu_t *cpu) 1900 { 1901 struct hat_cpu_info *hci; 1902 1903 hci = kmem_zalloc(sizeof (*hci), KM_SLEEP); 1904 mutex_init(&hci->hci_mutex, NULL, MUTEX_DEFAULT, NULL); 1905 cpu->cpu_hat_info = hci; 1906 } 1907 1908 void 1909 x86pte_cpu_fini(cpu_t *cpu) 1910 { 1911 struct hat_cpu_info *hci = cpu->cpu_hat_info; 1912 1913 kmem_free(hci, sizeof (*hci)); 1914 cpu->cpu_hat_info = NULL; 1915 } 1916 1917 #ifdef __i386 1918 /* 1919 * On 32 bit kernels, loading a 64 bit PTE is a little tricky 1920 */ 1921 x86pte_t 1922 get_pte64(x86pte_t *ptr) 1923 { 1924 volatile uint32_t *p = (uint32_t *)ptr; 1925 x86pte_t t; 1926 1927 ASSERT(mmu.pae_hat != 0); 1928 for (;;) { 1929 t = p[0]; 1930 t |= (uint64_t)p[1] << 32; 1931 if ((t & 0xffffffff) == p[0]) 1932 return (t); 1933 } 1934 } 1935 #endif /* __i386 */ 1936 1937 /* 1938 * Disable preemption and establish a mapping to the pagetable with the 1939 * given pfn. This is optimized for there case where it's the same 1940 * pfn as we last used referenced from this CPU. 1941 */ 1942 static x86pte_t * 1943 x86pte_access_pagetable(htable_t *ht, uint_t index) 1944 { 1945 /* 1946 * VLP pagetables are contained in the hat_t 1947 */ 1948 if (ht->ht_flags & HTABLE_VLP) 1949 return (PT_INDEX_PTR(ht->ht_hat->hat_vlp_ptes, index)); 1950 return (x86pte_mapin(ht->ht_pfn, index, ht)); 1951 } 1952 1953 /* 1954 * map the given pfn into the page table window. 1955 */ 1956 /*ARGSUSED*/ 1957 x86pte_t * 1958 x86pte_mapin(pfn_t pfn, uint_t index, htable_t *ht) 1959 { 1960 x86pte_t *pteptr; 1961 x86pte_t pte = 0; 1962 x86pte_t newpte; 1963 int x; 1964 1965 ASSERT(pfn != PFN_INVALID); 1966 1967 if (!khat_running) { 1968 caddr_t va = kbm_remap_window(pfn_to_pa(pfn), 1); 1969 return (PT_INDEX_PTR(va, index)); 1970 } 1971 1972 /* 1973 * If kpm is available, use it. 1974 */ 1975 if (kpm_vbase) 1976 return (PT_INDEX_PTR(hat_kpm_pfn2va(pfn), index)); 1977 1978 /* 1979 * Disable preemption and grab the CPU's hci_mutex 1980 */ 1981 kpreempt_disable(); 1982 ASSERT(CPU->cpu_hat_info != NULL); 1983 mutex_enter(&CPU->cpu_hat_info->hci_mutex); 1984 x = PWIN_TABLE(CPU->cpu_id); 1985 pteptr = (x86pte_t *)PWIN_PTE_VA(x); 1986 #ifndef __xpv 1987 if (mmu.pae_hat) 1988 pte = *pteptr; 1989 else 1990 pte = *(x86pte32_t *)pteptr; 1991 #endif 1992 1993 newpte = MAKEPTE(pfn, 0) | mmu.pt_global | mmu.pt_nx; 1994 1995 /* 1996 * For hardware we can use a writable mapping. 1997 */ 1998 #ifdef __xpv 1999 if (IN_XPV_PANIC()) 2000 #endif 2001 newpte |= PT_WRITABLE; 2002 2003 if (!PTE_EQUIV(newpte, pte)) { 2004 2005 #ifdef __xpv 2006 if (!IN_XPV_PANIC()) { 2007 xen_map(newpte, PWIN_VA(x)); 2008 } else 2009 #endif 2010 { 2011 XPV_ALLOW_PAGETABLE_UPDATES(); 2012 if (mmu.pae_hat) 2013 *pteptr = newpte; 2014 else 2015 *(x86pte32_t *)pteptr = newpte; 2016 XPV_DISALLOW_PAGETABLE_UPDATES(); 2017 mmu_tlbflush_entry((caddr_t)(PWIN_VA(x))); 2018 } 2019 } 2020 return (PT_INDEX_PTR(PWIN_VA(x), index)); 2021 } 2022 2023 /* 2024 * Release access to a page table. 2025 */ 2026 static void 2027 x86pte_release_pagetable(htable_t *ht) 2028 { 2029 /* 2030 * nothing to do for VLP htables 2031 */ 2032 if (ht->ht_flags & HTABLE_VLP) 2033 return; 2034 2035 x86pte_mapout(); 2036 } 2037 2038 void 2039 x86pte_mapout(void) 2040 { 2041 if (kpm_vbase != NULL || !khat_running) 2042 return; 2043 2044 /* 2045 * Drop the CPU's hci_mutex and restore preemption. 2046 */ 2047 #ifdef __xpv 2048 if (!IN_XPV_PANIC()) { 2049 uintptr_t va; 2050 2051 /* 2052 * We need to always clear the mapping in case a page 2053 * that was once a page table page is ballooned out. 2054 */ 2055 va = (uintptr_t)PWIN_VA(PWIN_TABLE(CPU->cpu_id)); 2056 (void) HYPERVISOR_update_va_mapping(va, 0, 2057 UVMF_INVLPG | UVMF_LOCAL); 2058 } 2059 #endif 2060 mutex_exit(&CPU->cpu_hat_info->hci_mutex); 2061 kpreempt_enable(); 2062 } 2063 2064 /* 2065 * Atomic retrieval of a pagetable entry 2066 */ 2067 x86pte_t 2068 x86pte_get(htable_t *ht, uint_t entry) 2069 { 2070 x86pte_t pte; 2071 x86pte_t *ptep; 2072 2073 /* 2074 * Be careful that loading PAE entries in 32 bit kernel is atomic. 2075 */ 2076 ASSERT(entry < mmu.ptes_per_table); 2077 ptep = x86pte_access_pagetable(ht, entry); 2078 pte = GET_PTE(ptep); 2079 x86pte_release_pagetable(ht); 2080 return (pte); 2081 } 2082 2083 /* 2084 * Atomic unconditional set of a page table entry, it returns the previous 2085 * value. For pre-existing mappings if the PFN changes, then we don't care 2086 * about the old pte's REF / MOD bits. If the PFN remains the same, we leave 2087 * the MOD/REF bits unchanged. 2088 * 2089 * If asked to overwrite a link to a lower page table with a large page 2090 * mapping, this routine returns the special value of LPAGE_ERROR. This 2091 * allows the upper HAT layers to retry with a smaller mapping size. 2092 */ 2093 x86pte_t 2094 x86pte_set(htable_t *ht, uint_t entry, x86pte_t new, void *ptr) 2095 { 2096 x86pte_t old; 2097 x86pte_t prev; 2098 x86pte_t *ptep; 2099 level_t l = ht->ht_level; 2100 x86pte_t pfn_mask = (l != 0) ? PT_PADDR_LGPG : PT_PADDR; 2101 x86pte_t n; 2102 uintptr_t addr = htable_e2va(ht, entry); 2103 hat_t *hat = ht->ht_hat; 2104 2105 ASSERT(new != 0); /* don't use to invalidate a PTE, see x86pte_update */ 2106 ASSERT(!(ht->ht_flags & HTABLE_SHARED_PFN)); 2107 if (ptr == NULL) 2108 ptep = x86pte_access_pagetable(ht, entry); 2109 else 2110 ptep = ptr; 2111 2112 /* 2113 * Install the new PTE. If remapping the same PFN, then 2114 * copy existing REF/MOD bits to new mapping. 2115 */ 2116 do { 2117 prev = GET_PTE(ptep); 2118 n = new; 2119 if (PTE_ISVALID(n) && (prev & pfn_mask) == (new & pfn_mask)) 2120 n |= prev & (PT_REF | PT_MOD); 2121 2122 /* 2123 * Another thread may have installed this mapping already, 2124 * flush the local TLB and be done. 2125 */ 2126 if (prev == n) { 2127 old = new; 2128 #ifdef __xpv 2129 if (!IN_XPV_PANIC()) 2130 xen_flush_va((caddr_t)addr); 2131 else 2132 #endif 2133 mmu_tlbflush_entry((caddr_t)addr); 2134 goto done; 2135 } 2136 2137 /* 2138 * Detect if we have a collision of installing a large 2139 * page mapping where there already is a lower page table. 2140 */ 2141 if (l > 0 && (prev & PT_VALID) && !(prev & PT_PAGESIZE)) { 2142 old = LPAGE_ERROR; 2143 goto done; 2144 } 2145 2146 XPV_ALLOW_PAGETABLE_UPDATES(); 2147 old = CAS_PTE(ptep, prev, n); 2148 XPV_DISALLOW_PAGETABLE_UPDATES(); 2149 } while (old != prev); 2150 2151 /* 2152 * Do a TLB demap if needed, ie. the old pte was valid. 2153 * 2154 * Note that a stale TLB writeback to the PTE here either can't happen 2155 * or doesn't matter. The PFN can only change for NOSYNC|NOCONSIST 2156 * mappings, but they were created with REF and MOD already set, so 2157 * no stale writeback will happen. 2158 * 2159 * Segmap is the only place where remaps happen on the same pfn and for 2160 * that we want to preserve the stale REF/MOD bits. 2161 */ 2162 if (old & PT_REF) 2163 hat_tlb_inval(hat, addr); 2164 2165 done: 2166 if (ptr == NULL) 2167 x86pte_release_pagetable(ht); 2168 return (old); 2169 } 2170 2171 /* 2172 * Atomic compare and swap of a page table entry. No TLB invalidates are done. 2173 * This is used for links between pagetables of different levels. 2174 * Note we always create these links with dirty/access set, so they should 2175 * never change. 2176 */ 2177 x86pte_t 2178 x86pte_cas(htable_t *ht, uint_t entry, x86pte_t old, x86pte_t new) 2179 { 2180 x86pte_t pte; 2181 x86pte_t *ptep; 2182 #ifdef __xpv 2183 /* 2184 * We can't use writable pagetables for upper level tables, so fake it. 2185 */ 2186 mmu_update_t t[2]; 2187 int cnt = 1; 2188 int count; 2189 maddr_t ma; 2190 2191 if (!IN_XPV_PANIC()) { 2192 ASSERT(!(ht->ht_flags & HTABLE_VLP)); /* no VLP yet */ 2193 ma = pa_to_ma(PT_INDEX_PHYSADDR(pfn_to_pa(ht->ht_pfn), entry)); 2194 t[0].ptr = ma | MMU_NORMAL_PT_UPDATE; 2195 t[0].val = new; 2196 2197 #if defined(__amd64) 2198 /* 2199 * On the 64-bit hypervisor we need to maintain the user mode 2200 * top page table too. 2201 */ 2202 if (ht->ht_level == mmu.max_level && ht->ht_hat != kas.a_hat) { 2203 ma = pa_to_ma(PT_INDEX_PHYSADDR(pfn_to_pa( 2204 ht->ht_hat->hat_user_ptable), entry)); 2205 t[1].ptr = ma | MMU_NORMAL_PT_UPDATE; 2206 t[1].val = new; 2207 ++cnt; 2208 } 2209 #endif /* __amd64 */ 2210 2211 if (HYPERVISOR_mmu_update(t, cnt, &count, DOMID_SELF)) 2212 panic("HYPERVISOR_mmu_update() failed"); 2213 ASSERT(count == cnt); 2214 return (old); 2215 } 2216 #endif 2217 ptep = x86pte_access_pagetable(ht, entry); 2218 XPV_ALLOW_PAGETABLE_UPDATES(); 2219 pte = CAS_PTE(ptep, old, new); 2220 XPV_DISALLOW_PAGETABLE_UPDATES(); 2221 x86pte_release_pagetable(ht); 2222 return (pte); 2223 } 2224 2225 /* 2226 * Invalidate a page table entry as long as it currently maps something that 2227 * matches the value determined by expect. 2228 * 2229 * If tlb is set, also invalidates any TLB entries. 2230 * 2231 * Returns the previous value of the PTE. 2232 */ 2233 x86pte_t 2234 x86pte_inval( 2235 htable_t *ht, 2236 uint_t entry, 2237 x86pte_t expect, 2238 x86pte_t *pte_ptr, 2239 boolean_t tlb) 2240 { 2241 x86pte_t *ptep; 2242 x86pte_t oldpte; 2243 x86pte_t found; 2244 2245 ASSERT(!(ht->ht_flags & HTABLE_SHARED_PFN)); 2246 ASSERT(ht->ht_level <= mmu.max_page_level); 2247 2248 if (pte_ptr != NULL) 2249 ptep = pte_ptr; 2250 else 2251 ptep = x86pte_access_pagetable(ht, entry); 2252 2253 #if defined(__xpv) 2254 /* 2255 * If exit()ing just use HYPERVISOR_mmu_update(), as we can't be racing 2256 * with anything else. 2257 */ 2258 if ((ht->ht_hat->hat_flags & HAT_FREEING) && !IN_XPV_PANIC()) { 2259 int count; 2260 mmu_update_t t[1]; 2261 maddr_t ma; 2262 2263 oldpte = GET_PTE(ptep); 2264 if (expect != 0 && (oldpte & PT_PADDR) != (expect & PT_PADDR)) 2265 goto done; 2266 ma = pa_to_ma(PT_INDEX_PHYSADDR(pfn_to_pa(ht->ht_pfn), entry)); 2267 t[0].ptr = ma | MMU_NORMAL_PT_UPDATE; 2268 t[0].val = 0; 2269 if (HYPERVISOR_mmu_update(t, 1, &count, DOMID_SELF)) 2270 panic("HYPERVISOR_mmu_update() failed"); 2271 ASSERT(count == 1); 2272 goto done; 2273 } 2274 #endif /* __xpv */ 2275 2276 /* 2277 * Note that the loop is needed to handle changes due to h/w updating 2278 * of PT_MOD/PT_REF. 2279 */ 2280 do { 2281 oldpte = GET_PTE(ptep); 2282 if (expect != 0 && (oldpte & PT_PADDR) != (expect & PT_PADDR)) 2283 goto done; 2284 XPV_ALLOW_PAGETABLE_UPDATES(); 2285 found = CAS_PTE(ptep, oldpte, 0); 2286 XPV_DISALLOW_PAGETABLE_UPDATES(); 2287 } while (found != oldpte); 2288 if (tlb && (oldpte & (PT_REF | PT_MOD))) 2289 hat_tlb_inval(ht->ht_hat, htable_e2va(ht, entry)); 2290 2291 done: 2292 if (pte_ptr == NULL) 2293 x86pte_release_pagetable(ht); 2294 return (oldpte); 2295 } 2296 2297 /* 2298 * Change a page table entry af it currently matches the value in expect. 2299 */ 2300 x86pte_t 2301 x86pte_update( 2302 htable_t *ht, 2303 uint_t entry, 2304 x86pte_t expect, 2305 x86pte_t new) 2306 { 2307 x86pte_t *ptep; 2308 x86pte_t found; 2309 2310 ASSERT(new != 0); 2311 ASSERT(!(ht->ht_flags & HTABLE_SHARED_PFN)); 2312 ASSERT(ht->ht_level <= mmu.max_page_level); 2313 2314 ptep = x86pte_access_pagetable(ht, entry); 2315 XPV_ALLOW_PAGETABLE_UPDATES(); 2316 found = CAS_PTE(ptep, expect, new); 2317 XPV_DISALLOW_PAGETABLE_UPDATES(); 2318 if (found == expect) { 2319 hat_tlb_inval(ht->ht_hat, htable_e2va(ht, entry)); 2320 2321 /* 2322 * When removing write permission *and* clearing the 2323 * MOD bit, check if a write happened via a stale 2324 * TLB entry before the TLB shootdown finished. 2325 * 2326 * If it did happen, simply re-enable write permission and 2327 * act like the original CAS failed. 2328 */ 2329 if ((expect & (PT_WRITABLE | PT_MOD)) == PT_WRITABLE && 2330 (new & (PT_WRITABLE | PT_MOD)) == 0 && 2331 (GET_PTE(ptep) & PT_MOD) != 0) { 2332 do { 2333 found = GET_PTE(ptep); 2334 XPV_ALLOW_PAGETABLE_UPDATES(); 2335 found = 2336 CAS_PTE(ptep, found, found | PT_WRITABLE); 2337 XPV_DISALLOW_PAGETABLE_UPDATES(); 2338 } while ((found & PT_WRITABLE) == 0); 2339 } 2340 } 2341 x86pte_release_pagetable(ht); 2342 return (found); 2343 } 2344 2345 #ifndef __xpv 2346 /* 2347 * Copy page tables - this is just a little more complicated than the 2348 * previous routines. Note that it's also not atomic! It also is never 2349 * used for VLP pagetables. 2350 */ 2351 void 2352 x86pte_copy(htable_t *src, htable_t *dest, uint_t entry, uint_t count) 2353 { 2354 caddr_t src_va; 2355 caddr_t dst_va; 2356 size_t size; 2357 x86pte_t *pteptr; 2358 x86pte_t pte; 2359 2360 ASSERT(khat_running); 2361 ASSERT(!(dest->ht_flags & HTABLE_VLP)); 2362 ASSERT(!(src->ht_flags & HTABLE_VLP)); 2363 ASSERT(!(src->ht_flags & HTABLE_SHARED_PFN)); 2364 ASSERT(!(dest->ht_flags & HTABLE_SHARED_PFN)); 2365 2366 /* 2367 * Acquire access to the CPU pagetable windows for the dest and source. 2368 */ 2369 dst_va = (caddr_t)x86pte_access_pagetable(dest, entry); 2370 if (kpm_vbase) { 2371 src_va = (caddr_t) 2372 PT_INDEX_PTR(hat_kpm_pfn2va(src->ht_pfn), entry); 2373 } else { 2374 uint_t x = PWIN_SRC(CPU->cpu_id); 2375 2376 /* 2377 * Finish defining the src pagetable mapping 2378 */ 2379 src_va = (caddr_t)PT_INDEX_PTR(PWIN_VA(x), entry); 2380 pte = MAKEPTE(src->ht_pfn, 0) | mmu.pt_global | mmu.pt_nx; 2381 pteptr = (x86pte_t *)PWIN_PTE_VA(x); 2382 if (mmu.pae_hat) 2383 *pteptr = pte; 2384 else 2385 *(x86pte32_t *)pteptr = pte; 2386 mmu_tlbflush_entry((caddr_t)(PWIN_VA(x))); 2387 } 2388 2389 /* 2390 * now do the copy 2391 */ 2392 size = count << mmu.pte_size_shift; 2393 bcopy(src_va, dst_va, size); 2394 2395 x86pte_release_pagetable(dest); 2396 } 2397 2398 #else /* __xpv */ 2399 2400 /* 2401 * The hypervisor only supports writable pagetables at level 0, so we have 2402 * to install these 1 by 1 the slow way. 2403 */ 2404 void 2405 x86pte_copy(htable_t *src, htable_t *dest, uint_t entry, uint_t count) 2406 { 2407 caddr_t src_va; 2408 x86pte_t pte; 2409 2410 ASSERT(!IN_XPV_PANIC()); 2411 src_va = (caddr_t)x86pte_access_pagetable(src, entry); 2412 while (count) { 2413 if (mmu.pae_hat) 2414 pte = *(x86pte_t *)src_va; 2415 else 2416 pte = *(x86pte32_t *)src_va; 2417 if (pte != 0) { 2418 set_pteval(pfn_to_pa(dest->ht_pfn), entry, 2419 dest->ht_level, pte); 2420 #ifdef __amd64 2421 if (dest->ht_level == mmu.max_level && 2422 htable_e2va(dest, entry) < HYPERVISOR_VIRT_END) 2423 set_pteval( 2424 pfn_to_pa(dest->ht_hat->hat_user_ptable), 2425 entry, dest->ht_level, pte); 2426 #endif 2427 } 2428 --count; 2429 ++entry; 2430 src_va += mmu.pte_size; 2431 } 2432 x86pte_release_pagetable(src); 2433 } 2434 #endif /* __xpv */ 2435 2436 /* 2437 * Zero page table entries - Note this doesn't use atomic stores! 2438 */ 2439 static void 2440 x86pte_zero(htable_t *dest, uint_t entry, uint_t count) 2441 { 2442 caddr_t dst_va; 2443 size_t size; 2444 #ifdef __xpv 2445 int x; 2446 x86pte_t newpte; 2447 #endif 2448 2449 /* 2450 * Map in the page table to be zeroed. 2451 */ 2452 ASSERT(!(dest->ht_flags & HTABLE_SHARED_PFN)); 2453 ASSERT(!(dest->ht_flags & HTABLE_VLP)); 2454 2455 /* 2456 * On the hypervisor we don't use x86pte_access_pagetable() since 2457 * in this case the page is not pinned yet. 2458 */ 2459 #ifdef __xpv 2460 if (kpm_vbase == NULL) { 2461 kpreempt_disable(); 2462 ASSERT(CPU->cpu_hat_info != NULL); 2463 mutex_enter(&CPU->cpu_hat_info->hci_mutex); 2464 x = PWIN_TABLE(CPU->cpu_id); 2465 newpte = MAKEPTE(dest->ht_pfn, 0) | PT_WRITABLE; 2466 xen_map(newpte, PWIN_VA(x)); 2467 dst_va = (caddr_t)PT_INDEX_PTR(PWIN_VA(x), entry); 2468 } else 2469 #endif 2470 dst_va = (caddr_t)x86pte_access_pagetable(dest, entry); 2471 2472 size = count << mmu.pte_size_shift; 2473 ASSERT(size > BLOCKZEROALIGN); 2474 #ifdef __i386 2475 if (!is_x86_feature(x86_featureset, X86FSET_SSE2)) 2476 bzero(dst_va, size); 2477 else 2478 #endif 2479 block_zero_no_xmm(dst_va, size); 2480 2481 #ifdef __xpv 2482 if (kpm_vbase == NULL) { 2483 xen_map(0, PWIN_VA(x)); 2484 mutex_exit(&CPU->cpu_hat_info->hci_mutex); 2485 kpreempt_enable(); 2486 } else 2487 #endif 2488 x86pte_release_pagetable(dest); 2489 } 2490 2491 /* 2492 * Called to ensure that all pagetables are in the system dump 2493 */ 2494 void 2495 hat_dump(void) 2496 { 2497 hat_t *hat; 2498 uint_t h; 2499 htable_t *ht; 2500 2501 /* 2502 * Dump all page tables 2503 */ 2504 for (hat = kas.a_hat; hat != NULL; hat = hat->hat_next) { 2505 for (h = 0; h < hat->hat_num_hash; ++h) { 2506 for (ht = hat->hat_ht_hash[h]; ht; ht = ht->ht_next) { 2507 if ((ht->ht_flags & HTABLE_VLP) == 0) 2508 dump_page(ht->ht_pfn); 2509 } 2510 } 2511 } 2512 }