xref: /titanic_50/usr/src/uts/common/vm/seg_dev.c (revision dc32d872cbeb56532bcea030255db9cd79bac7da)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
28 /*	  All Rights Reserved  	*/
29 
30 /*
31  * University Copyright- Copyright (c) 1982, 1986, 1988
32  * The Regents of the University of California
33  * All Rights Reserved
34  *
35  * University Acknowledgment- Portions of this document are derived from
36  * software developed by the University of California, Berkeley, and its
37  * contributors.
38  */
39 
40 /*
41  * VM - segment of a mapped device.
42  *
43  * This segment driver is used when mapping character special devices.
44  */
45 
46 #include <sys/types.h>
47 #include <sys/t_lock.h>
48 #include <sys/sysmacros.h>
49 #include <sys/vtrace.h>
50 #include <sys/systm.h>
51 #include <sys/vmsystm.h>
52 #include <sys/mman.h>
53 #include <sys/errno.h>
54 #include <sys/kmem.h>
55 #include <sys/cmn_err.h>
56 #include <sys/vnode.h>
57 #include <sys/proc.h>
58 #include <sys/conf.h>
59 #include <sys/debug.h>
60 #include <sys/ddidevmap.h>
61 #include <sys/ddi_implfuncs.h>
62 #include <sys/lgrp.h>
63 
64 #include <vm/page.h>
65 #include <vm/hat.h>
66 #include <vm/as.h>
67 #include <vm/seg.h>
68 #include <vm/seg_dev.h>
69 #include <vm/seg_kp.h>
70 #include <vm/seg_kmem.h>
71 #include <vm/vpage.h>
72 
73 #include <sys/sunddi.h>
74 #include <sys/esunddi.h>
75 #include <sys/fs/snode.h>
76 
77 
78 #if DEBUG
79 int segdev_debug;
80 #define	DEBUGF(level, args) { if (segdev_debug >= (level)) cmn_err args; }
81 #else
82 #define	DEBUGF(level, args)
83 #endif
84 
85 /* Default timeout for devmap context management */
86 #define	CTX_TIMEOUT_VALUE 0
87 
88 #define	HOLD_DHP_LOCK(dhp)  if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \
89 			{ mutex_enter(&dhp->dh_lock); }
90 
91 #define	RELE_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \
92 			{ mutex_exit(&dhp->dh_lock); }
93 
94 #define	round_down_p2(a, s)	((a) & ~((s) - 1))
95 #define	round_up_p2(a, s)	(((a) + (s) - 1) & ~((s) - 1))
96 
97 /*
98  * VA_PA_ALIGNED checks to see if both VA and PA are on pgsize boundary
99  * VA_PA_PGSIZE_ALIGNED check to see if VA is aligned with PA w.r.t. pgsize
100  */
101 #define	VA_PA_ALIGNED(uvaddr, paddr, pgsize)		\
102 	(((uvaddr | paddr) & (pgsize - 1)) == 0)
103 #define	VA_PA_PGSIZE_ALIGNED(uvaddr, paddr, pgsize)	\
104 	(((uvaddr ^ paddr) & (pgsize - 1)) == 0)
105 
106 #define	vpgtob(n)	((n) * sizeof (struct vpage))	/* For brevity */
107 
108 #define	VTOCVP(vp)	(VTOS(vp)->s_commonvp)	/* we "know" it's an snode */
109 
110 static struct devmap_ctx *devmapctx_list = NULL;
111 static struct devmap_softlock *devmap_slist = NULL;
112 
113 /*
114  * mutex, vnode and page for the page of zeros we use for the trash mappings.
115  * One trash page is allocated on the first ddi_umem_setup call that uses it
116  * XXX Eventually, we may want to combine this with what segnf does when all
117  * hat layers implement HAT_NOFAULT.
118  *
119  * The trash page is used when the backing store for a userland mapping is
120  * removed but the application semantics do not take kindly to a SIGBUS.
121  * In that scenario, the applications pages are mapped to some dummy page
122  * which returns garbage on read and writes go into a common place.
123  * (Perfect for NO_FAULT semantics)
124  * The device driver is responsible to communicating to the app with some
125  * other mechanism that such remapping has happened and the app should take
126  * corrective action.
127  * We can also use an anonymous memory page as there is no requirement to
128  * keep the page locked, however this complicates the fault code. RFE.
129  */
130 static struct vnode trashvp;
131 static struct page *trashpp;
132 
133 /* Non-pageable kernel memory is allocated from the umem_np_arena. */
134 static vmem_t *umem_np_arena;
135 
136 /* Set the cookie to a value we know will never be a valid umem_cookie */
137 #define	DEVMAP_DEVMEM_COOKIE	((ddi_umem_cookie_t)0x1)
138 
139 /*
140  * Macros to check if type of devmap handle
141  */
142 #define	cookie_is_devmem(c)	\
143 	((c) == (struct ddi_umem_cookie *)DEVMAP_DEVMEM_COOKIE)
144 
145 #define	cookie_is_pmem(c)	\
146 	((c) == (struct ddi_umem_cookie *)DEVMAP_PMEM_COOKIE)
147 
148 #define	cookie_is_kpmem(c)	(!cookie_is_devmem(c) && !cookie_is_pmem(c) &&\
149 	((c)->type == KMEM_PAGEABLE))
150 
151 #define	dhp_is_devmem(dhp)	\
152 	(cookie_is_devmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
153 
154 #define	dhp_is_pmem(dhp)	\
155 	(cookie_is_pmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
156 
157 #define	dhp_is_kpmem(dhp)	\
158 	(cookie_is_kpmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
159 
160 /*
161  * Private seg op routines.
162  */
163 static int	segdev_dup(struct seg *, struct seg *);
164 static int	segdev_unmap(struct seg *, caddr_t, size_t);
165 static void	segdev_free(struct seg *);
166 static faultcode_t segdev_fault(struct hat *, struct seg *, caddr_t, size_t,
167 		    enum fault_type, enum seg_rw);
168 static faultcode_t segdev_faulta(struct seg *, caddr_t);
169 static int	segdev_setprot(struct seg *, caddr_t, size_t, uint_t);
170 static int	segdev_checkprot(struct seg *, caddr_t, size_t, uint_t);
171 static void	segdev_badop(void);
172 static int	segdev_sync(struct seg *, caddr_t, size_t, int, uint_t);
173 static size_t	segdev_incore(struct seg *, caddr_t, size_t, char *);
174 static int	segdev_lockop(struct seg *, caddr_t, size_t, int, int,
175 		    ulong_t *, size_t);
176 static int	segdev_getprot(struct seg *, caddr_t, size_t, uint_t *);
177 static u_offset_t	segdev_getoffset(struct seg *, caddr_t);
178 static int	segdev_gettype(struct seg *, caddr_t);
179 static int	segdev_getvp(struct seg *, caddr_t, struct vnode **);
180 static int	segdev_advise(struct seg *, caddr_t, size_t, uint_t);
181 static void	segdev_dump(struct seg *);
182 static int	segdev_pagelock(struct seg *, caddr_t, size_t,
183 		    struct page ***, enum lock_type, enum seg_rw);
184 static int	segdev_setpagesize(struct seg *, caddr_t, size_t, uint_t);
185 static int	segdev_getmemid(struct seg *, caddr_t, memid_t *);
186 static lgrp_mem_policy_info_t	*segdev_getpolicy(struct seg *, caddr_t);
187 static int	segdev_capable(struct seg *, segcapability_t);
188 
189 /*
190  * XXX	this struct is used by rootnex_map_fault to identify
191  *	the segment it has been passed. So if you make it
192  *	"static" you'll need to fix rootnex_map_fault.
193  */
194 struct seg_ops segdev_ops = {
195 	segdev_dup,
196 	segdev_unmap,
197 	segdev_free,
198 	segdev_fault,
199 	segdev_faulta,
200 	segdev_setprot,
201 	segdev_checkprot,
202 	(int (*)())segdev_badop,	/* kluster */
203 	(size_t (*)(struct seg *))NULL,	/* swapout */
204 	segdev_sync,			/* sync */
205 	segdev_incore,
206 	segdev_lockop,			/* lockop */
207 	segdev_getprot,
208 	segdev_getoffset,
209 	segdev_gettype,
210 	segdev_getvp,
211 	segdev_advise,
212 	segdev_dump,
213 	segdev_pagelock,
214 	segdev_setpagesize,
215 	segdev_getmemid,
216 	segdev_getpolicy,
217 	segdev_capable,
218 	seg_inherit_notsup
219 };
220 
221 /*
222  * Private segdev support routines
223  */
224 static struct segdev_data *sdp_alloc(void);
225 
226 static void segdev_softunlock(struct hat *, struct seg *, caddr_t,
227     size_t, enum seg_rw);
228 
229 static faultcode_t segdev_faultpage(struct hat *, struct seg *, caddr_t,
230     struct vpage *, enum fault_type, enum seg_rw, devmap_handle_t *);
231 
232 static faultcode_t segdev_faultpages(struct hat *, struct seg *, caddr_t,
233     size_t, enum fault_type, enum seg_rw, devmap_handle_t *);
234 
235 static struct devmap_ctx *devmap_ctxinit(dev_t, ulong_t);
236 static struct devmap_softlock *devmap_softlock_init(dev_t, ulong_t);
237 static void devmap_softlock_rele(devmap_handle_t *);
238 static void devmap_ctx_rele(devmap_handle_t *);
239 
240 static void devmap_ctxto(void *);
241 
242 static devmap_handle_t *devmap_find_handle(devmap_handle_t *dhp_head,
243     caddr_t addr);
244 
245 static ulong_t devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len,
246     ulong_t *opfn, ulong_t *pagesize);
247 
248 static void free_devmap_handle(devmap_handle_t *dhp);
249 
250 static int devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp,
251     struct seg *newseg);
252 
253 static devmap_handle_t *devmap_handle_unmap(devmap_handle_t *dhp);
254 
255 static void devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len);
256 
257 static void devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr);
258 
259 static int devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr,
260     offset_t off, size_t len, uint_t flags);
261 
262 static void devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len,
263     caddr_t addr, size_t *llen, caddr_t *laddr);
264 
265 static void devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len);
266 
267 static void *devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag);
268 static void devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size);
269 
270 static void *devmap_umem_alloc_np(size_t size, size_t flags);
271 static void devmap_umem_free_np(void *addr, size_t size);
272 
273 /*
274  * routines to lock and unlock underlying segkp segment for
275  * KMEM_PAGEABLE type cookies.
276  */
277 static faultcode_t  acquire_kpmem_lock(struct ddi_umem_cookie *, size_t);
278 static void release_kpmem_lock(struct ddi_umem_cookie *, size_t);
279 
280 /*
281  * Routines to synchronize F_SOFTLOCK and F_INVAL faults for
282  * drivers with devmap_access callbacks
283  */
284 static int devmap_softlock_enter(struct devmap_softlock *, size_t,
285 	enum fault_type);
286 static void devmap_softlock_exit(struct devmap_softlock *, size_t,
287 	enum fault_type);
288 
289 static kmutex_t devmapctx_lock;
290 
291 static kmutex_t devmap_slock;
292 
293 /*
294  * Initialize the thread callbacks and thread private data.
295  */
296 static struct devmap_ctx *
devmap_ctxinit(dev_t dev,ulong_t id)297 devmap_ctxinit(dev_t dev, ulong_t id)
298 {
299 	struct devmap_ctx	*devctx;
300 	struct devmap_ctx	*tmp;
301 	dev_info_t		*dip;
302 
303 	tmp =  kmem_zalloc(sizeof (struct devmap_ctx), KM_SLEEP);
304 
305 	mutex_enter(&devmapctx_lock);
306 
307 	dip = e_ddi_hold_devi_by_dev(dev, 0);
308 	ASSERT(dip != NULL);
309 	ddi_release_devi(dip);
310 
311 	for (devctx = devmapctx_list; devctx != NULL; devctx = devctx->next)
312 		if ((devctx->dip == dip) && (devctx->id == id))
313 			break;
314 
315 	if (devctx == NULL) {
316 		devctx = tmp;
317 		devctx->dip = dip;
318 		devctx->id = id;
319 		mutex_init(&devctx->lock, NULL, MUTEX_DEFAULT, NULL);
320 		cv_init(&devctx->cv, NULL, CV_DEFAULT, NULL);
321 		devctx->next = devmapctx_list;
322 		devmapctx_list = devctx;
323 	} else
324 		kmem_free(tmp, sizeof (struct devmap_ctx));
325 
326 	mutex_enter(&devctx->lock);
327 	devctx->refcnt++;
328 	mutex_exit(&devctx->lock);
329 	mutex_exit(&devmapctx_lock);
330 
331 	return (devctx);
332 }
333 
334 /*
335  * Timeout callback called if a CPU has not given up the device context
336  * within dhp->dh_timeout_length ticks
337  */
338 static void
devmap_ctxto(void * data)339 devmap_ctxto(void *data)
340 {
341 	struct devmap_ctx *devctx = data;
342 
343 	TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_CTXTO,
344 	    "devmap_ctxto:timeout expired, devctx=%p", (void *)devctx);
345 	mutex_enter(&devctx->lock);
346 	/*
347 	 * Set oncpu = 0 so the next mapping trying to get the device context
348 	 * can.
349 	 */
350 	devctx->oncpu = 0;
351 	devctx->timeout = 0;
352 	cv_signal(&devctx->cv);
353 	mutex_exit(&devctx->lock);
354 }
355 
356 /*
357  * Create a device segment.
358  */
359 int
segdev_create(struct seg * seg,void * argsp)360 segdev_create(struct seg *seg, void *argsp)
361 {
362 	struct segdev_data *sdp;
363 	struct segdev_crargs *a = (struct segdev_crargs *)argsp;
364 	devmap_handle_t *dhp = (devmap_handle_t *)a->devmap_data;
365 	int error;
366 
367 	/*
368 	 * Since the address space is "write" locked, we
369 	 * don't need the segment lock to protect "segdev" data.
370 	 */
371 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as));
372 
373 	hat_map(seg->s_as->a_hat, seg->s_base, seg->s_size, HAT_MAP);
374 
375 	sdp = sdp_alloc();
376 
377 	sdp->mapfunc = a->mapfunc;
378 	sdp->offset = a->offset;
379 	sdp->prot = a->prot;
380 	sdp->maxprot = a->maxprot;
381 	sdp->type = a->type;
382 	sdp->pageprot = 0;
383 	sdp->softlockcnt = 0;
384 	sdp->vpage = NULL;
385 
386 	if (sdp->mapfunc == NULL)
387 		sdp->devmap_data = dhp;
388 	else
389 		sdp->devmap_data = dhp = NULL;
390 
391 	sdp->hat_flags = a->hat_flags;
392 	sdp->hat_attr = a->hat_attr;
393 
394 	/*
395 	 * Currently, hat_flags supports only HAT_LOAD_NOCONSIST
396 	 */
397 	ASSERT(!(sdp->hat_flags & ~HAT_LOAD_NOCONSIST));
398 
399 	/*
400 	 * Hold shadow vnode -- segdev only deals with
401 	 * character (VCHR) devices. We use the common
402 	 * vp to hang pages on.
403 	 */
404 	sdp->vp = specfind(a->dev, VCHR);
405 	ASSERT(sdp->vp != NULL);
406 
407 	seg->s_ops = &segdev_ops;
408 	seg->s_data = sdp;
409 
410 	while (dhp != NULL) {
411 		dhp->dh_seg = seg;
412 		dhp = dhp->dh_next;
413 	}
414 
415 	/*
416 	 * Inform the vnode of the new mapping.
417 	 */
418 	/*
419 	 * It is ok to use pass sdp->maxprot to ADDMAP rather than to use
420 	 * dhp specific maxprot because spec_addmap does not use maxprot.
421 	 */
422 	error = VOP_ADDMAP(VTOCVP(sdp->vp), sdp->offset,
423 	    seg->s_as, seg->s_base, seg->s_size,
424 	    sdp->prot, sdp->maxprot, sdp->type, CRED(), NULL);
425 
426 	if (error != 0) {
427 		sdp->devmap_data = NULL;
428 		hat_unload(seg->s_as->a_hat, seg->s_base, seg->s_size,
429 		    HAT_UNLOAD_UNMAP);
430 	} else {
431 		/*
432 		 * Mappings of /dev/null don't count towards the VSZ of a
433 		 * process.  Mappings of /dev/null have no mapping type.
434 		 */
435 		if ((SEGOP_GETTYPE(seg, (seg)->s_base) & (MAP_SHARED |
436 		    MAP_PRIVATE)) == 0) {
437 			seg->s_as->a_resvsize -= seg->s_size;
438 		}
439 	}
440 
441 	return (error);
442 }
443 
444 static struct segdev_data *
sdp_alloc(void)445 sdp_alloc(void)
446 {
447 	struct segdev_data *sdp;
448 
449 	sdp = kmem_zalloc(sizeof (struct segdev_data), KM_SLEEP);
450 	rw_init(&sdp->lock, NULL, RW_DEFAULT, NULL);
451 
452 	return (sdp);
453 }
454 
455 /*
456  * Duplicate seg and return new segment in newseg.
457  */
458 static int
segdev_dup(struct seg * seg,struct seg * newseg)459 segdev_dup(struct seg *seg, struct seg *newseg)
460 {
461 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
462 	struct segdev_data *newsdp;
463 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
464 	size_t npages;
465 	int ret;
466 
467 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DUP,
468 	    "segdev_dup:start dhp=%p, seg=%p", (void *)dhp, (void *)seg);
469 
470 	DEBUGF(3, (CE_CONT, "segdev_dup: dhp %p seg %p\n",
471 	    (void *)dhp, (void *)seg));
472 
473 	/*
474 	 * Since the address space is "write" locked, we
475 	 * don't need the segment lock to protect "segdev" data.
476 	 */
477 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as));
478 
479 	newsdp = sdp_alloc();
480 
481 	newseg->s_ops = seg->s_ops;
482 	newseg->s_data = (void *)newsdp;
483 
484 	VN_HOLD(sdp->vp);
485 	newsdp->vp 	= sdp->vp;
486 	newsdp->mapfunc = sdp->mapfunc;
487 	newsdp->offset	= sdp->offset;
488 	newsdp->pageprot = sdp->pageprot;
489 	newsdp->prot	= sdp->prot;
490 	newsdp->maxprot = sdp->maxprot;
491 	newsdp->type = sdp->type;
492 	newsdp->hat_attr = sdp->hat_attr;
493 	newsdp->hat_flags = sdp->hat_flags;
494 	newsdp->softlockcnt = 0;
495 
496 	/*
497 	 * Initialize per page data if the segment we are
498 	 * dup'ing has per page information.
499 	 */
500 	npages = seg_pages(newseg);
501 
502 	if (sdp->vpage != NULL) {
503 		size_t nbytes = vpgtob(npages);
504 
505 		newsdp->vpage = kmem_zalloc(nbytes, KM_SLEEP);
506 		bcopy(sdp->vpage, newsdp->vpage, nbytes);
507 	} else
508 		newsdp->vpage = NULL;
509 
510 	/*
511 	 * duplicate devmap handles
512 	 */
513 	if (dhp != NULL) {
514 		ret = devmap_handle_dup(dhp,
515 		    (devmap_handle_t **)&newsdp->devmap_data, newseg);
516 		if (ret != 0) {
517 			TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DUP_CK1,
518 			    "segdev_dup:ret1 ret=%x, dhp=%p seg=%p",
519 			    ret, (void *)dhp, (void *)seg);
520 			DEBUGF(1, (CE_CONT,
521 			    "segdev_dup: ret %x dhp %p seg %p\n",
522 			    ret, (void *)dhp, (void *)seg));
523 			return (ret);
524 		}
525 	}
526 
527 	/*
528 	 * Inform the common vnode of the new mapping.
529 	 */
530 	return (VOP_ADDMAP(VTOCVP(newsdp->vp),
531 	    newsdp->offset, newseg->s_as,
532 	    newseg->s_base, newseg->s_size, newsdp->prot,
533 	    newsdp->maxprot, sdp->type, CRED(), NULL));
534 }
535 
536 /*
537  * duplicate devmap handles
538  */
539 static int
devmap_handle_dup(devmap_handle_t * dhp,devmap_handle_t ** new_dhp,struct seg * newseg)540 devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp,
541     struct seg *newseg)
542 {
543 	devmap_handle_t *newdhp_save = NULL;
544 	devmap_handle_t *newdhp = NULL;
545 	struct devmap_callback_ctl *callbackops;
546 
547 	while (dhp != NULL) {
548 		newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP);
549 
550 		/* Need to lock the original dhp while copying if REMAP */
551 		HOLD_DHP_LOCK(dhp);
552 		bcopy(dhp, newdhp, sizeof (devmap_handle_t));
553 		RELE_DHP_LOCK(dhp);
554 		newdhp->dh_seg = newseg;
555 		newdhp->dh_next = NULL;
556 		if (newdhp_save != NULL)
557 			newdhp_save->dh_next = newdhp;
558 		else
559 			*new_dhp = newdhp;
560 		newdhp_save = newdhp;
561 
562 		callbackops = &newdhp->dh_callbackops;
563 
564 		if (dhp->dh_softlock != NULL)
565 			newdhp->dh_softlock = devmap_softlock_init(
566 			    newdhp->dh_dev,
567 			    (ulong_t)callbackops->devmap_access);
568 		if (dhp->dh_ctx != NULL)
569 			newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev,
570 			    (ulong_t)callbackops->devmap_access);
571 
572 		/*
573 		 * Initialize dh_lock if we want to do remap.
574 		 */
575 		if (newdhp->dh_flags & DEVMAP_ALLOW_REMAP) {
576 			mutex_init(&newdhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
577 			newdhp->dh_flags |= DEVMAP_LOCK_INITED;
578 		}
579 
580 		if (callbackops->devmap_dup != NULL) {
581 			int ret;
582 
583 			/*
584 			 * Call the dup callback so that the driver can
585 			 * duplicate its private data.
586 			 */
587 			ret = (*callbackops->devmap_dup)(dhp, dhp->dh_pvtp,
588 			    (devmap_cookie_t *)newdhp, &newdhp->dh_pvtp);
589 
590 			if (ret != 0) {
591 				/*
592 				 * We want to free up this segment as the driver
593 				 * has indicated that we can't dup it.  But we
594 				 * don't want to call the drivers, devmap_unmap,
595 				 * callback function as the driver does not
596 				 * think this segment exists. The caller of
597 				 * devmap_dup will call seg_free on newseg
598 				 * as it was the caller that allocated the
599 				 * segment.
600 				 */
601 				DEBUGF(1, (CE_CONT, "devmap_handle_dup ERROR: "
602 				    "newdhp %p dhp %p\n", (void *)newdhp,
603 				    (void *)dhp));
604 				callbackops->devmap_unmap = NULL;
605 				return (ret);
606 			}
607 		}
608 
609 		dhp = dhp->dh_next;
610 	}
611 
612 	return (0);
613 }
614 
615 /*
616  * Split a segment at addr for length len.
617  */
618 /*ARGSUSED*/
619 static int
segdev_unmap(struct seg * seg,caddr_t addr,size_t len)620 segdev_unmap(struct seg *seg, caddr_t addr, size_t len)
621 {
622 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
623 	register struct segdev_data *nsdp;
624 	register struct seg *nseg;
625 	register size_t	opages;		/* old segment size in pages */
626 	register size_t	npages;		/* new segment size in pages */
627 	register size_t	dpages;		/* pages being deleted (unmapped) */
628 	register size_t	nbytes;
629 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
630 	devmap_handle_t *dhpp;
631 	devmap_handle_t *newdhp;
632 	struct devmap_callback_ctl *callbackops;
633 	caddr_t nbase;
634 	offset_t off;
635 	ulong_t nsize;
636 	size_t mlen, sz;
637 
638 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP,
639 	    "segdev_unmap:start dhp=%p, seg=%p addr=%p len=%lx",
640 	    (void *)dhp, (void *)seg, (void *)addr, len);
641 
642 	DEBUGF(3, (CE_CONT, "segdev_unmap: dhp %p seg %p addr %p len %lx\n",
643 	    (void *)dhp, (void *)seg, (void *)addr, len));
644 
645 	/*
646 	 * Since the address space is "write" locked, we
647 	 * don't need the segment lock to protect "segdev" data.
648 	 */
649 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as));
650 
651 	if ((sz = sdp->softlockcnt) > 0) {
652 		/*
653 		 * Fail the unmap if pages are SOFTLOCKed through this mapping.
654 		 * softlockcnt is protected from change by the as write lock.
655 		 */
656 		TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK1,
657 		    "segdev_unmap:error softlockcnt = %ld", sz);
658 		DEBUGF(1, (CE_CONT, "segdev_unmap: softlockcnt %ld\n", sz));
659 		return (EAGAIN);
660 	}
661 
662 	/*
663 	 * Check for bad sizes
664 	 */
665 	if (addr < seg->s_base || addr + len > seg->s_base + seg->s_size ||
666 	    (len & PAGEOFFSET) || ((uintptr_t)addr & PAGEOFFSET))
667 		panic("segdev_unmap");
668 
669 	if (dhp != NULL) {
670 		devmap_handle_t *tdhp;
671 		/*
672 		 * If large page size was used in hat_devload(),
673 		 * the same page size must be used in hat_unload().
674 		 */
675 		dhpp = tdhp = devmap_find_handle(dhp, addr);
676 		while (tdhp != NULL) {
677 			if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) {
678 				break;
679 			}
680 			tdhp = tdhp->dh_next;
681 		}
682 		if (tdhp != NULL) {	/* found a dhp using large pages */
683 			size_t slen = len;
684 			size_t mlen;
685 			size_t soff;
686 
687 			soff = (ulong_t)(addr - dhpp->dh_uvaddr);
688 			while (slen != 0) {
689 				mlen = MIN(slen, (dhpp->dh_len - soff));
690 				hat_unload(seg->s_as->a_hat, dhpp->dh_uvaddr,
691 				    dhpp->dh_len, HAT_UNLOAD_UNMAP);
692 				dhpp = dhpp->dh_next;
693 				ASSERT(slen >= mlen);
694 				slen -= mlen;
695 				soff = 0;
696 			}
697 		} else
698 			hat_unload(seg->s_as->a_hat, addr, len,
699 			    HAT_UNLOAD_UNMAP);
700 	} else {
701 		/*
702 		 * Unload any hardware translations in the range
703 		 * to be taken out.
704 		 */
705 		hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD_UNMAP);
706 	}
707 
708 	/*
709 	 * get the user offset which will used in the driver callbacks
710 	 */
711 	off = sdp->offset + (offset_t)(addr - seg->s_base);
712 
713 	/*
714 	 * Inform the vnode of the unmapping.
715 	 */
716 	ASSERT(sdp->vp != NULL);
717 	(void) VOP_DELMAP(VTOCVP(sdp->vp), off, seg->s_as, addr, len,
718 	    sdp->prot, sdp->maxprot, sdp->type, CRED(), NULL);
719 
720 	/*
721 	 * Check for entire segment
722 	 */
723 	if (addr == seg->s_base && len == seg->s_size) {
724 		seg_free(seg);
725 		return (0);
726 	}
727 
728 	opages = seg_pages(seg);
729 	dpages = btop(len);
730 	npages = opages - dpages;
731 
732 	/*
733 	 * Check for beginning of segment
734 	 */
735 	if (addr == seg->s_base) {
736 		if (sdp->vpage != NULL) {
737 			register struct vpage *ovpage;
738 
739 			ovpage = sdp->vpage;	/* keep pointer to vpage */
740 
741 			nbytes = vpgtob(npages);
742 			sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
743 			bcopy(&ovpage[dpages], sdp->vpage, nbytes);
744 
745 			/* free up old vpage */
746 			kmem_free(ovpage, vpgtob(opages));
747 		}
748 
749 		/*
750 		 * free devmap handles from the beginning of the mapping.
751 		 */
752 		if (dhp != NULL)
753 			devmap_handle_unmap_head(dhp, len);
754 
755 		sdp->offset += (offset_t)len;
756 
757 		seg->s_base += len;
758 		seg->s_size -= len;
759 
760 		return (0);
761 	}
762 
763 	/*
764 	 * Check for end of segment
765 	 */
766 	if (addr + len == seg->s_base + seg->s_size) {
767 		if (sdp->vpage != NULL) {
768 			register struct vpage *ovpage;
769 
770 			ovpage = sdp->vpage;	/* keep pointer to vpage */
771 
772 			nbytes = vpgtob(npages);
773 			sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
774 			bcopy(ovpage, sdp->vpage, nbytes);
775 
776 			/* free up old vpage */
777 			kmem_free(ovpage, vpgtob(opages));
778 		}
779 		seg->s_size -= len;
780 
781 		/*
782 		 * free devmap handles from addr to the end of the mapping.
783 		 */
784 		if (dhp != NULL)
785 			devmap_handle_unmap_tail(dhp, addr);
786 
787 		return (0);
788 	}
789 
790 	/*
791 	 * The section to go is in the middle of the segment,
792 	 * have to make it into two segments.  nseg is made for
793 	 * the high end while seg is cut down at the low end.
794 	 */
795 	nbase = addr + len;				/* new seg base */
796 	nsize = (seg->s_base + seg->s_size) - nbase;	/* new seg size */
797 	seg->s_size = addr - seg->s_base;		/* shrink old seg */
798 	nseg = seg_alloc(seg->s_as, nbase, nsize);
799 	if (nseg == NULL)
800 		panic("segdev_unmap seg_alloc");
801 
802 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK2,
803 	    "segdev_unmap: seg=%p nseg=%p", (void *)seg, (void *)nseg);
804 	DEBUGF(3, (CE_CONT, "segdev_unmap: segdev_dup seg %p nseg %p\n",
805 	    (void *)seg, (void *)nseg));
806 	nsdp = sdp_alloc();
807 
808 	nseg->s_ops = seg->s_ops;
809 	nseg->s_data = (void *)nsdp;
810 
811 	VN_HOLD(sdp->vp);
812 	nsdp->mapfunc = sdp->mapfunc;
813 	nsdp->offset = sdp->offset + (offset_t)(nseg->s_base - seg->s_base);
814 	nsdp->vp 	= sdp->vp;
815 	nsdp->pageprot = sdp->pageprot;
816 	nsdp->prot	= sdp->prot;
817 	nsdp->maxprot = sdp->maxprot;
818 	nsdp->type = sdp->type;
819 	nsdp->hat_attr = sdp->hat_attr;
820 	nsdp->hat_flags = sdp->hat_flags;
821 	nsdp->softlockcnt = 0;
822 
823 	/*
824 	 * Initialize per page data if the segment we are
825 	 * dup'ing has per page information.
826 	 */
827 	if (sdp->vpage != NULL) {
828 		/* need to split vpage into two arrays */
829 		register size_t nnbytes;
830 		register size_t nnpages;
831 		register struct vpage *ovpage;
832 
833 		ovpage = sdp->vpage;		/* keep pointer to vpage */
834 
835 		npages = seg_pages(seg);	/* seg has shrunk */
836 		nbytes = vpgtob(npages);
837 		nnpages = seg_pages(nseg);
838 		nnbytes = vpgtob(nnpages);
839 
840 		sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
841 		bcopy(ovpage, sdp->vpage, nbytes);
842 
843 		nsdp->vpage = kmem_alloc(nnbytes, KM_SLEEP);
844 		bcopy(&ovpage[npages + dpages], nsdp->vpage, nnbytes);
845 
846 		/* free up old vpage */
847 		kmem_free(ovpage, vpgtob(opages));
848 	} else
849 		nsdp->vpage = NULL;
850 
851 	/*
852 	 * unmap dhps.
853 	 */
854 	if (dhp == NULL) {
855 		nsdp->devmap_data = NULL;
856 		return (0);
857 	}
858 	while (dhp != NULL) {
859 		callbackops = &dhp->dh_callbackops;
860 		TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK3,
861 		    "segdev_unmap: dhp=%p addr=%p", dhp, addr);
862 		DEBUGF(3, (CE_CONT, "unmap: dhp %p addr %p uvaddr %p len %lx\n",
863 		    (void *)dhp, (void *)addr,
864 		    (void *)dhp->dh_uvaddr, dhp->dh_len));
865 
866 		if (addr == (dhp->dh_uvaddr + dhp->dh_len)) {
867 			dhpp = dhp->dh_next;
868 			dhp->dh_next = NULL;
869 			dhp = dhpp;
870 		} else if (addr > (dhp->dh_uvaddr + dhp->dh_len)) {
871 			dhp = dhp->dh_next;
872 		} else if (addr > dhp->dh_uvaddr &&
873 		    (addr + len) < (dhp->dh_uvaddr + dhp->dh_len)) {
874 			/*
875 			 * <addr, addr+len> is enclosed by dhp.
876 			 * create a newdhp that begins at addr+len and
877 			 * ends at dhp->dh_uvaddr+dhp->dh_len.
878 			 */
879 			newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP);
880 			HOLD_DHP_LOCK(dhp);
881 			bcopy(dhp, newdhp, sizeof (devmap_handle_t));
882 			RELE_DHP_LOCK(dhp);
883 			newdhp->dh_seg = nseg;
884 			newdhp->dh_next = dhp->dh_next;
885 			if (dhp->dh_softlock != NULL)
886 				newdhp->dh_softlock = devmap_softlock_init(
887 				    newdhp->dh_dev,
888 				    (ulong_t)callbackops->devmap_access);
889 			if (dhp->dh_ctx != NULL)
890 				newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev,
891 				    (ulong_t)callbackops->devmap_access);
892 			if (newdhp->dh_flags & DEVMAP_LOCK_INITED) {
893 				mutex_init(&newdhp->dh_lock,
894 				    NULL, MUTEX_DEFAULT, NULL);
895 			}
896 			if (callbackops->devmap_unmap != NULL)
897 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
898 				    off, len, dhp, &dhp->dh_pvtp,
899 				    newdhp, &newdhp->dh_pvtp);
900 			mlen = len + (addr - dhp->dh_uvaddr);
901 			devmap_handle_reduce_len(newdhp, mlen);
902 			nsdp->devmap_data = newdhp;
903 			/* XX Changing len should recalculate LARGE flag */
904 			dhp->dh_len = addr - dhp->dh_uvaddr;
905 			dhpp = dhp->dh_next;
906 			dhp->dh_next = NULL;
907 			dhp = dhpp;
908 		} else if ((addr > dhp->dh_uvaddr) &&
909 		    ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len))) {
910 			mlen = dhp->dh_len + dhp->dh_uvaddr - addr;
911 			/*
912 			 * <addr, addr+len> spans over dhps.
913 			 */
914 			if (callbackops->devmap_unmap != NULL)
915 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
916 				    off, mlen, (devmap_cookie_t *)dhp,
917 				    &dhp->dh_pvtp, NULL, NULL);
918 			/* XX Changing len should recalculate LARGE flag */
919 			dhp->dh_len = addr - dhp->dh_uvaddr;
920 			dhpp = dhp->dh_next;
921 			dhp->dh_next = NULL;
922 			dhp = dhpp;
923 			nsdp->devmap_data = dhp;
924 		} else if ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len)) {
925 			/*
926 			 * dhp is enclosed by <addr, addr+len>.
927 			 */
928 			dhp->dh_seg = nseg;
929 			nsdp->devmap_data = dhp;
930 			dhp = devmap_handle_unmap(dhp);
931 			nsdp->devmap_data = dhp; /* XX redundant? */
932 		} else if (((addr + len) > dhp->dh_uvaddr) &&
933 		    ((addr + len) < (dhp->dh_uvaddr + dhp->dh_len))) {
934 			mlen = addr + len - dhp->dh_uvaddr;
935 			if (callbackops->devmap_unmap != NULL)
936 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
937 				    dhp->dh_uoff, mlen, NULL,
938 				    NULL, dhp, &dhp->dh_pvtp);
939 			devmap_handle_reduce_len(dhp, mlen);
940 			nsdp->devmap_data = dhp;
941 			dhp->dh_seg = nseg;
942 			dhp = dhp->dh_next;
943 		} else {
944 			dhp->dh_seg = nseg;
945 			dhp = dhp->dh_next;
946 		}
947 	}
948 	return (0);
949 }
950 
951 /*
952  * Utility function handles reducing the length of a devmap handle during unmap
953  * Note that is only used for unmapping the front portion of the handler,
954  * i.e., we are bumping up the offset/pfn etc up by len
955  * Do not use if reducing length at the tail.
956  */
957 static void
devmap_handle_reduce_len(devmap_handle_t * dhp,size_t len)958 devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len)
959 {
960 	struct ddi_umem_cookie *cp;
961 	struct devmap_pmem_cookie *pcp;
962 	/*
963 	 * adjust devmap handle fields
964 	 */
965 	ASSERT(len < dhp->dh_len);
966 
967 	/* Make sure only page-aligned changes are done */
968 	ASSERT((len & PAGEOFFSET) == 0);
969 
970 	dhp->dh_len -= len;
971 	dhp->dh_uoff += (offset_t)len;
972 	dhp->dh_roff += (offset_t)len;
973 	dhp->dh_uvaddr += len;
974 	/* Need to grab dhp lock if REMAP */
975 	HOLD_DHP_LOCK(dhp);
976 	cp = dhp->dh_cookie;
977 	if (!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)) {
978 		if (cookie_is_devmem(cp)) {
979 			dhp->dh_pfn += btop(len);
980 		} else if (cookie_is_pmem(cp)) {
981 			pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie;
982 			ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 &&
983 			    dhp->dh_roff < ptob(pcp->dp_npages));
984 		} else {
985 			ASSERT(dhp->dh_roff < cp->size);
986 			ASSERT(dhp->dh_cvaddr >= cp->cvaddr &&
987 			    dhp->dh_cvaddr < (cp->cvaddr + cp->size));
988 			ASSERT((dhp->dh_cvaddr + len) <=
989 			    (cp->cvaddr + cp->size));
990 
991 			dhp->dh_cvaddr += len;
992 		}
993 	}
994 	/* XXX - Should recalculate the DEVMAP_FLAG_LARGE after changes */
995 	RELE_DHP_LOCK(dhp);
996 }
997 
998 /*
999  * Free devmap handle, dhp.
1000  * Return the next devmap handle on the linked list.
1001  */
1002 static devmap_handle_t *
devmap_handle_unmap(devmap_handle_t * dhp)1003 devmap_handle_unmap(devmap_handle_t *dhp)
1004 {
1005 	struct devmap_callback_ctl *callbackops = &dhp->dh_callbackops;
1006 	struct segdev_data *sdp = (struct segdev_data *)dhp->dh_seg->s_data;
1007 	devmap_handle_t *dhpp = (devmap_handle_t *)sdp->devmap_data;
1008 
1009 	ASSERT(dhp != NULL);
1010 
1011 	/*
1012 	 * before we free up dhp, call the driver's devmap_unmap entry point
1013 	 * to free resources allocated for this dhp.
1014 	 */
1015 	if (callbackops->devmap_unmap != NULL) {
1016 		(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, dhp->dh_uoff,
1017 		    dhp->dh_len, NULL, NULL, NULL, NULL);
1018 	}
1019 
1020 	if (dhpp == dhp) {	/* releasing first dhp, change sdp data */
1021 		sdp->devmap_data = dhp->dh_next;
1022 	} else {
1023 		while (dhpp->dh_next != dhp) {
1024 			dhpp = dhpp->dh_next;
1025 		}
1026 		dhpp->dh_next = dhp->dh_next;
1027 	}
1028 	dhpp = dhp->dh_next;	/* return value is next dhp in chain */
1029 
1030 	if (dhp->dh_softlock != NULL)
1031 		devmap_softlock_rele(dhp);
1032 
1033 	if (dhp->dh_ctx != NULL)
1034 		devmap_ctx_rele(dhp);
1035 
1036 	if (dhp->dh_flags & DEVMAP_LOCK_INITED) {
1037 		mutex_destroy(&dhp->dh_lock);
1038 	}
1039 	kmem_free(dhp, sizeof (devmap_handle_t));
1040 
1041 	return (dhpp);
1042 }
1043 
1044 /*
1045  * Free complete devmap handles from dhp for len bytes
1046  * dhp can be either the first handle or a subsequent handle
1047  */
1048 static void
devmap_handle_unmap_head(devmap_handle_t * dhp,size_t len)1049 devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len)
1050 {
1051 	struct devmap_callback_ctl *callbackops;
1052 
1053 	/*
1054 	 * free the devmap handles covered by len.
1055 	 */
1056 	while (len >= dhp->dh_len) {
1057 		len -= dhp->dh_len;
1058 		dhp = devmap_handle_unmap(dhp);
1059 	}
1060 	if (len != 0) {	/* partial unmap at head of first remaining dhp */
1061 		callbackops = &dhp->dh_callbackops;
1062 
1063 		/*
1064 		 * Call the unmap callback so the drivers can make
1065 		 * adjustment on its private data.
1066 		 */
1067 		if (callbackops->devmap_unmap != NULL)
1068 			(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
1069 			    dhp->dh_uoff, len, NULL, NULL, dhp, &dhp->dh_pvtp);
1070 		devmap_handle_reduce_len(dhp, len);
1071 	}
1072 }
1073 
1074 /*
1075  * Free devmap handles to truncate  the mapping after addr
1076  * RFE: Simpler to pass in dhp pointing at correct dhp (avoid find again)
1077  *	Also could then use the routine in middle unmap case too
1078  */
1079 static void
devmap_handle_unmap_tail(devmap_handle_t * dhp,caddr_t addr)1080 devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr)
1081 {
1082 	register struct seg *seg = dhp->dh_seg;
1083 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1084 	register devmap_handle_t *dhph = (devmap_handle_t *)sdp->devmap_data;
1085 	struct devmap_callback_ctl *callbackops;
1086 	register devmap_handle_t *dhpp;
1087 	size_t maplen;
1088 	ulong_t off;
1089 	size_t len;
1090 
1091 	maplen = (size_t)(addr - dhp->dh_uvaddr);
1092 	dhph = devmap_find_handle(dhph, addr);
1093 
1094 	while (dhph != NULL) {
1095 		if (maplen == 0) {
1096 			dhph =  devmap_handle_unmap(dhph);
1097 		} else {
1098 			callbackops = &dhph->dh_callbackops;
1099 			len = dhph->dh_len - maplen;
1100 			off = (ulong_t)sdp->offset + (addr - seg->s_base);
1101 			/*
1102 			 * Call the unmap callback so the driver
1103 			 * can make adjustments on its private data.
1104 			 */
1105 			if (callbackops->devmap_unmap != NULL)
1106 				(*callbackops->devmap_unmap)(dhph,
1107 				    dhph->dh_pvtp, off, len,
1108 				    (devmap_cookie_t *)dhph,
1109 				    &dhph->dh_pvtp, NULL, NULL);
1110 			/* XXX Reducing len needs to recalculate LARGE flag */
1111 			dhph->dh_len = maplen;
1112 			maplen = 0;
1113 			dhpp = dhph->dh_next;
1114 			dhph->dh_next = NULL;
1115 			dhph = dhpp;
1116 		}
1117 	} /* end while */
1118 }
1119 
1120 /*
1121  * Free a segment.
1122  */
1123 static void
segdev_free(struct seg * seg)1124 segdev_free(struct seg *seg)
1125 {
1126 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1127 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
1128 
1129 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FREE,
1130 	    "segdev_free: dhp=%p seg=%p", (void *)dhp, (void *)seg);
1131 	DEBUGF(3, (CE_CONT, "segdev_free: dhp %p seg %p\n",
1132 	    (void *)dhp, (void *)seg));
1133 
1134 	/*
1135 	 * Since the address space is "write" locked, we
1136 	 * don't need the segment lock to protect "segdev" data.
1137 	 */
1138 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as));
1139 
1140 	while (dhp != NULL)
1141 		dhp = devmap_handle_unmap(dhp);
1142 
1143 	VN_RELE(sdp->vp);
1144 	if (sdp->vpage != NULL)
1145 		kmem_free(sdp->vpage, vpgtob(seg_pages(seg)));
1146 
1147 	rw_destroy(&sdp->lock);
1148 	kmem_free(sdp, sizeof (*sdp));
1149 }
1150 
1151 static void
free_devmap_handle(devmap_handle_t * dhp)1152 free_devmap_handle(devmap_handle_t *dhp)
1153 {
1154 	register devmap_handle_t *dhpp;
1155 
1156 	/*
1157 	 * free up devmap handle
1158 	 */
1159 	while (dhp != NULL) {
1160 		dhpp = dhp->dh_next;
1161 		if (dhp->dh_flags & DEVMAP_LOCK_INITED) {
1162 			mutex_destroy(&dhp->dh_lock);
1163 		}
1164 
1165 		if (dhp->dh_softlock != NULL)
1166 			devmap_softlock_rele(dhp);
1167 
1168 		if (dhp->dh_ctx != NULL)
1169 			devmap_ctx_rele(dhp);
1170 
1171 		kmem_free(dhp, sizeof (devmap_handle_t));
1172 		dhp = dhpp;
1173 	}
1174 }
1175 
1176 /*
1177  * routines to lock and unlock underlying segkp segment for
1178  * KMEM_PAGEABLE type cookies.
1179  * segkp only allows a single pending F_SOFTLOCK
1180  * we keep track of number of locks in the cookie so we can
1181  * have multiple pending faults and manage the calls to segkp.
1182  * RFE: if segkp supports either pagelock or can support multiple
1183  * calls to F_SOFTLOCK, then these routines can go away.
1184  *	If pagelock, segdev_faultpage can fault on a page by page basis
1185  *		and simplifies the code quite a bit.
1186  *	if multiple calls allowed but not partial ranges, then need for
1187  *	cookie->lock and locked count goes away, code can call as_fault directly
1188  */
1189 static faultcode_t
acquire_kpmem_lock(struct ddi_umem_cookie * cookie,size_t npages)1190 acquire_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages)
1191 {
1192 	int err = 0;
1193 	ASSERT(cookie_is_kpmem(cookie));
1194 	/*
1195 	 * Fault in pages in segkp with F_SOFTLOCK.
1196 	 * We want to hold the lock until all pages have been loaded.
1197 	 * segkp only allows single caller to hold SOFTLOCK, so cookie
1198 	 * holds a count so we dont call into segkp multiple times
1199 	 */
1200 	mutex_enter(&cookie->lock);
1201 
1202 	/*
1203 	 * Check for overflow in locked field
1204 	 */
1205 	if ((UINT32_MAX - cookie->locked) < npages) {
1206 		err = FC_MAKE_ERR(ENOMEM);
1207 	} else if (cookie->locked == 0) {
1208 		/* First time locking */
1209 		err = as_fault(kas.a_hat, &kas, cookie->cvaddr,
1210 		    cookie->size, F_SOFTLOCK, PROT_READ|PROT_WRITE);
1211 	}
1212 	if (!err) {
1213 		cookie->locked += npages;
1214 	}
1215 	mutex_exit(&cookie->lock);
1216 	return (err);
1217 }
1218 
1219 static void
release_kpmem_lock(struct ddi_umem_cookie * cookie,size_t npages)1220 release_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages)
1221 {
1222 	mutex_enter(&cookie->lock);
1223 	ASSERT(cookie_is_kpmem(cookie));
1224 	ASSERT(cookie->locked >= npages);
1225 	cookie->locked -= (uint_t)npages;
1226 	if (cookie->locked == 0) {
1227 		/* Last unlock */
1228 		if (as_fault(kas.a_hat, &kas, cookie->cvaddr,
1229 		    cookie->size, F_SOFTUNLOCK, PROT_READ|PROT_WRITE))
1230 			panic("segdev releasing kpmem lock %p", (void *)cookie);
1231 	}
1232 	mutex_exit(&cookie->lock);
1233 }
1234 
1235 /*
1236  * Routines to synchronize F_SOFTLOCK and F_INVAL faults for
1237  * drivers with devmap_access callbacks
1238  * slock->softlocked basically works like a rw lock
1239  *	-ve counts => F_SOFTLOCK in progress
1240  *	+ve counts => F_INVAL/F_PROT in progress
1241  * We allow only one F_SOFTLOCK at a time
1242  * but can have multiple pending F_INVAL/F_PROT calls
1243  *
1244  * This routine waits using cv_wait_sig so killing processes is more graceful
1245  * Returns EINTR if coming out of this routine due to a signal, 0 otherwise
1246  */
devmap_softlock_enter(struct devmap_softlock * slock,size_t npages,enum fault_type type)1247 static int devmap_softlock_enter(
1248 	struct devmap_softlock *slock,
1249 	size_t npages,
1250 	enum fault_type type)
1251 {
1252 	if (npages == 0)
1253 		return (0);
1254 	mutex_enter(&(slock->lock));
1255 	switch (type) {
1256 	case F_SOFTLOCK :
1257 		while (slock->softlocked) {
1258 			if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) {
1259 				/* signalled */
1260 				mutex_exit(&(slock->lock));
1261 				return (EINTR);
1262 			}
1263 		}
1264 		slock->softlocked -= npages; /* -ve count => locked */
1265 		break;
1266 	case F_INVAL :
1267 	case F_PROT :
1268 		while (slock->softlocked < 0)
1269 			if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) {
1270 				/* signalled */
1271 				mutex_exit(&(slock->lock));
1272 				return (EINTR);
1273 			}
1274 		slock->softlocked += npages; /* +ve count => f_invals */
1275 		break;
1276 	default:
1277 		ASSERT(0);
1278 	}
1279 	mutex_exit(&(slock->lock));
1280 	return (0);
1281 }
1282 
devmap_softlock_exit(struct devmap_softlock * slock,size_t npages,enum fault_type type)1283 static void devmap_softlock_exit(
1284 	struct devmap_softlock *slock,
1285 	size_t npages,
1286 	enum fault_type type)
1287 {
1288 	if (slock == NULL)
1289 		return;
1290 	mutex_enter(&(slock->lock));
1291 	switch (type) {
1292 	case F_SOFTLOCK :
1293 		ASSERT(-slock->softlocked >= npages);
1294 		slock->softlocked += npages;	/* -ve count is softlocked */
1295 		if (slock->softlocked == 0)
1296 			cv_signal(&slock->cv);
1297 		break;
1298 	case F_INVAL :
1299 	case F_PROT:
1300 		ASSERT(slock->softlocked >= npages);
1301 		slock->softlocked -= npages;
1302 		if (slock->softlocked == 0)
1303 			cv_signal(&slock->cv);
1304 		break;
1305 	default:
1306 		ASSERT(0);
1307 	}
1308 	mutex_exit(&(slock->lock));
1309 }
1310 
1311 /*
1312  * Do a F_SOFTUNLOCK call over the range requested.
1313  * The range must have already been F_SOFTLOCK'ed.
1314  * The segment lock should be held, (but not the segment private lock?)
1315  *  The softunlock code below does not adjust for large page sizes
1316  *	assumes the caller already did any addr/len adjustments for
1317  *	pagesize mappings before calling.
1318  */
1319 /*ARGSUSED*/
1320 static void
segdev_softunlock(struct hat * hat,struct seg * seg,caddr_t addr,size_t len,enum seg_rw rw)1321 segdev_softunlock(
1322 	struct hat *hat,		/* the hat */
1323 	struct seg *seg,		/* seg_dev of interest */
1324 	caddr_t addr,			/* base address of range */
1325 	size_t len,			/* number of bytes */
1326 	enum seg_rw rw)			/* type of access at fault */
1327 {
1328 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1329 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
1330 
1331 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SOFTUNLOCK,
1332 	    "segdev_softunlock:dhp_head=%p sdp=%p addr=%p len=%lx",
1333 	    dhp_head, sdp, addr, len);
1334 	DEBUGF(3, (CE_CONT, "segdev_softunlock: dhp %p lockcnt %lx "
1335 	    "addr %p len %lx\n",
1336 	    (void *)dhp_head, sdp->softlockcnt, (void *)addr, len));
1337 
1338 	hat_unlock(hat, addr, len);
1339 
1340 	if (dhp_head != NULL) {
1341 		devmap_handle_t *dhp;
1342 		size_t mlen;
1343 		size_t tlen = len;
1344 		ulong_t off;
1345 
1346 		dhp = devmap_find_handle(dhp_head, addr);
1347 		ASSERT(dhp != NULL);
1348 
1349 		off = (ulong_t)(addr - dhp->dh_uvaddr);
1350 		while (tlen != 0) {
1351 			mlen = MIN(tlen, (dhp->dh_len - off));
1352 
1353 			/*
1354 			 * unlock segkp memory, locked during F_SOFTLOCK
1355 			 */
1356 			if (dhp_is_kpmem(dhp)) {
1357 				release_kpmem_lock(
1358 				    (struct ddi_umem_cookie *)dhp->dh_cookie,
1359 				    btopr(mlen));
1360 			}
1361 
1362 			/*
1363 			 * Do the softlock accounting for devmap_access
1364 			 */
1365 			if (dhp->dh_callbackops.devmap_access != NULL) {
1366 				devmap_softlock_exit(dhp->dh_softlock,
1367 				    btopr(mlen), F_SOFTLOCK);
1368 			}
1369 
1370 			tlen -= mlen;
1371 			dhp = dhp->dh_next;
1372 			off = 0;
1373 		}
1374 	}
1375 
1376 	mutex_enter(&freemem_lock);
1377 	ASSERT(sdp->softlockcnt >= btopr(len));
1378 	sdp->softlockcnt -= btopr(len);
1379 	mutex_exit(&freemem_lock);
1380 	if (sdp->softlockcnt == 0) {
1381 		/*
1382 		 * All SOFTLOCKS are gone. Wakeup any waiting
1383 		 * unmappers so they can try again to unmap.
1384 		 * Check for waiters first without the mutex
1385 		 * held so we don't always grab the mutex on
1386 		 * softunlocks.
1387 		 */
1388 		if (AS_ISUNMAPWAIT(seg->s_as)) {
1389 			mutex_enter(&seg->s_as->a_contents);
1390 			if (AS_ISUNMAPWAIT(seg->s_as)) {
1391 				AS_CLRUNMAPWAIT(seg->s_as);
1392 				cv_broadcast(&seg->s_as->a_cv);
1393 			}
1394 			mutex_exit(&seg->s_as->a_contents);
1395 		}
1396 	}
1397 
1398 }
1399 
1400 /*
1401  * Handle fault for a single page.
1402  * Done in a separate routine so we can handle errors more easily.
1403  * This routine is called only from segdev_faultpages()
1404  * when looping over the range of addresses requested. The segment lock is held.
1405  */
1406 static faultcode_t
segdev_faultpage(struct hat * hat,struct seg * seg,caddr_t addr,struct vpage * vpage,enum fault_type type,enum seg_rw rw,devmap_handle_t * dhp)1407 segdev_faultpage(
1408 	struct hat *hat,		/* the hat */
1409 	struct seg *seg,		/* seg_dev of interest */
1410 	caddr_t addr,			/* address in as */
1411 	struct vpage *vpage,		/* pointer to vpage for seg, addr */
1412 	enum fault_type type,		/* type of fault */
1413 	enum seg_rw rw,			/* type of access at fault */
1414 	devmap_handle_t *dhp)		/* devmap handle if any for this page */
1415 {
1416 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1417 	uint_t prot;
1418 	pfn_t pfnum = PFN_INVALID;
1419 	u_offset_t offset;
1420 	uint_t hat_flags;
1421 	dev_info_t *dip;
1422 
1423 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE,
1424 	    "segdev_faultpage: dhp=%p seg=%p addr=%p", dhp, seg, addr);
1425 	DEBUGF(8, (CE_CONT, "segdev_faultpage: dhp %p seg %p addr %p \n",
1426 	    (void *)dhp, (void *)seg, (void *)addr));
1427 
1428 	/*
1429 	 * Initialize protection value for this page.
1430 	 * If we have per page protection values check it now.
1431 	 */
1432 	if (sdp->pageprot) {
1433 		uint_t protchk;
1434 
1435 		switch (rw) {
1436 		case S_READ:
1437 			protchk = PROT_READ;
1438 			break;
1439 		case S_WRITE:
1440 			protchk = PROT_WRITE;
1441 			break;
1442 		case S_EXEC:
1443 			protchk = PROT_EXEC;
1444 			break;
1445 		case S_OTHER:
1446 		default:
1447 			protchk = PROT_READ | PROT_WRITE | PROT_EXEC;
1448 			break;
1449 		}
1450 
1451 		prot = VPP_PROT(vpage);
1452 		if ((prot & protchk) == 0)
1453 			return (FC_PROT);	/* illegal access type */
1454 	} else {
1455 		prot = sdp->prot;
1456 		/* caller has already done segment level protection check */
1457 	}
1458 
1459 	if (type == F_SOFTLOCK) {
1460 		mutex_enter(&freemem_lock);
1461 		sdp->softlockcnt++;
1462 		mutex_exit(&freemem_lock);
1463 	}
1464 
1465 	hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD);
1466 	offset = sdp->offset + (u_offset_t)(addr - seg->s_base);
1467 	/*
1468 	 * In the devmap framework, sdp->mapfunc is set to NULL.  we can get
1469 	 * pfnum from dhp->dh_pfn (at beginning of segment) and offset from
1470 	 * seg->s_base.
1471 	 */
1472 	if (dhp == NULL) {
1473 		/* If segment has devmap_data, then dhp should be non-NULL */
1474 		ASSERT(sdp->devmap_data == NULL);
1475 		pfnum = (pfn_t)cdev_mmap(sdp->mapfunc, sdp->vp->v_rdev,
1476 		    (off_t)offset, prot);
1477 		prot |= sdp->hat_attr;
1478 	} else {
1479 		ulong_t off;
1480 		struct ddi_umem_cookie *cp;
1481 		struct devmap_pmem_cookie *pcp;
1482 
1483 		/* ensure the dhp passed in contains addr. */
1484 		ASSERT(dhp == devmap_find_handle(
1485 		    (devmap_handle_t *)sdp->devmap_data, addr));
1486 
1487 		off = addr - dhp->dh_uvaddr;
1488 
1489 		/*
1490 		 * This routine assumes that the caller makes sure that the
1491 		 * fields in dhp used below are unchanged due to remap during
1492 		 * this call. Caller does HOLD_DHP_LOCK if neeed
1493 		 */
1494 		cp = dhp->dh_cookie;
1495 		if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) {
1496 			pfnum = PFN_INVALID;
1497 		} else if (cookie_is_devmem(cp)) {
1498 			pfnum = dhp->dh_pfn + btop(off);
1499 		} else if (cookie_is_pmem(cp)) {
1500 			pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie;
1501 			ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 &&
1502 			    dhp->dh_roff < ptob(pcp->dp_npages));
1503 			pfnum = page_pptonum(
1504 			    pcp->dp_pparray[btop(off + dhp->dh_roff)]);
1505 		} else {
1506 			ASSERT(dhp->dh_roff < cp->size);
1507 			ASSERT(dhp->dh_cvaddr >= cp->cvaddr &&
1508 			    dhp->dh_cvaddr < (cp->cvaddr + cp->size));
1509 			ASSERT((dhp->dh_cvaddr + off) <=
1510 			    (cp->cvaddr + cp->size));
1511 			ASSERT((dhp->dh_cvaddr + off + PAGESIZE) <=
1512 			    (cp->cvaddr + cp->size));
1513 
1514 			switch (cp->type) {
1515 			case UMEM_LOCKED :
1516 				if (cp->pparray != NULL) {
1517 					ASSERT((dhp->dh_roff &
1518 					    PAGEOFFSET) == 0);
1519 					pfnum = page_pptonum(
1520 					    cp->pparray[btop(off +
1521 					    dhp->dh_roff)]);
1522 				} else {
1523 					pfnum = hat_getpfnum(
1524 					    ((proc_t *)cp->procp)->p_as->a_hat,
1525 					    cp->cvaddr + off);
1526 				}
1527 			break;
1528 			case UMEM_TRASH :
1529 				pfnum = page_pptonum(trashpp);
1530 				/*
1531 				 * We should set hat_flags to HAT_NOFAULT also
1532 				 * However, not all hat layers implement this
1533 				 */
1534 				break;
1535 			case KMEM_PAGEABLE:
1536 			case KMEM_NON_PAGEABLE:
1537 				pfnum = hat_getpfnum(kas.a_hat,
1538 				    dhp->dh_cvaddr + off);
1539 				break;
1540 			default :
1541 				pfnum = PFN_INVALID;
1542 				break;
1543 			}
1544 		}
1545 		prot |= dhp->dh_hat_attr;
1546 	}
1547 	if (pfnum == PFN_INVALID) {
1548 		return (FC_MAKE_ERR(EFAULT));
1549 	}
1550 	/* prot should already be OR'ed in with hat_attributes if needed */
1551 
1552 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE_CK1,
1553 	    "segdev_faultpage: pfnum=%lx memory=%x prot=%x flags=%x",
1554 	    pfnum, pf_is_memory(pfnum), prot, hat_flags);
1555 	DEBUGF(9, (CE_CONT, "segdev_faultpage: pfnum %lx memory %x "
1556 	    "prot %x flags %x\n", pfnum, pf_is_memory(pfnum), prot, hat_flags));
1557 
1558 	if (pf_is_memory(pfnum) || (dhp != NULL)) {
1559 		/*
1560 		 * It's not _really_ required here to pass sdp->hat_flags
1561 		 * to hat_devload even though we do it.
1562 		 * This is because hat figures it out DEVMEM mappings
1563 		 * are non-consistent, anyway.
1564 		 */
1565 		hat_devload(hat, addr, PAGESIZE, pfnum,
1566 		    prot, hat_flags | sdp->hat_flags);
1567 		return (0);
1568 	}
1569 
1570 	/*
1571 	 * Fall through to the case where devmap is not used and need to call
1572 	 * up the device tree to set up the mapping
1573 	 */
1574 
1575 	dip = VTOS(VTOCVP(sdp->vp))->s_dip;
1576 	ASSERT(dip);
1577 
1578 	/*
1579 	 * When calling ddi_map_fault, we do not OR in sdp->hat_attr
1580 	 * This is because this calls drivers which may not expect
1581 	 * prot to have any other values than PROT_ALL
1582 	 * The root nexus driver has a hack to peek into the segment
1583 	 * structure and then OR in sdp->hat_attr.
1584 	 * XX In case the bus_ops interfaces are ever revisited
1585 	 * we need to fix this. prot should include other hat attributes
1586 	 */
1587 	if (ddi_map_fault(dip, hat, seg, addr, NULL, pfnum, prot & PROT_ALL,
1588 	    (uint_t)(type == F_SOFTLOCK)) != DDI_SUCCESS) {
1589 		return (FC_MAKE_ERR(EFAULT));
1590 	}
1591 	return (0);
1592 }
1593 
1594 static faultcode_t
segdev_fault(struct hat * hat,struct seg * seg,caddr_t addr,size_t len,enum fault_type type,enum seg_rw rw)1595 segdev_fault(
1596 	struct hat *hat,		/* the hat */
1597 	struct seg *seg,		/* the seg_dev of interest */
1598 	caddr_t addr,			/* the address of the fault */
1599 	size_t len,			/* the length of the range */
1600 	enum fault_type type,		/* type of fault */
1601 	enum seg_rw rw)			/* type of access at fault */
1602 {
1603 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1604 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
1605 	devmap_handle_t *dhp;
1606 	struct devmap_softlock *slock = NULL;
1607 	ulong_t slpage = 0;
1608 	ulong_t off;
1609 	caddr_t maddr = addr;
1610 	int err;
1611 	int err_is_faultcode = 0;
1612 
1613 	TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_FAULT,
1614 	    "segdev_fault: dhp_head=%p seg=%p addr=%p len=%lx type=%x",
1615 	    (void *)dhp_head, (void *)seg, (void *)addr, len, type);
1616 	DEBUGF(7, (CE_CONT, "segdev_fault: dhp_head %p seg %p "
1617 	    "addr %p len %lx type %x\n",
1618 	    (void *)dhp_head, (void *)seg, (void *)addr, len, type));
1619 
1620 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
1621 
1622 	/* Handle non-devmap case */
1623 	if (dhp_head == NULL)
1624 		return (segdev_faultpages(hat, seg, addr, len, type, rw, NULL));
1625 
1626 	/* Find devmap handle */
1627 	if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL)
1628 		return (FC_NOMAP);
1629 
1630 	/*
1631 	 * The seg_dev driver does not implement copy-on-write,
1632 	 * and always loads translations with maximal allowed permissions
1633 	 * but we got an fault trying to access the device.
1634 	 * Servicing the fault is not going to result in any better result
1635 	 * RFE: If we want devmap_access callbacks to be involved in F_PROT
1636 	 *	faults, then the code below is written for that
1637 	 *	Pending resolution of the following:
1638 	 *	- determine if the F_INVAL/F_SOFTLOCK syncing
1639 	 *	is needed for F_PROT also or not. The code below assumes it does
1640 	 *	- If driver sees F_PROT and calls devmap_load with same type,
1641 	 *	then segdev_faultpages will fail with FC_PROT anyway, need to
1642 	 *	change that so calls from devmap_load to segdev_faultpages for
1643 	 *	F_PROT type are retagged to F_INVAL.
1644 	 * RFE: Today we dont have drivers that use devmap and want to handle
1645 	 *	F_PROT calls. The code in segdev_fault* is written to allow
1646 	 *	this case but is not tested. A driver that needs this capability
1647 	 *	should be able to remove the short-circuit case; resolve the
1648 	 *	above issues and "should" work.
1649 	 */
1650 	if (type == F_PROT) {
1651 		return (FC_PROT);
1652 	}
1653 
1654 	/*
1655 	 * Loop through dhp list calling devmap_access or segdev_faultpages for
1656 	 * each devmap handle.
1657 	 * drivers which implement devmap_access can interpose on faults and do
1658 	 * device-appropriate special actions before calling devmap_load.
1659 	 */
1660 
1661 	/*
1662 	 * Unfortunately, this simple loop has turned out to expose a variety
1663 	 * of complex problems which results in the following convoluted code.
1664 	 *
1665 	 * First, a desire to handle a serialization of F_SOFTLOCK calls
1666 	 * to the driver within the framework.
1667 	 *	This results in a dh_softlock structure that is on a per device
1668 	 *	(or device instance) basis and serializes devmap_access calls.
1669 	 *	Ideally we would need to do this for underlying
1670 	 *	memory/device regions that are being faulted on
1671 	 *	but that is hard to identify and with REMAP, harder
1672 	 * Second, a desire to serialize F_INVAL(and F_PROT) calls w.r.t.
1673 	 * 	to F_SOFTLOCK calls to the driver.
1674 	 * These serializations are to simplify the driver programmer model.
1675 	 * To support these two features, the code first goes through the
1676 	 *	devmap handles and counts the pages (slpage) that are covered
1677 	 *	by devmap_access callbacks.
1678 	 * This part ends with a devmap_softlock_enter call
1679 	 *	which allows only one F_SOFTLOCK active on a device instance,
1680 	 *	but multiple F_INVAL/F_PROTs can be active except when a
1681 	 *	F_SOFTLOCK is active
1682 	 *
1683 	 * Next, we dont short-circuit the fault code upfront to call
1684 	 *	segdev_softunlock for F_SOFTUNLOCK, because we must use
1685 	 *	the same length when we softlock and softunlock.
1686 	 *
1687 	 *	-Hat layers may not support softunlocking lengths less than the
1688 	 *	original length when there is large page support.
1689 	 *	-kpmem locking is dependent on keeping the lengths same.
1690 	 *	-if drivers handled F_SOFTLOCK, they probably also expect to
1691 	 *		see an F_SOFTUNLOCK of the same length
1692 	 *	Hence, if extending lengths during softlock,
1693 	 *	softunlock has to make the same adjustments and goes through
1694 	 *	the same loop calling segdev_faultpages/segdev_softunlock
1695 	 *	But some of the synchronization and error handling is different
1696 	 */
1697 
1698 	if (type != F_SOFTUNLOCK) {
1699 		devmap_handle_t *dhpp = dhp;
1700 		size_t slen = len;
1701 
1702 		/*
1703 		 * Calculate count of pages that are :
1704 		 * a) within the (potentially extended) fault region
1705 		 * b) AND covered by devmap handle with devmap_access
1706 		 */
1707 		off = (ulong_t)(addr - dhpp->dh_uvaddr);
1708 		while (slen != 0) {
1709 			size_t mlen;
1710 
1711 			/*
1712 			 * Softlocking on a region that allows remap is
1713 			 * unsupported due to unresolved locking issues
1714 			 * XXX: unclear what these are?
1715 			 *	One potential is that if there is a pending
1716 			 *	softlock, then a remap should not be allowed
1717 			 *	until the unlock is done. This is easily
1718 			 *	fixed by returning error in devmap*remap on
1719 			 *	checking the dh->dh_softlock->softlocked value
1720 			 */
1721 			if ((type == F_SOFTLOCK) &&
1722 			    (dhpp->dh_flags & DEVMAP_ALLOW_REMAP)) {
1723 				return (FC_NOSUPPORT);
1724 			}
1725 
1726 			mlen = MIN(slen, (dhpp->dh_len - off));
1727 			if (dhpp->dh_callbackops.devmap_access) {
1728 				size_t llen;
1729 				caddr_t laddr;
1730 				/*
1731 				 * use extended length for large page mappings
1732 				 */
1733 				HOLD_DHP_LOCK(dhpp);
1734 				if ((sdp->pageprot == 0) &&
1735 				    (dhpp->dh_flags & DEVMAP_FLAG_LARGE)) {
1736 					devmap_get_large_pgsize(dhpp,
1737 					    mlen, maddr, &llen, &laddr);
1738 				} else {
1739 					llen = mlen;
1740 				}
1741 				RELE_DHP_LOCK(dhpp);
1742 
1743 				slpage += btopr(llen);
1744 				slock = dhpp->dh_softlock;
1745 			}
1746 			maddr += mlen;
1747 			ASSERT(slen >= mlen);
1748 			slen -= mlen;
1749 			dhpp = dhpp->dh_next;
1750 			off = 0;
1751 		}
1752 		/*
1753 		 * synchonize with other faulting threads and wait till safe
1754 		 * devmap_softlock_enter might return due to signal in cv_wait
1755 		 *
1756 		 * devmap_softlock_enter has to be called outside of while loop
1757 		 * to prevent a deadlock if len spans over multiple dhps.
1758 		 * dh_softlock is based on device instance and if multiple dhps
1759 		 * use the same device instance, the second dhp's LOCK call
1760 		 * will hang waiting on the first to complete.
1761 		 * devmap_setup verifies that slocks in a dhp_chain are same.
1762 		 * RFE: this deadlock only hold true for F_SOFTLOCK. For
1763 		 * 	F_INVAL/F_PROT, since we now allow multiple in parallel,
1764 		 *	we could have done the softlock_enter inside the loop
1765 		 *	and supported multi-dhp mappings with dissimilar devices
1766 		 */
1767 		if (err = devmap_softlock_enter(slock, slpage, type))
1768 			return (FC_MAKE_ERR(err));
1769 	}
1770 
1771 	/* reset 'maddr' to the start addr of the range of fault. */
1772 	maddr = addr;
1773 
1774 	/* calculate the offset corresponds to 'addr' in the first dhp. */
1775 	off = (ulong_t)(addr - dhp->dh_uvaddr);
1776 
1777 	/*
1778 	 * The fault length may span over multiple dhps.
1779 	 * Loop until the total length is satisfied.
1780 	 */
1781 	while (len != 0) {
1782 		size_t llen;
1783 		size_t mlen;
1784 		caddr_t laddr;
1785 
1786 		/*
1787 		 * mlen is the smaller of 'len' and the length
1788 		 * from addr to the end of mapping defined by dhp.
1789 		 */
1790 		mlen = MIN(len, (dhp->dh_len - off));
1791 
1792 		HOLD_DHP_LOCK(dhp);
1793 		/*
1794 		 * Pass the extended length and address to devmap_access
1795 		 * if large pagesize is used for loading address translations.
1796 		 */
1797 		if ((sdp->pageprot == 0) &&
1798 		    (dhp->dh_flags & DEVMAP_FLAG_LARGE)) {
1799 			devmap_get_large_pgsize(dhp, mlen, maddr,
1800 			    &llen, &laddr);
1801 			ASSERT(maddr == addr || laddr == maddr);
1802 		} else {
1803 			llen = mlen;
1804 			laddr = maddr;
1805 		}
1806 
1807 		if (dhp->dh_callbackops.devmap_access != NULL) {
1808 			offset_t aoff;
1809 
1810 			aoff = sdp->offset + (offset_t)(laddr - seg->s_base);
1811 
1812 			/*
1813 			 * call driver's devmap_access entry point which will
1814 			 * call devmap_load/contextmgmt to load the translations
1815 			 *
1816 			 * We drop the dhp_lock before calling access so
1817 			 * drivers can call devmap_*_remap within access
1818 			 */
1819 			RELE_DHP_LOCK(dhp);
1820 
1821 			err = (*dhp->dh_callbackops.devmap_access)(
1822 			    dhp, (void *)dhp->dh_pvtp, aoff, llen, type, rw);
1823 		} else {
1824 			/*
1825 			 * If no devmap_access entry point, then load mappings
1826 			 * hold dhp_lock across faultpages if REMAP
1827 			 */
1828 			err = segdev_faultpages(hat, seg, laddr, llen,
1829 			    type, rw, dhp);
1830 			err_is_faultcode = 1;
1831 			RELE_DHP_LOCK(dhp);
1832 		}
1833 
1834 		if (err) {
1835 			if ((type == F_SOFTLOCK) && (maddr > addr)) {
1836 				/*
1837 				 * If not first dhp, use
1838 				 * segdev_fault(F_SOFTUNLOCK) for prior dhps
1839 				 * While this is recursion, it is incorrect to
1840 				 * call just segdev_softunlock
1841 				 * if we are using either large pages
1842 				 * or devmap_access. It will be more right
1843 				 * to go through the same loop as above
1844 				 * rather than call segdev_softunlock directly
1845 				 * It will use the right lenghths as well as
1846 				 * call into the driver devmap_access routines.
1847 				 */
1848 				size_t done = (size_t)(maddr - addr);
1849 				(void) segdev_fault(hat, seg, addr, done,
1850 				    F_SOFTUNLOCK, S_OTHER);
1851 				/*
1852 				 * reduce slpage by number of pages
1853 				 * released by segdev_softunlock
1854 				 */
1855 				ASSERT(slpage >= btopr(done));
1856 				devmap_softlock_exit(slock,
1857 				    slpage - btopr(done), type);
1858 			} else {
1859 				devmap_softlock_exit(slock, slpage, type);
1860 			}
1861 
1862 
1863 			/*
1864 			 * Segdev_faultpages() already returns a faultcode,
1865 			 * hence, result from segdev_faultpages() should be
1866 			 * returned directly.
1867 			 */
1868 			if (err_is_faultcode)
1869 				return (err);
1870 			return (FC_MAKE_ERR(err));
1871 		}
1872 
1873 		maddr += mlen;
1874 		ASSERT(len >= mlen);
1875 		len -= mlen;
1876 		dhp = dhp->dh_next;
1877 		off = 0;
1878 
1879 		ASSERT(!dhp || len == 0 || maddr == dhp->dh_uvaddr);
1880 	}
1881 	/*
1882 	 * release the softlock count at end of fault
1883 	 * For F_SOFTLOCk this is done in the later F_SOFTUNLOCK
1884 	 */
1885 	if ((type == F_INVAL) || (type == F_PROT))
1886 		devmap_softlock_exit(slock, slpage, type);
1887 	return (0);
1888 }
1889 
1890 /*
1891  * segdev_faultpages
1892  *
1893  * Used to fault in seg_dev segment pages. Called by segdev_fault or devmap_load
1894  * This routine assumes that the callers makes sure that the fields
1895  * in dhp used below are not changed due to remap during this call.
1896  * Caller does HOLD_DHP_LOCK if neeed
1897  * This routine returns a faultcode_t as a return value for segdev_fault.
1898  */
1899 static faultcode_t
segdev_faultpages(struct hat * hat,struct seg * seg,caddr_t addr,size_t len,enum fault_type type,enum seg_rw rw,devmap_handle_t * dhp)1900 segdev_faultpages(
1901 	struct hat *hat,		/* the hat */
1902 	struct seg *seg,		/* the seg_dev of interest */
1903 	caddr_t addr,			/* the address of the fault */
1904 	size_t len,			/* the length of the range */
1905 	enum fault_type type,		/* type of fault */
1906 	enum seg_rw rw,			/* type of access at fault */
1907 	devmap_handle_t *dhp)		/* devmap handle */
1908 {
1909 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1910 	register caddr_t a;
1911 	struct vpage *vpage;
1912 	struct ddi_umem_cookie *kpmem_cookie = NULL;
1913 	int err;
1914 
1915 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGES,
1916 	    "segdev_faultpages: dhp=%p seg=%p addr=%p len=%lx",
1917 	    (void *)dhp, (void *)seg, (void *)addr, len);
1918 	DEBUGF(5, (CE_CONT, "segdev_faultpages: "
1919 	    "dhp %p seg %p addr %p len %lx\n",
1920 	    (void *)dhp, (void *)seg, (void *)addr, len));
1921 
1922 	/*
1923 	 * The seg_dev driver does not implement copy-on-write,
1924 	 * and always loads translations with maximal allowed permissions
1925 	 * but we got an fault trying to access the device.
1926 	 * Servicing the fault is not going to result in any better result
1927 	 * XXX: If we want to allow devmap_access to handle F_PROT calls,
1928 	 * This code should be removed and let the normal fault handling
1929 	 * take care of finding the error
1930 	 */
1931 	if (type == F_PROT) {
1932 		return (FC_PROT);
1933 	}
1934 
1935 	if (type == F_SOFTUNLOCK) {
1936 		segdev_softunlock(hat, seg, addr, len, rw);
1937 		return (0);
1938 	}
1939 
1940 	/*
1941 	 * For kernel pageable memory, fault/lock segkp pages
1942 	 * We hold this until the completion of this
1943 	 * fault (INVAL/PROT) or till unlock (SOFTLOCK).
1944 	 */
1945 	if ((dhp != NULL) && dhp_is_kpmem(dhp)) {
1946 		kpmem_cookie = (struct ddi_umem_cookie *)dhp->dh_cookie;
1947 		if (err = acquire_kpmem_lock(kpmem_cookie, btopr(len)))
1948 			return (err);
1949 	}
1950 
1951 	/*
1952 	 * If we have the same protections for the entire segment,
1953 	 * insure that the access being attempted is legitimate.
1954 	 */
1955 	rw_enter(&sdp->lock, RW_READER);
1956 	if (sdp->pageprot == 0) {
1957 		uint_t protchk;
1958 
1959 		switch (rw) {
1960 		case S_READ:
1961 			protchk = PROT_READ;
1962 			break;
1963 		case S_WRITE:
1964 			protchk = PROT_WRITE;
1965 			break;
1966 		case S_EXEC:
1967 			protchk = PROT_EXEC;
1968 			break;
1969 		case S_OTHER:
1970 		default:
1971 			protchk = PROT_READ | PROT_WRITE | PROT_EXEC;
1972 			break;
1973 		}
1974 
1975 		if ((sdp->prot & protchk) == 0) {
1976 			rw_exit(&sdp->lock);
1977 			/* undo kpmem locking */
1978 			if (kpmem_cookie != NULL) {
1979 				release_kpmem_lock(kpmem_cookie, btopr(len));
1980 			}
1981 			return (FC_PROT);	/* illegal access type */
1982 		}
1983 	}
1984 
1985 	/*
1986 	 * we do a single hat_devload for the range if
1987 	 *   - devmap framework (dhp is not NULL),
1988 	 *   - pageprot == 0, i.e., no per-page protection set and
1989 	 *   - is device pages, irrespective of whether we are using large pages
1990 	 */
1991 	if ((sdp->pageprot == 0) && (dhp != NULL) && dhp_is_devmem(dhp)) {
1992 		pfn_t pfnum;
1993 		uint_t hat_flags;
1994 
1995 		if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) {
1996 			rw_exit(&sdp->lock);
1997 			return (FC_NOMAP);
1998 		}
1999 
2000 		if (type == F_SOFTLOCK) {
2001 			mutex_enter(&freemem_lock);
2002 			sdp->softlockcnt += btopr(len);
2003 			mutex_exit(&freemem_lock);
2004 		}
2005 
2006 		hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD);
2007 		pfnum = dhp->dh_pfn + btop((uintptr_t)(addr - dhp->dh_uvaddr));
2008 		ASSERT(!pf_is_memory(pfnum));
2009 
2010 		hat_devload(hat, addr, len, pfnum, sdp->prot | dhp->dh_hat_attr,
2011 		    hat_flags | sdp->hat_flags);
2012 		rw_exit(&sdp->lock);
2013 		return (0);
2014 	}
2015 
2016 	/* Handle cases where we have to loop through fault handling per-page */
2017 
2018 	if (sdp->vpage == NULL)
2019 		vpage = NULL;
2020 	else
2021 		vpage = &sdp->vpage[seg_page(seg, addr)];
2022 
2023 	/* loop over the address range handling each fault */
2024 	for (a = addr; a < addr + len; a += PAGESIZE) {
2025 		if (err = segdev_faultpage(hat, seg, a, vpage, type, rw, dhp)) {
2026 			break;
2027 		}
2028 		if (vpage != NULL)
2029 			vpage++;
2030 	}
2031 	rw_exit(&sdp->lock);
2032 	if (err && (type == F_SOFTLOCK)) { /* error handling for F_SOFTLOCK */
2033 		size_t done = (size_t)(a - addr); /* pages fault successfully */
2034 		if (done > 0) {
2035 			/* use softunlock for those pages */
2036 			segdev_softunlock(hat, seg, addr, done, S_OTHER);
2037 		}
2038 		if (kpmem_cookie != NULL) {
2039 			/* release kpmem lock for rest of pages */
2040 			ASSERT(len >= done);
2041 			release_kpmem_lock(kpmem_cookie, btopr(len - done));
2042 		}
2043 	} else if ((kpmem_cookie != NULL) && (type != F_SOFTLOCK)) {
2044 		/* for non-SOFTLOCK cases, release kpmem */
2045 		release_kpmem_lock(kpmem_cookie, btopr(len));
2046 	}
2047 	return (err);
2048 }
2049 
2050 /*
2051  * Asynchronous page fault.  We simply do nothing since this
2052  * entry point is not supposed to load up the translation.
2053  */
2054 /*ARGSUSED*/
2055 static faultcode_t
segdev_faulta(struct seg * seg,caddr_t addr)2056 segdev_faulta(struct seg *seg, caddr_t addr)
2057 {
2058 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FAULTA,
2059 	    "segdev_faulta: seg=%p addr=%p", (void *)seg, (void *)addr);
2060 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2061 
2062 	return (0);
2063 }
2064 
2065 static int
segdev_setprot(struct seg * seg,caddr_t addr,size_t len,uint_t prot)2066 segdev_setprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot)
2067 {
2068 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2069 	register devmap_handle_t *dhp;
2070 	register struct vpage *vp, *evp;
2071 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
2072 	ulong_t off;
2073 	size_t mlen, sz;
2074 
2075 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT,
2076 	    "segdev_setprot:start seg=%p addr=%p len=%lx prot=%x",
2077 	    (void *)seg, (void *)addr, len, prot);
2078 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2079 
2080 	if ((sz = sdp->softlockcnt) > 0 && dhp_head != NULL) {
2081 		/*
2082 		 * Fail the setprot if pages are SOFTLOCKed through this
2083 		 * mapping.
2084 		 * Softlockcnt is protected from change by the as read lock.
2085 		 */
2086 		TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT_CK1,
2087 		    "segdev_setprot:error softlockcnt=%lx", sz);
2088 		DEBUGF(1, (CE_CONT, "segdev_setprot: softlockcnt %ld\n", sz));
2089 		return (EAGAIN);
2090 	}
2091 
2092 	if (dhp_head != NULL) {
2093 		if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL)
2094 			return (EINVAL);
2095 
2096 		/*
2097 		 * check if violate maxprot.
2098 		 */
2099 		off = (ulong_t)(addr - dhp->dh_uvaddr);
2100 		mlen  = len;
2101 		while (dhp) {
2102 			if ((dhp->dh_maxprot & prot) != prot)
2103 				return (EACCES);	/* violated maxprot */
2104 
2105 			if (mlen > (dhp->dh_len - off)) {
2106 				mlen -= dhp->dh_len - off;
2107 				dhp = dhp->dh_next;
2108 				off = 0;
2109 			} else
2110 				break;
2111 		}
2112 	} else {
2113 		if ((sdp->maxprot & prot) != prot)
2114 			return (EACCES);
2115 	}
2116 
2117 	rw_enter(&sdp->lock, RW_WRITER);
2118 	if (addr == seg->s_base && len == seg->s_size && sdp->pageprot == 0) {
2119 		if (sdp->prot == prot) {
2120 			rw_exit(&sdp->lock);
2121 			return (0);			/* all done */
2122 		}
2123 		sdp->prot = (uchar_t)prot;
2124 	} else {
2125 		sdp->pageprot = 1;
2126 		if (sdp->vpage == NULL) {
2127 			/*
2128 			 * First time through setting per page permissions,
2129 			 * initialize all the vpage structures to prot
2130 			 */
2131 			sdp->vpage = kmem_zalloc(vpgtob(seg_pages(seg)),
2132 			    KM_SLEEP);
2133 			evp = &sdp->vpage[seg_pages(seg)];
2134 			for (vp = sdp->vpage; vp < evp; vp++)
2135 				VPP_SETPROT(vp, sdp->prot);
2136 		}
2137 		/*
2138 		 * Now go change the needed vpages protections.
2139 		 */
2140 		evp = &sdp->vpage[seg_page(seg, addr + len)];
2141 		for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++)
2142 			VPP_SETPROT(vp, prot);
2143 	}
2144 	rw_exit(&sdp->lock);
2145 
2146 	if (dhp_head != NULL) {
2147 		devmap_handle_t *tdhp;
2148 		/*
2149 		 * If large page size was used in hat_devload(),
2150 		 * the same page size must be used in hat_unload().
2151 		 */
2152 		dhp = tdhp = devmap_find_handle(dhp_head, addr);
2153 		while (tdhp != NULL) {
2154 			if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) {
2155 				break;
2156 			}
2157 			tdhp = tdhp->dh_next;
2158 		}
2159 		if (tdhp) {
2160 			size_t slen = len;
2161 			size_t mlen;
2162 			size_t soff;
2163 
2164 			soff = (ulong_t)(addr - dhp->dh_uvaddr);
2165 			while (slen != 0) {
2166 				mlen = MIN(slen, (dhp->dh_len - soff));
2167 				hat_unload(seg->s_as->a_hat, dhp->dh_uvaddr,
2168 				    dhp->dh_len, HAT_UNLOAD);
2169 				dhp = dhp->dh_next;
2170 				ASSERT(slen >= mlen);
2171 				slen -= mlen;
2172 				soff = 0;
2173 			}
2174 			return (0);
2175 		}
2176 	}
2177 
2178 	if ((prot & ~PROT_USER) == PROT_NONE) {
2179 		hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD);
2180 	} else {
2181 		/*
2182 		 * RFE: the segment should keep track of all attributes
2183 		 * allowing us to remove the deprecated hat_chgprot
2184 		 * and use hat_chgattr.
2185 		 */
2186 		hat_chgprot(seg->s_as->a_hat, addr, len, prot);
2187 	}
2188 
2189 	return (0);
2190 }
2191 
2192 static int
segdev_checkprot(struct seg * seg,caddr_t addr,size_t len,uint_t prot)2193 segdev_checkprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot)
2194 {
2195 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2196 	struct vpage *vp, *evp;
2197 
2198 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_CHECKPROT,
2199 	    "segdev_checkprot:start seg=%p addr=%p len=%lx prot=%x",
2200 	    (void *)seg, (void *)addr, len, prot);
2201 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2202 
2203 	/*
2204 	 * If segment protection can be used, simply check against them
2205 	 */
2206 	rw_enter(&sdp->lock, RW_READER);
2207 	if (sdp->pageprot == 0) {
2208 		register int err;
2209 
2210 		err = ((sdp->prot & prot) != prot) ? EACCES : 0;
2211 		rw_exit(&sdp->lock);
2212 		return (err);
2213 	}
2214 
2215 	/*
2216 	 * Have to check down to the vpage level
2217 	 */
2218 	evp = &sdp->vpage[seg_page(seg, addr + len)];
2219 	for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) {
2220 		if ((VPP_PROT(vp) & prot) != prot) {
2221 			rw_exit(&sdp->lock);
2222 			return (EACCES);
2223 		}
2224 	}
2225 	rw_exit(&sdp->lock);
2226 	return (0);
2227 }
2228 
2229 static int
segdev_getprot(struct seg * seg,caddr_t addr,size_t len,uint_t * protv)2230 segdev_getprot(struct seg *seg, caddr_t addr, size_t len, uint_t *protv)
2231 {
2232 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2233 	size_t pgno;
2234 
2235 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_GETPROT,
2236 	    "segdev_getprot:start seg=%p addr=%p len=%lx protv=%p",
2237 	    (void *)seg, (void *)addr, len, (void *)protv);
2238 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2239 
2240 	pgno = seg_page(seg, addr + len) - seg_page(seg, addr) + 1;
2241 	if (pgno != 0) {
2242 		rw_enter(&sdp->lock, RW_READER);
2243 		if (sdp->pageprot == 0) {
2244 			do {
2245 				protv[--pgno] = sdp->prot;
2246 			} while (pgno != 0);
2247 		} else {
2248 			size_t pgoff = seg_page(seg, addr);
2249 
2250 			do {
2251 				pgno--;
2252 				protv[pgno] =
2253 				    VPP_PROT(&sdp->vpage[pgno + pgoff]);
2254 			} while (pgno != 0);
2255 		}
2256 		rw_exit(&sdp->lock);
2257 	}
2258 	return (0);
2259 }
2260 
2261 static u_offset_t
segdev_getoffset(register struct seg * seg,caddr_t addr)2262 segdev_getoffset(register struct seg *seg, caddr_t addr)
2263 {
2264 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2265 
2266 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETOFFSET,
2267 	    "segdev_getoffset:start seg=%p addr=%p", (void *)seg, (void *)addr);
2268 
2269 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2270 
2271 	return ((u_offset_t)sdp->offset + (addr - seg->s_base));
2272 }
2273 
2274 /*ARGSUSED*/
2275 static int
segdev_gettype(register struct seg * seg,caddr_t addr)2276 segdev_gettype(register struct seg *seg, caddr_t addr)
2277 {
2278 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2279 
2280 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETTYPE,
2281 	    "segdev_gettype:start seg=%p addr=%p", (void *)seg, (void *)addr);
2282 
2283 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2284 
2285 	return (sdp->type);
2286 }
2287 
2288 
2289 /*ARGSUSED*/
2290 static int
segdev_getvp(register struct seg * seg,caddr_t addr,struct vnode ** vpp)2291 segdev_getvp(register struct seg *seg, caddr_t addr, struct vnode **vpp)
2292 {
2293 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2294 
2295 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETVP,
2296 	    "segdev_getvp:start seg=%p addr=%p", (void *)seg, (void *)addr);
2297 
2298 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2299 
2300 	/*
2301 	 * Note that this vp is the common_vp of the device, where the
2302 	 * pages are hung ..
2303 	 */
2304 	*vpp = VTOCVP(sdp->vp);
2305 
2306 	return (0);
2307 }
2308 
2309 static void
segdev_badop(void)2310 segdev_badop(void)
2311 {
2312 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGDEV_BADOP,
2313 	    "segdev_badop:start");
2314 	panic("segdev_badop");
2315 	/*NOTREACHED*/
2316 }
2317 
2318 /*
2319  * segdev pages are not in the cache, and thus can't really be controlled.
2320  * Hence, syncs are simply always successful.
2321  */
2322 /*ARGSUSED*/
2323 static int
segdev_sync(struct seg * seg,caddr_t addr,size_t len,int attr,uint_t flags)2324 segdev_sync(struct seg *seg, caddr_t addr, size_t len, int attr, uint_t flags)
2325 {
2326 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SYNC, "segdev_sync:start");
2327 
2328 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2329 
2330 	return (0);
2331 }
2332 
2333 /*
2334  * segdev pages are always "in core".
2335  */
2336 /*ARGSUSED*/
2337 static size_t
segdev_incore(struct seg * seg,caddr_t addr,size_t len,char * vec)2338 segdev_incore(struct seg *seg, caddr_t addr, size_t len, char *vec)
2339 {
2340 	size_t v = 0;
2341 
2342 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_INCORE, "segdev_incore:start");
2343 
2344 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2345 
2346 	for (len = (len + PAGEOFFSET) & PAGEMASK; len; len -= PAGESIZE,
2347 	    v += PAGESIZE)
2348 		*vec++ = 1;
2349 	return (v);
2350 }
2351 
2352 /*
2353  * segdev pages are not in the cache, and thus can't really be controlled.
2354  * Hence, locks are simply always successful.
2355  */
2356 /*ARGSUSED*/
2357 static int
segdev_lockop(struct seg * seg,caddr_t addr,size_t len,int attr,int op,ulong_t * lockmap,size_t pos)2358 segdev_lockop(struct seg *seg, caddr_t addr,
2359     size_t len, int attr, int op, ulong_t *lockmap, size_t pos)
2360 {
2361 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_LOCKOP, "segdev_lockop:start");
2362 
2363 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2364 
2365 	return (0);
2366 }
2367 
2368 /*
2369  * segdev pages are not in the cache, and thus can't really be controlled.
2370  * Hence, advise is simply always successful.
2371  */
2372 /*ARGSUSED*/
2373 static int
segdev_advise(struct seg * seg,caddr_t addr,size_t len,uint_t behav)2374 segdev_advise(struct seg *seg, caddr_t addr, size_t len, uint_t behav)
2375 {
2376 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_ADVISE, "segdev_advise:start");
2377 
2378 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as));
2379 
2380 	return (0);
2381 }
2382 
2383 /*
2384  * segdev pages are not dumped, so we just return
2385  */
2386 /*ARGSUSED*/
2387 static void
segdev_dump(struct seg * seg)2388 segdev_dump(struct seg *seg)
2389 {}
2390 
2391 /*
2392  * ddi_segmap_setup:	Used by drivers who wish specify mapping attributes
2393  *			for a segment.	Called from a drivers segmap(9E)
2394  *			routine.
2395  */
2396 /*ARGSUSED*/
2397 int
ddi_segmap_setup(dev_t dev,off_t offset,struct as * as,caddr_t * addrp,off_t len,uint_t prot,uint_t maxprot,uint_t flags,cred_t * cred,ddi_device_acc_attr_t * accattrp,uint_t rnumber)2398 ddi_segmap_setup(dev_t dev, off_t offset, struct as *as, caddr_t *addrp,
2399     off_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cred,
2400     ddi_device_acc_attr_t *accattrp, uint_t rnumber)
2401 {
2402 	struct segdev_crargs dev_a;
2403 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2404 	uint_t hat_attr;
2405 	pfn_t pfn;
2406 	int	error, i;
2407 
2408 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP_SETUP,
2409 	    "ddi_segmap_setup:start");
2410 
2411 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2412 		return (ENODEV);
2413 
2414 	/*
2415 	 * Character devices that support the d_mmap
2416 	 * interface can only be mmap'ed shared.
2417 	 */
2418 	if ((flags & MAP_TYPE) != MAP_SHARED)
2419 		return (EINVAL);
2420 
2421 	/*
2422 	 * Check that this region is indeed mappable on this platform.
2423 	 * Use the mapping function.
2424 	 */
2425 	if (ddi_device_mapping_check(dev, accattrp, rnumber, &hat_attr) == -1)
2426 		return (ENXIO);
2427 
2428 	/*
2429 	 * Check to ensure that the entire range is
2430 	 * legal and we are not trying to map in
2431 	 * more than the device will let us.
2432 	 */
2433 	for (i = 0; i < len; i += PAGESIZE) {
2434 		if (i == 0) {
2435 			/*
2436 			 * Save the pfn at offset here. This pfn will be
2437 			 * used later to get user address.
2438 			 */
2439 			if ((pfn = (pfn_t)cdev_mmap(mapfunc, dev, offset,
2440 			    maxprot)) == PFN_INVALID)
2441 				return (ENXIO);
2442 		} else {
2443 			if (cdev_mmap(mapfunc, dev, offset + i, maxprot) ==
2444 			    PFN_INVALID)
2445 				return (ENXIO);
2446 		}
2447 	}
2448 
2449 	as_rangelock(as);
2450 	/* Pick an address w/o worrying about any vac alignment constraints. */
2451 	error = choose_addr(as, addrp, len, ptob(pfn), ADDR_NOVACALIGN, flags);
2452 	if (error != 0) {
2453 		as_rangeunlock(as);
2454 		return (error);
2455 	}
2456 
2457 	dev_a.mapfunc = mapfunc;
2458 	dev_a.dev = dev;
2459 	dev_a.offset = (offset_t)offset;
2460 	dev_a.type = flags & MAP_TYPE;
2461 	dev_a.prot = (uchar_t)prot;
2462 	dev_a.maxprot = (uchar_t)maxprot;
2463 	dev_a.hat_attr = hat_attr;
2464 	dev_a.hat_flags = 0;
2465 	dev_a.devmap_data = NULL;
2466 
2467 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2468 	as_rangeunlock(as);
2469 	return (error);
2470 
2471 }
2472 
2473 /*ARGSUSED*/
2474 static int
segdev_pagelock(struct seg * seg,caddr_t addr,size_t len,struct page *** ppp,enum lock_type type,enum seg_rw rw)2475 segdev_pagelock(struct seg *seg, caddr_t addr, size_t len,
2476     struct page ***ppp, enum lock_type type, enum seg_rw rw)
2477 {
2478 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_PAGELOCK,
2479 	    "segdev_pagelock:start");
2480 	return (ENOTSUP);
2481 }
2482 
2483 /*ARGSUSED*/
2484 static int
segdev_setpagesize(struct seg * seg,caddr_t addr,size_t len,uint_t szc)2485 segdev_setpagesize(struct seg *seg, caddr_t addr, size_t len,
2486     uint_t szc)
2487 {
2488 	return (ENOTSUP);
2489 }
2490 
2491 /*
2492  * devmap_device: Used by devmap framework to establish mapping
2493  *                called by devmap_seup(9F) during map setup time.
2494  */
2495 /*ARGSUSED*/
2496 static int
devmap_device(devmap_handle_t * dhp,struct as * as,caddr_t * addr,offset_t off,size_t len,uint_t flags)2497 devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr,
2498     offset_t off, size_t len, uint_t flags)
2499 {
2500 	devmap_handle_t *rdhp, *maxdhp;
2501 	struct segdev_crargs dev_a;
2502 	int	err;
2503 	uint_t maxprot = PROT_ALL;
2504 	offset_t offset = 0;
2505 	pfn_t pfn;
2506 	struct devmap_pmem_cookie *pcp;
2507 
2508 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVICE,
2509 	    "devmap_device:start dhp=%p addr=%p off=%llx, len=%lx",
2510 	    (void *)dhp, (void *)addr, off, len);
2511 
2512 	DEBUGF(2, (CE_CONT, "devmap_device: dhp %p addr %p off %llx len %lx\n",
2513 	    (void *)dhp, (void *)addr, off, len));
2514 
2515 	as_rangelock(as);
2516 	if ((flags & MAP_FIXED) == 0) {
2517 		offset_t aligned_off;
2518 
2519 		rdhp = maxdhp = dhp;
2520 		while (rdhp != NULL) {
2521 			maxdhp = (maxdhp->dh_len > rdhp->dh_len) ?
2522 			    maxdhp : rdhp;
2523 			rdhp = rdhp->dh_next;
2524 			maxprot |= dhp->dh_maxprot;
2525 		}
2526 		offset = maxdhp->dh_uoff - dhp->dh_uoff;
2527 
2528 		/*
2529 		 * Use the dhp that has the
2530 		 * largest len to get user address.
2531 		 */
2532 		/*
2533 		 * If MAPPING_INVALID, cannot use dh_pfn/dh_cvaddr,
2534 		 * use 0 which is as good as any other.
2535 		 */
2536 		if (maxdhp->dh_flags & DEVMAP_MAPPING_INVALID) {
2537 			aligned_off = (offset_t)0;
2538 		} else if (dhp_is_devmem(maxdhp)) {
2539 			aligned_off = (offset_t)ptob(maxdhp->dh_pfn) - offset;
2540 		} else if (dhp_is_pmem(maxdhp)) {
2541 			pcp = (struct devmap_pmem_cookie *)maxdhp->dh_pcookie;
2542 			pfn = page_pptonum(
2543 			    pcp->dp_pparray[btop(maxdhp->dh_roff)]);
2544 			aligned_off = (offset_t)ptob(pfn) - offset;
2545 		} else {
2546 			aligned_off = (offset_t)(uintptr_t)maxdhp->dh_cvaddr -
2547 			    offset;
2548 		}
2549 
2550 		/*
2551 		 * Pick an address aligned to dh_cookie.
2552 		 * for kernel memory/user memory, cookie is cvaddr.
2553 		 * for device memory, cookie is physical address.
2554 		 */
2555 		map_addr(addr, len, aligned_off, 1, flags);
2556 		if (*addr == NULL) {
2557 			as_rangeunlock(as);
2558 			return (ENOMEM);
2559 		}
2560 	} else {
2561 		/*
2562 		 * User-specified address; blow away any previous mappings.
2563 		 */
2564 		(void) as_unmap(as, *addr, len);
2565 	}
2566 
2567 	dev_a.mapfunc = NULL;
2568 	dev_a.dev = dhp->dh_dev;
2569 	dev_a.type = flags & MAP_TYPE;
2570 	dev_a.offset = off;
2571 	/*
2572 	 * sdp->maxprot has the least restrict protection of all dhps.
2573 	 */
2574 	dev_a.maxprot = maxprot;
2575 	dev_a.prot = dhp->dh_prot;
2576 	/*
2577 	 * devmap uses dhp->dh_hat_attr for hat.
2578 	 */
2579 	dev_a.hat_flags = 0;
2580 	dev_a.hat_attr = 0;
2581 	dev_a.devmap_data = (void *)dhp;
2582 
2583 	err = as_map(as, *addr, len, segdev_create, &dev_a);
2584 	as_rangeunlock(as);
2585 	return (err);
2586 }
2587 
2588 int
devmap_do_ctxmgt(devmap_cookie_t dhc,void * pvtp,offset_t off,size_t len,uint_t type,uint_t rw,int (* ctxmgt)(devmap_cookie_t,void *,offset_t,size_t,uint_t,uint_t))2589 devmap_do_ctxmgt(devmap_cookie_t dhc, void *pvtp, offset_t off, size_t len,
2590     uint_t type, uint_t rw, int (*ctxmgt)(devmap_cookie_t, void *, offset_t,
2591     size_t, uint_t, uint_t))
2592 {
2593 	register devmap_handle_t *dhp = (devmap_handle_t *)dhc;
2594 	struct devmap_ctx *devctx;
2595 	int do_timeout = 0;
2596 	int ret;
2597 
2598 #ifdef lint
2599 	pvtp = pvtp;
2600 #endif
2601 
2602 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT,
2603 	    "devmap_do_ctxmgt:start dhp=%p off=%llx, len=%lx",
2604 	    (void *)dhp, off, len);
2605 	DEBUGF(7, (CE_CONT, "devmap_do_ctxmgt: dhp %p off %llx len %lx\n",
2606 	    (void *)dhp, off, len));
2607 
2608 	if (ctxmgt == NULL)
2609 		return (FC_HWERR);
2610 
2611 	devctx = dhp->dh_ctx;
2612 
2613 	/*
2614 	 * If we are on an MP system with more than one cpu running
2615 	 * and if a thread on some CPU already has the context, wait
2616 	 * for it to finish if there is a hysteresis timeout.
2617 	 *
2618 	 * We call cv_wait() instead of cv_wait_sig() because
2619 	 * it does not matter much if it returned due to a signal
2620 	 * or due to a cv_signal() or cv_broadcast().  In either event
2621 	 * we need to complete the mapping otherwise the processes
2622 	 * will die with a SEGV.
2623 	 */
2624 	if ((dhp->dh_timeout_length > 0) && (ncpus > 1)) {
2625 		TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK1,
2626 		    "devmap_do_ctxmgt:doing hysteresis, devctl %p dhp %p",
2627 		    devctx, dhp);
2628 		do_timeout = 1;
2629 		mutex_enter(&devctx->lock);
2630 		while (devctx->oncpu)
2631 			cv_wait(&devctx->cv, &devctx->lock);
2632 		devctx->oncpu = 1;
2633 		mutex_exit(&devctx->lock);
2634 	}
2635 
2636 	/*
2637 	 * Call the contextmgt callback so that the driver can handle
2638 	 * the fault.
2639 	 */
2640 	ret = (*ctxmgt)(dhp, dhp->dh_pvtp, off, len, type, rw);
2641 
2642 	/*
2643 	 * If devmap_access() returned -1, then there was a hardware
2644 	 * error so we need to convert the return value to something
2645 	 * that trap() will understand.  Otherwise, the return value
2646 	 * is already a fault code generated by devmap_unload()
2647 	 * or devmap_load().
2648 	 */
2649 	if (ret) {
2650 		TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK2,
2651 		    "devmap_do_ctxmgt: ret=%x dhp=%p devctx=%p",
2652 		    ret, dhp, devctx);
2653 		DEBUGF(1, (CE_CONT, "devmap_do_ctxmgt: ret %x dhp %p\n",
2654 		    ret, (void *)dhp));
2655 		if (devctx->oncpu) {
2656 			mutex_enter(&devctx->lock);
2657 			devctx->oncpu = 0;
2658 			cv_signal(&devctx->cv);
2659 			mutex_exit(&devctx->lock);
2660 		}
2661 		return (FC_HWERR);
2662 	}
2663 
2664 	/*
2665 	 * Setup the timeout if we need to
2666 	 */
2667 	if (do_timeout) {
2668 		mutex_enter(&devctx->lock);
2669 		if (dhp->dh_timeout_length > 0) {
2670 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK3,
2671 			    "devmap_do_ctxmgt:timeout set");
2672 			devctx->timeout = timeout(devmap_ctxto,
2673 			    devctx, dhp->dh_timeout_length);
2674 		} else {
2675 			/*
2676 			 * We don't want to wait so set oncpu to
2677 			 * 0 and wake up anyone waiting.
2678 			 */
2679 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK4,
2680 			    "devmap_do_ctxmgt:timeout not set");
2681 			devctx->oncpu = 0;
2682 			cv_signal(&devctx->cv);
2683 		}
2684 		mutex_exit(&devctx->lock);
2685 	}
2686 
2687 	return (DDI_SUCCESS);
2688 }
2689 
2690 /*
2691  *                                       end of mapping
2692  *                    poff   fault_offset         |
2693  *            base     |        |                 |
2694  *              |      |        |                 |
2695  *              V      V        V                 V
2696  *  +-----------+---------------+-------+---------+-------+
2697  *              ^               ^       ^         ^
2698  *              |<--- offset--->|<-len->|         |
2699  *              |<--- dh_len(size of mapping) --->|
2700  *                     |<--  pg -->|
2701  *                              -->|rlen|<--
2702  */
2703 static ulong_t
devmap_roundup(devmap_handle_t * dhp,ulong_t offset,size_t len,ulong_t * opfn,ulong_t * pagesize)2704 devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len,
2705     ulong_t *opfn, ulong_t *pagesize)
2706 {
2707 	register int level;
2708 	ulong_t pg;
2709 	ulong_t poff;
2710 	ulong_t base;
2711 	caddr_t uvaddr;
2712 	long rlen;
2713 
2714 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP,
2715 	    "devmap_roundup:start dhp=%p off=%lx len=%lx",
2716 	    (void *)dhp, offset, len);
2717 	DEBUGF(2, (CE_CONT, "devmap_roundup: dhp %p off %lx len %lx\n",
2718 	    (void *)dhp, offset, len));
2719 
2720 	/*
2721 	 * get the max. pagesize that is aligned within the range
2722 	 * <dh_pfn, dh_pfn+offset>.
2723 	 *
2724 	 * The calculations below use physical address to ddetermine
2725 	 * the page size to use. The same calculations can use the
2726 	 * virtual address to determine the page size.
2727 	 */
2728 	base = (ulong_t)ptob(dhp->dh_pfn);
2729 	for (level = dhp->dh_mmulevel; level >= 0; level--) {
2730 		pg = page_get_pagesize(level);
2731 		poff = ((base + offset) & ~(pg - 1));
2732 		uvaddr = dhp->dh_uvaddr + (poff - base);
2733 		if ((poff >= base) &&
2734 		    ((poff + pg) <= (base + dhp->dh_len)) &&
2735 		    VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg))
2736 			break;
2737 	}
2738 
2739 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK1,
2740 	    "devmap_roundup: base=%lx poff=%lx dhp=%p",
2741 	    base, poff, dhp);
2742 	DEBUGF(2, (CE_CONT, "devmap_roundup: base %lx poff %lx pfn %lx\n",
2743 	    base, poff, dhp->dh_pfn));
2744 
2745 	ASSERT(VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg));
2746 	ASSERT(level >= 0);
2747 
2748 	*pagesize = pg;
2749 	*opfn = dhp->dh_pfn + btop(poff - base);
2750 
2751 	rlen = len + offset - (poff - base + pg);
2752 
2753 	ASSERT(rlen < (long)len);
2754 
2755 	TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK2,
2756 	    "devmap_roundup:ret dhp=%p level=%x rlen=%lx psiz=%p opfn=%p",
2757 	    (void *)dhp, level, rlen, pagesize, opfn);
2758 	DEBUGF(1, (CE_CONT, "devmap_roundup: dhp %p "
2759 	    "level %x rlen %lx psize %lx opfn %lx\n",
2760 	    (void *)dhp, level, rlen, *pagesize, *opfn));
2761 
2762 	return ((ulong_t)((rlen > 0) ? rlen : 0));
2763 }
2764 
2765 /*
2766  * find the dhp that contains addr.
2767  */
2768 static devmap_handle_t *
devmap_find_handle(devmap_handle_t * dhp_head,caddr_t addr)2769 devmap_find_handle(devmap_handle_t *dhp_head, caddr_t addr)
2770 {
2771 	devmap_handle_t *dhp;
2772 
2773 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_FIND_HANDLE,
2774 	    "devmap_find_handle:start");
2775 
2776 	dhp = dhp_head;
2777 	while (dhp) {
2778 		if (addr >= dhp->dh_uvaddr &&
2779 		    addr < (dhp->dh_uvaddr + dhp->dh_len))
2780 			return (dhp);
2781 		dhp = dhp->dh_next;
2782 	}
2783 
2784 	return ((devmap_handle_t *)NULL);
2785 }
2786 
2787 /*
2788  * devmap_unload:
2789  *			Marks a segdev segment or pages if offset->offset+len
2790  *			is not the entire segment as intercept and unloads the
2791  *			pages in the range offset -> offset+len.
2792  */
2793 int
devmap_unload(devmap_cookie_t dhc,offset_t offset,size_t len)2794 devmap_unload(devmap_cookie_t dhc, offset_t offset, size_t len)
2795 {
2796 	register devmap_handle_t *dhp = (devmap_handle_t *)dhc;
2797 	caddr_t	addr;
2798 	ulong_t	size;
2799 	ssize_t	soff;
2800 
2801 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_UNLOAD,
2802 	    "devmap_unload:start dhp=%p offset=%llx len=%lx",
2803 	    (void *)dhp, offset, len);
2804 	DEBUGF(7, (CE_CONT, "devmap_unload: dhp %p offset %llx len %lx\n",
2805 	    (void *)dhp, offset, len));
2806 
2807 	soff = (ssize_t)(offset - dhp->dh_uoff);
2808 	soff = round_down_p2(soff, PAGESIZE);
2809 	if (soff < 0 || soff >= dhp->dh_len)
2810 		return (FC_MAKE_ERR(EINVAL));
2811 
2812 	/*
2813 	 * Address and size must be page aligned.  Len is set to the
2814 	 * number of bytes in the number of pages that are required to
2815 	 * support len.  Offset is set to the byte offset of the first byte
2816 	 * of the page that contains offset.
2817 	 */
2818 	len = round_up_p2(len, PAGESIZE);
2819 
2820 	/*
2821 	 * If len is == 0, then calculate the size by getting
2822 	 * the number of bytes from offset to the end of the segment.
2823 	 */
2824 	if (len == 0)
2825 		size = dhp->dh_len - soff;
2826 	else {
2827 		size = len;
2828 		if ((soff + size) > dhp->dh_len)
2829 			return (FC_MAKE_ERR(EINVAL));
2830 	}
2831 
2832 	/*
2833 	 * The address is offset bytes from the base address of
2834 	 * the dhp.
2835 	 */
2836 	addr = (caddr_t)(soff + dhp->dh_uvaddr);
2837 
2838 	/*
2839 	 * If large page size was used in hat_devload(),
2840 	 * the same page size must be used in hat_unload().
2841 	 */
2842 	if (dhp->dh_flags & DEVMAP_FLAG_LARGE) {
2843 		hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
2844 		    dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
2845 	} else {
2846 		hat_unload(dhp->dh_seg->s_as->a_hat,  addr, size,
2847 		    HAT_UNLOAD|HAT_UNLOAD_OTHER);
2848 	}
2849 
2850 	return (0);
2851 }
2852 
2853 /*
2854  * calculates the optimal page size that will be used for hat_devload().
2855  */
2856 static void
devmap_get_large_pgsize(devmap_handle_t * dhp,size_t len,caddr_t addr,size_t * llen,caddr_t * laddr)2857 devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, caddr_t addr,
2858     size_t *llen, caddr_t *laddr)
2859 {
2860 	ulong_t off;
2861 	ulong_t pfn;
2862 	ulong_t pgsize;
2863 	uint_t first = 1;
2864 
2865 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GET_LARGE_PGSIZE,
2866 	    "devmap_get_large_pgsize:start");
2867 
2868 	/*
2869 	 * RFE - Code only supports large page mappings for devmem
2870 	 * This code could be changed in future if we want to support
2871 	 * large page mappings for kernel exported memory.
2872 	 */
2873 	ASSERT(dhp_is_devmem(dhp));
2874 	ASSERT(!(dhp->dh_flags & DEVMAP_MAPPING_INVALID));
2875 
2876 	*llen = 0;
2877 	off = (ulong_t)(addr - dhp->dh_uvaddr);
2878 	while ((long)len > 0) {
2879 		/*
2880 		 * get the optimal pfn to minimize address translations.
2881 		 * devmap_roundup() returns residue bytes for next round
2882 		 * calculations.
2883 		 */
2884 		len = devmap_roundup(dhp, off, len, &pfn, &pgsize);
2885 
2886 		if (first) {
2887 			*laddr = dhp->dh_uvaddr + ptob(pfn - dhp->dh_pfn);
2888 			first = 0;
2889 		}
2890 
2891 		*llen += pgsize;
2892 		off = ptob(pfn - dhp->dh_pfn) + pgsize;
2893 	}
2894 	/* Large page mapping len/addr cover more range than original fault */
2895 	ASSERT(*llen >= len && *laddr <= addr);
2896 	ASSERT((*laddr + *llen) >= (addr + len));
2897 }
2898 
2899 /*
2900  * Initialize the devmap_softlock structure.
2901  */
2902 static struct devmap_softlock *
devmap_softlock_init(dev_t dev,ulong_t id)2903 devmap_softlock_init(dev_t dev, ulong_t id)
2904 {
2905 	struct devmap_softlock *slock;
2906 	struct devmap_softlock *tmp;
2907 
2908 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_INIT,
2909 	    "devmap_softlock_init:start");
2910 
2911 	tmp = kmem_zalloc(sizeof (struct devmap_softlock), KM_SLEEP);
2912 	mutex_enter(&devmap_slock);
2913 
2914 	for (slock = devmap_slist; slock != NULL; slock = slock->next)
2915 		if ((slock->dev == dev) && (slock->id == id))
2916 			break;
2917 
2918 	if (slock == NULL) {
2919 		slock = tmp;
2920 		slock->dev = dev;
2921 		slock->id = id;
2922 		mutex_init(&slock->lock, NULL, MUTEX_DEFAULT, NULL);
2923 		cv_init(&slock->cv, NULL, CV_DEFAULT, NULL);
2924 		slock->next = devmap_slist;
2925 		devmap_slist = slock;
2926 	} else
2927 		kmem_free(tmp, sizeof (struct devmap_softlock));
2928 
2929 	mutex_enter(&slock->lock);
2930 	slock->refcnt++;
2931 	mutex_exit(&slock->lock);
2932 	mutex_exit(&devmap_slock);
2933 
2934 	return (slock);
2935 }
2936 
2937 /*
2938  * Wake up processes that sleep on softlocked.
2939  * Free dh_softlock if refcnt is 0.
2940  */
2941 static void
devmap_softlock_rele(devmap_handle_t * dhp)2942 devmap_softlock_rele(devmap_handle_t *dhp)
2943 {
2944 	struct devmap_softlock *slock = dhp->dh_softlock;
2945 	struct devmap_softlock *tmp;
2946 	struct devmap_softlock *parent;
2947 
2948 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_RELE,
2949 	    "devmap_softlock_rele:start");
2950 
2951 	mutex_enter(&devmap_slock);
2952 	mutex_enter(&slock->lock);
2953 
2954 	ASSERT(slock->refcnt > 0);
2955 
2956 	slock->refcnt--;
2957 
2958 	/*
2959 	 * If no one is using the device, free up the slock data.
2960 	 */
2961 	if (slock->refcnt == 0) {
2962 		slock->softlocked = 0;
2963 		cv_signal(&slock->cv);
2964 
2965 		if (devmap_slist == slock)
2966 			devmap_slist = slock->next;
2967 		else {
2968 			parent = devmap_slist;
2969 			for (tmp = devmap_slist->next; tmp != NULL;
2970 			    tmp = tmp->next) {
2971 				if (tmp == slock) {
2972 					parent->next = tmp->next;
2973 					break;
2974 				}
2975 				parent = tmp;
2976 			}
2977 		}
2978 		mutex_exit(&slock->lock);
2979 		mutex_destroy(&slock->lock);
2980 		cv_destroy(&slock->cv);
2981 		kmem_free(slock, sizeof (struct devmap_softlock));
2982 	} else
2983 		mutex_exit(&slock->lock);
2984 
2985 	mutex_exit(&devmap_slock);
2986 }
2987 
2988 /*
2989  * Wake up processes that sleep on dh_ctx->locked.
2990  * Free dh_ctx if refcnt is 0.
2991  */
2992 static void
devmap_ctx_rele(devmap_handle_t * dhp)2993 devmap_ctx_rele(devmap_handle_t *dhp)
2994 {
2995 	struct devmap_ctx *devctx = dhp->dh_ctx;
2996 	struct devmap_ctx *tmp;
2997 	struct devmap_ctx *parent;
2998 	timeout_id_t tid;
2999 
3000 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE,
3001 	    "devmap_ctx_rele:start");
3002 
3003 	mutex_enter(&devmapctx_lock);
3004 	mutex_enter(&devctx->lock);
3005 
3006 	ASSERT(devctx->refcnt > 0);
3007 
3008 	devctx->refcnt--;
3009 
3010 	/*
3011 	 * If no one is using the device, free up the devctx data.
3012 	 */
3013 	if (devctx->refcnt == 0) {
3014 		/*
3015 		 * Untimeout any threads using this mapping as they are about
3016 		 * to go away.
3017 		 */
3018 		if (devctx->timeout != 0) {
3019 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE_CK1,
3020 			    "devmap_ctx_rele:untimeout ctx->timeout");
3021 
3022 			tid = devctx->timeout;
3023 			mutex_exit(&devctx->lock);
3024 			(void) untimeout(tid);
3025 			mutex_enter(&devctx->lock);
3026 		}
3027 
3028 		devctx->oncpu = 0;
3029 		cv_signal(&devctx->cv);
3030 
3031 		if (devmapctx_list == devctx)
3032 			devmapctx_list = devctx->next;
3033 		else {
3034 			parent = devmapctx_list;
3035 			for (tmp = devmapctx_list->next; tmp != NULL;
3036 			    tmp = tmp->next) {
3037 				if (tmp == devctx) {
3038 					parent->next = tmp->next;
3039 					break;
3040 				}
3041 				parent = tmp;
3042 			}
3043 		}
3044 		mutex_exit(&devctx->lock);
3045 		mutex_destroy(&devctx->lock);
3046 		cv_destroy(&devctx->cv);
3047 		kmem_free(devctx, sizeof (struct devmap_ctx));
3048 	} else
3049 		mutex_exit(&devctx->lock);
3050 
3051 	mutex_exit(&devmapctx_lock);
3052 }
3053 
3054 /*
3055  * devmap_load:
3056  *			Marks a segdev segment or pages if offset->offset+len
3057  *			is not the entire segment as nointercept and faults in
3058  *			the pages in the range offset -> offset+len.
3059  */
3060 int
devmap_load(devmap_cookie_t dhc,offset_t offset,size_t len,uint_t type,uint_t rw)3061 devmap_load(devmap_cookie_t dhc, offset_t offset, size_t len, uint_t type,
3062     uint_t rw)
3063 {
3064 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3065 	struct as *asp = dhp->dh_seg->s_as;
3066 	caddr_t	addr;
3067 	ulong_t	size;
3068 	ssize_t	soff;	/* offset from the beginning of the segment */
3069 	int rc;
3070 
3071 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_LOAD,
3072 	    "devmap_load:start dhp=%p offset=%llx len=%lx",
3073 	    (void *)dhp, offset, len);
3074 
3075 	DEBUGF(7, (CE_CONT, "devmap_load: dhp %p offset %llx len %lx\n",
3076 	    (void *)dhp, offset, len));
3077 
3078 	/*
3079 	 *	Hat layer only supports devload to process' context for which
3080 	 *	the as lock is held. Verify here and return error if drivers
3081 	 *	inadvertently call devmap_load on a wrong devmap handle.
3082 	 */
3083 	if ((asp != &kas) && !AS_LOCK_HELD(asp))
3084 		return (FC_MAKE_ERR(EINVAL));
3085 
3086 	soff = (ssize_t)(offset - dhp->dh_uoff);
3087 	soff = round_down_p2(soff, PAGESIZE);
3088 	if (soff < 0 || soff >= dhp->dh_len)
3089 		return (FC_MAKE_ERR(EINVAL));
3090 
3091 	/*
3092 	 * Address and size must be page aligned.  Len is set to the
3093 	 * number of bytes in the number of pages that are required to
3094 	 * support len.  Offset is set to the byte offset of the first byte
3095 	 * of the page that contains offset.
3096 	 */
3097 	len = round_up_p2(len, PAGESIZE);
3098 
3099 	/*
3100 	 * If len == 0, then calculate the size by getting
3101 	 * the number of bytes from offset to the end of the segment.
3102 	 */
3103 	if (len == 0)
3104 		size = dhp->dh_len - soff;
3105 	else {
3106 		size = len;
3107 		if ((soff + size) > dhp->dh_len)
3108 			return (FC_MAKE_ERR(EINVAL));
3109 	}
3110 
3111 	/*
3112 	 * The address is offset bytes from the base address of
3113 	 * the segment.
3114 	 */
3115 	addr = (caddr_t)(soff + dhp->dh_uvaddr);
3116 
3117 	HOLD_DHP_LOCK(dhp);
3118 	rc = segdev_faultpages(asp->a_hat,
3119 	    dhp->dh_seg, addr, size, type, rw, dhp);
3120 	RELE_DHP_LOCK(dhp);
3121 	return (rc);
3122 }
3123 
3124 int
devmap_setup(dev_t dev,offset_t off,struct as * as,caddr_t * addrp,size_t len,uint_t prot,uint_t maxprot,uint_t flags,struct cred * cred)3125 devmap_setup(dev_t dev, offset_t off, struct as *as, caddr_t *addrp,
3126     size_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred)
3127 {
3128 	register devmap_handle_t *dhp;
3129 	int (*devmap)(dev_t, devmap_cookie_t, offset_t, size_t,
3130 	    size_t *, uint_t);
3131 	int (*mmap)(dev_t, off_t, int);
3132 	struct devmap_callback_ctl *callbackops;
3133 	devmap_handle_t *dhp_head = NULL;
3134 	devmap_handle_t *dhp_prev = NULL;
3135 	devmap_handle_t *dhp_curr;
3136 	caddr_t addr;
3137 	int map_flag;
3138 	int ret;
3139 	ulong_t total_len;
3140 	size_t map_len;
3141 	size_t resid_len = len;
3142 	offset_t map_off = off;
3143 	struct devmap_softlock *slock = NULL;
3144 
3145 #ifdef lint
3146 	cred = cred;
3147 #endif
3148 
3149 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SETUP,
3150 	    "devmap_setup:start off=%llx len=%lx", off, len);
3151 	DEBUGF(3, (CE_CONT, "devmap_setup: off %llx len %lx\n",
3152 	    off, len));
3153 
3154 	devmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_devmap;
3155 	mmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap;
3156 
3157 	/*
3158 	 * driver must provide devmap(9E) entry point in cb_ops to use the
3159 	 * devmap framework.
3160 	 */
3161 	if (devmap == NULL || devmap == nulldev || devmap == nodev)
3162 		return (EINVAL);
3163 
3164 	/*
3165 	 * To protect from an inadvertent entry because the devmap entry point
3166 	 * is not NULL, return error if D_DEVMAP bit is not set in cb_flag and
3167 	 * mmap is NULL.
3168 	 */
3169 	map_flag = devopsp[getmajor(dev)]->devo_cb_ops->cb_flag;
3170 	if ((map_flag & D_DEVMAP) == 0 && (mmap == NULL || mmap == nulldev))
3171 		return (EINVAL);
3172 
3173 	/*
3174 	 * devmap allows mmap(2) to map multiple registers.
3175 	 * one devmap_handle is created for each register mapped.
3176 	 */
3177 	for (total_len = 0; total_len < len; total_len += map_len) {
3178 		dhp = kmem_zalloc(sizeof (devmap_handle_t), KM_SLEEP);
3179 
3180 		if (dhp_prev != NULL)
3181 			dhp_prev->dh_next = dhp;
3182 		else
3183 			dhp_head = dhp;
3184 		dhp_prev = dhp;
3185 
3186 		dhp->dh_prot = prot;
3187 		dhp->dh_orig_maxprot = dhp->dh_maxprot = maxprot;
3188 		dhp->dh_dev = dev;
3189 		dhp->dh_timeout_length = CTX_TIMEOUT_VALUE;
3190 		dhp->dh_uoff = map_off;
3191 
3192 		/*
3193 		 * Get mapping specific info from
3194 		 * the driver, such as rnumber, roff, len, callbackops,
3195 		 * accattrp and, if the mapping is for kernel memory,
3196 		 * ddi_umem_cookie.
3197 		 */
3198 		if ((ret = cdev_devmap(dev, dhp, map_off,
3199 		    resid_len, &map_len, get_udatamodel())) != 0) {
3200 			free_devmap_handle(dhp_head);
3201 			return (ENXIO);
3202 		}
3203 
3204 		if (map_len & PAGEOFFSET) {
3205 			free_devmap_handle(dhp_head);
3206 			return (EINVAL);
3207 		}
3208 
3209 		callbackops = &dhp->dh_callbackops;
3210 
3211 		if ((callbackops->devmap_access == NULL) ||
3212 		    (callbackops->devmap_access == nulldev) ||
3213 		    (callbackops->devmap_access == nodev)) {
3214 			/*
3215 			 * Normally devmap does not support MAP_PRIVATE unless
3216 			 * the drivers provide a valid devmap_access routine.
3217 			 */
3218 			if ((flags & MAP_PRIVATE) != 0) {
3219 				free_devmap_handle(dhp_head);
3220 				return (EINVAL);
3221 			}
3222 		} else {
3223 			/*
3224 			 * Initialize dhp_softlock and dh_ctx if the drivers
3225 			 * provide devmap_access.
3226 			 */
3227 			dhp->dh_softlock = devmap_softlock_init(dev,
3228 			    (ulong_t)callbackops->devmap_access);
3229 			dhp->dh_ctx = devmap_ctxinit(dev,
3230 			    (ulong_t)callbackops->devmap_access);
3231 
3232 			/*
3233 			 * segdev_fault can only work when all
3234 			 * dh_softlock in a multi-dhp mapping
3235 			 * are same. see comments in segdev_fault
3236 			 * This code keeps track of the first
3237 			 * dh_softlock allocated in slock and
3238 			 * compares all later allocations and if
3239 			 * not similar, returns an error.
3240 			 */
3241 			if (slock == NULL)
3242 				slock = dhp->dh_softlock;
3243 			if (slock != dhp->dh_softlock) {
3244 				free_devmap_handle(dhp_head);
3245 				return (ENOTSUP);
3246 			}
3247 		}
3248 
3249 		map_off += map_len;
3250 		resid_len -= map_len;
3251 	}
3252 
3253 	/*
3254 	 * get the user virtual address and establish the mapping between
3255 	 * uvaddr and device physical address.
3256 	 */
3257 	if ((ret = devmap_device(dhp_head, as, addrp, off, len, flags))
3258 	    != 0) {
3259 		/*
3260 		 * free devmap handles if error during the mapping.
3261 		 */
3262 		free_devmap_handle(dhp_head);
3263 
3264 		return (ret);
3265 	}
3266 
3267 	/*
3268 	 * call the driver's devmap_map callback to do more after the mapping,
3269 	 * such as to allocate driver private data for context management.
3270 	 */
3271 	dhp = dhp_head;
3272 	map_off = off;
3273 	addr = *addrp;
3274 	while (dhp != NULL) {
3275 		callbackops = &dhp->dh_callbackops;
3276 		dhp->dh_uvaddr = addr;
3277 		dhp_curr = dhp;
3278 		if (callbackops->devmap_map != NULL) {
3279 			ret = (*callbackops->devmap_map)((devmap_cookie_t)dhp,
3280 			    dev, flags, map_off,
3281 			    dhp->dh_len, &dhp->dh_pvtp);
3282 			if (ret != 0) {
3283 				struct segdev_data *sdp;
3284 
3285 				/*
3286 				 * call driver's devmap_unmap entry point
3287 				 * to free driver resources.
3288 				 */
3289 				dhp = dhp_head;
3290 				map_off = off;
3291 				while (dhp != dhp_curr) {
3292 					callbackops = &dhp->dh_callbackops;
3293 					if (callbackops->devmap_unmap != NULL) {
3294 						(*callbackops->devmap_unmap)(
3295 						    dhp, dhp->dh_pvtp,
3296 						    map_off, dhp->dh_len,
3297 						    NULL, NULL, NULL, NULL);
3298 					}
3299 					map_off += dhp->dh_len;
3300 					dhp = dhp->dh_next;
3301 				}
3302 				sdp = dhp_head->dh_seg->s_data;
3303 				sdp->devmap_data = NULL;
3304 				free_devmap_handle(dhp_head);
3305 				return (ENXIO);
3306 			}
3307 		}
3308 		map_off += dhp->dh_len;
3309 		addr += dhp->dh_len;
3310 		dhp = dhp->dh_next;
3311 	}
3312 
3313 	return (0);
3314 }
3315 
3316 int
ddi_devmap_segmap(dev_t dev,off_t off,ddi_as_handle_t as,caddr_t * addrp,off_t len,uint_t prot,uint_t maxprot,uint_t flags,struct cred * cred)3317 ddi_devmap_segmap(dev_t dev, off_t off, ddi_as_handle_t as, caddr_t *addrp,
3318     off_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred)
3319 {
3320 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP,
3321 	    "devmap_segmap:start");
3322 	return (devmap_setup(dev, (offset_t)off, (struct as *)as, addrp,
3323 	    (size_t)len, prot, maxprot, flags, cred));
3324 }
3325 
3326 /*
3327  * Called from devmap_devmem_setup/remap to see if can use large pages for
3328  * this device mapping.
3329  * Also calculate the max. page size for this mapping.
3330  * this page size will be used in fault routine for
3331  * optimal page size calculations.
3332  */
3333 static void
devmap_devmem_large_page_setup(devmap_handle_t * dhp)3334 devmap_devmem_large_page_setup(devmap_handle_t *dhp)
3335 {
3336 	ASSERT(dhp_is_devmem(dhp));
3337 	dhp->dh_mmulevel = 0;
3338 
3339 	/*
3340 	 * use large page size only if:
3341 	 *  1. device memory.
3342 	 *  2. mmu supports multiple page sizes,
3343 	 *  3. Driver did not disallow it
3344 	 *  4. dhp length is at least as big as the large pagesize
3345 	 *  5. the uvaddr and pfn are large pagesize aligned
3346 	 */
3347 	if (page_num_pagesizes() > 1 &&
3348 	    !(dhp->dh_flags & (DEVMAP_USE_PAGESIZE | DEVMAP_MAPPING_INVALID))) {
3349 		ulong_t base;
3350 		int level;
3351 
3352 		base = (ulong_t)ptob(dhp->dh_pfn);
3353 		for (level = 1; level < page_num_pagesizes(); level++) {
3354 			size_t pgsize = page_get_pagesize(level);
3355 			if ((dhp->dh_len < pgsize) ||
3356 			    (!VA_PA_PGSIZE_ALIGNED((uintptr_t)dhp->dh_uvaddr,
3357 			    base, pgsize))) {
3358 				break;
3359 			}
3360 		}
3361 		dhp->dh_mmulevel = level - 1;
3362 	}
3363 	if (dhp->dh_mmulevel > 0) {
3364 		dhp->dh_flags |= DEVMAP_FLAG_LARGE;
3365 	} else {
3366 		dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3367 	}
3368 }
3369 
3370 /*
3371  * Called by driver devmap routine to pass device specific info to
3372  * the framework.    used for device memory mapping only.
3373  */
3374 int
devmap_devmem_setup(devmap_cookie_t dhc,dev_info_t * dip,struct devmap_callback_ctl * callbackops,uint_t rnumber,offset_t roff,size_t len,uint_t maxprot,uint_t flags,ddi_device_acc_attr_t * accattrp)3375 devmap_devmem_setup(devmap_cookie_t dhc, dev_info_t *dip,
3376     struct devmap_callback_ctl *callbackops, uint_t rnumber, offset_t roff,
3377     size_t len, uint_t maxprot, uint_t flags, ddi_device_acc_attr_t *accattrp)
3378 {
3379 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3380 	ddi_acc_handle_t handle;
3381 	ddi_map_req_t mr;
3382 	ddi_acc_hdl_t *hp;
3383 	int err;
3384 
3385 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_SETUP,
3386 	    "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx",
3387 	    (void *)dhp, roff, rnumber, (uint_t)len);
3388 	DEBUGF(2, (CE_CONT, "devmap_devmem_setup: dhp %p offset %llx "
3389 	    "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len));
3390 
3391 	/*
3392 	 * First to check if this function has been called for this dhp.
3393 	 */
3394 	if (dhp->dh_flags & DEVMAP_SETUP_DONE)
3395 		return (DDI_FAILURE);
3396 
3397 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3398 		return (DDI_FAILURE);
3399 
3400 	if (flags & DEVMAP_MAPPING_INVALID) {
3401 		/*
3402 		 * Don't go up the tree to get pfn if the driver specifies
3403 		 * DEVMAP_MAPPING_INVALID in flags.
3404 		 *
3405 		 * If DEVMAP_MAPPING_INVALID is specified, we have to grant
3406 		 * remap permission.
3407 		 */
3408 		if (!(flags & DEVMAP_ALLOW_REMAP)) {
3409 			return (DDI_FAILURE);
3410 		}
3411 		dhp->dh_pfn = PFN_INVALID;
3412 	} else {
3413 		handle = impl_acc_hdl_alloc(KM_SLEEP, NULL);
3414 		if (handle == NULL)
3415 			return (DDI_FAILURE);
3416 
3417 		hp = impl_acc_hdl_get(handle);
3418 		hp->ah_vers = VERS_ACCHDL;
3419 		hp->ah_dip = dip;
3420 		hp->ah_rnumber = rnumber;
3421 		hp->ah_offset = roff;
3422 		hp->ah_len = len;
3423 		if (accattrp != NULL)
3424 			hp->ah_acc = *accattrp;
3425 
3426 		mr.map_op = DDI_MO_MAP_LOCKED;
3427 		mr.map_type = DDI_MT_RNUMBER;
3428 		mr.map_obj.rnumber = rnumber;
3429 		mr.map_prot = maxprot & dhp->dh_orig_maxprot;
3430 		mr.map_flags = DDI_MF_DEVICE_MAPPING;
3431 		mr.map_handlep = hp;
3432 		mr.map_vers = DDI_MAP_VERSION;
3433 
3434 		/*
3435 		 * up the device tree to get pfn.
3436 		 * The rootnex_map_regspec() routine in nexus drivers has been
3437 		 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING.
3438 		 */
3439 		err = ddi_map(dip, &mr, roff, len, (caddr_t *)&dhp->dh_pfn);
3440 		dhp->dh_hat_attr = hp->ah_hat_flags;
3441 		impl_acc_hdl_free(handle);
3442 
3443 		if (err)
3444 			return (DDI_FAILURE);
3445 	}
3446 	/* Should not be using devmem setup for memory pages */
3447 	ASSERT(!pf_is_memory(dhp->dh_pfn));
3448 
3449 	/* Only some of the flags bits are settable by the driver */
3450 	dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS);
3451 	dhp->dh_len = ptob(btopr(len));
3452 
3453 	dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE;
3454 	dhp->dh_roff = ptob(btop(roff));
3455 
3456 	/* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */
3457 	devmap_devmem_large_page_setup(dhp);
3458 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3459 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3460 
3461 
3462 	if (callbackops != NULL) {
3463 		bcopy(callbackops, &dhp->dh_callbackops,
3464 		    sizeof (struct devmap_callback_ctl));
3465 	}
3466 
3467 	/*
3468 	 * Initialize dh_lock if we want to do remap.
3469 	 */
3470 	if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) {
3471 		mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
3472 		dhp->dh_flags |= DEVMAP_LOCK_INITED;
3473 	}
3474 
3475 	dhp->dh_flags |= DEVMAP_SETUP_DONE;
3476 
3477 	return (DDI_SUCCESS);
3478 }
3479 
3480 int
devmap_devmem_remap(devmap_cookie_t dhc,dev_info_t * dip,uint_t rnumber,offset_t roff,size_t len,uint_t maxprot,uint_t flags,ddi_device_acc_attr_t * accattrp)3481 devmap_devmem_remap(devmap_cookie_t dhc, dev_info_t *dip,
3482     uint_t rnumber, offset_t roff, size_t len, uint_t maxprot,
3483     uint_t flags, ddi_device_acc_attr_t *accattrp)
3484 {
3485 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3486 	ddi_acc_handle_t handle;
3487 	ddi_map_req_t mr;
3488 	ddi_acc_hdl_t *hp;
3489 	pfn_t	pfn;
3490 	uint_t	hat_flags;
3491 	int	err;
3492 
3493 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_REMAP,
3494 	    "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx",
3495 	    (void *)dhp, roff, rnumber, (uint_t)len);
3496 	DEBUGF(2, (CE_CONT, "devmap_devmem_remap: dhp %p offset %llx "
3497 	    "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len));
3498 
3499 	/*
3500 	 * Return failure if setup has not been done or no remap permission
3501 	 * has been granted during the setup.
3502 	 */
3503 	if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 ||
3504 	    (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0)
3505 		return (DDI_FAILURE);
3506 
3507 	/* Only DEVMAP_MAPPING_INVALID flag supported for remap */
3508 	if ((flags != 0) && (flags != DEVMAP_MAPPING_INVALID))
3509 		return (DDI_FAILURE);
3510 
3511 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3512 		return (DDI_FAILURE);
3513 
3514 	if (!(flags & DEVMAP_MAPPING_INVALID)) {
3515 		handle = impl_acc_hdl_alloc(KM_SLEEP, NULL);
3516 		if (handle == NULL)
3517 			return (DDI_FAILURE);
3518 	}
3519 
3520 	HOLD_DHP_LOCK(dhp);
3521 
3522 	/*
3523 	 * Unload the old mapping, so next fault will setup the new mappings
3524 	 * Do this while holding the dhp lock so other faults dont reestablish
3525 	 * the mappings
3526 	 */
3527 	hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
3528 	    dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
3529 
3530 	if (flags & DEVMAP_MAPPING_INVALID) {
3531 		dhp->dh_flags |= DEVMAP_MAPPING_INVALID;
3532 		dhp->dh_pfn = PFN_INVALID;
3533 	} else {
3534 		/* clear any prior DEVMAP_MAPPING_INVALID flag */
3535 		dhp->dh_flags &= ~DEVMAP_MAPPING_INVALID;
3536 		hp = impl_acc_hdl_get(handle);
3537 		hp->ah_vers = VERS_ACCHDL;
3538 		hp->ah_dip = dip;
3539 		hp->ah_rnumber = rnumber;
3540 		hp->ah_offset = roff;
3541 		hp->ah_len = len;
3542 		if (accattrp != NULL)
3543 			hp->ah_acc = *accattrp;
3544 
3545 		mr.map_op = DDI_MO_MAP_LOCKED;
3546 		mr.map_type = DDI_MT_RNUMBER;
3547 		mr.map_obj.rnumber = rnumber;
3548 		mr.map_prot = maxprot & dhp->dh_orig_maxprot;
3549 		mr.map_flags = DDI_MF_DEVICE_MAPPING;
3550 		mr.map_handlep = hp;
3551 		mr.map_vers = DDI_MAP_VERSION;
3552 
3553 		/*
3554 		 * up the device tree to get pfn.
3555 		 * The rootnex_map_regspec() routine in nexus drivers has been
3556 		 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING.
3557 		 */
3558 		err = ddi_map(dip, &mr, roff, len, (caddr_t *)&pfn);
3559 		hat_flags = hp->ah_hat_flags;
3560 		impl_acc_hdl_free(handle);
3561 		if (err) {
3562 			RELE_DHP_LOCK(dhp);
3563 			return (DDI_FAILURE);
3564 		}
3565 		/*
3566 		 * Store result of ddi_map first in local variables, as we do
3567 		 * not want to overwrite the existing dhp with wrong data.
3568 		 */
3569 		dhp->dh_pfn = pfn;
3570 		dhp->dh_hat_attr = hat_flags;
3571 	}
3572 
3573 	/* clear the large page size flag */
3574 	dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3575 
3576 	dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE;
3577 	dhp->dh_roff = ptob(btop(roff));
3578 
3579 	/* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */
3580 	devmap_devmem_large_page_setup(dhp);
3581 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3582 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3583 
3584 	RELE_DHP_LOCK(dhp);
3585 	return (DDI_SUCCESS);
3586 }
3587 
3588 /*
3589  * called by driver devmap routine to pass kernel virtual address  mapping
3590  * info to the framework.    used only for kernel memory
3591  * allocated from ddi_umem_alloc().
3592  */
3593 int
devmap_umem_setup(devmap_cookie_t dhc,dev_info_t * dip,struct devmap_callback_ctl * callbackops,ddi_umem_cookie_t cookie,offset_t off,size_t len,uint_t maxprot,uint_t flags,ddi_device_acc_attr_t * accattrp)3594 devmap_umem_setup(devmap_cookie_t dhc, dev_info_t *dip,
3595     struct devmap_callback_ctl *callbackops, ddi_umem_cookie_t cookie,
3596     offset_t off, size_t len, uint_t maxprot, uint_t flags,
3597     ddi_device_acc_attr_t *accattrp)
3598 {
3599 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3600 	struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie;
3601 
3602 #ifdef lint
3603 	dip = dip;
3604 #endif
3605 
3606 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_SETUP,
3607 	    "devmap_umem_setup:start dhp=%p offset=%llx cookie=%p len=%lx",
3608 	    (void *)dhp, off, cookie, len);
3609 	DEBUGF(2, (CE_CONT, "devmap_umem_setup: dhp %p offset %llx "
3610 	    "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len));
3611 
3612 	if (cookie == NULL)
3613 		return (DDI_FAILURE);
3614 
3615 	/* For UMEM_TRASH, this restriction is not needed */
3616 	if ((off + len) > cp->size)
3617 		return (DDI_FAILURE);
3618 
3619 	/* check if the cache attributes are supported */
3620 	if (i_ddi_check_cache_attr(flags) == B_FALSE)
3621 		return (DDI_FAILURE);
3622 
3623 	/*
3624 	 * First to check if this function has been called for this dhp.
3625 	 */
3626 	if (dhp->dh_flags & DEVMAP_SETUP_DONE)
3627 		return (DDI_FAILURE);
3628 
3629 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3630 		return (DDI_FAILURE);
3631 
3632 	if (flags & DEVMAP_MAPPING_INVALID) {
3633 		/*
3634 		 * If DEVMAP_MAPPING_INVALID is specified, we have to grant
3635 		 * remap permission.
3636 		 */
3637 		if (!(flags & DEVMAP_ALLOW_REMAP)) {
3638 			return (DDI_FAILURE);
3639 		}
3640 	} else {
3641 		dhp->dh_cookie = cookie;
3642 		dhp->dh_roff = ptob(btop(off));
3643 		dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff;
3644 		/* set HAT cache attributes */
3645 		i_ddi_cacheattr_to_hatacc(flags, &dhp->dh_hat_attr);
3646 		/* set HAT endianess attributes */
3647 		i_ddi_devacc_to_hatacc(accattrp, &dhp->dh_hat_attr);
3648 	}
3649 
3650 	/*
3651 	 * The default is _not_ to pass HAT_LOAD_NOCONSIST to hat_devload();
3652 	 * we pass HAT_LOAD_NOCONSIST _only_ in cases where hat tries to
3653 	 * create consistent mappings but our intention was to create
3654 	 * non-consistent mappings.
3655 	 *
3656 	 * DEVMEM: hat figures it out it's DEVMEM and creates non-consistent
3657 	 * mappings.
3658 	 *
3659 	 * kernel exported memory: hat figures it out it's memory and always
3660 	 * creates consistent mappings.
3661 	 *
3662 	 * /dev/mem: non-consistent mappings. See comments in common/io/mem.c
3663 	 *
3664 	 * /dev/kmem: consistent mappings are created unless they are
3665 	 * MAP_FIXED. We _explicitly_ tell hat to create non-consistent
3666 	 * mappings by passing HAT_LOAD_NOCONSIST in case of MAP_FIXED
3667 	 * mappings of /dev/kmem. See common/io/mem.c
3668 	 */
3669 
3670 	/* Only some of the flags bits are settable by the driver */
3671 	dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS);
3672 
3673 	dhp->dh_len = ptob(btopr(len));
3674 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3675 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3676 
3677 	if (callbackops != NULL) {
3678 		bcopy(callbackops, &dhp->dh_callbackops,
3679 		    sizeof (struct devmap_callback_ctl));
3680 	}
3681 	/*
3682 	 * Initialize dh_lock if we want to do remap.
3683 	 */
3684 	if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) {
3685 		mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
3686 		dhp->dh_flags |= DEVMAP_LOCK_INITED;
3687 	}
3688 
3689 	dhp->dh_flags |= DEVMAP_SETUP_DONE;
3690 
3691 	return (DDI_SUCCESS);
3692 }
3693 
3694 int
devmap_umem_remap(devmap_cookie_t dhc,dev_info_t * dip,ddi_umem_cookie_t cookie,offset_t off,size_t len,uint_t maxprot,uint_t flags,ddi_device_acc_attr_t * accattrp)3695 devmap_umem_remap(devmap_cookie_t dhc, dev_info_t *dip,
3696     ddi_umem_cookie_t cookie, offset_t off, size_t len, uint_t maxprot,
3697     uint_t flags, ddi_device_acc_attr_t *accattrp)
3698 {
3699 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3700 	struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie;
3701 
3702 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_REMAP,
3703 	    "devmap_umem_remap:start dhp=%p offset=%llx cookie=%p len=%lx",
3704 	    (void *)dhp, off, cookie, len);
3705 	DEBUGF(2, (CE_CONT, "devmap_umem_remap: dhp %p offset %llx "
3706 	    "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len));
3707 
3708 #ifdef lint
3709 	dip = dip;
3710 	accattrp = accattrp;
3711 #endif
3712 	/*
3713 	 * Reture failure if setup has not been done or no remap permission
3714 	 * has been granted during the setup.
3715 	 */
3716 	if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 ||
3717 	    (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0)
3718 		return (DDI_FAILURE);
3719 
3720 	/* No flags supported for remap yet */
3721 	if (flags != 0)
3722 		return (DDI_FAILURE);
3723 
3724 	/* check if the cache attributes are supported */
3725 	if (i_ddi_check_cache_attr(flags) == B_FALSE)
3726 		return (DDI_FAILURE);
3727 
3728 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3729 		return (DDI_FAILURE);
3730 
3731 	/* For UMEM_TRASH, this restriction is not needed */
3732 	if ((off + len) > cp->size)
3733 		return (DDI_FAILURE);
3734 
3735 	HOLD_DHP_LOCK(dhp);
3736 	/*
3737 	 * Unload the old mapping, so next fault will setup the new mappings
3738 	 * Do this while holding the dhp lock so other faults dont reestablish
3739 	 * the mappings
3740 	 */
3741 	hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
3742 	    dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
3743 
3744 	dhp->dh_cookie = cookie;
3745 	dhp->dh_roff = ptob(btop(off));
3746 	dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff;
3747 	/* set HAT cache attributes */
3748 	i_ddi_cacheattr_to_hatacc(flags, &dhp->dh_hat_attr);
3749 	/* set HAT endianess attributes */
3750 	i_ddi_devacc_to_hatacc(accattrp, &dhp->dh_hat_attr);
3751 
3752 	/* clear the large page size flag */
3753 	dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3754 
3755 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3756 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3757 	RELE_DHP_LOCK(dhp);
3758 	return (DDI_SUCCESS);
3759 }
3760 
3761 /*
3762  * to set timeout value for the driver's context management callback, e.g.
3763  * devmap_access().
3764  */
3765 void
devmap_set_ctx_timeout(devmap_cookie_t dhc,clock_t ticks)3766 devmap_set_ctx_timeout(devmap_cookie_t dhc, clock_t ticks)
3767 {
3768 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3769 
3770 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SET_CTX_TIMEOUT,
3771 	    "devmap_set_ctx_timeout:start dhp=%p ticks=%x",
3772 	    (void *)dhp, ticks);
3773 	dhp->dh_timeout_length = ticks;
3774 }
3775 
3776 int
devmap_default_access(devmap_cookie_t dhp,void * pvtp,offset_t off,size_t len,uint_t type,uint_t rw)3777 devmap_default_access(devmap_cookie_t dhp, void *pvtp, offset_t off,
3778     size_t len, uint_t type, uint_t rw)
3779 {
3780 #ifdef lint
3781 	pvtp = pvtp;
3782 #endif
3783 
3784 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DEFAULT_ACCESS,
3785 	    "devmap_default_access:start");
3786 	return (devmap_load(dhp, off, len, type, rw));
3787 }
3788 
3789 /*
3790  * segkmem_alloc() wrapper to allocate memory which is both
3791  * non-relocatable (for DR) and sharelocked, since the rest
3792  * of this segment driver requires it.
3793  */
3794 static void *
devmap_alloc_pages(vmem_t * vmp,size_t size,int vmflag)3795 devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag)
3796 {
3797 	ASSERT(vmp != NULL);
3798 	ASSERT(kvseg.s_base != NULL);
3799 	vmflag |= (VM_NORELOC | SEGKMEM_SHARELOCKED);
3800 	return (segkmem_alloc(vmp, size, vmflag));
3801 }
3802 
3803 /*
3804  * This is where things are a bit incestuous with seg_kmem: unlike
3805  * seg_kp, seg_kmem does not keep its pages long-term sharelocked, so
3806  * we need to do a bit of a dance around that to prevent duplication of
3807  * code until we decide to bite the bullet and implement a new kernel
3808  * segment for driver-allocated memory that is exported to user space.
3809  */
3810 static void
devmap_free_pages(vmem_t * vmp,void * inaddr,size_t size)3811 devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size)
3812 {
3813 	page_t *pp;
3814 	caddr_t addr = inaddr;
3815 	caddr_t eaddr;
3816 	pgcnt_t npages = btopr(size);
3817 
3818 	ASSERT(vmp != NULL);
3819 	ASSERT(kvseg.s_base != NULL);
3820 	ASSERT(((uintptr_t)addr & PAGEOFFSET) == 0);
3821 
3822 	hat_unload(kas.a_hat, addr, size, HAT_UNLOAD_UNLOCK);
3823 
3824 	for (eaddr = addr + size; addr < eaddr; addr += PAGESIZE) {
3825 		/*
3826 		 * Use page_find() instead of page_lookup() to find the page
3827 		 * since we know that it is hashed and has a shared lock.
3828 		 */
3829 		pp = page_find(&kvp, (u_offset_t)(uintptr_t)addr);
3830 
3831 		if (pp == NULL)
3832 			panic("devmap_free_pages: page not found");
3833 		if (!page_tryupgrade(pp)) {
3834 			page_unlock(pp);
3835 			pp = page_lookup(&kvp, (u_offset_t)(uintptr_t)addr,
3836 			    SE_EXCL);
3837 			if (pp == NULL)
3838 				panic("devmap_free_pages: page already freed");
3839 		}
3840 		/* Clear p_lckcnt so page_destroy() doesn't update availrmem */
3841 		pp->p_lckcnt = 0;
3842 		page_destroy(pp, 0);
3843 	}
3844 	page_unresv(npages);
3845 
3846 	if (vmp != NULL)
3847 		vmem_free(vmp, inaddr, size);
3848 }
3849 
3850 /*
3851  * devmap_umem_alloc_np() replaces kmem_zalloc() as the method for
3852  * allocating non-pageable kmem in response to a ddi_umem_alloc()
3853  * default request. For now we allocate our own pages and we keep
3854  * them long-term sharelocked, since: A) the fault routines expect the
3855  * memory to already be locked; B) pageable umem is already long-term
3856  * locked; C) it's a lot of work to make it otherwise, particularly
3857  * since the nexus layer expects the pages to never fault. An RFE is to
3858  * not keep the pages long-term locked, but instead to be able to
3859  * take faults on them and simply look them up in kvp in case we
3860  * fault on them. Even then, we must take care not to let pageout
3861  * steal them from us since the data must remain resident; if we
3862  * do this we must come up with some way to pin the pages to prevent
3863  * faults while a driver is doing DMA to/from them.
3864  */
3865 static void *
devmap_umem_alloc_np(size_t size,size_t flags)3866 devmap_umem_alloc_np(size_t size, size_t flags)
3867 {
3868 	void *buf;
3869 	int vmflags = (flags & DDI_UMEM_NOSLEEP)? VM_NOSLEEP : VM_SLEEP;
3870 
3871 	buf = vmem_alloc(umem_np_arena, size, vmflags);
3872 	if (buf != NULL)
3873 		bzero(buf, size);
3874 	return (buf);
3875 }
3876 
3877 static void
devmap_umem_free_np(void * addr,size_t size)3878 devmap_umem_free_np(void *addr, size_t size)
3879 {
3880 	vmem_free(umem_np_arena, addr, size);
3881 }
3882 
3883 /*
3884  * allocate page aligned kernel memory for exporting to user land.
3885  * The devmap framework will use the cookie allocated by ddi_umem_alloc()
3886  * to find a user virtual address that is in same color as the address
3887  * allocated here.
3888  */
3889 void *
ddi_umem_alloc(size_t size,int flags,ddi_umem_cookie_t * cookie)3890 ddi_umem_alloc(size_t size, int flags, ddi_umem_cookie_t *cookie)
3891 {
3892 	register size_t len = ptob(btopr(size));
3893 	void *buf = NULL;
3894 	struct ddi_umem_cookie *cp;
3895 	int iflags = 0;
3896 
3897 	*cookie = NULL;
3898 
3899 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_ALLOC,
3900 	    "devmap_umem_alloc:start");
3901 	if (len == 0)
3902 		return ((void *)NULL);
3903 
3904 	/*
3905 	 * allocate cookie
3906 	 */
3907 	if ((cp = kmem_zalloc(sizeof (struct ddi_umem_cookie),
3908 	    flags & DDI_UMEM_NOSLEEP ? KM_NOSLEEP : KM_SLEEP)) == NULL) {
3909 		ASSERT(flags & DDI_UMEM_NOSLEEP);
3910 		return ((void *)NULL);
3911 	}
3912 
3913 	if (flags & DDI_UMEM_PAGEABLE) {
3914 		/* Only one of the flags is allowed */
3915 		ASSERT(!(flags & DDI_UMEM_TRASH));
3916 		/* initialize resource with 0 */
3917 		iflags = KPD_ZERO;
3918 
3919 		/*
3920 		 * to allocate unlocked pageable memory, use segkp_get() to
3921 		 * create a segkp segment.  Since segkp can only service kas,
3922 		 * other segment drivers such as segdev have to do
3923 		 * as_fault(segkp, SOFTLOCK) in its fault routine,
3924 		 */
3925 		if (flags & DDI_UMEM_NOSLEEP)
3926 			iflags |= KPD_NOWAIT;
3927 
3928 		if ((buf = segkp_get(segkp, len, iflags)) == NULL) {
3929 			kmem_free(cp, sizeof (struct ddi_umem_cookie));
3930 			return ((void *)NULL);
3931 		}
3932 		cp->type = KMEM_PAGEABLE;
3933 		mutex_init(&cp->lock, NULL, MUTEX_DEFAULT, NULL);
3934 		cp->locked = 0;
3935 	} else if (flags & DDI_UMEM_TRASH) {
3936 		/* Only one of the flags is allowed */
3937 		ASSERT(!(flags & DDI_UMEM_PAGEABLE));
3938 		cp->type = UMEM_TRASH;
3939 		buf = NULL;
3940 	} else {
3941 		if ((buf = devmap_umem_alloc_np(len, flags)) == NULL) {
3942 			kmem_free(cp, sizeof (struct ddi_umem_cookie));
3943 			return ((void *)NULL);
3944 		}
3945 
3946 		cp->type = KMEM_NON_PAGEABLE;
3947 	}
3948 
3949 	/*
3950 	 * need to save size here.  size will be used when
3951 	 * we do kmem_free.
3952 	 */
3953 	cp->size = len;
3954 	cp->cvaddr = (caddr_t)buf;
3955 
3956 	*cookie =  (void *)cp;
3957 	return (buf);
3958 }
3959 
3960 void
ddi_umem_free(ddi_umem_cookie_t cookie)3961 ddi_umem_free(ddi_umem_cookie_t cookie)
3962 {
3963 	struct ddi_umem_cookie *cp;
3964 
3965 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_FREE,
3966 	    "devmap_umem_free:start");
3967 
3968 	/*
3969 	 * if cookie is NULL, no effects on the system
3970 	 */
3971 	if (cookie == NULL)
3972 		return;
3973 
3974 	cp = (struct ddi_umem_cookie *)cookie;
3975 
3976 	switch (cp->type) {
3977 	case KMEM_PAGEABLE :
3978 		ASSERT(cp->cvaddr != NULL && cp->size != 0);
3979 		/*
3980 		 * Check if there are still any pending faults on the cookie
3981 		 * while the driver is deleting it,
3982 		 * XXX - could change to an ASSERT but wont catch errant drivers
3983 		 */
3984 		mutex_enter(&cp->lock);
3985 		if (cp->locked) {
3986 			mutex_exit(&cp->lock);
3987 			panic("ddi_umem_free for cookie with pending faults %p",
3988 			    (void *)cp);
3989 			return;
3990 		}
3991 
3992 		segkp_release(segkp, cp->cvaddr);
3993 
3994 		/*
3995 		 * release mutex associated with this cookie.
3996 		 */
3997 		mutex_destroy(&cp->lock);
3998 		break;
3999 	case KMEM_NON_PAGEABLE :
4000 		ASSERT(cp->cvaddr != NULL && cp->size != 0);
4001 		devmap_umem_free_np(cp->cvaddr, cp->size);
4002 		break;
4003 	case UMEM_TRASH :
4004 		break;
4005 	case UMEM_LOCKED :
4006 		/* Callers should use ddi_umem_unlock for this type */
4007 		ddi_umem_unlock(cookie);
4008 		/* Frees the cookie too */
4009 		return;
4010 	default:
4011 		/* panic so we can diagnose the underlying cause */
4012 		panic("ddi_umem_free: illegal cookie type 0x%x\n",
4013 		    cp->type);
4014 	}
4015 
4016 	kmem_free(cookie, sizeof (struct ddi_umem_cookie));
4017 }
4018 
4019 
4020 static int
segdev_getmemid(struct seg * seg,caddr_t addr,memid_t * memidp)4021 segdev_getmemid(struct seg *seg, caddr_t addr, memid_t *memidp)
4022 {
4023 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4024 
4025 	/*
4026 	 * It looks as if it is always mapped shared
4027 	 */
4028 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GETMEMID,
4029 	    "segdev_getmemid:start");
4030 	memidp->val[0] = (uintptr_t)VTOCVP(sdp->vp);
4031 	memidp->val[1] = sdp->offset + (uintptr_t)(addr - seg->s_base);
4032 	return (0);
4033 }
4034 
4035 /*ARGSUSED*/
4036 static lgrp_mem_policy_info_t *
segdev_getpolicy(struct seg * seg,caddr_t addr)4037 segdev_getpolicy(struct seg *seg, caddr_t addr)
4038 {
4039 	return (NULL);
4040 }
4041 
4042 /*ARGSUSED*/
4043 static int
segdev_capable(struct seg * seg,segcapability_t capability)4044 segdev_capable(struct seg *seg, segcapability_t capability)
4045 {
4046 	return (0);
4047 }
4048 
4049 /*
4050  * ddi_umem_alloc() non-pageable quantum cache max size.
4051  * This is just a SWAG.
4052  */
4053 #define	DEVMAP_UMEM_QUANTUM	(8*PAGESIZE)
4054 
4055 /*
4056  * Initialize seg_dev from boot. This routine sets up the trash page
4057  * and creates the umem_np_arena used to back non-pageable memory
4058  * requests.
4059  */
4060 void
segdev_init(void)4061 segdev_init(void)
4062 {
4063 	struct seg kseg;
4064 
4065 	umem_np_arena = vmem_create("umem_np", NULL, 0, PAGESIZE,
4066 	    devmap_alloc_pages, devmap_free_pages, heap_arena,
4067 	    DEVMAP_UMEM_QUANTUM, VM_SLEEP);
4068 
4069 	kseg.s_as = &kas;
4070 	trashpp = page_create_va(&trashvp, 0, PAGESIZE,
4071 	    PG_NORELOC | PG_EXCL | PG_WAIT, &kseg, NULL);
4072 	if (trashpp == NULL)
4073 		panic("segdev_init: failed to create trash page");
4074 	pagezero(trashpp, 0, PAGESIZE);
4075 	page_downgrade(trashpp);
4076 }
4077 
4078 /*
4079  * Invoke platform-dependent support routines so that /proc can have
4080  * the platform code deal with curious hardware.
4081  */
4082 int
segdev_copyfrom(struct seg * seg,caddr_t uaddr,const void * devaddr,void * kaddr,size_t len)4083 segdev_copyfrom(struct seg *seg,
4084     caddr_t uaddr, const void *devaddr, void *kaddr, size_t len)
4085 {
4086 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4087 	struct snode *sp = VTOS(VTOCVP(sdp->vp));
4088 
4089 	return (e_ddi_copyfromdev(sp->s_dip,
4090 	    (off_t)(uaddr - seg->s_base), devaddr, kaddr, len));
4091 }
4092 
4093 int
segdev_copyto(struct seg * seg,caddr_t uaddr,const void * kaddr,void * devaddr,size_t len)4094 segdev_copyto(struct seg *seg,
4095     caddr_t uaddr, const void *kaddr, void *devaddr, size_t len)
4096 {
4097 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4098 	struct snode *sp = VTOS(VTOCVP(sdp->vp));
4099 
4100 	return (e_ddi_copytodev(sp->s_dip,
4101 	    (off_t)(uaddr - seg->s_base), kaddr, devaddr, len));
4102 }
4103