1 /* 2 * Copyright (c) 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 1994 John S. Dyson 5 * All rights reserved. 6 * Copyright (c) 1994 David Greenman 7 * All rights reserved. 8 * 9 * 10 * This code is derived from software contributed to Berkeley by 11 * The Mach Operating System project at Carnegie-Mellon University. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by the University of 24 * California, Berkeley and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * from: @(#)vm_fault.c 8.4 (Berkeley) 1/12/94 42 * 43 * 44 * Copyright (c) 1987, 1990 Carnegie-Mellon University. 45 * All rights reserved. 46 * 47 * Authors: Avadis Tevanian, Jr., Michael Wayne Young 48 * 49 * Permission to use, copy, modify and distribute this software and 50 * its documentation is hereby granted, provided that both the copyright 51 * notice and this permission notice appear in all copies of the 52 * software, derivative works or modified versions, and any portions 53 * thereof, and that both notices appear in supporting documentation. 54 * 55 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" 56 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND 57 * FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. 58 * 59 * Carnegie Mellon requests users of this software to return to 60 * 61 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU 62 * School of Computer Science 63 * Carnegie Mellon University 64 * Pittsburgh PA 15213-3890 65 * 66 * any improvements or extensions that they make and grant Carnegie the 67 * rights to redistribute these changes. 68 * 69 * $Id: vm_fault.c,v 1.42 1996/03/09 06:48:26 dyson Exp $ 70 */ 71 72 /* 73 * Page fault handling module. 74 */ 75 76 #include <sys/param.h> 77 #include <sys/systm.h> 78 #include <sys/proc.h> 79 #include <sys/vnode.h> 80 #include <sys/resource.h> 81 #include <sys/signalvar.h> 82 #include <sys/resourcevar.h> 83 #include <sys/vmmeter.h> 84 85 #include <vm/vm.h> 86 #include <vm/vm_param.h> 87 #include <vm/vm_prot.h> 88 #include <vm/lock.h> 89 #include <vm/pmap.h> 90 #include <vm/vm_map.h> 91 #include <vm/vm_object.h> 92 #include <vm/vm_page.h> 93 #include <vm/vm_pageout.h> 94 #include <vm/vm_kern.h> 95 #include <vm/vm_pager.h> 96 #include <vm/vnode_pager.h> 97 #include <vm/swap_pager.h> 98 #include <vm/vm_extern.h> 99 100 int vm_fault_additional_pages __P((vm_page_t, int, int, vm_page_t *, int *)); 101 102 #define VM_FAULT_READ_AHEAD 4 103 #define VM_FAULT_READ_BEHIND 3 104 #define VM_FAULT_READ (VM_FAULT_READ_AHEAD+VM_FAULT_READ_BEHIND+1) 105 106 int vm_fault_free_1; 107 int vm_fault_copy_save_1; 108 int vm_fault_copy_save_2; 109 110 /* 111 * vm_fault: 112 * 113 * Handle a page fault occuring at the given address, 114 * requiring the given permissions, in the map specified. 115 * If successful, the page is inserted into the 116 * associated physical map. 117 * 118 * NOTE: the given address should be truncated to the 119 * proper page address. 120 * 121 * KERN_SUCCESS is returned if the page fault is handled; otherwise, 122 * a standard error specifying why the fault is fatal is returned. 123 * 124 * 125 * The map in question must be referenced, and remains so. 126 * Caller may hold no locks. 127 */ 128 int 129 vm_fault(map, vaddr, fault_type, change_wiring) 130 vm_map_t map; 131 vm_offset_t vaddr; 132 vm_prot_t fault_type; 133 boolean_t change_wiring; 134 { 135 vm_object_t first_object; 136 vm_pindex_t first_pindex; 137 vm_map_entry_t entry; 138 register vm_object_t object; 139 register vm_pindex_t pindex; 140 vm_page_t m; 141 vm_page_t first_m; 142 vm_prot_t prot; 143 int result; 144 boolean_t wired; 145 boolean_t su; 146 boolean_t lookup_still_valid; 147 vm_page_t old_m; 148 vm_object_t next_object; 149 vm_page_t marray[VM_FAULT_READ]; 150 int hardfault = 0; 151 struct vnode *vp = NULL; 152 153 cnt.v_vm_faults++; /* needs lock XXX */ 154 /* 155 * Recovery actions 156 */ 157 #define FREE_PAGE(m) { \ 158 PAGE_WAKEUP(m); \ 159 vm_page_free(m); \ 160 } 161 162 #define RELEASE_PAGE(m) { \ 163 PAGE_WAKEUP(m); \ 164 if (m->queue != PQ_ACTIVE) vm_page_activate(m); \ 165 } 166 167 #define UNLOCK_MAP { \ 168 if (lookup_still_valid) { \ 169 vm_map_lookup_done(map, entry); \ 170 lookup_still_valid = FALSE; \ 171 } \ 172 } 173 174 #define UNLOCK_THINGS { \ 175 vm_object_pip_wakeup(object); \ 176 if (object != first_object) { \ 177 FREE_PAGE(first_m); \ 178 vm_object_pip_wakeup(first_object); \ 179 } \ 180 UNLOCK_MAP; \ 181 if (vp != NULL) VOP_UNLOCK(vp); \ 182 } 183 184 #define UNLOCK_AND_DEALLOCATE { \ 185 UNLOCK_THINGS; \ 186 vm_object_deallocate(first_object); \ 187 } 188 189 190 RetryFault:; 191 192 /* 193 * Find the backing store object and offset into it to begin the 194 * search. 195 */ 196 197 if ((result = vm_map_lookup(&map, vaddr, 198 fault_type, &entry, &first_object, 199 &first_pindex, &prot, &wired, &su)) != KERN_SUCCESS) { 200 return (result); 201 } 202 203 vp = vnode_pager_lock(first_object); 204 205 lookup_still_valid = TRUE; 206 207 if (wired) 208 fault_type = prot; 209 210 first_m = NULL; 211 212 /* 213 * Make a reference to this object to prevent its disposal while we 214 * are messing with it. Once we have the reference, the map is free 215 * to be diddled. Since objects reference their shadows (and copies), 216 * they will stay around as well. 217 */ 218 219 first_object->ref_count++; 220 first_object->paging_in_progress++; 221 222 /* 223 * INVARIANTS (through entire routine): 224 * 225 * 1) At all times, we must either have the object lock or a busy 226 * page in some object to prevent some other process from trying to 227 * bring in the same page. 228 * 229 * Note that we cannot hold any locks during the pager access or when 230 * waiting for memory, so we use a busy page then. 231 * 232 * Note also that we aren't as concerned about more than one thead 233 * attempting to pager_data_unlock the same page at once, so we don't 234 * hold the page as busy then, but do record the highest unlock value 235 * so far. [Unlock requests may also be delivered out of order.] 236 * 237 * 2) Once we have a busy page, we must remove it from the pageout 238 * queues, so that the pageout daemon will not grab it away. 239 * 240 * 3) To prevent another process from racing us down the shadow chain 241 * and entering a new page in the top object before we do, we must 242 * keep a busy page in the top object while following the shadow 243 * chain. 244 * 245 * 4) We must increment paging_in_progress on any object for which 246 * we have a busy page, to prevent vm_object_collapse from removing 247 * the busy page without our noticing. 248 */ 249 250 /* 251 * Search for the page at object/offset. 252 */ 253 254 object = first_object; 255 pindex = first_pindex; 256 257 /* 258 * See whether this page is resident 259 */ 260 261 while (TRUE) { 262 m = vm_page_lookup(object, pindex); 263 if (m != NULL) { 264 /* 265 * If the page is being brought in, wait for it and 266 * then retry. 267 */ 268 if ((m->flags & PG_BUSY) || m->busy) { 269 int s; 270 271 UNLOCK_THINGS; 272 s = splhigh(); 273 if ((m->flags & PG_BUSY) || m->busy) { 274 m->flags |= PG_WANTED | PG_REFERENCED; 275 cnt.v_intrans++; 276 tsleep(m, PSWP, "vmpfw", 0); 277 } 278 splx(s); 279 vm_object_deallocate(first_object); 280 goto RetryFault; 281 } 282 283 /* 284 * Mark page busy for other processes, and the pagedaemon. 285 */ 286 m->flags |= PG_BUSY; 287 if ((m->queue == PQ_CACHE) && 288 (cnt.v_free_count + cnt.v_cache_count) < cnt.v_free_reserved) { 289 UNLOCK_AND_DEALLOCATE; 290 VM_WAIT; 291 PAGE_WAKEUP(m); 292 goto RetryFault; 293 } 294 295 if (m->valid && 296 ((m->valid & VM_PAGE_BITS_ALL) != VM_PAGE_BITS_ALL) && 297 m->object != kernel_object && m->object != kmem_object) { 298 goto readrest; 299 } 300 break; 301 } 302 if (((object->type != OBJT_DEFAULT) && (!change_wiring || wired)) 303 || (object == first_object)) { 304 305 if (pindex >= object->size) { 306 UNLOCK_AND_DEALLOCATE; 307 return (KERN_PROTECTION_FAILURE); 308 } 309 310 /* 311 * Allocate a new page for this object/offset pair. 312 */ 313 m = vm_page_alloc(object, pindex, 314 vp?VM_ALLOC_NORMAL:VM_ALLOC_ZERO); 315 316 if (m == NULL) { 317 UNLOCK_AND_DEALLOCATE; 318 VM_WAIT; 319 goto RetryFault; 320 } 321 } 322 readrest: 323 if (object->type != OBJT_DEFAULT && (!change_wiring || wired)) { 324 int rv; 325 int faultcount; 326 int reqpage; 327 328 /* 329 * now we find out if any other pages should be paged 330 * in at this time this routine checks to see if the 331 * pages surrounding this fault reside in the same 332 * object as the page for this fault. If they do, 333 * then they are faulted in also into the object. The 334 * array "marray" returned contains an array of 335 * vm_page_t structs where one of them is the 336 * vm_page_t passed to the routine. The reqpage 337 * return value is the index into the marray for the 338 * vm_page_t passed to the routine. 339 */ 340 faultcount = vm_fault_additional_pages( 341 m, VM_FAULT_READ_BEHIND, VM_FAULT_READ_AHEAD, 342 marray, &reqpage); 343 344 /* 345 * Call the pager to retrieve the data, if any, after 346 * releasing the lock on the map. 347 */ 348 UNLOCK_MAP; 349 350 rv = faultcount ? 351 vm_pager_get_pages(object, marray, faultcount, 352 reqpage) : VM_PAGER_FAIL; 353 354 if (rv == VM_PAGER_OK) { 355 /* 356 * Found the page. Leave it busy while we play 357 * with it. 358 */ 359 360 /* 361 * Relookup in case pager changed page. Pager 362 * is responsible for disposition of old page 363 * if moved. 364 */ 365 m = vm_page_lookup(object, pindex); 366 if( !m) { 367 UNLOCK_AND_DEALLOCATE; 368 goto RetryFault; 369 } 370 371 hardfault++; 372 break; 373 } 374 /* 375 * Remove the bogus page (which does not exist at this 376 * object/offset); before doing so, we must get back 377 * our object lock to preserve our invariant. 378 * 379 * Also wake up any other process that may want to bring 380 * in this page. 381 * 382 * If this is the top-level object, we must leave the 383 * busy page to prevent another process from rushing 384 * past us, and inserting the page in that object at 385 * the same time that we are. 386 */ 387 388 if (rv == VM_PAGER_ERROR) 389 printf("vm_fault: pager input (probably hardware) error, PID %d failure\n", 390 curproc->p_pid); 391 /* 392 * Data outside the range of the pager or an I/O error 393 */ 394 /* 395 * XXX - the check for kernel_map is a kludge to work 396 * around having the machine panic on a kernel space 397 * fault w/ I/O error. 398 */ 399 if (((map != kernel_map) && (rv == VM_PAGER_ERROR)) || (rv == VM_PAGER_BAD)) { 400 FREE_PAGE(m); 401 UNLOCK_AND_DEALLOCATE; 402 return ((rv == VM_PAGER_ERROR) ? KERN_FAILURE : KERN_PROTECTION_FAILURE); 403 } 404 if (object != first_object) { 405 FREE_PAGE(m); 406 /* 407 * XXX - we cannot just fall out at this 408 * point, m has been freed and is invalid! 409 */ 410 } 411 } 412 /* 413 * We get here if the object has default pager (or unwiring) or the 414 * pager doesn't have the page. 415 */ 416 if (object == first_object) 417 first_m = m; 418 419 /* 420 * Move on to the next object. Lock the next object before 421 * unlocking the current one. 422 */ 423 424 pindex += OFF_TO_IDX(object->backing_object_offset); 425 next_object = object->backing_object; 426 if (next_object == NULL) { 427 /* 428 * If there's no object left, fill the page in the top 429 * object with zeros. 430 */ 431 if (object != first_object) { 432 vm_object_pip_wakeup(object); 433 434 object = first_object; 435 pindex = first_pindex; 436 m = first_m; 437 } 438 first_m = NULL; 439 440 if ((m->flags & PG_ZERO) == 0) 441 vm_page_zero_fill(m); 442 cnt.v_zfod++; 443 break; 444 } else { 445 if (object != first_object) { 446 vm_object_pip_wakeup(object); 447 } 448 object = next_object; 449 object->paging_in_progress++; 450 } 451 } 452 453 if ((m->flags & PG_BUSY) == 0) 454 panic("vm_fault: not busy after main loop"); 455 456 /* 457 * PAGE HAS BEEN FOUND. [Loop invariant still holds -- the object lock 458 * is held.] 459 */ 460 461 old_m = m; /* save page that would be copied */ 462 463 /* 464 * If the page is being written, but isn't already owned by the 465 * top-level object, we have to copy it into a new page owned by the 466 * top-level object. 467 */ 468 469 if (object != first_object) { 470 /* 471 * We only really need to copy if we want to write it. 472 */ 473 474 if (fault_type & VM_PROT_WRITE) { 475 476 /* 477 * We already have an empty page in first_object - use 478 * it. 479 */ 480 481 if (lookup_still_valid && 482 /* 483 * Only one shadow object 484 */ 485 (object->shadow_count == 1) && 486 /* 487 * No COW refs, except us 488 */ 489 (object->ref_count == 1) && 490 /* 491 * Noone else can look this object up 492 */ 493 (object->handle == NULL) && 494 /* 495 * No other ways to look the object up 496 */ 497 ((object->type == OBJT_DEFAULT) || 498 (object->type == OBJT_SWAP)) && 499 /* 500 * We don't chase down the shadow chain 501 */ 502 (object == first_object->backing_object)) { 503 504 /* 505 * get rid of the unnecessary page 506 */ 507 vm_page_protect(first_m, VM_PROT_NONE); 508 PAGE_WAKEUP(first_m); 509 vm_page_free(first_m); 510 /* 511 * grab the page and put it into the process'es object 512 */ 513 vm_page_rename(m, first_object, first_pindex); 514 first_m = m; 515 m->dirty = VM_PAGE_BITS_ALL; 516 m = NULL; 517 ++vm_fault_copy_save_1; 518 } else { 519 /* 520 * Oh, well, lets copy it. 521 */ 522 vm_page_copy(m, first_m); 523 } 524 525 if (lookup_still_valid && 526 /* 527 * make sure that we have two shadow objs 528 */ 529 (object->shadow_count == 2) && 530 /* 531 * And no COW refs -- note that there are sometimes 532 * temp refs to objs, but ignore that case -- we just 533 * punt. 534 */ 535 (object->ref_count == 2) && 536 /* 537 * Noone else can look us up 538 */ 539 (object->handle == NULL) && 540 /* 541 * Not something that can be referenced elsewhere 542 */ 543 ((object->type == OBJT_DEFAULT) || 544 (object->type == OBJT_SWAP)) && 545 /* 546 * We don't bother chasing down object chain 547 */ 548 (object == first_object->backing_object)) { 549 550 vm_object_t other_object; 551 vm_pindex_t other_pindex, other_pindex_offset; 552 vm_page_t tm; 553 554 other_object = object->shadow_head.tqh_first; 555 if (other_object == first_object) 556 other_object = other_object->shadow_list.tqe_next; 557 if (!other_object) 558 panic("vm_fault: other object missing"); 559 if (other_object && 560 (other_object->type == OBJT_DEFAULT) && 561 (other_object->paging_in_progress == 0)) { 562 other_pindex_offset = 563 OFF_TO_IDX(other_object->backing_object_offset); 564 if (pindex >= other_pindex_offset) { 565 other_pindex = pindex - other_pindex_offset; 566 /* 567 * If the other object has the page, just free it. 568 */ 569 if ((tm = vm_page_lookup(other_object, other_pindex))) { 570 if ((tm->flags & PG_BUSY) == 0 && 571 tm->busy == 0 && 572 tm->valid == VM_PAGE_BITS_ALL) { 573 /* 574 * get rid of the unnecessary page 575 */ 576 vm_page_protect(m, VM_PROT_NONE); 577 PAGE_WAKEUP(m); 578 vm_page_free(m); 579 m = NULL; 580 ++vm_fault_free_1; 581 tm->dirty = VM_PAGE_BITS_ALL; 582 first_m->dirty = VM_PAGE_BITS_ALL; 583 } 584 } else { 585 /* 586 * If the other object doesn't have the page, 587 * then we move it there. 588 */ 589 vm_page_rename(m, other_object, other_pindex); 590 m->dirty = VM_PAGE_BITS_ALL; 591 m->valid = VM_PAGE_BITS_ALL; 592 ++vm_fault_copy_save_2; 593 } 594 } 595 } 596 } 597 598 if (m) { 599 if (m->queue != PQ_ACTIVE) 600 vm_page_activate(m); 601 /* 602 * We no longer need the old page or object. 603 */ 604 PAGE_WAKEUP(m); 605 } 606 607 vm_object_pip_wakeup(object); 608 /* 609 * Only use the new page below... 610 */ 611 612 cnt.v_cow_faults++; 613 m = first_m; 614 object = first_object; 615 pindex = first_pindex; 616 617 /* 618 * Now that we've gotten the copy out of the way, 619 * let's try to collapse the top object. 620 * 621 * But we have to play ugly games with 622 * paging_in_progress to do that... 623 */ 624 vm_object_pip_wakeup(object); 625 vm_object_collapse(object); 626 object->paging_in_progress++; 627 } else { 628 prot &= ~VM_PROT_WRITE; 629 } 630 } 631 632 /* 633 * We must verify that the maps have not changed since our last 634 * lookup. 635 */ 636 637 if (!lookup_still_valid) { 638 vm_object_t retry_object; 639 vm_pindex_t retry_pindex; 640 vm_prot_t retry_prot; 641 642 /* 643 * Since map entries may be pageable, make sure we can take a 644 * page fault on them. 645 */ 646 647 /* 648 * To avoid trying to write_lock the map while another process 649 * has it read_locked (in vm_map_pageable), we do not try for 650 * write permission. If the page is still writable, we will 651 * get write permission. If it is not, or has been marked 652 * needs_copy, we enter the mapping without write permission, 653 * and will merely take another fault. 654 */ 655 result = vm_map_lookup(&map, vaddr, fault_type & ~VM_PROT_WRITE, 656 &entry, &retry_object, &retry_pindex, &retry_prot, &wired, &su); 657 658 /* 659 * If we don't need the page any longer, put it on the active 660 * list (the easiest thing to do here). If no one needs it, 661 * pageout will grab it eventually. 662 */ 663 664 if (result != KERN_SUCCESS) { 665 RELEASE_PAGE(m); 666 UNLOCK_AND_DEALLOCATE; 667 return (result); 668 } 669 lookup_still_valid = TRUE; 670 671 if ((retry_object != first_object) || 672 (retry_pindex != first_pindex)) { 673 RELEASE_PAGE(m); 674 UNLOCK_AND_DEALLOCATE; 675 goto RetryFault; 676 } 677 /* 678 * Check whether the protection has changed or the object has 679 * been copied while we left the map unlocked. Changing from 680 * read to write permission is OK - we leave the page 681 * write-protected, and catch the write fault. Changing from 682 * write to read permission means that we can't mark the page 683 * write-enabled after all. 684 */ 685 prot &= retry_prot; 686 } 687 688 /* 689 * Put this page into the physical map. We had to do the unlock above 690 * because pmap_enter may cause other faults. We don't put the page 691 * back on the active queue until later so that the page-out daemon 692 * won't find us (yet). 693 */ 694 695 if (prot & VM_PROT_WRITE) { 696 m->flags |= PG_WRITEABLE; 697 m->object->flags |= OBJ_WRITEABLE|OBJ_MIGHTBEDIRTY; 698 /* 699 * If the fault is a write, we know that this page is being 700 * written NOW. This will save on the pmap_is_modified() calls 701 * later. 702 */ 703 if (fault_type & VM_PROT_WRITE) { 704 m->dirty = VM_PAGE_BITS_ALL; 705 } 706 } 707 708 UNLOCK_THINGS; 709 710 m->flags |= PG_MAPPED|PG_REFERENCED; 711 m->flags &= ~PG_ZERO; 712 m->valid = VM_PAGE_BITS_ALL; 713 714 pmap_enter(map->pmap, vaddr, VM_PAGE_TO_PHYS(m), prot, wired); 715 if (vp && (change_wiring == 0) && (wired == 0)) 716 pmap_prefault(map->pmap, vaddr, entry, first_object); 717 718 /* 719 * If the page is not wired down, then put it where the pageout daemon 720 * can find it. 721 */ 722 if (change_wiring) { 723 if (wired) 724 vm_page_wire(m); 725 else 726 vm_page_unwire(m); 727 } else { 728 if (m->queue != PQ_ACTIVE) 729 vm_page_activate(m); 730 } 731 732 if (curproc && (curproc->p_flag & P_INMEM) && curproc->p_stats) { 733 if (hardfault) { 734 curproc->p_stats->p_ru.ru_majflt++; 735 } else { 736 curproc->p_stats->p_ru.ru_minflt++; 737 } 738 } 739 740 /* 741 * Unlock everything, and return 742 */ 743 744 PAGE_WAKEUP(m); 745 vm_object_deallocate(first_object); 746 747 return (KERN_SUCCESS); 748 749 } 750 751 /* 752 * vm_fault_wire: 753 * 754 * Wire down a range of virtual addresses in a map. 755 */ 756 int 757 vm_fault_wire(map, start, end) 758 vm_map_t map; 759 vm_offset_t start, end; 760 { 761 762 register vm_offset_t va; 763 register pmap_t pmap; 764 int rv; 765 766 pmap = vm_map_pmap(map); 767 768 /* 769 * Inform the physical mapping system that the range of addresses may 770 * not fault, so that page tables and such can be locked down as well. 771 */ 772 773 pmap_pageable(pmap, start, end, FALSE); 774 775 /* 776 * We simulate a fault to get the page and enter it in the physical 777 * map. 778 */ 779 780 for (va = start; va < end; va += PAGE_SIZE) { 781 782 while( curproc != pageproc && 783 (cnt.v_free_count <= cnt.v_pageout_free_min)) 784 VM_WAIT; 785 786 rv = vm_fault(map, va, VM_PROT_READ|VM_PROT_WRITE, TRUE); 787 if (rv) { 788 if (va != start) 789 vm_fault_unwire(map, start, va); 790 return (rv); 791 } 792 } 793 return (KERN_SUCCESS); 794 } 795 796 797 /* 798 * vm_fault_unwire: 799 * 800 * Unwire a range of virtual addresses in a map. 801 */ 802 void 803 vm_fault_unwire(map, start, end) 804 vm_map_t map; 805 vm_offset_t start, end; 806 { 807 808 register vm_offset_t va, pa; 809 register pmap_t pmap; 810 811 pmap = vm_map_pmap(map); 812 813 /* 814 * Since the pages are wired down, we must be able to get their 815 * mappings from the physical map system. 816 */ 817 818 for (va = start; va < end; va += PAGE_SIZE) { 819 pa = pmap_extract(pmap, va); 820 if (pa == (vm_offset_t) 0) { 821 panic("unwire: page not in pmap"); 822 } 823 pmap_change_wiring(pmap, va, FALSE); 824 vm_page_unwire(PHYS_TO_VM_PAGE(pa)); 825 } 826 827 /* 828 * Inform the physical mapping system that the range of addresses may 829 * fault, so that page tables and such may be unwired themselves. 830 */ 831 832 pmap_pageable(pmap, start, end, TRUE); 833 834 } 835 836 /* 837 * Routine: 838 * vm_fault_copy_entry 839 * Function: 840 * Copy all of the pages from a wired-down map entry to another. 841 * 842 * In/out conditions: 843 * The source and destination maps must be locked for write. 844 * The source map entry must be wired down (or be a sharing map 845 * entry corresponding to a main map entry that is wired down). 846 */ 847 848 void 849 vm_fault_copy_entry(dst_map, src_map, dst_entry, src_entry) 850 vm_map_t dst_map; 851 vm_map_t src_map; 852 vm_map_entry_t dst_entry; 853 vm_map_entry_t src_entry; 854 { 855 vm_object_t dst_object; 856 vm_object_t src_object; 857 vm_ooffset_t dst_offset; 858 vm_ooffset_t src_offset; 859 vm_prot_t prot; 860 vm_offset_t vaddr; 861 vm_page_t dst_m; 862 vm_page_t src_m; 863 864 #ifdef lint 865 src_map++; 866 #endif /* lint */ 867 868 src_object = src_entry->object.vm_object; 869 src_offset = src_entry->offset; 870 871 /* 872 * Create the top-level object for the destination entry. (Doesn't 873 * actually shadow anything - we copy the pages directly.) 874 */ 875 dst_object = vm_object_allocate(OBJT_DEFAULT, 876 (vm_size_t) OFF_TO_IDX(dst_entry->end - dst_entry->start)); 877 878 dst_entry->object.vm_object = dst_object; 879 dst_entry->offset = 0; 880 881 prot = dst_entry->max_protection; 882 883 /* 884 * Loop through all of the pages in the entry's range, copying each 885 * one from the source object (it should be there) to the destination 886 * object. 887 */ 888 for (vaddr = dst_entry->start, dst_offset = 0; 889 vaddr < dst_entry->end; 890 vaddr += PAGE_SIZE, dst_offset += PAGE_SIZE) { 891 892 /* 893 * Allocate a page in the destination object 894 */ 895 do { 896 dst_m = vm_page_alloc(dst_object, 897 OFF_TO_IDX(dst_offset), VM_ALLOC_NORMAL); 898 if (dst_m == NULL) { 899 VM_WAIT; 900 } 901 } while (dst_m == NULL); 902 903 /* 904 * Find the page in the source object, and copy it in. 905 * (Because the source is wired down, the page will be in 906 * memory.) 907 */ 908 src_m = vm_page_lookup(src_object, 909 OFF_TO_IDX(dst_offset + src_offset)); 910 if (src_m == NULL) 911 panic("vm_fault_copy_wired: page missing"); 912 913 vm_page_copy(src_m, dst_m); 914 915 /* 916 * Enter it in the pmap... 917 */ 918 919 dst_m->flags |= PG_WRITEABLE|PG_MAPPED; 920 dst_m->flags &= ~PG_ZERO; 921 pmap_enter(dst_map->pmap, vaddr, VM_PAGE_TO_PHYS(dst_m), 922 prot, FALSE); 923 924 /* 925 * Mark it no longer busy, and put it on the active list. 926 */ 927 vm_page_activate(dst_m); 928 PAGE_WAKEUP(dst_m); 929 } 930 } 931 932 933 /* 934 * This routine checks around the requested page for other pages that 935 * might be able to be faulted in. This routine brackets the viable 936 * pages for the pages to be paged in. 937 * 938 * Inputs: 939 * m, rbehind, rahead 940 * 941 * Outputs: 942 * marray (array of vm_page_t), reqpage (index of requested page) 943 * 944 * Return value: 945 * number of pages in marray 946 */ 947 int 948 vm_fault_additional_pages(m, rbehind, rahead, marray, reqpage) 949 vm_page_t m; 950 int rbehind; 951 int rahead; 952 vm_page_t *marray; 953 int *reqpage; 954 { 955 int i; 956 vm_object_t object; 957 vm_pindex_t pindex, startpindex, endpindex, tpindex; 958 vm_offset_t size; 959 vm_page_t rtm; 960 int treqpage; 961 int cbehind, cahead; 962 963 object = m->object; 964 pindex = m->pindex; 965 966 /* 967 * if the requested page is not available, then give up now 968 */ 969 970 if (!vm_pager_has_page(object, 971 OFF_TO_IDX(object->paging_offset) + pindex, &cbehind, &cahead)) 972 return 0; 973 974 if ((cbehind == 0) && (cahead == 0)) { 975 *reqpage = 0; 976 marray[0] = m; 977 return 1; 978 } 979 980 if (rahead > cahead) { 981 rahead = cahead; 982 } 983 984 if (rbehind > cbehind) { 985 rbehind = cbehind; 986 } 987 988 /* 989 * try to do any readahead that we might have free pages for. 990 */ 991 if ((rahead + rbehind) > 992 ((cnt.v_free_count + cnt.v_cache_count) - cnt.v_free_reserved)) { 993 pagedaemon_wakeup(); 994 *reqpage = 0; 995 marray[0] = m; 996 return 1; 997 } 998 999 /* 1000 * scan backward for the read behind pages -- in memory or on disk not 1001 * in same object 1002 */ 1003 tpindex = pindex - 1; 1004 if (tpindex < pindex) { 1005 if (rbehind > pindex) 1006 rbehind = pindex; 1007 startpindex = pindex - rbehind; 1008 while (tpindex >= startpindex) { 1009 if (vm_page_lookup( object, tpindex)) { 1010 startpindex = tpindex + 1; 1011 break; 1012 } 1013 if (tpindex == 0) 1014 break; 1015 tpindex -= 1; 1016 } 1017 } else { 1018 startpindex = pindex; 1019 } 1020 1021 /* 1022 * scan forward for the read ahead pages -- in memory or on disk not 1023 * in same object 1024 */ 1025 tpindex = pindex + 1; 1026 endpindex = pindex + (rahead + 1); 1027 if (endpindex > object->size) 1028 endpindex = object->size; 1029 while (tpindex < endpindex) { 1030 if ( vm_page_lookup(object, tpindex)) { 1031 break; 1032 } 1033 tpindex += 1; 1034 } 1035 endpindex = tpindex; 1036 1037 /* calculate number of bytes of pages */ 1038 size = endpindex - startpindex; 1039 1040 /* calculate the page offset of the required page */ 1041 treqpage = pindex - startpindex; 1042 1043 /* see if we have space (again) */ 1044 if ((cnt.v_free_count + cnt.v_cache_count) > 1045 (cnt.v_free_reserved + size)) { 1046 /* 1047 * get our pages and don't block for them 1048 */ 1049 for (i = 0; i < size; i++) { 1050 if (i != treqpage) { 1051 rtm = vm_page_alloc(object, 1052 startpindex + i, 1053 VM_ALLOC_NORMAL); 1054 if (rtm == NULL) { 1055 if (i < treqpage) { 1056 int j; 1057 for (j = 0; j < i; j++) { 1058 FREE_PAGE(marray[j]); 1059 } 1060 *reqpage = 0; 1061 marray[0] = m; 1062 return 1; 1063 } else { 1064 size = i; 1065 *reqpage = treqpage; 1066 return size; 1067 } 1068 } 1069 marray[i] = rtm; 1070 } else { 1071 marray[i] = m; 1072 } 1073 } 1074 1075 *reqpage = treqpage; 1076 return size; 1077 } 1078 *reqpage = 0; 1079 marray[0] = m; 1080 return 1; 1081 } 1082