1 /*- 2 * Copyright (c) 1988 University of Utah. 3 * Copyright (c) 1991, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * This code is derived from software contributed to Berkeley by 7 * the Systems Programming Group of the University of Utah Computer 8 * Science Department. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$ 35 * 36 * @(#)vm_mmap.c 8.4 (Berkeley) 1/12/94 37 */ 38 39 /* 40 * Mapped file (mmap) interface to VM 41 */ 42 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include "opt_compat.h" 47 #include "opt_hwpmc_hooks.h" 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/kernel.h> 52 #include <sys/lock.h> 53 #include <sys/mutex.h> 54 #include <sys/sysproto.h> 55 #include <sys/filedesc.h> 56 #include <sys/priv.h> 57 #include <sys/proc.h> 58 #include <sys/resource.h> 59 #include <sys/resourcevar.h> 60 #include <sys/vnode.h> 61 #include <sys/fcntl.h> 62 #include <sys/file.h> 63 #include <sys/mman.h> 64 #include <sys/mount.h> 65 #include <sys/conf.h> 66 #include <sys/stat.h> 67 #include <sys/sysent.h> 68 #include <sys/vmmeter.h> 69 #include <sys/sysctl.h> 70 71 #include <security/mac/mac_framework.h> 72 73 #include <vm/vm.h> 74 #include <vm/vm_param.h> 75 #include <vm/pmap.h> 76 #include <vm/vm_map.h> 77 #include <vm/vm_object.h> 78 #include <vm/vm_page.h> 79 #include <vm/vm_pager.h> 80 #include <vm/vm_pageout.h> 81 #include <vm/vm_extern.h> 82 #include <vm/vm_page.h> 83 #include <vm/vm_kern.h> 84 85 #ifdef HWPMC_HOOKS 86 #include <sys/pmckern.h> 87 #endif 88 89 #ifndef _SYS_SYSPROTO_H_ 90 struct sbrk_args { 91 int incr; 92 }; 93 #endif 94 95 static int max_proc_mmap; 96 SYSCTL_INT(_vm, OID_AUTO, max_proc_mmap, CTLFLAG_RW, &max_proc_mmap, 0, 97 "Maximum number of memory-mapped files per process"); 98 99 /* 100 * Set the maximum number of vm_map_entry structures per process. Roughly 101 * speaking vm_map_entry structures are tiny, so allowing them to eat 1/100 102 * of our KVM malloc space still results in generous limits. We want a 103 * default that is good enough to prevent the kernel running out of resources 104 * if attacked from compromised user account but generous enough such that 105 * multi-threaded processes are not unduly inconvenienced. 106 */ 107 static void vmmapentry_rsrc_init(void *); 108 SYSINIT(vmmersrc, SI_SUB_KVM_RSRC, SI_ORDER_FIRST, vmmapentry_rsrc_init, 109 NULL); 110 111 static void 112 vmmapentry_rsrc_init(dummy) 113 void *dummy; 114 { 115 max_proc_mmap = vm_kmem_size / sizeof(struct vm_map_entry); 116 max_proc_mmap /= 100; 117 } 118 119 static int vm_mmap_vnode(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *, 120 int *, struct vnode *, vm_ooffset_t *, vm_object_t *); 121 static int vm_mmap_cdev(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *, 122 int *, struct cdev *, vm_ooffset_t *, vm_object_t *); 123 static int vm_mmap_shm(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *, 124 int *, struct shmfd *, vm_ooffset_t, vm_object_t *); 125 126 /* 127 * MPSAFE 128 */ 129 /* ARGSUSED */ 130 int 131 sbrk(td, uap) 132 struct thread *td; 133 struct sbrk_args *uap; 134 { 135 /* Not yet implemented */ 136 return (EOPNOTSUPP); 137 } 138 139 #ifndef _SYS_SYSPROTO_H_ 140 struct sstk_args { 141 int incr; 142 }; 143 #endif 144 145 /* 146 * MPSAFE 147 */ 148 /* ARGSUSED */ 149 int 150 sstk(td, uap) 151 struct thread *td; 152 struct sstk_args *uap; 153 { 154 /* Not yet implemented */ 155 return (EOPNOTSUPP); 156 } 157 158 #if defined(COMPAT_43) 159 #ifndef _SYS_SYSPROTO_H_ 160 struct getpagesize_args { 161 int dummy; 162 }; 163 #endif 164 165 /* ARGSUSED */ 166 int 167 ogetpagesize(td, uap) 168 struct thread *td; 169 struct getpagesize_args *uap; 170 { 171 /* MP SAFE */ 172 td->td_retval[0] = PAGE_SIZE; 173 return (0); 174 } 175 #endif /* COMPAT_43 */ 176 177 178 /* 179 * Memory Map (mmap) system call. Note that the file offset 180 * and address are allowed to be NOT page aligned, though if 181 * the MAP_FIXED flag it set, both must have the same remainder 182 * modulo the PAGE_SIZE (POSIX 1003.1b). If the address is not 183 * page-aligned, the actual mapping starts at trunc_page(addr) 184 * and the return value is adjusted up by the page offset. 185 * 186 * Generally speaking, only character devices which are themselves 187 * memory-based, such as a video framebuffer, can be mmap'd. Otherwise 188 * there would be no cache coherency between a descriptor and a VM mapping 189 * both to the same character device. 190 */ 191 #ifndef _SYS_SYSPROTO_H_ 192 struct mmap_args { 193 void *addr; 194 size_t len; 195 int prot; 196 int flags; 197 int fd; 198 long pad; 199 off_t pos; 200 }; 201 #endif 202 203 /* 204 * MPSAFE 205 */ 206 int 207 mmap(td, uap) 208 struct thread *td; 209 struct mmap_args *uap; 210 { 211 #ifdef HWPMC_HOOKS 212 struct pmckern_map_in pkm; 213 #endif 214 struct file *fp; 215 struct vnode *vp; 216 vm_offset_t addr; 217 vm_size_t size, pageoff; 218 vm_prot_t prot, maxprot; 219 void *handle; 220 objtype_t handle_type; 221 int flags, error; 222 off_t pos; 223 struct vmspace *vms = td->td_proc->p_vmspace; 224 225 addr = (vm_offset_t) uap->addr; 226 size = uap->len; 227 prot = uap->prot & VM_PROT_ALL; 228 flags = uap->flags; 229 pos = uap->pos; 230 231 fp = NULL; 232 233 /* Make sure mapping fits into numeric range, etc. */ 234 if ((uap->len == 0 && !SV_CURPROC_FLAG(SV_AOUT) && 235 curproc->p_osrel >= 800104) || 236 ((flags & MAP_ANON) && (uap->fd != -1 || pos != 0))) 237 return (EINVAL); 238 239 if (flags & MAP_STACK) { 240 if ((uap->fd != -1) || 241 ((prot & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE))) 242 return (EINVAL); 243 flags |= MAP_ANON; 244 pos = 0; 245 } 246 247 /* 248 * Align the file position to a page boundary, 249 * and save its page offset component. 250 */ 251 pageoff = (pos & PAGE_MASK); 252 pos -= pageoff; 253 254 /* Adjust size for rounding (on both ends). */ 255 size += pageoff; /* low end... */ 256 size = (vm_size_t) round_page(size); /* hi end */ 257 258 /* 259 * Check for illegal addresses. Watch out for address wrap... Note 260 * that VM_*_ADDRESS are not constants due to casts (argh). 261 */ 262 if (flags & MAP_FIXED) { 263 /* 264 * The specified address must have the same remainder 265 * as the file offset taken modulo PAGE_SIZE, so it 266 * should be aligned after adjustment by pageoff. 267 */ 268 addr -= pageoff; 269 if (addr & PAGE_MASK) 270 return (EINVAL); 271 272 /* Address range must be all in user VM space. */ 273 if (addr < vm_map_min(&vms->vm_map) || 274 addr + size > vm_map_max(&vms->vm_map)) 275 return (EINVAL); 276 if (addr + size < addr) 277 return (EINVAL); 278 } else { 279 /* 280 * XXX for non-fixed mappings where no hint is provided or 281 * the hint would fall in the potential heap space, 282 * place it after the end of the largest possible heap. 283 * 284 * There should really be a pmap call to determine a reasonable 285 * location. 286 */ 287 PROC_LOCK(td->td_proc); 288 if (addr == 0 || 289 (addr >= round_page((vm_offset_t)vms->vm_taddr) && 290 addr < round_page((vm_offset_t)vms->vm_daddr + 291 lim_max(td->td_proc, RLIMIT_DATA)))) 292 addr = round_page((vm_offset_t)vms->vm_daddr + 293 lim_max(td->td_proc, RLIMIT_DATA)); 294 PROC_UNLOCK(td->td_proc); 295 } 296 if (flags & MAP_ANON) { 297 /* 298 * Mapping blank space is trivial. 299 */ 300 handle = NULL; 301 handle_type = OBJT_DEFAULT; 302 maxprot = VM_PROT_ALL; 303 } else { 304 /* 305 * Mapping file, get fp for validation and 306 * don't let the descriptor disappear on us if we block. 307 */ 308 if ((error = fget(td, uap->fd, &fp)) != 0) 309 goto done; 310 if (fp->f_type == DTYPE_SHM) { 311 handle = fp->f_data; 312 handle_type = OBJT_SWAP; 313 maxprot = VM_PROT_NONE; 314 315 /* FREAD should always be set. */ 316 if (fp->f_flag & FREAD) 317 maxprot |= VM_PROT_EXECUTE | VM_PROT_READ; 318 if (fp->f_flag & FWRITE) 319 maxprot |= VM_PROT_WRITE; 320 goto map; 321 } 322 if (fp->f_type != DTYPE_VNODE) { 323 error = ENODEV; 324 goto done; 325 } 326 #if defined(COMPAT_FREEBSD7) || defined(COMPAT_FREEBSD6) || \ 327 defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4) 328 /* 329 * POSIX shared-memory objects are defined to have 330 * kernel persistence, and are not defined to support 331 * read(2)/write(2) -- or even open(2). Thus, we can 332 * use MAP_ASYNC to trade on-disk coherence for speed. 333 * The shm_open(3) library routine turns on the FPOSIXSHM 334 * flag to request this behavior. 335 */ 336 if (fp->f_flag & FPOSIXSHM) 337 flags |= MAP_NOSYNC; 338 #endif 339 vp = fp->f_vnode; 340 /* 341 * Ensure that file and memory protections are 342 * compatible. Note that we only worry about 343 * writability if mapping is shared; in this case, 344 * current and max prot are dictated by the open file. 345 * XXX use the vnode instead? Problem is: what 346 * credentials do we use for determination? What if 347 * proc does a setuid? 348 */ 349 if (vp->v_mount != NULL && vp->v_mount->mnt_flag & MNT_NOEXEC) 350 maxprot = VM_PROT_NONE; 351 else 352 maxprot = VM_PROT_EXECUTE; 353 if (fp->f_flag & FREAD) { 354 maxprot |= VM_PROT_READ; 355 } else if (prot & PROT_READ) { 356 error = EACCES; 357 goto done; 358 } 359 /* 360 * If we are sharing potential changes (either via 361 * MAP_SHARED or via the implicit sharing of character 362 * device mappings), and we are trying to get write 363 * permission although we opened it without asking 364 * for it, bail out. 365 */ 366 if ((flags & MAP_SHARED) != 0) { 367 if ((fp->f_flag & FWRITE) != 0) { 368 maxprot |= VM_PROT_WRITE; 369 } else if ((prot & PROT_WRITE) != 0) { 370 error = EACCES; 371 goto done; 372 } 373 } else if (vp->v_type != VCHR || (fp->f_flag & FWRITE) != 0) { 374 maxprot |= VM_PROT_WRITE; 375 } 376 handle = (void *)vp; 377 handle_type = OBJT_VNODE; 378 } 379 map: 380 381 /* 382 * Do not allow more then a certain number of vm_map_entry structures 383 * per process. Scale with the number of rforks sharing the map 384 * to make the limit reasonable for threads. 385 */ 386 if (max_proc_mmap && 387 vms->vm_map.nentries >= max_proc_mmap * vms->vm_refcnt) { 388 error = ENOMEM; 389 goto done; 390 } 391 392 td->td_fpop = fp; 393 error = vm_mmap(&vms->vm_map, &addr, size, prot, maxprot, 394 flags, handle_type, handle, pos); 395 td->td_fpop = NULL; 396 #ifdef HWPMC_HOOKS 397 /* inform hwpmc(4) if an executable is being mapped */ 398 if (error == 0 && handle_type == OBJT_VNODE && 399 (prot & PROT_EXEC)) { 400 pkm.pm_file = handle; 401 pkm.pm_address = (uintptr_t) addr; 402 PMC_CALL_HOOK(td, PMC_FN_MMAP, (void *) &pkm); 403 } 404 #endif 405 if (error == 0) 406 td->td_retval[0] = (register_t) (addr + pageoff); 407 done: 408 if (fp) 409 fdrop(fp, td); 410 411 return (error); 412 } 413 414 int 415 freebsd6_mmap(struct thread *td, struct freebsd6_mmap_args *uap) 416 { 417 struct mmap_args oargs; 418 419 oargs.addr = uap->addr; 420 oargs.len = uap->len; 421 oargs.prot = uap->prot; 422 oargs.flags = uap->flags; 423 oargs.fd = uap->fd; 424 oargs.pos = uap->pos; 425 return (mmap(td, &oargs)); 426 } 427 428 #ifdef COMPAT_43 429 #ifndef _SYS_SYSPROTO_H_ 430 struct ommap_args { 431 caddr_t addr; 432 int len; 433 int prot; 434 int flags; 435 int fd; 436 long pos; 437 }; 438 #endif 439 int 440 ommap(td, uap) 441 struct thread *td; 442 struct ommap_args *uap; 443 { 444 struct mmap_args nargs; 445 static const char cvtbsdprot[8] = { 446 0, 447 PROT_EXEC, 448 PROT_WRITE, 449 PROT_EXEC | PROT_WRITE, 450 PROT_READ, 451 PROT_EXEC | PROT_READ, 452 PROT_WRITE | PROT_READ, 453 PROT_EXEC | PROT_WRITE | PROT_READ, 454 }; 455 456 #define OMAP_ANON 0x0002 457 #define OMAP_COPY 0x0020 458 #define OMAP_SHARED 0x0010 459 #define OMAP_FIXED 0x0100 460 461 nargs.addr = uap->addr; 462 nargs.len = uap->len; 463 nargs.prot = cvtbsdprot[uap->prot & 0x7]; 464 nargs.flags = 0; 465 if (uap->flags & OMAP_ANON) 466 nargs.flags |= MAP_ANON; 467 if (uap->flags & OMAP_COPY) 468 nargs.flags |= MAP_COPY; 469 if (uap->flags & OMAP_SHARED) 470 nargs.flags |= MAP_SHARED; 471 else 472 nargs.flags |= MAP_PRIVATE; 473 if (uap->flags & OMAP_FIXED) 474 nargs.flags |= MAP_FIXED; 475 nargs.fd = uap->fd; 476 nargs.pos = uap->pos; 477 return (mmap(td, &nargs)); 478 } 479 #endif /* COMPAT_43 */ 480 481 482 #ifndef _SYS_SYSPROTO_H_ 483 struct msync_args { 484 void *addr; 485 size_t len; 486 int flags; 487 }; 488 #endif 489 /* 490 * MPSAFE 491 */ 492 int 493 msync(td, uap) 494 struct thread *td; 495 struct msync_args *uap; 496 { 497 vm_offset_t addr; 498 vm_size_t size, pageoff; 499 int flags; 500 vm_map_t map; 501 int rv; 502 503 addr = (vm_offset_t) uap->addr; 504 size = uap->len; 505 flags = uap->flags; 506 507 pageoff = (addr & PAGE_MASK); 508 addr -= pageoff; 509 size += pageoff; 510 size = (vm_size_t) round_page(size); 511 if (addr + size < addr) 512 return (EINVAL); 513 514 if ((flags & (MS_ASYNC|MS_INVALIDATE)) == (MS_ASYNC|MS_INVALIDATE)) 515 return (EINVAL); 516 517 map = &td->td_proc->p_vmspace->vm_map; 518 519 /* 520 * Clean the pages and interpret the return value. 521 */ 522 rv = vm_map_sync(map, addr, addr + size, (flags & MS_ASYNC) == 0, 523 (flags & MS_INVALIDATE) != 0); 524 switch (rv) { 525 case KERN_SUCCESS: 526 return (0); 527 case KERN_INVALID_ADDRESS: 528 return (EINVAL); /* Sun returns ENOMEM? */ 529 case KERN_INVALID_ARGUMENT: 530 return (EBUSY); 531 default: 532 return (EINVAL); 533 } 534 } 535 536 #ifndef _SYS_SYSPROTO_H_ 537 struct munmap_args { 538 void *addr; 539 size_t len; 540 }; 541 #endif 542 /* 543 * MPSAFE 544 */ 545 int 546 munmap(td, uap) 547 struct thread *td; 548 struct munmap_args *uap; 549 { 550 #ifdef HWPMC_HOOKS 551 struct pmckern_map_out pkm; 552 vm_map_entry_t entry; 553 #endif 554 vm_offset_t addr; 555 vm_size_t size, pageoff; 556 vm_map_t map; 557 558 addr = (vm_offset_t) uap->addr; 559 size = uap->len; 560 if (size == 0) 561 return (EINVAL); 562 563 pageoff = (addr & PAGE_MASK); 564 addr -= pageoff; 565 size += pageoff; 566 size = (vm_size_t) round_page(size); 567 if (addr + size < addr) 568 return (EINVAL); 569 570 /* 571 * Check for illegal addresses. Watch out for address wrap... 572 */ 573 map = &td->td_proc->p_vmspace->vm_map; 574 if (addr < vm_map_min(map) || addr + size > vm_map_max(map)) 575 return (EINVAL); 576 vm_map_lock(map); 577 #ifdef HWPMC_HOOKS 578 /* 579 * Inform hwpmc if the address range being unmapped contains 580 * an executable region. 581 */ 582 if (vm_map_lookup_entry(map, addr, &entry)) { 583 for (; 584 entry != &map->header && entry->start < addr + size; 585 entry = entry->next) { 586 if (vm_map_check_protection(map, entry->start, 587 entry->end, VM_PROT_EXECUTE) == TRUE) { 588 pkm.pm_address = (uintptr_t) addr; 589 pkm.pm_size = (size_t) size; 590 PMC_CALL_HOOK(td, PMC_FN_MUNMAP, 591 (void *) &pkm); 592 break; 593 } 594 } 595 } 596 #endif 597 /* returns nothing but KERN_SUCCESS anyway */ 598 vm_map_delete(map, addr, addr + size); 599 vm_map_unlock(map); 600 return (0); 601 } 602 603 #ifndef _SYS_SYSPROTO_H_ 604 struct mprotect_args { 605 const void *addr; 606 size_t len; 607 int prot; 608 }; 609 #endif 610 /* 611 * MPSAFE 612 */ 613 int 614 mprotect(td, uap) 615 struct thread *td; 616 struct mprotect_args *uap; 617 { 618 vm_offset_t addr; 619 vm_size_t size, pageoff; 620 vm_prot_t prot; 621 622 addr = (vm_offset_t) uap->addr; 623 size = uap->len; 624 prot = uap->prot & VM_PROT_ALL; 625 626 pageoff = (addr & PAGE_MASK); 627 addr -= pageoff; 628 size += pageoff; 629 size = (vm_size_t) round_page(size); 630 if (addr + size < addr) 631 return (EINVAL); 632 633 switch (vm_map_protect(&td->td_proc->p_vmspace->vm_map, addr, 634 addr + size, prot, FALSE)) { 635 case KERN_SUCCESS: 636 return (0); 637 case KERN_PROTECTION_FAILURE: 638 return (EACCES); 639 case KERN_RESOURCE_SHORTAGE: 640 return (ENOMEM); 641 } 642 return (EINVAL); 643 } 644 645 #ifndef _SYS_SYSPROTO_H_ 646 struct minherit_args { 647 void *addr; 648 size_t len; 649 int inherit; 650 }; 651 #endif 652 /* 653 * MPSAFE 654 */ 655 int 656 minherit(td, uap) 657 struct thread *td; 658 struct minherit_args *uap; 659 { 660 vm_offset_t addr; 661 vm_size_t size, pageoff; 662 vm_inherit_t inherit; 663 664 addr = (vm_offset_t)uap->addr; 665 size = uap->len; 666 inherit = uap->inherit; 667 668 pageoff = (addr & PAGE_MASK); 669 addr -= pageoff; 670 size += pageoff; 671 size = (vm_size_t) round_page(size); 672 if (addr + size < addr) 673 return (EINVAL); 674 675 switch (vm_map_inherit(&td->td_proc->p_vmspace->vm_map, addr, 676 addr + size, inherit)) { 677 case KERN_SUCCESS: 678 return (0); 679 case KERN_PROTECTION_FAILURE: 680 return (EACCES); 681 } 682 return (EINVAL); 683 } 684 685 #ifndef _SYS_SYSPROTO_H_ 686 struct madvise_args { 687 void *addr; 688 size_t len; 689 int behav; 690 }; 691 #endif 692 693 /* 694 * MPSAFE 695 */ 696 /* ARGSUSED */ 697 int 698 madvise(td, uap) 699 struct thread *td; 700 struct madvise_args *uap; 701 { 702 vm_offset_t start, end; 703 vm_map_t map; 704 struct proc *p; 705 int error; 706 707 /* 708 * Check for our special case, advising the swap pager we are 709 * "immortal." 710 */ 711 if (uap->behav == MADV_PROTECT) { 712 error = priv_check(td, PRIV_VM_MADV_PROTECT); 713 if (error == 0) { 714 p = td->td_proc; 715 PROC_LOCK(p); 716 p->p_flag |= P_PROTECTED; 717 PROC_UNLOCK(p); 718 } 719 return (error); 720 } 721 /* 722 * Check for illegal behavior 723 */ 724 if (uap->behav < 0 || uap->behav > MADV_CORE) 725 return (EINVAL); 726 /* 727 * Check for illegal addresses. Watch out for address wrap... Note 728 * that VM_*_ADDRESS are not constants due to casts (argh). 729 */ 730 map = &td->td_proc->p_vmspace->vm_map; 731 if ((vm_offset_t)uap->addr < vm_map_min(map) || 732 (vm_offset_t)uap->addr + uap->len > vm_map_max(map)) 733 return (EINVAL); 734 if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr) 735 return (EINVAL); 736 737 /* 738 * Since this routine is only advisory, we default to conservative 739 * behavior. 740 */ 741 start = trunc_page((vm_offset_t) uap->addr); 742 end = round_page((vm_offset_t) uap->addr + uap->len); 743 744 if (vm_map_madvise(map, start, end, uap->behav)) 745 return (EINVAL); 746 return (0); 747 } 748 749 #ifndef _SYS_SYSPROTO_H_ 750 struct mincore_args { 751 const void *addr; 752 size_t len; 753 char *vec; 754 }; 755 #endif 756 757 /* 758 * MPSAFE 759 */ 760 /* ARGSUSED */ 761 int 762 mincore(td, uap) 763 struct thread *td; 764 struct mincore_args *uap; 765 { 766 vm_offset_t addr, first_addr; 767 vm_offset_t end, cend; 768 pmap_t pmap; 769 vm_map_t map; 770 char *vec; 771 int error = 0; 772 int vecindex, lastvecindex; 773 vm_map_entry_t current; 774 vm_map_entry_t entry; 775 vm_object_t object; 776 vm_paddr_t locked_pa; 777 vm_page_t m; 778 vm_pindex_t pindex; 779 int mincoreinfo; 780 unsigned int timestamp; 781 boolean_t locked; 782 783 /* 784 * Make sure that the addresses presented are valid for user 785 * mode. 786 */ 787 first_addr = addr = trunc_page((vm_offset_t) uap->addr); 788 end = addr + (vm_size_t)round_page(uap->len); 789 map = &td->td_proc->p_vmspace->vm_map; 790 if (end > vm_map_max(map) || end < addr) 791 return (ENOMEM); 792 793 /* 794 * Address of byte vector 795 */ 796 vec = uap->vec; 797 798 pmap = vmspace_pmap(td->td_proc->p_vmspace); 799 800 vm_map_lock_read(map); 801 RestartScan: 802 timestamp = map->timestamp; 803 804 if (!vm_map_lookup_entry(map, addr, &entry)) { 805 vm_map_unlock_read(map); 806 return (ENOMEM); 807 } 808 809 /* 810 * Do this on a map entry basis so that if the pages are not 811 * in the current processes address space, we can easily look 812 * up the pages elsewhere. 813 */ 814 lastvecindex = -1; 815 for (current = entry; 816 (current != &map->header) && (current->start < end); 817 current = current->next) { 818 819 /* 820 * check for contiguity 821 */ 822 if (current->end < end && 823 (entry->next == &map->header || 824 current->next->start > current->end)) { 825 vm_map_unlock_read(map); 826 return (ENOMEM); 827 } 828 829 /* 830 * ignore submaps (for now) or null objects 831 */ 832 if ((current->eflags & MAP_ENTRY_IS_SUB_MAP) || 833 current->object.vm_object == NULL) 834 continue; 835 836 /* 837 * limit this scan to the current map entry and the 838 * limits for the mincore call 839 */ 840 if (addr < current->start) 841 addr = current->start; 842 cend = current->end; 843 if (cend > end) 844 cend = end; 845 846 /* 847 * scan this entry one page at a time 848 */ 849 while (addr < cend) { 850 /* 851 * Check pmap first, it is likely faster, also 852 * it can provide info as to whether we are the 853 * one referencing or modifying the page. 854 */ 855 object = NULL; 856 locked_pa = 0; 857 retry: 858 m = NULL; 859 mincoreinfo = pmap_mincore(pmap, addr, &locked_pa); 860 if (locked_pa != 0) { 861 /* 862 * The page is mapped by this process but not 863 * both accessed and modified. It is also 864 * managed. Acquire the object lock so that 865 * other mappings might be examined. 866 */ 867 m = PHYS_TO_VM_PAGE(locked_pa); 868 if (m->object != object) { 869 if (object != NULL) 870 VM_OBJECT_UNLOCK(object); 871 object = m->object; 872 locked = VM_OBJECT_TRYLOCK(object); 873 vm_page_unlock(m); 874 if (!locked) { 875 VM_OBJECT_LOCK(object); 876 vm_page_lock(m); 877 goto retry; 878 } 879 } else 880 vm_page_unlock(m); 881 KASSERT(m->valid == VM_PAGE_BITS_ALL, 882 ("mincore: page %p is mapped but invalid", 883 m)); 884 } else if (mincoreinfo == 0) { 885 /* 886 * The page is not mapped by this process. If 887 * the object implements managed pages, then 888 * determine if the page is resident so that 889 * the mappings might be examined. 890 */ 891 if (current->object.vm_object != object) { 892 if (object != NULL) 893 VM_OBJECT_UNLOCK(object); 894 object = current->object.vm_object; 895 VM_OBJECT_LOCK(object); 896 } 897 if (object->type == OBJT_DEFAULT || 898 object->type == OBJT_SWAP || 899 object->type == OBJT_VNODE) { 900 pindex = OFF_TO_IDX(current->offset + 901 (addr - current->start)); 902 m = vm_page_lookup(object, pindex); 903 if (m != NULL && m->valid == 0) 904 m = NULL; 905 if (m != NULL) 906 mincoreinfo = MINCORE_INCORE; 907 } 908 } 909 if (m != NULL) { 910 /* Examine other mappings to the page. */ 911 if (m->dirty == 0 && pmap_is_modified(m)) 912 vm_page_dirty(m); 913 if (m->dirty != 0) 914 mincoreinfo |= MINCORE_MODIFIED_OTHER; 915 /* 916 * The first test for PG_REFERENCED is an 917 * optimization. The second test is 918 * required because a concurrent pmap 919 * operation could clear the last reference 920 * and set PG_REFERENCED before the call to 921 * pmap_is_referenced(). 922 */ 923 if ((m->flags & PG_REFERENCED) != 0 || 924 pmap_is_referenced(m) || 925 (m->flags & PG_REFERENCED) != 0) 926 mincoreinfo |= MINCORE_REFERENCED_OTHER; 927 } 928 if (object != NULL) 929 VM_OBJECT_UNLOCK(object); 930 931 /* 932 * subyte may page fault. In case it needs to modify 933 * the map, we release the lock. 934 */ 935 vm_map_unlock_read(map); 936 937 /* 938 * calculate index into user supplied byte vector 939 */ 940 vecindex = OFF_TO_IDX(addr - first_addr); 941 942 /* 943 * If we have skipped map entries, we need to make sure that 944 * the byte vector is zeroed for those skipped entries. 945 */ 946 while ((lastvecindex + 1) < vecindex) { 947 error = subyte(vec + lastvecindex, 0); 948 if (error) { 949 error = EFAULT; 950 goto done2; 951 } 952 ++lastvecindex; 953 } 954 955 /* 956 * Pass the page information to the user 957 */ 958 error = subyte(vec + vecindex, mincoreinfo); 959 if (error) { 960 error = EFAULT; 961 goto done2; 962 } 963 964 /* 965 * If the map has changed, due to the subyte, the previous 966 * output may be invalid. 967 */ 968 vm_map_lock_read(map); 969 if (timestamp != map->timestamp) 970 goto RestartScan; 971 972 lastvecindex = vecindex; 973 addr += PAGE_SIZE; 974 } 975 } 976 977 /* 978 * subyte may page fault. In case it needs to modify 979 * the map, we release the lock. 980 */ 981 vm_map_unlock_read(map); 982 983 /* 984 * Zero the last entries in the byte vector. 985 */ 986 vecindex = OFF_TO_IDX(end - first_addr); 987 while ((lastvecindex + 1) < vecindex) { 988 error = subyte(vec + lastvecindex, 0); 989 if (error) { 990 error = EFAULT; 991 goto done2; 992 } 993 ++lastvecindex; 994 } 995 996 /* 997 * If the map has changed, due to the subyte, the previous 998 * output may be invalid. 999 */ 1000 vm_map_lock_read(map); 1001 if (timestamp != map->timestamp) 1002 goto RestartScan; 1003 vm_map_unlock_read(map); 1004 done2: 1005 return (error); 1006 } 1007 1008 #ifndef _SYS_SYSPROTO_H_ 1009 struct mlock_args { 1010 const void *addr; 1011 size_t len; 1012 }; 1013 #endif 1014 /* 1015 * MPSAFE 1016 */ 1017 int 1018 mlock(td, uap) 1019 struct thread *td; 1020 struct mlock_args *uap; 1021 { 1022 struct proc *proc; 1023 vm_offset_t addr, end, last, start; 1024 vm_size_t npages, size; 1025 int error; 1026 1027 error = priv_check(td, PRIV_VM_MLOCK); 1028 if (error) 1029 return (error); 1030 addr = (vm_offset_t)uap->addr; 1031 size = uap->len; 1032 last = addr + size; 1033 start = trunc_page(addr); 1034 end = round_page(last); 1035 if (last < addr || end < addr) 1036 return (EINVAL); 1037 npages = atop(end - start); 1038 if (npages > vm_page_max_wired) 1039 return (ENOMEM); 1040 proc = td->td_proc; 1041 PROC_LOCK(proc); 1042 if (ptoa(npages + 1043 pmap_wired_count(vm_map_pmap(&proc->p_vmspace->vm_map))) > 1044 lim_cur(proc, RLIMIT_MEMLOCK)) { 1045 PROC_UNLOCK(proc); 1046 return (ENOMEM); 1047 } 1048 PROC_UNLOCK(proc); 1049 if (npages + cnt.v_wire_count > vm_page_max_wired) 1050 return (EAGAIN); 1051 error = vm_map_wire(&proc->p_vmspace->vm_map, start, end, 1052 VM_MAP_WIRE_USER | VM_MAP_WIRE_NOHOLES); 1053 return (error == KERN_SUCCESS ? 0 : ENOMEM); 1054 } 1055 1056 #ifndef _SYS_SYSPROTO_H_ 1057 struct mlockall_args { 1058 int how; 1059 }; 1060 #endif 1061 1062 /* 1063 * MPSAFE 1064 */ 1065 int 1066 mlockall(td, uap) 1067 struct thread *td; 1068 struct mlockall_args *uap; 1069 { 1070 vm_map_t map; 1071 int error; 1072 1073 map = &td->td_proc->p_vmspace->vm_map; 1074 error = 0; 1075 1076 if ((uap->how == 0) || ((uap->how & ~(MCL_CURRENT|MCL_FUTURE)) != 0)) 1077 return (EINVAL); 1078 1079 #if 0 1080 /* 1081 * If wiring all pages in the process would cause it to exceed 1082 * a hard resource limit, return ENOMEM. 1083 */ 1084 PROC_LOCK(td->td_proc); 1085 if (map->size > lim_cur(td->td_proc, RLIMIT_MEMLOCK)) { 1086 PROC_UNLOCK(td->td_proc); 1087 return (ENOMEM); 1088 } 1089 PROC_UNLOCK(td->td_proc); 1090 #else 1091 error = priv_check(td, PRIV_VM_MLOCK); 1092 if (error) 1093 return (error); 1094 #endif 1095 1096 if (uap->how & MCL_FUTURE) { 1097 vm_map_lock(map); 1098 vm_map_modflags(map, MAP_WIREFUTURE, 0); 1099 vm_map_unlock(map); 1100 error = 0; 1101 } 1102 1103 if (uap->how & MCL_CURRENT) { 1104 /* 1105 * P1003.1-2001 mandates that all currently mapped pages 1106 * will be memory resident and locked (wired) upon return 1107 * from mlockall(). vm_map_wire() will wire pages, by 1108 * calling vm_fault_wire() for each page in the region. 1109 */ 1110 error = vm_map_wire(map, vm_map_min(map), vm_map_max(map), 1111 VM_MAP_WIRE_USER|VM_MAP_WIRE_HOLESOK); 1112 error = (error == KERN_SUCCESS ? 0 : EAGAIN); 1113 } 1114 1115 return (error); 1116 } 1117 1118 #ifndef _SYS_SYSPROTO_H_ 1119 struct munlockall_args { 1120 register_t dummy; 1121 }; 1122 #endif 1123 1124 /* 1125 * MPSAFE 1126 */ 1127 int 1128 munlockall(td, uap) 1129 struct thread *td; 1130 struct munlockall_args *uap; 1131 { 1132 vm_map_t map; 1133 int error; 1134 1135 map = &td->td_proc->p_vmspace->vm_map; 1136 error = priv_check(td, PRIV_VM_MUNLOCK); 1137 if (error) 1138 return (error); 1139 1140 /* Clear the MAP_WIREFUTURE flag from this vm_map. */ 1141 vm_map_lock(map); 1142 vm_map_modflags(map, 0, MAP_WIREFUTURE); 1143 vm_map_unlock(map); 1144 1145 /* Forcibly unwire all pages. */ 1146 error = vm_map_unwire(map, vm_map_min(map), vm_map_max(map), 1147 VM_MAP_WIRE_USER|VM_MAP_WIRE_HOLESOK); 1148 1149 return (error); 1150 } 1151 1152 #ifndef _SYS_SYSPROTO_H_ 1153 struct munlock_args { 1154 const void *addr; 1155 size_t len; 1156 }; 1157 #endif 1158 /* 1159 * MPSAFE 1160 */ 1161 int 1162 munlock(td, uap) 1163 struct thread *td; 1164 struct munlock_args *uap; 1165 { 1166 vm_offset_t addr, end, last, start; 1167 vm_size_t size; 1168 int error; 1169 1170 error = priv_check(td, PRIV_VM_MUNLOCK); 1171 if (error) 1172 return (error); 1173 addr = (vm_offset_t)uap->addr; 1174 size = uap->len; 1175 last = addr + size; 1176 start = trunc_page(addr); 1177 end = round_page(last); 1178 if (last < addr || end < addr) 1179 return (EINVAL); 1180 error = vm_map_unwire(&td->td_proc->p_vmspace->vm_map, start, end, 1181 VM_MAP_WIRE_USER | VM_MAP_WIRE_NOHOLES); 1182 return (error == KERN_SUCCESS ? 0 : ENOMEM); 1183 } 1184 1185 /* 1186 * vm_mmap_vnode() 1187 * 1188 * MPSAFE 1189 * 1190 * Helper function for vm_mmap. Perform sanity check specific for mmap 1191 * operations on vnodes. 1192 */ 1193 int 1194 vm_mmap_vnode(struct thread *td, vm_size_t objsize, 1195 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp, 1196 struct vnode *vp, vm_ooffset_t *foffp, vm_object_t *objp) 1197 { 1198 struct vattr va; 1199 vm_object_t obj; 1200 vm_offset_t foff; 1201 struct mount *mp; 1202 struct ucred *cred; 1203 int error, flags; 1204 int vfslocked; 1205 1206 mp = vp->v_mount; 1207 cred = td->td_ucred; 1208 vfslocked = VFS_LOCK_GIANT(mp); 1209 if ((error = vget(vp, LK_SHARED, td)) != 0) { 1210 VFS_UNLOCK_GIANT(vfslocked); 1211 return (error); 1212 } 1213 foff = *foffp; 1214 flags = *flagsp; 1215 obj = vp->v_object; 1216 if (vp->v_type == VREG) { 1217 /* 1218 * Get the proper underlying object 1219 */ 1220 if (obj == NULL) { 1221 error = EINVAL; 1222 goto done; 1223 } 1224 if (obj->handle != vp) { 1225 vput(vp); 1226 vp = (struct vnode*)obj->handle; 1227 vget(vp, LK_SHARED, td); 1228 } 1229 } else if (vp->v_type == VCHR) { 1230 error = vm_mmap_cdev(td, objsize, prot, maxprotp, flagsp, 1231 vp->v_rdev, foffp, objp); 1232 if (error == 0) 1233 goto mark_atime; 1234 goto done; 1235 } else { 1236 error = EINVAL; 1237 goto done; 1238 } 1239 if ((error = VOP_GETATTR(vp, &va, cred))) 1240 goto done; 1241 #ifdef MAC 1242 error = mac_vnode_check_mmap(cred, vp, prot, flags); 1243 if (error != 0) 1244 goto done; 1245 #endif 1246 if ((flags & MAP_SHARED) != 0) { 1247 if ((va.va_flags & (SF_SNAPSHOT|IMMUTABLE|APPEND)) != 0) { 1248 if (prot & PROT_WRITE) { 1249 error = EPERM; 1250 goto done; 1251 } 1252 *maxprotp &= ~VM_PROT_WRITE; 1253 } 1254 } 1255 /* 1256 * If it is a regular file without any references 1257 * we do not need to sync it. 1258 * Adjust object size to be the size of actual file. 1259 */ 1260 objsize = round_page(va.va_size); 1261 if (va.va_nlink == 0) 1262 flags |= MAP_NOSYNC; 1263 obj = vm_pager_allocate(OBJT_VNODE, vp, objsize, prot, foff, td->td_ucred); 1264 if (obj == NULL) { 1265 error = ENOMEM; 1266 goto done; 1267 } 1268 *objp = obj; 1269 *flagsp = flags; 1270 1271 mark_atime: 1272 vfs_mark_atime(vp, cred); 1273 1274 done: 1275 vput(vp); 1276 VFS_UNLOCK_GIANT(vfslocked); 1277 return (error); 1278 } 1279 1280 /* 1281 * vm_mmap_cdev() 1282 * 1283 * MPSAFE 1284 * 1285 * Helper function for vm_mmap. Perform sanity check specific for mmap 1286 * operations on cdevs. 1287 */ 1288 int 1289 vm_mmap_cdev(struct thread *td, vm_size_t objsize, 1290 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp, 1291 struct cdev *cdev, vm_ooffset_t *foff, vm_object_t *objp) 1292 { 1293 vm_object_t obj; 1294 struct cdevsw *dsw; 1295 int error, flags, ref; 1296 1297 flags = *flagsp; 1298 1299 dsw = dev_refthread(cdev, &ref); 1300 if (dsw == NULL) 1301 return (ENXIO); 1302 if (dsw->d_flags & D_MMAP_ANON) { 1303 dev_relthread(cdev, ref); 1304 *maxprotp = VM_PROT_ALL; 1305 *flagsp |= MAP_ANON; 1306 return (0); 1307 } 1308 /* 1309 * cdevs do not provide private mappings of any kind. 1310 */ 1311 if ((*maxprotp & VM_PROT_WRITE) == 0 && 1312 (prot & PROT_WRITE) != 0) { 1313 dev_relthread(cdev, ref); 1314 return (EACCES); 1315 } 1316 if (flags & (MAP_PRIVATE|MAP_COPY)) { 1317 dev_relthread(cdev, ref); 1318 return (EINVAL); 1319 } 1320 /* 1321 * Force device mappings to be shared. 1322 */ 1323 flags |= MAP_SHARED; 1324 #ifdef MAC_XXX 1325 error = mac_cdev_check_mmap(td->td_ucred, cdev, prot); 1326 if (error != 0) { 1327 dev_relthread(cdev, ref); 1328 return (error); 1329 } 1330 #endif 1331 /* 1332 * First, try d_mmap_single(). If that is not implemented 1333 * (returns ENODEV), fall back to using the device pager. 1334 * Note that d_mmap_single() must return a reference to the 1335 * object (it needs to bump the reference count of the object 1336 * it returns somehow). 1337 * 1338 * XXX assumes VM_PROT_* == PROT_* 1339 */ 1340 error = dsw->d_mmap_single(cdev, foff, objsize, objp, (int)prot); 1341 dev_relthread(cdev, ref); 1342 if (error != ENODEV) 1343 return (error); 1344 obj = vm_pager_allocate(OBJT_DEVICE, cdev, objsize, prot, *foff, 1345 td->td_ucred); 1346 if (obj == NULL) 1347 return (EINVAL); 1348 *objp = obj; 1349 *flagsp = flags; 1350 return (0); 1351 } 1352 1353 /* 1354 * vm_mmap_shm() 1355 * 1356 * MPSAFE 1357 * 1358 * Helper function for vm_mmap. Perform sanity check specific for mmap 1359 * operations on shm file descriptors. 1360 */ 1361 int 1362 vm_mmap_shm(struct thread *td, vm_size_t objsize, 1363 vm_prot_t prot, vm_prot_t *maxprotp, int *flagsp, 1364 struct shmfd *shmfd, vm_ooffset_t foff, vm_object_t *objp) 1365 { 1366 int error; 1367 1368 if ((*maxprotp & VM_PROT_WRITE) == 0 && 1369 (prot & PROT_WRITE) != 0) 1370 return (EACCES); 1371 #ifdef MAC 1372 error = mac_posixshm_check_mmap(td->td_ucred, shmfd, prot, *flagsp); 1373 if (error != 0) 1374 return (error); 1375 #endif 1376 error = shm_mmap(shmfd, objsize, foff, objp); 1377 if (error) 1378 return (error); 1379 return (0); 1380 } 1381 1382 /* 1383 * vm_mmap() 1384 * 1385 * MPSAFE 1386 * 1387 * Internal version of mmap. Currently used by mmap, exec, and sys5 1388 * shared memory. Handle is either a vnode pointer or NULL for MAP_ANON. 1389 */ 1390 int 1391 vm_mmap(vm_map_t map, vm_offset_t *addr, vm_size_t size, vm_prot_t prot, 1392 vm_prot_t maxprot, int flags, 1393 objtype_t handle_type, void *handle, 1394 vm_ooffset_t foff) 1395 { 1396 boolean_t fitit; 1397 vm_object_t object = NULL; 1398 int rv = KERN_SUCCESS; 1399 int docow, error; 1400 struct thread *td = curthread; 1401 1402 if (size == 0) 1403 return (0); 1404 1405 size = round_page(size); 1406 1407 PROC_LOCK(td->td_proc); 1408 if (td->td_proc->p_vmspace->vm_map.size + size > 1409 lim_cur(td->td_proc, RLIMIT_VMEM)) { 1410 PROC_UNLOCK(td->td_proc); 1411 return(ENOMEM); 1412 } 1413 PROC_UNLOCK(td->td_proc); 1414 1415 /* 1416 * We currently can only deal with page aligned file offsets. 1417 * The check is here rather than in the syscall because the 1418 * kernel calls this function internally for other mmaping 1419 * operations (such as in exec) and non-aligned offsets will 1420 * cause pmap inconsistencies...so we want to be sure to 1421 * disallow this in all cases. 1422 */ 1423 if (foff & PAGE_MASK) 1424 return (EINVAL); 1425 1426 if ((flags & MAP_FIXED) == 0) { 1427 fitit = TRUE; 1428 *addr = round_page(*addr); 1429 } else { 1430 if (*addr != trunc_page(*addr)) 1431 return (EINVAL); 1432 fitit = FALSE; 1433 } 1434 /* 1435 * Lookup/allocate object. 1436 */ 1437 switch (handle_type) { 1438 case OBJT_DEVICE: 1439 error = vm_mmap_cdev(td, size, prot, &maxprot, &flags, 1440 handle, &foff, &object); 1441 break; 1442 case OBJT_VNODE: 1443 error = vm_mmap_vnode(td, size, prot, &maxprot, &flags, 1444 handle, &foff, &object); 1445 break; 1446 case OBJT_SWAP: 1447 error = vm_mmap_shm(td, size, prot, &maxprot, &flags, 1448 handle, foff, &object); 1449 break; 1450 case OBJT_DEFAULT: 1451 if (handle == NULL) { 1452 error = 0; 1453 break; 1454 } 1455 /* FALLTHROUGH */ 1456 default: 1457 error = EINVAL; 1458 break; 1459 } 1460 if (error) 1461 return (error); 1462 if (flags & MAP_ANON) { 1463 object = NULL; 1464 docow = 0; 1465 /* 1466 * Unnamed anonymous regions always start at 0. 1467 */ 1468 if (handle == 0) 1469 foff = 0; 1470 } else { 1471 docow = MAP_PREFAULT_PARTIAL; 1472 } 1473 1474 if ((flags & (MAP_ANON|MAP_SHARED)) == 0) 1475 docow |= MAP_COPY_ON_WRITE; 1476 if (flags & MAP_NOSYNC) 1477 docow |= MAP_DISABLE_SYNCER; 1478 if (flags & MAP_NOCORE) 1479 docow |= MAP_DISABLE_COREDUMP; 1480 1481 if (flags & MAP_STACK) 1482 rv = vm_map_stack(map, *addr, size, prot, maxprot, 1483 docow | MAP_STACK_GROWS_DOWN); 1484 else if (fitit) 1485 rv = vm_map_find(map, object, foff, addr, size, 1486 object != NULL && object->type == OBJT_DEVICE ? 1487 VMFS_ALIGNED_SPACE : VMFS_ANY_SPACE, prot, maxprot, docow); 1488 else 1489 rv = vm_map_fixed(map, object, foff, *addr, size, 1490 prot, maxprot, docow); 1491 1492 if (rv != KERN_SUCCESS) { 1493 /* 1494 * Lose the object reference. Will destroy the 1495 * object if it's an unnamed anonymous mapping 1496 * or named anonymous without other references. 1497 */ 1498 vm_object_deallocate(object); 1499 } else if (flags & MAP_SHARED) { 1500 /* 1501 * Shared memory is also shared with children. 1502 */ 1503 rv = vm_map_inherit(map, *addr, *addr + size, VM_INHERIT_SHARE); 1504 if (rv != KERN_SUCCESS) 1505 (void) vm_map_remove(map, *addr, *addr + size); 1506 } 1507 1508 /* 1509 * If the process has requested that all future mappings 1510 * be wired, then heed this. 1511 */ 1512 if ((rv == KERN_SUCCESS) && (map->flags & MAP_WIREFUTURE)) 1513 vm_map_wire(map, *addr, *addr + size, 1514 VM_MAP_WIRE_USER|VM_MAP_WIRE_NOHOLES); 1515 1516 switch (rv) { 1517 case KERN_SUCCESS: 1518 return (0); 1519 case KERN_INVALID_ADDRESS: 1520 case KERN_NO_SPACE: 1521 return (ENOMEM); 1522 case KERN_PROTECTION_FAILURE: 1523 return (EACCES); 1524 default: 1525 return (EINVAL); 1526 } 1527 } 1528