xref: /illumos-gate/usr/src/uts/sfmmu/vm/hat_sfmmu.h (revision c211fc479225fa54805cf480633bf6689ca9a2db)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * VM - Hardware Address Translation management.
28  *
29  * This file describes the contents of the sun-reference-mmu(sfmmu)-
30  * specific hat data structures and the sfmmu-specific hat procedures.
31  * The machine-independent interface is described in <vm/hat.h>.
32  */
33 
34 #ifndef	_VM_HAT_SFMMU_H
35 #define	_VM_HAT_SFMMU_H
36 
37 #ifdef	__cplusplus
38 extern "C" {
39 #endif
40 
41 #ifndef _ASM
42 
43 #include <sys/types.h>
44 
45 #endif /* _ASM */
46 
47 #ifdef	_KERNEL
48 
49 #include <sys/pte.h>
50 #include <vm/mach_sfmmu.h>
51 #include <sys/mmu.h>
52 
53 /*
54  * Don't alter these without considering changes to ism_map_t.
55  */
56 #define	DEFAULT_ISM_PAGESIZE		MMU_PAGESIZE4M
57 #define	DEFAULT_ISM_PAGESZC		TTE4M
58 #define	ISM_PG_SIZE(ism_vbshift)	(1 << ism_vbshift)
59 #define	ISM_SZ_MASK(ism_vbshift)	(ISM_PG_SIZE(ism_vbshift) - 1)
60 #define	ISM_MAP_SLOTS	8	/* Change this carefully. */
61 
62 #ifndef _ASM
63 
64 #include <sys/t_lock.h>
65 #include <vm/hat.h>
66 #include <vm/seg.h>
67 #include <sys/machparam.h>
68 #include <sys/systm.h>
69 #include <sys/x_call.h>
70 #include <vm/page.h>
71 #include <sys/ksynch.h>
72 
73 typedef struct hat sfmmu_t;
74 typedef struct sf_scd sf_scd_t;
75 
76 /*
77  * SFMMU attributes for hat_memload/hat_devload
78  */
79 #define	SFMMU_UNCACHEPTTE	0x01000000	/* unencache in physical $ */
80 #define	SFMMU_UNCACHEVTTE	0x02000000	/* unencache in virtual $ */
81 #define	SFMMU_SIDEFFECT		0x04000000	/* set side effect bit */
82 #define	SFMMU_LOAD_ALLATTR	(HAT_PROT_MASK | HAT_ORDER_MASK |	\
83 		HAT_ENDIAN_MASK | HAT_NOFAULT | HAT_NOSYNC |		\
84 		SFMMU_UNCACHEPTTE | SFMMU_UNCACHEVTTE | SFMMU_SIDEFFECT)
85 
86 
87 /*
88  * sfmmu flags for hat_memload/hat_devload
89  */
90 #define	SFMMU_NO_TSBLOAD	0x08000000	/* do not preload tsb */
91 #define	SFMMU_LOAD_ALLFLAG	(HAT_LOAD | HAT_LOAD_LOCK |		\
92 		HAT_LOAD_ADV | HAT_LOAD_CONTIG | HAT_LOAD_NOCONSIST |	\
93 		HAT_LOAD_SHARE | HAT_LOAD_REMAP | SFMMU_NO_TSBLOAD |	\
94 		HAT_RELOAD_SHARE | HAT_NO_KALLOC | HAT_LOAD_TEXT)
95 
96 /*
97  * sfmmu internal flag to hat_pageunload that spares locked mappings
98  */
99 #define	SFMMU_KERNEL_RELOC	0x8000
100 
101 /*
102  * mode for sfmmu_chgattr
103  */
104 #define	SFMMU_SETATTR	0x0
105 #define	SFMMU_CLRATTR	0x1
106 #define	SFMMU_CHGATTR	0x2
107 
108 /*
109  * sfmmu specific flags for page_t
110  */
111 #define	P_PNC	0x8		/* non-caching is permanent bit */
112 #define	P_TNC	0x10		/* non-caching is temporary bit */
113 #define	P_KPMS	0x20		/* kpm mapped small (vac alias prevention) */
114 #define	P_KPMC	0x40		/* kpm conflict page (vac alias prevention) */
115 #define	P_EXEC	0x80		/* execution reference (I-cache filled) */
116 
117 #define	PP_GENERIC_ATTR(pp)	((pp)->p_nrm & (P_MOD | P_REF | P_RO))
118 #define	PP_ISMOD(pp)		((pp)->p_nrm & P_MOD)
119 #define	PP_ISREF(pp)		((pp)->p_nrm & P_REF)
120 #define	PP_ISRO(pp)		((pp)->p_nrm & P_RO)
121 #define	PP_ISNC(pp)		((pp)->p_nrm & (P_PNC|P_TNC))
122 #define	PP_ISPNC(pp)		((pp)->p_nrm & P_PNC)
123 #ifdef VAC
124 #define	PP_ISTNC(pp)		((pp)->p_nrm & P_TNC)
125 #endif
126 #define	PP_ISKPMS(pp)		((pp)->p_nrm & P_KPMS)
127 #define	PP_ISKPMC(pp)		((pp)->p_nrm & P_KPMC)
128 #define	PP_ISEXEC(pp)		((pp)->p_nrm & P_EXEC)
129 
130 #define	PP_SETMOD(pp)		((pp)->p_nrm |= P_MOD)
131 #define	PP_SETREF(pp)		((pp)->p_nrm |= P_REF)
132 #define	PP_SETREFMOD(pp)	((pp)->p_nrm |= (P_REF|P_MOD))
133 #define	PP_SETRO(pp)		((pp)->p_nrm |= P_RO)
134 #define	PP_SETREFRO(pp)		((pp)->p_nrm |= (P_REF|P_RO))
135 #define	PP_SETPNC(pp)		((pp)->p_nrm |= P_PNC)
136 #ifdef VAC
137 #define	PP_SETTNC(pp)		((pp)->p_nrm |= P_TNC)
138 #endif
139 #define	PP_SETKPMS(pp)		((pp)->p_nrm |= P_KPMS)
140 #define	PP_SETKPMC(pp)		((pp)->p_nrm |= P_KPMC)
141 #define	PP_SETEXEC(pp)		((pp)->p_nrm |= P_EXEC)
142 
143 #define	PP_CLRMOD(pp)		((pp)->p_nrm &= ~P_MOD)
144 #define	PP_CLRREF(pp)		((pp)->p_nrm &= ~P_REF)
145 #define	PP_CLRREFMOD(pp)	((pp)->p_nrm &= ~(P_REF|P_MOD))
146 #define	PP_CLRRO(pp)		((pp)->p_nrm &= ~P_RO)
147 #define	PP_CLRPNC(pp)		((pp)->p_nrm &= ~P_PNC)
148 #ifdef VAC
149 #define	PP_CLRTNC(pp)		((pp)->p_nrm &= ~P_TNC)
150 #endif
151 #define	PP_CLRKPMS(pp)		((pp)->p_nrm &= ~P_KPMS)
152 #define	PP_CLRKPMC(pp)		((pp)->p_nrm &= ~P_KPMC)
153 #define	PP_CLREXEC(pp)		((pp)->p_nrm &= ~P_EXEC)
154 
155 /*
156  * Support for non-coherent I-cache. If the MD property "coherency"
157  * is set to 0, it means that the I-cache must be flushed in
158  * software. Use the "soft exec" bit in the TTE to detect when a page
159  * has been executed, so that it can be flushed before it is re-used
160  * for another program.
161  */
162 #define	TTE_EXECUTED(ttep)						\
163 	(TTE_IS_EXECUTABLE(ttep) && TTE_IS_SOFTEXEC(ttep))
164 
165 /*
166  * All shared memory segments attached with the SHM_SHARE_MMU flag (ISM)
167  * will be constrained to a 4M, 32M or 256M alignment. Also since every newly-
168  * created ISM segment is created out of a new address space at base va
169  * of 0 we don't need to store it.
170  */
171 #define	ISM_ALIGN(shift)	(1 << shift)	/* base va aligned to <n>M  */
172 #define	ISM_ALIGNED(shift, va)	(((uintptr_t)va & (ISM_ALIGN(shift) - 1)) == 0)
173 #define	ISM_SHIFT(shift, x)	((uintptr_t)x >> (shift))
174 
175 /*
176  * Pad locks out to cache sub-block boundaries to prevent
177  * false sharing, so several processes don't contend for
178  * the same line if they aren't using the same lock.  Since
179  * this is a typedef we also have a bit of freedom in
180  * changing lock implementations later if we decide it
181  * is necessary.
182  */
183 typedef struct hat_lock {
184 	kmutex_t hl_mutex;
185 	uchar_t hl_pad[64 - sizeof (kmutex_t)];
186 } hatlock_t;
187 
188 #define	HATLOCK_MUTEXP(hatlockp)	(&((hatlockp)->hl_mutex))
189 
190 /*
191  * All segments mapped with ISM are guaranteed to be 4M, 32M or 256M aligned.
192  * Also size is guaranteed to be in 4M, 32M or 256M chunks.
193  * ism_seg consists of the following members:
194  * [XX..22] base address of ism segment. XX is 63 or 31 depending whether
195  *	caddr_t is 64 bits or 32 bits.
196  * [21..0] size of segment.
197  *
198  * NOTE: Don't alter this structure without changing defines above and
199  * the tsb_miss and protection handlers.
200  */
201 typedef struct ism_map {
202 	uintptr_t	imap_seg;  	/* base va + sz of ISM segment */
203 	uchar_t		imap_vb_shift;	/* mmu_pageshift for ism page size */
204 	uchar_t		imap_rid;	/* region id for ism */
205 	ushort_t	imap_hatflags;	/* primary ism page size */
206 	uint_t		imap_sz_mask;	/* mmu_pagemask for ism page size */
207 	sfmmu_t		*imap_ismhat; 	/* hat id of dummy ISM as */
208 	struct ism_ment	*imap_ment;	/* pointer to mapping list entry */
209 } ism_map_t;
210 
211 #define	ism_start(map)	((caddr_t)((map).imap_seg & \
212 				~ISM_SZ_MASK((map).imap_vb_shift)))
213 #define	ism_size(map)	((map).imap_seg & ISM_SZ_MASK((map).imap_vb_shift))
214 #define	ism_end(map)	((caddr_t)(ism_start(map) + (ism_size(map) * \
215 				ISM_PG_SIZE((map).imap_vb_shift))))
216 /*
217  * ISM mapping entry. Used to link all hat's sharing a ism_hat.
218  * Same function as the p_mapping list for a page.
219  */
220 typedef struct ism_ment {
221 	sfmmu_t		*iment_hat;	/* back pointer to hat_share() hat */
222 	caddr_t		iment_base_va;	/* hat's va base for this ism seg */
223 	struct ism_ment	*iment_next;	/* next ism map entry */
224 	struct ism_ment	*iment_prev;	/* prev ism map entry */
225 } ism_ment_t;
226 
227 /*
228  * ISM segment block. One will be hung off the sfmmu structure if a
229  * a process uses ISM.  More will be linked using ismblk_next if more
230  * than ISM_MAP_SLOTS segments are attached to this proc.
231  *
232  * All modifications to fields in this structure will be protected
233  * by the hat mutex.  In order to avoid grabbing this lock in low level
234  * routines (tsb miss/protection handlers and vatopfn) while not
235  * introducing any race conditions with hat_unshare, we will set
236  * CTX_ISM_BUSY bit in the ctx struct. Any mmu traps that occur
237  * for this ctx while this bit is set will be handled in sfmmu_tsb_excption
238  * where it will synchronize behind the hat mutex.
239  */
240 typedef struct ism_blk {
241 	ism_map_t		iblk_maps[ISM_MAP_SLOTS];
242 	struct ism_blk		*iblk_next;
243 	uint64_t		iblk_nextpa;
244 } ism_blk_t;
245 
246 /*
247  * TSB access information.  All fields are protected by the process's
248  * hat lock.
249  */
250 
251 struct tsb_info {
252 	caddr_t		tsb_va;		/* tsb base virtual address */
253 	uint64_t	tsb_pa;		/* tsb base physical address */
254 	struct tsb_info	*tsb_next;	/* next tsb used by this process */
255 	uint16_t	tsb_szc;	/* tsb size code */
256 	uint16_t	tsb_flags;	/* flags for this tsb; see below */
257 	uint_t		tsb_ttesz_mask;	/* page size masks; see below */
258 
259 	tte_t		tsb_tte;	/* tte to lock into DTLB */
260 	sfmmu_t		*tsb_sfmmu;	/* sfmmu */
261 	kmem_cache_t	*tsb_cache;	/* cache from which mem allocated */
262 	vmem_t		*tsb_vmp;	/* vmem arena from which mem alloc'd */
263 };
264 
265 /*
266  * Values for "tsb_ttesz_mask" bitmask.
267  */
268 #define	TSB8K	(1 << TTE8K)
269 #define	TSB64K  (1 << TTE64K)
270 #define	TSB512K (1 << TTE512K)
271 #define	TSB4M   (1 << TTE4M)
272 #define	TSB32M  (1 << TTE32M)
273 #define	TSB256M (1 << TTE256M)
274 
275 /*
276  * Values for "tsb_flags" field.
277  */
278 #define	TSB_RELOC_FLAG		0x1
279 #define	TSB_FLUSH_NEEDED	0x2
280 #define	TSB_SWAPPED	0x4
281 #define	TSB_SHAREDCTX		0x8
282 
283 #endif	/* !_ASM */
284 
285 /*
286  * Data structures for shared hmeblk support.
287  */
288 
289 /*
290  * Do not increase the maximum number of ism/hme regions without checking first
291  * the impact on ism_map_t, TSB miss area, hblk tag and region id type in
292  * sf_region structure.
293  * Initially, shared hmes will only be used for the main text segment
294  * therefore this value will be set to 64, it will be increased when shared
295  * libraries are included.
296  */
297 
298 #define	SFMMU_MAX_HME_REGIONS		(64)
299 #define	SFMMU_HMERGNMAP_WORDS		BT_BITOUL(SFMMU_MAX_HME_REGIONS)
300 
301 #define	SFMMU_PRIVATE	0
302 #define	SFMMU_SHARED	1
303 
304 #define	HMEBLK_ENDPA	1
305 
306 #ifndef _ASM
307 
308 #define	SFMMU_MAX_ISM_REGIONS		(64)
309 #define	SFMMU_ISMRGNMAP_WORDS		BT_BITOUL(SFMMU_MAX_ISM_REGIONS)
310 
311 #define	SFMMU_RGNMAP_WORDS	(SFMMU_HMERGNMAP_WORDS + SFMMU_ISMRGNMAP_WORDS)
312 
313 #define	SFMMU_MAX_REGION_BUCKETS	(128)
314 #define	SFMMU_MAX_SRD_BUCKETS		(2048)
315 
316 typedef struct sf_hmeregion_map {
317 	ulong_t	bitmap[SFMMU_HMERGNMAP_WORDS];
318 } sf_hmeregion_map_t;
319 
320 typedef struct sf_ismregion_map {
321 	ulong_t	bitmap[SFMMU_ISMRGNMAP_WORDS];
322 } sf_ismregion_map_t;
323 
324 typedef union sf_region_map_u {
325 	struct _h_rmap_s {
326 		sf_hmeregion_map_t hmeregion_map;
327 		sf_ismregion_map_t ismregion_map;
328 	} h_rmap_s;
329 	ulong_t	bitmap[SFMMU_RGNMAP_WORDS];
330 } sf_region_map_t;
331 
332 #define	SF_RGNMAP_ZERO(map) {				\
333 	int _i;						\
334 	for (_i = 0; _i < SFMMU_RGNMAP_WORDS; _i++) {	\
335 		(map).bitmap[_i] = 0;			\
336 	}						\
337 }
338 
339 /*
340  * Returns 1 if region map1 and map2 are equal.
341  */
342 #define	SF_RGNMAP_EQUAL(map1, map2, words, rval)	{	\
343 	int _i;							\
344 	for (_i = 0; _i < words; _i++) {			\
345 		if ((map1)->bitmap[_i] != (map2)->bitmap[_i])	\
346 			break;					\
347 	}							\
348 	if (_i < words)					\
349 		rval = 0;					\
350 	else							\
351 		rval = 1;					\
352 }
353 
354 #define	SF_RGNMAP_ADD(map, r)		BT_SET((map).bitmap, r)
355 #define	SF_RGNMAP_DEL(map, r)		BT_CLEAR((map).bitmap, r)
356 #define	SF_RGNMAP_TEST(map, r)		BT_TEST((map).bitmap, r)
357 
358 /*
359  * Tests whether map2 is a subset of map1, returns 1 if
360  * this assertion is true.
361  */
362 #define	SF_RGNMAP_IS_SUBSET(map1, map2, rval)	{		\
363 	int _i;							\
364 	for (_i = 0; _i < SFMMU_RGNMAP_WORDS; _i++) {		\
365 		if (((map1)->bitmap[_i]	& (map2)->bitmap[_i])	\
366 		    != (map2)->bitmap[_i])  {	 		\
367 			break;					\
368 		}						\
369 	}							\
370 	if (_i < SFMMU_RGNMAP_WORDS)		 		\
371 		rval = 0;					\
372 	else							\
373 		rval = 1;					\
374 }
375 
376 #define	SF_SCD_INCR_REF(scdp) {						\
377 	atomic_add_32((volatile uint32_t *)&(scdp)->scd_refcnt, 1);	\
378 }
379 
380 #define	SF_SCD_DECR_REF(srdp, scdp) {				\
381 	sf_region_map_t _scd_rmap = (scdp)->scd_region_map;	\
382 	if (!atomic_add_32_nv(					\
383 	    (volatile uint32_t *)&(scdp)->scd_refcnt, -1)) {	\
384 		sfmmu_destroy_scd((srdp), (scdp), &_scd_rmap);	\
385 	}							\
386 }
387 
388 /*
389  * A sfmmup link in the link list of sfmmups that share the same region.
390  */
391 typedef struct sf_rgn_link {
392 	sfmmu_t	*next;
393 	sfmmu_t *prev;
394 } sf_rgn_link_t;
395 
396 /*
397  * rgn_flags values.
398  */
399 #define	SFMMU_REGION_HME	0x1
400 #define	SFMMU_REGION_ISM	0x2
401 #define	SFMMU_REGION_FREE	0x8
402 
403 #define	SFMMU_REGION_TYPE_MASK	(0x3)
404 
405 /*
406  * sf_region defines a text or (D)ISM segment which map
407  * the same underlying physical object.
408  */
409 typedef struct sf_region {
410 	caddr_t			rgn_saddr;   /* base addr of attached seg */
411 	size_t			rgn_size;    /* size of attached seg */
412 	void			*rgn_obj;    /* the underlying object id */
413 	u_offset_t		rgn_objoff;  /* offset in the object mapped */
414 	uchar_t			rgn_perm;    /* PROT_READ/WRITE/EXEC */
415 	uchar_t			rgn_pgszc;   /* page size of the region */
416 	uchar_t			rgn_flags;   /* region type, free flag */
417 	uchar_t			rgn_id;
418 	int			rgn_refcnt;  /* # of hats sharing the region */
419 	/* callback function for hat_unload_callback */
420 	hat_rgn_cb_func_t	rgn_cb_function;
421 	struct sf_region	*rgn_hash;   /* hash chain linking the rgns */
422 	kmutex_t		rgn_mutex;   /* protect region sfmmu list */
423 	/* A link list of processes attached to this region */
424 	sfmmu_t			*rgn_sfmmu_head;
425 	ulong_t			rgn_ttecnt[MMU_PAGE_SIZES];
426 	uint16_t		rgn_hmeflags; /* rgn tte size flags */
427 } sf_region_t;
428 
429 #define	rgn_next	rgn_hash
430 
431 /* srd */
432 typedef struct sf_shared_region_domain {
433 	vnode_t			*srd_evp;	/* executable vnode */
434 	/* hme region table */
435 	sf_region_t		*srd_hmergnp[SFMMU_MAX_HME_REGIONS];
436 	/* ism region table */
437 	sf_region_t		*srd_ismrgnp[SFMMU_MAX_ISM_REGIONS];
438 	/* hash chain linking srds */
439 	struct sf_shared_region_domain *srd_hash;
440 	/* pointer to the next free hme region */
441 	sf_region_t		*srd_hmergnfree;
442 	/* pointer to the next free ism region */
443 	sf_region_t		*srd_ismrgnfree;
444 	/* id of next ism region created */
445 	uint16_t		srd_next_ismrid;
446 	/* id of next hme region created */
447 	uint16_t		srd_next_hmerid;
448 	uint16_t		srd_ismbusyrgns; /* # of ism rgns in use */
449 	uint16_t		srd_hmebusyrgns; /* # of hme rgns in use */
450 	int			srd_refcnt;	 /* # of procs in the srd */
451 	kmutex_t		srd_mutex;	 /* sync add/remove rgns */
452 	kmutex_t		srd_scd_mutex;
453 	sf_scd_t		*srd_scdp;	 /* list of scds in srd */
454 	/* hash of regions associated with the same executable */
455 	sf_region_t		*srd_rgnhash[SFMMU_MAX_REGION_BUCKETS];
456 } sf_srd_t;
457 
458 typedef struct sf_srd_bucket {
459 	kmutex_t	srdb_lock;
460 	sf_srd_t	*srdb_srdp;
461 } sf_srd_bucket_t;
462 
463 /*
464  * The value of SFMMU_L1_HMERLINKS and SFMMU_L2_HMERLINKS will be increased
465  * to 16 when the use of shared hmes for shared libraries is enabled.
466  */
467 
468 #define	SFMMU_L1_HMERLINKS		(8)
469 #define	SFMMU_L2_HMERLINKS		(8)
470 #define	SFMMU_L1_HMERLINKS_SHIFT	(3)
471 #define	SFMMU_L1_HMERLINKS_MASK		(SFMMU_L1_HMERLINKS - 1)
472 #define	SFMMU_L2_HMERLINKS_MASK		(SFMMU_L2_HMERLINKS - 1)
473 #define	SFMMU_L1_HMERLINKS_SIZE		\
474 	(SFMMU_L1_HMERLINKS * sizeof (sf_rgn_link_t *))
475 #define	SFMMU_L2_HMERLINKS_SIZE		\
476 	(SFMMU_L2_HMERLINKS * sizeof (sf_rgn_link_t))
477 
478 #if (SFMMU_L1_HMERLINKS * SFMMU_L2_HMERLINKS < SFMMU_MAX_HME_REGIONS)
479 #error Not Enough HMERLINKS
480 #endif
481 
482 /*
483  * This macro grabs hat lock and allocates level 2 hat chain
484  * associated with a shme rgn. In the majority of cases, the macro
485  * is called with alloc = 0, and lock = 0.
486  * A pointer to the level 2 sf_rgn_link_t structure is returned in the lnkp
487  * parameter.
488  */
489 #define	SFMMU_HMERID2RLINKP(sfmmup, rid, lnkp, alloc, lock)		\
490 {									\
491 	int _l1ix = ((rid) >> SFMMU_L1_HMERLINKS_SHIFT) &		\
492 	    SFMMU_L1_HMERLINKS_MASK;					\
493 	int _l2ix = ((rid) & SFMMU_L2_HMERLINKS_MASK);			\
494 	hatlock_t *_hatlockp;						\
495 	lnkp = (sfmmup)->sfmmu_hmeregion_links[_l1ix];			\
496 	if (lnkp != NULL) {						\
497 		lnkp = &lnkp[_l2ix];					\
498 	} else if (alloc && lock) {					\
499 		lnkp = kmem_zalloc(SFMMU_L2_HMERLINKS_SIZE, KM_SLEEP);	\
500 		_hatlockp = sfmmu_hat_enter(sfmmup);			\
501 		if ((sfmmup)->sfmmu_hmeregion_links[_l1ix] != NULL) {	\
502 			sfmmu_hat_exit(_hatlockp);			\
503 			kmem_free(lnkp, SFMMU_L2_HMERLINKS_SIZE);	\
504 			lnkp = (sfmmup)->sfmmu_hmeregion_links[_l1ix];	\
505 			ASSERT(lnkp != NULL);				\
506 		} else {						\
507 			(sfmmup)->sfmmu_hmeregion_links[_l1ix] = lnkp;	\
508 			sfmmu_hat_exit(_hatlockp);			\
509 		}							\
510 		lnkp = &lnkp[_l2ix];					\
511 	} else if (alloc) {						\
512 		lnkp = kmem_zalloc(SFMMU_L2_HMERLINKS_SIZE, KM_SLEEP);	\
513 		ASSERT((sfmmup)->sfmmu_hmeregion_links[_l1ix] == NULL);	\
514 		(sfmmup)->sfmmu_hmeregion_links[_l1ix] = lnkp;		\
515 		lnkp = &lnkp[_l2ix];					\
516 	}								\
517 }
518 
519 /*
520  *  Per cpu pending freelist of hmeblks.
521  */
522 typedef struct cpu_hme_pend {
523 	struct   hme_blk *chp_listp;
524 	kmutex_t chp_mutex;
525 	time_t	 chp_timestamp;
526 	uint_t   chp_count;
527 	uint8_t	 chp_pad[36];		/* pad to 64 bytes */
528 } cpu_hme_pend_t;
529 
530 /*
531  * The default value of the threshold for the per cpu pending queues of hmeblks.
532  * The queues are flushed if either the number of hmeblks on the queue is above
533  * the threshold, or one second has elapsed since the last flush.
534  */
535 #define	CPU_HME_PEND_THRESH 1000
536 
537 /*
538  * Per-MMU context domain kstats.
539  *
540  * TSB Miss Exceptions
541  *	Number of times a TSB miss exception is handled in an MMU. See
542  *	sfmmu_tsbmiss_exception() for more details.
543  * TSB Raise Exception
544  *	Number of times the CPUs within an MMU are cross-called
545  *	to invalidate either a specific process context (when the process
546  *	switches MMU contexts) or the context of any process that is
547  *	running on those CPUs (as part of the MMU context wrap-around).
548  * Wrap Around
549  *	The number of times a wrap-around of MMU context happens.
550  */
551 typedef enum mmu_ctx_stat_types {
552 	MMU_CTX_TSB_EXCEPTIONS,		/* TSB miss exceptions handled */
553 	MMU_CTX_TSB_RAISE_EXCEPTION,	/* ctx invalidation cross calls */
554 	MMU_CTX_WRAP_AROUND,		/* wraparounds */
555 	MMU_CTX_NUM_STATS
556 } mmu_ctx_stat_t;
557 
558 /*
559  * Per-MMU context domain structure. This is instantiated the first time a CPU
560  * belonging to the MMU context domain is configured into the system, at boot
561  * time or at DR time.
562  *
563  * mmu_gnum
564  *	The current generation number for the context IDs on this MMU context
565  *	domain. It is protected by mmu_lock.
566  * mmu_cnum
567  *	The current cnum to be allocated on this MMU context domain. It
568  *	is protected via CAS.
569  * mmu_nctxs
570  *	The max number of context IDs supported on every CPU in this
571  *	MMU context domain. It is 8K except for Rock where it is 64K.
572  *      This is needed here in case the system supports mixed type of
573  *      processors/MMUs. It also helps to make ctx switch code access
574  *      fewer cache lines i.e. no need to retrieve it from some global nctxs.
575  * mmu_lock
576  *	The mutex spin lock used to serialize context ID wrap around
577  * mmu_idx
578  *	The index for this MMU context domain structure in the global array
579  *	mmu_ctxdoms.
580  * mmu_ncpus
581  *	The actual number of CPUs that have been configured in this
582  *	MMU context domain. This also acts as a reference count for the
583  *	structure. When the last CPU in an MMU context domain is unconfigured,
584  *	the structure is freed. It is protected by mmu_lock.
585  * mmu_cpuset
586  *	The CPU set of configured CPUs for this MMU context domain. Used
587  *	to cross-call all the CPUs in the MMU context domain to invalidate
588  *	context IDs during a wraparound operation. It is protected by mmu_lock.
589  */
590 
591 typedef struct mmu_ctx {
592 	uint64_t	mmu_gnum;
593 	uint_t		mmu_cnum;
594 	uint_t		mmu_nctxs;
595 	kmutex_t	mmu_lock;
596 	uint_t		mmu_idx;
597 	uint_t		mmu_ncpus;
598 	cpuset_t	mmu_cpuset;
599 	kstat_t		*mmu_kstat;
600 	kstat_named_t	mmu_kstat_data[MMU_CTX_NUM_STATS];
601 } mmu_ctx_t;
602 
603 #define	mmu_tsb_exceptions	\
604 		mmu_kstat_data[MMU_CTX_TSB_EXCEPTIONS].value.ui64
605 #define	mmu_tsb_raise_exception	\
606 		mmu_kstat_data[MMU_CTX_TSB_RAISE_EXCEPTION].value.ui64
607 #define	mmu_wrap_around		\
608 		mmu_kstat_data[MMU_CTX_WRAP_AROUND].value.ui64
609 
610 extern uint_t		max_mmu_ctxdoms;
611 extern mmu_ctx_t	**mmu_ctxs_tbl;
612 extern uint_t		nctxs;
613 
614 extern void	sfmmu_cpu_init(cpu_t *);
615 extern void	sfmmu_cpu_cleanup(cpu_t *);
616 extern void	sfmmu_invalidate_ctx(sfmmu_t *);
617 extern hatlock_t *sfmmu_hat_enter(sfmmu_t *);
618 extern void	sfmmu_hat_exit(hatlock_t *);
619 
620 /*
621  * The following structure is used to get MMU context domain information for
622  * a CPU from the platform.
623  *
624  * mmu_idx
625  *	The MMU context domain index within the global array mmu_ctxs
626  * mmu_nctxs
627  *	The number of context IDs supported in the MMU context domain
628  *	(64K for Rock)
629  */
630 typedef struct mmu_ctx_info {
631 	uint_t		mmu_idx;
632 	uint_t		mmu_nctxs;
633 } mmu_ctx_info_t;
634 
635 #pragma weak plat_cpuid_to_mmu_ctx_info
636 
637 extern void	plat_cpuid_to_mmu_ctx_info(processorid_t, mmu_ctx_info_t *);
638 
639 /*
640  * Each address space has an array of sfmmu_ctx_t structures, one structure
641  * per MMU context domain.
642  *
643  * cnum
644  *	The context ID allocated for an address space on an MMU context domain
645  * gnum
646  *	The generation number for the context ID in the MMU context domain.
647  *
648  * This structure needs to be a power-of-two in size.
649  */
650 typedef struct sfmmu_ctx {
651 	uint64_t	gnum:48;
652 	uint64_t	cnum:16;
653 } sfmmu_ctx_t;
654 
655 /*
656  * The platform dependent hat structure.
657  * tte counts should be protected by cas.
658  * cpuset is protected by cas.
659  *
660  * ttecnt accounting for mappings which do not use shared hme is carried out
661  * during pagefault handling. In the shared hme case, only the first process
662  * to access a mapping generates a pagefault, subsequent processes simply
663  * find the shared hme entry during trap handling and therefore there is no
664  * corresponding event to initiate ttecnt accounting. Currently, as shared
665  * hmes are only used for text segments, when joining a region we assume the
666  * worst case and add the the number of ttes required to map the entire region
667  * to the ttecnt corresponding to the region pagesize. However, if the region
668  * has a 4M pagesize, and memory is low, the allocation of 4M pages may fail
669  * then 8K pages will be allocated instead and the first TSB which stores 8K
670  * mappings will potentially be undersized. To compensate for the potential
671  * underaccounting in this case we always add 1/4 of the region size to the 8K
672  * ttecnt.
673  *
674  * Note that sfmmu_xhat_provider MUST be the first element.
675  */
676 
677 struct hat {
678 	void		*sfmmu_xhat_provider;	/* NULL for CPU hat */
679 	cpuset_t	sfmmu_cpusran;	/* cpu bit mask for efficient xcalls */
680 	struct	as	*sfmmu_as;	/* as this hat provides mapping for */
681 	/* per pgsz private ttecnt + shme rgns ttecnt for rgns not in SCD */
682 	ulong_t		sfmmu_ttecnt[MMU_PAGE_SIZES];
683 	/* shme rgns ttecnt for rgns in SCD */
684 	ulong_t		sfmmu_scdrttecnt[MMU_PAGE_SIZES];
685 	/* est. ism ttes that are NOT in a SCD */
686 	ulong_t		sfmmu_ismttecnt[MMU_PAGE_SIZES];
687 	/* ttecnt for isms that are in a SCD */
688 	ulong_t		sfmmu_scdismttecnt[MMU_PAGE_SIZES];
689 	/* inflate tsb0 to allow for large page alloc failure in region */
690 	ulong_t		sfmmu_tsb0_4minflcnt;
691 	union _h_un {
692 		ism_blk_t	*sfmmu_iblkp;  /* maps to ismhat(s) */
693 		ism_ment_t	*sfmmu_imentp; /* ism hat's mapping list */
694 	} h_un;
695 	uint_t		sfmmu_free:1;	/* hat to be freed - set on as_free */
696 	uint_t		sfmmu_ismhat:1;	/* hat is dummy ism hatid */
697 	uint_t		sfmmu_scdhat:1;	/* hat is dummy scd hatid */
698 	uchar_t		sfmmu_rmstat;	/* refmod stats refcnt */
699 	ushort_t	sfmmu_clrstart;	/* start color bin for page coloring */
700 	ushort_t	sfmmu_clrbin;	/* per as phys page coloring bin */
701 	ushort_t	sfmmu_flags;	/* flags */
702 	uchar_t		sfmmu_tteflags;	/* pgsz flags */
703 	uchar_t		sfmmu_rtteflags; /* pgsz flags for SRD hmes */
704 	struct tsb_info	*sfmmu_tsb;	/* list of per as tsbs */
705 	uint64_t	sfmmu_ismblkpa; /* pa of sfmmu_iblkp, or -1 */
706 	lock_t		sfmmu_ctx_lock;	/* sync ctx alloc and invalidation */
707 	kcondvar_t	sfmmu_tsb_cv;	/* signals TSB swapin or relocation */
708 	uchar_t		sfmmu_cext;	/* context page size encoding */
709 	uint8_t		sfmmu_pgsz[MMU_PAGE_SIZES];  /* ranking for MMU */
710 	sf_srd_t	*sfmmu_srdp;
711 	sf_scd_t	*sfmmu_scdp;	/* scd this address space belongs to */
712 	sf_region_map_t	sfmmu_region_map;
713 	sf_rgn_link_t	*sfmmu_hmeregion_links[SFMMU_L1_HMERLINKS];
714 	sf_rgn_link_t	sfmmu_scd_link;	/* link to scd or pending queue */
715 #ifdef sun4v
716 	/* ttecnt for Rock pagesize register management */
717 	ulong_t		sfmmu_mmuttecnt[MMU_PAGE_SIZES];
718 	struct hv_tsb_block sfmmu_hvblock;
719 	struct hv_pgsz_order sfmmu_pgsz_order; /*  pagesize search order */
720 	uint8_t		sfmmu_pgsz_map; /* bit map to control shared pgsz use */
721 #endif
722 	/*
723 	 * sfmmu_ctxs is a variable length array of max_mmu_ctxdoms # of
724 	 * elements. max_mmu_ctxdoms is determined at run-time.
725 	 * sfmmu_ctxs[1] is just the fist element of an array, it always
726 	 * has to be the last field to ensure that the memory allocated
727 	 * for sfmmu_ctxs is consecutive with the memory of the rest of
728 	 * the hat data structure.
729 	 */
730 	sfmmu_ctx_t	sfmmu_ctxs[1];
731 
732 };
733 
734 #define	sfmmu_iblk	h_un.sfmmu_iblkp
735 #define	sfmmu_iment	h_un.sfmmu_imentp
736 
737 #define	sfmmu_hmeregion_map	sfmmu_region_map.h_rmap_s.hmeregion_map
738 #define	sfmmu_ismregion_map	sfmmu_region_map.h_rmap_s.ismregion_map
739 
740 #define	SF_RGNMAP_ISNULL(sfmmup)	\
741 	(sfrgnmap_isnull(&(sfmmup)->sfmmu_region_map))
742 #define	SF_HMERGNMAP_ISNULL(sfmmup)	\
743 	(sfhmergnmap_isnull(&(sfmmup)->sfmmu_hmeregion_map))
744 
745 struct sf_scd {
746 	sfmmu_t		*scd_sfmmup;	/* shared context hat */
747 	/* per pgsz ttecnt for shme rgns in SCD */
748 	ulong_t		scd_rttecnt[MMU_PAGE_SIZES];
749 	uint_t		scd_refcnt;	/* address spaces attached to scd */
750 	sf_region_map_t scd_region_map; /* bit mask of attached segments */
751 	sf_scd_t	*scd_next;	/* link pointers for srd_scd list */
752 	sf_scd_t	*scd_prev;
753 	sfmmu_t 	*scd_sf_list;	/* list of doubly linked hat structs */
754 	kmutex_t 	scd_mutex;
755 	/*
756 	 * Link used to add an scd to the sfmmu_iment list.
757 	 */
758 	ism_ment_t	scd_ism_links[SFMMU_MAX_ISM_REGIONS];
759 };
760 
761 #define	scd_hmeregion_map	scd_region_map.h_rmap_s.hmeregion_map
762 #define	scd_ismregion_map	scd_region_map.h_rmap_s.ismregion_map
763 
764 extern int disable_shctx;
765 extern int shctx_on;
766 extern int pgsz_search_on;
767 extern int disable_pgsz_search;
768 
769 /*
770  * bit mask for managing vac conflicts on large pages.
771  * bit 1 is for uncache flag.
772  * bits 2 through min(num of cache colors + 1,31) are
773  * for cache colors that have already been flushed.
774  */
775 #ifdef VAC
776 #define	CACHE_NUM_COLOR		(shm_alignment >> MMU_PAGESHIFT)
777 #else
778 #define	CACHE_NUM_COLOR		1
779 #endif
780 
781 #define	CACHE_VCOLOR_MASK(vcolor)	(2 << (vcolor & (CACHE_NUM_COLOR - 1)))
782 
783 #define	CacheColor_IsFlushed(flag, vcolor) \
784 					((flag) & CACHE_VCOLOR_MASK(vcolor))
785 
786 #define	CacheColor_SetFlushed(flag, vcolor) \
787 					((flag) |= CACHE_VCOLOR_MASK(vcolor))
788 /*
789  * Flags passed to sfmmu_page_cache to flush page from vac or not.
790  */
791 #define	CACHE_FLUSH	0
792 #define	CACHE_NO_FLUSH	1
793 
794 /*
795  * Flags passed to sfmmu_tlbcache_demap
796  */
797 #define	FLUSH_NECESSARY_CPUS	0
798 #define	FLUSH_ALL_CPUS		1
799 
800 #ifdef	DEBUG
801 /*
802  * For debugging purpose only. Maybe removed later.
803  */
804 struct ctx_trace {
805 	sfmmu_t		*sc_sfmmu_stolen;
806 	sfmmu_t		*sc_sfmmu_stealing;
807 	clock_t		sc_time;
808 	ushort_t	sc_type;
809 	ushort_t	sc_cnum;
810 };
811 #define	CTX_TRC_STEAL	0x1
812 #define	CTX_TRC_FREE	0x0
813 #define	TRSIZE	0x400
814 #define	NEXT_CTXTR(ptr)	(((ptr) >= ctx_trace_last) ? \
815 		ctx_trace_first : ((ptr) + 1))
816 #define	TRACE_CTXS(mutex, ptr, cnum, stolen_sfmmu, stealing_sfmmu, type) \
817 	mutex_enter(mutex);						\
818 	(ptr)->sc_sfmmu_stolen = (stolen_sfmmu);			\
819 	(ptr)->sc_sfmmu_stealing = (stealing_sfmmu);			\
820 	(ptr)->sc_cnum = (cnum);					\
821 	(ptr)->sc_type = (type);					\
822 	(ptr)->sc_time = lbolt;						\
823 	(ptr) = NEXT_CTXTR(ptr);					\
824 	num_ctx_stolen += (type);					\
825 	mutex_exit(mutex);
826 #else
827 
828 #define	TRACE_CTXS(mutex, ptr, cnum, stolen_sfmmu, stealing_sfmmu, type)
829 
830 #endif	/* DEBUG */
831 
832 #endif	/* !_ASM */
833 
834 /*
835  * Macros for sfmmup->sfmmu_flags access.  The macros that change the flags
836  * ASSERT() that we're holding the HAT lock before changing the flags;
837  * however callers that read the flags may do so without acquiring the lock
838  * in a fast path, and then recheck the flag after acquiring the lock in
839  * a slow path.
840  */
841 #define	SFMMU_FLAGS_ISSET(sfmmup, flags) \
842 	(((sfmmup)->sfmmu_flags & (flags)) == (flags))
843 
844 #define	SFMMU_FLAGS_CLEAR(sfmmup, flags) \
845 	(ASSERT(sfmmu_hat_lock_held((sfmmup))), \
846 	(sfmmup)->sfmmu_flags &= ~(flags))
847 
848 #define	SFMMU_FLAGS_SET(sfmmup, flags) \
849 	(ASSERT(sfmmu_hat_lock_held((sfmmup))), \
850 	(sfmmup)->sfmmu_flags |= (flags))
851 
852 #define	SFMMU_TTEFLAGS_ISSET(sfmmup, flags) \
853 	((((sfmmup)->sfmmu_tteflags | (sfmmup)->sfmmu_rtteflags) & (flags)) == \
854 	    (flags))
855 
856 
857 /*
858  * sfmmu tte HAT flags, must fit in 8 bits
859  */
860 #define	HAT_CHKCTX1_FLAG 0x1
861 #define	HAT_64K_FLAG	(0x1 << TTE64K)
862 #define	HAT_512K_FLAG	(0x1 << TTE512K)
863 #define	HAT_4M_FLAG	(0x1 << TTE4M)
864 #define	HAT_32M_FLAG	(0x1 << TTE32M)
865 #define	HAT_256M_FLAG	(0x1 << TTE256M)
866 
867 /*
868  * sfmmu HAT flags, 16 bits at the moment.
869  */
870 #define	HAT_4MTEXT_FLAG		0x01
871 #define	HAT_32M_ISM		0x02
872 #define	HAT_256M_ISM		0x04
873 #define	HAT_SWAPPED		0x08 /* swapped out */
874 #define	HAT_SWAPIN		0x10 /* swapping in */
875 #define	HAT_BUSY		0x20 /* replacing TSB(s) */
876 #define	HAT_ISMBUSY		0x40 /* adding/removing/traversing ISM maps */
877 
878 #define	HAT_CTX1_FLAG   	0x100 /* ISM imap hatflag for ctx1 */
879 #define	HAT_JOIN_SCD		0x200 /* region is joining scd */
880 #define	HAT_ALLCTX_INVALID	0x400 /* all per-MMU ctxs are invalidated */
881 #define	HAT_ISMNOTINSCD		0x800 /* Not all ISM segs are in the SCD */
882 
883 #define	SFMMU_LGPGS_INUSE(sfmmup)					\
884 	(((sfmmup)->sfmmu_tteflags | (sfmmup)->sfmmu_rtteflags) ||	\
885 	    ((sfmmup)->sfmmu_iblk != NULL))
886 
887 /*
888  * Starting with context 0, the first NUM_LOCKED_CTXS contexts
889  * are locked so that sfmmu_getctx can't steal any of these
890  * contexts.  At the time this software was being developed, the
891  * only context that needs to be locked is context 0 (the kernel
892  * context), and context 1 (reserved for stolen context). So this constant
893  * was originally defined to be 2.
894  *
895  * For sun4v only, USER_CONTEXT_TYPE represents any user context.  Many
896  * routines only care whether the context is kernel, invalid or user.
897  */
898 
899 #define	NUM_LOCKED_CTXS 2
900 #define	INVALID_CONTEXT	1
901 
902 #ifdef sun4v
903 #define	USER_CONTEXT_TYPE	NUM_LOCKED_CTXS
904 #endif
905 #if defined(sun4v) || defined(UTSB_PHYS)
906 /*
907  * Get the location in the 4MB base TSB of the tsbe for this fault.
908  * Assumes that the second TSB only contains 4M mappings.
909  *
910  * In:
911  *   tagacc = tag access register (not clobbered)
912  *   tsbe = 2nd TSB base register
913  *   tmp1, tmp2 = scratch registers
914  * Out:
915  *   tsbe = pointer to the tsbe in the 2nd TSB
916  */
917 
918 #define	GET_4MBASE_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)			\
919 	and	tsbe, TSB_SOFTSZ_MASK, tmp2;	/* tmp2=szc */		\
920 	andn	tsbe, TSB_SOFTSZ_MASK, tsbe;	/* tsbbase */		\
921 	mov	TSB_ENTRIES(0), tmp1;	/* nentries in TSB size 0 */	\
922 	sllx	tmp1, tmp2, tmp1;	/* tmp1 = nentries in TSB */	\
923 	sub	tmp1, 1, tmp1;		/* mask = nentries - 1 */	\
924 	srlx	tagacc, MMU_PAGESHIFT4M, tmp2; 				\
925 	and	tmp2, tmp1, tmp1;	/* tsbent = virtpage & mask */	\
926 	sllx	tmp1, TSB_ENTRY_SHIFT, tmp1;	/* entry num --> ptr */	\
927 	add	tsbe, tmp1, tsbe	/* add entry offset to TSB base */
928 
929 #define	GET_2ND_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)			\
930 	GET_4MBASE_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)
931 
932 /*
933  * Get the location in the 3rd TSB of the tsbe for this fault.
934  * The 3rd TSB corresponds to the shared context, and is used
935  * for 8K - 512k pages.
936  *
937  * In:
938  *   tagacc = tag access register (not clobbered)
939  *   tsbe, tmp1, tmp2 = scratch registers
940  * Out:
941  *   tsbe = pointer to the tsbe in the 3rd TSB
942  */
943 
944 #define	GET_3RD_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)			\
945 	and	tsbe, TSB_SOFTSZ_MASK, tmp2;    /* tmp2=szc */		\
946 	andn	tsbe, TSB_SOFTSZ_MASK, tsbe;    /* tsbbase */		\
947 	mov	TSB_ENTRIES(0), tmp1;	/* nentries in TSB size 0 */	\
948 	sllx	tmp1, tmp2, tmp1;	/* tmp1 = nentries in TSB */	\
949 	sub	tmp1, 1, tmp1;		/* mask = nentries - 1 */	\
950 	srlx	tagacc, MMU_PAGESHIFT, tmp2;				\
951 	and	tmp2, tmp1, tmp1;	/* tsbent = virtpage & mask */	\
952 	sllx	tmp1, TSB_ENTRY_SHIFT, tmp1;    /* entry num --> ptr */	\
953 	add	tsbe, tmp1, tsbe	/* add entry offset to TSB base */
954 
955 #define	GET_4TH_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)                      \
956 	GET_4MBASE_TSBE_PTR(tagacc, tsbe, tmp1, tmp2)
957 /*
958  * Copy the sfmmu_region_map or scd_region_map to the tsbmiss
959  * shmermap or scd_shmermap, from sfmmu_load_mmustate.
960  */
961 #define	SET_REGION_MAP(rgn_map, tsbmiss_map, cnt, tmp, label)		\
962 	/* BEGIN CSTYLED */						\
963 label:									;\
964         ldx     [rgn_map], tmp						;\
965         dec     cnt							;\
966         add     rgn_map, CLONGSIZE, rgn_map                             ;\
967         stx     tmp, [tsbmiss_map]                                      ;\
968         brnz,pt cnt, label                                              ;\
969 	    add   tsbmiss_map, CLONGSIZE, tsbmiss_map                    \
970 	/* END CSTYLED */
971 
972 /*
973  * If there is no scd, then zero the tsbmiss scd_shmermap,
974  * from sfmmu_load_mmustate.
975  */
976 #define	ZERO_REGION_MAP(tsbmiss_map, cnt, label)                        \
977 	/* BEGIN CSTYLED */                                             \
978 label:                                                                  ;\
979         dec     cnt                                                     ;\
980         stx     %g0, [tsbmiss_map]                                      ;\
981         brnz,pt cnt, label                                              ;\
982 	    add   tsbmiss_map, CLONGSIZE, tsbmiss_map
983 	/* END CSTYLED */
984 
985 /*
986  * Set hmemisc to 1 if the shared hme is also part of an scd.
987  * In:
988  *   tsbarea = tsbmiss area (not clobbered)
989  *   hmeblkpa  = hmeblkpa +  hmentoff + SFHME_TTE (not clobbered)
990  *   hmentoff = hmentoff + SFHME_TTE = tte offset(clobbered)
991  * Out:
992  *   use_shctx = 1 if shme is in scd and 0 otherwise
993  */
994 #define	GET_SCDSHMERMAP(tsbarea, hmeblkpa, hmentoff, use_shctx)               \
995 	/* BEGIN CSTYLED */   	                                              \
996         sub     hmeblkpa, hmentoff, hmentoff    /* hmentofff = hmeblkpa */   ;\
997         add     hmentoff, HMEBLK_TAG, hmentoff                               ;\
998         ldxa    [hmentoff]ASI_MEM, hmentoff     /* read 1st part of tag */   ;\
999         and     hmentoff, HTAG_RID_MASK, hmentoff       /* mask off rid */   ;\
1000         and     hmentoff, BT_ULMASK, use_shctx  /* mask bit index */         ;\
1001         srlx    hmentoff, BT_ULSHIFT, hmentoff  /* extract word */           ;\
1002         sllx    hmentoff, CLONGSHIFT, hmentoff  /* index */                  ;\
1003         add     tsbarea, hmentoff, hmentoff             /* add to tsbarea */ ;\
1004         ldx     [hmentoff + TSBMISS_SCDSHMERMAP], hmentoff      /* scdrgn */ ;\
1005         srlx    hmentoff, use_shctx, use_shctx                               ;\
1006         and     use_shctx, 0x1, use_shctx                                     \
1007 	/* END CSTYLED */
1008 
1009 /*
1010  * Synthesize a TSB base register contents for a process.
1011  *
1012  * In:
1013  *   tsbinfo = TSB info pointer (ro)
1014  *   tsbreg, tmp1 = scratch registers
1015  * Out:
1016  *   tsbreg = value to program into TSB base register
1017  */
1018 
1019 #define	MAKE_UTSBREG(tsbinfo, tsbreg, tmp1)			\
1020 	ldx	[tsbinfo + TSBINFO_PADDR], tsbreg;		\
1021 	lduh	[tsbinfo + TSBINFO_SZCODE], tmp1;		\
1022 	and	tmp1, TSB_SOFTSZ_MASK, tmp1;			\
1023 	or	tsbreg, tmp1, tsbreg;
1024 
1025 
1026 /*
1027  * Load TSB base register to TSBMISS area for privte contexts.
1028  * This register contains utsb_pabase in bits 63:13, and TSB size
1029  * code in bits 2:0.
1030  *
1031  * For private context
1032  * In:
1033  *   tsbreg = value to load (ro)
1034  *   regnum = constant or register
1035  *   tmp1 = scratch register
1036  * Out:
1037  *   Specified scratchpad register updated
1038  *
1039  */
1040 #define	SET_UTSBREG(regnum, tsbreg, tmp1)				\
1041 	mov	regnum, tmp1;						\
1042 	stxa	tsbreg, [tmp1]ASI_SCRATCHPAD	/* save tsbreg */
1043 /*
1044  * Get TSB base register from the scratchpad for private contexts
1045  *
1046  * In:
1047  *   regnum = constant or register
1048  *   tsbreg = scratch
1049  * Out:
1050  *   tsbreg = tsbreg from the specified scratchpad register
1051  */
1052 #define	GET_UTSBREG(regnum, tsbreg)					\
1053 	mov	regnum, tsbreg;						\
1054 	ldxa	[tsbreg]ASI_SCRATCHPAD, tsbreg
1055 
1056 /*
1057  * Load TSB base register to TSBMISS area for shared contexts.
1058  * This register contains utsb_pabase in bits 63:13, and TSB size
1059  * code in bits 2:0.
1060  *
1061  * In:
1062  *   tsbmiss = pointer to tsbmiss area
1063  *   tsbmissoffset = offset to right tsb pointer
1064  *   tsbreg = value to load (ro)
1065  * Out:
1066  *   Specified tsbmiss area updated
1067  *
1068  */
1069 #define	SET_UTSBREG_SHCTX(tsbmiss, tsbmissoffset, tsbreg)		\
1070 	stx	tsbreg, [tsbmiss + tsbmissoffset]	/* save tsbreg */
1071 
1072 /*
1073  * Get TSB base register from the scratchpad for
1074  * shared contexts
1075  *
1076  * In:
1077  *   tsbmiss = pointer to tsbmiss area
1078  *   tsbmissoffset = offset to right tsb pointer
1079  *   tsbreg = scratch
1080  * Out:
1081  *   tsbreg = tsbreg from the specified scratchpad register
1082  */
1083 #define	GET_UTSBREG_SHCTX(tsbmiss, tsbmissoffset, tsbreg)		\
1084 	ldx	[tsbmiss + tsbmissoffset], tsbreg
1085 
1086 #endif /* defined(sun4v) || defined(UTSB_PHYS) */
1087 
1088 #ifndef	_ASM
1089 
1090 /*
1091  * Kernel page relocation stuff.
1092  */
1093 struct sfmmu_callback {
1094 	int key;
1095 	int (*prehandler)(caddr_t, uint_t, uint_t, void *);
1096 	int (*posthandler)(caddr_t, uint_t, uint_t, void *, pfn_t);
1097 	int (*errhandler)(caddr_t, uint_t, uint_t, void *);
1098 	int capture_cpus;
1099 };
1100 
1101 extern int sfmmu_max_cb_id;
1102 extern struct sfmmu_callback *sfmmu_cb_table;
1103 
1104 extern int hat_kpr_enabled;
1105 
1106 struct pa_hment;
1107 
1108 /*
1109  * RFE: With multihat gone we gain back an int.  We could use this to
1110  * keep ref bits on a per cpu basis to eliminate xcalls.
1111  */
1112 struct sf_hment {
1113 	tte_t hme_tte;			/* tte for this hment */
1114 
1115 	union {
1116 		struct page *page;	/* what page this maps */
1117 		struct pa_hment *data;	/* pa_hment */
1118 	} sf_hment_un;
1119 
1120 	struct	sf_hment *hme_next;	/* next hment */
1121 	struct	sf_hment *hme_prev;	/* prev hment */
1122 };
1123 
1124 struct pa_hment {
1125 	caddr_t		addr;		/* va */
1126 	uint_t		len;		/* bytes */
1127 	ushort_t	flags;		/* internal flags */
1128 	ushort_t	refcnt;		/* reference count */
1129 	id_t		cb_id;		/* callback id, table index */
1130 	void		*pvt;		/* handler's private data */
1131 	struct sf_hment	sfment;		/* corresponding dummy sf_hment */
1132 };
1133 
1134 #define	hme_page		sf_hment_un.page
1135 #define	hme_data		sf_hment_un.data
1136 #define	hme_size(sfhmep)	((int)(TTE_CSZ(&(sfhmep)->hme_tte)))
1137 #define	PAHME_SZ		(sizeof (struct pa_hment))
1138 #define	SFHME_SZ		(sizeof (struct sf_hment))
1139 
1140 #define	IS_PAHME(hme)	((hme)->hme_tte.ll == 0)
1141 
1142 /*
1143  * hmeblk_tag structure
1144  * structure used to obtain a match on a hme_blk.  Currently consists of
1145  * the address of the sfmmu struct (or hatid), the base page address of the
1146  * hme_blk, and the rehash count.  The rehash count is actually only 2 bits
1147  * and has the following meaning:
1148  * 1 = 8k or 64k hash sequence.
1149  * 2 = 512k hash sequence.
1150  * 3 = 4M hash sequence.
1151  * We require this count because we don't want to get a false hit on a 512K or
1152  * 4M rehash with a base address corresponding to a 8k or 64k hmeblk.
1153  * Note:  The ordering and size of the hmeblk_tag members are implictly known
1154  * by the tsb miss handlers written in assembly.  Do not change this structure
1155  * without checking those routines.  See HTAG_SFMMUPSZ define.
1156  */
1157 
1158 /*
1159  * In private hmeblks hblk_rid field must be SFMMU_INVALID_RID.
1160  */
1161 typedef union {
1162 	struct {
1163 		uint64_t	hblk_basepg: 51,	/* hme_blk base pg # */
1164 				hblk_rehash: 3,		/* rehash number */
1165 				hblk_rid: 10;		/* hme_blk region id */
1166 		void		*hblk_id;
1167 	} hblk_tag_un;
1168 	uint64_t		htag_tag[2];
1169 } hmeblk_tag;
1170 
1171 #define	htag_id		hblk_tag_un.hblk_id
1172 #define	htag_bspage	hblk_tag_un.hblk_basepg
1173 #define	htag_rehash	hblk_tag_un.hblk_rehash
1174 #define	htag_rid	hblk_tag_un.hblk_rid
1175 
1176 #endif /* !_ASM */
1177 
1178 #define	HTAG_REHASH_SHIFT	10
1179 #define	HTAG_MAX_RID	(((0x1 << HTAG_REHASH_SHIFT) - 1))
1180 #define	HTAG_RID_MASK	HTAG_MAX_RID
1181 
1182 /* used for tagging all per sfmmu (i.e. non SRD) private hmeblks */
1183 #define	SFMMU_INVALID_SHMERID	HTAG_MAX_RID
1184 
1185 #if SFMMU_INVALID_SHMERID < SFMMU_MAX_HME_REGIONS
1186 #error SFMMU_INVALID_SHMERID < SFMMU_MAX_HME_REGIONS
1187 #endif
1188 
1189 #define	SFMMU_IS_SHMERID_VALID(rid)	((rid) != SFMMU_INVALID_SHMERID)
1190 
1191 /* ISM regions */
1192 #define	SFMMU_INVALID_ISMRID	0xff
1193 
1194 #if SFMMU_INVALID_ISMRID < SFMMU_MAX_ISM_REGIONS
1195 #error SFMMU_INVALID_ISMRID < SFMMU_MAX_ISM_REGIONS
1196 #endif
1197 
1198 #define	SFMMU_IS_ISMRID_VALID(rid)	((rid) != SFMMU_INVALID_ISMRID)
1199 
1200 
1201 #define	HTAGS_EQ(tag1, tag2)	(((tag1.htag_tag[0] ^ tag2.htag_tag[0]) | \
1202 				(tag1.htag_tag[1] ^ tag2.htag_tag[1])) == 0)
1203 
1204 /*
1205  * this macro must only be used for comparing tags in shared hmeblks.
1206  */
1207 #define	HTAGS_EQ_SHME(hmetag, tag, hrmap)				\
1208 	(((hmetag).htag_rid != SFMMU_INVALID_SHMERID) &&	        \
1209 	(((((hmetag).htag_tag[0] ^ (tag).htag_tag[0]) &			\
1210 		~HTAG_RID_MASK) |	        			\
1211 	    ((hmetag).htag_tag[1] ^ (tag).htag_tag[1])) == 0) &&	\
1212 	SF_RGNMAP_TEST(hrmap, hmetag.htag_rid))
1213 
1214 #define	HME_REHASH(sfmmup)						\
1215 	((sfmmup)->sfmmu_ttecnt[TTE512K] != 0 ||			\
1216 	(sfmmup)->sfmmu_ttecnt[TTE4M] != 0 ||				\
1217 	(sfmmup)->sfmmu_ttecnt[TTE32M] != 0 ||				\
1218 	(sfmmup)->sfmmu_ttecnt[TTE256M] != 0)
1219 
1220 #define	NHMENTS		8		/* # of hments in an 8k hme_blk */
1221 					/* needs to be multiple of 2 */
1222 
1223 #ifndef	_ASM
1224 
1225 #ifdef	HBLK_TRACE
1226 
1227 #define	HBLK_LOCK		1
1228 #define	HBLK_UNLOCK		0
1229 #define	HBLK_STACK_DEPTH	6
1230 #define	HBLK_AUDIT_CACHE_SIZE	16
1231 #define	HBLK_LOCK_PATTERN	0xaaaaaaaa
1232 #define	HBLK_UNLOCK_PATTERN	0xbbbbbbbb
1233 
1234 struct hblk_lockcnt_audit {
1235 	int		flag;		/* lock or unlock */
1236 	kthread_id_t	thread;
1237 	int		depth;
1238 	pc_t		stack[HBLK_STACK_DEPTH];
1239 };
1240 
1241 #endif	/* HBLK_TRACE */
1242 
1243 
1244 /*
1245  * Hment block structure.
1246  * The hme_blk is the node data structure which the hash structure
1247  * mantains. An hme_blk can have 2 different sizes depending on the
1248  * number of hments it implicitly contains.  When dealing with 64K, 512K,
1249  * or 4M hments there is one hment per hme_blk.  When dealing with
1250  * 8k hments we allocate an hme_blk plus an additional 7 hments to
1251  * give us a total of 8 (NHMENTS) hments that can be referenced through a
1252  * hme_blk.
1253  *
1254  * The hmeblk structure contains 2 tte reference counters used to determine if
1255  * it is ok to free up the hmeblk.  Both counters have to be zero in order
1256  * to be able to free up hmeblk.  They are protected by cas.
1257  * hblk_hmecnt is the number of hments present on pp mapping lists.
1258  * hblk_vcnt reflects number of valid ttes in hmeblk.
1259  *
1260  * The hmeblk now also has per tte lock cnts.  This is required because
1261  * the counts can be high and there are not enough bits in the tte. When
1262  * physio is fixed to not lock the translations we should be able to move
1263  * the lock cnt back to the tte.  See bug id 1198554.
1264  *
1265  * Note that xhat_hme_blk's layout follows this structure: hme_blk_misc
1266  * and sf_hment are at the same offsets in both structures. Whenever
1267  * hme_blk is changed, xhat_hme_blk may need to be updated as well.
1268  */
1269 
1270 struct hme_blk_misc {
1271 	uint_t	notused:25;
1272 	uint_t	shared_bit:1;	/* set for SRD shared hmeblk */
1273 	uint_t	xhat_bit:1;	/* set for an xhat hme_blk */
1274 	uint_t	shadow_bit:1;	/* set for a shadow hme_blk */
1275 	uint_t	nucleus_bit:1;	/* set for a nucleus hme_blk */
1276 	uint_t	ttesize:3;	/* contains ttesz of hmeblk */
1277 };
1278 
1279 struct hme_blk {
1280 	volatile uint64_t hblk_nextpa;	/* physical address for hash list */
1281 
1282 	hmeblk_tag	hblk_tag;	/* tag used to obtain an hmeblk match */
1283 
1284 	struct hme_blk	*hblk_next;	/* on free list or on hash list */
1285 					/* protected by hash lock */
1286 
1287 	struct hme_blk	*hblk_shadow;	/* pts to shadow hblk */
1288 					/* protected by hash lock */
1289 	uint_t		hblk_span;	/* span of memory hmeblk maps */
1290 
1291 	struct hme_blk_misc	hblk_misc;
1292 
1293 	union {
1294 		struct {
1295 			ushort_t hblk_hmecount;	/* hment on mlists counter */
1296 			ushort_t hblk_validcnt;	/* valid tte reference count */
1297 		} hblk_counts;
1298 		uint_t		hblk_shadow_mask;
1299 	} hblk_un;
1300 
1301 	uint_t		hblk_lckcnt;
1302 
1303 #ifdef	HBLK_TRACE
1304 	kmutex_t	hblk_audit_lock;	/* lock to protect index */
1305 	uint_t		hblk_audit_index;	/* index into audit_cache */
1306 	struct	hblk_lockcnt_audit hblk_audit_cache[HBLK_AUDIT_CACHE_SIZE];
1307 #endif	/* HBLK_AUDIT */
1308 
1309 	struct sf_hment hblk_hme[1];	/* hment array */
1310 };
1311 
1312 #define	hblk_shared	hblk_misc.shared_bit
1313 #define	hblk_xhat_bit   hblk_misc.xhat_bit
1314 #define	hblk_shw_bit	hblk_misc.shadow_bit
1315 #define	hblk_nuc_bit	hblk_misc.nucleus_bit
1316 #define	hblk_ttesz	hblk_misc.ttesize
1317 #define	hblk_hmecnt	hblk_un.hblk_counts.hblk_hmecount
1318 #define	hblk_vcnt	hblk_un.hblk_counts.hblk_validcnt
1319 #define	hblk_shw_mask	hblk_un.hblk_shadow_mask
1320 
1321 #define	MAX_HBLK_LCKCNT	0xFFFFFFFF
1322 #define	HMEBLK_ALIGN	0x8		/* hmeblk has to be double aligned */
1323 
1324 #ifdef	HBLK_TRACE
1325 
1326 #define	HBLK_STACK_TRACE(hmeblkp, lock)					\
1327 {									\
1328 	int flag = lock;	/* to pacify lint */			\
1329 	int audit_index;						\
1330 									\
1331 	mutex_enter(&hmeblkp->hblk_audit_lock);				\
1332 	audit_index = hmeblkp->hblk_audit_index;			\
1333 	hmeblkp->hblk_audit_index = ((hmeblkp->hblk_audit_index + 1) &	\
1334 	    (HBLK_AUDIT_CACHE_SIZE - 1));				\
1335 	mutex_exit(&hmeblkp->hblk_audit_lock);				\
1336 									\
1337 	if (flag)							\
1338 		hmeblkp->hblk_audit_cache[audit_index].flag =		\
1339 		    HBLK_LOCK_PATTERN;					\
1340 	else								\
1341 		hmeblkp->hblk_audit_cache[audit_index].flag =		\
1342 		    HBLK_UNLOCK_PATTERN;				\
1343 									\
1344 	hmeblkp->hblk_audit_cache[audit_index].thread = curthread;	\
1345 	hmeblkp->hblk_audit_cache[audit_index].depth =			\
1346 	    getpcstack(hmeblkp->hblk_audit_cache[audit_index].stack,	\
1347 	    HBLK_STACK_DEPTH);						\
1348 }
1349 
1350 #else
1351 
1352 #define	HBLK_STACK_TRACE(hmeblkp, lock)
1353 
1354 #endif	/* HBLK_TRACE */
1355 
1356 #define	HMEHASH_FACTOR	16	/* used to calc # of buckets in hme hash */
1357 
1358 /*
1359  * A maximum number of user hmeblks is defined in order to place an upper
1360  * limit on how much nucleus memory is required and to avoid overflowing the
1361  * tsbmiss uhashsz and khashsz data areas. The number below corresponds to
1362  * the number of buckets required, for an average hash chain length of 4 on
1363  * a 16TB machine.
1364  */
1365 
1366 #define	MAX_UHME_BUCKETS	(0x1 << 30)
1367 #define	MAX_KHME_BUCKETS	(0x1 << 30)
1368 
1369 /*
1370  * The minimum number of kernel hash buckets.
1371  */
1372 #define	MIN_KHME_BUCKETS	0x800
1373 
1374 /*
1375  * The number of hash buckets must be a power of 2. If the initial calculated
1376  * value is less than USER_BUCKETS_THRESHOLD we round up to the next greater
1377  * power of 2, otherwise we round down to avoid huge over allocations.
1378  */
1379 #define	USER_BUCKETS_THRESHOLD	(1<<22)
1380 
1381 #define	MAX_NUCUHME_BUCKETS	0x4000
1382 #define	MAX_NUCKHME_BUCKETS	0x2000
1383 
1384 /*
1385  * There are 2 locks in the hmehash bucket.  The hmehash_mutex is
1386  * a regular mutex used to make sure operations on a hash link are only
1387  * done by one thread.  Any operation which comes into the hat with
1388  * a <vaddr, as> will grab the hmehash_mutex.  Normally one would expect
1389  * the tsb miss handlers to grab the hash lock to make sure the hash list
1390  * is consistent while we traverse it.  Unfortunately this can lead to
1391  * deadlocks or recursive mutex enters since it is possible for
1392  * someone holding the lock to take a tlb/tsb miss.
1393  * To solve this problem we have added the hmehash_listlock.  This lock
1394  * is only grabbed by the tsb miss handlers, vatopfn, and while
1395  * adding/removing a hmeblk from the hash list. The code is written to
1396  * guarantee we won't take a tlb miss while holding this lock.
1397  */
1398 struct hmehash_bucket {
1399 	kmutex_t	hmehash_mutex;
1400 	volatile uint64_t hmeh_nextpa;	/* physical address for hash list */
1401 	struct hme_blk *hmeblkp;
1402 	uint_t		hmeh_listlock;
1403 };
1404 
1405 #endif /* !_ASM */
1406 
1407 #define	SFMMU_PGCNT_MASK	0x3f
1408 #define	SFMMU_PGCNT_SHIFT	6
1409 #define	INVALID_MMU_ID		-1
1410 #define	SFMMU_MMU_GNUM_RSHIFT	16
1411 #define	SFMMU_MMU_CNUM_LSHIFT	(64 - SFMMU_MMU_GNUM_RSHIFT)
1412 #define	MAX_SFMMU_CTX_VAL	((1 << 16) - 1) /* for sanity check */
1413 #define	MAX_SFMMU_GNUM_VAL	((0x1UL << 48) - 1)
1414 
1415 /*
1416  * The tsb miss handlers written in assembly know that sfmmup
1417  * is a 64 bit ptr.
1418  *
1419  * The bspage and re-hash part is 64 bits, with the sfmmup being another 64
1420  * bits.
1421  */
1422 #define	HTAG_SFMMUPSZ		0	/* Not really used for LP64 */
1423 #define	HTAG_BSPAGE_SHIFT	13
1424 
1425 /*
1426  * Assembly routines need to be able to get to ttesz
1427  */
1428 #define	HBLK_SZMASK		0x7
1429 
1430 #ifndef _ASM
1431 
1432 /*
1433  * Returns the number of bytes that an hmeblk spans given its tte size
1434  */
1435 #define	get_hblk_span(hmeblkp) ((hmeblkp)->hblk_span)
1436 #define	get_hblk_ttesz(hmeblkp)	((hmeblkp)->hblk_ttesz)
1437 #define	get_hblk_cache(hmeblkp)	(((hmeblkp)->hblk_ttesz == TTE8K) ? \
1438 	sfmmu8_cache : sfmmu1_cache)
1439 #define	HMEBLK_SPAN(ttesz)						\
1440 	((ttesz == TTE8K)? (TTEBYTES(ttesz) * NHMENTS) : TTEBYTES(ttesz))
1441 
1442 #define	set_hblk_sz(hmeblkp, ttesz)				\
1443 	(hmeblkp)->hblk_ttesz = (ttesz);			\
1444 	(hmeblkp)->hblk_span = HMEBLK_SPAN(ttesz)
1445 
1446 #define	get_hblk_base(hmeblkp)					\
1447 	((uintptr_t)(hmeblkp)->hblk_tag.htag_bspage << MMU_PAGESHIFT)
1448 
1449 #define	get_hblk_endaddr(hmeblkp)				\
1450 	((caddr_t)(get_hblk_base(hmeblkp) + get_hblk_span(hmeblkp)))
1451 
1452 #define	in_hblk_range(hmeblkp, vaddr)					\
1453 	(((uintptr_t)(vaddr) >= get_hblk_base(hmeblkp)) &&		\
1454 	((uintptr_t)(vaddr) < (get_hblk_base(hmeblkp) +			\
1455 	get_hblk_span(hmeblkp))))
1456 
1457 #define	tte_to_vaddr(hmeblkp, tte)	((caddr_t)(get_hblk_base(hmeblkp) \
1458 	+ (TTEBYTES(TTE_CSZ(&tte)) * (tte).tte_hmenum)))
1459 
1460 #define	tte_to_evaddr(hmeblkp, ttep)	((caddr_t)(get_hblk_base(hmeblkp) \
1461 	+ (TTEBYTES(TTE_CSZ(ttep)) * ((ttep)->tte_hmenum + 1))))
1462 
1463 #define	vaddr_to_vshift(hblktag, vaddr, shwsz)				\
1464 	((((uintptr_t)(vaddr) >> MMU_PAGESHIFT) - (hblktag.htag_bspage)) >>\
1465 	TTE_BSZS_SHIFT((shwsz) - 1))
1466 
1467 #define	HME8BLK_SZ	(sizeof (struct hme_blk) + \
1468 			(NHMENTS - 1) * sizeof (struct sf_hment))
1469 #define	HME1BLK_SZ	(sizeof (struct hme_blk))
1470 #define	H1MIN		(2 + MAX_BIGKTSB_TTES)	/* nucleus text+data, ktsb */
1471 
1472 /*
1473  * Hme_blk hash structure
1474  * Active mappings are kept in a hash structure of hme_blks.  The hash
1475  * function is based on (ctx, vaddr) The size of the hash table size is a
1476  * power of 2 such that the average hash chain lenth is HMENT_HASHAVELEN.
1477  * The hash actually consists of 2 separate hashes.  One hash is for the user
1478  * address space and the other hash is for the kernel address space.
1479  * The number of buckets are calculated at boot time and stored in the global
1480  * variables "uhmehash_num" and "khmehash_num".  By making the hash table size
1481  * a power of 2 we can use a simply & function to derive an index instead of
1482  * a divide.
1483  *
1484  * HME_HASH_FUNCTION(hatid, vaddr, shift) returns a pointer to a hme_hash
1485  * bucket.
1486  * An hme hash bucket contains a pointer to an hme_blk and the mutex that
1487  * protects the link list.
1488  * Spitfire supports 4 page sizes.  8k and 64K pages only need one hash.
1489  * 512K pages need 2 hashes and 4M pages need 3 hashes.
1490  * The 'shift' parameter controls how many bits the vaddr will be shifted in
1491  * the hash function. It is calculated in the HME_HASH_SHIFT(ttesz) function
1492  * and it varies depending on the page size as follows:
1493  *	8k pages:  	HBLK_RANGE_SHIFT
1494  *	64k pages:	MMU_PAGESHIFT64K
1495  *	512K pages:	MMU_PAGESHIFT512K
1496  *	4M pages:	MMU_PAGESHIFT4M
1497  * An assembly version of the hash function exists in sfmmu_ktsb_miss(). All
1498  * changes should be reflected in both versions.  This function and the TSB
1499  * miss handlers are the only places which know about the two hashes.
1500  *
1501  * HBLK_RANGE_SHIFT controls range of virtual addresses that will fall
1502  * into the same bucket for a particular process.  It is currently set to
1503  * be equivalent to 64K range or one hme_blk.
1504  *
1505  * The hme_blks in the hash are protected by a per hash bucket mutex
1506  * known as SFMMU_HASH_LOCK.
1507  * You need to acquire this lock before traversing the hash bucket link
1508  * list, while adding/removing a hme_blk to the list, and while
1509  * modifying an hme_blk.  A possible optimization is to replace these
1510  * mutexes by readers/writer lock but right now it is not clear whether
1511  * this is a win or not.
1512  *
1513  * The HME_HASH_TABLE_SEARCH will search the hash table for the
1514  * hme_blk that contains the hment that corresponds to the passed
1515  * ctx and vaddr.  It assumed the SFMMU_HASH_LOCK is held.
1516  */
1517 
1518 #endif /* ! _ASM */
1519 
1520 #define	KHATID			ksfmmup
1521 #define	UHMEHASH_SZ		uhmehash_num
1522 #define	KHMEHASH_SZ		khmehash_num
1523 #define	HMENT_HASHAVELEN	4
1524 #define	HBLK_RANGE_SHIFT	MMU_PAGESHIFT64K /* shift for HBLK_BS_MASK */
1525 #define	HBLK_MIN_TTESZ		1
1526 #define	HBLK_MIN_BYTES		MMU_PAGESIZE64K
1527 #define	HBLK_MIN_SHIFT		MMU_PAGESHIFT64K
1528 #define	MAX_HASHCNT		5
1529 #define	DEFAULT_MAX_HASHCNT	3
1530 
1531 #ifndef _ASM
1532 
1533 #define	HASHADDR_MASK(hashno)	TTE_PAGEMASK(hashno)
1534 
1535 #define	HME_HASH_SHIFT(ttesz)						\
1536 	((ttesz == TTE8K)? HBLK_RANGE_SHIFT : TTE_PAGE_SHIFT(ttesz))
1537 
1538 #define	HME_HASH_ADDR(vaddr, hmeshift)					\
1539 	((caddr_t)(((uintptr_t)(vaddr) >> (hmeshift)) << (hmeshift)))
1540 
1541 #define	HME_HASH_BSPAGE(vaddr, hmeshift)				\
1542 	(((uintptr_t)(vaddr) >> (hmeshift)) << ((hmeshift) - MMU_PAGESHIFT))
1543 
1544 #define	HME_HASH_REHASH(ttesz)						\
1545 	(((ttesz) < TTE512K)? 1 : (ttesz))
1546 
1547 #define	HME_HASH_FUNCTION(hatid, vaddr, shift)				     \
1548 	((((void *)hatid) != ((void *)KHATID)) ?			     \
1549 	(&uhme_hash[ (((uintptr_t)(hatid) ^ ((uintptr_t)vaddr >> (shift))) & \
1550 	    UHMEHASH_SZ) ]):						     \
1551 	(&khme_hash[ (((uintptr_t)(hatid) ^ ((uintptr_t)vaddr >> (shift))) & \
1552 	    KHMEHASH_SZ) ]))
1553 
1554 /*
1555  * This macro will traverse a hmeblk hash link list looking for an hme_blk
1556  * that owns the specified vaddr and hatid.  If if doesn't find one , hmeblkp
1557  * will be set to NULL, otherwise it will point to the correct hme_blk.
1558  * This macro also cleans empty hblks.
1559  */
1560 #define	HME_HASH_SEARCH_PREV(hmebp, hblktag, hblkp, pr_hblk, listp)	\
1561 {									\
1562 	struct hme_blk *nx_hblk;					\
1563 									\
1564 	ASSERT(SFMMU_HASH_LOCK_ISHELD(hmebp));				\
1565 	hblkp = hmebp->hmeblkp;						\
1566 	pr_hblk = NULL;							\
1567 	while (hblkp) {							\
1568 		if (HTAGS_EQ(hblkp->hblk_tag, hblktag)) {		\
1569 			/* found hme_blk */				\
1570 			break;						\
1571 		}							\
1572 		nx_hblk = hblkp->hblk_next;				\
1573 		if (!hblkp->hblk_vcnt && !hblkp->hblk_hmecnt) {		\
1574 			sfmmu_hblk_hash_rm(hmebp, hblkp, pr_hblk,	\
1575 			    listp, 0);					\
1576 		} else {						\
1577 			pr_hblk = hblkp;				\
1578 		}							\
1579 		hblkp = nx_hblk;					\
1580 	}								\
1581 }
1582 
1583 #define	HME_HASH_SEARCH(hmebp, hblktag, hblkp, listp)			\
1584 {									\
1585 	struct hme_blk *pr_hblk;					\
1586 									\
1587 	HME_HASH_SEARCH_PREV(hmebp, hblktag, hblkp,  pr_hblk, listp);	\
1588 }
1589 
1590 /*
1591  * This macro will traverse a hmeblk hash link list looking for an hme_blk
1592  * that owns the specified vaddr and hatid.  If if doesn't find one , hmeblkp
1593  * will be set to NULL, otherwise it will point to the correct hme_blk.
1594  * It doesn't remove empty hblks.
1595  */
1596 #define	HME_HASH_FAST_SEARCH(hmebp, hblktag, hblkp)			\
1597 	ASSERT(SFMMU_HASH_LOCK_ISHELD(hmebp));				\
1598 	for (hblkp = hmebp->hmeblkp; hblkp;				\
1599 	    hblkp = hblkp->hblk_next) {					\
1600 		if (HTAGS_EQ(hblkp->hblk_tag, hblktag)) {		\
1601 			/* found hme_blk */				\
1602 			break;						\
1603 		}							\
1604 	}
1605 
1606 #define	SFMMU_HASH_LOCK(hmebp)						\
1607 		(mutex_enter(&hmebp->hmehash_mutex))
1608 
1609 #define	SFMMU_HASH_UNLOCK(hmebp)					\
1610 		(mutex_exit(&hmebp->hmehash_mutex))
1611 
1612 #define	SFMMU_HASH_LOCK_TRYENTER(hmebp)					\
1613 		(mutex_tryenter(&hmebp->hmehash_mutex))
1614 
1615 #define	SFMMU_HASH_LOCK_ISHELD(hmebp)					\
1616 		(mutex_owned(&hmebp->hmehash_mutex))
1617 
1618 #define	SFMMU_XCALL_STATS(sfmmup)					\
1619 {									\
1620 	if (sfmmup == ksfmmup) {					\
1621 		SFMMU_STAT(sf_kernel_xcalls);				\
1622 	} else {							\
1623 		SFMMU_STAT(sf_user_xcalls);				\
1624 	}								\
1625 }
1626 
1627 #define	astosfmmu(as)		((as)->a_hat)
1628 #define	hblktosfmmu(hmeblkp)	((sfmmu_t *)(hmeblkp)->hblk_tag.htag_id)
1629 #define	hblktosrd(hmeblkp)	((sf_srd_t *)(hmeblkp)->hblk_tag.htag_id)
1630 #define	sfmmutoas(sfmmup)	((sfmmup)->sfmmu_as)
1631 
1632 #define	sfmmutohtagid(sfmmup, rid)			   \
1633 	(((rid) == SFMMU_INVALID_SHMERID) ? (void *)(sfmmup) : \
1634 	(void *)((sfmmup)->sfmmu_srdp))
1635 
1636 /*
1637  * We use the sfmmu data structure to keep the per as page coloring info.
1638  */
1639 #define	as_color_bin(as)	(astosfmmu(as)->sfmmu_clrbin)
1640 #define	as_color_start(as)	(astosfmmu(as)->sfmmu_clrstart)
1641 
1642 typedef struct {
1643 	char	h8[HME8BLK_SZ];
1644 } hblk8_t;
1645 
1646 typedef struct {
1647 	char	h1[HME1BLK_SZ];
1648 } hblk1_t;
1649 
1650 typedef struct {
1651 	ulong_t  	index;
1652 	ulong_t  	len;
1653 	hblk8_t		*list;
1654 } nucleus_hblk8_info_t;
1655 
1656 typedef struct {
1657 	ulong_t		index;
1658 	ulong_t		len;
1659 	hblk1_t		*list;
1660 } nucleus_hblk1_info_t;
1661 
1662 /*
1663  * This struct is used for accumlating information about a range
1664  * of pages that are unloading so that a single xcall can flush
1665  * the entire range from remote tlbs. A function that must demap
1666  * a range of virtual addresses declares one of these structures
1667  * and initializes using DEMP_RANGE_INIT(). It then passes a pointer to this
1668  * struct to the appropriate sfmmu_hblk_* level function which does
1669  * all the bookkeeping using the other macros. When the function has
1670  * finished the virtual address range, it needs to call DEMAP_RANGE_FLUSH()
1671  * macro to take care of any remaining unflushed mappings.
1672  *
1673  * The maximum range this struct can represent is the number of bits
1674  * in the dmr_bitvec field times the pagesize in dmr_pgsz. Currently, only
1675  * MMU_PAGESIZE pages are supported.
1676  *
1677  * Since there are now cases where it's no longer necessary to do
1678  * flushes (e.g. when the process isn't runnable because it's swapping
1679  * out or exiting) we allow these macros to take a NULL dmr input and do
1680  * nothing in that case.
1681  */
1682 typedef struct {
1683 	sfmmu_t		*dmr_sfmmup;	/* relevant hat */
1684 	caddr_t		dmr_addr;	/* beginning address */
1685 	caddr_t		dmr_endaddr;	/* ending  address */
1686 	ulong_t		dmr_bitvec;	/* valid pages found */
1687 	ulong_t		dmr_bit;	/* next page to examine */
1688 	ulong_t		dmr_maxbit;	/* highest page in range */
1689 	ulong_t		dmr_pgsz;	/* page size in range */
1690 } demap_range_t;
1691 
1692 #define	DMR_MAXBIT ((ulong_t)1<<63) /* dmr_bit high bit */
1693 
1694 #define	DEMAP_RANGE_INIT(sfmmup, dmrp) \
1695 	if ((dmrp) != NULL) { \
1696 	(dmrp)->dmr_sfmmup = (sfmmup); \
1697 	(dmrp)->dmr_bitvec = 0; \
1698 	(dmrp)->dmr_maxbit = sfmmu_dmr_maxbit; \
1699 	(dmrp)->dmr_pgsz = MMU_PAGESIZE; \
1700 	}
1701 
1702 #define	DEMAP_RANGE_PGSZ(dmrp) ((dmrp)? (dmrp)->dmr_pgsz : MMU_PAGESIZE)
1703 
1704 #define	DEMAP_RANGE_CONTINUE(dmrp, addr, endaddr) \
1705 	if ((dmrp) != NULL) { \
1706 	if ((dmrp)->dmr_bitvec != 0 && (dmrp)->dmr_endaddr != (addr)) \
1707 		sfmmu_tlb_range_demap(dmrp); \
1708 	(dmrp)->dmr_endaddr = (endaddr); \
1709 	}
1710 
1711 #define	DEMAP_RANGE_FLUSH(dmrp) \
1712 	if ((dmrp) != NULL) { \
1713 		if ((dmrp)->dmr_bitvec != 0) \
1714 			sfmmu_tlb_range_demap(dmrp); \
1715 	}
1716 
1717 #define	DEMAP_RANGE_MARKPG(dmrp, addr) \
1718 	if ((dmrp) != NULL) { \
1719 		if ((dmrp)->dmr_bitvec == 0) { \
1720 			(dmrp)->dmr_addr = (addr); \
1721 			(dmrp)->dmr_bit = 1; \
1722 		} \
1723 		(dmrp)->dmr_bitvec |= (dmrp)->dmr_bit; \
1724 	}
1725 
1726 #define	DEMAP_RANGE_NEXTPG(dmrp) \
1727 	if ((dmrp) != NULL && (dmrp)->dmr_bitvec != 0) { \
1728 		if ((dmrp)->dmr_bit & (dmrp)->dmr_maxbit) { \
1729 			sfmmu_tlb_range_demap(dmrp); \
1730 		} else { \
1731 			(dmrp)->dmr_bit <<= 1; \
1732 		} \
1733 	}
1734 
1735 /*
1736  * TSB related structures
1737  *
1738  * The TSB is made up of tte entries.  Both the tag and data are present
1739  * in the TSB.  The TSB locking is managed as follows:
1740  * A software bit in the tsb tag is used to indicate that entry is locked.
1741  * If a cpu servicing a tsb miss reads a locked entry the tag compare will
1742  * fail forcing the cpu to go to the hat hash for the translation.
1743  * The cpu who holds the lock can then modify the data side, and the tag side.
1744  * The last write should be to the word containing the lock bit which will
1745  * clear the lock and allow the tsb entry to be read.  It is assumed that all
1746  * cpus reading the tsb will do so with atomic 128-bit loads.  An atomic 128
1747  * bit load is required to prevent the following from happening:
1748  *
1749  * cpu 0			cpu 1			comments
1750  *
1751  * ldx tag						tag unlocked
1752  *				ldstub lock		set lock
1753  *				stx data
1754  *				stx tag			unlock
1755  * ldx tag						incorrect tte!!!
1756  *
1757  * The software also maintains a bit in the tag to indicate an invalid
1758  * tsb entry.  The purpose of this bit is to allow the tsb invalidate code
1759  * to invalidate a tsb entry with a single cas.  See code for details.
1760  */
1761 
1762 union tsb_tag {
1763 	struct {
1764 		uint32_t	tag_res0:16;	/* reserved - context area */
1765 		uint32_t	tag_inv:1;	/* sw - invalid tsb entry */
1766 		uint32_t	tag_lock:1;	/* sw - locked tsb entry */
1767 		uint32_t	tag_res1:4;	/* reserved */
1768 		uint32_t	tag_va_hi:10;	/* va[63:54] */
1769 		uint32_t	tag_va_lo;	/* va[53:22] */
1770 	} tagbits;
1771 	struct tsb_tagints {
1772 		uint32_t	inthi;
1773 		uint32_t	intlo;
1774 	} tagints;
1775 };
1776 #define	tag_invalid		tagbits.tag_inv
1777 #define	tag_locked		tagbits.tag_lock
1778 #define	tag_vahi		tagbits.tag_va_hi
1779 #define	tag_valo		tagbits.tag_va_lo
1780 #define	tag_inthi		tagints.inthi
1781 #define	tag_intlo		tagints.intlo
1782 
1783 struct tsbe {
1784 	union tsb_tag	tte_tag;
1785 	tte_t		tte_data;
1786 };
1787 
1788 /*
1789  * A per cpu struct is kept that duplicates some info
1790  * used by the tl>0 tsb miss handlers plus it provides
1791  * a scratch area.  Its purpose is to minimize cache misses
1792  * in the tsb miss handler and is 128 bytes (2 e$ lines).
1793  *
1794  * There should be one allocated per cpu in nucleus memory
1795  * and should be aligned on an ecache line boundary.
1796  */
1797 struct tsbmiss {
1798 	sfmmu_t			*ksfmmup;	/* kernel hat id */
1799 	sfmmu_t			*usfmmup;	/* user hat id */
1800 	sf_srd_t		*usrdp;		/* user's SRD hat id */
1801 	struct tsbe		*tsbptr;	/* hardware computed ptr */
1802 	struct tsbe		*tsbptr4m;	/* hardware computed ptr */
1803 	struct tsbe		*tsbscdptr;	/* hardware computed ptr */
1804 	struct tsbe		*tsbscdptr4m;	/* hardware computed ptr */
1805 	uint64_t		ismblkpa;
1806 	struct hmehash_bucket	*khashstart;
1807 	struct hmehash_bucket	*uhashstart;
1808 	uint_t			khashsz;
1809 	uint_t			uhashsz;
1810 	uint16_t 		dcache_line_mask; /* used to flush dcache */
1811 	uchar_t			uhat_tteflags;	/* private page sizes */
1812 	uchar_t			uhat_rtteflags;	/* SHME pagesizes */
1813 	uint32_t		utsb_misses;
1814 	uint32_t		ktsb_misses;
1815 	uint16_t		uprot_traps;
1816 	uint16_t		kprot_traps;
1817 	/*
1818 	 * scratch[0] -> TSB_TAGACC
1819 	 * scratch[1] -> TSBMISS_HMEBP
1820 	 * scratch[2] -> TSBMISS_HATID
1821 	 */
1822 	uintptr_t		scratch[3];
1823 	ulong_t		shmermap[SFMMU_HMERGNMAP_WORDS];	/* 8 bytes */
1824 	ulong_t		scd_shmermap[SFMMU_HMERGNMAP_WORDS];	/* 8 bytes */
1825 	uint8_t		pgsz_bitmap;		 /* limits ctx1 page sizes */
1826 	uint8_t		pad[47];		 /* pad to 64 bytes */
1827 };
1828 
1829 /*
1830  * A per cpu struct is kept for the use within the tl>0 kpm tsb
1831  * miss handler. Some members are duplicates of common data or
1832  * the physical addresses of common data. A few members are also
1833  * written by the tl>0 kpm tsb miss handler. Its purpose is to
1834  * minimize cache misses in the kpm tsb miss handler and occupies
1835  * one ecache line. There should be one allocated per cpu in
1836  * nucleus memory and it should be aligned on an ecache line
1837  * boundary. It is not merged w/ struct tsbmiss since there is
1838  * not much to share and the tsbmiss pathes are different, so
1839  * a kpm tlbmiss/tsbmiss only touches one cacheline, except for
1840  * (DEBUG || SFMMU_STAT_GATHER) where the dtlb_misses counter
1841  * of struct tsbmiss is used on every dtlb miss.
1842  */
1843 struct kpmtsbm {
1844 	caddr_t		vbase;		/* start of address kpm range */
1845 	caddr_t		vend;		/* end of address kpm range */
1846 	uchar_t		flags;		/* flags needed in TL tsbmiss handler */
1847 	uchar_t		sz_shift;	/* for single kpm window */
1848 	uchar_t		kpmp_shift;	/* hash lock shift */
1849 	uchar_t		kpmp2pshft;	/* kpm page to page shift */
1850 	uint_t		kpmp_table_sz;	/* size of kpmp_table or kpmp_stable */
1851 	uint64_t	kpmp_tablepa;	/* paddr of kpmp_table or kpmp_stable */
1852 	uint64_t	msegphashpa;	/* paddr of memseg_phash */
1853 	struct tsbe	*tsbptr;	/* saved ktsb pointer */
1854 	uint_t		kpm_dtlb_misses; /* kpm tlbmiss counter */
1855 	uint_t		kpm_tsb_misses;	/* kpm tsbmiss counter */
1856 	uintptr_t	pad[1];
1857 };
1858 
1859 extern size_t	tsb_slab_size;
1860 extern uint_t	tsb_slab_shift;
1861 extern size_t	tsb_slab_mask;
1862 
1863 #endif /* !_ASM */
1864 
1865 /*
1866  * Flags for TL kpm tsbmiss handler
1867  */
1868 #define	KPMTSBM_ENABLE_FLAG	0x01	/* bit copy of kpm_enable */
1869 #define	KPMTSBM_TLTSBM_FLAG	0x02	/* use TL tsbmiss handler */
1870 #define	KPMTSBM_TSBPHYS_FLAG	0x04	/* use ASI_MEM for TSB update */
1871 
1872 /*
1873  * The TSB
1874  * All TSB sizes supported by the hardware are now supported (8K - 1M).
1875  * For kernel TSBs we may go beyond the hardware supported sizes and support
1876  * larger TSBs via software.
1877  * All TTE sizes are supported in the TSB; the manner in which this is
1878  * done is cpu dependent.
1879  */
1880 #define	TSB_MIN_SZCODE		TSB_8K_SZCODE	/* min. supported TSB size */
1881 #define	TSB_MIN_OFFSET_MASK	(TSB_OFFSET_MASK(TSB_MIN_SZCODE))
1882 
1883 #ifdef sun4v
1884 #define	UTSB_MAX_SZCODE		TSB_256M_SZCODE /* max. supported TSB size */
1885 #else /* sun4u */
1886 #define	UTSB_MAX_SZCODE		TSB_1M_SZCODE	/* max. supported TSB size */
1887 #endif /* sun4v */
1888 
1889 #define	UTSB_MAX_OFFSET_MASK	(TSB_OFFSET_MASK(UTSB_MAX_SZCODE))
1890 
1891 #define	TSB_FREEMEM_MIN		0x1000		/* 32 mb */
1892 #define	TSB_FREEMEM_LARGE	0x10000		/* 512 mb */
1893 #define	TSB_8K_SZCODE		0		/* 512 entries */
1894 #define	TSB_16K_SZCODE		1		/* 1k entries */
1895 #define	TSB_32K_SZCODE		2		/* 2k entries */
1896 #define	TSB_64K_SZCODE		3		/* 4k entries */
1897 #define	TSB_128K_SZCODE		4		/* 8k entries */
1898 #define	TSB_256K_SZCODE		5		/* 16k entries */
1899 #define	TSB_512K_SZCODE		6		/* 32k entries */
1900 #define	TSB_1M_SZCODE		7		/* 64k entries */
1901 #define	TSB_2M_SZCODE		8		/* 128k entries */
1902 #define	TSB_4M_SZCODE		9		/* 256k entries */
1903 #define	TSB_8M_SZCODE		10		/* 512k entries */
1904 #define	TSB_16M_SZCODE		11		/* 1M entries */
1905 #define	TSB_32M_SZCODE		12		/* 2M entries */
1906 #define	TSB_64M_SZCODE		13		/* 4M entries */
1907 #define	TSB_128M_SZCODE		14		/* 8M entries */
1908 #define	TSB_256M_SZCODE		15		/* 16M entries */
1909 #define	TSB_ENTRY_SHIFT		4	/* each entry = 128 bits = 16 bytes */
1910 #define	TSB_ENTRY_SIZE		(1 << 4)
1911 #define	TSB_START_SIZE		9
1912 #define	TSB_ENTRIES(tsbsz)	(1 << (TSB_START_SIZE + tsbsz))
1913 #define	TSB_BYTES(tsbsz)	(TSB_ENTRIES(tsbsz) << TSB_ENTRY_SHIFT)
1914 #define	TSB_OFFSET_MASK(tsbsz)	(TSB_ENTRIES(tsbsz) - 1)
1915 #define	TSB_BASEADDR_MASK	((1 << 12) - 1)
1916 
1917 /*
1918  * sun4u platforms
1919  * ---------------
1920  * We now support two user TSBs with one TSB base register.
1921  * Hence the TSB base register is split up as follows:
1922  *
1923  * When only one TSB present:
1924  *   [63  62..42  41..13  12..4  3..0]
1925  *     ^   ^       ^       ^     ^
1926  *     |   |       |       |     |
1927  *     |   |       |       |     |_ TSB size code
1928  *     |   |       |       |
1929  *     |   |       |       |_ Reserved 0
1930  *     |   |       |
1931  *     |   |       |_ TSB VA[41..13]
1932  *     |   |
1933  *     |   |_ VA hole (Spitfire), zeros (Cheetah and beyond)
1934  *     |
1935  *     |_ 0
1936  *
1937  * When second TSB present:
1938  *   [63  62..42  41..33  32..29  28..22  21..13  12..4  3..0]
1939  *     ^   ^       ^       ^       ^       ^       ^     ^
1940  *     |   |       |       |       |       |       |     |
1941  *     |   |       |       |       |       |       |     |_ First TSB size code
1942  *     |   |       |       |       |       |       |
1943  *     |   |       |       |       |       |       |_ Reserved 0
1944  *     |   |       |       |       |       |
1945  *     |   |       |       |       |       |_ First TSB's VA[21..13]
1946  *     |   |       |       |       |
1947  *     |   |       |       |       |_ Reserved for future use
1948  *     |   |       |       |
1949  *     |   |       |       |_ Second TSB's size code
1950  *     |   |       |
1951  *     |   |       |_ Second TSB's VA[21..13]
1952  *     |   |
1953  *     |   |_ VA hole (Spitfire) / ones (Cheetah and beyond)
1954  *     |
1955  *     |_ 1
1956  *
1957  * Note that since we store 21..13 of each TSB's VA, TSBs and their slabs
1958  * may be up to 4M in size.  For now, only hardware supported TSB sizes
1959  * are supported, though the slabs are usually 4M in size.
1960  *
1961  * sun4u platforms that define UTSB_PHYS use physical addressing to access
1962  * the user TSBs at TL>0.  The first user TSB base is in the MMU I/D TSB Base
1963  * registers.  The second TSB base uses a dedicated scratchpad register which
1964  * requires a definition of SCRATCHPAD_UTSBREG2 in mach_sfmmu.h.  The layout for
1965  * both registers is equivalent to sun4v below, except the TSB PA range is
1966  * [46..13] for sun4u.
1967  *
1968  * sun4v platforms
1969  * ---------------
1970  * On sun4v platforms, we use two dedicated scratchpad registers as pseudo
1971  * hardware TSB base registers to hold up to two different user TSBs.
1972  *
1973  * Each register contains TSB's physical base and size code information
1974  * as follows:
1975  *
1976  *   [63..56  55..13  12..4  3..0]
1977  *      ^       ^       ^     ^
1978  *      |       |       |     |
1979  *      |       |       |     |_ TSB size code
1980  *      |       |       |
1981  *      |       |       |_ Reserved 0
1982  *      |       |
1983  *      |       |_ TSB PA[55..13]
1984  *      |
1985  *      |
1986  *      |
1987  *      |_ 0 for valid TSB
1988  *
1989  * Absence of a user TSB (primarily the second user TSB) is indicated by
1990  * storing a negative value in the TSB base register. This allows us to
1991  * check for presence of a user TSB by simply checking bit# 63.
1992  */
1993 #define	TSBREG_MSB_SHIFT	32		/* set upper bits */
1994 #define	TSBREG_MSB_CONST	0xfffff800	/* set bits 63..43 */
1995 #define	TSBREG_FIRTSB_SHIFT	42		/* to clear bits 63:22 */
1996 #define	TSBREG_SECTSB_MKSHIFT	20		/* 21:13 --> 41:33 */
1997 #define	TSBREG_SECTSB_LSHIFT	22		/* to clear bits 63:42 */
1998 #define	TSBREG_SECTSB_RSHIFT	(TSBREG_SECTSB_MKSHIFT + TSBREG_SECTSB_LSHIFT)
1999 						/* sectsb va -> bits 21:13 */
2000 						/* after clearing upper bits */
2001 #define	TSBREG_SECSZ_SHIFT	29		/* to get sectsb szc to 3:0 */
2002 #define	TSBREG_VAMASK_SHIFT	13		/* set up VA mask */
2003 
2004 #define	BIGKTSB_SZ_MASK		0xf
2005 #define	TSB_SOFTSZ_MASK		BIGKTSB_SZ_MASK
2006 #define	MIN_BIGKTSB_SZCODE	9	/* 256k entries */
2007 #define	MAX_BIGKTSB_SZCODE	11	/* 1024k entries */
2008 #define	MAX_BIGKTSB_TTES	(TSB_BYTES(MAX_BIGKTSB_SZCODE) / MMU_PAGESIZE4M)
2009 
2010 #define	TAG_VALO_SHIFT		22		/* tag's va are bits 63-22 */
2011 /*
2012  * sw bits used on tsb_tag - bit masks used only in assembly
2013  * use only a sethi for these fields.
2014  */
2015 #define	TSBTAG_INVALID	0x00008000		/* tsb_tag.tag_invalid */
2016 #define	TSBTAG_LOCKED	0x00004000		/* tsb_tag.tag_locked */
2017 
2018 #ifdef	_ASM
2019 
2020 /*
2021  * Marker to indicate that this instruction will be hot patched at runtime
2022  * to some other value.
2023  * This value must be zero since it fills in the imm bits of the target
2024  * instructions to be patched
2025  */
2026 #define	RUNTIME_PATCH	(0)
2027 
2028 /*
2029  * V9 defines nop instruction as the following, which we use
2030  * at runtime to nullify some instructions we don't want to
2031  * execute in the trap handlers on certain platforms.
2032  */
2033 #define	MAKE_NOP_INSTR(reg)	\
2034 	sethi	%hi(0x1000000), reg
2035 
2036 /*
2037  * This macro constructs a SPARC V9 "jmpl <source reg>, %g0"
2038  * instruction, with the source register specified by the jump_reg_number.
2039  * The jmp opcode [24:19] = 11 1000 and source register is bits [18:14].
2040  * The instruction is returned in reg. The macro is used to patch in a jmpl
2041  * instruction at runtime.
2042  */
2043 #define	MAKE_JMP_INSTR(jump_reg_number, reg, tmp)	\
2044 	sethi	%hi(0x81c00000), reg;			\
2045 	mov	jump_reg_number, tmp;			\
2046 	sll	tmp, 14, tmp;				\
2047 	or	reg, tmp, reg
2048 
2049 /*
2050  * Macro to get hat per-MMU cnum on this CPU.
2051  * sfmmu - In, pass in "sfmmup" from the caller.
2052  * cnum	- Out, return 'cnum' to the caller
2053  * scr	- scratch
2054  */
2055 #define	SFMMU_CPU_CNUM(sfmmu, cnum, scr)				      \
2056 	CPU_ADDR(scr, cnum);	/* scr = load CPU struct addr */	      \
2057 	ld	[scr + CPU_MMU_IDX], cnum;	/* cnum = mmuid */	      \
2058 	add	sfmmu, SFMMU_CTXS, scr;	/* scr = sfmmup->sfmmu_ctxs[] */      \
2059 	sllx    cnum, SFMMU_MMU_CTX_SHIFT, cnum;			      \
2060 	add	scr, cnum, scr;		/* scr = sfmmup->sfmmu_ctxs[id] */    \
2061 	ldx	[scr + SFMMU_MMU_GC_NUM], scr;	/* sfmmu_ctxs[id].gcnum */    \
2062 	sllx    scr, SFMMU_MMU_CNUM_LSHIFT, scr;			      \
2063 	srlx    scr, SFMMU_MMU_CNUM_LSHIFT, cnum;	/* cnum = sfmmu cnum */
2064 
2065 /*
2066  * Macro to get hat gnum & cnum assocaited with sfmmu_ctx[mmuid] entry
2067  * entry - In,  pass in (&sfmmu_ctxs[mmuid] - SFMMU_CTXS) from the caller.
2068  * gnum - Out, return sfmmu gnum
2069  * cnum - Out, return sfmmu cnum
2070  * reg	- scratch
2071  */
2072 #define	SFMMU_MMUID_GNUM_CNUM(entry, gnum, cnum, reg)			     \
2073 	ldx	[entry + SFMMU_CTXS], reg;  /* reg = sfmmu (gnum | cnum) */  \
2074 	srlx	reg, SFMMU_MMU_GNUM_RSHIFT, gnum;    /* gnum = sfmmu gnum */ \
2075 	sllx	reg, SFMMU_MMU_CNUM_LSHIFT, cnum;			     \
2076 	srlx	cnum, SFMMU_MMU_CNUM_LSHIFT, cnum;   /* cnum = sfmmu cnum */
2077 
2078 /*
2079  * Macro to get this CPU's tsbmiss area.
2080  */
2081 #define	CPU_TSBMISS_AREA(tsbmiss, tmp1)					\
2082 	CPU_INDEX(tmp1, tsbmiss);		/* tmp1 = cpu idx */	\
2083 	sethi	%hi(tsbmiss_area), tsbmiss;	/* tsbmiss base ptr */	\
2084 	mulx    tmp1, TSBMISS_SIZE, tmp1;	/* byte offset */	\
2085 	or	tsbmiss, %lo(tsbmiss_area), tsbmiss;			\
2086 	add	tsbmiss, tmp1, tsbmiss		/* tsbmiss area of CPU */
2087 
2088 
2089 /*
2090  * Macro to set kernel context + page size codes in DMMU primary context
2091  * register. It is only necessary for sun4u because sun4v does not need
2092  * page size codes
2093  */
2094 #ifdef sun4v
2095 
2096 #define	SET_KCONTEXTREG(reg0, reg1, reg2, reg3, reg4, label1, label2, label3)
2097 
2098 #else
2099 
2100 #define	SET_KCONTEXTREG(reg0, reg1, reg2, reg3, reg4, label1, label2, label3) \
2101 	sethi	%hi(kcontextreg), reg0;					\
2102 	ldx	[reg0 + %lo(kcontextreg)], reg0;			\
2103 	mov	MMU_PCONTEXT, reg1;					\
2104 	ldxa	[reg1]ASI_MMU_CTX, reg2;				\
2105 	xor	reg0, reg2, reg2;					\
2106 	brz	reg2, label3;						\
2107 	srlx	reg2, CTXREG_NEXT_SHIFT, reg2;				\
2108 	rdpr	%pstate, reg3;		/* disable interrupts */	\
2109 	btst	PSTATE_IE, reg3;					\
2110 /*CSTYLED*/								\
2111 	bnz,a,pt %icc, label1;						\
2112 	wrpr	reg3, PSTATE_IE, %pstate;				\
2113 /*CSTYLED*/								\
2114 label1:;								\
2115 	brz	reg2, label2;	   /* need demap if N_pgsz0/1 change */	\
2116 	sethi	%hi(FLUSH_ADDR), reg4;					\
2117 	mov	DEMAP_ALL_TYPE, reg2;					\
2118 	stxa	%g0, [reg2]ASI_DTLB_DEMAP;				\
2119 	stxa	%g0, [reg2]ASI_ITLB_DEMAP;				\
2120 /*CSTYLED*/								\
2121 label2:;								\
2122 	stxa	reg0, [reg1]ASI_MMU_CTX;				\
2123 	flush	reg4;							\
2124 	btst	PSTATE_IE, reg3;					\
2125 /*CSTYLED*/								\
2126 	bnz,a,pt %icc, label3;						\
2127 	wrpr	%g0, reg3, %pstate;	/* restore interrupt state */	\
2128 label3:;
2129 
2130 #endif
2131 
2132 /*
2133  * Macro to setup arguments with kernel sfmmup context + page size before
2134  * calling sfmmu_setctx_sec()
2135  */
2136 #ifdef sun4v
2137 #define	SET_KAS_CTXSEC_ARGS(sfmmup, arg0, arg1)			\
2138 	set	KCONTEXT, arg0;					\
2139 	set	0, arg1;
2140 #else
2141 #define	SET_KAS_CTXSEC_ARGS(sfmmup, arg0, arg1)			\
2142 	ldub	[sfmmup + SFMMU_CEXT], arg1;			\
2143 	set	KCONTEXT, arg0;					\
2144 	sll	arg1, CTXREG_EXT_SHIFT, arg1;
2145 #endif
2146 
2147 #define	PANIC_IF_INTR_DISABLED_PSTR(pstatereg, label, scr)	       	\
2148 	andcc	pstatereg, PSTATE_IE, %g0;	/* panic if intrs */	\
2149 /*CSTYLED*/								\
2150 	bnz,pt	%icc, label;			/* already disabled */	\
2151 	nop;								\
2152 									\
2153 	sethi	%hi(panicstr), scr;					\
2154 	ldx	[scr + %lo(panicstr)], scr;				\
2155 	tst	scr;							\
2156 /*CSTYLED*/								\
2157 	bnz,pt	%xcc, label;						\
2158 	nop;								\
2159 									\
2160 	save	%sp, -SA(MINFRAME), %sp;				\
2161 	sethi	%hi(sfmmu_panic1), %o0;					\
2162 	call	panic;							\
2163 	or	%o0, %lo(sfmmu_panic1), %o0;				\
2164 /*CSTYLED*/								\
2165 label:
2166 
2167 #define	PANIC_IF_INTR_ENABLED_PSTR(label, scr)				\
2168 	/*								\
2169 	 * The caller must have disabled interrupts.			\
2170 	 * If interrupts are not disabled, panic			\
2171 	 */								\
2172 	rdpr	%pstate, scr;						\
2173 	andcc	scr, PSTATE_IE, %g0;					\
2174 /*CSTYLED*/								\
2175 	bz,pt	%icc, label;						\
2176 	nop;								\
2177 									\
2178 	sethi	%hi(panicstr), scr;					\
2179 	ldx	[scr + %lo(panicstr)], scr;				\
2180 	tst	scr;							\
2181 /*CSTYLED*/								\
2182 	bnz,pt	%xcc, label;						\
2183 	nop;								\
2184 									\
2185 	sethi	%hi(sfmmu_panic6), %o0;					\
2186 	call	panic;							\
2187 	or	%o0, %lo(sfmmu_panic6), %o0;				\
2188 /*CSTYLED*/								\
2189 label:
2190 
2191 #endif	/* _ASM */
2192 
2193 #ifndef _ASM
2194 
2195 #ifdef VAC
2196 /*
2197  * Page coloring
2198  * The p_vcolor field of the page struct (1 byte) is used to store the
2199  * virtual page color.  This provides for 255 colors.  The value zero is
2200  * used to mean the page has no color - never been mapped or somehow
2201  * purified.
2202  */
2203 
2204 #define	PP_GET_VCOLOR(pp)	(((pp)->p_vcolor) - 1)
2205 #define	PP_NEWPAGE(pp)		(!(pp)->p_vcolor)
2206 #define	PP_SET_VCOLOR(pp, color)                                          \
2207 	((pp)->p_vcolor = ((color) + 1))
2208 
2209 /*
2210  * As mentioned p_vcolor == 0 means there is no color for this page.
2211  * But PP_SET_VCOLOR(pp, color) expects 'color' to be real color minus
2212  * one so we define this constant.
2213  */
2214 #define	NO_VCOLOR	(-1)
2215 
2216 #define	addr_to_vcolor(addr) \
2217 	(((uint_t)(uintptr_t)(addr) >> MMU_PAGESHIFT) & vac_colors_mask)
2218 #else	/* VAC */
2219 #define	addr_to_vcolor(addr)	(0)
2220 #endif	/* VAC */
2221 
2222 /*
2223  * The field p_index in the psm page structure is for large pages support.
2224  * P_index is a bit-vector of the different mapping sizes that a given page
2225  * is part of. An hme structure for a large mapping is only added in the
2226  * group leader page (first page). All pages covered by a given large mapping
2227  * have the corrosponding mapping bit set in their p_index field. This allows
2228  * us to only store an explicit hme structure in the leading page which
2229  * simplifies the mapping link list management. Furthermore, it provides us
2230  * a fast mechanism for determining the largest mapping a page is part of. For
2231  * exmaple, a page with a 64K and a 4M mappings has a p_index value of 0x0A.
2232  *
2233  * Implementation note: even though the first bit in p_index is reserved
2234  * for 8K mappings, it is NOT USED by the code and SHOULD NOT be set.
2235  * In addition, the upper four bits of the p_index field are used by the
2236  * code as temporaries
2237  */
2238 
2239 /*
2240  * Defines for psm page struct fields and large page support
2241  */
2242 #define	SFMMU_INDEX_SHIFT		6
2243 #define	SFMMU_INDEX_MASK		((1 << SFMMU_INDEX_SHIFT) - 1)
2244 
2245 /* Return the mapping index */
2246 #define	PP_MAPINDEX(pp)	((pp)->p_index & SFMMU_INDEX_MASK)
2247 
2248 /*
2249  * These macros rely on the following property:
2250  * All pages constituting a large page are covered by a virtually
2251  * contiguous set of page_t's.
2252  */
2253 
2254 /* Return the leader for this mapping size */
2255 #define	PP_GROUPLEADER(pp, sz) \
2256 	(&(pp)[-(int)(pp->p_pagenum & (TTEPAGES(sz)-1))])
2257 
2258 /* Return the root page for this page based on p_szc */
2259 #define	PP_PAGEROOT(pp)	((pp)->p_szc == 0 ? (pp) : \
2260 	PP_GROUPLEADER((pp), (pp)->p_szc))
2261 
2262 #define	PP_PAGENEXT_N(pp, n)	((pp) + (n))
2263 #define	PP_PAGENEXT(pp)		PP_PAGENEXT_N((pp), 1)
2264 
2265 #define	PP_PAGEPREV_N(pp, n)	((pp) - (n))
2266 #define	PP_PAGEPREV(pp)		PP_PAGEPREV_N((pp), 1)
2267 
2268 #define	PP_ISMAPPED_LARGE(pp)	(PP_MAPINDEX(pp) != 0)
2269 
2270 /* Need function to test the page mappping which takes p_index into account */
2271 #define	PP_ISMAPPED(pp)	((pp)->p_mapping || PP_ISMAPPED_LARGE(pp))
2272 
2273 /*
2274  * Don't call this macro with sz equal to zero. 8K mappings SHOULD NOT
2275  * set p_index field.
2276  */
2277 #define	PAGESZ_TO_INDEX(sz)	(1 << (sz))
2278 
2279 
2280 /*
2281  * prototypes for hat assembly routines.  Some of these are
2282  * known to machine dependent VM code.
2283  */
2284 extern uint64_t sfmmu_make_tsbtag(caddr_t);
2285 extern struct tsbe *
2286 		sfmmu_get_tsbe(uint64_t, caddr_t, int, int);
2287 extern void	sfmmu_load_tsbe(struct tsbe *, uint64_t, tte_t *, int);
2288 extern void	sfmmu_unload_tsbe(struct tsbe *, uint64_t, int);
2289 extern void	sfmmu_load_mmustate(sfmmu_t *);
2290 extern void	sfmmu_raise_tsb_exception(uint64_t, uint64_t);
2291 #ifndef sun4v
2292 extern void	sfmmu_itlb_ld_kva(caddr_t, tte_t *);
2293 extern void	sfmmu_dtlb_ld_kva(caddr_t, tte_t *);
2294 #endif /* sun4v */
2295 extern void	sfmmu_copytte(tte_t *, tte_t *);
2296 extern int	sfmmu_modifytte(tte_t *, tte_t *, tte_t *);
2297 extern int	sfmmu_modifytte_try(tte_t *, tte_t *, tte_t *);
2298 extern pfn_t	sfmmu_ttetopfn(tte_t *, caddr_t);
2299 extern uint_t	sfmmu_disable_intrs(void);
2300 extern void	sfmmu_enable_intrs(uint_t);
2301 /*
2302  * functions exported to machine dependent VM code
2303  */
2304 extern void	sfmmu_patch_ktsb(void);
2305 #ifndef UTSB_PHYS
2306 extern void	sfmmu_patch_utsb(void);
2307 #endif /* UTSB_PHYS */
2308 extern pfn_t	sfmmu_vatopfn(caddr_t, sfmmu_t *, tte_t *);
2309 extern void	sfmmu_vatopfn_suspended(caddr_t, sfmmu_t *, tte_t *);
2310 extern pfn_t	sfmmu_kvaszc2pfn(caddr_t, int);
2311 #ifdef	DEBUG
2312 extern void	sfmmu_check_kpfn(pfn_t);
2313 #else
2314 #define		sfmmu_check_kpfn(pfn)	/* disabled */
2315 #endif	/* DEBUG */
2316 extern void	sfmmu_memtte(tte_t *, pfn_t, uint_t, int);
2317 extern void	sfmmu_tteload(struct hat *, tte_t *, caddr_t, page_t *,	uint_t);
2318 extern void	sfmmu_tsbmiss_exception(struct regs *, uintptr_t, uint_t);
2319 extern void	sfmmu_init_tsbs(void);
2320 extern caddr_t  sfmmu_ktsb_alloc(caddr_t);
2321 extern int	sfmmu_getctx_pri(void);
2322 extern int	sfmmu_getctx_sec(void);
2323 extern void	sfmmu_setctx_sec(uint_t);
2324 extern void	sfmmu_inv_tsb(caddr_t, uint_t);
2325 extern void	sfmmu_init_ktsbinfo(void);
2326 extern int	sfmmu_setup_4lp(void);
2327 extern void	sfmmu_patch_mmu_asi(int);
2328 extern void	sfmmu_init_nucleus_hblks(caddr_t, size_t, int, int);
2329 extern void	sfmmu_cache_flushall(void);
2330 extern pgcnt_t  sfmmu_tte_cnt(sfmmu_t *, uint_t);
2331 extern void	*sfmmu_tsb_segkmem_alloc(vmem_t *, size_t, int);
2332 extern void	sfmmu_tsb_segkmem_free(vmem_t *, void *, size_t);
2333 extern void	sfmmu_reprog_pgsz_arr(sfmmu_t *, uint8_t *);
2334 
2335 extern void	hat_kern_setup(void);
2336 extern int	hat_page_relocate(page_t **, page_t **, spgcnt_t *);
2337 extern int	sfmmu_get_ppvcolor(struct page *);
2338 extern int	sfmmu_get_addrvcolor(caddr_t);
2339 extern int	sfmmu_hat_lock_held(sfmmu_t *);
2340 extern int	sfmmu_alloc_ctx(sfmmu_t *, int, struct cpu *, int);
2341 
2342 /*
2343  * Functions exported to xhat_sfmmu.c
2344  */
2345 extern kmutex_t *sfmmu_mlist_enter(page_t *);
2346 extern void	sfmmu_mlist_exit(kmutex_t *);
2347 extern int	sfmmu_mlist_held(struct page *);
2348 extern struct hme_blk *sfmmu_hmetohblk(struct sf_hment *);
2349 
2350 /*
2351  * MMU-specific functions optionally imported from the CPU module
2352  */
2353 #pragma weak mmu_init_scd
2354 #pragma weak mmu_large_pages_disabled
2355 #pragma weak mmu_set_ctx_page_sizes
2356 #pragma weak mmu_check_page_sizes
2357 #pragma weak mmu_set_pgsz_order
2358 #pragma weak sfmmu_init_pgsz_hv
2359 #pragma weak mmu_enable_pgsz_search
2360 
2361 extern void mmu_init_scd(sf_scd_t *);
2362 extern uint_t mmu_large_pages_disabled(uint_t);
2363 extern void mmu_set_ctx_page_sizes(sfmmu_t *);
2364 extern void mmu_check_page_sizes(sfmmu_t *, uint64_t *);
2365 extern void mmu_set_pgsz_order(sfmmu_t *, int);
2366 extern void sfmmu_init_pgsz_hv(sfmmu_t *);
2367 extern void mmu_enable_pgsz_search();
2368 
2369 extern sfmmu_t 		*ksfmmup;
2370 extern caddr_t		ktsb_base;
2371 extern uint64_t		ktsb_pbase;
2372 extern int		ktsb_sz;
2373 extern int		ktsb_szcode;
2374 extern caddr_t		ktsb4m_base;
2375 extern uint64_t		ktsb4m_pbase;
2376 extern int		ktsb4m_sz;
2377 extern int		ktsb4m_szcode;
2378 extern uint64_t		kpm_tsbbase;
2379 extern int		kpm_tsbsz;
2380 extern int		ktsb_phys;
2381 extern int		enable_bigktsb;
2382 #ifndef sun4v
2383 extern int		utsb_dtlb_ttenum;
2384 extern int		utsb4m_dtlb_ttenum;
2385 #endif /* sun4v */
2386 extern int		uhmehash_num;
2387 extern int		khmehash_num;
2388 extern struct hmehash_bucket *uhme_hash;
2389 extern struct hmehash_bucket *khme_hash;
2390 extern kmutex_t		*mml_table;
2391 extern uint_t		mml_table_sz;
2392 extern uint_t		mml_shift;
2393 extern uint_t		hblk_alloc_dynamic;
2394 extern struct tsbmiss	tsbmiss_area[NCPU];
2395 extern struct kpmtsbm	kpmtsbm_area[NCPU];
2396 
2397 #ifndef sun4v
2398 extern int		dtlb_resv_ttenum;
2399 extern caddr_t		utsb_vabase;
2400 extern caddr_t		utsb4m_vabase;
2401 #endif /* sun4v */
2402 extern vmem_t		*kmem_tsb_default_arena[];
2403 extern int		tsb_lgrp_affinity;
2404 
2405 extern uint_t		disable_large_pages;
2406 extern uint_t		disable_ism_large_pages;
2407 extern uint_t		disable_auto_data_large_pages;
2408 extern uint_t		disable_auto_text_large_pages;
2409 extern uint_t		disable_shctx_large_pages;
2410 
2411 extern void		sfmmu_patch_shctx(void);
2412 extern void		sfmmu_patch_pgsz_reg(void);
2413 
2414 /* kpm externals */
2415 extern pfn_t		sfmmu_kpm_vatopfn(caddr_t);
2416 extern void		sfmmu_kpm_patch_tlbm(void);
2417 extern void		sfmmu_kpm_patch_tsbm(void);
2418 extern void		sfmmu_kpm_load_tsb(caddr_t, tte_t *, int);
2419 extern void		sfmmu_kpm_unload_tsb(caddr_t, int);
2420 extern void		sfmmu_kpm_tsbmtl(short *, uint_t *, int);
2421 extern int		sfmmu_kpm_stsbmtl(uchar_t *, uint_t *, int);
2422 extern caddr_t		kpm_vbase;
2423 extern size_t		kpm_size;
2424 extern struct memseg	*memseg_hash[];
2425 extern uint64_t		memseg_phash[];
2426 extern kpm_hlk_t	*kpmp_table;
2427 extern kpm_shlk_t	*kpmp_stable;
2428 extern uint_t		kpmp_table_sz;
2429 extern uint_t		kpmp_stable_sz;
2430 extern uchar_t		kpmp_shift;
2431 
2432 #define	PP_ISMAPPED_KPM(pp)	((pp)->p_kpmref > 0)
2433 
2434 #define	IS_KPM_ALIAS_RANGE(vaddr)					\
2435 	(((vaddr) - kpm_vbase) >> (uintptr_t)kpm_size_shift > 0)
2436 
2437 #endif /* !_ASM */
2438 
2439 /* sfmmu_kpm_tsbmtl flags */
2440 #define	KPMTSBM_STOP		0
2441 #define	KPMTSBM_START		1
2442 
2443 /*
2444  * For kpm_smallpages, the state about how a kpm page is mapped and whether
2445  * it is ready to go is indicated by the two 4-bit fields defined in the
2446  * kpm_spage structure as follows:
2447  * kp_mapped_flag bit[0:3] - the page is mapped cacheable or not
2448  * kp_mapped_flag bit[4:7] - the mapping is ready to go or not
2449  * If the bit KPM_MAPPED_GO is on, it indicates that the assembly tsb miss
2450  * handler can drop the mapping in regardless of the caching state of the
2451  * mapping. Otherwise, we will have C handler resolve the VAC conflict no
2452  * matter the page is currently mapped cacheable or non-cacheable.
2453  */
2454 #define	KPM_MAPPEDS		0x1	/* small mapping valid, no conflict */
2455 #define	KPM_MAPPEDSC		0x2	/* small mapping valid, conflict */
2456 #define	KPM_MAPPED_GO		0x10	/* the mapping is ready to go */
2457 #define	KPM_MAPPED_MASK		0xf
2458 
2459 /* Physical memseg address NULL marker */
2460 #define	MSEG_NULLPTR_PA		-1
2461 
2462 /*
2463  * Memseg hash defines for kpm trap level tsbmiss handler.
2464  * Must be in sync w/ page.h .
2465  */
2466 #define	SFMMU_MEM_HASH_SHIFT		0x9
2467 #define	SFMMU_N_MEM_SLOTS		0x200
2468 #define	SFMMU_MEM_HASH_ENTRY_SHIFT	3
2469 
2470 #ifndef	_ASM
2471 #if (SFMMU_MEM_HASH_SHIFT != MEM_HASH_SHIFT)
2472 #error SFMMU_MEM_HASH_SHIFT != MEM_HASH_SHIFT
2473 #endif
2474 #if (SFMMU_N_MEM_SLOTS != N_MEM_SLOTS)
2475 #error SFMMU_N_MEM_SLOTS != N_MEM_SLOTS
2476 #endif
2477 
2478 /* Physical memseg address NULL marker */
2479 #define	SFMMU_MEMSEG_NULLPTR_PA		-1
2480 
2481 /*
2482  * Check KCONTEXT to be zero, asm parts depend on that assumption.
2483  */
2484 #if (KCONTEXT != 0)
2485 #error KCONTEXT != 0
2486 #endif
2487 #endif	/* !_ASM */
2488 
2489 
2490 #endif /* _KERNEL */
2491 
2492 #ifndef _ASM
2493 /*
2494  * ctx, hmeblk, mlistlock and other stats for sfmmu
2495  */
2496 struct sfmmu_global_stat {
2497 	int		sf_tsb_exceptions;	/* # of tsb exceptions */
2498 	int		sf_tsb_raise_exception;	/* # tsb exc. w/o TLB flush */
2499 
2500 	int		sf_pagefaults;		/* # of pagefaults */
2501 
2502 	int		sf_uhash_searches;	/* # of user hash searches */
2503 	int		sf_uhash_links;		/* # of user hash links */
2504 	int		sf_khash_searches;	/* # of kernel hash searches */
2505 	int		sf_khash_links;		/* # of kernel hash links */
2506 
2507 	int		sf_swapout;		/* # times hat swapped out */
2508 
2509 	int		sf_tsb_alloc;		/* # TSB allocations */
2510 	int		sf_tsb_allocfail;	/* # times TSB alloc fail */
2511 	int		sf_tsb_sectsb_create;	/* # times second TSB added */
2512 
2513 	int		sf_scd_1sttsb_alloc;	/* # SCD 1st TSB allocations */
2514 	int		sf_scd_2ndtsb_alloc;	/* # SCD 2nd TSB allocations */
2515 	int		sf_scd_1sttsb_allocfail; /* # SCD 1st TSB alloc fail */
2516 	int		sf_scd_2ndtsb_allocfail; /* # SCD 2nd TSB alloc fail */
2517 
2518 
2519 	int		sf_tteload8k;		/* calls to sfmmu_tteload */
2520 	int		sf_tteload64k;		/* calls to sfmmu_tteload */
2521 	int		sf_tteload512k;		/* calls to sfmmu_tteload */
2522 	int		sf_tteload4m;		/* calls to sfmmu_tteload */
2523 	int		sf_tteload32m;		/* calls to sfmmu_tteload */
2524 	int		sf_tteload256m;		/* calls to sfmmu_tteload */
2525 
2526 	int		sf_tsb_load8k;		/* # times loaded 8K tsbent */
2527 	int		sf_tsb_load4m;		/* # times loaded 4M tsbent */
2528 
2529 	int		sf_hblk_hit;		/* found hblk during tteload */
2530 	int		sf_hblk8_ncreate;	/* static hblk8's created */
2531 	int		sf_hblk8_nalloc;	/* static hblk8's allocated */
2532 	int		sf_hblk1_ncreate;	/* static hblk1's created */
2533 	int		sf_hblk1_nalloc;	/* static hblk1's allocated */
2534 	int		sf_hblk_slab_cnt;	/* sfmmu8_cache slab creates */
2535 	int		sf_hblk_reserve_cnt;	/* hblk_reserve usage */
2536 	int		sf_hblk_recurse_cnt;	/* hblk_reserve	owner reqs */
2537 	int		sf_hblk_reserve_hit;	/* hblk_reserve hash hits */
2538 	int		sf_get_free_success;	/* reserve list allocs */
2539 	int		sf_get_free_throttle;	/* fails due to throttling */
2540 	int		sf_get_free_fail;	/* fails due to empty list */
2541 	int		sf_put_free_success;	/* reserve list frees */
2542 	int		sf_put_free_fail;	/* fails due to full list */
2543 
2544 	int		sf_pgcolor_conflict;	/* VAC conflict resolution */
2545 	int		sf_uncache_conflict;	/* VAC conflict resolution */
2546 	int		sf_unload_conflict;	/* VAC unload resolution */
2547 	int		sf_ism_uncache;		/* VAC conflict resolution */
2548 	int		sf_ism_recache;		/* VAC conflict resolution */
2549 	int		sf_recache;		/* VAC conflict resolution */
2550 
2551 	int		sf_steal_count;		/* # of hblks stolen */
2552 
2553 	int		sf_pagesync;		/* # of pagesyncs */
2554 	int		sf_clrwrt;		/* # of clear write perms */
2555 	int		sf_pagesync_invalid;	/* pagesync with inv tte */
2556 
2557 	int		sf_kernel_xcalls;	/* # of kernel cross calls */
2558 	int		sf_user_xcalls;		/* # of user cross calls */
2559 
2560 	int		sf_tsb_grow;		/* # of user tsb grows */
2561 	int		sf_tsb_shrink;		/* # of user tsb shrinks */
2562 	int		sf_tsb_resize_failures;	/* # of user tsb resize */
2563 	int		sf_tsb_reloc;		/* # of user tsb relocations */
2564 
2565 	int		sf_user_vtop;		/* # of user vatopfn calls */
2566 
2567 	int		sf_ctx_inv;		/* #times invalidate MMU ctx */
2568 
2569 	int		sf_tlb_reprog_pgsz;	/* # times switch TLB pgsz */
2570 
2571 	int		sf_region_remap_demap;	/* # times shme remap demap */
2572 
2573 	int		sf_create_scd;		/* # times SCD is created */
2574 	int		sf_join_scd;		/* # process joined scd */
2575 	int		sf_leave_scd;		/* # process left scd */
2576 	int		sf_destroy_scd;		/* # times SCD is destroyed */
2577 };
2578 
2579 struct sfmmu_tsbsize_stat {
2580 	int		sf_tsbsz_8k;
2581 	int		sf_tsbsz_16k;
2582 	int		sf_tsbsz_32k;
2583 	int		sf_tsbsz_64k;
2584 	int		sf_tsbsz_128k;
2585 	int		sf_tsbsz_256k;
2586 	int		sf_tsbsz_512k;
2587 	int		sf_tsbsz_1m;
2588 	int		sf_tsbsz_2m;
2589 	int		sf_tsbsz_4m;
2590 	int		sf_tsbsz_8m;
2591 	int		sf_tsbsz_16m;
2592 	int		sf_tsbsz_32m;
2593 	int		sf_tsbsz_64m;
2594 	int		sf_tsbsz_128m;
2595 	int		sf_tsbsz_256m;
2596 };
2597 
2598 struct sfmmu_percpu_stat {
2599 	int	sf_itlb_misses;		/* # of itlb misses */
2600 	int	sf_dtlb_misses;		/* # of dtlb misses */
2601 	int	sf_utsb_misses;		/* # of user tsb misses */
2602 	int	sf_ktsb_misses;		/* # of kernel tsb misses */
2603 	int	sf_tsb_hits;		/* # of tsb hits */
2604 	int	sf_umod_faults;		/* # of mod (prot viol) flts */
2605 	int	sf_kmod_faults;		/* # of mod (prot viol) flts */
2606 };
2607 
2608 #define	SFMMU_STAT(stat)		sfmmu_global_stat.stat++
2609 #define	SFMMU_STAT_ADD(stat, amount)	sfmmu_global_stat.stat += (amount)
2610 #define	SFMMU_STAT_SET(stat, count)	sfmmu_global_stat.stat = (count)
2611 
2612 #define	SFMMU_MMU_STAT(stat)		CPU->cpu_m.cpu_mmu_ctxp->stat++
2613 
2614 #endif /* !_ASM */
2615 
2616 #ifdef	__cplusplus
2617 }
2618 #endif
2619 
2620 #endif	/* _VM_HAT_SFMMU_H */
2621