1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 #pragma ident "%Z%%M% %I% %E% SMI" 41 42 /* 43 * VM - segment of a mapped device. 44 * 45 * This segment driver is used when mapping character special devices. 46 */ 47 48 #include <sys/types.h> 49 #include <sys/t_lock.h> 50 #include <sys/sysmacros.h> 51 #include <sys/vtrace.h> 52 #include <sys/systm.h> 53 #include <sys/vmsystm.h> 54 #include <sys/mman.h> 55 #include <sys/errno.h> 56 #include <sys/kmem.h> 57 #include <sys/cmn_err.h> 58 #include <sys/vnode.h> 59 #include <sys/proc.h> 60 #include <sys/conf.h> 61 #include <sys/debug.h> 62 #include <sys/ddidevmap.h> 63 #include <sys/lgrp.h> 64 65 #include <vm/page.h> 66 #include <vm/hat.h> 67 #include <vm/as.h> 68 #include <vm/seg.h> 69 #include <vm/seg_dev.h> 70 #include <vm/seg_kp.h> 71 #include <vm/seg_kmem.h> 72 #include <vm/vpage.h> 73 74 #include <sys/sunddi.h> 75 #include <sys/esunddi.h> 76 #include <sys/fs/snode.h> 77 78 #if DEBUG 79 int segdev_debug; 80 #define DEBUGF(level, args) { if (segdev_debug >= (level)) cmn_err args; } 81 #else 82 #define DEBUGF(level, args) 83 #endif 84 85 /* Default timeout for devmap context management */ 86 #define CTX_TIMEOUT_VALUE 0 87 88 #define HOLD_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \ 89 { mutex_enter(&dhp->dh_lock); } 90 91 #define RELE_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \ 92 { mutex_exit(&dhp->dh_lock); } 93 94 #define round_down_p2(a, s) ((a) & ~((s) - 1)) 95 #define round_up_p2(a, s) (((a) + (s) - 1) & ~((s) - 1)) 96 97 /* 98 * VA_PA_ALIGNED checks to see if both VA and PA are on pgsize boundary 99 * VA_PA_PGSIZE_ALIGNED check to see if VA is aligned with PA w.r.t. pgsize 100 */ 101 #define VA_PA_ALIGNED(uvaddr, paddr, pgsize) \ 102 (((uvaddr | paddr) & (pgsize - 1)) == 0) 103 #define VA_PA_PGSIZE_ALIGNED(uvaddr, paddr, pgsize) \ 104 (((uvaddr ^ paddr) & (pgsize - 1)) == 0) 105 106 #define vpgtob(n) ((n) * sizeof (struct vpage)) /* For brevity */ 107 108 #define VTOCVP(vp) (VTOS(vp)->s_commonvp) /* we "know" it's an snode */ 109 110 static struct devmap_ctx *devmapctx_list = NULL; 111 static struct devmap_softlock *devmap_slist = NULL; 112 113 /* 114 * mutex, vnode and page for the page of zeros we use for the trash mappings. 115 * One trash page is allocated on the first ddi_umem_setup call that uses it 116 * XXX Eventually, we may want to combine this with what segnf does when all 117 * hat layers implement HAT_NOFAULT. 118 * 119 * The trash page is used when the backing store for a userland mapping is 120 * removed but the application semantics do not take kindly to a SIGBUS. 121 * In that scenario, the applications pages are mapped to some dummy page 122 * which returns garbage on read and writes go into a common place. 123 * (Perfect for NO_FAULT semantics) 124 * The device driver is responsible to communicating to the app with some 125 * other mechanism that such remapping has happened and the app should take 126 * corrective action. 127 * We can also use an anonymous memory page as there is no requirement to 128 * keep the page locked, however this complicates the fault code. RFE. 129 */ 130 static struct vnode trashvp; 131 static struct page *trashpp; 132 133 /* Non-pageable kernel memory is allocated from the umem_np_arena. */ 134 static vmem_t *umem_np_arena; 135 136 /* Set the cookie to a value we know will never be a valid umem_cookie */ 137 #define DEVMAP_DEVMEM_COOKIE ((ddi_umem_cookie_t)0x1) 138 139 /* 140 * Macros to check if type of devmap handle 141 */ 142 #define cookie_is_devmem(c) \ 143 ((c) == (struct ddi_umem_cookie *)DEVMAP_DEVMEM_COOKIE) 144 145 #define cookie_is_pmem(c) \ 146 ((c) == (struct ddi_umem_cookie *)DEVMAP_PMEM_COOKIE) 147 148 #define cookie_is_kpmem(c) (!cookie_is_devmem(c) && !cookie_is_pmem(c) &&\ 149 ((c)->type == KMEM_PAGEABLE)) 150 151 #define dhp_is_devmem(dhp) \ 152 (cookie_is_devmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 153 154 #define dhp_is_pmem(dhp) \ 155 (cookie_is_pmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 156 157 #define dhp_is_kpmem(dhp) \ 158 (cookie_is_kpmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 159 160 /* 161 * Private seg op routines. 162 */ 163 static int segdev_dup(struct seg *, struct seg *); 164 static int segdev_unmap(struct seg *, caddr_t, size_t); 165 static void segdev_free(struct seg *); 166 static faultcode_t segdev_fault(struct hat *, struct seg *, caddr_t, size_t, 167 enum fault_type, enum seg_rw); 168 static faultcode_t segdev_faulta(struct seg *, caddr_t); 169 static int segdev_setprot(struct seg *, caddr_t, size_t, uint_t); 170 static int segdev_checkprot(struct seg *, caddr_t, size_t, uint_t); 171 static void segdev_badop(void); 172 static int segdev_sync(struct seg *, caddr_t, size_t, int, uint_t); 173 static size_t segdev_incore(struct seg *, caddr_t, size_t, char *); 174 static int segdev_lockop(struct seg *, caddr_t, size_t, int, int, 175 ulong_t *, size_t); 176 static int segdev_getprot(struct seg *, caddr_t, size_t, uint_t *); 177 static u_offset_t segdev_getoffset(struct seg *, caddr_t); 178 static int segdev_gettype(struct seg *, caddr_t); 179 static int segdev_getvp(struct seg *, caddr_t, struct vnode **); 180 static int segdev_advise(struct seg *, caddr_t, size_t, uint_t); 181 static void segdev_dump(struct seg *); 182 static int segdev_pagelock(struct seg *, caddr_t, size_t, 183 struct page ***, enum lock_type, enum seg_rw); 184 static int segdev_setpagesize(struct seg *, caddr_t, size_t, uint_t); 185 static int segdev_getmemid(struct seg *, caddr_t, memid_t *); 186 static lgrp_mem_policy_info_t *segdev_getpolicy(struct seg *, caddr_t); 187 188 /* 189 * XXX this struct is used by rootnex_map_fault to identify 190 * the segment it has been passed. So if you make it 191 * "static" you'll need to fix rootnex_map_fault. 192 */ 193 struct seg_ops segdev_ops = { 194 segdev_dup, 195 segdev_unmap, 196 segdev_free, 197 segdev_fault, 198 segdev_faulta, 199 segdev_setprot, 200 segdev_checkprot, 201 (int (*)())segdev_badop, /* kluster */ 202 (size_t (*)(struct seg *))NULL, /* swapout */ 203 segdev_sync, /* sync */ 204 segdev_incore, 205 segdev_lockop, /* lockop */ 206 segdev_getprot, 207 segdev_getoffset, 208 segdev_gettype, 209 segdev_getvp, 210 segdev_advise, 211 segdev_dump, 212 segdev_pagelock, 213 segdev_setpagesize, 214 segdev_getmemid, 215 segdev_getpolicy, 216 }; 217 218 /* 219 * Private segdev support routines 220 */ 221 static struct segdev_data *sdp_alloc(void); 222 223 static void segdev_softunlock(struct hat *, struct seg *, caddr_t, 224 size_t, enum seg_rw); 225 226 static faultcode_t segdev_faultpage(struct hat *, struct seg *, caddr_t, 227 struct vpage *, enum fault_type, enum seg_rw, devmap_handle_t *); 228 229 static faultcode_t segdev_faultpages(struct hat *, struct seg *, caddr_t, 230 size_t, enum fault_type, enum seg_rw, devmap_handle_t *); 231 232 static struct devmap_ctx *devmap_ctxinit(dev_t, ulong_t); 233 static struct devmap_softlock *devmap_softlock_init(dev_t, ulong_t); 234 static void devmap_softlock_rele(devmap_handle_t *); 235 static void devmap_ctx_rele(devmap_handle_t *); 236 237 static void devmap_ctxto(void *); 238 239 static devmap_handle_t *devmap_find_handle(devmap_handle_t *dhp_head, 240 caddr_t addr); 241 242 static ulong_t devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len, 243 ulong_t *opfn, ulong_t *pagesize); 244 245 static void free_devmap_handle(devmap_handle_t *dhp); 246 247 static int devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp, 248 struct seg *newseg); 249 250 static devmap_handle_t *devmap_handle_unmap(devmap_handle_t *dhp); 251 252 static void devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len); 253 254 static void devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr); 255 256 static int devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr, 257 offset_t off, size_t len, uint_t flags); 258 259 static void devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, 260 caddr_t addr, size_t *llen, caddr_t *laddr); 261 262 static void devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len); 263 264 static void *devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag); 265 static void devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size); 266 267 static void *devmap_umem_alloc_np(size_t size, size_t flags); 268 static void devmap_umem_free_np(void *addr, size_t size); 269 270 /* 271 * routines to lock and unlock underlying segkp segment for 272 * KMEM_PAGEABLE type cookies. 273 */ 274 static faultcode_t acquire_kpmem_lock(struct ddi_umem_cookie *, size_t); 275 static void release_kpmem_lock(struct ddi_umem_cookie *, size_t); 276 277 /* 278 * Routines to synchronize F_SOFTLOCK and F_INVAL faults for 279 * drivers with devmap_access callbacks 280 */ 281 static int devmap_softlock_enter(struct devmap_softlock *, size_t, 282 enum fault_type); 283 static void devmap_softlock_exit(struct devmap_softlock *, size_t, 284 enum fault_type); 285 286 static kmutex_t devmapctx_lock; 287 288 static kmutex_t devmap_slock; 289 290 /* 291 * Initialize the thread callbacks and thread private data. 292 */ 293 static struct devmap_ctx * 294 devmap_ctxinit(dev_t dev, ulong_t id) 295 { 296 struct devmap_ctx *devctx; 297 struct devmap_ctx *tmp; 298 dev_info_t *dip; 299 300 tmp = kmem_zalloc(sizeof (struct devmap_ctx), KM_SLEEP); 301 302 mutex_enter(&devmapctx_lock); 303 304 dip = e_ddi_hold_devi_by_dev(dev, 0); 305 ASSERT(dip != NULL); 306 ddi_release_devi(dip); 307 308 for (devctx = devmapctx_list; devctx != NULL; devctx = devctx->next) 309 if ((devctx->dip == dip) && (devctx->id == id)) 310 break; 311 312 if (devctx == NULL) { 313 devctx = tmp; 314 devctx->dip = dip; 315 devctx->id = id; 316 mutex_init(&devctx->lock, NULL, MUTEX_DEFAULT, NULL); 317 cv_init(&devctx->cv, NULL, CV_DEFAULT, NULL); 318 devctx->next = devmapctx_list; 319 devmapctx_list = devctx; 320 } else 321 kmem_free(tmp, sizeof (struct devmap_ctx)); 322 323 mutex_enter(&devctx->lock); 324 devctx->refcnt++; 325 mutex_exit(&devctx->lock); 326 mutex_exit(&devmapctx_lock); 327 328 return (devctx); 329 } 330 331 /* 332 * Timeout callback called if a CPU has not given up the device context 333 * within dhp->dh_timeout_length ticks 334 */ 335 static void 336 devmap_ctxto(void *data) 337 { 338 struct devmap_ctx *devctx = data; 339 340 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_CTXTO, 341 "devmap_ctxto:timeout expired, devctx=%p", (void *)devctx); 342 mutex_enter(&devctx->lock); 343 /* 344 * Set oncpu = 0 so the next mapping trying to get the device context 345 * can. 346 */ 347 devctx->oncpu = 0; 348 devctx->timeout = 0; 349 cv_signal(&devctx->cv); 350 mutex_exit(&devctx->lock); 351 } 352 353 /* 354 * Create a device segment. 355 */ 356 int 357 segdev_create(struct seg *seg, void *argsp) 358 { 359 struct segdev_data *sdp; 360 struct segdev_crargs *a = (struct segdev_crargs *)argsp; 361 devmap_handle_t *dhp = (devmap_handle_t *)a->devmap_data; 362 int error; 363 364 /* 365 * Since the address space is "write" locked, we 366 * don't need the segment lock to protect "segdev" data. 367 */ 368 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 369 370 hat_map(seg->s_as->a_hat, seg->s_base, seg->s_size, HAT_MAP); 371 372 sdp = sdp_alloc(); 373 374 sdp->mapfunc = a->mapfunc; 375 sdp->offset = a->offset; 376 sdp->prot = a->prot; 377 sdp->maxprot = a->maxprot; 378 sdp->type = a->type; 379 sdp->pageprot = 0; 380 sdp->softlockcnt = 0; 381 sdp->vpage = NULL; 382 383 if (sdp->mapfunc == NULL) 384 sdp->devmap_data = dhp; 385 else 386 sdp->devmap_data = dhp = NULL; 387 388 sdp->hat_flags = a->hat_flags; 389 sdp->hat_attr = a->hat_attr; 390 391 /* 392 * Currently, hat_flags supports only HAT_LOAD_NOCONSIST 393 */ 394 ASSERT(!(sdp->hat_flags & ~HAT_LOAD_NOCONSIST)); 395 396 /* 397 * Hold shadow vnode -- segdev only deals with 398 * character (VCHR) devices. We use the common 399 * vp to hang pages on. 400 */ 401 sdp->vp = specfind(a->dev, VCHR); 402 ASSERT(sdp->vp != NULL); 403 404 seg->s_ops = &segdev_ops; 405 seg->s_data = sdp; 406 407 while (dhp != NULL) { 408 dhp->dh_seg = seg; 409 dhp = dhp->dh_next; 410 } 411 412 /* 413 * Inform the vnode of the new mapping. 414 */ 415 /* 416 * It is ok to use pass sdp->maxprot to ADDMAP rather than to use 417 * dhp specific maxprot because spec_addmap does not use maxprot. 418 */ 419 error = VOP_ADDMAP(VTOCVP(sdp->vp), sdp->offset, 420 seg->s_as, seg->s_base, seg->s_size, 421 sdp->prot, sdp->maxprot, sdp->type, CRED()); 422 423 if (error != 0) { 424 sdp->devmap_data = NULL; 425 hat_unload(seg->s_as->a_hat, seg->s_base, seg->s_size, 426 HAT_UNLOAD_UNMAP); 427 } 428 429 return (error); 430 } 431 432 static struct segdev_data * 433 sdp_alloc(void) 434 { 435 struct segdev_data *sdp; 436 437 sdp = kmem_zalloc(sizeof (struct segdev_data), KM_SLEEP); 438 mutex_init(&sdp->lock, NULL, MUTEX_DEFAULT, NULL); 439 440 return (sdp); 441 } 442 443 /* 444 * Duplicate seg and return new segment in newseg. 445 */ 446 static int 447 segdev_dup(struct seg *seg, struct seg *newseg) 448 { 449 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 450 struct segdev_data *newsdp; 451 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 452 size_t npages; 453 int ret; 454 455 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DUP, 456 "segdev_dup:start dhp=%p, seg=%p", (void *)dhp, (void *)seg); 457 458 DEBUGF(3, (CE_CONT, "segdev_dup: dhp %p seg %p\n", 459 (void *)dhp, (void *)seg)); 460 461 /* 462 * Since the address space is "write" locked, we 463 * don't need the segment lock to protect "segdev" data. 464 */ 465 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 466 467 newsdp = sdp_alloc(); 468 469 newseg->s_ops = seg->s_ops; 470 newseg->s_data = (void *)newsdp; 471 472 VN_HOLD(sdp->vp); 473 newsdp->vp = sdp->vp; 474 newsdp->mapfunc = sdp->mapfunc; 475 newsdp->offset = sdp->offset; 476 newsdp->pageprot = sdp->pageprot; 477 newsdp->prot = sdp->prot; 478 newsdp->maxprot = sdp->maxprot; 479 newsdp->type = sdp->type; 480 newsdp->hat_attr = sdp->hat_attr; 481 newsdp->hat_flags = sdp->hat_flags; 482 newsdp->softlockcnt = 0; 483 484 /* 485 * Initialize per page data if the segment we are 486 * dup'ing has per page information. 487 */ 488 npages = seg_pages(newseg); 489 490 if (sdp->vpage != NULL) { 491 size_t nbytes = vpgtob(npages); 492 493 newsdp->vpage = kmem_zalloc(nbytes, KM_SLEEP); 494 bcopy(sdp->vpage, newsdp->vpage, nbytes); 495 } else 496 newsdp->vpage = NULL; 497 498 /* 499 * duplicate devmap handles 500 */ 501 if (dhp != NULL) { 502 ret = devmap_handle_dup(dhp, 503 (devmap_handle_t **)&newsdp->devmap_data, newseg); 504 if (ret != 0) { 505 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DUP_CK1, 506 "segdev_dup:ret1 ret=%x, dhp=%p seg=%p", 507 ret, (void *)dhp, (void *)seg); 508 DEBUGF(1, (CE_CONT, 509 "segdev_dup: ret %x dhp %p seg %p\n", 510 ret, (void *)dhp, (void *)seg)); 511 return (ret); 512 } 513 } 514 515 /* 516 * Inform the common vnode of the new mapping. 517 */ 518 return (VOP_ADDMAP(VTOCVP(newsdp->vp), 519 newsdp->offset, newseg->s_as, 520 newseg->s_base, newseg->s_size, newsdp->prot, 521 newsdp->maxprot, sdp->type, CRED())); 522 } 523 524 /* 525 * duplicate devmap handles 526 */ 527 static int 528 devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp, 529 struct seg *newseg) 530 { 531 devmap_handle_t *newdhp_save = NULL; 532 devmap_handle_t *newdhp = NULL; 533 struct devmap_callback_ctl *callbackops; 534 535 while (dhp != NULL) { 536 newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP); 537 538 /* Need to lock the original dhp while copying if REMAP */ 539 HOLD_DHP_LOCK(dhp); 540 bcopy(dhp, newdhp, sizeof (devmap_handle_t)); 541 RELE_DHP_LOCK(dhp); 542 newdhp->dh_seg = newseg; 543 newdhp->dh_next = NULL; 544 if (newdhp_save != NULL) 545 newdhp_save->dh_next = newdhp; 546 else 547 *new_dhp = newdhp; 548 newdhp_save = newdhp; 549 550 callbackops = &newdhp->dh_callbackops; 551 552 if (dhp->dh_softlock != NULL) 553 newdhp->dh_softlock = devmap_softlock_init( 554 newdhp->dh_dev, 555 (ulong_t)callbackops->devmap_access); 556 if (dhp->dh_ctx != NULL) 557 newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev, 558 (ulong_t)callbackops->devmap_access); 559 560 /* 561 * Initialize dh_lock if we want to do remap. 562 */ 563 if (newdhp->dh_flags & DEVMAP_ALLOW_REMAP) { 564 mutex_init(&newdhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 565 newdhp->dh_flags |= DEVMAP_LOCK_INITED; 566 } 567 568 if (callbackops->devmap_dup != NULL) { 569 int ret; 570 571 /* 572 * Call the dup callback so that the driver can 573 * duplicate its private data. 574 */ 575 ret = (*callbackops->devmap_dup)(dhp, dhp->dh_pvtp, 576 (devmap_cookie_t *)newdhp, &newdhp->dh_pvtp); 577 578 if (ret != 0) { 579 /* 580 * We want to free up this segment as the driver 581 * has indicated that we can't dup it. But we 582 * don't want to call the drivers, devmap_unmap, 583 * callback function as the driver does not 584 * think this segment exists. The caller of 585 * devmap_dup will call seg_free on newseg 586 * as it was the caller that allocated the 587 * segment. 588 */ 589 DEBUGF(1, (CE_CONT, "devmap_handle_dup ERROR: " 590 "newdhp %p dhp %p\n", (void *)newdhp, 591 (void *)dhp)); 592 callbackops->devmap_unmap = NULL; 593 return (ret); 594 } 595 } 596 597 dhp = dhp->dh_next; 598 } 599 600 return (0); 601 } 602 603 /* 604 * Split a segment at addr for length len. 605 */ 606 /*ARGSUSED*/ 607 static int 608 segdev_unmap(struct seg *seg, caddr_t addr, size_t len) 609 { 610 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 611 register struct segdev_data *nsdp; 612 register struct seg *nseg; 613 register size_t opages; /* old segment size in pages */ 614 register size_t npages; /* new segment size in pages */ 615 register size_t dpages; /* pages being deleted (unmapped) */ 616 register size_t nbytes; 617 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 618 devmap_handle_t *dhpp; 619 devmap_handle_t *newdhp; 620 struct devmap_callback_ctl *callbackops; 621 caddr_t nbase; 622 offset_t off; 623 ulong_t nsize; 624 size_t mlen, sz; 625 626 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP, 627 "segdev_unmap:start dhp=%p, seg=%p addr=%p len=%lx", 628 (void *)dhp, (void *)seg, (void *)addr, len); 629 630 DEBUGF(3, (CE_CONT, "segdev_unmap: dhp %p seg %p addr %p len %lx\n", 631 (void *)dhp, (void *)seg, (void *)addr, len)); 632 633 /* 634 * Since the address space is "write" locked, we 635 * don't need the segment lock to protect "segdev" data. 636 */ 637 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 638 639 if ((sz = sdp->softlockcnt) > 0) { 640 /* 641 * Fail the unmap if pages are SOFTLOCKed through this mapping. 642 * softlockcnt is protected from change by the as write lock. 643 */ 644 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK1, 645 "segdev_unmap:error softlockcnt = %ld", sz); 646 DEBUGF(1, (CE_CONT, "segdev_unmap: softlockcnt %ld\n", sz)); 647 return (EAGAIN); 648 } 649 650 /* 651 * Check for bad sizes 652 */ 653 if (addr < seg->s_base || addr + len > seg->s_base + seg->s_size || 654 (len & PAGEOFFSET) || ((uintptr_t)addr & PAGEOFFSET)) 655 panic("segdev_unmap"); 656 657 if (dhp != NULL) { 658 devmap_handle_t *tdhp; 659 /* 660 * If large page size was used in hat_devload(), 661 * the same page size must be used in hat_unload(). 662 */ 663 dhpp = tdhp = devmap_find_handle(dhp, addr); 664 while (tdhp != NULL) { 665 if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) { 666 break; 667 } 668 tdhp = tdhp->dh_next; 669 } 670 if (tdhp != NULL) { /* found a dhp using large pages */ 671 size_t slen = len; 672 size_t mlen; 673 size_t soff; 674 675 soff = (ulong_t)(addr - dhpp->dh_uvaddr); 676 while (slen != 0) { 677 mlen = MIN(slen, (dhpp->dh_len - soff)); 678 hat_unload(seg->s_as->a_hat, dhpp->dh_uvaddr, 679 dhpp->dh_len, HAT_UNLOAD_UNMAP); 680 dhpp = dhpp->dh_next; 681 ASSERT(slen >= mlen); 682 slen -= mlen; 683 soff = 0; 684 } 685 } else 686 hat_unload(seg->s_as->a_hat, addr, len, 687 HAT_UNLOAD_UNMAP); 688 } else { 689 /* 690 * Unload any hardware translations in the range 691 * to be taken out. 692 */ 693 hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD_UNMAP); 694 } 695 696 /* 697 * get the user offset which will used in the driver callbacks 698 */ 699 off = sdp->offset + (offset_t)(addr - seg->s_base); 700 701 /* 702 * Inform the vnode of the unmapping. 703 */ 704 ASSERT(sdp->vp != NULL); 705 (void) VOP_DELMAP(VTOCVP(sdp->vp), off, seg->s_as, addr, len, 706 sdp->prot, sdp->maxprot, sdp->type, CRED()); 707 708 /* 709 * Check for entire segment 710 */ 711 if (addr == seg->s_base && len == seg->s_size) { 712 seg_free(seg); 713 return (0); 714 } 715 716 opages = seg_pages(seg); 717 dpages = btop(len); 718 npages = opages - dpages; 719 720 /* 721 * Check for beginning of segment 722 */ 723 if (addr == seg->s_base) { 724 if (sdp->vpage != NULL) { 725 register struct vpage *ovpage; 726 727 ovpage = sdp->vpage; /* keep pointer to vpage */ 728 729 nbytes = vpgtob(npages); 730 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 731 bcopy(&ovpage[dpages], sdp->vpage, nbytes); 732 733 /* free up old vpage */ 734 kmem_free(ovpage, vpgtob(opages)); 735 } 736 737 /* 738 * free devmap handles from the beginning of the mapping. 739 */ 740 if (dhp != NULL) 741 devmap_handle_unmap_head(dhp, len); 742 743 sdp->offset += (offset_t)len; 744 745 seg->s_base += len; 746 seg->s_size -= len; 747 748 return (0); 749 } 750 751 /* 752 * Check for end of segment 753 */ 754 if (addr + len == seg->s_base + seg->s_size) { 755 if (sdp->vpage != NULL) { 756 register struct vpage *ovpage; 757 758 ovpage = sdp->vpage; /* keep pointer to vpage */ 759 760 nbytes = vpgtob(npages); 761 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 762 bcopy(ovpage, sdp->vpage, nbytes); 763 764 /* free up old vpage */ 765 kmem_free(ovpage, vpgtob(opages)); 766 } 767 seg->s_size -= len; 768 769 /* 770 * free devmap handles from addr to the end of the mapping. 771 */ 772 if (dhp != NULL) 773 devmap_handle_unmap_tail(dhp, addr); 774 775 return (0); 776 } 777 778 /* 779 * The section to go is in the middle of the segment, 780 * have to make it into two segments. nseg is made for 781 * the high end while seg is cut down at the low end. 782 */ 783 nbase = addr + len; /* new seg base */ 784 nsize = (seg->s_base + seg->s_size) - nbase; /* new seg size */ 785 seg->s_size = addr - seg->s_base; /* shrink old seg */ 786 nseg = seg_alloc(seg->s_as, nbase, nsize); 787 if (nseg == NULL) 788 panic("segdev_unmap seg_alloc"); 789 790 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK2, 791 "segdev_unmap: seg=%p nseg=%p", (void *)seg, (void *)nseg); 792 DEBUGF(3, (CE_CONT, "segdev_unmap: segdev_dup seg %p nseg %p\n", 793 (void *)seg, (void *)nseg)); 794 nsdp = sdp_alloc(); 795 796 nseg->s_ops = seg->s_ops; 797 nseg->s_data = (void *)nsdp; 798 799 VN_HOLD(sdp->vp); 800 nsdp->mapfunc = sdp->mapfunc; 801 nsdp->offset = sdp->offset + (offset_t)(nseg->s_base - seg->s_base); 802 nsdp->vp = sdp->vp; 803 nsdp->pageprot = sdp->pageprot; 804 nsdp->prot = sdp->prot; 805 nsdp->maxprot = sdp->maxprot; 806 nsdp->type = sdp->type; 807 nsdp->hat_attr = sdp->hat_attr; 808 nsdp->hat_flags = sdp->hat_flags; 809 nsdp->softlockcnt = 0; 810 811 /* 812 * Initialize per page data if the segment we are 813 * dup'ing has per page information. 814 */ 815 if (sdp->vpage != NULL) { 816 /* need to split vpage into two arrays */ 817 register size_t nnbytes; 818 register size_t nnpages; 819 register struct vpage *ovpage; 820 821 ovpage = sdp->vpage; /* keep pointer to vpage */ 822 823 npages = seg_pages(seg); /* seg has shrunk */ 824 nbytes = vpgtob(npages); 825 nnpages = seg_pages(nseg); 826 nnbytes = vpgtob(nnpages); 827 828 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 829 bcopy(ovpage, sdp->vpage, nbytes); 830 831 nsdp->vpage = kmem_alloc(nnbytes, KM_SLEEP); 832 bcopy(&ovpage[npages + dpages], nsdp->vpage, nnbytes); 833 834 /* free up old vpage */ 835 kmem_free(ovpage, vpgtob(opages)); 836 } else 837 nsdp->vpage = NULL; 838 839 /* 840 * unmap dhps. 841 */ 842 if (dhp == NULL) { 843 nsdp->devmap_data = NULL; 844 return (0); 845 } 846 while (dhp != NULL) { 847 callbackops = &dhp->dh_callbackops; 848 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK3, 849 "segdev_unmap: dhp=%p addr=%p", dhp, addr); 850 DEBUGF(3, (CE_CONT, "unmap: dhp %p addr %p uvaddr %p len %lx\n", 851 (void *)dhp, (void *)addr, 852 (void *)dhp->dh_uvaddr, dhp->dh_len)); 853 854 if (addr == (dhp->dh_uvaddr + dhp->dh_len)) { 855 dhpp = dhp->dh_next; 856 dhp->dh_next = NULL; 857 dhp = dhpp; 858 } else if (addr > (dhp->dh_uvaddr + dhp->dh_len)) { 859 dhp = dhp->dh_next; 860 } else if (addr > dhp->dh_uvaddr && 861 (addr + len) < (dhp->dh_uvaddr + dhp->dh_len)) { 862 /* 863 * <addr, addr+len> is enclosed by dhp. 864 * create a newdhp that begins at addr+len and 865 * ends at dhp->dh_uvaddr+dhp->dh_len. 866 */ 867 newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP); 868 HOLD_DHP_LOCK(dhp); 869 bcopy(dhp, newdhp, sizeof (devmap_handle_t)); 870 RELE_DHP_LOCK(dhp); 871 newdhp->dh_seg = nseg; 872 newdhp->dh_next = dhp->dh_next; 873 if (dhp->dh_softlock != NULL) 874 newdhp->dh_softlock = devmap_softlock_init( 875 newdhp->dh_dev, 876 (ulong_t)callbackops->devmap_access); 877 if (dhp->dh_ctx != NULL) 878 newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev, 879 (ulong_t)callbackops->devmap_access); 880 if (newdhp->dh_flags & DEVMAP_LOCK_INITED) { 881 mutex_init(&newdhp->dh_lock, 882 NULL, MUTEX_DEFAULT, NULL); 883 } 884 if (callbackops->devmap_unmap != NULL) 885 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 886 off, len, dhp, &dhp->dh_pvtp, 887 newdhp, &newdhp->dh_pvtp); 888 mlen = len + (addr - dhp->dh_uvaddr); 889 devmap_handle_reduce_len(newdhp, mlen); 890 nsdp->devmap_data = newdhp; 891 /* XX Changing len should recalculate LARGE flag */ 892 dhp->dh_len = addr - dhp->dh_uvaddr; 893 dhpp = dhp->dh_next; 894 dhp->dh_next = NULL; 895 dhp = dhpp; 896 } else if ((addr > dhp->dh_uvaddr) && 897 ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len))) { 898 mlen = dhp->dh_len + dhp->dh_uvaddr - addr; 899 /* 900 * <addr, addr+len> spans over dhps. 901 */ 902 if (callbackops->devmap_unmap != NULL) 903 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 904 off, mlen, (devmap_cookie_t *)dhp, 905 &dhp->dh_pvtp, NULL, NULL); 906 /* XX Changing len should recalculate LARGE flag */ 907 dhp->dh_len = addr - dhp->dh_uvaddr; 908 dhpp = dhp->dh_next; 909 dhp->dh_next = NULL; 910 dhp = dhpp; 911 nsdp->devmap_data = dhp; 912 } else if ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len)) { 913 /* 914 * dhp is enclosed by <addr, addr+len>. 915 */ 916 dhp->dh_seg = nseg; 917 nsdp->devmap_data = dhp; 918 dhp = devmap_handle_unmap(dhp); 919 nsdp->devmap_data = dhp; /* XX redundant? */ 920 } else if (((addr + len) > dhp->dh_uvaddr) && 921 ((addr + len) < (dhp->dh_uvaddr + dhp->dh_len))) { 922 mlen = addr + len - dhp->dh_uvaddr; 923 if (callbackops->devmap_unmap != NULL) 924 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 925 dhp->dh_uoff, mlen, NULL, 926 NULL, dhp, &dhp->dh_pvtp); 927 devmap_handle_reduce_len(dhp, mlen); 928 nsdp->devmap_data = dhp; 929 dhp->dh_seg = nseg; 930 dhp = dhp->dh_next; 931 } else { 932 dhp->dh_seg = nseg; 933 dhp = dhp->dh_next; 934 } 935 } 936 return (0); 937 } 938 939 /* 940 * Utility function handles reducing the length of a devmap handle during unmap 941 * Note that is only used for unmapping the front portion of the handler, 942 * i.e., we are bumping up the offset/pfn etc up by len 943 * Do not use if reducing length at the tail. 944 */ 945 static void 946 devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len) 947 { 948 struct ddi_umem_cookie *cp; 949 struct devmap_pmem_cookie *pcp; 950 /* 951 * adjust devmap handle fields 952 */ 953 ASSERT(len < dhp->dh_len); 954 955 /* Make sure only page-aligned changes are done */ 956 ASSERT((len & PAGEOFFSET) == 0); 957 958 dhp->dh_len -= len; 959 dhp->dh_uoff += (offset_t)len; 960 dhp->dh_roff += (offset_t)len; 961 dhp->dh_uvaddr += len; 962 /* Need to grab dhp lock if REMAP */ 963 HOLD_DHP_LOCK(dhp); 964 cp = dhp->dh_cookie; 965 if (!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)) { 966 if (cookie_is_devmem(cp)) { 967 dhp->dh_pfn += btop(len); 968 } else if (cookie_is_pmem(cp)) { 969 pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie; 970 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 && 971 dhp->dh_roff < ptob(pcp->dp_npages)); 972 } else { 973 ASSERT(dhp->dh_roff < cp->size); 974 ASSERT(dhp->dh_cvaddr >= cp->cvaddr && 975 dhp->dh_cvaddr < (cp->cvaddr + cp->size)); 976 ASSERT((dhp->dh_cvaddr + len) <= 977 (cp->cvaddr + cp->size)); 978 979 dhp->dh_cvaddr += len; 980 } 981 } 982 /* XXX - Should recalculate the DEVMAP_FLAG_LARGE after changes */ 983 RELE_DHP_LOCK(dhp); 984 } 985 986 /* 987 * Free devmap handle, dhp. 988 * Return the next devmap handle on the linked list. 989 */ 990 static devmap_handle_t * 991 devmap_handle_unmap(devmap_handle_t *dhp) 992 { 993 struct devmap_callback_ctl *callbackops = &dhp->dh_callbackops; 994 struct segdev_data *sdp = (struct segdev_data *)dhp->dh_seg->s_data; 995 devmap_handle_t *dhpp = (devmap_handle_t *)sdp->devmap_data; 996 997 ASSERT(dhp != NULL); 998 999 /* 1000 * before we free up dhp, call the driver's devmap_unmap entry point 1001 * to free resources allocated for this dhp. 1002 */ 1003 if (callbackops->devmap_unmap != NULL) { 1004 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, dhp->dh_uoff, 1005 dhp->dh_len, NULL, NULL, NULL, NULL); 1006 } 1007 1008 if (dhpp == dhp) { /* releasing first dhp, change sdp data */ 1009 sdp->devmap_data = dhp->dh_next; 1010 } else { 1011 while (dhpp->dh_next != dhp) { 1012 dhpp = dhpp->dh_next; 1013 } 1014 dhpp->dh_next = dhp->dh_next; 1015 } 1016 dhpp = dhp->dh_next; /* return value is next dhp in chain */ 1017 1018 if (dhp->dh_softlock != NULL) 1019 devmap_softlock_rele(dhp); 1020 1021 if (dhp->dh_ctx != NULL) 1022 devmap_ctx_rele(dhp); 1023 1024 if (dhp->dh_flags & DEVMAP_LOCK_INITED) { 1025 mutex_destroy(&dhp->dh_lock); 1026 } 1027 kmem_free(dhp, sizeof (devmap_handle_t)); 1028 1029 return (dhpp); 1030 } 1031 1032 /* 1033 * Free complete devmap handles from dhp for len bytes 1034 * dhp can be either the first handle or a subsequent handle 1035 */ 1036 static void 1037 devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len) 1038 { 1039 struct devmap_callback_ctl *callbackops; 1040 1041 /* 1042 * free the devmap handles covered by len. 1043 */ 1044 while (len >= dhp->dh_len) { 1045 len -= dhp->dh_len; 1046 dhp = devmap_handle_unmap(dhp); 1047 } 1048 if (len != 0) { /* partial unmap at head of first remaining dhp */ 1049 callbackops = &dhp->dh_callbackops; 1050 1051 /* 1052 * Call the unmap callback so the drivers can make 1053 * adjustment on its private data. 1054 */ 1055 if (callbackops->devmap_unmap != NULL) 1056 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 1057 dhp->dh_uoff, len, NULL, NULL, dhp, &dhp->dh_pvtp); 1058 devmap_handle_reduce_len(dhp, len); 1059 } 1060 } 1061 1062 /* 1063 * Free devmap handles to truncate the mapping after addr 1064 * RFE: Simpler to pass in dhp pointing at correct dhp (avoid find again) 1065 * Also could then use the routine in middle unmap case too 1066 */ 1067 static void 1068 devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr) 1069 { 1070 register struct seg *seg = dhp->dh_seg; 1071 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1072 register devmap_handle_t *dhph = (devmap_handle_t *)sdp->devmap_data; 1073 struct devmap_callback_ctl *callbackops; 1074 register devmap_handle_t *dhpp; 1075 size_t maplen; 1076 ulong_t off; 1077 size_t len; 1078 1079 maplen = (size_t)(addr - dhp->dh_uvaddr); 1080 dhph = devmap_find_handle(dhph, addr); 1081 1082 while (dhph != NULL) { 1083 if (maplen == 0) { 1084 dhph = devmap_handle_unmap(dhph); 1085 } else { 1086 callbackops = &dhph->dh_callbackops; 1087 len = dhph->dh_len - maplen; 1088 off = (ulong_t)sdp->offset + (addr - seg->s_base); 1089 /* 1090 * Call the unmap callback so the driver 1091 * can make adjustments on its private data. 1092 */ 1093 if (callbackops->devmap_unmap != NULL) 1094 (*callbackops->devmap_unmap)(dhph, 1095 dhph->dh_pvtp, off, len, 1096 (devmap_cookie_t *)dhph, 1097 &dhph->dh_pvtp, NULL, NULL); 1098 /* XXX Reducing len needs to recalculate LARGE flag */ 1099 dhph->dh_len = maplen; 1100 maplen = 0; 1101 dhpp = dhph->dh_next; 1102 dhph->dh_next = NULL; 1103 dhph = dhpp; 1104 } 1105 } /* end while */ 1106 } 1107 1108 /* 1109 * Free a segment. 1110 */ 1111 static void 1112 segdev_free(struct seg *seg) 1113 { 1114 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1115 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 1116 1117 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FREE, 1118 "segdev_free: dhp=%p seg=%p", (void *)dhp, (void *)seg); 1119 DEBUGF(3, (CE_CONT, "segdev_free: dhp %p seg %p\n", 1120 (void *)dhp, (void *)seg)); 1121 1122 /* 1123 * Since the address space is "write" locked, we 1124 * don't need the segment lock to protect "segdev" data. 1125 */ 1126 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 1127 1128 while (dhp != NULL) 1129 dhp = devmap_handle_unmap(dhp); 1130 1131 VN_RELE(sdp->vp); 1132 if (sdp->vpage != NULL) 1133 kmem_free(sdp->vpage, vpgtob(seg_pages(seg))); 1134 1135 mutex_destroy(&sdp->lock); 1136 kmem_free(sdp, sizeof (*sdp)); 1137 } 1138 1139 static void 1140 free_devmap_handle(devmap_handle_t *dhp) 1141 { 1142 register devmap_handle_t *dhpp; 1143 1144 /* 1145 * free up devmap handle 1146 */ 1147 while (dhp != NULL) { 1148 dhpp = dhp->dh_next; 1149 if (dhp->dh_flags & DEVMAP_LOCK_INITED) { 1150 mutex_destroy(&dhp->dh_lock); 1151 } 1152 1153 if (dhp->dh_softlock != NULL) 1154 devmap_softlock_rele(dhp); 1155 1156 if (dhp->dh_ctx != NULL) 1157 devmap_ctx_rele(dhp); 1158 1159 kmem_free(dhp, sizeof (devmap_handle_t)); 1160 dhp = dhpp; 1161 } 1162 } 1163 1164 /* 1165 * routines to lock and unlock underlying segkp segment for 1166 * KMEM_PAGEABLE type cookies. 1167 * segkp only allows a single pending F_SOFTLOCK 1168 * we keep track of number of locks in the cookie so we can 1169 * have multiple pending faults and manage the calls to segkp. 1170 * RFE: if segkp supports either pagelock or can support multiple 1171 * calls to F_SOFTLOCK, then these routines can go away. 1172 * If pagelock, segdev_faultpage can fault on a page by page basis 1173 * and simplifies the code quite a bit. 1174 * if multiple calls allowed but not partial ranges, then need for 1175 * cookie->lock and locked count goes away, code can call as_fault directly 1176 */ 1177 static faultcode_t 1178 acquire_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages) 1179 { 1180 int err = 0; 1181 ASSERT(cookie_is_kpmem(cookie)); 1182 /* 1183 * Fault in pages in segkp with F_SOFTLOCK. 1184 * We want to hold the lock until all pages have been loaded. 1185 * segkp only allows single caller to hold SOFTLOCK, so cookie 1186 * holds a count so we dont call into segkp multiple times 1187 */ 1188 mutex_enter(&cookie->lock); 1189 1190 /* 1191 * Check for overflow in locked field 1192 */ 1193 if ((UINT32_MAX - cookie->locked) < npages) { 1194 err = FC_MAKE_ERR(ENOMEM); 1195 } else if (cookie->locked == 0) { 1196 /* First time locking */ 1197 err = as_fault(kas.a_hat, &kas, cookie->cvaddr, 1198 cookie->size, F_SOFTLOCK, PROT_READ|PROT_WRITE); 1199 } 1200 if (!err) { 1201 cookie->locked += npages; 1202 } 1203 mutex_exit(&cookie->lock); 1204 return (err); 1205 } 1206 1207 static void 1208 release_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages) 1209 { 1210 mutex_enter(&cookie->lock); 1211 ASSERT(cookie_is_kpmem(cookie)); 1212 ASSERT(cookie->locked >= npages); 1213 cookie->locked -= (uint_t)npages; 1214 if (cookie->locked == 0) { 1215 /* Last unlock */ 1216 if (as_fault(kas.a_hat, &kas, cookie->cvaddr, 1217 cookie->size, F_SOFTUNLOCK, PROT_READ|PROT_WRITE)) 1218 panic("segdev releasing kpmem lock %p", (void *)cookie); 1219 } 1220 mutex_exit(&cookie->lock); 1221 } 1222 1223 /* 1224 * Routines to synchronize F_SOFTLOCK and F_INVAL faults for 1225 * drivers with devmap_access callbacks 1226 * slock->softlocked basically works like a rw lock 1227 * -ve counts => F_SOFTLOCK in progress 1228 * +ve counts => F_INVAL/F_PROT in progress 1229 * We allow only one F_SOFTLOCK at a time 1230 * but can have multiple pending F_INVAL/F_PROT calls 1231 * 1232 * This routine waits using cv_wait_sig so killing processes is more graceful 1233 * Returns EINTR if coming out of this routine due to a signal, 0 otherwise 1234 */ 1235 static int devmap_softlock_enter( 1236 struct devmap_softlock *slock, 1237 size_t npages, 1238 enum fault_type type) 1239 { 1240 if (npages == 0) 1241 return (0); 1242 mutex_enter(&(slock->lock)); 1243 switch (type) { 1244 case F_SOFTLOCK : 1245 while (slock->softlocked) { 1246 if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) { 1247 /* signalled */ 1248 mutex_exit(&(slock->lock)); 1249 return (EINTR); 1250 } 1251 } 1252 slock->softlocked -= npages; /* -ve count => locked */ 1253 break; 1254 case F_INVAL : 1255 case F_PROT : 1256 while (slock->softlocked < 0) 1257 if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) { 1258 /* signalled */ 1259 mutex_exit(&(slock->lock)); 1260 return (EINTR); 1261 } 1262 slock->softlocked += npages; /* +ve count => f_invals */ 1263 break; 1264 default: 1265 ASSERT(0); 1266 } 1267 mutex_exit(&(slock->lock)); 1268 return (0); 1269 } 1270 1271 static void devmap_softlock_exit( 1272 struct devmap_softlock *slock, 1273 size_t npages, 1274 enum fault_type type) 1275 { 1276 if (slock == NULL) 1277 return; 1278 mutex_enter(&(slock->lock)); 1279 switch (type) { 1280 case F_SOFTLOCK : 1281 ASSERT(-slock->softlocked >= npages); 1282 slock->softlocked += npages; /* -ve count is softlocked */ 1283 if (slock->softlocked == 0) 1284 cv_signal(&slock->cv); 1285 break; 1286 case F_INVAL : 1287 case F_PROT: 1288 ASSERT(slock->softlocked >= npages); 1289 slock->softlocked -= npages; 1290 if (slock->softlocked == 0) 1291 cv_signal(&slock->cv); 1292 break; 1293 default: 1294 ASSERT(0); 1295 } 1296 mutex_exit(&(slock->lock)); 1297 } 1298 1299 /* 1300 * Do a F_SOFTUNLOCK call over the range requested. 1301 * The range must have already been F_SOFTLOCK'ed. 1302 * The segment lock should be held, (but not the segment private lock?) 1303 * The softunlock code below does not adjust for large page sizes 1304 * assumes the caller already did any addr/len adjustments for 1305 * pagesize mappings before calling. 1306 */ 1307 /*ARGSUSED*/ 1308 static void 1309 segdev_softunlock( 1310 struct hat *hat, /* the hat */ 1311 struct seg *seg, /* seg_dev of interest */ 1312 caddr_t addr, /* base address of range */ 1313 size_t len, /* number of bytes */ 1314 enum seg_rw rw) /* type of access at fault */ 1315 { 1316 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1317 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 1318 1319 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SOFTUNLOCK, 1320 "segdev_softunlock:dhp_head=%p sdp=%p addr=%p len=%lx", 1321 dhp_head, sdp, addr, len); 1322 DEBUGF(3, (CE_CONT, "segdev_softunlock: dhp %p lockcnt %lx " 1323 "addr %p len %lx\n", 1324 (void *)dhp_head, sdp->softlockcnt, (void *)addr, len)); 1325 1326 hat_unlock(hat, addr, len); 1327 1328 if (dhp_head != NULL) { 1329 devmap_handle_t *dhp; 1330 size_t mlen; 1331 ulong_t off; 1332 1333 dhp = devmap_find_handle(dhp_head, addr); 1334 ASSERT(dhp != NULL); 1335 1336 off = (ulong_t)(addr - dhp->dh_uvaddr); 1337 while (len != 0) { 1338 mlen = MIN(len, (dhp->dh_len - off)); 1339 1340 /* 1341 * unlock segkp memory, locked during F_SOFTLOCK 1342 */ 1343 if (dhp_is_kpmem(dhp)) { 1344 release_kpmem_lock( 1345 (struct ddi_umem_cookie *)dhp->dh_cookie, 1346 btopr(mlen)); 1347 } 1348 1349 /* 1350 * Do the softlock accounting for devmap_access 1351 */ 1352 if (dhp->dh_callbackops.devmap_access != NULL) { 1353 devmap_softlock_exit(dhp->dh_softlock, 1354 btopr(mlen), F_SOFTLOCK); 1355 } 1356 1357 len -= mlen; 1358 dhp = dhp->dh_next; 1359 off = 0; 1360 } 1361 } 1362 1363 mutex_enter(&freemem_lock); 1364 ASSERT(sdp->softlockcnt >= btopr(len)); 1365 sdp->softlockcnt -= btopr(len); 1366 mutex_exit(&freemem_lock); 1367 if (sdp->softlockcnt == 0) { 1368 /* 1369 * All SOFTLOCKS are gone. Wakeup any waiting 1370 * unmappers so they can try again to unmap. 1371 * Check for waiters first without the mutex 1372 * held so we don't always grab the mutex on 1373 * softunlocks. 1374 */ 1375 if (AS_ISUNMAPWAIT(seg->s_as)) { 1376 mutex_enter(&seg->s_as->a_contents); 1377 if (AS_ISUNMAPWAIT(seg->s_as)) { 1378 AS_CLRUNMAPWAIT(seg->s_as); 1379 cv_broadcast(&seg->s_as->a_cv); 1380 } 1381 mutex_exit(&seg->s_as->a_contents); 1382 } 1383 } 1384 1385 } 1386 1387 /* 1388 * Handle fault for a single page. 1389 * Done in a separate routine so we can handle errors more easily. 1390 * This routine is called only from segdev_faultpages() 1391 * when looping over the range of addresses requested. The segment lock is held. 1392 */ 1393 static faultcode_t 1394 segdev_faultpage( 1395 struct hat *hat, /* the hat */ 1396 struct seg *seg, /* seg_dev of interest */ 1397 caddr_t addr, /* address in as */ 1398 struct vpage *vpage, /* pointer to vpage for seg, addr */ 1399 enum fault_type type, /* type of fault */ 1400 enum seg_rw rw, /* type of access at fault */ 1401 devmap_handle_t *dhp) /* devmap handle if any for this page */ 1402 { 1403 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1404 uint_t prot; 1405 pfn_t pfnum = PFN_INVALID; 1406 u_offset_t offset; 1407 uint_t hat_flags; 1408 dev_info_t *dip; 1409 1410 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE, 1411 "segdev_faultpage: dhp=%p seg=%p addr=%p", dhp, seg, addr); 1412 DEBUGF(8, (CE_CONT, "segdev_faultpage: dhp %p seg %p addr %p \n", 1413 (void *)dhp, (void *)seg, (void *)addr)); 1414 1415 /* 1416 * Initialize protection value for this page. 1417 * If we have per page protection values check it now. 1418 */ 1419 if (sdp->pageprot) { 1420 uint_t protchk; 1421 1422 switch (rw) { 1423 case S_READ: 1424 protchk = PROT_READ; 1425 break; 1426 case S_WRITE: 1427 protchk = PROT_WRITE; 1428 break; 1429 case S_EXEC: 1430 protchk = PROT_EXEC; 1431 break; 1432 case S_OTHER: 1433 default: 1434 protchk = PROT_READ | PROT_WRITE | PROT_EXEC; 1435 break; 1436 } 1437 1438 prot = VPP_PROT(vpage); 1439 if ((prot & protchk) == 0) 1440 return (FC_PROT); /* illegal access type */ 1441 } else { 1442 prot = sdp->prot; 1443 /* caller has already done segment level protection check */ 1444 } 1445 1446 if (type == F_SOFTLOCK) { 1447 mutex_enter(&freemem_lock); 1448 sdp->softlockcnt++; 1449 mutex_exit(&freemem_lock); 1450 } 1451 1452 hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD); 1453 offset = sdp->offset + (u_offset_t)(addr - seg->s_base); 1454 /* 1455 * In the devmap framework, sdp->mapfunc is set to NULL. we can get 1456 * pfnum from dhp->dh_pfn (at beginning of segment) and offset from 1457 * seg->s_base. 1458 */ 1459 if (dhp == NULL) { 1460 /* If segment has devmap_data, then dhp should be non-NULL */ 1461 ASSERT(sdp->devmap_data == NULL); 1462 pfnum = (pfn_t)cdev_mmap(sdp->mapfunc, sdp->vp->v_rdev, 1463 (off_t)offset, prot); 1464 prot |= sdp->hat_attr; 1465 } else { 1466 ulong_t off; 1467 struct ddi_umem_cookie *cp; 1468 struct devmap_pmem_cookie *pcp; 1469 1470 /* ensure the dhp passed in contains addr. */ 1471 ASSERT(dhp == devmap_find_handle( 1472 (devmap_handle_t *)sdp->devmap_data, addr)); 1473 1474 off = addr - dhp->dh_uvaddr; 1475 1476 /* 1477 * This routine assumes that the caller makes sure that the 1478 * fields in dhp used below are unchanged due to remap during 1479 * this call. Caller does HOLD_DHP_LOCK if neeed 1480 */ 1481 cp = dhp->dh_cookie; 1482 if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) { 1483 pfnum = PFN_INVALID; 1484 } else if (cookie_is_devmem(cp)) { 1485 pfnum = dhp->dh_pfn + btop(off); 1486 } else if (cookie_is_pmem(cp)) { 1487 pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie; 1488 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 && 1489 dhp->dh_roff < ptob(pcp->dp_npages)); 1490 pfnum = page_pptonum( 1491 pcp->dp_pparray[btop(off + dhp->dh_roff)]); 1492 } else { 1493 ASSERT(dhp->dh_roff < cp->size); 1494 ASSERT(dhp->dh_cvaddr >= cp->cvaddr && 1495 dhp->dh_cvaddr < (cp->cvaddr + cp->size)); 1496 ASSERT((dhp->dh_cvaddr + off) <= 1497 (cp->cvaddr + cp->size)); 1498 ASSERT((dhp->dh_cvaddr + off + PAGESIZE) <= 1499 (cp->cvaddr + cp->size)); 1500 1501 switch (cp->type) { 1502 case UMEM_LOCKED : 1503 if (cp->pparray != NULL) { 1504 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0); 1505 pfnum = page_pptonum( 1506 cp->pparray[btop(off + dhp->dh_roff)]); 1507 } else { 1508 pfnum = hat_getpfnum( 1509 ((proc_t *)cp->procp)->p_as->a_hat, 1510 cp->cvaddr + off); 1511 } 1512 break; 1513 case UMEM_TRASH : 1514 pfnum = page_pptonum(trashpp); 1515 /* We should set hat_flags to HAT_NOFAULT also */ 1516 /* However, not all hat layers implement this */ 1517 break; 1518 case KMEM_PAGEABLE: 1519 case KMEM_NON_PAGEABLE: 1520 pfnum = hat_getpfnum(kas.a_hat, 1521 dhp->dh_cvaddr + off); 1522 break; 1523 default : 1524 pfnum = PFN_INVALID; 1525 break; 1526 } 1527 } 1528 prot |= dhp->dh_hat_attr; 1529 } 1530 if (pfnum == PFN_INVALID) { 1531 return (FC_MAKE_ERR(EFAULT)); 1532 } 1533 /* prot should already be OR'ed in with hat_attributes if needed */ 1534 1535 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE_CK1, 1536 "segdev_faultpage: pfnum=%lx memory=%x prot=%x flags=%x", 1537 pfnum, pf_is_memory(pfnum), prot, hat_flags); 1538 DEBUGF(9, (CE_CONT, "segdev_faultpage: pfnum %lx memory %x " 1539 "prot %x flags %x\n", pfnum, pf_is_memory(pfnum), prot, hat_flags)); 1540 1541 if (pf_is_memory(pfnum) || (dhp != NULL)) { 1542 /* 1543 * It's not _really_ required here to pass sdp->hat_flags 1544 * to hat_devload even though we do it. 1545 * This is because hat figures it out DEVMEM mappings 1546 * are non-consistent, anyway. 1547 */ 1548 hat_devload(hat, addr, PAGESIZE, pfnum, 1549 prot, hat_flags | sdp->hat_flags); 1550 return (0); 1551 } 1552 1553 /* 1554 * Fall through to the case where devmap is not used and need to call 1555 * up the device tree to set up the mapping 1556 */ 1557 1558 dip = VTOS(VTOCVP(sdp->vp))->s_dip; 1559 ASSERT(dip); 1560 1561 /* 1562 * When calling ddi_map_fault, we do not OR in sdp->hat_attr 1563 * This is because this calls drivers which may not expect 1564 * prot to have any other values than PROT_ALL 1565 * The root nexus driver has a hack to peek into the segment 1566 * structure and then OR in sdp->hat_attr. 1567 * XX In case the bus_ops interfaces are ever revisited 1568 * we need to fix this. prot should include other hat attributes 1569 */ 1570 if (ddi_map_fault(dip, hat, seg, addr, NULL, pfnum, prot & PROT_ALL, 1571 (uint_t)(type == F_SOFTLOCK)) != DDI_SUCCESS) { 1572 return (FC_MAKE_ERR(EFAULT)); 1573 } 1574 return (0); 1575 } 1576 1577 static faultcode_t 1578 segdev_fault( 1579 struct hat *hat, /* the hat */ 1580 struct seg *seg, /* the seg_dev of interest */ 1581 caddr_t addr, /* the address of the fault */ 1582 size_t len, /* the length of the range */ 1583 enum fault_type type, /* type of fault */ 1584 enum seg_rw rw) /* type of access at fault */ 1585 { 1586 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1587 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 1588 devmap_handle_t *dhp; 1589 struct devmap_softlock *slock = NULL; 1590 ulong_t slpage = 0; 1591 ulong_t off; 1592 caddr_t maddr = addr; 1593 int err; 1594 int err_is_faultcode = 0; 1595 1596 TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_FAULT, 1597 "segdev_fault: dhp_head=%p seg=%p addr=%p len=%lx type=%x", 1598 (void *)dhp_head, (void *)seg, (void *)addr, len, type); 1599 DEBUGF(7, (CE_CONT, "segdev_fault: dhp_head %p seg %p " 1600 "addr %p len %lx type %x\n", 1601 (void *)dhp_head, (void *)seg, (void *)addr, len, type)); 1602 1603 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 1604 1605 /* Handle non-devmap case */ 1606 if (dhp_head == NULL) 1607 return (segdev_faultpages(hat, seg, addr, len, type, rw, NULL)); 1608 1609 /* Find devmap handle */ 1610 if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL) 1611 return (FC_NOMAP); 1612 1613 /* 1614 * The seg_dev driver does not implement copy-on-write, 1615 * and always loads translations with maximal allowed permissions 1616 * but we got an fault trying to access the device. 1617 * Servicing the fault is not going to result in any better result 1618 * RFE: If we want devmap_access callbacks to be involved in F_PROT 1619 * faults, then the code below is written for that 1620 * Pending resolution of the following: 1621 * - determine if the F_INVAL/F_SOFTLOCK syncing 1622 * is needed for F_PROT also or not. The code below assumes it does 1623 * - If driver sees F_PROT and calls devmap_load with same type, 1624 * then segdev_faultpages will fail with FC_PROT anyway, need to 1625 * change that so calls from devmap_load to segdev_faultpages for 1626 * F_PROT type are retagged to F_INVAL. 1627 * RFE: Today we dont have drivers that use devmap and want to handle 1628 * F_PROT calls. The code in segdev_fault* is written to allow 1629 * this case but is not tested. A driver that needs this capability 1630 * should be able to remove the short-circuit case; resolve the 1631 * above issues and "should" work. 1632 */ 1633 if (type == F_PROT) { 1634 return (FC_PROT); 1635 } 1636 1637 /* 1638 * Loop through dhp list calling devmap_access or segdev_faultpages for 1639 * each devmap handle. 1640 * drivers which implement devmap_access can interpose on faults and do 1641 * device-appropriate special actions before calling devmap_load. 1642 */ 1643 1644 /* 1645 * Unfortunately, this simple loop has turned out to expose a variety 1646 * of complex problems which results in the following convoluted code. 1647 * 1648 * First, a desire to handle a serialization of F_SOFTLOCK calls 1649 * to the driver within the framework. 1650 * This results in a dh_softlock structure that is on a per device 1651 * (or device instance) basis and serializes devmap_access calls. 1652 * Ideally we would need to do this for underlying 1653 * memory/device regions that are being faulted on 1654 * but that is hard to identify and with REMAP, harder 1655 * Second, a desire to serialize F_INVAL(and F_PROT) calls w.r.t. 1656 * to F_SOFTLOCK calls to the driver. 1657 * These serializations are to simplify the driver programmer model. 1658 * To support these two features, the code first goes through the 1659 * devmap handles and counts the pages (slpage) that are covered 1660 * by devmap_access callbacks. 1661 * This part ends with a devmap_softlock_enter call 1662 * which allows only one F_SOFTLOCK active on a device instance, 1663 * but multiple F_INVAL/F_PROTs can be active except when a 1664 * F_SOFTLOCK is active 1665 * 1666 * Next, we dont short-circuit the fault code upfront to call 1667 * segdev_softunlock for F_SOFTUNLOCK, because we must use 1668 * the same length when we softlock and softunlock. 1669 * 1670 * -Hat layers may not support softunlocking lengths less than the 1671 * original length when there is large page support. 1672 * -kpmem locking is dependent on keeping the lengths same. 1673 * -if drivers handled F_SOFTLOCK, they probably also expect to 1674 * see an F_SOFTUNLOCK of the same length 1675 * Hence, if extending lengths during softlock, 1676 * softunlock has to make the same adjustments and goes through 1677 * the same loop calling segdev_faultpages/segdev_softunlock 1678 * But some of the synchronization and error handling is different 1679 */ 1680 1681 if (type != F_SOFTUNLOCK) { 1682 devmap_handle_t *dhpp = dhp; 1683 size_t slen = len; 1684 1685 /* 1686 * Calculate count of pages that are : 1687 * a) within the (potentially extended) fault region 1688 * b) AND covered by devmap handle with devmap_access 1689 */ 1690 off = (ulong_t)(addr - dhpp->dh_uvaddr); 1691 while (slen != 0) { 1692 size_t mlen; 1693 1694 /* 1695 * Softlocking on a region that allows remap is 1696 * unsupported due to unresolved locking issues 1697 * XXX: unclear what these are? 1698 * One potential is that if there is a pending 1699 * softlock, then a remap should not be allowed 1700 * until the unlock is done. This is easily 1701 * fixed by returning error in devmap*remap on 1702 * checking the dh->dh_softlock->softlocked value 1703 */ 1704 if ((type == F_SOFTLOCK) && 1705 (dhpp->dh_flags & DEVMAP_ALLOW_REMAP)) { 1706 return (FC_NOSUPPORT); 1707 } 1708 1709 mlen = MIN(slen, (dhpp->dh_len - off)); 1710 if (dhpp->dh_callbackops.devmap_access) { 1711 size_t llen; 1712 caddr_t laddr; 1713 /* 1714 * use extended length for large page mappings 1715 */ 1716 HOLD_DHP_LOCK(dhpp); 1717 if ((sdp->pageprot == 0) && 1718 (dhpp->dh_flags & DEVMAP_FLAG_LARGE)) { 1719 devmap_get_large_pgsize(dhpp, 1720 mlen, maddr, &llen, &laddr); 1721 } else { 1722 llen = mlen; 1723 } 1724 RELE_DHP_LOCK(dhpp); 1725 1726 slpage += btopr(llen); 1727 slock = dhpp->dh_softlock; 1728 } 1729 maddr += mlen; 1730 ASSERT(slen >= mlen); 1731 slen -= mlen; 1732 dhpp = dhpp->dh_next; 1733 off = 0; 1734 } 1735 /* 1736 * synchonize with other faulting threads and wait till safe 1737 * devmap_softlock_enter might return due to signal in cv_wait 1738 * 1739 * devmap_softlock_enter has to be called outside of while loop 1740 * to prevent a deadlock if len spans over multiple dhps. 1741 * dh_softlock is based on device instance and if multiple dhps 1742 * use the same device instance, the second dhp's LOCK call 1743 * will hang waiting on the first to complete. 1744 * devmap_setup verifies that slocks in a dhp_chain are same. 1745 * RFE: this deadlock only hold true for F_SOFTLOCK. For 1746 * F_INVAL/F_PROT, since we now allow multiple in parallel, 1747 * we could have done the softlock_enter inside the loop 1748 * and supported multi-dhp mappings with dissimilar devices 1749 */ 1750 if (err = devmap_softlock_enter(slock, slpage, type)) 1751 return (FC_MAKE_ERR(err)); 1752 } 1753 1754 /* reset 'maddr' to the start addr of the range of fault. */ 1755 maddr = addr; 1756 1757 /* calculate the offset corresponds to 'addr' in the first dhp. */ 1758 off = (ulong_t)(addr - dhp->dh_uvaddr); 1759 1760 /* 1761 * The fault length may span over multiple dhps. 1762 * Loop until the total length is satisfied. 1763 */ 1764 while (len != 0) { 1765 size_t llen; 1766 size_t mlen; 1767 caddr_t laddr; 1768 1769 /* 1770 * mlen is the smaller of 'len' and the length 1771 * from addr to the end of mapping defined by dhp. 1772 */ 1773 mlen = MIN(len, (dhp->dh_len - off)); 1774 1775 HOLD_DHP_LOCK(dhp); 1776 /* 1777 * Pass the extended length and address to devmap_access 1778 * if large pagesize is used for loading address translations. 1779 */ 1780 if ((sdp->pageprot == 0) && 1781 (dhp->dh_flags & DEVMAP_FLAG_LARGE)) { 1782 devmap_get_large_pgsize(dhp, mlen, maddr, 1783 &llen, &laddr); 1784 ASSERT(maddr == addr || laddr == maddr); 1785 } else { 1786 llen = mlen; 1787 laddr = maddr; 1788 } 1789 1790 if (dhp->dh_callbackops.devmap_access != NULL) { 1791 offset_t aoff; 1792 1793 aoff = sdp->offset + (offset_t)(laddr - seg->s_base); 1794 1795 /* 1796 * call driver's devmap_access entry point which will 1797 * call devmap_load/contextmgmt to load the translations 1798 * 1799 * We drop the dhp_lock before calling access so 1800 * drivers can call devmap_*_remap within access 1801 */ 1802 RELE_DHP_LOCK(dhp); 1803 1804 err = (*dhp->dh_callbackops.devmap_access)( 1805 dhp, (void *)dhp->dh_pvtp, aoff, llen, type, rw); 1806 } else { 1807 /* 1808 * If no devmap_access entry point, then load mappings 1809 * hold dhp_lock across faultpages if REMAP 1810 */ 1811 err = segdev_faultpages(hat, seg, laddr, llen, 1812 type, rw, dhp); 1813 err_is_faultcode = 1; 1814 RELE_DHP_LOCK(dhp); 1815 } 1816 1817 if (err) { 1818 if ((type == F_SOFTLOCK) && (maddr > addr)) { 1819 /* 1820 * If not first dhp, use 1821 * segdev_fault(F_SOFTUNLOCK) for prior dhps 1822 * While this is recursion, it is incorrect to 1823 * call just segdev_softunlock 1824 * if we are using either large pages 1825 * or devmap_access. It will be more right 1826 * to go through the same loop as above 1827 * rather than call segdev_softunlock directly 1828 * It will use the right lenghths as well as 1829 * call into the driver devmap_access routines. 1830 */ 1831 size_t done = (size_t)(maddr - addr); 1832 (void) segdev_fault(hat, seg, addr, done, 1833 F_SOFTUNLOCK, S_OTHER); 1834 /* 1835 * reduce slpage by number of pages 1836 * released by segdev_softunlock 1837 */ 1838 ASSERT(slpage >= btopr(done)); 1839 devmap_softlock_exit(slock, 1840 slpage - btopr(done), type); 1841 } else { 1842 devmap_softlock_exit(slock, slpage, type); 1843 } 1844 1845 1846 /* 1847 * Segdev_faultpages() already returns a faultcode, 1848 * hence, result from segdev_faultpages() should be 1849 * returned directly. 1850 */ 1851 if (err_is_faultcode) 1852 return (err); 1853 return (FC_MAKE_ERR(err)); 1854 } 1855 1856 maddr += mlen; 1857 ASSERT(len >= mlen); 1858 len -= mlen; 1859 dhp = dhp->dh_next; 1860 off = 0; 1861 1862 ASSERT(!dhp || len == 0 || maddr == dhp->dh_uvaddr); 1863 } 1864 /* 1865 * release the softlock count at end of fault 1866 * For F_SOFTLOCk this is done in the later F_SOFTUNLOCK 1867 */ 1868 if ((type == F_INVAL) || (type == F_PROT)) 1869 devmap_softlock_exit(slock, slpage, type); 1870 return (0); 1871 } 1872 1873 /* 1874 * segdev_faultpages 1875 * 1876 * Used to fault in seg_dev segment pages. Called by segdev_fault or devmap_load 1877 * This routine assumes that the callers makes sure that the fields 1878 * in dhp used below are not changed due to remap during this call. 1879 * Caller does HOLD_DHP_LOCK if neeed 1880 * This routine returns a faultcode_t as a return value for segdev_fault. 1881 */ 1882 static faultcode_t 1883 segdev_faultpages( 1884 struct hat *hat, /* the hat */ 1885 struct seg *seg, /* the seg_dev of interest */ 1886 caddr_t addr, /* the address of the fault */ 1887 size_t len, /* the length of the range */ 1888 enum fault_type type, /* type of fault */ 1889 enum seg_rw rw, /* type of access at fault */ 1890 devmap_handle_t *dhp) /* devmap handle */ 1891 { 1892 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1893 register caddr_t a; 1894 struct vpage *vpage; 1895 struct ddi_umem_cookie *kpmem_cookie = NULL; 1896 int err; 1897 1898 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGES, 1899 "segdev_faultpages: dhp=%p seg=%p addr=%p len=%lx", 1900 (void *)dhp, (void *)seg, (void *)addr, len); 1901 DEBUGF(5, (CE_CONT, "segdev_faultpages: " 1902 "dhp %p seg %p addr %p len %lx\n", 1903 (void *)dhp, (void *)seg, (void *)addr, len)); 1904 1905 /* 1906 * The seg_dev driver does not implement copy-on-write, 1907 * and always loads translations with maximal allowed permissions 1908 * but we got an fault trying to access the device. 1909 * Servicing the fault is not going to result in any better result 1910 * XXX: If we want to allow devmap_access to handle F_PROT calls, 1911 * This code should be removed and let the normal fault handling 1912 * take care of finding the error 1913 */ 1914 if (type == F_PROT) { 1915 return (FC_PROT); 1916 } 1917 1918 if (type == F_SOFTUNLOCK) { 1919 segdev_softunlock(hat, seg, addr, len, rw); 1920 return (0); 1921 } 1922 1923 /* 1924 * For kernel pageable memory, fault/lock segkp pages 1925 * We hold this until the completion of this 1926 * fault (INVAL/PROT) or till unlock (SOFTLOCK). 1927 */ 1928 if ((dhp != NULL) && dhp_is_kpmem(dhp)) { 1929 kpmem_cookie = (struct ddi_umem_cookie *)dhp->dh_cookie; 1930 if (err = acquire_kpmem_lock(kpmem_cookie, btopr(len))) 1931 return (err); 1932 } 1933 1934 /* 1935 * If we have the same protections for the entire segment, 1936 * insure that the access being attempted is legitimate. 1937 */ 1938 mutex_enter(&sdp->lock); 1939 if (sdp->pageprot == 0) { 1940 uint_t protchk; 1941 1942 switch (rw) { 1943 case S_READ: 1944 protchk = PROT_READ; 1945 break; 1946 case S_WRITE: 1947 protchk = PROT_WRITE; 1948 break; 1949 case S_EXEC: 1950 protchk = PROT_EXEC; 1951 break; 1952 case S_OTHER: 1953 default: 1954 protchk = PROT_READ | PROT_WRITE | PROT_EXEC; 1955 break; 1956 } 1957 1958 if ((sdp->prot & protchk) == 0) { 1959 mutex_exit(&sdp->lock); 1960 /* undo kpmem locking */ 1961 if (kpmem_cookie != NULL) { 1962 release_kpmem_lock(kpmem_cookie, btopr(len)); 1963 } 1964 return (FC_PROT); /* illegal access type */ 1965 } 1966 } 1967 1968 /* 1969 * we do a single hat_devload for the range if 1970 * - devmap framework (dhp is not NULL), 1971 * - pageprot == 0, i.e., no per-page protection set and 1972 * - is device pages, irrespective of whether we are using large pages 1973 */ 1974 if ((sdp->pageprot == 0) && (dhp != NULL) && dhp_is_devmem(dhp)) { 1975 pfn_t pfnum; 1976 uint_t hat_flags; 1977 1978 if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) { 1979 mutex_exit(&sdp->lock); 1980 return (FC_NOMAP); 1981 } 1982 1983 if (type == F_SOFTLOCK) { 1984 mutex_enter(&freemem_lock); 1985 sdp->softlockcnt += btopr(len); 1986 mutex_exit(&freemem_lock); 1987 } 1988 1989 hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD); 1990 pfnum = dhp->dh_pfn + btop((uintptr_t)(addr - dhp->dh_uvaddr)); 1991 ASSERT(!pf_is_memory(pfnum)); 1992 1993 hat_devload(hat, addr, len, pfnum, sdp->prot | dhp->dh_hat_attr, 1994 hat_flags | sdp->hat_flags); 1995 mutex_exit(&sdp->lock); 1996 return (0); 1997 } 1998 1999 /* Handle cases where we have to loop through fault handling per-page */ 2000 2001 if (sdp->vpage == NULL) 2002 vpage = NULL; 2003 else 2004 vpage = &sdp->vpage[seg_page(seg, addr)]; 2005 2006 /* loop over the address range handling each fault */ 2007 for (a = addr; a < addr + len; a += PAGESIZE) { 2008 if (err = segdev_faultpage(hat, seg, a, vpage, type, rw, dhp)) { 2009 break; 2010 } 2011 if (vpage != NULL) 2012 vpage++; 2013 } 2014 mutex_exit(&sdp->lock); 2015 if (err && (type == F_SOFTLOCK)) { /* error handling for F_SOFTLOCK */ 2016 size_t done = (size_t)(a - addr); /* pages fault successfully */ 2017 if (done > 0) { 2018 /* use softunlock for those pages */ 2019 segdev_softunlock(hat, seg, addr, done, S_OTHER); 2020 } 2021 if (kpmem_cookie != NULL) { 2022 /* release kpmem lock for rest of pages */ 2023 ASSERT(len >= done); 2024 release_kpmem_lock(kpmem_cookie, btopr(len - done)); 2025 } 2026 } else if ((kpmem_cookie != NULL) && (type != F_SOFTLOCK)) { 2027 /* for non-SOFTLOCK cases, release kpmem */ 2028 release_kpmem_lock(kpmem_cookie, btopr(len)); 2029 } 2030 return (err); 2031 } 2032 2033 /* 2034 * Asynchronous page fault. We simply do nothing since this 2035 * entry point is not supposed to load up the translation. 2036 */ 2037 /*ARGSUSED*/ 2038 static faultcode_t 2039 segdev_faulta(struct seg *seg, caddr_t addr) 2040 { 2041 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FAULTA, 2042 "segdev_faulta: seg=%p addr=%p", (void *)seg, (void *)addr); 2043 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2044 2045 return (0); 2046 } 2047 2048 static int 2049 segdev_setprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot) 2050 { 2051 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2052 register devmap_handle_t *dhp; 2053 register struct vpage *vp, *evp; 2054 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 2055 ulong_t off; 2056 size_t mlen, sz; 2057 2058 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT, 2059 "segdev_setprot:start seg=%p addr=%p len=%lx prot=%x", 2060 (void *)seg, (void *)addr, len, prot); 2061 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2062 2063 if ((sz = sdp->softlockcnt) > 0 && dhp_head != NULL) { 2064 /* 2065 * Fail the setprot if pages are SOFTLOCKed through this 2066 * mapping. 2067 * Softlockcnt is protected from change by the as read lock. 2068 */ 2069 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT_CK1, 2070 "segdev_setprot:error softlockcnt=%lx", sz); 2071 DEBUGF(1, (CE_CONT, "segdev_setprot: softlockcnt %ld\n", sz)); 2072 return (EAGAIN); 2073 } 2074 2075 if (dhp_head != NULL) { 2076 if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL) 2077 return (EINVAL); 2078 2079 /* 2080 * check if violate maxprot. 2081 */ 2082 off = (ulong_t)(addr - dhp->dh_uvaddr); 2083 mlen = len; 2084 while (dhp) { 2085 if ((dhp->dh_maxprot & prot) != prot) 2086 return (EACCES); /* violated maxprot */ 2087 2088 if (mlen > (dhp->dh_len - off)) { 2089 mlen -= dhp->dh_len - off; 2090 dhp = dhp->dh_next; 2091 off = 0; 2092 } else 2093 break; 2094 } 2095 } else { 2096 if ((sdp->maxprot & prot) != prot) 2097 return (EACCES); 2098 } 2099 2100 mutex_enter(&sdp->lock); 2101 if (addr == seg->s_base && len == seg->s_size && sdp->pageprot == 0) { 2102 if (sdp->prot == prot) { 2103 mutex_exit(&sdp->lock); 2104 return (0); /* all done */ 2105 } 2106 sdp->prot = (uchar_t)prot; 2107 } else { 2108 sdp->pageprot = 1; 2109 if (sdp->vpage == NULL) { 2110 /* 2111 * First time through setting per page permissions, 2112 * initialize all the vpage structures to prot 2113 */ 2114 sdp->vpage = kmem_zalloc(vpgtob(seg_pages(seg)), 2115 KM_SLEEP); 2116 evp = &sdp->vpage[seg_pages(seg)]; 2117 for (vp = sdp->vpage; vp < evp; vp++) 2118 VPP_SETPROT(vp, sdp->prot); 2119 } 2120 /* 2121 * Now go change the needed vpages protections. 2122 */ 2123 evp = &sdp->vpage[seg_page(seg, addr + len)]; 2124 for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) 2125 VPP_SETPROT(vp, prot); 2126 } 2127 mutex_exit(&sdp->lock); 2128 2129 if (dhp_head != NULL) { 2130 devmap_handle_t *tdhp; 2131 /* 2132 * If large page size was used in hat_devload(), 2133 * the same page size must be used in hat_unload(). 2134 */ 2135 dhp = tdhp = devmap_find_handle(dhp_head, addr); 2136 while (tdhp != NULL) { 2137 if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) { 2138 break; 2139 } 2140 tdhp = tdhp->dh_next; 2141 } 2142 if (tdhp) { 2143 size_t slen = len; 2144 size_t mlen; 2145 size_t soff; 2146 2147 soff = (ulong_t)(addr - dhp->dh_uvaddr); 2148 while (slen != 0) { 2149 mlen = MIN(slen, (dhp->dh_len - soff)); 2150 hat_unload(seg->s_as->a_hat, dhp->dh_uvaddr, 2151 dhp->dh_len, HAT_UNLOAD); 2152 dhp = dhp->dh_next; 2153 ASSERT(slen >= mlen); 2154 slen -= mlen; 2155 soff = 0; 2156 } 2157 return (0); 2158 } 2159 } 2160 2161 if ((prot & ~PROT_USER) == PROT_NONE) { 2162 hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD); 2163 } else { 2164 /* 2165 * RFE: the segment should keep track of all attributes 2166 * allowing us to remove the deprecated hat_chgprot 2167 * and use hat_chgattr. 2168 */ 2169 hat_chgprot(seg->s_as->a_hat, addr, len, prot); 2170 } 2171 2172 return (0); 2173 } 2174 2175 static int 2176 segdev_checkprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot) 2177 { 2178 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2179 struct vpage *vp, *evp; 2180 2181 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_CHECKPROT, 2182 "segdev_checkprot:start seg=%p addr=%p len=%lx prot=%x", 2183 (void *)seg, (void *)addr, len, prot); 2184 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2185 2186 /* 2187 * If segment protection can be used, simply check against them 2188 */ 2189 mutex_enter(&sdp->lock); 2190 if (sdp->pageprot == 0) { 2191 register int err; 2192 2193 err = ((sdp->prot & prot) != prot) ? EACCES : 0; 2194 mutex_exit(&sdp->lock); 2195 return (err); 2196 } 2197 2198 /* 2199 * Have to check down to the vpage level 2200 */ 2201 evp = &sdp->vpage[seg_page(seg, addr + len)]; 2202 for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) { 2203 if ((VPP_PROT(vp) & prot) != prot) { 2204 mutex_exit(&sdp->lock); 2205 return (EACCES); 2206 } 2207 } 2208 mutex_exit(&sdp->lock); 2209 return (0); 2210 } 2211 2212 static int 2213 segdev_getprot(struct seg *seg, caddr_t addr, size_t len, uint_t *protv) 2214 { 2215 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2216 size_t pgno; 2217 2218 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_GETPROT, 2219 "segdev_getprot:start seg=%p addr=%p len=%lx protv=%p", 2220 (void *)seg, (void *)addr, len, (void *)protv); 2221 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2222 2223 pgno = seg_page(seg, addr + len) - seg_page(seg, addr) + 1; 2224 if (pgno != 0) { 2225 mutex_enter(&sdp->lock); 2226 if (sdp->pageprot == 0) { 2227 do 2228 protv[--pgno] = sdp->prot; 2229 while (pgno != 0); 2230 } else { 2231 size_t pgoff = seg_page(seg, addr); 2232 2233 do { 2234 pgno--; 2235 protv[pgno] = 2236 VPP_PROT(&sdp->vpage[pgno + pgoff]); 2237 } while (pgno != 0); 2238 } 2239 mutex_exit(&sdp->lock); 2240 } 2241 return (0); 2242 } 2243 2244 static u_offset_t 2245 segdev_getoffset(register struct seg *seg, caddr_t addr) 2246 { 2247 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2248 2249 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETOFFSET, 2250 "segdev_getoffset:start seg=%p addr=%p", (void *)seg, (void *)addr); 2251 2252 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2253 2254 return ((u_offset_t)sdp->offset + (addr - seg->s_base)); 2255 } 2256 2257 /*ARGSUSED*/ 2258 static int 2259 segdev_gettype(register struct seg *seg, caddr_t addr) 2260 { 2261 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2262 2263 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETTYPE, 2264 "segdev_gettype:start seg=%p addr=%p", (void *)seg, (void *)addr); 2265 2266 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2267 2268 return (sdp->type); 2269 } 2270 2271 2272 /*ARGSUSED*/ 2273 static int 2274 segdev_getvp(register struct seg *seg, caddr_t addr, struct vnode **vpp) 2275 { 2276 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2277 2278 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETVP, 2279 "segdev_getvp:start seg=%p addr=%p", (void *)seg, (void *)addr); 2280 2281 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2282 2283 /* 2284 * Note that this vp is the common_vp of the device, where the 2285 * pages are hung .. 2286 */ 2287 *vpp = VTOCVP(sdp->vp); 2288 2289 return (0); 2290 } 2291 2292 static void 2293 segdev_badop(void) 2294 { 2295 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGDEV_BADOP, 2296 "segdev_badop:start"); 2297 panic("segdev_badop"); 2298 /*NOTREACHED*/ 2299 } 2300 2301 /* 2302 * segdev pages are not in the cache, and thus can't really be controlled. 2303 * Hence, syncs are simply always successful. 2304 */ 2305 /*ARGSUSED*/ 2306 static int 2307 segdev_sync(struct seg *seg, caddr_t addr, size_t len, int attr, uint_t flags) 2308 { 2309 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SYNC, "segdev_sync:start"); 2310 2311 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2312 2313 return (0); 2314 } 2315 2316 /* 2317 * segdev pages are always "in core". 2318 */ 2319 /*ARGSUSED*/ 2320 static size_t 2321 segdev_incore(struct seg *seg, caddr_t addr, size_t len, char *vec) 2322 { 2323 size_t v = 0; 2324 2325 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_INCORE, "segdev_incore:start"); 2326 2327 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2328 2329 for (len = (len + PAGEOFFSET) & PAGEMASK; len; len -= PAGESIZE, 2330 v += PAGESIZE) 2331 *vec++ = 1; 2332 return (v); 2333 } 2334 2335 /* 2336 * segdev pages are not in the cache, and thus can't really be controlled. 2337 * Hence, locks are simply always successful. 2338 */ 2339 /*ARGSUSED*/ 2340 static int 2341 segdev_lockop(struct seg *seg, caddr_t addr, 2342 size_t len, int attr, int op, ulong_t *lockmap, size_t pos) 2343 { 2344 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_LOCKOP, "segdev_lockop:start"); 2345 2346 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2347 2348 return (0); 2349 } 2350 2351 /* 2352 * segdev pages are not in the cache, and thus can't really be controlled. 2353 * Hence, advise is simply always successful. 2354 */ 2355 /*ARGSUSED*/ 2356 static int 2357 segdev_advise(struct seg *seg, caddr_t addr, size_t len, uint_t behav) 2358 { 2359 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_ADVISE, "segdev_advise:start"); 2360 2361 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2362 2363 return (0); 2364 } 2365 2366 /* 2367 * segdev pages are not dumped, so we just return 2368 */ 2369 /*ARGSUSED*/ 2370 static void 2371 segdev_dump(struct seg *seg) 2372 {} 2373 2374 /* 2375 * ddi_segmap_setup: Used by drivers who wish specify mapping attributes 2376 * for a segment. Called from a drivers segmap(9E) 2377 * routine. 2378 */ 2379 /*ARGSUSED*/ 2380 int 2381 ddi_segmap_setup(dev_t dev, off_t offset, struct as *as, caddr_t *addrp, 2382 off_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cred, 2383 ddi_device_acc_attr_t *accattrp, uint_t rnumber) 2384 { 2385 struct segdev_crargs dev_a; 2386 int (*mapfunc)(dev_t dev, off_t off, int prot); 2387 uint_t hat_attr; 2388 pfn_t pfn; 2389 int error, i; 2390 2391 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP_SETUP, 2392 "ddi_segmap_setup:start"); 2393 2394 if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev) 2395 return (ENODEV); 2396 2397 /* 2398 * Character devices that support the d_mmap 2399 * interface can only be mmap'ed shared. 2400 */ 2401 if ((flags & MAP_TYPE) != MAP_SHARED) 2402 return (EINVAL); 2403 2404 /* 2405 * Check that this region is indeed mappable on this platform. 2406 * Use the mapping function. 2407 */ 2408 if (ddi_device_mapping_check(dev, accattrp, rnumber, &hat_attr) == -1) 2409 return (ENXIO); 2410 2411 /* 2412 * Check to ensure that the entire range is 2413 * legal and we are not trying to map in 2414 * more than the device will let us. 2415 */ 2416 for (i = 0; i < len; i += PAGESIZE) { 2417 if (i == 0) { 2418 /* 2419 * Save the pfn at offset here. This pfn will be 2420 * used later to get user address. 2421 */ 2422 if ((pfn = (pfn_t)cdev_mmap(mapfunc, dev, offset, 2423 maxprot)) == PFN_INVALID) 2424 return (ENXIO); 2425 } else { 2426 if (cdev_mmap(mapfunc, dev, offset + i, maxprot) == 2427 PFN_INVALID) 2428 return (ENXIO); 2429 } 2430 } 2431 2432 as_rangelock(as); 2433 if ((flags & MAP_FIXED) == 0) { 2434 /* 2435 * Pick an address w/o worrying about 2436 * any vac alignment constraints. 2437 */ 2438 map_addr(addrp, len, ptob(pfn), 0, flags); 2439 if (*addrp == NULL) { 2440 as_rangeunlock(as); 2441 return (ENOMEM); 2442 } 2443 } else { 2444 /* 2445 * User-specified address; blow away any previous mappings. 2446 */ 2447 (void) as_unmap(as, *addrp, len); 2448 } 2449 2450 dev_a.mapfunc = mapfunc; 2451 dev_a.dev = dev; 2452 dev_a.offset = (offset_t)offset; 2453 dev_a.type = flags & MAP_TYPE; 2454 dev_a.prot = (uchar_t)prot; 2455 dev_a.maxprot = (uchar_t)maxprot; 2456 dev_a.hat_attr = hat_attr; 2457 dev_a.hat_flags = 0; 2458 dev_a.devmap_data = NULL; 2459 2460 error = as_map(as, *addrp, len, segdev_create, &dev_a); 2461 as_rangeunlock(as); 2462 return (error); 2463 2464 } 2465 2466 /*ARGSUSED*/ 2467 static int 2468 segdev_pagelock(struct seg *seg, caddr_t addr, size_t len, 2469 struct page ***ppp, enum lock_type type, enum seg_rw rw) 2470 { 2471 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_PAGELOCK, 2472 "segdev_pagelock:start"); 2473 return (ENOTSUP); 2474 } 2475 2476 /*ARGSUSED*/ 2477 static int 2478 segdev_setpagesize(struct seg *seg, caddr_t addr, size_t len, 2479 uint_t szc) 2480 { 2481 return (ENOTSUP); 2482 } 2483 2484 /* 2485 * devmap_device: Used by devmap framework to establish mapping 2486 * called by devmap_seup(9F) during map setup time. 2487 */ 2488 /*ARGSUSED*/ 2489 static int 2490 devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr, 2491 offset_t off, size_t len, uint_t flags) 2492 { 2493 devmap_handle_t *rdhp, *maxdhp; 2494 struct segdev_crargs dev_a; 2495 int err; 2496 uint_t maxprot = PROT_ALL; 2497 offset_t offset = 0; 2498 pfn_t pfn; 2499 struct devmap_pmem_cookie *pcp; 2500 2501 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVICE, 2502 "devmap_device:start dhp=%p addr=%p off=%llx, len=%lx", 2503 (void *)dhp, (void *)addr, off, len); 2504 2505 DEBUGF(2, (CE_CONT, "devmap_device: dhp %p addr %p off %llx len %lx\n", 2506 (void *)dhp, (void *)addr, off, len)); 2507 2508 as_rangelock(as); 2509 if ((flags & MAP_FIXED) == 0) { 2510 offset_t aligned_off; 2511 2512 rdhp = maxdhp = dhp; 2513 while (rdhp != NULL) { 2514 maxdhp = (maxdhp->dh_len > rdhp->dh_len) ? 2515 maxdhp : rdhp; 2516 rdhp = rdhp->dh_next; 2517 maxprot |= dhp->dh_maxprot; 2518 } 2519 offset = maxdhp->dh_uoff - dhp->dh_uoff; 2520 2521 /* 2522 * Use the dhp that has the 2523 * largest len to get user address. 2524 */ 2525 /* 2526 * If MAPPING_INVALID, cannot use dh_pfn/dh_cvaddr, 2527 * use 0 which is as good as any other. 2528 */ 2529 if (maxdhp->dh_flags & DEVMAP_MAPPING_INVALID) { 2530 aligned_off = (offset_t)0; 2531 } else if (dhp_is_devmem(maxdhp)) { 2532 aligned_off = (offset_t)ptob(maxdhp->dh_pfn) - offset; 2533 } else if (dhp_is_pmem(maxdhp)) { 2534 pcp = (struct devmap_pmem_cookie *)maxdhp->dh_pcookie; 2535 pfn = page_pptonum( 2536 pcp->dp_pparray[btop(maxdhp->dh_roff)]); 2537 aligned_off = (offset_t)ptob(pfn) - offset; 2538 } else { 2539 aligned_off = (offset_t)(uintptr_t)maxdhp->dh_cvaddr - 2540 offset; 2541 } 2542 2543 /* 2544 * Pick an address aligned to dh_cookie. 2545 * for kernel memory/user memory, cookie is cvaddr. 2546 * for device memory, cookie is physical address. 2547 */ 2548 map_addr(addr, len, aligned_off, 1, flags); 2549 if (*addr == NULL) { 2550 as_rangeunlock(as); 2551 return (ENOMEM); 2552 } 2553 } else { 2554 /* 2555 * User-specified address; blow away any previous mappings. 2556 */ 2557 (void) as_unmap(as, *addr, len); 2558 } 2559 2560 dev_a.mapfunc = NULL; 2561 dev_a.dev = dhp->dh_dev; 2562 dev_a.type = flags & MAP_TYPE; 2563 dev_a.offset = off; 2564 /* 2565 * sdp->maxprot has the least restrict protection of all dhps. 2566 */ 2567 dev_a.maxprot = maxprot; 2568 dev_a.prot = dhp->dh_prot; 2569 /* 2570 * devmap uses dhp->dh_hat_attr for hat. 2571 */ 2572 dev_a.hat_flags = 0; 2573 dev_a.hat_attr = 0; 2574 dev_a.devmap_data = (void *)dhp; 2575 2576 err = as_map(as, *addr, len, segdev_create, &dev_a); 2577 as_rangeunlock(as); 2578 return (err); 2579 } 2580 2581 int 2582 devmap_do_ctxmgt(devmap_cookie_t dhc, void *pvtp, offset_t off, size_t len, 2583 uint_t type, uint_t rw, int (*ctxmgt)(devmap_cookie_t, void *, offset_t, 2584 size_t, uint_t, uint_t)) 2585 { 2586 register devmap_handle_t *dhp = (devmap_handle_t *)dhc; 2587 struct devmap_ctx *devctx; 2588 int do_timeout = 0; 2589 int ret; 2590 2591 #ifdef lint 2592 pvtp = pvtp; 2593 #endif 2594 2595 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT, 2596 "devmap_do_ctxmgt:start dhp=%p off=%llx, len=%lx", 2597 (void *)dhp, off, len); 2598 DEBUGF(7, (CE_CONT, "devmap_do_ctxmgt: dhp %p off %llx len %lx\n", 2599 (void *)dhp, off, len)); 2600 2601 if (ctxmgt == NULL) 2602 return (FC_HWERR); 2603 2604 devctx = dhp->dh_ctx; 2605 2606 /* 2607 * If we are on an MP system with more than one cpu running 2608 * and if a thread on some CPU already has the context, wait 2609 * for it to finish if there is a hysteresis timeout. 2610 * 2611 * We call cv_wait() instead of cv_wait_sig() because 2612 * it does not matter much if it returned due to a signal 2613 * or due to a cv_signal() or cv_broadcast(). In either event 2614 * we need to complete the mapping otherwise the processes 2615 * will die with a SEGV. 2616 */ 2617 if ((dhp->dh_timeout_length > 0) && (ncpus > 1)) { 2618 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK1, 2619 "devmap_do_ctxmgt:doing hysteresis, devctl %p dhp %p", 2620 devctx, dhp); 2621 do_timeout = 1; 2622 mutex_enter(&devctx->lock); 2623 while (devctx->oncpu) 2624 cv_wait(&devctx->cv, &devctx->lock); 2625 devctx->oncpu = 1; 2626 mutex_exit(&devctx->lock); 2627 } 2628 2629 /* 2630 * Call the contextmgt callback so that the driver can handle 2631 * the fault. 2632 */ 2633 ret = (*ctxmgt)(dhp, dhp->dh_pvtp, off, len, type, rw); 2634 2635 /* 2636 * If devmap_access() returned -1, then there was a hardware 2637 * error so we need to convert the return value to something 2638 * that trap() will understand. Otherwise, the return value 2639 * is already a fault code generated by devmap_unload() 2640 * or devmap_load(). 2641 */ 2642 if (ret) { 2643 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK2, 2644 "devmap_do_ctxmgt: ret=%x dhp=%p devctx=%p", 2645 ret, dhp, devctx); 2646 DEBUGF(1, (CE_CONT, "devmap_do_ctxmgt: ret %x dhp %p\n", 2647 ret, (void *)dhp)); 2648 if (devctx->oncpu) { 2649 mutex_enter(&devctx->lock); 2650 devctx->oncpu = 0; 2651 cv_signal(&devctx->cv); 2652 mutex_exit(&devctx->lock); 2653 } 2654 return (FC_HWERR); 2655 } 2656 2657 /* 2658 * Setup the timeout if we need to 2659 */ 2660 if (do_timeout) { 2661 mutex_enter(&devctx->lock); 2662 if (dhp->dh_timeout_length > 0) { 2663 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK3, 2664 "devmap_do_ctxmgt:timeout set"); 2665 devctx->timeout = timeout(devmap_ctxto, 2666 devctx, dhp->dh_timeout_length); 2667 } else { 2668 /* 2669 * We don't want to wait so set oncpu to 2670 * 0 and wake up anyone waiting. 2671 */ 2672 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK4, 2673 "devmap_do_ctxmgt:timeout not set"); 2674 devctx->oncpu = 0; 2675 cv_signal(&devctx->cv); 2676 } 2677 mutex_exit(&devctx->lock); 2678 } 2679 2680 return (DDI_SUCCESS); 2681 } 2682 2683 /* 2684 * end of mapping 2685 * poff fault_offset | 2686 * base | | | 2687 * | | | | 2688 * V V V V 2689 * +-----------+---------------+-------+---------+-------+ 2690 * ^ ^ ^ ^ 2691 * |<--- offset--->|<-len->| | 2692 * |<--- dh_len(size of mapping) --->| 2693 * |<-- pg -->| 2694 * -->|rlen|<-- 2695 */ 2696 static ulong_t 2697 devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len, 2698 ulong_t *opfn, ulong_t *pagesize) 2699 { 2700 register int level; 2701 ulong_t pg; 2702 ulong_t poff; 2703 ulong_t base; 2704 caddr_t uvaddr; 2705 long rlen; 2706 2707 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP, 2708 "devmap_roundup:start dhp=%p off=%lx len=%lx", 2709 (void *)dhp, offset, len); 2710 DEBUGF(2, (CE_CONT, "devmap_roundup: dhp %p off %lx len %lx\n", 2711 (void *)dhp, offset, len)); 2712 2713 /* 2714 * get the max. pagesize that is aligned within the range 2715 * <dh_pfn, dh_pfn+offset>. 2716 * 2717 * The calculations below use physical address to ddetermine 2718 * the page size to use. The same calculations can use the 2719 * virtual address to determine the page size. 2720 */ 2721 base = (ulong_t)ptob(dhp->dh_pfn); 2722 for (level = dhp->dh_mmulevel; level >= 0; level--) { 2723 pg = page_get_pagesize(level); 2724 poff = ((base + offset) & ~(pg - 1)); 2725 uvaddr = dhp->dh_uvaddr + (poff - base); 2726 if ((poff >= base) && 2727 ((poff + pg) <= (base + dhp->dh_len)) && 2728 VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg)) 2729 break; 2730 } 2731 2732 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK1, 2733 "devmap_roundup: base=%lx poff=%lx dhp=%p", 2734 base, poff, dhp); 2735 DEBUGF(2, (CE_CONT, "devmap_roundup: base %lx poff %lx pfn %lx\n", 2736 base, poff, dhp->dh_pfn)); 2737 2738 ASSERT(VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg)); 2739 ASSERT(level >= 0); 2740 2741 *pagesize = pg; 2742 *opfn = dhp->dh_pfn + btop(poff - base); 2743 2744 rlen = len + offset - (poff - base + pg); 2745 2746 ASSERT(rlen < (long)len); 2747 2748 TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK2, 2749 "devmap_roundup:ret dhp=%p level=%x rlen=%lx psiz=%p opfn=%p", 2750 (void *)dhp, level, rlen, pagesize, opfn); 2751 DEBUGF(1, (CE_CONT, "devmap_roundup: dhp %p " 2752 "level %x rlen %lx psize %lx opfn %lx\n", 2753 (void *)dhp, level, rlen, *pagesize, *opfn)); 2754 2755 return ((ulong_t)((rlen > 0) ? rlen : 0)); 2756 } 2757 2758 /* 2759 * find the dhp that contains addr. 2760 */ 2761 static devmap_handle_t * 2762 devmap_find_handle(devmap_handle_t *dhp_head, caddr_t addr) 2763 { 2764 devmap_handle_t *dhp; 2765 2766 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_FIND_HANDLE, 2767 "devmap_find_handle:start"); 2768 2769 dhp = dhp_head; 2770 while (dhp) { 2771 if (addr >= dhp->dh_uvaddr && 2772 addr < (dhp->dh_uvaddr + dhp->dh_len)) 2773 return (dhp); 2774 dhp = dhp->dh_next; 2775 } 2776 2777 return ((devmap_handle_t *)NULL); 2778 } 2779 2780 /* 2781 * devmap_unload: 2782 * Marks a segdev segment or pages if offset->offset+len 2783 * is not the entire segment as intercept and unloads the 2784 * pages in the range offset -> offset+len. 2785 */ 2786 int 2787 devmap_unload(devmap_cookie_t dhc, offset_t offset, size_t len) 2788 { 2789 register devmap_handle_t *dhp = (devmap_handle_t *)dhc; 2790 caddr_t addr; 2791 ulong_t size; 2792 ssize_t soff; 2793 2794 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_UNLOAD, 2795 "devmap_unload:start dhp=%p offset=%llx len=%lx", 2796 (void *)dhp, offset, len); 2797 DEBUGF(7, (CE_CONT, "devmap_unload: dhp %p offset %llx len %lx\n", 2798 (void *)dhp, offset, len)); 2799 2800 soff = (ssize_t)(offset - dhp->dh_uoff); 2801 soff = round_down_p2(soff, PAGESIZE); 2802 if (soff < 0 || soff >= dhp->dh_len) 2803 return (FC_MAKE_ERR(EINVAL)); 2804 2805 /* 2806 * Address and size must be page aligned. Len is set to the 2807 * number of bytes in the number of pages that are required to 2808 * support len. Offset is set to the byte offset of the first byte 2809 * of the page that contains offset. 2810 */ 2811 len = round_up_p2(len, PAGESIZE); 2812 2813 /* 2814 * If len is == 0, then calculate the size by getting 2815 * the number of bytes from offset to the end of the segment. 2816 */ 2817 if (len == 0) 2818 size = dhp->dh_len - soff; 2819 else { 2820 size = len; 2821 if ((soff + size) > dhp->dh_len) 2822 return (FC_MAKE_ERR(EINVAL)); 2823 } 2824 2825 /* 2826 * The address is offset bytes from the base address of 2827 * the dhp. 2828 */ 2829 addr = (caddr_t)(soff + dhp->dh_uvaddr); 2830 2831 /* 2832 * If large page size was used in hat_devload(), 2833 * the same page size must be used in hat_unload(). 2834 */ 2835 if (dhp->dh_flags & DEVMAP_FLAG_LARGE) { 2836 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 2837 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 2838 } else { 2839 hat_unload(dhp->dh_seg->s_as->a_hat, addr, size, 2840 HAT_UNLOAD|HAT_UNLOAD_OTHER); 2841 } 2842 2843 return (0); 2844 } 2845 2846 /* 2847 * calculates the optimal page size that will be used for hat_devload(). 2848 */ 2849 static void 2850 devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, caddr_t addr, 2851 size_t *llen, caddr_t *laddr) 2852 { 2853 ulong_t off; 2854 ulong_t pfn; 2855 ulong_t pgsize; 2856 uint_t first = 1; 2857 2858 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GET_LARGE_PGSIZE, 2859 "devmap_get_large_pgsize:start"); 2860 2861 /* 2862 * RFE - Code only supports large page mappings for devmem 2863 * This code could be changed in future if we want to support 2864 * large page mappings for kernel exported memory. 2865 */ 2866 ASSERT(dhp_is_devmem(dhp)); 2867 ASSERT(!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)); 2868 2869 *llen = 0; 2870 off = (ulong_t)(addr - dhp->dh_uvaddr); 2871 while ((long)len > 0) { 2872 /* 2873 * get the optimal pfn to minimize address translations. 2874 * devmap_roundup() returns residue bytes for next round 2875 * calculations. 2876 */ 2877 len = devmap_roundup(dhp, off, len, &pfn, &pgsize); 2878 2879 if (first) { 2880 *laddr = dhp->dh_uvaddr + ptob(pfn - dhp->dh_pfn); 2881 first = 0; 2882 } 2883 2884 *llen += pgsize; 2885 off = ptob(pfn - dhp->dh_pfn) + pgsize; 2886 } 2887 /* Large page mapping len/addr cover more range than orginal fault */ 2888 ASSERT(*llen >= len && *laddr <= addr); 2889 ASSERT((*laddr + *llen) >= (addr + len)); 2890 } 2891 2892 /* 2893 * Initialize the devmap_softlock structure. 2894 */ 2895 static struct devmap_softlock * 2896 devmap_softlock_init(dev_t dev, ulong_t id) 2897 { 2898 struct devmap_softlock *slock; 2899 struct devmap_softlock *tmp; 2900 2901 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_INIT, 2902 "devmap_softlock_init:start"); 2903 2904 tmp = kmem_zalloc(sizeof (struct devmap_softlock), KM_SLEEP); 2905 mutex_enter(&devmap_slock); 2906 2907 for (slock = devmap_slist; slock != NULL; slock = slock->next) 2908 if ((slock->dev == dev) && (slock->id == id)) 2909 break; 2910 2911 if (slock == NULL) { 2912 slock = tmp; 2913 slock->dev = dev; 2914 slock->id = id; 2915 mutex_init(&slock->lock, NULL, MUTEX_DEFAULT, NULL); 2916 cv_init(&slock->cv, NULL, CV_DEFAULT, NULL); 2917 slock->next = devmap_slist; 2918 devmap_slist = slock; 2919 } else 2920 kmem_free(tmp, sizeof (struct devmap_softlock)); 2921 2922 mutex_enter(&slock->lock); 2923 slock->refcnt++; 2924 mutex_exit(&slock->lock); 2925 mutex_exit(&devmap_slock); 2926 2927 return (slock); 2928 } 2929 2930 /* 2931 * Wake up processes that sleep on softlocked. 2932 * Free dh_softlock if refcnt is 0. 2933 */ 2934 static void 2935 devmap_softlock_rele(devmap_handle_t *dhp) 2936 { 2937 struct devmap_softlock *slock = dhp->dh_softlock; 2938 struct devmap_softlock *tmp; 2939 struct devmap_softlock *parent; 2940 2941 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_RELE, 2942 "devmap_softlock_rele:start"); 2943 2944 mutex_enter(&devmap_slock); 2945 mutex_enter(&slock->lock); 2946 2947 ASSERT(slock->refcnt > 0); 2948 2949 slock->refcnt--; 2950 2951 /* 2952 * If no one is using the device, free up the slock data. 2953 */ 2954 if (slock->refcnt == 0) { 2955 slock->softlocked = 0; 2956 cv_signal(&slock->cv); 2957 2958 if (devmap_slist == slock) 2959 devmap_slist = slock->next; 2960 else { 2961 parent = devmap_slist; 2962 for (tmp = devmap_slist->next; tmp != NULL; 2963 tmp = tmp->next) { 2964 if (tmp == slock) { 2965 parent->next = tmp->next; 2966 break; 2967 } 2968 parent = tmp; 2969 } 2970 } 2971 mutex_exit(&slock->lock); 2972 mutex_destroy(&slock->lock); 2973 cv_destroy(&slock->cv); 2974 kmem_free(slock, sizeof (struct devmap_softlock)); 2975 } else 2976 mutex_exit(&slock->lock); 2977 2978 mutex_exit(&devmap_slock); 2979 } 2980 2981 /* 2982 * Wake up processes that sleep on dh_ctx->locked. 2983 * Free dh_ctx if refcnt is 0. 2984 */ 2985 static void 2986 devmap_ctx_rele(devmap_handle_t *dhp) 2987 { 2988 struct devmap_ctx *devctx = dhp->dh_ctx; 2989 struct devmap_ctx *tmp; 2990 struct devmap_ctx *parent; 2991 timeout_id_t tid; 2992 2993 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE, 2994 "devmap_ctx_rele:start"); 2995 2996 mutex_enter(&devmapctx_lock); 2997 mutex_enter(&devctx->lock); 2998 2999 ASSERT(devctx->refcnt > 0); 3000 3001 devctx->refcnt--; 3002 3003 /* 3004 * If no one is using the device, free up the devctx data. 3005 */ 3006 if (devctx->refcnt == 0) { 3007 /* 3008 * Untimeout any threads using this mapping as they are about 3009 * to go away. 3010 */ 3011 if (devctx->timeout != 0) { 3012 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE_CK1, 3013 "devmap_ctx_rele:untimeout ctx->timeout"); 3014 3015 tid = devctx->timeout; 3016 mutex_exit(&devctx->lock); 3017 (void) untimeout(tid); 3018 mutex_enter(&devctx->lock); 3019 } 3020 3021 devctx->oncpu = 0; 3022 cv_signal(&devctx->cv); 3023 3024 if (devmapctx_list == devctx) 3025 devmapctx_list = devctx->next; 3026 else { 3027 parent = devmapctx_list; 3028 for (tmp = devmapctx_list->next; tmp != NULL; 3029 tmp = tmp->next) { 3030 if (tmp == devctx) { 3031 parent->next = tmp->next; 3032 break; 3033 } 3034 parent = tmp; 3035 } 3036 } 3037 mutex_exit(&devctx->lock); 3038 mutex_destroy(&devctx->lock); 3039 cv_destroy(&devctx->cv); 3040 kmem_free(devctx, sizeof (struct devmap_ctx)); 3041 } else 3042 mutex_exit(&devctx->lock); 3043 3044 mutex_exit(&devmapctx_lock); 3045 } 3046 3047 /* 3048 * devmap_load: 3049 * Marks a segdev segment or pages if offset->offset+len 3050 * is not the entire segment as nointercept and faults in 3051 * the pages in the range offset -> offset+len. 3052 */ 3053 int 3054 devmap_load(devmap_cookie_t dhc, offset_t offset, size_t len, uint_t type, 3055 uint_t rw) 3056 { 3057 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3058 struct as *asp = dhp->dh_seg->s_as; 3059 caddr_t addr; 3060 ulong_t size; 3061 ssize_t soff; /* offset from the beginning of the segment */ 3062 int rc; 3063 3064 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_LOAD, 3065 "devmap_load:start dhp=%p offset=%llx len=%lx", 3066 (void *)dhp, offset, len); 3067 3068 DEBUGF(7, (CE_CONT, "devmap_load: dhp %p offset %llx len %lx\n", 3069 (void *)dhp, offset, len)); 3070 3071 /* 3072 * Hat layer only supports devload to process' context for which 3073 * the as lock is held. Verify here and return error if drivers 3074 * inadvertently call devmap_load on a wrong devmap handle. 3075 */ 3076 if ((asp != &kas) && !AS_LOCK_HELD(asp, &asp->a_lock)) 3077 return (FC_MAKE_ERR(EINVAL)); 3078 3079 soff = (ssize_t)(offset - dhp->dh_uoff); 3080 soff = round_down_p2(soff, PAGESIZE); 3081 if (soff < 0 || soff >= dhp->dh_len) 3082 return (FC_MAKE_ERR(EINVAL)); 3083 3084 /* 3085 * Address and size must be page aligned. Len is set to the 3086 * number of bytes in the number of pages that are required to 3087 * support len. Offset is set to the byte offset of the first byte 3088 * of the page that contains offset. 3089 */ 3090 len = round_up_p2(len, PAGESIZE); 3091 3092 /* 3093 * If len == 0, then calculate the size by getting 3094 * the number of bytes from offset to the end of the segment. 3095 */ 3096 if (len == 0) 3097 size = dhp->dh_len - soff; 3098 else { 3099 size = len; 3100 if ((soff + size) > dhp->dh_len) 3101 return (FC_MAKE_ERR(EINVAL)); 3102 } 3103 3104 /* 3105 * The address is offset bytes from the base address of 3106 * the segment. 3107 */ 3108 addr = (caddr_t)(soff + dhp->dh_uvaddr); 3109 3110 HOLD_DHP_LOCK(dhp); 3111 rc = segdev_faultpages(asp->a_hat, 3112 dhp->dh_seg, addr, size, type, rw, dhp); 3113 RELE_DHP_LOCK(dhp); 3114 return (rc); 3115 } 3116 3117 int 3118 devmap_setup(dev_t dev, offset_t off, struct as *as, caddr_t *addrp, 3119 size_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred) 3120 { 3121 register devmap_handle_t *dhp; 3122 int (*devmap)(dev_t, devmap_cookie_t, offset_t, size_t, 3123 size_t *, uint_t); 3124 int (*mmap)(dev_t, off_t, int); 3125 struct devmap_callback_ctl *callbackops; 3126 devmap_handle_t *dhp_head = NULL; 3127 devmap_handle_t *dhp_prev = NULL; 3128 devmap_handle_t *dhp_curr; 3129 caddr_t addr; 3130 int map_flag; 3131 int ret; 3132 ulong_t total_len; 3133 size_t map_len; 3134 size_t resid_len = len; 3135 offset_t map_off = off; 3136 struct devmap_softlock *slock = NULL; 3137 3138 #ifdef lint 3139 cred = cred; 3140 #endif 3141 3142 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SETUP, 3143 "devmap_setup:start off=%llx len=%lx", off, len); 3144 DEBUGF(3, (CE_CONT, "devmap_setup: off %llx len %lx\n", 3145 off, len)); 3146 3147 devmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_devmap; 3148 mmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap; 3149 3150 /* 3151 * driver must provide devmap(9E) entry point in cb_ops to use the 3152 * devmap framework. 3153 */ 3154 if (devmap == NULL || devmap == nulldev || devmap == nodev) 3155 return (EINVAL); 3156 3157 /* 3158 * To protect from an inadvertent entry because the devmap entry point 3159 * is not NULL, return error if D_DEVMAP bit is not set in cb_flag and 3160 * mmap is NULL. 3161 */ 3162 map_flag = devopsp[getmajor(dev)]->devo_cb_ops->cb_flag; 3163 if ((map_flag & D_DEVMAP) == 0 && (mmap == NULL || mmap == nulldev)) 3164 return (EINVAL); 3165 3166 /* 3167 * devmap allows mmap(2) to map multiple registers. 3168 * one devmap_handle is created for each register mapped. 3169 */ 3170 for (total_len = 0; total_len < len; total_len += map_len) { 3171 dhp = kmem_zalloc(sizeof (devmap_handle_t), KM_SLEEP); 3172 3173 if (dhp_prev != NULL) 3174 dhp_prev->dh_next = dhp; 3175 else 3176 dhp_head = dhp; 3177 dhp_prev = dhp; 3178 3179 dhp->dh_prot = prot; 3180 dhp->dh_orig_maxprot = dhp->dh_maxprot = maxprot; 3181 dhp->dh_dev = dev; 3182 dhp->dh_timeout_length = CTX_TIMEOUT_VALUE; 3183 dhp->dh_uoff = map_off; 3184 3185 /* 3186 * Get mapping specific info from 3187 * the driver, such as rnumber, roff, len, callbackops, 3188 * accattrp and, if the mapping is for kernel memory, 3189 * ddi_umem_cookie. 3190 */ 3191 if ((ret = cdev_devmap(dev, dhp, map_off, 3192 resid_len, &map_len, get_udatamodel())) != 0) { 3193 free_devmap_handle(dhp_head); 3194 return (ENXIO); 3195 } 3196 3197 if (map_len & PAGEOFFSET) { 3198 free_devmap_handle(dhp_head); 3199 return (EINVAL); 3200 } 3201 3202 callbackops = &dhp->dh_callbackops; 3203 3204 if ((callbackops->devmap_access == NULL) || 3205 (callbackops->devmap_access == nulldev) || 3206 (callbackops->devmap_access == nodev)) { 3207 /* 3208 * Normally devmap does not support MAP_PRIVATE unless 3209 * the drivers provide a valid devmap_access routine. 3210 */ 3211 if ((flags & MAP_PRIVATE) != 0) { 3212 free_devmap_handle(dhp_head); 3213 return (EINVAL); 3214 } 3215 } else { 3216 /* 3217 * Initialize dhp_softlock and dh_ctx if the drivers 3218 * provide devmap_access. 3219 */ 3220 dhp->dh_softlock = devmap_softlock_init(dev, 3221 (ulong_t)callbackops->devmap_access); 3222 dhp->dh_ctx = devmap_ctxinit(dev, 3223 (ulong_t)callbackops->devmap_access); 3224 3225 /* 3226 * segdev_fault can only work when all 3227 * dh_softlock in a multi-dhp mapping 3228 * are same. see comments in segdev_fault 3229 * This code keeps track of the first 3230 * dh_softlock allocated in slock and 3231 * compares all later allocations and if 3232 * not similar, returns an error. 3233 */ 3234 if (slock == NULL) 3235 slock = dhp->dh_softlock; 3236 if (slock != dhp->dh_softlock) { 3237 free_devmap_handle(dhp_head); 3238 return (ENOTSUP); 3239 } 3240 } 3241 3242 map_off += map_len; 3243 resid_len -= map_len; 3244 } 3245 3246 /* 3247 * get the user virtual address and establish the mapping between 3248 * uvaddr and device physical address. 3249 */ 3250 if ((ret = devmap_device(dhp_head, as, addrp, off, len, flags)) 3251 != 0) { 3252 /* 3253 * free devmap handles if error during the mapping. 3254 */ 3255 free_devmap_handle(dhp_head); 3256 3257 return (ret); 3258 } 3259 3260 /* 3261 * call the driver's devmap_map callback to do more after the mapping, 3262 * such as to allocate driver private data for context management. 3263 */ 3264 dhp = dhp_head; 3265 map_off = off; 3266 addr = *addrp; 3267 while (dhp != NULL) { 3268 callbackops = &dhp->dh_callbackops; 3269 dhp->dh_uvaddr = addr; 3270 dhp_curr = dhp; 3271 if (callbackops->devmap_map != NULL) { 3272 ret = (*callbackops->devmap_map)((devmap_cookie_t)dhp, 3273 dev, flags, map_off, 3274 dhp->dh_len, &dhp->dh_pvtp); 3275 if (ret != 0) { 3276 struct segdev_data *sdp; 3277 3278 /* 3279 * call driver's devmap_unmap entry point 3280 * to free driver resources. 3281 */ 3282 dhp = dhp_head; 3283 map_off = off; 3284 while (dhp != dhp_curr) { 3285 callbackops = &dhp->dh_callbackops; 3286 if (callbackops->devmap_unmap != NULL) { 3287 (*callbackops->devmap_unmap)( 3288 dhp, dhp->dh_pvtp, 3289 map_off, dhp->dh_len, 3290 NULL, NULL, NULL, NULL); 3291 } 3292 map_off += dhp->dh_len; 3293 dhp = dhp->dh_next; 3294 } 3295 sdp = dhp_head->dh_seg->s_data; 3296 sdp->devmap_data = NULL; 3297 free_devmap_handle(dhp_head); 3298 return (ENXIO); 3299 } 3300 } 3301 map_off += dhp->dh_len; 3302 addr += dhp->dh_len; 3303 dhp = dhp->dh_next; 3304 } 3305 3306 return (0); 3307 } 3308 3309 int 3310 ddi_devmap_segmap(dev_t dev, off_t off, ddi_as_handle_t as, caddr_t *addrp, 3311 off_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred) 3312 { 3313 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP, 3314 "devmap_segmap:start"); 3315 return (devmap_setup(dev, (offset_t)off, (struct as *)as, addrp, 3316 (size_t)len, prot, maxprot, flags, cred)); 3317 } 3318 3319 /* 3320 * Called from devmap_devmem_setup/remap to see if can use large pages for 3321 * this device mapping. 3322 * Also calculate the max. page size for this mapping. 3323 * this page size will be used in fault routine for 3324 * optimal page size calculations. 3325 */ 3326 static void 3327 devmap_devmem_large_page_setup(devmap_handle_t *dhp) 3328 { 3329 ASSERT(dhp_is_devmem(dhp)); 3330 dhp->dh_mmulevel = 0; 3331 3332 /* 3333 * use large page size only if: 3334 * 1. device memory. 3335 * 2. mmu supports multiple page sizes, 3336 * 3. Driver did not disallow it 3337 * 4. dhp length is at least as big as the large pagesize 3338 * 5. the uvaddr and pfn are large pagesize aligned 3339 */ 3340 if (page_num_pagesizes() > 1 && 3341 !(dhp->dh_flags & (DEVMAP_USE_PAGESIZE | DEVMAP_MAPPING_INVALID))) { 3342 ulong_t base; 3343 int level; 3344 3345 base = (ulong_t)ptob(dhp->dh_pfn); 3346 for (level = 1; level < page_num_pagesizes(); level++) { 3347 size_t pgsize = page_get_pagesize(level); 3348 if ((dhp->dh_len < pgsize) || 3349 (!VA_PA_PGSIZE_ALIGNED((uintptr_t)dhp->dh_uvaddr, 3350 base, pgsize))) { 3351 break; 3352 } 3353 } 3354 dhp->dh_mmulevel = level - 1; 3355 } 3356 if (dhp->dh_mmulevel > 0) { 3357 dhp->dh_flags |= DEVMAP_FLAG_LARGE; 3358 } else { 3359 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3360 } 3361 } 3362 3363 /* 3364 * Called by driver devmap routine to pass device specific info to 3365 * the framework. used for device memory mapping only. 3366 */ 3367 int 3368 devmap_devmem_setup(devmap_cookie_t dhc, dev_info_t *dip, 3369 struct devmap_callback_ctl *callbackops, uint_t rnumber, offset_t roff, 3370 size_t len, uint_t maxprot, uint_t flags, ddi_device_acc_attr_t *accattrp) 3371 { 3372 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3373 ddi_acc_handle_t handle; 3374 ddi_map_req_t mr; 3375 ddi_acc_hdl_t *hp; 3376 int err; 3377 3378 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_SETUP, 3379 "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx", 3380 (void *)dhp, roff, rnumber, (uint_t)len); 3381 DEBUGF(2, (CE_CONT, "devmap_devmem_setup: dhp %p offset %llx " 3382 "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len)); 3383 3384 /* 3385 * First to check if this function has been called for this dhp. 3386 */ 3387 if (dhp->dh_flags & DEVMAP_SETUP_DONE) 3388 return (DDI_FAILURE); 3389 3390 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3391 return (DDI_FAILURE); 3392 3393 if (flags & DEVMAP_MAPPING_INVALID) { 3394 /* 3395 * Don't go up the tree to get pfn if the driver specifies 3396 * DEVMAP_MAPPING_INVALID in flags. 3397 * 3398 * If DEVMAP_MAPPING_INVALID is specified, we have to grant 3399 * remap permission. 3400 */ 3401 if (!(flags & DEVMAP_ALLOW_REMAP)) { 3402 return (DDI_FAILURE); 3403 } 3404 dhp->dh_pfn = PFN_INVALID; 3405 } else { 3406 handle = impl_acc_hdl_alloc(KM_SLEEP, NULL); 3407 if (handle == NULL) 3408 return (DDI_FAILURE); 3409 3410 hp = impl_acc_hdl_get(handle); 3411 hp->ah_vers = VERS_ACCHDL; 3412 hp->ah_dip = dip; 3413 hp->ah_rnumber = rnumber; 3414 hp->ah_offset = roff; 3415 hp->ah_len = len; 3416 if (accattrp != NULL) 3417 hp->ah_acc = *accattrp; 3418 3419 mr.map_op = DDI_MO_MAP_LOCKED; 3420 mr.map_type = DDI_MT_RNUMBER; 3421 mr.map_obj.rnumber = rnumber; 3422 mr.map_prot = maxprot & dhp->dh_orig_maxprot; 3423 mr.map_flags = DDI_MF_DEVICE_MAPPING; 3424 mr.map_handlep = hp; 3425 mr.map_vers = DDI_MAP_VERSION; 3426 3427 /* 3428 * up the device tree to get pfn. 3429 * The rootnex_map_regspec() routine in nexus drivers has been 3430 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING. 3431 */ 3432 err = ddi_map(dip, &mr, roff, len, (caddr_t *)&dhp->dh_pfn); 3433 dhp->dh_hat_attr = hp->ah_hat_flags; 3434 impl_acc_hdl_free(handle); 3435 3436 if (err) 3437 return (DDI_FAILURE); 3438 } 3439 /* Should not be using devmem setup for memory pages */ 3440 ASSERT(!pf_is_memory(dhp->dh_pfn)); 3441 3442 /* Only some of the flags bits are settable by the driver */ 3443 dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS); 3444 dhp->dh_len = ptob(btopr(len)); 3445 3446 dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE; 3447 dhp->dh_roff = ptob(btop(roff)); 3448 3449 /* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */ 3450 devmap_devmem_large_page_setup(dhp); 3451 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3452 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3453 3454 3455 if (callbackops != NULL) { 3456 bcopy(callbackops, &dhp->dh_callbackops, 3457 sizeof (struct devmap_callback_ctl)); 3458 } 3459 3460 /* 3461 * Initialize dh_lock if we want to do remap. 3462 */ 3463 if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) { 3464 mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 3465 dhp->dh_flags |= DEVMAP_LOCK_INITED; 3466 } 3467 3468 dhp->dh_flags |= DEVMAP_SETUP_DONE; 3469 3470 return (DDI_SUCCESS); 3471 } 3472 3473 int 3474 devmap_devmem_remap(devmap_cookie_t dhc, dev_info_t *dip, 3475 uint_t rnumber, offset_t roff, size_t len, uint_t maxprot, 3476 uint_t flags, ddi_device_acc_attr_t *accattrp) 3477 { 3478 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3479 ddi_acc_handle_t handle; 3480 ddi_map_req_t mr; 3481 ddi_acc_hdl_t *hp; 3482 pfn_t pfn; 3483 uint_t hat_flags; 3484 int err; 3485 3486 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_REMAP, 3487 "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx", 3488 (void *)dhp, roff, rnumber, (uint_t)len); 3489 DEBUGF(2, (CE_CONT, "devmap_devmem_remap: dhp %p offset %llx " 3490 "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len)); 3491 3492 /* 3493 * Return failure if setup has not been done or no remap permission 3494 * has been granted during the setup. 3495 */ 3496 if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 || 3497 (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0) 3498 return (DDI_FAILURE); 3499 3500 /* Only DEVMAP_MAPPING_INVALID flag supported for remap */ 3501 if ((flags != 0) && (flags != DEVMAP_MAPPING_INVALID)) 3502 return (DDI_FAILURE); 3503 3504 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3505 return (DDI_FAILURE); 3506 3507 if (!(flags & DEVMAP_MAPPING_INVALID)) { 3508 handle = impl_acc_hdl_alloc(KM_SLEEP, NULL); 3509 if (handle == NULL) 3510 return (DDI_FAILURE); 3511 } 3512 3513 HOLD_DHP_LOCK(dhp); 3514 3515 /* 3516 * Unload the old mapping, so next fault will setup the new mappings 3517 * Do this while holding the dhp lock so other faults dont reestablish 3518 * the mappings 3519 */ 3520 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 3521 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 3522 3523 if (flags & DEVMAP_MAPPING_INVALID) { 3524 dhp->dh_flags |= DEVMAP_MAPPING_INVALID; 3525 dhp->dh_pfn = PFN_INVALID; 3526 } else { 3527 /* clear any prior DEVMAP_MAPPING_INVALID flag */ 3528 dhp->dh_flags &= ~DEVMAP_MAPPING_INVALID; 3529 hp = impl_acc_hdl_get(handle); 3530 hp->ah_vers = VERS_ACCHDL; 3531 hp->ah_dip = dip; 3532 hp->ah_rnumber = rnumber; 3533 hp->ah_offset = roff; 3534 hp->ah_len = len; 3535 if (accattrp != NULL) 3536 hp->ah_acc = *accattrp; 3537 3538 mr.map_op = DDI_MO_MAP_LOCKED; 3539 mr.map_type = DDI_MT_RNUMBER; 3540 mr.map_obj.rnumber = rnumber; 3541 mr.map_prot = maxprot & dhp->dh_orig_maxprot; 3542 mr.map_flags = DDI_MF_DEVICE_MAPPING; 3543 mr.map_handlep = hp; 3544 mr.map_vers = DDI_MAP_VERSION; 3545 3546 /* 3547 * up the device tree to get pfn. 3548 * The rootnex_map_regspec() routine in nexus drivers has been 3549 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING. 3550 */ 3551 err = ddi_map(dip, &mr, roff, len, (caddr_t *)&pfn); 3552 hat_flags = hp->ah_hat_flags; 3553 impl_acc_hdl_free(handle); 3554 if (err) { 3555 RELE_DHP_LOCK(dhp); 3556 return (DDI_FAILURE); 3557 } 3558 /* 3559 * Store result of ddi_map first in local variables, as we do 3560 * not want to overwrite the existing dhp with wrong data. 3561 */ 3562 dhp->dh_pfn = pfn; 3563 dhp->dh_hat_attr = hat_flags; 3564 } 3565 3566 /* clear the large page size flag */ 3567 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3568 3569 dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE; 3570 dhp->dh_roff = ptob(btop(roff)); 3571 3572 /* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */ 3573 devmap_devmem_large_page_setup(dhp); 3574 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3575 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3576 3577 RELE_DHP_LOCK(dhp); 3578 return (DDI_SUCCESS); 3579 } 3580 3581 /* 3582 * called by driver devmap routine to pass kernel virtual address mapping 3583 * info to the framework. used only for kernel memory 3584 * allocated from ddi_umem_alloc(). 3585 */ 3586 int 3587 devmap_umem_setup(devmap_cookie_t dhc, dev_info_t *dip, 3588 struct devmap_callback_ctl *callbackops, ddi_umem_cookie_t cookie, 3589 offset_t off, size_t len, uint_t maxprot, uint_t flags, 3590 ddi_device_acc_attr_t *accattrp) 3591 { 3592 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3593 struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie; 3594 3595 #ifdef lint 3596 dip = dip; 3597 accattrp = accattrp; 3598 #endif 3599 3600 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_SETUP, 3601 "devmap_umem_setup:start dhp=%p offset=%llx cookie=%p len=%lx", 3602 (void *)dhp, off, cookie, len); 3603 DEBUGF(2, (CE_CONT, "devmap_umem_setup: dhp %p offset %llx " 3604 "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len)); 3605 3606 if (cookie == NULL) 3607 return (DDI_FAILURE); 3608 3609 /* For UMEM_TRASH, this restriction is not needed */ 3610 if ((off + len) > cp->size) 3611 return (DDI_FAILURE); 3612 3613 /* 3614 * First to check if this function has been called for this dhp. 3615 */ 3616 if (dhp->dh_flags & DEVMAP_SETUP_DONE) 3617 return (DDI_FAILURE); 3618 3619 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3620 return (DDI_FAILURE); 3621 3622 if (flags & DEVMAP_MAPPING_INVALID) { 3623 /* 3624 * If DEVMAP_MAPPING_INVALID is specified, we have to grant 3625 * remap permission. 3626 */ 3627 if (!(flags & DEVMAP_ALLOW_REMAP)) { 3628 return (DDI_FAILURE); 3629 } 3630 } else { 3631 dhp->dh_cookie = cookie; 3632 dhp->dh_roff = ptob(btop(off)); 3633 dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff; 3634 } 3635 3636 /* 3637 * The default is _not_ to pass HAT_LOAD_NOCONSIST to hat_devload(); 3638 * we pass HAT_LOAD_NOCONSIST _only_ in cases where hat tries to 3639 * create consistent mappings but our intention was to create 3640 * non-consistent mappings. 3641 * 3642 * DEVMEM: hat figures it out it's DEVMEM and creates non-consistent 3643 * mappings. 3644 * 3645 * kernel exported memory: hat figures it out it's memory and always 3646 * creates consistent mappings. 3647 * 3648 * /dev/mem: non-consistent mappings. See comments in common/io/mem.c 3649 * 3650 * /dev/kmem: consistent mappings are created unless they are 3651 * MAP_FIXED. We _explicitly_ tell hat to create non-consistent 3652 * mappings by passing HAT_LOAD_NOCONSIST in case of MAP_FIXED 3653 * mappings of /dev/kmem. See common/io/mem.c 3654 */ 3655 3656 /* Only some of the flags bits are settable by the driver */ 3657 dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS); 3658 3659 dhp->dh_len = ptob(btopr(len)); 3660 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3661 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3662 3663 if (callbackops != NULL) { 3664 bcopy(callbackops, &dhp->dh_callbackops, 3665 sizeof (struct devmap_callback_ctl)); 3666 } 3667 /* 3668 * Initialize dh_lock if we want to do remap. 3669 */ 3670 if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) { 3671 mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 3672 dhp->dh_flags |= DEVMAP_LOCK_INITED; 3673 } 3674 3675 dhp->dh_flags |= DEVMAP_SETUP_DONE; 3676 3677 return (DDI_SUCCESS); 3678 } 3679 3680 int 3681 devmap_umem_remap(devmap_cookie_t dhc, dev_info_t *dip, 3682 ddi_umem_cookie_t cookie, offset_t off, size_t len, uint_t maxprot, 3683 uint_t flags, ddi_device_acc_attr_t *accattrp) 3684 { 3685 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3686 struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie; 3687 3688 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_REMAP, 3689 "devmap_umem_remap:start dhp=%p offset=%llx cookie=%p len=%lx", 3690 (void *)dhp, off, cookie, len); 3691 DEBUGF(2, (CE_CONT, "devmap_umem_remap: dhp %p offset %llx " 3692 "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len)); 3693 3694 #ifdef lint 3695 dip = dip; 3696 accattrp = accattrp; 3697 #endif 3698 /* 3699 * Reture failure if setup has not been done or no remap permission 3700 * has been granted during the setup. 3701 */ 3702 if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 || 3703 (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0) 3704 return (DDI_FAILURE); 3705 3706 /* No flags supported for remap yet */ 3707 if (flags != 0) 3708 return (DDI_FAILURE); 3709 3710 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3711 return (DDI_FAILURE); 3712 3713 /* For UMEM_TRASH, this restriction is not needed */ 3714 if ((off + len) > cp->size) 3715 return (DDI_FAILURE); 3716 3717 HOLD_DHP_LOCK(dhp); 3718 /* 3719 * Unload the old mapping, so next fault will setup the new mappings 3720 * Do this while holding the dhp lock so other faults dont reestablish 3721 * the mappings 3722 */ 3723 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 3724 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 3725 3726 dhp->dh_cookie = cookie; 3727 dhp->dh_roff = ptob(btop(off)); 3728 dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff; 3729 3730 /* clear the large page size flag */ 3731 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3732 3733 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3734 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3735 RELE_DHP_LOCK(dhp); 3736 return (DDI_SUCCESS); 3737 } 3738 3739 /* 3740 * to set timeout value for the driver's context management callback, e.g. 3741 * devmap_access(). 3742 */ 3743 void 3744 devmap_set_ctx_timeout(devmap_cookie_t dhc, clock_t ticks) 3745 { 3746 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3747 3748 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SET_CTX_TIMEOUT, 3749 "devmap_set_ctx_timeout:start dhp=%p ticks=%x", 3750 (void *)dhp, ticks); 3751 dhp->dh_timeout_length = ticks; 3752 } 3753 3754 int 3755 devmap_default_access(devmap_cookie_t dhp, void *pvtp, offset_t off, 3756 size_t len, uint_t type, uint_t rw) 3757 { 3758 #ifdef lint 3759 pvtp = pvtp; 3760 #endif 3761 3762 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DEFAULT_ACCESS, 3763 "devmap_default_access:start"); 3764 return (devmap_load(dhp, off, len, type, rw)); 3765 } 3766 3767 /* 3768 * segkmem_alloc() wrapper to allocate memory which is both 3769 * non-relocatable (for DR) and sharelocked, since the rest 3770 * of this segment driver requires it. 3771 */ 3772 static void * 3773 devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag) 3774 { 3775 ASSERT(vmp != NULL); 3776 ASSERT(kvseg.s_base != NULL); 3777 vmflag |= (VM_NORELOC | SEGKMEM_SHARELOCKED); 3778 return (segkmem_alloc(vmp, size, vmflag)); 3779 } 3780 3781 /* 3782 * This is where things are a bit incestrous with seg_kmem: unlike 3783 * seg_kp, seg_kmem does not keep its pages long-term sharelocked, so 3784 * we need to do a bit of a dance around that to prevent duplication of 3785 * code until we decide to bite the bullet and implement a new kernel 3786 * segment for driver-allocated memory that is exported to user space. 3787 */ 3788 static void 3789 devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size) 3790 { 3791 page_t *pp; 3792 caddr_t addr = inaddr; 3793 caddr_t eaddr; 3794 pgcnt_t npages = btopr(size); 3795 3796 ASSERT(vmp != NULL); 3797 ASSERT(kvseg.s_base != NULL); 3798 ASSERT(((uintptr_t)addr & PAGEOFFSET) == 0); 3799 3800 hat_unload(kas.a_hat, addr, size, HAT_UNLOAD_UNLOCK); 3801 3802 for (eaddr = addr + size; addr < eaddr; addr += PAGESIZE) { 3803 /* 3804 * Use page_find() instead of page_lookup() to find the page 3805 * since we know that it is hashed and has a shared lock. 3806 */ 3807 pp = page_find(&kvp, (u_offset_t)(uintptr_t)addr); 3808 3809 if (pp == NULL) 3810 panic("devmap_free_pages: page not found"); 3811 if (!page_tryupgrade(pp)) { 3812 page_unlock(pp); 3813 pp = page_lookup(&kvp, (u_offset_t)(uintptr_t)addr, 3814 SE_EXCL); 3815 if (pp == NULL) 3816 panic("devmap_free_pages: page already freed"); 3817 } 3818 /* Clear p_lckcnt so page_destroy() doesn't update availrmem */ 3819 pp->p_lckcnt = 0; 3820 page_destroy(pp, 0); 3821 } 3822 page_unresv(npages); 3823 3824 if (vmp != NULL) 3825 vmem_free(vmp, inaddr, size); 3826 } 3827 3828 /* 3829 * devmap_umem_alloc_np() replaces kmem_zalloc() as the method for 3830 * allocating non-pageable kmem in response to a ddi_umem_alloc() 3831 * default request. For now we allocate our own pages and we keep 3832 * them long-term sharelocked, since: A) the fault routines expect the 3833 * memory to already be locked; B) pageable umem is already long-term 3834 * locked; C) it's a lot of work to make it otherwise, particuarly 3835 * since the nexus layer expects the pages to never fault. An RFE is to 3836 * not keep the pages long-term locked, but instead to be able to 3837 * take faults on them and simply look them up in kvp in case we 3838 * fault on them. Even then, we must take care not to let pageout 3839 * steal them from us since the data must remain resident; if we 3840 * do this we must come up with some way to pin the pages to prevent 3841 * faults while a driver is doing DMA to/from them. 3842 */ 3843 static void * 3844 devmap_umem_alloc_np(size_t size, size_t flags) 3845 { 3846 void *buf; 3847 int vmflags = (flags & DDI_UMEM_NOSLEEP)? VM_NOSLEEP : VM_SLEEP; 3848 3849 buf = vmem_alloc(umem_np_arena, size, vmflags); 3850 if (buf != NULL) 3851 bzero(buf, size); 3852 return (buf); 3853 } 3854 3855 static void 3856 devmap_umem_free_np(void *addr, size_t size) 3857 { 3858 vmem_free(umem_np_arena, addr, size); 3859 } 3860 3861 /* 3862 * allocate page aligned kernel memory for exporting to user land. 3863 * The devmap framework will use the cookie allocated by ddi_umem_alloc() 3864 * to find a user virtual address that is in same color as the address 3865 * allocated here. 3866 */ 3867 void * 3868 ddi_umem_alloc(size_t size, int flags, ddi_umem_cookie_t *cookie) 3869 { 3870 register size_t len = ptob(btopr(size)); 3871 void *buf = NULL; 3872 struct ddi_umem_cookie *cp; 3873 int iflags = 0; 3874 3875 *cookie = NULL; 3876 3877 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_ALLOC, 3878 "devmap_umem_alloc:start"); 3879 if (len == 0) 3880 return ((void *)NULL); 3881 3882 /* 3883 * allocate cookie 3884 */ 3885 if ((cp = kmem_zalloc(sizeof (struct ddi_umem_cookie), 3886 flags & DDI_UMEM_NOSLEEP ? KM_NOSLEEP : KM_SLEEP)) == NULL) { 3887 ASSERT(flags & DDI_UMEM_NOSLEEP); 3888 return ((void *)NULL); 3889 } 3890 3891 if (flags & DDI_UMEM_PAGEABLE) { 3892 /* Only one of the flags is allowed */ 3893 ASSERT(!(flags & DDI_UMEM_TRASH)); 3894 /* initialize resource with 0 */ 3895 iflags = KPD_ZERO; 3896 3897 /* 3898 * to allocate unlocked pageable memory, use segkp_get() to 3899 * create a segkp segment. Since segkp can only service kas, 3900 * other segment drivers such as segdev have to do 3901 * as_fault(segkp, SOFTLOCK) in its fault routine, 3902 */ 3903 if (flags & DDI_UMEM_NOSLEEP) 3904 iflags |= KPD_NOWAIT; 3905 3906 if ((buf = segkp_get(segkp, len, iflags)) == NULL) { 3907 kmem_free(cp, sizeof (struct ddi_umem_cookie)); 3908 return ((void *)NULL); 3909 } 3910 cp->type = KMEM_PAGEABLE; 3911 mutex_init(&cp->lock, NULL, MUTEX_DEFAULT, NULL); 3912 cp->locked = 0; 3913 } else if (flags & DDI_UMEM_TRASH) { 3914 /* Only one of the flags is allowed */ 3915 ASSERT(!(flags & DDI_UMEM_PAGEABLE)); 3916 cp->type = UMEM_TRASH; 3917 buf = NULL; 3918 } else { 3919 if ((buf = devmap_umem_alloc_np(len, flags)) == NULL) { 3920 kmem_free(cp, sizeof (struct ddi_umem_cookie)); 3921 return ((void *)NULL); 3922 } 3923 3924 cp->type = KMEM_NON_PAGEABLE; 3925 } 3926 3927 /* 3928 * need to save size here. size will be used when 3929 * we do kmem_free. 3930 */ 3931 cp->size = len; 3932 cp->cvaddr = (caddr_t)buf; 3933 3934 *cookie = (void *)cp; 3935 return (buf); 3936 } 3937 3938 void 3939 ddi_umem_free(ddi_umem_cookie_t cookie) 3940 { 3941 struct ddi_umem_cookie *cp; 3942 3943 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_FREE, 3944 "devmap_umem_free:start"); 3945 3946 /* 3947 * if cookie is NULL, no effects on the system 3948 */ 3949 if (cookie == NULL) 3950 return; 3951 3952 cp = (struct ddi_umem_cookie *)cookie; 3953 3954 switch (cp->type) { 3955 case KMEM_PAGEABLE : 3956 ASSERT(cp->cvaddr != NULL && cp->size != 0); 3957 /* 3958 * Check if there are still any pending faults on the cookie 3959 * while the driver is deleting it, 3960 * XXX - could change to an ASSERT but wont catch errant drivers 3961 */ 3962 mutex_enter(&cp->lock); 3963 if (cp->locked) { 3964 mutex_exit(&cp->lock); 3965 panic("ddi_umem_free for cookie with pending faults %p", 3966 (void *)cp); 3967 return; 3968 } 3969 3970 segkp_release(segkp, cp->cvaddr); 3971 3972 /* 3973 * release mutex associated with this cookie. 3974 */ 3975 mutex_destroy(&cp->lock); 3976 break; 3977 case KMEM_NON_PAGEABLE : 3978 ASSERT(cp->cvaddr != NULL && cp->size != 0); 3979 devmap_umem_free_np(cp->cvaddr, cp->size); 3980 break; 3981 case UMEM_TRASH : 3982 break; 3983 case UMEM_LOCKED : 3984 /* Callers should use ddi_umem_unlock for this type */ 3985 ddi_umem_unlock(cookie); 3986 /* Frees the cookie too */ 3987 return; 3988 default: 3989 /* panic so we can diagnose the underlying cause */ 3990 panic("ddi_umem_free: illegal cookie type 0x%x\n", 3991 cp->type); 3992 } 3993 3994 kmem_free(cookie, sizeof (struct ddi_umem_cookie)); 3995 } 3996 3997 3998 static int 3999 segdev_getmemid(struct seg *seg, caddr_t addr, memid_t *memidp) 4000 { 4001 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4002 4003 /* 4004 * It looks as if it is always mapped shared 4005 */ 4006 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GETMEMID, 4007 "segdev_getmemid:start"); 4008 memidp->val[0] = (uintptr_t)VTOCVP(sdp->vp); 4009 memidp->val[1] = sdp->offset + (uintptr_t)(addr - seg->s_base); 4010 return (0); 4011 } 4012 4013 /*ARGSUSED*/ 4014 static lgrp_mem_policy_info_t * 4015 segdev_getpolicy(struct seg *seg, caddr_t addr) 4016 { 4017 return (NULL); 4018 } 4019 4020 /* 4021 * ddi_umem_alloc() non-pageable quantum cache max size. 4022 * This is just a SWAG. 4023 */ 4024 #define DEVMAP_UMEM_QUANTUM (8*PAGESIZE) 4025 4026 /* 4027 * Initialize seg_dev from boot. This routine sets up the trash page 4028 * and creates the umem_np_arena used to back non-pageable memory 4029 * requests. 4030 */ 4031 void 4032 segdev_init(void) 4033 { 4034 struct seg kseg; 4035 4036 umem_np_arena = vmem_create("umem_np", NULL, 0, PAGESIZE, 4037 devmap_alloc_pages, devmap_free_pages, heap_arena, 4038 DEVMAP_UMEM_QUANTUM, VM_SLEEP); 4039 4040 kseg.s_as = &kas; 4041 trashpp = page_create_va(&trashvp, 0, PAGESIZE, 4042 PG_NORELOC | PG_EXCL | PG_WAIT, &kseg, NULL); 4043 if (trashpp == NULL) 4044 panic("segdev_init: failed to create trash page"); 4045 pagezero(trashpp, 0, PAGESIZE); 4046 page_downgrade(trashpp); 4047 } 4048 4049 /* 4050 * Invoke platform-dependent support routines so that /proc can have 4051 * the platform code deal with curious hardware. 4052 */ 4053 int 4054 segdev_copyfrom(struct seg *seg, 4055 caddr_t uaddr, const void *devaddr, void *kaddr, size_t len) 4056 { 4057 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4058 struct snode *sp = VTOS(VTOCVP(sdp->vp)); 4059 4060 return (e_ddi_copyfromdev(sp->s_dip, 4061 (off_t)(uaddr - seg->s_base), devaddr, kaddr, len)); 4062 } 4063 4064 int 4065 segdev_copyto(struct seg *seg, 4066 caddr_t uaddr, const void *kaddr, void *devaddr, size_t len) 4067 { 4068 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4069 struct snode *sp = VTOS(VTOCVP(sdp->vp)); 4070 4071 return (e_ddi_copytodev(sp->s_dip, 4072 (off_t)(uaddr - seg->s_base), kaddr, devaddr, len)); 4073 } 4074