xref: /titanic_52/usr/src/uts/common/vm/seg_dev.c (revision 45916cd2fec6e79bca5dee0421bd39e3c2910d1e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
28 /*	  All Rights Reserved  	*/
29 
30 /*
31  * University Copyright- Copyright (c) 1982, 1986, 1988
32  * The Regents of the University of California
33  * All Rights Reserved
34  *
35  * University Acknowledgment- Portions of this document are derived from
36  * software developed by the University of California, Berkeley, and its
37  * contributors.
38  */
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 /*
43  * VM - segment of a mapped device.
44  *
45  * This segment driver is used when mapping character special devices.
46  */
47 
48 #include <sys/types.h>
49 #include <sys/t_lock.h>
50 #include <sys/sysmacros.h>
51 #include <sys/vtrace.h>
52 #include <sys/systm.h>
53 #include <sys/vmsystm.h>
54 #include <sys/mman.h>
55 #include <sys/errno.h>
56 #include <sys/kmem.h>
57 #include <sys/cmn_err.h>
58 #include <sys/vnode.h>
59 #include <sys/proc.h>
60 #include <sys/conf.h>
61 #include <sys/debug.h>
62 #include <sys/ddidevmap.h>
63 #include <sys/lgrp.h>
64 
65 #include <vm/page.h>
66 #include <vm/hat.h>
67 #include <vm/as.h>
68 #include <vm/seg.h>
69 #include <vm/seg_dev.h>
70 #include <vm/seg_kp.h>
71 #include <vm/seg_kmem.h>
72 #include <vm/vpage.h>
73 
74 #include <sys/sunddi.h>
75 #include <sys/esunddi.h>
76 #include <sys/fs/snode.h>
77 
78 #if DEBUG
79 int segdev_debug;
80 #define	DEBUGF(level, args) { if (segdev_debug >= (level)) cmn_err args; }
81 #else
82 #define	DEBUGF(level, args)
83 #endif
84 
85 /* Default timeout for devmap context management */
86 #define	CTX_TIMEOUT_VALUE 0
87 
88 #define	HOLD_DHP_LOCK(dhp)  if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \
89 			{ mutex_enter(&dhp->dh_lock); }
90 
91 #define	RELE_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \
92 			{ mutex_exit(&dhp->dh_lock); }
93 
94 #define	round_down_p2(a, s)	((a) & ~((s) - 1))
95 #define	round_up_p2(a, s)	(((a) + (s) - 1) & ~((s) - 1))
96 
97 /*
98  * VA_PA_ALIGNED checks to see if both VA and PA are on pgsize boundary
99  * VA_PA_PGSIZE_ALIGNED check to see if VA is aligned with PA w.r.t. pgsize
100  */
101 #define	VA_PA_ALIGNED(uvaddr, paddr, pgsize)		\
102 	(((uvaddr | paddr) & (pgsize - 1)) == 0)
103 #define	VA_PA_PGSIZE_ALIGNED(uvaddr, paddr, pgsize)	\
104 	(((uvaddr ^ paddr) & (pgsize - 1)) == 0)
105 
106 #define	vpgtob(n)	((n) * sizeof (struct vpage))	/* For brevity */
107 
108 #define	VTOCVP(vp)	(VTOS(vp)->s_commonvp)	/* we "know" it's an snode */
109 
110 static struct devmap_ctx *devmapctx_list = NULL;
111 static struct devmap_softlock *devmap_slist = NULL;
112 
113 /*
114  * mutex, vnode and page for the page of zeros we use for the trash mappings.
115  * One trash page is allocated on the first ddi_umem_setup call that uses it
116  * XXX Eventually, we may want to combine this with what segnf does when all
117  * hat layers implement HAT_NOFAULT.
118  *
119  * The trash page is used when the backing store for a userland mapping is
120  * removed but the application semantics do not take kindly to a SIGBUS.
121  * In that scenario, the applications pages are mapped to some dummy page
122  * which returns garbage on read and writes go into a common place.
123  * (Perfect for NO_FAULT semantics)
124  * The device driver is responsible to communicating to the app with some
125  * other mechanism that such remapping has happened and the app should take
126  * corrective action.
127  * We can also use an anonymous memory page as there is no requirement to
128  * keep the page locked, however this complicates the fault code. RFE.
129  */
130 static struct vnode trashvp;
131 static struct page *trashpp;
132 
133 /* Non-pageable kernel memory is allocated from the umem_np_arena. */
134 static vmem_t *umem_np_arena;
135 
136 /* Set the cookie to a value we know will never be a valid umem_cookie */
137 #define	DEVMAP_DEVMEM_COOKIE	((ddi_umem_cookie_t)0x1)
138 
139 /*
140  * Macros to check if type of devmap handle
141  */
142 #define	cookie_is_devmem(c)	\
143 	((c) == (struct ddi_umem_cookie *)DEVMAP_DEVMEM_COOKIE)
144 
145 #define	cookie_is_pmem(c)	\
146 	((c) == (struct ddi_umem_cookie *)DEVMAP_PMEM_COOKIE)
147 
148 #define	cookie_is_kpmem(c)	(!cookie_is_devmem(c) && !cookie_is_pmem(c) &&\
149 	((c)->type == KMEM_PAGEABLE))
150 
151 #define	dhp_is_devmem(dhp)	\
152 	(cookie_is_devmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
153 
154 #define	dhp_is_pmem(dhp)	\
155 	(cookie_is_pmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
156 
157 #define	dhp_is_kpmem(dhp)	\
158 	(cookie_is_kpmem((struct ddi_umem_cookie *)((dhp)->dh_cookie)))
159 
160 /*
161  * Private seg op routines.
162  */
163 static int	segdev_dup(struct seg *, struct seg *);
164 static int	segdev_unmap(struct seg *, caddr_t, size_t);
165 static void	segdev_free(struct seg *);
166 static faultcode_t segdev_fault(struct hat *, struct seg *, caddr_t, size_t,
167 		    enum fault_type, enum seg_rw);
168 static faultcode_t segdev_faulta(struct seg *, caddr_t);
169 static int	segdev_setprot(struct seg *, caddr_t, size_t, uint_t);
170 static int	segdev_checkprot(struct seg *, caddr_t, size_t, uint_t);
171 static void	segdev_badop(void);
172 static int	segdev_sync(struct seg *, caddr_t, size_t, int, uint_t);
173 static size_t	segdev_incore(struct seg *, caddr_t, size_t, char *);
174 static int	segdev_lockop(struct seg *, caddr_t, size_t, int, int,
175 		    ulong_t *, size_t);
176 static int	segdev_getprot(struct seg *, caddr_t, size_t, uint_t *);
177 static u_offset_t	segdev_getoffset(struct seg *, caddr_t);
178 static int	segdev_gettype(struct seg *, caddr_t);
179 static int	segdev_getvp(struct seg *, caddr_t, struct vnode **);
180 static int	segdev_advise(struct seg *, caddr_t, size_t, uint_t);
181 static void	segdev_dump(struct seg *);
182 static int	segdev_pagelock(struct seg *, caddr_t, size_t,
183 		    struct page ***, enum lock_type, enum seg_rw);
184 static int	segdev_setpagesize(struct seg *, caddr_t, size_t, uint_t);
185 static int	segdev_getmemid(struct seg *, caddr_t, memid_t *);
186 static lgrp_mem_policy_info_t	*segdev_getpolicy(struct seg *, caddr_t);
187 static int	segdev_capable(struct seg *, segcapability_t);
188 
189 /*
190  * XXX	this struct is used by rootnex_map_fault to identify
191  *	the segment it has been passed. So if you make it
192  *	"static" you'll need to fix rootnex_map_fault.
193  */
194 struct seg_ops segdev_ops = {
195 	segdev_dup,
196 	segdev_unmap,
197 	segdev_free,
198 	segdev_fault,
199 	segdev_faulta,
200 	segdev_setprot,
201 	segdev_checkprot,
202 	(int (*)())segdev_badop,	/* kluster */
203 	(size_t (*)(struct seg *))NULL,	/* swapout */
204 	segdev_sync,			/* sync */
205 	segdev_incore,
206 	segdev_lockop,			/* lockop */
207 	segdev_getprot,
208 	segdev_getoffset,
209 	segdev_gettype,
210 	segdev_getvp,
211 	segdev_advise,
212 	segdev_dump,
213 	segdev_pagelock,
214 	segdev_setpagesize,
215 	segdev_getmemid,
216 	segdev_getpolicy,
217 	segdev_capable,
218 };
219 
220 /*
221  * Private segdev support routines
222  */
223 static struct segdev_data *sdp_alloc(void);
224 
225 static void segdev_softunlock(struct hat *, struct seg *, caddr_t,
226     size_t, enum seg_rw);
227 
228 static faultcode_t segdev_faultpage(struct hat *, struct seg *, caddr_t,
229     struct vpage *, enum fault_type, enum seg_rw, devmap_handle_t *);
230 
231 static faultcode_t segdev_faultpages(struct hat *, struct seg *, caddr_t,
232     size_t, enum fault_type, enum seg_rw, devmap_handle_t *);
233 
234 static struct devmap_ctx *devmap_ctxinit(dev_t, ulong_t);
235 static struct devmap_softlock *devmap_softlock_init(dev_t, ulong_t);
236 static void devmap_softlock_rele(devmap_handle_t *);
237 static void devmap_ctx_rele(devmap_handle_t *);
238 
239 static void devmap_ctxto(void *);
240 
241 static devmap_handle_t *devmap_find_handle(devmap_handle_t *dhp_head,
242     caddr_t addr);
243 
244 static ulong_t devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len,
245     ulong_t *opfn, ulong_t *pagesize);
246 
247 static void free_devmap_handle(devmap_handle_t *dhp);
248 
249 static int devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp,
250     struct seg *newseg);
251 
252 static devmap_handle_t *devmap_handle_unmap(devmap_handle_t *dhp);
253 
254 static void devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len);
255 
256 static void devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr);
257 
258 static int devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr,
259     offset_t off, size_t len, uint_t flags);
260 
261 static void devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len,
262     caddr_t addr, size_t *llen, caddr_t *laddr);
263 
264 static void devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len);
265 
266 static void *devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag);
267 static void devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size);
268 
269 static void *devmap_umem_alloc_np(size_t size, size_t flags);
270 static void devmap_umem_free_np(void *addr, size_t size);
271 
272 /*
273  * routines to lock and unlock underlying segkp segment for
274  * KMEM_PAGEABLE type cookies.
275  */
276 static faultcode_t  acquire_kpmem_lock(struct ddi_umem_cookie *, size_t);
277 static void release_kpmem_lock(struct ddi_umem_cookie *, size_t);
278 
279 /*
280  * Routines to synchronize F_SOFTLOCK and F_INVAL faults for
281  * drivers with devmap_access callbacks
282  */
283 static int devmap_softlock_enter(struct devmap_softlock *, size_t,
284 	enum fault_type);
285 static void devmap_softlock_exit(struct devmap_softlock *, size_t,
286 	enum fault_type);
287 
288 static kmutex_t devmapctx_lock;
289 
290 static kmutex_t devmap_slock;
291 
292 /*
293  * Initialize the thread callbacks and thread private data.
294  */
295 static struct devmap_ctx *
296 devmap_ctxinit(dev_t dev, ulong_t id)
297 {
298 	struct devmap_ctx	*devctx;
299 	struct devmap_ctx	*tmp;
300 	dev_info_t		*dip;
301 
302 	tmp =  kmem_zalloc(sizeof (struct devmap_ctx), KM_SLEEP);
303 
304 	mutex_enter(&devmapctx_lock);
305 
306 	dip = e_ddi_hold_devi_by_dev(dev, 0);
307 	ASSERT(dip != NULL);
308 	ddi_release_devi(dip);
309 
310 	for (devctx = devmapctx_list; devctx != NULL; devctx = devctx->next)
311 		if ((devctx->dip == dip) && (devctx->id == id))
312 			break;
313 
314 	if (devctx == NULL) {
315 		devctx = tmp;
316 		devctx->dip = dip;
317 		devctx->id = id;
318 		mutex_init(&devctx->lock, NULL, MUTEX_DEFAULT, NULL);
319 		cv_init(&devctx->cv, NULL, CV_DEFAULT, NULL);
320 		devctx->next = devmapctx_list;
321 		devmapctx_list = devctx;
322 	} else
323 		kmem_free(tmp, sizeof (struct devmap_ctx));
324 
325 	mutex_enter(&devctx->lock);
326 	devctx->refcnt++;
327 	mutex_exit(&devctx->lock);
328 	mutex_exit(&devmapctx_lock);
329 
330 	return (devctx);
331 }
332 
333 /*
334  * Timeout callback called if a CPU has not given up the device context
335  * within dhp->dh_timeout_length ticks
336  */
337 static void
338 devmap_ctxto(void *data)
339 {
340 	struct devmap_ctx *devctx = data;
341 
342 	TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_CTXTO,
343 	    "devmap_ctxto:timeout expired, devctx=%p", (void *)devctx);
344 	mutex_enter(&devctx->lock);
345 	/*
346 	 * Set oncpu = 0 so the next mapping trying to get the device context
347 	 * can.
348 	 */
349 	devctx->oncpu = 0;
350 	devctx->timeout = 0;
351 	cv_signal(&devctx->cv);
352 	mutex_exit(&devctx->lock);
353 }
354 
355 /*
356  * Create a device segment.
357  */
358 int
359 segdev_create(struct seg *seg, void *argsp)
360 {
361 	struct segdev_data *sdp;
362 	struct segdev_crargs *a = (struct segdev_crargs *)argsp;
363 	devmap_handle_t *dhp = (devmap_handle_t *)a->devmap_data;
364 	int error;
365 
366 	/*
367 	 * Since the address space is "write" locked, we
368 	 * don't need the segment lock to protect "segdev" data.
369 	 */
370 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock));
371 
372 	hat_map(seg->s_as->a_hat, seg->s_base, seg->s_size, HAT_MAP);
373 
374 	sdp = sdp_alloc();
375 
376 	sdp->mapfunc = a->mapfunc;
377 	sdp->offset = a->offset;
378 	sdp->prot = a->prot;
379 	sdp->maxprot = a->maxprot;
380 	sdp->type = a->type;
381 	sdp->pageprot = 0;
382 	sdp->softlockcnt = 0;
383 	sdp->vpage = NULL;
384 
385 	if (sdp->mapfunc == NULL)
386 		sdp->devmap_data = dhp;
387 	else
388 		sdp->devmap_data = dhp = NULL;
389 
390 	sdp->hat_flags = a->hat_flags;
391 	sdp->hat_attr = a->hat_attr;
392 
393 	/*
394 	 * Currently, hat_flags supports only HAT_LOAD_NOCONSIST
395 	 */
396 	ASSERT(!(sdp->hat_flags & ~HAT_LOAD_NOCONSIST));
397 
398 	/*
399 	 * Hold shadow vnode -- segdev only deals with
400 	 * character (VCHR) devices. We use the common
401 	 * vp to hang pages on.
402 	 */
403 	sdp->vp = specfind(a->dev, VCHR);
404 	ASSERT(sdp->vp != NULL);
405 
406 	seg->s_ops = &segdev_ops;
407 	seg->s_data = sdp;
408 
409 	while (dhp != NULL) {
410 		dhp->dh_seg = seg;
411 		dhp = dhp->dh_next;
412 	}
413 
414 	/*
415 	 * Inform the vnode of the new mapping.
416 	 */
417 	/*
418 	 * It is ok to use pass sdp->maxprot to ADDMAP rather than to use
419 	 * dhp specific maxprot because spec_addmap does not use maxprot.
420 	 */
421 	error = VOP_ADDMAP(VTOCVP(sdp->vp), sdp->offset,
422 	    seg->s_as, seg->s_base, seg->s_size,
423 	    sdp->prot, sdp->maxprot, sdp->type, CRED());
424 
425 	if (error != 0) {
426 		sdp->devmap_data = NULL;
427 		hat_unload(seg->s_as->a_hat, seg->s_base, seg->s_size,
428 		    HAT_UNLOAD_UNMAP);
429 	}
430 
431 	return (error);
432 }
433 
434 static struct segdev_data *
435 sdp_alloc(void)
436 {
437 	struct segdev_data *sdp;
438 
439 	sdp = kmem_zalloc(sizeof (struct segdev_data), KM_SLEEP);
440 	mutex_init(&sdp->lock, NULL, MUTEX_DEFAULT, NULL);
441 
442 	return (sdp);
443 }
444 
445 /*
446  * Duplicate seg and return new segment in newseg.
447  */
448 static int
449 segdev_dup(struct seg *seg, struct seg *newseg)
450 {
451 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
452 	struct segdev_data *newsdp;
453 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
454 	size_t npages;
455 	int ret;
456 
457 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DUP,
458 	    "segdev_dup:start dhp=%p, seg=%p", (void *)dhp, (void *)seg);
459 
460 	DEBUGF(3, (CE_CONT, "segdev_dup: dhp %p seg %p\n",
461 	    (void *)dhp, (void *)seg));
462 
463 	/*
464 	 * Since the address space is "write" locked, we
465 	 * don't need the segment lock to protect "segdev" data.
466 	 */
467 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock));
468 
469 	newsdp = sdp_alloc();
470 
471 	newseg->s_ops = seg->s_ops;
472 	newseg->s_data = (void *)newsdp;
473 
474 	VN_HOLD(sdp->vp);
475 	newsdp->vp 	= sdp->vp;
476 	newsdp->mapfunc = sdp->mapfunc;
477 	newsdp->offset	= sdp->offset;
478 	newsdp->pageprot = sdp->pageprot;
479 	newsdp->prot	= sdp->prot;
480 	newsdp->maxprot = sdp->maxprot;
481 	newsdp->type = sdp->type;
482 	newsdp->hat_attr = sdp->hat_attr;
483 	newsdp->hat_flags = sdp->hat_flags;
484 	newsdp->softlockcnt = 0;
485 
486 	/*
487 	 * Initialize per page data if the segment we are
488 	 * dup'ing has per page information.
489 	 */
490 	npages = seg_pages(newseg);
491 
492 	if (sdp->vpage != NULL) {
493 		size_t nbytes = vpgtob(npages);
494 
495 		newsdp->vpage = kmem_zalloc(nbytes, KM_SLEEP);
496 		bcopy(sdp->vpage, newsdp->vpage, nbytes);
497 	} else
498 		newsdp->vpage = NULL;
499 
500 	/*
501 	 * duplicate devmap handles
502 	 */
503 	if (dhp != NULL) {
504 		ret = devmap_handle_dup(dhp,
505 			(devmap_handle_t **)&newsdp->devmap_data, newseg);
506 		if (ret != 0) {
507 			TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DUP_CK1,
508 			    "segdev_dup:ret1 ret=%x, dhp=%p seg=%p",
509 			    ret, (void *)dhp, (void *)seg);
510 			DEBUGF(1, (CE_CONT,
511 			    "segdev_dup: ret %x dhp %p seg %p\n",
512 			    ret, (void *)dhp, (void *)seg));
513 			return (ret);
514 		}
515 	}
516 
517 	/*
518 	 * Inform the common vnode of the new mapping.
519 	 */
520 	return (VOP_ADDMAP(VTOCVP(newsdp->vp),
521 		newsdp->offset, newseg->s_as,
522 		newseg->s_base, newseg->s_size, newsdp->prot,
523 		newsdp->maxprot, sdp->type, CRED()));
524 }
525 
526 /*
527  * duplicate devmap handles
528  */
529 static int
530 devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp,
531     struct seg *newseg)
532 {
533 	devmap_handle_t *newdhp_save = NULL;
534 	devmap_handle_t *newdhp = NULL;
535 	struct devmap_callback_ctl *callbackops;
536 
537 	while (dhp != NULL) {
538 		newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP);
539 
540 		/* Need to lock the original dhp while copying if REMAP */
541 		HOLD_DHP_LOCK(dhp);
542 		bcopy(dhp, newdhp, sizeof (devmap_handle_t));
543 		RELE_DHP_LOCK(dhp);
544 		newdhp->dh_seg = newseg;
545 		newdhp->dh_next = NULL;
546 		if (newdhp_save != NULL)
547 			newdhp_save->dh_next = newdhp;
548 		else
549 			*new_dhp = newdhp;
550 		newdhp_save = newdhp;
551 
552 		callbackops = &newdhp->dh_callbackops;
553 
554 		if (dhp->dh_softlock != NULL)
555 			newdhp->dh_softlock = devmap_softlock_init(
556 			    newdhp->dh_dev,
557 			    (ulong_t)callbackops->devmap_access);
558 		if (dhp->dh_ctx != NULL)
559 			newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev,
560 			    (ulong_t)callbackops->devmap_access);
561 
562 		/*
563 		 * Initialize dh_lock if we want to do remap.
564 		 */
565 		if (newdhp->dh_flags & DEVMAP_ALLOW_REMAP) {
566 			mutex_init(&newdhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
567 			newdhp->dh_flags |= DEVMAP_LOCK_INITED;
568 		}
569 
570 		if (callbackops->devmap_dup != NULL) {
571 			int ret;
572 
573 			/*
574 			 * Call the dup callback so that the driver can
575 			 * duplicate its private data.
576 			 */
577 			ret = (*callbackops->devmap_dup)(dhp, dhp->dh_pvtp,
578 				(devmap_cookie_t *)newdhp, &newdhp->dh_pvtp);
579 
580 			if (ret != 0) {
581 				/*
582 				 * We want to free up this segment as the driver
583 				 * has indicated that we can't dup it.  But we
584 				 * don't want to call the drivers, devmap_unmap,
585 				 * callback function as the driver does not
586 				 * think this segment exists. The caller of
587 				 * devmap_dup will call seg_free on newseg
588 				 * as it was the caller that allocated the
589 				 * segment.
590 				 */
591 				DEBUGF(1, (CE_CONT, "devmap_handle_dup ERROR: "
592 				    "newdhp %p dhp %p\n", (void *)newdhp,
593 				    (void *)dhp));
594 				callbackops->devmap_unmap = NULL;
595 				return (ret);
596 			}
597 		}
598 
599 		dhp = dhp->dh_next;
600 	}
601 
602 	return (0);
603 }
604 
605 /*
606  * Split a segment at addr for length len.
607  */
608 /*ARGSUSED*/
609 static int
610 segdev_unmap(struct seg *seg, caddr_t addr, size_t len)
611 {
612 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
613 	register struct segdev_data *nsdp;
614 	register struct seg *nseg;
615 	register size_t	opages;		/* old segment size in pages */
616 	register size_t	npages;		/* new segment size in pages */
617 	register size_t	dpages;		/* pages being deleted (unmapped) */
618 	register size_t	nbytes;
619 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
620 	devmap_handle_t *dhpp;
621 	devmap_handle_t *newdhp;
622 	struct devmap_callback_ctl *callbackops;
623 	caddr_t nbase;
624 	offset_t off;
625 	ulong_t nsize;
626 	size_t mlen, sz;
627 
628 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP,
629 	    "segdev_unmap:start dhp=%p, seg=%p addr=%p len=%lx",
630 	    (void *)dhp, (void *)seg, (void *)addr, len);
631 
632 	DEBUGF(3, (CE_CONT, "segdev_unmap: dhp %p seg %p addr %p len %lx\n",
633 	    (void *)dhp, (void *)seg, (void *)addr, len));
634 
635 	/*
636 	 * Since the address space is "write" locked, we
637 	 * don't need the segment lock to protect "segdev" data.
638 	 */
639 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock));
640 
641 	if ((sz = sdp->softlockcnt) > 0) {
642 		/*
643 		 * Fail the unmap if pages are SOFTLOCKed through this mapping.
644 		 * softlockcnt is protected from change by the as write lock.
645 		 */
646 		TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK1,
647 		    "segdev_unmap:error softlockcnt = %ld", sz);
648 		DEBUGF(1, (CE_CONT, "segdev_unmap: softlockcnt %ld\n", sz));
649 		return (EAGAIN);
650 	}
651 
652 	/*
653 	 * Check for bad sizes
654 	 */
655 	if (addr < seg->s_base || addr + len > seg->s_base + seg->s_size ||
656 	    (len & PAGEOFFSET) || ((uintptr_t)addr & PAGEOFFSET))
657 		panic("segdev_unmap");
658 
659 	if (dhp != NULL) {
660 		devmap_handle_t *tdhp;
661 		/*
662 		 * If large page size was used in hat_devload(),
663 		 * the same page size must be used in hat_unload().
664 		 */
665 		dhpp = tdhp = devmap_find_handle(dhp, addr);
666 		while (tdhp != NULL) {
667 			if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) {
668 				break;
669 			}
670 			tdhp = tdhp->dh_next;
671 		}
672 		if (tdhp != NULL) {	/* found a dhp using large pages */
673 			size_t slen = len;
674 			size_t mlen;
675 			size_t soff;
676 
677 			soff = (ulong_t)(addr - dhpp->dh_uvaddr);
678 			while (slen != 0) {
679 				mlen = MIN(slen, (dhpp->dh_len - soff));
680 				hat_unload(seg->s_as->a_hat, dhpp->dh_uvaddr,
681 					dhpp->dh_len, HAT_UNLOAD_UNMAP);
682 				dhpp = dhpp->dh_next;
683 				ASSERT(slen >= mlen);
684 				slen -= mlen;
685 				soff = 0;
686 			}
687 		} else
688 			hat_unload(seg->s_as->a_hat, addr, len,
689 				HAT_UNLOAD_UNMAP);
690 	} else {
691 		/*
692 		 * Unload any hardware translations in the range
693 		 * to be taken out.
694 		 */
695 		hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD_UNMAP);
696 	}
697 
698 	/*
699 	 * get the user offset which will used in the driver callbacks
700 	 */
701 	off = sdp->offset + (offset_t)(addr - seg->s_base);
702 
703 	/*
704 	 * Inform the vnode of the unmapping.
705 	 */
706 	ASSERT(sdp->vp != NULL);
707 	(void) VOP_DELMAP(VTOCVP(sdp->vp), off, seg->s_as, addr, len,
708 		sdp->prot, sdp->maxprot, sdp->type, CRED());
709 
710 	/*
711 	 * Check for entire segment
712 	 */
713 	if (addr == seg->s_base && len == seg->s_size) {
714 		seg_free(seg);
715 		return (0);
716 	}
717 
718 	opages = seg_pages(seg);
719 	dpages = btop(len);
720 	npages = opages - dpages;
721 
722 	/*
723 	 * Check for beginning of segment
724 	 */
725 	if (addr == seg->s_base) {
726 		if (sdp->vpage != NULL) {
727 			register struct vpage *ovpage;
728 
729 			ovpage = sdp->vpage;	/* keep pointer to vpage */
730 
731 			nbytes = vpgtob(npages);
732 			sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
733 			bcopy(&ovpage[dpages], sdp->vpage, nbytes);
734 
735 			/* free up old vpage */
736 			kmem_free(ovpage, vpgtob(opages));
737 		}
738 
739 		/*
740 		 * free devmap handles from the beginning of the mapping.
741 		 */
742 		if (dhp != NULL)
743 			devmap_handle_unmap_head(dhp, len);
744 
745 		sdp->offset += (offset_t)len;
746 
747 		seg->s_base += len;
748 		seg->s_size -= len;
749 
750 		return (0);
751 	}
752 
753 	/*
754 	 * Check for end of segment
755 	 */
756 	if (addr + len == seg->s_base + seg->s_size) {
757 		if (sdp->vpage != NULL) {
758 			register struct vpage *ovpage;
759 
760 			ovpage = sdp->vpage;	/* keep pointer to vpage */
761 
762 			nbytes = vpgtob(npages);
763 			sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
764 			bcopy(ovpage, sdp->vpage, nbytes);
765 
766 			/* free up old vpage */
767 			kmem_free(ovpage, vpgtob(opages));
768 		}
769 		seg->s_size -= len;
770 
771 		/*
772 		 * free devmap handles from addr to the end of the mapping.
773 		 */
774 		if (dhp != NULL)
775 			devmap_handle_unmap_tail(dhp, addr);
776 
777 		return (0);
778 	}
779 
780 	/*
781 	 * The section to go is in the middle of the segment,
782 	 * have to make it into two segments.  nseg is made for
783 	 * the high end while seg is cut down at the low end.
784 	 */
785 	nbase = addr + len;				/* new seg base */
786 	nsize = (seg->s_base + seg->s_size) - nbase;	/* new seg size */
787 	seg->s_size = addr - seg->s_base;		/* shrink old seg */
788 	nseg = seg_alloc(seg->s_as, nbase, nsize);
789 	if (nseg == NULL)
790 		panic("segdev_unmap seg_alloc");
791 
792 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK2,
793 	    "segdev_unmap: seg=%p nseg=%p", (void *)seg, (void *)nseg);
794 	DEBUGF(3, (CE_CONT, "segdev_unmap: segdev_dup seg %p nseg %p\n",
795 	    (void *)seg, (void *)nseg));
796 	nsdp = sdp_alloc();
797 
798 	nseg->s_ops = seg->s_ops;
799 	nseg->s_data = (void *)nsdp;
800 
801 	VN_HOLD(sdp->vp);
802 	nsdp->mapfunc = sdp->mapfunc;
803 	nsdp->offset = sdp->offset + (offset_t)(nseg->s_base - seg->s_base);
804 	nsdp->vp 	= sdp->vp;
805 	nsdp->pageprot = sdp->pageprot;
806 	nsdp->prot	= sdp->prot;
807 	nsdp->maxprot = sdp->maxprot;
808 	nsdp->type = sdp->type;
809 	nsdp->hat_attr = sdp->hat_attr;
810 	nsdp->hat_flags = sdp->hat_flags;
811 	nsdp->softlockcnt = 0;
812 
813 	/*
814 	 * Initialize per page data if the segment we are
815 	 * dup'ing has per page information.
816 	 */
817 	if (sdp->vpage != NULL) {
818 		/* need to split vpage into two arrays */
819 		register size_t nnbytes;
820 		register size_t nnpages;
821 		register struct vpage *ovpage;
822 
823 		ovpage = sdp->vpage;		/* keep pointer to vpage */
824 
825 		npages = seg_pages(seg);	/* seg has shrunk */
826 		nbytes = vpgtob(npages);
827 		nnpages = seg_pages(nseg);
828 		nnbytes = vpgtob(nnpages);
829 
830 		sdp->vpage = kmem_alloc(nbytes, KM_SLEEP);
831 		bcopy(ovpage, sdp->vpage, nbytes);
832 
833 		nsdp->vpage = kmem_alloc(nnbytes, KM_SLEEP);
834 		bcopy(&ovpage[npages + dpages], nsdp->vpage, nnbytes);
835 
836 		/* free up old vpage */
837 		kmem_free(ovpage, vpgtob(opages));
838 	} else
839 		nsdp->vpage = NULL;
840 
841 	/*
842 	 * unmap dhps.
843 	 */
844 	if (dhp == NULL) {
845 		nsdp->devmap_data = NULL;
846 		return (0);
847 	}
848 	while (dhp != NULL) {
849 		callbackops = &dhp->dh_callbackops;
850 		TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK3,
851 		    "segdev_unmap: dhp=%p addr=%p", dhp, addr);
852 		DEBUGF(3, (CE_CONT, "unmap: dhp %p addr %p uvaddr %p len %lx\n",
853 		    (void *)dhp, (void *)addr,
854 		    (void *)dhp->dh_uvaddr, dhp->dh_len));
855 
856 		if (addr == (dhp->dh_uvaddr + dhp->dh_len)) {
857 			dhpp = dhp->dh_next;
858 			dhp->dh_next = NULL;
859 			dhp = dhpp;
860 		} else if (addr > (dhp->dh_uvaddr + dhp->dh_len)) {
861 			dhp = dhp->dh_next;
862 		} else if (addr > dhp->dh_uvaddr &&
863 			(addr + len) < (dhp->dh_uvaddr + dhp->dh_len)) {
864 			/*
865 			 * <addr, addr+len> is enclosed by dhp.
866 			 * create a newdhp that begins at addr+len and
867 			 * ends at dhp->dh_uvaddr+dhp->dh_len.
868 			 */
869 			newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP);
870 			HOLD_DHP_LOCK(dhp);
871 			bcopy(dhp, newdhp, sizeof (devmap_handle_t));
872 			RELE_DHP_LOCK(dhp);
873 			newdhp->dh_seg = nseg;
874 			newdhp->dh_next = dhp->dh_next;
875 			if (dhp->dh_softlock != NULL)
876 				newdhp->dh_softlock = devmap_softlock_init(
877 					newdhp->dh_dev,
878 					(ulong_t)callbackops->devmap_access);
879 			if (dhp->dh_ctx != NULL)
880 				newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev,
881 					(ulong_t)callbackops->devmap_access);
882 			if (newdhp->dh_flags & DEVMAP_LOCK_INITED) {
883 				mutex_init(&newdhp->dh_lock,
884 				    NULL, MUTEX_DEFAULT, NULL);
885 			}
886 			if (callbackops->devmap_unmap != NULL)
887 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
888 					off, len, dhp, &dhp->dh_pvtp,
889 					newdhp, &newdhp->dh_pvtp);
890 			mlen = len + (addr - dhp->dh_uvaddr);
891 			devmap_handle_reduce_len(newdhp, mlen);
892 			nsdp->devmap_data = newdhp;
893 			/* XX Changing len should recalculate LARGE flag */
894 			dhp->dh_len = addr - dhp->dh_uvaddr;
895 			dhpp = dhp->dh_next;
896 			dhp->dh_next = NULL;
897 			dhp = dhpp;
898 		} else if ((addr > dhp->dh_uvaddr) &&
899 			    ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len))) {
900 			mlen = dhp->dh_len + dhp->dh_uvaddr - addr;
901 			/*
902 			 * <addr, addr+len> spans over dhps.
903 			 */
904 			if (callbackops->devmap_unmap != NULL)
905 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
906 					off, mlen, (devmap_cookie_t *)dhp,
907 					&dhp->dh_pvtp, NULL, NULL);
908 			/* XX Changing len should recalculate LARGE flag */
909 			dhp->dh_len = addr - dhp->dh_uvaddr;
910 			dhpp = dhp->dh_next;
911 			dhp->dh_next = NULL;
912 			dhp = dhpp;
913 			nsdp->devmap_data = dhp;
914 		} else if ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len)) {
915 			/*
916 			 * dhp is enclosed by <addr, addr+len>.
917 			 */
918 			dhp->dh_seg = nseg;
919 			nsdp->devmap_data = dhp;
920 			dhp = devmap_handle_unmap(dhp);
921 			nsdp->devmap_data = dhp; /* XX redundant? */
922 		} else if (((addr + len) > dhp->dh_uvaddr) &&
923 			    ((addr + len) < (dhp->dh_uvaddr + dhp->dh_len))) {
924 			mlen = addr + len - dhp->dh_uvaddr;
925 			if (callbackops->devmap_unmap != NULL)
926 				(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
927 					dhp->dh_uoff, mlen, NULL,
928 					NULL, dhp, &dhp->dh_pvtp);
929 			devmap_handle_reduce_len(dhp, mlen);
930 			nsdp->devmap_data = dhp;
931 			dhp->dh_seg = nseg;
932 			dhp = dhp->dh_next;
933 		} else {
934 			dhp->dh_seg = nseg;
935 			dhp = dhp->dh_next;
936 		}
937 	}
938 	return (0);
939 }
940 
941 /*
942  * Utility function handles reducing the length of a devmap handle during unmap
943  * Note that is only used for unmapping the front portion of the handler,
944  * i.e., we are bumping up the offset/pfn etc up by len
945  * Do not use if reducing length at the tail.
946  */
947 static void
948 devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len)
949 {
950 	struct ddi_umem_cookie *cp;
951 	struct devmap_pmem_cookie *pcp;
952 	/*
953 	 * adjust devmap handle fields
954 	 */
955 	ASSERT(len < dhp->dh_len);
956 
957 	/* Make sure only page-aligned changes are done */
958 	ASSERT((len & PAGEOFFSET) == 0);
959 
960 	dhp->dh_len -= len;
961 	dhp->dh_uoff += (offset_t)len;
962 	dhp->dh_roff += (offset_t)len;
963 	dhp->dh_uvaddr += len;
964 	/* Need to grab dhp lock if REMAP */
965 	HOLD_DHP_LOCK(dhp);
966 	cp = dhp->dh_cookie;
967 	if (!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)) {
968 		if (cookie_is_devmem(cp)) {
969 			dhp->dh_pfn += btop(len);
970 		} else if (cookie_is_pmem(cp)) {
971 			pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie;
972 			ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 &&
973 				dhp->dh_roff < ptob(pcp->dp_npages));
974 		} else {
975 			ASSERT(dhp->dh_roff < cp->size);
976 			ASSERT(dhp->dh_cvaddr >= cp->cvaddr &&
977 				dhp->dh_cvaddr < (cp->cvaddr + cp->size));
978 			ASSERT((dhp->dh_cvaddr + len) <=
979 				(cp->cvaddr + cp->size));
980 
981 			dhp->dh_cvaddr += len;
982 		}
983 	}
984 	/* XXX - Should recalculate the DEVMAP_FLAG_LARGE after changes */
985 	RELE_DHP_LOCK(dhp);
986 }
987 
988 /*
989  * Free devmap handle, dhp.
990  * Return the next devmap handle on the linked list.
991  */
992 static devmap_handle_t *
993 devmap_handle_unmap(devmap_handle_t *dhp)
994 {
995 	struct devmap_callback_ctl *callbackops = &dhp->dh_callbackops;
996 	struct segdev_data *sdp = (struct segdev_data *)dhp->dh_seg->s_data;
997 	devmap_handle_t *dhpp = (devmap_handle_t *)sdp->devmap_data;
998 
999 	ASSERT(dhp != NULL);
1000 
1001 	/*
1002 	 * before we free up dhp, call the driver's devmap_unmap entry point
1003 	 * to free resources allocated for this dhp.
1004 	 */
1005 	if (callbackops->devmap_unmap != NULL) {
1006 		(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, dhp->dh_uoff,
1007 			dhp->dh_len, NULL, NULL, NULL, NULL);
1008 	}
1009 
1010 	if (dhpp == dhp) {	/* releasing first dhp, change sdp data */
1011 		sdp->devmap_data = dhp->dh_next;
1012 	} else {
1013 		while (dhpp->dh_next != dhp) {
1014 			dhpp = dhpp->dh_next;
1015 		}
1016 		dhpp->dh_next = dhp->dh_next;
1017 	}
1018 	dhpp = dhp->dh_next;	/* return value is next dhp in chain */
1019 
1020 	if (dhp->dh_softlock != NULL)
1021 		devmap_softlock_rele(dhp);
1022 
1023 	if (dhp->dh_ctx != NULL)
1024 		devmap_ctx_rele(dhp);
1025 
1026 	if (dhp->dh_flags & DEVMAP_LOCK_INITED) {
1027 		mutex_destroy(&dhp->dh_lock);
1028 	}
1029 	kmem_free(dhp, sizeof (devmap_handle_t));
1030 
1031 	return (dhpp);
1032 }
1033 
1034 /*
1035  * Free complete devmap handles from dhp for len bytes
1036  * dhp can be either the first handle or a subsequent handle
1037  */
1038 static void
1039 devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len)
1040 {
1041 	struct devmap_callback_ctl *callbackops;
1042 
1043 	/*
1044 	 * free the devmap handles covered by len.
1045 	 */
1046 	while (len >= dhp->dh_len) {
1047 		len -= dhp->dh_len;
1048 		dhp = devmap_handle_unmap(dhp);
1049 	}
1050 	if (len != 0) {	/* partial unmap at head of first remaining dhp */
1051 		callbackops = &dhp->dh_callbackops;
1052 
1053 		/*
1054 		 * Call the unmap callback so the drivers can make
1055 		 * adjustment on its private data.
1056 		 */
1057 		if (callbackops->devmap_unmap != NULL)
1058 			(*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp,
1059 			    dhp->dh_uoff, len, NULL, NULL, dhp, &dhp->dh_pvtp);
1060 		devmap_handle_reduce_len(dhp, len);
1061 	}
1062 }
1063 
1064 /*
1065  * Free devmap handles to truncate  the mapping after addr
1066  * RFE: Simpler to pass in dhp pointing at correct dhp (avoid find again)
1067  *	Also could then use the routine in middle unmap case too
1068  */
1069 static void
1070 devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr)
1071 {
1072 	register struct seg *seg = dhp->dh_seg;
1073 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1074 	register devmap_handle_t *dhph = (devmap_handle_t *)sdp->devmap_data;
1075 	struct devmap_callback_ctl *callbackops;
1076 	register devmap_handle_t *dhpp;
1077 	size_t maplen;
1078 	ulong_t off;
1079 	size_t len;
1080 
1081 	maplen = (size_t)(addr - dhp->dh_uvaddr);
1082 	dhph = devmap_find_handle(dhph, addr);
1083 
1084 	while (dhph != NULL) {
1085 		if (maplen == 0) {
1086 			dhph =  devmap_handle_unmap(dhph);
1087 		} else {
1088 			callbackops = &dhph->dh_callbackops;
1089 			len = dhph->dh_len - maplen;
1090 			off = (ulong_t)sdp->offset + (addr - seg->s_base);
1091 			/*
1092 			 * Call the unmap callback so the driver
1093 			 * can make adjustments on its private data.
1094 			 */
1095 			if (callbackops->devmap_unmap != NULL)
1096 				(*callbackops->devmap_unmap)(dhph,
1097 					dhph->dh_pvtp, off, len,
1098 					(devmap_cookie_t *)dhph,
1099 					&dhph->dh_pvtp, NULL, NULL);
1100 			/* XXX Reducing len needs to recalculate LARGE flag */
1101 			dhph->dh_len = maplen;
1102 			maplen = 0;
1103 			dhpp = dhph->dh_next;
1104 			dhph->dh_next = NULL;
1105 			dhph = dhpp;
1106 		}
1107 	} /* end while */
1108 }
1109 
1110 /*
1111  * Free a segment.
1112  */
1113 static void
1114 segdev_free(struct seg *seg)
1115 {
1116 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1117 	devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data;
1118 
1119 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FREE,
1120 	    "segdev_free: dhp=%p seg=%p", (void *)dhp, (void *)seg);
1121 	DEBUGF(3, (CE_CONT, "segdev_free: dhp %p seg %p\n",
1122 	    (void *)dhp, (void *)seg));
1123 
1124 	/*
1125 	 * Since the address space is "write" locked, we
1126 	 * don't need the segment lock to protect "segdev" data.
1127 	 */
1128 	ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock));
1129 
1130 	while (dhp != NULL)
1131 		dhp = devmap_handle_unmap(dhp);
1132 
1133 	VN_RELE(sdp->vp);
1134 	if (sdp->vpage != NULL)
1135 		kmem_free(sdp->vpage, vpgtob(seg_pages(seg)));
1136 
1137 	mutex_destroy(&sdp->lock);
1138 	kmem_free(sdp, sizeof (*sdp));
1139 }
1140 
1141 static void
1142 free_devmap_handle(devmap_handle_t *dhp)
1143 {
1144 	register devmap_handle_t *dhpp;
1145 
1146 	/*
1147 	 * free up devmap handle
1148 	 */
1149 	while (dhp != NULL) {
1150 		dhpp = dhp->dh_next;
1151 		if (dhp->dh_flags & DEVMAP_LOCK_INITED) {
1152 			mutex_destroy(&dhp->dh_lock);
1153 		}
1154 
1155 		if (dhp->dh_softlock != NULL)
1156 			devmap_softlock_rele(dhp);
1157 
1158 		if (dhp->dh_ctx != NULL)
1159 			devmap_ctx_rele(dhp);
1160 
1161 		kmem_free(dhp, sizeof (devmap_handle_t));
1162 		dhp = dhpp;
1163 	}
1164 }
1165 
1166 /*
1167  * routines to lock and unlock underlying segkp segment for
1168  * KMEM_PAGEABLE type cookies.
1169  * segkp only allows a single pending F_SOFTLOCK
1170  * we keep track of number of locks in the cookie so we can
1171  * have multiple pending faults and manage the calls to segkp.
1172  * RFE: if segkp supports either pagelock or can support multiple
1173  * calls to F_SOFTLOCK, then these routines can go away.
1174  *	If pagelock, segdev_faultpage can fault on a page by page basis
1175  *		and simplifies the code quite a bit.
1176  *	if multiple calls allowed but not partial ranges, then need for
1177  *	cookie->lock and locked count goes away, code can call as_fault directly
1178  */
1179 static faultcode_t
1180 acquire_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages)
1181 {
1182 	int err = 0;
1183 	ASSERT(cookie_is_kpmem(cookie));
1184 	/*
1185 	 * Fault in pages in segkp with F_SOFTLOCK.
1186 	 * We want to hold the lock until all pages have been loaded.
1187 	 * segkp only allows single caller to hold SOFTLOCK, so cookie
1188 	 * holds a count so we dont call into segkp multiple times
1189 	 */
1190 	mutex_enter(&cookie->lock);
1191 
1192 	/*
1193 	 * Check for overflow in locked field
1194 	 */
1195 	if ((UINT32_MAX - cookie->locked) < npages) {
1196 		err = FC_MAKE_ERR(ENOMEM);
1197 	} else if (cookie->locked == 0) {
1198 		/* First time locking */
1199 		err = as_fault(kas.a_hat, &kas, cookie->cvaddr,
1200 		    cookie->size, F_SOFTLOCK, PROT_READ|PROT_WRITE);
1201 	}
1202 	if (!err) {
1203 		cookie->locked += npages;
1204 	}
1205 	mutex_exit(&cookie->lock);
1206 	return (err);
1207 }
1208 
1209 static void
1210 release_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages)
1211 {
1212 	mutex_enter(&cookie->lock);
1213 	ASSERT(cookie_is_kpmem(cookie));
1214 	ASSERT(cookie->locked >= npages);
1215 	cookie->locked -= (uint_t)npages;
1216 	if (cookie->locked == 0) {
1217 		/* Last unlock */
1218 		if (as_fault(kas.a_hat, &kas, cookie->cvaddr,
1219 		    cookie->size, F_SOFTUNLOCK, PROT_READ|PROT_WRITE))
1220 			panic("segdev releasing kpmem lock %p", (void *)cookie);
1221 	}
1222 	mutex_exit(&cookie->lock);
1223 }
1224 
1225 /*
1226  * Routines to synchronize F_SOFTLOCK and F_INVAL faults for
1227  * drivers with devmap_access callbacks
1228  * slock->softlocked basically works like a rw lock
1229  *	-ve counts => F_SOFTLOCK in progress
1230  *	+ve counts => F_INVAL/F_PROT in progress
1231  * We allow only one F_SOFTLOCK at a time
1232  * but can have multiple pending F_INVAL/F_PROT calls
1233  *
1234  * This routine waits using cv_wait_sig so killing processes is more graceful
1235  * Returns EINTR if coming out of this routine due to a signal, 0 otherwise
1236  */
1237 static int devmap_softlock_enter(
1238 	struct devmap_softlock *slock,
1239 	size_t npages,
1240 	enum fault_type type)
1241 {
1242 	if (npages == 0)
1243 		return (0);
1244 	mutex_enter(&(slock->lock));
1245 	switch (type) {
1246 	case F_SOFTLOCK :
1247 		while (slock->softlocked) {
1248 			if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) {
1249 				/* signalled */
1250 				mutex_exit(&(slock->lock));
1251 				return (EINTR);
1252 			}
1253 		}
1254 		slock->softlocked -= npages; /* -ve count => locked */
1255 		break;
1256 	case F_INVAL :
1257 	case F_PROT :
1258 		while (slock->softlocked < 0)
1259 			if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) {
1260 				/* signalled */
1261 				mutex_exit(&(slock->lock));
1262 				return (EINTR);
1263 			}
1264 		slock->softlocked += npages; /* +ve count => f_invals */
1265 		break;
1266 	default:
1267 		ASSERT(0);
1268 	}
1269 	mutex_exit(&(slock->lock));
1270 	return (0);
1271 }
1272 
1273 static void devmap_softlock_exit(
1274 	struct devmap_softlock *slock,
1275 	size_t npages,
1276 	enum fault_type type)
1277 {
1278 	if (slock == NULL)
1279 		return;
1280 	mutex_enter(&(slock->lock));
1281 	switch (type) {
1282 	case F_SOFTLOCK :
1283 		ASSERT(-slock->softlocked >= npages);
1284 		slock->softlocked += npages;	/* -ve count is softlocked */
1285 		if (slock->softlocked == 0)
1286 			cv_signal(&slock->cv);
1287 		break;
1288 	case F_INVAL :
1289 	case F_PROT:
1290 		ASSERT(slock->softlocked >= npages);
1291 		slock->softlocked -= npages;
1292 		if (slock->softlocked == 0)
1293 			cv_signal(&slock->cv);
1294 		break;
1295 	default:
1296 		ASSERT(0);
1297 	}
1298 	mutex_exit(&(slock->lock));
1299 }
1300 
1301 /*
1302  * Do a F_SOFTUNLOCK call over the range requested.
1303  * The range must have already been F_SOFTLOCK'ed.
1304  * The segment lock should be held, (but not the segment private lock?)
1305  *  The softunlock code below does not adjust for large page sizes
1306  *	assumes the caller already did any addr/len adjustments for
1307  *	pagesize mappings before calling.
1308  */
1309 /*ARGSUSED*/
1310 static void
1311 segdev_softunlock(
1312 	struct hat *hat,		/* the hat */
1313 	struct seg *seg,		/* seg_dev of interest */
1314 	caddr_t addr,			/* base address of range */
1315 	size_t len,			/* number of bytes */
1316 	enum seg_rw rw)			/* type of access at fault */
1317 {
1318 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1319 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
1320 
1321 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SOFTUNLOCK,
1322 	    "segdev_softunlock:dhp_head=%p sdp=%p addr=%p len=%lx",
1323 	    dhp_head, sdp, addr, len);
1324 	DEBUGF(3, (CE_CONT, "segdev_softunlock: dhp %p lockcnt %lx "
1325 	    "addr %p len %lx\n",
1326 	    (void *)dhp_head, sdp->softlockcnt, (void *)addr, len));
1327 
1328 	hat_unlock(hat, addr, len);
1329 
1330 	if (dhp_head != NULL) {
1331 		devmap_handle_t *dhp;
1332 		size_t mlen;
1333 		size_t tlen = len;
1334 		ulong_t off;
1335 
1336 		dhp = devmap_find_handle(dhp_head, addr);
1337 		ASSERT(dhp != NULL);
1338 
1339 		off = (ulong_t)(addr - dhp->dh_uvaddr);
1340 		while (tlen != 0) {
1341 			mlen = MIN(tlen, (dhp->dh_len - off));
1342 
1343 			/*
1344 			 * unlock segkp memory, locked during F_SOFTLOCK
1345 			 */
1346 			if (dhp_is_kpmem(dhp)) {
1347 				release_kpmem_lock(
1348 				    (struct ddi_umem_cookie *)dhp->dh_cookie,
1349 				    btopr(mlen));
1350 			}
1351 
1352 			/*
1353 			 * Do the softlock accounting for devmap_access
1354 			 */
1355 			if (dhp->dh_callbackops.devmap_access != NULL) {
1356 				devmap_softlock_exit(dhp->dh_softlock,
1357 					btopr(mlen), F_SOFTLOCK);
1358 			}
1359 
1360 			tlen -= mlen;
1361 			dhp = dhp->dh_next;
1362 			off = 0;
1363 		}
1364 	}
1365 
1366 	mutex_enter(&freemem_lock);
1367 	ASSERT(sdp->softlockcnt >= btopr(len));
1368 	sdp->softlockcnt -= btopr(len);
1369 	mutex_exit(&freemem_lock);
1370 	if (sdp->softlockcnt == 0) {
1371 		/*
1372 		 * All SOFTLOCKS are gone. Wakeup any waiting
1373 		 * unmappers so they can try again to unmap.
1374 		 * Check for waiters first without the mutex
1375 		 * held so we don't always grab the mutex on
1376 		 * softunlocks.
1377 		 */
1378 		if (AS_ISUNMAPWAIT(seg->s_as)) {
1379 			mutex_enter(&seg->s_as->a_contents);
1380 			if (AS_ISUNMAPWAIT(seg->s_as)) {
1381 				AS_CLRUNMAPWAIT(seg->s_as);
1382 				cv_broadcast(&seg->s_as->a_cv);
1383 			}
1384 			mutex_exit(&seg->s_as->a_contents);
1385 		}
1386 	}
1387 
1388 }
1389 
1390 /*
1391  * Handle fault for a single page.
1392  * Done in a separate routine so we can handle errors more easily.
1393  * This routine is called only from segdev_faultpages()
1394  * when looping over the range of addresses requested. The segment lock is held.
1395  */
1396 static faultcode_t
1397 segdev_faultpage(
1398 	struct hat *hat,		/* the hat */
1399 	struct seg *seg,		/* seg_dev of interest */
1400 	caddr_t addr,			/* address in as */
1401 	struct vpage *vpage,		/* pointer to vpage for seg, addr */
1402 	enum fault_type type,		/* type of fault */
1403 	enum seg_rw rw,			/* type of access at fault */
1404 	devmap_handle_t *dhp)		/* devmap handle if any for this page */
1405 {
1406 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1407 	uint_t prot;
1408 	pfn_t pfnum = PFN_INVALID;
1409 	u_offset_t offset;
1410 	uint_t hat_flags;
1411 	dev_info_t *dip;
1412 
1413 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE,
1414 	    "segdev_faultpage: dhp=%p seg=%p addr=%p", dhp, seg, addr);
1415 	DEBUGF(8, (CE_CONT, "segdev_faultpage: dhp %p seg %p addr %p \n",
1416 	    (void *)dhp, (void *)seg, (void *)addr));
1417 
1418 	/*
1419 	 * Initialize protection value for this page.
1420 	 * If we have per page protection values check it now.
1421 	 */
1422 	if (sdp->pageprot) {
1423 		uint_t protchk;
1424 
1425 		switch (rw) {
1426 		case S_READ:
1427 			protchk = PROT_READ;
1428 			break;
1429 		case S_WRITE:
1430 			protchk = PROT_WRITE;
1431 			break;
1432 		case S_EXEC:
1433 			protchk = PROT_EXEC;
1434 			break;
1435 		case S_OTHER:
1436 		default:
1437 			protchk = PROT_READ | PROT_WRITE | PROT_EXEC;
1438 			break;
1439 		}
1440 
1441 		prot = VPP_PROT(vpage);
1442 		if ((prot & protchk) == 0)
1443 			return (FC_PROT);	/* illegal access type */
1444 	} else {
1445 		prot = sdp->prot;
1446 		/* caller has already done segment level protection check */
1447 	}
1448 
1449 	if (type == F_SOFTLOCK) {
1450 		mutex_enter(&freemem_lock);
1451 		sdp->softlockcnt++;
1452 		mutex_exit(&freemem_lock);
1453 	}
1454 
1455 	hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD);
1456 	offset = sdp->offset + (u_offset_t)(addr - seg->s_base);
1457 	/*
1458 	 * In the devmap framework, sdp->mapfunc is set to NULL.  we can get
1459 	 * pfnum from dhp->dh_pfn (at beginning of segment) and offset from
1460 	 * seg->s_base.
1461 	 */
1462 	if (dhp == NULL) {
1463 		/* If segment has devmap_data, then dhp should be non-NULL */
1464 		ASSERT(sdp->devmap_data == NULL);
1465 		pfnum = (pfn_t)cdev_mmap(sdp->mapfunc, sdp->vp->v_rdev,
1466 			(off_t)offset, prot);
1467 		prot |= sdp->hat_attr;
1468 	} else {
1469 		ulong_t off;
1470 		struct ddi_umem_cookie *cp;
1471 		struct devmap_pmem_cookie *pcp;
1472 
1473 		/* ensure the dhp passed in contains addr. */
1474 		ASSERT(dhp == devmap_find_handle(
1475 			(devmap_handle_t *)sdp->devmap_data, addr));
1476 
1477 		off = addr - dhp->dh_uvaddr;
1478 
1479 		/*
1480 		 * This routine assumes that the caller makes sure that the
1481 		 * fields in dhp used below are unchanged due to remap during
1482 		 * this call. Caller does HOLD_DHP_LOCK if neeed
1483 		 */
1484 		cp = dhp->dh_cookie;
1485 		if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) {
1486 			pfnum = PFN_INVALID;
1487 		} else if (cookie_is_devmem(cp)) {
1488 			pfnum = dhp->dh_pfn + btop(off);
1489 		} else if (cookie_is_pmem(cp)) {
1490 			pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie;
1491 			ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 &&
1492 				dhp->dh_roff < ptob(pcp->dp_npages));
1493 			pfnum = page_pptonum(
1494 			    pcp->dp_pparray[btop(off + dhp->dh_roff)]);
1495 		} else {
1496 			ASSERT(dhp->dh_roff < cp->size);
1497 			ASSERT(dhp->dh_cvaddr >= cp->cvaddr &&
1498 				dhp->dh_cvaddr < (cp->cvaddr + cp->size));
1499 			ASSERT((dhp->dh_cvaddr + off) <=
1500 				(cp->cvaddr + cp->size));
1501 			ASSERT((dhp->dh_cvaddr + off + PAGESIZE) <=
1502 				(cp->cvaddr + cp->size));
1503 
1504 			switch (cp->type) {
1505 			case UMEM_LOCKED :
1506 			    if (cp->pparray != NULL) {
1507 				ASSERT((dhp->dh_roff & PAGEOFFSET) == 0);
1508 				pfnum = page_pptonum(
1509 				    cp->pparray[btop(off + dhp->dh_roff)]);
1510 			    } else {
1511 				pfnum = hat_getpfnum(
1512 				    ((proc_t *)cp->procp)->p_as->a_hat,
1513 				    cp->cvaddr + off);
1514 			    }
1515 			    break;
1516 			case UMEM_TRASH :
1517 			    pfnum = page_pptonum(trashpp);
1518 			    /* We should set hat_flags to HAT_NOFAULT also */
1519 			    /* However, not all hat layers implement this */
1520 			    break;
1521 			case KMEM_PAGEABLE:
1522 			case KMEM_NON_PAGEABLE:
1523 			    pfnum = hat_getpfnum(kas.a_hat,
1524 				dhp->dh_cvaddr + off);
1525 			    break;
1526 			default :
1527 			    pfnum = PFN_INVALID;
1528 			    break;
1529 			}
1530 		}
1531 		prot |= dhp->dh_hat_attr;
1532 	}
1533 	if (pfnum == PFN_INVALID) {
1534 		return (FC_MAKE_ERR(EFAULT));
1535 	}
1536 	/* prot should already be OR'ed in with hat_attributes if needed */
1537 
1538 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE_CK1,
1539 	    "segdev_faultpage: pfnum=%lx memory=%x prot=%x flags=%x",
1540 	    pfnum, pf_is_memory(pfnum), prot, hat_flags);
1541 	DEBUGF(9, (CE_CONT, "segdev_faultpage: pfnum %lx memory %x "
1542 	    "prot %x flags %x\n", pfnum, pf_is_memory(pfnum), prot, hat_flags));
1543 
1544 	if (pf_is_memory(pfnum) || (dhp != NULL)) {
1545 		/*
1546 		 * It's not _really_ required here to pass sdp->hat_flags
1547 		 * to hat_devload even though we do it.
1548 		 * This is because hat figures it out DEVMEM mappings
1549 		 * are non-consistent, anyway.
1550 		 */
1551 		hat_devload(hat, addr, PAGESIZE, pfnum,
1552 				prot, hat_flags | sdp->hat_flags);
1553 		return (0);
1554 	}
1555 
1556 	/*
1557 	 * Fall through to the case where devmap is not used and need to call
1558 	 * up the device tree to set up the mapping
1559 	 */
1560 
1561 	dip = VTOS(VTOCVP(sdp->vp))->s_dip;
1562 	ASSERT(dip);
1563 
1564 	/*
1565 	 * When calling ddi_map_fault, we do not OR in sdp->hat_attr
1566 	 * This is because this calls drivers which may not expect
1567 	 * prot to have any other values than PROT_ALL
1568 	 * The root nexus driver has a hack to peek into the segment
1569 	 * structure and then OR in sdp->hat_attr.
1570 	 * XX In case the bus_ops interfaces are ever revisited
1571 	 * we need to fix this. prot should include other hat attributes
1572 	 */
1573 	if (ddi_map_fault(dip, hat, seg, addr, NULL, pfnum, prot & PROT_ALL,
1574 	    (uint_t)(type == F_SOFTLOCK)) != DDI_SUCCESS) {
1575 		return (FC_MAKE_ERR(EFAULT));
1576 	}
1577 	return (0);
1578 }
1579 
1580 static faultcode_t
1581 segdev_fault(
1582 	struct hat *hat,		/* the hat */
1583 	struct seg *seg,		/* the seg_dev of interest */
1584 	caddr_t addr,			/* the address of the fault */
1585 	size_t len,			/* the length of the range */
1586 	enum fault_type type,		/* type of fault */
1587 	enum seg_rw rw)			/* type of access at fault */
1588 {
1589 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1590 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
1591 	devmap_handle_t *dhp;
1592 	struct devmap_softlock *slock = NULL;
1593 	ulong_t slpage = 0;
1594 	ulong_t off;
1595 	caddr_t maddr = addr;
1596 	int err;
1597 	int err_is_faultcode = 0;
1598 
1599 	TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_FAULT,
1600 	    "segdev_fault: dhp_head=%p seg=%p addr=%p len=%lx type=%x",
1601 	    (void *)dhp_head, (void *)seg, (void *)addr, len, type);
1602 	DEBUGF(7, (CE_CONT, "segdev_fault: dhp_head %p seg %p "
1603 	    "addr %p len %lx type %x\n",
1604 	    (void *)dhp_head, (void *)seg, (void *)addr, len, type));
1605 
1606 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
1607 
1608 	/* Handle non-devmap case */
1609 	if (dhp_head == NULL)
1610 		return (segdev_faultpages(hat, seg, addr, len, type, rw, NULL));
1611 
1612 	/* Find devmap handle */
1613 	if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL)
1614 		return (FC_NOMAP);
1615 
1616 	/*
1617 	 * The seg_dev driver does not implement copy-on-write,
1618 	 * and always loads translations with maximal allowed permissions
1619 	 * but we got an fault trying to access the device.
1620 	 * Servicing the fault is not going to result in any better result
1621 	 * RFE: If we want devmap_access callbacks to be involved in F_PROT
1622 	 *	faults, then the code below is written for that
1623 	 *	Pending resolution of the following:
1624 	 *	- determine if the F_INVAL/F_SOFTLOCK syncing
1625 	 *	is needed for F_PROT also or not. The code below assumes it does
1626 	 *	- If driver sees F_PROT and calls devmap_load with same type,
1627 	 *	then segdev_faultpages will fail with FC_PROT anyway, need to
1628 	 *	change that so calls from devmap_load to segdev_faultpages for
1629 	 *	F_PROT type are retagged to F_INVAL.
1630 	 * RFE: Today we dont have drivers that use devmap and want to handle
1631 	 *	F_PROT calls. The code in segdev_fault* is written to allow
1632 	 *	this case but is not tested. A driver that needs this capability
1633 	 *	should be able to remove the short-circuit case; resolve the
1634 	 *	above issues and "should" work.
1635 	 */
1636 	if (type == F_PROT) {
1637 		return (FC_PROT);
1638 	}
1639 
1640 	/*
1641 	 * Loop through dhp list calling devmap_access or segdev_faultpages for
1642 	 * each devmap handle.
1643 	 * drivers which implement devmap_access can interpose on faults and do
1644 	 * device-appropriate special actions before calling devmap_load.
1645 	 */
1646 
1647 	/*
1648 	 * Unfortunately, this simple loop has turned out to expose a variety
1649 	 * of complex problems which results in the following convoluted code.
1650 	 *
1651 	 * First, a desire to handle a serialization of F_SOFTLOCK calls
1652 	 * to the driver within the framework.
1653 	 *	This results in a dh_softlock structure that is on a per device
1654 	 *	(or device instance) basis and serializes devmap_access calls.
1655 	 *	Ideally we would need to do this for underlying
1656 	 *	memory/device regions that are being faulted on
1657 	 *	but that is hard to identify and with REMAP, harder
1658 	 * Second, a desire to serialize F_INVAL(and F_PROT) calls w.r.t.
1659 	 * 	to F_SOFTLOCK calls to the driver.
1660 	 * These serializations are to simplify the driver programmer model.
1661 	 * To support these two features, the code first goes through the
1662 	 *	devmap handles and counts the pages (slpage) that are covered
1663 	 *	by devmap_access callbacks.
1664 	 * This part ends with a devmap_softlock_enter call
1665 	 *	which allows only one F_SOFTLOCK active on a device instance,
1666 	 *	but multiple F_INVAL/F_PROTs can be active except when a
1667 	 *	F_SOFTLOCK is active
1668 	 *
1669 	 * Next, we dont short-circuit the fault code upfront to call
1670 	 *	segdev_softunlock for F_SOFTUNLOCK, because we must use
1671 	 *	the same length when we softlock and softunlock.
1672 	 *
1673 	 *	-Hat layers may not support softunlocking lengths less than the
1674 	 *	original length when there is large page support.
1675 	 *	-kpmem locking is dependent on keeping the lengths same.
1676 	 *	-if drivers handled F_SOFTLOCK, they probably also expect to
1677 	 *		see an F_SOFTUNLOCK of the same length
1678 	 *	Hence, if extending lengths during softlock,
1679 	 *	softunlock has to make the same adjustments and goes through
1680 	 *	the same loop calling segdev_faultpages/segdev_softunlock
1681 	 *	But some of the synchronization and error handling is different
1682 	 */
1683 
1684 	if (type != F_SOFTUNLOCK) {
1685 		devmap_handle_t *dhpp = dhp;
1686 		size_t slen = len;
1687 
1688 		/*
1689 		 * Calculate count of pages that are :
1690 		 * a) within the (potentially extended) fault region
1691 		 * b) AND covered by devmap handle with devmap_access
1692 		 */
1693 		off = (ulong_t)(addr - dhpp->dh_uvaddr);
1694 		while (slen != 0) {
1695 			size_t mlen;
1696 
1697 			/*
1698 			 * Softlocking on a region that allows remap is
1699 			 * unsupported due to unresolved locking issues
1700 			 * XXX: unclear what these are?
1701 			 *	One potential is that if there is a pending
1702 			 *	softlock, then a remap should not be allowed
1703 			 *	until the unlock is done. This is easily
1704 			 *	fixed by returning error in devmap*remap on
1705 			 *	checking the dh->dh_softlock->softlocked value
1706 			 */
1707 			if ((type == F_SOFTLOCK) &&
1708 			    (dhpp->dh_flags & DEVMAP_ALLOW_REMAP)) {
1709 				return (FC_NOSUPPORT);
1710 			}
1711 
1712 			mlen = MIN(slen, (dhpp->dh_len - off));
1713 			if (dhpp->dh_callbackops.devmap_access) {
1714 				size_t llen;
1715 				caddr_t laddr;
1716 				/*
1717 				 * use extended length for large page mappings
1718 				 */
1719 				HOLD_DHP_LOCK(dhpp);
1720 				if ((sdp->pageprot == 0) &&
1721 				    (dhpp->dh_flags & DEVMAP_FLAG_LARGE)) {
1722 					devmap_get_large_pgsize(dhpp,
1723 					    mlen, maddr, &llen, &laddr);
1724 				} else {
1725 					llen = mlen;
1726 				}
1727 				RELE_DHP_LOCK(dhpp);
1728 
1729 				slpage += btopr(llen);
1730 				slock = dhpp->dh_softlock;
1731 			}
1732 			maddr += mlen;
1733 			ASSERT(slen >= mlen);
1734 			slen -= mlen;
1735 			dhpp = dhpp->dh_next;
1736 			off = 0;
1737 		}
1738 		/*
1739 		 * synchonize with other faulting threads and wait till safe
1740 		 * devmap_softlock_enter might return due to signal in cv_wait
1741 		 *
1742 		 * devmap_softlock_enter has to be called outside of while loop
1743 		 * to prevent a deadlock if len spans over multiple dhps.
1744 		 * dh_softlock is based on device instance and if multiple dhps
1745 		 * use the same device instance, the second dhp's LOCK call
1746 		 * will hang waiting on the first to complete.
1747 		 * devmap_setup verifies that slocks in a dhp_chain are same.
1748 		 * RFE: this deadlock only hold true for F_SOFTLOCK. For
1749 		 * 	F_INVAL/F_PROT, since we now allow multiple in parallel,
1750 		 *	we could have done the softlock_enter inside the loop
1751 		 *	and supported multi-dhp mappings with dissimilar devices
1752 		 */
1753 		if (err = devmap_softlock_enter(slock, slpage, type))
1754 			return (FC_MAKE_ERR(err));
1755 	}
1756 
1757 	/* reset 'maddr' to the start addr of the range of fault. */
1758 	maddr = addr;
1759 
1760 	/* calculate the offset corresponds to 'addr' in the first dhp. */
1761 	off = (ulong_t)(addr - dhp->dh_uvaddr);
1762 
1763 	/*
1764 	 * The fault length may span over multiple dhps.
1765 	 * Loop until the total length is satisfied.
1766 	 */
1767 	while (len != 0) {
1768 		size_t llen;
1769 		size_t mlen;
1770 		caddr_t laddr;
1771 
1772 		/*
1773 		 * mlen is the smaller of 'len' and the length
1774 		 * from addr to the end of mapping defined by dhp.
1775 		 */
1776 		mlen = MIN(len, (dhp->dh_len - off));
1777 
1778 		HOLD_DHP_LOCK(dhp);
1779 		/*
1780 		 * Pass the extended length and address to devmap_access
1781 		 * if large pagesize is used for loading address translations.
1782 		 */
1783 		if ((sdp->pageprot == 0) &&
1784 		    (dhp->dh_flags & DEVMAP_FLAG_LARGE)) {
1785 			devmap_get_large_pgsize(dhp, mlen, maddr,
1786 				&llen, &laddr);
1787 			ASSERT(maddr == addr || laddr == maddr);
1788 		} else {
1789 			llen = mlen;
1790 			laddr = maddr;
1791 		}
1792 
1793 		if (dhp->dh_callbackops.devmap_access != NULL) {
1794 			offset_t aoff;
1795 
1796 			aoff = sdp->offset + (offset_t)(laddr - seg->s_base);
1797 
1798 			/*
1799 			 * call driver's devmap_access entry point which will
1800 			 * call devmap_load/contextmgmt to load the translations
1801 			 *
1802 			 * We drop the dhp_lock before calling access so
1803 			 * drivers can call devmap_*_remap within access
1804 			 */
1805 			RELE_DHP_LOCK(dhp);
1806 
1807 			err = (*dhp->dh_callbackops.devmap_access)(
1808 			    dhp, (void *)dhp->dh_pvtp, aoff, llen, type, rw);
1809 		} else {
1810 			/*
1811 			 * If no devmap_access entry point, then load mappings
1812 			 * hold dhp_lock across faultpages if REMAP
1813 			 */
1814 			err = segdev_faultpages(hat, seg, laddr, llen,
1815 			    type, rw, dhp);
1816 			err_is_faultcode = 1;
1817 			RELE_DHP_LOCK(dhp);
1818 		}
1819 
1820 		if (err) {
1821 			if ((type == F_SOFTLOCK) && (maddr > addr)) {
1822 				/*
1823 				 * If not first dhp, use
1824 				 * segdev_fault(F_SOFTUNLOCK) for prior dhps
1825 				 * While this is recursion, it is incorrect to
1826 				 * call just segdev_softunlock
1827 				 * if we are using either large pages
1828 				 * or devmap_access. It will be more right
1829 				 * to go through the same loop as above
1830 				 * rather than call segdev_softunlock directly
1831 				 * It will use the right lenghths as well as
1832 				 * call into the driver devmap_access routines.
1833 				 */
1834 				size_t done = (size_t)(maddr - addr);
1835 				(void) segdev_fault(hat, seg, addr, done,
1836 					F_SOFTUNLOCK, S_OTHER);
1837 				/*
1838 				 * reduce slpage by number of pages
1839 				 * released by segdev_softunlock
1840 				 */
1841 				ASSERT(slpage >= btopr(done));
1842 				devmap_softlock_exit(slock,
1843 					slpage - btopr(done), type);
1844 			} else {
1845 				devmap_softlock_exit(slock, slpage, type);
1846 			}
1847 
1848 
1849 			/*
1850 			 * Segdev_faultpages() already returns a faultcode,
1851 			 * hence, result from segdev_faultpages() should be
1852 			 * returned directly.
1853 			 */
1854 			if (err_is_faultcode)
1855 				return (err);
1856 			return (FC_MAKE_ERR(err));
1857 		}
1858 
1859 		maddr += mlen;
1860 		ASSERT(len >= mlen);
1861 		len -= mlen;
1862 		dhp = dhp->dh_next;
1863 		off = 0;
1864 
1865 		ASSERT(!dhp || len == 0 || maddr == dhp->dh_uvaddr);
1866 	}
1867 	/*
1868 	 * release the softlock count at end of fault
1869 	 * For F_SOFTLOCk this is done in the later F_SOFTUNLOCK
1870 	 */
1871 	if ((type == F_INVAL) || (type == F_PROT))
1872 		devmap_softlock_exit(slock, slpage, type);
1873 	return (0);
1874 }
1875 
1876 /*
1877  * segdev_faultpages
1878  *
1879  * Used to fault in seg_dev segment pages. Called by segdev_fault or devmap_load
1880  * This routine assumes that the callers makes sure that the fields
1881  * in dhp used below are not changed due to remap during this call.
1882  * Caller does HOLD_DHP_LOCK if neeed
1883  * This routine returns a faultcode_t as a return value for segdev_fault.
1884  */
1885 static faultcode_t
1886 segdev_faultpages(
1887 	struct hat *hat,		/* the hat */
1888 	struct seg *seg,		/* the seg_dev of interest */
1889 	caddr_t addr,			/* the address of the fault */
1890 	size_t len,			/* the length of the range */
1891 	enum fault_type type,		/* type of fault */
1892 	enum seg_rw rw,			/* type of access at fault */
1893 	devmap_handle_t *dhp)		/* devmap handle */
1894 {
1895 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
1896 	register caddr_t a;
1897 	struct vpage *vpage;
1898 	struct ddi_umem_cookie *kpmem_cookie = NULL;
1899 	int err;
1900 
1901 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGES,
1902 	    "segdev_faultpages: dhp=%p seg=%p addr=%p len=%lx",
1903 	    (void *)dhp, (void *)seg, (void *)addr, len);
1904 	DEBUGF(5, (CE_CONT, "segdev_faultpages: "
1905 	    "dhp %p seg %p addr %p len %lx\n",
1906 	    (void *)dhp, (void *)seg, (void *)addr, len));
1907 
1908 	/*
1909 	 * The seg_dev driver does not implement copy-on-write,
1910 	 * and always loads translations with maximal allowed permissions
1911 	 * but we got an fault trying to access the device.
1912 	 * Servicing the fault is not going to result in any better result
1913 	 * XXX: If we want to allow devmap_access to handle F_PROT calls,
1914 	 * This code should be removed and let the normal fault handling
1915 	 * take care of finding the error
1916 	 */
1917 	if (type == F_PROT) {
1918 		return (FC_PROT);
1919 	}
1920 
1921 	if (type == F_SOFTUNLOCK) {
1922 		segdev_softunlock(hat, seg, addr, len, rw);
1923 		return (0);
1924 	}
1925 
1926 	/*
1927 	 * For kernel pageable memory, fault/lock segkp pages
1928 	 * We hold this until the completion of this
1929 	 * fault (INVAL/PROT) or till unlock (SOFTLOCK).
1930 	 */
1931 	if ((dhp != NULL) && dhp_is_kpmem(dhp)) {
1932 		kpmem_cookie = (struct ddi_umem_cookie *)dhp->dh_cookie;
1933 		if (err = acquire_kpmem_lock(kpmem_cookie, btopr(len)))
1934 			return (err);
1935 	}
1936 
1937 	/*
1938 	 * If we have the same protections for the entire segment,
1939 	 * insure that the access being attempted is legitimate.
1940 	 */
1941 	mutex_enter(&sdp->lock);
1942 	if (sdp->pageprot == 0) {
1943 		uint_t protchk;
1944 
1945 		switch (rw) {
1946 		case S_READ:
1947 			protchk = PROT_READ;
1948 			break;
1949 		case S_WRITE:
1950 			protchk = PROT_WRITE;
1951 			break;
1952 		case S_EXEC:
1953 			protchk = PROT_EXEC;
1954 			break;
1955 		case S_OTHER:
1956 		default:
1957 			protchk = PROT_READ | PROT_WRITE | PROT_EXEC;
1958 			break;
1959 		}
1960 
1961 		if ((sdp->prot & protchk) == 0) {
1962 			mutex_exit(&sdp->lock);
1963 			/* undo kpmem locking */
1964 			if (kpmem_cookie != NULL) {
1965 				release_kpmem_lock(kpmem_cookie, btopr(len));
1966 			}
1967 			return (FC_PROT);	/* illegal access type */
1968 		}
1969 	}
1970 
1971 	/*
1972 	 * we do a single hat_devload for the range if
1973 	 *   - devmap framework (dhp is not NULL),
1974 	 *   - pageprot == 0, i.e., no per-page protection set and
1975 	 *   - is device pages, irrespective of whether we are using large pages
1976 	 */
1977 	if ((sdp->pageprot == 0) && (dhp != NULL) && dhp_is_devmem(dhp)) {
1978 		pfn_t pfnum;
1979 		uint_t hat_flags;
1980 
1981 		if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) {
1982 			mutex_exit(&sdp->lock);
1983 			return (FC_NOMAP);
1984 		}
1985 
1986 		if (type == F_SOFTLOCK) {
1987 			mutex_enter(&freemem_lock);
1988 			sdp->softlockcnt += btopr(len);
1989 			mutex_exit(&freemem_lock);
1990 		}
1991 
1992 		hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD);
1993 		pfnum = dhp->dh_pfn + btop((uintptr_t)(addr - dhp->dh_uvaddr));
1994 		ASSERT(!pf_is_memory(pfnum));
1995 
1996 		hat_devload(hat, addr, len, pfnum, sdp->prot | dhp->dh_hat_attr,
1997 			hat_flags | sdp->hat_flags);
1998 		mutex_exit(&sdp->lock);
1999 		return (0);
2000 	}
2001 
2002 	/* Handle cases where we have to loop through fault handling per-page */
2003 
2004 	if (sdp->vpage == NULL)
2005 		vpage = NULL;
2006 	else
2007 		vpage = &sdp->vpage[seg_page(seg, addr)];
2008 
2009 	/* loop over the address range handling each fault */
2010 	for (a = addr; a < addr + len; a += PAGESIZE) {
2011 		if (err = segdev_faultpage(hat, seg, a, vpage, type, rw, dhp)) {
2012 			break;
2013 		}
2014 		if (vpage != NULL)
2015 			vpage++;
2016 	}
2017 	mutex_exit(&sdp->lock);
2018 	if (err && (type == F_SOFTLOCK)) { /* error handling for F_SOFTLOCK */
2019 		size_t done = (size_t)(a - addr); /* pages fault successfully */
2020 		if (done > 0) {
2021 			/* use softunlock for those pages */
2022 			segdev_softunlock(hat, seg, addr, done, S_OTHER);
2023 		}
2024 		if (kpmem_cookie != NULL) {
2025 			/* release kpmem lock for rest of pages */
2026 			ASSERT(len >= done);
2027 			release_kpmem_lock(kpmem_cookie, btopr(len - done));
2028 		}
2029 	} else if ((kpmem_cookie != NULL) && (type != F_SOFTLOCK)) {
2030 		/* for non-SOFTLOCK cases, release kpmem */
2031 		release_kpmem_lock(kpmem_cookie, btopr(len));
2032 	}
2033 	return (err);
2034 }
2035 
2036 /*
2037  * Asynchronous page fault.  We simply do nothing since this
2038  * entry point is not supposed to load up the translation.
2039  */
2040 /*ARGSUSED*/
2041 static faultcode_t
2042 segdev_faulta(struct seg *seg, caddr_t addr)
2043 {
2044 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FAULTA,
2045 	    "segdev_faulta: seg=%p addr=%p", (void *)seg, (void *)addr);
2046 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2047 
2048 	return (0);
2049 }
2050 
2051 static int
2052 segdev_setprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot)
2053 {
2054 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2055 	register devmap_handle_t *dhp;
2056 	register struct vpage *vp, *evp;
2057 	devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data;
2058 	ulong_t off;
2059 	size_t mlen, sz;
2060 
2061 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT,
2062 	    "segdev_setprot:start seg=%p addr=%p len=%lx prot=%x",
2063 	    (void *)seg, (void *)addr, len, prot);
2064 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2065 
2066 	if ((sz = sdp->softlockcnt) > 0 && dhp_head != NULL) {
2067 		/*
2068 		 * Fail the setprot if pages are SOFTLOCKed through this
2069 		 * mapping.
2070 		 * Softlockcnt is protected from change by the as read lock.
2071 		 */
2072 		TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT_CK1,
2073 		    "segdev_setprot:error softlockcnt=%lx", sz);
2074 		DEBUGF(1, (CE_CONT, "segdev_setprot: softlockcnt %ld\n", sz));
2075 		return (EAGAIN);
2076 	}
2077 
2078 	if (dhp_head != NULL) {
2079 		if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL)
2080 			return (EINVAL);
2081 
2082 		/*
2083 		 * check if violate maxprot.
2084 		 */
2085 		off = (ulong_t)(addr - dhp->dh_uvaddr);
2086 		mlen  = len;
2087 		while (dhp) {
2088 			if ((dhp->dh_maxprot & prot) != prot)
2089 				return (EACCES);	/* violated maxprot */
2090 
2091 			if (mlen > (dhp->dh_len - off)) {
2092 				mlen -= dhp->dh_len - off;
2093 				dhp = dhp->dh_next;
2094 				off = 0;
2095 			} else
2096 				break;
2097 		}
2098 	} else {
2099 		if ((sdp->maxprot & prot) != prot)
2100 			return (EACCES);
2101 	}
2102 
2103 	mutex_enter(&sdp->lock);
2104 	if (addr == seg->s_base && len == seg->s_size && sdp->pageprot == 0) {
2105 		if (sdp->prot == prot) {
2106 			mutex_exit(&sdp->lock);
2107 			return (0);			/* all done */
2108 		}
2109 		sdp->prot = (uchar_t)prot;
2110 	} else {
2111 		sdp->pageprot = 1;
2112 		if (sdp->vpage == NULL) {
2113 			/*
2114 			 * First time through setting per page permissions,
2115 			 * initialize all the vpage structures to prot
2116 			 */
2117 			sdp->vpage = kmem_zalloc(vpgtob(seg_pages(seg)),
2118 			    KM_SLEEP);
2119 			evp = &sdp->vpage[seg_pages(seg)];
2120 			for (vp = sdp->vpage; vp < evp; vp++)
2121 				VPP_SETPROT(vp, sdp->prot);
2122 		}
2123 		/*
2124 		 * Now go change the needed vpages protections.
2125 		 */
2126 		evp = &sdp->vpage[seg_page(seg, addr + len)];
2127 		for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++)
2128 			VPP_SETPROT(vp, prot);
2129 	}
2130 	mutex_exit(&sdp->lock);
2131 
2132 	if (dhp_head != NULL) {
2133 		devmap_handle_t *tdhp;
2134 		/*
2135 		 * If large page size was used in hat_devload(),
2136 		 * the same page size must be used in hat_unload().
2137 		 */
2138 		dhp = tdhp = devmap_find_handle(dhp_head, addr);
2139 		while (tdhp != NULL) {
2140 			if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) {
2141 				break;
2142 			}
2143 			tdhp = tdhp->dh_next;
2144 		}
2145 		if (tdhp) {
2146 			size_t slen = len;
2147 			size_t mlen;
2148 			size_t soff;
2149 
2150 			soff = (ulong_t)(addr - dhp->dh_uvaddr);
2151 			while (slen != 0) {
2152 				mlen = MIN(slen, (dhp->dh_len - soff));
2153 				hat_unload(seg->s_as->a_hat, dhp->dh_uvaddr,
2154 					dhp->dh_len, HAT_UNLOAD);
2155 				dhp = dhp->dh_next;
2156 				ASSERT(slen >= mlen);
2157 				slen -= mlen;
2158 				soff = 0;
2159 			}
2160 			return (0);
2161 		}
2162 	}
2163 
2164 	if ((prot & ~PROT_USER) == PROT_NONE) {
2165 		hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD);
2166 	} else {
2167 		/*
2168 		 * RFE: the segment should keep track of all attributes
2169 		 * allowing us to remove the deprecated hat_chgprot
2170 		 * and use hat_chgattr.
2171 		 */
2172 		hat_chgprot(seg->s_as->a_hat, addr, len, prot);
2173 	}
2174 
2175 	return (0);
2176 }
2177 
2178 static int
2179 segdev_checkprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot)
2180 {
2181 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2182 	struct vpage *vp, *evp;
2183 
2184 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_CHECKPROT,
2185 	    "segdev_checkprot:start seg=%p addr=%p len=%lx prot=%x",
2186 	    (void *)seg, (void *)addr, len, prot);
2187 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2188 
2189 	/*
2190 	 * If segment protection can be used, simply check against them
2191 	 */
2192 	mutex_enter(&sdp->lock);
2193 	if (sdp->pageprot == 0) {
2194 		register int err;
2195 
2196 		err = ((sdp->prot & prot) != prot) ? EACCES : 0;
2197 		mutex_exit(&sdp->lock);
2198 		return (err);
2199 	}
2200 
2201 	/*
2202 	 * Have to check down to the vpage level
2203 	 */
2204 	evp = &sdp->vpage[seg_page(seg, addr + len)];
2205 	for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) {
2206 		if ((VPP_PROT(vp) & prot) != prot) {
2207 			mutex_exit(&sdp->lock);
2208 			return (EACCES);
2209 		}
2210 	}
2211 	mutex_exit(&sdp->lock);
2212 	return (0);
2213 }
2214 
2215 static int
2216 segdev_getprot(struct seg *seg, caddr_t addr, size_t len, uint_t *protv)
2217 {
2218 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2219 	size_t pgno;
2220 
2221 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_GETPROT,
2222 	    "segdev_getprot:start seg=%p addr=%p len=%lx protv=%p",
2223 	    (void *)seg, (void *)addr, len, (void *)protv);
2224 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2225 
2226 	pgno = seg_page(seg, addr + len) - seg_page(seg, addr) + 1;
2227 	if (pgno != 0) {
2228 		mutex_enter(&sdp->lock);
2229 		if (sdp->pageprot == 0) {
2230 			do
2231 				protv[--pgno] = sdp->prot;
2232 			while (pgno != 0);
2233 		} else {
2234 			size_t pgoff = seg_page(seg, addr);
2235 
2236 			do {
2237 				pgno--;
2238 				protv[pgno] =
2239 					VPP_PROT(&sdp->vpage[pgno + pgoff]);
2240 			} while (pgno != 0);
2241 		}
2242 		mutex_exit(&sdp->lock);
2243 	}
2244 	return (0);
2245 }
2246 
2247 static u_offset_t
2248 segdev_getoffset(register struct seg *seg, caddr_t addr)
2249 {
2250 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2251 
2252 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETOFFSET,
2253 	    "segdev_getoffset:start seg=%p addr=%p", (void *)seg, (void *)addr);
2254 
2255 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2256 
2257 	return ((u_offset_t)sdp->offset + (addr - seg->s_base));
2258 }
2259 
2260 /*ARGSUSED*/
2261 static int
2262 segdev_gettype(register struct seg *seg, caddr_t addr)
2263 {
2264 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2265 
2266 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETTYPE,
2267 	    "segdev_gettype:start seg=%p addr=%p", (void *)seg, (void *)addr);
2268 
2269 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2270 
2271 	return (sdp->type);
2272 }
2273 
2274 
2275 /*ARGSUSED*/
2276 static int
2277 segdev_getvp(register struct seg *seg, caddr_t addr, struct vnode **vpp)
2278 {
2279 	register struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
2280 
2281 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETVP,
2282 	    "segdev_getvp:start seg=%p addr=%p", (void *)seg, (void *)addr);
2283 
2284 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2285 
2286 	/*
2287 	 * Note that this vp is the common_vp of the device, where the
2288 	 * pages are hung ..
2289 	 */
2290 	*vpp = VTOCVP(sdp->vp);
2291 
2292 	return (0);
2293 }
2294 
2295 static void
2296 segdev_badop(void)
2297 {
2298 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGDEV_BADOP,
2299 		"segdev_badop:start");
2300 	panic("segdev_badop");
2301 	/*NOTREACHED*/
2302 }
2303 
2304 /*
2305  * segdev pages are not in the cache, and thus can't really be controlled.
2306  * Hence, syncs are simply always successful.
2307  */
2308 /*ARGSUSED*/
2309 static int
2310 segdev_sync(struct seg *seg, caddr_t addr, size_t len, int attr, uint_t flags)
2311 {
2312 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SYNC, "segdev_sync:start");
2313 
2314 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2315 
2316 	return (0);
2317 }
2318 
2319 /*
2320  * segdev pages are always "in core".
2321  */
2322 /*ARGSUSED*/
2323 static size_t
2324 segdev_incore(struct seg *seg, caddr_t addr, size_t len, char *vec)
2325 {
2326 	size_t v = 0;
2327 
2328 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_INCORE, "segdev_incore:start");
2329 
2330 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2331 
2332 	for (len = (len + PAGEOFFSET) & PAGEMASK; len; len -= PAGESIZE,
2333 	    v += PAGESIZE)
2334 		*vec++ = 1;
2335 	return (v);
2336 }
2337 
2338 /*
2339  * segdev pages are not in the cache, and thus can't really be controlled.
2340  * Hence, locks are simply always successful.
2341  */
2342 /*ARGSUSED*/
2343 static int
2344 segdev_lockop(struct seg *seg, caddr_t addr,
2345     size_t len, int attr, int op, ulong_t *lockmap, size_t pos)
2346 {
2347 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_LOCKOP, "segdev_lockop:start");
2348 
2349 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2350 
2351 	return (0);
2352 }
2353 
2354 /*
2355  * segdev pages are not in the cache, and thus can't really be controlled.
2356  * Hence, advise is simply always successful.
2357  */
2358 /*ARGSUSED*/
2359 static int
2360 segdev_advise(struct seg *seg, caddr_t addr, size_t len, uint_t behav)
2361 {
2362 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_ADVISE, "segdev_advise:start");
2363 
2364 	ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock));
2365 
2366 	return (0);
2367 }
2368 
2369 /*
2370  * segdev pages are not dumped, so we just return
2371  */
2372 /*ARGSUSED*/
2373 static void
2374 segdev_dump(struct seg *seg)
2375 {}
2376 
2377 /*
2378  * ddi_segmap_setup:	Used by drivers who wish specify mapping attributes
2379  *			for a segment.	Called from a drivers segmap(9E)
2380  *			routine.
2381  */
2382 /*ARGSUSED*/
2383 int
2384 ddi_segmap_setup(dev_t dev, off_t offset, struct as *as, caddr_t *addrp,
2385     off_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cred,
2386     ddi_device_acc_attr_t *accattrp, uint_t rnumber)
2387 {
2388 	struct segdev_crargs dev_a;
2389 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2390 	uint_t hat_attr;
2391 	pfn_t pfn;
2392 	int	error, i;
2393 
2394 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP_SETUP,
2395 	    "ddi_segmap_setup:start");
2396 
2397 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2398 		return (ENODEV);
2399 
2400 	/*
2401 	 * Character devices that support the d_mmap
2402 	 * interface can only be mmap'ed shared.
2403 	 */
2404 	if ((flags & MAP_TYPE) != MAP_SHARED)
2405 		return (EINVAL);
2406 
2407 	/*
2408 	 * Check that this region is indeed mappable on this platform.
2409 	 * Use the mapping function.
2410 	 */
2411 	if (ddi_device_mapping_check(dev, accattrp, rnumber, &hat_attr) == -1)
2412 		return (ENXIO);
2413 
2414 	/*
2415 	 * Check to ensure that the entire range is
2416 	 * legal and we are not trying to map in
2417 	 * more than the device will let us.
2418 	 */
2419 	for (i = 0; i < len; i += PAGESIZE) {
2420 		if (i == 0) {
2421 			/*
2422 			 * Save the pfn at offset here. This pfn will be
2423 			 * used later to get user address.
2424 			 */
2425 			if ((pfn = (pfn_t)cdev_mmap(mapfunc, dev, offset,
2426 				maxprot)) == PFN_INVALID)
2427 				return (ENXIO);
2428 		} else {
2429 			if (cdev_mmap(mapfunc, dev, offset + i, maxprot) ==
2430 				PFN_INVALID)
2431 				return (ENXIO);
2432 		}
2433 	}
2434 
2435 	as_rangelock(as);
2436 	if ((flags & MAP_FIXED) == 0) {
2437 		/*
2438 		 * Pick an address w/o worrying about
2439 		 * any vac alignment constraints.
2440 		 */
2441 		map_addr(addrp, len, ptob(pfn), 0, flags);
2442 		if (*addrp == NULL) {
2443 			as_rangeunlock(as);
2444 			return (ENOMEM);
2445 		}
2446 	} else {
2447 		/*
2448 		 * User-specified address; blow away any previous mappings.
2449 		 */
2450 		(void) as_unmap(as, *addrp, len);
2451 	}
2452 
2453 	dev_a.mapfunc = mapfunc;
2454 	dev_a.dev = dev;
2455 	dev_a.offset = (offset_t)offset;
2456 	dev_a.type = flags & MAP_TYPE;
2457 	dev_a.prot = (uchar_t)prot;
2458 	dev_a.maxprot = (uchar_t)maxprot;
2459 	dev_a.hat_attr = hat_attr;
2460 	dev_a.hat_flags = 0;
2461 	dev_a.devmap_data = NULL;
2462 
2463 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2464 	as_rangeunlock(as);
2465 	return (error);
2466 
2467 }
2468 
2469 /*ARGSUSED*/
2470 static int
2471 segdev_pagelock(struct seg *seg, caddr_t addr, size_t len,
2472     struct page ***ppp, enum lock_type type, enum seg_rw rw)
2473 {
2474 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_PAGELOCK,
2475 	    "segdev_pagelock:start");
2476 	return (ENOTSUP);
2477 }
2478 
2479 /*ARGSUSED*/
2480 static int
2481 segdev_setpagesize(struct seg *seg, caddr_t addr, size_t len,
2482     uint_t szc)
2483 {
2484 	return (ENOTSUP);
2485 }
2486 
2487 /*
2488  * devmap_device: Used by devmap framework to establish mapping
2489  *                called by devmap_seup(9F) during map setup time.
2490  */
2491 /*ARGSUSED*/
2492 static int
2493 devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr,
2494     offset_t off, size_t len, uint_t flags)
2495 {
2496 	devmap_handle_t *rdhp, *maxdhp;
2497 	struct segdev_crargs dev_a;
2498 	int	err;
2499 	uint_t maxprot = PROT_ALL;
2500 	offset_t offset = 0;
2501 	pfn_t pfn;
2502 	struct devmap_pmem_cookie *pcp;
2503 
2504 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVICE,
2505 	    "devmap_device:start dhp=%p addr=%p off=%llx, len=%lx",
2506 	    (void *)dhp, (void *)addr, off, len);
2507 
2508 	DEBUGF(2, (CE_CONT, "devmap_device: dhp %p addr %p off %llx len %lx\n",
2509 	    (void *)dhp, (void *)addr, off, len));
2510 
2511 	as_rangelock(as);
2512 	if ((flags & MAP_FIXED) == 0) {
2513 		offset_t aligned_off;
2514 
2515 		rdhp = maxdhp = dhp;
2516 		while (rdhp != NULL) {
2517 			maxdhp = (maxdhp->dh_len > rdhp->dh_len) ?
2518 				maxdhp : rdhp;
2519 			rdhp = rdhp->dh_next;
2520 			maxprot |= dhp->dh_maxprot;
2521 		}
2522 		offset = maxdhp->dh_uoff - dhp->dh_uoff;
2523 
2524 		/*
2525 		 * Use the dhp that has the
2526 		 * largest len to get user address.
2527 		 */
2528 		/*
2529 		 * If MAPPING_INVALID, cannot use dh_pfn/dh_cvaddr,
2530 		 * use 0 which is as good as any other.
2531 		 */
2532 		if (maxdhp->dh_flags & DEVMAP_MAPPING_INVALID) {
2533 			aligned_off = (offset_t)0;
2534 		} else if (dhp_is_devmem(maxdhp)) {
2535 			aligned_off = (offset_t)ptob(maxdhp->dh_pfn) - offset;
2536 		} else if (dhp_is_pmem(maxdhp)) {
2537 			pcp = (struct devmap_pmem_cookie *)maxdhp->dh_pcookie;
2538 			pfn = page_pptonum(
2539 			    pcp->dp_pparray[btop(maxdhp->dh_roff)]);
2540 			aligned_off = (offset_t)ptob(pfn) - offset;
2541 		} else {
2542 			aligned_off = (offset_t)(uintptr_t)maxdhp->dh_cvaddr -
2543 			    offset;
2544 		}
2545 
2546 		/*
2547 		 * Pick an address aligned to dh_cookie.
2548 		 * for kernel memory/user memory, cookie is cvaddr.
2549 		 * for device memory, cookie is physical address.
2550 		 */
2551 		map_addr(addr, len, aligned_off, 1, flags);
2552 		if (*addr == NULL) {
2553 			as_rangeunlock(as);
2554 			return (ENOMEM);
2555 		}
2556 	} else {
2557 		/*
2558 		 * User-specified address; blow away any previous mappings.
2559 		 */
2560 		(void) as_unmap(as, *addr, len);
2561 	}
2562 
2563 	dev_a.mapfunc = NULL;
2564 	dev_a.dev = dhp->dh_dev;
2565 	dev_a.type = flags & MAP_TYPE;
2566 	dev_a.offset = off;
2567 	/*
2568 	 * sdp->maxprot has the least restrict protection of all dhps.
2569 	 */
2570 	dev_a.maxprot = maxprot;
2571 	dev_a.prot = dhp->dh_prot;
2572 	/*
2573 	 * devmap uses dhp->dh_hat_attr for hat.
2574 	 */
2575 	dev_a.hat_flags = 0;
2576 	dev_a.hat_attr = 0;
2577 	dev_a.devmap_data = (void *)dhp;
2578 
2579 	err = as_map(as, *addr, len, segdev_create, &dev_a);
2580 	as_rangeunlock(as);
2581 	return (err);
2582 }
2583 
2584 int
2585 devmap_do_ctxmgt(devmap_cookie_t dhc, void *pvtp, offset_t off, size_t len,
2586     uint_t type, uint_t rw, int (*ctxmgt)(devmap_cookie_t, void *, offset_t,
2587     size_t, uint_t, uint_t))
2588 {
2589 	register devmap_handle_t *dhp = (devmap_handle_t *)dhc;
2590 	struct devmap_ctx *devctx;
2591 	int do_timeout = 0;
2592 	int ret;
2593 
2594 #ifdef lint
2595 	pvtp = pvtp;
2596 #endif
2597 
2598 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT,
2599 	    "devmap_do_ctxmgt:start dhp=%p off=%llx, len=%lx",
2600 	    (void *)dhp, off, len);
2601 	DEBUGF(7, (CE_CONT, "devmap_do_ctxmgt: dhp %p off %llx len %lx\n",
2602 	    (void *)dhp, off, len));
2603 
2604 	if (ctxmgt == NULL)
2605 		return (FC_HWERR);
2606 
2607 	devctx = dhp->dh_ctx;
2608 
2609 	/*
2610 	 * If we are on an MP system with more than one cpu running
2611 	 * and if a thread on some CPU already has the context, wait
2612 	 * for it to finish if there is a hysteresis timeout.
2613 	 *
2614 	 * We call cv_wait() instead of cv_wait_sig() because
2615 	 * it does not matter much if it returned due to a signal
2616 	 * or due to a cv_signal() or cv_broadcast().  In either event
2617 	 * we need to complete the mapping otherwise the processes
2618 	 * will die with a SEGV.
2619 	 */
2620 	if ((dhp->dh_timeout_length > 0) && (ncpus > 1)) {
2621 		TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK1,
2622 		    "devmap_do_ctxmgt:doing hysteresis, devctl %p dhp %p",
2623 		    devctx, dhp);
2624 		do_timeout = 1;
2625 		mutex_enter(&devctx->lock);
2626 		while (devctx->oncpu)
2627 			cv_wait(&devctx->cv, &devctx->lock);
2628 		devctx->oncpu = 1;
2629 		mutex_exit(&devctx->lock);
2630 	}
2631 
2632 	/*
2633 	 * Call the contextmgt callback so that the driver can handle
2634 	 * the fault.
2635 	 */
2636 	ret = (*ctxmgt)(dhp, dhp->dh_pvtp, off, len, type, rw);
2637 
2638 	/*
2639 	 * If devmap_access() returned -1, then there was a hardware
2640 	 * error so we need to convert the return value to something
2641 	 * that trap() will understand.  Otherwise, the return value
2642 	 * is already a fault code generated by devmap_unload()
2643 	 * or devmap_load().
2644 	 */
2645 	if (ret) {
2646 		TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK2,
2647 		    "devmap_do_ctxmgt: ret=%x dhp=%p devctx=%p",
2648 		    ret, dhp, devctx);
2649 		DEBUGF(1, (CE_CONT, "devmap_do_ctxmgt: ret %x dhp %p\n",
2650 		    ret, (void *)dhp));
2651 		if (devctx->oncpu) {
2652 			mutex_enter(&devctx->lock);
2653 			devctx->oncpu = 0;
2654 			cv_signal(&devctx->cv);
2655 			mutex_exit(&devctx->lock);
2656 		}
2657 		return (FC_HWERR);
2658 	}
2659 
2660 	/*
2661 	 * Setup the timeout if we need to
2662 	 */
2663 	if (do_timeout) {
2664 		mutex_enter(&devctx->lock);
2665 		if (dhp->dh_timeout_length > 0) {
2666 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK3,
2667 			    "devmap_do_ctxmgt:timeout set");
2668 			devctx->timeout = timeout(devmap_ctxto,
2669 			    devctx, dhp->dh_timeout_length);
2670 		} else {
2671 			/*
2672 			 * We don't want to wait so set oncpu to
2673 			 * 0 and wake up anyone waiting.
2674 			 */
2675 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK4,
2676 			    "devmap_do_ctxmgt:timeout not set");
2677 			devctx->oncpu = 0;
2678 			cv_signal(&devctx->cv);
2679 		}
2680 		mutex_exit(&devctx->lock);
2681 	}
2682 
2683 	return (DDI_SUCCESS);
2684 }
2685 
2686 /*
2687  *                                       end of mapping
2688  *                    poff   fault_offset         |
2689  *            base     |        |                 |
2690  *              |      |        |                 |
2691  *              V      V        V                 V
2692  *  +-----------+---------------+-------+---------+-------+
2693  *              ^               ^       ^         ^
2694  *              |<--- offset--->|<-len->|         |
2695  *              |<--- dh_len(size of mapping) --->|
2696  *                     |<--  pg -->|
2697  *                              -->|rlen|<--
2698  */
2699 static ulong_t
2700 devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len,
2701     ulong_t *opfn, ulong_t *pagesize)
2702 {
2703 	register int level;
2704 	ulong_t pg;
2705 	ulong_t poff;
2706 	ulong_t base;
2707 	caddr_t uvaddr;
2708 	long rlen;
2709 
2710 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP,
2711 	    "devmap_roundup:start dhp=%p off=%lx len=%lx",
2712 	    (void *)dhp, offset, len);
2713 	DEBUGF(2, (CE_CONT, "devmap_roundup: dhp %p off %lx len %lx\n",
2714 	    (void *)dhp, offset, len));
2715 
2716 	/*
2717 	 * get the max. pagesize that is aligned within the range
2718 	 * <dh_pfn, dh_pfn+offset>.
2719 	 *
2720 	 * The calculations below use physical address to ddetermine
2721 	 * the page size to use. The same calculations can use the
2722 	 * virtual address to determine the page size.
2723 	 */
2724 	base = (ulong_t)ptob(dhp->dh_pfn);
2725 	for (level = dhp->dh_mmulevel; level >= 0; level--) {
2726 		pg = page_get_pagesize(level);
2727 		poff = ((base + offset) & ~(pg - 1));
2728 		uvaddr = dhp->dh_uvaddr + (poff - base);
2729 		if ((poff >= base) &&
2730 		    ((poff + pg) <= (base + dhp->dh_len)) &&
2731 		    VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg))
2732 			break;
2733 	}
2734 
2735 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK1,
2736 	    "devmap_roundup: base=%lx poff=%lx dhp=%p",
2737 	    base, poff, dhp);
2738 	DEBUGF(2, (CE_CONT, "devmap_roundup: base %lx poff %lx pfn %lx\n",
2739 	    base, poff, dhp->dh_pfn));
2740 
2741 	ASSERT(VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg));
2742 	ASSERT(level >= 0);
2743 
2744 	*pagesize = pg;
2745 	*opfn = dhp->dh_pfn + btop(poff - base);
2746 
2747 	rlen = len + offset - (poff - base + pg);
2748 
2749 	ASSERT(rlen < (long)len);
2750 
2751 	TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK2,
2752 	    "devmap_roundup:ret dhp=%p level=%x rlen=%lx psiz=%p opfn=%p",
2753 	    (void *)dhp, level, rlen, pagesize, opfn);
2754 	DEBUGF(1, (CE_CONT, "devmap_roundup: dhp %p "
2755 	    "level %x rlen %lx psize %lx opfn %lx\n",
2756 	    (void *)dhp, level, rlen, *pagesize, *opfn));
2757 
2758 	return ((ulong_t)((rlen > 0) ? rlen : 0));
2759 }
2760 
2761 /*
2762  * find the dhp that contains addr.
2763  */
2764 static devmap_handle_t *
2765 devmap_find_handle(devmap_handle_t *dhp_head, caddr_t addr)
2766 {
2767 	devmap_handle_t *dhp;
2768 
2769 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_FIND_HANDLE,
2770 	    "devmap_find_handle:start");
2771 
2772 	dhp = dhp_head;
2773 	while (dhp) {
2774 		if (addr >= dhp->dh_uvaddr &&
2775 		    addr < (dhp->dh_uvaddr + dhp->dh_len))
2776 			return (dhp);
2777 		dhp = dhp->dh_next;
2778 	}
2779 
2780 	return ((devmap_handle_t *)NULL);
2781 }
2782 
2783 /*
2784  * devmap_unload:
2785  *			Marks a segdev segment or pages if offset->offset+len
2786  *			is not the entire segment as intercept and unloads the
2787  *			pages in the range offset -> offset+len.
2788  */
2789 int
2790 devmap_unload(devmap_cookie_t dhc, offset_t offset, size_t len)
2791 {
2792 	register devmap_handle_t *dhp = (devmap_handle_t *)dhc;
2793 	caddr_t	addr;
2794 	ulong_t	size;
2795 	ssize_t	soff;
2796 
2797 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_UNLOAD,
2798 	    "devmap_unload:start dhp=%p offset=%llx len=%lx",
2799 	    (void *)dhp, offset, len);
2800 	DEBUGF(7, (CE_CONT, "devmap_unload: dhp %p offset %llx len %lx\n",
2801 	    (void *)dhp, offset, len));
2802 
2803 	soff = (ssize_t)(offset - dhp->dh_uoff);
2804 	soff = round_down_p2(soff, PAGESIZE);
2805 	if (soff < 0 || soff >= dhp->dh_len)
2806 		return (FC_MAKE_ERR(EINVAL));
2807 
2808 	/*
2809 	 * Address and size must be page aligned.  Len is set to the
2810 	 * number of bytes in the number of pages that are required to
2811 	 * support len.  Offset is set to the byte offset of the first byte
2812 	 * of the page that contains offset.
2813 	 */
2814 	len = round_up_p2(len, PAGESIZE);
2815 
2816 	/*
2817 	 * If len is == 0, then calculate the size by getting
2818 	 * the number of bytes from offset to the end of the segment.
2819 	 */
2820 	if (len == 0)
2821 		size = dhp->dh_len - soff;
2822 	else {
2823 		size = len;
2824 		if ((soff + size) > dhp->dh_len)
2825 			return (FC_MAKE_ERR(EINVAL));
2826 	}
2827 
2828 	/*
2829 	 * The address is offset bytes from the base address of
2830 	 * the dhp.
2831 	 */
2832 	addr = (caddr_t)(soff + dhp->dh_uvaddr);
2833 
2834 	/*
2835 	 * If large page size was used in hat_devload(),
2836 	 * the same page size must be used in hat_unload().
2837 	 */
2838 	if (dhp->dh_flags & DEVMAP_FLAG_LARGE) {
2839 		hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
2840 			dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
2841 	} else {
2842 		hat_unload(dhp->dh_seg->s_as->a_hat,  addr, size,
2843 			HAT_UNLOAD|HAT_UNLOAD_OTHER);
2844 	}
2845 
2846 	return (0);
2847 }
2848 
2849 /*
2850  * calculates the optimal page size that will be used for hat_devload().
2851  */
2852 static void
2853 devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, caddr_t addr,
2854     size_t *llen, caddr_t *laddr)
2855 {
2856 	ulong_t off;
2857 	ulong_t pfn;
2858 	ulong_t pgsize;
2859 	uint_t first = 1;
2860 
2861 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GET_LARGE_PGSIZE,
2862 	    "devmap_get_large_pgsize:start");
2863 
2864 	/*
2865 	 * RFE - Code only supports large page mappings for devmem
2866 	 * This code could be changed in future if we want to support
2867 	 * large page mappings for kernel exported memory.
2868 	 */
2869 	ASSERT(dhp_is_devmem(dhp));
2870 	ASSERT(!(dhp->dh_flags & DEVMAP_MAPPING_INVALID));
2871 
2872 	*llen = 0;
2873 	off = (ulong_t)(addr - dhp->dh_uvaddr);
2874 	while ((long)len > 0) {
2875 		/*
2876 		 * get the optimal pfn to minimize address translations.
2877 		 * devmap_roundup() returns residue bytes for next round
2878 		 * calculations.
2879 		 */
2880 		len = devmap_roundup(dhp, off, len, &pfn, &pgsize);
2881 
2882 		if (first) {
2883 			*laddr = dhp->dh_uvaddr + ptob(pfn - dhp->dh_pfn);
2884 			first = 0;
2885 		}
2886 
2887 		*llen += pgsize;
2888 		off = ptob(pfn - dhp->dh_pfn) + pgsize;
2889 	}
2890 	/* Large page mapping len/addr cover more range than orginal fault */
2891 	ASSERT(*llen >= len && *laddr <= addr);
2892 	ASSERT((*laddr + *llen) >= (addr + len));
2893 }
2894 
2895 /*
2896  * Initialize the devmap_softlock structure.
2897  */
2898 static struct devmap_softlock *
2899 devmap_softlock_init(dev_t dev, ulong_t id)
2900 {
2901 	struct devmap_softlock *slock;
2902 	struct devmap_softlock *tmp;
2903 
2904 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_INIT,
2905 	    "devmap_softlock_init:start");
2906 
2907 	tmp = kmem_zalloc(sizeof (struct devmap_softlock), KM_SLEEP);
2908 	mutex_enter(&devmap_slock);
2909 
2910 	for (slock = devmap_slist; slock != NULL; slock = slock->next)
2911 		if ((slock->dev == dev) && (slock->id == id))
2912 			break;
2913 
2914 	if (slock == NULL) {
2915 		slock = tmp;
2916 		slock->dev = dev;
2917 		slock->id = id;
2918 		mutex_init(&slock->lock, NULL, MUTEX_DEFAULT, NULL);
2919 		cv_init(&slock->cv, NULL, CV_DEFAULT, NULL);
2920 		slock->next = devmap_slist;
2921 		devmap_slist = slock;
2922 	} else
2923 		kmem_free(tmp, sizeof (struct devmap_softlock));
2924 
2925 	mutex_enter(&slock->lock);
2926 	slock->refcnt++;
2927 	mutex_exit(&slock->lock);
2928 	mutex_exit(&devmap_slock);
2929 
2930 	return (slock);
2931 }
2932 
2933 /*
2934  * Wake up processes that sleep on softlocked.
2935  * Free dh_softlock if refcnt is 0.
2936  */
2937 static void
2938 devmap_softlock_rele(devmap_handle_t *dhp)
2939 {
2940 	struct devmap_softlock *slock = dhp->dh_softlock;
2941 	struct devmap_softlock *tmp;
2942 	struct devmap_softlock *parent;
2943 
2944 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_RELE,
2945 	    "devmap_softlock_rele:start");
2946 
2947 	mutex_enter(&devmap_slock);
2948 	mutex_enter(&slock->lock);
2949 
2950 	ASSERT(slock->refcnt > 0);
2951 
2952 	slock->refcnt--;
2953 
2954 	/*
2955 	 * If no one is using the device, free up the slock data.
2956 	 */
2957 	if (slock->refcnt == 0) {
2958 		slock->softlocked = 0;
2959 		cv_signal(&slock->cv);
2960 
2961 		if (devmap_slist == slock)
2962 			devmap_slist = slock->next;
2963 		else {
2964 			parent = devmap_slist;
2965 			for (tmp = devmap_slist->next; tmp != NULL;
2966 				tmp = tmp->next) {
2967 				if (tmp == slock) {
2968 					parent->next = tmp->next;
2969 					break;
2970 				}
2971 				parent = tmp;
2972 			}
2973 		}
2974 		mutex_exit(&slock->lock);
2975 		mutex_destroy(&slock->lock);
2976 		cv_destroy(&slock->cv);
2977 		kmem_free(slock, sizeof (struct devmap_softlock));
2978 	} else
2979 		mutex_exit(&slock->lock);
2980 
2981 	mutex_exit(&devmap_slock);
2982 }
2983 
2984 /*
2985  * Wake up processes that sleep on dh_ctx->locked.
2986  * Free dh_ctx if refcnt is 0.
2987  */
2988 static void
2989 devmap_ctx_rele(devmap_handle_t *dhp)
2990 {
2991 	struct devmap_ctx *devctx = dhp->dh_ctx;
2992 	struct devmap_ctx *tmp;
2993 	struct devmap_ctx *parent;
2994 	timeout_id_t tid;
2995 
2996 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE,
2997 	    "devmap_ctx_rele:start");
2998 
2999 	mutex_enter(&devmapctx_lock);
3000 	mutex_enter(&devctx->lock);
3001 
3002 	ASSERT(devctx->refcnt > 0);
3003 
3004 	devctx->refcnt--;
3005 
3006 	/*
3007 	 * If no one is using the device, free up the devctx data.
3008 	 */
3009 	if (devctx->refcnt == 0) {
3010 		/*
3011 		 * Untimeout any threads using this mapping as they are about
3012 		 * to go away.
3013 		 */
3014 		if (devctx->timeout != 0) {
3015 			TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE_CK1,
3016 			    "devmap_ctx_rele:untimeout ctx->timeout");
3017 
3018 			tid = devctx->timeout;
3019 			mutex_exit(&devctx->lock);
3020 			(void) untimeout(tid);
3021 			mutex_enter(&devctx->lock);
3022 		}
3023 
3024 		devctx->oncpu = 0;
3025 		cv_signal(&devctx->cv);
3026 
3027 		if (devmapctx_list == devctx)
3028 			devmapctx_list = devctx->next;
3029 		else {
3030 			parent = devmapctx_list;
3031 			for (tmp = devmapctx_list->next; tmp != NULL;
3032 				tmp = tmp->next) {
3033 				if (tmp == devctx) {
3034 					parent->next = tmp->next;
3035 					break;
3036 				}
3037 				parent = tmp;
3038 			}
3039 		}
3040 		mutex_exit(&devctx->lock);
3041 		mutex_destroy(&devctx->lock);
3042 		cv_destroy(&devctx->cv);
3043 		kmem_free(devctx, sizeof (struct devmap_ctx));
3044 	} else
3045 		mutex_exit(&devctx->lock);
3046 
3047 	mutex_exit(&devmapctx_lock);
3048 }
3049 
3050 /*
3051  * devmap_load:
3052  *			Marks a segdev segment or pages if offset->offset+len
3053  *			is not the entire segment as nointercept and faults in
3054  *			the pages in the range offset -> offset+len.
3055  */
3056 int
3057 devmap_load(devmap_cookie_t dhc, offset_t offset, size_t len, uint_t type,
3058     uint_t rw)
3059 {
3060 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3061 	struct as *asp = dhp->dh_seg->s_as;
3062 	caddr_t	addr;
3063 	ulong_t	size;
3064 	ssize_t	soff;	/* offset from the beginning of the segment */
3065 	int rc;
3066 
3067 	TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_LOAD,
3068 	    "devmap_load:start dhp=%p offset=%llx len=%lx",
3069 		(void *)dhp, offset, len);
3070 
3071 	DEBUGF(7, (CE_CONT, "devmap_load: dhp %p offset %llx len %lx\n",
3072 	    (void *)dhp, offset, len));
3073 
3074 	/*
3075 	 *	Hat layer only supports devload to process' context for which
3076 	 *	the as lock is held. Verify here and return error if drivers
3077 	 *	inadvertently call devmap_load on a wrong devmap handle.
3078 	 */
3079 	if ((asp != &kas) && !AS_LOCK_HELD(asp, &asp->a_lock))
3080 		return (FC_MAKE_ERR(EINVAL));
3081 
3082 	soff = (ssize_t)(offset - dhp->dh_uoff);
3083 	soff = round_down_p2(soff, PAGESIZE);
3084 	if (soff < 0 || soff >= dhp->dh_len)
3085 		return (FC_MAKE_ERR(EINVAL));
3086 
3087 	/*
3088 	 * Address and size must be page aligned.  Len is set to the
3089 	 * number of bytes in the number of pages that are required to
3090 	 * support len.  Offset is set to the byte offset of the first byte
3091 	 * of the page that contains offset.
3092 	 */
3093 	len = round_up_p2(len, PAGESIZE);
3094 
3095 	/*
3096 	 * If len == 0, then calculate the size by getting
3097 	 * the number of bytes from offset to the end of the segment.
3098 	 */
3099 	if (len == 0)
3100 		size = dhp->dh_len - soff;
3101 	else {
3102 		size = len;
3103 		if ((soff + size) > dhp->dh_len)
3104 			return (FC_MAKE_ERR(EINVAL));
3105 	}
3106 
3107 	/*
3108 	 * The address is offset bytes from the base address of
3109 	 * the segment.
3110 	 */
3111 	addr = (caddr_t)(soff + dhp->dh_uvaddr);
3112 
3113 	HOLD_DHP_LOCK(dhp);
3114 	rc = segdev_faultpages(asp->a_hat,
3115 			dhp->dh_seg, addr, size, type, rw, dhp);
3116 	RELE_DHP_LOCK(dhp);
3117 	return (rc);
3118 }
3119 
3120 int
3121 devmap_setup(dev_t dev, offset_t off, struct as *as, caddr_t *addrp,
3122     size_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred)
3123 {
3124 	register devmap_handle_t *dhp;
3125 	int (*devmap)(dev_t, devmap_cookie_t, offset_t, size_t,
3126 		size_t *, uint_t);
3127 	int (*mmap)(dev_t, off_t, int);
3128 	struct devmap_callback_ctl *callbackops;
3129 	devmap_handle_t *dhp_head = NULL;
3130 	devmap_handle_t *dhp_prev = NULL;
3131 	devmap_handle_t *dhp_curr;
3132 	caddr_t addr;
3133 	int map_flag;
3134 	int ret;
3135 	ulong_t total_len;
3136 	size_t map_len;
3137 	size_t resid_len = len;
3138 	offset_t map_off = off;
3139 	struct devmap_softlock *slock = NULL;
3140 
3141 #ifdef lint
3142 	cred = cred;
3143 #endif
3144 
3145 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SETUP,
3146 	    "devmap_setup:start off=%llx len=%lx", off, len);
3147 	DEBUGF(3, (CE_CONT, "devmap_setup: off %llx len %lx\n",
3148 	    off, len));
3149 
3150 	devmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_devmap;
3151 	mmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap;
3152 
3153 	/*
3154 	 * driver must provide devmap(9E) entry point in cb_ops to use the
3155 	 * devmap framework.
3156 	 */
3157 	if (devmap == NULL || devmap == nulldev || devmap == nodev)
3158 		return (EINVAL);
3159 
3160 	/*
3161 	 * To protect from an inadvertent entry because the devmap entry point
3162 	 * is not NULL, return error if D_DEVMAP bit is not set in cb_flag and
3163 	 * mmap is NULL.
3164 	 */
3165 	map_flag = devopsp[getmajor(dev)]->devo_cb_ops->cb_flag;
3166 	if ((map_flag & D_DEVMAP) == 0 && (mmap == NULL || mmap == nulldev))
3167 		return (EINVAL);
3168 
3169 	/*
3170 	 * devmap allows mmap(2) to map multiple registers.
3171 	 * one devmap_handle is created for each register mapped.
3172 	 */
3173 	for (total_len = 0; total_len < len; total_len += map_len) {
3174 		dhp = kmem_zalloc(sizeof (devmap_handle_t), KM_SLEEP);
3175 
3176 		if (dhp_prev != NULL)
3177 			dhp_prev->dh_next = dhp;
3178 		else
3179 			dhp_head = dhp;
3180 		dhp_prev = dhp;
3181 
3182 		dhp->dh_prot = prot;
3183 		dhp->dh_orig_maxprot = dhp->dh_maxprot = maxprot;
3184 		dhp->dh_dev = dev;
3185 		dhp->dh_timeout_length = CTX_TIMEOUT_VALUE;
3186 		dhp->dh_uoff = map_off;
3187 
3188 		/*
3189 		 * Get mapping specific info from
3190 		 * the driver, such as rnumber, roff, len, callbackops,
3191 		 * accattrp and, if the mapping is for kernel memory,
3192 		 * ddi_umem_cookie.
3193 		 */
3194 		if ((ret = cdev_devmap(dev, dhp, map_off,
3195 		    resid_len, &map_len, get_udatamodel())) != 0) {
3196 			free_devmap_handle(dhp_head);
3197 			return (ENXIO);
3198 		}
3199 
3200 		if (map_len & PAGEOFFSET) {
3201 			free_devmap_handle(dhp_head);
3202 			return (EINVAL);
3203 		}
3204 
3205 		callbackops = &dhp->dh_callbackops;
3206 
3207 		if ((callbackops->devmap_access == NULL) ||
3208 			(callbackops->devmap_access == nulldev) ||
3209 			(callbackops->devmap_access == nodev)) {
3210 			/*
3211 			 * Normally devmap does not support MAP_PRIVATE unless
3212 			 * the drivers provide a valid devmap_access routine.
3213 			 */
3214 			if ((flags & MAP_PRIVATE) != 0) {
3215 				free_devmap_handle(dhp_head);
3216 				return (EINVAL);
3217 			}
3218 		} else {
3219 			/*
3220 			 * Initialize dhp_softlock and dh_ctx if the drivers
3221 			 * provide devmap_access.
3222 			 */
3223 			dhp->dh_softlock = devmap_softlock_init(dev,
3224 				(ulong_t)callbackops->devmap_access);
3225 			dhp->dh_ctx = devmap_ctxinit(dev,
3226 				(ulong_t)callbackops->devmap_access);
3227 
3228 			/*
3229 			 * segdev_fault can only work when all
3230 			 * dh_softlock in a multi-dhp mapping
3231 			 * are same. see comments in segdev_fault
3232 			 * This code keeps track of the first
3233 			 * dh_softlock allocated in slock and
3234 			 * compares all later allocations and if
3235 			 * not similar, returns an error.
3236 			 */
3237 			if (slock == NULL)
3238 				slock = dhp->dh_softlock;
3239 			if (slock != dhp->dh_softlock) {
3240 				free_devmap_handle(dhp_head);
3241 				return (ENOTSUP);
3242 			}
3243 		}
3244 
3245 		map_off += map_len;
3246 		resid_len -= map_len;
3247 	}
3248 
3249 	/*
3250 	 * get the user virtual address and establish the mapping between
3251 	 * uvaddr and device physical address.
3252 	 */
3253 	if ((ret = devmap_device(dhp_head, as, addrp, off, len, flags))
3254 			!= 0) {
3255 		/*
3256 		 * free devmap handles if error during the mapping.
3257 		 */
3258 		free_devmap_handle(dhp_head);
3259 
3260 		return (ret);
3261 	}
3262 
3263 	/*
3264 	 * call the driver's devmap_map callback to do more after the mapping,
3265 	 * such as to allocate driver private data for context management.
3266 	 */
3267 	dhp = dhp_head;
3268 	map_off = off;
3269 	addr = *addrp;
3270 	while (dhp != NULL) {
3271 		callbackops = &dhp->dh_callbackops;
3272 		dhp->dh_uvaddr = addr;
3273 		dhp_curr = dhp;
3274 		if (callbackops->devmap_map != NULL) {
3275 			ret = (*callbackops->devmap_map)((devmap_cookie_t)dhp,
3276 					dev, flags, map_off,
3277 					dhp->dh_len, &dhp->dh_pvtp);
3278 			if (ret != 0) {
3279 				struct segdev_data *sdp;
3280 
3281 				/*
3282 				 * call driver's devmap_unmap entry point
3283 				 * to free driver resources.
3284 				 */
3285 				dhp = dhp_head;
3286 				map_off = off;
3287 				while (dhp != dhp_curr) {
3288 					callbackops = &dhp->dh_callbackops;
3289 					if (callbackops->devmap_unmap != NULL) {
3290 						(*callbackops->devmap_unmap)(
3291 							dhp, dhp->dh_pvtp,
3292 							map_off, dhp->dh_len,
3293 							NULL, NULL, NULL, NULL);
3294 					}
3295 					map_off += dhp->dh_len;
3296 					dhp = dhp->dh_next;
3297 				}
3298 				sdp = dhp_head->dh_seg->s_data;
3299 				sdp->devmap_data = NULL;
3300 				free_devmap_handle(dhp_head);
3301 				return (ENXIO);
3302 			}
3303 		}
3304 		map_off += dhp->dh_len;
3305 		addr += dhp->dh_len;
3306 		dhp = dhp->dh_next;
3307 	}
3308 
3309 	return (0);
3310 }
3311 
3312 int
3313 ddi_devmap_segmap(dev_t dev, off_t off, ddi_as_handle_t as, caddr_t *addrp,
3314     off_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred)
3315 {
3316 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP,
3317 	    "devmap_segmap:start");
3318 	return (devmap_setup(dev, (offset_t)off, (struct as *)as, addrp,
3319 	    (size_t)len, prot, maxprot, flags, cred));
3320 }
3321 
3322 /*
3323  * Called from devmap_devmem_setup/remap to see if can use large pages for
3324  * this device mapping.
3325  * Also calculate the max. page size for this mapping.
3326  * this page size will be used in fault routine for
3327  * optimal page size calculations.
3328  */
3329 static void
3330 devmap_devmem_large_page_setup(devmap_handle_t *dhp)
3331 {
3332 	ASSERT(dhp_is_devmem(dhp));
3333 	dhp->dh_mmulevel = 0;
3334 
3335 	/*
3336 	 * use large page size only if:
3337 	 *  1. device memory.
3338 	 *  2. mmu supports multiple page sizes,
3339 	 *  3. Driver did not disallow it
3340 	 *  4. dhp length is at least as big as the large pagesize
3341 	 *  5. the uvaddr and pfn are large pagesize aligned
3342 	 */
3343 	if (page_num_pagesizes() > 1 &&
3344 	    !(dhp->dh_flags & (DEVMAP_USE_PAGESIZE | DEVMAP_MAPPING_INVALID))) {
3345 		ulong_t base;
3346 		int level;
3347 
3348 		base = (ulong_t)ptob(dhp->dh_pfn);
3349 		for (level = 1; level < page_num_pagesizes(); level++) {
3350 			size_t pgsize = page_get_pagesize(level);
3351 			if ((dhp->dh_len < pgsize) ||
3352 			    (!VA_PA_PGSIZE_ALIGNED((uintptr_t)dhp->dh_uvaddr,
3353 					base, pgsize))) {
3354 				break;
3355 			}
3356 		}
3357 		dhp->dh_mmulevel = level - 1;
3358 	}
3359 	if (dhp->dh_mmulevel > 0) {
3360 		dhp->dh_flags |= DEVMAP_FLAG_LARGE;
3361 	} else {
3362 		dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3363 	}
3364 }
3365 
3366 /*
3367  * Called by driver devmap routine to pass device specific info to
3368  * the framework.    used for device memory mapping only.
3369  */
3370 int
3371 devmap_devmem_setup(devmap_cookie_t dhc, dev_info_t *dip,
3372     struct devmap_callback_ctl *callbackops, uint_t rnumber, offset_t roff,
3373     size_t len, uint_t maxprot, uint_t flags, ddi_device_acc_attr_t *accattrp)
3374 {
3375 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3376 	ddi_acc_handle_t handle;
3377 	ddi_map_req_t mr;
3378 	ddi_acc_hdl_t *hp;
3379 	int err;
3380 
3381 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_SETUP,
3382 	    "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx",
3383 	    (void *)dhp, roff, rnumber, (uint_t)len);
3384 	DEBUGF(2, (CE_CONT, "devmap_devmem_setup: dhp %p offset %llx "
3385 	    "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len));
3386 
3387 	/*
3388 	 * First to check if this function has been called for this dhp.
3389 	 */
3390 	if (dhp->dh_flags & DEVMAP_SETUP_DONE)
3391 		return (DDI_FAILURE);
3392 
3393 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3394 		return (DDI_FAILURE);
3395 
3396 	if (flags & DEVMAP_MAPPING_INVALID) {
3397 		/*
3398 		 * Don't go up the tree to get pfn if the driver specifies
3399 		 * DEVMAP_MAPPING_INVALID in flags.
3400 		 *
3401 		 * If DEVMAP_MAPPING_INVALID is specified, we have to grant
3402 		 * remap permission.
3403 		 */
3404 		if (!(flags & DEVMAP_ALLOW_REMAP)) {
3405 			return (DDI_FAILURE);
3406 		}
3407 		dhp->dh_pfn = PFN_INVALID;
3408 	} else {
3409 		handle = impl_acc_hdl_alloc(KM_SLEEP, NULL);
3410 		if (handle == NULL)
3411 			return (DDI_FAILURE);
3412 
3413 		hp = impl_acc_hdl_get(handle);
3414 		hp->ah_vers = VERS_ACCHDL;
3415 		hp->ah_dip = dip;
3416 		hp->ah_rnumber = rnumber;
3417 		hp->ah_offset = roff;
3418 		hp->ah_len = len;
3419 		if (accattrp != NULL)
3420 			hp->ah_acc = *accattrp;
3421 
3422 		mr.map_op = DDI_MO_MAP_LOCKED;
3423 		mr.map_type = DDI_MT_RNUMBER;
3424 		mr.map_obj.rnumber = rnumber;
3425 		mr.map_prot = maxprot & dhp->dh_orig_maxprot;
3426 		mr.map_flags = DDI_MF_DEVICE_MAPPING;
3427 		mr.map_handlep = hp;
3428 		mr.map_vers = DDI_MAP_VERSION;
3429 
3430 		/*
3431 		 * up the device tree to get pfn.
3432 		 * The rootnex_map_regspec() routine in nexus drivers has been
3433 		 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING.
3434 		 */
3435 		err = ddi_map(dip, &mr, roff, len, (caddr_t *)&dhp->dh_pfn);
3436 		dhp->dh_hat_attr = hp->ah_hat_flags;
3437 		impl_acc_hdl_free(handle);
3438 
3439 		if (err)
3440 			return (DDI_FAILURE);
3441 	}
3442 	/* Should not be using devmem setup for memory pages */
3443 	ASSERT(!pf_is_memory(dhp->dh_pfn));
3444 
3445 	/* Only some of the flags bits are settable by the driver */
3446 	dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS);
3447 	dhp->dh_len = ptob(btopr(len));
3448 
3449 	dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE;
3450 	dhp->dh_roff = ptob(btop(roff));
3451 
3452 	/* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */
3453 	devmap_devmem_large_page_setup(dhp);
3454 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3455 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3456 
3457 
3458 	if (callbackops != NULL) {
3459 		bcopy(callbackops, &dhp->dh_callbackops,
3460 		    sizeof (struct devmap_callback_ctl));
3461 	}
3462 
3463 	/*
3464 	 * Initialize dh_lock if we want to do remap.
3465 	 */
3466 	if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) {
3467 		mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
3468 		dhp->dh_flags |= DEVMAP_LOCK_INITED;
3469 	}
3470 
3471 	dhp->dh_flags |= DEVMAP_SETUP_DONE;
3472 
3473 	return (DDI_SUCCESS);
3474 }
3475 
3476 int
3477 devmap_devmem_remap(devmap_cookie_t dhc, dev_info_t *dip,
3478     uint_t rnumber, offset_t roff, size_t len, uint_t maxprot,
3479     uint_t flags, ddi_device_acc_attr_t *accattrp)
3480 {
3481 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3482 	ddi_acc_handle_t handle;
3483 	ddi_map_req_t mr;
3484 	ddi_acc_hdl_t *hp;
3485 	pfn_t	pfn;
3486 	uint_t	hat_flags;
3487 	int	err;
3488 
3489 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_REMAP,
3490 	    "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx",
3491 	    (void *)dhp, roff, rnumber, (uint_t)len);
3492 	DEBUGF(2, (CE_CONT, "devmap_devmem_remap: dhp %p offset %llx "
3493 	    "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len));
3494 
3495 	/*
3496 	 * Return failure if setup has not been done or no remap permission
3497 	 * has been granted during the setup.
3498 	 */
3499 	if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 ||
3500 	    (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0)
3501 		return (DDI_FAILURE);
3502 
3503 	/* Only DEVMAP_MAPPING_INVALID flag supported for remap */
3504 	if ((flags != 0) && (flags != DEVMAP_MAPPING_INVALID))
3505 		return (DDI_FAILURE);
3506 
3507 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3508 		return (DDI_FAILURE);
3509 
3510 	if (!(flags & DEVMAP_MAPPING_INVALID)) {
3511 		handle = impl_acc_hdl_alloc(KM_SLEEP, NULL);
3512 		if (handle == NULL)
3513 			return (DDI_FAILURE);
3514 	}
3515 
3516 	HOLD_DHP_LOCK(dhp);
3517 
3518 	/*
3519 	 * Unload the old mapping, so next fault will setup the new mappings
3520 	 * Do this while holding the dhp lock so other faults dont reestablish
3521 	 * the mappings
3522 	 */
3523 	hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
3524 		dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
3525 
3526 	if (flags & DEVMAP_MAPPING_INVALID) {
3527 		dhp->dh_flags |= DEVMAP_MAPPING_INVALID;
3528 		dhp->dh_pfn = PFN_INVALID;
3529 	} else {
3530 		/* clear any prior DEVMAP_MAPPING_INVALID flag */
3531 		dhp->dh_flags &= ~DEVMAP_MAPPING_INVALID;
3532 		hp = impl_acc_hdl_get(handle);
3533 		hp->ah_vers = VERS_ACCHDL;
3534 		hp->ah_dip = dip;
3535 		hp->ah_rnumber = rnumber;
3536 		hp->ah_offset = roff;
3537 		hp->ah_len = len;
3538 		if (accattrp != NULL)
3539 			hp->ah_acc = *accattrp;
3540 
3541 		mr.map_op = DDI_MO_MAP_LOCKED;
3542 		mr.map_type = DDI_MT_RNUMBER;
3543 		mr.map_obj.rnumber = rnumber;
3544 		mr.map_prot = maxprot & dhp->dh_orig_maxprot;
3545 		mr.map_flags = DDI_MF_DEVICE_MAPPING;
3546 		mr.map_handlep = hp;
3547 		mr.map_vers = DDI_MAP_VERSION;
3548 
3549 		/*
3550 		 * up the device tree to get pfn.
3551 		 * The rootnex_map_regspec() routine in nexus drivers has been
3552 		 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING.
3553 		 */
3554 		err = ddi_map(dip, &mr, roff, len, (caddr_t *)&pfn);
3555 		hat_flags = hp->ah_hat_flags;
3556 		impl_acc_hdl_free(handle);
3557 		if (err) {
3558 			RELE_DHP_LOCK(dhp);
3559 			return (DDI_FAILURE);
3560 		}
3561 		/*
3562 		 * Store result of ddi_map first in local variables, as we do
3563 		 * not want to overwrite the existing dhp with wrong data.
3564 		 */
3565 		dhp->dh_pfn = pfn;
3566 		dhp->dh_hat_attr = hat_flags;
3567 	}
3568 
3569 	/* clear the large page size flag */
3570 	dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3571 
3572 	dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE;
3573 	dhp->dh_roff = ptob(btop(roff));
3574 
3575 	/* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */
3576 	devmap_devmem_large_page_setup(dhp);
3577 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3578 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3579 
3580 	RELE_DHP_LOCK(dhp);
3581 	return (DDI_SUCCESS);
3582 }
3583 
3584 /*
3585  * called by driver devmap routine to pass kernel virtual address  mapping
3586  * info to the framework.    used only for kernel memory
3587  * allocated from ddi_umem_alloc().
3588  */
3589 int
3590 devmap_umem_setup(devmap_cookie_t dhc, dev_info_t *dip,
3591     struct devmap_callback_ctl *callbackops, ddi_umem_cookie_t cookie,
3592     offset_t off, size_t len, uint_t maxprot, uint_t flags,
3593     ddi_device_acc_attr_t *accattrp)
3594 {
3595 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3596 	struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie;
3597 
3598 #ifdef lint
3599 	dip = dip;
3600 	accattrp = accattrp;
3601 #endif
3602 
3603 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_SETUP,
3604 	    "devmap_umem_setup:start dhp=%p offset=%llx cookie=%p len=%lx",
3605 	    (void *)dhp, off, cookie, len);
3606 	DEBUGF(2, (CE_CONT, "devmap_umem_setup: dhp %p offset %llx "
3607 	    "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len));
3608 
3609 	if (cookie == NULL)
3610 		return (DDI_FAILURE);
3611 
3612 	/* For UMEM_TRASH, this restriction is not needed */
3613 	if ((off + len) > cp->size)
3614 		return (DDI_FAILURE);
3615 
3616 	/*
3617 	 * First to check if this function has been called for this dhp.
3618 	 */
3619 	if (dhp->dh_flags & DEVMAP_SETUP_DONE)
3620 		return (DDI_FAILURE);
3621 
3622 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3623 		return (DDI_FAILURE);
3624 
3625 	if (flags & DEVMAP_MAPPING_INVALID) {
3626 		/*
3627 		 * If DEVMAP_MAPPING_INVALID is specified, we have to grant
3628 		 * remap permission.
3629 		 */
3630 		if (!(flags & DEVMAP_ALLOW_REMAP)) {
3631 			return (DDI_FAILURE);
3632 		}
3633 	} else {
3634 		dhp->dh_cookie = cookie;
3635 		dhp->dh_roff = ptob(btop(off));
3636 		dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff;
3637 	}
3638 
3639 	/*
3640 	 * The default is _not_ to pass HAT_LOAD_NOCONSIST to hat_devload();
3641 	 * we pass HAT_LOAD_NOCONSIST _only_ in cases where hat tries to
3642 	 * create consistent mappings but our intention was to create
3643 	 * non-consistent mappings.
3644 	 *
3645 	 * DEVMEM: hat figures it out it's DEVMEM and creates non-consistent
3646 	 * mappings.
3647 	 *
3648 	 * kernel exported memory: hat figures it out it's memory and always
3649 	 * creates consistent mappings.
3650 	 *
3651 	 * /dev/mem: non-consistent mappings. See comments in common/io/mem.c
3652 	 *
3653 	 * /dev/kmem: consistent mappings are created unless they are
3654 	 * MAP_FIXED. We _explicitly_ tell hat to create non-consistent
3655 	 * mappings by passing HAT_LOAD_NOCONSIST in case of MAP_FIXED
3656 	 * mappings of /dev/kmem. See common/io/mem.c
3657 	 */
3658 
3659 	/* Only some of the flags bits are settable by the driver */
3660 	dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS);
3661 
3662 	dhp->dh_len = ptob(btopr(len));
3663 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3664 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3665 
3666 	if (callbackops != NULL) {
3667 		bcopy(callbackops, &dhp->dh_callbackops,
3668 		    sizeof (struct devmap_callback_ctl));
3669 	}
3670 	/*
3671 	 * Initialize dh_lock if we want to do remap.
3672 	 */
3673 	if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) {
3674 		mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL);
3675 		dhp->dh_flags |= DEVMAP_LOCK_INITED;
3676 	}
3677 
3678 	dhp->dh_flags |= DEVMAP_SETUP_DONE;
3679 
3680 	return (DDI_SUCCESS);
3681 }
3682 
3683 int
3684 devmap_umem_remap(devmap_cookie_t dhc, dev_info_t *dip,
3685     ddi_umem_cookie_t cookie, offset_t off, size_t len, uint_t maxprot,
3686     uint_t flags, ddi_device_acc_attr_t *accattrp)
3687 {
3688 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3689 	struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie;
3690 
3691 	TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_REMAP,
3692 	    "devmap_umem_remap:start dhp=%p offset=%llx cookie=%p len=%lx",
3693 	    (void *)dhp, off, cookie, len);
3694 	DEBUGF(2, (CE_CONT, "devmap_umem_remap: dhp %p offset %llx "
3695 	    "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len));
3696 
3697 #ifdef lint
3698 	dip = dip;
3699 	accattrp = accattrp;
3700 #endif
3701 	/*
3702 	 * Reture failure if setup has not been done or no remap permission
3703 	 * has been granted during the setup.
3704 	 */
3705 	if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 ||
3706 		(dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0)
3707 		return (DDI_FAILURE);
3708 
3709 	/* No flags supported for remap yet */
3710 	if (flags != 0)
3711 		return (DDI_FAILURE);
3712 
3713 	if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot)
3714 		return (DDI_FAILURE);
3715 
3716 	/* For UMEM_TRASH, this restriction is not needed */
3717 	if ((off + len) > cp->size)
3718 		return (DDI_FAILURE);
3719 
3720 	HOLD_DHP_LOCK(dhp);
3721 	/*
3722 	 * Unload the old mapping, so next fault will setup the new mappings
3723 	 * Do this while holding the dhp lock so other faults dont reestablish
3724 	 * the mappings
3725 	 */
3726 	hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr,
3727 		dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER);
3728 
3729 	dhp->dh_cookie = cookie;
3730 	dhp->dh_roff = ptob(btop(off));
3731 	dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff;
3732 
3733 	/* clear the large page size flag */
3734 	dhp->dh_flags &= ~DEVMAP_FLAG_LARGE;
3735 
3736 	dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot;
3737 	ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot);
3738 	RELE_DHP_LOCK(dhp);
3739 	return (DDI_SUCCESS);
3740 }
3741 
3742 /*
3743  * to set timeout value for the driver's context management callback, e.g.
3744  * devmap_access().
3745  */
3746 void
3747 devmap_set_ctx_timeout(devmap_cookie_t dhc, clock_t ticks)
3748 {
3749 	devmap_handle_t *dhp = (devmap_handle_t *)dhc;
3750 
3751 	TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SET_CTX_TIMEOUT,
3752 	    "devmap_set_ctx_timeout:start dhp=%p ticks=%x",
3753 	    (void *)dhp, ticks);
3754 	dhp->dh_timeout_length = ticks;
3755 }
3756 
3757 int
3758 devmap_default_access(devmap_cookie_t dhp, void *pvtp, offset_t off,
3759     size_t len, uint_t type, uint_t rw)
3760 {
3761 #ifdef lint
3762 	pvtp = pvtp;
3763 #endif
3764 
3765 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DEFAULT_ACCESS,
3766 	    "devmap_default_access:start");
3767 	return (devmap_load(dhp, off, len, type, rw));
3768 }
3769 
3770 /*
3771  * segkmem_alloc() wrapper to allocate memory which is both
3772  * non-relocatable (for DR) and sharelocked, since the rest
3773  * of this segment driver requires it.
3774  */
3775 static void *
3776 devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag)
3777 {
3778 	ASSERT(vmp != NULL);
3779 	ASSERT(kvseg.s_base != NULL);
3780 	vmflag |= (VM_NORELOC | SEGKMEM_SHARELOCKED);
3781 	return (segkmem_alloc(vmp, size, vmflag));
3782 }
3783 
3784 /*
3785  * This is where things are a bit incestrous with seg_kmem: unlike
3786  * seg_kp, seg_kmem does not keep its pages long-term sharelocked, so
3787  * we need to do a bit of a dance around that to prevent duplication of
3788  * code until we decide to bite the bullet and implement a new kernel
3789  * segment for driver-allocated memory that is exported to user space.
3790  */
3791 static void
3792 devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size)
3793 {
3794 	page_t *pp;
3795 	caddr_t addr = inaddr;
3796 	caddr_t eaddr;
3797 	pgcnt_t npages = btopr(size);
3798 
3799 	ASSERT(vmp != NULL);
3800 	ASSERT(kvseg.s_base != NULL);
3801 	ASSERT(((uintptr_t)addr & PAGEOFFSET) == 0);
3802 
3803 	hat_unload(kas.a_hat, addr, size, HAT_UNLOAD_UNLOCK);
3804 
3805 	for (eaddr = addr + size; addr < eaddr; addr += PAGESIZE) {
3806 		/*
3807 		 * Use page_find() instead of page_lookup() to find the page
3808 		 * since we know that it is hashed and has a shared lock.
3809 		 */
3810 		pp = page_find(&kvp, (u_offset_t)(uintptr_t)addr);
3811 
3812 		if (pp == NULL)
3813 			panic("devmap_free_pages: page not found");
3814 		if (!page_tryupgrade(pp)) {
3815 			page_unlock(pp);
3816 			pp = page_lookup(&kvp, (u_offset_t)(uintptr_t)addr,
3817 			    SE_EXCL);
3818 			if (pp == NULL)
3819 				panic("devmap_free_pages: page already freed");
3820 		}
3821 		/* Clear p_lckcnt so page_destroy() doesn't update availrmem */
3822 		pp->p_lckcnt = 0;
3823 		page_destroy(pp, 0);
3824 	}
3825 	page_unresv(npages);
3826 
3827 	if (vmp != NULL)
3828 		vmem_free(vmp, inaddr, size);
3829 }
3830 
3831 /*
3832  * devmap_umem_alloc_np() replaces kmem_zalloc() as the method for
3833  * allocating non-pageable kmem in response to a ddi_umem_alloc()
3834  * default request. For now we allocate our own pages and we keep
3835  * them long-term sharelocked, since: A) the fault routines expect the
3836  * memory to already be locked; B) pageable umem is already long-term
3837  * locked; C) it's a lot of work to make it otherwise, particuarly
3838  * since the nexus layer expects the pages to never fault. An RFE is to
3839  * not keep the pages long-term locked, but instead to be able to
3840  * take faults on them and simply look them up in kvp in case we
3841  * fault on them. Even then, we must take care not to let pageout
3842  * steal them from us since the data must remain resident; if we
3843  * do this we must come up with some way to pin the pages to prevent
3844  * faults while a driver is doing DMA to/from them.
3845  */
3846 static void *
3847 devmap_umem_alloc_np(size_t size, size_t flags)
3848 {
3849 	void *buf;
3850 	int vmflags = (flags & DDI_UMEM_NOSLEEP)? VM_NOSLEEP : VM_SLEEP;
3851 
3852 	buf = vmem_alloc(umem_np_arena, size, vmflags);
3853 	if (buf != NULL)
3854 		bzero(buf, size);
3855 	return (buf);
3856 }
3857 
3858 static void
3859 devmap_umem_free_np(void *addr, size_t size)
3860 {
3861 	vmem_free(umem_np_arena, addr, size);
3862 }
3863 
3864 /*
3865  * allocate page aligned kernel memory for exporting to user land.
3866  * The devmap framework will use the cookie allocated by ddi_umem_alloc()
3867  * to find a user virtual address that is in same color as the address
3868  * allocated here.
3869  */
3870 void *
3871 ddi_umem_alloc(size_t size, int flags, ddi_umem_cookie_t *cookie)
3872 {
3873 	register size_t len = ptob(btopr(size));
3874 	void *buf = NULL;
3875 	struct ddi_umem_cookie *cp;
3876 	int iflags = 0;
3877 
3878 	*cookie = NULL;
3879 
3880 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_ALLOC,
3881 	    "devmap_umem_alloc:start");
3882 	if (len == 0)
3883 		return ((void *)NULL);
3884 
3885 	/*
3886 	 * allocate cookie
3887 	 */
3888 	if ((cp = kmem_zalloc(sizeof (struct ddi_umem_cookie),
3889 		flags & DDI_UMEM_NOSLEEP ? KM_NOSLEEP : KM_SLEEP)) == NULL) {
3890 		ASSERT(flags & DDI_UMEM_NOSLEEP);
3891 		return ((void *)NULL);
3892 	}
3893 
3894 	if (flags & DDI_UMEM_PAGEABLE) {
3895 		/* Only one of the flags is allowed */
3896 		ASSERT(!(flags & DDI_UMEM_TRASH));
3897 		/* initialize resource with 0 */
3898 		iflags = KPD_ZERO;
3899 
3900 		/*
3901 		 * to allocate unlocked pageable memory, use segkp_get() to
3902 		 * create a segkp segment.  Since segkp can only service kas,
3903 		 * other segment drivers such as segdev have to do
3904 		 * as_fault(segkp, SOFTLOCK) in its fault routine,
3905 		 */
3906 		if (flags & DDI_UMEM_NOSLEEP)
3907 			iflags |= KPD_NOWAIT;
3908 
3909 		if ((buf = segkp_get(segkp, len, iflags)) == NULL) {
3910 			kmem_free(cp, sizeof (struct ddi_umem_cookie));
3911 			return ((void *)NULL);
3912 		}
3913 		cp->type = KMEM_PAGEABLE;
3914 		mutex_init(&cp->lock, NULL, MUTEX_DEFAULT, NULL);
3915 		cp->locked = 0;
3916 	} else if (flags & DDI_UMEM_TRASH) {
3917 		/* Only one of the flags is allowed */
3918 		ASSERT(!(flags & DDI_UMEM_PAGEABLE));
3919 		cp->type = UMEM_TRASH;
3920 		buf = NULL;
3921 	} else {
3922 		if ((buf = devmap_umem_alloc_np(len, flags)) == NULL) {
3923 			kmem_free(cp, sizeof (struct ddi_umem_cookie));
3924 			return ((void *)NULL);
3925 		}
3926 
3927 		cp->type = KMEM_NON_PAGEABLE;
3928 	}
3929 
3930 	/*
3931 	 * need to save size here.  size will be used when
3932 	 * we do kmem_free.
3933 	 */
3934 	cp->size = len;
3935 	cp->cvaddr = (caddr_t)buf;
3936 
3937 	*cookie =  (void *)cp;
3938 	return (buf);
3939 }
3940 
3941 void
3942 ddi_umem_free(ddi_umem_cookie_t cookie)
3943 {
3944 	struct ddi_umem_cookie *cp;
3945 
3946 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_FREE,
3947 	    "devmap_umem_free:start");
3948 
3949 	/*
3950 	 * if cookie is NULL, no effects on the system
3951 	 */
3952 	if (cookie == NULL)
3953 		return;
3954 
3955 	cp = (struct ddi_umem_cookie *)cookie;
3956 
3957 	switch (cp->type) {
3958 	case KMEM_PAGEABLE :
3959 		ASSERT(cp->cvaddr != NULL && cp->size != 0);
3960 		/*
3961 		 * Check if there are still any pending faults on the cookie
3962 		 * while the driver is deleting it,
3963 		 * XXX - could change to an ASSERT but wont catch errant drivers
3964 		 */
3965 		mutex_enter(&cp->lock);
3966 		if (cp->locked) {
3967 			mutex_exit(&cp->lock);
3968 			panic("ddi_umem_free for cookie with pending faults %p",
3969 			    (void *)cp);
3970 			return;
3971 		}
3972 
3973 		segkp_release(segkp, cp->cvaddr);
3974 
3975 		/*
3976 		 * release mutex associated with this cookie.
3977 		 */
3978 		mutex_destroy(&cp->lock);
3979 		break;
3980 	case KMEM_NON_PAGEABLE :
3981 		ASSERT(cp->cvaddr != NULL && cp->size != 0);
3982 		devmap_umem_free_np(cp->cvaddr, cp->size);
3983 		break;
3984 	case UMEM_TRASH :
3985 		break;
3986 	case UMEM_LOCKED :
3987 		/* Callers should use ddi_umem_unlock for this type */
3988 		ddi_umem_unlock(cookie);
3989 		/* Frees the cookie too */
3990 		return;
3991 	default:
3992 		/* panic so we can diagnose the underlying cause */
3993 		panic("ddi_umem_free: illegal cookie type 0x%x\n",
3994 		    cp->type);
3995 	}
3996 
3997 	kmem_free(cookie, sizeof (struct ddi_umem_cookie));
3998 }
3999 
4000 
4001 static int
4002 segdev_getmemid(struct seg *seg, caddr_t addr, memid_t *memidp)
4003 {
4004 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4005 
4006 	/*
4007 	 * It looks as if it is always mapped shared
4008 	 */
4009 	TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GETMEMID,
4010 	    "segdev_getmemid:start");
4011 	memidp->val[0] = (uintptr_t)VTOCVP(sdp->vp);
4012 	memidp->val[1] = sdp->offset + (uintptr_t)(addr - seg->s_base);
4013 	return (0);
4014 }
4015 
4016 /*ARGSUSED*/
4017 static lgrp_mem_policy_info_t *
4018 segdev_getpolicy(struct seg *seg, caddr_t addr)
4019 {
4020 	return (NULL);
4021 }
4022 
4023 /*ARGSUSED*/
4024 static int
4025 segdev_capable(struct seg *seg, segcapability_t capability)
4026 {
4027 	return (0);
4028 }
4029 
4030 /*
4031  * ddi_umem_alloc() non-pageable quantum cache max size.
4032  * This is just a SWAG.
4033  */
4034 #define	DEVMAP_UMEM_QUANTUM	(8*PAGESIZE)
4035 
4036 /*
4037  * Initialize seg_dev from boot. This routine sets up the trash page
4038  * and creates the umem_np_arena used to back non-pageable memory
4039  * requests.
4040  */
4041 void
4042 segdev_init(void)
4043 {
4044 	struct seg kseg;
4045 
4046 	umem_np_arena = vmem_create("umem_np", NULL, 0, PAGESIZE,
4047 	    devmap_alloc_pages, devmap_free_pages, heap_arena,
4048 	    DEVMAP_UMEM_QUANTUM, VM_SLEEP);
4049 
4050 	kseg.s_as = &kas;
4051 	trashpp = page_create_va(&trashvp, 0, PAGESIZE,
4052 	    PG_NORELOC | PG_EXCL | PG_WAIT, &kseg, NULL);
4053 	if (trashpp == NULL)
4054 		panic("segdev_init: failed to create trash page");
4055 	pagezero(trashpp, 0, PAGESIZE);
4056 	page_downgrade(trashpp);
4057 }
4058 
4059 /*
4060  * Invoke platform-dependent support routines so that /proc can have
4061  * the platform code deal with curious hardware.
4062  */
4063 int
4064 segdev_copyfrom(struct seg *seg,
4065     caddr_t uaddr, const void *devaddr, void *kaddr, size_t len)
4066 {
4067 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4068 	struct snode *sp = VTOS(VTOCVP(sdp->vp));
4069 
4070 	return (e_ddi_copyfromdev(sp->s_dip,
4071 	    (off_t)(uaddr - seg->s_base), devaddr, kaddr, len));
4072 }
4073 
4074 int
4075 segdev_copyto(struct seg *seg,
4076     caddr_t uaddr, const void *kaddr, void *devaddr, size_t len)
4077 {
4078 	struct segdev_data *sdp = (struct segdev_data *)seg->s_data;
4079 	struct snode *sp = VTOS(VTOCVP(sdp->vp));
4080 
4081 	return (e_ddi_copytodev(sp->s_dip,
4082 	    (off_t)(uaddr - seg->s_base), kaddr, devaddr, len));
4083 }
4084