1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 #pragma ident "%Z%%M% %I% %E% SMI" 41 42 /* 43 * VM - segment of a mapped device. 44 * 45 * This segment driver is used when mapping character special devices. 46 */ 47 48 #include <sys/types.h> 49 #include <sys/t_lock.h> 50 #include <sys/sysmacros.h> 51 #include <sys/vtrace.h> 52 #include <sys/systm.h> 53 #include <sys/vmsystm.h> 54 #include <sys/mman.h> 55 #include <sys/errno.h> 56 #include <sys/kmem.h> 57 #include <sys/cmn_err.h> 58 #include <sys/vnode.h> 59 #include <sys/proc.h> 60 #include <sys/conf.h> 61 #include <sys/debug.h> 62 #include <sys/ddidevmap.h> 63 #include <sys/lgrp.h> 64 65 #include <vm/page.h> 66 #include <vm/hat.h> 67 #include <vm/as.h> 68 #include <vm/seg.h> 69 #include <vm/seg_dev.h> 70 #include <vm/seg_kp.h> 71 #include <vm/seg_kmem.h> 72 #include <vm/vpage.h> 73 74 #include <sys/sunddi.h> 75 #include <sys/esunddi.h> 76 #include <sys/fs/snode.h> 77 78 #if DEBUG 79 int segdev_debug; 80 #define DEBUGF(level, args) { if (segdev_debug >= (level)) cmn_err args; } 81 #else 82 #define DEBUGF(level, args) 83 #endif 84 85 /* Default timeout for devmap context management */ 86 #define CTX_TIMEOUT_VALUE 0 87 88 #define HOLD_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \ 89 { mutex_enter(&dhp->dh_lock); } 90 91 #define RELE_DHP_LOCK(dhp) if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) \ 92 { mutex_exit(&dhp->dh_lock); } 93 94 #define round_down_p2(a, s) ((a) & ~((s) - 1)) 95 #define round_up_p2(a, s) (((a) + (s) - 1) & ~((s) - 1)) 96 97 /* 98 * VA_PA_ALIGNED checks to see if both VA and PA are on pgsize boundary 99 * VA_PA_PGSIZE_ALIGNED check to see if VA is aligned with PA w.r.t. pgsize 100 */ 101 #define VA_PA_ALIGNED(uvaddr, paddr, pgsize) \ 102 (((uvaddr | paddr) & (pgsize - 1)) == 0) 103 #define VA_PA_PGSIZE_ALIGNED(uvaddr, paddr, pgsize) \ 104 (((uvaddr ^ paddr) & (pgsize - 1)) == 0) 105 106 #define vpgtob(n) ((n) * sizeof (struct vpage)) /* For brevity */ 107 108 #define VTOCVP(vp) (VTOS(vp)->s_commonvp) /* we "know" it's an snode */ 109 110 static struct devmap_ctx *devmapctx_list = NULL; 111 static struct devmap_softlock *devmap_slist = NULL; 112 113 /* 114 * mutex, vnode and page for the page of zeros we use for the trash mappings. 115 * One trash page is allocated on the first ddi_umem_setup call that uses it 116 * XXX Eventually, we may want to combine this with what segnf does when all 117 * hat layers implement HAT_NOFAULT. 118 * 119 * The trash page is used when the backing store for a userland mapping is 120 * removed but the application semantics do not take kindly to a SIGBUS. 121 * In that scenario, the applications pages are mapped to some dummy page 122 * which returns garbage on read and writes go into a common place. 123 * (Perfect for NO_FAULT semantics) 124 * The device driver is responsible to communicating to the app with some 125 * other mechanism that such remapping has happened and the app should take 126 * corrective action. 127 * We can also use an anonymous memory page as there is no requirement to 128 * keep the page locked, however this complicates the fault code. RFE. 129 */ 130 static struct vnode trashvp; 131 static struct page *trashpp; 132 133 /* Non-pageable kernel memory is allocated from the umem_np_arena. */ 134 static vmem_t *umem_np_arena; 135 136 /* Set the cookie to a value we know will never be a valid umem_cookie */ 137 #define DEVMAP_DEVMEM_COOKIE ((ddi_umem_cookie_t)0x1) 138 139 /* 140 * Macros to check if type of devmap handle 141 */ 142 #define cookie_is_devmem(c) \ 143 ((c) == (struct ddi_umem_cookie *)DEVMAP_DEVMEM_COOKIE) 144 145 #define cookie_is_pmem(c) \ 146 ((c) == (struct ddi_umem_cookie *)DEVMAP_PMEM_COOKIE) 147 148 #define cookie_is_kpmem(c) (!cookie_is_devmem(c) && !cookie_is_pmem(c) &&\ 149 ((c)->type == KMEM_PAGEABLE)) 150 151 #define dhp_is_devmem(dhp) \ 152 (cookie_is_devmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 153 154 #define dhp_is_pmem(dhp) \ 155 (cookie_is_pmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 156 157 #define dhp_is_kpmem(dhp) \ 158 (cookie_is_kpmem((struct ddi_umem_cookie *)((dhp)->dh_cookie))) 159 160 /* 161 * Private seg op routines. 162 */ 163 static int segdev_dup(struct seg *, struct seg *); 164 static int segdev_unmap(struct seg *, caddr_t, size_t); 165 static void segdev_free(struct seg *); 166 static faultcode_t segdev_fault(struct hat *, struct seg *, caddr_t, size_t, 167 enum fault_type, enum seg_rw); 168 static faultcode_t segdev_faulta(struct seg *, caddr_t); 169 static int segdev_setprot(struct seg *, caddr_t, size_t, uint_t); 170 static int segdev_checkprot(struct seg *, caddr_t, size_t, uint_t); 171 static void segdev_badop(void); 172 static int segdev_sync(struct seg *, caddr_t, size_t, int, uint_t); 173 static size_t segdev_incore(struct seg *, caddr_t, size_t, char *); 174 static int segdev_lockop(struct seg *, caddr_t, size_t, int, int, 175 ulong_t *, size_t); 176 static int segdev_getprot(struct seg *, caddr_t, size_t, uint_t *); 177 static u_offset_t segdev_getoffset(struct seg *, caddr_t); 178 static int segdev_gettype(struct seg *, caddr_t); 179 static int segdev_getvp(struct seg *, caddr_t, struct vnode **); 180 static int segdev_advise(struct seg *, caddr_t, size_t, uint_t); 181 static void segdev_dump(struct seg *); 182 static int segdev_pagelock(struct seg *, caddr_t, size_t, 183 struct page ***, enum lock_type, enum seg_rw); 184 static int segdev_setpagesize(struct seg *, caddr_t, size_t, uint_t); 185 static int segdev_getmemid(struct seg *, caddr_t, memid_t *); 186 static lgrp_mem_policy_info_t *segdev_getpolicy(struct seg *, caddr_t); 187 static int segdev_capable(struct seg *, segcapability_t); 188 189 /* 190 * XXX this struct is used by rootnex_map_fault to identify 191 * the segment it has been passed. So if you make it 192 * "static" you'll need to fix rootnex_map_fault. 193 */ 194 struct seg_ops segdev_ops = { 195 segdev_dup, 196 segdev_unmap, 197 segdev_free, 198 segdev_fault, 199 segdev_faulta, 200 segdev_setprot, 201 segdev_checkprot, 202 (int (*)())segdev_badop, /* kluster */ 203 (size_t (*)(struct seg *))NULL, /* swapout */ 204 segdev_sync, /* sync */ 205 segdev_incore, 206 segdev_lockop, /* lockop */ 207 segdev_getprot, 208 segdev_getoffset, 209 segdev_gettype, 210 segdev_getvp, 211 segdev_advise, 212 segdev_dump, 213 segdev_pagelock, 214 segdev_setpagesize, 215 segdev_getmemid, 216 segdev_getpolicy, 217 segdev_capable, 218 }; 219 220 /* 221 * Private segdev support routines 222 */ 223 static struct segdev_data *sdp_alloc(void); 224 225 static void segdev_softunlock(struct hat *, struct seg *, caddr_t, 226 size_t, enum seg_rw); 227 228 static faultcode_t segdev_faultpage(struct hat *, struct seg *, caddr_t, 229 struct vpage *, enum fault_type, enum seg_rw, devmap_handle_t *); 230 231 static faultcode_t segdev_faultpages(struct hat *, struct seg *, caddr_t, 232 size_t, enum fault_type, enum seg_rw, devmap_handle_t *); 233 234 static struct devmap_ctx *devmap_ctxinit(dev_t, ulong_t); 235 static struct devmap_softlock *devmap_softlock_init(dev_t, ulong_t); 236 static void devmap_softlock_rele(devmap_handle_t *); 237 static void devmap_ctx_rele(devmap_handle_t *); 238 239 static void devmap_ctxto(void *); 240 241 static devmap_handle_t *devmap_find_handle(devmap_handle_t *dhp_head, 242 caddr_t addr); 243 244 static ulong_t devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len, 245 ulong_t *opfn, ulong_t *pagesize); 246 247 static void free_devmap_handle(devmap_handle_t *dhp); 248 249 static int devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp, 250 struct seg *newseg); 251 252 static devmap_handle_t *devmap_handle_unmap(devmap_handle_t *dhp); 253 254 static void devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len); 255 256 static void devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr); 257 258 static int devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr, 259 offset_t off, size_t len, uint_t flags); 260 261 static void devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, 262 caddr_t addr, size_t *llen, caddr_t *laddr); 263 264 static void devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len); 265 266 static void *devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag); 267 static void devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size); 268 269 static void *devmap_umem_alloc_np(size_t size, size_t flags); 270 static void devmap_umem_free_np(void *addr, size_t size); 271 272 /* 273 * routines to lock and unlock underlying segkp segment for 274 * KMEM_PAGEABLE type cookies. 275 */ 276 static faultcode_t acquire_kpmem_lock(struct ddi_umem_cookie *, size_t); 277 static void release_kpmem_lock(struct ddi_umem_cookie *, size_t); 278 279 /* 280 * Routines to synchronize F_SOFTLOCK and F_INVAL faults for 281 * drivers with devmap_access callbacks 282 */ 283 static int devmap_softlock_enter(struct devmap_softlock *, size_t, 284 enum fault_type); 285 static void devmap_softlock_exit(struct devmap_softlock *, size_t, 286 enum fault_type); 287 288 static kmutex_t devmapctx_lock; 289 290 static kmutex_t devmap_slock; 291 292 /* 293 * Initialize the thread callbacks and thread private data. 294 */ 295 static struct devmap_ctx * 296 devmap_ctxinit(dev_t dev, ulong_t id) 297 { 298 struct devmap_ctx *devctx; 299 struct devmap_ctx *tmp; 300 dev_info_t *dip; 301 302 tmp = kmem_zalloc(sizeof (struct devmap_ctx), KM_SLEEP); 303 304 mutex_enter(&devmapctx_lock); 305 306 dip = e_ddi_hold_devi_by_dev(dev, 0); 307 ASSERT(dip != NULL); 308 ddi_release_devi(dip); 309 310 for (devctx = devmapctx_list; devctx != NULL; devctx = devctx->next) 311 if ((devctx->dip == dip) && (devctx->id == id)) 312 break; 313 314 if (devctx == NULL) { 315 devctx = tmp; 316 devctx->dip = dip; 317 devctx->id = id; 318 mutex_init(&devctx->lock, NULL, MUTEX_DEFAULT, NULL); 319 cv_init(&devctx->cv, NULL, CV_DEFAULT, NULL); 320 devctx->next = devmapctx_list; 321 devmapctx_list = devctx; 322 } else 323 kmem_free(tmp, sizeof (struct devmap_ctx)); 324 325 mutex_enter(&devctx->lock); 326 devctx->refcnt++; 327 mutex_exit(&devctx->lock); 328 mutex_exit(&devmapctx_lock); 329 330 return (devctx); 331 } 332 333 /* 334 * Timeout callback called if a CPU has not given up the device context 335 * within dhp->dh_timeout_length ticks 336 */ 337 static void 338 devmap_ctxto(void *data) 339 { 340 struct devmap_ctx *devctx = data; 341 342 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_CTXTO, 343 "devmap_ctxto:timeout expired, devctx=%p", (void *)devctx); 344 mutex_enter(&devctx->lock); 345 /* 346 * Set oncpu = 0 so the next mapping trying to get the device context 347 * can. 348 */ 349 devctx->oncpu = 0; 350 devctx->timeout = 0; 351 cv_signal(&devctx->cv); 352 mutex_exit(&devctx->lock); 353 } 354 355 /* 356 * Create a device segment. 357 */ 358 int 359 segdev_create(struct seg *seg, void *argsp) 360 { 361 struct segdev_data *sdp; 362 struct segdev_crargs *a = (struct segdev_crargs *)argsp; 363 devmap_handle_t *dhp = (devmap_handle_t *)a->devmap_data; 364 int error; 365 366 /* 367 * Since the address space is "write" locked, we 368 * don't need the segment lock to protect "segdev" data. 369 */ 370 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 371 372 hat_map(seg->s_as->a_hat, seg->s_base, seg->s_size, HAT_MAP); 373 374 sdp = sdp_alloc(); 375 376 sdp->mapfunc = a->mapfunc; 377 sdp->offset = a->offset; 378 sdp->prot = a->prot; 379 sdp->maxprot = a->maxprot; 380 sdp->type = a->type; 381 sdp->pageprot = 0; 382 sdp->softlockcnt = 0; 383 sdp->vpage = NULL; 384 385 if (sdp->mapfunc == NULL) 386 sdp->devmap_data = dhp; 387 else 388 sdp->devmap_data = dhp = NULL; 389 390 sdp->hat_flags = a->hat_flags; 391 sdp->hat_attr = a->hat_attr; 392 393 /* 394 * Currently, hat_flags supports only HAT_LOAD_NOCONSIST 395 */ 396 ASSERT(!(sdp->hat_flags & ~HAT_LOAD_NOCONSIST)); 397 398 /* 399 * Hold shadow vnode -- segdev only deals with 400 * character (VCHR) devices. We use the common 401 * vp to hang pages on. 402 */ 403 sdp->vp = specfind(a->dev, VCHR); 404 ASSERT(sdp->vp != NULL); 405 406 seg->s_ops = &segdev_ops; 407 seg->s_data = sdp; 408 409 while (dhp != NULL) { 410 dhp->dh_seg = seg; 411 dhp = dhp->dh_next; 412 } 413 414 /* 415 * Inform the vnode of the new mapping. 416 */ 417 /* 418 * It is ok to use pass sdp->maxprot to ADDMAP rather than to use 419 * dhp specific maxprot because spec_addmap does not use maxprot. 420 */ 421 error = VOP_ADDMAP(VTOCVP(sdp->vp), sdp->offset, 422 seg->s_as, seg->s_base, seg->s_size, 423 sdp->prot, sdp->maxprot, sdp->type, CRED()); 424 425 if (error != 0) { 426 sdp->devmap_data = NULL; 427 hat_unload(seg->s_as->a_hat, seg->s_base, seg->s_size, 428 HAT_UNLOAD_UNMAP); 429 } 430 431 return (error); 432 } 433 434 static struct segdev_data * 435 sdp_alloc(void) 436 { 437 struct segdev_data *sdp; 438 439 sdp = kmem_zalloc(sizeof (struct segdev_data), KM_SLEEP); 440 mutex_init(&sdp->lock, NULL, MUTEX_DEFAULT, NULL); 441 442 return (sdp); 443 } 444 445 /* 446 * Duplicate seg and return new segment in newseg. 447 */ 448 static int 449 segdev_dup(struct seg *seg, struct seg *newseg) 450 { 451 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 452 struct segdev_data *newsdp; 453 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 454 size_t npages; 455 int ret; 456 457 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DUP, 458 "segdev_dup:start dhp=%p, seg=%p", (void *)dhp, (void *)seg); 459 460 DEBUGF(3, (CE_CONT, "segdev_dup: dhp %p seg %p\n", 461 (void *)dhp, (void *)seg)); 462 463 /* 464 * Since the address space is "write" locked, we 465 * don't need the segment lock to protect "segdev" data. 466 */ 467 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 468 469 newsdp = sdp_alloc(); 470 471 newseg->s_ops = seg->s_ops; 472 newseg->s_data = (void *)newsdp; 473 474 VN_HOLD(sdp->vp); 475 newsdp->vp = sdp->vp; 476 newsdp->mapfunc = sdp->mapfunc; 477 newsdp->offset = sdp->offset; 478 newsdp->pageprot = sdp->pageprot; 479 newsdp->prot = sdp->prot; 480 newsdp->maxprot = sdp->maxprot; 481 newsdp->type = sdp->type; 482 newsdp->hat_attr = sdp->hat_attr; 483 newsdp->hat_flags = sdp->hat_flags; 484 newsdp->softlockcnt = 0; 485 486 /* 487 * Initialize per page data if the segment we are 488 * dup'ing has per page information. 489 */ 490 npages = seg_pages(newseg); 491 492 if (sdp->vpage != NULL) { 493 size_t nbytes = vpgtob(npages); 494 495 newsdp->vpage = kmem_zalloc(nbytes, KM_SLEEP); 496 bcopy(sdp->vpage, newsdp->vpage, nbytes); 497 } else 498 newsdp->vpage = NULL; 499 500 /* 501 * duplicate devmap handles 502 */ 503 if (dhp != NULL) { 504 ret = devmap_handle_dup(dhp, 505 (devmap_handle_t **)&newsdp->devmap_data, newseg); 506 if (ret != 0) { 507 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DUP_CK1, 508 "segdev_dup:ret1 ret=%x, dhp=%p seg=%p", 509 ret, (void *)dhp, (void *)seg); 510 DEBUGF(1, (CE_CONT, 511 "segdev_dup: ret %x dhp %p seg %p\n", 512 ret, (void *)dhp, (void *)seg)); 513 return (ret); 514 } 515 } 516 517 /* 518 * Inform the common vnode of the new mapping. 519 */ 520 return (VOP_ADDMAP(VTOCVP(newsdp->vp), 521 newsdp->offset, newseg->s_as, 522 newseg->s_base, newseg->s_size, newsdp->prot, 523 newsdp->maxprot, sdp->type, CRED())); 524 } 525 526 /* 527 * duplicate devmap handles 528 */ 529 static int 530 devmap_handle_dup(devmap_handle_t *dhp, devmap_handle_t **new_dhp, 531 struct seg *newseg) 532 { 533 devmap_handle_t *newdhp_save = NULL; 534 devmap_handle_t *newdhp = NULL; 535 struct devmap_callback_ctl *callbackops; 536 537 while (dhp != NULL) { 538 newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP); 539 540 /* Need to lock the original dhp while copying if REMAP */ 541 HOLD_DHP_LOCK(dhp); 542 bcopy(dhp, newdhp, sizeof (devmap_handle_t)); 543 RELE_DHP_LOCK(dhp); 544 newdhp->dh_seg = newseg; 545 newdhp->dh_next = NULL; 546 if (newdhp_save != NULL) 547 newdhp_save->dh_next = newdhp; 548 else 549 *new_dhp = newdhp; 550 newdhp_save = newdhp; 551 552 callbackops = &newdhp->dh_callbackops; 553 554 if (dhp->dh_softlock != NULL) 555 newdhp->dh_softlock = devmap_softlock_init( 556 newdhp->dh_dev, 557 (ulong_t)callbackops->devmap_access); 558 if (dhp->dh_ctx != NULL) 559 newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev, 560 (ulong_t)callbackops->devmap_access); 561 562 /* 563 * Initialize dh_lock if we want to do remap. 564 */ 565 if (newdhp->dh_flags & DEVMAP_ALLOW_REMAP) { 566 mutex_init(&newdhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 567 newdhp->dh_flags |= DEVMAP_LOCK_INITED; 568 } 569 570 if (callbackops->devmap_dup != NULL) { 571 int ret; 572 573 /* 574 * Call the dup callback so that the driver can 575 * duplicate its private data. 576 */ 577 ret = (*callbackops->devmap_dup)(dhp, dhp->dh_pvtp, 578 (devmap_cookie_t *)newdhp, &newdhp->dh_pvtp); 579 580 if (ret != 0) { 581 /* 582 * We want to free up this segment as the driver 583 * has indicated that we can't dup it. But we 584 * don't want to call the drivers, devmap_unmap, 585 * callback function as the driver does not 586 * think this segment exists. The caller of 587 * devmap_dup will call seg_free on newseg 588 * as it was the caller that allocated the 589 * segment. 590 */ 591 DEBUGF(1, (CE_CONT, "devmap_handle_dup ERROR: " 592 "newdhp %p dhp %p\n", (void *)newdhp, 593 (void *)dhp)); 594 callbackops->devmap_unmap = NULL; 595 return (ret); 596 } 597 } 598 599 dhp = dhp->dh_next; 600 } 601 602 return (0); 603 } 604 605 /* 606 * Split a segment at addr for length len. 607 */ 608 /*ARGSUSED*/ 609 static int 610 segdev_unmap(struct seg *seg, caddr_t addr, size_t len) 611 { 612 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 613 register struct segdev_data *nsdp; 614 register struct seg *nseg; 615 register size_t opages; /* old segment size in pages */ 616 register size_t npages; /* new segment size in pages */ 617 register size_t dpages; /* pages being deleted (unmapped) */ 618 register size_t nbytes; 619 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 620 devmap_handle_t *dhpp; 621 devmap_handle_t *newdhp; 622 struct devmap_callback_ctl *callbackops; 623 caddr_t nbase; 624 offset_t off; 625 ulong_t nsize; 626 size_t mlen, sz; 627 628 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP, 629 "segdev_unmap:start dhp=%p, seg=%p addr=%p len=%lx", 630 (void *)dhp, (void *)seg, (void *)addr, len); 631 632 DEBUGF(3, (CE_CONT, "segdev_unmap: dhp %p seg %p addr %p len %lx\n", 633 (void *)dhp, (void *)seg, (void *)addr, len)); 634 635 /* 636 * Since the address space is "write" locked, we 637 * don't need the segment lock to protect "segdev" data. 638 */ 639 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 640 641 if ((sz = sdp->softlockcnt) > 0) { 642 /* 643 * Fail the unmap if pages are SOFTLOCKed through this mapping. 644 * softlockcnt is protected from change by the as write lock. 645 */ 646 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK1, 647 "segdev_unmap:error softlockcnt = %ld", sz); 648 DEBUGF(1, (CE_CONT, "segdev_unmap: softlockcnt %ld\n", sz)); 649 return (EAGAIN); 650 } 651 652 /* 653 * Check for bad sizes 654 */ 655 if (addr < seg->s_base || addr + len > seg->s_base + seg->s_size || 656 (len & PAGEOFFSET) || ((uintptr_t)addr & PAGEOFFSET)) 657 panic("segdev_unmap"); 658 659 if (dhp != NULL) { 660 devmap_handle_t *tdhp; 661 /* 662 * If large page size was used in hat_devload(), 663 * the same page size must be used in hat_unload(). 664 */ 665 dhpp = tdhp = devmap_find_handle(dhp, addr); 666 while (tdhp != NULL) { 667 if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) { 668 break; 669 } 670 tdhp = tdhp->dh_next; 671 } 672 if (tdhp != NULL) { /* found a dhp using large pages */ 673 size_t slen = len; 674 size_t mlen; 675 size_t soff; 676 677 soff = (ulong_t)(addr - dhpp->dh_uvaddr); 678 while (slen != 0) { 679 mlen = MIN(slen, (dhpp->dh_len - soff)); 680 hat_unload(seg->s_as->a_hat, dhpp->dh_uvaddr, 681 dhpp->dh_len, HAT_UNLOAD_UNMAP); 682 dhpp = dhpp->dh_next; 683 ASSERT(slen >= mlen); 684 slen -= mlen; 685 soff = 0; 686 } 687 } else 688 hat_unload(seg->s_as->a_hat, addr, len, 689 HAT_UNLOAD_UNMAP); 690 } else { 691 /* 692 * Unload any hardware translations in the range 693 * to be taken out. 694 */ 695 hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD_UNMAP); 696 } 697 698 /* 699 * get the user offset which will used in the driver callbacks 700 */ 701 off = sdp->offset + (offset_t)(addr - seg->s_base); 702 703 /* 704 * Inform the vnode of the unmapping. 705 */ 706 ASSERT(sdp->vp != NULL); 707 (void) VOP_DELMAP(VTOCVP(sdp->vp), off, seg->s_as, addr, len, 708 sdp->prot, sdp->maxprot, sdp->type, CRED()); 709 710 /* 711 * Check for entire segment 712 */ 713 if (addr == seg->s_base && len == seg->s_size) { 714 seg_free(seg); 715 return (0); 716 } 717 718 opages = seg_pages(seg); 719 dpages = btop(len); 720 npages = opages - dpages; 721 722 /* 723 * Check for beginning of segment 724 */ 725 if (addr == seg->s_base) { 726 if (sdp->vpage != NULL) { 727 register struct vpage *ovpage; 728 729 ovpage = sdp->vpage; /* keep pointer to vpage */ 730 731 nbytes = vpgtob(npages); 732 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 733 bcopy(&ovpage[dpages], sdp->vpage, nbytes); 734 735 /* free up old vpage */ 736 kmem_free(ovpage, vpgtob(opages)); 737 } 738 739 /* 740 * free devmap handles from the beginning of the mapping. 741 */ 742 if (dhp != NULL) 743 devmap_handle_unmap_head(dhp, len); 744 745 sdp->offset += (offset_t)len; 746 747 seg->s_base += len; 748 seg->s_size -= len; 749 750 return (0); 751 } 752 753 /* 754 * Check for end of segment 755 */ 756 if (addr + len == seg->s_base + seg->s_size) { 757 if (sdp->vpage != NULL) { 758 register struct vpage *ovpage; 759 760 ovpage = sdp->vpage; /* keep pointer to vpage */ 761 762 nbytes = vpgtob(npages); 763 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 764 bcopy(ovpage, sdp->vpage, nbytes); 765 766 /* free up old vpage */ 767 kmem_free(ovpage, vpgtob(opages)); 768 } 769 seg->s_size -= len; 770 771 /* 772 * free devmap handles from addr to the end of the mapping. 773 */ 774 if (dhp != NULL) 775 devmap_handle_unmap_tail(dhp, addr); 776 777 return (0); 778 } 779 780 /* 781 * The section to go is in the middle of the segment, 782 * have to make it into two segments. nseg is made for 783 * the high end while seg is cut down at the low end. 784 */ 785 nbase = addr + len; /* new seg base */ 786 nsize = (seg->s_base + seg->s_size) - nbase; /* new seg size */ 787 seg->s_size = addr - seg->s_base; /* shrink old seg */ 788 nseg = seg_alloc(seg->s_as, nbase, nsize); 789 if (nseg == NULL) 790 panic("segdev_unmap seg_alloc"); 791 792 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK2, 793 "segdev_unmap: seg=%p nseg=%p", (void *)seg, (void *)nseg); 794 DEBUGF(3, (CE_CONT, "segdev_unmap: segdev_dup seg %p nseg %p\n", 795 (void *)seg, (void *)nseg)); 796 nsdp = sdp_alloc(); 797 798 nseg->s_ops = seg->s_ops; 799 nseg->s_data = (void *)nsdp; 800 801 VN_HOLD(sdp->vp); 802 nsdp->mapfunc = sdp->mapfunc; 803 nsdp->offset = sdp->offset + (offset_t)(nseg->s_base - seg->s_base); 804 nsdp->vp = sdp->vp; 805 nsdp->pageprot = sdp->pageprot; 806 nsdp->prot = sdp->prot; 807 nsdp->maxprot = sdp->maxprot; 808 nsdp->type = sdp->type; 809 nsdp->hat_attr = sdp->hat_attr; 810 nsdp->hat_flags = sdp->hat_flags; 811 nsdp->softlockcnt = 0; 812 813 /* 814 * Initialize per page data if the segment we are 815 * dup'ing has per page information. 816 */ 817 if (sdp->vpage != NULL) { 818 /* need to split vpage into two arrays */ 819 register size_t nnbytes; 820 register size_t nnpages; 821 register struct vpage *ovpage; 822 823 ovpage = sdp->vpage; /* keep pointer to vpage */ 824 825 npages = seg_pages(seg); /* seg has shrunk */ 826 nbytes = vpgtob(npages); 827 nnpages = seg_pages(nseg); 828 nnbytes = vpgtob(nnpages); 829 830 sdp->vpage = kmem_alloc(nbytes, KM_SLEEP); 831 bcopy(ovpage, sdp->vpage, nbytes); 832 833 nsdp->vpage = kmem_alloc(nnbytes, KM_SLEEP); 834 bcopy(&ovpage[npages + dpages], nsdp->vpage, nnbytes); 835 836 /* free up old vpage */ 837 kmem_free(ovpage, vpgtob(opages)); 838 } else 839 nsdp->vpage = NULL; 840 841 /* 842 * unmap dhps. 843 */ 844 if (dhp == NULL) { 845 nsdp->devmap_data = NULL; 846 return (0); 847 } 848 while (dhp != NULL) { 849 callbackops = &dhp->dh_callbackops; 850 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_UNMAP_CK3, 851 "segdev_unmap: dhp=%p addr=%p", dhp, addr); 852 DEBUGF(3, (CE_CONT, "unmap: dhp %p addr %p uvaddr %p len %lx\n", 853 (void *)dhp, (void *)addr, 854 (void *)dhp->dh_uvaddr, dhp->dh_len)); 855 856 if (addr == (dhp->dh_uvaddr + dhp->dh_len)) { 857 dhpp = dhp->dh_next; 858 dhp->dh_next = NULL; 859 dhp = dhpp; 860 } else if (addr > (dhp->dh_uvaddr + dhp->dh_len)) { 861 dhp = dhp->dh_next; 862 } else if (addr > dhp->dh_uvaddr && 863 (addr + len) < (dhp->dh_uvaddr + dhp->dh_len)) { 864 /* 865 * <addr, addr+len> is enclosed by dhp. 866 * create a newdhp that begins at addr+len and 867 * ends at dhp->dh_uvaddr+dhp->dh_len. 868 */ 869 newdhp = kmem_alloc(sizeof (devmap_handle_t), KM_SLEEP); 870 HOLD_DHP_LOCK(dhp); 871 bcopy(dhp, newdhp, sizeof (devmap_handle_t)); 872 RELE_DHP_LOCK(dhp); 873 newdhp->dh_seg = nseg; 874 newdhp->dh_next = dhp->dh_next; 875 if (dhp->dh_softlock != NULL) 876 newdhp->dh_softlock = devmap_softlock_init( 877 newdhp->dh_dev, 878 (ulong_t)callbackops->devmap_access); 879 if (dhp->dh_ctx != NULL) 880 newdhp->dh_ctx = devmap_ctxinit(newdhp->dh_dev, 881 (ulong_t)callbackops->devmap_access); 882 if (newdhp->dh_flags & DEVMAP_LOCK_INITED) { 883 mutex_init(&newdhp->dh_lock, 884 NULL, MUTEX_DEFAULT, NULL); 885 } 886 if (callbackops->devmap_unmap != NULL) 887 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 888 off, len, dhp, &dhp->dh_pvtp, 889 newdhp, &newdhp->dh_pvtp); 890 mlen = len + (addr - dhp->dh_uvaddr); 891 devmap_handle_reduce_len(newdhp, mlen); 892 nsdp->devmap_data = newdhp; 893 /* XX Changing len should recalculate LARGE flag */ 894 dhp->dh_len = addr - dhp->dh_uvaddr; 895 dhpp = dhp->dh_next; 896 dhp->dh_next = NULL; 897 dhp = dhpp; 898 } else if ((addr > dhp->dh_uvaddr) && 899 ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len))) { 900 mlen = dhp->dh_len + dhp->dh_uvaddr - addr; 901 /* 902 * <addr, addr+len> spans over dhps. 903 */ 904 if (callbackops->devmap_unmap != NULL) 905 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 906 off, mlen, (devmap_cookie_t *)dhp, 907 &dhp->dh_pvtp, NULL, NULL); 908 /* XX Changing len should recalculate LARGE flag */ 909 dhp->dh_len = addr - dhp->dh_uvaddr; 910 dhpp = dhp->dh_next; 911 dhp->dh_next = NULL; 912 dhp = dhpp; 913 nsdp->devmap_data = dhp; 914 } else if ((addr + len) >= (dhp->dh_uvaddr + dhp->dh_len)) { 915 /* 916 * dhp is enclosed by <addr, addr+len>. 917 */ 918 dhp->dh_seg = nseg; 919 nsdp->devmap_data = dhp; 920 dhp = devmap_handle_unmap(dhp); 921 nsdp->devmap_data = dhp; /* XX redundant? */ 922 } else if (((addr + len) > dhp->dh_uvaddr) && 923 ((addr + len) < (dhp->dh_uvaddr + dhp->dh_len))) { 924 mlen = addr + len - dhp->dh_uvaddr; 925 if (callbackops->devmap_unmap != NULL) 926 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 927 dhp->dh_uoff, mlen, NULL, 928 NULL, dhp, &dhp->dh_pvtp); 929 devmap_handle_reduce_len(dhp, mlen); 930 nsdp->devmap_data = dhp; 931 dhp->dh_seg = nseg; 932 dhp = dhp->dh_next; 933 } else { 934 dhp->dh_seg = nseg; 935 dhp = dhp->dh_next; 936 } 937 } 938 return (0); 939 } 940 941 /* 942 * Utility function handles reducing the length of a devmap handle during unmap 943 * Note that is only used for unmapping the front portion of the handler, 944 * i.e., we are bumping up the offset/pfn etc up by len 945 * Do not use if reducing length at the tail. 946 */ 947 static void 948 devmap_handle_reduce_len(devmap_handle_t *dhp, size_t len) 949 { 950 struct ddi_umem_cookie *cp; 951 struct devmap_pmem_cookie *pcp; 952 /* 953 * adjust devmap handle fields 954 */ 955 ASSERT(len < dhp->dh_len); 956 957 /* Make sure only page-aligned changes are done */ 958 ASSERT((len & PAGEOFFSET) == 0); 959 960 dhp->dh_len -= len; 961 dhp->dh_uoff += (offset_t)len; 962 dhp->dh_roff += (offset_t)len; 963 dhp->dh_uvaddr += len; 964 /* Need to grab dhp lock if REMAP */ 965 HOLD_DHP_LOCK(dhp); 966 cp = dhp->dh_cookie; 967 if (!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)) { 968 if (cookie_is_devmem(cp)) { 969 dhp->dh_pfn += btop(len); 970 } else if (cookie_is_pmem(cp)) { 971 pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie; 972 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 && 973 dhp->dh_roff < ptob(pcp->dp_npages)); 974 } else { 975 ASSERT(dhp->dh_roff < cp->size); 976 ASSERT(dhp->dh_cvaddr >= cp->cvaddr && 977 dhp->dh_cvaddr < (cp->cvaddr + cp->size)); 978 ASSERT((dhp->dh_cvaddr + len) <= 979 (cp->cvaddr + cp->size)); 980 981 dhp->dh_cvaddr += len; 982 } 983 } 984 /* XXX - Should recalculate the DEVMAP_FLAG_LARGE after changes */ 985 RELE_DHP_LOCK(dhp); 986 } 987 988 /* 989 * Free devmap handle, dhp. 990 * Return the next devmap handle on the linked list. 991 */ 992 static devmap_handle_t * 993 devmap_handle_unmap(devmap_handle_t *dhp) 994 { 995 struct devmap_callback_ctl *callbackops = &dhp->dh_callbackops; 996 struct segdev_data *sdp = (struct segdev_data *)dhp->dh_seg->s_data; 997 devmap_handle_t *dhpp = (devmap_handle_t *)sdp->devmap_data; 998 999 ASSERT(dhp != NULL); 1000 1001 /* 1002 * before we free up dhp, call the driver's devmap_unmap entry point 1003 * to free resources allocated for this dhp. 1004 */ 1005 if (callbackops->devmap_unmap != NULL) { 1006 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, dhp->dh_uoff, 1007 dhp->dh_len, NULL, NULL, NULL, NULL); 1008 } 1009 1010 if (dhpp == dhp) { /* releasing first dhp, change sdp data */ 1011 sdp->devmap_data = dhp->dh_next; 1012 } else { 1013 while (dhpp->dh_next != dhp) { 1014 dhpp = dhpp->dh_next; 1015 } 1016 dhpp->dh_next = dhp->dh_next; 1017 } 1018 dhpp = dhp->dh_next; /* return value is next dhp in chain */ 1019 1020 if (dhp->dh_softlock != NULL) 1021 devmap_softlock_rele(dhp); 1022 1023 if (dhp->dh_ctx != NULL) 1024 devmap_ctx_rele(dhp); 1025 1026 if (dhp->dh_flags & DEVMAP_LOCK_INITED) { 1027 mutex_destroy(&dhp->dh_lock); 1028 } 1029 kmem_free(dhp, sizeof (devmap_handle_t)); 1030 1031 return (dhpp); 1032 } 1033 1034 /* 1035 * Free complete devmap handles from dhp for len bytes 1036 * dhp can be either the first handle or a subsequent handle 1037 */ 1038 static void 1039 devmap_handle_unmap_head(devmap_handle_t *dhp, size_t len) 1040 { 1041 struct devmap_callback_ctl *callbackops; 1042 1043 /* 1044 * free the devmap handles covered by len. 1045 */ 1046 while (len >= dhp->dh_len) { 1047 len -= dhp->dh_len; 1048 dhp = devmap_handle_unmap(dhp); 1049 } 1050 if (len != 0) { /* partial unmap at head of first remaining dhp */ 1051 callbackops = &dhp->dh_callbackops; 1052 1053 /* 1054 * Call the unmap callback so the drivers can make 1055 * adjustment on its private data. 1056 */ 1057 if (callbackops->devmap_unmap != NULL) 1058 (*callbackops->devmap_unmap)(dhp, dhp->dh_pvtp, 1059 dhp->dh_uoff, len, NULL, NULL, dhp, &dhp->dh_pvtp); 1060 devmap_handle_reduce_len(dhp, len); 1061 } 1062 } 1063 1064 /* 1065 * Free devmap handles to truncate the mapping after addr 1066 * RFE: Simpler to pass in dhp pointing at correct dhp (avoid find again) 1067 * Also could then use the routine in middle unmap case too 1068 */ 1069 static void 1070 devmap_handle_unmap_tail(devmap_handle_t *dhp, caddr_t addr) 1071 { 1072 register struct seg *seg = dhp->dh_seg; 1073 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1074 register devmap_handle_t *dhph = (devmap_handle_t *)sdp->devmap_data; 1075 struct devmap_callback_ctl *callbackops; 1076 register devmap_handle_t *dhpp; 1077 size_t maplen; 1078 ulong_t off; 1079 size_t len; 1080 1081 maplen = (size_t)(addr - dhp->dh_uvaddr); 1082 dhph = devmap_find_handle(dhph, addr); 1083 1084 while (dhph != NULL) { 1085 if (maplen == 0) { 1086 dhph = devmap_handle_unmap(dhph); 1087 } else { 1088 callbackops = &dhph->dh_callbackops; 1089 len = dhph->dh_len - maplen; 1090 off = (ulong_t)sdp->offset + (addr - seg->s_base); 1091 /* 1092 * Call the unmap callback so the driver 1093 * can make adjustments on its private data. 1094 */ 1095 if (callbackops->devmap_unmap != NULL) 1096 (*callbackops->devmap_unmap)(dhph, 1097 dhph->dh_pvtp, off, len, 1098 (devmap_cookie_t *)dhph, 1099 &dhph->dh_pvtp, NULL, NULL); 1100 /* XXX Reducing len needs to recalculate LARGE flag */ 1101 dhph->dh_len = maplen; 1102 maplen = 0; 1103 dhpp = dhph->dh_next; 1104 dhph->dh_next = NULL; 1105 dhph = dhpp; 1106 } 1107 } /* end while */ 1108 } 1109 1110 /* 1111 * Free a segment. 1112 */ 1113 static void 1114 segdev_free(struct seg *seg) 1115 { 1116 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1117 devmap_handle_t *dhp = (devmap_handle_t *)sdp->devmap_data; 1118 1119 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FREE, 1120 "segdev_free: dhp=%p seg=%p", (void *)dhp, (void *)seg); 1121 DEBUGF(3, (CE_CONT, "segdev_free: dhp %p seg %p\n", 1122 (void *)dhp, (void *)seg)); 1123 1124 /* 1125 * Since the address space is "write" locked, we 1126 * don't need the segment lock to protect "segdev" data. 1127 */ 1128 ASSERT(seg->s_as && AS_WRITE_HELD(seg->s_as, &seg->s_as->a_lock)); 1129 1130 while (dhp != NULL) 1131 dhp = devmap_handle_unmap(dhp); 1132 1133 VN_RELE(sdp->vp); 1134 if (sdp->vpage != NULL) 1135 kmem_free(sdp->vpage, vpgtob(seg_pages(seg))); 1136 1137 mutex_destroy(&sdp->lock); 1138 kmem_free(sdp, sizeof (*sdp)); 1139 } 1140 1141 static void 1142 free_devmap_handle(devmap_handle_t *dhp) 1143 { 1144 register devmap_handle_t *dhpp; 1145 1146 /* 1147 * free up devmap handle 1148 */ 1149 while (dhp != NULL) { 1150 dhpp = dhp->dh_next; 1151 if (dhp->dh_flags & DEVMAP_LOCK_INITED) { 1152 mutex_destroy(&dhp->dh_lock); 1153 } 1154 1155 if (dhp->dh_softlock != NULL) 1156 devmap_softlock_rele(dhp); 1157 1158 if (dhp->dh_ctx != NULL) 1159 devmap_ctx_rele(dhp); 1160 1161 kmem_free(dhp, sizeof (devmap_handle_t)); 1162 dhp = dhpp; 1163 } 1164 } 1165 1166 /* 1167 * routines to lock and unlock underlying segkp segment for 1168 * KMEM_PAGEABLE type cookies. 1169 * segkp only allows a single pending F_SOFTLOCK 1170 * we keep track of number of locks in the cookie so we can 1171 * have multiple pending faults and manage the calls to segkp. 1172 * RFE: if segkp supports either pagelock or can support multiple 1173 * calls to F_SOFTLOCK, then these routines can go away. 1174 * If pagelock, segdev_faultpage can fault on a page by page basis 1175 * and simplifies the code quite a bit. 1176 * if multiple calls allowed but not partial ranges, then need for 1177 * cookie->lock and locked count goes away, code can call as_fault directly 1178 */ 1179 static faultcode_t 1180 acquire_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages) 1181 { 1182 int err = 0; 1183 ASSERT(cookie_is_kpmem(cookie)); 1184 /* 1185 * Fault in pages in segkp with F_SOFTLOCK. 1186 * We want to hold the lock until all pages have been loaded. 1187 * segkp only allows single caller to hold SOFTLOCK, so cookie 1188 * holds a count so we dont call into segkp multiple times 1189 */ 1190 mutex_enter(&cookie->lock); 1191 1192 /* 1193 * Check for overflow in locked field 1194 */ 1195 if ((UINT32_MAX - cookie->locked) < npages) { 1196 err = FC_MAKE_ERR(ENOMEM); 1197 } else if (cookie->locked == 0) { 1198 /* First time locking */ 1199 err = as_fault(kas.a_hat, &kas, cookie->cvaddr, 1200 cookie->size, F_SOFTLOCK, PROT_READ|PROT_WRITE); 1201 } 1202 if (!err) { 1203 cookie->locked += npages; 1204 } 1205 mutex_exit(&cookie->lock); 1206 return (err); 1207 } 1208 1209 static void 1210 release_kpmem_lock(struct ddi_umem_cookie *cookie, size_t npages) 1211 { 1212 mutex_enter(&cookie->lock); 1213 ASSERT(cookie_is_kpmem(cookie)); 1214 ASSERT(cookie->locked >= npages); 1215 cookie->locked -= (uint_t)npages; 1216 if (cookie->locked == 0) { 1217 /* Last unlock */ 1218 if (as_fault(kas.a_hat, &kas, cookie->cvaddr, 1219 cookie->size, F_SOFTUNLOCK, PROT_READ|PROT_WRITE)) 1220 panic("segdev releasing kpmem lock %p", (void *)cookie); 1221 } 1222 mutex_exit(&cookie->lock); 1223 } 1224 1225 /* 1226 * Routines to synchronize F_SOFTLOCK and F_INVAL faults for 1227 * drivers with devmap_access callbacks 1228 * slock->softlocked basically works like a rw lock 1229 * -ve counts => F_SOFTLOCK in progress 1230 * +ve counts => F_INVAL/F_PROT in progress 1231 * We allow only one F_SOFTLOCK at a time 1232 * but can have multiple pending F_INVAL/F_PROT calls 1233 * 1234 * This routine waits using cv_wait_sig so killing processes is more graceful 1235 * Returns EINTR if coming out of this routine due to a signal, 0 otherwise 1236 */ 1237 static int devmap_softlock_enter( 1238 struct devmap_softlock *slock, 1239 size_t npages, 1240 enum fault_type type) 1241 { 1242 if (npages == 0) 1243 return (0); 1244 mutex_enter(&(slock->lock)); 1245 switch (type) { 1246 case F_SOFTLOCK : 1247 while (slock->softlocked) { 1248 if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) { 1249 /* signalled */ 1250 mutex_exit(&(slock->lock)); 1251 return (EINTR); 1252 } 1253 } 1254 slock->softlocked -= npages; /* -ve count => locked */ 1255 break; 1256 case F_INVAL : 1257 case F_PROT : 1258 while (slock->softlocked < 0) 1259 if (cv_wait_sig(&(slock)->cv, &(slock)->lock) == 0) { 1260 /* signalled */ 1261 mutex_exit(&(slock->lock)); 1262 return (EINTR); 1263 } 1264 slock->softlocked += npages; /* +ve count => f_invals */ 1265 break; 1266 default: 1267 ASSERT(0); 1268 } 1269 mutex_exit(&(slock->lock)); 1270 return (0); 1271 } 1272 1273 static void devmap_softlock_exit( 1274 struct devmap_softlock *slock, 1275 size_t npages, 1276 enum fault_type type) 1277 { 1278 if (slock == NULL) 1279 return; 1280 mutex_enter(&(slock->lock)); 1281 switch (type) { 1282 case F_SOFTLOCK : 1283 ASSERT(-slock->softlocked >= npages); 1284 slock->softlocked += npages; /* -ve count is softlocked */ 1285 if (slock->softlocked == 0) 1286 cv_signal(&slock->cv); 1287 break; 1288 case F_INVAL : 1289 case F_PROT: 1290 ASSERT(slock->softlocked >= npages); 1291 slock->softlocked -= npages; 1292 if (slock->softlocked == 0) 1293 cv_signal(&slock->cv); 1294 break; 1295 default: 1296 ASSERT(0); 1297 } 1298 mutex_exit(&(slock->lock)); 1299 } 1300 1301 /* 1302 * Do a F_SOFTUNLOCK call over the range requested. 1303 * The range must have already been F_SOFTLOCK'ed. 1304 * The segment lock should be held, (but not the segment private lock?) 1305 * The softunlock code below does not adjust for large page sizes 1306 * assumes the caller already did any addr/len adjustments for 1307 * pagesize mappings before calling. 1308 */ 1309 /*ARGSUSED*/ 1310 static void 1311 segdev_softunlock( 1312 struct hat *hat, /* the hat */ 1313 struct seg *seg, /* seg_dev of interest */ 1314 caddr_t addr, /* base address of range */ 1315 size_t len, /* number of bytes */ 1316 enum seg_rw rw) /* type of access at fault */ 1317 { 1318 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1319 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 1320 1321 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SOFTUNLOCK, 1322 "segdev_softunlock:dhp_head=%p sdp=%p addr=%p len=%lx", 1323 dhp_head, sdp, addr, len); 1324 DEBUGF(3, (CE_CONT, "segdev_softunlock: dhp %p lockcnt %lx " 1325 "addr %p len %lx\n", 1326 (void *)dhp_head, sdp->softlockcnt, (void *)addr, len)); 1327 1328 hat_unlock(hat, addr, len); 1329 1330 if (dhp_head != NULL) { 1331 devmap_handle_t *dhp; 1332 size_t mlen; 1333 ulong_t off; 1334 1335 dhp = devmap_find_handle(dhp_head, addr); 1336 ASSERT(dhp != NULL); 1337 1338 off = (ulong_t)(addr - dhp->dh_uvaddr); 1339 while (len != 0) { 1340 mlen = MIN(len, (dhp->dh_len - off)); 1341 1342 /* 1343 * unlock segkp memory, locked during F_SOFTLOCK 1344 */ 1345 if (dhp_is_kpmem(dhp)) { 1346 release_kpmem_lock( 1347 (struct ddi_umem_cookie *)dhp->dh_cookie, 1348 btopr(mlen)); 1349 } 1350 1351 /* 1352 * Do the softlock accounting for devmap_access 1353 */ 1354 if (dhp->dh_callbackops.devmap_access != NULL) { 1355 devmap_softlock_exit(dhp->dh_softlock, 1356 btopr(mlen), F_SOFTLOCK); 1357 } 1358 1359 len -= mlen; 1360 dhp = dhp->dh_next; 1361 off = 0; 1362 } 1363 } 1364 1365 mutex_enter(&freemem_lock); 1366 ASSERT(sdp->softlockcnt >= btopr(len)); 1367 sdp->softlockcnt -= btopr(len); 1368 mutex_exit(&freemem_lock); 1369 if (sdp->softlockcnt == 0) { 1370 /* 1371 * All SOFTLOCKS are gone. Wakeup any waiting 1372 * unmappers so they can try again to unmap. 1373 * Check for waiters first without the mutex 1374 * held so we don't always grab the mutex on 1375 * softunlocks. 1376 */ 1377 if (AS_ISUNMAPWAIT(seg->s_as)) { 1378 mutex_enter(&seg->s_as->a_contents); 1379 if (AS_ISUNMAPWAIT(seg->s_as)) { 1380 AS_CLRUNMAPWAIT(seg->s_as); 1381 cv_broadcast(&seg->s_as->a_cv); 1382 } 1383 mutex_exit(&seg->s_as->a_contents); 1384 } 1385 } 1386 1387 } 1388 1389 /* 1390 * Handle fault for a single page. 1391 * Done in a separate routine so we can handle errors more easily. 1392 * This routine is called only from segdev_faultpages() 1393 * when looping over the range of addresses requested. The segment lock is held. 1394 */ 1395 static faultcode_t 1396 segdev_faultpage( 1397 struct hat *hat, /* the hat */ 1398 struct seg *seg, /* seg_dev of interest */ 1399 caddr_t addr, /* address in as */ 1400 struct vpage *vpage, /* pointer to vpage for seg, addr */ 1401 enum fault_type type, /* type of fault */ 1402 enum seg_rw rw, /* type of access at fault */ 1403 devmap_handle_t *dhp) /* devmap handle if any for this page */ 1404 { 1405 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1406 uint_t prot; 1407 pfn_t pfnum = PFN_INVALID; 1408 u_offset_t offset; 1409 uint_t hat_flags; 1410 dev_info_t *dip; 1411 1412 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE, 1413 "segdev_faultpage: dhp=%p seg=%p addr=%p", dhp, seg, addr); 1414 DEBUGF(8, (CE_CONT, "segdev_faultpage: dhp %p seg %p addr %p \n", 1415 (void *)dhp, (void *)seg, (void *)addr)); 1416 1417 /* 1418 * Initialize protection value for this page. 1419 * If we have per page protection values check it now. 1420 */ 1421 if (sdp->pageprot) { 1422 uint_t protchk; 1423 1424 switch (rw) { 1425 case S_READ: 1426 protchk = PROT_READ; 1427 break; 1428 case S_WRITE: 1429 protchk = PROT_WRITE; 1430 break; 1431 case S_EXEC: 1432 protchk = PROT_EXEC; 1433 break; 1434 case S_OTHER: 1435 default: 1436 protchk = PROT_READ | PROT_WRITE | PROT_EXEC; 1437 break; 1438 } 1439 1440 prot = VPP_PROT(vpage); 1441 if ((prot & protchk) == 0) 1442 return (FC_PROT); /* illegal access type */ 1443 } else { 1444 prot = sdp->prot; 1445 /* caller has already done segment level protection check */ 1446 } 1447 1448 if (type == F_SOFTLOCK) { 1449 mutex_enter(&freemem_lock); 1450 sdp->softlockcnt++; 1451 mutex_exit(&freemem_lock); 1452 } 1453 1454 hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD); 1455 offset = sdp->offset + (u_offset_t)(addr - seg->s_base); 1456 /* 1457 * In the devmap framework, sdp->mapfunc is set to NULL. we can get 1458 * pfnum from dhp->dh_pfn (at beginning of segment) and offset from 1459 * seg->s_base. 1460 */ 1461 if (dhp == NULL) { 1462 /* If segment has devmap_data, then dhp should be non-NULL */ 1463 ASSERT(sdp->devmap_data == NULL); 1464 pfnum = (pfn_t)cdev_mmap(sdp->mapfunc, sdp->vp->v_rdev, 1465 (off_t)offset, prot); 1466 prot |= sdp->hat_attr; 1467 } else { 1468 ulong_t off; 1469 struct ddi_umem_cookie *cp; 1470 struct devmap_pmem_cookie *pcp; 1471 1472 /* ensure the dhp passed in contains addr. */ 1473 ASSERT(dhp == devmap_find_handle( 1474 (devmap_handle_t *)sdp->devmap_data, addr)); 1475 1476 off = addr - dhp->dh_uvaddr; 1477 1478 /* 1479 * This routine assumes that the caller makes sure that the 1480 * fields in dhp used below are unchanged due to remap during 1481 * this call. Caller does HOLD_DHP_LOCK if neeed 1482 */ 1483 cp = dhp->dh_cookie; 1484 if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) { 1485 pfnum = PFN_INVALID; 1486 } else if (cookie_is_devmem(cp)) { 1487 pfnum = dhp->dh_pfn + btop(off); 1488 } else if (cookie_is_pmem(cp)) { 1489 pcp = (struct devmap_pmem_cookie *)dhp->dh_pcookie; 1490 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0 && 1491 dhp->dh_roff < ptob(pcp->dp_npages)); 1492 pfnum = page_pptonum( 1493 pcp->dp_pparray[btop(off + dhp->dh_roff)]); 1494 } else { 1495 ASSERT(dhp->dh_roff < cp->size); 1496 ASSERT(dhp->dh_cvaddr >= cp->cvaddr && 1497 dhp->dh_cvaddr < (cp->cvaddr + cp->size)); 1498 ASSERT((dhp->dh_cvaddr + off) <= 1499 (cp->cvaddr + cp->size)); 1500 ASSERT((dhp->dh_cvaddr + off + PAGESIZE) <= 1501 (cp->cvaddr + cp->size)); 1502 1503 switch (cp->type) { 1504 case UMEM_LOCKED : 1505 if (cp->pparray != NULL) { 1506 ASSERT((dhp->dh_roff & PAGEOFFSET) == 0); 1507 pfnum = page_pptonum( 1508 cp->pparray[btop(off + dhp->dh_roff)]); 1509 } else { 1510 pfnum = hat_getpfnum( 1511 ((proc_t *)cp->procp)->p_as->a_hat, 1512 cp->cvaddr + off); 1513 } 1514 break; 1515 case UMEM_TRASH : 1516 pfnum = page_pptonum(trashpp); 1517 /* We should set hat_flags to HAT_NOFAULT also */ 1518 /* However, not all hat layers implement this */ 1519 break; 1520 case KMEM_PAGEABLE: 1521 case KMEM_NON_PAGEABLE: 1522 pfnum = hat_getpfnum(kas.a_hat, 1523 dhp->dh_cvaddr + off); 1524 break; 1525 default : 1526 pfnum = PFN_INVALID; 1527 break; 1528 } 1529 } 1530 prot |= dhp->dh_hat_attr; 1531 } 1532 if (pfnum == PFN_INVALID) { 1533 return (FC_MAKE_ERR(EFAULT)); 1534 } 1535 /* prot should already be OR'ed in with hat_attributes if needed */ 1536 1537 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGE_CK1, 1538 "segdev_faultpage: pfnum=%lx memory=%x prot=%x flags=%x", 1539 pfnum, pf_is_memory(pfnum), prot, hat_flags); 1540 DEBUGF(9, (CE_CONT, "segdev_faultpage: pfnum %lx memory %x " 1541 "prot %x flags %x\n", pfnum, pf_is_memory(pfnum), prot, hat_flags)); 1542 1543 if (pf_is_memory(pfnum) || (dhp != NULL)) { 1544 /* 1545 * It's not _really_ required here to pass sdp->hat_flags 1546 * to hat_devload even though we do it. 1547 * This is because hat figures it out DEVMEM mappings 1548 * are non-consistent, anyway. 1549 */ 1550 hat_devload(hat, addr, PAGESIZE, pfnum, 1551 prot, hat_flags | sdp->hat_flags); 1552 return (0); 1553 } 1554 1555 /* 1556 * Fall through to the case where devmap is not used and need to call 1557 * up the device tree to set up the mapping 1558 */ 1559 1560 dip = VTOS(VTOCVP(sdp->vp))->s_dip; 1561 ASSERT(dip); 1562 1563 /* 1564 * When calling ddi_map_fault, we do not OR in sdp->hat_attr 1565 * This is because this calls drivers which may not expect 1566 * prot to have any other values than PROT_ALL 1567 * The root nexus driver has a hack to peek into the segment 1568 * structure and then OR in sdp->hat_attr. 1569 * XX In case the bus_ops interfaces are ever revisited 1570 * we need to fix this. prot should include other hat attributes 1571 */ 1572 if (ddi_map_fault(dip, hat, seg, addr, NULL, pfnum, prot & PROT_ALL, 1573 (uint_t)(type == F_SOFTLOCK)) != DDI_SUCCESS) { 1574 return (FC_MAKE_ERR(EFAULT)); 1575 } 1576 return (0); 1577 } 1578 1579 static faultcode_t 1580 segdev_fault( 1581 struct hat *hat, /* the hat */ 1582 struct seg *seg, /* the seg_dev of interest */ 1583 caddr_t addr, /* the address of the fault */ 1584 size_t len, /* the length of the range */ 1585 enum fault_type type, /* type of fault */ 1586 enum seg_rw rw) /* type of access at fault */ 1587 { 1588 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1589 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 1590 devmap_handle_t *dhp; 1591 struct devmap_softlock *slock = NULL; 1592 ulong_t slpage = 0; 1593 ulong_t off; 1594 caddr_t maddr = addr; 1595 int err; 1596 int err_is_faultcode = 0; 1597 1598 TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_FAULT, 1599 "segdev_fault: dhp_head=%p seg=%p addr=%p len=%lx type=%x", 1600 (void *)dhp_head, (void *)seg, (void *)addr, len, type); 1601 DEBUGF(7, (CE_CONT, "segdev_fault: dhp_head %p seg %p " 1602 "addr %p len %lx type %x\n", 1603 (void *)dhp_head, (void *)seg, (void *)addr, len, type)); 1604 1605 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 1606 1607 /* Handle non-devmap case */ 1608 if (dhp_head == NULL) 1609 return (segdev_faultpages(hat, seg, addr, len, type, rw, NULL)); 1610 1611 /* Find devmap handle */ 1612 if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL) 1613 return (FC_NOMAP); 1614 1615 /* 1616 * The seg_dev driver does not implement copy-on-write, 1617 * and always loads translations with maximal allowed permissions 1618 * but we got an fault trying to access the device. 1619 * Servicing the fault is not going to result in any better result 1620 * RFE: If we want devmap_access callbacks to be involved in F_PROT 1621 * faults, then the code below is written for that 1622 * Pending resolution of the following: 1623 * - determine if the F_INVAL/F_SOFTLOCK syncing 1624 * is needed for F_PROT also or not. The code below assumes it does 1625 * - If driver sees F_PROT and calls devmap_load with same type, 1626 * then segdev_faultpages will fail with FC_PROT anyway, need to 1627 * change that so calls from devmap_load to segdev_faultpages for 1628 * F_PROT type are retagged to F_INVAL. 1629 * RFE: Today we dont have drivers that use devmap and want to handle 1630 * F_PROT calls. The code in segdev_fault* is written to allow 1631 * this case but is not tested. A driver that needs this capability 1632 * should be able to remove the short-circuit case; resolve the 1633 * above issues and "should" work. 1634 */ 1635 if (type == F_PROT) { 1636 return (FC_PROT); 1637 } 1638 1639 /* 1640 * Loop through dhp list calling devmap_access or segdev_faultpages for 1641 * each devmap handle. 1642 * drivers which implement devmap_access can interpose on faults and do 1643 * device-appropriate special actions before calling devmap_load. 1644 */ 1645 1646 /* 1647 * Unfortunately, this simple loop has turned out to expose a variety 1648 * of complex problems which results in the following convoluted code. 1649 * 1650 * First, a desire to handle a serialization of F_SOFTLOCK calls 1651 * to the driver within the framework. 1652 * This results in a dh_softlock structure that is on a per device 1653 * (or device instance) basis and serializes devmap_access calls. 1654 * Ideally we would need to do this for underlying 1655 * memory/device regions that are being faulted on 1656 * but that is hard to identify and with REMAP, harder 1657 * Second, a desire to serialize F_INVAL(and F_PROT) calls w.r.t. 1658 * to F_SOFTLOCK calls to the driver. 1659 * These serializations are to simplify the driver programmer model. 1660 * To support these two features, the code first goes through the 1661 * devmap handles and counts the pages (slpage) that are covered 1662 * by devmap_access callbacks. 1663 * This part ends with a devmap_softlock_enter call 1664 * which allows only one F_SOFTLOCK active on a device instance, 1665 * but multiple F_INVAL/F_PROTs can be active except when a 1666 * F_SOFTLOCK is active 1667 * 1668 * Next, we dont short-circuit the fault code upfront to call 1669 * segdev_softunlock for F_SOFTUNLOCK, because we must use 1670 * the same length when we softlock and softunlock. 1671 * 1672 * -Hat layers may not support softunlocking lengths less than the 1673 * original length when there is large page support. 1674 * -kpmem locking is dependent on keeping the lengths same. 1675 * -if drivers handled F_SOFTLOCK, they probably also expect to 1676 * see an F_SOFTUNLOCK of the same length 1677 * Hence, if extending lengths during softlock, 1678 * softunlock has to make the same adjustments and goes through 1679 * the same loop calling segdev_faultpages/segdev_softunlock 1680 * But some of the synchronization and error handling is different 1681 */ 1682 1683 if (type != F_SOFTUNLOCK) { 1684 devmap_handle_t *dhpp = dhp; 1685 size_t slen = len; 1686 1687 /* 1688 * Calculate count of pages that are : 1689 * a) within the (potentially extended) fault region 1690 * b) AND covered by devmap handle with devmap_access 1691 */ 1692 off = (ulong_t)(addr - dhpp->dh_uvaddr); 1693 while (slen != 0) { 1694 size_t mlen; 1695 1696 /* 1697 * Softlocking on a region that allows remap is 1698 * unsupported due to unresolved locking issues 1699 * XXX: unclear what these are? 1700 * One potential is that if there is a pending 1701 * softlock, then a remap should not be allowed 1702 * until the unlock is done. This is easily 1703 * fixed by returning error in devmap*remap on 1704 * checking the dh->dh_softlock->softlocked value 1705 */ 1706 if ((type == F_SOFTLOCK) && 1707 (dhpp->dh_flags & DEVMAP_ALLOW_REMAP)) { 1708 return (FC_NOSUPPORT); 1709 } 1710 1711 mlen = MIN(slen, (dhpp->dh_len - off)); 1712 if (dhpp->dh_callbackops.devmap_access) { 1713 size_t llen; 1714 caddr_t laddr; 1715 /* 1716 * use extended length for large page mappings 1717 */ 1718 HOLD_DHP_LOCK(dhpp); 1719 if ((sdp->pageprot == 0) && 1720 (dhpp->dh_flags & DEVMAP_FLAG_LARGE)) { 1721 devmap_get_large_pgsize(dhpp, 1722 mlen, maddr, &llen, &laddr); 1723 } else { 1724 llen = mlen; 1725 } 1726 RELE_DHP_LOCK(dhpp); 1727 1728 slpage += btopr(llen); 1729 slock = dhpp->dh_softlock; 1730 } 1731 maddr += mlen; 1732 ASSERT(slen >= mlen); 1733 slen -= mlen; 1734 dhpp = dhpp->dh_next; 1735 off = 0; 1736 } 1737 /* 1738 * synchonize with other faulting threads and wait till safe 1739 * devmap_softlock_enter might return due to signal in cv_wait 1740 * 1741 * devmap_softlock_enter has to be called outside of while loop 1742 * to prevent a deadlock if len spans over multiple dhps. 1743 * dh_softlock is based on device instance and if multiple dhps 1744 * use the same device instance, the second dhp's LOCK call 1745 * will hang waiting on the first to complete. 1746 * devmap_setup verifies that slocks in a dhp_chain are same. 1747 * RFE: this deadlock only hold true for F_SOFTLOCK. For 1748 * F_INVAL/F_PROT, since we now allow multiple in parallel, 1749 * we could have done the softlock_enter inside the loop 1750 * and supported multi-dhp mappings with dissimilar devices 1751 */ 1752 if (err = devmap_softlock_enter(slock, slpage, type)) 1753 return (FC_MAKE_ERR(err)); 1754 } 1755 1756 /* reset 'maddr' to the start addr of the range of fault. */ 1757 maddr = addr; 1758 1759 /* calculate the offset corresponds to 'addr' in the first dhp. */ 1760 off = (ulong_t)(addr - dhp->dh_uvaddr); 1761 1762 /* 1763 * The fault length may span over multiple dhps. 1764 * Loop until the total length is satisfied. 1765 */ 1766 while (len != 0) { 1767 size_t llen; 1768 size_t mlen; 1769 caddr_t laddr; 1770 1771 /* 1772 * mlen is the smaller of 'len' and the length 1773 * from addr to the end of mapping defined by dhp. 1774 */ 1775 mlen = MIN(len, (dhp->dh_len - off)); 1776 1777 HOLD_DHP_LOCK(dhp); 1778 /* 1779 * Pass the extended length and address to devmap_access 1780 * if large pagesize is used for loading address translations. 1781 */ 1782 if ((sdp->pageprot == 0) && 1783 (dhp->dh_flags & DEVMAP_FLAG_LARGE)) { 1784 devmap_get_large_pgsize(dhp, mlen, maddr, 1785 &llen, &laddr); 1786 ASSERT(maddr == addr || laddr == maddr); 1787 } else { 1788 llen = mlen; 1789 laddr = maddr; 1790 } 1791 1792 if (dhp->dh_callbackops.devmap_access != NULL) { 1793 offset_t aoff; 1794 1795 aoff = sdp->offset + (offset_t)(laddr - seg->s_base); 1796 1797 /* 1798 * call driver's devmap_access entry point which will 1799 * call devmap_load/contextmgmt to load the translations 1800 * 1801 * We drop the dhp_lock before calling access so 1802 * drivers can call devmap_*_remap within access 1803 */ 1804 RELE_DHP_LOCK(dhp); 1805 1806 err = (*dhp->dh_callbackops.devmap_access)( 1807 dhp, (void *)dhp->dh_pvtp, aoff, llen, type, rw); 1808 } else { 1809 /* 1810 * If no devmap_access entry point, then load mappings 1811 * hold dhp_lock across faultpages if REMAP 1812 */ 1813 err = segdev_faultpages(hat, seg, laddr, llen, 1814 type, rw, dhp); 1815 err_is_faultcode = 1; 1816 RELE_DHP_LOCK(dhp); 1817 } 1818 1819 if (err) { 1820 if ((type == F_SOFTLOCK) && (maddr > addr)) { 1821 /* 1822 * If not first dhp, use 1823 * segdev_fault(F_SOFTUNLOCK) for prior dhps 1824 * While this is recursion, it is incorrect to 1825 * call just segdev_softunlock 1826 * if we are using either large pages 1827 * or devmap_access. It will be more right 1828 * to go through the same loop as above 1829 * rather than call segdev_softunlock directly 1830 * It will use the right lenghths as well as 1831 * call into the driver devmap_access routines. 1832 */ 1833 size_t done = (size_t)(maddr - addr); 1834 (void) segdev_fault(hat, seg, addr, done, 1835 F_SOFTUNLOCK, S_OTHER); 1836 /* 1837 * reduce slpage by number of pages 1838 * released by segdev_softunlock 1839 */ 1840 ASSERT(slpage >= btopr(done)); 1841 devmap_softlock_exit(slock, 1842 slpage - btopr(done), type); 1843 } else { 1844 devmap_softlock_exit(slock, slpage, type); 1845 } 1846 1847 1848 /* 1849 * Segdev_faultpages() already returns a faultcode, 1850 * hence, result from segdev_faultpages() should be 1851 * returned directly. 1852 */ 1853 if (err_is_faultcode) 1854 return (err); 1855 return (FC_MAKE_ERR(err)); 1856 } 1857 1858 maddr += mlen; 1859 ASSERT(len >= mlen); 1860 len -= mlen; 1861 dhp = dhp->dh_next; 1862 off = 0; 1863 1864 ASSERT(!dhp || len == 0 || maddr == dhp->dh_uvaddr); 1865 } 1866 /* 1867 * release the softlock count at end of fault 1868 * For F_SOFTLOCk this is done in the later F_SOFTUNLOCK 1869 */ 1870 if ((type == F_INVAL) || (type == F_PROT)) 1871 devmap_softlock_exit(slock, slpage, type); 1872 return (0); 1873 } 1874 1875 /* 1876 * segdev_faultpages 1877 * 1878 * Used to fault in seg_dev segment pages. Called by segdev_fault or devmap_load 1879 * This routine assumes that the callers makes sure that the fields 1880 * in dhp used below are not changed due to remap during this call. 1881 * Caller does HOLD_DHP_LOCK if neeed 1882 * This routine returns a faultcode_t as a return value for segdev_fault. 1883 */ 1884 static faultcode_t 1885 segdev_faultpages( 1886 struct hat *hat, /* the hat */ 1887 struct seg *seg, /* the seg_dev of interest */ 1888 caddr_t addr, /* the address of the fault */ 1889 size_t len, /* the length of the range */ 1890 enum fault_type type, /* type of fault */ 1891 enum seg_rw rw, /* type of access at fault */ 1892 devmap_handle_t *dhp) /* devmap handle */ 1893 { 1894 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 1895 register caddr_t a; 1896 struct vpage *vpage; 1897 struct ddi_umem_cookie *kpmem_cookie = NULL; 1898 int err; 1899 1900 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_FAULTPAGES, 1901 "segdev_faultpages: dhp=%p seg=%p addr=%p len=%lx", 1902 (void *)dhp, (void *)seg, (void *)addr, len); 1903 DEBUGF(5, (CE_CONT, "segdev_faultpages: " 1904 "dhp %p seg %p addr %p len %lx\n", 1905 (void *)dhp, (void *)seg, (void *)addr, len)); 1906 1907 /* 1908 * The seg_dev driver does not implement copy-on-write, 1909 * and always loads translations with maximal allowed permissions 1910 * but we got an fault trying to access the device. 1911 * Servicing the fault is not going to result in any better result 1912 * XXX: If we want to allow devmap_access to handle F_PROT calls, 1913 * This code should be removed and let the normal fault handling 1914 * take care of finding the error 1915 */ 1916 if (type == F_PROT) { 1917 return (FC_PROT); 1918 } 1919 1920 if (type == F_SOFTUNLOCK) { 1921 segdev_softunlock(hat, seg, addr, len, rw); 1922 return (0); 1923 } 1924 1925 /* 1926 * For kernel pageable memory, fault/lock segkp pages 1927 * We hold this until the completion of this 1928 * fault (INVAL/PROT) or till unlock (SOFTLOCK). 1929 */ 1930 if ((dhp != NULL) && dhp_is_kpmem(dhp)) { 1931 kpmem_cookie = (struct ddi_umem_cookie *)dhp->dh_cookie; 1932 if (err = acquire_kpmem_lock(kpmem_cookie, btopr(len))) 1933 return (err); 1934 } 1935 1936 /* 1937 * If we have the same protections for the entire segment, 1938 * insure that the access being attempted is legitimate. 1939 */ 1940 mutex_enter(&sdp->lock); 1941 if (sdp->pageprot == 0) { 1942 uint_t protchk; 1943 1944 switch (rw) { 1945 case S_READ: 1946 protchk = PROT_READ; 1947 break; 1948 case S_WRITE: 1949 protchk = PROT_WRITE; 1950 break; 1951 case S_EXEC: 1952 protchk = PROT_EXEC; 1953 break; 1954 case S_OTHER: 1955 default: 1956 protchk = PROT_READ | PROT_WRITE | PROT_EXEC; 1957 break; 1958 } 1959 1960 if ((sdp->prot & protchk) == 0) { 1961 mutex_exit(&sdp->lock); 1962 /* undo kpmem locking */ 1963 if (kpmem_cookie != NULL) { 1964 release_kpmem_lock(kpmem_cookie, btopr(len)); 1965 } 1966 return (FC_PROT); /* illegal access type */ 1967 } 1968 } 1969 1970 /* 1971 * we do a single hat_devload for the range if 1972 * - devmap framework (dhp is not NULL), 1973 * - pageprot == 0, i.e., no per-page protection set and 1974 * - is device pages, irrespective of whether we are using large pages 1975 */ 1976 if ((sdp->pageprot == 0) && (dhp != NULL) && dhp_is_devmem(dhp)) { 1977 pfn_t pfnum; 1978 uint_t hat_flags; 1979 1980 if (dhp->dh_flags & DEVMAP_MAPPING_INVALID) { 1981 mutex_exit(&sdp->lock); 1982 return (FC_NOMAP); 1983 } 1984 1985 if (type == F_SOFTLOCK) { 1986 mutex_enter(&freemem_lock); 1987 sdp->softlockcnt += btopr(len); 1988 mutex_exit(&freemem_lock); 1989 } 1990 1991 hat_flags = ((type == F_SOFTLOCK) ? HAT_LOAD_LOCK : HAT_LOAD); 1992 pfnum = dhp->dh_pfn + btop((uintptr_t)(addr - dhp->dh_uvaddr)); 1993 ASSERT(!pf_is_memory(pfnum)); 1994 1995 hat_devload(hat, addr, len, pfnum, sdp->prot | dhp->dh_hat_attr, 1996 hat_flags | sdp->hat_flags); 1997 mutex_exit(&sdp->lock); 1998 return (0); 1999 } 2000 2001 /* Handle cases where we have to loop through fault handling per-page */ 2002 2003 if (sdp->vpage == NULL) 2004 vpage = NULL; 2005 else 2006 vpage = &sdp->vpage[seg_page(seg, addr)]; 2007 2008 /* loop over the address range handling each fault */ 2009 for (a = addr; a < addr + len; a += PAGESIZE) { 2010 if (err = segdev_faultpage(hat, seg, a, vpage, type, rw, dhp)) { 2011 break; 2012 } 2013 if (vpage != NULL) 2014 vpage++; 2015 } 2016 mutex_exit(&sdp->lock); 2017 if (err && (type == F_SOFTLOCK)) { /* error handling for F_SOFTLOCK */ 2018 size_t done = (size_t)(a - addr); /* pages fault successfully */ 2019 if (done > 0) { 2020 /* use softunlock for those pages */ 2021 segdev_softunlock(hat, seg, addr, done, S_OTHER); 2022 } 2023 if (kpmem_cookie != NULL) { 2024 /* release kpmem lock for rest of pages */ 2025 ASSERT(len >= done); 2026 release_kpmem_lock(kpmem_cookie, btopr(len - done)); 2027 } 2028 } else if ((kpmem_cookie != NULL) && (type != F_SOFTLOCK)) { 2029 /* for non-SOFTLOCK cases, release kpmem */ 2030 release_kpmem_lock(kpmem_cookie, btopr(len)); 2031 } 2032 return (err); 2033 } 2034 2035 /* 2036 * Asynchronous page fault. We simply do nothing since this 2037 * entry point is not supposed to load up the translation. 2038 */ 2039 /*ARGSUSED*/ 2040 static faultcode_t 2041 segdev_faulta(struct seg *seg, caddr_t addr) 2042 { 2043 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_FAULTA, 2044 "segdev_faulta: seg=%p addr=%p", (void *)seg, (void *)addr); 2045 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2046 2047 return (0); 2048 } 2049 2050 static int 2051 segdev_setprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot) 2052 { 2053 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2054 register devmap_handle_t *dhp; 2055 register struct vpage *vp, *evp; 2056 devmap_handle_t *dhp_head = (devmap_handle_t *)sdp->devmap_data; 2057 ulong_t off; 2058 size_t mlen, sz; 2059 2060 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT, 2061 "segdev_setprot:start seg=%p addr=%p len=%lx prot=%x", 2062 (void *)seg, (void *)addr, len, prot); 2063 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2064 2065 if ((sz = sdp->softlockcnt) > 0 && dhp_head != NULL) { 2066 /* 2067 * Fail the setprot if pages are SOFTLOCKed through this 2068 * mapping. 2069 * Softlockcnt is protected from change by the as read lock. 2070 */ 2071 TRACE_1(TR_FAC_DEVMAP, TR_DEVMAP_SETPROT_CK1, 2072 "segdev_setprot:error softlockcnt=%lx", sz); 2073 DEBUGF(1, (CE_CONT, "segdev_setprot: softlockcnt %ld\n", sz)); 2074 return (EAGAIN); 2075 } 2076 2077 if (dhp_head != NULL) { 2078 if ((dhp = devmap_find_handle(dhp_head, addr)) == NULL) 2079 return (EINVAL); 2080 2081 /* 2082 * check if violate maxprot. 2083 */ 2084 off = (ulong_t)(addr - dhp->dh_uvaddr); 2085 mlen = len; 2086 while (dhp) { 2087 if ((dhp->dh_maxprot & prot) != prot) 2088 return (EACCES); /* violated maxprot */ 2089 2090 if (mlen > (dhp->dh_len - off)) { 2091 mlen -= dhp->dh_len - off; 2092 dhp = dhp->dh_next; 2093 off = 0; 2094 } else 2095 break; 2096 } 2097 } else { 2098 if ((sdp->maxprot & prot) != prot) 2099 return (EACCES); 2100 } 2101 2102 mutex_enter(&sdp->lock); 2103 if (addr == seg->s_base && len == seg->s_size && sdp->pageprot == 0) { 2104 if (sdp->prot == prot) { 2105 mutex_exit(&sdp->lock); 2106 return (0); /* all done */ 2107 } 2108 sdp->prot = (uchar_t)prot; 2109 } else { 2110 sdp->pageprot = 1; 2111 if (sdp->vpage == NULL) { 2112 /* 2113 * First time through setting per page permissions, 2114 * initialize all the vpage structures to prot 2115 */ 2116 sdp->vpage = kmem_zalloc(vpgtob(seg_pages(seg)), 2117 KM_SLEEP); 2118 evp = &sdp->vpage[seg_pages(seg)]; 2119 for (vp = sdp->vpage; vp < evp; vp++) 2120 VPP_SETPROT(vp, sdp->prot); 2121 } 2122 /* 2123 * Now go change the needed vpages protections. 2124 */ 2125 evp = &sdp->vpage[seg_page(seg, addr + len)]; 2126 for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) 2127 VPP_SETPROT(vp, prot); 2128 } 2129 mutex_exit(&sdp->lock); 2130 2131 if (dhp_head != NULL) { 2132 devmap_handle_t *tdhp; 2133 /* 2134 * If large page size was used in hat_devload(), 2135 * the same page size must be used in hat_unload(). 2136 */ 2137 dhp = tdhp = devmap_find_handle(dhp_head, addr); 2138 while (tdhp != NULL) { 2139 if (tdhp->dh_flags & DEVMAP_FLAG_LARGE) { 2140 break; 2141 } 2142 tdhp = tdhp->dh_next; 2143 } 2144 if (tdhp) { 2145 size_t slen = len; 2146 size_t mlen; 2147 size_t soff; 2148 2149 soff = (ulong_t)(addr - dhp->dh_uvaddr); 2150 while (slen != 0) { 2151 mlen = MIN(slen, (dhp->dh_len - soff)); 2152 hat_unload(seg->s_as->a_hat, dhp->dh_uvaddr, 2153 dhp->dh_len, HAT_UNLOAD); 2154 dhp = dhp->dh_next; 2155 ASSERT(slen >= mlen); 2156 slen -= mlen; 2157 soff = 0; 2158 } 2159 return (0); 2160 } 2161 } 2162 2163 if ((prot & ~PROT_USER) == PROT_NONE) { 2164 hat_unload(seg->s_as->a_hat, addr, len, HAT_UNLOAD); 2165 } else { 2166 /* 2167 * RFE: the segment should keep track of all attributes 2168 * allowing us to remove the deprecated hat_chgprot 2169 * and use hat_chgattr. 2170 */ 2171 hat_chgprot(seg->s_as->a_hat, addr, len, prot); 2172 } 2173 2174 return (0); 2175 } 2176 2177 static int 2178 segdev_checkprot(struct seg *seg, caddr_t addr, size_t len, uint_t prot) 2179 { 2180 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2181 struct vpage *vp, *evp; 2182 2183 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_CHECKPROT, 2184 "segdev_checkprot:start seg=%p addr=%p len=%lx prot=%x", 2185 (void *)seg, (void *)addr, len, prot); 2186 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2187 2188 /* 2189 * If segment protection can be used, simply check against them 2190 */ 2191 mutex_enter(&sdp->lock); 2192 if (sdp->pageprot == 0) { 2193 register int err; 2194 2195 err = ((sdp->prot & prot) != prot) ? EACCES : 0; 2196 mutex_exit(&sdp->lock); 2197 return (err); 2198 } 2199 2200 /* 2201 * Have to check down to the vpage level 2202 */ 2203 evp = &sdp->vpage[seg_page(seg, addr + len)]; 2204 for (vp = &sdp->vpage[seg_page(seg, addr)]; vp < evp; vp++) { 2205 if ((VPP_PROT(vp) & prot) != prot) { 2206 mutex_exit(&sdp->lock); 2207 return (EACCES); 2208 } 2209 } 2210 mutex_exit(&sdp->lock); 2211 return (0); 2212 } 2213 2214 static int 2215 segdev_getprot(struct seg *seg, caddr_t addr, size_t len, uint_t *protv) 2216 { 2217 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2218 size_t pgno; 2219 2220 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_GETPROT, 2221 "segdev_getprot:start seg=%p addr=%p len=%lx protv=%p", 2222 (void *)seg, (void *)addr, len, (void *)protv); 2223 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2224 2225 pgno = seg_page(seg, addr + len) - seg_page(seg, addr) + 1; 2226 if (pgno != 0) { 2227 mutex_enter(&sdp->lock); 2228 if (sdp->pageprot == 0) { 2229 do 2230 protv[--pgno] = sdp->prot; 2231 while (pgno != 0); 2232 } else { 2233 size_t pgoff = seg_page(seg, addr); 2234 2235 do { 2236 pgno--; 2237 protv[pgno] = 2238 VPP_PROT(&sdp->vpage[pgno + pgoff]); 2239 } while (pgno != 0); 2240 } 2241 mutex_exit(&sdp->lock); 2242 } 2243 return (0); 2244 } 2245 2246 static u_offset_t 2247 segdev_getoffset(register struct seg *seg, caddr_t addr) 2248 { 2249 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2250 2251 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETOFFSET, 2252 "segdev_getoffset:start seg=%p addr=%p", (void *)seg, (void *)addr); 2253 2254 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2255 2256 return ((u_offset_t)sdp->offset + (addr - seg->s_base)); 2257 } 2258 2259 /*ARGSUSED*/ 2260 static int 2261 segdev_gettype(register struct seg *seg, caddr_t addr) 2262 { 2263 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2264 2265 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETTYPE, 2266 "segdev_gettype:start seg=%p addr=%p", (void *)seg, (void *)addr); 2267 2268 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2269 2270 return (sdp->type); 2271 } 2272 2273 2274 /*ARGSUSED*/ 2275 static int 2276 segdev_getvp(register struct seg *seg, caddr_t addr, struct vnode **vpp) 2277 { 2278 register struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 2279 2280 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_GETVP, 2281 "segdev_getvp:start seg=%p addr=%p", (void *)seg, (void *)addr); 2282 2283 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2284 2285 /* 2286 * Note that this vp is the common_vp of the device, where the 2287 * pages are hung .. 2288 */ 2289 *vpp = VTOCVP(sdp->vp); 2290 2291 return (0); 2292 } 2293 2294 static void 2295 segdev_badop(void) 2296 { 2297 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGDEV_BADOP, 2298 "segdev_badop:start"); 2299 panic("segdev_badop"); 2300 /*NOTREACHED*/ 2301 } 2302 2303 /* 2304 * segdev pages are not in the cache, and thus can't really be controlled. 2305 * Hence, syncs are simply always successful. 2306 */ 2307 /*ARGSUSED*/ 2308 static int 2309 segdev_sync(struct seg *seg, caddr_t addr, size_t len, int attr, uint_t flags) 2310 { 2311 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SYNC, "segdev_sync:start"); 2312 2313 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2314 2315 return (0); 2316 } 2317 2318 /* 2319 * segdev pages are always "in core". 2320 */ 2321 /*ARGSUSED*/ 2322 static size_t 2323 segdev_incore(struct seg *seg, caddr_t addr, size_t len, char *vec) 2324 { 2325 size_t v = 0; 2326 2327 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_INCORE, "segdev_incore:start"); 2328 2329 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2330 2331 for (len = (len + PAGEOFFSET) & PAGEMASK; len; len -= PAGESIZE, 2332 v += PAGESIZE) 2333 *vec++ = 1; 2334 return (v); 2335 } 2336 2337 /* 2338 * segdev pages are not in the cache, and thus can't really be controlled. 2339 * Hence, locks are simply always successful. 2340 */ 2341 /*ARGSUSED*/ 2342 static int 2343 segdev_lockop(struct seg *seg, caddr_t addr, 2344 size_t len, int attr, int op, ulong_t *lockmap, size_t pos) 2345 { 2346 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_LOCKOP, "segdev_lockop:start"); 2347 2348 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2349 2350 return (0); 2351 } 2352 2353 /* 2354 * segdev pages are not in the cache, and thus can't really be controlled. 2355 * Hence, advise is simply always successful. 2356 */ 2357 /*ARGSUSED*/ 2358 static int 2359 segdev_advise(struct seg *seg, caddr_t addr, size_t len, uint_t behav) 2360 { 2361 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_ADVISE, "segdev_advise:start"); 2362 2363 ASSERT(seg->s_as && AS_LOCK_HELD(seg->s_as, &seg->s_as->a_lock)); 2364 2365 return (0); 2366 } 2367 2368 /* 2369 * segdev pages are not dumped, so we just return 2370 */ 2371 /*ARGSUSED*/ 2372 static void 2373 segdev_dump(struct seg *seg) 2374 {} 2375 2376 /* 2377 * ddi_segmap_setup: Used by drivers who wish specify mapping attributes 2378 * for a segment. Called from a drivers segmap(9E) 2379 * routine. 2380 */ 2381 /*ARGSUSED*/ 2382 int 2383 ddi_segmap_setup(dev_t dev, off_t offset, struct as *as, caddr_t *addrp, 2384 off_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cred, 2385 ddi_device_acc_attr_t *accattrp, uint_t rnumber) 2386 { 2387 struct segdev_crargs dev_a; 2388 int (*mapfunc)(dev_t dev, off_t off, int prot); 2389 uint_t hat_attr; 2390 pfn_t pfn; 2391 int error, i; 2392 2393 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP_SETUP, 2394 "ddi_segmap_setup:start"); 2395 2396 if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev) 2397 return (ENODEV); 2398 2399 /* 2400 * Character devices that support the d_mmap 2401 * interface can only be mmap'ed shared. 2402 */ 2403 if ((flags & MAP_TYPE) != MAP_SHARED) 2404 return (EINVAL); 2405 2406 /* 2407 * Check that this region is indeed mappable on this platform. 2408 * Use the mapping function. 2409 */ 2410 if (ddi_device_mapping_check(dev, accattrp, rnumber, &hat_attr) == -1) 2411 return (ENXIO); 2412 2413 /* 2414 * Check to ensure that the entire range is 2415 * legal and we are not trying to map in 2416 * more than the device will let us. 2417 */ 2418 for (i = 0; i < len; i += PAGESIZE) { 2419 if (i == 0) { 2420 /* 2421 * Save the pfn at offset here. This pfn will be 2422 * used later to get user address. 2423 */ 2424 if ((pfn = (pfn_t)cdev_mmap(mapfunc, dev, offset, 2425 maxprot)) == PFN_INVALID) 2426 return (ENXIO); 2427 } else { 2428 if (cdev_mmap(mapfunc, dev, offset + i, maxprot) == 2429 PFN_INVALID) 2430 return (ENXIO); 2431 } 2432 } 2433 2434 as_rangelock(as); 2435 if ((flags & MAP_FIXED) == 0) { 2436 /* 2437 * Pick an address w/o worrying about 2438 * any vac alignment constraints. 2439 */ 2440 map_addr(addrp, len, ptob(pfn), 0, flags); 2441 if (*addrp == NULL) { 2442 as_rangeunlock(as); 2443 return (ENOMEM); 2444 } 2445 } else { 2446 /* 2447 * User-specified address; blow away any previous mappings. 2448 */ 2449 (void) as_unmap(as, *addrp, len); 2450 } 2451 2452 dev_a.mapfunc = mapfunc; 2453 dev_a.dev = dev; 2454 dev_a.offset = (offset_t)offset; 2455 dev_a.type = flags & MAP_TYPE; 2456 dev_a.prot = (uchar_t)prot; 2457 dev_a.maxprot = (uchar_t)maxprot; 2458 dev_a.hat_attr = hat_attr; 2459 dev_a.hat_flags = 0; 2460 dev_a.devmap_data = NULL; 2461 2462 error = as_map(as, *addrp, len, segdev_create, &dev_a); 2463 as_rangeunlock(as); 2464 return (error); 2465 2466 } 2467 2468 /*ARGSUSED*/ 2469 static int 2470 segdev_pagelock(struct seg *seg, caddr_t addr, size_t len, 2471 struct page ***ppp, enum lock_type type, enum seg_rw rw) 2472 { 2473 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_PAGELOCK, 2474 "segdev_pagelock:start"); 2475 return (ENOTSUP); 2476 } 2477 2478 /*ARGSUSED*/ 2479 static int 2480 segdev_setpagesize(struct seg *seg, caddr_t addr, size_t len, 2481 uint_t szc) 2482 { 2483 return (ENOTSUP); 2484 } 2485 2486 /* 2487 * devmap_device: Used by devmap framework to establish mapping 2488 * called by devmap_seup(9F) during map setup time. 2489 */ 2490 /*ARGSUSED*/ 2491 static int 2492 devmap_device(devmap_handle_t *dhp, struct as *as, caddr_t *addr, 2493 offset_t off, size_t len, uint_t flags) 2494 { 2495 devmap_handle_t *rdhp, *maxdhp; 2496 struct segdev_crargs dev_a; 2497 int err; 2498 uint_t maxprot = PROT_ALL; 2499 offset_t offset = 0; 2500 pfn_t pfn; 2501 struct devmap_pmem_cookie *pcp; 2502 2503 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVICE, 2504 "devmap_device:start dhp=%p addr=%p off=%llx, len=%lx", 2505 (void *)dhp, (void *)addr, off, len); 2506 2507 DEBUGF(2, (CE_CONT, "devmap_device: dhp %p addr %p off %llx len %lx\n", 2508 (void *)dhp, (void *)addr, off, len)); 2509 2510 as_rangelock(as); 2511 if ((flags & MAP_FIXED) == 0) { 2512 offset_t aligned_off; 2513 2514 rdhp = maxdhp = dhp; 2515 while (rdhp != NULL) { 2516 maxdhp = (maxdhp->dh_len > rdhp->dh_len) ? 2517 maxdhp : rdhp; 2518 rdhp = rdhp->dh_next; 2519 maxprot |= dhp->dh_maxprot; 2520 } 2521 offset = maxdhp->dh_uoff - dhp->dh_uoff; 2522 2523 /* 2524 * Use the dhp that has the 2525 * largest len to get user address. 2526 */ 2527 /* 2528 * If MAPPING_INVALID, cannot use dh_pfn/dh_cvaddr, 2529 * use 0 which is as good as any other. 2530 */ 2531 if (maxdhp->dh_flags & DEVMAP_MAPPING_INVALID) { 2532 aligned_off = (offset_t)0; 2533 } else if (dhp_is_devmem(maxdhp)) { 2534 aligned_off = (offset_t)ptob(maxdhp->dh_pfn) - offset; 2535 } else if (dhp_is_pmem(maxdhp)) { 2536 pcp = (struct devmap_pmem_cookie *)maxdhp->dh_pcookie; 2537 pfn = page_pptonum( 2538 pcp->dp_pparray[btop(maxdhp->dh_roff)]); 2539 aligned_off = (offset_t)ptob(pfn) - offset; 2540 } else { 2541 aligned_off = (offset_t)(uintptr_t)maxdhp->dh_cvaddr - 2542 offset; 2543 } 2544 2545 /* 2546 * Pick an address aligned to dh_cookie. 2547 * for kernel memory/user memory, cookie is cvaddr. 2548 * for device memory, cookie is physical address. 2549 */ 2550 map_addr(addr, len, aligned_off, 1, flags); 2551 if (*addr == NULL) { 2552 as_rangeunlock(as); 2553 return (ENOMEM); 2554 } 2555 } else { 2556 /* 2557 * User-specified address; blow away any previous mappings. 2558 */ 2559 (void) as_unmap(as, *addr, len); 2560 } 2561 2562 dev_a.mapfunc = NULL; 2563 dev_a.dev = dhp->dh_dev; 2564 dev_a.type = flags & MAP_TYPE; 2565 dev_a.offset = off; 2566 /* 2567 * sdp->maxprot has the least restrict protection of all dhps. 2568 */ 2569 dev_a.maxprot = maxprot; 2570 dev_a.prot = dhp->dh_prot; 2571 /* 2572 * devmap uses dhp->dh_hat_attr for hat. 2573 */ 2574 dev_a.hat_flags = 0; 2575 dev_a.hat_attr = 0; 2576 dev_a.devmap_data = (void *)dhp; 2577 2578 err = as_map(as, *addr, len, segdev_create, &dev_a); 2579 as_rangeunlock(as); 2580 return (err); 2581 } 2582 2583 int 2584 devmap_do_ctxmgt(devmap_cookie_t dhc, void *pvtp, offset_t off, size_t len, 2585 uint_t type, uint_t rw, int (*ctxmgt)(devmap_cookie_t, void *, offset_t, 2586 size_t, uint_t, uint_t)) 2587 { 2588 register devmap_handle_t *dhp = (devmap_handle_t *)dhc; 2589 struct devmap_ctx *devctx; 2590 int do_timeout = 0; 2591 int ret; 2592 2593 #ifdef lint 2594 pvtp = pvtp; 2595 #endif 2596 2597 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT, 2598 "devmap_do_ctxmgt:start dhp=%p off=%llx, len=%lx", 2599 (void *)dhp, off, len); 2600 DEBUGF(7, (CE_CONT, "devmap_do_ctxmgt: dhp %p off %llx len %lx\n", 2601 (void *)dhp, off, len)); 2602 2603 if (ctxmgt == NULL) 2604 return (FC_HWERR); 2605 2606 devctx = dhp->dh_ctx; 2607 2608 /* 2609 * If we are on an MP system with more than one cpu running 2610 * and if a thread on some CPU already has the context, wait 2611 * for it to finish if there is a hysteresis timeout. 2612 * 2613 * We call cv_wait() instead of cv_wait_sig() because 2614 * it does not matter much if it returned due to a signal 2615 * or due to a cv_signal() or cv_broadcast(). In either event 2616 * we need to complete the mapping otherwise the processes 2617 * will die with a SEGV. 2618 */ 2619 if ((dhp->dh_timeout_length > 0) && (ncpus > 1)) { 2620 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK1, 2621 "devmap_do_ctxmgt:doing hysteresis, devctl %p dhp %p", 2622 devctx, dhp); 2623 do_timeout = 1; 2624 mutex_enter(&devctx->lock); 2625 while (devctx->oncpu) 2626 cv_wait(&devctx->cv, &devctx->lock); 2627 devctx->oncpu = 1; 2628 mutex_exit(&devctx->lock); 2629 } 2630 2631 /* 2632 * Call the contextmgt callback so that the driver can handle 2633 * the fault. 2634 */ 2635 ret = (*ctxmgt)(dhp, dhp->dh_pvtp, off, len, type, rw); 2636 2637 /* 2638 * If devmap_access() returned -1, then there was a hardware 2639 * error so we need to convert the return value to something 2640 * that trap() will understand. Otherwise, the return value 2641 * is already a fault code generated by devmap_unload() 2642 * or devmap_load(). 2643 */ 2644 if (ret) { 2645 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK2, 2646 "devmap_do_ctxmgt: ret=%x dhp=%p devctx=%p", 2647 ret, dhp, devctx); 2648 DEBUGF(1, (CE_CONT, "devmap_do_ctxmgt: ret %x dhp %p\n", 2649 ret, (void *)dhp)); 2650 if (devctx->oncpu) { 2651 mutex_enter(&devctx->lock); 2652 devctx->oncpu = 0; 2653 cv_signal(&devctx->cv); 2654 mutex_exit(&devctx->lock); 2655 } 2656 return (FC_HWERR); 2657 } 2658 2659 /* 2660 * Setup the timeout if we need to 2661 */ 2662 if (do_timeout) { 2663 mutex_enter(&devctx->lock); 2664 if (dhp->dh_timeout_length > 0) { 2665 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK3, 2666 "devmap_do_ctxmgt:timeout set"); 2667 devctx->timeout = timeout(devmap_ctxto, 2668 devctx, dhp->dh_timeout_length); 2669 } else { 2670 /* 2671 * We don't want to wait so set oncpu to 2672 * 0 and wake up anyone waiting. 2673 */ 2674 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DO_CTXMGT_CK4, 2675 "devmap_do_ctxmgt:timeout not set"); 2676 devctx->oncpu = 0; 2677 cv_signal(&devctx->cv); 2678 } 2679 mutex_exit(&devctx->lock); 2680 } 2681 2682 return (DDI_SUCCESS); 2683 } 2684 2685 /* 2686 * end of mapping 2687 * poff fault_offset | 2688 * base | | | 2689 * | | | | 2690 * V V V V 2691 * +-----------+---------------+-------+---------+-------+ 2692 * ^ ^ ^ ^ 2693 * |<--- offset--->|<-len->| | 2694 * |<--- dh_len(size of mapping) --->| 2695 * |<-- pg -->| 2696 * -->|rlen|<-- 2697 */ 2698 static ulong_t 2699 devmap_roundup(devmap_handle_t *dhp, ulong_t offset, size_t len, 2700 ulong_t *opfn, ulong_t *pagesize) 2701 { 2702 register int level; 2703 ulong_t pg; 2704 ulong_t poff; 2705 ulong_t base; 2706 caddr_t uvaddr; 2707 long rlen; 2708 2709 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP, 2710 "devmap_roundup:start dhp=%p off=%lx len=%lx", 2711 (void *)dhp, offset, len); 2712 DEBUGF(2, (CE_CONT, "devmap_roundup: dhp %p off %lx len %lx\n", 2713 (void *)dhp, offset, len)); 2714 2715 /* 2716 * get the max. pagesize that is aligned within the range 2717 * <dh_pfn, dh_pfn+offset>. 2718 * 2719 * The calculations below use physical address to ddetermine 2720 * the page size to use. The same calculations can use the 2721 * virtual address to determine the page size. 2722 */ 2723 base = (ulong_t)ptob(dhp->dh_pfn); 2724 for (level = dhp->dh_mmulevel; level >= 0; level--) { 2725 pg = page_get_pagesize(level); 2726 poff = ((base + offset) & ~(pg - 1)); 2727 uvaddr = dhp->dh_uvaddr + (poff - base); 2728 if ((poff >= base) && 2729 ((poff + pg) <= (base + dhp->dh_len)) && 2730 VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg)) 2731 break; 2732 } 2733 2734 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK1, 2735 "devmap_roundup: base=%lx poff=%lx dhp=%p", 2736 base, poff, dhp); 2737 DEBUGF(2, (CE_CONT, "devmap_roundup: base %lx poff %lx pfn %lx\n", 2738 base, poff, dhp->dh_pfn)); 2739 2740 ASSERT(VA_PA_ALIGNED((uintptr_t)uvaddr, poff, pg)); 2741 ASSERT(level >= 0); 2742 2743 *pagesize = pg; 2744 *opfn = dhp->dh_pfn + btop(poff - base); 2745 2746 rlen = len + offset - (poff - base + pg); 2747 2748 ASSERT(rlen < (long)len); 2749 2750 TRACE_5(TR_FAC_DEVMAP, TR_DEVMAP_ROUNDUP_CK2, 2751 "devmap_roundup:ret dhp=%p level=%x rlen=%lx psiz=%p opfn=%p", 2752 (void *)dhp, level, rlen, pagesize, opfn); 2753 DEBUGF(1, (CE_CONT, "devmap_roundup: dhp %p " 2754 "level %x rlen %lx psize %lx opfn %lx\n", 2755 (void *)dhp, level, rlen, *pagesize, *opfn)); 2756 2757 return ((ulong_t)((rlen > 0) ? rlen : 0)); 2758 } 2759 2760 /* 2761 * find the dhp that contains addr. 2762 */ 2763 static devmap_handle_t * 2764 devmap_find_handle(devmap_handle_t *dhp_head, caddr_t addr) 2765 { 2766 devmap_handle_t *dhp; 2767 2768 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_FIND_HANDLE, 2769 "devmap_find_handle:start"); 2770 2771 dhp = dhp_head; 2772 while (dhp) { 2773 if (addr >= dhp->dh_uvaddr && 2774 addr < (dhp->dh_uvaddr + dhp->dh_len)) 2775 return (dhp); 2776 dhp = dhp->dh_next; 2777 } 2778 2779 return ((devmap_handle_t *)NULL); 2780 } 2781 2782 /* 2783 * devmap_unload: 2784 * Marks a segdev segment or pages if offset->offset+len 2785 * is not the entire segment as intercept and unloads the 2786 * pages in the range offset -> offset+len. 2787 */ 2788 int 2789 devmap_unload(devmap_cookie_t dhc, offset_t offset, size_t len) 2790 { 2791 register devmap_handle_t *dhp = (devmap_handle_t *)dhc; 2792 caddr_t addr; 2793 ulong_t size; 2794 ssize_t soff; 2795 2796 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_UNLOAD, 2797 "devmap_unload:start dhp=%p offset=%llx len=%lx", 2798 (void *)dhp, offset, len); 2799 DEBUGF(7, (CE_CONT, "devmap_unload: dhp %p offset %llx len %lx\n", 2800 (void *)dhp, offset, len)); 2801 2802 soff = (ssize_t)(offset - dhp->dh_uoff); 2803 soff = round_down_p2(soff, PAGESIZE); 2804 if (soff < 0 || soff >= dhp->dh_len) 2805 return (FC_MAKE_ERR(EINVAL)); 2806 2807 /* 2808 * Address and size must be page aligned. Len is set to the 2809 * number of bytes in the number of pages that are required to 2810 * support len. Offset is set to the byte offset of the first byte 2811 * of the page that contains offset. 2812 */ 2813 len = round_up_p2(len, PAGESIZE); 2814 2815 /* 2816 * If len is == 0, then calculate the size by getting 2817 * the number of bytes from offset to the end of the segment. 2818 */ 2819 if (len == 0) 2820 size = dhp->dh_len - soff; 2821 else { 2822 size = len; 2823 if ((soff + size) > dhp->dh_len) 2824 return (FC_MAKE_ERR(EINVAL)); 2825 } 2826 2827 /* 2828 * The address is offset bytes from the base address of 2829 * the dhp. 2830 */ 2831 addr = (caddr_t)(soff + dhp->dh_uvaddr); 2832 2833 /* 2834 * If large page size was used in hat_devload(), 2835 * the same page size must be used in hat_unload(). 2836 */ 2837 if (dhp->dh_flags & DEVMAP_FLAG_LARGE) { 2838 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 2839 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 2840 } else { 2841 hat_unload(dhp->dh_seg->s_as->a_hat, addr, size, 2842 HAT_UNLOAD|HAT_UNLOAD_OTHER); 2843 } 2844 2845 return (0); 2846 } 2847 2848 /* 2849 * calculates the optimal page size that will be used for hat_devload(). 2850 */ 2851 static void 2852 devmap_get_large_pgsize(devmap_handle_t *dhp, size_t len, caddr_t addr, 2853 size_t *llen, caddr_t *laddr) 2854 { 2855 ulong_t off; 2856 ulong_t pfn; 2857 ulong_t pgsize; 2858 uint_t first = 1; 2859 2860 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GET_LARGE_PGSIZE, 2861 "devmap_get_large_pgsize:start"); 2862 2863 /* 2864 * RFE - Code only supports large page mappings for devmem 2865 * This code could be changed in future if we want to support 2866 * large page mappings for kernel exported memory. 2867 */ 2868 ASSERT(dhp_is_devmem(dhp)); 2869 ASSERT(!(dhp->dh_flags & DEVMAP_MAPPING_INVALID)); 2870 2871 *llen = 0; 2872 off = (ulong_t)(addr - dhp->dh_uvaddr); 2873 while ((long)len > 0) { 2874 /* 2875 * get the optimal pfn to minimize address translations. 2876 * devmap_roundup() returns residue bytes for next round 2877 * calculations. 2878 */ 2879 len = devmap_roundup(dhp, off, len, &pfn, &pgsize); 2880 2881 if (first) { 2882 *laddr = dhp->dh_uvaddr + ptob(pfn - dhp->dh_pfn); 2883 first = 0; 2884 } 2885 2886 *llen += pgsize; 2887 off = ptob(pfn - dhp->dh_pfn) + pgsize; 2888 } 2889 /* Large page mapping len/addr cover more range than orginal fault */ 2890 ASSERT(*llen >= len && *laddr <= addr); 2891 ASSERT((*laddr + *llen) >= (addr + len)); 2892 } 2893 2894 /* 2895 * Initialize the devmap_softlock structure. 2896 */ 2897 static struct devmap_softlock * 2898 devmap_softlock_init(dev_t dev, ulong_t id) 2899 { 2900 struct devmap_softlock *slock; 2901 struct devmap_softlock *tmp; 2902 2903 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_INIT, 2904 "devmap_softlock_init:start"); 2905 2906 tmp = kmem_zalloc(sizeof (struct devmap_softlock), KM_SLEEP); 2907 mutex_enter(&devmap_slock); 2908 2909 for (slock = devmap_slist; slock != NULL; slock = slock->next) 2910 if ((slock->dev == dev) && (slock->id == id)) 2911 break; 2912 2913 if (slock == NULL) { 2914 slock = tmp; 2915 slock->dev = dev; 2916 slock->id = id; 2917 mutex_init(&slock->lock, NULL, MUTEX_DEFAULT, NULL); 2918 cv_init(&slock->cv, NULL, CV_DEFAULT, NULL); 2919 slock->next = devmap_slist; 2920 devmap_slist = slock; 2921 } else 2922 kmem_free(tmp, sizeof (struct devmap_softlock)); 2923 2924 mutex_enter(&slock->lock); 2925 slock->refcnt++; 2926 mutex_exit(&slock->lock); 2927 mutex_exit(&devmap_slock); 2928 2929 return (slock); 2930 } 2931 2932 /* 2933 * Wake up processes that sleep on softlocked. 2934 * Free dh_softlock if refcnt is 0. 2935 */ 2936 static void 2937 devmap_softlock_rele(devmap_handle_t *dhp) 2938 { 2939 struct devmap_softlock *slock = dhp->dh_softlock; 2940 struct devmap_softlock *tmp; 2941 struct devmap_softlock *parent; 2942 2943 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SOFTLOCK_RELE, 2944 "devmap_softlock_rele:start"); 2945 2946 mutex_enter(&devmap_slock); 2947 mutex_enter(&slock->lock); 2948 2949 ASSERT(slock->refcnt > 0); 2950 2951 slock->refcnt--; 2952 2953 /* 2954 * If no one is using the device, free up the slock data. 2955 */ 2956 if (slock->refcnt == 0) { 2957 slock->softlocked = 0; 2958 cv_signal(&slock->cv); 2959 2960 if (devmap_slist == slock) 2961 devmap_slist = slock->next; 2962 else { 2963 parent = devmap_slist; 2964 for (tmp = devmap_slist->next; tmp != NULL; 2965 tmp = tmp->next) { 2966 if (tmp == slock) { 2967 parent->next = tmp->next; 2968 break; 2969 } 2970 parent = tmp; 2971 } 2972 } 2973 mutex_exit(&slock->lock); 2974 mutex_destroy(&slock->lock); 2975 cv_destroy(&slock->cv); 2976 kmem_free(slock, sizeof (struct devmap_softlock)); 2977 } else 2978 mutex_exit(&slock->lock); 2979 2980 mutex_exit(&devmap_slock); 2981 } 2982 2983 /* 2984 * Wake up processes that sleep on dh_ctx->locked. 2985 * Free dh_ctx if refcnt is 0. 2986 */ 2987 static void 2988 devmap_ctx_rele(devmap_handle_t *dhp) 2989 { 2990 struct devmap_ctx *devctx = dhp->dh_ctx; 2991 struct devmap_ctx *tmp; 2992 struct devmap_ctx *parent; 2993 timeout_id_t tid; 2994 2995 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE, 2996 "devmap_ctx_rele:start"); 2997 2998 mutex_enter(&devmapctx_lock); 2999 mutex_enter(&devctx->lock); 3000 3001 ASSERT(devctx->refcnt > 0); 3002 3003 devctx->refcnt--; 3004 3005 /* 3006 * If no one is using the device, free up the devctx data. 3007 */ 3008 if (devctx->refcnt == 0) { 3009 /* 3010 * Untimeout any threads using this mapping as they are about 3011 * to go away. 3012 */ 3013 if (devctx->timeout != 0) { 3014 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_CTX_RELE_CK1, 3015 "devmap_ctx_rele:untimeout ctx->timeout"); 3016 3017 tid = devctx->timeout; 3018 mutex_exit(&devctx->lock); 3019 (void) untimeout(tid); 3020 mutex_enter(&devctx->lock); 3021 } 3022 3023 devctx->oncpu = 0; 3024 cv_signal(&devctx->cv); 3025 3026 if (devmapctx_list == devctx) 3027 devmapctx_list = devctx->next; 3028 else { 3029 parent = devmapctx_list; 3030 for (tmp = devmapctx_list->next; tmp != NULL; 3031 tmp = tmp->next) { 3032 if (tmp == devctx) { 3033 parent->next = tmp->next; 3034 break; 3035 } 3036 parent = tmp; 3037 } 3038 } 3039 mutex_exit(&devctx->lock); 3040 mutex_destroy(&devctx->lock); 3041 cv_destroy(&devctx->cv); 3042 kmem_free(devctx, sizeof (struct devmap_ctx)); 3043 } else 3044 mutex_exit(&devctx->lock); 3045 3046 mutex_exit(&devmapctx_lock); 3047 } 3048 3049 /* 3050 * devmap_load: 3051 * Marks a segdev segment or pages if offset->offset+len 3052 * is not the entire segment as nointercept and faults in 3053 * the pages in the range offset -> offset+len. 3054 */ 3055 int 3056 devmap_load(devmap_cookie_t dhc, offset_t offset, size_t len, uint_t type, 3057 uint_t rw) 3058 { 3059 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3060 struct as *asp = dhp->dh_seg->s_as; 3061 caddr_t addr; 3062 ulong_t size; 3063 ssize_t soff; /* offset from the beginning of the segment */ 3064 int rc; 3065 3066 TRACE_3(TR_FAC_DEVMAP, TR_DEVMAP_LOAD, 3067 "devmap_load:start dhp=%p offset=%llx len=%lx", 3068 (void *)dhp, offset, len); 3069 3070 DEBUGF(7, (CE_CONT, "devmap_load: dhp %p offset %llx len %lx\n", 3071 (void *)dhp, offset, len)); 3072 3073 /* 3074 * Hat layer only supports devload to process' context for which 3075 * the as lock is held. Verify here and return error if drivers 3076 * inadvertently call devmap_load on a wrong devmap handle. 3077 */ 3078 if ((asp != &kas) && !AS_LOCK_HELD(asp, &asp->a_lock)) 3079 return (FC_MAKE_ERR(EINVAL)); 3080 3081 soff = (ssize_t)(offset - dhp->dh_uoff); 3082 soff = round_down_p2(soff, PAGESIZE); 3083 if (soff < 0 || soff >= dhp->dh_len) 3084 return (FC_MAKE_ERR(EINVAL)); 3085 3086 /* 3087 * Address and size must be page aligned. Len is set to the 3088 * number of bytes in the number of pages that are required to 3089 * support len. Offset is set to the byte offset of the first byte 3090 * of the page that contains offset. 3091 */ 3092 len = round_up_p2(len, PAGESIZE); 3093 3094 /* 3095 * If len == 0, then calculate the size by getting 3096 * the number of bytes from offset to the end of the segment. 3097 */ 3098 if (len == 0) 3099 size = dhp->dh_len - soff; 3100 else { 3101 size = len; 3102 if ((soff + size) > dhp->dh_len) 3103 return (FC_MAKE_ERR(EINVAL)); 3104 } 3105 3106 /* 3107 * The address is offset bytes from the base address of 3108 * the segment. 3109 */ 3110 addr = (caddr_t)(soff + dhp->dh_uvaddr); 3111 3112 HOLD_DHP_LOCK(dhp); 3113 rc = segdev_faultpages(asp->a_hat, 3114 dhp->dh_seg, addr, size, type, rw, dhp); 3115 RELE_DHP_LOCK(dhp); 3116 return (rc); 3117 } 3118 3119 int 3120 devmap_setup(dev_t dev, offset_t off, struct as *as, caddr_t *addrp, 3121 size_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred) 3122 { 3123 register devmap_handle_t *dhp; 3124 int (*devmap)(dev_t, devmap_cookie_t, offset_t, size_t, 3125 size_t *, uint_t); 3126 int (*mmap)(dev_t, off_t, int); 3127 struct devmap_callback_ctl *callbackops; 3128 devmap_handle_t *dhp_head = NULL; 3129 devmap_handle_t *dhp_prev = NULL; 3130 devmap_handle_t *dhp_curr; 3131 caddr_t addr; 3132 int map_flag; 3133 int ret; 3134 ulong_t total_len; 3135 size_t map_len; 3136 size_t resid_len = len; 3137 offset_t map_off = off; 3138 struct devmap_softlock *slock = NULL; 3139 3140 #ifdef lint 3141 cred = cred; 3142 #endif 3143 3144 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SETUP, 3145 "devmap_setup:start off=%llx len=%lx", off, len); 3146 DEBUGF(3, (CE_CONT, "devmap_setup: off %llx len %lx\n", 3147 off, len)); 3148 3149 devmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_devmap; 3150 mmap = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap; 3151 3152 /* 3153 * driver must provide devmap(9E) entry point in cb_ops to use the 3154 * devmap framework. 3155 */ 3156 if (devmap == NULL || devmap == nulldev || devmap == nodev) 3157 return (EINVAL); 3158 3159 /* 3160 * To protect from an inadvertent entry because the devmap entry point 3161 * is not NULL, return error if D_DEVMAP bit is not set in cb_flag and 3162 * mmap is NULL. 3163 */ 3164 map_flag = devopsp[getmajor(dev)]->devo_cb_ops->cb_flag; 3165 if ((map_flag & D_DEVMAP) == 0 && (mmap == NULL || mmap == nulldev)) 3166 return (EINVAL); 3167 3168 /* 3169 * devmap allows mmap(2) to map multiple registers. 3170 * one devmap_handle is created for each register mapped. 3171 */ 3172 for (total_len = 0; total_len < len; total_len += map_len) { 3173 dhp = kmem_zalloc(sizeof (devmap_handle_t), KM_SLEEP); 3174 3175 if (dhp_prev != NULL) 3176 dhp_prev->dh_next = dhp; 3177 else 3178 dhp_head = dhp; 3179 dhp_prev = dhp; 3180 3181 dhp->dh_prot = prot; 3182 dhp->dh_orig_maxprot = dhp->dh_maxprot = maxprot; 3183 dhp->dh_dev = dev; 3184 dhp->dh_timeout_length = CTX_TIMEOUT_VALUE; 3185 dhp->dh_uoff = map_off; 3186 3187 /* 3188 * Get mapping specific info from 3189 * the driver, such as rnumber, roff, len, callbackops, 3190 * accattrp and, if the mapping is for kernel memory, 3191 * ddi_umem_cookie. 3192 */ 3193 if ((ret = cdev_devmap(dev, dhp, map_off, 3194 resid_len, &map_len, get_udatamodel())) != 0) { 3195 free_devmap_handle(dhp_head); 3196 return (ENXIO); 3197 } 3198 3199 if (map_len & PAGEOFFSET) { 3200 free_devmap_handle(dhp_head); 3201 return (EINVAL); 3202 } 3203 3204 callbackops = &dhp->dh_callbackops; 3205 3206 if ((callbackops->devmap_access == NULL) || 3207 (callbackops->devmap_access == nulldev) || 3208 (callbackops->devmap_access == nodev)) { 3209 /* 3210 * Normally devmap does not support MAP_PRIVATE unless 3211 * the drivers provide a valid devmap_access routine. 3212 */ 3213 if ((flags & MAP_PRIVATE) != 0) { 3214 free_devmap_handle(dhp_head); 3215 return (EINVAL); 3216 } 3217 } else { 3218 /* 3219 * Initialize dhp_softlock and dh_ctx if the drivers 3220 * provide devmap_access. 3221 */ 3222 dhp->dh_softlock = devmap_softlock_init(dev, 3223 (ulong_t)callbackops->devmap_access); 3224 dhp->dh_ctx = devmap_ctxinit(dev, 3225 (ulong_t)callbackops->devmap_access); 3226 3227 /* 3228 * segdev_fault can only work when all 3229 * dh_softlock in a multi-dhp mapping 3230 * are same. see comments in segdev_fault 3231 * This code keeps track of the first 3232 * dh_softlock allocated in slock and 3233 * compares all later allocations and if 3234 * not similar, returns an error. 3235 */ 3236 if (slock == NULL) 3237 slock = dhp->dh_softlock; 3238 if (slock != dhp->dh_softlock) { 3239 free_devmap_handle(dhp_head); 3240 return (ENOTSUP); 3241 } 3242 } 3243 3244 map_off += map_len; 3245 resid_len -= map_len; 3246 } 3247 3248 /* 3249 * get the user virtual address and establish the mapping between 3250 * uvaddr and device physical address. 3251 */ 3252 if ((ret = devmap_device(dhp_head, as, addrp, off, len, flags)) 3253 != 0) { 3254 /* 3255 * free devmap handles if error during the mapping. 3256 */ 3257 free_devmap_handle(dhp_head); 3258 3259 return (ret); 3260 } 3261 3262 /* 3263 * call the driver's devmap_map callback to do more after the mapping, 3264 * such as to allocate driver private data for context management. 3265 */ 3266 dhp = dhp_head; 3267 map_off = off; 3268 addr = *addrp; 3269 while (dhp != NULL) { 3270 callbackops = &dhp->dh_callbackops; 3271 dhp->dh_uvaddr = addr; 3272 dhp_curr = dhp; 3273 if (callbackops->devmap_map != NULL) { 3274 ret = (*callbackops->devmap_map)((devmap_cookie_t)dhp, 3275 dev, flags, map_off, 3276 dhp->dh_len, &dhp->dh_pvtp); 3277 if (ret != 0) { 3278 struct segdev_data *sdp; 3279 3280 /* 3281 * call driver's devmap_unmap entry point 3282 * to free driver resources. 3283 */ 3284 dhp = dhp_head; 3285 map_off = off; 3286 while (dhp != dhp_curr) { 3287 callbackops = &dhp->dh_callbackops; 3288 if (callbackops->devmap_unmap != NULL) { 3289 (*callbackops->devmap_unmap)( 3290 dhp, dhp->dh_pvtp, 3291 map_off, dhp->dh_len, 3292 NULL, NULL, NULL, NULL); 3293 } 3294 map_off += dhp->dh_len; 3295 dhp = dhp->dh_next; 3296 } 3297 sdp = dhp_head->dh_seg->s_data; 3298 sdp->devmap_data = NULL; 3299 free_devmap_handle(dhp_head); 3300 return (ENXIO); 3301 } 3302 } 3303 map_off += dhp->dh_len; 3304 addr += dhp->dh_len; 3305 dhp = dhp->dh_next; 3306 } 3307 3308 return (0); 3309 } 3310 3311 int 3312 ddi_devmap_segmap(dev_t dev, off_t off, ddi_as_handle_t as, caddr_t *addrp, 3313 off_t len, uint_t prot, uint_t maxprot, uint_t flags, struct cred *cred) 3314 { 3315 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_SEGMAP, 3316 "devmap_segmap:start"); 3317 return (devmap_setup(dev, (offset_t)off, (struct as *)as, addrp, 3318 (size_t)len, prot, maxprot, flags, cred)); 3319 } 3320 3321 /* 3322 * Called from devmap_devmem_setup/remap to see if can use large pages for 3323 * this device mapping. 3324 * Also calculate the max. page size for this mapping. 3325 * this page size will be used in fault routine for 3326 * optimal page size calculations. 3327 */ 3328 static void 3329 devmap_devmem_large_page_setup(devmap_handle_t *dhp) 3330 { 3331 ASSERT(dhp_is_devmem(dhp)); 3332 dhp->dh_mmulevel = 0; 3333 3334 /* 3335 * use large page size only if: 3336 * 1. device memory. 3337 * 2. mmu supports multiple page sizes, 3338 * 3. Driver did not disallow it 3339 * 4. dhp length is at least as big as the large pagesize 3340 * 5. the uvaddr and pfn are large pagesize aligned 3341 */ 3342 if (page_num_pagesizes() > 1 && 3343 !(dhp->dh_flags & (DEVMAP_USE_PAGESIZE | DEVMAP_MAPPING_INVALID))) { 3344 ulong_t base; 3345 int level; 3346 3347 base = (ulong_t)ptob(dhp->dh_pfn); 3348 for (level = 1; level < page_num_pagesizes(); level++) { 3349 size_t pgsize = page_get_pagesize(level); 3350 if ((dhp->dh_len < pgsize) || 3351 (!VA_PA_PGSIZE_ALIGNED((uintptr_t)dhp->dh_uvaddr, 3352 base, pgsize))) { 3353 break; 3354 } 3355 } 3356 dhp->dh_mmulevel = level - 1; 3357 } 3358 if (dhp->dh_mmulevel > 0) { 3359 dhp->dh_flags |= DEVMAP_FLAG_LARGE; 3360 } else { 3361 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3362 } 3363 } 3364 3365 /* 3366 * Called by driver devmap routine to pass device specific info to 3367 * the framework. used for device memory mapping only. 3368 */ 3369 int 3370 devmap_devmem_setup(devmap_cookie_t dhc, dev_info_t *dip, 3371 struct devmap_callback_ctl *callbackops, uint_t rnumber, offset_t roff, 3372 size_t len, uint_t maxprot, uint_t flags, ddi_device_acc_attr_t *accattrp) 3373 { 3374 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3375 ddi_acc_handle_t handle; 3376 ddi_map_req_t mr; 3377 ddi_acc_hdl_t *hp; 3378 int err; 3379 3380 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_SETUP, 3381 "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx", 3382 (void *)dhp, roff, rnumber, (uint_t)len); 3383 DEBUGF(2, (CE_CONT, "devmap_devmem_setup: dhp %p offset %llx " 3384 "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len)); 3385 3386 /* 3387 * First to check if this function has been called for this dhp. 3388 */ 3389 if (dhp->dh_flags & DEVMAP_SETUP_DONE) 3390 return (DDI_FAILURE); 3391 3392 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3393 return (DDI_FAILURE); 3394 3395 if (flags & DEVMAP_MAPPING_INVALID) { 3396 /* 3397 * Don't go up the tree to get pfn if the driver specifies 3398 * DEVMAP_MAPPING_INVALID in flags. 3399 * 3400 * If DEVMAP_MAPPING_INVALID is specified, we have to grant 3401 * remap permission. 3402 */ 3403 if (!(flags & DEVMAP_ALLOW_REMAP)) { 3404 return (DDI_FAILURE); 3405 } 3406 dhp->dh_pfn = PFN_INVALID; 3407 } else { 3408 handle = impl_acc_hdl_alloc(KM_SLEEP, NULL); 3409 if (handle == NULL) 3410 return (DDI_FAILURE); 3411 3412 hp = impl_acc_hdl_get(handle); 3413 hp->ah_vers = VERS_ACCHDL; 3414 hp->ah_dip = dip; 3415 hp->ah_rnumber = rnumber; 3416 hp->ah_offset = roff; 3417 hp->ah_len = len; 3418 if (accattrp != NULL) 3419 hp->ah_acc = *accattrp; 3420 3421 mr.map_op = DDI_MO_MAP_LOCKED; 3422 mr.map_type = DDI_MT_RNUMBER; 3423 mr.map_obj.rnumber = rnumber; 3424 mr.map_prot = maxprot & dhp->dh_orig_maxprot; 3425 mr.map_flags = DDI_MF_DEVICE_MAPPING; 3426 mr.map_handlep = hp; 3427 mr.map_vers = DDI_MAP_VERSION; 3428 3429 /* 3430 * up the device tree to get pfn. 3431 * The rootnex_map_regspec() routine in nexus drivers has been 3432 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING. 3433 */ 3434 err = ddi_map(dip, &mr, roff, len, (caddr_t *)&dhp->dh_pfn); 3435 dhp->dh_hat_attr = hp->ah_hat_flags; 3436 impl_acc_hdl_free(handle); 3437 3438 if (err) 3439 return (DDI_FAILURE); 3440 } 3441 /* Should not be using devmem setup for memory pages */ 3442 ASSERT(!pf_is_memory(dhp->dh_pfn)); 3443 3444 /* Only some of the flags bits are settable by the driver */ 3445 dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS); 3446 dhp->dh_len = ptob(btopr(len)); 3447 3448 dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE; 3449 dhp->dh_roff = ptob(btop(roff)); 3450 3451 /* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */ 3452 devmap_devmem_large_page_setup(dhp); 3453 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3454 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3455 3456 3457 if (callbackops != NULL) { 3458 bcopy(callbackops, &dhp->dh_callbackops, 3459 sizeof (struct devmap_callback_ctl)); 3460 } 3461 3462 /* 3463 * Initialize dh_lock if we want to do remap. 3464 */ 3465 if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) { 3466 mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 3467 dhp->dh_flags |= DEVMAP_LOCK_INITED; 3468 } 3469 3470 dhp->dh_flags |= DEVMAP_SETUP_DONE; 3471 3472 return (DDI_SUCCESS); 3473 } 3474 3475 int 3476 devmap_devmem_remap(devmap_cookie_t dhc, dev_info_t *dip, 3477 uint_t rnumber, offset_t roff, size_t len, uint_t maxprot, 3478 uint_t flags, ddi_device_acc_attr_t *accattrp) 3479 { 3480 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3481 ddi_acc_handle_t handle; 3482 ddi_map_req_t mr; 3483 ddi_acc_hdl_t *hp; 3484 pfn_t pfn; 3485 uint_t hat_flags; 3486 int err; 3487 3488 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_DEVMEM_REMAP, 3489 "devmap_devmem_setup:start dhp=%p offset=%llx rnum=%d len=%lx", 3490 (void *)dhp, roff, rnumber, (uint_t)len); 3491 DEBUGF(2, (CE_CONT, "devmap_devmem_remap: dhp %p offset %llx " 3492 "rnum %d len %lx\n", (void *)dhp, roff, rnumber, len)); 3493 3494 /* 3495 * Return failure if setup has not been done or no remap permission 3496 * has been granted during the setup. 3497 */ 3498 if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 || 3499 (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0) 3500 return (DDI_FAILURE); 3501 3502 /* Only DEVMAP_MAPPING_INVALID flag supported for remap */ 3503 if ((flags != 0) && (flags != DEVMAP_MAPPING_INVALID)) 3504 return (DDI_FAILURE); 3505 3506 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3507 return (DDI_FAILURE); 3508 3509 if (!(flags & DEVMAP_MAPPING_INVALID)) { 3510 handle = impl_acc_hdl_alloc(KM_SLEEP, NULL); 3511 if (handle == NULL) 3512 return (DDI_FAILURE); 3513 } 3514 3515 HOLD_DHP_LOCK(dhp); 3516 3517 /* 3518 * Unload the old mapping, so next fault will setup the new mappings 3519 * Do this while holding the dhp lock so other faults dont reestablish 3520 * the mappings 3521 */ 3522 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 3523 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 3524 3525 if (flags & DEVMAP_MAPPING_INVALID) { 3526 dhp->dh_flags |= DEVMAP_MAPPING_INVALID; 3527 dhp->dh_pfn = PFN_INVALID; 3528 } else { 3529 /* clear any prior DEVMAP_MAPPING_INVALID flag */ 3530 dhp->dh_flags &= ~DEVMAP_MAPPING_INVALID; 3531 hp = impl_acc_hdl_get(handle); 3532 hp->ah_vers = VERS_ACCHDL; 3533 hp->ah_dip = dip; 3534 hp->ah_rnumber = rnumber; 3535 hp->ah_offset = roff; 3536 hp->ah_len = len; 3537 if (accattrp != NULL) 3538 hp->ah_acc = *accattrp; 3539 3540 mr.map_op = DDI_MO_MAP_LOCKED; 3541 mr.map_type = DDI_MT_RNUMBER; 3542 mr.map_obj.rnumber = rnumber; 3543 mr.map_prot = maxprot & dhp->dh_orig_maxprot; 3544 mr.map_flags = DDI_MF_DEVICE_MAPPING; 3545 mr.map_handlep = hp; 3546 mr.map_vers = DDI_MAP_VERSION; 3547 3548 /* 3549 * up the device tree to get pfn. 3550 * The rootnex_map_regspec() routine in nexus drivers has been 3551 * modified to return pfn if map_flags is DDI_MF_DEVICE_MAPPING. 3552 */ 3553 err = ddi_map(dip, &mr, roff, len, (caddr_t *)&pfn); 3554 hat_flags = hp->ah_hat_flags; 3555 impl_acc_hdl_free(handle); 3556 if (err) { 3557 RELE_DHP_LOCK(dhp); 3558 return (DDI_FAILURE); 3559 } 3560 /* 3561 * Store result of ddi_map first in local variables, as we do 3562 * not want to overwrite the existing dhp with wrong data. 3563 */ 3564 dhp->dh_pfn = pfn; 3565 dhp->dh_hat_attr = hat_flags; 3566 } 3567 3568 /* clear the large page size flag */ 3569 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3570 3571 dhp->dh_cookie = DEVMAP_DEVMEM_COOKIE; 3572 dhp->dh_roff = ptob(btop(roff)); 3573 3574 /* setup the dh_mmulevel and DEVMAP_FLAG_LARGE */ 3575 devmap_devmem_large_page_setup(dhp); 3576 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3577 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3578 3579 RELE_DHP_LOCK(dhp); 3580 return (DDI_SUCCESS); 3581 } 3582 3583 /* 3584 * called by driver devmap routine to pass kernel virtual address mapping 3585 * info to the framework. used only for kernel memory 3586 * allocated from ddi_umem_alloc(). 3587 */ 3588 int 3589 devmap_umem_setup(devmap_cookie_t dhc, dev_info_t *dip, 3590 struct devmap_callback_ctl *callbackops, ddi_umem_cookie_t cookie, 3591 offset_t off, size_t len, uint_t maxprot, uint_t flags, 3592 ddi_device_acc_attr_t *accattrp) 3593 { 3594 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3595 struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie; 3596 3597 #ifdef lint 3598 dip = dip; 3599 accattrp = accattrp; 3600 #endif 3601 3602 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_SETUP, 3603 "devmap_umem_setup:start dhp=%p offset=%llx cookie=%p len=%lx", 3604 (void *)dhp, off, cookie, len); 3605 DEBUGF(2, (CE_CONT, "devmap_umem_setup: dhp %p offset %llx " 3606 "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len)); 3607 3608 if (cookie == NULL) 3609 return (DDI_FAILURE); 3610 3611 /* For UMEM_TRASH, this restriction is not needed */ 3612 if ((off + len) > cp->size) 3613 return (DDI_FAILURE); 3614 3615 /* 3616 * First to check if this function has been called for this dhp. 3617 */ 3618 if (dhp->dh_flags & DEVMAP_SETUP_DONE) 3619 return (DDI_FAILURE); 3620 3621 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3622 return (DDI_FAILURE); 3623 3624 if (flags & DEVMAP_MAPPING_INVALID) { 3625 /* 3626 * If DEVMAP_MAPPING_INVALID is specified, we have to grant 3627 * remap permission. 3628 */ 3629 if (!(flags & DEVMAP_ALLOW_REMAP)) { 3630 return (DDI_FAILURE); 3631 } 3632 } else { 3633 dhp->dh_cookie = cookie; 3634 dhp->dh_roff = ptob(btop(off)); 3635 dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff; 3636 } 3637 3638 /* 3639 * The default is _not_ to pass HAT_LOAD_NOCONSIST to hat_devload(); 3640 * we pass HAT_LOAD_NOCONSIST _only_ in cases where hat tries to 3641 * create consistent mappings but our intention was to create 3642 * non-consistent mappings. 3643 * 3644 * DEVMEM: hat figures it out it's DEVMEM and creates non-consistent 3645 * mappings. 3646 * 3647 * kernel exported memory: hat figures it out it's memory and always 3648 * creates consistent mappings. 3649 * 3650 * /dev/mem: non-consistent mappings. See comments in common/io/mem.c 3651 * 3652 * /dev/kmem: consistent mappings are created unless they are 3653 * MAP_FIXED. We _explicitly_ tell hat to create non-consistent 3654 * mappings by passing HAT_LOAD_NOCONSIST in case of MAP_FIXED 3655 * mappings of /dev/kmem. See common/io/mem.c 3656 */ 3657 3658 /* Only some of the flags bits are settable by the driver */ 3659 dhp->dh_flags |= (flags & DEVMAP_SETUP_FLAGS); 3660 3661 dhp->dh_len = ptob(btopr(len)); 3662 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3663 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3664 3665 if (callbackops != NULL) { 3666 bcopy(callbackops, &dhp->dh_callbackops, 3667 sizeof (struct devmap_callback_ctl)); 3668 } 3669 /* 3670 * Initialize dh_lock if we want to do remap. 3671 */ 3672 if (dhp->dh_flags & DEVMAP_ALLOW_REMAP) { 3673 mutex_init(&dhp->dh_lock, NULL, MUTEX_DEFAULT, NULL); 3674 dhp->dh_flags |= DEVMAP_LOCK_INITED; 3675 } 3676 3677 dhp->dh_flags |= DEVMAP_SETUP_DONE; 3678 3679 return (DDI_SUCCESS); 3680 } 3681 3682 int 3683 devmap_umem_remap(devmap_cookie_t dhc, dev_info_t *dip, 3684 ddi_umem_cookie_t cookie, offset_t off, size_t len, uint_t maxprot, 3685 uint_t flags, ddi_device_acc_attr_t *accattrp) 3686 { 3687 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3688 struct ddi_umem_cookie *cp = (struct ddi_umem_cookie *)cookie; 3689 3690 TRACE_4(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_REMAP, 3691 "devmap_umem_remap:start dhp=%p offset=%llx cookie=%p len=%lx", 3692 (void *)dhp, off, cookie, len); 3693 DEBUGF(2, (CE_CONT, "devmap_umem_remap: dhp %p offset %llx " 3694 "cookie %p len %lx\n", (void *)dhp, off, (void *)cookie, len)); 3695 3696 #ifdef lint 3697 dip = dip; 3698 accattrp = accattrp; 3699 #endif 3700 /* 3701 * Reture failure if setup has not been done or no remap permission 3702 * has been granted during the setup. 3703 */ 3704 if ((dhp->dh_flags & DEVMAP_SETUP_DONE) == 0 || 3705 (dhp->dh_flags & DEVMAP_ALLOW_REMAP) == 0) 3706 return (DDI_FAILURE); 3707 3708 /* No flags supported for remap yet */ 3709 if (flags != 0) 3710 return (DDI_FAILURE); 3711 3712 if ((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) != dhp->dh_prot) 3713 return (DDI_FAILURE); 3714 3715 /* For UMEM_TRASH, this restriction is not needed */ 3716 if ((off + len) > cp->size) 3717 return (DDI_FAILURE); 3718 3719 HOLD_DHP_LOCK(dhp); 3720 /* 3721 * Unload the old mapping, so next fault will setup the new mappings 3722 * Do this while holding the dhp lock so other faults dont reestablish 3723 * the mappings 3724 */ 3725 hat_unload(dhp->dh_seg->s_as->a_hat, dhp->dh_uvaddr, 3726 dhp->dh_len, HAT_UNLOAD|HAT_UNLOAD_OTHER); 3727 3728 dhp->dh_cookie = cookie; 3729 dhp->dh_roff = ptob(btop(off)); 3730 dhp->dh_cvaddr = cp->cvaddr + dhp->dh_roff; 3731 3732 /* clear the large page size flag */ 3733 dhp->dh_flags &= ~DEVMAP_FLAG_LARGE; 3734 3735 dhp->dh_maxprot = maxprot & dhp->dh_orig_maxprot; 3736 ASSERT((dhp->dh_prot & dhp->dh_orig_maxprot & maxprot) == dhp->dh_prot); 3737 RELE_DHP_LOCK(dhp); 3738 return (DDI_SUCCESS); 3739 } 3740 3741 /* 3742 * to set timeout value for the driver's context management callback, e.g. 3743 * devmap_access(). 3744 */ 3745 void 3746 devmap_set_ctx_timeout(devmap_cookie_t dhc, clock_t ticks) 3747 { 3748 devmap_handle_t *dhp = (devmap_handle_t *)dhc; 3749 3750 TRACE_2(TR_FAC_DEVMAP, TR_DEVMAP_SET_CTX_TIMEOUT, 3751 "devmap_set_ctx_timeout:start dhp=%p ticks=%x", 3752 (void *)dhp, ticks); 3753 dhp->dh_timeout_length = ticks; 3754 } 3755 3756 int 3757 devmap_default_access(devmap_cookie_t dhp, void *pvtp, offset_t off, 3758 size_t len, uint_t type, uint_t rw) 3759 { 3760 #ifdef lint 3761 pvtp = pvtp; 3762 #endif 3763 3764 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_DEFAULT_ACCESS, 3765 "devmap_default_access:start"); 3766 return (devmap_load(dhp, off, len, type, rw)); 3767 } 3768 3769 /* 3770 * segkmem_alloc() wrapper to allocate memory which is both 3771 * non-relocatable (for DR) and sharelocked, since the rest 3772 * of this segment driver requires it. 3773 */ 3774 static void * 3775 devmap_alloc_pages(vmem_t *vmp, size_t size, int vmflag) 3776 { 3777 ASSERT(vmp != NULL); 3778 ASSERT(kvseg.s_base != NULL); 3779 vmflag |= (VM_NORELOC | SEGKMEM_SHARELOCKED); 3780 return (segkmem_alloc(vmp, size, vmflag)); 3781 } 3782 3783 /* 3784 * This is where things are a bit incestrous with seg_kmem: unlike 3785 * seg_kp, seg_kmem does not keep its pages long-term sharelocked, so 3786 * we need to do a bit of a dance around that to prevent duplication of 3787 * code until we decide to bite the bullet and implement a new kernel 3788 * segment for driver-allocated memory that is exported to user space. 3789 */ 3790 static void 3791 devmap_free_pages(vmem_t *vmp, void *inaddr, size_t size) 3792 { 3793 page_t *pp; 3794 caddr_t addr = inaddr; 3795 caddr_t eaddr; 3796 pgcnt_t npages = btopr(size); 3797 3798 ASSERT(vmp != NULL); 3799 ASSERT(kvseg.s_base != NULL); 3800 ASSERT(((uintptr_t)addr & PAGEOFFSET) == 0); 3801 3802 hat_unload(kas.a_hat, addr, size, HAT_UNLOAD_UNLOCK); 3803 3804 for (eaddr = addr + size; addr < eaddr; addr += PAGESIZE) { 3805 /* 3806 * Use page_find() instead of page_lookup() to find the page 3807 * since we know that it is hashed and has a shared lock. 3808 */ 3809 pp = page_find(&kvp, (u_offset_t)(uintptr_t)addr); 3810 3811 if (pp == NULL) 3812 panic("devmap_free_pages: page not found"); 3813 if (!page_tryupgrade(pp)) { 3814 page_unlock(pp); 3815 pp = page_lookup(&kvp, (u_offset_t)(uintptr_t)addr, 3816 SE_EXCL); 3817 if (pp == NULL) 3818 panic("devmap_free_pages: page already freed"); 3819 } 3820 /* Clear p_lckcnt so page_destroy() doesn't update availrmem */ 3821 pp->p_lckcnt = 0; 3822 page_destroy(pp, 0); 3823 } 3824 page_unresv(npages); 3825 3826 if (vmp != NULL) 3827 vmem_free(vmp, inaddr, size); 3828 } 3829 3830 /* 3831 * devmap_umem_alloc_np() replaces kmem_zalloc() as the method for 3832 * allocating non-pageable kmem in response to a ddi_umem_alloc() 3833 * default request. For now we allocate our own pages and we keep 3834 * them long-term sharelocked, since: A) the fault routines expect the 3835 * memory to already be locked; B) pageable umem is already long-term 3836 * locked; C) it's a lot of work to make it otherwise, particuarly 3837 * since the nexus layer expects the pages to never fault. An RFE is to 3838 * not keep the pages long-term locked, but instead to be able to 3839 * take faults on them and simply look them up in kvp in case we 3840 * fault on them. Even then, we must take care not to let pageout 3841 * steal them from us since the data must remain resident; if we 3842 * do this we must come up with some way to pin the pages to prevent 3843 * faults while a driver is doing DMA to/from them. 3844 */ 3845 static void * 3846 devmap_umem_alloc_np(size_t size, size_t flags) 3847 { 3848 void *buf; 3849 int vmflags = (flags & DDI_UMEM_NOSLEEP)? VM_NOSLEEP : VM_SLEEP; 3850 3851 buf = vmem_alloc(umem_np_arena, size, vmflags); 3852 if (buf != NULL) 3853 bzero(buf, size); 3854 return (buf); 3855 } 3856 3857 static void 3858 devmap_umem_free_np(void *addr, size_t size) 3859 { 3860 vmem_free(umem_np_arena, addr, size); 3861 } 3862 3863 /* 3864 * allocate page aligned kernel memory for exporting to user land. 3865 * The devmap framework will use the cookie allocated by ddi_umem_alloc() 3866 * to find a user virtual address that is in same color as the address 3867 * allocated here. 3868 */ 3869 void * 3870 ddi_umem_alloc(size_t size, int flags, ddi_umem_cookie_t *cookie) 3871 { 3872 register size_t len = ptob(btopr(size)); 3873 void *buf = NULL; 3874 struct ddi_umem_cookie *cp; 3875 int iflags = 0; 3876 3877 *cookie = NULL; 3878 3879 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_ALLOC, 3880 "devmap_umem_alloc:start"); 3881 if (len == 0) 3882 return ((void *)NULL); 3883 3884 /* 3885 * allocate cookie 3886 */ 3887 if ((cp = kmem_zalloc(sizeof (struct ddi_umem_cookie), 3888 flags & DDI_UMEM_NOSLEEP ? KM_NOSLEEP : KM_SLEEP)) == NULL) { 3889 ASSERT(flags & DDI_UMEM_NOSLEEP); 3890 return ((void *)NULL); 3891 } 3892 3893 if (flags & DDI_UMEM_PAGEABLE) { 3894 /* Only one of the flags is allowed */ 3895 ASSERT(!(flags & DDI_UMEM_TRASH)); 3896 /* initialize resource with 0 */ 3897 iflags = KPD_ZERO; 3898 3899 /* 3900 * to allocate unlocked pageable memory, use segkp_get() to 3901 * create a segkp segment. Since segkp can only service kas, 3902 * other segment drivers such as segdev have to do 3903 * as_fault(segkp, SOFTLOCK) in its fault routine, 3904 */ 3905 if (flags & DDI_UMEM_NOSLEEP) 3906 iflags |= KPD_NOWAIT; 3907 3908 if ((buf = segkp_get(segkp, len, iflags)) == NULL) { 3909 kmem_free(cp, sizeof (struct ddi_umem_cookie)); 3910 return ((void *)NULL); 3911 } 3912 cp->type = KMEM_PAGEABLE; 3913 mutex_init(&cp->lock, NULL, MUTEX_DEFAULT, NULL); 3914 cp->locked = 0; 3915 } else if (flags & DDI_UMEM_TRASH) { 3916 /* Only one of the flags is allowed */ 3917 ASSERT(!(flags & DDI_UMEM_PAGEABLE)); 3918 cp->type = UMEM_TRASH; 3919 buf = NULL; 3920 } else { 3921 if ((buf = devmap_umem_alloc_np(len, flags)) == NULL) { 3922 kmem_free(cp, sizeof (struct ddi_umem_cookie)); 3923 return ((void *)NULL); 3924 } 3925 3926 cp->type = KMEM_NON_PAGEABLE; 3927 } 3928 3929 /* 3930 * need to save size here. size will be used when 3931 * we do kmem_free. 3932 */ 3933 cp->size = len; 3934 cp->cvaddr = (caddr_t)buf; 3935 3936 *cookie = (void *)cp; 3937 return (buf); 3938 } 3939 3940 void 3941 ddi_umem_free(ddi_umem_cookie_t cookie) 3942 { 3943 struct ddi_umem_cookie *cp; 3944 3945 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_UMEM_FREE, 3946 "devmap_umem_free:start"); 3947 3948 /* 3949 * if cookie is NULL, no effects on the system 3950 */ 3951 if (cookie == NULL) 3952 return; 3953 3954 cp = (struct ddi_umem_cookie *)cookie; 3955 3956 switch (cp->type) { 3957 case KMEM_PAGEABLE : 3958 ASSERT(cp->cvaddr != NULL && cp->size != 0); 3959 /* 3960 * Check if there are still any pending faults on the cookie 3961 * while the driver is deleting it, 3962 * XXX - could change to an ASSERT but wont catch errant drivers 3963 */ 3964 mutex_enter(&cp->lock); 3965 if (cp->locked) { 3966 mutex_exit(&cp->lock); 3967 panic("ddi_umem_free for cookie with pending faults %p", 3968 (void *)cp); 3969 return; 3970 } 3971 3972 segkp_release(segkp, cp->cvaddr); 3973 3974 /* 3975 * release mutex associated with this cookie. 3976 */ 3977 mutex_destroy(&cp->lock); 3978 break; 3979 case KMEM_NON_PAGEABLE : 3980 ASSERT(cp->cvaddr != NULL && cp->size != 0); 3981 devmap_umem_free_np(cp->cvaddr, cp->size); 3982 break; 3983 case UMEM_TRASH : 3984 break; 3985 case UMEM_LOCKED : 3986 /* Callers should use ddi_umem_unlock for this type */ 3987 ddi_umem_unlock(cookie); 3988 /* Frees the cookie too */ 3989 return; 3990 default: 3991 /* panic so we can diagnose the underlying cause */ 3992 panic("ddi_umem_free: illegal cookie type 0x%x\n", 3993 cp->type); 3994 } 3995 3996 kmem_free(cookie, sizeof (struct ddi_umem_cookie)); 3997 } 3998 3999 4000 static int 4001 segdev_getmemid(struct seg *seg, caddr_t addr, memid_t *memidp) 4002 { 4003 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4004 4005 /* 4006 * It looks as if it is always mapped shared 4007 */ 4008 TRACE_0(TR_FAC_DEVMAP, TR_DEVMAP_GETMEMID, 4009 "segdev_getmemid:start"); 4010 memidp->val[0] = (uintptr_t)VTOCVP(sdp->vp); 4011 memidp->val[1] = sdp->offset + (uintptr_t)(addr - seg->s_base); 4012 return (0); 4013 } 4014 4015 /*ARGSUSED*/ 4016 static lgrp_mem_policy_info_t * 4017 segdev_getpolicy(struct seg *seg, caddr_t addr) 4018 { 4019 return (NULL); 4020 } 4021 4022 /*ARGSUSED*/ 4023 static int 4024 segdev_capable(struct seg *seg, segcapability_t capability) 4025 { 4026 return (0); 4027 } 4028 4029 /* 4030 * ddi_umem_alloc() non-pageable quantum cache max size. 4031 * This is just a SWAG. 4032 */ 4033 #define DEVMAP_UMEM_QUANTUM (8*PAGESIZE) 4034 4035 /* 4036 * Initialize seg_dev from boot. This routine sets up the trash page 4037 * and creates the umem_np_arena used to back non-pageable memory 4038 * requests. 4039 */ 4040 void 4041 segdev_init(void) 4042 { 4043 struct seg kseg; 4044 4045 umem_np_arena = vmem_create("umem_np", NULL, 0, PAGESIZE, 4046 devmap_alloc_pages, devmap_free_pages, heap_arena, 4047 DEVMAP_UMEM_QUANTUM, VM_SLEEP); 4048 4049 kseg.s_as = &kas; 4050 trashpp = page_create_va(&trashvp, 0, PAGESIZE, 4051 PG_NORELOC | PG_EXCL | PG_WAIT, &kseg, NULL); 4052 if (trashpp == NULL) 4053 panic("segdev_init: failed to create trash page"); 4054 pagezero(trashpp, 0, PAGESIZE); 4055 page_downgrade(trashpp); 4056 } 4057 4058 /* 4059 * Invoke platform-dependent support routines so that /proc can have 4060 * the platform code deal with curious hardware. 4061 */ 4062 int 4063 segdev_copyfrom(struct seg *seg, 4064 caddr_t uaddr, const void *devaddr, void *kaddr, size_t len) 4065 { 4066 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4067 struct snode *sp = VTOS(VTOCVP(sdp->vp)); 4068 4069 return (e_ddi_copyfromdev(sp->s_dip, 4070 (off_t)(uaddr - seg->s_base), devaddr, kaddr, len)); 4071 } 4072 4073 int 4074 segdev_copyto(struct seg *seg, 4075 caddr_t uaddr, const void *kaddr, void *devaddr, size_t len) 4076 { 4077 struct segdev_data *sdp = (struct segdev_data *)seg->s_data; 4078 struct snode *sp = VTOS(VTOCVP(sdp->vp)); 4079 4080 return (e_ddi_copytodev(sp->s_dip, 4081 (off_t)(uaddr - seg->s_base), kaddr, devaddr, len)); 4082 } 4083