2 * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
46 * Carnegie Mellon requests users of this software to return to
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
60 * Author: Avadis Tevanian, Jr., Michael Wayne Young
63 * Virtual memory mapping module.
66 #include <task_swapper.h>
67 #include <mach_assert.h>
69 #include <vm/vm_options.h>
71 #include <libkern/OSAtomic.h>
73 #include <mach/kern_return.h>
74 #include <mach/port.h>
75 #include <mach/vm_attributes.h>
76 #include <mach/vm_param.h>
77 #include <mach/vm_behavior.h>
78 #include <mach/vm_statistics.h>
79 #include <mach/memory_object.h>
80 #include <mach/mach_vm.h>
81 #include <machine/cpu_capabilities.h>
84 #include <kern/assert.h>
85 #include <kern/counters.h>
86 #include <kern/kalloc.h>
87 #include <kern/zalloc.h>
90 #include <vm/vm_compressor_pager.h>
91 #include <vm/vm_init.h>
92 #include <vm/vm_fault.h>
93 #include <vm/vm_map.h>
94 #include <vm/vm_object.h>
95 #include <vm/vm_page.h>
96 #include <vm/vm_pageout.h>
97 #include <vm/vm_kern.h>
98 #include <ipc/ipc_port.h>
99 #include <kern/sched_prim.h>
100 #include <kern/misc_protos.h>
101 #include <kern/xpr.h>
103 #include <mach/vm_map_server.h>
104 #include <mach/mach_host_server.h>
105 #include <vm/vm_protos.h>
106 #include <vm/vm_purgeable_internal.h>
108 #include <vm/vm_protos.h>
109 #include <vm/vm_shared_region.h>
110 #include <vm/vm_map_store.h>
113 extern u_int32_t
random(void); /* from <libkern/libkern.h> */
114 /* Internal prototypes
117 static void vm_map_simplify_range(
119 vm_map_offset_t start
,
120 vm_map_offset_t end
); /* forward */
122 static boolean_t
vm_map_range_check(
124 vm_map_offset_t start
,
126 vm_map_entry_t
*entry
);
128 static vm_map_entry_t
_vm_map_entry_create(
129 struct vm_map_header
*map_header
, boolean_t map_locked
);
131 static void _vm_map_entry_dispose(
132 struct vm_map_header
*map_header
,
133 vm_map_entry_t entry
);
135 static void vm_map_pmap_enter(
137 vm_map_offset_t addr
,
138 vm_map_offset_t end_addr
,
140 vm_object_offset_t offset
,
141 vm_prot_t protection
);
143 static void _vm_map_clip_end(
144 struct vm_map_header
*map_header
,
145 vm_map_entry_t entry
,
146 vm_map_offset_t end
);
148 static void _vm_map_clip_start(
149 struct vm_map_header
*map_header
,
150 vm_map_entry_t entry
,
151 vm_map_offset_t start
);
153 static void vm_map_entry_delete(
155 vm_map_entry_t entry
);
157 static kern_return_t
vm_map_delete(
159 vm_map_offset_t start
,
164 static kern_return_t
vm_map_copy_overwrite_unaligned(
166 vm_map_entry_t entry
,
168 vm_map_address_t start
,
169 boolean_t discard_on_success
);
171 static kern_return_t
vm_map_copy_overwrite_aligned(
173 vm_map_entry_t tmp_entry
,
175 vm_map_offset_t start
,
178 static kern_return_t
vm_map_copyin_kernel_buffer(
180 vm_map_address_t src_addr
,
182 boolean_t src_destroy
,
183 vm_map_copy_t
*copy_result
); /* OUT */
185 static kern_return_t
vm_map_copyout_kernel_buffer(
187 vm_map_address_t
*addr
, /* IN/OUT */
190 boolean_t consume_on_success
);
192 static void vm_map_fork_share(
194 vm_map_entry_t old_entry
,
197 static boolean_t
vm_map_fork_copy(
199 vm_map_entry_t
*old_entry_p
,
202 void vm_map_region_top_walk(
203 vm_map_entry_t entry
,
204 vm_region_top_info_t top
);
206 void vm_map_region_walk(
209 vm_map_entry_t entry
,
210 vm_object_offset_t offset
,
211 vm_object_size_t range
,
212 vm_region_extended_info_t extended
,
213 boolean_t look_for_pages
,
214 mach_msg_type_number_t count
);
216 static kern_return_t
vm_map_wire_nested(
218 vm_map_offset_t start
,
220 vm_prot_t caller_prot
,
223 vm_map_offset_t pmap_addr
,
224 ppnum_t
*physpage_p
);
226 static kern_return_t
vm_map_unwire_nested(
228 vm_map_offset_t start
,
232 vm_map_offset_t pmap_addr
);
234 static kern_return_t
vm_map_overwrite_submap_recurse(
236 vm_map_offset_t dst_addr
,
237 vm_map_size_t dst_size
);
239 static kern_return_t
vm_map_copy_overwrite_nested(
241 vm_map_offset_t dst_addr
,
243 boolean_t interruptible
,
245 boolean_t discard_on_success
);
247 static kern_return_t
vm_map_remap_extract(
249 vm_map_offset_t addr
,
252 struct vm_map_header
*map_header
,
253 vm_prot_t
*cur_protection
,
254 vm_prot_t
*max_protection
,
255 vm_inherit_t inheritance
,
258 static kern_return_t
vm_map_remap_range_allocate(
260 vm_map_address_t
*address
,
262 vm_map_offset_t mask
,
264 vm_map_entry_t
*map_entry
);
266 static void vm_map_region_look_for_page(
270 vm_object_offset_t offset
,
273 vm_region_extended_info_t extended
,
274 mach_msg_type_number_t count
);
276 static int vm_map_region_count_obj_refs(
277 vm_map_entry_t entry
,
281 static kern_return_t
vm_map_willneed(
283 vm_map_offset_t start
,
284 vm_map_offset_t end
);
286 static kern_return_t
vm_map_reuse_pages(
288 vm_map_offset_t start
,
289 vm_map_offset_t end
);
291 static kern_return_t
vm_map_reusable_pages(
293 vm_map_offset_t start
,
294 vm_map_offset_t end
);
296 static kern_return_t
vm_map_can_reuse(
298 vm_map_offset_t start
,
299 vm_map_offset_t end
);
302 static kern_return_t
vm_map_pageout(
304 vm_map_offset_t start
,
305 vm_map_offset_t end
);
306 #endif /* MACH_ASSERT */
309 * Macros to copy a vm_map_entry. We must be careful to correctly
310 * manage the wired page count. vm_map_entry_copy() creates a new
311 * map entry to the same memory - the wired count in the new entry
312 * must be set to zero. vm_map_entry_copy_full() creates a new
313 * entry that is identical to the old entry. This preserves the
314 * wire count; it's used for map splitting and zone changing in
318 #define vm_map_entry_copy(NEW,OLD) \
320 boolean_t _vmec_reserved = (NEW)->from_reserved_zone; \
322 (NEW)->is_shared = FALSE; \
323 (NEW)->needs_wakeup = FALSE; \
324 (NEW)->in_transition = FALSE; \
325 (NEW)->wired_count = 0; \
326 (NEW)->user_wired_count = 0; \
327 (NEW)->permanent = FALSE; \
328 (NEW)->used_for_jit = FALSE; \
329 (NEW)->from_reserved_zone = _vmec_reserved; \
330 (NEW)->iokit_acct = FALSE; \
331 (NEW)->vme_resilient_codesign = FALSE; \
332 (NEW)->vme_resilient_media = FALSE; \
335 #define vm_map_entry_copy_full(NEW,OLD) \
337 boolean_t _vmecf_reserved = (NEW)->from_reserved_zone; \
339 (NEW)->from_reserved_zone = _vmecf_reserved; \
343 * Decide if we want to allow processes to execute from their data or stack areas.
344 * override_nx() returns true if we do. Data/stack execution can be enabled independently
345 * for 32 and 64 bit processes. Set the VM_ABI_32 or VM_ABI_64 flags in allow_data_exec
346 * or allow_stack_exec to enable data execution for that type of data area for that particular
347 * ABI (or both by or'ing the flags together). These are initialized in the architecture
348 * specific pmap files since the default behavior varies according to architecture. The
349 * main reason it varies is because of the need to provide binary compatibility with old
350 * applications that were written before these restrictions came into being. In the old
351 * days, an app could execute anything it could read, but this has slowly been tightened
352 * up over time. The default behavior is:
354 * 32-bit PPC apps may execute from both stack and data areas
355 * 32-bit Intel apps may exeucte from data areas but not stack
356 * 64-bit PPC/Intel apps may not execute from either data or stack
358 * An application on any architecture may override these defaults by explicitly
359 * adding PROT_EXEC permission to the page in question with the mprotect(2)
360 * system call. This code here just determines what happens when an app tries to
361 * execute from a page that lacks execute permission.
363 * Note that allow_data_exec or allow_stack_exec may also be modified by sysctl to change the
364 * default behavior for both 32 and 64 bit apps on a system-wide basis. Furthermore,
365 * a Mach-O header flag bit (MH_NO_HEAP_EXECUTION) can be used to forcibly disallow
366 * execution from data areas for a particular binary even if the arch normally permits it. As
367 * a final wrinkle, a posix_spawn attribute flag can be used to negate this opt-in header bit
368 * to support some complicated use cases, notably browsers with out-of-process plugins that
369 * are not all NX-safe.
372 extern int allow_data_exec
, allow_stack_exec
;
375 override_nx(vm_map_t map
, uint32_t user_tag
) /* map unused on arm */
379 if (map
->pmap
== kernel_pmap
) return FALSE
;
382 * Determine if the app is running in 32 or 64 bit mode.
385 if (vm_map_is_64bit(map
))
386 current_abi
= VM_ABI_64
;
388 current_abi
= VM_ABI_32
;
391 * Determine if we should allow the execution based on whether it's a
392 * stack or data area and the current architecture.
395 if (user_tag
== VM_MEMORY_STACK
)
396 return allow_stack_exec
& current_abi
;
398 return (allow_data_exec
& current_abi
) && (map
->map_disallow_data_exec
== FALSE
);
403 * Virtual memory maps provide for the mapping, protection,
404 * and sharing of virtual memory objects. In addition,
405 * this module provides for an efficient virtual copy of
406 * memory from one map to another.
408 * Synchronization is required prior to most operations.
410 * Maps consist of an ordered doubly-linked list of simple
411 * entries; a single hint is used to speed up lookups.
413 * Sharing maps have been deleted from this version of Mach.
414 * All shared objects are now mapped directly into the respective
415 * maps. This requires a change in the copy on write strategy;
416 * the asymmetric (delayed) strategy is used for shared temporary
417 * objects instead of the symmetric (shadow) strategy. All maps
418 * are now "top level" maps (either task map, kernel map or submap
419 * of the kernel map).
421 * Since portions of maps are specified by start/end addreses,
422 * which may not align with existing map entries, all
423 * routines merely "clip" entries to these start/end values.
424 * [That is, an entry is split into two, bordering at a
425 * start or end value.] Note that these clippings may not
426 * always be necessary (as the two resulting entries are then
427 * not changed); however, the clipping is done for convenience.
428 * No attempt is currently made to "glue back together" two
431 * The symmetric (shadow) copy strategy implements virtual copy
432 * by copying VM object references from one map to
433 * another, and then marking both regions as copy-on-write.
434 * It is important to note that only one writeable reference
435 * to a VM object region exists in any map when this strategy
436 * is used -- this means that shadow object creation can be
437 * delayed until a write operation occurs. The symmetric (delayed)
438 * strategy allows multiple maps to have writeable references to
439 * the same region of a vm object, and hence cannot delay creating
440 * its copy objects. See vm_object_copy_quickly() in vm_object.c.
441 * Copying of permanent objects is completely different; see
442 * vm_object_copy_strategically() in vm_object.c.
445 static zone_t vm_map_zone
; /* zone for vm_map structures */
446 static zone_t vm_map_entry_zone
; /* zone for vm_map_entry structures */
447 static zone_t vm_map_entry_reserved_zone
; /* zone with reserve for non-blocking
449 static zone_t vm_map_copy_zone
; /* zone for vm_map_copy structures */
450 zone_t vm_map_holes_zone
; /* zone for vm map holes (vm_map_links) structures */
454 * Placeholder object for submap operations. This object is dropped
455 * into the range by a call to vm_map_find, and removed when
456 * vm_map_submap creates the submap.
459 vm_object_t vm_submap_object
;
461 static void *map_data
;
462 static vm_size_t map_data_size
;
463 static void *kentry_data
;
464 static vm_size_t kentry_data_size
;
465 static void *map_holes_data
;
466 static vm_size_t map_holes_data_size
;
468 #define NO_COALESCE_LIMIT ((1024 * 128) - 1)
470 /* Skip acquiring locks if we're in the midst of a kernel core dump */
471 unsigned int not_in_kdp
= 1;
473 unsigned int vm_map_set_cache_attr_count
= 0;
476 vm_map_set_cache_attr(
480 vm_map_entry_t map_entry
;
482 kern_return_t kr
= KERN_SUCCESS
;
484 vm_map_lock_read(map
);
486 if (!vm_map_lookup_entry(map
, va
, &map_entry
) ||
487 map_entry
->is_sub_map
) {
489 * that memory is not properly mapped
491 kr
= KERN_INVALID_ARGUMENT
;
494 object
= VME_OBJECT(map_entry
);
496 if (object
== VM_OBJECT_NULL
) {
498 * there should be a VM object here at this point
500 kr
= KERN_INVALID_ARGUMENT
;
503 vm_object_lock(object
);
504 object
->set_cache_attr
= TRUE
;
505 vm_object_unlock(object
);
507 vm_map_set_cache_attr_count
++;
509 vm_map_unlock_read(map
);
515 #if CONFIG_CODE_DECRYPTION
517 * vm_map_apple_protected:
518 * This remaps the requested part of the object with an object backed by
519 * the decrypting pager.
520 * crypt_info contains entry points and session data for the crypt module.
521 * The crypt_info block will be copied by vm_map_apple_protected. The data structures
522 * referenced in crypt_info must remain valid until crypt_info->crypt_end() is called.
525 vm_map_apple_protected(
527 vm_map_offset_t start
,
529 vm_object_offset_t crypto_backing_offset
,
530 struct pager_crypt_info
*crypt_info
)
532 boolean_t map_locked
;
534 vm_map_entry_t map_entry
;
535 struct vm_map_entry tmp_entry
;
536 memory_object_t unprotected_mem_obj
;
537 vm_object_t protected_object
;
538 vm_map_offset_t map_addr
;
539 vm_map_offset_t start_aligned
, end_aligned
;
540 vm_object_offset_t crypto_start
, crypto_end
;
544 unprotected_mem_obj
= MEMORY_OBJECT_NULL
;
546 start_aligned
= vm_map_trunc_page(start
, PAGE_MASK_64
);
547 end_aligned
= vm_map_round_page(end
, PAGE_MASK_64
);
548 start_aligned
= vm_map_trunc_page(start_aligned
, VM_MAP_PAGE_MASK(map
));
549 end_aligned
= vm_map_round_page(end_aligned
, VM_MAP_PAGE_MASK(map
));
551 assert(start_aligned
== start
);
552 assert(end_aligned
== end
);
554 map_addr
= start_aligned
;
555 for (map_addr
= start_aligned
;
557 map_addr
= tmp_entry
.vme_end
) {
561 /* lookup the protected VM object */
562 if (!vm_map_lookup_entry(map
,
565 map_entry
->is_sub_map
||
566 VME_OBJECT(map_entry
) == VM_OBJECT_NULL
||
567 !(map_entry
->protection
& VM_PROT_EXECUTE
)) {
568 /* that memory is not properly mapped */
569 kr
= KERN_INVALID_ARGUMENT
;
573 /* get the protected object to be decrypted */
574 protected_object
= VME_OBJECT(map_entry
);
575 if (protected_object
== VM_OBJECT_NULL
) {
576 /* there should be a VM object here at this point */
577 kr
= KERN_INVALID_ARGUMENT
;
580 /* ensure protected object stays alive while map is unlocked */
581 vm_object_reference(protected_object
);
583 /* limit the map entry to the area we want to cover */
584 vm_map_clip_start(map
, map_entry
, start_aligned
);
585 vm_map_clip_end(map
, map_entry
, end_aligned
);
587 tmp_entry
= *map_entry
;
588 map_entry
= VM_MAP_ENTRY_NULL
; /* not valid after unlocking map */
593 * This map entry might be only partially encrypted
594 * (if not fully "page-aligned").
597 crypto_end
= tmp_entry
.vme_end
- tmp_entry
.vme_start
;
598 if (tmp_entry
.vme_start
< start
) {
599 if (tmp_entry
.vme_start
!= start_aligned
) {
600 kr
= KERN_INVALID_ADDRESS
;
602 crypto_start
+= (start
- tmp_entry
.vme_start
);
604 if (tmp_entry
.vme_end
> end
) {
605 if (tmp_entry
.vme_end
!= end_aligned
) {
606 kr
= KERN_INVALID_ADDRESS
;
608 crypto_end
-= (tmp_entry
.vme_end
- end
);
612 * This "extra backing offset" is needed to get the decryption
613 * routine to use the right key. It adjusts for the possibly
614 * relative offset of an interposed "4K" pager...
616 if (crypto_backing_offset
== (vm_object_offset_t
) -1) {
617 crypto_backing_offset
= VME_OFFSET(&tmp_entry
);
621 * Lookup (and create if necessary) the protected memory object
622 * matching that VM object.
623 * If successful, this also grabs a reference on the memory object,
624 * to guarantee that it doesn't go away before we get a chance to map
627 unprotected_mem_obj
= apple_protect_pager_setup(
629 VME_OFFSET(&tmp_entry
),
630 crypto_backing_offset
,
635 /* release extra ref on protected object */
636 vm_object_deallocate(protected_object
);
638 if (unprotected_mem_obj
== NULL
) {
643 vm_flags
= VM_FLAGS_FIXED
| VM_FLAGS_OVERWRITE
;
645 /* map this memory object in place of the current one */
646 map_addr
= tmp_entry
.vme_start
;
647 kr
= vm_map_enter_mem_object(map
,
650 tmp_entry
.vme_start
),
651 (mach_vm_offset_t
) 0,
653 (ipc_port_t
) unprotected_mem_obj
,
656 tmp_entry
.protection
,
657 tmp_entry
.max_protection
,
658 tmp_entry
.inheritance
);
659 assert(kr
== KERN_SUCCESS
);
660 assert(map_addr
== tmp_entry
.vme_start
);
662 #if VM_MAP_DEBUG_APPLE_PROTECT
663 printf("APPLE_PROTECT: map %p [0x%llx:0x%llx] pager %p: "
664 "backing:[object:%p,offset:0x%llx,"
665 "crypto_backing_offset:0x%llx,"
666 "crypto_start:0x%llx,crypto_end:0x%llx]\n",
669 (uint64_t) (map_addr
+ (tmp_entry
.vme_end
-
670 tmp_entry
.vme_start
)),
673 VME_OFFSET(&tmp_entry
),
674 crypto_backing_offset
,
677 #endif /* VM_MAP_DEBUG_APPLE_PROTECT */
680 * Release the reference obtained by
681 * apple_protect_pager_setup().
682 * The mapping (if it succeeded) is now holding a reference on
685 memory_object_deallocate(unprotected_mem_obj
);
686 unprotected_mem_obj
= MEMORY_OBJECT_NULL
;
688 /* continue with next map entry */
689 crypto_backing_offset
+= (tmp_entry
.vme_end
-
690 tmp_entry
.vme_start
);
691 crypto_backing_offset
-= crypto_start
;
701 #endif /* CONFIG_CODE_DECRYPTION */
704 lck_grp_t vm_map_lck_grp
;
705 lck_grp_attr_t vm_map_lck_grp_attr
;
706 lck_attr_t vm_map_lck_attr
;
707 lck_attr_t vm_map_lck_rw_attr
;
713 * Initialize the vm_map module. Must be called before
714 * any other vm_map routines.
716 * Map and entry structures are allocated from zones -- we must
717 * initialize those zones.
719 * There are three zones of interest:
721 * vm_map_zone: used to allocate maps.
722 * vm_map_entry_zone: used to allocate map entries.
723 * vm_map_entry_reserved_zone: fallback zone for kernel map entries
725 * The kernel allocates map entries from a special zone that is initially
726 * "crammed" with memory. It would be difficult (perhaps impossible) for
727 * the kernel to allocate more memory to a entry zone when it became
728 * empty since the very act of allocating memory implies the creation
735 vm_size_t entry_zone_alloc_size
;
736 const char *mez_name
= "VM map entries";
738 vm_map_zone
= zinit((vm_map_size_t
) sizeof(struct _vm_map
), 40*1024,
740 zone_change(vm_map_zone
, Z_NOENCRYPT
, TRUE
);
741 #if defined(__LP64__)
742 entry_zone_alloc_size
= PAGE_SIZE
* 5;
744 entry_zone_alloc_size
= PAGE_SIZE
* 6;
746 vm_map_entry_zone
= zinit((vm_map_size_t
) sizeof(struct vm_map_entry
),
747 1024*1024, entry_zone_alloc_size
,
749 zone_change(vm_map_entry_zone
, Z_NOENCRYPT
, TRUE
);
750 zone_change(vm_map_entry_zone
, Z_NOCALLOUT
, TRUE
);
751 zone_change(vm_map_entry_zone
, Z_GZALLOC_EXEMPT
, TRUE
);
753 vm_map_entry_reserved_zone
= zinit((vm_map_size_t
) sizeof(struct vm_map_entry
),
754 kentry_data_size
* 64, kentry_data_size
,
755 "Reserved VM map entries");
756 zone_change(vm_map_entry_reserved_zone
, Z_NOENCRYPT
, TRUE
);
758 vm_map_copy_zone
= zinit((vm_map_size_t
) sizeof(struct vm_map_copy
),
759 16*1024, PAGE_SIZE
, "VM map copies");
760 zone_change(vm_map_copy_zone
, Z_NOENCRYPT
, TRUE
);
762 vm_map_holes_zone
= zinit((vm_map_size_t
) sizeof(struct vm_map_links
),
763 16*1024, PAGE_SIZE
, "VM map holes");
764 zone_change(vm_map_holes_zone
, Z_NOENCRYPT
, TRUE
);
767 * Cram the map and kentry zones with initial data.
768 * Set reserved_zone non-collectible to aid zone_gc().
770 zone_change(vm_map_zone
, Z_COLLECT
, FALSE
);
772 zone_change(vm_map_entry_reserved_zone
, Z_COLLECT
, FALSE
);
773 zone_change(vm_map_entry_reserved_zone
, Z_EXPAND
, FALSE
);
774 zone_change(vm_map_entry_reserved_zone
, Z_FOREIGN
, TRUE
);
775 zone_change(vm_map_entry_reserved_zone
, Z_NOCALLOUT
, TRUE
);
776 zone_change(vm_map_entry_reserved_zone
, Z_CALLERACCT
, FALSE
); /* don't charge caller */
777 zone_change(vm_map_copy_zone
, Z_CALLERACCT
, FALSE
); /* don't charge caller */
778 zone_change(vm_map_entry_reserved_zone
, Z_GZALLOC_EXEMPT
, TRUE
);
780 zone_change(vm_map_holes_zone
, Z_COLLECT
, TRUE
);
781 zone_change(vm_map_holes_zone
, Z_EXPAND
, TRUE
);
782 zone_change(vm_map_holes_zone
, Z_FOREIGN
, TRUE
);
783 zone_change(vm_map_holes_zone
, Z_NOCALLOUT
, TRUE
);
784 zone_change(vm_map_holes_zone
, Z_CALLERACCT
, TRUE
);
785 zone_change(vm_map_holes_zone
, Z_GZALLOC_EXEMPT
, TRUE
);
788 * Add the stolen memory to zones, adjust zone size and stolen counts.
790 zcram(vm_map_zone
, (vm_offset_t
)map_data
, map_data_size
);
791 zcram(vm_map_entry_reserved_zone
, (vm_offset_t
)kentry_data
, kentry_data_size
);
792 zcram(vm_map_holes_zone
, (vm_offset_t
)map_holes_data
, map_holes_data_size
);
793 VM_PAGE_MOVE_STOLEN(atop_64(map_data_size
) + atop_64(kentry_data_size
) + atop_64(map_holes_data_size
));
795 lck_grp_attr_setdefault(&vm_map_lck_grp_attr
);
796 lck_grp_init(&vm_map_lck_grp
, "vm_map", &vm_map_lck_grp_attr
);
797 lck_attr_setdefault(&vm_map_lck_attr
);
799 lck_attr_setdefault(&vm_map_lck_rw_attr
);
800 lck_attr_cleardebug(&vm_map_lck_rw_attr
);
803 default_freezer_init();
804 #endif /* CONFIG_FREEZE */
811 uint32_t kentry_initial_pages
;
813 map_data_size
= round_page(10 * sizeof(struct _vm_map
));
814 map_data
= pmap_steal_memory(map_data_size
);
817 * kentry_initial_pages corresponds to the number of kernel map entries
818 * required during bootstrap until the asynchronous replenishment
819 * scheme is activated and/or entries are available from the general
822 #if defined(__LP64__)
823 kentry_initial_pages
= 10;
825 kentry_initial_pages
= 6;
829 /* If using the guard allocator, reserve more memory for the kernel
830 * reserved map entry pool.
832 if (gzalloc_enabled())
833 kentry_initial_pages
*= 1024;
836 kentry_data_size
= kentry_initial_pages
* PAGE_SIZE
;
837 kentry_data
= pmap_steal_memory(kentry_data_size
);
839 map_holes_data_size
= kentry_data_size
;
840 map_holes_data
= pmap_steal_memory(map_holes_data_size
);
844 vm_kernel_reserved_entry_init(void) {
845 zone_prio_refill_configure(vm_map_entry_reserved_zone
, (6*PAGE_SIZE
)/sizeof(struct vm_map_entry
));
846 zone_prio_refill_configure(vm_map_holes_zone
, (6*PAGE_SIZE
)/sizeof(struct vm_map_links
));
850 vm_map_disable_hole_optimization(vm_map_t map
)
852 vm_map_entry_t head_entry
, hole_entry
, next_hole_entry
;
854 if (map
->holelistenabled
) {
856 head_entry
= hole_entry
= (vm_map_entry_t
) map
->holes_list
;
858 while (hole_entry
!= NULL
) {
860 next_hole_entry
= hole_entry
->vme_next
;
862 hole_entry
->vme_next
= NULL
;
863 hole_entry
->vme_prev
= NULL
;
864 zfree(vm_map_holes_zone
, hole_entry
);
866 if (next_hole_entry
== head_entry
) {
869 hole_entry
= next_hole_entry
;
873 map
->holes_list
= NULL
;
874 map
->holelistenabled
= FALSE
;
876 map
->first_free
= vm_map_first_entry(map
);
877 SAVE_HINT_HOLE_WRITE(map
, NULL
);
882 vm_kernel_map_is_kernel(vm_map_t map
) {
883 return (map
->pmap
== kernel_pmap
);
889 * Creates and returns a new empty VM map with
890 * the given physical map structure, and having
891 * the given lower and upper address bounds.
894 boolean_t vm_map_supports_hole_optimization
= TRUE
;
903 static int color_seed
= 0;
904 register vm_map_t result
;
905 struct vm_map_links
*hole_entry
= NULL
;
907 result
= (vm_map_t
) zalloc(vm_map_zone
);
908 if (result
== VM_MAP_NULL
)
909 panic("vm_map_create");
911 vm_map_first_entry(result
) = vm_map_to_entry(result
);
912 vm_map_last_entry(result
) = vm_map_to_entry(result
);
913 result
->hdr
.nentries
= 0;
914 result
->hdr
.entries_pageable
= pageable
;
916 vm_map_store_init( &(result
->hdr
) );
918 result
->hdr
.page_shift
= PAGE_SHIFT
;
921 result
->user_wire_limit
= MACH_VM_MAX_ADDRESS
; /* default limit is unlimited */
922 result
->user_wire_size
= 0;
923 result
->ref_count
= 1;
925 result
->res_count
= 1;
926 result
->sw_state
= MAP_SW_IN
;
927 #endif /* TASK_SWAPPER */
929 result
->min_offset
= min
;
930 result
->max_offset
= max
;
931 result
->wiring_required
= FALSE
;
932 result
->no_zero_fill
= FALSE
;
933 result
->mapped_in_other_pmaps
= FALSE
;
934 result
->wait_for_space
= FALSE
;
935 result
->switch_protect
= FALSE
;
936 result
->disable_vmentry_reuse
= FALSE
;
937 result
->map_disallow_data_exec
= FALSE
;
938 result
->highest_entry_end
= 0;
939 result
->first_free
= vm_map_to_entry(result
);
940 result
->hint
= vm_map_to_entry(result
);
941 result
->color_rr
= (color_seed
++) & vm_color_mask
;
942 result
->jit_entry_exists
= FALSE
;
944 if (vm_map_supports_hole_optimization
&& pmap
!= kernel_pmap
) {
945 hole_entry
= zalloc(vm_map_holes_zone
);
947 hole_entry
->start
= min
;
948 hole_entry
->end
= (max
> (vm_map_offset_t
)MACH_VM_MAX_ADDRESS
) ? max
: (vm_map_offset_t
)MACH_VM_MAX_ADDRESS
;
949 result
->holes_list
= result
->hole_hint
= hole_entry
;
950 hole_entry
->prev
= hole_entry
->next
= (vm_map_entry_t
) hole_entry
;
951 result
->holelistenabled
= TRUE
;
955 result
->holelistenabled
= FALSE
;
959 result
->default_freezer_handle
= NULL
;
961 vm_map_lock_init(result
);
962 lck_mtx_init_ext(&result
->s_lock
, &result
->s_lock_ext
, &vm_map_lck_grp
, &vm_map_lck_attr
);
968 * vm_map_entry_create: [ internal use only ]
970 * Allocates a VM map entry for insertion in the
971 * given map (or map copy). No fields are filled.
973 #define vm_map_entry_create(map, map_locked) _vm_map_entry_create(&(map)->hdr, map_locked)
975 #define vm_map_copy_entry_create(copy, map_locked) \
976 _vm_map_entry_create(&(copy)->cpy_hdr, map_locked)
977 unsigned reserved_zalloc_count
, nonreserved_zalloc_count
;
979 static vm_map_entry_t
980 _vm_map_entry_create(
981 struct vm_map_header
*map_header
, boolean_t __unused map_locked
)
984 vm_map_entry_t entry
;
986 zone
= vm_map_entry_zone
;
988 assert(map_header
->entries_pageable
? !map_locked
: TRUE
);
990 if (map_header
->entries_pageable
) {
991 entry
= (vm_map_entry_t
) zalloc(zone
);
994 entry
= (vm_map_entry_t
) zalloc_canblock(zone
, FALSE
);
996 if (entry
== VM_MAP_ENTRY_NULL
) {
997 zone
= vm_map_entry_reserved_zone
;
998 entry
= (vm_map_entry_t
) zalloc(zone
);
999 OSAddAtomic(1, &reserved_zalloc_count
);
1001 OSAddAtomic(1, &nonreserved_zalloc_count
);
1004 if (entry
== VM_MAP_ENTRY_NULL
)
1005 panic("vm_map_entry_create");
1006 entry
->from_reserved_zone
= (zone
== vm_map_entry_reserved_zone
);
1008 vm_map_store_update( (vm_map_t
) NULL
, entry
, VM_MAP_ENTRY_CREATE
);
1009 #if MAP_ENTRY_CREATION_DEBUG
1010 entry
->vme_creation_maphdr
= map_header
;
1011 fastbacktrace(&entry
->vme_creation_bt
[0],
1012 (sizeof(entry
->vme_creation_bt
)/sizeof(uintptr_t)));
1018 * vm_map_entry_dispose: [ internal use only ]
1020 * Inverse of vm_map_entry_create.
1022 * write map lock held so no need to
1023 * do anything special to insure correctness
1026 #define vm_map_entry_dispose(map, entry) \
1027 _vm_map_entry_dispose(&(map)->hdr, (entry))
1029 #define vm_map_copy_entry_dispose(map, entry) \
1030 _vm_map_entry_dispose(&(copy)->cpy_hdr, (entry))
1033 _vm_map_entry_dispose(
1034 register struct vm_map_header
*map_header
,
1035 register vm_map_entry_t entry
)
1037 register zone_t zone
;
1039 if (map_header
->entries_pageable
|| !(entry
->from_reserved_zone
))
1040 zone
= vm_map_entry_zone
;
1042 zone
= vm_map_entry_reserved_zone
;
1044 if (!map_header
->entries_pageable
) {
1045 if (zone
== vm_map_entry_zone
)
1046 OSAddAtomic(-1, &nonreserved_zalloc_count
);
1048 OSAddAtomic(-1, &reserved_zalloc_count
);
1055 static boolean_t first_free_check
= FALSE
;
1057 first_free_is_valid(
1060 if (!first_free_check
)
1063 return( first_free_is_valid_store( map
));
1065 #endif /* MACH_ASSERT */
1068 #define vm_map_copy_entry_link(copy, after_where, entry) \
1069 _vm_map_store_entry_link(&(copy)->cpy_hdr, after_where, (entry))
1071 #define vm_map_copy_entry_unlink(copy, entry) \
1072 _vm_map_store_entry_unlink(&(copy)->cpy_hdr, (entry))
1074 #if MACH_ASSERT && TASK_SWAPPER
1076 * vm_map_res_reference:
1078 * Adds another valid residence count to the given map.
1080 * Map is locked so this function can be called from
1084 void vm_map_res_reference(register vm_map_t map
)
1086 /* assert map is locked */
1087 assert(map
->res_count
>= 0);
1088 assert(map
->ref_count
>= map
->res_count
);
1089 if (map
->res_count
== 0) {
1090 lck_mtx_unlock(&map
->s_lock
);
1093 lck_mtx_lock(&map
->s_lock
);
1101 * vm_map_reference_swap:
1103 * Adds valid reference and residence counts to the given map.
1105 * The map may not be in memory (i.e. zero residence count).
1108 void vm_map_reference_swap(register vm_map_t map
)
1110 assert(map
!= VM_MAP_NULL
);
1111 lck_mtx_lock(&map
->s_lock
);
1112 assert(map
->res_count
>= 0);
1113 assert(map
->ref_count
>= map
->res_count
);
1115 vm_map_res_reference(map
);
1116 lck_mtx_unlock(&map
->s_lock
);
1120 * vm_map_res_deallocate:
1122 * Decrement residence count on a map; possibly causing swapout.
1124 * The map must be in memory (i.e. non-zero residence count).
1126 * The map is locked, so this function is callable from vm_map_deallocate.
1129 void vm_map_res_deallocate(register vm_map_t map
)
1131 assert(map
->res_count
> 0);
1132 if (--map
->res_count
== 0) {
1133 lck_mtx_unlock(&map
->s_lock
);
1135 vm_map_swapout(map
);
1137 lck_mtx_lock(&map
->s_lock
);
1139 assert(map
->ref_count
>= map
->res_count
);
1141 #endif /* MACH_ASSERT && TASK_SWAPPER */
1146 * Actually destroy a map.
1155 /* final cleanup: no need to unnest shared region */
1156 flags
|= VM_MAP_REMOVE_NO_UNNESTING
;
1158 /* clean up regular map entries */
1159 (void) vm_map_delete(map
, map
->min_offset
, map
->max_offset
,
1160 flags
, VM_MAP_NULL
);
1161 /* clean up leftover special mappings (commpage, etc...) */
1162 (void) vm_map_delete(map
, 0x0, 0xFFFFFFFFFFFFF000ULL
,
1163 flags
, VM_MAP_NULL
);
1166 if (map
->default_freezer_handle
) {
1167 default_freezer_handle_deallocate(map
->default_freezer_handle
);
1168 map
->default_freezer_handle
= NULL
;
1171 vm_map_disable_hole_optimization(map
);
1174 assert(map
->hdr
.nentries
== 0);
1177 pmap_destroy(map
->pmap
);
1179 zfree(vm_map_zone
, map
);
1184 * vm_map_swapin/vm_map_swapout
1186 * Swap a map in and out, either referencing or releasing its resources.
1187 * These functions are internal use only; however, they must be exported
1188 * because they may be called from macros, which are exported.
1190 * In the case of swapout, there could be races on the residence count,
1191 * so if the residence count is up, we return, assuming that a
1192 * vm_map_deallocate() call in the near future will bring us back.
1195 * -- We use the map write lock for synchronization among races.
1196 * -- The map write lock, and not the simple s_lock, protects the
1197 * swap state of the map.
1198 * -- If a map entry is a share map, then we hold both locks, in
1199 * hierarchical order.
1201 * Synchronization Notes:
1202 * 1) If a vm_map_swapin() call happens while swapout in progress, it
1203 * will block on the map lock and proceed when swapout is through.
1204 * 2) A vm_map_reference() call at this time is illegal, and will
1205 * cause a panic. vm_map_reference() is only allowed on resident
1206 * maps, since it refuses to block.
1207 * 3) A vm_map_swapin() call during a swapin will block, and
1208 * proceeed when the first swapin is done, turning into a nop.
1209 * This is the reason the res_count is not incremented until
1210 * after the swapin is complete.
1211 * 4) There is a timing hole after the checks of the res_count, before
1212 * the map lock is taken, during which a swapin may get the lock
1213 * before a swapout about to happen. If this happens, the swapin
1214 * will detect the state and increment the reference count, causing
1215 * the swapout to be a nop, thereby delaying it until a later
1216 * vm_map_deallocate. If the swapout gets the lock first, then
1217 * the swapin will simply block until the swapout is done, and
1220 * Because vm_map_swapin() is potentially an expensive operation, it
1221 * should be used with caution.
1224 * 1) A map with a residence count of zero is either swapped, or
1226 * 2) A map with a non-zero residence count is either resident,
1227 * or being swapped in.
1230 int vm_map_swap_enable
= 1;
1232 void vm_map_swapin (vm_map_t map
)
1234 register vm_map_entry_t entry
;
1236 if (!vm_map_swap_enable
) /* debug */
1241 * First deal with various races.
1243 if (map
->sw_state
== MAP_SW_IN
)
1245 * we raced with swapout and won. Returning will incr.
1246 * the res_count, turning the swapout into a nop.
1251 * The residence count must be zero. If we raced with another
1252 * swapin, the state would have been IN; if we raced with a
1253 * swapout (after another competing swapin), we must have lost
1254 * the race to get here (see above comment), in which case
1255 * res_count is still 0.
1257 assert(map
->res_count
== 0);
1260 * There are no intermediate states of a map going out or
1261 * coming in, since the map is locked during the transition.
1263 assert(map
->sw_state
== MAP_SW_OUT
);
1266 * We now operate upon each map entry. If the entry is a sub-
1267 * or share-map, we call vm_map_res_reference upon it.
1268 * If the entry is an object, we call vm_object_res_reference
1269 * (this may iterate through the shadow chain).
1270 * Note that we hold the map locked the entire time,
1271 * even if we get back here via a recursive call in
1272 * vm_map_res_reference.
1274 entry
= vm_map_first_entry(map
);
1276 while (entry
!= vm_map_to_entry(map
)) {
1277 if (VME_OBJECT(entry
) != VM_OBJECT_NULL
) {
1278 if (entry
->is_sub_map
) {
1279 vm_map_t lmap
= VME_SUBMAP(entry
);
1280 lck_mtx_lock(&lmap
->s_lock
);
1281 vm_map_res_reference(lmap
);
1282 lck_mtx_unlock(&lmap
->s_lock
);
1284 vm_object_t object
= VME_OBEJCT(entry
);
1285 vm_object_lock(object
);
1287 * This call may iterate through the
1290 vm_object_res_reference(object
);
1291 vm_object_unlock(object
);
1294 entry
= entry
->vme_next
;
1296 assert(map
->sw_state
== MAP_SW_OUT
);
1297 map
->sw_state
= MAP_SW_IN
;
1300 void vm_map_swapout(vm_map_t map
)
1302 register vm_map_entry_t entry
;
1306 * First deal with various races.
1307 * If we raced with a swapin and lost, the residence count
1308 * will have been incremented to 1, and we simply return.
1310 lck_mtx_lock(&map
->s_lock
);
1311 if (map
->res_count
!= 0) {
1312 lck_mtx_unlock(&map
->s_lock
);
1315 lck_mtx_unlock(&map
->s_lock
);
1318 * There are no intermediate states of a map going out or
1319 * coming in, since the map is locked during the transition.
1321 assert(map
->sw_state
== MAP_SW_IN
);
1323 if (!vm_map_swap_enable
)
1327 * We now operate upon each map entry. If the entry is a sub-
1328 * or share-map, we call vm_map_res_deallocate upon it.
1329 * If the entry is an object, we call vm_object_res_deallocate
1330 * (this may iterate through the shadow chain).
1331 * Note that we hold the map locked the entire time,
1332 * even if we get back here via a recursive call in
1333 * vm_map_res_deallocate.
1335 entry
= vm_map_first_entry(map
);
1337 while (entry
!= vm_map_to_entry(map
)) {
1338 if (VME_OBJECT(entry
) != VM_OBJECT_NULL
) {
1339 if (entry
->is_sub_map
) {
1340 vm_map_t lmap
= VME_SUBMAP(entry
);
1341 lck_mtx_lock(&lmap
->s_lock
);
1342 vm_map_res_deallocate(lmap
);
1343 lck_mtx_unlock(&lmap
->s_lock
);
1345 vm_object_t object
= VME_OBJECT(entry
);
1346 vm_object_lock(object
);
1348 * This call may take a long time,
1349 * since it could actively push
1350 * out pages (if we implement it
1353 vm_object_res_deallocate(object
);
1354 vm_object_unlock(object
);
1357 entry
= entry
->vme_next
;
1359 assert(map
->sw_state
== MAP_SW_IN
);
1360 map
->sw_state
= MAP_SW_OUT
;
1363 #endif /* TASK_SWAPPER */
1366 * vm_map_lookup_entry: [ internal use only ]
1368 * Calls into the vm map store layer to find the map
1369 * entry containing (or immediately preceding) the
1370 * specified address in the given map; the entry is returned
1371 * in the "entry" parameter. The boolean
1372 * result indicates whether the address is
1373 * actually contained in the map.
1376 vm_map_lookup_entry(
1377 register vm_map_t map
,
1378 register vm_map_offset_t address
,
1379 vm_map_entry_t
*entry
) /* OUT */
1381 return ( vm_map_store_lookup_entry( map
, address
, entry
));
1385 * Routine: vm_map_find_space
1387 * Allocate a range in the specified virtual address map,
1388 * returning the entry allocated for that range.
1389 * Used by kmem_alloc, etc.
1391 * The map must be NOT be locked. It will be returned locked
1392 * on KERN_SUCCESS, unlocked on failure.
1394 * If an entry is allocated, the object/offset fields
1395 * are initialized to zero.
1399 register vm_map_t map
,
1400 vm_map_offset_t
*address
, /* OUT */
1402 vm_map_offset_t mask
,
1404 vm_map_entry_t
*o_entry
) /* OUT */
1406 vm_map_entry_t entry
, new_entry
;
1407 register vm_map_offset_t start
;
1408 register vm_map_offset_t end
;
1409 vm_map_entry_t hole_entry
;
1413 return KERN_INVALID_ARGUMENT
;
1416 if (flags
& VM_FLAGS_GUARD_AFTER
) {
1417 /* account for the back guard page in the size */
1418 size
+= VM_MAP_PAGE_SIZE(map
);
1421 new_entry
= vm_map_entry_create(map
, FALSE
);
1424 * Look for the first possible address; if there's already
1425 * something at this address, we have to start after it.
1430 if( map
->disable_vmentry_reuse
== TRUE
) {
1431 VM_MAP_HIGHEST_ENTRY(map
, entry
, start
);
1433 if (map
->holelistenabled
) {
1434 hole_entry
= (vm_map_entry_t
)map
->holes_list
;
1436 if (hole_entry
== NULL
) {
1438 * No more space in the map?
1440 vm_map_entry_dispose(map
, new_entry
);
1442 return(KERN_NO_SPACE
);
1446 start
= entry
->vme_start
;
1448 assert(first_free_is_valid(map
));
1449 if ((entry
= map
->first_free
) == vm_map_to_entry(map
))
1450 start
= map
->min_offset
;
1452 start
= entry
->vme_end
;
1457 * In any case, the "entry" always precedes
1458 * the proposed new region throughout the loop:
1462 register vm_map_entry_t next
;
1465 * Find the end of the proposed new region.
1466 * Be sure we didn't go beyond the end, or
1467 * wrap around the address.
1470 if (flags
& VM_FLAGS_GUARD_BEFORE
) {
1471 /* reserve space for the front guard page */
1472 start
+= VM_MAP_PAGE_SIZE(map
);
1474 end
= ((start
+ mask
) & ~mask
);
1477 vm_map_entry_dispose(map
, new_entry
);
1479 return(KERN_NO_SPACE
);
1484 if ((end
> map
->max_offset
) || (end
< start
)) {
1485 vm_map_entry_dispose(map
, new_entry
);
1487 return(KERN_NO_SPACE
);
1490 next
= entry
->vme_next
;
1492 if (map
->holelistenabled
) {
1493 if (entry
->vme_end
>= end
)
1497 * If there are no more entries, we must win.
1501 * If there is another entry, it must be
1502 * after the end of the potential new region.
1505 if (next
== vm_map_to_entry(map
))
1508 if (next
->vme_start
>= end
)
1513 * Didn't fit -- move to the next entry.
1518 if (map
->holelistenabled
) {
1519 if (entry
== (vm_map_entry_t
) map
->holes_list
) {
1523 vm_map_entry_dispose(map
, new_entry
);
1525 return(KERN_NO_SPACE
);
1527 start
= entry
->vme_start
;
1529 start
= entry
->vme_end
;
1533 if (map
->holelistenabled
) {
1534 if (vm_map_lookup_entry(map
, entry
->vme_start
, &entry
)) {
1535 panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry
, (unsigned long long)entry
->vme_start
);
1541 * "start" and "end" should define the endpoints of the
1542 * available new range, and
1543 * "entry" should refer to the region before the new
1546 * the map should be locked.
1549 if (flags
& VM_FLAGS_GUARD_BEFORE
) {
1550 /* go back for the front guard page */
1551 start
-= VM_MAP_PAGE_SIZE(map
);
1555 assert(start
< end
);
1556 new_entry
->vme_start
= start
;
1557 new_entry
->vme_end
= end
;
1558 assert(page_aligned(new_entry
->vme_start
));
1559 assert(page_aligned(new_entry
->vme_end
));
1560 assert(VM_MAP_PAGE_ALIGNED(new_entry
->vme_start
,
1561 VM_MAP_PAGE_MASK(map
)));
1562 assert(VM_MAP_PAGE_ALIGNED(new_entry
->vme_end
,
1563 VM_MAP_PAGE_MASK(map
)));
1565 new_entry
->is_shared
= FALSE
;
1566 new_entry
->is_sub_map
= FALSE
;
1567 new_entry
->use_pmap
= TRUE
;
1568 VME_OBJECT_SET(new_entry
, VM_OBJECT_NULL
);
1569 VME_OFFSET_SET(new_entry
, (vm_object_offset_t
) 0);
1571 new_entry
->needs_copy
= FALSE
;
1573 new_entry
->inheritance
= VM_INHERIT_DEFAULT
;
1574 new_entry
->protection
= VM_PROT_DEFAULT
;
1575 new_entry
->max_protection
= VM_PROT_ALL
;
1576 new_entry
->behavior
= VM_BEHAVIOR_DEFAULT
;
1577 new_entry
->wired_count
= 0;
1578 new_entry
->user_wired_count
= 0;
1580 new_entry
->in_transition
= FALSE
;
1581 new_entry
->needs_wakeup
= FALSE
;
1582 new_entry
->no_cache
= FALSE
;
1583 new_entry
->permanent
= FALSE
;
1584 new_entry
->superpage_size
= FALSE
;
1585 if (VM_MAP_PAGE_SHIFT(map
) != PAGE_SHIFT
) {
1586 new_entry
->map_aligned
= TRUE
;
1588 new_entry
->map_aligned
= FALSE
;
1591 new_entry
->used_for_jit
= FALSE
;
1592 new_entry
->zero_wired_pages
= FALSE
;
1593 new_entry
->iokit_acct
= FALSE
;
1594 new_entry
->vme_resilient_codesign
= FALSE
;
1595 new_entry
->vme_resilient_media
= FALSE
;
1598 VM_GET_FLAGS_ALIAS(flags
, alias
);
1599 VME_ALIAS_SET(new_entry
, alias
);
1602 * Insert the new entry into the list
1605 vm_map_store_entry_link(map
, entry
, new_entry
);
1610 * Update the lookup hint
1612 SAVE_HINT_MAP_WRITE(map
, new_entry
);
1614 *o_entry
= new_entry
;
1615 return(KERN_SUCCESS
);
1618 int vm_map_pmap_enter_print
= FALSE
;
1619 int vm_map_pmap_enter_enable
= FALSE
;
1622 * Routine: vm_map_pmap_enter [internal only]
1625 * Force pages from the specified object to be entered into
1626 * the pmap at the specified address if they are present.
1627 * As soon as a page not found in the object the scan ends.
1632 * In/out conditions:
1633 * The source map should not be locked on entry.
1635 __unused
static void
1638 register vm_map_offset_t addr
,
1639 register vm_map_offset_t end_addr
,
1640 register vm_object_t object
,
1641 vm_object_offset_t offset
,
1642 vm_prot_t protection
)
1650 while (addr
< end_addr
) {
1651 register vm_page_t m
;
1656 * From vm_map_enter(), we come into this function without the map
1657 * lock held or the object lock held.
1658 * We haven't taken a reference on the object either.
1659 * We should do a proper lookup on the map to make sure
1660 * that things are sane before we go locking objects that
1661 * could have been deallocated from under us.
1664 vm_object_lock(object
);
1666 m
= vm_page_lookup(object
, offset
);
1669 * The user should never see encrypted data, so do not
1670 * enter an encrypted page in the page table.
1672 if (m
== VM_PAGE_NULL
|| m
->busy
|| m
->encrypted
||
1674 (m
->unusual
&& ( m
->error
|| m
->restart
|| m
->absent
))) {
1675 vm_object_unlock(object
);
1679 if (vm_map_pmap_enter_print
) {
1680 printf("vm_map_pmap_enter:");
1681 printf("map: %p, addr: %llx, object: %p, offset: %llx\n",
1682 map
, (unsigned long long)addr
, object
, (unsigned long long)offset
);
1684 type_of_fault
= DBG_CACHE_HIT_FAULT
;
1685 kr
= vm_fault_enter(m
, map
->pmap
, addr
, protection
, protection
,
1686 VM_PAGE_WIRED(m
), FALSE
, FALSE
, FALSE
,
1687 0, /* XXX need user tag / alias? */
1688 0, /* alternate accounting? */
1692 vm_object_unlock(object
);
1694 offset
+= PAGE_SIZE_64
;
1699 boolean_t
vm_map_pmap_is_empty(
1701 vm_map_offset_t start
,
1702 vm_map_offset_t end
);
1703 boolean_t
vm_map_pmap_is_empty(
1705 vm_map_offset_t start
,
1706 vm_map_offset_t end
)
1708 #ifdef MACHINE_PMAP_IS_EMPTY
1709 return pmap_is_empty(map
->pmap
, start
, end
);
1710 #else /* MACHINE_PMAP_IS_EMPTY */
1711 vm_map_offset_t offset
;
1714 if (map
->pmap
== NULL
) {
1718 for (offset
= start
;
1720 offset
+= PAGE_SIZE
) {
1721 phys_page
= pmap_find_phys(map
->pmap
, offset
);
1723 kprintf("vm_map_pmap_is_empty(%p,0x%llx,0x%llx): "
1724 "page %d at 0x%llx\n",
1725 map
, (long long)start
, (long long)end
,
1726 phys_page
, (long long)offset
);
1731 #endif /* MACHINE_PMAP_IS_EMPTY */
1734 #define MAX_TRIES_TO_GET_RANDOM_ADDRESS 1000
1736 vm_map_random_address_for_size(
1738 vm_map_offset_t
*address
,
1741 kern_return_t kr
= KERN_SUCCESS
;
1743 vm_map_offset_t random_addr
= 0;
1744 vm_map_offset_t hole_end
;
1746 vm_map_entry_t next_entry
= VM_MAP_ENTRY_NULL
;
1747 vm_map_entry_t prev_entry
= VM_MAP_ENTRY_NULL
;
1748 vm_map_size_t vm_hole_size
= 0;
1749 vm_map_size_t addr_space_size
;
1751 addr_space_size
= vm_map_max(map
) - vm_map_min(map
);
1753 assert(page_aligned(size
));
1755 while (tries
< MAX_TRIES_TO_GET_RANDOM_ADDRESS
) {
1756 random_addr
= ((vm_map_offset_t
)random()) << PAGE_SHIFT
;
1757 random_addr
= vm_map_trunc_page(
1758 vm_map_min(map
) +(random_addr
% addr_space_size
),
1759 VM_MAP_PAGE_MASK(map
));
1761 if (vm_map_lookup_entry(map
, random_addr
, &prev_entry
) == FALSE
) {
1762 if (prev_entry
== vm_map_to_entry(map
)) {
1763 next_entry
= vm_map_first_entry(map
);
1765 next_entry
= prev_entry
->vme_next
;
1767 if (next_entry
== vm_map_to_entry(map
)) {
1768 hole_end
= vm_map_max(map
);
1770 hole_end
= next_entry
->vme_start
;
1772 vm_hole_size
= hole_end
- random_addr
;
1773 if (vm_hole_size
>= size
) {
1774 *address
= random_addr
;
1781 if (tries
== MAX_TRIES_TO_GET_RANDOM_ADDRESS
) {
1788 * Routine: vm_map_enter
1791 * Allocate a range in the specified virtual address map.
1792 * The resulting range will refer to memory defined by
1793 * the given memory object and offset into that object.
1795 * Arguments are as defined in the vm_map call.
1797 int _map_enter_debug
= 0;
1798 static unsigned int vm_map_enter_restore_successes
= 0;
1799 static unsigned int vm_map_enter_restore_failures
= 0;
1803 vm_map_offset_t
*address
, /* IN/OUT */
1805 vm_map_offset_t mask
,
1808 vm_object_offset_t offset
,
1809 boolean_t needs_copy
,
1810 vm_prot_t cur_protection
,
1811 vm_prot_t max_protection
,
1812 vm_inherit_t inheritance
)
1814 vm_map_entry_t entry
, new_entry
;
1815 vm_map_offset_t start
, tmp_start
, tmp_offset
;
1816 vm_map_offset_t end
, tmp_end
;
1817 vm_map_offset_t tmp2_start
, tmp2_end
;
1818 vm_map_offset_t step
;
1819 kern_return_t result
= KERN_SUCCESS
;
1820 vm_map_t zap_old_map
= VM_MAP_NULL
;
1821 vm_map_t zap_new_map
= VM_MAP_NULL
;
1822 boolean_t map_locked
= FALSE
;
1823 boolean_t pmap_empty
= TRUE
;
1824 boolean_t new_mapping_established
= FALSE
;
1825 boolean_t keep_map_locked
= ((flags
& VM_FLAGS_KEEP_MAP_LOCKED
) != 0);
1826 boolean_t anywhere
= ((flags
& VM_FLAGS_ANYWHERE
) != 0);
1827 boolean_t purgable
= ((flags
& VM_FLAGS_PURGABLE
) != 0);
1828 boolean_t overwrite
= ((flags
& VM_FLAGS_OVERWRITE
) != 0);
1829 boolean_t no_cache
= ((flags
& VM_FLAGS_NO_CACHE
) != 0);
1830 boolean_t is_submap
= ((flags
& VM_FLAGS_SUBMAP
) != 0);
1831 boolean_t permanent
= ((flags
& VM_FLAGS_PERMANENT
) != 0);
1832 boolean_t entry_for_jit
= ((flags
& VM_FLAGS_MAP_JIT
) != 0);
1833 boolean_t iokit_acct
= ((flags
& VM_FLAGS_IOKIT_ACCT
) != 0);
1834 boolean_t resilient_codesign
= ((flags
& VM_FLAGS_RESILIENT_CODESIGN
) != 0);
1835 boolean_t resilient_media
= ((flags
& VM_FLAGS_RESILIENT_MEDIA
) != 0);
1836 unsigned int superpage_size
= ((flags
& VM_FLAGS_SUPERPAGE_MASK
) >> VM_FLAGS_SUPERPAGE_SHIFT
);
1837 vm_tag_t alias
, user_alias
;
1838 vm_map_offset_t effective_min_offset
, effective_max_offset
;
1840 boolean_t clear_map_aligned
= FALSE
;
1841 vm_map_entry_t hole_entry
;
1843 if (superpage_size
) {
1844 switch (superpage_size
) {
1846 * Note that the current implementation only supports
1847 * a single size for superpages, SUPERPAGE_SIZE, per
1848 * architecture. As soon as more sizes are supposed
1849 * to be supported, SUPERPAGE_SIZE has to be replaced
1850 * with a lookup of the size depending on superpage_size.
1853 case SUPERPAGE_SIZE_ANY
:
1854 /* handle it like 2 MB and round up to page size */
1855 size
= (size
+ 2*1024*1024 - 1) & ~(2*1024*1024 - 1);
1856 case SUPERPAGE_SIZE_2MB
:
1860 return KERN_INVALID_ARGUMENT
;
1862 mask
= SUPERPAGE_SIZE
-1;
1863 if (size
& (SUPERPAGE_SIZE
-1))
1864 return KERN_INVALID_ARGUMENT
;
1865 inheritance
= VM_INHERIT_NONE
; /* fork() children won't inherit superpages */
1870 if (resilient_codesign
|| resilient_media
) {
1871 if ((cur_protection
& (VM_PROT_WRITE
| VM_PROT_EXECUTE
)) ||
1872 (max_protection
& (VM_PROT_WRITE
| VM_PROT_EXECUTE
))) {
1873 return KERN_PROTECTION_FAILURE
;
1879 /* submaps can not be purgeable */
1880 return KERN_INVALID_ARGUMENT
;
1882 if (object
== VM_OBJECT_NULL
) {
1883 /* submaps can not be created lazily */
1884 return KERN_INVALID_ARGUMENT
;
1887 if (flags
& VM_FLAGS_ALREADY
) {
1889 * VM_FLAGS_ALREADY says that it's OK if the same mapping
1890 * is already present. For it to be meaningul, the requested
1891 * mapping has to be at a fixed address (!VM_FLAGS_ANYWHERE) and
1892 * we shouldn't try and remove what was mapped there first
1893 * (!VM_FLAGS_OVERWRITE).
1895 if ((flags
& VM_FLAGS_ANYWHERE
) ||
1896 (flags
& VM_FLAGS_OVERWRITE
)) {
1897 return KERN_INVALID_ARGUMENT
;
1901 effective_min_offset
= map
->min_offset
;
1903 if (flags
& VM_FLAGS_BEYOND_MAX
) {
1905 * Allow an insertion beyond the map's max offset.
1907 if (vm_map_is_64bit(map
))
1908 effective_max_offset
= 0xFFFFFFFFFFFFF000ULL
;
1910 effective_max_offset
= 0x00000000FFFFF000ULL
;
1912 effective_max_offset
= map
->max_offset
;
1916 (offset
& PAGE_MASK_64
) != 0) {
1918 return KERN_INVALID_ARGUMENT
;
1921 VM_GET_FLAGS_ALIAS(flags
, alias
);
1922 if (map
->pmap
== kernel_pmap
) {
1923 user_alias
= VM_KERN_MEMORY_NONE
;
1928 #define RETURN(value) { result = value; goto BailOut; }
1930 assert(page_aligned(*address
));
1931 assert(page_aligned(size
));
1933 if (!VM_MAP_PAGE_ALIGNED(size
, VM_MAP_PAGE_MASK(map
))) {
1935 * In most cases, the caller rounds the size up to the
1937 * If we get a size that is explicitly not map-aligned here,
1938 * we'll have to respect the caller's wish and mark the
1939 * mapping as "not map-aligned" to avoid tripping the
1940 * map alignment checks later.
1942 clear_map_aligned
= TRUE
;
1945 !VM_MAP_PAGE_ALIGNED(*address
, VM_MAP_PAGE_MASK(map
))) {
1947 * We've been asked to map at a fixed address and that
1948 * address is not aligned to the map's specific alignment.
1949 * The caller should know what it's doing (i.e. most likely
1950 * mapping some fragmented copy map, transferring memory from
1951 * a VM map with a different alignment), so clear map_aligned
1952 * for this new VM map entry and proceed.
1954 clear_map_aligned
= TRUE
;
1958 * Only zero-fill objects are allowed to be purgable.
1959 * LP64todo - limit purgable objects to 32-bits for now
1963 (object
!= VM_OBJECT_NULL
&&
1964 (object
->vo_size
!= size
||
1965 object
->purgable
== VM_PURGABLE_DENY
))
1966 || size
> ANON_MAX_SIZE
)) /* LP64todo: remove when dp capable */
1967 return KERN_INVALID_ARGUMENT
;
1969 if (!anywhere
&& overwrite
) {
1971 * Create a temporary VM map to hold the old mappings in the
1972 * affected area while we create the new one.
1973 * This avoids releasing the VM map lock in
1974 * vm_map_entry_delete() and allows atomicity
1975 * when we want to replace some mappings with a new one.
1976 * It also allows us to restore the old VM mappings if the
1977 * new mapping fails.
1979 zap_old_map
= vm_map_create(PMAP_NULL
,
1982 map
->hdr
.entries_pageable
);
1983 vm_map_set_page_shift(zap_old_map
, VM_MAP_PAGE_SHIFT(map
));
1984 vm_map_disable_hole_optimization(zap_old_map
);
1995 if (entry_for_jit
) {
1996 if (map
->jit_entry_exists
) {
1997 result
= KERN_INVALID_ARGUMENT
;
2001 * Get a random start address.
2003 result
= vm_map_random_address_for_size(map
, address
, size
);
2004 if (result
!= KERN_SUCCESS
) {
2012 * Calculate the first possible address.
2015 if (start
< effective_min_offset
)
2016 start
= effective_min_offset
;
2017 if (start
> effective_max_offset
)
2018 RETURN(KERN_NO_SPACE
);
2021 * Look for the first possible address;
2022 * if there's already something at this
2023 * address, we have to start after it.
2026 if( map
->disable_vmentry_reuse
== TRUE
) {
2027 VM_MAP_HIGHEST_ENTRY(map
, entry
, start
);
2030 if (map
->holelistenabled
) {
2031 hole_entry
= (vm_map_entry_t
)map
->holes_list
;
2033 if (hole_entry
== NULL
) {
2035 * No more space in the map?
2037 result
= KERN_NO_SPACE
;
2041 boolean_t found_hole
= FALSE
;
2044 if (hole_entry
->vme_start
>= start
) {
2045 start
= hole_entry
->vme_start
;
2050 if (hole_entry
->vme_end
> start
) {
2054 hole_entry
= hole_entry
->vme_next
;
2056 } while (hole_entry
!= (vm_map_entry_t
) map
->holes_list
);
2058 if (found_hole
== FALSE
) {
2059 result
= KERN_NO_SPACE
;
2066 start
+= PAGE_SIZE_64
;
2069 assert(first_free_is_valid(map
));
2071 entry
= map
->first_free
;
2073 if (entry
== vm_map_to_entry(map
)) {
2076 if (entry
->vme_next
== vm_map_to_entry(map
)){
2078 * Hole at the end of the map.
2082 if (start
< (entry
->vme_next
)->vme_start
) {
2083 start
= entry
->vme_end
;
2084 start
= vm_map_round_page(start
,
2085 VM_MAP_PAGE_MASK(map
));
2088 * Need to do a lookup.
2095 if (entry
== NULL
) {
2096 vm_map_entry_t tmp_entry
;
2097 if (vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
2098 assert(!entry_for_jit
);
2099 start
= tmp_entry
->vme_end
;
2100 start
= vm_map_round_page(start
,
2101 VM_MAP_PAGE_MASK(map
));
2109 * In any case, the "entry" always precedes
2110 * the proposed new region throughout the
2115 register vm_map_entry_t next
;
2118 * Find the end of the proposed new region.
2119 * Be sure we didn't go beyond the end, or
2120 * wrap around the address.
2123 end
= ((start
+ mask
) & ~mask
);
2124 end
= vm_map_round_page(end
,
2125 VM_MAP_PAGE_MASK(map
));
2127 RETURN(KERN_NO_SPACE
);
2129 assert(VM_MAP_PAGE_ALIGNED(start
,
2130 VM_MAP_PAGE_MASK(map
)));
2133 if ((end
> effective_max_offset
) || (end
< start
)) {
2134 if (map
->wait_for_space
) {
2135 assert(!keep_map_locked
);
2136 if (size
<= (effective_max_offset
-
2137 effective_min_offset
)) {
2138 assert_wait((event_t
)map
,
2142 thread_block(THREAD_CONTINUE_NULL
);
2146 RETURN(KERN_NO_SPACE
);
2149 next
= entry
->vme_next
;
2151 if (map
->holelistenabled
) {
2152 if (entry
->vme_end
>= end
)
2156 * If there are no more entries, we must win.
2160 * If there is another entry, it must be
2161 * after the end of the potential new region.
2164 if (next
== vm_map_to_entry(map
))
2167 if (next
->vme_start
>= end
)
2172 * Didn't fit -- move to the next entry.
2177 if (map
->holelistenabled
) {
2178 if (entry
== (vm_map_entry_t
) map
->holes_list
) {
2182 result
= KERN_NO_SPACE
;
2185 start
= entry
->vme_start
;
2187 start
= entry
->vme_end
;
2190 start
= vm_map_round_page(start
,
2191 VM_MAP_PAGE_MASK(map
));
2194 if (map
->holelistenabled
) {
2195 if (vm_map_lookup_entry(map
, entry
->vme_start
, &entry
)) {
2196 panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry
, (unsigned long long)entry
->vme_start
);
2201 assert(VM_MAP_PAGE_ALIGNED(*address
,
2202 VM_MAP_PAGE_MASK(map
)));
2206 * the address doesn't itself violate
2207 * the mask requirement.
2212 if ((start
& mask
) != 0)
2213 RETURN(KERN_NO_SPACE
);
2216 * ... the address is within bounds
2221 if ((start
< effective_min_offset
) ||
2222 (end
> effective_max_offset
) ||
2224 RETURN(KERN_INVALID_ADDRESS
);
2227 if (overwrite
&& zap_old_map
!= VM_MAP_NULL
) {
2229 * Fixed mapping and "overwrite" flag: attempt to
2230 * remove all existing mappings in the specified
2231 * address range, saving them in our "zap_old_map".
2233 (void) vm_map_delete(map
, start
, end
,
2234 (VM_MAP_REMOVE_SAVE_ENTRIES
|
2235 VM_MAP_REMOVE_NO_MAP_ALIGN
),
2240 * ... the starting address isn't allocated
2243 if (vm_map_lookup_entry(map
, start
, &entry
)) {
2244 if (! (flags
& VM_FLAGS_ALREADY
)) {
2245 RETURN(KERN_NO_SPACE
);
2248 * Check if what's already there is what we want.
2251 tmp_offset
= offset
;
2252 if (entry
->vme_start
< start
) {
2253 tmp_start
-= start
- entry
->vme_start
;
2254 tmp_offset
-= start
- entry
->vme_start
;
2257 for (; entry
->vme_start
< end
;
2258 entry
= entry
->vme_next
) {
2260 * Check if the mapping's attributes
2261 * match the existing map entry.
2263 if (entry
== vm_map_to_entry(map
) ||
2264 entry
->vme_start
!= tmp_start
||
2265 entry
->is_sub_map
!= is_submap
||
2266 VME_OFFSET(entry
) != tmp_offset
||
2267 entry
->needs_copy
!= needs_copy
||
2268 entry
->protection
!= cur_protection
||
2269 entry
->max_protection
!= max_protection
||
2270 entry
->inheritance
!= inheritance
||
2271 entry
->iokit_acct
!= iokit_acct
||
2272 VME_ALIAS(entry
) != alias
) {
2273 /* not the same mapping ! */
2274 RETURN(KERN_NO_SPACE
);
2277 * Check if the same object is being mapped.
2280 if (VME_SUBMAP(entry
) !=
2281 (vm_map_t
) object
) {
2282 /* not the same submap */
2283 RETURN(KERN_NO_SPACE
);
2286 if (VME_OBJECT(entry
) != object
) {
2287 /* not the same VM object... */
2290 obj2
= VME_OBJECT(entry
);
2291 if ((obj2
== VM_OBJECT_NULL
||
2293 (object
== VM_OBJECT_NULL
||
2294 object
->internal
)) {
2301 RETURN(KERN_NO_SPACE
);
2306 tmp_offset
+= entry
->vme_end
- entry
->vme_start
;
2307 tmp_start
+= entry
->vme_end
- entry
->vme_start
;
2308 if (entry
->vme_end
>= end
) {
2309 /* reached the end of our mapping */
2313 /* it all matches: let's use what's already there ! */
2314 RETURN(KERN_MEMORY_PRESENT
);
2318 * ... the next region doesn't overlap the
2322 if ((entry
->vme_next
!= vm_map_to_entry(map
)) &&
2323 (entry
->vme_next
->vme_start
< end
))
2324 RETURN(KERN_NO_SPACE
);
2329 * "start" and "end" should define the endpoints of the
2330 * available new range, and
2331 * "entry" should refer to the region before the new
2334 * the map should be locked.
2338 * See whether we can avoid creating a new entry (and object) by
2339 * extending one of our neighbors. [So far, we only attempt to
2340 * extend from below.] Note that we can never extend/join
2341 * purgable objects because they need to remain distinct
2342 * entities in order to implement their "volatile object"
2346 if (purgable
|| entry_for_jit
) {
2347 if (object
== VM_OBJECT_NULL
) {
2349 object
= vm_object_allocate(size
);
2350 object
->copy_strategy
= MEMORY_OBJECT_COPY_NONE
;
2351 object
->true_share
= TRUE
;
2354 object
->purgable
= VM_PURGABLE_NONVOLATILE
;
2355 if (map
->pmap
== kernel_pmap
) {
2357 * Purgeable mappings made in a kernel
2358 * map are "owned" by the kernel itself
2359 * rather than the current user task
2360 * because they're likely to be used by
2361 * more than this user task (see
2362 * execargs_purgeable_allocate(), for
2365 owner
= kernel_task
;
2367 owner
= current_task();
2369 assert(object
->vo_purgeable_owner
== NULL
);
2370 assert(object
->resident_page_count
== 0);
2371 assert(object
->wired_page_count
== 0);
2372 vm_object_lock(object
);
2373 vm_purgeable_nonvolatile_enqueue(object
, owner
);
2374 vm_object_unlock(object
);
2376 offset
= (vm_object_offset_t
)0;
2378 } else if ((is_submap
== FALSE
) &&
2379 (object
== VM_OBJECT_NULL
) &&
2380 (entry
!= vm_map_to_entry(map
)) &&
2381 (entry
->vme_end
== start
) &&
2382 (!entry
->is_shared
) &&
2383 (!entry
->is_sub_map
) &&
2384 (!entry
->in_transition
) &&
2385 (!entry
->needs_wakeup
) &&
2386 (entry
->behavior
== VM_BEHAVIOR_DEFAULT
) &&
2387 (entry
->protection
== cur_protection
) &&
2388 (entry
->max_protection
== max_protection
) &&
2389 (entry
->inheritance
== inheritance
) &&
2390 ((user_alias
== VM_MEMORY_REALLOC
) ||
2391 (VME_ALIAS(entry
) == alias
)) &&
2392 (entry
->no_cache
== no_cache
) &&
2393 (entry
->permanent
== permanent
) &&
2394 (!entry
->superpage_size
&& !superpage_size
) &&
2396 * No coalescing if not map-aligned, to avoid propagating
2397 * that condition any further than needed:
2399 (!entry
->map_aligned
|| !clear_map_aligned
) &&
2400 (!entry
->zero_wired_pages
) &&
2401 (!entry
->used_for_jit
&& !entry_for_jit
) &&
2402 (entry
->iokit_acct
== iokit_acct
) &&
2403 (!entry
->vme_resilient_codesign
) &&
2404 (!entry
->vme_resilient_media
) &&
2406 ((entry
->vme_end
- entry
->vme_start
) + size
<=
2407 (user_alias
== VM_MEMORY_REALLOC
?
2409 NO_COALESCE_LIMIT
)) &&
2411 (entry
->wired_count
== 0)) { /* implies user_wired_count == 0 */
2412 if (vm_object_coalesce(VME_OBJECT(entry
),
2415 (vm_object_offset_t
) 0,
2416 (vm_map_size_t
)(entry
->vme_end
- entry
->vme_start
),
2417 (vm_map_size_t
)(end
- entry
->vme_end
))) {
2420 * Coalesced the two objects - can extend
2421 * the previous map entry to include the
2424 map
->size
+= (end
- entry
->vme_end
);
2425 assert(entry
->vme_start
< end
);
2426 assert(VM_MAP_PAGE_ALIGNED(end
,
2427 VM_MAP_PAGE_MASK(map
)));
2428 if (__improbable(vm_debug_events
))
2429 DTRACE_VM5(map_entry_extend
, vm_map_t
, map
, vm_map_entry_t
, entry
, vm_address_t
, entry
->vme_start
, vm_address_t
, entry
->vme_end
, vm_address_t
, end
);
2430 entry
->vme_end
= end
;
2431 if (map
->holelistenabled
) {
2432 vm_map_store_update_first_free(map
, entry
, TRUE
);
2434 vm_map_store_update_first_free(map
, map
->first_free
, TRUE
);
2436 new_mapping_established
= TRUE
;
2437 RETURN(KERN_SUCCESS
);
2441 step
= superpage_size
? SUPERPAGE_SIZE
: (end
- start
);
2444 for (tmp2_start
= start
; tmp2_start
<end
; tmp2_start
+= step
) {
2445 tmp2_end
= tmp2_start
+ step
;
2447 * Create a new entry
2448 * LP64todo - for now, we can only allocate 4GB internal objects
2449 * because the default pager can't page bigger ones. Remove this
2453 * The reserved "page zero" in each process's address space can
2454 * be arbitrarily large. Splitting it into separate 4GB objects and
2455 * therefore different VM map entries serves no purpose and just
2456 * slows down operations on the VM map, so let's not split the
2457 * allocation into 4GB chunks if the max protection is NONE. That
2458 * memory should never be accessible, so it will never get to the
2461 tmp_start
= tmp2_start
;
2462 if (object
== VM_OBJECT_NULL
&&
2463 size
> (vm_map_size_t
)ANON_CHUNK_SIZE
&&
2464 max_protection
!= VM_PROT_NONE
&&
2465 superpage_size
== 0)
2466 tmp_end
= tmp_start
+ (vm_map_size_t
)ANON_CHUNK_SIZE
;
2470 new_entry
= vm_map_entry_insert(map
, entry
, tmp_start
, tmp_end
,
2471 object
, offset
, needs_copy
,
2473 cur_protection
, max_protection
,
2474 VM_BEHAVIOR_DEFAULT
,
2475 (entry_for_jit
)? VM_INHERIT_NONE
: inheritance
,
2482 assert((object
!= kernel_object
) || (VM_KERN_MEMORY_NONE
!= alias
));
2483 VME_ALIAS_SET(new_entry
, alias
);
2486 if (!(map
->jit_entry_exists
)){
2487 new_entry
->used_for_jit
= TRUE
;
2488 map
->jit_entry_exists
= TRUE
;
2492 if (resilient_codesign
&&
2493 ! ((cur_protection
| max_protection
) &
2494 (VM_PROT_WRITE
| VM_PROT_EXECUTE
))) {
2495 new_entry
->vme_resilient_codesign
= TRUE
;
2498 if (resilient_media
&&
2499 ! ((cur_protection
| max_protection
) &
2500 (VM_PROT_WRITE
| VM_PROT_EXECUTE
))) {
2501 new_entry
->vme_resilient_media
= TRUE
;
2504 assert(!new_entry
->iokit_acct
);
2506 object
!= VM_OBJECT_NULL
&&
2507 object
->purgable
!= VM_PURGABLE_DENY
) {
2508 assert(new_entry
->use_pmap
);
2509 assert(!new_entry
->iokit_acct
);
2511 * Turn off pmap accounting since
2512 * purgeable objects have their
2515 new_entry
->use_pmap
= FALSE
;
2516 } else if (!is_submap
&&
2518 /* alternate accounting */
2519 assert(!new_entry
->iokit_acct
);
2520 assert(new_entry
->use_pmap
);
2521 new_entry
->iokit_acct
= TRUE
;
2522 new_entry
->use_pmap
= FALSE
;
2523 vm_map_iokit_mapped_region(
2525 (new_entry
->vme_end
-
2526 new_entry
->vme_start
));
2527 } else if (!is_submap
) {
2528 assert(!new_entry
->iokit_acct
);
2529 assert(new_entry
->use_pmap
);
2534 boolean_t submap_is_64bit
;
2537 assert(new_entry
->is_sub_map
);
2538 assert(!new_entry
->use_pmap
);
2539 assert(!new_entry
->iokit_acct
);
2540 submap
= (vm_map_t
) object
;
2541 submap_is_64bit
= vm_map_is_64bit(submap
);
2542 use_pmap
= (user_alias
== VM_MEMORY_SHARED_PMAP
);
2543 #ifndef NO_NESTED_PMAP
2544 if (use_pmap
&& submap
->pmap
== NULL
) {
2545 ledger_t ledger
= map
->pmap
->ledger
;
2546 /* we need a sub pmap to nest... */
2547 submap
->pmap
= pmap_create(ledger
, 0,
2549 if (submap
->pmap
== NULL
) {
2550 /* let's proceed without nesting... */
2553 if (use_pmap
&& submap
->pmap
!= NULL
) {
2554 kr
= pmap_nest(map
->pmap
,
2558 tmp_end
- tmp_start
);
2559 if (kr
!= KERN_SUCCESS
) {
2560 printf("vm_map_enter: "
2561 "pmap_nest(0x%llx,0x%llx) "
2563 (long long)tmp_start
,
2567 /* we're now nested ! */
2568 new_entry
->use_pmap
= TRUE
;
2572 #endif /* NO_NESTED_PMAP */
2576 if (superpage_size
) {
2578 vm_object_t sp_object
;
2580 VME_OFFSET_SET(entry
, 0);
2582 /* allocate one superpage */
2583 kr
= cpm_allocate(SUPERPAGE_SIZE
, &pages
, 0, SUPERPAGE_NBASEPAGES
-1, TRUE
, 0);
2584 if (kr
!= KERN_SUCCESS
) {
2585 /* deallocate whole range... */
2586 new_mapping_established
= TRUE
;
2587 /* ... but only up to "tmp_end" */
2588 size
-= end
- tmp_end
;
2592 /* create one vm_object per superpage */
2593 sp_object
= vm_object_allocate((vm_map_size_t
)(entry
->vme_end
- entry
->vme_start
));
2594 sp_object
->phys_contiguous
= TRUE
;
2595 sp_object
->vo_shadow_offset
= (vm_object_offset_t
)pages
->phys_page
*PAGE_SIZE
;
2596 VME_OBJECT_SET(entry
, sp_object
);
2597 assert(entry
->use_pmap
);
2599 /* enter the base pages into the object */
2600 vm_object_lock(sp_object
);
2601 for (offset
= 0; offset
< SUPERPAGE_SIZE
; offset
+= PAGE_SIZE
) {
2603 pmap_zero_page(m
->phys_page
);
2604 pages
= NEXT_PAGE(m
);
2605 *(NEXT_PAGE_PTR(m
)) = VM_PAGE_NULL
;
2606 vm_page_insert_wired(m
, sp_object
, offset
, VM_KERN_MEMORY_OSFMK
);
2608 vm_object_unlock(sp_object
);
2610 } while (tmp_end
!= tmp2_end
&&
2611 (tmp_start
= tmp_end
) &&
2612 (tmp_end
= (tmp2_end
- tmp_end
> (vm_map_size_t
)ANON_CHUNK_SIZE
) ?
2613 tmp_end
+ (vm_map_size_t
)ANON_CHUNK_SIZE
: tmp2_end
));
2616 new_mapping_established
= TRUE
;
2619 assert(map_locked
== TRUE
);
2621 if (result
== KERN_SUCCESS
) {
2622 vm_prot_t pager_prot
;
2623 memory_object_t pager
;
2627 !(flags
& VM_FLAGS_NO_PMAP_CHECK
)) {
2628 assert(vm_map_pmap_is_empty(map
,
2635 * For "named" VM objects, let the pager know that the
2636 * memory object is being mapped. Some pagers need to keep
2637 * track of this, to know when they can reclaim the memory
2638 * object, for example.
2639 * VM calls memory_object_map() for each mapping (specifying
2640 * the protection of each mapping) and calls
2641 * memory_object_last_unmap() when all the mappings are gone.
2643 pager_prot
= max_protection
;
2646 * Copy-On-Write mapping: won't modify
2647 * the memory object.
2649 pager_prot
&= ~VM_PROT_WRITE
;
2652 object
!= VM_OBJECT_NULL
&&
2654 object
->pager
!= MEMORY_OBJECT_NULL
) {
2655 vm_object_lock(object
);
2656 pager
= object
->pager
;
2657 if (object
->named
&&
2658 pager
!= MEMORY_OBJECT_NULL
) {
2659 assert(object
->pager_ready
);
2660 vm_object_mapping_wait(object
, THREAD_UNINT
);
2661 vm_object_mapping_begin(object
);
2662 vm_object_unlock(object
);
2664 kr
= memory_object_map(pager
, pager_prot
);
2665 assert(kr
== KERN_SUCCESS
);
2667 vm_object_lock(object
);
2668 vm_object_mapping_end(object
);
2670 vm_object_unlock(object
);
2674 assert(map_locked
== TRUE
);
2676 if (!keep_map_locked
) {
2682 * We can't hold the map lock if we enter this block.
2685 if (result
== KERN_SUCCESS
) {
2687 /* Wire down the new entry if the user
2688 * requested all new map entries be wired.
2690 if ((map
->wiring_required
)||(superpage_size
)) {
2691 assert(!keep_map_locked
);
2692 pmap_empty
= FALSE
; /* pmap won't be empty */
2693 kr
= vm_map_wire(map
, start
, end
,
2694 new_entry
->protection
| VM_PROT_MEMORY_TAG_MAKE(VM_KERN_MEMORY_MLOCK
),
2701 if (result
!= KERN_SUCCESS
) {
2702 if (new_mapping_established
) {
2704 * We have to get rid of the new mappings since we
2705 * won't make them available to the user.
2706 * Try and do that atomically, to minimize the risk
2707 * that someone else create new mappings that range.
2709 zap_new_map
= vm_map_create(PMAP_NULL
,
2712 map
->hdr
.entries_pageable
);
2713 vm_map_set_page_shift(zap_new_map
,
2714 VM_MAP_PAGE_SHIFT(map
));
2715 vm_map_disable_hole_optimization(zap_new_map
);
2721 (void) vm_map_delete(map
, *address
, *address
+size
,
2722 (VM_MAP_REMOVE_SAVE_ENTRIES
|
2723 VM_MAP_REMOVE_NO_MAP_ALIGN
),
2726 if (zap_old_map
!= VM_MAP_NULL
&&
2727 zap_old_map
->hdr
.nentries
!= 0) {
2728 vm_map_entry_t entry1
, entry2
;
2731 * The new mapping failed. Attempt to restore
2732 * the old mappings, saved in the "zap_old_map".
2739 /* first check if the coast is still clear */
2740 start
= vm_map_first_entry(zap_old_map
)->vme_start
;
2741 end
= vm_map_last_entry(zap_old_map
)->vme_end
;
2742 if (vm_map_lookup_entry(map
, start
, &entry1
) ||
2743 vm_map_lookup_entry(map
, end
, &entry2
) ||
2746 * Part of that range has already been
2747 * re-mapped: we can't restore the old
2750 vm_map_enter_restore_failures
++;
2753 * Transfer the saved map entries from
2754 * "zap_old_map" to the original "map",
2755 * inserting them all after "entry1".
2757 for (entry2
= vm_map_first_entry(zap_old_map
);
2758 entry2
!= vm_map_to_entry(zap_old_map
);
2759 entry2
= vm_map_first_entry(zap_old_map
)) {
2760 vm_map_size_t entry_size
;
2762 entry_size
= (entry2
->vme_end
-
2764 vm_map_store_entry_unlink(zap_old_map
,
2766 zap_old_map
->size
-= entry_size
;
2767 vm_map_store_entry_link(map
, entry1
, entry2
);
2768 map
->size
+= entry_size
;
2771 if (map
->wiring_required
) {
2773 * XXX TODO: we should rewire the
2777 vm_map_enter_restore_successes
++;
2783 * The caller is responsible for releasing the lock if it requested to
2784 * keep the map locked.
2786 if (map_locked
&& !keep_map_locked
) {
2791 * Get rid of the "zap_maps" and all the map entries that
2792 * they may still contain.
2794 if (zap_old_map
!= VM_MAP_NULL
) {
2795 vm_map_destroy(zap_old_map
, VM_MAP_REMOVE_NO_PMAP_CLEANUP
);
2796 zap_old_map
= VM_MAP_NULL
;
2798 if (zap_new_map
!= VM_MAP_NULL
) {
2799 vm_map_destroy(zap_new_map
, VM_MAP_REMOVE_NO_PMAP_CLEANUP
);
2800 zap_new_map
= VM_MAP_NULL
;
2810 * Counters for the prefault optimization.
2812 int64_t vm_prefault_nb_pages
= 0;
2813 int64_t vm_prefault_nb_bailout
= 0;
2815 static kern_return_t
2816 vm_map_enter_mem_object_helper(
2817 vm_map_t target_map
,
2818 vm_map_offset_t
*address
,
2819 vm_map_size_t initial_size
,
2820 vm_map_offset_t mask
,
2823 vm_object_offset_t offset
,
2825 vm_prot_t cur_protection
,
2826 vm_prot_t max_protection
,
2827 vm_inherit_t inheritance
,
2828 upl_page_list_ptr_t page_list
,
2829 unsigned int page_list_count
)
2831 vm_map_address_t map_addr
;
2832 vm_map_size_t map_size
;
2834 vm_object_size_t size
;
2835 kern_return_t result
;
2836 boolean_t mask_cur_protection
, mask_max_protection
;
2837 boolean_t try_prefault
= (page_list_count
!= 0);
2838 vm_map_offset_t offset_in_mapping
= 0;
2840 mask_cur_protection
= cur_protection
& VM_PROT_IS_MASK
;
2841 mask_max_protection
= max_protection
& VM_PROT_IS_MASK
;
2842 cur_protection
&= ~VM_PROT_IS_MASK
;
2843 max_protection
&= ~VM_PROT_IS_MASK
;
2846 * Check arguments for validity
2848 if ((target_map
== VM_MAP_NULL
) ||
2849 (cur_protection
& ~VM_PROT_ALL
) ||
2850 (max_protection
& ~VM_PROT_ALL
) ||
2851 (inheritance
> VM_INHERIT_LAST_VALID
) ||
2852 (try_prefault
&& (copy
|| !page_list
)) ||
2853 initial_size
== 0) {
2854 return KERN_INVALID_ARGUMENT
;
2858 map_addr
= vm_map_trunc_page(*address
,
2859 VM_MAP_PAGE_MASK(target_map
));
2860 map_size
= vm_map_round_page(initial_size
,
2861 VM_MAP_PAGE_MASK(target_map
));
2863 size
= vm_object_round_page(initial_size
);
2866 * Find the vm object (if any) corresponding to this port.
2868 if (!IP_VALID(port
)) {
2869 object
= VM_OBJECT_NULL
;
2872 } else if (ip_kotype(port
) == IKOT_NAMED_ENTRY
) {
2873 vm_named_entry_t named_entry
;
2875 named_entry
= (vm_named_entry_t
) port
->ip_kobject
;
2877 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
2878 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
2879 offset
+= named_entry
->data_offset
;
2882 /* a few checks to make sure user is obeying rules */
2884 if (offset
>= named_entry
->size
)
2885 return KERN_INVALID_RIGHT
;
2886 size
= named_entry
->size
- offset
;
2888 if (mask_max_protection
) {
2889 max_protection
&= named_entry
->protection
;
2891 if (mask_cur_protection
) {
2892 cur_protection
&= named_entry
->protection
;
2894 if ((named_entry
->protection
& max_protection
) !=
2896 return KERN_INVALID_RIGHT
;
2897 if ((named_entry
->protection
& cur_protection
) !=
2899 return KERN_INVALID_RIGHT
;
2900 if (offset
+ size
< offset
) {
2902 return KERN_INVALID_ARGUMENT
;
2904 if (named_entry
->size
< (offset
+ initial_size
)) {
2905 return KERN_INVALID_ARGUMENT
;
2908 if (named_entry
->is_copy
) {
2909 /* for a vm_map_copy, we can only map it whole */
2910 if ((size
!= named_entry
->size
) &&
2911 (vm_map_round_page(size
,
2912 VM_MAP_PAGE_MASK(target_map
)) ==
2913 named_entry
->size
)) {
2914 /* XXX FBDP use the rounded size... */
2915 size
= vm_map_round_page(
2917 VM_MAP_PAGE_MASK(target_map
));
2920 if (!(flags
& VM_FLAGS_ANYWHERE
) &&
2922 size
!= named_entry
->size
)) {
2924 * XXX for a mapping at a "fixed" address,
2925 * we can't trim after mapping the whole
2926 * memory entry, so reject a request for a
2929 return KERN_INVALID_ARGUMENT
;
2933 /* the callers parameter offset is defined to be the */
2934 /* offset from beginning of named entry offset in object */
2935 offset
= offset
+ named_entry
->offset
;
2937 if (! VM_MAP_PAGE_ALIGNED(size
,
2938 VM_MAP_PAGE_MASK(target_map
))) {
2940 * Let's not map more than requested;
2941 * vm_map_enter() will handle this "not map-aligned"
2947 named_entry_lock(named_entry
);
2948 if (named_entry
->is_sub_map
) {
2951 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
2952 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
2953 panic("VM_FLAGS_RETURN_DATA_ADDR not expected for submap.");
2956 submap
= named_entry
->backing
.map
;
2957 vm_map_lock(submap
);
2958 vm_map_reference(submap
);
2959 vm_map_unlock(submap
);
2960 named_entry_unlock(named_entry
);
2962 result
= vm_map_enter(target_map
,
2966 flags
| VM_FLAGS_SUBMAP
,
2967 (vm_object_t
) submap
,
2973 if (result
!= KERN_SUCCESS
) {
2974 vm_map_deallocate(submap
);
2977 * No need to lock "submap" just to check its
2978 * "mapped" flag: that flag is never reset
2979 * once it's been set and if we race, we'll
2980 * just end up setting it twice, which is OK.
2982 if (submap
->mapped_in_other_pmaps
== FALSE
&&
2983 vm_map_pmap(submap
) != PMAP_NULL
&&
2984 vm_map_pmap(submap
) !=
2985 vm_map_pmap(target_map
)) {
2987 * This submap is being mapped in a map
2988 * that uses a different pmap.
2989 * Set its "mapped_in_other_pmaps" flag
2990 * to indicate that we now need to
2991 * remove mappings from all pmaps rather
2992 * than just the submap's pmap.
2994 vm_map_lock(submap
);
2995 submap
->mapped_in_other_pmaps
= TRUE
;
2996 vm_map_unlock(submap
);
2998 *address
= map_addr
;
3002 } else if (named_entry
->is_pager
) {
3003 unsigned int access
;
3004 vm_prot_t protections
;
3005 unsigned int wimg_mode
;
3007 protections
= named_entry
->protection
& VM_PROT_ALL
;
3008 access
= GET_MAP_MEM(named_entry
->protection
);
3010 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3011 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3012 panic("VM_FLAGS_RETURN_DATA_ADDR not expected for submap.");
3015 object
= vm_object_enter(named_entry
->backing
.pager
,
3017 named_entry
->internal
,
3020 if (object
== VM_OBJECT_NULL
) {
3021 named_entry_unlock(named_entry
);
3022 return KERN_INVALID_OBJECT
;
3025 /* JMM - drop reference on pager here */
3027 /* create an extra ref for the named entry */
3028 vm_object_lock(object
);
3029 vm_object_reference_locked(object
);
3030 named_entry
->backing
.object
= object
;
3031 named_entry
->is_pager
= FALSE
;
3032 named_entry_unlock(named_entry
);
3034 wimg_mode
= object
->wimg_bits
;
3036 if (access
== MAP_MEM_IO
) {
3037 wimg_mode
= VM_WIMG_IO
;
3038 } else if (access
== MAP_MEM_COPYBACK
) {
3039 wimg_mode
= VM_WIMG_USE_DEFAULT
;
3040 } else if (access
== MAP_MEM_INNERWBACK
) {
3041 wimg_mode
= VM_WIMG_INNERWBACK
;
3042 } else if (access
== MAP_MEM_WTHRU
) {
3043 wimg_mode
= VM_WIMG_WTHRU
;
3044 } else if (access
== MAP_MEM_WCOMB
) {
3045 wimg_mode
= VM_WIMG_WCOMB
;
3048 /* wait for object (if any) to be ready */
3049 if (!named_entry
->internal
) {
3050 while (!object
->pager_ready
) {
3053 VM_OBJECT_EVENT_PAGER_READY
,
3055 vm_object_lock(object
);
3059 if (object
->wimg_bits
!= wimg_mode
)
3060 vm_object_change_wimg_mode(object
, wimg_mode
);
3062 #if VM_OBJECT_TRACKING_OP_TRUESHARE
3063 if (!object
->true_share
&&
3064 vm_object_tracking_inited
) {
3065 void *bt
[VM_OBJECT_TRACKING_BTDEPTH
];
3068 num
= OSBacktrace(bt
,
3069 VM_OBJECT_TRACKING_BTDEPTH
);
3070 btlog_add_entry(vm_object_tracking_btlog
,
3072 VM_OBJECT_TRACKING_OP_TRUESHARE
,
3076 #endif /* VM_OBJECT_TRACKING_OP_TRUESHARE */
3078 object
->true_share
= TRUE
;
3080 if (object
->copy_strategy
== MEMORY_OBJECT_COPY_SYMMETRIC
)
3081 object
->copy_strategy
= MEMORY_OBJECT_COPY_DELAY
;
3082 vm_object_unlock(object
);
3084 } else if (named_entry
->is_copy
) {
3086 vm_map_copy_t copy_map
;
3087 vm_map_entry_t copy_entry
;
3088 vm_map_offset_t copy_addr
;
3090 if (flags
& ~(VM_FLAGS_FIXED
|
3092 VM_FLAGS_OVERWRITE
|
3093 VM_FLAGS_RETURN_4K_DATA_ADDR
|
3094 VM_FLAGS_RETURN_DATA_ADDR
)) {
3095 named_entry_unlock(named_entry
);
3096 return KERN_INVALID_ARGUMENT
;
3099 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3100 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3101 offset_in_mapping
= offset
- vm_object_trunc_page(offset
);
3102 if (flags
& VM_FLAGS_RETURN_4K_DATA_ADDR
)
3103 offset_in_mapping
&= ~((signed)(0xFFF));
3104 offset
= vm_object_trunc_page(offset
);
3105 map_size
= vm_object_round_page(offset
+ offset_in_mapping
+ initial_size
) - offset
;
3108 copy_map
= named_entry
->backing
.copy
;
3109 assert(copy_map
->type
== VM_MAP_COPY_ENTRY_LIST
);
3110 if (copy_map
->type
!= VM_MAP_COPY_ENTRY_LIST
) {
3111 /* unsupported type; should not happen */
3112 printf("vm_map_enter_mem_object: "
3113 "memory_entry->backing.copy "
3114 "unsupported type 0x%x\n",
3116 named_entry_unlock(named_entry
);
3117 return KERN_INVALID_ARGUMENT
;
3120 /* reserve a contiguous range */
3121 kr
= vm_map_enter(target_map
,
3123 /* map whole mem entry, trim later: */
3126 flags
& (VM_FLAGS_ANYWHERE
|
3127 VM_FLAGS_OVERWRITE
|
3128 VM_FLAGS_RETURN_4K_DATA_ADDR
|
3129 VM_FLAGS_RETURN_DATA_ADDR
),
3136 if (kr
!= KERN_SUCCESS
) {
3137 named_entry_unlock(named_entry
);
3141 copy_addr
= map_addr
;
3143 for (copy_entry
= vm_map_copy_first_entry(copy_map
);
3144 copy_entry
!= vm_map_copy_to_entry(copy_map
);
3145 copy_entry
= copy_entry
->vme_next
) {
3146 int remap_flags
= 0;
3147 vm_map_t copy_submap
;
3148 vm_object_t copy_object
;
3149 vm_map_size_t copy_size
;
3150 vm_object_offset_t copy_offset
;
3152 copy_offset
= VME_OFFSET(copy_entry
);
3153 copy_size
= (copy_entry
->vme_end
-
3154 copy_entry
->vme_start
);
3157 if ((copy_addr
+ copy_size
) >
3159 named_entry
->size
/* XXX full size */ )) {
3160 /* over-mapping too much !? */
3161 kr
= KERN_INVALID_ARGUMENT
;
3166 /* take a reference on the object */
3167 if (copy_entry
->is_sub_map
) {
3168 remap_flags
|= VM_FLAGS_SUBMAP
;
3169 copy_submap
= VME_SUBMAP(copy_entry
);
3170 vm_map_lock(copy_submap
);
3171 vm_map_reference(copy_submap
);
3172 vm_map_unlock(copy_submap
);
3173 copy_object
= (vm_object_t
) copy_submap
;
3175 copy_object
= VME_OBJECT(copy_entry
);
3176 vm_object_reference(copy_object
);
3179 /* over-map the object into destination */
3180 remap_flags
|= flags
;
3181 remap_flags
|= VM_FLAGS_FIXED
;
3182 remap_flags
|= VM_FLAGS_OVERWRITE
;
3183 remap_flags
&= ~VM_FLAGS_ANYWHERE
;
3184 kr
= vm_map_enter(target_map
,
3187 (vm_map_offset_t
) 0,
3195 if (kr
!= KERN_SUCCESS
) {
3196 if (copy_entry
->is_sub_map
) {
3197 vm_map_deallocate(copy_submap
);
3199 vm_object_deallocate(copy_object
);
3206 copy_addr
+= copy_size
;
3209 if (kr
== KERN_SUCCESS
) {
3210 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3211 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3212 *address
= map_addr
+ offset_in_mapping
;
3214 *address
= map_addr
;
3219 * Trim in front, from 0 to "offset".
3221 vm_map_remove(target_map
,
3227 if (offset
+ map_size
< named_entry
->size
) {
3229 * Trim in back, from
3230 * "offset + map_size" to
3231 * "named_entry->size".
3233 vm_map_remove(target_map
,
3241 named_entry_unlock(named_entry
);
3243 if (kr
!= KERN_SUCCESS
) {
3244 if (! (flags
& VM_FLAGS_OVERWRITE
)) {
3245 /* deallocate the contiguous range */
3246 (void) vm_deallocate(target_map
,
3255 /* This is the case where we are going to map */
3256 /* an already mapped object. If the object is */
3257 /* not ready it is internal. An external */
3258 /* object cannot be mapped until it is ready */
3259 /* we can therefore avoid the ready check */
3261 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3262 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3263 offset_in_mapping
= offset
- vm_object_trunc_page(offset
);
3264 if (flags
& VM_FLAGS_RETURN_4K_DATA_ADDR
)
3265 offset_in_mapping
&= ~((signed)(0xFFF));
3266 offset
= vm_object_trunc_page(offset
);
3267 map_size
= vm_object_round_page(offset
+ offset_in_mapping
+ initial_size
) - offset
;
3270 object
= named_entry
->backing
.object
;
3271 assert(object
!= VM_OBJECT_NULL
);
3272 named_entry_unlock(named_entry
);
3273 vm_object_reference(object
);
3275 } else if (ip_kotype(port
) == IKOT_MEMORY_OBJECT
) {
3277 * JMM - This is temporary until we unify named entries
3278 * and raw memory objects.
3280 * Detected fake ip_kotype for a memory object. In
3281 * this case, the port isn't really a port at all, but
3282 * instead is just a raw memory object.
3284 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3285 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3286 panic("VM_FLAGS_RETURN_DATA_ADDR not expected for raw memory object.");
3289 object
= vm_object_enter((memory_object_t
)port
,
3290 size
, FALSE
, FALSE
, FALSE
);
3291 if (object
== VM_OBJECT_NULL
)
3292 return KERN_INVALID_OBJECT
;
3294 /* wait for object (if any) to be ready */
3295 if (object
!= VM_OBJECT_NULL
) {
3296 if (object
== kernel_object
) {
3297 printf("Warning: Attempt to map kernel object"
3298 " by a non-private kernel entity\n");
3299 return KERN_INVALID_OBJECT
;
3301 if (!object
->pager_ready
) {
3302 vm_object_lock(object
);
3304 while (!object
->pager_ready
) {
3305 vm_object_wait(object
,
3306 VM_OBJECT_EVENT_PAGER_READY
,
3308 vm_object_lock(object
);
3310 vm_object_unlock(object
);
3314 return KERN_INVALID_OBJECT
;
3317 if (object
!= VM_OBJECT_NULL
&&
3319 object
->pager
!= MEMORY_OBJECT_NULL
&&
3320 object
->copy_strategy
!= MEMORY_OBJECT_COPY_NONE
) {
3321 memory_object_t pager
;
3322 vm_prot_t pager_prot
;
3326 * For "named" VM objects, let the pager know that the
3327 * memory object is being mapped. Some pagers need to keep
3328 * track of this, to know when they can reclaim the memory
3329 * object, for example.
3330 * VM calls memory_object_map() for each mapping (specifying
3331 * the protection of each mapping) and calls
3332 * memory_object_last_unmap() when all the mappings are gone.
3334 pager_prot
= max_protection
;
3337 * Copy-On-Write mapping: won't modify the
3340 pager_prot
&= ~VM_PROT_WRITE
;
3342 vm_object_lock(object
);
3343 pager
= object
->pager
;
3344 if (object
->named
&&
3345 pager
!= MEMORY_OBJECT_NULL
&&
3346 object
->copy_strategy
!= MEMORY_OBJECT_COPY_NONE
) {
3347 assert(object
->pager_ready
);
3348 vm_object_mapping_wait(object
, THREAD_UNINT
);
3349 vm_object_mapping_begin(object
);
3350 vm_object_unlock(object
);
3352 kr
= memory_object_map(pager
, pager_prot
);
3353 assert(kr
== KERN_SUCCESS
);
3355 vm_object_lock(object
);
3356 vm_object_mapping_end(object
);
3358 vm_object_unlock(object
);
3362 * Perform the copy if requested
3366 vm_object_t new_object
;
3367 vm_object_offset_t new_offset
;
3369 result
= vm_object_copy_strategically(object
, offset
,
3371 &new_object
, &new_offset
,
3375 if (result
== KERN_MEMORY_RESTART_COPY
) {
3377 boolean_t src_needs_copy
;
3381 * We currently ignore src_needs_copy.
3382 * This really is the issue of how to make
3383 * MEMORY_OBJECT_COPY_SYMMETRIC safe for
3384 * non-kernel users to use. Solution forthcoming.
3385 * In the meantime, since we don't allow non-kernel
3386 * memory managers to specify symmetric copy,
3387 * we won't run into problems here.
3389 new_object
= object
;
3390 new_offset
= offset
;
3391 success
= vm_object_copy_quickly(&new_object
,
3397 result
= KERN_SUCCESS
;
3400 * Throw away the reference to the
3401 * original object, as it won't be mapped.
3404 vm_object_deallocate(object
);
3406 if (result
!= KERN_SUCCESS
) {
3410 object
= new_object
;
3411 offset
= new_offset
;
3415 * If users want to try to prefault pages, the mapping and prefault
3416 * needs to be atomic.
3419 flags
|= VM_FLAGS_KEEP_MAP_LOCKED
;
3422 result
= vm_map_enter(target_map
,
3423 &map_addr
, map_size
,
3424 (vm_map_offset_t
)mask
,
3428 cur_protection
, max_protection
,
3431 if (result
!= KERN_SUCCESS
)
3432 vm_object_deallocate(object
);
3435 * Try to prefault, and do not forget to release the vm map lock.
3437 if (result
== KERN_SUCCESS
&& try_prefault
) {
3438 mach_vm_address_t va
= map_addr
;
3439 kern_return_t kr
= KERN_SUCCESS
;
3442 for (i
= 0; i
< page_list_count
; ++i
) {
3443 if (UPL_VALID_PAGE(page_list
, i
)) {
3445 * If this function call failed, we should stop
3446 * trying to optimize, other calls are likely
3447 * going to fail too.
3449 * We are not gonna report an error for such
3450 * failure though. That's an optimization, not
3451 * something critical.
3453 kr
= pmap_enter_options(target_map
->pmap
,
3454 va
, UPL_PHYS_PAGE(page_list
, i
),
3455 cur_protection
, VM_PROT_NONE
,
3456 0, TRUE
, PMAP_OPTIONS_NOWAIT
, NULL
);
3457 if (kr
!= KERN_SUCCESS
) {
3458 OSIncrementAtomic64(&vm_prefault_nb_bailout
);
3461 OSIncrementAtomic64(&vm_prefault_nb_pages
);
3464 /* Next virtual address */
3467 vm_map_unlock(target_map
);
3470 if (flags
& (VM_FLAGS_RETURN_DATA_ADDR
|
3471 VM_FLAGS_RETURN_4K_DATA_ADDR
)) {
3472 *address
= map_addr
+ offset_in_mapping
;
3474 *address
= map_addr
;
3480 vm_map_enter_mem_object(
3481 vm_map_t target_map
,
3482 vm_map_offset_t
*address
,
3483 vm_map_size_t initial_size
,
3484 vm_map_offset_t mask
,
3487 vm_object_offset_t offset
,
3489 vm_prot_t cur_protection
,
3490 vm_prot_t max_protection
,
3491 vm_inherit_t inheritance
)
3493 return vm_map_enter_mem_object_helper(target_map
, address
, initial_size
, mask
, flags
,
3494 port
, offset
, copy
, cur_protection
, max_protection
,
3495 inheritance
, NULL
, 0);
3499 vm_map_enter_mem_object_prefault(
3500 vm_map_t target_map
,
3501 vm_map_offset_t
*address
,
3502 vm_map_size_t initial_size
,
3503 vm_map_offset_t mask
,
3506 vm_object_offset_t offset
,
3507 vm_prot_t cur_protection
,
3508 vm_prot_t max_protection
,
3509 upl_page_list_ptr_t page_list
,
3510 unsigned int page_list_count
)
3512 return vm_map_enter_mem_object_helper(target_map
, address
, initial_size
, mask
, flags
,
3513 port
, offset
, FALSE
, cur_protection
, max_protection
,
3514 VM_INHERIT_DEFAULT
, page_list
, page_list_count
);
3519 vm_map_enter_mem_object_control(
3520 vm_map_t target_map
,
3521 vm_map_offset_t
*address
,
3522 vm_map_size_t initial_size
,
3523 vm_map_offset_t mask
,
3525 memory_object_control_t control
,
3526 vm_object_offset_t offset
,
3528 vm_prot_t cur_protection
,
3529 vm_prot_t max_protection
,
3530 vm_inherit_t inheritance
)
3532 vm_map_address_t map_addr
;
3533 vm_map_size_t map_size
;
3535 vm_object_size_t size
;
3536 kern_return_t result
;
3537 memory_object_t pager
;
3538 vm_prot_t pager_prot
;
3542 * Check arguments for validity
3544 if ((target_map
== VM_MAP_NULL
) ||
3545 (cur_protection
& ~VM_PROT_ALL
) ||
3546 (max_protection
& ~VM_PROT_ALL
) ||
3547 (inheritance
> VM_INHERIT_LAST_VALID
) ||
3548 initial_size
== 0) {
3549 return KERN_INVALID_ARGUMENT
;
3553 map_addr
= vm_map_trunc_page(*address
,
3554 VM_MAP_PAGE_MASK(target_map
));
3555 map_size
= vm_map_round_page(initial_size
,
3556 VM_MAP_PAGE_MASK(target_map
));
3558 size
= vm_object_round_page(initial_size
);
3560 object
= memory_object_control_to_vm_object(control
);
3562 if (object
== VM_OBJECT_NULL
)
3563 return KERN_INVALID_OBJECT
;
3565 if (object
== kernel_object
) {
3566 printf("Warning: Attempt to map kernel object"
3567 " by a non-private kernel entity\n");
3568 return KERN_INVALID_OBJECT
;
3571 vm_object_lock(object
);
3572 object
->ref_count
++;
3573 vm_object_res_reference(object
);
3576 * For "named" VM objects, let the pager know that the
3577 * memory object is being mapped. Some pagers need to keep
3578 * track of this, to know when they can reclaim the memory
3579 * object, for example.
3580 * VM calls memory_object_map() for each mapping (specifying
3581 * the protection of each mapping) and calls
3582 * memory_object_last_unmap() when all the mappings are gone.
3584 pager_prot
= max_protection
;
3586 pager_prot
&= ~VM_PROT_WRITE
;
3588 pager
= object
->pager
;
3589 if (object
->named
&&
3590 pager
!= MEMORY_OBJECT_NULL
&&
3591 object
->copy_strategy
!= MEMORY_OBJECT_COPY_NONE
) {
3592 assert(object
->pager_ready
);
3593 vm_object_mapping_wait(object
, THREAD_UNINT
);
3594 vm_object_mapping_begin(object
);
3595 vm_object_unlock(object
);
3597 kr
= memory_object_map(pager
, pager_prot
);
3598 assert(kr
== KERN_SUCCESS
);
3600 vm_object_lock(object
);
3601 vm_object_mapping_end(object
);
3603 vm_object_unlock(object
);
3606 * Perform the copy if requested
3610 vm_object_t new_object
;
3611 vm_object_offset_t new_offset
;
3613 result
= vm_object_copy_strategically(object
, offset
, size
,
3614 &new_object
, &new_offset
,
3618 if (result
== KERN_MEMORY_RESTART_COPY
) {
3620 boolean_t src_needs_copy
;
3624 * We currently ignore src_needs_copy.
3625 * This really is the issue of how to make
3626 * MEMORY_OBJECT_COPY_SYMMETRIC safe for
3627 * non-kernel users to use. Solution forthcoming.
3628 * In the meantime, since we don't allow non-kernel
3629 * memory managers to specify symmetric copy,
3630 * we won't run into problems here.
3632 new_object
= object
;
3633 new_offset
= offset
;
3634 success
= vm_object_copy_quickly(&new_object
,
3639 result
= KERN_SUCCESS
;
3642 * Throw away the reference to the
3643 * original object, as it won't be mapped.
3646 vm_object_deallocate(object
);
3648 if (result
!= KERN_SUCCESS
) {
3652 object
= new_object
;
3653 offset
= new_offset
;
3657 result
= vm_map_enter(target_map
,
3658 &map_addr
, map_size
,
3659 (vm_map_offset_t
)mask
,
3663 cur_protection
, max_protection
,
3666 if (result
!= KERN_SUCCESS
)
3667 vm_object_deallocate(object
);
3668 *address
= map_addr
;
3677 extern pmap_paddr_t avail_start
, avail_end
;
3681 * Allocate memory in the specified map, with the caveat that
3682 * the memory is physically contiguous. This call may fail
3683 * if the system can't find sufficient contiguous memory.
3684 * This call may cause or lead to heart-stopping amounts of
3687 * Memory obtained from this call should be freed in the
3688 * normal way, viz., via vm_deallocate.
3693 vm_map_offset_t
*addr
,
3697 vm_object_t cpm_obj
;
3701 vm_map_offset_t va
, start
, end
, offset
;
3703 vm_map_offset_t prev_addr
= 0;
3704 #endif /* MACH_ASSERT */
3706 boolean_t anywhere
= ((VM_FLAGS_ANYWHERE
& flags
) != 0);
3709 VM_GET_FLAGS_ALIAS(flags
, tag
);
3713 return KERN_SUCCESS
;
3716 *addr
= vm_map_min(map
);
3718 *addr
= vm_map_trunc_page(*addr
,
3719 VM_MAP_PAGE_MASK(map
));
3720 size
= vm_map_round_page(size
,
3721 VM_MAP_PAGE_MASK(map
));
3724 * LP64todo - cpm_allocate should probably allow
3725 * allocations of >4GB, but not with the current
3726 * algorithm, so just cast down the size for now.
3728 if (size
> VM_MAX_ADDRESS
)
3729 return KERN_RESOURCE_SHORTAGE
;
3730 if ((kr
= cpm_allocate(CAST_DOWN(vm_size_t
, size
),
3731 &pages
, 0, 0, TRUE
, flags
)) != KERN_SUCCESS
)
3734 cpm_obj
= vm_object_allocate((vm_object_size_t
)size
);
3735 assert(cpm_obj
!= VM_OBJECT_NULL
);
3736 assert(cpm_obj
->internal
);
3737 assert(cpm_obj
->vo_size
== (vm_object_size_t
)size
);
3738 assert(cpm_obj
->can_persist
== FALSE
);
3739 assert(cpm_obj
->pager_created
== FALSE
);
3740 assert(cpm_obj
->pageout
== FALSE
);
3741 assert(cpm_obj
->shadow
== VM_OBJECT_NULL
);
3744 * Insert pages into object.
3747 vm_object_lock(cpm_obj
);
3748 for (offset
= 0; offset
< size
; offset
+= PAGE_SIZE
) {
3750 pages
= NEXT_PAGE(m
);
3751 *(NEXT_PAGE_PTR(m
)) = VM_PAGE_NULL
;
3753 assert(!m
->gobbled
);
3755 assert(!m
->pageout
);
3757 assert(VM_PAGE_WIRED(m
));
3760 * "m" is not supposed to be pageable, so it
3761 * should not be encrypted. It wouldn't be safe
3762 * to enter it in a new VM object while encrypted.
3764 ASSERT_PAGE_DECRYPTED(m
);
3766 assert(m
->phys_page
>=(avail_start
>>PAGE_SHIFT
) && m
->phys_page
<=(avail_end
>>PAGE_SHIFT
));
3769 vm_page_insert(m
, cpm_obj
, offset
);
3771 assert(cpm_obj
->resident_page_count
== size
/ PAGE_SIZE
);
3772 vm_object_unlock(cpm_obj
);
3775 * Hang onto a reference on the object in case a
3776 * multi-threaded application for some reason decides
3777 * to deallocate the portion of the address space into
3778 * which we will insert this object.
3780 * Unfortunately, we must insert the object now before
3781 * we can talk to the pmap module about which addresses
3782 * must be wired down. Hence, the race with a multi-
3785 vm_object_reference(cpm_obj
);
3788 * Insert object into map.
3798 (vm_object_offset_t
)0,
3802 VM_INHERIT_DEFAULT
);
3804 if (kr
!= KERN_SUCCESS
) {
3806 * A CPM object doesn't have can_persist set,
3807 * so all we have to do is deallocate it to
3808 * free up these pages.
3810 assert(cpm_obj
->pager_created
== FALSE
);
3811 assert(cpm_obj
->can_persist
== FALSE
);
3812 assert(cpm_obj
->pageout
== FALSE
);
3813 assert(cpm_obj
->shadow
== VM_OBJECT_NULL
);
3814 vm_object_deallocate(cpm_obj
); /* kill acquired ref */
3815 vm_object_deallocate(cpm_obj
); /* kill creation ref */
3819 * Inform the physical mapping system that the
3820 * range of addresses may not fault, so that
3821 * page tables and such can be locked down as well.
3825 pmap
= vm_map_pmap(map
);
3826 pmap_pageable(pmap
, start
, end
, FALSE
);
3829 * Enter each page into the pmap, to avoid faults.
3830 * Note that this loop could be coded more efficiently,
3831 * if the need arose, rather than looking up each page
3834 for (offset
= 0, va
= start
; offset
< size
;
3835 va
+= PAGE_SIZE
, offset
+= PAGE_SIZE
) {
3838 vm_object_lock(cpm_obj
);
3839 m
= vm_page_lookup(cpm_obj
, (vm_object_offset_t
)offset
);
3840 assert(m
!= VM_PAGE_NULL
);
3842 vm_page_zero_fill(m
);
3844 type_of_fault
= DBG_ZERO_FILL_FAULT
;
3846 vm_fault_enter(m
, pmap
, va
, VM_PROT_ALL
, VM_PROT_WRITE
,
3847 VM_PAGE_WIRED(m
), FALSE
, FALSE
, FALSE
, 0, NULL
,
3850 vm_object_unlock(cpm_obj
);
3855 * Verify ordering in address space.
3857 for (offset
= 0; offset
< size
; offset
+= PAGE_SIZE
) {
3858 vm_object_lock(cpm_obj
);
3859 m
= vm_page_lookup(cpm_obj
, (vm_object_offset_t
)offset
);
3860 vm_object_unlock(cpm_obj
);
3861 if (m
== VM_PAGE_NULL
)
3862 panic("vm_allocate_cpm: obj %p off 0x%llx no page",
3863 cpm_obj
, (uint64_t)offset
);
3867 assert(!m
->fictitious
);
3868 assert(!m
->private);
3871 assert(!m
->cleaning
);
3872 assert(!m
->laundry
);
3873 assert(!m
->precious
);
3874 assert(!m
->clustered
);
3876 if (m
->phys_page
!= prev_addr
+ 1) {
3877 printf("start 0x%llx end 0x%llx va 0x%llx\n",
3878 (uint64_t)start
, (uint64_t)end
, (uint64_t)va
);
3879 printf("obj %p off 0x%llx\n", cpm_obj
, (uint64_t)offset
);
3880 printf("m %p prev_address 0x%llx\n", m
, (uint64_t)prev_addr
);
3881 panic("vm_allocate_cpm: pages not contig!");
3884 prev_addr
= m
->phys_page
;
3886 #endif /* MACH_ASSERT */
3888 vm_object_deallocate(cpm_obj
); /* kill extra ref */
3897 * Interface is defined in all cases, but unless the kernel
3898 * is built explicitly for this option, the interface does
3904 __unused vm_map_t map
,
3905 __unused vm_map_offset_t
*addr
,
3906 __unused vm_map_size_t size
,
3909 return KERN_FAILURE
;
3913 /* Not used without nested pmaps */
3914 #ifndef NO_NESTED_PMAP
3916 * Clip and unnest a portion of a nested submap mapping.
3923 vm_map_entry_t entry
,
3924 vm_map_offset_t start_unnest
,
3925 vm_map_offset_t end_unnest
)
3927 vm_map_offset_t old_start_unnest
= start_unnest
;
3928 vm_map_offset_t old_end_unnest
= end_unnest
;
3930 assert(entry
->is_sub_map
);
3931 assert(VME_SUBMAP(entry
) != NULL
);
3932 assert(entry
->use_pmap
);
3935 * Query the platform for the optimal unnest range.
3936 * DRK: There's some duplication of effort here, since
3937 * callers may have adjusted the range to some extent. This
3938 * routine was introduced to support 1GiB subtree nesting
3939 * for x86 platforms, which can also nest on 2MiB boundaries
3940 * depending on size/alignment.
3942 if (pmap_adjust_unnest_parameters(map
->pmap
, &start_unnest
, &end_unnest
)) {
3943 log_unnest_badness(map
, old_start_unnest
, old_end_unnest
);
3946 if (entry
->vme_start
> start_unnest
||
3947 entry
->vme_end
< end_unnest
) {
3948 panic("vm_map_clip_unnest(0x%llx,0x%llx): "
3949 "bad nested entry: start=0x%llx end=0x%llx\n",
3950 (long long)start_unnest
, (long long)end_unnest
,
3951 (long long)entry
->vme_start
, (long long)entry
->vme_end
);
3954 if (start_unnest
> entry
->vme_start
) {
3955 _vm_map_clip_start(&map
->hdr
,
3958 if (map
->holelistenabled
) {
3959 vm_map_store_update_first_free(map
, NULL
, FALSE
);
3961 vm_map_store_update_first_free(map
, map
->first_free
, FALSE
);
3964 if (entry
->vme_end
> end_unnest
) {
3965 _vm_map_clip_end(&map
->hdr
,
3968 if (map
->holelistenabled
) {
3969 vm_map_store_update_first_free(map
, NULL
, FALSE
);
3971 vm_map_store_update_first_free(map
, map
->first_free
, FALSE
);
3975 pmap_unnest(map
->pmap
,
3977 entry
->vme_end
- entry
->vme_start
);
3978 if ((map
->mapped_in_other_pmaps
) && (map
->ref_count
)) {
3979 /* clean up parent map/maps */
3980 vm_map_submap_pmap_clean(
3981 map
, entry
->vme_start
,
3986 entry
->use_pmap
= FALSE
;
3987 if ((map
->pmap
!= kernel_pmap
) &&
3988 (VME_ALIAS(entry
) == VM_MEMORY_SHARED_PMAP
)) {
3989 VME_ALIAS_SET(entry
, VM_MEMORY_UNSHARED_PMAP
);
3992 #endif /* NO_NESTED_PMAP */
3995 * vm_map_clip_start: [ internal use only ]
3997 * Asserts that the given entry begins at or after
3998 * the specified address; if necessary,
3999 * it splits the entry into two.
4004 vm_map_entry_t entry
,
4005 vm_map_offset_t startaddr
)
4007 #ifndef NO_NESTED_PMAP
4008 if (entry
->is_sub_map
&&
4010 startaddr
>= entry
->vme_start
) {
4011 vm_map_offset_t start_unnest
, end_unnest
;
4014 * Make sure "startaddr" is no longer in a nested range
4015 * before we clip. Unnest only the minimum range the platform
4017 * vm_map_clip_unnest may perform additional adjustments to
4020 start_unnest
= startaddr
& ~(pmap_nesting_size_min
- 1);
4021 end_unnest
= start_unnest
+ pmap_nesting_size_min
;
4022 vm_map_clip_unnest(map
, entry
, start_unnest
, end_unnest
);
4024 #endif /* NO_NESTED_PMAP */
4025 if (startaddr
> entry
->vme_start
) {
4026 if (VME_OBJECT(entry
) &&
4027 !entry
->is_sub_map
&&
4028 VME_OBJECT(entry
)->phys_contiguous
) {
4029 pmap_remove(map
->pmap
,
4030 (addr64_t
)(entry
->vme_start
),
4031 (addr64_t
)(entry
->vme_end
));
4033 _vm_map_clip_start(&map
->hdr
, entry
, startaddr
);
4034 if (map
->holelistenabled
) {
4035 vm_map_store_update_first_free(map
, NULL
, FALSE
);
4037 vm_map_store_update_first_free(map
, map
->first_free
, FALSE
);
4043 #define vm_map_copy_clip_start(copy, entry, startaddr) \
4045 if ((startaddr) > (entry)->vme_start) \
4046 _vm_map_clip_start(&(copy)->cpy_hdr,(entry),(startaddr)); \
4050 * This routine is called only when it is known that
4051 * the entry must be split.
4055 register struct vm_map_header
*map_header
,
4056 register vm_map_entry_t entry
,
4057 register vm_map_offset_t start
)
4059 register vm_map_entry_t new_entry
;
4062 * Split off the front portion --
4063 * note that we must insert the new
4064 * entry BEFORE this one, so that
4065 * this entry has the specified starting
4069 if (entry
->map_aligned
) {
4070 assert(VM_MAP_PAGE_ALIGNED(start
,
4071 VM_MAP_HDR_PAGE_MASK(map_header
)));
4074 new_entry
= _vm_map_entry_create(map_header
, !map_header
->entries_pageable
);
4075 vm_map_entry_copy_full(new_entry
, entry
);
4077 new_entry
->vme_end
= start
;
4078 assert(new_entry
->vme_start
< new_entry
->vme_end
);
4079 VME_OFFSET_SET(entry
, VME_OFFSET(entry
) + (start
- entry
->vme_start
));
4080 assert(start
< entry
->vme_end
);
4081 entry
->vme_start
= start
;
4083 _vm_map_store_entry_link(map_header
, entry
->vme_prev
, new_entry
);
4085 if (entry
->is_sub_map
)
4086 vm_map_reference(VME_SUBMAP(new_entry
));
4088 vm_object_reference(VME_OBJECT(new_entry
));
4093 * vm_map_clip_end: [ internal use only ]
4095 * Asserts that the given entry ends at or before
4096 * the specified address; if necessary,
4097 * it splits the entry into two.
4102 vm_map_entry_t entry
,
4103 vm_map_offset_t endaddr
)
4105 if (endaddr
> entry
->vme_end
) {
4107 * Within the scope of this clipping, limit "endaddr" to
4108 * the end of this map entry...
4110 endaddr
= entry
->vme_end
;
4112 #ifndef NO_NESTED_PMAP
4113 if (entry
->is_sub_map
&& entry
->use_pmap
) {
4114 vm_map_offset_t start_unnest
, end_unnest
;
4117 * Make sure the range between the start of this entry and
4118 * the new "endaddr" is no longer nested before we clip.
4119 * Unnest only the minimum range the platform can handle.
4120 * vm_map_clip_unnest may perform additional adjustments to
4123 start_unnest
= entry
->vme_start
;
4125 (endaddr
+ pmap_nesting_size_min
- 1) &
4126 ~(pmap_nesting_size_min
- 1);
4127 vm_map_clip_unnest(map
, entry
, start_unnest
, end_unnest
);
4129 #endif /* NO_NESTED_PMAP */
4130 if (endaddr
< entry
->vme_end
) {
4131 if (VME_OBJECT(entry
) &&
4132 !entry
->is_sub_map
&&
4133 VME_OBJECT(entry
)->phys_contiguous
) {
4134 pmap_remove(map
->pmap
,
4135 (addr64_t
)(entry
->vme_start
),
4136 (addr64_t
)(entry
->vme_end
));
4138 _vm_map_clip_end(&map
->hdr
, entry
, endaddr
);
4139 if (map
->holelistenabled
) {
4140 vm_map_store_update_first_free(map
, NULL
, FALSE
);
4142 vm_map_store_update_first_free(map
, map
->first_free
, FALSE
);
4148 #define vm_map_copy_clip_end(copy, entry, endaddr) \
4150 if ((endaddr) < (entry)->vme_end) \
4151 _vm_map_clip_end(&(copy)->cpy_hdr,(entry),(endaddr)); \
4155 * This routine is called only when it is known that
4156 * the entry must be split.
4160 register struct vm_map_header
*map_header
,
4161 register vm_map_entry_t entry
,
4162 register vm_map_offset_t end
)
4164 register vm_map_entry_t new_entry
;
4167 * Create a new entry and insert it
4168 * AFTER the specified entry
4171 if (entry
->map_aligned
) {
4172 assert(VM_MAP_PAGE_ALIGNED(end
,
4173 VM_MAP_HDR_PAGE_MASK(map_header
)));
4176 new_entry
= _vm_map_entry_create(map_header
, !map_header
->entries_pageable
);
4177 vm_map_entry_copy_full(new_entry
, entry
);
4179 assert(entry
->vme_start
< end
);
4180 new_entry
->vme_start
= entry
->vme_end
= end
;
4181 VME_OFFSET_SET(new_entry
,
4182 VME_OFFSET(new_entry
) + (end
- entry
->vme_start
));
4183 assert(new_entry
->vme_start
< new_entry
->vme_end
);
4185 _vm_map_store_entry_link(map_header
, entry
, new_entry
);
4187 if (entry
->is_sub_map
)
4188 vm_map_reference(VME_SUBMAP(new_entry
));
4190 vm_object_reference(VME_OBJECT(new_entry
));
4195 * VM_MAP_RANGE_CHECK: [ internal use only ]
4197 * Asserts that the starting and ending region
4198 * addresses fall within the valid range of the map.
4200 #define VM_MAP_RANGE_CHECK(map, start, end) \
4202 if (start < vm_map_min(map)) \
4203 start = vm_map_min(map); \
4204 if (end > vm_map_max(map)) \
4205 end = vm_map_max(map); \
4211 * vm_map_range_check: [ internal use only ]
4213 * Check that the region defined by the specified start and
4214 * end addresses are wholly contained within a single map
4215 * entry or set of adjacent map entries of the spacified map,
4216 * i.e. the specified region contains no unmapped space.
4217 * If any or all of the region is unmapped, FALSE is returned.
4218 * Otherwise, TRUE is returned and if the output argument 'entry'
4219 * is not NULL it points to the map entry containing the start
4222 * The map is locked for reading on entry and is left locked.
4226 register vm_map_t map
,
4227 register vm_map_offset_t start
,
4228 register vm_map_offset_t end
,
4229 vm_map_entry_t
*entry
)
4232 register vm_map_offset_t prev
;
4235 * Basic sanity checks first
4237 if (start
< vm_map_min(map
) || end
> vm_map_max(map
) || start
> end
)
4241 * Check first if the region starts within a valid
4242 * mapping for the map.
4244 if (!vm_map_lookup_entry(map
, start
, &cur
))
4248 * Optimize for the case that the region is contained
4249 * in a single map entry.
4251 if (entry
!= (vm_map_entry_t
*) NULL
)
4253 if (end
<= cur
->vme_end
)
4257 * If the region is not wholly contained within a
4258 * single entry, walk the entries looking for holes.
4260 prev
= cur
->vme_end
;
4261 cur
= cur
->vme_next
;
4262 while ((cur
!= vm_map_to_entry(map
)) && (prev
== cur
->vme_start
)) {
4263 if (end
<= cur
->vme_end
)
4265 prev
= cur
->vme_end
;
4266 cur
= cur
->vme_next
;
4272 * vm_map_submap: [ kernel use only ]
4274 * Mark the given range as handled by a subordinate map.
4276 * This range must have been created with vm_map_find using
4277 * the vm_submap_object, and no other operations may have been
4278 * performed on this range prior to calling vm_map_submap.
4280 * Only a limited number of operations can be performed
4281 * within this rage after calling vm_map_submap:
4283 * [Don't try vm_map_copyin!]
4285 * To remove a submapping, one must first remove the
4286 * range from the superior map, and then destroy the
4287 * submap (if desired). [Better yet, don't try it.]
4292 vm_map_offset_t start
,
4293 vm_map_offset_t end
,
4295 vm_map_offset_t offset
,
4296 #ifdef NO_NESTED_PMAP
4298 #endif /* NO_NESTED_PMAP */
4301 vm_map_entry_t entry
;
4302 register kern_return_t result
= KERN_INVALID_ARGUMENT
;
4303 register vm_object_t object
;
4307 if (! vm_map_lookup_entry(map
, start
, &entry
)) {
4308 entry
= entry
->vme_next
;
4311 if (entry
== vm_map_to_entry(map
) ||
4312 entry
->is_sub_map
) {
4314 return KERN_INVALID_ARGUMENT
;
4317 vm_map_clip_start(map
, entry
, start
);
4318 vm_map_clip_end(map
, entry
, end
);
4320 if ((entry
->vme_start
== start
) && (entry
->vme_end
== end
) &&
4321 (!entry
->is_sub_map
) &&
4322 ((object
= VME_OBJECT(entry
)) == vm_submap_object
) &&
4323 (object
->resident_page_count
== 0) &&
4324 (object
->copy
== VM_OBJECT_NULL
) &&
4325 (object
->shadow
== VM_OBJECT_NULL
) &&
4326 (!object
->pager_created
)) {
4327 VME_OFFSET_SET(entry
, (vm_object_offset_t
)offset
);
4328 VME_OBJECT_SET(entry
, VM_OBJECT_NULL
);
4329 vm_object_deallocate(object
);
4330 entry
->is_sub_map
= TRUE
;
4331 entry
->use_pmap
= FALSE
;
4332 VME_SUBMAP_SET(entry
, submap
);
4333 vm_map_reference(submap
);
4334 if (submap
->mapped_in_other_pmaps
== FALSE
&&
4335 vm_map_pmap(submap
) != PMAP_NULL
&&
4336 vm_map_pmap(submap
) != vm_map_pmap(map
)) {
4338 * This submap is being mapped in a map
4339 * that uses a different pmap.
4340 * Set its "mapped_in_other_pmaps" flag
4341 * to indicate that we now need to
4342 * remove mappings from all pmaps rather
4343 * than just the submap's pmap.
4345 submap
->mapped_in_other_pmaps
= TRUE
;
4348 #ifndef NO_NESTED_PMAP
4350 /* nest if platform code will allow */
4351 if(submap
->pmap
== NULL
) {
4352 ledger_t ledger
= map
->pmap
->ledger
;
4353 submap
->pmap
= pmap_create(ledger
,
4354 (vm_map_size_t
) 0, FALSE
);
4355 if(submap
->pmap
== PMAP_NULL
) {
4357 return(KERN_NO_SPACE
);
4360 result
= pmap_nest(map
->pmap
,
4361 (VME_SUBMAP(entry
))->pmap
,
4364 (uint64_t)(end
- start
));
4366 panic("vm_map_submap: pmap_nest failed, rc = %08X\n", result
);
4367 entry
->use_pmap
= TRUE
;
4369 #else /* NO_NESTED_PMAP */
4370 pmap_remove(map
->pmap
, (addr64_t
)start
, (addr64_t
)end
);
4371 #endif /* NO_NESTED_PMAP */
4372 result
= KERN_SUCCESS
;
4383 * Sets the protection of the specified address
4384 * region in the target map. If "set_max" is
4385 * specified, the maximum protection is to be set;
4386 * otherwise, only the current protection is affected.
4390 register vm_map_t map
,
4391 register vm_map_offset_t start
,
4392 register vm_map_offset_t end
,
4393 register vm_prot_t new_prot
,
4394 register boolean_t set_max
)
4396 register vm_map_entry_t current
;
4397 register vm_map_offset_t prev
;
4398 vm_map_entry_t entry
;
4402 "vm_map_protect, 0x%X start 0x%X end 0x%X, new 0x%X %d",
4403 map
, start
, end
, new_prot
, set_max
);
4407 /* LP64todo - remove this check when vm_map_commpage64()
4408 * no longer has to stuff in a map_entry for the commpage
4409 * above the map's max_offset.
4411 if (start
>= map
->max_offset
) {
4413 return(KERN_INVALID_ADDRESS
);
4418 * Lookup the entry. If it doesn't start in a valid
4419 * entry, return an error.
4421 if (! vm_map_lookup_entry(map
, start
, &entry
)) {
4423 return(KERN_INVALID_ADDRESS
);
4426 if (entry
->superpage_size
&& (start
& (SUPERPAGE_SIZE
-1))) { /* extend request to whole entry */
4427 start
= SUPERPAGE_ROUND_DOWN(start
);
4432 if (entry
->superpage_size
)
4433 end
= SUPERPAGE_ROUND_UP(end
);
4436 * Make a first pass to check for protection and address
4441 prev
= current
->vme_start
;
4442 while ((current
!= vm_map_to_entry(map
)) &&
4443 (current
->vme_start
< end
)) {
4446 * If there is a hole, return an error.
4448 if (current
->vme_start
!= prev
) {
4450 return(KERN_INVALID_ADDRESS
);
4453 new_max
= current
->max_protection
;
4454 if(new_prot
& VM_PROT_COPY
) {
4455 new_max
|= VM_PROT_WRITE
;
4456 if ((new_prot
& (new_max
| VM_PROT_COPY
)) != new_prot
) {
4458 return(KERN_PROTECTION_FAILURE
);
4461 if ((new_prot
& new_max
) != new_prot
) {
4463 return(KERN_PROTECTION_FAILURE
);
4468 prev
= current
->vme_end
;
4469 current
= current
->vme_next
;
4473 return(KERN_INVALID_ADDRESS
);
4477 * Go back and fix up protections.
4478 * Clip to start here if the range starts within
4483 if (current
!= vm_map_to_entry(map
)) {
4484 /* clip and unnest if necessary */
4485 vm_map_clip_start(map
, current
, start
);
4488 while ((current
!= vm_map_to_entry(map
)) &&
4489 (current
->vme_start
< end
)) {
4493 vm_map_clip_end(map
, current
, end
);
4495 if (current
->is_sub_map
) {
4496 /* clipping did unnest if needed */
4497 assert(!current
->use_pmap
);
4500 old_prot
= current
->protection
;
4502 if(new_prot
& VM_PROT_COPY
) {
4503 /* caller is asking specifically to copy the */
4504 /* mapped data, this implies that max protection */
4505 /* will include write. Caller must be prepared */
4506 /* for loss of shared memory communication in the */
4507 /* target area after taking this step */
4509 if (current
->is_sub_map
== FALSE
&&
4510 VME_OBJECT(current
) == VM_OBJECT_NULL
) {
4511 VME_OBJECT_SET(current
,
4515 current
->vme_start
)));
4516 VME_OFFSET_SET(current
, 0);
4517 assert(current
->use_pmap
);
4519 assert(current
->wired_count
== 0);
4520 current
->needs_copy
= TRUE
;
4521 current
->max_protection
|= VM_PROT_WRITE
;
4525 current
->protection
=
4526 (current
->max_protection
=
4527 new_prot
& ~VM_PROT_COPY
) &
4530 current
->protection
= new_prot
& ~VM_PROT_COPY
;
4533 * Update physical map if necessary.
4534 * If the request is to turn off write protection,
4535 * we won't do it for real (in pmap). This is because
4536 * it would cause copy-on-write to fail. We've already
4537 * set, the new protection in the map, so if a
4538 * write-protect fault occurred, it will be fixed up
4539 * properly, COW or not.
4541 if (current
->protection
!= old_prot
) {
4542 /* Look one level in we support nested pmaps */
4543 /* from mapped submaps which are direct entries */
4548 prot
= current
->protection
& ~VM_PROT_WRITE
;
4550 if (override_nx(map
, VME_ALIAS(current
)) && prot
)
4551 prot
|= VM_PROT_EXECUTE
;
4554 if (current
->is_sub_map
&& current
->use_pmap
) {
4555 pmap_protect(VME_SUBMAP(current
)->pmap
,
4560 pmap_protect(map
->pmap
,
4566 current
= current
->vme_next
;
4570 while ((current
!= vm_map_to_entry(map
)) &&
4571 (current
->vme_start
<= end
)) {
4572 vm_map_simplify_entry(map
, current
);
4573 current
= current
->vme_next
;
4577 return(KERN_SUCCESS
);
4583 * Sets the inheritance of the specified address
4584 * range in the target map. Inheritance
4585 * affects how the map will be shared with
4586 * child maps at the time of vm_map_fork.
4590 register vm_map_t map
,
4591 register vm_map_offset_t start
,
4592 register vm_map_offset_t end
,
4593 register vm_inherit_t new_inheritance
)
4595 register vm_map_entry_t entry
;
4596 vm_map_entry_t temp_entry
;
4600 VM_MAP_RANGE_CHECK(map
, start
, end
);
4602 if (vm_map_lookup_entry(map
, start
, &temp_entry
)) {
4606 temp_entry
= temp_entry
->vme_next
;
4610 /* first check entire range for submaps which can't support the */
4611 /* given inheritance. */
4612 while ((entry
!= vm_map_to_entry(map
)) && (entry
->vme_start
< end
)) {
4613 if(entry
->is_sub_map
) {
4614 if(new_inheritance
== VM_INHERIT_COPY
) {
4616 return(KERN_INVALID_ARGUMENT
);
4620 entry
= entry
->vme_next
;
4624 if (entry
!= vm_map_to_entry(map
)) {
4625 /* clip and unnest if necessary */
4626 vm_map_clip_start(map
, entry
, start
);
4629 while ((entry
!= vm_map_to_entry(map
)) && (entry
->vme_start
< end
)) {
4630 vm_map_clip_end(map
, entry
, end
);
4631 if (entry
->is_sub_map
) {
4632 /* clip did unnest if needed */
4633 assert(!entry
->use_pmap
);
4636 entry
->inheritance
= new_inheritance
;
4638 entry
= entry
->vme_next
;
4642 return(KERN_SUCCESS
);
4646 * Update the accounting for the amount of wired memory in this map. If the user has
4647 * exceeded the defined limits, then we fail. Wiring on behalf of the kernel never fails.
4650 static kern_return_t
4653 vm_map_entry_t entry
,
4654 boolean_t user_wire
)
4659 unsigned int total_wire_count
= vm_page_wire_count
+ vm_lopage_free_count
;
4662 * We're wiring memory at the request of the user. Check if this is the first time the user is wiring
4666 if (entry
->user_wired_count
== 0) {
4667 size
= entry
->vme_end
- entry
->vme_start
;
4670 * Since this is the first time the user is wiring this map entry, check to see if we're
4671 * exceeding the user wire limits. There is a per map limit which is the smaller of either
4672 * the process's rlimit or the global vm_user_wire_limit which caps this value. There is also
4673 * a system-wide limit on the amount of memory all users can wire. If the user is over either
4674 * limit, then we fail.
4677 if(size
+ map
->user_wire_size
> MIN(map
->user_wire_limit
, vm_user_wire_limit
) ||
4678 size
+ ptoa_64(total_wire_count
) > vm_global_user_wire_limit
||
4679 size
+ ptoa_64(total_wire_count
) > max_mem
- vm_global_no_user_wire_amount
)
4680 return KERN_RESOURCE_SHORTAGE
;
4683 * The first time the user wires an entry, we also increment the wired_count and add this to
4684 * the total that has been wired in the map.
4687 if (entry
->wired_count
>= MAX_WIRE_COUNT
)
4688 return KERN_FAILURE
;
4690 entry
->wired_count
++;
4691 map
->user_wire_size
+= size
;
4694 if (entry
->user_wired_count
>= MAX_WIRE_COUNT
)
4695 return KERN_FAILURE
;
4697 entry
->user_wired_count
++;
4702 * The kernel's wiring the memory. Just bump the count and continue.
4705 if (entry
->wired_count
>= MAX_WIRE_COUNT
)
4706 panic("vm_map_wire: too many wirings");
4708 entry
->wired_count
++;
4711 return KERN_SUCCESS
;
4715 * Update the memory wiring accounting now that the given map entry is being unwired.
4719 subtract_wire_counts(
4721 vm_map_entry_t entry
,
4722 boolean_t user_wire
)
4728 * We're unwiring memory at the request of the user. See if we're removing the last user wire reference.
4731 if (entry
->user_wired_count
== 1) {
4734 * We're removing the last user wire reference. Decrement the wired_count and the total
4735 * user wired memory for this map.
4738 assert(entry
->wired_count
>= 1);
4739 entry
->wired_count
--;
4740 map
->user_wire_size
-= entry
->vme_end
- entry
->vme_start
;
4743 assert(entry
->user_wired_count
>= 1);
4744 entry
->user_wired_count
--;
4749 * The kernel is unwiring the memory. Just update the count.
4752 assert(entry
->wired_count
>= 1);
4753 entry
->wired_count
--;
4760 * Sets the pageability of the specified address range in the
4761 * target map as wired. Regions specified as not pageable require
4762 * locked-down physical memory and physical page maps. The
4763 * access_type variable indicates types of accesses that must not
4764 * generate page faults. This is checked against protection of
4765 * memory being locked-down.
4767 * The map must not be locked, but a reference must remain to the
4768 * map throughout the call.
4770 static kern_return_t
4772 register vm_map_t map
,
4773 register vm_map_offset_t start
,
4774 register vm_map_offset_t end
,
4775 register vm_prot_t caller_prot
,
4776 boolean_t user_wire
,
4778 vm_map_offset_t pmap_addr
,
4779 ppnum_t
*physpage_p
)
4781 register vm_map_entry_t entry
;
4782 register vm_prot_t access_type
;
4783 struct vm_map_entry
*first_entry
, tmp_entry
;
4785 register vm_map_offset_t s
,e
;
4787 boolean_t need_wakeup
;
4788 boolean_t main_map
= FALSE
;
4789 wait_interrupt_t interruptible_state
;
4790 thread_t cur_thread
;
4791 unsigned int last_timestamp
;
4793 boolean_t wire_and_extract
;
4795 access_type
= (caller_prot
& VM_PROT_ALL
);
4797 wire_and_extract
= FALSE
;
4798 if (physpage_p
!= NULL
) {
4800 * The caller wants the physical page number of the
4801 * wired page. We return only one physical page number
4802 * so this works for only one page at a time.
4804 if ((end
- start
) != PAGE_SIZE
) {
4805 return KERN_INVALID_ARGUMENT
;
4807 wire_and_extract
= TRUE
;
4812 if(map_pmap
== NULL
)
4814 last_timestamp
= map
->timestamp
;
4816 VM_MAP_RANGE_CHECK(map
, start
, end
);
4817 assert(page_aligned(start
));
4818 assert(page_aligned(end
));
4819 assert(VM_MAP_PAGE_ALIGNED(start
, VM_MAP_PAGE_MASK(map
)));
4820 assert(VM_MAP_PAGE_ALIGNED(end
, VM_MAP_PAGE_MASK(map
)));
4822 /* We wired what the caller asked for, zero pages */
4824 return KERN_SUCCESS
;
4827 need_wakeup
= FALSE
;
4828 cur_thread
= current_thread();
4833 if (vm_map_lookup_entry(map
, s
, &first_entry
)) {
4834 entry
= first_entry
;
4836 * vm_map_clip_start will be done later.
4837 * We don't want to unnest any nested submaps here !
4840 /* Start address is not in map */
4841 rc
= KERN_INVALID_ADDRESS
;
4845 while ((entry
!= vm_map_to_entry(map
)) && (s
< end
)) {
4847 * At this point, we have wired from "start" to "s".
4848 * We still need to wire from "s" to "end".
4850 * "entry" hasn't been clipped, so it could start before "s"
4851 * and/or end after "end".
4854 /* "e" is how far we want to wire in this entry */
4860 * If another thread is wiring/unwiring this entry then
4861 * block after informing other thread to wake us up.
4863 if (entry
->in_transition
) {
4864 wait_result_t wait_result
;
4867 * We have not clipped the entry. Make sure that
4868 * the start address is in range so that the lookup
4869 * below will succeed.
4870 * "s" is the current starting point: we've already
4871 * wired from "start" to "s" and we still have
4872 * to wire from "s" to "end".
4875 entry
->needs_wakeup
= TRUE
;
4878 * wake up anybody waiting on entries that we have
4882 vm_map_entry_wakeup(map
);
4883 need_wakeup
= FALSE
;
4886 * User wiring is interruptible
4888 wait_result
= vm_map_entry_wait(map
,
4889 (user_wire
) ? THREAD_ABORTSAFE
:
4891 if (user_wire
&& wait_result
== THREAD_INTERRUPTED
) {
4893 * undo the wirings we have done so far
4894 * We do not clear the needs_wakeup flag,
4895 * because we cannot tell if we were the
4903 * Cannot avoid a lookup here. reset timestamp.
4905 last_timestamp
= map
->timestamp
;
4908 * The entry could have been clipped, look it up again.
4909 * Worse that can happen is, it may not exist anymore.
4911 if (!vm_map_lookup_entry(map
, s
, &first_entry
)) {
4913 * User: undo everything upto the previous
4914 * entry. let vm_map_unwire worry about
4915 * checking the validity of the range.
4920 entry
= first_entry
;
4924 if (entry
->is_sub_map
) {
4925 vm_map_offset_t sub_start
;
4926 vm_map_offset_t sub_end
;
4927 vm_map_offset_t local_start
;
4928 vm_map_offset_t local_end
;
4931 if (wire_and_extract
) {
4933 * Wiring would result in copy-on-write
4934 * which would not be compatible with
4935 * the sharing we have with the original
4936 * provider of this memory.
4938 rc
= KERN_INVALID_ARGUMENT
;
4942 vm_map_clip_start(map
, entry
, s
);
4943 vm_map_clip_end(map
, entry
, end
);
4945 sub_start
= VME_OFFSET(entry
);
4946 sub_end
= entry
->vme_end
;
4947 sub_end
+= VME_OFFSET(entry
) - entry
->vme_start
;
4949 local_end
= entry
->vme_end
;
4950 if(map_pmap
== NULL
) {
4952 vm_object_offset_t offset
;
4955 vm_map_entry_t local_entry
;
4956 vm_map_version_t version
;
4957 vm_map_t lookup_map
;
4959 if(entry
->use_pmap
) {
4960 pmap
= VME_SUBMAP(entry
)->pmap
;
4961 /* ppc implementation requires that */
4962 /* submaps pmap address ranges line */
4963 /* up with parent map */
4965 pmap_addr
= sub_start
;
4973 if (entry
->wired_count
) {
4974 if ((rc
= add_wire_counts(map
, entry
, user_wire
)) != KERN_SUCCESS
)
4978 * The map was not unlocked:
4979 * no need to goto re-lookup.
4980 * Just go directly to next entry.
4982 entry
= entry
->vme_next
;
4983 s
= entry
->vme_start
;
4988 /* call vm_map_lookup_locked to */
4989 /* cause any needs copy to be */
4991 local_start
= entry
->vme_start
;
4993 vm_map_lock_write_to_read(map
);
4994 if(vm_map_lookup_locked(
4995 &lookup_map
, local_start
,
4997 OBJECT_LOCK_EXCLUSIVE
,
4999 &offset
, &prot
, &wired
,
5003 vm_map_unlock_read(lookup_map
);
5004 assert(map_pmap
== NULL
);
5005 vm_map_unwire(map
, start
,
5007 return(KERN_FAILURE
);
5009 vm_object_unlock(object
);
5010 if(real_map
!= lookup_map
)
5011 vm_map_unlock(real_map
);
5012 vm_map_unlock_read(lookup_map
);
5015 /* we unlocked, so must re-lookup */
5016 if (!vm_map_lookup_entry(map
,
5024 * entry could have been "simplified",
5027 entry
= local_entry
;
5028 assert(s
== local_start
);
5029 vm_map_clip_start(map
, entry
, s
);
5030 vm_map_clip_end(map
, entry
, end
);
5031 /* re-compute "e" */
5036 /* did we have a change of type? */
5037 if (!entry
->is_sub_map
) {
5038 last_timestamp
= map
->timestamp
;
5042 local_start
= entry
->vme_start
;
5046 if ((rc
= add_wire_counts(map
, entry
, user_wire
)) != KERN_SUCCESS
)
5049 entry
->in_transition
= TRUE
;
5052 rc
= vm_map_wire_nested(VME_SUBMAP(entry
),
5055 user_wire
, pmap
, pmap_addr
,
5060 * Find the entry again. It could have been clipped
5061 * after we unlocked the map.
5063 if (!vm_map_lookup_entry(map
, local_start
,
5065 panic("vm_map_wire: re-lookup failed");
5066 entry
= first_entry
;
5068 assert(local_start
== s
);
5069 /* re-compute "e" */
5074 last_timestamp
= map
->timestamp
;
5075 while ((entry
!= vm_map_to_entry(map
)) &&
5076 (entry
->vme_start
< e
)) {
5077 assert(entry
->in_transition
);
5078 entry
->in_transition
= FALSE
;
5079 if (entry
->needs_wakeup
) {
5080 entry
->needs_wakeup
= FALSE
;
5083 if (rc
!= KERN_SUCCESS
) {/* from vm_*_wire */
5084 subtract_wire_counts(map
, entry
, user_wire
);
5086 entry
= entry
->vme_next
;
5088 if (rc
!= KERN_SUCCESS
) { /* from vm_*_wire */
5092 /* no need to relookup again */
5093 s
= entry
->vme_start
;
5098 * If this entry is already wired then increment
5099 * the appropriate wire reference count.
5101 if (entry
->wired_count
) {
5103 if ((entry
->protection
& access_type
) != access_type
) {
5104 /* found a protection problem */
5108 * We should always return an error
5109 * in this case but since we didn't
5110 * enforce it before, let's do
5111 * it only for the new "wire_and_extract"
5112 * code path for now...
5114 if (wire_and_extract
) {
5115 rc
= KERN_PROTECTION_FAILURE
;
5121 * entry is already wired down, get our reference
5122 * after clipping to our range.
5124 vm_map_clip_start(map
, entry
, s
);
5125 vm_map_clip_end(map
, entry
, end
);
5127 if ((rc
= add_wire_counts(map
, entry
, user_wire
)) != KERN_SUCCESS
)
5130 if (wire_and_extract
) {
5132 vm_object_offset_t offset
;
5136 * We don't have to "wire" the page again
5137 * bit we still have to "extract" its
5138 * physical page number, after some sanity
5141 assert((entry
->vme_end
- entry
->vme_start
)
5143 assert(!entry
->needs_copy
);
5144 assert(!entry
->is_sub_map
);
5145 assert(VME_OBJECT(entry
));
5146 if (((entry
->vme_end
- entry
->vme_start
)
5148 entry
->needs_copy
||
5149 entry
->is_sub_map
||
5150 VME_OBJECT(entry
) == VM_OBJECT_NULL
) {
5151 rc
= KERN_INVALID_ARGUMENT
;
5155 object
= VME_OBJECT(entry
);
5156 offset
= VME_OFFSET(entry
);
5157 /* need exclusive lock to update m->dirty */
5158 if (entry
->protection
& VM_PROT_WRITE
) {
5159 vm_object_lock(object
);
5161 vm_object_lock_shared(object
);
5163 m
= vm_page_lookup(object
, offset
);
5164 assert(m
!= VM_PAGE_NULL
);
5165 assert(m
->wire_count
);
5166 if (m
!= VM_PAGE_NULL
&& m
->wire_count
) {
5167 *physpage_p
= m
->phys_page
;
5168 if (entry
->protection
& VM_PROT_WRITE
) {
5169 vm_object_lock_assert_exclusive(
5174 /* not already wired !? */
5177 vm_object_unlock(object
);
5180 /* map was not unlocked: no need to relookup */
5181 entry
= entry
->vme_next
;
5182 s
= entry
->vme_start
;
5187 * Unwired entry or wire request transmitted via submap
5192 * Perform actions of vm_map_lookup that need the write
5193 * lock on the map: create a shadow object for a
5194 * copy-on-write region, or an object for a zero-fill
5197 size
= entry
->vme_end
- entry
->vme_start
;
5199 * If wiring a copy-on-write page, we need to copy it now
5200 * even if we're only (currently) requesting read access.
5201 * This is aggressive, but once it's wired we can't move it.
5203 if (entry
->needs_copy
) {
5204 if (wire_and_extract
) {
5206 * We're supposed to share with the original
5207 * provider so should not be "needs_copy"
5209 rc
= KERN_INVALID_ARGUMENT
;
5213 VME_OBJECT_SHADOW(entry
, size
);
5214 entry
->needs_copy
= FALSE
;
5215 } else if (VME_OBJECT(entry
) == VM_OBJECT_NULL
) {
5216 if (wire_and_extract
) {
5218 * We're supposed to share with the original
5219 * provider so should already have an object.
5221 rc
= KERN_INVALID_ARGUMENT
;
5224 VME_OBJECT_SET(entry
, vm_object_allocate(size
));
5225 VME_OFFSET_SET(entry
, (vm_object_offset_t
)0);
5226 assert(entry
->use_pmap
);
5229 vm_map_clip_start(map
, entry
, s
);
5230 vm_map_clip_end(map
, entry
, end
);
5232 /* re-compute "e" */
5238 * Check for holes and protection mismatch.
5239 * Holes: Next entry should be contiguous unless this
5240 * is the end of the region.
5241 * Protection: Access requested must be allowed, unless
5242 * wiring is by protection class
5244 if ((entry
->vme_end
< end
) &&
5245 ((entry
->vme_next
== vm_map_to_entry(map
)) ||
5246 (entry
->vme_next
->vme_start
> entry
->vme_end
))) {
5248 rc
= KERN_INVALID_ADDRESS
;
5251 if ((entry
->protection
& access_type
) != access_type
) {
5252 /* found a protection problem */
5253 rc
= KERN_PROTECTION_FAILURE
;
5257 assert(entry
->wired_count
== 0 && entry
->user_wired_count
== 0);
5259 if ((rc
= add_wire_counts(map
, entry
, user_wire
)) != KERN_SUCCESS
)
5262 entry
->in_transition
= TRUE
;
5265 * This entry might get split once we unlock the map.
5266 * In vm_fault_wire(), we need the current range as
5267 * defined by this entry. In order for this to work
5268 * along with a simultaneous clip operation, we make a
5269 * temporary copy of this entry and use that for the
5270 * wiring. Note that the underlying objects do not
5271 * change during a clip.
5276 * The in_transition state guarentees that the entry
5277 * (or entries for this range, if split occured) will be
5278 * there when the map lock is acquired for the second time.
5282 if (!user_wire
&& cur_thread
!= THREAD_NULL
)
5283 interruptible_state
= thread_interrupt_level(THREAD_UNINT
);
5285 interruptible_state
= THREAD_UNINT
;
5288 rc
= vm_fault_wire(map
,
5289 &tmp_entry
, caller_prot
, map_pmap
, pmap_addr
,
5292 rc
= vm_fault_wire(map
,
5293 &tmp_entry
, caller_prot
, map
->pmap
,
5294 tmp_entry
.vme_start
,
5297 if (!user_wire
&& cur_thread
!= THREAD_NULL
)
5298 thread_interrupt_level(interruptible_state
);
5302 if (last_timestamp
+1 != map
->timestamp
) {
5304 * Find the entry again. It could have been clipped
5305 * after we unlocked the map.
5307 if (!vm_map_lookup_entry(map
, tmp_entry
.vme_start
,
5309 panic("vm_map_wire: re-lookup failed");
5311 entry
= first_entry
;
5314 last_timestamp
= map
->timestamp
;
5316 while ((entry
!= vm_map_to_entry(map
)) &&
5317 (entry
->vme_start
< tmp_entry
.vme_end
)) {
5318 assert(entry
->in_transition
);
5319 entry
->in_transition
= FALSE
;
5320 if (entry
->needs_wakeup
) {
5321 entry
->needs_wakeup
= FALSE
;
5324 if (rc
!= KERN_SUCCESS
) { /* from vm_*_wire */
5325 subtract_wire_counts(map
, entry
, user_wire
);
5327 entry
= entry
->vme_next
;
5330 if (rc
!= KERN_SUCCESS
) { /* from vm_*_wire */
5334 s
= entry
->vme_start
;
5335 } /* end while loop through map entries */
5338 if (rc
== KERN_SUCCESS
) {
5339 /* repair any damage we may have made to the VM map */
5340 vm_map_simplify_range(map
, start
, end
);
5346 * wake up anybody waiting on entries we wired.
5349 vm_map_entry_wakeup(map
);
5351 if (rc
!= KERN_SUCCESS
) {
5352 /* undo what has been wired so far */
5353 vm_map_unwire_nested(map
, start
, s
, user_wire
,
5354 map_pmap
, pmap_addr
);
5365 vm_map_wire_external(
5366 register vm_map_t map
,
5367 register vm_map_offset_t start
,
5368 register vm_map_offset_t end
,
5369 register vm_prot_t caller_prot
,
5370 boolean_t user_wire
)
5374 caller_prot
&= ~VM_PROT_MEMORY_TAG_MASK
;
5375 caller_prot
|= VM_PROT_MEMORY_TAG_MAKE(vm_tag_bt());
5376 kret
= vm_map_wire_nested(map
, start
, end
, caller_prot
,
5377 user_wire
, (pmap_t
)NULL
, 0, NULL
);
5383 register vm_map_t map
,
5384 register vm_map_offset_t start
,
5385 register vm_map_offset_t end
,
5386 register vm_prot_t caller_prot
,
5387 boolean_t user_wire
)
5391 kret
= vm_map_wire_nested(map
, start
, end
, caller_prot
,
5392 user_wire
, (pmap_t
)NULL
, 0, NULL
);
5397 vm_map_wire_and_extract_external(
5399 vm_map_offset_t start
,
5400 vm_prot_t caller_prot
,
5401 boolean_t user_wire
,
5402 ppnum_t
*physpage_p
)
5406 caller_prot
&= ~VM_PROT_MEMORY_TAG_MASK
;
5407 caller_prot
|= VM_PROT_MEMORY_TAG_MAKE(vm_tag_bt());
5408 kret
= vm_map_wire_nested(map
,
5410 start
+VM_MAP_PAGE_SIZE(map
),
5416 if (kret
!= KERN_SUCCESS
&&
5417 physpage_p
!= NULL
) {
5424 vm_map_wire_and_extract(
5426 vm_map_offset_t start
,
5427 vm_prot_t caller_prot
,
5428 boolean_t user_wire
,
5429 ppnum_t
*physpage_p
)
5433 kret
= vm_map_wire_nested(map
,
5435 start
+VM_MAP_PAGE_SIZE(map
),
5441 if (kret
!= KERN_SUCCESS
&&
5442 physpage_p
!= NULL
) {
5451 * Sets the pageability of the specified address range in the target
5452 * as pageable. Regions specified must have been wired previously.
5454 * The map must not be locked, but a reference must remain to the map
5455 * throughout the call.
5457 * Kernel will panic on failures. User unwire ignores holes and
5458 * unwired and intransition entries to avoid losing memory by leaving
5461 static kern_return_t
5462 vm_map_unwire_nested(
5463 register vm_map_t map
,
5464 register vm_map_offset_t start
,
5465 register vm_map_offset_t end
,
5466 boolean_t user_wire
,
5468 vm_map_offset_t pmap_addr
)
5470 register vm_map_entry_t entry
;
5471 struct vm_map_entry
*first_entry
, tmp_entry
;
5472 boolean_t need_wakeup
;
5473 boolean_t main_map
= FALSE
;
5474 unsigned int last_timestamp
;
5477 if(map_pmap
== NULL
)
5479 last_timestamp
= map
->timestamp
;
5481 VM_MAP_RANGE_CHECK(map
, start
, end
);
5482 assert(page_aligned(start
));
5483 assert(page_aligned(end
));
5484 assert(VM_MAP_PAGE_ALIGNED(start
, VM_MAP_PAGE_MASK(map
)));
5485 assert(VM_MAP_PAGE_ALIGNED(end
, VM_MAP_PAGE_MASK(map
)));
5488 /* We unwired what the caller asked for: zero pages */
5490 return KERN_SUCCESS
;
5493 if (vm_map_lookup_entry(map
, start
, &first_entry
)) {
5494 entry
= first_entry
;
5496 * vm_map_clip_start will be done later.
5497 * We don't want to unnest any nested sub maps here !
5502 panic("vm_map_unwire: start not found");
5504 /* Start address is not in map. */
5506 return(KERN_INVALID_ADDRESS
);
5509 if (entry
->superpage_size
) {
5510 /* superpages are always wired */
5512 return KERN_INVALID_ADDRESS
;
5515 need_wakeup
= FALSE
;
5516 while ((entry
!= vm_map_to_entry(map
)) && (entry
->vme_start
< end
)) {
5517 if (entry
->in_transition
) {
5520 * Another thread is wiring down this entry. Note
5521 * that if it is not for the other thread we would
5522 * be unwiring an unwired entry. This is not
5523 * permitted. If we wait, we will be unwiring memory
5527 * Another thread is unwiring this entry. We did not
5528 * have a reference to it, because if we did, this
5529 * entry will not be getting unwired now.
5534 * This could happen: there could be some
5535 * overlapping vslock/vsunlock operations
5537 * We should probably just wait and retry,
5538 * but then we have to be careful that this
5539 * entry could get "simplified" after
5540 * "in_transition" gets unset and before
5541 * we re-lookup the entry, so we would
5542 * have to re-clip the entry to avoid
5543 * re-unwiring what we have already unwired...
5544 * See vm_map_wire_nested().
5546 * Or we could just ignore "in_transition"
5547 * here and proceed to decement the wired
5548 * count(s) on this entry. That should be fine
5549 * as long as "wired_count" doesn't drop all
5550 * the way to 0 (and we should panic if THAT
5553 panic("vm_map_unwire: in_transition entry");
5556 entry
= entry
->vme_next
;
5560 if (entry
->is_sub_map
) {
5561 vm_map_offset_t sub_start
;
5562 vm_map_offset_t sub_end
;
5563 vm_map_offset_t local_end
;
5566 vm_map_clip_start(map
, entry
, start
);
5567 vm_map_clip_end(map
, entry
, end
);
5569 sub_start
= VME_OFFSET(entry
);
5570 sub_end
= entry
->vme_end
- entry
->vme_start
;
5571 sub_end
+= VME_OFFSET(entry
);
5572 local_end
= entry
->vme_end
;
5573 if(map_pmap
== NULL
) {
5574 if(entry
->use_pmap
) {
5575 pmap
= VME_SUBMAP(entry
)->pmap
;
5576 pmap_addr
= sub_start
;
5581 if (entry
->wired_count
== 0 ||
5582 (user_wire
&& entry
->user_wired_count
== 0)) {
5584 panic("vm_map_unwire: entry is unwired");
5585 entry
= entry
->vme_next
;
5591 * Holes: Next entry should be contiguous unless
5592 * this is the end of the region.
5594 if (((entry
->vme_end
< end
) &&
5595 ((entry
->vme_next
== vm_map_to_entry(map
)) ||
5596 (entry
->vme_next
->vme_start
5597 > entry
->vme_end
)))) {
5599 panic("vm_map_unwire: non-contiguous region");
5601 entry = entry->vme_next;
5606 subtract_wire_counts(map
, entry
, user_wire
);
5608 if (entry
->wired_count
!= 0) {
5609 entry
= entry
->vme_next
;
5613 entry
->in_transition
= TRUE
;
5614 tmp_entry
= *entry
;/* see comment in vm_map_wire() */
5617 * We can unlock the map now. The in_transition state
5618 * guarantees existance of the entry.
5621 vm_map_unwire_nested(VME_SUBMAP(entry
),
5622 sub_start
, sub_end
, user_wire
, pmap
, pmap_addr
);
5625 if (last_timestamp
+1 != map
->timestamp
) {
5627 * Find the entry again. It could have been
5628 * clipped or deleted after we unlocked the map.
5630 if (!vm_map_lookup_entry(map
,
5631 tmp_entry
.vme_start
,
5634 panic("vm_map_unwire: re-lookup failed");
5635 entry
= first_entry
->vme_next
;
5637 entry
= first_entry
;
5639 last_timestamp
= map
->timestamp
;
5642 * clear transition bit for all constituent entries
5643 * that were in the original entry (saved in
5644 * tmp_entry). Also check for waiters.
5646 while ((entry
!= vm_map_to_entry(map
)) &&
5647 (entry
->vme_start
< tmp_entry
.vme_end
)) {
5648 assert(entry
->in_transition
);
5649 entry
->in_transition
= FALSE
;
5650 if (entry
->needs_wakeup
) {
5651 entry
->needs_wakeup
= FALSE
;
5654 entry
= entry
->vme_next
;
5659 vm_map_unwire_nested(VME_SUBMAP(entry
),
5660 sub_start
, sub_end
, user_wire
, map_pmap
,
5664 if (last_timestamp
+1 != map
->timestamp
) {
5666 * Find the entry again. It could have been
5667 * clipped or deleted after we unlocked the map.
5669 if (!vm_map_lookup_entry(map
,
5670 tmp_entry
.vme_start
,
5673 panic("vm_map_unwire: re-lookup failed");
5674 entry
= first_entry
->vme_next
;
5676 entry
= first_entry
;
5678 last_timestamp
= map
->timestamp
;
5683 if ((entry
->wired_count
== 0) ||
5684 (user_wire
&& entry
->user_wired_count
== 0)) {
5686 panic("vm_map_unwire: entry is unwired");
5688 entry
= entry
->vme_next
;
5692 assert(entry
->wired_count
> 0 &&
5693 (!user_wire
|| entry
->user_wired_count
> 0));
5695 vm_map_clip_start(map
, entry
, start
);
5696 vm_map_clip_end(map
, entry
, end
);
5700 * Holes: Next entry should be contiguous unless
5701 * this is the end of the region.
5703 if (((entry
->vme_end
< end
) &&
5704 ((entry
->vme_next
== vm_map_to_entry(map
)) ||
5705 (entry
->vme_next
->vme_start
> entry
->vme_end
)))) {
5708 panic("vm_map_unwire: non-contiguous region");
5709 entry
= entry
->vme_next
;
5713 subtract_wire_counts(map
, entry
, user_wire
);
5715 if (entry
->wired_count
!= 0) {
5716 entry
= entry
->vme_next
;
5720 if(entry
->zero_wired_pages
) {
5721 entry
->zero_wired_pages
= FALSE
;
5724 entry
->in_transition
= TRUE
;
5725 tmp_entry
= *entry
; /* see comment in vm_map_wire() */
5728 * We can unlock the map now. The in_transition state
5729 * guarantees existance of the entry.
5733 vm_fault_unwire(map
,
5734 &tmp_entry
, FALSE
, map_pmap
, pmap_addr
);
5736 vm_fault_unwire(map
,
5737 &tmp_entry
, FALSE
, map
->pmap
,
5738 tmp_entry
.vme_start
);
5742 if (last_timestamp
+1 != map
->timestamp
) {
5744 * Find the entry again. It could have been clipped
5745 * or deleted after we unlocked the map.
5747 if (!vm_map_lookup_entry(map
, tmp_entry
.vme_start
,
5750 panic("vm_map_unwire: re-lookup failed");
5751 entry
= first_entry
->vme_next
;
5753 entry
= first_entry
;
5755 last_timestamp
= map
->timestamp
;
5758 * clear transition bit for all constituent entries that
5759 * were in the original entry (saved in tmp_entry). Also
5760 * check for waiters.
5762 while ((entry
!= vm_map_to_entry(map
)) &&
5763 (entry
->vme_start
< tmp_entry
.vme_end
)) {
5764 assert(entry
->in_transition
);
5765 entry
->in_transition
= FALSE
;
5766 if (entry
->needs_wakeup
) {
5767 entry
->needs_wakeup
= FALSE
;
5770 entry
= entry
->vme_next
;
5775 * We might have fragmented the address space when we wired this
5776 * range of addresses. Attempt to re-coalesce these VM map entries
5777 * with their neighbors now that they're no longer wired.
5778 * Under some circumstances, address space fragmentation can
5779 * prevent VM object shadow chain collapsing, which can cause
5782 vm_map_simplify_range(map
, start
, end
);
5786 * wake up anybody waiting on entries that we have unwired.
5789 vm_map_entry_wakeup(map
);
5790 return(KERN_SUCCESS
);
5796 register vm_map_t map
,
5797 register vm_map_offset_t start
,
5798 register vm_map_offset_t end
,
5799 boolean_t user_wire
)
5801 return vm_map_unwire_nested(map
, start
, end
,
5802 user_wire
, (pmap_t
)NULL
, 0);
5807 * vm_map_entry_delete: [ internal use only ]
5809 * Deallocate the given entry from the target map.
5812 vm_map_entry_delete(
5813 register vm_map_t map
,
5814 register vm_map_entry_t entry
)
5816 register vm_map_offset_t s
, e
;
5817 register vm_object_t object
;
5818 register vm_map_t submap
;
5820 s
= entry
->vme_start
;
5822 assert(page_aligned(s
));
5823 assert(page_aligned(e
));
5824 if (entry
->map_aligned
== TRUE
) {
5825 assert(VM_MAP_PAGE_ALIGNED(s
, VM_MAP_PAGE_MASK(map
)));
5826 assert(VM_MAP_PAGE_ALIGNED(e
, VM_MAP_PAGE_MASK(map
)));
5828 assert(entry
->wired_count
== 0);
5829 assert(entry
->user_wired_count
== 0);
5830 assert(!entry
->permanent
);
5832 if (entry
->is_sub_map
) {
5834 submap
= VME_SUBMAP(entry
);
5837 object
= VME_OBJECT(entry
);
5840 vm_map_store_entry_unlink(map
, entry
);
5843 vm_map_entry_dispose(map
, entry
);
5847 * Deallocate the object only after removing all
5848 * pmap entries pointing to its pages.
5851 vm_map_deallocate(submap
);
5853 vm_object_deallocate(object
);
5858 vm_map_submap_pmap_clean(
5860 vm_map_offset_t start
,
5861 vm_map_offset_t end
,
5863 vm_map_offset_t offset
)
5865 vm_map_offset_t submap_start
;
5866 vm_map_offset_t submap_end
;
5867 vm_map_size_t remove_size
;
5868 vm_map_entry_t entry
;
5870 submap_end
= offset
+ (end
- start
);
5871 submap_start
= offset
;
5873 vm_map_lock_read(sub_map
);
5874 if(vm_map_lookup_entry(sub_map
, offset
, &entry
)) {
5876 remove_size
= (entry
->vme_end
- entry
->vme_start
);
5877 if(offset
> entry
->vme_start
)
5878 remove_size
-= offset
- entry
->vme_start
;
5881 if(submap_end
< entry
->vme_end
) {
5883 entry
->vme_end
- submap_end
;
5885 if(entry
->is_sub_map
) {
5886 vm_map_submap_pmap_clean(
5889 start
+ remove_size
,
5894 if((map
->mapped_in_other_pmaps
) && (map
->ref_count
)
5895 && (VME_OBJECT(entry
) != NULL
)) {
5896 vm_object_pmap_protect_options(
5898 (VME_OFFSET(entry
) +
5905 PMAP_OPTIONS_REMOVE
);
5907 pmap_remove(map
->pmap
,
5909 (addr64_t
)(start
+ remove_size
));
5914 entry
= entry
->vme_next
;
5916 while((entry
!= vm_map_to_entry(sub_map
))
5917 && (entry
->vme_start
< submap_end
)) {
5918 remove_size
= (entry
->vme_end
- entry
->vme_start
);
5919 if(submap_end
< entry
->vme_end
) {
5920 remove_size
-= entry
->vme_end
- submap_end
;
5922 if(entry
->is_sub_map
) {
5923 vm_map_submap_pmap_clean(
5925 (start
+ entry
->vme_start
) - offset
,
5926 ((start
+ entry
->vme_start
) - offset
) + remove_size
,
5930 if((map
->mapped_in_other_pmaps
) && (map
->ref_count
)
5931 && (VME_OBJECT(entry
) != NULL
)) {
5932 vm_object_pmap_protect_options(
5939 PMAP_OPTIONS_REMOVE
);
5941 pmap_remove(map
->pmap
,
5942 (addr64_t
)((start
+ entry
->vme_start
)
5944 (addr64_t
)(((start
+ entry
->vme_start
)
5945 - offset
) + remove_size
));
5948 entry
= entry
->vme_next
;
5950 vm_map_unlock_read(sub_map
);
5955 * vm_map_delete: [ internal use only ]
5957 * Deallocates the given address range from the target map.
5958 * Removes all user wirings. Unwires one kernel wiring if
5959 * VM_MAP_REMOVE_KUNWIRE is set. Waits for kernel wirings to go
5960 * away if VM_MAP_REMOVE_WAIT_FOR_KWIRE is set. Sleeps
5961 * interruptibly if VM_MAP_REMOVE_INTERRUPTIBLE is set.
5963 * This routine is called with map locked and leaves map locked.
5965 static kern_return_t
5968 vm_map_offset_t start
,
5969 vm_map_offset_t end
,
5973 vm_map_entry_t entry
, next
;
5974 struct vm_map_entry
*first_entry
, tmp_entry
;
5975 register vm_map_offset_t s
;
5976 register vm_object_t object
;
5977 boolean_t need_wakeup
;
5978 unsigned int last_timestamp
= ~0; /* unlikely value */
5981 interruptible
= (flags
& VM_MAP_REMOVE_INTERRUPTIBLE
) ?
5982 THREAD_ABORTSAFE
: THREAD_UNINT
;
5985 * All our DMA I/O operations in IOKit are currently done by
5986 * wiring through the map entries of the task requesting the I/O.
5987 * Because of this, we must always wait for kernel wirings
5988 * to go away on the entries before deleting them.
5990 * Any caller who wants to actually remove a kernel wiring
5991 * should explicitly set the VM_MAP_REMOVE_KUNWIRE flag to
5992 * properly remove one wiring instead of blasting through
5995 flags
|= VM_MAP_REMOVE_WAIT_FOR_KWIRE
;
5999 * Find the start of the region, and clip it
6001 if (vm_map_lookup_entry(map
, start
, &first_entry
)) {
6002 entry
= first_entry
;
6003 if (map
== kalloc_map
&&
6004 (entry
->vme_start
!= start
||
6005 entry
->vme_end
!= end
)) {
6006 panic("vm_map_delete(%p,0x%llx,0x%llx): "
6007 "mismatched entry %p [0x%llx:0x%llx]\n",
6012 (uint64_t)entry
->vme_start
,
6013 (uint64_t)entry
->vme_end
);
6015 if (entry
->superpage_size
&& (start
& ~SUPERPAGE_MASK
)) { /* extend request to whole entry */ start
= SUPERPAGE_ROUND_DOWN(start
);
6016 start
= SUPERPAGE_ROUND_DOWN(start
);
6019 if (start
== entry
->vme_start
) {
6021 * No need to clip. We don't want to cause
6022 * any unnecessary unnesting in this case...
6025 if ((flags
& VM_MAP_REMOVE_NO_MAP_ALIGN
) &&
6026 entry
->map_aligned
&&
6027 !VM_MAP_PAGE_ALIGNED(
6029 VM_MAP_PAGE_MASK(map
))) {
6031 * The entry will no longer be
6032 * map-aligned after clipping
6033 * and the caller said it's OK.
6035 entry
->map_aligned
= FALSE
;
6037 if (map
== kalloc_map
) {
6038 panic("vm_map_delete(%p,0x%llx,0x%llx):"
6039 " clipping %p at 0x%llx\n",
6046 vm_map_clip_start(map
, entry
, start
);
6050 * Fix the lookup hint now, rather than each
6051 * time through the loop.
6053 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6055 if (map
->pmap
== kernel_pmap
&&
6056 map
->ref_count
!= 0) {
6057 panic("vm_map_delete(%p,0x%llx,0x%llx): "
6058 "no map entry at 0x%llx\n",
6064 entry
= first_entry
->vme_next
;
6068 if (entry
->superpage_size
)
6069 end
= SUPERPAGE_ROUND_UP(end
);
6071 need_wakeup
= FALSE
;
6073 * Step through all entries in this region
6075 s
= entry
->vme_start
;
6076 while ((entry
!= vm_map_to_entry(map
)) && (s
< end
)) {
6078 * At this point, we have deleted all the memory entries
6079 * between "start" and "s". We still need to delete
6080 * all memory entries between "s" and "end".
6081 * While we were blocked and the map was unlocked, some
6082 * new memory entries could have been re-allocated between
6083 * "start" and "s" and we don't want to mess with those.
6084 * Some of those entries could even have been re-assembled
6085 * with an entry after "s" (in vm_map_simplify_entry()), so
6086 * we may have to vm_map_clip_start() again.
6089 if (entry
->vme_start
>= s
) {
6091 * This entry starts on or after "s"
6092 * so no need to clip its start.
6096 * This entry has been re-assembled by a
6097 * vm_map_simplify_entry(). We need to
6098 * re-clip its start.
6100 if ((flags
& VM_MAP_REMOVE_NO_MAP_ALIGN
) &&
6101 entry
->map_aligned
&&
6102 !VM_MAP_PAGE_ALIGNED(s
,
6103 VM_MAP_PAGE_MASK(map
))) {
6105 * The entry will no longer be map-aligned
6106 * after clipping and the caller said it's OK.
6108 entry
->map_aligned
= FALSE
;
6110 if (map
== kalloc_map
) {
6111 panic("vm_map_delete(%p,0x%llx,0x%llx): "
6112 "clipping %p at 0x%llx\n",
6119 vm_map_clip_start(map
, entry
, s
);
6121 if (entry
->vme_end
<= end
) {
6123 * This entry is going away completely, so no need
6124 * to clip and possibly cause an unnecessary unnesting.
6127 if ((flags
& VM_MAP_REMOVE_NO_MAP_ALIGN
) &&
6128 entry
->map_aligned
&&
6129 !VM_MAP_PAGE_ALIGNED(end
,
6130 VM_MAP_PAGE_MASK(map
))) {
6132 * The entry will no longer be map-aligned
6133 * after clipping and the caller said it's OK.
6135 entry
->map_aligned
= FALSE
;
6137 if (map
== kalloc_map
) {
6138 panic("vm_map_delete(%p,0x%llx,0x%llx): "
6139 "clipping %p at 0x%llx\n",
6146 vm_map_clip_end(map
, entry
, end
);
6149 if (entry
->permanent
) {
6150 panic("attempt to remove permanent VM map entry "
6151 "%p [0x%llx:0x%llx]\n",
6152 entry
, (uint64_t) s
, (uint64_t) end
);
6156 if (entry
->in_transition
) {
6157 wait_result_t wait_result
;
6160 * Another thread is wiring/unwiring this entry.
6161 * Let the other thread know we are waiting.
6163 assert(s
== entry
->vme_start
);
6164 entry
->needs_wakeup
= TRUE
;
6167 * wake up anybody waiting on entries that we have
6168 * already unwired/deleted.
6171 vm_map_entry_wakeup(map
);
6172 need_wakeup
= FALSE
;
6175 wait_result
= vm_map_entry_wait(map
, interruptible
);
6177 if (interruptible
&&
6178 wait_result
== THREAD_INTERRUPTED
) {
6180 * We do not clear the needs_wakeup flag,
6181 * since we cannot tell if we were the only one.
6183 return KERN_ABORTED
;
6187 * The entry could have been clipped or it
6188 * may not exist anymore. Look it up again.
6190 if (!vm_map_lookup_entry(map
, s
, &first_entry
)) {
6192 * User: use the next entry
6194 entry
= first_entry
->vme_next
;
6195 s
= entry
->vme_start
;
6197 entry
= first_entry
;
6198 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6200 last_timestamp
= map
->timestamp
;
6202 } /* end in_transition */
6204 if (entry
->wired_count
) {
6205 boolean_t user_wire
;
6207 user_wire
= entry
->user_wired_count
> 0;
6210 * Remove a kernel wiring if requested
6212 if (flags
& VM_MAP_REMOVE_KUNWIRE
) {
6213 entry
->wired_count
--;
6217 * Remove all user wirings for proper accounting
6219 if (entry
->user_wired_count
> 0) {
6220 while (entry
->user_wired_count
)
6221 subtract_wire_counts(map
, entry
, user_wire
);
6224 if (entry
->wired_count
!= 0) {
6225 assert(map
!= kernel_map
);
6227 * Cannot continue. Typical case is when
6228 * a user thread has physical io pending on
6229 * on this page. Either wait for the
6230 * kernel wiring to go away or return an
6233 if (flags
& VM_MAP_REMOVE_WAIT_FOR_KWIRE
) {
6234 wait_result_t wait_result
;
6236 assert(s
== entry
->vme_start
);
6237 entry
->needs_wakeup
= TRUE
;
6238 wait_result
= vm_map_entry_wait(map
,
6241 if (interruptible
&&
6242 wait_result
== THREAD_INTERRUPTED
) {
6244 * We do not clear the
6245 * needs_wakeup flag, since we
6246 * cannot tell if we were the
6249 return KERN_ABORTED
;
6253 * The entry could have been clipped or
6254 * it may not exist anymore. Look it
6257 if (!vm_map_lookup_entry(map
, s
,
6259 assert(map
!= kernel_map
);
6261 * User: use the next entry
6263 entry
= first_entry
->vme_next
;
6264 s
= entry
->vme_start
;
6266 entry
= first_entry
;
6267 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6269 last_timestamp
= map
->timestamp
;
6273 return KERN_FAILURE
;
6277 entry
->in_transition
= TRUE
;
6279 * copy current entry. see comment in vm_map_wire()
6282 assert(s
== entry
->vme_start
);
6285 * We can unlock the map now. The in_transition
6286 * state guarentees existance of the entry.
6290 if (tmp_entry
.is_sub_map
) {
6292 vm_map_offset_t sub_start
, sub_end
;
6294 vm_map_offset_t pmap_addr
;
6297 sub_map
= VME_SUBMAP(&tmp_entry
);
6298 sub_start
= VME_OFFSET(&tmp_entry
);
6299 sub_end
= sub_start
+ (tmp_entry
.vme_end
-
6300 tmp_entry
.vme_start
);
6301 if (tmp_entry
.use_pmap
) {
6302 pmap
= sub_map
->pmap
;
6303 pmap_addr
= tmp_entry
.vme_start
;
6306 pmap_addr
= tmp_entry
.vme_start
;
6308 (void) vm_map_unwire_nested(sub_map
,
6314 if (VME_OBJECT(&tmp_entry
) == kernel_object
) {
6315 pmap_protect_options(
6317 tmp_entry
.vme_start
,
6320 PMAP_OPTIONS_REMOVE
,
6323 vm_fault_unwire(map
, &tmp_entry
,
6324 VME_OBJECT(&tmp_entry
) == kernel_object
,
6325 map
->pmap
, tmp_entry
.vme_start
);
6330 if (last_timestamp
+1 != map
->timestamp
) {
6332 * Find the entry again. It could have
6333 * been clipped after we unlocked the map.
6335 if (!vm_map_lookup_entry(map
, s
, &first_entry
)){
6336 assert((map
!= kernel_map
) &&
6337 (!entry
->is_sub_map
));
6338 first_entry
= first_entry
->vme_next
;
6339 s
= first_entry
->vme_start
;
6341 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6344 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6345 first_entry
= entry
;
6348 last_timestamp
= map
->timestamp
;
6350 entry
= first_entry
;
6351 while ((entry
!= vm_map_to_entry(map
)) &&
6352 (entry
->vme_start
< tmp_entry
.vme_end
)) {
6353 assert(entry
->in_transition
);
6354 entry
->in_transition
= FALSE
;
6355 if (entry
->needs_wakeup
) {
6356 entry
->needs_wakeup
= FALSE
;
6359 entry
= entry
->vme_next
;
6362 * We have unwired the entry(s). Go back and
6365 entry
= first_entry
;
6369 /* entry is unwired */
6370 assert(entry
->wired_count
== 0);
6371 assert(entry
->user_wired_count
== 0);
6373 assert(s
== entry
->vme_start
);
6375 if (flags
& VM_MAP_REMOVE_NO_PMAP_CLEANUP
) {
6377 * XXX with the VM_MAP_REMOVE_SAVE_ENTRIES flag to
6378 * vm_map_delete(), some map entries might have been
6379 * transferred to a "zap_map", which doesn't have a
6380 * pmap. The original pmap has already been flushed
6381 * in the vm_map_delete() call targeting the original
6382 * map, but when we get to destroying the "zap_map",
6383 * we don't have any pmap to flush, so let's just skip
6386 } else if (entry
->is_sub_map
) {
6387 if (entry
->use_pmap
) {
6388 #ifndef NO_NESTED_PMAP
6391 if (flags
& VM_MAP_REMOVE_NO_UNNESTING
) {
6393 * This is the final cleanup of the
6394 * address space being terminated.
6395 * No new mappings are expected and
6396 * we don't really need to unnest the
6397 * shared region (and lose the "global"
6398 * pmap mappings, if applicable).
6400 * Tell the pmap layer that we're
6401 * "clean" wrt nesting.
6403 pmap_flags
= PMAP_UNNEST_CLEAN
;
6406 * We're unmapping part of the nested
6407 * shared region, so we can't keep the
6412 pmap_unnest_options(
6414 (addr64_t
)entry
->vme_start
,
6415 entry
->vme_end
- entry
->vme_start
,
6417 #endif /* NO_NESTED_PMAP */
6418 if ((map
->mapped_in_other_pmaps
) && (map
->ref_count
)) {
6419 /* clean up parent map/maps */
6420 vm_map_submap_pmap_clean(
6421 map
, entry
->vme_start
,
6427 vm_map_submap_pmap_clean(
6428 map
, entry
->vme_start
, entry
->vme_end
,
6432 } else if (VME_OBJECT(entry
) != kernel_object
&&
6433 VME_OBJECT(entry
) != compressor_object
) {
6434 object
= VME_OBJECT(entry
);
6435 if ((map
->mapped_in_other_pmaps
) && (map
->ref_count
)) {
6436 vm_object_pmap_protect_options(
6437 object
, VME_OFFSET(entry
),
6438 entry
->vme_end
- entry
->vme_start
,
6442 PMAP_OPTIONS_REMOVE
);
6443 } else if ((VME_OBJECT(entry
) != VM_OBJECT_NULL
) ||
6444 (map
->pmap
== kernel_pmap
)) {
6445 /* Remove translations associated
6446 * with this range unless the entry
6447 * does not have an object, or
6448 * it's the kernel map or a descendant
6449 * since the platform could potentially
6450 * create "backdoor" mappings invisible
6451 * to the VM. It is expected that
6452 * objectless, non-kernel ranges
6453 * do not have such VM invisible
6456 pmap_remove_options(map
->pmap
,
6457 (addr64_t
)entry
->vme_start
,
6458 (addr64_t
)entry
->vme_end
,
6459 PMAP_OPTIONS_REMOVE
);
6463 if (entry
->iokit_acct
) {
6464 /* alternate accounting */
6465 vm_map_iokit_unmapped_region(map
,
6468 entry
->iokit_acct
= FALSE
;
6472 * All pmap mappings for this map entry must have been
6476 assert(vm_map_pmap_is_empty(map
,
6481 next
= entry
->vme_next
;
6483 if (map
->pmap
== kernel_pmap
&&
6484 map
->ref_count
!= 0 &&
6485 entry
->vme_end
< end
&&
6486 (next
== vm_map_to_entry(map
) ||
6487 next
->vme_start
!= entry
->vme_end
)) {
6488 panic("vm_map_delete(%p,0x%llx,0x%llx): "
6489 "hole after %p at 0x%llx\n",
6494 (uint64_t)entry
->vme_end
);
6497 s
= next
->vme_start
;
6498 last_timestamp
= map
->timestamp
;
6500 if ((flags
& VM_MAP_REMOVE_SAVE_ENTRIES
) &&
6501 zap_map
!= VM_MAP_NULL
) {
6502 vm_map_size_t entry_size
;
6504 * The caller wants to save the affected VM map entries
6505 * into the "zap_map". The caller will take care of
6508 /* unlink the entry from "map" ... */
6509 vm_map_store_entry_unlink(map
, entry
);
6510 /* ... and add it to the end of the "zap_map" */
6511 vm_map_store_entry_link(zap_map
,
6512 vm_map_last_entry(zap_map
),
6514 entry_size
= entry
->vme_end
- entry
->vme_start
;
6515 map
->size
-= entry_size
;
6516 zap_map
->size
+= entry_size
;
6517 /* we didn't unlock the map, so no timestamp increase */
6520 vm_map_entry_delete(map
, entry
);
6521 /* vm_map_entry_delete unlocks the map */
6527 if(entry
== vm_map_to_entry(map
)) {
6530 if (last_timestamp
+1 != map
->timestamp
) {
6532 * we are responsible for deleting everything
6533 * from the give space, if someone has interfered
6534 * we pick up where we left off, back fills should
6535 * be all right for anyone except map_delete and
6536 * we have to assume that the task has been fully
6537 * disabled before we get here
6539 if (!vm_map_lookup_entry(map
, s
, &entry
)){
6540 entry
= entry
->vme_next
;
6541 s
= entry
->vme_start
;
6543 SAVE_HINT_MAP_WRITE(map
, entry
->vme_prev
);
6546 * others can not only allocate behind us, we can
6547 * also see coalesce while we don't have the map lock
6549 if(entry
== vm_map_to_entry(map
)) {
6553 last_timestamp
= map
->timestamp
;
6556 if (map
->wait_for_space
)
6557 thread_wakeup((event_t
) map
);
6559 * wake up anybody waiting on entries that we have already deleted.
6562 vm_map_entry_wakeup(map
);
6564 return KERN_SUCCESS
;
6570 * Remove the given address range from the target map.
6571 * This is the exported form of vm_map_delete.
6575 register vm_map_t map
,
6576 register vm_map_offset_t start
,
6577 register vm_map_offset_t end
,
6578 register boolean_t flags
)
6580 register kern_return_t result
;
6583 VM_MAP_RANGE_CHECK(map
, start
, end
);
6585 * For the zone_map, the kernel controls the allocation/freeing of memory.
6586 * Any free to the zone_map should be within the bounds of the map and
6587 * should free up memory. If the VM_MAP_RANGE_CHECK() silently converts a
6588 * free to the zone_map into a no-op, there is a problem and we should
6591 if ((map
== zone_map
) && (start
== end
))
6592 panic("Nothing being freed to the zone_map. start = end = %p\n", (void *)start
);
6593 result
= vm_map_delete(map
, start
, end
, flags
, VM_MAP_NULL
);
6601 * Routine: vm_map_copy_discard
6604 * Dispose of a map copy object (returned by
6608 vm_map_copy_discard(
6611 if (copy
== VM_MAP_COPY_NULL
)
6614 switch (copy
->type
) {
6615 case VM_MAP_COPY_ENTRY_LIST
:
6616 while (vm_map_copy_first_entry(copy
) !=
6617 vm_map_copy_to_entry(copy
)) {
6618 vm_map_entry_t entry
= vm_map_copy_first_entry(copy
);
6620 vm_map_copy_entry_unlink(copy
, entry
);
6621 if (entry
->is_sub_map
) {
6622 vm_map_deallocate(VME_SUBMAP(entry
));
6624 vm_object_deallocate(VME_OBJECT(entry
));
6626 vm_map_copy_entry_dispose(copy
, entry
);
6629 case VM_MAP_COPY_OBJECT
:
6630 vm_object_deallocate(copy
->cpy_object
);
6632 case VM_MAP_COPY_KERNEL_BUFFER
:
6635 * The vm_map_copy_t and possibly the data buffer were
6636 * allocated by a single call to kalloc(), i.e. the
6637 * vm_map_copy_t was not allocated out of the zone.
6639 if (copy
->size
> msg_ool_size_small
|| copy
->offset
)
6640 panic("Invalid vm_map_copy_t sz:%lld, ofst:%lld",
6641 (long long)copy
->size
, (long long)copy
->offset
);
6642 kfree(copy
, copy
->size
+ cpy_kdata_hdr_sz
);
6645 zfree(vm_map_copy_zone
, copy
);
6649 * Routine: vm_map_copy_copy
6652 * Move the information in a map copy object to
6653 * a new map copy object, leaving the old one
6656 * This is used by kernel routines that need
6657 * to look at out-of-line data (in copyin form)
6658 * before deciding whether to return SUCCESS.
6659 * If the routine returns FAILURE, the original
6660 * copy object will be deallocated; therefore,
6661 * these routines must make a copy of the copy
6662 * object and leave the original empty so that
6663 * deallocation will not fail.
6669 vm_map_copy_t new_copy
;
6671 if (copy
== VM_MAP_COPY_NULL
)
6672 return VM_MAP_COPY_NULL
;
6675 * Allocate a new copy object, and copy the information
6676 * from the old one into it.
6679 new_copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
6680 new_copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
6683 if (copy
->type
== VM_MAP_COPY_ENTRY_LIST
) {
6685 * The links in the entry chain must be
6686 * changed to point to the new copy object.
6688 vm_map_copy_first_entry(copy
)->vme_prev
6689 = vm_map_copy_to_entry(new_copy
);
6690 vm_map_copy_last_entry(copy
)->vme_next
6691 = vm_map_copy_to_entry(new_copy
);
6695 * Change the old copy object into one that contains
6696 * nothing to be deallocated.
6698 copy
->type
= VM_MAP_COPY_OBJECT
;
6699 copy
->cpy_object
= VM_OBJECT_NULL
;
6702 * Return the new object.
6707 static kern_return_t
6708 vm_map_overwrite_submap_recurse(
6710 vm_map_offset_t dst_addr
,
6711 vm_map_size_t dst_size
)
6713 vm_map_offset_t dst_end
;
6714 vm_map_entry_t tmp_entry
;
6715 vm_map_entry_t entry
;
6716 kern_return_t result
;
6717 boolean_t encountered_sub_map
= FALSE
;
6722 * Verify that the destination is all writeable
6723 * initially. We have to trunc the destination
6724 * address and round the copy size or we'll end up
6725 * splitting entries in strange ways.
6728 dst_end
= vm_map_round_page(dst_addr
+ dst_size
,
6729 VM_MAP_PAGE_MASK(dst_map
));
6730 vm_map_lock(dst_map
);
6733 if (!vm_map_lookup_entry(dst_map
, dst_addr
, &tmp_entry
)) {
6734 vm_map_unlock(dst_map
);
6735 return(KERN_INVALID_ADDRESS
);
6738 vm_map_clip_start(dst_map
,
6740 vm_map_trunc_page(dst_addr
,
6741 VM_MAP_PAGE_MASK(dst_map
)));
6742 if (tmp_entry
->is_sub_map
) {
6743 /* clipping did unnest if needed */
6744 assert(!tmp_entry
->use_pmap
);
6747 for (entry
= tmp_entry
;;) {
6748 vm_map_entry_t next
;
6750 next
= entry
->vme_next
;
6751 while(entry
->is_sub_map
) {
6752 vm_map_offset_t sub_start
;
6753 vm_map_offset_t sub_end
;
6754 vm_map_offset_t local_end
;
6756 if (entry
->in_transition
) {
6758 * Say that we are waiting, and wait for entry.
6760 entry
->needs_wakeup
= TRUE
;
6761 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
6766 encountered_sub_map
= TRUE
;
6767 sub_start
= VME_OFFSET(entry
);
6769 if(entry
->vme_end
< dst_end
)
6770 sub_end
= entry
->vme_end
;
6773 sub_end
-= entry
->vme_start
;
6774 sub_end
+= VME_OFFSET(entry
);
6775 local_end
= entry
->vme_end
;
6776 vm_map_unlock(dst_map
);
6778 result
= vm_map_overwrite_submap_recurse(
6781 sub_end
- sub_start
);
6783 if(result
!= KERN_SUCCESS
)
6785 if (dst_end
<= entry
->vme_end
)
6786 return KERN_SUCCESS
;
6787 vm_map_lock(dst_map
);
6788 if(!vm_map_lookup_entry(dst_map
, local_end
,
6790 vm_map_unlock(dst_map
);
6791 return(KERN_INVALID_ADDRESS
);
6794 next
= entry
->vme_next
;
6797 if ( ! (entry
->protection
& VM_PROT_WRITE
)) {
6798 vm_map_unlock(dst_map
);
6799 return(KERN_PROTECTION_FAILURE
);
6803 * If the entry is in transition, we must wait
6804 * for it to exit that state. Anything could happen
6805 * when we unlock the map, so start over.
6807 if (entry
->in_transition
) {
6810 * Say that we are waiting, and wait for entry.
6812 entry
->needs_wakeup
= TRUE
;
6813 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
6819 * our range is contained completely within this map entry
6821 if (dst_end
<= entry
->vme_end
) {
6822 vm_map_unlock(dst_map
);
6823 return KERN_SUCCESS
;
6826 * check that range specified is contiguous region
6828 if ((next
== vm_map_to_entry(dst_map
)) ||
6829 (next
->vme_start
!= entry
->vme_end
)) {
6830 vm_map_unlock(dst_map
);
6831 return(KERN_INVALID_ADDRESS
);
6835 * Check for permanent objects in the destination.
6837 if ((VME_OBJECT(entry
) != VM_OBJECT_NULL
) &&
6838 ((!VME_OBJECT(entry
)->internal
) ||
6839 (VME_OBJECT(entry
)->true_share
))) {
6840 if(encountered_sub_map
) {
6841 vm_map_unlock(dst_map
);
6842 return(KERN_FAILURE
);
6849 vm_map_unlock(dst_map
);
6850 return(KERN_SUCCESS
);
6854 * Routine: vm_map_copy_overwrite
6857 * Copy the memory described by the map copy
6858 * object (copy; returned by vm_map_copyin) onto
6859 * the specified destination region (dst_map, dst_addr).
6860 * The destination must be writeable.
6862 * Unlike vm_map_copyout, this routine actually
6863 * writes over previously-mapped memory. If the
6864 * previous mapping was to a permanent (user-supplied)
6865 * memory object, it is preserved.
6867 * The attributes (protection and inheritance) of the
6868 * destination region are preserved.
6870 * If successful, consumes the copy object.
6871 * Otherwise, the caller is responsible for it.
6873 * Implementation notes:
6874 * To overwrite aligned temporary virtual memory, it is
6875 * sufficient to remove the previous mapping and insert
6876 * the new copy. This replacement is done either on
6877 * the whole region (if no permanent virtual memory
6878 * objects are embedded in the destination region) or
6879 * in individual map entries.
6881 * To overwrite permanent virtual memory , it is necessary
6882 * to copy each page, as the external memory management
6883 * interface currently does not provide any optimizations.
6885 * Unaligned memory also has to be copied. It is possible
6886 * to use 'vm_trickery' to copy the aligned data. This is
6887 * not done but not hard to implement.
6889 * Once a page of permanent memory has been overwritten,
6890 * it is impossible to interrupt this function; otherwise,
6891 * the call would be neither atomic nor location-independent.
6892 * The kernel-state portion of a user thread must be
6895 * It may be expensive to forward all requests that might
6896 * overwrite permanent memory (vm_write, vm_copy) to
6897 * uninterruptible kernel threads. This routine may be
6898 * called by interruptible threads; however, success is
6899 * not guaranteed -- if the request cannot be performed
6900 * atomically and interruptibly, an error indication is
6904 static kern_return_t
6905 vm_map_copy_overwrite_nested(
6907 vm_map_address_t dst_addr
,
6909 boolean_t interruptible
,
6911 boolean_t discard_on_success
)
6913 vm_map_offset_t dst_end
;
6914 vm_map_entry_t tmp_entry
;
6915 vm_map_entry_t entry
;
6917 boolean_t aligned
= TRUE
;
6918 boolean_t contains_permanent_objects
= FALSE
;
6919 boolean_t encountered_sub_map
= FALSE
;
6920 vm_map_offset_t base_addr
;
6921 vm_map_size_t copy_size
;
6922 vm_map_size_t total_size
;
6926 * Check for null copy object.
6929 if (copy
== VM_MAP_COPY_NULL
)
6930 return(KERN_SUCCESS
);
6933 * Check for special kernel buffer allocated
6934 * by new_ipc_kmsg_copyin.
6937 if (copy
->type
== VM_MAP_COPY_KERNEL_BUFFER
) {
6938 return(vm_map_copyout_kernel_buffer(
6940 copy
, TRUE
, discard_on_success
));
6944 * Only works for entry lists at the moment. Will
6945 * support page lists later.
6948 assert(copy
->type
== VM_MAP_COPY_ENTRY_LIST
);
6950 if (copy
->size
== 0) {
6951 if (discard_on_success
)
6952 vm_map_copy_discard(copy
);
6953 return(KERN_SUCCESS
);
6957 * Verify that the destination is all writeable
6958 * initially. We have to trunc the destination
6959 * address and round the copy size or we'll end up
6960 * splitting entries in strange ways.
6963 if (!VM_MAP_PAGE_ALIGNED(copy
->size
,
6964 VM_MAP_PAGE_MASK(dst_map
)) ||
6965 !VM_MAP_PAGE_ALIGNED(copy
->offset
,
6966 VM_MAP_PAGE_MASK(dst_map
)) ||
6967 !VM_MAP_PAGE_ALIGNED(dst_addr
,
6968 VM_MAP_PAGE_MASK(dst_map
)))
6971 dst_end
= vm_map_round_page(dst_addr
+ copy
->size
,
6972 VM_MAP_PAGE_MASK(dst_map
));
6974 dst_end
= dst_addr
+ copy
->size
;
6977 vm_map_lock(dst_map
);
6979 /* LP64todo - remove this check when vm_map_commpage64()
6980 * no longer has to stuff in a map_entry for the commpage
6981 * above the map's max_offset.
6983 if (dst_addr
>= dst_map
->max_offset
) {
6984 vm_map_unlock(dst_map
);
6985 return(KERN_INVALID_ADDRESS
);
6989 if (!vm_map_lookup_entry(dst_map
, dst_addr
, &tmp_entry
)) {
6990 vm_map_unlock(dst_map
);
6991 return(KERN_INVALID_ADDRESS
);
6993 vm_map_clip_start(dst_map
,
6995 vm_map_trunc_page(dst_addr
,
6996 VM_MAP_PAGE_MASK(dst_map
)));
6997 for (entry
= tmp_entry
;;) {
6998 vm_map_entry_t next
= entry
->vme_next
;
7000 while(entry
->is_sub_map
) {
7001 vm_map_offset_t sub_start
;
7002 vm_map_offset_t sub_end
;
7003 vm_map_offset_t local_end
;
7005 if (entry
->in_transition
) {
7008 * Say that we are waiting, and wait for entry.
7010 entry
->needs_wakeup
= TRUE
;
7011 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
7016 local_end
= entry
->vme_end
;
7017 if (!(entry
->needs_copy
)) {
7018 /* if needs_copy we are a COW submap */
7019 /* in such a case we just replace so */
7020 /* there is no need for the follow- */
7022 encountered_sub_map
= TRUE
;
7023 sub_start
= VME_OFFSET(entry
);
7025 if(entry
->vme_end
< dst_end
)
7026 sub_end
= entry
->vme_end
;
7029 sub_end
-= entry
->vme_start
;
7030 sub_end
+= VME_OFFSET(entry
);
7031 vm_map_unlock(dst_map
);
7033 kr
= vm_map_overwrite_submap_recurse(
7036 sub_end
- sub_start
);
7037 if(kr
!= KERN_SUCCESS
)
7039 vm_map_lock(dst_map
);
7042 if (dst_end
<= entry
->vme_end
)
7043 goto start_overwrite
;
7044 if(!vm_map_lookup_entry(dst_map
, local_end
,
7046 vm_map_unlock(dst_map
);
7047 return(KERN_INVALID_ADDRESS
);
7049 next
= entry
->vme_next
;
7052 if ( ! (entry
->protection
& VM_PROT_WRITE
)) {
7053 vm_map_unlock(dst_map
);
7054 return(KERN_PROTECTION_FAILURE
);
7058 * If the entry is in transition, we must wait
7059 * for it to exit that state. Anything could happen
7060 * when we unlock the map, so start over.
7062 if (entry
->in_transition
) {
7065 * Say that we are waiting, and wait for entry.
7067 entry
->needs_wakeup
= TRUE
;
7068 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
7074 * our range is contained completely within this map entry
7076 if (dst_end
<= entry
->vme_end
)
7079 * check that range specified is contiguous region
7081 if ((next
== vm_map_to_entry(dst_map
)) ||
7082 (next
->vme_start
!= entry
->vme_end
)) {
7083 vm_map_unlock(dst_map
);
7084 return(KERN_INVALID_ADDRESS
);
7089 * Check for permanent objects in the destination.
7091 if ((VME_OBJECT(entry
) != VM_OBJECT_NULL
) &&
7092 ((!VME_OBJECT(entry
)->internal
) ||
7093 (VME_OBJECT(entry
)->true_share
))) {
7094 contains_permanent_objects
= TRUE
;
7102 * If there are permanent objects in the destination, then
7103 * the copy cannot be interrupted.
7106 if (interruptible
&& contains_permanent_objects
) {
7107 vm_map_unlock(dst_map
);
7108 return(KERN_FAILURE
); /* XXX */
7113 * Make a second pass, overwriting the data
7114 * At the beginning of each loop iteration,
7115 * the next entry to be overwritten is "tmp_entry"
7116 * (initially, the value returned from the lookup above),
7117 * and the starting address expected in that entry
7121 total_size
= copy
->size
;
7122 if(encountered_sub_map
) {
7124 /* re-calculate tmp_entry since we've had the map */
7126 if (!vm_map_lookup_entry( dst_map
, dst_addr
, &tmp_entry
)) {
7127 vm_map_unlock(dst_map
);
7128 return(KERN_INVALID_ADDRESS
);
7131 copy_size
= copy
->size
;
7134 base_addr
= dst_addr
;
7136 /* deconstruct the copy object and do in parts */
7137 /* only in sub_map, interruptable case */
7138 vm_map_entry_t copy_entry
;
7139 vm_map_entry_t previous_prev
= VM_MAP_ENTRY_NULL
;
7140 vm_map_entry_t next_copy
= VM_MAP_ENTRY_NULL
;
7142 int remaining_entries
= 0;
7143 vm_map_offset_t new_offset
= 0;
7145 for (entry
= tmp_entry
; copy_size
== 0;) {
7146 vm_map_entry_t next
;
7148 next
= entry
->vme_next
;
7150 /* tmp_entry and base address are moved along */
7151 /* each time we encounter a sub-map. Otherwise */
7152 /* entry can outpase tmp_entry, and the copy_size */
7153 /* may reflect the distance between them */
7154 /* if the current entry is found to be in transition */
7155 /* we will start over at the beginning or the last */
7156 /* encounter of a submap as dictated by base_addr */
7157 /* we will zero copy_size accordingly. */
7158 if (entry
->in_transition
) {
7160 * Say that we are waiting, and wait for entry.
7162 entry
->needs_wakeup
= TRUE
;
7163 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
7165 if(!vm_map_lookup_entry(dst_map
, base_addr
,
7167 vm_map_unlock(dst_map
);
7168 return(KERN_INVALID_ADDRESS
);
7174 if(entry
->is_sub_map
) {
7175 vm_map_offset_t sub_start
;
7176 vm_map_offset_t sub_end
;
7177 vm_map_offset_t local_end
;
7179 if (entry
->needs_copy
) {
7180 /* if this is a COW submap */
7181 /* just back the range with a */
7182 /* anonymous entry */
7183 if(entry
->vme_end
< dst_end
)
7184 sub_end
= entry
->vme_end
;
7187 if(entry
->vme_start
< base_addr
)
7188 sub_start
= base_addr
;
7190 sub_start
= entry
->vme_start
;
7192 dst_map
, entry
, sub_end
);
7194 dst_map
, entry
, sub_start
);
7195 assert(!entry
->use_pmap
);
7196 entry
->is_sub_map
= FALSE
;
7199 VME_SUBMAP_SET(entry
, NULL
);
7200 entry
->is_shared
= FALSE
;
7201 entry
->needs_copy
= FALSE
;
7202 VME_OFFSET_SET(entry
, 0);
7205 * We should propagate the protections
7206 * of the submap entry here instead
7207 * of forcing them to VM_PROT_ALL...
7208 * Or better yet, we should inherit
7209 * the protection of the copy_entry.
7211 entry
->protection
= VM_PROT_ALL
;
7212 entry
->max_protection
= VM_PROT_ALL
;
7213 entry
->wired_count
= 0;
7214 entry
->user_wired_count
= 0;
7215 if(entry
->inheritance
7216 == VM_INHERIT_SHARE
)
7217 entry
->inheritance
= VM_INHERIT_COPY
;
7220 /* first take care of any non-sub_map */
7221 /* entries to send */
7222 if(base_addr
< entry
->vme_start
) {
7225 entry
->vme_start
- base_addr
;
7228 sub_start
= VME_OFFSET(entry
);
7230 if(entry
->vme_end
< dst_end
)
7231 sub_end
= entry
->vme_end
;
7234 sub_end
-= entry
->vme_start
;
7235 sub_end
+= VME_OFFSET(entry
);
7236 local_end
= entry
->vme_end
;
7237 vm_map_unlock(dst_map
);
7238 copy_size
= sub_end
- sub_start
;
7240 /* adjust the copy object */
7241 if (total_size
> copy_size
) {
7242 vm_map_size_t local_size
= 0;
7243 vm_map_size_t entry_size
;
7246 new_offset
= copy
->offset
;
7247 copy_entry
= vm_map_copy_first_entry(copy
);
7249 vm_map_copy_to_entry(copy
)){
7250 entry_size
= copy_entry
->vme_end
-
7251 copy_entry
->vme_start
;
7252 if((local_size
< copy_size
) &&
7253 ((local_size
+ entry_size
)
7255 vm_map_copy_clip_end(copy
,
7257 copy_entry
->vme_start
+
7258 (copy_size
- local_size
));
7259 entry_size
= copy_entry
->vme_end
-
7260 copy_entry
->vme_start
;
7261 local_size
+= entry_size
;
7262 new_offset
+= entry_size
;
7264 if(local_size
>= copy_size
) {
7265 next_copy
= copy_entry
->vme_next
;
7266 copy_entry
->vme_next
=
7267 vm_map_copy_to_entry(copy
);
7269 copy
->cpy_hdr
.links
.prev
;
7270 copy
->cpy_hdr
.links
.prev
= copy_entry
;
7271 copy
->size
= copy_size
;
7273 copy
->cpy_hdr
.nentries
;
7274 remaining_entries
-= nentries
;
7275 copy
->cpy_hdr
.nentries
= nentries
;
7278 local_size
+= entry_size
;
7279 new_offset
+= entry_size
;
7282 copy_entry
= copy_entry
->vme_next
;
7286 if((entry
->use_pmap
) && (pmap
== NULL
)) {
7287 kr
= vm_map_copy_overwrite_nested(
7292 VME_SUBMAP(entry
)->pmap
,
7294 } else if (pmap
!= NULL
) {
7295 kr
= vm_map_copy_overwrite_nested(
7299 interruptible
, pmap
,
7302 kr
= vm_map_copy_overwrite_nested(
7310 if(kr
!= KERN_SUCCESS
) {
7311 if(next_copy
!= NULL
) {
7312 copy
->cpy_hdr
.nentries
+=
7314 copy
->cpy_hdr
.links
.prev
->vme_next
=
7316 copy
->cpy_hdr
.links
.prev
7318 copy
->size
= total_size
;
7322 if (dst_end
<= local_end
) {
7323 return(KERN_SUCCESS
);
7325 /* otherwise copy no longer exists, it was */
7326 /* destroyed after successful copy_overwrite */
7327 copy
= (vm_map_copy_t
)
7328 zalloc(vm_map_copy_zone
);
7329 copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
7330 vm_map_copy_first_entry(copy
) =
7331 vm_map_copy_last_entry(copy
) =
7332 vm_map_copy_to_entry(copy
);
7333 copy
->type
= VM_MAP_COPY_ENTRY_LIST
;
7334 copy
->offset
= new_offset
;
7338 * this does not seem to deal with
7339 * the VM map store (R&B tree)
7342 total_size
-= copy_size
;
7344 /* put back remainder of copy in container */
7345 if(next_copy
!= NULL
) {
7346 copy
->cpy_hdr
.nentries
= remaining_entries
;
7347 copy
->cpy_hdr
.links
.next
= next_copy
;
7348 copy
->cpy_hdr
.links
.prev
= previous_prev
;
7349 copy
->size
= total_size
;
7350 next_copy
->vme_prev
=
7351 vm_map_copy_to_entry(copy
);
7354 base_addr
= local_end
;
7355 vm_map_lock(dst_map
);
7356 if(!vm_map_lookup_entry(dst_map
,
7357 local_end
, &tmp_entry
)) {
7358 vm_map_unlock(dst_map
);
7359 return(KERN_INVALID_ADDRESS
);
7364 if (dst_end
<= entry
->vme_end
) {
7365 copy_size
= dst_end
- base_addr
;
7369 if ((next
== vm_map_to_entry(dst_map
)) ||
7370 (next
->vme_start
!= entry
->vme_end
)) {
7371 vm_map_unlock(dst_map
);
7372 return(KERN_INVALID_ADDRESS
);
7381 /* adjust the copy object */
7382 if (total_size
> copy_size
) {
7383 vm_map_size_t local_size
= 0;
7384 vm_map_size_t entry_size
;
7386 new_offset
= copy
->offset
;
7387 copy_entry
= vm_map_copy_first_entry(copy
);
7388 while(copy_entry
!= vm_map_copy_to_entry(copy
)) {
7389 entry_size
= copy_entry
->vme_end
-
7390 copy_entry
->vme_start
;
7391 if((local_size
< copy_size
) &&
7392 ((local_size
+ entry_size
)
7394 vm_map_copy_clip_end(copy
, copy_entry
,
7395 copy_entry
->vme_start
+
7396 (copy_size
- local_size
));
7397 entry_size
= copy_entry
->vme_end
-
7398 copy_entry
->vme_start
;
7399 local_size
+= entry_size
;
7400 new_offset
+= entry_size
;
7402 if(local_size
>= copy_size
) {
7403 next_copy
= copy_entry
->vme_next
;
7404 copy_entry
->vme_next
=
7405 vm_map_copy_to_entry(copy
);
7407 copy
->cpy_hdr
.links
.prev
;
7408 copy
->cpy_hdr
.links
.prev
= copy_entry
;
7409 copy
->size
= copy_size
;
7411 copy
->cpy_hdr
.nentries
;
7412 remaining_entries
-= nentries
;
7413 copy
->cpy_hdr
.nentries
= nentries
;
7416 local_size
+= entry_size
;
7417 new_offset
+= entry_size
;
7420 copy_entry
= copy_entry
->vme_next
;
7430 local_pmap
= dst_map
->pmap
;
7432 if ((kr
= vm_map_copy_overwrite_aligned(
7433 dst_map
, tmp_entry
, copy
,
7434 base_addr
, local_pmap
)) != KERN_SUCCESS
) {
7435 if(next_copy
!= NULL
) {
7436 copy
->cpy_hdr
.nentries
+=
7438 copy
->cpy_hdr
.links
.prev
->vme_next
=
7440 copy
->cpy_hdr
.links
.prev
=
7442 copy
->size
+= copy_size
;
7446 vm_map_unlock(dst_map
);
7451 * if the copy and dst address are misaligned but the same
7452 * offset within the page we can copy_not_aligned the
7453 * misaligned parts and copy aligned the rest. If they are
7454 * aligned but len is unaligned we simply need to copy
7455 * the end bit unaligned. We'll need to split the misaligned
7456 * bits of the region in this case !
7458 /* ALWAYS UNLOCKS THE dst_map MAP */
7459 kr
= vm_map_copy_overwrite_unaligned(
7464 discard_on_success
);
7465 if (kr
!= KERN_SUCCESS
) {
7466 if(next_copy
!= NULL
) {
7467 copy
->cpy_hdr
.nentries
+=
7469 copy
->cpy_hdr
.links
.prev
->vme_next
=
7471 copy
->cpy_hdr
.links
.prev
=
7473 copy
->size
+= copy_size
;
7478 total_size
-= copy_size
;
7481 base_addr
+= copy_size
;
7483 copy
->offset
= new_offset
;
7484 if(next_copy
!= NULL
) {
7485 copy
->cpy_hdr
.nentries
= remaining_entries
;
7486 copy
->cpy_hdr
.links
.next
= next_copy
;
7487 copy
->cpy_hdr
.links
.prev
= previous_prev
;
7488 next_copy
->vme_prev
= vm_map_copy_to_entry(copy
);
7489 copy
->size
= total_size
;
7491 vm_map_lock(dst_map
);
7493 if (!vm_map_lookup_entry(dst_map
,
7494 base_addr
, &tmp_entry
)) {
7495 vm_map_unlock(dst_map
);
7496 return(KERN_INVALID_ADDRESS
);
7498 if (tmp_entry
->in_transition
) {
7499 entry
->needs_wakeup
= TRUE
;
7500 vm_map_entry_wait(dst_map
, THREAD_UNINT
);
7505 vm_map_clip_start(dst_map
,
7507 vm_map_trunc_page(base_addr
,
7508 VM_MAP_PAGE_MASK(dst_map
)));
7514 * Throw away the vm_map_copy object
7516 if (discard_on_success
)
7517 vm_map_copy_discard(copy
);
7519 return(KERN_SUCCESS
);
7520 }/* vm_map_copy_overwrite */
7523 vm_map_copy_overwrite(
7525 vm_map_offset_t dst_addr
,
7527 boolean_t interruptible
)
7529 vm_map_size_t head_size
, tail_size
;
7530 vm_map_copy_t head_copy
, tail_copy
;
7531 vm_map_offset_t head_addr
, tail_addr
;
7532 vm_map_entry_t entry
;
7542 if (interruptible
||
7543 copy
== VM_MAP_COPY_NULL
||
7544 copy
->type
!= VM_MAP_COPY_ENTRY_LIST
) {
7546 * We can't split the "copy" map if we're interruptible
7547 * or if we don't have a "copy" map...
7550 return vm_map_copy_overwrite_nested(dst_map
,
7558 if (copy
->size
< 3 * PAGE_SIZE
) {
7560 * Too small to bother with optimizing...
7565 if ((dst_addr
& VM_MAP_PAGE_MASK(dst_map
)) !=
7566 (copy
->offset
& VM_MAP_PAGE_MASK(dst_map
))) {
7568 * Incompatible mis-alignment of source and destination...
7574 * Proper alignment or identical mis-alignment at the beginning.
7575 * Let's try and do a small unaligned copy first (if needed)
7576 * and then an aligned copy for the rest.
7578 if (!page_aligned(dst_addr
)) {
7579 head_addr
= dst_addr
;
7580 head_size
= (VM_MAP_PAGE_SIZE(dst_map
) -
7581 (copy
->offset
& VM_MAP_PAGE_MASK(dst_map
)));
7583 if (!page_aligned(copy
->offset
+ copy
->size
)) {
7585 * Mis-alignment at the end.
7586 * Do an aligned copy up to the last page and
7587 * then an unaligned copy for the remaining bytes.
7589 tail_size
= ((copy
->offset
+ copy
->size
) &
7590 VM_MAP_PAGE_MASK(dst_map
));
7591 tail_addr
= dst_addr
+ copy
->size
- tail_size
;
7594 if (head_size
+ tail_size
== copy
->size
) {
7596 * It's all unaligned, no optimization possible...
7602 * Can't optimize if there are any submaps in the
7603 * destination due to the way we free the "copy" map
7604 * progressively in vm_map_copy_overwrite_nested()
7607 vm_map_lock_read(dst_map
);
7608 if (! vm_map_lookup_entry(dst_map
, dst_addr
, &entry
)) {
7609 vm_map_unlock_read(dst_map
);
7613 (entry
!= vm_map_copy_to_entry(copy
) &&
7614 entry
->vme_start
< dst_addr
+ copy
->size
);
7615 entry
= entry
->vme_next
) {
7616 if (entry
->is_sub_map
) {
7617 vm_map_unlock_read(dst_map
);
7621 vm_map_unlock_read(dst_map
);
7625 * Unaligned copy of the first "head_size" bytes, to reach
7630 * Extract "head_copy" out of "copy".
7632 head_copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
7633 head_copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
7634 vm_map_copy_first_entry(head_copy
) =
7635 vm_map_copy_to_entry(head_copy
);
7636 vm_map_copy_last_entry(head_copy
) =
7637 vm_map_copy_to_entry(head_copy
);
7638 head_copy
->type
= VM_MAP_COPY_ENTRY_LIST
;
7639 head_copy
->cpy_hdr
.nentries
= 0;
7640 head_copy
->cpy_hdr
.entries_pageable
=
7641 copy
->cpy_hdr
.entries_pageable
;
7642 vm_map_store_init(&head_copy
->cpy_hdr
);
7644 head_copy
->offset
= copy
->offset
;
7645 head_copy
->size
= head_size
;
7647 copy
->offset
+= head_size
;
7648 copy
->size
-= head_size
;
7650 entry
= vm_map_copy_first_entry(copy
);
7651 vm_map_copy_clip_end(copy
, entry
, copy
->offset
);
7652 vm_map_copy_entry_unlink(copy
, entry
);
7653 vm_map_copy_entry_link(head_copy
,
7654 vm_map_copy_to_entry(head_copy
),
7658 * Do the unaligned copy.
7660 kr
= vm_map_copy_overwrite_nested(dst_map
,
7666 if (kr
!= KERN_SUCCESS
)
7672 * Extract "tail_copy" out of "copy".
7674 tail_copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
7675 tail_copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
7676 vm_map_copy_first_entry(tail_copy
) =
7677 vm_map_copy_to_entry(tail_copy
);
7678 vm_map_copy_last_entry(tail_copy
) =
7679 vm_map_copy_to_entry(tail_copy
);
7680 tail_copy
->type
= VM_MAP_COPY_ENTRY_LIST
;
7681 tail_copy
->cpy_hdr
.nentries
= 0;
7682 tail_copy
->cpy_hdr
.entries_pageable
=
7683 copy
->cpy_hdr
.entries_pageable
;
7684 vm_map_store_init(&tail_copy
->cpy_hdr
);
7686 tail_copy
->offset
= copy
->offset
+ copy
->size
- tail_size
;
7687 tail_copy
->size
= tail_size
;
7689 copy
->size
-= tail_size
;
7691 entry
= vm_map_copy_last_entry(copy
);
7692 vm_map_copy_clip_start(copy
, entry
, tail_copy
->offset
);
7693 entry
= vm_map_copy_last_entry(copy
);
7694 vm_map_copy_entry_unlink(copy
, entry
);
7695 vm_map_copy_entry_link(tail_copy
,
7696 vm_map_copy_last_entry(tail_copy
),
7701 * Copy most (or possibly all) of the data.
7703 kr
= vm_map_copy_overwrite_nested(dst_map
,
7704 dst_addr
+ head_size
,
7709 if (kr
!= KERN_SUCCESS
) {
7714 kr
= vm_map_copy_overwrite_nested(dst_map
,
7723 assert(copy
->type
== VM_MAP_COPY_ENTRY_LIST
);
7724 if (kr
== KERN_SUCCESS
) {
7726 * Discard all the copy maps.
7729 vm_map_copy_discard(head_copy
);
7732 vm_map_copy_discard(copy
);
7734 vm_map_copy_discard(tail_copy
);
7739 * Re-assemble the original copy map.
7742 entry
= vm_map_copy_first_entry(head_copy
);
7743 vm_map_copy_entry_unlink(head_copy
, entry
);
7744 vm_map_copy_entry_link(copy
,
7745 vm_map_copy_to_entry(copy
),
7747 copy
->offset
-= head_size
;
7748 copy
->size
+= head_size
;
7749 vm_map_copy_discard(head_copy
);
7753 entry
= vm_map_copy_last_entry(tail_copy
);
7754 vm_map_copy_entry_unlink(tail_copy
, entry
);
7755 vm_map_copy_entry_link(copy
,
7756 vm_map_copy_last_entry(copy
),
7758 copy
->size
+= tail_size
;
7759 vm_map_copy_discard(tail_copy
);
7768 * Routine: vm_map_copy_overwrite_unaligned [internal use only]
7771 * Physically copy unaligned data
7774 * Unaligned parts of pages have to be physically copied. We use
7775 * a modified form of vm_fault_copy (which understands none-aligned
7776 * page offsets and sizes) to do the copy. We attempt to copy as
7777 * much memory in one go as possibly, however vm_fault_copy copies
7778 * within 1 memory object so we have to find the smaller of "amount left"
7779 * "source object data size" and "target object data size". With
7780 * unaligned data we don't need to split regions, therefore the source
7781 * (copy) object should be one map entry, the target range may be split
7782 * over multiple map entries however. In any event we are pessimistic
7783 * about these assumptions.
7786 * dst_map is locked on entry and is return locked on success,
7787 * unlocked on error.
7790 static kern_return_t
7791 vm_map_copy_overwrite_unaligned(
7793 vm_map_entry_t entry
,
7795 vm_map_offset_t start
,
7796 boolean_t discard_on_success
)
7798 vm_map_entry_t copy_entry
;
7799 vm_map_entry_t copy_entry_next
;
7800 vm_map_version_t version
;
7801 vm_object_t dst_object
;
7802 vm_object_offset_t dst_offset
;
7803 vm_object_offset_t src_offset
;
7804 vm_object_offset_t entry_offset
;
7805 vm_map_offset_t entry_end
;
7806 vm_map_size_t src_size
,
7810 kern_return_t kr
= KERN_SUCCESS
;
7813 copy_entry
= vm_map_copy_first_entry(copy
);
7815 vm_map_lock_write_to_read(dst_map
);
7817 src_offset
= copy
->offset
- vm_object_trunc_page(copy
->offset
);
7818 amount_left
= copy
->size
;
7820 * unaligned so we never clipped this entry, we need the offset into
7821 * the vm_object not just the data.
7823 while (amount_left
> 0) {
7825 if (entry
== vm_map_to_entry(dst_map
)) {
7826 vm_map_unlock_read(dst_map
);
7827 return KERN_INVALID_ADDRESS
;
7830 /* "start" must be within the current map entry */
7831 assert ((start
>=entry
->vme_start
) && (start
<entry
->vme_end
));
7833 dst_offset
= start
- entry
->vme_start
;
7835 dst_size
= entry
->vme_end
- start
;
7837 src_size
= copy_entry
->vme_end
-
7838 (copy_entry
->vme_start
+ src_offset
);
7840 if (dst_size
< src_size
) {
7842 * we can only copy dst_size bytes before
7843 * we have to get the next destination entry
7845 copy_size
= dst_size
;
7848 * we can only copy src_size bytes before
7849 * we have to get the next source copy entry
7851 copy_size
= src_size
;
7854 if (copy_size
> amount_left
) {
7855 copy_size
= amount_left
;
7858 * Entry needs copy, create a shadow shadow object for
7859 * Copy on write region.
7861 if (entry
->needs_copy
&&
7862 ((entry
->protection
& VM_PROT_WRITE
) != 0))
7864 if (vm_map_lock_read_to_write(dst_map
)) {
7865 vm_map_lock_read(dst_map
);
7868 VME_OBJECT_SHADOW(entry
,
7869 (vm_map_size_t
)(entry
->vme_end
7870 - entry
->vme_start
));
7871 entry
->needs_copy
= FALSE
;
7872 vm_map_lock_write_to_read(dst_map
);
7874 dst_object
= VME_OBJECT(entry
);
7876 * unlike with the virtual (aligned) copy we're going
7877 * to fault on it therefore we need a target object.
7879 if (dst_object
== VM_OBJECT_NULL
) {
7880 if (vm_map_lock_read_to_write(dst_map
)) {
7881 vm_map_lock_read(dst_map
);
7884 dst_object
= vm_object_allocate((vm_map_size_t
)
7885 entry
->vme_end
- entry
->vme_start
);
7886 VME_OBJECT(entry
) = dst_object
;
7887 VME_OFFSET_SET(entry
, 0);
7888 assert(entry
->use_pmap
);
7889 vm_map_lock_write_to_read(dst_map
);
7892 * Take an object reference and unlock map. The "entry" may
7893 * disappear or change when the map is unlocked.
7895 vm_object_reference(dst_object
);
7896 version
.main_timestamp
= dst_map
->timestamp
;
7897 entry_offset
= VME_OFFSET(entry
);
7898 entry_end
= entry
->vme_end
;
7899 vm_map_unlock_read(dst_map
);
7901 * Copy as much as possible in one pass
7904 VME_OBJECT(copy_entry
),
7905 VME_OFFSET(copy_entry
) + src_offset
,
7908 entry_offset
+ dst_offset
,
7914 src_offset
+= copy_size
;
7915 amount_left
-= copy_size
;
7917 * Release the object reference
7919 vm_object_deallocate(dst_object
);
7921 * If a hard error occurred, return it now
7923 if (kr
!= KERN_SUCCESS
)
7926 if ((copy_entry
->vme_start
+ src_offset
) == copy_entry
->vme_end
7927 || amount_left
== 0)
7930 * all done with this copy entry, dispose.
7932 copy_entry_next
= copy_entry
->vme_next
;
7934 if (discard_on_success
) {
7935 vm_map_copy_entry_unlink(copy
, copy_entry
);
7936 assert(!copy_entry
->is_sub_map
);
7937 vm_object_deallocate(VME_OBJECT(copy_entry
));
7938 vm_map_copy_entry_dispose(copy
, copy_entry
);
7941 if (copy_entry_next
== vm_map_copy_to_entry(copy
) &&
7944 * not finished copying but run out of source
7946 return KERN_INVALID_ADDRESS
;
7949 copy_entry
= copy_entry_next
;
7954 if (amount_left
== 0)
7955 return KERN_SUCCESS
;
7957 vm_map_lock_read(dst_map
);
7958 if (version
.main_timestamp
== dst_map
->timestamp
) {
7959 if (start
== entry_end
) {
7961 * destination region is split. Use the version
7962 * information to avoid a lookup in the normal
7965 entry
= entry
->vme_next
;
7967 * should be contiguous. Fail if we encounter
7968 * a hole in the destination.
7970 if (start
!= entry
->vme_start
) {
7971 vm_map_unlock_read(dst_map
);
7972 return KERN_INVALID_ADDRESS
;
7977 * Map version check failed.
7978 * we must lookup the entry because somebody
7979 * might have changed the map behind our backs.
7982 if (!vm_map_lookup_entry(dst_map
, start
, &entry
))
7984 vm_map_unlock_read(dst_map
);
7985 return KERN_INVALID_ADDRESS
;
7990 return KERN_SUCCESS
;
7991 }/* vm_map_copy_overwrite_unaligned */
7994 * Routine: vm_map_copy_overwrite_aligned [internal use only]
7997 * Does all the vm_trickery possible for whole pages.
8001 * If there are no permanent objects in the destination,
8002 * and the source and destination map entry zones match,
8003 * and the destination map entry is not shared,
8004 * then the map entries can be deleted and replaced
8005 * with those from the copy. The following code is the
8006 * basic idea of what to do, but there are lots of annoying
8007 * little details about getting protection and inheritance
8008 * right. Should add protection, inheritance, and sharing checks
8009 * to the above pass and make sure that no wiring is involved.
8012 int vm_map_copy_overwrite_aligned_src_not_internal
= 0;
8013 int vm_map_copy_overwrite_aligned_src_not_symmetric
= 0;
8014 int vm_map_copy_overwrite_aligned_src_large
= 0;
8016 static kern_return_t
8017 vm_map_copy_overwrite_aligned(
8019 vm_map_entry_t tmp_entry
,
8021 vm_map_offset_t start
,
8022 __unused pmap_t pmap
)
8025 vm_map_entry_t copy_entry
;
8026 vm_map_size_t copy_size
;
8028 vm_map_entry_t entry
;
8030 while ((copy_entry
= vm_map_copy_first_entry(copy
))
8031 != vm_map_copy_to_entry(copy
))
8033 copy_size
= (copy_entry
->vme_end
- copy_entry
->vme_start
);
8036 if (entry
->is_sub_map
) {
8037 /* unnested when clipped earlier */
8038 assert(!entry
->use_pmap
);
8040 if (entry
== vm_map_to_entry(dst_map
)) {
8041 vm_map_unlock(dst_map
);
8042 return KERN_INVALID_ADDRESS
;
8044 size
= (entry
->vme_end
- entry
->vme_start
);
8046 * Make sure that no holes popped up in the
8047 * address map, and that the protection is
8048 * still valid, in case the map was unlocked
8052 if ((entry
->vme_start
!= start
) || ((entry
->is_sub_map
)
8053 && !entry
->needs_copy
)) {
8054 vm_map_unlock(dst_map
);
8055 return(KERN_INVALID_ADDRESS
);
8057 assert(entry
!= vm_map_to_entry(dst_map
));
8060 * Check protection again
8063 if ( ! (entry
->protection
& VM_PROT_WRITE
)) {
8064 vm_map_unlock(dst_map
);
8065 return(KERN_PROTECTION_FAILURE
);
8069 * Adjust to source size first
8072 if (copy_size
< size
) {
8073 if (entry
->map_aligned
&&
8074 !VM_MAP_PAGE_ALIGNED(entry
->vme_start
+ copy_size
,
8075 VM_MAP_PAGE_MASK(dst_map
))) {
8076 /* no longer map-aligned */
8077 entry
->map_aligned
= FALSE
;
8079 vm_map_clip_end(dst_map
, entry
, entry
->vme_start
+ copy_size
);
8084 * Adjust to destination size
8087 if (size
< copy_size
) {
8088 vm_map_copy_clip_end(copy
, copy_entry
,
8089 copy_entry
->vme_start
+ size
);
8093 assert((entry
->vme_end
- entry
->vme_start
) == size
);
8094 assert((tmp_entry
->vme_end
- tmp_entry
->vme_start
) == size
);
8095 assert((copy_entry
->vme_end
- copy_entry
->vme_start
) == size
);
8098 * If the destination contains temporary unshared memory,
8099 * we can perform the copy by throwing it away and
8100 * installing the source data.
8103 object
= VME_OBJECT(entry
);
8104 if ((!entry
->is_shared
&&
8105 ((object
== VM_OBJECT_NULL
) ||
8106 (object
->internal
&& !object
->true_share
))) ||
8107 entry
->needs_copy
) {
8108 vm_object_t old_object
= VME_OBJECT(entry
);
8109 vm_object_offset_t old_offset
= VME_OFFSET(entry
);
8110 vm_object_offset_t offset
;
8113 * Ensure that the source and destination aren't
8116 if (old_object
== VME_OBJECT(copy_entry
) &&
8117 old_offset
== VME_OFFSET(copy_entry
)) {
8118 vm_map_copy_entry_unlink(copy
, copy_entry
);
8119 vm_map_copy_entry_dispose(copy
, copy_entry
);
8121 if (old_object
!= VM_OBJECT_NULL
)
8122 vm_object_deallocate(old_object
);
8124 start
= tmp_entry
->vme_end
;
8125 tmp_entry
= tmp_entry
->vme_next
;
8129 #define __TRADEOFF1_OBJ_SIZE (64 * 1024 * 1024) /* 64 MB */
8130 #define __TRADEOFF1_COPY_SIZE (128 * 1024) /* 128 KB */
8131 if (VME_OBJECT(copy_entry
) != VM_OBJECT_NULL
&&
8132 VME_OBJECT(copy_entry
)->vo_size
>= __TRADEOFF1_OBJ_SIZE
&&
8133 copy_size
<= __TRADEOFF1_COPY_SIZE
) {
8135 * Virtual vs. Physical copy tradeoff #1.
8137 * Copying only a few pages out of a large
8138 * object: do a physical copy instead of
8139 * a virtual copy, to avoid possibly keeping
8140 * the entire large object alive because of
8141 * those few copy-on-write pages.
8143 vm_map_copy_overwrite_aligned_src_large
++;
8147 if ((dst_map
->pmap
!= kernel_pmap
) &&
8148 (VME_ALIAS(entry
) >= VM_MEMORY_MALLOC
) &&
8149 (VME_ALIAS(entry
) <= VM_MEMORY_MALLOC_LARGE_REUSED
)) {
8150 vm_object_t new_object
, new_shadow
;
8153 * We're about to map something over a mapping
8154 * established by malloc()...
8156 new_object
= VME_OBJECT(copy_entry
);
8157 if (new_object
!= VM_OBJECT_NULL
) {
8158 vm_object_lock_shared(new_object
);
8160 while (new_object
!= VM_OBJECT_NULL
&&
8161 !new_object
->true_share
&&
8162 new_object
->copy_strategy
== MEMORY_OBJECT_COPY_SYMMETRIC
&&
8163 new_object
->internal
) {
8164 new_shadow
= new_object
->shadow
;
8165 if (new_shadow
== VM_OBJECT_NULL
) {
8168 vm_object_lock_shared(new_shadow
);
8169 vm_object_unlock(new_object
);
8170 new_object
= new_shadow
;
8172 if (new_object
!= VM_OBJECT_NULL
) {
8173 if (!new_object
->internal
) {
8175 * The new mapping is backed
8176 * by an external object. We
8177 * don't want malloc'ed memory
8178 * to be replaced with such a
8179 * non-anonymous mapping, so
8180 * let's go off the optimized
8183 vm_map_copy_overwrite_aligned_src_not_internal
++;
8184 vm_object_unlock(new_object
);
8187 if (new_object
->true_share
||
8188 new_object
->copy_strategy
!= MEMORY_OBJECT_COPY_SYMMETRIC
) {
8190 * Same if there's a "true_share"
8191 * object in the shadow chain, or
8192 * an object with a non-default
8193 * (SYMMETRIC) copy strategy.
8195 vm_map_copy_overwrite_aligned_src_not_symmetric
++;
8196 vm_object_unlock(new_object
);
8199 vm_object_unlock(new_object
);
8202 * The new mapping is still backed by
8203 * anonymous (internal) memory, so it's
8204 * OK to substitute it for the original
8209 if (old_object
!= VM_OBJECT_NULL
) {
8210 if(entry
->is_sub_map
) {
8211 if(entry
->use_pmap
) {
8212 #ifndef NO_NESTED_PMAP
8213 pmap_unnest(dst_map
->pmap
,
8214 (addr64_t
)entry
->vme_start
,
8215 entry
->vme_end
- entry
->vme_start
);
8216 #endif /* NO_NESTED_PMAP */
8217 if(dst_map
->mapped_in_other_pmaps
) {
8218 /* clean up parent */
8220 vm_map_submap_pmap_clean(
8221 dst_map
, entry
->vme_start
,
8227 vm_map_submap_pmap_clean(
8228 dst_map
, entry
->vme_start
,
8233 vm_map_deallocate(VME_SUBMAP(entry
));
8235 if(dst_map
->mapped_in_other_pmaps
) {
8236 vm_object_pmap_protect_options(
8244 PMAP_OPTIONS_REMOVE
);
8246 pmap_remove_options(
8248 (addr64_t
)(entry
->vme_start
),
8249 (addr64_t
)(entry
->vme_end
),
8250 PMAP_OPTIONS_REMOVE
);
8252 vm_object_deallocate(old_object
);
8256 entry
->is_sub_map
= FALSE
;
8257 VME_OBJECT_SET(entry
, VME_OBJECT(copy_entry
));
8258 object
= VME_OBJECT(entry
);
8259 entry
->needs_copy
= copy_entry
->needs_copy
;
8260 entry
->wired_count
= 0;
8261 entry
->user_wired_count
= 0;
8262 offset
= VME_OFFSET(copy_entry
);
8263 VME_OFFSET_SET(entry
, offset
);
8265 vm_map_copy_entry_unlink(copy
, copy_entry
);
8266 vm_map_copy_entry_dispose(copy
, copy_entry
);
8269 * we could try to push pages into the pmap at this point, BUT
8270 * this optimization only saved on average 2 us per page if ALL
8271 * the pages in the source were currently mapped
8272 * and ALL the pages in the dest were touched, if there were fewer
8273 * than 2/3 of the pages touched, this optimization actually cost more cycles
8274 * it also puts a lot of pressure on the pmap layer w/r to mapping structures
8278 * Set up for the next iteration. The map
8279 * has not been unlocked, so the next
8280 * address should be at the end of this
8281 * entry, and the next map entry should be
8282 * the one following it.
8285 start
= tmp_entry
->vme_end
;
8286 tmp_entry
= tmp_entry
->vme_next
;
8288 vm_map_version_t version
;
8289 vm_object_t dst_object
;
8290 vm_object_offset_t dst_offset
;
8294 if (entry
->needs_copy
) {
8295 VME_OBJECT_SHADOW(entry
,
8298 entry
->needs_copy
= FALSE
;
8301 dst_object
= VME_OBJECT(entry
);
8302 dst_offset
= VME_OFFSET(entry
);
8305 * Take an object reference, and record
8306 * the map version information so that the
8307 * map can be safely unlocked.
8310 if (dst_object
== VM_OBJECT_NULL
) {
8312 * We would usually have just taken the
8313 * optimized path above if the destination
8314 * object has not been allocated yet. But we
8315 * now disable that optimization if the copy
8316 * entry's object is not backed by anonymous
8317 * memory to avoid replacing malloc'ed
8318 * (i.e. re-usable) anonymous memory with a
8319 * not-so-anonymous mapping.
8320 * So we have to handle this case here and
8321 * allocate a new VM object for this map entry.
8323 dst_object
= vm_object_allocate(
8324 entry
->vme_end
- entry
->vme_start
);
8326 VME_OBJECT_SET(entry
, dst_object
);
8327 VME_OFFSET_SET(entry
, dst_offset
);
8328 assert(entry
->use_pmap
);
8332 vm_object_reference(dst_object
);
8334 /* account for unlock bumping up timestamp */
8335 version
.main_timestamp
= dst_map
->timestamp
+ 1;
8337 vm_map_unlock(dst_map
);
8340 * Copy as much as possible in one pass
8345 VME_OBJECT(copy_entry
),
8346 VME_OFFSET(copy_entry
),
8355 * Release the object reference
8358 vm_object_deallocate(dst_object
);
8361 * If a hard error occurred, return it now
8364 if (r
!= KERN_SUCCESS
)
8367 if (copy_size
!= 0) {
8369 * Dispose of the copied region
8372 vm_map_copy_clip_end(copy
, copy_entry
,
8373 copy_entry
->vme_start
+ copy_size
);
8374 vm_map_copy_entry_unlink(copy
, copy_entry
);
8375 vm_object_deallocate(VME_OBJECT(copy_entry
));
8376 vm_map_copy_entry_dispose(copy
, copy_entry
);
8380 * Pick up in the destination map where we left off.
8382 * Use the version information to avoid a lookup
8383 * in the normal case.
8387 vm_map_lock(dst_map
);
8388 if (version
.main_timestamp
== dst_map
->timestamp
&&
8390 /* We can safely use saved tmp_entry value */
8392 if (tmp_entry
->map_aligned
&&
8393 !VM_MAP_PAGE_ALIGNED(
8395 VM_MAP_PAGE_MASK(dst_map
))) {
8396 /* no longer map-aligned */
8397 tmp_entry
->map_aligned
= FALSE
;
8399 vm_map_clip_end(dst_map
, tmp_entry
, start
);
8400 tmp_entry
= tmp_entry
->vme_next
;
8402 /* Must do lookup of tmp_entry */
8404 if (!vm_map_lookup_entry(dst_map
, start
, &tmp_entry
)) {
8405 vm_map_unlock(dst_map
);
8406 return(KERN_INVALID_ADDRESS
);
8408 if (tmp_entry
->map_aligned
&&
8409 !VM_MAP_PAGE_ALIGNED(
8411 VM_MAP_PAGE_MASK(dst_map
))) {
8412 /* no longer map-aligned */
8413 tmp_entry
->map_aligned
= FALSE
;
8415 vm_map_clip_start(dst_map
, tmp_entry
, start
);
8420 return(KERN_SUCCESS
);
8421 }/* vm_map_copy_overwrite_aligned */
8424 * Routine: vm_map_copyin_kernel_buffer [internal use only]
8427 * Copy in data to a kernel buffer from space in the
8428 * source map. The original space may be optionally
8431 * If successful, returns a new copy object.
8433 static kern_return_t
8434 vm_map_copyin_kernel_buffer(
8436 vm_map_offset_t src_addr
,
8438 boolean_t src_destroy
,
8439 vm_map_copy_t
*copy_result
)
8443 vm_size_t kalloc_size
;
8445 if (len
> msg_ool_size_small
)
8446 return KERN_INVALID_ARGUMENT
;
8448 kalloc_size
= (vm_size_t
)(cpy_kdata_hdr_sz
+ len
);
8450 copy
= (vm_map_copy_t
)kalloc(kalloc_size
);
8451 if (copy
== VM_MAP_COPY_NULL
)
8452 return KERN_RESOURCE_SHORTAGE
;
8453 copy
->type
= VM_MAP_COPY_KERNEL_BUFFER
;
8457 kr
= copyinmap(src_map
, src_addr
, copy
->cpy_kdata
, (vm_size_t
)len
);
8458 if (kr
!= KERN_SUCCESS
) {
8459 kfree(copy
, kalloc_size
);
8463 (void) vm_map_remove(
8465 vm_map_trunc_page(src_addr
,
8466 VM_MAP_PAGE_MASK(src_map
)),
8467 vm_map_round_page(src_addr
+ len
,
8468 VM_MAP_PAGE_MASK(src_map
)),
8469 (VM_MAP_REMOVE_INTERRUPTIBLE
|
8470 VM_MAP_REMOVE_WAIT_FOR_KWIRE
|
8471 (src_map
== kernel_map
) ? VM_MAP_REMOVE_KUNWIRE
: 0));
8473 *copy_result
= copy
;
8474 return KERN_SUCCESS
;
8478 * Routine: vm_map_copyout_kernel_buffer [internal use only]
8481 * Copy out data from a kernel buffer into space in the
8482 * destination map. The space may be otpionally dynamically
8485 * If successful, consumes the copy object.
8486 * Otherwise, the caller is responsible for it.
8488 static int vm_map_copyout_kernel_buffer_failures
= 0;
8489 static kern_return_t
8490 vm_map_copyout_kernel_buffer(
8492 vm_map_address_t
*addr
, /* IN/OUT */
8494 boolean_t overwrite
,
8495 boolean_t consume_on_success
)
8497 kern_return_t kr
= KERN_SUCCESS
;
8498 thread_t thread
= current_thread();
8501 * check for corrupted vm_map_copy structure
8503 if (copy
->size
> msg_ool_size_small
|| copy
->offset
)
8504 panic("Invalid vm_map_copy_t sz:%lld, ofst:%lld",
8505 (long long)copy
->size
, (long long)copy
->offset
);
8510 * Allocate space in the target map for the data
8513 kr
= vm_map_enter(map
,
8515 vm_map_round_page(copy
->size
,
8516 VM_MAP_PAGE_MASK(map
)),
8517 (vm_map_offset_t
) 0,
8520 (vm_object_offset_t
) 0,
8524 VM_INHERIT_DEFAULT
);
8525 if (kr
!= KERN_SUCCESS
)
8530 * Copyout the data from the kernel buffer to the target map.
8532 if (thread
->map
== map
) {
8535 * If the target map is the current map, just do
8538 assert((vm_size_t
) copy
->size
== copy
->size
);
8539 if (copyout(copy
->cpy_kdata
, *addr
, (vm_size_t
) copy
->size
)) {
8540 kr
= KERN_INVALID_ADDRESS
;
8547 * If the target map is another map, assume the
8548 * target's address space identity for the duration
8551 vm_map_reference(map
);
8552 oldmap
= vm_map_switch(map
);
8554 assert((vm_size_t
) copy
->size
== copy
->size
);
8555 if (copyout(copy
->cpy_kdata
, *addr
, (vm_size_t
) copy
->size
)) {
8556 vm_map_copyout_kernel_buffer_failures
++;
8557 kr
= KERN_INVALID_ADDRESS
;
8560 (void) vm_map_switch(oldmap
);
8561 vm_map_deallocate(map
);
8564 if (kr
!= KERN_SUCCESS
) {
8565 /* the copy failed, clean up */
8568 * Deallocate the space we allocated in the target map.
8570 (void) vm_map_remove(
8572 vm_map_trunc_page(*addr
,
8573 VM_MAP_PAGE_MASK(map
)),
8574 vm_map_round_page((*addr
+
8575 vm_map_round_page(copy
->size
,
8576 VM_MAP_PAGE_MASK(map
))),
8577 VM_MAP_PAGE_MASK(map
)),
8582 /* copy was successful, dicard the copy structure */
8583 if (consume_on_success
) {
8584 kfree(copy
, copy
->size
+ cpy_kdata_hdr_sz
);
8592 * Macro: vm_map_copy_insert
8595 * Link a copy chain ("copy") into a map at the
8596 * specified location (after "where").
8598 * The copy chain is destroyed.
8600 * The arguments are evaluated multiple times.
8602 #define vm_map_copy_insert(map, where, copy) \
8604 vm_map_store_copy_insert(map, where, copy); \
8605 zfree(vm_map_copy_zone, copy); \
8611 vm_map_entry_t where
,
8613 vm_map_offset_t adjustment
,
8616 vm_inherit_t inheritance
)
8618 vm_map_entry_t copy_entry
, new_entry
;
8620 for (copy_entry
= vm_map_copy_first_entry(copy
);
8621 copy_entry
!= vm_map_copy_to_entry(copy
);
8622 copy_entry
= copy_entry
->vme_next
) {
8623 /* get a new VM map entry for the map */
8624 new_entry
= vm_map_entry_create(map
,
8625 !map
->hdr
.entries_pageable
);
8626 /* copy the "copy entry" to the new entry */
8627 vm_map_entry_copy(new_entry
, copy_entry
);
8628 /* adjust "start" and "end" */
8629 new_entry
->vme_start
+= adjustment
;
8630 new_entry
->vme_end
+= adjustment
;
8631 /* clear some attributes */
8632 new_entry
->inheritance
= inheritance
;
8633 new_entry
->protection
= cur_prot
;
8634 new_entry
->max_protection
= max_prot
;
8635 new_entry
->behavior
= VM_BEHAVIOR_DEFAULT
;
8636 /* take an extra reference on the entry's "object" */
8637 if (new_entry
->is_sub_map
) {
8638 assert(!new_entry
->use_pmap
); /* not nested */
8639 vm_map_lock(VME_SUBMAP(new_entry
));
8640 vm_map_reference(VME_SUBMAP(new_entry
));
8641 vm_map_unlock(VME_SUBMAP(new_entry
));
8643 vm_object_reference(VME_OBJECT(new_entry
));
8645 /* insert the new entry in the map */
8646 vm_map_store_entry_link(map
, where
, new_entry
);
8647 /* continue inserting the "copy entries" after the new entry */
8654 vm_map_copy_validate_size(
8659 if (copy
== VM_MAP_COPY_NULL
)
8661 switch (copy
->type
) {
8662 case VM_MAP_COPY_OBJECT
:
8663 case VM_MAP_COPY_KERNEL_BUFFER
:
8664 if (size
== copy
->size
)
8667 case VM_MAP_COPY_ENTRY_LIST
:
8669 * potential page-size rounding prevents us from exactly
8670 * validating this flavor of vm_map_copy, but we can at least
8671 * assert that it's within a range.
8673 if (copy
->size
>= size
&&
8674 copy
->size
<= vm_map_round_page(size
,
8675 VM_MAP_PAGE_MASK(dst_map
)))
8686 * Routine: vm_map_copyout
8689 * Copy out a copy chain ("copy") into newly-allocated
8690 * space in the destination map.
8692 * If successful, consumes the copy object.
8693 * Otherwise, the caller is responsible for it.
8699 vm_map_address_t
*dst_addr
, /* OUT */
8702 return vm_map_copyout_internal(dst_map
, dst_addr
, copy
,
8703 TRUE
, /* consume_on_success */
8706 VM_INHERIT_DEFAULT
);
8710 vm_map_copyout_internal(
8712 vm_map_address_t
*dst_addr
, /* OUT */
8714 boolean_t consume_on_success
,
8715 vm_prot_t cur_protection
,
8716 vm_prot_t max_protection
,
8717 vm_inherit_t inheritance
)
8720 vm_map_size_t adjustment
;
8721 vm_map_offset_t start
;
8722 vm_object_offset_t vm_copy_start
;
8723 vm_map_entry_t last
;
8724 vm_map_entry_t entry
;
8725 vm_map_entry_t hole_entry
;
8728 * Check for null copy object.
8731 if (copy
== VM_MAP_COPY_NULL
) {
8733 return(KERN_SUCCESS
);
8737 * Check for special copy object, created
8738 * by vm_map_copyin_object.
8741 if (copy
->type
== VM_MAP_COPY_OBJECT
) {
8742 vm_object_t object
= copy
->cpy_object
;
8744 vm_object_offset_t offset
;
8746 offset
= vm_object_trunc_page(copy
->offset
);
8747 size
= vm_map_round_page((copy
->size
+
8748 (vm_map_size_t
)(copy
->offset
-
8750 VM_MAP_PAGE_MASK(dst_map
));
8752 kr
= vm_map_enter(dst_map
, dst_addr
, size
,
8753 (vm_map_offset_t
) 0, VM_FLAGS_ANYWHERE
,
8754 object
, offset
, FALSE
,
8755 VM_PROT_DEFAULT
, VM_PROT_ALL
,
8756 VM_INHERIT_DEFAULT
);
8757 if (kr
!= KERN_SUCCESS
)
8759 /* Account for non-pagealigned copy object */
8760 *dst_addr
+= (vm_map_offset_t
)(copy
->offset
- offset
);
8761 if (consume_on_success
)
8762 zfree(vm_map_copy_zone
, copy
);
8763 return(KERN_SUCCESS
);
8767 * Check for special kernel buffer allocated
8768 * by new_ipc_kmsg_copyin.
8771 if (copy
->type
== VM_MAP_COPY_KERNEL_BUFFER
) {
8772 return vm_map_copyout_kernel_buffer(dst_map
, dst_addr
,
8774 consume_on_success
);
8779 * Find space for the data
8782 vm_copy_start
= vm_map_trunc_page((vm_map_size_t
)copy
->offset
,
8783 VM_MAP_COPY_PAGE_MASK(copy
));
8784 size
= vm_map_round_page((vm_map_size_t
)copy
->offset
+ copy
->size
,
8785 VM_MAP_COPY_PAGE_MASK(copy
))
8791 vm_map_lock(dst_map
);
8792 if( dst_map
->disable_vmentry_reuse
== TRUE
) {
8793 VM_MAP_HIGHEST_ENTRY(dst_map
, entry
, start
);
8796 if (dst_map
->holelistenabled
) {
8797 hole_entry
= (vm_map_entry_t
)dst_map
->holes_list
;
8799 if (hole_entry
== NULL
) {
8801 * No more space in the map?
8803 vm_map_unlock(dst_map
);
8804 return(KERN_NO_SPACE
);
8808 start
= last
->vme_start
;
8810 assert(first_free_is_valid(dst_map
));
8811 start
= ((last
= dst_map
->first_free
) == vm_map_to_entry(dst_map
)) ?
8812 vm_map_min(dst_map
) : last
->vme_end
;
8814 start
= vm_map_round_page(start
,
8815 VM_MAP_PAGE_MASK(dst_map
));
8819 vm_map_entry_t next
= last
->vme_next
;
8820 vm_map_offset_t end
= start
+ size
;
8822 if ((end
> dst_map
->max_offset
) || (end
< start
)) {
8823 if (dst_map
->wait_for_space
) {
8824 if (size
<= (dst_map
->max_offset
- dst_map
->min_offset
)) {
8825 assert_wait((event_t
) dst_map
,
8826 THREAD_INTERRUPTIBLE
);
8827 vm_map_unlock(dst_map
);
8828 thread_block(THREAD_CONTINUE_NULL
);
8832 vm_map_unlock(dst_map
);
8833 return(KERN_NO_SPACE
);
8836 if (dst_map
->holelistenabled
) {
8837 if (last
->vme_end
>= end
)
8841 * If there are no more entries, we must win.
8845 * If there is another entry, it must be
8846 * after the end of the potential new region.
8849 if (next
== vm_map_to_entry(dst_map
))
8852 if (next
->vme_start
>= end
)
8858 if (dst_map
->holelistenabled
) {
8859 if (last
== (vm_map_entry_t
) dst_map
->holes_list
) {
8863 vm_map_unlock(dst_map
);
8864 return(KERN_NO_SPACE
);
8866 start
= last
->vme_start
;
8868 start
= last
->vme_end
;
8870 start
= vm_map_round_page(start
,
8871 VM_MAP_PAGE_MASK(dst_map
));
8874 if (dst_map
->holelistenabled
) {
8875 if (vm_map_lookup_entry(dst_map
, last
->vme_start
, &last
)) {
8876 panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", last
, (unsigned long long)last
->vme_start
);
8881 adjustment
= start
- vm_copy_start
;
8882 if (! consume_on_success
) {
8884 * We're not allowed to consume "copy", so we'll have to
8885 * copy its map entries into the destination map below.
8886 * No need to re-allocate map entries from the correct
8887 * (pageable or not) zone, since we'll get new map entries
8888 * during the transfer.
8889 * We'll also adjust the map entries's "start" and "end"
8890 * during the transfer, to keep "copy"'s entries consistent
8891 * with its "offset".
8893 goto after_adjustments
;
8897 * Since we're going to just drop the map
8898 * entries from the copy into the destination
8899 * map, they must come from the same pool.
8902 if (copy
->cpy_hdr
.entries_pageable
!= dst_map
->hdr
.entries_pageable
) {
8904 * Mismatches occur when dealing with the default
8908 vm_map_entry_t next
, new;
8911 * Find the zone that the copies were allocated from
8914 entry
= vm_map_copy_first_entry(copy
);
8917 * Reinitialize the copy so that vm_map_copy_entry_link
8920 vm_map_store_copy_reset(copy
, entry
);
8921 copy
->cpy_hdr
.entries_pageable
= dst_map
->hdr
.entries_pageable
;
8926 while (entry
!= vm_map_copy_to_entry(copy
)) {
8927 new = vm_map_copy_entry_create(copy
, !copy
->cpy_hdr
.entries_pageable
);
8928 vm_map_entry_copy_full(new, entry
);
8929 assert(!new->iokit_acct
);
8930 if (new->is_sub_map
) {
8931 /* clr address space specifics */
8932 new->use_pmap
= FALSE
;
8934 vm_map_copy_entry_link(copy
,
8935 vm_map_copy_last_entry(copy
),
8937 next
= entry
->vme_next
;
8938 old_zone
= entry
->from_reserved_zone
? vm_map_entry_reserved_zone
: vm_map_entry_zone
;
8939 zfree(old_zone
, entry
);
8945 * Adjust the addresses in the copy chain, and
8946 * reset the region attributes.
8949 for (entry
= vm_map_copy_first_entry(copy
);
8950 entry
!= vm_map_copy_to_entry(copy
);
8951 entry
= entry
->vme_next
) {
8952 if (VM_MAP_PAGE_SHIFT(dst_map
) == PAGE_SHIFT
) {
8954 * We're injecting this copy entry into a map that
8955 * has the standard page alignment, so clear
8956 * "map_aligned" (which might have been inherited
8957 * from the original map entry).
8959 entry
->map_aligned
= FALSE
;
8962 entry
->vme_start
+= adjustment
;
8963 entry
->vme_end
+= adjustment
;
8965 if (entry
->map_aligned
) {
8966 assert(VM_MAP_PAGE_ALIGNED(entry
->vme_start
,
8967 VM_MAP_PAGE_MASK(dst_map
)));
8968 assert(VM_MAP_PAGE_ALIGNED(entry
->vme_end
,
8969 VM_MAP_PAGE_MASK(dst_map
)));
8972 entry
->inheritance
= VM_INHERIT_DEFAULT
;
8973 entry
->protection
= VM_PROT_DEFAULT
;
8974 entry
->max_protection
= VM_PROT_ALL
;
8975 entry
->behavior
= VM_BEHAVIOR_DEFAULT
;
8978 * If the entry is now wired,
8979 * map the pages into the destination map.
8981 if (entry
->wired_count
!= 0) {
8982 register vm_map_offset_t va
;
8983 vm_object_offset_t offset
;
8984 register vm_object_t object
;
8988 object
= VME_OBJECT(entry
);
8989 offset
= VME_OFFSET(entry
);
8990 va
= entry
->vme_start
;
8992 pmap_pageable(dst_map
->pmap
,
8997 while (va
< entry
->vme_end
) {
8998 register vm_page_t m
;
9001 * Look up the page in the object.
9002 * Assert that the page will be found in the
9005 * the object was newly created by
9006 * vm_object_copy_slowly, and has
9007 * copies of all of the pages from
9010 * the object was moved from the old
9011 * map entry; because the old map
9012 * entry was wired, all of the pages
9013 * were in the top-level object.
9014 * (XXX not true if we wire pages for
9017 vm_object_lock(object
);
9019 m
= vm_page_lookup(object
, offset
);
9020 if (m
== VM_PAGE_NULL
|| !VM_PAGE_WIRED(m
) ||
9022 panic("vm_map_copyout: wiring %p", m
);
9026 * The page is assumed to be wired here, so it
9027 * shouldn't be encrypted. Otherwise, we
9028 * couldn't enter it in the page table, since
9029 * we don't want the user to see the encrypted
9032 ASSERT_PAGE_DECRYPTED(m
);
9034 prot
= entry
->protection
;
9036 if (override_nx(dst_map
, VME_ALIAS(entry
)) &&
9038 prot
|= VM_PROT_EXECUTE
;
9040 type_of_fault
= DBG_CACHE_HIT_FAULT
;
9042 vm_fault_enter(m
, dst_map
->pmap
, va
, prot
, prot
,
9043 VM_PAGE_WIRED(m
), FALSE
, FALSE
,
9044 FALSE
, VME_ALIAS(entry
),
9045 ((entry
->iokit_acct
||
9046 (!entry
->is_sub_map
&&
9048 ? PMAP_OPTIONS_ALT_ACCT
9050 NULL
, &type_of_fault
);
9052 vm_object_unlock(object
);
9054 offset
+= PAGE_SIZE_64
;
9063 * Correct the page alignment for the result
9066 *dst_addr
= start
+ (copy
->offset
- vm_copy_start
);
9069 * Update the hints and the map size
9072 if (consume_on_success
) {
9073 SAVE_HINT_MAP_WRITE(dst_map
, vm_map_copy_last_entry(copy
));
9075 SAVE_HINT_MAP_WRITE(dst_map
, last
);
9078 dst_map
->size
+= size
;
9084 if (consume_on_success
) {
9085 vm_map_copy_insert(dst_map
, last
, copy
);
9087 vm_map_copy_remap(dst_map
, last
, copy
, adjustment
,
9088 cur_protection
, max_protection
,
9092 vm_map_unlock(dst_map
);
9095 * XXX If wiring_required, call vm_map_pageable
9098 return(KERN_SUCCESS
);
9102 * Routine: vm_map_copyin
9105 * see vm_map_copyin_common. Exported via Unsupported.exports.
9109 #undef vm_map_copyin
9114 vm_map_address_t src_addr
,
9116 boolean_t src_destroy
,
9117 vm_map_copy_t
*copy_result
) /* OUT */
9119 return(vm_map_copyin_common(src_map
, src_addr
, len
, src_destroy
,
9120 FALSE
, copy_result
, FALSE
));
9124 * Routine: vm_map_copyin_common
9127 * Copy the specified region (src_addr, len) from the
9128 * source address space (src_map), possibly removing
9129 * the region from the source address space (src_destroy).
9132 * A vm_map_copy_t object (copy_result), suitable for
9133 * insertion into another address space (using vm_map_copyout),
9134 * copying over another address space region (using
9135 * vm_map_copy_overwrite). If the copy is unused, it
9136 * should be destroyed (using vm_map_copy_discard).
9138 * In/out conditions:
9139 * The source map should not be locked on entry.
9142 typedef struct submap_map
{
9143 vm_map_t parent_map
;
9144 vm_map_offset_t base_start
;
9145 vm_map_offset_t base_end
;
9146 vm_map_size_t base_len
;
9147 struct submap_map
*next
;
9151 vm_map_copyin_common(
9153 vm_map_address_t src_addr
,
9155 boolean_t src_destroy
,
9156 __unused boolean_t src_volatile
,
9157 vm_map_copy_t
*copy_result
, /* OUT */
9158 boolean_t use_maxprot
)
9164 flags
|= VM_MAP_COPYIN_SRC_DESTROY
;
9167 flags
|= VM_MAP_COPYIN_USE_MAXPROT
;
9169 return vm_map_copyin_internal(src_map
,
9176 vm_map_copyin_internal(
9178 vm_map_address_t src_addr
,
9181 vm_map_copy_t
*copy_result
) /* OUT */
9183 vm_map_entry_t tmp_entry
; /* Result of last map lookup --
9184 * in multi-level lookup, this
9185 * entry contains the actual
9188 vm_map_entry_t new_entry
= VM_MAP_ENTRY_NULL
; /* Map entry for copy */
9190 vm_map_offset_t src_start
; /* Start of current entry --
9191 * where copy is taking place now
9193 vm_map_offset_t src_end
; /* End of entire region to be
9195 vm_map_offset_t src_base
;
9196 vm_map_t base_map
= src_map
;
9197 boolean_t map_share
=FALSE
;
9198 submap_map_t
*parent_maps
= NULL
;
9200 vm_map_copy_t copy
; /* Resulting copy */
9201 vm_map_address_t copy_addr
;
9202 vm_map_size_t copy_size
;
9203 boolean_t src_destroy
;
9204 boolean_t use_maxprot
;
9206 if (flags
& ~VM_MAP_COPYIN_ALL_FLAGS
) {
9207 return KERN_INVALID_ARGUMENT
;
9210 src_destroy
= (flags
& VM_MAP_COPYIN_SRC_DESTROY
) ? TRUE
: FALSE
;
9211 use_maxprot
= (flags
& VM_MAP_COPYIN_USE_MAXPROT
) ? TRUE
: FALSE
;
9214 * Check for copies of zero bytes.
9218 *copy_result
= VM_MAP_COPY_NULL
;
9219 return(KERN_SUCCESS
);
9223 * Check that the end address doesn't overflow
9225 src_end
= src_addr
+ len
;
9226 if (src_end
< src_addr
)
9227 return KERN_INVALID_ADDRESS
;
9230 * If the copy is sufficiently small, use a kernel buffer instead
9231 * of making a virtual copy. The theory being that the cost of
9232 * setting up VM (and taking C-O-W faults) dominates the copy costs
9233 * for small regions.
9235 if ((len
< msg_ool_size_small
) &&
9237 !(flags
& VM_MAP_COPYIN_ENTRY_LIST
))
9238 return vm_map_copyin_kernel_buffer(src_map
, src_addr
, len
,
9239 src_destroy
, copy_result
);
9242 * Compute (page aligned) start and end of region
9244 src_start
= vm_map_trunc_page(src_addr
,
9245 VM_MAP_PAGE_MASK(src_map
));
9246 src_end
= vm_map_round_page(src_end
,
9247 VM_MAP_PAGE_MASK(src_map
));
9249 XPR(XPR_VM_MAP
, "vm_map_copyin_common map 0x%x addr 0x%x len 0x%x dest %d\n", src_map
, src_addr
, len
, src_destroy
, 0);
9252 * Allocate a header element for the list.
9254 * Use the start and end in the header to
9255 * remember the endpoints prior to rounding.
9258 copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
9259 copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
9260 vm_map_copy_first_entry(copy
) =
9261 vm_map_copy_last_entry(copy
) = vm_map_copy_to_entry(copy
);
9262 copy
->type
= VM_MAP_COPY_ENTRY_LIST
;
9263 copy
->cpy_hdr
.nentries
= 0;
9264 copy
->cpy_hdr
.entries_pageable
= TRUE
;
9266 copy
->cpy_hdr
.page_shift
= src_map
->hdr
.page_shift
;
9269 * The copy entries can be broken down for a variety of reasons,
9270 * so we can't guarantee that they will remain map-aligned...
9271 * Will need to adjust the first copy_entry's "vme_start" and
9272 * the last copy_entry's "vme_end" to be rounded to PAGE_MASK
9273 * rather than the original map's alignment.
9275 copy
->cpy_hdr
.page_shift
= PAGE_SHIFT
;
9278 vm_map_store_init( &(copy
->cpy_hdr
) );
9280 copy
->offset
= src_addr
;
9283 new_entry
= vm_map_copy_entry_create(copy
, !copy
->cpy_hdr
.entries_pageable
);
9287 vm_map_unlock(src_map); \
9288 if(src_map != base_map) \
9289 vm_map_deallocate(src_map); \
9290 if (new_entry != VM_MAP_ENTRY_NULL) \
9291 vm_map_copy_entry_dispose(copy,new_entry); \
9292 vm_map_copy_discard(copy); \
9294 submap_map_t *_ptr; \
9296 for(_ptr = parent_maps; _ptr != NULL; _ptr = parent_maps) { \
9297 parent_maps=parent_maps->next; \
9298 if (_ptr->parent_map != base_map) \
9299 vm_map_deallocate(_ptr->parent_map); \
9300 kfree(_ptr, sizeof(submap_map_t)); \
9307 * Find the beginning of the region.
9310 vm_map_lock(src_map
);
9313 * Lookup the original "src_addr" rather than the truncated
9314 * "src_start", in case "src_start" falls in a non-map-aligned
9315 * map entry *before* the map entry that contains "src_addr"...
9317 if (!vm_map_lookup_entry(src_map
, src_addr
, &tmp_entry
))
9318 RETURN(KERN_INVALID_ADDRESS
);
9319 if(!tmp_entry
->is_sub_map
) {
9321 * ... but clip to the map-rounded "src_start" rather than
9322 * "src_addr" to preserve map-alignment. We'll adjust the
9323 * first copy entry at the end, if needed.
9325 vm_map_clip_start(src_map
, tmp_entry
, src_start
);
9327 if (src_start
< tmp_entry
->vme_start
) {
9329 * Move "src_start" up to the start of the
9330 * first map entry to copy.
9332 src_start
= tmp_entry
->vme_start
;
9334 /* set for later submap fix-up */
9335 copy_addr
= src_start
;
9338 * Go through entries until we get to the end.
9343 vm_map_entry_t src_entry
= tmp_entry
; /* Top-level entry */
9344 vm_map_size_t src_size
; /* Size of source
9345 * map entry (in both
9350 vm_object_t src_object
; /* Object to copy */
9351 vm_object_offset_t src_offset
;
9353 boolean_t src_needs_copy
; /* Should source map
9355 * for copy-on-write?
9358 boolean_t new_entry_needs_copy
; /* Will new entry be COW? */
9360 boolean_t was_wired
; /* Was source wired? */
9361 vm_map_version_t version
; /* Version before locks
9362 * dropped to make copy
9364 kern_return_t result
; /* Return value from
9365 * copy_strategically.
9367 while(tmp_entry
->is_sub_map
) {
9368 vm_map_size_t submap_len
;
9371 ptr
= (submap_map_t
*)kalloc(sizeof(submap_map_t
));
9372 ptr
->next
= parent_maps
;
9374 ptr
->parent_map
= src_map
;
9375 ptr
->base_start
= src_start
;
9376 ptr
->base_end
= src_end
;
9377 submap_len
= tmp_entry
->vme_end
- src_start
;
9378 if(submap_len
> (src_end
-src_start
))
9379 submap_len
= src_end
-src_start
;
9380 ptr
->base_len
= submap_len
;
9382 src_start
-= tmp_entry
->vme_start
;
9383 src_start
+= VME_OFFSET(tmp_entry
);
9384 src_end
= src_start
+ submap_len
;
9385 src_map
= VME_SUBMAP(tmp_entry
);
9386 vm_map_lock(src_map
);
9387 /* keep an outstanding reference for all maps in */
9388 /* the parents tree except the base map */
9389 vm_map_reference(src_map
);
9390 vm_map_unlock(ptr
->parent_map
);
9391 if (!vm_map_lookup_entry(
9392 src_map
, src_start
, &tmp_entry
))
9393 RETURN(KERN_INVALID_ADDRESS
);
9395 if(!tmp_entry
->is_sub_map
)
9396 vm_map_clip_start(src_map
, tmp_entry
, src_start
);
9397 src_entry
= tmp_entry
;
9399 /* we are now in the lowest level submap... */
9401 if ((VME_OBJECT(tmp_entry
) != VM_OBJECT_NULL
) &&
9402 (VME_OBJECT(tmp_entry
)->phys_contiguous
)) {
9403 /* This is not, supported for now.In future */
9404 /* we will need to detect the phys_contig */
9405 /* condition and then upgrade copy_slowly */
9406 /* to do physical copy from the device mem */
9407 /* based object. We can piggy-back off of */
9408 /* the was wired boolean to set-up the */
9409 /* proper handling */
9410 RETURN(KERN_PROTECTION_FAILURE
);
9413 * Create a new address map entry to hold the result.
9414 * Fill in the fields from the appropriate source entries.
9415 * We must unlock the source map to do this if we need
9416 * to allocate a map entry.
9418 if (new_entry
== VM_MAP_ENTRY_NULL
) {
9419 version
.main_timestamp
= src_map
->timestamp
;
9420 vm_map_unlock(src_map
);
9422 new_entry
= vm_map_copy_entry_create(copy
, !copy
->cpy_hdr
.entries_pageable
);
9424 vm_map_lock(src_map
);
9425 if ((version
.main_timestamp
+ 1) != src_map
->timestamp
) {
9426 if (!vm_map_lookup_entry(src_map
, src_start
,
9428 RETURN(KERN_INVALID_ADDRESS
);
9430 if (!tmp_entry
->is_sub_map
)
9431 vm_map_clip_start(src_map
, tmp_entry
, src_start
);
9432 continue; /* restart w/ new tmp_entry */
9437 * Verify that the region can be read.
9439 if (((src_entry
->protection
& VM_PROT_READ
) == VM_PROT_NONE
&&
9441 (src_entry
->max_protection
& VM_PROT_READ
) == 0)
9442 RETURN(KERN_PROTECTION_FAILURE
);
9445 * Clip against the endpoints of the entire region.
9448 vm_map_clip_end(src_map
, src_entry
, src_end
);
9450 src_size
= src_entry
->vme_end
- src_start
;
9451 src_object
= VME_OBJECT(src_entry
);
9452 src_offset
= VME_OFFSET(src_entry
);
9453 was_wired
= (src_entry
->wired_count
!= 0);
9455 vm_map_entry_copy(new_entry
, src_entry
);
9456 if (new_entry
->is_sub_map
) {
9457 /* clr address space specifics */
9458 new_entry
->use_pmap
= FALSE
;
9462 * Attempt non-blocking copy-on-write optimizations.
9466 (src_object
== VM_OBJECT_NULL
||
9467 (src_object
->internal
&& !src_object
->true_share
9470 * If we are destroying the source, and the object
9471 * is internal, we can move the object reference
9472 * from the source to the copy. The copy is
9473 * copy-on-write only if the source is.
9474 * We make another reference to the object, because
9475 * destroying the source entry will deallocate it.
9477 vm_object_reference(src_object
);
9480 * Copy is always unwired. vm_map_copy_entry
9481 * set its wired count to zero.
9484 goto CopySuccessful
;
9489 XPR(XPR_VM_MAP
, "vm_map_copyin_common src_obj 0x%x ent 0x%x obj 0x%x was_wired %d\n",
9490 src_object
, new_entry
, VME_OBJECT(new_entry
),
9492 if ((src_object
== VM_OBJECT_NULL
||
9493 (!was_wired
&& !map_share
&& !tmp_entry
->is_shared
)) &&
9494 vm_object_copy_quickly(
9495 &VME_OBJECT(new_entry
),
9499 &new_entry_needs_copy
)) {
9501 new_entry
->needs_copy
= new_entry_needs_copy
;
9504 * Handle copy-on-write obligations
9507 if (src_needs_copy
&& !tmp_entry
->needs_copy
) {
9510 prot
= src_entry
->protection
& ~VM_PROT_WRITE
;
9512 if (override_nx(src_map
, VME_ALIAS(src_entry
))
9514 prot
|= VM_PROT_EXECUTE
;
9516 vm_object_pmap_protect(
9520 (src_entry
->is_shared
?
9523 src_entry
->vme_start
,
9526 assert(tmp_entry
->wired_count
== 0);
9527 tmp_entry
->needs_copy
= TRUE
;
9531 * The map has never been unlocked, so it's safe
9532 * to move to the next entry rather than doing
9536 goto CopySuccessful
;
9540 * Take an object reference, so that we may
9541 * release the map lock(s).
9544 assert(src_object
!= VM_OBJECT_NULL
);
9545 vm_object_reference(src_object
);
9548 * Record the timestamp for later verification.
9552 version
.main_timestamp
= src_map
->timestamp
;
9553 vm_map_unlock(src_map
); /* Increments timestamp once! */
9561 vm_object_lock(src_object
);
9562 result
= vm_object_copy_slowly(
9567 &VME_OBJECT(new_entry
));
9568 VME_OFFSET_SET(new_entry
, 0);
9569 new_entry
->needs_copy
= FALSE
;
9572 else if (src_object
->copy_strategy
== MEMORY_OBJECT_COPY_SYMMETRIC
&&
9573 (tmp_entry
->is_shared
|| map_share
)) {
9574 vm_object_t new_object
;
9576 vm_object_lock_shared(src_object
);
9577 new_object
= vm_object_copy_delayed(
9582 if (new_object
== VM_OBJECT_NULL
)
9585 VME_OBJECT_SET(new_entry
, new_object
);
9586 assert(new_entry
->wired_count
== 0);
9587 new_entry
->needs_copy
= TRUE
;
9588 assert(!new_entry
->iokit_acct
);
9589 assert(new_object
->purgable
== VM_PURGABLE_DENY
);
9590 new_entry
->use_pmap
= TRUE
;
9591 result
= KERN_SUCCESS
;
9594 vm_object_offset_t new_offset
;
9595 new_offset
= VME_OFFSET(new_entry
);
9596 result
= vm_object_copy_strategically(src_object
,
9599 &VME_OBJECT(new_entry
),
9601 &new_entry_needs_copy
);
9602 if (new_offset
!= VME_OFFSET(new_entry
)) {
9603 VME_OFFSET_SET(new_entry
, new_offset
);
9606 new_entry
->needs_copy
= new_entry_needs_copy
;
9609 if (result
!= KERN_SUCCESS
&&
9610 result
!= KERN_MEMORY_RESTART_COPY
) {
9611 vm_map_lock(src_map
);
9616 * Throw away the extra reference
9619 vm_object_deallocate(src_object
);
9622 * Verify that the map has not substantially
9623 * changed while the copy was being made.
9626 vm_map_lock(src_map
);
9628 if ((version
.main_timestamp
+ 1) == src_map
->timestamp
)
9629 goto VerificationSuccessful
;
9632 * Simple version comparison failed.
9634 * Retry the lookup and verify that the
9635 * same object/offset are still present.
9637 * [Note: a memory manager that colludes with
9638 * the calling task can detect that we have
9639 * cheated. While the map was unlocked, the
9640 * mapping could have been changed and restored.]
9643 if (!vm_map_lookup_entry(src_map
, src_start
, &tmp_entry
)) {
9644 if (result
!= KERN_MEMORY_RESTART_COPY
) {
9645 vm_object_deallocate(VME_OBJECT(new_entry
));
9646 VME_OBJECT_SET(new_entry
, VM_OBJECT_NULL
);
9647 assert(!new_entry
->iokit_acct
);
9648 new_entry
->use_pmap
= TRUE
;
9650 RETURN(KERN_INVALID_ADDRESS
);
9653 src_entry
= tmp_entry
;
9654 vm_map_clip_start(src_map
, src_entry
, src_start
);
9656 if ((((src_entry
->protection
& VM_PROT_READ
) == VM_PROT_NONE
) &&
9658 ((src_entry
->max_protection
& VM_PROT_READ
) == 0))
9659 goto VerificationFailed
;
9661 if (src_entry
->vme_end
< new_entry
->vme_end
) {
9662 assert(VM_MAP_PAGE_ALIGNED(src_entry
->vme_end
,
9663 VM_MAP_COPY_PAGE_MASK(copy
)));
9664 new_entry
->vme_end
= src_entry
->vme_end
;
9665 src_size
= new_entry
->vme_end
- src_start
;
9668 if ((VME_OBJECT(src_entry
) != src_object
) ||
9669 (VME_OFFSET(src_entry
) != src_offset
) ) {
9672 * Verification failed.
9674 * Start over with this top-level entry.
9677 VerificationFailed
: ;
9679 vm_object_deallocate(VME_OBJECT(new_entry
));
9680 tmp_entry
= src_entry
;
9685 * Verification succeeded.
9688 VerificationSuccessful
: ;
9690 if (result
== KERN_MEMORY_RESTART_COPY
)
9700 * Link in the new copy entry.
9703 vm_map_copy_entry_link(copy
, vm_map_copy_last_entry(copy
),
9707 * Determine whether the entire region
9710 src_base
= src_start
;
9711 src_start
= new_entry
->vme_end
;
9712 new_entry
= VM_MAP_ENTRY_NULL
;
9713 while ((src_start
>= src_end
) && (src_end
!= 0)) {
9716 if (src_map
== base_map
) {
9717 /* back to the top */
9722 assert(ptr
!= NULL
);
9723 parent_maps
= parent_maps
->next
;
9725 /* fix up the damage we did in that submap */
9726 vm_map_simplify_range(src_map
,
9730 vm_map_unlock(src_map
);
9731 vm_map_deallocate(src_map
);
9732 vm_map_lock(ptr
->parent_map
);
9733 src_map
= ptr
->parent_map
;
9734 src_base
= ptr
->base_start
;
9735 src_start
= ptr
->base_start
+ ptr
->base_len
;
9736 src_end
= ptr
->base_end
;
9737 if (!vm_map_lookup_entry(src_map
,
9740 (src_end
> src_start
)) {
9741 RETURN(KERN_INVALID_ADDRESS
);
9743 kfree(ptr
, sizeof(submap_map_t
));
9744 if (parent_maps
== NULL
)
9746 src_entry
= tmp_entry
->vme_prev
;
9749 if ((VM_MAP_PAGE_SHIFT(src_map
) != PAGE_SHIFT
) &&
9750 (src_start
>= src_addr
+ len
) &&
9751 (src_addr
+ len
!= 0)) {
9753 * Stop copying now, even though we haven't reached
9754 * "src_end". We'll adjust the end of the last copy
9755 * entry at the end, if needed.
9757 * If src_map's aligment is different from the
9758 * system's page-alignment, there could be
9759 * extra non-map-aligned map entries between
9760 * the original (non-rounded) "src_addr + len"
9761 * and the rounded "src_end".
9762 * We do not want to copy those map entries since
9763 * they're not part of the copied range.
9768 if ((src_start
>= src_end
) && (src_end
!= 0))
9772 * Verify that there are no gaps in the region
9775 tmp_entry
= src_entry
->vme_next
;
9776 if ((tmp_entry
->vme_start
!= src_start
) ||
9777 (tmp_entry
== vm_map_to_entry(src_map
))) {
9778 RETURN(KERN_INVALID_ADDRESS
);
9783 * If the source should be destroyed, do it now, since the
9784 * copy was successful.
9787 (void) vm_map_delete(
9789 vm_map_trunc_page(src_addr
,
9790 VM_MAP_PAGE_MASK(src_map
)),
9792 ((src_map
== kernel_map
) ?
9793 VM_MAP_REMOVE_KUNWIRE
:
9797 /* fix up the damage we did in the base map */
9798 vm_map_simplify_range(
9800 vm_map_trunc_page(src_addr
,
9801 VM_MAP_PAGE_MASK(src_map
)),
9802 vm_map_round_page(src_end
,
9803 VM_MAP_PAGE_MASK(src_map
)));
9806 vm_map_unlock(src_map
);
9808 if (VM_MAP_PAGE_SHIFT(src_map
) != PAGE_SHIFT
) {
9809 vm_map_offset_t original_start
, original_offset
, original_end
;
9811 assert(VM_MAP_COPY_PAGE_MASK(copy
) == PAGE_MASK
);
9813 /* adjust alignment of first copy_entry's "vme_start" */
9814 tmp_entry
= vm_map_copy_first_entry(copy
);
9815 if (tmp_entry
!= vm_map_copy_to_entry(copy
)) {
9816 vm_map_offset_t adjustment
;
9818 original_start
= tmp_entry
->vme_start
;
9819 original_offset
= VME_OFFSET(tmp_entry
);
9821 /* map-align the start of the first copy entry... */
9822 adjustment
= (tmp_entry
->vme_start
-
9824 tmp_entry
->vme_start
,
9825 VM_MAP_PAGE_MASK(src_map
)));
9826 tmp_entry
->vme_start
-= adjustment
;
9827 VME_OFFSET_SET(tmp_entry
,
9828 VME_OFFSET(tmp_entry
) - adjustment
);
9829 copy_addr
-= adjustment
;
9830 assert(tmp_entry
->vme_start
< tmp_entry
->vme_end
);
9831 /* ... adjust for mis-aligned start of copy range */
9833 (vm_map_trunc_page(copy
->offset
,
9835 vm_map_trunc_page(copy
->offset
,
9836 VM_MAP_PAGE_MASK(src_map
)));
9838 assert(page_aligned(adjustment
));
9839 assert(adjustment
< VM_MAP_PAGE_SIZE(src_map
));
9840 tmp_entry
->vme_start
+= adjustment
;
9841 VME_OFFSET_SET(tmp_entry
,
9842 (VME_OFFSET(tmp_entry
) +
9844 copy_addr
+= adjustment
;
9845 assert(tmp_entry
->vme_start
< tmp_entry
->vme_end
);
9849 * Assert that the adjustments haven't exposed
9850 * more than was originally copied...
9852 assert(tmp_entry
->vme_start
>= original_start
);
9853 assert(VME_OFFSET(tmp_entry
) >= original_offset
);
9855 * ... and that it did not adjust outside of a
9856 * a single 16K page.
9858 assert(vm_map_trunc_page(tmp_entry
->vme_start
,
9859 VM_MAP_PAGE_MASK(src_map
)) ==
9860 vm_map_trunc_page(original_start
,
9861 VM_MAP_PAGE_MASK(src_map
)));
9864 /* adjust alignment of last copy_entry's "vme_end" */
9865 tmp_entry
= vm_map_copy_last_entry(copy
);
9866 if (tmp_entry
!= vm_map_copy_to_entry(copy
)) {
9867 vm_map_offset_t adjustment
;
9869 original_end
= tmp_entry
->vme_end
;
9871 /* map-align the end of the last copy entry... */
9872 tmp_entry
->vme_end
=
9873 vm_map_round_page(tmp_entry
->vme_end
,
9874 VM_MAP_PAGE_MASK(src_map
));
9875 /* ... adjust for mis-aligned end of copy range */
9877 (vm_map_round_page((copy
->offset
+
9879 VM_MAP_PAGE_MASK(src_map
)) -
9880 vm_map_round_page((copy
->offset
+
9884 assert(page_aligned(adjustment
));
9885 assert(adjustment
< VM_MAP_PAGE_SIZE(src_map
));
9886 tmp_entry
->vme_end
-= adjustment
;
9887 assert(tmp_entry
->vme_start
< tmp_entry
->vme_end
);
9891 * Assert that the adjustments haven't exposed
9892 * more than was originally copied...
9894 assert(tmp_entry
->vme_end
<= original_end
);
9896 * ... and that it did not adjust outside of a
9897 * a single 16K page.
9899 assert(vm_map_round_page(tmp_entry
->vme_end
,
9900 VM_MAP_PAGE_MASK(src_map
)) ==
9901 vm_map_round_page(original_end
,
9902 VM_MAP_PAGE_MASK(src_map
)));
9906 /* Fix-up start and end points in copy. This is necessary */
9907 /* when the various entries in the copy object were picked */
9908 /* up from different sub-maps */
9910 tmp_entry
= vm_map_copy_first_entry(copy
);
9911 copy_size
= 0; /* compute actual size */
9912 while (tmp_entry
!= vm_map_copy_to_entry(copy
)) {
9913 assert(VM_MAP_PAGE_ALIGNED(
9914 copy_addr
+ (tmp_entry
->vme_end
-
9915 tmp_entry
->vme_start
),
9916 VM_MAP_COPY_PAGE_MASK(copy
)));
9917 assert(VM_MAP_PAGE_ALIGNED(
9919 VM_MAP_COPY_PAGE_MASK(copy
)));
9922 * The copy_entries will be injected directly into the
9923 * destination map and might not be "map aligned" there...
9925 tmp_entry
->map_aligned
= FALSE
;
9927 tmp_entry
->vme_end
= copy_addr
+
9928 (tmp_entry
->vme_end
- tmp_entry
->vme_start
);
9929 tmp_entry
->vme_start
= copy_addr
;
9930 assert(tmp_entry
->vme_start
< tmp_entry
->vme_end
);
9931 copy_addr
+= tmp_entry
->vme_end
- tmp_entry
->vme_start
;
9932 copy_size
+= tmp_entry
->vme_end
- tmp_entry
->vme_start
;
9933 tmp_entry
= (struct vm_map_entry
*)tmp_entry
->vme_next
;
9936 if (VM_MAP_PAGE_SHIFT(src_map
) != PAGE_SHIFT
&&
9937 copy_size
< copy
->size
) {
9939 * The actual size of the VM map copy is smaller than what
9940 * was requested by the caller. This must be because some
9941 * PAGE_SIZE-sized pages are missing at the end of the last
9942 * VM_MAP_PAGE_SIZE(src_map)-sized chunk of the range.
9943 * The caller might not have been aware of those missing
9944 * pages and might not want to be aware of it, which is
9945 * fine as long as they don't try to access (and crash on)
9946 * those missing pages.
9947 * Let's adjust the size of the "copy", to avoid failing
9948 * in vm_map_copyout() or vm_map_copy_overwrite().
9950 assert(vm_map_round_page(copy_size
,
9951 VM_MAP_PAGE_MASK(src_map
)) ==
9952 vm_map_round_page(copy
->size
,
9953 VM_MAP_PAGE_MASK(src_map
)));
9954 copy
->size
= copy_size
;
9957 *copy_result
= copy
;
9958 return(KERN_SUCCESS
);
9964 vm_map_copy_extract(
9966 vm_map_address_t src_addr
,
9968 vm_map_copy_t
*copy_result
, /* OUT */
9969 vm_prot_t
*cur_prot
, /* OUT */
9970 vm_prot_t
*max_prot
)
9972 vm_map_offset_t src_start
, src_end
;
9977 * Check for copies of zero bytes.
9981 *copy_result
= VM_MAP_COPY_NULL
;
9982 return(KERN_SUCCESS
);
9986 * Check that the end address doesn't overflow
9988 src_end
= src_addr
+ len
;
9989 if (src_end
< src_addr
)
9990 return KERN_INVALID_ADDRESS
;
9993 * Compute (page aligned) start and end of region
9995 src_start
= vm_map_trunc_page(src_addr
, PAGE_MASK
);
9996 src_end
= vm_map_round_page(src_end
, PAGE_MASK
);
9999 * Allocate a header element for the list.
10001 * Use the start and end in the header to
10002 * remember the endpoints prior to rounding.
10005 copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
10006 copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
10007 vm_map_copy_first_entry(copy
) =
10008 vm_map_copy_last_entry(copy
) = vm_map_copy_to_entry(copy
);
10009 copy
->type
= VM_MAP_COPY_ENTRY_LIST
;
10010 copy
->cpy_hdr
.nentries
= 0;
10011 copy
->cpy_hdr
.entries_pageable
= TRUE
;
10013 vm_map_store_init(©
->cpy_hdr
);
10018 kr
= vm_map_remap_extract(src_map
,
10026 TRUE
); /* pageable */
10027 if (kr
!= KERN_SUCCESS
) {
10028 vm_map_copy_discard(copy
);
10032 *copy_result
= copy
;
10033 return KERN_SUCCESS
;
10037 * vm_map_copyin_object:
10039 * Create a copy object from an object.
10040 * Our caller donates an object reference.
10044 vm_map_copyin_object(
10045 vm_object_t object
,
10046 vm_object_offset_t offset
, /* offset of region in object */
10047 vm_object_size_t size
, /* size of region in object */
10048 vm_map_copy_t
*copy_result
) /* OUT */
10050 vm_map_copy_t copy
; /* Resulting copy */
10053 * We drop the object into a special copy object
10054 * that contains the object directly.
10057 copy
= (vm_map_copy_t
) zalloc(vm_map_copy_zone
);
10058 copy
->c_u
.hdr
.rb_head_store
.rbh_root
= (void*)(int)SKIP_RB_TREE
;
10059 copy
->type
= VM_MAP_COPY_OBJECT
;
10060 copy
->cpy_object
= object
;
10061 copy
->offset
= offset
;
10064 *copy_result
= copy
;
10065 return(KERN_SUCCESS
);
10071 vm_map_entry_t old_entry
,
10074 vm_object_t object
;
10075 vm_map_entry_t new_entry
;
10078 * New sharing code. New map entry
10079 * references original object. Internal
10080 * objects use asynchronous copy algorithm for
10081 * future copies. First make sure we have
10082 * the right object. If we need a shadow,
10083 * or someone else already has one, then
10084 * make a new shadow and share it.
10087 object
= VME_OBJECT(old_entry
);
10088 if (old_entry
->is_sub_map
) {
10089 assert(old_entry
->wired_count
== 0);
10090 #ifndef NO_NESTED_PMAP
10091 if(old_entry
->use_pmap
) {
10092 kern_return_t result
;
10094 result
= pmap_nest(new_map
->pmap
,
10095 (VME_SUBMAP(old_entry
))->pmap
,
10096 (addr64_t
)old_entry
->vme_start
,
10097 (addr64_t
)old_entry
->vme_start
,
10098 (uint64_t)(old_entry
->vme_end
- old_entry
->vme_start
));
10100 panic("vm_map_fork_share: pmap_nest failed!");
10102 #endif /* NO_NESTED_PMAP */
10103 } else if (object
== VM_OBJECT_NULL
) {
10104 object
= vm_object_allocate((vm_map_size_t
)(old_entry
->vme_end
-
10105 old_entry
->vme_start
));
10106 VME_OFFSET_SET(old_entry
, 0);
10107 VME_OBJECT_SET(old_entry
, object
);
10108 old_entry
->use_pmap
= TRUE
;
10109 assert(!old_entry
->needs_copy
);
10110 } else if (object
->copy_strategy
!=
10111 MEMORY_OBJECT_COPY_SYMMETRIC
) {
10114 * We are already using an asymmetric
10115 * copy, and therefore we already have
10116 * the right object.
10119 assert(! old_entry
->needs_copy
);
10121 else if (old_entry
->needs_copy
|| /* case 1 */
10122 object
->shadowed
|| /* case 2 */
10123 (!object
->true_share
&& /* case 3 */
10124 !old_entry
->is_shared
&&
10126 (vm_map_size_t
)(old_entry
->vme_end
-
10127 old_entry
->vme_start
)))) {
10130 * We need to create a shadow.
10131 * There are three cases here.
10132 * In the first case, we need to
10133 * complete a deferred symmetrical
10134 * copy that we participated in.
10135 * In the second and third cases,
10136 * we need to create the shadow so
10137 * that changes that we make to the
10138 * object do not interfere with
10139 * any symmetrical copies which
10140 * have occured (case 2) or which
10141 * might occur (case 3).
10143 * The first case is when we had
10144 * deferred shadow object creation
10145 * via the entry->needs_copy mechanism.
10146 * This mechanism only works when
10147 * only one entry points to the source
10148 * object, and we are about to create
10149 * a second entry pointing to the
10150 * same object. The problem is that
10151 * there is no way of mapping from
10152 * an object to the entries pointing
10153 * to it. (Deferred shadow creation
10154 * works with one entry because occurs
10155 * at fault time, and we walk from the
10156 * entry to the object when handling
10159 * The second case is when the object
10160 * to be shared has already been copied
10161 * with a symmetric copy, but we point
10162 * directly to the object without
10163 * needs_copy set in our entry. (This
10164 * can happen because different ranges
10165 * of an object can be pointed to by
10166 * different entries. In particular,
10167 * a single entry pointing to an object
10168 * can be split by a call to vm_inherit,
10169 * which, combined with task_create, can
10170 * result in the different entries
10171 * having different needs_copy values.)
10172 * The shadowed flag in the object allows
10173 * us to detect this case. The problem
10174 * with this case is that if this object
10175 * has or will have shadows, then we
10176 * must not perform an asymmetric copy
10177 * of this object, since such a copy
10178 * allows the object to be changed, which
10179 * will break the previous symmetrical
10180 * copies (which rely upon the object
10181 * not changing). In a sense, the shadowed
10182 * flag says "don't change this object".
10183 * We fix this by creating a shadow
10184 * object for this object, and sharing
10185 * that. This works because we are free
10186 * to change the shadow object (and thus
10187 * to use an asymmetric copy strategy);
10188 * this is also semantically correct,
10189 * since this object is temporary, and
10190 * therefore a copy of the object is
10191 * as good as the object itself. (This
10192 * is not true for permanent objects,
10193 * since the pager needs to see changes,
10194 * which won't happen if the changes
10195 * are made to a copy.)
10197 * The third case is when the object
10198 * to be shared has parts sticking
10199 * outside of the entry we're working
10200 * with, and thus may in the future
10201 * be subject to a symmetrical copy.
10202 * (This is a preemptive version of
10205 VME_OBJECT_SHADOW(old_entry
,
10206 (vm_map_size_t
) (old_entry
->vme_end
-
10207 old_entry
->vme_start
));
10210 * If we're making a shadow for other than
10211 * copy on write reasons, then we have
10212 * to remove write permission.
10215 if (!old_entry
->needs_copy
&&
10216 (old_entry
->protection
& VM_PROT_WRITE
)) {
10219 prot
= old_entry
->protection
& ~VM_PROT_WRITE
;
10221 if (override_nx(old_map
, VME_ALIAS(old_entry
)) && prot
)
10222 prot
|= VM_PROT_EXECUTE
;
10224 if (old_map
->mapped_in_other_pmaps
) {
10225 vm_object_pmap_protect(
10226 VME_OBJECT(old_entry
),
10227 VME_OFFSET(old_entry
),
10228 (old_entry
->vme_end
-
10229 old_entry
->vme_start
),
10231 old_entry
->vme_start
,
10234 pmap_protect(old_map
->pmap
,
10235 old_entry
->vme_start
,
10236 old_entry
->vme_end
,
10241 old_entry
->needs_copy
= FALSE
;
10242 object
= VME_OBJECT(old_entry
);
10247 * If object was using a symmetric copy strategy,
10248 * change its copy strategy to the default
10249 * asymmetric copy strategy, which is copy_delay
10250 * in the non-norma case and copy_call in the
10251 * norma case. Bump the reference count for the
10255 if(old_entry
->is_sub_map
) {
10256 vm_map_lock(VME_SUBMAP(old_entry
));
10257 vm_map_reference(VME_SUBMAP(old_entry
));
10258 vm_map_unlock(VME_SUBMAP(old_entry
));
10260 vm_object_lock(object
);
10261 vm_object_reference_locked(object
);
10262 if (object
->copy_strategy
== MEMORY_OBJECT_COPY_SYMMETRIC
) {
10263 object
->copy_strategy
= MEMORY_OBJECT_COPY_DELAY
;
10265 vm_object_unlock(object
);
10269 * Clone the entry, using object ref from above.
10270 * Mark both entries as shared.
10273 new_entry
= vm_map_entry_create(new_map
, FALSE
); /* Never the kernel
10274 * map or descendants */
10275 vm_map_entry_copy(new_entry
, old_entry
);
10276 old_entry
->is_shared
= TRUE
;
10277 new_entry
->is_shared
= TRUE
;
10280 * Insert the entry into the new map -- we
10281 * know we're inserting at the end of the new
10285 vm_map_store_entry_link(new_map
, vm_map_last_entry(new_map
), new_entry
);
10288 * Update the physical map
10291 if (old_entry
->is_sub_map
) {
10292 /* Bill Angell pmap support goes here */
10294 pmap_copy(new_map
->pmap
, old_map
->pmap
, new_entry
->vme_start
,
10295 old_entry
->vme_end
- old_entry
->vme_start
,
10296 old_entry
->vme_start
);
10303 vm_map_entry_t
*old_entry_p
,
10306 vm_map_entry_t old_entry
= *old_entry_p
;
10307 vm_map_size_t entry_size
= old_entry
->vme_end
- old_entry
->vme_start
;
10308 vm_map_offset_t start
= old_entry
->vme_start
;
10309 vm_map_copy_t copy
;
10310 vm_map_entry_t last
= vm_map_last_entry(new_map
);
10312 vm_map_unlock(old_map
);
10314 * Use maxprot version of copyin because we
10315 * care about whether this memory can ever
10316 * be accessed, not just whether it's accessible
10319 if (vm_map_copyin_maxprot(old_map
, start
, entry_size
, FALSE
, ©
)
10322 * The map might have changed while it
10323 * was unlocked, check it again. Skip
10324 * any blank space or permanently
10325 * unreadable region.
10327 vm_map_lock(old_map
);
10328 if (!vm_map_lookup_entry(old_map
, start
, &last
) ||
10329 (last
->max_protection
& VM_PROT_READ
) == VM_PROT_NONE
) {
10330 last
= last
->vme_next
;
10332 *old_entry_p
= last
;
10335 * XXX For some error returns, want to
10336 * XXX skip to the next element. Note
10337 * that INVALID_ADDRESS and
10338 * PROTECTION_FAILURE are handled above.
10345 * Insert the copy into the new map
10348 vm_map_copy_insert(new_map
, last
, copy
);
10351 * Pick up the traversal at the end of
10352 * the copied region.
10355 vm_map_lock(old_map
);
10356 start
+= entry_size
;
10357 if (! vm_map_lookup_entry(old_map
, start
, &last
)) {
10358 last
= last
->vme_next
;
10360 if (last
->vme_start
== start
) {
10362 * No need to clip here and we don't
10363 * want to cause any unnecessary
10367 vm_map_clip_start(old_map
, last
, start
);
10370 *old_entry_p
= last
;
10378 * Create and return a new map based on the old
10379 * map, according to the inheritance values on the
10380 * regions in that map.
10382 * The source map must not be locked.
10391 vm_map_entry_t old_entry
;
10392 vm_map_size_t new_size
= 0, entry_size
;
10393 vm_map_entry_t new_entry
;
10394 boolean_t src_needs_copy
;
10395 boolean_t new_entry_needs_copy
;
10396 boolean_t pmap_is64bit
;
10399 #if defined(__i386__) || defined(__x86_64__)
10400 old_map
->pmap
->pm_task_map
!= TASK_MAP_32BIT
;
10402 #error Unknown architecture.
10405 new_pmap
= pmap_create(ledger
, (vm_map_size_t
) 0, pmap_is64bit
);
10407 vm_map_reference_swap(old_map
);
10408 vm_map_lock(old_map
);
10410 new_map
= vm_map_create(new_pmap
,
10411 old_map
->min_offset
,
10412 old_map
->max_offset
,
10413 old_map
->hdr
.entries_pageable
);
10414 /* inherit the parent map's page size */
10415 vm_map_set_page_shift(new_map
, VM_MAP_PAGE_SHIFT(old_map
));
10417 old_entry
= vm_map_first_entry(old_map
);
10418 old_entry
!= vm_map_to_entry(old_map
);
10421 entry_size
= old_entry
->vme_end
- old_entry
->vme_start
;
10423 switch (old_entry
->inheritance
) {
10424 case VM_INHERIT_NONE
:
10427 case VM_INHERIT_SHARE
:
10428 vm_map_fork_share(old_map
, old_entry
, new_map
);
10429 new_size
+= entry_size
;
10432 case VM_INHERIT_COPY
:
10435 * Inline the copy_quickly case;
10436 * upon failure, fall back on call
10437 * to vm_map_fork_copy.
10440 if(old_entry
->is_sub_map
)
10442 if ((old_entry
->wired_count
!= 0) ||
10443 ((VME_OBJECT(old_entry
) != NULL
) &&
10444 (VME_OBJECT(old_entry
)->true_share
))) {
10445 goto slow_vm_map_fork_copy
;
10448 new_entry
= vm_map_entry_create(new_map
, FALSE
); /* never the kernel map or descendants */
10449 vm_map_entry_copy(new_entry
, old_entry
);
10450 if (new_entry
->is_sub_map
) {
10451 /* clear address space specifics */
10452 new_entry
->use_pmap
= FALSE
;
10455 if (! vm_object_copy_quickly(
10456 &VME_OBJECT(new_entry
),
10457 VME_OFFSET(old_entry
),
10458 (old_entry
->vme_end
-
10459 old_entry
->vme_start
),
10461 &new_entry_needs_copy
)) {
10462 vm_map_entry_dispose(new_map
, new_entry
);
10463 goto slow_vm_map_fork_copy
;
10467 * Handle copy-on-write obligations
10470 if (src_needs_copy
&& !old_entry
->needs_copy
) {
10473 prot
= old_entry
->protection
& ~VM_PROT_WRITE
;
10475 if (override_nx(old_map
, VME_ALIAS(old_entry
))
10477 prot
|= VM_PROT_EXECUTE
;
10479 vm_object_pmap_protect(
10480 VME_OBJECT(old_entry
),
10481 VME_OFFSET(old_entry
),
10482 (old_entry
->vme_end
-
10483 old_entry
->vme_start
),
10484 ((old_entry
->is_shared
10485 || old_map
->mapped_in_other_pmaps
)
10488 old_entry
->vme_start
,
10491 assert(old_entry
->wired_count
== 0);
10492 old_entry
->needs_copy
= TRUE
;
10494 new_entry
->needs_copy
= new_entry_needs_copy
;
10497 * Insert the entry at the end
10501 vm_map_store_entry_link(new_map
, vm_map_last_entry(new_map
),
10503 new_size
+= entry_size
;
10506 slow_vm_map_fork_copy
:
10507 if (vm_map_fork_copy(old_map
, &old_entry
, new_map
)) {
10508 new_size
+= entry_size
;
10512 old_entry
= old_entry
->vme_next
;
10516 new_map
->size
= new_size
;
10517 vm_map_unlock(old_map
);
10518 vm_map_deallocate(old_map
);
10526 * Setup the "new_map" with the proper execution environment according
10527 * to the type of executable (platform, 64bit, chroot environment).
10528 * Map the comm page and shared region, etc...
10537 SHARED_REGION_TRACE_DEBUG(
10538 ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): ->\n",
10539 (void *)VM_KERNEL_ADDRPERM(current_task()),
10540 (void *)VM_KERNEL_ADDRPERM(new_map
),
10541 (void *)VM_KERNEL_ADDRPERM(task
),
10542 (void *)VM_KERNEL_ADDRPERM(fsroot
),
10544 (void) vm_commpage_enter(new_map
, task
);
10545 (void) vm_shared_region_enter(new_map
, task
, fsroot
, cpu
);
10546 SHARED_REGION_TRACE_DEBUG(
10547 ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): <-\n",
10548 (void *)VM_KERNEL_ADDRPERM(current_task()),
10549 (void *)VM_KERNEL_ADDRPERM(new_map
),
10550 (void *)VM_KERNEL_ADDRPERM(task
),
10551 (void *)VM_KERNEL_ADDRPERM(fsroot
),
10553 return KERN_SUCCESS
;
10557 * vm_map_lookup_locked:
10559 * Finds the VM object, offset, and
10560 * protection for a given virtual address in the
10561 * specified map, assuming a page fault of the
10564 * Returns the (object, offset, protection) for
10565 * this address, whether it is wired down, and whether
10566 * this map has the only reference to the data in question.
10567 * In order to later verify this lookup, a "version"
10570 * The map MUST be locked by the caller and WILL be
10571 * locked on exit. In order to guarantee the
10572 * existence of the returned object, it is returned
10575 * If a lookup is requested with "write protection"
10576 * specified, the map may be changed to perform virtual
10577 * copying operations, although the data referenced will
10581 vm_map_lookup_locked(
10582 vm_map_t
*var_map
, /* IN/OUT */
10583 vm_map_offset_t vaddr
,
10584 vm_prot_t fault_type
,
10585 int object_lock_type
,
10586 vm_map_version_t
*out_version
, /* OUT */
10587 vm_object_t
*object
, /* OUT */
10588 vm_object_offset_t
*offset
, /* OUT */
10589 vm_prot_t
*out_prot
, /* OUT */
10590 boolean_t
*wired
, /* OUT */
10591 vm_object_fault_info_t fault_info
, /* OUT */
10592 vm_map_t
*real_map
)
10594 vm_map_entry_t entry
;
10595 register vm_map_t map
= *var_map
;
10596 vm_map_t old_map
= *var_map
;
10597 vm_map_t cow_sub_map_parent
= VM_MAP_NULL
;
10598 vm_map_offset_t cow_parent_vaddr
= 0;
10599 vm_map_offset_t old_start
= 0;
10600 vm_map_offset_t old_end
= 0;
10601 register vm_prot_t prot
;
10602 boolean_t mask_protections
;
10603 boolean_t force_copy
;
10604 vm_prot_t original_fault_type
;
10607 * VM_PROT_MASK means that the caller wants us to use "fault_type"
10608 * as a mask against the mapping's actual protections, not as an
10611 mask_protections
= (fault_type
& VM_PROT_IS_MASK
) ? TRUE
: FALSE
;
10612 force_copy
= (fault_type
& VM_PROT_COPY
) ? TRUE
: FALSE
;
10613 fault_type
&= VM_PROT_ALL
;
10614 original_fault_type
= fault_type
;
10619 fault_type
= original_fault_type
;
10622 * If the map has an interesting hint, try it before calling
10623 * full blown lookup routine.
10627 if ((entry
== vm_map_to_entry(map
)) ||
10628 (vaddr
< entry
->vme_start
) || (vaddr
>= entry
->vme_end
)) {
10629 vm_map_entry_t tmp_entry
;
10632 * Entry was either not a valid hint, or the vaddr
10633 * was not contained in the entry, so do a full lookup.
10635 if (!vm_map_lookup_entry(map
, vaddr
, &tmp_entry
)) {
10636 if((cow_sub_map_parent
) && (cow_sub_map_parent
!= map
))
10637 vm_map_unlock(cow_sub_map_parent
);
10638 if((*real_map
!= map
)
10639 && (*real_map
!= cow_sub_map_parent
))
10640 vm_map_unlock(*real_map
);
10641 return KERN_INVALID_ADDRESS
;
10646 if(map
== old_map
) {
10647 old_start
= entry
->vme_start
;
10648 old_end
= entry
->vme_end
;
10652 * Handle submaps. Drop lock on upper map, submap is
10657 if (entry
->is_sub_map
) {
10658 vm_map_offset_t local_vaddr
;
10659 vm_map_offset_t end_delta
;
10660 vm_map_offset_t start_delta
;
10661 vm_map_entry_t submap_entry
;
10662 boolean_t mapped_needs_copy
=FALSE
;
10664 local_vaddr
= vaddr
;
10666 if ((entry
->use_pmap
&& !(fault_type
& VM_PROT_WRITE
))) {
10667 /* if real_map equals map we unlock below */
10668 if ((*real_map
!= map
) &&
10669 (*real_map
!= cow_sub_map_parent
))
10670 vm_map_unlock(*real_map
);
10671 *real_map
= VME_SUBMAP(entry
);
10674 if(entry
->needs_copy
&& (fault_type
& VM_PROT_WRITE
)) {
10675 if (!mapped_needs_copy
) {
10676 if (vm_map_lock_read_to_write(map
)) {
10677 vm_map_lock_read(map
);
10681 vm_map_lock_read(VME_SUBMAP(entry
));
10682 *var_map
= VME_SUBMAP(entry
);
10683 cow_sub_map_parent
= map
;
10684 /* reset base to map before cow object */
10685 /* this is the map which will accept */
10686 /* the new cow object */
10687 old_start
= entry
->vme_start
;
10688 old_end
= entry
->vme_end
;
10689 cow_parent_vaddr
= vaddr
;
10690 mapped_needs_copy
= TRUE
;
10692 vm_map_lock_read(VME_SUBMAP(entry
));
10693 *var_map
= VME_SUBMAP(entry
);
10694 if((cow_sub_map_parent
!= map
) &&
10695 (*real_map
!= map
))
10696 vm_map_unlock(map
);
10699 vm_map_lock_read(VME_SUBMAP(entry
));
10700 *var_map
= VME_SUBMAP(entry
);
10701 /* leave map locked if it is a target */
10702 /* cow sub_map above otherwise, just */
10703 /* follow the maps down to the object */
10704 /* here we unlock knowing we are not */
10705 /* revisiting the map. */
10706 if((*real_map
!= map
) && (map
!= cow_sub_map_parent
))
10707 vm_map_unlock_read(map
);
10712 /* calculate the offset in the submap for vaddr */
10713 local_vaddr
= (local_vaddr
- entry
->vme_start
) + VME_OFFSET(entry
);
10716 if(!vm_map_lookup_entry(map
, local_vaddr
, &submap_entry
)) {
10717 if((cow_sub_map_parent
) && (cow_sub_map_parent
!= map
)){
10718 vm_map_unlock(cow_sub_map_parent
);
10720 if((*real_map
!= map
)
10721 && (*real_map
!= cow_sub_map_parent
)) {
10722 vm_map_unlock(*real_map
);
10725 return KERN_INVALID_ADDRESS
;
10728 /* find the attenuated shadow of the underlying object */
10729 /* on our target map */
10731 /* in english the submap object may extend beyond the */
10732 /* region mapped by the entry or, may only fill a portion */
10733 /* of it. For our purposes, we only care if the object */
10734 /* doesn't fill. In this case the area which will */
10735 /* ultimately be clipped in the top map will only need */
10736 /* to be as big as the portion of the underlying entry */
10737 /* which is mapped */
10738 start_delta
= submap_entry
->vme_start
> VME_OFFSET(entry
) ?
10739 submap_entry
->vme_start
- VME_OFFSET(entry
) : 0;
10742 (VME_OFFSET(entry
) + start_delta
+ (old_end
- old_start
)) <=
10743 submap_entry
->vme_end
?
10744 0 : (VME_OFFSET(entry
) +
10745 (old_end
- old_start
))
10746 - submap_entry
->vme_end
;
10748 old_start
+= start_delta
;
10749 old_end
-= end_delta
;
10751 if(submap_entry
->is_sub_map
) {
10752 entry
= submap_entry
;
10753 vaddr
= local_vaddr
;
10754 goto submap_recurse
;
10757 if(((fault_type
& VM_PROT_WRITE
) && cow_sub_map_parent
)) {
10759 vm_object_t sub_object
, copy_object
;
10760 vm_object_offset_t copy_offset
;
10761 vm_map_offset_t local_start
;
10762 vm_map_offset_t local_end
;
10763 boolean_t copied_slowly
= FALSE
;
10765 if (vm_map_lock_read_to_write(map
)) {
10766 vm_map_lock_read(map
);
10767 old_start
-= start_delta
;
10768 old_end
+= end_delta
;
10773 sub_object
= VME_OBJECT(submap_entry
);
10774 if (sub_object
== VM_OBJECT_NULL
) {
10776 vm_object_allocate(
10778 (submap_entry
->vme_end
-
10779 submap_entry
->vme_start
));
10780 VME_OBJECT_SET(submap_entry
, sub_object
);
10781 VME_OFFSET_SET(submap_entry
, 0);
10783 local_start
= local_vaddr
-
10784 (cow_parent_vaddr
- old_start
);
10785 local_end
= local_vaddr
+
10786 (old_end
- cow_parent_vaddr
);
10787 vm_map_clip_start(map
, submap_entry
, local_start
);
10788 vm_map_clip_end(map
, submap_entry
, local_end
);
10789 if (submap_entry
->is_sub_map
) {
10790 /* unnesting was done when clipping */
10791 assert(!submap_entry
->use_pmap
);
10794 /* This is the COW case, lets connect */
10795 /* an entry in our space to the underlying */
10796 /* object in the submap, bypassing the */
10800 if(submap_entry
->wired_count
!= 0 ||
10801 (sub_object
->copy_strategy
==
10802 MEMORY_OBJECT_COPY_NONE
)) {
10803 vm_object_lock(sub_object
);
10804 vm_object_copy_slowly(sub_object
,
10805 VME_OFFSET(submap_entry
),
10806 (submap_entry
->vme_end
-
10807 submap_entry
->vme_start
),
10810 copied_slowly
= TRUE
;
10813 /* set up shadow object */
10814 copy_object
= sub_object
;
10815 vm_object_reference(copy_object
);
10816 sub_object
->shadowed
= TRUE
;
10817 assert(submap_entry
->wired_count
== 0);
10818 submap_entry
->needs_copy
= TRUE
;
10820 prot
= submap_entry
->protection
& ~VM_PROT_WRITE
;
10822 if (override_nx(old_map
,
10823 VME_ALIAS(submap_entry
))
10825 prot
|= VM_PROT_EXECUTE
;
10827 vm_object_pmap_protect(
10829 VME_OFFSET(submap_entry
),
10830 submap_entry
->vme_end
-
10831 submap_entry
->vme_start
,
10832 (submap_entry
->is_shared
10833 || map
->mapped_in_other_pmaps
) ?
10834 PMAP_NULL
: map
->pmap
,
10835 submap_entry
->vme_start
,
10840 * Adjust the fault offset to the submap entry.
10842 copy_offset
= (local_vaddr
-
10843 submap_entry
->vme_start
+
10844 VME_OFFSET(submap_entry
));
10846 /* This works diffently than the */
10847 /* normal submap case. We go back */
10848 /* to the parent of the cow map and*/
10849 /* clip out the target portion of */
10850 /* the sub_map, substituting the */
10851 /* new copy object, */
10853 vm_map_unlock(map
);
10854 local_start
= old_start
;
10855 local_end
= old_end
;
10856 map
= cow_sub_map_parent
;
10857 *var_map
= cow_sub_map_parent
;
10858 vaddr
= cow_parent_vaddr
;
10859 cow_sub_map_parent
= NULL
;
10861 if(!vm_map_lookup_entry(map
,
10863 vm_object_deallocate(
10865 vm_map_lock_write_to_read(map
);
10866 return KERN_INVALID_ADDRESS
;
10869 /* clip out the portion of space */
10870 /* mapped by the sub map which */
10871 /* corresponds to the underlying */
10875 * Clip (and unnest) the smallest nested chunk
10876 * possible around the faulting address...
10878 local_start
= vaddr
& ~(pmap_nesting_size_min
- 1);
10879 local_end
= local_start
+ pmap_nesting_size_min
;
10881 * ... but don't go beyond the "old_start" to "old_end"
10882 * range, to avoid spanning over another VM region
10883 * with a possibly different VM object and/or offset.
10885 if (local_start
< old_start
) {
10886 local_start
= old_start
;
10888 if (local_end
> old_end
) {
10889 local_end
= old_end
;
10892 * Adjust copy_offset to the start of the range.
10894 copy_offset
-= (vaddr
- local_start
);
10896 vm_map_clip_start(map
, entry
, local_start
);
10897 vm_map_clip_end(map
, entry
, local_end
);
10898 if (entry
->is_sub_map
) {
10899 /* unnesting was done when clipping */
10900 assert(!entry
->use_pmap
);
10903 /* substitute copy object for */
10904 /* shared map entry */
10905 vm_map_deallocate(VME_SUBMAP(entry
));
10906 assert(!entry
->iokit_acct
);
10907 entry
->is_sub_map
= FALSE
;
10908 entry
->use_pmap
= TRUE
;
10909 VME_OBJECT_SET(entry
, copy_object
);
10911 /* propagate the submap entry's protections */
10912 entry
->protection
|= submap_entry
->protection
;
10913 entry
->max_protection
|= submap_entry
->max_protection
;
10915 if(copied_slowly
) {
10916 VME_OFFSET_SET(entry
, local_start
- old_start
);
10917 entry
->needs_copy
= FALSE
;
10918 entry
->is_shared
= FALSE
;
10920 VME_OFFSET_SET(entry
, copy_offset
);
10921 assert(entry
->wired_count
== 0);
10922 entry
->needs_copy
= TRUE
;
10923 if(entry
->inheritance
== VM_INHERIT_SHARE
)
10924 entry
->inheritance
= VM_INHERIT_COPY
;
10925 if (map
!= old_map
)
10926 entry
->is_shared
= TRUE
;
10928 if(entry
->inheritance
== VM_INHERIT_SHARE
)
10929 entry
->inheritance
= VM_INHERIT_COPY
;
10931 vm_map_lock_write_to_read(map
);
10933 if((cow_sub_map_parent
)
10934 && (cow_sub_map_parent
!= *real_map
)
10935 && (cow_sub_map_parent
!= map
)) {
10936 vm_map_unlock(cow_sub_map_parent
);
10938 entry
= submap_entry
;
10939 vaddr
= local_vaddr
;
10944 * Check whether this task is allowed to have
10948 prot
= entry
->protection
;
10950 if (override_nx(old_map
, VME_ALIAS(entry
)) && prot
) {
10952 * HACK -- if not a stack, then allow execution
10954 prot
|= VM_PROT_EXECUTE
;
10957 if (mask_protections
) {
10958 fault_type
&= prot
;
10959 if (fault_type
== VM_PROT_NONE
) {
10960 goto protection_failure
;
10963 if ((fault_type
& (prot
)) != fault_type
) {
10964 protection_failure
:
10965 if (*real_map
!= map
) {
10966 vm_map_unlock(*real_map
);
10970 if ((fault_type
& VM_PROT_EXECUTE
) && prot
)
10971 log_stack_execution_failure((addr64_t
)vaddr
, prot
);
10973 DTRACE_VM2(prot_fault
, int, 1, (uint64_t *), NULL
);
10974 return KERN_PROTECTION_FAILURE
;
10978 * If this page is not pageable, we have to get
10979 * it for all possible accesses.
10982 *wired
= (entry
->wired_count
!= 0);
10987 * If the entry was copy-on-write, we either ...
10990 if (entry
->needs_copy
) {
10992 * If we want to write the page, we may as well
10993 * handle that now since we've got the map locked.
10995 * If we don't need to write the page, we just
10996 * demote the permissions allowed.
10999 if ((fault_type
& VM_PROT_WRITE
) || *wired
|| force_copy
) {
11001 * Make a new object, and place it in the
11002 * object chain. Note that no new references
11003 * have appeared -- one just moved from the
11004 * map to the new object.
11007 if (vm_map_lock_read_to_write(map
)) {
11008 vm_map_lock_read(map
);
11011 VME_OBJECT_SHADOW(entry
,
11012 (vm_map_size_t
) (entry
->vme_end
-
11013 entry
->vme_start
));
11015 VME_OBJECT(entry
)->shadowed
= TRUE
;
11016 entry
->needs_copy
= FALSE
;
11017 vm_map_lock_write_to_read(map
);
11021 * We're attempting to read a copy-on-write
11022 * page -- don't allow writes.
11025 prot
&= (~VM_PROT_WRITE
);
11030 * Create an object if necessary.
11032 if (VME_OBJECT(entry
) == VM_OBJECT_NULL
) {
11034 if (vm_map_lock_read_to_write(map
)) {
11035 vm_map_lock_read(map
);
11039 VME_OBJECT_SET(entry
,
11040 vm_object_allocate(
11041 (vm_map_size_t
)(entry
->vme_end
-
11042 entry
->vme_start
)));
11043 VME_OFFSET_SET(entry
, 0);
11044 vm_map_lock_write_to_read(map
);
11048 * Return the object/offset from this entry. If the entry
11049 * was copy-on-write or empty, it has been fixed up. Also
11050 * return the protection.
11053 *offset
= (vaddr
- entry
->vme_start
) + VME_OFFSET(entry
);
11054 *object
= VME_OBJECT(entry
);
11058 fault_info
->interruptible
= THREAD_UNINT
; /* for now... */
11059 /* ... the caller will change "interruptible" if needed */
11060 fault_info
->cluster_size
= 0;
11061 fault_info
->user_tag
= VME_ALIAS(entry
);
11062 fault_info
->pmap_options
= 0;
11063 if (entry
->iokit_acct
||
11064 (!entry
->is_sub_map
&& !entry
->use_pmap
)) {
11065 fault_info
->pmap_options
|= PMAP_OPTIONS_ALT_ACCT
;
11067 fault_info
->behavior
= entry
->behavior
;
11068 fault_info
->lo_offset
= VME_OFFSET(entry
);
11069 fault_info
->hi_offset
=
11070 (entry
->vme_end
- entry
->vme_start
) + VME_OFFSET(entry
);
11071 fault_info
->no_cache
= entry
->no_cache
;
11072 fault_info
->stealth
= FALSE
;
11073 fault_info
->io_sync
= FALSE
;
11074 if (entry
->used_for_jit
||
11075 entry
->vme_resilient_codesign
) {
11076 fault_info
->cs_bypass
= TRUE
;
11078 fault_info
->cs_bypass
= FALSE
;
11080 fault_info
->mark_zf_absent
= FALSE
;
11081 fault_info
->batch_pmap_op
= FALSE
;
11085 * Lock the object to prevent it from disappearing
11087 if (object_lock_type
== OBJECT_LOCK_EXCLUSIVE
)
11088 vm_object_lock(*object
);
11090 vm_object_lock_shared(*object
);
11093 * Save the version number
11096 out_version
->main_timestamp
= map
->timestamp
;
11098 return KERN_SUCCESS
;
11105 * Verifies that the map in question has not changed
11106 * since the given version. If successful, the map
11107 * will not change until vm_map_verify_done() is called.
11111 register vm_map_t map
,
11112 register vm_map_version_t
*version
) /* REF */
11116 vm_map_lock_read(map
);
11117 result
= (map
->timestamp
== version
->main_timestamp
);
11120 vm_map_unlock_read(map
);
11126 * vm_map_verify_done:
11128 * Releases locks acquired by a vm_map_verify.
11130 * This is now a macro in vm/vm_map.h. It does a
11131 * vm_map_unlock_read on the map.
11136 * TEMPORARYTEMPORARYTEMPORARYTEMPORARYTEMPORARYTEMPORARY
11137 * Goes away after regular vm_region_recurse function migrates to
11139 * vm_region_recurse: A form of vm_region which follows the
11140 * submaps in a target map
11145 vm_map_region_recurse_64(
11147 vm_map_offset_t
*address
, /* IN/OUT */
11148 vm_map_size_t
*size
, /* OUT */
11149 natural_t
*nesting_depth
, /* IN/OUT */
11150 vm_region_submap_info_64_t submap_info
, /* IN/OUT */
11151 mach_msg_type_number_t
*count
) /* IN/OUT */
11153 mach_msg_type_number_t original_count
;
11154 vm_region_extended_info_data_t extended
;
11155 vm_map_entry_t tmp_entry
;
11156 vm_map_offset_t user_address
;
11157 unsigned int user_max_depth
;
11160 * "curr_entry" is the VM map entry preceding or including the
11161 * address we're looking for.
11162 * "curr_map" is the map or sub-map containing "curr_entry".
11163 * "curr_address" is the equivalent of the top map's "user_address"
11164 * in the current map.
11165 * "curr_offset" is the cumulated offset of "curr_map" in the
11166 * target task's address space.
11167 * "curr_depth" is the depth of "curr_map" in the chain of
11170 * "curr_max_below" and "curr_max_above" limit the range (around
11171 * "curr_address") we should take into account in the current (sub)map.
11172 * They limit the range to what's visible through the map entries
11173 * we've traversed from the top map to the current map.
11176 vm_map_entry_t curr_entry
;
11177 vm_map_address_t curr_address
;
11178 vm_map_offset_t curr_offset
;
11180 unsigned int curr_depth
;
11181 vm_map_offset_t curr_max_below
, curr_max_above
;
11182 vm_map_offset_t curr_skip
;
11185 * "next_" is the same as "curr_" but for the VM region immediately
11186 * after the address we're looking for. We need to keep track of this
11187 * too because we want to return info about that region if the
11188 * address we're looking for is not mapped.
11190 vm_map_entry_t next_entry
;
11191 vm_map_offset_t next_offset
;
11192 vm_map_offset_t next_address
;
11194 unsigned int next_depth
;
11195 vm_map_offset_t next_max_below
, next_max_above
;
11196 vm_map_offset_t next_skip
;
11198 boolean_t look_for_pages
;
11199 vm_region_submap_short_info_64_t short_info
;
11201 if (map
== VM_MAP_NULL
) {
11202 /* no address space to work on */
11203 return KERN_INVALID_ARGUMENT
;
11207 if (*count
< VM_REGION_SUBMAP_SHORT_INFO_COUNT_64
) {
11209 * "info" structure is not big enough and
11212 return KERN_INVALID_ARGUMENT
;
11215 original_count
= *count
;
11217 if (original_count
< VM_REGION_SUBMAP_INFO_V0_COUNT_64
) {
11218 *count
= VM_REGION_SUBMAP_SHORT_INFO_COUNT_64
;
11219 look_for_pages
= FALSE
;
11220 short_info
= (vm_region_submap_short_info_64_t
) submap_info
;
11221 submap_info
= NULL
;
11223 look_for_pages
= TRUE
;
11224 *count
= VM_REGION_SUBMAP_INFO_V0_COUNT_64
;
11227 if (original_count
>= VM_REGION_SUBMAP_INFO_V1_COUNT_64
) {
11228 *count
= VM_REGION_SUBMAP_INFO_V1_COUNT_64
;
11232 user_address
= *address
;
11233 user_max_depth
= *nesting_depth
;
11236 vm_map_lock_read(map
);
11242 curr_address
= user_address
;
11246 curr_max_above
= ((vm_map_offset_t
) -1) - curr_address
;
11247 curr_max_below
= curr_address
;
11255 next_max_above
= (vm_map_offset_t
) -1;
11256 next_max_below
= (vm_map_offset_t
) -1;
11259 if (vm_map_lookup_entry(curr_map
,
11262 /* tmp_entry contains the address we're looking for */
11263 curr_entry
= tmp_entry
;
11265 vm_map_offset_t skip
;
11267 * The address is not mapped. "tmp_entry" is the
11268 * map entry preceding the address. We want the next
11269 * one, if it exists.
11271 curr_entry
= tmp_entry
->vme_next
;
11273 if (curr_entry
== vm_map_to_entry(curr_map
) ||
11274 (curr_entry
->vme_start
>=
11275 curr_address
+ curr_max_above
)) {
11276 /* no next entry at this level: stop looking */
11278 vm_map_unlock_read(curr_map
);
11285 curr_max_above
= 0;
11286 curr_max_below
= 0;
11290 /* adjust current address and offset */
11291 skip
= curr_entry
->vme_start
- curr_address
;
11292 curr_address
= curr_entry
->vme_start
;
11294 curr_offset
+= skip
;
11295 curr_max_above
-= skip
;
11296 curr_max_below
= 0;
11300 * Is the next entry at this level closer to the address (or
11301 * deeper in the submap chain) than the one we had
11304 tmp_entry
= curr_entry
->vme_next
;
11305 if (tmp_entry
== vm_map_to_entry(curr_map
)) {
11306 /* no next entry at this level */
11307 } else if (tmp_entry
->vme_start
>=
11308 curr_address
+ curr_max_above
) {
11310 * tmp_entry is beyond the scope of what we mapped of
11311 * this submap in the upper level: ignore it.
11313 } else if ((next_entry
== NULL
) ||
11314 (tmp_entry
->vme_start
+ curr_offset
<=
11315 next_entry
->vme_start
+ next_offset
)) {
11317 * We didn't have a "next_entry" or this one is
11318 * closer to the address we're looking for:
11319 * use this "tmp_entry" as the new "next_entry".
11321 if (next_entry
!= NULL
) {
11322 /* unlock the last "next_map" */
11323 if (next_map
!= curr_map
&& not_in_kdp
) {
11324 vm_map_unlock_read(next_map
);
11327 next_entry
= tmp_entry
;
11328 next_map
= curr_map
;
11329 next_depth
= curr_depth
;
11330 next_address
= next_entry
->vme_start
;
11331 next_skip
= curr_skip
;
11332 next_skip
+= (next_address
- curr_address
);
11333 next_offset
= curr_offset
;
11334 next_offset
+= (next_address
- curr_address
);
11335 next_max_above
= MIN(next_max_above
, curr_max_above
);
11336 next_max_above
= MIN(next_max_above
,
11337 next_entry
->vme_end
- next_address
);
11338 next_max_below
= MIN(next_max_below
, curr_max_below
);
11339 next_max_below
= MIN(next_max_below
,
11340 next_address
- next_entry
->vme_start
);
11344 * "curr_max_{above,below}" allow us to keep track of the
11345 * portion of the submap that is actually mapped at this level:
11346 * the rest of that submap is irrelevant to us, since it's not
11348 * The relevant portion of the map starts at
11349 * "VME_OFFSET(curr_entry)" up to the size of "curr_entry".
11351 curr_max_above
= MIN(curr_max_above
,
11352 curr_entry
->vme_end
- curr_address
);
11353 curr_max_below
= MIN(curr_max_below
,
11354 curr_address
- curr_entry
->vme_start
);
11356 if (!curr_entry
->is_sub_map
||
11357 curr_depth
>= user_max_depth
) {
11359 * We hit a leaf map or we reached the maximum depth
11360 * we could, so stop looking. Keep the current map
11367 * Get down to the next submap level.
11371 * Lock the next level and unlock the current level,
11372 * unless we need to keep it locked to access the "next_entry"
11376 vm_map_lock_read(VME_SUBMAP(curr_entry
));
11378 if (curr_map
== next_map
) {
11379 /* keep "next_map" locked in case we need it */
11381 /* release this map */
11383 vm_map_unlock_read(curr_map
);
11387 * Adjust the offset. "curr_entry" maps the submap
11388 * at relative address "curr_entry->vme_start" in the
11389 * curr_map but skips the first "VME_OFFSET(curr_entry)"
11390 * bytes of the submap.
11391 * "curr_offset" always represents the offset of a virtual
11392 * address in the curr_map relative to the absolute address
11393 * space (i.e. the top-level VM map).
11396 (VME_OFFSET(curr_entry
) - curr_entry
->vme_start
);
11397 curr_address
= user_address
+ curr_offset
;
11398 /* switch to the submap */
11399 curr_map
= VME_SUBMAP(curr_entry
);
11404 if (curr_entry
== NULL
) {
11405 /* no VM region contains the address... */
11406 if (next_entry
== NULL
) {
11407 /* ... and no VM region follows it either */
11408 return KERN_INVALID_ADDRESS
;
11410 /* ... gather info about the next VM region */
11411 curr_entry
= next_entry
;
11412 curr_map
= next_map
; /* still locked ... */
11413 curr_address
= next_address
;
11414 curr_skip
= next_skip
;
11415 curr_offset
= next_offset
;
11416 curr_depth
= next_depth
;
11417 curr_max_above
= next_max_above
;
11418 curr_max_below
= next_max_below
;
11420 /* we won't need "next_entry" after all */
11421 if (next_entry
!= NULL
) {
11422 /* release "next_map" */
11423 if (next_map
!= curr_map
&& not_in_kdp
) {
11424 vm_map_unlock_read(next_map
);
11433 next_max_below
= -1;
11434 next_max_above
= -1;
11436 if (curr_entry
->is_sub_map
&&
11437 curr_depth
< user_max_depth
) {
11439 * We're not as deep as we could be: we must have
11440 * gone back up after not finding anything mapped
11441 * below the original top-level map entry's.
11442 * Let's move "curr_address" forward and recurse again.
11444 user_address
= curr_address
;
11445 goto recurse_again
;
11448 *nesting_depth
= curr_depth
;
11449 *size
= curr_max_above
+ curr_max_below
;
11450 *address
= user_address
+ curr_skip
- curr_max_below
;
11452 // LP64todo: all the current tools are 32bit, obviously never worked for 64b
11453 // so probably should be a real 32b ID vs. ptr.
11454 // Current users just check for equality
11455 #define INFO_MAKE_OBJECT_ID(p) ((uint32_t)(uintptr_t)VM_KERNEL_ADDRPERM(p))
11457 if (look_for_pages
) {
11458 submap_info
->user_tag
= VME_ALIAS(curr_entry
);
11459 submap_info
->offset
= VME_OFFSET(curr_entry
);
11460 submap_info
->protection
= curr_entry
->protection
;
11461 submap_info
->inheritance
= curr_entry
->inheritance
;
11462 submap_info
->max_protection
= curr_entry
->max_protection
;
11463 submap_info
->behavior
= curr_entry
->behavior
;
11464 submap_info
->user_wired_count
= curr_entry
->user_wired_count
;
11465 submap_info
->is_submap
= curr_entry
->is_sub_map
;
11466 submap_info
->object_id
= INFO_MAKE_OBJECT_ID(VME_OBJECT(curr_entry
));
11468 short_info
->user_tag
= VME_ALIAS(curr_entry
);
11469 short_info
->offset
= VME_OFFSET(curr_entry
);
11470 short_info
->protection
= curr_entry
->protection
;
11471 short_info
->inheritance
= curr_entry
->inheritance
;
11472 short_info
->max_protection
= curr_entry
->max_protection
;
11473 short_info
->behavior
= curr_entry
->behavior
;
11474 short_info
->user_wired_count
= curr_entry
->user_wired_count
;
11475 short_info
->is_submap
= curr_entry
->is_sub_map
;
11476 short_info
->object_id
= INFO_MAKE_OBJECT_ID(VME_OBJECT(curr_entry
));
11479 extended
.pages_resident
= 0;
11480 extended
.pages_swapped_out
= 0;
11481 extended
.pages_shared_now_private
= 0;
11482 extended
.pages_dirtied
= 0;
11483 extended
.pages_reusable
= 0;
11484 extended
.external_pager
= 0;
11485 extended
.shadow_depth
= 0;
11486 extended
.share_mode
= SM_EMPTY
;
11487 extended
.ref_count
= 0;
11490 if (!curr_entry
->is_sub_map
) {
11491 vm_map_offset_t range_start
, range_end
;
11492 range_start
= MAX((curr_address
- curr_max_below
),
11493 curr_entry
->vme_start
);
11494 range_end
= MIN((curr_address
+ curr_max_above
),
11495 curr_entry
->vme_end
);
11496 vm_map_region_walk(curr_map
,
11499 (VME_OFFSET(curr_entry
) +
11501 curr_entry
->vme_start
)),
11502 range_end
- range_start
,
11504 look_for_pages
, VM_REGION_EXTENDED_INFO_COUNT
);
11505 if (extended
.external_pager
&&
11506 extended
.ref_count
== 2 &&
11507 extended
.share_mode
== SM_SHARED
) {
11508 extended
.share_mode
= SM_PRIVATE
;
11511 if (curr_entry
->use_pmap
) {
11512 extended
.share_mode
= SM_TRUESHARED
;
11514 extended
.share_mode
= SM_PRIVATE
;
11516 extended
.ref_count
= VME_SUBMAP(curr_entry
)->ref_count
;
11520 if (look_for_pages
) {
11521 submap_info
->pages_resident
= extended
.pages_resident
;
11522 submap_info
->pages_swapped_out
= extended
.pages_swapped_out
;
11523 submap_info
->pages_shared_now_private
=
11524 extended
.pages_shared_now_private
;
11525 submap_info
->pages_dirtied
= extended
.pages_dirtied
;
11526 submap_info
->external_pager
= extended
.external_pager
;
11527 submap_info
->shadow_depth
= extended
.shadow_depth
;
11528 submap_info
->share_mode
= extended
.share_mode
;
11529 submap_info
->ref_count
= extended
.ref_count
;
11531 if (original_count
>= VM_REGION_SUBMAP_INFO_V1_COUNT_64
) {
11532 submap_info
->pages_reusable
= extended
.pages_reusable
;
11535 short_info
->external_pager
= extended
.external_pager
;
11536 short_info
->shadow_depth
= extended
.shadow_depth
;
11537 short_info
->share_mode
= extended
.share_mode
;
11538 short_info
->ref_count
= extended
.ref_count
;
11542 vm_map_unlock_read(curr_map
);
11545 return KERN_SUCCESS
;
11551 * User call to obtain information about a region in
11552 * a task's address map. Currently, only one flavor is
11555 * XXX The reserved and behavior fields cannot be filled
11556 * in until the vm merge from the IK is completed, and
11557 * vm_reserve is implemented.
11563 vm_map_offset_t
*address
, /* IN/OUT */
11564 vm_map_size_t
*size
, /* OUT */
11565 vm_region_flavor_t flavor
, /* IN */
11566 vm_region_info_t info
, /* OUT */
11567 mach_msg_type_number_t
*count
, /* IN/OUT */
11568 mach_port_t
*object_name
) /* OUT */
11570 vm_map_entry_t tmp_entry
;
11571 vm_map_entry_t entry
;
11572 vm_map_offset_t start
;
11574 if (map
== VM_MAP_NULL
)
11575 return(KERN_INVALID_ARGUMENT
);
11579 case VM_REGION_BASIC_INFO
:
11580 /* legacy for old 32-bit objects info */
11582 vm_region_basic_info_t basic
;
11584 if (*count
< VM_REGION_BASIC_INFO_COUNT
)
11585 return(KERN_INVALID_ARGUMENT
);
11587 basic
= (vm_region_basic_info_t
) info
;
11588 *count
= VM_REGION_BASIC_INFO_COUNT
;
11590 vm_map_lock_read(map
);
11593 if (!vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
11594 if ((entry
= tmp_entry
->vme_next
) == vm_map_to_entry(map
)) {
11595 vm_map_unlock_read(map
);
11596 return(KERN_INVALID_ADDRESS
);
11602 start
= entry
->vme_start
;
11604 basic
->offset
= (uint32_t)VME_OFFSET(entry
);
11605 basic
->protection
= entry
->protection
;
11606 basic
->inheritance
= entry
->inheritance
;
11607 basic
->max_protection
= entry
->max_protection
;
11608 basic
->behavior
= entry
->behavior
;
11609 basic
->user_wired_count
= entry
->user_wired_count
;
11610 basic
->reserved
= entry
->is_sub_map
;
11612 *size
= (entry
->vme_end
- start
);
11614 if (object_name
) *object_name
= IP_NULL
;
11615 if (entry
->is_sub_map
) {
11616 basic
->shared
= FALSE
;
11618 basic
->shared
= entry
->is_shared
;
11621 vm_map_unlock_read(map
);
11622 return(KERN_SUCCESS
);
11625 case VM_REGION_BASIC_INFO_64
:
11627 vm_region_basic_info_64_t basic
;
11629 if (*count
< VM_REGION_BASIC_INFO_COUNT_64
)
11630 return(KERN_INVALID_ARGUMENT
);
11632 basic
= (vm_region_basic_info_64_t
) info
;
11633 *count
= VM_REGION_BASIC_INFO_COUNT_64
;
11635 vm_map_lock_read(map
);
11638 if (!vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
11639 if ((entry
= tmp_entry
->vme_next
) == vm_map_to_entry(map
)) {
11640 vm_map_unlock_read(map
);
11641 return(KERN_INVALID_ADDRESS
);
11647 start
= entry
->vme_start
;
11649 basic
->offset
= VME_OFFSET(entry
);
11650 basic
->protection
= entry
->protection
;
11651 basic
->inheritance
= entry
->inheritance
;
11652 basic
->max_protection
= entry
->max_protection
;
11653 basic
->behavior
= entry
->behavior
;
11654 basic
->user_wired_count
= entry
->user_wired_count
;
11655 basic
->reserved
= entry
->is_sub_map
;
11657 *size
= (entry
->vme_end
- start
);
11659 if (object_name
) *object_name
= IP_NULL
;
11660 if (entry
->is_sub_map
) {
11661 basic
->shared
= FALSE
;
11663 basic
->shared
= entry
->is_shared
;
11666 vm_map_unlock_read(map
);
11667 return(KERN_SUCCESS
);
11669 case VM_REGION_EXTENDED_INFO
:
11670 if (*count
< VM_REGION_EXTENDED_INFO_COUNT
)
11671 return(KERN_INVALID_ARGUMENT
);
11673 case VM_REGION_EXTENDED_INFO__legacy
:
11674 if (*count
< VM_REGION_EXTENDED_INFO_COUNT__legacy
)
11675 return KERN_INVALID_ARGUMENT
;
11678 vm_region_extended_info_t extended
;
11679 mach_msg_type_number_t original_count
;
11681 extended
= (vm_region_extended_info_t
) info
;
11683 vm_map_lock_read(map
);
11686 if (!vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
11687 if ((entry
= tmp_entry
->vme_next
) == vm_map_to_entry(map
)) {
11688 vm_map_unlock_read(map
);
11689 return(KERN_INVALID_ADDRESS
);
11694 start
= entry
->vme_start
;
11696 extended
->protection
= entry
->protection
;
11697 extended
->user_tag
= VME_ALIAS(entry
);
11698 extended
->pages_resident
= 0;
11699 extended
->pages_swapped_out
= 0;
11700 extended
->pages_shared_now_private
= 0;
11701 extended
->pages_dirtied
= 0;
11702 extended
->external_pager
= 0;
11703 extended
->shadow_depth
= 0;
11705 original_count
= *count
;
11706 if (flavor
== VM_REGION_EXTENDED_INFO__legacy
) {
11707 *count
= VM_REGION_EXTENDED_INFO_COUNT__legacy
;
11709 extended
->pages_reusable
= 0;
11710 *count
= VM_REGION_EXTENDED_INFO_COUNT
;
11713 vm_map_region_walk(map
, start
, entry
, VME_OFFSET(entry
), entry
->vme_end
- start
, extended
, TRUE
, *count
);
11715 if (extended
->external_pager
&& extended
->ref_count
== 2 && extended
->share_mode
== SM_SHARED
)
11716 extended
->share_mode
= SM_PRIVATE
;
11719 *object_name
= IP_NULL
;
11721 *size
= (entry
->vme_end
- start
);
11723 vm_map_unlock_read(map
);
11724 return(KERN_SUCCESS
);
11726 case VM_REGION_TOP_INFO
:
11728 vm_region_top_info_t top
;
11730 if (*count
< VM_REGION_TOP_INFO_COUNT
)
11731 return(KERN_INVALID_ARGUMENT
);
11733 top
= (vm_region_top_info_t
) info
;
11734 *count
= VM_REGION_TOP_INFO_COUNT
;
11736 vm_map_lock_read(map
);
11739 if (!vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
11740 if ((entry
= tmp_entry
->vme_next
) == vm_map_to_entry(map
)) {
11741 vm_map_unlock_read(map
);
11742 return(KERN_INVALID_ADDRESS
);
11748 start
= entry
->vme_start
;
11750 top
->private_pages_resident
= 0;
11751 top
->shared_pages_resident
= 0;
11753 vm_map_region_top_walk(entry
, top
);
11756 *object_name
= IP_NULL
;
11758 *size
= (entry
->vme_end
- start
);
11760 vm_map_unlock_read(map
);
11761 return(KERN_SUCCESS
);
11764 return(KERN_INVALID_ARGUMENT
);
11768 #define OBJ_RESIDENT_COUNT(obj, entry_size) \
11769 MIN((entry_size), \
11770 ((obj)->all_reusable ? \
11771 (obj)->wired_page_count : \
11772 (obj)->resident_page_count - (obj)->reusable_page_count))
11775 vm_map_region_top_walk(
11776 vm_map_entry_t entry
,
11777 vm_region_top_info_t top
)
11780 if (VME_OBJECT(entry
) == 0 || entry
->is_sub_map
) {
11781 top
->share_mode
= SM_EMPTY
;
11782 top
->ref_count
= 0;
11788 struct vm_object
*obj
, *tmp_obj
;
11790 uint32_t entry_size
;
11792 entry_size
= (uint32_t) ((entry
->vme_end
- entry
->vme_start
) / PAGE_SIZE_64
);
11794 obj
= VME_OBJECT(entry
);
11796 vm_object_lock(obj
);
11798 if ((ref_count
= obj
->ref_count
) > 1 && obj
->paging_in_progress
)
11801 assert(obj
->reusable_page_count
<= obj
->resident_page_count
);
11803 if (ref_count
== 1)
11804 top
->private_pages_resident
=
11805 OBJ_RESIDENT_COUNT(obj
, entry_size
);
11807 top
->shared_pages_resident
=
11808 OBJ_RESIDENT_COUNT(obj
, entry_size
);
11809 top
->ref_count
= ref_count
;
11810 top
->share_mode
= SM_COW
;
11812 while ((tmp_obj
= obj
->shadow
)) {
11813 vm_object_lock(tmp_obj
);
11814 vm_object_unlock(obj
);
11817 if ((ref_count
= obj
->ref_count
) > 1 && obj
->paging_in_progress
)
11820 assert(obj
->reusable_page_count
<= obj
->resident_page_count
);
11821 top
->shared_pages_resident
+=
11822 OBJ_RESIDENT_COUNT(obj
, entry_size
);
11823 top
->ref_count
+= ref_count
- 1;
11826 if (entry
->superpage_size
) {
11827 top
->share_mode
= SM_LARGE_PAGE
;
11828 top
->shared_pages_resident
= 0;
11829 top
->private_pages_resident
= entry_size
;
11830 } else if (entry
->needs_copy
) {
11831 top
->share_mode
= SM_COW
;
11832 top
->shared_pages_resident
=
11833 OBJ_RESIDENT_COUNT(obj
, entry_size
);
11835 if (ref_count
== 1 ||
11836 (ref_count
== 2 && !(obj
->pager_trusted
) && !(obj
->internal
))) {
11837 top
->share_mode
= SM_PRIVATE
;
11838 top
->private_pages_resident
=
11839 OBJ_RESIDENT_COUNT(obj
,
11842 top
->share_mode
= SM_SHARED
;
11843 top
->shared_pages_resident
=
11844 OBJ_RESIDENT_COUNT(obj
,
11848 top
->ref_count
= ref_count
;
11850 /* XXX K64: obj_id will be truncated */
11851 top
->obj_id
= (unsigned int) (uintptr_t)VM_KERNEL_ADDRPERM(obj
);
11853 vm_object_unlock(obj
);
11858 vm_map_region_walk(
11860 vm_map_offset_t va
,
11861 vm_map_entry_t entry
,
11862 vm_object_offset_t offset
,
11863 vm_object_size_t range
,
11864 vm_region_extended_info_t extended
,
11865 boolean_t look_for_pages
,
11866 mach_msg_type_number_t count
)
11868 register struct vm_object
*obj
, *tmp_obj
;
11869 register vm_map_offset_t last_offset
;
11871 register int ref_count
;
11872 struct vm_object
*shadow_object
;
11875 if ((VME_OBJECT(entry
) == 0) ||
11876 (entry
->is_sub_map
) ||
11877 (VME_OBJECT(entry
)->phys_contiguous
&&
11878 !entry
->superpage_size
)) {
11879 extended
->share_mode
= SM_EMPTY
;
11880 extended
->ref_count
= 0;
11884 if (entry
->superpage_size
) {
11885 extended
->shadow_depth
= 0;
11886 extended
->share_mode
= SM_LARGE_PAGE
;
11887 extended
->ref_count
= 1;
11888 extended
->external_pager
= 0;
11889 extended
->pages_resident
= (unsigned int)(range
>> PAGE_SHIFT
);
11890 extended
->shadow_depth
= 0;
11895 obj
= VME_OBJECT(entry
);
11897 vm_object_lock(obj
);
11899 if ((ref_count
= obj
->ref_count
) > 1 && obj
->paging_in_progress
)
11902 if (look_for_pages
) {
11903 for (last_offset
= offset
+ range
;
11904 offset
< last_offset
;
11905 offset
+= PAGE_SIZE_64
, va
+= PAGE_SIZE
) {
11906 vm_map_region_look_for_page(map
, va
, obj
,
11908 0, extended
, count
);
11911 shadow_object
= obj
->shadow
;
11914 if ( !(obj
->pager_trusted
) && !(obj
->internal
))
11915 extended
->external_pager
= 1;
11917 if (shadow_object
!= VM_OBJECT_NULL
) {
11918 vm_object_lock(shadow_object
);
11920 shadow_object
!= VM_OBJECT_NULL
;
11922 vm_object_t next_shadow
;
11924 if ( !(shadow_object
->pager_trusted
) &&
11925 !(shadow_object
->internal
))
11926 extended
->external_pager
= 1;
11928 next_shadow
= shadow_object
->shadow
;
11930 vm_object_lock(next_shadow
);
11932 vm_object_unlock(shadow_object
);
11933 shadow_object
= next_shadow
;
11936 extended
->shadow_depth
= shadow_depth
;
11939 if (extended
->shadow_depth
|| entry
->needs_copy
)
11940 extended
->share_mode
= SM_COW
;
11942 if (ref_count
== 1)
11943 extended
->share_mode
= SM_PRIVATE
;
11945 if (obj
->true_share
)
11946 extended
->share_mode
= SM_TRUESHARED
;
11948 extended
->share_mode
= SM_SHARED
;
11951 extended
->ref_count
= ref_count
- extended
->shadow_depth
;
11953 for (i
= 0; i
< extended
->shadow_depth
; i
++) {
11954 if ((tmp_obj
= obj
->shadow
) == 0)
11956 vm_object_lock(tmp_obj
);
11957 vm_object_unlock(obj
);
11959 if ((ref_count
= tmp_obj
->ref_count
) > 1 && tmp_obj
->paging_in_progress
)
11962 extended
->ref_count
+= ref_count
;
11965 vm_object_unlock(obj
);
11967 if (extended
->share_mode
== SM_SHARED
) {
11968 register vm_map_entry_t cur
;
11969 register vm_map_entry_t last
;
11972 obj
= VME_OBJECT(entry
);
11973 last
= vm_map_to_entry(map
);
11976 if ((ref_count
= obj
->ref_count
) > 1 && obj
->paging_in_progress
)
11978 for (cur
= vm_map_first_entry(map
); cur
!= last
; cur
= cur
->vme_next
)
11979 my_refs
+= vm_map_region_count_obj_refs(cur
, obj
);
11981 if (my_refs
== ref_count
)
11982 extended
->share_mode
= SM_PRIVATE_ALIASED
;
11983 else if (my_refs
> 1)
11984 extended
->share_mode
= SM_SHARED_ALIASED
;
11990 /* object is locked on entry and locked on return */
11994 vm_map_region_look_for_page(
11995 __unused vm_map_t map
,
11996 __unused vm_map_offset_t va
,
11997 vm_object_t object
,
11998 vm_object_offset_t offset
,
12001 vm_region_extended_info_t extended
,
12002 mach_msg_type_number_t count
)
12004 register vm_page_t p
;
12005 register vm_object_t shadow
;
12006 register int ref_count
;
12007 vm_object_t caller_object
;
12009 shadow
= object
->shadow
;
12010 caller_object
= object
;
12015 if ( !(object
->pager_trusted
) && !(object
->internal
))
12016 extended
->external_pager
= 1;
12018 if ((p
= vm_page_lookup(object
, offset
)) != VM_PAGE_NULL
) {
12019 if (shadow
&& (max_refcnt
== 1))
12020 extended
->pages_shared_now_private
++;
12022 if (!p
->fictitious
&&
12023 (p
->dirty
|| pmap_is_modified(p
->phys_page
)))
12024 extended
->pages_dirtied
++;
12025 else if (count
>= VM_REGION_EXTENDED_INFO_COUNT
) {
12026 if (p
->reusable
|| p
->object
->all_reusable
) {
12027 extended
->pages_reusable
++;
12031 extended
->pages_resident
++;
12033 if(object
!= caller_object
)
12034 vm_object_unlock(object
);
12039 if (object
->existence_map
) {
12040 if (vm_external_state_get(object
->existence_map
, offset
) == VM_EXTERNAL_STATE_EXISTS
) {
12042 extended
->pages_swapped_out
++;
12044 if(object
!= caller_object
)
12045 vm_object_unlock(object
);
12050 #endif /* MACH_PAGEMAP */
12051 if (object
->internal
&&
12053 !object
->terminating
&&
12054 object
->pager_ready
) {
12056 if (COMPRESSED_PAGER_IS_ACTIVE
|| DEFAULT_FREEZER_COMPRESSED_PAGER_IS_ACTIVE
) {
12057 if (VM_COMPRESSOR_PAGER_STATE_GET(object
,
12059 == VM_EXTERNAL_STATE_EXISTS
) {
12060 /* the pager has that page */
12061 extended
->pages_swapped_out
++;
12062 if (object
!= caller_object
)
12063 vm_object_unlock(object
);
12067 memory_object_t pager
;
12069 vm_object_paging_begin(object
);
12070 pager
= object
->pager
;
12071 vm_object_unlock(object
);
12073 kr
= memory_object_data_request(
12075 offset
+ object
->paging_offset
,
12076 0, /* just poke the pager */
12080 vm_object_lock(object
);
12081 vm_object_paging_end(object
);
12083 if (kr
== KERN_SUCCESS
) {
12084 /* the pager has that page */
12085 extended
->pages_swapped_out
++;
12086 if (object
!= caller_object
)
12087 vm_object_unlock(object
);
12094 vm_object_lock(shadow
);
12096 if ((ref_count
= shadow
->ref_count
) > 1 && shadow
->paging_in_progress
)
12099 if (++depth
> extended
->shadow_depth
)
12100 extended
->shadow_depth
= depth
;
12102 if (ref_count
> max_refcnt
)
12103 max_refcnt
= ref_count
;
12105 if(object
!= caller_object
)
12106 vm_object_unlock(object
);
12108 offset
= offset
+ object
->vo_shadow_offset
;
12110 shadow
= object
->shadow
;
12113 if(object
!= caller_object
)
12114 vm_object_unlock(object
);
12120 vm_map_region_count_obj_refs(
12121 vm_map_entry_t entry
,
12122 vm_object_t object
)
12124 register int ref_count
;
12125 register vm_object_t chk_obj
;
12126 register vm_object_t tmp_obj
;
12128 if (VME_OBJECT(entry
) == 0)
12131 if (entry
->is_sub_map
)
12136 chk_obj
= VME_OBJECT(entry
);
12137 vm_object_lock(chk_obj
);
12140 if (chk_obj
== object
)
12142 tmp_obj
= chk_obj
->shadow
;
12144 vm_object_lock(tmp_obj
);
12145 vm_object_unlock(chk_obj
);
12155 * Routine: vm_map_simplify
12158 * Attempt to simplify the map representation in
12159 * the vicinity of the given starting address.
12161 * This routine is intended primarily to keep the
12162 * kernel maps more compact -- they generally don't
12163 * benefit from the "expand a map entry" technology
12164 * at allocation time because the adjacent entry
12165 * is often wired down.
12168 vm_map_simplify_entry(
12170 vm_map_entry_t this_entry
)
12172 vm_map_entry_t prev_entry
;
12174 counter(c_vm_map_simplify_entry_called
++);
12176 prev_entry
= this_entry
->vme_prev
;
12178 if ((this_entry
!= vm_map_to_entry(map
)) &&
12179 (prev_entry
!= vm_map_to_entry(map
)) &&
12181 (prev_entry
->vme_end
== this_entry
->vme_start
) &&
12183 (prev_entry
->is_sub_map
== this_entry
->is_sub_map
) &&
12184 (VME_OBJECT(prev_entry
) == VME_OBJECT(this_entry
)) &&
12185 ((VME_OFFSET(prev_entry
) + (prev_entry
->vme_end
-
12186 prev_entry
->vme_start
))
12187 == VME_OFFSET(this_entry
)) &&
12189 (prev_entry
->behavior
== this_entry
->behavior
) &&
12190 (prev_entry
->needs_copy
== this_entry
->needs_copy
) &&
12191 (prev_entry
->protection
== this_entry
->protection
) &&
12192 (prev_entry
->max_protection
== this_entry
->max_protection
) &&
12193 (prev_entry
->inheritance
== this_entry
->inheritance
) &&
12194 (prev_entry
->use_pmap
== this_entry
->use_pmap
) &&
12195 (VME_ALIAS(prev_entry
) == VME_ALIAS(this_entry
)) &&
12196 (prev_entry
->no_cache
== this_entry
->no_cache
) &&
12197 (prev_entry
->permanent
== this_entry
->permanent
) &&
12198 (prev_entry
->map_aligned
== this_entry
->map_aligned
) &&
12199 (prev_entry
->zero_wired_pages
== this_entry
->zero_wired_pages
) &&
12200 (prev_entry
->used_for_jit
== this_entry
->used_for_jit
) &&
12201 /* from_reserved_zone: OK if that field doesn't match */
12202 (prev_entry
->iokit_acct
== this_entry
->iokit_acct
) &&
12203 (prev_entry
->vme_resilient_codesign
==
12204 this_entry
->vme_resilient_codesign
) &&
12205 (prev_entry
->vme_resilient_media
==
12206 this_entry
->vme_resilient_media
) &&
12208 (prev_entry
->wired_count
== this_entry
->wired_count
) &&
12209 (prev_entry
->user_wired_count
== this_entry
->user_wired_count
) &&
12211 (prev_entry
->in_transition
== FALSE
) &&
12212 (this_entry
->in_transition
== FALSE
) &&
12213 (prev_entry
->needs_wakeup
== FALSE
) &&
12214 (this_entry
->needs_wakeup
== FALSE
) &&
12215 (prev_entry
->is_shared
== FALSE
) &&
12216 (this_entry
->is_shared
== FALSE
) &&
12217 (prev_entry
->superpage_size
== FALSE
) &&
12218 (this_entry
->superpage_size
== FALSE
)
12220 vm_map_store_entry_unlink(map
, prev_entry
);
12221 assert(prev_entry
->vme_start
< this_entry
->vme_end
);
12222 if (prev_entry
->map_aligned
)
12223 assert(VM_MAP_PAGE_ALIGNED(prev_entry
->vme_start
,
12224 VM_MAP_PAGE_MASK(map
)));
12225 this_entry
->vme_start
= prev_entry
->vme_start
;
12226 VME_OFFSET_SET(this_entry
, VME_OFFSET(prev_entry
));
12228 if (map
->holelistenabled
) {
12229 vm_map_store_update_first_free(map
, this_entry
, TRUE
);
12232 if (prev_entry
->is_sub_map
) {
12233 vm_map_deallocate(VME_SUBMAP(prev_entry
));
12235 vm_object_deallocate(VME_OBJECT(prev_entry
));
12237 vm_map_entry_dispose(map
, prev_entry
);
12238 SAVE_HINT_MAP_WRITE(map
, this_entry
);
12239 counter(c_vm_map_simplified
++);
12246 vm_map_offset_t start
)
12248 vm_map_entry_t this_entry
;
12251 if (vm_map_lookup_entry(map
, start
, &this_entry
)) {
12252 vm_map_simplify_entry(map
, this_entry
);
12253 vm_map_simplify_entry(map
, this_entry
->vme_next
);
12255 counter(c_vm_map_simplify_called
++);
12256 vm_map_unlock(map
);
12260 vm_map_simplify_range(
12262 vm_map_offset_t start
,
12263 vm_map_offset_t end
)
12265 vm_map_entry_t entry
;
12268 * The map should be locked (for "write") by the caller.
12271 if (start
>= end
) {
12272 /* invalid address range */
12276 start
= vm_map_trunc_page(start
,
12277 VM_MAP_PAGE_MASK(map
));
12278 end
= vm_map_round_page(end
,
12279 VM_MAP_PAGE_MASK(map
));
12281 if (!vm_map_lookup_entry(map
, start
, &entry
)) {
12282 /* "start" is not mapped and "entry" ends before "start" */
12283 if (entry
== vm_map_to_entry(map
)) {
12284 /* start with first entry in the map */
12285 entry
= vm_map_first_entry(map
);
12287 /* start with next entry */
12288 entry
= entry
->vme_next
;
12292 while (entry
!= vm_map_to_entry(map
) &&
12293 entry
->vme_start
<= end
) {
12294 /* try and coalesce "entry" with its previous entry */
12295 vm_map_simplify_entry(map
, entry
);
12296 entry
= entry
->vme_next
;
12302 * Routine: vm_map_machine_attribute
12304 * Provide machine-specific attributes to mappings,
12305 * such as cachability etc. for machines that provide
12306 * them. NUMA architectures and machines with big/strange
12307 * caches will use this.
12309 * Responsibilities for locking and checking are handled here,
12310 * everything else in the pmap module. If any non-volatile
12311 * information must be kept, the pmap module should handle
12312 * it itself. [This assumes that attributes do not
12313 * need to be inherited, which seems ok to me]
12316 vm_map_machine_attribute(
12318 vm_map_offset_t start
,
12319 vm_map_offset_t end
,
12320 vm_machine_attribute_t attribute
,
12321 vm_machine_attribute_val_t
* value
) /* IN/OUT */
12324 vm_map_size_t sync_size
;
12325 vm_map_entry_t entry
;
12327 if (start
< vm_map_min(map
) || end
> vm_map_max(map
))
12328 return KERN_INVALID_ADDRESS
;
12330 /* Figure how much memory we need to flush (in page increments) */
12331 sync_size
= end
- start
;
12335 if (attribute
!= MATTR_CACHE
) {
12336 /* If we don't have to find physical addresses, we */
12337 /* don't have to do an explicit traversal here. */
12338 ret
= pmap_attribute(map
->pmap
, start
, end
-start
,
12340 vm_map_unlock(map
);
12344 ret
= KERN_SUCCESS
; /* Assume it all worked */
12347 if (vm_map_lookup_entry(map
, start
, &entry
)) {
12348 vm_map_size_t sub_size
;
12349 if((entry
->vme_end
- start
) > sync_size
) {
12350 sub_size
= sync_size
;
12353 sub_size
= entry
->vme_end
- start
;
12354 sync_size
-= sub_size
;
12356 if(entry
->is_sub_map
) {
12357 vm_map_offset_t sub_start
;
12358 vm_map_offset_t sub_end
;
12360 sub_start
= (start
- entry
->vme_start
)
12361 + VME_OFFSET(entry
);
12362 sub_end
= sub_start
+ sub_size
;
12363 vm_map_machine_attribute(
12369 if (VME_OBJECT(entry
)) {
12371 vm_object_t object
;
12372 vm_object_t base_object
;
12373 vm_object_t last_object
;
12374 vm_object_offset_t offset
;
12375 vm_object_offset_t base_offset
;
12376 vm_map_size_t range
;
12378 offset
= (start
- entry
->vme_start
)
12379 + VME_OFFSET(entry
);
12380 base_offset
= offset
;
12381 object
= VME_OBJECT(entry
);
12382 base_object
= object
;
12383 last_object
= NULL
;
12385 vm_object_lock(object
);
12388 m
= vm_page_lookup(
12391 if (m
&& !m
->fictitious
) {
12393 pmap_attribute_cache_sync(
12398 } else if (object
->shadow
) {
12399 offset
= offset
+ object
->vo_shadow_offset
;
12400 last_object
= object
;
12401 object
= object
->shadow
;
12402 vm_object_lock(last_object
->shadow
);
12403 vm_object_unlock(last_object
);
12406 range
-= PAGE_SIZE
;
12408 if (base_object
!= object
) {
12409 vm_object_unlock(object
);
12410 vm_object_lock(base_object
);
12411 object
= base_object
;
12413 /* Bump to the next page */
12414 base_offset
+= PAGE_SIZE
;
12415 offset
= base_offset
;
12417 vm_object_unlock(object
);
12422 vm_map_unlock(map
);
12423 return KERN_FAILURE
;
12428 vm_map_unlock(map
);
12434 * vm_map_behavior_set:
12436 * Sets the paging reference behavior of the specified address
12437 * range in the target map. Paging reference behavior affects
12438 * how pagein operations resulting from faults on the map will be
12442 vm_map_behavior_set(
12444 vm_map_offset_t start
,
12445 vm_map_offset_t end
,
12446 vm_behavior_t new_behavior
)
12448 register vm_map_entry_t entry
;
12449 vm_map_entry_t temp_entry
;
12452 "vm_map_behavior_set, 0x%X start 0x%X end 0x%X behavior %d",
12453 map
, start
, end
, new_behavior
, 0);
12456 start
< vm_map_min(map
) ||
12457 end
> vm_map_max(map
)) {
12458 return KERN_NO_SPACE
;
12461 switch (new_behavior
) {
12464 * This first block of behaviors all set a persistent state on the specified
12465 * memory range. All we have to do here is to record the desired behavior
12466 * in the vm_map_entry_t's.
12469 case VM_BEHAVIOR_DEFAULT
:
12470 case VM_BEHAVIOR_RANDOM
:
12471 case VM_BEHAVIOR_SEQUENTIAL
:
12472 case VM_BEHAVIOR_RSEQNTL
:
12473 case VM_BEHAVIOR_ZERO_WIRED_PAGES
:
12477 * The entire address range must be valid for the map.
12478 * Note that vm_map_range_check() does a
12479 * vm_map_lookup_entry() internally and returns the
12480 * entry containing the start of the address range if
12481 * the entire range is valid.
12483 if (vm_map_range_check(map
, start
, end
, &temp_entry
)) {
12484 entry
= temp_entry
;
12485 vm_map_clip_start(map
, entry
, start
);
12488 vm_map_unlock(map
);
12489 return(KERN_INVALID_ADDRESS
);
12492 while ((entry
!= vm_map_to_entry(map
)) && (entry
->vme_start
< end
)) {
12493 vm_map_clip_end(map
, entry
, end
);
12494 if (entry
->is_sub_map
) {
12495 assert(!entry
->use_pmap
);
12498 if( new_behavior
== VM_BEHAVIOR_ZERO_WIRED_PAGES
) {
12499 entry
->zero_wired_pages
= TRUE
;
12501 entry
->behavior
= new_behavior
;
12503 entry
= entry
->vme_next
;
12506 vm_map_unlock(map
);
12510 * The rest of these are different from the above in that they cause
12511 * an immediate action to take place as opposed to setting a behavior that
12512 * affects future actions.
12515 case VM_BEHAVIOR_WILLNEED
:
12516 return vm_map_willneed(map
, start
, end
);
12518 case VM_BEHAVIOR_DONTNEED
:
12519 return vm_map_msync(map
, start
, end
- start
, VM_SYNC_DEACTIVATE
| VM_SYNC_CONTIGUOUS
);
12521 case VM_BEHAVIOR_FREE
:
12522 return vm_map_msync(map
, start
, end
- start
, VM_SYNC_KILLPAGES
| VM_SYNC_CONTIGUOUS
);
12524 case VM_BEHAVIOR_REUSABLE
:
12525 return vm_map_reusable_pages(map
, start
, end
);
12527 case VM_BEHAVIOR_REUSE
:
12528 return vm_map_reuse_pages(map
, start
, end
);
12530 case VM_BEHAVIOR_CAN_REUSE
:
12531 return vm_map_can_reuse(map
, start
, end
);
12534 case VM_BEHAVIOR_PAGEOUT
:
12535 return vm_map_pageout(map
, start
, end
);
12536 #endif /* MACH_ASSERT */
12539 return(KERN_INVALID_ARGUMENT
);
12542 return(KERN_SUCCESS
);
12547 * Internals for madvise(MADV_WILLNEED) system call.
12549 * The present implementation is to do a read-ahead if the mapping corresponds
12550 * to a mapped regular file. If it's an anonymous mapping, then we do nothing
12551 * and basically ignore the "advice" (which we are always free to do).
12555 static kern_return_t
12558 vm_map_offset_t start
,
12559 vm_map_offset_t end
12562 vm_map_entry_t entry
;
12563 vm_object_t object
;
12564 memory_object_t pager
;
12565 struct vm_object_fault_info fault_info
;
12567 vm_object_size_t len
;
12568 vm_object_offset_t offset
;
12571 * Fill in static values in fault_info. Several fields get ignored by the code
12572 * we call, but we'll fill them in anyway since uninitialized fields are bad
12573 * when it comes to future backwards compatibility.
12576 fault_info
.interruptible
= THREAD_UNINT
; /* ignored value */
12577 fault_info
.behavior
= VM_BEHAVIOR_SEQUENTIAL
;
12578 fault_info
.no_cache
= FALSE
; /* ignored value */
12579 fault_info
.stealth
= TRUE
;
12580 fault_info
.io_sync
= FALSE
;
12581 fault_info
.cs_bypass
= FALSE
;
12582 fault_info
.mark_zf_absent
= FALSE
;
12583 fault_info
.batch_pmap_op
= FALSE
;
12586 * The MADV_WILLNEED operation doesn't require any changes to the
12587 * vm_map_entry_t's, so the read lock is sufficient.
12590 vm_map_lock_read(map
);
12593 * The madvise semantics require that the address range be fully
12594 * allocated with no holes. Otherwise, we're required to return
12598 if (! vm_map_range_check(map
, start
, end
, &entry
)) {
12599 vm_map_unlock_read(map
);
12600 return KERN_INVALID_ADDRESS
;
12604 * Examine each vm_map_entry_t in the range.
12606 for (; entry
!= vm_map_to_entry(map
) && start
< end
; ) {
12609 * The first time through, the start address could be anywhere
12610 * within the vm_map_entry we found. So adjust the offset to
12611 * correspond. After that, the offset will always be zero to
12612 * correspond to the beginning of the current vm_map_entry.
12614 offset
= (start
- entry
->vme_start
) + VME_OFFSET(entry
);
12617 * Set the length so we don't go beyond the end of the
12618 * map_entry or beyond the end of the range we were given.
12619 * This range could span also multiple map entries all of which
12620 * map different files, so make sure we only do the right amount
12621 * of I/O for each object. Note that it's possible for there
12622 * to be multiple map entries all referring to the same object
12623 * but with different page permissions, but it's not worth
12624 * trying to optimize that case.
12626 len
= MIN(entry
->vme_end
- start
, end
- start
);
12628 if ((vm_size_t
) len
!= len
) {
12629 /* 32-bit overflow */
12630 len
= (vm_size_t
) (0 - PAGE_SIZE
);
12632 fault_info
.cluster_size
= (vm_size_t
) len
;
12633 fault_info
.lo_offset
= offset
;
12634 fault_info
.hi_offset
= offset
+ len
;
12635 fault_info
.user_tag
= VME_ALIAS(entry
);
12636 fault_info
.pmap_options
= 0;
12637 if (entry
->iokit_acct
||
12638 (!entry
->is_sub_map
&& !entry
->use_pmap
)) {
12639 fault_info
.pmap_options
|= PMAP_OPTIONS_ALT_ACCT
;
12643 * If there's no read permission to this mapping, then just
12646 if ((entry
->protection
& VM_PROT_READ
) == 0) {
12647 entry
= entry
->vme_next
;
12648 start
= entry
->vme_start
;
12653 * Find the file object backing this map entry. If there is
12654 * none, then we simply ignore the "will need" advice for this
12655 * entry and go on to the next one.
12657 if ((object
= find_vnode_object(entry
)) == VM_OBJECT_NULL
) {
12658 entry
= entry
->vme_next
;
12659 start
= entry
->vme_start
;
12664 * The data_request() could take a long time, so let's
12665 * release the map lock to avoid blocking other threads.
12667 vm_map_unlock_read(map
);
12669 vm_object_paging_begin(object
);
12670 pager
= object
->pager
;
12671 vm_object_unlock(object
);
12674 * Get the data from the object asynchronously.
12676 * Note that memory_object_data_request() places limits on the
12677 * amount of I/O it will do. Regardless of the len we
12678 * specified, it won't do more than MAX_UPL_TRANSFER_BYTES and it
12679 * silently truncates the len to that size. This isn't
12680 * necessarily bad since madvise shouldn't really be used to
12681 * page in unlimited amounts of data. Other Unix variants
12682 * limit the willneed case as well. If this turns out to be an
12683 * issue for developers, then we can always adjust the policy
12684 * here and still be backwards compatible since this is all
12687 kr
= memory_object_data_request(
12689 offset
+ object
->paging_offset
,
12692 (memory_object_fault_info_t
)&fault_info
);
12694 vm_object_lock(object
);
12695 vm_object_paging_end(object
);
12696 vm_object_unlock(object
);
12699 * If we couldn't do the I/O for some reason, just give up on
12700 * the madvise. We still return success to the user since
12701 * madvise isn't supposed to fail when the advice can't be
12704 if (kr
!= KERN_SUCCESS
) {
12705 return KERN_SUCCESS
;
12709 if (start
>= end
) {
12711 return KERN_SUCCESS
;
12714 /* look up next entry */
12715 vm_map_lock_read(map
);
12716 if (! vm_map_lookup_entry(map
, start
, &entry
)) {
12718 * There's a new hole in the address range.
12720 vm_map_unlock_read(map
);
12721 return KERN_INVALID_ADDRESS
;
12725 vm_map_unlock_read(map
);
12726 return KERN_SUCCESS
;
12730 vm_map_entry_is_reusable(
12731 vm_map_entry_t entry
)
12733 /* Only user map entries */
12735 vm_object_t object
;
12737 if (entry
->is_sub_map
) {
12741 switch (VME_ALIAS(entry
)) {
12742 case VM_MEMORY_MALLOC
:
12743 case VM_MEMORY_MALLOC_SMALL
:
12744 case VM_MEMORY_MALLOC_LARGE
:
12745 case VM_MEMORY_REALLOC
:
12746 case VM_MEMORY_MALLOC_TINY
:
12747 case VM_MEMORY_MALLOC_LARGE_REUSABLE
:
12748 case VM_MEMORY_MALLOC_LARGE_REUSED
:
12750 * This is a malloc() memory region: check if it's still
12751 * in its original state and can be re-used for more
12752 * malloc() allocations.
12757 * Not a malloc() memory region: let the caller decide if
12763 if (entry
->is_shared
||
12764 entry
->is_sub_map
||
12765 entry
->in_transition
||
12766 entry
->protection
!= VM_PROT_DEFAULT
||
12767 entry
->max_protection
!= VM_PROT_ALL
||
12768 entry
->inheritance
!= VM_INHERIT_DEFAULT
||
12770 entry
->permanent
||
12771 entry
->superpage_size
!= FALSE
||
12772 entry
->zero_wired_pages
||
12773 entry
->wired_count
!= 0 ||
12774 entry
->user_wired_count
!= 0) {
12778 object
= VME_OBJECT(entry
);
12779 if (object
== VM_OBJECT_NULL
) {
12785 * Let's proceed even if the VM object is potentially
12787 * We check for this later when processing the actual
12788 * VM pages, so the contents will be safe if shared.
12790 * But we can still mark this memory region as "reusable" to
12791 * acknowledge that the caller did let us know that the memory
12792 * could be re-used and should not be penalized for holding
12793 * on to it. This allows its "resident size" to not include
12794 * the reusable range.
12796 object
->ref_count
== 1 &&
12798 object
->wired_page_count
== 0 &&
12799 object
->copy
== VM_OBJECT_NULL
&&
12800 object
->shadow
== VM_OBJECT_NULL
&&
12801 object
->copy_strategy
== MEMORY_OBJECT_COPY_SYMMETRIC
&&
12802 object
->internal
&&
12803 !object
->true_share
&&
12804 object
->wimg_bits
== VM_WIMG_USE_DEFAULT
&&
12805 !object
->code_signed
) {
12813 static kern_return_t
12814 vm_map_reuse_pages(
12816 vm_map_offset_t start
,
12817 vm_map_offset_t end
)
12819 vm_map_entry_t entry
;
12820 vm_object_t object
;
12821 vm_object_offset_t start_offset
, end_offset
;
12824 * The MADV_REUSE operation doesn't require any changes to the
12825 * vm_map_entry_t's, so the read lock is sufficient.
12828 vm_map_lock_read(map
);
12829 assert(map
->pmap
!= kernel_pmap
); /* protect alias access */
12832 * The madvise semantics require that the address range be fully
12833 * allocated with no holes. Otherwise, we're required to return
12837 if (!vm_map_range_check(map
, start
, end
, &entry
)) {
12838 vm_map_unlock_read(map
);
12839 vm_page_stats_reusable
.reuse_pages_failure
++;
12840 return KERN_INVALID_ADDRESS
;
12844 * Examine each vm_map_entry_t in the range.
12846 for (; entry
!= vm_map_to_entry(map
) && entry
->vme_start
< end
;
12847 entry
= entry
->vme_next
) {
12849 * Sanity check on the VM map entry.
12851 if (! vm_map_entry_is_reusable(entry
)) {
12852 vm_map_unlock_read(map
);
12853 vm_page_stats_reusable
.reuse_pages_failure
++;
12854 return KERN_INVALID_ADDRESS
;
12858 * The first time through, the start address could be anywhere
12859 * within the vm_map_entry we found. So adjust the offset to
12862 if (entry
->vme_start
< start
) {
12863 start_offset
= start
- entry
->vme_start
;
12867 end_offset
= MIN(end
, entry
->vme_end
) - entry
->vme_start
;
12868 start_offset
+= VME_OFFSET(entry
);
12869 end_offset
+= VME_OFFSET(entry
);
12871 assert(!entry
->is_sub_map
);
12872 object
= VME_OBJECT(entry
);
12873 if (object
!= VM_OBJECT_NULL
) {
12874 vm_object_lock(object
);
12875 vm_object_reuse_pages(object
, start_offset
, end_offset
,
12877 vm_object_unlock(object
);
12880 if (VME_ALIAS(entry
) == VM_MEMORY_MALLOC_LARGE_REUSABLE
) {
12883 * We do not hold the VM map exclusively here.
12884 * The "alias" field is not that critical, so it's
12885 * safe to update it here, as long as it is the only
12886 * one that can be modified while holding the VM map
12889 VME_ALIAS_SET(entry
, VM_MEMORY_MALLOC_LARGE_REUSED
);
12893 vm_map_unlock_read(map
);
12894 vm_page_stats_reusable
.reuse_pages_success
++;
12895 return KERN_SUCCESS
;
12899 static kern_return_t
12900 vm_map_reusable_pages(
12902 vm_map_offset_t start
,
12903 vm_map_offset_t end
)
12905 vm_map_entry_t entry
;
12906 vm_object_t object
;
12907 vm_object_offset_t start_offset
, end_offset
;
12908 vm_map_offset_t pmap_offset
;
12911 * The MADV_REUSABLE operation doesn't require any changes to the
12912 * vm_map_entry_t's, so the read lock is sufficient.
12915 vm_map_lock_read(map
);
12916 assert(map
->pmap
!= kernel_pmap
); /* protect alias access */
12919 * The madvise semantics require that the address range be fully
12920 * allocated with no holes. Otherwise, we're required to return
12924 if (!vm_map_range_check(map
, start
, end
, &entry
)) {
12925 vm_map_unlock_read(map
);
12926 vm_page_stats_reusable
.reusable_pages_failure
++;
12927 return KERN_INVALID_ADDRESS
;
12931 * Examine each vm_map_entry_t in the range.
12933 for (; entry
!= vm_map_to_entry(map
) && entry
->vme_start
< end
;
12934 entry
= entry
->vme_next
) {
12935 int kill_pages
= 0;
12938 * Sanity check on the VM map entry.
12940 if (! vm_map_entry_is_reusable(entry
)) {
12941 vm_map_unlock_read(map
);
12942 vm_page_stats_reusable
.reusable_pages_failure
++;
12943 return KERN_INVALID_ADDRESS
;
12947 * The first time through, the start address could be anywhere
12948 * within the vm_map_entry we found. So adjust the offset to
12951 if (entry
->vme_start
< start
) {
12952 start_offset
= start
- entry
->vme_start
;
12953 pmap_offset
= start
;
12956 pmap_offset
= entry
->vme_start
;
12958 end_offset
= MIN(end
, entry
->vme_end
) - entry
->vme_start
;
12959 start_offset
+= VME_OFFSET(entry
);
12960 end_offset
+= VME_OFFSET(entry
);
12962 assert(!entry
->is_sub_map
);
12963 object
= VME_OBJECT(entry
);
12964 if (object
== VM_OBJECT_NULL
)
12968 vm_object_lock(object
);
12969 if (object
->ref_count
== 1 &&
12972 * "iokit_acct" entries are billed for their virtual size
12973 * (rather than for their resident pages only), so they
12974 * wouldn't benefit from making pages reusable, and it
12975 * would be hard to keep track of pages that are both
12976 * "iokit_acct" and "reusable" in the pmap stats and ledgers.
12978 !(entry
->iokit_acct
||
12979 (!entry
->is_sub_map
&& !entry
->use_pmap
)))
12983 if (kill_pages
!= -1) {
12984 vm_object_deactivate_pages(object
,
12986 end_offset
- start_offset
,
12988 TRUE
/*reusable_pages*/,
12992 vm_page_stats_reusable
.reusable_pages_shared
++;
12994 vm_object_unlock(object
);
12996 if (VME_ALIAS(entry
) == VM_MEMORY_MALLOC_LARGE
||
12997 VME_ALIAS(entry
) == VM_MEMORY_MALLOC_LARGE_REUSED
) {
13000 * We do not hold the VM map exclusively here.
13001 * The "alias" field is not that critical, so it's
13002 * safe to update it here, as long as it is the only
13003 * one that can be modified while holding the VM map
13006 VME_ALIAS_SET(entry
, VM_MEMORY_MALLOC_LARGE_REUSABLE
);
13010 vm_map_unlock_read(map
);
13011 vm_page_stats_reusable
.reusable_pages_success
++;
13012 return KERN_SUCCESS
;
13016 static kern_return_t
13019 vm_map_offset_t start
,
13020 vm_map_offset_t end
)
13022 vm_map_entry_t entry
;
13025 * The MADV_REUSABLE operation doesn't require any changes to the
13026 * vm_map_entry_t's, so the read lock is sufficient.
13029 vm_map_lock_read(map
);
13030 assert(map
->pmap
!= kernel_pmap
); /* protect alias access */
13033 * The madvise semantics require that the address range be fully
13034 * allocated with no holes. Otherwise, we're required to return
13038 if (!vm_map_range_check(map
, start
, end
, &entry
)) {
13039 vm_map_unlock_read(map
);
13040 vm_page_stats_reusable
.can_reuse_failure
++;
13041 return KERN_INVALID_ADDRESS
;
13045 * Examine each vm_map_entry_t in the range.
13047 for (; entry
!= vm_map_to_entry(map
) && entry
->vme_start
< end
;
13048 entry
= entry
->vme_next
) {
13050 * Sanity check on the VM map entry.
13052 if (! vm_map_entry_is_reusable(entry
)) {
13053 vm_map_unlock_read(map
);
13054 vm_page_stats_reusable
.can_reuse_failure
++;
13055 return KERN_INVALID_ADDRESS
;
13059 vm_map_unlock_read(map
);
13060 vm_page_stats_reusable
.can_reuse_success
++;
13061 return KERN_SUCCESS
;
13066 static kern_return_t
13069 vm_map_offset_t start
,
13070 vm_map_offset_t end
)
13072 vm_map_entry_t entry
;
13075 * The MADV_PAGEOUT operation doesn't require any changes to the
13076 * vm_map_entry_t's, so the read lock is sufficient.
13079 vm_map_lock_read(map
);
13082 * The madvise semantics require that the address range be fully
13083 * allocated with no holes. Otherwise, we're required to return
13087 if (!vm_map_range_check(map
, start
, end
, &entry
)) {
13088 vm_map_unlock_read(map
);
13089 return KERN_INVALID_ADDRESS
;
13093 * Examine each vm_map_entry_t in the range.
13095 for (; entry
!= vm_map_to_entry(map
) && entry
->vme_start
< end
;
13096 entry
= entry
->vme_next
) {
13097 vm_object_t object
;
13100 * Sanity check on the VM map entry.
13102 if (entry
->is_sub_map
) {
13104 vm_map_offset_t submap_start
;
13105 vm_map_offset_t submap_end
;
13106 vm_map_entry_t submap_entry
;
13108 submap
= VME_SUBMAP(entry
);
13109 submap_start
= VME_OFFSET(entry
);
13110 submap_end
= submap_start
+ (entry
->vme_end
-
13113 vm_map_lock_read(submap
);
13115 if (! vm_map_range_check(submap
,
13119 vm_map_unlock_read(submap
);
13120 vm_map_unlock_read(map
);
13121 return KERN_INVALID_ADDRESS
;
13124 object
= VME_OBJECT(submap_entry
);
13125 if (submap_entry
->is_sub_map
||
13126 object
== VM_OBJECT_NULL
||
13127 !object
->internal
) {
13128 vm_map_unlock_read(submap
);
13132 vm_object_pageout(object
);
13134 vm_map_unlock_read(submap
);
13135 submap
= VM_MAP_NULL
;
13136 submap_entry
= VM_MAP_ENTRY_NULL
;
13140 object
= VME_OBJECT(entry
);
13141 if (entry
->is_sub_map
||
13142 object
== VM_OBJECT_NULL
||
13143 !object
->internal
) {
13147 vm_object_pageout(object
);
13150 vm_map_unlock_read(map
);
13151 return KERN_SUCCESS
;
13153 #endif /* MACH_ASSERT */
13157 * Routine: vm_map_entry_insert
13159 * Descritpion: This routine inserts a new vm_entry in a locked map.
13162 vm_map_entry_insert(
13164 vm_map_entry_t insp_entry
,
13165 vm_map_offset_t start
,
13166 vm_map_offset_t end
,
13167 vm_object_t object
,
13168 vm_object_offset_t offset
,
13169 boolean_t needs_copy
,
13170 boolean_t is_shared
,
13171 boolean_t in_transition
,
13172 vm_prot_t cur_protection
,
13173 vm_prot_t max_protection
,
13174 vm_behavior_t behavior
,
13175 vm_inherit_t inheritance
,
13176 unsigned wired_count
,
13177 boolean_t no_cache
,
13178 boolean_t permanent
,
13179 unsigned int superpage_size
,
13180 boolean_t clear_map_aligned
,
13181 boolean_t is_submap
)
13183 vm_map_entry_t new_entry
;
13185 assert(insp_entry
!= (vm_map_entry_t
)0);
13187 new_entry
= vm_map_entry_create(map
, !map
->hdr
.entries_pageable
);
13189 if (VM_MAP_PAGE_SHIFT(map
) != PAGE_SHIFT
) {
13190 new_entry
->map_aligned
= TRUE
;
13192 new_entry
->map_aligned
= FALSE
;
13194 if (clear_map_aligned
&&
13195 (! VM_MAP_PAGE_ALIGNED(start
, VM_MAP_PAGE_MASK(map
)) ||
13196 ! VM_MAP_PAGE_ALIGNED(end
, VM_MAP_PAGE_MASK(map
)))) {
13197 new_entry
->map_aligned
= FALSE
;
13200 new_entry
->vme_start
= start
;
13201 new_entry
->vme_end
= end
;
13202 assert(page_aligned(new_entry
->vme_start
));
13203 assert(page_aligned(new_entry
->vme_end
));
13204 if (new_entry
->map_aligned
) {
13205 assert(VM_MAP_PAGE_ALIGNED(new_entry
->vme_start
,
13206 VM_MAP_PAGE_MASK(map
)));
13207 assert(VM_MAP_PAGE_ALIGNED(new_entry
->vme_end
,
13208 VM_MAP_PAGE_MASK(map
)));
13210 assert(new_entry
->vme_start
< new_entry
->vme_end
);
13212 VME_OBJECT_SET(new_entry
, object
);
13213 VME_OFFSET_SET(new_entry
, offset
);
13214 new_entry
->is_shared
= is_shared
;
13215 new_entry
->is_sub_map
= is_submap
;
13216 new_entry
->needs_copy
= needs_copy
;
13217 new_entry
->in_transition
= in_transition
;
13218 new_entry
->needs_wakeup
= FALSE
;
13219 new_entry
->inheritance
= inheritance
;
13220 new_entry
->protection
= cur_protection
;
13221 new_entry
->max_protection
= max_protection
;
13222 new_entry
->behavior
= behavior
;
13223 new_entry
->wired_count
= wired_count
;
13224 new_entry
->user_wired_count
= 0;
13227 * submap: "use_pmap" means "nested".
13230 new_entry
->use_pmap
= FALSE
;
13233 * object: "use_pmap" means "use pmap accounting" for footprint.
13236 new_entry
->use_pmap
= TRUE
;
13238 VME_ALIAS_SET(new_entry
, 0);
13239 new_entry
->zero_wired_pages
= FALSE
;
13240 new_entry
->no_cache
= no_cache
;
13241 new_entry
->permanent
= permanent
;
13242 if (superpage_size
)
13243 new_entry
->superpage_size
= TRUE
;
13245 new_entry
->superpage_size
= FALSE
;
13246 new_entry
->used_for_jit
= FALSE
;
13247 new_entry
->iokit_acct
= FALSE
;
13248 new_entry
->vme_resilient_codesign
= FALSE
;
13249 new_entry
->vme_resilient_media
= FALSE
;
13252 * Insert the new entry into the list.
13255 vm_map_store_entry_link(map
, insp_entry
, new_entry
);
13256 map
->size
+= end
- start
;
13259 * Update the free space hint and the lookup hint.
13262 SAVE_HINT_MAP_WRITE(map
, new_entry
);
13267 * Routine: vm_map_remap_extract
13269 * Descritpion: This routine returns a vm_entry list from a map.
13271 static kern_return_t
13272 vm_map_remap_extract(
13274 vm_map_offset_t addr
,
13275 vm_map_size_t size
,
13277 struct vm_map_header
*map_header
,
13278 vm_prot_t
*cur_protection
,
13279 vm_prot_t
*max_protection
,
13280 /* What, no behavior? */
13281 vm_inherit_t inheritance
,
13282 boolean_t pageable
)
13284 kern_return_t result
;
13285 vm_map_size_t mapped_size
;
13286 vm_map_size_t tmp_size
;
13287 vm_map_entry_t src_entry
; /* result of last map lookup */
13288 vm_map_entry_t new_entry
;
13289 vm_object_offset_t offset
;
13290 vm_map_offset_t map_address
;
13291 vm_map_offset_t src_start
; /* start of entry to map */
13292 vm_map_offset_t src_end
; /* end of region to be mapped */
13293 vm_object_t object
;
13294 vm_map_version_t version
;
13295 boolean_t src_needs_copy
;
13296 boolean_t new_entry_needs_copy
;
13298 assert(map
!= VM_MAP_NULL
);
13300 assert(size
== vm_map_round_page(size
, PAGE_MASK
));
13301 assert(inheritance
== VM_INHERIT_NONE
||
13302 inheritance
== VM_INHERIT_COPY
||
13303 inheritance
== VM_INHERIT_SHARE
);
13306 * Compute start and end of region.
13308 src_start
= vm_map_trunc_page(addr
, PAGE_MASK
);
13309 src_end
= vm_map_round_page(src_start
+ size
, PAGE_MASK
);
13313 * Initialize map_header.
13315 map_header
->links
.next
= (struct vm_map_entry
*)&map_header
->links
;
13316 map_header
->links
.prev
= (struct vm_map_entry
*)&map_header
->links
;
13317 map_header
->nentries
= 0;
13318 map_header
->entries_pageable
= pageable
;
13319 map_header
->page_shift
= PAGE_SHIFT
;
13321 vm_map_store_init( map_header
);
13323 *cur_protection
= VM_PROT_ALL
;
13324 *max_protection
= VM_PROT_ALL
;
13328 result
= KERN_SUCCESS
;
13331 * The specified source virtual space might correspond to
13332 * multiple map entries, need to loop on them.
13335 while (mapped_size
!= size
) {
13336 vm_map_size_t entry_size
;
13339 * Find the beginning of the region.
13341 if (! vm_map_lookup_entry(map
, src_start
, &src_entry
)) {
13342 result
= KERN_INVALID_ADDRESS
;
13346 if (src_start
< src_entry
->vme_start
||
13347 (mapped_size
&& src_start
!= src_entry
->vme_start
)) {
13348 result
= KERN_INVALID_ADDRESS
;
13352 tmp_size
= size
- mapped_size
;
13353 if (src_end
> src_entry
->vme_end
)
13354 tmp_size
-= (src_end
- src_entry
->vme_end
);
13356 entry_size
= (vm_map_size_t
)(src_entry
->vme_end
-
13357 src_entry
->vme_start
);
13359 if(src_entry
->is_sub_map
) {
13360 vm_map_reference(VME_SUBMAP(src_entry
));
13361 object
= VM_OBJECT_NULL
;
13363 object
= VME_OBJECT(src_entry
);
13364 if (src_entry
->iokit_acct
) {
13366 * This entry uses "IOKit accounting".
13368 } else if (object
!= VM_OBJECT_NULL
&&
13369 object
->purgable
!= VM_PURGABLE_DENY
) {
13371 * Purgeable objects have their own accounting:
13372 * no pmap accounting for them.
13374 assert(!src_entry
->use_pmap
);
13377 * Not IOKit or purgeable:
13378 * must be accounted by pmap stats.
13380 assert(src_entry
->use_pmap
);
13383 if (object
== VM_OBJECT_NULL
) {
13384 object
= vm_object_allocate(entry_size
);
13385 VME_OFFSET_SET(src_entry
, 0);
13386 VME_OBJECT_SET(src_entry
, object
);
13387 } else if (object
->copy_strategy
!=
13388 MEMORY_OBJECT_COPY_SYMMETRIC
) {
13390 * We are already using an asymmetric
13391 * copy, and therefore we already have
13392 * the right object.
13394 assert(!src_entry
->needs_copy
);
13395 } else if (src_entry
->needs_copy
|| object
->shadowed
||
13396 (object
->internal
&& !object
->true_share
&&
13397 !src_entry
->is_shared
&&
13398 object
->vo_size
> entry_size
)) {
13400 VME_OBJECT_SHADOW(src_entry
, entry_size
);
13402 if (!src_entry
->needs_copy
&&
13403 (src_entry
->protection
& VM_PROT_WRITE
)) {
13406 prot
= src_entry
->protection
& ~VM_PROT_WRITE
;
13408 if (override_nx(map
,
13409 VME_ALIAS(src_entry
))
13411 prot
|= VM_PROT_EXECUTE
;
13413 if(map
->mapped_in_other_pmaps
) {
13414 vm_object_pmap_protect(
13415 VME_OBJECT(src_entry
),
13416 VME_OFFSET(src_entry
),
13419 src_entry
->vme_start
,
13422 pmap_protect(vm_map_pmap(map
),
13423 src_entry
->vme_start
,
13424 src_entry
->vme_end
,
13429 object
= VME_OBJECT(src_entry
);
13430 src_entry
->needs_copy
= FALSE
;
13434 vm_object_lock(object
);
13435 vm_object_reference_locked(object
); /* object ref. for new entry */
13436 if (object
->copy_strategy
==
13437 MEMORY_OBJECT_COPY_SYMMETRIC
) {
13438 object
->copy_strategy
=
13439 MEMORY_OBJECT_COPY_DELAY
;
13441 vm_object_unlock(object
);
13444 offset
= (VME_OFFSET(src_entry
) +
13445 (src_start
- src_entry
->vme_start
));
13447 new_entry
= _vm_map_entry_create(map_header
, !map_header
->entries_pageable
);
13448 vm_map_entry_copy(new_entry
, src_entry
);
13449 if (new_entry
->is_sub_map
) {
13450 /* clr address space specifics */
13451 new_entry
->use_pmap
= FALSE
;
13454 new_entry
->map_aligned
= FALSE
;
13456 new_entry
->vme_start
= map_address
;
13457 new_entry
->vme_end
= map_address
+ tmp_size
;
13458 assert(new_entry
->vme_start
< new_entry
->vme_end
);
13459 new_entry
->inheritance
= inheritance
;
13460 VME_OFFSET_SET(new_entry
, offset
);
13463 * The new region has to be copied now if required.
13468 * Cannot allow an entry describing a JIT
13469 * region to be shared across address spaces.
13471 if (src_entry
->used_for_jit
== TRUE
) {
13472 result
= KERN_INVALID_ARGUMENT
;
13475 src_entry
->is_shared
= TRUE
;
13476 new_entry
->is_shared
= TRUE
;
13477 if (!(new_entry
->is_sub_map
))
13478 new_entry
->needs_copy
= FALSE
;
13480 } else if (src_entry
->is_sub_map
) {
13481 /* make this a COW sub_map if not already */
13482 assert(new_entry
->wired_count
== 0);
13483 new_entry
->needs_copy
= TRUE
;
13484 object
= VM_OBJECT_NULL
;
13485 } else if (src_entry
->wired_count
== 0 &&
13486 vm_object_copy_quickly(&VME_OBJECT(new_entry
),
13487 VME_OFFSET(new_entry
),
13488 (new_entry
->vme_end
-
13489 new_entry
->vme_start
),
13491 &new_entry_needs_copy
)) {
13493 new_entry
->needs_copy
= new_entry_needs_copy
;
13494 new_entry
->is_shared
= FALSE
;
13497 * Handle copy_on_write semantics.
13499 if (src_needs_copy
&& !src_entry
->needs_copy
) {
13502 prot
= src_entry
->protection
& ~VM_PROT_WRITE
;
13504 if (override_nx(map
,
13505 VME_ALIAS(src_entry
))
13507 prot
|= VM_PROT_EXECUTE
;
13509 vm_object_pmap_protect(object
,
13512 ((src_entry
->is_shared
13513 || map
->mapped_in_other_pmaps
) ?
13514 PMAP_NULL
: map
->pmap
),
13515 src_entry
->vme_start
,
13518 assert(src_entry
->wired_count
== 0);
13519 src_entry
->needs_copy
= TRUE
;
13522 * Throw away the old object reference of the new entry.
13524 vm_object_deallocate(object
);
13527 new_entry
->is_shared
= FALSE
;
13530 * The map can be safely unlocked since we
13531 * already hold a reference on the object.
13533 * Record the timestamp of the map for later
13534 * verification, and unlock the map.
13536 version
.main_timestamp
= map
->timestamp
;
13537 vm_map_unlock(map
); /* Increments timestamp once! */
13540 * Perform the copy.
13542 if (src_entry
->wired_count
> 0) {
13543 vm_object_lock(object
);
13544 result
= vm_object_copy_slowly(
13549 &VME_OBJECT(new_entry
));
13551 VME_OFFSET_SET(new_entry
, 0);
13552 new_entry
->needs_copy
= FALSE
;
13554 vm_object_offset_t new_offset
;
13556 new_offset
= VME_OFFSET(new_entry
);
13557 result
= vm_object_copy_strategically(
13561 &VME_OBJECT(new_entry
),
13563 &new_entry_needs_copy
);
13564 if (new_offset
!= VME_OFFSET(new_entry
)) {
13565 VME_OFFSET_SET(new_entry
, new_offset
);
13568 new_entry
->needs_copy
= new_entry_needs_copy
;
13572 * Throw away the old object reference of the new entry.
13574 vm_object_deallocate(object
);
13576 if (result
!= KERN_SUCCESS
&&
13577 result
!= KERN_MEMORY_RESTART_COPY
) {
13578 _vm_map_entry_dispose(map_header
, new_entry
);
13583 * Verify that the map has not substantially
13584 * changed while the copy was being made.
13588 if (version
.main_timestamp
+ 1 != map
->timestamp
) {
13590 * Simple version comparison failed.
13592 * Retry the lookup and verify that the
13593 * same object/offset are still present.
13595 vm_object_deallocate(VME_OBJECT(new_entry
));
13596 _vm_map_entry_dispose(map_header
, new_entry
);
13597 if (result
== KERN_MEMORY_RESTART_COPY
)
13598 result
= KERN_SUCCESS
;
13602 if (result
== KERN_MEMORY_RESTART_COPY
) {
13603 vm_object_reference(object
);
13608 _vm_map_store_entry_link(map_header
,
13609 map_header
->links
.prev
, new_entry
);
13611 /*Protections for submap mapping are irrelevant here*/
13612 if( !src_entry
->is_sub_map
) {
13613 *cur_protection
&= src_entry
->protection
;
13614 *max_protection
&= src_entry
->max_protection
;
13616 map_address
+= tmp_size
;
13617 mapped_size
+= tmp_size
;
13618 src_start
+= tmp_size
;
13622 vm_map_unlock(map
);
13623 if (result
!= KERN_SUCCESS
) {
13625 * Free all allocated elements.
13627 for (src_entry
= map_header
->links
.next
;
13628 src_entry
!= (struct vm_map_entry
*)&map_header
->links
;
13629 src_entry
= new_entry
) {
13630 new_entry
= src_entry
->vme_next
;
13631 _vm_map_store_entry_unlink(map_header
, src_entry
);
13632 if (src_entry
->is_sub_map
) {
13633 vm_map_deallocate(VME_SUBMAP(src_entry
));
13635 vm_object_deallocate(VME_OBJECT(src_entry
));
13637 _vm_map_entry_dispose(map_header
, src_entry
);
13644 * Routine: vm_remap
13646 * Map portion of a task's address space.
13647 * Mapped region must not overlap more than
13648 * one vm memory object. Protections and
13649 * inheritance attributes remain the same
13650 * as in the original task and are out parameters.
13651 * Source and Target task can be identical
13652 * Other attributes are identical as for vm_map()
13656 vm_map_t target_map
,
13657 vm_map_address_t
*address
,
13658 vm_map_size_t size
,
13659 vm_map_offset_t mask
,
13662 vm_map_offset_t memory_address
,
13664 vm_prot_t
*cur_protection
,
13665 vm_prot_t
*max_protection
,
13666 vm_inherit_t inheritance
)
13668 kern_return_t result
;
13669 vm_map_entry_t entry
;
13670 vm_map_entry_t insp_entry
= VM_MAP_ENTRY_NULL
;
13671 vm_map_entry_t new_entry
;
13672 struct vm_map_header map_header
;
13673 vm_map_offset_t offset_in_mapping
;
13675 if (target_map
== VM_MAP_NULL
)
13676 return KERN_INVALID_ARGUMENT
;
13678 switch (inheritance
) {
13679 case VM_INHERIT_NONE
:
13680 case VM_INHERIT_COPY
:
13681 case VM_INHERIT_SHARE
:
13682 if (size
!= 0 && src_map
!= VM_MAP_NULL
)
13686 return KERN_INVALID_ARGUMENT
;
13690 * If the user is requesting that we return the address of the
13691 * first byte of the data (rather than the base of the page),
13692 * then we use different rounding semantics: specifically,
13693 * we assume that (memory_address, size) describes a region
13694 * all of whose pages we must cover, rather than a base to be truncated
13695 * down and a size to be added to that base. So we figure out
13696 * the highest page that the requested region includes and make
13697 * sure that the size will cover it.
13699 * The key example we're worried about it is of the form:
13701 * memory_address = 0x1ff0, size = 0x20
13703 * With the old semantics, we round down the memory_address to 0x1000
13704 * and round up the size to 0x1000, resulting in our covering *only*
13705 * page 0x1000. With the new semantics, we'd realize that the region covers
13706 * 0x1ff0-0x2010, and compute a size of 0x2000. Thus, we cover both page
13707 * 0x1000 and page 0x2000 in the region we remap.
13709 if ((flags
& VM_FLAGS_RETURN_DATA_ADDR
) != 0) {
13710 offset_in_mapping
= memory_address
- vm_map_trunc_page(memory_address
, PAGE_MASK
);
13711 size
= vm_map_round_page(memory_address
+ size
- vm_map_trunc_page(memory_address
, PAGE_MASK
), PAGE_MASK
);
13713 size
= vm_map_round_page(size
, PAGE_MASK
);
13716 result
= vm_map_remap_extract(src_map
, memory_address
,
13717 size
, copy
, &map_header
,
13721 target_map
->hdr
.entries_pageable
);
13723 if (result
!= KERN_SUCCESS
) {
13728 * Allocate/check a range of free virtual address
13729 * space for the target
13731 *address
= vm_map_trunc_page(*address
,
13732 VM_MAP_PAGE_MASK(target_map
));
13733 vm_map_lock(target_map
);
13734 result
= vm_map_remap_range_allocate(target_map
, address
, size
,
13735 mask
, flags
, &insp_entry
);
13737 for (entry
= map_header
.links
.next
;
13738 entry
!= (struct vm_map_entry
*)&map_header
.links
;
13739 entry
= new_entry
) {
13740 new_entry
= entry
->vme_next
;
13741 _vm_map_store_entry_unlink(&map_header
, entry
);
13742 if (result
== KERN_SUCCESS
) {
13743 if (flags
& VM_FLAGS_RESILIENT_CODESIGN
) {
13744 /* no codesigning -> read-only access */
13745 assert(!entry
->used_for_jit
);
13746 entry
->max_protection
= VM_PROT_READ
;
13747 entry
->protection
= VM_PROT_READ
;
13748 entry
->vme_resilient_codesign
= TRUE
;
13750 entry
->vme_start
+= *address
;
13751 entry
->vme_end
+= *address
;
13752 assert(!entry
->map_aligned
);
13753 vm_map_store_entry_link(target_map
, insp_entry
, entry
);
13754 insp_entry
= entry
;
13756 if (!entry
->is_sub_map
) {
13757 vm_object_deallocate(VME_OBJECT(entry
));
13759 vm_map_deallocate(VME_SUBMAP(entry
));
13761 _vm_map_entry_dispose(&map_header
, entry
);
13765 if (flags
& VM_FLAGS_RESILIENT_CODESIGN
) {
13766 *cur_protection
= VM_PROT_READ
;
13767 *max_protection
= VM_PROT_READ
;
13770 if( target_map
->disable_vmentry_reuse
== TRUE
) {
13771 if( target_map
->highest_entry_end
< insp_entry
->vme_end
){
13772 target_map
->highest_entry_end
= insp_entry
->vme_end
;
13776 if (result
== KERN_SUCCESS
) {
13777 target_map
->size
+= size
;
13778 SAVE_HINT_MAP_WRITE(target_map
, insp_entry
);
13780 vm_map_unlock(target_map
);
13782 if (result
== KERN_SUCCESS
&& target_map
->wiring_required
)
13783 result
= vm_map_wire(target_map
, *address
,
13784 *address
+ size
, *cur_protection
| VM_PROT_MEMORY_TAG_MAKE(VM_KERN_MEMORY_MLOCK
),
13788 * If requested, return the address of the data pointed to by the
13789 * request, rather than the base of the resulting page.
13791 if ((flags
& VM_FLAGS_RETURN_DATA_ADDR
) != 0) {
13792 *address
+= offset_in_mapping
;
13799 * Routine: vm_map_remap_range_allocate
13802 * Allocate a range in the specified virtual address map.
13803 * returns the address and the map entry just before the allocated
13806 * Map must be locked.
13809 static kern_return_t
13810 vm_map_remap_range_allocate(
13812 vm_map_address_t
*address
, /* IN/OUT */
13813 vm_map_size_t size
,
13814 vm_map_offset_t mask
,
13816 vm_map_entry_t
*map_entry
) /* OUT */
13818 vm_map_entry_t entry
;
13819 vm_map_offset_t start
;
13820 vm_map_offset_t end
;
13822 vm_map_entry_t hole_entry
;
13828 if (flags
& VM_FLAGS_ANYWHERE
)
13831 * Calculate the first possible address.
13834 if (start
< map
->min_offset
)
13835 start
= map
->min_offset
;
13836 if (start
> map
->max_offset
)
13837 return(KERN_NO_SPACE
);
13840 * Look for the first possible address;
13841 * if there's already something at this
13842 * address, we have to start after it.
13845 if( map
->disable_vmentry_reuse
== TRUE
) {
13846 VM_MAP_HIGHEST_ENTRY(map
, entry
, start
);
13849 if (map
->holelistenabled
) {
13850 hole_entry
= (vm_map_entry_t
)map
->holes_list
;
13852 if (hole_entry
== NULL
) {
13854 * No more space in the map?
13856 return(KERN_NO_SPACE
);
13859 boolean_t found_hole
= FALSE
;
13862 if (hole_entry
->vme_start
>= start
) {
13863 start
= hole_entry
->vme_start
;
13868 if (hole_entry
->vme_end
> start
) {
13872 hole_entry
= hole_entry
->vme_next
;
13874 } while (hole_entry
!= (vm_map_entry_t
) map
->holes_list
);
13876 if (found_hole
== FALSE
) {
13877 return (KERN_NO_SPACE
);
13880 entry
= hole_entry
;
13883 assert(first_free_is_valid(map
));
13884 if (start
== map
->min_offset
) {
13885 if ((entry
= map
->first_free
) != vm_map_to_entry(map
))
13886 start
= entry
->vme_end
;
13888 vm_map_entry_t tmp_entry
;
13889 if (vm_map_lookup_entry(map
, start
, &tmp_entry
))
13890 start
= tmp_entry
->vme_end
;
13894 start
= vm_map_round_page(start
,
13895 VM_MAP_PAGE_MASK(map
));
13899 * In any case, the "entry" always precedes
13900 * the proposed new region throughout the
13905 register vm_map_entry_t next
;
13908 * Find the end of the proposed new region.
13909 * Be sure we didn't go beyond the end, or
13910 * wrap around the address.
13913 end
= ((start
+ mask
) & ~mask
);
13914 end
= vm_map_round_page(end
,
13915 VM_MAP_PAGE_MASK(map
));
13917 return(KERN_NO_SPACE
);
13921 if ((end
> map
->max_offset
) || (end
< start
)) {
13922 if (map
->wait_for_space
) {
13923 if (size
<= (map
->max_offset
-
13924 map
->min_offset
)) {
13925 assert_wait((event_t
) map
, THREAD_INTERRUPTIBLE
);
13926 vm_map_unlock(map
);
13927 thread_block(THREAD_CONTINUE_NULL
);
13933 return(KERN_NO_SPACE
);
13936 next
= entry
->vme_next
;
13938 if (map
->holelistenabled
) {
13939 if (entry
->vme_end
>= end
)
13943 * If there are no more entries, we must win.
13947 * If there is another entry, it must be
13948 * after the end of the potential new region.
13951 if (next
== vm_map_to_entry(map
))
13954 if (next
->vme_start
>= end
)
13959 * Didn't fit -- move to the next entry.
13964 if (map
->holelistenabled
) {
13965 if (entry
== (vm_map_entry_t
) map
->holes_list
) {
13969 return(KERN_NO_SPACE
);
13971 start
= entry
->vme_start
;
13973 start
= entry
->vme_end
;
13977 if (map
->holelistenabled
) {
13979 if (vm_map_lookup_entry(map
, entry
->vme_start
, &entry
)) {
13980 panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry
, (unsigned long long)entry
->vme_start
);
13987 vm_map_entry_t temp_entry
;
13991 * the address doesn't itself violate
13992 * the mask requirement.
13995 if ((start
& mask
) != 0)
13996 return(KERN_NO_SPACE
);
14000 * ... the address is within bounds
14003 end
= start
+ size
;
14005 if ((start
< map
->min_offset
) ||
14006 (end
> map
->max_offset
) ||
14008 return(KERN_INVALID_ADDRESS
);
14012 * If we're asked to overwrite whatever was mapped in that
14013 * range, first deallocate that range.
14015 if (flags
& VM_FLAGS_OVERWRITE
) {
14019 * We use a "zap_map" to avoid having to unlock
14020 * the "map" in vm_map_delete(), which would compromise
14021 * the atomicity of the "deallocate" and then "remap"
14024 zap_map
= vm_map_create(PMAP_NULL
,
14027 map
->hdr
.entries_pageable
);
14028 if (zap_map
== VM_MAP_NULL
) {
14029 return KERN_RESOURCE_SHORTAGE
;
14031 vm_map_set_page_shift(zap_map
, VM_MAP_PAGE_SHIFT(map
));
14032 vm_map_disable_hole_optimization(zap_map
);
14034 kr
= vm_map_delete(map
, start
, end
,
14035 (VM_MAP_REMOVE_SAVE_ENTRIES
|
14036 VM_MAP_REMOVE_NO_MAP_ALIGN
),
14038 if (kr
== KERN_SUCCESS
) {
14039 vm_map_destroy(zap_map
,
14040 VM_MAP_REMOVE_NO_PMAP_CLEANUP
);
14041 zap_map
= VM_MAP_NULL
;
14046 * ... the starting address isn't allocated
14049 if (vm_map_lookup_entry(map
, start
, &temp_entry
))
14050 return(KERN_NO_SPACE
);
14052 entry
= temp_entry
;
14055 * ... the next region doesn't overlap the
14059 if ((entry
->vme_next
!= vm_map_to_entry(map
)) &&
14060 (entry
->vme_next
->vme_start
< end
))
14061 return(KERN_NO_SPACE
);
14063 *map_entry
= entry
;
14064 return(KERN_SUCCESS
);
14070 * Set the address map for the current thread to the specified map
14078 thread_t thread
= current_thread();
14079 vm_map_t oldmap
= thread
->map
;
14081 mp_disable_preemption();
14082 mycpu
= cpu_number();
14085 * Deactivate the current map and activate the requested map
14087 PMAP_SWITCH_USER(thread
, map
, mycpu
);
14089 mp_enable_preemption();
14095 * Routine: vm_map_write_user
14098 * Copy out data from a kernel space into space in the
14099 * destination map. The space must already exist in the
14101 * NOTE: This routine should only be called by threads
14102 * which can block on a page fault. i.e. kernel mode user
14110 vm_map_address_t dst_addr
,
14113 kern_return_t kr
= KERN_SUCCESS
;
14115 if(current_map() == map
) {
14116 if (copyout(src_p
, dst_addr
, size
)) {
14117 kr
= KERN_INVALID_ADDRESS
;
14122 /* take on the identity of the target map while doing */
14125 vm_map_reference(map
);
14126 oldmap
= vm_map_switch(map
);
14127 if (copyout(src_p
, dst_addr
, size
)) {
14128 kr
= KERN_INVALID_ADDRESS
;
14130 vm_map_switch(oldmap
);
14131 vm_map_deallocate(map
);
14137 * Routine: vm_map_read_user
14140 * Copy in data from a user space source map into the
14141 * kernel map. The space must already exist in the
14143 * NOTE: This routine should only be called by threads
14144 * which can block on a page fault. i.e. kernel mode user
14151 vm_map_address_t src_addr
,
14155 kern_return_t kr
= KERN_SUCCESS
;
14157 if(current_map() == map
) {
14158 if (copyin(src_addr
, dst_p
, size
)) {
14159 kr
= KERN_INVALID_ADDRESS
;
14164 /* take on the identity of the target map while doing */
14167 vm_map_reference(map
);
14168 oldmap
= vm_map_switch(map
);
14169 if (copyin(src_addr
, dst_p
, size
)) {
14170 kr
= KERN_INVALID_ADDRESS
;
14172 vm_map_switch(oldmap
);
14173 vm_map_deallocate(map
);
14180 * vm_map_check_protection:
14182 * Assert that the target map allows the specified
14183 * privilege on the entire address region given.
14184 * The entire region must be allocated.
14187 vm_map_check_protection(vm_map_t map
, vm_map_offset_t start
,
14188 vm_map_offset_t end
, vm_prot_t protection
)
14190 vm_map_entry_t entry
;
14191 vm_map_entry_t tmp_entry
;
14195 if (start
< vm_map_min(map
) || end
> vm_map_max(map
) || start
> end
)
14197 vm_map_unlock(map
);
14201 if (!vm_map_lookup_entry(map
, start
, &tmp_entry
)) {
14202 vm_map_unlock(map
);
14208 while (start
< end
) {
14209 if (entry
== vm_map_to_entry(map
)) {
14210 vm_map_unlock(map
);
14215 * No holes allowed!
14218 if (start
< entry
->vme_start
) {
14219 vm_map_unlock(map
);
14224 * Check protection associated with entry.
14227 if ((entry
->protection
& protection
) != protection
) {
14228 vm_map_unlock(map
);
14232 /* go to next entry */
14234 start
= entry
->vme_end
;
14235 entry
= entry
->vme_next
;
14237 vm_map_unlock(map
);
14242 vm_map_purgable_control(
14244 vm_map_offset_t address
,
14245 vm_purgable_t control
,
14248 vm_map_entry_t entry
;
14249 vm_object_t object
;
14251 boolean_t was_nonvolatile
;
14254 * Vet all the input parameters and current type and state of the
14255 * underlaying object. Return with an error if anything is amiss.
14257 if (map
== VM_MAP_NULL
)
14258 return(KERN_INVALID_ARGUMENT
);
14260 if (control
!= VM_PURGABLE_SET_STATE
&&
14261 control
!= VM_PURGABLE_GET_STATE
&&
14262 control
!= VM_PURGABLE_PURGE_ALL
)
14263 return(KERN_INVALID_ARGUMENT
);
14265 if (control
== VM_PURGABLE_PURGE_ALL
) {
14266 vm_purgeable_object_purge_all();
14267 return KERN_SUCCESS
;
14270 if (control
== VM_PURGABLE_SET_STATE
&&
14271 (((*state
& ~(VM_PURGABLE_ALL_MASKS
)) != 0) ||
14272 ((*state
& VM_PURGABLE_STATE_MASK
) > VM_PURGABLE_STATE_MASK
)))
14273 return(KERN_INVALID_ARGUMENT
);
14275 vm_map_lock_read(map
);
14277 if (!vm_map_lookup_entry(map
, address
, &entry
) || entry
->is_sub_map
) {
14280 * Must pass a valid non-submap address.
14282 vm_map_unlock_read(map
);
14283 return(KERN_INVALID_ADDRESS
);
14286 if ((entry
->protection
& VM_PROT_WRITE
) == 0) {
14288 * Can't apply purgable controls to something you can't write.
14290 vm_map_unlock_read(map
);
14291 return(KERN_PROTECTION_FAILURE
);
14294 object
= VME_OBJECT(entry
);
14295 if (object
== VM_OBJECT_NULL
||
14296 object
->purgable
== VM_PURGABLE_DENY
) {
14298 * Object must already be present and be purgeable.
14300 vm_map_unlock_read(map
);
14301 return KERN_INVALID_ARGUMENT
;
14304 vm_object_lock(object
);
14307 if (VME_OFFSET(entry
) != 0 ||
14308 entry
->vme_end
- entry
->vme_start
!= object
->vo_size
) {
14310 * Can only apply purgable controls to the whole (existing)
14313 vm_map_unlock_read(map
);
14314 vm_object_unlock(object
);
14315 return KERN_INVALID_ARGUMENT
;
14319 assert(!entry
->is_sub_map
);
14320 assert(!entry
->use_pmap
); /* purgeable has its own accounting */
14322 vm_map_unlock_read(map
);
14324 was_nonvolatile
= (object
->purgable
== VM_PURGABLE_NONVOLATILE
);
14326 kr
= vm_object_purgable_control(object
, control
, state
);
14328 if (was_nonvolatile
&&
14329 object
->purgable
!= VM_PURGABLE_NONVOLATILE
&&
14330 map
->pmap
== kernel_pmap
) {
14332 object
->vo_purgeable_volatilizer
= kernel_task
;
14336 vm_object_unlock(object
);
14342 vm_map_page_query_internal(
14343 vm_map_t target_map
,
14344 vm_map_offset_t offset
,
14349 vm_page_info_basic_data_t info
;
14350 mach_msg_type_number_t count
;
14352 count
= VM_PAGE_INFO_BASIC_COUNT
;
14353 kr
= vm_map_page_info(target_map
,
14355 VM_PAGE_INFO_BASIC
,
14356 (vm_page_info_t
) &info
,
14358 if (kr
== KERN_SUCCESS
) {
14359 *disposition
= info
.disposition
;
14360 *ref_count
= info
.ref_count
;
14372 vm_map_offset_t offset
,
14373 vm_page_info_flavor_t flavor
,
14374 vm_page_info_t info
,
14375 mach_msg_type_number_t
*count
)
14377 vm_map_entry_t map_entry
;
14378 vm_object_t object
;
14381 kern_return_t retval
= KERN_SUCCESS
;
14382 boolean_t top_object
;
14385 vm_page_info_basic_t basic_info
;
14387 vm_map_offset_t offset_in_page
;
14390 case VM_PAGE_INFO_BASIC
:
14391 if (*count
!= VM_PAGE_INFO_BASIC_COUNT
) {
14393 * The "vm_page_info_basic_data" structure was not
14394 * properly padded, so allow the size to be off by
14395 * one to maintain backwards binary compatibility...
14397 if (*count
!= VM_PAGE_INFO_BASIC_COUNT
- 1)
14398 return KERN_INVALID_ARGUMENT
;
14402 return KERN_INVALID_ARGUMENT
;
14410 retval
= KERN_SUCCESS
;
14411 offset_in_page
= offset
& PAGE_MASK
;
14412 offset
= vm_map_trunc_page(offset
, PAGE_MASK
);
14414 vm_map_lock_read(map
);
14417 * First, find the map entry covering "offset", going down
14418 * submaps if necessary.
14421 if (!vm_map_lookup_entry(map
, offset
, &map_entry
)) {
14422 vm_map_unlock_read(map
);
14423 return KERN_INVALID_ADDRESS
;
14425 /* compute offset from this map entry's start */
14426 offset
-= map_entry
->vme_start
;
14427 /* compute offset into this map entry's object (or submap) */
14428 offset
+= VME_OFFSET(map_entry
);
14430 if (map_entry
->is_sub_map
) {
14433 sub_map
= VME_SUBMAP(map_entry
);
14434 vm_map_lock_read(sub_map
);
14435 vm_map_unlock_read(map
);
14439 ref_count
= MAX(ref_count
, map
->ref_count
);
14445 object
= VME_OBJECT(map_entry
);
14446 if (object
== VM_OBJECT_NULL
) {
14447 /* no object -> no page */
14448 vm_map_unlock_read(map
);
14452 vm_object_lock(object
);
14453 vm_map_unlock_read(map
);
14456 * Go down the VM object shadow chain until we find the page
14457 * we're looking for.
14460 ref_count
= MAX(ref_count
, object
->ref_count
);
14462 m
= vm_page_lookup(object
, offset
);
14464 if (m
!= VM_PAGE_NULL
) {
14465 disposition
|= VM_PAGE_QUERY_PAGE_PRESENT
;
14469 if (object
->existence_map
) {
14470 if (vm_external_state_get(object
->existence_map
,
14472 VM_EXTERNAL_STATE_EXISTS
) {
14474 * this page has been paged out
14476 disposition
|= VM_PAGE_QUERY_PAGE_PAGED_OUT
;
14481 if (object
->internal
&&
14483 !object
->terminating
&&
14484 object
->pager_ready
) {
14486 if (COMPRESSED_PAGER_IS_ACTIVE
|| DEFAULT_FREEZER_COMPRESSED_PAGER_IS_ACTIVE
) {
14487 if (VM_COMPRESSOR_PAGER_STATE_GET(
14490 == VM_EXTERNAL_STATE_EXISTS
) {
14491 /* the pager has that page */
14492 disposition
|= VM_PAGE_QUERY_PAGE_PAGED_OUT
;
14496 memory_object_t pager
;
14498 vm_object_paging_begin(object
);
14499 pager
= object
->pager
;
14500 vm_object_unlock(object
);
14503 * Ask the default pager if
14504 * it has this page.
14506 kr
= memory_object_data_request(
14508 offset
+ object
->paging_offset
,
14509 0, /* just poke the pager */
14513 vm_object_lock(object
);
14514 vm_object_paging_end(object
);
14516 if (kr
== KERN_SUCCESS
) {
14517 /* the default pager has it */
14518 disposition
|= VM_PAGE_QUERY_PAGE_PAGED_OUT
;
14524 if (object
->shadow
!= VM_OBJECT_NULL
) {
14525 vm_object_t shadow
;
14527 offset
+= object
->vo_shadow_offset
;
14528 shadow
= object
->shadow
;
14530 vm_object_lock(shadow
);
14531 vm_object_unlock(object
);
14534 top_object
= FALSE
;
14537 // if (!object->internal)
14539 // retval = KERN_FAILURE;
14540 // goto done_with_object;
14545 /* The ref_count is not strictly accurate, it measures the number */
14546 /* of entities holding a ref on the object, they may not be mapping */
14547 /* the object or may not be mapping the section holding the */
14548 /* target page but its still a ball park number and though an over- */
14549 /* count, it picks up the copy-on-write cases */
14551 /* We could also get a picture of page sharing from pmap_attributes */
14552 /* but this would under count as only faulted-in mappings would */
14555 if (top_object
== TRUE
&& object
->shadow
)
14556 disposition
|= VM_PAGE_QUERY_PAGE_COPIED
;
14558 if (! object
->internal
)
14559 disposition
|= VM_PAGE_QUERY_PAGE_EXTERNAL
;
14561 if (m
== VM_PAGE_NULL
)
14562 goto done_with_object
;
14564 if (m
->fictitious
) {
14565 disposition
|= VM_PAGE_QUERY_PAGE_FICTITIOUS
;
14566 goto done_with_object
;
14568 if (m
->dirty
|| pmap_is_modified(m
->phys_page
))
14569 disposition
|= VM_PAGE_QUERY_PAGE_DIRTY
;
14571 if (m
->reference
|| pmap_is_referenced(m
->phys_page
))
14572 disposition
|= VM_PAGE_QUERY_PAGE_REF
;
14574 if (m
->speculative
)
14575 disposition
|= VM_PAGE_QUERY_PAGE_SPECULATIVE
;
14577 if (m
->cs_validated
)
14578 disposition
|= VM_PAGE_QUERY_PAGE_CS_VALIDATED
;
14580 disposition
|= VM_PAGE_QUERY_PAGE_CS_TAINTED
;
14582 disposition
|= VM_PAGE_QUERY_PAGE_CS_NX
;
14585 vm_object_unlock(object
);
14589 case VM_PAGE_INFO_BASIC
:
14590 basic_info
= (vm_page_info_basic_t
) info
;
14591 basic_info
->disposition
= disposition
;
14592 basic_info
->ref_count
= ref_count
;
14593 basic_info
->object_id
= (vm_object_id_t
) (uintptr_t)
14594 VM_KERNEL_ADDRPERM(object
);
14595 basic_info
->offset
=
14596 (memory_object_offset_t
) offset
+ offset_in_page
;
14597 basic_info
->depth
= depth
;
14607 * Synchronises the memory range specified with its backing store
14608 * image by either flushing or cleaning the contents to the appropriate
14609 * memory manager engaging in a memory object synchronize dialog with
14610 * the manager. The client doesn't return until the manager issues
14611 * m_o_s_completed message. MIG Magically converts user task parameter
14612 * to the task's address map.
14614 * interpretation of sync_flags
14615 * VM_SYNC_INVALIDATE - discard pages, only return precious
14616 * pages to manager.
14618 * VM_SYNC_INVALIDATE & (VM_SYNC_SYNCHRONOUS | VM_SYNC_ASYNCHRONOUS)
14619 * - discard pages, write dirty or precious
14620 * pages back to memory manager.
14622 * VM_SYNC_SYNCHRONOUS | VM_SYNC_ASYNCHRONOUS
14623 * - write dirty or precious pages back to
14624 * the memory manager.
14626 * VM_SYNC_CONTIGUOUS - does everything normally, but if there
14627 * is a hole in the region, and we would
14628 * have returned KERN_SUCCESS, return
14629 * KERN_INVALID_ADDRESS instead.
14632 * The memory object attributes have not yet been implemented, this
14633 * function will have to deal with the invalidate attribute
14636 * KERN_INVALID_TASK Bad task parameter
14637 * KERN_INVALID_ARGUMENT both sync and async were specified.
14638 * KERN_SUCCESS The usual.
14639 * KERN_INVALID_ADDRESS There was a hole in the region.
14645 vm_map_address_t address
,
14646 vm_map_size_t size
,
14647 vm_sync_t sync_flags
)
14650 msync_req_t new_msr
;
14651 queue_chain_t req_q
; /* queue of requests for this msync */
14652 vm_map_entry_t entry
;
14653 vm_map_size_t amount_left
;
14654 vm_object_offset_t offset
;
14655 boolean_t do_sync_req
;
14656 boolean_t had_hole
= FALSE
;
14657 memory_object_t pager
;
14658 vm_map_offset_t pmap_offset
;
14660 if ((sync_flags
& VM_SYNC_ASYNCHRONOUS
) &&
14661 (sync_flags
& VM_SYNC_SYNCHRONOUS
))
14662 return(KERN_INVALID_ARGUMENT
);
14665 * align address and size on page boundaries
14667 size
= (vm_map_round_page(address
+ size
,
14668 VM_MAP_PAGE_MASK(map
)) -
14669 vm_map_trunc_page(address
,
14670 VM_MAP_PAGE_MASK(map
)));
14671 address
= vm_map_trunc_page(address
,
14672 VM_MAP_PAGE_MASK(map
));
14674 if (map
== VM_MAP_NULL
)
14675 return(KERN_INVALID_TASK
);
14678 return(KERN_SUCCESS
);
14680 queue_init(&req_q
);
14681 amount_left
= size
;
14683 while (amount_left
> 0) {
14684 vm_object_size_t flush_size
;
14685 vm_object_t object
;
14688 if (!vm_map_lookup_entry(map
,
14692 vm_map_size_t skip
;
14695 * hole in the address map.
14700 * Check for empty map.
14702 if (entry
== vm_map_to_entry(map
) &&
14703 entry
->vme_next
== entry
) {
14704 vm_map_unlock(map
);
14708 * Check that we don't wrap and that
14709 * we have at least one real map entry.
14711 if ((map
->hdr
.nentries
== 0) ||
14712 (entry
->vme_next
->vme_start
< address
)) {
14713 vm_map_unlock(map
);
14717 * Move up to the next entry if needed
14719 skip
= (entry
->vme_next
->vme_start
- address
);
14720 if (skip
>= amount_left
)
14723 amount_left
-= skip
;
14724 address
= entry
->vme_next
->vme_start
;
14725 vm_map_unlock(map
);
14729 offset
= address
- entry
->vme_start
;
14730 pmap_offset
= address
;
14733 * do we have more to flush than is contained in this
14736 if (amount_left
+ entry
->vme_start
+ offset
> entry
->vme_end
) {
14737 flush_size
= entry
->vme_end
-
14738 (entry
->vme_start
+ offset
);
14740 flush_size
= amount_left
;
14742 amount_left
-= flush_size
;
14743 address
+= flush_size
;
14745 if (entry
->is_sub_map
== TRUE
) {
14746 vm_map_t local_map
;
14747 vm_map_offset_t local_offset
;
14749 local_map
= VME_SUBMAP(entry
);
14750 local_offset
= VME_OFFSET(entry
);
14751 vm_map_unlock(map
);
14756 sync_flags
) == KERN_INVALID_ADDRESS
) {
14761 object
= VME_OBJECT(entry
);
14764 * We can't sync this object if the object has not been
14767 if (object
== VM_OBJECT_NULL
) {
14768 vm_map_unlock(map
);
14771 offset
+= VME_OFFSET(entry
);
14773 vm_object_lock(object
);
14775 if (sync_flags
& (VM_SYNC_KILLPAGES
| VM_SYNC_DEACTIVATE
)) {
14776 int kill_pages
= 0;
14777 boolean_t reusable_pages
= FALSE
;
14779 if (sync_flags
& VM_SYNC_KILLPAGES
) {
14780 if (object
->ref_count
== 1 && !object
->shadow
)
14785 if (kill_pages
!= -1)
14786 vm_object_deactivate_pages(
14789 (vm_object_size_t
) flush_size
,
14794 vm_object_unlock(object
);
14795 vm_map_unlock(map
);
14799 * We can't sync this object if there isn't a pager.
14800 * Don't bother to sync internal objects, since there can't
14801 * be any "permanent" storage for these objects anyway.
14803 if ((object
->pager
== MEMORY_OBJECT_NULL
) ||
14804 (object
->internal
) || (object
->private)) {
14805 vm_object_unlock(object
);
14806 vm_map_unlock(map
);
14810 * keep reference on the object until syncing is done
14812 vm_object_reference_locked(object
);
14813 vm_object_unlock(object
);
14815 vm_map_unlock(map
);
14817 do_sync_req
= vm_object_sync(object
,
14820 sync_flags
& VM_SYNC_INVALIDATE
,
14821 ((sync_flags
& VM_SYNC_SYNCHRONOUS
) ||
14822 (sync_flags
& VM_SYNC_ASYNCHRONOUS
)),
14823 sync_flags
& VM_SYNC_SYNCHRONOUS
);
14825 * only send a m_o_s if we returned pages or if the entry
14826 * is writable (ie dirty pages may have already been sent back)
14828 if (!do_sync_req
) {
14829 if ((sync_flags
& VM_SYNC_INVALIDATE
) && object
->resident_page_count
== 0) {
14831 * clear out the clustering and read-ahead hints
14833 vm_object_lock(object
);
14835 object
->pages_created
= 0;
14836 object
->pages_used
= 0;
14837 object
->sequential
= 0;
14838 object
->last_alloc
= 0;
14840 vm_object_unlock(object
);
14842 vm_object_deallocate(object
);
14845 msync_req_alloc(new_msr
);
14847 vm_object_lock(object
);
14848 offset
+= object
->paging_offset
;
14850 new_msr
->offset
= offset
;
14851 new_msr
->length
= flush_size
;
14852 new_msr
->object
= object
;
14853 new_msr
->flag
= VM_MSYNC_SYNCHRONIZING
;
14857 * We can't sync this object if there isn't a pager. The
14858 * pager can disappear anytime we're not holding the object
14859 * lock. So this has to be checked anytime we goto re_iterate.
14862 pager
= object
->pager
;
14864 if (pager
== MEMORY_OBJECT_NULL
) {
14865 vm_object_unlock(object
);
14866 vm_object_deallocate(object
);
14867 msync_req_free(new_msr
);
14872 queue_iterate(&object
->msr_q
, msr
, msync_req_t
, msr_q
) {
14874 * need to check for overlapping entry, if found, wait
14875 * on overlapping msr to be done, then reiterate
14878 if (msr
->flag
== VM_MSYNC_SYNCHRONIZING
&&
14879 ((offset
>= msr
->offset
&&
14880 offset
< (msr
->offset
+ msr
->length
)) ||
14881 (msr
->offset
>= offset
&&
14882 msr
->offset
< (offset
+ flush_size
))))
14884 assert_wait((event_t
) msr
,THREAD_INTERRUPTIBLE
);
14886 vm_object_unlock(object
);
14887 thread_block(THREAD_CONTINUE_NULL
);
14888 vm_object_lock(object
);
14892 }/* queue_iterate */
14894 queue_enter(&object
->msr_q
, new_msr
, msync_req_t
, msr_q
);
14896 vm_object_paging_begin(object
);
14897 vm_object_unlock(object
);
14899 queue_enter(&req_q
, new_msr
, msync_req_t
, req_q
);
14901 (void) memory_object_synchronize(
14905 sync_flags
& ~VM_SYNC_CONTIGUOUS
);
14907 vm_object_lock(object
);
14908 vm_object_paging_end(object
);
14909 vm_object_unlock(object
);
14913 * wait for memory_object_sychronize_completed messages from pager(s)
14916 while (!queue_empty(&req_q
)) {
14917 msr
= (msync_req_t
)queue_first(&req_q
);
14919 while(msr
->flag
!= VM_MSYNC_DONE
) {
14920 assert_wait((event_t
) msr
, THREAD_INTERRUPTIBLE
);
14922 thread_block(THREAD_CONTINUE_NULL
);
14925 queue_remove(&req_q
, msr
, msync_req_t
, req_q
);
14927 vm_object_deallocate(msr
->object
);
14928 msync_req_free(msr
);
14929 }/* queue_iterate */
14931 /* for proper msync() behaviour */
14932 if (had_hole
== TRUE
&& (sync_flags
& VM_SYNC_CONTIGUOUS
))
14933 return(KERN_INVALID_ADDRESS
);
14935 return(KERN_SUCCESS
);
14939 * Routine: convert_port_entry_to_map
14941 * Convert from a port specifying an entry or a task
14942 * to a map. Doesn't consume the port ref; produces a map ref,
14943 * which may be null. Unlike convert_port_to_map, the
14944 * port may be task or a named entry backed.
14951 convert_port_entry_to_map(
14955 vm_named_entry_t named_entry
;
14956 uint32_t try_failed_count
= 0;
14958 if(IP_VALID(port
) && (ip_kotype(port
) == IKOT_NAMED_ENTRY
)) {
14961 if(ip_active(port
) && (ip_kotype(port
)
14962 == IKOT_NAMED_ENTRY
)) {
14964 (vm_named_entry_t
)port
->ip_kobject
;
14965 if (!(lck_mtx_try_lock(&(named_entry
)->Lock
))) {
14968 try_failed_count
++;
14969 mutex_pause(try_failed_count
);
14972 named_entry
->ref_count
++;
14973 lck_mtx_unlock(&(named_entry
)->Lock
);
14975 if ((named_entry
->is_sub_map
) &&
14976 (named_entry
->protection
14977 & VM_PROT_WRITE
)) {
14978 map
= named_entry
->backing
.map
;
14980 mach_destroy_memory_entry(port
);
14981 return VM_MAP_NULL
;
14983 vm_map_reference_swap(map
);
14984 mach_destroy_memory_entry(port
);
14988 return VM_MAP_NULL
;
14992 map
= convert_port_to_map(port
);
14998 * Routine: convert_port_entry_to_object
15000 * Convert from a port specifying a named entry to an
15001 * object. Doesn't consume the port ref; produces a map ref,
15002 * which may be null.
15009 convert_port_entry_to_object(
15012 vm_object_t object
= VM_OBJECT_NULL
;
15013 vm_named_entry_t named_entry
;
15014 uint32_t try_failed_count
= 0;
15016 if (IP_VALID(port
) &&
15017 (ip_kotype(port
) == IKOT_NAMED_ENTRY
)) {
15020 if (ip_active(port
) &&
15021 (ip_kotype(port
) == IKOT_NAMED_ENTRY
)) {
15022 named_entry
= (vm_named_entry_t
)port
->ip_kobject
;
15023 if (!(lck_mtx_try_lock(&(named_entry
)->Lock
))) {
15025 try_failed_count
++;
15026 mutex_pause(try_failed_count
);
15029 named_entry
->ref_count
++;
15030 lck_mtx_unlock(&(named_entry
)->Lock
);
15032 if (!(named_entry
->is_sub_map
) &&
15033 !(named_entry
->is_pager
) &&
15034 !(named_entry
->is_copy
) &&
15035 (named_entry
->protection
& VM_PROT_WRITE
)) {
15036 object
= named_entry
->backing
.object
;
15037 vm_object_reference(object
);
15039 mach_destroy_memory_entry(port
);
15047 * Export routines to other components for the things we access locally through
15054 return (current_map_fast());
15058 * vm_map_reference:
15060 * Most code internal to the osfmk will go through a
15061 * macro defining this. This is always here for the
15062 * use of other kernel components.
15064 #undef vm_map_reference
15067 register vm_map_t map
)
15069 if (map
== VM_MAP_NULL
)
15072 lck_mtx_lock(&map
->s_lock
);
15074 assert(map
->res_count
> 0);
15075 assert(map
->ref_count
>= map
->res_count
);
15079 lck_mtx_unlock(&map
->s_lock
);
15083 * vm_map_deallocate:
15085 * Removes a reference from the specified map,
15086 * destroying it if no references remain.
15087 * The map should not be locked.
15091 register vm_map_t map
)
15095 if (map
== VM_MAP_NULL
)
15098 lck_mtx_lock(&map
->s_lock
);
15099 ref
= --map
->ref_count
;
15101 vm_map_res_deallocate(map
);
15102 lck_mtx_unlock(&map
->s_lock
);
15105 assert(map
->ref_count
== 0);
15106 lck_mtx_unlock(&map
->s_lock
);
15110 * The map residence count isn't decremented here because
15111 * the vm_map_delete below will traverse the entire map,
15112 * deleting entries, and the residence counts on objects
15113 * and sharing maps will go away then.
15117 vm_map_destroy(map
, VM_MAP_NO_FLAGS
);
15122 vm_map_disable_NX(vm_map_t map
)
15126 if (map
->pmap
== NULL
)
15129 pmap_disable_NX(map
->pmap
);
15133 vm_map_disallow_data_exec(vm_map_t map
)
15138 map
->map_disallow_data_exec
= TRUE
;
15141 /* XXX Consider making these constants (VM_MAX_ADDRESS and MACH_VM_MAX_ADDRESS)
15142 * more descriptive.
15145 vm_map_set_32bit(vm_map_t map
)
15147 map
->max_offset
= (vm_map_offset_t
)VM_MAX_ADDRESS
;
15152 vm_map_set_64bit(vm_map_t map
)
15154 map
->max_offset
= (vm_map_offset_t
)MACH_VM_MAX_ADDRESS
;
15158 vm_compute_max_offset(boolean_t is64
)
15160 return (is64
? (vm_map_offset_t
)MACH_VM_MAX_ADDRESS
: (vm_map_offset_t
)VM_MAX_ADDRESS
);
15164 vm_map_get_max_aslr_slide_pages(vm_map_t map
)
15166 return (1 << (vm_map_is_64bit(map
) ? 16 : 8));
15173 return map
->max_offset
> ((vm_map_offset_t
)VM_MAX_ADDRESS
);
15177 vm_map_has_hard_pagezero(
15179 vm_map_offset_t pagezero_size
)
15183 * We should lock the VM map (for read) here but we can get away
15184 * with it for now because there can't really be any race condition:
15185 * the VM map's min_offset is changed only when the VM map is created
15186 * and when the zero page is established (when the binary gets loaded),
15187 * and this routine gets called only when the task terminates and the
15188 * VM map is being torn down, and when a new map is created via
15189 * load_machfile()/execve().
15191 return (map
->min_offset
>= pagezero_size
);
15195 * Raise a VM map's maximun offset.
15198 vm_map_raise_max_offset(
15200 vm_map_offset_t new_max_offset
)
15205 ret
= KERN_INVALID_ADDRESS
;
15207 if (new_max_offset
>= map
->max_offset
) {
15208 if (!vm_map_is_64bit(map
)) {
15209 if (new_max_offset
<= (vm_map_offset_t
)VM_MAX_ADDRESS
) {
15210 map
->max_offset
= new_max_offset
;
15211 ret
= KERN_SUCCESS
;
15214 if (new_max_offset
<= (vm_map_offset_t
)MACH_VM_MAX_ADDRESS
) {
15215 map
->max_offset
= new_max_offset
;
15216 ret
= KERN_SUCCESS
;
15221 vm_map_unlock(map
);
15227 * Raise a VM map's minimum offset.
15228 * To strictly enforce "page zero" reservation.
15231 vm_map_raise_min_offset(
15233 vm_map_offset_t new_min_offset
)
15235 vm_map_entry_t first_entry
;
15237 new_min_offset
= vm_map_round_page(new_min_offset
,
15238 VM_MAP_PAGE_MASK(map
));
15242 if (new_min_offset
< map
->min_offset
) {
15244 * Can't move min_offset backwards, as that would expose
15245 * a part of the address space that was previously, and for
15246 * possibly good reasons, inaccessible.
15248 vm_map_unlock(map
);
15249 return KERN_INVALID_ADDRESS
;
15251 if (new_min_offset
>= map
->max_offset
) {
15252 /* can't go beyond the end of the address space */
15253 vm_map_unlock(map
);
15254 return KERN_INVALID_ADDRESS
;
15257 first_entry
= vm_map_first_entry(map
);
15258 if (first_entry
!= vm_map_to_entry(map
) &&
15259 first_entry
->vme_start
< new_min_offset
) {
15261 * Some memory was already allocated below the new
15262 * minimun offset. It's too late to change it now...
15264 vm_map_unlock(map
);
15265 return KERN_NO_SPACE
;
15268 map
->min_offset
= new_min_offset
;
15270 assert(map
->holes_list
);
15271 map
->holes_list
->start
= new_min_offset
;
15272 assert(new_min_offset
< map
->holes_list
->end
);
15274 vm_map_unlock(map
);
15276 return KERN_SUCCESS
;
15280 * Set the limit on the maximum amount of user wired memory allowed for this map.
15281 * This is basically a copy of the MEMLOCK rlimit value maintained by the BSD side of
15282 * the kernel. The limits are checked in the mach VM side, so we keep a copy so we
15283 * don't have to reach over to the BSD data structures.
15287 vm_map_set_user_wire_limit(vm_map_t map
,
15290 map
->user_wire_limit
= limit
;
15294 void vm_map_switch_protect(vm_map_t map
,
15298 map
->switch_protect
=val
;
15299 vm_map_unlock(map
);
15303 * IOKit has mapped a region into this map; adjust the pmap's ledgers appropriately.
15304 * phys_footprint is a composite limit consisting of iokit + physmem, so we need to
15305 * bump both counters.
15308 vm_map_iokit_mapped_region(vm_map_t map
, vm_size_t bytes
)
15310 pmap_t pmap
= vm_map_pmap(map
);
15312 ledger_credit(pmap
->ledger
, task_ledgers
.iokit_mapped
, bytes
);
15313 ledger_credit(pmap
->ledger
, task_ledgers
.phys_footprint
, bytes
);
15317 vm_map_iokit_unmapped_region(vm_map_t map
, vm_size_t bytes
)
15319 pmap_t pmap
= vm_map_pmap(map
);
15321 ledger_debit(pmap
->ledger
, task_ledgers
.iokit_mapped
, bytes
);
15322 ledger_debit(pmap
->ledger
, task_ledgers
.phys_footprint
, bytes
);
15325 /* Add (generate) code signature for memory range */
15326 #if CONFIG_DYNAMIC_CODE_SIGNING
15327 kern_return_t
vm_map_sign(vm_map_t map
,
15328 vm_map_offset_t start
,
15329 vm_map_offset_t end
)
15331 vm_map_entry_t entry
;
15333 vm_object_t object
;
15336 * Vet all the input parameters and current type and state of the
15337 * underlaying object. Return with an error if anything is amiss.
15339 if (map
== VM_MAP_NULL
)
15340 return(KERN_INVALID_ARGUMENT
);
15342 vm_map_lock_read(map
);
15344 if (!vm_map_lookup_entry(map
, start
, &entry
) || entry
->is_sub_map
) {
15346 * Must pass a valid non-submap address.
15348 vm_map_unlock_read(map
);
15349 return(KERN_INVALID_ADDRESS
);
15352 if((entry
->vme_start
> start
) || (entry
->vme_end
< end
)) {
15354 * Map entry doesn't cover the requested range. Not handling
15355 * this situation currently.
15357 vm_map_unlock_read(map
);
15358 return(KERN_INVALID_ARGUMENT
);
15361 object
= VME_OBJECT(entry
);
15362 if (object
== VM_OBJECT_NULL
) {
15364 * Object must already be present or we can't sign.
15366 vm_map_unlock_read(map
);
15367 return KERN_INVALID_ARGUMENT
;
15370 vm_object_lock(object
);
15371 vm_map_unlock_read(map
);
15373 while(start
< end
) {
15376 m
= vm_page_lookup(object
,
15377 start
- entry
->vme_start
+ VME_OFFSET(entry
));
15378 if (m
==VM_PAGE_NULL
) {
15379 /* shoud we try to fault a page here? we can probably
15380 * demand it exists and is locked for this request */
15381 vm_object_unlock(object
);
15382 return KERN_FAILURE
;
15384 /* deal with special page status */
15386 (m
->unusual
&& (m
->error
|| m
->restart
|| m
->private || m
->absent
))) {
15387 vm_object_unlock(object
);
15388 return KERN_FAILURE
;
15391 /* Page is OK... now "validate" it */
15392 /* This is the place where we'll call out to create a code
15393 * directory, later */
15394 m
->cs_validated
= TRUE
;
15396 /* The page is now "clean" for codesigning purposes. That means
15397 * we don't consider it as modified (wpmapped) anymore. But
15398 * we'll disconnect the page so we note any future modification
15400 m
->wpmapped
= FALSE
;
15401 refmod
= pmap_disconnect(m
->phys_page
);
15403 /* Pull the dirty status from the pmap, since we cleared the
15405 if ((refmod
& VM_MEM_MODIFIED
) && !m
->dirty
) {
15406 SET_PAGE_DIRTY(m
, FALSE
);
15409 /* On to the next page */
15410 start
+= PAGE_SIZE
;
15412 vm_object_unlock(object
);
15414 return KERN_SUCCESS
;
15418 kern_return_t
vm_map_partial_reap(vm_map_t map
, unsigned int *reclaimed_resident
, unsigned int *reclaimed_compressed
)
15420 vm_map_entry_t entry
= VM_MAP_ENTRY_NULL
;
15421 vm_map_entry_t next_entry
;
15422 kern_return_t kr
= KERN_SUCCESS
;
15428 * We use a "zap_map" to avoid having to unlock
15429 * the "map" in vm_map_delete().
15431 zap_map
= vm_map_create(PMAP_NULL
,
15434 map
->hdr
.entries_pageable
);
15436 if (zap_map
== VM_MAP_NULL
) {
15437 return KERN_RESOURCE_SHORTAGE
;
15440 vm_map_set_page_shift(zap_map
,
15441 VM_MAP_PAGE_SHIFT(map
));
15442 vm_map_disable_hole_optimization(zap_map
);
15444 for (entry
= vm_map_first_entry(map
);
15445 entry
!= vm_map_to_entry(map
);
15446 entry
= next_entry
) {
15447 next_entry
= entry
->vme_next
;
15449 if (VME_OBJECT(entry
) &&
15450 !entry
->is_sub_map
&&
15451 (VME_OBJECT(entry
)->internal
== TRUE
) &&
15452 (VME_OBJECT(entry
)->ref_count
== 1)) {
15454 *reclaimed_resident
+= VME_OBJECT(entry
)->resident_page_count
;
15455 *reclaimed_compressed
+= vm_compressor_pager_get_count(VME_OBJECT(entry
)->pager
);
15457 (void)vm_map_delete(map
,
15460 VM_MAP_REMOVE_SAVE_ENTRIES
,
15465 vm_map_unlock(map
);
15468 * Get rid of the "zap_maps" and all the map entries that
15469 * they may still contain.
15471 if (zap_map
!= VM_MAP_NULL
) {
15472 vm_map_destroy(zap_map
, VM_MAP_REMOVE_NO_PMAP_CLEANUP
);
15473 zap_map
= VM_MAP_NULL
;
15481 kern_return_t
vm_map_freeze_walk(
15483 unsigned int *purgeable_count
,
15484 unsigned int *wired_count
,
15485 unsigned int *clean_count
,
15486 unsigned int *dirty_count
,
15487 unsigned int dirty_budget
,
15488 boolean_t
*has_shared
)
15490 vm_map_entry_t entry
;
15492 vm_map_lock_read(map
);
15494 *purgeable_count
= *wired_count
= *clean_count
= *dirty_count
= 0;
15495 *has_shared
= FALSE
;
15497 for (entry
= vm_map_first_entry(map
);
15498 entry
!= vm_map_to_entry(map
);
15499 entry
= entry
->vme_next
) {
15500 unsigned int purgeable
, clean
, dirty
, wired
;
15503 if ((VME_OBJECT(entry
) == 0) ||
15504 (entry
->is_sub_map
) ||
15505 (VME_OBJECT(entry
)->phys_contiguous
)) {
15509 default_freezer_pack(&purgeable
, &wired
, &clean
, &dirty
, dirty_budget
, &shared
, VME_OBJECT(entry
), NULL
);
15511 *purgeable_count
+= purgeable
;
15512 *wired_count
+= wired
;
15513 *clean_count
+= clean
;
15514 *dirty_count
+= dirty
;
15517 *has_shared
= TRUE
;
15520 /* Adjust pageout budget and finish up if reached */
15521 if (dirty_budget
) {
15522 dirty_budget
-= dirty
;
15523 if (dirty_budget
== 0) {
15529 vm_map_unlock_read(map
);
15531 return KERN_SUCCESS
;
15534 int c_freezer_swapout_count
;
15535 int c_freezer_compression_count
= 0;
15536 AbsoluteTime c_freezer_last_yield_ts
= 0;
15538 kern_return_t
vm_map_freeze(
15540 unsigned int *purgeable_count
,
15541 unsigned int *wired_count
,
15542 unsigned int *clean_count
,
15543 unsigned int *dirty_count
,
15544 unsigned int dirty_budget
,
15545 boolean_t
*has_shared
)
15547 vm_map_entry_t entry2
= VM_MAP_ENTRY_NULL
;
15548 kern_return_t kr
= KERN_SUCCESS
;
15549 boolean_t default_freezer_active
= TRUE
;
15551 *purgeable_count
= *wired_count
= *clean_count
= *dirty_count
= 0;
15552 *has_shared
= FALSE
;
15555 * We need the exclusive lock here so that we can
15556 * block any page faults or lookups while we are
15557 * in the middle of freezing this vm map.
15561 if (COMPRESSED_PAGER_IS_ACTIVE
|| DEFAULT_FREEZER_COMPRESSED_PAGER_IS_ACTIVE
) {
15562 default_freezer_active
= FALSE
;
15564 if (vm_compressor_low_on_space() || vm_swap_low_on_space()) {
15565 kr
= KERN_NO_SPACE
;
15569 assert(default_freezer_active
== FALSE
);
15571 if (default_freezer_active
) {
15572 if (map
->default_freezer_handle
== NULL
) {
15573 map
->default_freezer_handle
= default_freezer_handle_allocate();
15576 if ((kr
= default_freezer_handle_init(map
->default_freezer_handle
)) != KERN_SUCCESS
) {
15578 * Can happen if default_freezer_handle passed in is NULL
15579 * Or, a table has already been allocated and associated
15580 * with this handle, i.e. the map is already frozen.
15585 c_freezer_compression_count
= 0;
15586 clock_get_uptime(&c_freezer_last_yield_ts
);
15588 for (entry2
= vm_map_first_entry(map
);
15589 entry2
!= vm_map_to_entry(map
);
15590 entry2
= entry2
->vme_next
) {
15592 vm_object_t src_object
= VME_OBJECT(entry2
);
15594 if (VME_OBJECT(entry2
) &&
15595 !entry2
->is_sub_map
&&
15596 !VME_OBJECT(entry2
)->phys_contiguous
) {
15597 /* If eligible, scan the entry, moving eligible pages over to our parent object */
15598 if (default_freezer_active
) {
15599 unsigned int purgeable
, clean
, dirty
, wired
;
15602 default_freezer_pack(&purgeable
, &wired
, &clean
, &dirty
, dirty_budget
, &shared
,
15603 src_object
, map
->default_freezer_handle
);
15605 *purgeable_count
+= purgeable
;
15606 *wired_count
+= wired
;
15607 *clean_count
+= clean
;
15608 *dirty_count
+= dirty
;
15610 /* Adjust pageout budget and finish up if reached */
15611 if (dirty_budget
) {
15612 dirty_budget
-= dirty
;
15613 if (dirty_budget
== 0) {
15619 *has_shared
= TRUE
;
15622 if (VME_OBJECT(entry2
)->internal
== TRUE
) {
15624 if (DEFAULT_FREEZER_COMPRESSED_PAGER_IS_SWAPBACKED
) {
15626 * Pages belonging to this object could be swapped to disk.
15627 * Make sure it's not a shared object because we could end
15628 * up just bringing it back in again.
15630 if (VME_OBJECT(entry2
)->ref_count
> 1) {
15634 vm_object_compressed_freezer_pageout(VME_OBJECT(entry2
));
15637 if (vm_compressor_low_on_space() || vm_swap_low_on_space()) {
15638 kr
= KERN_NO_SPACE
;
15645 if (default_freezer_active
) {
15646 /* Finally, throw out the pages to swap */
15647 default_freezer_pageout(map
->default_freezer_handle
);
15651 vm_map_unlock(map
);
15653 if (!default_freezer_active
) {
15654 vm_object_compressed_freezer_done();
15656 if (DEFAULT_FREEZER_COMPRESSED_PAGER_IS_SWAPBACKED
) {
15658 * reset the counter tracking the # of swapped c_segs
15659 * because we are now done with this freeze session and task.
15661 c_freezer_swapout_count
= 0;
15670 kern_return_t kr
= KERN_SUCCESS
;
15672 if (COMPRESSED_PAGER_IS_ACTIVE
|| DEFAULT_FREEZER_COMPRESSED_PAGER_IS_ACTIVE
) {
15674 * We will on-demand thaw in the presence of the compressed pager.
15681 if (map
->default_freezer_handle
== NULL
) {
15683 * This map is not in a frozen state.
15689 kr
= default_freezer_unpack(map
->default_freezer_handle
);
15691 vm_map_unlock(map
);
15698 * vm_map_entry_should_cow_for_true_share:
15700 * Determines if the map entry should be clipped and setup for copy-on-write
15701 * to avoid applying "true_share" to a large VM object when only a subset is
15704 * For now, we target only the map entries created for the Objective C
15705 * Garbage Collector, which initially have the following properties:
15706 * - alias == VM_MEMORY_MALLOC
15707 * - wired_count == 0
15709 * and a VM object with:
15711 * - copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC
15713 * - vo_size == ANON_CHUNK_SIZE
15715 * Only non-kernel map entries.
15718 vm_map_entry_should_cow_for_true_share(
15719 vm_map_entry_t entry
)
15721 vm_object_t object
;
15723 if (entry
->is_sub_map
) {
15724 /* entry does not point at a VM object */
15728 if (entry
->needs_copy
) {
15729 /* already set for copy_on_write: done! */
15733 if (VME_ALIAS(entry
) != VM_MEMORY_MALLOC
&&
15734 VME_ALIAS(entry
) != VM_MEMORY_MALLOC_SMALL
) {
15735 /* not a malloc heap or Obj-C Garbage Collector heap */
15739 if (entry
->wired_count
) {
15740 /* wired: can't change the map entry... */
15741 vm_counters
.should_cow_but_wired
++;
15745 object
= VME_OBJECT(entry
);
15747 if (object
== VM_OBJECT_NULL
) {
15748 /* no object yet... */
15752 if (!object
->internal
) {
15753 /* not an internal object */
15757 if (object
->copy_strategy
!= MEMORY_OBJECT_COPY_SYMMETRIC
) {
15758 /* not the default copy strategy */
15762 if (object
->true_share
) {
15763 /* already true_share: too late to avoid it */
15767 if (VME_ALIAS(entry
) == VM_MEMORY_MALLOC
&&
15768 object
->vo_size
!= ANON_CHUNK_SIZE
) {
15769 /* ... not an object created for the ObjC Garbage Collector */
15773 if (VME_ALIAS(entry
) == VM_MEMORY_MALLOC_SMALL
&&
15774 object
->vo_size
!= 2048 * 4096) {
15775 /* ... not a "MALLOC_SMALL" heap */
15780 * All the criteria match: we have a large object being targeted for "true_share".
15781 * To limit the adverse side-effects linked with "true_share", tell the caller to
15782 * try and avoid setting up the entire object for "true_share" by clipping the
15783 * targeted range and setting it up for copy-on-write.
15789 vm_map_round_page_mask(
15790 vm_map_offset_t offset
,
15791 vm_map_offset_t mask
)
15793 return VM_MAP_ROUND_PAGE(offset
, mask
);
15797 vm_map_trunc_page_mask(
15798 vm_map_offset_t offset
,
15799 vm_map_offset_t mask
)
15801 return VM_MAP_TRUNC_PAGE(offset
, mask
);
15805 vm_map_page_aligned(
15806 vm_map_offset_t offset
,
15807 vm_map_offset_t mask
)
15809 return ((offset
) & mask
) == 0;
15816 return VM_MAP_PAGE_SHIFT(map
);
15823 return VM_MAP_PAGE_SIZE(map
);
15830 return VM_MAP_PAGE_MASK(map
);
15834 vm_map_set_page_shift(
15838 if (map
->hdr
.nentries
!= 0) {
15839 /* too late to change page size */
15840 return KERN_FAILURE
;
15843 map
->hdr
.page_shift
= pageshift
;
15845 return KERN_SUCCESS
;
15852 int num_object_purged
;
15853 vm_map_entry_t entry
;
15854 vm_map_offset_t next_address
;
15855 vm_object_t object
;
15859 num_object_purged
= 0;
15861 vm_map_lock_read(map
);
15862 entry
= vm_map_first_entry(map
);
15863 while (entry
!= vm_map_to_entry(map
)) {
15864 if (entry
->is_sub_map
) {
15867 if (! (entry
->protection
& VM_PROT_WRITE
)) {
15870 object
= VME_OBJECT(entry
);
15871 if (object
== VM_OBJECT_NULL
) {
15874 if (object
->purgable
!= VM_PURGABLE_VOLATILE
) {
15878 vm_object_lock(object
);
15880 if (VME_OFFSET(entry
) != 0 ||
15881 (entry
->vme_end
- entry
->vme_start
) != object
->vo_size
) {
15882 vm_object_unlock(object
);
15886 next_address
= entry
->vme_end
;
15887 vm_map_unlock_read(map
);
15888 state
= VM_PURGABLE_EMPTY
;
15889 kr
= vm_object_purgable_control(object
,
15890 VM_PURGABLE_SET_STATE
,
15892 if (kr
== KERN_SUCCESS
) {
15893 num_object_purged
++;
15895 vm_object_unlock(object
);
15897 vm_map_lock_read(map
);
15898 if (vm_map_lookup_entry(map
, next_address
, &entry
)) {
15902 entry
= entry
->vme_next
;
15904 vm_map_unlock_read(map
);
15906 return num_object_purged
;
15910 vm_map_query_volatile(
15912 mach_vm_size_t
*volatile_virtual_size_p
,
15913 mach_vm_size_t
*volatile_resident_size_p
,
15914 mach_vm_size_t
*volatile_compressed_size_p
,
15915 mach_vm_size_t
*volatile_pmap_size_p
,
15916 mach_vm_size_t
*volatile_compressed_pmap_size_p
)
15918 mach_vm_size_t volatile_virtual_size
;
15919 mach_vm_size_t volatile_resident_count
;
15920 mach_vm_size_t volatile_compressed_count
;
15921 mach_vm_size_t volatile_pmap_count
;
15922 mach_vm_size_t volatile_compressed_pmap_count
;
15923 mach_vm_size_t resident_count
;
15924 vm_map_entry_t entry
;
15925 vm_object_t object
;
15927 /* map should be locked by caller */
15929 volatile_virtual_size
= 0;
15930 volatile_resident_count
= 0;
15931 volatile_compressed_count
= 0;
15932 volatile_pmap_count
= 0;
15933 volatile_compressed_pmap_count
= 0;
15935 for (entry
= vm_map_first_entry(map
);
15936 entry
!= vm_map_to_entry(map
);
15937 entry
= entry
->vme_next
) {
15938 mach_vm_size_t pmap_resident_bytes
, pmap_compressed_bytes
;
15940 if (entry
->is_sub_map
) {
15943 if (! (entry
->protection
& VM_PROT_WRITE
)) {
15946 object
= VME_OBJECT(entry
);
15947 if (object
== VM_OBJECT_NULL
) {
15950 if (object
->purgable
!= VM_PURGABLE_VOLATILE
&&
15951 object
->purgable
!= VM_PURGABLE_EMPTY
) {
15954 if (VME_OFFSET(entry
)) {
15956 * If the map entry has been split and the object now
15957 * appears several times in the VM map, we don't want
15958 * to count the object's resident_page_count more than
15959 * once. We count it only for the first one, starting
15960 * at offset 0 and ignore the other VM map entries.
15964 resident_count
= object
->resident_page_count
;
15965 if ((VME_OFFSET(entry
) / PAGE_SIZE
) >= resident_count
) {
15966 resident_count
= 0;
15968 resident_count
-= (VME_OFFSET(entry
) / PAGE_SIZE
);
15971 volatile_virtual_size
+= entry
->vme_end
- entry
->vme_start
;
15972 volatile_resident_count
+= resident_count
;
15973 if (object
->pager
) {
15974 volatile_compressed_count
+=
15975 vm_compressor_pager_get_count(object
->pager
);
15977 pmap_compressed_bytes
= 0;
15978 pmap_resident_bytes
=
15979 pmap_query_resident(map
->pmap
,
15982 &pmap_compressed_bytes
);
15983 volatile_pmap_count
+= (pmap_resident_bytes
/ PAGE_SIZE
);
15984 volatile_compressed_pmap_count
+= (pmap_compressed_bytes
15988 /* map is still locked on return */
15990 *volatile_virtual_size_p
= volatile_virtual_size
;
15991 *volatile_resident_size_p
= volatile_resident_count
* PAGE_SIZE
;
15992 *volatile_compressed_size_p
= volatile_compressed_count
* PAGE_SIZE
;
15993 *volatile_pmap_size_p
= volatile_pmap_count
* PAGE_SIZE
;
15994 *volatile_compressed_pmap_size_p
= volatile_compressed_pmap_count
* PAGE_SIZE
;
15996 return KERN_SUCCESS
;
16000 vm_map_sizes(vm_map_t map
,
16001 vm_map_size_t
* psize
,
16002 vm_map_size_t
* pfree
,
16003 vm_map_size_t
* plargest_free
)
16005 vm_map_entry_t entry
;
16006 vm_map_offset_t prev
;
16007 vm_map_size_t free
, total_free
, largest_free
;
16010 total_free
= largest_free
= 0;
16012 vm_map_lock_read(map
);
16013 if (psize
) *psize
= map
->max_offset
- map
->min_offset
;
16015 prev
= map
->min_offset
;
16016 for (entry
= vm_map_first_entry(map
);; entry
= entry
->vme_next
)
16018 end
= (entry
== vm_map_to_entry(map
));
16020 if (end
) free
= entry
->vme_end
- prev
;
16021 else free
= entry
->vme_start
- prev
;
16023 total_free
+= free
;
16024 if (free
> largest_free
) largest_free
= free
;
16027 prev
= entry
->vme_end
;
16029 vm_map_unlock_read(map
);
16030 if (pfree
) *pfree
= total_free
;
16031 if (plargest_free
) *plargest_free
= largest_free
;
16034 #if VM_SCAN_FOR_SHADOW_CHAIN
16035 int vm_map_shadow_max(vm_map_t map
);
16036 int vm_map_shadow_max(
16039 int shadows
, shadows_max
;
16040 vm_map_entry_t entry
;
16041 vm_object_t object
, next_object
;
16048 vm_map_lock_read(map
);
16050 for (entry
= vm_map_first_entry(map
);
16051 entry
!= vm_map_to_entry(map
);
16052 entry
= entry
->vme_next
) {
16053 if (entry
->is_sub_map
) {
16056 object
= VME_OBJECT(entry
);
16057 if (object
== NULL
) {
16060 vm_object_lock_shared(object
);
16062 object
->shadow
!= NULL
;
16063 shadows
++, object
= next_object
) {
16064 next_object
= object
->shadow
;
16065 vm_object_lock_shared(next_object
);
16066 vm_object_unlock(object
);
16068 vm_object_unlock(object
);
16069 if (shadows
> shadows_max
) {
16070 shadows_max
= shadows
;
16074 vm_map_unlock_read(map
);
16076 return shadows_max
;
16078 #endif /* VM_SCAN_FOR_SHADOW_CHAIN */
projects / apple / xnu.git / blob