xnu-3789.51.2.tar.gz

[apple/xnu.git] / iokit / Kernel / IOMemoryDescriptor.cpp
diff --git a/iokit/Kernel/IOMemoryDescriptor.cpp b/iokit/Kernel/IOMemoryDescriptor.cpp

index 43321aac12c2367d21165fa7f50bbd9a230fa6fd..fa735f3e4be1b1bbc65bd055acb4958165c8b627 100644 (file)
--- a/iokit/Kernel/IOMemoryDescriptor.cpp
+++ b/iokit/Kernel/IOMemoryDescriptor.cpp
@@ -1,5 +1,5 @@
  /*
  /*
- * Copyright (c) 1998-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 1998-2016 Apple Inc. All rights reserved.
   *
   * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   * 
   *
   * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   * 
@@ -25,13 +25,8 @@
   * 
   * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   */
   * 
   * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   */
-/*
- * Copyright (c) 1998 Apple Computer, Inc.  All rights reserved. 
- *
- * HISTORY
- *
- */
-// 45678901234567890123456789012345678901234567890123456789012345678901234567890
+
+
  #include <sys/cdefs.h>
  
  #include <IOKit/assert.h>
  #include <sys/cdefs.h>
  
  #include <IOKit/assert.h>
@@ -39,19 +34,23 @@
  #include <IOKit/IOLib.h>
  #include <IOKit/IOMemoryDescriptor.h>
  #include <IOKit/IOMapper.h>
  #include <IOKit/IOLib.h>
  #include <IOKit/IOMemoryDescriptor.h>
  #include <IOKit/IOMapper.h>
+#include <IOKit/IODMACommand.h>
  #include <IOKit/IOKitKeysPrivate.h>
  
  #include <IOKit/IOKitKeysPrivate.h>
  
+#include <IOKit/IOSubMemoryDescriptor.h>
+#include <IOKit/IOMultiMemoryDescriptor.h>
+
  #include <IOKit/IOKitDebug.h>
  #include <libkern/OSDebug.h>
  
  #include "IOKitKernelInternal.h"
  #include <IOKit/IOKitDebug.h>
  #include <libkern/OSDebug.h>
  
  #include "IOKitKernelInternal.h"
-#include "IOCopyMapper.h"
  
  #include <libkern/c++/OSContainers.h>
  #include <libkern/c++/OSDictionary.h>
  #include <libkern/c++/OSArray.h>
  #include <libkern/c++/OSSymbol.h>
  #include <libkern/c++/OSNumber.h>
  
  #include <libkern/c++/OSContainers.h>
  #include <libkern/c++/OSDictionary.h>
  #include <libkern/c++/OSArray.h>
  #include <libkern/c++/OSSymbol.h>
  #include <libkern/c++/OSNumber.h>
+#include <os/overflow.h>
  
  #include <sys/uio.h>
  
  
  #include <sys/uio.h>
  
@@ -67,48 +66,18 @@ __BEGIN_DECLS
  #include <vm/vm_protos.h>
  
  extern ppnum_t pmap_find_phys(pmap_t pmap, addr64_t va);
  #include <vm/vm_protos.h>
  
  extern ppnum_t pmap_find_phys(pmap_t pmap, addr64_t va);
-void ipc_port_release_send(ipc_port_t port);
-
-/* Copy between a physical page and a virtual address in the given vm_map */
-kern_return_t copypv(addr64_t source, addr64_t sink, unsigned int size, int which);
-
-memory_object_t
-device_pager_setup(
-       memory_object_t pager,
-       int             device_handle,
-       vm_size_t       size,
-       int             flags);
-void
-device_pager_deallocate(
-        memory_object_t);
-kern_return_t
-device_pager_populate_object(
-       memory_object_t         pager,
-       vm_object_offset_t      offset,
-       ppnum_t                 phys_addr,
-       vm_size_t               size);
-kern_return_t
-memory_object_iopl_request(
-       ipc_port_t              port,
-       memory_object_offset_t  offset,
-       vm_size_t               *upl_size,
-       upl_t                   *upl_ptr,
-       upl_page_info_array_t   user_page_list,
-       unsigned int            *page_list_count,
-       int                     *flags);
+extern void ipc_port_release_send(ipc_port_t port);
  
  
+// osfmk/device/iokit_rpc.c
+unsigned int IODefaultCacheBits(addr64_t pa);
  unsigned int  IOTranslateCacheBits(struct phys_entry *pp);
  
  __END_DECLS
  
  unsigned int  IOTranslateCacheBits(struct phys_entry *pp);
  
  __END_DECLS
  
-#define kIOMaximumMappedIOByteCount    (512*1024*1024)
+#define kIOMapperWaitSystem    ((IOMapper *) 1)
  
  static IOMapper * gIOSystemMapper = NULL;
  
  
  static IOMapper * gIOSystemMapper = NULL;
  
-IOCopyMapper *   gIOCopyMapper = NULL;
-
-static ppnum_t   gIOMaximumMappedIOPageCount = atop_32(kIOMaximumMappedIOByteCount);
-
  ppnum_t                  gIOLastPage;
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  ppnum_t                  gIOLastPage;
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
@@ -135,68 +104,7 @@ static IORecursiveLock * gIOMemoryLock;
  #define DEBG(fmt, args...)     {}
  #endif
  
  #define DEBG(fmt, args...)     {}
  #endif
  
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-class _IOMemoryMap : public IOMemoryMap
-{
-    OSDeclareDefaultStructors(_IOMemoryMap)
-public:
-    IOMemoryDescriptor * fMemory;
-    IOMemoryMap *       fSuperMap;
-    mach_vm_size_t      fOffset;
-    mach_vm_address_t   fAddress;
-    mach_vm_size_t      fLength;
-    task_t              fAddressTask;
-    vm_map_t            fAddressMap;
-    IOOptionBits        fOptions;
-    upl_t               fRedirUPL;
-    ipc_port_t          fRedirEntry;
-    IOMemoryDescriptor * fOwner;
-
-protected:
-    virtual void taggedRelease(const void *tag = 0) const;
-    virtual void free();
-
-public:
-
-    // IOMemoryMap methods
-    virtual IOVirtualAddress   getVirtualAddress();
-    virtual IOByteCount        getLength();
-    virtual task_t             getAddressTask();
-    virtual mach_vm_address_t  getAddress();
-    virtual mach_vm_size_t     getSize();
-    virtual IOMemoryDescriptor * getMemoryDescriptor();
-    virtual IOOptionBits       getMapOptions();
-
-    virtual IOReturn           unmap();
-    virtual void               taskDied();
-
-    virtual IOReturn           redirect(IOMemoryDescriptor * newBackingMemory,
-                                        IOOptionBits         options,
-                                        IOByteCount          offset = 0);
-
-    virtual IOReturn           redirect(IOMemoryDescriptor * newBackingMemory,
-                                        IOOptionBits         options,
-                                        mach_vm_size_t       offset = 0);
-
-    virtual IOPhysicalAddress  getPhysicalSegment(IOByteCount offset,
-                                                  IOByteCount * length);
-
-    // for IOMemoryDescriptor use
-    _IOMemoryMap * copyCompatible( _IOMemoryMap * newMapping );
-
-    bool init(
-       task_t                  intoTask,
-       mach_vm_address_t       toAddress,
-       IOOptionBits            options,
-        mach_vm_size_t         offset,
-        mach_vm_size_t         length );
-
-    bool    setMemoryDescriptor(IOMemoryDescriptor * _memory, mach_vm_size_t _offset);
-
-    IOReturn redirect(
-       task_t                  intoTask, bool redirect );
-};
+#define IOMD_DEBUG_DMAACTIVE   1
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
@@ -208,68 +116,83 @@ enum ioPLBlockFlags {
      kIOPLExternUPL = 0x00000002,
  };
  
      kIOPLExternUPL = 0x00000002,
  };
  
-struct typePersMDData
+struct IOMDPersistentInitData
  {
  {
-    const IOGeneralMemoryDescriptor *fMD;
-    ipc_port_t fMemEntry;
+    const IOGeneralMemoryDescriptor * fMD;
+    IOMemoryReference               * fMemRef;
  };
  
  struct ioPLBlock {
      upl_t fIOPL;
  };
  
  struct ioPLBlock {
      upl_t fIOPL;
-    vm_address_t fIOMDOffset;  // The offset of this iopl in descriptor
-    vm_offset_t fPageInfo;     // Pointer to page list or index into it
-    ppnum_t fMappedBase;       // Page number of first page in this iopl
-    unsigned int fPageOffset;  // Offset within first page of iopl
-    unsigned int fFlags;       // Flags
+    vm_address_t fPageInfo;   // Pointer to page list or index into it
+    uint32_t fIOMDOffset;          // The offset of this iopl in descriptor
+    ppnum_t fMappedPage;           // Page number of first page in this iopl
+    unsigned int fPageOffset;      // Offset within first page of iopl
+    unsigned int fFlags;           // Flags
  };
  
  };
  
-struct ioGMDData {
-    IOMapper *fMapper;
-    unsigned int fPageCnt;
-    upl_page_info_t fPageList[];
-    ioPLBlock fBlocks[];
+enum { kMaxWireTags = 6 };
+
+struct ioGMDData
+{
+    IOMapper *  fMapper;
+    uint64_t    fDMAMapAlignment;
+    uint64_t    fMappedBase;
+    uint64_t    fMappedLength;
+    uint64_t    fPreparationID;
+#if IOTRACKING
+    IOTracking  fWireTracking;
+    struct vm_tag_set fWireTags;
+    struct vm_tag_set_entry fWireTagsEntries[kMaxWireTags];
+#endif /* IOTRACKING */
+    unsigned int      fPageCnt;
+    uint8_t          fDMAMapNumAddressBits;
+    vm_tag_t          fAllocTag;
+    unsigned char     fDiscontig:1;
+    unsigned char     fCompletionError:1;
+    unsigned char     _resv:6;
+
+    /* variable length arrays */
+    upl_page_info_t fPageList[1]
+#if __LP64__
+                                // align fPageList as for ioPLBlock
+                                __attribute__((aligned(sizeof(upl_t))))
+#endif
+    ;
+    ioPLBlock fBlocks[1];
  };
  
  #define getDataP(osd)  ((ioGMDData *) (osd)->getBytesNoCopy())
  };
  
  #define getDataP(osd)  ((ioGMDData *) (osd)->getBytesNoCopy())
-#define getIOPLList(d) ((ioPLBlock *) &(d->fPageList[d->fPageCnt]))
+#define getIOPLList(d) ((ioPLBlock *) (void *)&(d->fPageList[d->fPageCnt]))
  #define getNumIOPL(osd, d)     \
      (((osd)->getLength() - ((char *) getIOPLList(d) - (char *) d)) / sizeof(ioPLBlock))
  #define getPageList(d) (&(d->fPageList[0]))
  #define computeDataSize(p, u) \
  #define getNumIOPL(osd, d)     \
      (((osd)->getLength() - ((char *) getIOPLList(d) - (char *) d)) / sizeof(ioPLBlock))
  #define getPageList(d) (&(d->fPageList[0]))
  #define computeDataSize(p, u) \
-    (sizeof(ioGMDData) + p * sizeof(upl_page_info_t) + u * sizeof(ioPLBlock))
-
+    (offsetof(ioGMDData, fPageList) + p * sizeof(upl_page_info_t) + u * sizeof(ioPLBlock))
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
-#define next_page(a) ( trunc_page_32(a) + PAGE_SIZE )
-
+#define next_page(a) ( trunc_page(a) + PAGE_SIZE )
  
  extern "C" {
  
  kern_return_t device_data_action(
  
  extern "C" {
  
  kern_return_t device_data_action(
-               int                     device_handle, 
+               uintptr_t               device_handle, 
                 ipc_port_t              device_pager,
                 vm_prot_t               protection, 
                 vm_object_offset_t      offset, 
                 vm_size_t               size)
  {
                 ipc_port_t              device_pager,
                 vm_prot_t               protection, 
                 vm_object_offset_t      offset, 
                 vm_size_t               size)
  {
-    struct ExpansionData {
-        void *                         devicePager;
-        unsigned int                   pagerContig:1;
-        unsigned int                   unused:31;
-       IOMemoryDescriptor *            memory;
-    };
      kern_return_t       kr;
      kern_return_t       kr;
-    ExpansionData *      ref = (ExpansionData *) device_handle;
+    IOMemoryDescriptorReserved * ref = (IOMemoryDescriptorReserved *) device_handle;
      IOMemoryDescriptor * memDesc;
  
      LOCK;
      IOMemoryDescriptor * memDesc;
  
      LOCK;
-    memDesc = ref->memory;
+    memDesc = ref->dp.memory;
      if( memDesc)
      {
         memDesc->retain();
      if( memDesc)
      {
         memDesc->retain();
-       kr = memDesc->handleFault( device_pager, 0, 0,
-                offset, size, kIOMapDefaultCache /*?*/);
+       kr = memDesc->handleFault(device_pager, offset, size);
         memDesc->release();
      }
      else
         memDesc->release();
      }
      else
@@ -280,27 +203,23 @@ kern_return_t device_data_action(
  }
  
  kern_return_t device_close(
  }
  
  kern_return_t device_close(
-               int     device_handle)
+               uintptr_t     device_handle)
  {
  {
-    struct ExpansionData {
-        void *                         devicePager;
-        unsigned int                   pagerContig:1;
-        unsigned int                   unused:31;
-       IOMemoryDescriptor *            memory;
-    };
-    ExpansionData *   ref = (ExpansionData *) device_handle;
+    IOMemoryDescriptorReserved * ref = (IOMemoryDescriptorReserved *) device_handle;
  
  
-    IODelete( ref, ExpansionData, 1 );
+    IODelete( ref, IOMemoryDescriptorReserved, 1 );
  
      return( kIOReturnSuccess );
  }
  };     // end extern "C"
  
  
      return( kIOReturnSuccess );
  }
  };     // end extern "C"
  
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
  // Note this inline function uses C++ reference arguments to return values
  // This means that pointers are not passed and NULLs don't have to be
  // checked for as a NULL reference is illegal.
  static inline void
  // Note this inline function uses C++ reference arguments to return values
  // This means that pointers are not passed and NULLs don't have to be
  // checked for as a NULL reference is illegal.
  static inline void
-getAddrLenForInd(user_addr_t &addr, IOPhysicalLength &len, // Output variables
+getAddrLenForInd(mach_vm_address_t &addr, mach_vm_size_t &len, // Output variables
       UInt32 type, IOGeneralMemoryDescriptor::Ranges r, UInt32 ind)
  {
      assert(kIOMemoryTypeUIO       == type
       UInt32 type, IOGeneralMemoryDescriptor::Ranges r, UInt32 ind)
  {
      assert(kIOMemoryTypeUIO       == type
@@ -308,13 +227,16 @@ getAddrLenForInd(user_addr_t &addr, IOPhysicalLength &len, // Output variables
         || kIOMemoryTypePhysical  == type || kIOMemoryTypePhysical64 == type);
      if (kIOMemoryTypeUIO == type) {
         user_size_t us;
         || kIOMemoryTypePhysical  == type || kIOMemoryTypePhysical64 == type);
      if (kIOMemoryTypeUIO == type) {
         user_size_t us;
-       uio_getiov((uio_t) r.uio, ind, &addr, &us); len = us;
+       user_addr_t ad;
+       uio_getiov((uio_t) r.uio, ind, &ad, &us); addr = ad; len = us;
      }
      }
+#ifndef __LP64__
      else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type)) {
         IOAddressRange cur = r.v64[ind];
         addr = cur.address;
         len  = cur.length;
      }
      else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type)) {
         IOAddressRange cur = r.v64[ind];
         addr = cur.address;
         len  = cur.length;
      }
+#endif /* !__LP64__ */
      else {
         IOVirtualRange cur = r.v[ind];
         addr = cur.address;
      else {
         IOVirtualRange cur = r.v[ind];
         addr = cur.address;
@@ -324,303 +246,1029 @@ getAddrLenForInd(user_addr_t &addr, IOPhysicalLength &len, // Output variables
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
-/*
- * withAddress:
- *
- * Create a new IOMemoryDescriptor.  The buffer is a virtual address
- * relative to the specified task.  If no task is supplied, the kernel
- * task is implied.
- */
-IOMemoryDescriptor *
-IOMemoryDescriptor::withAddress(void *      address,
-                                IOByteCount   length,
-                                IODirection direction)
+static IOReturn 
+purgeableControlBits(IOOptionBits newState, vm_purgable_t * control, int * state)
  {
  {
-    return IOMemoryDescriptor::
-        withAddress((vm_address_t) address, length, direction, kernel_task);
-}
+    IOReturn err = kIOReturnSuccess;
  
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withAddress(vm_address_t address,
-                                IOByteCount  length,
-                                IODirection  direction,
-                                task_t       task)
-{
-#if TEST_V64
-    if (task)
-    {
-       IOOptionBits options = (IOOptionBits) direction;
-       if (task == kernel_task)
-           options |= kIOMemoryAutoPrepare;
-       return (IOMemoryDescriptor::withAddressRange(address, length, options, task));
-    }
-#endif
-    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
-    if (that)
+    *control = VM_PURGABLE_SET_STATE;
+
+    enum { kIOMemoryPurgeableControlMask = 15 };
+
+    switch (kIOMemoryPurgeableControlMask & newState)
      {
      {
-       if (that->initWithAddress(address, length, direction, task))
-           return that;
+       case kIOMemoryPurgeableKeepCurrent:
+           *control = VM_PURGABLE_GET_STATE;
+           break;
  
  
-        that->release();
+       case kIOMemoryPurgeableNonVolatile:
+           *state = VM_PURGABLE_NONVOLATILE;
+           break;
+       case kIOMemoryPurgeableVolatile:
+           *state = VM_PURGABLE_VOLATILE | (newState & ~kIOMemoryPurgeableControlMask);
+           break;
+       case kIOMemoryPurgeableEmpty:
+           *state = VM_PURGABLE_EMPTY | (newState & ~kIOMemoryPurgeableControlMask);
+           break;
+       default:
+           err = kIOReturnBadArgument;
+           break;
      }
      }
-    return 0;
+    return (err);
  }
  
  }
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withPhysicalAddress(
-                               IOPhysicalAddress       address,
-                               IOByteCount             length,
-                               IODirection             direction )
+static IOReturn 
+purgeableStateBits(int * state)
  {
  {
-#if TEST_P64
-    return (IOMemoryDescriptor::withAddressRange(address, length, (IOOptionBits) direction, NULL));
-#endif
-    IOGeneralMemoryDescriptor *self = new IOGeneralMemoryDescriptor;
-    if (self
-    && !self->initWithPhysicalAddress(address, length, direction)) {
-        self->release();
-        return 0;
-    }
+    IOReturn err = kIOReturnSuccess;
  
  
-    return self;
+    switch (VM_PURGABLE_STATE_MASK & *state)
+    {
+       case VM_PURGABLE_NONVOLATILE:
+           *state = kIOMemoryPurgeableNonVolatile;
+           break;
+       case VM_PURGABLE_VOLATILE:
+           *state = kIOMemoryPurgeableVolatile;
+           break;
+       case VM_PURGABLE_EMPTY:
+           *state = kIOMemoryPurgeableEmpty;
+           break;
+       default:
+           *state = kIOMemoryPurgeableNonVolatile;
+           err = kIOReturnNotReady;
+           break;
+    }
+    return (err);
  }
  
  }
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withRanges(        IOVirtualRange * ranges,
-                               UInt32           withCount,
-                               IODirection      direction,
-                               task_t           task,
-                               bool             asReference)
+
+static vm_prot_t 
+vmProtForCacheMode(IOOptionBits cacheMode)
  {
  {
-    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
-    if (that)
+    vm_prot_t prot = 0;
+    switch (cacheMode)
      {
      {
-       if (that->initWithRanges(ranges, withCount, direction, task, asReference))
-           return that;
+       case kIOInhibitCache:
+           SET_MAP_MEM(MAP_MEM_IO, prot);
+           break;
  
  
-        that->release();
+       case kIOWriteThruCache:
+           SET_MAP_MEM(MAP_MEM_WTHRU, prot);
+           break;
+
+       case kIOWriteCombineCache:
+           SET_MAP_MEM(MAP_MEM_WCOMB, prot);
+           break;
+
+       case kIOCopybackCache:
+           SET_MAP_MEM(MAP_MEM_COPYBACK, prot);
+           break;
+
+       case kIOCopybackInnerCache:
+           SET_MAP_MEM(MAP_MEM_INNERWBACK, prot);
+           break;
+
+       case kIODefaultCache:
+       default:
+           SET_MAP_MEM(MAP_MEM_NOOP, prot);
+           break;
      }
      }
-    return 0;
-}
  
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withAddressRange(mach_vm_address_t address,
-                                       mach_vm_size_t length,
-                                       IOOptionBits   options,
-                                       task_t         task)
-{
-    IOAddressRange range = { address, length };
-    return (IOMemoryDescriptor::withAddressRanges(&range, 1, options, task));
+    return (prot);
  }
  
  }
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withAddressRanges(IOAddressRange *   ranges,
-                                       UInt32           rangeCount,
-                                       IOOptionBits     options,
-                                       task_t           task)
+static unsigned int
+pagerFlagsForCacheMode(IOOptionBits cacheMode)
  {
  {
-    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
-    if (that)
+    unsigned int pagerFlags = 0;
+    switch (cacheMode)
      {
      {
-       if (task)
-           options |= kIOMemoryTypeVirtual64;
-       else
-           options |= kIOMemoryTypePhysical64;
+       case kIOInhibitCache:
+           pagerFlags = DEVICE_PAGER_CACHE_INHIB |  DEVICE_PAGER_COHERENT | DEVICE_PAGER_GUARDED;
+           break;
  
  
-       if (that->initWithOptions(ranges, rangeCount, 0, task, options, /* mapper */ 0))
-           return that;
+       case kIOWriteThruCache:
+           pagerFlags = DEVICE_PAGER_WRITE_THROUGH | DEVICE_PAGER_COHERENT | DEVICE_PAGER_GUARDED;
+           break;
  
  
-       that->release();
-    }
+       case kIOWriteCombineCache:
+           pagerFlags = DEVICE_PAGER_CACHE_INHIB | DEVICE_PAGER_COHERENT;
+           break;
  
  
-    return 0;
+       case kIOCopybackCache:
+           pagerFlags = DEVICE_PAGER_COHERENT;
+           break;
+
+       case kIOCopybackInnerCache:
+           pagerFlags = DEVICE_PAGER_COHERENT;
+           break;
+
+       case kIODefaultCache:
+       default:
+           pagerFlags = -1U;
+           break;
+    }
+    return (pagerFlags);
  }
  
  }
  
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
-/*
- * withRanges:
- *
- * Create a new IOMemoryDescriptor. The buffer is made up of several
- * virtual address ranges, from a given task.
- *
- * Passing the ranges as a reference will avoid an extra allocation.
- */
-IOMemoryDescriptor *
-IOMemoryDescriptor::withOptions(void *         buffers,
-                                UInt32         count,
-                                UInt32         offset,
-                                task_t         task,
-                                IOOptionBits   opts,
-                                IOMapper *     mapper)
+struct IOMemoryEntry
  {
  {
-    IOGeneralMemoryDescriptor *self = new IOGeneralMemoryDescriptor;
-
-    if (self
-    && !self->initWithOptions(buffers, count, offset, task, opts, mapper))
-    {
-        self->release();
-        return 0;
-    }
+    ipc_port_t entry;
+    int64_t    offset;
+    uint64_t   size;
+};
  
  
-    return self;
-}
+struct IOMemoryReference
+{
+    volatile SInt32             refCount;
+    vm_prot_t                   prot;
+    uint32_t                    capacity;
+    uint32_t                    count;
+    struct IOMemoryReference  * mapRef;
+    IOMemoryEntry               entries[0];
+};
  
  
-// Can't leave abstract but this should never be used directly,
-bool IOMemoryDescriptor::initWithOptions(void *                buffers,
-                                         UInt32                count,
-                                         UInt32                offset,
-                                         task_t                task,
-                                         IOOptionBits  options,
-                                         IOMapper *    mapper)
+enum
  {
  {
-    // @@@ gvdl: Should I panic?
-    panic("IOMD::initWithOptions called\n");
-    return 0;
-}
+    kIOMemoryReferenceReuse = 0x00000001,
+    kIOMemoryReferenceWrite = 0x00000002,
+    kIOMemoryReferenceCOW   = 0x00000004,
+};
  
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withPhysicalRanges(        IOPhysicalRange * ranges,
-                                        UInt32          withCount,
-                                        IODirection     direction,
-                                        bool            asReference)
+SInt32 gIOMemoryReferenceCount;
+
+IOMemoryReference *
+IOGeneralMemoryDescriptor::memoryReferenceAlloc(uint32_t capacity, IOMemoryReference * realloc)
  {
  {
-    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
-    if (that)
+    IOMemoryReference * ref;
+    size_t              newSize, oldSize, copySize;
+
+    newSize = (sizeof(IOMemoryReference) 
+                 - sizeof(ref->entries) 
+                 + capacity * sizeof(ref->entries[0]));
+    ref = (typeof(ref)) IOMalloc(newSize);
+    if (realloc)
      {
      {
-       if (that->initWithPhysicalRanges(ranges, withCount, direction, asReference))
-           return that;
-
-        that->release();
+       oldSize = (sizeof(IOMemoryReference) 
+                       - sizeof(realloc->entries) 
+                       + realloc->capacity * sizeof(realloc->entries[0]));
+       copySize = oldSize;
+        if (copySize > newSize) copySize = newSize;
+       if (ref) bcopy(realloc, ref, copySize);
+       IOFree(realloc, oldSize);
      }
      }
-    return 0;
+    else if (ref)
+    {
+       bzero(ref, sizeof(*ref));
+       ref->refCount = 1;
+       OSIncrementAtomic(&gIOMemoryReferenceCount);
+    }
+    if (!ref) return (0);
+    ref->capacity = capacity;
+    return (ref);
  }
  
  }
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withSubRange(IOMemoryDescriptor *  of,
-                               IOByteCount             offset,
-                               IOByteCount             length,
-                               IODirection             direction)
+void 
+IOGeneralMemoryDescriptor::memoryReferenceFree(IOMemoryReference * ref)
  {
  {
-    IOSubMemoryDescriptor *self = new IOSubMemoryDescriptor;
+    IOMemoryEntry * entries;
+    size_t          size;
  
  
-    if (self && !self->initSubRange(of, offset, length, direction)) {
-        self->release();
-       self = 0;
+    if (ref->mapRef)
+    {
+       memoryReferenceFree(ref->mapRef);
+       ref->mapRef = 0;
      }
      }
-    return self;
-}
  
  
-IOMemoryDescriptor *
-IOMemoryDescriptor::withPersistentMemoryDescriptor(IOMemoryDescriptor *originalMD)
-{
-    IOGeneralMemoryDescriptor *origGenMD = 
-       OSDynamicCast(IOGeneralMemoryDescriptor, originalMD);
+    entries = ref->entries + ref->count;
+    while (entries > &ref->entries[0])
+    {
+        entries--;
+        ipc_port_release_send(entries->entry);
+    }
+    size = (sizeof(IOMemoryReference) 
+                 - sizeof(ref->entries) 
+                 + ref->capacity * sizeof(ref->entries[0]));
+    IOFree(ref, size);
  
  
-    if (origGenMD)
-       return IOGeneralMemoryDescriptor::
-           withPersistentMemoryDescriptor(origGenMD);
-    else
-       return 0;
+    OSDecrementAtomic(&gIOMemoryReferenceCount);
  }
  
  }
  
-IOMemoryDescriptor *
-IOGeneralMemoryDescriptor::withPersistentMemoryDescriptor(IOGeneralMemoryDescriptor *originalMD)
+void 
+IOGeneralMemoryDescriptor::memoryReferenceRelease(IOMemoryReference * ref)
  {
  {
-    ipc_port_t sharedMem = (ipc_port_t) originalMD->createNamedEntry();
+    if (1 == OSDecrementAtomic(&ref->refCount)) memoryReferenceFree(ref);
+}
  
  
-    if (!sharedMem)
-       return 0;
-   
-    if (sharedMem == originalMD->_memEntry) {
-       originalMD->retain();               // Add a new reference to ourselves
-       ipc_port_release_send(sharedMem);   // Remove extra send right
-       return originalMD;
+
+IOReturn
+IOGeneralMemoryDescriptor::memoryReferenceCreate(
+                        IOOptionBits         options,
+                        IOMemoryReference ** reference)
+{
+    enum { kCapacity = 4, kCapacityInc = 4 };
+
+    kern_return_t        err;
+    IOMemoryReference *  ref;
+    IOMemoryEntry *      entries;
+    IOMemoryEntry *      cloneEntries;
+    vm_map_t             map;
+    ipc_port_t           entry, cloneEntry;
+    vm_prot_t            prot;
+    memory_object_size_t actualSize;
+    uint32_t             rangeIdx;
+    uint32_t             count;
+    mach_vm_address_t    entryAddr, endAddr, entrySize;
+    mach_vm_size_t       srcAddr, srcLen;
+    mach_vm_size_t       nextAddr, nextLen;
+    mach_vm_size_t       offset, remain;
+    IOByteCount          physLen;
+    IOOptionBits         type = (_flags & kIOMemoryTypeMask);
+    IOOptionBits         cacheMode;
+    unsigned int        pagerFlags;
+    vm_tag_t             tag;
+
+    ref = memoryReferenceAlloc(kCapacity, NULL);
+    if (!ref) return (kIOReturnNoMemory);
+
+    tag = getVMTag(kernel_map);
+    entries = &ref->entries[0];
+    count = 0;
+    err = KERN_SUCCESS;
+
+    offset = 0;
+    rangeIdx = 0;
+    if (_task)
+    {
+        getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx);
      }
      }
+    else
+    {
+        nextAddr = getPhysicalSegment(offset, &physLen, kIOMemoryMapperNone);
+        nextLen = physLen;
  
  
-    IOGeneralMemoryDescriptor * self = new IOGeneralMemoryDescriptor;
-    typePersMDData initData = { originalMD, sharedMem };
+       // default cache mode for physical
+       if (kIODefaultCache == ((_flags & kIOMemoryBufferCacheMask) >> kIOMemoryBufferCacheShift))
+       {
+           IOOptionBits mode;
+           pagerFlags = IODefaultCacheBits(nextAddr);
+           if (DEVICE_PAGER_CACHE_INHIB & pagerFlags)
+           {
+               if (DEVICE_PAGER_GUARDED & pagerFlags)
+                   mode = kIOInhibitCache;
+               else
+                   mode = kIOWriteCombineCache;
+           }
+           else if (DEVICE_PAGER_WRITE_THROUGH & pagerFlags)
+               mode = kIOWriteThruCache;
+           else
+               mode = kIOCopybackCache;
+           _flags |= (mode << kIOMemoryBufferCacheShift);
+       }
+    }
  
  
-    if (self
-    && !self->initWithOptions(&initData, 1, 0, 0, kIOMemoryTypePersistentMD, 0)) {
-        self->release();
-       self = 0;
+    // cache mode & vm_prot
+    prot = VM_PROT_READ;
+    cacheMode = ((_flags & kIOMemoryBufferCacheMask) >> kIOMemoryBufferCacheShift);
+    prot |= vmProtForCacheMode(cacheMode);
+    // VM system requires write access to change cache mode
+    if (kIODefaultCache != cacheMode)                    prot |= VM_PROT_WRITE;
+    if (kIODirectionOut != (kIODirectionOutIn & _flags)) prot |= VM_PROT_WRITE;
+    if (kIOMemoryReferenceWrite & options)               prot |= VM_PROT_WRITE;
+    if (kIOMemoryReferenceCOW   & options)               prot |= MAP_MEM_VM_COPY;
+
+    if ((kIOMemoryReferenceReuse & options) && _memRef)
+    {
+        cloneEntries = &_memRef->entries[0];
+       prot |= MAP_MEM_NAMED_REUSE;
      }
      }
-    return self;
-}
  
  
-void *IOGeneralMemoryDescriptor::createNamedEntry()
-{
-    kern_return_t error;
-    ipc_port_t sharedMem;
+    if (_task)
+    {
+       // virtual ranges
  
  
-    IOOptionBits type = _flags & kIOMemoryTypeMask;
+       if (kIOMemoryBufferPageable & _flags)
+       {
+           // IOBufferMemoryDescriptor alloc - set flags for entry + object create
+           prot |= MAP_MEM_NAMED_CREATE;
+           if (kIOMemoryBufferPurgeable & _flags) prot |= MAP_MEM_PURGABLE;
+           if (kIOMemoryUseReserve & _flags)      prot |= MAP_MEM_GRAB_SECLUDED;
  
  
-    user_addr_t range0Addr;
-    IOByteCount range0Len;
-    getAddrLenForInd(range0Addr, range0Len, type, _ranges, 0);
-    range0Addr = trunc_page_64(range0Addr);
+           prot |= VM_PROT_WRITE;
+           map = NULL;
+       }
+       else map = get_task_map(_task);
  
  
-    vm_size_t size = ptoa_32(_pages);
-    vm_address_t kernelPage = (vm_address_t) range0Addr;
+       remain = _length;
+       while (remain)
+       {
+           srcAddr  = nextAddr;
+           srcLen   = nextLen;
+           nextAddr = 0;
+           nextLen  = 0;
+           // coalesce addr range
+           for (++rangeIdx; rangeIdx < _rangesCount; rangeIdx++)
+           {
+               getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx);
+               if ((srcAddr + srcLen) != nextAddr) break;
+               srcLen += nextLen;
+           }
+           entryAddr = trunc_page_64(srcAddr);
+           endAddr   = round_page_64(srcAddr + srcLen);
+           do
+           {
+               entrySize = (endAddr - entryAddr);
+               if (!entrySize) break;
+               actualSize = entrySize;
  
  
-    vm_map_t theMap = ((_task == kernel_task)
-                       && (kIOMemoryBufferPageable & _flags)) 
-                   ? IOPageableMapForAddress(kernelPage)
-                   : get_task_map(_task);
+               cloneEntry = MACH_PORT_NULL;
+               if (MAP_MEM_NAMED_REUSE & prot)
+               {
+                   if (cloneEntries < &_memRef->entries[_memRef->count]) cloneEntry = cloneEntries->entry;
+                   else                                                  prot &= ~MAP_MEM_NAMED_REUSE;
+               }
  
  
-    memory_object_size_t  actualSize = size;
-    vm_prot_t             prot       = VM_PROT_READ;
-#if CONFIG_EMBEDDED
-    if (kIODirectionOut != (kIODirectionOutIn & _flags))
-#endif
-       prot |= VM_PROT_WRITE;
+               err = mach_make_memory_entry_64(map,
+                       &actualSize, entryAddr, prot, &entry, cloneEntry);
  
  
-    if (_memEntry)
-       prot |= MAP_MEM_NAMED_REUSE;
+               if (KERN_SUCCESS != err) break;
+               if (actualSize > entrySize) panic("mach_make_memory_entry_64 actualSize");
  
  
-    error = mach_make_memory_entry_64(theMap,
-           &actualSize, range0Addr, prot, &sharedMem, (ipc_port_t) _memEntry);
-
-    if (KERN_SUCCESS == error) {
-       if (actualSize == size) {
-           return sharedMem;
-       } else {
-#if IOASSERT
-           IOLog("IOGMD::mach_make_memory_entry_64 (%08llx) size (%08lx:%08x)\n",
-                       (UInt64)range0Addr, (UInt32)actualSize, size);
-#endif    
-           ipc_port_release_send( sharedMem );
+               if (count >= ref->capacity)
+               {
+                   ref = memoryReferenceAlloc(ref->capacity + kCapacityInc, ref);
+                   entries = &ref->entries[count];
+               }
+               entries->entry  = entry;
+               entries->size   = actualSize;
+               entries->offset = offset + (entryAddr - srcAddr);
+               entryAddr += actualSize;
+               if (MAP_MEM_NAMED_REUSE & prot)
+               {
+                   if ((cloneEntries->entry  == entries->entry)
+                    && (cloneEntries->size   == entries->size)
+                    && (cloneEntries->offset == entries->offset))         cloneEntries++;
+                    else                                    prot &= ~MAP_MEM_NAMED_REUSE;
+               }
+               entries++;
+               count++;
+           }
+           while (true);
+           offset += srcLen;
+           remain -= srcLen;
         }
      }
         }
      }
-
-    return MACH_PORT_NULL;
+    else
+    {
+        // _task == 0, physical or kIOMemoryTypeUPL
+       memory_object_t pager;
+        vm_size_t       size = ptoa_32(_pages);
+
+       if (!getKernelReserved()) panic("getKernelReserved");
+
+       reserved->dp.pagerContig = (1 == _rangesCount);
+       reserved->dp.memory      = this;
+
+       pagerFlags = pagerFlagsForCacheMode(cacheMode);
+       if (-1U == pagerFlags) panic("phys is kIODefaultCache");
+       if (reserved->dp.pagerContig) pagerFlags |= DEVICE_PAGER_CONTIGUOUS;
+
+       pager = device_pager_setup((memory_object_t) 0, (uintptr_t) reserved, 
+                                                           size, pagerFlags);
+       assert (pager);
+       if (!pager) err = kIOReturnVMError;
+       else
+       {
+           srcAddr  = nextAddr;
+           entryAddr = trunc_page_64(srcAddr);
+           err = mach_memory_object_memory_entry_64((host_t) 1, false /*internal*/, 
+                       size, VM_PROT_READ | VM_PROT_WRITE, pager, &entry);
+           assert (KERN_SUCCESS == err);
+           if (KERN_SUCCESS != err) device_pager_deallocate(pager);
+           else
+           {
+               reserved->dp.devicePager = pager;
+               entries->entry  = entry;
+               entries->size   = size;
+               entries->offset = offset + (entryAddr - srcAddr);
+               entries++;
+               count++;
+           }
+       }
+    }
+    
+    ref->count = count;
+    ref->prot  = prot;
+
+    if (_task && (KERN_SUCCESS == err)
+      && (kIOMemoryMapCopyOnWrite & _flags)
+      && !(kIOMemoryReferenceCOW & options))
+    {
+        err = memoryReferenceCreate(options | kIOMemoryReferenceCOW, &ref->mapRef);
+    }
+
+    if (KERN_SUCCESS == err)
+    {
+       if (MAP_MEM_NAMED_REUSE & prot)
+       {
+           memoryReferenceFree(ref);
+           OSIncrementAtomic(&_memRef->refCount);
+           ref = _memRef;
+       }
+    }
+    else
+    {
+        memoryReferenceFree(ref);
+        ref = NULL;    
+    }
+
+    *reference = ref;
+
+    return (err);
+}
+
+kern_return_t 
+IOMemoryDescriptorMapAlloc(vm_map_t map, void * _ref)
+{
+    IOMemoryDescriptorMapAllocRef * ref = (typeof(ref))_ref;
+    IOReturn                       err;
+    vm_map_offset_t                addr;
+
+    addr = ref->mapped;
+
+    err = vm_map_enter_mem_object(map, &addr, ref->size,
+                                 (vm_map_offset_t) 0,
+                                 (((ref->options & kIOMapAnywhere)
+                                   ? VM_FLAGS_ANYWHERE
+                                   : VM_FLAGS_FIXED)
+                                  | VM_MAKE_TAG(ref->tag)),
+                                 IPC_PORT_NULL,
+                                 (memory_object_offset_t) 0,
+                                 false, /* copy */
+                                 ref->prot,
+                                 ref->prot,
+                                 VM_INHERIT_NONE);
+    if (KERN_SUCCESS == err)
+    {
+       ref->mapped = (mach_vm_address_t) addr;
+       ref->map = map;
+    }
+
+    return( err );
+}
+
+IOReturn 
+IOGeneralMemoryDescriptor::memoryReferenceMap(
+                    IOMemoryReference * ref,
+                     vm_map_t            map,
+                     mach_vm_size_t      inoffset,
+                     mach_vm_size_t      size,
+                     IOOptionBits        options,
+                     mach_vm_address_t * inaddr)
+{
+    IOReturn        err;
+    int64_t         offset = inoffset;
+    uint32_t        rangeIdx, entryIdx;
+    vm_map_offset_t addr, mapAddr;
+    vm_map_offset_t pageOffset, entryOffset, remain, chunk;
+
+    mach_vm_address_t nextAddr;
+    mach_vm_size_t    nextLen;
+    IOByteCount       physLen;
+    IOMemoryEntry   * entry;
+    vm_prot_t         prot, memEntryCacheMode;
+    IOOptionBits      type;
+    IOOptionBits      cacheMode;
+    vm_tag_t          tag;
+    // for the kIOMapPrefault option.
+    upl_page_info_t * pageList = NULL;
+    UInt              currentPageIndex = 0;
+    bool              didAlloc;
+
+    if (ref->mapRef)
+    {
+       err = memoryReferenceMap(ref->mapRef, map, inoffset, size, options, inaddr);
+       return (err);
+    }
+
+    type = _flags & kIOMemoryTypeMask;
+
+    prot = VM_PROT_READ;
+    if (!(kIOMapReadOnly & options)) prot |= VM_PROT_WRITE;
+    prot &= ref->prot;
+
+    cacheMode = ((options & kIOMapCacheMask) >> kIOMapCacheShift);
+    if (kIODefaultCache != cacheMode)
+    {
+       // VM system requires write access to update named entry cache mode
+       memEntryCacheMode = (MAP_MEM_ONLY | VM_PROT_WRITE | prot | vmProtForCacheMode(cacheMode));
+    }
+
+    tag = getVMTag(map);
+
+    if (_task)
+    {
+       // Find first range for offset
+        if (!_rangesCount) return (kIOReturnBadArgument);
+       for (remain = offset, rangeIdx = 0; rangeIdx < _rangesCount; rangeIdx++)
+       {
+           getAddrLenForInd(nextAddr, nextLen, type, _ranges, rangeIdx);
+           if (remain < nextLen) break;
+           remain -= nextLen;
+       } 
+    }
+    else
+    {
+        rangeIdx = 0;
+        remain   = 0;
+        nextAddr = getPhysicalSegment(offset, &physLen, kIOMemoryMapperNone);
+        nextLen  = size;
+    }
+
+    assert(remain < nextLen);
+    if (remain >= nextLen) return (kIOReturnBadArgument);
+
+    nextAddr  += remain;
+    nextLen   -= remain;
+    pageOffset = (page_mask & nextAddr);
+    addr       = 0;
+    didAlloc   = false;
+
+    if (!(options & kIOMapAnywhere))
+    {
+        addr = *inaddr;
+        if (pageOffset != (page_mask & addr)) return (kIOReturnNotAligned);
+        addr -= pageOffset;
+    }
+
+    // find first entry for offset
+    for (entryIdx = 0; 
+       (entryIdx < ref->count) && (offset >= ref->entries[entryIdx].offset);
+       entryIdx++) {}
+    entryIdx--;
+    entry = &ref->entries[entryIdx];
+
+    // allocate VM
+    size = round_page_64(size + pageOffset);
+    if (kIOMapOverwrite & options)
+    {
+        if ((map == kernel_map) && (kIOMemoryBufferPageable & _flags))
+        {
+            map = IOPageableMapForAddress(addr);
+        }
+        err = KERN_SUCCESS;
+    }
+    else
+    {
+       IOMemoryDescriptorMapAllocRef ref;
+       ref.map     = map;
+       ref.tag     = tag;
+       ref.options = options;
+       ref.size    = size;
+       ref.prot    = prot;
+       if (options & kIOMapAnywhere)
+           // vm_map looks for addresses above here, even when VM_FLAGS_ANYWHERE
+           ref.mapped = 0;
+       else
+           ref.mapped = addr;
+       if ((ref.map == kernel_map) && (kIOMemoryBufferPageable & _flags))
+           err = IOIteratePageableMaps( ref.size, &IOMemoryDescriptorMapAlloc, &ref );
+       else
+           err = IOMemoryDescriptorMapAlloc(ref.map, &ref);
+       if (KERN_SUCCESS == err)
+       {
+           addr     = ref.mapped;
+           map      = ref.map;
+           didAlloc = true;
+       }
+    }
+
+    /*
+     * Prefaulting is only possible if we wired the memory earlier. Check the
+     * memory type, and the underlying data.
+     */
+    if (options & kIOMapPrefault)
+    {
+        /*
+         * The memory must have been wired by calling ::prepare(), otherwise
+         * we don't have the UPL. Without UPLs, pages cannot be pre-faulted
+         */
+        assert(map != kernel_map);
+        assert(_wireCount != 0);
+        assert(_memoryEntries != NULL);
+        if ((map == kernel_map) ||
+            (_wireCount == 0) ||
+            (_memoryEntries == NULL))
+        {
+            return kIOReturnBadArgument;
+        }
+
+        // Get the page list.
+        ioGMDData* dataP = getDataP(_memoryEntries);
+        ioPLBlock const* ioplList = getIOPLList(dataP);
+        pageList = getPageList(dataP);
+        
+        // Get the number of IOPLs.
+        UInt numIOPLs = getNumIOPL(_memoryEntries, dataP);
+        
+        /*
+         * Scan through the IOPL Info Blocks, looking for the first block containing
+         * the offset. The research will go past it, so we'll need to go back to the
+         * right range at the end.
+         */
+        UInt ioplIndex = 0;
+        while (ioplIndex < numIOPLs && offset >= ioplList[ioplIndex].fIOMDOffset)
+            ioplIndex++;
+        ioplIndex--;
+        
+        // Retrieve the IOPL info block.
+        ioPLBlock ioplInfo = ioplList[ioplIndex];
+            
+        /*
+         * For external UPLs, the fPageInfo points directly to the UPL's page_info_t
+         * array.
+         */
+        if (ioplInfo.fFlags & kIOPLExternUPL)
+            pageList = (upl_page_info_t*) ioplInfo.fPageInfo;
+        else
+            pageList = &pageList[ioplInfo.fPageInfo];
+        
+        // Rebase [offset] into the IOPL in order to looks for the first page index.
+        mach_vm_size_t offsetInIOPL = offset - ioplInfo.fIOMDOffset + ioplInfo.fPageOffset;
+        
+        // Retrieve the index of the first page corresponding to the offset.
+        currentPageIndex = atop_32(offsetInIOPL);
+    }
+
+    // enter mappings
+    remain  = size;
+    mapAddr = addr;
+    addr    += pageOffset;
+
+    while (remain && (KERN_SUCCESS == err))
+    {
+            entryOffset = offset - entry->offset;
+            if ((page_mask & entryOffset) != pageOffset) 
+            {
+                err = kIOReturnNotAligned;
+                break;
+            }
+
+           if (kIODefaultCache != cacheMode)
+           {
+               vm_size_t unused = 0;
+               err = mach_make_memory_entry(NULL /*unused*/, &unused, 0 /*unused*/, 
+                                            memEntryCacheMode, NULL, entry->entry);
+               assert (KERN_SUCCESS == err);
+           }
+
+            entryOffset -= pageOffset;
+            if (entryOffset >= entry->size) panic("entryOffset");
+            chunk = entry->size - entryOffset;
+            if (chunk)
+            {
+                if (chunk > remain) chunk = remain;
+               if (options & kIOMapPrefault) 
+               {
+                    UInt nb_pages = round_page(chunk) / PAGE_SIZE;
+                    err = vm_map_enter_mem_object_prefault(map,
+                                                           &mapAddr,
+                                                           chunk, 0 /* mask */, 
+                                                            (VM_FLAGS_FIXED
+                                                           | VM_FLAGS_OVERWRITE
+                                                           | VM_MAKE_TAG(tag)
+                                                           | VM_FLAGS_IOKIT_ACCT), /* iokit accounting */
+                                                           entry->entry,
+                                                           entryOffset,
+                                                           prot, // cur
+                                                           prot, // max
+                                                           &pageList[currentPageIndex],
+                                                          nb_pages);
+
+                    // Compute the next index in the page list.
+                    currentPageIndex += nb_pages;
+                    assert(currentPageIndex <= _pages);
+               } 
+               else 
+               {
+                    err = vm_map_enter_mem_object(map,
+                                                  &mapAddr,
+                                                  chunk, 0 /* mask */, 
+                                                   (VM_FLAGS_FIXED
+                                                  | VM_FLAGS_OVERWRITE
+                                                  | VM_MAKE_TAG(tag)
+                                                  | VM_FLAGS_IOKIT_ACCT), /* iokit accounting */
+                                                  entry->entry,
+                                                  entryOffset,
+                                                  false, // copy
+                                                  prot, // cur
+                                                  prot, // max
+                                                  VM_INHERIT_NONE);
+                }
+                if (KERN_SUCCESS != err) break;
+                remain -= chunk;
+                if (!remain) break;
+                mapAddr  += chunk;
+                offset   += chunk - pageOffset;
+            }
+            pageOffset = 0;
+            entry++;
+            entryIdx++;
+            if (entryIdx >= ref->count) 
+            {
+                err = kIOReturnOverrun;
+                break;
+            }
+        }
+
+    if ((KERN_SUCCESS != err) && didAlloc)
+    {
+        (void) mach_vm_deallocate(map, trunc_page_64(addr), size);
+        addr = 0;
+    }
+    *inaddr = addr;
+
+    return (err);
+}
+
+IOReturn 
+IOGeneralMemoryDescriptor::memoryReferenceGetPageCounts(
+                              IOMemoryReference * ref,
+                               IOByteCount       * residentPageCount,
+                               IOByteCount       * dirtyPageCount)
+{
+    IOReturn        err;
+    IOMemoryEntry * entries;
+    unsigned int resident, dirty;
+    unsigned int totalResident, totalDirty;
+
+    totalResident = totalDirty = 0;
+    err = kIOReturnSuccess;
+    entries = ref->entries + ref->count;
+    while (entries > &ref->entries[0])
+    {
+        entries--;
+       err = mach_memory_entry_get_page_counts(entries->entry, &resident, &dirty);
+       if (KERN_SUCCESS != err) break;
+       totalResident += resident;
+       totalDirty    += dirty;
+    }
+
+    if (residentPageCount) *residentPageCount = totalResident;
+    if (dirtyPageCount)    *dirtyPageCount    = totalDirty;
+    return (err);
+}
+
+IOReturn
+IOGeneralMemoryDescriptor::memoryReferenceSetPurgeable(
+                               IOMemoryReference * ref,
+                               IOOptionBits        newState,
+                               IOOptionBits      * oldState)
+{
+    IOReturn        err;
+    IOMemoryEntry * entries;
+    vm_purgable_t   control;
+    int             totalState, state;
+
+    totalState = kIOMemoryPurgeableNonVolatile;
+    err = kIOReturnSuccess;
+    entries = ref->entries + ref->count;
+    while (entries > &ref->entries[0])
+    {
+        entries--;
+
+       err = purgeableControlBits(newState, &control, &state);
+       if (KERN_SUCCESS != err) break;
+       err = mach_memory_entry_purgable_control(entries->entry, control, &state);
+       if (KERN_SUCCESS != err) break;
+       err = purgeableStateBits(&state);
+       if (KERN_SUCCESS != err) break;
+
+       if (kIOMemoryPurgeableEmpty == state)              totalState = kIOMemoryPurgeableEmpty;
+       else if (kIOMemoryPurgeableEmpty == totalState)    continue;
+       else if (kIOMemoryPurgeableVolatile == totalState) continue;
+       else if (kIOMemoryPurgeableVolatile == state)      totalState = kIOMemoryPurgeableVolatile;
+       else totalState = kIOMemoryPurgeableNonVolatile;
+    }
+
+    if (oldState) *oldState = totalState;
+    return (err);
+}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withAddress(void *      address,
+                                IOByteCount   length,
+                                IODirection direction)
+{
+    return IOMemoryDescriptor::
+        withAddressRange((IOVirtualAddress) address, length, direction | kIOMemoryAutoPrepare, kernel_task);
+}
+
+#ifndef __LP64__
+IOMemoryDescriptor *
+IOMemoryDescriptor::withAddress(IOVirtualAddress address,
+                                IOByteCount  length,
+                                IODirection  direction,
+                                task_t       task)
+{
+    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
+    if (that)
+    {
+       if (that->initWithAddress(address, length, direction, task))
+           return that;
+
+        that->release();
+    }
+    return 0;
+}
+#endif /* !__LP64__ */
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withPhysicalAddress(
+                               IOPhysicalAddress       address,
+                               IOByteCount             length,
+                               IODirection             direction )
+{
+    return (IOMemoryDescriptor::withAddressRange(address, length, direction, TASK_NULL));
+}
+
+#ifndef __LP64__
+IOMemoryDescriptor *
+IOMemoryDescriptor::withRanges(        IOVirtualRange * ranges,
+                               UInt32           withCount,
+                               IODirection      direction,
+                               task_t           task,
+                               bool             asReference)
+{
+    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
+    if (that)
+    {
+       if (that->initWithRanges(ranges, withCount, direction, task, asReference))
+           return that;
+
+        that->release();
+    }
+    return 0;
  }
  }
+#endif /* !__LP64__ */
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withAddressRange(mach_vm_address_t address,
+                                       mach_vm_size_t length,
+                                       IOOptionBits   options,
+                                       task_t         task)
+{
+    IOAddressRange range = { address, length };
+    return (IOMemoryDescriptor::withAddressRanges(&range, 1, options, task));
+}
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withAddressRanges(IOAddressRange *   ranges,
+                                       UInt32           rangeCount,
+                                       IOOptionBits     options,
+                                       task_t           task)
+{
+    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
+    if (that)
+    {
+       if (task)
+           options |= kIOMemoryTypeVirtual64;
+       else
+           options |= kIOMemoryTypePhysical64;
+
+       if (that->initWithOptions(ranges, rangeCount, 0, task, options, /* mapper */ 0))
+           return that;
+
+       that->release();
+    }
+
+    return 0;
+}
+
  
  /*
  
  /*
- * initWithAddress:
+ * withOptions:
   *
   *
- * Initialize an IOMemoryDescriptor. The buffer is a virtual address
- * relative to the specified task.  If no task is supplied, the kernel
- * task is implied.
+ * Create a new IOMemoryDescriptor. The buffer is made up of several
+ * virtual address ranges, from a given task.
   *
   *
- * An IOMemoryDescriptor can be re-used by calling initWithAddress or
- * initWithRanges again on an existing instance -- note this behavior
- * is not commonly supported in other I/O Kit classes, although it is
- * supported here.
+ * Passing the ranges as a reference will avoid an extra allocation.
   */
   */
+IOMemoryDescriptor *
+IOMemoryDescriptor::withOptions(void *         buffers,
+                                UInt32         count,
+                                UInt32         offset,
+                                task_t         task,
+                                IOOptionBits   opts,
+                                IOMapper *     mapper)
+{
+    IOGeneralMemoryDescriptor *self = new IOGeneralMemoryDescriptor;
+
+    if (self
+    && !self->initWithOptions(buffers, count, offset, task, opts, mapper))
+    {
+        self->release();
+        return 0;
+    }
+
+    return self;
+}
+
+bool IOMemoryDescriptor::initWithOptions(void *                buffers,
+                                         UInt32                count,
+                                         UInt32                offset,
+                                         task_t                task,
+                                         IOOptionBits  options,
+                                         IOMapper *    mapper)
+{
+    return( false );
+}
+
+#ifndef __LP64__
+IOMemoryDescriptor *
+IOMemoryDescriptor::withPhysicalRanges(        IOPhysicalRange * ranges,
+                                        UInt32          withCount,
+                                        IODirection     direction,
+                                        bool            asReference)
+{
+    IOGeneralMemoryDescriptor * that = new IOGeneralMemoryDescriptor;
+    if (that)
+    {
+       if (that->initWithPhysicalRanges(ranges, withCount, direction, asReference))
+           return that;
+
+        that->release();
+    }
+    return 0;
+}
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withSubRange(IOMemoryDescriptor *  of,
+                               IOByteCount             offset,
+                               IOByteCount             length,
+                               IODirection             direction)
+{
+    return (IOSubMemoryDescriptor::withSubRange(of, offset, length, direction));
+}
+#endif /* !__LP64__ */
+
+IOMemoryDescriptor *
+IOMemoryDescriptor::withPersistentMemoryDescriptor(IOMemoryDescriptor *originalMD)
+{
+    IOGeneralMemoryDescriptor *origGenMD = 
+       OSDynamicCast(IOGeneralMemoryDescriptor, originalMD);
+
+    if (origGenMD)
+       return IOGeneralMemoryDescriptor::
+           withPersistentMemoryDescriptor(origGenMD);
+    else
+       return 0;
+}
+
+IOMemoryDescriptor *
+IOGeneralMemoryDescriptor::withPersistentMemoryDescriptor(IOGeneralMemoryDescriptor *originalMD)
+{
+    IOMemoryReference * memRef;
+    
+    if (kIOReturnSuccess != originalMD->memoryReferenceCreate(kIOMemoryReferenceReuse, &memRef)) return (0);
+
+    if (memRef == originalMD->_memRef)
+    {
+       originalMD->retain();               // Add a new reference to ourselves
+        originalMD->memoryReferenceRelease(memRef);
+       return originalMD;
+    }
+
+    IOGeneralMemoryDescriptor * self = new IOGeneralMemoryDescriptor;
+    IOMDPersistentInitData initData = { originalMD, memRef };
+
+    if (self
+    && !self->initWithOptions(&initData, 1, 0, 0, kIOMemoryTypePersistentMD, 0)) {
+        self->release();
+       self = 0;
+    }
+    return self;
+}
+
+#ifndef __LP64__
  bool
  IOGeneralMemoryDescriptor::initWithAddress(void *      address,
                                      IOByteCount   withLength,
                                      IODirection withDirection)
  {
  bool
  IOGeneralMemoryDescriptor::initWithAddress(void *      address,
                                      IOByteCount   withLength,
                                      IODirection withDirection)
  {
-    _singleRange.v.address = (vm_address_t) address;
+    _singleRange.v.address = (vm_offset_t) address;
      _singleRange.v.length  = withLength;
  
      return initWithRanges(&_singleRange.v, 1, withDirection, kernel_task, true);
  }
  
  bool
      _singleRange.v.length  = withLength;
  
      return initWithRanges(&_singleRange.v, 1, withDirection, kernel_task, true);
  }
  
  bool
-IOGeneralMemoryDescriptor::initWithAddress(vm_address_t address,
+IOGeneralMemoryDescriptor::initWithAddress(IOVirtualAddress address,
                                      IOByteCount    withLength,
                                      IODirection  withDirection,
                                      task_t       withTask)
                                      IOByteCount    withLength,
                                      IODirection  withDirection,
                                      task_t       withTask)
@@ -685,6 +1333,7 @@ IOGeneralMemoryDescriptor::initWithRanges(
      
      return initWithOptions(ranges, count, 0, task, mdOpts, /* mapper */ 0);
  }
      
      return initWithOptions(ranges, count, 0, task, mdOpts, /* mapper */ 0);
  }
+#endif /* !__LP64__ */
  
  /*
   * initWithOptions:
  
  /*
   * initWithOptions:
@@ -710,11 +1359,22 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
  {
      IOOptionBits type = options & kIOMemoryTypeMask;
  
  {
      IOOptionBits type = options & kIOMemoryTypeMask;
  
+#ifndef __LP64__
+    if (task
+        && (kIOMemoryTypeVirtual == type)
+        && vm_map_is_64bit(get_task_map(task)) 
+        && ((IOVirtualRange *) buffers)->address)
+    {
+        OSReportWithBacktrace("IOMemoryDescriptor: attempt to create 32b virtual in 64b task, use ::withAddressRange()");
+        return false;
+    }
+#endif /* !__LP64__ */
+
      // Grab the original MD's configuation data to initialse the
      // arguments to this function.
      if (kIOMemoryTypePersistentMD == type) {
  
      // Grab the original MD's configuation data to initialse the
      // arguments to this function.
      if (kIOMemoryTypePersistentMD == type) {
  
-       typePersMDData *initData = (typePersMDData *) buffers;
+       IOMDPersistentInitData *initData = (typeof(initData)) buffers;
         const IOGeneralMemoryDescriptor *orig = initData->fMD;
         ioGMDData *dataP = getDataP(orig->_memoryEntries);
  
         const IOGeneralMemoryDescriptor *orig = initData->fMD;
         ioGMDData *dataP = getDataP(orig->_memoryEntries);
  
@@ -723,11 +1383,11 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
         if ( !(orig->_flags & kIOMemoryPersistent) || !dataP)
             return false;
  
         if ( !(orig->_flags & kIOMemoryPersistent) || !dataP)
             return false;
  
-       _memEntry = initData->fMemEntry;        // Grab the new named entry
-       options = orig->_flags | kIOMemoryAsReference; 
-       _singleRange = orig->_singleRange;      // Initialise our range
-       buffers = &_singleRange;
-       count = 1;
+       _memRef = initData->fMemRef;    // Grab the new named entry
+       options = orig->_flags & ~kIOMemoryAsReference; 
+        type = options & kIOMemoryTypeMask;
+       buffers = orig->_ranges.v;
+       count = orig->_rangesCount;
  
         // Now grab the original task and whatever mapper was previously used
         task = orig->_task;
  
         // Now grab the original task and whatever mapper was previously used
         task = orig->_task;
@@ -739,24 +1399,18 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
      switch (type) {
      case kIOMemoryTypeUIO:
      case kIOMemoryTypeVirtual:
      switch (type) {
      case kIOMemoryTypeUIO:
      case kIOMemoryTypeVirtual:
+#ifndef __LP64__
      case kIOMemoryTypeVirtual64:
      case kIOMemoryTypeVirtual64:
+#endif /* !__LP64__ */
          assert(task);
          if (!task)
              return false;
          assert(task);
          if (!task)
              return false;
-
-       if (vm_map_is_64bit(get_task_map(task)) 
-           && (kIOMemoryTypeVirtual == type) 
-           && ((IOVirtualRange *) buffers)->address)
-       {
-           OSReportWithBacktrace("IOMemoryDescriptor: attempt to create 32b virtual in 64b task, use ::withAddressRange()");
-            return false;
-       }
         break;
  
      case kIOMemoryTypePhysical:                // Neither Physical nor UPL should have a task
         break;
  
      case kIOMemoryTypePhysical:                // Neither Physical nor UPL should have a task
+#ifndef __LP64__
      case kIOMemoryTypePhysical64:
      case kIOMemoryTypePhysical64:
-       mapper = kIOMapperNone;
-
+#endif /* !__LP64__ */
      case kIOMemoryTypeUPL:
          assert(!task);
          break;
      case kIOMemoryTypeUPL:
          assert(!task);
          break;
@@ -784,20 +1438,29 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
             while (_wireCount)
                 complete();
         }
             while (_wireCount)
                 complete();
         }
-        if (_ranges.v && _rangesIsAllocated)
+        if (_ranges.v && !(kIOMemoryAsReference & _flags))
         {
             if (kIOMemoryTypeUIO == type)
                 uio_free((uio_t) _ranges.v);
         {
             if (kIOMemoryTypeUIO == type)
                 uio_free((uio_t) _ranges.v);
+#ifndef __LP64__
             else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type))
                 IODelete(_ranges.v64, IOAddressRange, _rangesCount);
             else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type))
                 IODelete(_ranges.v64, IOAddressRange, _rangesCount);
+#endif /* !__LP64__ */
             else
                 IODelete(_ranges.v, IOVirtualRange, _rangesCount);
         }
  
             else
                 IODelete(_ranges.v, IOVirtualRange, _rangesCount);
         }
  
-       if (_memEntry)
-           { ipc_port_release_send((ipc_port_t) _memEntry); _memEntry = 0; }
-       if (_mappings)
-           _mappings->flushCollection();
+       options |= (kIOMemoryRedirected & _flags);
+       if (!(kIOMemoryRedirected & options))
+       {
+           if (_memRef)
+           {
+               memoryReferenceRelease(_memRef);
+               _memRef = 0;
+           }
+           if (_mappings)
+               _mappings->flushCollection();
+       }
      }
      else {
          if (!super::init())
      }
      else {
          if (!super::init())
@@ -806,7 +1469,8 @@ IOGeneralMemoryDescriptor::initWithOptions(void *  buffers,
      }
  
      // Grab the appropriate mapper
      }
  
      // Grab the appropriate mapper
-    if (mapper == kIOMapperNone)
+    if (kIOMemoryHostOnly & options) options |= kIOMemoryMapperNone;
+    if (kIOMemoryMapperNone & options)
          mapper = 0;    // No Mapper
      else if (mapper == kIOMapperSystem) {
          IOMapper::checkForSystemMapper();
          mapper = 0;    // No Mapper
      else if (mapper == kIOMapperSystem) {
          IOMapper::checkForSystemMapper();
@@ -818,8 +1482,9 @@ IOGeneralMemoryDescriptor::initWithOptions(void *  buffers,
      _flags                = options;
      _task                  = task;
  
      _flags                = options;
      _task                  = task;
  
-    // DEPRECATED variable initialisation
+#ifndef __LP64__
      _direction             = (IODirection) (_flags & kIOMemoryDirectionMask);
      _direction             = (IODirection) (_flags & kIOMemoryDirectionMask);
+#endif /* !__LP64__ */
  
      __iomd_reservedA = 0;
      __iomd_reservedB = 0;
  
      __iomd_reservedA = 0;
      __iomd_reservedB = 0;
@@ -841,17 +1506,8 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers,
          ioGMDData *dataP;
          unsigned int dataSize = computeDataSize(/* pages */ 0, /* upls */ 1);
  
          ioGMDData *dataP;
          unsigned int dataSize = computeDataSize(/* pages */ 0, /* upls */ 1);
  
-        if (!_memoryEntries) {
-            _memoryEntries = OSData::withCapacity(dataSize);
-            if (!_memoryEntries)
-                return false;
-        }
-        else if (!_memoryEntries->initWithCapacity(dataSize))
-            return false;
-
-        _memoryEntries->appendBytes(0, sizeof(ioGMDData));
+        if (!initMemoryEntries(dataSize, mapper)) return (false);
          dataP = getDataP(_memoryEntries);
          dataP = getDataP(_memoryEntries);
-        dataP->fMapper = mapper;
          dataP->fPageCnt = 0;
  
   //       _wireCount++;        // UPLs start out life wired
          dataP->fPageCnt = 0;
  
   //       _wireCount++;        // UPLs start out life wired
@@ -860,31 +1516,26 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
          _pages    += atop_32(offset + count + PAGE_MASK) - atop_32(offset);
  
          ioPLBlock iopl;
          _pages    += atop_32(offset + count + PAGE_MASK) - atop_32(offset);
  
          ioPLBlock iopl;
-        upl_page_info_t *pageList = UPL_GET_INTERNAL_PAGE_LIST((upl_t) buffers);
-
          iopl.fIOPL = (upl_t) buffers;
          iopl.fIOPL = (upl_t) buffers;
-        // Set the flag kIOPLOnDevice convieniently equal to 1
-        iopl.fFlags  = pageList->device | kIOPLExternUPL;
-        iopl.fIOMDOffset = 0;
+        upl_set_referenced(iopl.fIOPL, true);
+        upl_page_info_t *pageList = UPL_GET_INTERNAL_PAGE_LIST(iopl.fIOPL);
+
+       if (upl_get_size(iopl.fIOPL) < (count + offset))
+           panic("short external upl");
  
          _highestPage = upl_get_highest_page(iopl.fIOPL);
  
  
          _highestPage = upl_get_highest_page(iopl.fIOPL);
  
+        // Set the flag kIOPLOnDevice convieniently equal to 1
+        iopl.fFlags  = pageList->device | kIOPLExternUPL;
          if (!pageList->device) {
              // Pre-compute the offset into the UPL's page list
              pageList = &pageList[atop_32(offset)];
              offset &= PAGE_MASK;
          if (!pageList->device) {
              // Pre-compute the offset into the UPL's page list
              pageList = &pageList[atop_32(offset)];
              offset &= PAGE_MASK;
-            if (mapper) {
-                iopl.fMappedBase = mapper->iovmAlloc(_pages);
-                mapper->iovmInsert(iopl.fMappedBase, 0, pageList, _pages);
-            }
-           else
-               iopl.fMappedBase = 0;
          }
          }
-       else
-           iopl.fMappedBase = 0;
+        iopl.fIOMDOffset = 0;
+        iopl.fMappedPage = 0;
          iopl.fPageInfo = (vm_address_t) pageList;
          iopl.fPageOffset = offset;
          iopl.fPageInfo = (vm_address_t) pageList;
          iopl.fPageOffset = offset;
-
          _memoryEntries->appendBytes(&iopl, sizeof(iopl));
      }
      else {
          _memoryEntries->appendBytes(&iopl, sizeof(iopl));
      }
      else {
@@ -893,7 +1544,9 @@ IOGeneralMemoryDescriptor::initWithOptions(void *  buffers,
         
         // Initialize the memory descriptor
         if (options & kIOMemoryAsReference) {
         
         // Initialize the memory descriptor
         if (options & kIOMemoryAsReference) {
+#ifndef __LP64__
             _rangesIsAllocated = false;
             _rangesIsAllocated = false;
+#endif /* !__LP64__ */
  
             // Hack assignment to get the buffer arg into _ranges.
             // I'd prefer to do _ranges = (Ranges) buffers, but that doesn't
  
             // Hack assignment to get the buffer arg into _ranges.
             // I'd prefer to do _ranges = (Ranges) buffers, but that doesn't
@@ -902,25 +1555,51 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
             _ranges.v = (IOVirtualRange *) buffers;
         }
         else {
             _ranges.v = (IOVirtualRange *) buffers;
         }
         else {
+#ifndef __LP64__
             _rangesIsAllocated = true;
             _rangesIsAllocated = true;
-           switch (_flags & kIOMemoryTypeMask)
+#endif /* !__LP64__ */
+           switch (type)
             {
               case kIOMemoryTypeUIO:
                 _ranges.v = (IOVirtualRange *) uio_duplicate((uio_t) buffers);
                 break;
  
             {
               case kIOMemoryTypeUIO:
                 _ranges.v = (IOVirtualRange *) uio_duplicate((uio_t) buffers);
                 break;
  
+#ifndef __LP64__
               case kIOMemoryTypeVirtual64:
               case kIOMemoryTypePhysical64:
               case kIOMemoryTypeVirtual64:
               case kIOMemoryTypePhysical64:
+               if (count == 1
+                   && (((IOAddressRange *) buffers)->address + ((IOAddressRange *) buffers)->length) <= 0x100000000ULL
+                   ) {
+                   if (kIOMemoryTypeVirtual64 == type)
+                       type = kIOMemoryTypeVirtual;
+                   else
+                       type = kIOMemoryTypePhysical;
+                   _flags = (_flags & ~kIOMemoryTypeMask) | type | kIOMemoryAsReference;
+                   _rangesIsAllocated = false;
+                   _ranges.v = &_singleRange.v;
+                   _singleRange.v.address = ((IOAddressRange *) buffers)->address;
+                   _singleRange.v.length  = ((IOAddressRange *) buffers)->length;
+                   break;
+               }
                 _ranges.v64 = IONew(IOAddressRange, count);
                 if (!_ranges.v64)
                     return false;
                 bcopy(buffers, _ranges.v, count * sizeof(IOAddressRange));
                 break;
                 _ranges.v64 = IONew(IOAddressRange, count);
                 if (!_ranges.v64)
                     return false;
                 bcopy(buffers, _ranges.v, count * sizeof(IOAddressRange));
                 break;
+#endif /* !__LP64__ */
               case kIOMemoryTypeVirtual:
               case kIOMemoryTypePhysical:
               case kIOMemoryTypeVirtual:
               case kIOMemoryTypePhysical:
-               _ranges.v = IONew(IOVirtualRange, count);
-               if (!_ranges.v)
-                   return false;
+               if (count == 1) {
+                   _flags |= kIOMemoryAsReference;
+#ifndef __LP64__
+                   _rangesIsAllocated = false;
+#endif /* !__LP64__ */
+                   _ranges.v = &_singleRange.v;
+               } else {
+                   _ranges.v = IONew(IOVirtualRange, count);
+                   if (!_ranges.v)
+                       return false;
+               }
                 bcopy(buffers, _ranges.v, count * sizeof(IOVirtualRange));
                 break;
             }
                 bcopy(buffers, _ranges.v, count * sizeof(IOVirtualRange));
                 break;
             }
@@ -928,19 +1607,18 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
  
         // Find starting address within the vector of ranges
         Ranges vec = _ranges;
  
         // Find starting address within the vector of ranges
         Ranges vec = _ranges;
-       UInt32 length = 0;
-       UInt32 pages = 0;
-       for (unsigned ind = 0; ind < count;  ind++) {
-           user_addr_t addr;
-           UInt32 len;
+       mach_vm_size_t totalLength = 0;
+       unsigned int ind, pages = 0;
+       for (ind = 0; ind < count; ind++) {
+           mach_vm_address_t addr;
+           mach_vm_address_t endAddr;
+           mach_vm_size_t    len;
  
             // addr & len are returned by this function
             getAddrLenForInd(addr, len, type, vec, ind);
  
             // addr & len are returned by this function
             getAddrLenForInd(addr, len, type, vec, ind);
-           pages += (atop_64(addr + len + PAGE_MASK) - atop_64(addr));
-           len += length;
-           assert(len >= length);      // Check for 32 bit wrap around
-           length = len;
-
+           if (os_add3_overflow(addr, len, PAGE_MASK, &endAddr))                   break;
+           if (os_add_overflow(pages, (atop_64(endAddr) - atop_64(addr)), &pages)) break;
+           if (os_add_overflow(totalLength, len, &totalLength))                    break;
             if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
             {
                 ppnum_t highPage = atop_64(addr + len - 1);
             if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
             {
                 ppnum_t highPage = atop_64(addr + len - 1);
@@ -948,7 +1626,10 @@ IOGeneralMemoryDescriptor::initWithOptions(void * buffers,
                     _highestPage = highPage;
             }
         } 
                     _highestPage = highPage;
             }
         } 
-       _length      = length;
+       if ((ind < count)
+        || (totalLength != ((IOByteCount) totalLength))) return (false); /* overflow */
+
+       _length      = totalLength;
         _pages       = pages;
         _rangesCount = count;
  
         _pages       = pages;
         _rangesCount = count;
  
@@ -958,23 +1639,21 @@ IOGeneralMemoryDescriptor::initWithOptions(void *        buffers,
              _wireCount++;      // Physical MDs are, by definition, wired
          else { /* kIOMemoryTypeVirtual | kIOMemoryTypeVirtual64 | kIOMemoryTypeUIO */
              ioGMDData *dataP;
              _wireCount++;      // Physical MDs are, by definition, wired
          else { /* kIOMemoryTypeVirtual | kIOMemoryTypeVirtual64 | kIOMemoryTypeUIO */
              ioGMDData *dataP;
-            unsigned dataSize = computeDataSize(_pages, /* upls */ count * 2);
+            unsigned dataSize;
  
  
-            if (!_memoryEntries) {
-                _memoryEntries = OSData::withCapacity(dataSize);
-                if (!_memoryEntries)
-                   return false;
-            }
-            else if (!_memoryEntries->initWithCapacity(dataSize))
-                return false;
-    
-            _memoryEntries->appendBytes(0, sizeof(ioGMDData));
+            if (_pages > atop_64(max_mem)) return false;
+
+            dataSize = computeDataSize(_pages, /* upls */ count * 2);
+            if (!initMemoryEntries(dataSize, mapper)) return false;
              dataP = getDataP(_memoryEntries);
              dataP = getDataP(_memoryEntries);
-            dataP->fMapper = mapper;
              dataP->fPageCnt = _pages;
  
              dataP->fPageCnt = _pages;
  
-           if ( (kIOMemoryPersistent & _flags) && !_memEntry)
-               _memEntry = createNamedEntry();
+           if ( (kIOMemoryPersistent & _flags) && !_memRef)
+           {
+               IOReturn 
+               err = memoryReferenceCreate(0, &_memRef);
+               if (kIOReturnSuccess != err) return false;
+           }
  
              if ((_flags & kIOMemoryAutoPrepare)
               && prepare() != kIOReturnSuccess)
  
              if ((_flags & kIOMemoryAutoPrepare)
               && prepare() != kIOReturnSuccess)
@@ -997,53 +1676,69 @@ void IOGeneralMemoryDescriptor::free()
      if( reserved)
      {
         LOCK;
      if( reserved)
      {
         LOCK;
-       reserved->memory = 0;
+       reserved->dp.memory = 0;
         UNLOCK;
      }
         UNLOCK;
      }
-
-    if ((kIOMemoryTypePhysical != type) && (kIOMemoryTypePhysical64 != type))
+    if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
      {
      {
-       while (_wireCount)
-           complete();
+       ioGMDData * dataP;
+       if (_memoryEntries && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase)
+       {
+           dataP->fMapper->iovmUnmapMemory(this, NULL, dataP->fMappedBase, dataP->fMappedLength);
+           dataP->fMappedBase = 0;
+       }
+    }
+    else
+    {
+       while (_wireCount) complete();
      }
      }
-    if (_memoryEntries)
-        _memoryEntries->release();
  
  
-    if (_ranges.v && _rangesIsAllocated)
+    if (_memoryEntries) _memoryEntries->release();
+
+    if (_ranges.v && !(kIOMemoryAsReference & _flags))
      {
         if (kIOMemoryTypeUIO == type)
             uio_free((uio_t) _ranges.v);
      {
         if (kIOMemoryTypeUIO == type)
             uio_free((uio_t) _ranges.v);
+#ifndef __LP64__
         else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type))
             IODelete(_ranges.v64, IOAddressRange, _rangesCount);
         else if ((kIOMemoryTypeVirtual64 == type) || (kIOMemoryTypePhysical64 == type))
             IODelete(_ranges.v64, IOAddressRange, _rangesCount);
+#endif /* !__LP64__ */
         else
             IODelete(_ranges.v, IOVirtualRange, _rangesCount);
  
         _ranges.v = NULL;
      }
  
         else
             IODelete(_ranges.v, IOVirtualRange, _rangesCount);
  
         _ranges.v = NULL;
      }
  
-    if (reserved && reserved->devicePager)
-       device_pager_deallocate( (memory_object_t) reserved->devicePager );
-
-    // memEntry holds a ref on the device pager which owns reserved
-    // (ExpansionData) so no reserved access after this point
-    if (_memEntry)
-        ipc_port_release_send( (ipc_port_t) _memEntry );
+    if (reserved)
+    {
+        if (reserved->dp.devicePager)
+        {
+            // memEntry holds a ref on the device pager which owns reserved
+            // (IOMemoryDescriptorReserved) so no reserved access after this point
+            device_pager_deallocate( (memory_object_t) reserved->dp.devicePager );
+        }
+        else
+            IODelete(reserved, IOMemoryDescriptorReserved, 1);
+        reserved = NULL;
+    }
  
  
-    if (_prepareLock)
-       IOLockFree(_prepareLock);
+    if (_memRef)      memoryReferenceRelease(_memRef);
+    if (_prepareLock) IOLockFree(_prepareLock);
  
      super::free();
  }
  
  
      super::free();
  }
  
-/* DEPRECATED */ void IOGeneralMemoryDescriptor::unmapFromKernel()
-/* DEPRECATED */ {
-                    panic("IOGMD::unmapFromKernel deprecated");
-/* DEPRECATED */ }
-/* DEPRECATED */ 
-/* DEPRECATED */ void IOGeneralMemoryDescriptor::mapIntoKernel(unsigned rangeIndex)
-/* DEPRECATED */ {
-                    panic("IOGMD::mapIntoKernel deprecated");
-/* DEPRECATED */ }
+#ifndef __LP64__
+void IOGeneralMemoryDescriptor::unmapFromKernel()
+{
+    panic("IOGMD::unmapFromKernel deprecated");
+}
+
+void IOGeneralMemoryDescriptor::mapIntoKernel(unsigned rangeIndex)
+{
+    panic("IOGMD::mapIntoKernel deprecated");
+}
+#endif /* !__LP64__ */
  
  /*
   * getDirection:
  
  /*
   * getDirection:
@@ -1052,7 +1747,11 @@ void IOGeneralMemoryDescriptor::free()
   */
  IODirection IOMemoryDescriptor::getDirection() const
  {
   */
  IODirection IOMemoryDescriptor::getDirection() const
  {
-    return _direction;
+#ifndef __LP64__
+    if (_direction)
+       return _direction;
+#endif /* !__LP64__ */
+    return (IODirection) (_flags & kIOMemoryDirectionMask);
  }
  
  /*
  }
  
  /*
@@ -1075,6 +1774,10 @@ IOOptionBits IOMemoryDescriptor::getTag( void )
      return( _tag);
  }
  
      return( _tag);
  }
  
+#ifndef __LP64__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
  // @@@ gvdl: who is using this API?  Seems like a wierd thing to implement.
  IOPhysicalAddress
  IOMemoryDescriptor::getSourceSegment( IOByteCount   offset, IOByteCount * length )
  // @@@ gvdl: who is using this API?  Seems like a wierd thing to implement.
  IOPhysicalAddress
  IOMemoryDescriptor::getSourceSegment( IOByteCount   offset, IOByteCount * length )
@@ -1089,25 +1792,33 @@ IOMemoryDescriptor::getSourceSegment( IOByteCount   offset, IOByteCount * length
      return( (IOPhysicalAddress) physAddr ); // truncated but only page offset is used
  }
  
      return( (IOPhysicalAddress) physAddr ); // truncated but only page offset is used
  }
  
+#pragma clang diagnostic pop
+
+#endif /* !__LP64__ */
+
  IOByteCount IOMemoryDescriptor::readBytes
                  (IOByteCount offset, void *bytes, IOByteCount length)
  {
  IOByteCount IOMemoryDescriptor::readBytes
                  (IOByteCount offset, void *bytes, IOByteCount length)
  {
-    addr64_t dstAddr = (addr64_t) (UInt32) bytes;
+    addr64_t dstAddr = CAST_DOWN(addr64_t, bytes);
      IOByteCount remaining;
  
      // Assert that this entire I/O is withing the available range
      IOByteCount remaining;
  
      // Assert that this entire I/O is withing the available range
-    assert(offset < _length);
+    assert(offset <= _length);
      assert(offset + length <= _length);
      assert(offset + length <= _length);
-    if (offset >= _length) {
+    if ((offset >= _length)
+     || ((offset + length) > _length)) {
          return 0;
      }
  
          return 0;
      }
  
+    if (kIOMemoryThreadSafe & _flags)
+       LOCK;
+
      remaining = length = min(length, _length - offset);
      while (remaining) {        // (process another target segment?)
          addr64_t       srcAddr64;
          IOByteCount    srcLen;
  
      remaining = length = min(length, _length - offset);
      while (remaining) {        // (process another target segment?)
          addr64_t       srcAddr64;
          IOByteCount    srcLen;
  
-        srcAddr64 = getPhysicalSegment64(offset, &srcLen);
+        srcAddr64 = getPhysicalSegment(offset, &srcLen, kIOMemoryMapperNone);
          if (!srcAddr64)
              break;
  
          if (!srcAddr64)
              break;
  
@@ -1123,33 +1834,42 @@ IOByteCount IOMemoryDescriptor::readBytes
          remaining -= srcLen;
      }
  
          remaining -= srcLen;
      }
  
+    if (kIOMemoryThreadSafe & _flags)
+       UNLOCK;
+
      assert(!remaining);
  
      return length - remaining;
  }
  
  IOByteCount IOMemoryDescriptor::writeBytes
      assert(!remaining);
  
      return length - remaining;
  }
  
  IOByteCount IOMemoryDescriptor::writeBytes
-                (IOByteCount offset, const void *bytes, IOByteCount length)
+                (IOByteCount inoffset, const void *bytes, IOByteCount length)
  {
  {
-    addr64_t srcAddr = (addr64_t) (UInt32) bytes;
+    addr64_t srcAddr = CAST_DOWN(addr64_t, bytes);
      IOByteCount remaining;
      IOByteCount remaining;
+    IOByteCount offset = inoffset;
  
      // Assert that this entire I/O is withing the available range
  
      // Assert that this entire I/O is withing the available range
-    assert(offset < _length);
+    assert(offset <= _length);
      assert(offset + length <= _length);
  
      assert( !(kIOMemoryPreparedReadOnly & _flags) );
  
      assert(offset + length <= _length);
  
      assert( !(kIOMemoryPreparedReadOnly & _flags) );
  
-    if ( (kIOMemoryPreparedReadOnly & _flags) || offset >= _length) {
+    if ( (kIOMemoryPreparedReadOnly & _flags)
+     || (offset >= _length)
+     || ((offset + length) > _length)) {
          return 0;
      }
  
          return 0;
      }
  
+    if (kIOMemoryThreadSafe & _flags)
+       LOCK;
+
      remaining = length = min(length, _length - offset);
      while (remaining) {        // (process another target segment?)
          addr64_t    dstAddr64;
          IOByteCount dstLen;
  
      remaining = length = min(length, _length - offset);
      while (remaining) {        // (process another target segment?)
          addr64_t    dstAddr64;
          IOByteCount dstLen;
  
-        dstAddr64 = getPhysicalSegment64(offset, &dstLen);
+        dstAddr64 = getPhysicalSegment(offset, &dstLen, kIOMemoryMapperNone);
          if (!dstAddr64)
              break;
  
          if (!dstAddr64)
              break;
  
@@ -1157,29 +1877,187 @@ IOByteCount IOMemoryDescriptor::writeBytes
          if (dstLen > remaining)
              dstLen = remaining;
  
          if (dstLen > remaining)
              dstLen = remaining;
  
-        copypv(srcAddr, (addr64_t) dstAddr64, dstLen,
-                            cppvPsnk | cppvFsnk | cppvNoRefSrc | cppvNoModSnk | cppvKmap);
-
-        srcAddr   += dstLen;
+       if (!srcAddr) bzero_phys(dstAddr64, dstLen);
+       else
+       {
+           copypv(srcAddr, (addr64_t) dstAddr64, dstLen,
+                   cppvPsnk | cppvFsnk | cppvNoRefSrc | cppvNoModSnk | cppvKmap);
+           srcAddr   += dstLen;
+       }
          offset    += dstLen;
          remaining -= dstLen;
      }
  
          offset    += dstLen;
          remaining -= dstLen;
      }
  
+    if (kIOMemoryThreadSafe & _flags)
+       UNLOCK;
+
      assert(!remaining);
  
      assert(!remaining);
  
+    if (!srcAddr) performOperation(kIOMemoryIncoherentIOFlush, inoffset, length);
+
      return length - remaining;
  }
  
      return length - remaining;
  }
  
-// osfmk/device/iokit_rpc.c
-extern "C" unsigned int IODefaultCacheBits(addr64_t pa);
+#ifndef __LP64__
+void IOGeneralMemoryDescriptor::setPosition(IOByteCount position)
+{
+    panic("IOGMD::setPosition deprecated");
+}
+#endif /* !__LP64__ */
+
+static volatile SInt64 gIOMDPreparationID __attribute__((aligned(8))) = (1ULL << 32);
+
+uint64_t
+IOGeneralMemoryDescriptor::getPreparationID( void )
+{
+    ioGMDData *dataP;
+
+    if (!_wireCount)
+       return (kIOPreparationIDUnprepared);
  
  
-/* DEPRECATED */ void IOGeneralMemoryDescriptor::setPosition(IOByteCount position)
-/* DEPRECATED */ {
-                    panic("IOGMD::setPosition deprecated");
-/* DEPRECATED */ }
+    if (((kIOMemoryTypeMask & _flags) == kIOMemoryTypePhysical)
+      || ((kIOMemoryTypeMask & _flags) == kIOMemoryTypePhysical64))
+    {
+        IOMemoryDescriptor::setPreparationID();
+        return (IOMemoryDescriptor::getPreparationID());
+    }
+
+    if (!_memoryEntries || !(dataP = getDataP(_memoryEntries)))
+       return (kIOPreparationIDUnprepared);
+
+    if (kIOPreparationIDUnprepared == dataP->fPreparationID)
+    {
+       dataP->fPreparationID = OSIncrementAtomic64(&gIOMDPreparationID);
+    }
+    return (dataP->fPreparationID);
+}
+
+IOMemoryDescriptorReserved * IOMemoryDescriptor::getKernelReserved( void )
+{
+    if (!reserved)
+    {
+        reserved = IONew(IOMemoryDescriptorReserved, 1);
+        if (reserved)
+            bzero(reserved, sizeof(IOMemoryDescriptorReserved));
+    }
+    return (reserved);
+}
+
+void IOMemoryDescriptor::setPreparationID( void )
+{
+    if (getKernelReserved() && (kIOPreparationIDUnprepared == reserved->preparationID))
+    {
+        reserved->preparationID = OSIncrementAtomic64(&gIOMDPreparationID);
+    }
+}
+
+uint64_t IOMemoryDescriptor::getPreparationID( void )
+{
+    if (reserved)
+        return (reserved->preparationID);    
+    else
+        return (kIOPreparationIDUnsupported);    
+}
+
+void IOMemoryDescriptor::setVMTags(vm_tag_t kernelTag, vm_tag_t userTag)
+{
+    if (!getKernelReserved()) return;
+    reserved->kernelTag = kernelTag;
+    reserved->userTag   = userTag;
+}
+
+vm_tag_t IOMemoryDescriptor::getVMTag(vm_map_t map)
+{
+    if (!reserved
+      || (VM_KERN_MEMORY_NONE == reserved->kernelTag)
+      || (VM_KERN_MEMORY_NONE == reserved->userTag))
+    {
+        return (IOMemoryTag(map));
+    }
+
+    if (vm_kernel_map_is_kernel(map)) return (reserved->kernelTag);
+    return (reserved->userTag);
+}
  
  IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const
  {
  
  IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const
  {
+    IOReturn err = kIOReturnSuccess;
+    DMACommandOps params;
+    IOGeneralMemoryDescriptor * md = const_cast<IOGeneralMemoryDescriptor *>(this);
+    ioGMDData *dataP;
+
+    params = (op & ~kIOMDDMACommandOperationMask & op);
+    op &= kIOMDDMACommandOperationMask;
+
+    if (kIOMDDMAMap == op)
+    {
+       if (dataSize < sizeof(IOMDDMAMapArgs))
+           return kIOReturnUnderrun;
+
+       IOMDDMAMapArgs * data = (IOMDDMAMapArgs *) vData;
+
+       if (!_memoryEntries 
+           && !md->initMemoryEntries(computeDataSize(0, 0), kIOMapperWaitSystem)) return (kIOReturnNoMemory);
+
+       if (_memoryEntries && data->fMapper)
+       {
+           bool remap, keepMap;
+           dataP = getDataP(_memoryEntries);
+
+           if (data->fMapSpec.numAddressBits < dataP->fDMAMapNumAddressBits) dataP->fDMAMapNumAddressBits = data->fMapSpec.numAddressBits;
+           if (data->fMapSpec.alignment      > dataP->fDMAMapAlignment)      dataP->fDMAMapAlignment      = data->fMapSpec.alignment;
+
+           keepMap = (data->fMapper == gIOSystemMapper);
+           keepMap &= ((data->fOffset == 0) && (data->fLength == _length));
+
+           remap = (!keepMap);
+           remap |= (dataP->fDMAMapNumAddressBits < 64)
+                 && ((dataP->fMappedBase + _length) > (1ULL << dataP->fDMAMapNumAddressBits));
+           remap |= (dataP->fDMAMapAlignment > page_size);
+
+           if (remap || !dataP->fMappedBase)
+           {
+//             if (dataP->fMappedBase) OSReportWithBacktrace("kIOMDDMAMap whole %d remap %d params %d\n", whole, remap, params);
+               err = md->dmaMap(data->fMapper, data->fCommand, &data->fMapSpec, data->fOffset, data->fLength, &data->fAlloc, &data->fAllocLength);
+               if (keepMap && (kIOReturnSuccess == err) && !dataP->fMappedBase)
+               {
+                   dataP->fMappedBase   = data->fAlloc;
+                   dataP->fMappedLength = data->fAllocLength;
+                   data->fAllocLength   = 0;                   // IOMD owns the alloc now
+               }
+           }
+           else
+           {
+               data->fAlloc = dataP->fMappedBase;
+               data->fAllocLength = 0;                         // give out IOMD map
+           }
+           data->fMapContig = !dataP->fDiscontig;
+       }
+
+       return (err);                           
+    }
+
+    if (kIOMDAddDMAMapSpec == op)
+    {
+       if (dataSize < sizeof(IODMAMapSpecification))
+           return kIOReturnUnderrun;
+
+       IODMAMapSpecification * data = (IODMAMapSpecification *) vData;
+
+       if (!_memoryEntries 
+           && !md->initMemoryEntries(computeDataSize(0, 0), kIOMapperWaitSystem)) return (kIOReturnNoMemory);
+
+       if (_memoryEntries)
+       {
+           dataP = getDataP(_memoryEntries);
+           if (data->numAddressBits < dataP->fDMAMapNumAddressBits)
+               dataP->fDMAMapNumAddressBits = data->numAddressBits;
+           if (data->alignment > dataP->fDMAMapAlignment)
+               dataP->fDMAMapAlignment = data->alignment;
+       }
+       return kIOReturnSuccess;
+    }
+
      if (kIOMDGetCharacteristics == op) {
  
         if (dataSize < sizeof(IOMDDMACharacteristics))
      if (kIOMDGetCharacteristics == op) {
  
         if (dataSize < sizeof(IOMDDMACharacteristics))
@@ -1189,29 +2067,25 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
         data->fLength = _length;
         data->fSGCount = _rangesCount;
         data->fPages = _pages;
         data->fLength = _length;
         data->fSGCount = _rangesCount;
         data->fPages = _pages;
-       data->fDirection = _direction;
+       data->fDirection = getDirection();
         if (!_wireCount)
             data->fIsPrepared = false;
         else {
             data->fIsPrepared = true;
             data->fHighestPage = _highestPage;
         if (!_wireCount)
             data->fIsPrepared = false;
         else {
             data->fIsPrepared = true;
             data->fHighestPage = _highestPage;
-           if (_memoryEntries) {
-               ioGMDData *gmdData = getDataP(_memoryEntries);
-               ioPLBlock *ioplList = getIOPLList(gmdData);
-               UInt count = getNumIOPL(_memoryEntries, gmdData);
-
-               data->fIsMapped = (gmdData->fMapper && _pages && (count > 0)
-                              && ioplList[0].fMappedBase);
+           if (_memoryEntries)
+           {
+               dataP = getDataP(_memoryEntries);
+               ioPLBlock *ioplList = getIOPLList(dataP);
+               UInt count = getNumIOPL(_memoryEntries, dataP);
                 if (count == 1)
                     data->fPageAlign = (ioplList[0].fPageOffset & PAGE_MASK) | ~PAGE_MASK;
             }
                 if (count == 1)
                     data->fPageAlign = (ioplList[0].fPageOffset & PAGE_MASK) | ~PAGE_MASK;
             }
-           else
-               data->fIsMapped = false;
         }
  
         return kIOReturnSuccess;
         }
  
         return kIOReturnSuccess;
-    }
-    else if (!(kIOMDWalkSegments & op))
+
+    } else if (kIOMDWalkSegments != op)
         return kIOReturnBadArgument;
  
      // Get the next segment
         return kIOReturnBadArgument;
  
      // Get the next segment
@@ -1230,12 +2104,32 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
      UInt offset = isP->fIO.fOffset;
      bool mapped = isP->fIO.fMapped;
  
      UInt offset = isP->fIO.fOffset;
      bool mapped = isP->fIO.fMapped;
  
+    if (IOMapper::gSystem && mapped
+        && (!(kIOMemoryHostOnly & _flags))
+       && (!_memoryEntries || !getDataP(_memoryEntries)->fMappedBase))
+//     && (_memoryEntries && !getDataP(_memoryEntries)->fMappedBase))
+    {
+       if (!_memoryEntries 
+           && !md->initMemoryEntries(computeDataSize(0, 0), kIOMapperWaitSystem)) return (kIOReturnNoMemory);
+
+       dataP = getDataP(_memoryEntries);
+       if (dataP->fMapper)
+       {
+           IODMAMapSpecification mapSpec;
+           bzero(&mapSpec, sizeof(mapSpec));
+           mapSpec.numAddressBits = dataP->fDMAMapNumAddressBits;
+           mapSpec.alignment = dataP->fDMAMapAlignment;
+           err = md->dmaMap(dataP->fMapper, NULL, &mapSpec, 0, _length, &dataP->fMappedBase, &dataP->fMappedLength);
+           if (kIOReturnSuccess != err) return (err);
+       }
+    }
+
      if (offset >= _length)
         return (offset == _length)? kIOReturnOverrun : kIOReturnInternalError;
  
      // Validate the previous offset
      UInt ind, off2Ind = isP->fOffset2Index;
      if (offset >= _length)
         return (offset == _length)? kIOReturnOverrun : kIOReturnInternalError;
  
      // Validate the previous offset
      UInt ind, off2Ind = isP->fOffset2Index;
-    if ((kIOMDFirstSegment != op) 
+    if (!params
         && offset 
         && (offset == isP->fNextOffset || off2Ind <= offset))
         ind = isP->fIndex;
         && offset 
         && (offset == isP->fNextOffset || off2Ind <= offset))
         ind = isP->fIndex;
@@ -1244,13 +2138,15 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
  
      UInt length;
      UInt64 address;
  
      UInt length;
      UInt64 address;
+
+
      if ( (_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical) {
  
         // Physical address based memory descriptor
         const IOPhysicalRange *physP = (IOPhysicalRange *) &_ranges.p[0];
  
         // Find the range after the one that contains the offset
      if ( (_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical) {
  
         // Physical address based memory descriptor
         const IOPhysicalRange *physP = (IOPhysicalRange *) &_ranges.p[0];
  
         // Find the range after the one that contains the offset
-       UInt len;
+       mach_vm_size_t len;
         for (len = 0; off2Ind <= offset; ind++) {
             len = physP[ind].length;
             off2Ind += len;
         for (len = 0; off2Ind <= offset; ind++) {
             len = physP[ind].length;
             off2Ind += len;
@@ -1260,18 +2156,27 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
         length   = off2Ind - offset;
         address  = physP[ind - 1].address + len - length;
  
         length   = off2Ind - offset;
         address  = physP[ind - 1].address + len - length;
  
-       // see how far we can coalesce ranges
-       while (ind < _rangesCount && address + length == physP[ind].address) {
-           len = physP[ind].length;
-           length += len;
-           off2Ind += len;
-           ind++;
+       if (true && mapped && _memoryEntries 
+               && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase)
+       {
+           address = dataP->fMappedBase + offset;
+       }
+       else
+       {
+           // see how far we can coalesce ranges
+           while (ind < _rangesCount && address + length == physP[ind].address) {
+               len = physP[ind].length;
+               length += len;
+               off2Ind += len;
+               ind++;
+           }
         }
  
         // correct contiguous check overshoot
         ind--;
         off2Ind -= len;
      }
         }
  
         // correct contiguous check overshoot
         ind--;
         off2Ind -= len;
      }
+#ifndef __LP64__
      else if ( (_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical64) {
  
         // Physical address based memory descriptor
      else if ( (_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical64) {
  
         // Physical address based memory descriptor
@@ -1288,25 +2193,33 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
         length   = off2Ind - offset;
         address  = physP[ind - 1].address + len - length;
  
         length   = off2Ind - offset;
         address  = physP[ind - 1].address + len - length;
  
-       // see how far we can coalesce ranges
-       while (ind < _rangesCount && address + length == physP[ind].address) {
-           len = physP[ind].length;
-           length += len;
-           off2Ind += len;
-           ind++;
+       if (true && mapped && _memoryEntries 
+               && (dataP = getDataP(_memoryEntries)) && dataP->fMappedBase)
+       {
+           address = dataP->fMappedBase + offset;
+       }
+       else
+       {
+           // see how far we can coalesce ranges
+           while (ind < _rangesCount && address + length == physP[ind].address) {
+               len = physP[ind].length;
+               length += len;
+               off2Ind += len;
+               ind++;
+           }
         }
         }
-
         // correct contiguous check overshoot
         ind--;
         off2Ind -= len;
         // correct contiguous check overshoot
         ind--;
         off2Ind -= len;
-    }
+    } 
+#endif /* !__LP64__ */
      else do {
         if (!_wireCount)
             panic("IOGMD: not wired for the IODMACommand");
  
         assert(_memoryEntries);
  
      else do {
         if (!_wireCount)
             panic("IOGMD: not wired for the IODMACommand");
  
         assert(_memoryEntries);
  
-       ioGMDData * dataP = getDataP(_memoryEntries);
+       dataP = getDataP(_memoryEntries);
         const ioPLBlock *ioplList = getIOPLList(dataP);
         UInt numIOPLs = getNumIOPL(_memoryEntries, dataP);
         upl_page_info_t *pageList = getPageList(dataP);
         const ioPLBlock *ioplList = getIOPLList(dataP);
         UInt numIOPLs = getNumIOPL(_memoryEntries, dataP);
         upl_page_info_t *pageList = getPageList(dataP);
@@ -1332,9 +2245,9 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
  
         // If a mapped address is requested and this is a pre-mapped IOPL
         // then just need to compute an offset relative to the mapped base.
  
         // If a mapped address is requested and this is a pre-mapped IOPL
         // then just need to compute an offset relative to the mapped base.
-       if (mapped && ioplInfo.fMappedBase) {
+       if (mapped && dataP->fMappedBase) {
             offset += (ioplInfo.fPageOffset & PAGE_MASK);
             offset += (ioplInfo.fPageOffset & PAGE_MASK);
-           address = ptoa_64(ioplInfo.fMappedBase) + offset;
+           address = trunc_page_64(dataP->fMappedBase) + ptoa_64(ioplInfo.fMappedPage) + offset;
             continue;   // Done leave do/while(false) now
         }
  
             continue;   // Done leave do/while(false) now
         }
  
@@ -1361,6 +2274,10 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
  
         // Compute the starting address of this segment
         IOPhysicalAddress pageAddr = pageList[pageInd].phys_addr;
  
         // Compute the starting address of this segment
         IOPhysicalAddress pageAddr = pageList[pageInd].phys_addr;
+       if (!pageAddr) {
+           panic("!pageList phys_addr");
+       }
+
         address = ptoa_64(pageAddr) + offset;
  
         // length is currently set to the length of the remainider of the iopl.
         address = ptoa_64(pageAddr) + offset;
  
         // length is currently set to the length of the remainider of the iopl.
@@ -1393,28 +2310,70 @@ IOReturn IOGeneralMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *
  }
  
  addr64_t
  }
  
  addr64_t
-IOGeneralMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount *lengthOfSegment)
+IOGeneralMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment, IOOptionBits options)
  {
  {
-    IOReturn    ret;
-    IOByteCount length  = 0;
-    addr64_t    address = 0;
+    IOReturn          ret;
+    mach_vm_address_t address = 0;
+    mach_vm_size_t    length  = 0;
+    IOMapper *        mapper  = gIOSystemMapper;
+    IOOptionBits      type    = _flags & kIOMemoryTypeMask;
+
+    if (lengthOfSegment)
+        *lengthOfSegment = 0;
+
+    if (offset >= _length)
+        return 0;
+
+    // IOMemoryDescriptor::doMap() cannot use getPhysicalSegment() to obtain the page offset, since it must
+    // support the unwired memory case in IOGeneralMemoryDescriptor, and hibernate_write_image() cannot use
+    // map()->getVirtualAddress() to obtain the kernel pointer, since it must prevent the memory allocation
+    // due to IOMemoryMap, so _kIOMemorySourceSegment is a necessary evil until all of this gets cleaned up
+
+    if ((options & _kIOMemorySourceSegment) && (kIOMemoryTypeUPL != type))
+    {
+        unsigned rangesIndex = 0;
+       Ranges vec = _ranges;
+       mach_vm_address_t addr;
+
+       // Find starting address within the vector of ranges
+       for (;;) {
+           getAddrLenForInd(addr, length, type, vec, rangesIndex);
+           if (offset < length)
+               break;
+           offset -= length; // (make offset relative)
+           rangesIndex++;
+       } 
+
+       // Now that we have the starting range,
+       // lets find the last contiguous range
+        addr   += offset;
+        length -= offset;
  
  
-    if (gIOSystemMapper && (kIOMemoryTypePhysical == (_flags & kIOMemoryTypeMask)))
-       return (super::getPhysicalSegment64(offset, lengthOfSegment));
+        for ( ++rangesIndex; rangesIndex < _rangesCount; rangesIndex++ ) {
+           mach_vm_address_t newAddr;
+           mach_vm_size_t    newLen;
  
  
-    if (offset < _length) // (within bounds?)
+           getAddrLenForInd(newAddr, newLen, type, vec, rangesIndex);
+           if (addr + length != newAddr)
+               break;
+           length += newLen;
+       } 
+        if (addr)
+           address = (IOPhysicalAddress) addr; // Truncate address to 32bit
+    }
+    else
      {
         IOMDDMAWalkSegmentState _state;
      {
         IOMDDMAWalkSegmentState _state;
-       IOMDDMAWalkSegmentArgs * state = (IOMDDMAWalkSegmentArgs *) &_state;
+       IOMDDMAWalkSegmentArgs * state = (IOMDDMAWalkSegmentArgs *) (void *)&_state;
  
         state->fOffset = offset;
         state->fLength = _length - offset;
  
         state->fOffset = offset;
         state->fLength = _length - offset;
-       state->fMapped = false;
+       state->fMapped = (0 == (options & kIOMemoryMapperNone)) && !(_flags & kIOMemoryHostOnly);
  
         ret = dmaCommandOperation(kIOMDFirstSegment, _state, sizeof(_state));
  
         if ((kIOReturnSuccess != ret) && (kIOReturnOverrun != ret))
  
         ret = dmaCommandOperation(kIOMDFirstSegment, _state, sizeof(_state));
  
         if ((kIOReturnSuccess != ret) && (kIOReturnOverrun != ret))
-               DEBG("getPhysicalSegment64 dmaCommandOperation(%lx), %p, offset %qx, addr %qx, len %qx\n", 
+               DEBG("getPhysicalSegment dmaCommandOperation(%lx), %p, offset %qx, addr %qx, len %qx\n", 
                                         ret, this, state->fOffset,
                                         state->fIOVMAddr, state->fLength);
         if (kIOReturnSuccess == ret)
                                         ret, this, state->fOffset,
                                         state->fIOVMAddr, state->fLength);
         if (kIOReturnSuccess == ret)
@@ -1422,60 +2381,86 @@ IOGeneralMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount
             address = state->fIOVMAddr;
             length  = state->fLength;
         }
             address = state->fIOVMAddr;
             length  = state->fLength;
         }
-        if (!address)
-            length = 0;
+
+       // dmaCommandOperation() does not distinguish between "mapped" and "unmapped" physical memory, even
+       // with fMapped set correctly, so we must handle the transformation here until this gets cleaned up
+
+       if (mapper && ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type)))
+       {
+           if ((options & kIOMemoryMapperNone) && !(_flags & kIOMemoryMapperNone))
+           {
+               addr64_t    origAddr = address;
+               IOByteCount origLen  = length;
+
+               address = mapper->mapToPhysicalAddress(origAddr);
+               length = page_size - (address & (page_size - 1));
+               while ((length < origLen)
+                   && ((address + length) == mapper->mapToPhysicalAddress(origAddr + length)))
+                   length += page_size;
+               if (length > origLen)
+                   length = origLen;
+           }
+       }
      }
  
      }
  
+    if (!address)
+        length = 0;
+
      if (lengthOfSegment)
          *lengthOfSegment = length;
  
      return (address);
  }
  
      if (lengthOfSegment)
          *lengthOfSegment = length;
  
      return (address);
  }
  
-IOPhysicalAddress
-IOGeneralMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment)
-{
-    IOReturn          ret;
-    IOByteCount       length  = 0;
-    addr64_t         address = 0;
+#ifndef __LP64__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
  
  
-//  assert(offset <= _length);
+addr64_t
+IOMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment, IOOptionBits options)
+{
+    addr64_t address = 0;
  
  
-    if (offset < _length) // (within bounds?)
+    if (options & _kIOMemorySourceSegment)
      {
      {
-       IOMDDMAWalkSegmentState _state;
-       IOMDDMAWalkSegmentArgs * state = (IOMDDMAWalkSegmentArgs *) &_state;
+        address = getSourceSegment(offset, lengthOfSegment);
+    }
+    else if (options & kIOMemoryMapperNone)
+    {
+        address = getPhysicalSegment64(offset, lengthOfSegment);
+    }
+    else
+    {
+        address = getPhysicalSegment(offset, lengthOfSegment);
+    }
  
  
-       state->fOffset = offset;
-       state->fLength = _length - offset;
-       state->fMapped = true;
+    return (address);
+}
+#pragma clang diagnostic pop
  
  
-       ret = dmaCommandOperation(
-               kIOMDFirstSegment, _state, sizeof(_state));
+addr64_t
+IOGeneralMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount *lengthOfSegment)
+{
+    return (getPhysicalSegment(offset, lengthOfSegment, kIOMemoryMapperNone));
+}
  
  
-       if ((kIOReturnSuccess != ret) && (kIOReturnOverrun != ret))
-           DEBG("getPhysicalSegment dmaCommandOperation(%lx), %p, offset %qx, addr %qx, len %qx\n", 
-                                   ret, this, state->fOffset,
-                                   state->fIOVMAddr, state->fLength);
-       if (kIOReturnSuccess == ret)
-       {
-           address = state->fIOVMAddr;
-           length  = state->fLength;
-       }
+IOPhysicalAddress
+IOGeneralMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment)
+{
+    addr64_t    address = 0;
+    IOByteCount length  = 0;
  
  
-        if (!address)
-            length = 0;
-    }
+    address = getPhysicalSegment(offset, lengthOfSegment, 0);
+
+    if (lengthOfSegment)
+       length = *lengthOfSegment;
  
      if ((address + length) > 0x100000000ULL)
      {
         panic("getPhysicalSegment() out of 32b range 0x%qx, len 0x%lx, class %s",
  
      if ((address + length) > 0x100000000ULL)
      {
         panic("getPhysicalSegment() out of 32b range 0x%qx, len 0x%lx, class %s",
-                   address, length, (getMetaClass())->getClassName());
+                   address, (long) length, (getMetaClass())->getClassName());
      }
  
      }
  
-    if (lengthOfSegment)
-        *lengthOfSegment = length;
-
      return ((IOPhysicalAddress) address);
  }
  
      return ((IOPhysicalAddress) address);
  }
  
@@ -1498,11 +2483,11 @@ IOMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount *length
      {
         IOByteCount origLen;
  
      {
         IOByteCount origLen;
  
-       phys64 = mapper->mapAddr(phys32);
+       phys64 = mapper->mapToPhysicalAddress(phys32);
         origLen = *lengthOfSegment;
         length = page_size - (phys64 & (page_size - 1));
         while ((length < origLen)
         origLen = *lengthOfSegment;
         length = page_size - (phys64 & (page_size - 1));
         while ((length < origLen)
-           && ((phys64 + length) == mapper->mapAddr(phys32 + length)))
+           && ((phys64 + length) == mapper->mapToPhysicalAddress(phys32 + length)))
             length += page_size;
         if (length > origLen)
             length = origLen;
             length += page_size;
         if (length > origLen)
             length = origLen;
@@ -1512,78 +2497,47 @@ IOMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount *length
      else
         phys64 = (addr64_t) phys32;
  
      else
         phys64 = (addr64_t) phys32;
  
-    return phys64;
-}
-
-IOPhysicalAddress
-IOGeneralMemoryDescriptor::getSourceSegment(IOByteCount offset, IOByteCount *lengthOfSegment)
-{
-    IOPhysicalAddress address = 0;
-    IOPhysicalLength  length  = 0;
-    IOOptionBits      type    = _flags & kIOMemoryTypeMask;
-
-    assert(offset <= _length);
-
-    if ( type == kIOMemoryTypeUPL)
-       return super::getSourceSegment( offset, lengthOfSegment );
-    else if ( offset < _length ) // (within bounds?)
-    {
-        unsigned rangesIndex = 0;
-       Ranges vec = _ranges;
-       user_addr_t addr;
-
-       // Find starting address within the vector of ranges
-       for (;;) {
-           getAddrLenForInd(addr, length, type, vec, rangesIndex);
-           if (offset < length)
-               break;
-           offset -= length; // (make offset relative)
-           rangesIndex++;
-       } 
-
-       // Now that we have the starting range,
-       // lets find the last contiguous range
-        addr   += offset;
-        length -= offset;
-
-        for ( ++rangesIndex; rangesIndex < _rangesCount; rangesIndex++ ) {
-           user_addr_t      newAddr;
-           IOPhysicalLength newLen;
-
-           getAddrLenForInd(newAddr, newLen, type, vec, rangesIndex);
-           if (addr + length != newAddr)
-               break;
-           length += newLen;
-       } 
-        if (addr)
-           address = (IOPhysicalAddress) addr; // Truncate address to 32bit
-       else
-           length = 0;
-    }
-
-    if ( lengthOfSegment )  *lengthOfSegment = length;
+    return phys64;
+}
  
  
-    return address;
+IOPhysicalAddress
+IOMemoryDescriptor::getPhysicalSegment(IOByteCount offset, IOByteCount *lengthOfSegment)
+{
+    return ((IOPhysicalAddress) getPhysicalSegment(offset, lengthOfSegment, 0));
  }
  
  }
  
-/* DEPRECATED */ /* USE INSTEAD: map(), readBytes(), writeBytes() */
-/* DEPRECATED */ void * IOGeneralMemoryDescriptor::getVirtualSegment(IOByteCount offset,
-/* DEPRECATED */                                                       IOByteCount * lengthOfSegment)
-/* DEPRECATED */ {
-                    if (_task == kernel_task)
-                        return (void *) getSourceSegment(offset, lengthOfSegment);
-                    else
-                        panic("IOGMD::getVirtualSegment deprecated");
+IOPhysicalAddress
+IOGeneralMemoryDescriptor::getSourceSegment(IOByteCount offset, IOByteCount *lengthOfSegment)
+{
+    return ((IOPhysicalAddress) getPhysicalSegment(offset, lengthOfSegment, _kIOMemorySourceSegment));
+}
  
  
-                    return 0;
-/* DEPRECATED */ }
-/* DEPRECATED */ /* USE INSTEAD: map(), readBytes(), writeBytes() */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
  
  
+void * IOGeneralMemoryDescriptor::getVirtualSegment(IOByteCount offset,
+                                                       IOByteCount * lengthOfSegment)
+{
+    if (_task == kernel_task)
+        return (void *) getSourceSegment(offset, lengthOfSegment);
+    else
+        panic("IOGMD::getVirtualSegment deprecated");
  
  
+    return 0;
+}
+#pragma clang diagnostic pop
+#endif /* !__LP64__ */
  
  IOReturn 
  IOMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const
  {
  
  IOReturn 
  IOMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const
  {
+    IOMemoryDescriptor *md = const_cast<IOMemoryDescriptor *>(this);
+    DMACommandOps params;
+    IOReturn err;
+
+    params = (op & ~kIOMDDMACommandOperationMask & op);
+    op &= kIOMDDMACommandOperationMask;
+
      if (kIOMDGetCharacteristics == op) {
         if (dataSize < sizeof(IOMDDMACharacteristics))
             return kIOReturnUnderrun;
      if (kIOMDGetCharacteristics == op) {
         if (dataSize < sizeof(IOMDDMACharacteristics))
             return kIOReturnUnderrun;
@@ -1591,12 +2545,10 @@ IOMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt data
         IOMDDMACharacteristics *data = (IOMDDMACharacteristics *) vData;
         data->fLength = getLength();
         data->fSGCount = 0;
         IOMDDMACharacteristics *data = (IOMDDMACharacteristics *) vData;
         data->fLength = getLength();
         data->fSGCount = 0;
-       data->fDirection = _direction;
-       if (IOMapper::gSystem)
-           data->fIsMapped = true;
+       data->fDirection = getDirection();
         data->fIsPrepared = true;       // Assume prepared - fails safe
      }
         data->fIsPrepared = true;       // Assume prepared - fails safe
      }
-    else if (kIOMDWalkSegments & op) {
+    else if (kIOMDWalkSegments == op) {
         if (dataSize < sizeof(IOMDDMAWalkSegmentArgs))
             return kIOReturnUnderrun;
  
         if (dataSize < sizeof(IOMDDMAWalkSegmentArgs))
             return kIOReturnUnderrun;
  
@@ -1604,96 +2556,162 @@ IOMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt data
         IOByteCount offset  = (IOByteCount) data->fOffset;
  
         IOPhysicalLength length;
         IOByteCount offset  = (IOByteCount) data->fOffset;
  
         IOPhysicalLength length;
-       IOMemoryDescriptor *ncmd = const_cast<IOMemoryDescriptor *>(this);
         if (data->fMapped && IOMapper::gSystem)
         if (data->fMapped && IOMapper::gSystem)
-           data->fIOVMAddr = ncmd->getPhysicalSegment(offset, &length);
+           data->fIOVMAddr = md->getPhysicalSegment(offset, &length);
         else
         else
-           data->fIOVMAddr = ncmd->getPhysicalSegment64(offset, &length);
+           data->fIOVMAddr = md->getPhysicalSegment(offset, &length, kIOMemoryMapperNone);
         data->fLength = length;
      }
         data->fLength = length;
      }
-    else
-       return kIOReturnBadArgument;
+    else if (kIOMDAddDMAMapSpec == op) return kIOReturnUnsupported;
+    else if (kIOMDDMAMap == op)
+    {
+       if (dataSize < sizeof(IOMDDMAMapArgs))
+           return kIOReturnUnderrun;
+       IOMDDMAMapArgs * data = (IOMDDMAMapArgs *) vData;
+
+       if (params) panic("class %s does not support IODMACommand::kIterateOnly", getMetaClass()->getClassName());
+
+       data->fMapContig = true;
+       err = md->dmaMap(data->fMapper, data->fCommand, &data->fMapSpec, data->fOffset, data->fLength, &data->fAlloc, &data->fAllocLength);
+       return (err);                           
+    }
+    else return kIOReturnBadArgument;
  
      return kIOReturnSuccess;
  }
  
  
      return kIOReturnSuccess;
  }
  
-IOReturn IOMemoryDescriptor::setPurgeable( IOOptionBits newState,
-                                           IOOptionBits * oldState )
+IOReturn 
+IOGeneralMemoryDescriptor::setPurgeable( IOOptionBits newState,
+                                                  IOOptionBits * oldState )
  {
      IOReturn     err = kIOReturnSuccess;
  {
      IOReturn     err = kIOReturnSuccess;
+
      vm_purgable_t control;
      int           state;
  
      vm_purgable_t control;
      int           state;
  
-    do 
+    if (_memRef)
      {
      {
-        if (!_memEntry)
-        {
-            err = kIOReturnNotReady;
-            break;
-        }
+       err = super::setPurgeable(newState, oldState);
+    }
+    else
+    {
+       if (kIOMemoryThreadSafe & _flags)
+           LOCK;
+       do
+       {
+           // Find the appropriate vm_map for the given task
+           vm_map_t curMap;
+           if (_task == kernel_task && (kIOMemoryBufferPageable & _flags))
+           {
+               err = kIOReturnNotReady;
+               break;
+           }
+           else if (!_task)
+           {
+               err = kIOReturnUnsupported;
+               break;
+           }
+           else
+               curMap = get_task_map(_task);
  
  
-        control = VM_PURGABLE_SET_STATE;
-        switch (newState)
-        {
-            case kIOMemoryPurgeableKeepCurrent:
-                control = VM_PURGABLE_GET_STATE;
-                break;
+           // can only do one range
+           Ranges vec = _ranges;
+           IOOptionBits type = _flags & kIOMemoryTypeMask;
+           mach_vm_address_t addr; 
+           mach_vm_size_t    len;
+           getAddrLenForInd(addr, len, type, vec, 0);
  
  
-            case kIOMemoryPurgeableNonVolatile:
-                state = VM_PURGABLE_NONVOLATILE;
-                break;
-            case kIOMemoryPurgeableVolatile:
-                state = VM_PURGABLE_VOLATILE;
-                break;
-            case kIOMemoryPurgeableEmpty:
-                state = VM_PURGABLE_EMPTY;
-                break;
-            default:
-                err = kIOReturnBadArgument;
-                break;
-        }
+           err = purgeableControlBits(newState, &control, &state);
+           if (kIOReturnSuccess != err)
+               break;
+           err = mach_vm_purgable_control(curMap, addr, control, &state);
+           if (oldState)
+           {
+               if (kIOReturnSuccess == err)
+               {
+                   err = purgeableStateBits(&state);
+                   *oldState = state;
+               }
+           }
+       }
+       while (false);
+       if (kIOMemoryThreadSafe & _flags)
+           UNLOCK;
+    }
  
  
-        if (kIOReturnSuccess != err)
-            break;
+    return (err);
+}
+
+IOReturn IOMemoryDescriptor::setPurgeable( IOOptionBits newState,
+                                           IOOptionBits * oldState )
+{
+    IOReturn err = kIOReturnNotReady;
  
  
-        err = mach_memory_entry_purgable_control((ipc_port_t) _memEntry, control, &state);
+    if (kIOMemoryThreadSafe & _flags) LOCK;
+    if (_memRef) err = IOGeneralMemoryDescriptor::memoryReferenceSetPurgeable(_memRef, newState, oldState);
+    if (kIOMemoryThreadSafe & _flags) UNLOCK;
  
  
-        if (oldState)
-        {
-            if (kIOReturnSuccess == err)
-            {
-                switch (state)
-                {
-                    case VM_PURGABLE_NONVOLATILE:
-                        state = kIOMemoryPurgeableNonVolatile;
-                        break;
-                    case VM_PURGABLE_VOLATILE:
-                        state = kIOMemoryPurgeableVolatile;
-                        break;
-                    case VM_PURGABLE_EMPTY:
-                        state = kIOMemoryPurgeableEmpty;
-                        break;
-                    default:
-                        state = kIOMemoryPurgeableNonVolatile;
-                        err = kIOReturnNotReady;
-                        break;
-                }
-                *oldState = state;
-            }
-        }
+    return (err);
+}
+ 
+IOReturn IOMemoryDescriptor::getPageCounts( IOByteCount * residentPageCount,
+                                           IOByteCount * dirtyPageCount )
+{
+    IOReturn err = kIOReturnNotReady;
+
+    if (kIOMemoryThreadSafe & _flags) LOCK;
+    if (_memRef) err = IOGeneralMemoryDescriptor::memoryReferenceGetPageCounts(_memRef, residentPageCount, dirtyPageCount);
+    else
+    {
+       IOMultiMemoryDescriptor * mmd;
+       IOSubMemoryDescriptor   * smd;
+       if ((smd = OSDynamicCast(IOSubMemoryDescriptor, this)))
+       {
+           err = smd->getPageCounts(residentPageCount, dirtyPageCount);
+       }
+       else if ((mmd = OSDynamicCast(IOMultiMemoryDescriptor, this)))
+       {
+           err = mmd->getPageCounts(residentPageCount, dirtyPageCount);
+       }
      }
      }
-    while (false);
+    if (kIOMemoryThreadSafe & _flags) UNLOCK;
  
      return (err);
  }
  
      return (err);
  }
+ 
  
  extern "C" void dcache_incoherent_io_flush64(addr64_t pa, unsigned int count);
  extern "C" void dcache_incoherent_io_store64(addr64_t pa, unsigned int count);
  
  
  extern "C" void dcache_incoherent_io_flush64(addr64_t pa, unsigned int count);
  extern "C" void dcache_incoherent_io_store64(addr64_t pa, unsigned int count);
  
+static void SetEncryptOp(addr64_t pa, unsigned int count)
+{
+    ppnum_t page, end;
+
+    page = atop_64(round_page_64(pa));
+    end  = atop_64(trunc_page_64(pa + count));
+    for (; page < end; page++)
+    {
+        pmap_clear_noencrypt(page);    
+    }
+}
+
+static void ClearEncryptOp(addr64_t pa, unsigned int count)
+{
+    ppnum_t page, end;
+
+    page = atop_64(round_page_64(pa));
+    end  = atop_64(trunc_page_64(pa + count));
+    for (; page < end; page++)
+    {
+        pmap_set_noencrypt(page);    
+    }
+}
+
  IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options,
                                                  IOByteCount offset, IOByteCount length )
  {
      IOByteCount remaining;
  IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options,
                                                  IOByteCount offset, IOByteCount length )
  {
      IOByteCount remaining;
+    unsigned int res;
      void (*func)(addr64_t pa, unsigned int count) = 0;
  
      switch (options)
      void (*func)(addr64_t pa, unsigned int count) = 0;
  
      switch (options)
@@ -1704,11 +2722,22 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options,
          case kIOMemoryIncoherentIOStore:
              func = &dcache_incoherent_io_store64;
              break;
          case kIOMemoryIncoherentIOStore:
              func = &dcache_incoherent_io_store64;
              break;
+
+        case kIOMemorySetEncrypted:
+            func = &SetEncryptOp;
+            break;
+        case kIOMemoryClearEncrypted:
+            func = &ClearEncryptOp;
+            break;
      }
  
      if (!func)
          return (kIOReturnUnsupported);
  
      }
  
      if (!func)
          return (kIOReturnUnsupported);
  
+    if (kIOMemoryThreadSafe & _flags)
+       LOCK;
+
+    res = 0x0UL;
      remaining = length = min(length, getLength() - offset);
      while (remaining)
      // (process another target segment?)
      remaining = length = min(length, getLength() - offset);
      while (remaining)
      // (process another target segment?)
@@ -1716,7 +2745,7 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options,
          addr64_t    dstAddr64;
          IOByteCount dstLen;
  
          addr64_t    dstAddr64;
          IOByteCount dstLen;
  
-        dstAddr64 = getPhysicalSegment64(offset, &dstLen);
+        dstAddr64 = getPhysicalSegment(offset, &dstLen, kIOMemoryMapperNone);
          if (!dstAddr64)
              break;
  
          if (!dstAddr64)
              break;
  
@@ -1730,22 +2759,30 @@ IOReturn IOMemoryDescriptor::performOperation( IOOptionBits options,
          remaining -= dstLen;
      }
  
          remaining -= dstLen;
      }
  
+    if (kIOMemoryThreadSafe & _flags)
+       UNLOCK;
+
      return (remaining ? kIOReturnUnderrun : kIOReturnSuccess);
  }
  
      return (remaining ? kIOReturnUnderrun : kIOReturnSuccess);
  }
  
-#if    defined(__ppc__) || defined(__arm__)
-extern vm_offset_t             static_memory_end;
-#define io_kernel_static_end   static_memory_end
+/*
+ *
+ */
+
+#if defined(__i386__) || defined(__x86_64__)
+
+#define io_kernel_static_start vm_kernel_stext
+#define io_kernel_static_end   vm_kernel_etext
+
  #else
  #else
-extern vm_offset_t             first_avail;
-#define io_kernel_static_end   first_avail
+#error io_kernel_static_end is undefined for this architecture
  #endif
  
  static kern_return_t
  io_get_kernel_static_upl(
         vm_map_t                /* map */,
  #endif
  
  static kern_return_t
  io_get_kernel_static_upl(
         vm_map_t                /* map */,
-       vm_address_t            offset,
-       vm_size_t               *upl_size,
+       uintptr_t               offset,
+       upl_size_t              *upl_size,
         upl_t                   *upl,
         upl_page_info_array_t   page_list,
         unsigned int            *count,
         upl_t                   *upl,
         upl_page_info_array_t   page_list,
         unsigned int            *count,
@@ -1767,13 +2804,13 @@ io_get_kernel_static_upl(
         if (!phys)
             break;
         page_list[page].phys_addr = phys;
         if (!phys)
             break;
         page_list[page].phys_addr = phys;
-       page_list[page].pageout   = 0;
+       page_list[page].free_when_done = 0;
         page_list[page].absent    = 0;
         page_list[page].dirty     = 0;
         page_list[page].precious  = 0;
         page_list[page].device    = 0;
         if (phys > highestPage)
         page_list[page].absent    = 0;
         page_list[page].dirty     = 0;
         page_list[page].precious  = 0;
         page_list[page].device    = 0;
         if (phys > highestPage)
-           highestPage = page;
+           highestPage = phys;
      }
  
      *highest_page = highestPage;
      }
  
      *highest_page = highestPage;
@@ -1781,41 +2818,62 @@ io_get_kernel_static_upl(
      return ((page >= pageCount) ? kIOReturnSuccess : kIOReturnVMError);
  }
  
      return ((page >= pageCount) ? kIOReturnSuccess : kIOReturnVMError);
  }
  
+/*
+ *
+ */
+#if IOTRACKING
+static void
+IOMemoryDescriptorUpdateWireOwner(ioGMDData * dataP, OSData * memoryEntries, vm_tag_t tag)
+{
+    ioPLBlock *ioplList;
+    UInt ind, count;
+    vm_tag_t prior;
+
+    count = getNumIOPL(memoryEntries, dataP);
+    if (!count) return;
+    ioplList = getIOPLList(dataP);
+
+    if (VM_KERN_MEMORY_NONE == tag) tag = dataP->fAllocTag;
+    assert(VM_KERN_MEMORY_NONE != tag);
+
+    for (ind = 0; ind < count; ind++)
+    {
+        if (!ioplList[ind].fIOPL) continue;
+        prior = iopl_set_tag(ioplList[ind].fIOPL, tag);
+        if (VM_KERN_MEMORY_NONE == dataP->fAllocTag) dataP->fAllocTag = prior;
+#if 0
+        if (tag != prior)
+        {
+            char name[2][48];
+            vm_tag_get_kext(prior, &name[0][0], sizeof(name[0]));
+            vm_tag_get_kext(tag,   &name[1][0], sizeof(name[1]));
+            IOLog("switched %48s to %48s\n", name[0], name[1]);
+        }
+#endif
+    }
+}
+#endif /* IOTRACKING */
+
+
  IOReturn IOGeneralMemoryDescriptor::wireVirtual(IODirection forDirection)
  {
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  IOReturn IOGeneralMemoryDescriptor::wireVirtual(IODirection forDirection)
  {
      IOOptionBits type = _flags & kIOMemoryTypeMask;
-    IOReturn error = kIOReturnCannotWire;
+    IOReturn error = kIOReturnSuccess;
      ioGMDData *dataP;
      ioGMDData *dataP;
-    ppnum_t mapBase = 0;
-    IOMapper *mapper;
-    ipc_port_t sharedMem = (ipc_port_t) _memEntry;
+    upl_page_info_array_t pageInfo;
+    ppnum_t mapBase;
  
  
-    assert(!_wireCount);
      assert(kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type);
  
      assert(kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type);
  
-    if (_pages >= gIOMaximumMappedIOPageCount)
-       return kIOReturnNoResources;
-
-    dataP = getDataP(_memoryEntries);
-    mapper = dataP->fMapper;
-    if (mapper && _pages)
-        mapBase = mapper->iovmAlloc(_pages);
-
-    // Note that appendBytes(NULL) zeros the data up to the
-    // desired length.
-    _memoryEntries->appendBytes(0, dataP->fPageCnt * sizeof(upl_page_info_t));
-    dataP = 0; // May no longer be valid so lets not get tempted.
+    if ((kIODirectionOutIn & forDirection) == kIODirectionNone)
+        forDirection = (IODirection) (forDirection | getDirection());
  
  
-    if (forDirection == kIODirectionNone)
-        forDirection = _direction;
-
-    int uplFlags;    // This Mem Desc's default flags for upl creation
+    upl_control_flags_t uplFlags;    // This Mem Desc's default flags for upl creation
      switch (kIODirectionOutIn & forDirection)
      {
      case kIODirectionOut:
          // Pages do not need to be marked as dirty on commit
          uplFlags = UPL_COPYOUT_FROM;
      switch (kIODirectionOutIn & forDirection)
      {
      case kIODirectionOut:
          // Pages do not need to be marked as dirty on commit
          uplFlags = UPL_COPYOUT_FROM;
-        _flags |= kIOMemoryPreparedReadOnly;
          break;
  
      case kIODirectionIn:
          break;
  
      case kIODirectionIn:
@@ -1823,160 +2881,217 @@ IOReturn IOGeneralMemoryDescriptor::wireVirtual(IODirection forDirection)
          uplFlags = 0;  // i.e. ~UPL_COPYOUT_FROM
          break;
      }
          uplFlags = 0;  // i.e. ~UPL_COPYOUT_FROM
          break;
      }
-    uplFlags |= UPL_SET_IO_WIRE | UPL_SET_LITE;
+    dataP = getDataP(_memoryEntries);
  
  
-#ifdef UPL_NEED_32BIT_ADDR
-    if (kIODirectionPrepareToPhys32 & forDirection) 
-       uplFlags |= UPL_NEED_32BIT_ADDR;
-#endif
+    if (kIODirectionDMACommand & forDirection) assert(_wireCount);
  
  
-    // Find the appropriate vm_map for the given task
-    vm_map_t curMap;
-    if (_task == kernel_task && (kIOMemoryBufferPageable & _flags))
-        curMap = 0;
+    if (_wireCount)
+    {
+        if ((kIOMemoryPreparedReadOnly & _flags) && !(UPL_COPYOUT_FROM & uplFlags))
+        {
+           OSReportWithBacktrace("IOMemoryDescriptor 0x%lx prepared read only", VM_KERNEL_ADDRPERM(this));
+           error = kIOReturnNotWritable;
+        }
+    }
      else
      else
-        { curMap = get_task_map(_task); }
+    {
+        IOMapper *mapper;
+        mapper = dataP->fMapper;
+        dataP->fMappedBase = 0;
  
  
-    // Iterate over the vector of virtual ranges
-    Ranges vec = _ranges;
-    unsigned int pageIndex = 0;
-    IOByteCount mdOffset = 0;
-    ppnum_t highestPage = 0;
-    for (UInt range = 0; range < _rangesCount; range++) {
-        ioPLBlock iopl;
-       user_addr_t startPage;
-        IOByteCount numBytes;
-       ppnum_t highPage = 0;
-
-       // Get the startPage address and length of vec[range]
-       getAddrLenForInd(startPage, numBytes, type, vec, range);
-       iopl.fPageOffset = (short) startPage & PAGE_MASK;
-       numBytes += iopl.fPageOffset;
-       startPage = trunc_page_64(startPage);
-
-       if (mapper)
-           iopl.fMappedBase = mapBase + pageIndex;
-       else
-           iopl.fMappedBase = 0;
+        uplFlags |= UPL_SET_IO_WIRE | UPL_SET_LITE;
+        uplFlags |= UPL_MEMORY_TAG_MAKE(getVMTag(kernel_map));
  
  
-       // Iterate over the current range, creating UPLs
-        while (numBytes) {
-            dataP = getDataP(_memoryEntries);
-           vm_address_t kernelStart = (vm_address_t) startPage;
-            vm_map_t theMap;
-           if (curMap)
-               theMap = curMap;
-           else if (!sharedMem) {
-               assert(_task == kernel_task);
-               theMap = IOPageableMapForAddress(kernelStart);
-           }
-           else
-               theMap = NULL;
-
-            upl_page_info_array_t pageInfo = getPageList(dataP);
-            int ioplFlags = uplFlags;
-            upl_page_list_ptr_t baseInfo = &pageInfo[pageIndex];
-
-            vm_size_t ioplSize = round_page_32(numBytes);
-            unsigned int numPageInfo = atop_32(ioplSize);
-
-           if (theMap == kernel_map && kernelStart < io_kernel_static_end) {
-               error = io_get_kernel_static_upl(theMap, 
-                                               kernelStart,
-                                               &ioplSize,
-                                               &iopl.fIOPL,
-                                               baseInfo,
-                                               &numPageInfo,
-                                               &highPage);
-           }
-           else if (sharedMem) {
-               error = memory_object_iopl_request(sharedMem, 
-                                               ptoa_32(pageIndex),
-                                               &ioplSize,
-                                               &iopl.fIOPL,
-                                               baseInfo,
-                                               &numPageInfo,
-                                               &ioplFlags);
-           }
-           else {
-               assert(theMap);
-               error = vm_map_create_upl(theMap,
-                                               startPage,
-                                               &ioplSize,
-                                               &iopl.fIOPL,
-                                               baseInfo,
-                                               &numPageInfo,
-                                               &ioplFlags);
-           }
+        if (kIODirectionPrepareToPhys32 & forDirection)
+        {
+            if (!mapper) uplFlags |= UPL_NEED_32BIT_ADDR;
+            if (dataP->fDMAMapNumAddressBits > 32) dataP->fDMAMapNumAddressBits = 32;
+        }
+        if (kIODirectionPrepareNoFault    & forDirection) uplFlags |= UPL_REQUEST_NO_FAULT;
+        if (kIODirectionPrepareNoZeroFill & forDirection) uplFlags |= UPL_NOZEROFILLIO;
+        if (kIODirectionPrepareNonCoherent & forDirection) uplFlags |= UPL_REQUEST_FORCE_COHERENCY;
+
+        mapBase = 0;
+
+        // Note that appendBytes(NULL) zeros the data up to the desired length
+        //           and the length parameter is an unsigned int
+        size_t uplPageSize = dataP->fPageCnt * sizeof(upl_page_info_t);
+        if (uplPageSize > ((unsigned int)uplPageSize))    return (kIOReturnNoMemory);
+        if (!_memoryEntries->appendBytes(0, uplPageSize)) return (kIOReturnNoMemory);
+        dataP = 0;
+
+        // Find the appropriate vm_map for the given task
+        vm_map_t curMap;
+        if (_task == kernel_task && (kIOMemoryBufferPageable & _flags))            curMap = 0;
+        else                                                     curMap = get_task_map(_task);
+
+        // Iterate over the vector of virtual ranges
+        Ranges vec = _ranges;
+        unsigned int pageIndex  = 0;
+        IOByteCount mdOffset    = 0;
+        ppnum_t highestPage     = 0;
+
+        IOMemoryEntry * memRefEntry = 0;
+        if (_memRef) memRefEntry = &_memRef->entries[0];
+
+        for (UInt range = 0; range < _rangesCount; range++) {
+            ioPLBlock iopl;
+            mach_vm_address_t startPage;
+            mach_vm_size_t    numBytes;
+            ppnum_t highPage = 0;
+
+            // Get the startPage address and length of vec[range]
+            getAddrLenForInd(startPage, numBytes, type, vec, range);
+            iopl.fPageOffset = startPage & PAGE_MASK;
+            numBytes += iopl.fPageOffset;
+            startPage = trunc_page_64(startPage);
+
+            if (mapper)
+                iopl.fMappedPage = mapBase + pageIndex;
+            else
+                iopl.fMappedPage = 0;
+
+            // Iterate over the current range, creating UPLs
+            while (numBytes) {
+                vm_address_t kernelStart = (vm_address_t) startPage;
+                vm_map_t theMap;
+                if (curMap) theMap = curMap;
+                else if (_memRef)
+                {
+                    theMap = NULL;
+                }
+                else
+                {
+                    assert(_task == kernel_task);
+                    theMap = IOPageableMapForAddress(kernelStart);
+                }
  
  
-            assert(ioplSize);
-            if (error != KERN_SUCCESS)
-                goto abortExit;
-
-           if (iopl.fIOPL)
-               highPage = upl_get_highest_page(iopl.fIOPL);
-           if (highPage > highestPage)
-               highestPage = highPage;
-
-            error = kIOReturnCannotWire;
-
-            if (baseInfo->device) {
-                numPageInfo = 1;
-                iopl.fFlags  = kIOPLOnDevice;
-                // Don't translate device memory at all 
-               if (mapper && mapBase) {
-                   mapper->iovmFree(mapBase, _pages);
-                   mapBase = 0;
-                   iopl.fMappedBase = 0;
-               }
-            }
-            else {
-                iopl.fFlags = 0;
-               if (mapper)
-                    mapper->iovmInsert(mapBase, pageIndex,
-                                       baseInfo, numPageInfo);
-            }
+                // ioplFlags is an in/out parameter
+                upl_control_flags_t ioplFlags = uplFlags;
+                dataP = getDataP(_memoryEntries);
+                pageInfo = getPageList(dataP);
+                upl_page_list_ptr_t baseInfo = &pageInfo[pageIndex];
+
+                mach_vm_size_t _ioplSize    = round_page(numBytes);
+                upl_size_t         ioplSize    = (_ioplSize <= MAX_UPL_SIZE_BYTES) ? _ioplSize : MAX_UPL_SIZE_BYTES;
+                unsigned int    numPageInfo = atop_32(ioplSize);
+
+                if ((theMap == kernel_map)
+                 && (kernelStart >= io_kernel_static_start)
+                 && (kernelStart <  io_kernel_static_end)) {
+                    error = io_get_kernel_static_upl(theMap,
+                                                    kernelStart,
+                                                    &ioplSize,
+                                                    &iopl.fIOPL,
+                                                    baseInfo,
+                                                    &numPageInfo,
+                                                    &highPage);
+                }
+                else if (_memRef) {
+                    memory_object_offset_t entryOffset;
+
+                    entryOffset = mdOffset;
+                    entryOffset = (entryOffset - iopl.fPageOffset - memRefEntry->offset);
+                    if (entryOffset >= memRefEntry->size) {
+                        memRefEntry++;
+                        if (memRefEntry >= &_memRef->entries[_memRef->count]) panic("memRefEntry");
+                        entryOffset = 0;
+                    }
+                    if (ioplSize > (memRefEntry->size - entryOffset)) ioplSize = (memRefEntry->size - entryOffset);
+                    error = memory_object_iopl_request(memRefEntry->entry,
+                                                       entryOffset,
+                                                       &ioplSize,
+                                                       &iopl.fIOPL,
+                                                       baseInfo,
+                                                       &numPageInfo,
+                                                       &ioplFlags);
+                }
+                else {
+                    assert(theMap);
+                    error = vm_map_create_upl(theMap,
+                                                    startPage,
+                                                    (upl_size_t*)&ioplSize,
+                                                    &iopl.fIOPL,
+                                                    baseInfo,
+                                                    &numPageInfo,
+                                                    &ioplFlags);
+                }
  
  
-            iopl.fIOMDOffset = mdOffset;
-            iopl.fPageInfo = pageIndex;
+                if (error != KERN_SUCCESS) goto abortExit;
  
  
-           if ((_flags & kIOMemoryAutoPrepare) && iopl.fIOPL)
-           {
-               upl_commit(iopl.fIOPL, 0, 0);
-               upl_deallocate(iopl.fIOPL);
-               iopl.fIOPL = 0;
-           }
+                assert(ioplSize);
+
+                if (iopl.fIOPL)
+                    highPage = upl_get_highest_page(iopl.fIOPL);
+                if (highPage > highestPage)
+                    highestPage = highPage;
  
  
-            if (!_memoryEntries->appendBytes(&iopl, sizeof(iopl))) {
-                // Clean up partial created and unsaved iopl
-                if (iopl.fIOPL) {
-                    upl_abort(iopl.fIOPL, 0);
-                    upl_deallocate(iopl.fIOPL);
+                if (baseInfo->device) {
+                    numPageInfo = 1;
+                    iopl.fFlags = kIOPLOnDevice;
+                }
+                else {
+                    iopl.fFlags = 0;
                  }
                  }
-                goto abortExit;
-            }
  
  
-            // Check for a multiple iopl's in one virtual range
-            pageIndex += numPageInfo;
-            mdOffset -= iopl.fPageOffset;
-            if (ioplSize < numBytes) {
-                numBytes -= ioplSize;
-                startPage += ioplSize;
-                mdOffset += ioplSize;
-                iopl.fPageOffset = 0;
-               if (mapper)
-                   iopl.fMappedBase = mapBase + pageIndex;
-            }
-            else {
-                mdOffset += numBytes;
-                break;
+                iopl.fIOMDOffset = mdOffset;
+                iopl.fPageInfo = pageIndex;
+                if (mapper && pageIndex && (page_mask & (mdOffset + iopl.fPageOffset))) dataP->fDiscontig = true;
+
+                if (!_memoryEntries->appendBytes(&iopl, sizeof(iopl))) {
+                    // Clean up partial created and unsaved iopl
+                    if (iopl.fIOPL) {
+                        upl_abort(iopl.fIOPL, 0);
+                        upl_deallocate(iopl.fIOPL);
+                    }
+                    goto abortExit;
+                }
+                dataP = 0;
+
+                // Check for a multiple iopl's in one virtual range
+                pageIndex += numPageInfo;
+                mdOffset -= iopl.fPageOffset;
+                if (ioplSize < numBytes) {
+                    numBytes -= ioplSize;
+                    startPage += ioplSize;
+                    mdOffset += ioplSize;
+                    iopl.fPageOffset = 0;
+                    if (mapper) iopl.fMappedPage = mapBase + pageIndex;
+                }
+                else {
+                    mdOffset += numBytes;
+                    break;
+                }
              }
          }
              }
          }
+
+        _highestPage = highestPage;
+
+        if (UPL_COPYOUT_FROM & uplFlags) _flags |= kIOMemoryPreparedReadOnly;
      }
  
      }
  
-    _highestPage = highestPage;
+#if IOTRACKING
+    if (kIOReturnSuccess == error)
+    {
+        vm_tag_t      tag;
+
+        dataP = getDataP(_memoryEntries);
+        if (forDirection & kIODirectionDMACommand) tag = (forDirection & kIODirectionDMACommandMask) >> kIODirectionDMACommandShift;
+        else                                       tag = IOMemoryTag(kernel_map);
+
+        if (!_wireCount) vm_tag_set_init(&dataP->fWireTags, kMaxWireTags);
+        vm_tag_set_enter(&dataP->fWireTags, kMaxWireTags, tag);
  
  
-    return kIOReturnSuccess;
+        IOMemoryDescriptorUpdateWireOwner(dataP, _memoryEntries, tag);
+        if (!_wireCount)
+        {
+           //if (!(_flags & kIOMemoryAutoPrepare))
+           IOTrackingAdd(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages), false);
+        }
+    }
+#endif /* IOTRACKING */
+
+    return (error);
  
  abortExit:
      {
  
  abortExit:
      {
@@ -1991,18 +3106,136 @@ abortExit:
               upl_deallocate(ioplList[range].fIOPL);
             }
         }
               upl_deallocate(ioplList[range].fIOPL);
             }
         }
-       (void) _memoryEntries->initWithBytes(dataP, sizeof(ioGMDData)); // == setLength()
-
-        if (mapper && mapBase)
-            mapper->iovmFree(mapBase, _pages);
+       (void) _memoryEntries->initWithBytes(dataP, computeDataSize(0, 0)); // == setLength()
      }
  
      if (error == KERN_FAILURE)
          error = kIOReturnCannotWire;
      }
  
      if (error == KERN_FAILURE)
          error = kIOReturnCannotWire;
+    else if (error == KERN_MEMORY_ERROR)
+        error = kIOReturnNoResources;
  
      return error;
  }
  
  
      return error;
  }
  
+bool IOGeneralMemoryDescriptor::initMemoryEntries(size_t size, IOMapper * mapper)
+{
+    ioGMDData * dataP;
+    unsigned    dataSize = size;
+
+    if (!_memoryEntries) {
+       _memoryEntries = OSData::withCapacity(dataSize);
+       if (!_memoryEntries)
+           return false;
+    }
+    else if (!_memoryEntries->initWithCapacity(dataSize))
+       return false;
+
+    _memoryEntries->appendBytes(0, computeDataSize(0, 0));
+    dataP = getDataP(_memoryEntries);
+
+    if (mapper == kIOMapperWaitSystem) {
+        IOMapper::checkForSystemMapper();
+        mapper = IOMapper::gSystem;
+    }
+    dataP->fMapper               = mapper;
+    dataP->fPageCnt              = 0;
+    dataP->fMappedBase           = 0;
+    dataP->fDMAMapNumAddressBits = 64;
+    dataP->fDMAMapAlignment      = 0;
+    dataP->fPreparationID        = kIOPreparationIDUnprepared;
+    dataP->fDiscontig            = false;
+    dataP->fCompletionError      = false;
+
+    return (true);
+}
+
+IOReturn IOMemoryDescriptor::dmaMap(
+    IOMapper                    * mapper,
+    IODMACommand                * command,
+    const IODMAMapSpecification * mapSpec,
+    uint64_t                      offset,
+    uint64_t                      length,
+    uint64_t                    * mapAddress,
+    uint64_t                    * mapLength)
+{
+    IOReturn ret;
+    uint32_t mapOptions;
+
+    mapOptions = 0;
+    mapOptions |= kIODMAMapReadAccess;
+    if (!(kIOMemoryPreparedReadOnly & _flags)) mapOptions |= kIODMAMapWriteAccess;
+
+    ret = mapper->iovmMapMemory(this, offset, length, mapOptions, 
+                               mapSpec, command, NULL, mapAddress, mapLength);
+
+    return (ret);
+}
+
+IOReturn IOGeneralMemoryDescriptor::dmaMap(
+    IOMapper                    * mapper,
+    IODMACommand                * command,
+    const IODMAMapSpecification * mapSpec,
+    uint64_t                      offset,
+    uint64_t                      length,
+    uint64_t                    * mapAddress,
+    uint64_t                    * mapLength)
+{
+    IOReturn          err = kIOReturnSuccess;
+    ioGMDData *       dataP;
+    IOOptionBits      type = _flags & kIOMemoryTypeMask;
+
+    *mapAddress = 0;
+    if (kIOMemoryHostOnly & _flags) return (kIOReturnSuccess);
+
+    if ((type == kIOMemoryTypePhysical) || (type == kIOMemoryTypePhysical64)
+     || offset || (length != _length))
+    {
+       err = super::dmaMap(mapper, command, mapSpec, offset, length, mapAddress, mapLength);
+    }
+    else if (_memoryEntries && _pages && (dataP = getDataP(_memoryEntries)))
+    {
+       const ioPLBlock * ioplList = getIOPLList(dataP);
+       upl_page_info_t * pageList;
+       uint32_t          mapOptions = 0;
+
+       IODMAMapSpecification mapSpec;
+       bzero(&mapSpec, sizeof(mapSpec));
+       mapSpec.numAddressBits = dataP->fDMAMapNumAddressBits;
+       mapSpec.alignment = dataP->fDMAMapAlignment;
+
+       // For external UPLs the fPageInfo field points directly to
+       // the upl's upl_page_info_t array.
+       if (ioplList->fFlags & kIOPLExternUPL)
+       {
+           pageList = (upl_page_info_t *) ioplList->fPageInfo;
+           mapOptions |= kIODMAMapPagingPath;
+       }
+       else pageList = getPageList(dataP);
+
+       if ((_length == ptoa_64(_pages)) && !(page_mask & ioplList->fPageOffset))
+       {
+           mapOptions |= kIODMAMapPageListFullyOccupied;
+       }
+
+       mapOptions |= kIODMAMapReadAccess;
+       if (!(kIOMemoryPreparedReadOnly & _flags)) mapOptions |= kIODMAMapWriteAccess;
+
+       // Check for direct device non-paged memory
+       if (ioplList->fFlags & kIOPLOnDevice) mapOptions |= kIODMAMapPhysicallyContiguous;
+
+       IODMAMapPageList dmaPageList =
+       {
+               .pageOffset    = (uint32_t)(ioplList->fPageOffset & page_mask),
+               .pageListCount = _pages,
+               .pageList      = &pageList[0]
+       };
+       err = mapper->iovmMapMemory(this, offset, length, mapOptions, &mapSpec, 
+                                   command, &dmaPageList, mapAddress, mapLength);
+    }
+
+    return (err);
+}
+
  /*
   * prepare
   *
  /*
   * prepare
   *
@@ -2012,27 +3245,40 @@ abortExit:
   * the memory after the I/O transfer finishes.  This method needn't
   * called for non-pageable memory.
   */
   * the memory after the I/O transfer finishes.  This method needn't
   * called for non-pageable memory.
   */
+
  IOReturn IOGeneralMemoryDescriptor::prepare(IODirection forDirection)
  {
  IOReturn IOGeneralMemoryDescriptor::prepare(IODirection forDirection)
  {
-    IOReturn error    = kIOReturnSuccess;
+    IOReturn     error    = kIOReturnSuccess;
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  
      if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
         return kIOReturnSuccess;
  
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  
      if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
         return kIOReturnSuccess;
  
-    if (_prepareLock)
-       IOLockLock(_prepareLock);
+    if (_prepareLock) IOLockLock(_prepareLock);
  
  
-    if (!_wireCount
-    && (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) ) {
+    if (kIODirectionDMACommand & forDirection)
+    {
+#if IOMD_DEBUG_DMAACTIVE
+       OSIncrementAtomic(&__iomd_reservedA);
+#endif /* IOMD_DEBUG_DMAACTIVE */
+    }
+    if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type)
+    {
          error = wireVirtual(forDirection);
      }
  
          error = wireVirtual(forDirection);
      }
  
-    if (kIOReturnSuccess == error)
-       _wireCount++;
+    if ((kIOReturnSuccess == error) && !(kIODirectionDMACommand & forDirection))
+    {
+        if (1 == ++_wireCount)
+        {
+            if (kIOMemoryClearEncrypt & _flags)
+            {
+                performOperation(kIOMemoryClearEncrypted, 0, _length);
+            }
+        }
+    }
  
  
-    if (_prepareLock)
-       IOLockUnlock(_prepareLock);
+    if (_prepareLock) IOLockUnlock(_prepareLock);
  
      return error;
  }
  
      return error;
  }
@@ -2045,46 +3291,107 @@ IOReturn IOGeneralMemoryDescriptor::prepare(IODirection forDirection)
   * issued; the prepare() and complete() must occur in pairs, before
   * before and after an I/O transfer involving pageable memory.
   */
   * issued; the prepare() and complete() must occur in pairs, before
   * before and after an I/O transfer involving pageable memory.
   */
- 
-IOReturn IOGeneralMemoryDescriptor::complete(IODirection /* forDirection */)
+
+IOReturn IOGeneralMemoryDescriptor::complete(IODirection forDirection)
  {
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  {
      IOOptionBits type = _flags & kIOMemoryTypeMask;
+    ioGMDData  * dataP;
  
      if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
         return kIOReturnSuccess;
  
  
      if ((kIOMemoryTypePhysical == type) || (kIOMemoryTypePhysical64 == type))
         return kIOReturnSuccess;
  
-    if (_prepareLock)
-       IOLockLock(_prepareLock);
+    if (_prepareLock) IOLockLock(_prepareLock);
+    do
+    {
+        assert(_wireCount);
+        if (!_wireCount) break;
+        dataP = getDataP(_memoryEntries);
+        if (!dataP)      break;
+
+#if IOMD_DEBUG_DMAACTIVE
+        if (kIODirectionDMACommand & forDirection)
+        {
+            if (__iomd_reservedA) OSDecrementAtomic(&__iomd_reservedA);
+            else                  panic("kIOMDSetDMAInactive");
+        }
+#endif /* IOMD_DEBUG_DMAACTIVE */
+#if IOTRACKING
+        if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type)
+        {
+            vm_tag_t      tag;
+
+            if (forDirection & kIODirectionDMACommand) tag = (forDirection & kIODirectionDMACommandMask) >> kIODirectionDMACommandShift;
+            else                                       tag = IOMemoryTag(kernel_map);
+            vm_tag_set_remove(&dataP->fWireTags, kMaxWireTags, tag, &tag);
+            IOMemoryDescriptorUpdateWireOwner(dataP, _memoryEntries, tag);
+        }
+        if (kIODirectionDMACommand & forDirection)   break;
+#endif /* IOTRACKING */
+
+        if (kIODirectionCompleteWithError & forDirection)  dataP->fCompletionError = true;
+
+        if ((kIOMemoryClearEncrypt & _flags) && (1 == _wireCount))
+        {
+            performOperation(kIOMemorySetEncrypted, 0, _length);
+        }
+
+        _wireCount--;
+        if (!_wireCount || (kIODirectionCompleteWithDataValid & forDirection))
+        {
+            ioPLBlock *ioplList = getIOPLList(dataP);
+            UInt ind, count = getNumIOPL(_memoryEntries, dataP);
+
+            if (_wireCount)
+            {
+                // kIODirectionCompleteWithDataValid & forDirection
+                if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type)
+                {
+                    for (ind = 0; ind < count; ind++)
+                    {
+                        if (ioplList[ind].fIOPL) iopl_valid_data(ioplList[ind].fIOPL);
+                    }
+                }
+            }
+            else
+            {
+#if IOMD_DEBUG_DMAACTIVE
+                if (__iomd_reservedA) panic("complete() while dma active");
+#endif /* IOMD_DEBUG_DMAACTIVE */
+
+                if (dataP->fMappedBase) {
+                    dataP->fMapper->iovmUnmapMemory(this, NULL, dataP->fMappedBase, dataP->fMappedLength);
+                    dataP->fMappedBase = 0;
+                }
+                // Only complete iopls that we created which are for TypeVirtual
+                if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) {
+#if IOTRACKING
+                    //if (!(_flags & kIOMemoryAutoPrepare))
+                    {
+                        IOTrackingRemove(gIOWireTracking, &dataP->fWireTracking, ptoa(_pages));
+                    }
+#endif /* IOTRACKING */
+                    for (ind = 0; ind < count; ind++)
+                        if (ioplList[ind].fIOPL) {
+                            if (dataP->fCompletionError)
+                                upl_abort(ioplList[ind].fIOPL, 0 /*!UPL_ABORT_DUMP_PAGES*/);
+                            else
+                                upl_commit(ioplList[ind].fIOPL, 0, 0);
+                            upl_deallocate(ioplList[ind].fIOPL);
+                        }
+                } else if (kIOMemoryTypeUPL == type) {
+                    upl_set_referenced(ioplList[0].fIOPL, false);
+                }
  
  
-    assert(_wireCount);
+                (void) _memoryEntries->initWithBytes(dataP, computeDataSize(0, 0)); // == setLength()
  
  
-    if (_wireCount)
-    {
-       _wireCount--;
-       if (!_wireCount)
-       {
-           IOOptionBits type = _flags & kIOMemoryTypeMask;
-           ioGMDData * dataP = getDataP(_memoryEntries);
-           ioPLBlock *ioplList = getIOPLList(dataP);
-           UInt count = getNumIOPL(_memoryEntries, dataP);
-
-           if (dataP->fMapper && _pages && ioplList[0].fMappedBase)
-               dataP->fMapper->iovmFree(ioplList[0].fMappedBase, _pages);
-
-           // Only complete iopls that we created which are for TypeVirtual
-           if (kIOMemoryTypeVirtual == type || kIOMemoryTypeVirtual64 == type || kIOMemoryTypeUIO == type) {
-               for (UInt ind = 0; ind < count; ind++)
-                   if (ioplList[ind].fIOPL) {
-                        upl_commit(ioplList[ind].fIOPL, 0, 0);
-                        upl_deallocate(ioplList[ind].fIOPL);
-                   }
-           }
-           (void) _memoryEntries->initWithBytes(dataP, sizeof(ioGMDData)); // == setLength()
-       }
+                dataP->fPreparationID = kIOPreparationIDUnprepared;
+                dataP->fAllocTag = VM_KERN_MEMORY_NONE;
+            }
+        }
      }
      }
+    while (false);
  
  
-    if (_prepareLock)
-       IOLockUnlock(_prepareLock);
+    if (_prepareLock) IOLockUnlock(_prepareLock);
  
      return kIOReturnSuccess;
  }
  
      return kIOReturnSuccess;
  }
@@ -2095,31 +3402,38 @@ IOReturn IOGeneralMemoryDescriptor::doMap(
         IOOptionBits            options,
         IOByteCount             __offset,
         IOByteCount             __length )
         IOOptionBits            options,
         IOByteCount             __offset,
         IOByteCount             __length )
-
  {
  {
+#ifndef __LP64__
      if (!(kIOMap64Bit & options)) panic("IOGeneralMemoryDescriptor::doMap !64bit");
      if (!(kIOMap64Bit & options)) panic("IOGeneralMemoryDescriptor::doMap !64bit");
+#endif /* !__LP64__ */
+
+    kern_return_t  err;
  
  
-    _IOMemoryMap * mapping = (_IOMemoryMap *) *__address;
+    IOMemoryMap *  mapping = (IOMemoryMap *) *__address;
      mach_vm_size_t offset  = mapping->fOffset + __offset;
      mach_vm_size_t length  = mapping->fLength;
  
      mach_vm_size_t offset  = mapping->fOffset + __offset;
      mach_vm_size_t length  = mapping->fLength;
  
-    kern_return_t kr;
-    ipc_port_t sharedMem = (ipc_port_t) _memEntry;
-
      IOOptionBits type = _flags & kIOMemoryTypeMask;
      Ranges vec = _ranges;
  
      IOOptionBits type = _flags & kIOMemoryTypeMask;
      Ranges vec = _ranges;
  
-    user_addr_t range0Addr = 0;
-    IOByteCount range0Len = 0;
+    mach_vm_address_t range0Addr = 0;
+    mach_vm_size_t    range0Len = 0;
+
+    if ((offset >= _length) || ((offset + length) > _length))
+       return( kIOReturnBadArgument );
  
      if (vec.v)
         getAddrLenForInd(range0Addr, range0Len, type, vec, 0);
  
      // mapping source == dest? (could be much better)
  
      if (vec.v)
         getAddrLenForInd(range0Addr, range0Len, type, vec, 0);
  
      // mapping source == dest? (could be much better)
-    if( _task
-     && (mapping->fAddressMap == get_task_map(_task)) && (options & kIOMapAnywhere)
-     && (1 == _rangesCount) && (0 == offset)
-     && range0Addr && (length <= range0Len) )
+    if (_task
+     && (mapping->fAddressTask == _task)
+     && (mapping->fAddressMap == get_task_map(_task)) 
+     && (options & kIOMapAnywhere)
+     && (1 == _rangesCount) 
+     && (0 == offset)
+     && range0Addr 
+     && (length <= range0Len))
      {
         mapping->fAddress = range0Addr;
         mapping->fOptions |= kIOMapStatic;
      {
         mapping->fAddress = range0Addr;
         mapping->fOptions |= kIOMapStatic;
@@ -2127,131 +3441,131 @@ IOReturn IOGeneralMemoryDescriptor::doMap(
         return( kIOReturnSuccess );
      }
  
         return( kIOReturnSuccess );
      }
  
-    if( 0 == sharedMem) {
-
-        vm_size_t size = ptoa_32(_pages);
-
-        if( _task) {
-
-            memory_object_size_t actualSize = size;
-           vm_prot_t            prot       = VM_PROT_READ;
-           if (!(kIOMapReadOnly & options))
-               prot |= VM_PROT_WRITE;
-           else if (kIOMapDefaultCache != (options & kIOMapCacheMask))
-               prot |= VM_PROT_WRITE;
-
-            kr = mach_make_memory_entry_64(get_task_map(_task),
-                        &actualSize, range0Addr,
-                        prot, &sharedMem,
-                        NULL );
-
-            if( (KERN_SUCCESS == kr) && (actualSize != round_page_32(size))) {
-#if IOASSERT
-                IOLog("mach_make_memory_entry_64 (%08llx) size (%08lx:%08x)\n",
-                            range0Addr, (UInt32) actualSize, size);
+    if (!_memRef)
+    {
+        IOOptionBits createOptions = 0;
+       if (!(kIOMapReadOnly & options)) 
+       {
+           createOptions |= kIOMemoryReferenceWrite;
+#if DEVELOPMENT || DEBUG
+            if (kIODirectionOut == (kIODirectionOutIn & _flags))
+            {
+                OSReportWithBacktrace("warning: creating writable mapping from IOMemoryDescriptor(kIODirectionOut) - use kIOMapReadOnly or change direction");
+           }
  #endif
  #endif
-                kr = kIOReturnVMError;
-                ipc_port_release_send( sharedMem );
-            }
-
-            if( KERN_SUCCESS != kr)
-                sharedMem = MACH_PORT_NULL;
-
-        } else do {    // _task == 0, must be physical
+       }
+       err = memoryReferenceCreate(createOptions, &_memRef);
+       if (kIOReturnSuccess != err) return (err);
+    }
  
  
-            memory_object_t    pager;
-           unsigned int        flags = 0;
-           addr64_t            pa;
-           IOPhysicalLength    segLen;
+    memory_object_t pager;
+    pager = (memory_object_t) (reserved ? reserved->dp.devicePager : 0);
  
  
-           pa = getPhysicalSegment64( offset, &segLen );
+    // <upl_transpose //
+    if ((kIOMapReference|kIOMapUnique) == ((kIOMapReference|kIOMapUnique) & options))
+    {
+        do
+       {
+           upl_t               redirUPL2;
+           upl_size_t          size;
+           upl_control_flags_t flags;
+           unsigned int        lock_count;
  
  
-            if( !reserved) {
-                reserved = IONew( ExpansionData, 1 );
-                if( !reserved)
-                    continue;
-            }
-            reserved->pagerContig = (1 == _rangesCount);
-           reserved->memory = this;
+           if (!_memRef || (1 != _memRef->count))
+           {
+               err = kIOReturnNotReadable;
+               break;
+           }
  
  
-           /*What cache mode do we need*/
-            switch(options & kIOMapCacheMask ) {
+           size = round_page(mapping->fLength);
+           flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL 
+                       | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS
+                       | UPL_MEMORY_TAG_MAKE(getVMTag(kernel_map));
  
  
-               case kIOMapDefaultCache:
-               default:
-                   flags = IODefaultCacheBits(pa);
-                   if (DEVICE_PAGER_CACHE_INHIB & flags)
-                   {
-                       if (DEVICE_PAGER_GUARDED & flags)
-                           mapping->fOptions |= kIOMapInhibitCache;
-                       else
-                           mapping->fOptions |= kIOMapWriteCombineCache;
-                   }
-                   else if (DEVICE_PAGER_WRITE_THROUGH & flags)
-                       mapping->fOptions |= kIOMapWriteThruCache;
-                   else
-                       mapping->fOptions |= kIOMapCopybackCache;
-                   break;
-       
-               case kIOMapInhibitCache:
-                   flags = DEVICE_PAGER_CACHE_INHIB | 
-                                   DEVICE_PAGER_COHERENT | DEVICE_PAGER_GUARDED;
-                   break;
-       
-               case kIOMapWriteThruCache:
-                   flags = DEVICE_PAGER_WRITE_THROUGH |
-                                   DEVICE_PAGER_COHERENT | DEVICE_PAGER_GUARDED;
-                   break;
+           if (KERN_SUCCESS != memory_object_iopl_request(_memRef->entries[0].entry, 0, &size, &redirUPL2,
+                                           NULL, NULL,
+                                           &flags))
+               redirUPL2 = NULL;
  
  
-               case kIOMapCopybackCache:
-                   flags = DEVICE_PAGER_COHERENT;
-                   break;
+           for (lock_count = 0;
+                IORecursiveLockHaveLock(gIOMemoryLock);
+                lock_count++) {
+             UNLOCK;
+           }
+           err = upl_transpose(redirUPL2, mapping->fRedirUPL);
+           for (;
+                lock_count;
+                lock_count--) {
+             LOCK;
+           }
  
  
-               case kIOMapWriteCombineCache:
-                   flags = DEVICE_PAGER_CACHE_INHIB |
-                                   DEVICE_PAGER_COHERENT;
-                   break;
-            }
+           if (kIOReturnSuccess != err)
+           {
+               IOLog("upl_transpose(%x)\n", err);
+               err = kIOReturnSuccess;
+           }
  
  
-           flags |= reserved->pagerContig ? DEVICE_PAGER_CONTIGUOUS : 0;
+           if (redirUPL2)
+           {
+               upl_commit(redirUPL2, NULL, 0);
+               upl_deallocate(redirUPL2);
+               redirUPL2 = 0;
+           }
+           {
+               // swap the memEntries since they now refer to different vm_objects
+               IOMemoryReference * me = _memRef;
+               _memRef = mapping->fMemory->_memRef;
+               mapping->fMemory->_memRef = me;
+           }
+           if (pager)
+               err = populateDevicePager( pager, mapping->fAddressMap, mapping->fAddress, offset, length, options );
+       }
+       while (false);
+    }
+    // upl_transpose> //
+    else
+    {
+        err = memoryReferenceMap(_memRef, mapping->fAddressMap, offset, length, options, &mapping->fAddress);
+#if IOTRACKING
+        if ((err == KERN_SUCCESS) && ((kIOTracking & gIOKitDebug) || _task))
+        {
+           // only dram maps in the default on developement case
+           IOTrackingAddUser(gIOMapTracking, &mapping->fTracking, mapping->fLength);
+       }
+#endif /* IOTRACKING */
+       if ((err == KERN_SUCCESS) && pager)
+       {
+           err = populateDevicePager(pager, mapping->fAddressMap, mapping->fAddress, offset, length, options);
  
  
-            pager = device_pager_setup( (memory_object_t) 0, (int) reserved, 
-                                                               size, flags);
-            assert( pager );
+           if (err != KERN_SUCCESS) doUnmap(mapping->fAddressMap, (IOVirtualAddress) mapping, 0);
+           else if (kIOMapDefaultCache == (options & kIOMapCacheMask))
+           {
+               mapping->fOptions |= ((_flags & kIOMemoryBufferCacheMask) >> kIOMemoryBufferCacheShift);
+           }
+       }
+    }
  
  
-            if( pager) {
-                kr = mach_memory_object_memory_entry_64( (host_t) 1, false /*internal*/, 
-                            size, VM_PROT_READ | VM_PROT_WRITE, pager, &sharedMem );
+    return (err);
+}
  
  
-                assert( KERN_SUCCESS == kr );
-                if( KERN_SUCCESS != kr)
-               {
-                   device_pager_deallocate( pager );
-                    pager = MACH_PORT_NULL;
-                    sharedMem = MACH_PORT_NULL;
-                }
-            }
-           if( pager && sharedMem)
-               reserved->devicePager    = pager;
-           else {
-               IODelete( reserved, ExpansionData, 1 );
-               reserved = 0;
-           }
+#if IOTRACKING
+IOReturn
+IOMemoryMapTracking(IOTrackingUser * tracking, task_t * task,
+                   mach_vm_address_t * address, mach_vm_size_t * size)
+{
+#define iomap_offsetof(type, field) ((size_t)(&((type *)0)->field))
  
  
-        } while( false );
+    IOMemoryMap * map = (typeof(map)) (((uintptr_t) tracking) - iomap_offsetof(IOMemoryMap, fTracking));
  
  
-        _memEntry = (void *) sharedMem;
-    }
+    if (!map->fAddressMap || (map->fAddressMap != get_task_map(map->fAddressTask))) return (kIOReturnNotReady);
  
  
-    IOReturn result;
-    if (0 == sharedMem)
-      result = kIOReturnVMError;
-    else
-      result = super::doMap( __addressMap, __address,
-                                       options, __offset, __length );
+    *task    = map->fAddressTask;
+    *address = map->fAddress;
+    *size    = map->fLength;
  
  
-    return( result );
+    return (kIOReturnSuccess);
  }
  }
+#endif /* IOTRACKING */
  
  IOReturn IOGeneralMemoryDescriptor::doUnmap(
         vm_map_t                addressMap,
  
  IOReturn IOGeneralMemoryDescriptor::doUnmap(
         vm_map_t                addressMap,
@@ -2263,21 +3577,27 @@ IOReturn IOGeneralMemoryDescriptor::doUnmap(
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
-OSDefineMetaClassAndAbstractStructors( IOMemoryMap, OSObject )
-
-/* inline function implementation */
-IOPhysicalAddress IOMemoryMap::getPhysicalAddress()
-    { return( getPhysicalSegment( 0, 0 )); }
+#undef super
+#define super OSObject
  
  
+OSDefineMetaClassAndStructors( IOMemoryMap, OSObject )
  
  
-#undef super
-#define super IOMemoryMap
+OSMetaClassDefineReservedUnused(IOMemoryMap, 0);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 1);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 2);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 3);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 4);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 5);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 6);
+OSMetaClassDefineReservedUnused(IOMemoryMap, 7);
  
  
-OSDefineMetaClassAndStructors(_IOMemoryMap, IOMemoryMap)
+/* ex-inline function implementation */
+IOPhysicalAddress IOMemoryMap::getPhysicalAddress()
+    { return( getPhysicalSegment( 0, 0 )); }
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
-bool _IOMemoryMap::init(
+bool IOMemoryMap::init(
          task_t                 intoTask,
          mach_vm_address_t      toAddress,
          IOOptionBits           _options,
          task_t                 intoTask,
          mach_vm_address_t      toAddress,
          IOOptionBits           _options,
@@ -2304,7 +3624,7 @@ bool _IOMemoryMap::init(
      return (true);
  }
  
      return (true);
  }
  
-bool _IOMemoryMap::setMemoryDescriptor(IOMemoryDescriptor * _memory, mach_vm_size_t _offset)
+bool IOMemoryMap::setMemoryDescriptor(IOMemoryDescriptor * _memory, mach_vm_size_t _offset)
  {
      if (!_memory)
         return(false);
  {
      if (!_memory)
         return(false);
@@ -2328,129 +3648,6 @@ bool _IOMemoryMap::setMemoryDescriptor(IOMemoryDescriptor * _memory, mach_vm_siz
      return( true );
  }
  
      return( true );
  }
  
-struct IOMemoryDescriptorMapAllocRef
-{
-    ipc_port_t         sharedMem;
-    mach_vm_address_t  mapped;
-    mach_vm_size_t     size;
-    mach_vm_size_t     sourceOffset;
-    IOOptionBits       options;
-};
-
-static kern_return_t IOMemoryDescriptorMapAlloc(vm_map_t map, void * _ref)
-{
-    IOMemoryDescriptorMapAllocRef * ref = (IOMemoryDescriptorMapAllocRef *)_ref;
-    IOReturn                       err;
-
-    do {
-        if( ref->sharedMem)
-       {
-            vm_prot_t prot = VM_PROT_READ
-                            | ((ref->options & kIOMapReadOnly) ? 0 : VM_PROT_WRITE);
-
-           // VM system requires write access to change cache mode
-           if (kIOMapDefaultCache != (ref->options & kIOMapCacheMask))
-               prot |= VM_PROT_WRITE;
-
-            // set memory entry cache
-            vm_prot_t memEntryCacheMode = prot | MAP_MEM_ONLY;
-            switch (ref->options & kIOMapCacheMask)
-            {
-               case kIOMapInhibitCache:
-                    SET_MAP_MEM(MAP_MEM_IO, memEntryCacheMode);
-                    break;
-       
-               case kIOMapWriteThruCache:
-                    SET_MAP_MEM(MAP_MEM_WTHRU, memEntryCacheMode);
-                    break;
-
-               case kIOMapWriteCombineCache:
-                    SET_MAP_MEM(MAP_MEM_WCOMB, memEntryCacheMode);
-                    break;
-
-               case kIOMapCopybackCache:
-                    SET_MAP_MEM(MAP_MEM_COPYBACK, memEntryCacheMode);
-                    break;
-
-               case kIOMapDefaultCache:
-               default:
-                    SET_MAP_MEM(MAP_MEM_NOOP, memEntryCacheMode);
-                    break;
-            }
-
-            vm_size_t unused = 0;
-
-            err = mach_make_memory_entry( NULL /*unused*/, &unused, 0 /*unused*/, 
-                                            memEntryCacheMode, NULL, ref->sharedMem );
-            if (KERN_SUCCESS != err)
-                IOLog("MAP_MEM_ONLY failed %d\n", err);
-
-            err = mach_vm_map( map,
-                            &ref->mapped,
-                            ref->size, 0 /* mask */, 
-                            (( ref->options & kIOMapAnywhere ) ? VM_FLAGS_ANYWHERE : VM_FLAGS_FIXED)
-                            | VM_MAKE_TAG(VM_MEMORY_IOKIT), 
-                            ref->sharedMem, ref->sourceOffset,
-                            false, // copy
-                            prot, // cur
-                            prot, // max
-                            VM_INHERIT_NONE);
-
-            if( KERN_SUCCESS != err) {
-                ref->mapped = 0;
-                continue;
-            }
-    
-        }
-       else
-       {
-            err = mach_vm_allocate( map, &ref->mapped, ref->size,
-                            ((ref->options & kIOMapAnywhere) ? VM_FLAGS_ANYWHERE : VM_FLAGS_FIXED)
-                            | VM_MAKE_TAG(VM_MEMORY_IOKIT) );
-            if( KERN_SUCCESS != err) {
-                ref->mapped = 0;
-                continue;
-            }
-            // we have to make sure that these guys don't get copied if we fork.
-            err = vm_inherit( map, ref->mapped, ref->size, VM_INHERIT_NONE);
-            assert( KERN_SUCCESS == err );
-        }
-    }
-    while( false );
-
-    return( err );
-}
-
-kern_return_t 
-IOMemoryDescriptorMapMemEntry(vm_map_t map, ipc_port_t entry, IOOptionBits options, bool pageable,
-                               mach_vm_size_t offset, 
-                               mach_vm_address_t * address, mach_vm_size_t length)
-{
-    IOReturn err;
-    IOMemoryDescriptorMapAllocRef ref;
-
-    ref.sharedMem      = entry;
-    ref.sourceOffset           = offset;
-    ref.options                = options;
-
-    ref.size = length;
-
-    if (options & kIOMapAnywhere)
-       // vm_map looks for addresses above here, even when VM_FLAGS_ANYWHERE
-       ref.mapped = 0;
-    else
-       ref.mapped = *address;
-
-    if( ref.sharedMem && (map == kernel_map) && pageable)
-       err = IOIteratePageableMaps( ref.size, &IOMemoryDescriptorMapAlloc, &ref );
-    else
-       err = IOMemoryDescriptorMapAlloc( map, &ref );
-
-    *address = ref.mapped;
-    return (err);
-}
-
-
  IOReturn IOMemoryDescriptor::doMap(
         vm_map_t                __addressMap,
         IOVirtualAddress *      __address,
  IOReturn IOMemoryDescriptor::doMap(
         vm_map_t                __addressMap,
         IOVirtualAddress *      __address,
@@ -2458,119 +3655,27 @@ IOReturn IOMemoryDescriptor::doMap(
         IOByteCount             __offset,
         IOByteCount             __length )
  {
         IOByteCount             __offset,
         IOByteCount             __length )
  {
-    if (!(kIOMap64Bit & options)) panic("IOMemoryDescriptor::doMap !64bit");
-
-    _IOMemoryMap * mapping = (_IOMemoryMap *) *__address;
-    mach_vm_size_t offset  = mapping->fOffset + __offset;
-    mach_vm_size_t length  = mapping->fLength;
-
-    IOReturn         err = kIOReturnSuccess;
-    memory_object_t   pager;
-    mach_vm_size_t    pageOffset;
-    IOPhysicalAddress sourceAddr;
+    return (kIOReturnUnsupported);
+}
  
  
-    do
+IOReturn IOMemoryDescriptor::handleFault(
+        void *                 _pager,
+       mach_vm_size_t          sourceOffset,
+       mach_vm_size_t          length)
+{
+    if( kIOMemoryRedirected & _flags)
      {
      {
-       sourceAddr = getSourceSegment( offset, NULL );
-       pageOffset = sourceAddr - trunc_page_32( sourceAddr );
-
-       if( reserved)
-           pager = (memory_object_t) reserved->devicePager;
-       else
-           pager = MACH_PORT_NULL;
-
-       if ((kIOMapReference|kIOMapUnique) == ((kIOMapReference|kIOMapUnique) & options))
-       {
-           upl_t          redirUPL2;
-           vm_size_t      size;
-           int            flags;
-
-           if (!_memEntry)
-           {
-               err = kIOReturnNotReadable;
-               continue;
-           }
-
-           size = mapping->fLength + pageOffset;
-           flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL 
-                       | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS;
-
-           if (KERN_SUCCESS != memory_object_iopl_request((ipc_port_t) _memEntry, 0, &size, &redirUPL2,
-                                           NULL, NULL,
-                                           &flags))
-               redirUPL2 = NULL;
-
-           err = upl_transpose(redirUPL2, mapping->fRedirUPL);
-           if (kIOReturnSuccess != err)
-           {
-               IOLog("upl_transpose(%x)\n", err);
-               err = kIOReturnSuccess;
-           }
-
-           if (redirUPL2)
-           {
-               upl_commit(redirUPL2, NULL, 0);
-               upl_deallocate(redirUPL2);
-               redirUPL2 = 0;
-           }
-           {
-               // swap the memEntries since they now refer to different vm_objects
-               void * me = _memEntry;
-               _memEntry = mapping->fMemory->_memEntry;
-               mapping->fMemory->_memEntry = me;
-           }
-           if (pager)
-               err = handleFault( reserved->devicePager, mapping->fAddressMap, mapping->fAddress, offset, length, options );
-       }
-       else
-       {
-           mach_vm_address_t address;
-
-           if (!(options & kIOMapAnywhere))
-           {
-               address = trunc_page_64(mapping->fAddress);
-               if( (mapping->fAddress - address) != pageOffset)
-               {
-                   err = kIOReturnVMError;
-                   continue;
-               }
-           }
-
-           err = IOMemoryDescriptorMapMemEntry(mapping->fAddressMap, (ipc_port_t) _memEntry,
-                                                   options, (kIOMemoryBufferPageable & _flags),
-                                                   offset, &address, round_page_64(length + pageOffset));
-           if( err != KERN_SUCCESS)
-               continue;
-
-           if (!_memEntry || pager)
-           {
-               err = handleFault( pager, mapping->fAddressMap, address, offset, length, options );
-               if (err != KERN_SUCCESS)
-                   doUnmap( mapping->fAddressMap, (IOVirtualAddress) mapping, 0 );
-           }
-
-#ifdef DEBUG
-       if (kIOLogMapping & gIOKitDebug)
-           IOLog("mapping(%x) desc %p @ %lx, map %p, address %qx, offset %qx, length %qx\n", 
-                   err, this, sourceAddr, mapping, address, offset, length);
+#if DEBUG
+       IOLog("sleep mem redirect %p, %qx\n", this, sourceOffset);
  #endif
  #endif
-
-           if (err == KERN_SUCCESS)
-               mapping->fAddress = address + pageOffset;
-           else
-               mapping->fAddress = NULL;
-       }
+       do {
+           SLEEP;
+       } while( kIOMemoryRedirected & _flags );
      }
      }
-    while( false );
-
-    return (err);
+    return (kIOReturnSuccess);
  }
  
  }
  
-enum {
-    kIOMemoryRedirected        = 0x00010000
-};
-
-IOReturn IOMemoryDescriptor::handleFault(
+IOReturn IOMemoryDescriptor::populateDevicePager(
          void *                 _pager,
         vm_map_t                addressMap,
         mach_vm_address_t       address,
          void *                 _pager,
         vm_map_t                addressMap,
         mach_vm_address_t       address,
@@ -2585,25 +3690,19 @@ IOReturn IOMemoryDescriptor::handleFault(
      mach_vm_size_t     page;
      mach_vm_size_t     pageOffset;
      mach_vm_size_t     pagerOffset;
      mach_vm_size_t     page;
      mach_vm_size_t     pageOffset;
      mach_vm_size_t     pagerOffset;
-    IOPhysicalLength   segLen;
+    IOPhysicalLength   segLen, chunk;
      addr64_t           physAddr;
      addr64_t           physAddr;
+    IOOptionBits        type;
  
  
-    if( !addressMap)
-    {
-        if( kIOMemoryRedirected & _flags)
-       {
-#ifdef DEBUG
-            IOLog("sleep mem redirect %p, %qx\n", this, sourceOffset);
-#endif
-            do {
-               SLEEP;
-            } while( kIOMemoryRedirected & _flags );
-        }
+    type = _flags & kIOMemoryTypeMask;
  
  
-        return( kIOReturnSuccess );
+    if (reserved->dp.pagerContig)
+    {
+        sourceOffset = 0;
+        pagerOffset  = 0;
      }
  
      }
  
-    physAddr = getPhysicalSegment64( sourceOffset, &segLen );
+    physAddr = getPhysicalSegment( sourceOffset, &segLen, kIOMemoryMapperNone );
      assert( physAddr );
      pageOffset = physAddr - trunc_page_64( physAddr );
      pagerOffset = sourceOffset;
      assert( physAddr );
      pageOffset = physAddr - trunc_page_64( physAddr );
      pagerOffset = sourceOffset;
@@ -2616,74 +3715,51 @@ IOReturn IOMemoryDescriptor::handleFault(
      do
      {
         // in the middle of the loop only map whole pages
      do
      {
         // in the middle of the loop only map whole pages
-       if( segLen >= bytes)
-           segLen = bytes;
-       else if( segLen != trunc_page_32( segLen))
-           err = kIOReturnVMError;
-        if( physAddr != trunc_page_64( physAddr))
-           err = kIOReturnBadArgument;
-       if (kIOReturnSuccess != err)
-           break;
-
-#ifdef DEBUG
-       if( kIOLogMapping & gIOKitDebug)
-           IOLog("_IOMemoryMap::map(%p) 0x%qx->0x%qx:0x%qx\n",
-                addressMap, address + pageOffset, physAddr + pageOffset,
-               segLen - pageOffset);
-#endif
+       if( segLen >= bytes) segLen = bytes;
+       else if (segLen != trunc_page(segLen))    err = kIOReturnVMError;
+        if (physAddr != trunc_page_64(physAddr))  err = kIOReturnBadArgument;
  
  
+       if (kIOReturnSuccess != err) break;
  
  
-        if( pager) {
-            if( reserved && reserved->pagerContig) {
-                IOPhysicalLength       allLen;
-                addr64_t               allPhys;
-
-                allPhys = getPhysicalSegment64( 0, &allLen );
-                assert( allPhys );
-               err = device_pager_populate_object( pager, 0, atop_64(allPhys), round_page_32(allLen) );
-            }
-           else
-           {
+#if DEBUG || DEVELOPMENT
+        if ((kIOMemoryTypeUPL != type) 
+            && pmap_has_managed_page(atop_64(physAddr), atop_64(physAddr + segLen - 1))) 
+       {
+            OSReportWithBacktrace("IOMemoryDescriptor physical with managed page 0x%qx:0x%qx", physAddr, segLen);
+        }
+#endif /* DEBUG || DEVELOPMENT */
  
  
-               for( page = 0;
-                     (page < segLen) && (KERN_SUCCESS == err);
-                     page += page_size)
-               {
-                   err = device_pager_populate_object(pager, pagerOffset,
-                           (ppnum_t)(atop_64(physAddr + page)), page_size);
-                   pagerOffset += page_size;
-                }
-            }
-            assert( KERN_SUCCESS == err );
-            if( err)
-                break;
+        chunk = (reserved->dp.pagerContig ? round_page(segLen) : page_size);
+        for (page = 0;
+            (page < segLen) && (KERN_SUCCESS == err);
+            page += chunk)
+        {
+            err = device_pager_populate_object(pager, pagerOffset,
+                (ppnum_t)(atop_64(physAddr + page)), chunk);
+            pagerOffset += chunk;
          }
  
          }
  
+       assert (KERN_SUCCESS == err);
+       if (err) break;
+
         // This call to vm_fault causes an early pmap level resolution
         // of the mappings created above for kernel mappings, since
         // faulting in later can't take place from interrupt level.
         // This call to vm_fault causes an early pmap level resolution
         // of the mappings created above for kernel mappings, since
         // faulting in later can't take place from interrupt level.
-       /*  *** ALERT *** */
-       /*  *** Temporary Workaround *** */
-
         if ((addressMap == kernel_map) && !(kIOMemoryRedirected & _flags))
         {
         if ((addressMap == kernel_map) && !(kIOMemoryRedirected & _flags))
         {
-               vm_fault(addressMap, 
-                        (vm_map_offset_t)address, 
-                        VM_PROT_READ|VM_PROT_WRITE, 
-                        FALSE, THREAD_UNINT, NULL, 
-                        (vm_map_offset_t)0);
+           vm_fault(addressMap, 
+                    (vm_map_offset_t)trunc_page_64(address),
+                    VM_PROT_READ|VM_PROT_WRITE, 
+                    FALSE, THREAD_UNINT, NULL, 
+                    (vm_map_offset_t)0);
         }
  
         }
  
-       /*  *** Temporary Workaround *** */
-       /*  *** ALERT *** */
-
         sourceOffset += segLen - pageOffset;
         address += segLen;
         bytes -= segLen;
         pageOffset = 0;
         sourceOffset += segLen - pageOffset;
         address += segLen;
         bytes -= segLen;
         pageOffset = 0;
-
      } 
      } 
-    while (bytes && (physAddr = getPhysicalSegment64( sourceOffset, &segLen )));
+    while (bytes && (physAddr = getPhysicalSegment( sourceOffset, &segLen, kIOMemoryMapperNone )));
  
      if (bytes)
          err = kIOReturnBadArgument;
  
      if (bytes)
          err = kIOReturnBadArgument;
@@ -2697,31 +3773,32 @@ IOReturn IOMemoryDescriptor::doUnmap(
         IOByteCount             __length )
  {
      IOReturn         err;
         IOByteCount             __length )
  {
      IOReturn         err;
+    IOMemoryMap *     mapping;
      mach_vm_address_t address;
      mach_vm_address_t address;
-    mach_vm_size_t    length;
-
-    if (__length)
-    {
-       address = __address;
-       length  = __length;
-    }
-    else
-    {
-       addressMap = ((_IOMemoryMap *) __address)->fAddressMap;
-       address    = ((_IOMemoryMap *) __address)->fAddress;
-       length     = ((_IOMemoryMap *) __address)->fLength;
-    }
+    mach_vm_size_t    length;
+
+    if (__length) panic("doUnmap");
  
  
-    if( _memEntry && (addressMap == kernel_map) && (kIOMemoryBufferPageable & _flags))
-       addressMap = IOPageableMapForAddress( address );
+    mapping = (IOMemoryMap *) __address;
+    addressMap = mapping->fAddressMap;
+    address    = mapping->fAddress;
+    length     = mapping->fLength;
  
  
-#ifdef DEBUG
-    if( kIOLogMapping & gIOKitDebug)
-       IOLog("IOMemoryDescriptor::doUnmap map %p, 0x%qx:0x%qx\n",
-               addressMap, address, length );
+    if (kIOMapOverwrite & mapping->fOptions) err = KERN_SUCCESS;
+    else
+    {
+        if ((addressMap == kernel_map) && (kIOMemoryBufferPageable & _flags))
+            addressMap = IOPageableMapForAddress( address );
+#if DEBUG
+        if( kIOLogMapping & gIOKitDebug) IOLog("IOMemoryDescriptor::doUnmap map %p, 0x%qx:0x%qx\n",
+                                               addressMap, address, length );
  #endif
  #endif
+        err = mach_vm_deallocate( addressMap, address, length );
+    }
  
  
-    err = mach_vm_deallocate( addressMap, address, length );
+#if IOTRACKING
+    IOTrackingRemoveUser(gIOMapTracking, &mapping->fTracking);
+#endif /* IOTRACKING */
  
      return (err);
  }
  
      return (err);
  }
@@ -2729,7 +3806,7 @@ IOReturn IOMemoryDescriptor::doUnmap(
  IOReturn IOMemoryDescriptor::redirect( task_t safeTask, bool doRedirect )
  {
      IOReturn           err = kIOReturnSuccess;
  IOReturn IOMemoryDescriptor::redirect( task_t safeTask, bool doRedirect )
  {
      IOReturn           err = kIOReturnSuccess;
-    _IOMemoryMap *     mapping = 0;
+    IOMemoryMap *      mapping = 0;
      OSIterator *       iter;
  
      LOCK;
      OSIterator *       iter;
  
      LOCK;
@@ -2741,8 +3818,22 @@ IOReturn IOMemoryDescriptor::redirect( task_t safeTask, bool doRedirect )
  
      do {
         if( (iter = OSCollectionIterator::withCollection( _mappings))) {
  
      do {
         if( (iter = OSCollectionIterator::withCollection( _mappings))) {
-           while( (mapping = (_IOMemoryMap *) iter->getNextObject()))
+
+           memory_object_t   pager;
+
+           if( reserved)
+               pager = (memory_object_t) reserved->dp.devicePager;
+           else
+               pager = MACH_PORT_NULL;
+
+           while( (mapping = (IOMemoryMap *) iter->getNextObject()))
+           {
                 mapping->redirect( safeTask, doRedirect );
                 mapping->redirect( safeTask, doRedirect );
+               if (!doRedirect && !safeTask && pager && (kernel_map == mapping->fAddressMap))
+               {
+                   err = populateDevicePager(pager, mapping->fAddressMap, mapping->fAddress, mapping->fOffset, mapping->fLength, kIOMapDefaultCache );
+               }
+           }
  
             iter->release();
         }
  
             iter->release();
         }
@@ -2755,27 +3846,24 @@ IOReturn IOMemoryDescriptor::redirect( task_t safeTask, bool doRedirect )
  
      UNLOCK;
  
  
      UNLOCK;
  
+#ifndef __LP64__
      // temporary binary compatibility
      IOSubMemoryDescriptor * subMem;
      if( (subMem = OSDynamicCast( IOSubMemoryDescriptor, this)))
         err = subMem->redirect( safeTask, doRedirect );
      else
         err = kIOReturnSuccess;
      // temporary binary compatibility
      IOSubMemoryDescriptor * subMem;
      if( (subMem = OSDynamicCast( IOSubMemoryDescriptor, this)))
         err = subMem->redirect( safeTask, doRedirect );
      else
         err = kIOReturnSuccess;
+#endif /* !__LP64__ */
  
      return( err );
  }
  
  
      return( err );
  }
  
-IOReturn IOSubMemoryDescriptor::redirect( task_t safeTask, bool doRedirect )
-{
-    return( _parent->redirect( safeTask, doRedirect ));
-}
-
-IOReturn _IOMemoryMap::redirect( task_t safeTask, bool doRedirect )
+IOReturn IOMemoryMap::redirect( task_t safeTask, bool doRedirect )
  {
      IOReturn err = kIOReturnSuccess;
  
      if( fSuperMap) {
  {
      IOReturn err = kIOReturnSuccess;
  
      if( fSuperMap) {
-//        err = ((_IOMemoryMap *)superMap)->redirect( safeTask, doRedirect );
+//        err = ((IOMemoryMap *)superMap)->redirect( safeTask, doRedirect );
      } else {
  
          LOCK;
      } else {
  
          LOCK;
@@ -2791,18 +3879,8 @@ IOReturn _IOMemoryMap::redirect( task_t safeTask, bool doRedirect )
               && (0 == (fOptions & kIOMapStatic)))
             {
                 IOUnmapPages( fAddressMap, fAddress, fLength );
               && (0 == (fOptions & kIOMapStatic)))
             {
                 IOUnmapPages( fAddressMap, fAddress, fLength );
-               if(!doRedirect && safeTask
-                && (((fMemory->_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical) 
-                   || ((fMemory->_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical64)))
-                {
-                   IOVirtualAddress iova = (IOVirtualAddress) this;
-                   err = mach_vm_deallocate( fAddressMap, fAddress, fLength );
-                   err = fMemory->doMap( fAddressMap, &iova,
-                                        (fOptions & ~kIOMapAnywhere) | kIOMap64Bit/*| kIOMapReserve*/,
-                                        0, 0 );
-               } else
-                   err = kIOReturnSuccess;
-#ifdef DEBUG
+               err = kIOReturnSuccess;
+#if DEBUG
                 IOLog("IOMemoryMap::redirect(%d, %p) 0x%qx:0x%qx from %p\n", doRedirect, this, fAddress, fLength, fAddressMap);
  #endif
             }
                 IOLog("IOMemoryMap::redirect(%d, %p) 0x%qx:0x%qx from %p\n", doRedirect, this, fAddress, fLength, fAddressMap);
  #endif
             }
@@ -2826,14 +3904,14 @@ IOReturn _IOMemoryMap::redirect( task_t safeTask, bool doRedirect )
      return( err );
  }
  
      return( err );
  }
  
-IOReturn _IOMemoryMap::unmap( void )
+IOReturn IOMemoryMap::unmap( void )
  {
      IOReturn   err;
  
      LOCK;
  
      if( fAddress && fAddressMap && (0 == fSuperMap) && fMemory
  {
      IOReturn   err;
  
      LOCK;
  
      if( fAddress && fAddressMap && (0 == fSuperMap) && fMemory
-       && (0 == (fOptions & kIOMapStatic))) {
+        && (0 == (kIOMapStatic & fOptions))) {
  
          err = fMemory->doUnmap(fAddressMap, (IOVirtualAddress) this, 0);
  
  
          err = fMemory->doUnmap(fAddressMap, (IOVirtualAddress) this, 0);
  
@@ -2853,9 +3931,14 @@ IOReturn _IOMemoryMap::unmap( void )
      return( err );
  }
  
      return( err );
  }
  
-void _IOMemoryMap::taskDied( void )
+void IOMemoryMap::taskDied( void )
  {
      LOCK;
  {
      LOCK;
+    if (fUserClientUnmap) unmap();
+#if IOTRACKING
+    else                  IOTrackingRemoveUser(gIOMapTracking, &fTracking);
+#endif /* IOTRACKING */
+
      if( fAddressMap) {
          vm_map_deallocate(fAddressMap);
          fAddressMap = 0;
      if( fAddressMap) {
          vm_map_deallocate(fAddressMap);
          fAddressMap = 0;
@@ -2865,18 +3948,24 @@ void _IOMemoryMap::taskDied( void )
      UNLOCK;
  }
  
      UNLOCK;
  }
  
+IOReturn IOMemoryMap::userClientUnmap( void )
+{
+    fUserClientUnmap = true;
+    return (kIOReturnSuccess);
+}
+
  // Overload the release mechanism.  All mappings must be a member
  // of a memory descriptors _mappings set.  This means that we
  // always have 2 references on a mapping.  When either of these mappings
  // are released we need to free ourselves.
  // Overload the release mechanism.  All mappings must be a member
  // of a memory descriptors _mappings set.  This means that we
  // always have 2 references on a mapping.  When either of these mappings
  // are released we need to free ourselves.
-void _IOMemoryMap::taggedRelease(const void *tag) const
+void IOMemoryMap::taggedRelease(const void *tag) const
  {
      LOCK;
      super::taggedRelease(tag, 2);
      UNLOCK;
  }
  
  {
      LOCK;
      super::taggedRelease(tag, 2);
      UNLOCK;
  }
  
-void _IOMemoryMap::free()
+void IOMemoryMap::free()
  {
      unmap();
  
  {
      unmap();
  
@@ -2906,35 +3995,41 @@ void _IOMemoryMap::free()
      super::free();
  }
  
      super::free();
  }
  
-IOByteCount _IOMemoryMap::getLength()
+IOByteCount IOMemoryMap::getLength()
  {
      return( fLength );
  }
  
  {
      return( fLength );
  }
  
-IOVirtualAddress _IOMemoryMap::getVirtualAddress()
+IOVirtualAddress IOMemoryMap::getVirtualAddress()
  {
  {
+#ifndef __LP64__
      if (fSuperMap)
         fSuperMap->getVirtualAddress();
      if (fSuperMap)
         fSuperMap->getVirtualAddress();
-    else if (fAddressMap && vm_map_is_64bit(fAddressMap))
+    else if (fAddressMap 
+               && vm_map_is_64bit(fAddressMap)
+               && (sizeof(IOVirtualAddress) < 8))
      {
         OSReportWithBacktrace("IOMemoryMap::getVirtualAddress(0x%qx) called on 64b map; use ::getAddress()", fAddress);
      }
      {
         OSReportWithBacktrace("IOMemoryMap::getVirtualAddress(0x%qx) called on 64b map; use ::getAddress()", fAddress);
      }
+#endif /* !__LP64__ */
  
      return (fAddress);
  }
  
  
      return (fAddress);
  }
  
-mach_vm_address_t      _IOMemoryMap::getAddress()
+#ifndef __LP64__
+mach_vm_address_t      IOMemoryMap::getAddress()
  {
      return( fAddress);
  }
  
  {
      return( fAddress);
  }
  
-mach_vm_size_t         _IOMemoryMap::getSize()
+mach_vm_size_t         IOMemoryMap::getSize()
  {
      return( fLength );
  }
  {
      return( fLength );
  }
+#endif /* !__LP64__ */
  
  
  
  
-task_t _IOMemoryMap::getAddressTask()
+task_t IOMemoryMap::getAddressTask()
  {
      if( fSuperMap)
         return( fSuperMap->getAddressTask());
  {
      if( fSuperMap)
         return( fSuperMap->getAddressTask());
@@ -2942,18 +4037,18 @@ task_t _IOMemoryMap::getAddressTask()
          return( fAddressTask);
  }
  
          return( fAddressTask);
  }
  
-IOOptionBits _IOMemoryMap::getMapOptions()
+IOOptionBits IOMemoryMap::getMapOptions()
  {
      return( fOptions);
  }
  
  {
      return( fOptions);
  }
  
-IOMemoryDescriptor * _IOMemoryMap::getMemoryDescriptor()
+IOMemoryDescriptor * IOMemoryMap::getMemoryDescriptor()
  {
      return( fMemory );
  }
  
  {
      return( fMemory );
  }
  
-_IOMemoryMap * _IOMemoryMap::copyCompatible(
-               _IOMemoryMap * newMapping )
+IOMemoryMap * IOMemoryMap::copyCompatible(
+               IOMemoryMap * newMapping )
  {
      task_t             task      = newMapping->getAddressTask();
      mach_vm_address_t  toAddress = newMapping->fAddress;
  {
      task_t             task      = newMapping->getAddressTask();
      mach_vm_address_t  toAddress = newMapping->fAddress;
@@ -2983,26 +4078,58 @@ _IOMemoryMap * _IOMemoryMap::copyCompatible(
      retain();
      if( (fLength == _length) && (!_offset))
      {
      retain();
      if( (fLength == _length) && (!_offset))
      {
-       newMapping->release();
         newMapping = this;
      }
      else
      {
         newMapping->fSuperMap = this;
         newMapping = this;
      }
      else
      {
         newMapping->fSuperMap = this;
-       newMapping->fOffset   = _offset;
+       newMapping->fOffset   = fOffset + _offset;
         newMapping->fAddress  = fAddress + _offset;
      }
  
      return( newMapping );
  }
  
         newMapping->fAddress  = fAddress + _offset;
      }
  
      return( newMapping );
  }
  
+IOReturn IOMemoryMap::wireRange(
+       uint32_t                options,
+        mach_vm_size_t         offset,
+        mach_vm_size_t         length)
+{
+    IOReturn kr;
+    mach_vm_address_t start = trunc_page_64(fAddress + offset);
+    mach_vm_address_t end   = round_page_64(fAddress + offset + length);
+    vm_prot_t prot;
+
+    prot = (kIODirectionOutIn & options);
+    if (prot)
+    {
+       prot |= VM_PROT_MEMORY_TAG_MAKE(fMemory->getVMTag(kernel_map));
+       kr = vm_map_wire(fAddressMap, start, end, prot, FALSE);
+    }
+    else
+    {
+       kr = vm_map_unwire(fAddressMap, start, end, FALSE);
+    }
+
+    return (kr);
+}
+
+
  IOPhysicalAddress 
  IOPhysicalAddress 
-_IOMemoryMap::getPhysicalSegment( IOByteCount _offset, IOPhysicalLength * _length)
+#ifdef __LP64__
+IOMemoryMap::getPhysicalSegment( IOByteCount _offset, IOPhysicalLength * _length, IOOptionBits _options)
+#else /* !__LP64__ */
+IOMemoryMap::getPhysicalSegment( IOByteCount _offset, IOPhysicalLength * _length)
+#endif /* !__LP64__ */
  {
      IOPhysicalAddress  address;
  
      LOCK;
  {
      IOPhysicalAddress  address;
  
      LOCK;
+#ifdef __LP64__
+    address = fMemory->getPhysicalSegment( fOffset + _offset, _length, _options );
+#else /* !__LP64__ */
      address = fMemory->getPhysicalSegment( fOffset + _offset, _length );
      address = fMemory->getPhysicalSegment( fOffset + _offset, _length );
+#endif /* !__LP64__ */
      UNLOCK;
  
      return( address );
      UNLOCK;
  
      return( address );
@@ -3020,29 +4147,18 @@ void IOMemoryDescriptor::initialize( void )
      if( 0 == gIOMemoryLock)
         gIOMemoryLock = IORecursiveLockAlloc();
  
      if( 0 == gIOMemoryLock)
         gIOMemoryLock = IORecursiveLockAlloc();
  
-    IORegistryEntry::getRegistryRoot()->setProperty(kIOMaximumMappedIOByteCountKey,
-                                                   ptoa_64(gIOMaximumMappedIOPageCount), 64);
-    if (!gIOCopyMapper)
-    {
-       IOMapper *
-       mapper = new IOCopyMapper;
-       if (mapper)
-       {
-           if (mapper->init() && mapper->start(NULL))
-               gIOCopyMapper = (IOCopyMapper *) mapper;
-           else
-               mapper->release();
-       }
-    }
-
      gIOLastPage = IOGetLastPageNumber();
  }
  
  void IOMemoryDescriptor::free( void )
  {
      gIOLastPage = IOGetLastPageNumber();
  }
  
  void IOMemoryDescriptor::free( void )
  {
-    if( _mappings)
-       _mappings->release();
+    if( _mappings) _mappings->release();
  
  
+    if (reserved)
+    {
+       IODelete(reserved, IOMemoryDescriptorReserved, 1);
+       reserved = NULL;
+    }
      super::free();
  }
  
      super::free();
  }
  
@@ -3064,6 +4180,7 @@ IOMemoryMap * IOMemoryDescriptor::map(
                                 0, getLength() ));
  }
  
                                 0, getLength() ));
  }
  
+#ifndef __LP64__
  IOMemoryMap * IOMemoryDescriptor::map( 
         task_t                  intoTask,
         IOVirtualAddress        atAddress,
  IOMemoryMap * IOMemoryDescriptor::map( 
         task_t                  intoTask,
         IOVirtualAddress        atAddress,
@@ -3080,6 +4197,7 @@ IOMemoryMap * IOMemoryDescriptor::map(
      return (createMappingInTask(intoTask, atAddress,
                                 options, offset, length));
  }
      return (createMappingInTask(intoTask, atAddress,
                                 options, offset, length));
  }
+#endif /* !__LP64__ */
  
  IOMemoryMap * IOMemoryDescriptor::createMappingInTask(
         task_t                  intoTask,
  
  IOMemoryMap * IOMemoryDescriptor::createMappingInTask(
         task_t                  intoTask,
@@ -3088,13 +4206,13 @@ IOMemoryMap * IOMemoryDescriptor::createMappingInTask(
         mach_vm_size_t          offset,
         mach_vm_size_t          length)
  {
         mach_vm_size_t          offset,
         mach_vm_size_t          length)
  {
-    IOMemoryMap  * result;
-    _IOMemoryMap * mapping;
+    IOMemoryMap * result;
+    IOMemoryMap * mapping;
  
      if (0 == length)
         length = getLength();
  
  
      if (0 == length)
         length = getLength();
  
-    mapping = new _IOMemoryMap;
+    mapping = new IOMemoryMap;
  
      if( mapping
       && !mapping->init( intoTask, atAddress,
  
      if( mapping
       && !mapping->init( intoTask, atAddress,
@@ -3108,23 +4226,25 @@ IOMemoryMap * IOMemoryDescriptor::createMappingInTask(
      else
         result = 0;
  
      else
         result = 0;
  
-#ifdef DEBUG
+#if DEBUG
      if (!result)
      if (!result)
-       IOLog("createMappingInTask failed desc %p, addr %qx, options %lx, offset %qx, length %qx\n",
-                   this, atAddress, options, offset, length);
+       IOLog("createMappingInTask failed desc %p, addr %qx, options %x, offset %qx, length %llx\n",
+               this, atAddress, (uint32_t) options, offset, length);
  #endif
  
      return (result);
  }
  
  #endif
  
      return (result);
  }
  
-IOReturn _IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
+#ifndef __LP64__ // there is only a 64 bit version for LP64
+IOReturn IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
                                 IOOptionBits         options,
                                 IOByteCount          offset)
  {
      return (redirect(newBackingMemory, options, (mach_vm_size_t)offset));
  }
                                 IOOptionBits         options,
                                 IOByteCount          offset)
  {
      return (redirect(newBackingMemory, options, (mach_vm_size_t)offset));
  }
+#endif
  
  
-IOReturn _IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
+IOReturn IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
                                 IOOptionBits         options,
                                 mach_vm_size_t       offset)
  {
                                 IOOptionBits         options,
                                 mach_vm_size_t       offset)
  {
@@ -3142,12 +4262,13 @@ IOReturn _IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
             physMem->retain();
         }
  
             physMem->retain();
         }
  
-       if (!fRedirUPL)
+       if (!fRedirUPL && fMemory->_memRef && (1 == fMemory->_memRef->count))
         {
         {
-           vm_size_t size = fLength;
-           int flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL 
-                       | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS;
-           if (KERN_SUCCESS != memory_object_iopl_request((ipc_port_t) fMemory->_memEntry, 0, &size, &fRedirUPL,
+           upl_size_t          size = round_page(fLength);
+           upl_control_flags_t flags = UPL_COPYOUT_FROM | UPL_SET_INTERNAL 
+                                       | UPL_SET_LITE | UPL_SET_IO_WIRE | UPL_BLOCK_ACCESS
+                                       | UPL_MEMORY_TAG_MAKE(fMemory->getVMTag(kernel_map));
+           if (KERN_SUCCESS != memory_object_iopl_request(fMemory->_memRef->entries[0].entry, 0, &size, &fRedirUPL,
                                             NULL, NULL,
                                             &flags))
                 fRedirUPL = 0;
                                             NULL, NULL,
                                             &flags))
                 fRedirUPL = 0;
@@ -3155,7 +4276,8 @@ IOReturn _IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
             if (physMem)
             {
                 IOUnmapPages( fAddressMap, fAddress, fLength );
             if (physMem)
             {
                 IOUnmapPages( fAddressMap, fAddress, fLength );
-               physMem->redirect(0, true);
+               if ((false))
+                   physMem->redirect(0, true);
             }
         }
  
             }
         }
  
@@ -3175,7 +4297,7 @@ IOReturn _IOMemoryMap::redirect(IOMemoryDescriptor * newBackingMemory,
                 upl_deallocate(fRedirUPL);
                 fRedirUPL = 0;
             }
                 upl_deallocate(fRedirUPL);
                 fRedirUPL = 0;
             }
-           if (physMem)
+           if ((false) && physMem)
                 physMem->redirect(0, false);
         }
      }
                 physMem->redirect(0, false);
         }
      }
@@ -3197,13 +4319,15 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping(
         IOByteCount             __offset,
         IOByteCount             __length )
  {
         IOByteCount             __offset,
         IOByteCount             __length )
  {
+#ifndef __LP64__
      if (!(kIOMap64Bit & options)) panic("IOMemoryDescriptor::makeMapping !64bit");
      if (!(kIOMap64Bit & options)) panic("IOMemoryDescriptor::makeMapping !64bit");
+#endif /* !__LP64__ */
  
      IOMemoryDescriptor * mapDesc = 0;
  
      IOMemoryDescriptor * mapDesc = 0;
-    _IOMemoryMap *      result = 0;
+    IOMemoryMap *       result = 0;
      OSIterator *        iter;
  
      OSIterator *        iter;
  
-    _IOMemoryMap * mapping = (_IOMemoryMap *) __address;
+    IOMemoryMap *  mapping = (IOMemoryMap *) __address;
      mach_vm_size_t offset  = mapping->fOffset + __offset;
      mach_vm_size_t length  = mapping->fLength;
  
      mach_vm_size_t offset  = mapping->fOffset + __offset;
      mach_vm_size_t length  = mapping->fLength;
  
@@ -3223,7 +4347,7 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping(
  
         if (kIOMapUnique & options)
         {
  
         if (kIOMapUnique & options)
         {
-           IOPhysicalAddress phys;
+           addr64_t phys;
             IOByteCount       physLen;
  
  //         if (owner != this)          continue;
             IOByteCount       physLen;
  
  //         if (owner != this)          continue;
@@ -3231,12 +4355,12 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping(
             if (((_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical)
                 || ((_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical64))
             {
             if (((_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical)
                 || ((_flags & kIOMemoryTypeMask) == kIOMemoryTypePhysical64))
             {
-               phys = getPhysicalSegment(offset, &physLen);
+               phys = getPhysicalSegment(offset, &physLen, kIOMemoryMapperNone);
                 if (!phys || (physLen < length))
                     continue;
      
                 if (!phys || (physLen < length))
                     continue;
      
-               mapDesc = IOMemoryDescriptor::withPhysicalAddress(
-                               phys, length, _direction);
+               mapDesc = IOMemoryDescriptor::withAddressRange(
+                               phys, length, getDirection() | kIOMemoryMapperNone, NULL);
                 if (!mapDesc)
                     continue;
                 offset = 0;
                 if (!mapDesc)
                     continue;
                 offset = 0;
@@ -3248,8 +4372,8 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping(
             // look for a compatible existing mapping
             if( (iter = OSCollectionIterator::withCollection(_mappings)))
             {
             // look for a compatible existing mapping
             if( (iter = OSCollectionIterator::withCollection(_mappings)))
             {
-               _IOMemoryMap * lookMapping;
-               while ((lookMapping = (_IOMemoryMap *) iter->getNextObject()))
+               IOMemoryMap * lookMapping;
+               while ((lookMapping = (IOMemoryMap *) iter->getNextObject()))
                 {
                     if ((result = lookMapping->copyCompatible(mapping)))
                     {
                 {
                     if ((result = lookMapping->copyCompatible(mapping)))
                     {
@@ -3261,7 +4385,14 @@ IOMemoryMap * IOMemoryDescriptor::makeMapping(
                 iter->release();
             }
             if (result || (options & kIOMapReference))
                 iter->release();
             }
             if (result || (options & kIOMapReference))
+           {
+               if (result != mapping)
+               {
+                    mapping->release();
+                    mapping = NULL;
+                }
                 continue;
                 continue;
+           }
         }
  
         if (!mapDesc)
         }
  
         if (!mapDesc)
@@ -3312,305 +4443,11 @@ void IOMemoryDescriptor::removeMapping(
          _mappings->removeObject( mapping);
  }
  
          _mappings->removeObject( mapping);
  }
  
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-#undef super
-#define super IOMemoryDescriptor
-
-OSDefineMetaClassAndStructors(IOSubMemoryDescriptor, IOMemoryDescriptor)
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-bool IOSubMemoryDescriptor::initSubRange( IOMemoryDescriptor * parent,
-                                       IOByteCount offset, IOByteCount length,
-                                       IODirection direction )
-{
-    if( !parent)
-       return( false);
-
-    if( (offset + length) > parent->getLength())
-       return( false);
-
-    /*
-     * We can check the _parent instance variable before having ever set it
-     * to an initial value because I/O Kit guarantees that all our instance
-     * variables are zeroed on an object's allocation.
-     */
-
-    if( !_parent) {
-       if( !super::init())
-           return( false );
-    } else {
-       /*
-        * An existing memory descriptor is being retargeted to
-        * point to somewhere else.  Clean up our present state.
-        */
-
-       _parent->release();
-       _parent = 0;
-    }
-
-    parent->retain();
-    _parent    = parent;
-    _start     = offset;
-    _length    = length;
-    _direction  = direction;
-    _tag       = parent->getTag();
-
-    return( true );
-}
-
-void IOSubMemoryDescriptor::free( void )
-{
-    if( _parent)
-       _parent->release();
-
-    super::free();
-}
-
-
-IOReturn
-IOSubMemoryDescriptor::dmaCommandOperation(DMACommandOps op, void *vData, UInt dataSize) const
-{
-    IOReturn rtn;
-
-    if (kIOMDGetCharacteristics == op) {
-
-       rtn = _parent->dmaCommandOperation(op, vData, dataSize);
-       if (kIOReturnSuccess == rtn) {
-           IOMDDMACharacteristics *data = (IOMDDMACharacteristics *) vData;
-           data->fLength = _length;
-           data->fSGCount = 0; // XXX gvdl: need to compute and pages
-           data->fPages = 0;
-           data->fPageAlign = 0;
-       }
-
-       return rtn;
-    }
-    else if (kIOMDWalkSegments & op) {
-       if (dataSize < sizeof(IOMDDMAWalkSegmentArgs))
-           return kIOReturnUnderrun;
-
-       IOMDDMAWalkSegmentArgs *data =
-           reinterpret_cast<IOMDDMAWalkSegmentArgs *>(vData);
-       UInt offset = data->fOffset;
-       UInt remain = _length - offset;
-       if ((int) remain <= 0)
-           return (!remain)? kIOReturnOverrun : kIOReturnInternalError;
-
-       data->fOffset = offset + _start;
-       rtn = _parent->dmaCommandOperation(op, vData, dataSize);
-       if (data->fLength > remain)
-           data->fLength = remain;
-       data->fOffset  = offset;
-
-       return rtn;
-    }
-    else
-       return kIOReturnBadArgument;
-}
-
-addr64_t
-IOSubMemoryDescriptor::getPhysicalSegment64(IOByteCount offset, IOByteCount * length)
-{
-    addr64_t   address;
-    IOByteCount        actualLength;
-
-    assert(offset <= _length);
-
-    if( length)
-        *length = 0;
-
-    if( offset >= _length)
-        return( 0 );
-
-    address = _parent->getPhysicalSegment64( offset + _start, &actualLength );
-
-    if( address && length)
-       *length = min( _length - offset, actualLength );
-
-    return( address );
-}
-
-IOPhysicalAddress
-IOSubMemoryDescriptor::getPhysicalSegment( IOByteCount offset, IOByteCount * length )
-{
-    IOPhysicalAddress  address;
-    IOByteCount                actualLength;
-
-    assert(offset <= _length);
-
-    if( length)
-        *length = 0;
-
-    if( offset >= _length)
-        return( 0 );
-
-    address = _parent->getPhysicalSegment( offset + _start, &actualLength );
-
-    if( address && length)
-       *length = min( _length - offset, actualLength );
-
-    return( address );
-}
-
-IOPhysicalAddress 
-IOSubMemoryDescriptor::getSourceSegment( IOByteCount offset, IOByteCount * length )
-{
-    IOPhysicalAddress  address;
-    IOByteCount                actualLength;
-
-    assert(offset <= _length);
-
-    if( length)
-        *length = 0;
-
-    if( offset >= _length)
-        return( 0 );
-
-    address = _parent->getSourceSegment( offset + _start, &actualLength );
-
-    if( address && length)
-       *length = min( _length - offset, actualLength );
-
-    return( address );
-}
-
-void * IOSubMemoryDescriptor::getVirtualSegment(IOByteCount offset,
-                                       IOByteCount * lengthOfSegment)
-{
-    return( 0 );
-}
-
-IOReturn IOSubMemoryDescriptor::doMap(
-       vm_map_t                addressMap,
-       IOVirtualAddress *      atAddress,
-       IOOptionBits            options,
-       IOByteCount             sourceOffset,
-       IOByteCount             length )
-{
-    panic("IOSubMemoryDescriptor::doMap");
-    return (IOMemoryDescriptor::doMap(addressMap, atAddress, options, sourceOffset, length));
-}
-
-IOByteCount IOSubMemoryDescriptor::readBytes(IOByteCount offset,
-                                       void * bytes, IOByteCount length)
-{
-    IOByteCount        byteCount;
-
-    assert(offset <= _length);
-
-    if( offset >= _length)
-        return( 0 );
-
-    LOCK;
-    byteCount = _parent->readBytes( _start + offset, bytes,
-                               min(length, _length - offset) );
-    UNLOCK;
-
-    return( byteCount );
-}
-
-IOByteCount IOSubMemoryDescriptor::writeBytes(IOByteCount offset,
-                               const void* bytes, IOByteCount length)
-{
-    IOByteCount        byteCount;
-
-    assert(offset <= _length);
-
-    if( offset >= _length)
-        return( 0 );
-
-    LOCK;
-    byteCount = _parent->writeBytes( _start + offset, bytes,
-                               min(length, _length - offset) );
-    UNLOCK;
-
-    return( byteCount );
-}
-
-IOReturn IOSubMemoryDescriptor::setPurgeable( IOOptionBits newState,
-                                    IOOptionBits * oldState )
-{
-    IOReturn err;
-
-    LOCK;
-    err = _parent->setPurgeable( newState, oldState );
-    UNLOCK;
-
-    return( err );
-}
-
-IOReturn IOSubMemoryDescriptor::performOperation( IOOptionBits options,
-                                        IOByteCount offset, IOByteCount length )
-{
-    IOReturn err;
-
-    assert(offset <= _length);
-
-    if( offset >= _length)
-        return( kIOReturnOverrun );
-
-    LOCK;
-    err = _parent->performOperation( options, _start + offset,
-                                      min(length, _length - offset) );
-    UNLOCK;
-
-    return( err );
-}
-
-IOReturn IOSubMemoryDescriptor::prepare(
-               IODirection forDirection)
-{
-    IOReturn   err;
-
-    LOCK;
-    err = _parent->prepare( forDirection);
-    UNLOCK;
-
-    return( err );
-}
-
-IOReturn IOSubMemoryDescriptor::complete(
-               IODirection forDirection)
-{
-    IOReturn   err;
-
-    LOCK;
-    err = _parent->complete( forDirection);
-    UNLOCK;
-
-    return( err );
-}
-
-IOMemoryMap * IOSubMemoryDescriptor::makeMapping(
-       IOMemoryDescriptor *    owner,
-       task_t                  intoTask,
-       IOVirtualAddress        address,
-       IOOptionBits            options,
-       IOByteCount             offset,
-       IOByteCount             length )
-{
-    IOMemoryMap * mapping = 0;
-
-    if (!(kIOMap64Bit & options))
-    {
-       panic("IOSubMemoryDescriptor::makeMapping !64bit");
-    }
-
-    mapping = (IOMemoryMap *) _parent->makeMapping(
-                                       owner,
-                                       intoTask,
-                                       address,
-                                       options, _start + offset, length );
-
-    return( mapping );
-}
-
-/* ick */
-
+#ifndef __LP64__
+// obsolete initializers
+// - initWithOptions is the designated initializer 
  bool
  bool
-IOSubMemoryDescriptor::initWithAddress(void *      address,
+IOMemoryDescriptor::initWithAddress(void *      address,
                                      IOByteCount   length,
                                      IODirection direction)
  {
                                      IOByteCount   length,
                                      IODirection direction)
  {
@@ -3618,7 +4455,7 @@ IOSubMemoryDescriptor::initWithAddress(void *      address,
  }
  
  bool
  }
  
  bool
-IOSubMemoryDescriptor::initWithAddress(vm_address_t address,
+IOMemoryDescriptor::initWithAddress(IOVirtualAddress address,
                                      IOByteCount    length,
                                      IODirection  direction,
                                      task_t       task)
                                      IOByteCount    length,
                                      IODirection  direction,
                                      task_t       task)
@@ -3627,7 +4464,7 @@ IOSubMemoryDescriptor::initWithAddress(vm_address_t address,
  }
  
  bool
  }
  
  bool
-IOSubMemoryDescriptor::initWithPhysicalAddress(
+IOMemoryDescriptor::initWithPhysicalAddress(
                                  IOPhysicalAddress      address,
                                  IOByteCount            length,
                                  IODirection            direction )
                                  IOPhysicalAddress      address,
                                  IOByteCount            length,
                                  IODirection            direction )
@@ -3636,7 +4473,7 @@ IOSubMemoryDescriptor::initWithPhysicalAddress(
  }
  
  bool
  }
  
  bool
-IOSubMemoryDescriptor::initWithRanges(
+IOMemoryDescriptor::initWithRanges(
                                         IOVirtualRange * ranges,
                                         UInt32           withCount,
                                         IODirection      direction,
                                         IOVirtualRange * ranges,
                                         UInt32           withCount,
                                         IODirection      direction,
@@ -3647,7 +4484,7 @@ IOSubMemoryDescriptor::initWithRanges(
  }
  
  bool
  }
  
  bool
-IOSubMemoryDescriptor::initWithPhysicalRanges( IOPhysicalRange * ranges,
+IOMemoryDescriptor::initWithPhysicalRanges(    IOPhysicalRange * ranges,
                                                 UInt32           withCount,
                                                 IODirection      direction,
                                                 bool             asReference)
                                                 UInt32           withCount,
                                                 IODirection      direction,
                                                 bool             asReference)
@@ -3655,12 +4492,21 @@ IOSubMemoryDescriptor::initWithPhysicalRanges(  IOPhysicalRange * ranges,
      return( false );
  }
  
      return( false );
  }
  
+void * IOMemoryDescriptor::getVirtualSegment(IOByteCount offset,
+                                       IOByteCount * lengthOfSegment)
+{
+    return( 0 );
+}
+#endif /* !__LP64__ */
+
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
  {
      OSSymbol const *keys[2];
      OSObject *values[2];
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
  {
      OSSymbol const *keys[2];
      OSObject *values[2];
+    OSArray * array;
+
      struct SerData {
         user_addr_t address;
         user_size_t length;
      struct SerData {
         user_addr_t address;
         user_size_t length;
@@ -3671,10 +4517,9 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  
      if (s == NULL) return false;
      IOOptionBits type = _flags & kIOMemoryTypeMask;
  
      if (s == NULL) return false;
-    if (s->previouslySerialized(this)) return true;
  
  
-    // Pretend we are an array.
-    if (!s->addXMLStartTag(this, "array")) return false;
+    array = OSArray::withCapacity(4);
+    if (!array)  return (false);
  
      nRanges = _rangesCount;
      vcopy = (SerData *) IOMalloc(sizeof(SerData) * nRanges);
  
      nRanges = _rangesCount;
      vcopy = (SerData *) IOMalloc(sizeof(SerData) * nRanges);
@@ -3694,7 +4539,7 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
      if (nRanges == _rangesCount) {
         Ranges vec = _ranges;
          for (index = 0; index < nRanges; index++) {
      if (nRanges == _rangesCount) {
         Ranges vec = _ranges;
          for (index = 0; index < nRanges; index++) {
-           user_addr_t addr; IOByteCount len;
+           mach_vm_address_t addr; mach_vm_size_t len;
             getAddrLenForInd(addr, len, type, vec, index);
              vcopy[index].address = addr;
              vcopy[index].length  = len;
             getAddrLenForInd(addr, len, type, vec, index);
              vcopy[index].address = addr;
              vcopy[index].length  = len;
@@ -3711,8 +4556,7 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
      {
         user_addr_t addr = vcopy[index].address;
         IOByteCount len = (IOByteCount) vcopy[index].length;
      {
         user_addr_t addr = vcopy[index].address;
         IOByteCount len = (IOByteCount) vcopy[index].length;
-       values[0] =
-           OSNumber::withNumber(addr, (((UInt64) addr) >> 32)? 64 : 32);
+       values[0] = OSNumber::withNumber(addr, sizeof(addr) * 8);
         if (values[0] == 0) {
           result = false;
           goto bail;
         if (values[0] == 0) {
           result = false;
           goto bail;
@@ -3727,19 +4571,18 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
           result = false;
           goto bail;
         }
           result = false;
           goto bail;
         }
+       array->setObject(dict);
+       dict->release();
         values[0]->release();
         values[1]->release();
         values[0] = values[1] = 0;
         values[0]->release();
         values[1]->release();
         values[0] = values[1] = 0;
-
-       result = dict->serialize(s);
-       dict->release();
-       if (!result) {
-         goto bail;
-       }
      }
      }
-    result = s->addXMLEndTag("array");
+
+    result = array->serialize(s);
  
   bail:
  
   bail:
+    if (array)
+      array->release();
      if (values[0])
        values[0]->release();
      if (values[1])
      if (values[0])
        values[0]->release();
      if (values[1])
@@ -3750,66 +4593,30 @@ bool IOGeneralMemoryDescriptor::serialize(OSSerialize * s) const
        keys[1]->release();
      if (vcopy)
          IOFree(vcopy, sizeof(SerData) * nRanges);
        keys[1]->release();
      if (vcopy)
          IOFree(vcopy, sizeof(SerData) * nRanges);
-    return result;
-}
-
-bool IOSubMemoryDescriptor::serialize(OSSerialize * s) const
-{
-    if (!s) {
-       return (false);
-    }
-    if (s->previouslySerialized(this)) return true;
-
-    // Pretend we are a dictionary.
-    // We must duplicate the functionality of OSDictionary here
-    // because otherwise object references will not work;
-    // they are based on the value of the object passed to
-    // previouslySerialized and addXMLStartTag.
-
-    if (!s->addXMLStartTag(this, "dict")) return false;
-
-    char const *keys[3] = {"offset", "length", "parent"};
-
-    OSObject *values[3];
-    values[0] = OSNumber::withNumber(_start, sizeof(_start) * 8);
-    if (values[0] == 0)
-       return false;
-    values[1] = OSNumber::withNumber(_length, sizeof(_length) * 8);
-    if (values[1] == 0) {
-       values[0]->release();
-       return false;
-    }
-    values[2] = _parent;
-
-    bool result = true;
-    for (int i=0; i<3; i++) {
-        if (!s->addString("<key>") ||
-           !s->addString(keys[i]) ||
-           !s->addXMLEndTag("key") ||
-           !values[i]->serialize(s)) {
-         result = false;
-         break;
-        }
-    }
-    values[0]->release();
-    values[1]->release();
-    if (!result) {
-      return false;
-    }
  
  
-    return s->addXMLEndTag("dict");
+    return result;
  }
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 0);
  }
  
  /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
  
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 0);
+#ifdef __LP64__
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 1);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 2);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 3);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 4);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 5);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 6);
+OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 7);
+#else /* !__LP64__ */
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 1);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 2);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 3);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 4);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 5);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 1);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 2);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 3);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 4);
  OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 5);
-OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 6);
-OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 7);
+OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 6);
+OSMetaClassDefineReservedUsed(IOMemoryDescriptor, 7);
+#endif /* !__LP64__ */
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 8);
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 9);
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 10);
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 8);
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 9);
  OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 10);
@@ -3823,6 +4630,3 @@ OSMetaClassDefineReservedUnused(IOMemoryDescriptor, 15);
  IOPhysicalAddress 
  IOMemoryDescriptor::getPhysicalAddress()
          { return( getPhysicalSegment( 0, 0 )); }
  IOPhysicalAddress 
  IOMemoryDescriptor::getPhysicalAddress()
          { return( getPhysicalSegment( 0, 0 )); }
-
-
-